aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--examples/c-captured/c-captured.c4
-rw-r--r--nDPId.c33
-rw-r--r--schema/flow_event_schema.json16
-rw-r--r--test/results/1kxun.pcap.out910
-rw-r--r--test/results/443-chrome.pcap.out6
-rw-r--r--test/results/443-curl.pcap.out10
-rw-r--r--test/results/443-firefox.pcap.out10
-rw-r--r--test/results/443-git.pcap.out10
-rw-r--r--test/results/443-opvn.pcap.out6
-rw-r--r--test/results/443-safari.pcap.out10
-rw-r--r--test/results/4in6tunnel.pcap.out6
-rw-r--r--test/results/6in4tunnel.pcap.out6
-rw-r--r--test/results/6in6tunnel.pcap.out12
-rw-r--r--test/results/BGP_Cisco_hdlc_slarp.pcap.out6
-rw-r--r--test/results/BGP_redist.pcap.out6
-rw-r--r--test/results/EAQ.pcap.out624
-rw-r--r--test/results/IEC104.pcap.out12
-rw-r--r--test/results/KakaoTalk_chat.pcap.out298
-rw-r--r--test/results/KakaoTalk_talk.pcap.out130
-rw-r--r--test/results/NTPv2.pcap.out6
-rw-r--r--test/results/NTPv3.pcap.out6
-rw-r--r--test/results/NTPv4.pcap.out6
-rw-r--r--test/results/Oscar.pcap.out6
-rw-r--r--test/results/WebattackRCE.pcap.out4782
-rw-r--r--test/results/WebattackSQLinj.pcap.out54
-rw-r--r--test/results/WebattackXSS.pcap.out3966
-rw-r--r--test/results/aimini-http.pcap.out24
-rw-r--r--test/results/alexa-app.pcapng.out1254
-rw-r--r--test/results/among_us.pcap.out6
-rw-r--r--test/results/amqp.pcap.out18
-rw-r--r--test/results/android.pcap.out486
-rw-r--r--test/results/anyconnect-vpn.pcap.out500
-rw-r--r--test/results/anydesk-2.pcap.out34
-rw-r--r--test/results/anydesk.pcap.out16
-rw-r--r--test/results/bad-dns-traffic.pcap.out50
-rw-r--r--test/results/bitcoin.pcap.out36
-rw-r--r--test/results/bittorrent.pcap.out150
-rw-r--r--test/results/bittorrent_ip.pcap.out14
-rw-r--r--test/results/bittorrent_utp.pcap.out6
-rw-r--r--test/results/bt_search.pcap.out12
-rw-r--r--test/results/capwap.pcap.out30
-rw-r--r--test/results/check_mk_new.pcap.out6
-rw-r--r--test/results/chrome.pcap.out117
-rw-r--r--test/results/coap_mqtt.pcap.out96
-rw-r--r--test/results/dcerpc.pcap.out24
-rw-r--r--test/results/diameter.pcap.out6
-rw-r--r--test/results/dnp3.pcap.out48
-rw-r--r--test/results/dns-tunnel-iodine.pcap.out18
-rw-r--r--test/results/dns_doh.pcap.out8
-rw-r--r--test/results/dns_dot.pcap.out8
-rw-r--r--test/results/dns_exfiltration.pcap.out18
-rw-r--r--test/results/dns_long_domainname.pcap.out8
-rw-r--r--test/results/dnscrypt-v1-and-resolver-pings.pcap.out1506
-rw-r--r--test/results/dnscrypt-v2-doh.pcap.out276
-rw-r--r--test/results/doq.pcapng.out12
-rw-r--r--test/results/doq_adguard.pcapng.out6
-rw-r--r--test/results/dos_win98_smb_netbeui.pcap.out42
-rw-r--r--test/results/drda_db2.pcap.out6
-rw-r--r--test/results/dropbox.pcap.out126
-rw-r--r--test/results/dtls.pcap.out6
-rw-r--r--test/results/dtls2.pcap.out8
-rw-r--r--test/results/dtls_certificate_fragments.pcap.out8
-rw-r--r--test/results/dtls_session_id_and_coockie_both.pcap.out8
-rw-r--r--test/results/encrypted_sni.pcap.out18
-rw-r--r--test/results/ethereum.pcap.out444
-rw-r--r--test/results/exe_download.pcap.out8
-rw-r--r--test/results/exe_download_as_png.pcap.out8
-rw-r--r--test/results/facebook.pcap.out18
-rw-r--r--test/results/firefox.pcap.out117
-rw-r--r--test/results/fix.pcap.out72
-rw-r--r--test/results/forticlient.pcap.out102
-rw-r--r--test/results/ftp.pcap.out18
-rw-r--r--test/results/ftp_failed.pcap.out6
-rw-r--r--test/results/genshin-impact.pcap.out18
-rw-r--r--test/results/git.pcap.out6
-rw-r--r--test/results/google_ssl.pcap.out6
-rw-r--r--test/results/googledns_android10.pcap.out66
-rw-r--r--test/results/gquic.pcap.out6
-rw-r--r--test/results/h323-overflow.pcap.out6
-rw-r--r--test/results/hangout.pcap.out6
-rw-r--r--test/results/hpvirtgrp.pcap.out54
-rw-r--r--test/results/http-lines-split.pcap.out6
-rw-r--r--test/results/http_ipv6.pcap.out112
-rw-r--r--test/results/iec60780-5-104.pcap.out36
-rw-r--r--test/results/imaps.pcap.out10
-rw-r--r--test/results/instagram.pcap.out264
-rw-r--r--test/results/ip_fragmented_garbage.pcap.out174
-rw-r--r--test/results/iphone.pcap.out398
-rw-r--r--test/results/irc.pcap.out6
-rw-r--r--test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out6
-rw-r--r--test/results/kerberos.pcap.out216
-rw-r--r--test/results/long_tls_certificate.pcap.out10
-rw-r--r--test/results/malformed_dns.pcap.out12
-rw-r--r--test/results/malformed_icmp.pcap.out6
-rw-r--r--test/results/malware.pcap.out36
-rw-r--r--test/results/memcached.cap.out6
-rw-r--r--test/results/modbus.pcap.out6
-rw-r--r--test/results/monero.pcap.out12
-rw-r--r--test/results/mpeg.pcap.out8
-rw-r--r--test/results/mssql_tds.pcap.out72
-rw-r--r--test/results/mysql-8.pcap.out6
-rw-r--r--test/results/nest_log_sink.pcap.out122
-rw-r--r--test/results/netbios.pcap.out96
-rw-r--r--test/results/netbios_wildcard_dns_query.pcap.out6
-rw-r--r--test/results/netflix.pcap.out478
-rw-r--r--test/results/netflow-fritz.pcap.out6
-rw-r--r--test/results/netflowv9.pcap.out6
-rw-r--r--test/results/nintendo.pcap.out148
-rw-r--r--test/results/no_sni.pcap.out62
-rw-r--r--test/results/ookla.pcap.out12
-rw-r--r--test/results/openvpn.pcap.out18
-rw-r--r--test/results/os_detected.pcapng.out6
-rw-r--r--test/results/pinterest.pcap.out284
-rw-r--r--test/results/pps.pcap.out660
-rw-r--r--test/results/ps_vue.pcap.out50
-rw-r--r--test/results/quic-23.pcap.out6
-rw-r--r--test/results/quic-24.pcap.out6
-rw-r--r--test/results/quic-27.pcap.out6
-rw-r--r--test/results/quic-28.pcap.out6
-rw-r--r--test/results/quic-29.pcap.out6
-rw-r--r--test/results/quic-33.pcapng.out6
-rw-r--r--test/results/quic-mvfst-22.pcap.out6
-rw-r--r--test/results/quic-mvfst-27.pcapng.out6
-rw-r--r--test/results/quic-mvfst-exp.pcap.out6
-rw-r--r--test/results/quic.pcap.out60
-rw-r--r--test/results/quic046.pcap.out6
-rw-r--r--test/results/quic_0RTT.pcap.out6
-rw-r--r--test/results/quic_interop_V.pcapng.out462
-rw-r--r--test/results/quic_q39.pcap.out6
-rw-r--r--test/results/quic_q43.pcap.out6
-rw-r--r--test/results/quic_q46.pcap.out6
-rw-r--r--test/results/quic_q46_b.pcap.out6
-rw-r--r--test/results/quic_q50.pcap.out6
-rw-r--r--test/results/quic_t50.pcap.out6
-rw-r--r--test/results/quic_t51.pcap.out6
-rw-r--r--test/results/quickplay.pcap.out126
-rw-r--r--test/results/reasm_crash_anon.pcapng.out6
-rw-r--r--test/results/reasm_segv_anon.pcapng.out6
-rw-r--r--test/results/reddit.pcap.out528
-rw-r--r--test/results/rx.pcap.out30
-rw-r--r--test/results/s7comm.pcap.out6
-rw-r--r--test/results/safari.pcap.out137
-rw-r--r--test/results/signal.pcap.out164
-rw-r--r--test/results/simple-dnscrypt.pcap.out40
-rw-r--r--test/results/sip.pcap.out30
-rw-r--r--test/results/skype-conference-call.pcap.out6
-rw-r--r--test/results/skype.pcap.out1918
-rw-r--r--test/results/skype_no_unknown.pcap.out1642
-rw-r--r--test/results/skype_udp.pcap.out8
-rw-r--r--test/results/smb_deletefile.pcap.out6
-rw-r--r--test/results/smbv1.pcap.out6
-rw-r--r--test/results/smpp_in_general.pcap.out6
-rw-r--r--test/results/snapchat.pcap.out24
-rw-r--r--test/results/snapchat_call.pcapng.out6
-rw-r--r--test/results/ssdp-m-search.pcap.out6
-rw-r--r--test/results/ssh.pcap.out12
-rw-r--r--test/results/ssl-cert-name-mismatch.pcap.out10
-rw-r--r--test/results/starcraft_battle.pcap.out338
-rw-r--r--test/results/steam.pcap.out330
-rw-r--r--test/results/teams.pcap.out596
-rw-r--r--test/results/teamspeak3.pcap.out6
-rw-r--r--test/results/telegram.pcap.out350
-rw-r--r--test/results/teredo.pcap.out30
-rw-r--r--test/results/tftp_rrq.pcap.out12
-rw-r--r--test/results/tinc.pcap.out24
-rw-r--r--test/results/tk.pcap.out24
-rw-r--r--test/results/tls-esni-fuzzed.pcap.out18
-rw-r--r--test/results/tls-rdn-extract.pcap.out10
-rw-r--r--test/results/tls_esni_sni_both.pcap.out16
-rw-r--r--test/results/tls_invalid_reads.pcap.out14
-rw-r--r--test/results/tls_long_cert.pcap.out10
-rw-r--r--test/results/tls_verylong_certificate.pcap.out10
-rw-r--r--test/results/tor.pcap.out134
-rw-r--r--test/results/trickbot.pcap.out8
-rw-r--r--test/results/tumblr.pcap.out316
-rw-r--r--test/results/ubntac2.pcap.out48
-rw-r--r--test/results/upnp.pcap.out12
-rw-r--r--test/results/viber.pcap.out190
-rw-r--r--test/results/vnc.pcap.out12
-rw-r--r--test/results/wa_video.pcap.out90
-rw-r--r--test/results/wa_voice.pcap.out198
-rw-r--r--test/results/waze.pcap.out242
-rw-r--r--test/results/webex.pcap.out416
-rw-r--r--test/results/websocket.pcap.out12
-rw-r--r--test/results/wechat.pcap.out890
-rw-r--r--test/results/weibo.pcap.out282
-rw-r--r--test/results/whatsapp_login_call.pcap.out396
-rw-r--r--test/results/whatsapp_login_chat.pcap.out62
-rw-r--r--test/results/whatsapp_voice_and_message.pcap.out78
-rw-r--r--test/results/whatsappfiles.pcap.out18
-rw-r--r--test/results/wireguard.pcap.out6
-rw-r--r--test/results/youtube_quic.pcap.out18
-rw-r--r--test/results/youtubeupload.pcap.out22
-rw-r--r--test/results/zabbix.pcap.out6
-rw-r--r--test/results/zcash.pcap.out6
-rw-r--r--test/results/zoom.pcap.out244
196 files changed, 15798 insertions, 15322 deletions
diff --git a/examples/c-captured/c-captured.c b/examples/c-captured/c-captured.c
index 6ffb0296a..1bddd7d52 100644
--- a/examples/c-captured/c-captured.c
+++ b/examples/c-captured/c-captured.c
@@ -390,8 +390,8 @@ static enum nDPIsrvd_callback_return captured_json_callback(struct nDPIsrvd_sock
}
nDPIsrvd_ull total_l4_bytes = 0;
- perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_data_len"), &total_l4_bytes),
- "flow_tot_l4_data_len");
+ perror_ull(TOKEN_VALUE_TO_ULL(TOKEN_GET_SZ(sock, "flow_tot_l4_payload_len"), &total_l4_bytes),
+ "flow_tot_l4_payload_len");
if (flow_user->detection_finished != 0 &&
(total_l4_bytes > 0 || ignore_empty_flows == 0) &&
diff --git a/nDPId.c b/nDPId.c
index 272a77c7c..cdf4a1721 100644
--- a/nDPId.c
+++ b/nDPId.c
@@ -91,13 +91,13 @@ struct nDPId_flow_extended
uint32_t flow_id;
- uint16_t min_l4_data_len;
- uint16_t max_l4_data_len;
+ uint16_t min_l4_payload_len;
+ uint16_t max_l4_payload_len;
unsigned long long int packets_processed;
uint64_t first_seen;
- unsigned long long int total_l4_data_len;
+ unsigned long long int total_l4_payload_len;
};
/*
@@ -1332,12 +1332,12 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_packet_id", flow_ext->packets_processed);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_first_seen", flow_ext->first_seen);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_last_seen", flow_ext->flow_basic.last_seen);
- ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_data_len", flow_ext->total_l4_data_len);
- ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_data_len", flow_ext->min_l4_data_len);
- ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_data_len", flow_ext->max_l4_data_len);
+ ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_min_l4_payload_len", flow_ext->min_l4_payload_len);
+ ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_max_l4_payload_len", flow_ext->max_l4_payload_len);
+ ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "flow_tot_l4_payload_len", flow_ext->total_l4_payload_len);
ndpi_serialize_string_uint64(&workflow->ndpi_serializer,
- "flow_avg_l4_data_len",
- (flow_ext->packets_processed > 0 ? flow_ext->total_l4_data_len / flow_ext->packets_processed : 0));
+ "flow_avg_l4_payload_len",
+ (flow_ext->packets_processed > 0 ? flow_ext->total_l4_payload_len / flow_ext->packets_processed : 0));
ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "midstream", flow_ext->flow_basic.tcp_is_midstream_flow);
}
@@ -2241,6 +2241,7 @@ static void ndpi_process_packet(uint8_t * const args,
const uint8_t * l4_ptr = NULL;
uint16_t l4_len = 0;
+ uint16_t l4_payload_len = 0;
uint16_t type;
int thread_index = nDPId_THREAD_DISTRIBUTION_SEED; // generated with `dd if=/dev/random bs=1024 count=1 |& hd'
@@ -2396,6 +2397,7 @@ static void ndpi_process_packet(uint8_t * const args,
return;
}
tcp = (struct ndpi_tcphdr *)l4_ptr;
+ l4_payload_len = ndpi_max(0, l4_len-4*tcp->doff);
flow_basic.tcp_fin_rst_seen = (tcp->fin == 1 || tcp->rst == 1 ? 1 : 0);
flow_basic.tcp_is_midstream_flow = (tcp->syn == 0 ? 1 : 0);
flow_basic.src_port = ntohs(tcp->source);
@@ -2419,6 +2421,7 @@ static void ndpi_process_packet(uint8_t * const args,
return;
}
udp = (struct ndpi_udphdr *)l4_ptr;
+ l4_payload_len = (l4_len > sizeof(struct ndpi_udphdr)) ? l4_len - sizeof(struct ndpi_udphdr) : 0;
flow_basic.src_port = ntohs(udp->source);
flow_basic.dst_port = ntohs(udp->dest);
}
@@ -2651,24 +2654,24 @@ static void ndpi_process_packet(uint8_t * const args,
}
flow_to_process->flow_extended.packets_processed++;
- flow_to_process->flow_extended.total_l4_data_len += l4_len;
+ flow_to_process->flow_extended.total_l4_payload_len += l4_payload_len;
if (flow_to_process->flow_extended.first_seen == 0)
{
flow_to_process->flow_extended.first_seen = time_ms;
}
- if (l4_len > flow_to_process->flow_extended.max_l4_data_len)
+ if (l4_payload_len > flow_to_process->flow_extended.max_l4_payload_len)
{
- flow_to_process->flow_extended.max_l4_data_len = l4_len;
+ flow_to_process->flow_extended.max_l4_payload_len = l4_payload_len;
}
- if (l4_len < flow_to_process->flow_extended.min_l4_data_len)
+ if (l4_payload_len < flow_to_process->flow_extended.min_l4_payload_len)
{
- flow_to_process->flow_extended.min_l4_data_len = l4_len;
+ flow_to_process->flow_extended.min_l4_payload_len = l4_payload_len;
}
if (is_new_flow != 0)
{
- flow_to_process->flow_extended.max_l4_data_len = l4_len;
- flow_to_process->flow_extended.min_l4_data_len = l4_len;
+ flow_to_process->flow_extended.max_l4_payload_len = l4_payload_len;
+ flow_to_process->flow_extended.min_l4_payload_len = l4_payload_len;
jsonize_flow_event(reader_thread, flow_to_process, FLOW_EVENT_NEW);
}
diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json
index 701ebcfb8..7fff85e8e 100644
--- a/schema/flow_event_schema.json
+++ b/schema/flow_event_schema.json
@@ -11,10 +11,10 @@
"flow_packet_id",
"flow_first_seen",
"flow_last_seen",
- "flow_min_l4_data_len",
- "flow_max_l4_data_len",
- "flow_tot_l4_data_len",
- "flow_avg_l4_data_len",
+ "flow_min_l4_payload_len",
+ "flow_max_l4_payload_len",
+ "flow_tot_l4_payload_len",
+ "flow_avg_l4_payload_len",
"l3_proto",
"l4_proto",
"midstream",
@@ -76,16 +76,16 @@
"flow_max_packets": {
"type": "number"
},
- "flow_min_l4_data_len": {
+ "flow_min_l4_payload_len": {
"type": "number"
},
- "flow_max_l4_data_len": {
+ "flow_max_l4_payload_len": {
"type": "number"
},
- "flow_tot_l4_data_len": {
+ "flow_tot_l4_payload_len": {
"type": "number"
},
- "flow_avg_l4_data_len": {
+ "flow_avg_l4_payload_len": {
"type": "number"
},
"l3_proto": {
diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out
index 4309c0606..c557ffd68 100644
--- a/test/results/1kxun.pcap.out
+++ b/test/results/1kxun.pcap.out
@@ -1,61 +1,61 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"1kxun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1470104373025,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1470104373025,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104373,"pkt_ts_usec":25824,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1470104373025,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1470104373025,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00426{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104373,"pkt_ts_usec":127416,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OosAAAER2FvAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104373,"pkt_ts_usec":232309,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMBcAAAER01nAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104373,"pkt_ts_usec":232452,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOowAAAERyPHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1470104373741,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1470104373232,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1470104373741,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104373,"pkt_ts_usec":741279,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNKS5AgEGAMCRIFIAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1470104373741,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1470104373741,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104375,"pkt_ts_usec":419022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ZDJAAEAGzmrAqAUQROn9hdFlAFAG4xw3xV6fSoAREAEocwAAAQEIChoPAavPGvHS"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00579{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":17777,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRIAAAQRv2HAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":17883,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfhwAAAERhWTAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1470104376017,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00576{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":203389,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMIoAAAER0ubAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00577{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":301439,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOpEAAAERyOzAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":301823,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/cD6s8PAHCABFAAFIDscAAP8Rq94AAAAA\/\/\/\/\/wBEAEMBNJGnAQEGAAYPv1sAAAAAAAAAAAAAAAAAAAAAAAAAAHA+rPDwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAXA+rPDwBzIEwKgD7TMEAHanAAwEU2hlbv8AAAAAAAAAAAAAAAAAAAAA"}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1470104376816,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1470104376816,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104376,"pkt_ts_usec":816620,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiWgLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAAA="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1470104376816,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1470104376816,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00807{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":223309,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNGjoAgEGAOGY7R0AAIAAwKgDVsCoA1bAqHcBAAAAAMjTo5OjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":634231,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":634537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRcAAAER5c7AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":634699,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLQAAAQRv8LAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1470104377720,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1470104377634,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1470104377720,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":720702,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1470104377720,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1470104377720,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00423{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":720761,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUcEAAAERU03AqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1470104377734,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1470104377734,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":734137,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1470104377734,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1470104377734,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00443{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":734181,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"TF4M6gNlABxCjnAxCABFAABCUcIAAIARpSjAqHMICAgICMdQADUALoWI\/SwBAAABAAAAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAE="}
00489{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":753112,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"ABxCjnAxTF4M6gNlCABFAABinjgAAC4RqpIICAgIwKhzCAA1x1AATmX5\/SyBgAABAAIAAAAAAmpwBmthbmthbgUxa3h1bgRtb2JpAAABAAHADAABAAEAAAErAARquSNuwAwAAQABAAABKwAEarkjcA=="}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":46,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1470104377754,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"jp.kankan.1kxun.mobi","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.185.35.110"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1470104377754,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":754759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":754800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UcRAAIAG5yfAqHMIarkjbsG9AFA9WFFgAAAAAIACIAA9OgAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":810946,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwb1z6xq8PVhRYYASchBbqgAAAgQFtAEBBAIBAwMH"}
00406{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":811088,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"}
00406{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":811114,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcVAAIAG5zLAqHMIarkjbsG9AFA9WFFhc+savVAQAQQNiQAA"}
00962{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":818917,"pkt_caplen":468,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":468,"pkt_l4_len":434,"pkt":"TF4M6gNlABxCjnAxCABFAAHGUcZAAIAG5ZPAqHMIarkjbsG9AFA9WFFhc+savVAYAQRV7AAAR0VUIC9hcGkvdmlkZW9zLzEwNDEwLmpzb24\/Y2FsbGJhY2s9alF1ZXJ5MTgzMDY4NTU2NTcxMTIzMTkwMjJfMTQ3MDEwMzI0MjEyMyZfPTE0NzAxMDQzNzc2OTggSFRUUC8xLjENCkhvc3Q6IGpwLmthbmthbi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_tot_l4_data_len":570,"flow_min_l4_data_len":20,"flow_max_l4_data_len":434,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1470104377754,"flow_last_seen":1470104377818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":414,"flow_tot_l4_payload_len":414,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377698","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00962{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":818966,"pkt_caplen":468,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":468,"pkt_l4_len":434,"pkt":"TF4M6gNlABxCjnAxCABFAAHGUcZAAIAG5ZPAqHMIarkjbsG9AFA9WFFhc+savVAYAQRV7AAAR0VUIC9hcGkvdmlkZW9zLzEwNDEwLmpzb24\/Y2FsbGJhY2s9alF1ZXJ5MTgzMDY4NTU2NTcxMTIzMTkwMjJfMTQ3MDEwMzI0MjEyMyZfPTE0NzAxMDQzNzc2OTggSFRUUC8xLjENCkhvc3Q6IGpwLmthbmthbi4xa3h1bi5tb2JpDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
00423{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":820966,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
00423{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":820998,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AQBeAAD8ABxCjnAxCABFAAAyUccAAAERU0fAqHMI4AAA\/MkCFOsAHtPcYF4AAAABAAAAAAAABHdwYWQAAAEAAQ=="}
@@ -63,89 +63,89 @@
00809{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":839581,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00415{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":864564,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoOwxAADYGR+xquSNuwKhzCABQwb1z6xq9PVhS\/1AQAO0MAgAAAAAAAAAA"}
02064{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":868739,"pkt_caplen":1272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1272,"pkt_l4_len":1238,"pkt":"ABxCjnAxTF4M6gNlCABFAATqOw1AADYGQylquSNuwKhzCABQwb1z6xq9PVhS\/1AYAO0z\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy4xDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjIwOjA0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWphdmFzY3JpcHQNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IEV4cHJlc3MNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KM2Q4DQofiwgAAAAAAAADnVRdb9pmFP4rk682iYBtMBAuN2nSLnddVcgxFnMC2PUHGqoikWyEz2ZNkxBI2Nqmy9J8FJOsKiQhIOWv1O9r+2p\/Ycc2YIa0i0ayQO\/x8z7POc85Pqs\/arxcoOJhMhpnmCgToyg6TC2TNJ2kIjGSIsN0hIbQ188JRWVVTSEShKJxHK8oRIBIsSpLJJ4TQopIUGSEIgOEWpB4wGTFvMADgpN5VuVTSVaFIE1S4SUyukQxX1GRBBVN0AxAeElQxBSvJDlRywEMSKYhIvHkaYCQtBUQclhdAopcoki4V+BZeRKDk5RhC1MGKhonlyNUgGDz6aTCiTLcjQSZWGQZUtZkVhXEHCRMMQEiw+bSGpt2yK36laV\/ACoWcoazOdpGR\/ch\/Pe++3d5CgF4K2Q9+E+qKiVCIUnggtTaz1ouyInZUF5I8WJyjc3BE3KRihdTQq4\/S6tqNhVcldJApApqxtFF5Vvz5A9UOkGNJoTBCU4WJC9H4nOxCA\/uXJrVstW9tsY98\/BX3NK\/\/\/YHY7BtDIrG4NwYNM39hjGo4U4RyKzqNWDsD3u4o6NBBR0d263XuHmA27fwi+plh2G\/ZNzW\/xk2rHEb7+kLYNR5b719j4d7gEQvG\/jgE64do9qFvfvJettAN3Cs2a+uUGXLvGtbp5vG8ACojPuxcdc07i7NizYwGLdbjnWjOnrVsDd20agPbOZGD9JDnR4a\/PW5uOmUK2orbA46l83yOTWpyRmwZOKt5+P\/2ctKwtRbj+S7jMCteT4DMcupogzj+mQynnFoQIDIsVm31+MKKtVRb++hj8o6qpwR6wEPR1PxOEzOFFcd4Xr1oW\/9dm1VXgDex5HRsI\/DxyXAod7woW\/eH6BSz8cx9HJsxocrH9GfFyA6dEDm6c4MRzGx8Axm\/Sc9vOGnF48y8H1MsrPPLqGKh759vQGE+OORz0bDbE9QxvCFNT4Hzd2KXW7gd90ZKh6ZL+H3nnUyhlKh5HddY6jjN8M55IwO75zhNzduCQ7dEYDgG00JMr9gOHyFfhJWX8etXdzUQWD7yqzewF3XTrirsmm\/T9GZkFnTzfvzWQpzJv5Sw5uHrmxGVNTkwrZwFgGbSsmwoniPd7KTnj3LCHlnKU2bWxpZXd063bKPd+yLFh6U4N0XDGBGTItKyGMNSrm0m+pEK8OreV\/JuHkJMrjdfaSGw7aooGow9b4E6ry2rrYeX4ZLt6hRELW1OQ1j2LJL\/cdruHSLGiu8Mm+V2R7BZrKLh4\/phcu1KCBk06Lv0+T0xW127nnMT9fXv\/kXNTJIIzcHAAANCjANCg0K"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1470104377901,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1470104377901,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":901018,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1470104377901,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1470104377901,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00438{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104377,"pkt_ts_usec":901065,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcgAAIARpSbAqHMICAgICM3zADUAKlE0ceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1470104378005,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1470104378005,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":5826,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAol0tAAEAGqdjAqAUQwKhzS9F2AbsV1ofmvikqE1ARIAA8\/AAAAAAAAAAA"}
00412{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":7003,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAoAABAAEAGQSTAqHNLwKgFEAG70Xa+KSoTFdaH51AQAEZctgAAAAAAAAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1470104378021,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1470104378021,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":21294,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1470104378021,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1470104378021,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00467{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":21336,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUckAAIAR9HzAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00452{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":45036,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD8KMU6wAgDOCgAAAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":45058,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":45695,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":45747,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":45830,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1470104378045,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00407{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":68918,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcpAAIAG5y3AqHMIarkjbsG9AFA9WFL\/c+sff1AQAQAHLQAA"}
00407{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":68973,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUcpAAIAG5y3AqHMIarkjbsG9AFA9WFL\/c+sff1AQAQAHLQAA"}
00463{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":454680,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
00433{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":454823,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxYAAAER6ZnAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00837{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":557102,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUjM\/\/+SXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00872{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":657181,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTur\/D5JdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="}
00468{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":770974,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00468{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":771017,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUcsAAIAR9HrAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1470104378901,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1470104378901,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":901305,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1470104378901,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1470104378901,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00438{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":901349,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"TF4M6gNlABxCjnAxCABFAAA+UcwAAIARC9LAqHMIqF8BAc3zADUAKrfjceUBAAABAAAAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAQ=="}
00481{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":905035,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"ABxCjnAxTF4M6gNlCABFAABelWIAAPgRUBuoXwEBwKhzCAA1zfMASvjnceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAjMABN5J\/qfADAABAAEAAAIzAATeSf5x"}
-00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":42,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1470104378906,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.167"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1470104378906,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":906497,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":906535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uc5AAIAGmFPAqHMI3kn+p8G+AFDrM0BvAAAAAIACIABRhAAAAgQE7AEDAwgBAQQC"}
00482{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":954523,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"ABxCjnAxTF4M6gNlCABFAABeST8AADAR\/Y8ICAgIwKhzCAA1zfMASpHwceWBgAABAAIAAAAABmthbmthbgUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABN5J\/nHADAABAAEAAAJXAATeSf6n"}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":42,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"kankan.1kxun.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.254.113"}}
00581{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":967066,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRMAAAQRv2DAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00577{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":967195,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiAAAAERhWDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00422{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":970623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADEGOSLeSf6nwKhzCABQwb6HB4x76zNAcIASFtBGWQAAAgQFtAEBBAIBAwMH"}
00406{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":970825,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"}
00406{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":970860,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdBAAIAGmF3AqHMI3kn+p8G+AFDrM0BwhweMfFAQAQSc9wAA"}
00969{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":975363,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"pkt":"TF4M6gNlABxCjnAxCABFAAHMUdFAAIAGlrjAqHMI3kn+p8G+AFDrM0BwhweMfFAYAQRjSwAAR0VUIC9hcGkvdmlkZW9zL2Fsc29saWtlcy8xMDQxMC5qc29uP2NhbGxiYWNrPWpRdWVyeTE4MzA2ODU1NjU3MTEyMzE5MDIyXzE0NzAxMDMyNDIxMjMmXz0xNDcwMTA0Mzc3ODk5IEhUVFAvMS4xDQpIb3N0OiBrYW5rYW4uMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_tot_l4_data_len":576,"flow_min_l4_data_len":20,"flow_max_l4_data_len":440,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1470104378906,"flow_last_seen":1470104378975,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"kankan.1kxun.com","url":"kankan.1kxun.com\/api\/videos\/alsolikes\/10410.json?callback=jQuery18306855657112319022_1470103242123&_=1470104377899","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00969{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104378,"pkt_ts_usec":975425,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"pkt":"TF4M6gNlABxCjnAxCABFAAHMUdFAAIAGlrjAqHMI3kn+p8G+AFDrM0BwhweMfFAYAQRjSwAAR0VUIC9hcGkvdmlkZW9zL2Fsc29saWtlcy8xMDQxMC5qc29uP2NhbGxiYWNrPWpRdWVyeTE4MzA2ODU1NjU3MTEyMzE5MDIyXzE0NzAxMDMyNDIxMjMmXz0xNDcwMTA0Mzc3ODk5IEhUVFAvMS4xDQpIb3N0OiBrYW5rYW4uMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
00413{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":40644,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo4LJAADEGWHveSf6nwKhzCABQwb6HB4x86zNCFFAQADacIQAAAAAAAAAA"}
01398{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":50526,"pkt_caplen":788,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":788,"pkt_l4_len":754,"pkt":"ABxCjnAxTF4M6gNlCABFAAMG4LNAADEGVZzeSf6nwKhzCABQwb6HB4x86zNCFFAYADb52QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuMy4yDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQwIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC83LjAuMQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQoNCjFjYw0KH4sIAAAAAAAAA62U3W7cIBCF34WrVlrvAsPvvkXvKpUqsgFv7awTt4ZuN1HevYOTCyP1zpUsbI0w3+FwmPFLjr\/uzABVRkolNWMcmKWcPzChKaPABcfSp1eypDblhZzJkr2Py0IOJLSpJedvr2QI5MwMN3AgaUjXiLNctiZAGX102QguXVZSMsD\/hqm9lDk\/UprP7uRO8+CP7PFPfjr658mdfg8hPj88tk\/4uNM6e\/mo4nsFNWN\/H+E4zhfydvgQAMLQrQBpVYFqq12WALYIaHuXtTIChSmNdSMg7FdUyE17nZdaEAdlt4IsCwyRWqAUwwC\/pen\/gyGF04w+\/azwILXZ0pUHUyyIFMdO8UI3++kF09xvL2MFF5ilLfzfYdjtfMGsUajgoFmVRBUt7lnEiHnUhrLd2AJo7mGqqEwpUR837To02QtMobQc06Y4M7vhK6e5juGlxluxOe6v7zDMWafUfiSu3QgvhO47zSle7BpNlaoNp75d94xBl2gWitHQ7pdROM2YbnXWGN4lvg2bBoPGay58GXURESIeQt8zlLWtSHSntALF94srKprbnC7v3nwviqaIbXOasTuu3VSAoW+f\/wLN0jIAdQUAAA0KMA0KDQo="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1470104379066,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1470104379066,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":66410,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1470104379066,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1470104379066,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00434{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":66467,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"TF4M6gNlABxCjnAxCABFAAA7UdIAAIARpR\/AqHMICAgICO00ADUAJ9woKZABAAABAAAAAAAAA3BpYwUxa3h1bgNjb20AAAEAAQ=="}
00522{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":115963,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"ABxCjnAxTF4M6gNlCABFAAB7GLEAAC4RMAEICAgIwKhzCAA17TQAZ+zhKZCBgAABAAQAAAAAA3BpYwUxa3h1bgNjb20AAAEAAcAMAAEAAQAAAlcABGq7I\/bADAABAAEAAAJXAASAx7rowAwAAQABAAACVwAEgMdvqcAMAAEAAQAAAlcABGq6Ezo="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":39,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1470104379117,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Streaming"},"dns": {"query":"pic.1kxun.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"106.187.35.246"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1470104379117,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":117273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":117309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdRAAIAG5o3AqHMIarsj9sG\/AFBFF77fAAAAAIACIADHbwAAAgQE7AEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1470104379117,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1470104379117,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":117772,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":117826,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdVAAIAG5ozAqHMIarsj9sHAAFAm5\/RZAAAAAIACIACwJAAAAgQE7AEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":118171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":118197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdZAAIAG5ovAqHMIarsj9sHBAFDavRsQAAAAAIACIADVlgAAAgQE7AEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":118544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":118574,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UddAAIAG5orAqHMIarsj9sHCAFAX8\/CKAAAAAIACIADC5QAAAgQE7AEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1470104379118,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":118972,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":119006,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdhAAIAG5onAqHMIarsj9sHDAFDIiN5cAAAAAIACIAAkfQAAAgQE7AEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1470104379119,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1470104379119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":119336,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":119373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":169121,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":169283,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1470104379169,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00422{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":169717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"}
00407{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":169902,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"}
00407{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":169934,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"}
@@ -165,22 +165,22 @@
00408{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":173557,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"}
00408{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":173583,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUd9AAIAG5o7AqHMIarsj9sHDAFDIiN5dFUl7LVAQAQTy\/QAA"}
00895{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175159,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"TF4M6gNlABxCjnAxCABFAAGSUeBAAIAG5SPAqHMIarsj9sHAAFAm5\/RaepxC+VAYAQT9+QAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xODI4My1qZnlqMy5qcGcgSFRUUC8xLjENCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjEpIEFwcGxlV2ViS2l0LzUzNy4yMiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8yNS4wLjEzNjQuMTUyIFNhZmFyaS81MzcuMjINClJlZmVyZXI6IGh0dHA6Ly9hZC4xa3h1bi5jb20vbWFjDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbg0KQWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsKix1dGYtOA0KDQo="}
-00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":20,"flow_max_l4_data_len":382,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":362,"flow_tot_l4_payload_len":362,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/18283-jfyj3.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00895{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175159,"pkt_caplen":415,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":415,"pkt_l4_len":381,"pkt":"TF4M6gNlABxCjnAxCABFAAGRUeFAAIAG5SPAqHMIarsj9sG\/AFBFF77g09klblAYAQQeiwAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xMzQ4MC1hbHBzLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMSkgQXBwbGVXZWJLaXQvNTM3LjIyIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzI1LjAuMTM2NC4xNTIgU2FmYXJpLzUzNy4yMg0KUmVmZXJlcjogaHR0cDovL2FkLjFreHVuLmNvbS9tYWMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuDQpBY2NlcHQtQ2hhcnNldDogaXNvLTg4NTktMSwqLHV0Zi04DQoNCg=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":20,"flow_max_l4_data_len":381,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1470104379117,"flow_last_seen":1470104379175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/13480-alps.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00895{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175212,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"TF4M6gNlABxCjnAxCABFAAGSUeBAAIAG5SPAqHMIarsj9sHAAFAm5\/RaepxC+VAYAQT9+QAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xODI4My1qZnlqMy5qcGcgSFRUUC8xLjENCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjEpIEFwcGxlV2ViS2l0LzUzNy4yMiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8yNS4wLjEzNjQuMTUyIFNhZmFyaS81MzcuMjINClJlZmVyZXI6IGh0dHA6Ly9hZC4xa3h1bi5jb20vbWFjDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbg0KQWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsKix1dGYtOA0KDQo="}
00895{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175212,"pkt_caplen":415,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":415,"pkt_l4_len":381,"pkt":"TF4M6gNlABxCjnAxCABFAAGRUeFAAIAG5SPAqHMIarsj9sG\/AFBFF77g09klblAYAQQeiwAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xMzQ4MC1hbHBzLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMSkgQXBwbGVXZWJLaXQvNTM3LjIyIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzI1LjAuMTM2NC4xNTIgU2FmYXJpLzUzNy4yMg0KUmVmZXJlcjogaHR0cDovL2FkLjFreHVuLmNvbS9tYWMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuDQpBY2NlcHQtQ2hhcnNldDogaXNvLTg4NTktMSwqLHV0Zi04DQoNCg=="}
00890{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175928,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"TF4M6gNlABxCjnAxCABFAAGQUeJAAIAG5SPAqHMIarsj9sHEAFAS7Ia2h7Gb6lAYAQRfrgAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80NjU3LWpmeWouanBnIEhUVFAvMS4xDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":20,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1470104379119,"flow_last_seen":1470104379175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/4657-jfyj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00890{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175928,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"TF4M6gNlABxCjnAxCABFAAGQUeNAAIAG5SLAqHMIarsj9sHBAFDavRsR2nqdoVAYAQSc9AAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8zNTc4LXl3emouanBnIEhUVFAvMS4xDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":20,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3578-ywzj.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00890{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175962,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"TF4M6gNlABxCjnAxCABFAAGQUeNAAIAG5SLAqHMIarsj9sHBAFDavRsR2nqdoVAYAQSc9AAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8zNTc4LXl3emouanBnIEhUVFAvMS4xDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
00890{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":175963,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"TF4M6gNlABxCjnAxCABFAAGQUeJAAIAG5SPAqHMIarsj9sHEAFAS7Ia2h7Gb6lAYAQRfrgAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy80NjU3LWpmeWouanBnIEhUVFAvMS4xDQpIb3N0OiBwaWMuMWt4dW4uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMjIgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMjUuMC4xMzY0LjE1MiBTYWZhcmkvNTM3LjIyDQpSZWZlcmVyOiBodHRwOi8vYWQuMWt4dW4uY29tL21hYw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW4NCkFjY2VwdC1DaGFyc2V0OiBpc28tODg1OS0xLCosdXRmLTgNCg0K"}
00891{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":177479,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"TF4M6gNlABxCjnAxCABFAAGPUeRAAIAG5SLAqHMIarsj9sHCAFAX8\/CLwVYxhlAYAQSRlQAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8zNzEzLXlkbS5qcGcgSFRUUC8xLjENCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjEpIEFwcGxlV2ViS2l0LzUzNy4yMiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8yNS4wLjEzNjQuMTUyIFNhZmFyaS81MzcuMjINClJlZmVyZXI6IGh0dHA6Ly9hZC4xa3h1bi5jb20vbWFjDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbg0KQWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsKix1dGYtOA0KDQo="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_tot_l4_data_len":515,"flow_min_l4_data_len":20,"flow_max_l4_data_len":379,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379177,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/3713-ydm.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00891{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":177535,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"TF4M6gNlABxCjnAxCABFAAGPUeRAAIAG5SLAqHMIarsj9sHCAFAX8\/CLwVYxhlAYAQSRlQAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8zNzEzLXlkbS5qcGcgSFRUUC8xLjENCkhvc3Q6IHBpYy4xa3h1bi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCA2LjEpIEFwcGxlV2ViS2l0LzUzNy4yMiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8yNS4wLjEzNjQuMTUyIFNhZmFyaS81MzcuMjINClJlZmVyZXI6IGh0dHA6Ly9hZC4xa3h1bi5jb20vbWFjDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbg0KQWNjZXB0LUNoYXJzZXQ6IGlzby04ODU5LTEsKix1dGYtOA0KDQo="}
00895{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":178474,"pkt_caplen":415,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":415,"pkt_l4_len":381,"pkt":"TF4M6gNlABxCjnAxCABFAAGRUeVAAIAG5R\/AqHMIarsj9sHDAFDIiN5dFUl7LVAYAQTaZQAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xNjY0OS1samR6LmpwZyBIVFRQLzEuMQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMSkgQXBwbGVXZWJLaXQvNTM3LjIyIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzI1LjAuMTM2NC4xNTIgU2FmYXJpLzUzNy4yMg0KUmVmZXJlcjogaHR0cDovL2FkLjFreHVuLmNvbS9tYWMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuDQpBY2NlcHQtQ2hhcnNldDogaXNvLTg4NTktMSwqLHV0Zi04DQoNCg=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":20,"flow_max_l4_data_len":381,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1470104379118,"flow_last_seen":1470104379178,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":361,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pic.1kxun.com","url":"pic.1kxun.com\/video_kankan\/images\/videos\/16649-ljdz.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.22 (KHTML, like Gecko) Chrome\/25.0.1364.152 Safari\/537.22"}}
00895{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":178519,"pkt_caplen":415,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":415,"pkt_l4_len":381,"pkt":"TF4M6gNlABxCjnAxCABFAAGRUeVAAIAG5R\/AqHMIarsj9sHDAFDIiN5dFUl7LVAYAQTaZQAAR0VUIC92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xNjY0OS1samR6LmpwZyBIVFRQLzEuMQ0KSG9zdDogcGljLjFreHVuLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMSkgQXBwbGVXZWJLaXQvNTM3LjIyIChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzI1LjAuMTM2NC4xNTIgU2FmYXJpLzUzNy4yMg0KUmVmZXJlcjogaHR0cDovL2FkLjFreHVuLmNvbS9tYWMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuDQpBY2NlcHQtQ2hhcnNldDogaXNvLTg4NTktMSwqLHV0Zi04DQoNCg=="}
00415{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":218484,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoCBpAADYGelRquyP2wKhzCABQwcHaep2h2r0ceVAQAO27IAAAAAAAAAAA"}
00838{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":230039,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"ABxCjnAxTF4M6gNlCABFAAFnCBtAADYGeRRquyP2wKhzCABQwcHaep2h2r0ceVAYAO3V3gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy4xDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMjkwMjcNCkxhc3QtTW9kaWZpZWQ6IEZyaSwgMjEgT2N0IDIwMTEgMDQ6MjY6NTkgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFVGFnOiAiNGVhMGY0OTMtNzE2MyINCkV4cGlyZXM6IE1vbiwgMzEgT2N0IDIwMTYgMDI6MTk6NDAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTc3NzYwMDANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCg=="}
@@ -238,28 +238,28 @@
00434{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":271492,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxsAAAER6ZTAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
00469{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":520893,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00469{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":520951,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABxCjnAxCABFAABOUgMAAIAR9ELAqHMIwKj\/\/wCJAIkAOha6seYBEAABAAAAAAAAIEZIRkFFQkVFQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1470104379579,"flow_last_seen":0,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":252,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1470104379579,"flow_last_seen":0,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":579523,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAEQAABAAEARs0nAqAVDwKj\/\/wCKAIoA\/P+KEQouQ8CoBUMAigDmAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAATAAAAAAAAAAAAAAAAAAAAAAAAABMAFYAAwABAAEAAgBdAFxNQUlMU0xPVFxCUk9XU0UAD1DgkwQAU0FOSkktTElGRUJPT0stTAQJA5qEAA8BVapzYW5qaS1MSUZFQk9PSy1MSDUzMSBzZXJ2ZXIgKFNhbWJhLCBVYnVudHUpAA=="}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1470104379579,"flow_last_seen":0,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":252,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1470104379579,"flow_last_seen":0,"flow_min_l4_payload_len":244,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00700{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":579704,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"\/\/\/\/\/\/\/\/jHNut5QdCABFAAD5AABAAEARs2DAqAVDwKj\/\/wCKAIoA5V88EQouRMCoBUMAigDPAAAgRkRFQkVPRUtFSkNORU1FSkVHRUZFQ0VQRVBFTENOQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAANQAAAAAAAAAAAAAAAAAAAAAAAAA1AFYAAwABAAEAAgBGAFxNQUlMU0xPVFxCUk9XU0UADFDgkwQAV09SS0dST1VQAAAAAAAAAAQJABAAgA8BVapTQU5KSS1MSUZFQk9PSy1MSDUzMQA="}
00468{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":887477,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsiDQLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACATQ="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1470104379903,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1470104379903,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":903616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":903698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgZAAIAG5uXAqHMIarkjbsHFAFDej0WbAAAAAIACIACnvwAAAgQE7AEDAwgBAQQC"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1470104379916,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1470104379916,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":916887,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":916943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UgdAAIAG5uTAqHMIarkjbsHGAFDBDvagAAAAAIACIAAUOgAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":940364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcUqRAQo3o9FnIASchAmawAAAgQFtAEBBAIBAwMH"}
00408{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":940552,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"}
00408{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":940588,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUghAAIAG5u\/AqHMIarkjbsHFAFDej0WcKkQEKVAQAQTYSQAA"}
00858{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":941700,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"TF4M6gNlABxCjnAxCABFAAF4UglAAIAG5Z7AqHMIarkjbsHFAFDej0WcKkQEKVAYAQTdGwAAR0VUIC9hcGkvdmlkZW9zLzEwNDEwLmpzb24gSFRUUC8xLjENCkNsaWVudC1WZXJzaW9uOiAxLjIuMS4wDQpDbGllbnQtVWlkOiBGMzU2QzI1NzVBNTgyMDdGQjg5OEY1MjU2RjM0RjFDOA0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1PczogTWljcm9zb2Z0IFdpbmRvd3MgTlQgNi4xLjc2MDEgU2VydmljZSBQYWNrIDENCkNsaWVudC1MYW5ndWFnZTogemgtVFcNCkNsaWVudC1SZXNvbHV0aW9uOiAxMTE2LDgzOA0KQ2xpZW50LUJyYW5kOiBXSU5ET1dTDQpDbGllbnQtRGV2aWNlOiBQQw0KSG9zdDoganAua2Fua2FuLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_tot_l4_data_len":492,"flow_min_l4_data_len":20,"flow_max_l4_data_len":356,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1470104379903,"flow_last_seen":1470104379941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":336,"flow_tot_l4_payload_len":336,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/videos\/10410.json","code":0,"content_type":"","user_agent":""}}
00858{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":941736,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"TF4M6gNlABxCjnAxCABFAAF4UglAAIAG5Z7AqHMIarkjbsHFAFDej0WcKkQEKVAYAQTdGwAAR0VUIC9hcGkvdmlkZW9zLzEwNDEwLmpzb24gSFRUUC8xLjENCkNsaWVudC1WZXJzaW9uOiAxLjIuMS4wDQpDbGllbnQtVWlkOiBGMzU2QzI1NzVBNTgyMDdGQjg5OEY1MjU2RjM0RjFDOA0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1PczogTWljcm9zb2Z0IFdpbmRvd3MgTlQgNi4xLjc2MDEgU2VydmljZSBQYWNrIDENCkNsaWVudC1MYW5ndWFnZTogemgtVFcNCkNsaWVudC1SZXNvbHV0aW9uOiAxMTE2LDgzOA0KQ2xpZW50LUJyYW5kOiBXSU5ET1dTDQpDbGllbnQtRGV2aWNlOiBQQw0KSG9zdDoganAua2Fua2FuLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00424{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":954670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGguxquSNuwKhzCABQwcaIrnkOwQ72oYASchC\/lAAAAgQFtAEBBAIBAwMH"}
00407{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":954937,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"}
00407{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":955007,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUgpAAIAG5u3AqHMIarkjbsHGAFDBDvahiK55D1AQAQRxcwAA"}
00886{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":956802,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"pkt":"TF4M6gNlABxCjnAxCABFAAGNUgtAAIAG5YfAqHMIarkjbsHGAFDBDvahiK55D1AYAQRT7wAAR0VUIC9hcGkvbW92aWVzL21wNHNjcmlwdC8xMDQxMD9kZWZpbml0aW9uPXRydWUgSFRUUC8xLjENCkNsaWVudC1WZXJzaW9uOiAxLjIuMS4wDQpDbGllbnQtVWlkOiBGMzU2QzI1NzVBNTgyMDdGQjg5OEY1MjU2RjM0RjFDOA0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1PczogTWljcm9zb2Z0IFdpbmRvd3MgTlQgNi4xLjc2MDEgU2VydmljZSBQYWNrIDENCkNsaWVudC1MYW5ndWFnZTogemgtVFcNCkNsaWVudC1SZXNvbHV0aW9uOiAxMTE2LDgzOA0KQ2xpZW50LUJyYW5kOiBXSU5ET1dTDQpDbGllbnQtRGV2aWNlOiBQQw0KSG9zdDoganAua2Fua2FuLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_tot_l4_data_len":513,"flow_min_l4_data_len":20,"flow_max_l4_data_len":377,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
+00696{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1470104379916,"flow_last_seen":1470104379956,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"jp.kankan.1kxun.mobi","url":"jp.kankan.1kxun.mobi\/api\/movies\/mp4script\/10410?definition=true","code":0,"content_type":"","user_agent":""}}
00886{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":956860,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"pkt":"TF4M6gNlABxCjnAxCABFAAGNUgtAAIAG5YfAqHMIarkjbsHGAFDBDvahiK55D1AYAQRT7wAAR0VUIC9hcGkvbW92aWVzL21wNHNjcmlwdC8xMDQxMD9kZWZpbml0aW9uPXRydWUgSFRUUC8xLjENCkNsaWVudC1WZXJzaW9uOiAxLjIuMS4wDQpDbGllbnQtVWlkOiBGMzU2QzI1NzVBNTgyMDdGQjg5OEY1MjU2RjM0RjFDOA0KQ2xpZW50LVNvdXJjZTogMWt4dW4NCkNsaWVudC1PczogTWljcm9zb2Z0IFdpbmRvd3MgTlQgNi4xLjc2MDEgU2VydmljZSBQYWNrIDENCkNsaWVudC1MYW5ndWFnZTogemgtVFcNCkNsaWVudC1SZXNvbHV0aW9uOiAxMTE2LDgzOA0KQ2xpZW50LUJyYW5kOiBXSU5ET1dTDQpDbGllbnQtRGV2aWNlOiBQQw0KSG9zdDoganAua2Fua2FuLjFreHVuLm1vYmkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00415{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":983915,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoIBhAADYGYuBquSNuwKhzCABQwcUqRAQp3o9G7FAQAO3XEAAAAAAAAAAA"}
02103{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104379,"pkt_ts_usec":989294,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUIBlAADYGXfNquSNuwKhzCABQwcUqRAQp3o9G7FAQAO3OygAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuNy4xDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjIwOjA3IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IEV4cHJlc3MNCg0KNmYxDQp7ImlkIjoxMDQxMCwidHlwZSI6Im1vdmllIiwiY3JlYXRlZF9hdCI6IjIwMTMtMDYtMTUgMTQ6MTY6MjUiLCJlcGlzb2Rlc19jb3VudCI6MCwiZXBpc29kZXMiOltdLCJwdWJkYXRlIjoiMjAxMy0xMC0xMCIsInllYXIiOiIyMDEzIiwicGxheV9jb3VudCI6MTY4MDk0MSwiYXZnX3Njb3JlIjo0LjU3NDksImR1cmF0aW9uIjoxMTUsImxhbmd1YWdlIjoi6Iux6K+tIiwiYXJlYSI6Iue+juWbvS\/ms5Xlm70v5qyn576OIiwiaW1hZ2UiOiJodHRwOi8vcGljLjFreHVuLmNvbS92aWRlb19rYW5rYW4vaW1hZ2VzL3ZpZGVvcy8xMDQxMC1qdG1kLmpwZyIsInRpdGxlIjoi5Ye656We5YWl5YyWIiwiZGVzY3JpcHRpb24iOiLjgIDjgIDmnKzniYforrLov7DnmoTmmK9GQknkuI7kuIDkuKrkuJbnlYzkuIrmnIDlh7roibLnmoTprZTmnK\/luIjlm6LpmJ\/mlpfmmbrmlpfli4fnmoTmlYXkuovvvIzov5nmlK\/prZTmnK\/luIjlm6LpmJ\/lnKjooajmvJTnmoTlkIzml7bmiqLliqvpk7booYzlubbmiorpkrHliIbnu5nop4LkvJfvvIzkvb\/ku5bku6znq5nlnKjkuobms5XlvovlkozpgZPlvrfnmoTngbDoibLlnLDluKbjgIIiLCJkb3ViYW5fY29tbWVudF91cmwiOiJodHRwOi8va2Fua2FuLjFreHVuLmNvbS92aWRlb19rYW5rYW4vYXBpL3ZpZGVvcy9kb3ViYW5DbGljay8xMDQxMCIsImFjdG9ycyI6W3siaWQiOjE4MTA0LCJuYW1lIjoi6L+I5YWL5bCUwrflh6\/liKkifSx7ImlkIjoyMTg4MSwibmFtZSI6IuiJvuaLicK36I+y6IiN5bCUIn0seyJpZCI6MjA2MzEsIm5hbWUiOiLmooXmi4nlsLzCt+e9l+WFsCJ9LHsiaWQiOjI1Mjk3LCJuYW1lIjoi5oi05aSrwrflvJflhbDnp5EifSx7ImlkIjoxNTczLCJuYW1lIjoi6L+I5YWL5bCUwrflh6\/mgakifSx7ImlkIjo4NjUwLCJuYW1lIjoi6ams5YWLwrfpsoHlvJfmtJsifSx7ImlkIjoxMjUsIm5hbWUiOiLkvI3ov6rCt+WTiOmHjOajriJ9LHsiaWQiOjg0MzEsIm5hbWUiOiLmnbDopb\/Ct+iJvuajruS8r+agvCJ9LHsiaWQiOjg0LCJuYW1lIjoi5pGp5qC5wrflvJfph4zmm7wifV0sImRpcmVjdG9ycyI6W3siaWQiOjExNjg1"}
@@ -275,44 +275,44 @@
02094{"flow_id":37,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":103855,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUXT1AADYGIM9quSNuwKhzCABQwcaIroLnwQ74BlAQAO2nogAAICAgIGZDIGYgV0o8LSA5OSAKICAgICAgICBQS2Q8bW9SJyAuIG9mbW9SJwogICAgICAgIFBSPEtaCiAgICAgIDwtMgogICAgPC0yCiAgICBmQyAtX1cgUEtkPG1vUicgV0o8LQogICAgICAnX1FLJyBmRyB4IC4gbydtZFdSZi12aUNmLTI2M3lvUid0W155XVR5MysKICAgICAgZkMgZiBXSjwtCiAgICAgICAgUEtkPG1vUicgLiBvJ21kV1JmLXZpZG9QNmZUTkcgeDk6KwogICAgICA8LTIKICAgIDwtMgogIDwtMgogIFI8V29SLSBQS2Q8bW9SJwo8LTIKCkNvLVFXZl8tIHY8VzFLZDxrfEg4Zic8LUtNPDZQXzJ9KwogICdfUUsnIGZHIHggLiBQXzJ9aUNmLTI2M3lDLXRbXnldVCV6TXxIeTMrCiAgZkMgZiBXSjwtCiAgICBSPFdvUi0gUF8yfWlkb1A2ZlRIRyB4OU4rCiAgPC0yCiAgUjxXb1ItIFBLZDxtQ2YnPC1LTTwKPC0yCgpDby1RV2ZfLSB2PFdZLVo2UF8yfSsKICAnX1FLJyBmRyB4IC4gUF8yfWlDZi0yNjN5Jy1adFteeV1UMysKICBmQyBmIFdKPC0KICAgIFI8V29SLSBQXzJ9aWRvUDZmVE5HIHgrCiAgPC0yCjwtMgoKQ28tUVdmXy0gdjxXMUtkPDA8fThSX003Zi1DXzZQXzJ9KwogICdfUUsnIGZHIHggLiBQXzJ9aUNmLTI2M3lDVVo8fXR6KnluQ1VaPH10MysKICBmQyBmIFdKPC0KICAgIFI8V29SLSAgUF8yfWlkb1A2ZlRBRyB4OXArCiAgPC0yCiAgUjxXb1ItIENVWjx9bWRXUmYtdgo8LTIKCgpDby1RV2ZfLSB2PFc4X1JNS1c2UF8yfSsKICAnX1FLJyBDX1JNS1cKICAnX1FLJyBmRyB4IC4gUF8yfWlDZi0yNjN5Qyd0eip5bkMndDMrCiAgZkMgZiBXSjwtCiAgICAnX1FLJyBDJ21kV1JmLXYgLiBQXzJ9aWRvUDZmRyB4KwogICAgJ19RSycgZFdLUlcgLiBOCiAgICAsSmYnPCBXUm88IDJfCiAgICAgICdfUUsnIGZHIHggLiBDJ21kV1JmLXZpQ2YtMjYzeW5DZnQzRyBkV0tSVysKICAgICAgZkMgLV9XIGYgV0o8LSBQUjxLWiA8LTIKICAgICAgJ19RSycgQ2ZtZFdSZi12IC4gQydtZFdSZi12aWRvUDZkV0tSV0cgeCsKICAgICAgZFdLUlcgLiB4VDoKICAgICAgJ19RSycgZkcgeCAuIENmbWRXUmYtdmlDZi0yNjN5ZjJ0W155XVR5MysKICAgICAgQ19STUtXIC4gQ2ZtZFdSZi12aWRvUDZmVEhHIHg5OisKICAgICAgJ19RSycgZkcgeCAuIENmbWRXUmYtdmlDZi0yNjN5ZCd0OnluZCd0MysKICAgICAgZkMgZiBXSjwtIFBSPEtaIDwtMgogICAgPC0yCiAgPC0yCiAgUjxXb1ItIENfUk1LVwo8LTIKCgoKPC1RUn18Vzc8UiAuIC1mJwpLfHxVPFIgLiAtZicKUVo8fSAuIC1mJwpQS2Q8bW9SJyAuIC1mJwpQS2Q8bUNmJzwtS008"}
02095{"flow_id":37,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":103921,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUXT5AADYGIM5quSNuwKhzCABQwcaIrofTwQ74BlAQAO3MkwAAIC4gLWYnCkNVWjx9bWRXUmYtdi4tZicKQ19STUtXIC4gLWYnCnwnS1dDX1JNIC4gMzpEKUQ9MwonLVogLiAtZicKVWYyIC4gM31ERDpYYks8PH1fMwp2b2YyIC4gMzhOZTFEOlNTRDpCcGVEcFN7cFhnWERwPXB7ZTpBUz0xRD06Zz04e3AzCjk5dm9mMiAuIDNTPXBwQWU6Qlh7QSlIezFIZTpIQnA6ZTExQTg6Z3tBQkhncCllOmV7MwoKQ28tUVdmXy0gdjxXU1o8fTZVZjIrCiAgJ19RSycgUF8yfUcgUjxkfF8tZDwKICA5OSAnX1FLJyBvUicgLiAiSldXfGlubj09PXpBWHo9Tkh6KUFpKUQpKW5LfGZud3cnZlU8bVFaPH1udjxXclVmMi4iIHp6IFVmMiB6eiAiJnwnS1dDX1JNLiIgenogfCdLV0NfUk1WCiAgOTkgJ19RSycgUF8yfUcgUjxkfF8tZDwgLiAsS2J6SldXfHpSPHdvPGRXT29SJ0cgV2ZNPF9vVy5YKAogIGZDIC1fVyBQXzJ9IF9SIFBfMn0gLi4gMzMgV0o8LQogICAgb1InIC4gIkpXV3xpbm49OnB6PUhIejpYTno6QURpKUQpKW5LfGZud3cnZlU8bVFaPH1udjxXclVmMi4iIHp6IFVmMiB6eiAiJnwnS1dDX1JNLiIgenogfCdLV0NfUk1WCiAgICBQXzJ9RyBSPGR8Xy1kPCAuICxLYnpKV1d8elI8d288ZFdPb1InRyBXZk08X29XLk4oCiAgPC0yCiAgZkMgUF8yfSBXSjwtCiAgICAnX1FLJyBkPHZNPC1XZCAuIE8oCiAgICBDX1IgZlc8TSBmLSBQXzJ9aXZNS1dRSjYiW15qXVQiKyAyXwogICAgICBXS1AnPHpmLWQ8Ulc2ZDx2TTwtV2RHIGZXPE0rCiAgICA8LTIKICAgIGZDICNkPHZNPC1XZHQ9IFdKPC0KICAgICAgS3x8VTxSIC4gZDx2TTwtV2RbOl0KICAgICAgPC1RUn18Vzc8UiAuIGQ8dk08LVdkWz1dCiAgICAgIFFaPH0gLiBkPHZNPC1XZFtYXQogICAgPC0yCiAgPC0yCiAgZkMgLV9XIFFaPH0gV0o8LQogICAgPFJSX1JrPGRkS3Y8IC4gIkNLZic8MiBXXyB2PFcgUVo8fSIKICA8LTIKPC0yCgoKOTkKQ28tUVdmXy0gdjxXQjIyUjxkZDhSX00vPCw\/PHZNPC1XZDYyPENLbydXQ01XKwogIGZDIC1fVyA8LVFSfXxXNzxSIF9SIC1fVyBLfHxVPFIgX1IgLV9XIFFaPH0gV0o8LQogICAgUjxXb1ItCiAgPC0yCiAgJ19RSycgb1InIC4gIkpXV3xpbm5VVXpVZjI8X3p3d3pRX01udjxXVWYtQ18iCiAgJ19RSycgfF9kV3tLV0sgLiBPKAogIHxfZFd7S1dLWzM8LVFSfXxXNzxSM10gLiA8LVFSfXxXNzxSCiAgfF9kV3tLV0tbM19XfXw8M10gLiAzYk0nMwogIHxfZFd7S1dLWzNLfHxVPFIzXSAuIEt8fFU8UgogIHxfZFd7S1dLWzN8J0tXQ19STTNdIC4gfCdLV0NfUk0KICB8X2RXe0tXS1szVWYyM10gLiBVZjIKICB8X2RXe0tX"}
02095{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":104034,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUXT9AADYGIM1quSNuwKhzCABQwcaIroy\/wQ74BlAQAO3BMwAAS1szMjxDS28nV0NNVzNdIC4gMjxDS28nV0NNVwogIHxfZFd7S1dLWzMyPEMtM10gLiAyPENLbydXQ01XCiAgfF9kV3tLV0tbM1EwPH0zXSAuIFFaPH0KICB8X2RXe0tXS1szdm9mMjNdIC4gdm9mMgogICdfUUsnIHxfZFcxXzJ9IC4gIjwtUVJ9fFc3PFIuInp6PC1RUn18Vzc8Unp6IiZfV318PC5iTScmS3x8VTxSLiJ6ekt8fFU8Unp6CiAgICAgICAgICAiJnwnS1dDX1JNLiJ6enwnS1dDX1JNenoiJi08LHwnS1dDX1JNLiJ6enwnS1dDX1JNenoiJlVmMi4ienpVZjJ6eiImVWYyZC4ienpVZjJ6egogICAgICAgICAgIiYyPENLbydXQ01XLiJ6ejI8Q0tvJ1dDTVd6eiImMjxDLS4ienoyPENLbydXQ01XenoKICAgICAgICAgICImUTA8fS4ienpRWjx9enoiJnZvZjIuInp6dm9mMnp6CiAgICAgICAgICAiJidmLVpVPFIuPSYyPEMtfEt9VTxSLjoiCiAgJ19RSycgUF8yfUcgUjxkfF8tZDwgLiBSPHdvPGRXT29SJ0cgUF8yfS58X2RXMV8yfUcgMktXSy58X2RXe0tXS0cgTTxXSl8yLjNFST8+MyAoCiAgZkMgLV9XIFBfMn0gV0o8LSBSPFdvUi0gPC0yCiAgJ19RSycgZkd4IC4gUF8yfWlDZi0yNjNRSy0tX1cgfCdLfSBfb1dkZjI8MysKICBmQyBmIFdKPC0KICAgIG9SJy4zSldXfGlubkpOVVV6VWYyPF96d3d6UV9NbnY8V2YtQ19yclFLJydQS1FaLng1bzxSfTopOkRwQU4pcEEpcClnKUgpPUE9bTpIZ2dnZ1hIPT0pOk4mVWYyLjN6elVmMnp6MyZ8J0tXQ19STS46RClEOiZfV318PC5iTScmMjxDLS5Lb1dfJidfLG0nX3ZmLS46Jm0uOkhnZ2dnWEg9PSk9PTMKICAgICdfUUsnIFBfMn1HIFI8ZHxfLWQ8IC4gUjx3bzxkV09vUicoCiAgICBQS2Q8bW9SJyAuIHY8VzFLZDx1Uic4Ul9NN2YtQ182UF8yfSsKICAgIFBLZDxtQ2YnPC1LTTwgLiB2PFcxS2Q8a3xIOGYnPC1LTTw2UF8yfSsKICAgIENVWjx9bWRXUmYtdiAuIHY8VzFLZDwwPH04Ul9NN2YtQ182UF8yfSsKICAgIG9SJ2RbRF0gLiAgIFBLZDxtb1InIHp6IFBLZDxtQ2YnPC1LTTx6eiJ6TXxIclVaPH0uInp6Q1VaPH1tZFdSZi12CiAgPCdkPAogICAgdjxXe29SS1dmXy1kOFJfTTdmLUNfNlBfMn0rCiAgICAgIGZDIDJvUktXZl8tZFtEXSBXSjwtCiAgICBQS2Q8bW9SJyAuIHY8VzFLZDx1Uic4Ul9NN2YtQ182UF8yfSsKICAgIFBLZDxtQ2YnPC1LTTwgLiB2PFcxS2Q8a3xIOGYnPC1LTTw2UF8yfSsKICAgIENfUk1LVyAuIHY8VzhfUk1LVzZQXzJ9KwogICAgJy1aIC4gdjxXWS1aNlBfMn0rCiAgICBDX1IgZi0yPGIuREcgIzJvUktXZl8tZCAyXwogICAgICA5OQogICAgICAgIG9S"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1470104380188,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1470104380188,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":188079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":188122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhRAAIAGEmDAqHMI2vSHqsHHI4t8ty1+AAAAAIACIAAqAAAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":300643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0c30AAHAGQPfa9IeqwKhzCCOLwccogsRifLctf4ASQAAcSgAAAgQFtAEDAwABAQQC"}
00408{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":300823,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"}
00408{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":300850,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhVAAIAGEmvAqHMI2vSHqsHHI4t8ty1\/KILEY1AQAQScEQAA"}
00623{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":302072,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"TF4M6gNlABxCjnAxCABFAADGUhZAAIAGEczAqHMI2vSHqsHHI4t8ty1\/KILEY1AYAQTPigAAR0VUIC9hcGkvcXFsaXZlX2NrZXkvZ2V0P3ZpZD15MDAxM3hhZWV5byZwbGF0Zm9ybT0xMDkwMiBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wDQpIb3N0OiAyMTguMjQ0LjEzNS4xNzA6OTA5OQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1470104380188,"flow_last_seen":1470104380302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"218.244.135.170","url":"218.244.135.170:9099\/api\/qqlive_ckey\/get?vid=y0013xaeeyo&platform=10902","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00623{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":302108,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"TF4M6gNlABxCjnAxCABFAADGUhZAAIAGEczAqHMI2vSHqsHHI4t8ty1\/KILEY1AYAQTPigAAR0VUIC9hcGkvcXFsaXZlX2NrZXkvZ2V0P3ZpZD15MDAxM3hhZWV5byZwbGF0Zm9ybT0xMDkwMiBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wDQpIb3N0OiAyMTguMjQ0LjEzNS4xNzA6OTA5OQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
00936{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":419993,"pkt_caplen":446,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":446,"pkt_l4_len":412,"pkt":"ABxCjnAxTF4M6gNlCABFAAGwc5lAAHAG\/17a9IeqwKhzCCOLwccogsRjfLcuHVAY\/2FDygAASFRUUC8xLjEgMjAwIE9LDQpYLVBvd2VyZWQtQnk6IEV4cHJlc3MNCkRhdGU6IFR1ZSwgMDIgQXVnIDIwMTYgMDI6MTk6NDEgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KDQpmZg0KMy4yLjE5LjM1OHw1LjR8QW15UnhVWHJQVzhaS3hMQUNIaWY0dmRrcVI2TGlSYkUyOVhucDZXM2xRV2NJcTBiZ2NJYmVBaGdUNE8yWDk0bnNGRk1rN1pmUFJBRFlDSTlBdmtlcHdkV1IzQU5DVzhJaXp3bTZkNmNUZXJhb2dCQzVJaFRfUm90ZDJ0M2taQ0JyaTVFT3NPcjNUbXdsMW9xSGRDNi1LZ2pUQXozNGtJSFVkQkNEdkxLYW9WeGktelRyZEZDTUdqZEFlM1dYZU5yVkE0WVNyUkNhbDBIVHVCVnRzWW1hV3NELW00QnNscngyTWVGODV4S09kdGxRUEFrDQo="}
00583{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":603356,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLUAAAQRv8HAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00407{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":620879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhhAAIAGEmjAqHMI2vSHqsHHI4t8ty4dKILF61AQAQOZ7AAA"}
00408{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":620917,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhhAAIAGEmjAqHMI2vSHqsHHI4t8ty4dKILF61AQAQOZ7AAA"}
00417{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":732533,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtc91AAHAGAJ7a9IeqwKhzCCOLwccogsXrfLcuHVAY\/2FXZgAAMA0KDQoA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1470104380737,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1470104380737,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":737950,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
-00622{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1470104380737,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1470104380737,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00435{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":737994,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"TF4M6gNlABxCjnAxCABFAAA9UhkAAIARpNbAqHMICAgICNSUADUAKZhJpTgBAAABAAAAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQAB"}
00493{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":772526,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"ABxCjnAxTF4M6gNlCABFAABmlL4AAC4RtAgICAgIwKhzCAA11JQAUqbTpTiBgAABAAIAAAAAAnZ2BXZpZGVvAnFxA2NvbQAAAQABwAwABQABAAABKwANCnByb3h5LXNldDHAD8AtAAEAAQAAASsABMvNl+o="}
-00651{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":41,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1470104380773,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"vv.video.qq.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.151.234"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1470104380773,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":773662,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":773739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UhtAAIAGEUDAqHMIy82X6sHIAFAfZnbXAAAAAIACIABgGQAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":801749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADMGsFvLzZfqwKhzCABQwcglYwNrH2Z22IASFoBABAAAAgQFoAEBBAIBAwMK"}
00407{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":801884,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"}
00407{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":801910,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUhxAAIAGEUvAqHMIy82X6sHIAFAfZnbYJWMDbFAQAQSWQQAA"}
00682{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":807804,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"TF4M6gNlABxCjnAxCABFAAD0Uh1AAIAGEH7AqHMIy82X6sHIAFAfZnbYJWMDbFAYAQQt1AAAUE9TVCAvZ2V0dmluZm8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHZ2LnZpZGVvLnFxLmNvbQ0KQ29udGVudC1MZW5ndGg6IDQ0NQ0KRXhwZWN0OiAxMDAtY29udGludWUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_tot_l4_data_len":360,"flow_min_l4_data_len":20,"flow_max_l4_data_len":224,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1470104380773,"flow_last_seen":1470104380807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"vv.video.qq.com","url":"vv.video.qq.com\/getvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00682{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":807854,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"TF4M6gNlABxCjnAxCABFAAD0Uh1AAIAGEH7AqHMIy82X6sHIAFAfZnbYJWMDbFAYAQQt1AAAUE9TVCAvZ2V0dmluZm8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHZ2LnZpZGVvLnFxLmNvbQ0KQ29udGVudC1MZW5ndGg6IDQ0NQ0KRXhwZWN0OiAxMDAtY29udGludWUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00415{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":834864,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoJKFAADMGi8bLzZfqwKhzCABQwcglYwNsH2Z3pFAQAAeWcgAAAAAAAAAA"}
00443{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":834923,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABxCjnAxTF4M6gNlCABFAABBJKJAADMGi6zLzZfqwKhzCABQwcglYwNsH2Z3pFAYAAdgPgAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQoNCg=="}
01007{"flow_id":40,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":835517,"pkt_caplen":499,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":499,"pkt_l4_len":465,"pkt":"TF4M6gNlABxCjnAxCABFAAHlUh5AAIAGD4zAqHMIy82X6sHIAFAfZnekJWMDhVAYAQS5hgAAZW5jcnlwdFZlcj01LjQmb3R5cGU9eG1sJmFwcHZlcj0zLjIuMTkuMzU4JnBsYXRmb3JtPTEwOTAyJm5ld3BsYXRmb3JtPTEwOTAyJnZpZD15MDAxM3hhZWV5byZ2aWRzPXkwMDEzeGFlZXlvJmRlZmF1bHRmbXQ9c2QmZGVmbj1zZCZjS2V5PUFteVJ4VVhyUFc4Wkt4TEFDSGlmNHZka3FSNkxpUmJFMjlYbnA2VzNsUVdjSXEwYmdjSWJlQWhnVDRPMlg5NG5zRkZNazdaZlBSQURZQ0k5QXZrZXB3ZFdSM0FOQ1c4SWl6d202ZDZjVGVyYW9nQkM1SWhUX1JvdGQydDNrWkNCcmk1RU9zT3IzVG13bDFvcUhkQzYtS2dqVEF6MzRrSUhVZEJDRHZMS2FvVnhpLXpUcmRGQ01HamRBZTNXWGVOclZBNFlTclJDYWwwSFR1QlZ0c1ltYVdzRC1tNEJzbHJ4Mk1lRjg1eEtPZHRsUVBBayZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDgmbGlua3Zlcj0yJmRlZm5wYXl2ZXI9MQ=="}
01007{"flow_id":40,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":835546,"pkt_caplen":499,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":499,"pkt_l4_len":465,"pkt":"TF4M6gNlABxCjnAxCABFAAHlUh5AAIAGD4zAqHMIy82X6sHIAFAfZnekJWMDhVAYAQS5hgAAZW5jcnlwdFZlcj01LjQmb3R5cGU9eG1sJmFwcHZlcj0zLjIuMTkuMzU4JnBsYXRmb3JtPTEwOTAyJm5ld3BsYXRmb3JtPTEwOTAyJnZpZD15MDAxM3hhZWV5byZ2aWRzPXkwMDEzeGFlZXlvJmRlZmF1bHRmbXQ9c2QmZGVmbj1zZCZjS2V5PUFteVJ4VVhyUFc4Wkt4TEFDSGlmNHZka3FSNkxpUmJFMjlYbnA2VzNsUVdjSXEwYmdjSWJlQWhnVDRPMlg5NG5zRkZNazdaZlBSQURZQ0k5QXZrZXB3ZFdSM0FOQ1c4SWl6d202ZDZjVGVyYW9nQkM1SWhUX1JvdGQydDNrWkNCcmk1RU9zT3IzVG13bDFvcUhkQzYtS2dqVEF6MzRrSUhVZEJDRHZMS2FvVnhpLXpUcmRGQ01HamRBZTNXWGVOclZBNFlTclJDYWwwSFR1QlZ0c1ltYVdzRC1tNEJzbHJ4Mk1lRjg1eEtPZHRsUVBBayZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDgmbGlua3Zlcj0yJmRlZm5wYXl2ZXI9MQ=="}
00836{"flow_id":40,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":882764,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"ABxCjnAxTF4M6gNlCABFAAFmJKNAADMGiobLzZfqwKhzCABQwcglYwOFH2Z5YVAYAAixSgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQyIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3htbDsgY2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDE2Mw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCIgIHN0YW5kYWxvbmU9Im5vIiA\/Pgo8cm9vdD48ZW0+ODA8L2VtPjxleGVtPjE8L2V4ZW0+PGV4aW5mbz7kuK3lm70t5Y+w5rm+55yBLS3mnKrnn6U8L2V4aW5mbz48bXNnPklQIGxpbWl0PC9tc2c+PHM+Zjwvcz48L3Jvb3Q+"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1470104380890,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1470104380890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":890420,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":890470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Uh9AAIAGFuTAqHMIKngzmMHJH5CKzmkHAAAAAIACIADo5wAAAgQE7AEDAwgBAQQC"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00835{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":909602,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00408{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":928867,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiBAAIAGEmDAqHMI2vSHqsHHI4t8ty4dKILF8FAQAQOZ5wAA"}
00408{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":928909,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiBAAIAGEmDAqHMI2vSHqsHHI4t8ty4dKILF8FAQAQOZ5wAA"}
@@ -320,7 +320,7 @@
00410{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":967069,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"}
00410{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":967094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiFAAIAGFu7AqHMIKngzmMHJH5CKzmkIwyC\/m1AQ\/\/DGNQAA"}
00749{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":968230,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"TF4M6gNlABxCjnAxCABFAAEkUiJAAIAGFfHAqHMIKngzmMHJH5CKzmkIwyC\/m1AY\/\/C4+gAAUE9TVCAvYXBpL3Byb3h5P3VybD1odHRwJTNBJTJGJTJGdnYudmlkZW8ucXEuY29tJTJGZ2V0dmluZm8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDQyLjEyMC41MS4xNTI6ODA4MA0KQ29udGVudC1MZW5ndGg6IDQ0NQ0KRXhwZWN0OiAxMDAtY29udGludWUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_tot_l4_data_len":404,"flow_min_l4_data_len":20,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1470104380890,"flow_last_seen":1470104380968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"42.120.51.152","url":"42.120.51.152:8080\/api\/proxy?url=http%3A%2F%2Fvv.video.qq.com%2Fgetvinfo","code":0,"content_type":"","user_agent":"Mozilla\/5.0"}}
00749{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104380,"pkt_ts_usec":968271,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"TF4M6gNlABxCjnAxCABFAAEkUiJAAIAGFfHAqHMIKngzmMHJH5CKzmkIwyC\/m1AY\/\/C4+gAAUE9TVCAvYXBpL3Byb3h5P3VybD1odHRwJTNBJTJGJTJGdnYudmlkZW8ucXEuY29tJTJGZ2V0dmluZm8gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDQyLjEyMC41MS4xNTI6ODA4MA0KQ29udGVudC1MZW5ndGg6IDQ0NQ0KRXhwZWN0OiAxMDAtY29udGludWUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
00414{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":29281,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAopEdAADAGFMgqeDOYwKhzCB+QwcnDIL+bis5qBFAQGSCsCgAAAAAAAAAA"}
00442{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":29366,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABxCjnAxTF4M6gNlCABFAABBpEhAADAGFK4qeDOYwKhzCB+QwcnDIL+bis5qBFAYGSB11gAASFRUUC8xLjEgMTAwIENvbnRpbnVlDQoNCg=="}
@@ -330,21 +330,21 @@
00407{"flow_id":40,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":84957,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUiRAAIAGEUPAqHMIy82X6sHIAFAfZnlhJWMEw1AQAQOSYgAA"}
00836{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":108563,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"ABxCjnAxTF4M6gNlCABFAAFmJKRAADMGioXLzZfqwKhzCABQwcglYwOFH2Z5YVAYAAixSgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQyIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3htbDsgY2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDE2Mw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCIgIHN0YW5kYWxvbmU9Im5vIiA\/Pgo8cm9vdD48ZW0+ODA8L2VtPjxleGVtPjE8L2V4ZW0+PGV4aW5mbz7kuK3lm70t5Y+w5rm+55yBLS3mnKrnn6U8L2V4aW5mbz48bXNnPklQIGxpbWl0PC9tc2c+PHM+Zjwvcz48L3Jvb3Q+"}
00580{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":115496,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEIAAAER2QjAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":217455,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U68AAAERvz7AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00580{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":217586,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFE8AAAER7zXAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1470104381237,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1470104381237,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":237806,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ABAj4ACgYMVHBbyMCABFAABAk\/BAAEAGrRvAqAUQwKhzS9F3AbseAeEVAAAAALAC\/\/84nQAAAgQFtAEDAwUBAQgKGg8YWwAAAAAEAgAA"}
00423{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":238763,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XdE8SFWHgHhFoASFtAl8wAAAgQFtAEBBAIBAwMH"}
00415{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":238800,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo9WxAAEAGS7fAqAUQwKhzS9F3AbseAeEWRPEhV1AQIABdlQAAcnZlcjBd"}
00705{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":239406,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"ABAj4ACgYMVHBbyMCABFAAEB7MpAAEAGU4DAqAUQwKhzS9F3AbseAeEWRPEhV1AYIAC0MQAAFgMBANQBAADQAwNXoAM+DApFIVBtoVkm1YD4xHsvSlpaV1sKMPaqmp\/EYiBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":20,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1470104381237,"flow_last_seen":1470104381239,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00415{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":240437,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAoVq1AAEAG6nbAqHNLwKgFEAG70XdE8SFXHgHh71AQADZ8hgAAAAAAAAAA"}
00632{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":243027,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"ABxCjnAxABAj4ACgCABFAADJVq5AAEAG6dTAqHNLwKgFEAG70XdE8SFXHgHh71AYADbIkgAAFgMDAFECAABNAwPHJnh2qX3nfDBpSu7Df5fT0X\/Q3\/d8yCgGwlqQxOSx+CBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eAAvAAAF\/wEAAQAUAwMAAQEWAwMAQDki+Ej0RYqOg\/jDOhnO\/H7Bsu3crM8n3x+xrz81y3D6sPGZ2cIhuklKpkdgW0hBRebLLt2Gh0GfYMgr\/JhRkDE="}
-00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":20,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1470104381237,"flow_last_seen":1470104381243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00416{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":243076,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoK05AAEAGFdbAqAUQwKhzS9F3AbseAeHvRPEh+FAQH\/pcIQAAVFRQLzEu"}
00415{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":243257,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABAj4ACgYMVHBbyMCABFAAAuirpAAEAGtmPAqAUQwKhzS9F3AbseAeHvRPEh+FAYIABECQAAFAMDAAEB"}
00503{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":243372,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ABAj4ACgYMVHBbyMCABFAABtN7hAAEAGCSfAqAUQwKhzS9F3AbseAeH1RPEh+FAYIACL6AAAFgMDAEDGjk2WcpUh8OQ6FhASO1J68hFkVl7+33QoB\/0Tq9jEFedfIp4l4tEdJkeQk2fgJrOHJo\/QlfzdZ+FWP1+XBCJk"}
@@ -358,22 +358,22 @@
02095{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":494832,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUpEpAADAGD9kqeDOYwKhzCB+QwcnDIL+0is5rwVAQHVDJegAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eS8xLjkuMy4yDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjE0ZGMNCjw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9InV0Zi04IiAgc3RhbmRhbG9uZT0ibm8iID8+Cjxyb290PjxkbHR5cGU+MTwvZGx0eXBlPjxleGVtPjI8L2V4ZW0+PGZsPjxjbnQ+NTwvY250PjxmaT48YnI+MjM1PC9icj48Y25hbWU+6auY5riFOyg0ODBQKTwvY25hbWU+PGlkPjExMjEyPC9pZD48bG10PjA8L2xtdD48bmFtZT5oZDwvbmFtZT48c2I+MTwvc2I+PHNsPjA8L3NsPjwvZmk+PGZpPjxicj42NDwvYnI+PGNuYW1lPuagh+a4hTsoMjcwUCk8L2NuYW1lPjxpZD4xMTIwMzwvaWQ+PGxtdD4wPC9sbXQ+PG5hbWU+c2Q8L25hbWU+PHNiPjE8L3NiPjxzbD4xPC9zbD48L2ZpPjxmaT48YnI+NjQ8L2JyPjxjbmFtZT7pq5jmuIU7KDM2MFApPC9jbmFtZT48aWQ+MjwvaWQ+PGxtdD4wPC9sbXQ+PG5hbWU+bXA0PC9uYW1lPjxzYj4xPC9zYj48c2w+MDwvc2w+PC9maT48Zmk+PGJyPjY1MDwvYnI+PGNuYW1lPui2hea4hTsoNzIwUCk8L2NuYW1lPjxpZD4xMTIwMTwvaWQ+PGxtdD4wPC9sbXQ+PG5hbWU+c2hkPC9uYW1lPjxzYj4xPC9zYj48c2w+MDwvc2w+PC9maT48Zmk+PGJyPjEyMDA8L2JyPjxjbmFtZT7ok53lhYk7KDEwODBQKTwvY25hbWU+PGlkPjExMjA5PC9pZD48bG10PjE8L2xtdD48bmFtZT5maGQ8L25hbWU+PHNiPjE8L3NiPjxzbD4wPC9zbD48L2ZpPjwvZmw+PGhzPjA8L2hzPjxscz4wPC9scz48cHJldmlldz4zMDA8L3ByZXZpZXc+PHM+bzwvcz48c2ZsPjxjbnQ+MDwvY250Pjwvc2ZsPjx0bT4xNDcwMTA0MzgyPC90bT48dmw+PGNudD4xPC9jbnQ+PHZpPjxicj4zNDwvYnI+PGNoPjA8L2NoPjxjbD48Y2k+PGNkPjI5OS45NjwvY2Q+PGNtZDU+Y2Y5MjMzMzBhNzIyOTQ4NjY4ZmQ1OGVjNDE1ODEzZDQ8L2NtZDU+PGNzPjk0MTg2NTU8L2NzPjxpZHg+MTwvaWR4PjxrZXlpZD51MDAyMG1rcm5kcy4xMTIwMy4xPC9rZXlpZD48L2NpPjxjaT48Y2Q+MzAwLjA0PC9jZD48Y21kNT43NGI4NjVlMWZhYjM0MWU2MzAyNzFlZWFmOTU5NTJkMjwvY21kNT48Y3M+MTM4NzQ1NDE8L2NzPjxpZHg+MjwvaWR4PjxrZXlpZD51MDAyMG1rcm5kcy4xMTIwMy4yPC9rZXlpZD48L2NpPjxjaT48Y2Q+MzAwPC9j"}
00429{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":626995,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7AAAAERvz3AqAUl4AAA\/NwuFOsAIuU8ydMAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
00810{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":831288,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNAJhAgEGADFjB6UAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1470104381895,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1470104381895,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":895304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
00423{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":895349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0Ui5AAIAGjNDAqHMIt4MwkcHMAFBbXvEQAAAAAIACIAAlhwAAAgQE7AEDAwgBAQQC"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":935187,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0MAAAERi63AqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":935396,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUIAAAERlcbAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1470104381935,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00583{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":935810,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRQAAAQRv1\/AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00579{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":935961,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfiEAAAERhV\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00415{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":968167,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLge3gzCRwKhzCABQwcyPbNg5W17xEWASOQjNFQAAAgQFtAAA"}
00409{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":968358,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"}
00409{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":968391,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUi9AAIAGjNvAqHMIt4MwkcHMAFBbXvERj2zYOlAQ\/\/Ad6gAA"}
00988{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":978984,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":486,"pkt_l4_len":452,"pkt":"TF4M6gNlABxCjnAxCABFAAHYUjBAAIAGiyrAqHMIt4MwkcHMAFBbXvERj2zYOlAY\/\/DaOQAAR0VUIC92bGl2ZS5xcXZpZGVvLnRjLnFxLmNvbS91MDAyMG1rcm5kcy5wMTIwMy4xLm1wND92a2V5PTdBQjEzOUJGNkIzMkY1Mzc0N0U4RkYxOTJFNkZFNTU3QjNBM0Q2NDRDMDM0RTM0QkY2RUFFQjRFMDc3NEYyQTkyRUYzQUM1QzAwNzUyMEJCOTI1RTVDOEExOEU2RDMwMkMyREFFMEEyOTVCMjZBQThGRDFEQzgwNjlENDdDRTFCNEExNkE1Njg3MEJEMUFDQTNFODZBQkU0QzA3OTY1OURCMjE4MkZDNzEyMTdBQjY4Q0NEMzQ0Q0U2NTY5NDQ1N0UzRjUzNTQ5Q0Q2MTdENUM5RjY3MUEyNkM3MERDNjhGOTNGMUQ3QkNEMDE3NzYyRiZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDggSFRUUC8xLjENCkhvc3Q6IDE4My4xMzEuNDguMTQ1DQpSYW5nZTogYnl0ZXM9MC0NCkNvbm5lY3Rpb246IGNsb3NlDQpJY3ktTWV0YURhdGE6IDENCg0K"}
-01008{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":20,"flow_max_l4_data_len":452,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
+01019{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1470104381895,"flow_last_seen":1470104381978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.145","url":"183.131.48.145\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8","code":0,"content_type":"","user_agent":""}}
00988{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104381,"pkt_ts_usec":979038,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":486,"pkt_l4_len":452,"pkt":"TF4M6gNlABxCjnAxCABFAAHYUjBAAIAGiyrAqHMIt4MwkcHMAFBbXvERj2zYOlAY\/\/DaOQAAR0VUIC92bGl2ZS5xcXZpZGVvLnRjLnFxLmNvbS91MDAyMG1rcm5kcy5wMTIwMy4xLm1wND92a2V5PTdBQjEzOUJGNkIzMkY1Mzc0N0U4RkYxOTJFNkZFNTU3QjNBM0Q2NDRDMDM0RTM0QkY2RUFFQjRFMDc3NEYyQTkyRUYzQUM1QzAwNzUyMEJCOTI1RTVDOEExOEU2RDMwMkMyREFFMEEyOTVCMjZBQThGRDFEQzgwNjlENDdDRTFCNEExNkE1Njg3MEJEMUFDQTNFODZBQkU0QzA3OTY1OURCMjE4MkZDNzEyMTdBQjY4Q0NEMzQ0Q0U2NTY5NDQ1N0UzRjUzNTQ5Q0Q2MTdENUM5RjY3MUEyNkM3MERDNjhGOTNGMUQ3QkNEMDE3NzYyRiZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDggSFRUUC8xLjENCkhvc3Q6IDE4My4xMzEuNDguMTQ1DQpSYW5nZTogYnl0ZXM9MC0NCkNvbm5lY3Rpb246IGNsb3NlDQpJY3ktTWV0YURhdGE6IDENCg0K"}
00428{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":36037,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J0UAAAERi6vAqGUh4AAA\/ORYFOsAI152CJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00428{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":38651,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3fUUAAAERlcPAqAUJ4AAA\/ORYFOsAI76OCJsAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
@@ -381,7 +381,7 @@
01255{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":51994,"pkt_caplen":687,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":687,"pkt_l4_len":653,"pkt":"ABxCjnAxTF4M6gNlCABFAAKh2e1AADEGUaS3gzCRwKhzCABQwcyPbNg6W17ywVAYK\/hyfgAASFRUUC8xLjEgMzAyIE1vdmVkIFRlbXBvcmFyaWx5DQpTZXJ2ZXI6IGh0dHBzZXJ2ZXINCkxvY2F0aW9uOiBodHRwOi8vMTgzLjEzMS40OC4xNDQvdmxpdmUucXF2aWRlby50Yy5xcS5jb20vdTAwMjBta3JuZHMucDEyMDMuMS5tcDQ\/dmtleT03QUIxMzlCRjZCMzJGNTM3NDdFOEZGMTkyRTZGRTU1N0IzQTNENjQ0QzAzNEUzNEJGNkVBRUI0RTA3NzRGMkE5MkVGM0FDNUMwMDc1MjBCQjkyNUU1QzhBMThFNkQzMDJDMkRBRTBBMjk1QjI2QUE4RkQxREM4MDY5RDQ3Q0UxQjRBMTZBNTY4NzBCRDFBQ0EzRTg2QUJFNEMwNzk2NTlEQjIxODJGQzcxMjE3QUI2OENDRDM0NENFNjU2OTQ0NTdFM0Y1MzU0OUNENjE3RDVDOUY2NzFBMjZDNzBEQzY4RjkzRjFEN0JDRDAxNzc2MkYmZ3VpZD1GNUVCMDFDQzAxQThFMDhDRDgzNjMwODI4REUxN0MyQjAyMTYyRkQ4JmxvY2lkPWEwNmY5OGZkLWZhMjYtNDRlNS1hY2M1LTBkODNmOWRmMDNhZiZzaXplPTk0MTg2NTUmb2NpZD0yNTM1NjQzMzINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9NzIwMA0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpYLVNlcnZlcklwOiAxODMuMTMxLjQ4LjE0NQ0KWC1SZXNwVGltZTogMDIvQXVnLzIwMTY6MTA6MTk6NDQgKzA4MDANCg0K"}
00408{"flow_id":46,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":53359,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjFAAIAGjNnAqHMIt4MwkcHMAFBbXvLBj2zas1AR\/XccOQAA"}
00408{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":53397,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjFAAIAGjNnAqHMIt4MwkcHMAFBbXvLBj2zas1AR\/XccOQAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1470104382053,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1470104382053,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":53678,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00422{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":53709,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UjJAAIAGjM3AqHMIt4MwkMHNAFBSJ8A7AAAAAIACIABfkwAAAgQE7AEDAwgBAQQC"}
00415{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":122949,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"ABxCjnAxTF4M6gNlCABFAAAsAABAADEGLgi3gzCQwKhzCABQwc0rYeLSUifAPGASOQhglAAAAgQFtAAA"}
@@ -389,83 +389,83 @@
00409{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":123103,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjRAAIAGjNfAqHMIt4MwkMHNAFBSJ8A8K2Hi01AQ\/\/CxaAAA"}
00417{"flow_id":46,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":124370,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo2e5AADEGVBy3gzCRwKhzCABQwcyPbNqzW17ywlARK\/jttwAAAAAAAAAA"}
01085{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":125031,"pkt_caplen":557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":557,"pkt_l4_len":523,"pkt":"TF4M6gNlABxCjnAxCABFAAIfUjVAAIAGit\/AqHMIt4MwkMHNAFBSJ8A8K2Hi01AY\/\/BoUwAAR0VUIC92bGl2ZS5xcXZpZGVvLnRjLnFxLmNvbS91MDAyMG1rcm5kcy5wMTIwMy4xLm1wND92a2V5PTdBQjEzOUJGNkIzMkY1Mzc0N0U4RkYxOTJFNkZFNTU3QjNBM0Q2NDRDMDM0RTM0QkY2RUFFQjRFMDc3NEYyQTkyRUYzQUM1QzAwNzUyMEJCOTI1RTVDOEExOEU2RDMwMkMyREFFMEEyOTVCMjZBQThGRDFEQzgwNjlENDdDRTFCNEExNkE1Njg3MEJEMUFDQTNFODZBQkU0QzA3OTY1OURCMjE4MkZDNzEyMTdBQjY4Q0NEMzQ0Q0U2NTY5NDQ1N0UzRjUzNTQ5Q0Q2MTdENUM5RjY3MUEyNkM3MERDNjhGOTNGMUQ3QkNEMDE3NzYyRiZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDgmbG9jaWQ9YTA2Zjk4ZmQtZmEyNi00NGU1LWFjYzUtMGQ4M2Y5ZGYwM2FmJnNpemU9OTQxODY1NSZvY2lkPTI1MzU2NDMzMiBIVFRQLzEuMQ0KSG9zdDogMTgzLjEzMS40OC4xNDQNClJhbmdlOiBieXRlcz0wLQ0KQ29ubmVjdGlvbjogY2xvc2UNCkljeS1NZXRhRGF0YTogMQ0KDQo="}
-01080{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_tot_l4_data_len":651,"flow_min_l4_data_len":20,"flow_max_l4_data_len":523,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
+01090{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1470104382053,"flow_last_seen":1470104382125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":0,"content_type":"","user_agent":""}}
01085{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":125065,"pkt_caplen":557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":557,"pkt_l4_len":523,"pkt":"TF4M6gNlABxCjnAxCABFAAIfUjVAAIAGit\/AqHMIt4MwkMHNAFBSJ8A8K2Hi01AY\/\/BoUwAAR0VUIC92bGl2ZS5xcXZpZGVvLnRjLnFxLmNvbS91MDAyMG1rcm5kcy5wMTIwMy4xLm1wND92a2V5PTdBQjEzOUJGNkIzMkY1Mzc0N0U4RkYxOTJFNkZFNTU3QjNBM0Q2NDRDMDM0RTM0QkY2RUFFQjRFMDc3NEYyQTkyRUYzQUM1QzAwNzUyMEJCOTI1RTVDOEExOEU2RDMwMkMyREFFMEEyOTVCMjZBQThGRDFEQzgwNjlENDdDRTFCNEExNkE1Njg3MEJEMUFDQTNFODZBQkU0QzA3OTY1OURCMjE4MkZDNzEyMTdBQjY4Q0NEMzQ0Q0U2NTY5NDQ1N0UzRjUzNTQ5Q0Q2MTdENUM5RjY3MUEyNkM3MERDNjhGOTNGMUQ3QkNEMDE3NzYyRiZndWlkPUY1RUIwMUNDMDFBOEUwOENEODM2MzA4MjhERTE3QzJCMDIxNjJGRDgmbG9jaWQ9YTA2Zjk4ZmQtZmEyNi00NGU1LWFjYzUtMGQ4M2Y5ZGYwM2FmJnNpemU9OTQxODY1NSZvY2lkPTI1MzU2NDMzMiBIVFRQLzEuMQ0KSG9zdDogMTgzLjEzMS40OC4xNDQNClJhbmdlOiBieXRlcz0wLQ0KQ29ubmVjdGlvbjogY2xvc2UNCkljeS1NZXRhRGF0YTogMQ0KDQo="}
00409{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":125348,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjZAAIAGjNTAqHMIt4MwkcHMAFBbXvLCj2zatFAQ\/XccOAAA"}
00409{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":125381,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjZAAIAGjNTAqHMIt4MwkcHMAFBbXvLCj2zatFAQ\/XccOAAA"}
00416{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":190889,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAostlAADEGezK3gzCQwKhzCABQwc0rYeLTUifCM1AQK\/iDagAAAAAAAAAA"}
00787{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":192288,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"ABxCjnAxTF4M6gNlCABFAAFBstpAADEGehi3gzCQwKhzCABQwc0rYeLTUifCM1AYK\/jSYgAASFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC05NDE4NjU0Lzk0MTg2NTUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQ29udGVudC1MZW5ndGg6IDk0MTg2NTUNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjE5OjQ1IEdNVA0KQ29udGVudC1UeXBlOiB2aWRlby9tcDQNClgtU2VydmVySXA6IDE4My4xMzEuNDguMTQ0DQpYLVJlc3BUaW1lOiAwMi9BdWcvMjAxNjoxMDoxOTo0NSArMDgwMA0KDQo="}
-01103{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_tot_l4_data_len":1495,"flow_min_l4_data_len":20,"flow_max_l4_data_len":523,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
+01114{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1470104382053,"flow_last_seen":1470104382192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":503,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Media"},"http": {"hostname":"183.131.48.144","url":"183.131.48.144\/vlive.qqvideo.tc.qq.com\/u0020mkrnds.p1203.1.mp4?vkey=7AB139BF6B32F53747E8FF192E6FE557B3A3D644C034E34BF6EAEB4E0774F2A92EF3AC5C007520BB925E5C8A18E6D302C2DAE0A295B26AA8FD1DC8069D47CE1B4A16A56870BD1ACA3E86ABE4C079659DB2182FC71217AB68CCD344CE65694457E3F53549CD617D5C9F671A26C70DC68F93F1D7BCD017762F&guid=F5EB01CC01A8E08CD83630828DE17C2B02162FD8&locid=a06f98fd-fa26-44e5-acc5-0d83f9df03af&size=9418655&ocid=253564332","code":206,"content_type":"video\/mp4","user_agent":""}}
01792{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":198371,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQosttAADEGdzC3gzCQwKhzCABQwc0rYePsUifCM1AYK\/iADwAAAAAAHGZ0eXBtcDQyAAAAAGlzb21hdmMxbXA0MgAB2WJtb292AAAAbG12aGQAAAAA05ElBtORJQYAAAJYAAK\/GQABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAFWlvZHMAAAAAEAcAT\/\/\/KBX\/AAFfKnRyYWsAAABcdGtoZAAAAAHTkSUG05ElDAAAAAEAAAAAAAK\/CAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAB4AAAAPAAAAABXqJtZGlhAAAAIG1kaGQAAAAA05ElBtORJQsAAGGoAHJs+FXEAAAAAAAsaGRscgAAAAAAAAAAdmlkZQAAAAAAAAAAAAAAAFRyYWNrSGFuZGxlcgABXk5taW5mAAAAFHZtaGQAAAABAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAV4Oc3RibAAAAK5zdHNkAAAAAAAAAAEAAACeYXZjMQAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAHgAPAASAAAAEgAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj\/\/wAAADRhdmNDAWQAHv\/hABhnZAAerMhQeH6EAAADAAQAAAMAyDxYtlgBAAVo6+yyLP34+AAAAAAUYnRydAAAauQAFEnwAAPNWAAAABhzdHRzAAAAAAAAAAEAAB1LAAAD6AAAzGBjdHRzAAAAAAAAGYoAAAABAAAH0AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAIAAAfQAAAAAQAAD6AAAAABAAAH0AAAAAEAAAAAAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAAH0AAAAAEAABtYAAAAAQAAC7gAAAACAAAAAAAAAAIAAAPoAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAABtYAAAAAQAAC7gAAAACAAAAAAAAAAIAAAPoAAAAAQAAH0AAAAABAAAPoAAAAAMAAAAAAAAAAgAAA+gAAAABAAAXcAAAAAEAAAu4AAAAAgAAAAAAAAABAAAD6AAAAAEAABOIAAAAAQAAB9AAAAABAAAAAAAAAAEAAAPoAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAA=="}
01783{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":198662,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQostxAADEGdy+3gzCQwKhzCABQwc0rYefsUifCM1AYK\/i2wAAAAAPoAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAAu4AAAAAQAAA+gAAAABAAALuAAAAAEAAAPoAAAAAQAAH0AAAAABAAAPoAAAAAMAAAAAAAAAAgAAA+gAAAABAAAXcAAAAAEAAAu4AAAAAgAAAAAAAAABAAAD6AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAF3AAAAABAAALuAAAAAIAAAAAAAAAAQAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAAfQAAAAAQAAF3AAAAABAAALuAAAAAIAAAAAAAAAAQAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAABtYAAAAAQAAC7gAAAACAAAAAAAAAAIAAAPoAAAAAQAAB9AAAAABAAALuAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAAH0AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAG1gAAAABAAALuAAAAAIAAAAAAAAAAgAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAABOIAAAAAQAAB9AAAAABAAAAAAAAAAEAAAPoAAAAAQAAB9AAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAAXcAAAAAEAAAu4AAAAAgAAAAAAAAABAAAD6AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAABOIAAAAAQAAB9AAAAABAAAAAAAAAAEAAAPoAAAAAQAAF3AAAAABAAALuAAAAAIAAAAAAAAAAQAAA+gAAAABAAAH0AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAH0AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAAB9AAAAAAQAAD6AAAAADAAAAAAAAAAIAAAPoAAAAAQAAD6AAAAABAA=="}
00410{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":199024,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjdAAIAGjNTAqHMIt4MwkMHNAFBSJ8IzK2Hr7FAQ\/\/CmWAAA"}
00410{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":199061,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjdAAIAGjNTAqHMIt4MwkMHNAFBSJ8IzK2Hr7FAQ\/\/CmWAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00579{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":241911,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0YAAAERfELAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00579{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":242882,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfYYAAAERhhrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00579{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":243140,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMNEAAAER0p\/AqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00810{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":243529,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNN4pAgEGAP54u0wAAAAAwKgFMcCoBTHAqHcBAAAAAOix\/Kv7sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00578{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":345385,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOq0AAAERyNDAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":448550,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":448739,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed0AAAERmP3AqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00584{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":448863,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCesAAAQR9onAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00469{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":857884,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD8GwU6wApG1\/NkQAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
00438{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":858294,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9ed8AAAERmPvAqAUx4AAA\/PBsFOsAKYTXzZEAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
01783{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104382,"pkt_ts_usec":864520,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQost1AADEGdy63gzCQwKhzCABQwc0rYevsUifCM1AYK\/ggLgAAAAfQAAAAAQAAAAAAAAABAAALuAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAH0AAAAAEAAAu4AAAAAQAAA+gAAAABAAAH0AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAABtYAAAAAQAAC7gAAAACAAAAAAAAAAIAAAPoAAAAAQAAF3AAAAABAAALuAAAAAIAAAAAAAAAAQAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAAAu4AAAAAQAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAAH0AAAAAEAAAu4AAAAAQAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAB9AAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAAAH0AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAACAAAH0AAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAH0AAAAAEAAAu4AAAAAQAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAAA+gAAAAAQAAB9AAAAABAAAAAAAAAAEAABdwAAAAAQAAC7gAAAACAAAAAAAAAAEAAAPoAAAAAgAAB9AAAAABAAALuAAAAAEAAAPoAAAAAQAAD6AAAAABAAAH0AAAAAEAAAAAAAAAAQAAB9AAAAABAAALuAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAATiAAAAAEAAAfQAAAAAQAAAAAAAAABAAAD6AAAAAEAABOIAAAAAQAAB9AAAAABAAAAAAAAAAEAAAPoAAAAAQAAE4gAAAABAAAH0AAAAAEAAAAAAAAAAQAAA+gAAAABAAAPoAAAAAEAAAfQAAAAAQAAAAAAAAABAA=="}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00472{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1470104381217,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1470104376301,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1470104382242,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1470104382241,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1470104378657,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1470104382448,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1470104380909,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00480{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1470104375419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1470104378557,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104383,"pkt_ts_usec":61826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUjhAAIAGjNPAqHMIt4MwkMHNAFBSJ8IzK2Hv7FAQ+\/CmWAAA"}
00583{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104383,"pkt_ts_usec":675559,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLYAAAQRv8DAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1470104383810,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1470104383810,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00796{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104383,"pkt_ts_usec":810371,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TF4M6gNlYMVHBbyMCABFAAFI+0MAAEARgP\/AqAUQwKh3AQBEAEMBNFvxAQEGABeXwMwAAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"}
-00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1470104383810,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
+00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1470104383810,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
00797{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104383,"pkt_ts_usec":815221,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbOAgEGABeXwMwAAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00579{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104384,"pkt_ts_usec":85549,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEMAAAER2QfAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00467{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104384,"pkt_ts_usec":85672,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAshosLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACAt0="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1470104384289,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1470104384289,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00580{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104384,"pkt_ts_usec":289461,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFAAAAER7zTAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1470104384289,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1470104384289,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00809{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104384,"pkt_ts_usec":802618,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNEsMAgEGAENEXMgAAAAAwKgFLcCoBS3AqHcBAAAAAOCsy3Hh0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00580{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":5874,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRUAAAQRv17AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00579{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":211573,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ0oAAAERfD7AqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00579{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":211727,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfwAAAAERhKDAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1470104385211,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00578{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":212104,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMOQAAAER0ozAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00578{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":313558,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOr0AAAERyMDAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1470104385418,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1470104385418,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00584{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":418800,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCewAAAQR9ojAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1470104385418,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1470104385418,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104385,"pkt_ts_usec":827777,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="}
00584{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104386,"pkt_ts_usec":645103,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLcAAAQRv7\/AqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00483{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104386,"pkt_ts_usec":937728,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ABxCjnAxABAj4ACgCABFAABdVrFAAEAG6j3AqHNLwKgFEAG70XdE8SXhHgHmL1AYAEa9yAAAFQMDADAL2rIa718l782i9dkDIcqQtKzDEyHxDKXTvidj58VEqE5kb1BH\/HnLnTzyrYBe4U4="}
00417{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104386,"pkt_ts_usec":937789,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAor95AAEAGkUXAqAUQwKhzS9F3AbseAeYvRPEmFlAQH\/5TvwAAC1ZFUzE2"}
00579{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104387,"pkt_ts_usec":54000,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEQAAAER2QbAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00580{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104387,"pkt_ts_usec":260032,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFEAAAER7zPAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1470104388033,"flow_last_seen":0,"flow_tot_l4_data_len":21,"flow_min_l4_data_len":21,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":21,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1470104388033,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":33892,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00410{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":33946,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUkZAAIAG8z3AqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
00422{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":37933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0ZvMAAD0GYYbLQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"}
@@ -473,80 +473,80 @@
00579{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":182845,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChfzUAAAERhGvAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00578{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":284599,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMOoAAAER0obAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00578{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104388,"pkt_ts_usec":284786,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOtwAAAERyKHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104389,"pkt_ts_usec":597943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0ErtAAEAGH+LAqAUQROn9hdFtAFBAFGHVDj7nf4AREAH2GQAAAQEIChoPOPTPHNz0"}
00583{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104389,"pkt_ts_usec":616162,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLgAAAQRv77AqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00579{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":23643,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEUAAAER2QXAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00580{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":229888,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFIAAAER7zLAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1470104390443,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1470104390443,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":443500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"TF4M6gNlYMVHBbyMCABFAABAN95AAEAG+rLAqAUQROn9hdF4AFAesUW4AAAAALAC\/\/+iVAAAAgQFtAEDAwUBAQgKGg88QAAAAAAEAgAA"}
00435{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":640525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADUGPZVE6f2FwKgFEABQ0Xh2OO96HrFFuaASFqBImwAAAgQFtAQCCArPHh84Gg88QAEDAwg="}
00424{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":640578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0PI1AAEAG9g\/AqAUQROn9hdF4AFAesUW5djjve4AQEBV9LwAAAQEIChoPPQTPHh84"}
00782{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":642049,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"TF4M6gNlYMVHBbyMCABFAAE9+GJAAEAGOTHAqAUQROn9hdF4AFAesUW5djjve4AYEBVNJgAAAQEIChoPPQXPHh84R0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="}
-00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_tot_l4_data_len":413,"flow_min_l4_data_len":32,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1470104390443,"flow_last_seen":1470104390642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":741932,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"MzMAAAABTF4MmuxUht1gAAAAAIMRAf6AAAAAAAAATl4M\/\/6a7FT\/AgAAAAAAAAAAAAAAAAABFi4WLgCDan0ABGg\/AAEABkxeDJrsVAAFAAAABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABHzzfwAACwAJM0RYWS1LSEdEAAwADUNSUzEyNS0yNEctMVMADgABAQAPABD+gAAAAAAAAE5eDP\/+muxUABAAB2JyaWRnZTE="}
00424{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":838554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IZAADUGTRZE6f2FwKgFEABQ0Xh2OO97HrFGwoAQABuLWQAAAQEICs8eH\/4aDz0F"}
00859{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":846598,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"ABxCjnAxTF4M6gNlCABFAAF48IdAADUGS9FE6f2FwKgFEABQ0Xh2OO97HrFGwoAYABuCGQAAAQEICs8eH\/8aDz0FSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IFR1ZSwgMDIgQXVnIDIwMTYgMDE6NTg6MzQgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
00425{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":846680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0TlJAAEAG5ErAqAUQROn9hdF4AFAesUbCdjjwv4AQEAt5WQAAAQEIChoPPdDPHh\/\/"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00835{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104390,"pkt_ts_usec":945416,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1470104391199,"flow_last_seen":0,"flow_tot_l4_data_len":21,"flow_min_l4_data_len":21,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":21,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1470104391199,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":199899,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00411{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":199954,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUk5AAIAGdmbAqHMIQOm9gMGtAFD1eICMR0KJzlAQAXpzKwAAAA=="}
00423{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":208758,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0a70AAC4G7uxA6b2AwKhzCABQwa1HQonO9XiAjYAQAVdRKwAAAQEFCvV4gIz1eICN"}
00579{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":253292,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChARUAAAERAozAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":254355,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ1IAAAERfDbAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":254477,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":254588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuAAAAER9UjAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1470104391254,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00578{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":254843,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMO8AAAER0oHAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00453{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":361874,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD+KsU6wAgEMLGawAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
00424{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":362039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8PKn0WgOECABFAAA0HuEAAAER9UfAqAPs4AAA\/MoCFOsAIFaUxmsAAAABAAAAAAAABmlzYXRhcAAAAQAB"}
00584{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":458729,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCe4AAAQR9obAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104391,"pkt_ts_usec":564386,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHugAAIARlnrAqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00839{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104392,"pkt_ts_usec":72031,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tXCABFAAFZOwBAAEARsV\/AqIyM\/\/\/\/\/\/YA9gABRQTx\/\/\/Z1aAAwKC7c+tXwKiMjAAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tXQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI2AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqIyM\/\/8AAFBvcnQgOAAAIAGwIAAGAADCoLv\/\/nPrV0A="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00872{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104392,"pkt_ts_usec":72989,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRMAf\/D9nVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104392,"pkt_ts_usec":380243,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOckUAAEARgdzAqAUtwKj\/\/+mNAIkAOs9OABUBEAABAAAAAAAAIEZERUJFT0VLRUpDTkVNRUpFR0VGRUNFUEVQRUxDTkNBAAAgAAE="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00468{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104392,"pkt_ts_usec":380425,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACcD6s8PAHht1gBWEEACwRAf6AAAAAAAAABAZVqGRTJd3\/AgAAAAAAAAAAAAAAAQACAiICIwAsg0sLJ3MdAAEADgABAAEduOb7cD6s8PAHAAYABAAXABgACAACBh0="}
00583{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104392,"pkt_ts_usec":584849,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLkAAAQRv73AqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00473{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1470104393097,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1470104391564,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1470104390945,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1470104392380,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59789,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00481{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1470104389597,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1470104385827,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1470104392072,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.140.140","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1470104390741,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:fe9a:ec54","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1470104393097,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":97082,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxQAAIARlk7AqAPswKj\/\/wCJAIkAOqdmilEBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1470104393097,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1470104393097,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00579{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":97241,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEYAAAER2QTAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00580{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":302618,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFMAAAER7zHAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":610238,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOGrEAAEAR2XDAqAUtwKj\/\/+hFAIkAOjOmABcBEAABAAAAAAAAIEVIRUdFSkVNRUZDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAE="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":610386,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOnJgAAEARV4nAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":610555,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKO0kAAEARuFzAqAUtwKj\/\/wCKAIoAtoWlEQJF7sCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAO1FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTsRQAA"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00636{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":610744,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADK5DUAAEARD3DAqAUtwKj\/\/wCKAIoAtoasEQJF8cCoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkRFSUVQRU5FRkNBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPBFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTvRQAA"}
00636{"flow_id":76,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":611090,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAADKOS4AAEARunfAqAUtwKj\/\/wCKAIoAtoChEQJF98CoBS0AAACgAAAgRU5FQkVERUNFUEVQRUxFQkVKRkNDTkVGREJFRURBQUEAIEVORkpFSEZDRVBGRkZBQ0FDQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAA1TQAAPZFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQT1RQAA"}
00469{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104393,"pkt_ts_usec":813792,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxcAAIARlkvAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
@@ -555,61 +555,61 @@
00469{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104394,"pkt_ts_usec":531875,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHxoAAIARlkjAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00469{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104394,"pkt_ts_usec":635803,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/4KzLceHQCABFAABOipYAAEARaYvAqAUtwKj\/\/wCJAIkAOr16RfsBEAABAAAAAAAAIEVPRUJGREVHRUpFTUVGQ0FDQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
00469{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104395,"pkt_ts_usec":351449,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOHysAAIARljfAqAPswKj\/\/wCJAIkAOqdiilUBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00836{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104395,"pkt_ts_usec":656981,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUQe\/\/+eLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1470104395657,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1470104395657,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104395,"pkt_ts_usec":657061,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARqaYAAAAA\/\/\/\/\/wBEAEMBNLOUAQEGALkL8pMAEIAAAAAAAAAAAAAAAAAAAAAAAExeDOoDZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTF4M6gNlNwYBAwYPLCH\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1470104395657,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,44,33"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1470104396888,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1470104395657,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,44,33"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1470104396888,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104396,"pkt_ts_usec":888586,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1470104396888,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1470104396889,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1470104396888,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1470104396889,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104396,"pkt_ts_usec":889494,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi0AAAERlLzAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1470104396889,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1470104396889,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00457{"flow_id":79,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104396,"pkt_ts_usec":987090,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQADxBIU6wAiAfRVcwAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
00429{"flow_id":80,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104396,"pkt_ts_usec":987104,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fi4AAAERlLvAqAUp4AAA\/NTGFOsAItEVVXMAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
00577{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":90815,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfi8AAAERhVHAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":91815,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/cPGh+Cr9CABFAAFIAzMAAIARcMHAqAUJ\/\/\/\/\/wBEAEMBND1aAQEGAPwPedgAAIAAwKgFCQAAAAAAAAAAAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBcPGh+Cr9DAlKb2FubmEtUEM8CE1TRlQgNS4wNw0BDwMGLC4vHyF5+Sv8\/wAAAAAAAAAAAAAA"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252"}}
00809{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":92033,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNEtlAgEGAPwPedgAAIAAwKgFCQAAAADAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBAQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00579{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":192245,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ1QAAAERfDTAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":193096,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChAzcAAAERAGrAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00584{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":396994,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCfAAAAQR9oTAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1470104397807,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1470104397807,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104397,"pkt_ts_usec":807877,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClrzIAAAERVEPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1470104397807,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1470104397807,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104398,"pkt_ts_usec":314933,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoA95AAEAGLsvAqAUQROn9hdFlAFAG4xw4xV6fSlAUEAE+LgAA8Q52cgJF"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104398,"pkt_ts_usec":832807,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7ZMwunDzJCABFAABEo69AAP8RMRXAqAVA4AAA+xTpFOkAMOS\/AAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":812,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104398,"pkt_ts_usec":932814,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1470104399652,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1470104399652,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":652689,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4QZsAAAER0UXAqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1470104399652,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1470104399652,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00543{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":854544,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"\/\/\/\/\/\/\/\/TF4M6gOICABFAACAAABAAEAReWHAqABk\/\/\/\/\/8btFi4AbOgXAACpHQABAAZMXgzqA4gABQAFNE1OQVQABwAPNi4zNS4xIChzdGFibGUpAAgACE1pa3JvVGlrAAoABIOWJAAACwAJTjUzOC1HMDRVAAwABlJCNDUwRwAOAAEAABAABmV0aGVyMg=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1470104399958,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1470104399958,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":958731,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRAAAAER4cnAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1470104399958,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1470104399958,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":959547,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD9SQU6wAlorgrvQAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":959775,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7YAAAERxyfAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00582{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104399,"pkt_ts_usec":959814,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRYAAAQRv13AqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00428{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":59244,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MRIAAAER4cfAqAU54AAA\/P5+FOsAIr4lNLsAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
00431{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":59395,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AQBeAAD8bEAIlAI6CABFAAA4rMMAAAERZh3AqAUw4AAA\/OmVFOsAJO3eTL0AAAABAAAAAAAACkthc3Blci1tYWMAAP8AAQ=="}
00578{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":59456,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfjEAAAERhU\/AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_tot_l4_data_len":528,"flow_min_l4_data_len":528,"flow_max_l4_data_len":528,"flow_avg_l4_data_len":528,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01096{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":162264,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfEAAAQR9QTAqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_tot_l4_data_len":528,"flow_min_l4_data_len":528,"flow_max_l4_data_len":528,"flow_avg_l4_data_len":528,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_tot_l4_data_len":536,"flow_min_l4_data_len":536,"flow_max_l4_data_len":536,"flow_avg_l4_data_len":536,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":834,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_min_l4_payload_len":520,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01131{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":162411,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_tot_l4_data_len":536,"flow_min_l4_data_len":536,"flow_max_l4_data_len":536,"flow_avg_l4_data_len":536,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":835,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1470104400162,"flow_last_seen":0,"flow_min_l4_payload_len":528,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":528,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00578{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":264969,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMRMAAAER0l3AqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00433{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":366719,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S7cAAAERxybAqAUy4AAA\/PUkFOsAJRvtK70AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
01076{"flow_id":91,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":366790,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":548,"pkt_l4_len":514,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIWCfIAAAQR9RHAqAUx7\/\/\/+gdsB2wCAmnTTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb25uZWN0aW9uTWFuYWdlcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vMTkyLjE2OC41LjQ5OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
@@ -617,26 +617,26 @@
01073{"flow_id":91,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":571720,"pkt_caplen":546,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":546,"pkt_l4_len":512,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIUCfMAAAQR9RLAqAUx7\/\/\/+gdsB2wCAPPDTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
01110{"flow_id":92,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":571911,"pkt_caplen":574,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":574,"pkt_l4_len":520,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAggRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIIordOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbnRlbnREaXJlY3Rvcnk6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
00583{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":878902,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl66AAAAERF9XAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":848,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00835{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104400,"pkt_ts_usec":983874,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104401,"pkt_ts_usec":187549,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S70AAAERxyDAqAUy4AAA\/MNuFOsAJYAi+T0AAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":851,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
01057{"flow_id":91,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104401,"pkt_ts_usec":288363,"pkt_caplen":534,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":534,"pkt_l4_len":500,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIICfQAAAQR9R3AqAUx7\/\/\/+gdsB2wB9PpOTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
01094{"flow_id":92,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104401,"pkt_ts_usec":288517,"pkt_caplen":562,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":562,"pkt_l4_len":508,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAfwRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAH8qUJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6TWVkaWFTZXJ2ZXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
00808{"flow_id":78,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104401,"pkt_ts_usec":902520,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/vO57DLPeCABFAAFIg+0AAEAR9bgAAAAA\/\/\/\/\/wBEAEMBNDMlAQEGANPiBnoAAAAAAAAAAAAAAAAAAAAAAAAAALzuewyz3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLWY3Y2EwZjU3MTI3MGM1MmQ3CQEhAwYPHDM6O\/8A"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104401,"pkt_ts_usec":904977,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/ABNyFooyCABFAABEAABAAEARLl07eNDU\/\/\/\/\/4AAB5sAMADiZERZY1RjNFBBQUJQY0dWdVluUnpBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
00772{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":198930,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"TF4M6gNlYMVHBbyMCABFAAE1hLZAAEAGrOXAqAUQROn9hdF4AFAesUbCdjjwv4AYEAu4KQAAAQEIChoPahbPHh\/\/R0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1470104402238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1470104402238,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":238628,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ABAj4ACgYMVHBbyMCABFAABAGihAAEAGJuTAqAUQwKhzS9F5AbtwBJ91AAAAALAC\/\/\/WVQAAAgQFtAEDAwUBAQgKGg9qPQAAAAAEAgAA"}
00423{"flow_id":96,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":239704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XnKmfzXcASfdoASFtC0YwAAAgQFtAEBBAIBAwMH"}
00415{"flow_id":96,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":239746,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAosclAAEAGj1rAqAUQwKhzS9F5AbtwBJ92ypn82FAQIADsBQAAyQ4pxaWW"}
00696{"flow_id":96,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":240297,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9ruNAAEAGkWvAqAUQwKhzS9F5AbtwBJ92ypn82FAYIADtEAAAFgMBANABAADMAwNXoANTJYxftKgXimtNLVWTzYxskkMb8dtmAzVqLh4pryBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_first_seen":1470104402238,"flow_last_seen":1470104402240,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00415{"flow_id":96,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":241217,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAofPZAAEAGxC3AqHNLwKgFEAG70XnKmfzYcASgS1AQADYK+wAAAAAAAAAA"}
00630{"flow_id":96,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":243893,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"ABxCjnAxABAj4ACgCABFAADJfPdAAEAGw4vAqHNLwKgFEAG70XnKmfzYcASgS1AYADbicAAAFgMDAFECAABNAwN7H4yPHjLYw\/e9aBqw+\/vV2u50xsHUyfu8US38EyE+VyBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eAAvAAAF\/wEAAQAUAwMAAQEWAwMAQJPGwpXm49Wpwm5+RRNIxmh0PMa1TfmfP4GkpjQdMkON0UW5xEoBecyOhOQdSe0vc5PC\/LsmCtxUJlkP4zkaysY="}
-00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_tot_l4_data_len":530,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":877,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1470104402238,"flow_last_seen":1470104402243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00416{"flow_id":96,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":243923,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoHZZAAEAGI47AqAUQwKhzS9F5AbtwBKBLypn9eVAQH\/rqlQAAWvP2rXCB"}
00415{"flow_id":96,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":244101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABAj4ACgYMVHBbyMCABFAAAuBZhAAEAGO4bAqAUQwKhzS9F5AbtwBKBLypn9eVAYIADSfQAAFAMDAAEB"}
00501{"flow_id":96,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":244129,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ABAj4ACgYMVHBbyMCABFAABtWB1AAEAG6MHAqAUQwKhzS9F5AbtwBKBRypn9eVAYIACxqgAAFgMDAED8EEpWqJk4r6WtGIr5vsgJsNnUnmvrFtYoejYQeOu8kyDFXZMIixibwwXGCt9sigWwD0DjmEGXkF2UN2M7Ecgb"}
@@ -646,18 +646,18 @@
00416{"flow_id":96,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":321490,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo7r1AAEAGUmbAqAUQwKhzS9F5AbtwBKSLypoBYlAQH+DihgAAtolxFcMt"}
00859{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":398464,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"ABxCjnAxTF4M6gNlCABFAAF48IhAADUGS9BE6f2FwKgFEABQ0Xh2OPC\/HrFHw4AYAB8klwAAAQEICs8eTSUaD2oWSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IFR1ZSwgMDIgQXVnIDIwMTYgMDE6NTg6NDYgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
00424{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":398523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA015FAAEAGWwvAqAUQROn9hdF4AFAesUfDdjjyA4AQEAEc7wAAAQEIChoPatnPHk0l"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00588{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":518151,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAACjAABAAEARAqHAqHcB\/\/\/\/\/94dFi4Aj\/bjAAFSEAABAAZMXgzqA2UABQAHMzAwTU5BVAAHAA82LjM1LjEgKHN0YWJsZSkACAAITWlrcm9UaWsACgAEf5YkAAALAAlBWFJKLVg2U0cADAAGUkI0NTBHAA4AAQEADwAQIAGwMAIUAQAAAAAAAAAAAQAQABNldGhlcjItbWFzdGVyLWxvY2Fs"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00607{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":518258,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"pkt":"MzMAAAABTF4M6gNlht1gAAAAAI8RAf6AAAAAAAAATl4M\/\/7qA2X\/AgAAAAAAAAAAAAAAAAABFi4WLgCPm0oAAVIRAAEABkxeDOoDZQAFAAczMDBNTkFUAAcADzYuMzUuMSAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAR\/liQAAAsACUFYUkotWDZTRwAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAE2V0aGVyMi1tYXN0ZXItbG9jYWw="}
01001{"flow_id":91,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":518736,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfUAAAQR9UfAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
01034{"flow_id":92,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":518845,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":624102,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":624153,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1kAAAER9MzAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":892,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1470104402624,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00583{"flow_id":82,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":624418,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAACl1ocAAAERLO7AqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00458{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":724346,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQADwkcU6wAjpJ6zfgAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
00430{"flow_id":100,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104402,"pkt_ts_usec":724804,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8PKn0WgOECABFAAA3H1wAAAER9MnAqAPs4AAA\/PJ1FOsAI4uZs34AAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
@@ -666,30 +666,30 @@
01021{"flow_id":92,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":29586,"pkt_caplen":510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":510,"pkt_l4_len":456,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAcgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHIeYdOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cG5wOnJvb3RkZXZpY2UNCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly9bZmU4MDo6OWJkOjgxZGQ6MmZkYzo1NzUwXToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
00808{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":29748,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNH4fAgEGAEL4Gb0AAAAAwKgFLMCoBSzAqHcBAAAAAEjSJGMxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00577{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":29956,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfjIAAAERhU7AqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00492{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00473{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":143,"flow_max_l4_data_len":143,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1470104403134,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1470104398932,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1470104397091,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1470104401187,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1470104393610,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":59461,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1470104399959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1470104400983,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1470104398832,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.64","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00481{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1470104398314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1470104395656,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1470104399854,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.100","dst_ip":"255.255.255.255","src_port":50925,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1470104402518,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e5e:cff:feea:365","dst_ip":"ff02::1","src_port":5678,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1470104401904,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1470104403134,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":134617,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow0AAAER19nAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1470104403134,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1470104403134,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
01096{"flow_id":91,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":137697,"pkt_caplen":562,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":562,"pkt_l4_len":528,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIkCfcAAAQR9P7AqAUx7\/\/\/+gdsB2wCELIPTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovLzE5Mi4xNjguNS40OToyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyDQpVU046IHV1aWQ6OTMxOTM5NWEtNGQwMy00NzUwLWJiMWItNDY2MzkzM2FiODEyOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
01131{"flow_id":92,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":137870,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAhgRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIYYQNOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpOVFM6IHNzZHA6YWxpdmUNCkxvY2F0aW9uOiBodHRwOi8vW2ZlODA6OjliZDo4MWRkOjJmZGM6NTc1MF06Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
00430{"flow_id":101,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":234152,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYzEACABFAAA2Ow8AAAER19fAqAUs4AAA\/OVOFOsAIo78hQUAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
@@ -701,9 +701,9 @@
01110{"flow_id":92,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":542057,"pkt_caplen":574,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":574,"pkt_l4_len":520,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAggRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIIordOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbnRlbnREaXJlY3Rvcnk6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
00808{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":746144,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNJZXAgEGAHs0dBEAAIAAwKgFJMCoBSTAqHcBAAAAAAAmWsJjVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQEKgioX8MMe8wtdP8AAAAA"}
00583{"flow_id":82,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104403,"pkt_ts_usec":852168,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClDVwAAAER9hnAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1470104404055,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1470104404055,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104404,"pkt_ts_usec":55376,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfbcLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgAAAAYABAAXABg="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1470104404055,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1470104404055,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
01058{"flow_id":91,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104404,"pkt_ts_usec":258276,"pkt_caplen":534,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":534,"pkt_l4_len":500,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIICfoAAAQR9RfAqAUx7\/\/\/+gdsB2wB9PpOTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
01095{"flow_id":92,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104404,"pkt_ts_usec":258391,"pkt_caplen":562,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":562,"pkt_l4_len":508,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAfwRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAH8qUJOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6TWVkaWFTZXJ2ZXI6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
00469{"flow_id":73,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104404,"pkt_ts_usec":463054,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH3kAAIARlenAqAPswKj\/\/wCJAIkAOkhKiloBEAABAAAAAAAAIEZERVBFT0ZGRkRFT0VGRkVGSEVQRkNFTEZEQ0FDQUJNAAAgAAE="}
@@ -711,7 +711,7 @@
01002{"flow_id":91,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":486949,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AQBef\/\/66LH8q\/uyCABFAAHdCfsAAAQR9UHAqAUx7\/\/\/+gdsB2wByURxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT05MDANClNlcnZlcjogTWljcm9zb2Z0LVdpbmRvd3MvMTAuMCBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOiBkMDdiNDM1ZDI5OWI0MTc4NGNhM2QyYWUyYjk1OTk0OA0KDQo="}
01035{"flow_id":92,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":487124,"pkt_caplen":519,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":519,"pkt_l4_len":465,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAdERBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAHR82ROT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
00583{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":589893,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClUIAAAAERsvXAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":129,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":794164,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"\/\/\/\/\/\/\/\/TF4MVkdPCABFAACVAABAAEARAq7AqHcC\/\/\/\/\/6sKFi4AgSnvAAHqAgABAAZMXgxWR08ABQAJSVB2NlJvdXRlAAcADzYuMzUuNCAoc3RhYmxlKQAIAAhNaWtyb1RpawAKAAQGBzYAAAsACVZTMUwtUTE4UgAMAAZSQjQ1MEcADgABAQAPABAgAbAwAhQBAAAAAAAAAAABABAAA0xBTg=="}
00469{"flow_id":73,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":998883,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH4UAAIARld3AqAPswKj\/\/wCJAIkAOkhKiloBEAABAAAAAAAAIEZERVBFT0ZGRkRFT0VGRkVGSEVQRkNFTEZEQ0FDQUJNAAAgAAE="}
00582{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104405,"pkt_ts_usec":998978,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRgAAAQRv1vAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
@@ -726,46 +726,46 @@
01074{"flow_id":91,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":514462,"pkt_caplen":546,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":546,"pkt_l4_len":512,"pkt":"AQBef\/\/66LH8q\/uyCABFAAIUCf8AAAQR9QbAqAUx7\/\/\/+gdsB2wCAPPDTk9USUZZICogSFRUUC8xLjENCkhvc3Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpOVDogdXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCk5UUzogc3NkcDphbGl2ZQ0KTG9jYXRpb246IGh0dHA6Ly8xOTIuMTY4LjUuNDk6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMg0KVVNOOiB1dWlkOjkzMTkzOTVhLTRkMDMtNDc1MC1iYjFiLTQ2NjM5MzNhYjgxMjo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9OTAwDQpTZXJ2ZXI6IE1pY3Jvc29mdC1XaW5kb3dzLzEwLjAgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogZDA3YjQzNWQyOTliNDE3ODRjYTNkMmFlMmI5NTk5NDgNCg0K"}
01111{"flow_id":92,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":514664,"pkt_caplen":574,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":574,"pkt_l4_len":520,"pkt":"MzMAAAAM6LH8q\/uyht1gAAAAAggRBP6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAAAMB2wHbAIIordOT1RJRlkgKiBIVFRQLzEuMQ0KSG9zdDogW0ZGMDI6OkNdOjE5MDANCk5UOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbnRlbnREaXJlY3Rvcnk6MQ0KTlRTOiBzc2RwOmFsaXZlDQpMb2NhdGlvbjogaHR0cDovL1tmZTgwOjo5YmQ6ODFkZDoyZmRjOjU3NTBdOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTINClVTTjogdXVpZDo5MzE5Mzk1YS00ZDAzLTQ3NTAtYmIxYi00NjYzOTMzYWI4MTI6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTkwMA0KU2VydmVyOiBNaWNyb3NvZnQtV2luZG93cy8xMC4wIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6IGQwN2I0MzVkMjk5YjQxNzg0Y2EzZDJhZTJiOTU5OTQ4DQoNCg=="}
00811{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":614297,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNOV2AgEGAF9T9vkAAAAAwKgFL8CoBS\/AqHcBAAAAAMw9gh7u4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":717230,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":967,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":717280,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LR4AAAER5cfAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1470104406717,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00472{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104406,"pkt_ts_usec":818318,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAsfJ0LBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgEaAAYABAAXABg="}
00455{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104407,"pkt_ts_usec":128408,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADzD2CHu7jht1gAAAAACARAf6AAAAAAAAA7fUkCsjAgxL\/AgAAAAAAAAAAAAAAAQAD0soU6wAgjSs9jgAAAAEAAAAAAAAGUk9fWDFDAAD\/AAE="}
00426{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104407,"pkt_ts_usec":128422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LSAAAAER5cXAqAUv4AAA\/NLKFOsAIEGyPY4AAAABAAAAAAAABlJPX1gxQwAA\/wAB"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104407,"pkt_ts_usec":686919,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":49680,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":49734,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":984,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1470104408049,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00579{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":49851,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEcAAAER2QPAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00484{"flow_id":96,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":309326,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ABxCjnAxABAj4ACgCABFAABdfPpAAEAGw\/TAqHNLwKgFEAG70XnKmgFicASki1AYAEaDwAAAFQMDADD9UAWmHPzDcyWHTMkbr+aws3s9GbGe3pjlFHCdq+YYY0\/jfjLm4gDbsSHRJ8BdNNs="}
00417{"flow_id":96,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":309379,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo31dAAEAGYczAqAUQwKhzS9F5AbtwBKSLypoBl1AQH\/7iMwAAwKgFEAAA"}
00465{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":457883,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="}
00435{"flow_id":108,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":458018,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"}
00583{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":661618,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClIwIAAAER4HPAqAUw7\/\/\/+sIlB2wAkY1JTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00839{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":662594,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1000,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00875{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104408,"pkt_ts_usec":662780,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"pkt":"MzMAAAABwKC7c+tHht1gAAAAAVERgCABsDACFAEAwqC7\/\/5z60f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRTer\/D5NdoADAoLtz60cgAbAwAhQBAMKgu\/\/+c+tHAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz60dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjUAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCofR7\/\/wAAUG9ydCAxMAAgAbAwAhQBAMKgu\/\/+c+tHQA=="}
00580{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":276706,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMT8AAAER0jHAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":378493,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOxoAAAERyGPAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":586167,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":586427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6gAAAER9IDAqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1470104409586,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00455{"flow_id":111,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":685484,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACARAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD0rIU6wAgVxmmDQAAAAEAAAAAAAAGaXNhdGFwAAABAAE="}
00427{"flow_id":112,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":685499,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAD8PKn0WgOECABFAAA0H6kAAAER9H\/AqAPs4AAA\/NrrFOsAIGYJpg0AAAABAAAAAAAABmlzYXRhcAAAAQAB"}
00584{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":686443,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQLsAAAQRv7vAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00470{"flow_id":73,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104409,"pkt_ts_usec":890343,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH6wAAIARlbbAqAPswKj\/\/wCJAIkAOqdcilsBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1470104410885,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1470104410885,"flow_last_seen":0,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02397{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104410,"pkt_ts_usec":885006,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcDK5AADMGDHZ36+tUwKgFEAG70J5BKvaX5fLLP1AQABsvzwAAgAIAAgAAAFMAAAANAABiYMcwiMXQzMiMgQcmWlJZkMqglFhQAPR2YgnQQP0K3ZKMosy0EuvkjMSi4tQS29AQN10LsmxnBTJKihm4DE3MDQwNTEwMjQAAAAD\/\/wAAAA0BAAZkbQ8Sj7Oe9PiiwBDc+0M3qnjgDK8RRxC4wMkMm6VV91C1Te+ybrzRLmHpyrK4bZavXIwADOQ6snm8v2H2p2SpH6m06PqK2eSoERX3TNfq7vb1Pveo7PONT9TnUXjkgVt2M1UumsUWGrLgq2GUvlzXvOPLaIXh2WGGxaNQtz1jFVdY+0zrpxEqy\/jQWU3QaN8euscIrVLF\/pkwWAOQct9fJHfuNC\/MfpPEwL\/1AnsUcAaC8\/sfjjx5DIP3T5+kLB\/ky5nWDGzJudLxL39BV679cN3TMGGwCiDjz8BUbsetnqmdz5nZf4AwUpqUBbDH0YbukYFxFpgWx1VK0Ft6NyauHZR77Fn6jjWPJxfrizISaNJJAw2Tqy9duTjvZ6O6coJr6d9MtTXf5qsYx+0KeK8uO221KMufGGsvUAI4YCgvPXVdW0lbCdk\/UWdvQk27qxkaA0bMmmtaoIM\/NdoPPcwHfYUfdLkSeX9aftPdhgNudr\/W5u4Rq9JCuxr+xSmkqaDqd6gSKkqRzGlbbbrcGyF7WGk\/8cG1vc2UHan62LkAAzJEJRwjhuFaCDyVcgr9Hf+VOCu\/WbKVvxixWZOd0y0FbTEIYK9xEk19sHm0uVaBKIvOw8BvnHM4ZoE15rgdy9cOuctKEI63utAOFOf2mQnsx+xGkU5azbbGL0YjiKG9XwO74XxdztUwcLqPr0\/JJmPPgPFoGSWqsm9ugxiAf+6FK5eJomztrl11jHLqcqmSu0amZJ2vzsr+HQ1yaBS8xhtHAlRjYL9oIKpApKM94hPIcq8aaGJEtzamTcDbtBQ1sMPcUE+yUtiBPrlnO9Nwt\/CiYfwjXLhAc57Nmo6vBWzUjss7w\/7Wb9k3zYdX1OxZgy1kvrBuG2WVHzF+IQ9Fq\/pk0IvbsQWQO2qMcnqAwwXAN5zFvFMTcfpV\/GRa6Cvc8ELP86S69D9ZpljWsaAmgFvinMLKj5eAujG5SXpnROjWsWKDhRiTv5p7M\/QvQ5PgsvnxYxwzTtmPmwT4v+9UIamloL6aH4y9ceyGZvFPH\/jOWhlPoGpWSmL8FxzRX8I0ZOH5h7GitpswaZPQenRLegoX\/pJNP3pcJ4kvc\/7oBU9eKhNCbKNIMLr0J2sgbcuo5DzP6xW+1KJlTpJay9bl5Pl0VPdVfr53CYdTOnDLEPtQAs8TDIA8+qWO4m2hTbvXTydzx3h6dgKZjr70r80ubfEhXRuxkxseun6pvNvpxyma0gxSfUYbMbRpJsPfd1POQDYxd1WsmLeynpzweBtMB4CyWpE7em97ncQfT+1jYPiU4C8h442mV+2iNebysC3+tj1kSc3iredU54VVSYsYiDJCTKDt1B72wPesWWs8H1oh07d+p8n6q\/HM+0on3oN8mliBSXdA4qo8xl+PnHCuSiNIcO9F46tn+Si8KqAsE1CoyxalnbQ2XoJdnf\/XNWrUBFQvGpTm8cA2xt6y\/B14Mse3ha6wLlYiZQnR\/q6to9f77axqkMdPEZxW8P1dQkKPv6RSZjX5So+geIVQBTjCtJ438tTlN+BBHx3i57FI5d8+OwESi4EeyLHH\/WufGNcvXF2wAiF6MIh3TqZipTbK\/sfxI05ZUV2K0zFjDFs3q+4O\/gCdO\/GR8NpL14qmcLw4hj2DUzElDJ7z58du\/sTLY9PL12tg2\/g4c+maPg6xMQhEEJZZ2fr0StLQ4dC8yRSCQ5AlLS4oj7J42WuPepbvvAkbIdKlT+5AXzJDvxJIA\/K5zy\/vGwU1kziWNYRVpFmlobTG1I2P3poiceReoPCxgxmEbNKxlIyxGeOkbT03xrhCy3M="}
00784{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104410,"pkt_ts_usec":885806,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"pkt":"ABxCjnAxTF4M6gNlCABFAAE7DK9AADMGERZ36+tUwKgFEAG70J5BKvxL5fLLP1AYABuy+gAAjZPukZZc5XVgQ9kkDb42wAG2R4wZPZK09D+mhXOPeysHqbaxc2ukLB7O\/ZQd+BiMnHFH7zgcREAoK8LsJtF9H0HTuFW4zAQpKNlDl6pGtEpiOY1HdxQ1Bv0HkLtvfY7Kkq4QCv1lSYlKLAPMR+Oc9r2t96JVS9ceghm\/Wm9DKfghBx740ADnGdTcU2OF\/8x6UPEOuW6wwYjs3Pb+yZn6sRfXdwloMkU3kuWbA\/HnEcEyg9N63JYWRugH0gCb7wJDNCrha78dJpq+nOGbkegYKzSRi8MebnxJxxwLRQs3jpRKSRVmH0ihWT6Ua9H97Rj8GCDKcrs8+ASvsIB+r3MFWznlQzQS834owopgMgpZRwgoXAU="}
00418{"flow_id":113,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104410,"pkt_ts_usec":885838,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"TF4M6gNlYMVHBbyMCABFAAAoSVVAAEAGyILAqAUQd+vrVNCeAbvl8ss\/QSr9XlAQHmimXgAAAAAAAAAA"}
@@ -779,49 +779,49 @@
00449{"flow_id":113,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104410,"pkt_ts_usec":918036,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"TF4M6gNlYMVHBbyMCABFAABDVa9AAEAGvA3AqAUQd+vrVNCeAbvl8ss\/QSsKR1AYHgHwqQAAgAIAAQAAABMAAAAhAAAAAIAAGtSOAwAAAP\/\/"}
00417{"flow_id":113,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":11996,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoDLRAADMGEiR36+tUwKgFEAG70J5BKwpH5fLLWlAQABu3pwAAAAAAAAAA"}
00491{"flow_id":113,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":12034,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"TF4M6gNlYMVHBbyMCABFAABkkeNAAEAGf7jAqAUQd+vrVNCeAbvl8staQSsKR1AYHgFx8gAAAAAAIQEAADSSwYwkgMY9zM2PtcAtvoZJ2QGUh+Rew7DZ+k4l058gYoy1DfnXM2lKDG4gHxzchk60DoC2"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1043,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00836{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":18970,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00418{"flow_id":113,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":114941,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoDLVAADMGEiN36+tUwKgFEAG70J5BKwpH5fLLllAQABu3awAAAAAAAAAA"}
00581{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":121932,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEgAAAER2QLAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1470104411327,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1470104411327,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":327542,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7YAAAERvzfAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1470104411327,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1470104411327,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00582{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":327607,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFUAAAER7y\/AqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00431{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104411,"pkt_ts_usec":735820,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8CJ4BzeuNCABFAAA2U7cAAAERvzbAqAUl4AAA\/NTqFOsAIqEiFTIAAAABAAAAAAAACG5vdGVib29rAAD\/AAE="}
00580{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":246763,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMUAAAAER0jDAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00812{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":350549,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNP8ZAgEGAFHQRwUAAAAAwKgFMcCoBTHAqHcBAAAAAOix\/Kv7sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00580{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":450120,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOxwAAAERyGHAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00585{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":552564,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCgMAAAQR9nHAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":556037,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1066,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":556263,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeQAAAERmPbAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1067,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1470104412556,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00471{"flow_id":73,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":860139,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH8MAAIARlZ\/AqAPswKj\/\/wCJAIkAOqdYil8BEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00471{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":962283,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"pkt":"MzMAAQAD6LH8q\/uyht1gAAAAACkRAf6AAAAAAAAACb2B3S\/cV1D\/AgAAAAAAAAAAAAAAAQAD\/DgU6wAp0RQMEAAAAAEAAAAAAAAPY2Flc2FyLXRoaW5rcGFkAAD\/AAE="}
00440{"flow_id":117,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104412,"pkt_ts_usec":962345,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AQBeAAD86LH8q\/uyCABFAAA9eeYAAAERmPTAqAUx4AAA\/Pw4FOsAKTqNDBAAAAABAAAAAAAAD2NhZXNhci10aGlua3BhZAAA\/wAB"}
-00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":129,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":129,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b030:214:100:c2a0:bbff:fe73:eb47","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1470104405794,"flow_last_seen":0,"flow_min_l4_payload_len":121,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1470104411018,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1470104407686,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1074,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1470104408662,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":73,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104413,"pkt_ts_usec":679009,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH8cAAIARlZvAqAPswKj\/\/wCJAIkAOqdYil8BEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104413,"pkt_ts_usec":679149,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/SNIkYwreCABFAAFIfjcAAEARNZ3AqAUp\/\/\/\/\/wBEAEMBNOoXAQEGAAJEmkEAAIAAwKgFKQAAAAAAAAAAAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEIPQcBSNIkYwreDAhrZXZpbi1QQzwITVNGVCA1LjA3DQEPAwYsLi8fIXn5K\/z\/AAAAAAAAAAAAAAAA"}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252"}}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,121,249,43,252"}}
00811{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104413,"pkt_ts_usec":679193,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNOp7AgEGAAJEmkEAAIAAwKgFKQAAAADAqHcBAAAAAEjSJGMK3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBAQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00797{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104413,"pkt_ts_usec":815837,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TF4M6gNlYMVHBbyMCABFAAFIqYMAAEAR0r\/AqAUQwKh3AQBEAEMBNFvwAQEGABeXwM0AAAAAwKgFEAAAAAAAAAAAAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwkBAwYPd1\/8LC45AgXcPQcBYMVHBbyMMwQAdqcADAtNYWNCb29rLUFpcv8AAAAAAAAAAAAAAAAA"}
00798{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104413,"pkt_ts_usec":817995,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"ABxCjnAxTF4M6gNlCABFAAFIAAAAABARrEPAqHcBwKgFEABDAEQBNHbNAgEGABeXwM0AAAAAwKgFEMCoBRDAqHcBAAAAAGDFRwW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
00580{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":89034,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEkAAAER2QHAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1470104414296,"flow_last_seen":0,"flow_tot_l4_data_len":1125,"flow_min_l4_data_len":1125,"flow_max_l4_data_len":1125,"flow_avg_l4_data_len":1125,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1470104414296,"flow_last_seen":0,"flow_min_l4_payload_len":1093,"flow_max_l4_payload_len":1093,"flow_tot_l4_payload_len":1093,"flow_avg_l4_payload_len":1093,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01905{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":296205,"pkt_caplen":1159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1159,"pkt_l4_len":1125,"pkt":"TF4M6gNlYMVHBbyMCABFAAR5Xv9AAEAGm5bAqAUQHw1XJNFMAbv8UmzuBJ2iMIAYEABHkgAAAQEIChoPmUJf7iUmFwMDBEAsTuFq8CapSbqPXvcdxKrSs42tBtoxpkpEhbC8nI\/Z9Ti9iLIQZa5j5LW58IaLnxvFb3pZI+B1RxFJh1MX7hfwSESpGA\/xdeEaXYqNDQOsIrAzCG5XHIwlKsfFfn\/8RQrusMspya+fP6t\/Zg2Y6qSh9wcmn8mXJja+baLib9aevB6ce5XBs3a64vsRCgFs5NXASh55KEqD8yMaqdrRhlWFE6xGr6+SpmMLlVUwh48nOg1sBDe\/WYgSpLNk63+28tyTAwCIcOk3y10vOsyt7ZjgvztDnWOLtsn7\/6kMi3u2RdUB7eGGzM2NovPfgy\/qKgW2LAn44liW9WewObR4bp+dPFEvC0Y3+SW5bib2uvhBosFVLRK5YrZcwALZJXqqXhrrs6bu\/ljawzwGUMfLGQ2WSbwafdg9dJ73rdMEF1vEvfkETGUyJeWyPgg2G2DdxVtAlhAOni2Cb6JW3jV3kUvfm9gPSADxqT1QqjMQAvLuAsUt5WChMz4yp18RafOK\/1ZUrwxEzqELsHqkpHQf4ILnKSgg5+kGWAcGpm5BV27qLCy+WyMYEnVR9nevFTvw2OV3haLNTqpyfd4K7vOAMw+dbscVa9MHAeqcd7IQnXV8FbWdFXkC4wCM4E8hTvbfJf2QumZQ2fXLtiYd3sw8qoFpqMjmllDchFzska7DS7GVif4h6CnDNlZ4V+i1Eng9ELpwqlbXjyiEgMAhv7fPmI8e61K\/2gGY8OMdxcNsyD40PLGc9n2gJgcjUdhv3yk5lS0wyxma1JJ1Pa0sEMzvHL8CT6BpEzwkMJEMkciKtJ6VsJyummJhpN5MU9bS0CfSvwU0ARZvT+jD4m9Xd2enHnLuDwg4KR5SAhfN1vXfVfNlzPARDhSaBSDDpj8POKqEg5amwWHcBAQbXCOcOftYxPyyUfYlmBS91ssyfM9KHAYAPjuptOjnLxGz2x9TbNHcI4nTKruVWTV9ktQaEfrdpb\/HDqnCQBNGReenZ\/zWZ\/GfJml4Cm+qteZq9C64lEHb9+XokUZOr8X2s3gyZpMYfRa5jmhmO9xmHg7WJrK4eIDuKfpKwBJ058yTVyD7l0KDSW9GneGAGkjet6prc4idVI6G79csJZdQxaibq52QgAy0phRLTPkicoq0gLlZcIZm+Mml46cJhhEv0H26dA+KCoM5R5DwKEyBjuFs1QF3Y4+SDB+bc1Wt792AR8qtKWp6gbS96vJnCeIhTEA3KFLfapTzgvIE4vSB7KreGQj+tnmHbTp1DHeV+7y4PmFv5on7p4A6CEwD6f6fjePEHDfs2g0EYheGp2VL2NvXgnD2ikpgTUWxxOX40I6u2o6OTbP2RNpQ9m8KCHjwUMiisO3DyvkoNm8lZ6ZPWkev9k5y7txVdM8LiyyQoSG929RxmQGshqjjCdAsjAk+bbGLy98uGf3QTIpvsX0AlZ7fP\/qiRzGtQg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1470104414296,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1470104414296,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":296334,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ABAj4ACgYMVHBbyMCABFAABAzwZAAEAGcgXAqAUQwKhzS9F6Abs0INrqAAAAALAC\/\/+nvgAAAgQFtAEDAwUBAQgKGg+ZQgAAAAAEAgAA"}
01362{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":296891,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":759,"pkt_l4_len":725,"pkt":"TF4M6gNlYMVHBbyMCABFAALpkqNAAEAGaYLAqAUQHw1XJNFMAbv8UnEzBJ2iMIAYEABq4wAAAQEIChoPmUJf7iUmFwMDArD5LAelFwFlufuyco4s\/\/Qvv+UsF7KG3W2aXVv9903LV87nxtNAIzAtPlUtxAIPT+QYQYOyjbvxtQ+Q3w2BeXCdTeBc2Vvhlyi2kFxwf1jLqB8jaDJwivP\/xGW9s5xZd+K0vcco68WAGVVhFXALDf8rp7nos7l2c3eCb9+ciqE2R8G8Pf4MZ5pCC83zl7gfBWwkh4JHUeVVNouVvCgmUz7pPOU27GiOZYmbf0iAqd6+kgzDqsVjJGMyvKT\/fOgiH+fRlxhK8fgLFTMvUw6JGt\/UsaYL4RE69L+mCP1NuNnyVxeorLPVKIVZ13X2miaLYk2DWr9BibPpp3QKFrWmy8E3NKq4Ls+dcN8upVmfmDj7xZcV58HYFhdLrgO56pzKogay7LJ\/Pef6DyPMYVTwySpdKas1Aq+IzlVKtxcR8k6I3pw5YMLWtutrLSrH5ABSNgfMJjpr7KO2g8MPyxfJHjp2vDiI+ruSCa4CqxUVcHS+ZRTOUS6b9R2wmUCu6Y6KCOkMK6zLaxdsVh2SuDnapzRD7fveixQuUMvdOAMX7X4K41IkMkOElwsydkORTyAInVQi4oBSOBugr0DMtesGCV044xeQCLnW8sd4RkMZjJZ4QhcfoxPlJX+f43AY0PNflsTA9yNhamZf4IabRxMggb\/lds0+jUTPyPfEWIc3bobDla0SyHhLFLXgk1Ee+Oe4AxYayqQxnLn\/4p\/VoNfV4WOaHdYeCMPZ3SK54BPrr3dXSTfyhV2DUhdJ\/67K7IkFW2cC4kKBJWWCDD28cyiCT6LF9mykZ0ExSXEgjBCLfnxWyJ4aekEg78E+rUf7kdSBDRTW3tDoKcMJPCumkIQ5L3nUbGzQ3I0QnDhkpOFdM4JoimsOVpik4zef5xLCds4Ul8v94jeMaHT0fOcIvOZn5GhO"}
00425{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":301526,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70XokV4DmNCDa64ASFtDXBQAAAgQFtAEBBAIBAwMH"}
@@ -830,10 +830,10 @@
00417{"flow_id":120,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":301595,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAohwxAAEAGuhfAqAUQwKhzS9F6Abs0INrrJFeA51AQIAAOqAAAIEVKRkRF"}
00426{"flow_id":119,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":301849,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0CgdAAEAG9NPAqAUQHw1XJNFMAbv8UnPoBJ2idYAQD\/0aVAAAAQEIChoPmUdf7xLn"}
00707{"flow_id":120,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":302554,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"ABAj4ACgYMVHBbyMCABFAAEBACxAAEAGQB\/AqAUQwKhzS9F6Abs0INrrJFeA51AYIAB90wAAFgMBANQBAADQAwNXoANfjIqHDy9QXUEag4gt5xMipN2TtjnqDApBJHZnuSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA9AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="}
-00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":20,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1099,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_first_seen":1470104414296,"flow_last_seen":1470104414302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00417{"flow_id":120,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":303590,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBANAAEAGPSHAqHNLwKgFEAG70XokV4DnNCDbxFAQADYtmQAAAAAAAAAA"}
00633{"flow_id":120,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":305856,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"ABxCjnAxABAj4ACgCABFAADJBARAAEAGPH\/AqHNLwKgFEAG70XokV4DnNCDbxFAYADaQHAAAFgMDAFECAABNAwP\/SkCYRaSQV0S20m\/rHGnUOyjdt0oR0LdUuhsR9UivBCBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eAAvAAAF\/wEAAQAUAwMAAQEWAwMAQLfH4HL\/jK5VPe6tMGNhzqQ2T7h4g2WtI6lJyHpPbfwvnM0Bz8GDvaRpOikykLL9aarYlnM2DgJkMroupoJDVZo="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":20,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1101,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1470104414296,"flow_last_seen":1470104414305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":378,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"799135475da362592a4be9199d258726","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00418{"flow_id":120,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":305902,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAonnxAAEAGoqfAqAUQwKhzS9F6Abs0INvEJFeBiFAQH\/oNNAAAVFRQLzEu"}
00417{"flow_id":120,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":306111,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABAj4ACgYMVHBbyMCABFAAAukWVAAEAGr7jAqAUQwKhzS9F6Abs0INvEJFeBiFAYIAD1GwAAFAMDAAEB"}
00504{"flow_id":120,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":306141,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ABAj4ACgYMVHBbyMCABFAABtTURAAEAG85rAqAUQwKhzS9F6Abs0INvKJFeBiFAYIAA2uAAAFgMDAECbKkLC7CRaXPZNslPbrgwXbyswQI3WFobPWFZwufy3sn\/6rVOKJKb8qWZlEZF9KXP0GhMAIWWDzfqvPxgRanAO"}
@@ -843,24 +843,24 @@
01765{"flow_id":120,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":359120,"pkt_caplen":1051,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1051,"pkt_l4_len":1017,"pkt":"ABAj4ACgYMVHBbyMCABFAAQNDUFAAEAGL\/7AqAUQwKhzS9F6Abs0INwPJFeBiFAYIABBQgAAFwMDA+DdyOqy0YUJ6lUDAECJsqxUxh1HQFpb+WM5GmiLBnJo0s4kVSb\/p9dyE17bgpaPoK8rfeRPzRGHJZt6ihexnuSjED3x2khAakbXM4nDu1azXc8lpFkY\/dYuW0uOG1vuhsdZ4AWaZRRHHX8EDFR8x2jNFr3j86YNaQoYJTguixenFtY2IBIMZuKOrTv9D\/WH9C2ZA5Z9u1ymEwCtZeT6S1koFSd2wby8yGtunQysR8f\/oBKuPIC3bLz2YtQKfy0o+lEHrJzoDS5wLZ8amYqTsQ7nI5JWm25MtABA6pRH35L6zMTWbqDb66wTkpSdVPZcczxhfLdY1Wm7bb+cUeMyU2fofRDSK\/AdEB3ar41S8nvWNvR0XgxIAPIKK2SI2GukfREUhFA58uT6aaLg8cZBpRiwHWv8oak5tcZE1jAYuQQnzknPOpYwVnEwwltzwh2S7qltW1yzhAWUx\/7w5Im\/yUGgUAQKEM65n+I731ZEkkQxINGCyvmCDEOBzHUPtkmDhPE7yRDME3+O8d8KM7W3qO31ipgzIAgzOGGCcxaVmB+jde8CpXmSR+wxiZHMA+amNobf3iFjCVSeTzPCuh2l14Xh8O+LkMXcbQ0578KcAhhmHloQrtceTQBi6AbKbDIskj0tbB5jt+K56BN7oZcnOZa+hjD8mpNhkzYAjD5r5XE9gM0Wrb7U7xBqpxWmiI63PNK\/hlXZvQxcsWeLXgLRFpKOH\/NDkfInyH\/zIecVfJLjfIkYYDWXGdqJByvUL5AIi+1Ryadd\/zMTKhK7hDL4FldMHE\/7cqLe9QRZPWKP8DeKK7YgGQAqOYmiGtVBwhfCc2Ytgo\/Ti8tGvGgGFj\/5r9Qcocyl+aGqls2KceDKzu5Uya+mU5uLAi0djD6Pwlrljv7ELCak1USaVEd7VvOFJmuGX3xQt3M3Bs3uMGq1leJxXigSk4MlkUFOcS+34DqaUbt59KQr4TBvcPQQH79rGSIDinAPY5bagpJaLG7ig0fsDtAM2h0zNhtN6uHhCWYAwMpJL+hwMd17AKsLkpsvmfC\/6AJxubK3xURGJVAXNkKKBjVMzdq+XVBCQSV6JlXaEL7TLjo6F\/+DG2bEtxcNU+UqAsmR8n9IIokiTBEk0+3NzsdRheekzSxs7grfqfTQ1r7rsu4WWTATYDJIv1QN1Ro94HQaIHujsosfIpvFA8lafSNyLWiShBkTZJbJ0HNgEsdCpzanC0fEVKd5AqlrA1tuEFhlmeR5DLx0hrJuUE4HC34FEXMcXztq3ICxBGAwTgfKYmKIe9jwIbFT3LkyYLYCVcLEOn6Oj18nch5jiOWYbg=="}
01205{"flow_id":120,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":381027,"pkt_caplen":639,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":639,"pkt_l4_len":605,"pkt":"ABxCjnAxABAj4ACgCABFAAJxBAZAAEAGOtXAqHNLwKgFEAG70XokV4GINCDf9FAYAEbK5QAAFwMDAXAVgJ9VvcouvH0Ppc\/i4Ut2OeXS01bRS2y8KkU+eXEjEltpmkhLxFowBzXFGr+\/uElnc8Kd4X6LW\/z4mHhGx149NaEE7809GANuSmWZMWUCGjEzPzEnsNDpCS6qbpZDSQ2fvWF2KPoIdKbTUD1V0PdPwpFUe6LuAmIgaVg3HhsXhEft7ZVjVIwzSys622xsBCg8Vw7O1SBOsPHwsMnpI1vvtqeeV5XinjcFKlMwlL\/WYaM4K018GgyOdezkI5dO9mw16oP5OyrFRv9ZRYnUX08onqrsXbFPrbZ8VXUzB1b6rDcILUmPIJhpH+eFEhdgKc5QrxETnK1m71tn3mwE0i\/3TZyvpwBQM0dfWBm0gepZC87DF5\/f5y\/tuJskthRedvXxo\/97PtRF8n0Eznh7B0x5z6tvBIg4bN7TPRSBVqNJxVr1hOpQPFWsu5TV2+zHgKDocotQE8CdQ0KkUJGg52fV0+AfkC\/3vTvTLA3EupCq1hcDAwAwfRGiNXUZlVof50LkQgiqeBQE2N77Tf9cuGPcn9cmKt8ezAa7NhafNIFB6g\/0wd18FwMDADByW8+YVB8UgIiPgFetMgS0lbz8Y5Igf9MTBSH4fXhKlazLWuG4IEKMvR94sTpuPHoXAwMAMHWSve1S+hgCyLjH94+51x5CCQAu8kqgnMCf9vKh5tjugT+x\/mQZ239YH3pBWIX\/HxcDAwAwIBz6NiNqVoHJvGg+rSflUC8+ic1CFuU7fPMZ2+BtTGMfx6uWnDcyG9rbi+gKBeto"}
00419{"flow_id":120,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":381082,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo1GZAAEAGbL3AqAUQwKhzS9F6Abs0IN\/0JFeD0VAQH+0GyAAAAAfQAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1470104414395,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1470104414395,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":395988,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"TF4M6gNlYMVHBbyMCABFAABL64oAAP8RYP7AqAUQqF8BAfeMADUAN6RcbYwBAAABAAAAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAE="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1470104414395,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1470104414395,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00729{"flow_id":121,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":402314,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"ABxCjnAxTF4M6gNlCABFAAET0UQAAPgRgXyoXwEBwKgFEAA194wA\/yfZbYyBgAABAAYAAAAABmRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwAAABAAHADAAFAAEAAUxDAC0GZGwtb2JzCG9mZmljaWFsBGxpbmUFbmF2ZXICanAJZWRnZXN1aXRlA25ldADAOwAFAAEAAACwADUKY2FjLWRsLW9icwhvZmZpY2lhbARsaW5lBW5hdmVyAmpwCWxpbmUtemVybwZha2FkbnPAY8B0AAUAAQAAAQAAEgVhMTg2NwJnMgZha2FtYWnAY8C1AAEAAQAAAAUABMtFUUnAtQABAAEAAAAFAATLRVFCwLUAAQABAAAABQAEPdw+2g=="}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":55,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1470104414404,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1112,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dl-obs.official.line.naver.jp","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.69.81.73"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1470104414404,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":404078,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"TF4M6gNlYMVHBbyMCABFAABA+kNAAEAGXi3AqAUQy0VRSdF7AFCoMQrOAAAAALAC\/\/8cMAAAAgQFtAEDAwUBAQgKGg+ZqwAAAAAEAgAA"}
00418{"flow_id":113,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":404710,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAoDLZAADMGEiJ36+tUwKgFEAG70J5BKwpH5fLMOlAQAB62xAAAAAAAAAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1470104414404,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1470104414404,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":404981,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"TF4M6gNlYMVHBbyMCABFAABAQJ1AAEAGF9TAqAUQy0VRSdF8AFD2CJDQAAAAALAC\/\/9IVAAAAgQFtAEDAwUBAQgKGg+ZrAAAAAAEAgAA"}
00438{"flow_id":122,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":407420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xu\/8FK8qDEKz6AScSAwjAAAAgQFtAQCCAobhF1GGg+ZqwEDAwU="}
00426{"flow_id":122,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":407471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0pGZAAEAGtBbAqAUQy0VRSdF7AFCoMQrPv\/BSvYAQEBXAXgAAAQEIChoPma4bhF1G"}
00437{"flow_id":123,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":407965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABxCjnAxTF4M6gNlCABFAAA8AABAADsGXXXLRVFJwKgFEABQ0Xzxz9ee9giQ0aAScSCl7QAAAgQFtAQCCAobhF1HGg+ZrAEDAwU="}
00426{"flow_id":123,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":407997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0fmZAAEAG2hbAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AQEBU1wQAAAQEIChoPma4bhF1H"}
00789{"flow_id":123,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":408704,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"TF4M6gNlYMVHBbyMCABFAAFAl1xAAEAGwBTAqAUQy0VRSdF8AFD2CJDR8c\/Xn4AYEBWl1AAAAQEIChoPma8bhF1HR0VUIC9yL3RhbGsvbS80Njk3NzE2OTcxNTAwL3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_tot_l4_data_len":416,"flow_min_l4_data_len":32,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716971500\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00789{"flow_id":122,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":408737,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"TF4M6gNlYMVHBbyMCABFAAFATvVAAEAGCHzAqAUQy0VRSdF7AFCoMQrPv\/BSvYAYEBUpZwAAAQEIChoPma8bhF1GR0VUIC9yL3RhbGsvbS80Njk3NzE2OTU0Njg4L3ByZXZpZXcgSFRUUC8xLjENCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDANCkhvc3Q6IGRsLW9icy5vZmZpY2lhbC5saW5lLm5hdmVyLmpwDQpVc2VyLUFnZW50OiBERVNLVE9QOk1BQzoxMC4xMC41LVlPU0VNSVRFKDQuNy4yKQ0KWC1MaW5lLUFwcGxpY2F0aW9uOiBERVNLVE9QTUFDCTQuNy4yCU1BQwkxMC4xMC41LVlPU0VNSVRFDQoNCg=="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_tot_l4_data_len":416,"flow_min_l4_data_len":32,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_first_seen":1470104414404,"flow_last_seen":1470104414408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"dl-obs.official.line.naver.jp","url":"dl-obs.official.line.naver.jp\/r\/talk\/m\/4697716954688\/preview","code":0,"content_type":"","user_agent":"DESKTOP:MAC:10.10.5-YOSEMITE(4.7.2)"}}
00425{"flow_id":123,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":414084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0itRAADsG0qjLRVFJwKgFEABQ0Xzxz9ef9giR3YAQA6tBGgAAAQEIChuEXUsaD5mv"}
00427{"flow_id":122,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":415614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0D\/ZAADsGTYfLRVFJwKgFEABQ0Xu\/8FK9qDEL24AQA6vLtgAAAQEIChuEXUsaD5mv"}
02384{"flow_id":123,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104414,"pkt_ts_usec":418773,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABxCjnAxTF4M6gNlCABFAAXcitVAADsGzP\/LRVFJwKgFEABQ0Xzxz9ef9giR3YAQA6vQ\/AAAAQEIChuEXUsaD5mvSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiA3NTQyDQpFeHBpcmVzOiBTdW4sIDI5IEphbiAyMDE3IDAyOjEyOjI4IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMDM2ODAwMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMDIgQXVnIDIwMTYgMDI6MTI6MjggR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLUxpbmUtSFRUUCxYLUxTLHgtb2JzLW9pZCx4LW9icy1oYXNoDQpYLUNvbnRlbnQtVHlwZS1PcHRpb25zOiBub3NuaWZmDQpEYXRlOiBUdWUsIDAyIEF1ZyAyMDE2IDAyOjIwOjE1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQr\/2P\/gABBKRklGAAEBAAABAAEAAP\/bAEMAGxIUFxQRGxcWFx4cGyAoQisoJSUoUTo9MEJgVWVkX1VdW2p4mYFqcZBzW12FtYaQnqOrratngLzJuqbHmairpP\/bAEMBHB4eKCMoTisrTqRuXW6kpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpP\/AABEIAKABAAMBIgACEQEDEQH\/xAAaAAACAwEBAAAAAAAAAAAAAAADBAECBQYA\/8QAPxAAAgECBAMFBQYFAgYDAAAAAQIDABEEEiExBUFREyJhcZEUMoGh0SNCUrHB8BVTYpLhQ3IGM1SCwvE0g9L\/xAAZAQADAQEBAAAAAAAAAAAAAAAAAQIDBAX\/xAAoEQACAgICAwEAAQMFAAAAAAAAAQIRAxIhMQQTUUFhFHGRgaHB8PH\/2gAMAwEAAhEDEQA\/AEAKkCrAVLXUXFdcpKKtnHCDySUF2yAKsFqgl20051dXU6HQ1ms0Hwb5PDzQV1f9uSbVJFhcmwq4WlWuGIO9GXI4LhC8Txl5Ddyqg2dBzJ+FXWzC4pWmcKQyW5ioxZXN0zbzPEhhgpQ\/3LhanLTOFw4mL5myqo1PjUQxxSyNGJdb2VraGtHmgm0\/zs87STp\/QGWvZaZGHft+yflq1jy6ijDAq1yspykXU2vUT8rFDtjjinLpGflr2Wmp4FhwyTFmGY2IYWoj4RUiVzJlNhnvrlNP+px0nffH+A9U\/gllqwSnJMKkaBjKAF0djqAf2aEqgnQg+VVjzQyK4ilCUewYjoqReFGjS9HWKqcioxsWEWtW7O+hFMSGOBA0hIBNhZSSdL7DwBqjT4UAk4mAAG1zIBb92NRsa6MXaLwoLRWp5WjkLCORHKmxysDbzpbt4XvZjoQNVI3OUfOqUjOURVkqhWmJWiAuZYwPFh4\/Q+lClKpbNfU2FgTrWiZk0wRFetUdvERfMbWze6duvlXu1jIDZjZtjlO3Xy1FPZBT+FhRYDd7daUGKhZgqsSSbe6etqtHioxIMrahgLfG1GyrspKS\/DQbQC9BdrnqKsZleTKFe9gdV5cvypYYqKRlVQ3evYkWBpJo0aYQlSedulCL2bwqSd6oa0MzwFDnsqi4060wFoWLiaSAhLZgb61z5FcWkb4JqGRSYsHBIA3OlWUZiQupoK4ecEMMvzomHixCMrAnfvDwrljjp8npZfKUk9Xz\/wB\/8H0Byi+9JYs5J2XXUXAHOtIC4BocuGWWRZLd5dL+FdOSO6o83BleGTaMkykPYg36Dem8A7iVkkQgHYk7eFN+xxZ8wUC+9hvRhEq7KKiGPV2Xl8h5FTQWGaOOJxKLqoLBbaMfHxq6wrw3BzOt3ZmuDbbpfyo="}
@@ -889,12 +889,12 @@
00581{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104415,"pkt_ts_usec":421267,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOx4AAAERyF\/AqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00584{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104415,"pkt_ts_usec":729545,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6zD2CHu7jCABFAAClQL0AAAQRv7nAqAUv7\/\/\/+utrB2wAkWQETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00812{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104416,"pkt_ts_usec":751443,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/TF4M6gNlCABFAAFIAAAAABARcfzAqHcB\/\/\/\/\/wBDAEQBNFupAgEGAI6VUSoAAAAAwKgFCcCoBQnAqHcBAAAAAHDxofgq\/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqHcBMwQAAAA8AQT\/\/wAAAwTAqHcBBhCoXwEBCAgICKhfwAEICAQE\/wAAAAAAAAAAAAAAAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104416,"pkt_ts_usec":855491,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2UAAAERi4vAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1171,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104416,"pkt_ts_usec":855715,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxAAAAERB\/nAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1470104416855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00432{"flow_id":124,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104416,"pkt_ts_usec":958909,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8uKxvwfbSCABFAAA3J2cAAAERi4nAqGUh4AAA\/PVmFOsAI\/xOWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00432{"flow_id":125,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104416,"pkt_ts_usec":959044,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8cPGh+Cr9CABFAAA3CxIAAAERB\/fAqAUJ4AAA\/PVmFOsAI1xnWbQAAAABAAAAAAAACUpvYW5uYS1QQwAA\/wAB"}
00579{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104417,"pkt_ts_usec":62567,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ2gAAAERfCDAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
@@ -904,7 +904,7 @@
00580{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104418,"pkt_ts_usec":393074,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOx8AAAERyF7AqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00586{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104418,"pkt_ts_usec":493818,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCgUAAAQR9m\/AqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00473{"flow_id":102,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104418,"pkt_ts_usec":595853,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQACvO57DLPeht1gAAAAACwRAf6AAAAAAAAAvu57\/\/4Ms97\/AgAAAAAAAAAAAAAAAQACAiICIwAseAoLBzLAAAEADgABAAEa5zhrJpdxkWmjAAgAAgWtAAYABAAXABg="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1470104419061,"flow_last_seen":0,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1470104419061,"flow_last_seen":0,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00565{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104419,"pkt_ts_usec":61215,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"ABxCjnAxTF4M6gNlCABFAACZI1ZAAFgGw0IfDVcBwKgFEAG70UpuASLeX6ylxYAYAJ4ivgAAAQEICp0wiHcaDujhFwMDAGCI1MTiGjgHtvACFdJlLWU4Nw2FMu4PdWcz\/2qZKGCdERXjWW+\/VFKnsNQj6agVS5OakWCEMlC4HzCUNHzoAeDAfMWTlTRJFP0wq7r0D4aYTL9j7QTQTC0wsTFBdRQvfIs="}
00426{"flow_id":126,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104419,"pkt_ts_usec":61264,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0qwZAAEAGU\/fAqAUQHw1XAdFKAbtfrKXFbgEjQ4AQD\/zVtQAAAQEIChoPq9GdMIh3"}
01993{"flow_id":126,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104419,"pkt_ts_usec":103565,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"pkt":"TF4M6gNlYMVHBbyMCABFAAS5ltxAAEAGY5zAqAUQHw1XAdFKAbtfrKXFbgEjQ4AYEACgIgAAAQEIChoPq\/udMIh3FwMDBIB0Q7hbcg3gGVYTMrb0Tw1ukR9UWDAVBAtnbbvKcZJuPb4APoiSa8Bqy8MZbEZYSbOXsH6FRBiOXgQXR63aPZc\/hbpffrKKNOrKdGE28RcTBjPmf5KXRAiotID0urgwFwaynRtP+jd28hq9wG7na42EI3czkeebegJ7Hfqlh5eZl4Vnp3HXS2vj3pkfDjxrZNE1RoOaEkc+zGmnNTU0pYUiN9oTvOxyCvhMy7fmLDw2wNiIlnohv3qHV8HD46rBGW31Av40VD\/q5qbqM\/qLmRKpL9p4844aHi0K6ueq0ZT6TMs6WDgIPrhbY3XHMcMOatt\/ady86wYTLrgpENkDcutzNwuaAPbT+EcTuorA74M2F\/nruolPShszJ2UqNq\/Kb53\/C73zGS79aq0H4GQVpGLbiCEPEKZelcdnRDWAFlFD1De4jjpnV6eSGf0bsjdHkkSXOtKgo9fVDPltH7d4AfIVmOrYXnB4XaFQ7sqjoXmFP04T\/UZ9alTbXHhky07Nt8ZpZ+IsF6Mw7DMnQdlgdIAyTuc7JHD\/Ok90niXYhq4NzT+82L50EtJnB33J3Hke7h3o3sgTaNpQXdNfC2YJvtxEi753mIKXu+MBZEwy9ZPQaN73qXC\/OuiBukllab3YR64oWLHBb9R9Cob1usnX3xEd01XJDB4TsRXGV\/R4o29fk4M2bIFdhCdZZxbrlSOnlAJcyXFDgvxxi2r1OxtCdDnw2p7YYdruVdteggpuz3KWAxQf0xX6bEO4WvjFfVmqekT\/CcvxbftJ0OPvtUNbAmIMdzByrRWcH1KlE+Vp1L\/hC9R9Bs3ZcFYrVLmIjOjuR6dZM0gvCNqW+59Duv8pYvq5EskshSuV+VZXQgSphi1zRgwOIMQ80OXjfOd22IffY4fDrlfus1x+wyxpIvDhkq\/80yQo8lPgVUp5LrkwFv8MzfZEG9QVTX5NzJ4ld3sKhU430m+NFzViUapPGRtbxukso3sgavTRg8JkLGw0Wu4KmdOfCPycSYYMtX8wKXnZK3VItDYdup7QRof+kXjKmph54jb48oKmkP1E+fFyArD7x9lonAQ9p5aPKUKzZSnZg3s2QTvBrHxZHDUUh\/GiPymMFletcBA29rvJBTe5sh56A9o976AcTzrk2LtWjfifRRuCloaa709oX8j2NbS2T6fnPB7k5F2xcXniikiRI4m5Wr1rKwzBOYPeISDSO0Iag3\/qLAF4MYdHlpTmWSwUwPziE1P5k6JOH5aZI8e0Q7f0ZxLoqs1jZ2iVmphMqYY9PJIQOnlyUxXdzMxGkRPxC7nkXRnaVTa1Jic4cqbBA0o4E1jc9+EGwh1+8Xvom\/2X552fI1RWakGy58LTHqErwe5sAM83mOIz30W4kVNgLTYM0IjNdR3qa8WogmdKAZ3AFlzKnQVYuwcLo1Z88j+7WQ1aASRKMsinZvu7EijyrunTKJR37AcZ28FtpqOjfm2723l5Y4Ue3NHUMyl8JxA0FHtAmvTh7ijEjAuZW2F1kyMK9I8qLUk6J5HZwZruiDHIIjM="}
@@ -921,20 +921,20 @@
00581{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":336841,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFgAAAER7yzAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00485{"flow_id":120,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":381782,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ABxCjnAxABAj4ACgCABFAABdBAdAAEAGPOjAqHNLwKgFEAG70XokV4PRNCDf9FAYAEYuHAAAFQMDADDWsSdp8D1F8v6K\/yiku3mSJ30Pt4LDalLjUpv0bNJQ9mOQU0lINWhpv4glMt2mNy4="}
00418{"flow_id":120,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":381827,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAoBAhAAEAGPRzAqHNLwKgFEAG70XokV4QGNCDf9FARAEYmOQAAAAAAAAAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1470104420438,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1470104420438,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":438972,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1470104420438,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1231,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1470104420438,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00455{"flow_id":127,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":540216,"pkt_caplen":87,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":87,"pkt_l4_len":33,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACERAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD7vQU6wAh24kTvAAAAAEAAAAAAAAHc29udXNhdgAAAQAB"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":541021,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"AQBeAAD8PKn0WgOECABFAAA1H\/gAAAER9C\/AqAPs4AAA\/OlSFOsAIfhUE7wAAAABAAAAAAAAB3NvbnVzYXYAAAEAAQ=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1234,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1234,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":541205,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/rCILUFkxCABFAABEAABAAEARLlc7eNDa\/\/\/\/\/8PnB5sAMKByU3Uyb1ZTdDRBQUJIWlc1MGNtbGpaVjlCVUVOZlozVmxjM1FBYldVQQ=="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00837{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104420,"pkt_ts_usec":950055,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/XNmY3fXzCABFAAFZAABAAEARbn7AqApu\/\/\/\/\/+xA9gABRTgx\/\/8AAKAAXNmY3fXzwKgKbgAAAgAnAUROUy0xMTAwLTA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABOQVMAAAAAAAAAAAAAVVqvihgAAABVWsE9WwAAAFVasDEuMDJiMTAAEXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXNmY3fXzM0ExAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGRsaW5rLURERjVGMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqApu\/\/8AAExBTjEAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00472{"flow_id":73,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104421,"pkt_ts_usec":462835,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH\/0AAIARlWXAqAPswKj\/\/wCJAIkAOopRimMBEAABAAAAAAAAIEZERVBFT0ZGRkRFQkZHQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00585{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104421,"pkt_ts_usec":566487,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCgYAAAQR9m7AqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00874{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104422,"pkt_ts_usec":79572,"pkt_caplen":391,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":391,"pkt_l4_len":337,"pkt":"MzMAAAABwKC7c+tXht1gAAAAAVERgCABsCAABgAAwqC7\/\/5z61f\/AgAAAAAAAAAAAAAAAAAB9gD2AAFRLwf\/D9rVoADAoLtz61cgAbAgAAYAAMKgu\/\/+c+tXAAACACcBREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFN3aXRjaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMy4xMC4wMTMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoLtz61dCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFFQMFIxRDkwMDAwMjYAAAAAAAAAAAAAAAAAAAAAAAAAREdTLTEyMTAtMTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCojIz\/\/wAAUG9ydCA4AAAgAbAgAAYAAMKgu\/\/+c+tXQA=="}
00472{"flow_id":73,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104422,"pkt_ts_usec":179603,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PKn0WgOECABFAABOH\/4AAIARlWTAqAPswKj\/\/wCJAIkAOopRimMBEAABAAAAAAAAIEZERVBFT0ZGRkRFQkZHQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00426{"flow_id":63,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104422,"pkt_ts_usec":398902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA08IlAADUGTRNE6f2FwKgFEABQ0Xh2OPIDHrFHw4ARAB\/erwAAAQEICs8em0UaD2rZ"}
@@ -945,98 +945,98 @@
00428{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104422,"pkt_ts_usec":913733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0Ow5AADYGR95quSNuwKhzCABQwb1z6x9\/PVhS\/4AQAO2wegAAAQEFCj1YUv49WFL\/"}
00580{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":102735,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChDVwAAAER9kTAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00582{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":102951,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEwAAAER2P7AqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":202821,"pkt_caplen":98,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":98,"pkt_l4_len":44,"pkt":"MzMAAQAC9FyJieYHht1gD8\/5ACwRAf6AAAAAAAAA9lyJ\/\/6J5gf\/AgAAAAAAAAAAAAAAAQACAiICIwAsGIELuXYqAAEADgABAAEeo3uS9FyJieYHAAYABAAXABgACAAC\/\/8="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1470104423246,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1270,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1470104423246,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":246688,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ABAj4ACgYMVHBbyMCABFAABAVdFAAEAG6zrAqAUQwKhzS9F9AbtloPklAAAAALAC\/\/81IwAAAgQFtAEDAwUBAQgKGg+8HwAAAAAEAgAA"}
00425{"flow_id":133,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":247634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxABAj4ACgCABFAAA0AABAAEAGQRjAqHNLwKgFEAG70X2C0DtLZaD5JoASFtBuaQAAAgQFtAEBBAIBAwMH"}
00418{"flow_id":133,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":247712,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoVNRAAEAG7E\/AqAUQwKhzS9F9AbtloPkmgtA7TFAQIACmCwAAUC8xLjEN"}
00699{"flow_id":133,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":248266,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"ABAj4ACgYMVHBbyMCABFAAD9MJBAAEAGD7\/AqAUQwKhzS9F9AbtloPkmgtA7TFAYIADmPAAAFgMBANABAADMAwNXoANoBxB0UxaEmGMMRA4z3rCwUCfHq4lItmIHvO2HwSBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAA5AAAAEwARAAAOMTkyLjE2OC4xMTUuNzUACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwID"}
-00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_first_seen":1470104423246,"flow_last_seen":1470104423248,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00417{"flow_id":133,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":249191,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAosy5AAEAGjfXAqHNLwKgFEAG70X2C0DtMZaD5+1AQADbFAAAAAAAAAAAA"}
00632{"flow_id":133,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":251782,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"ABxCjnAxABAj4ACgCABFAADJsy9AAEAGjVPAqHNLwKgFEAG70X2C0DtMZaD5+1AYADZbuQAAFgMDAFECAABNAwNP+v5MrhPT7gCV6+7l8OEnW6u9CIMrhxz\/CnbSwmfX6yBj+Q0TSc5VhLmmiAAqPOtufQBM8Qziz0QZmZNFeVk8eAAvAAAF\/wEAAQAUAwMAAQEWAwMAQP7fioxuoIuCjn4HHOe6A8jxR2QStU3BBo0dV8n25rs7AjOsZc+II3taGzY\/k\/vNUSTTPW02U9hA0sRTvf0Kf6U="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_tot_l4_data_len":530,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1276,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1470104423246,"flow_last_seen":1470104423251,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":374,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"192.168.115.75","ja3":"618ee2509ef52bf0b8216e1564eea909","ja3s":"573a9f3f80037fb40d481e2054def5bb","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00418{"flow_id":133,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":251818,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAojapAAEAGs3nAqAUQwKhzS9F9AbtloPn7gtA77VAQH\/qkmwAAVFRQLzEu"}
00417{"flow_id":133,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":251931,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABAj4ACgYMVHBbyMCABFAAAuEO1AAEAGMDHAqAUQwKhzS9F9AbtloPn7gtA77VAYIACMgwAAFAMDAAEB"}
00504{"flow_id":133,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":251958,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ABAj4ACgYMVHBbyMCABFAABteDRAAEAGyKrAqAUQwKhzS9F9AbtloPoBgtA77VAYIACEEwAAFgMDAEAMRT2\/rw1RVhtHYa6MIHkNyub7aRPCH9JZHXrMtUzyIcUA3wBPgDvlbAIfiMcwhF0YjOq7KE9AIjRBZ8QVLcaR"}
00418{"flow_id":133,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":253109,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxABAj4ACgCABFAAAoszBAAEAGjfPAqHNLwKgFEAG70X2C0DvtZaD6RlAQADbEFAAAAAAAAAAA"}
01791{"flow_id":133,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":298822,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"pkt":"ABAj4ACgYMVHBbyMCABFAAQdnWdAAEAGn8fAqAUQwKhzS9F9AbtloPpGgtA77VAYIAAvegAAFwMDA\/BqBWyXZqEhDi9wLTRRphXUyBE\/grDYhN2DjCOsiUzd986MGkS2IfK+\/VI6\/84rNxC8e446UW2FnFiU+Q\/LoBjmAiezniMbvoQHXeuC518B6kdQ4OO\/iJtMWdYPCzH0FHDyh1j00Uh2wynNZI8\/gP0giP3DrXaKfiGXt0mp4BiGPPqOgAwO\/G\/2hoUHyW2OCfcPlICV8g+dNcXEtZ1J3pBDxzlz2T1jC2ZoiIzW0HpBoo1WS43dVMbi8F3VNw4J0lyxkNw32DFziioYTBhQ5vKtQ7qxbc7+djaGBOTFJV8BxcEH+Pj2opVFwaNUWEVYzt0\/ZcfIGysCmrviJ9FVDnoj686mXXglr44aSl\/iQu4jHvKHcZzgC5R5aCWr6rF96rNQz4s0XmlyZfqj+wItDD0wEOs9VZI2RRMMebyrvZCsCBWykAUl7tR9ft+DWAWEFS6GL0dNfSsghGZi8VSumVLQvwiTQVU2vvok7jwn9\/ln3iFzwTlRxp63ddDK+u6wneMs5dJ1KJ6C7ssKZTmPcdH2EMSxr4fN9LgiWkD2+PnDpVwjCUwWv\/5rcMbWujEKAFgfyPniO0kiSf7ARgIczd6M6ZuKPPm7p0iaWmGmzubnVe+rWGthHYXUr+TH0I7Zw2syjjHZ2t3\/7\/lOlCMQMchIsBO9yVnv3bmUi2xL16m9n3NYSzqUrQpzxRE+LYsmE3GEha0jB+YqSswno56idH5ddvZM38FvnP+fJiCr+hZW3+ZY+6BOnd6J4LfEaevgg3fmmV\/cmQG87A7hSGJfgMm7tHa55QmeqSdDKX77YDCY1ceJ8Kf3d0M+hf8Lapx1JnNOlKQTH5v26HA0CrmoPqRLFudl\/3n4f\/a9tIXSmebigfnILSRKTs0LJKS13bpTnn3cFpX7PEarJM61P4FR\/+KbJlzaJIR8plhLB0OjTX90lVl8KSg2yNa0MQEgh5oYzk4nKqPN66hLZU4v+l4J3RmveuEXLwDaUEsK0eHAV0RDoPDmHMvgzSKc4tZS3DYoSeUEcplOOMSZDQyGptWBxV6T8K2NN0LCZpMcjxx9aBYa4t5\/T4qyDYpcis75HH48Hx7UV3mDFoShsejKcK+bYVLtUuDYecTdscHf3EQzMZeLoQgMQ5+04p9ABuLJfIpiWlNpc5wihLrJ90tsDyJ6G9arpKTGGOqI0KJ7UJSr\/jXrMZD4sETUD0WjAs5qmNZmOb0pTPGSjjBIcyclaCcJE+wH13zV6Xsss7BeqIOuV\/OoK\/pqJXySWJ51rx7hMdCm7tEdG022xNRWXv9bgD7JIbZxTturL3MadZnDjY2J2D5gBMAKbE+x49LUTcPJDur+F4k="}
-00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1470104422079,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b020:6::c2a0:bbff:fe73:eb57","dst_ip":"ff02::1","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1470104413679,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1470104420950,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1470104423202,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::f65c:89ff:fe89:e607","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1470104420541,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01775{"flow_id":133,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":322983,"pkt_caplen":1055,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1055,"pkt_l4_len":1021,"pkt":"ABxCjnAxABAj4ACgCABFAAQRszFAAEAGignAqHNLwKgFEAG70X2C0DvtZaD+O1AYAEYirQAAFwMDAXBKoFLP2Xx2xOqlPE0\/KiccVrtPdSlvdZR\/i4oEGdHMijcu2OscQe2FwItlFid0LRJmABhjV7gWF9CUm+zizpL83asY4z7ur9zPfsGH8pDbRvXoR1qrLVhJpr8MvNtrvTunwzXHPwpSZ4jk6eioc6ifukPZvdBomQj7RwgaZAYqNnXyhHJWn\/i3HKfUfv+V+V13KExkue+QpevInCIANzKKRGu1rNxm4bUG0bCzc8FNUiLouWutphRFnvrHy\/zB7lPTKjnksk8iuiTC6bB4OLy8WhsawfxpT5jjd+W\/qxAQM6KqvZ1hTHELDVaFGjTiijw2UE\/Y538A4ZB2BSwci3C5q2v0YE\/e6IdpYhJQkffdFdZU2btMTARZ7Gk4KPmE7D1ycysoxrikE\/\/u2j+2G3m7gavgmiNfriTBjjYA+4S1sYTBg\/4cM7WLBT2\/jD\/pXL6l1k\/bzdvPWQpOv3vL9HvQ4gouxfq2nQ47f9owQZmYHxcDAwAwKB6+LjD1cJJgFUMDC94jmy\/CPl5yEo0yKvWuKRdR6kk2wqGmULLyU84yx1sog3c2FwMDAdA1LOWEmcINIcDl5tk2nzOExf25GaE5sWYHaCv\/0kJPrGrW6JkCf6bI3bE\/MVCD1apYYhvGtpgPeMwUgyK7r7fvAzx1ezMV\/RX1xL1MoYDqnZpyF7t3Xo3qKHNSPlTOUed2met5ly1nXm4NXp2KYqzJ9xmNnd68qL1bNXVU8yd4alUcxtyqv4zHjUe8M6tZe1qKY7iRcZociDRrdTIxjgpZNWOe+1oS33ZRpx2WJYaFokAhtxKLkcDjBp+pVUWrLC5kYCT20otqiDSWcWke27LGwG1PKtviepxVtVOriekx\/DGj43NxPlZW18Dh+S0tMI8uJW+EID+z60dqDrY+gqe+XGy8Yhlm42aid7XZkLEopQzTstcoMtpFuG14foGw2vG9abfpesCnuTmdRlptmTpDKaMiEffUHZKGy2Y3BNJfFQMhUq11ZRdvAcXe4FZ53jhs2qxK1rgpjvaIJWqzCJsg2pl+ttg1NrMJjnlItxf\/SCDoONW0kJ54EKYgwF3o9rZKikwwCOYB0zaq\/S3lvWnQfUV4s4DeVQ3m50fMOKXd8aGTZVQrvKftJ0fBaXGFlI0Gx3CkepdwagXleCCFqUdfckbkFQKe98MMwMqEBa+ElBcDAwAwHZ\/izpxbkt51w6MsUAZPlr\/tPjCusPFjgZ0NEsDIO285KyFY5qGHuCo15LDVcadaFwMDADBn4wPJ0pFQJkOjsKo+ocFv98aFyTXSMbwC5CX29qxcSeXiUlcl39yXoelMT2Jz2\/4="}
00419{"flow_id":133,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104423,"pkt_ts_usec":323029,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAo1A5AAEAGbRXAqAUQwKhzS9F9AbtloP47gtA\/1lAQH+CcjAAAhgDQREBA"}
00412{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104424,"pkt_ts_usec":49882,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUqFAAIAGl4vAqHMI3kn+p8G+AFDrM0IThwePWlAQAQGYeAAAAA=="}
00412{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104424,"pkt_ts_usec":49934,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUqFAAIAGl4vAqHMI3kn+p8G+AFDrM0IThwePWlAQAQGYeAAAAA=="}
00425{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104424,"pkt_ts_usec":115083,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA04LRAADEGWG3eSf6nwKhzCABQwb6HB49a6zNCFIAQADYInQAAAQEFCuszQhPrM0IU"}
00585{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104424,"pkt_ts_usec":537905,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCgcAAAQR9m3AqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1470104424738,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1470104424738,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00472{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104424,"pkt_ts_usec":738880,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6MAAIARUUPAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1470104424738,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1470104424738,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00472{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104425,"pkt_ts_usec":455832,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6QAAIARUULAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00838{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104425,"pkt_ts_usec":762971,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"\/\/\/\/\/\/\/\/wKC7c+snCABFAAFZOwBAAEARM+XAqAoH\/\/\/\/\/\/YA9gABRUMe\/\/+fLaAAwKC7c+snwKgKBwAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+snQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDIzAAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqAoH\/\/8AAFBvcnQgOAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104425,"pkt_ts_usec":786054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0xkFAAEAGbFvAqAUQROn9hdFtAFBAFGHVDj7nf4AREAFpCQAAAQEIChoPxgTPHNz0"}
00580{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1334,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":74315,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ3kAAAERfA\/AqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1335,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":74472,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChD4sAAAER9BXAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00472{"flow_id":134,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":276929,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AAwpjO\/4CABFAABOZ6UAAIARUUHAqABowKj\/\/wCJAIkAOgIy8PkBEAABAAAAAAAAIEZERURDT0VCRkNGQ0VCRU9FREVCRkNDT0VQRkNFSEFBAAAgAAE="}
00581{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":277904,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6CJ4BzeuNCABFAAChFFoAAAER7yrAqAUl7\/\/\/+t\/tB2wAjbvITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":973073,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TF4M6gNlYMVHBbyMCABFwABMyLEAAEARvv3AqAUQEf0afQB7AHsAOHvnIwIG7AAAJiAAAPbJEf0afdtKfo89Puc520qBhKZDx2jbSoGEtCSHfttKgew\/d58s"}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1470104426992,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1343,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1470104426992,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104426,"pkt_ts_usec":992100,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1470104426992,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1470104426992,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00458{"flow_id":138,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104427,"pkt_ts_usec":94109,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQADSNIkYwreht1gAAAAACIRAf6AAAAAAAAARWjvvECxE0b\/AgAAAAAAAAAAAAAAAQAD3zwU6wAi91hE5AAAAAEAAAAAAAAIa2V2aW4tUEMAAP8AAQ=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104427,"pkt_ts_usec":94934,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYwreCABFAAA2fkcAAAERlKLAqAUp4AAA\/NkpFOsAIt1BROQAAAABAAAAAAAACGtldmluLVBDAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00585{"flow_id":59,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104427,"pkt_ts_usec":503777,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/66LH8q\/uyCABFAAClCggAAAQR9mzAqAUx7\/\/\/+sn4B2wAkYV1TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00580{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104429,"pkt_ts_usec":142138,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ3oAAAERfA7AqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00581{"flow_id":58,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104429,"pkt_ts_usec":143058,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChD5sAAAER9AXAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00486{"flow_id":133,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104429,"pkt_ts_usec":321101,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ABxCjnAxABAj4ACgCABFAABdszJAAEAGjbzAqHNLwKgFEAG70X2C0D\/WZaD+O1AYAEajgAAAFQMDADBcSAXugCoro2zCjOeXZ2EE3tT+o4OMg1\/gr3e4vsgBKrQQmbrjLiM53+dxUjTxjpc="}
00419{"flow_id":133,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104429,"pkt_ts_usec":321142,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABAj4ACgYMVHBbyMCABFAAAoqeFAAEAGl0LAqAUQwKhzS9F9AbtloP47gtBAC1AQH\/6cOQAAAAAAAAAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1470104429964,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1470104429964,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104429,"pkt_ts_usec":964666,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWEAAAER4XjAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1470104429964,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1383,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1470104429964,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":64732,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQAD3zcU6wAl4fcCawAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00582{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":64735,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQRwAAAQRv1fAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1470104430065,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1470104430065,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":65680,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8AAAAERxx3AqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1470104430065,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1388,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1470104430065,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00430{"flow_id":140,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":65682,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8GF4PUugBCABFAAA2MWMAAAER4XbAqAU54AAA\/PusFOsAIt9AFnIAAAABAAAAAAAACFVzaGVyLVBDAAD\/AAE="}
00580{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":168012,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChMWQAAAER0gzAqAU57\/\/\/+toBB2wAjcGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":272734,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChfk0AAAERhTPAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00435{"flow_id":142,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":476697,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8EAAAERxxzAqAUy4AAA\/N83FOsAJVssAmsAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":884669,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104430,"pkt_ts_usec":884671,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AQBeAAD8uKxv2MGbCABFAAA5S8UAAAERxxjAqAUy4AAA\/MJmFOsAJdEfqUgAAAABAAAAAAAAC2NoYXJtaW5nLVBDAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00463{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104431,"pkt_ts_usec":294729,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"MzMAAQADuKxv2MGbht1gAAAAACURAf6AAAAAAAAA4DQHvtj5YZf\/AgAAAAAAAAAAAAAAAQADwmYU6wAlV+upSAAAAAEAAAAAAAALY2hhcm1pbmctUEMAAP8AAQ=="}
00580{"flow_id":57,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":114660,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6uKxvwfbSCABFAAChJ3wAAAERfAzAqGUh7\/\/\/+ti9B2wAjWL8TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00581{"flow_id":58,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":114662,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cPGh+Cr9CABFAAChEcYAAAER8drAqAUJ7\/\/\/+ti8B2wAjcMVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":318351,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OyoAAAER17zAqAUs4AAA\/Oa2FOsAIkMsz20AAAABAAAAAAAACGphc29uLVBDAAD\/AAE="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00580{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":419532,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYzEACABFAAChOysAAAERyFLAqAUs7\/\/\/+si9B2wAjdLxTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":630916,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1420,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":630917,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDQAAAER8\/HAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1470104432630,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00460{"flow_id":146,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":728657,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"MzMAAQADPKn0WgOEht1gAAAAACMRAf6AAAAAAAAAXZJiqOveExn\/AgAAAAAAAAAAAAAAAQAD5GQU6wAjSCvt1AAAAAEAAAAAAAAJV0FOR1MtTFRXAAD\/AAE="}
00433{"flow_id":147,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104432,"pkt_ts_usec":728660,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AQBeAAD8PKn0WgOECABFAAA3IDUAAAER8\/DAqAPs4AAA\/P\/YFOsAI0Pg7dQAAAABAAAAAAAACVdBTkdTLUxUVwAA\/wAB"}
00411{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104433,"pkt_ts_usec":29958,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"TF4M6gNlABxCjnAxCABFAAApUr5AAIAG8sXAqHMIy0K2V8G8AbsrwEGmNGHnvFAQAQOsiQAAAA=="}
@@ -1044,122 +1044,122 @@
00582{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104433,"pkt_ts_usec":33498,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClQR0AAAQRv1bAqAUy7\/\/\/+vyiB2wAkVLKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00425{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104433,"pkt_ts_usec":40844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0yhkAAD0G\/l\/LQrZXwKhzCAG7wbw0Yee8K8BBp4AQAO2bugAAAQEFCivAQaYrwEGn"}
00579{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104433,"pkt_ts_usec":238541,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChflAAAAERhTDAqAUp7\/\/\/+tgQB2wAjcOhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1470104430884,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1470104425786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1470104425762,"flow_last_seen":0,"flow_min_l4_payload_len":317,"flow_max_l4_payload_len":317,"flow_tot_l4_payload_len":317,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1470104430064,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1470104432318,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59062,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1470104426973,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"17.253.26.125","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1433,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1470104427094,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":55593,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"1kxun.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470104433,"pkt_ts_usec":649184,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/AAK2Qbs6CABFAABEAABAAEARd0fAqAK6\/\/\/\/\/4AAB5sAMBr8aWNSVlNvVTlBQUJYWldKRFlXeHNBSFZ0Ukc5c2IzSlRhWFJCYldVQQ=="}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":8,"flow_first_seen":1470104384289,"flow_last_seen":1470104426277,"flow_tot_l4_data_len":1128,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":55,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_tot_l4_data_len":1128,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_tot_l4_data_len":9022,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":644,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_tot_l4_data_len":8682,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":620,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":46,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_tot_l4_data_len":1692,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_first_seen":1470104395657,"flow_last_seen":1470104422690,"flow_tot_l4_data_len":924,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_tot_l4_data_len":4094,"flow_min_l4_data_len":20,"flow_max_l4_data_len":465,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":11,"flow_first_seen":1470104385211,"flow_last_seen":1470104432114,"flow_tot_l4_data_len":1551,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":9,"flow_first_seen":1470104385211,"flow_last_seen":1470104432114,"flow_tot_l4_data_len":1269,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_tot_l4_data_len":1833,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_tot_l4_data_len":2153,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1189,"flow_avg_l4_data_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_tot_l4_data_len":2153,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1189,"flow_avg_l4_data_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_tot_l4_data_len":4041,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":449,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_tot_l4_data_len":4041,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":449,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_tot_l4_data_len":4312,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_tot_l4_data_len":1232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":8,"flow_first_seen":1470104385418,"flow_last_seen":1470104427503,"flow_tot_l4_data_len":1160,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_tot_l4_data_len":1974,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_tot_l4_data_len":82,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_tot_l4_data_len":10575,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_tot_l4_data_len":1015,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1470104393097,"flow_last_seen":1470104422179,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_tot_l4_data_len":546,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_tot_l4_data_len":481,"flow_min_l4_data_len":229,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_tot_l4_data_len":82,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_tot_l4_data_len":1009,"flow_min_l4_data_len":20,"flow_max_l4_data_len":412,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_tot_l4_data_len":1160,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_tot_l4_data_len":1574,"flow_min_l4_data_len":32,"flow_max_l4_data_len":356,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_tot_l4_data_len":2376,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1238,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_tot_l4_data_len":2961,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_tot_l4_data_len":34041,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":680,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_tot_l4_data_len":1904,"flow_min_l4_data_len":20,"flow_max_l4_data_len":754,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_tot_l4_data_len":2936,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1033,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_tot_l4_data_len":2932,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1033,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_tot_l4_data_len":2504,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1017,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_tot_l4_data_len":2892,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1033,"flow_avg_l4_data_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_tot_l4_data_len":1305,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":41,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_tot_l4_data_len":29723,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":691,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_tot_l4_data_len":61077,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":885,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_tot_l4_data_len":49597,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":813,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_tot_l4_data_len":46773,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":719,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":39,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_tot_l4_data_len":24418,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":718,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_tot_l4_data_len":43599,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":751,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_tot_l4_data_len":82,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_tot_l4_data_len":6592,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_tot_l4_data_len":6592,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":20,"flow_max_l4_data_len":653,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_tot_l4_data_len":169439,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1044,"flow_avg_l4_data_len":404,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":42,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":42,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_tot_l4_data_len":82,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_tot_l4_data_len":7929,"flow_min_l4_data_len":448,"flow_max_l4_data_len":528,"flow_avg_l4_data_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_tot_l4_data_len":8057,"flow_min_l4_data_len":456,"flow_max_l4_data_len":536,"flow_avg_l4_data_len":503,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":8,"flow_first_seen":1470104384289,"flow_last_seen":1470104426277,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"239.255.255.250","src_port":57325,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1470104399652,"flow_last_seen":1470104400059,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"224.0.0.252","src_port":59797,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":1470104414395,"flow_last_seen":1470104414402,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"168.95.1.1","src_port":63372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1470104376017,"flow_last_seen":1470104433238,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":55312,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_first_seen":1470104430884,"flow_last_seen":1470104431294,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":49766,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8554,"flow_avg_l4_payload_len":611,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":14,"flow_first_seen":1470104414404,"flow_last_seen":1470104414419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8214,"flow_avg_l4_payload_len":586,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"203.69.81.73","src_port":53628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1470104377734,"flow_last_seen":1470104377753,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":51024,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1470104433649,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.186","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":12,"flow_first_seen":1470104378045,"flow_last_seen":1470104423102,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1596,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_first_seen":1470104426992,"flow_last_seen":1470104427094,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":57148,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_first_seen":1470104395657,"flow_last_seen":1470104422690,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391362,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":51714,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":25,"flow_first_seen":1470104380773,"flow_last_seen":1470104381859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":445,"flow_tot_l4_payload_len":3534,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.205.151.234","src_port":49608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":11,"flow_first_seen":1470104385211,"flow_last_seen":1470104432114,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1463,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"239.255.255.250","src_port":55484,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":9,"flow_first_seen":1470104385211,"flow_last_seen":1470104432114,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"239.255.255.250","src_port":55485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":13,"flow_first_seen":1470104373232,"flow_last_seen":1470104432419,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1729,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"239.255.255.250","src_port":51389,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":10,"flow_first_seen":1470104419061,"flow_last_seen":1470104419317,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1833,"flow_avg_l4_payload_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.87.1","dst_ip":"192.168.5.16","src_port":443,"dst_port":53578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":9,"flow_first_seen":1470104414296,"flow_last_seen":1470104414478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3753,"flow_avg_l4_payload_len":417,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"31.13.87.36","src_port":53580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":62069,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1470104373741,"flow_last_seen":1470104416751,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":4200,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1470104406717,"flow_last_seen":1470104407128,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408457,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1470104383810,"flow_last_seen":1470104413817,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.119.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":8,"flow_first_seen":1470104385418,"flow_last_seen":1470104427503,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":51704,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1470104373232,"flow_last_seen":1470104430168,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1862,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_first_seen":1470104429964,"flow_last_seen":1470104430065,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":64428,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":33,"flow_first_seen":1470104380890,"flow_last_seen":1470104382084,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":9883,"flow_avg_l4_payload_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"42.120.51.152","src_port":49609,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_first_seen":1470104420438,"flow_last_seen":1470104420540,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":61172,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":7,"flow_first_seen":1470104397807,"flow_last_seen":1470104414604,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":959,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":49701,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":3,"flow_first_seen":1470104424738,"flow_last_seen":1470104426276,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.104","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_first_seen":1470104393610,"flow_last_seen":1470104394635,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1470104393097,"flow_last_seen":1470104422179,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1470104378021,"flow_last_seen":1470104379520,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_first_seen":1470104393610,"flow_last_seen":1470104393611,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.45","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1470104379579,"flow_last_seen":1470104379579,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":244,"flow_tot_l4_payload_len":465,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.67","dst_ip":"192.168.255.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1470104381217,"flow_last_seen":1470104381626,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":56366,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_first_seen":1470104412556,"flow_last_seen":1470104412962,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":64568,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":13,"flow_first_seen":1470104380188,"flow_last_seen":1470104380928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.244.135.170","src_port":49607,"dst_port":9099,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382038,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1470104381935,"flow_last_seen":1470104382036,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":1470104396889,"flow_last_seen":1470104396987,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"224.0.0.252","src_port":54470,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1470104411327,"flow_last_seen":1470104411735,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.37","dst_ip":"224.0.0.252","src_port":54506,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1470104377634,"flow_last_seen":1470104415729,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1096,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":1470104399959,"flow_last_seen":1470104400366,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":62756,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":12,"flow_first_seen":1470104390443,"flow_last_seen":1470104422398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"68.233.253.133","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":1470104403134,"flow_last_seen":1470104403234,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":58702,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1470104391254,"flow_last_seen":1470104391361,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":63659,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416959,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_first_seen":1470104416855,"flow_last_seen":1470104416958,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_first_seen":1470104391199,"flow_last_seen":1470104391208,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1470104377754,"flow_last_seen":1470104422913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1218,"flow_tot_l4_payload_len":2048,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":13,"flow_first_seen":1470104379903,"flow_last_seen":1470104379989,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2665,"flow_avg_l4_payload_len":205,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":50,"flow_first_seen":1470104379916,"flow_last_seen":1470104380338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":33005,"flow_avg_l4_payload_len":660,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":14,"flow_first_seen":1470104378906,"flow_last_seen":1470104424115,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":734,"flow_tot_l4_payload_len":1576,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.73.254.167","src_port":49598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1470104378005,"flow_last_seen":1470104378007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53622,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":19,"flow_first_seen":1470104381237,"flow_last_seen":1470104402191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2520,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53623,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":19,"flow_first_seen":1470104402238,"flow_last_seen":1470104408999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53625,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":19,"flow_first_seen":1470104414296,"flow_last_seen":1470104423193,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":997,"flow_tot_l4_payload_len":2088,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1470104423246,"flow_last_seen":1470104429322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1013,"flow_tot_l4_payload_len":2516,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.16","dst_ip":"192.168.115.75","src_port":53629,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":9,"flow_first_seen":1470104376017,"flow_last_seen":1470104433033,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":1233,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":1470104399958,"flow_last_seen":1470104400059,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":1470104396888,"flow_last_seen":1470104396987,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4568:efbc:40b1:1346","dst_ip":"ff02::1:3","src_port":50194,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1470104402624,"flow_last_seen":1470104402724,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":49735,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_first_seen":1470104380737,"flow_last_seen":1470104380772,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_first_seen":1470104430065,"flow_last_seen":1470104430476,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_first_seen":1470104409586,"flow_last_seen":1470104409685,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":53938,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":43,"flow_first_seen":1470104379117,"flow_last_seen":1470104424357,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":28815,"flow_avg_l4_payload_len":670,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49599,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":69,"flow_first_seen":1470104379117,"flow_last_seen":1470104424488,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":59649,"flow_avg_l4_payload_len":864,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":61,"flow_first_seen":1470104379118,"flow_last_seen":1470104424418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":48329,"flow_avg_l4_payload_len":792,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49601,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":65,"flow_first_seen":1470104379118,"flow_last_seen":1470104424446,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":45401,"flow_avg_l4_payload_len":698,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1470104379066,"flow_last_seen":1470104379115,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":34,"flow_first_seen":1470104379118,"flow_last_seen":1470104424360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":23690,"flow_avg_l4_payload_len":696,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":58,"flow_first_seen":1470104379119,"flow_last_seen":1470104424435,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":42391,"flow_avg_l4_payload_len":730,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.187.35.246","src_port":49604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1470104376816,"flow_last_seen":1470104392380,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382857,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1470104378045,"flow_last_seen":1470104378454,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":23,"flow_first_seen":1470104410885,"flow_last_seen":1470104428908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6132,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":14,"flow_first_seen":1470104381895,"flow_last_seen":1470104382125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":633,"flow_tot_l4_payload_len":1497,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":419,"flow_first_seen":1470104382053,"flow_last_seen":1470104433789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":161031,"flow_avg_l4_payload_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.144","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1470104378901,"flow_last_seen":1470104378905,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1470104377901,"flow_last_seen":1470104378954,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1470104388033,"flow_last_seen":1470104433040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.87","src_port":49596,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1470104382448,"flow_last_seen":1470104382858,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_first_seen":1470104404055,"flow_last_seen":1470104418595,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1470104379169,"flow_last_seen":1470104379271,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1470104373025,"flow_last_seen":1470104373127,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1470104377634,"flow_last_seen":1470104378045,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_first_seen":1470104408049,"flow_last_seen":1470104408458,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":7801,"flow_avg_l4_payload_len":487,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1470104377720,"flow_last_seen":1470104377820,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1470104432630,"flow_last_seen":1470104432728,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out
index f48a8a8cb..77ab8d021 100644
--- a/test/results/443-chrome.pcap.out
+++ b/test/results/443-chrome.pcap.out
@@ -1,6 +1,6 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109434,"pkt_ts_usec":258190,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"}
-00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109434258,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out
index c53cf9c75..3d7953d38 100644
--- a/test/results/443-curl.pcap.out
+++ b/test/results/443-curl.pcap.out
@@ -1,15 +1,15 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113120474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":474299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"}
00436{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":512991,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":513098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3aWj5LRfoAQECwaIgAAAQEICh5iRd0laAqT"}
01121{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":522725,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7FgtjjAbvMd3aWj5LRfoAYECzDZwAAAQEICh5iReYlaAqTFgMBAgABAAH8AwM+OEHtzCD20OX3Fnq37pGoAMjvcMLWJMfHlDokAm2fvAAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABEADwAADHd3dy5udG9wLm9yZwALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAADgAMAmgyCGh0dHAvMS4xABUArgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00720{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113120474,"flow_last_seen":1581113120522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":560634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0W75AADQGsY+yPsWCwKgBDQG72OOPktF+zHd4m4AQAfomFwAAAQEICiVoCsIeYkXm"}
02365{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":563403,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUW79AADQGq+6yPsWCwKgBDQG72OOPktF+zHd4m4AQAfrtUgAAAQEICiVoCsUeYkXmFgMDAGYCAABiAwOPct0uNdz13fOK5124VdFhC02zKTfLIM0xh+7BIFf7JSDqj80dqPhjW9XfKkW2A3ZN18+1+CZm\/3f9R2Nb+ajwy8AvAAAa\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIWAwMJ+AsACfQACfEABVUwggVRMIIEOaADAgECAhIDxW9mNu2nL39MVmX6BV2TMlUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTE5MTIxNzAxMTcyOFoXDTIwMDMxNjAxMTcyOFowFzEVMBMGA1UEAxMMd3d3Lm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHDQayg1hZirIX4Lqo3WG5KpMHniFi3Mrw70HcZqirZW5NUs9muyeR2daOyJjrsrcxe5XeHEXf5ru6+lYjXKiJUopGwLGWi1MuiA9gxWWZLWVeWEttxEmwTTqWlShR8ip32eF1LWpw+F0\/c7QNC2bLlmcSkK9oUS8lWxZizXhwgMReDaqPRYDEvhZYtdfWcfkpSDtRToDgE82uKrDur4Q1u38uBJsp\/Zuk427G+2bOLN0pIsECXklgqQWZhVqEqvoDVHDRIwlzyNKwbt7R+GffgX5sp5gUkbyOPc++GR+fOVL7\/MuzNWp2Ur2zThN4UF6enMUdFCrd\/aCFa8DDGwQIDAQABo4ICYjCCAl4wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmdzmXZiclqr7hh6e7K5a4h\/CR1zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBcGA1UdEQQQMA6CDHd3dy5udG9wLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbxGlYBAAAAQDAEgwRgIhAIRceob4hnAbM9rJbnEpY+A50PHaV61rmP\/FPogwHJlnAiEAiK3s5Ni+tJcif2KrozzCA+H4Z5wsGO\/rP7mWl\/8vPTAAdgAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8RpWAtAAAEAwBHMEUCIDAoXUAacoihoRLZX4xqZwCvTg3tPgFpCX2S7ZjjFV7RAiEAqJN+En3T+\/ydrTEr5TNFIftUI+4vvVlbwZiJasTYVG4wDQYJKoZIhvcNAQELBQADggEBABf660IO1+locKETiuPkBudrM2Gg2CMTwawmZ8YWY0H7ZucmeZKLjBIr10rhc\/xXzyKNPlklujVS4QNzb64syqShdO9NKJYTs3waFZTL7ydLvW0D4fczI3O+vPDZhwZpLmn+nqS+eWOoIfOLT7ybQqmBmqXgIBoyBlCSHhlepcZ1ZAlhZDuOaxVjHsL7TTVJqXPX6Mzg7LSS4E55KIz9jb1FBPqySSarb6F20U4aoE8vYu+DsC17ZWHL2SZkzmRlaFwVC2przQWki8GfGb0+3wBv"}
-00776{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02369{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564527,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUW8BAADQGq+2yPsWCwKgBDQG72OOPktcezHd4m4AQAfouagAAAQEICiVoCsUeYkXm2KRVjbq6lkVyOTkZXPr2pwfJk+y1sTzGxZXL7xzYeRBPsI+K1ABFuSfd4k+8lP4ABJYwggSSMIIDeqADAgECAhAKAUFCAAABU4VzaguF7KcIMA0GCSqGSIb3DQEBCwUAMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwHhcNMTYwMzE3MTY0MDQ2WhcNMjEwMzE3MTY0MDQ2WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB\/XkZqf89B4Z3HIaQ6Vkc\/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y\/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2\/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR\/DMH+ieTETPS02+OP88jNquTkxxa\/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggF9MIIBeTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAU0MAAFJAwAXQQTIuLmC\/KhAtEjXNePRjR3Z8z13PY2gP\/N2rl87G0XX6wcA\/FkX8ADlRdEmktl0DAuY2fj25Fk6Uj7vZcWm8XWIBAEBAE9krhh36h5ca3LOrq6uUPo9avm5L4w3HTam31\/Ta1mfoMEhi0CisSJeWJAWHx3wcjakDfVuiOAWa8XabgEfyEMvWdlEoC9hfWZnVSx3l5+WAVKua\/qJho4H3jhUN0bYoCTlgLICK+VGTDi6oQH9onrHbFPE+\/fnsBHERYLhgc6BRfwhwrNP"}
-00977{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_tot_l4_data_len":3641,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+00988{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00608{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564529,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC3W8FAADQGsQmyPsWCwKgBDQG72OOPkty+zHd4m4AYAfoN\/QAAAQEICiVoCsUeYkXm66hTzubMWB08s3PkhsL9JqVuuKtC6Q0mFf6B4oBc2\/U2+ighQD73s0KYSsAN2q7FfukeSK4MeIkwGkFip7nL2Anu6BP4tpM5odv8A\/wsfYjJUcVxbpTPS64h+NrbHwJhGR\/RS8rkqGW5ZFY\/2ZG4woWm+3h\/FLx5bRoWAwMABA4AAAA="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3ibj5LcvoAQD9MM0gAAAQEICh5iRg8laArF"}
00426{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":564603,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3ibj5LdQYAQD\/UMLQAAAQEICh5iRg8laArF"}
@@ -18,5 +18,5 @@
00505{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615460,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"KDc3AG3IEBMx8Tl2CABFAABtW8NAADQGsVGyPsWCwKgBDQG72OOPkt10zHd5GYAYAfp7mQAAAQEICiVoCvkeYkYZFwMDADSs\/COuKf6QzbZuwm5bQ+t1xaNk5sTWeJideDy\/mEPzRPt1g1pEejHD9dWUd1PFn4IWabl7"}
00426{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3kZj5LddIAQD\/4LDwAAAQEICh5iRj8laAr5"}
00426{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-curl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113120,"pkt_ts_usec":615535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7FgtjjAbvMd3kZj5LdrYAQD\/wK2AAAAQEICh5iRj8laAr5"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_tot_l4_data_len":70276,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":644,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out
index 4a009acaa..e865d3e95 100644
--- a/test/results/443-firefox.pcap.out
+++ b/test/results/443-firefox.pcap.out
@@ -1,15 +1,15 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109488041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":41083,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":79695,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO2peCoQ9IAQECwBWgAAAQEICh4r1YolMJ2O"}
01129{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":81517,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG\/0jAqAENsj7Fgs9oAbstYO2peCoQ9IAYECxBgwAAAQEICh4r1YslMJ2OFgMBAgABAAH8AwOUa\/El1SC4SOV9CcN1r6cpW+siDNFHDg6B0Jx3puu2HCDuWUpvRGQcZEnGz5IHtl2G4czu+ssSIC6vfxuSOCPZ9QAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABEADwAADHd3dy5udG9wLm9yZwAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgEe3v4+aZzjqvjKifwJvnUyAU75U99AdjBg2UClguoEsAFwBBBNOOVnM3\/ljW1RxVAgKlkC5JeOU5cpLYYiMFaZX\/Y\/IlsD8SBGEv68Zc7h4OxYI4cIk\/\/nVqycuiWb+\/FGG07XMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109488041,"flow_last_seen":1581109488081,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":119593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HdRAADQG73myPsWCwKgBDQG7z2h4KhD0LWDvroAQAfoNXQAAAQEICiUwnbceK9WL"}
02367{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123692,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHdVAADQG6diyPsWCwKgBDQG7z2h4KhD0LWDvroAQAfqVUAAAAQEICiUwnboeK9WLFgMDAE4CAABKAwOvM8LrXKoo0unofgHocdvd\/Ny9B7iQj9XZFL3OXqjiSgDMqAAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAQAAUAAwJoMgAXAAAWAwMJ+AsACfQACfEABVUwggVRMIIEOaADAgECAhIDxW9mNu2nL39MVmX6BV2TMlUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTE5MTIxNzAxMTcyOFoXDTIwMDMxNjAxMTcyOFowFzEVMBMGA1UEAxMMd3d3Lm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSHDQayg1hZirIX4Lqo3WG5KpMHniFi3Mrw70HcZqirZW5NUs9muyeR2daOyJjrsrcxe5XeHEXf5ru6+lYjXKiJUopGwLGWi1MuiA9gxWWZLWVeWEttxEmwTTqWlShR8ip32eF1LWpw+F0\/c7QNC2bLlmcSkK9oUS8lWxZizXhwgMReDaqPRYDEvhZYtdfWcfkpSDtRToDgE82uKrDur4Q1u38uBJsp\/Zuk427G+2bOLN0pIsECXklgqQWZhVqEqvoDVHDRIwlzyNKwbt7R+GffgX5sp5gUkbyOPc++GR+fOVL7\/MuzNWp2Ur2zThN4UF6enMUdFCrd\/aCFa8DDGwQIDAQABo4ICYjCCAl4wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmdzmXZiclqr7hh6e7K5a4h\/CR1zAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMBcGA1UdEQQQMA6CDHd3dy5udG9wLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABbxGlYBAAAAQDAEgwRgIhAIRceob4hnAbM9rJbnEpY+A50PHaV61rmP\/FPogwHJlnAiEAiK3s5Ni+tJcif2KrozzCA+H4Z5wsGO\/rP7mWl\/8vPTAAdgAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAW8RpWAtAAAEAwBHMEUCIDAoXUAacoihoRLZX4xqZwCvTg3tPgFpCX2S7ZjjFV7RAiEAqJN+En3T+\/ydrTEr5TNFIftUI+4vvVlbwZiJasTYVG4wDQYJKoZIhvcNAQELBQADggEBABf660IO1+locKETiuPkBudrM2Gg2CMTwawmZ8YWY0H7ZucmeZKLjBIr10rhc\/xXzyKNPlklujVS4QNzb64syqShdO9NKJYTs3waFZTL7ydLvW0D4fczI3O+vPDZhwZpLmn+nqS+eWOoIfOLT7ybQqmBmqXgIBoyBlCSHhlepcZ1ZAlhZDuOaxVjHsL7TTVJqXPX6Mzg7LSS4E55KIz9jb1FBPqySSarb6F20U4aoE8vYu+DsC17ZWHL2SZkzmRlaFwVC2przQWki8GfGb0+3wBv2KRVjbq6lkVyOTkZXPr2pwfJk+y1sTzG"}
-00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02372{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123785,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHdZAADQG6deyPsWCwKgBDQG7z2h4KhaULWDvroAQAfoeuAAAAQEICiUwnboeK9WLxZXL7xzYeRBPsI+K1ABFuSfd4k+8lP4ABJYwggSSMIIDeqADAgECAhAKAUFCAAABU4VzaguF7KcIMA0GCSqGSIb3DQEBCwUAMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwHhcNMTYwMzE3MTY0MDQ2WhcNMjEwMzE3MTY0MDQ2WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB\/XkZqf89B4Z3HIaQ6Vkc\/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y\/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2\/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR\/DMH+ieTETPS02+OP88jNquTkxxa\/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggF9MIIBeTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDASwMAAEoAwAdIKFSxuOb0oVG9\/kfAIUP0Iz3QlYJcsmpctk7HcKzlRhmCAQBAIVAJeDhP5lPq0OCGEt3uZVY0vFa\/obRnaQAcX78vCjY8+ENip49+1Y6EZk6gEqqCcL68vo\/N\/qEWn86NuoJGKs\/qj8kg82MgEJ+qHI+XUh7XGmGOKgFxYEEJtVGPPbKIBloLzkp8G77Zws7dUNLmUGXdWAV7jipXz0v2z1rVed8VWluevP1NtGkcmuPwrmTuMf5uyeLGkFa3+PL7GWBTdylsOyua+BqW2x3ATfUoiFlOGjh\/M+zmFNfsYyDTiOz"}
-01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_tot_l4_data_len":3641,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+01054{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00531{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123787,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+HddAADQG7yyyPsWCwKgBDQG7z2h4Khw0LWDvroAYAfoO\/wAAAQEICiUwnboeK9WLZ4YR4bnOF6tPCTZOqJjVwYxlP4OP52PvwGPt\/kRoBqGRPIjpXSxMVNbmyTiiNTUSI6U1DvfsFNytQP+Yhft5jI0WAwMABA4AAAA="}
00426{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO+ueCocNIAQD9L0GQAAAQEICh4r1bMlMJ26"}
00429{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":123848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYO+ueCocfoAQD8\/z0gAAAQEICh4r1bMlMJ26"}
@@ -18,5 +18,5 @@
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164490,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"KDc3AG3IEBMx8Tl2CABFAABlHdlAADQG70OyPsWCwKgBDQG7z2h4Kh2ILWDwA4AYAfqzkwAAAQEICiUwneMeK9W1FwMDACxffRqcy2j37wKerf7ZOK8PIq4YWRNxkgdTirhwIr1LXYymQjh\/dnRfmvIfcg=="}
00429{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164577,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYPADeCodiIAQD\/fx+wAAAQEICh4r1dolMJ3j"}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109488,"pkt_ts_usec":164580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs9oAbstYPADeCoduYAQD\/bxywAAAQEICh4r1dolMJ3j"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_tot_l4_data_len":435389,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":652,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out
index 4885f8fba..34c1bff63 100644
--- a/test/results/443-git.pcap.out
+++ b/test/results/443-git.pcap.out
@@ -1,15 +1,15 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581113657633,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":633853,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":744421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/p6AgM3QzYAQECpNNAAAAQEICh5qXC0OCxAa"}
01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":751016,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGeLPAqAENjFJyBNnAAbv0\/p6AgM3QzYAYECpqTgAAAQEICh5qXDMOCxAaFgMBAgABAAH8AwNQWUIaokrsiL8XEswp8oDn8SQNNiEML8bEosBTihcRygAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAAA8ADQAACmdpdGh1Yi5jb20ACwAEAwABAgAKADoAOAAOAA0AGQAcAAsADAAbABgACQAKABoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA0AJgAkBgEGAgYD7+8FAQUCBQMEAQQCBAPu7u3tAwEDAgMDAgECAgIDM3QAAAAQAAsACQhodHRwLzEuMQAVALMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581113657633,"flow_last_seen":1581113657751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
02336{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863699,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXEwPpAADIGwi2MUnIEwKgBDQG72cCAzdDN9P6ghYAQAB10xQAAAQEICg4LEDgealwzFgMDAGwCAABoAwPki9jhPmCkj6agnB13yqVRrfsdioC9VcxET1dOR1JEASDxGH7q5wCfHu4g3J9YnEevlg7HfliESOuB6g4QuH+MBcAvAAAg\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMMDQsADAkADAYAB0YwggdCMIIGKqADAgECAhAKBjBCf1u87WlXOWWTtkUfMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNDAyBgNVBAMTK0RpZ2lDZXJ0IFNIQTIgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTZXJ2ZXIgQ0EwHhcNMTgwNTA4MDAwMDAwWhcNMjAwNjAzMTIwMDAwWjCBxzEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxEDAOBgNVBAUTBzUxNTc1NTAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxHaXRIdWIsIEluYy4xEzARBgNVBAMTCmdpdGh1Yi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGPKryPJcMOsFPKK1ycH3Tzrm1YHOkdJuKd0b9ephCTMUwGVeaqTML4V1NEFjKd5nDk\/P5dZC8v7vglbouxY1zYQXTEISos4m4L3OM8Cpuvu6ug0uCEbFh\/Xdh2psbmiP\/jH6iAQbd0X9TlgjBWvrnwMrIRIxXp6hhX2YNV9O4lqy2SpzB6uj7lkAp9hUwtQSwzAW2hMMkWZV\/omWQ5bCzGnVZxD8xFArVzKo6hQVSBjKWB2HfJ4IM94XbYDHwCVDFtxoj4bB9AvUUHsnL6H4qMwT2UT9SmBXpC3ZHXE1Ka8UIFa740Vfp6nAU\/8lFuQx8vPRt5gVS+YyAu3BWkQ9LAgMBAAGjggN5MIIDdTAfBgNVHSMEGDAWgBQ901Cl1qCt7vNKYApl0yHU+PjWDzAdBgNVHQ4EFgQUycJTYWadX6sl9CbNDziaqEnqSKkwJQYDVR0RBB4wHIIKZ2l0aHViLmNvbYIOd3d3LmdpdGh1Yi5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1ldi1zZXJ2ZXItZzIuY3JsMEsGA1UdIAREMEIwNwYJYIZIAYb9bAIBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQEwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABY0FibQoAAAQDAEcwRQIhANFmnfxxNaxYfYZ0Gl7+49M="}
-00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_tot_l4_data_len":2121,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02338{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863740,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXEwPtAADIGwiyMUnIEwKgBDQG72cCAzdZd9P6ghYAQAB0uEgAAAQEICg4LEDgealwzWnsu\/m4BEC2+dIcvSykZYgIgCP5gGv6yzaazxBK2NwGdmmyuEFNSg2pARbMJlUFgU5UAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWNBYm0tAAAEAwBHMEUCIQCi7omUvYLm0b2LobtEeRAYnlIo7n6JxbYdrtYdmPUWJQIgVgw1AZ51vK9ENinBg22FPxb82TvNDO05T17hxXRC2IYAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWNBYm3fAAAEAwBHMEUCIQChzdTKUU2N+XcqcK0OJYrN8EYynloVxho4yPk6Dq3EPgIgdNH5u8rC3UcslQV4B9o0a0w204omDREGKTVuEpxGeOQwDQYJKoZIhvcNAQELBQADggEBAHAPWpanWOW\/ip2oJ5grAH8mqQfaunuCVE+vac+88lkDK\/LVdFgl2B6kIHZiYClzKtfczG93hWvKbST4NRNHP9LiaQqdNC17e5vNHnXVUGw+yxyjMLGqkgepOnZ2Rb14kcTOGp4i5AuJuuaMwXmCo7jUwPwfLe1NUlVBKqg6LK0Hcq4K0sZnxE8HFxiZ92WpV2AVWjRMEc\/2z2shNoDvxvFUYyY1Oe67xINkmyQKc+ygSBZzyLnXSFVWmHr3u5dcaaQGGAR42v6Ydr4iL38Hd4dOiBma+FXsXBIqWUjbST4VXmdaol7uzFMojA4zkxQDZAvF5XgJlAFadfySna\/teikABLowggS2MIIDnqADAgECAhAMealEsIwRlSCSYV\/iax2DMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11OkBFH4maYWSEtnJ6qTSdA57QywsACH8WcohoWMjmPavLFAOOLT9eylBRi4PT7FmRcy7BiM+vEMpmQhhcsHEDSwUogrH2ib0rGPErCz0ueIHx\/vOHdUU1+AeT8uGqqoHksrDau3Y7k1t30UvFlL31FK0qHiDOKQgodqrurXZNaYVej9rxpQbFS8EfL9SvKdu38O9NW+jhaJElXYwHE07vbcLezEhyWGjdgh5LBNDIncOSYX3fbXlIXYBCFwnW9v\/1y6GeFFy1ZXKH4cDUFXqre4J7ux5Poq7yEjdRqtLZuGNYycd7VzrdiULeTzDJ3uwU5ifhfAcZ4s3vH5ECgZMwIDAQABo4IBSTCCAUUwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmQ="}
01371{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863749,"pkt_caplen":768,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":768,"pkt_l4_len":734,"pkt":"KDc3AG3IEBMx8Tl2CABFAALywPxAADIGxP2MUnIEwKgBDQG72cCAzdvt9P6ghYAYAB33cAAAAQEICg4LEDgealwzaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQ901Cl1qCt7vNKYApl0yHU+PjWDzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAnbbQkIbhhgLtxaDwNBx0wY12zIYKqPBKikLWP8ipTa18CK3mtlC4ohpNiAexKSHc59rGPCHg4xFJcKx6HQGkyhE6V6t9VypAdP3THYUYUN9XR3WhfVUgLkc3UHKMf4Ib0mKPLQNa2sPIoc4sUqIAY+tzunHISScjl2SFnjgOrWNoPLpSgVh5oywM395t6zHyuqB8bPEs1OG9d4Q3A84ytciagRpKkk47RpqF\/oOi+Z6Mo8wNXrM9zwR4jxQUezKcxwCmXMS1oVWNWlZopCJwqjyBcdmdqEU79OX2olHdx3ti6G8MdOu42vi\/hw15UJGQmxg7kVkn8TUoE6smftX3ehYDAwFNDAABSQMAF0EEviPCEhvi59\/6T9MgEZKwV0P2OvDb2lxoYjEG5vsi\/GBNZCvMQIi4iYKpdl7TR+23s\/ToYG3xlEUBwWaysxfvXQQBAQAuBk8cLaFssUGAuvswNmrq02lhqwkXi\/wU3UU\/AkCzSFmjQ7wtJWrU6hSUZ3hAmh91DpceCCVQ7Rxf8xfryCEZbPNuCh64PhEwWNMp019JpkISwyTNXz46vjxbrUxGhmOrmMzcmFRZ7q+hZZLhwxYyuxOKIY7fn5T8gFT89sb9ufiteD0BXA85KIh\/u76cpH0g38RNfBIRSXrsarDNoXdFIFX9ODLWnob+HV5b6AIqoQRFrLU3nkOyBjYjY2qp2BhwJZsxq5AIwHNywkgA9gqiVHOKjNlJl58wcfvlk2UlkCpulNjNTECyXO1XUcWtPSrkT12iLElSLvMrMg5St+uKFgMDAAQOAAAA"}
-01085{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_tot_l4_data_len":4311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":615,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
+01096{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}
00424{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/qCFgM3b7YAQD9E\/1QAAAQEICh5qXKIOCxA4"}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":863827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGerjAqAENjFJyBNnAAbv0\/qCFgM3eq4AQD7s9LQAAAQEICh5qXKIOCxA4"}
00599{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":874902,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGejrAqAENjFJyBNnAAbv0\/qCFgM3eq4AYEAAyjAAAAQEICh5qXKwOCxA4FgMDAEYQAABCQQR4DzL7VHI2p9Wsor\/3Vo+N5AnUsHpLTKA09EA6pNCLHfqzPZDgrXdy4uSgcbnJbZZgDjW0mC8atlmChwGPzYamFAMDAAEBFgMDACgAAAAAAAAAAHd9Rs8Pb0Y7rv\/z7IipdV0+VbYENXE30Jp+r4B5hI8\/"}
@@ -18,5 +18,5 @@
00705{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113657,"pkt_ts_usec":988380,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAGeenAqAENjFJyBNnAAbv0\/qEDgM3e3oAYEACF3gAAAQEICh5qXRgOCxBWFwMDAMoAAAAAAAAAAZteE2M50auMrOtfwzcbrjE5WSBBGbdFq8Wv4YIfG49Pd6pjfLi8bvfrvWBPpyLBoiAfBJfKXWUmVmlXSRH2FbhdbL6+RF4mftwCy7PUQCTF7z1+QJXZiylicLOVB6F+QgE78ERJTYJZ5fqeUMaOnSKsYbY3QkmS8On68oWh9PJWvTllzj24jo7NW0yhQmQ5nrxaN845D0504ebzIYNzgvXdV6rf08Iu+PMC6t\/37IhUjJDXatJxPaJ40aWY6+Eo3mch"}
00928{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113658,"pkt_ts_usec":131245,"pkt_caplen":437,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":437,"pkt_l4_len":403,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGnwP5AADIGxkaMUnIEwKgBDQG72cCAzd7e9P6h0oAYAB5pFgAAAQEICg4LEHoeal0YFwMDAW6Jm0EBvvRKLb0S9s4ZFGBMJ3epNReWPVZ+jw3d4XVirOKjdNQAI7COlaOiHvNnTlNKp9qv2guBbvHpG8VXnNVC6PdTOxzmNCoVDBZCBZ6MYz8O2gPsFtxZfR3mpveIPegsG09ZTcLM6rMjQHHhOvjdbMQWmvijnpwY3AK8Ou7KDDLoTZtSqnHEEk0HDk8nzvykyDh3WKm2+6v72\/VImnsPeZqMVEifVcU00r4L8C1rn0dMsQnWSzwNg96VpSxg69HXwCoAXbkeTTBTAnyJZTMWWWRvohuzcXJxklcxh3\/XPOYK0t65bhJkDrCUb\/IsRoynsBkL\/+JuUPaSYE0mPT6LYxqv38aXfY9q7gkPKraZ5Xwy02FbwvU9GD59UHHdsPaIKgBceRC+qceZ1jgF6QLKvYkBkpwqtV2vcYSbR1a\/Jj413t8tPLLJwVanjG6CEkcGGQijHtu6RnBIo3+JkhpBZ+rXrOklbvVPqr2Eg84="}
00528{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581113658,"pkt_ts_usec":131250,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+wP9AADIGx26MUnIEwKgBDQG72cCAzeBR9P6h0oAYAB7pmQAAAQEICg4LEHoeal0YFwMDAEWJm0EBvvRKLmX7drjPshGyaEJWmqcp1RQ+pyLs4CGONTV6yT1TRVDipzhBBC2J7XfD1QzS\/vH7qDNCq0AYEKrGNVvpC2I="}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_tot_l4_data_len":34809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out
index 1e16266c1..c89fef2c0 100644
--- a/test/results/443-opvn.pcap.out
+++ b/test/results/443-opvn.pcap.out
@@ -1,12 +1,12 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581153175528,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":528454,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153175,"pkt_ts_usec":550155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"}
00485{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":603974,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgAABAAEAG+CfAqAFUwAzAZ87tBKpga1qvYFmVNoAYECxEwAAAAQEIChYNhGMcQO0VACo41nvkW+XCAesBZDX8sdb2DhrIizKVRtw8er8LngAAAAFePnuYAAAAAAA="}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":625141,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0eCxAADYGiifADMBnwKgBVASqzu1gWZU2YGta24AQAcUJRgAAAQEIChxA7iIWDYRj"}
00502{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626109,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"KDc3AG3IEBMx8Tl2CABFAABseC1AADYGie7ADMBnwKgBVASqzu1gWZU2YGta24AYAcVPwwAAAQEIChxA7iIWDYRjADZAGQgugPnKUoAhWk5EFW4WBnpU\/ornQ3WM1pHQ1gAAAAFePnuYAQAAAADWe+Rb5cIB6wAAAAA="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00423{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1rbYFmVboAQECr6lAAAAQEIChYNhHccQO4i"}
00500{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":626548,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMx8Tl2KDc3AG3ICABFAABoAABAAEAG+B\/AqAFUwAzAZ87tBKpga1rbYFmVboAYEColyAAAAQEIChYNhHgcQO4iADIo1nvkW+XCAevrBy2vwZH\/+bWS\/9mZxBfmMUqaFQAAAAJePnuYAQAAAAAZCC6A+cpSgA=="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":683495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0eC5AADYGiiXADMBnwKgBVASqzu1gWZVuYGtbD4AQAcUItgAAAQEIChxA7jEWDYR4"}
@@ -16,5 +16,5 @@
00425{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1xQYFmaAIAQEAX0RAAAAQEIChYNhM8cQO44"}
02370{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716678,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUeDFAADYGhILADMBnwKgBVASqzu1gWZoAYGtcUIAQAda19QAAAQEIChxA7jgWDYSwBIQgGQgugPnKUoD7C2lnhAEvosaCXjxmdu0yP19GwQAAAANePnuYAAAAAAITC1JlZ2lzdHJvLml0MRcwFQYDVQQDEw5SZWdpc3Ryby5pdCBDQTEiMCAGCSqGSIb3DQEJARYTc3lzYWRtaW5AaWl0LmNuci5pdDAeFw0xMDExMTYwOTIxMTJaFw0yMDExMTMwOTIxMTJaMHwxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJJVDENMAsGA1UEBxMEUGlzYTEUMBIGA1UEChMLUmVnaXN0cm8uaXQxFzAVBgNVBAMTDlJlZ2lzdHJvLml0IENBMSIwIAYJKoZIhvcNAQkBFhNzeXNhZG1pbkBpaXQuY25yLml0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5U+RMCjnQuvzHq7fgJqj4uLHJ7OnEz7FRhJd1X2OejtSFzQAmtrpXSRsZp7qg+AMCYF1xaxZFwXQB3B08357haSfPf0dwtxbyBWhKuKcpDUbOHHnxnHM\/lHsYjDmkORj7vNun3TjaGRRFT354vRPW5R34FowfSkg8nOPIS\/XxQQIDAQABo4HiMIHfMB0GA1UdDgQWBBRENt80e2klAwXa3FJuxjLNFhjmCDCBrwYDVR0jBIGnMIGkgBRENt80e2klAwXa3FJuxjLNFhjmCKGBgKR+MHwxCzAJBgNVBAYTAklUMQswCQYDVQQIEwJJVDENMAsGA1UEBxMEUGlzYTEUMBIGA1UEChMLUmVnaXN0cm8uaXQxFzAVBgNVBAMTDlJlZ2lzdHJvLml0IENBMSIwIAYJKoZIhvcNAQkBFhNzeXNhZG1pbkBpaXQuY25yLml0ggkAqZ44Y9swi1cwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOBgQAFrDWUvJgb6V+jqUXLPIy4ULOpRDsWT2XzURZZ5WOkx2Yr118oLxXmc\/wn2vuo5X5vL7P4mB03vuxuhMGYpypFpaOsYQ8VCK5saM8K7FkH5ARTrWnlYFkoyENqP4gyluvwL9L5HJOIkPIT0mnuEavn\/gxAoJUalJftiH3lj8RMUhYDAwGPDAABiwCArmEyht5IZRYD3QKjerugfd2uK8X5lMxAoC23X\/EKay6Z0Gv+5sUenP4qnPZsDv4PVtwiKSrpSMAhi3p0axeMDiy4+lTRjYVxGdsYjHLHNzi3LzksUdUFbjlI0IAaDRNo+U\/ykzXhjwR8Xg3PgRZDE93YimUQelNRFYx5QKHf4MsAAQIAgBa1dFfTT5BBaGSxj8+AJ77nJQGQ\/0BD89QOnGO6\/2EI19BQKjm7JXGJXW\/XnJrfnVk\/8N2nTmcGNUB4\/\/FCRdKr4oMDPvfjuv7e7sdVKkuDL7Sx66IBy\/wRJYVfcbw91CQQeeeo+3TKQEvuccV9rdZlcFVm3BtwirMuWnXmwXgvBAEAgIYPrFjXk+HhdIaSJuUz8sxf\/Zlh+VDsWaHE9qguCnhdnP60TnCzY46o\/HPZZ4NVREClqrMiCt91T8+WjGkRsFq4tzGbARsgGQgugPnKUoDxtf5GQuyTUCf9Slfh\/dOgRpb7sgAAAARePnuYAAAAAAPY5NQn+9kPrOvrL\/kkxwz31Ak4o2EfKMrgrX9szLLjoXryuObF\/zGgNrmyaq8fejBO90nHcxMHu6ZfHIkWAwMAsA0AAKgFAwQBAkAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwCAAH4wfDELMAkGA1UEBhMCSVQxCzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRQaXNhMRQwEgYDVQQKEwtSZWdpc3Ryby5pdDEXMBUGA1UEAxMOUmVnaXN0cm8uaXQgQ0ExIjAgBgkqhkiG9w0BCQEWE3N5c2FkbWluQGlpdC5jbnIuaXQO"}
00500{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-opvn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581153176,"pkt_ts_usec":716855,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMx8Tl2KDc3AG3ICABFAABoAABAAEAG+B\/AqAFUwAzAZ87tBKpga1xQYFmfoIAYD9hfJAAAAQEIChYNhM8cQO44ADIo1nvkW+XCAesovRmAJlqMfsDgqoZ62+nwdLKzdgAAAARePnuYAQAAAAEZCC6A+cpSgA=="}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_tot_l4_data_len":10009,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":217,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test"}
diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out
index 1efe88066..7ff60b61d 100644
--- a/test/results/443-safari.pcap.out
+++ b/test/results/443-safari.pcap.out
@@ -1,15 +1,15 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1581109359601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":601646,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"}
00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639845,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":639949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoUOqpsjGIAQECxO5AAAAQEICh4p6N4lLqfY"}
00741{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":641072,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEdAABAAEAGAGXAqAENsj7Fgs8nAbvmgoUOqpsjGIAYECyk0wAAAQEICh4p6N8lLqfYFgMBAOQBAADgAwO3U9SDw6dmF9tIkvK4s2zLvIzeuLe65SzRlAWXQjKSvgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACP\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_tot_l4_data_len":381,"flow_min_l4_data_len":32,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1581109359601,"flow_last_seen":1581109359641,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":679612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Q1tAADQGyfKyPsWCwKgBDQG7zyeqmyMY5oKF94AQAfxcAwAAAQEICiUup\/8eKejf"}
02365{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683686,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUQ1xAADQGxFGyPsWCwKgBDQG7zyeqmyMY5oKF94AQAfwvQQAAAQEICiUuqAMeKejfFgMDAGoCAABmAwOKpsicpud3Lmk42Brvx+EObzU7se9MEi0URMjNTzFWCSCCpUGJk7ZDH0ec58XLYe70v2C1P918PawRwoCm\/lXuYMyoAAAe\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIAFwAAFgMDCfgLAAn0AAnxAAVVMIIFUTCCBDmgAwIBAgISA8VvZjbtpy9\/TFZl+gVdkzJVMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMTcwMTE3MjhaFw0yMDAzMTYwMTE3MjhaMBcxFTATBgNVBAMTDHd3dy5udG9wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0hw0GsoNYWYqyF+C6qN1huSqTB54hYtzK8O9B3Gaoq2VuTVLPZrsnkdnWjsiY67K3MXuV3hxF3+a7uvpWI1yoiVKKRsCxlotTLogPYMVlmS1lXlhLbcRJsE06lpUoUfIqd9nhdS1qcPhdP3O0DQtmy5ZnEpCvaFEvJVsWYs14cIDEXg2qj0WAxL4WWLXX1nH5KUg7UU6A4BPNriqw7q+ENbt\/LgSbKf2bpONuxvtmzizdKSLBAl5JYKkFmYVahKr6A1Rw0SMJc8jSsG7e0fhn34F+bKeYFJG8jj3PvhkfnzlS+\/zLszVqdlK9s04TeFBenpzFHRQq3f2ghWvAwxsECAwEAAaOCAmIwggJeMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUZnc5l2YnJaq+4YenuyuWuIfwkdcwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAXBgNVHREEEDAOggx3d3cubnRvcC5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAW8RpWAQAAAEAwBIMEYCIQCEXHqG+IZwGzPayW5xKWPgOdDx2leta5j\/xT6IMByZZwIhAIit7OTYvrSXIn9iq6M8wgPh+GecLBjv6z+5lpf\/Lz0wAHYAB7dcG+V9aP\/xsMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFvEaVgLQAABAMARzBFAiAwKF1AGnKIoaES2V+MamcAr04N7T4BaQl9ku2Y4xVe0QIhAKiTfhJ90\/v8na0xK+UzRSH7VCPuL71ZW8GYiWrE2FRuMA0GCSqGSIb3DQEBCwUAA4IBAQAX+utCDtfpaHChE4rj5AbnazNhoNgjE8GsJmfGFmNB+2bnJnmSi4wSK9dK4XP8V88ijT5ZJbo1UuEDc2+uLMqkoXTvTSiWE7N8GhWUy+8nS71tA+H3MyNzvrzw2YcGaS5p\/p6kvnljqCHzi0+8m0KpgZql4CAaMgZQkh4ZXqXGdWQJYWQ7jmsVYx7C+001Salz1+jM4Oy0kuBOeSiM\/Y29RQT6skkmq2+hdtFOGqBPL2Lvg7Ate2Vhy9kmZM5kZWhcFQtqa80FpIvBnxm9"}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_tot_l4_data_len":1885,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02370{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683783,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUQ11AADQGxFCyPsWCwKgBDQG7zyeqmyi45oKF94AQAfxqRgAAAQEICiUuqAMeKejfPt8Ab9ikVY26upZFcjk5GVz69qcHyZPstbE8xsWVy+8c2HkQT7CPitQARbkn3eJPvJT+AASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwEsDAABKAMAHSDNFhiWXs0qHQ8G5wseeubU3TMqxpEWpQ1nZZ1JMWOgDggEAQB4JLARF0gDufAS6PjMl+ZcNHBEMmHC5rEI60VQXue9HUGpA8dhR7\/ICwLrTYdp\/W4\/35H1BC1LLjBJjDSuMcNXD1cCam3980yesF6NCICWmLZ3GpmD7NFbRHQJuBQDPScWpjYAG4j\/p+d0iFEHJDGNZU3K1VDwv12wLyU1gAhbuwuVf2lyP10LAbU\/fROyYVTGQZrMVaNoUB7o+SLvlt\/yCy6N"}
-01021{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_tot_l4_data_len":3357,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":479,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
+01032{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}
00566{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683785,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"KDc3AG3IEBMx8Tl2CABFAACaQ15AADQGyYmyPsWCwKgBDQG7zyeqmy5Y5oKF94AYAfz2WgAAAQEICiUuqAMeKejflBRBgMGZVdRZOR8f6IjhktBdhoE6\/DQgaS5VQe24xAg6UiVLi4vdkyT6xDPJHOiyUXMCwGj8UsvLwTibbAWapVLRMci9o6jUhBO+6V0kA0KpQQxXe\/PUsiKT3S7QFgMDAAQOAAAA"}
00425{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoX3qpsuWIAQD9JCvwAAAQEICh4p6QklLqgD"}
00427{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":683850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoX3qpsuvoAQD89CXAAAAQEICh4p6QklLqgD"}
@@ -18,5 +18,5 @@
00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948101,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"KDc3AG3IEBMx8Tl2CABFAABlQ2BAADQGybyyPsWCwKgBDQG7zyeqmy7p5oKGTIAYAfzx6QAAAQEICiUuqQweKenmFwMDACyPw1aJHd3EuqdSE\/LScQ19HUZ6b\/Hrxr1Ppm2Om5KPE2xvVddH2ITgh0Twfg=="}
00429{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoZMqpsu6YAQD\/4\/oQAAAQEICh4p6gwlLqkM"}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"443-safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1581109359,"pkt_ts_usec":948184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAU7AqAENsj7Fgs8nAbvmgoZMqpsvGoAQD\/0\/cQAAAQEICh4p6gwlLqkM"}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_tot_l4_data_len":18535,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":452,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test"}
diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out
index 5f08cad55..0a120e4c3 100644
--- a/test/results/4in6tunnel.pcap.out
+++ b/test/results/4in6tunnel.pcap.out
@@ -1,9 +1,9 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19243,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1543235434019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}}
00552{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19246,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00832{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19247,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02371{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1543235434,"pkt_ts_usec":19248,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1412,"flow_avg_l4_data_len":445,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test"}
diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out
index 8921a6b08..0a1f99af4 100644
--- a/test/results/6in4tunnel.pcap.out
+++ b/test/results/6in4tunnel.pcap.out
@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444236893450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":450580,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00527{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236893,"pkt_ts_usec":555356,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00611{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236894,"pkt_ts_usec":230722,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="}
@@ -15,6 +15,6 @@
00529{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236898,"pkt_ts_usec":563922,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xltAAPgpDV24af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAGyeXY8BX2JOFVYAAAAAFvgGAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00530{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":458727,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8uBRAAP8pFKSuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAO2XXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
00529{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"6in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444236899,"pkt_ts_usec":563862,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlxAAPgpDVy4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAOyXXY8BYGNOFVYAAAAAlf0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"}
-00477{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_tot_l4_data_len":35975,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1877,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test"}
diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out
index 340db20ca..a2d4fc6f1 100644
--- a/test/results/6in6tunnel.pcap.out
+++ b/test/results/6in6tunnel.pcap.out
@@ -1,10 +1,10 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00497{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":162188,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="}
-00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00493{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1335197872,"pkt_ts_usec":164220,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQP7tAAAAAAAAAAAAAAAAvu\/+7QAAAAAAAAAAAAAAAMr+YAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIHQWVlZWQ=="}
-00492{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
-00450{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00436{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1335197872162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
+00458{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1335197872164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test"}
diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
index 5b8473699..baf97feb5 100644
--- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out
+++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out
@@ -1,10 +1,10 @@
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1445156939131,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1445156939131,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00410{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":131847,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"}
00411{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":145123,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152068,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="}
00505{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":152099,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":101,"pkt_l4_len":77,"pkt":"DwAIAEXAAGH4lEAAAQa2H2QQAQJkEAEBR5QAs7zqddIZWdOAUBhAAOt1AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBAABALQLCwsLHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAAAAE="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":20,"flow_max_l4_data_len":77,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
00408{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165354,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="}
00508{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165405,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":101,"pkt_l4_len":77,"pkt":"DwAIAEXAAGGvgUAAAQb\/MmQQAQFkEAECALNHlBlZ04C86nYLUBg\/xyizAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ADkBBPwAALRubm5uHAIGAQQAAQABAgKAAAICAgACAkYAAgZBBAAA\/AA="}
00453{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":165414,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"pkt":"DwAIAEXAADuvgkAAAQb\/V2QQAQFkEAECALNHlBlZ07m86nYLUBg\/xzlsAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
@@ -15,5 +15,5 @@
00409{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156939,"pkt_ts_usec":202563,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4l0AAAQa2VWQQAQJkEAEBR5QAs7zqdh4ZWdR6UBA\/Bj2HAAA="}
00455{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156988,"pkt_ts_usec":877283,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"pkt":"DwAIAEXAADuvhUAAAQb\/VGQQAQFkEAECALNHlBlZ1Hq86nYeUBg\/tDirAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ABME"}
00408{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1445156989,"pkt_ts_usec":230918,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"pkt":"DwAIAEXAACj4mEAAAQa2VGQQAQJkEAEBR5QAs7zqdh4ZWdSNUBA+8z2HAAA="}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test"}
diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out
index 665e260dd..140edb013 100644
--- a/test/results/BGP_redist.pcap.out
+++ b/test/results/BGP_redist.pcap.out
@@ -1,8 +1,8 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00543{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167156,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00155{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":135,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00576{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1256636836,"pkt_ts_usec":167195,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":135,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":135,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"proto":"BGP","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1256636836167,"flow_last_seen":0,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test"}
diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out
index 3d2fa2a4e..feaf97764 100644
--- a/test/results/EAQ.pcap.out
+++ b/test/results/EAQ.pcap.out
@@ -1,21 +1,21 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820948562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":562939,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="}
00404{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":566510,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"}
00402{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":569287,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcBAAEAGRhQKCAABrcJ3MND5AFA4ezYmx4TJ21AQOQh2hQAA"}
00541{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":576642,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"ABoRAAACABoRAAABCABFAACMxcFAAEAGRa8KCAABrcJ3MND5AFA4ezYmx4TJ21AYOQihdAAAR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IHRlc3QNCkNvbm5lY3Rpb246IGNsb3NlDQpIb3N0OiB3d3cuZ29vZ2xlLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":20,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
+00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1432820948562,"flow_last_seen":1432820948576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com","url":"www.google.com\/","code":0,"content_type":"","user_agent":"test"}}
00404{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":576764,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAANAABAGO9KtwncwCggAAQBQ0PnHhMnbOHs2ilAQ\/\/+vKQAA"}
01141{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":665784,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"ABoRAAACABoRAAABCABFAAJMAARAABAGOa2twncwCggAAQBQ0PnHhMnbOHs2ilAQ\/\/+kWAAASFRUUC8xLjEgMzAyIEZvdW5kDQpDYWNoZS1Db250cm9sOiBwcml2YXRlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KTG9jYXRpb246IGh0dHA6Ly93d3cuZ29vZ2xlLmNvbS5ici8\/Z2ZlX3JkPWNyJmVpPTFCeG5WY1A5T0tLazh3ZTUwb0RBQWcNCkNvbnRlbnQtTGVuZ3RoOiAyNjINCkRhdGU6IFRodSwgMjggTWF5IDIwMTUgMTM6NDk6MDggR01UDQpTZXJ2ZXI6IEdGRS8yLjANCkFsdGVybmF0ZS1Qcm90b2NvbDogODA6cXVpYyxwPTANCkNvbm5lY3Rpb246IGNsb3NlDQoNCjxIVE1MPjxIRUFEPjxtZXRhIGh0dHAtZXF1aXY9ImNvbnRlbnQtdHlwZSIgY29udGVudD0idGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgiPgo8VElUTEU+MzAyIE1vdmVkPC9USVRMRT48L0hFQUQ+PEJPRFk+CjxIMT4zMDIgTW92ZWQ8L0gxPgpUaGUgZG9jdW1lbnQgaGFzIG1vdmVkCjxBIEhSRUY9Imh0dHA6Ly93d3cuZ29vZ2xlLmNvbS5ici8\/Z2ZlX3JkPWNyJmFtcDtlaT0xQnhuVmNQOU9LS2s4d2U1MG9EQUFnIj5oZXJlPC9BPi4NCjwvQk9EWT48L0hUTUw+DQo="}
00404{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcJAAEAGRhIKCAABrcJ3MND5AFA4ezaKx4TL\/1AQO\/BxFQAA"}
00405{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":716290,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAVAABAGO9CtwncwCggAAQBQ0PnHhMv\/OHs2ilAR\/\/+tBAAA"}
00403{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":767743,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxcNAAEAGRhEKCAABrcJ3MND5AFA4ezaKx4TMAFAUO\/BxEAAA"}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820948836,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":836590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8DwhAAEAG\/NAKCAABrcJ3GJ4TAFBXrfy9AAAAAKACOQj5jgAAAgQFtAQCCAoABPO1AAAAAAEDAwQ="}
00406{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":837811,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAZAABAGO+etwncYCggAAQBQnhOoUgNCV638vlAS\/\/\/iigAA"}
00404{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":844861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDwlAAEAG\/OMKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AQOQipgwAA"}
00596{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":845685,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"ABoRAAACABoRAAABCABFAACzDwpAAEAG\/FcKCAABrcJ3GJ4TAFBXrfy+qFIDQ1AYOQjjRAAAR0VUIC8\/Z2ZlX3JkPWNyJmVpPTFCeG5WY1A5T0tLazh3ZTUwb0RBQWcgSFRUUC8xLjENClVzZXItQWdlbnQ6IHRlc3QNCkNvbm5lY3Rpb246IGNsb3NlDQpIb3N0OiB3d3cuZ29vZ2xlLmNvbS5icg0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_tot_l4_data_len":239,"flow_min_l4_data_len":20,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
+00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1432820948836,"flow_last_seen":1432820948845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google.com.br","url":"www.google.com.br\/?gfe_rd=cr&ei=1BxnVcP9OKKk8we50oDAAg","code":0,"content_type":"","user_agent":"test"}}
00406{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820948,"pkt_ts_usec":845959,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAdAABAGO+atwncYCggAAQBQnhOoUgNDV639SVAQ\/\/\/iAAAA"}
02255{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":195569,"pkt_caplen":1436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1436,"pkt_l4_len":1402,"pkt":"ABoRAAACABoRAAABCABFAAWOAAhAABAGNn+twncYCggAAQBQnhOoUgNDV639SVAQ\/\/9SqwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDI4IE1heSAyMDE1IDEzOjQ5OjA5IEdNVA0KRXhwaXJlczogLTENCkNhY2hlLUNvbnRyb2w6IHByaXZhdGUsIG1heC1hZ2U9MA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTktMQ0KU2V0LUNvb2tpZTogUFJFRj1JRD1mMzM3M2NkNmQyZTI1YmE1OkZGPTA6VE09MTQzMjgyMDk0OTpMTT0xNDMyODIwOTQ5OlM9T1pqVzc3bG1HX19RNUttcTsgZXhwaXJlcz1TYXQsIDI3LU1heS0yMDE3IDEzOjQ5OjA5IEdNVDsgcGF0aD0vOyBkb21haW49Lmdvb2dsZS5jb20uYnINClNldC1Db29raWU6IE5JRD02Nz1ycWdzX2JoV1NrLXdpYjNZZTV6cTRmOXBLb3JLZ1BiSWtQSkZNTUg1Uld3VzlZa3NrZW0xbE95Wk1Bb1NncFdwSmpRYzJxY1ZxWGMwX2xOOE9PNlp3ZGFjV3NNWUFKUnU3UXZrTmRrdEVTdUlWRjV2X2RWOVZtMEZvY25fRDkxZTsgZXhwaXJlcz1GcmksIDI3LU5vdi0yMDE1IDEzOjQ5OjA5IEdNVDsgcGF0aD0vOyBkb21haW49Lmdvb2dsZS5jb20uYnI7IEh0dHBPbmx5DQpQM1A6IENQPSJUaGlzIGlzIG5vdCBhIFAzUCBwb2xpY3khIFNlZSBodHRwOi8vd3d3Lmdvb2dsZS5jb20vc3VwcG9ydC9hY2NvdW50cy9iaW4vYW5zd2VyLnB5P2hsPWVuJmFuc3dlcj0xNTE2NTcgZm9yIG1vcmUgaW5mby4iDQpTZXJ2ZXI6IGd3cw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBbHRlcm5hdGUtUHJvdG9jb2w6IDgwOnF1aWMscD0wDQpBY2NlcHQtUmFuZ2VzOiBub25lDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbm5lY3Rpb246IGNsb3NlDQoNCjwhZG9jdHlwZSBodG1sPjxodG1sIGl0ZW1zY29wZT0iIiBpdGVtdHlwZT0iaHR0cDovL3NjaGVtYS5vcmcvV2ViUGFnZSIgbGFuZz0icHQiPjxoZWFkPjxtZXRhIGNvbnRlbnQ9Ii9pbWFnZXMvZ29vZ2xlX2Zhdmljb25fMTI4LnBuZyIgaXRlbXByb3A9ImltYWdlIj48dGl0bGU+R29vZ2xlPC90aXRsZT48c2NyaXB0PihmdW5jdGlvbigpe3dpbmRvdy5nb29nbGU9e2tFSTonMVJ4blZjR1NFb3piZ2dTS2w0Qm8nLGtFWFBJOicxODE2NywzNzAwMjQ1LDQwMDM1MTAsNDAyNjExMCw0MDI4ODc1LDQwMjk1NjgsNDAyOTgxNSw0MDMwMTI1LDQwMzI1MDAsNDAzMjUyMSw0MDMyNjMxLDQwMzI2NDMsNDAzMjY0NSw0MDMyNjc4LDQwMzMxODMsNDAzMzMwNyw0MDMzMzQ0LDQwMzQyNzAsNDAzNDMyMyw0MDM0NDI1LDQwMzQ4ODQsNDAzNTgxNiw0MDM2MTQ5LDQwMzYxNTgsNDAzNjE2NCw0MDM2NDg1LDQwMzY1MzEsNDAzNjUzOSw0MDM2NjY1LDQwMzY4NDgsNDAzNzQ1Nyw0MDM3NTMxLDgzMDAxNzUsODUwMDM5NCw4NTAxMjQ4LDg1MDEyOTUsODUwMTMzNiw4NTAxMzUxLDg="}
00404{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":246075,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDwtAAEAG\/OEKCAABrcJ3GJ4TAFBXrf1JqFIIqVAQQMib0gAA"}
@@ -26,215 +26,215 @@
04101{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347577,"pkt_caplen":2818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2818,"pkt_l4_len":2784,"pkt":"ABoRAAACABoRAAABCABFAAr0AAtAABAGMRatwncYCggAAQBQnhOoUh5BV639SVAQ\/\/+mPAAAaXVzOjJweH0ua2QtYnV0dG9uLXN1Ym1pdHtib3JkZXI6MXB4IHNvbGlkICMzMDc5ZWQ7YmFja2dyb3VuZC1jb2xvcjojNGQ5MGZlO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1ncmFkaWVudChsaW5lYXIsbGVmdCB0b3AsbGVmdCBib3R0b20sZnJvbSgjNGQ5MGZlKSx0bygjNDc4N2VkKSk7YmFja2dyb3VuZC1pbWFnZTotd2Via2l0LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1tb3otbGluZWFyLWdyYWRpZW50KHRvcCwjNGQ5MGZlLCM0Nzg3ZWQpO2JhY2tncm91bmQtaW1hZ2U6LW1zLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOi1vLWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtiYWNrZ3JvdW5kLWltYWdlOmxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjNDc4N2VkKTtmaWx0ZXI6cHJvZ2lkOkRYSW1hZ2VUcmFuc2Zvcm0uTWljcm9zb2Z0LmdyYWRpZW50KHN0YXJ0Q29sb3JTdHI9JyM0ZDkwZmUnLEVuZENvbG9yU3RyPScjNDc4N2VkJyl9LmtkLWJ1dHRvbi1zdWJtaXQ6aG92ZXJ7Ym9yZGVyOjFweCBzb2xpZCAjMmY1YmI3O2JhY2tncm91bmQtY29sb3I6IzM1N2FlODtiYWNrZ3JvdW5kLWltYWdlOi13ZWJraXQtZ3JhZGllbnQobGluZWFyLGxlZnQgdG9wLGxlZnQgYm90dG9tLGZyb20oIzRkOTBmZSksdG8oIzM1N2FlOCkpO2JhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotbW96LWxpbmVhci1ncmFkaWVudCh0b3AsIzRkOTBmZSwjMzU3YWU4KTtiYWNrZ3JvdW5kLWltYWdlOi1tcy1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTotby1saW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7YmFja2dyb3VuZC1pbWFnZTpsaW5lYXItZ3JhZGllbnQodG9wLCM0ZDkwZmUsIzM1N2FlOCk7ZmlsdGVyOnByb2dpZDpEWEltYWdlVHJhbnNmb3JtLk1pY3Jvc29mdC5ncmFkaWVudChzdGFydENvbG9yU3RyPScjNGQ5MGZlJyxFbmRDb2xvclN0cj0nIzM1N2FlOCcpfS5rZC1idXR0b24tc3VibWl0OmFjdGl2ZXstd2Via2l0LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTstbW96LWJveC1zaGFkb3c6aW5zZXQgMCAxcHggMnB4IHJnYmEoMCwwLDAsMC4zKTtib3gtc2hhZG93Omluc2V0IDAgMXB4IDJweCByZ2JhKDAsMCwwLDAuMyl9I3Btb2xuayBhe2NvbG9yOiNmZmY7ZGlzcGxheTppbmxpbmUtYmxvY2s7Zm9udC13ZWlnaHQ6Ym9sZDtwYWRkaW5nOjVweCAyMHB4O3RleHQtZGVjb3JhdGlvbjpub25lO3doaXRlLXNwYWNlOm5vd3JhcH0ueGJ0bntjb2xvcjojOTk5O2N1cnNvcjpwb2ludGVyO2ZvbnQtc2l6ZToyM3B4O2xpbmUtaGVpZ2h0OjVweDtwYWRkaW5nLXRvcDo1cHh9LnBhZGl7cGFkZGluZzowIDhweCAwIDEwcHh9LnBhZHR7cGFkZGluZzo1cHggMjBweCAwIDA7Y29sb3I6IzQ0NH0ucGFkc3t0ZXh0LWFsaWduOmxlZnQ7bWF4LXdpZHRoOjIwMHB4fTwvc3R5bGU+IDxkaXYgY2xhc3M9InBtb2FicyIgaWQ9InBtb2NudHIyIiBzdHlsZT0iYmVoYXZpb3I6dXJsKCNkZWZhdWx0I3VzZXJkYXRhKTtkaXNwbGF5Om5vbmUiPiA8dGFibGUgYm9yZGVyPSIwIj4gPHRyPiA8dGQgY29sc3Bhbj0iMiI+IDxkaXYgY2xhc3M9InhidG4iIG9uY2xpY2s9Imdvb2dsZS5wcm9tb3MmJmdvb2dsZS5wcm9tb3MudG9hc3QmJiBnb29nbGUucHJvbW9zLnRvYXN0LmNwYygpIiBzdHlsZT0iZmxvYXQ6cmlnaHQiPiZ0aW1lczs8L2Rpdj4gPC90ZD4gPC90cj4gPHRyPiA8dGQgY2xhc3M9InBhZGkiIHJvd3NwYW49IjIiPiA8aW1nIHNyYz0iL2ltYWdlcy9pY29ucy9wcm9kdWN0L2Nocm9tZS00OC5wbmciPiA8L3RkPiA8dGQgY2xhc3M9InBhZHMiPlVtIG5hdmVnYWRvciBkYSBXZWIgbWFpcyBy4XBpZG88L3RkPiA8L3RyPiA8dHI+IDx0ZCBjbGFzcz0icGFkdCI+IDxkaXYgY2xhc3M9ImtkLWJ1dHRvbi1zdWJtaXQiIGlkPSJwbW9sbmsiPiA8YSBocmVmPSIvY2hyb21lL2luZGV4Lmh0bWw\/aGw9cHQtQlImYW1wO2JyYW5kPUNITkcmYW1wO3V0bV9zb3VyY2U9cHQtQlItaHBwJmFtcDt1dG1fbWVkaXVtPWhwcCZhbXA7dXRtX2NhbXBhaWduPXB0LUJSIiBvbmNsaWNrPSJnb29nbGUucHJvbW9zJiZnb29nbGUucHJvbW9zLnRvYXN0JiYgZ29vZ2xlLnByb21vcy50b2FzdC5jbCgpIj5JbnN0YWxhciBvIEdvb2dsZSBDaHJvbWU8L2E+IDwvZGl2PiA8L3RkPiA8L3RyPiA8L3RhYmxlPiA8L2Rpdj4gPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPihmdW5jdGlvbigpe3ZhciBhPXtzOnt9fTthLnMudmE9NTA7YS5zLnJhPTEwO2Eucy5hYT0iYm9keSI7YS5zLlJhPSEwO2Eucy5VYT1mdW5jdGlvbihiLGMpe3ZhciBkPWEucy5IYSgpO2Eucy5KYShkLGIsYyk7YS5zLlZhKGQpO2Eucy5SYSYmYS5zLlNhKGQpfTthLnMuVmE9ZnVuY3Rpb24oYil7KGI9YS5zLmNhKGIpKSYmMDxiLmZvcm1zLmxlbmd0aCYmYi5mb3Jtc1swXS5zdWJtaXQoKX07YS5zLkhhPWZ1bmN0aW9uKCl7dmFyIGI9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiaWZyYW1lIik7Yi5oZWlnaHQ9MDtiLndpZHRoPTA7Yi5zdHlsZS5vdmVyZmxvdz0iaGlkZGVuIjtiLnN0eWxlLnRvcD1iLnN0eWxlLmxlZnQ9Ii0xMDBweCI7Yi5zdHlsZS5wb3NpdGlvbj0iYWJzb2x1dGUiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYik7cmV0dQ=="}
00406{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347607,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDw5AAEAG\/N4KCAABrcJ3GJ4TAFBXrf1JqFIeQVAUa\/hbBgAA"}
00404{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":347729,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGC+0KCAABrcJ3GJ4TAFBXrf1JAAAAAFAEAACNogAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820949586,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":586102,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNX0AAAAAAAADdoAAUsHAACQAA=="}
00411{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685742,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAAxAABARDWHIuYqSCggAARdwzCEAGAX1AAAAAAAADdoAAUsHAABgAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820949685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":685834,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGKD\/AAAAAAAADdoAAZnTAACQAA=="}
00412{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735425,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA1AABARGhDIuX3iCggAARdwvvoAGND\/AAAAAAAADdoAAZnTAABgAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820949735,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":735516,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL5HAAAAAAAADdoAAlupAACQAA=="}
00411{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA5AABARA6XIwpRDCggAARdwyXEAGO5HAAAAAAAADdoAAlupAABgAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820949,"pkt_ts_usec":806470,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGGTWAAAAAAAADdoAAuOuAACQAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820950801,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":801312,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGJCGAAAAAAAADdoABKxeAACQAA=="}
00411{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865307,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAA9AABARA6XIwpRCCggAARdwpnwAGMCGAAAAAAAADdoABKxeAABgAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820950865,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":865399,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGGvdAAAAAAAADdoABM0IAACQAA=="}
00411{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935162,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABBAABARA6LIwpRECggAARdwqnkAGJvdAAAAAAAADdoABM0IAABgAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820950,"pkt_ts_usec":935254,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLKfAAAAAAAADdoABbA\/AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820951,"pkt_ts_usec":932141,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGJu8AAAAAAAADdoABbltAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820952,"pkt_ts_usec":931622,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGDyZAAAAAAAADdoABeFcAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820953,"pkt_ts_usec":931775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGP9hAAAAAAAADdoABgTEAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820954,"pkt_ts_usec":931988,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGAf9AAAAAAAADdoABloAAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820955,"pkt_ts_usec":933026,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGNz1AAAAAAAADdoABltPAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820956,"pkt_ts_usec":931836,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGMFvAAAAAAAADdoABnqLAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432820957932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":932110,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGKK2AAAAAAAADdoABqTdAACQAA=="}
00412{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985150,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABFAABARE6PIwoRCCggAARdwq8sAGNK2AAAAAAAADdoABqTdAABgAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820957,"pkt_ts_usec":985242,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGIZAAAAAAAAADdoABqZqAACQAA=="}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432820957985,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432820955933,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820950935,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820952931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820951932,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820949806,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820953931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432820956931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820954931,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432820958981,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820958,"pkt_ts_usec":981671,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGEQwAAAAAAAADdoABxYcAACQAA=="}
00411{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35290,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABJAABARE6HIwoRDCggAARdwmREAGHQwAAAAAAAADdoABxYcAABgAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432820959035,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":35351,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHB\/AAAAAAAADdoAB7TmAACQAA=="}
00413{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95105,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABNAABARE5\/IwoRECggAARdwzfYAGKB\/AAAAAAAADdoAB7TmAABgAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820959,"pkt_ts_usec":95196,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGDoLAAAAAAAADdoAB90SAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820960,"pkt_ts_usec":101788,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGBIjAAAAAAAADdoACAGNAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820961,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGAmjAAAAAAAADdoACRl0AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820962,"pkt_ts_usec":101819,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGEXvAAAAAAAADdoACRqlAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820963,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGMqYAAAAAAAADdoADHkgAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820964,"pkt_ts_usec":101849,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGL1eAAAAAAAADdoADHsIAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820965,"pkt_ts_usec":101300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGI6AAAAAAAAADdoADHv8AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820966,"pkt_ts_usec":101330,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGKGGAAAAAAAADdoADHzSAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820967,"pkt_ts_usec":101727,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGNXsAAAAAAAADdoADH2JAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820968,"pkt_ts_usec":101514,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGIaLAAAAAAAADdoADH5fAACQAA=="}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432820960101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432820962101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432820965101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432820967101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432820961101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432820964101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432820968101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432820959095,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432820963101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432820966101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820969,"pkt_ts_usec":101269,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGKbHAAAAAAAADdoADrlDAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820970,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGJpnAAAAAAAADdoADrp0AACQAA=="}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":111371,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGNRlAAAAAQAADdsAAUyUAACQAA=="}
00411{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":175091,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABRAABARDVnIuYqSCggAARdwzCEAGARmAAAAAQAADdsAAUyUAABgAA=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1432820949586,"flow_last_seen":1432820971175,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":175152,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR6hwKCAAByLl94r76F3AAGJ\/qAAAAAQAADdsAAZrmAACQAA=="}
00412{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":265057,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABVAABARGgjIuX3iCggAARdwvvoAGM\/qAAAAAQAADdsAAZrmAABgAA=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1432820949685,"flow_last_seen":1432820971265,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":265149,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07IKCAAByMKUQ8lxF3AAGL1RAAAAAQAADdsAAlydAACQAA=="}
00411{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":335217,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABZAABARA53IwpRDCggAARdwyXEAGO1RAAAAAQAADdsAAlydAABgAA=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1432820949735,"flow_last_seen":1432820971335,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":335278,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07MKCAAByMKUQqZ8F3AAGKzSAAAAAQAADdsABZAPAACQAA=="}
00411{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":405408,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABdAABARA53IwpRCCggAARdwpnwAGNzSAAAAAQAADdsABZAPAABgAA=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1432820950801,"flow_last_seen":1432820971405,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00411{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":406842,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGJfzAAAAAQAADdsABqDuAACQAA=="}
00411{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475323,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABhAABARA5rIwpRECggAARdwqnkAGMfzAAAAAQAADdsABqDuAABgAA=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1432820950865,"flow_last_seen":1432820971475,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820971,"pkt_ts_usec":475415,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIJFAAAAAQAADdwAAsY8AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820972,"pkt_ts_usec":471448,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLwmAAAAAQAADdwABaa1AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820973,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1eAAAAAQAADdwABafIAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820974,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE8vAAAAAQAADdwABc7DAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820975,"pkt_ts_usec":471997,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+WAAAAAQAADdwABfSNAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820976,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB5FAAAAAQAADdwABkO1AACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820977,"pkt_ts_usec":471478,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPN5AAAAAQAADdwABkTIAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820978,"pkt_ts_usec":471356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNEoAAAAAQAADdwABmrPAACQAA=="}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432820977471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432820972471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432820974471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432820973471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432820971475,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432820975471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432820969101,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432820978471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432820976471,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432820970111,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":471387,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWJAAAAAQAADdwABpIHAACQAA=="}
00412{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565289,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABlAABARE5vIwoRCCggAARdwq8sAGOWJAAAAAQAADdwABpIHAABgAA=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1432820957932,"flow_last_seen":1432820979565,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820979,"pkt_ts_usec":565381,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJmsAAAAAQAADdwABpL7AACQAA=="}
00412{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":561383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFMTAAAAAQAADdwABwc2AACQAA=="}
00412{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615033,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABpAABARE5nIwoRDCggAARdwmREAGIMTAAAAAQAADdwABwc2AABgAA=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1432820958981,"flow_last_seen":1432820980615,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
00412{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":615124,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHylAAAAAQAADdwAB6i9AACQAA=="}
00412{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685010,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABtAABARE5fIwoRECggAARdwzfYAGKylAAAAAQAADdwAB6i9AABgAA=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1432820959035,"flow_last_seen":1432820980685,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820980,"pkt_ts_usec":685101,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3SAAAAAQAADdwAB8lIAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820981,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCMsAAAAAQAADdwAB\/CBAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820982,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCE7AAAAAQAADdwACQHZAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820983,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF3iAAAAAQAADdwACQKvAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820984,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOaZAAAAAQAADdwADF0cAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820985,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNpxAAAAAQAADdwADF3yAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820986,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKvQAAAAAQAADdwADF6pAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820987,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL8TAAAAAQAADdwADF9CAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820988,"pkt_ts_usec":681378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPOYAAAAAQAADdwADF\/aAACQAA=="}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432820979565,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432820981681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432820983681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432820986681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432820988681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432820982681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432820985681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432820980685,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432820984681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432820987681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820989,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKSTAAAAAQAADdwADGBUAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00412{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820990,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLjEAAAAAQAADdwADqdDAACQAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820991,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKy\/AAAAAQAADdwADqgZAACQAA=="}
00411{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":681348,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOZEAAAAAgAADd0AATqyAACQAA=="}
00411{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820992,"pkt_ts_usec":745099,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsABxAABARDVHIuYqSCggAARdwzCEAGBZFAAAAAgAADd0AATqyAABgAA=="}
@@ -246,93 +246,93 @@
00412{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25220,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAB9AABARA5XIwpRCCggAARdwpnwAGO1\/AAAAAgAADd0ABX9fAABgAA=="}
00411{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":25311,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKgIAAAAAgAADd0ABpDWAACQAA=="}
00412{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125256,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACBAABARA5LIwpRECggAARdwqnkAGNgIAAAAAgAADd0ABpDWAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820993,"pkt_ts_usec":125378,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIg4AAAAAgAADd4AAsBGAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820994,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLxBAAAAAgAADd4ABaaXAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820995,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK16AAAAAgAADd4ABaepAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820996,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGFCaAAAAAgAADd4ABc1VAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820997,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA90AAAAAgAADd4ABfSsAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820998,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB3IAAAAAgAADd4ABkQvAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820999,"pkt_ts_usec":121350,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPM5AAAAAgAADd4ABkUFAACQAA=="}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432820999121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432820994121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432820996121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432820995121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432820993125,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432820997121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432820990681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432820989681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432820998121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432820991681,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821000,"pkt_ts_usec":121411,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNI4AAAAAgAADd4ABmm8AACQAA=="}
00413{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":121380,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLbWAAAAAgAADd4ABpC3AACQAA=="}
00413{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":184949,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACFAABARE5PIwoRCCggAARdwq8sAGObWAAAAAgAADd4ABpC3AABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821001,"pkt_ts_usec":185071,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJr5AAAAAgAADd4ABpGrAACQAA=="}
00413{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":181775,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFLyAAAAAgAADd4ABwdUAACQAA=="}
00413{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235699,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACJAABARE5HIwoRDCggAARdwmREAGILyAAAAAgAADd4ABwdUAABgAA=="}
00413{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":235821,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGINPAAAAAgAADd4AB6IQAACQAA=="}
00414{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314892,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACNAABARE4\/IwoRECggAARdwzfYAGLNPAAAAAgAADd4AB6IQAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821002,"pkt_ts_usec":314953,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEydAAAAAgAADd4AB8p6AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821003,"pkt_ts_usec":311322,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCJUAAAAAgAADd4AB\/FWAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821004,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGFyuAAAAAgAADd4ACQPgAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821005,"pkt_ts_usec":311841,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGCEZAAAAAgAADd4ACQH4AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821006,"pkt_ts_usec":311749,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOVGAAAAAgAADd4ADF5sAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821007,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNkAAAAAAgAADd4ADF9gAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821008,"pkt_ts_usec":311902,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKp9AAAAAgAADd4ADF\/5AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821009,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL3BAAAAAgAADd4ADGCRAACQAA=="}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432821001185,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432821003311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1432821004311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1432821008311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1432821005311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1432821007311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432821000121,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432821002314,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1432821006311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1432821009311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821010,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPInAAAAAgAADd4ADGFIAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821011,"pkt_ts_usec":311383,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKMiAAAAAgAADd4ADGHCAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821012,"pkt_ts_usec":311566,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfNAAAAAgAADd4ADqg3AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821013,"pkt_ts_usec":311413,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKtOAAAAAgAADd4ADqmHAACQAA=="}
00412{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":311352,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYEAAAAAwAADd8AATrvAACQAA=="}
00412{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":375073,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACRAABARDUnIuYqSCggAARdwzCEAGBYFAAAAAwAADd8AATrvAABgAA=="}
@@ -344,93 +344,93 @@
00412{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585400,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACdAABARA43IwpRCCggAARdwpnwAGOwtAAAAAwAADd8ABYCuAABgAA=="}
00412{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":585492,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKcRAAAAAwAADd8ABpHKAACQAA=="}
00412{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655194,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAChAABARA4rIwpRECggAARdwqnkAGNcRAAAAAwAADd8ABpHKAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821014,"pkt_ts_usec":655285,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIdgAAAAAwAADeAAAsEbAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821015,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLvjAAAAAwAADeAABabyAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821016,"pkt_ts_usec":651837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGK1YAAAAAwAADeAABafIAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821017,"pkt_ts_usec":651715,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE\/BAAAAAwAADeAABc4rAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821018,"pkt_ts_usec":651745,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA+uAAAAAwAADeAABfRvAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821019,"pkt_ts_usec":651349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB7YAAAAAwAADeAABkMcAACQAA=="}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1432821010311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1432821015651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1432821017651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1432821016651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1432821014655,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1432821018651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1432821012311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1432821011311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1432821019651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1432821013311,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821020,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPQqAAAAAwAADeAABkQRAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821021,"pkt_ts_usec":652356,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNJTAAAAAwAADeAABmmeAACQAA=="}
00413{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":651318,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLItAAAAAwAADeAABpVdAACQAA=="}
00413{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695019,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAClAABARE4vIwoRCCggAARdwq8sAGOItAAAAAwAADeAABpVdAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821022,"pkt_ts_usec":695111,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJYxAAAAAwAADeAABpZwAACQAA=="}
00413{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":691357,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFQBAAAAAwAADeAABwZCAACQAA=="}
00413{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACpAABARE4nIwoRDCggAARdwmREAGIQBAAAAAwAADeAABwZCAABgAA=="}
00413{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":735272,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGH4sAAAAAwAADeAAB6cwAACQAA=="}
00413{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795178,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACtAABARE4fIwoRECggAARdwzfYAGK4sAAAAAwAADeAAB6cwAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821023,"pkt_ts_usec":795300,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGEzXAAAAAwAADeAAB8o9AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821024,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rIKCAAByMKFQ96sF3AAGCNFAAAAAwAADeAAB\/BiAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821025,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37MKCAAByMKIQo7IF3AAGF2AAAAAAwAADeAACQMLAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821026,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rEKCAAByMKFRM9DF3AAGB8PAAAAAwAADeAACQP\/AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821027,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37EKCAAByMKIRKueF3AAGOUlAAAAAwAADeAADF6KAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821028,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bMKCAAByMKGQrjyF3AAGNjAAAAAAwAADeAADF+dAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821029,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bEKCAAByMKGRObaF3AAGKo9AAAAAwAADeAADGA2AACQAA=="}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1432821022695,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1432821020651,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1432821024791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.67","src_port":57004,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1432821025791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.66","src_port":36552,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1432821029791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.68","src_port":59098,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1432821026791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.68","src_port":53059,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1432821028791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.66","src_port":47346,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1432821021652,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1432821023795,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1432821027791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.68","src_port":43934,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821030,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rIKCAAByMKVQ8P\/F3AAGL2BAAAAAwAADeAADGDOAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821031,"pkt_ts_usec":791424,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rEKCAAByMKVRI7hF3AAGPIFAAAAAwAADeAADGFnAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821032,"pkt_ts_usec":791363,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR37IKCAAByMKIQ+ptF3AAGKLiAAAAAwAADeAADGH\/AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821033,"pkt_ts_usec":791394,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR0rMKCAAByMKVQoJMF3AAGLfoAAAAAwAADeAADqgZAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821034,"pkt_ts_usec":791791,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4bIKCAAByMKGQ5x6F3AAGKvFAAAAAwAADeAADqkNAACQAA=="}
00412{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":791333,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3WwKCAAByLmKkswhF3AAGOYfAAAABAAADeEAATrRAACQAA=="}
00413{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821035,"pkt_ts_usec":895062,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsACxAABARDUHIuYqSCggAARdwzCEAGBYgAAAABAAADeEAATrRAABgAA=="}
@@ -442,70 +442,70 @@
00413{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAC9AABARA4XIwpRCCggAARdwpnwAGOxnAAAABAAADeEABYBxAABgAA=="}
00412{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":105115,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR07EKCAAByMKURKp5F3AAGKdLAAAABAAADeEABpGNAACQAA=="}
00413{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155347,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADBAABARA4LIwpRECggAARdwqnkAGNdLAAAABAAADeEABpGNAABgAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821036,"pkt_ts_usec":155499,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rMKCAAByMKNQqHeF3AAGIc+AAAABAAADeIAAsE6AACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821037,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rEKCAAByMKNRId\/F3AAGLuEAAAABAAADeIABadOAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821038,"pkt_ts_usec":152539,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rIKCAAByMKJQ5k1F3AAGKz5AAAABAAADeIABagkAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821039,"pkt_ts_usec":151471,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rMKCAAByMKJQtBqF3AAGE9jAAAABAAADeIABc6GAACQAA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821040,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR3rEKCAAByMKJROo3F3AAGA63AAAABAAADeIABfVjAACQAA=="}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1432821031791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.68","src_port":36577,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1432821037152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.68","src_port":34687,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1432821039151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.66","src_port":53354,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1432821038152,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.67","src_port":39221,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1432821036155,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.66","src_port":41438,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1432821040151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.137.68","src_port":59959,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1432821033791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.66","src_port":33356,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1432821032791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.136.67","src_port":60013,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1432821030791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1432821034791,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821041,"pkt_ts_usec":151349,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rIKCAAByMKBQ5RhF3AAGB9PAAAABAAADeIABkKiAACQAA=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821042,"pkt_ts_usec":151410,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rMKCAAByMKBQr4aF3AAGPSDAAAABAAADeIABkO1AACQAA=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821043,"pkt_ts_usec":151593,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR5rEKCAAByMKBRLpiF3AAGNE+AAAABAAADeIABmqwAACQAA=="}
00413{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":151837,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47MKCAAByMKEQqvLF3AAGLWfAAAABAAADeIABpHoAACQAA=="}
00414{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555127,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADFAABARE4PIwoRCCggAARdwq8sAGOWfAAAABAAADeIABpHoAABgAA=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821044,"pkt_ts_usec":555249,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR2rIKCAAByMKNQ72zF3AAGJnBAAAABAAADeIABpLdAACQAA=="}
00413{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":551404,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47IKCAAByMKEQ5kRF3AAGFRaAAAABAAADeIABwXmAACQAA=="}
00414{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":604962,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADJAABARE4HIwoRDCggAARdwmREAGIRaAAAABAAADeIABwXmAABgAA=="}
00413{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":605023,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR47EKCAAByMKERM32F3AAGHtMAAAABAAADeIAB6oNAACQAA=="}
00415{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664807,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsADNAABARE3\/IwoRECggAARdwzfYAGKtMAAAABAAADeIAB6oNAABgAA=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432821045,"pkt_ts_usec":664868,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"ABoRAAACABoRAAABCABFAAAsAABAAEAR4rMKCAAByMKFQttAF3AAGE3JAAAABAAADeIAB8lIAACQAA=="}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_tot_l4_data_len":10113,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2784,"flow_avg_l4_data_len":722,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_tot_l4_data_len":848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":568,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1432821044555,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.141.67","src_port":48563,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1432820959035,"flow_last_seen":1432821045664,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.68","src_port":52726,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1432820949685,"flow_last_seen":1432821035985,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.125.226","src_port":48890,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1432821042151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.66","src_port":48666,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1432820950801,"flow_last_seen":1432821036105,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.66","src_port":42620,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1432820948836,"flow_last_seen":1432820949347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2764,"flow_tot_l4_payload_len":9813,"flow_avg_l4_payload_len":700,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.24","src_port":40467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":10,"flow_first_seen":1432820958981,"flow_last_seen":1432821045604,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.67","src_port":39185,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1432820949735,"flow_last_seen":1432821036045,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.67","src_port":51569,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1432820948562,"flow_last_seen":1432820948767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":648,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1432821043151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.68","src_port":47714,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1432820950865,"flow_last_seen":1432821036155,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.148.68","src_port":43641,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1432820949586,"flow_last_seen":1432821035895,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.185.138.146","src_port":52257,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1432821045664,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.133.66","src_port":56128,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":10,"flow_first_seen":1432820957932,"flow_last_seen":1432821044555,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.132.66","src_port":43979,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","ndpi": {"proto":"EAQ","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1432821041151,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test"}
diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out
index b7ba52c9d..09b9a01f2 100644
--- a/test/results/IEC104.pcap.out
+++ b/test/results/IEC104.pcap.out
@@ -1,12 +1,12 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1317629088495,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00414{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":495135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1317629088520,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":520615,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eCvLK7lWABIAxkrACABFAAAoSx9AAH0GYW0Kr9MDCndpGglk1fFZgPwe3z\/\/ZlAQ+y9PxQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":532081,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCvLK7lWABIAxkrACABFAAAuUsZAAH0GWcIKr9MBCndpGglk1fBIoLt3AFkTVVAY\/em9wgAAaAQBAEK5"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1317629088495,"flow_last_seen":1317629088532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00415{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":536185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCvLK7lWABIAxkrACABFAAAuSyRAAH0GYWIKr9MDCndpGglk1fFZgPwe3z\/\/ZlAY+y+j+QAAaAQBAEK5"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1317629088520,"flow_last_seen":1317629088536,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":731206,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9JAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7fVAQAP5RXAAA"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629088,"pkt_ts_usec":739193,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"}
00442{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629089,"pkt_ts_usec":467434,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eCvLK7lWABIAxkrACABFAABDF19AAH0GlRQKr9MBCndpGglk1fBIoLt9AFkTVVAY\/em4zAAAaBksfkK5JAEDABQpy7ICzcwsPgCU3AKKIwoL"}
@@ -18,6 +18,6 @@
00563{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":298203,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"eCvLK7lWABIAxkrACABFAACaGK9AAH0Gk20Kr9MBCndpGglk1fBIoL1FAFkTVVAY\/emmigAAaFUyfkK5JAUDABQpDw8bAACAPwAF3wKKIwoLDw8ZAAAAQgAF3wKKIwoLDw8eAACAPwAF3wKKIwoLDw8SAIDDQgAF3wKKIwoLDw8Qq6q0QgAF3wKKIwoLaBk0fkK5JAEDABQqDw4Rq6qwQgAF3wKKIwoL"}
00408{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":496349,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoMG9AAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC9t1AQAPxRXAAA"}
00444{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1317629090,"pkt_ts_usec":498077,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"eCvLK7lWABIAxkrACABFAABDGPtAAH0Gk3gKr9MBCndpGglk1fBIoL23AFkTVVAY\/emDkQAAaBk2fkK5JAEDABQpy68CzcwsvgA94AKKIwoL"}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_tot_l4_data_len":843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":70,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":20,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test"}
diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out
index 0efbcac1b..7bb1c9cd3 100644
--- a/test/results/KakaoTalk_chat.pcap.out
+++ b/test/results/KakaoTalk_chat.pcap.out
@@ -1,65 +1,65 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00445{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069021,"pkt_ts_usec":959113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069021959,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":6995,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD8AAEAAQBHSHQoYUrwKvAEBixMANQArGNJpegEAAAEAAAAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069022006,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00443{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":7117,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEB4dgANQAqGG9RAgEAAAEAAAAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQAB"}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069022007,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00527{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":41815,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHgb0gAANREBEwq8AQEKGFK8ADWLEwBk4PlpeoGAAAEAAwAAAAAHYWMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABZUADQdhYy10YWxrAmdswBTALwABAAEAAACbAARuTI1wwC8AAQABAAAAmwAEAckAJw=="}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":43,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"ac-talk.kakao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.112"}}
00495{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":41999,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb0wAANREBKAq8AQEKGFK8ADWWMABOrZ2G7YGAAAEAAgAAAAAEYXV0aAVrYWthbwNjb20AAAEAAcAMAAUAAQAABccACgRhdXRoAmdswBHALAABAAEAAABWAATSZ\/AP"}
-00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00568{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":42121,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":166,"pkt_l4_len":130,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJbtdwAANREvTwq8AQEKGFK8ADXh2ACCeK5RAoGAAAEABQAAAAAGa2F0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD9AAMBmthdGFsawJnbMATwC4AAQABAAAAegAEbkyOIsAuAAEAAQAAAHoABAHJAD3ALgABAAEAAAB6AAQByQA\/wC4AAQABAAAAegAEbkyNJQ=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":42,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"katalk.kakao.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.34"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00452{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":58570,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":84,"pkt_l4_len":48,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEQAAEAAQBHSGAoYUrwKvAEBo7UANQAwrR37RAEAAAEAAAAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQAB"}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069022058,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":59149,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBMmwANQAtbIX3UQEAAAEAAAAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00444{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":59638,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEB5boANQAoZpVNewEAAAEAAAAAAAAEaXRlbQVrYWthbwNjb20AAAEAAQ=="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069022059,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00496{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":93909,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":114,"pkt_l4_len":78,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGIb1QAANREBJgq8AQEKGFK8ADXlugBOjwdNe4GAAAEAAgAAAAAEaXRlbQVrYWthbwNjb20AAAEAAcAMAAUAAQAABdUACgRpdGVtAmdswBHALAABAAEAAADUAATSZ\/AP"}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"item.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00511{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":94092,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGzteAAANREveAq8AQEKGFK8ADUybABYuHj3UYGAAAEAAgAAAAAEdXAtbQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLW0EdGFsawJnbMAWwDEAAQABAAAAeAAE0mfwEA=="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-m.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00519{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":94214,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLteQAANREvcQq8AQEKGFK8ADWjtQBeT7D7RIGAAAEAAgAAAAAHYm9va2luZwRsb2NvBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wASB2Jvb2tpbmcEbG9jbwJnbMAZwDQAAQABAAAAeAAEbkyOfQ=="}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":48,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"booking.loco.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.142.125"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":100592,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBFykANQAtVi4l7AEAAAEAAAAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069022100,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":104834,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBI4YANQAt2SeQlQEAAAEAAAAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069022104,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":105414,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB3fQANQAtU9dudwEAAAEAAAAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069022105,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00512{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234412,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1gAANREBGwq8AQEKGFK8ADUXKQBYAAol7IGAAAEAAgAAAAAEdXAtcAR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlQAPBHVwLXAEdGFsawJnbMAWwDEAAQABAAAAiwAE0mfwEA=="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-p.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00512{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234626,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb1wAANREBGgq8AQEKGFK8ADUjhgBYgN2QlYGAAAEAAgAAAAAEdXAtdgR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFlwAPBHVwLXYEdGFsawJnbMAWwDEAAQABAAAAqwAE0mfwEA=="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-v.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00512{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":234717,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGztegAANREvdgq8AQEKGFK8ADXd9ABYZqtud4GAAAEAAgAAAAAEdXAtYwR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAD8wAPBHVwLWMEdGFsawJnbMAWwDEAAQABAAAAeAAEbkyNVQ=="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-c.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.85"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":249457,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBcWUANQAtiQin1QEAAAEAAAAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069022249,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00456{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":252173,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":82,"pkt_l4_len":46,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEIAAEAAQBHSGgoYUrwKvAEBYh0ANQAu\/udwlQEAAAEAAAAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":252722,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEBqEUANQAtOYa3iAEAAAEAAAAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069022252,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":282050,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":124,"pkt_l4_len":88,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGwb2AAANREBGQq8AQEKGFK8ADVxZQBYBjqn1YGAAAEAAgAAAAAEdXAtYQR0YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAFwgAPBHVwLWEEdGFsawJnbMAWwDEAAQABAAAARAAE0mfwEA=="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-a.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.16"}}
00475{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":295691,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":97,"pkt_l4_len":61,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFHtewAANREvkAq8AQEKGFK8ADWoRQA9yiS3iIGAAAEAAQAAAAAEZG4tbAR0YWxrBWtha2FvA2NvbQAAAQABwAwAAQABAAAEOQAEbkyNVg=="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"dn-l.talk.kakao.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.86"}}
00513{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":295813,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":126,"pkt_l4_len":90,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG4b2QAANREBFgq8AQEKGFK8ADViHQBaJnpwlYGAAAEAAgAAAAAFdXAtZ3AEdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAABasAEAV1cC1ncAR0YWxrAmdswBfAMgABAAEAAACsAARuTI0a"}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":46,"flow_max_l4_data_len":90,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069022297,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"up-gp.talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"110.76.141.26"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069022297,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":297766,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzzVkAAPwZJoAoYUrxn9jn7x00fkMsN9JkAAAAAoAI5CGIPAAACBAV4BAIICgALB88AAAAAAQMDBw=="}
00448{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":411444,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQZO92f2OfsKGFK8H5DHTSs\/AzbLDfSaoBIWoGVTAAACBAV4BAIICpj2V6UACwfPAQMDCQ=="}
00435{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":419806,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzV0AAPwZJpwoYUrxn9jn7x00fkMsN9JorPwM3gBAAc6oGAAABAQgKAAsH25j2V6U="}
@@ -67,12 +67,12 @@
00436{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":611701,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbH0AALgby32f2OfsKGFK8H5DHTSs\/AzfLDfbngBAADqdRAAABAQgKmPZYbQALB+A="}
00720{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":647742,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":274,"pkt_l4_len":238,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAQJbIEAALgbyEGf2OfsKGFK8H5DHTSs\/AzfLDfbngBgADsrbAAABAQgKmPZYlAALB+DKAAAAoFkC\/4gP8tCNfpuCjPQ03kX5ZT2hwz0SDRU07eJflBwtFPV5JKc4qwZt9JmLd5nDiTYuAz6hED52mR1p+zgppELWWzSgjEgOr0doFoIFR2TYBxPm5xdGUCIRoKCHpKsU3VWhb+nYsDx5Pf8LCQ5Oo8lRB6Gg9+zmhy4riv76TlqCUugtK45ol2sMT3a1TCBjfuA7G\/n4jpBG8I4WhofsXSCtmEkKDblHy\/21GbGey\/YH3wn8eRewb+YRKoHNU\/+oeWFRMCrCIIrlzQ=="}
00435{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069022,"pkt_ts_usec":651343,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzWUAAPwZJpQoYUrxn9jn7x00fkMsN9ucrPwQFgBAAe6XcAAABAQgKAAsH85j2WJQ="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069026012,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069026012,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00420{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":12030,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq7kAArAYRrNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00419{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":58295,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00421{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":148230,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq70AArQYQq9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00420{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":156775,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069026370,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069026370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":370215,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzmtkAAPwbpMgoYUryt\/GECiq8Bu\/wa79AAAAAAoAI5CCGaAAACBAV4BAIICgALCWYAAAAAAQMDBw=="}
00476{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069026,"pkt_ts_usec":490363,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzWkAAPwZJhQoYUrxn9jn7x00fkMsN9ucrPwQFgBgAezf0AAABAQgKAAsJcpj2WJQbAAAAo1kC\/4gP7taEcNXOxadg3tEhq8tPTAcjxeAa"}
00476{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":365912,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzW0AAPwZJhAoYUrxn9jn7x00fkMsN9ucrPwQFgBgAezedAAABAQgKAAsJyZj2WJQbAAAAo1kC\/4gP7taEcNXOxadg3tEhq8tPTAcjxeAa"}
@@ -82,8 +82,8 @@
00424{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":408118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACyOBEAA+AaI9K38YQIKGFK8AbuKr2Aiq0X8Gu\/RYBIRHJekAAACBAV4"}
00421{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":415442,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmuEAAPwbpRAoYUryt\/GECiq8Bu\/wa79FgIqtGUBA5CIc5AAA="}
00671{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069027,"pkt_ts_usec":422126,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmuUAAPwboiwoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_first_seen":1430069026370,"flow_last_seen":1430069027422,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00418{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":75659,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgUEEAA+AZ+3XgcGvIKGFK8AFCGx0Ds0yKXy0vyUBQAAEEKAAA="}
00424{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":103644,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACynf0AA+AZvea38YQIKGFK8AbuKr2YOB1z8Gu\/RYBIRHDWiAAACBAV4"}
00421{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":105689,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmukAAPwbpQgoYUryt\/GECiq8Bu\/wa8IlgIqtGUBA5CIaBAAA="}
@@ -92,175 +92,175 @@
00436{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":238593,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzXEAAPwZJogoYUrxn9jn7x00fkMsN9wYrPwQwgBAAe42TAAABAQgKAAsKIZj2bmU="}
00421{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069028,"pkt_ts_usec":960211,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq8kAArAYRqNg63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00419{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069029,"pkt_ts_usec":28022,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":83014,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBHSGwoYUrwKvAEB7lMANQAt50i5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":83228,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEEAAEAAQBEUGwoYUrwKvL8B7lMANQAtKUi5OgEAAAEAAAAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQAB"}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069030083,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00505{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":115576,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGccBgAANREA8Aq8AQEKGFK8ADXuUwBTwyO5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAAHYwAKBHBsdXMCZ2zAFsAxAAEAAQAAAQkABNJn8A8="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":45,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
00505{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":119544,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":119,"pkt_l4_len":83,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGf90QAANRFhIwq8vwEKGFK8ADXuUwBTEye5OoGAAAEAAgAAAAAJcGx1cy10YWxrBWtha2FvA2NvbQAAAQABwAwABQABAAADlQAKBHBsdXMCZ2zAFsAxAAEAAQAAAMkABNJn8A8="}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":45,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
-00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"plus-talk.kakao.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"210.103.240.15"}}
+00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00544{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":119696,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":147,"pkt_l4_len":111,"pkt":"AAQCEgAAAAAAAAAAAAAIAEXAAIMZuAAAQAE5cQoYUrwKvL8BAwMj8wAAAABFAABn\/dEAADURYSMKvL8BChhSvAA17lMAUxMnuTqBgAABAAIAAAAACXBsdXMtdGFsawVrYWthbwNjb20AAAEAAcAMAAUAAQAAA5UACgRwbHVzAmdswBbAMQABAAEAAADJAATSZ\/AP"}
-00485{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069030121,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00489{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069030121,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":121588,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwrfUAAPwbw8woYUrzSZ\/APk70Bu6\/qIaMAAAAAoAI5CH35AAACBAV4BAIICgALCt4AAAAAAQMDBw=="}
00423{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":159674,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwUQ0AA+AZPPdJn8A8KGFK8AbuTvWC6rQuv6iGkYBIRHPMdAAACBAV4"}
00421{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":162268,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrfkAAPwbxBgoYUrzSZ\/APk70Bu6\/qIaRguq0MUBA5COKyAAA="}
00716{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":171973,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQArf0AAPwbwLQoYUrzSZ\/APk70Bu6\/qIaRguq0MUBg5CN2\/AAAWAwEA0wEAAM8DAVU9HyfJAvY\/iCLGWBYFY6M34NB+ZLfXCieB9l4jqbmhICKG\/HsNhwdjbCYE9375OW83ETGox9gGaZ9Lj69f7wR6AEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1430069030121,"flow_last_seen":1430069030171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":201514,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgbNgNJn8A8KGFK8AbuTvWC6rQyv6iGkYBClZGRQAAABAQEB"}
00419{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":219794,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgcBkAAjwawftJn8A8KGFK8AbuTvWC6rQyv6iJ8UBCkjHZWAAA="}
02147{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":296057,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSgcB0AAjwarfdJn8A8KGFK8AbuTvWC6rQyv6iJ8UBCkjCrpAAAWAwEAUQIAAE0DAVU9HybSxelSaq+pzmyJ9iH7XTYBi90VegBpgRmAoaXMIG1yJoOhsfxA3WeIW6NaHJC+xs4pmCDhwQX3Hd61kRPCAC8AAAX\/AQABABYDAQ1cCwANWAANVQAEkzCCBI8wggN3oAMCAQICEHBxAlA9e78ophcAJA6JZewwDQYJKoZIhvcNAQEFBQAwPDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRoYXd0ZSwgSW5jLjEWMBQGA1UEAxMNVGhhd3RlIFNTTCBDQTAeFw0xNDA0MTgwMDAwMDBaFw0xNjA0MTcyMzU5NTlaMGUxCzAJBgNVBAYTAktSMRQwEgYDVQQIEwtHeWVvbmdnaS1kbzEUMBIGA1UEBxQLU2VvbmduYW0tc2kxFDASBgNVBAoUC0tha2FvIENvcnAuMRQwEgYDVQQDFAsqLmtha2FvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdBgTNDUchcOlqz4AjXSOi\/BcjY+nqEiKfppHMuXJO3yGAFmWhd9O+QBCm8FcKZId9u+XO\/um9F0vmt2qfDKgWEZzJg9B6SDfGolTUXhgk+nFdcE+S86ZtHITX7kSDXzmWcPrT6RJ0PN551hp\/GdJ+xmFbpNL2nv+CJCtbz92qR+yKEPTqSSnlzR89VsAXsBFgk4O0PitPyU2Xtqz+5c\/enf99utZy\/VMz7gvdC\/aVXMBorKXtqwbf1dxYqtxp6htoLhcZBYya6Lxnd54fIw4rshOg27mE5Bn7MAbOHc0PO94q1KalkWJCTnyw3svUS+OZW13LZpEW5Hgu\/jjQaMR8CAwEAAaOCAWIwggFeMBYGA1UdEQQPMA2CCyoua2FrYW8uY29tMAkGA1UdEwQCMAAwQgYDVR0gBDswOTA3BgpghkgBhvhFAQc2MCkwJwYIKwYBBQUHAgEWG2h0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzLzAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUp6KDuzRFQD381TBPErk+oQGf9tswOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL3N2ci1vdi1jcmwudGhhd3RlLmNvbS9UaGF3dGVPVi5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGkGCCsGAQUFBwEBBF0wWzAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTA1BggrBgEFBQcwAoYpaHR0cDovL3N2ci1vdi1haWEudGhhd3RlLmNvbS9UaGF3dGVPVi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAEvk4yJ5GQZJjDzFLUrMFlBcD5uqP2DKwtFXXOSxaOkky94i9Uhfy7m06\/v4+iOEZVwfFAhpzoTNlly1sPZpMgJyCJ9X4jAYQgiUFyR8fKM\/armugJYR4o3GxrpmZILs6uldpFhtPBRUKSKU0yMcXueyHm\/2X+ml5UR1JeYCWg8gFnncL\/IN7BuZa9Gf6J0+hJSZeIXsEPg15pir43Yi0sJuk7IYfyqYMnMjaGDs7p8Ad+KYYTNX0gD8K9dUkSsuPJJaD9fOM2mjg5ypvUtvrvd6E\/aWowgetkckYpQ9D\/YTqpvJ4IELD8pwbZBD9NSYbX1EPo0PjwPS0vsgCoPcqFkABHAwggRsMA=="}
-00802{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_tot_l4_data_len":1664,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":237,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1430069030121,"flow_last_seen":1430069030296,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1496,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00646{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":300360,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":224,"pkt_l4_len":188,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAANAcCEAAjwav1NJn8A8KGFK8AbuTvWC6sgyv6iJ8UBikjBF9AACCA1SgAwIBAgIQTV8sNAiyTCDNbVB+JE3J7DANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcmk="}
02143{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":301276,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSgcCUAAjware9Jn8A8KGFK8AbuTvWC6srSv6iJ8UBCkjBhFAAB6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjA8MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRYwFAYDVQQDEw1UaGF3dGUgU1NMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeSFW3ZJfS8F2MWsyMip09yY5tc0pi8M8iIm2KPJFEyPBaRF6BQMWJAFGrfFwQalgK+7HUlrUjSIw1nn72vEJ0GMK2Yd0OCjl5gZNEtB1ZjVxwWtouTX7QytT8G1sCH9PlBTssSQ0NQwZ2ya8Q50xMLciuiX\/8mSrgGKVgqYMrAAI+yQGmDD7bs6yw9jnw1EyVLhJZa\/7VCViX9WFLG3YR0cB4w6LPf\/gN45RdWvGtF42MdxaqMZpzJQIenyDqHGEwNESNFmqFJX1xG0k4vlmZ9d53hR5U32t1m0drUJN00GOBN6HAiYXMRISstSoKn4sZ2Oe3mwIC88lqgRYke7EQIDAQABo4H7MIH4MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EuY3JsMA4GA1UdDwEB\/wQEAwIBBjAoBgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVmVyaVNpZ25NUEtJLTItOTAdBgNVHQ4EFgQUp6KDuzRFQD381TBPErk+oQGf9tswHwYDVR0jBBgwFoAUe1tFz6\/Oy3r9MZIaarbzRutXSFAwDQYJKoZIhvcNAQEFBQADggEBAIAigOBsyJUW11cmh\/NyNNvGclYnPtOW9i4lkaU+M5enS+Uv+yV9Lwdh+m+DdExMU3IgpHrPUVFWgYiwbR82LMgrsYiZwf5Eq0hRfNjyRGQq2HGn+xov+RmNNLIjv8RMVR2OROiqXZrdn\/0Dx7okQ40tR0Tb9tiYyLL52u\/tKVxpEvrRI5YPv5wN8nlFUzeaVi\/oVxBw9u6JDEmJmsEj9cIqzEHPIqtlbreUgm0vQF9Y3uuVK6ZyaFIZkSqudZ1OkubK3lTqGKslPOZkpnkfJn1h7X3S5XFV2JMXfBQ4MDzfhuNMrUnjl1nOG5srztxl1Asoa06ERlFE9zMILViXIa4ABEkwggRFMIIDrqADAgECAhAzZVAIea1z4jC54B0Nf6yRMA0GCSqGSIb3DQEBBQUAMIHOMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIgQ0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wHhcNMDYxMTE3MDAwMDAwWhcNMjAxMjMwMjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDA=="}
00422{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304267,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgEAAPwbxBAoYUrzSZ\/APk70Bu6\/qInxgurIMUBBBANTiAAA="}
00422{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304419,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgUAAPwbxAwoYUrzSZ\/APk70Bu6\/qInxgurK0UBBLAMo6AAA="}
00422{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":304541,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrgkAAPwbxAgoYUrzSZ\/APk70Bu6\/qInxgure0UBBVALs6AAA="}
01491{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":336219,"pkt_caplen":848,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":848,"pkt_l4_len":812,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA0AcCkAAjwatYtJn8A8KGFK8AbuTvWC6t7Sv6iJ8UBikjPhiAAB0aGF3dGUsIEluYy4xKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAyMDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN\/wLMxnCd3\/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm\/rWt0RjSiaXISQEHoNvXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+680iJgDblbnd+6\/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbVL5HMfHFyHMXAZ+sy\/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5uKWn7OUkmHgmlgHtALevoJ4XJ\/mH9fuZ8lx3VnQIDAQABo4HCMIG\/MA8GA1UdEwEB\/wQFMAMBAf8wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUe1tFz6\/Oy3r9MZIaarbzRutXSFAwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVByZW1pdW1TZXJ2ZXJDQS5jcmwwDQYJKoZIhvcNAQEFBQADgYEAhKhMyT4qvJrizI8LsiV3xGGJiWNa1KMVQNT7Xj+0Q+pjFytrmXSeCajd1FYVLnp5MV9jllMbNNkV6k9tcMq+9oKp7dqFd8x2HGqBCiHYQZl\/Xi6Cweiq95OBBaqStB+3msAHF\/XLxrRMDtdW3HEgdDjWdMbWj2uvi42gbCkLYeAWAwEABA4AAAA="}
-01057{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_tot_l4_data_len":4024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","issuerDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
+01068{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":13,"flow_first_seen":1430069030121,"flow_last_seen":1430069030336,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3736,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.kakao.com","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Thawte, Inc., CN=Thawte SSL CA","issuerDN":"C=KR, ST=Gyeonggi-do, L=Seongnam-si, O=Kakao Corp., CN=*.kakao.com","fingerprint":"0D:14:6D:8D:5E:EB:F5:F5:42:87:CD:AB:AE:A1:DC:AA:5A:76:6F:E4"}}
00422{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":338782,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgrg0AAPwbxAQoYUrzSZ\/APk70Bu6\/qInxgurrMUBBfAK4iAAA="}
00671{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":435553,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODmu0AAPwboiQoYUryt\/GECiq8Bu\/wa79FgIqtGUBg5CCTlAAAWAwEAswEAAK8DAVU9HySXfmPaSP66Sz+6k6Z\/7zxfemNbfoeAqoBY5ktfAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
00872{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":469611,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":382,"pkt_l4_len":346,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAW4rhEAAPwbvugoYUrzSZ\/APk70Bu6\/qInxgurrMUBhfAMGpAAAWAwEBBhAAAQIBADHdbtJlVbXP2Me7Ma38p8XS6wSYh+\/vRpK9j6DRf1Em2AM+p7cPSuHY5QUwZ\/vwXG2x7mxyFDwbjTwb2PkmLKI0Ump3aTqTXtuVvVcmhMuWwXk\/DYR4pH2OX1XBOeo\/Pl5TLZglBYU+GsVJLft7PxMPGUXzRakDmG1RVyWwtRalnuwhD\/2Wl\/d1cIBeHJgGzssBXyvaiJaQBQltboVO3gfTXEKif8kN82LDfp7K9ACWYOf4VJAJao0vd3J\/3TvD6jcRgL4U61zLvcOB3Q4flQVIgizBtDjwsIjlNTLEqD0a5DQSjhsPbnCyYELZRdQqR5Xfu5wCvBQnnYeZBa4Y\/EMUAwEAAQEWAwEAMF6qtHnfxQkE14fW7bitUio1+IL\/sCxOok+D\/0MblfYd\/OMJ36oREYUVEOQtHf30uw=="}
00420{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":480017,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACheakAAjwYhk638YQIKGFK8AbuKr2Aiq0b8GvCJUBCkrBrdAAA="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1430069030508,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1430069030508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":508795,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADz6+UAAPwaAjQoYUrwfDURUkrEAUI6+8f0AAAAAoAI5CDAyAAACBAV4BAIICgALCwQAAAAAAQMDBw=="}
00423{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":549536,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy6BkAA+AYIkB8NRFQKGFK8AFCSsWQ58S+OvvH+YBIRHF3ZAAACBAV4"}
00419{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":552619,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6+kAAPwaAoAoYUrwfDURUkrEAUI6+8f5kOfEwUBA5CE1uAAA="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1430069030557,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1430069030557,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00455{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557074,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEMbkEAAjgYQ+x8NREkKGFK8Abu3n2dAc1oKhoE3UBigBOCLAAAVAwEAFgdiLTjhEFi+7He1g59CCs5hRzaz7rI="}
00419{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557379,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyEAAQAZr3goYUrwfDURJt58BuwqGgTdnQHN1UBBuKMBEAAA="}
00420{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":557410,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgbkUAAjgYRFR8NREkKGFK8Abu3n2dAc3UKhoE3UBGgBC\/XAAA="}
00419{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":591071,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgOyUAAQAZr3QoYUrwfDURJt58BuwqGgTdnQHN2UBBuKMBEAAA="}
00671{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":600501,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOP6+0AAPwZ\/5AoYUrwfDURUkrEAUI6+8f5kOfEwUBg5CLGLAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMy4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1430069030508,"flow_last_seen":1430069030600,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
00425{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":600684,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYOlx8NRFQKGFK8AFCSsWQ58TCOvvH+YBD\/\/3RwAAABAQEB"}
00421{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":639655,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACif30AArQZtnx8NRFQKGFK8AFCSsWQ58TCOvvK5UBD\/\/4W7AAA="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":703253,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":78,"pkt_l4_len":42,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD4AAEAAQBHSHgoYUrwKvAEBYBQANQAqICQnwAEAAAEAAAAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1430069030703,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02139{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":731635,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShea0AAjwYckq38YQIKGFK8AbuKr2Aiq0b8GvCJUBCkrNGhAAAWAwEAWQIAAFUDAcFMnoqnHL28zylfQXnHbXmp7QB2K0I4OCMnBtyhT5SjIFTmkW2W6o96+hlbztXJU76jJJdvgLhMP+5whOTkeNqTwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="}
-00801{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_tot_l4_data_len":1920,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1430069026370,"flow_last_seen":1430069030731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00422{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":734564,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmvEAAPwbpQAoYUryt\/GECiq8Bu\/wa8IlgIrBGUBBBAHmJAAA="}
02145{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":736182,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShebEAAjwYcka38YQIKGFK8AbuKr2AisEb8GvCJUBikrPVJAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdA=="}
00422{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":738959,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjmvUAAPwbpPwoYUryt\/GECiq8Bu\/wa8IlgIrVGUBBLAGqJAAA="}
01758{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":740271,"pkt_caplen":1043,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1043,"pkt_l4_len":1007,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABANebUAAjwYdta38YQIKGFK8AbuKr2AitUb8GvCJUBikrC7tAAAAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwEAkQwAAI0DABdBBCtei6pkF7Ihh30IlrkbI+Jxsm\/uAJzeAG6PzBdnOYxE93dfr7QSlu6Nhr9NHU6o1tSsjje+a+kR8pWVe5KLt7wARjBEAiAujbLM+nBgQ9DDXGA8FkGLsmIMEPacaLMIplt6Au\/T6wIgL0KqIWGzS1CoXQgv8AKWMtRyntVQDAdRrg\/X2+gj5\/oWAwEABA4AAAA="}
-01589{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_tot_l4_data_len":4267,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":95,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":15,"flow_first_seen":1430069026370,"flow_last_seen":1430069030740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3915,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00505{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":748175,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGbtpgAANREvUAq8AQEKGFK8ADVgFABSeRsnwIGAAAEAAgAAAAADYXBpCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAD6wAMBHN0YXIEYzEwcsAQwC4AAQABAAAACQAEHw1EVA=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_tot_l4_data_len":124,"flow_min_l4_data_len":42,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1430069030751,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"api.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1430069030751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":751746,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwzN0AAPwZIUAoYUrwfDURUsJkBu9qbOCoAAAAAoAI5CH68AAACBAV4BAIICgALCx0AAAAAAQMDBw=="}
00448{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":835761,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAAjgYshx8NRFQKGFK8AbuwmcDC6aramzgroBKpsCsUAAACBAV4BAIICqKRlfAACwsdAQMDBg=="}
00436{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":839087,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOEAAPwZIVwoYUrwfDURUsJkBu9qbOCvAwumrgBAAcwLZAAABAQgKAAsLJaKRlfA="}
01197{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":840583,"pkt_caplen":631,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":631,"pkt_l4_len":595,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAmczOUAAPwZGIwoYUrwfDURUsJkBu9qbOCvAwumrgBgAc240AAABAQgKAAsLJqKRlfAWAwECLgEAAioDA76a6q0ypg3ba+OWWVF7gyjIWE3lPvKUJBMV6IUnlGQhIC1U45RULLPMlKvTAlYh5N+zhv6zM+AEAVT4gI6fleVZAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFLAAAAFQATAAAQYXBpLmZhY2Vib29rLmNvbQALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwDAKdJiRItdg1e+9Bh8mODTmhuNTVrAqzJ9keCZS7TuZRivHCP304LlPhe+Djs0yurEPgdumukZ4o6zhpa97CMdhZbDbGPi\/1oo0xHsOzHJxu\/l+8GmyAwoVErUBObVx\/AWLW579VOCdf65nCc1eSeef2ueP9+1qDRIbGJ4ntKWe8U7odCyfHta0Xnuf\/K5YCgRDMzTWl4lwXV\/pVqfdtCRCsiJzp5RXj5iwNyPz5kZ+GoBBhp+n5MdnpToY3cxvhxHAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDM3QAAA=="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":32,"flow_max_l4_data_len":595,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1430069030751,"flow_last_seen":1430069030840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":563,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00801{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":855597,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUOf4EAArQZsgx8NRFQKGFK8AFCSsWQ58TCOvvK5UBj\/\/wX6AABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogM3o2a2UxVXU0SHNpbnZIcU5ha1JSUXdtUU5ZQUd1Z0NwV2Y5Yk5CNE9velJSYk1aa3FhSXh6Y2puazc5R3VzZTJQQXN4c0M0QTVRRmd5RlQ1ZStBV1E9PQ0KRGF0ZTogU3VuLCAyNiBBcHIgMjAxNSAxNzoyMzo1MCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
00421{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":860297,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6\/EAAPwaAngoYUrwfDURUkrEAUI6+8rlkOfJLUBA8uEfoAAA="}
00436{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":955695,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSZL0AAjwaSXx8NRFQKGFK8AbuwmcDC6avamzpegBACnv4AAAABAQgKopGWaQALCyY="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00452{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069030,"pkt_ts_usec":978614,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":80,"pkt_l4_len":44,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEAAAEAAQBHSHAoYUrwKvAEBTH4ANQAsPIiqhwEAAAEAAAAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAE="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1430069030978,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02297{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":1044,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaCZMEAAjwaM8h8NRFQKGFK8AbuwmcDC6avamzpegBACnocNAAABAQgKopGWjQALCyYWAwMAbgIAAGoDAz6PGiorbDHMQHs5iFsOrmaGleqKpFcEfDumbgtfeVQNAMArAABCAAAAAP8BAAEAAAsABAMAAQIAIwAAM3QAKQ9zcGR5LzMuMS1mYi0wLjUIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xFgMDDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHSAEOzA5MDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMHsGCCsGAQUFBwEBBG8wbTAkBggrBgEFBQ=="}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_tot_l4_data_len":2159,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":359,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1430069030751,"flow_last_seen":1430069031001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1951,"flow_avg_l4_payload_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
00434{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":4584,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzOkAAPwZIVQoYUrwfDURUsJkBu9qbOl7Awu8XgBAAiPp2AAABAQgKAAsLNqKRlo0="}
02303{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":9040,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaCZMUAAjwaM8R8NRFQKGFK8AbuwmcDC7xfamzpegBgCnhv7AAABAQgKopGWjQALCyYHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAA=="}
00435{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":13587,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzO0AAPwZIVAoYUrwfDURUsJkBu9qbOl7AwvSDgBAAnvTzAAABAQgKAAsLN6KRlo0="}
01518{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":13770,"pkt_caplen":863,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":863,"pkt_l4_len":827,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA0+ZMkAAjwaPQR8NRFQKGFK8AbuwmcDC9IPamzpegBgCni8TAAABAQgKopGWjQALCyZhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwMAlAwAAJADABdBBGm4zcsstg3auPHD1vdv0v9zoOXpds1P25+xqK5yCQtDE6tF6H\/OV\/4sbb3rseYzB1as7RbzKnR9pNthjjbDshMGAwBHMEUCIQCAQKI8S1BxyyJSxK7c9z5gYr\/d82OAaicB\/y\/h2bcwTQIgWQktUXH6zkB0\/oslyKb7oecmcL8fdG\/Jh6bbvg+2vRoWAwMABA4AAAA="}
-01620{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_tot_l4_data_len":4470,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01631{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":115,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1430069030751,"flow_last_seen":1430069031013,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00436{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":16944,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQzPEAAPwZIUwoYUrwfDURUsJkBu9qbOl7AwveegBAAtPHCAAABAQgKAAsLN6KRlo0="}
00530{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":17096,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":138,"pkt_l4_len":102,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHocCwAANREA2Aq8AQEKGFK8ADVMfgBmmjSqh4GAAAEAAwAAAAAFZ3JhcGgIZmFjZWJvb2sDY29tAAABAAHADAAFAAEAAAVxAAYDYXBpwBLAMAAFAAEAAAV2AAwEc3RhcgRjMTBywBLAQgABAAEAAAARAAQfDURG"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":44,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":117,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.70"}}
02242{"flow_id":24,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":42670,"pkt_caplen":1401,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1401,"pkt_l4_len":1365,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABWkzPUAAPwZDHQoYUrwfDURUsJkBu9qbOl7AwveegBgAtB0AAAABAQgKAAsLOqKRlo0WAwMARhAAAEJBBDG34c7NydBVRf6mVQzi\/MwMXnUoOd0JvS1otngBVuiN7hS4zUuR30\/zhdtJJxzSSeM9VE5LTcff8eLYgzMoit8UAwMAAQEWAwMAPOTjOPIureyonxmEtL5pzsQRqFdVWUjvrA30RhsCUinFLfuLw6CiFVROC6aSF2Q+Q9x1j\/\/K0sywjsSjGxYDAwAo5OM48i6t7Klm1eGphEvyxwgHXv2\/1TpAFUXIQFgUOE7wWdAWUQPAqxcDAwRx5OM48i6t7KomCmHgEq3wqFBvtbWuM7Ywyxm7Fd9dqS2fFNJbJikaMij5AfSj7adTQtHIHDB9Vng5PJUjNZBIb+10PmUudcmdd3onbG7\/10KhuKfjOg8f60BIie9ygplKEtbwupfKMKjn761f\/7+L0375WBrGgdhw6nwj1uzH5dpc7FfwlMM+F0rFFuhXV5+BI23skk74iuc+um\/iFwsgz5MlBkue5HmpfEAgLxZerCuQpIuZyvDwhD+0Xpu+s+GlwABfVPta0ipXAAYD6XhOWkWm2VHm5EdhhFhdTEp82P2isqLO9bQitnF19DIFqIYdoNdV\/\/Xdgw5Irb4aSca0VRzZQ3yCtuzZ6gNB32qoDQaikxX8ERyLeXK3sgxD9rcxMYgjTlahVUrZXQbXs3FfZnFi9lBSdExo7V7P3XuthuYj15wRy9Inzv90D89GPf1Fz6WpJARCuhexY6iyUlK627t4HnHof\/JWDb1Kv+dHvHtMBenxvSBbsKoe6PIM88JiVeL7bmJlgwq+eIpJHgsWURcJ\/7fAz8oa6CjRFA+XnJay4Z4FVYzaOAwwLlXdO4Mp4QamJN2e2hflftb59C5eEwLBPkrZQrM5EO7I8rSGhGfhKKllgPXhWQtzWt1ssEmF4GdhocuBnvnCbRi7Mr\/krl5lB2oBw4fbHHvIU3ME\/g\/cFFaQ1lxVBRRNhpNcGeFlmpj5jVySoqXle7l0FTxR7jfnvvBoA6BNeSWqICL9DVejAytwJYK62Kf4kQVNPfC6vXq19CBsbjsG3WxZuVZ\/BPhZXbPmAmEProUWlyTgooiIq8QBRmbTJ9X3lBwvaKfmPh4tXAGrDXxDdOEv4BaUQzeK6U4ghv9emooym688U\/VCtARBQBfHb8Fckj4CFPtg7UgAi81lzg+HtRyG11OrNbyRjv3wfmMtk2p4DGQxCptdBMfZiGNJ8b8wRknwaJ6qHi4KKjhwyAz41OI65PSpM0vQE+MWxaz83qWfo8rnp3ltYIpCuJTJFHD4XBA8PE0jcHgHNpny3eOIc2crMSCNkIDRDMmLHaoQ2gIG58IJQG9bsNAqbyR8KAM8o4SM3Nwc4QLvBjhJK3O5mSUIZzmzHaYFL\/wOt3aG30tT+71Q7Wlkvx7kjGYpbexA9FrI9KqSkfDGI+N0oAva+CjNFMg1AmexNMRDZf9K1D8X+P3EsC2wyx1K8KbkjkGHMame9D8hkR4PVDzcFea88UrFc1DhvH\/0luy5q2a7oSC3zK\/tpGeZh2NE7t5h4NWoTcUUI\/HofVaf7svok4P3XilByfZjto2rcvqY9Q4BY1XslLcZ3oUq1o02eix9Yxbvm\/P71dlvwcquOQ4Syw6HF4BoIPkfWU+z+l61FTYWmXGAw2+kbxAjS7LjtHXE9PN9V5DtTIggNSnLMq4z0F75gwHAKwPdQ3zsKyr\/XjvTIuvU5R6+ZAQTOFr3DK1J65yCk37BGPvf\/0dqV6PHb3ndYwshVqZYX1F8EWRTMDI4fdukwwMIQvvX"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1430069031042,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1430069031042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00447{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":42945,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADx6qUAAPwYA7AoYUrwfDURGqj0Bu4p9cZMAAAAAoAI5CJu+AAACBAV4BAIICgALCzoAAAAAAQMDBw=="}
00423{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":79901,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwwtUAA+AaR7x8NREYKGFK8AbuqPWAZ05aKfXGUYBIRHOtUAAACBAV4"}
00420{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":83289,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6qkAAPwYA\/woYUrwfDURGqj0Bu4p9cZRgGdOXUBA5CNrpAAA="}
01181{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":83594,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":621,"pkt_l4_len":585,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAl16q0AAPwb+yAoYUrwfDURGqj0Bu4p9cZRgGdOXUBg5CM7tAAAWAwECMAEAAiwDAzthSakX6Nys0EmE1wPJQXQGNb7fzUO2auSBp3pzzdruINH9Cd3eMOIjz4Amf0HcxZLKnDb5BWXRj6aZ8z64ZOOBAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFNAAAAFwAVAAASZ3JhcGguZmFjZWJvb2suY29tAAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMBPW8XYuWXc4wYgZOQ6d0T60VO\/cyNe14Z5IjVgMFekE6dQ7u4U9FnQj9Gdy1GUVunfKf6noZBglfKqBP\/YL5CHT93Ljqw5QntaaNZ5kvi+qnkAbVlF3Ab+szOzcduxUvTGYEZP5N4eYbzBK0XGbgzpW6gNtQzHAZ4wCELvRkl\/I\/OlcBgG6SRo\/Rnk4jB4P3zWj7gq\/CUy2yxPClj1804ftHYBJ1lTdWKJLEjp5LhGRTLFHNFFHZzp8G9wkcJTX3IADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMzdAAA"}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_tot_l4_data_len":669,"flow_min_l4_data_len":20,"flow_max_l4_data_len":585,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1430069031042,"flow_last_seen":1430069031083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":565,"flow_tot_l4_payload_len":565,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":127600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYspR8NREYKGFK8AbuqPWAZ05eKfXGUYBClZFyHAAABAQEB"}
00420{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":131598,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACjeLEAAjwZNfB8NREYKGFK8AbuqPWAZ05eKfXPJUBCjUm5qAAA="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00461{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":167395,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEUAAEAAQBHSFwoYUrwKvAEBD7EANQAxznCJ\/wEAAAEAAAAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAQ=="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1430069031167,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00793{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":168158,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":326,"pkt_l4_len":290,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAATaZM0AAjwaRWR8NRFQKGFK8AbuwmcDC957amz+TgBgClXT0AAABAQgKopGXNgALCzoWAwMAygQAAMYAAU\/wAMBVHjamp1t+k3aO+5WCeTt+f0Mn4qniaX\/FZd\/VQ2Tp46vrWFw57jV912dRcSdO8HzZQNIm6laX4t1LURyW0VCf46c1zE9Vzp9xa\/X+dr2du3yuL7BfmnzfuI9r5LpQP+4s1t92fSkjv8w2xSWFQtxM+q88564Ji4ONs\/QHo+VjZKQsG403b14UPkQjBg2dtn0ClHdmFrCsiwuOFJh2y0YnLgOAZD7ae\/TYAuVLKJPntFrqj4LBqCnU0j21wE6LGu8UAwMAAQEWAwMAKJruu5VbafH3STS42RhL4saKJbcTH\/lsE1g5BxcgBJ8dk160d\/X\/VM0="}
00516{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":168738,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":125,"pkt_l4_len":89,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAG2ZNEAAjwaSIR8NRFQKGFK8AbuwmcDC+KDamz+TgBgClWBVAAABAQgKopGXNgALCzoXAwMANJruu5VbafH4HCo2Lued2HtDNlUR3bKRAfTGJJefp5xx\/jRoAHPtVYTMzij7PRWD+9jgkws="}
00499{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":169409,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGGZNUAAjwaSLB8NRFQKGFK8AbuwmcDC+Nnamz+TgBgClQuqAAABAQgKopGXNwALCzoXAwMAKJruu5VbafH5sQRaWN1yXAIV2NGtD21PaTBD2ciGilS4h+QCr8Qyf28="}
02141{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":203681,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSjeLUAAjwZIex8NREYKGFK8AbuqPWAZ05eKfXPJUBCjUo5yAAAWAwMAbgIAAGoDA6\/\/Ua4c\/Z49ONq5ISaENIdBubestbYRwJXDwjnGTSRlAMArAABCAAAAAP8BAAEAAAsABAMAAQIAIwAAM3QAKQ9zcGR5LzMuMS1mYi0wLjUIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xFgMDDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0Lg=="}
-00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_tot_l4_data_len":2013,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+00844{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":7,"flow_first_seen":1430069031042,"flow_last_seen":1430069031203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1845,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
00579{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":204383,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":174,"pkt_l4_len":138,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJ7eLkAAjwZNBB8NREYKGFK8AbuqPWAZ2JeKfXPJUBijUuZWAABjb20vY2EzLWcyOS5jcmwwQgYDVR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6"}
00421{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":207587,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6rEAAPwYA\/QoYUrwfDURGqj0Bu4p9c8lgGdiXUBBBAMu8AAA="}
00422{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":207740,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6rUAAPwYA\/AoYUrwfDURGqj0Bu4p9c8lgGdkNUBBBAMtGAAA="}
02146{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":220252,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSjeL0AAjwZIeR8NREYKGFK8AbuqPWAZ2Q2KfXPJUBCjUsrRAAAvL29jc3AuZGlnaWNlcnQuY29tMEUGCCsGAQUFBzAChjlodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlQ0EtMy5jcnQwDAYDVR0TAQH\/BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAf4TX3s1P66\/caXxbDQe2jnaKngcjwn0ZQ7fV9dU+wEYbO0+Zfe9lQD15+559ykP5zZBA0qyYS1oaVH4+rZibsq6wmVOQtkUvQcR4eU8yULsmSo\/cr\/4OSGnGOgMEc2Z4Wefjmy7XninHx7DzcSL3DSCQtRONEkd3DXfnLIB14XItylFUFoTE4JLmtQw3ZLEGNCUCqhp4w0dyqbrUH9NEGh03DZ\/YZXjlXfdkKOodBniivM67AoemiIEtxRtGh1OIUyl5p31y3Sb8ydj7isPIMP41385LjSnaQ3WZ\/KUmwXGWWD3yw5LQn4q4u5uMPUIkW4Gx6SkSJbJXYbAMHoYulAAGXDCCBlgwggVAoAMCAQICEApfEU0DWxeRF9Lv1AOMPzswDQYJKoZIhvcNAQEFBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0wODA0MDIxMjAwMDBaFw0yMjA0MDMwMDAwMDBaMGYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJTAjBgNVBAMTHERpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIENBLTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/YQopEB9e\/jQ3UQj4Hvsi7WG+Cw1wTFBjJnUVuUGIl7bwoBW7CGDgQugFKRCHNoooZajvMQd0bTaXLyhGZgTHKnkmepnVjsNtT6Berbw9kcJZe142bMBTzwAIMj4QZFgQE2nHDO6cQlEA+QVE7iTOeh\/tjBG9EqjzFfQcejFpARun5l3Ammx+CZ7nUkRKEDoj5Ju2A6+onLRbn9RLrZKMzrURKqo3GI20wrjYXAaM+P8jvTVe1Hw+foMOkZYFmMOyH+PIZeupe12gLMz8PNlt7cz6S0OMydS4pWEcskC2KBLfufhf\/tOyye89tB5LfBxMmTaePevsp2heHd9nbl77AgMBAAGjggL6MIIC9jAOBgNVHQ8BAf8EBAMCAYYwggHGBgNVHSAEggG9MIIBuTCCAbUGC2CGSAGG\/WwBAwACMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAA=="}
01627{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":220923,"pkt_caplen":949,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":949,"pkt_l4_len":913,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA6XeMEAAjwZJ+x8NREYKGFK8AbuqPWAZ3g2KfXPJUBijUjWMAABlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB0GA1UdDgQWBBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zANBgkqhkiG9w0BAQUFAAOCAQEAHuKlSJ5s21M4D++mGiqs4gND7Zq8Po51G\/D9LiJZrBPAYeLn+umZzYcJdVQov0Zg3L5RLJLzG5F8MQhw4je5wVuovaMLAPsaFf0DrVhqxcckmUhHRjEeku+0X040x5C\/McH4sYSG0JwBqt+KVgbOOukOrpd0XddxmkJ0X96NQ3ze6VXtaQDLBeB6YWEz0RlN+QjuoDnFJTW3K8QPst3xpbcOJMQmKI15d\/Uv8Fe6fAfU4fzNWjBXfoYQR90xH9f8osK\/MHxdJKro+a5fanTCzmuzRtghvinUjl4V1kJK5zJvpLFrUYNYvj9tx\/vaAyHLahYZTgrwrYTKXZSzWnb3YRYDAwCUDAAAkAMAF0EEAnf\/MI5+jKoj2RjAXe7n+UOKFFv2nwCt5DQRSL\/ffuk0zKWw5j9DPoNRUaiV668HOp42y8u6+2feJyVsq1j2bwYDAEcwRQIgS9BdwFdYQuZNFXXSW1PFn+v5MIPRFbsAxT+bEy6eA5YCIQCqwUK6Q87Kr\/wKZ9Jsj1QH7DKouuKR6D8Od\/n5Y6QVJRYDAwAEDgAAAA=="}
-01622{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_tot_l4_data_len":4404,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":367,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01633{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":12,"flow_first_seen":1430069031042,"flow_last_seen":1430069031220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4136,"flow_avg_l4_payload_len":344,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"graph.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00540{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":221686,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":144,"pkt_l4_len":108,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAIDtrgAANREvLgq8AQEKGFK8ADUPsQBsjjKJ\/4GAAAEAAwAAAAAKZGV2ZWxvcGVycwhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAAA+oABwRzdGFywBfANQAFAAEAAAPqAAwEc3RhcgRjMTBywBfASAABAAEAAAAIAAQfDURU"}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":49,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":139,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"developers.facebook.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.68.84"}}
00421{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":224372,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6rkAAPwYA+woYUrwfDURGqj0Bu4p9c8lgGd4NUBBLALxGAAA="}
00421{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":224524,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACh6r0AAPwYA+goYUrwfDURGqj0Bu4p9c8lgGeGKUBBVAK7JAAA="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00460{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":230994,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":87,"pkt_l4_len":51,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAEcAAEAAQBHSFQoYUrwKvAEBOToANQAzWvOyogEAAAEAAAAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAAB"}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1430069031230,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01772{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":236731,"pkt_caplen":1053,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1053,"pkt_l4_len":1017,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABA16sEAAPwb9EwoYUrwfDURGqj0Bu4p9c8lgGeGKUBhVAI3tAAAWAwMARhAAAEJBBD2hR1ZxSpq\/s2bE\/jEuVnHZhLsOfXDeW8kA5Vf7lk9JzGTsKpqTz8WcksKfffMvnDRskqK2mDmAm0lNTEbtVsUUAwMAAQEWAwMAPDgatczmcEzE+jBZypW7PvgvPfOYO3SnL4HX\/HbuPNa4Ou2KRWwdFRkakJ+FOn7WvKfMRb1s4C3UMd\/UwhYDAwAoOBq1zOZwTMXQ4JIUcIi0BL3fDVH2BZhsR2W2hrP9cDDIppHu4MM6uxcDAwMhOBq1zOZwTMaJo5seZy5725DDkdN6vFi40cW56kBpjWhZIhTaflCGbAf7jvOuihh+BI\/IOe\/yA9nVbXeJaLGnftSgB00+D+OilsDAoKyLtHxaKhLxH5JwurOk7ZcaHUYvO33rP4ph0CKrAObpqGfBLmD8yxRunBcVPimHXmeRx\/JvQ3gSLxFHw46iVFEgvk57HnAdKl0UpJnQLqeLdbxepSBOwvEyzL2En5zxYzhx1fAxCHQopLPF5GyhBoFvanULTIEm6pPDSeg7wg8Pc7aq7Fkr6ZJOQ8E4ixAkYEzCQfoyoaYEKbQ0biaQLxljr43RJa\/eLFMIAE9c8Hb1XB6\/MXeEi4ha7O3t+7HOdoRA2ky3OOuPNUH5aod8qNn03NFZR0LPQ5XsIVEz+r1rvpsa6EmM5oDIbCKfilvML1vufSR\/42\/CzbR6QpYEXousSC22JJwtv1p3kiioQqV7fYAEtgLuEjNNkwcOU7L139H5kPiOSBQnhGfjrfEvBOZxMRQ2Z3QK9BVMpjI7OaVAgEDrhQC5Q1+uRF2uCOOajPmgHvOKP1Gs8tvTmims1NOW7lfwLEGzEciEmeJ41uXtHGzUlHbMY7r6pEwXuUrGfALOAVMBo8GgRzFLm1FTOUJkFiGUhihPSZaBelN+sQEtwTxQs8CrOGld40GUtQPxYlfOYQ27WComeVqvuCn4lCwfsbcANeFlAomWyAujVoFS7fdjWKxauy5b86PRe0tGVNtfgTRca7y4uIe+D7ze\/fWoHGqBMkDWn6v4Dngwgl8QZDc6PRAYq0fZxoNWqk9rdGCRPCj8iQi2WiDGjEskePU1dWhd1GZJ+OKe52ePGBbf3Zx0PA2GkYC\/q\/1YteAS9Cvqj2c3m5XOUY5lgT1TPE7vKAcTT7exl+T1rNy4kumHQrXEYtm0IhwVqrMfj2UPgpt4qk7Zzaxl9aOBRJjW7GjsMTifs35uWXCubklLcnXB4Xe7WXqaEPNpj5Se3baN95\/XTIQmTa\/4QeS8EBc0nGYLybSUATF2T5daX0VirdX75zqNMnnOIx2SFD\/gRp2DkreMIkNN"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1430069031236,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1430069031236,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":236945,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxjDkAAPwYYeQoYUrwfDURUsJsBu8tPaEMAAAAAoAI5CF29AAACBAV4BAIICgALC00AAAAAAQMDBw=="}
00522{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":281714,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAHLtrwAANREvOwq8AQEKGFK8ADU5OgBeI2eyooGAAAEAAQAAAAABMgI5NwMyNTIDMTczB2luLWFkZHIEYXJwYQAADAABwAwADAABAAAEYQAfEG1xdHQtc2h2LTE0LWZyYzEIZmFjZWJvb2sDY29tAA=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":51,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.97.252.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":281867,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACw2WEAA+AaMPh8NRFQKGFK8Abuwm2JwnlDLT2hEYBIRHOBVAAACBAV4"}
00421{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":284186,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjD0AAPwYYjAoYUrwfDURUsJsBu8tPaERicJ5RUBA5CM\/qAAA="}
01190{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":286444,"pkt_caplen":626,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":626,"pkt_l4_len":590,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAmJjEEAAPwYWUQoYUrwfDURUsJsBu8tPaERicJ5RUBg5CFQRAAAWAwECNQEAAjEDA12sDwIlRYC4S\/u\/dLxpbC6fU+Gnpw4b5dMA4lzwGxvDIALfpkN5Ks6\/c20IdWd3iDdbXn8wiPGMx1jMuQOUjsRtAJbAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADbAMsAuwCrAJsAPwAUAnQA9ADXAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADDAMcAtwCnAJcAOwAQAnAA8AC\/AEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAFSAAAAHAAaAAAXZGV2ZWxvcGVycy5mYWNlYm9vay5jb20ACwAEAwABAgAKADoAOAAOAA0AGQAcAAsADAAbABgACQAKABoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAwCnSYkR7dyZSlmb2OdeQwfPHqvffGwuUL3PG+4Ewg5bwNedBkyV9v8C8pmhV4nqSLTQbulzvcpBBfLcpfQowvk79MtWhUv2WuTp5rwjXPWPci4lxJKzgph0ts51Py\/3dLrTAZ0QTg1HN7u4u1p3C80B86yaPTNKffxSBZsLfL4fUayH2i9ace\/qM96Tac8qFgVAl24B\/JZxcKhjC1EOsRIlPerZpBoaXHxVbVixsGvq98+nTjVWCnQKrtJcwlv25jQANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAzN0AAA="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_tot_l4_data_len":674,"flow_min_l4_data_len":20,"flow_max_l4_data_len":590,"flow_avg_l4_data_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1430069031236,"flow_last_seen":1430069031286,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":570,"flow_tot_l4_payload_len":570,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00424{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":320197,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8Abuwm2JwnlHLT2hEYBClZFGIAAABAQEB"}
00420{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":341162,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACjTSEAAjwZYUh8NRFQKGFK8Abuwm2JwnlHLT2p+UBCkxGH0AAA="}
02139{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":391516,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSjTSUAAjwZTUR8NRFQKGFK8Abuwm2JwnlHLT2p+UBCkxN7TAAAWAwMAbgIAAGoDA8C8sU+4sP7tT3CKYvhEo\/qSTcQI4WbvTwFIUXjcfkAWAMArAABCAAAAAP8BAAEAAAsABAMAAQIAIwAAM3QAKQ9zcGR5LzMuMS1mYi0wLjUIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xFgMDDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0Lg=="}
-00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_tot_l4_data_len":2018,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":7,"flow_first_seen":1430069031236,"flow_last_seen":1430069031391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1850,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
00420{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":393286,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjEUAAPwYYigoYUrwfDURUsJsBu8tPan5icKNRUBBBAMC4AAA="}
02145{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":408515,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABSjTSkAAjwZTUB8NRFQKGFK8Abuwm2Jwo1HLT2p+UBikxPFIAABjb20vY2EzLWcyOS5jcmwwQgYDVR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAA=="}
01791{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":408850,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1067,"pkt_l4_len":1031,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABBvTS0AAjwZUXB8NRFQKGFK8Abuwm2JwqFHLT2p+UBikxKuaAABhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwMAlAwAAJADABdBBLqTQNJNU36ZQWb8HeASPcp0WN1Rk4KDJvBxVzB10Jd4+P\/JPbK+vtohJwIS0YYBJvFwto2+iZ+\/rcILUXt2mRMGAwBHMEUCIEMUDwjj2qLKmC3WwO\/lTl0MPMIzWL05LJ1COe36qWcXAiEAg2V0m0767p57whXPk83nVJXKEyr73YpOd8\/yNfVshnEWAwMABA4AAAA="}
-01627{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_tot_l4_data_len":4369,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":436,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01638{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":10,"flow_first_seen":1430069031236,"flow_last_seen":1430069031408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":4141,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"developers.facebook.com","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"051d20e8adbe8dac78945de300764d5e","ja3s":"6806b8fe92d7d465715d771eb102ff04","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00421{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":410895,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjEkAAPwYYiQoYUrwfDURUsJsBu8tPan5icKhRUBBLALG4AAA="}
00421{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":410956,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChjE0AAPwYYiAoYUrwfDURUsJsBu8tPan5icKxEUBBVAKPFAAA="}
02043{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":425727,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1257,"pkt_l4_len":1221,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUABNljFEAAPwYT1goYUrwfDURUsJsBu8tPan5icKxEUBhVAJopAAAWAwMARhAAAEJBBPON\/LJqBr6qw7RzueZWdveH9RPDKIh0taTOaFM3l3OAde7h9Djd2tDgsIIINv3z09StvnD4Ph6OT2kafg+cKTYUAwMAAQEWAwMAPCwS+j2T0BmMYu44G7vYhClL6WUsbXbIjtRbfAnve+HDw2rVFjj6HECBr4cseaIL4ewKMLUqCzSKe\/Q8fhYDAwAoLBL6PZPQGY1xRCv\/MFccwmSU1tfDnnMr4gw3uYP7IkY1RioDkLjdUBcDAwPtLBL6PZPQGY6B8r6UGDXRbNsCCbsyRUcauQJQAmyiKg1VzXwdC8G1EhBGayJ2RPnxqfrO\/PjmM5tQU7jgiBRdsclpbRBi+EwNhS5AruPWrJ\/yiif9Ctpgx+7vdVMbMyi\/vlVNB7zBUdwjyQbYShVRS48KJdLrttXnToVlUNS2QdLmvPsAYJ8mSMYYiE1zxK7MX2gv8YWMv7au821PnB+oj6rcBimlhPAO455i\/j07QwBh+4ftQgV3lkRDicOM2tRRLxjw5hU1zelvd7ZtOSJNQruYzAKcGriBNJpMsJpul62PGvwupCEZP5sjOs3KMV1Cr9CfYhuux+jQRT5mfj6vX3NKX6iJ3O\/IrLW\/FlhcKbgeU+fsBYGA6v9PT82VDCG5+ILyHYmHYf7cfnPt8WPHeSWeWDJ8f8AmUsNEafgoZ01npr8SUtPh13C7wNutcn7NsuxykOD2vXslWkWWyiu84+c+Trf5hM3WkYcE7p28kUonAF1tpBdGwISKw6ooenbxWbbqv2lsOPVNERLYXTZ18eSCJm\/goP48GtDUjcBfM9FCUsFY3tZt6k9oLe8Z77YUN1nKtxQWRzDqksGUfEe37VXcLV4Mjd+G4Wk8bTRNIgxsVLb6Cv3OSKR2HpUi3Ga3+9G9XfkHbKlJDDTaXmzCYUKqJ58kdKdjTpwdtddpKdDsgdBisnDJWJwF78eTpSvYCe259g0EFsE1thdwwLRCRibBc\/IgHwtZdrh+cf5rdDxQv3HfLo+V7TP0T50DDJUmGA\/4uysW6AOfNxTzVDS4A6WpxKrSzS13Oe1CtS0ZbAE5VkUXHMyHbdK2LBK5wCEgTyXObcCFtUl905nORIodohxUeA11r18OnnXjqu7KF12JXWkL9kvYWAmUJy+X+oWnA6LQXh0WtnF2SEN6ikR8vVfXoWFFCUvKCG5OUXCEZL+XiO3X0bjZe1\/E2g9Ke4lMf4PNhB0aOZHflkv4xdQwsYbNLeu7gvIh7onn+l1HiszXua0fkDui4zGZAvd\/KwoKNNlctWtwX1jlctJmgTfXacPh7dXIfievhDkfORC2DjaLuWCG\/CWtPvhIKNlpNqw5JOqOFdQiLP3iBX66mKVYCwP4johGeG95utDAfRDgvwtCu4Bg1BgXcnZvCon7n0RrbBotXiS5ecufwm7UBfZ+I43ytPe3rjdlv8vnG7fsaNSfcMJxIb97jr2HotKcRl\/3Za8RzptvZNsSIYP16rjO6giF5VuOe6+oIaz+9xS3z49ockgUXT+p5UM4Zk9cvdoivxdwDEe8ehPZvHnfYhQCX4bWbp6IZKctRr4jPllvCsicbaviQVruzJboPcbE"}
00421{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":480384,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACjTTEAAjwZYTh8NRFQKGFK8Abuwm2JwrETLT28vUBCkxE9QAAA="}
00770{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":513282,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":314,"pkt_l4_len":278,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAASrTTUAAjwZXSx8NRFQKGFK8Abuwm2JwrETLT28vUBikxOXaAAAWAwMAygQAAMYAAU\/wAMBVHjamON2Im1HS1Mx3WG+MHqQdzgVj909oJkB2\/cL96uQcX2PfrbyBj2+2oCYfHZ91Urggzu6eStTIoM9Tx0y+L5fn4iO7UemYhseBRZgQPMeOhtjrP7Ay2eCf3jw6sB7lBQ3ZcpiCWpWxN+zLU1AVf1JRJ2kh83AYgCsYOkJGnI0JglWBDAlI6RTp6SysSqxSLyEbEgg6TRJ5xWMmmo6sYo0KSmzNienpjIAH1B453woar3mtJnA1SQQQ9xtf72wUAwMAAQEWAwMAKBb8yUXEQnm1GVxYXWHBTfz7BtrCKB8SKDo3bRG3+B+IlvOJH6rcA04="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_tot_l4_data_len":77,"flow_min_l4_data_len":77,"flow_max_l4_data_len":77,"flow_avg_l4_data_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00502{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069031,"pkt_ts_usec":611243,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":113,"pkt_l4_len":77,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGHTnUAAQAbVXgoYUrw2\/\/3H5i8UZ+uf0VkGiXPCgBgCYxkQAAABAQgKAAKTKDTnT0kXAwEAKNOo\/lFrrxEtj1oyrBEybZXAvF7754xqLjvuYfV0gCpDpumAA3\/lW60="}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_tot_l4_data_len":77,"flow_min_l4_data_len":77,"flow_max_l4_data_len":77,"flow_avg_l4_data_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_tot_l4_data_len":77,"flow_min_l4_data_len":77,"flow_max_l4_data_len":77,"flow_avg_l4_data_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00457{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1430069031611,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069028075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34503,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":202,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069030119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","l4_proto":"icmp","flow_datalink":113,"flow_max_packets":15}
00422{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069032,"pkt_ts_usec":164282,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq80AArAYRp9g63QoKGFK8AFCMUmKi4jFDN+TzUBH\/\/6QYAAA="}
00422{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069032,"pkt_ts_usec":171576,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1430069035398,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1430069035398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":398200,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChV8UAAQAbFkwoYUrzSZ\/APpVwBu+YrTKNirTiWUBFpAB9mAAA="}
00420{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":537940,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgkaUAAjgapG9Jn8A8KGFK8AbulXGKtOJbmK0ykUBCkj3bOAAA="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1430069035840,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1430069035840,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":840522,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADytk0AAPwbN8woYUrwfDURUkrUAUM0qoIsAAAAAoAI5CEEgAAACBAV4BAIICgALDRgAAAAAAQMDBw=="}
00424{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":877814,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxm7kAA+AZbqB8NRFQKGFK8AFCStWTibgPNKqCMYBIRHPNeAAACBAV4"}
00420{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":880866,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlEAAPwbOBgoYUrwfDURUkrUAUM0qoIxk4m4EUBA5COLzAAA="}
00426{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":917823,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYOlx8NRFQKGFK8AFCStWTibgTNKqCMYBD\/\/wn2AAABAQEB"}
00671{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":921179,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOtlUAAPwbNSgoYUrwfDURUkrUAUM0qoIxk4m4EUBg5CEcRAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMy4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1430069035967,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_first_seen":1430069035840,"flow_last_seen":1430069035921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.3.0.KXDMICB)"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1430069035967,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00449{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":967627,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzw1UAAPwaKsQoYUrwfDURUsJ0Bu3W4\/fMAAAAAoAI5CBvJAAACBAV4BAIICgALDSYAAAAAAQMDBw=="}
00422{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069035,"pkt_ts_usec":973456,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiUEAArQZrLh8NRFQKGFK8AFCStWTibgTNKqFHUBD\/\/xtBAAA="}
00422{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":8002,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACxGQkAA+AZ8VB8NRFQKGFK8AbuwnWIYU8F1uP30YBIRHOshAAACBAV4"}
00420{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":10596,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw1kAAPwaKxAoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBA5CNq2AAA="}
00670{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":12946,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAODw10AAPwaKCwoYUrwfDURUsJ0Bu3W4\/fRiGFPCUBg5CMwfAAAWAwEAswEAAK8DAVU9Hy2pPPfpWbhIjMHHKuGu\/26IDUvEFU2avrf56FfmAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":20,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1430069035967,"flow_last_seen":1430069036012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":49811,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgYslx8NRFQKGFK8AbuwnWIYU8J1uP30YBClZFxUAAABAQEB"}
00419{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":50513,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChrjUAAjwbADR8NRFQKGFK8AbuwnWIYU8J1uP6sUBCkrG5aAAA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1430069036068,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1430069036068,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00448{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":68122,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwqSkAAPwalnwoYUryt\/GECircBu1PEJ3oAAAAAoAI5CI51AAACBAV4BAIICgALDTAAAAAAAQMDBw=="}
00424{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":109870,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACzrl0AA+AYrYa38YQIKGFK8AbuKt2bo6WFTxCd7YBIRHMNnAAACBAV4"}
00421{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":113928,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqS0AAPwalsgoYUryt\/GECircBu1PEJ3tm6OliUBA5CLL8AAA="}
00670{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":116156,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":240,"pkt_l4_len":204,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOAqTEAAPwak+QoYUryt\/GECircBu1PEJ3tm6OliUBg5CCGEAAAWAwEAswEAAK8DAVU9Hy3lr9PhuC3NcwOeJGoglIkRSauG++7JURnxbEvJAABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":20,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1430069036068,"flow_last_seen":1430069036116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02141{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":121375,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShrjkAAjwa7DB8NRFQKGFK8AbuwnWIYU8J1uP6sUBCkrFqtAAAWAwEAWQIAAFUDAa6R6RRKXfxddbtVAoidxSBrGSP+zxabD35QT5IWWmgIIEx+M4v6kMYdK9rfFgx\/4oOFoeXKuOJVavGbS+sm\/keqwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="}
-00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_tot_l4_data_len":1632,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":233,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":7,"flow_first_seen":1430069035967,"flow_last_seen":1430069036121,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00580{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":122016,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":174,"pkt_l4_len":138,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAJ5rj0AAjwa\/lR8NRFQKGFK8AbuwnWIYWMJ1uP6sUBikrOyQAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBF"}
00421{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":125067,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw2EAAPwaKwgoYUrwfDURUsJ0Bu3W4\/qxiGFjCUBBBAM0GAAA="}
00422{"flow_id":33,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":125220,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw2UAAPwaKwQoYUrwfDURUsJ0Bu3W4\/qxiGFk4UBBBAMyQAAA="}
@@ -269,16 +269,16 @@
00424{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":149329,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgaA+a38YQIKGFK8AbuKt2bo6WJTxCd7YBClZDSaAAABAQEB"}
00420{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":160590,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChRFkAAjwYu5638YQIKGFK8AbuKt2bo6WJTxCgzUBCkrEagAAA="}
01596{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":179969,"pkt_caplen":926,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":926,"pkt_l4_len":890,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA45rkUAAjwa8ox8NRFQKGFK8AbuwnWIYXjh1uP6sUBikrNHEAAAAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB0GA1UdDgQWBBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zANBgkqhkiG9w0BAQUFAAOCAQEAHuKlSJ5s21M4D++mGiqs4gND7Zq8Po51G\/D9LiJZrBPAYeLn+umZzYcJdVQov0Zg3L5RLJLzG5F8MQhw4je5wVuovaMLAPsaFf0DrVhqxcckmUhHRjEeku+0X040x5C\/McH4sYSG0JwBqt+KVgbOOukOrpd0XddxmkJ0X96NQ3ze6VXtaQDLBeB6YWEz0RlN+QjuoDnFJTW3K8QPst3xpbcOJMQmKI15d\/Uv8Fe6fAfU4fzNWjBXfoYQR90xH9f8osK\/MHxdJKro+a5fanTCzmuzRtghvinUjl4V1kJK5zJvpLFrUYNYvj9tx\/vaAyHLahYZTgrwrYTKXZSzWnb3YRYDAQCSDAAAjgMAF0EExrvVjJmskxsxl7za+fyJjy8jLZ01HW0zf5npTx\/6GWLGRG3SXO5Gg1gOG8smi\/NyV\/PxGGRbia0CMA7d76Yv2ABHMEUCIHzwDcwFMpxVP\/8am4nZhxz0QnCrvWisp422CWpoZBYUAiEA6zngcC34dn3Gt0qUcGhAjS8GTzhESSBXNqyC\/12rLOcWAwEABA4AAAA="}
-01589{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_tot_l4_data_len":4020,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":1430069035967,"flow_last_seen":1430069036179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3732,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00422{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":183936,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjw20AAPwaKvwoYUrwfDURUsJ0Bu3W4\/qxiGGGeUBBVALAqAAA="}
00801{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":184027,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUOiUUAArQZqEh8NRFQKGFK8AFCStWTibgTNKqFHUBj\/\/1uiAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogbnRKRXA0ZXcwOHRBWkdWd2J0SHdUZzhPVFBDbGd3RHI1V1FlTXJkYitCazA1eEpaZkMxaXVjb1NpaWd3RG94NUZzcjJjQ2txSmN3MHBUN1FMS1dUY0E9PQ0KRGF0ZTogU3VuLCAyNiBBcHIgMjAxNSAxNzoyMzo1NiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
00420{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":185828,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitlkAAPwbOBAoYUrwfDURUkrUAUM0qoUdk4m8fUBA8uN1tAAA="}
00589{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":247321,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":178,"pkt_l4_len":142,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAKLw3EAAPwaKRAoYUrwfDURUsJ0Bu3W4\/qxiGGGeUBhVAPcpAAAWAwEARhAAAEJBBKEasiyUo2ANNASkr2uadAhqkbscFf9u1KOWllAbNFBDhtdLmgUrZUpTT7pczUwTMUMatVuEPWFyZE1dHeDqmuYUAwEAAQEWAwEAJGIfRucykgPyI9pqoL2jesB+lmMfcHzlLfb88ABcRl7sHSXOIg=="}
02140{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":608985,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShRF0AAjgYq5q38YQIKGFK8AbuKt2bo6WJTxCgzUBCkrMtIAAAWAwEAWQIAAFUDAbZyuIuZl37RA6xhj4YdGRy7e\/k0fSBIfmPHpvdYA0LwIGHGz3CMoqyAqySUoSyZbEmdkTnwkbEEIcyIOcde2TVPwAcAAA3\/AQABAAALAAQDAAECFgMBDNkLAAzVAAzSAAZwMIIGbDCCBVSgAwIBAgIQBnjbTdvaLb44isb+B0TcyDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu\/Tli9R764EPwi6dKemPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk\/cUMs0bSobxwtIeOo4ID5DCCA+AwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg\/cwHQYDVR0OBBYEFEMJk0D6EUswM+zyh26NcRjPiryOMIICOwYDVR0RBIICMjCCAi6CDiouZmFjZWJvb2suY29tggxmYWNlYm9vay5jb22CCyouZmJzYnguY29tggsqLmZiY2RuLm5ldIIOKi54eC5mYmNkbi5uZXSCDioueHkuZmJjZG4ubmV0ggZmYi5jb22CCCouZmIuY29tghgqLmZhY2Vib29rY29yZXd3d2kub25pb26CFmZhY2Vib29rY29yZXd3d2kub25pb26CGCouZmJjZG4yM2Rzc3IzanFucS5vbmlvboIWZmJjZG4yM2Rzc3IzanFucS5vbmlvboIYKi5mYnNieDJxNG12Y2w2M3B3Lm9uaW9ughZmYnNieDJxNG12Y2w2M3B3Lm9uaW9ughAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDW1lc3Nlbmdlci5jb22CGioubS5mYWNlYm9va2NvcmV3d3dpLm9uaW9ughsqLnh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGXh4LmZiY2RuMjNkc3NyM2pxbnEub25pb26CGyoueHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIZeHkuZmJjZG4yM2Rzc3IzanFucS5vbmlvboIOKi54ei5mYmNkbi5uZXSCDHh6LmZiY2RuLm5ldIIbKi54ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughl4ei5mYmNkbjIzZHNzcjNqcW5xLm9uaW9ughhtLmZhY2Vib29rY29yZXd3d2kub25pb24wDgYDVR0PAQH\/BAQDAgOIMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzI5LmNybDBCBgNVHQ=="}
-00801{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_tot_l4_data_len":1632,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":233,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":7,"flow_first_seen":1430069036068,"flow_last_seen":1430069036608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1464,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
02145{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":609168,"pkt_caplen":1336,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1336,"pkt_l4_len":1300,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABShRGEAAjgYq5a38YQIKGFK8AbuKt2bo7mJTxCgzUBCkrCEVAAAgBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAH+E197NT+uv3Gl8Ww0Hto52ip4HI8J9GUO31fXVPsBGGztPmX3vZUA9efuefcpD+c2QQNKsmEtaGlR+Pq2Ym7KusJlTkLZFL0HEeHlPMlC7JkqP3K\/+DkhpxjoDBHNmeFnn45su154px8ew83Ei9w0gkLUTjRJHdw135yyAdeFyLcpRVBaExOCS5rUMN2SxBjQlAqoaeMNHcqm61B\/TRBodNw2f2GV45V33ZCjqHQZ4orzOuwKHpoiBLcUbRodTiFMpead9ct0m\/MnY+4rDyDD+Nd\/OS40p2kN1mfylJsFxllg98sOS0J+KuLubjD1CJFuBsekpEiWyV2GwDB6GLpQABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdA=="}
01755{"flow_id":34,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":612036,"pkt_caplen":1043,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1043,"pkt_l4_len":1007,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABANRGUAAjgYsCa38YQIKGFK8AbuKt2bo82JTxCgzUBikrEovAAAAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTeeZlIg\/cwDQYJKoZIhvcNAQEFBQADggEBAB7ipUiebNtTOA\/vphoqrOIDQ+2avD6OdRvw\/S4iWawTwGHi5\/rpmc2HCXVUKL9GYNy+USyS8xuRfDEIcOI3ucFbqL2jCwD7GhX9A61YasXHJJlIR0YxHpLvtF9ONMeQvzHB+LGEhtCcAarfilYGzjrpDq6XdF3XcZpCdF\/ejUN83ulV7WkAywXgemFhM9EZTfkI7qA5xSU1tyvED7Ld8aW3DiTEJiiNeXf1L\/BXunwH1OH8zVowV36GEEfdMR\/X\/KLCvzB8XSSq6PmuX2p0ws5rs0bYIb4p1I5eFdZCSucyb6Sxa1GDWL4\/bcf72gMhy2oWGU4K8K2Eyl2Us1p292EWAwEAkQwAAI0DABdBBF6hk1Yewa00uIJUS1f8EGQdfuetE3UDgcfK1KuF8DJSBKJSEPoE6VPxncMmJsPNt5F\/a0hmJ8KTbudHBxzPJocARjBEAiANHy3l9Wg1jYhXx6qsp9jjZzbvcPiJcvxfW51qSwHb9gIgMOMuVzo3DjBChuJlhLhS4A5pSe4rOcJyYLqIsIe8xbAWAwEABA4AAAA="}
-01589{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_tot_l4_data_len":3939,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":437,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
+01600{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":9,"flow_first_seen":1430069036068,"flow_last_seen":1430069036612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.facebook.com,facebook.com,*.fbsbx.com,*.fbcdn.net,*.xx.fbcdn.net,*.xy.fbcdn.net,fb.com,*.fb.com,*.facebookcorewwwi.onion,facebookcorewwwi.onion,*.fbcdn23dssr3jqnq.onion,fbcdn23dssr3jqnq.onion,*.fbsbx2q4mvcl63pw.onion,fbsbx2q4mvcl63pw.onion,*.m.facebook.com,*.messenger.com,messenger.com,*.m.facebookcorewwwi.onion,*.xx.fbcdn23dssr3jqnq.onion,xx.fbcdn23dssr3jqnq.onion,*.xy.fbcdn23dssr3jqnq.onion,xy.fbcdn23dssr3jqnq.onion,*.xz.fbcdn.net,xz.fbcdn.net,*.xz.fbcdn23dssr3jqnq.onion,xz.fbcdn23dssr3jqnq.onion,m.facebookcorewwwi.onion","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6c13ac74a6f75099ef2480748e5d94d2","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","fingerprint":"A4:FB:65:F8:A1:57:FE:0D:C0:17:C1:B5:51:62:63:3A:18:73:A0:B4"}}
00422{"flow_id":34,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":614905,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqTUAAPwalsAoYUryt\/GECircBu1PEKDNm6O5iUBBBAKVMAAA="}
00422{"flow_id":34,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":615088,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqTkAAPwalrwoYUryt\/GECircBu1PEKDNm6PNiUBBLAJZMAAA="}
00422{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069036,"pkt_ts_usec":615210,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgqT0AAPwalrgoYUryt\/GECircBu1PEKDNm6Pc9UBBVAIhxAAA="}
@@ -291,7 +291,7 @@
00700{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069041,"pkt_ts_usec":829810,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":258,"pkt_l4_len":222,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAPJbIkAALgbyHmf2OfsKGFK8H5DHTSs\/BDDLDfdEgBgADk6wAAABAQgKmPajHgALDwq6AAAAolkC\/4gP\/deLY5qAl+gvk1q6MKo+Dr8NmSA0vIoEwzL52Zrr6RjF9Bu994wavboL+YbRyGuQnqzGjRX38N1zyfNe61lkzc0IHKVWxcnKyjmNl6oQX9Lrf+xWf9zOhkCznR4qsQb0obZXCGNou9W\/BEdEWcdYd1s\/XQjToOKZQOS9aYSCHzCyUVerS7tvJBIcs5grGAgJ\/\/0j1kplCt6fp\/H15W5dVAQmBKJAFTBRqD7ubEPdwOIZpkw4"}
00437{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069041,"pkt_ts_usec":937537,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzXkAAPwZJoAoYUrxn9jn7x00fkMsN90QrPwTugBAAg1J8AAABAQgKAAsPe5j2ox4="}
00566{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":568854,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3zX0AAPwZJRgoYUrxn9jn7x00fkMsN90QrPwTugBgAg\/lWAAABAQgKAAsQgJj2ox5VAAAApVkC\/4gP6c2DY5DOxadg3j3uOFk37WQtu31WeByENvnH+DX\/S7DVK6u8apgllsOoljhTv0Bpj3w8hcD\/X\/f\/nc5qUppaWqWFC3vtb1GieZeOb5kg9A=="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1430069044758,"flow_last_seen":0,"flow_tot_l4_data_len":267,"flow_min_l4_data_len":267,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1430069044758,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00761{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":758795,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KJUAAjgb4zIuWAH0KGFK8Abu3Y2Ij0KVRKAPiUBigLueuAADzAAAApDlIVrVdqRc+Gkt7POZ3i2OlkuY4MMfPTZY9G4U0YFfr\/Io7pOCQe3JDBNAmPdEpHGIlOOWztPzNgfmCZdfJbXa\/FjyLrCbe\/cKrmuhEYDyIPsoQcOHY3YFPdOkSmKChheXsyu06po9uQ1CWTJDZfqoByGUY9M3+\/torvsssHclmFyrgMhiQBPDR+\/p96Y\/\/sK6VRP8W+SfBO5i7Jg3brhWvS81m7IbytFR73ZERAlFn0QejuZzhem715ywfbXU8ySrwRBK2cs3ywClzqW\/s7h0teJNcn45XHRR+Z0ZTPA29+kHM57k5C1faf1I\/3jeLMDw\/"}
00420{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":836371,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTekAAQAZ+bgoYUryLlgB9t2MBu1EoA+JiI9GcUBCIgOkBAAA="}
00477{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069044,"pkt_ts_usec":940863,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTe0AAQAZ+QwoYUryLlgB9t2MBu1EoA+JiI9GcUBiIgH9kAAAmAAAApDlIVrVdqRc+Gkt7POZ3i2OlX+Y4MArPTZYlBp4hfXC7UiHVW\/8="}
@@ -303,14 +303,14 @@
00420{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069048,"pkt_ts_usec":920600,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTfEAAQAZ+bAoYUryLlgB9t2MBu1EoBAxiI9KTUBCRCOkBAAA="}
00476{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":179969,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTfUAAQAZ+QQoYUryLlgB9t2MBu1EoBAxiI9KTUBiRCF0ZAAAmAAAAFuBuaLVdqRc+Gkt7POZ3i9iw3kOUcEZ6WdojCJDvIs0xtYwNzYg="}
00420{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":230536,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKKEAAjwb4wIuWAH0KGFK8Abu3Y2Ij0pNRKAQ2UBCf2uPeAAA="}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00567{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069049,"pkt_ts_usec":770087,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUZ0AAQAZSqgoYUrytwki8h34UbGWkOWcyCtXvgBgB12cmAAABAQgKAAKaQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
00423{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069051,"pkt_ts_usec":671393,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiq9UAArAYRpdg63QoKGFK8AFCMUtPmE5BDN+TzUBH\/\/wF2AAA="}
00422{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069051,"pkt_ts_usec":765998,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACgAAEAAPwYptwoYUrzYOt0KjFIAUEM35dFioucAUBA+dl\/2AAA="}
00422{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069052,"pkt_ts_usec":223609,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACif4UAArAZunR8NRFQKGFK8AFCSsWQ58kuOvvK5UBH\/\/4SfAAA="}
00422{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069052,"pkt_ts_usec":317694,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACj6\/UAAPwaAnQoYUrwfDURUkrEAUI6+8rlkOfJMUBA8uEfnAAA="}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1430069049770,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00760{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":712958,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":303,"pkt_l4_len":267,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR8KKUAAjgb4yIuWAH0KGFK8Abu3Y2Ij0pNRKAQ2UBif2g\/UAADzAAAADm0Ga7VdqRc+Gkt7POZ3i+5tzFY41M0fMnZ5G+m2Vfmrg\/zv7j0hw0EYHJWzK5vm\/yh4v2HJS83EDXIAXU2bjamkVNJvnppe0xZ5dVZ87ou5\/qGH6LaceT8u59MyUCQvylTi4YEzvDS9zVBR8mlLXoh1YM2wq9pcWvX2q\/mybRcS2fxHzLHJJpFYQpXKfnNGugL7Wx\/EBHURohcuMoPwedtdn3tHj0aCstecuAcqjgGrRkrqpBRh\/NLh33y+h1qkuo9\/WREg5Tpgd83vHtfKtQ78Z7vZ4TSawOTHx9k\/8rk1O3mx++HEjz58cnZa448oyarm"}
00421{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":713507,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTfkAAQAZ+agoYUryLlgB9t2MBu1EoBDZiI9OKUBCZkOkBAAA="}
00477{"flow_id":35,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069055,"pkt_ts_usec":909095,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLTf0AAQAZ+PwoYUryLlgB9t2MBu1EoBDZiI9OKUBiZkLHVAAAmAAAADm0Ga7VdqRc+Gkt7POZ3i+5tAVY41AAfMnZhBvKjSN7EqKqW+N8="}
@@ -320,59 +320,59 @@
00423{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":684973,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiUkAArAZsLB8NRFQKGFK8AFCStWTibx\/NKqFHUBH\/\/xolAAA="}
00424{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":685950,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACiiU0AArAZsKx8NRFQKGFK8AFCStWTibx\/NKqFHUBH\/\/xolAAA="}
00421{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069057,"pkt_ts_usec":806708,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACitl0AAPwbOAwoYUrwfDURUkrUAUM0qoUdk4m8gUBA8uN1sAAA="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00455{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069060,"pkt_ts_usec":11328,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkUAAQAbmZgoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1430069060011,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00758{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069068,"pkt_ts_usec":839972,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":301,"pkt_l4_len":265,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR0KLEAAjgb4x4uWAH0KGFK8Abu3Y2Ij04pRKARgUBifsO6FAADxAAAA9OvkaLVdqRc+Gkt7POZ3i3B\/cSs8hz\/Y+A61mP+SPxO\/R3DGac2sjPnDCuKsrSfTbaTpC1QCK\/upe0ARxdejVurhNuCPA1SnywVLdu4Zw4wElJdvhX7T69mP5x8qI1Azfzl6NQhOIOdbeNjsORgh1vdsQSIm8PTjvEbCs2HlI1ijsi3aryyOYLECufcgZQh+GJ5ecJsfSD+F7fO9n1i5nft96BRdO1V4rNOFmTnrppJbI93qmZXgStBGfcB+qtk0Xvm+VYsDKwNq2vUgN+UkKJNvJyo8rCIYXzs\/GuzAG6FP1IczSONX8\/ceTFUNZIdxfw=="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00438{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":945990,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTTnkAAQAbVigoYUrw2\/\/3H5i8UZ+uf0YYGiXPCgBQCY5HBAAABAQgKAAKjTTTnT0k="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1430069072986,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1430069072986,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00450{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069072,"pkt_ts_usec":986762,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwsMEAAQAZ88QoYUrw2\/\/3H5lQUZzqvj2AAAAAAoAI2sJHJAAACBAV4BAIICgACo1AAAAAAAQMDBQ=="}
00450{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186194,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALQa8ITb\/\/ccKGFK8FGfmVG+Fj0U6r49hoBJF6jkFAAACBAV4BAIICjTom84AAqNQAQMDCA=="}
00438{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":186682,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADQsMUAAQAZ8+AoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBABtpHBAAABAQgKAAKjZTTom84="}
00547{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":201697,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":146,"pkt_l4_len":110,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAIIsMkAAQAZ8qQoYUrw2\/\/3H5lQUZzqvj2FvhY9GgBgBtpi\/AAABAQgKAAKjZzTom84WAwEASQEAAEUDAVFRUVESVPKV5Ej6iE0e+b\/OK2fBD2XxGFd+RBJAtWh8AAAeAAQABQAvADMAMgAKABYAEwAJABUAEgADAAgAFAARAQA="}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":32,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1430069072986,"flow_last_seen":1430069073201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"d9ce50c62ab1fd5932da3c6b6d406c65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":294684,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADQUukAALgambzb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqynAAABAQgKNOib\/AACo2c="}
02306{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069073,"pkt_ts_usec":299933,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUABaAUu0AALgahAjb\/\/ccKGFK8FGfmVG+Fj0Y6r4+vgBAARqHKAAABAQgKNOib\/AACo2cWAwEGtQIAAEYDAVU9H1Gb\/qiDm98eXfIJxb4shEK1GhPjZeBEv8P67\/0aIFU9H1G382hmASwGnCuJDP0Mh2TynvUtxumEykegoF7eAAQACwAGYwAGYAADPjCCAzowggKjoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwgaQxCzAJBgNVBAYTAktSMRQwEgYDVQQIDAtHeWVvbmdnaSBkbzEOMAwGA1UEBwwFU3V3b24xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTAeFw05OTEyMzExNTA1MDRaFw00OTEyMTgxNTA1MDRaMIGUMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xJTAjBgNVBAoMHFNBTVNVTkcgRUxFQ1RST05JQ1MgQ08uLCBMVEQxHjAcBgNVBAMMFSoucHVzaC5zYW1zdW5nb3NwLmNvbTEoMCYGCSqGSIb3DQEJARYZYWRtaW5AcHVzaC5zYW1zdW5nb3NwLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsyrNiMIXJ++fpsiI08sYxPZbKOY56a37f6J9ViQReAUe3UWF2fdOff49ukAjUISbhahOinbZux+ildb7qUyHJVHQXanBrQsLoODvfOiws0bRofk+EjA3+puR1KI8EgNDCJfkzYF40k16LBiMv6fKIGXOV6sbZciKSSDD+AX5+08CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHQ6IKqRzfLkHpPDYYWaWWRoHaGswHwYDVR0jBBgwFoAUWMjZPBPgzaBussvwASa64F2DMFEwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4GBALo4j8DvDTq0WR5v2UJovDtyilA1Zel1mK2n\/GtzjEjxAUkMxaGxxxnaEWdSVH0\/0pG7jG3ieJSWSLWW4HdJJ+ZytoamKq2k87O5sF5LkM+ZGg+UlFyFpcvLuYXtbZHa4CFAnYmBZ5nQNz06gzWDYU9\/yRhZSf2unf7zNha\/BodKAAMcMIIDGDCCAoGgAwIBAgIJAPMld7YDENSnMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYDVQQGEwJLUjEUMBIGA1UECAwLR3llb25nZ2kgZG8xDjAMBgNVBAcMBVN1d29uMSUwIwYDVQQKDBxTQU1TVU5HIEVMRUNUUk9OSUNTIENPLiwgTFREMR4wHAYDVQQDDBUqLnB1c2guc2Ftc3VuZ29zcC5jb20xKDAmBgkqhkiG9w0BCQEWGWFkbWluQHB1c2guc2Ftc3VuZ29zcC5jb20wHhcNOTkxMjMxMTUwMjEwWhcNNDkxMjE4MTUwMjEwWjCBpDELMAkGA1UEBhMCS1IxFDASBgNVBAgMC0d5ZW9uZ2dpIGRvMQ4wDAYDVQQHDAVTdXdvbjElMCMGA1UECgwcU0FNU1VORyBFTEVDVFJPTklDUyBDTy4sIExURDEeMBwGA1UEAwwVKi5wdXNoLnNhbXN1bmdvc3AuY29tMSgwJgYJKoZIhvcNAQkBFhlhZG1pbkBwdXNoLnNhbXN1bmdvc3AuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS\/wx087bX6AA7bz\/rPd\/AOtm8g1ebRfENevGCnMrnUw=="}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":48,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_tot_l4_data_len":698,"flow_min_l4_data_len":20,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_tot_l4_data_len":718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":44,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_tot_l4_data_len":8431,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":247,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_tot_l4_data_len":6223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_tot_l4_data_len":5856,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":45,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":45,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":49,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_tot_l4_data_len":124,"flow_min_l4_data_len":42,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_tot_l4_data_len":2990,"flow_min_l4_data_len":32,"flow_max_l4_data_len":621,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_tot_l4_data_len":2990,"flow_min_l4_data_len":32,"flow_max_l4_data_len":621,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_tot_l4_data_len":6154,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":51,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":42,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":46,"flow_max_l4_data_len":90,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":20,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":20,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":43,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_tot_l4_data_len":7023,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_tot_l4_data_len":8033,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_tot_l4_data_len":6553,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1300,"flow_avg_l4_data_len":234,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_tot_l4_data_len":1761,"flow_min_l4_data_len":20,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_tot_l4_data_len":1761,"flow_min_l4_data_len":20,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":45,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1430069022058,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":41909,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1430069030508,"flow_last_seen":1430069052317,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37553,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":11,"flow_first_seen":1430069035840,"flow_last_seen":1430069057806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":37557,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1430069030978,"flow_last_seen":1430069031017,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":19582,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":34,"flow_first_seen":1430069031042,"flow_last_seen":1430069032022,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7723,"flow_avg_l4_payload_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.70","src_port":43581,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":38,"flow_first_seen":1430069026370,"flow_last_seen":1430069037135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5411,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35503,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":36,"flow_first_seen":1430069036068,"flow_last_seen":1430069065046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5108,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.97.2","src_port":35511,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1430069072945,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58927,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1430069072986,"flow_last_seen":1430069073299,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1466,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.253.199","src_port":58964,"dst_port":5223,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022093,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":58810,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1430069022105,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":56820,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1430069021959,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030119,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.191.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1430069030083,"flow_last_seen":1430069030115,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":61011,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1430069022100,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":5929,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1430069031167,"flow_last_seen":1430069031221,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":4017,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1430069030703,"flow_last_seen":1430069030748,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":24596,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":43077,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1430069022297,"flow_last_seen":1430069069068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":589,"flow_tot_l4_payload_len":2142,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":27,"flow_first_seen":1430069030121,"flow_last_seen":1430069041457,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5586,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":37821,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1430069031230,"flow_last_seen":1430069031281,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":14650,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1430069022249,"flow_last_seen":1430069022282,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":29029,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1430069022007,"flow_last_seen":1430069022042,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":57816,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1430069022252,"flow_last_seen":1430069022295,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25117,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1430069030557,"flow_last_seen":1430069030591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.68.73","dst_ip":"10.24.82.188","src_port":443,"dst_port":47007,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1430069022059,"flow_last_seen":1430069022094,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":12908,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_first_seen":1430069035398,"flow_last_seen":1430069048679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"210.103.240.15","src_port":42332,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1430069022006,"flow_last_seen":1430069022041,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":35603,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":19,"flow_first_seen":1430069030751,"flow_last_seen":1430069031522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6399,"flow_avg_l4_payload_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45209,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":29,"flow_first_seen":1430069031236,"flow_last_seen":1430069031782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":7425,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45211,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":28,"flow_first_seen":1430069035967,"flow_last_seen":1430069036831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5965,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"31.13.68.84","src_port":45213,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":14,"flow_first_seen":1430069026012,"flow_last_seen":1430069051765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.221.10","dst_ip":"10.24.82.188","src_port":80,"dst_port":35922,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test"}
diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out
index b0a09180f..63d18d8f2 100644
--- a/test/results/KakaoTalk_talk.pcap.out
+++ b/test/results/KakaoTalk_talk.pcap.out
@@ -1,16 +1,16 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069140120,"flow_last_seen":0,"flow_tot_l4_data_len":94,"flow_min_l4_data_len":94,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":94,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430069140120,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00521{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":120551,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="}
00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":453803,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="}
00609{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":501776,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":194,"pkt_l4_len":158,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAALJbK0AALgbyVWf2OfsKGFK8H5DHTSs\/B+7LDflVgBgADj7dAAABAQgKmPgkrAALNdR6AAAArVkC\/4gP\/deLY5qAl+gvk5f8hql5QTAwvM9Zf4dQyEAJD7QL56t1BA6CZFNB9CDoZPBzNcfqISYY4Bqx6IvbToog47dFxVed4MxS159GEgFcWpzNI6MS\/uDRtBTN\/KgQO5PWR5hOlzi0NPjPSZ5ZvXYRnArc8Dv9Cys="}
00434{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069140,"pkt_ts_usec":504309,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzbEAAPwZJkgoYUrxn9jn7x00fkMsN+VUrPwhsgBAApaS6AAABAQgKAAs1\/Jj4JKw="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069141261,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430069141261,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":261786,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY+0AArAbF1ngcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00418{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":403174,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM1kAAPwZ\/FwoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":433753,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgY\/EAArAbF1XgcGvIKGFK8AFCG5WVqLr9xAeFBUBH\/\/1JPAAA="}
00418{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":435523,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjM10AAPwZ\/FgoYUrx4HBryhuUAUHEB4UFlai7AUBA5CBlHAAA="}
00417{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":741828,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoACgAAEAArAbexXgcGvIKGFK8AFCG5WVqLsAAAAAAUAQAAKSeAAA="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069141923,"flow_last_seen":0,"flow_tot_l4_data_len":121,"flow_min_l4_data_len":121,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":121,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1430069141923,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00558{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069141,"pkt_ts_usec":923255,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":157,"pkt_l4_len":121,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAI3lSkAAPwYIYQoYUrw2\/7ns5iQUZtvqJ3tQl6xegBgAe+ktAAABAQgKAAs2irXIgpc8aXEgdG89J3hpYW9taS5jb20nIGlkPScwJyBjaGlkPScwJyB0eXBlPSdnZXQnPjxwaW5nIHhtbG5zPSd1cm46eG1wcDpwaW5nJz48L3Bpbmc+PC9pcT4NCg=="}
00435{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069142,"pkt_ts_usec":333991,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTWOEAALQYpzDb\/uewKGFK8FGbmJFCXrF7b6ifUgBAAZ2sMAAABAQgKtcrV6gALNoo="}
00485{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069142,"pkt_ts_usec":373877,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAFfWOUAALQYpqDb\/uewKGFK8FGbmJFCXrF7b6ifUgBgAZ9bAAAABAQgKtcrV6gALNoo8aXEgY2hpZD0nMCcgaWQ9JzAnIHR5cGU9J3Jlc3VsdCcvPg=="}
@@ -18,35 +18,35 @@
00476{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069146,"pkt_ts_usec":826789,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFPzbUAAPwZJcgoYUrxn9jn7x00fkMsN+VUrPwhsgBgApZeOAAABAQgKAAs4cpj4JKwbAAAArFkC\/4gP\/deLY5qIg6dg3inW8TLcnvrnkkwr"}
00495{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069147,"pkt_ts_usec":204932,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":111,"pkt_l4_len":75,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAF9bLEAALgbyp2f2OfsKGFK8H5DHTSs\/CGzLDfl0gBgADrhfAAABAQgKmPg+0gALOHInAAAArFkC\/4gP\/deLY5qIg6dg3inW5TLcnu7nkkw7fFn03dyDxLGHftrV"}
00434{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069147,"pkt_ts_usec":215064,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzbkAAPwZJkAoYUrxn9jn7x00fkMsN+XQrPwiXgBAApYerAAABAQgKAAs4m5j4PtI="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069159456,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1430069159456,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069159,"pkt_ts_usec":456549,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvUAAPwaqhQoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOF5AAACBAV4BAIICgALPSMAAAAAAQMDBw=="}
00446{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069159,"pkt_ts_usec":814032,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUvkAAPwaqhAoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOEVAAACBAV4BAIICgALPYcAAAAAAQMDBw=="}
00446{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":833472,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzUv0AAPwaqgwoYUrzLzZPXvWkAUI8S6Z4AAAAAoAI2sOBNAAACBAV4BAIICgALPk8AAAAAAQMDBw=="}
00422{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":864508,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy2akAA+AYP6MvNk9cKGFK8AFC9aWNxqASPEumfYBIRHIjbAAACBAV4"}
00422{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":865241,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy9PkAA+AYJFMvNk9cKGFK8AFC9aWRnCMaPEumfYBIRHCckAAACBAV4"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00419{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":865821,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACioy0AAjgYyVNg63KEKGFK8Abvded6D6B\/TTMkUUBSjubgsAAA="}
00418{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":872473,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUwEAAPwaqlgoYUrzLzZPXvWkAUI8S6Z9jcagFUBA2sHrIAAA="}
00418{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":872626,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUwUAAPwaqlQoYUrzLzZPXvWkAUI8S6Z9jcagFUBA2sHrIAAA="}
01240{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069161,"pkt_ts_usec":892310,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":665,"pkt_l4_len":629,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAonUwkAAPwaoMwoYUrzLzZPXvWkAUI8S6Z9jcagFUBg2sOmQAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAExVK9B9RwIQAsZDAI4Euk8ahPEAzAXgBqcC9NIBAi6Y6T7ZWpPJeBh\/vyi1zOrFuOhoEby2hscQS3z4z4AVrbUJzoOEiCmoyrsVNTNmAqvkuHCIDEvyvpiFV2cE0pB\/Jy5JWBf5NkQRZuKVlX9T5K\/9RyjjMWMRDpUzY77mp+yZKzUM5CUlPbu027rCQ1LI48C5AQ27\/pO9dNnMWoP69mCKGDcONnq7Ai3H0OymbpNIyCEamQAZj7hjl8Z5afcbASf2S30ykuZkMmYRqfAmjtdh3iwQO\/YN1yfoe974MbjXdmfqrbCIBgw67OlFFVhCCz2ounCdcjLuDTQu4ZqY1TF51mLQrgcZVuLCI0oeLnatSCz7YhzsdgDdY1pz0Lzo6\/QIDZiJVOjZpYIdZelHCU9O3puaahtki5gie5MoM2b+kYFe\/MiD1DFBKSQ9D+Q="}
-00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_tot_l4_data_len":837,"flow_min_l4_data_len":20,"flow_max_l4_data_len":629,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1430069159456,"flow_last_seen":1430069161892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
00423{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":31775,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAArAYSU8vNk9cKGFK8AFC9aWNxqAWPEumfYBD\/\/59yAAABAQEB"}
00421{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":130835,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgREkAArQYAKcvNk9cKGFK8AFC9aWNxqAWPEuwAUBD\/\/68XAAA="}
00703{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":198981,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYRE0AArQb\/WcvNk9cKGFK8AFC9aWNxqAWPEuwAUBj\/\/7nXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H1HAhACxkMAjgS6TxqE8QDMBQYGAIBAoTrtQhJTdPFrb40+\/1\/O2g=="}
-00855{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_tot_l4_data_len":1107,"flow_min_l4_data_len":20,"flow_max_l4_data_len":629,"flow_avg_l4_data_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
+00864{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1430069159456,"flow_last_seen":1430069163198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP.QQ","breed":"Fun","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":200,"content_type":"application\/octet-stream","user_agent":"MicroMessenger Client"}}
00421{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":199164,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgRFEAArAYBJ8vNk9cKGFK8AFC9aWNxqNOPEuwAUBH\/\/65IAAA="}
00419{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":205237,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUw0AAPwaqkwoYUrzLzZPXvWkAUI8S7ABjcajTUBA6oHOpAAA="}
00419{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":207434,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjUxEAAPwaqkgoYUrzLzZPXvWkAUI8S7ABjcajUUBE6oHOnAAA="}
00421{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":250861,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcACgRFUAArAYBJsvNk9cKGFK8AFC9aWNxqNSPEuwBUBD\/\/65HAAA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069163715,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1430069163715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":715308,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADzn5UAAPwb5gwoYUrxuTI8ygMgfkPcR2OkAAAAAoAI5CAV2AAACBAV4BAIICgALPwwAAAAAAQMDBw=="}
00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":856879,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8H5CAyJJ42pD3EdjqoBI4kOpNAAACBAV4BAIICkTbaagACz8MAQMDCQ=="}
00435{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":867163,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn5kAAPwb5igoYUrxuTI8ygMgfkPcR2OqSeNqRgBAAc1DtAAABAQgKAAs\/HETbaag="}
00628{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069163,"pkt_ts_usec":878913,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMLn50AAPwb4+woYUrxuTI8ygMgfkPcR2OqSeNqRgBgAc+MXAAABAQgKAAs\/HUTbaagWAwEAiQEAAIUDAW\/AJ5x07YpI03eyTIApyp52T5fbgJrvB2vzSmAW7uAOAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1430069163715,"flow_last_seen":1430069163878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":101813,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADSw2UAALwZAmG5MjzIKGFK8H5CAyJJ42pH3Edl4gBAAH0+uAAABAQgKRNtqrAALPx0="}
01586{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":107489,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4iw2kAALwY9Q25MjzIKGFK8H5CAyJJ42pH3Edl4gBgAH7fkAAABAQgKRNtqrAALPx0WAwEANQIAADEDAVU9H6vNjsmWl+mtXVDPy8rMyQaSc89TIWgiy02NST4MAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01023{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01033{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1430069163715,"flow_last_seen":1430069164107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00435{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":110633,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn6EAAPwb5iAoYUrxuTI8ygMgfkPcR2XiSeN3lgBAAgEvhAAABAQgKAAs\/NUTbaqw="}
00881{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":115912,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXrn6UAAPwb4QQoYUrxuTI8ygMgfkPcR2XiSeN3lgBgAgCLKAAABAQgKAAs\/NUTbaqwWAwEBBhAAAQIBAC3VG74GEarKyWIAfC1t3eoICv9n3lOUl6EdMRLyzveqov7VqeSb+vUiADXEjvo2Ph4IxpM0uTEgRWks1OlyfQ8CpwOpaewjRrLbZ7\/Fm\/zPeyjp\/P3pk4lJ3FI5zqrJ+HgUULMWeKr6+AzQok+GHygmyw546qkveS2ASJI9J6rEx+UzswY8LaAepNuCXF3tLOS+Q6cMYhvlQdUkmCdPIAcy6\/aHTOZuAgr4sXjBSc2SXkXTU6DK9\/jA8GFEWxiX8kUmiD3\/ackC7YfCdwyMFwNA3nsgDZ0dDkRS1g9MwGH7v5u3hV0JEYUJn7rk3hkF2jdqDJRkYOH1L3bPWYU69dEUAwEAAQEWAwEAMF\/O2kD5pbKQHNWRGYU5syhmJpfV2RQgn4wrixRc1VRvmCK4dV8HuEl4xxthAnsmJw=="}
00756{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":376410,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR6w20AALwY\/rG5MjzIKGFK8H5CAyJJ43eX3Edq+gBgAIYO0AAABAQgKRNtrvAALPzUWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0ZlUT19StXS97iyKpOUa4IW\/fyXON8W7ON1PPWxIsbCFlSHKfXZzC9eGaF0YcZ5Vky\/m+ZkbJO7AxjCAJ7euFadRchQdVzPIZk2Ua8ouf0\/EszfOXqattY5O6GsHl+975F0cZKKkRi1W0P3N5xnbqZMkVk7o5HtDEVFhjV0OWYTBoGuJ3dvVMfhwnAHMV19wcFAMBAAEBFgMBADA5UfCcpaWCvMf6Zr8mRRWhn9ER98GyiCk9DWgwLjFlP9ZoGBTEoN6zfrpW\/0ayigQ="}
@@ -54,7 +54,7 @@
01128{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":636878,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":574,"pkt_l4_len":538,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAi6w3EAALwY+m25MjzIKGFK8H5CAyJJ43s\/3Ed2ogBgAJPtGAAABAQgKRNtstAALP1AXAwEAIOWzn8HB\/tqkYzSA8nop661iIwFvdbgU68uFKzQmKqwTFwMBAdAthL\/K4LnwxppTKehQ5EVYpXo8Lhh0qlGte2RpVmT0dai7F3WDCbEfF0MAItzCfNMrO60nrwfgR3yG7H3SrJhOzafi1R4AhzFYQzkRnME2pRPidrXe4jLLU\/MB7MDdx59Hhhl0nTZUpj\/9+npmAOuF2tYvW8dhRT5ZDiGHICcrSNDk2VUifjAHEt9sTKO00QGKRQFZ2+6MSocTvQyg20qqKf89BcNmcoz0PkyFJTPKKLlz6nauIPSDM\/LGc2p4gtCPyUlWUPY2P1N+iJVvbNw4E\/LRI7fAt8DrttaBg+W+q7NS+Bp3dPbTll59JJQ3zs\/D5mUqj6ldalTB8\/jZmaTKMuqHOfKYFQUVvnJ8JWRhQgHBDONWSD2MNAc4kQO+mgBaHW0Dw6y7KWFYXJMyiCqIRtBEwNpHxbbIbLN+CwjcLgPVx3ySvbdCZM41XkjGJLP5RX9\/X+fnpkqT9xvD6cq8h8JyYVUYGiUs4oSIZbYU0BvHS7R+NgiSEorO\/\/ZzFd0wjxLbhRhnJzoE8ey\/TI0CS9ASs0zq5LVdnbCktHCBQQTKcLZjyffmZkyeKdyg\/wuAPFHQD2MZhcQtopspUySamGmUiJuiy96L0dGEIwQ9DA=="}
01029{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":639014,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":504,"pkt_l4_len":468,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAehbLUAALQbyHWf2OfsKGFK8H5DHTSs\/CJfLDfl0gBgADvERAAABAQgKmPiDOwALOJuwAQAAA6yR+4gP88yNN9XOxadg3oGkXkBJKtT\/+3vFyl0cDdeYoXWM1uK027YSyO9hZg1Gvm3tZm04snibEaA+\/xlHu8rXrS5m+CjS\/v3uHnT1QWvK\/65YYegv\/3Y43\/q6tVJQIfoChZTc0LzybFIVyuSJXGU5yi93vTf8XWM4GZtACLo65shEy4YWK69Jg1iMsCAE8WRNHWlsJp2gpZTJ2kcOWzLEyno3Wau2\/S31nawgycOJ8ZEJ0xJ+016NvjXdKTO+Muc2xIt8Lsvmo25frywI656aipbptXEhQ+39O+Uxz929SydwPRIYhqkwO66J8P5dg4L1grEoFkOZkdYVssJXoRfm1kIVTrIxAk23Da6L6eSUEXEdJz4lBRxNkbULaqLJsSP\/ViBaYpxE4FVpm5AWGaXIZw05KO85muYxDTaIrlCxrOOeElx1lZ2sTb9E7a+dN\/MgV8+zT25eTNErC+ftHZJady9DcQEn64UlcG3D1THcHsAffBgf\/+gBiaAdiwnHPwrfIYEB8Ab3Ht6VazhwXyfbw05y+XREZOfpyaR\/bRXu7OxXjpJAX93HCsbLqhLk"}
00435{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":646094,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTzb0AAPwZJjwoYUrxn9jn7x00fkMsN+XQrPwpLgBAArTq3AAABAQgKAAs\/apj4gzs="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069164656,"flow_last_seen":0,"flow_tot_l4_data_len":462,"flow_min_l4_data_len":462,"flow_max_l4_data_len":462,"flow_avg_l4_data_len":462,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1430069164656,"flow_last_seen":0,"flow_min_l4_payload_len":442,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":442,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01018{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":656714,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":498,"pkt_l4_len":462,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAeIKLkAAjgb4AIuWAH0KGFK8Abu3Y2Ij1H9RKASKUBifhj2IAAC2AQAA7+nGaLVdqRc+Gkt7POZ3izYarM8cfC\/oKc57w3ON8GY\/K1szNYS+6Yytrgv9fJ110+svPWy4JXfqhqsy8n\/Qi0EhBo8vKa7TtIo39CMQrfI1DyAke3OCHinKUbcE7JofE08wNW\/SYiLVq+ch1jInTJlBtTETD6sakW5t+\/pqslJuJu6FErHiOcJlRXUhJ\/w2UMRtIuPzDgq66Pu7iQ4cPuLk01HGBYGyY\/ec8L+8kz8C0iE6HOIH6YT0BKGthN3UTgwPbBq6O4DQcUiN2hgrUDIxq8uw9ZbWllzKNEYrEa8k7r3ZVHoPDQdXWrcQvhxam6oeYyK7V8McoNRiSIayjOQMTgXnysBnscEyik7me1vByK2C0l2He7bBFWQmrSmeZXMFh2H60fcsxZbAlEWK0siSqlB7jvAlTaG4udBSGXSTj4rEL2MZLSGqP2XF68ncz4+WzMi\/pNklQw9YyvrinQJFb3QOjkMePALF9ilvEQ+wMia1\/U8MBwJo9G9KKjVSCXjRCZRheUcgsdenusXElIUwOqnMT+7rwPfeomV3b9fbsOdbRa7VkQEi4icvvEwgda+Sg6Qy"}
00418{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":657324,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAACjTg0AAQAZ+ZQoYUryLlgB9t2MBu1EoBIpiI9Y5UBCiGOkBAAA="}
00436{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":679541,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn60AAPwb5hQoYUrxuTI8ygMgfkPcR3aiSeODJgBAAmkJyAAABAQgKAAs\/bkTbbLQ="}
@@ -62,24 +62,24 @@
00475{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":839667,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":98,"pkt_l4_len":62,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFLThEAAQAZ+OgoYUryLlgB9t2MBu1EoBIpiI9Y5UBiiGP3wAAAmAAAA7+nGaLVdqRc+Gkt7POZ3izYaHM4cfJ\/pKc5wznSY7XhZjDJkzsc="}
00436{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":894873,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbLkAALgby0Gf2OfsKGFK8H5DHTSs\/CkvLDfmegBAADjopAAABAQgKmPiENgALP3I="}
00418{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":910803,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKL0AAjwb4uYuWAH0KGFK8Abu3Y2Ij1jlRKAS0UBCfXOA4AAA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069164966,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1430069164966,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00446{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069164,"pkt_ts_usec":966834,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxKlUAAQAaV1AoYUrxuTI8y5ekjKS1pjaoAAAAAoAI2sFqBAAACBAV4BAIICgACxz8AAAAAAQMDBQ=="}
00447{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":114875,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADwAAEAALgbyaW5MjzIKGFK8Iynl6dfwna4taY2roBI4kADPAAACBAV4BAIICkTbbpQAAsc\/AQMDCQ=="}
00434{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":115149,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKlkAAQAaV2woYUrxuTI8y5ekjKS1pjavX8J2vgBABtlp5AAABAQgKAALHTkTbbpQ="}
00626{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":129523,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":210,"pkt_l4_len":174,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAMJKl0AAQAaVTAoYUrxuTI8y5ekjKS1pjavX8J2vgBgBtm0bAAABAQgKAALHT0TbbpQWAwEAiQEAAIUDAc0IMYnVVZMQnojSelEd1V0KoNgUEJ7I0Qu6wTcqDhwtAAAYwBTACsAPwAUANcATwAnADsAEAC8AlgD\/AQAARAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1430069164966,"flow_last_seen":1430069165129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":311164,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTyhUAALwb+625MjzIKGFK8Iynl6dfwna8taY45gBAAH2ZiAAABAQgKRNtvZgACx08="}
01587{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":314856,"pkt_caplen":920,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":920,"pkt_l4_len":884,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAA4jyhkAALwb7lm5MjzIKGFK8Iynl6dfwna8taY45gBgAH9xBAAABAQgKRNtvZgACx08WAwEANQIAADEDAVU9H62U6W1lEs2MeG\/MWzGrR859HfrcOD055G7M8hnkAAAvAAAJ\/wEAAQAAIwAAFgMBAwwLAAMIAAMFAAMCMIIC\/jCCAeYCCQC35xiTrUC9NTANBgkqhkiG9w0BAQUFADBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wHhcNMTExMjA1MDkxOTI1WhcNMjExMjAyMDkxOTI1WjBBMQswCQYDVQQGEwJLUjEOMAwGA1UEBwwFU2VvdWwxDjAMBgNVBAoMBUtha2FvMRIwEAYDVQQDDAlLYWthby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVZgoiuC3vyjGQwWN1Y\/G2gLXrzYhnrYdBpXUgl5541Si1DUFeXudmto2X8JviTwtPM9bOMLk8c2gLTUKJmOdptp9qXnubsD89+qNi++nC9dmz3LRvRaWz6J0w7DFv5AsMOJ6cjJsqNbLBGSrO1bhrnXo6ZUpil+wYGT35WXJhxIkgnTWohNEsT6RlAImB9cuCGQz8DM7bHDsPNGhu5sjgZnnk+AeKK8FY9VV9dESDYb4of9Dakayp+JrR5MYVfASmd\/mbBSqJ+opCRNyVxwfhKPWkeZLD7Ahtlj6AFmso\/rwThAqCi3wI8KUooZ95z\/VLccaEg8vY7PgA0+0py+pNAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGDrJdN5Ppz9OPTa3HDXzLQwJHAUfiipBZSXzoL\/uy1yA8U26AfNtg2jWEpQ8ijR6FlqlZLcJAiiKbRMWUuNkOUJlsmzZ7AOn+R1zo\/KyIIKnOlLOSWubKfFVXNqD1W9f0XUQIQ2bEb4Hp2TPGMTxuo6H6v5HXSSpMerZD7k73HKwZDU\/jVO10Zk5dVEruTzrBbq8qa6dAJ6FxvSZ74FqIv+LOAIok4AksbSUeKWI+q\/HFIO\/kDDpqvjTP9dO3NHPgBjO42w3TF\/CywiY5NXQizBUR7JsOxh255g2sA7XIjS1vYreiyrMDXuEy+gjnwQReXnI3sA9\/dVI5HUoqdx0F4WAwEABA4AAAA="}
-01023{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_tot_l4_data_len":1202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
+01033{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1430069164966,"flow_last_seen":1430069165314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.KakaoTalk","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"4b79ae67eb3b2cf1c75e68ea0100ca1b","ja3s":"4ea82b75038dd27e8a1cb69d8b839b26","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","issuerDN":"C=KR, L=Seoul, O=Kakao, CN=Kakao.com","fingerprint":"65:88:37:51:01:AA:1F:12:E4:44:27:52:F9:32:FD:40:94:C1:08:D9"}}
00434{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":315131,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKmEAAQAaV2QoYUrxuTI8y5ekjKS1pjjnX8KEDgBAB61p5AAABAQgKAALHYkTbb2Y="}
00879{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":337348,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":394,"pkt_l4_len":358,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAXpKmUAAQAaUkgoYUrxuTI8y5ekjKS1pjjnX8KEDgBgB60dYAAABAQgKAALHZETbb2YWAwEBBhAAAQIBAG0K85NVFhEZ7hFhOhKGxgyRETHunT8FGQj+gdYeJNGhl2iTodXARNpfVdu2p053PylRQ5i17tdvDyWHd72xyqohbELbToOfcGXrnB1e7OX6cfVBE2zPFq0LzHRh4WqlvJXmbdFC2c4\/OpXZ2J+AGS8oH4hFdJk55dD0Rqcg8k1yD8PtOCz3JTFofSJ5kPB9RlClZrWGmobdIODyW\/2SxycPTbIi3MtCy\/FJ+NV\/9XPOkhUES1aafiJUriL+AMVrSMXheyGDPbeIKAuUk9lHZQ+IKt5wU9hANFmjVausdYO\/AuzpyLfh859Mv2bMtHxFPWKKtvvMTDOSS378pAbYlfUUAwEAAQEWAwEAMBFMJwdLm84p2UKtLmvOwh+jBKFAAqnH7y6vsO7dMR4yZ5w0K8GnLcpOy\/dsnWL+mg=="}
00756{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":543250,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":302,"pkt_l4_len":266,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAR7yh0AALwb9\/25MjzIKGFK8Iynl6dfwoQMtaY9\/gBgAIdQvAAABAQgKRNtwRAACx2QWAwEAqgQAAKYAAAAAAKD3FZSkod9AGBhY\/5X2U\/i0MpxTcOThL2vCJOwLIHctIhJhbVKqgMfsPsuGU5ppnVaNIPFHIucQJJetyUxYwc8IhWUYpft5eIUS37zm3nqwElJYuHYbM1VBVwEB2pGGvRa\/DZ9VlXyqfltmwRg2q1MNtPiUKvMPFjKqhG9\/ANXnhI08gMpLwXhXDj2NqXHPjC\/WZDwihyPmSLrv32HhPTuuFAMBAAEBFgMBADCrg01tB59jb9CJJs57uREHyiJPkvP6NWrj9Js4EKD9Il3eVHOg10A0ygs0IDyUSAc="}
01385{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":553046,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":766,"pkt_l4_len":730,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAu5KmkAAQAaTHQoYUrxuTI8y5ekjKS1pj3\/X8KHtgBgCILNgAAABAQgKAALHekTbcEQXAwEAINm1cNavLRNZp1pZY19HJVNlNQl6RPAjcGwjjzMfyU8KFwMBApA2DxoBwb0p9+HKSAqOqmoMv1RPpvr+UxOwddeZY7G\/Avd+vfJweoewxIwacaHoqMlPeRv50ipwmDnyqJYbxRYxW+pjKET6SQexMND677eBppHYZtfz5f9ho6VNzhUXi6dEnJvSnGIHss0qB64LM8\/NC8Dchqk7xEtC6UyIz1ZPxsbl2KKSJ6x9zs5SOvOvinqJ8i0d7eSlAvThyXW0JgPyE05CpBQjG9in6+VLiRNqg5eItsUtdU7Wn09jBccmfbF0eTpgvn0Kf6UVpmp9Tk12GuBSFBOcFaYlcxyrjM2OxytFW9fZ1O7DJjL8UP\/gk20bA1aYdGzRSAdmAGx4NO\/8HMCwEXQ7RFd361HgRFAb3vdZIS\/\/JTYSPbZm67w5vSgdD8jFR8\/ryuyJh8\/lxw3B8V+TRLep+OFjURrraXUslSzTF+dJkZ1MeMPjSxbNV6P2DshwdFUyNaaZX2w3M1i2ib1Laj5r2Mbs4OQV8MnTe+NcJf3yYK9PCJgpl9wjE2fpMHhllVb2+W+iN5btncbantgq+5QlRrq0Lwvfw89aPfmqIuQxhSZAqlcbmcnF\/HGvNhjkr8v2Rpa2QXaWofERJbbj+\/ePtv+zCGknb0eiHDAvCkBCeQI6IRO6IT+Xu1HU6GP6xSYSLp7eYuv0NiTFf1y5efQgee\/P4oVuLPnnw3DDy4vjg7KI3b09No6QWnVDqKwqR+8hwFhr67c7Z2pcpnjFochKxpN1\/dIrh6ck92S1D62dwfjg7wzSNiUseSA7c3ZhVxwIzNuNJRQxz+21FawNYXBzjvC\/f2S8MxoE1gsP\/BXWNjLHnEgs3q7iYXWjK1haxIjdgCN2byYptuqRIzz3YCq70c1Qxo1S+WxOrw=="}
01343{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":834906,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":734,"pkt_l4_len":698,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAs7yiEAALwb8Tm5MjzIKGFK8Iynl6dfwoe0taZI5gBgAJCccAAABAQgKRNtxZQACx3oXAwEAIBbu9uAJg9KejXeOW2eVwXNlTw84ENpo\/M8t0yWdLIBRFwMBAnD8\/n5dmx5yFayof5AuEOzyfFGSsuX4moQaSelOPWiF+UZEJphobW5gu8v+ad8sW8rg\/d\/HDWCGMAyq5rRYLnItWPJ2Fh3gNQfzggt6JGTgZvzawxIC\/2pueXO2eu1Vw1obTExhQq9qiDQ\/5REti2wMh0pUYVwhRdkYVK8xP0lMu3mfP+Ygm3uqN6qLNghIx\/5cJuOcj7amWTjPQHy47UJlvwM998QUmOrYuRXbaroscu3pcsDnywoLTcLx9KO7lJFw\/gZFJqvwvTRQBDV7It3yueZCiBQ\/iRoeGmw4tDYkte\/ysW73Q3eyGF2HECKqFnBNA8jc+EL64ZU6u8u15HJsd1hfR8M+fUyL+edOruuDm0hP9JNBTkjhsB6bDH9U88dJM7aI7wM\/DjJOTjBw8MgrDTuMv3osumvLOCS5eUJVjEJ+ZD2aOxMDhU6l+6\/KW248cHgPPF7w3PnRme6fjjwwU8HZvpfkFFvJgHDpo3ESXLdNp6j3dxGO6pkIjiVDb4UB7CKO2pDuTfrE9wISLgUp2e\/gAC99o2imZ7DQf0nBfID8+\/UrAAEzNu2LSaRxklqLBSUWZy2W97bJFRREf0CgM4WRPv8WqXg4NRb\/MhCEvr4kOVoW9L00yXq+RYObQyPixWLrG48PBq68n2XfkE2rEI08iTyh8zd4iMWAI7tRLI9DRvYGRcFwSUGG1ZD5kQA0CS4Ym9MjTxGXJJGBUCEnSd\/oIqxw0C50KjHrCq9Q9T6+aU+u93h524S+E7uH\/53KMYbD+WPsi0WxXhRLnoJOXSOk0yAUarVyVDyMJs8TgaRu5aOUMl85JD2NBvQnYWc="}
00435{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069165,"pkt_ts_usec":869879,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKm0AAQAaV1goYUrxuTI8y5ekjKS1pkjnX8KSHgBACVlp5AAABAQgKAALHmkTbcWU="}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1430069161865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"216.58.220.161","dst_ip":"10.24.82.188","src_port":443,"dst_port":56697,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00564{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":90460,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":164,"pkt_l4_len":128,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAJSUaEAAQAZSqQoYUrytwki8h34UbGWkOWcyCtXvgBgB1zgmAAABAQgKAALJQHWhBxYXAwEAW9BJTUK7bhQDJS6M4k2xveYn3KZ2THpi3b2p1WnyM44nZ0651+YzJehbLb+jV4nNEd4GZbKLQU+P8abQYninXFhPSKcNuFppnDwsImxNyj3HrOvurwOWRZpYp3o="}
01512{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":406256,"pkt_caplen":862,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":862,"pkt_l4_len":826,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAA05KnEAAQAaSuwoYUrxuTI8y5ekjKS1pkjnX8KSHgBgCVq2kAAABAQgKAALJX0TbcWUXAwEAILKvjA1rGSYETwUErQSrhwubprhc+diQtgy8xQIPoKbyFwMBAvA1mPcMTtVnApvBr6qYNXLE9sdtRQHNv41\/3wNOb9mRDbvyh6QxjK9ctsqj\/1gnJ8sPFF6vv9Qfv60TBVpGaRmMfRCBClcfUW8rcTaiNv6TupPERaxQ89r0QuTkJMKkghxoUVClmYxvPV6KZyIi7VqMej8vLBQPuaVn6kMyrEB1BDVYuw\/kx6rEy3xnMY9hgH3cZmtYP\/ZUvFWcvvVuRqTmqAAlhR9hMlpSPYfyaDGa9oPwzRTr+TO9N4HuQ8oHasOUn5Se4hiG+K9X\/Oo53G7tX1eLc6MeoSQi1aFHe0TtXSIzZa1vIEx\/lLJoW5QV0xm6cQbTCke+m\/b28eS2TD7mVOpJ\/aJHAn6jAWM\/q2wY5+PzF\/llSerF2IeXR+d1S+83D2TpWbiQqnCoFkgWurLJir9B9ZoJdnq+agvXh5SWlUS7ryFWK1HQ1N1za1BgMXnePt4c3GwYgdwEEnvCVexpHDSgbMf+L43TS7Ry66U+QtROG0tUFtcbHgtnVapOGMEzQiMthNJyrYcMpHuPI8VM92vbO4E9TrXjc\/KxbUlxJFYSXFVZpLMPACco2Jmzi2WuiwI2SMJXA08frVutjFK97o12J42gUBK+IwdL2QPNNYPCg6Ewf4PPh92orXcLls3MVj2eK+LxlCIAGHULIoPoKv4vfsyh0EEavhgdpDOpGXnOIac4hxV+tIr5HyiBXvVN5Uukb2XYLu2OOohXcwjdHRBIEE8dl0JYaYBQx21xBzf2Ru1Nk3i0LWRfCuYn4lgWN5+b6jc8lxQhDJ147mJcEVrXQYI+nWtScO1pw+nwfbkgkppYNI1jdEGuTZxlf4NhU\/en2bGa0t59ZXcTpeYit+eJ2YmhoMdCzM\/t4JPMhxwTysN0\/uQnJkYAoV0ZoQynW+tY6sJkstSBAmgoLf6zMoQ4bHxy8YxwaRfWYqkMSnRdjgl1Lp2+RJiFwRWR1cAcOgvQXBh7mqP2KGKwIsAmaTgwQkGeJyRLYqmdOICfOA=="}
01405{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":703772,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":782,"pkt_l4_len":746,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAv6w3UAALwY9ym5MjzIKGFK8H5CAyJJ44Mn3Ed2ogBgAJHYbAAABAQgKRNuEaAALP24XAwEAIKyRqSHyPEKNOHG7RbUjn3N9oOyPfWWQZ\/Z\/LgkxhP+lFwMBAqBa4zdJxnEZDfRNwZy\/hPBxqFpDvQ5hYHi+mhtg8aEvgmGttqPr9vNQNNBla7S12j7U4UU2Kxhqku9QG\/Gapbkn5p9eMlTKUjpoG4rm5ZMvzTwBRtHNEksYviVJewGN9zRqzro6AKklCdlULJ83Qa50rL0i7o4Cryf27OrhVtmosRHsmWWFquDQACUMe3C\/XBbk5th1bY2F09Fqvb7hZe\/51CB20BWC4pRNrAmFqGBKsWjVJGYP8DW0V7hTgSx96n6GbfXZG8C+kTfwq5enqhz0vKuuy0uZQXTMyNj6W1bdkNBjr\/LdeeBizb5p9AvbwMkoWh9rLpCdJ6mGMJcJhht903nvgcT6DtM9rn4OUQLwtnc8JW2QCYkZJng+BKHgVcUw6zbLMQyMsaZCkR3Ztb1VRE8gnGnxia3i18lF3q8W1E6+733azou0PfOVuhgUUccC\/s4wr0aIDe+pe6RoLxJbkCcYfqOtooUr\/R5f7Q3rtFL5jrQzWqlu7mTVvibdhrppK4H5OD\/5PcBoFXz3bevRM4W1XuHukXtP4Zad\/acGJykjLwcTtwtDw2\/rneRCLC3YmiChjTuPTwXbr26BQgLHieZWTK4J8J32arQRigQA2s5Y+BVT6RUVI+LrYUEIcjmsfpuzn0kwxisCDWerzdRJ\/A+g9svnfaqwJVj+JvV+SPan6vKNiHAxWibUZ1urTAtPP462YVDUUqnW\/wGEfHSsKUnY5mNBpt15FPgXybQylzjB+W3n3I+RbfKxMsWqMveLTxq+8Wwi5I4jEpw2zvtCHDpP+92cPcbCtcydfd+\/hT+kQs5VnzvXG78uuO6+1JhmeoCWOg40kWU8YzuwMRM47lFGa8z2ppWH+p6jh7v0PUEAux+WiTEvSWhXK7fXVR4="}
@@ -87,15 +87,15 @@
00435{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":707770,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADRKnUAAQAaV1AoYUrxuTI8y5ekjKS1plVPX8KeRgBACi1p5AAABAQgKAALJfUTbhGk="}
00435{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":749030,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADTn7EAAPwb5hAoYUrxuTI8ygMgfkPcR3aiSeOOTgBAAqCWIAAABAQgKAAtBzETbhGg="}
00671{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":751319,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":238,"pkt_l4_len":202,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN7n7UAAPwb42QoYUrxuTI8ygMgfkPcR3aiSeOOTgBgAqPR6AAABAQgKAAtBzUTbhGgXAwEAIBnluoAxmGsbjSSghixkdaSDIjSYX25wkt+8RBvsg5f4FwMBAIDZso0VXLxlVyzWYQHqvAkL9HrkBJF4NmKHlCnTjVCzUJRJpAxG5W\/KDzDzzwLS6IV1PPKufK6HCwnJmz76dup3nSmMi2i9yCOs2txtFjOT6CfWMoT+FwneLbcSnxUNXWXeojiJ5zXCS\/BTDVFDhQbd\/RNtshJHz\/Qx\/3q1tFGtow=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":86,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":892951,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAPxHbOAoYUrwByQGuLDlaBQBWgNSByQAHC4ZVGZBlh61hMGy+mVz7szeLE04wAIGpUs16HTnaFQo\/DwShnbgrVUo6QPfO7hnIEQI6Zble8vC3moejgAAAAXwPCk3m1v5lftk="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":86,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":86,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1430069170892,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00511{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069170,"pkt_ts_usec":975714,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGoAAEAAQBHaOAoYUrwByQGuKB1aBwBWSf6ByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":86,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1430069170975,"flow_last_seen":0,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","ndpi": {"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00481{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":118750,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":100,"pkt_l4_len":64,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFQAAEAAPxHbTgoYUrwByQGuLDhaBABATCmA7E6yizmc2guGVRn+xfaQv+g9g3ccEnajV1GbM8MpJWVK2C77CAiJwDoJYkgGCqWuS2HWMkwGeQ=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1430069171118,"flow_last_seen":0,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00478{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":120856,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/C92AbE6zizmgmguGVRkt\/rZnfXpGz0N2A\/IfJpewUyMSY166JO1xGXdEkGNQd31ADIw6ZS3SDh9Y"}
00478{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":120948,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/5SmAbE60izmkWguGVRmezvGSQL2r8\/lU9MEKvF6SC08uWokrFHcn2V7\/8UTxLNEjkf5mPRch1tsI"}
00512{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":127448,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAGoAAEAAGxH\/EAHJAa4KGFK8WgUsOQBWReSByQAHVJql2hcYBvUW09\/cV2PnqW9IAC+tkcS3zbxHaXzNy97m1tMPsxdrmxKMjQTBocmvV+MtI4fyJpYC3zCcgAAAAaPWslm6g8tl\/I8="}
@@ -103,9 +103,9 @@
00476{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":212470,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/7uaAbE62izmr2guGVRn8RhAolyCXjh9CBCF49gOSkQpyC1NGr5hVj6UCX85c7EbzzNysGYkXDN7V"}
00479{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":310797,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/3fiAbE63izmvmguGVRmGYc\/PxspsGATqnXfn\/lPOI8HaYGxhOfAK95CP\/Qe8aH4EXhyz4xuxnPQn"}
00476{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":310919,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/4amAbE64izmzWguGVRmsmUnG0GC8lkny6NAie4a5CSGZuJh+JZq1q9GcWniRPJDg6+UyOn2o7f17"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_tot_l4_data_len":87,"flow_min_l4_data_len":87,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00510{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":389136,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":123,"pkt_l4_len":87,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGsAAEAAQBHaNwoYUrwByQGuKBxaBgBXWCuA7DE+fqkVA1Sapdp6cTmDebnhh8KUkQVLcfVIHO+KdE\/hh8TrsDi1pxsxiqViFSLVRYeZKeMWrEXQddUHKF8UZHmGznF9XlwFasBuVesU"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_tot_l4_data_len":87,"flow_min_l4_data_len":87,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1430069171389,"flow_last_seen":0,"flow_min_l4_payload_len":79,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":79,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00476{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":414466,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":99,"pkt_l4_len":63,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFMAAEAAPxHbTwoYUrwByQGuLDhaBAA\/8i6AbE65izm3GguGVRmdGcA+AQC9PW6Iu7D56EiFtVEV8BRmHczMxTAvU5GNKbDmUz3uXGfPQe61"}
00604{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":425208,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":192,"pkt_l4_len":156,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAALAAAEAAQBHZ8goYUrwByQGuKBxaBgCccR6AbDE\/fqkYw1SapdpQtIGDUUcsKy8FZc8SkcXbnkaLnkk7o+K31\/Lp8iVo3SBPJc3DyoRUtaFntc3koP5JLgEppFZXqNkw36nmYntuZ329GNTJ06T0XeyZJfDm34fzEotPLv3zEaM1kQ76cuJR6IF9rGbKT3sQKWcYIsd5M3XbqcXgkS4bFd8efSkCV9pxMGaMM2HU"}
00502{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069171,"pkt_ts_usec":464453,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":115,"pkt_l4_len":79,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAGMAAEAAQBHaPwoYUrwByQGuKBxaBgBPG\/OAbDFAfqkcg1SapdrEmBFpbnVmJMblF0rZoL8vvV92uiSDpJJT7NfUzojI6pP2kn9ZuUksJi0oXTyacMa3Otx9PZKNJxznlw=="}
@@ -136,9 +136,9 @@
00539{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":37726,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqZYeByAAMVJql2pfLuFsajzgI1GDl8NkFRGhOyQ6thpJYAOTYJlo9hdZVicoZQsCxkiH\/3fDmYyH9D6n5lvUWFQSCeoKxyM8tWJPmna38RJwk7wBqD5OAAAADKGmQ4Gj9SLx1sQ=="}
00545{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":115454,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGhH\/\/AHJAa4KGFK8WgcoHQBqGyyByAAMC4ZVGRvN6Z48FBPXUmifLFQsGuSjeOUcO85HTHtDHvXvyqkZp\/ZQTHwoc4rLMwW\/Mpy9OSUDQLloAM1pJAcB+M52Dd+1\/1jxID1F3PS\/ZYuAAAADsb6NtDdP2V5EjA=="}
00541{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069176,"pkt_ts_usec":200476,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgUsOQBqYW2ByAAMVJql2pfLuFsajzgI1GDl8NkFRGhOyQ6thpJYAOTYJlo9hdZVicoZQsCxkiH\/3fDmYyH9D6n5lvUWFQSCeoKxyM8tWJPmna38RJwk7wBqD5OAAAADKGmQ4Gj9SLx1sQ=="}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":677,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1430069170090,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.194.72.188","src_port":34686,"dst_port":5228,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00456{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":329901,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":83,"pkt_l4_len":47,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAENCkkAAQAbmZQoYUrzYOtyuwEEBuxTXAEVlWZivUBiMAAFrAAAVAwEAFnnuS9reX0mqADPiihp3NglZFsDnKQA="}
00540{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":702674,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqyS6ByAAMVJql2nhUecfSj38IyetU7qmBuDDPjWXjWG6rSfmFeg4CNNxlBxif7M9KMVtpfq2RjbJmtK+rq2SSv32uc+V\/lvbg2LY9MFOYdQ6IXJKzlD6AAAAE+zNyuhY7D2DdMg=="}
00541{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069180,"pkt_ts_usec":709632,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqTFSByAAMC4ZVGQ21DhFtJ5pVSpHA29mSXWgupbBBO2VyAq\/04b9a0U3MpwQFQvWqFidhxeuTBSyks5kk9ZQJHxCKEShx1YUsKPxryHVVYZGtotYaqIGAAAAEQW6VLf5HEs5d\/Q=="}
@@ -149,10 +149,10 @@
00545{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069185,"pkt_ts_usec":668830,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgUsOQBq9dGByAAMVJql2vzdEHtzVkuLwbh85caR8kjCcDaL3PS\/PCBmHKFhUSVDzj8AsEmUKMXA4RVxQRjLhRRrd\/\/nqFxlHC1t4TMWO5IABN8HcsyrvgJSoh6AAAAFwPG5g0w8m5sYNA=="}
00542{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069185,"pkt_ts_usec":851386,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgcoHQBqQFeByAAMC4ZVGcUjApy2sue2tvDaN2KXPaYSbTfXaSG+ITJBdxGS4Z7v96DyWGv1vboRBsIe1PTM7lRMYuB6d0wicOv2m8voT\/jI4qNuL+yAlVSZpvyAAAAFsvRi3qH3s9CHuQ=="}
00540{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069190,"pkt_ts_usec":86249,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqCSmByAAMVJql2gRWPG3l8w5hOwzoy9m2wROuAugBJqx5iNx7FJ02GyGvsIOD2bPTvUWQL0OmwzWT8TtbUF1kXKRhc5TuDE7J9Dm4r2uYi9gLbNEOgXWAAAAGz5aUe2fjPfiCzA=="}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1304,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1430069180329,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"216.58.220.174","src_port":49217,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00544{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069190,"pkt_ts_usec":414282,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBqdx6ByAAMC4ZVGYPBykZo98GjW7rSje0MC\/FhIPRFNwClmIb9SGUZgNWOTNyayh3yccRe6e23Me\/3Lybtb9K3v7dyVC\/mDym9bajjfD19bHFV97QkQZaAAAAGt3WpIYgG7Bo8Eg=="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00422{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":291327,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACg66EAAjgYtFq38egEKGFK8AbvLm\/Ii35zxwsMTUBSkcjKfAAA="}
00542{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1477,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":359595,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgUsOQBqBQ+ByAAMVJql2gRWPG3l8w5hOwzoy9m2wROuAugBJqx5iNx7FJ02GyGvsIOD2bPTvUWQL0OmwzWT8TtbUF1kXKRhc5TuDE7J9Dm4r2uYi9gLbNEOgXWAAAAGz5aUe2fjPfiCzA=="}
00545{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069193,"pkt_ts_usec":952552,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgcoHQBqeziByAAMC4ZVGYPBykZo98GjW7rSje0MC\/FhIPRFNwClmIb9SGUZgNWOTNyayh3yccRe6e23Me\/3Lybtb9K3v7dyVC\/mDym9bajjfD19bHFV97QkQZaAAAAGt3WpIYgG7Bo8Eg=="}
@@ -162,34 +162,34 @@
00544{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1784,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069197,"pkt_ts_usec":128607,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAGxH+\/AHJAa4KGFK8WgcoHQBql62ByAAMC4ZVGbItSd6\/mTyCIr4E3Y5lu3\/72m5jcJjbwC5KlnCFnzd0zuOtETGMhjqjiiAH+YRIre6dMeMVSoMFs0jEh5oqJoOmprnMRKGlbL9RDliAAAAHKgs0sfS9+zbuxw=="}
00543{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069199,"pkt_ts_usec":424079,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAQBHaJAoYUrwByQGuKB1aBwBqiN+ByAAMVJql2usjul1bYt0wXtBGultF6ID8cTY8FKzSbZy09RI\/Nk\/Zog6jhkaTF88sGdIGxg0nTTITCbns5cdACSsU7aRlGhJYmiNLLu3NkWkKaSGAAAAIuSiehL8FPbSahw=="}
00543{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069200,"pkt_ts_usec":111334,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAH4AAEAAPxHbJAoYUrwByQGuLDlaBQBq5\/mByAAMC4ZVGaDpnSddKM5Xo0F7IzUlJ0K974tSl6CKC75qjJ7CzzdGPB\/jgt1yWqXNt5f8eE7my+DfJ1ibS2biQYoq0+IluHuPfo1V6AWC+zZ2seaAAAAIJChM86bO4q6g9Q=="}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069201833,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1430069193291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.122.1","dst_ip":"10.24.82.188","src_port":443,"dst_port":52123,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1430069201833,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00441{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069201,"pkt_ts_usec":833106,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOw0AAQAYrdAoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtk1IAAABAQgKAALVpswmIb5QFA=="}
00543{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2136,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069202,"pkt_ts_usec":289099,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAACEgAAAAAAAAAAAAAIAEUoAH4AAEAAHBH9\/AHJAa4KGFK8WgcoHQBq7BOByAAMC4ZVGaDpnSddKM5Xo0F7IzUlJ0K974tSl6CKC75qjJ7CzzdGPB\/jgt1yWqXNt5f8eE7my+DfJ1ibS2biQYoq0+IluHuPfo1V6AWC+zZ2seaAAAAIJChM86bO4q6g9Q=="}
00441{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069202,"pkt_ts_usec":570380,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxEAAQAYrcwoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkz+AAABAQgKAALV8MwmIb5QFA=="}
00440{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069204,"pkt_ts_usec":49811,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxUAAQAYrcgoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtkxqAAABAQgKAALWhMwmIb5QFA=="}
00440{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069207,"pkt_ts_usec":19934,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":70,"pkt_l4_len":34,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADZOxkAAQAYrcQoYUrzLzZfp0tYfkMl8NsazTa2QgBgBtktBAAABAQgKAALXrcwmIb5QFA=="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069210,"pkt_ts_usec":863623,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACih+UAAjgbKWq3CdeUKGFK8AbuV7IoFQj5TpMuVUBSklweYAAA="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069211505,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1430069211505,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00421{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2838,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":505377,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAChd+0AA+AbBg638WIAKGFK8AbvqCPsyGz7Wm7gkUBQAALuKAAA="}
00438{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":505591,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADTK\/EAAjga+dq38WIAKGFK8AbvqCPsyGz7Wm7gkgBQClSKzAAABAQgKopRXsAACYuQ="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069211639,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1430069211639,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00451{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2851,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":639075,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADxoAkAAQAZvaQoYUryt\/FiA6jIBuzJ1sXgAAAAAoAI2sGN\/AAACBAV4BAIICgAC2XoAAAAAAQMDBQ=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
00454{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":640662,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":79,"pkt_l4_len":43,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAD\/Ze0AAQBH4oQoYUrwKvAEBYocANQAr1lVimAEAAAEAAAAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2852,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1430069211640,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00425{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":703101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACy0dUAA+AZrBa38WIAKGFK8AbvqMmPPnoQydbF5YBIRHFG1AAACBAV4"}
00422{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":703253,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoA0AAQAZvfAoYUryt\/FiA6jIBuzJ1sXljz56FUBA2sGNrAAA="}
00714{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":712958,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":272,"pkt_l4_len":236,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAQBoBEAAQAZuowoYUryt\/FiA6jIBuzJ1sXljz56FUBg2sOucAAAWAwEA0wEAAM8DAVU9H9uNfuN6igTtfCsi5UGJAGu+tBUa6vvxV3L7s6crIN7mSkHwum5YAkPf9F1sC8Q73hXOE4o3oouZE9fRYbaoAEYABAAFAC8ANcACwATABcAMwA7AD8AHwAnACsARwBPAFAAzADkAMgA4AArAA8ANwAjAEgAWABMACQAVABIAAwAIABQAEQD\/AQAAQAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABE="}
-00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2858,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1430069211639,"flow_last_seen":1430069211712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":795264,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACwAAEAAjgaJe638WIAKGFK8AbvqMmPPnoUydbF5YBClZMLnAAABAQEB"}
00507{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":843116,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":118,"pkt_l4_len":82,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAGYfywAANRH9Kwq8AQEKGFK8ADVihwBSfKJimIGAAAEAAgAAAAAEbXF0dAhmYWNlYm9vawNjb20AAAEAAcAMAAUAAQAABNAACwRtcXR0A3Z2dsARwC8AAQABAAAAAQAErfxhAg=="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_tot_l4_data_len":125,"flow_min_l4_data_len":43,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2869,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"mqtt.facebook.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.252.97.2"}}
00421{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2874,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069211,"pkt_ts_usec":911353,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKNUAAjwZ+Sq38WIAKGFK8AbvqMmPPnoUydbJRUBCkjNTtAAA="}
00604{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":207099,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":189,"pkt_l4_len":153,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAK0KNkAAjwZ9xK38WIAKGFK8AbvqMmPPnoUydbJRUBikjBBtAAAWAwEAUQIAAE0DAfA+D6DpcQ3Du4DZ7Y6rvcT6jYxmd6Ol\/g3w06+\/HU8sIN7mSkHwum5YAkPf9F1sC8Q73hXOE4o3oouZE9fRYbaowAcAAAX\/AQABABQDAQABARYDAQAk6N+FUIVKZLQccHEX6xyqO1qiHy\/f00KJnytKACn9V9mLgEoo"}
-00801{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
+00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2893,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":7,"flow_first_seen":1430069211639,"flow_last_seen":1430069212207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"07dddc59e60135c7b479d39c3ae686af","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"}}
00422{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2894,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":207251,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoBUAAQAZvegoYUryt\/FiA6jIBuzJ1slFjz58KUBA6oGNrAAA="}
00488{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2895,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":209265,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":103,"pkt_l4_len":67,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAFdoBkAAQAZvSgoYUryt\/FiA6jIBuzJ1slFjz58KUBg6oI0IAAAUAwEAAQEWAwEAJNNUjztPeLf147JYV5daEDvCo7lXC38bAOGD1f0x5+vFPP4MGg=="}
00422{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2904,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":263373,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAACgKN0AAjwZ+SK38WIAKGFK8AbvqMmPPnwoydbKAUBCkjNQ5AAA="}
@@ -200,27 +200,27 @@
00463{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":955237,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":85,"pkt_l4_len":49,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAEUKOUAAjwZ+Ka38WIAKGFK8AbvqMmPPnwoydbUnUBikjNy5AAAXAwEAGNqCFgbWv18wha9ZQIz07o\/4gF17BR3UvQ=="}
00423{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069212,"pkt_ts_usec":989997,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAChoCUAAQAZvdgoYUryt\/FiA6jIBuzJ1tSdjz58nUBA6oGNrAAA="}
01014{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430069216,"pkt_ts_usec":559027,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":490,"pkt_l4_len":454,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAAdoKMEAAjgb4BouWAH0KGFK8Abu3Y2Ij1jlRKAS0UBifXH0zAACuAQAASco9e7VdqRc+Gkt7POZ3iw2F7xO4X2pC90c2WlKrkfUQp81wR7\/apKWRUN0xPn3rHrbfRdi+XhHa+j4GRhmQQo\/WP2OspzKBm3YLCNKlzTZ8kvGwZaDeSN6zsmCH4s4re40+RQD92a4DC1ldY8M0G8hP9VOib0DJc8A\/U\/Hl7Yga02rJ0WU9\/xZx0Y6IJDivqf2F6fu0KFw9\/9fRYLX4a4x4Dr04QF6nYY2hppUHqN+VoOshDOfBSjLOUu9eZW5XsK1QKV3ankWOeHcuur1QBnDUH7AyyKw05AsWLTgn93O9gTlO+KcD06aYGem2n3YDlKyjAH0YiG7yWXnHwud76KDQSYBeZwVKZUdN03qYy46C+rNDMk1+00VzRWs8Md0kD\/3WMG7IkKoLgycycmrBfqojZNvS0\/0M4FWQtEgD0\/9joTJQJuB7Q89d9iEB\/EX6dWqIJrF\/uwZ62wHFVsQVYEl6gV8ebF1xuilClTTE9Kv1ehLuEA6uKjKq32J1m2Se02dJBOb3S7pO0rsp3AvylwOa4z1IIKA5no19mPAA1kDKuhcfIna6FJ+5AXdIvA=="}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_tot_l4_data_len":2980,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":32,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":32,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_tot_l4_data_len":144942,"flow_min_l4_data_len":63,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_tot_l4_data_len":2320,"flow_min_l4_data_len":86,"flow_max_l4_data_len":114,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_tot_l4_data_len":1187,"flow_min_l4_data_len":20,"flow_max_l4_data_len":629,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_tot_l4_data_len":8488,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_tot_l4_data_len":1092,"flow_min_l4_data_len":32,"flow_max_l4_data_len":468,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_tot_l4_data_len":1092,"flow_min_l4_data_len":32,"flow_max_l4_data_len":468,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_tot_l4_data_len":9098,"flow_min_l4_data_len":32,"flow_max_l4_data_len":884,"flow_avg_l4_data_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_tot_l4_data_len":125,"flow_min_l4_data_len":43,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_tot_l4_data_len":146133,"flow_min_l4_data_len":63,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_tot_l4_data_len":2292,"flow_min_l4_data_len":86,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_tot_l4_data_len":1018,"flow_min_l4_data_len":20,"flow_max_l4_data_len":462,"flow_avg_l4_data_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_tot_l4_data_len":1018,"flow_min_l4_data_len":20,"flow_max_l4_data_len":462,"flow_avg_l4_data_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_first_seen":1430069201833,"flow_last_seen":1430069212950,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.151.233","src_port":53974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1430069211505,"flow_last_seen":1430069211505,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.252.88.128","dst_ip":"10.24.82.188","src_port":443,"dst_port":59912,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":29,"flow_first_seen":1430069211639,"flow_last_seen":1430069213599,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2372,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"173.252.88.128","src_port":59954,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1430069141923,"flow_last_seen":1430069142383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"54.255.185.236","src_port":58916,"dst_port":5222,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1430069210863,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"173.194.117.229","dst_ip":"10.24.82.188","src_port":443,"dst_port":38380,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1488,"flow_first_seen":1430069171389,"flow_last_seen":1430069216410,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":133038,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10268,"dst_port":23046,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":22,"flow_first_seen":1430069170975,"flow_last_seen":1430069216076,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":2144,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":10269,"dst_port":23047,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1430069159456,"flow_last_seen":1430069163250,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":609,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"203.205.147.215","src_port":48489,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1430069141261,"flow_last_seen":1430069141741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"120.28.26.242","dst_ip":"10.24.82.188","src_port":80,"dst_port":34533,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":45,"flow_first_seen":1430069163715,"flow_last_seen":1430069216555,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7008,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":32968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1430069140120,"flow_last_seen":1430069164894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":436,"flow_tot_l4_payload_len":740,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":40,"flow_first_seen":1430069164966,"flow_last_seen":1430069216555,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":852,"flow_tot_l4_payload_len":7778,"flow_avg_l4_payload_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"110.76.143.50","src_port":58857,"dst_port":9001,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1430069211640,"flow_last_seen":1430069211843,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":74,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":25223,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1503,"flow_first_seen":1430069171118,"flow_last_seen":1430069216536,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":134109,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11320,"dst_port":23044,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test"}
diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out
index 38472ce50..8d939727c 100644
--- a/test/results/NTPv2.pcap.out
+++ b/test/results/NTPv2.pcap.out
@@ -1,6 +1,6 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00883{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865383,"pkt_ts_usec":632810,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865383632,"flow_last_seen":0,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test"}
diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out
index e6f6bd129..5811bb37c 100644
--- a/test/results/NTPv3.pcap.out
+++ b/test/results/NTPv3.pcap.out
@@ -1,6 +1,6 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865405,"pkt_ts_usec":371462,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"}
-00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
-00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865405371,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test"}
diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out
index fabf71d28..857a083e8 100644
--- a/test/results/NTPv4.pcap.out
+++ b/test/results/NTPv4.pcap.out
@@ -1,6 +1,6 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436865396,"pkt_ts_usec":190857,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"}
-00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
-00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436865396190,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test"}
diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out
index 0d98223d4..5756928b0 100644
--- a/test/results/Oscar.pcap.out
+++ b/test/results/Oscar.pcap.out
@@ -1,5 +1,5 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434606464176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":176482,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205135,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":205258,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAxCW5ILDE3pmjdICABFAAAo27ZAAEAGAAAKHh0Dsu0Y+fd9Abu9oGym\/y\/obVAQ\/\/\/zIQAA"}
@@ -15,6 +15,6 @@
02230{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":315224,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"DE3pmjdIAAxCW5ILCABFAAV4eAxAAG8Gm2yy7Rj5Ch4dAwG7933\/L+sGvaBuJVAQQACxfQAAKgIZjwZzAAEABwAAAAAAAgAFAAEAAABQAAAJxAAAB9AAAAXcAAADIAAAFtsAABdwAAAAAAAAAgAAAFAAAAu4AAAH0AAABdwAAAPoAAAXcAAAF3AAAABAAAADAAAAFAAADBwAAAnEAAAH0AAABdwAAA2sAAARlAAAAEAAAAQAAAAUAAAVfAAAFLQAABBoAAALuAAAF3AAAB9AAAAAQAAABQAAAAoAABV8AAAUtAAAEGgAAAu4AAAXcAAAH0AAAABAAAABAV0AAQABAAEAAgABAAMAAQAEAAEABQABAAYAAQAHAAEACAABAAkAAQAKAAEACwABAAwAAQANAAEADgABAA8AAQAQAAEAEQABABIAAQATAAEAFAABABUAAQAWAAEAFwABABgAAQAZAAEAGgABABsAAQAcAAEAHQABAB8AAQAgAAEAIQABACIAAQAjAAEAJAABACUAAQAmAAEAJwABACgAAgABAAIAAgACAAMAAgAEAAIABgACAAcAAgAIAAIACgACAAwAAgANAAIADgACAA8AAgAQAAIAEQACABIAAgATAAIAFAACABUAAgAWAAIAFwACABgAAgAZAAMAAQADAAIAAwADAAMABgADAAcAAwAIAAMACQADAAoAAwALAAMADAADAA0AAwAOAAMADwADABAAAwARAAMAEgADABMAAwAUAAMAFQADABYABAABAAQAAgAEAAMABAAEAAQABQAEAAcABAAIAAQACQAEAAoABAALAAQADAAEAA0ABAAOAAQADwAEABAABAARAAQAEgAEABMABAAUAAQAFQAEABYABAAXAAQAGAAEABkABAAaAAQAGwAEABwABAAdAAQAHgAEAB8ACAABAAgAAgAJAAEACQACAAkAAwAJAAQACQAJAAkACgAJAAsACwABAAsAAgALAAMACwAEABMAAQATAAIAEwADABMABAATAAUAEwAGABMABwATAAgAEwAJABMACgATAAsAEwAMABMADQATAA4AEwAPABMAEAATABEAEwASABMAEwATABQAEwAVABMAFgATABcAEwAYABMAGQATABsAEwAcABMAHQATAB4AEwAfABMAIAATACEAEwAiABMAIwATACQAEwAlABMAJgATACcAEwAoABMAKQATACoAEwArABMALAATAC0AEwAuABMALwATADAAEwAxABMAMgATADMAEwA0ABMANQATADYAEwA3ABMAOAATADkAEwA6ABMAOwATADwAEwA9ABMAPgATAD8AEwBAABMAQQATAEIAEwBDABMARAATAEUAEwBGABMARwATAEgAEwBJABMASgATAEsAEwBMABMATQATAE4AEwBPABMAUAATAFEAEwBSABMAUwATAFQAEwBVABMAVgATAFcAEwBYABMAWQATAFoAEwBbABMAXAATAF0AEwBeABMAXwATAGAAEwBhABMAYgATAGMAEwBkABMAZQATAGYAEwBnABMAaAATAGkAEwBqABMAawATAGwAEwBtABMAbgATAG8AEwBwABMAcQATAHIAEwBzABMAdAATAHUAEwB2ABMAdwATAHgAEwB5ABMAegATAHsAEwB8ABMAfQATAH4AEwB\/ABMAgAATAIEAEwCCABMAgwATAIQAEwCFABMAhgATAIcAEwCIABMAiQATAIoAEwCLABMAjAATAI0AEwCOABMAjwATAJAAEwCRABMAkgATAJMAEwCUABMAlQATAJYAEwCXABMAmAATAJkAEwCaABMAmwATAJwAEwCdABMAngATAJ8AEwCgABMAoQATAKIAEwCjABMApAATAKUAEwCmABMApwATAA=="}
00808{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":316067,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"pkt":"DE3pmjdIAAxCW5ILCABFAAFReA1AAG8Gn5Ky7Rj5Ch4dAwG7933\/L\/BWvaBuJVAYQACc7wAAqAATAKkAEwCqABMAqwATAKwAEwCtABMArgATAK8AEwCwABMAsQATALIAEwCzABMAtAATALUAEwC2ABMAtwATALgAEwC5ABMAugATALsAEwC8ABMAvQATAL4AEwC\/ABMAwAATAMEAEwDCABMAwwATAMQAEwDFABMAxgATAMcAEwDIABMAyQATAMoAEwDLABMAzAATAM0AEwDOABMAzwATANAAEwDRABMA0gATANMAFQABABUAAgAVAAMAIgABACIAAgAiAAMAJQABACUAAgAlAAMAJQAEACUABQAlAAYAJQAHACUACAAlAAkAAgAGAAMABAADAAUACQAFAAkABgAJAAcACQAIAAMABAABAB4AAgAFAAQABgATABoABAACAAIACQACAAsABQAA"}
00411{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"Oscar.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434606464,"pkt_ts_usec":316149,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAxCW5ILDE3pmjdICABFAAAorgZAAEAGAAAKHh0Dsu0Y+fd9Abu9oG4l\/y\/xf1AQ\/\/\/zIQAA"}
-00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_tot_l4_data_len":6898,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_tot_l4_data_len":6898,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test"}
diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out
index a92bd0a4b..2026fbb42 100644
--- a/test/results/WebattackRCE.pcap.out
+++ b/test/results/WebattackRCE.pcap.out
@@ -1,3190 +1,3190 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00611{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":577658,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00607{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":660503,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"AAAAAAAAAAAAAAAACABFAAC27PBAAEAGT09\/AAABfwAAAcGKH5BK6tTkZxKX74AYAED+qgAAAQEICp1m+tydZvrcR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpnZXRpbmZvKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:getinfo)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00607{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":662186,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"AAAAAAAAAAAAAAAACABFAAC4K79AAEAGEH9\/AAABfwAAAcGMH5CQBxOx8tDDVoAYAED+rAAAAQEICp1m+t6dZvreR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_tot_l4_data_len":204,"flow_min_l4_data_len":204,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00663{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":665296,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"AAAAAAAAAAAAAAAACABFAADgK7lAAEAGEF1\/AAABfwAAAcGOH5AW+BO6KmQtsoAYAED+1AAAAQEICp1m+uGdZvrhR0VUIC8waFhDNlpVRS5yZGYrZGVzdHlwZT1jYWNoZStkZXNmb3JtYXQ9UERGIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_tot_l4_data_len":204,"flow_min_l4_data_len":204,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":666519,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBh\/hAAEAGtDx\/AAABfwAAAcGQH5AhqL\/5vbvzaYAYAED+tQAAAQEICp1m+uKdZvriR0VUIC8uMGhYQzZaVUUgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/.0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":667632,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA3LVAAEAGX4B\/AAABfwAAAcGSH5CmzuS+LKoqroAYAED+tAAAAQEICp1m+uOdZvrjR0VUIC8waFhDNlpVRSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":668793,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHxyBAAEAGdQ5\/AAABfwAAAcGUH5ATo\/8SaEXHToAYAED+uwAAAQEICp1m+uSdZvrkR0VUIC8waFhDNlpVRS5wbHxkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":669949,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE5o1AAEAGVaR\/AAABfwAAAcGWH5C1696FBSsDZ4AYAED+uAAAAQEICp1m+uWdZvrlR0VUIC8waFhDNlpVRS50eHQgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":672169,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEp8RAAEAGlG1\/AAABfwAAAcGYH5CQgZ\/Tf1wQGoAYAED+uAAAAQEICp1m+uidZvroR0VUIC8waFhDNlpVRS5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":673700,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"AAAAAAAAAAAAAAAACABFAADOZZhAAEAG1o9\/AAABfwAAAcGaH5DBdl2HfBCdbYAYAED+wgAAAQEICp1m+umdZvrpR0VUIC8waFhDNlpVRS5CQm9hcmRTZXJ2bGV0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":675040,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE9v9AAEAGRTJ\/AAABfwAAAcGcH5BsDc7u0ozjzoAYAED+uAAAAQEICp1m+uqdZvrqR0VUIC8waFhDNlpVRS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":676249,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHEPBAAEAGKz9\/AAABfwAAAcGeH5DFGykA4SBK+YAYAED+uwAAAQEICp1m+uydZvrsR0VUIC8waFhDNlpVRS4xMDoxMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":677388,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADECABAAEAGNDJ\/AAABfwAAAcGgH5BVFT\/w+l\/OFYAYAED+uAAAAQEICp1m+u2dZvrtR0VUIC8waFhDNlpVRS5leGUgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":678526,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFtjJAAEAGhf5\/AAABfwAAAcGiH5AIK44ii9cP6IAYAED+uQAAAQEICp1m+u6dZvruR0VUIC8waFhDNlpVRS5waHAzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":679657,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEHFNAAEAGH99\/AAABfwAAAcGkH5DblSRB+hg5GYAYAED+uAAAAQEICp1m+u+dZvrvR0VUIC8waFhDNlpVRS5iYXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.bat","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":680791,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBM9JAAEAGCGN\/AAABfwAAAcGmH5Br4QvDZx90z4AYAED+tQAAAQEICp1m+vCdZvrwR0VUIC8waFhDNlpVRS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":681921,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEACBAAEAGPBJ\/AAABfwAAAcGoH5CXxDgNS2MhWYAYAED+uAAAAQEICp1m+vGdZvrxR0VUIC8waFhDNlpVRS5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":683033,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDkEpAAEAGq+h\/AAABfwAAAcGqH5CEAqhbm4E5vYAYAED+twAAAQEICp1m+vKdZvryR0VUIC8waFhDNlpVRS5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":685360,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE6exAAEAGUkV\/AAABfwAAAcGsH5Ci99H6PnUDOIAYAED+uAAAAQEICp1m+vWdZvr1R0VUIC8waFhDNlpVRS5jbWQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.cmd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":686570,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEl0RAAEAGpO1\/AAABfwAAAcGuH5BUwq9SBePOj4AYAED+uAAAAQEICp1m+vadZvr2R0VUIC8waFhDNlpVRS5odG0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":687779,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFbA5AAEAG0CJ\/AAABfwAAAcGwH5CxUlQZUrozMIAYAED+uQAAAQEICp1m+vedZvr3R0VUIC8waFhDNlpVRS5odG1sIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":689229,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEYhpAAEAG2hd\/AAABfwAAAcGyH5BKOloN5Bjd7oAYAED+uAAAAQEICp1m+vmdZvr5R0VUIC8waFhDNlpVRS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om1hcF9jb2RlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":690572,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADErQxAAEAGjyV\/AAABfwAAAcG0H5DNO5UfftfaRYAYAED+uAAAAQEICp1m+vqdZvr6R0VUIC8waFhDNlpVRS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":692302,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEWZ5AAEAG4pN\/AAABfwAAAcG2H5D\/SmGKHR\/Uy4AYAED+uAAAAQEICp1m+vydZvr7R0VUIC8waFhDNlpVRS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":694171,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIBvJAAEAGNTx\/AAABfwAAAcG4H5DthT7meWwMh4AYAED+vAAAAQEICp1m+v6dZvr9R0VUIC8waFhDNlpVRS5leGV8ZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bWFwX2NvZGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0hXC6ZUE.exe|dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":695957,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCG\/NAAEAGIEF\/AAABfwAAAcG6H5DzUiPolNWjYoAYAED+tgAAAQEICp1m+v+dZvr\/R0VUIC9pbmRleC5waHA\/IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptYXBfY29kZXMpDQoNCg=="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:map_codes)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":697727,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEgRRAAEAGux1\/AAABfwAAAcG8H5ABRrkFDdcmsoAYAED+uAAAAQEICp1m+wGdZvsBR0VUIC9jZ2kuY2dpLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi.cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":699054,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDtolAAEAGhal\/AAABfwAAAcG+H5DlK46S3uw4X4AYAED+twAAAQEICp1m+wKdZvsCR0VUIC93ZWJjZ2kvIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KDQo="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":701564,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEOWhAAEAGAsp\/AAABfwAAAcHAH5CIUQFyvT1whIAYAED+uAAAAQEICp1m+wWdZvsFR0VUIC9jZ2ktOTE0LyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-914\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":703002,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEOclAAEAGAml\/AAABfwAAAcHCH5AyFgHRa7MhPoAYAED+uAAAAQEICp1m+wadZvsGR0VUIC9jZ2ktOTE1LyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-915\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":704323,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAObpAAEAGAnx\/AAABfwAAAcHEH5ArBQGh2qRxvoAYAED+tAAAAQEICp1m+widZvsIR0VUIC9iaW4vIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":705851,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADARJ1AAEAG95h\/AAABfwAAAcHGH5BoLnyEpCdA\/4AYAED+tAAAAQEICp1m+wmdZvsJR0VUIC9jZ2kvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":707314,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCUelAAEAG6kp\/AAABfwAAAcHIH5DIZGoAvjYJ64AYAED+tgAAAQEICp1m+wudZvsLR0VUIC9tcGNnaS8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQoNCg=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mpcgi\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":708717,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE7opAAEAGTad\/AAABfwAAAcHKH5CIytaS2kjlzYAYAED+uAAAAQEICp1m+wydZvsMR0VUIC9jZ2ktYmluLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":710126,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEp+BAAEAGlFF\/AAABfwAAAcHMH5C4I5\/IUy7GWoAYAED+uAAAAQEICp1m+w6dZvsNR0VUIC9vd3MtYmluLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ows-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":711563,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEXJRAAEAG351\/AAABfwAAAcHOH5AWt2SMpHJk2oAYAED+uAAAAQEICp1m+w+dZvsPR0VUIC9jZ2ktc3lzLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-sys\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":713038,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADG5r1AAEAGVXJ\/AAABfwAAAcHQH5DCed6iQK2\/KYAYAED+ugAAAQEICp1m+xCdZvsQR0VUIC9jZ2ktbG9jYWwvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":714495,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCR6dAAEAG9Ix\/AAABfwAAAcHSH5C\/OX\/AhojitYAYAED+tgAAAQEICp1m+xKdZvsSR0VUIC9odGJpbi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htbin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":717043,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD3hBAAEAGXiJ\/AAABfwAAAcHUH5AtGuYWzQuuvoAYAED+twAAAQEICp1m+xSdZvsUR0VUIC9jZ2liaW4vIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgibin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":718385,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB4dFAAEAGWmN\/AAABfwAAAcHWH5B7V9nVmVXzCoAYAED+tQAAAQEICp1m+xadZvsWR0VUIC9jZ2lzLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCg0K"}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgis\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":719729,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEZD1AAEAG1\/R\/AAABfwAAAcHYH5Ba2lwhPKb01YAYAED+uAAAAQEICp1m+xedZvsXR0VUIC9zY3JpcHRzLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":721298,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEcYRAAEAGyq1\/AAABfwAAAcHaH5DTlEmfv44DhoAYAED+uAAAAQEICp1m+xmdZvsZR0VUIC9jZ2ktd2luLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-win\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":722883,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF6C5AAEAGVAJ\/AAABfwAAAcHcH5DviNAxcnIUCYAYAED+uQAAAQEICp1m+xqdZvsaR0VUIC9mY2dpLWJpbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fcgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":724390,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEjEdAAEAGr+p\/AAABfwAAAcHeH5D1xLRZpE\/AW4AYAED+uAAAAQEICp1m+xydZvscR0VUIC9jZ2ktZXhlLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6Y2dpIGRpciBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-exe\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":725839,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFFmlAAEAGJch\/AAABfwAAAcHgH5D+Si57PKwG0oAYAED+uQAAAQEICp1m+x2dZvsdR0VUIC9jZ2ktaG9tZS8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-home\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":727380,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFtaJAAEAGho5\/AAABfwAAAcHiH5DFGI2++SyH14AYAED+uQAAAQEICp1m+x+dZvsfR0VUIC9jZ2ktcGVybC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-perl\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":728901,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFuPZAAEAGgzp\/AAABfwAAAcHkH5CSdoDrZ1cRi4AYAED+uQAAAQEICp1m+yCdZvsgR0VUIC9zY2dpLWJpbi8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scgi-bin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":730408,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIS5pAAEAG8JN\/AAABfwAAAcHmH5DcbnOH9ynG7oAYAED+vAAAAQEICp1m+yKdZvsiR0VUIC9jZ2ktYmluLXNkYi8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjZ2kgZGlyIGNoZWNrKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin-sdb\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":733041,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE3RFAAEAGXyB\/AAABfwAAAcHoH5BtNeURIEAjc4AYAED+uAAAAQEICp1m+ySdZvskR0VUIC9jZ2ktbW9kLyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNnaSBkaXIgY2hlY2spDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":160,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-mod\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:cgi dir check)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00605{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":734455,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"AAAAAAAAAAAAAAAACABFAAC0+gVAAEAGQjx\/AAABfwAAAcHqH5Dwf8IdIiKU7IAYAED+qAAAAQEICp1m+yadZvsmR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnBhdGhzKQ0KDQo="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":160,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_tot_l4_data_len":195,"flow_min_l4_data_len":195,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:paths)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":738321,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"AAAAAAAAAAAAAAAACABFAADXryVAAEAGjPl\/AAABfwAAAcHsH5B635cEZT8z4YAYAED+ywAAAQEICp1m+yqdZvsqR0VUIC9jbGllbnRhY2Nlc3Nwb2xpY3kueG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpjbGllbnRhY2Nlc3Nwb2xpY3kpDQoNCg=="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_tot_l4_data_len":195,"flow_min_l4_data_len":195,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/clientaccesspolicy.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:clientaccesspolicy)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":739730,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJlTdAAEAGpvV\/AAABfwAAAcHuH5Dvz60WkSjxAoAYAED+vQAAAQEICp1m+yudZvsrR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmNyb3NzZG9tYWluKQ0KDQo="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:crossdomain)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":741051,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/JMVAAEAGF3J\/AAABfwAAAcHwH5DeWhzjQtAeBoAYAED+swAAAQEICp1m+yydZvssR0VUIC9yb2JvdHMudHh0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpyb2JvdHMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/robots.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:robots)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":742265,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJFcxAAEAGJmF\/AAABfwAAAcHyH5BqYy3sS9mo74AYAED+vQAAAQEICp1m+y6dZvsuR0VUIC9kb21jZmcubnNmIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RG9taW5vIGRldGVjdGlvbikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/domcfg.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":743443,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIxjhAAEAGdfV\/AAABfwAAAcH0H5Bv5P4Yg+7934AYAED+vAAAAQEICp1m+y+dZvsvR0VUIC9hZG1pbi5uc2YgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRvbWlubyBkZXRlY3Rpb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":744676,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJ7atAAEAGToF\/AAABfwAAAcH2H5DjmNWMPF0CB4AYAED+vQAAAQEICp1m+zCdZvswR0VUIC9hZG1pbjQubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KDQo="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin4.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":745910,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJnTFAAEAGnvt\/AAABfwAAAcH4H5DLFKUODsXYX4AYAED+vQAAAQEICp1m+zGdZvsxR0VUIC9hZG1pbjUubnNmIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin5.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":747083,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"AAAAAAAAAAAAAAAACABFAADL46dAAEAGWIN\/AAABfwAAAcH6H5C6Q9uIEYxnOoAYAED+vwAAAQEICp1m+zOdZvsyR0VUIC93ZWJhZG1pbi5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/webadmin.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":749424,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"AAAAAAAAAAAAAAAACABFAADONl9AAEAGBcl\/AAABfwAAAcH8H5Dz0w5\/kxB3k4AYAED+wgAAAQEICp1m+zWdZvs1R0VUIC9ub25leGlzdGVudC5uc2YgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEb21pbm8gZGV0ZWN0aW9uKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nonexistent.nsf","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Domino detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":751108,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ubFAAEAGgoV\/AAABfwAAAcH+H5C5FIGNENlwioAYAED+swAAAQEICp1m+zedZvs2R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpwYXJrZWQgZGV0ZWN0aW9uKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:parked detection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00658{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":754093,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAAAAAAAAAAAAAAACABFAADbnMVAAEAGn1V\/AAABfwAAAcIAH5C\/caTogsAMB4AYAED+zwAAAQEICp1m+zqdZvs5R0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCk9yaWdpbjogbmlrdG8uZXhhbXBsZS5jb20NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00649{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":756749,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AAAAAAAAAAAAAAAACABFAADW2EVAAEAGY9p\/AAABfwAAAcICH5Ck9+BnopzEpIAYAED+ygAAAQEICp1m+zydZvs8R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpvcmlnaW5fcmVmbGVjdGlvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KT3JpZ2luOiAuZXhhbXBsZS5jb20NCg0K"}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:origin_reflection)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":758862,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"AAAAAAAAAAAAAAAACABFAADPoehAAEAGmj5\/AAABfwAAAcIEH5AAZJnEB3vRtYAYAED+wwAAAQEICp1m+z6dZvs+R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":760198,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"AAAAAAAAAAAAAAAACABFAADRGS1AAEAGIvh\/AAABfwAAAcIGH5CUqCEOlTzFf4AYAED+xQAAAQEICp1m+0CdZvtAR0VUIC9qdW5rOTk5LmFzcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk999.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":761673,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"AAAAAAAAAAAAAAAACABFAADQx0dAAEAGdN5\/AAABfwAAAcIIH5Btvf9kj27E6oAYAED+xAAAAQEICp1m+0GdZvtBR0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":763120,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"AAAAAAAAAAAAAAAACABFAADSXUtAAEAG3th\/AAABfwAAAcIKH5BTRGVwA03HQYAYAED+xgAAAQEICp1m+0OdZvtCR0VUIC9qdW5rOTg4LmFzcHggSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBUcmFuc2xhdGUtZiAjMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/junk988.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":764454,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"AAAAAAAAAAAAAAAACABFAADP8RNAAEAGSxN\/AAABfwAAAcIMH5D+v8k3Lccr2IAYAED+wwAAAQEICp1m+0SdZvtER0VUIC9sb2dpbi5hc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IFRyYW5zbGF0ZS1mICMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":765824,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"AAAAAAAAAAAAAAAACABFAADQIn9AAEAGGad\/AAABfwAAAcIOH5Dotxpb5DtnaoAYAED+xAAAAQEICp1m+0WdZvtFR0VUIC9sb2dpbi5hc3B4IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogVHJhbnNsYXRlLWYgIzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: Translate-f #1)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00609{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":768301,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"AAAAAAAAAAAAAAAACABFAAC2dlNAAEAGxex\/AAABfwAAAcIQH5C4PE56dk2whIAYAED+qgAAAQEICp1m+0idZvtIR0VUIC8gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00617{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":770266,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"AAAAAAAAAAAAAAAACABFAAC8XLtAAEAG335\/AAABfwAAAcISH5CeUGSSsmiGvoAYAED+sAAAAQEICp1m+0qdZvtKR0VUIC9pbWFnZXMgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00646{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":771757,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"AAAAAAAAAAAAAAAACABFAADTCw5AAEAGMRV\/AAABfwAAAcIUH5CyKDMlKN\/VCYAYAED+xwAAAQEICp1m+0udZvtLR0VUIC9BdXRvZGlzY292ZXIvQXV0b2Rpc2NvdmVyLnhtbCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":773149,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDAPJAAEAGO0F\/AAABfwAAAcIWH5B1lTjaOiDdGIAYAED+twAAAQEICp1m+02dZvtMR0VUIC9BdXRvZGlzY292ZXIvIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00646{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":774669,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"AAAAAAAAAAAAAAAACABFAADRNpRAAEAGBZF\/AAABfwAAAcIYH5C\/CA68jFESSoAYAED+xQAAAQEICp1m+06dZvtOR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00662{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":776123,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"AAAAAAAAAAAAAAAACABFAADdUNZAAEAG60J\/AAABfwAAAcIaH5Ae8Gj\/tlcbuIAYAED+0QAAAQEICp1m+1CdZvtPR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5jc3MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":777738,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC51DJAAEAGaAp\/AAABfwAAAcIcH5BDaOwb++ns54AYAED+rQAAAQEICp1m+1GdZvtRR0VUIC9FQ1AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":779177,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5SehAAEAG8lR\/AAABfwAAAcIeH5AlzXHNG7GlzoAYAED+rQAAAQEICp1m+1OdZvtTR0VUIC9FV1MgSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":780572,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADH3u5AAEAGXUB\/AAABfwAAAcIgH5D8fubIriLokYAYAED+uwAAAQEICp1m+1SdZvtUR0VUIC9FV1MvRXhjaGFuZ2UuYXNteCBIVFRQLzEuMA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":170,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00617{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":781986,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"AAAAAAAAAAAAAAAACABFAAC+Y8xAAEAG2Gt\/AAABfwAAAcIiH5D+h1vitMrGVIAYAED+sgAAAQEICp1m+1WdZvtVR0VUIC9FeGNoYW5nZSBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":170,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":784670,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5ylFAAEAGcet\/AAABfwAAAcIkH5CUkvJkMc1am4AYAED+rQAAAQEICp1m+1idZvtYR0VUIC9PV0EgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":786360,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"AAAAAAAAAAAAAAAACABFAADdBqpAAEAGNW9\/AAABfwAAAcImH5DUMj6FKAlSCYAYAED+0QAAAQEICp1m+1qdZvtaR0VUIC9NaWNyb3NvZnQtU2VydmVyLUFjdGl2ZVN5bmMvZGVmYXVsdC5lYXMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":787818,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5+PtAAEAGQ0F\/AAABfwAAAcIoH5AY5sDVvq1OaYAYAED+rQAAAQEICp1m+1udZvtbR0VUIC9ScGMgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":789217,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHn6dAAEAGnId\/AAABfwAAAcIqH5DNYaeJfxts9oAYAED+uwAAAQEICp1m+12dZvtdR0VUIC9FV1MvU2VydmljZXMud3NkbCBIVFRQLzEuMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IElJUyBpbnRlcm5hbCBJUCkNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":790612,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5NBFAAEAGCCx\/AAABfwAAAcIsH5ClBgwj7e4RBIAYAED+rQAAAQEICp1m+16dZvteR0VUIC9lY3AgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":792012,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"AAAAAAAAAAAAAAAACABFAAC5lANAAEAGqDl\/AAABfwAAAcIuH5BArawwwOPk6IAYAED+rQAAAQEICp1m+1+dZvtfR0VUIC9PQUIgSFRUUC8xLjANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBJSVMgaW50ZXJuYWwgSVApDQoNCg=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":793501,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD2QRAAEAGYy5\/AAABfwAAAcIwH5DBGuEtmiy9f4AYAED+twAAAQEICp1m+2GdZvthR0VUIC9hc3BuZXRfY2xpZW50IEhUVFAvMS4wDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":794936,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAoqZAAEAGmY9\/AAABfwAAAcIyH5C3W5qL6yWPx4AYAED+tAAAAQEICp1m+2KdZvtiR0VUIC9Qb3dlclNoZWxsIEhUVFAvMS4wDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6aGVhZGVyczogSUlTIGludGVybmFsIElQKQ0KDQo="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00613{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":796429,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"AAAAAAAAAAAAAAAACABFAAC74FpAAEAGW+B\/AAABfwAAAcI0H5AdBth42VHy84AYAED+rwAAAQEICp1m+2SdZvtkR0VUIC4gSFRUUC8xLjANClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpoZWFkZXJzOiBXZWJMb2dpYyBpbnRlcm5hbCBJUCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00669{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":797816,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"AAAAAAAAAAAAAAAACABFAADj87RAAEAGSF5\/AAABfwAAAcI2H5ABU8uetZ1IA4AYAED+1wAAAQEICp1m+2WdZvtlR0VUIC8gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmhlYWRlcnM6IEJSRUFDSCBUZXN0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_tot_l4_data_len":155,"flow_min_l4_data_len":155,"flow_max_l4_data_len":155,"flow_avg_l4_data_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:headers: BREACH Test)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00597{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":801194,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"pkt":"AAAAAAAAAAAAAAAACABFAACv4YVAAEAGWsF\/AAABfwAAAcI4H5Af9dm0Z318ZoAYAED+owAAAQEICp1m+2mdZvtpR0VUIC8gSFRUUC8xLjANCk5pa3RvOiAfDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6QFRFU1RJRCkNCg0K"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_tot_l4_data_len":155,"flow_min_l4_data_len":155,"flow_max_l4_data_len":155,"flow_avg_l4_data_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":803526,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGlY9AAEAGpqB\/AAABfwAAAcI6H5C5Ma2+n2Qvb4AYAED+ugAAAQEICp1m+2udZvtrR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":804984,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHUClAAEAG7AV\/AAABfwAAAcI8H5AXCWgXkPGhe4AYAED+uwAAAQEICp1m+2ydZvtsR0VUIC9pbmRleC5waHAzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php3","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":806354,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHuG9AAEAGg79\/AAABfwAAAcI+H5DOCYBdLPnSzYAYAED+uwAAAQEICp1m+26dZvtuR0VUIC9pbmRleC5waHA0IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php4","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":807743,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHnVlAAEAGntV\/AAABfwAAAcJAH5BrmKVmTh6XdYAYAED+uwAAAQEICp1m+2+dZvtvR0VUIC9pbmRleC5waHA1IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php5","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":809172,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHz9VAAEAGbFl\/AAABfwAAAcJCH5Dtpvfi4owoVYAYAED+uwAAAQEICp1m+3GdZvtwR0VUIC9pbmRleC5waHA3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php7","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":810569,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADH5lRAAEAGVdp\/AAABfwAAAcJEH5B9+95hKQN6FIAYAED+uwAAAQEICp1m+3KdZvtyR0VUIC9pbmRleC5odG1sIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":812025,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGlhlAAEAGphZ\/AAABfwAAAcJGH5DYta4lttm384AYAED+ugAAAQEICp1m+3OdZvtzR0VUIC9pbmRleC5odG0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":813393,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI2h9AAEAGYg5\/AAABfwAAAcJIH5At6uIveFvtbIAYAED+vAAAAQEICp1m+3WdZvt1R0VUIC9pbmRleC5zaHRtbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.shtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":815123,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGtzZAAEAGhPl\/AAABfwAAAcJKH5BukY8IX6sJe4AYAED+ugAAAQEICp1m+3edZvt2R0VUIC9pbmRleC5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":817802,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGzfJAAEAGbj1\/AAABfwAAAcJMH5CEyfXFi\/ZWqoAYAED+ugAAAQEICp1m+3mdZvt5R0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":819191,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFj3JAAEAGrL5\/AAABfwAAAcJOH5DAfLdF0MycV4AYAED+uQAAAQEICp1m+3udZvt7R0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":820454,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADG77xAAEAGTHN\/AAABfwAAAcJQH5DIa9eQqgE4nYAYAED+ugAAAQEICp1m+3ydZvt8R0VUIC9pbmRleC5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":821784,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHQ2dAAEAG+Md\/AAABfwAAAcJSH5BEZHtRsCeOn4AYAED+uwAAAQEICp1m+32dZvt9R0VUIC9pbmRleC5hc3B4IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDptdWx0aXBsZV9pbmRleCkNCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":823199,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI9WNAAEAGRsp\/AAABfwAAAcJUH5Atl81VKdEVGoAYAED+vAAAAQEICp1m+3+dZvt\/R0VUIC9kZWZhdWx0LmFzcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":824516,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJPphAAEAG\/ZR\/AAABfwAAAcJWH5C0BwahLC3FVoAYAED+vQAAAQEICp1m+4CdZvuAR0VUIC9kZWZhdWx0LmFzcHggSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.aspx","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":825862,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIFrxAAEAGJXJ\/AAABfwAAAcJYH5C2Ei6NIzroBYAYAED+vAAAAQEICp1m+4GdZvuBR0VUIC9kZWZhdWx0Lmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6bXVsdGlwbGVfaW5kZXgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/default.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":827183,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFTUVAAEAG7ut\/AAABfwAAAcJaH5CLBXV23SQCI4AYAED+uQAAAQEICp1m+4OdZvuDR0VUIC9pbmRleC5kbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.do","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":828531,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADICi9AAEAGMf9\/AAABfwAAAcJcH5By6zIbQafp54AYAED+vAAAAQEICp1m+4SdZvuER0VUIC9pbmRleC5qaHRtbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jhtml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":829687,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADG08RAAEAGaGt\/AAABfwAAAcJeH5AOKuv2Y8ch84AYAED+ugAAAQEICp1m+4WdZvuFR0VUIC9pbmRleC5qc3AgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.jsp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":832047,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGiDJAAEAGs\/1\/AAABfwAAAcJgH5Cj8LAJpHctpoAYAED+ugAAAQEICp1m+4edZvuHR0VUIC9pbmRleC54bWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om11bHRpcGxlX2luZGV4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:multiple_index)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00667{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":834667,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"pkt":"AAAAAAAAAAAAAAAACABFAADiGX1AAEAGIpd\/AAABfwAAAcJkH5BjVCFE0UHCd4AYAED+1gAAAQEICp1m+4qdZvuKR0VUIC9pbmRleCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0Om5lZ290aWF0ZSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogYXBwbGljYXRpb24vd2hhdGV2ZXI7IHE9MS4wDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:negotiate)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":835942,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKANNAAEAGO1l\/AAABfwAAAcJmH5BoODjpUSa4iYAYAED+vgAAAQEICp1m+4udZvuLR0VUIC9+YmluIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGV1c2Vyczoga25vd24gdXNlcikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/~bin","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apacheusers: known user)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00671{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":837251,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"AAAAAAAAAAAAAAAACABFAADlgjNAAEAGud1\/AAABfwAAAcJoH5AFkroJ2Lkky4AYAED+2QAAAQEICp1m+42dZvuNR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KRXhwZWN0OiA8c2NyaXB0PmFsZXJ0KHhzcyk8L3NjcmlwdD4NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDphcGFjaGVfZXhwZWN0X3hzcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":258,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:apache_expect_xss)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00740{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":839140,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"AAAAAAAAAAAAAAAACABFAAEW4vNAAEAGWOx\/AAABfwAAAcJqH5CF6NrJzvbnOoAYAED\/CgAAAQEICp1m+4+dZvuOR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvYm9vdC5pbmklMDAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OkRpcmVjdG9yeSB0cmF2ZXJzYWwgY2hlY2spDQoNCg=="}
-00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":258,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00865{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/boot.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00740{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":840424,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AAAAAAAAAAAAAAAACABFAAEXDe5AAEAGLfF\/AAABfwAAAcJsH5C64jXXMX558oAYAED\/CwAAAQEICp1m+5CdZvuQR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL2hvc3RzJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00855{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_tot_l4_data_len":270,"flow_min_l4_data_len":270,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/hosts%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00756{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":841751,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"AAAAAAAAAAAAAAAACABFAAEi9VxAAEAGRnd\/AAABfwAAAcJuH5BHUs1h0rvodIAYAED\/FgAAAQEICp1m+5GdZvuRR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvSEFTSCgweDU1NTllODRmYmM0MCklMDAgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00865{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_tot_l4_data_len":270,"flow_min_l4_data_len":270,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":263,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00877{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/HASH(0x5559e84fbc40)%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00744{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":842991,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AAAAAAAAAAAAAAAACABFAAEbV1RAAEAG5IZ\/AAABfwAAAcJwH5AGYW9pnm57IYAYAED\/DwAAAQEICp1m+5KdZvuSR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2lubnQvd2luLmluaSUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00859{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":263,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00871{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/winnt\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00748{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":844244,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AAAAAAAAAAAAAAAACABFAAEdYctAAEAG2g1\/AAABfwAAAcJyH5D8wFnzKu6RnoAYAED\/EQAAAQEICp1m+5SdZvuUR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvd2luZG93cy93aW4uaW5pJTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpEaXJlY3RvcnkgdHJhdmVyc2FsIGNoZWNrKQ0KDQo="}
-00861{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":260,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00873{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/windows\/win.ini%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00740{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":847017,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"AAAAAAAAAAAAAAAACABFAAEYOOhAAEAGAvZ\/AAABfwAAAcJ0H5DjgwDevH40fYAYAED\/DAAAAQEICp1m+5adZvuWR0VUIC90eXBvMy9kZXYvdHJhbnNsYXRpb25zLnBocD9PTkxZPSUyZSUyZS8lMmUlMmUvJTJlJTJlLyUyZSUyZS8lMmUlMmUvZXRjL3Bhc3N3ZCUwMCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6RGlyZWN0b3J5IHRyYXZlcnNhbCBjaGVjaykNCg0K"}
-00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":260,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00868{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/typo3\/dev\/translations.php?ONLY=%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/%2e%2e\/etc\/passwd%00","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Directory traversal check)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":856992,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBvW9AAEAGfsV\/AAABfwAAAcJ2H5DTj4VUAEbtioAYAED+tQAAAQEICp1m+6CdZvugR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":858450,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB2xVAAEAGYR9\/AAABfwAAAcJ4H5D77OMujr7QhoAYAED+tQAAAQEICp1m+6KdZvuiR0VUIC8xMjcwMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":859794,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADApHlAAEAGl7x\/AAABfwAAAcJ6H5CcwpxJV58CXYAYAED+tAAAAQEICp1m+6OdZvujR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":860989,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADALy9AAEAGDQd\/AAABfwAAAcJ8H5ChphcTD1c5UYAYAED+tAAAAQEICp1m+6SdZvukR0VUIC8xMjcwLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":862073,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9dyVAAEAGxRN\/AAABfwAAAcJ+H5ApDE8dFFMQVIAYAED+sQAAAQEICp1m+6WdZvulR0VUIC8xLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":863145,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9pJxAAEAGl5x\/AAABfwAAAcKAH5APfJymg2qZ5YAYAED+sQAAAQEICp1m+6edZvumR0VUIC8xLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":864280,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBqoBAAEAGkbR\/AAABfwAAAcKCH5Cxx5I\/tyTjW4AYAED+tQAAAQEICp1m+6idZvuoR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":865429,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBsWVAAEAGis9\/AAABfwAAAcKEH5CGGYkkbARgroAYAED+tQAAAQEICp1m+6mdZvupR0VUIC8xMjcuMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":866704,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBsTlAAEAGivt\/AAABfwAAAcKGH5CzxIl4Ool\/aIAYAED+tQAAAQEICp1m+6qdZvuqR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":869015,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBxdFAAEAGdmN\/AAABfwAAAcKIH5BDzv2PC6KyZoAYAED+tQAAAQEICp1m+6ydZvusR0VUIC8xMjcuMC5wZW0gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":870165,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAIL1AAEAGG3l\/AAABfwAAAcKKH5D\/Dxj7MLgvIIAYAED+tAAAAQEICp1m+66dZvuuR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":871393,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAmdRAAEAGomF\/AAABfwAAAcKMH5DqwaGU3VMvd4AYAED+tAAAAQEICp1m+6+dZvuvR0VUIC9zaXRlLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":872618,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFFSZAAEAGJwt\/AAABfwAAAcKOH5D96y1nB6jLDIAYAED+uQAAAQEICp1m+7CdZvuwR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":873757,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFhm9AAEAGtcF\/AAABfwAAAcKQH5BNzL4wefiP1IAYAED+uQAAAQEICp1m+7GdZvuxR0VUIC8xMjcuMC4wLjEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":874917,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCE1BAAEAGKOR\/AAABfwAAAcKSH5DnJisNBZiCk4AYAED+tgAAAQEICp1m+7KdZvuyR0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":876227,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCnWxAAEAGnsd\/AAABfwAAAcKUH5Co\/aUqs\/1iGoAYAED+tgAAAQEICp1m+7SdZvu0R0VUIC8xMjcwMDEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":877506,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAt7lAAEAGhHx\/AAABfwAAAcKWH5CQPI\/1lm3rwoAYAED+tAAAAQEICp1m+7WdZvu1R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":879133,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAhf9AAEAGtjZ\/AAABfwAAAcKYH5Cnmb2\/tsRlFIAYAED+tAAAAQEICp1m+7edZvu2R0VUIC9zaXRlLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":881290,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADADYtAAEAGLqt\/AAABfwAAAcKaH5CHzTXOE9kNb4AYAED+tAAAAQEICp1m+7mdZvu5R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":884015,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAT5pAAEAG7Jt\/AAABfwAAAcKcH5DBOXfeD5T\/lYAYAED+tAAAAQEICp1m+7udZvu7R0VUIC8xMjcwLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":885411,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFQQ5AAEAG+yJ\/AAABfwAAAcKeH5AdhXlKg0oevYAYAED+uQAAAQEICp1m+72dZvu9R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":886797,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFWJBAAEAG46B\/AAABfwAAAcKgH5CSJ2DMWYYFgIAYAED+uQAAAQEICp1m+76dZvu+R0VUIC8xMjcuMC4wLjEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":888237,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC95a1AAEAGVot\/AAABfwAAAcKiH5DfWN3u+DsBkYAYAED+sQAAAQEICp1m+8CdZvvAR0VUIC8wLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":890439,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9vy5AAEAGfQp\/AAABfwAAAcKkH5Dme4drk\/tL44AYAED+sQAAAQEICp1m+8KdZvvCR0VUIC8wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":891966,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/ZdAAEAGPpl\/AAABfwAAAcKmH5DYD8XTrc+7CoAYAED+uQAAAQEICp1m+8OdZvvDR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":893531,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFI6xAAEAGGIV\/AAABfwAAAcKoH5Ar0hvuzfCq7oAYAED+uQAAAQEICp1m+8WdZvvFR0VUIC8xMjcuMC4wLjEudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":894990,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDA5ZAAEAGOJ1\/AAABfwAAAcKqH5B\/mzvUPuYs44AYAED+twAAAQEICp1m+8adZvvGR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":896425,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD\/SZAAEAGPwx\/AAABfwAAAcKsH5AB18VtW5jVeIAYAED+twAAAQEICp1m+8idZvvIR0VUIC8xMjcudGFyLmJ6MiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":897794,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFBrJAAEAGNX9\/AAABfwAAAcKuH5Ayaz75EQ6Mk4AYAED+uQAAAQEICp1m+8mdZvvJR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":900238,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFczBAAEAGyQB\/AAABfwAAAcKwH5A3G0tor3ywHoAYAED+uQAAAQEICp1m+8ydZvvMR0VUIC8xMjcuMC50YXIuYnoyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":901677,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD0l1AAEAGadV\/AAABfwAAAcKyH5CdU+oT47LjtYAYAED+twAAAQEICp1m+82dZvvNR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":903118,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDR55AAEAG9JR\/AAABfwAAAcK0H5AcfX\/WOy6jEYAYAED+twAAAQEICp1m+8+dZvvOR0VUIC9zaXRlLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":904513,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/WUtAAEAG4ut\/AAABfwAAAcK2H5D8ZmEEi9guOYAYAED+swAAAQEICp1m+9CdZvvQR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":905820,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HslAAEAGHW5\/AAABfwAAAcK4H5CgfyaOuiPkq4AYAED+swAAAQEICp1m+9GdZvvRR0VUIC8xMjcucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":907144,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9zZ5AAEAGbpp\/AAABfwAAAcK6H5CXJ\/XXeafd0YAYAED+sQAAAQEICp1m+9OdZvvSR0VUIC8wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":908460,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9umJAAEAGgdZ\/AAABfwAAAcK8H5Cw+YIsSeaYa4AYAED+sQAAAQEICp1m+9SdZvvUR0VUIC8wLnRhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":910228,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDPvVAAEAG\/T1\/AAABfwAAAcK+H5Bg7Aa5zb6cN4AYAED+twAAAQEICp1m+9adZvvWR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":912025,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDm5RAAEAGoJ5\/AAABfwAAAcLAH5Ba3KPftqtSlIAYAED+twAAAQEICp1m+9edZvvXR0VUIC8xMjcuMC4wLnBlbSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":913690,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCN0tAAEAGBOl\/AAABfwAAAcLCH5DYOQ8GBjLTAIAYAED+tgAAAQEICp1m+9mdZvvZR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":916191,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCczVAAEAGyP5\/AAABfwAAAcLEH5BP20t\/\/3FheoAYAED+tgAAAQEICp1m+9ydZvvcR0VUIC8xMjcwMDEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":917573,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDZ9VAAEAG1F1\/AAABfwAAAcLGH5AZz1+f4E8iK4AYAED+twAAAQEICp1m+92dZvvdR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":919088,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDxTFAAEAGdwF\/AAABfwAAAcLIH5D+g\/1jHP616oAYAED+twAAAQEICp1m+9+dZvveR0VUIC8xMjcwLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":920996,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFpeFAAEAGlk9\/AAABfwAAAcLKH5AnGp2SsuR1gYAYAED+uQAAAQEICp1m++CdZvvgR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":922627,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFIE9AAEAGG+J\/AAABfwAAAcLMH5CC7hgEsmCzLIAYAED+uQAAAQEICp1m++KdZvviR0VUIC8xMjcwLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":924162,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFRxNAAEAG9R1\/AAABfwAAAcLOH5BdCH9f1fkuqIAYAED+uQAAAQEICp1m++SdZvvjR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":925593,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFQzdAAEAG+Pl\/AAABfwAAAcLQH5BEXHt7s07ta4AYAED+uQAAAQEICp1m++WdZvvlR0VUIC8xMjdfMF8wXzEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":926982,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIWd1AAEAG4lB\/AAABfwAAAcLSH5AL0mGV2bYy0oAYAED+vAAAAQEICp1m++adZvvmR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":928408,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIwcZAAEAGemd\/AAABfwAAAcLUH5BvVfmVJOeoY4AYAED+vAAAAQEICp1m++idZvvoR0VUIC8xMjcuMC4wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":929766,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/L19AAEAGDNh\/AAABfwAAAcLWH5BVghcOcLaACoAYAED+swAAAQEICp1m++mdZvvpR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":932192,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/j\/RAAEAGrEJ\/AAABfwAAAcLYH5CKH7ek\/31EG4AYAED+swAAAQEICp1m++ydZvvsR0VUIC8xMjcudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":169,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":933633,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFT2BAAEAG7NB\/AAABfwAAAcLaH5CU9HcQhzdjIYAYAED+uQAAAQEICp1m++2dZvvtR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":170,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":934870,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFqdVAAEAGklt\/AAABfwAAAcLcH5A055GDxax\/gIAYAED+uQAAAQEICp1m++6dZvvuR0VUIC9zaXRlLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":171,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":936073,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKdTNAAEAGxvh\/AAABfwAAAcLeH5C4Uk1kAkvbMoAYAED+vgAAAQEICp1m+++dZvvvR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":172,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":937297,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADK9XZAAEAGRrV\/AAABfwAAAcLgH5B7eM0nuPdDlYAYAED+vgAAAQEICp1m+\/GdZvvxR0VUIC8xMjcuMC4wLjEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":173,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":938548,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFaYFAAEAG0q9\/AAABfwAAAcLiH5DjU1EuPo0KHoAYAED+uQAAAQEICp1m+\/KdZvvyR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":174,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":939919,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFJ3BAAEAGFMF\/AAABfwAAAcLkH5B8NB8+Bh651YAYAED+uQAAAQEICp1m+\/OdZvvzR0VUIC8xMjcuMC4wLjEuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":175,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":941611,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCOKZAAEAGA45\/AAABfwAAAcLmH5ActAD4h3K22IAYAED+tgAAAQEICp1m+\/WdZvv1R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":176,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":943268,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCuRhAAEAGgxt\/AAABfwAAAcLoH5DBbYFGICWC9IAYAED+tgAAAQEICp1m+\/edZvv3R0VUIC9iYWNrdXAucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":177,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":945333,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9GW5AAEAGIst\/AAABfwAAAcLqH5C0ISE5HkW76YAYAED+sQAAAQEICp1m+\/mdZvv5R0VUIC8xLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":178,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":947856,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hilAAEAGtg9\/AAABfwAAAcLsH5DmS75z\/EZQIIAYAED+sQAAAQEICp1m+\/udZvv7R0VUIC8xLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":179,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":949335,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADG8sFAAEAGSW5\/AAABfwAAAcLuH5DZeMrrTWBmVIAYAED+ugAAAQEICp1m+\/2dZvv9R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":180,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":950775,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGIHlAAEAGG7d\/AAABfwAAAcLwH5AJERgjseiOe4AYAED+ugAAAQEICp1m+\/6dZvv+R0VUIC8xMjcwMC50YXIubHptYSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":953878,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB609AAEAGUOV\/AAABfwAAAcLyH5CMSNMc4cqoooAYAED+tQAAAQEICp1m\/AGdZvwBR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":955291,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBW5ZAAEAG4J5\/AAABfwAAAcL0H5DrXWPDXa4XUYAYAED+tQAAAQEICp1m\/AOdZvwDR0VUIC8xMjcwMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":956730,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/O0xAAEAGAOt\/AAABfwAAAcL2H5D9kwMeqK3jJ4AYAED+swAAAQEICp1m\/ASdZvwER0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":957983,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/H8ZAAEAGHHF\/AAABfwAAAcL4H5BlEieUASYiL4AYAED+swAAAQEICp1m\/AWdZvwFR0VUIC8xMjcudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":959177,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIMS5AAEAGCwB\/AAABfwAAAcL6H5D33Al8T9gIjoAYAED+vAAAAQEICp1m\/AedZvwHR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":960346,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI29RAAEAGYFl\/AAABfwAAAcL8H5B21OOLlrDXQ4AYAED+vAAAAQEICp1m\/AidZvwIR0VUIC8xMjdfMF8wXzEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":961648,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFGIxAAEAGI6V\/AAABfwAAAcL+H5DvJyDTt9IC\/IAYAED+uQAAAQEICp1m\/AmdZvwJR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":964000,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFxd9AAEAGdlF\/AAABfwAAAcMAH5CFNv2FdhNdEIAYAED+uQAAAQEICp1m\/AudZvwLR0VUIC8xMjcuMC4wLjEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":965358,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC95pxAAEAGVZx\/AAABfwAAAcMCH5C3Cd7E92VLp4AYAED+sQAAAQEICp1m\/A2dZvwNR0VUIC8xLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":189,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":966758,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ujdAAEAGggF\/AAABfwAAAcMEH5BKt4Jt+wc3pIAYAED+sQAAAQEICp1m\/A6dZvwOR0VUIC8xLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":968141,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA8BJAAEAGTCN\/AAABfwAAAcMGH5DhJMhLysCuKoAYAED+tAAAAQEICp1m\/BCdZvwPR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":969442,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA1ehAAEAGZk1\/AAABfwAAAcMIH5C08u29Z4prKYAYAED+tAAAAQEICp1m\/BGdZvwRR0VUIC8xMjcwLmprcyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":193,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":970737,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCS3NAAEAG8MB\/AAABfwAAAcMKH5AxI3MswmM4CYAYAED+tgAAAQEICp1m\/BKdZvwSR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":194,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":972200,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCyadAAEAGcox\/AAABfwAAAcMMH5BpA\/H\/vohuZIAYAED+tgAAAQEICp1m\/BSdZvwUR0VUIC9iYWNrdXAuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":195,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":973865,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA+8hAAEAGQG1\/AAABfwAAAcMOH5CJ5sOeTDtcfYAYAED+tAAAAQEICp1m\/BWdZvwVR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":196,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":976394,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADABYdAAEAGNq9\/AAABfwAAAcMQH5AThT3a7QA3zYAYAED+tAAAAQEICp1m\/BidZvwYR0VUIC9zaXRlLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":197,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":977902,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBYiVAAEAG2g9\/AAABfwAAAcMSH5B68lqAEiH3Y4AYAED+tQAAAQEICp1m\/BmdZvwZR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":198,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":980536,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBB+JAAEAGNFN\/AAABfwAAAcMUH5Dk6j++IkHQl4AYAED+tQAAAQEICp1m\/BydZvwcR0VUIC8xMjcuMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":199,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":982120,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC98llAAEAGSd9\/AAABfwAAAcMWH5DjKcoLls+qsoAYAED+sQAAAQEICp1m\/B6dZvwdR0VUIC8xLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":200,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":983627,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9nNlAAEAGn19\/AAABfwAAAcMYH5CM06SLK3vm\/IAYAED+sQAAAQEICp1m\/B+dZvwfR0VUIC8xLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":201,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":985128,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCh5hAAEAGtJt\/AAABfwAAAcMaH5DK+b\/J7Nxpa4AYAED+tgAAAQEICp1m\/CGdZvwgR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":202,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":986549,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC6rNAAEAGUYB\/AAABfwAAAcMcH5BJJNLw4gK1PYAYAED+tgAAAQEICp1m\/CKdZvwiR0VUIC9iYWNrdXAuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":203,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":987889,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADABtBAAEAGNWZ\/AAABfwAAAcMeH5DVkj6SMBYRsYAYAED+tAAAAQEICp1m\/COdZvwjR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":204,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":989380,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAb4pAAEAGzKt\/AAABfwAAAcMgH5DktVfY9BOJ1YAYAED+tAAAAQEICp1m\/CWdZvwlR0VUIC9zaXRlLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":990805,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGkTtAAEAGqvR\/AAABfwAAAcMiH5BqAalni+2D0IAYAED+ugAAAQEICp1m\/CadZvwmR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":992188,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGaPFAAEAG0z5\/AAABfwAAAcMkH5B8x1CQWvOvzIAYAED+ugAAAQEICp1m\/CidZvwoR0VUIC8xMjcuMC4wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":993419,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFOFRAAEAGA91\/AAABfwAAAcMmH5DTogAzSwYGfYAYAED+uQAAAQEICp1m\/CmdZvwpR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":995700,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFLPBAAEAGD0F\/AAABfwAAAcMoH5DgsBSPBaIHeIAYAED+uQAAAQEICp1m\/CudZvwrR0VUIC8xMjdfMF8wXzEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":996847,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD0zFAAEAGaQF\/AAABfwAAAcMqH5Dy3etP7K3wrYAYAED+twAAAQEICp1m\/CydZvwsR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":998060,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDYPVAAEAG2z1\/AAABfwAAAcMsH5ARV1iTIbZBJoAYAED+twAAAQEICp1m\/C2dZvwtR0VUIC8xMjcuMC4wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":211,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420276,"pkt_ts_usec":999210,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADByvVAAEAGcT9\/AAABfwAAAcMuH5AHevKTkcnpoIAYAED+tQAAAQEICp1m\/C+dZvwvR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":212,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":353,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBBihAAEAGNg1\/AAABfwAAAcMwH5BEgD5FJ0MuU4AYAED+tQAAAQEICp1m\/DCdZvwwR0VUIC8xMjcwMC50YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":213,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":1528,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAM9pAAEAGCFx\/AAABfwAAAcMyH5CilAu7EPfGmYAYAED+tAAAAQEICp1m\/DGdZvwxR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":214,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":2675,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAUGZAAEAG689\/AAABfwAAAcM0H5Crr2gHBF6lfIAYAED+tAAAAQEICp1m\/DKdZvwyR0VUIC8xMjcwLnppcCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":215,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":4349,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBfrVAAEAGvX9\/AAABfwAAAcM2H5AiEUbRArZM2IAYAED+tQAAAQEICp1m\/DSdZvw0R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00622{"flow_id":216,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":6101,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBggJAAEAGujJ\/AAABfwAAAcM4H5AaCbpkhn3rTYAYAED+tQAAAQEICp1m\/DadZvw1R0VUIC8xMjcuMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":7925,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC7TtAAEAGTvh\/AAABfwAAAcM6H5D6jdVeqyQPZoAYAED+tgAAAQEICp1m\/DedZvw3R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":10459,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADChG5AAEAGt8V\/AAABfwAAAcM8H5BcKrwJSZEDE4AYAED+tgAAAQEICp1m\/DqdZvw6R0VUIC9iYWNrdXAuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":11883,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/sClAAEAGjA1\/AAABfwAAAcM+H5BuqIhDc4THFIAYAED+swAAAQEICp1m\/DudZvw7R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":13435,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/xzVAAEAGdQF\/AAABfwAAAcNAH5BZGv9XO\/ACDYAYAED+swAAAQEICp1m\/D2dZvw9R0VUIC8xMjcuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":14889,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAIeRAAEAGGlJ\/AAABfwAAAcNCH5DPShmIhuR59oAYAED+tAAAAQEICp1m\/D6dZvw+R0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":16394,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA415AAEAGWNd\/AAABfwAAAcNEH5AFlNs7Kigy04AYAED+tAAAAQEICp1m\/ECdZvxAR0VUIC9zaXRlLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":17801,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADConZAAEAGmb1\/AAABfwAAAcNGH5DVgZoTcsiCOoAYAED+tgAAAQEICp1m\/EGdZvxBR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":19028,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCTHZAAEAG771\/AAABfwAAAcNIH5DfPnQTJOA0c4AYAED+tgAAAQEICp1m\/EKdZvxCR0VUIC8xMjcwMDEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":20181,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCeAVAAEAGxC5\/AAABfwAAAcNKH5DAxUBlVYOEbYAYAED+tgAAAQEICp1m\/ESdZvxER0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":21389,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC3f5AAEAGXjV\/AAABfwAAAcNMH5AeDOWcmsl5CIAYAED+tgAAAQEICp1m\/EWdZvxFR0VUIC8xMjcwMDEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":23208,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9\/jtAAEAGPf1\/AAABfwAAAcNOH5DeVcZf0\/y26IAYAED+sQAAAQEICp1m\/EedZvxHR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":25753,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VlRAAEAG5eR\/AAABfwAAAcNQH5CjGG47rGEO3YAYAED+sQAAAQEICp1m\/EmdZvxJR0VUIC8xLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":27331,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAghpAAEAGuht\/AAABfwAAAcNSH5AdH7pxZz3Y6IAYAED+tAAAAQEICp1m\/EudZvxLR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":28728,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA6xtAAEAGURp\/AAABfwAAAcNUH5DAadNxZUvEiYAYAED+tAAAAQEICp1m\/EydZvxMR0VUIC8wLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":29987,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAF9FAAEAGJGV\/AAABfwAAAcNWH5ByeS+n3HjH64AYAED+tAAAAQEICp1m\/E2dZvxNR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":31205,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADASFpAAEAG89t\/AAABfwAAAcNYH5CIKHAy4FE5l4AYAED+tAAAAQEICp1m\/E+dZvxPR0VUIC8xMjcwLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":32468,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9MI5AAEAGC6t\/AAABfwAAAcNaH5DGiQjnE8I6SoAYAED+sQAAAQEICp1m\/FCdZvxQR0VUIC8wLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":33737,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9R6NAAEAG9JV\/AAABfwAAAcNcH5BSP3\/MbAOkN4AYAED+sQAAAQEICp1m\/FGdZvxRR0VUIC8wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":34954,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCi6hAAEAGsIt\/AAABfwAAAcNeH5CrCbPNtCCkdYAYAED+tgAAAQEICp1m\/FKdZvxSR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":36245,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCaYNAAEAG0rB\/AAABfwAAAcNgH5BETFHrIT\/7L4AYAED+tgAAAQEICp1m\/FSdZvxUR0VUIC9iYWNrdXAuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":37542,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADByHVAAEAGc79\/AAABfwAAAcNiH5AsIfAZ9PZ+lIAYAED+tQAAAQEICp1m\/FWdZvxVR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":40198,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBLYNAAEAGDrJ\/AAABfwAAAcNkH5B8OhXu0\/0OtIAYAED+tQAAAQEICp1m\/FidZvxXR0VUIC8xMjcwMC5jZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":41653,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJ0PZAAEAGazZ\/AAABfwAAAcNmH5D3m+iZ0R8Y8oAYAED+vQAAAQEICp1m\/FmdZvxZR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":42971,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJPvJAAEAG\/Tp\/AAABfwAAAcNoH5CMHAadHXRwyoAYAED+vQAAAQEICp1m\/FqdZvxaR0VUIC8xMjdfMF8wXzEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":44266,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCjwZAAEAGrS1\/AAABfwAAAcNqH5Br7rdq4TxVq4AYAED+tgAAAQEICp1m\/FydZvxcR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":45671,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCv9RAAEAGfF9\/AAABfwAAAcNsH5AFEofAoVDNroAYAED+tgAAAQEICp1m\/F2dZvxdR0VUIC8xMjcwMDEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":46948,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBTDZAAEAG7\/5\/AAABfwAAAcNuH5C8OnRaQfn7gYAYAED+tQAAAQEICp1m\/F6dZvxeR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":48138,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBa4BAAEAG0LR\/AAABfwAAAcNwH5C2s1MRi3VVO4AYAED+tQAAAQEICp1m\/GCdZvxfR0VUIC8wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":49368,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEjgBAAEAGrjF\/AAABfwAAAcNyH5D9QLWRKHRYjoAYAED+uAAAAQEICp1m\/GGdZvxhR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":50512,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEqilAAEAGkgh\/AAABfwAAAcN0H5AfdZJKMNG2kYAYAED+uAAAAQEICp1m\/GKdZvxiR0VUIC8xMjcuMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":247,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":51799,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFD2RAAEAGLM1\/AAABfwAAAcN2H5CQvDcOP8imdIAYAED+uQAAAQEICp1m\/GOdZvxjR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":54263,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFMyBAAEAGCRF\/AAABfwAAAcN4H5CwJQty\/UTYeoAYAED+uQAAAQEICp1m\/GadZvxmR0VUIC8xMjdfMF8wXzEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":55768,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBVOZAAEAG505\/AAABfwAAAcN6H5D0fGyVu01Ol4AYAED+tQAAAQEICp1m\/GedZvxnR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":57314,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBgcdAAEAGum1\/AAABfwAAAcN8H5AHG7m2UJwwhYAYAED+tQAAAQEICp1m\/GmdZvxpR0VUIC8xMjcuMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":58884,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB8E5AAEAGS+Z\/AAABfwAAAcN+H5BxG8g961ERj4AYAED+tQAAAQEICp1m\/GqdZvxqR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":252,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":60374,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB8w9AAEAGSSV\/AAABfwAAAcOAH5AJpMt9MSZkIYAYAED+tQAAAQEICp1m\/GydZvxsR0VUIC8xMjcuMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":253,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":61853,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDv8dAAEAGfGt\/AAABfwAAAcOCH5BIh4e15F5tqYAYAED+twAAAQEICp1m\/G2dZvxtR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":254,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":63221,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDTFBAAEAG7+J\/AAABfwAAAcOEH5DLhXRAbe\/JloAYAED+twAAAQEICp1m\/G+dZvxvR0VUIC8xMjcuMC4wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":255,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":64646,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCx41AAEAGdKZ\/AAABfwAAAcOGH5Ab+v\/67hwkoIAYAED+tgAAAQEICp1m\/HCdZvxwR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":256,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":66017,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC4+FAAEAGWFJ\/AAABfwAAAcOIH5A1wtuuFoHVMYAYAED+tgAAAQEICp1m\/HGdZvxxR0VUIC8xMjcwMDEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":257,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":67624,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCfFhAAEAGv9t\/AAABfwAAAcOKH5CRgEQl8Paa6IAYAED+tgAAAQEICp1m\/HOdZvxzR0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":258,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":70198,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCXGdAAEAG38x\/AAABfwAAAcOMH5AiiWQXZDyqFoAYAED+tgAAAQEICp1m\/HadZvx1R0VUIC8wLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":259,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":72030,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDQNZAAEAG+1x\/AAABfwAAAcOOH5A+53ionbjt1YAYAED+twAAAQEICp1m\/HedZvx3R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":260,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":74360,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDdgpAAEAGxih\/AAABfwAAAcOQH5DZ8k59fiDl9oAYAED+twAAAQEICp1m\/HqdZvx6R0VUIC8xMjcuMC4wLmNlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":260,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":261,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":75869,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9f6pAAEAGvI5\/AAABfwAAAcOSH5AexUfewusNb4AYAED+sQAAAQEICp1m\/HudZvx7R0VUIC8xLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":262,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":77220,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9i6BAAEAGsJh\/AAABfwAAAcOUH5B4uLPsGcILh4AYAED+sQAAAQEICp1m\/H2dZvx9R0VUIC8xLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":263,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":78547,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9VOpAAEAG505\/AAABfwAAAcOWH5Crf2yePds4BoAYAED+sQAAAQEICp1m\/H6dZvx+R0VUIC8xLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":264,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":79911,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DWxAAEAGLs1\/AAABfwAAAcOYH5CSvzUdCWfTlYAYAED+sQAAAQEICp1m\/H+dZvx\/R0VUIC8xLnBlbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":265,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":81623,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDZbZAAEAG1nx\/AAABfwAAAcOaH5Ap5V3Dc4s2n4AYAED+twAAAQEICp1m\/IGdZvyBR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":266,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":83098,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDEYFAAEAGKrJ\/AAABfwAAAcOcH5DxxikK7qXr+IAYAED+twAAAQEICp1m\/IOdZvyCR0VUIC8xMjcuMC4wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":267,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":84312,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFEhNAAEAGKh5\/AAABfwAAAcOeH5AvZipnVfZObIAYAED+uQAAAQEICp1m\/ISdZvyER0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":268,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":86608,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF4EhAAEAGW+h\/AAABfwAAAcOgH5AMu9gyVttcv4AYAED+uQAAAQEICp1m\/IadZvyGR0VUIC8xMjdfMF8wXzEucGVtIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":269,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":87816,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFByZAAEAGNQt\/AAABfwAAAcOiH5Ca4D9dxFiRCIAYAED+uQAAAQEICp1m\/IedZvyHR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00631{"flow_id":270,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":89203,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFHRdAAEAGHxp\/AAABfwAAAcOkH5BFAiVuc2g7y4AYAED+uQAAAQEICp1m\/ImdZvyJR0VUIC8xMjdfMF8wXzEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":271,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":90493,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCB4tAAEAGNKl\/AAABfwAAAcOmH5BcnD\/ywDswlIAYAED+tgAAAQEICp1m\/IqdZvyKR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":272,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":91733,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCHJtAAEAGH5l\/AAABfwAAAcOoH5BLfyTh3iqQcIAYAED+tgAAAQEICp1m\/IudZvyLR0VUIC9iYWNrdXAud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":273,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":93073,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCo9lAAEAGmFp\/AAABfwAAAcOqH5B0iJuvJFRwg4AYAED+tgAAAQEICp1m\/IydZvyMR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":274,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":94657,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCBM1AAEAGN2d\/AAABfwAAAcOsH5CyHDyzBNbaOYAYAED+tgAAAQEICp1m\/I6dZvyOR0VUIC9iYWNrdXAuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":275,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":96295,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCcsRAAEAGyW9\/AAABfwAAAcOuH5Drmkq5YpvrhoAYAED+tgAAAQEICp1m\/JCdZvyQR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":276,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":98048,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCRRhAAEAG9xt\/AAABfwAAAcOwH5DRhn1t\/ojAOIAYAED+tgAAAQEICp1m\/JGdZvyRR0VUIC8xMjcwMDEuY2VyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":277,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":100378,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC931JAAEAGXOZ\/AAABfwAAAcOyH5BYxOcsixzBAIAYAED+sQAAAQEICp1m\/JSdZvyUR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":278,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":106410,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9aFtAAEAG091\/AAABfwAAAcO0H5ATAFAmoohjQYAYAED+sQAAAQEICp1m\/JqdZvyaR0VUIC8wLmNlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":279,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":109391,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFvlhAAEAGfdh\/AAABfwAAAcO2H5BO24YshrKR94AYAED+uQAAAQEICp1m\/J2dZvydR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":280,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":113679,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF+v9AAEAGQTF\/AAABfwAAAcO4H5AzScKEmziDBYAYAED+uQAAAQEICp1m\/KGdZvyhR0VUIC8xMjcuMC4wLjEuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":281,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":115463,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAxXJAAEAGdsN\/AAABfwAAAcO6H5BPqv0Pb+YcGYAYAED+tAAAAQEICp1m\/KOdZvyjR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":282,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":116903,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAsDlAAEAGi\/x\/AAABfwAAAcO8H5B5M4hJ8rxYu4AYAED+tAAAAQEICp1m\/KSdZvykR0VUIC8xMjcwLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":283,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":118281,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBWpRAAEAG4aB\/AAABfwAAAcO+H5A50mLuGW1voYAYAED+tQAAAQEICp1m\/KadZvymR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":284,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":119654,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBojBAAEAGmgR\/AAABfwAAAcPAH5CoeZpSE7JOEoAYAED+tQAAAQEICp1m\/KedZvynR0VUIC8xMjcwMC5wZW0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":285,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":121003,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB1+ZAAEAGZE5\/AAABfwAAAcPCH5Dv1e9lqA5LqYAYAED+tQAAAQEICp1m\/KidZvyoR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":286,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":122225,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBr9xAAEAGjFh\/AAABfwAAAcPEH5A9f5dbU\/lctoAYAED+tQAAAQEICp1m\/KqdZvyqR0VUIC8xMjcwMC5zcWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":287,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":123735,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAYAxAAEAG3Cl\/AAABfwAAAcPGH5DSd1iLatlmxYAYAED+tAAAAQEICp1m\/KudZvyrR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":288,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":126136,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA98ZAAEAGRG9\/AAABfwAAAcPIH5D1l89GxMECdIAYAED+tAAAAQEICp1m\/K6dZvytR0VUIC9zaXRlLmVnZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":289,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":127488,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBPaVAAEAG\/o9\/AAABfwAAAcPKH5CdTAUjrG8+WIAYAED+tQAAAQEICp1m\/K+dZvyvR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":290,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":128691,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBZB5AAEAG2BZ\/AAABfwAAAcPMH5CtKVyfkMJlVIAYAED+tQAAAQEICp1m\/LCdZvywR0VUIC8xMjcuMC53YXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":291,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":130504,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JsdAAEAGFXJ\/AAABfwAAAcPOH5Ap0h5I7vzLNIAYAED+sQAAAQEICp1m\/LKdZvyyR0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":292,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":134035,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9UWBAAEAG6th\/AAABfwAAAcPQH5CgyWnegf\/5dIAYAED+sQAAAQEICp1m\/LWdZvy1R0VUIC8xLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":293,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":136034,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFelpAAEAGwdZ\/AAABfwAAAcPSH5CODELdlJWwD4AYAED+uQAAAQEICp1m\/LedZvy3R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":294,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":141226,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF+nFAAEAGQb9\/AAABfwAAAcPUH5Dn1sLrZe4ChoAYAED+uQAAAQEICp1m\/L2dZvy9R0VUIC8xMjcuMC4wLjEucGVtIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":295,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":142772,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHb5RAAEAGzJp\/AAABfwAAAcPWH5B0BVcY3NxdJYAYAED+uwAAAQEICp1m\/L6dZvy+R0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":296,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":144234,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHO5VAAEAGAJp\/AAABfwAAAcPYH5AuGgMWrL1WfYAYAED+uwAAAQEICp1m\/MCdZvzAR0VUIC9iYWNrdXAudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":297,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":145866,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADD1QZAAEAGZyx\/AAABfwAAAcPaH5AWHu2DG+Oig4AYAED+twAAAQEICp1m\/MGdZvzBR0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":298,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":148652,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDYFdAAEAG29t\/AAABfwAAAcPcH5BE+VjTl6\/NvYAYAED+twAAAQEICp1m\/MSdZvzER0VUIC8xMjcuMC4wLnRhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":299,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":153474,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCOn5AAEAGAbZ\/AAABfwAAAcPeH5C7hwL1asNzroAYAED+tgAAAQEICp1m\/MmdZvzJR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":300,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":155540,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCDytAAEAGLQl\/AAABfwAAAcPgH5C7IzeiGEGCK4AYAED+tgAAAQEICp1m\/MudZvzLR0VUIC8xMjcwMDEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":301,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":157338,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJ8y5AAEAGSP5\/AAABfwAAAcPiH5D9g8umqBgGFIAYAED+vQAAAQEICp1m\/M2dZvzNR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":302,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":159256,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJ4mhAAEAGWcR\/AAABfwAAAcPkH5ACw9rweorXCIAYAED+vQAAAQEICp1m\/M+dZvzPR0VUIC8xMjcuMC4wLjEudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":303,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":160595,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9m2BAAEAGoNh\/AAABfwAAAcPmH5DB5aPVANERlIAYAED+sQAAAQEICp1m\/NCdZvzQR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":304,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":162081,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9DilAAEAGLhB\/AAABfwAAAcPoH5AB6DautSQRQ4AYAED+sQAAAQEICp1m\/NKdZvzRR0VUIC8xLnRhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":305,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":164141,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFIABAAEAGHDF\/AAABfwAAAcPqH5Cuoid2XcqpP4AYAED+uQAAAQEICp1m\/NSdZvzTR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":306,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":165401,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFxNJAAEAGd15\/AAABfwAAAcPsH5ANevxccArVDoAYAED+uQAAAQEICp1m\/NWdZvzVR0VUIC8xMjcwMC50YXIuYnoyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":307,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":166545,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFbqBAAEAGzZB\/AAABfwAAAcPuH5Bs\/lYWJw4fzoAYAED+uQAAAQEICp1m\/NadZvzWR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":308,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":168851,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFNC9AAEAGCAJ\/AAABfwAAAcPwH5DG1AyisQj3YYAYAED+uQAAAQEICp1m\/NidZvzYR0VUIC8xMjcuMC4wLjEuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":309,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":170149,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDKQdAAEAGEyx\/AAABfwAAAcPyH5DtUBGKsAbmZ4AYAED+twAAAQEICp1m\/NqdZvzZR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":310,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":171229,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDFtRAAEAGJV9\/AAABfwAAAcP0H5DIKS5flUY6Y4AYAED+twAAAQEICp1m\/NudZvzbR0VUIC8xMjcuMC4wLndhciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":311,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":172681,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBjc9AAEAGrmV\/AAABfwAAAcP2H5CR+bVBDfA+SoAYAED+tQAAAQEICp1m\/NydZvzcR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":312,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":173981,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBJThAAEAGFv1\/AAABfwAAAcP4H5BkXx28+RQoaIAYAED+tQAAAQEICp1m\/N2dZvzdR0VUIC8xMjcuMC50Z3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":313,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":175229,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/vR9AAEAGfxd\/AAABfwAAAcP6H5AAgoWRJHk9poAYAED+swAAAQEICp1m\/N+dZvzfR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":314,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":176582,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/G85AAEAGIGl\/AAABfwAAAcP8H5A9SCNDeIAPvYAYAED+swAAAQEICp1m\/OCdZvzgR0VUIC8xMjcuamtzIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":315,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":177988,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAz0lAAEAGbOx\/AAABfwAAAcP+H5CCs\/fKIUNf1IAYAED+tAAAAQEICp1m\/OGdZvzhR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":316,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":179350,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAZxxAAEAG1Rl\/AAABfwAAAcQAH5BgPl+VSob0sYAYAED+tAAAAQEICp1m\/OOdZvzjR0VUIC9zaXRlLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":317,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":180644,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGTHlAAEAG77Z\/AAABfwAAAcQCH5A4KXT5upP6C4AYAED+ugAAAQEICp1m\/OSdZvzkR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":318,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":183009,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGDUpAAEAGLuZ\/AAABfwAAAcQEH5BEmzXIVOhE3IAYAED+ugAAAQEICp1m\/OadZvzmR0VUIC8xMjcuMC50YXIubHptYSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":319,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":184275,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAdAhAAEAGyC1\/AAABfwAAAcQGH5BYeUyXBV+uwoAYAED+tAAAAQEICp1m\/OidZvzoR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":320,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":185524,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADACsVAAEAGMXF\/AAABfwAAAcQIH5AHdTJUhgOj64AYAED+tAAAAQEICp1m\/OmdZvzpR0VUIC9zaXRlLnRneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":321,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":186754,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEtSBAAEAGhxF\/AAABfwAAAcQKH5BCRY2PbjuWH4AYAED+uAAAAQEICp1m\/OqdZvzqR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":322,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":187969,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEwZ1AAEAGepR\/AAABfwAAAcQMH5B2JfkLbDSLWoAYAED+uAAAAQEICp1m\/OudZvzrR0VUIC8xMjcudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":323,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":189508,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAxaRAAEAGdpF\/AAABfwAAAcQOH5BgW\/00es\/TMYAYAED+tAAAAQEICp1m\/O2dZvztR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":324,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":190836,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADACFhAAEAGM95\/AAABfwAAAcQQH5AQPjDI+venWYAYAED+tAAAAQEICp1m\/O6dZvzuR0VUIC8xMjcwLmFseiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":325,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":193119,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9hYJAAEAGtrZ\/AAABfwAAAcQSH5Cznr0TB99xxoAYAED+sQAAAQEICp1m\/PGdZvzwR0VUIC8wLmprcyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":326,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":194681,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JiRAAEAGFhV\/AAABfwAAAcQUH5CXxR6x507sMoAYAED+sQAAAQEICp1m\/PKdZvzyR0VUIC8wLmprcyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":327,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":196275,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADASbJAAEAG8oN\/AAABfwAAAcQWH5DgxXEkcLyXoIAYAED+tAAAAQEICp1m\/PSdZvz0R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":328,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":198845,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAjLtAAEAGr3p\/AAABfwAAAcQYH5DOSLQrVcLjaIAYAED+tAAAAQEICp1m\/PadZvz2R0VUIC8xMjcwLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":329,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":200280,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFaNRAAEAG01x\/AAABfwAAAcQaH5BzoVBHI7Wyn4AYAED+uQAAAQEICp1m\/PidZvz4R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00635{"flow_id":330,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":201800,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFz59AAEAGbJF\/AAABfwAAAcQcH5D4h\/cKGx\/I\/4AYAED+uQAAAQEICp1m\/PmdZvz5R0VUIC8xMjcuMC4wLjEudGd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":331,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":203191,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBfg5AAEAGviZ\/AAABfwAAAcQeH5A6WEaZ3wpBiYAYAED+tQAAAQEICp1m\/PudZvz7R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":332,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":204562,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBsIBAAEAGi7R\/AAABfwAAAcQgH5BX0ojsod\/7v4AYAED+tQAAAQEICp1m\/PydZvz8R0VUIC8xMjcwMC56aXAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":333,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":206208,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEp6FAAEAGlJB\/AAABfwAAAcQiH5DXnp8L7+WKyYAYAED+uAAAAQEICp1m\/P6dZvz+R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":334,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":207661,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADELblAAEAGDnl\/AAABfwAAAcQkH5A1yBUjW63h5IAYAED+uAAAAQEICp1m\/P+dZvz\/R0VUIC8xMjcwLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":335,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":209064,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDSgRAAEAG8i5\/AAABfwAAAcQmH5DZEXKVufuNq4AYAED+twAAAQEICp1m\/QCdZv0AR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":336,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":210284,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDtt9AAEAGhVN\/AAABfwAAAcQoH5DVr45M6gY7v4AYAED+twAAAQEICp1m\/QKdZv0CR0VUIC8xMjcuMC4wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":337,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":211474,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9XspAAEAG3W5\/AAABfwAAAcQqH5Bdf2ZfE+bMgYAYAED+sQAAAQEICp1m\/QOdZv0DR0VUIC8wLnRneiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":338,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":213780,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9v\/9AAEAGfDl\/AAABfwAAAcQsH5CYPYdrmayyCIAYAED+sQAAAQEICp1m\/QWdZv0FR0VUIC8wLnRneiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":339,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":215085,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCrDVAAEAGj\/5\/AAABfwAAAcQuH5DnZJSlMCY5doAYAED+tgAAAQEICp1m\/QedZv0GR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":340,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":216307,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC6alAAEAGUop\/AAABfwAAAcQwH5AB5dFAi0ifwYAYAED+tgAAAQEICp1m\/QidZv0IR0VUIC9iYWNrdXAuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":341,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":217546,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHXwtAAEAG3SN\/AAABfwAAAcQyH5CeyGeSqwnqXYAYAED+uwAAAQEICp1m\/QmdZv0JR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":342,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":218782,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHKPlAAEAGEzZ\/AAABfwAAAcQ0H5BMBRBwjCFtgIAYAED+uwAAAQEICp1m\/QqdZv0KR0VUIC8xMjcwMDEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":343,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":219997,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADE4jtAAEAGWfZ\/AAABfwAAAcQ2H5DSrNqhX1PVN4AYAED+uAAAAQEICp1m\/QudZv0LR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":344,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":221235,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEaVlAAEAG0th\/AAABfwAAAcQ4H5ChqlHP+pxqwIAYAED+uAAAAQEICp1m\/Q2dZv0NR0VUIC9zaXRlLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":345,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":222517,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCu\/NAAEAGgEB\/AAABfwAAAcQ6H5D46YNpMAqH8IAYAED+tgAAAQEICp1m\/Q6dZv0OR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":345,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":346,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":224141,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCyzFAAEAGcQJ\/AAABfwAAAcQ8H5A0R\/O25IFzRIAYAED+tgAAAQEICp1m\/RCdZv0PR0VUIC9iYWNrdXAudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":347,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":225870,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC90OxAAEAGa0x\/AAABfwAAAcQ+H5C1k+hxPtlM+IAYAED+sQAAAQEICp1m\/RGdZv0RR0VUIC8wLmFseiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":348,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":228559,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9wfFAAEAGekd\/AAABfwAAAcRAH5ChSfl1EHb5\/IAYAED+sQAAAQEICp1m\/RSdZv0UR0VUIC8wLmFseiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":349,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":229915,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB75lAAEAGTJt\/AAABfwAAAcRCH5BYYNcNJ8u6iIAYAED+tQAAAQEICp1m\/RWdZv0VR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":350,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":231112,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB77xAAEAGTHh\/AAABfwAAAcREH5CTV9cik40gf4AYAED+tQAAAQEICp1m\/RedZv0WR0VUIC8xMjcwMC5hbHogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":351,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":232415,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB9\/xAAEAGRDh\/AAABfwAAAcRGH5CWhs9n6ph7xIAYAED+tQAAAQEICp1m\/RidZv0YR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":352,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":233785,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB+aZAAEAGQo5\/AAABfwAAAcRIH5BuH8E5NSGMTIAYAED+tQAAAQEICp1m\/RmdZv0ZR0VUIC8xMjcuMC50YXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":353,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":235079,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF6elAAEAGUkd\/AAABfwAAAcRKH5Ao6tF83Ul6FYAYAED+uQAAAQEICp1m\/RudZv0aR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":354,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":236372,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFYRdAAEAG2xl\/AAABfwAAAcRMH5CsR1mJC42rtYAYAED+uQAAAQEICp1m\/RydZv0cR0VUIC9iYWNrdXAudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":355,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":237703,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/lsZAAEAGpXB\/AAABfwAAAcROH5CjIq5axoK2IoAYAED+swAAAQEICp1m\/R2dZv0dR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":356,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":239104,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HMpAAEAGH21\/AAABfwAAAcRQH5BQEyRWh8Tqd4AYAED+swAAAQEICp1m\/R+dZv0eR0VUIC8xMjcuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":357,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":240343,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGqKRAAEAGk4t\/AAABfwAAAcRSH5A2yZA9R5wqAoAYAED+ugAAAQEICp1m\/SCdZv0gR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":358,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":242532,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGoOxAAEAGm0N\/AAABfwAAAcRUH5C09Jh1W5zr34AYAED+ugAAAQEICp1m\/SKdZv0iR0VUIC9iYWNrdXAudGFyLmJ6MiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":359,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":243667,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIi9VAAEAGsFh\/AAABfwAAAcRWH5DRYLNOcO51UIAYAED+vAAAAQEICp1m\/SOdZv0jR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":360,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":244827,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIKHJAAEAGE7x\/AAABfwAAAcRYH5BlBxDwgejT24AYAED+vAAAAQEICp1m\/SSdZv0kR0VUIC8xMjcuMC4wLjEudGFyLmd6IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":361,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":246040,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF\/A9AAEAGQCF\/AAABfwAAAcRaH5B2IcSTgB9qe4AYAED+uQAAAQEICp1m\/SWdZv0lR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":362,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":247302,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFi69AAEAGsIF\/AAABfwAAAcRcH5D\/WbMzZ3h33IAYAED+uQAAAQEICp1m\/SedZv0nR0VUIC8xMjdfMF8wXzEud2FyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":363,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":248614,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDpjtAAEAGlfd\/AAABfwAAAcReH5CBd56aTxXXOIAYAED+twAAAQEICp1m\/SidZv0oR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":364,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":249842,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDeldAAEAGwdt\/AAABfwAAAcRgH5A4o0L2zMH\/yIAYAED+twAAAQEICp1m\/SmdZv0pR0VUIC8xMjcuMC4wLnppcCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":364,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":365,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":252103,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCJxNAAEAGFSF\/AAABfwAAAcRiH5BR2x+x8C2V44AYAED+tgAAAQEICp1m\/SydZv0rR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":366,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":253760,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADClhFAAEAGpiJ\/AAABfwAAAcRkH5B3iK6vsi1CtIAYAED+tgAAAQEICp1m\/S2dZv0tR0VUIC8xMjcudGFyLmd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":367,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":255865,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/zTlAAEAGbv1\/AAABfwAAAcRmH5BLoPWWHSfpPoAYAED+swAAAQEICp1m\/S+dZv0vR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":368,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":258859,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/W9xAAEAG4Fp\/AAABfwAAAcRoH5D01mN5gVzP14AYAED+swAAAQEICp1m\/TKdZv0yR0VUIC8xMjcuZWdnIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":369,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":260361,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF4tJAAEAGWV5\/AAABfwAAAcRqH5C3Btp0g+NrSIAYAED+uQAAAQEICp1m\/TSdZv00R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":370,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":261681,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFGk1AAEAGIeR\/AAABfwAAAcRsH5AZ8SLp80IPEIAYAED+uQAAAQEICp1m\/TWdZv01R0VUIC8xMjdfMF8wXzEuemlwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.zip","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":371,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":263023,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/qndAAEAGkb9\/AAABfwAAAcRuH5AQK5LXaKY1oYAYAED+swAAAQEICp1m\/TadZv02R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":372,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":264475,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/DxVAAEAGLSJ\/AAABfwAAAcRwH5D+vze4KlHK9oAYAED+swAAAQEICp1m\/TidZv04R0VUIC8xMjcuc3FsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":373,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":266896,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKoqhAAEAGmYN\/AAABfwAAAcRyH5D4dpoDoX2CwIAYAED+vgAAAQEICp1m\/TqdZv06R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":374,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":268328,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKWilAAEAG4gJ\/AAABfwAAAcR0H5DTe2KDABhOQYAYAED+vgAAAQEICp1m\/TydZv08R0VUIC8xMjdfMF8wXzEudGFyLmx6bWEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":375,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":269680,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/XglAAEAG3i1\/AAABfwAAAcR2H5D4uGaj1sX5qYAYAED+swAAAQEICp1m\/T2dZv09R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":376,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":270959,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/A5hAAEAGOJ9\/AAABfwAAAcR4H5CBQjs0aZw5xIAYAED+swAAAQEICp1m\/T6dZv0+R0VUIC8xMjcuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":377,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":272396,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA729AAEAGTMZ\/AAABfwAAAcR6H5Cm4tfMZrHSAYAYAED+tAAAAQEICp1m\/UCdZv1AR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":378,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":274824,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAlOZAAEAGp09\/AAABfwAAAcR8H5CKg6xDWKPSxIAYAED+tAAAAQEICp1m\/UKdZv1CR0VUIC8xLnRhci5neiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":379,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":276135,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9in1AAEAGsbt\/AAABfwAAAcR+H5AyA7LdjyrNp4AYAED+sQAAAQEICp1m\/USdZv1DR0VUIC8wLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":380,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":277374,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC906lAAEAGaI9\/AAABfwAAAcSAH5AxZOsBFr\/0GYAYAED+sQAAAQEICp1m\/UWdZv1FR0VUIC8wLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":381,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":278597,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCR05AAEAG9OV\/AAABfwAAAcSCH5Cv93\/sjlpOBIAYAED+tgAAAQEICp1m\/UadZv1GR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":382,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":279793,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCyNdAAEAGc1x\/AAABfwAAAcSEH5CsG\/B+ct073oAYAED+tgAAAQEICp1m\/UedZv1HR0VUIC9iYWNrdXAudGFyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/backup.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":383,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":281016,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFYHdAAEAG27l\/AAABfwAAAcSGH5C8uFjeIpIdX4AYAED+uQAAAQEICp1m\/UidZv1IR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":384,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":282293,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFoI1AAEAGm6N\/AAABfwAAAcSIH5D0M5gk0yESEIAYAED+uQAAAQEICp1m\/UqdZv1KR0VUIC8xMjcuMC4wLjEuc3FsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.1.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":385,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":283610,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDBOlAAEAGN0p\/AAABfwAAAcSKH5Dv6jxQN18efIAYAED+twAAAQEICp1m\/UudZv1LR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":386,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":284833,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDCzNAAEAGMQB\/AAABfwAAAcSMH5CEzzOZEWOd+IAYAED+twAAAQEICp1m\/UydZv1MR0VUIC8xMjcuMC4wLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":387,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":286042,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9CzBAAEAGMQl\/AAABfwAAAcSOH5AKIDOIyoTTQIAYAED+sQAAAQEICp1m\/U2dZv1NR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":388,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":288855,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9JlVAAEAGFeR\/AAABfwAAAcSQH5Clfx76D\/AiGIAYAED+sQAAAQEICp1m\/VCdZv1QR0VUIC8xLmVnZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":389,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":291186,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCVkJAAEAG5fF\/AAABfwAAAcSSH5BxEW7rgO+zGYAYAED+tgAAAQEICp1m\/VOdZv1SR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":390,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":292582,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC9VNAAEAGRuB\/AAABfwAAAcSUH5A3Js37LMn8joAYAED+tgAAAQEICp1m\/VSdZv1UR0VUIC8xMjcwMDEudGd6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tgz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":391,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":293954,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB0lRAAEAGaeB\/AAABfwAAAcSWH5D4eer6AmSqt4AYAED+tQAAAQEICp1m\/VWdZv1VR0VUIC8xLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":392,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":295461,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBgrRAAEAGuYB\/AAABfwAAAcSYH5BqProaPd\/PWYAYAED+tQAAAQEICp1m\/VedZv1XR0VUIC8xLnRhci5iejIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":392,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":393,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":296970,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFhERAAEAGt+x\/AAABfwAAAcSaH5DLx7zvpnN3coAYAED+uQAAAQEICp1m\/VidZv1YR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":393,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":394,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":298381,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFkbNAAEAGqn1\/AAABfwAAAcScH5DniakeYsnjE4AYAED+uQAAAQEICp1m\/VqdZv1aR0VUIC8xMjcwMDEudGFyLmd6IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":394,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":395,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":299833,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADATXFAAEAG7sR\/AAABfwAAAcSeH5C5OnXDLQhZdIAYAED+tAAAAQEICp1m\/VudZv1bR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":396,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":301190,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAvp1AAEAGfZh\/AAABfwAAAcSgH5BBBoY3\/wT40oAYAED+tAAAAQEICp1m\/V2dZv1dR0VUIC8xMjcwLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":397,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":302321,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADG+c1AAEAGQmJ\/AAABfwAAAcSiH5Dkc8Fn99puBYAYAED+ugAAAQEICp1m\/V6dZv1eR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":398,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":304642,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGn2FAAEAGnM5\/AAABfwAAAcSkH5ABoKfybJgPqoAYAED+ugAAAQEICp1m\/WCdZv1gR0VUIC8xMjcwMDEudGFyLmJ6MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":399,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":306067,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBq8lAAEAGkGt\/AAABfwAAAcSmH5B085NqCLeHfoAYAED+tQAAAQEICp1m\/WGdZv1hR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":400,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":307316,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBE+BAAEAGKFV\/AAABfwAAAcSoH5A\/FCtx8eapa4AYAED+tQAAAQEICp1m\/WOdZv1jR0VUIC8xMjcwMC5qa3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.jks","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":401,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":308511,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBd5tAAEAGxJl\/AAABfwAAAcSqH5Asxk83LE5RU4AYAED+tQAAAQEICp1m\/WSdZv1kR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":402,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":309635,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB9HRAAEAGR8B\/AAABfwAAAcSsH5BlTMzeEpcpJ4AYAED+tQAAAQEICp1m\/WWdZv1lR0VUIC8xMjcwMC5lZ2cgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.egg","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":403,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":310753,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFcQdAAEAGyyl\/AAABfwAAAcSuH5C\/jUmrZ8IhxYAYAED+uQAAAQEICp1m\/WadZv1mR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":404,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":311909,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFdZ1AAEAGxpN\/AAABfwAAAcSwH5BGIE0sZXhTqYAYAED+uQAAAQEICp1m\/WedZv1nR0VUIC8xMjdfMF8wXzEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":405,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":313149,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADESF9AAEAG89J\/AAABfwAAAcSyH5CXAnDudCS+HoAYAED+uAAAAQEICp1m\/WmdZv1oR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":406,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":314359,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEBf5AAEAGNjR\/AAABfwAAAcS0H5ApMj1NA0MOSIAYAED+uAAAAQEICp1m\/WqdZv1qR0VUIC8xMjcwMC50YXIuZ3ogSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/12700.tar.gz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":407,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":315564,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADC35NAAEAGXKB\/AAABfwAAAcS2H5BI6+ciGxVy6IAYAED+tgAAAQEICp1m\/WudZv1rR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":408,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":317905,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCBO9AAEAGN0V\/AAABfwAAAcS4H5BQkTxdjeN4aIAYAED+tgAAAQEICp1m\/W2dZv1tR0VUIC8xLnRhci5sem1hIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1.tar.lzma","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":409,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":319548,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAyGZAAEAGc89\/AAABfwAAAcS6H5BukfDWpxxv14AYAED+tAAAAQEICp1m\/W+dZv1vR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":410,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":321175,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAwiFAAEAGehR\/AAABfwAAAcS8H5DDVvqu6KD2KYAYAED+tAAAAQEICp1m\/XGdZv1xR0VUIC9zaXRlLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":411,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":322959,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBuGlAAEAGg8t\/AAABfwAAAcS+H5BzjYDWLFz9IYAYAED+tQAAAQEICp1m\/XKdZv1yR0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":412,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":324283,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADB11JAAEAGZOJ\/AAABfwAAAcTAH5DtMO\/kM\/E\/tYAYAED+tQAAAQEICp1m\/XSdZv10R0VUIC8xMjcuMC5jZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":413,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":325585,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC96FRAAEAGU+R\/AAABfwAAAcTCH5AdeNDi26Tri4AYAED+sQAAAQEICp1m\/XWdZv11R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":414,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":326920,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC95+5AAEAGVEp\/AAABfwAAAcTEH5Cz199gOp5CH4AYAED+sQAAAQEICp1m\/XadZv12R0VUIC8wLnBlbSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.pem","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":415,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":328331,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAqSFAAEAGkxR\/AAABfwAAAcTGH5DtDpGsIyeJWoAYAED+tAAAAQEICp1m\/XidZv14R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":416,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":329673,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA2JJAAEAGY6N\/AAABfwAAAcTIH5BNx+AlanMTuoAYAED+tAAAAQEICp1m\/XmdZv15R0VUIC8xMjcwLndhciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/1270.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":417,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":331057,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHC9ZAAEAGMFl\/AAABfwAAAcTKH5CiFTNhL7Iog4AYAED+uwAAAQEICp1m\/XqdZv16R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":418,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":333556,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHgXtAAEAGurN\/AAABfwAAAcTMH5Cx2rnNvwRWuoAYAED+uwAAAQEICp1m\/X2dZv19R0VUIC8xMjcuMC4wLnRhci5iejIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.0.0.tar.bz2","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":419,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":334962,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFmcZAAEAGomp\/AAABfwAAAcTOH5DYYKFyIBNeYIAYAED+uQAAAQEICp1m\/X6dZv1+R0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":420,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":336308,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFO7NAAEAGAH5\/AAABfwAAAcTQH5BUXAMIX4xO7oAYAED+uQAAAQEICp1m\/YCdZv2AR0VUIC8xMjdfMF8wXzEuY2VyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.cer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":421,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":337884,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9OaFAAEAGAph\/AAABfwAAAcTSH5DijwEqjka6TYAYAED+sQAAAQEICp1m\/YGdZv2BR0VUIC8wLnNxbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":422,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":339492,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9fmNAAEAGvdV\/AAABfwAAAcTUH5Bm6EbY23UeBoAYAED+sQAAAQEICp1m\/YOdZv2DR0VUIC8wLnNxbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnNpdGVmaWxlcykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/0.sql","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":423,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":340964,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADF759AAEAGTJF\/AAABfwAAAcTWH5AedNcrGvcoYYAYAED+uQAAAQEICp1m\/YSdZv2ER0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":424,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":342249,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFUDJAAEAG6\/5\/AAABfwAAAcTYH5DWhmiIUA3tU4AYAED+uQAAAQEICp1m\/YadZv2GR0VUIC8xMjdfMF8wXzEuYWx6IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127_0_0_1.alz","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":425,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":343500,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA2wlAAEAGYSx\/AAABfwAAAcTaH5BjP+Ox5vZroYAYAED+tAAAAQEICp1m\/YedZv2HR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":426,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":344673,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAn6BAAEAGnJV\/AAABfwAAAcTcH5DwnKcnILktrYAYAED+tAAAAQEICp1m\/YidZv2IR0VUIC9zaXRlLndhciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":427,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":345789,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/HTtAAEAGHvx\/AAABfwAAAcTeH5D3FiWCONN3YoAYAED+swAAAQEICp1m\/YmdZv2JR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":428,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":347952,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/ZRVAAEAG1yF\/AAABfwAAAcTgH5Bb9F2rFITQsoAYAED+swAAAQEICp1m\/YudZv2LR0VUIC8xMjcud2FyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127.war","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":429,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":349135,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCefJAAEAGwkF\/AAABfwAAAcTiH5DNN0FKl3iI04AYAED+tgAAAQEICp1m\/Y2dZv2MR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c2l0ZWZpbGVzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":430,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":350664,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCI4FAAEAGGLN\/AAABfwAAAcTkH5CTwxvH1PwL8oAYAED+tgAAAQEICp1m\/Y6dZv2OR0VUIC8xMjcwMDEudGFyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzaXRlZmlsZXMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/127001.tar","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:sitefiles)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":431,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":352372,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBrJpAAEAGj5p\/AAABfwAAAcTmH5B1JpQjd4rcfoAYAED+tQAAAQEICp1m\/ZCdZv2QR0VUIC9mYXZpY29uLmljbyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":432,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":354296,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKIPlAAEAGGzN\/AAABfwAAAcToH5DzJBhOnEiKeoAYAED+vgAAAQEICp1m\/ZKdZv2SR0VUIC9mYXZpY29ucy9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":433,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":355768,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBHndAAEAGHb5\/AAABfwAAAcTqH5Ag4SbPDIJk5IAYAED+tQAAAQEICp1m\/ZOdZv2TR0VUIC9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":434,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":357108,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKgAdAAEAGvCR\/AAABfwAAAcTsH5DBK7i\/eaGnm4AYAED+vgAAAQEICp1m\/ZWdZv2UR0VUIC9mYXZpY29ucy9mYXZpY29uLmdpZiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.gif","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":435,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":358502,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADByl9AAEAGcdV\/AAABfwAAAcTuH5C2YPLn77QmvYAYAED+tQAAAQEICp1m\/ZadZv2WR0VUIC9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":436,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":359853,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADK7Z9AAEAGTox\/AAABfwAAAcTwH5DcrNUiTS0awIAYAED+vgAAAQEICp1m\/ZedZv2XR0VUIC9mYXZpY29ucy9mYXZpY29uLnBuZyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6ZmF2aWNvbikNCg0K"}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/favicons\/favicon.png","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00612{"flow_id":437,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":361200,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"AAAAAAAAAAAAAAAACABFAAC2klBAAEAGqe9\/AAABfwAAAcTyH5D2pKrzJKNAbIAYAED+qgAAAQEICp1m\/ZmdZv2ZR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OmZhdmljb24pDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:favicon)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00712{"flow_id":438,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":375874,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"AAAAAAAAAAAAAAAACABFAAEBYRtAAEAG2tl\/AAABfwAAAcUGH5Bwr1nakn6kY4AYAED+9QAAAQEICp1m\/aedZv2nR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00712{"flow_id":439,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":378907,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"AAAAAAAAAAAAAAAACABFAAEBjFVAAEAGr59\/AAABfwAAAcUIH5BgqrSU8g64oYAYAED+9QAAAQEICp1m\/aqdZv2qR0VUIC8gSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":440,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":381164,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKrtxAAEAGjQ9\/AAABfwAAAcUKH5Ddg5Yc5mMQaoAYAED+\/gAAAQEICp1m\/a2dZv2sR0VUIC9hZG1pbi5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":441,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":383565,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"AAAAAAAAAAAAAAAACABFAAES8w1AAEAGSNZ\/AAABfwAAAcUMH5A5v8vLlyOw2IAYAED\/BgAAAQEICp1m\/a+dZv2vR0VUIC9hZG1pbmlzdHJhdG9yLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/administrator.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":442,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":386403,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"pkt":"AAAAAAAAAAAAAAAACABFAAEO1qdAAEAGZUB\/AAABfwAAAcUOH5C5aO5oSApQ3oAYAED\/AgAAAQEICp1m\/bKdZv2yR0VUIC9hdXRoTG9naW4uY2dpIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/authLogin.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":443,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":387952,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAEL0qJAAEAGaUh\/AAABfwAAAcUQH5BC7upk6xmcJIAYAED+\/wAAAQEICp1m\/bOdZv2zR0VUIC9iYi1oaXN0LnNoIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-hist.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":444,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":389650,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAELgRJAAEAGuth\/AAABfwAAAcUSH5B08bnUX64J5YAYAED+\/wAAAQEICp1m\/bWdZv21R0VUIC9iYW5uZXIuY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/banner.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00723{"flow_id":445,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":391275,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJF\/tAAEAGI\/J\/AAABfwAAAcUUH5B+1S87jYTLUoAYAED+\/QAAAQEICp1m\/bedZv23R0VUIC9ib29rLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/book.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":446,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":392796,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEM+RhAAEAGQtF\/AAABfwAAAcUWH5DPIMHTViTvW4AYAED\/AAAAAQEICp1m\/bidZv24R0VUIC9jZ2lpbmZvLmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgiinfo.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00726{"flow_id":447,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":394390,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAELY9VAAEAG2BV\/AAABfwAAAcUYH5AazFsY4\/xNyIAYAED+\/wAAAQEICp1m\/bqdZv26R0VUIC9jZ2l0ZXN0LnB5IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgitest.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":448,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":395932,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEMSAFAAEAG8+h\/AAABfwAAAcUaH5B7UH87Bk0XQYAYAED\/AAAAAQEICp1m\/budZv27R0VUIC9jZ2lfd3JhcHBlciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi_wrapper","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":449,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":398454,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEMKndAAEAGEXN\/AAABfwAAAcUcH5BMbxKxdmdFb4AYAED\/AAAAAQEICp1m\/b6dZv2+R0VUIC9jb250YWN0LmNnaSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/contact.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00726{"flow_id":450,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":399804,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEK9YVAAEAGRmZ\/AAABfwAAAcUeH5Br181GQEYmBIAYAED+\/gAAAQEICp1m\/b+dZv2\/R0VUIC9jb3VudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/count.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00737{"flow_id":451,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":401208,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"AAAAAAAAAAAAAAAACABFAAETxAhAAEAGd9p\/AAABfwAAAcUgH5CMzvzBXE4TboAYAED\/BwAAAQEICp1m\/cGdZv3BR0VUIC9kZWZhdWx0d2VicGFnZS5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/defaultwebpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00730{"flow_id":452,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":402551,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENn\/9AAEAGm+l\/AAABfwAAAcUiH5Cfgqc8sQq4SIAYAED\/AQAAAQEICp1m\/cKdZv3CR0VUIC9kb3dubG9hZC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/download.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":453,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":403806,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"AAAAAAAAAAAAAAAACABFAAESp5VAAEAGlE5\/AAABfwAAAcUkH5At0J9VXKwRhYAYAED\/BgAAAQEICp1m\/cOdZv3DR0VUIC9lbnRyb3B5c2VhcmNoLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/entropysearch.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":454,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":405059,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEI2lVAAEAGYZh\/AAABfwAAAcUmH5ARUOKViVHVaYAYAED+\/AAAAQEICp1m\/cSdZv3ER0VUIC9lbnYuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":252,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/env.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":455,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":406307,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"AAAAAAAAAAAAAAAACABFAAEQ2p9AAEAGYUZ\/AAABfwAAAcUoH5D43eJbIwWC0IAYAED\/BAAAAQEICp1m\/cadZv3GR0VUIC9lbnZpcm9ubWVudC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":252,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00805{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/environment.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":456,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":407565,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENbStAAEAGzr1\/AAABfwAAAcUqH5C5flXvg270eYAYAED\/AQAAAQEICp1m\/cedZv3HR0VUIC9lem1sbS1icm93c2UgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ezmlm-browse","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":457,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":409274,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENkcFAAEAGqid\/AAABfwAAAcUsH5BKNKl4Ee+JJYAYAED\/AQAAAQEICp1m\/cmdZv3JR0VUIC9mb3JtbWFpbC5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/formmail.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00737{"flow_id":458,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":410519,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"AAAAAAAAAAAAAAAACABFAAEToPJAAEAGmvB\/AAABfwAAAcUuH5CLPJg5VfIqUIAYAED\/BwAAAQEICp1m\/cqdZv3KR0VUIC9Gb3JtTWFpbC1jbG9uZS5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/FormMail-clone.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":459,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":412887,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"pkt":"AAAAAAAAAAAAAAAACABFAAEOAyBAAEAGOMh\/AAABfwAAAcUwH5BOyzvYEAppQYAYAED\/AgAAAQEICp1m\/cydZv3MR0VUIC9ndWVzdGJvb2suY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":460,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":414591,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENCPdAAEAGMvJ\/AAABfwAAAcUyH5A4wTA94El3uoAYAED\/AQAAAQEICp1m\/c6dZv3OR0VUIC9oZWxwZGVzay5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/helpdesk.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":461,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":416339,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgptAAEAGuVB\/AAABfwAAAcU0H5CIJLpUcW+qJoAYAED+\/gAAAQEICp1m\/dCdZv3QR0VUIC9pbmRleC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":462,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":417869,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKMxlAAEAGCNN\/AAABfwAAAcU2H5CRJgvewUykPIAYAED+\/gAAAQEICp1m\/dGdZv3RR0VUIC9pbmRleC5waHAgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":463,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":419261,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJrmtAAEAGjYF\/AAABfwAAAcU4H5CXuZakZnwUBoAYAED+\/QAAAQEICp1m\/dOdZv3TR0VUIC9pbmRleC5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00722{"flow_id":464,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":420755,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJZRVAAEAG1td\/AAABfwAAAcU6H5C6AV3ZPf\/xToAYAED+\/QAAAQEICp1m\/dSdZv3UR0VUIC9pbmZvLmNnaSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":465,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":422349,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0gtAAEAGaeJ\/AAABfwAAAcU8H5DcN+rDzEDc2oAYAED+\/AAAAQEICp1m\/dadZv3WR0VUIC9pbmZvLnNoIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/info.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":466,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":423701,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENVqhAAEAG5UB\/AAABfwAAAcU+H5CeOW5utt+cAoAYAED\/AQAAAQEICp1m\/dedZv3XR0VUIC9sb2FkcGFnZS5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/loadpage.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":467,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":425039,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKJkVAAEAGFad\/AAABfwAAAcVAH5DPeB6QOQhEGoAYAED+\/gAAAQEICp1m\/didZv3YR0VUIC9sb2dpbi5jZ2kgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":468,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":426469,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKG0lAAEAGIKN\/AAABfwAAAcVCH5Dr2SOM+8VpkIAYAED+\/gAAAQEICp1m\/dqdZv3aR0VUIC9sb2dpbi5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00723{"flow_id":469,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":428767,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJsHVAAEAGi3d\/AAABfwAAAcVEH5DgV4i\/xF\/y64AYAED+\/QAAAQEICp1m\/dydZv3cR0VUIC9sb2dpbi5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":470,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":429957,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEMTIBAAEAG72l\/AAABfwAAAcVGH5AiwXS0u+SpZoAYAED\/AAAAAQEICp1m\/d2dZv3dR0VUIC9wYXRodGVzdC5wbCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pathtest.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00716{"flow_id":471,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":431101,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"AAAAAAAAAAAAAAAACABFAAEE5XFAAEAGVoB\/AAABfwAAAcVIH5CqQt2jzObFZYAYAED++AAAAQEICp1m\/d+dZv3eR0VUIC9waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00716{"flow_id":472,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":432249,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"AAAAAAAAAAAAAAAACABFAAEFeJtAAEAGw1V\/AAABfwAAAcVKH5AUwUBY1pIiyIAYAED++QAAAQEICp1m\/eCdZv3gR0VUIC9waHA0IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php4","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00716{"flow_id":473,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":433508,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"AAAAAAAAAAAAAAAACABFAAEFSMVAAEAG8yt\/AAABfwAAAcVMH5DeS3AOoHbKrYAYAED++QAAAQEICp1m\/eGdZv3hR0VUIC9waHA1IEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php5","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":474,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":434806,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEI0WFAAEAGaox\/AAABfwAAAcVOH5BRy+mS7UbDZYAYAED+\/AAAAQEICp1m\/eKdZv3iR0VUIC9waHAtY2dpIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":475,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":436058,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEIqnVAAEAGkXh\/AAABfwAAAcVQH5Bll5K9uysWxoAYAED+\/AAAAQEICp1m\/eOdZv3jR0VUIC9waHAuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":476,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":437279,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJlAhAAEAGp+R\/AAABfwAAAcVSH5AUHqzKqBdRL4AYAED+\/QAAAQEICp1m\/eWdZv3lR0VUIC9waHAuZmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/php.fcgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00722{"flow_id":477,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":438472,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJhwhAAEAGtOR\/AAABfwAAAcVUH5Cc4b\/Kjk5kuIAYAED+\/QAAAQEICp1m\/eadZv3mR0VUIC9wcmludGVudiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/printenv","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00737{"flow_id":478,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":439728,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"AAAAAAAAAAAAAAAACABFAAETyIlAAEAGc1l\/AAABfwAAAcVWH5DyzvBYc36tz4AYAED\/BwAAAQEICp1m\/eedZv3nR0VUIC9yZXN0b3JlX2NvbmZpZy5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/restore_config.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00723{"flow_id":479,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":442090,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEICV1AAEAGMpF\/AAABfwAAAcVYH5Aa\/jGM\/2VZ0IAYAED+\/AAAAQEICp1m\/eqdZv3pR0VUIC9ydWJ5LnJiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ruby.rb","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00720{"flow_id":480,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":443304,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"AAAAAAAAAAAAAAAACABFAAEH1YJAAEAGZmx\/AAABfwAAAcVaH5CqXO1RjdaXCYAYAED++wAAAQEICp1m\/eudZv3rR0VUIC9zZWFyY2ggSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":481,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":444929,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAELsxNAAEAGiNd\/AAABfwAAAcVcH5B0n4vBZle5N4AYAED+\/wAAAQEICp1m\/eydZv3sR0VUIC9zZWFyY2guY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/search.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":482,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":446649,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAELQstAAEAG+R9\/AAABfwAAAcVeH5AckXoZTNNhQ4AYAED+\/wAAAQEICp1m\/e6dZv3uR0VUIC9zZXJ2ZXIucGhwIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/server.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":483,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":448411,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"AAAAAAAAAAAAAAAACABFAAEHr2pAAEAGjIR\/AAABfwAAAcVgH5ABL5e76\/gzuYAYAED++wAAAQEICp1m\/fCdZv3wR0VUIC9zdGF0dXMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/status","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00726{"flow_id":484,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":449923,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AAAAAAAAAAAAAAAACABFAAELeuBAAEAGwQp\/AAABfwAAAcViH5Bf0UINj\/XlzYAYAED+\/wAAAQEICp1m\/fGdZv3xR0VUIC9zeXNpbmZvLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sysinfo.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00717{"flow_id":485,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":451287,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"AAAAAAAAAAAAAAAACABFAAEFPsFAAEAG\/S9\/AAABfwAAAcVkH5CmDwZuBlGlyYAYAED++QAAAQEICp1m\/fOdZv3zR0VUIC90ZXN0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":486,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":452923,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJ+UlAAEAGQqN\/AAABfwAAAcVmH5C1jMGV60p+W4AYAED+\/QAAAQEICp1m\/fSdZv30R0VUIC90ZXN0LWNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":487,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":454483,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"AAAAAAAAAAAAAAAACABFAAEJpZBAAEAGllx\/AAABfwAAAcVoH5CGpZ1eF0nj7YAYAED+\/QAAAQEICp1m\/fadZv32R0VUIC90ZXN0LmNnaSBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":488,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":455962,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENkNNAAEAGqxV\/AAABfwAAAcVqH5AR5agGdIx514AYAED\/AQAAAQEICp1m\/fedZv33R0VUIC90ZXN0X2NnaS5waHAgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":489,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":458428,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AAAAAAAAAAAAAAAACABFAAENOM9AAEAGAxp\/AAABfwAAAcVsH5CGwwAaI+XJXIAYAED\/AQAAAQEICp1m\/fqdZv36R0VUIC90ZXN0LmNnaS5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.cgi.php","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":490,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":459765,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEMfPpAAEAGvu9\/AAABfwAAAcVuH5CbL0QudOlGT4AYAED\/AAAAAQEICp1m\/fudZv37R0VUIC90ZXN0X2NnaS5wbCBIVFRQLzEuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test_cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":491,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":460921,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEMyD1AAEAGc6x\/AAABfwAAAcVwH5BPvfDvcLTsqIAYAED\/AAAAAQEICp1m\/fydZv38R0VUIC90ZXN0LWNnaS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test-cgi.pl","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":492,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":462051,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEIoLlAAEAGmzR\/AAABfwAAAcVyH5A1vJhjWIrHxIAYAED+\/AAAAQEICp1m\/f2dZv39R0VUIC90ZXN0LnB5IEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.py","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00721{"flow_id":493,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":463162,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEILLBAAEAGDz5\/AAABfwAAAcV0H5AN6xR8l7l+o4AYAED+\/AAAAQEICp1m\/f+dZv3+R0VUIC90ZXN0LnNoIEhUVFAvMS4xDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/test.sh","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":494,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":464286,"pkt_caplen":284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":284,"pkt_l4_len":250,"pkt":"AAAAAAAAAAAAAAAACABFAAEOUvlAAEAG6O5\/AAABfwAAAcV2H5BXVWoitNrsWoAYAED\/AgAAAQEICp1m\/gCdZv4AR0VUIC90bVVuYmxvY2suY2dpIEhUVFAvMS4xDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tmUnblock.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":495,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":465461,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEKgUVAAEAGuqZ\/AAABfwAAAcV4H5AZ0bmWzQ36cYAYAED+\/gAAAQEICp1m\/gGdZv4BR0VUIC91bmFtZS5jZ2kgSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpSZWZlcmVyOiAoKSB7IF87IH0gPl9bJCgkKCkpXSB7IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzg6IHRydWU7IGVjaG87ZWNobzsgfQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uname.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":496,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":466738,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"AAAAAAAAAAAAAAAACABFAAEM2vpAAEAGYO9\/AAABfwAAAcV6H5AtBOIv4uMLlYAYAED\/AAAAAQEICp1m\/gKdZv4CR0VUIC92aWV3Y3ZzLmNnaSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogKCkgeyA6OyB9OyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02MjcxOiB0cnVlO2VjaG87ZWNobzsNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCg0K"}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewcvs.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00722{"flow_id":497,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":467985,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEITytAAEAG7MJ\/AAABfwAAAcV8H5BFlnf\/97sS7IAYAED+\/AAAAQEICp1m\/gOdZv4DR0VUIC93ZWxjb21lIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiAoKSB7IDo7IH07IGVjaG8gOTNlNHIwLUNWRS0yMDE0LTYyNzE6IHRydWU7ZWNobztlY2hvOw0KUmVmZXJlcjogKCkgeyBfOyB9ID5fWyQoJCgpKV0geyBlY2hvIDkzZTRyMC1DVkUtMjAxNC02Mjc4OiB0cnVlOyBlY2hvO2VjaG87IH0NCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/welcome","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":498,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":469234,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"AAAAAAAAAAAAAAAACABFAAEK4AFAAEAGW+p\/AAABfwAAAcV+H5B29+cpQb7It4AYAED+\/gAAAQEICp1m\/gWdZv4FR0VUIC93aG9pcy5jZ2kgSFRUUC8xLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQoNCg=="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/whois.cgi","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00713{"flow_id":499,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":471551,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"AAAAAAAAAAAAAAAACABFAAEB0rpAAEAGaTp\/AAABfwAAAcWAH5AE8+pw+\/3ZB4AYAED+9QAAAQEICp1m\/gedZv4HR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6ICgpIHsgOjsgfTsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3MTogdHJ1ZTtlY2hvO2VjaG87DQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENClJlZmVyZXI6ICgpIHsgXzsgfSA+X1skKCQoKSldIHsgZWNobyA5M2U0cjAtQ1ZFLTIwMTQtNjI3ODogdHJ1ZTsgZWNobztlY2hvOyB9DQoNCg=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","11":"HTTP Suspicious User-Agent","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"() { :; }; echo 93e4r0-CVE-2014-6271: true;echo;echo;"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_id":500,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":473478,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"AAAAAAAAAAAAAAAACABFAADnqaNAAEAGkmt\/AAABfwAAAcWCH5DlqJF6VmPeaYAYAED+2wAAAQEICp1m\/gmdZv4JR0VUIC8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi8uLi9ldGMvc2hhZG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpkaXNod2FzaGVyKQ0KDQo="}
-00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/..\/etc\/shadow","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:dishwasher)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00813{"flow_id":501,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":474795,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"pkt":"AAAAAAAAAAAAAAAACABFAAFN5cZAAEAGVeJ\/AAABfwAAAcWEH5A2eN0dBhBSM4AYAED\/QQAAAQEICp1m\/gqdZv4KR0VUIC8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiAleyNjb250ZXh0Wydjb20ub3BlbnN5bXBob255Lnh3b3JrMi5kaXNwYXRjaGVyLkh0dHBTZXJ2bGV0UmVzcG9uc2UnXS5hZGRIZWFkZXIoJ05pa3RvLUFkZGVkLUNWRS0yMDE3LTU2MzgnLDcqNil9Lm11bHRpcGFydC9mb3JtLWRhdGENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpzdHJ1dHNob2NrKQ0KDQo="}
-00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00829{"flow_id":502,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":477258,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"AAAAAAAAAAAAAAAACABFAAFZtP1AAEAGhp9\/AAABfwAAAcWGH5CUg4wjlAViUYAYAED\/TQAAAQEICp1m\/g2dZv4NR0VUIC9pbmRleC5hY3Rpb24gSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogJXsjY29udGV4dFsnY29tLm9wZW5zeW1waG9ueS54d29yazIuZGlzcGF0Y2hlci5IdHRwU2VydmxldFJlc3BvbnNlJ10uYWRkSGVhZGVyKCdOaWt0by1BZGRlZC1DVkUtMjAxNy01NjM4Jyw3KjYpfS5tdWx0aXBhcnQvZm9ybS1kYXRhDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6c3RydXRzaG9jaykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00829{"flow_id":503,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":478863,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"AAAAAAAAAAAAAAAACABFAAFZjkpAAEAGrVJ\/AAABfwAAAcWIH5BLo7aS1iADwIAYAED\/TQAAAQEICp1m\/g6dZv4OR0VUIC9sb2dpbi5hY3Rpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OnN0cnV0c2hvY2spDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6ICV7I2NvbnRleHRbJ2NvbS5vcGVuc3ltcGhvbnkueHdvcmsyLmRpc3BhdGNoZXIuSHR0cFNlcnZsZXRSZXNwb25zZSddLmFkZEhlYWRlcignTmlrdG8tQWRkZWQtQ1ZFLTIwMTctNTYzOCcsNyo2KX0ubXVsdGlwYXJ0L2Zvcm0tZGF0YQ0KDQo="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.action","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:strutshock)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00616{"flow_id":504,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":480378,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"AAAAAAAAAAAAAAAACABFAAC6N0ZAAEAGBPZ\/AAABfwAAAcWKH5D5Xg+fNMDiFYAYAED+rgAAAQEICp1m\/hCdZv4QR0VUIC92Mi9fY2F0YWxvZyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/v2\/_catalog","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":505,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":488587,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHoFdAAEAGm9d\/AAABfwAAAcWMH5DDZpiKMo58\/IAYAED+uwAAAQEICp1m\/hidZv4YR0VUIC9jZmFwcG1hbi9pbmRleC5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxMykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfappman\/index.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000013)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":506,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":490454,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAAAAAAAAAAAAACABFAADZlJRAAEAGp4h\/AAABfwAAAcWOH5DTxKxPH2zSx4AYAED+zQAAAQEICp1m\/hqdZv4aR0VUIC9jZmRvY3MvZXhhbXBsZXMvY3ZiZWFucy9iZWFuaW5mby5jZm0gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNCkNCg0K"}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/cvbeans\/beaninfo.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000014)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":507,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":491643,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"AAAAAAAAAAAAAAAACABFAADVNLZAAEAGB2t\/AAABfwAAAcWQH5BQIAxp\/aIKGoAYAED+yQAAAQEICp1m\/hudZv4bR0VUIC9jZmRvY3MvZXhhbXBsZXMvcGFya3MvZGV0YWlsLmNmbSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/examples\/parks\/detail.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000015)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":508,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":492807,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"AAAAAAAAAAAAAAAACABFAAC8BNZAAEAGN2R\/AAABfwAAAcWSH5DUDzwKrTgLpoAYAED+sAAAAQEICp1m\/hydZv4cR0VUIC9rYm9hcmQvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/kboard\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000016)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":509,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":495016,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBe7BAAEAGwIR\/AAABfwAAAcWUH5BTWUN0U4buRIAYAED+tQAAAQEICp1m\/h6dZv4eR0VUIC9saXN0cy9hZG1pbi8gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/lists\/admin\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000017)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":510,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":496203,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEE4xAAEAGKKZ\/AAABfwAAAcWWH5AfSitVmmsDJoAYAED+uAAAAQEICp1m\/iCdZv4gR0VUIC9zcGxhc2hBZG1pbi5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAxOCkNCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/splashAdmin.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000018)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":511,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":497320,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"AAAAAAAAAAAAAAAACABFAAC8mG1AAEAGo8x\/AAABfwAAAcWYH5Bl4KC2nOMxboAYAED+sAAAAQEICp1m\/iGdZv4hR0VUIC9zc2RlZnMvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDE5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ssdefs\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000019)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":512,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":498475,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"AAAAAAAAAAAAAAAACABFAAC88otAAEAGSa5\/AAABfwAAAcWaH5CxdspY+6ys9YAYAED+sAAAAQEICp1m\/iKdZv4iR0VUIC9zc2hvbWUvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/sshome\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000020)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00616{"flow_id":513,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":499578,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"AAAAAAAAAAAAAAAACABFAAC61XNAAEAGZsh\/AAABfwAAAcWcH5BK5u2wb4yQmIAYAED+rgAAAQEICp1m\/iOdZv4jR0VUIC90aWtpLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDIxKQ0KDQo="}
-00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000021)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":514,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":500692,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKj49AAEAGrJx\/AAABfwAAAcWeH5BxerdT3YbEDoAYAED+vgAAAQEICp1m\/iSdZv4kR0VUIC90aWtpL3Rpa2ktaW5zdGFsbC5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDAyMikNCg0K"}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/tiki\/tiki-install.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000022)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00644{"flow_id":515,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":501875,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"AAAAAAAAAAAAAAAACABFAADQ2RZAAEAGYw9\/AAABfwAAAcWgH5BlMeHM00k6b4AYAED+xAAAAQEICp1m\/iWdZv4lR0VUIC9zY3JpcHRzL3NhbXBsZXMvZGV0YWlscy5pZGMgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwMjMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":223,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/samples\/details.idc","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000023)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00692{"flow_id":516,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":503893,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"AAAAAAAAAAAAAAAACABFAADzlctAAEAGpjd\/AAABfwAAAcWiH5BEoK0q6pkm3YAYAED+5wAAAQEICp1m\/iedZv4nR0VUIC9mb3J1bWRpc3BsYXkucGhwP0dMT0JBTFNcW1xdPTEmZj0yJmNvbW1hPVwiLnN5c3RlbVwoJ2lkJ1wpXC5cIiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDA3MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":223,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumdisplay.php?GLOBALS\\[\\]=1&f=2&comma=\\\".system\\('id'\\)\\.\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000070)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00641{"flow_id":517,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":505145,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"AAAAAAAAAAAAAAAACABFAADNh+tAAEAGtD1\/AAABfwAAAcWkH5AZpL8K5\/crh4AYAED+wQAAAQEICp1m\/imdZv4oR0VUIC9ndWVzdGJvb2svZ3Vlc3Rib29rLmh0bWwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAwNzEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/guestbook\/guestbook.html","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000071)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00648{"flow_id":518,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":506345,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"AAAAAAAAAAAAAAAACABFAADSOPFAAEAGAzN\/AAABfwAAAcWmH5AZrAAQDbKHy4AYAED+xgAAAQEICp1m\/iqdZv4qR0VUIC9odG1sL2NnaS1iaW4vY2dpY3NvP3F1ZXJ5PUFBQSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMDcyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/html\/cgi-bin\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000072)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":519,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":509149,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAAAAAAACABFAADGjRRAAEAGrxt\/AAABfwAAAcWoH5A27bX0CottMYAYAED+ugAAAQEICp1m\/i2dZv4sR0VUIC9iYi1kbmJkL2ZheHN1cnZleSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE0MikNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/bb-dnbd\/faxsurvey","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000142)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":520,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":510739,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBP59AAEAG\/JV\/AAABfwAAAcWqH5D7oQd9r6h8pYAYAED+tQAAAQEICp1m\/i6dZv4uR0VUIC9jYXJ0Y2FydC5jZ2kgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDMpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cartcart.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000143)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00644{"flow_id":521,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":512058,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"AAAAAAAAAAAAAAAACABFAADQQ2ZAAEAG+L9\/AAABfwAAAcWsH5AIFXuH0ihJCIAYAED+xAAAAQEICp1m\/i+dZv4vR0VUIC9zY3JpcHRzL0NhcmVsbG8vQ2FyZWxsby5kbGwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAxNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/Carello\/Carello.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000144)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":522,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":513298,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9L\/9AAEAGDDp\/AAABfwAAAcWuH5CdEhcgbNGBkoAYAED+sQAAAQEICp1m\/jGdZv4xR0VUIC93LWFnb3JhLyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDE4MykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/w-agora\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000183)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00660{"flow_id":523,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":515238,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"AAAAAAAAAAAAAAAACABFAADcMJVAAEAGC4V\/AAABfwAAAcWwH5AAUQhya1uvboAYAED+0AAAAQEICp1m\/jOdZv4zR0VUIC9jZ2ktbG9jYWwvY2dpZW1haWwtMS42L2NnaWNzbz9xdWVyeT1BQUEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDQpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-local\/cgiemail-1.6\/cgicso?query=AAA","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000344)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00644{"flow_id":524,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":516646,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"AAAAAAAAAAAAAAAACABFAADO6rNAAEAGUXR\/AAABfwAAAcWyH5BduNJTZLl5JoAYAED+wgAAAQEICp1m\/jSdZv40R0VUIC9zZXJ2bGV0L1NjaGVkdWxlclRyYW5zZmVyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDAzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000345)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00652{"flow_id":525,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":518010,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AAAAAAAAAAAAAAAACABFAADWgsZAAEAGuVl\/AAABfwAAAcW0H5A6eLoo9CriDoAYAED+ygAAAQEICp1m\/jWdZv41R0VUIC9zZXJ2bGV0L3N1bmV4YW1wbGVzLkJCb2FyZFNlcnZsZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlet\/sunexamples.BBoardServlet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000346)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":526,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":519337,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"AAAAAAAAAAAAAAAACABFAADPVxFAAEAG5RV\/AAABfwAAAcW2H5BSXG\/tRc4oyoAYAED+wwAAAQEICp1m\/jedZv43R0VUIC9zZXJ2bGV0cy9TY2hlZHVsZXJUcmFuc2ZlciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDM0NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_tot_l4_data_len":184,"flow_min_l4_data_len":184,"flow_max_l4_data_len":184,"flow_avg_l4_data_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/servlets\/SchedulerTransfer","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000347)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":527,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":520947,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"AAAAAAAAAAAAAAAACABFAADMFYpAAEAGJqB\/AAABfwAAAcW4H5AzUC1t6XmH4oAYAED+wAAAAQEICp1m\/jidZv44R0VUIC9wZXJsLy1lJTIwcHJpbnQlMjBIZWxsbyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwMzUyKQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_tot_l4_data_len":184,"flow_min_l4_data_len":184,"flow_max_l4_data_len":184,"flow_avg_l4_data_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20print%20Hello","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000352)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00657{"flow_id":528,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":522567,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"AAAAAAAAAAAAAAAACABFAADYfsdAAEAGvVZ\/AAABfwAAAcW6H5DDSkYijR1boIAYAED+zAAAAQEICp1m\/jqdZv46R0VUIC9jL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyKy9PRyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c\/winnt\/system32\/cmd.exe?\/c+dir+\/OG","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000491)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00704{"flow_id":529,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":525111,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"pkt":"AAAAAAAAAAAAAAAACABFAAD8VQBAAEAG5vl\/AAABfwAAAcW8H5BNImwcgJPNrYAYAED+8AAAAQEICp1m\/j2dZv48R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000494)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00704{"flow_id":530,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":526315,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"pkt":"AAAAAAAAAAAAAAAACABFAAD8wPBAAEAGewl\/AAABfwAAAcW+H5C+lvgMjxfu9IAYAED+8AAAAQEICp1m\/j6dZv4+R0VUIC9tc2FkYy8uLiUyNTVjLi4vLi4lMjU1Yy4uLy4uJTI1NWMuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpcitjOiU1YyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMDQ5NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir+c:%5c","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000495)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":531,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":527534,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"AAAAAAAAAAAAAAAACABFAADOGxtAAEAGIQ1\/AAABfwAAAcXAH5ABqiP992RjDoAYAED+wgAAAQEICp1m\/j+dZv4\/R0VUIC9tc2FkYy9zYW1wbGVzL2FkY3Rlc3QuYXNwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAwNDk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/samples\/adctest.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000496)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_id":532,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":528897,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"AAAAAAAAAAAAAAAACABFAADdW\/pAAEAG4B5\/AAABfwAAAcXCH5D1lWMf6eFgloAYAED+0QAAAQEICp1m\/kCdZv5AR0VUIC9hdGhlbmFyZWcucGhwP3Bhc3M9JTIwO2NhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDA2NjcpDQoNCg=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/athenareg.php?pass=%20;cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:000667)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00644{"flow_id":533,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":534064,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"AAAAAAAAAAAAAAAACABFAADO4OJAAEAGW0V\/AAABfwAAAcXEH5B2FdgIExVLAoAYAED+wgAAAQEICp1m\/kWdZv5FR0VUIC9jZC1jZ2kvc3NjZF9zdW5jb3VyaWVyLnBsIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cd-cgi\/sscd_suncourier.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001067)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":534,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":535464,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAAAAAAAAAAAAAAACABFAADEalJAAEAG0d9\/AAABfwAAAcXGH5Ak\/VK4qoIqcIAYAED+uAAAAQEICp1m\/kedZv5HR0VUIC9jZ2ktYmluL2hhbmRsZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA2OSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001069)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00684{"flow_id":535,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":536708,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"AAAAAAAAAAAAAAAACABFAADsKwtAAEAGEP9\/AAABfwAAAcXIH5DuMhPiKIF7BYAYAED+4AAAAQEICp1m\/kidZv5IR0VUIC9jZ2ktYmluL2hhbmRsZXIvbmV0c29uYXI7Y2F0IC9ldGMvcGFzc3dkfD9kYXRhPURvd25sb2FkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/handler\/netsonar;cat \/etc\/passwd|?data=Download","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001070)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":536,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":537718,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIaaFAAEAG0ox\/AAABfwAAAcXKH5CUxlF4c7zrSYAYAED+vAAAAQEICp1m\/kmdZv5JR0VUIC9jZ2ktYmluL3dlYmRpc3QuY2dpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzEpDQoNCg=="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/webdist.cgi","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001071)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":537,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":538938,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"AAAAAAAAAAAAAAAACABFAADL1l9AAEAGZct\/AAABfwAAAcXMH5AhiO62DmMqh4AYAED+vwAAAQEICp1m\/kqdZv5KR0VUIC9EQjRXZWIvMTAuMTAuMTAuMTA6MTAwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/DB4Web\/10.10.10.10:100","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001072)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":538,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":540439,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"AAAAAAAAAAAAAAAACABFAADPftlAAEAGvU1\/AAABfwAAAcXOH5DRSkY\/0jWbSIAYAED+wwAAAQEICp1m\/kydZv5MR0VUIC9ld3MvZXdzL2FyY2hpdGV4dF9xdWVyeS5wbCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDczKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ews\/ews\/architext_query.pl","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001073)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":539,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":543080,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI031AAEAGaLB\/AAABfwAAAcXQH5AqpOuTqUte6oAYAED+vAAAAQEICp1m\/k+dZv5OR0VUIC9leGVjL3Nob3cvY29uZmlnL2NyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMDc0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/exec\/show\/config\/cr","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001074)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00644{"flow_id":540,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":544533,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"AAAAAAAAAAAAAAAACABFAADPHndAAEAGHbB\/AAABfwAAAcXSH5BxSyag9dSEBYAYAED+wwAAAQEICp1m\/lCdZv5QR0VUIC9pbnN0YW50d2VibWFpbC9tZXNzYWdlLnBocCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA3NSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/instantwebmail\/message.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001075)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":541,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":546020,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAAAAAAAAAAAAACABFAADZI0FAAEAGGNx\/AAABfwAAAcXUH5D0qBvWdLImZ4AYAED+zQAAAQEICp1m\/lGdZv5RR0VUIC9jZmRvY3Mvc25pcHBldHMvZ2V0dGVtcGRpcmVjdG9yeS5jZm0gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEwNzYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cfdocs\/snippets\/gettempdirectory.cfm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001076)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00648{"flow_id":542,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":547962,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"AAAAAAAAAAAAAAAACABFAADT6e9AAEAGUjN\/AAABfwAAAcXWH5DaBdEHtMEbgIAYAED+xwAAAQEICp1m\/lOdZv5TR0VUIC9kb3N0dWZmLnBocD9hY3Rpb249bW9kaWZ5X3VzZXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTA5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/dostuff.php?action=modify_user","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001091)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":543,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":549570,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIKVFAAEAGEt1\/AAABfwAAAcXYH5AE3RGlWDKVx4AYAED+vAAAAQEICp1m\/lWdZv5VR0VUIC9sb2dqYW0vc2hvd2hpdHMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTU3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/logjam\/showhits.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001157)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":544,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":550951,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"AAAAAAAAAAAAAAAACABFAAC\/wwtAAEAGeSt\/AAABfwAAAcXaH5CLi\/vjqeJa6IAYAED+swAAAQEICp1m\/ladZv5WR0VUIC9tYW51YWwucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/manual.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001158)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":545,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":552259,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAAAAAAAAAAAAACABFAADZ8pVAAEAGSYd\/AAABfwAAAcXcH5AUWcqAeMmTFYAYAED+zQAAAQEICp1m\/lidZv5YR0VUIC9tb2RzL2FwYWdlL2FwYWdlLmNnaT9mPWZpbGUuaHRtLnxpZHwgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/mods\/apage\/apage.cgi?f=file.htm.|id|","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001159)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00700{"flow_id":546,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":553594,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAAAAAAAAAAAAAAACABFAAD6YiVAAEAG2dZ\/AAABfwAAAcXeH5DIEFrQ9+zWrIAYAED+7gAAAQEICp1m\/lmdZv5ZR0VUIC9tb2R1bGVzLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00818{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":235,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001160)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00709{"flow_id":547,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":554859,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"AAAAAAAAAAAAAAAACABFAAD\/xMZAAEAGdzB\/AAABfwAAAcXgH5A8ZfwprHRx4oAYAED+8wAAAQEICp1m\/lqdZv5aR0VUIC9udWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTYxKQ0KDQo="}
-00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":235,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/nuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001161)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":548,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":556270,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"pkt":"AAAAAAAAAAAAAAAACABFAADi3pNAAEAGXYB\/AAABfwAAAcXiH5AliOZ9pOzTK4AYAED+1gAAAQEICp1m\/lydZv5cR0VUIC9wZXJsLy1lJTIwJTIyc3lzdGVtKCdjYXQlMjAvZXRjL3Bhc3N3ZCcpO1wlMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":236,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":236,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/perl\/-e%20%22system('cat%20\/etc\/passwd');\\%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001162)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00709{"flow_id":549,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":558919,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"AAAAAAAAAAAAAAAACABFAAEAA3dAAEAGOH9\/AAABfwAAAcXkH5CI\/DuZGQJJI4AYAED+9AAAAQEICp1m\/l6dZv5eR0VUIC9waHBudWtlL2h0bWwvLnBocD9uYW1lPU5ldHdvcmtfVG9vbHMmZmlsZT1pbmRleCZmdW5jPXBpbmdfaG9zdCZoaW5wdXQ9JTNCaWQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDExNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":236,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":236,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00838{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/html\/.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001163)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00712{"flow_id":550,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":560204,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"AAAAAAAAAAAAAAAACABFAAECBD1AAEAGN7d\/AAABfwAAAcXmH5DeDzzWjlOxJoAYAED+9gAAAQEICp1m\/mCdZv5gR0VUIC9waHBudWtlL21vZHVsZXMucGhwP25hbWU9TmV0d29ya19Ub29scyZmaWxlPWluZGV4JmZ1bmM9cGluZ19ob3N0JmhpbnB1dD0lM0JpZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpnuke\/modules.php?name=Network_Tools&file=index&func=ping_host&hinput=%3Bid","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001164)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":551,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":561470,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFzD1AAEAGb\/N\/AAABfwAAAcXoH5BUiPTWm6mSyIAYAED+uQAAAQEICp1m\/mGdZv5hR0VUIC9Qcm9ncmFtJTIwRmlsZXMvIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/Program%20Files\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001165)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":552,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":562744,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAFKZAAEAGJ5B\/AAABfwAAAcXqH5AjeyxLwwFcDYAYAED+tAAAAQEICp1m\/mKdZv5iR0VUIC9zbXNzZW5kLnBocCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY2KQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":552,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/smssend.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001166)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":553,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":564046,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"AAAAAAAAAAAAAAAACABFAADYoI5AAEAGm49\/AAABfwAAAcXsH5AgHJhkU1YzMYAYAED+zAAAAQEICp1m\/mOdZv5jR0VUIC9wbHMvc2ltcGxlZGFkL2FkbWluXy9kYWRlbnRyaWVzLmh0bSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMTY3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pls\/simpledad\/admin_\/dadentries.htm","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001167)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":554,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":565303,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAAAAAAAAAAAAAAACABFAADKFqFAAEAGJYt\/AAABfwAAAcXuH5Ag7S5xgHE61oAYAED+vgAAAQEICp1m\/mWdZv5lR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9wd2QgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1MykNCg0K"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/pwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001253)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":555,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":566524,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAAAAAAAAAAAAACABFAADZY3pAAEAG2KJ\/AAABfwAAAcXwH5Bf2FuYp3IH4oAYAED+zQAAAQEICp1m\/madZv5mR0VUIC9sZXZlbC8xNi9leGVjLy0vLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/-\/\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001254)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":556,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":567763,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9ybtAAEAGcn1\/AAABfwAAAcXyH5BbOPFKogxutoAYAED+sQAAAQEICp1m\/medZv5nR0VUIC9sZXZlbC8xNiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU1KQ0KDQo="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001255)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":557,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":568978,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDBTJAAEAGNwF\/AAABfwAAAcX0H5Cobz3BWm\/3E4AYAED+twAAAQEICp1m\/midZv5oR0VUIC9sZXZlbC8xNi9leGVjLyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjU2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001256)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00652{"flow_id":558,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":570281,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"AAAAAAAAAAAAAAAACABFAADVrDFAAEAGj+9\/AAABfwAAAcX2H5DQ55TgYEZuMYAYAED+yQAAAQEICp1m\/mqdZv5qR0VUIC9sZXZlbC8xNi9leGVjLy9zaG93L2FjY2Vzcy1saXN0cyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show\/access-lists","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001257)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00664{"flow_id":559,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":572971,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"AAAAAAAAAAAAAAAACABFAADf3g5AAEAGXgh\/AAABfwAAAcX4H5Dm0Ob+nlg5uYAYAED+0wAAAQEICp1m\/mydZv5sR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2NvbmZpZ3VyYXRpb24gSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI1OCkNCg0K"}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/configuration","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001258)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00660{"flow_id":560,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":574489,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"AAAAAAAAAAAAAAAACABFAADcDd9AAEAGLjt\/AAABfwAAAcX6H5DZiDUt3Agrh4AYAED+0AAAAQEICp1m\/m6dZv5uR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001259)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00672{"flow_id":561,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":575857,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"AAAAAAAAAAAAAAAACABFAADj4RhAAEAGWvp\/AAABfwAAAcX8H5B4Mdnl8T5RpIAYAED+1wAAAQEICp1m\/m+dZv5vR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L2ludGVyZmFjZXMvc3RhdHVzIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjApDQoNCg=="}
-00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/interfaces\/status","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001260)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00656{"flow_id":562,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":577232,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAAAAAAAAAAAAACABFAADZSeNAAEAG8jl\/AAABfwAAAcX+H5DfuHEUhorfS4AYAED+zQAAAQEICp1m\/nGdZv5xR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3ZlcnNpb24gSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_tot_l4_data_len":227,"flow_min_l4_data_len":227,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/version","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001261)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00696{"flow_id":563,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":578708,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AAAAAAAAAAAAAAAACABFAAD3GI1AAEAGI3J\/AAABfwAAAcYAH5BPCyB6v01M8IAYAED+6wAAAQEICp1m\/nKdZv5yR0VUIC9sZXZlbC8xNi9sZXZlbC8xNi9leGVjLy9zaG93L3J1bm5pbmctY29uZmlnL2ludGVyZmFjZS9GYXN0RXRoZXJuZXQgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTI2MikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_tot_l4_data_len":227,"flow_min_l4_data_len":227,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/level\/16\/exec\/\/show\/running-config\/interface\/FastEthernet","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001262)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":564,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":580200,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIjaNAAEAGrop\/AAABfwAAAcYCH5DxgrVTaB5HZIAYAED+vAAAAQEICp1m\/nSdZv50R0VUIC9sZXZlbC8xNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/16\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001263)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":565,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":581906,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI2jFAAEAGYfx\/AAABfwAAAcYEH5BCjuLdnOtotYAYAED+vAAAAQEICp1m\/nWdZv51R0VUIC9sZXZlbC8xNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/17\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001264)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":566,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":583459,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIW7pAAEAG4HN\/AAABfwAAAcYGH5CxzGNMmxSh6IAYAED+vAAAAQEICp1m\/nedZv53R0VUIC9sZXZlbC8xOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/18\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001265)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":567,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":584853,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIKRRAAEAGExp\/AAABfwAAAcYIH5CpMBHnxNoUUoAYAED+vAAAAQEICp1m\/nidZv54R0VUIC9sZXZlbC8xOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjYpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/19\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001266)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":568,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":586207,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIukpAAEAGgeN\/AAABfwAAAcYKH5AiT4K97CCbIYAYAED+vAAAAQEICp1m\/nqdZv56R0VUIC9sZXZlbC8yMC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjY3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/20\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001267)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":569,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":588914,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIUb5AAEAG6m9\/AAABfwAAAcYMH5BdL2lKom\/agYAYAED+vAAAAQEICp1m\/nydZv58R0VUIC9sZXZlbC8yMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/21\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001268)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":570,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":590524,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIMkhAAEAGCeZ\/AAABfwAAAcYOH5Ck4gq0tTkM3YAYAED+vAAAAQEICp1m\/n6dZv5+R0VUIC9sZXZlbC8yMi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNjkpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/22\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001269)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":571,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":592115,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIGgdAAEAGIid\/AAABfwAAAcYQH5AVMSL0hIVMXoAYAED+vAAAAQEICp1m\/oCdZv5\/R0VUIC9sZXZlbC8yMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjcwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/23\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001270)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":572,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":593670,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI3vBAAEAGXT1\/AAABfwAAAcYSH5AD6eYZLZCITIAYAED+vAAAAQEICp1m\/oGdZv6BR0VUIC9sZXZlbC8yNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/24\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001271)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":573,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":595276,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIjYJAAEAGrqt\/AAABfwAAAcYUH5BJPLV3Xqa0Y4AYAED+vAAAAQEICp1m\/oOdZv6DR0VUIC9sZXZlbC8yNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/25\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001272)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":574,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":597037,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI4QFAAEAGWyx\/AAABfwAAAcYWH5APltgJOmv38YAYAED+vAAAAQEICp1m\/oSdZv6ER0VUIC9sZXZlbC8yNi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjczKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/26\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001273)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":575,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":598656,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIuK1AAEAGg4B\/AAABfwAAAcYYH5AkxYBd7ezrAoAYAED+vAAAAQEICp1m\/oadZv6GR0VUIC9sZXZlbC8yNy9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzQpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/27\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001274)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":576,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":600311,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIQiNAAEAG+gp\/AAABfwAAAcYaH5DTCnrawy0BcYAYAED+vAAAAQEICp1m\/oidZv6IR0VUIC9sZXZlbC8yOC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/28\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001275)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":577,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":602135,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIalZAAEAG0dd\/AAABfwAAAcYcH5BVA1KtKWKiFYAYAED+vAAAAQEICp1m\/oqdZv6JR0VUIC9sZXZlbC8yOS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":577,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/29\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001276)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":578,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":604078,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIeUZAAEAGwud\/AAABfwAAAcYeH5Dj\/UG+lxmHS4AYAED+vAAAAQEICp1m\/oudZv6LR0VUIC9sZXZlbC8zMC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/30\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001277)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":579,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":607028,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADISctAAEAG8mJ\/AAABfwAAAcYgH5D3W3ExGI1+2IAYAED+vAAAAQEICp1m\/o6dZv6OR0VUIC9sZXZlbC8zMS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyNzgpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/31\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001278)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":580,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":608428,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIARxAAEAGOxJ\/AAABfwAAAcYiH5DcsTnhkT\/ypIAYAED+vAAAAQEICp1m\/pCdZv6QR0VUIC9sZXZlbC8zMi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjc5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/32\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001279)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":581,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":609821,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIVW1AAEAG5sB\/AAABfwAAAcYkH5Dpym2S0+8SfoAYAED+vAAAAQEICp1m\/pGdZv6RR0VUIC9sZXZlbC8zMy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjgwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/33\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001280)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":582,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":611243,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIEPFAAEAGKz1\/AAABfwAAAcYmH5CKoygWHO02yYAYAED+vAAAAQEICp1m\/pOdZv6TR0VUIC9sZXZlbC8zNC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/34\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001281)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":583,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":612658,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADILGdAAEAGD8d\/AAABfwAAAcYoH5DpvhSfS8jZeYAYAED+vAAAAQEICp1m\/pSdZv6UR0VUIC9sZXZlbC8zNS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODIpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/35\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001282)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":584,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":614003,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIgnNAAEAGubp\/AAABfwAAAcYqH5AJ3LqL6hJPloAYAED+vAAAAQEICp1m\/pWdZv6VR0VUIC9sZXZlbC8zNi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/36\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001283)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":585,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":615407,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIj29AAEAGrL5\/AAABfwAAAcYsH5DrNbeX8ap25oAYAED+vAAAAQEICp1m\/pedZv6XR0VUIC9sZXZlbC8zNy9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/37\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001284)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":586,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":616842,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADImrpAAEAGoXN\/AAABfwAAAcYuH5CDY6JF2zT1KYAYAED+vAAAAQEICp1m\/pidZv6YR0VUIC9sZXZlbC8zOC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/38\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001285)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":587,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":618199,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIUbFAAEAG6nx\/AAABfwAAAcYwH5C3PmlUu95eg4AYAED+vAAAAQEICp1m\/pqdZv6aR0VUIC9sZXZlbC8zOS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/39\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001286)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":588,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":619471,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI5L9AAEAGV25\/AAABfwAAAcYyH5D7t9xCdJSM64AYAED+vAAAAQEICp1m\/pudZv6bR0VUIC9sZXZlbC80MC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjg3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/40\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001287)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":589,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":622367,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIjX9AAEAGrq5\/AAABfwAAAcY0H5DiALWBzWdeg4AYAED+vAAAAQEICp1m\/p6dZv6eR0VUIC9sZXZlbC80MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODgpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/41\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001288)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":590,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":624054,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIagJAAEAG0it\/AAABfwAAAcY2H5Bh+1L\/IgWJKIAYAED+vAAAAQEICp1m\/p+dZv6fR0VUIC9sZXZlbC80Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyODkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/42\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001289)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":591,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":625580,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI3axAAEAGXoF\/AAABfwAAAcY4H5AuBeVV4Hsa\/oAYAED+vAAAAQEICp1m\/qGdZv6hR0VUIC9sZXZlbC80My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTApDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/43\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001290)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":592,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":627124,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIYLhAAEAG23V\/AAABfwAAAcY6H5DQG1hJOevWU4AYAED+vAAAAQEICp1m\/qOdZv6iR0VUIC9sZXZlbC80NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTEpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/44\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001291)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":593,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":628648,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADID1ZAAEAGLNh\/AAABfwAAAcY8H5AV\/jesxRnzeoAYAED+vAAAAQEICp1m\/qSdZv6kR0VUIC9sZXZlbC80NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/45\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001292)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":594,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":630023,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI0WBAAEAGas1\/AAABfwAAAcY+H5DCTOmi+t3hCIAYAED+vAAAAQEICp1m\/qWdZv6lR0VUIC9sZXZlbC80Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjkzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/46\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001293)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":595,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":631346,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIlpVAAEAGpZh\/AAABfwAAAcZAH5Cryq5teKvsJoAYAED+vAAAAQEICp1m\/qedZv6nR0VUIC9sZXZlbC80Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTQpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/47\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001294)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":596,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":633228,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIENVAAEAGK1l\/AAABfwAAAcZCH5APvynUeLRgIoAYAED+vAAAAQEICp1m\/qmdZv6oR0VUIC9sZXZlbC80OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/48\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001295)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":597,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":637363,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIJlxAAEAGFdJ\/AAABfwAAAcZEH5CFHB9c3vOX2IAYAED+vAAAAQEICp1m\/q2dZv6tR0VUIC9sZXZlbC80OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/49\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001296)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":598,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":639674,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIZI9AAEAG155\/AAABfwAAAcZGH5DAl12NotXkTIAYAED+vAAAAQEICp1m\/q+dZv6vR0VUIC9sZXZlbC81MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEyOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/50\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001297)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":599,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":642930,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIuMhAAEAGg2V\/AAABfwAAAcZIH5DuPYHFtiFXooAYAED+vAAAAQEICp1m\/rKdZv6yR0VUIC9sZXZlbC81MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/51\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001298)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":600,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":644872,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIp2FAAEAGlMx\/AAABfwAAAcZKH5BZVp5d6Tz88YAYAED+vAAAAQEICp1m\/rSdZv60R0VUIC9sZXZlbC81Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMjk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/52\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001299)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":601,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":646555,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIRMlAAEAG92R\/AAABfwAAAcZMH5Ck2n3FkPG1\/IAYAED+vAAAAQEICp1m\/radZv62R0VUIC9sZXZlbC81My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/53\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001300)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":602,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":648435,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIfG5AAEAGv79\/AAABfwAAAcZOH5Bk90VplsnARIAYAED+vAAAAQEICp1m\/ridZv64R0VUIC9sZXZlbC81NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/54\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001301)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":603,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":650013,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIGk5AAEAGIeB\/AAABfwAAAcZQH5A3JSNJK84\/noAYAED+vAAAAQEICp1m\/rmdZv65R0VUIC9sZXZlbC81NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/55\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001302)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":604,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":657136,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIqGlAAEAGk8R\/AAABfwAAAcZSH5BRNZFiv2NJXIAYAED+vAAAAQEICp1m\/sGdZv7AR0VUIC9sZXZlbC81Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzAzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/56\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001303)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":605,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":658913,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIKidAAEAGEgd\/AAABfwAAAcZUH5DRhBMk1ziDVIAYAED+vAAAAQEICp1m\/sKdZv7CR0VUIC9sZXZlbC81Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDQpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/57\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001304)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":606,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":660624,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI7vpAAEAGTTN\/AAABfwAAAcZWH5Ba4NgASBBLBYAYAED+vAAAAQEICp1m\/sSdZv7ER0VUIC9sZXZlbC81OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/58\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001305)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":607,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":662314,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIlWJAAEAGpst\/AAABfwAAAcZYH5ApQaxoF8oWWYAYAED+vAAAAQEICp1m\/sadZv7GR0VUIC9sZXZlbC81OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/59\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001306)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":608,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":663825,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIGkpAAEAGIeR\/AAABfwAAAcZaH5C0PSNBlakojYAYAED+vAAAAQEICp1m\/sedZv7HR0VUIC9sZXZlbC82MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/60\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001307)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":609,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":667846,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIoR1AAEAGmxB\/AAABfwAAAcZcH5BUypgTdH6XP4AYAED+vAAAAQEICp1m\/sudZv7LR0VUIC9sZXZlbC82MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzA4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/61\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001308)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":610,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":669470,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI7qNAAEAGTYp\/AAABfwAAAcZeH5CzGNepEFgF6YAYAED+vAAAAQEICp1m\/s2dZv7NR0VUIC9sZXZlbC82Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMDkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/62\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001309)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":611,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":670722,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI1RxAAEAGZxF\/AAABfwAAAcZgH5DKr+wUPhtD5IAYAED+vAAAAQEICp1m\/s6dZv7OR0VUIC9sZXZlbC82My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/63\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001310)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":612,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":675320,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI4N9AAEAGW05\/AAABfwAAAcZiH5DpddnYHCFGp4AYAED+vAAAAQEICp1m\/tOdZv7SR0VUIC9sZXZlbC82NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTEpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/64\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001311)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":613,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":677237,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIG8lAAEAGIGV\/AAABfwAAAcZkH5CYBSLNt2luhoAYAED+vAAAAQEICp1m\/tWdZv7VR0VUIC9sZXZlbC82NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/65\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001312)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":614,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":678916,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIttNAAEAGhVp\/AAABfwAAAcZmH5DUdY\/bkd0KuYAYAED+vAAAAQEICp1m\/tadZv7WR0VUIC9sZXZlbC82Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzEzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":614,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/66\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001313)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":615,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":680461,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/OVAAEAGP0h\/AAABfwAAAcZoH5ACKMXwYFGAmIAYAED+vAAAAQEICp1m\/tidZv7YR0VUIC9sZXZlbC82Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/67\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001314)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":616,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":681915,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIw2NAAEAGeMp\/AAABfwAAAcZqH5BLUvpuf7sPloAYAED+vAAAAQEICp1m\/tmdZv7ZR0VUIC9sZXZlbC82OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTUpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":616,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/68\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001315)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":617,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":683450,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIBQVAAEAGNyl\/AAABfwAAAcZsH5CyYjwQgGi0OYAYAED+vAAAAQEICp1m\/tudZv7bR0VUIC9sZXZlbC82OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/69\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001316)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":618,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":685042,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI1dZAAEAGZld\/AAABfwAAAcZuH5B\/K+zaVaEXFIAYAED+vAAAAQEICp1m\/tydZv7cR0VUIC9sZXZlbC83MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTcpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/70\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001317)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":619,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":687751,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIUq1AAEAG6YB\/AAABfwAAAcZwH5AONGunkxG0mYAYAED+vAAAAQEICp1m\/t+dZv7fR0VUIC9sZXZlbC83MS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/71\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001318)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":620,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":689908,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIo8lAAEAGmGR\/AAABfwAAAcZyH5BwuZrK24oufIAYAED+vAAAAQEICp1m\/uGdZv7hR0VUIC9sZXZlbC83Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/72\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001319)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":621,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":691763,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIVsBAAEAG5W1\/AAABfwAAAcZ0H5BhJ2+x3S4KSIAYAED+vAAAAQEICp1m\/uOdZv7jR0VUIC9sZXZlbC83My9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/73\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001320)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":622,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":693490,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIebZAAEAGwnd\/AAABfwAAAcZ2H5BNR0C8mP2KqIAYAED+vAAAAQEICp1m\/uWdZv7lR0VUIC9sZXZlbC83NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/74\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001321)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":623,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":695042,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIMBZAAEAGDBh\/AAABfwAAAcZ4H5ACzwkce7l1k4AYAED+vAAAAQEICp1m\/uadZv7mR0VUIC9sZXZlbC83NS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzIyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/75\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001322)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":624,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":699922,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIwYhAAEAGeqV\/AAABfwAAAcZ6H5CkKPiYt3JQbIAYAED+vAAAAQEICp1m\/uudZv7rR0VUIC9sZXZlbC83Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjMpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/76\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001323)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":625,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":701306,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI\/s1AAEAGPWB\/AAABfwAAAcZ8H5AcB8fbr66aJ4AYAED+vAAAAQEICp1m\/u2dZv7tR0VUIC9sZXZlbC83Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/77\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001324)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":626,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":702537,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIfWpAAEAGvsN\/AAABfwAAAcZ+H5A9kER6aVFtF4AYAED+vAAAAQEICp1m\/u6dZv7uR0VUIC9sZXZlbC83OC9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI1KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/78\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001325)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":627,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":703799,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIZuhAAEAG1UV\/AAABfwAAAcaAH5DHm1\/1JwgzKoAYAED+vAAAAQEICp1m\/u+dZv7vR0VUIC9sZXZlbC83OS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/79\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001326)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":628,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":705407,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIi\/NAAEAGsDp\/AAABfwAAAcaCH5DTprLkQgBQzIAYAED+vAAAAQEICp1m\/vGdZv7xR0VUIC9sZXZlbC84MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/80\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001327)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":629,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":708037,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI5e9AAEAGVj5\/AAABfwAAAcaEH5Dy8dz\/j320kYAYAED+vAAAAQEICp1m\/vOdZv7zR0VUIC9sZXZlbC84MS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMjgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/81\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001328)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":630,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":709960,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIleJAAEAGpkt\/AAABfwAAAcaGH5A96Kz0htu5TYAYAED+vAAAAQEICp1m\/vWdZv71R0VUIC9sZXZlbC84Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzI5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/82\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001329)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":631,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":711848,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIwilAAEAGegR\/AAABfwAAAcaIH5AoWfs0DfPUMYAYAED+vAAAAQEICp1m\/vedZv73R0VUIC9sZXZlbC84My9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":631,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/83\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001330)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":632,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":713606,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIsuZAAEAGiUd\/AAABfwAAAcaKH5B+eYvxDWxq9oAYAED+vAAAAQEICp1m\/vmdZv75R0VUIC9sZXZlbC84NC9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzMxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/84\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001331)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":633,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":715202,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIFWJAAEAGJsx\/AAABfwAAAcaMH5B2cix1DMITXYAYAED+vAAAAQEICp1m\/vudZv77R0VUIC9sZXZlbC84NS9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/85\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001332)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":634,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":716776,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIj0FAAEAGrOx\/AAABfwAAAcaOH5BnL7Yrjj53uYAYAED+vAAAAQEICp1m\/vydZv78R0VUIC9sZXZlbC84Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":634,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/86\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001333)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":635,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":718296,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI9rtAAEAGRXJ\/AAABfwAAAcaQH5Cd5s+tew18QIAYAED+vAAAAQEICp1m\/v6dZv7+R0VUIC9sZXZlbC84Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/87\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001334)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":636,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":719804,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIwR1AAEAGexB\/AAABfwAAAcaSH5DFAfgO5Rn4M4AYAED+vAAAAQEICp1m\/v+dZv7\/R0VUIC9sZXZlbC84OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzUpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":636,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/88\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001335)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":637,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":721292,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIEWBAAEAGKs5\/AAABfwAAAcaUH5BnvihJZne+zoAYAED+vAAAAQEICp1m\/wGdZv8BR0VUIC9sZXZlbC84OS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/89\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001336)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":638,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":723030,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIo9hAAEAGmFV\/AAABfwAAAcaWH5BWPprB7Bx1PYAYAED+vAAAAQEICp1m\/wKdZv8CR0VUIC9sZXZlbC85MC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/90\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001337)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":639,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":725709,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI7YBAAEAGTq1\/AAABfwAAAcaYH5AUj9RqmT7XtIAYAED+vAAAAQEICp1m\/wWdZv8FR0VUIC9sZXZlbC85MS9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzM4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/91\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001338)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":640,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":727031,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIYyZAAEAG2Qd\/AAABfwAAAcaaH5DSD1o0DsX43oAYAED+vAAAAQEICp1m\/wadZv8GR0VUIC9sZXZlbC85Mi9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzMzkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":640,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/92\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001339)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":641,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":729069,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIxzpAAEAGdPN\/AAABfwAAAcacH5ALNv4hgWKnmoAYAED+vAAAAQEICp1m\/widZv8IR0VUIC9sZXZlbC85My9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/93\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001340)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":642,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":730717,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIHv9AAEAGHS9\/AAABfwAAAcaeH5AL7Sfmt4JqA4AYAED+vAAAAQEICp1m\/wqdZv8KR0VUIC9sZXZlbC85NC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDEpDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/94\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001341)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00637{"flow_id":643,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":732327,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIPWZAAEAG\/sd\/AAABfwAAAcagH5BD6AR+QNLU5oAYAED+vAAAAQEICp1m\/wydZv8MR0VUIC9sZXZlbC85NS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/95\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001342)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":644,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":734720,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADISBNAAEAG9Bp\/AAABfwAAAcaiH5A0bnEJpPWxcYAYAED+vAAAAQEICp1m\/w6dZv8OR0VUIC9sZXZlbC85Ni9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQzKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":644,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/96\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001343)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":645,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":736157,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIC2JAAEAGMMx\/AAABfwAAAcakH5C2tzJ7p90VYYAYAED+vAAAAQEICp1m\/xCdZv8PR0VUIC9sZXZlbC85Ny9leGVjLy9zaG93IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/97\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001344)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":646,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":737571,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADIqydAAEAGkQZ\/AAABfwAAAcamH5BRA5JApfKSEYAYAED+vAAAAQEICp1m\/xGdZv8RR0VUIC9sZXZlbC85OC9leGVjLy9zaG93IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzNDUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/98\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001345)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00638{"flow_id":647,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":739161,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"AAAAAAAAAAAAAAAACABFAADI+OxAAEAGQ0F\/AAABfwAAAcaoH5BlRMHxT\/ad\/4AYAED+vAAAAQEICp1m\/xOdZv8SR0VUIC9sZXZlbC85OS9leGVjLy9zaG93IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzQ2KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/level\/99\/exec\/\/show","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001346)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00834{"flow_id":648,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":741202,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"AAAAAAAAAAAAAAAACABFAAFdQfFAAEAG+ad\/AAABfwAAAcaqH5DRIHj1tdpDy4AYAED\/UQAAAQEICp1m\/xWdZv8VR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM4OCkNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00929{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001388)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":649,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":743722,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"AAAAAAAAAAAAAAAACABFAAFGAG5AAEAGO0J\/AAABfwAAAcasH5AOKDl4jiUqhYAYAED\/OgAAAQEICp1m\/xedZv8XR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzg5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00894{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00906{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001389)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00835{"flow_id":650,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":745325,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"AAAAAAAAAAAAAAAACABFAAFddiRAAEAGxXR\/AAABfwAAAcauH5DeiE8\/TEH5WoAYAED\/UQAAAQEICp1m\/xmdZv8ZR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00929{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":651,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":746670,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmjyxAAEAGrGN\/AAABfwAAAcawH5C1dLY3dpi6dIAYAED\/WgAAAQEICp1m\/xqdZv8aR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00853{"flow_id":652,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":747996,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"pkt":"AAAAAAAAAAAAAAAACABFAAFrmeBAAEAGoap\/AAABfwAAAcayH5AmkqDEx1CXDIAYAED\/XwAAAQEICp1m\/xudZv8bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":653,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":749444,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"pkt":"AAAAAAAAAAAAAAAACABFAAFlinpAAEAGsRZ\/AAABfwAAAca0H5BJbLNma4SLi4AYAED\/WQAAAQEICp1m\/x2dZv8dR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":653,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00842{"flow_id":654,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":750871,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjJWNAAEAGFjB\/AAABfwAAAca2H5CBThx9EGPplIAYAED\/VwAAAQEICp1m\/x6dZv8eR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00924{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00842{"flow_id":655,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":752231,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjNwZAAEAGBI1\/AAABfwAAAca4H5DKtQ4b91nN3YAYAED\/VwAAAQEICp1m\/yCdZv8gR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00924{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00838{"flow_id":656,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":753514,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"pkt":"AAAAAAAAAAAAAAAACABFAAFeFwdAAEAGJJF\/AAABfwAAAca6H5C+9y4cicj8j4AYAED\/UgAAAQEICp1m\/yGdZv8hR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkwKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00918{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00930{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":656,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00850{"flow_id":657,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":754790,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnn4NAAEAGnAt\/AAABfwAAAca8H5BO76agHBQLN4AYAED\/WwAAAQEICp1m\/yKdZv8iR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":657,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00853{"flow_id":658,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":756254,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFsUT9AAEAG6kp\/AAABfwAAAca+H5B2qmgj3lZSb4AYAED\/YAAAAQEICp1m\/ySdZv8kR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":658,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":659,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":758753,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmwkJAAEAGeU1\/AAABfwAAAcbAH5DScvtgYIpbaYAYAED\/WgAAAQEICp1m\/yadZv8mR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MCkNCg0K"}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00847{"flow_id":660,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":760404,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFkSaBAAEAG8fF\/AAABfwAAAcbCH5CzknC\/qWQ1toAYAED\/WAAAAQEICp1m\/yidZv8oR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":660,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00847{"flow_id":661,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":762852,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFkl59AAEAGo\/J\/AAABfwAAAcbEH5DhFa6+6BKXhoAYAED\/WAAAAQEICp1m\/yqdZv8qR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTApDQoNCg=="}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001390)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00834{"flow_id":662,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":764614,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"AAAAAAAAAAAAAAAACABFAAFdzxpAAEAGbH5\/AAABfwAAAcbGH5DgufY6a2RlI4AYAED\/UQAAAQEICp1m\/yydZv8sR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00929{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":663,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":766067,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFm3WVAAEAGXip\/AAABfwAAAcbIH5DcNuRDgHH2c4AYAED\/WgAAAQEICp1m\/y2dZv8tR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00853{"flow_id":664,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":767584,"pkt_caplen":377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":377,"pkt_l4_len":343,"pkt":"AAAAAAAAAAAAAAAACABFAAFrfdxAAEAGva5\/AAABfwAAAcbKH5Cyd0T8zDk2q4AYAED\/XwAAAQEICp1m\/y+dZv8vR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":665,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":769107,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"pkt":"AAAAAAAAAAAAAAAACABFAAFl4jZAAEAGWVp\/AAABfwAAAcbMH5Dub9sXJ7s4LIAYAED\/WQAAAQEICp1m\/zGdZv8wR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KDQo="}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00842{"flow_id":666,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":770569,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjvxlAAEAGfHl\/AAABfwAAAcbOH5BOc4Y2FZ1LBYAYAED\/VwAAAQEICp1m\/zKdZv8yR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00924{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00842{"flow_id":667,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":772090,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjEuZAAEAGKK1\/AAABfwAAAcbQH5A1ISvIAGoQJ4AYAED\/VwAAAQEICp1m\/zSdZv8zR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00924{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":667,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00838{"flow_id":668,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":773570,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"pkt":"AAAAAAAAAAAAAAAACABFAAFe9U5AAEAGRkl\/AAABfwAAAcbSH5CRq8xwNBHz4IAYAED\/UgAAAQEICp1m\/zWdZv81R0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00918{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00930{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00850{"flow_id":669,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":776119,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnAwdAAEAGOIh\/AAABfwAAAcbUH5DtkDois29dAoAYAED\/WwAAAQEICp1m\/zidZv83R0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":670,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":777511,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFsiexAAEAGsZ1\/AAABfwAAAcbWH5BYorDPfm\/b94AYAED\/YAAAAQEICp1m\/zmdZv85R0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":671,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":778783,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmIsJAAEAGGM5\/AAABfwAAAcbYH5ANfxvlV0uU+oAYAED\/WgAAAQEICp1m\/zqdZv86R0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":672,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":780054,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFkWxFAAEAG4IB\/AAABfwAAAcbaH5C23mIrVyENVIAYAED\/WAAAAQEICp1m\/zudZv87R0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQoNCg=="}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":672,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":673,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":781353,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFkNVNAAEAGBj9\/AAABfwAAAcbcH5ACfAx1v1NrvIAYAED\/WAAAAQEICp1m\/z2dZv89R0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001391)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":674,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":782816,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"AAAAAAAAAAAAAAAACABFAAFGytRAAEAGcNt\/AAABfwAAAcbeH5B57PP4Y5pS64AYAED\/OgAAAQEICp1m\/z6dZv8+R0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00894{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00906{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00818{"flow_id":675,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":784159,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"pkt":"AAAAAAAAAAAAAAAACABFAAFPyZ9AAEAGcgd\/AAABfwAAAcbgH5CxOPC81O+RlYAYAED\/QwAAAQEICp1m\/0CdZv8\/R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00904{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00916{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":676,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":785435,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"AAAAAAAAAAAAAAAACABFAAFUq9tAAEAGj8Z\/AAABfwAAAcbiH5CAV5MAtOr6\/IAYAED\/SAAAAQEICp1m\/0GdZv9BR0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00910{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":314,"flow_max_l4_data_len":314,"flow_avg_l4_data_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00922{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":677,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":786696,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"pkt":"AAAAAAAAAAAAAAAACABFAAFOulhAAEAGgU9\/AAABfwAAAcbkH5AY64NxSFA9PIAYAED\/QgAAAQEICp1m\/0KdZv9CR0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTY0JTY5JTcyJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00903{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":314,"flow_max_l4_data_len":314,"flow_avg_l4_data_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00915{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00813{"flow_id":678,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":788052,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"AAAAAAAAAAAAAAAACABFAAFMGchAAEAGIeJ\/AAABfwAAAcbmH5Ae1yDiPfgPVIAYAED\/QAAAAQEICp1m\/0OdZv9DR0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTIpDQoNCg=="}
-00901{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00913{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":679,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":790564,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"AAAAAAAAAAAAAAAACABFAAFMIAVAAEAGG6V\/AAABfwAAAcboH5Bd5RklMuM7\/YAYAED\/QAAAAQEICp1m\/0adZv9GR0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2NCU2OSU3MiZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzkyKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00901{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00913{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001392)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00838{"flow_id":680,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":792176,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"AAAAAAAAAAAAAAAACABFAAFfB5NAAEAGNAR\/AAABfwAAAcbqH5CefT66jrIPCIAYAED\/UwAAAQEICp1m\/0idZv9HR0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNjQlNjklNzImaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5MykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00919{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%64%69%72&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001393)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":681,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":794274,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgStAAEAGumR\/AAABfwAAAcbsH5DtZbgCN0MtSoAYAED\/WgAAAQEICp1m\/0qdZv9KR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001394)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":682,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":795943,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmgfFAAEAGuZ5\/AAABfwAAAcbuH5ChILjHXT7L3YAYAED\/WgAAAQEICp1m\/0udZv9LR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NSkNCg0K"}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001395)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00817{"flow_id":683,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":797519,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"pkt":"AAAAAAAAAAAAAAAACABFAAFPlMhAAEAGpt5\/AAABfwAAAcbwH5AHpq3wv20OaIAYAED\/QwAAAQEICp1m\/02dZv9NR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTYpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00903{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00915{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001396)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":684,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":799339,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFm4IpAAEAGWwV\/AAABfwAAAcbyH5CWqtmi9bUd64AYAED\/WgAAAQEICp1m\/0+dZv9PR0VUIC9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":685,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":800729,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"AAAAAAAAAAAAAAAACABFAAFvelxAAEAGwSp\/AAABfwAAAcb0H5AcBENxXyULZYAYAED\/YwAAAQEICp1m\/1CdZv9QR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00948{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00865{"flow_id":686,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":802030,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"AAAAAAAAAAAAAAAACABFAAF0IClAAEAGG1l\/AAABfwAAAcb2H5CLkRkOnTgF7oAYAED\/aAAAAQEICp1m\/1GdZv9RR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KDQo="}
-00942{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00954{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00857{"flow_id":687,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":803303,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AAAAAAAAAAAAAAAACABFAAFudhVAAEAGxXJ\/AAABfwAAAcb4H5C7R086db2J2oAYAED\/YgAAAQEICp1m\/1OdZv9TR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPUZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00935{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00947{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":688,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":804748,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFsoC9AAEAGm1p\/AAABfwAAAcb6H5AztpkH42OkkoAYAED\/YAAAAQEICp1m\/1SdZv9UR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":689,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":807234,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFsAqdAAEAGOON\/AAABfwAAAcb8H5ASjTuPR79V4YAYAED\/YAAAAQEICp1m\/1edZv9XR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00851{"flow_id":690,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":808884,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnxERAAEAGd0p\/AAABfwAAAcb+H5AIB\/1vYBeRA4AYAED\/WwAAAQEICp1m\/1idZv9YR0VUIC9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00863{"flow_id":691,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":810071,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"pkt":"AAAAAAAAAAAAAAAACABFAAFwFdRAAEAGJbJ\/AAABfwAAAccAH5A7eCz\/38X+m4AYAED\/ZAAAAQEICp1m\/1mdZv9ZR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00949{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00866{"flow_id":692,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":811290,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"pkt":"AAAAAAAAAAAAAAAACABFAAF1vbdAAEAGfcl\/AAABfwAAAccCH5DikYSaCicX\/4AYAED\/aQAAAQEICp1m\/1udZv9bR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00943{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00955{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":692,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00857{"flow_id":693,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":812527,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"AAAAAAAAAAAAAAAACABFAAFvwN5AAEAGeqh\/AAABfwAAAccEH5A7SvnykFHzA4AYAED\/YwAAAQEICp1m\/1ydZv9cR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1Gb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5NykNCg0K"}
-00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00948{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":693,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":694,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":813772,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"AAAAAAAAAAAAAAAACABFAAFt2OpAAEAGYp5\/AAABfwAAAccGH5BS6uHGYiCIs4AYAED\/YQAAAQEICp1m\/12dZv9dR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk3KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":695,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":814973,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"AAAAAAAAAAAAAAAACABFAAFt1fZAAEAGZZJ\/AAABfwAAAccIH5Bl1OzaDJYmQ4AYAED\/YQAAAQEICp1m\/16dZv9eR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Rm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=Forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001397)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00846{"flow_id":696,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":816514,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"AAAAAAAAAAAAAAAACABFAAFmyD5AAEAGc1F\/AAABfwAAAccKH5CvpPET10Ucz4AYAED\/WgAAAQEICp1m\/2CdZv9gR0VUIC9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":696,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":697,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":817808,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"AAAAAAAAAAAAAAAACABFAAFvTQNAAEAG7oN\/AAABfwAAAccMH5C7inQwMMPyYoAYAED\/YwAAAQEICp1m\/2GdZv9hR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00948{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":697,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00865{"flow_id":698,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":819020,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"AAAAAAAAAAAAAAAACABFAAF0lOFAAEAGpqB\/AAABfwAAAccOH5D5PK3yk85ZF4AYAED\/aAAAAQEICp1m\/2KdZv9iR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00942{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00954{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":698,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00857{"flow_id":699,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":821407,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AAAAAAAAAAAAAAAACABFAAFu9rlAAEAGRM5\/AAABfwAAAccQH5BepM+ZKyRDwoAYAED\/YgAAAQEICp1m\/2WdZv9lR0VUIC9tb2R1bGVzL2luZGV4LnBocD9uYW1lPWZvcnVtcyZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00935{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00947{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":699,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":700,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":822915,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFs7qZAAEAGTON\/AAABfwAAAccSH5AvkdeM6hywhIAYAED\/YAAAAQEICp1m\/2adZv9mR0VUIC9waHBCQi9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":700,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":701,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":824519,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"AAAAAAAAAAAAAAAACABFAAFsidNAAEAGsbZ\/AAABfwAAAccUH5D2t7Di3ewIxYAYAED\/YAAAAQEICp1m\/2idZv9oR0VUIC9mb3J1bS9pbmRleC5waHA\/bmFtZT1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00945{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":701,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?name=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00850{"flow_id":702,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":827029,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnzSRAAEAGbmp\/AAABfwAAAccWH5CSlfQTmmOJAIAYAED\/WwAAAQEICp1m\/2qdZv9qR0VUIC9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-00927{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00862{"flow_id":703,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":828463,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"pkt":"AAAAAAAAAAAAAAAACABFAAFwciZAAEAGyV9\/AAABfwAAAccYH5BC50sWR3m1Q4AYAED\/ZAAAAQEICp1m\/2ydZv9sR0VUIC9wb3N0bnVrZS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk4KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00949{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00866{"flow_id":704,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":829858,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"pkt":"AAAAAAAAAAAAAAAACABFAAF14pZAAEAGWOp\/AAABfwAAAccaH5CUOtum6t33\/4AYAED\/aQAAAQEICp1m\/22dZv9tR0VUIC9wb3N0bnVrZS9odG1sL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00943{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00955{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":705,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":831363,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"AAAAAAAAAAAAAAAACABFAAFvhNlAAEAGtq1\/AAABfwAAAcccH5Ac\/r3nTujavoAYAED\/YwAAAQEICp1m\/2+dZv9vR0VUIC9tb2R1bGVzL2luZGV4LnBocD9OaWt0bz1mb3J1bXMmZmlsZT12aWV3dG9waWMmdD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMTM5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00936{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00948{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":706,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":832867,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"AAAAAAAAAAAAAAAACABFAAFtWm5AAEAG4Rp\/AAABfwAAAcceH5BY22NfXgseaYAYAED\/YQAAAQEICp1m\/3CdZv9wR0VUIC9waHBCQi9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":707,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":834322,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"AAAAAAAAAAAAAAAACABFAAFtY1BAAEAG2Dh\/AAABfwAAAccgH5CMmFp9naENboAYAED\/YQAAAQEICp1m\/3KdZv9yR0VUIC9mb3J1bS9pbmRleC5waHA\/TmlrdG89Zm9ydW1zJmZpbGU9dmlld3RvcGljJnQ9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTgpDQoNCg=="}
-00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00946{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/index.php?Nikto=forums&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001398)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00818{"flow_id":708,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":836024,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"pkt":"AAAAAAAAAAAAAAAACABFAAFPP1dAAEAG\/E9\/AAABfwAAAcciH5AaoQZne4dTBYAYAED\/QwAAAQEICp1m\/3OdZv9zR0VUIC92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00903{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":324,"flow_max_l4_data_len":324,"flow_avg_l4_data_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00915{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00829{"flow_id":709,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":838595,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"AAAAAAAAAAAAAAAACABFAAFY3j1AAEAGXWB\/AAABfwAAAcckH5DNwecJcN6f0YAYAED\/TAAAAQEICp1m\/3adZv92R0VUIC9wb3N0bnVrZS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00913{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":324,"flow_max_l4_data_len":324,"flow_avg_l4_data_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00834{"flow_id":710,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":840187,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"AAAAAAAAAAAAAAAACABFAAFdmNpAAEAGor5\/AAABfwAAAccmH5CDpKHt6Uk16IAYAED\/UQAAAQEICp1m\/3idZv93R0VUIC9wb3N0bnVrZS9odG1sL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00919{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/postnuke\/html\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00826{"flow_id":711,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":841854,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"pkt":"AAAAAAAAAAAAAAAACABFAAFXf1lAAEAGvEV\/AAABfwAAAccoH5A3NUZkeJaOS4AYAED\/SwAAAQEICp1m\/3mdZv95R0VUIC9tb2R1bGVzL3ZpZXd0b3BpYy5waHA\/dD0yJnJ1c2g9JTZjJTczJTIwJTJkJTYxJTZjJmhpZ2hsaWdodD0lMjUyNy4lNzAlNjElNzMlNzMlNzQlNjglNzIlNzUlMjglMjQlNDglNTQlNTQlNTAlNWYlNDclNDUlNTQlNWYlNTYlNDElNTIlNTMlNWIlNzIlNzUlNzMlNjglNWQlMjkuJTI1MjcgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00912{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00924{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/modules\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00825{"flow_id":712,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":843157,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"pkt":"AAAAAAAAAAAAAAAACABFAAFV4EBAAEAGW2B\/AAABfwAAAccqH5AAS9kLhsuzOIAYAED\/SQAAAQEICp1m\/3udZv96R0VUIC9waHBCQi92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDEzOTkpDQoNCg=="}
-00910{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00922{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpBB\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00826{"flow_id":713,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":844434,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"pkt":"AAAAAAAAAAAAAAAACABFAAFVVuFAAEAG5L9\/AAABfwAAAccsH5DRJG\/rOSfatoAYAED\/SQAAAQEICp1m\/3ydZv98R0VUIC9mb3J1bS92aWV3dG9waWMucGhwP3Q9MiZydXNoPSU2YyU3MyUyMCUyZCU2MSU2YyZoaWdobGlnaHQ9JTI1MjcuJTcwJTYxJTczJTczJTc0JTY4JTcyJTc1JTI4JTI0JTQ4JTU0JTU0JTUwJTVmJTQ3JTQ1JTU0JTVmJTU2JTQxJTUyJTUzJTViJTcyJTc1JTczJTY4JTVkJTI5LiUyNTI3IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxMzk5KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00910{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00922{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/viewtopic.php?t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001399)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00850{"flow_id":714,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":845762,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"AAAAAAAAAAAAAAAACABFAAFouhJAAEAGgXt\/AAABfwAAAccuH5A6xYMmaghNdoAYAED\/XAAAAQEICp1m\/32dZv99R0VUIC9pbmRleC5waHA\/bmFtZT1QTnBocEJCMiZmaWxlPXZpZXd0b3BpYyZ0PTImcnVzaD0lNmMlNzMlMjAlMmQlNjElNmMmaGlnaGxpZ2h0PSUyNTI3LiU3MCU2MSU3MyU3MyU3NCU2OCU3MiU3NSUyOCUyNCU0OCU1NCU1NCU1MCU1ZiU0NyU0NSU1NCU1ZiU1NiU0MSU1MiU1MyU1YiU3MiU3NSU3MyU2OCU1ZCUyOS4lMjUyNyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAxNDAwKQ0KDQo="}
-00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/index.php?name=PNphpBB2&file=viewtopic&t=2&rush=%6c%73%20%2d%61%6c&highlight=%2527.%70%61%73%73%74%68%72%75%28%24%48%54%54%50%5f%47%45%54%5f%56%41%52%53%5b%72%75%73%68%5d%29.%2527","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001400)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":715,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":847697,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"AAAAAAAAAAAAAAAACABFAADFXW9AAEAG3sF\/AAABfwAAAccwH5A6PWRZjzFeOIAYAED+uQAAAQEICp1m\/3+dZv9\/R0VUIC9tc2FkYy9tc2FkY3MuZGxsIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDE0NzQpDQoNCg=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":715,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/msadcs.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:001474)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":716,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":849121,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBYllAAEAG2dt\/AAABfwAAAccyH5AM9ltiiZJuH4AYAED+tQAAAQEICp1m\/4GdZv+AR0VUIC91cGxvYWRlci5waHAgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAxOCkNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_tot_l4_data_len":272,"flow_min_l4_data_len":272,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":272,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/uploader.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003018)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00758{"flow_id":717,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":850533,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"AAAAAAAAAAAAAAAACABFAAEkktVAAEAGqPx\/AAABfwAAAcc0H5D516vm6SxeZoAYAED\/GAAAAQEICp1m\/4KdZv+CR0VUIC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
-00860{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_tot_l4_data_len":272,"flow_min_l4_data_len":272,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":272,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00872{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":717,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00767{"flow_id":718,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":851815,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"AAAAAAAAAAAAAAAACABFAAEqh81AAEAGs\/5\/AAABfwAAAcc2H5Bgvr79vMi8roAYAED\/HgAAAQEICp1m\/4OdZv+DR0VUIC9mb3J1bS9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCg0K"}
-00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00879{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00769{"flow_id":719,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":854220,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AAAAAAAAAAAAAAAACABFAAErhnRAAEAGtVZ\/AAABfwAAAcc4H5AJP79Gqf4KlIAYAED\/HwAAAQEICp1m\/4adZv+GR0VUIC9mb3J1bXMvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
-00868{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00880{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":719,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forums\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00770{"flow_id":720,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":855800,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AAAAAAAAAAAAAAAACABFAAErbT9AAEAGzot\/AAABfwAAAcc6H5Be6VQGyl7\/vYAYAED\/HwAAAQEICp1m\/4edZv+HR0VUIC9mb3J1bXovY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwMzkpDQoNCg=="}
-00868{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":280,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00880{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/forumz\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00769{"flow_id":721,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":857543,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAAAAAAAAAAAAAAACABFAAEsZgtAAEAG1b5\/AAABfwAAAcc8H5AWK18ypPoEwIAYAED\/IAAAAQEICp1m\/4mdZv+JR0VUIC9odGZvcnVtL2NhbGVuZGFyLnBocD9jYWxiaXJ0aGRheXM9MSZhY3Rpb249Z2V0ZGF5JmRheT0yMDAxLTgtMTUmY29tbWE9JTIyO2VjaG8lMjAnJzslMjBlY2hvJTIwJTYwaWQlMjAlNjA7ZGllKCk7ZWNobyUyMiBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00869{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":280,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00881{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/htforum\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00766{"flow_id":722,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":858942,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"AAAAAAAAAAAAAAAACABFAAEqtcxAAEAGhf9\/AAABfwAAAcc+H5DIWozz4BLqQYAYAED\/HgAAAQEICp1m\/4qdZv+KR0VUIC9ib2FyZC9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzAzOSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00879{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/board\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00773{"flow_id":723,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":860292,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"pkt":"AAAAAAAAAAAAAAAACABFAAEumzdAAEAGoJB\/AAABfwAAAcdAH5B97qINvJ0VaoAYAED\/IgAAAQEICp1m\/4ydZv+MR0VUIC9jb21tdW5pdHkvY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDM5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00871{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_tot_l4_data_len":275,"flow_min_l4_data_len":275,"flow_max_l4_data_len":275,"flow_avg_l4_data_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00883{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/community\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003039)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00762{"flow_id":724,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":861788,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"pkt":"AAAAAAAAAAAAAAAACABFAAEntyFAAEAGhK1\/AAABfwAAAcdCH5DLAI4n0VAE+IAYAED\/GwAAAQEICp1m\/42dZv+NR0VUIC92Yi9jYWxlbmRhci5waHA\/Y2FsYmlydGhkYXlzPTEmYWN0aW9uPWdldGRheSZkYXk9MjAwMS04LTE1JmNvbW1hPSUyMjtlY2hvJTIwJyc7JTIwZWNobyUyMCU2MGlkJTIwJTYwO2RpZSgpO2VjaG8lMjIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00864{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_tot_l4_data_len":275,"flow_min_l4_data_len":275,"flow_max_l4_data_len":275,"flow_avg_l4_data_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00876{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00773{"flow_id":725,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":863229,"pkt_caplen":316,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":316,"pkt_l4_len":282,"pkt":"AAAAAAAAAAAAAAAACABFAAEuCCBAAEAGM6h\/AAABfwAAAcdEH5ADaDEo9nQ1BIAYAED\/IgAAAQEICp1m\/4+dZv+PR0VUIC92YnVsbGV0aW4vY2FsZW5kYXIucGhwP2NhbGJpcnRoZGF5cz0xJmFjdGlvbj1nZXRkYXkmZGF5PTIwMDEtOC0xNSZjb21tYT0lMjI7ZWNobyUyMCcnOyUyMGVjaG8lMjAlNjBpZCUyMCU2MDtkaWUoKTtlY2hvJTIyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMwNDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00871{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00883{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003040)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00636{"flow_id":726,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":864886,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"AAAAAAAAAAAAAAAACABFAADJt5hAAEAGhJR\/AAABfwAAAcdGH5CwLY6th0R7wIAYAED+vQAAAQEICp1m\/5CdZv+QR0VUIC9fdnRpX2Jpbi9mcGNvdW50LmV4ZSBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMDg5KQ0KDQo="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/fpcount.exe","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003089)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":727,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":866289,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHtYVAAEAGhql\/AAABfwAAAcdIH5CyuYy6IN3YVoAYAED+uwAAAQEICp1m\/5KdZv+SR0VUIC9zaXRlL2VnL3NvdXJjZS5hc3AgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxMjYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":727,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/site\/eg\/source.asp","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003126)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00672{"flow_id":728,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":867839,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"AAAAAAAAAAAAAAAACABFAADlWiBAAEAG4fB\/AAABfwAAAcdKH5CvgWMmQVkzqIAYAED+2QAAAQEICp1m\/5OdZv+TR0VUIC9jZXJ0c3J2Ly4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":728,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003190)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00688{"flow_id":729,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":870377,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"AAAAAAAAAAAAAAAACABFAADwKqRAAEAGEWJ\/AAABfwAAAcdMH5CrChOaUJIGgIAYAED+5AAAAQEICp1m\/5adZv+WR0VUIC9jZ2ktYmluLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":729,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003191)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_id":730,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":871883,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"AAAAAAAAAAAAAAAACABFAADnEqJAAEAGKW1\/AAABfwAAAcdOH5CE7yudGG3JzIAYAED+2wAAAQEICp1m\/5edZv+XR0VUIC9paXNhZG1wd2QvLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMTkyKQ0KDQo="}
-00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003192)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00684{"flow_id":731,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":873400,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"AAAAAAAAAAAAAAAACABFAADuNNpAAEAGBy5\/AAABfwAAAcdQH5AuMg3l88MKY4AYAED+4gAAAQEICp1m\/5mdZv+ZR0VUIC9tc2FkYy8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5MykNCg0K"}
-00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":221,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003193)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00688{"flow_id":732,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":874650,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"pkt":"AAAAAAAAAAAAAAAACABFAADxWrBAAEAG4VR\/AAABfwAAAcdSH5DZZWOTGgkmxYAYAED+5QAAAQEICp1m\/5qdZv+aR0VUIC9wYnNlcnZlci8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":221,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003194)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":733,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":875910,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"AAAAAAAAAAAAAAAACABFAADs1jZAAEAGZdN\/AAABfwAAAcdUH5CUA+8Kq3ejjIAYAED+4AAAAQEICp1m\/5udZv+bR0VUIC9ycGMvLi4lYzAlYWYuLi8uLiVjMCVhZi4uL3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTUpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00822{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003195)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00672{"flow_id":734,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":877240,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"AAAAAAAAAAAAAAAACABFAADl6fRAAEAGUhx\/AAABfwAAAcdWH5B7VdDQBDmQE4AYAED+2QAAAQEICp1m\/52dZv+dR0VUIC9zY3JpcHRzLy4uJWMwJWFmLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003196)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00673{"flow_id":735,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":878518,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"AAAAAAAAAAAAAAAACABFAADltn1AAEAGhZN\/AAABfwAAAcdYH5Dqro9H\/GjzZIAYAED+2QAAAQEICp1m\/56dZv+eR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMxOTcpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003197)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00680{"flow_id":736,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":880746,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"AAAAAAAAAAAAAAAACABFAADqdQ5AAEAGxv1\/AAABfwAAAcdaH5DlNEwz0kNZnYAYAED+3gAAAQEICp1m\/6CdZv+gR0VUIC9zY3JpcHRzLy4uJWMxJTFjLi4vd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIrYzpcIiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\"","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003198)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00704{"flow_id":737,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":882061,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"pkt":"AAAAAAAAAAAAAAAACABFAAD8MthAAEAGCSJ\/AAABfwAAAcdcH5B7UwvpG4XAvoAYAED+8AAAAQEICp1m\/6GdZv+hR0VUIC9fdnRpX2Jpbi8uLiVjMCVhZi4uLy4uJWMwJWFmLi4vLi4lYzAlYWYuLi93aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzE5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003199)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00660{"flow_id":738,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":883407,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"AAAAAAAAAAAAAAAACABFAADcUThAAEAG6uF\/AAABfwAAAcdeH5DOhWgJaQI1xYAYAED+0AAAAQEICp1m\/6OdZv+jR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9Y2F0JTIwL2V0Yy9wYXNzd2QgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTYpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003216)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":739,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":885905,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"AAAAAAAAAAAAAAAACABFAADVkAVAAEAGrBt\/AAABfwAAAcdgH5ANV6k94mK\/lYAYAED+yQAAAQEICp1m\/6WdZv+lR0VUIC9hZG1pbi9zeXN0ZW0ucGhwMz9jbWQ9ZGlyJTIwYzpcXCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzIxNykNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":198,"flow_max_l4_data_len":198,"flow_avg_l4_data_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/system.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003217)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_id":740,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":887533,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"pkt":"AAAAAAAAAAAAAAAACABFAADawa5AAEAGem1\/AAABfwAAAcdiH5DPxPiU5alglIAYAED+zgAAAQEICp1m\/6edZv+nR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWNhdCUyMC9ldGMvcGFzc3dkIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjE4KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":198,"flow_max_l4_data_len":198,"flow_avg_l4_data_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003218)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00649{"flow_id":741,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":889299,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"AAAAAAAAAAAAAAAACABFAADTtGFAAEAGh8F\/AAABfwAAAcdkH5BoGo0gUvgPHYAYAED+xwAAAQEICp1m\/6mdZv+pR0VUIC9hZG1pbi9leGVjLnBocDM\/Y21kPWRpciUyMGM6XFwgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyMTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/admin\/exec.php3?cmd=dir%20c:\\\\","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003219)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00632{"flow_id":742,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":890802,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAAAAAAAAAAAAAAACABFAADHrzRAAEAGjPp\/AAABfwAAAcdmH5C4mZZz5s98MYAYAED+uwAAAQEICp1m\/6qdZv+qR0VUIC9pc2FwaS90c3Rpc2FwaS5kbGwgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI2MykNCg0K"}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/isapi\/tstisapi.dll","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003263)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":743,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":892206,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"pkt":"AAAAAAAAAAAAAAAACABFAADhOMJAAEAGA1N\/AAABfwAAAcdoH5DDTQGCjXG7iYAYAED+1QAAAQEICp1m\/6ydZv+sR0VUIC9jZXJ0c3J2Ly4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5NCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/certsrv\/..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003294)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00690{"flow_id":744,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":893798,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"pkt":"AAAAAAAAAAAAAAAACABFAADvSZpAAEAG8mx\/AAABfwAAAcdqH5B\/BnDaXNCp24AYAED+4wAAAQEICp1m\/62dZv+tR0VUIC9jZ2ktYmluLy4uJTI1NWMuLiUyNTVjLi4lMjU1Y3dpbm50L3N5c3RlbTMyL2NtZC5leGU\/L2MrZGlyIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk1KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00811{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00823{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/cgi-bin\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003295)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00681{"flow_id":745,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":895273,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"AAAAAAAAAAAAAAAACABFAADqfTRAAEAGvtd\/AAABfwAAAcdsH5BhnER0\/MAlIYAYAED+3gAAAQEICp1m\/6+dZv+vR0VUIC9paXNhZG1wd2QvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMjk2KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_tot_l4_data_len":224,"flow_min_l4_data_len":224,"flow_max_l4_data_len":224,"flow_avg_l4_data_len":224,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00818{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/iisadmpwd\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003296)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00693{"flow_id":746,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":896577,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"AAAAAAAAAAAAAAAACABFAAD0gMpAAEAGuzd\/AAABfwAAAcduH5Bs5rmLXk\/vk4AYAED+6AAAAQEICp1m\/7CdZv+wR0VUIC9tc2FkYy8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMyOTcpDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_tot_l4_data_len":224,"flow_min_l4_data_len":224,"flow_max_l4_data_len":224,"flow_avg_l4_data_len":224,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":746,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003297)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00688{"flow_id":747,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":898005,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"AAAAAAAAAAAAAAAACABFAADwDYtAAEAGLnt\/AAABfwAAAcdwH5DXOjTMIaH3HYAYAED+5AAAAQEICp1m\/7GdZv+xR0VUIC9wYnNlcnZlci8uLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":747,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pbserver\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003298)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00672{"flow_id":748,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":899282,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"AAAAAAAAAAAAAAAACABFAADkYvBAAEAG2SF\/AAABfwAAAcdyH5AooFut2XrcJYAYAED+2AAAAQEICp1m\/7OdZv+zR0VUIC9ycGMvLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzI5OSkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/rpc\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003299)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_id":749,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":901529,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AAAAAAAAAAAAAAAACABFAADogDVAAEAGu9h\/AAABfwAAAcd0H5COI7lxOfsaCoAYAED+3AAAAQEICp1m\/7WdZv+1R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYytkaXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDApDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":749,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003300)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00676{"flow_id":750,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":902699,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AAAAAAAAAAAAAAAACABFAADos7FAAEAGiFx\/AAABfwAAAcd2H5DBqortDeq7IYAYAED+3AAAAQEICp1m\/7adZv+2R0VUIC9zY3JpcHRzLy4uJTI1NWMuLiUyNTVjd2lubnQvc3lzdGVtMzIvY21kLmV4ZT8vYyt2ZXIgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDMzMDEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+ver","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003301)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00717{"flow_id":751,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":903919,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"AAAAAAAAAAAAAAAACABFAAEFC5dAAEAGMFp\/AAABfwAAAcd4H5DWdjLSA\/QqXoAYAED++QAAAQEICp1m\/7edZv+3R0VUIC9fdnRpX2Jpbi8uLiUyNTVjLi4lMjU1Yy4uJTI1NWMuLiUyNTVjLi4lMjU1Yy4uJTI1NWN3aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2RpciBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzMwMikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":751,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003302)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_id":752,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":905862,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"AAAAAAAAAAAAAAAACABFAADdGS5AAEAGIut\/AAABfwAAAcd6H5B05SBpiRPNwoAYAED+0QAAAQEICp1m\/7mdZv+5R0VUIC9hbnMucGw\/cD0uLi8uLi8uLi8uLi8uLi91c3IvYmluL2lkfCZibGFoIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcwKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":752,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003370)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":753,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":907178,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"pkt":"AAAAAAAAAAAAAAAACABFAADhaxBAAEAG0QR\/AAABfwAAAcd8H5CT4lJLpEBlJ4AYAED+1QAAAQEICp1m\/7udZv+7R0VUIC9hbnMvYW5zLnBsP3A9Li4vLi4vLi4vLi4vLi4vdXNyL2Jpbi9pZHwmYmxhaCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDAzMzcxKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00813{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/ans\/ans.pl?p=..\/..\/..\/..\/..\/usr\/bin\/id|&blah","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003371)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00722{"flow_id":754,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":908547,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AAAAAAAAAAAAAAAACABFAAEIG05AAEAGIKB\/AAABfwAAAcd+H5BZWCIKm5\/s0oAYAED+\/AAAAQEICp1m\/7ydZv+8R0VUIC9yZXBvcnRzL3J3c2VydmxldD9zZXJ2ZXI9cmVwc2VydityZXBvcnQ9L3RtcC9oYWNrZXIucmRmK2Rlc3R5cGU9Y2FjaGUrZGVzZm9ybWF0PVBERiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwMzQzNykNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/reports\/rwservlet?server=repserv+report=\/tmp\/hacker.rdf+destype=cache+desformat=PDF","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:003437)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":755,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":909737,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"AAAAAAAAAAAAAAAACABFAAC9phtAAEAGlh1\/AAABfwAAAceAH5B1J59d+HsAr4AYAED+sQAAAQEICp1m\/72dZv+9R0VUIC9vcGVuLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ4KQ0KDQo="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/open.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006448)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00624{"flow_id":756,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":910929,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADA+2VAAEAGQNB\/AAABfwAAAceCH5AHKcInz6YgT4AYAED+tAAAAQEICp1m\/76dZv++R0VUIC9meDI5aWQxLnR4dCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2NDQ5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id1.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006449)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":757,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":912210,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAC6pAAEAGMIx\/AAABfwAAAceEH5BX8jLvG2MI1oAYAED+tAAAAQEICp1m\/8CdZv\/AR0VUIC9meDI5aWQyLnR4dCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjQ1MCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/fx29id2.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006450)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00614{"flow_id":758,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":913754,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"AAAAAAAAAAAAAAAACABFAAC4Ym1AAEAG2dB\/AAABfwAAAceGH5BoAlsuZzuA64AYAED+rAAAAQEICp1m\/8GdZv\/BR0VUIC8\/LXMgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY1MjMpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006523)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":759,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":917133,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"AAAAAAAAAAAAAAAACABFAADBkMVAAEAGq29\/AAABfwAAAceIH5D4rqmFil0FBYAYAED+tQAAAQEICp1m\/8WdZv\/ER0VUIC9sb2dpbi5waHA\/LXMgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjUyNCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0K"}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":759,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.php?-s","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006524)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00674{"flow_id":760,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":919034,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"AAAAAAAAAAAAAAAACABFAADk1ppAAEAGZXd\/AAABfwAAAceKH5AeVe\/gFGxiPoAYAED+2AAAAQEICp1m\/8adZv\/GR0VUIC8zcmRwYXJ0eS9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":760,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_id":761,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":920668,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAAAAAAAAAAAAAAACABFAADbRbxAAEAG9l5\/AAABfwAAAceMH5CzBHzzJnp1p4AYAED+zwAAAQEICp1m\/8idZv\/IR0VUIC9waHBNeUFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":761,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpMyAdmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00673{"flow_id":762,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":922324,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"AAAAAAAAAAAAAAAACABFAADkm4xAAEAGoIV\/AAABfwAAAceOH5AOOaLD4MTa7oAYAED+2AAAAQEICp1m\/8qdZv\/KR0VUIC8zcmRwYXJ0eS9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":762,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/3rdparty\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00661{"flow_id":763,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":923745,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAAAAAAAAAAAAAAACABFAADb3d5AAEAGXjx\/AAABfwAAAceQH5AJweSWVSMF84AYAED+zwAAAQEICp1m\/8udZv\/LR0VUIC9waHBteWFkbWluL3NlcnZlcl9zeW5jLnBocD9jPXBocGluZm8oKSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNjYwOCkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkhvc3Q6IDEyNy4wLjAuMQ0KDQo="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":763,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmyadmin\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":764,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":925213,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"AAAAAAAAAAAAAAAACABFAADU+B5AAEAGRAN\/AAABfwAAAceSH5DHT8FWYmCfAYAYAED+yAAAAQEICp1m\/82dZv\/NR0VUIC9wbWEvc2VydmVyX3N5bmMucGhwP2M9cGhwaW5mbygpIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY2MDgpDQoNCg=="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":764,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/pma\/server_sync.php?c=phpinfo()","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006608)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":765,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":926727,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"AAAAAAAAAAAAAAAACABFAAC8cdVAAEAGymR\/AAABfwAAAceUH5AbWUib+wxcy4AYAED+sAAAAQEICp1m\/86dZv\/OR0VUIC9jOTkucGhwIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY3MzkpDQoNCg=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":765,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/c99.php","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006739)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00705{"flow_id":766,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":928118,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"AAAAAAAAAAAAAAAACABFAAD73s9AAEAGXSt\/AAABfwAAAceWH5B+NOeIVrpz2oAYAED+7wAAAQEICp1m\/9CdZv\/PR0VUIC9hd2N1c2VyL2NnaS1iaW4vdmNzP3hzbD0vdmNzL3Zjc19ob21lLnhzbCUyNmNhdCUyMCUyMi9ldGMvcGFzc3dkJTIyJTI2IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk0KQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":766,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/awcuser\/cgi-bin\/vcs?xsl=\/vcs\/vcs_home.xsl%26cat%20%22\/etc\/passwd%22%26","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006994)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00617{"flow_id":767,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":929706,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"AAAAAAAAAAAAAAAACABFAAC7MdtAAEAGCmB\/AAABfwAAAceYH5BhLQiUIFdU+oAYAED+rwAAAQEICp1m\/9GdZv\/RR0VUIC9zY3JpcHQgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDY5OTkpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0K"}
-00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":767,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":768,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":931109,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"AAAAAAAAAAAAAAAACABFAADDfttAAEAGvVd\/AAABfwAAAceaH5AHCUeUa2pQhIAYAED+twAAAQEICp1m\/9OdZv\/SR0VUIC9qZW5raW5zL3NjcmlwdCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KDQo="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/jenkins\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":769,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":933564,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AAAAAAAAAAAAAAAACABFAADCrgRAAEAGji9\/AAABfwAAAcecH5DcgpdKIx+4uoAYAED+tgAAAQEICp1m\/9WdZv\/VR0VUIC9odWRzb24vc2NyaXB0IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA2OTk5KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/hudson\/script","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:006999)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00835{"flow_id":770,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":971570,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"AAAAAAAAAAAAAAAACABFAAFctdFAAEAGhch\/AAABfwAAAcfMH5DMiIyc+KcBsoAYAED\/UAAAAQEICp1m\/\/udZv\/7R0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00851{"flow_id":771,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":972844,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnwDVAAEAGe1l\/AAABfwAAAcfOH5AQvflnbGoufoAYAED\/WwAAAQEICp1m\/\/ydZv\/8R0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00851{"flow_id":772,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":974039,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFncRdAAEAGynd\/AAABfwAAAcfQH5DeNEhBp6LH9oAYAED\/WwAAAQEICp1m\/\/2dZv\/9R0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_id":773,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":975224,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFkoPRAAEAGmp1\/AAABfwAAAcfSH5BFc5mo+BaB54AYAED\/WAAAAQEICp1m\/\/+dZv\/\/R0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00836{"flow_id":774,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":976404,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"AAAAAAAAAAAAAAAACABFAAFfD0hAAEAGLE9\/AAABfwAAAcfUH5ChoTYRo2DY7oAYAED\/UwAAAQEICp1nAACdZwAAR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":774,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00852{"flow_id":775,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":977601,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"pkt":"AAAAAAAAAAAAAAAACABFAAFqZD5AAEAG101\/AAABfwAAAcfWH5DMOF1rGOgpBIAYAED\/XgAAAQEICp1nAAGdZwABR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":775,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00852{"flow_id":776,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":980358,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"pkt":"AAAAAAAAAAAAAAAACABFAAFqHXJAAEAGHhp\/AAABfwAAAcfYH5AZXiQoPHeXDoAYAED\/XgAAAQEICp1nAASdZwAER0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_id":777,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":981999,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFn7phAAEAGTPZ\/AAABfwAAAcfaH5CzPtfCPnznp4AYAED\/WwAAAQEICp1nAAWdZwAFR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00832{"flow_id":778,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":983499,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"AAAAAAAAAAAAAAAACABFAAFcKzdAAEAGEGN\/AAABfwAAAcfcH5CIchJjnARiwIAYAED\/UAAAAQEICp1nAAedZwAHR0VUIC9tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":778,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00836{"flow_id":779,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":984896,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"AAAAAAAAAAAAAAAACABFAAFfNJZAAEAGBwF\/AAABfwAAAcfeH5DptA3NjIJEK4AYAED\/UwAAAQEICp1nAAidZwAIR0VUIC93dS1tb2FkbWluLnBocD9jb2xsZWN0aW9uPXNlY3B1bHNlJmFjdGlvbj1saXN0Um93cyZmaW5kPWFycmF5KCk7cGhwaW5mbygpO2V4aXQ7IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDExKQ0KQ29udGVudC1MZW5ndGg6IDIyDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCm9iamVjdD0xO3N5c3RlbSgnaWQnKTs="}
-00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_id":780,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":986452,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFn4zdAAEAGWFd\/AAABfwAAAcfgH5C+u9puvhX1U4AYAED\/WwAAAQEICp1nAAqdZwAKR0VUIC9waHBtb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00852{"flow_id":781,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":988035,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"pkt":"AAAAAAAAAAAAAAAACABFAAFqP5xAAEAG++9\/AAABfwAAAcfiH5DrbgbETTZEsIAYAED\/XgAAAQEICp1nAAudZwALR0VUIC9waHBtb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwMTEpDQpDb250ZW50LUxlbmd0aDogMjINCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpIb3N0OiAxMjcuMC4wLjENCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/phpmoadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_id":782,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":989553,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFn5zlAAEAGVFV\/AAABfwAAAcfkH5BgZN5vdwnWyoAYAED\/WwAAAQEICp1nAA2dZwANR0VUIC93dS1tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb250ZW50LUxlbmd0aDogMjINCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":782,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00852{"flow_id":783,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":991005,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"pkt":"AAAAAAAAAAAAAAAACABFAAFq2t9AAEAGYKx\/AAABfwAAAcfmH5C2ZOOFxq2Ns4AYAED\/XgAAAQEICp1nAA6dZwAOR0VUIC93dS1tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wu-moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00844{"flow_id":784,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":992579,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"pkt":"AAAAAAAAAAAAAAAACABFAAFk9ANAAEAGR45\/AAABfwAAAcfoH5AH9M1coGd5OYAYAED\/WAAAAQEICp1nABCdZwAQR0VUIC9tb2FkbWluL21vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":784,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00848{"flow_id":785,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":993932,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"AAAAAAAAAAAAAAAACABFAAFnZv1AAEAG1JF\/AAABfwAAAcfqH5D+xV+iBWcClIAYAED\/WwAAAQEICp1nABGdZwARR0VUIC9tb2FkbWluL3d1LW1vYWRtaW4ucGhwP2NvbGxlY3Rpb249c2VjcHVsc2UmYWN0aW9uPWxpc3RSb3dzJmZpbmQ9YXJyYXkoKTtwaHBpbmZvKCk7ZXhpdDsgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzAxMSkNCkNvbnRlbnQtTGVuZ3RoOiAyMg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCg0Kb2JqZWN0PTE7c3lzdGVtKCdpZCcpOw=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_tot_l4_data_len":610,"flow_min_l4_data_len":610,"flow_max_l4_data_len":610,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":785,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/moadmin\/wu-moadmin.php?collection=secpulse&action=listRows&find=array();phpinfo();exit;","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007011)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01207{"flow_id":786,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":997617,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"pkt":"AAAAAAAAAAAAAAAACABFAAJ2Zy1AAEAG01J\/AAABfwAAAcfuH5CyFV5xr3JzcYAYAEAAawAAAQEICp1nABWdZwAVR0VUIC92Yi9hamF4L2FwaS9ob29rL2RlY29kZUFyZ3VtZW50cz9hcmd1bWVudHM9TyUzQTEyJTNBJTIydkJfZEJfUmVzdWx0JTIyJTNBMiUzQSU3QnMlM0E1JTNBJTIyJTAwJTJBJTAwZGIlMjIlM0JPJTNBMTclM0ElMjJ2Ql9EYXRhYmFzZV9NeVNRTCUyMiUzQTElM0ElN0JzJTNBOSUzQSUyMmZ1bmN0aW9ucyUyMiUzQmElM0ExJTNBJTdCcyUzQTExJTNBJTIyZnJlZV9yZXN1bHQlMjIlM0JzJTNBNiUzQSUyMmFzc2VydCUyMiUzQiU3RCU3RHMlM0ExMiUzQSUyMiUwMCUyQSUwMHJlY29yZHNldCUyMiUzQnMlM0EyNSUzQSUyMnN5c3RlbSUyOCUyN2NhdCUyMCUyRmV0YyUyRnBhc3N3ZCUyNyUyOSUyMiUzQiU3RCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzA1OCkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-01094{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_tot_l4_data_len":610,"flow_min_l4_data_len":610,"flow_max_l4_data_len":610,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":617,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":617,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01106{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vb\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01216{"flow_id":787,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420277,"pkt_ts_usec":998921,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"AAAAAAAAAAAAAAAACABFAAJ9M09AAEAGByp\/AAABfwAAAcfwH5BMhgoXl7elMYAYAEAAcgAAAQEICp1nABadZwAWR0VUIC92YnVsbGV0aW4vYWpheC9hcGkvaG9vay9kZWNvZGVBcmd1bWVudHM\/YXJndW1lbnRzPU8lM0ExMiUzQSUyMnZCX2RCX1Jlc3VsdCUyMiUzQTIlM0ElN0JzJTNBNSUzQSUyMiUwMCUyQSUwMGRiJTIyJTNCTyUzQTE3JTNBJTIydkJfRGF0YWJhc2VfTXlTUUwlMjIlM0ExJTNBJTdCcyUzQTklM0ElMjJmdW5jdGlvbnMlMjIlM0JhJTNBMSUzQSU3QnMlM0ExMSUzQSUyMmZyZWVfcmVzdWx0JTIyJTNCcyUzQTYlM0ElMjJhc3NlcnQlMjIlM0IlN0QlN0RzJTNBMTIlM0ElMjIlMDAlMkElMDByZWNvcmRzZXQlMjIlM0JzJTNBMjUlM0ElMjJzeXN0ZW0lMjglMjdjYXQlMjAlMkZldGMlMkZwYXNzd2QlMjclMjklMjIlM0IlN0QgSFRUUC8xLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcwNTgpDQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-01101{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":617,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":617,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01113{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/vbulletin\/ajax\/api\/hook\/decodeArguments?arguments=O%3A12%3A%22vB_dB_Result%22%3A2%3A%7Bs%3A5%3A%22%00%2A%00db%22%3BO%3A17%3A%22vB_Database_MySQL%22%3A1%3A%7Bs%3A9%3A%22functions%22%3Ba%3A1%3A%7Bs%3A11%3A%22free_result%22%3Bs%3A6%3A%22assert%22%3B%7D%7Ds%3A12%3A%22%00%2A%00recordset%22%3Bs%3A25%3A%22system%28%27cat%20%2Fetc%2Fpasswd%27%29%22%3B%7D","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007058)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00782{"flow_id":788,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":203,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"AAAAAAAAAAAAAAAACABFAAE4KORAAEAGEtp\/AAABfwAAAcfyH5Cd7RG\/LUrqEYAYAED\/LAAAAQEICp1nABidZwAYR0VUIC9zaGVsbD9jYXQlMjAvZXRjL3Bhc3N3ZCBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MDg0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat%20\/etc\/passwd","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007084)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00790{"flow_id":789,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":1517,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"AAAAAAAAAAAAAAAACABFAAE9gkdAAEAGuXF\/AAABfwAAAcf0H5CX+bsaLFgA+4AYAED\/MQAAAQEICp1nABmdZwAZR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgyKQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007182)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00794{"flow_id":790,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":2806,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"AAAAAAAAAAAAAAAACABFAAFBkptAAEAGqRl\/AAABfwAAAcf2H5CPbqvGHGavS4AYAED\/NQAAAQEICp1nABqdZwAaR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQyBIVFRQLzEuMQ0KSG9zdDogMTI3LjAuMC4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTgzKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007183)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00791{"flow_id":791,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":4072,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"AAAAAAAAAAAAAAAACABFAAE99rJAAEAGRQZ\/AAABfwAAAcf4H5DOUc\/uMPSpHIAYAED\/MQAAAQEICp1nABudZwAbR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlIEhUVFAvMS4xDQpIb3N0OiAxMjcuMC4wLjENCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODQpDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":791,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007184)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":792,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":5429,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"pkt":"AAAAAAAAAAAAAAAACABFAAFH9c9AAEAGRd9\/AAABfwAAAcf6H5CvysyRaoy75oAYAED\/OwAAAQEICp1nAB2dZwAdR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25SZXF1ZXN0ZXJQb3J0VHlwZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NSkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":792,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationRequesterPortType","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007185)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00791{"flow_id":793,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":6738,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/YadAAEAG2g9\/AAABfwAAAcf8H5A46lj5CJ27noAYAED\/MwAAAQEICp1nAB6dZwAeR0VUIC93bHMtd3NhdC9Db29yZGluYXRvclBvcnRUeXBlMTEgSFRUUC8xLjENCkhvc3Q6IDEyNy4wLjAuMQ0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzE4NikNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/CoordinatorPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007186)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00798{"flow_id":794,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":8126,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"AAAAAAAAAAAAAAAACABFAAFD5CdAAEAGV4t\/AAABfwAAAcf+H5BRed18Cunwm4AYAED\/NwAAAQEICp1nACCdZwAfR0VUIC93bHMtd3NhdC9SZWdpc3RyYXRpb25Qb3J0VHlwZVJQQzExIEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMzkNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MTg3KQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/RegistrationPortTypeRPC11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007187)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00792{"flow_id":795,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":10669,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"AAAAAAAAAAAAAAAACABFAAE\/OK1AAEAGAwp\/AAABfwAAAcgAH5D7EgH2VMq6xIAYAED\/MwAAAQEICp1nACKdZwAiR0VUIC93bHMtd3NhdC9QYXJ0aWNpcGFudFBvcnRUeXBlMTEgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDowMDcxODgpDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpIb3N0OiAxMjcuMC4wLjENCg0KdHJhbnNhY3Rpb25faWQ9MSZvYXV0aF90b2tlbj0nJTNiZWNobyAn"}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":309,"flow_max_l4_data_len":309,"flow_avg_l4_data_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/wls-wsat\/ParticipantPortType11","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007188)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":796,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":12576,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"pkt":"AAAAAAAAAAAAAAAACABFAAFJWQ5AAEAG4p5\/AAABfwAAAcgCH5Cjm2BUk9d3uYAYAED\/PQAAAQEICp1nACSdZwAkR0VUIC9sb2dpbi5jZ2k\/Y2xpPWFhJTIwYWElMjdjYXQlMjAvZXRjL2hvc3RzIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDM5DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMDAgKE5pa3RvLzIuMS42KSAoRXZhc2lvbnM6Tm9uZSkgKFRlc3Q6MDA3MjM0KQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCnRyYW5zYWN0aW9uX2lkPTEmb2F1dGhfdG9rZW49JyUzYmVjaG8gJw=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":309,"flow_max_l4_data_len":309,"flow_avg_l4_data_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_tot_l4_data_len":289,"flow_min_l4_data_len":289,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/login.cgi?cli=aa%20aa%27cat%20\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007234)"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00779{"flow_id":797,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576420278,"pkt_ts_usec":14387,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"AAAAAAAAAAAAAAAACABFAAE1Ck9AAEAGMXJ\/AAABfwAAAcgEH5AitzMTI6HHCIAYAED\/KQAAAQEICp1nACadZwAmR0VUIC9zaGVsbD9jYXQrL2V0Yy9ob3N0cyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAwIChOaWt0by8yLjEuNikgKEV2YXNpb25zOk5vbmUpIChUZXN0OjAwNzIzNSkNCkNvbnRlbnQtTGVuZ3RoOiAzOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IDEyNy4wLjAuMQ0KDQp0cmFuc2FjdGlvbl9pZD0xJm9hdXRoX3Rva2VuPSclM2JlY2hvICc="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_tot_l4_data_len":289,"flow_min_l4_data_len":289,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_tot_l4_data_len":224,"flow_min_l4_data_len":224,"flow_max_l4_data_len":224,"flow_avg_l4_data_len":224,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":212,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":208,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":328,"flow_max_l4_data_len":328,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":342,"flow_max_l4_data_len":342,"flow_avg_l4_data_len":342,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_tot_l4_data_len":610,"flow_min_l4_data_len":610,"flow_max_l4_data_len":610,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":617,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":617,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":309,"flow_max_l4_data_len":309,"flow_avg_l4_data_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_tot_l4_data_len":289,"flow_min_l4_data_len":289,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_tot_l4_data_len":204,"flow_min_l4_data_len":204,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":160,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_tot_l4_data_len":195,"flow_min_l4_data_len":195,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":199,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":189,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":170,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":167,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_tot_l4_data_len":155,"flow_min_l4_data_len":155,"flow_max_l4_data_len":155,"flow_avg_l4_data_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":258,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_tot_l4_data_len":270,"flow_min_l4_data_len":270,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":263,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":260,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":162,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":254,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":252,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":243,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":249,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":250,"flow_max_l4_data_len":250,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":248,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_tot_l4_data_len":244,"flow_min_l4_data_len":244,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":325,"flow_max_l4_data_len":325,"flow_avg_l4_data_len":325,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":168,"flow_max_l4_data_len":168,"flow_avg_l4_data_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":166,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":223,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":194,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_tot_l4_data_len":184,"flow_min_l4_data_len":184,"flow_max_l4_data_len":184,"flow_avg_l4_data_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":186,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_tot_l4_data_len":187,"flow_min_l4_data_len":187,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":235,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":236,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":236,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":172,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":196,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":196,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":169,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":175,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_tot_l4_data_len":227,"flow_min_l4_data_len":227,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":343,"flow_max_l4_data_len":343,"flow_avg_l4_data_len":343,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":337,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":337,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":330,"flow_max_l4_data_len":330,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":336,"flow_max_l4_data_len":336,"flow_avg_l4_data_len":336,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":314,"flow_max_l4_data_len":314,"flow_avg_l4_data_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_tot_l4_data_len":331,"flow_min_l4_data_len":331,"flow_max_l4_data_len":331,"flow_avg_l4_data_len":331,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":338,"flow_max_l4_data_len":338,"flow_avg_l4_data_len":338,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_tot_l4_data_len":352,"flow_min_l4_data_len":352,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":346,"flow_max_l4_data_len":346,"flow_avg_l4_data_len":346,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":348,"flow_max_l4_data_len":348,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_tot_l4_data_len":353,"flow_min_l4_data_len":353,"flow_max_l4_data_len":353,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":347,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":347,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":345,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":315,"flow_max_l4_data_len":315,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":324,"flow_max_l4_data_len":324,"flow_avg_l4_data_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":329,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_tot_l4_data_len":321,"flow_min_l4_data_len":321,"flow_max_l4_data_len":321,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":177,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_tot_l4_data_len":272,"flow_min_l4_data_len":272,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":272,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":279,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":279,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":280,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_tot_l4_data_len":278,"flow_min_l4_data_len":278,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_tot_l4_data_len":275,"flow_min_l4_data_len":275,"flow_max_l4_data_len":275,"flow_avg_l4_data_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":282,"flow_max_l4_data_len":282,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_tot_l4_data_len":211,"flow_min_l4_data_len":211,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":221,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":216,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":232,"flow_max_l4_data_len":232,"flow_avg_l4_data_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":200,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":193,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":193,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":198,"flow_max_l4_data_len":198,"flow_avg_l4_data_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":191,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/shell?cat+\/etc\/hosts","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:007235)"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":745,"flow_packet_id":1,"flow_first_seen":1576420277895,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":746,"flow_packet_id":1,"flow_first_seen":1576420277896,"flow_last_seen":0,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":192,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":747,"flow_packet_id":1,"flow_first_seen":1576420277898,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":748,"flow_packet_id":1,"flow_first_seen":1576420277899,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":749,"flow_packet_id":1,"flow_first_seen":1576420277901,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":750,"flow_packet_id":1,"flow_first_seen":1576420277902,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":751,"flow_packet_id":1,"flow_first_seen":1576420277903,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":752,"flow_packet_id":1,"flow_first_seen":1576420277905,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":753,"flow_packet_id":1,"flow_first_seen":1576420277907,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":754,"flow_packet_id":1,"flow_first_seen":1576420277908,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":755,"flow_packet_id":1,"flow_first_seen":1576420277909,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":756,"flow_packet_id":1,"flow_first_seen":1576420277910,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":757,"flow_packet_id":1,"flow_first_seen":1576420277912,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":758,"flow_packet_id":1,"flow_first_seen":1576420277913,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":759,"flow_packet_id":1,"flow_first_seen":1576420277917,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":760,"flow_packet_id":1,"flow_first_seen":1576420277919,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":761,"flow_packet_id":1,"flow_first_seen":1576420277920,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":762,"flow_packet_id":1,"flow_first_seen":1576420277922,"flow_last_seen":0,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":763,"flow_packet_id":1,"flow_first_seen":1576420277923,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":764,"flow_packet_id":1,"flow_first_seen":1576420277925,"flow_last_seen":0,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":765,"flow_packet_id":1,"flow_first_seen":1576420277926,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":766,"flow_packet_id":1,"flow_first_seen":1576420277928,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":767,"flow_packet_id":1,"flow_first_seen":1576420277929,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":768,"flow_packet_id":1,"flow_first_seen":1576420277931,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":769,"flow_packet_id":1,"flow_first_seen":1576420277933,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":770,"flow_packet_id":1,"flow_first_seen":1576420277971,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":771,"flow_packet_id":1,"flow_first_seen":1576420277972,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":772,"flow_packet_id":1,"flow_first_seen":1576420277974,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":773,"flow_packet_id":1,"flow_first_seen":1576420277975,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":774,"flow_packet_id":1,"flow_first_seen":1576420277976,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":775,"flow_packet_id":1,"flow_first_seen":1576420277977,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":776,"flow_packet_id":1,"flow_first_seen":1576420277980,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":777,"flow_packet_id":1,"flow_first_seen":1576420277981,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":778,"flow_packet_id":1,"flow_first_seen":1576420277983,"flow_last_seen":0,"flow_min_l4_payload_len":296,"flow_max_l4_payload_len":296,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":779,"flow_packet_id":1,"flow_first_seen":1576420277984,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":780,"flow_packet_id":1,"flow_first_seen":1576420277986,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":781,"flow_packet_id":1,"flow_first_seen":1576420277988,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":782,"flow_packet_id":1,"flow_first_seen":1576420277989,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":783,"flow_packet_id":1,"flow_first_seen":1576420277991,"flow_last_seen":0,"flow_min_l4_payload_len":310,"flow_max_l4_payload_len":310,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":784,"flow_packet_id":1,"flow_first_seen":1576420277992,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":785,"flow_packet_id":1,"flow_first_seen":1576420277993,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":786,"flow_packet_id":1,"flow_first_seen":1576420277997,"flow_last_seen":0,"flow_min_l4_payload_len":578,"flow_max_l4_payload_len":578,"flow_tot_l4_payload_len":578,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":787,"flow_packet_id":1,"flow_first_seen":1576420277998,"flow_last_seen":0,"flow_min_l4_payload_len":585,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":585,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":788,"flow_packet_id":1,"flow_first_seen":1576420278000,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":789,"flow_packet_id":1,"flow_first_seen":1576420278001,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":790,"flow_packet_id":1,"flow_first_seen":1576420278002,"flow_last_seen":0,"flow_min_l4_payload_len":269,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":791,"flow_packet_id":1,"flow_first_seen":1576420278004,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":792,"flow_packet_id":1,"flow_first_seen":1576420278005,"flow_last_seen":0,"flow_min_l4_payload_len":275,"flow_max_l4_payload_len":275,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":793,"flow_packet_id":1,"flow_first_seen":1576420278006,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":794,"flow_packet_id":1,"flow_first_seen":1576420278008,"flow_last_seen":0,"flow_min_l4_payload_len":271,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":271,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":795,"flow_packet_id":1,"flow_first_seen":1576420278010,"flow_last_seen":0,"flow_min_l4_payload_len":267,"flow_max_l4_payload_len":267,"flow_tot_l4_payload_len":267,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":796,"flow_packet_id":1,"flow_first_seen":1576420278012,"flow_last_seen":0,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":797,"flow_packet_id":1,"flow_first_seen":1576420278014,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576420276577,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576420276660,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576420276662,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576420276665,"flow_last_seen":0,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576420276666,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576420276667,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576420276668,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1576420276669,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1576420276672,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1576420276673,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1576420276675,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1576420276676,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1576420276677,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1576420276678,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1576420276679,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1576420276680,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1576420276681,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1576420276683,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1576420276685,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1576420276686,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1576420276687,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1576420276689,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1576420276690,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1576420276692,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1576420276694,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1576420276695,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1576420276697,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1576420276699,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1576420276701,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1576420276703,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1576420276704,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1576420276705,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1576420276707,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1576420276708,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1576420276710,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1576420276711,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1576420276713,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1576420276714,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1576420276717,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1576420276718,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1576420276719,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1576420276721,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1576420276722,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1576420276724,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1576420276725,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1576420276727,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1576420276728,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1576420276730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1576420276733,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1576420276734,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1576420276738,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1576420276739,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1576420276741,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1576420276742,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1576420276743,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1576420276744,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1576420276745,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1576420276747,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1576420276749,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1576420276751,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1576420276754,"flow_last_seen":0,"flow_min_l4_payload_len":167,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":167,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1576420276756,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1576420276758,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1576420276760,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1576420276761,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1576420276763,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1576420276764,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1576420276765,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1576420276768,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1576420276770,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1576420276771,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1576420276773,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1576420276774,"flow_last_seen":0,"flow_min_l4_payload_len":157,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1576420276776,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1576420276777,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1576420276779,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1576420276780,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1576420276781,"flow_last_seen":0,"flow_min_l4_payload_len":138,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":138,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1576420276784,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1576420276786,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1576420276787,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1576420276789,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1576420276790,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1576420276792,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1576420276793,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1576420276794,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1576420276796,"flow_last_seen":0,"flow_min_l4_payload_len":135,"flow_max_l4_payload_len":135,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":135,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1576420276797,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1576420276801,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1576420276803,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1576420276804,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1576420276806,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1576420276807,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1576420276809,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1576420276810,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1576420276812,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1576420276813,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1576420276815,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1576420276817,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1576420276819,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1576420276820,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1576420276821,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1576420276823,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1576420276824,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1576420276825,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1576420276827,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1576420276828,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1576420276829,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1576420276832,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1576420276834,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1576420276835,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1576420276837,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1576420276839,"flow_last_seen":0,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1576420276840,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1576420276841,"flow_last_seen":0,"flow_min_l4_payload_len":238,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1576420276842,"flow_last_seen":0,"flow_min_l4_payload_len":231,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1576420276844,"flow_last_seen":0,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1576420276847,"flow_last_seen":0,"flow_min_l4_payload_len":228,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":228,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1576420276856,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1576420276858,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1576420276859,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1576420276860,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1576420276862,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1576420276863,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1576420276864,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1576420276865,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1576420276866,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1576420276869,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1576420276870,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1576420276871,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1576420276872,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1576420276873,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1576420276874,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1576420276876,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1576420276877,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1576420276879,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1576420276881,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1576420276884,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1576420276885,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1576420276886,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1576420276888,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1576420276890,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1576420276891,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1576420276893,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1576420276894,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1576420276896,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1576420276897,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1576420276900,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1576420276901,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1576420276903,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1576420276904,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1576420276905,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1576420276907,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1576420276908,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1576420276910,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1576420276912,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1576420276913,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1576420276916,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1576420276917,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1576420276919,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1576420276920,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1576420276922,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1576420276924,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1576420276925,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1576420276926,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1576420276928,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1576420276929,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1576420276932,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1576420276933,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1576420276934,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1576420276936,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1576420276937,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1576420276938,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1576420276939,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1576420276941,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1576420276943,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1576420276945,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1576420276947,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1576420276949,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1576420276950,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1576420276953,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1576420276955,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1576420276956,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1576420276957,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1576420276959,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1576420276960,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1576420276961,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1576420276964,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1576420276965,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1576420276966,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1576420276968,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1576420276969,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1576420276970,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1576420276972,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1576420276973,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1576420276976,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1576420276977,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1576420276980,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1576420276982,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1576420276983,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1576420276985,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1576420276986,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1576420276987,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1576420276989,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1576420276990,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1576420276992,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1576420276993,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1576420276995,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1576420276996,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1576420276998,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1576420276999,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1576420277000,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1576420277001,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1576420277002,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1576420277004,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1576420277006,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1576420277007,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1576420277010,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1576420277011,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1576420277013,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1576420277014,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1576420277016,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1576420277017,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1576420277019,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1576420277020,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1576420277021,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1576420277023,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1576420277025,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1576420277027,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1576420277028,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1576420277029,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1576420277031,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1576420277032,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1576420277033,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1576420277034,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1576420277036,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1576420277037,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1576420277040,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1576420277041,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1576420277042,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1576420277044,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1576420277045,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1576420277046,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1576420277048,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1576420277049,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1576420277050,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1576420277051,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1576420277054,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1576420277055,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1576420277057,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1576420277058,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1576420277060,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1576420277061,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1576420277063,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50052,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1576420277064,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50054,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1576420277066,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50056,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1576420277067,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50058,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1576420277070,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50060,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1576420277072,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50062,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1576420277074,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50064,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1576420277075,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50066,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1576420277077,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50068,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1576420277078,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50070,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1576420277079,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50072,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1576420277081,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50074,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1576420277083,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50076,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1576420277084,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50078,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1576420277086,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50080,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1576420277087,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50082,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1576420277089,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50084,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1576420277090,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50086,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1576420277091,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50088,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1576420277093,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50090,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1576420277094,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50092,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1576420277096,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50094,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1576420277098,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50096,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1576420277100,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50098,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1576420277106,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50100,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1576420277109,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50102,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1576420277113,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50104,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1576420277115,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50106,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1576420277116,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50108,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1576420277118,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50110,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1576420277119,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50112,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1576420277121,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50114,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1576420277122,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50116,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1576420277123,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50118,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1576420277126,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50120,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1576420277127,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50122,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1576420277128,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50124,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1576420277130,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50126,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1576420277134,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50128,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1576420277136,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50130,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1576420277141,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50132,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1576420277142,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50134,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1576420277144,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50136,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1576420277145,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50138,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1576420277148,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50140,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1576420277153,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50142,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1576420277155,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50144,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1576420277157,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50146,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1576420277159,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50148,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1576420277160,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50150,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1576420277162,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50152,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1576420277164,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50154,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1576420277165,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1576420277166,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50158,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1576420277168,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50160,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1576420277170,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50162,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1576420277171,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50164,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1576420277172,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50166,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1576420277173,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50168,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1576420277175,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50170,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1576420277176,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50172,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1576420277177,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50174,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1576420277179,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50176,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1576420277180,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50178,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1576420277183,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50180,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1576420277184,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50182,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1576420277185,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50184,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1576420277186,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50186,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1576420277187,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50188,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1576420277189,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50190,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1576420277190,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50192,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1576420277193,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50194,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1576420277194,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50196,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1576420277196,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50198,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1576420277198,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1576420277200,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1576420277201,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50204,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1576420277203,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50206,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1576420277204,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50208,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1576420277206,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50210,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1576420277207,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50212,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1576420277209,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50214,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1576420277210,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50216,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1576420277211,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50218,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1576420277213,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50220,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1576420277215,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50222,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1576420277216,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50224,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1576420277217,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50226,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1576420277218,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50228,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1576420277219,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50230,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1576420277221,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50232,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1576420277222,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50234,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1576420277224,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50236,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1576420277225,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50238,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1576420277228,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50240,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1576420277229,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1576420277231,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50244,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1576420277232,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50246,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1576420277233,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50248,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1576420277235,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50250,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1576420277236,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50252,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1576420277237,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50254,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1576420277239,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50256,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1576420277240,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50258,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1576420277242,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50260,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1576420277243,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50262,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1576420277244,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50264,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1576420277246,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50266,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1576420277247,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50268,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1576420277248,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50270,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1576420277249,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50272,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1576420277252,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50274,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1576420277253,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50276,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1576420277255,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50278,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1576420277258,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50280,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1576420277260,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50282,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1576420277261,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50284,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1576420277263,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50286,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1576420277264,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50288,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1576420277266,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50290,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1576420277268,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50292,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1576420277269,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50294,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1576420277270,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50296,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1576420277272,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50298,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1576420277274,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50300,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1576420277276,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50302,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1576420277277,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50304,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1576420277278,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50306,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1576420277279,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50308,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1576420277281,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50310,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1576420277282,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50312,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1576420277283,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50314,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1576420277284,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50316,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1576420277286,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50318,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1576420277288,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50320,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1576420277291,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50322,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1576420277292,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50324,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1576420277293,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50326,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1576420277295,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50328,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1576420277296,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50330,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1576420277298,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50332,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1576420277299,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50334,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1576420277301,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50336,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1576420277302,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50338,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1576420277304,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50340,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1576420277306,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50342,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1576420277307,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50344,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1576420277308,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50346,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1576420277309,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50348,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1576420277310,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50350,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1576420277311,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50352,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1576420277313,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50354,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1576420277314,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50356,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1576420277315,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50358,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1576420277317,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50360,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1576420277319,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50362,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1576420277321,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50364,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1576420277322,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50366,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1576420277324,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50368,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1576420277325,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50370,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1576420277326,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50372,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1576420277328,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50374,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1576420277329,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50376,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1576420277331,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50378,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1576420277333,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50380,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1576420277334,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50382,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1576420277336,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50384,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1576420277337,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50386,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1576420277339,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50388,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1576420277340,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50390,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1576420277342,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50392,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1576420277343,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50394,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1576420277344,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50396,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1576420277345,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50398,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1576420277347,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50400,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1576420277349,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50402,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1576420277350,"flow_last_seen":0,"flow_min_l4_payload_len":142,"flow_max_l4_payload_len":142,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50404,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1576420277352,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50406,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1576420277354,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50408,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1576420277355,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50410,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1576420277357,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50412,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1576420277358,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50414,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1576420277359,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50416,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1576420277361,"flow_last_seen":0,"flow_min_l4_payload_len":130,"flow_max_l4_payload_len":130,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":130,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50418,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1576420277375,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50438,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1576420277378,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50440,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1576420277381,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50442,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1576420277383,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50444,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1576420277386,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50446,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1576420277387,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50448,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1576420277389,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50450,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1576420277391,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50452,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1576420277392,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50454,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1576420277394,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50456,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1576420277395,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50458,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1576420277398,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50460,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1576420277399,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50462,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1576420277401,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50464,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1576420277402,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50466,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1576420277403,"flow_last_seen":0,"flow_min_l4_payload_len":222,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50468,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1576420277405,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50470,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1576420277406,"flow_last_seen":0,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":220,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":220,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50472,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1576420277407,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50474,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1576420277409,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50476,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1576420277410,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50478,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1576420277412,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50480,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1576420277414,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50482,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1576420277416,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50484,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1576420277417,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50486,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1576420277419,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50488,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1576420277420,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50490,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1576420277422,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50492,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1576420277423,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50494,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1576420277425,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50496,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1576420277426,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50498,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1576420277428,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50500,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1576420277429,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50502,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1576420277431,"flow_last_seen":0,"flow_min_l4_payload_len":208,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50504,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1576420277432,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50506,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1576420277433,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50508,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1576420277434,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50510,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1576420277436,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50512,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1576420277437,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50514,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1576420277438,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50516,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1576420277439,"flow_last_seen":0,"flow_min_l4_payload_len":223,"flow_max_l4_payload_len":223,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50518,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1576420277442,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50520,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1576420277443,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50522,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1576420277444,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50524,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1576420277446,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50526,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1576420277448,"flow_last_seen":0,"flow_min_l4_payload_len":211,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":211,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50528,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1576420277449,"flow_last_seen":0,"flow_min_l4_payload_len":215,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50530,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1576420277451,"flow_last_seen":0,"flow_min_l4_payload_len":209,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50532,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1576420277452,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50534,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1576420277454,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50536,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1576420277455,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50538,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1576420277458,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50540,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1576420277459,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50542,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1576420277460,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1576420277462,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50546,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1576420277463,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50548,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1576420277464,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50550,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1576420277465,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50552,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1576420277466,"flow_last_seen":0,"flow_min_l4_payload_len":216,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":216,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50554,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1576420277467,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50556,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1576420277469,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50558,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1576420277471,"flow_last_seen":0,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50560,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1576420277473,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50562,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1576420277474,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50564,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1576420277477,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50566,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1576420277478,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50568,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1576420277480,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50570,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1576420277488,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50572,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1576420277490,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50574,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1576420277491,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50576,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1576420277492,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50578,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1576420277495,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50580,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1576420277496,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50582,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1576420277497,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50584,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1576420277498,"flow_last_seen":0,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":136,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":136,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50586,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1576420277499,"flow_last_seen":0,"flow_min_l4_payload_len":134,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":134,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50588,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1576420277500,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50590,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1576420277501,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50592,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1576420277503,"flow_last_seen":0,"flow_min_l4_payload_len":191,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50594,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1576420277505,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50596,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1576420277506,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50598,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1576420277509,"flow_last_seen":0,"flow_min_l4_payload_len":146,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50600,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1576420277510,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50602,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1576420277512,"flow_last_seen":0,"flow_min_l4_payload_len":156,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":156,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50604,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1576420277513,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50606,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1576420277515,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50608,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1576420277516,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50610,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1576420277518,"flow_last_seen":0,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50612,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1576420277519,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50614,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1576420277520,"flow_last_seen":0,"flow_min_l4_payload_len":152,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":152,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50616,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1576420277522,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50618,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1576420277525,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50620,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1576420277526,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50622,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1576420277527,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50624,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1576420277528,"flow_last_seen":0,"flow_min_l4_payload_len":169,"flow_max_l4_payload_len":169,"flow_tot_l4_payload_len":169,"flow_avg_l4_payload_len":169,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50626,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1576420277534,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50628,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1576420277535,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50630,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1576420277536,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1576420277537,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50634,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1576420277538,"flow_last_seen":0,"flow_min_l4_payload_len":151,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":151,"flow_avg_l4_payload_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50636,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1576420277540,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50638,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1576420277543,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50640,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1576420277544,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50642,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1576420277546,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50644,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1576420277547,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50646,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1576420277549,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50648,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1576420277550,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50650,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1576420277552,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50652,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1576420277553,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50654,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1576420277554,"flow_last_seen":0,"flow_min_l4_payload_len":203,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50656,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1576420277556,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50658,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1576420277558,"flow_last_seen":0,"flow_min_l4_payload_len":204,"flow_max_l4_payload_len":204,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":204,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50660,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1576420277560,"flow_last_seen":0,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50662,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1576420277561,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50664,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1576420277562,"flow_last_seen":0,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":140,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50666,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1576420277564,"flow_last_seen":0,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50668,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1576420277565,"flow_last_seen":0,"flow_min_l4_payload_len":150,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":150,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50670,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1576420277566,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50672,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1576420277567,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50674,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1576420277568,"flow_last_seen":0,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50676,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1576420277570,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50678,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1576420277572,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50680,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1576420277574,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50682,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1576420277575,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1576420277577,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50686,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1576420277578,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50688,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1576420277580,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50690,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1576420277581,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50692,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1576420277583,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50694,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1576420277584,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50696,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1576420277586,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50698,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1576420277588,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50700,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1576420277590,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50702,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1576420277592,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50704,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1576420277593,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50706,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1576420277595,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50708,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1576420277597,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50710,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1576420277598,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50712,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1576420277600,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1576420277602,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50716,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1576420277604,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50718,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1576420277607,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50720,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1576420277608,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50722,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1576420277609,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50724,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1576420277611,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50726,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1576420277612,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50728,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1576420277614,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50730,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1576420277615,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50732,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1576420277616,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50734,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1576420277618,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50736,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1576420277619,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50738,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1576420277622,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50740,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1576420277624,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50742,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1576420277625,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50744,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1576420277627,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50746,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1576420277628,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50748,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1576420277630,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50750,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1576420277631,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50752,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1576420277633,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50754,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1576420277637,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50756,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1576420277639,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50758,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1576420277642,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50760,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1576420277644,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50762,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1576420277646,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50764,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1576420277648,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50766,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1576420277650,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50768,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1576420277657,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50770,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1576420277658,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50772,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1576420277660,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50774,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1576420277662,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50776,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1576420277663,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50778,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1576420277667,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50780,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1576420277669,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50782,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1576420277670,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50784,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1576420277675,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50786,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1576420277677,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50788,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1576420277678,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1576420277680,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50792,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1576420277681,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50794,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1576420277683,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50796,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1576420277685,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50798,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1576420277687,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50800,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1576420277689,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50802,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1576420277691,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50804,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1576420277693,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50806,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1576420277695,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50808,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1576420277699,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50810,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1576420277701,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50812,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1576420277702,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50814,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1576420277703,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50816,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1576420277705,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50818,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1576420277708,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50820,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1576420277709,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50822,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1576420277711,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50824,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1576420277713,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50826,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1576420277715,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50828,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1576420277716,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1576420277718,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50832,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1576420277719,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50834,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1576420277721,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50836,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1576420277723,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50838,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1576420277725,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50840,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1576420277727,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50842,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1576420277729,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50844,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1576420277730,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50846,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1576420277732,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50848,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1576420277734,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50850,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1576420277736,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50852,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1576420277737,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50854,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1576420277739,"flow_last_seen":0,"flow_min_l4_payload_len":148,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":148,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50856,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1576420277741,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50858,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1576420277743,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50860,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1576420277745,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50862,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1576420277746,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50864,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1576420277747,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50866,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1576420277749,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50868,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1576420277750,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50870,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1576420277752,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50872,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1576420277753,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50874,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1576420277754,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50876,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1576420277756,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50878,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1576420277758,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50880,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1576420277760,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50882,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1576420277762,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50884,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":662,"flow_packet_id":1,"flow_first_seen":1576420277764,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50886,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":663,"flow_packet_id":1,"flow_first_seen":1576420277766,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50888,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":664,"flow_packet_id":1,"flow_first_seen":1576420277767,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50890,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":665,"flow_packet_id":1,"flow_first_seen":1576420277769,"flow_last_seen":0,"flow_min_l4_payload_len":305,"flow_max_l4_payload_len":305,"flow_tot_l4_payload_len":305,"flow_avg_l4_payload_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50892,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":666,"flow_packet_id":1,"flow_first_seen":1576420277770,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50894,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":667,"flow_packet_id":1,"flow_first_seen":1576420277772,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50896,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":668,"flow_packet_id":1,"flow_first_seen":1576420277773,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50898,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":669,"flow_packet_id":1,"flow_first_seen":1576420277776,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50900,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":670,"flow_packet_id":1,"flow_first_seen":1576420277777,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50902,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":671,"flow_packet_id":1,"flow_first_seen":1576420277778,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50904,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":672,"flow_packet_id":1,"flow_first_seen":1576420277780,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50906,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":673,"flow_packet_id":1,"flow_first_seen":1576420277781,"flow_last_seen":0,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50908,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":674,"flow_packet_id":1,"flow_first_seen":1576420277782,"flow_last_seen":0,"flow_min_l4_payload_len":274,"flow_max_l4_payload_len":274,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50910,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":675,"flow_packet_id":1,"flow_first_seen":1576420277784,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50912,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":676,"flow_packet_id":1,"flow_first_seen":1576420277785,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50914,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":677,"flow_packet_id":1,"flow_first_seen":1576420277786,"flow_last_seen":0,"flow_min_l4_payload_len":282,"flow_max_l4_payload_len":282,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50916,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":678,"flow_packet_id":1,"flow_first_seen":1576420277788,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50918,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":679,"flow_packet_id":1,"flow_first_seen":1576420277790,"flow_last_seen":0,"flow_min_l4_payload_len":280,"flow_max_l4_payload_len":280,"flow_tot_l4_payload_len":280,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50920,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":680,"flow_packet_id":1,"flow_first_seen":1576420277792,"flow_last_seen":0,"flow_min_l4_payload_len":299,"flow_max_l4_payload_len":299,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50922,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":681,"flow_packet_id":1,"flow_first_seen":1576420277794,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50924,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":682,"flow_packet_id":1,"flow_first_seen":1576420277795,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50926,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":683,"flow_packet_id":1,"flow_first_seen":1576420277797,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50928,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":684,"flow_packet_id":1,"flow_first_seen":1576420277799,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50930,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":685,"flow_packet_id":1,"flow_first_seen":1576420277800,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50932,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":686,"flow_packet_id":1,"flow_first_seen":1576420277802,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50934,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":687,"flow_packet_id":1,"flow_first_seen":1576420277803,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50936,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":688,"flow_packet_id":1,"flow_first_seen":1576420277804,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50938,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":689,"flow_packet_id":1,"flow_first_seen":1576420277807,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50940,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":690,"flow_packet_id":1,"flow_first_seen":1576420277808,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50942,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":691,"flow_packet_id":1,"flow_first_seen":1576420277810,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50944,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":692,"flow_packet_id":1,"flow_first_seen":1576420277811,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50946,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":693,"flow_packet_id":1,"flow_first_seen":1576420277812,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50948,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":694,"flow_packet_id":1,"flow_first_seen":1576420277813,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50950,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":695,"flow_packet_id":1,"flow_first_seen":1576420277814,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50952,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":696,"flow_packet_id":1,"flow_first_seen":1576420277816,"flow_last_seen":0,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50954,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":697,"flow_packet_id":1,"flow_first_seen":1576420277817,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50956,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":698,"flow_packet_id":1,"flow_first_seen":1576420277819,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50958,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":699,"flow_packet_id":1,"flow_first_seen":1576420277821,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50960,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":700,"flow_packet_id":1,"flow_first_seen":1576420277822,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50962,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":701,"flow_packet_id":1,"flow_first_seen":1576420277824,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50964,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":702,"flow_packet_id":1,"flow_first_seen":1576420277827,"flow_last_seen":0,"flow_min_l4_payload_len":307,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50966,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":703,"flow_packet_id":1,"flow_first_seen":1576420277828,"flow_last_seen":0,"flow_min_l4_payload_len":316,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50968,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":704,"flow_packet_id":1,"flow_first_seen":1576420277829,"flow_last_seen":0,"flow_min_l4_payload_len":321,"flow_max_l4_payload_len":321,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50970,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":705,"flow_packet_id":1,"flow_first_seen":1576420277831,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50972,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":706,"flow_packet_id":1,"flow_first_seen":1576420277832,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50974,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":707,"flow_packet_id":1,"flow_first_seen":1576420277834,"flow_last_seen":0,"flow_min_l4_payload_len":313,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50976,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":708,"flow_packet_id":1,"flow_first_seen":1576420277836,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50978,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":709,"flow_packet_id":1,"flow_first_seen":1576420277838,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50980,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":710,"flow_packet_id":1,"flow_first_seen":1576420277840,"flow_last_seen":0,"flow_min_l4_payload_len":297,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50982,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":711,"flow_packet_id":1,"flow_first_seen":1576420277841,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":712,"flow_packet_id":1,"flow_first_seen":1576420277843,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50986,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":713,"flow_packet_id":1,"flow_first_seen":1576420277844,"flow_last_seen":0,"flow_min_l4_payload_len":289,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":289,"flow_avg_l4_payload_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50988,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":714,"flow_packet_id":1,"flow_first_seen":1576420277845,"flow_last_seen":0,"flow_min_l4_payload_len":308,"flow_max_l4_payload_len":308,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50990,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":715,"flow_packet_id":1,"flow_first_seen":1576420277847,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50992,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":716,"flow_packet_id":1,"flow_first_seen":1576420277849,"flow_last_seen":0,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":141,"flow_avg_l4_payload_len":141,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50994,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":717,"flow_packet_id":1,"flow_first_seen":1576420277850,"flow_last_seen":0,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50996,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":718,"flow_packet_id":1,"flow_first_seen":1576420277851,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50998,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":719,"flow_packet_id":1,"flow_first_seen":1576420277854,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51000,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":720,"flow_packet_id":1,"flow_first_seen":1576420277855,"flow_last_seen":0,"flow_min_l4_payload_len":247,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51002,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":721,"flow_packet_id":1,"flow_first_seen":1576420277857,"flow_last_seen":0,"flow_min_l4_payload_len":248,"flow_max_l4_payload_len":248,"flow_tot_l4_payload_len":248,"flow_avg_l4_payload_len":248,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51004,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":722,"flow_packet_id":1,"flow_first_seen":1576420277858,"flow_last_seen":0,"flow_min_l4_payload_len":246,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51006,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":723,"flow_packet_id":1,"flow_first_seen":1576420277860,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51008,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":724,"flow_packet_id":1,"flow_first_seen":1576420277861,"flow_last_seen":0,"flow_min_l4_payload_len":243,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51010,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":725,"flow_packet_id":1,"flow_first_seen":1576420277863,"flow_last_seen":0,"flow_min_l4_payload_len":250,"flow_max_l4_payload_len":250,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51012,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":726,"flow_packet_id":1,"flow_first_seen":1576420277864,"flow_last_seen":0,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51014,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":727,"flow_packet_id":1,"flow_first_seen":1576420277866,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51016,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":728,"flow_packet_id":1,"flow_first_seen":1576420277867,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51018,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":729,"flow_packet_id":1,"flow_first_seen":1576420277870,"flow_last_seen":0,"flow_min_l4_payload_len":188,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":188,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51020,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":730,"flow_packet_id":1,"flow_first_seen":1576420277871,"flow_last_seen":0,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51022,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":731,"flow_packet_id":1,"flow_first_seen":1576420277873,"flow_last_seen":0,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51024,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":732,"flow_packet_id":1,"flow_first_seen":1576420277874,"flow_last_seen":0,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":189,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51026,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":733,"flow_packet_id":1,"flow_first_seen":1576420277875,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51028,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":734,"flow_packet_id":1,"flow_first_seen":1576420277877,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51030,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":735,"flow_packet_id":1,"flow_first_seen":1576420277878,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51032,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":736,"flow_packet_id":1,"flow_first_seen":1576420277880,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51034,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":737,"flow_packet_id":1,"flow_first_seen":1576420277882,"flow_last_seen":0,"flow_min_l4_payload_len":200,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":200,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51036,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":738,"flow_packet_id":1,"flow_first_seen":1576420277883,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51038,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":739,"flow_packet_id":1,"flow_first_seen":1576420277885,"flow_last_seen":0,"flow_min_l4_payload_len":161,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":161,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51040,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":740,"flow_packet_id":1,"flow_first_seen":1576420277887,"flow_last_seen":0,"flow_min_l4_payload_len":166,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51042,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":741,"flow_packet_id":1,"flow_first_seen":1576420277889,"flow_last_seen":0,"flow_min_l4_payload_len":159,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51044,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_packet_id":1,"flow_first_seen":1576420277890,"flow_last_seen":0,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_packet_id":1,"flow_first_seen":1576420277892,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_packet_id":1,"flow_first_seen":1576420277893,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test"}
diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out
index 3bacf9df5..4df3cdfbd 100644
--- a/test/results/WebattackSQLinj.pcap.out
+++ b/test/results/WebattackSQLinj.pcap.out
@@ -1,10 +1,10 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499348407419,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499348407419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":419016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="}
00442{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":419147,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="}
00430{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":420458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04aVAAD4G5DKsEAABwKgKMo1kAFAWk4RKuxMwZYAQAOVIbgAAAQEICgE+Ze0D6Ddg"}
01030{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":420462,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"pkt":"ABm5CmnxAMGxFOsxCABFAAHz4aZAAD4G4nKsEAABwKgKMo1kAFAWk4RKuxMwZYAYAOVgowAAAQEICgE+Ze0D6DdgR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNyZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8NCkNvb2tpZTogc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9NWRmY3VoODVrZzB2dmlkZjhucnNqdGJvYjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_tot_l4_data_len":591,"flow_min_l4_data_len":32,"flow_max_l4_data_len":479,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1499348407419,"flow_last_seen":1499348407420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00430{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":420554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BwVAAEAGvNPAqAoyrBAAAQBQjWS7EzBlFpOGCYAQAOtGqQAAAQEICgPoN2ABPmXt"}
01143{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":424132,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"AMGxFOsxABm5CmnxCABFAAJGBwZAAEAGusDAqAoyrBAAAQBQjWS7EzBlFpOGCYAYAOv\/xgAAAQEICgPoN2EBPmXtSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQwOjA3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUaHUsIDE5IE5vdiAxOTgxIDA4OjUyOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUsIHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTANClByYWdtYTogbm8tY2FjaGUNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDE0MQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KDQofiwgAAAAAAAADLc4xDsIwDIXhq7zNI+pMxQlgQEyMVjAkotiVk1Tk9iTAYOkt3y\/Pq8vhahWRNwErxN0cSdGsOi7nI3LTwu89QpTwRImCF2vlpU8uCOYueTW9ZRT7qVP7OvFNHP1yMsW9Zwf29IjlHx2iZoEKO4gmIkJvLkkF07wbv30Aj46y+KEAAAA="}
00430{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348407,"pkt_ts_usec":424728,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04adAAD4G5DCsEAABwKgKMo1kAFAWk4YJuxMyd4AQAO1EkwAAAQEICgE+Ze4D6Ddh"}
@@ -12,36 +12,36 @@
00431{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425420,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04ahAAD4G5C+sEAABwKgKMo1kAFAWk4YJuxMyd4ARAO0\/sAAAAQEICgE+atAD6Ddh"}
00432{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425455,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BwhAAEAGvNDAqAoyrBAAAQBQjWS7EzJ4FpOGCoAQAOs6zwAAAQEICgPoPEMBPmrQ"}
00432{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348412,"pkt_ts_usec":425928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04alAAD4G5C6sEAABwKgKMo1kAFAWk4YKuxMyeIAQAO06zAAAAQEICgE+atED6DxD"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499348413192,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499348413192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":192475,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/kNAAD4Gx4ysEAABwKgKMo1mAFAV3ZXTAAAAAKACchC4zgAAAgQFtAQCCAoBPmuQAAAAAAEDAwc="}
00443{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":192603,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWbwopjJFd2V1KAScSDvVQAAAgQFtAQCCAoD6D0DAT5rkAEDAwc="}
00432{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":193376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kRAAD4Gx5OsEAABwKgKMo1mAFAV3ZXU8KKYyoAQAOWOXQAAAQEICgE+a5AD6D0D"}
01052{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":193380,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"pkt":"ABm5CmnxAMGxFOsxCABFAAIA\/kVAAD4GxcasEAABwKgKMo1mAFAV3ZXU8KKYyoAYAOVYvwAAAQEICgE+a5AD6D0DR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDElMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPTVkZmN1aDg1a2cwdnZpZGY4bnJzanRib2I1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_tot_l4_data_len":604,"flow_min_l4_data_len":32,"flow_max_l4_data_len":492,"flow_avg_l4_data_len":151,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00817{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1499348413192,"flow_last_seen":1499348413193,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":460,"flow_tot_l4_payload_len":460,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":193473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pclAAEAGHg\/AqAoyrBAAAQBQjWbwopjKFd2XoIAQAOuMiwAAAQEICgPoPQMBPmuQ"}
02926{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":260743,"pkt_caplen":1906,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1906,"pkt_l4_len":1872,"pkt":"AMGxFOsxABm5CmnxCABFAAdkpcpAAEAGFt7AqAoyrBAAAQBQjWbwopjKFd2XoIAYAOt+QgAAAQEICgPoPRQBPmuQSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQwOjEyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQ4OA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1v2zYQ\/pwA\/Q8cCzRtAYt1i25rJqtI7GQxkLZe7DQdMMCgJTpmTIkqSdnxfv2OlGTLiRNHc4Ag5su9PLzjHe\/0Yt\/\/pfOtPfi7d4ImJhaod3l83m0j3CDk6kObkM6gg36cDb6co6b3DvWN4qEh5OQrRnhiTHpIyHw+9+YfPKmuyeCC3FopTctWDBva8XiRiXDwYv\/Fvu\/03MYi0a0NMpqfPn3KWXPyPX\/CaATDvT0\/ZoYiy9JgPzM+a+G2TAxLTGOwSBlGYT5rYcNuDbEi\/kDhhCrNTOtycNr4HSOSy9zzDTeCBd8zkTBFR1xwszhE\/b\/OUTe5YaHhMkGHh6hD4wSVRIKhKzZCR2kqeEgdyevO96ujN2jW9Jrv0NsOmzEh0xgwvPVJrqFQJ3gyRYqJFtZmIZieMGYwMgC7QBtqjdFEsXELex6Bv2g2p3aVxJQnntsm96VxOHMp5x8e02tGYGld0pjOLJnnNpYydKh4aqoQbuiM5qsYaRWuAbnR7rcHCrwbjQOf5JSFi0jhIzseyWiBQkG1da+MGc59F\/EZ4lELWyfBiZgq3FvZskIq63s+j6\/vIXGH1ETIa+mlyTVGVIDHtzhqdW7ACuruqbZGHoLjsor2e3vDlEYRi\/IDAUEmynPa3WMhw6k1jeBIJiGonrbwnCeRnHuw5XC0DvKTeAe4ZAUGuuYuDwdnYDafULCy4MH+UwTyBMIsc\/dWe+kkfUT+XVIcdCsr9dRCZGXpFn1LGhz07RARdMFgEXWOK8pIJoIdDDqrBDKH6zFSmWHkEVSbGXBwbH\/RqVRhTQ\/cFchuWVgHgKPHQVvGMU2iVRraDUWo1bgOCkcPKPoXp7spHnPifU4hVFscOLOIbbklT+LHwSmH4O7aFb2zbbJUSBrVsU7BUcC4dLMd\/UNTA09ULRcVLC5uWZgphtpHvUH77Gg3KPqn4BUcmgm4gDbbbcHj+CC2q2\/n7kiGI3jkajmnwnUHDXp9bJff7IZqzuh0yGtBKllwcAUj1Gfa3lrU7dRMs3fl3mo9rAUkZ8DBj34fapZvX3Y0hRWn6upXpf4LNs6v1jOg0HVR6BJF30i1DmHHJ8jFIpSRW5\/DFRkObP0I9yJfqmcO4OfJWG5RV6HCQe+sB1ExlvUU0ZHMzBY1SxocHNnh85nVFnpb1a+IcHDuxncAFBXbWu33cCFoS9hVIQgti90tdNu9aiHoT5qPthFQGzdzUXl5XBE1W9arw1BGbEgVo0W1PJYqRtQJaOGXGEHnM5EA78+TQVF++mlxqEvNFKSUw6JkTtKsWtVDKc\/\/hXHzI0YJjWHEAfd9Wp2NYm5Kmn4xm1GRraaFYpIGeQtBLMocb6pYABhQ8wDZ6qXZar70Rwqq7lOutHFSDxGNYp7ky\/1MVdeI5XeNxNIn\/uR98AVC1F1YFdPClu8dWeFRuD+rm1BpJYsYYzT2QhkvQ06xGWdzTT52eu++Nnu\/\/XriuT4TGaquoUfE8HzQZIqD\/y1qees2otMgkyXenE95yiJOXb9rZwRuzJCXN2YznicyP44AZIyZUtnEi6EpNFlC81P9FI2lhEYIfZhxHWpDTjPyoHlqS9qKLYXOmWkTy2TKFl7CoC22EhpOxLpsEi\/sfIO+Rtlcb0b9jDq2e9veIDmnOnXeggTHbm2Sci7rbvf3k9i3WnUkR6NFw9g8o52THrTNPcqq7CKP5iFa9sgumPP\/ZbJ8ILkWOS8UjKplJtmUgfVCGxYP7au17LSrmWqUGWONVuSm7xCH6IyJdPk6pDLN0mFJJpN2\/r6sPm8cAsVl+ho9UFfYyB5OQKK19WeAZCvLV2Xkt4ScH6A3OEBbUfVlBm3k8+LSTuY2ZNaWVPBreDwEG0Pm9lkc2IfCJV2fwKyaje1uWYSgc\/sVq6ABiSsKqB66nX6xE3Ftr0lU+vBBd46lNGsfddJgl69q6abnu\/psEPtA5x8a3SfA4D8qFDbP4xQAAA=="}
00432{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348413,"pkt_ts_usec":261482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kZAAD4Gx5GsEAABwKgKMo1mAFAV3Zeg8KKf+oAQAQGFIwAAAQEICgE+a6ED6D0U"}
00432{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pcxAAEAGHgzAqAoyrBAAAQBQjWbwop\/6Fd2XoIARAOuAVQAAAQEICgPoQfcBPmuh"}
00432{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/kdAAD4Gx5CsEAABwKgKMo1mAFAV3Zeg8KKf+4ARAQF7WwAAAQEICgE+cIQD6EH3"}
00433{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348418,"pkt_ts_usec":262971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pc1AAEAGHgvAqAoyrBAAAQBQjWbwop\/7Fd2XoYAQAOt7cQAAAQEICgPoQfcBPnCE"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499348422024,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499348422024,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":24349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A7ZAAD4GwhqsEAABwKgKMo1oAFD9gXeGAAAAAKACchDm1AAAAgQFtAQCCAoBPnQwAAAAAAEDAwc="}
00443{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":24463,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWik93fQ\/YF3h6AScSCBYAAAAgQFtAQCCAoD6EWjAT50MAEDAwc="}
00430{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":25263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7dAAD4GwiGsEAABwKgKMo1oAFD9gXeHpPd30YAQAOUgaAAAAQEICgE+dDAD6EWj"}
01150{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":25267,"pkt_caplen":603,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":603,"pkt_l4_len":569,"pkt":"ABm5CmnxAMGxFOsxCABFAAJNA7hAAD4GwAesEAABwKgKMo1oAFD9gXeHpPd30YAYAOVReQAAAQEICgE+dDAD6EWjR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K2RhdGFiYXNlJTI4JTI5JTJDK3VzZXIlMjglMjklMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvP2lkPTElMjcrYW5kKzElM0QxJTIzJlN1Ym1pdD1TdWJtaXQNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9NWRmY3VoODVrZzB2dmlkZjhucnNqdGJvYjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_tot_l4_data_len":681,"flow_min_l4_data_len":32,"flow_max_l4_data_len":569,"flow_avg_l4_data_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00859{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1499348422024,"flow_last_seen":1499348422025,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":25335,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnJAAEAGkWbAqAoyrBAAAQBQjWik93fR\/YF5oIAQAOseSQAAAQEICgPoRaMBPnQw"}
02968{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":57811,"pkt_caplen":1947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1947,"pkt_l4_len":1913,"pkt":"AMGxFOsxABm5CmnxCABFAAeNMnNAAEAGigzAqAoyrBAAAQBQjWik93fR\/YF5oIAYAOt+awAAAQEICgPoRasBPnQwSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQwOjIxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUyOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWP9P4zYU\/xmk+x88nzTgtMbXO922Y2k2aGEgcXcdLcdNmlS5iduaOnHOdlq6v37PTtIGKJSsSIj6y\/vysd8Xv5dXu\/4PnS\/t\/t\/dEzQxsUDdq+OL8zbCDUKu37cJ6fQ76NtZ\/9MFanpvUc8oHhpCTj5jhCfGpIeEzOdzb\/7ek2pM+pfk1kppWrZi2NCOx4tMhINXu692fafnNhaJbq2R0fz48WPOmpPv+BNGIxju7PgxMxRZlgb7nvFZC7dlYlhiGv1FyjAK81kLG3ZriBXxGwonVGlmWlf908avGJFc5o5vuBEs+JqJhCk65IKbxSHq\/XWBzpMbFhouE3R4iDo0TlBJJBi6ZkN0lKaCh9SR7He+Xh8doFnTa75FbzpsxoRMY8Dwxie5hkKd4MkUKSZaWJuFYHrCmMHIAOwCbag1RhPFRi3seQT+otmc2lUSU554bps8lMbhzKWcf3hMx4zA0l1JIzqzZJ7bWMrQoeKpqUK4oTOar2KkVXgHyI12v11Q4N1oHPgkpyxMRAob2fFQRgsUCqqteWXMcG67iM8Qj1rYGglOxFRh3sqWFVJZ3\/F5PH6AxB1SEyHH0kuTMUZUgMU3GGp1bsAK6h6otpc8AMNlFe0P9gYpjSIW5QcCgkyU57S7x0KGU3s1giOZhKB62sJznkRy7sGWw9Hay0\/i7eGSFRjoHXN5ODiDa\/MJhVsWPNh9jkCeQJhlzm+1l07SJ+TfJ8XBeWWlnlqIrCzdoG9Jg4OeHSKCLhksos5xRRnJRLDFhc4qgczBPYYqM4w8gWo9Aw6O7S86lSqsaYH7AtktC+sAcPQ4aMs4pkm0SkPboQi1GtVB4egBRe\/ydDvFI06831MI1RYHzixiG7zkWfw4OOUQ3Od2RW99N1kqJI3q3E7BUcC4crMt7UNTA09ULRMVLC5uWZgphtpH3X777Gg7KPq74BUcmglwQJvtNuBxfBDb1bdzeySDITxytYxT4bqHBu0f2+WD7VDNGZ0OeC1IJQsOrmGEekxbr0XnnZpp9r7cW60HtYDkDDj41utBzfLl05ZXYcWpuvpVqf+SjXLXegEUui4KXaLoGanuQtjyCXKxCGXkxudwRYYDWz+CX+RL9a4D+HkykhvUVahw0D3rQlSMZD1FdCgzs0HNkgYHR3b4ctdqC72N6ldEOLhw43sAiortTu33eCFoS9hVIQgti90tdNu9aiHoT5pPthFQGzdzUXl5XBE1W9arg1BGbEAVo0W1PJIqRtQJaOHXGEHnM5EA78+TflF++mlxqCvNFKSUw6JkTtKsWtVDKc\/\/hXHzA0YJjWHEAfdDWp0NY25Kml4xm1GRraaFYpIGeQtBLMocb6pYABhQcw\/Z6qXZaqIssbkuf0ZQRA0dUs32D35CGQDeP3jtDxVU5adcaeO0HiIaxTzJl3uZqq4RK\/9llNgm4p4OJaX5w\/qdmEhtcmWuq1k6iD95F3yCfOGiR8W0MOw7R1a4Fzjzyi0rfW0R8IzGXijjZfwrNuNsrsmHTvft52b3l59PPNf0IkPVGBpWDG8ZTaY4+N+iliGwFp0GmSzx5nzKUxZx6ppvOyPgvgNeuu96PM9kfhoByBgxpbKJF0OHarKE5qf6LhpLCY0QmkLj2uWGnGbk0eupLWkjthTaeKZNLJMpW3gJgx7dSmg4EXdlk3hh52v0NcpOfz3qF9Sx2drWg+Sc6tRZC7Itu7UZ05nsfLO9n8W+8VaHcjhcNIxNetoZ6dG7eUBZlV0k9TxEy4bdRXX+v8zcj2T6IgGHglG1TGvrngO90IbFA\/uELtv+atocZsbYSysS5VeIQ3TGRLp8qlKZZumgJJNJO3\/sVt9aDoHiKt1HjxQ5NrIHE5Bo7\/p3gGTL3B\/LyG8JOd9DBzhAG1H1ZAY97cvi0k7mJmT2LqngY3jJBBvBM+KzOLCvlsu+PoFZNfXb3bIiQhf2k1pBAxJXFFDKnHd6xU7EtXWTqLTho+YcQaa\/84UpDbb5xJeuqyWqzwax1UL+1dN9jwz+A9Lm5NZwFQAA"}
00431{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348422,"pkt_ts_usec":58624,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7lAAD4Gwh+sEAABwKgKMo1oAFD9gXmgpPd\/KoAQAQIWyAAAAQEICgE+dDkD6EWr"}
00431{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":62967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnVAAEAGkWPAqAoyrBAAAQBQjWik938q\/YF5oIARAOsR+gAAAQEICgPoSo8BPnQ5"}
00432{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":63609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A7pAAD4Gwh6sEAABwKgKMo1oAFD9gXmgpPd\/K4ARAQIM\/wAAAQEICgE+eRwD6EqP"}
00432{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348427,"pkt_ts_usec":63652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnZAAEAGkWLAqAoyrBAAAQBQjWik938r\/YF5oYAQAOsNFgAAAQEICgPoSo8BPnkc"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499348433464,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499348433464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":464668,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WwtAAD4GasWsEAABwKgKMo1qAFDC1CRXAAAAAKACchBpgwAAAgQFtAQCCAoBPn9cAAAAAAEDAwc="}
00444{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":464810,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWqDJLV7wtQkWKAScSDdCgAAAgQFtAQCCAoD6FDPAT5\/XAEDAwc="}
00431{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":465554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WwxAAD4GasysEAABwKgKMo1qAFDC1CRYgyS1fIAQAOV8EgAAAQEICgE+f1wD6FDP"}
01235{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":465558,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"pkt":"ABm5CmnxAMGxFOsxCABFAAKMWw1AAD4GaHOsEAABwKgKMo1qAFDC1CRYgyS1fIAYAOXSywAAAQEICgE+f1wD6FDPR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K251bGwlMkMrdGFibGVfbmFtZStmcm9tK2luZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMlMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvP2lkPTElMjcrYW5kKzElM0QxK3VuaW9uK3NlbGVjdCtkYXRhYmFzZSUyOCUyOSUyQyt1c2VyJTI4JTI5JTIzJlN1Ym1pdD1TdWJtaXQNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9NWRmY3VoODVrZzB2dmlkZjhucnNqdGJvYjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00869{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_tot_l4_data_len":744,"flow_min_l4_data_len":32,"flow_max_l4_data_len":632,"flow_avg_l4_data_len":186,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00880{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1499348433464,"flow_last_seen":1499348433465,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":465657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05bNAAEAG3iTAqAoyrBAAAQBQjWqDJLV8wtQmsIAQAOx5swAAAQEICgPoUM8BPn9c"}
06048{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":546081,"pkt_caplen":4215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4215,"pkt_l4_len":4181,"pkt":"AMGxFOsxABm5CmnxCABFABBp5bRAAEAGze7AqAoyrBAAAQBQjWqDJLV8wtQmsIAYAOyHRwAAAQEICgPoUOMBPn9cSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQwOjMzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMzc5Nw0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAPNnXtv47gRwP\/eBfY7qOqi+0BjbXq4tpvaPji2kwjnJD4\/kruigEBLtM2NJOpIyk7u03dIybH82myaRYeLYKMHHz8NyZkhh1LevK7\/qXPdHv3W7zpzlcROf3za89uOe+R5tz+0Pa8z6ji\/Xowue85x7ZMzVIKFyvO6V67jzpXKTjxvuVzWlj\/UuJh5o4F3r0s51tnKwyNp8tQiFbnNN6\/fvK6beu6TOJWNPWUcf\/78uchaJH9Vn1MSweGrV\/WEKuLoLEf095wtGm6bp4qm6mj0kFHXCYuzhqvovfJ0Ef9ywjkRkqrGeHR29E\/X8YoyX9UVUzFt3uRxSgWZsJiphxNn+EvP8dMvNFSMp87JidMhSeqsEsXUuaUTp5VlMQuJSfK+c3Pb+uAsjmvHn5yPHbqgMc8SYPhY94oayupilt45gsYNV6qHmMo5pcp1FGCXtKGUrjMXdNpwazUPfqLFkuirXkJYWjO3vd3SGDzzqpz\/sITMqAeXNkuakoVOVjM3HsuQoWCZqiJ8IQtSXHUdKcINkC\/S\/O5DBbUv0m3WvSJl2URe2Ub6eMKjByeMidTNyxPqFm0XsYXDooarGwmeiIqyeSu3dCGV66\/qLJntkJiHlF7MZ7yWpTPXITG0+BMNtX5uYIXqdqrWQg6g4fJK7Tv3goxEEY2KB4IEebx6Tn33NObhnRZNzByehlD1XcNdsjTiyxrcMhyNd8WT1N65q6yQgWw0V81tXoDY6h4BKces+fpbCmQpDLPc9FtZy+bZV8rfTuo2\/cqV51ULIyvPnqjvMY3bHOpDx3MGFC46ndNKZV4eN18g0EVlIDPoHhORK+p9hWp\/Brd5qn87Z1yEz2yB7QLpPQ2fA2DSu802TxKSRms19DKKUIrpcyhMeqAYDs5eVvGUebWfMhiqDQY584g+0Uu+Kb\/bPGMwuH19Rb5YNnkWcxI9RzpljhJjbM5e2D4kU2CintVEZRYzbmmYC+q0W\/1R+6L1MhT5e8wqHJLG0AG1tnuCx+SDsV21nS8nCSZg5J7VOJVcWzTO+1N9+cPLqJaU3AXsWUirLG7zFo6cIZW61zp+55lqdrvceymDZ4EUGdzmr8Mh+CzXly8UhS5OPLd+sap\/QKdF1\/oOFPK5FHJFMVRcbCK80ASZsQhu5JPmcJ3MbWr\/EfpFcel54oD8LJ3yJ6qrpHKb\/Ys+jIopf15FZMJz9UQ1j2ncZksffj+xakfvyerXidxmzxxvAZQe24bvd9gR1C7s2hGEKYu+W9at71Udwfr8+KvTCPCNj4uiCve4UtTi0V8NQh7RgAhKSm95ykXiEFNAw\/2z68DMZ84B77w7Kt3PelY+1FhSASrlpHSZ0yyvevXgyrM\/4Pj4R9dJSQJHDLh308p8kjC1SjMszxYkztenZcVe1iymEJ6mLHgzQZvA4By\/c7T3ctw4dvJU67rCjDhpHsd\/dZR5Vl2FMxU8cXTPFIlp7kCGc5qQmkki\/1yfCHDZz5iQyiCdOCRKWFpcHuaies3Tlf8fCLYqB4M7aLVH3UEw7I6GaBTXvV5r5F9f4RMEGxIJWv1+z2+3Tv2eP\/oNEW58iSobqD7oD\/wbv9c976KBdK\/O\/SvE6m+6V3hj5Axkj1b5ee\/6tNULhqPWaIwNcdMa+K1TRGH83P0tKMfEeNg672JxXPdH\/qX\/b9BUI9BYaBh90JeXXVCYaA0CBCMf1Xz0e2NQTXjVD67b3eGw5w9HiAigofyrcyyAQfesOwAF7YOKaENXgDHhI6rrwfV4hGmshu2L7mVr1MKt3wKnYQgDQ\/t1uLZrRYFuvLQYQE34bTSCEerzF7X3wV7iItigowoQ\/CE6Gvjn54j+w3gIPhS+GG787i1a5f7V1XXnNOhdt3\/GZhgNfkUmGP42DDpgPFHnXCXL2UirijMfzbGqyOTGH4zGrR4ySfuyj98mp13wdYNOtwcznw6+QIJBd9hFc\/4rHH1Qpf5Vp4s9hIHlsntphVigt9jRT07HZ2fa0rXOu0FvMLbA1AS3LR\/P\/1nZmy7028IX8q\/Ori3Qs2YAoVseTYLrrFdAzvxur4MNsqHgrNAtlSFtg5Y7a417I5hqX\/dvrwfY6g6IioYyndgWmHarfYENsx7ZqBPhkuayCxNAvPWIqpK5HnT98yu9uo+NU\/gvlmiX6+si9oMtFN1GyMHQ3d5iAUkxljEbaJZTqSac32EB5JIKiVV5yOM8SWWQCbbAYogmWDXTdMZSvftHKjSEBU3RKp\/maYg27qjefBUHMZ+hISgWBXrjd65ohAUxp3EWhETRGRcPqBB39GHJBa4gBI1JsW0PEULxjKGNC5amPJoELI3ofSAVUWi2oSQpSkQlSQFjwlJQFYVcsDiyOJ\/h7XjMBEfrlbpuXC8BCO4ZxWUAT21BBaq\/UCCgjUQZkwUNEiIVyIGZveyYINpcPASFXsBmAdt5hy4UvsR0qIp0qENUsYQGf\/CUogMEMSVZIGnIUzSfag2jz\/EplCCpZJgO3j6WQL+DgTn9x6qbhCHPUzy\/Tg+NQL8QTdKQolGYKbjUHu4MlFeYC4E4Jd+EmTOpEKeFe2HAwKRoFmaTSOZJQoBo8hCUXVkfmjSoCu8g5Rw8R8sR1VxQElkOqZWmzYizmE9IbBuhook5tEbFrYCsUXNbQJaouhWV\/epuD2nEYGBY1Ncs18Z7MDPBZ4IkVrLZaS32gNpoMbYxLbQaZpJUvAhvi93YQLLDcuxDssF2bHBZbj0OsVqnpA+BWqgKD6Fapwz3glqoDpeEWeM\/Fyx2KMANFhs0XwFkucrbgbRO1+0QrhbrbOOyUPnuMFqndTcJbVK3UwYloS8MG4pKA1oiF4uGo1FYIYFMmARoHSShibZ3tpqZXTx7DMwum00qfJfOHuW9xWaT2tYfCI+IIoH5wCAaRa7oPb714BP9CcJ99hUz3JxRYfKCZAIdC8fbSgQVZkTQqLoSht5owLT6aHlA9AfMzXavdMpmuUDdmLoPTAsut0pUBZHu4yHnImIpgQmhnYDFdi0b2KB\/pTRcHdrV1Sps9vS2meB5FoAdnJQtah0VHtBSm158PSqLb20\/+sNlPwqIUoibV0soS2AUdBcSgoJEZgBxgI+CuanYYBR\/GMP4AbggpeOGC4Hrm0lQIlRZoEYKDqvWYHaZsFdh1k5NqW7xQeaYr0g8UhRLCvgcmHt8i6LmUFmMN46LohjfF1DQ77nlkszwtqcfhDN3cLGMO2cZmBlVaH3JrMQtiGAmPf4wtwglS0gQ6G8ZQD9B+56BgQjBSuu3u8vvC+CyGAbUF7MMR0Qlm6V6ykqVYukMVyr0PuNCBYomWUwUnmkwMFOy4IIpvFVRDYG8lcIwpGTBZib7nEUMbxuFgcmiaaD\/Bhxu3xA0RNxsUyLgfpXAQEiyoJGkREBe3BYpyjMrvDaAoCv2orycQe1TZIEIEt5hqw3toBUL2egYZk0Wt0lQP+9k4v3lvMEGBu0iF3t70EbsARzUoOw2U\/E2mUU0RXw20I5iGlrTk9ZgmI1XfiZnkk+nq3CUgTOlWAaFum4Ag2xjmw9ybwKc9ZYMowUmulchToX2EtkkJb0OZZeUVkTIUjIzaIVt2sqdYZV9fuWbCrgNtsZaj33LwFa7+2zCWndyC6kUVyRG3GYoWIjn1ssAMoR3QaxH2TpsjbpEUCQPSK44IIWi8IuQl19LqPW3DJlUiA1X4hTx\/YAvqFgwukSmETTK04ikqhATYqy94NkOO1mBY03f2cYJlkzNSzfbBrQSaAp1rFhDgq4A8hQMbITewYvtX9i7z6SMkfdSrufNJCXxg2T4JGW\/pUJwIQMuQPeIFDNGtk1mzYja4hJ5qreK6a3zwecf4UJGhY6XMLx5\/jai5EIhrklv4+iIZ6ks0ZAeZIC7Qm4mPMgLw1UGCxaGD+CgfxzSnoXhPTR2LAwfBsNsPP2dZkR\/wyyNhTGR4HhUFhPIYobdXAfILKCS1cUzW3hWi1NW8FjTXPdvbQhublJYYMUOAqGqwl0qXEu2l8cOW\/Y1NNwmtDLQeRALNdT5SIW\/jgYodsVdDZBlkdcDTHZJyoro6wEmdEnZEYG9f2tpDLYKZlkUtopmVRz2EcyySOw2F2os9v6t\/tNQVMqY4b3xBxCy\/ND09iLoasqLt9pehatMvuGSVIJNcsyosWE7FNrCVKMl0xSEBdKikf7jhIgtaFkg+xHIlmDtFpB1ErIrYLsJZ1mACeBw46QAYE18ssJiXYRyl82iLmR\/lHIXEjlOuQtkQaTy\/q0NkcJNCitWWW2MFu5SYa+yWhsx\/BoabhPaG7Y7yGYFl02huwqRJcG7FdGBRnvz+lXdi9gCDvTh\/G\/NSy6o468rrHtwUd\/LY\/3rVT1mzTpx5oJOG+5cqezE85bLZU3SMNdv8pOkFvLEK08fBNVbbaX3Y6f\/6eq4\/4+\/d2tzlcQuPKOYUdVwg0lM0ju3+T8XVfdIs+4B1V46CWXStLZkdyyjESM1LmaePvOGv\/TAK9E7guEp9\/N8Y+avE0AZMOUQ+byWkAVTeUqKp\/o9Pnos4QgalSg5p1Qd8bvcOyieZ5f0JFsGmo9KlfAUZtq1lCrPlHBkitgs20se9Pme+orUB6m\/Yx1Pt7buQXxJZGZay8zca9k8M03mP93e35T9SalO+GTycFQMUtNIB2Wzk7Jadt0zo64YonqEwr9igBf\/F1feFHcqAxlO4NgxGrvhhjElwm0eSMSihisfJNhA80J9me5VnaVZrhxtExvuJFdKC21B4hxOb2AcOhc0ztxVFRnP8ixYJeNpO2bhXcP9QhZEhoJl6gRSjLP3zrtazYOfRR6nVJAJi5liVHp6ZAdzKFHL+idAgg7A\/rIa+Y2YL985H9ym8yTVkOcwwfi+XNKU+RSZliWJ2SxtuDGdKrdZp0lzDFbAKOK6B2cOiRKWlg0I58OyFKdHFzQu00CJ6xT9i77fGZZ3IiZ1N4lWbXiwOaecK2pavGzLrNkhSerclE8XU+eWTpxW9vgRU+d95+a29cFZHNeOPzkfO5qHZ9or+giGormnh1XNBnTi6MEcg7UAldz8L3+6M6bfuAAA"}
00431{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348433,"pkt_ts_usec":546861,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ww5AAD4GasqsEAABwKgKMo1qAFDC1CawgyTAzIAQARJuFAAAAQEICgE+f3ED6FDj"}
@@ -49,60 +49,60 @@
00431{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05bdAAEAG3iDAqAoyrBAAAQBQjWqDJMWxwtQmsIARAOxkcAAAAQEICgPoVccBPn9x"}
00432{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551823,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WxBAAD4GasisEAABwKgKMo1qAFDC1CawgyTFsoARAShfUAAAAQEICgE+hFQD6FXH"}
00433{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348438,"pkt_ts_usec":551871,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05bhAAEAG3h\/AqAoyrBAAAQBQjWqDJMWywtQmsYAQAOxfjAAAAQEICgPoVccBPoRU"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499348467295,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499348467295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":295664,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NrBAAD4GjyCsEAABwKgKMo1sAFAXzJbWAAAAAKACchCBAAAAAgQFtAQCCAoBPqBmAAAAAAEDAwc="}
00443{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":295837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWwuedQjF8yW16AScSAJgQAAAgQFtAQCCAoD6HHZAT6gZgEDAwc="}
00431{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":296387,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrFAAD4GjyesEAABwKgKMo1sAFAXzJbXLnnUJIAQAOWoiAAAAQEICgE+oGYD6HHZ"}
01236{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":296717,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"pkt":"ABm5CmnxAMGxFOsxCABFAAKLNrJAAD4GjM+sEAABwKgKMo1sAFAXzJbXLnnUJIAYAOUu1QAAAQEICgE+oGYD6HHZR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K3VzZXIlMkMrcGFzc3dvcmQrZnJvbSt1c2VycyUyMyZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K251bGwlMkMrdGFibGVfbmFtZStmcm9tK2luZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMlMjMmU3VibWl0PVN1Ym1pdA0KQ29va2llOiBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD01ZGZjdWg4NWtnMHZ2aWRmOG5yc2p0Ym9iNQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_tot_l4_data_len":743,"flow_min_l4_data_len":32,"flow_max_l4_data_len":631,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1499348467295,"flow_last_seen":1499348467296,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":599,"flow_tot_l4_payload_len":599,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+user%2C+password+from+users%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":296825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pf1AAEAGHdvAqAoyrBAAAQBQjWwuedQkF8yZLoAQAOymKgAAAQEICgPocdkBPqBm"}
03172{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":301106,"pkt_caplen":2087,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2087,"pkt_l4_len":2053,"pkt":"AMGxFOsxABm5CmnxCABFAAgZpf5AAEAGFfXAqAoyrBAAAQBQjWwuedQkF8yZLoAYAOx+9wAAAQEICgPocdoBPqBmSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQxOjA3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTY2OQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAO1WG1v2zgS\/pwC\/Q88LnBtF2fRsuu3nK1FEjeXAOlurk7aPeAAg5JGMRtJVEXKju\/X35CSbeWtrtcNEMQUOS8PZ0jOQ75+Nfzb+I+Tq\/9cfiAzncTk8vr44vyE0AZjX9onjI2vxuTPs6uPF8R1mmSicxFoxj78TgmdaZ0dMrZYLJxF25H5Dbv6xO6MFdeoVc2GsjpOqEPqvX71+tXQ+rlL4lSNnrDhDgaDUrUUPxjOgIfYPDgYJqA5MSoN+FaI+YieyFRDqhtXywwoCcqvEdVwp5kx8U8SzHiuQI+ur04bfUpYafNgqIWOwftcxCnk3Bex0MtDMvn3BTlPv0KghUzJ4SEZ8yQlK6EYyBfwyVGWxSLgVuTt+POXo3dk7jpuk\/w6hjnEMksQw69DVnqo3MUivSU5xCOq9DIGNQPQlGiEXaENlKJklkM0oo7D8C+cL7jpZQkXqWOH2WNrAue8svNfkfAbYNh131LE50bMsQNrGyrIRabrEL7yOS97KVF5cA\/IV2V\/L9GB81VRb8hKySpFrMqRafsyXJIg5sqkVyZAy9yFYk5EOKImSTgjyKv01oaMkVr\/wVAkN4+Q2EkqFssb6WTpDSU8xoxvSdRm3ogV3T1ybYI8xcQVNe+PxqYZD0MIywmhQBGv5mlGj2MZ3JrQxILINEDXtyO6EGkoFw4OWRyjN+VMnDd0pYoK\/F66HOqdYdiGjGOUY+G9+hGDIsVtVth1q5xsln3H\/kNR6p3XenZzizuryLb4W8tQb2KahJFPgJ1kfFxzxorY2yOg89pGFrg8\/LzQwL6D6mkF6h2bX3Iq82DHDDw0CHcQ7ALAylPvRCYJT8PNMbQfikDl0S4orDyimHw63c9xJJjzW4ZbdSRQswhhyyr5IX3qnQrc3OemR+0dmyKLJQ93iU6lUcG4tl975odnGkvUTimqVOy+haDIgZwcXV6dnB3tB0V9i0UNh4IYF6A57bbgsXq4t+u1c38kUx+L3E7JqWk9QEPeHpvud\/uhWgC\/nYqdIK1UqPcFW2QCyqxacj7e8Zh9aPdOqelOQEoF6v05mSBn+ePjnqEw5vJd\/ecr\/58gKpfWT0ChdkWhVigmWub3IexZguxeRBq5tRxuxKhn+COui7Jrt3CgvkgjucVdTYp6l2eXuCsiuZsj7stCb3GzlqHekWn+vLAaorfV\/UaIehe2\/QBAxdjucb\/niaChsBsiiFcWM1r5NmN1Ijicud+9RiA3dktTJT2umZqv+eo0kCFMeQ68YsuRzBPCrYER\/YUSvPnMJML714erin4Os2pS1wpyPFIOK8qcZkWd1SOVF\/\/DttuhJOUJtgTifiyrCj8ReiUzqb7mPC42n5VjlnnlFYIZlCXeLAcPMRD3DTHsxR25pEjNWVeWEVIgyH+QDKe9kHlIolwmtk\/9MvRzJOenIlfaOj8kPExEWnZPirzex4ybF\/fVid6HQdD2O5z3up2w64b9dqsXgt\/vt4JoMHgBGDcoIVP\/ARAYDLjbD963+oHf7oedqNVt9jvtbq8\/aLWg2X4BIG673XuAoh+2O+122OtwaAXtQbcb9qAZvo+CoDtouV3\/BVBkuCfkAxjN0G32wuYg6vg+vG8GeFVsh9AJei4MYOD3XgCGwkU\/W\/6l1WEvxevzZThreR+x3NjDN094dS60rFh1OuFZuDnVas8iVb0AnjiBTNblI4e5gIVinfFl83f3stf94Ng3E6J5fgN4I0YqxNNb6v1lU+sT9El0Cm1C6izErcggFNy+3ZgvhqffVKxOv6fx\/KDy9xGgjQjyvJg5CZ8LXaS8nNW3uLG20AhmwLV9bWnI24I9G56dLW3FlkGqQelEprewdFLQzFpoWBP3bbNkab6f8NdYPRQ9jfon+tiebbOC5IKrzGYLizXcmYJrU3a+Pd8\/pL41qr70\/WVDm5qpbJKejc0jybrtihOUW3T13mP3efl\/VfifIQpV\/Q5i4Pm6Kj7FJtRSaUimhoGtX43qVdcvtDZBq+rsZ9yH5AzibM10MpkV2XQlJtOTkittnuoOUeI6e0ue4chmZ09naNHE+jeEZG5Jf1\/t\/FEsF2\/IO+qRragmssgD+Lm4lLW5DZmJJY\/FDRKhGCJkIUNIPEN67Hk8ZPhVL+NmdEWoyYV5ka1k0OJGApnw+XhSjYRCmWUSrnL4bDojKfW9B8rM2+eFOHuKitbLBjNks3w0t8\/Z3v8BD9S4i68XAAA="}
00431{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348467,"pkt_ts_usec":301783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrNAAD4GjyWsEAABwKgKMo1sAFAXzJkuLnncCYAQAQSeKgAAAQEICgE+oGgD6HHa"}
00431{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":301832,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pgBAAEAGHdjAqAoyrBAAAQBQjWwuedwJF8yZLoARAOyZXwAAAQEICgPodrwBPqBo"}
00431{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":302316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NrRAAD4GjySsEAABwKgKMo1sAFAXzJkuLnncCoARAQSUZAAAAQEICgE+pUoD6Ha8"}
00432{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348472,"pkt_ts_usec":302394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pgFAAEAGHdfAqAoyrBAAAQBQjWwuedwKF8yZL4AQAOyUewAAAQEICgPodr0BPqVK"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499348480992,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499348480992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":992304,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IqhAAD4GoyisEAABwKgKMo1uAFBrxY9uAAAAAKACchAnDQAAAgQFtAQCCAoBPq3GAAAAAAEDAwc="}
00443{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":992428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjW5ct+zHa8WPb6AScSBbSwAAAgQFtAQCCAoD6H85AT6txgEDAwc="}
00431{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":993219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqlAAD4Goy+sEAABwKgKMo1uAFBrxY9vXLfsyIAQAOX6UQAAAQEICgE+rccD6H85"}
01137{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":993268,"pkt_caplen":589,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":589,"pkt_l4_len":555,"pkt":"ABm5CmnxAMGxFOsxCABFAAI\/IqpAAD4GoSOsEAABwKgKMo1uAFBrxY9vXLfsyIAYAOUZWQAAAQEICgE+rccD6H85R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNyZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K3VzZXIlMkMrcGFzc3dvcmQrZnJvbSt1c2VycyUyMyZTdWJtaXQ9U3VibWl0DQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPTVkZmN1aDg1a2cwdnZpZGY4bnJzanRib2I1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_tot_l4_data_len":667,"flow_min_l4_data_len":32,"flow_max_l4_data_len":555,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1499348480992,"flow_last_seen":1499348480993,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":523,"flow_tot_l4_payload_len":523,"flow_avg_l4_payload_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":993311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0k\/FAAEAGL+fAqAoyrBAAAQBQjW5ct+zIa8WReoAQAOv4QAAAAQEICgPofzkBPq3H"}
01144{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":996075,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"AMGxFOsxABm5CmnxCABFAAJGk\/JAAEAGLdTAqAoyrBAAAQBQjW5ct+zIa8WReoAYAOuuZQAAAQEICgPofzoBPq3HSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQxOjIwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUaHUsIDE5IE5vdiAxOTgxIDA4OjUyOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUsIHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTANClByYWdtYTogbm8tY2FjaGUNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDE0MQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KDQofiwgAAAAAAAADLc4xDsIwDIXhq7zNI+pMxQlgQEyMVjAkotiVk1Tk9iTAYOkt3y\/Pq8vhahWRNwErxN0cSdGsOi7nI3LTwu89QpTwRImCF2vlpU8uCOYueTW9ZRT7qVP7OvFNHP1yMsW9Zwf29IjlHx2iZoEKO4gmIkJvLkkF07wbv30Aj46y+KEAAAA="}
00431{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348480,"pkt_ts_usec":996659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqtAAD4Goy2sEAABwKgKMo1uAFBrxZF6XLfu2oAQAO32KwAAAQEICgE+rccD6H86"}
00430{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":1345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0k\/NAAEAGL+XAqAoyrBAAAQBQjW5ct+7aa8WReoARAOvxSQAAAQEICgPohB0BPq3H"}
00429{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":1932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IqxAAD4GoyysEAABwKgKMo1uAFBrxZF6XLfu24ARAO3sYgAAAQEICgE+sqsD6IQd"}
00431{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348486,"pkt_ts_usec":2003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0k\/RAAEAGL+TAqAoyrBAAAQBQjW5ct+7ba8WRe4AQAOvsZAAAAQEICgPohB0BPrKr"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499348494345,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499348494345,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":345596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SndAAD4Ge1msEAABwKgKMo1wAFAblvCmAAAAAKACchAI9wAAAgQFtAQCCAoBPrrRAAAAAAEDAwc="}
00443{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":345725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXBGdqbdG5bwp6AScSCMVgAAAgQFtAQCCAoD6IxDAT660QEDAwc="}
00431{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":346517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnhAAD4Ge2CsEAABwKgKMo1wAFAblvCnRnam3oAQAOUrXgAAAQEICgE+utED6IxD"}
01151{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":346566,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"ABm5CmnxAMGxFOsxCABFAAJMSnlAAD4GeUesEAABwKgKMo1wAFAblvCnRnam3oAYAOUTewAAAQEICgE+utED6IxDR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDElMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvP2lkPTElMjcrYW5kKzElM0QxK3VuaW9uK3NlbGVjdCt1c2VyJTJDK3Bhc3N3b3JkK2Zyb20rdXNlcnMlMjMmU3VibWl0PVN1Ym1pdA0KQ29va2llOiBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD01ZGZjdWg4NWtnMHZ2aWRmOG5yc2p0Ym9iNQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_tot_l4_data_len":680,"flow_min_l4_data_len":32,"flow_max_l4_data_len":568,"flow_avg_l4_data_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00817{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1499348494345,"flow_last_seen":1499348494346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":346614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KppAAEAGmT7AqAoyrBAAAQBQjXBGdqbeG5byv4AQAOspPwAAAQEICgPojEQBPrrR"}
02926{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":350114,"pkt_caplen":1906,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1906,"pkt_l4_len":1872,"pkt":"AMGxFOsxABm5CmnxCABFAAdkKptAAEAGkg3AqAoyrBAAAQBQjXBGdqbeG5byv4AYAOt+QgAAAQEICgPojEQBPrrRSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQxOjM0IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQ4OA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1v2zYQ\/pwA\/Q8cCzRtAYt1i25rJqtI7GQxkLZe7DQdMMCgJTpmTIkqSdnxfv2OlGTLiRNHc4Ag5su9PLzjHe\/0Yt\/\/pfOtPfi7d4ImJhaod3l83m0j3CDk6kObkM6gg36cDb6co6b3DvWN4qEh5OQrRnhiTHpIyHw+9+YfPKmuyeCC3FopTctWDBva8XiRiXDwYv\/Fvu\/03MYi0a0NMpqfPn3KWXPyPX\/CaATDvT0\/ZoYiy9JgPzM+a+G2TAxLTGOwSBlGYT5rYcNuDbEi\/kDhhCrNTOtycNr4HSOSy9zzDTeCBd8zkTBFR1xwszhE\/b\/OUTe5YaHhMkGHh6hD4wSVRIKhKzZCR2kqeEgdyevO96ujN2jW9Jrv0NsOmzEh0xgwvPVJrqFQJ3gyRYqJFtZmIZieMGYwMgC7QBtqjdFEsXELex6Bv2g2p3aVxJQnntsm96VxOHMp5x8e02tGYGld0pjOLJnnNpYydKh4aqoQbuiM5qsYaRWuAbnR7rcHCrwbjQOf5JSFi0jhIzseyWiBQkG1da+MGc59F\/EZ4lELWyfBiZgq3FvZskIq63s+j6\/vIXGH1ETIa+mlyTVGVIDHtzhqdW7ACuruqbZGHoLjsor2e3vDlEYRi\/IDAUEmynPa3WMhw6k1jeBIJiGonrbwnCeRnHuw5XC0DvKTeAe4ZAUGuuYuDwdnYDafULCy4MH+UwTyBMIsc\/dWe+kkfUT+XVIcdCsr9dRCZGXpFn1LGhz07RARdMFgEXWOK8pIJoIdDDqrBDKH6zFSmWHkEVSbGXBwbH\/RqVRhTQ\/cFchuWVgHgKPHQVvGMU2iVRraDUWo1bgOCkcPKPoXp7spHnPifU4hVFscOLOIbbklT+LHwSmH4O7aFb2zbbJUSBrVsU7BUcC4dLMd\/UNTA09ULRcVLC5uWZgphtpHvUH77Gg3KPqn4BUcmgm4gDbbbcHj+CC2q2\/n7kiGI3jkajmnwnUHDXp9bJff7IZqzuh0yGtBKllwcAUj1Gfa3lrU7dRMs3fl3mo9rAUkZ8DBj34fapZvX3Y0hRWn6upXpf4LNs6v1jOg0HVR6BJF30i1DmHHJ8jFIpSRW5\/DFRkObP0I9yJfqmcO4OfJWG5RV6HCQe+sB1ExlvUU0ZHMzBY1SxocHNnh85nVFnpb1a+IcHDuxncAFBXbWu33cCFoS9hVIQgti90tdNu9aiHoT5qPthFQGzdzUXl5XBE1W9arw1BGbEgVo0W1PJYqRtQJaOGXGEHnM5EA78+TQVF++mlxqEvNFKSUw6JkTtKsWtVDKc\/\/hXHzI0YJjWHEAfd9Wp2NYm5Kmn4xm1GRraaFYpIGeQtBLMocb6pYABhQ8wDZ6qXZar70Rwqq7lOutHFSDxGNYp7ky\/1MVdeI5XeNxNIn\/uR98AVC1F1YFdPClu8dWeFRuD+rm1BpJYsYYzT2QhkvQ06xGWdzTT52eu++Nnu\/\/XriuT4TGaquoUfE8HzQZIqD\/y1qees2otMgkyXenE95yiJOXb9rZwRuzJCXN2YznicyP44AZIyZUtnEi6EpNFlC81P9FI2lhEYIfZhxHWpDTjPyoHlqS9qKLYXOmWkTy2TKFl7CoC22EhpOxLpsEi\/sfIO+Rtlcb0b9jDq2e9veIDmnOnXeggTHbm2Sci7rbvf3k9i3WnUkR6NFw9g8o52THrTNPcqq7CKP5iFa9sgumPP\/ZbJ8ILkWOS8UjKplJtmUgfVCGxYP7au17LSrmWqUGWONVuSm7xCH6IyJdPk6pDLN0mFJJpN2\/r6sPm8cAsVl+ho9UFfYyB5OQKK19WeAZCvLV2Xkt4ScH6A3OEBbUfVlBm3k8+LSTuY2ZNaWVPBreDwEG0Pm9lkc2IfCJV2fwKyaje1uWYSgc\/sVq6ABiSsKqB66nX6xE3Ftr0lU+vBBd46lNGsfddJgl69q6abnu\/psEPtA5x8a3SfA4D8qFDbP4xQAAA=="}
00432{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348494,"pkt_ts_usec":350815,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnpAAD4Ge16sEAABwKgKMo1wAFAblvK\/RnauDoAQAQEh+AAAAQEICgE+utID6IxE"}
00431{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Kp1AAEAGmTvAqAoyrBAAAQBQjXBGdq4OG5byv4ARAOsdKQAAAQEICgPokSgBPrrS"}
00432{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SntAAD4Ge12sEAABwKgKMo1wAFAblvK\/RnauD4ARAQEYLwAAAQEICgE+v7UD6JEo"}
00432{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348499,"pkt_ts_usec":355969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Kp5AAEAGmTrAqAoyrBAAAQBQjXBGdq4PG5bywIAQAOsYRQAAAQEICgPokSgBPr+1"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499348506489,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499348506489,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":489087,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMo1yAFDHw0SlAAAAAKACchD87AAAAgQFtAQCCAoBPsatAAAAAAEDAwc="}
00444{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":489193,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXIW0CP4x8NEpqAScSAm\/AAAAgQFtAQCCAoD6JgfAT7GrQEDAwc="}
00431{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":490001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMo1yAFDHw0SmFtAj+YAQAOXGAwAAAQEICgE+xq0D6Jgf"}
01151{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":490005,"pkt_caplen":603,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":603,"pkt_l4_len":569,"pkt":"ABm5CmnxAMGxFOsxCABFAAJNggpAAD4GQbWsEAABwKgKMo1yAFDHw0SmFtAj+YAYAOX3FAAAAQEICgE+xq0D6JgfR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K2RhdGFiYXNlJTI4JTI5JTJDK3VzZXIlMjglMjklMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvP2lkPTElMjcrYW5kKzElM0QxJTIzJlN1Ym1pdD1TdWJtaXQNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9NWRmY3VoODVrZzB2dmlkZjhucnNqdGJvYjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_tot_l4_data_len":681,"flow_min_l4_data_len":32,"flow_max_l4_data_len":569,"flow_avg_l4_data_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00859{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1499348506489,"flow_last_seen":1499348506490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":537,"flow_tot_l4_payload_len":537,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+database%28%29%2C+user%28%29%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":490071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0u+ZAAEAGB\/LAqAoyrBAAAQBQjXIW0CP5x8NGv4AQAOvD5AAAAQEICgPomB8BPsat"}
02968{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":495187,"pkt_caplen":1947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1947,"pkt_l4_len":1913,"pkt":"AMGxFOsxABm5CmnxCABFAAeNu+dAAEAGAJjAqAoyrBAAAQBQjXIW0CP5x8NGv4AYAOt+awAAAQEICgPomCEBPsatSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQxOjQ2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUyOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWP9P4zYU\/xmk+x88nzTgtMbXO922Y2k2aGEgcXcdLcdNmlS5iduaOnHOdlq6v37PTtIGKJSsSIj6y\/vysd8Xv5dXu\/4PnS\/t\/t\/dEzQxsUDdq+OL8zbCDUKu37cJ6fQ76NtZ\/9MFanpvUc8oHhpCTj5jhCfGpIeEzOdzb\/7ek2pM+pfk1kppWrZi2NCOx4tMhINXu692fafnNhaJbq2R0fz48WPOmpPv+BNGIxju7PgxMxRZlgb7nvFZC7dlYlhiGv1FyjAK81kLG3ZriBXxGwonVGlmWlf908avGJFc5o5vuBEs+JqJhCk65IKbxSHq\/XWBzpMbFhouE3R4iDo0TlBJJBi6ZkN0lKaCh9SR7He+Xh8doFnTa75FbzpsxoRMY8Dwxie5hkKd4MkUKSZaWJuFYHrCmMHIAOwCbag1RhPFRi3seQT+otmc2lUSU554bps8lMbhzKWcf3hMx4zA0l1JIzqzZJ7bWMrQoeKpqUK4oTOar2KkVXgHyI12v11Q4N1oHPgkpyxMRAob2fFQRgsUCqqteWXMcG67iM8Qj1rYGglOxFRh3sqWFVJZ3\/F5PH6AxB1SEyHH0kuTMUZUgMU3GGp1bsAK6h6otpc8AMNlFe0P9gYpjSIW5QcCgkyU57S7x0KGU3s1giOZhKB62sJznkRy7sGWw9Hay0\/i7eGSFRjoHXN5ODiDa\/MJhVsWPNh9jkCeQJhlzm+1l07SJ+TfJ8XBeWWlnlqIrCzdoG9Jg4OeHSKCLhksos5xRRnJRLDFhc4qgczBPYYqM4w8gWo9Aw6O7S86lSqsaYH7AtktC+sAcPQ4aMs4pkm0SkPboQi1GtVB4egBRe\/ydDvFI06831MI1RYHzixiG7zkWfw4OOUQ3Od2RW99N1kqJI3q3E7BUcC4crMt7UNTA09ULRMVLC5uWZgphtpH3X777Gg7KPq74BUcmglwQJvtNuBxfBDb1bdzeySDITxytYxT4bqHBu0f2+WD7VDNGZ0OeC1IJQsOrmGEekxbr0XnnZpp9r7cW60HtYDkDDj41utBzfLl05ZXYcWpuvpVqf+SjXLXegEUui4KXaLoGanuQtjyCXKxCGXkxudwRYYDWz+CX+RL9a4D+HkykhvUVahw0D3rQlSMZD1FdCgzs0HNkgYHR3b4ctdqC72N6ldEOLhw43sAiortTu33eCFoS9hVIQgti90tdNu9aiHoT5pPthFQGzdzUXl5XBE1W9arg1BGbEAVo0W1PJIqRtQJaOHXGEHnM5EA78+TflF++mlxqCvNFKSUw6JkTtKsWtVDKc\/\/hXHzA0YJjWHEAfdDWp0NY25Kml4xm1GRraaFYpIGeQtBLMocb6pYABhQcw\/Z6qXZaqIssbkuf0ZQRA0dUs32D35CGQDeP3jtDxVU5adcaeO0HiIaxTzJl3uZqq4RK\/9llNgm4p4OJaX5w\/qdmEhtcmWuq1k6iD95F3yCfOGiR8W0MOw7R1a4Fzjzyi0rfW0R8IzGXijjZfwrNuNsrsmHTvft52b3l59PPNf0IkPVGBpWDG8ZTaY4+N+iliGwFp0GmSzx5nzKUxZx6ppvOyPgvgNeuu96PM9kfhoByBgxpbKJF0OHarKE5qf6LhpLCY0QmkLj2uWGnGbk0eupLWkjthTaeKZNLJMpW3gJgx7dSmg4EXdlk3hh52v0NcpOfz3qF9Sx2drWg+Sc6tRZC7Itu7UZ05nsfLO9n8W+8VaHcjhcNIxNetoZ6dG7eUBZlV0k9TxEy4bdRXX+v8zcj2T6IgGHglG1TGvrngO90IbFA\/uELtv+atocZsbYSysS5VeIQ3TGRLp8qlKZZumgJJNJO3\/sVt9aDoHiKt1HjxQ5NrIHE5Bo7\/p3gGTL3B\/LyG8JOd9DBzhAG1H1ZAY97cvi0k7mJmT2LqngY3jJBBvBM+KzOLCvlsu+PoFZNfXb3bIiQhf2k1pBAxJXFFDKnHd6xU7EtXWTqLTho+YcQaa\/84UpDbb5xJeuqyWqzwax1UL+1dN9jwz+A9Lm5NZwFQAA"}
00432{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348506,"pkt_ts_usec":495874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ggtAAD4GQ82sEAABwKgKMo1yAFDHw0a\/FtArUoAQAQK8cQAAAQEICgE+xq4D6Jgh"}
00432{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":496547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ggxAAD4GQ8ysEAABwKgKMo1yAFDHw0a\/FtArUoARAQK3jgAAAQEICgE+y5AD6Jgh"}
00432{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":496699,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0u+lAAEAGB+\/AqAoyrBAAAQBQjXIW0CtSx8NGwIARAOuywgAAAQEICgPonQMBPsuQ"}
00432{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348511,"pkt_ts_usec":497289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gg1AAD4GQ8usEAABwKgKMo1yAFDHw0bAFtArU4AQAQKyqgAAAQEICgE+y5ED6J0D"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499348514064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499348514064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":64531,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tHhAAD4GEVisEAABwKgKMo10AFC7kHpqAAAAAKACchDL8wAAAgQFtAQCCAoBPs4SAAAAAAEDAwc="}
00442{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":64644,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjXSy4nMxu5B6a6AScSADUQAAAgQFtAQCCAoD6J+FAT7OEgEDAwc="}
00430{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":65457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tHlAAD4GEV+sEAABwKgKMo10AFC7kHprsuJzMoAQAOWiVwAAAQEICgE+zhMD6J+F"}
01234{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":65460,"pkt_caplen":666,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":666,"pkt_l4_len":632,"pkt":"ABm5CmnxAMGxFOsxCABFAAKMtHpAAD4GDwasEAABwKgKMo10AFC7kHprsuJzMoAYAOX5EAAAAQEICgE+zhMD6J+FR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9MSUyNythbmQrMSUzRDErdW5pb24rc2VsZWN0K251bGwlMkMrdGFibGVfbmFtZStmcm9tK2luZm9ybWF0aW9uX3NjaGVtYS50YWJsZXMlMjMmU3VibWl0PVN1Ym1pdCBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvdnVsbmVyYWJpbGl0aWVzL3NxbGkvP2lkPTElMjcrYW5kKzElM0QxK3VuaW9uK3NlbGVjdCtkYXRhYmFzZSUyOCUyOSUyQyt1c2VyJTI4JTI5JTIzJlN1Ym1pdD1TdWJtaXQNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9NWRmY3VoODVrZzB2dmlkZjhucnNqdGJvYjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00869{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_tot_l4_data_len":744,"flow_min_l4_data_len":32,"flow_max_l4_data_len":632,"flow_avg_l4_data_len":186,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00880{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1499348514064,"flow_last_seen":1499348514065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":600,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":150,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/sqli\/?id=1%27+and+1%3D1+union+select+null%2C+table_name+from+information_schema.tables%23&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00430{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":65524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07LdAAEAG1yDAqAoyrBAAAQBQjXSy4nMyu5B8w4AQAOyf+AAAAQEICgPon4UBPs4T"}
02393{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":75711,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMGxFOsxABm5CmnxCABFAAXc7LhAAEAG0XfAqAoyrBAAAQBQjXSy4nMyu5B8w4AQAOybhgAAAQEICgPon4gBPs4TSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjQxOjUzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMzc5Nw0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAPNnXtv47gRwP\/eBfY7qOqi+0BjbXq4tpvaPji2kwjnJD4\/kruigEBLtM2NJOpIyk7u03dIybH82myaRYeLYKMHHz8NyZkhh1LevK7\/qXPdHv3W7zpzlcROf3za89uOe+R5tz+0Pa8z6ji\/Xowue85x7ZMzVIKFyvO6V67jzpXKTjxvuVzWlj\/UuJh5o4F3r0s51tnKwyNp8tQiFbnNN6\/fvK6beu6TOJWNPWUcf\/78uchaJH9Vn1MSweGrV\/WEKuLoLEf095wtGm6bp4qm6mj0kFHXCYuzhqvovfJ0Ef9ywjkRkqrGeHR29E\/X8YoyX9UVUzFt3uRxSgWZsJiphxNn+EvP8dMvNFSMp87JidMhSeqsEsXUuaUTp5VlMQuJSfK+c3Pb+uAsjmvHn5yPHbqgMc8SYPhY94oayupilt45gsYNV6qHmMo5pcp1FGCXtKGUrjMXdNpwazUPfqLFkuirXkJYWjO3vd3SGDzzqpz\/sITMqAeXNkuakoVOVjM3HsuQoWCZqiJ8IQtSXHUdKcINkC\/S\/O5DBbUv0m3WvSJl2URe2Ub6eMKjByeMidTNyxPqFm0XsYXDooarGwmeiIqyeSu3dCGV66\/qLJntkJiHlF7MZ7yWpTPXITG0+BMNtX5uYIXqdqrWQg6g4fJK7Tv3goxEEY2KB4IEebx6Tn33NObhnRZNzByehlD1XcNdsjTiyxrcMhyNd8WT1N65q6yQgWw0V81tXoDY6h4BKces+fpbCmQpDLPc9FtZy+bZV8rfTuo2\/cqV51ULIyvPnqjvMY3bHOpDx3MGFC46ndNKZV4eN18g0EVlIDPoHhORK+p9hWp\/Brd5qn87Z1yEz2yB7QLpPQ2fA2DSu802TxKSRms19DKKUIrpcyhMeqAYDs5eVvGUebWfMhiqDQY584g+0Uu+Kb\/bPGMwuH19Rb5YNnkWcxI9RzpljhJjbM5e2D4kU2CintVEZRYzbmmYC+q0W\/1R+6L1MhT5e8wqHJLG0AG1tnuCx+SDsV21nS8nCSZg5J7VOJVcWzTO+1N9+cPLqJaU3AXsWUirLG7zFo6cIZW61zp+55lqdrvceymDZ4EUGdzmr8Mh+CzXly8UhS5OPLd+sap\/QKdF1\/oOFPK5FHJFMVRcbCK80ASZsQhu5JPmcJ3MbWr\/EfpFcel54oD8LJ3yJ6qrpHKb\/Ys+jIopf15FZMJz9UQ1j2ncZksffj+xakfvyerXidxmzxxvAZQe24bvd9gR1C7s2hGEKYu+W9at71Udwfr8+KvTCPCNj4uiCve4UtTi0V8NQh7RgAhKSm95ykXiEFNAw\/2z68DMZ84B77w7Kt3PelY+1FhSASrlpHSZ0yyvevXgyrM\/4Pj4R9dJSQJHDLh308p8kjC1SjMszxYkztenZcVe1iymEJ6mLHgzQZvA4By\/c7T3ctw4dvJU67rCjDhpHsd\/dZQ="}
04089{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348514,"pkt_ts_usec":75762,"pkt_caplen":2767,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2767,"pkt_l4_len":2733,"pkt":"AMGxFOsxABm5CmnxCABFAArB7LlAAEAGzJHAqAoyrBAAAQBQjXSy4njau5B8w4AYAOyBnwAAAQEICgPon4gBPs4TeVZdhTMVPHF0zxSJae5AhnOakJpJIv9cnwhw2c+YkMognTgkSlhaXB7monrN05X\/Hwi2KgeDO2i1R91BMOyOhmgU171ea+RfX+ETBBsSCVr9fs9vt079nj\/6DRFufIkqG6g+6A\/8G7\/XPe+igXSvzv0rxOpvuld4Y+QMZI9W+Xnv+rTVC4aj1miMDXHTGvitU0Rh\/Nz9LSjHxHjYOu9icVz3R\/6l\/2\/QVCPQWGgYfdCXl11QmGgNAgQjH9V89HtjUE141Q+u293hsOcPR4gIoKH8q3MsgEH3rDsABe2DimhDV4Ax4SOq68H1eIRprIbti+5la9TCrd8Cp2EIA0P7dbi2a0WBbry0GEBN+G00ghHq8xe198Fe4iLYoKMKEPwhOhr45+eI\/sN4CD4Uvhhu\/O4tWuX+1dV15zToXbd\/xmYYDX5FJhj+Ngw6YDxR51wly9lIq4ozH82xqsjkxh+Mxq0eMkn7so\/fJqdd8HWDTrcHM58OvkCCQXfYRXP+Kxx9UKX+VaeLPYSB5bJ7aYVYoLfY0U9Ox2dn2tK1zrtBbzC2wNQEty0fz\/9Z2Zsu9NvCF\/Kvzq4t0LNmAKFbHk2C66xXQM78bq+DDbKh4KzQLZUhbYOWO2uNeyOYal\/3b68H2OoOiIqGMp3YFph2q32BDbMe2agT4ZLmsgsTQLz1iKqSuR50\/fMrvbqPjVP4L5Zol+vrIvaDLRTdRsjB0N3eYgFJMZYxG2iWU6kmnN9hAeSSColVecjjPEllkAm2wGKIJlg103TGUr37Ryo0hAVN0Sqf5mmINu6o3nwVBzGfoSEoFgV643euaIQFMadxFoRE0RkXD6gQd\/RhyQWuIASNSbFtDxFC8YyhjQuWpjyaBCyN6H0gFVFotqEkKUpEJUkBY8JSUBWFXLA4sjif4e14zARH65W6blwvAQjuGcVlAE9tQQWqv1AgoI1EGZMFDRIiFciBmb3smCDaXDwEhV7AZgHbeYcuFL7EdKiKdKhDVLGEBn\/wlKIDBDElWSBpyFM0n2oNo8\/xKZQgqWSYDt4+lkC\/g4E5\/ceqm4Qhz1M8v04PjUC\/EE3SkKJRmCm41B7uDJRXmAuBOCXfhJkzqRCnhXthwMCkaBZmk0jmSUKAaPIQlF1ZH5o0qArvIOUcPEfLEdVcUBJZDqmVps2Is5hPSGwboaKJObRGxa2ArFFzW0CWqLoVlf3qbg9pxGBgWNTXLNfGezAzwWeCJFay2Wkt9oDaaDG2MS20GmaSVLwIb4vd2ECyw3LsQ7LBdmxwWW49DrFap6QPgVqoCg+hWqcM94JaqA6XhFnjPxcsdijADRYbNF8BZLnK24G0TtftEK4W62zjslD57jBap3U3CW1St1MGJaEvDBuKSgNaIheLhqNRWCGBTJgEaB0koYm2d7aamV08ewzMLptNKnyXzh7lvcVmk9rWHwiPiCKB+cAgGkWu6D2+9eAT\/QnCffYVM9ycUWHygmQCHQvH20oEFWZE0Ki6EobeaMC0+mh5QPQHzM12r3TKZrlA3Zi6D0wLLrdKVAWR7uMh5yJiKYEJoZ2AxXYtG9igf6U0XB3a1dUqbPb0tpngeRaAHZyULWodFR7QUptefD0qi29tP\/rDZT8KiFKIm1dLKEtgFHQXEoKCRGYAcYCPgrmp2GAUfxjD+AG4IKXjhguB65tJUCJUWaBGCg6r1mB2mbBXYdZOTalu8UHmmK9IPFIUSwr4HJh7fIui5lBZjDeOi6IY3xdQ0O+55ZLM8LanH4Qzd3CxjDtnGZgZVWh9yazELYhgJj3+MLcIJUtIEOhvGUA\/QfuegYEIwUrrt7vL7wvgshgG1BezDEdEJZulespKlWLpDFcq9D7jQgWKJllMFJ5pMDBTsuCCKbxVUQ2BvJXCMKRkwWYm+5xFDG8bhYHJommg\/wYcbt8QNETcbFMi4H6VwEBIsqCRpERAXtwWKcozK7w2gKAr9qK8nEHtU2SBCBLeYasN7aAVC9noGGZNFrdJUD\/vZOL95bzBBgbtIhd7e9BG7AEc1KDsNlPxNplFNEV8NtCOYhpa05PWYJiNV34mZ5JPp6twlIEzpVgGhbpuAINsY5sPcm8CnPWWDKMFJrpXIU6F9hLZJCW9DmWXlFZEyFIyM2iFbdrKnWGVfX7lmwq4DbbGWo99y8BWu\/tswlp3cgupFFckRtxmKFiI59bLADKEd0GsR9k6bI26RFAkD0iuOCCFovCLkJdfS6j1twyZVIgNV+IU8f2AL6hYMLpEphE0ytOIpKoQE2KsveDZDjtZgWNN39nGCZZMzUs32wa0EmgKdaxYQ4KuAPIUDGyE3sGL7V\/Yu8+kjJH3Uq7nzSQl8YNk+CRlv6VCcCEDLkD3iBQzRrZNZs2I2uISeaq3iumt88HnH+FCRoWOlzC8ef42ouRCIa5Jb+PoiGepLNGQHmSAu0JuJjzIC8NVBgsWhg\/goH8c0p6F4T00diwMHwbDbDz9nWZEf8MsjYUxkeB4VBYTyGKG3VwHyCygktXFM1t4VotTVvBY01z3b20Ibm5SWGDFDgKhqsJdKlxLtpfHDlv2NTTcJrQy0HkQCzXU+UiFv44GKHbFXQ2QZZHXA0x2ScqK6OsBJnRJ2RGBvX9raQy2CmZZFLaKZlUc9hHMskjsNhdqLPb+rf7TUFTKmOG98QcQsvzQ9PYi6GrKi7faXoWrTL7hklSCTXLMqLFhOxTawlSjJdMUhAXSopH+44SILWhZIPsRyJZg7RaQdRKyK2C7CWdZgAngcOOkAGBNfLLCYl2EcpfNoi5kf5RyFxI5TrkLZEGk8v6tDZHCTQorVlltjBbuUmGvslobMfwaGm4T2hu2O8hmBZdNobsKkSXBuxXRgUZ78\/pV3YvYAg704fxvzUsuqOOvK6x7cFHfy2P961U9Zs06ceaCThvuXKnsxPOWy2VN0jDXb\/KTpBbyxCtPHwTVW22l92On\/+nquP+Pv3drc5XELjyjmFHVcINJTNI7t\/k\/F1X3SLPuAdVeOgll0rS2ZHcsoxEjNS5mnj7zhr\/0wCvRO4LhKffzfGPmrxNAGTDlEPm8lpAFU3lKiqf6PT56LOEIGpUoOadUHfG73DsonmeX9CRbBpqPSpXwFGbatZQqz5RwZIrYLNtLHvT5nvqK1Aepv2MdT7e27kF8SWRmWsvM3GvZPDNN5j\/d3t+U\/UmpTvhk8nBUDFLTSAdls5OyWnbdM6OuGKJ6hMK\/YoAX\/xdX3hR3KgMZTuDYMRq74YYxJcJtHkjEooYrHyTYQPNCfZnuVZ2lWa4cbRMb7iRXSgttQeIcTm9gHDoXNM7cVRUZz\/IsWCXjaTtm4V3D\/UIWRIaCZeoEUoyz9867Ws2Dn0Uep1SQCYuZYlR6emQHcyhRy\/onQIIOwP6yGvmNmC\/fOR\/cpvMk1ZDnMMH4vlzSlPkUmZYlidksbbgxnSq3WadJcwxWwCjiugdnDokSlpYNCOfDshSnRxc0LtNAiesU\/Yu+3xmWdyImdTeJVm14sDmnnCtqWrxsy6zZIUnq3JRPF1Pnlk6cVvb4EVPnfefmtvXBWRzXjj85Hzuah2faK\/oIhqK5p4dVzQZ04ujBHIO1AJXc\/C9\/ujOm37gAAA=="}
@@ -111,13 +111,13 @@
00431{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348519,"pkt_ts_usec":77010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tH1AAD4GEVusEAABwKgKMo10AFC7kHzDsuKDZ4ARASWKoQAAAQEICgE+0vgD6J+I"}
00431{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348519,"pkt_ts_usec":77129,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07LtAAEAG1xzAqAoyrBAAAQBQjXSy4oNnu5B8xIARAOyF9wAAAQEICgPopGoBPtL4"}
00431{"flow_id":9,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348519,"pkt_ts_usec":77716,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tH5AAD4GEVqsEAABwKgKMo10AFC7kHzEsuKDaIAQASWFvgAAAQEICgE+0vgD6KRq"}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_tot_l4_data_len":1345,"flow_min_l4_data_len":32,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_tot_l4_data_len":2636,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1872,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_tot_l4_data_len":2754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1913,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_tot_l4_data_len":5117,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4181,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_tot_l4_data_len":2956,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2053,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_tot_l4_data_len":1389,"flow_min_l4_data_len":32,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_tot_l4_data_len":2712,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1872,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_tot_l4_data_len":2754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1913,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_tot_l4_data_len":5149,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2733,"flow_avg_l4_data_len":429,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1499348407419,"flow_last_seen":1499348412425,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1499348413192,"flow_last_seen":1499348418262,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2300,"flow_avg_l4_payload_len":230,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1499348422024,"flow_last_seen":1499348427063,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":11,"flow_first_seen":1499348433464,"flow_last_seen":1499348438551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4149,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1499348467295,"flow_last_seen":1499348472302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2021,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36204,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1499348480992,"flow_last_seen":1499348486002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1053,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test"}
diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out
index d5a2cfe01..989faf769 100644
--- a/test/results/WebattackXSS.pcap.out
+++ b/test/results/WebattackXSS.pcap.out
@@ -1,10 +1,10 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackXSS.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499346935283,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1499346935283,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":283859,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":283960,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="}
00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":285304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wahAAD4GBDCsEAABwKgKMsuCAFAodgnhOY91W4AQAOXqtwAAAQEICgE4yEcD4pm+"}
00842{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":285308,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"ABm5CmnxAMGxFOsxCABFAAFpwalAAD4GAvqsEAABwKgKMsuCAFAodgnhOY91W4AYAOVM7wAAAQEICgE4yEcD4pm+R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_tot_l4_data_len":453,"flow_min_l4_data_len":32,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1499346935283,"flow_last_seen":1499346935285,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":285364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07OVAAEAG1vLAqAoyrBAAAQBQy4I5j3VbKHYLFoAQAOvpfAAAAQEICgPimb4BOMhH"}
01114{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":286775,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"AMGxFOsxABm5CmnxCABFAAI07OZAAEAG1PHAqAoyrBAAAQBQy4I5j3VbKHYLFoAYAOvIDwAAAQEICgPimb8BOMhHSFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjM1IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9MjNyZ252ajc4azdxZmhndGZyNGI5cTQwNzU7IHBhdGg9Lw0KRXhwaXJlczogVGh1LCAxOSBOb3YgMTk4MSAwODo1MjowMCBHTVQNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlLCBuby1jYWNoZSwgbXVzdC1yZXZhbGlkYXRlLCBwb3N0LWNoZWNrPTAsIHByZS1jaGVjaz0wDQpQcmFnbWE6IG5vLWNhY2hlDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9MjNyZ252ajc4azdxZmhndGZyNGI5cTQwNzU7IHBhdGg9Lw0KU2V0LUNvb2tpZTogc2VjdXJpdHk9bG93DQpMb2NhdGlvbjogLi4vLi4vbG9naW4ucGhwDQpDb250ZW50LUxlbmd0aDogMA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KDQo="}
00428{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":287358,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wapAAD4GBC6sEAABwKgKMsuCAFAodgsWOY93W4AQAO3neAAAAQEICgE4yEgD4pm\/"}
@@ -13,16 +13,16 @@
00920{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":341608,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"ABm5CmnxAMGxFOsxCABFAAGhwaxAAD4GAr+sEAABwKgKMsuCAFAodgxsOY97yIAYAQQVjwAAAQEICgE4yFUD4pnER0VUIC9kdi9kdndhL2Nzcy9sb2dpbi5jc3MgSFRUUC8xLjENCkhvc3Q6IDIwNS4xNzQuMTY1LjY4DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjQ1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvNDUuMA0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KUmVmZXJlcjogaHR0cDovLzIwNS4xNzQuMTY1LjY4L2R2L2xvZ2luLnBocA0KQ29va2llOiBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD0yM3JnbnZqNzhrN3FmaGd0ZnI0YjlxNDA3NQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
01427{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":342412,"pkt_caplen":807,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":807,"pkt_l4_len":773,"pkt":"AMGxFOsxABm5CmnxCABFAAMZ7OhAAEAG1ArAqAoyrBAAAQBQy4I5j3vIKHYN2YAYAPyJMAAAAQEICgPimc0BOMhVSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjM1IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjM0YS01NTJkZGZlMjQyYjkwLWd6aXAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogNDA2DQpLZWVwLUFsaXZlOiB0aW1lb3V0PTUsIG1heD05OA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2Nzcw0KDQofiwgAAAAAAAADdVJBbsIwEDwXiT9YQr0RmlDgEE7toWqf4cTrsMJ4LduQ0Kp\/r51gCFWrvcSbndmZsSsSZ\/Y1nTxUvN43lo5alGwmQUoJ29CWpH3JiqXpnoq16diLRa7m7B3UCTzWfM4c1y5zYFHGeYUash1gswuwZW662KxJkQ20mypW6HxPJ9PJrLXcGLD9eg+dz7jCRpesBu3BRuCB2wZDJ2f86OkKrIOoMNMDBTqj+LlkqPvdlaJ6H7GGC4G6ualoUfhdec8kifxFgSGHHils45UjdfQwAhV5\/hiPydn6wlmR93QIAoejAunToV+geAWqp5eKePgXJ7a\/\/NrIebOb2WFHvljDYTu2ePVGJ7CBsC3ZDoUAPfKb0ElhvMCsvciuSIkkbaEoLPvQ5uj\/Eni9s9dYoyieU563F5Ol4bdVrCEYKyC0ipRTPGbOnxWULMSLYtRO8HoV6+7yNgP+kkyKO77H5EMiKOFgMJE0JvdXniI0+pdw+\/ovyHutmjSkVWYIKibq8BMG1vTzB9B5D8NKAwAA"}
00952{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343088,"pkt_caplen":454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":454,"pkt_l4_len":420,"pkt":"ABm5CmnxAMGxFOsxCABFAAG4wa1AAD4GAqesEAABwKgKMsuCAFAodg3ZOY9+rYAYARVYPgAAAQEICgE4yFYD4pnNR0VUIC9kdi9kdndhL2ltYWdlcy9sb2dpbl9sb2dvLnBuZyBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IGltYWdlL3BuZyxpbWFnZS8qO3E9MC44LCovKjtxPTAuNQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvbG9naW4ucGhwDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPTIzcmdudmo3OGs3cWZoZ3RmcjRiOXE0MDc1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499346935343,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1499346935343,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343132,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IaBAAD4GpDCsEAABwKgKMsuEAFAW1en2AAAAAKACchDI1AAAAgQFtAQCCAoBOMhWAAAAAAEDAwc="}
00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343180,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4Rgmy17FtXp96AScSCd7QAAAgQFtAQCCAoD4pnNATjIVgEDAwc="}
02383{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343349,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMGxFOsxABm5CmnxCABFAAXc7OlAAEAG0UbAqAoyrBAAAQBQy4I5j36tKHYPXYAQAQTFTAAAAQEICgPimc0BOMhWSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjM1IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjIzODAtNTUyZGRmZTI0MmI5MCINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpDb250ZW50LUxlbmd0aDogOTA4OA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQoNColQTkcNChoKAAAADUlIRFIAAADIAAAAcggGAAAAFgmejQAAI0dJREFUeAHs3ANwZNsWgOETOxnbtm3btm3btm3btud6PHds255k1vvr1rBfd9J9uuO9q76qlIJV\/R\/uiqaWWsG9KlWv54GUKI5mGIrFOIQTOP7VMfyDv\/HXV3\/iD+zCJLREAUSHZq2vXyhKkEiIShiEdTiGJ5BAcgo9kTAkBqIozoiPXKiMssiBPKiApuiJsViEbbgCCQR\/oHBYCERRoqAUBmA7nkJsZD4iBUogirL13zoOcIE7vBABkREN7tACAz87CephK3whVniEWioQ\/6gPuh2iIi2KoT56YCJW4hAu4xU+wQ9ihte4gqNYh+kYgBaoiBzwsjKWGOiEUxArrIaTCkTFEBdl0BsrcQGfIMHED+exGB2QBx46Y8mAcXhoRSQO4SMQFYIb0qMCOmISNmErlmMmJmIqZmEeFmMF1mAjtuIIruJ9EEfzLxahNeJYGIoT2uMZxELLYK8CCfuBOEOzsYhIhSKoh+6YisN4BQkkX3AQLRHFglAiYQI+6bh5V4EoNr+PSYIqGIKtuAuxsc\/YgfrwNjOUZNgJsUB1FYgSFOHERlNswluIDX3AGmQyIxI7dMdniBluw0MFohjyCMRYXFEK03DLxpdgK5HUjFBy4zbEDENVIIqGtCiJNHAIwrNLBkzFGxtefs1ArAAiiYzdkAB8QCIVSPiNoj+GIGcwX4b5oBOuQmzgHYYjgj+RuGATJABjVCDhK4pB+BsTkSiE3a\/Yoxz2QGzgGSoE8Dh4DcQfd2GvAgm7YqIvzuM+uiNCKLi5z4SjNro\/GQR7E5E4YjnEH0VUIGGLHQpjDT7jGXrAPRQ+Oq6PhxArbUEEf84kRyAmLFCBhA2R0BEXIXiDIYgQyh8V+2AifCFWuITU\/uzpugcx4qkKJHTLjgV4D8EHTES0MPZOJR3+gFjhNSqbiCQnPkKMiB+6Bqa4oSmOQ77yxVzEC+NbaObZ4L6kpolIOkGMKB86hqS4oyPuQ36yGynC0Rv6zvCD6PQR+Y0E4oATEAP9Q\/ZQFA90MbKV+w6qhdNtLKXwEqLTc6QyEkkOfIH8ZG3IHITiiW54BPnJZ4yGZzjf65XKyheMNxDdSCSzID85GrL+eMULPfEYYuAAUkNT\/oskjpV7u9aYeKr1EfLVv2rYIYMHeuMpxMB91Ib2f1QkqfEMolNpI5HMg3x1Vw06+FXzZ6fpCkSEppiMJC\/eQ3S4DneDQNJAvnqrhhx8UmEvxIgXqAPNLCqS6hCdhhs5i+yA4LMacNDzxlh8hhhxEPGhWURFsgyiw1v4GATSCIJnarhBqw7uQ4z4hB6wh2YxFUhkPIDo0MYgkDgQ3FTDDRrpcRhiwjlkhGYVFUkliA5njFxmncNZNdjA5YQR8IWYsBJu0GxCRbIZokMug0Am4DeTP0hE7BANiZAWOVAY5VATdVAehZAFyRAVmhXsEEEnTSd3RLBA\/K8iI4Ipo8ZOylS\/SetjdRu1kNoNmhkL4wv6w+7rvH1s\/Dc7IoIO9lbMx5A="}
10225{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343422,"pkt_caplen":7306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":7306,"pkt_l4_len":7272,"pkt":"AMGxFOsxABm5CmnxCABFABx87OpAAEAGuqXAqAoyrBAAAQBQy4I5j4RVKHYPXYAQAQSTWgAAAQEICgPimc0BOMhWI7Sg9PU\/N4oOUw0CKYWd2tcPfg30wAzsxEV8gJ71AFsxGBURC5qZHPECelYaaDr8jkBdz1+8MIzjLapCg\/Y1Nj0rNjQTasDS5QcfaD85Db2rFbRgiGQ\/xEInDQLxwFJNflq+vr7y6PFj+ffcBdl\/8LAsXrZSpv2PuGuArqRZws+2bdu29T+too2d7GazVrC2bdu2bdu2o82+Tb\/+JnXz9+kz011zk9ypc+ph506ne6a\/6vKMmSAGDB4huvcaIDoX9xCtOxSK5q3ai9z8dqJN+0JR0LWX6N1\/sBg+aryYOXuBOHj4qHj85IlQqEryOslNJL+ZscC5uGnJslVi9tyFVl61ZoMgyg3jYb4Xyz51+izrb81buES8fPnSeU7zFixm3XPq9BkBSkjNVvOovq+d1n\/Ab3bs3MMac9uOGkz\/3bC27vjBoqUrrOPNnb9YlJWV4+eHtDE+hX88fuKUfo9lvEWitLQMt64MCCB\/CgMgqDt5pwaSphhQ7N67XyRnNBNJabkiKT1XxKdkiUYxiWE1BI5JSJfj5Mjxmot2nYrF0hWrQw8LdF9yb8nvMCwwQTLAx\/p78SnZofEXh\/EwG+LGjgXdWH8rM7eVCFHTpCzWPb36DhKggi49BX0R6aMu6mwb\/CY9J58zpvxdC0HU3rC2pU+ePBXxyfZ5xiZkiKqqKow3VBsjXTKEoq89ENU0RWzdvhO34sW8NSCQnAgDJH\/QAPIeDCZWr92AhdULN4lLEYkSMNgop8+cE0QXJf\/WY3Gwe6oArEYxSfaXm5gh9uw7IEg1e73PBzkWJwIAbfs7DaMTxfSZc0WIOhf1YK0\/p4Wz93HiIJ36LR723oznz59DOLHGxHxxiuE+w9quHDl6HALEOl7bDkWCqJE2xoLKykqRktnc93vv0WeAIPprQADpEQZACnRvlgqQemecTF169BWQbKR6jfBQu\/bcuXuPvWEGDxstiH7i80FeOX3mLEvKYi6Xr1wVkk5i7vOlutUgKoFxXzMBkkAcJfk1bowxz547D0HCWq80\/uVcrmHYowbVUSxYtFTO0TKeXAPUIqKP6Pbg4SPH5GmZ6ftdJ8t1K6dSEAD5cRgAGRMcQBRJjE2zect2QbRc8pu0BRbgQgZb5civEew+HuKXccPEKTNZfyNVSlGi7nBinDx1WiQwpDPU1nv37uO+zR7zgAryv1Vr1uPZsObSODZJbNm2A2M+l\/xGlzF\/40y0V3\/rWAAl1iLpnDbGL\/CPw0aOC+s9J0qBcv7CJXXciDI1f7jlEyAzAwWIypBK02fVqCwLNZfg9wRcauMms8aC\/fTgwUNlE7LYEe25Ldqy\/gacEEQ\/lE6IxRUVz1kSP1baZAcOHcF99zzm8WNc7DdwmK\/nN3rcJEH0dZcx83AhIzefBeDKyhf4+SRtDHghpd3VMqz32yA6QX2\/XwwEJP7LdJcHDhCVESOAx4NolmJDIB5yw5HSydkMozBVbNy8LSRR38Z8gMuelZTITW5X4+CBgidH0nVpF\/16\/KRppc7macbbPPASEX3YZR4ZuJCd10a\/j2s3RLmMOfHFixcimaGiNmvZXhAla2Psu3f\/AU77sN9vs\/yasZsHBJB8nwDZYgFIECDJEoulK5KorbLAcTCguXZI9979BdFfGA8PKt2zHbv2iOimadaxASIYxRcvXUY7\/YpW7QoEaODQkay5devVTxD9zmUuo5x1ElC5nJKZJ4h6uIx54OKlK6xnN37SVDcp\/wGYTavXboQ6F\/a7xd9\/9qwEY68KCCB\/8QmQfbUCCCRpalZzKXXaiaJuvR3OatYKkgqbSG62FP0e9rhkAD9VpCyi9KK4e2\/WGPC0EPW3PjzS0fsMGMLzyPQeKEBde\/ZD9NvxrkHFQqwoirFmPCOiZi5z2X3t+g3WSaarRmVljnt7iUuwtWLjpq2icVyKVc0l9e+2NkYM\/rFTUXezPWkJBcTEp4XcveWwtQIAyGd8AmRtrQACr4gbwVtx69ZtsXf\/QTFkxBjo5iyDU+X8tp0E0QRa4Nvxojdv3cECHqTV9Rs3cf9hxsPriR+mZNjdl3FJGWLXnn3YjFKaJtf8O9S\/m3LNHMkPAUIendHaPJDWUQqDG+5wv+opPHBwmWtjwiaRNtM41slIMaR52hhTcKqlZJjVK3jx7Cf7AEH0t4AM9TIfAJlWVwBJkvwnUmda0qZGePcJLj54+EhK56F4iewXHiel2dZtO0PpDt+jRa5++vQZS1VoLKXZMhk7AV4ZOWH7b0gwJabmsCR1RUWF2L5zt\/rvIbUQwoAF3lu37+Dn27R5fFUyshX8G8FRiaEsgiot8BqLf8xv3ck6BgxwojwtH+4WsgsSUrKMzocefQbKUyrJ6kAh4TAsCDXL5xev+tcVQN7iMaHXkdEIixYbVkmxsHNaVp6AcSlppuppat6yPev+DgVdTYarql9XYYNzTrn2nbq42hsyGVGA2nQsYmUXUDDzoTaXaGczt1E3M5+RAuQS\/+nLPR0HD6f4EQkk4u847u\/J021xDpyiAL\/llIK79yKGPB8EQHw2dmhT3wBRfftzCSRS183gqQ0yKo7AFG2kN1AmsZg1ZwHrOMdLg2ogabzn3GhTtrNvbHjH8GxgoEPVco2LTJs5l7W2GbPmCaKP6ZvZy9vUMCoRmQKeY8IWJEpTxlxz\/8EDPAuL+zkNuV+O3adlIDiD5uS15dh8sEktgch4PKNA3L0EkIs+ABIVCYCoRzV8uE5CY0PGBgcPGjpKEP2axjmJqDEnHQTqDiLSki4b5jUJpxRHvYJ0RCbu4aPHXK\/DDYprnEhzkXQ2EP1RmctabGYPKYxAJNZkFAhEQ5Qxb+8\/eFjEJWZa1wZVGK9fez6bnjx9aj0ZCoodMw6OGoa7twbIeQEA5JwPgHw6kgAJ1Thcgv7NTaNIy84TRP0wBv03Kx+oQZMEMWN2jaT+gsecriOmwUk2hGoHGjdhqtt1OCVKYORy1oagHVELZS539x04BG+PJwBMaTAQGg8fOZt8I8YjD6CYOWeBH69fJ2U+sGUqYQuavHNQTRcsWiZAy1euEY2iE612CGxJFYyRYh8N5q4CEBEFiBoIQ6o813d+5eo13HIa99NJIvoPHs66H\/o8USbud\/PwjJ0whWX0z5Up7aD07Bauvzl6\/MQ4XE\/DdUZOFiUYjsNcqJZDTJ0x27CJm5mi4SjEgkqqRunhOBGFXXvZXdd9B+onNfiV6hSVftaTGkY86Nq16yLRctpEw927LRh3rw8v1oygAIIH8gQp9dEJ6da\/AVVsyfJVguidZIs8gtoQy7BlIK2QGStpvstcIMYRl2B5r+DpunDxktdvoFj\/HOP16jfYPl5GrkC8Q9JOmsvfnVT7wm5G13eBRbAQiEEfoUAr0uGtGdbrNmxyMg+0dzkCHifbaQ2wI8uXXPwAst3d2yuy7l4Cx\/t8qFdZQQEEvAubjRkMQw6WribNxqbHi+G4i2EXwNvsUj66GpnEHJUIpwY5CNyuP0FdBz2HSjw\/BA9tUhSRewgLmktnm+o4XCYKjps4hRulR9HVDAQwISSs4L95C\/fs0J7PeUTg8XyYp\/RGNaDIdPcOjyBAvuUDIF8OEiBToV4QQNiRa0hour9pteepmHX\/qFcT+X6gzAFp9WU2\/RrcQPLYiVOFwQWbo9Ry7IMTgWP0T5k+SxB9Ag4Mk\/0CwK3fuEWs37DZCD7kg4HodDxy9twFAMAKEKLeyvP5Qo1AsKTIK0mIeD9VK1evswoIrPPcecfdeyGCAPkbExz7lSKpN0n+AL3fiAGkoNol2IL1d1BNSPQfNTcIBiGniCq7eWs3rwkaTkjde5DdG5aa60Sp79y563Z9j9q7CgEwSMbENHu8p7BLL1XaX4Ae7xVMRfwIGwrlz\/HJ2cY4A0nmsRAASNqkiL8Xo9jLrWQ3x3lgrTpY04Ko8O0a3XcIz8nm9YKbfpq0t4i+FCGAtGYCJE8BSArq0SMNkCjc1KZDEevvZDVv5WZo74RblZOhCmkOVUPSHOX+YgekmXksRwE2HWI4Ltf\/olUDxjquqTYd\/Xiy2kHyIhKOjePhocIa4IqF9OXUmzjiWWYaW+txKAsAqHqvmt2MunSs3aYqkbNhihrLSWc4KnLz20bM3UsAWcgAxwvJHyJwQPBtxXuNNEC+j5uGjhzLdPW6FkBB8UVdOKvW5NjxkwIuXeX+9WgmwbE\/UJuh1JGrfNylXPbzzsacOM1PTtYeWzYwgExkPJ1gcx09doJdCowThwqZjmrZzSWI9sdYHCmoTydKUD1n\/QYNZwkecveuiQRAmAVTK5TTo4nk7UEA5JPV1XszWH8nI6dGr26pjPFtyVajlVitH\/8UecJKdu7ei+i4NQkQsQmkabukoiR71JTf27f\/IPKTrJF+qCMkvUVeS291pj2lzdjcyCipXbFqnQBxCpwgICjbYITybH\/ruNItmxxxpjnkNcM7VbyUFUjojE5IszgqUkOVkOWo26lncHyWqV41UAByWPLkyAOE4g+DhpDE5Ede47RxrkFv55S6tm5fIIiiyVgXw0aMYalncGFu3rpdv3Zb8ps9ALKc4x0D+Ci9HGRMB4GqBOJ4iYbKdZHL1erBoloWPV+tD8dGxLPxKKNdD4cDJ6m066tet7\/XM0CaMsBxSvLrlEZxmGNBEAD5eXVtRx9lPJYR+SdtnNGQfrZNQDq8mkUKn620bVrjGiuFAsmI2rXOhi6UnVkJgtLeQJ8qkAlQTeKSKU8KRKXHdrUHPc3MHqwo1QMlPqE818NI3U9MNwMc66NniiOoQmEYJeiVFrS7VwXIagZAYpXTYzvNMSbyAKH+U63admb9HRz1RN\/B\/Xqkt2uPvqy8LOr8cRBBQ6Ss499sBT7wAuEEQdxC64T4fgNA4JWSHVv6MOyboYKasSEB0lNSI0JNtS0v1qzbaEznSJOSH4SoelxiBqd0+JLyTBHPEZzsZjTH2Lh5qxfDZmN1ZIErGk6FelavqizgOCP59QSOXylz\/FEQAEFgg13fPGnKTDXzVe8TW44qNeiztmo3+OdJut2XaSHYkNZTB7YHovbatZGSTX2M3wWpCq+XLesYblTQUpkt0MAwD5yU5Lo9ffLUGZFoUCuTqCR46fLVOKWM66Msg6lqoz6uhxEAahRjZk6+3JTpNe7eL9cTQHoyTo945fRYr8zx\/UEAZC8it5CM9peAjb1egDxa2qxEswWWvtuznwjRlGkzuXlcegHTS8lftHUVx6GAugdIaWstuaWLSU6Ltmoa+zxUM5rUSggeZCqgPsToZlXGVZ7nTHQ1IeEVEVbm0aIewPFG8l5xT49YZW738C4jDZCPkZrAaQAAaQj1wtQULdsW0FKT\/UCcoiQE16BmQD\/WjOclnLb7qKqEFLcFDDF2SUkpQOBdyPRqyv93yb6BGmXqLgnPm3WNo8dPFkRfUQrc7qMDI9XsRIQh3JBSXx\/uXniluC1GcVpon9peHQRAYHGjuMdv84U+HuN9GhfnzFuI04ZT8wB1BRLS+lu4YBEl1q6lMgECqYxgmPnvyCj9mbPnARSPLOIkpxkEGb9vpM9NiA6duxqN\/4WLl6N4yViMBle01p\/rh86JOZpOzAgxXO3k7q2oa3cvGi8w687x3qZqc+seaYCgNvwBNgSpV+wgnaF3L\/j41WvXrTlHMQlOgiAycqH6sBpTT5sxR7\/2ZSZAvon7R1g2G04qdIb3KgBLkCcQZf3uobV+RrKYNNWsIvbsMxAg57TgWST0DpYUO4kkw9FC9I86BMfnLcb5A8kfJHD8yWVe\/4okQF4LewEqC7q88xo3yNptmRZPZaBvNIzdu9pvb08bQetMuFZhHJq6AE6eNku4uCrvcMABJnXlqROMjE+1GOod0VHd0\/tGbtCRynofY9yY+HSjmgUhwGjPqgZft6MjJYE1opycUZNVMKIOAdLbcnqkEDjeJvmiy7w+HimAYLMMkIzGyCjsYXctp+9ULLKM\/8vqwOMoVuKiNf0i3QmAwdDVr83nAoRAsgEltJx0FkadudrpcBviFKY4C9zSpiTFAUNGCKIfKtWe\/1u3fpNyX+QYYOa7e9nG+R0DODZLfi0BpL\/LnG7hHUYCIPCrOz\/cuWsPOicyGzKniAkyFYXon5YH8nrJD\/GxHuQi2XKPbAE8XActWrJcv5bnEyCwt6weNpPthGg\/0bf0QiZD5N34HNA9khq4lSg9kBtIRmCU0xsMjcShhrKYU84Md\/gUOrXhNKgDgKQZwHFf8icJHN\/3+GbksvoEyJuodHM45dmI2fMXETj4ng1qYraL91Dgnqy0Gt+wfWwbdshwZ1OibZB+7Xs+AfJKbToSQpKT8VqmdRpJr+7f2zZsrxEyoSWt17+NAtBxHCf4LZeQKuTT3ZtfS3DArnjgAQ7YJH8ncLxB8iGP+RTWJUDm08dbVuCgIMkEQq4R1AQ9KGdNYsPnzYh+w3ow1B6zfecuHGnleQ15XahARPcS7XdPJb\/eJ0A+JBlrMdg8ZjBTpd9Oba0\/cdJfBg61jmFxdxcpY16Fx47Tt6yttCGJELjMNDA8HQgEIq2F5dInd+\/aWgJkquH06Kd4rYoN8\/lbrQGCZmL4sA28IbAV8L+hu2\/fsRtNFeCr1496dvYuTgOffvH3QYdGTYU9vmJvTL1uw2b92houMDSQXETkO17vSsizwbw+OoM2rFUoGNPVM17z7P5682yno+MkRvAUGx0fCyL6NOO9nAXwAHbOp9rQWpbcvW8PExy\/M4Bjp+Q3EDj+IbnKMJ8P1RogMD5xJCdRs2r8d0JajiXtwy5FqKduuaJ3c3kbvDCWIipLtL2vAMFNql0bGyZAZiKdQwkYshkfRyWKd1nrOXQy5Eh8XW3D+5VUqcQcoNIgWMk51dDV3o8xPZybUApG\/hrRK2GA482Iihvsjk8ROL4k+bFhHlfx7uwACcCTQcU+EJtNwpAg2FHwVIX191G\/gS\/GIpHRpXn00DAB4lj8mUrnFC6PkCkuRF9zWesC2Ggcm0H30FFmwm61eQW0AAgnjv1Bp9p45jt5hYx\/v59qGxkGQIo9wFEu+ecEjndKPmmZx+TgAGLQ\/eFiJOoYBjgoOIcy0+lhq1fIc0Kxj8v1vmEC5EdOteDgkf4+dirVDaiqZM+9zmWthbiYZoj9WGrW+9M4cLCUQzBExdlPfkTwiWJY74SazzmpRXHJjBMqO9QN85IBCKjZeIfWceTLkitcwPFS8r8JHK+VvIjxnP4QOEDUWof07PxQ637QxFq6+K4gUh9O7KEN1VEMdS+k6hYmQODRq8A3GGmDsA3026g2pA7wLvxvxSnBZvTdIvoXjfNnyegcw0ocheub6KM+3slmbv8AMGwhD3cvgPAWyX\/UwAHeZOtvRcVPwsI3qRY9eIDAcEWtR3l5ecgwa6NKyzB5JCQkYhl+P0+NdHjoyx4G9Tg8oDBBshPfS9FBy2zFM8hjnZ+rLlvmn5Zofk0tQnGEvF8tPcC3Pzju4UuXr+DnJ32+kw5+vm+Yk9dGjfKr4Hiv5A6hzFuFEzzA0R3XGUa5ygPwzgIDCKQQNkoHKflQ0EN0SPI36ijF4G\/cL7rqLx8GPgqIPH6zoRYAwSbXAcJtxhZrSN15itwyFHZxTyWKVp+gMagZ+FWOl0mtIBweTpOOYSPHst8FfRp8nQIOGNgzXFSr90u+5wKOibjONMpV\/l7EAYLCGSwanwhAkh2OW6IS7GVLnpVfRtOAMujvVAXIllqWRhIXawGQJtwiJDUVnVFEtAPpMGhjygUItegZrTbPQCY0FVYZuVNhd0HUwOc7AZjvIdOB0\/ke9temzdtq3L1yk39b8m7JH9XAgXSS9S7gmAw7hWmUq3wS78sKENQ\/w5sAhtRLIhcu\/jei4dh4uv8dsYfY+HSoJ9X3yHuRFdqr72CoLoiPhF5OqHQ0S\/I766nMcpn08FDCXo6V45IzZQfB+cLibUI6wvvCBAjiBeisgriQdT7wpu3avS\/UlvS1hnWOgkSPS7SOCQZA9eYXaZJFW9mhMj7ZOAYCvah61NQzPpO7mzVX\/K1e\/QYJ0LVHWzpTp\/VvuNgd413AMU7JsXoDpYwIJuewAKJ\/bxCeHTQjQ003fO8oxtkiAzpLZUkpPtuMEwdHPVQmHOGQangYCr2kYx2R1x9HoAcSwIfvfUuuZDHWCVXD8gCTa3GK3IJ942c+MG7rcJ2qgPoM3b+Qe78yp8NhvpMEP3+LviwmrjzcWBkqaNL4\/+3dA3AkeRvA4f+svXu2bdu2bdu273K+Pdu2bdu2bWW9eb\/n81RXZWbTnWW6qp6o2O+bXzWSTA4gMs6piqM9NxDD6Gs6UzeQDdmJgziR87me+3iOd\/mWxkwAv\/E5r\/M417IPi9ODNAJNxuVB1qAhjTd+9duTQfzR\/\/Nnw9cs5Jonnnp2gH\/WU2+I9xcIZB8ub6HNSTXMwuUtdB4J4gwub6GtSDlMwOXD6rd+H79sR\/HT32\/fQQIQwLo0EVX6Vt1zVLiCaIFdSfW0dOkd6UWFNDowwK7NvIreoUQdgxifBK2tZBftOZPgKFLG\/PQjqpxAqtrl+UTrnj2grSyhkWAA41XdzH1O1HE+idZXxjEZTxJcScqYgu8JgsHskImjL1Hs7FEG8mUzz8rnZyBRwxBmJ7WqMo61+ZXgATqRqvTibYLgV5bJxHEcUfzsUQbyKkHwGz2rhrw7UcdjVEiFlWF05QKC4NpsHHTgAYLgQ6bPxHEIkcPmpCqUgdxKVNk\/M+wbiToaSIWUcczOOwTBqVRIGecTBI8ydmZfexM53EHKoAxkL6LKd3SuGnhn7iDq2IaUSxnHbgwgaGJvUhZHEARn0TETx45EDj8zASmDMpC5iYzdMoPvyA1EDYNZkTTMyjDG5U6CYCAbkTIqnEnwDSuSMjvaiSYih\/VJWVAG0o7fiSp\/MnlmAe25gqhhENuT6irjWJpvCII\/WIaU0YnrCG5gbLJxHEvkdD0pj7a0rLuIjIeoZBZRYR8GEjWcSXtSFSjD6MMZDCUIvmVOUkYPHuQ3NiEbRgcuJ3L6jnFItZWB7EuQtSOJ7GLm4n2ihoeZglT635l6e34iqrzPlKSM8XiJh5mU7A56cD+R01BWItVXBjIfQdZfTNlMJN24kKihkf3p0MbjWJzXiIznGIeUMSWvszsVsrOfgFeIAnYkFdHWlvgmQdZTdCE1E8rCPE\/U8CaLtMEwpuBGgqzb6EbKmI07mamZeU\/Pp0QBR5FapgxkC6IZd9ChRiQVNuRzooZ7WKwNzLIbR9GPyGhkRxJZC7E3HZqZ86L8TBRwIanlykA68Q3RjKuokGqE0oV9+IKo4VlWpzIGznFDviTIepHpSWTNxOw1ZrsXg4kCbqd9GUhO2b8rIOssUj3\/WcJaPErU8B5HMOcYMLvFeIogawhH04FEVns6NzPLntxEFPQUXUj5lYH04S+ihgYSUD+WWTiPn4kaPucMlqbDaDKvDmzIi0QzPmEhErRodrPyPlHQ24xFKgMpvvTTiDpupmcLl92epTmbb4gafuUq1qXHKDij3uzDF0QNl9AjZxyb0EgUdH\/rxlEGMhZfEXW8z8w5l19hQU7gOQYSzRjAPWzPhCN5NlPSlz+JGn5izZyz6cS5BEWdSDtSGUgrsqglGUrU8RcbkPLI3NwvxoHcxS8EWU28w7UcyMpMOgLmsSA3MoSo414mzDmHuXmdKA=="}
01353{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343491,"pkt_caplen":752,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":752,"pkt_l4_len":718,"pkt":"AMGxFOsxABm5CmnxCABFAALi7O9AAEAG1DrAqAoyrBAAAQBQy4I5j6CdKHYPXYAYAQQyXgAAAQEICgPimc0BOMhWqJH1SVAG0uos7ERiGF3ExKQiMmeYyVmBPTiPx\/meIOsXHuMMtmE+ulL0MmpTniHq4Qe2y3m8nWlgMFHQp8xOGr7KQDryCjGM+nEy45BqKBpPH2ZiAZZnPbZhb46kL5dyA2ezL+syH+PVOeYJ2IH7GUTUw18cWeBeYyHeI4riQcYmlYGMmEhmpJFogT84gp6k0cBU7M3TDCWG0SDOZoKcYXSjL0OJgr5jayqkMpARG8l6DCJa6GfOZWnak0Yhs3IYrxEt1MQNTFvgLLgcnxAFDeQEepJgZARSRrIy\/YicfuRClqcDaQSakjU4nFv4nMjpUeYrEMas3EMUxW1MQ4KRHUgZyaL8ThT0Cw9xAfuzLnPRm1RAV+ZlG87iSX4niuJ1ViwQxkRczBCioLdYhgRlIKNSJHPyA9Hq4Bde5HoaOIwG+nI+V3Ajd\/Ewz\/AqHzGEaGUfsBntcobRg6NpJAp6k61pTyoDGXUjmY5PiDFUP65gsQJnjF7sxfdEAUO4mSVIQBnIaPHr3A0MJMYQL7MTvQuEMT1n8RdRwE80MBkJykBGx1Cm50FiNPUbZzNngSgqrMA9NBEFvMQWdCbBmBBIGcq6fEmMBpp4jE3oUiCK+TmG94mchvIU+zANCRjjAikj6c7evEyMYn7hDvZl2pxRdGdNLuF7Iqf+3MnWjEcC2kwgZSzTcijvECPBl1zDjsxCpcY3\/jxsyeosxuwszfaczO28zUAihyG8xcWsTXfSf5WBlLHMRgMv0Ui0sibe5QI2ZYocZ4d1eJqhRAFNfMi17MWiLQ2iDKR8bahpWINDuZK7eZb3+YFBDOQPvudz3uNFbuNM9mNDFmGcVvxFyHHZiAM4jWt4mLf4gc94kXu4jJPYjy1Zhj6ktuIf5u3dFMKRogQAAAAASUVORK5CYII="}
00428{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":343780,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IaFAAD4GpDesEAABwKgKMsuEAFAW1en3YJstfIAQAOU89QAAAQEICgE4yFYD4pnN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499346935650,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1499346935650,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":650305,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZwtAAD4GXsWsEAABwKgKMsuWAFCoJa+oAAAAAKACchBxcwAAAgQFtAQCCAoBOMijAAAAAAEDAwc="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499346935650,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1499346935650,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":650400,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9xAAD4GxfOsEAABwKgKMsuYAFCG7Dd\/AAAAAKACchAK1AAAAgQFtAQCCAoBOMijAAAAAAEDAwc="}
00440{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":650451,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5YT3KepqCWvqaAScSAY0AAAAgQFtAQCCAoD4poaATjIowEDAwc="}
00440{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346935,"pkt_ts_usec":650472,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy5hHE6nghuw3gKAScSB8wgAAAgQFtAQCCAoD4poaATjIowEDAwc="}
@@ -37,12 +37,12 @@
00429{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346941,"pkt_ts_usec":289604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/99AAD4GxfisEAABwKgKMsuYAFCG7DeBRxOp4oAQAOUQxgAAAQEICgE4ziQD4p+b"}
00428{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346941,"pkt_ts_usec":289652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IaNAAD4GpDWsEAABwKgKMsuEAFAW1en4YJstfYAQAOUxVwAAAQEICgE4ziQD4p+b"}
00428{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346941,"pkt_ts_usec":289658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Zw5AAD4GXsqsEAABwKgKMsuWAFCoJa+qE9ynq4AQAOWs0wAAAQEICgE4ziQD4p+b"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499346956870,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1499346956870,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":870305,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DqpAAD4GtyasEAABwKgKMsvoAFDxddP2AAAAAKACchDuyQAAAgQFtAQCCAoBON1cAAAAAAEDAwc="}
00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":870429,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+g57n8P8XXT96AScSCD9QAAAgQFtAQCCAoD4q7TATjdXAEDAwc="}
00430{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":871216,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DqtAAD4Gty2sEAABwKgKMsvoAFDxddP3Oe5\/EIAQAOUi\/QAAAQEICgE43VwD4q7T"}
00844{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":871220,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"ABm5CmnxAMGxFOsxCABFAAFpDqxAAD4GtfesEAABwKgKMsvoAFDxddP3Oe5\/EIAYAOWFNAAAAQEICgE43VwD4q7TR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_tot_l4_data_len":453,"flow_min_l4_data_len":32,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1499346956870,"flow_last_seen":1499346956871,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00428{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":871309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA00cNAAEAG8hTAqAoyrBAAAQBQy+g57n8Q8XXVLIAQAOshwgAAAQEICgPirtMBON1c"}
01115{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":872855,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"AMGxFOsxABm5CmnxCABFAAI00cRAAEAG8BPAqAoyrBAAAQBQy+g57n8Q8XXVLIAYAOvGGgAAAQEICgPirtMBON1cSFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjU2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9OGhzbTJzMzY4NDZrN3ByOHAzaHM2M2Y2Mzc7IHBhdGg9Lw0KRXhwaXJlczogVGh1LCAxOSBOb3YgMTk4MSAwODo1MjowMCBHTVQNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlLCBuby1jYWNoZSwgbXVzdC1yZXZhbGlkYXRlLCBwb3N0LWNoZWNrPTAsIHByZS1jaGVjaz0wDQpQcmFnbWE6IG5vLWNhY2hlDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9OGhzbTJzMzY4NDZrN3ByOHAzaHM2M2Y2Mzc7IHBhdGg9Lw0KU2V0LUNvb2tpZTogc2VjdXJpdHk9bG93DQpMb2NhdGlvbjogLi4vLi4vbG9naW4ucGhwDQpDb250ZW50LUxlbmd0aDogMA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KDQo="}
00428{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":873486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Dq1AAD4GtyusEAABwKgKMsvoAFDxddUsOe6BEIAQAO0fwAAAAQEICgE43VwD4q7T"}
@@ -51,16 +51,16 @@
00920{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":931294,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"ABm5CmnxAMGxFOsxCABFAAGhDq9AAD4GtbysEAABwKgKMsvoAFDxddaCOe6FfIAYAQTr+wAAAQEICgE43WsD4q7aR0VUIC9kdi9kdndhL2Nzcy9sb2dpbi5jc3MgSFRUUC8xLjENCkhvc3Q6IDIwNS4xNzQuMTY1LjY4DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2OjQ1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvNDUuMA0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KUmVmZXJlcjogaHR0cDovLzIwNS4xNzQuMTY1LjY4L2R2L2xvZ2luLnBocA0KQ29va2llOiBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD04aHNtMnMzNjg0Nms3cHI4cDNoczYzZjYzNw0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
01428{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":931568,"pkt_caplen":807,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":807,"pkt_l4_len":773,"pkt":"AMGxFOsxABm5CmnxCABFAAMZ0cZAAEAG7yzAqAoyrBAAAQBQy+g57oV88XXX74AYAPy\/dAAAAQEICgPiruIBON1rSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjU2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjM0YS01NTJkZGZlMjQyYjkwLWd6aXAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogNDA2DQpLZWVwLUFsaXZlOiB0aW1lb3V0PTUsIG1heD05OA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2Nzcw0KDQofiwgAAAAAAAADdVJBbsIwEDwXiT9YQr0RmlDgEE7toWqf4cTrsMJ4LduQ0Kp\/r51gCFWrvcSbndmZsSsSZ\/Y1nTxUvN43lo5alGwmQUoJ29CWpH3JiqXpnoq16diLRa7m7B3UCTzWfM4c1y5zYFHGeYUash1gswuwZW662KxJkQ20mypW6HxPJ9PJrLXcGLD9eg+dz7jCRpesBu3BRuCB2wZDJ2f86OkKrIOoMNMDBTqj+LlkqPvdlaJ6H7GGC4G6ualoUfhdec8kifxFgSGHHils45UjdfQwAhV5\/hiPydn6wlmR93QIAoejAunToV+geAWqp5eKePgXJ7a\/\/NrIebOb2WFHvljDYTu2ePVGJ7CBsC3ZDoUAPfKb0ElhvMCsvciuSIkkbaEoLPvQ5uj\/Eni9s9dYoyieU563F5Ol4bdVrCEYKyC0ipRTPGbOnxWULMSLYtRO8HoV6+7yNgP+kkyKO77H5EMiKOFgMJE0JvdXniI0+pdw+\/ovyHutmjSkVWYIKibq8BMG1vTzB9B5D8NKAwAA"}
00952{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":932437,"pkt_caplen":454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":454,"pkt_l4_len":420,"pkt":"ABm5CmnxAMGxFOsxCABFAAG4DrBAAD4GtaSsEAABwKgKMsvoAFDxddfvOe6IYYAYARW5IgAAAQEICgE43WsD4q7iR0VUIC9kdi9kdndhL2ltYWdlcy9sb2dpbl9sb2dvLnBuZyBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IGltYWdlL3BuZyxpbWFnZS8qO3E9MC44LCovKjtxPTAuNQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvbG9naW4ucGhwDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPThoc20yczM2ODQ2azdwcjhwM2hzNjNmNjM3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499346956932,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1499346956932,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":932508,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nj9AAD4GJ5GsEAABwKgKMsvqAFAHDkNUAAAAAKACchBpwwAAAgQFtAQCCAoBON1rAAAAAAEDAwc="}
00440{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":932573,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy+qiErzRBw5DVaAScSBY+QAAAgQFtAQCCAoD4q7iATjdawEDAwc="}
02383{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":932608,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMGxFOsxABm5CmnxCABFAAXc0cdAAEAG7GjAqAoyrBAAAQBQy+g57ohh8XXZc4AQAQT7kQAAAQEICgPiruIBON1rSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE1OjU2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjIzODAtNTUyZGRmZTI0MmI5MCINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpDb250ZW50LUxlbmd0aDogOTA4OA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQoNColQTkcNChoKAAAADUlIRFIAAADIAAAAcggGAAAAFgmejQAAI0dJREFUeAHs3ANwZNsWgOETOxnbtm3btm3btm3btud6PHds255k1vvr1rBfd9J9uuO9q76qlIJV\/R\/uiqaWWsG9KlWv54GUKI5mGIrFOIQTOP7VMfyDv\/HXV3\/iD+zCJLREAUSHZq2vXyhKkEiIShiEdTiGJ5BAcgo9kTAkBqIozoiPXKiMssiBPKiApuiJsViEbbgCCQR\/oHBYCERRoqAUBmA7nkJsZD4iBUogirL13zoOcIE7vBABkREN7tACAz87CephK3whVniEWioQ\/6gPuh2iIi2KoT56YCJW4hAu4xU+wQ9ihte4gqNYh+kYgBaoiBzwsjKWGOiEUxArrIaTCkTFEBdl0BsrcQGfIMHED+exGB2QBx46Y8mAcXhoRSQO4SMQFYIb0qMCOmISNmErlmMmJmIqZmEeFmMF1mAjtuIIruJ9EEfzLxahNeJYGIoT2uMZxELLYK8CCfuBOEOzsYhIhSKoh+6YisN4BQkkX3AQLRHFglAiYQI+6bh5V4EoNr+PSYIqGIKtuAuxsc\/YgfrwNjOUZNgJsUB1FYgSFOHERlNswluIDX3AGmQyIxI7dMdniBluw0MFohjyCMRYXFEK03DLxpdgK5HUjFBy4zbEDENVIIqGtCiJNHAIwrNLBkzFGxtefs1ArAAiiYzdkAB8QCIVSPiNoj+GIGcwX4b5oBOuQmzgHYYjgj+RuGATJABjVCDhK4pB+BsTkSiE3a\/Yoxz2QGzgGSoE8Dh4DcQfd2GvAgm7YqIvzuM+uiNCKLi5z4SjNro\/GQR7E5E4YjnEH0VUIGGLHQpjDT7jGXrAPRQ+Oq6PhxArbUEEf84kRyAmLFCBhA2R0BEXIXiDIYgQyh8V+2AifCFWuITU\/uzpugcx4qkKJHTLjgV4D8EHTES0MPZOJR3+gFjhNSqbiCQnPkKMiB+6Bqa4oSmOQ77yxVzEC+NbaObZ4L6kpolIOkGMKB86hqS4oyPuQ36yGynC0Rv6zvCD6PQR+Y0E4oATEAP9Q\/ZQFA90MbKV+w6qhdNtLKXwEqLTc6QyEkkOfIH8ZG3IHITiiW54BPnJZ4yGZzjf65XKyheMNxDdSCSzID85GrL+eMULPfEYYuAAUkNT\/oskjpV7u9aYeKr1EfLVv2rYIYMHeuMpxMB91Ib2f1QkqfEMolNpI5HMg3x1Vw06+FXzZ6fpCkSEppiMJC\/eQ3S4DneDQNJAvnqrhhx8UmEvxIgXqAPNLCqS6hCdhhs5i+yA4LMacNDzxlh8hhhxEPGhWURFsgyiw1v4GATSCIJnarhBqw7uQ4z4hB6wh2YxFUhkPIDo0MYgkDgQ3FTDDRrpcRhiwjlkhGYVFUkliA5njFxmncNZNdjA5YQR8IWYsBJu0GxCRbIZokMug0Am4DeTP0hE7BANiZAWOVAY5VATdVAehZAFyRAVmhXsEEEnTSd3RLBA\/K8iI4Ipo8ZOylS\/SetjdRu1kNoNmhkL4wv6w+7rvH1s\/Dc7IoIO9lbMx5A="}
11146{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":932764,"pkt_caplen":7992,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":7992,"pkt_l4_len":7958,"pkt":"AMGxFOsxABm5CmnxCABFAB8q0chAAEAG0xnAqAoyrBAAAQBQy+g57o4J8XXZc4AYAQSWCAAAAQEICgPiruIBON1rI7Sg9PU\/N4oOUw0CKYWd2tcPfg30wAzsxEV8gJ71AFsxGBURC5qZHPECelYaaDr8jkBdz1+8MIzjLapCg\/Y1Nj0rNjQTasDS5QcfaD85Db2rFbRgiGQ\/xEInDQLxwFJNflq+vr7y6PFj+ffcBdl\/8LAsXrZSpv2PuGuArqRZws+2bdu29T+too2d7GazVrC2bdu2bdu2o82+Tb\/+JnXz9+kz011zk9ypc+ph506ne6a\/6vKMmSAGDB4huvcaIDoX9xCtOxSK5q3ai9z8dqJN+0JR0LWX6N1\/sBg+aryYOXuBOHj4qHj85IlQqEryOslNJL+ZscC5uGnJslVi9tyFVl61ZoMgyg3jYb4Xyz51+izrb81buES8fPnSeU7zFixm3XPq9BkBSkjNVvOovq+d1n\/Ab3bs3MMac9uOGkz\/3bC27vjBoqUrrOPNnb9YlJWV4+eHtDE+hX88fuKUfo9lvEWitLQMt64MCCB\/CgMgqDt5pwaSphhQ7N67XyRnNBNJabkiKT1XxKdkiUYxiWE1BI5JSJfj5Mjxmot2nYrF0hWrQw8LdF9yb8nvMCwwQTLAx\/p78SnZofEXh\/EwG+LGjgXdWH8rM7eVCFHTpCzWPb36DhKggi49BX0R6aMu6mwb\/CY9J58zpvxdC0HU3rC2pU+ePBXxyfZ5xiZkiKqqKow3VBsjXTKEoq89ENU0RWzdvhO34sW8NSCQnAgDJH\/QAPIeDCZWr92AhdULN4lLEYkSMNgop8+cE0QXJf\/WY3Gwe6oArEYxSfaXm5gh9uw7IEg1e73PBzkWJwIAbfs7DaMTxfSZc0WIOhf1YK0\/p4Wz93HiIJ36LR723oznz59DOLHGxHxxiuE+w9quHDl6HALEOl7bDkWCqJE2xoLKykqRktnc93vv0WeAIPprQADpEQZACnRvlgqQemecTF169BWQbKR6jfBQu\/bcuXuPvWEGDxstiH7i80FeOX3mLEvKYi6Xr1wVkk5i7vOlutUgKoFxXzMBkkAcJfk1bowxz547D0HCWq80\/uVcrmHYowbVUSxYtFTO0TKeXAPUIqKP6Pbg4SPH5GmZ6ftdJ8t1K6dSEAD5cRgAGRMcQBRJjE2zect2QbRc8pu0BRbgQgZb5civEew+HuKXccPEKTNZfyNVSlGi7nBinDx1WiQwpDPU1nv37uO+zR7zgAryv1Vr1uPZsObSODZJbNm2A2M+l\/xGlzF\/40y0V3\/rWAAl1iLpnDbGL\/CPw0aOC+s9J0qBcv7CJXXciDI1f7jlEyAzAwWIypBK02fVqCwLNZfg9wRcauMms8aC\/fTgwUNlE7LYEe25Ldqy\/gacEEQ\/lE6IxRUVz1kSP1baZAcOHcF99zzm8WNc7DdwmK\/nN3rcJEH0dZcx83AhIzefBeDKyhf4+SRtDHghpd3VMqz32yA6QX2\/XwwEJP7LdJcHDhCVESOAx4NolmJDIB5yw5HSydkMozBVbNy8LSRR38Z8gMuelZTITW5X4+CBgidH0nVpF\/16\/KRppc7macbbPPASEX3YZR4ZuJCd10a\/j2s3RLmMOfHFixcimaGiNmvZXhAla2Psu3f\/AU77sN9vs\/yasZsHBJB8nwDZYgFIECDJEoulK5KorbLAcTCguXZI9979BdFfGA8PKt2zHbv2iOimadaxASIYxRcvXUY7\/YpW7QoEaODQkay5devVTxD9zmUuo5x1ElC5nJKZJ4h6uIx54OKlK6xnN37SVDcp\/wGYTavXboQ6F\/a7xd9\/9qwEY68KCCB\/8QmQfbUCCCRpalZzKXXaiaJuvR3OatYKkgqbSG62FP0e9rhkAD9VpCyi9KK4e2\/WGPC0EPW3PjzS0fsMGMLzyPQeKEBde\/ZD9NvxrkHFQqwoirFmPCOiZi5z2X3t+g3WSaarRmVljnt7iUuwtWLjpq2icVyKVc0l9e+2NkYM\/rFTUXezPWkJBcTEp4XcveWwtQIAyGd8AmRtrQACr4gbwVtx69ZtsXf\/QTFkxBjo5iyDU+X8tp0E0QRa4Nvxojdv3cECHqTV9Rs3cf9hxsPriR+mZNjdl3FJGWLXnn3YjFKaJtf8O9S\/m3LNHMkPAUIendHaPJDWUQqDG+5wv+opPHBwmWtjwiaRNtM41slIMaR52hhTcKqlZJjVK3jx7Cf7AEH0t4AM9TIfAJlWVwBJkvwnUmda0qZGePcJLj54+EhK56F4iewXHiel2dZtO0PpDt+jRa5++vQZS1VoLKXZMhk7AV4ZOWH7b0gwJabmsCR1RUWF2L5zt\/rvIbUQwoAF3lu37+Dn27R5fFUyshX8G8FRiaEsgiot8BqLf8xv3ck6BgxwojwtH+4WsgsSUrKMzocefQbKUyrJ6kAh4TAsCDXL5xev+tcVQN7iMaHXkdEIixYbVkmxsHNaVp6AcSlppuppat6yPev+DgVdTYarql9XYYNzTrn2nbq42hsyGVGA2nQsYmUXUDDzoTaXaGczt1E3M5+RAuQS\/+nLPR0HD6f4EQkk4u847u\/J021xDpyiAL\/llIK79yKGPB8EQHw2dmhT3wBRfftzCSRS183gqQ0yKo7AFG2kN1AmsZg1ZwHrOMdLg2ogabzn3GhTtrNvbHjH8GxgoEPVco2LTJs5l7W2GbPmCaKP6ZvZy9vUMCoRmQKeY8IWJEpTxlxz\/8EDPAuL+zkNuV+O3adlIDiD5uS15dh8sEktgch4PKNA3L0EkIs+ABIVCYCoRzV8uE5CY0PGBgcPGjpKEP2axjmJqDEnHQTqDiLSki4b5jUJpxRHvYJ0RCbu4aPHXK\/DDYprnEhzkXQ2EP1RmctabGYPKYxAJNZkFAhEQ5Qxb+8\/eFjEJWZa1wZVGK9fez6bnjx9aj0ZCoodMw6OGoa7twbIeQEA5JwPgHw6kgAJ1Thcgv7NTaNIy84TRP0wBv03Kx+oQZMEMWN2jaT+gsecriOmwUk2hGoHGjdhqtt1OCVKYORy1oagHVELZS539x04BG+PJwBMaTAQGg8fOZt8I8YjD6CYOWeBH69fJ2U+sGUqYQuavHNQTRcsWiZAy1euEY2iE612CGxJFYyRYh8N5q4CEBEFiBoIQ6o813d+5eo13HIa99NJIvoPHs66H\/o8USbud\/PwjJ0whWX0z5Up7aD07Bauvzl6\/MQ4XE\/DdUZOFiUYjsNcqJZDTJ0x27CJm5mi4SjEgkqqRunhOBGFXXvZXdd9B+onNfiV6hSVftaTGkY86Nq16yLRctpEw927LRh3rw8v1oygAIIH8gQp9dEJ6da\/AVVsyfJVguidZIs8gtoQy7BlIK2QGStpvstcIMYRl2B5r+DpunDxktdvoFj\/HOP16jfYPl5GrkC8Q9JOmsvfnVT7wm5G13eBRbAQiEEfoUAr0uGtGdbrNmxyMg+0dzkCHifbaQ2wI8uXXPwAst3d2yuy7l4Cx\/t8qFdZQQEEvAubjRkMQw6WribNxqbHi+G4i2EXwNvsUj66GpnEHJUIpwY5CNyuP0FdBz2HSjw\/BA9tUhSRewgLmktnm+o4XCYKjps4hRulR9HVDAQwISSs4L95C\/fs0J7PeUTg8XyYp\/RGNaDIdPcOjyBAvuUDIF8OEiBToV4QQNiRa0hour9pteepmHX\/qFcT+X6gzAFp9WU2\/RrcQPLYiVOFwQWbo9Ry7IMTgWP0T5k+SxB9Ag4Mk\/0CwK3fuEWs37DZCD7kg4HodDxy9twFAMAKEKLeyvP5Qo1AsKTIK0mIeD9VK1evswoIrPPcecfdeyGCAPkbExz7lSKpN0n+AL3fiAGkoNol2IL1d1BNSPQfNTcIBiGniCq7eWs3rwkaTkjde5DdG5aa60Sp79y563Z9j9q7CgEwSMbENHu8p7BLL1XaX4Ae7xVMRfwIGwrlz\/HJ2cY4A0nmsRAASNqkiL8Xo9jLrWQ3x3lgrTpY04Ko8O0a3XcIz8nm9YKbfpq0t4i+FCGAtGYCJE8BSArq0SMNkCjc1KZDEevvZDVv5WZo74RblZOhCmkOVUPSHOX+YgekmXksRwE2HWI4Ltf\/olUDxjquqTYd\/Xiy2kHyIhKOjePhocIa4IqF9OXUmzjiWWYaW+txKAsAqHqvmt2MunSs3aYqkbNhihrLSWc4KnLz20bM3UsAWcgAxwvJHyJwQPBtxXuNNEC+j5uGjhzLdPW6FkBB8UVdOKvW5NjxkwIuXeX+9WgmwbE\/UJuh1JGrfNylXPbzzsacOM1PTtYeWzYwgExkPJ1gcx09doJdCowThwqZjmrZzSWI9sdYHCmoTydKUD1n\/QYNZwkecveuiQRAmAVTK5TTo4nk7UEA5JPV1XszWH8nI6dGr26pjPFtyVajlVitH\/8UecJKdu7ei+i4NQkQsQmkabukoiR71JTf27f\/IPKTrJF+qCMkvUVeS291pj2lzdjcyCipXbFqnQBxCpwgICjbYITybH\/ruNItmxxxpjnkNcM7VbyUFUjojE5IszgqUkOVkOWo26lncHyWqV41UAByWPLkyAOE4g+DhpDE5Ede47RxrkFv55S6tm5fIIiiyVgXw0aMYalncGFu3rpdv3Zb8ps9ALKc4x0D+Ci9HGRMB4GqBOJ4iYbKdZHL1erBoloWPV+tD8dGxLPxKKNdD4cDJ6m066tet7\/XM0CaMsBxSvLrlEZxmGNBEAD5eXVtRx9lPJYR+SdtnNGQfrZNQDq8mkUKn620bVrjGiuFAsmI2rXOhi6UnVkJgtLeQJ8qkAlQTeKSKU8KRKXHdrUHPc3MHqwo1QMlPqE818NI3U9MNwMc66NniiOoQmEYJeiVFrS7VwXIagZAYpXTYzvNMSbyAKH+U63admb9HRz1RN\/B\/Xqkt2uPvqy8LOr8cRBBQ6Ss499sBT7wAuEEQdxC64T4fgNA4JWSHVv6MOyboYKasSEB0lNSI0JNtS0v1qzbaEznSJOSH4SoelxiBqd0+JLyTBHPEZzsZjTH2Lh5qxfDZmN1ZIErGk6FelavqizgOCP59QSOXylz\/FEQAEFgg13fPGnKTDXzVe8TW44qNeiztmo3+OdJut2XaSHYkNZTB7YHovbatZGSTX2M3wWpCq+XLesYblTQUpkt0MAwD5yU5Lo9ffLUGZFoUCuTqCR46fLVOKWM66Msg6lqoz6uhxEAahRjZk6+3JTpNe7eL9cTQHoyTo945fRYr8zx\/UEAZC8it5CM9peAjb1egDxa2qxEswWWvtuznwjRlGkzuXlcegHTS8lftHUVx6GAugdIaWstuaWLSU6Ltmoa+zxUM5rUSggeZCqgPsToZlXGVZ7nTHQ1IeEVEVbm0aIewPFG8l5xT49YZW738C4jDZCPkZrAaQAAaQj1wtQULdsW0FKT\/UCcoiQE16BmQD\/WjOclnLb7qKqEFLcFDDF2SUkpQOBdyPRqyv93yb6BGmXqLgnPm3WNo8dPFkRfUQrc7qMDI9XsRIQh3JBSXx\/uXniluC1GcVpon9peHQRAYHGjuMdv84U+HuN9GhfnzFuI04ZT8wB1BRLS+lu4YBEl1q6lMgECqYxgmPnvyCj9mbPnARSPLOIkpxkEGb9vpM9NiA6duxqN\/4WLl6N4yViMBle01p\/rh86JOZpOzAgxXO3k7q2oa3cvGi8w687x3qZqc+seaYCgNvwBNgSpV+wgnaF3L\/j41WvXrTlHMQlOgiAycqH6sBpTT5sxR7\/2ZSZAvon7R1g2G04qdIb3KgBLkCcQZf3uobV+RrKYNNWsIvbsMxAg57TgWST0DpYUO4kkw9FC9I86BMfnLcb5A8kfJHD8yWVe\/4okQF4LewEqC7q88xo3yNptmRZPZaBvNIzdu9pvb08bQetMuFZhHJq6AE6eNku4uCrvcMABJnXlqROMjE+1GOod0VHd0\/tGbtCRynofY9yY+HSjmgUhwGjPqgZft6MjJYE1opycUZNVMKIOAdLbcnqkEDjeJvmiy7w+HimAYLMMkIzGyCjsYXctp+9ULLKM\/8vqwOMoVuKiNf0i3QmAwdDVr83nAoRAsgEltJx0FkadudrpcBviFKY4C9zSpiTFAUNGCKIfKtWe\/1u3fpNyX+QYYOa7e9nG+R0DODZLfi0BpL\/LnG7hHUYCIPCrOz\/cuWsPOicyGzKniAkyFYXon5YH8nrJD\/GxHuQi2XKPbAE8XActWrJcv5bnEyCwt6weNpPthGg\/0bf0QiZD5N34HNA9khq4lSg9kBtIRmCU0xsMjcShhrKYU84Md\/gUOrXhNKgDgKQZwHFf8icJHN\/3+GbksvoEyJuodHM45dmI2fMXETj4ng1qYraL91Dgnqy0Gt+wfWwbdshwZ1OibZB+7Xs+AfJKbToSQpKT8VqmdRpJr+7f2zZsrxEyoSWt17+NAtBxHCf4LZeQKuTT3ZtfS3DArnjgAQ7YJH8ncLxB8iGP+RTWJUDm08dbVuCgIMkEQq4R1AQ9KGdNYsPnzYh+w3ow1B6zfecuHGnleQ15XahARPcS7XdPJb\/eJ0A+JBlrMdg8ZjBTpd9Oba0\/cdJfBg61jmFxdxcpY16Fx47Tt6yttCGJELjMNDA8HQgEIq2F5dInd+\/aWgJkquH06Kd4rYoN8\/lbrQGCZmL4sA28IbAV8L+hu2\/fsRtNFeCr1496dvYuTgOffvH3QYdGTYU9vmJvTL1uw2b92houMDSQXETkO17vSsizwbw+OoM2rFUoGNPVM17z7P5682yno+MkRvAUGx0fCyL6NOO9nAXwAHbOp9rQWpbcvW8PExy\/M4Bjp+Q3EDj+IbnKMJ8P1RogMD5xJCdRs2r8d0JajiXtwy5FqKduuaJ3c3kbvDCWIipLtL2vAMFNql0bGyZAZiKdQwkYshkfRyWKd1nrOXQy5Eh8XW3D+5VUqcQcoNIgWMk51dDV3o8xPZybUApG\/hrRK2GA482Iihvsjk8ROL4k+bFhHlfx7uwACcCTQcU+EJtNwpAg2FHwVIX191G\/gS\/GIpHRpXn00DAB4lj8mUrnFC6PkCkuRF9zWesC2Ggcm0H30FFmwm61eQW0AAgnjv1Bp9p45jt5hYx\/v59qGxkGQIo9wFEu+ecEjndKPmmZx+TgAGLQ\/eFiJOoYBjgoOIcy0+lhq1fIc0Kxj8v1vmEC5EdOteDgkf4+dirVDaiqZM+9zmWthbiYZoj9WGrW+9M4cLCUQzBExdlPfkTwiWJY74SazzmpRXHJjBMqO9QN85IBCKjZeIfWceTLkitcwPFS8r8JHK+VvIjxnP4QOEDUWof07PxQ637QxFq6+K4gUh9O7KEN1VEMdS+k6hYmQODRq8A3GGmDsA3026g2pA7wLvxvxSnBZvTdIvoXjfNnyegcw0ocheub6KM+3slmbv8AMGwhD3cvgPAWyX\/UwAHeZOtvRcVPwsI3qRY9eIDAcEWtR3l5ecgwa6NKyzB5JCQkYhl+P0+NdHjoyx4G9Tg8oDBBshPfS9FBy2zFM8hjnZ+rLlvmn5Zofk0tQnGEvF8tPcC3Pzju4UuXr+DnJ32+kw5+vm+Yk9dGjfKr4Hiv5A6hzFuFEzzA0R3XGUa5ygPwzgIDCKQQNkoHKflQ0EN0SPI36ijF4G\/cL7rqLx8GPgqIPH6zoRYAwSbXAcJtxhZrSN15itwyFHZxTyWKVp+gMagZ+FWOl0mtIBweTpOOYSPHst8FfRp8nQIOGNgzXFSr90u+5wKOibjONMpV\/l7EAYLCGSwanwhAkh2OW6IS7GVLnpVfRtOAMujvVAXIllqWRhIXawGQJtwiJDUVnVFEtAPpMGhjygUItegZrTbPQCY0FVYZuVNhd0HUwOc7AZjvIdOB0\/ke9temzdtq3L1yk39b8m7JH9XAgXSS9S7gmAw7hWmUq3wS78sKENQ\/w5sAhtRLIhcu\/jei4dh4uv8dsYfY+HSoJ9X3yHuRFdqr72CoLoiPhF5OqHQ0S\/I766nMcpn08FDCXo6V45IzZQfB+cLibUI6wvvCBAjiBeisgriQdT7wpu3avS\/UlvS1hnWOgkSPS7SOCQZA9eYXaZJFW9mhMj7ZOAYCvah61NQzPpO7mzVX\/K1e\/QYJ0LVHWzpTp\/VvuNgd413AMU7JsXoDpYwIJuewAKJ\/bxCeHTQjQ003fO8oxtkiAzpLZUkpPtuMEwdHPVQmHOGQangYCr2kYx2R1x9HoAcSwIfvfUuuZDHWCVXD8gCTa3GK3IJ942c+MG7rcJ2qgPoM3b+Qe78yp8NhvpMEP3+LviwmrjzcWBkqaNL4\/+3dA3AkeRvA4f+svXu2bdu2bdu273K+Pdu2bdu2bWW9eb\/n81RXZWbTnWW6qp6o2O+bXzWSTA4gMs6piqM9NxDD6Gs6UzeQDdmJgziR87me+3iOd\/mWxkwAv\/E5r\/M417IPi9ODNAJNxuVB1qAhjTd+9duTQfzR\/\/Nnw9cs5Jonnnp2gH\/WU2+I9xcIZB8ub6HNSTXMwuUtdB4J4gwub6GtSDlMwOXD6rd+H79sR\/HT32\/fQQIQwLo0EVX6Vt1zVLiCaIFdSfW0dOkd6UWFNDowwK7NvIreoUQdgxifBK2tZBftOZPgKFLG\/PQjqpxAqtrl+UTrnj2grSyhkWAA41XdzH1O1HE+idZXxjEZTxJcScqYgu8JgsHskImjL1Hs7FEG8mUzz8rnZyBRwxBmJ7WqMo61+ZXgATqRqvTibYLgV5bJxHEcUfzsUQbyKkHwGz2rhrw7UcdjVEiFlWF05QKC4NpsHHTgAYLgQ6bPxHEIkcPmpCqUgdxKVNk\/M+wbiToaSIWUcczOOwTBqVRIGecTBI8ydmZfexM53EHKoAxkL6LKd3SuGnhn7iDq2IaUSxnHbgwgaGJvUhZHEARn0TETx45EDj8zASmDMpC5iYzdMoPvyA1EDYNZkTTMyjDG5U6CYCAbkTIqnEnwDSuSMjvaiSYih\/VJWVAG0o7fiSp\/MnlmAe25gqhhENuT6irjWJpvCII\/WIaU0YnrCG5gbLJxHEvkdD0pj7a0rLuIjIeoZBZRYR8GEjWcSXtSFSjD6MMZDCUIvmVOUkYPHuQ3NiEbRgcuJ3L6jnFItZWB7EuQtSOJ7GLm4n2ihoeZglT635l6e34iqrzPlKSM8XiJh5mU7A56cD+R01BWItVXBjIfQdZfTNlMJN24kKihkf3p0MbjWJzXiIznGIeUMSWvszsVsrOfgFeIAnYkFdHWlvgmQdZTdCE1E8rCPE\/U8CaLtMEwpuBGgqzb6EbKmI07mamZeU\/Pp0QBR5FapgxkC6IZd9ChRiQVNuRzooZ7WKwNzLIbR9GPyGhkRxJZC7E3HZqZ86L8TBRwIanlykA68Q3RjKuokGqE0oV9+IKo4VlWpzIGznFDviTIepHpSWTNxOw1ZrsXg4kCbqd9GUhO2b8rIOssUj3\/WcJaPErU8B5HMOcYMLvFeIogawhH04FEVns6NzPLntxEFPQUXUj5lYH04S+ihgYSUD+WWTiPn4kaPucMlqbDaDKvDmzIi0QzPmEhErRodrPyPlHQ24xFKgMpvvTTiDpupmcLl92epTmbb4gafuUq1qXHKDij3uzDF0QNl9AjZxyb0EgUdH\/rxlEGMhZfEXW8z8w5l19hQU7gOQYSzRjAPWzPhCN5NlPSlz+JGn5izZyz6cS5BEWdSDtSGUgrsqglGUrU8RcbkPLI3NwvxoHcxS8EWU28w7UcyMpMOgLmsSA3MoSo414mzDmHuXmdKKiR9UlQBtLqLOxEYhhdxMSkIjJnmMlZgT04j8f5niDrFx7jDLZhPrpS9DJqU54h6uEHtst5vJ1pYDBR0KfMThq+ykA68goxjPpxMuOQaigaTx9mYgGWZz22YW+OpC+XcgNnsy\/rMh\/j1TnmCdiB+xlE1MNfHFngXmMh3iOK4kHGJpWBjJhIZqSRaIE\/OIKepNHAVOzN0wwlhtEgzmaCnGF0oy9DiYK+Y2sqpDKQERvJegwiWuhnzmVp2pNGIbNyGK8RLdTEDUxb4Cy4HJ8QBQ3kBHqSYGQEUkayMv2InH7kQpanA2kEmpI1OJxb+JzI6VHmKxDGrNxDFMVtTEOCkR1IGcmi\/E4U9AsPcQH7sy5z0ZtUQFfmZRvO4kl+J4ridVYsEMZEXMwQoqC3WIYEZSCjUiRz8gPR6uAXXuR6GjiMBvpyPldwI3fxMM\/wKh8xhGhlH7AZ7XKG0YOjaSQKepOtaU8qAxl1I5mOT4gxVD+uYLECZ4xe7MX3RAFDuJklSEAZyGjx69wNDCTGEC+zE70LhDE9Z\/EXUcBPNDAZCcpARsdQpudBYjT1G2czZ4EoKqzAPTQRBbzEFnQmwZgQSBnKunxJjAaaeIxN6FIgivk5hveJnIbyFPswDQkY4wIpI+nO3rxMjGJ+4Q72ZdqcUXRnTS7heyKn\/tzJ1oxHAtpMIGUs03Io7xAjwZdcw47MQqXGN\/48bMnqLMbsLM32nMztvM1AIochvMXFrE130n+VgZSxzEYDL9FItLIm3uUCNmWKHGeHdXiaoUQBTXzItezFoi0NogykfG2oaViDQ7mSu3mW9\/mBQQzkD77nc97jRW7jTPZjQxZhnFb8Rchx2YgDOI1reJi3+IHPeJF7uIyT2I8tWYY+pLbiH+bt3RTCkaIEAAAAAElFTkSuQmCC"}
00428{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":933097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nkBAAD4GJ5isEAABwKgKMsvqAFAHDkNVohK80oAQAOX4AAAAAQEICgE43WsD4q7i"}
00429{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346956,"pkt_ts_usec":933363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrFAAD4GtyesEAABwKgKMsvoAFDxddlzOe6TsYAQAUMIZAAAAQEICgE43WsD4q7i"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499346957283,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1499346957283,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346957,"pkt_ts_usec":283336,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F6tAAD4GriWsEAABwKgKMsv8AFD6EcpoAAAAAKACchDvQAAAAgQFtAQCCAoBON3DAAAAAAEDAwc="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499346957283,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1499346957283,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346957,"pkt_ts_usec":283356,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iOxAAD4GPOSsEAABwKgKMsv+AFCTelUvAAAAAKACchDLDwAAAgQFtAQCCAoBON3DAAAAAAEDAwc="}
00441{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346957,"pkt_ts_usec":283476,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/xzRrv9+hHKaaAScSANvwAAAgQFtAQCCAoD4q86ATjdwwEDAwc="}
00441{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346957,"pkt_ts_usec":283502,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy\/7+F1DJk3pVMKAScSDJ8AAAAgQFtAQCCAoD4q86ATjdwwEDAwc="}
@@ -75,12 +75,12 @@
00429{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346960,"pkt_ts_usec":891727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iO9AAD4GPOmsEAABwKgKMsv+AFCTelUx\/hdQy4AQAOVh6gAAAQEICgE44UkD4rLA"}
00429{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346960,"pkt_ts_usec":891727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F65AAD4GriqsEAABwKgKMsv8AFD6Ecpqc0a7\/4AQAOWluAAAAQEICgE44UkD4rLA"}
00428{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346960,"pkt_ts_usec":891762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nkJAAD4GJ5asEAABwKgKMsvqAFAHDkNWohK804AQAOXwQgAAAQEICgE44UkD4rLA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499346976603,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1499346976603,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":603214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Un9AAD4Gc1GsEAABwKgKMsxKAFAevqLeAAAAAKACchDe8gAAAgQFtAQCCAoBOPChAAAAAAEDAwc="}
00441{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":603366,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEoKnmxhHr6i36AScSCi1wAAAgQFtAQCCAoD4sIYATjwoQEDAwc="}
00429{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":604135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoBAAD4Gc1isEAABwKgKMsxKAFAevqLfCp5sYoAQAOVB3wAAAQEICgE48KED4sIY"}
00844{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":604139,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"ABm5CmnxAMGxFOsxCABFAAFpUoFAAD4GciKsEAABwKgKMsxKAFAevqLfCp5sYoAYAOWkFgAAAQEICgE48KED4sIYR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_tot_l4_data_len":453,"flow_min_l4_data_len":32,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1499346976603,"flow_last_seen":1499346976604,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00429{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":604229,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rnpAAEAGFV7AqAoyrBAAAQBQzEoKnmxiHr6kFIAQAOtApAAAAQEICgPiwhgBOPCh"}
01116{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":605721,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"AMGxFOsxABm5CmnxCABFAAI0rntAAEAGE13AqAoyrBAAAQBQzEoKnmxiHr6kFIAYAOu81wAAAQEICgPiwhgBOPChSFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE2OjE2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzE7IHBhdGg9Lw0KRXhwaXJlczogVGh1LCAxOSBOb3YgMTk4MSAwODo1MjowMCBHTVQNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlLCBuby1jYWNoZSwgbXVzdC1yZXZhbGlkYXRlLCBwb3N0LWNoZWNrPTAsIHByZS1jaGVjaz0wDQpQcmFnbWE6IG5vLWNhY2hlDQpTZXQtQ29va2llOiBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzE7IHBhdGg9Lw0KU2V0LUNvb2tpZTogc2VjdXJpdHk9bG93DQpMb2NhdGlvbjogLi4vLi4vbG9naW4ucGhwDQpDb250ZW50LUxlbmd0aDogMA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1VVEYtOA0KDQo="}
00429{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":606283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoJAAD4Gc1asEAABwKgKMsxKAFAevqQUCp5uYoAQAO0+oQAAAQEICgE48KID4sIY"}
@@ -91,24 +91,24 @@
01428{"flow_id":9,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":676063,"pkt_caplen":807,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":807,"pkt_l4_len":773,"pkt":"AMGxFOsxABm5CmnxCABFAAMZrn1AAEAGEnbAqAoyrBAAAQBQzEoKnnLQHr6m14AYAPzhTgAAAQEICgPiwioBOPCzSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE2OjE2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjM0YS01NTJkZGZlMjQyYjkwLWd6aXAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogNDA2DQpLZWVwLUFsaXZlOiB0aW1lb3V0PTUsIG1heD05OA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2Nzcw0KDQofiwgAAAAAAAADdVJBbsIwEDwXiT9YQr0RmlDgEE7toWqf4cTrsMJ4LduQ0Kp\/r51gCFWrvcSbndmZsSsSZ\/Y1nTxUvN43lo5alGwmQUoJ29CWpH3JiqXpnoq16diLRa7m7B3UCTzWfM4c1y5zYFHGeYUash1gswuwZW662KxJkQ20mypW6HxPJ9PJrLXcGLD9eg+dz7jCRpesBu3BRuCB2wZDJ2f86OkKrIOoMNMDBTqj+LlkqPvdlaJ6H7GGC4G6ualoUfhdec8kifxFgSGHHils45UjdfQwAhV5\/hiPydn6wlmR93QIAoejAunToV+geAWqp5eKePgXJ7a\/\/NrIebOb2WFHvljDYTu2ePVGJ7CBsC3ZDoUAPfKb0ElhvMCsvciuSIkkbaEoLPvQ5uj\/Eni9s9dYoyieU563F5Ol4bdVrCEYKyC0ipRTPGbOnxWULMSLYtRO8HoV6+7yNgP+kkyKO77H5EMiKOFgMJE0JvdXniI0+pdw+\/ovyHutmjSkVWYIKibq8BMG1vTzB9B5D8NKAwAA"}
00430{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":676783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UoZAAD4Gc1KsEAABwKgKMsxKAFAevqbXCp51tYAQARU0QAAAAQEICgE48LMD4sIq"}
00953{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":677015,"pkt_caplen":454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":454,"pkt_l4_len":420,"pkt":"ABm5CmnxAMGxFOsxCABFAAG4UodAAD4Gcc2sEAABwKgKMsxKAFAevqbXCp51tYAYARXwuwAAAQEICgE48LMD4sIqR0VUIC9kdi9kdndhL2ltYWdlcy9sb2dpbl9sb2dvLnBuZyBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IGltYWdlL3BuZyxpbWFnZS8qO3E9MC44LCovKjtxPTAuNQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpSZWZlcmVyOiBodHRwOi8vMjA1LjE3NC4xNjUuNjgvZHYvbG9naW4ucGhwDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPXY2b29rZjZlMjZuMWlkbzVzaXZlNnNhaTcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1499346976677,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1499346976677,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":677111,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8I8VAAD4GogusEAABwKgKMsxMAFCAL9N2AAAAAKACchBM1QAAAgQFtAQCCAoBOPCzAAAAAAEDAwc="}
00443{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":677196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzEzfj2P1gC\/Td6AScSBEIgAAAgQFtAQCCAoD4sIqATjwswEDAwc="}
06305{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":677322,"pkt_caplen":4410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4410,"pkt_l4_len":4376,"pkt":"AMGxFOsxABm5CmnxCABFABEsrn5AAEAGBGLAqAoyrBAAAQBQzEoKnnW1Hr6oW4AQAQSICgAAAQEICgPiwioBOPCzSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE2OjE2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjIzODAtNTUyZGRmZTI0MmI5MCINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpDb250ZW50LUxlbmd0aDogOTA4OA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQoNColQTkcNChoKAAAADUlIRFIAAADIAAAAcggGAAAAFgmejQAAI0dJREFUeAHs3ANwZNsWgOETOxnbtm3btm3btm3btud6PHds255k1vvr1rBfd9J9uuO9q76qlIJV\/R\/uiqaWWsG9KlWv54GUKI5mGIrFOIQTOP7VMfyDv\/HXV3\/iD+zCJLREAUSHZq2vXyhKkEiIShiEdTiGJ5BAcgo9kTAkBqIozoiPXKiMssiBPKiApuiJsViEbbgCCQR\/oHBYCERRoqAUBmA7nkJsZD4iBUogirL13zoOcIE7vBABkREN7tACAz87CephK3whVniEWioQ\/6gPuh2iIi2KoT56YCJW4hAu4xU+wQ9ihte4gqNYh+kYgBaoiBzwsjKWGOiEUxArrIaTCkTFEBdl0BsrcQGfIMHED+exGB2QBx46Y8mAcXhoRSQO4SMQFYIb0qMCOmISNmErlmMmJmIqZmEeFmMF1mAjtuIIruJ9EEfzLxahNeJYGIoT2uMZxELLYK8CCfuBOEOzsYhIhSKoh+6YisN4BQkkX3AQLRHFglAiYQI+6bh5V4EoNr+PSYIqGIKtuAuxsc\/YgfrwNjOUZNgJsUB1FYgSFOHERlNswluIDX3AGmQyIxI7dMdniBluw0MFohjyCMRYXFEK03DLxpdgK5HUjFBy4zbEDENVIIqGtCiJNHAIwrNLBkzFGxtefs1ArAAiiYzdkAB8QCIVSPiNoj+GIGcwX4b5oBOuQmzgHYYjgj+RuGATJABjVCDhK4pB+BsTkSiE3a\/Yoxz2QGzgGSoE8Dh4DcQfd2GvAgm7YqIvzuM+uiNCKLi5z4SjNro\/GQR7E5E4YjnEH0VUIGGLHQpjDT7jGXrAPRQ+Oq6PhxArbUEEf84kRyAmLFCBhA2R0BEXIXiDIYgQyh8V+2AifCFWuITU\/uzpugcx4qkKJHTLjgV4D8EHTES0MPZOJR3+gFjhNSqbiCQnPkKMiB+6Bqa4oSmOQ77yxVzEC+NbaObZ4L6kpolIOkGMKB86hqS4oyPuQ36yGynC0Rv6zvCD6PQR+Y0E4oATEAP9Q\/ZQFA90MbKV+w6qhdNtLKXwEqLTc6QyEkkOfIH8ZG3IHITiiW54BPnJZ4yGZzjf65XKyheMNxDdSCSzID85GrL+eMULPfEYYuAAUkNT\/oskjpV7u9aYeKr1EfLVv2rYIYMHeuMpxMB91Ib2f1QkqfEMolNpI5HMg3x1Vw06+FXzZ6fpCkSEppiMJC\/eQ3S4DneDQNJAvnqrhhx8UmEvxIgXqAPNLCqS6hCdhhs5i+yA4LMacNDzxlh8hhhxEPGhWURFsgyiw1v4GATSCIJnarhBqw7uQ4z4hB6wh2YxFUhkPIDo0MYgkDgQ3FTDDRrpcRhiwjlkhGYVFUkliA5njFxmncNZNdjA5YQR8IWYsBJu0GxCRbIZokMug0Am4DeTP0hE7BANiZAWOVAY5VATdVAehZAFyRAVmhXsEEEnTSd3RLBA\/K8iI4Ipo8ZOylS\/SetjdRu1kNoNmhkL4wv6w+7rvH1s\/Dc7IoIO9lbMx5AjtKD09T83ig5TDQIphZ3a1w9+DfTADOzERXyAnvUAWzEYFRELmpkc8QJ6VhpoOvyOQF3PX7wwjOMtqkKD9jU2PSs2NBNqwNLlBx9oPzkNvasVtGCIZD\/EQicNAvHAUk1+Wr6+vvLo8WP599wF2X\/wsCxetlKm\/Y+4a4CupFnCz7Zt27b1P62ijZ3sZrNWsLZt27Zt27ajzb5Nv\/4mdfP36TPTXXOT3Klz6mHnTqd7pr\/q8oyZIAYMHiG69xogOhf3EK07FIrmrdqL3Px2ok37QlHQtZfo3X+wGD5qvJg5e4E4ePioePzkiVCoSvI6yU0kv5mxwLm4acmyVWL23IVWXrVmgyDKDeNhvhfLPnX6LOtvzVu4RLx8+dJ5TvMWLGbdc+r0GQFKSM1W86i+r53Wf8Bvduzcwxpz244aTP\/dsLbu+MGipSus482dv1iUlZXj54e0MT6Ffzx+4pR+j2W8RaK0tAy3rgwIIH8KAyCoO3mnBpKmGFDs3rtfJGc0E0lpuSIpPVfEp2SJRjGJYTUEjklIl+PkyPGai3adisXSFatDDwt0X3Jvye8wLDBBMsDH+nvxKdmh8ReH8TAb4saOBd1Yfyszt5UIUdOkLNY9vfoOEqCCLj0FfRHpoy7qbBv8Jj0nnzOm\/F0LQdTesLalT548FfHJ9nnGJmSIqqoqjDdUGyNdMoSirz0Q1TRFbN2+E7fixbw1IJCcCAMkf9AA8h4MJlav3YCF1Qs3iUsRiRIw2Cinz5wTRBcl\/9ZjcbB7qgCsRjFJ9pebmCH27DsgSDV7vc8HORYnAgBt+zsNoxPF9JlzRYg6F\/VgrT+nhbP3ceIgnfotHvbejOfPn0M4scbEfHGK4T7D2q4cOXocAsQ6XtsORYKokTbGgsrKSpGS2dz3e+\/RZ4Ag+mtAAOkRBkAKdG+WCpB6Z5xMXXr0FZBspHqN8FC79ty5e4+9YQYPGy2IfuLzQV45feYsS8piLpevXBWSTmLu86W61SAqgXFfMwGSQBwl+TVujDHPnjsPQcJarzT+5VyuYdijBtVRLFi0VM7RMp5cA9Qioo\/o9uDhI8fkaZnp+10ny3Urp1IQAPlxGAAZExxAFEmMTbN5y3ZBtFzym7QFFuBCBlvlyK8R7D4e4pdxw8QpM1l\/I1VKUaLucGKcPHVaJDCkM9TWe\/fu477NHvOACvK\/VWvW49mw5tI4Nkls2bYDYz6X\/EaXMX\/jTLRXf+tYACXWIumcNsYv8I\/DRo4L6z0nSoFy\/sIlddyIMjV\/uOUTIDMDBYjKkErTZ9WoLAs1l+D3BFxq4yazxoL99ODBQ2UTstgR7bkt2rL+BpwQRD+UTojFFRXPWRI\/VtpkBw4dwX33PObxY1zsN3CYr+c3etwkQfR1lzHzcCEjN58F4MrKF\/j5JG0MeCGl3dUyrPfbIDpBfb9fDAQk\/st0lwcOEJURI4DHg2iWYkMgHnLDkdLJ2QyjMFVs3LwtJFHfxnyAy56VlMhNblfj4IGCJ0fSdWkX\/Xr8pGmlzuZpxts88BIRfdhlHhm4kJ3XRr+PazdEuYw58cWLFyKZoaI2a9leECVrY+y7d\/8BTvuw32+z\/JqxmwcEkHyfANliAUgQIMkSi6UrkqitssBxMKC5dkj33v0F0V8YDw8q3bMdu\/aI6KZp1rEBIhjFFy9dRjv9ilbtCgRo4NCRrLl169VPEP3OZS6jnHUSULmckpkniHq4jHng4qUrrGc3ftJUNyn\/AZhNq9duhDoX9rvF33\/2rARjrwoIIH\/xCZB9tQIIJGlqVnMpddqJom69Hc5q1gqSCptIbrYU\/R72uGQAP1WkLKL0orh7b9YY8LQQ9bc+PNLR+wwYwvPI9B4oQF179kP02\/GuQcVCrCiKsWY8I6JmLnPZfe36DdZJpqtGZWWOe3uJS7C1YuOmraJxXIpVzSX177Y2Rgz+sVNRd7M9aQkFxMSnhdy95bC1AgDIZ3wCZG2tAAKviBvBW3Hr1m2xd\/9BMWTEGOjmLINT5fy2nQTRBFrg2\/GiN2\/dwQIepNX1Gzdx\/2HGw+uJH6Zk2N2XcUkZYteefdiMUpom1\/w71L+bcs0cyQ8BQh6d0do8kNZRCoMb7nC\/6ik8cHCZa2PCJpE20zjWyUgxpHnaGFNwqqVkmNUrePHsJ\/sAQfS3gAz1Mh8AmVZXAEmS\/CdSZ1rSpkZ49wkuPnj4SErnoXiJ7BceJ6XZ1m07Q+kO36NFrn769BlLVWgspdkyGTsBXhk5YftvSDAlpuawJHVFRYXYvnO3+u8htRDCgAXeW7fv4OfbtHl8VTKyFfwbwVGJoSyCKi3wGot\/zG\/dyToGDHCiPC0f7hayCxJSsozOhx59BspTKsnqQCHhMCwINcvnF6\/61xVA3uIxodeR0QiLFhtWSbGwc1pWnoBxKWmm6mlq3rI96\/4OBV1NhquqX1dhg3NOufadurjaGzIZUYDadCxiZRdQMPOhNpdoZzO3UTczn5EC5BL\/6cs9HQcPp\/gRCSTi7zju78nTbXEOnKIAv+WUgrv3IoY8HwRAfDZ2aFPfAFF9+3MJJFLXzeCpDTIqjsAUbaQ3UCaxmDVnAes4x0uDaiBpvOfcaFO2s29seMfwbGCgQ9VyjYtMmzmXtbYZs+YJoo\/pm9nL29QwKhGZAp5jwhYkSlPGXHP\/wQM8C4v7OQ25X47dp2UgOIPm5LXl2HywSS2ByHg8o0DcvQSQiz4AEhUJgKhHNXy4TkJjQ8YGBw8aOkoQ\/ZrGOYmoMScdBOoOItKSLhvmNQmnFEe9gnREJu7ho8dcr8MNimucSHORdDYQ\/VGZy1psZg8pjEAk1mQUCERDlDFv7z94WMQlZlrXBlUYr197PpuePH1qPRkKih0zDo4ahru3Bsh5AQDknA+AfDqSAAnVOFyC\/s1No0jLzhNE\/TAG\/TcrH6hBkwQxY3aNpP6Cx5yuI6bBSTaEagcaN2Gq23U4JUpg5HLWhqAdUQtlLnf3HTgEb48nAExpMBAaDx85m3wjxiMPoJg5Z4Efr18nZT6wZSphC5q8c1BNFyxaJkDLV64RjaITrXYIbEkVjJFiHw3mrgIQEQWIGghDqjzXd37l6jXcchr300ki+g8ezrof+jxRJu538\/CMnTCFZfTPlSntoPTsFq6\/OXr8xDhcT8N1Rk4WJRiOw1yolkNMnTHbsImbmaLhKMSCSqpG6eE4EYVde9ld130H6ic1+JXqFJV+1pMaRjzo2rXrItFy2kTD3bstGHevDy\/WjKAAggfyBCn10Qnp1r8BVWzJ8lWC6J1kizyC2hDLsGUgrZAZK2m+y1wgxhGXYHmv4Om6cPGS12+gWP8c4\/XqN9g+XkauQLxD0k6ay9+dVPvCbkbXd4FFsBCIQR+hQCvS4a0Z1us2bHIyD7R3OQIeJ9tpDbAjy5dc\/ACy3d3bK7LuXgLH+3yoV1lBAQS8C5uNGQxDDpauJs3GpseL4biLYRfA2+xSProamcQclQinBjkI3K4\/QV0HPYdKPD8ED21SFJF7CAuaS2eb6jhcJgqOmziFG6VH0dUMBDAhJKzgv3kL9+zQns95RODxfJin9EY1oMh09w6PIEC+5QMgXw4SIFOhXhBA2JFrSGi6v2m156mYdf+oVxP5fqDMAWn1ZTb9GtxA8tiJU4XBBZuj1HLsgxOBY\/RPmT5LEH0CDgyT\/QLArd+4RazfsNkIPuSDgeh0PHL23AUAwAoQot7K8\/lCjUCwpMgrSYh4P1UrV6+zCgis89x5x917IYIA+RsTHPuVIqk3Sf4Avd+IAaSg2iXYgvV3UE1I9B81NwgGIaeIKrt5azevCRpOSN17kN0blprrRKnv3Lnrdn2P2rsKATBIxsQ0e7ynsEsvVdpfgB7v"}
00430{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":677799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0I8ZAAD4GohKsEAABwKgKMsxMAFCAL9N3349j9oAQAOXjKAAAAQEICgE48LQD4sIq"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1499346976999,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1499346976999,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":999785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z5FAAD4GXj+sEAABwKgKMsxeAFDFSpaVAAAAAKACchBEOAAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1499346976999,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1499346976999,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":999789,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8v9RAAD4GBfysEAABwKgKMsxgAFByIk7QAAAAAKACchDfIwAAAgQFtAQCCAoBOPEEAAAAAAEDAwc="}
00442{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":999925,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzF63DJWlxUqWlqAScSAyBwAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="}
00442{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346976,"pkt_ts_usec":999944,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzGAmGFC+ciJO0aAScSCizgAAAgQFtAQCCAoD4sJ7ATjxBAEDAwc="}
00427{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":540,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z5JAAD4GXkasEAABwKgKMsxeAFDFSpaWtwyVpoAQAOXRDgAAAQEICgE48QQD4sJ7"}
00427{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0v9VAAD4GBgOsEAABwKgKMsxgAFByIk7RJhhQv4AQAOVB1gAAAQEICgE48QQD4sJ7"}
00921{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":863501,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"pkt":"ABm5CmnxAMGxFOsxCABFAAGgI8dAAD4GoKWsEAABwKgKMsxMAFCAL9N3349j9oAYAOVhqQAAAQEICgE48dwD4sIqR0VUIC9kdi9kdndhL2pzL2R2d2FQYWdlLmpzIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPXY2b29rZjZlMjZuMWlkbzVzaXZlNnNhaTcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_tot_l4_data_len":508,"flow_min_l4_data_len":32,"flow_max_l4_data_len":396,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1499346976677,"flow_last_seen":1499346977863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/dvwa\/js\/dvwaPage.js","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":863643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oKVAAEAGIzPAqAoyrBAAAQBQzEzfj2P2gC\/U44AQAOvfZQAAAQEICgPiw1MBOPHc"}
00913{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":870159,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"ABm5CmnxAMGxFOsxCABFAAGaZ5NAAD4GXN+sEAABwKgKMsxeAFDFSpaWtwyVpoAYAOVlawAAAQEICgE48d4D4sJ7R0VUIC9kdi9mYXZpY29uLmljbyBIVFRQLzEuMQ0KSG9zdDogMjA1LjE3NC4xNjUuNjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC80NS4wDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgUEhQU0VTU0lEPXY2b29rZjZlMjZuMWlkbzVzaXZlNnNhaTcxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_tot_l4_data_len":502,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1499346976999,"flow_last_seen":1499346977870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/favicon.ico","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":870280,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VvNAAEAGbOXAqAoyrBAAAQBQzF63DJWmxUqX\/IAQAOvN7gAAAQEICgPiw1UBOPHe"}
01462{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":885304,"pkt_caplen":829,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":829,"pkt_l4_len":795,"pkt":"AMGxFOsxABm5CmnxCABFAAMvoKZAAEAGIDfAqAoyrBAAAQBQzEzfj2P2gC\/U44AYAOvu3gAAAQEICgPiw1gBOPHcSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE2OjE3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDI2IEp1biAyMDE3IDE0OjQ0OjQ4IEdNVA0KRVRhZzogIjMwNy01NTJkZGZlMjQ0YWQwLWd6aXAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogNDEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTUsIG1heD0xMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vamF2YXNjcmlwdA0KDQofiwgAAAAAAAADhVLBbtswDD03QP6B0CV2asTu2pwC3YZth22HoT0Xik3HwmRJk6i5XZt\/r+S4S5ui6EUgHx\/J9wiVS\/iGyoI1NlhYlvPZfNYGXZM0OoE3Nrv59T2Hh\/nsrBH3wEHjAJ8FYZZvIiabCMXCaod0LfsJxb9CZcyKHTI4h8g5BxZ5g9SNGVbGok5TC1gcy4uYkTFqKxyvCl87o1Ls+UWhTC2SnoSToOAPnB51OEQOvfwntgojeZANdXxdVUWHctcRv4yhwpbi\/vVVVZCxMfq0rhb5hiWx+2S5XMIX43qIumUzLju9xVTBW4d\/gnTYZK1E1RRCoSO6o3w+izcaJHVwqIw3A5AtZLE3IOc6KPX4OCWMTQSAcUT2f9DGIQWnoRXK4yZR9unBmD13TAxy4UjYT1beKm6js4w66VMwbj3IfAWlMWUJXwN62hrzG1LlhYET81HoT9FjwdILtdCgDcEWAXtL9yuWcz7qz9OIh4m9ak0dfHbicHT3\/qae7n6g9\/EvFWwKPtx37Plg5fPRngBQbZs1BwMAAA=="}
00430{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346977,"pkt_ts_usec":885945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0I8hAAD4GohCsEAABwKgKMsxMAFCAL9Tj349m8YAQAPHcWQAAAQEICgE48eID4sNY"}
@@ -126,26 +126,26 @@
00432{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346982,"pkt_ts_usec":913910,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oKtAAEAGIy3AqAoyrBAAAQBQzEzfj3vDgC\/WboARAPPBCQAAAQEICgPiyEIBOPHo"}
00431{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346982,"pkt_ts_usec":914483,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0I8tAAD4Gog2sEAABwKgKMsxMAFCAL9Zu3497xIARAUS71AAAAQEICgE49ssD4shC"}
00432{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346982,"pkt_ts_usec":914560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oKxAAEAGIyzAqAoyrBAAAQBQzEzfj3vEgC\/Wb4AQAPO8JQAAAQEICgPiyEIBOPbL"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1499346983175,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1499346983175,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346983,"pkt_ts_usec":175773,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ikRAAD4GO4ysEAABwKgKMsyiAFBY531IAAAAAKACchDDnAAAAgQFtAQCCAoBOPcMAAAAAAEDAwc="}
00442{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346983,"pkt_ts_usec":175921,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzKJurEWjWOd9SaAScSBDxgAAAgQFtAQCCAoD4siDATj3DAEDAwc="}
00430{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346983,"pkt_ts_usec":176652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ikVAAD4GO5OsEAABwKgKMsyiAFBY531JbqxFpIAQAOXizQAAAQEICgE49wwD4siD"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1499346984469,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1499346984469,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346984,"pkt_ts_usec":469275,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8puFAAD4GHu+sEAABwKgKMsywAFBLrV6uAAAAAKACchDuHwAAAgQFtAQCCAoBOPhPAAAAAAEDAwc="}
00442{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346984,"pkt_ts_usec":469401,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzLBWnxN3S61er6AScSC3PwAAAgQFtAQCCAoD4snGATj4TwEDAwc="}
00430{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346984,"pkt_ts_usec":470156,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0puJAAD4GHvasEAABwKgKMsywAFBLrV6vVp8TeIAQAOVWRgAAAQEICgE4+FAD4snG"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1499346985762,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1499346985762,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346985,"pkt_ts_usec":762027,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8k7hAAD4GMhisEAABwKgKMsy+AFBA2morAAAAAKACchDsIwAAAgQFtAQCCAoBOPmTAAAAAAEDAwc="}
00442{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346985,"pkt_ts_usec":762175,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzL4AEHgfQNpqLKAScSCl5gAAAgQFtAQCCAoD4ssKATj5kwEDAwc="}
00430{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346985,"pkt_ts_usec":762816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0k7lAAD4GMh+sEAABwKgKMsy+AFBA2mosABB4IIAQAOVE7gAAAQEICgE4+ZMD4ssK"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1499346988319,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1499346988319,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":319151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NptAAD4GjzWsEAABwKgKMszYAFB2NsqJAAAAAKACchBT0AAAAgQFtAQCCAoBOPwSAAAAAAEDAwc="}
00442{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":319279,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzNhVLB2odjbKiqAScSAQbwAAAgQFtAQCCAoD4s2JATj8EgEDAwc="}
00431{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":319850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NpxAAD4GjzysEAABwKgKMszYAFB2NsqKVSwdqYAQAOWvdgAAAQEICgE4\/BID4s2J"}
00431{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":607547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ikZAAD4GO5KsEAABwKgKMsyiAFBY531JbqxFpIARAOXdfgAAAQEICgE4\/FoD4siD"}
00430{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":607740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0iHVAAEAGO2PAqAoyrBAAAQBQzKJurEWkWOd9SoARAOPYMQAAAQEICgPizdEBOPxa"}
00431{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346988,"pkt_ts_usec":608499,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ikdAAD4GO5GsEAABwKgKMsyiAFBY531KbqxFpYAQAOXYLwAAAQEICgE4\/FoD4s3R"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1499346989580,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1499346989580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346989,"pkt_ts_usec":580719,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HPhAAD4GqNisEAABwKgKMszmAFB8FOG1AAAAAKACchA1fQAAAgQFtAQCCAoBOP1NAAAAAAEDAwc="}
00442{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346989,"pkt_ts_usec":580870,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzOZrnFEQfBThtqAScSCnCAAAAgQFtAQCCAoD4s7EATj9TQEDAwc="}
00431{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346989,"pkt_ts_usec":581585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HPlAAD4GqN+sEAABwKgKMszmAFB8FOG2a5xREYAQAOVGDwAAAQEICgE4\/U4D4s7E"}
@@ -156,11 +156,11 @@
00430{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346991,"pkt_ts_usec":609848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qJ9AAEAGGznAqAoyrBAAAQBQzL4AEHggQNpqLYAQAOM5hAAAAQEICgPi0MABOP9I"}
00430{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346991,"pkt_ts_usec":609919,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qKBAAEAGGzjAqAoyrBAAAQBQzL4AEHggQNpqLYARAOM5gwAAAQEICgPi0MABOP9I"}
00431{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346991,"pkt_ts_usec":610503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ADdAAD4GxaGsEAABwKgKMsy+AFBA2motABB4IYAQAOU5gAAAAQEICgE4\/0kD4tDA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1499346992144,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1499346992144,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346992,"pkt_ts_usec":144682,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA855pAAD4G3jWsEAABwKgKMs0AAFBUEBhUAAAAAKACchAkSAAAAgQFtAQCCAoBOP\/OAAAAAAEDAwc="}
00443{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346992,"pkt_ts_usec":144853,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQA256uwVBAYVaAScSBtZwAAAgQFtAQCCAoD4tFFATj\/zgEDAwc="}
00431{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346992,"pkt_ts_usec":145619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA055tAAD4G3jysEAABwKgKMs0AAFBUEBhVNuersYAQAOUMbgAAAQEICgE4\/88D4tFF"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1499346993434,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1499346993434,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346993,"pkt_ts_usec":434942,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QspAAD4GgwasEAABwKgKMs0OAFBi7kPbAAAAAKACchDokQAAAgQFtAQCCAoBOQERAAAAAAEDAwc="}
00442{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346993,"pkt_ts_usec":435036,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzQ7bbxEWYu5D3KAScSAmgAAAAgQFtAQCCAoD4tKIATkBEQEDAwc="}
00430{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346993,"pkt_ts_usec":435831,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QstAAD4Ggw2sEAABwKgKMs0OAFBi7kPc228RF4AQAOXFhwAAAQEICgE5ARED4tKI"}
@@ -170,18 +170,18 @@
00430{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":609334,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HPpAAD4GqN6sEAABwKgKMszmAFB8FOG2a5xREYARAOVBJgAAAQEICgE5AjYD4s7E"}
00430{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":609531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0grxAAEAGQRzAqAoyrBAAAQBQzOZrnFERfBTht4ARAOM8PgAAAQEICgPi060BOQI2"}
00430{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":610271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HPtAAD4GqN2sEAABwKgKMszmAFB8FOG3a5xREoAQAOU8OwAAAQEICgE5AjcD4tOt"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1499346994731,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1499346994731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":731477,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ErdAAD4GsxmsEAABwKgKMs0cAFAyGBDiAAAAAKACchBLDwAAAgQFtAQCCAoBOQJVAAAAAAEDAwc="}
00442{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":731607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzRyBtZXkMhgQ46AScSBcpQAAAgQFtAQCCAoD4tPMATkCVQEDAwc="}
00430{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346994,"pkt_ts_usec":732169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ErhAAD4GsyCsEAABwKgKMs0cAFAyGBDjgbWV5YAQAOX7rAAAAQEICgE5AlUD4tPM"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1499346997314,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1499346997314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":314764,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZWRAAD4GYGysEAABwKgKMs02AFBhbWG\/AAAAAKACchDIPAAAAgQFtAQCCAoBOQTbAAAAAAEDAwc="}
00442{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":314890,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzTaSy6RrYW1hwKAScSC3rwAAAgQFtAQCCAoD4tZSATkE2wEDAwc="}
00430{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":315650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZWVAAD4GYHOsEAABwKgKMs02AFBhbWHAksukbIAQAOVWtwAAAQEICgE5BNsD4tZS"}
00430{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":610179,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA055xAAD4G3jusEAABwKgKMs0AAFBUEBhVNuersYARAOUHFwAAAQEICgE5BSUD4tFF"}
00430{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":610395,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fS1AAEAGRqvAqAoyrBAAAQBQzQA256uxVBAYVoARAOMBwQAAAQEICgPi1pwBOQUl"}
00430{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346997,"pkt_ts_usec":611137,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0551AAD4G3jqsEAABwKgKMs0AAFBUEBhWNuersoAQAOUBvwAAAQEICgE5BSUD4tac"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1499346998578,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1499346998578,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346998,"pkt_ts_usec":578995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K3xAAD4GmlSsEAABwKgKMs1EAFB2Xi1rAAAAAKACchDmVQAAAgQFtAQCCAoBOQYXAAAAAAEDAwc="}
00442{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346998,"pkt_ts_usec":579095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzUQbBzt5dl4tbKAScSC1QwAAAgQFtAQCCAoD4teOATkGFwEDAwc="}
00430{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499346998,"pkt_ts_usec":579866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K31AAD4GmlusEAABwKgKMs1EAFB2Xi1sGwc7eoAQAOVUSwAAAQEICgE5BhcD4teO"}
@@ -191,11 +191,11 @@
00430{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347000,"pkt_ts_usec":611214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ErlAAD4Gsx+sEAABwKgKMs0cAFAyGBDjgbWV5YARAOX17QAAAQEICgE5CBMD4tPM"}
00430{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347000,"pkt_ts_usec":611437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TG9AAEAGd2nAqAoyrBAAAQBQzRyBtZXlMhgQ5IARAOPwMAAAAQEICgPi2YoBOQgT"}
00430{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347000,"pkt_ts_usec":612186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ErpAAD4Gsx6sEAABwKgKMs0cAFAyGBDkgbWV5oAQAOXwLgAAAQEICgE5CBMD4tmK"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1499347001111,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1499347001111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347001,"pkt_ts_usec":111123,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kNhAAD4GNPisEAABwKgKMs1eAFDMzJhIAAAAAKACchAidwAAAgQFtAQCCAoBOQiQAAAAAAEDAwc="}
00442{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347001,"pkt_ts_usec":111223,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzV4q6d3azMyYSaAScSA8qAAAAgQFtAQCCAoD4toHATkIkAEDAwc="}
00430{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347001,"pkt_ts_usec":112014,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kNlAAD4GNP+sEAABwKgKMs1eAFDMzJhJKund24AQAOXbrwAAAQEICgE5CJAD4toH"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1499347002399,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1499347002399,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347002,"pkt_ts_usec":399632,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d7tAAD4GThWsEAABwKgKMs1sAFBA8H5pAAAAAKACchDG4gAAAgQFtAQCCAoBOQnSAAAAAAEDAwc="}
00442{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347002,"pkt_ts_usec":399764,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzWx3BXtPQPB+aqAScSD2QAAAAgQFtAQCCAoD4ttJATkJ0gEDAwc="}
00430{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347002,"pkt_ts_usec":400545,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d7xAAD4GThysEAABwKgKMs1sAFBA8H5qdwV7UIAQAOWVSAAAAQEICgE5CdID4ttJ"}
@@ -205,18 +205,18 @@
00430{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":611530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K35AAD4GmlqsEAABwKgKMs1EAFB2Xi1sGwc7eoARAOVPYAAAAQEICgE5CwED4teO"}
00430{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":611745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05wJAAEAG3NXAqAoyrBAAAQBQzUQbBzt6dl4tbYARAONKdwAAAQEICgPi3HgBOQsB"}
00430{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":612532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K39AAD4GmlmsEAABwKgKMs1EAFB2Xi1tGwc7e4AQAOVKdQAAAQEICgE5CwED4tx4"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1499347003695,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1499347003695,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":695813,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZUVAAD4GYIusEAABwKgKMs16AFBCXW5TAAAAAKACchDUOQAAAgQFtAQCCAoBOQsWAAAAAAEDAwc="}
00442{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":695945,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzXqmA8avQl1uVKAScSCH9QAAAgQFtAQCCAoD4tyNATkLFgEDAwc="}
00431{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347003,"pkt_ts_usec":696698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZUZAAD4GYJKsEAABwKgKMs16AFBCXW5UpgPGsIAQAOUm\/QAAAQEICgE5CxYD4tyN"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1499347006233,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1499347006233,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":233648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WV1AAD4GbHOsEAABwKgKMs2UAFDN5FTMAAAAAKACchBfpAAAAgQFtAQCCAoBOQ2RAAAAAAEDAwc="}
00442{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":233797,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzZSBD41szeRUzaAScSBvHQAAAgQFtAQCCAoD4t8HATkNkQEDAwc="}
00430{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":234357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WV5AAD4GbHqsEAABwKgKMs2UAFDN5FTNgQ+NbYAQAOUOJQAAAQEICgE5DZED4t8H"}
00430{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":611789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kNpAAD4GNP6sEAABwKgKMs1eAFDMzJhJKund24ARAOXWTwAAAQEICgE5De8D4toH"}
00430{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":612057,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Ar1AAEAGwRvAqAoyrBAAAQBQzV4q6d3bzMyYSoARAOPQ8QAAAQEICgPi32YBOQ3v"}
00430{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347006,"pkt_ts_usec":612841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kNtAAD4GNP2sEAABwKgKMs1eAFDMzJhKKund3IAQAOXQ7wAAAQEICgE5De8D4t9m"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1499347007496,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1499347007496,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347007,"pkt_ts_usec":496086,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xEhAAD4GAYisEAABwKgKMs2iAFDPCcqEAAAAAKACchDnfQAAAgQFtAQCCAoBOQ7MAAAAAAEDAwc="}
00442{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347007,"pkt_ts_usec":496189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzaKR1tjLzwnKhaAScSCZlAAAAgQFtAQCCAoD4uBDATkOzAEDAwc="}
00430{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347007,"pkt_ts_usec":496970,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xElAAD4GAY+sEAABwKgKMs2iAFDPCcqFkdbYzIAQAOU4nAAAAQEICgE5DswD4uBD"}
@@ -226,11 +226,11 @@
00430{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347009,"pkt_ts_usec":611765,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZUdAAD4GYJGsEAABwKgKMs16AFBCXW5UpgPGsIARAOUhNQAAAQEICgE5EN0D4tyN"}
00430{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347009,"pkt_ts_usec":612008,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JORAAEAGnvTAqAoyrBAAAQBQzXqmA8awQl1uVYARAOMbbwAAAQEICgPi4lQBORDd"}
00430{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347009,"pkt_ts_usec":612559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZUhAAD4GYJCsEAABwKgKMs16AFBCXW5VpgPGsYAQAOUbbQAAAQEICgE5EN0D4uJU"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1499347010080,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1499347010080,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347010,"pkt_ts_usec":80677,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aVxAAD4GXHSsEAABwKgKMs28AFAhFXgOAAAAAKACchDlSAAAAgQFtAQCCAoBORFSAAAAAAEDAwc="}
00442{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347010,"pkt_ts_usec":80807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzbww\/OHGIRV4D6AScSDsuAAAAgQFtAQCCAoD4uLJATkRUgEDAwc="}
00429{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347010,"pkt_ts_usec":81582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aV1AAD4GXHusEAABwKgKMs28AFAhFXgPMPzhx4AQAOWLvwAAAQEICgE5EVMD4uLJ"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1499347011349,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1499347011349,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347011,"pkt_ts_usec":349958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RzxAAD4GfpSsEAABwKgKMs3KAFCfKlWsAAAAAKACchCISQAAAgQFtAQCCAoBORKQAAAAAAEDAwc="}
00442{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347011,"pkt_ts_usec":350111,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzcqa6hS4nypVraAScSDxmwAAAgQFtAQCCAoD4uQHATkSkAEDAwc="}
00430{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347011,"pkt_ts_usec":350820,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rz1AAD4GfpusEAABwKgKMs3KAFCfKlWtmuoUuYAQAOWQowAAAQEICgE5EpAD4uQH"}
@@ -240,32 +240,32 @@
00430{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":612385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xEpAAD4GAY6sEAABwKgKMs2iAFDPCcqFkdbYzIARAOUznAAAAQEICgE5E8sD4uBD"}
00430{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":612612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PY5AAEAGhkrAqAoyrBAAAQBQzaKR1tjMzwnKhoARAOMungAAAQEICgPi5UIBORPL"}
00430{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":613369,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xEtAAD4GAY2sEAABwKgKMs2iAFDPCcqGkdbYzYAQAOUumwAAAQEICgE5E8wD4uVC"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1499347012617,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1499347012617,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":617694,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mKRAAD4GLSysEAABwKgKMs3YAFAU4YtpAAAAAKACchDbigAAAgQFtAQCCAoBORPNAAAAAAEDAwc="}
00442{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":617842,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzdgtNmaCFOGLaqAScSBfigAAAgQFtAQCCAoD4uVEATkTzQEDAwc="}
00430{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347012,"pkt_ts_usec":618596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mKVAAD4GLTOsEAABwKgKMs3YAFAU4YtqLTZmg4AQAOX+kQAAAQEICgE5E80D4uVE"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1499347015165,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1499347015165,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":165463,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wXxAAD4GBFSsEAABwKgKMs3yAFDEv9c2AAAAAKACchDdRwAAAgQFtAQCCAoBORZKAAAAAAEDAwc="}
00443{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":165621,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzfKguKOtxL\/XN6AScSCuHQAAAgQFtAQCCAoD4ufAATkWSgEDAwc="}
00430{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":166225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wX1AAD4GBFusEAABwKgKMs3yAFDEv9c3oLijroAQAOVNJQAAAQEICgE5FkoD4ufA"}
00430{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":612702,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aV5AAD4GXHqsEAABwKgKMs28AFAhFXgPMPzhx4ARAOWGWAAAAQEICgE5FrkD4uLJ"}
00431{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":612917,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CfdAAEAGueHAqAoyrBAAAQBQzbww\/OHHIRV4EIARAOOA8gAAAQEICgPi6DABORa5"}
00430{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347015,"pkt_ts_usec":613673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aV9AAD4GXHmsEAABwKgKMs28AFAhFXgQMPzhyIAQAOWA7wAAAQEICgE5FroD4ugw"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1499347016455,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1499347016455,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":455176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hwdAAD4GPsmsEAABwKgKMs4AAFB8BZCLAAAAAKACchBrXQAAAgQFtAQCCAoBOReMAAAAAAEDAwc="}
00442{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":455268,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzgBumELLfAWQjKAScSDN8gAAAgQFtAQCCAoD4ukDATkXjAEDAwc="}
00430{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":455874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwhAAD4GPtCsEAABwKgKMs4AAFB8BZCMbphCzIAQAOVs+gAAAQEICgE5F4wD4ukD"}
00430{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":612873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rz5AAD4GfpqsEAABwKgKMs3KAFCfKlWtmuoUuYARAOWLfwAAAQEICgE5F7MD4uQH"}
00431{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":613152,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/ZNAAEAGxkTAqAoyrBAAAQBQzcqa6hS5nypVroARAOOGXQAAAQEICgPi6SoBORez"}
00430{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347016,"pkt_ts_usec":613864,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rz9AAD4GfpmsEAABwKgKMs3KAFCfKlWumuoUuoAQAOWGWgAAAQEICgE5F7QD4ukq"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1499347017745,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1499347017745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347017,"pkt_ts_usec":745608,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p+RAAD4GHeysEAABwKgKMs4OAFCFw78rAAAAAKACchAxrgAAAgQFtAQCCAoBORjPAAAAAAEDAwc="}
00443{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347017,"pkt_ts_usec":745737,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzg5V15svhcO\/LKAScSBTXgAAAgQFtAQCCAoD4upFATkYzwEDAwc="}
00430{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347017,"pkt_ts_usec":746487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p+VAAD4GHfOsEAABwKgKMs4OAFCFw78sVdebMIAQAOXyZQAAAQEICgE5GM8D4upF"}
00430{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347018,"pkt_ts_usec":613061,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mKZAAD4GLTKsEAABwKgKMs3YAFAU4YtqLTZmg4ARAOX4tQAAAQEICgE5GagD4uVE"}
00430{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347018,"pkt_ts_usec":613278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0jZ1AAEAGNjvAqAoyrBAAAQBQzdgtNmaDFOGLa4ARAOPy3AAAAQEICgPi6x4BORmo"}
00430{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347018,"pkt_ts_usec":613813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mKdAAD4GLTGsEAABwKgKMs3YAFAU4YtrLTZmhIAQAOXy2gAAAQEICgE5GagD4use"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1499347020329,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1499347020329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347020,"pkt_ts_usec":329829,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BsFAAD4Gvw+sEAABwKgKMs4oAFCq7R2UAAAAAKACchCrewAAAgQFtAQCCAoBORtVAAAAAAEDAwc="}
00442{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347020,"pkt_ts_usec":329958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzijgzD+Kqu0dlaAScSCbVAAAAgQFtAQCCAoD4uzMATkbVQEDAwc="}
00431{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347020,"pkt_ts_usec":330717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BsJAAD4GvxasEAABwKgKMs4oAFCq7R2V4Mw\/i4AQAOU6XAAAAQEICgE5G1UD4uzM"}
@@ -275,18 +275,18 @@
00430{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":613496,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwlAAD4GPs+sEAABwKgKMs4AAFB8BZCMbphCzIARAOVn7wAAAQEICgE5HJYD4ukD"}
00430{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":613682,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rMBAAEAGFxjAqAoyrBAAAQBQzgBumELMfAWQjYARAONi5wAAAQEICgPi7gwBORyW"}
00430{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":614454,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hwpAAD4GPs6sEAABwKgKMs4AAFB8BZCNbphCzYAQAOVi5QAAAQEICgE5HJYD4u4M"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1499347021621,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1499347021621,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":621411,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA899BAAD4Gzf+sEAABwKgKMs42AFBUD+tIAAAAAKACchAzVAAAAgQFtAQCCAoBORyYAAAAAAEDAwc="}
00443{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":621477,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzjY7BBUuVA\/rSaAScSDyDwAAAgQFtAQCCAoD4u4OATkcmAEDAwc="}
00430{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347021,"pkt_ts_usec":622230,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA099FAAD4GzgasEAABwKgKMs42AFBUD+tJOwQVL4AQAOWRFwAAAQEICgE5HJgD4u4O"}
00430{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347023,"pkt_ts_usec":615226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p+ZAAD4GHfKsEAABwKgKMs4OAFCFw78sVdebMIARAOXsqQAAAQEICgE5HooD4upF"}
00431{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347023,"pkt_ts_usec":615466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0azFAAEAGWKfAqAoyrBAAAQBQzg5V15swhcO\/LYARAOPm7gAAAQEICgPi8AEBOR6K"}
00430{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347023,"pkt_ts_usec":616194,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p+dAAD4GHfGsEAABwKgKMs4OAFCFw78tVdebMYAQAOXm7AAAAQEICgE5HooD4vAB"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1499347024196,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1499347024196,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347024,"pkt_ts_usec":196279,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zI9AAD4G+UCsEAABwKgKMs5QAFAU3NOUAAAAAKACchCHngAAAgQFtAQCCAoBOR8bAAAAAAEDAwc="}
00443{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347024,"pkt_ts_usec":196432,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzlADb\/iqFNzTlaAScSCX7gAAAgQFtAQCCAoD4vCSATkfGwEDAwc="}
00431{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347024,"pkt_ts_usec":197167,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zJBAAD4G+UesEAABwKgKMs5QAFAU3NOVA2\/4q4AQAOU29QAAAQEICgE5HxwD4vCS"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1499347025509,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1499347025509,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347025,"pkt_ts_usec":509874,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MX5AAD4GlFKsEAABwKgKMs5eAFDxhxEaAAAAAKACchBsFgAAAgQFtAQCCAoBOSBkAAAAAAEDAwc="}
00442{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347025,"pkt_ts_usec":510003,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzl7gFzLu8YcRG6AScSBkMQAAAgQFtAQCCAoD4vHbATkgZAEDAwc="}
00430{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347025,"pkt_ts_usec":510774,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MX9AAD4GlFmsEAABwKgKMs5eAFDxhxEb4Bcy74AQAOUDOQAAAQEICgE5IGQD4vHb"}
@@ -296,11 +296,11 @@
00430{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347027,"pkt_ts_usec":615474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA099JAAD4GzgWsEAABwKgKMs42AFBUD+tJOwQVL4ARAOWLPAAAAQEICgE5InID4u4O"}
00431{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347027,"pkt_ts_usec":615698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05sZAAEAG3RHAqAoyrBAAAQBQzjY7BBUvVA\/rSoARAOOFYgAAAQEICgPi8+kBOSJy"}
00430{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347027,"pkt_ts_usec":616437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA099NAAD4GzgSsEAABwKgKMs42AFBUD+tKOwQVMIAQAOWFYAAAAQEICgE5InID4vPp"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1499347028086,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1499347028086,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347028,"pkt_ts_usec":86164,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aaVAAD4GXCusEAABwKgKMs54AFBiKUtNAAAAAKACchC+owAAAgQFtAQCCAoBOSLoAAAAAAEDAwc="}
00441{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347028,"pkt_ts_usec":86304,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQznggYwiEYilLTqAScSCeWQAAAgQFtAQCCAoD4vRfATki6AEDAwc="}
00429{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347028,"pkt_ts_usec":87053,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aaZAAD4GXDKsEAABwKgKMs54AFBiKUtOIGMIhYAQAOU9YQAAAQEICgE5IugD4vRf"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1499347029372,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1499347029372,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347029,"pkt_ts_usec":372309,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qGFAAD4GHW+sEAABwKgKMs6GAFAx0YxIAAAAAKACchCssQAAAgQFtAQCCAoBOSQpAAAAAAEDAwc="}
00442{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347029,"pkt_ts_usec":372400,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzoZSq4KNMdGMSaAScSDe1AAAAgQFtAQCCAoD4vWgATkkKQEDAwc="}
00430{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347029,"pkt_ts_usec":373202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qGJAAD4GHXasEAABwKgKMs6GAFAx0YxJUquCjoAQAOV92wAAAQEICgE5JCoD4vWg"}
@@ -310,25 +310,25 @@
00430{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":615542,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MYBAAD4GlFisEAABwKgKMs5eAFDxhxEb4Bcy74ARAOX+OwAAAQEICgE5JWAD4vHb"}
00432{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":615759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0xDhAAEAG\/5\/AqAoyrBAAAQBQzl7gFzLv8YcRHIARAOP5QAAAAQEICgPi9tcBOSVg"}
00430{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":616511,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MYFAAD4GlFesEAABwKgKMs5eAFDxhxEc4Bcy8IAQAOX5PgAAAQEICgE5JWAD4vbX"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1499347030639,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1499347030639,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":639342,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMs6UAFA36qgJAAAAAKACchCJjAAAAgQFtAQCCAoBOSVmAAAAAAEDAwc="}
00442{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":639438,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzpQiO+l4N+qoCqAScSCD9wAAAgQFtAQCCAoD4vbdATklZgEDAwc="}
00431{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347030,"pkt_ts_usec":640212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMs6UAFA36qgKIjvpeYAQAOUi\/wAAAQEICgE5JWYD4vbd"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1499347033203,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1499347033203,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":203906,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AN5AAD4GxPKsEAABwKgKMs6uAFDsGCc5AAAAAKACchBTkwAAAgQFtAQCCAoBOSfnAAAAAAEDAwc="}
00442{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":204003,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzq5aBdhx7BgnOqAScSAkugAAAgQFtAQCCAoD4vleATkn5wEDAwc="}
00430{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":204751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AN9AAD4GxPmsEAABwKgKMs6uAFDsGCc6WgXYcoAQAOXDwQAAAQEICgE5J+cD4vle"}
00430{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":616064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aadAAD4GXDGsEAABwKgKMs54AFBiKUtOIGMIhYARAOU3+gAAAQEICgE5KE4D4vRf"}
00430{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":616280,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08UBAAEAG0pfAqAoyrBAAAQBQznggYwiFYilLT4ARAOMylQAAAQEICgPi+cUBOShO"}
00430{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347033,"pkt_ts_usec":617025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aahAAD4GXDCsEAABwKgKMs54AFBiKUtPIGMIhoAQAOUykgAAAQEICgE5KE8D4vnF"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1499347034467,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1499347034467,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":467270,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rP1AAD4GGNOsEAABwKgKMs68AFB+VYXeAAAAAKACchBhZwAAAgQFtAQCCAoBOSkjAAAAAAEDAwc="}
00442{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":467378,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzrxiNhMTflWF36AScSDufwAAAgQFtAQCCAoD4vqaATkpIwEDAwc="}
00430{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":468159,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rP5AAD4GGNqsEAABwKgKMs68AFB+VYXfYjYTFIAQAOWNhwAAAQEICgE5KSMD4vqa"}
00430{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":615955,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qGNAAD4GHXWsEAABwKgKMs6GAFAx0YxJUquCjoARAOV4vAAAAQEICgE5KUgD4vWg"}
00430{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":616143,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0eDFAAEAGS6fAqAoyrBAAAQBQzoZSq4KOMdGMSoARAONzngAAAQEICgPi+r8BOSlI"}
00431{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347034,"pkt_ts_usec":616916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qGRAAD4GHXSsEAABwKgKMs6GAFAx0YxKUquCj4AQAOVznAAAAQEICgE5KUgD4vq\/"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1499347035750,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1499347035750,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347035,"pkt_ts_usec":750380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OG5AAD4GjWKsEAABwKgKMs7KAFDI6hIKAAAAAKACchCJVwAAAgQFtAQCCAoBOSpkAAAAAAEDAwc="}
00442{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347035,"pkt_ts_usec":750472,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzsrSHYegyOoSC6AScSAwugAAAgQFtAQCCAoD4vvbATkqZAEDAwc="}
00430{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347035,"pkt_ts_usec":751288,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OG9AAD4GjWmsEAABwKgKMs7KAFDI6hIL0h2HoYAQAOXPwQAAAQEICgE5KmQD4vvb"}
@@ -336,14 +336,14 @@
00431{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347036,"pkt_ts_usec":616905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0FcpAAEAGrg7AqAoyrBAAAQBQzpQiO+l5N+qoC4ARAOMXUwAAAQEICgPi\/LMBOSs8"}
00430{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347036,"pkt_ts_usec":617620,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXJAAD4GOGasEAABwKgKMs6UAFA36qgLIjvpeoAQAOUXUAAAAQEICgE5Kz0D4vyz"}
01212{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347037,"pkt_ts_usec":12811,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9AOBAAD4Gwq+sEAABwKgKMs6uAFDsGCc6WgXYcoAYAOWBEAAAAQEICgE5K58D4vleR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdBUTgwTlFVUzRUQVFMUVZXSE1BR1hCMTFLVUJLMzROWkE4UlVVRDE0M0lGS1FEUzNQNSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00915{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00926{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1499347033203,"flow_last_seen":1499347037012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00430{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347037,"pkt_ts_usec":12909,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JWRAAEAGnnTAqAoyrBAAAQBQzq5aBdhy7Bgpg4AQAOy6AQAAAQEICgPi\/RYBOSuf"}
02957{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347037,"pkt_ts_usec":15997,"pkt_caplen":1933,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1933,"pkt_l4_len":1899,"pkt":"AMGxFOsxABm5CmnxCABFAAd\/JWVAAEAGlyjAqAoyrBAAAQBQzq5aBdhy7Bgpg4AYAOx+XQAAAQEICgPi\/RcBOSufSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE3OjE2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWHtPGzkQ\/xukfgefTypQKevm6EktTbYKCRRUaAObQO900srZdRKDd721vQl8+xvvI1meYRskFLz2PH7jGY9n\/Gaz9UfvR3fwT\/8ATU0kUH+4f3LcRbhByOVul5DeoId+Hg1OT1DTeY88o3hgCDn4jhGeGpPsETKfz535riPVhAzOyY2V0rRsxbChMx4nNCF232y+2Wxlem4iEev2IzKanz59yllz8o3WlNEQhhsbrYgZiixLg\/1K+ayNuzI2LDaNwW3CMAryrzY27MYQK+IzCqZUaWbaw8Fh4yNGJJe50TLcCOZepCJmio644OZ2D52zsWCBYSHqKqk18rhhyAsUTwyPJ2j7p+ftoL091KNRjEpewdAlG6FOkggeUMNljLZ7F5edHTRrOs336F2PzZiQSQTQ3rVIrrhAIXh8jRQTbazNrWB6ypjByIA1hRGB1hhNFRu3seMQ+Atnc2pnSUR57GTL5KE0DltRyvmPR3TCCEzdlTSmM0vmZAsLGTqztgrhis5oPouRVsEdIFc6+98HBc6Vxm6L5JSF50jhOjseyfAWBYJq63UZMZy7NOQzxMM2tr4Di5gqvF5ZskIq8xstHk0eIMmM1ETIiXSSeIIRFRAIKxy1tBuwgroHqu0m++C4tKL9wZqf0DBkYW4QEKSitNOu7gsZXNutERzJOADV120853Eo5w4sZTjaW7klzhYuWYGB3nGXg90j2LYWobDLgrubLxHIYzh9aWCntJNMk2fk3yfF7nFlpp5aOHBpskLfgga7nh0iAscPJlFvv6KMpMJdY0NnlfPNITxGKjWMPIPqcQbs7tv\/6FCqoKYH7gtkNyyoAyCjx25XRhGNQ3QcX7HMI+uhCLQa10GR0QMK7\/xwPcVjTpwvCRzVNgfONGQrouRF\/Ng95HC4j+2MXntv0kRIGtbZnYKjgDHMvtb0D00M3Fy1XFSwZOeWBaliqNvpD7pHnfWg6F+C18GR0cOZPjt5rWC1Ev0RXG61nFLhuocGbe\/b6Z31UM0ZvfZ5LUglC3YvYYQ8pm20ouNezfR6X+6N1n4tIDkDdqGegVrlx+maW2HFqYp+zfIq6kU4VIljUXy9Ahpddzd0icIzUt2FsOYVlJ1FqC5XXodLMuza+hHiI5+qtx3Az+OxXKGuQoXd\/lEfTsdY1lNERzI1K9QsaLDbscPX21Zb6K1UvyTC7kk2vgegqNju1H5PF4K2hF0WgtDJ2NVCt12rFoKtafN3ugsomZtFwVwRPltUsH4gQ+ZTxWhRP4+lilBMI6jWgR\/K3izFtfGfGEG3NJWA\/evBoKhNW0lh8eWUmi2NbmWqMuYvZWUdJ2m1+MeFaPu7qG+rRDodRRzIZlSk8Onln4U2krh5U0Esyhxvoph7xISQqGg1XKj8tRQMPDzZ3uqcfXz\/\/WzofRh0zk7OLi6PTjtff+43m9+G+992P3z\/t\/PxfDjsNT\/sHh9+O+t5u\/2\/t3Y+VyWEMkhtp+UEUl5ztvN50ZIAHMUy1yw93Jr+5Z7Cgc\/CX0U0v6xg0q4V8QHRuIwr23zqomGVc6qTrGeFEGU3NsxI5tmGBs\/6C8\/6mWehHaNqAp0ohluJxtfY\/X1ZiyiujQ+4fahSDFP+AbR1YK7fhf7K+F7RetbE+Ly81ThZ7Mz5NU9YyGkm2n5VLdel5U9je7mM5\/EUZgYTvkjGgYzs9dAY019O9iTxKIgXML5Ic46TCqZMM5PwrLoH1FUdRXbLQ73sXEcK+t38t0xhT6S8Iu8EglG1OM2P5UV9qw2LfHuXPJofRqkxts8u8sMFZ3MExz9Z5OxEJmnil2Qy7uZZf\/nosAcUw2QbPXHbz0CiPwWJNhy\/AKSspnhbOqIt5HwL7WAXrYTlQTIM2OsC05nMldDsblLBJ5C3BRtD\/myxyB1qpmze3WsR+EI0jHhcuBC+y+IAndjXpYIGJC4p4FY\/7nnFSsi1vT7C0otPOnQspbnz2JK467x2JY9dq9UETOzFmb8LZi927v\/CoqgqkhQAAA=="}
00429{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347037,"pkt_ts_usec":16678,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AOFAAD4GxPesEAABwKgKMs6uAFDsGCmDWgXfvYAQAQKyngAAAQEICgE5K6AD4v0X"}
00944{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":27122,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzAOJAAD4Gw3esEAABwKgKMs6uAFDsGCmDWgXfvYAYAQJgqQAAAQEICgE5LJ0D4v0XR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02818{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":30178,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceJWdAAEAGl4fAqAoyrBAAAQBQzq5aBd+97BgrAoAYAPV9\/AAAAQEICgPi\/hUBOSydSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE3OjE3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00430{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":30927,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AONAAD4GxPWsEAABwKgKMs6uAFDsGCsCWgXmp4AQAR2oHgAAAQEICgE5LJ4D4v4V"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1499347038276,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1499347038276,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":276528,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83pNAAD4G5zysEAABwKgKMs7kAFBDY\/JIAAAAAKACchAsDwAAAgQFtAQCCAoBOSzbAAAAAAEDAwc="}
00442{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":276651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzuS5pPWWQ2PySaAScSB7fQAAAgQFtAQCCAoD4v5SATks2wEDAwc="}
00431{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":277213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03pRAAD4G50OsEAABwKgKMs7kAFBDY\/JJuaT1l4AQAOUahAAAAQEICgE5LNwD4v5S"}
@@ -352,7 +352,7 @@
00431{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347038,"pkt_ts_usec":281492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AOVAAD4GxPOsEAABwKgKMs6uAFDsGC1LWgXt84AQATud7gAAAQEICgE5LN0D4v5T"}
00946{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347039,"pkt_ts_usec":319412,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzAOZAAD4Gw3OsEAABwKgKMs6uAFDsGC1LWgXt84AYATtL8wAAAQEICgE5LeAD4v5TR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347039,"pkt_ts_usec":322432,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceJWtAAEAGl4PAqAoyrBAAAQBQzq5aBe3z7BguyoAYAQd9\/AAAAQEICgPi\/1gBOS3gSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE3OjE5IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1499347039587,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1499347039587,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347039,"pkt_ts_usec":587218,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LfVAAD4Gl9usEAABwKgKMs7yAFDXyAPWAAAAAKACchCExgAAAgQFtAQCCAoBOS4jAAAAAAEDAwc="}
00442{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347039,"pkt_ts_usec":587331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzvKH9tkB18gD16AScSAhMAAAAgQFtAQCCAoD4v+aATkuIwEDAwc="}
00431{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347039,"pkt_ts_usec":588141,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LfZAAD4Gl+KsEAABwKgKMs7yAFDXyAPXh\/bZAoAQAOXANwAAAQEICgE5LiMD4v+a"}
@@ -362,11 +362,11 @@
00430{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347041,"pkt_ts_usec":618348,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OHBAAD4GjWisEAABwKgKMs7KAFDI6hIL0h2HoYARAOXKBQAAAQEICgE5MB8D4vvb"}
00430{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347041,"pkt_ts_usec":618698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hjdAAEAGPaHAqAoyrBAAAQBQzsrSHYehyOoSDIARAOPESwAAAQEICgPjAZYBOTAf"}
00430{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347041,"pkt_ts_usec":619465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OHFAAD4GjWesEAABwKgKMs7KAFDI6hIM0h2HooAQAOXESQAAAQEICgE5MB8D4wGW"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1499347042150,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1499347042150,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347042,"pkt_ts_usec":150116,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1JAAD4GGn6sEAABwKgKMs8MAFB23Zv2AAAAAKACchBK9gAAAgQFtAQCCAoBOTCkAAAAAAEDAwc="}
00442{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347042,"pkt_ts_usec":150244,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzwwb3aSHdt2b96AScSCFcgAAAgQFtAQCCAoD4wIbATkwpAEDAwc="}
00430{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347042,"pkt_ts_usec":150994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1NAAD4GGoWsEAABwKgKMs8MAFB23Zv3G92kiIAQAOUkegAAAQEICgE5MKQD4wIb"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1499347043416,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1499347043416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347043,"pkt_ts_usec":416905,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8okxAAD4GI4SsEAABwKgKMs8aAFDJVZOtAAAAAKACchD\/ewAAAgQFtAQCCAoBOTHhAAAAAAEDAwc="}
00442{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347043,"pkt_ts_usec":417034,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzxosqk4zyVWTrqAScSB+QwAAAgQFtAQCCAoD4wNXATkx4QEDAwc="}
00430{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347043,"pkt_ts_usec":417769,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ok1AAD4GI4usEAABwKgKMs8aAFDJVZOuLKpONIAQAOUdSwAAAQEICgE5MeED4wNX"}
@@ -376,18 +376,18 @@
00431{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":618475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LfdAAD4Gl+GsEAABwKgKMs7yAFDXyAPXh\/bZAoARAOW7TAAAAQEICgE5Mw0D4v+a"}
00430{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":618713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03YZAAEAG5lHAqAoyrBAAAQBQzvKH9tkC18gD2IARAOO2YwAAAQEICgPjBIQBOTMN"}
00431{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":619476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LfhAAD4Gl+CsEAABwKgKMs7yAFDXyAPYh\/bZA4AQAOW2YQAAAQEICgE5Mw0D4wSE"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1499347044676,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1499347044676,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":676186,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QP5AAD4GhNKsEAABwKgKMs8oAFCcEnPlAAAAAKACchBLPwAAAgQFtAQCCAoBOTMbAAAAAAEDAwc="}
00442{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":676326,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQzyh2l2DwnBJz5qAScSBsIQAAAgQFtAQCCAoD4wSSATkzGwEDAwc="}
00430{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347044,"pkt_ts_usec":677088,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QP9AAD4GhNmsEAABwKgKMs8oAFCcEnPmdpdg8YAQAOULKAAAAQEICgE5MxwD4wSS"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1499347047249,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1499347047249,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":249299,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rOxAAD4GGOSsEAABwKgKMs9CAFBNBJlzAAAAAKACchByIQAAAgQFtAQCCAoBOTWfAAAAAAEDAwc="}
00443{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":249425,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz0I8cGwCTQSZdKAScSC\/lQAAAgQFtAQCCAoD4wcVATk1nwEDAwc="}
00430{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":250184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rO1AAD4GGOusEAABwKgKMs9CAFBNBJl0PHBsA4AQAOVenQAAAQEICgE5NZ8D4wcV"}
00430{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":619018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1RAAD4GGoSsEAABwKgKMs8MAFB23Zv3G92kiIARAOUfIgAAAQEICgE5NfsD4wIb"}
00431{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":619278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0o\/pAAEAGH97AqAoyrBAAAQBQzwwb3aSIdt2b+IARAOMZzAAAAQEICgPjB3IBOTX7"}
00430{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347047,"pkt_ts_usec":620071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q1VAAD4GGoOsEAABwKgKMs8MAFB23Zv4G92kiYAQAOUZygAAAQEICgE5NfsD4wdy"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1499347048548,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1499347048548,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347048,"pkt_ts_usec":548242,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rW1AAD4GGGOsEAABwKgKMs9QAFDoOZuOAAAAAKACchDTfgAAAgQFtAQCCAoBOTbjAAAAAAEDAwc="}
00442{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347048,"pkt_ts_usec":548373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz1DxNtWr6Dmbj6AScSABPgAAAgQFtAQCCAoD4whaATk24wEDAwc="}
00430{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347048,"pkt_ts_usec":549137,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rW5AAD4GGGqsEAABwKgKMs9QAFDoOZuP8TbVrIAQAOWgRAAAAQEICgE5NuQD4wha"}
@@ -397,11 +397,11 @@
00430{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347050,"pkt_ts_usec":621833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QQBAAD4GhNisEAABwKgKMs8oAFCcEnPmdpdg8YARAOUFWQAAAQEICgE5OOoD4wSS"}
00431{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347050,"pkt_ts_usec":622072,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0apBAAEAGWUjAqAoyrBAAAQBQzyh2l2DxnBJz54ARAOP\/igAAAQEICgPjCmEBOTjq"}
00431{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347050,"pkt_ts_usec":622612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QQFAAD4GhNesEAABwKgKMs8oAFCcEnPndpdg8oAQAOX\/iAAAAQEICgE5OOoD4wph"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1499347051144,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1499347051144,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347051,"pkt_ts_usec":144619,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82StAAD4G7KSsEAABwKgKMs9qAFDGDOBHAAAAAKACchCuTwAAAgQFtAQCCAoBOTlsAAAAAAEDAwc="}
00442{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347051,"pkt_ts_usec":144745,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz2oBc4vXxgzgSKAScSATHgAAAgQFtAQCCAoD4wrjATk5bAEDAwc="}
00430{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347051,"pkt_ts_usec":145327,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02SxAAD4G7KusEAABwKgKMs9qAFDGDOBIAXOL2IAQAOWyJAAAAQEICgE5OW0D4wrj"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1499347052434,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1499347052434,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347052,"pkt_ts_usec":434886,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8athAAD4GWvisEAABwKgKMs94AFBfSFB3AAAAAKACchCjkwAAAgQFtAQCCAoBOTqvAAAAAAEDAwc="}
00442{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347052,"pkt_ts_usec":435011,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz3hoydAQX0hQeKAScSBbjwAAAgQFtAQCCAoD4wwmATk6rwEDAwc="}
00430{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347052,"pkt_ts_usec":435576,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0atlAAD4GWv+sEAABwKgKMs94AFBfSFB4aMnQEYAQAOX6lgAAAQEICgE5Oq8D4wwm"}
@@ -411,11 +411,11 @@
00430{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":623172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rW9AAD4GGGmsEAABwKgKMs9QAFDoOZuP8TbVrIARAOWbTwAAAQEICgE5O9gD4wha"}
00430{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":623383,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02ONAAEAG6vTAqAoyrBAAAQBQz1DxNtWs6DmbkIARAOOWWwAAAQEICgPjDU8BOTvY"}
00430{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":624108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rXBAAD4GGGisEAABwKgKMs9QAFDoOZuQ8TbVrYAQAOWWWQAAAQEICgE5O9gD4w1P"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1499347053735,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1499347053735,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":735968,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TcZAAD4GeAqsEAABwKgKMs+GAFAPQXYyAAAAAKACchDMjAAAAgQFtAQCCAoBOTv0AAAAAAEDAwc="}
00442{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":736095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz4b8rqheD0F2M6AScSAXEAAAAgQFtAQCCAoD4w1rATk79AEDAwc="}
00432{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347053,"pkt_ts_usec":736851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TcdAAD4GeBGsEAABwKgKMs+GAFAPQXYz\/K6oX4AQAOW2FgAAAQEICgE5O\/UD4w1r"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1499347056332,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1499347056332,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347056,"pkt_ts_usec":332919,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMxAAD4GrQSsEAABwKgKMs+gAFAIRCayAAAAAKACchAgZgAAAgQFtAQCCAoBOT5+AAAAAAEDAwc="}
00443{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347056,"pkt_ts_usec":333052,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz6DSyc0OCEQms6AScSBtlQAAAgQFtAQCCAoD4w\/0ATk+fgEDAwc="}
00431{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347056,"pkt_ts_usec":333833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GM1AAD4GrQusEAABwKgKMs+gAFAIRCaz0snND4AQAOUMnQAAAQEICgE5Pn4D4w\/0"}
@@ -425,39 +425,39 @@
00430{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":624266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0atpAAD4GWv6sEAABwKgKMs94AFBfSFB4aMnQEYARAOX1hAAAAQEICgE5P8AD4wwm"}
00431{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":624486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0wSZAAEAGArLAqAoyrBAAAQBQz3hoydARX0hQeYARAOPwdAAAAQEICgPjETcBOT\/A"}
00430{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":625240,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0attAAD4GWv2sEAABwKgKMs94AFBfSFB5aMnQEoAQAOXwcQAAAQEICgE5P8ED4xE3"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1499347057628,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1499347057628,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":628057,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yDFAAD4G\/Z6sEAABwKgKMs+uAFAuuffwAAAAAKACchAnYQAAAgQFtAQCCAoBOT\/BAAAAAAEDAwc="}
00443{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":628125,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz662huYkLrn38aAScSB2eQAAAgQFtAQCCAoD4xE4ATk\/wQEDAwc="}
00431{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347057,"pkt_ts_usec":628868,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDJAAD4G\/aWsEAABwKgKMs+uAFAuuffxtobmJYAQAOUVgAAAAQEICgE5P8ID4xE4"}
00431{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347059,"pkt_ts_usec":624902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TchAAD4GeBCsEAABwKgKMs+GAFAPQXYz\/K6oX4ARAOWwVQAAAQEICgE5QbUD4w1r"}
00430{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347059,"pkt_ts_usec":625113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0u3RAAEAGCGTAqAoyrBAAAQBQz4b8rqhfD0F2NIARAOOqlgAAAQEICgPjEysBOUG1"}
00431{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347059,"pkt_ts_usec":625881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TclAAD4GeA+sEAABwKgKMs+GAFAPQXY0\/K6oYIAQAOWqlAAAAQEICgE5QbUD4xMr"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1499347060176,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1499347060176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347060,"pkt_ts_usec":176542,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TeFAAD4Gd++sEAABwKgKMs\/IAFAgqg\/fAAAAAKACchAa6wAAAgQFtAQCCAoBOUI+AAAAAAEDAwc="}
00442{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347060,"pkt_ts_usec":176673,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz8g7I8+hIKoP4KAScSD5bAAAAgQFtAQCCAoD4xO1ATlCPgEDAwc="}
00433{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347060,"pkt_ts_usec":177441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TeJAAD4Gd\/asEAABwKgKMs\/IAFAgqg\/gOyPPooAQAOWYcwAAAQEICgE5Qj8D4xO1"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1499347061452,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1499347061452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":452043,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMs\/WAFCNxbSIAAAAAKACchAH2QAAAgQFtAQCCAoBOUN9AAAAAAEDAwc="}
00442{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":452171,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz9aoZTRrjcW0iaAScSATEAAAAgQFtAQCCAoD4xT0ATlDfQEDAwc="}
00432{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":452982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMs\/WAFCNxbSJqGU0bIAQAOWyFgAAAQEICgE5Q34D4xT0"}
00431{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":625322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GM5AAD4GrQqsEAABwKgKMs+gAFAIRCaz0snND4ARAOUHcQAAAQEICgE5Q6kD4w\/0"}
00430{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":625565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02BBAAEAG68fAqAoyrBAAAQBQz6DSyc0PCEQmtIARAOMCRwAAAQEICgPjFR8BOUOp"}
00430{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347061,"pkt_ts_usec":626282,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GM9AAD4GrQmsEAABwKgKMs+gAFAIRCa00snNEIAQAOUCRQAAAQEICgE5Q6kD4xUf"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1499347062740,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1499347062740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347062,"pkt_ts_usec":740557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/9NAAD4GxfysEAABwKgKMs\/kAFBs1rtsAAAAAKACchAglAAAAgQFtAQCCAoBOUS\/AAAAAAEDAwc="}
00442{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347062,"pkt_ts_usec":740683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz+TKmKvobNa7baAScSCQ2AAAAgQFtAQCCAoD4xY2ATlEvwEDAwc="}
00432{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347062,"pkt_ts_usec":741420,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/9RAAD4GxgOsEAABwKgKMs\/kAFBs1rttypir6YAQAOUv3wAAAQEICgE5RMAD4xY2"}
00431{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347063,"pkt_ts_usec":626011,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDNAAD4G\/aSsEAABwKgKMs+uAFAuuffxtobmJYARAOUPpAAAAQEICgE5RZ0D4xE4"}
00430{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347063,"pkt_ts_usec":626235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08TFAAEAG0qbAqAoyrBAAAQBQz662huYlLrn38oARAOMJyQAAAQEICgPjFxQBOUWd"}
00431{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347063,"pkt_ts_usec":626966,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yDRAAD4G\/aOsEAABwKgKMs+uAFAuuffytobmJoAQAOUJxwAAAQEICgE5RZ0D4xcU"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1499347065288,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1499347065288,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":288069,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t0lAAD4GDoesEAABwKgKMs\/+AFBdePB1AAAAAKACchD4UQAAAgQFtAQCCAoBOUc8AAAAAAEDAwc="}
00443{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":288232,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQz\/602CZHXXjwdqAScSABewAAAgQFtAQCCAoD4xizATlHPAEDAwc="}
00431{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":288646,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t0pAAD4GDo6sEAABwKgKMs\/+AFBdePB2tNgmSIAQAOWggQAAAQEICgE5Rz0D4xiz"}
00433{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":627018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TeNAAD4Gd\/WsEAABwKgKMs\/IAFAgqg\/gOyPPooARAOWTIAAAAQEICgE5R5ED4xO1"}
00430{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":627238,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01qpAAEAG7S3AqAoyrBAAAQBQz8g7I8+iIKoP4YARAOONzgAAAQEICgPjGQgBOUeR"}
00433{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347065,"pkt_ts_usec":627947,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TeRAAD4Gd\/SsEAABwKgKMs\/IAFAgqg\/hOyPPo4AQAOWNzAAAAQEICgE5R5ED4xkI"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1499347066560,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1499347066560,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347066,"pkt_ts_usec":560105,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zkNAAD4G94ysEAABwKgKMtAMAFBP5YY5AAAAAKACchBu1QAAAgQFtAQCCAoBOUh6AAAAAAEDAwc="}
00443{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347066,"pkt_ts_usec":560228,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Ax\/i5rPT+WGOqAScSA3hQAAAgQFtAQCCAoD4xnxATlIegEDAwc="}
00430{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347066,"pkt_ts_usec":560976,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkRAAD4G95OsEAABwKgKMtAMAFBP5YY6f4ua0IAQAOXWiwAAAQEICgE5SHsD4xnx"}
@@ -467,18 +467,18 @@
00432{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347068,"pkt_ts_usec":629041,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/9VAAD4GxgKsEAABwKgKMs\/kAFBs1rttypir6YARAOUqHgAAAQEICgE5SoAD4xY2"}
00431{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347068,"pkt_ts_usec":629253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sB9AAEAGE7nAqAoyrBAAAQBQz+TKmKvpbNa7boARAOMkXwAAAQEICgPjG\/YBOUqA"}
00432{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347068,"pkt_ts_usec":629839,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/9ZAAD4GxgGsEAABwKgKMs\/kAFBs1rtuypir6oAQAOUkXQAAAQEICgE5SoAD4xv2"}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_tot_l4_data_len":16724,"flow_min_l4_data_len":32,"flow_max_l4_data_len":7272,"flow_avg_l4_data_len":557,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1499347069146,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1499346935283,"flow_last_seen":1499346941359,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7240,"flow_tot_l4_payload_len":15748,"flow_avg_l4_payload_len":524,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1499346935343,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1499346935650,"flow_last_seen":1499346941289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1499347069146,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347069,"pkt_ts_usec":146742,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8xkJAAD4G\/42sEAABwKgKMtAmAFBk4I1DAAAAAKACchBQLwAAAgQFtAQCCAoBOUsBAAAAAAEDAwc="}
00442{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347069,"pkt_ts_usec":146870,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0CYp21tPZOCNRKAScSCriAAAAgQFtAQCCAoD4xx4ATlLAQEDAwc="}
00431{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347069,"pkt_ts_usec":147622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xkNAAD4G\/5SsEAABwKgKMtAmAFBk4I1EKdtbUIAQAOVKkAAAAQEICgE5SwED4xx4"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1499347070422,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1499347070422,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347070,"pkt_ts_usec":422420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83flAAD4G59asEAABwKgKMtA0AFCnyZG5AAAAAKACchAHgwAAAgQFtAQCCAoBOUxAAAAAAAEDAwc="}
00442{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347070,"pkt_ts_usec":422551,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0DQuPoKZp8mRuqAScSA18AAAAgQFtAQCCAoD4x23ATlMQAEDAwc="}
00430{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347070,"pkt_ts_usec":423319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03fpAAD4G592sEAABwKgKMtA0AFCnyZG6Lj6CmoAQAOXU9wAAAQEICgE5TEAD4x23"}
@@ -488,18 +488,18 @@
00430{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":630353,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkVAAD4G95KsEAABwKgKMtAMAFBP5YY6f4ua0IARAOXRlwAAAQEICgE5TW4D4xnx"}
00431{"flow_id":60,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":630555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hDVAAEAGP6PAqAoyrBAAAQBQ0Ax\/i5rQT+WGO4ARAOPMpAAAAQEICgPjHuUBOU1u"}
00430{"flow_id":60,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":631289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zkZAAD4G95GsEAABwKgKMtAMAFBP5YY7f4ua0YAQAOXMogAAAQEICgE5TW4D4x7l"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1499347071685,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1499347071685,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":685917,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gQZAAD4GRMqsEAABwKgKMtBCAFDUJMx6AAAAAKACchCfHAAAAgQFtAQCCAoBOU18AAAAAAEDAwc="}
00442{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":686016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0EJ9MmhQ1CTMe6AScSCXogAAAgQFtAQCCAoD4x7zATlNfAEDAwc="}
00430{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347071,"pkt_ts_usec":686789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gQdAAD4GRNGsEAABwKgKMtBCAFDUJMx7fTJoUYAQAOU2qgAAAQEICgE5TXwD4x7z"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1499347074268,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1499347074268,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":268117,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NBxAAD4GkbSsEAABwKgKMtBcAFD4fmQdAAAAAKACchDggAAAAgQFtAQCCAoBOVABAAAAAAEDAwc="}
00442{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":268220,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Fw80cpV+H5kHqAScSC03QAAAgQFtAQCCAoD4yF4ATlQAQEDAwc="}
00430{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":269009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NB1AAD4GkbusEAABwKgKMtBcAFD4fmQePNHKVoAQAOVT5AAAAQEICgE5UAID4yF4"}
00431{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":630101,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xkRAAD4G\/5OsEAABwKgKMtAmAFBk4I1EKdtbUIARAOVFNAAAAQEICgE5UFwD4xx4"}
00431{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":630324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0eoNAAEAGSVXAqAoyrBAAAQBQ0CYp21tQZOCNRYARAOM\/2gAAAQEICgPjIdMBOVBc"}
00432{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347074,"pkt_ts_usec":630874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0xkVAAD4G\/5KsEAABwKgKMtAmAFBk4I1FKdtbUYAQAOU\/2AAAAQEICgE5UFwD4yHT"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1499347075596,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1499347075596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347075,"pkt_ts_usec":596906,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KAdAAD4GncmsEAABwKgKMtBqAFA4KXlJAAAAAKACchCKTwAAAgQFtAQCCAoBOVFOAAAAAAEDAwc="}
00442{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347075,"pkt_ts_usec":597034,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0GplJM47OCl5SqAScSAxJwAAAgQFtAQCCAoD4yLEATlRTgEDAwc="}
00430{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347075,"pkt_ts_usec":597762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KAhAAD4GndCsEAABwKgKMtBqAFA4KXlKZSTOPIAQAOXQLgAAAQEICgE5UU4D4yLE"}
@@ -509,11 +509,11 @@
00430{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347077,"pkt_ts_usec":631187,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gQhAAD4GRNCsEAABwKgKMtBCAFDUJMx7fTJoUYARAOUw2wAAAQEICgE5U0oD4x7z"}
00430{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347077,"pkt_ts_usec":631432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TJBAAEAGd0jAqAoyrBAAAQBQ0EJ9MmhR1CTMfIARAOMrDgAAAQEICgPjJMEBOVNK"}
00430{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347077,"pkt_ts_usec":632156,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gQlAAD4GRM+sEAABwKgKMtBCAFDUJMx8fTJoUoAQAOUrDAAAAQEICgE5U0oD4yTB"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1499347078168,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1499347078168,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347078,"pkt_ts_usec":168829,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VtlAAD4GbvesEAABwKgKMtCEAFCbYgUIAAAAAKACchCYugAAAgQFtAQCCAoBOVPRAAAAAAEDAwc="}
00442{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347078,"pkt_ts_usec":168956,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0IRJPKyYm2IFCaAScSB6mgAAAgQFtAQCCAoD4yVHATlT0QEDAwc="}
00430{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347078,"pkt_ts_usec":169683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VtpAAD4Gbv6sEAABwKgKMtCEAFCbYgUJSTysmYAQAOUZogAAAQEICgE5U9ED4yVH"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1499347079449,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1499347079449,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347079,"pkt_ts_usec":449845,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81tZAAD4G7vmsEAABwKgKMtCSAFDwQYPHAAAAAKACchDDzQAAAgQFtAQCCAoBOVURAAAAAAEDAwc="}
00442{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347079,"pkt_ts_usec":449970,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0JKY6hHr8EGDyKAScSDvawAAAgQFtAQCCAoD4yaIATlVEQEDAwc="}
00430{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347079,"pkt_ts_usec":450728,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01tdAAD4G7wCsEAABwKgKMtCSAFDwQYPImOoR7IAQAOWOcwAAAQEICgE5VRED4yaI"}
@@ -523,15 +523,15 @@
00430{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":633165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KAlAAD4Gnc+sEAABwKgKMtBqAFA4KXlKZSTOPIARAOXLQgAAAQEICgE5VjkD4yLE"}
00430{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":633407,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06ZNAAEAG2kTAqAoyrBAAAQBQ0GplJM48OCl5S4ARAOPGWAAAAQEICgPjJ68BOVY5"}
00430{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":634142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KApAAD4Gnc6sEAABwKgKMtBqAFA4KXlLZSTOPYAQAOXGVgAAAQEICgE5VjkD4yev"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1499347080793,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1499347080793,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":793785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x4ZAAD4G\/kmsEAABwKgKMtCgAFDV9pHnAAAAAKACchDOmgAAAgQFtAQCCAoBOVZhAAAAAAEDAwc="}
00442{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":793933,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0KAcF4FK1faR6KAScSAGXQAAAgQFtAQCCAoD4yfYATlWYQEDAwc="}
00431{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347080,"pkt_ts_usec":794520,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x4dAAD4G\/lCsEAABwKgKMtCgAFDV9pHoHBeBS4AQAOWlZAAAAQEICgE5VmED4yfY"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1499347082084,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1499347082084,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347082,"pkt_ts_usec":84347,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rj9AAD4GF5GsEAABwKgKMtCuAFC6z\/mcAAAAAKACchCAvAAAAgQFtAQCCAoBOVejAAAAAAEDAwc="}
00442{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347082,"pkt_ts_usec":84510,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0K6mztSPus\/5naAScSDZPwAAAgQFtAQCCAoD4ykaATlXowEDAwc="}
00430{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347082,"pkt_ts_usec":85231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rkBAAD4GF5isEAABwKgKMtCuAFC6z\/mdps7UkIAQAOV4RgAAAQEICgE5V6QD4yka"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1499347083358,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1499347083358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347083,"pkt_ts_usec":358642,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81M5AAD4G8QGsEAABwKgKMtC8AFCsV4wsAAAAAKACchD7VwAAAgQFtAQCCAoBOVjiAAAAAAEDAwc="}
00443{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347083,"pkt_ts_usec":358772,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0LzW0\/50rFeMLaAScSD4sQAAAgQFtAQCCAoD4ypZATlY4gEDAwc="}
00430{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347083,"pkt_ts_usec":359360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01M9AAD4G8QisEAABwKgKMtC8AFCsV4wt1tP+dYAQAOWXuQAAAQEICgE5WOID4ypZ"}
@@ -541,43 +541,43 @@
00431{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":634285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01thAAD4G7v+sEAABwKgKMtCSAFDwQYPImOoR7IARAOWJYgAAAQEICgE5WiED4yaI"}
00431{"flow_id":67,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":634533,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OnRAAEAGiWTAqAoyrBAAAQBQ0JKY6hHs8EGDyYARAOOEUwAAAQEICgPjK5gBOVoh"}
00431{"flow_id":67,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":635243,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01tlAAD4G7v6sEAABwKgKMtCSAFDwQYPJmOoR7YAQAOWEUQAAAQEICgE5WiED4yuY"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1499347084644,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1499347084644,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":644490,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8o6RAAD4GIiysEAABwKgKMtDKAFAgx\/mHAAAAAKACchAYPgAAAgQFtAQCCAoBOVojAAAAAAEDAwc="}
00443{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":644574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Mrcl6UQIMf5iKAScSBn9wAAAgQFtAQCCAoD4yuaATlaIwEDAwc="}
00433{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347084,"pkt_ts_usec":645344,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0o6VAAD4GIjOsEAABwKgKMtDKAFAgx\/mI3JelEYAQAOUG\/gAAAQEICgE5WiQD4yua"}
00432{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347086,"pkt_ts_usec":635096,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x4hAAD4G\/k+sEAABwKgKMtCgAFDV9pHoHBeBS4ARAOWfrwAAAQEICgE5XBUD4yfY"}
00432{"flow_id":68,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347086,"pkt_ts_usec":635315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rMdAAEAGFxHAqAoyrBAAAQBQ0KAcF4FL1faR6YARAOOZ\/AAAAQEICgPjLYwBOVwV"}
00432{"flow_id":68,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347086,"pkt_ts_usec":636029,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x4lAAD4G\/k6sEAABwKgKMtCgAFDV9pHpHBeBTIAQAOWZ+gAAAQEICgE5XBUD4y2M"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1499347087256,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1499347087256,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":256238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8beFAAD4GV++sEAABwKgKMtDkAFAnsDFRAAAAAKACchDW5AAAAgQFtAQCCAoBOVywAAAAAAEDAwc="}
00443{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":256339,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0OTlcRoYJ7AxUqAScSCmLwAAAgQFtAQCCAoD4y4nATlcsAEDAwc="}
00432{"flow_id":72,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":257111,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0beJAAD4GV\/asEAABwKgKMtDkAFAnsDFS5XEaGYAQAOVFNgAAAQEICgE5XLED4y4n"}
00432{"flow_id":69,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":635700,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rkFAAD4GF5esEAABwKgKMtCuAFC6z\/mdps7UkIARAOVy2gAAAQEICgE5XQ8D4yka"}
00432{"flow_id":69,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":635966,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+hZAAEAGycHAqAoyrBAAAQBQ0K6mztSQus\/5noARAONtbwAAAQEICgPjLoYBOV0P"}
00432{"flow_id":69,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347087,"pkt_ts_usec":636674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rkJAAD4GF5asEAABwKgKMtCuAFC6z\/meps7UkYAQAOVtbAAAAQEICgE5XRAD4y6G"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1499347088552,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1499347088552,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":552811,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA892FAAD4Gzm6sEAABwKgKMtDyAFAECKqUAAAAAKACchB\/9gAAAgQFtAQCCAoBOV31AAAAAAEDAwc="}
00443{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":552900,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0PJdbGlkBAiqlaAScSCGtgAAAgQFtAQCCAoD4y9rATld9QEDAwc="}
00431{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":553690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092JAAD4GznWsEAABwKgKMtDyAFAECKqVXWxpZYAQAOUlvgAAAQEICgE5XfUD4y9r"}
00431{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":636399,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01NBAAD4G8QesEAABwKgKMtC8AFCsV4wt1tP+dYARAOWSkAAAAQEICgE5XgoD4ypZ"}
00432{"flow_id":70,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":636582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA00fVAAEAG8eLAqAoyrBAAAQBQ0LzW0\/51rFeMLoARAOONagAAAQEICgPjL4ABOV4K"}
00431{"flow_id":70,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347088,"pkt_ts_usec":637124,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01NFAAD4G8QasEAABwKgKMtC8AFCsV4wu1tP+doAQAOWNaAAAAQEICgE5XgoD4y+A"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":17697,"flow_min_l4_data_len":32,"flow_max_l4_data_len":7958,"flow_avg_l4_data_len":536,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":33,"flow_first_seen":1499346956870,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7926,"flow_tot_l4_payload_len":16625,"flow_avg_l4_payload_len":503,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1499346956932,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1499346957283,"flow_last_seen":1499346960891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347090,"pkt_ts_usec":637730,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0o6ZAAD4GIjKsEAABwKgKMtDKAFAgx\/mI3JelEYARAOUBIwAAAQEICgE5X\/4D4yua"}
00432{"flow_id":71,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347090,"pkt_ts_usec":637883,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lGVAAEAGL3PAqAoyrBAAAQBQ0Mrcl6URIMf5iYAQAOP7SQAAAQEICgPjMXUBOV\/+"}
00432{"flow_id":71,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347090,"pkt_ts_usec":637945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lGZAAEAGL3LAqAoyrBAAAQBQ0Mrcl6URIMf5iYARAOP7SAAAAQEICgPjMXUBOV\/+"}
00433{"flow_id":71,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347090,"pkt_ts_usec":638459,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XcZAAD4GaBKsEAABwKgKMtDKAFAgx\/mJ3JelEoAQAOX7RgAAAQEICgE5X\/4D4zF1"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1499347091102,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1499347091102,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347091,"pkt_ts_usec":102802,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uhVAAD4GC7usEAABwKgKMtEMAFDkONpnAAAAAKACchBtWwAAAgQFtAQCCAoBOWByAAAAAAEDAwc="}
00443{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347091,"pkt_ts_usec":102913,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0QySpl9e5DjaaKAScSBGaQAAAgQFtAQCCAoD4zHpATlgcgEDAwc="}
00431{"flow_id":74,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347091,"pkt_ts_usec":103528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uhZAAD4GC8KsEAABwKgKMtEMAFDkONpokqZfX4AQAOXlcAAAAQEICgE5YHID4zHp"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1499347092374,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1499347092374,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347092,"pkt_ts_usec":374921,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rL1AAD4GGROsEAABwKgKMtEaAFBpN80NAAAAAKACchD0agAAAgQFtAQCCAoBOWGwAAAAAAEDAwc="}
00443{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347092,"pkt_ts_usec":375048,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0RpaHI+7aTfNDqAScSDUZwAAAgQFtAQCCAoD4zMnATlhsAEDAwc="}
00431{"flow_id":75,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347092,"pkt_ts_usec":375721,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rL5AAD4GGRqsEAABwKgKMtEaAFBpN80OWhyPvIAQAOVzbwAAAQEICgE5YbAD4zMn"}
@@ -587,32 +587,32 @@
00431{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":637721,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092NAAD4GznSsEAABwKgKMtDyAFAECKqVXWxpZYARAOUgxgAAAQEICgE5YuwD4y9r"}
00431{"flow_id":73,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":637977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XQZAAEAGZtLAqAoyrBAAAQBQ0PJdbGllBAiqloARAOMbzwAAAQEICgPjNGMBOWLs"}
00431{"flow_id":73,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":638529,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA092RAAD4GznOsEAABwKgKMtDyAFAECKqWXWxpZoAQAOUbzQAAAQEICgE5YuwD4zRj"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1499347093662,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1499347093662,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":662309,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ku9AAD4GmuGsEAABwKgKMtEoAFAtsEgdAAAAAKACchCzkgAAAgQFtAQCCAoBOWLyAAAAAAEDAwc="}
00443{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":662407,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0Shd8PQZLbBIHqAScSAqGwAAAgQFtAQCCAoD4zRpATli8gEDAwc="}
00431{"flow_id":76,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347093,"pkt_ts_usec":663190,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvBAAD4GmuisEAABwKgKMtEoAFAtsEgeXfD0GoAQAOXJIgAAAQEICgE5YvID4zRp"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1499347096201,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1499347096201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":201937,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZsxAAD4GXwSsEAABwKgKMtFCAFCngwOhAAAAAKACchB7pgAAAgQFtAQCCAoBOWVtAAAAAAEDAwc="}
00443{"flow_id":77,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":202117,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0UJnxk6+p4MDoqAScSCLOQAAAgQFtAQCCAoD4zbkATllbQEDAwc="}
00431{"flow_id":77,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":202644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Zs1AAD4GXwusEAABwKgKMtFCAFCngwOiZ8ZOv4AQAOUqQQAAAQEICgE5ZW0D4zbk"}
00431{"flow_id":74,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":638456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uhdAAD4GC8GsEAABwKgKMtEMAFDkONpokqZfX4ARAOXgBwAAAQEICgE5ZdoD4zHp"}
00431{"flow_id":74,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":638675,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aA5AAEAGW8rAqAoyrBAAAQBQ0QySpl9f5DjaaYARAOPaoAAAAQEICgPjN1EBOWXa"}
00431{"flow_id":74,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347096,"pkt_ts_usec":639218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uhhAAD4GC8CsEAABwKgKMtEMAFDkONppkqZfYIAQAOXangAAAQEICgE5ZdoD4zdR"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1499347097460,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1499347097460,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":460010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83YdAAD4G6EisEAABwKgKMtFQAFAbC7sgAAAAAKACchBPVwAAAgQFtAQCCAoBOWanAAAAAAEDAwc="}
00443{"flow_id":78,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":460137,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0VBz69jzGwu7IaAScSDHVQAAAgQFtAQCCAoD4zgeATlmpwEDAwc="}
00431{"flow_id":78,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":460694,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03YhAAD4G6E+sEAABwKgKMtFQAFAbC7shc+vY9IAQAOVmXAAAAQEICgE5ZqgD4zge"}
00431{"flow_id":75,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":639087,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rL9AAD4GGRmsEAABwKgKMtEaAFBpN80OWhyPvIARAOVuSgAAAQEICgE5ZtQD4zMn"}
00432{"flow_id":75,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":639278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0t\/dAAEAGC+HAqAoyrBAAAQBQ0RpaHI+8aTfND4ARAONpJwAAAQEICgPjOEsBOWbU"}
00431{"flow_id":75,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347097,"pkt_ts_usec":640030,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rMBAAD4GGRisEAABwKgKMtEaAFBpN80PWhyPvYAQAOVpJQAAAQEICgE5ZtQD4zhL"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1499347098746,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1499347098746,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347098,"pkt_ts_usec":746605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gixAAD4GQ6SsEAABwKgKMtFeAFA\/7+XFAAAAAKACchD+fQAAAgQFtAQCCAoBOWfpAAAAAAEDAwc="}
00444{"flow_id":79,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347098,"pkt_ts_usec":746757,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0V6c5l18P+\/lxqAScSDHtgAAAgQFtAQCCAoD4zlgATln6QEDAwc="}
00432{"flow_id":79,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347098,"pkt_ts_usec":747496,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi1AAD4GQ6usEAABwKgKMtFeAFA\/7+XGnOZdfYAQAOVmvgAAAQEICgE5Z+kD4zlg"}
00431{"flow_id":76,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347099,"pkt_ts_usec":639920,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvFAAD4GmuesEAABwKgKMtEoAFAtsEgeXfD0GoARAOXDSwAAAQEICgE5aMgD4zRp"}
00431{"flow_id":76,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347099,"pkt_ts_usec":640142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ziVAAEAG9bLAqAoyrBAAAQBQ0Shd8PQaLbBIH4ARAOO9dgAAAQEICgPjOj8BOWjI"}
00432{"flow_id":76,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347099,"pkt_ts_usec":640896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvJAAD4GmuasEAABwKgKMtEoAFAtsEgfXfD0G4AQAOW9cwAAAQEICgE5aMkD4zo\/"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1499347101314,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1499347101314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347101,"pkt_ts_usec":314377,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HlBAAD4Gp4CsEAABwKgKMtF4AFDPTHQ7AAAAAKACchDeDgAAAgQFtAQCCAoBOWprAAAAAAEDAwc="}
00443{"flow_id":80,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347101,"pkt_ts_usec":314516,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0XjCGItuz0x0PKAScSBRoQAAAgQFtAQCCAoD4zviATlqawEDAwc="}
00431{"flow_id":80,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347101,"pkt_ts_usec":315270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HlFAAD4Gp4esEAABwKgKMtF4AFDPTHQ8whiLb4AQAOXwqAAAAQEICgE5amsD4zvi"}
@@ -620,11 +620,11 @@
00432{"flow_id":77,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347101,"pkt_ts_usec":640039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0coxAAEAGUUzAqAoyrBAAAQBQ0UJnxk6\/p4MDo4ARAOMfowAAAQEICgPjPDMBOWq8"}
00431{"flow_id":77,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347101,"pkt_ts_usec":640595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Zs9AAD4GXwmsEAABwKgKMtFCAFCngwOjZ8ZOwIAQAOUfoAAAAQEICgE5ar0D4zwz"}
00946{"flow_id":78,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":358512,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz3YlAAD4G5s+sEAABwKgKMtFQAFAbC7shc+vY9IAYAOUQnAAAAQEICgE5a3AD4zgeR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_first_seen":1499347097460,"flow_last_seen":1499347102358,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":78,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":358649,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05BNAAEAG38TAqAoyrBAAAQBQ0VBz69j0Gwu8oIAQAOtbRgAAAQEICgPjPOcBOWtw"}
02828{"flow_id":78,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":367231,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcf5BRAAEAG2NjAqAoyrBAAAQBQ0VBz69j0Gwu8oIAYAOt9\/QAAAQEICgPjPOkBOWtwSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE4OjIyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00431{"flow_id":78,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":367891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03YpAAD4G6E2sEAABwKgKMtFQAFAbC7ygc+vf34AQAQBUQgAAAQEICgE5a3ID4zzp"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1499347102609,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1499347102609,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":609708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ux5AAD4GCrKsEAABwKgKMtGGAFBKzdCxAAAAAKACchAExgAAAgQFtAQCCAoBOWuvAAAAAAEDAwc="}
00443{"flow_id":81,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":609833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0YYGn50FSs3QsqAScSAg+AAAAgQFtAQCCAoD4z0lATlrrwEDAwc="}
00433{"flow_id":81,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347102,"pkt_ts_usec":610548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ux9AAD4GCrmsEAABwKgKMtGGAFBKzdCyBp+dBoAQAOW\/\/wAAAQEICgE5a68D4z0l"}
@@ -639,11 +639,11 @@
00432{"flow_id":79,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347104,"pkt_ts_usec":640486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi5AAD4GQ6qsEAABwKgKMtFeAFA\/7+XGnOZdfYARAOVg+wAAAQEICgE5basD4zlg"}
00432{"flow_id":79,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347104,"pkt_ts_usec":640704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YlxAAEAGYXzAqAoyrBAAAQBQ0V6c5l19P+\/lx4ARAONbOwAAAQEICgPjPyEBOW2r"}
00432{"flow_id":79,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347104,"pkt_ts_usec":641436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gi9AAD4GQ6msEAABwKgKMtFeAFA\/7+XHnOZdfoAQAOVbOQAAAQEICgE5basD4z8h"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1499347105154,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1499347105154,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347105,"pkt_ts_usec":154035,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eX9AAD4GTFGsEAABwKgKMtGgAFC6fhdUAAAAAKACchBL3AAAAgQFtAQCCAoBOW4rAAAAAAEDAwc="}
00443{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347105,"pkt_ts_usec":154168,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0aA4hAGdun4XVaAScSDPFAAAAgQFtAQCCAoD4z+iATluKwEDAwc="}
00431{"flow_id":82,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347105,"pkt_ts_usec":154904,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eYBAAD4GTFisEAABwKgKMtGgAFC6fhdVOIQBnoAQAOVuHAAAAQEICgE5bisD4z+i"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1499347106438,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1499347106438,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347106,"pkt_ts_usec":438309,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kWRAAD4GNGysEAABwKgKMtGuAFDha\/4IAAAAAKACchA86wAAAgQFtAQCCAoBOW9sAAAAAAEDAwc="}
00443{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347106,"pkt_ts_usec":438413,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0a4RPd924Wv+CaAScSAIUAAAAgQFtAQCCAoD40DjATlvbAEDAwc="}
00432{"flow_id":83,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347106,"pkt_ts_usec":439208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kWVAAD4GNHOsEAABwKgKMtGuAFDha\/4JET3fd4AQAOWnVwAAAQEICgE5b2wD40Dj"}
@@ -653,26 +653,26 @@
00431{"flow_id":81,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":641235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uyBAAD4GCrisEAABwKgKMtGGAFBKzdCyBp+dBoARAOW7FAAAAQEICgE5cJkD4z0l"}
00431{"flow_id":81,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":641480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03wlAAEAG5M7AqAoyrBAAAQBQ0YYGn50GSs3Qs4ARAOO2KwAAAQEICgPjQg8BOXCZ"}
00431{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":642215,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uyFAAD4GCresEAABwKgKMtGGAFBKzdCzBp+dB4AQAOW2KQAAAQEICgE5cJkD40IP"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1499347107719,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1499347107719,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":719375,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GMdAAD4GrQmsEAABwKgKMtG8AFANSWhrAAAAAKACchClXQAAAgQFtAQCCAoBOXCsAAAAAAEDAwc="}
00443{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":719520,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0byrN2AMDUlobKAScSBU8gAAAgQFtAQCCAoD40IjATlwrAEDAwc="}
00431{"flow_id":84,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347107,"pkt_ts_usec":720082,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMhAAD4GrRCsEAABwKgKMtG8AFANSWhsqzdgDYAQAOXz+AAAAQEICgE5cK0D40Ij"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_tot_l4_data_len":7284,"flow_min_l4_data_len":32,"flow_max_l4_data_len":5362,"flow_avg_l4_data_len":560,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_tot_l4_data_len":2401,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1739,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1499347110266,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1499346976677,"flow_last_seen":1499346982914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5330,"flow_tot_l4_payload_len":6852,"flow_avg_l4_payload_len":527,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1499346976999,"flow_last_seen":1499346982906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1707,"flow_tot_l4_payload_len":2065,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1499346976999,"flow_last_seen":1499346982607,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1499346983175,"flow_last_seen":1499346988608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1499346984469,"flow_last_seen":1499346989608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1499347110266,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":266521,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u39AAD4GClGsEAABwKgKMtHWAFDeH8hWAAAAAKACchByBAAAAgQFtAQCCAoBOXMpAAAAAAEDAwc="}
00444{"flow_id":85,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":266648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0dbJG1vv3h\/IV6AScSAFVQAAAgQFtAQCCAoD40SgATlzKQEDAwc="}
00431{"flow_id":85,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":267334,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u4BAAD4GClisEAABwKgKMtHWAFDeH8hXyRtb8IAQAOWkXAAAAQEICgE5cykD40Sg"}
00431{"flow_id":82,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":641363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eYFAAD4GTFesEAABwKgKMtGgAFC6fhdVOIQBnoARAOVovwAAAQEICgE5c4cD4z+i"}
00431{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":641611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RWNAAEAGfnXAqAoyrBAAAQBQ0aA4hAGeun4XVoARAONjZQAAAQEICgPjRP0BOXOH"}
00431{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347110,"pkt_ts_usec":642346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eYJAAD4GTFasEAABwKgKMtGgAFC6fhdWOIQBn4AQAOVjYwAAAQEICgE5c4cD40T9"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1499347111565,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1499347111565,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347111,"pkt_ts_usec":565010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ioRAAD4GO0ysEAABwKgKMtHkAFDzev7qAAAAAKACchAkwgAAAgQFtAQCCAoBOXRuAAAAAAEDAwc="}
00443{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347111,"pkt_ts_usec":565183,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0eR9BdLY83r+66AScSCL+wAAAgQFtAQCCAoD40XkATl0bgEDAwc="}
00431{"flow_id":86,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347111,"pkt_ts_usec":565797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ioVAAD4GO1OsEAABwKgKMtHkAFDzev7rfQXS2YAQAOUrAwAAAQEICgE5dG4D40Xk"}
@@ -682,11 +682,11 @@
00431{"flow_id":84,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347113,"pkt_ts_usec":642174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMlAAD4GrQ+sEAABwKgKMtG8AFANSWhsqzdgDYARAOXuLwAAAQEICgE5dnUD40Ij"}
00432{"flow_id":84,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347113,"pkt_ts_usec":642448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0J+FAAEAGm\/fAqAoyrBAAAQBQ0byrN2ANDUlobYARAOPoZwAAAQEICgPjR+wBOXZ1"}
00431{"flow_id":84,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347113,"pkt_ts_usec":642966,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GMpAAD4GrQ6sEAABwKgKMtG8AFANSWhtqzdgDoAQAOXoZQAAAQEICgE5dnUD40fs"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1499347114111,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1499347114111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347114,"pkt_ts_usec":111371,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8emxAAD4GS2SsEAABwKgKMtH+AFCQhwyGAAAAAKACchB3hAAAAgQFtAQCCAoBOXbqAAAAAAEDAwc="}
00443{"flow_id":87,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347114,"pkt_ts_usec":111528,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0f6FLaNRkIcMh6AScSADoAAAAgQFtAQCCAoD40hhATl26gEDAwc="}
00431{"flow_id":87,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347114,"pkt_ts_usec":112059,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0em1AAD4GS2usEAABwKgKMtH+AFCQhwyHhS2jUoAQAOWipgAAAQEICgE5dusD40hh"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1499347115408,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1499347115408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347115,"pkt_ts_usec":408321,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N6NAAD4Gji2sEAABwKgKMtIMAFCkuE+MAAAAAKACchAe+gAAAgQFtAQCCAoBOXgvAAAAAAEDAwc="}
00443{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347115,"pkt_ts_usec":408410,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0gwQkJx6pLhPjaAScSAlRgAAAgQFtAQCCAoD40mlATl4LwEDAwc="}
00431{"flow_id":88,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347115,"pkt_ts_usec":409199,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N6RAAD4GjjSsEAABwKgKMtIMAFCkuE+NEJCce4AQAOXETQAAAQEICgE5eC8D40ml"}
@@ -696,28 +696,28 @@
00431{"flow_id":86,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":642193,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ioZAAD4GO1KsEAABwKgKMtHkAFDzev7rfQXS2YARAOUmDQAAAQEICgE5eWMD40Xk"}
00431{"flow_id":86,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":642482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0mANAAEAGK9XAqAoyrBAAAQBQ0eR9BdLZ83r+7IARAOMhGAAAAQEICgPjStoBOXlj"}
00431{"flow_id":86,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":643034,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iodAAD4GO1GsEAABwKgKMtHkAFDzev7sfQXS2oAQAOUhFgAAAQEICgE5eWMD40ra"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1499347116705,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1499347116705,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":705522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FEVAAD4GsYusEAABwKgKMtIaAFCixG02AAAAAKACchAB8gAAAgQFtAQCCAoBOXlzAAAAAAEDAwc="}
00443{"flow_id":89,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":705654,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0hqTGb4kosRtN6AScSBixgAAAgQFtAQCCAoD40rpATl5cwEDAwc="}
00431{"flow_id":89,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347116,"pkt_ts_usec":706369,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FEZAAD4GsZKsEAABwKgKMtIaAFCixG03kxm+JYAQAOUBzgAAAQEICgE5eXMD40rp"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1499347119336,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1499347119336,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":336171,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AVBAAD4GxICsEAABwKgKMtI0AFAiVX1VAAAAAKACchBvlgAAAgQFtAQCCAoBOXwFAAAAAAEDAwc="}
00443{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":336294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0jRzeBsiIlV9VqAScSCQfAAAAgQFtAQCCAoD4017ATl8BQEDAwc="}
00431{"flow_id":90,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":336977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AVFAAD4GxIesEAABwKgKMtI0AFAiVX1Wc3gbI4AQAOUvhAAAAQEICgE5fAUD4017"}
00431{"flow_id":87,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":642759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0em5AAD4GS2qsEAABwKgKMtH+AFCQhwyHhS2jUoARAOWdPwAAAQEICgE5fFED40hh"}
00431{"flow_id":87,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":642977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07ppAAEAG1T3AqAoyrBAAAQBQ0f6FLaNSkIcMiIARAOOX2QAAAQEICgPjTcgBOXxR"}
00431{"flow_id":87,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347119,"pkt_ts_usec":643530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0em9AAD4GS2msEAABwKgKMtH+AFCQhwyIhS2jU4AQAOWX1wAAAQEICgE5fFED403I"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1499347120603,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1499346985762,"flow_last_seen":1499346991610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1499346988319,"flow_last_seen":1499346993610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1499346989580,"flow_last_seen":1499346994610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1499346992144,"flow_last_seen":1499346997611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1291,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1499346993434,"flow_last_seen":1499346998611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1499347120603,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347120,"pkt_ts_usec":603108,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA815JAAD4G7j2sEAABwKgKMtJCAFDFAarTAAAAAKACchCeIQAAAgQFtAQCCAoBOX1BAAAAAAEDAwc="}
00443{"flow_id":91,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347120,"pkt_ts_usec":603235,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0kIa0KsLxQGq1KAScSCGiQAAAgQFtAQCCAoD4064ATl9QQEDAwc="}
00431{"flow_id":91,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347120,"pkt_ts_usec":603995,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA015NAAD4G7kSsEAABwKgKMtJCAFDFAarUGtCrDIAQAOUlkQAAAQEICgE5fUED4064"}
@@ -727,11 +727,11 @@
00431{"flow_id":89,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347122,"pkt_ts_usec":643671,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FEdAAD4GsZGsEAABwKgKMtIaAFCixG03kxm+JYARAOX8AAAAAQEICgE5fz8D40rp"}
00432{"flow_id":89,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347122,"pkt_ts_usec":643890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07pNAAEAG1UTAqAoyrBAAAQBQ0hqTGb4losRtOIARAOP2NAAAAQEICgPjULYBOX8\/"}
00431{"flow_id":89,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347122,"pkt_ts_usec":644441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FEhAAD4GsZCsEAABwKgKMtIaAFCixG04kxm+JoAQAOX2MQAAAQEICgE5f0AD41C2"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1499347123174,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1499347123174,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347123,"pkt_ts_usec":174408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j6NAAD4GNi2sEAABwKgKMtJcAFBy9vBnAAAAAKACchCn+wAAAgQFtAQCCAoBOX\/EAAAAAAEDAwc="}
00444{"flow_id":92,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347123,"pkt_ts_usec":174534,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0lx1HkCocvbwaKAScSCd9QAAAgQFtAQCCAoD41E7ATl\/xAEDAwc="}
00432{"flow_id":92,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347123,"pkt_ts_usec":175097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j6RAAD4GNjSsEAABwKgKMtJcAFBy9vBodR5AqYAQAOU8\/QAAAQEICgE5f8QD41E7"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1499347124454,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1499347124454,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347124,"pkt_ts_usec":454359,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NtZAAD4GjvqsEAABwKgKMtJqAFC8CbfSAAAAAKACchCWLwAAAgQFtAQCCAoBOYEEAAAAAAEDAwc="}
00443{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347124,"pkt_ts_usec":454452,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0moH9pX9vAm306AScSCivAAAAgQFtAQCCAoD41J7ATmBBAEDAwc="}
00433{"flow_id":93,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347124,"pkt_ts_usec":455236,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NtdAAD4GjwGsEAABwKgKMtJqAFC8CbfTB\/aV\/oAQAOVBxAAAAQEICgE5gQQD41J7"}
@@ -741,44 +741,44 @@
00431{"flow_id":91,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1336,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":644947,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA015RAAD4G7kOsEAABwKgKMtJCAFDFAarUGtCrDIARAOUgowAAAQEICgE5gi4D4064"}
00432{"flow_id":91,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":645169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+KhAAEAGyy\/AqAoyrBAAAQBQ0kIa0KsMxQGq1YARAOMbuAAAAQEICgPjU6QBOYIu"}
00431{"flow_id":91,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1338,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":645901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA015VAAD4G7kKsEAABwKgKMtJCAFDFAarVGtCrDYAQAOUbtgAAAQEICgE5gi4D41Ok"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1499347125743,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1499347125743,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":743151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IcxAAD4GpASsEAABwKgKMtJ4AFAiLqOKAAAAAKACchBDAwAAAgQFtAQCCAoBOYJGAAAAAAEDAwc="}
00443{"flow_id":94,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":743295,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0niyGNhRIi6ji6AScSBh1wAAAgQFtAQCCAoD41O9ATmCRgEDAwc="}
00431{"flow_id":94,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347125,"pkt_ts_usec":743827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ic1AAD4GpAusEAABwKgKMtJ4AFAiLqOLshjYUoAQAOUA3gAAAQEICgE5gkcD41O9"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1499347128311,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1499347128311,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":311749,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83+lAAD4G5easEAABwKgKMtKSAFBV0VshAAAAAKACchBVLQAAAgQFtAQCCAoBOYTIAAAAAAEDAwc="}
00444{"flow_id":95,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":311853,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0pKrZqcYVdFbIqAScSCpagAAAgQFtAQCCAoD41Y\/ATmEyAEDAwc="}
00432{"flow_id":95,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":312457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03+pAAD4G5e2sEAABwKgKMtKSAFBV0Vsiq2anGYAQAOVIcQAAAQEICgE5hMkD41Y\/"}
00431{"flow_id":92,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":645371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j6VAAD4GNjOsEAABwKgKMtJcAFBy9vBodR5AqYARAOU3pAAAAQEICgE5hRwD41E7"}
00431{"flow_id":92,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":645626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0FjtAAEAGrZ3AqAoyrBAAAQBQ0lx1HkCpcvbwaYARAOMyTgAAAQEICgPjVpIBOYUc"}
00431{"flow_id":92,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347128,"pkt_ts_usec":646363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j6ZAAD4GNjKsEAABwKgKMtJcAFBy9vBpdR5AqoAQAOUyTAAAAQEICgE5hRwD41aS"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1499347129584,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1499347129584,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":584423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rtVAAD4GFvusEAABwKgKMtKgAFDfKCjSAAAAAKACchD81wAAAgQFtAQCCAoBOYYHAAAAAAEDAwc="}
00444{"flow_id":96,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":584518,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0qA\/BA1B3ygo06AScSBWEQAAAgQFtAQCCAoD41d9ATmGBwEDAwc="}
00431{"flow_id":96,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":585134,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtZAAD4GFwKsEAABwKgKMtKgAFDfKCjTPwQNQoAQAOX1GAAAAQEICgE5hgcD41d9"}
00433{"flow_id":93,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":647825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NthAAD4GjwCsEAABwKgKMtJqAFC8CbfTB\/aV\/oARAOU8sAAAAQEICgE5hhcD41J7"}
00431{"flow_id":93,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":647917,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0wnNAAEAGAWXAqAoyrBAAAQBQ0moH9pX+vAm31IARAOM3nwAAAQEICgPjV40BOYYX"}
00433{"flow_id":93,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347129,"pkt_ts_usec":648491,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NtlAAD4Gjv+sEAABwKgKMtJqAFC8CbfUB\/aV\/4AQAOU3nQAAAQEICgE5hhcD41eN"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1499346994731,"flow_last_seen":1499347000612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1499346997314,"flow_last_seen":1499347002612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1499346998578,"flow_last_seen":1499347003612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1499347001111,"flow_last_seen":1499347006612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1499347002399,"flow_last_seen":1499347007612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52588,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1499347003695,"flow_last_seen":1499347009612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":94,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347131,"pkt_ts_usec":648151,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ic5AAD4GpAqsEAABwKgKMtJ4AFAiLqOLshjYUoARAOX7GAAAAQEICgE5iAsD41O9"}
00431{"flow_id":94,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1382,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347131,"pkt_ts_usec":648395,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gdNAAEAGQgXAqAoyrBAAAQBQ0niyGNhSIi6jjIARAOP1VQAAAQEICgPjWYEBOYgL"}
00431{"flow_id":94,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347131,"pkt_ts_usec":649116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ic9AAD4GpAmsEAABwKgKMtJ4AFAiLqOMshjYU4AQAOX1UwAAAQEICgE5iAsD41mB"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1499347132137,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1499347132137,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347132,"pkt_ts_usec":137846,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pedAAD4GH+msEAABwKgKMtK6AFAZEC1iAAAAAKACchC7yAAAAgQFtAQCCAoBOYiFAAAAAAEDAwc="}
00445{"flow_id":97,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347132,"pkt_ts_usec":137953,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0rps\/2\/vGRAtY6AScSCB2QAAAgQFtAQCCAoD41n8ATmIhQEDAwc="}
00432{"flow_id":97,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347132,"pkt_ts_usec":138802,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pehAAD4GH\/CsEAABwKgKMtK6AFAZEC1jbP9v8IAQAOUg4QAAAQEICgE5iIUD41n8"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1499347133434,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1499347133434,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347133,"pkt_ts_usec":434215,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Et1AAD4GsvOsEAABwKgKMtLIAFBRGZsUAAAAAKACchAUuwAAAgQFtAQCCAoBOYnJAAAAAAEDAwc="}
00443{"flow_id":98,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347133,"pkt_ts_usec":434341,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0sgnZz2uURmbFaAScSBRYQAAAgQFtAQCCAoD41tAATmJyQEDAwc="}
00431{"flow_id":98,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347133,"pkt_ts_usec":435108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Et5AAD4GsvqsEAABwKgKMtLIAFBRGZsVJ2c9r4AQAOXwaAAAAQEICgE5ickD41tA"}
@@ -788,44 +788,44 @@
00431{"flow_id":96,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":649168,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rtdAAD4GFwGsEAABwKgKMtKgAFDfKCjTPwQNQoARAOXwJQAAAQEICgE5ivkD41d9"}
00432{"flow_id":96,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":649358,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0US1AAEAGcqvAqAoyrBAAAQBQ0qA\/BA1C3ygo1IARAOPrNAAAAQEICgPjXG8BOYr5"}
00431{"flow_id":96,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":649963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rthAAD4GFwCsEAABwKgKMtKgAFDfKCjUPwQNQ4AQAOXrMgAAAQEICgE5ivkD41xv"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1499347134702,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1499347134702,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":702778,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wYFAAD4GBE+sEAABwKgKMtLWAFCOukqHAAAAAKACchAmXAAAAgQFtAQCCAoBOYsGAAAAAAEDAwc="}
00443{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":702931,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0tYST2RqjrpKiKAScSBQIQAAAgQFtAQCCAoD41x9ATmLBgEDAwc="}
00431{"flow_id":99,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347134,"pkt_ts_usec":703483,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wYJAAD4GBFasEAABwKgKMtLWAFCOukqIEk9ka4AQAOXvKAAAAQEICgE5iwYD41x9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1499347137239,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1499347137239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":239586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iNFAAD4GPP+sEAABwKgKMtLwAFB7ggVRAAAAAKACchB8NgAAAgQFtAQCCAoBOY2AAAAAAAEDAwc="}
00444{"flow_id":100,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":239729,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0vDqtMDQe4IFUqAScSButQAAAgQFtAQCCAoD4173ATmNgAEDAwc="}
00432{"flow_id":100,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":240483,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iNJAAD4GPQasEAABwKgKMtLwAFB7ggVS6rTA0YAQAOUNvAAAAQEICgE5jYED4173"}
00431{"flow_id":97,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":650000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pelAAD4GH++sEAABwKgKMtK6AFAZEC1jbP9v8IARAOUbfgAAAQEICgE5jecD41n8"}
00433{"flow_id":97,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":650234,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MK5AAEAGkyrAqAoyrBAAAQBQ0rps\/2\/wGRAtZIARAOMWHQAAAQEICgPjX14BOY3n"}
00431{"flow_id":97,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347137,"pkt_ts_usec":650808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pepAAD4GH+6sEAABwKgKMtK6AFAZEC1kbP9v8YAQAOUWGwAAAQEICgE5jecD419e"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1499347138552,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1499347138552,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":552350,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8erdAAD4GSxmsEAABwKgKMtL+AFByz\/R+AAAAAKACchCUZAAAAgQFtAQCCAoBOY7JAAAAAAEDAwc="}
00446{"flow_id":101,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":552477,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0v61vhLmcs\/0f6AScSBofAAAAgQFtAQCCAoD42A\/ATmOyQEDAwc="}
00435{"flow_id":101,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":553246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erhAAD4GSyCsEAABwKgKMtL+AFByz\/R\/tb4S54AQAOUHhAAAAQEICgE5jskD42A\/"}
00431{"flow_id":98,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":650280,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Et9AAD4GsvmsEAABwKgKMtLIAFBRGZsVJ2c9r4ARAOXrTwAAAQEICgE5juED41tA"}
00431{"flow_id":98,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":650598,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XfdAAEAGZeHAqAoyrBAAAQBQ0sgnZz2vURmbFoARAOPmOAAAAQEICgPjYFgBOY7h"}
00431{"flow_id":98,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347138,"pkt_ts_usec":651347,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EuBAAD4GsvisEAABwKgKMtLIAFBRGZsWJ2c9sIAQAOXmNgAAAQEICgE5juED42BY"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1499347006233,"flow_last_seen":1499347011612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52628,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1499347007496,"flow_last_seen":1499347012613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1499347010080,"flow_last_seen":1499347015613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1499347011349,"flow_last_seen":1499347016613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1499347012617,"flow_last_seen":1499347018613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1499347015165,"flow_last_seen":1499347020614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":99,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347140,"pkt_ts_usec":650975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wYNAAD4GBFWsEAABwKgKMtLWAFCOukqIEk9ka4ARAOXpWAAAAQEICgE5kNUD41x9"}
00431{"flow_id":99,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347140,"pkt_ts_usec":651206,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BidAAEAGvbHAqAoyrBAAAQBQ0tYST2RrjrpKiYARAOPjigAAAQEICgPjYkwBOZDV"}
00431{"flow_id":99,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347140,"pkt_ts_usec":651804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wYRAAD4GBFSsEAABwKgKMtLWAFCOukqJEk9kbIAQAOXjhwAAAQEICgE5kNYD42JM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1499347141111,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1499347141111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347141,"pkt_ts_usec":111431,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OEpAAD4GjYasEAABwKgKMtMYAFBIRqkCAAAAAKACchAH0QAAAgQFtAQCCAoBOZFIAAAAAAEDAwc="}
00445{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347141,"pkt_ts_usec":111560,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0xgJZZF8SEapA6AScSAHLAAAAgQFtAQCCAoD42K\/ATmRSAEDAwc="}
00433{"flow_id":102,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347141,"pkt_ts_usec":112320,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OEtAAD4GjY2sEAABwKgKMtMYAFBIRqkDCWWRfYAQAOWmMgAAAQEICgE5kUkD42K\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1499347142412,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1499347142412,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347142,"pkt_ts_usec":412987,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YBRAAD4GZbysEAABwKgKMtMmAFBNdfKaAAAAAKACchC3tQAAAgQFtAQCCAoBOZKOAAAAAAEDAwc="}
00444{"flow_id":103,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347142,"pkt_ts_usec":413087,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0yYb67mHTXXym6AScSB7OgAAAgQFtAQCCAoD42QEATmSjgEDAwc="}
00432{"flow_id":103,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347142,"pkt_ts_usec":413653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YBVAAD4GZcOsEAABwKgKMtMmAFBNdfKbG+u5iIAQAOUaQgAAAQEICgE5ko4D42QE"}
@@ -835,18 +835,18 @@
00435{"flow_id":101,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":651963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erlAAD4GSx+sEAABwKgKMtL+AFByz\/R\/tb4S54ARAOUCiAAAAQEICgE5k8QD42A\/"}
00434{"flow_id":101,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1482,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":652358,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0d91AAEAGS\/vAqAoyrBAAAQBQ0v61vhLncs\/0gIARAOP9jQAAAQEICgPjZToBOZPE"}
00433{"flow_id":101,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":653049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0erpAAD4GSx6sEAABwKgKMtL+AFByz\/SAtb4S6IAQAOX9iwAAAQEICgE5k8QD42U6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1499347143676,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1499347143676,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":676565,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BvpAAD4GvtasEAABwKgKMtM0AFB9ypUwAAAAAKACchDjgAAAAgQFtAQCCAoBOZPKAAAAAAEDAwc="}
00444{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":676699,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0zTpUSjmfcqVMaAScSBpBAAAAgQFtAQCCAoD42VAATmTygEDAwc="}
00432{"flow_id":104,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347143,"pkt_ts_usec":677447,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BvtAAD4Gvt2sEAABwKgKMtM0AFB9ypUx6VEo54AQAOUIDAAAAQEICgE5k8oD42VA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1499347146267,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1499347146267,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":267980,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ydAAD4G1qisEAABwKgKMtNOAFAXjXl1AAAAAKACchBi1wAAAgQFtAQCCAoBOZZSAAAAAAEDAwc="}
00444{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":268104,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ006ckw3VF415dqAScSBNogAAAgQFtAQCCAoD42fIATmWUgEDAwc="}
00432{"flow_id":105,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":268855,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07yhAAD4G1q+sEAABwKgKMtNOAFAXjXl2nJMN1oAQAOXsqQAAAQEICgE5llID42fI"}
00433{"flow_id":102,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":652640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OExAAD4GjYysEAABwKgKMtMYAFBIRqkDCWWRfYARAOWgyAAAAQEICgE5lrID42K\/"}
00432{"flow_id":102,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":652906,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+VVAAEAGyoLAqAoyrBAAAQBQ0xgJZZF9SEapBIARAOObYAAAAQEICgPjaCgBOZay"}
00432{"flow_id":102,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1507,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347146,"pkt_ts_usec":653585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OE1AAD4GjYusEAABwKgKMtMYAFBIRqkECWWRfoAQAOWbXgAAAQEICgE5lrID42go"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1499347147523,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1499347147523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347147,"pkt_ts_usec":523436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jHlAAD4GOVesEAABwKgKMtNcAFBPnRvyAAAAAKACchCHAwAAAgQFtAQCCAoBOZeLAAAAAAEDAwc="}
00444{"flow_id":106,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347147,"pkt_ts_usec":523560,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ01w4IOWQT50b86AScSD9SwAAAgQFtAQCCAoD42kCATmXiwEDAwc="}
00432{"flow_id":106,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347147,"pkt_ts_usec":524311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jHpAAD4GOV6sEAABwKgKMtNcAFBPnRvzOCDlkYAQAOWcUgAAAQEICgE5l4wD42kC"}
@@ -856,23 +856,23 @@
00432{"flow_id":104,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1526,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347149,"pkt_ts_usec":653136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BvxAAD4GvtysEAABwKgKMtM0AFB9ypUx6VEo54ARAOUCNQAAAQEICgE5maAD42VA"}
00433{"flow_id":104,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347149,"pkt_ts_usec":653324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Q\/FAAEAGf+fAqAoyrBAAAQBQ0zTpUSjnfcqVMoARAOP8XwAAAQEICgPjaxYBOZmg"}
00432{"flow_id":104,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347149,"pkt_ts_usec":654046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Bv1AAD4GvtusEAABwKgKMtM0AFB9ypUy6VEo6IAQAOX8XQAAAQEICgE5maAD42sW"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1499347150236,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1499347150236,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347150,"pkt_ts_usec":236857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ESlAAD4GtKesEAABwKgKMtN2AFB3vosbAAAAAKACchDs9wAAAgQFtAQCCAoBOZoyAAAAAAEDAwc="}
00444{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347150,"pkt_ts_usec":236950,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ03aiL1kKd76LHKAScSCDEQAAAgQFtAQCCAoD42uoATmaMgEDAwc="}
00432{"flow_id":107,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347150,"pkt_ts_usec":237732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESpAAD4GtK6sEAABwKgKMtN2AFB3voscoi9ZC4AQAOUiGQAAAQEICgE5mjID42uo"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1499347151520,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1499347024196,"flow_last_seen":1499347029616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1499347025509,"flow_last_seen":1499347030616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1499347016455,"flow_last_seen":1499347021614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1499347017745,"flow_last_seen":1499347023616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52750,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1499347020329,"flow_last_seen":1499347025616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1538,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1499347021621,"flow_last_seen":1499347027616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1499347151520,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347151,"pkt_ts_usec":520310,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82ilAAD4G66asEAABwKgKMtOEAFDVpkFaAAAAAKACchDXgQAAAgQFtAQCCAoBOZtzAAAAAAEDAwc="}
00444{"flow_id":108,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347151,"pkt_ts_usec":520436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ04RMTDZ61aZBW6AScSDkzQAAAgQFtAQCCAoD42zpATmbcwEDAwc="}
00432{"flow_id":108,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347151,"pkt_ts_usec":521007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02ipAAD4G662sEAABwKgKMtOEAFDVpkFbTEw2e4AQAOWD1QAAAQEICgE5m3MD42zp"}
@@ -882,18 +882,18 @@
00432{"flow_id":106,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":653992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jHtAAD4GOV2sEAABwKgKMtNcAFBPnRvzOCDlkYARAOWXTwAAAQEICgE5nI4D42kC"}
00432{"flow_id":106,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":654215,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0i5RAAEAGOETAqAoyrBAAAQBQ01w4IOWRT50b9IARAOOSTQAAAQEICgPjbgUBOZyO"}
00432{"flow_id":106,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":654976,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jHxAAD4GOVysEAABwKgKMtNcAFBPnRv0OCDlkoAQAOWSSwAAAQEICgE5nI4D424F"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1499347152786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1499347152786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":786524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lJhAAD4GMTisEAABwKgKMtOSAFAXpgg3AAAAAKACchDNWwAAAgQFtAQCCAoBOZyvAAAAAAEDAwc="}
00444{"flow_id":109,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":786655,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ05Ji9R5fF6YIOKAScSDa3AAAAgQFtAQCCAoD424mATmcrwEDAwc="}
00432{"flow_id":109,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347152,"pkt_ts_usec":787396,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lJlAAD4GMT+sEAABwKgKMtOSAFAXpgg4YvUeYIAQAOV55AAAAQEICgE5nK8D424m"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1499347155346,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1499347155346,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":346301,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8btxAAD4GVvSsEAABwKgKMtOsAFCnAfHzAAAAAKACchBRqQAAAgQFtAQCCAoBOZ8vAAAAAAEDAwc="}
00444{"flow_id":110,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":346457,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ06xcmZfGpwHx9KAScSDpngAAAgQFtAQCCAoD43CmATmfLwEDAwc="}
00432{"flow_id":110,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":347158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt1AAD4GVvusEAABwKgKMtOsAFCnAfH0XJmXx4AQAOWIpgAAAQEICgE5ny8D43Cm"}
00432{"flow_id":107,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":655163,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EStAAD4GtK2sEAABwKgKMtN2AFB3voscoi9ZC4ARAOUczgAAAQEICgE5n3wD42uo"}
00432{"flow_id":107,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":655385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KfhAAEAGmeDAqAoyrBAAAQBQ03aiL1kLd76LHYARAOMXhAAAAQEICgPjcPMBOZ98"}
00432{"flow_id":107,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347155,"pkt_ts_usec":656099,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ESxAAD4GtKysEAABwKgKMtN2AFB3vosdoi9ZDIAQAOUXgQAAAQEICgE5n30D43Dz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1499347156630,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1499347156630,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347156,"pkt_ts_usec":630374,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OChAAD4GjaisEAABwKgKMtO6AFAdhZhYAAAAAKACchAzcgAAAgQFtAQCCAoBOaBwAAAAAAEDAwc="}
00444{"flow_id":111,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347156,"pkt_ts_usec":630469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ07o+DQO9HYWYWaAScSB8vAAAAgQFtAQCCAoD43HnATmgcAEDAwc="}
00432{"flow_id":111,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347156,"pkt_ts_usec":631066,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OClAAD4Gja+sEAABwKgKMtO6AFAdhZhZPg0DvoAQAOUbxAAAAQEICgE5oHAD43Hn"}
@@ -903,36 +903,36 @@
00432{"flow_id":109,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347158,"pkt_ts_usec":655655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lJpAAD4GMT6sEAABwKgKMtOSAFAXpgg4YvUeYIARAOV0JwAAAQEICgE5omsD424m"}
00432{"flow_id":109,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347158,"pkt_ts_usec":655907,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0bYFAAEAGVlfAqAoyrBAAAQBQ05Ji9R5gF6YIOYARAONubQAAAQEICgPjc+EBOaJr"}
00432{"flow_id":109,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347158,"pkt_ts_usec":656581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lJtAAD4GMT2sEAABwKgKMtOSAFAXpgg5YvUeYYAQAOVuawAAAQEICgE5omsD43Ph"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1499347159323,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1499347159323,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347159,"pkt_ts_usec":323115,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ly1AAD4GlqOsEAABwKgKMtPUAFBviYw8AAAAAKACchDqzgAAAgQFtAQCCAoBOaMRAAAAAAEDAwc="}
00444{"flow_id":112,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347159,"pkt_ts_usec":323271,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ09Q7Unbob4mMPaAScSDBBwAAAgQFtAQCCAoD43SIATmjEQEDAwc="}
00432{"flow_id":112,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347159,"pkt_ts_usec":323997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ly5AAD4GlqqsEAABwKgKMtPUAFBviYw9O1J26YAQAOVgDgAAAQEICgE5oxID43SI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1499347160581,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1499347160581,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":581668,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eT9AAD4GTJGsEAABwKgKMtPiAFBG+91zAAAAAKACchDA3AAAAgQFtAQCCAoBOaRMAAAAAAEDAwc="}
00444{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":581793,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0+J0ull0RvvddKAScSB55wAAAgQFtAQCCAoD43XCATmkTAEDAwc="}
00432{"flow_id":113,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":582546,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUBAAD4GTJisEAABwKgKMtPiAFBG+910dLpZdYAQAOUY7wAAAQEICgE5pEwD43XC"}
00432{"flow_id":110,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":657605,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt5AAD4GVvqsEAABwKgKMtOsAFCnAfH0XJmXx4ARAOWDdQAAAQEICgE5pF8D43Cm"}
00432{"flow_id":110,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":657829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04hJAAEAG4cXAqAoyrBAAAQBQ06xcmZfHpwHx9YARAON+RwAAAQEICgPjddUBOaRf"}
00432{"flow_id":110,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347160,"pkt_ts_usec":658357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bt9AAD4GVvmsEAABwKgKMtOsAFCnAfH1XJmXyIAQAOV+RQAAAQEICgE5pF8D43XV"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_tot_l4_data_len":241656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4376,"flow_avg_l4_data_len":767,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1499347028086,"flow_last_seen":1499347033617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1499347029372,"flow_last_seen":1499347034616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1499347030639,"flow_last_seen":1499347036617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1499347034467,"flow_last_seen":1499347039618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1499347035750,"flow_last_seen":1499347041619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52938,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1622,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":315,"flow_first_seen":1499346976603,"flow_last_seen":1499347036773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4344,"flow_tot_l4_payload_len":231560,"flow_avg_l4_payload_len":735,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52298,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":111,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347161,"pkt_ts_usec":657977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OCpAAD4Gja6sEAABwKgKMtO6AFAdhZhZPg0DvoARAOUW2gAAAQEICgE5pVkD43Hn"}
00432{"flow_id":111,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347161,"pkt_ts_usec":658201,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dW5AAEAGTmrAqAoyrBAAAQBQ07o+DQO+HYWYWoARAOMR8gAAAQEICgPjdtABOaVZ"}
00432{"flow_id":111,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347161,"pkt_ts_usec":658902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OCtAAD4Gja2sEAABwKgKMtO6AFAdhZhaPg0Dv4AQAOUR8AAAAQEICgE5pVkD43bQ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1499347163177,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1499347163177,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347163,"pkt_ts_usec":177633,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YKVAAD4GZSusEAABwKgKMtP8AFCcucZwAAAAAKACchB\/fgAAAgQFtAQCCAoBOabVAAAAAAEDAwc="}
00445{"flow_id":114,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347163,"pkt_ts_usec":177740,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ0\/zGVu0LnLnGcaAScSBQzAAAAgQFtAQCCAoD43hLATmm1QEDAwc="}
00432{"flow_id":114,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347163,"pkt_ts_usec":178534,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKZAAD4GZTKsEAABwKgKMtP8AFCcucZxxlbtDIAQAOXv0wAAAQEICgE5ptUD43hL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1499347164459,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1499347164459,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347164,"pkt_ts_usec":459731,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yU1AAD4G\/IKsEAABwKgKMtQKAFBoaGFbAAAAAKACchAXlgAAAgQFtAQCCAoBOagWAAAAAAEDAwc="}
00444{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347164,"pkt_ts_usec":459865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ArCPOEyaGhhXKAScSD3lQAAAgQFtAQCCAoD43mMATmoFgEDAwc="}
00433{"flow_id":115,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347164,"pkt_ts_usec":460432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yU5AAD4G\/ImsEAABwKgKMtQKAFBoaGFcwjzhM4AQAOWWnQAAAQEICgE5qBYD43mM"}
@@ -942,19 +942,19 @@
00432{"flow_id":113,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1656,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":658437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUFAAD4GTJesEAABwKgKMtPiAFBG+910dLpZdYARAOUT+QAAAQEICgE5qUED43XC"}
00432{"flow_id":113,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":658655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0I81AAEAGoAvAqAoyrBAAAQBQ0+J0ull1RvvddYARAOMPBAAAAQEICgPjergBOalB"}
00432{"flow_id":113,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":659256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eUJAAD4GTJasEAABwKgKMtPiAFBG+911dLpZdoAQAOUPAgAAAQEICgE5qUED43q4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1499347165741,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1499347165741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":741193,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vRVAAD4GCLusEAABwKgKMtQYAFCo9hRDAAAAAKACchAi0gAAAgQFtAQCCAoBOalWAAAAAAEDAwc="}
00444{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":741317,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1BjYjd6VqPYURKAScSDt3QAAAgQFtAQCCAoD43rMATmpVgEDAwc="}
00432{"flow_id":116,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347165,"pkt_ts_usec":742065,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRZAAD4GCMKsEAABwKgKMtQYAFCo9hRE2I3eloAQAOWM5QAAAQEICgE5qVYD43rM"}
01213{"flow_id":114,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347167,"pkt_ts_usec":4883,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9YKdAAD4GYuisEAABwKgKMtP8AFCcucZxxlbtDIAYAOWwPAAAAQEICgE5qpID43hLR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjcwWFZNNEMxQ05TV1k4VkY0NDNHR1o2VzUyN1dCWTRIMjlFMlhRTkdHMlFVUFFFS1cwVSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1499347163177,"flow_last_seen":1499347167004,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":114,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347167,"pkt_ts_usec":4975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0kQRAAEAGMtTAqAoyrBAAAQBQ0\/zGVu0MnLnIuoAQAOzmCQAAAQEICgPjfAgBOaqS"}
02959{"flow_id":114,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347167,"pkt_ts_usec":8071,"pkt_caplen":1935,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1935,"pkt_l4_len":1901,"pkt":"AMGxFOsxABm5CmnxCABFAAeBkQVAAEAGK4bAqAoyrBAAAQBQ0\/zGVu0MnLnIuoAYAOx+XwAAAQEICgPjfAkBOaqSSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE5OjI2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNw0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWHtP4zgQ\/xuk\/Q4+n3TASo0py90tbJsVtLx0sAvblrKnkyI3cVuDEwfbaeHb3ziPNjxLtkioOPY8fuMZj2f8YbXxW\/t7q\/vz\/ACNTSjQeW\/\/9KSFcI2Q\/qcWIe1uG10dd89OUd3ZRB2juG8IOfiGER4bE+8SMp1OneknR6oR6f4gd1ZK3bLlw5pOeZzABNj9sPphtZHquQtFpJvPyKjv7OxkrBn5SmPMaADDlZVGyAxFlqXGbhM+aeKWjAyLTK17HzOM\/OyriQ27M8SK+IL8MVWamWave1j7jBHJZK40DDeCuZeJiJiiAy64ud9FP9hQMN+wALWU1Bp1uGGo4yseGx6N0PpVp7OBdndRm4YRKngFQ302QHtxLLhPDZcRWm9f9vc20KTu1DfRxzabMCHjEKB9bJBMcY5C8OgGKSaaWJt7wfSYMYORAWtyI3ytMRorNmxixyHwF0ym1M6SkPLISZfJU2kctqKQ8x8P6YgRmHooaUgnlsxJF2YydGptGcI1ndBsFiOt\/AdArnX6\/xwUONcauw2SUeaeI7nr7Hggg3vkC6qt12XIcObSgE8QD5rY+g4sYir3emnJCinNrzR4OHqCJDVSEyFH0omjEUZUQCAscNTcbsAK6p6otpvsgeOSkvYna15Mg4AFmUFAkIjCTru6L6R\/Y7dGcCQjH1TfNPGUR4GcOrCU4miuZZY4a7hgBQb6wF0Odo9h2xqEwi4L7q6+RSCP4PQlvp3STjyOX5H\/mBS7J6WZamrhwCXxAn0zGux27BAROH4widr7JWUkEe4SGzopnW8O4TFQiWHkFVTPM2B33\/5Hh1L5FT3wWCC7Y34VACk9dlsyDGkUoJPomqUeWQ6Fr9WwCoqUHlB0fhwup3jIifM1hqPa5MCZBGxBlLyJH7uHHA73iZ3RS+9NEgtJgyq7k3PkMHrp15L+obGBm6uSi3KW9NwyP1EMtfbOu63jveWg6FvBq+BI6eFMX5y+V7Baid4ALrdKTilxPUKD1vft9MZyqKaM3ni8EqSCBbt9GKEO0zZa0Um7Ynp9LPdOa68SkIwBu1DPQK3y\/WzJrbDiVEm\/ZlkV9SYcqsAxK77eAY2uuhu6QNExUj2EsOQVlJ5FqC4XXodzMuza+hHiI5uqth3Az6OhXKCuRIXd8+NzOB1DWU0RHcjELFAzo8Hunh2+37baQm+h+jkRdk\/T8SMAecX2oPZ7uRC0Jey8EIROxq7muu1auRBsjOu\/0l1AyVzPC+aS8MmsgvV8GTCPKkbz+nkoVYgiGkK1DvxQ9qYprol\/xwi6pbEE7EcH3bw2bcS5xf0xNWsa3ctEpcxfi8o6ipNy8Y9z0fZ3Vt+WiXQyCDmQTahI4LOTfebaSOxmTQWxKDO8sWLuMRNCorzVcKHy11Iw8PBofW3z6vJsu1Vvfev0f36+PNze\/nR09O9f\/T+3\/u7v\/9w+3to52Lq6+HZ0tHXRO784+Ke\/2Vvb+FKWEEg\/sZ2W40t5w9nGl1lLAnAUS10z93BjvOWewYFPw1+FNLusYNKu5fEB0TiPK9t86rxhlVOq47RnhRBldzbMSOrZmgbPejPPeqlnoR2jagSdKIZbiUY32P11WbMorowPuD2oUgxT3gG0dWCu14L+ynidvPWsiPF1eYtxssiZ8hses4DTVLT9KluuC8tfxvZ2Ga\/jyc30R3yWjH0Z2uuhNqS3Tvok8SyINzC+SXOGkwqmTD2V8Kq6J9RlHXl2y0K96FwHCvrd7LdIYS+kvDzv+IJRNTvNz+VFfa8NCz17lzybHwaJMbbPzvPDJWdTBMc\/nuXsWMZJ7BVkMmplWX\/+6LALFL14Hb1w209AojcGiTYcvwKktKb4o3BEU8jpGtrALloIqwPJ0GfvC0ynMhdCs7tJBR9B3hZsCPmzwUK3p5myeXe3QeAL0SDkUe5C+C6KA3RqX5dyGpA4p4Bb\/aTdyVcCru31ERRefNGhQynNg8eW2F3mtSt+7lotJ2BiL87sXTB9sXP\/B0XatfGSFAAA"}
00430{"flow_id":114,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347167,"pkt_ts_usec":8778,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKhAAD4GZTCsEAABwKgKMtP8AFCcuci6xlb0WYAQAQLepAAAAQEICgE5qpMD43wJ"}
00946{"flow_id":114,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":31789,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzYKlAAD4GY7CsEAABwKgKMtP8AFCcuci6xlb0WYAYAQKMrAAAAQEICgE5q5MD43wJR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":114,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1676,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":35005,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekQdAAEAGK+fAqAoyrBAAAQBQ0\/zGVvRZnLnKOYAYAPV9\/AAAAQEICgPjfQoBOauTSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE5OjI3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00432{"flow_id":114,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":35717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKpAAD4GZS6sEAABwKgKMtP8AFCcuco5xlb7Q4AQAR3UHgAAAQEICgE5q5QD430K"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1499347168302,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1499347168302,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":302582,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pdZAAD4GH\/qsEAABwKgKMtQyAFAP+Q4AAAAAAKACchC\/eAAAAgQFtAQCCAoBOavWAAAAAAEDAwc="}
00445{"flow_id":117,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":302748,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1DJusJVZD\/kOAaAScSA7HQAAAgQFtAQCCAoD431NATmr1gEDAwc="}
00432{"flow_id":117,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":303520,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pddAAD4GIAGsEAABwKgKMtQyAFAP+Q4BbrCVWoAQAOXaIwAAAQEICgE5q9cD431N"}
@@ -963,31 +963,31 @@
00433{"flow_id":114,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1683,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347168,"pkt_ts_usec":309374,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YKxAAD4GZSysEAABwKgKMtP8AFCcucyCxlcCj4AQATvJ4wAAAQEICgE5q9gD431O"}
00948{"flow_id":114,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1684,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":314582,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzYK1AAD4GY6ysEAABwKgKMtP8AFCcucyCxlcCj4AYATt38AAAAQEICgE5rNMD431OR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02822{"flow_id":114,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":317902,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekQtAAEAGK+PAqAoyrBAAAQBQ0\/zGVwKPnLnOAYAYAQd9\/AAAAQEICgPjfkoBOazTSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjE5OjI5IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1499347169573,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1499347169573,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":573975,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83TtAAD4G6JSsEAABwKgKMtRAAFDvZ3AvAAAAAKACchB8jgAAAgQFtAQCCAoBOa0UAAAAAAEDAwc="}
00444{"flow_id":118,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":574068,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1EA8SVzP72dwMKAScSBh5gAAAgQFtAQCCAoD436LATmtFAEDAwc="}
00432{"flow_id":118,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":574858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TxAAD4G6JusEAABwKgKMtRAAFDvZ3AwPElc0IAQAOUA7gAAAQEICgE5rRQD436L"}
00433{"flow_id":115,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":659197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yU9AAD4G\/IisEAABwKgKMtQKAFBoaGFcwjzhM4ARAOWRiQAAAQEICgE5rSkD43mM"}
00432{"flow_id":115,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":659438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0n5NAAEAGJEXAqAoyrBAAAQBQ1ArCPOEzaGhhXYARAOOMdgAAAQEICgPjfqABOa0p"}
00433{"flow_id":115,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347169,"pkt_ts_usec":660134,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yVBAAD4G\/IesEAABwKgKMtQKAFBoaGFdwjzhNIAQAOWMcwAAAQEICgE5rSoD436g"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1499347038276,"flow_last_seen":1499347043619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52964,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1499347039587,"flow_last_seen":1499347044619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52978,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1499347042150,"flow_last_seen":1499347047620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53004,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1499347043416,"flow_last_seen":1499347048620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53018,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1499347044676,"flow_last_seen":1499347050622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53032,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":116,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347171,"pkt_ts_usec":659829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRdAAD4GCMGsEAABwKgKMtQYAFCo9hRE2I3eloARAOWHHAAAAQEICgE5rx4D43rM"}
00432{"flow_id":116,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347171,"pkt_ts_usec":660049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XgJAAEAGZdbAqAoyrBAAAQBQ1BjYjd6WqPYURYARAOOBVQAAAQEICgPjgJQBOa8e"}
00432{"flow_id":116,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347171,"pkt_ts_usec":660786,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vRhAAD4GCMCsEAABwKgKMtQYAFCo9hRF2I3el4AQAOWBUwAAAQEICgE5rx4D44CU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1499347172098,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1499347172098,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1708,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347172,"pkt_ts_usec":98409,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dk5AAD4GT4KsEAABwKgKMtRaAFDNItnFAAAAAKACchAyrAAAAgQFtAQCCAoBOa+LAAAAAAEDAwc="}
00443{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1709,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347172,"pkt_ts_usec":98530,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1FoQ75vBzSLZxqAScSAB9QAAAgQFtAQCCAoD44ECATmviwEDAwc="}
00432{"flow_id":119,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347172,"pkt_ts_usec":99279,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dk9AAD4GT4msEAABwKgKMtRaAFDNItnGEO+bwoAQAOWg\/AAAAQEICgE5r4sD44EC"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1499347173373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1499347173373,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1717,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347173,"pkt_ts_usec":373791,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XK1AAD4GaSOsEAABwKgKMtRoAFDpcOxnAAAAAKACchACbwAAAgQFtAQCCAoBObDKAAAAAAEDAwc="}
00444{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347173,"pkt_ts_usec":373905,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1GhwCsiK6XDsaKAScSBElAAAAgQFtAQCCAoD44JBATmwygEDAwc="}
00432{"flow_id":120,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347173,"pkt_ts_usec":374685,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XK5AAD4GaSqsEAABwKgKMtRoAFDpcOxocArIi4AQAOXjmwAAAQEICgE5sMoD44JB"}
@@ -997,18 +997,18 @@
00432{"flow_id":118,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1729,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":660544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03T1AAD4G6JqsEAABwKgKMtRAAFDvZ3AwPElc0IARAOX79AAAAQEICgE5sgwD436L"}
00433{"flow_id":118,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1730,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":660744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA031JAAEAG5IXAqAoyrBAAAQBQ1EA8SVzQ72dwMYARAOP2\/gAAAQEICgPjg4IBObIM"}
00433{"flow_id":118,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1731,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":661501,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03T5AAD4G6JmsEAABwKgKMtRAAFDvZ3AxPElc0YAQAOX2\/AAAAQEICgE5sgwD44OC"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1499347174667,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1499347174667,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":667312,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LxxAAD4GlrSsEAABwKgKMtR2AFATHZ0RAAAAAKACchAmyAAAAgQFtAQCCAoBObINAAAAAAEDAwc="}
00444{"flow_id":121,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":667347,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1HZkheFBEx2dEqAScSBaeAAAAgQFtAQCCAoD44OEATmyDQEDAwc="}
00432{"flow_id":121,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347174,"pkt_ts_usec":668115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lx1AAD4GlrusEAABwKgKMtR2AFATHZ0SZIXhQoAQAOX5fgAAAQEICgE5sg4D44OE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1499347177248,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1499347177248,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1747,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":248253,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XzZAAD4GZpqsEAABwKgKMtSQAFC5seulAAAAAKACchAu\/wAAAgQFtAQCCAoBObSTAAAAAAEDAwc="}
00444{"flow_id":122,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1748,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":248372,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1JDtsXHRubHrpqAScSBGbgAAAgQFtAQCCAoD44YJATm0kwEDAwc="}
00432{"flow_id":122,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":249122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XzdAAD4GZqGsEAABwKgKMtSQAFC5seum7bFx0oAQAOXldQAAAQEICgE5tJMD44YJ"}
00432{"flow_id":119,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":660702,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dlBAAD4GT4isEAABwKgKMtRaAFDNItnGEO+bwoARAOWbjAAAAQEICgE5tPoD44EC"}
00432{"flow_id":119,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":660973,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HbJAAEAGpibAqAoyrBAAAQBQ1FoQ75vCzSLZx4ARAOOWHwAAAQEICgPjhnABObT6"}
00432{"flow_id":119,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347177,"pkt_ts_usec":661715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dlFAAD4GT4esEAABwKgKMtRaAFDNItnHEO+bw4AQAOWWHQAAAQEICgE5tPoD44Zw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1499347178540,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1499347178540,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1759,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347178,"pkt_ts_usec":540348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRdAAD4GGLmsEAABwKgKMtSeAFA54BjBAAAAAKACchCAZAAAAgQFtAQCCAoBObXWAAAAAAEDAwc="}
00444{"flow_id":123,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1760,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347178,"pkt_ts_usec":540464,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1J7RuWV+OeAYwqAScSC+2wAAAgQFtAQCCAoD44dMATm11gEDAwc="}
00432{"flow_id":123,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1761,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347178,"pkt_ts_usec":541064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRhAAD4GGMCsEAABwKgKMtSeAFA54BjC0bllf4AQAOVd4wAAAQEICgE5tdYD44dM"}
@@ -1018,23 +1018,23 @@
00432{"flow_id":121,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347180,"pkt_ts_usec":661292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lx5AAD4GlrqsEAABwKgKMtR2AFATHZ0SZIXhQoARAOXzowAAAQEICgE5t+gD44OE"}
00432{"flow_id":121,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347180,"pkt_ts_usec":661598,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aBxAAEAGW7zAqAoyrBAAAQBQ1HZkheFCEx2dE4ARAOPtygAAAQEICgPjiV4BObfo"}
00432{"flow_id":121,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347180,"pkt_ts_usec":662294,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lx9AAD4GlrmsEAABwKgKMtR2AFATHZ0TZIXhQ4AQAOXtyAAAAQEICgE5t+gD44le"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1499347181178,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1499347181178,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347181,"pkt_ts_usec":178834,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iI9AAD4GPUGsEAABwKgKMtS4AFBWujDmAAAAAKACchBIuAAAAgQFtAQCCAoBObhpAAAAAAEDAwc="}
00444{"flow_id":124,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347181,"pkt_ts_usec":178931,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1LiEJRdhVrow56AScSAgTQAAAgQFtAQCCAoD44ngATm4aQEDAwc="}
00433{"flow_id":124,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347181,"pkt_ts_usec":179532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJBAAD4GPUisEAABwKgKMtS4AFBWujDnhCUXYoAQAOW\/UwAAAQEICgE5uGoD44ng"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1499347182435,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1499347047249,"flow_last_seen":1499347052623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53058,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1499347048548,"flow_last_seen":1499347053624,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53072,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1499347051144,"flow_last_seen":1499347056624,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1499347052434,"flow_last_seen":1499347057625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53112,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1499347053735,"flow_last_seen":1499347059625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53126,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1499347056332,"flow_last_seen":1499347061626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1499347182435,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347182,"pkt_ts_usec":435600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IhAAD4G6UesEAABwKgKMtTGAFDgpGUsAAAAAKACchCJPgAAAgQFtAQCCAoBObmkAAAAAAEDAwc="}
00444{"flow_id":125,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347182,"pkt_ts_usec":435726,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1MbnFi1c4KRlLaAScSDmrAAAAgQFtAQCCAoD44saATm5pAEDAwc="}
00432{"flow_id":125,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347182,"pkt_ts_usec":436441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03IlAAD4G6U6sEAABwKgKMtTGAFDgpGUt5xYtXYAQAOWFtAAAAQEICgE5uaQD44sa"}
@@ -1044,55 +1044,55 @@
00432{"flow_id":123,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":662540,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRlAAD4GGL+sEAABwKgKMtSeAFA54BjC0bllf4ARAOVY4gAAAQEICgE5utYD44dM"}
00433{"flow_id":123,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1802,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":662789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06TJAAEAG2qXAqAoyrBAAAQBQ1J7RuWV\/OeAYw4ARAONT4gAAAQEICgPjjE0BObrW"}
00432{"flow_id":123,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":663526,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRpAAD4GGL6sEAABwKgKMtSeAFA54BjD0bllgIAQAOVT3wAAAQEICgE5utcD44xN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1499347183714,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1499347183714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1804,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":714891,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/NBAAD4GyP+sEAABwKgKMtTUAFAdl0YzAAAAAKACchBp+AAAAgQFtAQCCAoBObrjAAAAAAEDAwc="}
00444{"flow_id":126,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":715037,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1NRZfFQSHZdGNKAScSAtCwAAAgQFtAQCCAoD44xaATm64wEDAwc="}
00433{"flow_id":126,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347183,"pkt_ts_usec":715798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/NFAAD4GyQasEAABwKgKMtTUAFAdl0Y0WXxUE4AQAOXMEQAAAQEICgE5uuQD44xa"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1499347186286,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1499347186286,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":286838,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C2FAAD4Gum+sEAABwKgKMtTuAFDJ67YHAAAAAKACchBLMgAAAgQFtAQCCAoBOb1mAAAAAAEDAwc="}
00444{"flow_id":127,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":286964,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1O6dKYTkyeu2CKAScSCXQgAAAgQFtAQCCAoD447dATm9ZgEDAwc="}
00432{"flow_id":127,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":287541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C2JAAD4GunasEAABwKgKMtTuAFDJ67YInSmE5YAQAOU2SQAAAQEICgE5vWcD447d"}
00432{"flow_id":124,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":664062,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJFAAD4GPUesEAABwKgKMtS4AFBWujDnhCUXYoARAOW59wAAAQEICgE5vcUD44ng"}
00433{"flow_id":124,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":664247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0mFlAAEAGK3\/AqAoyrBAAAQBQ1LiEJRdiVrow6IARAOO0nQAAAQEICgPjjzsBOb3F"}
00432{"flow_id":124,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347186,"pkt_ts_usec":665012,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iJJAAD4GPUasEAABwKgKMtS4AFBWujDohCUXY4AQAOW0mwAAAQEICgE5vcUD4487"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1499347187548,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1499347187548,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":548972,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aSdAAD4GXKmsEAABwKgKMtT8AFBu8NeFAAAAAKACchCDZQAAAgQFtAQCCAoBOb6iAAAAAAEDAwc="}
00444{"flow_id":128,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":549066,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1PzTvrB4bvDXhqAScSBsEQAAAgQFtAQCCAoD45AYATm+ogEDAwc="}
00432{"flow_id":128,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":549845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aShAAD4GXLCsEAABwKgKMtT8AFBu8NeG076weYAQAOULGQAAAQEICgE5vqID45AY"}
00432{"flow_id":125,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":663994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03IpAAD4G6U2sEAABwKgKMtTGAFDgpGUt5xYtXYARAOWAmAAAAQEICgE5vr8D44sa"}
00433{"flow_id":125,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1838,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":664212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vWhAAEAGBnDAqAoyrBAAAQBQ1MbnFi1d4KRlLoARAON7fgAAAQEICgPjkDUBOb6\/"}
00432{"flow_id":125,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1839,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347187,"pkt_ts_usec":664811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03ItAAD4G6UysEAABwKgKMtTGAFDgpGUu5xYtXoAQAOV7fAAAAQEICgE5vr8D45A1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1499347188799,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1499347188799,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347188,"pkt_ts_usec":799750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dE1AAD4GUYOsEAABwKgKMtUKAFDFBMuWAAAAAKACchA3+QAAAgQFtAQCCAoBOb\/bAAAAAAEDAwc="}
00445{"flow_id":129,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347188,"pkt_ts_usec":799865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Qqv+uT2xQTLl6AScSAOsgAAAgQFtAQCCAoD45FRATm\/2wEDAwc="}
00433{"flow_id":129,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347188,"pkt_ts_usec":800457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dE5AAD4GUYqsEAABwKgKMtUKAFDFBMuXr\/rk94AQAOWtuQAAAQEICgE5v9sD45FR"}
00433{"flow_id":126,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347189,"pkt_ts_usec":664580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/NJAAD4GyQWsEAABwKgKMtTUAFAdl0Y0WXxUE4ARAOXGQQAAAQEICgE5wLMD44xa"}
00433{"flow_id":126,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347189,"pkt_ts_usec":664828,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0xjpAAEAG\/Z3AqAoyrBAAAQBQ1NRZfFQTHZdGNYARAOPAcwAAAQEICgPjkikBOcCz"}
00433{"flow_id":126,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347189,"pkt_ts_usec":665524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/NNAAD4GyQSsEAABwKgKMtTUAFAdl0Y1WXxUFIAQAOXAcQAAAQEICgE5wLMD45Ip"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1499347190051,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1499347190051,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347190,"pkt_ts_usec":51246,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88xNAAD4G0rysEAABwKgKMtUYAFBhEDIAAAAAAKACchA0PgAAAgQFtAQCCAoBOcETAAAAAAEDAwc="}
00443{"flow_id":130,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347190,"pkt_ts_usec":51348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1RhSQOITYRAyAaAScSBqWwAAAgQFtAQCCAoD45KKATnBEwEDAwc="}
00431{"flow_id":130,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347190,"pkt_ts_usec":52122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08xRAAD4G0sOsEAABwKgKMtUYAFBhEDIBUkDiFIAQAOUJYgAAAQEICgE5wRQD45KK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1499347191299,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1499347191299,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":299775,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a9RAAD4GWfysEAABwKgKMtUmAFBoHamYAAAAAKACchC0UQAAAgQFtAQCCAoBOcJMAAAAAAEDAwc="}
00444{"flow_id":131,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1865,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":299934,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Sai+IEWaB2pmaAScSD5ewAAAgQFtAQCCAoD45PCATnCTAEDAwc="}
00432{"flow_id":131,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":300466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9VAAD4GWgOsEAABwKgKMtUmAFBoHamZoviBF4AQAOWYgwAAAQEICgE5wkwD45PC"}
00432{"flow_id":127,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":665248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C2NAAD4GunWsEAABwKgKMtTuAFDJ67YInSmE5YARAOUxCAAAAQEICgE5wqcD447d"}
00432{"flow_id":127,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1871,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":665477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0EPhAAEAGsuDAqAoyrBAAAQBQ1O6dKYTlyeu2CYARAOMryQAAAQEICgPjlB0BOcKn"}
00432{"flow_id":127,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347191,"pkt_ts_usec":666020,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C2RAAD4GunSsEAABwKgKMtTuAFDJ67YJnSmE5oAQAOUrxwAAAQEICgE5wqcD45Qd"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1499347192547,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1499347057628,"flow_last_seen":1499347063626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53166,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1499347060176,"flow_last_seen":1499347065627,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1499347061452,"flow_last_seen":1499347066629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1499347062740,"flow_last_seen":1499347068629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1499347065288,"flow_last_seen":1499347070631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1499347066560,"flow_last_seen":1499347071631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1499347192547,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347192,"pkt_ts_usec":547043,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NKNAAD4GkS2sEAABwKgKMtU0AFBlD\/cgAAAAAKACchBokgAAAgQFtAQCCAoBOcODAAAAAAEDAwc="}
00445{"flow_id":132,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347192,"pkt_ts_usec":547169,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1TRgTBA1ZQ\/3IaAScSBgEgAAAgQFtAQCCAoD45T6ATnDgwEDAwc="}
00434{"flow_id":132,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347192,"pkt_ts_usec":547915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NKRAAD4GkTSsEAABwKgKMtU0AFBlD\/chYEwQNoAQAOX\/GAAAAQEICgE5w4QD45T6"}
@@ -1102,35 +1102,35 @@
00434{"flow_id":129,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347194,"pkt_ts_usec":666743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dE9AAD4GUYmsEAABwKgKMtUKAFDFBMuXr\/rk94ARAOWn\/gAAAQEICgE5xZUD45FR"}
00433{"flow_id":129,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347194,"pkt_ts_usec":666932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0c\/tAAEAGT93AqAoyrBAAAQBQ1Qqv+uT3xQTLmIARAOOiRAAAAQEICgPjlwwBOcWV"}
00433{"flow_id":129,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347194,"pkt_ts_usec":667665,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dFBAAD4GUYisEAABwKgKMtUKAFDFBMuYr\/rk+IAQAOWiQQAAAQEICgE5xZYD45cM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1499347195099,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1499347195099,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":99621,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oYJAAD4GJE6sEAABwKgKMtVOAFAI3GeAAAAAAKACchBRzQAAAgQFtAQCCAoBOcYCAAAAAAEDAwc="}
00443{"flow_id":133,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":99731,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1U4LxrqfCNxngaAScSDw6gAAAgQFtAQCCAoD45d4ATnGAgEDAwc="}
00432{"flow_id":133,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":100507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oYNAAD4GJFWsEAABwKgKMtVOAFAI3GeBC8a6oIAQAOWP8gAAAQEICgE5xgID45d4"}
00432{"flow_id":130,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1903,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":666765,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08xVAAD4G0sKsEAABwKgKMtUYAFBhEDIBUkDiFIARAOUD5gAAAQEICgE5xo8D45KK"}
00432{"flow_id":130,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":666981,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ehJAAEAGScbAqAoyrBAAAQBQ1RhSQOIUYRAyAoARAOP+agAAAQEICgPjmAYBOcaP"}
00432{"flow_id":130,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347195,"pkt_ts_usec":667542,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08xZAAD4G0sGsEAABwKgKMtUYAFBhEDICUkDiFYAQAOX+ZwAAAQEICgE5xpAD45gG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1499347196341,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1499347196341,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":341596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LeJAAD4Gl+6sEAABwKgKMtVcAFCW1uraAAAAAKACchA\/NAAAAgQFtAQCCAoBOcc4AAAAAAEDAwc="}
00445{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1910,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":341721,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1Vx\/2Nugltbq26AScSBICAAAAgQFtAQCCAoD45iuATnHOAEDAwc="}
00433{"flow_id":134,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":342475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LeNAAD4Gl\/WsEAABwKgKMtVcAFCW1urbf9jboYAQAOXnDwAAAQEICgE5xzgD45iu"}
00432{"flow_id":131,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1915,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":667004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9ZAAD4GWgKsEAABwKgKMtUmAFBoHamZoviBF4ARAOWTRQAAAQEICgE5x4kD45PC"}
00432{"flow_id":131,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":667233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GBdAAEAGq8HAqAoyrBAAAQBQ1Sai+IEXaB2pmoARAOOOCAAAAQEICgPjmQABOceJ"}
00432{"flow_id":131,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347196,"pkt_ts_usec":667988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a9dAAD4GWgGsEAABwKgKMtUmAFBoHamaoviBGIAQAOWOBQAAAQEICgE5x4oD45kA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1499347197627,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1499347197627,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":627967,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jKtAAD4GOSWsEAABwKgKMtVqAFDoUUTRAAAAAKACchCScgAAAgQFtAQCCAoBOch6AAAAAAEDAwc="}
00444{"flow_id":135,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":628060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1WoUz7Ep6FFE0qAScSAvhQAAAgQFtAQCCAoD45nwATnIegEDAwc="}
00432{"flow_id":135,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":628711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jKxAAD4GOSysEAABwKgKMtVqAFDoUUTSFM+xKoAQAOXOjAAAAQEICgE5yHoD45nw"}
00433{"flow_id":132,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":668309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NKVAAD4GkTOsEAABwKgKMtU0AFBlD\/chYEwQNoARAOX6FwAAAQEICgE5yIQD45T6"}
00433{"flow_id":132,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":668531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0icxAAEAGOgzAqAoyrBAAAQBQ1TRgTBA2ZQ\/3IoARAOP1GAAAAQEICgPjmfoBOciE"}
00433{"flow_id":132,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347197,"pkt_ts_usec":669265,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NKZAAD4GkTKsEAABwKgKMtU0AFBlD\/ciYEwQN4AQAOX1FgAAAQEICgE5yIQD45n6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1499347200170,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1499347200170,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":170946,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8egdAAD4GS8msEAABwKgKMtWEAFAb8rDyAAAAAKACchDwGwAAAgQFtAQCCAoBOcr1AAAAAAEDAwc="}
00445{"flow_id":136,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":171056,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1YQCBmJ3G\/Kw86AScSDsLQAAAgQFtAQCCAoD45xsATnK9QEDAwc="}
00432{"flow_id":136,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":171661,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eghAAD4GS9CsEAABwKgKMtWEAFAb8rDzAgZieIAQAOWLNAAAAQEICgE5yvYD45xs"}
00432{"flow_id":133,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":669122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oYRAAD4GJFSsEAABwKgKMtVOAFAI3GeBC8a6oIARAOWKgQAAAQEICgE5y3ID45d4"}
00432{"flow_id":133,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":669309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JkhAAEAGnZDAqAoyrBAAAQBQ1U4LxrqgCNxngoARAOOFEgAAAQEICgPjnOgBOcty"}
00432{"flow_id":133,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347200,"pkt_ts_usec":670049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oYVAAD4GJFOsEAABwKgKMtVOAFAI3GeCC8a6oYAQAOWFEAAAAQEICgE5y3ID45zo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1499347201471,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1499347201471,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":471316,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JERAAD4GoYysEAABwKgKMtWSAFCOe+h\/AAAAAKACchBEsQAAAgQFtAQCCAoBOcw7AAAAAAEDAwc="}
00444{"flow_id":137,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":471439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1ZJxUzmIjnvogKAScSD5HwAAAgQFtAQCCAoD452xATnMOwEDAwc="}
00432{"flow_id":137,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":472194,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEVAAD4GoZOsEAABwKgKMtWSAFCOe+iAcVM5iYAQAOWYJwAAAQEICgE5zDsD452x"}
@@ -1138,99 +1138,99 @@
00433{"flow_id":134,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":669934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RkNAAEAGfZXAqAoyrBAAAQBQ1Vx\/2Nuhltbq3IAQAOPcpwAAAQEICgPjneMBOcxs"}
00433{"flow_id":134,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":669959,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RkRAAEAGfZTAqAoyrBAAAQBQ1Vx\/2Nuhltbq3IARAOPcpgAAAQEICgPjneMBOcxs"}
00432{"flow_id":134,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347201,"pkt_ts_usec":670504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qMxAAD4GHQysEAABwKgKMtVcAFCW1urcf9jbooAQAOXcpAAAAQEICgE5zGwD453j"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1499347069146,"flow_last_seen":1499347074630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53286,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1499347070422,"flow_last_seen":1499347075631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1499347071685,"flow_last_seen":1499347077632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1499347074268,"flow_last_seen":1499347079633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1499347075596,"flow_last_seen":1499347080634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":135,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1964,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":670148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jK1AAD4GOSusEAABwKgKMtVqAFDoUUTSFM+xKoARAOXJnwAAAQEICgE5zWYD45nw"}
00433{"flow_id":135,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":670342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0L\/dAAEAGk+HAqAoyrBAAAQBQ1WoUz7Eq6FFE04ARAOPEswAAAQEICgPjnt0BOc1m"}
00432{"flow_id":135,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":671105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jK5AAD4GOSqsEAABwKgKMtVqAFDoUUTTFM+xK4AQAOXEsQAAAQEICgE5zWYD457d"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1499347202722,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1499347202722,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":722084,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83mxAAD4G52OsEAABwKgKMtWgAFD5fxMfAAAAAKACchCtxwAAAgQFtAQCCAoBOc1zAAAAAAEDAwc="}
00444{"flow_id":138,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":722138,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1aA8zHVU+X8TIKAScSBZuAAAAgQFtAQCCAoD457qATnNcwEDAwc="}
00432{"flow_id":138,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347202,"pkt_ts_usec":722724,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03m1AAD4G52qsEAABwKgKMtWgAFD5fxMgPMx1VYAQAOX4vwAAAQEICgE5zXMD457q"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1499347205214,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1499347205214,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1982,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":214121,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZeBAAD4GX\/CsEAABwKgKMtW6AFAegaoCAAAAAKACchDvWQAAAgQFtAQCCAoBOc\/iAAAAAAEDAwc="}
00444{"flow_id":139,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1983,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":214328,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1bp74sNGHoGqA6AScSAL0wAAAgQFtAQCCAoD46FZATnP4gEDAwc="}
00433{"flow_id":139,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":215149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZeFAAD4GX\/esEAABwKgKMtW6AFAegaoDe+LDR4AQAOWq2QAAAQEICgE5z+MD46FZ"}
00432{"flow_id":136,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":671383,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eglAAD4GS8+sEAABwKgKMtWEAFAb8rDzAgZieIARAOWF1AAAAQEICgE50FUD45xs"}
00433{"flow_id":136,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1989,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":671601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0w7NAAEAGACXAqAoyrBAAAQBQ1YQCBmJ4G\/Kw9IARAOOAdgAAAQEICgPjocsBOdBV"}
00432{"flow_id":136,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347205,"pkt_ts_usec":672351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0egpAAD4GS86sEAABwKgKMtWEAFAb8rD0AgZieYAQAOWAdAAAAQEICgE50FUD46HL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1499347206497,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1499347206497,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1994,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":497401,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85d9AAD4G3\/CsEAABwKgKMtXIAFBJFTT8AAAAAKACchA4fQAAAgQFtAQCCAoBOdEjAAAAAAEDAwc="}
00446{"flow_id":140,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":497524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1cindk\/NSRU0\/aAScSCbmwAAAgQFtAQCCAoD46KZATnRIwEDAwc="}
00433{"flow_id":140,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":498250,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05eBAAD4G3\/esEAABwKgKMtXIAFBJFTT9p3ZPzoAQAOU6owAAAQEICgE50SMD46KZ"}
00432{"flow_id":137,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":671047,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEZAAD4GoZKsEAABwKgKMtWSAFCOe+iAcVM5iYARAOWTEgAAAQEICgE50U8D452x"}
00433{"flow_id":137,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":671231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0m0xAAEAGKIzAqAoyrBAAAQBQ1ZJxUzmJjnvogYARAOON\/wAAAQEICgPjosUBOdFP"}
00433{"flow_id":137,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347206,"pkt_ts_usec":672011,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JEdAAD4GoZGsEAABwKgKMtWSAFCOe+iBcVM5ioAQAOWN\/QAAAQEICgE50U8D46LF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1499347207764,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1499347207764,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347207,"pkt_ts_usec":764522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oEFAAD4GJY+sEAABwKgKMtXWAFBZgnIhAAAAAKACchDpnwAAAgQFtAQCCAoBOdJgAAAAAAEDAwc="}
00444{"flow_id":141,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347207,"pkt_ts_usec":764615,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1dboCFwKWYJyIqAScSD+sQAAAgQFtAQCCAoD46PWATnSYAEDAwc="}
00432{"flow_id":141,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347207,"pkt_ts_usec":765413,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oEJAAD4GJZasEAABwKgKMtXWAFBZgnIi6AhcC4AQAOWduQAAAQEICgE50mAD46PW"}
00432{"flow_id":138,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2012,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347208,"pkt_ts_usec":671466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03m5AAD4G52msEAABwKgKMtWgAFD5fxMgPMx1VYARAOXy7gAAAQEICgE500MD457q"}
00432{"flow_id":138,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2013,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347208,"pkt_ts_usec":671653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA00exAAEAG8evAqAoyrBAAAQBQ1aA8zHVV+X8TIYARAOPtIAAAAQEICgPjpLkBOdND"}
00432{"flow_id":138,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2014,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347208,"pkt_ts_usec":672448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03m9AAD4G52isEAABwKgKMtWgAFD5fxMhPMx1VoAQAOXtHgAAAQEICgE500MD46S5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1499347210270,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1499347210270,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":270105,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H3tAAD4GplWsEAABwKgKMtXwAFCR7supAAAAAKACchBVHwAAAgQFtAQCCAoBOdTSAAAAAAEDAwc="}
00444{"flow_id":142,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2025,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":270240,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1fCjgnLike7LqqAScSCVbAAAAgQFtAQCCAoD46ZJATnU0gEDAwc="}
00432{"flow_id":142,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2026,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":270995,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H3xAAD4GplysEAABwKgKMtXwAFCR7suqo4Jy44AQAOU0dAAAAQEICgE51NID46ZJ"}
00433{"flow_id":139,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":672145,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZeJAAD4GX\/asEAABwKgKMtW6AFAegaoDe+LDR4ARAOWlhAAAAQEICgE51TcD46FZ"}
00432{"flow_id":139,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":672337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZepAAEAGXe7AqAoyrBAAAQBQ1bp74sNHHoGqBIARAOOgMQAAAQEICgPjpq0BOdU3"}
00433{"flow_id":139,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347210,"pkt_ts_usec":673115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZeNAAD4GX\/WsEAABwKgKMtW6AFAegaoEe+LDSIAQAOWgLwAAAQEICgE51TcD46at"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1499347211522,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1499347211522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":522672,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86VZAAD4G3HmsEAABwKgKMtX+AFCmKj9dAAAAAKACchDL6AAAAgQFtAQCCAoBOdYLAAAAAAEDAwc="}
00445{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":522744,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1f624YVgpio\/XqAScSDlHwAAAgQFtAQCCAoD46eCATnWCwEDAwc="}
00432{"flow_id":143,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":523534,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VdAAD4G3ICsEAABwKgKMtX+AFCmKj9etuGFYYAQAOWEJgAAAQEICgE51gwD46eC"}
00433{"flow_id":140,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":673168,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05eFAAD4G3\/asEAABwKgKMtXIAFBJFTT9p3ZPzoARAOU1lAAAAQEICgE51jED46KZ"}
00434{"flow_id":140,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":673389,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06GlAAEAG227AqAoyrBAAAQBQ1cindk\/OSRU0\/oARAOMwhwAAAQEICgPjp6cBOdYx"}
00433{"flow_id":140,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347211,"pkt_ts_usec":674094,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05eJAAD4G3\/WsEAABwKgKMtXIAFBJFTT+p3ZPz4AQAOUwhQAAAQEICgE51jED46en"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":6,"flow_first_seen":1499347078168,"flow_last_seen":1499347083634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1499347079449,"flow_last_seen":1499347084635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":6,"flow_first_seen":1499347080793,"flow_last_seen":1499347086636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":6,"flow_first_seen":1499347082084,"flow_last_seen":1499347087636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":6,"flow_first_seen":1499347083358,"flow_last_seen":1499347088637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2045,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":7,"flow_first_seen":1499347084644,"flow_last_seen":1499347090638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":141,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2051,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347213,"pkt_ts_usec":673767,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oENAAD4GJZWsEAABwKgKMtXWAFBZgnIi6AhcC4ARAOWX8wAAAQEICgE52CUD46PW"}
00432{"flow_id":141,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347213,"pkt_ts_usec":674089,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09ZBAAEAGzkfAqAoyrBAAAQBQ1dboCFwLWYJyI4ARAOOSLgAAAQEICgPjqZwBOdgl"}
00432{"flow_id":141,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2053,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347213,"pkt_ts_usec":674658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oERAAD4GJZSsEAABwKgKMtXWAFBZgnIj6AhcDIAQAOWSLAAAAQEICgE52CUD46mc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1499347214088,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1499347214088,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347214,"pkt_ts_usec":88992,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KIZAAD4GnUqsEAABwKgKMtYYAFAozfALAAAAAKACchCV+wAAAgQFtAQCCAoBOdiNAAAAAAEDAwc="}
00443{"flow_id":144,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347214,"pkt_ts_usec":89106,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1hgNeWHdKM3wDKAScSB5nQAAAgQFtAQCCAoD46oDATnYjQEDAwc="}
00431{"flow_id":144,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347214,"pkt_ts_usec":89911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KIdAAD4GnVGsEAABwKgKMtYYAFAozfAMDXlh3oAQAOUYpQAAAQEICgE52I0D46oD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1499347215361,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1499347215361,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2066,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":361542,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dFpAAD4GUXasEAABwKgKMtYmAFDVm62RAAAAAKACchAqWwAAAgQFtAQCCAoBOdnLAAAAAAEDAwc="}
00444{"flow_id":145,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":361664,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1iYsMlMv1ZutkqAScSD8swAAAgQFtAQCCAoD46tBATnZywEDAwc="}
00432{"flow_id":145,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":362437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dFtAAD4GUX2sEAABwKgKMtYmAFDVm62SLDJTMIAQAOWbuwAAAQEICgE52csD46tB"}
00432{"flow_id":142,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":674762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H31AAD4GplusEAABwKgKMtXwAFCR7suqo4Jy44ARAOUvLAAAAQEICgE52hkD46ZJ"}
00432{"flow_id":142,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":675010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02XNAAEAG6mTAqAoyrBAAAQBQ1fCjgnLjke7Lq4ARAOMp5gAAAQEICgPjq5ABOdoZ"}
00432{"flow_id":142,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347215,"pkt_ts_usec":675564,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H35AAD4GplqsEAABwKgKMtXwAFCR7suro4Jy5IAQAOUp4wAAAQEICgE52hoD46uQ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1499347216659,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1499347216659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":659724,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zDVAAD4G+ZqsEAABwKgKMtY0AFD0uxclAAAAAKACchCgVAAAAgQFtAQCCAoBOdsQAAAAAAEDAwc="}
00445{"flow_id":146,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":659859,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1jQ3RTmT9LsXJqAScSB\/8QAAAgQFtAQCCAoD46yGATnbEAEDAwc="}
00432{"flow_id":146,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":660600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zDZAAD4G+aGsEAABwKgKMtY0AFD0uxcmN0U5lIAQAOUe+QAAAQEICgE52xAD46yG"}
00433{"flow_id":143,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":675356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VhAAD4G3H+sEAABwKgKMtX+AFCmKj9etuGFYYARAOV\/HQAAAQEICgE52xQD46eC"}
00433{"flow_id":143,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":676205,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KetAAEAGme3AqAoyrBAAAQBQ1f624YVhpio\/X4ARAON6FgAAAQEICgPjrIoBOdsU"}
00432{"flow_id":143,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2086,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347216,"pkt_ts_usec":676934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06VlAAD4G3H6sEAABwKgKMtX+AFCmKj9ftuGFYoAQAOV6FAAAAQEICgE52xQD46yK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1499347219208,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1499347219208,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":208358,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UEtAAD4GdYWsEAABwKgKMtZOAFD4043GAAAAAKACchAjBAAAAgQFtAQCCAoBOd2NAAAAAAEDAwc="}
00444{"flow_id":147,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2097,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":208484,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1k7LcrrD+NONx6AScSDqxQAAAgQFtAQCCAoD468DATndjQEDAwc="}
00432{"flow_id":147,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":209266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UExAAD4GdYysEAABwKgKMtZOAFD4043Hy3K6xIAQAOWJzQAAAQEICgE53Y0D468D"}
00432{"flow_id":144,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2102,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":675376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KIhAAD4GnVCsEAABwKgKMtYYAFAozfAMDXlh3oARAOUTLwAAAQEICgE53gID46oD"}
00432{"flow_id":144,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2103,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":675610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zqZAAEAG9THAqAoyrBAAAQBQ1hgNeWHeKM3wDYARAOMNuwAAAQEICgPjr3gBOd4C"}
00432{"flow_id":144,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347219,"pkt_ts_usec":676370,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KIlAAD4GnU+sEAABwKgKMtYYAFAozfANDXlh34AQAOUNuQAAAQEICgE53gID4694"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1499347220447,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1499347220447,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347220,"pkt_ts_usec":447373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ABAAD4G3c+sEAABwKgKMtZcAFBnOTbDAAAAAKACchAKXgAAAgQFtAQCCAoBOd7DAAAAAAEDAwc="}
00444{"flow_id":148,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347220,"pkt_ts_usec":447497,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1lzT7Q76Zzk2xKAScSB0OAAAAgQFtAQCCAoD47A5ATnewwEDAwc="}
00432{"flow_id":148,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2110,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347220,"pkt_ts_usec":448248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AFAAD4G3dasEAABwKgKMtZcAFBnOTbE0+0O+4AQAOUTQAAAAQEICgE53sMD47A5"}
@@ -1240,31 +1240,31 @@
00433{"flow_id":146,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2120,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":676327,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zDdAAD4G+aCsEAABwKgKMtY0AFD0uxcmN0U5lIARAOUaEgAAAQEICgE53\/YD46yG"}
00433{"flow_id":146,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2121,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":676668,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0iPhAAEAGOuDAqAoyrBAAAQBQ1jQ3RTmU9LsXJ4ARAOMVLQAAAQEICgPjsWwBOd\/2"}
00433{"flow_id":146,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2122,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":677281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zDhAAD4G+Z+sEAABwKgKMtY0AFD0uxcnN0U5lYAQAOUVKwAAAQEICgE53\/YD47Fs"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1499347221694,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1499347221694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":694992,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89JJAAD4G0T2sEAABwKgKMtZqAFAcVCtpAAAAAKACchBfVwAAAgQFtAQCCAoBOd\/7AAAAAAEDAwc="}
00444{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":695136,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1mpdkOZGHFQraqAScSBnCgAAAgQFtAQCCAoD47FxATnf+wEDAwc="}
00433{"flow_id":149,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347221,"pkt_ts_usec":695692,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JNAAD4G0USsEAABwKgKMtZqAFAcVCtqXZDmR4AQAOUGEgAAAQEICgE53\/sD47Fx"}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_tot_l4_data_len":242613,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":782,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1499347224338,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":310,"flow_first_seen":1499347033203,"flow_last_seen":1499347101320,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232677,"flow_avg_l4_payload_len":750,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1499347087256,"flow_last_seen":1499347092638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1499347088552,"flow_last_seen":1499347093638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":6,"flow_first_seen":1499347091102,"flow_last_seen":1499347096639,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":6,"flow_first_seen":1499347092374,"flow_last_seen":1499347097640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1499347093662,"flow_last_seen":1499347099640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53544,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2129,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":6,"flow_first_seen":1499347096201,"flow_last_seen":1499347101640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1499347224338,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":338550,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K5xAAD4GmjSsEAABwKgKMtaEAFDFiskTAAAAAKACchAVyAAAAgQFtAQCCAoBOeKPAAAAAAEDAwc="}
00444{"flow_id":150,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":338687,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1oTh1R3txYrJFKAScSBe+gAAAgQFtAQCCAoD47QGATnijwEDAwc="}
00432{"flow_id":150,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2140,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":339447,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K51AAD4GmjusEAABwKgKMtaEAFDFiskU4dUd7oAQAOX+AAAAAQEICgE54pAD47QG"}
00432{"flow_id":147,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":677131,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UE1AAD4GdYusEAABwKgKMtZOAFD4043Hy3K6xIARAOWEdQAAAQEICgE54uQD468D"}
00433{"flow_id":147,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":677345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Dp5AAEAGtTrAqAoyrBAAAQBQ1k7LcrrE+NONyIARAON\/HwAAAQEICgPjtFoBOeLk"}
00433{"flow_id":147,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2146,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347224,"pkt_ts_usec":678056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UE5AAD4GdYqsEAABwKgKMtZOAFD4043Iy3K6xYAQAOV\/HQAAAQEICgE54uQD47Ra"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1499347225590,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1499347225590,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347225,"pkt_ts_usec":590247,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hTdAAD4GQJmsEAABwKgKMtaSAFC4kmb\/AAAAAKACchCDjQAAAgQFtAQCCAoBOePIAAAAAAEDAwc="}
00445{"flow_id":151,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347225,"pkt_ts_usec":590373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1pJbUfWYuJJnAKAScSB6XwAAAgQFtAQCCAoD47U\/ATnjyAEDAwc="}
00433{"flow_id":151,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347225,"pkt_ts_usec":591132,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hThAAD4GQKCsEAABwKgKMtaSAFC4kmcAW1H1mYAQAOUZZgAAAQEICgE548kD47U\/"}
@@ -1274,11 +1274,11 @@
00432{"flow_id":149,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2165,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347227,"pkt_ts_usec":677198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JRAAD4G0UOsEAABwKgKMtZqAFAcVCtqXZDmR4ARAOUAOgAAAQEICgE55dID47Fx"}
00432{"flow_id":149,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2166,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347227,"pkt_ts_usec":677420,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0UQ9AAEAGcsnAqAoyrBAAAQBQ1mpdkOZHHFQra4ARAOP6YwAAAQEICgPjt0gBOeXS"}
00432{"flow_id":149,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2167,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347227,"pkt_ts_usec":677963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JVAAD4G0UKsEAABwKgKMtZqAFAcVCtrXZDmSIAQAOX6YQAAAQEICgE55dID47dI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1499347228091,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1499347228091,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2171,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347228,"pkt_ts_usec":91325,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p6lAAD4GHiesEAABwKgKMtasAFAs20GTAAAAAKACchAyJQAAAgQFtAQCCAoBOeY6AAAAAAEDAwc="}
00443{"flow_id":152,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2172,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347228,"pkt_ts_usec":91420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1qzT8idALNtBlKAScSB8PQAAAgQFtAQCCAoD47ewATnmOgEDAwc="}
00432{"flow_id":152,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347228,"pkt_ts_usec":92023,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p6pAAD4GHi6sEAABwKgKMtasAFAs20GU0\/InQYAQAOUbRQAAAQEICgE55joD47ew"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1499347229416,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1499347229416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347229,"pkt_ts_usec":416931,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aTtAAD4GXJWsEAABwKgKMta6AFA5aI6+AAAAAKACchDXEwAAAgQFtAQCCAoBOeeFAAAAAAEDAwc="}
00444{"flow_id":153,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347229,"pkt_ts_usec":417089,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1rr5YE9wOWiOv6AScSDSQgAAAgQFtAQCCAoD47j7ATnnhQEDAwc="}
00433{"flow_id":153,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2182,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347229,"pkt_ts_usec":417826,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aTxAAD4GXJysEAABwKgKMta6AFA5aI6\/+WBPcYAQAOVxSgAAAQEICgE554UD47j7"}
@@ -1288,92 +1288,92 @@
00433{"flow_id":151,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":678674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hTlAAD4GQJ+sEAABwKgKMtaSAFC4kmcAW1H1mYARAOUUbQAAAQEICgE56MED47U\/"}
00432{"flow_id":151,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":678898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0T65AAEAGdCrAqAoyrBAAAQBQ1pJbUfWZuJJnAYARAOMPdgAAAQEICgPjujcBOejB"}
00432{"flow_id":151,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":679597,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hTpAAD4GQJ6sEAABwKgKMtaSAFC4kmcBW1H1moAQAOUPdAAAAQEICgE56MED47o3"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1499347230690,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1499347230690,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":690806,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uy1AAD4GCqOsEAABwKgKMtbIAFCbKFPuAAAAAKACchCu1wAAAgQFtAQCCAoBOejDAAAAAAEDAwc="}
00444{"flow_id":154,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":690844,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1shnmPeomyhT76AScSCSVwAAAgQFtAQCCAoD47o6ATnowwEDAwc="}
00432{"flow_id":154,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347230,"pkt_ts_usec":691619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy5AAD4GCqqsEAABwKgKMtbIAFCbKFPvZ5j3qYAQAOUxXgAAAQEICgE56MQD47o6"}
00948{"flow_id":152,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":733910,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzp6tAAD4GHK6sEAABwKgKMtasAFAs20GU0\/InQYAYAOXGvgAAAQEICgE56cgD47ewR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":4,"flow_first_seen":1499347228091,"flow_last_seen":1499347231733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":152,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2205,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":734008,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nH5AAEAGJ1rAqAoyrBAAAQBQ1qzT8idBLNtDE4AQAOsSowAAAQEICgPjuz8BOenI"}
02829{"flow_id":152,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":737132,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfnH9AAEAGIG7AqAoyrBAAAQBQ1qzT8idBLNtDE4AYAOt9\/QAAAQEICgPjuz8BOenISFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIwOjMxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00434{"flow_id":152,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2207,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":738005,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p6xAAD4GHiysEAABwKgKMtasAFAs20MT0\/IuLIAQAQALogAAAQEICgE56ckD47s\/"}
01217{"flow_id":152,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2208,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":972109,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9p61AAD4GG+KsEAABwKgKMtasAFAs20MT0\/IuLIAYAQAGawAAAQEICgE56gQD47s\/R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdBWlc5UDkxWTQ0SzBaU0gzNUIzNFBWWFZNVzBGTUVVNTg0TjFCR0FYSURNU1dETTYwVSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02965{"flow_id":152,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2209,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":975589,"pkt_caplen":1933,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1933,"pkt_l4_len":1899,"pkt":"AMGxFOsxABm5CmnxCABFAAd\/nIFAAEAGIAzAqAoyrBAAAQBQ1qzT8i4sLNtFXIAYAPR+XQAAAQEICgPju3sBOeoESFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIwOjMxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNg0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Ye0\/jOBD\/G6T9Dj6fdMBKxPRgTwvbZkVbWNDBbm9TKHs6KXITtzU4cdZ2Wvj2N86jDc+SLRIqjj2P33jG4xm\/W2\/+1v3W6f\/oHaGJiQTqXbTPTjsIbxMy2O0Q0u130dVJ\/\/wMNZwd5BnFA0PI0VeM8MSY5ICQ2WzmzHYdqcak\/53cWikNy1YMt3XG44QmxO679XfrzUzPbSRi3XpCRmN\/fz9nzcnXmhNGQxiurTUjZiiyLNvsZ8qnLdyRsWGx2e7fJQyjIP9qYcNuDbEiPqFgQpVmpnXRP97+iBHJZa41DTeCuZepiJmiQy64uTtA39lIsMCwEHWU1Bp53DDkBYonhsdjtHnleVvo4AB1aRSjklcwNGBDdJgkggfUcBmjze7l4HALTRtOYwe977IpEzKJANr7JskVFygEj2+QYqKFtbkTTE8YMxgZsKYwItAao4lioxZ2HAJ\/4XRG7SyJKI+dbJk8lsZhK0o5\/\/GIjhmBqfuSRnRqyZxsYS5DZ9ZWIVzTKc1nMdIquAfkWmf\/e6DAudbYbZKcsvAcKVxnx0MZ3qFAUG29LiOGc5eGfIp42MLWd2ARU4XXK0tWSGV+rcmj8SMkmZGaCDmWThKPMaICAmGJoxZ2A1ZQ90i13WQfHJdWtD9a8xMahizMDQKCVJR22tW2kMGN3RrBkYwDUH3TwjMeh3LmwFKGo7WRW+Js4JIVGOg9dznYPYFtaxIKuyy4u\/4agTyG05cGdko7ySR5Qf5DUuyeVmbqqYUDlyZL9M1psOvZISJw\/GASddsVZSQV7gobOq2cbw7hMVSpYeQFVE8zYLdt\/6NjqYKaHngokN2yoA6AjB67HRlFNA7RaXzNMo+shiLQalQHRUYPKLzvx6spHnHifE7gqLY4cKYhWxIlr+LH7jGHw31qZ\/TKe5MmQtKwzu4UHAWMi+xrRf\/QxMDNVctFBUt2blmQKoY6h71+5+RwNSj6p+B1cGT0cKb\/OXurYLUS\/SFcbrWcUuF6gAZttu301mqoZoze+LwWpJIFuwMYIY9pG63otFszvT6Ue6u1XwtIzoBdqGegVvl2vuJWWHGqol+zvIp6FQ5V4pgXX2+ARtfdDV2i8IxU9yGseAVlZxGqy6XX4YIMu7Z+hPjIp+ptB\/DzeCSXqKtQYbd30oPTMZL1FNGhTM0SNXMa7B7a4dttqy30lqpfEGH3LBs\/AFBUbPdqv+cLQVvCLgpB6GTsaqHbrlULweak8SvdBZTMjaJgrgifzitYP5Ah86litKifR1JFKKYRVOvAD2VvluJa+HeMoFuaSMD+5ahf1KbNpLB4MKFmQ6M7maqM+XNZWcdJWi3+cSHa\/s7r2yqRTocRB7IpFSl8evlnoY0kbt5UEIsyx5so5p4wISQqWg0XKn8tBQMPjzc3Dv8d7Pf2Gz\/29v7e+dc72f3Q3t3rXV5dng92js+PLj583PvaaH85vDrtnnuD7vlfOxcbW5+qEkIZpLbTcgIpbzjb+jRvSQCOYplrFh5uTv50z+HAZ+GvIppfVjBp14r4gGhcxJVtPnXRsMoZ1UnWs0KIslsbZiTz7LYGz\/pzz\/qZZ6Edo2oMnSiGW4nGN9j9dVnzKK6ND7h9qFIMU\/4RtHVgrt+B\/sr4XtF61sT4srzlOFnszPgNT1jIaSbaflUt16Xlz2N7vYyX8RRmBmM+T8aBjOz1sD2iP53sSeJJEK9gfJXmHCcVTJlGJuFFdY+oqzqK7JaHetm5DhX0u\/lvmcKeSXlF3gkEo2p+mp\/Ki\/pOGxb59i55Mj8MU2Nsn13kh0vOZgiOfzLP2YlM0sQvyWTcybP+4tHhACgukk30zG0\/BYn+BCTacPwMkLKa4o\/SES0hZxtoC7toKSwPkmHA3haYzmQuhWZ3kwo+hrwt2AjyZ5NF7oVmyubdgyaBL0TDiMeFC+G7LA7QmX1dKmhA4oICbvXTrleshFzb6yMsvfisQ0dSmnuPLYm7ymtX8tS1Wk3AxF6c+btg9mLn\/g+fukQhkhQAAA=="}
00434{"flow_id":152,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2210,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347231,"pkt_ts_usec":976292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p65AAD4GHiqsEAABwKgKMtasAFAs20Vc0\/I1d4AQAR0BeQAAAQEICgE56gUD47t7"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":6,"flow_first_seen":1499347098746,"flow_last_seen":1499347104641,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":6,"flow_first_seen":1499347101314,"flow_last_seen":1499347106642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1499347102609,"flow_last_seen":1499347107642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53638,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1499347105154,"flow_last_seen":1499347110642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1499347106438,"flow_last_seen":1499347111642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00949{"flow_id":152,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2211,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347232,"pkt_ts_usec":982369,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzp69AAD4GHKqsEAABwKgKMtasAFAs20Vc0\/I1d4AYAR2vhQAAAQEICgE56wAD47t7R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":152,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2212,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347232,"pkt_ts_usec":986552,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcenINAAEAGIGvAqAoyrBAAAQBQ1qzT8jV3LNtG24AYAP19\/AAAAQEICgPjvHgBOesASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIwOjMyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00434{"flow_id":152,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2213,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347232,"pkt_ts_usec":987247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p7BAAD4GHiisEAABwKgKMtasAFAs20bb0\/I8YYAQATn2+QAAAQEICgE56wID47x4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1499347233219,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1499347233219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2214,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347233,"pkt_ts_usec":219454,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Fw9AAD4GrsGsEAABwKgKMtbiAFBsKfwzAAAAAKACchAy\/gAAAgQFtAQCCAoBOes8AAAAAAEDAwc="}
00444{"flow_id":155,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2215,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347233,"pkt_ts_usec":219592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1uJkUL6IbCn8NKAScSBQbgAAAgQFtAQCCAoD47yyATnrPAEDAwc="}
00432{"flow_id":155,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347233,"pkt_ts_usec":220340,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FxBAAD4GrsisEAABwKgKMtbiAFBsKfw0ZFC+iYAQAOXvdQAAAQEICgE56zwD47yy"}
01217{"flow_id":152,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347233,"pkt_ts_usec":220367,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9p7FAAD4GG96sEAABwKgKMtasAFAs20bb0\/I8YYAYATmSaQAAAQEICgE56zwD47x4R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdIUkhIVk9HR1JEQlJPMEVaWU05QlZBU1Q1WVoyVkxCMUFYWTA1QUdISUZPVkxCM1pSTCUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02952{"flow_id":152,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347233,"pkt_ts_usec":223402,"pkt_caplen":1929,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1929,"pkt_l4_len":1895,"pkt":"AMGxFOsxABm5CmnxCABFAAd7nIVAAEAGIAzAqAoyrBAAAQBQ1qzT8jxhLNtJJIAYAQd+WQAAAQEICgPjvLMBOes8SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIwOjMzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxMg0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Ye0\/jOBD\/G6T9Dj6fdMBKxHRXKx1sm1UfQJHKwbUFltVJkZu4rcGJg+208O1vnEcbniVbJFT8mMdvPOPxTD5t1v\/onLWH1+eHaGpCgc4vWr2TNsK7hFx9bRPSGXbQz+7wtIdqzh4aGMV9Q8jhPxjhqTHxASHz+dyZf3WkmpBhn9xbKTXLlg93dcrjBCbA7qfNT5v1VM99KCLdeEFGbX9\/P2PNyDfqU0YDGG5s1ENmKLIsu+wu4bMGbsvIsMjsDh9ihpGfzRrYsHtDrIjvyJ9SpZlpXAyPdv\/GiGQyN+qGG8Hcy0RETNERF9w8HKA+GwvmGxagtpJaowE3DA18xWPDowna\/jkY7KCDA9ShYYQKXsHQFRuhZhwL7lPDZYS2O5dXzR00qzm1PfS5w2ZMyDgEaJ\/rJFOcoxA8ukWKiQbW5kEwPWXMYGTAmtwIX2uMpoqNG9hxCPwFszm1qySkPHLSbfJcGoejKOT8x0M6YQSWHksa05klc9KNhQydWluGcENnNFvFSCv\/EZAbnf4\/BwXOjcZunWSUuedI7jo7HsngAfmCaut1GTKcuTTgM8SDBra+A4uYyr1e2rJCSusbdR5OniFJjdREyIl04miCERUQCCsctbQbsIK6Z6rtIXvguKSk\/dmeF9MgYEFmEBAkorDT7raE9G\/t0QiOZOSD6tsGnvMokHMHtlIcja3MEmcLF6zAQB+5y8FuF46tTiicsuDu5nsE8ghuX+LbJe3E0\/gN+U9JsXtSWqmmFi5cEq\/Qt6DB7sAOEYHrB4uo0yopI4lw1zjQWel+cwiPkUoMI2+gepkBuy37Hx1J5Vf0wFOB7J75VQCk9NhtyzCkUYBOohuWemQ9FL5W4yooUnpAMegfrad4zInzI4ar2uDAmQRsRZS8ix+7Rxwu94ld0WufTRILSYMqp5Nz5DAu0tma\/qGxgZerkotylvTeMj9RDLWb58N2t7keFH0neBUcKT3c6X97HxWsVqI3gsetklNKXE\/QoO2WXd5ZD9Wc0VuPV4JUsGD3CkZowLSNVnTSqZhen8q919qrBCRjwC7UM1CrnJ2ueRRWnCrp1yyrot6FQxU4FsXXB6DRVU9DFygGRqrHENZ8gtK7CNXlyudwSYZdWz9CfGRL1Y4D+Hk0livUlaiwe949h9sxltUU0ZFMzAo1CxrsNu3w447VFnor1S+JsNtLx08A5BXbo9rv9ULQlrDLQhA6Gbub67Z75UKwPq39TncBJXMtL5hLwmeLCtbzZcA8qhjN6+exVCGKaAjVOvBD2ZumuAb+EyPolqYSsB8fDvPatB7nFl9NqdnS6EEmKmX+UVTWUZyUi3+ci7a\/i\/q2TKSTUciBbEZFAtNBNs21kdjNmgpiUWZ4Y8XcLhNCorzVcKHy11Iw8PBke6vb73Yvz46P+51W\/2zv8Nf16X7rsjkYfrv+9eWy16o1f17vfWsed0+OzmD69Ve\/t7XzvSwhkH5iOy3Hl\/KWs53vi5YE4CiWumbp4fr0i3sKFz4NfxXS7LGCRbuXxwdE4zKubPOp84ZVzqmO054VQpTd2zAjqWd3NXjWW3jWSz0L7RhVE+hEMbxKNLrF7u\/LWkRxZXzA7UGVYpjyDqGtA3O9NvRXxhvkrWdFjG\/LW42TRc6c3\/KYBZymou2sbLkuLH8d2\/tlvI0nN9Of8EUy9mVon4fdMb1z0k8SL4J4B+O7NGc4qWDK1FIJb6p7Rl3WkWe3LNSLznWkoN\/NfosU9krKy\/OOLxhVi9v8Ul7UD9qw0LNvyYv5YZQYY\/vsPD9ccjZHcP3jRc6OZZzEXkEmo3aW9ZcfHQ6A4iLeRq+89jOQ6E1Bog3HHwAprSn+KhzREHK+hXawi1bCGkAy9NnHAtOpzJXQ7GlSwSeQtwUbQ\/6ss9C90EzZvHtQJzBDNAh5lLsQ5kVxgHr261JOAxKXFPCqn3QG+U7AtX0+gsKLrzp0LKV59LEldtf52hW\/9KyWEzCxD2f2XTD9Yuf+D41zJPaSFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1499347234469,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1499347234469,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":469555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vaZAAD4GCCqsEAABwKgKMtbwAFD38VHSAAAAAKACchBQUQAAAgQFtAQCCAoBOex0AAAAAAEDAwc="}
00445{"flow_id":156,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":469712,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1vAPBPjT9\/FR06AScSCHigAAAgQFtAQCCAoD473qATnsdAEDAwc="}
00432{"flow_id":156,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":470460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vadAAD4GCDGsEAABwKgKMtbwAFD38VHTDwT41IAQAOUmkgAAAQEICgE57HQD473q"}
00433{"flow_id":153,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2229,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":680102,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aT1AAD4GXJusEAABwKgKMta6AFA5aI6\/+WBPcYARAOVsJQAAAQEICgE57KkD47j7"}
00432{"flow_id":153,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":680363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08W5AAEAG0mnAqAoyrBAAAQBQ1rr5YE9xOWiOwIARAONnAgAAAQEICgPjvh8BOeyp"}
00432{"flow_id":153,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2231,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347234,"pkt_ts_usec":681066,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aT5AAD4GXJqsEAABwKgKMta6AFA5aI7A+WBPcoAQAOVnAAAAAQEICgE57KkD474f"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1499347235716,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1499347235716,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347235,"pkt_ts_usec":716450,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wLxAAD4GBRSsEAABwKgKMtb+AFAtaC0QAAAAAKACchA+VwAAAgQFtAQCCAoBOe2sAAAAAAEDAwc="}
00444{"flow_id":157,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347235,"pkt_ts_usec":716582,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1v760xqZLWgtEaAScSBmwwAAAgQFtAQCCAoD478iATntrAEDAwc="}
00432{"flow_id":157,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347235,"pkt_ts_usec":717314,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL1AAD4GBRusEAABwKgKMtb+AFAtaC0R+tMamoAQAOUFywAAAQEICgE57awD478i"}
00432{"flow_id":154,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347236,"pkt_ts_usec":681265,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uy9AAD4GCqmsEAABwKgKMtbIAFCbKFPvZ5j3qYARAOUrhAAAAQEICgE57p0D47o6"}
00432{"flow_id":154,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2242,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347236,"pkt_ts_usec":681485,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0N7pAAEAGjB7AqAoyrBAAAQBQ1shnmPepmyhT8IARAOMlrAAAAQEICgPjwBMBOe6d"}
00432{"flow_id":154,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2243,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347236,"pkt_ts_usec":682228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uzBAAD4GCqisEAABwKgKMtbIAFCbKFPwZ5j3qoAQAOUlqgAAAQEICgE57p0D48AT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1499347238260,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1499347238260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2253,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":260432,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8N5lAAD4GjjesEAABwKgKMtcYAFCMG8exAAAAAKACchBCbAAAAgQFtAQCCAoBOfAoAAAAAAEDAwc="}
00444{"flow_id":158,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":260538,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1xiQuLeAjBvHsqAScSA1kAAAAgQFtAQCCAoD48GeATnwKAEDAwc="}
00432{"flow_id":158,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2255,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":261347,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N5pAAD4Gjj6sEAABwKgKMtcYAFCMG8eykLi3gYAQAOXUlwAAAQEICgE58CgD48Ge"}
00432{"flow_id":155,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":681516,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FxFAAD4GrsesEAABwKgKMtbiAFBsKfw0ZFC+iYARAOXqHwAAAQEICgE58JED47yy"}
00432{"flow_id":155,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":681730,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fI5AAEAGR0rAqAoyrBAAAQBQ1uJkUL6JbCn8NYARAOPkywAAAQEICgPjwgcBOfCR"}
00432{"flow_id":155,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347238,"pkt_ts_usec":682299,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FxJAAD4GrsasEAABwKgKMtbiAFBsKfw1ZFC+ioAQAOXkyQAAAQEICgE58JED48IH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1499347239517,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1499347239517,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":517421,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d9VAAD4GTfusEAABwKgKMtcmAFDWiYa3AAAAAKACchA3sAAAAgQFtAQCCAoBOfFiAAAAAAEDAwc="}
00444{"flow_id":159,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":517546,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1yYFUEfr1omGuKAScSAkmAAAAgQFtAQCCAoD48LYATnxYgEDAwc="}
00432{"flow_id":159,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":518102,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d9ZAAD4GTgKsEAABwKgKMtcmAFDWiYa4BVBH7IAQAOXDnwAAAQEICgE58WID48LY"}
00432{"flow_id":156,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2271,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":681627,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vahAAD4GCDCsEAABwKgKMtbwAFD38VHTDwT41IARAOUhegAAAQEICgE58YsD473q"}
00433{"flow_id":156,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":681844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0O9VAAEAGiAPAqAoyrBAAAQBQ1vAPBPjU9\/FR1IARAOMcZAAAAQEICgPjwwEBOfGL"}
00432{"flow_id":156,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347239,"pkt_ts_usec":682509,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0valAAD4GCC+sEAABwKgKMtbwAFD38VHUDwT41YAQAOUcYgAAAQEICgE58YsD48MB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1499347240786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1499347240786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347240,"pkt_ts_usec":786524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LjpAAD4Gl5asEAABwKgKMtc0AFB5mNylAAAAAKACchA9aAAAAgQFtAQCCAoBOfKfAAAAAAEDAwc="}
00444{"flow_id":160,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347240,"pkt_ts_usec":786650,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1zRt9KwCeZjcpqAScSBcVgAAAgQFtAQCCAoD48QWATnynwEDAwc="}
00432{"flow_id":160,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347240,"pkt_ts_usec":787208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjtAAD4Gl52sEAABwKgKMtc0AFB5mNymbfSsA4AQAOX7XAAAAQEICgE58qAD48QW"}
00433{"flow_id":157,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347241,"pkt_ts_usec":681820,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL5AAD4GBRqsEAABwKgKMtb+AFAtaC0R+tMamoARAOX\/9gAAAQEICgE5838D478i"}
00433{"flow_id":157,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347241,"pkt_ts_usec":682043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03m9AAEAG5WjAqAoyrBAAAQBQ1v760xqaLWgtEoARAOP6IwAAAQEICgPjxPYBOfN\/"}
00432{"flow_id":157,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347241,"pkt_ts_usec":682595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wL9AAD4GBRmsEAABwKgKMtb+AFAtaC0S+tMam4AQAOX6IAAAAQEICgE584AD48T2"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1499347243333,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":6,"flow_first_seen":1499347107719,"flow_last_seen":1499347113642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1499347110266,"flow_last_seen":1499347115643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":6,"flow_first_seen":1499347111565,"flow_last_seen":1499347116643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":6,"flow_first_seen":1499347114111,"flow_last_seen":1499347119643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":6,"flow_first_seen":1499347115408,"flow_last_seen":1499347120644,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2292,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":6,"flow_first_seen":1499347116705,"flow_last_seen":1499347122644,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1499347243333,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":333607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87MZAAD4G2QmsEAABwKgKMtdOAFA1pxnaAAAAAKACchBBjgAAAgQFtAQCCAoBOfUcAAAAAAEDAwc="}
00444{"flow_id":161,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":333746,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ104lyvYYNacZ26AScSBcFAAAAgQFtAQCCAoD48aSATn1HAEDAwc="}
00432{"flow_id":161,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":334298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07MdAAD4G2RCsEAABwKgKMtdOAFA1pxnbJcr2GYAQAOX7GwAAAQEICgE59RwD48aS"}
00432{"flow_id":158,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2301,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":682335,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N5tAAD4Gjj2sEAABwKgKMtcYAFCMG8eykLi3gYARAOXPSwAAAQEICgE59XMD48Ge"}
00432{"flow_id":158,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2302,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":683316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cWtAAEAGUm3AqAoyrBAAAQBQ1xiQuLeBjBvHs4ARAOPKAAAAAQEICgPjxuoBOfVz"}
00433{"flow_id":158,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2303,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347243,"pkt_ts_usec":683907,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0N5xAAD4GjjysEAABwKgKMtcYAFCMG8ezkLi3goAQAOXJ\/QAAAQEICgE59XQD48bq"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1499347244580,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1499347244580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347244,"pkt_ts_usec":580438,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UrJAAD4Gcx6sEAABwKgKMtdcAFCKtaTmAAAAAKACchBgLQAAAgQFtAQCCAoBOfZUAAAAAAEDAwc="}
00444{"flow_id":162,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347244,"pkt_ts_usec":580563,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ11yGUuJUirWk56AScSAstwAAAgQFtAQCCAoD48fKATn2VAEDAwc="}
00432{"flow_id":162,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347244,"pkt_ts_usec":581330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UrNAAD4GcyWsEAABwKgKMtdcAFCKtaTnhlLiVYAQAOXLvgAAAQEICgE59lQD48fK"}
@@ -1383,42 +1383,42 @@
00432{"flow_id":160,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2322,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347246,"pkt_ts_usec":683725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LjxAAD4Gl5ysEAABwKgKMtc0AFB5mNymbfSsA4ARAOX1mQAAAQEICgE5+GID48QW"}
00432{"flow_id":160,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2323,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347246,"pkt_ts_usec":683972,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZdtAAEAGXf3AqAoyrBAAAQBQ1zRt9KwDeZjcp4ARAOPv2AAAAQEICgPjydgBOfhi"}
00432{"flow_id":160,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347246,"pkt_ts_usec":684535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Lj1AAD4Gl5usEAABwKgKMtc0AFB5mNynbfSsBIAQAOXv1gAAAQEICgE5+GID48nY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1499347247114,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1499347247114,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347247,"pkt_ts_usec":114373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GLNAAD4GrR2sEAABwKgKMtd2AFApn+B+AAAAAKACchCDGAAAAgQFtAQCCAoBOfjNAAAAAAEDAwc="}
00445{"flow_id":163,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347247,"pkt_ts_usec":114501,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ13ZCBl2jKZ\/gf6AScSAWJgAAAgQFtAQCCAoD48pEATn4zQEDAwc="}
00433{"flow_id":163,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347247,"pkt_ts_usec":115246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GLRAAD4GrSSsEAABwKgKMtd2AFApn+B\/QgZdpIAQAOW1LAAAAQEICgE5+M4D48pE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1499347248373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1499347248373,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":373777,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JiRAAD4Gn6ysEAABwKgKMteEAFBjB9wsAAAAAKACchBMuQAAAgQFtAQCCAoBOfoIAAAAAAEDAwc="}
00444{"flow_id":164,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2338,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":373899,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ14RKuW9xYwfcLaAScSDECwAAAgQFtAQCCAoD48t+ATn6CAEDAwc="}
00432{"flow_id":164,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2339,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":374677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JiVAAD4Gn7OsEAABwKgKMteEAFBjB9wtSrlvcoAQAOVjEgAAAQEICgE5+gkD48t+"}
00432{"flow_id":161,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":683699,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07MhAAD4G2Q+sEAABwKgKMtdOAFA1pxnbJcr2GYARAOX14AAAAQEICgE5+lYD48aS"}
00432{"flow_id":161,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":683941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PdVAAEAGhgPAqAoyrBAAAQBQ104lyvYZNacZ3IARAOPwpwAAAQEICgPjy8wBOfpW"}
00432{"flow_id":161,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2345,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347248,"pkt_ts_usec":684497,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07MlAAD4G2Q6sEAABwKgKMtdOAFA1pxncJcr2GoAQAOXwpQAAAQEICgE5+lYD48vM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1499347249651,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1499347249651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":651918,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ostAAD4GIwWsEAABwKgKMteSAFAC31mDAAAAAKACchAuPQAAAgQFtAQCCAoBOftIAAAAAAEDAwc="}
00444{"flow_id":165,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2350,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":652052,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ15JGEK8pAt9ZhKAScSBpQAAAAgQFtAQCCAoD48y+ATn7SAEDAwc="}
00432{"flow_id":165,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":652642,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0osxAAD4GIwysEAABwKgKMteSAFAC31mERhCvKoAQAOUISAAAAQEICgE5+0gD48y+"}
00432{"flow_id":162,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":684234,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UrRAAD4GcySsEAABwKgKMtdcAFCKtaTnhlLiVYARAOXGwQAAAQEICgE5+1AD48fK"}
00432{"flow_id":162,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2356,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":684434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0LpNAAEAGlUXAqAoyrBAAAQBQ11yGUuJVirWk6IARAOPBxgAAAQEICgPjzMYBOftQ"}
00432{"flow_id":162,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2357,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347249,"pkt_ts_usec":685220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UrVAAD4GcyOsEAABwKgKMtdcAFCKtaTohlLiVoAQAOXBxAAAAQEICgE5+1AD48zG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1499347252179,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1499347252179,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":179696,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86Q5AAD4G3MGsEAABwKgKMtesAFDOJxTOAAAAAKACchClFwAAAgQFtAQCCAoBOf3AAAAAAAEDAwc="}
00444{"flow_id":166,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2368,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":179824,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ16ypaMjNzicUz6AScSBgpgAAAgQFtAQCCAoD4882ATn9wAEDAwc="}
00434{"flow_id":166,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2369,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":180563,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06Q9AAD4G3MisEAABwKgKMtesAFDOJxTPqWjIzoAQAOX\/rQAAAQEICgE5\/cAD4882"}
00434{"flow_id":163,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2373,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":685189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GLVAAD4GrSOsEAABwKgKMtd2AFApn+B\/QgZdpIARAOWvuwAAAQEICgE5\/j4D48pE"}
00433{"flow_id":163,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2374,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":685442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0khBAAEAGMcjAqAoyrBAAAQBQ13ZCBl2kKZ\/ggIARAOOqTAAAAQEICgPjz7QBOf4+"}
00433{"flow_id":163,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2375,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347252,"pkt_ts_usec":685993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GLZAAD4GrSKsEAABwKgKMtd2AFApn+CAQgZdpYAQAOWqSgAAAQEICgE5\/j4D48+0"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1499347253445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":6,"flow_first_seen":1499347119336,"flow_last_seen":1499347124645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":6,"flow_first_seen":1499347120603,"flow_last_seen":1499347125645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":6,"flow_first_seen":1499347123174,"flow_last_seen":1499347128646,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":6,"flow_first_seen":1499347124454,"flow_last_seen":1499347129648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2376,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":6,"flow_first_seen":1499347125743,"flow_last_seen":1499347131649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1499347253445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2379,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347253,"pkt_ts_usec":445070,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uoZAAD4GC0qsEAABwKgKMte6AFBXtER6AAAAAKACchDqlAAAAgQFtAQCCAoBOf78AAAAAAEDAwc="}
00445{"flow_id":167,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2380,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347253,"pkt_ts_usec":445200,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ17p5Tes0V7REe6AScSCymwAAAgQFtAQCCAoD49ByATn+\/AEDAwc="}
00433{"flow_id":167,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347253,"pkt_ts_usec":445941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uodAAD4GC1GsEAABwKgKMte6AFBXtER7eU3rNYAQAOVRowAAAQEICgE5\/vwD49By"}
@@ -1428,76 +1428,76 @@
00432{"flow_id":165,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2391,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":686456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0os1AAD4GIwusEAABwKgKMteSAFAC31mERhCvKoARAOUDXAAAAQEICgE6ADMD48y+"}
00432{"flow_id":165,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2392,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":686787,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0foNAAEAGRVXAqAoyrBAAAQBQ15JGEK8qAt9ZhYARAOP+cQAAAQEICgPj0akBOgAz"}
00432{"flow_id":165,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2393,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":687501,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0os5AAD4GIwqsEAABwKgKMteSAFAC31mFRhCvK4AQAOX+bwAAAQEICgE6ADMD49Gp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1499347254714,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1499347254714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2394,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":714412,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sPBAAD4GFOCsEAABwKgKMtfIAFAvObDJAAAAAKACchCldQAAAgQFtAQCCAoBOgA5AAAAAAEDAwc="}
00444{"flow_id":168,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":714548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ18hpS4YpLzmwyqAScSDhSwAAAgQFtAQCCAoD49GwAToAOQEDAwc="}
00432{"flow_id":168,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347254,"pkt_ts_usec":715292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sPFAAD4GFOesEAABwKgKMtfIAFAvObDKaUuGKoAQAOWAUgAAAQEICgE6ADoD49Gw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1499347257224,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1499347257224,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":169,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":224854,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MIRAAD4GlUysEAABwKgKMtfiAFCgDzIpAAAAAKACchCwsQAAAgQFtAQCCAoBOgKtAAAAAAEDAwc="}
00444{"flow_id":169,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":224924,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1+LmPUR7oA8yKqAScSCu0AAAAgQFtAQCCAoD49QjAToCrQEDAwc="}
00432{"flow_id":169,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":225712,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MIVAAD4GlVOsEAABwKgKMtfiAFCgDzIq5j1EfIAQAOVN2AAAAQEICgE6Aq0D49Qj"}
00432{"flow_id":166,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2415,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":687441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06RBAAD4G3MesEAABwKgKMtesAFDOJxTPqWjIzoARAOX6SwAAAQEICgE6AyED4882"}
00433{"flow_id":166,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2416,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":687687,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HFlAAEAGp3\/AqAoyrBAAAQBQ16ypaMjOzicU0IARAOP06wAAAQEICgPj1JcBOgMh"}
00432{"flow_id":166,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2417,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347257,"pkt_ts_usec":688237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06RFAAD4G3MasEAABwKgKMtesAFDOJxTQqWjIz4AQAOX06QAAAQEICgE6AyED49SX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1499347258474,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1499347258474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":170,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2421,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":474053,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87xpAAD4G1rWsEAABwKgKMtfwAFBQ0ez\/AAAAAKACchBD0wAAAgQFtAQCCAoBOgPlAAAAAAEDAwc="}
00445{"flow_id":170,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2422,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":474182,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/Cr4O+wUNHtAKAScSDP4AAAAgQFtAQCCAoD49VcAToD5QEDAwc="}
00432{"flow_id":170,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":474957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07xtAAD4G1rysEAABwKgKMtfwAFBQ0e0Aq+DvsYAQAOVu5wAAAQEICgE6A+YD49Vc"}
00432{"flow_id":167,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2427,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":687775,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uohAAD4GC1CsEAABwKgKMte6AFBXtER7eU3rNYARAOVMgwAAAQEICgE6BBsD49By"}
00432{"flow_id":167,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2428,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":688174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PqRAAEAGhTTAqAoyrBAAAQBQ17p5Tes1V7REfIARAONHZQAAAQEICgPj1ZEBOgQb"}
00432{"flow_id":167,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2429,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347258,"pkt_ts_usec":688724,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uolAAD4GC0+sEAABwKgKMte6AFBXtER8eU3rNoAQAOVHYwAAAQEICgE6BBsD49WR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1499347259759,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1499347259759,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":171,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2433,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347259,"pkt_ts_usec":759681,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xl9AAD4GZ3GsEAABwKgKMtf+AFDARlt4AAAAAKACchBklQAAAgQFtAQCCAoBOgUnAAAAAAEDAwc="}
00445{"flow_id":171,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2434,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347259,"pkt_ts_usec":759827,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ1\/6Hgb3OwEZbeaAScSBFowAAAgQFtAQCCAoD49adAToFJwEDAwc="}
00432{"flow_id":171,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347259,"pkt_ts_usec":760584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XmBAAD4GZ3isEAABwKgKMtf+AFDARlt5h4G9z4AQAOXkqgAAAQEICgE6BScD49ad"}
00432{"flow_id":168,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347260,"pkt_ts_usec":688718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sPJAAD4GFOasEAABwKgKMtfIAFAvObDKaUuGKoARAOV6fAAAAQEICgE6Bg8D49Gw"}
00432{"flow_id":168,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347260,"pkt_ts_usec":688932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Ua9AAEAGcinAqAoyrBAAAQBQ18hpS4YqLzmwy4ARAON0qAAAAQEICgPj14UBOgYP"}
00432{"flow_id":168,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2441,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347260,"pkt_ts_usec":689680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sPNAAD4GFOWsEAABwKgKMtfIAFAvObDLaUuGK4AQAOV0pgAAAQEICgE6Bg8D49eF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1499347262289,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1499347262289,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":172,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":289310,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ic9AAD4GPAGsEAABwKgKMtgYAFBS2I5QAAAAAKACchCcmQAAAgQFtAQCCAoBOgefAAAAAAEDAwc="}
00445{"flow_id":172,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":289431,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2BhB\/tqnUtiOUaAScSCj2QAAAgQFtAQCCAoD49kVAToHnwEDAwc="}
00432{"flow_id":172,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2453,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":290176,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idBAAD4GPAisEAABwKgKMtgYAFBS2I5RQf7aqIAQAOVC4QAAAQEICgE6B58D49kV"}
00432{"flow_id":169,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2457,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":688638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MIZAAD4GlVKsEAABwKgKMtfiAFCgDzIq5j1EfIARAOVIgQAAAQEICgE6CAMD49Qj"}
00432{"flow_id":169,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2458,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":688825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nQVAAEAGJtPAqAoyrBAAAQBQ1+LmPUR8oA8yK4ARAONDLAAAAQEICgPj2XkBOggD"}
00432{"flow_id":169,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2459,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347262,"pkt_ts_usec":689407,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MIdAAD4GlVGsEAABwKgKMtfiAFCgDzIr5j1EfYAQAOVDKgAAAQEICgE6CAMD49l5"}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1499347263542,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":6,"flow_first_seen":1499347128311,"flow_last_seen":1499347133649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":6,"flow_first_seen":1499347129584,"flow_last_seen":1499347134649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1499347132137,"flow_last_seen":1499347137650,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":6,"flow_first_seen":1499347133434,"flow_last_seen":1499347138651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":6,"flow_first_seen":1499347134702,"flow_last_seen":1499347140651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2460,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":6,"flow_first_seen":1499347137239,"flow_last_seen":1499347142652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1499347263542,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":173,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":542761,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDNAAD4GcZ2sEAABwKgKMtgmAFA8SlzqAAAAAKACchDjRQAAAgQFtAQCCAoBOgjZAAAAAAEDAwc="}
00444{"flow_id":173,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":542881,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2CaW4NetPEpc66AScSCXYwAAAgQFtAQCCAoD49pPAToI2QEDAwc="}
00432{"flow_id":173,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2465,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":543453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDRAAD4GcaSsEAABwKgKMtgmAFA8SlzrluDXroAQAOU2awAAAQEICgE6CNkD49pP"}
00432{"flow_id":170,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2469,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":688955,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07xxAAD4G1rusEAABwKgKMtfwAFBQ0e0Aq+DvsYARAOVpzwAAAQEICgE6CP0D49Vc"}
00433{"flow_id":170,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2470,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":689147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NcJAAEAGjhbAqAoyrBAAAQBQ1\/Cr4O+xUNHtAYARAONkuQAAAQEICgPj2nMBOgj9"}
00432{"flow_id":170,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2471,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347263,"pkt_ts_usec":689920,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07x1AAD4G1rqsEAABwKgKMtfwAFBQ0e0Bq+DvsoAQAOVktwAAAQEICgE6CP0D49pz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1499347264804,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1499347264804,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":174,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2476,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347264,"pkt_ts_usec":804951,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NPtAAD4GkNWsEAABwKgKMtg0AFDy7j7vAAAAAKACchBJUwAAAgQFtAQCCAoBOgoUAAAAAAEDAwc="}
00444{"flow_id":174,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2477,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347264,"pkt_ts_usec":805065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2DSLlcK98u4+8KAScSAccQAAAgQFtAQCCAoD49uKAToKFAEDAwc="}
00432{"flow_id":174,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2478,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347264,"pkt_ts_usec":805811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NPxAAD4GkNysEAABwKgKMtg0AFDy7j7wi5XCvoAQAOW7eAAAAQEICgE6ChQD49uK"}
00432{"flow_id":171,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347265,"pkt_ts_usec":690417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XmFAAD4GZ3esEAABwKgKMtf+AFDARlt5h4G9z4ARAOXe3wAAAQEICgE6CvED49ad"}
00433{"flow_id":171,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347265,"pkt_ts_usec":690626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YadAAEAGYjHAqAoyrBAAAQBQ1\/6Hgb3PwEZbeoARAOPZFQAAAQEICgPj3GgBOgrx"}
00432{"flow_id":171,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347265,"pkt_ts_usec":691364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XmJAAD4GZ3asEAABwKgKMtf+AFDARlt6h4G90IAQAOXZEgAAAQEICgE6CvID49xo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1499347266097,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1499347266097,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":175,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347266,"pkt_ts_usec":97966,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FmFAAD4Gr2+sEAABwKgKMthCAFDvjR02AAAAAKACchBtHAAAAgQFtAQCCAoBOgtXAAAAAAEDAwc="}
00443{"flow_id":175,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2488,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347266,"pkt_ts_usec":98068,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ELPgbsz740dN6AScSAClAAAAgQFtAQCCAoD49zOAToLVwEDAwc="}
00431{"flow_id":175,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347266,"pkt_ts_usec":98869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FmJAAD4Gr3asEAABwKgKMthCAFDvjR03z4G7NIAQAOWhmgAAAQEICgE6C1gD49zO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1499347267376,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1499347267376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":176,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2496,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":376627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/BAAD4GSeCsEAABwKgKMthQAFA8R3dnAAAAAKACchDE4wAAAgQFtAQCCAoBOgyXAAAAAAEDAwc="}
00444{"flow_id":176,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":376724,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2FDz+hz2PEd3aKAScSDS4AAAAgQFtAQCCAoD494NAToMlwEDAwc="}
00434{"flow_id":176,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2498,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":377465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/FAAD4GSeesEAABwKgKMthQAFA8R3do8\/oc94AQAOVx6AAAAQEICgE6DJcD494N"}
00432{"flow_id":172,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2502,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":690847,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idFAAD4GPAesEAABwKgKMtgYAFBS2I5RQf7aqIARAOU9mQAAAQEICgE6DOYD49kV"}
00433{"flow_id":172,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2503,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":691060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BPRAAEAGvuTAqAoyrBAAAQBQ2BhB\/tqoUtiOUoARAOM4UwAAAQEICgPj3lwBOgzm"}
00432{"flow_id":172,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2504,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347267,"pkt_ts_usec":691805,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0idJAAD4GPAasEAABwKgKMtgYAFBS2I5SQf7aqYAQAOU4UQAAAQEICgE6DOYD495c"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1499347268659,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1499347268659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":177,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347268,"pkt_ts_usec":659064,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83S9AAD4G6KCsEAABwKgKMtheAFDSkdD3AAAAAKACchDTuQAAAgQFtAQCCAoBOg3YAAAAAAEDAwc="}
00444{"flow_id":177,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347268,"pkt_ts_usec":659189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2F43lkso0pHQ+KAScSBuqAAAAgQFtAQCCAoD499OAToN2AEDAwc="}
00432{"flow_id":177,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347268,"pkt_ts_usec":659939,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TBAAD4G6KesEAABwKgKMtheAFDSkdD4N5ZLKYAQAOUNsAAAAQEICgE6DdgD499O"}
@@ -1507,47 +1507,47 @@
00432{"flow_id":174,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2523,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347270,"pkt_ts_usec":692096,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NP1AAD4GkNusEAABwKgKMtg0AFDy7j7wi5XCvoARAOW1twAAAQEICgE6D9QD49uK"}
00434{"flow_id":174,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2524,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347270,"pkt_ts_usec":692290,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0I\/RAAEAGn+TAqAoyrBAAAQBQ2DSLlcK+8u4+8YARAOOv+AAAAQEICgPj4UoBOg\/U"}
00432{"flow_id":174,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347270,"pkt_ts_usec":693067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NP5AAD4GkNqsEAABwKgKMtg0AFDy7j7xi5XCv4AQAOWv9gAAAQEICgE6D9QD4+FK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1499347271162,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1499347271162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":178,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2529,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":162915,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86ilAAD4G26asEAABwKgKMth4AFDbDvpjAAAAAKACchCfRAAAAgQFtAQCCAoBOhBKAAAAAAEDAwc="}
00444{"flow_id":178,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2530,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":163075,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2HgbmHvT2w76ZKAScSAjFAAAAgQFtAQCCAoD4+HAAToQSgEDAwc="}
00432{"flow_id":178,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":163675,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ipAAD4G262sEAABwKgKMth4AFDbDvpkG5h71IAQAOXCGwAAAQEICgE6EEoD4+HA"}
00432{"flow_id":175,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":691925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FmNAAD4Gr3WsEAABwKgKMthCAFDvjR03z4G7NIARAOWcIwAAAQEICgE6EM4D49zO"}
00432{"flow_id":175,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2536,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":692113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WXBAAEAGamjAqAoyrBAAAQBQ2ELPgbs0740dOIARAOOWrgAAAQEICgPj4kQBOhDO"}
00432{"flow_id":175,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2537,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347271,"pkt_ts_usec":692717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FmRAAD4Gr3SsEAABwKgKMthCAFDvjR04z4G7NYAQAOWWrAAAAQEICgE6EM4D4+JE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1499347272469,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1499347272469,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":179,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2541,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":469831,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wnhAAD4GA1isEAABwKgKMtiGAFBxpNPoAAAAAKACchAt1gAAAgQFtAQCCAoBOhGQAAAAAAEDAwc="}
00444{"flow_id":179,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2542,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":469965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2IbhJKqDcaTT6aAScSC8IQAAAgQFtAQCCAoD4+MHAToRkAEDAwc="}
00432{"flow_id":179,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":470508,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wnlAAD4GA1+sEAABwKgKMtiGAFBxpNPp4SSqhIAQAOVbKAAAAQEICgE6EZED4+MH"}
00434{"flow_id":176,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2547,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":692900,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/JAAD4GSeasEAABwKgKMthQAFA8R3do8\/oc94ARAOVstgAAAQEICgE6EcgD494N"}
00433{"flow_id":176,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2548,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":693155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/8lAAEAGxA7AqAoyrBAAAQBQ2FDz+hz3PEd3aYARAONnhgAAAQEICgPj4z4BOhHI"}
00434{"flow_id":176,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347272,"pkt_ts_usec":693887,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/NAAD4GSeWsEAABwKgKMthQAFA8R3dp8\/oc+IAQAOVnhAAAAQEICgE6EcgD4+M+"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":6,"flow_first_seen":1499347138552,"flow_last_seen":1499347143653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1499347141111,"flow_last_seen":1499347146653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54040,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1499347142412,"flow_last_seen":1499347147653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54054,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":6,"flow_first_seen":1499347143676,"flow_last_seen":1499347149654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1499347146267,"flow_last_seen":1499347151654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54094,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2550,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1499347147523,"flow_last_seen":1499347152654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54108,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":177,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":692777,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TFAAD4G6KasEAABwKgKMtheAFDSkdD4N5ZLKYARAOUIxQAAAQEICgE6EsID499O"}
00432{"flow_id":177,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2554,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":693001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rxFAAEAGFMfAqAoyrBAAAQBQ2F43lksp0pHQ+YARAOMD3AAAAQEICgPj5DgBOhLC"}
00432{"flow_id":177,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":693548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03TJAAD4G6KWsEAABwKgKMtheAFDSkdD5N5ZLKoAQAOUD2gAAAQEICgE6EsID4+Q4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1499347273742,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1499347273742,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":180,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":742540,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8s+tAAD4GEeWsEAABwKgKMtiUAFBek6EkAAAAAKACchByXgAAAgQFtAQCCAoBOhLPAAAAAAEDAwc="}
00444{"flow_id":180,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":742666,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2JQ5PiSKXpOhJaAScSAtTAAAAgQFtAQCCAoD4+RFAToSzwEDAwc="}
00432{"flow_id":180,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347273,"pkt_ts_usec":743227,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0s+xAAD4GEeysEAABwKgKMtiUAFBek6ElOT4ki4AQAOXMUwAAAQEICgE6Es8D4+RF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1499347276278,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1499347276278,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2571,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":278643,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RHhAAD4GgVisEAABwKgKMtiuAFAiVFExAAAAAKACchD7\/AAAAgQFtAQCCAoBOhVJAAAAAAEDAwc="}
00445{"flow_id":181,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2572,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":278743,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2K6190rBIlRRMqAScSARgAAAAgQFtAQCCAoD4+a\/AToVSQEDAwc="}
00433{"flow_id":181,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2573,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":279520,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RHlAAD4GgV+sEAABwKgKMtiuAFAiVFEytfdKwoAQAOWwhwAAAQEICgE6FUkD4+a\/"}
00432{"flow_id":178,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":693619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06itAAD4G26ysEAABwKgKMth4AFDbDvpkG5h71IARAOW8tAAAAQEICgE6FbAD4+HA"}
00432{"flow_id":178,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":693837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nPJAAEAGJubAqAoyrBAAAQBQ2HgbmHvU2w76ZYARAOO3TwAAAQEICgPj5yYBOhWw"}
00432{"flow_id":178,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2579,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347276,"pkt_ts_usec":694573,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ixAAD4G26usEAABwKgKMth4AFDbDvplG5h71YAQAOW3TAAAAQEICgE6FbED4+cm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1499347277521,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1499347277521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347277,"pkt_ts_usec":521080,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMti8AFAjjgSGAAAAAKACchBGKgAAAgQFtAQCCAoBOhZ\/AAAAAAEDAwc="}
00444{"flow_id":182,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347277,"pkt_ts_usec":521238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2LxShGbpI44Eh6AScSChwgAAAgQFtAQCCAoD4+f1AToWfwEDAwc="}
00432{"flow_id":182,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347277,"pkt_ts_usec":521964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMti8AFAjjgSHUoRm6oAQAOVAygAAAQEICgE6Fn8D4+f1"}
@@ -1557,63 +1557,63 @@
00432{"flow_id":180,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2598,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347279,"pkt_ts_usec":694934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0s+1AAD4GEeusEAABwKgKMtiUAFBek6ElOT4ki4ARAOXGggAAAQEICgE6GJ8D4+RF"}
00432{"flow_id":180,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347279,"pkt_ts_usec":695152,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zp5AAEAG9TnAqAoyrBAAAQBQ2JQ5PiSLXpOhJoARAOPAswAAAQEICgPj6hUBOhif"}
00432{"flow_id":180,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2600,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347279,"pkt_ts_usec":695892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0s+5AAD4GEeqsEAABwKgKMtiUAFBek6EmOT4kjIAQAOXAsQAAAQEICgE6GJ8D4+oV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1499347280049,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1499347280049,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2604,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347280,"pkt_ts_usec":49679,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qXBAAD4GHGCsEAABwKgKMtjWAFBVFLGHAAAAAKACchBlEAAAAgQFtAQCCAoBOhj3AAAAAAEDAwc="}
00443{"flow_id":183,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347280,"pkt_ts_usec":49804,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2NbA11G6VRSxiKAScSBlDAAAAgQFtAQCCAoD4+ptAToY9wEDAwc="}
00431{"flow_id":183,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2606,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347280,"pkt_ts_usec":50564,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qXFAAD4GHGesEAABwKgKMtjWAFBVFLGIwNdRu4AQAOUEEwAAAQEICgE6GPgD4+pt"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1499347281325,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1499347281325,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":325238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8klhAAD4GM3isEAABwKgKMtjkAFB+h4huAAAAAKACchBjaQAAAgQFtAQCCAoBOho2AAAAAAEDAwc="}
00444{"flow_id":184,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":325376,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ORl6oVWfoeIb6AScSCJdwAAAgQFtAQCCAoD4+usAToaNgEDAwc="}
00432{"flow_id":184,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":326141,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kllAAD4GM3+sEAABwKgKMtjkAFB+h4hvZeqFV4AQAOUofwAAAQEICgE6GjYD4+us"}
00433{"flow_id":181,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":695009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RHpAAD4GgV6sEAABwKgKMtiuAFAiVFEytfdKwoARAOWrPAAAAQEICgE6GpMD4+a\/"}
00432{"flow_id":181,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":695198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pstAAEAGHQ3AqAoyrBAAAQBQ2K6190rCIlRRM4ARAOOl8wAAAQEICgPj7AkBOhqT"}
00432{"flow_id":181,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2621,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347281,"pkt_ts_usec":695939,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RHtAAD4GgV2sEAABwKgKMtiuAFAiVFEztfdKw4AQAOWl8QAAAQEICgE6GpMD4+wJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1499347282573,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1499347282573,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":573995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mj1AAD4GK5OsEAABwKgKMtjyAFDR4YFTAAAAAKACchAV5AAAAgQFtAQCCAoBOhtuAAAAAAEDAwc="}
00445{"flow_id":185,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":574166,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2PL\/kZOB0eGBVKAScSCS5gAAAgQFtAQCCAoD4+zlATobbgEDAwc="}
00433{"flow_id":185,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":574915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj5AAD4GK5qsEAABwKgKMtjyAFDR4YFU\/5GTgoAQAOUx7QAAAQEICgE6G28D4+zl"}
00432{"flow_id":182,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2631,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":695400,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvtAAD4Gst2sEAABwKgKMti8AFAjjgSHUoRm6oARAOU7uwAAAQEICgE6G40D4+f1"}
00433{"flow_id":182,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":695643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0i+lAAEAGN+\/AqAoyrBAAAQBQ2LxShGbqI44EiIARAOM2rgAAAQEICgPj7QMBOhuN"}
00432{"flow_id":182,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347282,"pkt_ts_usec":696361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvxAAD4GstysEAABwKgKMti8AFAjjgSIUoRm64AQAOU2rAAAAQEICgE6G40D4+0D"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1499347285114,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":6,"flow_first_seen":1499347150236,"flow_last_seen":1499347155656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1499347151520,"flow_last_seen":1499347156656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":6,"flow_first_seen":1499347152786,"flow_last_seen":1499347158656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":6,"flow_first_seen":1499347155346,"flow_last_seen":1499347160658,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54188,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2634,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":6,"flow_first_seen":1499347156630,"flow_last_seen":1499347161658,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1499347285114,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":114428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AAxAAD4GxcSsEAABwKgKMtkMAFDF1B3mAAAAAKACchCCyAAAAgQFtAQCCAoBOh3qAAAAAAEDAwc="}
00444{"flow_id":186,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":114542,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Qzzh7fuxdQd56AScSDk7AAAAgQFtAQCCAoD4+9gATod6gEDAwc="}
00432{"flow_id":186,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":115281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AA1AAD4GxcusEAABwKgKMtkMAFDF1B3n84e374AQAOWD9AAAAQEICgE6HeoD4+9g"}
00432{"flow_id":183,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":696414,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qXJAAD4GHGasEAABwKgKMtjWAFBVFLGIwNdRu4ARAOX+jgAAAQEICgE6HnsD4+pt"}
00433{"flow_id":183,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2650,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":696634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vkpAAEAGBY7AqAoyrBAAAQBQ2NbA11G7VRSxiYARAOP5CwAAAQEICgPj7\/EBOh57"}
00433{"flow_id":183,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347285,"pkt_ts_usec":697369,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qXNAAD4GHGWsEAABwKgKMtjWAFBVFLGJwNdRvIAQAOX5CQAAAQEICgE6HnsD4+\/x"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1499347286403,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1499347286403,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2655,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":403653,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8meVAAD4GK+usEAABwKgKMtkaAFAW6IbJAAAAAKACchDHgQAAAgQFtAQCCAoBOh8sAAAAAAEDAwc="}
00445{"flow_id":187,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2656,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":403752,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Rp9ePmhFuiGyqAScSBcwAAAAgQFtAQCCAoD4\/CiATofLAEDAwc="}
00434{"flow_id":187,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2657,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":404487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0meZAAD4GK\/KsEAABwKgKMtkaAFAW6IbKfXj5ooAQAOX7xwAAAQEICgE6HywD4\/Ci"}
00432{"flow_id":184,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":696310,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0klpAAD4GM36sEAABwKgKMtjkAFB+h4hvZeqFV4ARAOUjPwAAAQEICgE6H3UD4+us"}
00432{"flow_id":184,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2662,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":696523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dbxAAEAGThzAqAoyrBAAAQBQ2ORl6oVXfoeIcIARAOMeAQAAAQEICgPj8OsBOh91"}
00434{"flow_id":184,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2663,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347286,"pkt_ts_usec":697272,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kltAAD4GM32sEAABwKgKMtjkAFB+h4hwZeqFWIAQAOUd\/wAAAQEICgE6H3UD4\/Dr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1499347287659,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1499347287659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":659781,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA814FAAD4G7k6sEAABwKgKMtkoAFDVWPfnAAAAAKACchCWqgAAAgQFtAQCCAoBOiBmAAAAAAEDAwc="}
00445{"flow_id":188,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":659934,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2Sh6EWHG1Vj36KAScSDF8QAAAgQFtAQCCAoD4\/HcATogZgEDAwc="}
00433{"flow_id":188,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2669,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":660640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA014JAAD4G7lWsEAABwKgKMtkoAFDVWPfoehFhx4AQAOVk+QAAAQEICgE6IGYD4\/Hc"}
00433{"flow_id":185,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":696228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mj9AAD4GK5msEAABwKgKMtjyAFDR4YFU\/5GTgoARAOUs7AAAAQEICgE6IG8D4+zl"}
00433{"flow_id":185,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":696611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YmdAAEAGYXHAqAoyrBAAAQBQ2PL\/kZOC0eGBVYARAOMn7QAAAQEICgPj8eUBOiBv"}
00434{"flow_id":185,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347287,"pkt_ts_usec":697349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mkBAAD4GK5isEAABwKgKMtjyAFDR4YFV\/5GTg4AQAOUn6wAAAQEICgE6IG8D4\/Hl"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1499347290163,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1499347290163,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":163981,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D11AAD4GtnOsEAABwKgKMtlCAFDDfi2FAAAAAKACchBwWwAAAgQFtAQCCAoBOiLYAAAAAAEDAwc="}
00445{"flow_id":189,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":164077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ULBAUn+w34thqAScSBuCAAAAgQFtAQCCAoD4\/ROAToi2AEDAwc="}
00434{"flow_id":189,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":164862,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D15AAD4GtnqsEAABwKgKMtlCAFDDfi2GwQFJ\/4AQAOUNEAAAAQEICgE6ItgD4\/RO"}
00432{"flow_id":186,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2691,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":697544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AA5AAD4GxcqsEAABwKgKMtkMAFDF1B3n84e374ARAOV+gAAAAQEICgE6I10D4+9g"}
00432{"flow_id":186,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2692,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":697806,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0QzxAAEAGgJzAqAoyrBAAAQBQ2Qzzh7fvxdQd6IARAON5DgAAAQEICgPj9NMBOiNd"}
00433{"flow_id":186,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2693,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347290,"pkt_ts_usec":698321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AA9AAD4GxcmsEAABwKgKMtkMAFDF1B3o84e38IAQAOV5CwAAAQEICgE6I14D4\/TT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1499347291442,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1499347291442,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347291,"pkt_ts_usec":442976,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88hpAAD4G07WsEAABwKgKMtlQAFCuf9YCAAAAAKACchDbjgAAAgQFtAQCCAoBOiQYAAAAAAEDAwc="}
00446{"flow_id":190,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347291,"pkt_ts_usec":443100,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2VCY8a8grn\/WA6AScSCa6QAAAgQFtAQCCAoD4\/WOATokGAEDAwc="}
00433{"flow_id":190,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2699,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347291,"pkt_ts_usec":443851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08htAAD4G07ysEAABwKgKMtlQAFCuf9YDmPGvIYAQAOU58QAAAQEICgE6JBgD4\/WO"}
@@ -1623,27 +1623,27 @@
00433{"flow_id":188,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":697860,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA014NAAD4G7lSsEAABwKgKMtkoAFDVWPfoehFhx4ARAOVgDQAAAQEICgE6JVED4\/Hc"}
00432{"flow_id":188,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":698142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lw9AAEAGLMnAqAoyrBAAAQBQ2Sh6EWHH1Vj36YARAONbIgAAAQEICgPj9sgBOiVR"}
00433{"flow_id":188,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":698683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA014RAAD4G7lOsEAABwKgKMtkoAFDVWPfpehFhyIAQAOVbHwAAAQEICgE6JVID4\/bI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1499347292725,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1499347292725,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":725420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Az5AAD4GwpKsEAABwKgKMtleAFDMWSZmAAAAAKACchBsAwAAAgQFtAQCCAoBOiVYAAAAAAEDAwc="}
00445{"flow_id":191,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":725523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2V6LTEh8zFkmZ6AScSCeZwAAAgQFtAQCCAoD4\/bOATolWAEDAwc="}
00433{"flow_id":191,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347292,"pkt_ts_usec":726317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Az9AAD4GwpmsEAABwKgKMtleAFDMWSZni0xIfYAQAOU9bgAAAQEICgE6JVkD4\/bO"}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_tot_l4_data_len":242375,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":776,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1499347295224,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":312,"flow_first_seen":1499347097460,"flow_last_seen":1499347166757,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":744,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":53584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":6,"flow_first_seen":1499347159323,"flow_last_seen":1499347164659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54228,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":6,"flow_first_seen":1499347160581,"flow_last_seen":1499347165659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54242,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":6,"flow_first_seen":1499347164459,"flow_last_seen":1499347169660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54282,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":6,"flow_first_seen":1499347165741,"flow_last_seen":1499347171660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2718,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":6,"flow_first_seen":1499347168302,"flow_last_seen":1499347173661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54322,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1499347295224,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":224157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CihAAD4Gu6isEAABwKgKMtl4AFDbgS3hAAAAAKACchBS1QAAAgQFtAQCCAoBOifJAAAAAAEDAwc="}
00446{"flow_id":192,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":224250,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2XjDo5gx24Et4qAScSD6uwAAAgQFtAQCCAoD4\/k\/ATonyQEDAwc="}
00434{"flow_id":192,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":224881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CilAAD4Gu6+sEAABwKgKMtl4AFDbgS3iw6OYMoAQAOWZwwAAAQEICgE6J8kD4\/k\/"}
01216{"flow_id":190,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":227921,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ98hxAAD4G0XKsEAABwKgKMtlQAFCuf9YDmPGvIYAYAOXWIAAAAQEICgE6J8oD4\/WOR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdKVUwyRDNXWEhFR1dSQUZKRTJQSTdPUzcxWjRaOFJGVUhYR05GTFVGWVZQNk0zT0w1NSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":4,"flow_first_seen":1499347291442,"flow_last_seen":1499347295227,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00434{"flow_id":189,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":227954,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D19AAD4GtnmsEAABwKgKMtlCAFDDfi2GwQFJ\/4ARAOUIHQAAAQEICgE6J8oD4\/RO"}
00433{"flow_id":190,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2735,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":228025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VmFAAEAGbXfAqAoyrBAAAQBQ2VCY8a8hrn\/YTIAQAOwwPQAAAQEICgPj+UABOifK"}
00433{"flow_id":189,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347295,"pkt_ts_usec":228111,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sL9AAEAGExnAqAoyrBAAAQBQ2ULBAUn\/w34th4ARAOMDLAAAAQEICgPj+UABOifK"}
@@ -1653,7 +1653,7 @@
00948{"flow_id":190,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2740,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":235695,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz8h5AAD4G0jqsEAABwKgKMtlQAFCuf9hMmPG2boAYAQLW5AAAAQEICgE6KMYD4\/lBR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":190,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":238692,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceVmRAAEAGZorAqAoyrBAAAQBQ2VCY8bZurn\/Zy4AYAPV9\/AAAAQEICgPj+j0BOijGSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIxOjM2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00434{"flow_id":190,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":239389,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08h9AAD4G07isEAABwKgKMtlQAFCuf9nLmPG9WIAQAR0eXAAAAQEICgE6KMcD4\/o9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1499347296462,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1499347296462,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":193,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":462136,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TjBAAD4Gd6CsEAABwKgKMtmGAFCTXWbOAAAAAKACchBgyQAAAgQFtAQCCAoBOij+AAAAAAEDAwc="}
00446{"flow_id":193,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2744,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":462257,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2YaJqN5wk11mz6AScSD7NQAAAgQFtAQCCAoD4\/p1AToo\/gEDAwc="}
00433{"flow_id":193,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":463031,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TjFAAD4Gd6esEAABwKgKMtmGAFCTXWbPiajecYAQAOWaPAAAAQEICgE6KP8D4\/p1"}
@@ -1662,21 +1662,21 @@
00434{"flow_id":190,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2748,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347296,"pkt_ts_usec":466768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08iFAAD4G07asEAABwKgKMtlQAFCuf9wUmPHEpIAQATsUNwAAAQEICgE6KQAD4\/p2"}
00949{"flow_id":190,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2749,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347297,"pkt_ts_usec":474563,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz8iJAAD4G0jasEAABwKgKMtlQAFCuf9wUmPHEpIAYATvCQgAAAQEICgE6KfwD4\/p2R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02822{"flow_id":190,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2750,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347297,"pkt_ts_usec":477653,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceVmhAAEAGZobAqAoyrBAAAQBQ2VCY8cSkrn\/dk4AYAQd9\/AAAAQEICgPj+3IBOin8SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIxOjM3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1499347297732,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1499347297732,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":194,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2752,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347297,"pkt_ts_usec":732879,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LW1AAD4GmGOsEAABwKgKMtmUAFB7SgdRAAAAAKACchDXDQAAAgQFtAQCCAoBOio8AAAAAAEDAwc="}
00446{"flow_id":194,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2753,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347297,"pkt_ts_usec":733038,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ZST\/kF5e0oHUqAScSAC3wAAAgQFtAQCCAoD4\/uyAToqPAEDAwc="}
00434{"flow_id":194,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2754,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347297,"pkt_ts_usec":733752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LW5AAD4GmGqsEAABwKgKMtmUAFB7SgdSk\/5BeoAQAOWh5gAAAQEICgE6KjwD4\/uy"}
00433{"flow_id":191,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2758,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347298,"pkt_ts_usec":699456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A0BAAD4GwpisEAABwKgKMtleAFDMWSZni0xIfYARAOU3mAAAAQEICgE6Ky4D4\/bO"}
00434{"flow_id":191,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2759,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347298,"pkt_ts_usec":699645,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tNlAAEAGDv\/AqAoyrBAAAQBQ2V6LTEh9zFkmaIARAOMxwwAAAQEICgPj\/KQBOisu"}
00433{"flow_id":191,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2760,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347298,"pkt_ts_usec":700360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A0FAAD4GwpesEAABwKgKMtleAFDMWSZoi0xIfoAQAOUxwQAAAQEICgE6Ky4D4\/yk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1499347300263,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1499347300263,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":195,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":263398,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bohAAD4GV0isEAABwKgKMtmuAFBvk0I9AAAAAKACchClRQAAAgQFtAQCCAoBOiy1AAAAAAEDAwc="}
00445{"flow_id":195,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2771,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":263526,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2a7Gy0E5b5NCPqAScSCcEAAAAgQFtAQCCAoD4\/4rATostQEDAwc="}
00433{"flow_id":195,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2772,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":264292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bolAAD4GV0+sEAABwKgKMtmuAFBvk0I+xstBOoAQAOU7GAAAAQEICgE6LLUD4\/4r"}
00434{"flow_id":192,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2776,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":700047,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CipAAD4Gu66sEAABwKgKMtl4AFDbgS3iw6OYMoARAOWUaQAAAQEICgE6LSID4\/k\/"}
00433{"flow_id":192,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":700234,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZqpAAEAGXS7AqAoyrBAAAQBQ2XjDo5gy24Et44ARAOOPEQAAAQEICgPj\/pgBOi0i"}
00433{"flow_id":192,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347300,"pkt_ts_usec":701001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CitAAD4Gu62sEAABwKgKMtl4AFDbgS3jw6OYM4AQAOWPDwAAAQEICgE6LSID4\/6Y"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1499347301520,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1499347301520,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":196,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2782,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347301,"pkt_ts_usec":520809,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80Q9AAD4G9MCsEAABwKgKMtm8AFCdpvzgAAAAAKACchC7RgAAAgQFtAQCCAoBOi3vAAAAAAEDAwc="}
00445{"flow_id":196,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2783,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347301,"pkt_ts_usec":520933,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2bw9W3Mnnab84aAScSAIWgAAAgQFtAQCCAoD4\/9lATot7wEDAwc="}
00433{"flow_id":196,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347301,"pkt_ts_usec":521683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RBAAD4G9MesEAABwKgKMtm8AFCdpvzhPVtzKIAQAOWnYQAAAQEICgE6Le8D4\/9l"}
@@ -1686,44 +1686,44 @@
00434{"flow_id":194,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347303,"pkt_ts_usec":700945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LW9AAD4GmGmsEAABwKgKMtmUAFB7SgdSk\/5BeoARAOWcEQAAAQEICgE6MBAD4\/uy"}
00433{"flow_id":194,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347303,"pkt_ts_usec":701163,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0QPxAAEAGgtzAqAoyrBAAAQBQ2ZST\/kF6e0oHU4ARAOOWPgAAAQEICgPkAYYBOjAQ"}
00433{"flow_id":194,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347303,"pkt_ts_usec":701906,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LXBAAD4GmGisEAABwKgKMtmUAFB7SgdTk\/5Be4AQAOWWPAAAAQEICgE6MBAD5AGG"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1499347304125,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":6,"flow_first_seen":1499347169573,"flow_last_seen":1499347174661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54336,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":6,"flow_first_seen":1499347172098,"flow_last_seen":1499347177661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":6,"flow_first_seen":1499347173373,"flow_last_seen":1499347178662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":6,"flow_first_seen":1499347174667,"flow_last_seen":1499347180662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":6,"flow_first_seen":1499347177248,"flow_last_seen":1499347182663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2800,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":6,"flow_first_seen":1499347178540,"flow_last_seen":1499347183663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1499347304125,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":197,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347304,"pkt_ts_usec":125801,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hKxAAD4GQSSsEAABwKgKMtnWAFBzErTWAAAAAKACchArQAAAAgQFtAQCCAoBOjB6AAAAAAEDAwc="}
00444{"flow_id":197,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347304,"pkt_ts_usec":125920,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2dawo5LBcxK016AScSDi5QAAAgQFtAQCCAoD5AHwATowegEDAwc="}
00432{"flow_id":197,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347304,"pkt_ts_usec":126703,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK1AAD4GQSusEAABwKgKMtnWAFBzErTXsKOSwoAQAOWB7AAAAQEICgE6MHsD5AHw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1499347305402,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1499347305402,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":198,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":402466,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z+xAAD4GXeSsEAABwKgKMtnkAFD8k1ZWAAAAAKACchD+8AAAAgQFtAQCCAoBOjG6AAAAAAEDAwc="}
00445{"flow_id":198,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":402570,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2eSBOT6p\/JNWV6AScSA42QAAAgQFtAQCCAoD5AMwAToxugEDAwc="}
00432{"flow_id":198,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2814,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":403352,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z+1AAD4GXeusEAABwKgKMtnkAFD8k1ZXgTk+qoAQAOXX4AAAAQEICgE6MboD5AMw"}
00433{"flow_id":195,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":700975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bopAAD4GV06sEAABwKgKMtmuAFBvk0I+xstBOoARAOU1yAAAAQEICgE6MgQD4\/4r"}
00432{"flow_id":195,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":701193,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0QkBAAEAGgZjAqAoyrBAAAQBQ2a7Gy0E6b5NCP4ARAOMwegAAAQEICgPkA3oBOjIE"}
00433{"flow_id":195,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347305,"pkt_ts_usec":701754,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0botAAD4GV02sEAABwKgKMtmuAFBvk0I\/xstBO4AQAOUweAAAAQEICgE6MgQD5AN6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1499347306680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1499347306680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":199,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2824,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":680027,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t61AAD4GDiOsEAABwKgKMtnyAFBPt4VUAAAAAKACchB7ggAAAgQFtAQCCAoBOjL5AAAAAAEDAwc="}
00444{"flow_id":199,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2825,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":680128,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2fJOMjqdT7eFVaAScSDrPgAAAgQFtAQCCAoD5ARvAToy+QEDAwc="}
00432{"flow_id":199,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":680915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t65AAD4GDiqsEAABwKgKMtnyAFBPt4VVTjI6noAQAOWKRgAAAQEICgE6MvkD5ARv"}
00433{"flow_id":196,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2830,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":701663,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RFAAD4G9MasEAABwKgKMtm8AFCdpvzhPVtzKIARAOWiUQAAAQEICgE6Mv4D4\/9l"}
00432{"flow_id":196,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2831,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":701780,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0d1xAAEAGTHzAqAoyrBAAAQBQ2bw9W3Monab84oARAOOdQwAAAQEICgPkBHQBOjL+"}
00432{"flow_id":196,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347306,"pkt_ts_usec":702317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00RJAAD4G9MWsEAABwKgKMtm8AFCdpvziPVtzKYAQAOWdQAAAAQEICgE6Mv8D5AR0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1499347309314,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1499347309314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":200,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2842,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":314104,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V4pAAD4GbkasEAABwKgKMtoMAFADiWIGAAAAAKACchDoUQAAAgQFtAQCCAoBOjWMAAAAAAEDAwc="}
00444{"flow_id":200,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2843,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":314238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2gztcSluA4liB6AScSDHagAAAgQFtAQCCAoD5AcCATo1jAEDAwc="}
00432{"flow_id":200,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":314804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V4tAAD4Gbk2sEAABwKgKMtoMAFADiWIH7XEpb4AQAOVmcgAAAQEICgE6NYwD5AcC"}
00432{"flow_id":197,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":702193,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK5AAD4GQSqsEAABwKgKMtnWAFBzErTXsKOSwoARAOV8eQAAAQEICgE6Ne0D5AHw"}
00432{"flow_id":197,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":702387,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0laFAAEAGLjfAqAoyrBAAAQBQ2dawo5LCcxK02IARAON3BwAAAQEICgPkB2MBOjXt"}
00432{"flow_id":197,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2850,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347309,"pkt_ts_usec":703173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK9AAD4GQSmsEAABwKgKMtnWAFBzErTYsKOSw4AQAOV3BQAAAQEICgE6Ne0D5Adj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1499347310567,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1499347310567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":201,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2854,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347310,"pkt_ts_usec":567182,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8riNAAD4GF62sEAABwKgKMtoaAFDhF5jmAAAAAKACchDSmwAAAgQFtAQCCAoBOjbFAAAAAAEDAwc="}
00444{"flow_id":201,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2855,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347310,"pkt_ts_usec":567305,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2hoggEnh4ReY56AScSBc+gAAAgQFtAQCCAoD5Ag7ATo2xQEDAwc="}
00432{"flow_id":201,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347310,"pkt_ts_usec":567864,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0riRAAD4GF7SsEAABwKgKMtoaAFDhF5jnIIBJ4oAQAOX8AQAAAQEICgE6NsUD5Ag7"}
@@ -1733,42 +1733,42 @@
00432{"flow_id":199,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2866,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347311,"pkt_ts_usec":702189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t69AAD4GDimsEAABwKgKMtnyAFBPt4VVTjI6noARAOWFXQAAAQEICgE6N+ED5ARv"}
00433{"flow_id":199,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2867,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347311,"pkt_ts_usec":702363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0M8lAAEAGkA\/AqAoyrBAAAQBQ2fJOMjqeT7eFVoARAOOAdgAAAQEICgPkCVcBOjfh"}
00432{"flow_id":199,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2868,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347311,"pkt_ts_usec":703138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t7BAAD4GDiisEAABwKgKMtnyAFBPt4VWTjI6n4AQAOWAdAAAAQEICgE6N+ED5AlX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1499347313106,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1499347313106,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":202,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347313,"pkt_ts_usec":106006,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80LNAAD4G9RysEAABwKgKMto0AFBr7OnzAAAAAKACchD0JAAAAgQFtAQCCAoBOjlAAAAAAAEDAwc="}
00444{"flow_id":202,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347313,"pkt_ts_usec":106166,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2jRgNfxEa+zp9KAScSCJ7wAAAgQFtAQCCAoD5Aq2ATo5QAEDAwc="}
00432{"flow_id":202,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347313,"pkt_ts_usec":106881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LRAAD4G9SOsEAABwKgKMto0AFBr7On0YDX8RYAQAOUo9wAAAQEICgE6OUAD5Aq2"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1499347314358,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":6,"flow_first_seen":1499347181178,"flow_last_seen":1499347186665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54456,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":6,"flow_first_seen":1499347182435,"flow_last_seen":1499347187664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1499347183714,"flow_last_seen":1499347189665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":6,"flow_first_seen":1499347186286,"flow_last_seen":1499347191666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2881,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":6,"flow_first_seen":1499347187548,"flow_last_seen":1499347192666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1499347314358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":203,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":358143,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wpZAAD4GAzqsEAABwKgKMtpCAFAntfjvAAAAAKACchAoGQAAAgQFtAQCCAoBOjp5AAAAAAEDAwc="}
00444{"flow_id":203,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2885,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":358258,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2kLsSHY8J7X48KAScSC2nwAAAgQFtAQCCAoD5AvvATo6eQEDAwc="}
00432{"flow_id":203,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":359039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wpdAAD4GA0GsEAABwKgKMtpCAFAntfjw7Eh2PYAQAOVVpwAAAQEICgE6OnkD5Avv"}
00432{"flow_id":200,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2890,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":703202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V4xAAD4GbkysEAABwKgKMtoMAFADiWIH7XEpb4ARAOVhLgAAAQEICgE6Os8D5AcC"}
00432{"flow_id":200,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2891,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":703421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JSpAAEAGnq7AqAoyrBAAAQBQ2gztcSlvA4liCIARAONb7AAAAQEICgPkDEUBOjrP"}
00432{"flow_id":200,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2892,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347314,"pkt_ts_usec":704173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V41AAD4GbkusEAABwKgKMtoMAFADiWII7XEpcIAQAOVb6gAAAQEICgE6Os8D5AxF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1499347315631,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1499347315631,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":204,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":631110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8y+VAAD4G+eqsEAABwKgKMtpQAFAKdfBSAAAAAKACchBMqgAAAgQFtAQCCAoBOju3AAAAAAEDAwc="}
00444{"flow_id":204,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2897,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":631239,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2lDsZegJCnXwU6AScSBoCAAAAgQFtAQCCAoD5A0tATo7twEDAwc="}
00432{"flow_id":204,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2898,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":631991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0y+ZAAD4G+fGsEAABwKgKMtpQAFAKdfBT7GXoCoAQAOUHEAAAAQEICgE6O7cD5A0t"}
00433{"flow_id":201,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2902,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":704052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0riVAAD4GF7OsEAABwKgKMtoaAFDhF5jnIIBJ4oARAOX2\/AAAAQEICgE6O8kD5Ag7"}
00432{"flow_id":201,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2903,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":704272,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RN1AAEAGfvvAqAoyrBAAAQBQ2hoggEni4ReY6IARAOPx+QAAAQEICgPkDT8BOjvJ"}
00433{"flow_id":201,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347315,"pkt_ts_usec":705016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0riZAAD4GF7KsEAABwKgKMtoaAFDhF5joIIBJ44AQAOXx9wAAAQEICgE6O8kD5A0\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1499347318180,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1499347318180,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":180354,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81llAAD4G73asEAABwKgKMtpqAFAYI+htAAAAAKACchBESgAAAgQFtAQCCAoBOj40AAAAAAEDAwc="}
00444{"flow_id":205,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2915,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":180482,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2mqVHZfsGCPobqAScSAEkQAAAgQFtAQCCAoD5A+qATo+NAEDAwc="}
00432{"flow_id":205,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":181198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01lpAAD4G732sEAABwKgKMtpqAFAYI+hulR2X7YAQAOWjmAAAAQEICgE6PjQD5A+q"}
00432{"flow_id":202,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":704682,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LVAAD4G9SKsEAABwKgKMto0AFBr7On0YDX8RYARAOUjfwAAAQEICgE6PrcD5Aq2"}
00433{"flow_id":202,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":704914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07GhAAEAG12\/AqAoyrBAAAQBQ2jRgNfxFa+zp9YARAOMeCQAAAQEICgPkEC0BOj63"}
00432{"flow_id":202,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347318,"pkt_ts_usec":705632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00LZAAD4G9SGsEAABwKgKMto0AFBr7On1YDX8RoAQAOUeBwAAAQEICgE6PrcD5BAt"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1499347319466,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1499347319466,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2926,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347319,"pkt_ts_usec":466164,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vPhAAD4GCNisEAABwKgKMtp4AFBaBoOOAAAAAKACchBl9gAAAgQFtAQCCAoBOj92AAAAAAEDAwc="}
00445{"flow_id":206,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2927,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347319,"pkt_ts_usec":466297,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2ni9VjICWgaDj6AScSBirAAAAgQFtAQCCAoD5BDsATo\/dgEDAwc="}
00432{"flow_id":206,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347319,"pkt_ts_usec":467050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vPlAAD4GCN+sEAABwKgKMtp4AFBaBoOPvVYyA4AQAOUBtAAAAQEICgE6P3YD5BDs"}
@@ -1778,53 +1778,53 @@
00432{"flow_id":204,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2938,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":704732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0y+dAAD4G+fCsEAABwKgKMtpQAFAKdfBT7GXoCoARAOUCGwAAAQEICgE6QKsD5A0t"}
00432{"flow_id":204,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":704931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+itAAEAGyazAqAoyrBAAAQBQ2lDsZegKCnXwVIARAOP9JwAAAQEICgPkEiEBOkCr"}
00432{"flow_id":204,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":705699,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0y+hAAD4G+e+sEAABwKgKMtpQAFAKdfBU7GXoC4AQAOX9JQAAAQEICgE6QKsD5BIh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1499347320712,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1499347320712,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":712143,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tK5AAD4GESKsEAABwKgKMtqGAFAqvPQDAAAAAKACchAjhgAAAgQFtAQCCAoBOkCtAAAAAAEDAwc="}
00445{"flow_id":207,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":712224,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2oZaSFgWKrz0BKAScSBb\/wAAAgQFtAQCCAoD5BIjATpArQEDAwc="}
00432{"flow_id":207,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347320,"pkt_ts_usec":712972,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tK9AAD4GESmsEAABwKgKMtqGAFAqvPQEWkhYF4AQAOX7BgAAAQEICgE6QK0D5BIj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1499347323234,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1499347323234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":234546,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CttAAD4GuvWsEAABwKgKMtqgAFDxkUn\/AAAAAKACchAEJAAAAgQFtAQCCAoBOkMkAAAAAAEDAwc="}
00444{"flow_id":208,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2957,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":234700,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2qDnEfYn8ZFKAKAScSAPSwAAAgQFtAQCCAoD5BSaATpDJAEDAwc="}
00432{"flow_id":208,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2958,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":235435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CtxAAD4GuvysEAABwKgKMtqgAFDxkUoA5xH2KIAQAOWuUgAAAQEICgE6QyQD5BSa"}
00432{"flow_id":205,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2962,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":704610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01ltAAD4G73ysEAABwKgKMtpqAFAYI+hulR2X7YARAOWeMgAAAQEICgE6Q5kD5A+q"}
00432{"flow_id":205,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2963,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":704901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0guJAAEAGQPbAqAoyrBAAAQBQ2mqVHZftGCPob4ARAOOYzgAAAQEICgPkFQ8BOkOZ"}
00432{"flow_id":205,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2964,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347323,"pkt_ts_usec":705629,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01lxAAD4G73usEAABwKgKMtpqAFAYI+hvlR2X7oAQAOWYzAAAAQEICgE6Q5kD5BUP"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1499347324538,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":6,"flow_first_seen":1499347188799,"flow_last_seen":1499347194667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":6,"flow_first_seen":1499347190051,"flow_last_seen":1499347195667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":6,"flow_first_seen":1499347191299,"flow_last_seen":1499347196667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54566,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":6,"flow_first_seen":1499347192547,"flow_last_seen":1499347197669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":6,"flow_first_seen":1499347195099,"flow_last_seen":1499347200670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":7,"flow_first_seen":1499347196341,"flow_last_seen":1499347201670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54620,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2965,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":6,"flow_first_seen":1499347197627,"flow_last_seen":1499347202671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1499347324538,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":538428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uCpAAD4GDaasEAABwKgKMtquAFARp\/xAAAAAAKACchAweQAAAgQFtAQCCAoBOkRqAAAAAAEDAwc="}
00444{"flow_id":209,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2969,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":538570,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2q5SOt2REaf8QaAScSDnxwAAAgQFtAQCCAoD5BXgATpEagEDAwc="}
00433{"flow_id":209,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2970,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":539345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uCtAAD4GDa2sEAABwKgKMtquAFARp\/xBUjrdkoAQAOWGzwAAAQEICgE6RGoD5BXg"}
00432{"flow_id":206,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2974,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":705180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vPpAAD4GCN6sEAABwKgKMtp4AFBaBoOPvVYyA4ARAOX8lQAAAQEICgE6RJMD5BDs"}
00432{"flow_id":206,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2975,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":705437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JApAAEAGn87AqAoyrBAAAQBQ2ni9VjIDWgaDkIARAOP3eQAAAQEICgPkFgkBOkST"}
00432{"flow_id":206,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2976,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347324,"pkt_ts_usec":705996,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vPtAAD4GCN2sEAABwKgKMtp4AFBaBoOQvVYyBIAQAOX3dgAAAQEICgE6RJQD5BYJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1499347325777,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1499347325777,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2980,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347325,"pkt_ts_usec":777068,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C\/ZAAD4GudqsEAABwKgKMtq8AFA4wE5pAAAAAKACchC19AAAAgQFtAQCCAoBOkWfAAAAAAEDAwc="}
00444{"flow_id":210,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347325,"pkt_ts_usec":777170,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2rxxlybyOMBOaqAScSADUQAAAgQFtAQCCAoD5BcVATpFnwEDAwc="}
00433{"flow_id":210,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2983,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347325,"pkt_ts_usec":777937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C\/dAAD4GueGsEAABwKgKMtq8AFA4wE5qcZcm84AQAOWiVwAAAQEICgE6RaAD5BcV"}
00432{"flow_id":207,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2986,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347326,"pkt_ts_usec":705380,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tLBAAD4GESisEAABwKgKMtqGAFAqvPQEWkhYF4ARAOX1KwAAAQEICgE6RocD5BIj"}
00433{"flow_id":207,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2987,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347326,"pkt_ts_usec":705650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0T+pAAEAGc+7AqAoyrBAAAQBQ2oZaSFgXKrz0BYARAOPvUgAAAQEICgPkF\/0BOkaH"}
00432{"flow_id":207,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2988,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347326,"pkt_ts_usec":706391,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tLFAAD4GESesEAABwKgKMtqGAFAqvPQFWkhYGIAQAOXvTwAAAQEICgE6RogD5Bf9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1499347328298,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1499347328298,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":211,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":298998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K4RAAD4GmkysEAABwKgKMtrWAFBZCmOSAAAAAKACchB98AAAAgQFtAQCCAoBOkgWAAAAAAEDAwc="}
00444{"flow_id":211,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":299125,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2tYFgFaJWQpjk6AScSAFVgAAAgQFtAQCCAoD5BmMATpIFgEDAwc="}
00432{"flow_id":211,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":299877,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K4VAAD4GmlOsEAABwKgKMtrWAFBZCmOTBYBWioAQAOWkXQAAAQEICgE6SBYD5BmM"}
00432{"flow_id":208,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3004,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":705234,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ct1AAD4GuvusEAABwKgKMtqgAFDxkUoA5xH2KIARAOWo+gAAAQEICgE6SHsD5BSa"}
00433{"flow_id":208,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3005,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":705476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA079lAAEAG0\/7AqAoyrBAAAQBQ2qDnEfYo8ZFKAYARAOOjpAAAAQEICgPkGfEBOkh7"}
00432{"flow_id":208,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3006,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347328,"pkt_ts_usec":706033,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ct5AAD4GuvqsEAABwKgKMtqgAFDxkUoB5xH2KYAQAOWjoQAAAQEICgE6SHwD5Bnx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1499347329594,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1499347329594,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":212,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3010,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347329,"pkt_ts_usec":594634,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8olxAAD4GI3SsEAABwKgKMtrkAFD4u+sGAAAAAKACchBVeAAAAgQFtAQCCAoBOklaAAAAAAEDAwc="}
00444{"flow_id":212,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3011,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347329,"pkt_ts_usec":594756,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2uSvjPx7+LvrB6AScSCLmgAAAgQFtAQCCAoD5BrQATpJWgEDAwc="}
00432{"flow_id":212,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3012,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347329,"pkt_ts_usec":595507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ol1AAD4GI3usEAABwKgKMtrkAFD4u+sHr4z8fIAQAOUqogAAAQEICgE6SVoD5BrQ"}
@@ -1834,44 +1834,44 @@
00433{"flow_id":210,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3025,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347331,"pkt_ts_usec":706952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C\/hAAD4GueCsEAABwKgKMtq8AFA4wE5qcZcm84ARAOWcjAAAAQEICgE6S2oD5BcV"}
00432{"flow_id":210,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3026,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347331,"pkt_ts_usec":707139,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OhNAAEAGicXAqAoyrBAAAQBQ2rxxlybzOMBOa4ARAOOWwgAAAQEICgPkHOABOktq"}
00433{"flow_id":210,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3027,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347331,"pkt_ts_usec":707907,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C\/lAAD4Gud+sEAABwKgKMtq8AFA4wE5rcZcm9IAQAOWWwAAAAQEICgE6S2oD5Bzg"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1499347332137,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1499347332137,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":213,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347332,"pkt_ts_usec":137392,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hpdAAD4GPzmsEAABwKgKMtr+AFAKS81CAAAAAKACchBfGAAAAgQFtAQCCAoBOkvVAAAAAAEDAwc="}
00444{"flow_id":213,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347332,"pkt_ts_usec":137517,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2v58hG58CkvNQ6AScSBTxwAAAgQFtAQCCAoD5B1LATpL1QEDAwc="}
00432{"flow_id":213,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347332,"pkt_ts_usec":138274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hphAAD4GP0CsEAABwKgKMtr+AFAKS81DfIRufYAQAOXyzQAAAQEICgE6S9YD5B1L"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1499347333419,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1499347333419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":214,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3040,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":419946,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bENAAD4GWY2sEAABwKgKMtsMAFCNWiFVAAAAAKACchCGpwAAAgQFtAQCCAoBOk0WAAAAAAEDAwc="}
00444{"flow_id":214,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3041,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":420039,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2wzHhupcjVohVqAScSCzMgAAAgQFtAQCCAoD5B6MATpNFgEDAwc="}
00432{"flow_id":214,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3043,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":420829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bERAAD4GWZSsEAABwKgKMtsMAFCNWiFWx4bqXYAQAOVSOgAAAQEICgE6TRYD5B6M"}
00432{"flow_id":211,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3046,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":708299,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K4ZAAD4GmlKsEAABwKgKMtrWAFBZCmOTBYBWioARAOWfFAAAAQEICgE6TV4D5BmM"}
00432{"flow_id":211,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3047,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":708547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0SF5AAEAGe3rAqAoyrBAAAQBQ2tYFgFaKWQpjlIARAOOZzQAAAQEICgPkHtQBOk1e"}
00432{"flow_id":211,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3048,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347333,"pkt_ts_usec":709262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K4dAAD4GmlGsEAABwKgKMtrWAFBZCmOUBYBWi4AQAOWZywAAAQEICgE6TV4D5B7U"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1499347334667,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":6,"flow_first_seen":1499347200170,"flow_last_seen":1499347205672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54660,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":6,"flow_first_seen":1499347201471,"flow_last_seen":1499347206672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":6,"flow_first_seen":1499347202722,"flow_last_seen":1499347208672,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":6,"flow_first_seen":1499347205214,"flow_last_seen":1499347210673,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54714,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":6,"flow_first_seen":1499347206497,"flow_last_seen":1499347211674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":6,"flow_first_seen":1499347207764,"flow_last_seen":1499347213674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1499347334667,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":215,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":667316,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ruhAAD4GFuisEAABwKgKMtsaAFCxtOCmAAAAAKACchChtQAAAgQFtAQCCAoBOk5OAAAAAAEDAwc="}
00445{"flow_id":215,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3053,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":667448,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2xqx52s8sbTgp6AScSBhyAAAAgQFtAQCCAoD5B\/EATpOTgEDAwc="}
00433{"flow_id":215,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3054,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":668167,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rulAAD4GFu+sEAABwKgKMtsaAFCxtOCnsedrPYAQAOUA0AAAAQEICgE6Tk4D5B\/E"}
00432{"flow_id":212,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3058,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":708438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ol5AAD4GI3qsEAABwKgKMtrkAFD4u+sHr4z8fIARAOUlowAAAQEICgE6TlgD5BrQ"}
00432{"flow_id":212,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3059,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":709142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA047JAAEAG4CXAqAoyrBAAAQBQ2uSvjPx8+LvrCIARAOMgpgAAAQEICgPkH84BOk5Y"}
00433{"flow_id":212,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3060,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347334,"pkt_ts_usec":709873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ol9AAD4GI3msEAABwKgKMtrkAFD4u+sIr4z8fYAQAOUgowAAAQEICgE6TlkD5B\/O"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1499347337226,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1499347337226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":216,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3070,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":226449,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TYVAAD4GeEusEAABwKgKMts0AFCRRx1LAAAAAKACchCC5AAAAgQFtAQCCAoBOlDOAAAAAAEDAwc="}
00444{"flow_id":216,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3071,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":226578,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2zQKH2urkUcdTKAScSDn0AAAAgQFtAQCCAoD5CJEATpQzgEDAwc="}
00432{"flow_id":216,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3072,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":227312,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TYZAAD4GeFKsEAABwKgKMts0AFCRRx1MCh9rrIAQAOWG2AAAAQEICgE6UM4D5CJE"}
00432{"flow_id":213,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3076,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":709343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hplAAD4GPz+sEAABwKgKMtr+AFAKS81DfIRufYARAOXtXAAAAQEICgE6UUYD5B1L"}
00432{"flow_id":213,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3077,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":709556,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TMFAAEAGdxfAqAoyrBAAAQBQ2v58hG59CkvNRIARAOPn7AAAAQEICgPkIrwBOlFG"}
00432{"flow_id":213,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3078,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347337,"pkt_ts_usec":710296,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hppAAD4GPz6sEAABwKgKMtr+AFAKS81EfIRufoAQAOXn6QAAAQEICgE6UUcD5CK8"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1499347338485,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1499347338485,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3082,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347338,"pkt_ts_usec":485793,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871JAAD4G1n2sEAABwKgKMttCAFArWL1bAAAAAKACchBHegAAAgQFtAQCCAoBOlIJAAAAAAEDAwc="}
00444{"flow_id":217,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3083,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347338,"pkt_ts_usec":485947,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ20LSM68cK1i9XKAScSCfpgAAAgQFtAQCCAoD5CN+ATpSCQEDAwc="}
00432{"flow_id":217,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3084,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347338,"pkt_ts_usec":486709,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071NAAD4G1oSsEAABwKgKMttCAFArWL1c0jOvHYAQAOU+rgAAAQEICgE6UgkD5CN+"}
@@ -1881,51 +1881,51 @@
00433{"flow_id":215,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3094,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":709066,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rupAAD4GFu6sEAABwKgKMtsaAFCxtOCnsedrPYARAOX74gAAAQEICgE6UzoD5B\/E"}
00432{"flow_id":215,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3095,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":709281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0T41AAEAGdEvAqAoyrBAAAQBQ2xqx52s9sbTgqIARAOP29wAAAQEICgPkJLABOlM6"}
00432{"flow_id":215,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":710022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rutAAD4GFu2sEAABwKgKMtsaAFCxtOCosedrPoAQAOX29AAAAQEICgE6UzsD5CSw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1499347339782,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1499347339782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3097,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":782537,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e9RAAD4GSfysEAABwKgKMttQAFCK9SiZAAAAAKACchB7TQAAAgQFtAQCCAoBOlNNAAAAAAEDAwc="}
00444{"flow_id":218,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3098,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":782633,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ21AZ1nzCivUomqAScSC87AAAAgQFtAQCCAoD5CTDATpTTQEDAwc="}
00432{"flow_id":218,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3099,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347339,"pkt_ts_usec":783397,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e9VAAD4GSgOsEAABwKgKMttQAFCK9SiaGdZ8w4AQAOVb9AAAAQEICgE6U00D5CTD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1499347341106,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1499347341106,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3106,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347341,"pkt_ts_usec":106252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aWRAAD4GXGysEAABwKgKMtteAFBkzD38AAAAAKACchCKugAAAgQFtAQCCAoBOlSYAAAAAAEDAwc="}
00445{"flow_id":219,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347341,"pkt_ts_usec":106427,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ217gSFdsZMw9\/aAScSAp8gAAAgQFtAQCCAoD5CYOATpUmAEDAwc="}
00432{"flow_id":219,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347341,"pkt_ts_usec":107144,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aWVAAD4GXHOsEAABwKgKMtteAFBkzD394EhXbYAQAOXI+QAAAQEICgE6VJgD5CYO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1499347342386,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1499347342386,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3115,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":386338,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DyJAAD4Gtq6sEAABwKgKMttsAFDfC1r6AAAAAKACchDyLgAAAgQFtAQCCAoBOlXYAAAAAAEDAwc="}
00444{"flow_id":220,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3116,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":386423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ22zAs3dz3wta+6AScSCPtAAAAgQFtAQCCAoD5CdOATpV2AEDAwc="}
00432{"flow_id":220,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":387197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DyNAAD4GtrWsEAABwKgKMttsAFDfC1r7wLN3dIAQAOUuvAAAAQEICgE6VdgD5CdO"}
00432{"flow_id":216,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3121,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":709119,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TYdAAD4GeFGsEAABwKgKMts0AFCRRx1MCh9rrIARAOWBfQAAAQEICgE6VigD5CJE"}
00432{"flow_id":216,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3122,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":709350,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TDJAAEAGd6bAqAoyrBAAAQBQ2zQKH2uskUcdTYARAON8JAAAAQEICgPkJ54BOlYo"}
00432{"flow_id":216,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3123,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347342,"pkt_ts_usec":710081,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TYhAAD4GeFCsEAABwKgKMts0AFCRRx1NCh9rrYAQAOV8IQAAAQEICgE6VikD5Cee"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1499347343672,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1499347343672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":672802,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83PZAAD4G6NmsEAABwKgKMtt6AFBC4YvvAAAAAKACchBcFQAAAgQFtAQCCAoBOlcZAAAAAAEDAwc="}
00444{"flow_id":221,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3128,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":672949,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ23pctqnYQuGL8KAScSAp8gAAAgQFtAQCCAoD5CiPATpXGQEDAwc="}
00432{"flow_id":221,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3129,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":673650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PdAAD4G6OCsEAABwKgKMtt6AFBC4YvwXLap2YAQAOXI+AAAAQEICgE6VxoD5CiP"}
00432{"flow_id":217,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3133,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":711075,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071RAAD4G1oOsEAABwKgKMttCAFArWL1c0jOvHYARAOU5kwAAAQEICgE6VyMD5CN+"}
00432{"flow_id":217,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3134,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":711278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0h4RAAEAGPFTAqAoyrBAAAQBQ20LSM68dK1i9XYARAOM0eQAAAQEICgPkKJkBOlcj"}
00432{"flow_id":217,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3135,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347343,"pkt_ts_usec":711818,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071VAAD4G1oKsEAABwKgKMttCAFArWL1d0jOvHoAQAOU0dwAAAQEICgE6VyMD5CiZ"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":6,"flow_first_seen":1499347219208,"flow_last_seen":1499347224678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":6,"flow_first_seen":1499347210270,"flow_last_seen":1499347215675,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":6,"flow_first_seen":1499347211522,"flow_last_seen":1499347216676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":6,"flow_first_seen":1499347214088,"flow_last_seen":1499347219676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":6,"flow_first_seen":1499347215361,"flow_last_seen":1499347220676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":6,"flow_first_seen":1499347216659,"flow_last_seen":1499347221677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":218,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3142,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347345,"pkt_ts_usec":711706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e9ZAAD4GSgKsEAABwKgKMttQAFCK9SiaGdZ8w4ARAOVWKQAAAQEICgE6WRcD5CTD"}
00432{"flow_id":218,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3143,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347345,"pkt_ts_usec":711923,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Vk5AAEAGbYrAqAoyrBAAAQBQ21AZ1nzDivUom4ARAONQYAAAAQEICgPkKo0BOlkX"}
00432{"flow_id":218,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347345,"pkt_ts_usec":712662,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e9dAAD4GSgGsEAABwKgKMttQAFCK9SibGdZ8xIAQAOVQXgAAAQEICgE6WRcD5CqN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1499347346211,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1499347346211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3149,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":211046,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZYhAAD4GYEisEAABwKgKMtuUAFCjBDwcAAAAAKACchBJMAAAAgQFtAQCCAoBOlmUAAAAAAEDAwc="}
00444{"flow_id":222,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":211138,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ25SXkk2howQ8HaAScSA17QAAAgQFtAQCCAoD5CsKATpZlAEDAwc="}
00432{"flow_id":222,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":211793,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZYlAAD4GYE+sEAABwKgKMtuUAFCjBDwdl5JNooAQAOXU9AAAAQEICgE6WZQD5CsK"}
00432{"flow_id":219,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3154,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":711781,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aWZAAD4GXHKsEAABwKgKMtteAFBkzD394EhXbYARAOXDfwAAAQEICgE6WhED5CYO"}
00433{"flow_id":219,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3155,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":712010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fOpAAEAGRu7AqAoyrBAAAQBQ217gSFdtZMw9\/oARAOO+BwAAAQEICgPkK4cBOloR"}
00432{"flow_id":219,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3156,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347346,"pkt_ts_usec":712559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aWdAAD4GXHGsEAABwKgKMtteAFBkzD3+4EhXboAQAOW+BQAAAQEICgE6WhED5CuH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1499347347483,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1499347347483,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3160,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347347,"pkt_ts_usec":483570,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D8lAAD4GtgesEAABwKgKMtuiAFCZ3FUbAAAAAKACchA4DQAAAgQFtAQCCAoBOlrSAAAAAAEDAwc="}
00444{"flow_id":223,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3161,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347347,"pkt_ts_usec":483667,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ26Ji05dMmdxVHKAScSAOoAAAAgQFtAQCCAoD5CxIATpa0gEDAwc="}
00432{"flow_id":223,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3162,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347347,"pkt_ts_usec":484270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8pAAD4Gtg6sEAABwKgKMtuiAFCZ3FUcYtOXTYAQAOWtpwAAAQEICgE6WtID5CxI"}
@@ -1935,43 +1935,43 @@
00432{"flow_id":221,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3172,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":712565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PhAAD4G6N+sEAABwKgKMtt6AFBC4YvwXLap2YARAOXEDAAAAQEICgE6XAUD5CiP"}
00433{"flow_id":221,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":712792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hKJAAEAGPzbAqAoyrBAAAQBQ23pctqnZQuGL8YARAOO\/IQAAAQEICgPkLXsBOlwF"}
00433{"flow_id":221,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3174,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":713338,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03PlAAD4G6N6sEAABwKgKMtt6AFBC4YvxXLap2oAQAOW\/HgAAAQEICgE6XAYD5C17"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1499347348776,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1499347348776,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3176,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":776663,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P2lAAD4GhmesEAABwKgKMtuwAFBd3mN8AAAAAKACchBkWQAAAgQFtAQCCAoBOlwVAAAAAAEDAwc="}
00444{"flow_id":224,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3177,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":776752,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ27AjVjRJXd5jfaAScSDcKQAAAgQFtAQCCAoD5C2LATpcFQEDAwc="}
00432{"flow_id":224,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3178,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347348,"pkt_ts_usec":777538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2pAAD4Ghm6sEAABwKgKMtuwAFBd3mN9I1Y0SoAQAOV7MAAAAQEICgE6XBYD5C2L"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1499347351299,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1499347351299,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3190,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":299570,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XeBAAD4GZ\/CsEAABwKgKMtvKAFA3cANsAAAAAKACchDoRgAAAgQFtAQCCAoBOl6MAAAAAAEDAwc="}
00444{"flow_id":225,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":299706,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ28rLt8HDN3ADbaAScSAnxAAAAgQFtAQCCAoD5DACATpejAEDAwc="}
00433{"flow_id":225,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":300467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XeFAAD4GZ\/esEAABwKgKMtvKAFA3cANty7fBxIAQAOXGywAAAQEICgE6XowD5DAC"}
00432{"flow_id":222,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":712683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZYpAAD4GYE6sEAABwKgKMtuUAFCjBDwdl5JNooARAOXPlAAAAQEICgE6XvMD5CsK"}
00432{"flow_id":222,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":712874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fctAAEAGRg3AqAoyrBAAAQBQ25SXkk2iowQ8HoARAOPKNgAAAQEICgPkMGkBOl7z"}
00432{"flow_id":222,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347351,"pkt_ts_usec":713466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZYtAAD4GYE2sEAABwKgKMtuUAFCjBDwel5JNo4AQAOXKMwAAAQEICgE6XvQD5DBp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1499347352698,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1499347352698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3202,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":698990,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA894dAAD4GzkisEAABwKgKMtvYAFB9d6htAAAAAKACchD70QAAAgQFtAQCCAoBOl\/qAAAAAAEDAwc="}
00445{"flow_id":226,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3203,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":699146,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ29gsQT\/ffXeobqAScSBbTAAAAgQFtAQCCAoD5DFgATpf6gEDAwc="}
00433{"flow_id":226,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":699665,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094hAAD4Gzk+sEAABwKgKMtvYAFB9d6huLEE\/4IAQAOX6UwAAAQEICgE6X+oD5DFg"}
00432{"flow_id":223,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3208,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":713119,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8tAAD4Gtg2sEAABwKgKMtuiAFCZ3FUcYtOXTYARAOWoiwAAAQEICgE6X+0D5CxI"}
00433{"flow_id":223,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3209,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":713207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pi5AAEAGHarAqAoyrBAAAQBQ26Ji05dNmdxVHYARAOOjcQAAAQEICgPkMWMBOl\/t"}
00432{"flow_id":223,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347352,"pkt_ts_usec":714021,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D8xAAD4GtgysEAABwKgKMtuiAFCZ3FUdYtOXToAQAOWjbgAAAQEICgE6X+4D5DFj"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_tot_l4_data_len":242594,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":782,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":6,"flow_first_seen":1499347220447,"flow_last_seen":1499347225677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":6,"flow_first_seen":1499347221694,"flow_last_seen":1499347227677,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":6,"flow_first_seen":1499347224338,"flow_last_seen":1499347229678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1499347225590,"flow_last_seen":1499347230679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1499347229416,"flow_last_seen":1499347234681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":310,"flow_first_seen":1499347163177,"flow_last_seen":1499347230695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232658,"flow_avg_l4_payload_len":750,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54268,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":224,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347354,"pkt_ts_usec":714108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2tAAD4Ghm2sEAABwKgKMtuwAFBd3mN9I1Y0SoARAOV1YwAAAQEICgE6YeID5C2L"}
00432{"flow_id":224,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3218,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347354,"pkt_ts_usec":714326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BxJAAEAGvMbAqAoyrBAAAQBQ27AjVjRKXd5jfoARAONvlwAAAQEICgPkM1gBOmHi"}
00432{"flow_id":224,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3219,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347354,"pkt_ts_usec":714888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P2xAAD4GhmysEAABwKgKMtuwAFBd3mN+I1Y0S4AQAOVvlQAAAQEICgE6YeID5DNY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1499347355229,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1499347355229,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347355,"pkt_ts_usec":229572,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GHxAAD4GrVSsEAABwKgKMtvyAFB7gnofAAAAAKACchApggAAAgQFtAQCCAoBOmJjAAAAAAEDAwc="}
00445{"flow_id":227,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347355,"pkt_ts_usec":229696,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ2\/L7jmGSe4J6IKAScSCVgwAAAgQFtAQCCAoD5DPYATpiYwEDAwc="}
00432{"flow_id":227,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3225,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347355,"pkt_ts_usec":230266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GH1AAD4GrVusEAABwKgKMtvyAFB7gnog+45hk4AQAOU0iwAAAQEICgE6YmMD5DPY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1499347356478,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1499347356478,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347356,"pkt_ts_usec":478261,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hsZAAD4GPwqsEAABwKgKMtwAAFAJPOVdAAAAAKACchAvRAAAAgQFtAQCCAoBOmObAAAAAAEDAwc="}
00446{"flow_id":228,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3233,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347356,"pkt_ts_usec":478423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3AC\/\/WVQCTzlXqAScSDR3wAAAgQFtAQCCAoD5DURATpjmwEDAwc="}
00433{"flow_id":228,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347356,"pkt_ts_usec":478985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hsdAAD4GPxGsEAABwKgKMtwAAFAJPOVev\/1lUYAQAOVw5wAAAQEICgE6Y5sD5DUR"}
@@ -1981,16 +1981,16 @@
00433{"flow_id":226,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3244,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":714463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094lAAD4Gzk6sEAABwKgKMtvYAFB9d6huLEE\/4IARAOX1bAAAAQEICgE6ZNAD5DFg"}
00433{"flow_id":226,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3245,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":714711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CaZAAEAGujLAqAoyrBAAAQBQ29gsQT\/gfXeob4ARAOPwhwAAAQEICgPkNkYBOmTQ"}
00433{"flow_id":226,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3246,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":715233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA094pAAD4Gzk2sEAABwKgKMtvYAFB9d6hvLEE\/4YAQAOXwhQAAAQEICgE6ZNAD5DZG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1499347357727,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1499347357727,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":727928,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8p9BAAD4GHgCsEAABwKgKMtwOAFCyy8MDAAAAAKACchCmyAAAAgQFtAQCCAoBOmTTAAAAAAEDAwc="}
00445{"flow_id":229,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":727995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3A4qYd\/GssvDBKAScSBjUgAAAgQFtAQCCAoD5DZJATpk0wEDAwc="}
00432{"flow_id":229,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3249,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347357,"pkt_ts_usec":728738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9FAAD4GHgesEAABwKgKMtwOAFCyy8MEKmHfx4AQAOUCWgAAAQEICgE6ZNMD5DZJ"}
00946{"flow_id":227,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":34968,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzGH5AAD4Gq9usEAABwKgKMtvyAFB7gnog+45hk4AYAOXe4QAAAQEICgE6ZxQD5DPYR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":4,"flow_first_seen":1499347355229,"flow_last_seen":1499347360034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00433{"flow_id":227,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3263,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":35098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WRlAAEAGar\/AqAoyrBAAAQBQ2\/L7jmGTe4J7n4AQAOspowAAAQEICgPkOIoBOmcU"}
02829{"flow_id":227,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3264,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":38150,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfWRpAAEAGY9PAqAoyrBAAAQBQ2\/L7jmGTe4J7n4AYAOt9\/QAAAQEICgPkOIsBOmcUSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIyOjM5IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00431{"flow_id":227,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":38812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GH9AAD4GrVmsEAABwKgKMtvyAFB7gnuf+45ofoAQAQAioQAAAQEICgE6ZxUD5DiL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1499347360285,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1499347360285,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":285446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h\/1AAD4GPdOsEAABwKgKMtwoAFB3hOCvAAAAAKACchDBygAAAgQFtAQCCAoBOmdSAAAAAAEDAwc="}
00444{"flow_id":230,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3267,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":285542,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ci3TdMGd4TgsKAScSD7qAAAAgQFtAQCCAoD5DjIATpnUgEDAwc="}
00433{"flow_id":230,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3268,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347360,"pkt_ts_usec":286330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h\/5AAD4GPdqsEAABwKgKMtwoAFB3hOCwt03TB4AQAOWarwAAAQEICgE6Z1MD5DjI"}
@@ -2000,7 +2000,7 @@
00948{"flow_id":227,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":313532,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzGIJAAD4Gq9esEAABwKgKMtvyAFB7gn3o+45vyoAYAR3GeAAAAQEICgE6aFQD5DjKR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02824{"flow_id":227,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3273,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":316571,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceWR5AAEAGY9DAqAoyrBAAAQBQ2\/L7jm\/Ke4J\/Z4AYAP19\/AAAAQEICgPkOcoBOmhUSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIyOjQxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":227,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3274,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":317337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GINAAD4GrVWsEAABwKgKMtvyAFB7gn9n+452tIAQATkN6wAAAQEICgE6aFUD5DnK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1499347361540,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1499347361540,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3275,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":540867,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8izFAAD4GOp+sEAABwKgKMtw2AFCL9eO9AAAAAKACchCpAwAAAgQFtAQCCAoBOmiMAAAAAAEDAwc="}
00445{"flow_id":231,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3276,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":540996,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Db87gPNi\/XjvqAScSBrQAAAAgQFtAQCCAoD5DoCATpojAEDAwc="}
00433{"flow_id":231,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347361,"pkt_ts_usec":541590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izJAAD4GOqasEAABwKgKMtw2AFCL9eO+\/O4DzoAQAOUKRwAAAQEICgE6aI0D5DoC"}
@@ -2012,129 +2012,129 @@
00432{"flow_id":229,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3292,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347363,"pkt_ts_usec":715816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9JAAD4GHgasEAABwKgKMtwOAFCyy8MEKmHfx4ARAOX8fwAAAQEICgE6aqwD5DZJ"}
00434{"flow_id":229,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3293,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347363,"pkt_ts_usec":716085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04+VAAEAG3\/LAqAoyrBAAAQBQ3A4qYd\/HssvDBYARAOP2pwAAAQEICgPkPCIBOmqs"}
00432{"flow_id":229,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3294,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347363,"pkt_ts_usec":716833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0p9NAAD4GHgWsEAABwKgKMtwOAFCyy8MFKmHfyIAQAOX2pQAAAQEICgE6aqwD5Dwi"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1499347364056,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1499347364056,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3298,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347364,"pkt_ts_usec":56755,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+jlAAD4Gy5asEAABwKgKMtxQAFCMb5E4AAAAAKACchD4fwAAAgQFtAQCCAoBOmsBAAAAAAEDAwc="}
00443{"flow_id":232,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3299,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347364,"pkt_ts_usec":56881,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3FBchRpEjG+ROaAScSBCOgAAAgQFtAQCCAoD5Dx3ATprAQEDAwc="}
00431{"flow_id":232,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3300,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347364,"pkt_ts_usec":57638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jpAAD4Gy52sEAABwKgKMtxQAFCMb5E5XIUaRYAQAOXhQAAAAQEICgE6awID5Dx3"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1499347365320,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":6,"flow_first_seen":1499347230690,"flow_last_seen":1499347236682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54984,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1499347233219,"flow_last_seen":1499347238682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1499347234469,"flow_last_seen":1499347239682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1499347235716,"flow_last_seen":1499347241682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55038,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1499347238260,"flow_last_seen":1499347243683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1499347239517,"flow_last_seen":1499347244683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55078,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1499347365320,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":320773,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CZFAAD4GvD+sEAABwKgKMtxeAFCYJmWsAAAAAKACchAXCwAAAgQFtAQCCAoBOmw9AAAAAAEDAwc="}
00444{"flow_id":233,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":320933,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3F6n4QiemCZlraAScSAl0wAAAgQFtAQCCAoD5D2zATpsPQEDAwc="}
00432{"flow_id":233,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":321650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CZJAAD4GvEasEAABwKgKMtxeAFCYJmWtp+EIn4AQAOXE2QAAAQEICgE6bD4D5D2z"}
00433{"flow_id":230,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3313,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":716431,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h\/9AAD4GPdmsEAABwKgKMtwoAFB3hOCwt03TB4ARAOWVYQAAAQEICgE6bKAD5DjI"}
00432{"flow_id":230,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3314,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":716661,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07RFAAEAG1sbAqAoyrBAAAQBQ3Ci3TdMHd4TgsYARAOOQFAAAAQEICgPkPhYBOmyg"}
00432{"flow_id":230,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3315,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347365,"pkt_ts_usec":717432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iABAAD4GPdisEAABwKgKMtwoAFB3hOCxt03TCIAQAOWQEQAAAQEICgE6bKED5D4W"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1499347366586,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1499347366586,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3319,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":586774,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8voxAAD4GB0SsEAABwKgKMtxsAFDi5tP2AAAAAKACchBctQAAAgQFtAQCCAoBOm16AAAAAAEDAwc="}
00445{"flow_id":234,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3320,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":586869,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3GzFvqcC4ubT96AScSCt\/gAAAgQFtAQCCAoD5D7wATptegEDAwc="}
00432{"flow_id":234,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3321,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":587628,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vo1AAD4GB0usEAABwKgKMtxsAFDi5tP3xb6nA4AQAOVNBgAAAQEICgE6bXoD5D7w"}
00433{"flow_id":231,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3325,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":716281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izNAAD4GOqWsEAABwKgKMtw2AFCL9eO+\/O4DzoARAOUFOQAAAQEICgE6bZoD5DoC"}
00433{"flow_id":231,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":716537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PN5AAEAGhvrAqAoyrBAAAQBQ3Db87gPOi\/Xjv4ARAOMALAAAAQEICgPkPxABOm2a"}
00434{"flow_id":231,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3327,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347366,"pkt_ts_usec":717273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izRAAD4GOqSsEAABwKgKMtw2AFCL9eO\/\/O4Dz4AQAOUAKgAAAQEICgE6bZoD5D8Q"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1499347369077,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1499347369077,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":77761,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NkNAAD4Gj42sEAABwKgKMtyGAFA0BFmqAAAAAKACchCDWwAAAgQFtAQCCAoBOm\/pAAAAAAEDAwc="}
00444{"flow_id":235,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3338,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":77859,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Ib842EVNARZq6AScSDg\/gAAAgQFtAQCCAoD5EFeATpv6QEDAwc="}
00432{"flow_id":235,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3339,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":78634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NkRAAD4Gj5SsEAABwKgKMtyGAFA0BFmr\/ONhFoAQAOWABgAAAQEICgE6b+kD5EFe"}
00432{"flow_id":232,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":717228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jtAAD4Gy5ysEAABwKgKMtxQAFCMb5E5XIUaRYARAOXbuAAAAQEICgE6cIkD5Dx3"}
00432{"flow_id":232,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3344,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":717446,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0W7tAAEAGaB3AqAoyrBAAAQBQ3FBchRpFjG+ROoARAOPWMgAAAQEICgPkQf4BOnCJ"}
00432{"flow_id":232,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3345,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347369,"pkt_ts_usec":718009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+jxAAD4Gy5usEAABwKgKMtxQAFCMb5E6XIUaRoAQAOXWMAAAAQEICgE6cIkD5EH+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1499347370339,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1499347370339,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":339639,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iG5AAD4GPWKsEAABwKgKMtyUAFBZvPlKAAAAAKACchC8uQAAAgQFtAQCCAoBOnEkAAAAAAEDAwc="}
00444{"flow_id":236,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3350,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":339743,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3JQ4r3KfWbz5S6AScSDLywAAAgQFtAQCCAoD5EKaATpxJAEDAwc="}
00432{"flow_id":236,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3352,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":340532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iG9AAD4GPWmsEAABwKgKMtyUAFBZvPlLOK9yoIAQAOVq0wAAAQEICgE6cSQD5EKa"}
00433{"flow_id":233,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":717421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CZNAAD4GvEWsEAABwKgKMtxeAFCYJmWtp+EIn4ARAOW\/kwAAAQEICgE6cYMD5D2z"}
00432{"flow_id":233,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3356,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":717660,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0SmdAAEAGeXHAqAoyrBAAAQBQ3F6n4QifmCZlroARAOO6TwAAAQEICgPkQvgBOnGD"}
00432{"flow_id":233,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347370,"pkt_ts_usec":718346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CZRAAD4GvESsEAABwKgKMtxeAFCYJmWup+EIoIAQAOW6TQAAAQEICgE6cYMD5EL4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1499347371602,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1499347371602,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":602634,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jiZAAD4GN6qsEAABwKgKMtyiAFAEW\/xGAAAAAKACchAN1QAAAgQFtAQCCAoBOnJgAAAAAAEDAwc="}
00444{"flow_id":237,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":602758,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3KLBqaHpBFv8R6AScSBjZgAAAgQFtAQCCAoD5EPWATpyYAEDAwc="}
00433{"flow_id":237,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3363,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":603516,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jidAAD4GN7GsEAABwKgKMtyiAFAEW\/xHwamh6oAQAOUCbgAAAQEICgE6cmAD5EPW"}
00432{"flow_id":234,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":717356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vo5AAD4GB0qsEAABwKgKMtxsAFDi5tP3xb6nA4ARAOVIAgAAAQEICgE6cn0D5D7w"}
00433{"flow_id":234,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3368,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":717547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05PFAAEAG3ubAqAoyrBAAAQBQ3GzFvqcD4ubT+IARAONDAQAAAQEICgPkQ\/IBOnJ9"}
00433{"flow_id":234,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3369,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347371,"pkt_ts_usec":718130,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vo9AAD4GB0msEAABwKgKMtxsAFDi5tP4xb6nBIAQAOVC\/wAAAQEICgE6cn0D5EPy"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1499347374136,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1499347374136,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":136369,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DktAAD4Gt4WsEAABwKgKMty8AFAnfHqSAAAAAKACchBp1QAAAgQFtAQCCAoBOnTZAAAAAAEDAwc="}
00445{"flow_id":238,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":136472,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3LxHeFJ\/J3x6k6AScSCGiQAAAgQFtAQCCAoD5EZPATp02QEDAwc="}
00432{"flow_id":238,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":137270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DkxAAD4Gt4ysEAABwKgKMty8AFAnfHqTR3hSgIAQAOUlkAAAAQEICgE6dNoD5EZP"}
00433{"flow_id":235,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":718056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NkVAAD4Gj5OsEAABwKgKMtyGAFA0BFmr\/ONhFoARAOV6gwAAAQEICgE6dWsD5EFe"}
00433{"flow_id":235,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3386,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":718268,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0J\/dAAEAGm+HAqAoyrBAAAQBQ3Ib842EWNARZrIARAON1AQAAAQEICgPkRuEBOnVr"}
00434{"flow_id":235,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347374,"pkt_ts_usec":718827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NkZAAD4Gj5KsEAABwKgKMtyGAFA0BFms\/ONhF4AQAOV0\/wAAAQEICgE6dWsD5Ebh"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1499347375388,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":6,"flow_first_seen":1499347240786,"flow_last_seen":1499347246684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55092,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":6,"flow_first_seen":1499347243333,"flow_last_seen":1499347248684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":6,"flow_first_seen":1499347244580,"flow_last_seen":1499347249685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":6,"flow_first_seen":1499347247114,"flow_last_seen":1499347252685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":6,"flow_first_seen":1499347248373,"flow_last_seen":1499347253687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":6,"flow_first_seen":1499347249651,"flow_last_seen":1499347254687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1499347375388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3391,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":388370,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VfhAAD4Gb9isEAABwKgKMtzKAFDNpCPqAAAAAKACchAZDgAAAgQFtAQCCAoBOnYSAAAAAAEDAwc="}
00444{"flow_id":239,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3392,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":388496,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3MqX5dxFzaQj66AScSBaVQAAAgQFtAQCCAoD5EeIATp2EgEDAwc="}
00432{"flow_id":239,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3393,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":389065,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VflAAD4Gb9+sEAABwKgKMtzKAFDNpCPrl+XcRoAQAOX5WwAAAQEICgE6dhMD5EeI"}
00432{"flow_id":236,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3398,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":718651,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iHBAAD4GPWisEAABwKgKMtyUAFBZvPlLOK9yoIARAOVlkQAAAQEICgE6dmUD5EKa"}
00432{"flow_id":236,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3399,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":718842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NXtAAEAGjl3AqAoyrBAAAQBQ3JQ4r3KgWbz5TIARAONgUQAAAQEICgPkR9sBOnZl"}
00432{"flow_id":236,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3400,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347375,"pkt_ts_usec":719424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iHFAAD4GPWesEAABwKgKMtyUAFBZvPlMOK9yoYAQAOVgTwAAAQEICgE6dmUD5Efb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1499347376638,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1499347376638,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3404,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":638976,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EqdAAD4GsymsEAABwKgKMtzYAFCvXmXsAAAAAKACchD0CgAAAgQFtAQCCAoBOndLAAAAAAEDAwc="}
00444{"flow_id":240,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3405,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":639133,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3NhWyE7Mr15l7aAScSACsAAAAgQFtAQCCAoD5EjBATp3SwEDAwc="}
00432{"flow_id":240,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3406,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":639848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EqhAAD4GszCsEAABwKgKMtzYAFCvXmXtVshOzYAQAOWhtwAAAQEICgE6d0sD5EjB"}
00433{"flow_id":237,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3410,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":718716,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jihAAD4GN7CsEAABwKgKMtyiAFAEW\/xHwamh6oARAOX9bQAAAQEICgE6d18D5EPW"}
00432{"flow_id":237,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":718878,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06T9AAEAG2pjAqAoyrBAAAQBQ3KLBqaHqBFv8SIARAOP4bwAAAQEICgPkSNUBOndf"}
00433{"flow_id":237,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3412,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347376,"pkt_ts_usec":719525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jilAAD4GN6+sEAABwKgKMtyiAFAEW\/xIwamh64AQAOX4bQAAAQEICgE6d18D5EjV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1499347379171,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1499347379171,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3422,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":171623,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NzVAAD4GjpusEAABwKgKMtzyAFA14k7xAAAAAKACchCB7wAAAgQFtAQCCAoBOnnEAAAAAAEDAwc="}
00444{"flow_id":241,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":171726,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3PK2Txs5NeJO8qAScSBiJwAAAgQFtAQCCAoD5Es6ATp5xAEDAwc="}
00432{"flow_id":241,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3424,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":172259,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NzZAAD4GjqKsEAABwKgKMtzyAFA14k7ytk8bOoAQAOUBLwAAAQEICgE6ecQD5Es6"}
00432{"flow_id":238,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3428,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":719165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Dk1AAD4Gt4usEAABwKgKMty8AFAnfHqTR3hSgIARAOUgHAAAAQEICgE6ek0D5EZP"}
00432{"flow_id":238,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3429,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":719381,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GUNAAEAGqpXAqAoyrBAAAQBQ3LxHeFKAJ3x6lIARAOMaqQAAAQEICgPkS8MBOnpN"}
00432{"flow_id":238,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3430,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347379,"pkt_ts_usec":720186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Dk5AAD4Gt4qsEAABwKgKMty8AFAnfHqUR3hSgYAQAOUapwAAAQEICgE6ek0D5EvD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1499347380424,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1499347380424,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3434,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":424143,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PTxAAD4GiJSsEAABwKgKMt0AAFCXo0fBAAAAAKACchAmFwAAAgQFtAQCCAoBOnr9AAAAAAEDAwc="}
00445{"flow_id":242,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3435,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":424268,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3QDrAYLNl6NHwqAScSBozwAAAgQFtAQCCAoD5ExzATp6\/QEDAwc="}
00432{"flow_id":242,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3436,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":425016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PT1AAD4GiJusEAABwKgKMt0AAFCXo0fC6wGCzoAQAOUH1wAAAQEICgE6ev0D5Exz"}
00432{"flow_id":239,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":719606,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VfpAAD4Gb96sEAABwKgKMtzKAFDNpCPrl+XcRoARAOX0JgAAAQEICgE6e0cD5EeI"}
00432{"flow_id":239,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3441,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":719830,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0kPtAAEAGMt3AqAoyrBAAAQBQ3MqX5dxGzaQj7IARAOPu8gAAAQEICgPkTL0BOntH"}
00432{"flow_id":239,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3442,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347380,"pkt_ts_usec":720368,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VftAAD4Gb92sEAABwKgKMtzKAFDNpCPsl+XcR4AQAOXu8AAAAQEICgE6e0cD5Ey9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1499347381694,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1499347381694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3446,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":694081,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Vu9AAD4GbuGsEAABwKgKMt0OAFBD4SrUAAAAAKACchCVegAAAgQFtAQCCAoBOnw7AAAAAAEDAwc="}
00444{"flow_id":243,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3447,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":694199,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Q7aUZP1Q+Eq1aAScSDWfAAAAgQFtAQCCAoD5E2xATp8OwEDAwc="}
00432{"flow_id":243,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3448,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":694990,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VvBAAD4GbuisEAABwKgKMt0OAFBD4SrV2lGT9oAQAOV1hAAAAQEICgE6fDsD5E2x"}
00432{"flow_id":240,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3452,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":719875,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EqlAAD4Gsy+sEAABwKgKMtzYAFCvXmXtVshOzYARAOWcwAAAAQEICgE6fEED5EjB"}
00432{"flow_id":240,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3453,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":720090,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0A3pAAEAGwF7AqAoyrBAAAQBQ3NhWyE7Nr15l7oARAOOXywAAAQEICgPkTbcBOnxB"}
00432{"flow_id":240,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3454,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347381,"pkt_ts_usec":720785,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EqpAAD4Gsy6sEAABwKgKMtzYAFCvXmXuVshOzoAQAOWXyQAAAQEICgE6fEED5E23"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1499347384186,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1499347384186,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3464,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":186315,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bHdAAD4GWVmsEAABwKgKMt0oAFALKxLdAAAAAKACchDjngAAAgQFtAQCCAoBOn6qAAAAAAEDAwc="}
00444{"flow_id":244,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3465,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":186470,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Sg6aAAMCysS3qAScSBWBQAAAgQFtAQCCAoD5FAgATp+qgEDAwc="}
00432{"flow_id":244,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3466,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":187181,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHhAAD4GWWCsEAABwKgKMt0oAFALKxLeOmgADYAQAOX1DAAAAQEICgE6fqoD5FAg"}
00432{"flow_id":241,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3470,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":721017,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NzdAAD4GjqGsEAABwKgKMtzyAFA14k7ytk8bOoARAOX7wgAAAQEICgE6fy8D5Es6"}
00432{"flow_id":241,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3471,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":721237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0S59AAEAGeDnAqAoyrBAAAQBQ3PK2Txs6NeJO84ARAOP2WAAAAQEICgPkUKUBOn8v"}
00432{"flow_id":241,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3472,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347384,"pkt_ts_usec":721977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NzhAAD4GjqCsEAABwKgKMtzyAFA14k7ztk8bO4AQAOX2VQAAAQEICgE6fzAD5FCl"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1499347385481,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":6,"flow_first_seen":1499347252179,"flow_last_seen":1499347257688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":6,"flow_first_seen":1499347253445,"flow_last_seen":1499347258688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":6,"flow_first_seen":1499347254714,"flow_last_seen":1499347260689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":6,"flow_first_seen":1499347257224,"flow_last_seen":1499347262689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3473,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":6,"flow_first_seen":1499347258474,"flow_last_seen":1499347263689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1499347385481,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3476,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347385,"pkt_ts_usec":481030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VSxAAD4GcKSsEAABwKgKMt02AFBQ3SrBAAAAAKACchCEtwAAAgQFtAQCCAoBOn\/tAAAAAAEDAwc="}
00445{"flow_id":245,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3477,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347385,"pkt_ts_usec":481162,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3TZsZa1KUN0qwqAScSAWnwAAAgQFtAQCCAoD5FFjATp\/7QEDAwc="}
00432{"flow_id":245,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3478,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347385,"pkt_ts_usec":481912,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VS1AAD4GcKusEAABwKgKMt02AFBQ3SrCbGWtS4AQAOW1pQAAAQEICgE6f+4D5FFj"}
@@ -2144,18 +2144,18 @@
00432{"flow_id":243,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3489,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":721766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VvFAAD4GbuesEAABwKgKMt0OAFBD4SrV2lGT9oARAOVwmgAAAQEICgE6gSQD5E2x"}
00432{"flow_id":243,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3490,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":721951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0wW9AAEAGAmnAqAoyrBAAAQBQ3Q7aUZP2Q+Eq1oARAONrswAAAQEICgPkUpkBOoEk"}
00432{"flow_id":243,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3491,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":722710,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VvJAAD4GbuasEAABwKgKMt0OAFBD4SrW2lGT94AQAOVrsQAAAQEICgE6gSQD5FKZ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1499347386736,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1499347386736,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3492,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":736484,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA85qBAAD4G3y+sEAABwKgKMt1EAFDnQGeHAAAAAKACchCwRQAAAgQFtAQCCAoBOoEnAAAAAAEDAwc="}
00444{"flow_id":246,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3493,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":736559,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3URBkoPY50BniKAScSCVOAAAAgQFtAQCCAoD5FKdATqBJwEDAwc="}
00432{"flow_id":246,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3494,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347386,"pkt_ts_usec":737152,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05qFAAD4G3zasEAABwKgKMt1EAFDnQGeIQZKD2YAQAOU0PwAAAQEICgE6gSgD5FKd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1499347389305,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1499347389305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":247,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3508,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":305327,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86AFAAD4G3c6sEAABwKgKMt1eAFBbbmurAAAAAKACchA1VwAAAgQFtAQCCAoBOoOqAAAAAAEDAwc="}
00444{"flow_id":247,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":305423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3V4nyHcOW25rrKAScSA+XAAAAgQFtAQCCAoD5FUfATqDqgEDAwc="}
00432{"flow_id":247,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":306028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06AJAAD4G3dWsEAABwKgKMt1eAFBbbmusJ8h3D4AQAOXdYwAAAQEICgE6g6oD5FUf"}
00432{"flow_id":244,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3514,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":722138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHlAAD4GWV+sEAABwKgKMt0oAFALKxLeOmgADYARAOXvowAAAQEICgE6hBID5FAg"}
00432{"flow_id":244,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3515,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":722388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VYVAAEAGblPAqAoyrBAAAQBQ3Sg6aAANCysS34ARAOPqPAAAAQEICgPkVYgBOoQS"}
00432{"flow_id":244,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3516,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347389,"pkt_ts_usec":723103,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bHpAAD4GWV6sEAABwKgKMt0oAFALKxLfOmgADoAQAOXqOgAAAQEICgE6hBID5FWI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1499347390580,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1499347390580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3520,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347390,"pkt_ts_usec":580539,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jW9AAD4GOGGsEAABwKgKMt1sAFC4TAmHAAAAAKACchA5UQAAAgQFtAQCCAoBOoToAAAAAAEDAwc="}
00444{"flow_id":248,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3521,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347390,"pkt_ts_usec":580677,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Wzc2WIguEwJiKAScSCg8wAAAgQFtAQCCAoD5FZeATqE6AEDAwc="}
00433{"flow_id":248,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3522,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347390,"pkt_ts_usec":581434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXBAAD4GOGisEAABwKgKMt1sAFC4TAmI3NliIYAQAOU\/+gAAAQEICgE6hOkD5FZe"}
@@ -2165,148 +2165,148 @@
00432{"flow_id":246,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3537,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347392,"pkt_ts_usec":722388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05qJAAD4G3zWsEAABwKgKMt1EAFDnQGeIQZKD2YARAOUuZgAAAQEICgE6hwAD5FKd"}
00432{"flow_id":246,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3538,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347392,"pkt_ts_usec":722578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0269AAEAG6CjAqAoyrBAAAQBQ3URBkoPZ50BniYARAOMojgAAAQEICgPkWHYBOocA"}
00432{"flow_id":246,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3539,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347392,"pkt_ts_usec":723196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA05qNAAD4G3zSsEAABwKgKMt1EAFDnQGeJQZKD2oAQAOUojAAAAQEICgE6hwAD5Fh2"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1499347393135,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1499347393135,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3543,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347393,"pkt_ts_usec":135857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89hRAAD4Gz7usEAABwKgKMt2GAFBIK3FzAAAAAKACchA+7QAAAgQFtAQCCAoBOodnAAAAAAEDAwc="}
00444{"flow_id":249,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347393,"pkt_ts_usec":135984,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3Yb1ZkzcSCtxdKAScSCgxwAAAgQFtAQCCAoD5FjdATqHZwEDAwc="}
00433{"flow_id":249,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347393,"pkt_ts_usec":136736,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09hVAAD4Gz8KsEAABwKgKMt2GAFBIK3F09WZM3YAQAOU\/zwAAAQEICgE6h2cD5Fjd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1499347394398,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1499347394398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3552,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":398432,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eldAAD4GS3msEAABwKgKMt2UAFCjvfL0AAAAAKACchBgjwAAAgQFtAQCCAoBOoijAAAAAAEDAwc="}
00444{"flow_id":250,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":398557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ZQ04Dogo73y9aAScSCUcAAAAgQFtAQCCAoD5FoZATqIowEDAwc="}
00432{"flow_id":250,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3554,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":399310,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elhAAD4GS4CsEAABwKgKMt2UAFCjvfL1NOA6IYAQAOUzeAAAAQEICgE6iKMD5FoZ"}
00432{"flow_id":247,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":722521,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ANAAD4G3dSsEAABwKgKMt1eAFBbbmusJ8h3D4ARAOXYGAAAAQEICgE6iPQD5FUf"}
00432{"flow_id":247,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3559,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":722717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0LWVAAEAGlnPAqAoyrBAAAQBQ3V4nyHcPW25rrYARAOPSzgAAAQEICgPkWmoBOoj0"}
00432{"flow_id":247,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3560,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347394,"pkt_ts_usec":723279,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ARAAD4G3dOsEAABwKgKMt1eAFBbbmutJ8h3EIAQAOXSzAAAAQEICgE6iPQD5Fpq"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":6,"flow_first_seen":1499347259759,"flow_last_seen":1499347265691,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55294,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":6,"flow_first_seen":1499347262289,"flow_last_seen":1499347267691,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":6,"flow_first_seen":1499347263542,"flow_last_seen":1499347268692,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":6,"flow_first_seen":1499347264804,"flow_last_seen":1499347270693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55348,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":6,"flow_first_seen":1499347266097,"flow_last_seen":1499347271692,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55362,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":6,"flow_first_seen":1499347267376,"flow_last_seen":1499347272693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55376,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":6,"flow_first_seen":1499347268659,"flow_last_seen":1499347273693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55390,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":248,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3564,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":723222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXFAAD4GOGesEAABwKgKMt1sAFC4TAmI3NliIYARAOU69AAAAQEICgE6ie4D5FZe"}
00432{"flow_id":248,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3565,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":723466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OUVAAEAGipPAqAoyrBAAAQBQ3Wzc2WIhuEwJiYARAOM17wAAAQEICgPkW2QBOonu"}
00432{"flow_id":248,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3566,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":724239,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jXJAAD4GOGasEAABwKgKMt1sAFC4TAmJ3NliIoAQAOU17QAAAQEICgE6ie4D5Ftk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1499347395736,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1499347395736,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3567,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":736207,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86QJAAD4G3M2sEAABwKgKMt2iAFAP0mDzAAAAAKACchCFIAAAAgQFtAQCCAoBOonxAAAAAAEDAwc="}
00444{"flow_id":251,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":736334,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3aKdN8ZwD9Jg9KAScSDDCwAAAgQFtAQCCAoD5FtnATqJ8QEDAwc="}
00432{"flow_id":251,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347395,"pkt_ts_usec":737093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06QNAAD4G3NSsEAABwKgKMt2iAFAP0mD0nTfGcYAQAOViEgAAAQEICgE6ifID5Ftn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1499347398258,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1499347398258,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":252,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3582,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":258131,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8RfFAAD4Gf9+sEAABwKgKMt28AFBXE8mZAAAAAKACchDSpwAAAgQFtAQCCAoBOoxoAAAAAAEDAwc="}
00444{"flow_id":252,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3583,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":258227,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3byK2p7LVxPJmqAScSBIHgAAAgQFtAQCCAoD5F3eATqMaAEDAwc="}
00432{"flow_id":252,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3584,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":259022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RfJAAD4Gf+asEAABwKgKMt28AFBXE8maitqezIAQAOXnJQAAAQEICgE6jGgD5F3e"}
00432{"flow_id":249,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3589,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":724027,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09hZAAD4Gz8GsEAABwKgKMt2GAFBIK3F09WZM3YARAOU6WQAAAQEICgE6jNwD5Fjd"}
00432{"flow_id":249,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3590,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":724266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Eo9AAEAGsUnAqAoyrBAAAQBQ3Yb1ZkzdSCtxdYARAOM05QAAAQEICgPkXlIBOozc"}
00432{"flow_id":249,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3591,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347398,"pkt_ts_usec":725008,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09hdAAD4Gz8CsEAABwKgKMt2GAFBIK3F19WZM3oAQAOU04gAAAQEICgE6jN0D5F5S"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1499347399514,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1499347399514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":253,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3595,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":514448,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gr5AAD4GQxKsEAABwKgKMt3KAFDFpQ8cAAAAAKACchAdSwAAAgQFtAQCCAoBOo2iAAAAAAEDAwc="}
00444{"flow_id":253,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3596,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":514603,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3cp+0BfYxaUPHaAScSAkhQAAAgQFtAQCCAoD5F8YATqNogEDAwc="}
00432{"flow_id":253,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3597,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":515339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gr9AAD4GQxmsEAABwKgKMt3KAFDFpQ8dftAX2YAQAOXDjAAAAQEICgE6jaID5F8Y"}
00432{"flow_id":250,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3602,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":724083,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ellAAD4GS3+sEAABwKgKMt2UAFCjvfL1NOA6IYARAOUuRAAAAQEICgE6jdYD5FoZ"}
00432{"flow_id":250,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3603,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":724332,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZW1AAEAGXmvAqAoyrBAAAQBQ3ZQ04Doho73y9oARAOMpEgAAAQEICgPkX0wBOo3W"}
00432{"flow_id":250,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3604,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347399,"pkt_ts_usec":725104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0elpAAD4GS36sEAABwKgKMt2UAFCjvfL2NOA6IoAQAOUpDwAAAQEICgE6jdcD5F9M"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1499347400752,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1499347400752,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":254,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3608,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347400,"pkt_ts_usec":752840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pCxAAD4GIaSsEAABwKgKMt3YAFC0oCr7AAAAAKACchARLgAAAgQFtAQCCAoBOo7XAAAAAAEDAwc="}
00445{"flow_id":254,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3609,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347400,"pkt_ts_usec":752947,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3diBtZGUtKAq\/KAScSCakQAAAgQFtAQCCAoD5GBNATqO1wEDAwc="}
00432{"flow_id":254,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3610,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347400,"pkt_ts_usec":753734,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pC1AAD4GIausEAABwKgKMt3YAFC0oCr8gbWRlYAQAOU5mAAAAQEICgE6jtgD5GBN"}
00432{"flow_id":251,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3614,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347401,"pkt_ts_usec":724942,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06QRAAD4G3NOsEAABwKgKMt2iAFAP0mD0nTfGcYARAOVcOQAAAQEICgE6j8oD5Ftn"}
00433{"flow_id":251,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3615,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347401,"pkt_ts_usec":725206,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pzFAAEAGHKfAqAoyrBAAAQBQ3aKdN8ZxD9Jg9YARAONWYQAAAQEICgPkYUABOo\/K"}
00432{"flow_id":251,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3616,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347401,"pkt_ts_usec":725942,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06QVAAD4G3NKsEAABwKgKMt2iAFAP0mD1nTfGcoAQAOVWXgAAAQEICgE6j8sD5GFA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1499347403327,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1499347403327,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":255,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":327144,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89cJAAD4G0A2sEAABwKgKMt3yAFCprWSZAAAAAKACchDf5AAAAgQFtAQCCAoBOpFbAAAAAAEDAwc="}
00444{"flow_id":255,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":327268,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3fKtl6seqa1kmqAScSAhWAAAAgQFtAQCCAoD5GLRATqRWwEDAwc="}
00432{"flow_id":255,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3628,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":328021,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09cNAAD4G0BSsEAABwKgKMt3yAFCprWSarZerH4AQAOXAXwAAAQEICgE6kVsD5GLR"}
00432{"flow_id":252,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3632,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":724890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RfNAAD4Gf+WsEAABwKgKMt28AFBXE8maitqezIARAOXhzQAAAQEICgE6kb8D5F3e"}
00435{"flow_id":252,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3633,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":725109,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/fhAAEAGxd\/AqAoyrBAAAQBQ3byK2p7MVxPJm4ARAOPceAAAAQEICgPkYzQBOpG\/"}
00432{"flow_id":252,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3634,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347403,"pkt_ts_usec":725690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RfRAAD4Gf+SsEAABwKgKMt28AFBXE8mbitqezYAQAOXcdgAAAQEICgE6kb8D5GM0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1499347404575,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1499347404575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":256,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3638,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":575323,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA871lAAD4G1nasEAABwKgKMt4AAFBz\/X3KAAAAAKACchD7HQAAAgQFtAQCCAoBOpKTAAAAAAEDAwc="}
00446{"flow_id":256,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3639,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":575446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3gCf5c\/zc\/19y6AScSAkNgAAAgQFtAQCCAoD5GQJATqSkwEDAwc="}
00433{"flow_id":256,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3641,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":576193,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071pAAD4G1n2sEAABwKgKMt4AAFBz\/X3Ln+XP9IAQAOXDPQAAAQEICgE6kpMD5GQJ"}
00432{"flow_id":253,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":725369,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gsBAAD4GQxisEAABwKgKMt3KAFDFpQ8dftAX2YARAOW+dAAAAQEICgE6krkD5F8Y"}
00433{"flow_id":253,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3645,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":725588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0c\/dAAEAGT+HAqAoyrBAAAQBQ3cp+0BfZxaUPHoARAOO5XwAAAQEICgPkZC4BOpK5"}
00432{"flow_id":253,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3646,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347404,"pkt_ts_usec":726147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gsFAAD4GQxesEAABwKgKMt3KAFDFpQ8eftAX2oAQAOW5XQAAAQEICgE6krkD5GQu"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":6,"flow_first_seen":1499347271162,"flow_last_seen":1499347276694,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55416,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":6,"flow_first_seen":1499347272469,"flow_last_seen":1499347277695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55430,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":6,"flow_first_seen":1499347273742,"flow_last_seen":1499347279695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":6,"flow_first_seen":1499347276278,"flow_last_seen":1499347281695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3647,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":6,"flow_first_seen":1499347277521,"flow_last_seen":1499347282696,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":254,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3653,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347406,"pkt_ts_usec":725626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pC5AAD4GIaqsEAABwKgKMt3YAFC0oCr8gbWRlYARAOUzwgAAAQEICgE6lK0D5GBN"}
00433{"flow_id":254,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3654,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347406,"pkt_ts_usec":725808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA097dAAEAGzCDAqAoyrBAAAQBQ3diBtZGVtKAq\/YARAOMt7gAAAQEICgPkZiIBOpSt"}
00432{"flow_id":254,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3655,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347406,"pkt_ts_usec":726581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pC9AAD4GIamsEAABwKgKMt3YAFC0oCr9gbWRloAQAOUt7AAAAQEICgE6lK0D5GYi"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1499347407100,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1499347407100,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":257,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3659,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347407,"pkt_ts_usec":100505,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oV1AAD4GJHOsEAABwKgKMt4aAFCK7TRXAAAAAKACchArEAAAAgQFtAQCCAoBOpUKAAAAAAEDAwc="}
00444{"flow_id":257,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347407,"pkt_ts_usec":100605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3hoI+EKiiu00WKAScSB18AAAAgQFtAQCCAoD5GaAATqVCgEDAwc="}
00432{"flow_id":257,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347407,"pkt_ts_usec":101384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oV5AAD4GJHqsEAABwKgKMt4aAFCK7TRYCPhCo4AQAOUU9wAAAQEICgE6lQsD5GaA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1499347408367,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1499347408367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":258,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":367739,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lz9AAD4GLpGsEAABwKgKMt4oAFBdawF4AAAAAKACchCKJgAAAgQFtAQCCAoBOpZHAAAAAAEDAwc="}
00445{"flow_id":258,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3669,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":367864,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3igaCcJ\/XWsBeaAScSBC2wAAAgQFtAQCCAoD5Ge9ATqWRwEDAwc="}
00432{"flow_id":258,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3670,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":368623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0BAAD4GLpisEAABwKgKMt4oAFBdawF5GgnCgIAQAOXh4gAAAQEICgE6lkcD5Ge9"}
00432{"flow_id":255,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":725867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09cRAAD4G0BOsEAABwKgKMt3yAFCprWSarZerH4ARAOW7GAAAAQEICgE6lqED5GLR"}
00433{"flow_id":255,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3675,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":726120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0wwlAAEAGAM\/AqAoyrBAAAQBQ3fKtl6sfqa1km4ARAOO10wAAAQEICgPkaBcBOpah"}
00432{"flow_id":255,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3676,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347408,"pkt_ts_usec":726683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09cVAAD4G0BKsEAABwKgKMt3yAFCprWSbrZerIIAQAOW10QAAAQEICgE6lqED5GgX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1499347409644,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1499347409644,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":259,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":644274,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tAhAAD4GEcisEAABwKgKMt42AFAiiCOOAAAAAKACchChpgAAAgQFtAQCCAoBOpeGAAAAAAEDAwc="}
00444{"flow_id":259,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3681,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":644432,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ja0TSQNIogjj6AScSBdSgAAAgQFtAQCCAoD5Gj8ATqXhgEDAwc="}
00432{"flow_id":259,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3682,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":645174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tAlAAD4GEc+sEAABwKgKMt42AFAiiCOPtE0kDoAQAOX8UAAAAQEICgE6l4cD5Gj8"}
00433{"flow_id":256,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3686,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":726051,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071tAAD4G1nysEAABwKgKMt4AAFBz\/X3Ln+XP9IARAOW+NAAAAQEICgE6l5sD5GQJ"}
00434{"flow_id":256,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3687,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":726197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0puVAAEAGHPPAqAoyrBAAAQBQ3gCf5c\/0c\/19zIARAOO5LQAAAQEICgPkaREBOpeb"}
00433{"flow_id":256,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3688,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347409,"pkt_ts_usec":726929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA071xAAD4G1nusEAABwKgKMt4AAFBz\/X3Mn+XP9YAQAOW5KwAAAQEICgE6l5sD5GkR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1499347412160,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1499347412160,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":260,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3698,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":160466,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VIxAAD4GcUSsEAABwKgKMt5QAFAbQM13AAAAAKACchD8dQAAAgQFtAQCCAoBOpn7AAAAAAEDAwc="}
00444{"flow_id":260,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3699,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":160633,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3lBjDHLSG0DNeKAScSC4IAAAAgQFtAQCCAoD5GtxATqZ+wEDAwc="}
00432{"flow_id":260,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3700,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":161359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VI1AAD4GcUusEAABwKgKMt5QAFAbQM14Ywxy04AQAOVXJwAAAQEICgE6mfwD5Gtx"}
00432{"flow_id":257,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3704,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":727340,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oV9AAD4GJHmsEAABwKgKMt4aAFCK7TRYCPhCo4ARAOUPeAAAAQEICgE6mokD5GaA"}
00433{"flow_id":257,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3705,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":727533,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KVxAAEAGmnzAqAoyrBAAAQBQ3hoI+EKjiu00WYARAOMJ+gAAAQEICgPka\/8BOpqJ"}
00433{"flow_id":257,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3706,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347412,"pkt_ts_usec":728302,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oWBAAD4GJHisEAABwKgKMt4aAFCK7TRZCPhCpIAQAOUJ+AAAAQEICgE6mokD5Gv\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1499347413405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1499347413405,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":261,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3710,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":405117,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g\/NAAD4GQd2sEAABwKgKMt5eAFDJGhjAAAAAAKACchACDQAAAgQFtAQCCAoBOpszAAAAAAEDAwc="}
00445{"flow_id":261,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":405258,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3l7I3\/YFyRoYwaAScSDTeQAAAgQFtAQCCAoD5GyoATqbMwEDAwc="}
00434{"flow_id":261,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3712,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":405975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g\/RAAD4GQeSsEAABwKgKMt5eAFDJGhjByN\/2BoAQAOVygQAAAQEICgE6mzMD5Gyo"}
00432{"flow_id":258,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3717,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":727707,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0FAAD4GLpesEAABwKgKMt4oAFBdawF5GgnCgIARAOXcpQAAAQEICgE6m4MD5Ge9"}
00433{"flow_id":258,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":727926,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rnlAAEAGFV\/AqAoyrBAAAQBQ3igaCcKAXWsBeoARAOPXagAAAQEICgPkbPkBOpuD"}
00432{"flow_id":258,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3719,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347413,"pkt_ts_usec":728643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0JAAD4GLpasEAABwKgKMt4oAFBdawF6GgnCgYAQAOXXaAAAAQEICgE6m4MD5Gz5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1499347414709,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1499347414709,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":262,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3723,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":709999,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LQhAAD4GmMisEAABwKgKMt5sAFBxqrFxAAAAAKACchC\/dwAAAgQFtAQCCAoBOpx5AAAAAAEDAwc="}
00444{"flow_id":262,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3724,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":710160,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3mzO8Ll1caqxcqAScSDGHAAAAgQFtAQCCAoD5G3vATqceQEDAwc="}
00432{"flow_id":262,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3725,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":710690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQlAAD4GmM+sEAABwKgKMt5sAFBxqrFyzvC5doAQAOVlJAAAAQEICgE6nHkD5G3v"}
00432{"flow_id":259,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3729,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":727541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tApAAD4GEc6sEAABwKgKMt42AFAiiCOPtE0kDoARAOX3WQAAAQEICgE6nH0D5Gj8"}
00432{"flow_id":259,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3730,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":727869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Sf1AAEAGedvAqAoyrBAAAQBQ3ja0TSQOIogjkIARAOPyYwAAAQEICgPkbfMBOpx9"}
00432{"flow_id":259,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3731,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347414,"pkt_ts_usec":728569,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tAtAAD4GEc2sEAABwKgKMt42AFAiiCOQtE0kD4AQAOXyYQAAAQEICgE6nH0D5G3z"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_tot_l4_data_len":242306,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":781,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1499347417243,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":310,"flow_first_seen":1499347228091,"flow_last_seen":1499347294990,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232370,"flow_avg_l4_payload_len":749,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":54956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":6,"flow_first_seen":1499347280049,"flow_last_seen":1499347285697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":6,"flow_first_seen":1499347281325,"flow_last_seen":1499347286697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":6,"flow_first_seen":1499347282573,"flow_last_seen":1499347287697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":6,"flow_first_seen":1499347285114,"flow_last_seen":1499347290698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":6,"flow_first_seen":1499347286403,"flow_last_seen":1499347291698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55578,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":6,"flow_first_seen":1499347287659,"flow_last_seen":1499347292698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55592,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3732,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":6,"flow_first_seen":1499347290163,"flow_last_seen":1499347295228,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55618,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1499347417243,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":263,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":243856,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82KJAAD4G7S2sEAABwKgKMt6GAFDK0UZQAAAAAKACchDO3gAAAgQFtAQCCAoBOp7yAAAAAAEDAwc="}
00444{"flow_id":263,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3742,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":244026,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3oZtyr1sytFGUaAScSAwOgAAAgQFtAQCCAoD5HBoATqe8gEDAwc="}
00432{"flow_id":263,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3743,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":244794,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02KNAAD4G7TSsEAABwKgKMt6GAFDK0UZRbcq9bYAQAOXPQAAAAQEICgE6nvMD5HBo"}
00432{"flow_id":260,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3747,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":728267,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VI5AAD4GcUqsEAABwKgKMt5QAFAbQM14Ywxy04ARAOVRtwAAAQEICgE6n2sD5Gtx"}
00432{"flow_id":260,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3748,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":728489,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0AjJAAEAGwabAqAoyrBAAAQBQ3lBjDHLTG0DNeYARAONMSAAAAQEICgPkcOEBOp9r"}
00432{"flow_id":260,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3749,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347417,"pkt_ts_usec":729226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VI9AAD4GcUmsEAABwKgKMt5QAFAbQM15Ywxy1IAQAOVMRQAAAQEICgE6n2wD5HDh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1499347418519,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1499347418519,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":264,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3753,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347418,"pkt_ts_usec":519306,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f6JAAD4GRi6sEAABwKgKMt6UAFCK5d+TAAAAAKACchB0OgAAAgQFtAQCCAoBOqAxAAAAAAEDAwc="}
00444{"flow_id":264,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3754,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347418,"pkt_ts_usec":519456,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3pQDHUU3iuXflKAScSC3OQAAAgQFtAQCCAoD5HGnATqgMQEDAwc="}
00432{"flow_id":264,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3755,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347418,"pkt_ts_usec":520195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f6NAAD4GRjWsEAABwKgKMt6UAFCK5d+UAx1FOIAQAOVWQQAAAQEICgE6oDED5HGn"}
@@ -2316,28 +2316,28 @@
00432{"flow_id":262,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3765,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":729028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQpAAD4GmM6sEAABwKgKMt5sAFBxqrFyzvC5doARAOVgPAAAAQEICgE6oWAD5G3v"}
00432{"flow_id":262,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3766,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":729270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0y6NAAEAG+DTAqAoyrBAAAQBQ3mzO8Ll2caqxc4ARAONbVwAAAQEICgPkctUBOqFg"}
00432{"flow_id":262,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3767,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":729994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LQtAAD4GmM2sEAABwKgKMt5sAFBxqrFzzvC5d4AQAOVbVQAAAQEICgE6oWAD5HLV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1499347419786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1499347419786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":265,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3768,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":786749,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QexAAD4Gg+SsEAABwKgKMt6iAFBxNOCCAAAAAKACchCLsQAAAgQFtAQCCAoBOqFuAAAAAAEDAwc="}
00444{"flow_id":265,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3769,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":786875,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3qLCWbCfcTTgg6AScSCizgAAAgQFtAQCCAoD5HLkATqhbgEDAwc="}
00432{"flow_id":265,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347419,"pkt_ts_usec":787638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Qe1AAD4Gg+usEAABwKgKMt6iAFBxNOCDwlmwoIAQAOVB1gAAAQEICgE6oW4D5HLk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1499347421069,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1499347421069,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":266,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3777,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347421,"pkt_ts_usec":69175,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88e9AAD4G0+CsEAABwKgKMt6wAFBX5lNAAAAAAKACchAw8wAAAgQFtAQCCAoBOqKvAAAAAAEDAwc="}
00443{"flow_id":266,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3778,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347421,"pkt_ts_usec":69267,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3rDPNYnSV+ZTQaAScSBgwQAAAgQFtAQCCAoD5HQkATqirwEDAwc="}
00432{"flow_id":266,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3779,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347421,"pkt_ts_usec":69880,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08fBAAD4G0+esEAABwKgKMt6wAFBX5lNBzzWJ04AQAOX\/yAAAAQEICgE6oq8D5HQk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1499347422332,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1499347422332,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":267,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3786,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":332404,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Nl1AAD4Gj3OsEAABwKgKMt6+AFBNkZW3AAAAAKACchD3hwAAAgQFtAQCCAoBOqPqAAAAAAEDAwc="}
00444{"flow_id":267,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3787,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":332523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3r7LRREdTZGVuKAScSCivwAAAgQFtAQCCAoD5HVgATqj6gEDAwc="}
00432{"flow_id":267,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3788,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":333304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nl5AAD4Gj3qsEAABwKgKMt6+AFBNkZW4y0URHoAQAOVBxgAAAQEICgE6o+sD5HVg"}
00432{"flow_id":263,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3792,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":730103,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02KRAAD4G7TOsEAABwKgKMt6GAFDK0UZRbcq9bYARAOXJ5AAAAQEICgE6pE4D5HBo"}
00432{"flow_id":263,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3793,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":730328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0yKlAAEAG+y7AqAoyrBAAAQBQ3oZtyr1tytFGUoARAOPEiQAAAQEICgPkdcQBOqRO"}
00432{"flow_id":263,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3794,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347422,"pkt_ts_usec":731069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02KVAAD4G7TKsEAABwKgKMt6GAFDK0UZSbcq9boAQAOXEhwAAAQEICgE6pE4D5HXE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1499347423604,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1499347423604,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":268,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":604346,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TspAAD4GdwasEAABwKgKMt7MAFD5I+viAAAAAKACchD0fQAAAgQFtAQCCAoBOqUoAAAAAAEDAwc="}
00444{"flow_id":268,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3802,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":604441,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3szh681K+SPr46AScSDLowAAAgQFtAQCCAoD5HaeATqlKAEDAwc="}
00432{"flow_id":268,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":605217,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TstAAD4Gdw2sEAABwKgKMt7MAFD5I+vj4evNS4AQAOVqqgAAAQEICgE6pSkD5Hae"}
00432{"flow_id":264,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3804,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":605771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f6RAAD4GRjSsEAABwKgKMt6UAFCK5d+UAx1FOIARAOVRSAAAAQEICgE6pSkD5HGn"}
01215{"flow_id":265,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":605771,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9Qe5AAD4GgaGsEAABwKgKMt6iAFBxNOCDwlmwoIAYAOXuFQAAAQEICgE6pSkD5HLkR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdBQTBVN1ZDSU8xOEFVS1BaTkIwWlhGQ0RGOVBWSE0wQlJHT1dNMjJFSUNORVBYSzVVQyUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3805,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":4,"flow_first_seen":1499347419786,"flow_last_seen":1499347423605,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00433{"flow_id":265,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3806,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":605842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0xj5AAEAG\/ZnAqAoyrBAAAQBQ3qLCWbCgcTTizIAQAOw4EQAAAQEICgPkdp4BOqUp"}
00432{"flow_id":264,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3807,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":605908,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0M6ZAAEAGkDLAqAoyrBAAAQBQ3pQDHUU4iuXflYARAONMUgAAAQEICgPkdp4BOqUp"}
00432{"flow_id":264,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3808,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347423,"pkt_ts_usec":606384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f6VAAD4GRjOsEAABwKgKMt6UAFCK5d+VAx1FOYAQAOVMUAAAAQEICgE6pSkD5Hae"}
@@ -2349,47 +2349,47 @@
01216{"flow_id":265,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3814,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347424,"pkt_ts_usec":872535,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9QfJAAD4GgZ2sEAABwKgKMt6iAFBxNORLwlm+1YAYAR2IugAAAQEICgE6pmUD5HehR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdJTE9MRFM5TUhTM0s2RURSTTlUVVFFTkxVUFVWTVk4U1c3NTFQVUpDRkJaVTcxVkpGWiUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02963{"flow_id":265,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3815,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347424,"pkt_ts_usec":875557,"pkt_caplen":1933,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1933,"pkt_l4_len":1899,"pkt":"AMGxFOsxABm5CmnxCABFAAd\/xkNAAEAG9knAqAoyrBAAAQBQ3qLCWb7VcTTmlIAYAP5+XQAAAQEICgPkd9wBOqZlSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIzOjQ0IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNg0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Y\/0\/bOBT\/GaT9Dz6fdMAk4vWmuw3WZoIWDnZl60gL23RS5CZua+rEWey08N\/fs5O04WvJioSKY78vn+f3\/PyeX202f+t8afe\/947QREcC9QaH3dM2wruEXL5tE9Lpd9C3k\/5ZFzWcN8jTKQ80IUefMcITrZN9QubzuTN\/68h0TPrn5NpIaRi2YrirLI8T6hC7rzZfbTatnutIxKr1gIzG3t5ezpqTbzQnjIYw3NhoRkxTZFh22c+Mz1q4LWPNYr3bv0kYRkH+1cKaXWtiRHxAwYSmiunWoH+8+x4jksvcaGquBXMvMhGzlA654PpmH52zkWCBZiFqp1Ip5HHNkBekPNE8HqPtb563g\/b3UYdGMSp5BUOXbIgOkkTwgGouY7Tdubg82EGzhtN4g1532IwJmUQA7XWT5IoLFILHU5Qy0cJK3wimJoxpjDRYUxgRKIXRJGWjFnYcAn\/hbE7NLIkojx27TO5L47AVpZz\/eETHjMDUbUkjOjNkjl1YyFDW2iqEKzqj+SxGKg1uAblS9n8PFDhXCrtNklMWniOF68x4KMMbFAiqjNdlxHDu0pDPEA9b2PgOLGJp4fXKkhFSmd9o8mh8D4k1UhEhx9JJ4jFGVEAgrHDU0m7ACuruqTab7IPjsor2e2t+QsOQhblBQJCJ0k6zeihkMDVbIziScQCqpy0853Eo5w4sWRytrdwSZwuXrMBAb7nLwe4JbFuTUNhlwd3N5wjkMZy+LDBTykkmyRPy75Ji97QyU08tHLgsWaFvQYNdzwwRgeMHk6hzWFFGMuGusaGzyvnmEB7DNNOMPIHqYQbsHpr\/6FimQU0P3BXIrllQB4Clx25bRhGNQ3QaXzHrkfVQBCod1UFh6QGFd368nuIRJ87HBI5qiwNnFrIVUfIsfuweczjcp2ZGrb03WSIkDevsTsFRwBjYrzX9QxMNN1ctFxUs9tyyIEsZah\/0+u2Tg\/WgqJ+C18Fh6eFMf+2+VLAaif4QLrdaTqlw3UGDtg\/N9M56qOaMTn1eC1LJgt1LGCGPKROt6LRTM73elXutlF8LSM6AXahnoFb5crbmVhhxaUW\/YnkV9SwcaYljUXy9ABpVdzdUicLTMr0NYc0ryJ5FqC5XXodLMuya+hHiI5+qtx3Az+ORXKGuQoXd3kkPTsdI1lNEhzLTK9QsaLB7YIYvt62m0FupfkmE3a4d3wFQVGy3ar\/HC0FTwi4LQehkzGqh26xVC8HmpPEr3QWUzI2iYK4Iny0qWD+QIfNpymhRP49kGqGYRlCtAz+UvTbFtfDvGEG3NJGA\/Z+jflGbNpPC4ssJ1VsK3cgstcwfy8o6TrJq8Y8L0eZ3Ud9WiVQ2jDiQzajI4NPLPwttJHHzpoIYlDneJGXuCRNCoqLVcKHyV1Iw8PB4e+u0+6Xb8fbOTry3\/\/591Dk\/2+sPvh597g56g4uz7++9y3d\/NXqDT+3jwx+Dd42LT8c\/tnY+VCWEMshMp+UEUk452\/mwaEkATsqsa5Yebk7+dM\/gwNvwTyOaX1YwadaK+IBoXMaVaT5V0bDKOVWJ7VkhRNm1CTNiPburwLP+wrO+9Sy0YzQdQyeK4Vai8RS7vy5rEcW18QG3D1WKZql\/BG0dmOu3ob\/Svle0njUxPi1vNU4WO3M+5QkLObWizVfVclVa\/ji258t4Gk9hZjDmi2QcyMhcD7sj+tOxTxIPgngG47M05zipYKluWAlPqrtHXdVRZLc81MvOdZhCv5v\/linskZRX5J1AMJouTvNDeVHdKM0i39wlD+aHYaa16bOL\/HDB2RzB8U8WOTuRSZb4JZmM23nWXz467APFINlGj9z2M5DoT0CiCcePAMnWFH+UjmgJOd9CO9hFK2F5kAwD9rLAlJW5EprZTSr4GPK2YCPIn00WuQPFUpN395sEvhANIx4XLoTvsjhAXfO6VNCAxCUF3OqnHa9YCbky10dYevFRh46k1LceWxJ3ndeu5KFrtZqAibk483dB+2Ln\/g+0PlILkhQAAA=="}
00434{"flow_id":265,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3816,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347424,"pkt_ts_usec":876286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QfNAAD4Gg+WsEAABwKgKMt6iAFBxNOaUwlnGIIAQATsb\/wAAAQEICgE6pmYD5Hfc"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":6,"flow_first_seen":1499347292725,"flow_last_seen":1499347298700,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55646,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":6,"flow_first_seen":1499347295224,"flow_last_seen":1499347300701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55672,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":6,"flow_first_seen":1499347296462,"flow_last_seen":1499347301701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":6,"flow_first_seen":1499347297732,"flow_last_seen":1499347303701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55700,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":6,"flow_first_seen":1499347300263,"flow_last_seen":1499347305701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55726,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00948{"flow_id":265,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3817,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347425,"pkt_ts_usec":883267,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzQfRAAD4GgmWsEAABwKgKMt6iAFBxNOaUwlnGIIAYATvKCgAAAQEICgE6p2ID5HfcR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":265,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3818,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347425,"pkt_ts_usec":886302,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcexkVAAEAG9qjAqAoyrBAAAQBQ3qLCWcYgcTToE4AYAQd9\/AAAAQEICgPkeNkBOqdiSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjIzOjQ1IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1499347426122,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1499347426122,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":269,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":122016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vtlAAD4GBvesEAABwKgKMt7mAFDtahlHAAAAAKACchDQQgAAAgQFtAQCCAoBOqeeAAAAAAEDAwc="}
00444{"flow_id":269,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3821,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":122169,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ub5Z5wJ7WoZSKAScSC+twAAAgQFtAQCCAoD5HkUATqnngEDAwc="}
00432{"flow_id":269,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3822,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":122948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vtpAAD4GBv6sEAABwKgKMt7mAFDtahlI+WecCoAQAOVdvwAAAQEICgE6p54D5HkU"}
00432{"flow_id":266,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":731145,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08fFAAD4G0+asEAABwKgKMt6wAFBX5lNBzzWJ04ARAOX6QAAAAQEICgE6qDYD5HQk"}
00432{"flow_id":266,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3827,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":731330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08H9AAEAG01jAqAoyrBAAAQBQ3rDPNYnTV+ZTQoARAOP0uQAAAQEICgPkeawBOqg2"}
00432{"flow_id":266,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3828,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347426,"pkt_ts_usec":732103,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08fJAAD4G0+WsEAABwKgKMt6wAFBX5lNCzzWJ1IAQAOX0twAAAQEICgE6qDYD5Hms"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1499347427366,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1499347427366,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":270,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":366797,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UGVAAD4GdWusEAABwKgKMt70AFC9kfiwAAAAAKACchAfbQAAAgQFtAQCCAoBOqjVAAAAAAEDAwc="}
00444{"flow_id":270,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3833,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":366908,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3vS8sHHovZH4saAScSBzgwAAAgQFtAQCCAoD5HpLATqo1QEDAwc="}
00432{"flow_id":270,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3834,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":367672,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UGZAAD4GdXKsEAABwKgKMt70AFC9kfixvLBx6YAQAOUSiwAAAQEICgE6qNUD5HpL"}
00432{"flow_id":267,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3838,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":731500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nl9AAD4Gj3msEAABwKgKMt6+AFBNkZW4y0URHoARAOU8gAAAAQEICgE6qTAD5HVg"}
00432{"flow_id":267,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3839,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":731683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0a7hAAEAGWCDAqAoyrBAAAQBQ3r7LRREeTZGVuYARAOM3OwAAAQEICgPkeqYBOqkw"}
00432{"flow_id":267,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3840,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347427,"pkt_ts_usec":732458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NmBAAD4Gj3isEAABwKgKMt6+AFBNkZW5y0URH4AQAOU3OQAAAQEICgE6qTAD5Hqm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1499347428671,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1499347428671,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":271,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":671151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vFFAAD4GCX+sEAABwKgKMt8CAFCqwBZKAAAAAKACchATUQAAAgQFtAQCCAoBOqobAAAAAAEDAwc="}
00444{"flow_id":271,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3845,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":671287,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3wITPWXXqsAWS6AScSAbpgAAAgQFtAQCCAoD5HuRATqqGwEDAwc="}
00432{"flow_id":271,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3846,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":672036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFJAAD4GCYasEAABwKgKMt8CAFCqwBZLEz1l2IAQAOW6rQAAAQEICgE6qhsD5HuR"}
00432{"flow_id":268,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3850,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":731901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TsxAAD4GdwysEAABwKgKMt7MAFD5I+vj4evNS4ARAOVlqAAAAQEICgE6qioD5Hae"}
00432{"flow_id":268,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3851,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":732080,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tutAAEAGDO3AqAoyrBAAAQBQ3szh681L+SPr5IARAONgpwAAAQEICgPke6ABOqoq"}
00432{"flow_id":268,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3852,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347428,"pkt_ts_usec":732861,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ts1AAD4GdwusEAABwKgKMt7MAFD5I+vk4evNTIAQAOVgpAAAAQEICgE6qisD5Hug"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1499347431192,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1499347431192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":272,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3862,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":192783,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+sNAAD4GywysEAABwKgKMt8cAFA\/1VZRAAAAAKACchA7pAAAAgQFtAQCCAoBOqySAAAAAAEDAwc="}
00444{"flow_id":272,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3863,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":192884,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3xwMzQFkP9VWUqAScSCsZgAAAgQFtAQCCAoD5H4HATqskgEDAwc="}
00433{"flow_id":272,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":193676,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+sRAAD4GyxOsEAABwKgKMt8cAFA\/1VZSDM0BZYAQAOVLbgAAAQEICgE6rJID5H4H"}
00432{"flow_id":269,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3868,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":732038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vttAAD4GBv2sEAABwKgKMt7mAFDtahlI+WecCoARAOVYRAAAAQEICgE6rRgD5HkU"}
00432{"flow_id":269,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3869,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":732237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04oRAAEAG4VPAqAoyrBAAAQBQ3ub5Z5wK7WoZSYARAONSywAAAQEICgPkfo4BOq0Y"}
00432{"flow_id":269,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3870,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347431,"pkt_ts_usec":733009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vtxAAD4GBvysEAABwKgKMt7mAFDtahlJ+WecC4AQAOVSyAAAAQEICgE6rRkD5H6O"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1499347432482,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1499347432482,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":273,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3874,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347432,"pkt_ts_usec":482096,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rn5AAD4GF1KsEAABwKgKMt8qAFCuFwOqAAAAAKACchAeuQAAAgQFtAQCCAoBOq3UAAAAAAEDAwc="}
00444{"flow_id":273,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347432,"pkt_ts_usec":482207,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3ypOGaUvrhcDq6AScSCpIAAAAgQFtAQCCAoD5H9KATqt1AEDAwc="}
00432{"flow_id":273,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347432,"pkt_ts_usec":482921,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rn9AAD4GF1msEAABwKgKMt8qAFCuFwOrThmlMIAQAOVIKAAAAQEICgE6rdQD5H9K"}
@@ -2399,30 +2399,30 @@
00432{"flow_id":271,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":733529,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFNAAD4GCYWsEAABwKgKMt8CAFCqwBZLEz1l2IARAOW1ugAAAQEICgE6rw0D5HuR"}
00432{"flow_id":271,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3887,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":733752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05VpAAEAG3n3AqAoyrBAAAQBQ3wITPWXYqsAWTIARAOOwygAAAQEICgPkgIIBOq8N"}
00432{"flow_id":271,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3888,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":734524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vFRAAD4GCYSsEAABwKgKMt8CAFCqwBZMEz1l2YAQAOWwyAAAAQEICgE6rw0D5ICC"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1499347433753,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1499347433753,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":274,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3889,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":753548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JW1AAD4GoGOsEAABwKgKMt84AFAetop\/AAAAAKACchAl+QAAAgQFtAQCCAoBOq8SAAAAAAEDAwc="}
00444{"flow_id":274,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3890,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":753688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3zgqPCDhHraKgKAScSBXTwAAAgQFtAQCCAoD5ICHATqvEgEDAwc="}
00432{"flow_id":274,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3891,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347433,"pkt_ts_usec":754294,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW5AAD4GoGqsEAABwKgKMt84AFAetoqAKjwg4oAQAOX2VgAAAQEICgE6rxID5ICH"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1499347436274,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":6,"flow_first_seen":1499347301520,"flow_last_seen":1499347306702,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55740,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":6,"flow_first_seen":1499347304125,"flow_last_seen":1499347309703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":6,"flow_first_seen":1499347305402,"flow_last_seen":1499347310703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":6,"flow_first_seen":1499347306680,"flow_last_seen":1499347311703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55794,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":6,"flow_first_seen":1499347309314,"flow_last_seen":1499347314704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55820,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":6,"flow_first_seen":1499347310567,"flow_last_seen":1499347315705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1499347436274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":275,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":274077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W69AAD4GaiGsEAABwKgKMt9SAFA\/BeonAAAAAKACchCjcQAAAgQFtAQCCAoBOrGIAAAAAAEDAwc="}
00444{"flow_id":275,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":274223,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ31ICI0S7PwXqKKAScSDWjwAAAgQFtAQCCAoD5IL+ATqxiAEDAwc="}
00433{"flow_id":275,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3907,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":274969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W7BAAD4GaiisEAABwKgKMt9SAFA\/BeooAiNEvIAQAOV1lwAAAQEICgE6sYgD5IL+"}
00433{"flow_id":272,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":732824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+sVAAD4GyxKsEAABwKgKMt8cAFA\/1VZSDM0BZYARAOVGBAAAAQEICgE6sfsD5H4H"}
00432{"flow_id":272,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3911,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":733067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ghVAAEAGQcPAqAoyrBAAAQBQ3xwMzQFlP9VWU4ARAONAnAAAAQEICgPkg3ABOrH7"}
00433{"flow_id":272,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3912,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347436,"pkt_ts_usec":733809,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+sZAAD4GyxGsEAABwKgKMt8cAFA\/1VZTDM0BZoAQAOVAmgAAAQEICgE6sfsD5INw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1499347437541,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1499347437541,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":276,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347437,"pkt_ts_usec":541250,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80SpAAD4G9KWsEAABwKgKMt9gAFCd2mPvAAAAAKACchDJiQAAAgQFtAQCCAoBOrLFAAAAAAEDAwc="}
00444{"flow_id":276,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3917,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347437,"pkt_ts_usec":541350,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ32BqH6Tbndpj8KAScSAzTwAAAgQFtAQCCAoD5IQ6ATqyxQEDAwc="}
00432{"flow_id":276,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3918,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347437,"pkt_ts_usec":542139,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00StAAD4G9KysEAABwKgKMt9gAFCd2mPwah+k3IAQAOXSVgAAAQEICgE6ssUD5IQ6"}
@@ -2432,11 +2432,11 @@
00432{"flow_id":274,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3931,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347439,"pkt_ts_usec":733179,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JW9AAD4GoGmsEAABwKgKMt84AFAetoqAKjwg4oARAOXwfgAAAQEICgE6tOkD5ICH"}
00432{"flow_id":274,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3932,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347439,"pkt_ts_usec":733463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0prxAAEAGHRzAqAoyrBAAAQBQ3zgqPCDiHraKgYARAOPqqAAAAQEICgPkhl4BOrTp"}
00432{"flow_id":274,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3933,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347439,"pkt_ts_usec":734183,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JXBAAD4GoGisEAABwKgKMt84AFAetoqBKjwg44AQAOXqpgAAAQEICgE6tOkD5IZe"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1499347440119,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1499347440119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":277,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3937,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347440,"pkt_ts_usec":119979,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Op5AAD4GizKsEAABwKgKMt96AFDbdo\/XAAAAAKACchBdZwAAAgQFtAQCCAoBOrVJAAAAAAEDAwc="}
00445{"flow_id":277,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3938,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347440,"pkt_ts_usec":120127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ33qAsDTj23aP2KAScSAeDwAAAgQFtAQCCAoD5Ia\/ATq1SQEDAwc="}
00434{"flow_id":277,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3939,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347440,"pkt_ts_usec":120848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Op9AAD4GizmsEAABwKgKMt96AFDbdo\/YgLA05IAQAOW9FQAAAQEICgE6tUoD5Ia\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1499347441364,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1499347441364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":278,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3946,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":364438,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87qpAAD4G1yWsEAABwKgKMt+IAFCFjlgqAAAAAKACchDptwAAAgQFtAQCCAoBOraAAAAAAAEDAwc="}
00444{"flow_id":278,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":364537,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ34gRswTRhY5YK6AScSBIOAAAAgQFtAQCCAoD5If2ATq2gAEDAwc="}
00432{"flow_id":278,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3948,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":365324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07qtAAD4G1yysEAABwKgKMt+IAFCFjlgrEbME0oAQAOXnPgAAAQEICgE6toED5If2"}
@@ -2444,106 +2444,106 @@
00432{"flow_id":275,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3953,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":734016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zO5AAEAG9unAqAoyrBAAAQBQ31ICI0S8PwXqKYAQAONq7gAAAQEICgPkiFMBOrbd"}
00432{"flow_id":275,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3954,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":734060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zO9AAEAG9ujAqAoyrBAAAQBQ31ICI0S8PwXqKYARAONq7QAAAQEICgPkiFMBOrbd"}
00433{"flow_id":275,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3955,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347441,"pkt_ts_usec":734581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BXZAAD4GwGKsEAABwKgKMt9SAFA\/BeopAiNEvYAQAOVq6wAAAQEICgE6tt0D5IhT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1499347442626,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1499347442626,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":279,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3959,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":626484,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WP9AAD4GbNGsEAABwKgKMt+WAFAR1u9DAAAAAKACchDFDAAAAgQFtAQCCAoBOre8AAAAAAEDAwc="}
00444{"flow_id":279,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3960,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":626608,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ35b747kmEdbvRKAScSCDygAAAgQFtAQCCAoD5IkyATq3vAEDAwc="}
00432{"flow_id":279,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3961,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":627187,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WQBAAD4GbNisEAABwKgKMt+WAFAR1u9E++O5J4AQAOUi0gAAAQEICgE6t7wD5Iky"}
00432{"flow_id":276,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3965,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":733783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00SxAAD4G9KusEAABwKgKMt9gAFCd2mPwah+k3IARAOXNQwAAAQEICgE6t9cD5IQ6"}
00432{"flow_id":276,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3966,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":733973,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0LZBAAEAGlkjAqAoyrBAAAQBQ32BqH6Tcndpj8YARAOPIMgAAAQEICgPkiUwBOrfX"}
00432{"flow_id":276,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347442,"pkt_ts_usec":734557,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00S1AAD4G9KqsEAABwKgKMt9gAFCd2mPxah+k3YAQAOXIMAAAAQEICgE6t9cD5IlM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1499347445158,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1499347445158,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":280,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3977,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":158780,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/otAAD4Gx0SsEAABwKgKMt+wAFCaOES+AAAAAKACchDknAAAAgQFtAQCCAoBOro1AAAAAAEDAwc="}
00444{"flow_id":280,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3978,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":158902,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ37CiJaNtmjhEv6AScSAQWQAAAgQFtAQCCAoD5IurATq6NQEDAwc="}
00434{"flow_id":280,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3979,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":159670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/oxAAD4Gx0usEAABwKgKMt+wAFCaOES\/oiWjboAQAOWvYAAAAQEICgE6ujUD5Iur"}
00434{"flow_id":277,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3983,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":733745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OqBAAD4GizisEAABwKgKMt96AFDbdo\/YgLA05IARAOW3mQAAAQEICgE6usUD5Ia\/"}
00432{"flow_id":277,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3984,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":733991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uN5AAEAGCvrAqAoyrBAAAQBQ33qAsDTk23aP2YARAOOyHwAAAQEICgPkjDoBOrrF"}
00433{"flow_id":277,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3985,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347445,"pkt_ts_usec":734698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OqFAAD4GizesEAABwKgKMt96AFDbdo\/ZgLA05YAQAOWyHQAAAQEICgE6usUD5Iw6"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1499347446419,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":6,"flow_first_seen":1499347313106,"flow_last_seen":1499347318705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":6,"flow_first_seen":1499347314358,"flow_last_seen":1499347319705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55874,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":6,"flow_first_seen":1499347315631,"flow_last_seen":1499347320705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55888,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":6,"flow_first_seen":1499347318180,"flow_last_seen":1499347323705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3986,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":6,"flow_first_seen":1499347319466,"flow_last_seen":1499347324705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55928,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1499347446419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":281,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3989,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":419862,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oGtAAD4GJWWsEAABwKgKMt++AFBFYxsbAAAAAKACchBhzAAAAgQFtAQCCAoBOrtwAAAAAAEDAwc="}
00444{"flow_id":281,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3990,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":420021,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ376sLltvRWMbHKAScSDKQgAAAgQFtAQCCAoD5IzmATq7cAEDAwc="}
00432{"flow_id":281,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3991,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":420573,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oGxAAD4GJWysEAABwKgKMt++AFBFYxscrC5bcIAQAOVpSQAAAQEICgE6u3ED5Izm"}
00433{"flow_id":278,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3995,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":734155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07qxAAD4G1yusEAABwKgKMt+IAFCFjlgrEbME0oARAOXh\/wAAAQEICgE6u78D5If2"}
00433{"flow_id":278,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3996,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":734339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0iedAAEAGOfHAqAoyrBAAAQBQ34gRswTShY5YLIARAOPcwQAAAQEICgPkjTUBOru\/"}
00432{"flow_id":278,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3997,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347446,"pkt_ts_usec":735108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07q1AAD4G1yqsEAABwKgKMt+IAFCFjlgsEbME04AQAOXcvwAAAQEICgE6u78D5I01"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1499347447671,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1499347447671,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":282,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4001,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":671102,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XZhAAD4GaDisEAABwKgKMt\/MAFDFCOExAAAAAKACchAayQAAAgQFtAQCCAoBOrypAAAAAAEDAwc="}
00444{"flow_id":282,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":671193,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ38yhpTp2xQjhMqAScSCtiAAAAgQFtAQCCAoD5I4fATq8qQEDAwc="}
00433{"flow_id":282,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":671946,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XZlAAD4GaD+sEAABwKgKMt\/MAFDFCOEyoaU6d4AQAOVMkAAAAQEICgE6vKkD5I4f"}
00432{"flow_id":279,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4007,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":734095,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WQFAAD4GbNesEAABwKgKMt+WAFAR1u9E++O5J4ARAOUd1AAAAQEICgE6vLkD5Iky"}
00432{"flow_id":279,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4008,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":734281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NwhAAEAGjNDAqAoyrBAAAQBQ35b747knEdbvRYARAOMY2AAAAQEICgPkji8BOry5"}
00432{"flow_id":279,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4009,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347447,"pkt_ts_usec":735015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WQJAAD4GbNasEAABwKgKMt+WAFAR1u9F++O5KIAQAOUY1gAAAQEICgE6vLkD5I4v"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1499347450180,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1499347450180,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":283,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4019,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":180333,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82VFAAD4G7H6sEAABwKgKMt\/mAFCGVWZMAAAAAKACchDR0wAAAgQFtAQCCAoBOr8dAAAAAAEDAwc="}
00445{"flow_id":283,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4020,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":180468,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3+bg3FPQhlVmTaAScSAJjwAAAgQFtAQCCAoD5JCSATq\/HQEDAwc="}
00433{"flow_id":283,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4021,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":181196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02VJAAD4G7IWsEAABwKgKMt\/mAFCGVWZN4NxT0YAQAOWolgAAAQEICgE6vx0D5JCS"}
00434{"flow_id":280,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4025,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":734397,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/o1AAD4Gx0qsEAABwKgKMt+wAFCaOES\/oiWjboARAOWp7QAAAQEICgE6v6cD5Iur"}
00432{"flow_id":280,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4026,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":734613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MnNAAEAGkWXAqAoyrBAAAQBQ37CiJaNumjhEwIARAOOkfAAAAQEICgPkkR0BOr+n"}
00433{"flow_id":280,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4027,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347450,"pkt_ts_usec":735325,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/o5AAD4Gx0msEAABwKgKMt+wAFCaOETAoiWjb4AQAOWkegAAAQEICgE6v6cD5JEd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1499347451427,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1499347451427,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":284,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":427343,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gftAAD4GQ9WsEAABwKgKMt\/0AFCzvkGvAAAAAKACchDHwgAAAgQFtAQCCAoBOsBUAAAAAAEDAwc="}
00445{"flow_id":284,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":427471,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ3\/Qj19JNs75BsKAScSA8zgAAAgQFtAQCCAoD5JHKATrAVAEDAwc="}
00433{"flow_id":284,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":428202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gfxAAD4GQ9ysEAABwKgKMt\/0AFCzvkGwI9fSToAQAOXb1QAAAQEICgE6wFQD5JHK"}
00432{"flow_id":281,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4037,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":735187,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oG1AAD4GJWusEAABwKgKMt++AFBFYxscrC5bcIARAOVkGAAAAQEICgE6wKED5Izm"}
00432{"flow_id":281,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4038,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":735435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0yWdAAEAG+nDAqAoyrBAAAQBQ376sLltwRWMbHYARAONe6AAAAQEICgPkkhcBOsCh"}
00432{"flow_id":281,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4039,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347451,"pkt_ts_usec":735984,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oG5AAD4GJWqsEAABwKgKMt++AFBFYxsdrC5bcYAQAOVe5gAAAQEICgE6wKED5JIX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1499347452731,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1499347452731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":285,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4043,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":731179,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OxxAAD4GirSsEAABwKgKMuACAFCP5\/qGAAAAAKACchAxbgAAAgQFtAQCCAoBOsGaAAAAAAEDAwc="}
00445{"flow_id":285,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":731304,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4AJ1f\/zHj+f6h6AScSApEQAAAgQFtAQCCAoD5JMQATrBmgEDAwc="}
00434{"flow_id":285,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4045,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":732048,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ox1AAD4GirusEAABwKgKMuACAFCP5\/qHdX\/8yIAQAOXIGAAAAQEICgE6wZoD5JMQ"}
00433{"flow_id":282,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4047,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":735286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XZpAAD4GaD6sEAABwKgKMt\/MAFDFCOEyoaU6d4ARAOVHnQAAAQEICgE6wZsD5I4f"}
00432{"flow_id":282,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4048,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":735559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qWZAAEAGGnLAqAoyrBAAAQBQ38yhpTp3xQjhM4ARAONCrAAAAQEICgPkkxEBOsGb"}
00433{"flow_id":282,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4049,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347452,"pkt_ts_usec":736310,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XZtAAD4GaD2sEAABwKgKMt\/MAFDFCOEzoaU6eIAQAOVCqgAAAQEICgE6wZsD5JMR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1499347455224,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1499347455224,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":286,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4061,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":224754,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z+5AAD4G9eGsEAABwKgKMuAcAFC7QQvkAAAAAKACchDyLAAAAgQFtAQCCAoBOsQKAAAAAAEDAwc="}
00445{"flow_id":286,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":224871,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4BwGoR45u0EL5aAScSA0zgAAAgQFtAQCCAoD5JV\/ATrECgEDAwc="}
00433{"flow_id":286,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":225657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z+9AAD4G9eisEAABwKgKMuAcAFC7QQvlBqEeOoAQAOXT1QAAAQEICgE6xAoD5JV\/"}
00433{"flow_id":283,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4067,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":735360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02VNAAD4G7ISsEAABwKgKMt\/mAFCGVWZN4NxT0YARAOWjKQAAAQEICgE6xIkD5JCS"}
00433{"flow_id":283,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":735575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0xi5AAEAG\/anAqAoyrBAAAQBQ3+bg3FPRhlVmToARAOOdvQAAAQEICgPklf8BOsSJ"}
00434{"flow_id":283,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4069,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347455,"pkt_ts_usec":736314,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02VRAAD4G7IOsEAABwKgKMt\/mAFCGVWZO4NxT0oAQAOWduwAAAQEICgE6xIkD5JX\/"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1499347456462,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":6,"flow_first_seen":1499347320712,"flow_last_seen":1499347326706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55942,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":6,"flow_first_seen":1499347323234,"flow_last_seen":1499347328706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55968,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":6,"flow_first_seen":1499347324538,"flow_last_seen":1499347329706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55982,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":6,"flow_first_seen":1499347325777,"flow_last_seen":1499347331707,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":6,"flow_first_seen":1499347328298,"flow_last_seen":1499347333709,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4070,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":6,"flow_first_seen":1499347329594,"flow_last_seen":1499347334709,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1499347456462,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":287,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4073,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":462850,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YWdAAD4GZGmsEAABwKgKMuAqAFCeBqRYAAAAAKACchB1sAAAAgQFtAQCCAoBOsU\/AAAAAAEDAwc="}
00445{"flow_id":287,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":462974,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4CoPzfb\/ngakWaAScSDVKAAAAgQFtAQCCAoD5Ja1ATrFPwEDAwc="}
00432{"flow_id":287,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":463730,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YWhAAD4GZHCsEAABwKgKMuAqAFCeBqRZD833AIAQAOV0MAAAAQEICgE6xT8D5Ja1"}
00433{"flow_id":284,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4079,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":735625,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gf1AAD4GQ9usEAABwKgKMt\/0AFCzvkGwI9fSToARAOXWpQAAAQEICgE6xYMD5JHK"}
00433{"flow_id":284,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4080,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":735843,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RLdAAEAGfyHAqAoyrBAAAQBQ3\/Qj19JOs75BsYARAOPRdwAAAQEICgPklvkBOsWD"}
00433{"flow_id":284,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4081,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347456,"pkt_ts_usec":736578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gf5AAD4GQ9qsEAABwKgKMt\/0AFCzvkGxI9fST4AQAOXRdAAAAQEICgE6xYQD5Jb5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1499347457705,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1499347457705,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":288,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4085,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":705792,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA816NAAD4G7iysEAABwKgKMuA4AFCwfBHVAAAAAKACchD0eAAAAgQFtAQCCAoBOsZ2AAAAAAEDAwc="}
00444{"flow_id":288,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4086,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":705869,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4DiBhHFpsHwR1qAScSBmmgAAAgQFtAQCCAoD5JfrATrGdgEDAwc="}
00432{"flow_id":288,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4087,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":706661,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA016RAAD4G7jOsEAABwKgKMuA4AFCwfBHWgYRxaoAQAOUFogAAAQEICgE6xnYD5Jfr"}
00434{"flow_id":285,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4091,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":736109,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ox5AAD4GirqsEAABwKgKMuACAFCP5\/qHdX\/8yIARAOXDNAAAAQEICgE6xn0D5JMQ"}
00434{"flow_id":285,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4092,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":736254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aztAAEAGWJ3AqAoyrBAAAQBQ4AJ1f\/zIj+f6iIARAOO+UgAAAQEICgPkl\/MBOsZ9"}
00434{"flow_id":285,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4093,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347457,"pkt_ts_usec":736992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ox9AAD4GirmsEAABwKgKMuACAFCP5\/qIdX\/8yYAQAOW+TwAAAQEICgE6xn4D5Jfz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1499347460253,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1499347460253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":289,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4103,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":253314,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eW5AAD4GTGKsEAABwKgKMuBSAFDnp7GdAAAAAKACchAa7gAAAgQFtAQCCAoBOsjzAAAAAAEDAwc="}
00444{"flow_id":289,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":253453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4FLH4MUu56exnqAScSDwcAAAAgQFtAQCCAoD5JpoATrI8wEDAwc="}
00432{"flow_id":289,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4105,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":254031,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eW9AAD4GTGmsEAABwKgKMuBSAFDnp7Gex+DFL4AQAOWPeAAAAQEICgE6yPMD5Jpo"}
00434{"flow_id":286,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4109,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":737007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z\/BAAD4G9eesEAABwKgKMuAcAFC7QQvlBqEeOoARAOXOcgAAAQEICgE6yWwD5JV\/"}
00432{"flow_id":286,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4110,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":737189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hNtAAEAGPv3AqAoyrBAAAQBQ4BwGoR46u0EL5oARAOPJEQAAAQEICgPkmuEBOsls"}
00433{"flow_id":286,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4111,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347460,"pkt_ts_usec":737956,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z\/FAAD4G9easEAABwKgKMuAcAFC7QQvmBqEeO4AQAOXJDwAAAQEICgE6yWwD5Jrh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1499347461508,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1499347461508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":290,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4115,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347461,"pkt_ts_usec":508506,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80JNAAD4G9TysEAABwKgKMuBgAFDZtRq+AAAAAKACchC+dwAAAgQFtAQCCAoBOsotAAAAAAEDAwc="}
00444{"flow_id":290,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4116,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347461,"pkt_ts_usec":508641,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4GAaiodM2bUav6AScSB9+QAAAgQFtAQCCAoD5JuiATrKLQEDAwc="}
00433{"flow_id":290,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347461,"pkt_ts_usec":509324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00JRAAD4G9UOsEAABwKgKMuBgAFDZtRq\/GoqHTYAQAOUdAQAAAQEICgE6yi0D5Jui"}
@@ -2553,55 +2553,55 @@
00432{"flow_id":288,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":737388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA016VAAD4G7jKsEAABwKgKMuA4AFCwfBHWgYRxaoARAOUAtwAAAQEICgE6y2AD5Jfr"}
00432{"flow_id":288,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4128,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":737571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07b9AAEAG1hjAqAoyrBAAAQBQ4DiBhHFqsHwR14ARAOP7zQAAAQEICgPknNUBOstg"}
00432{"flow_id":288,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4129,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":738152,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA016ZAAD4G7jGsEAABwKgKMuA4AFCwfBHXgYRxa4AQAOX7ywAAAQEICgE6y2AD5JzV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1499347462759,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1499347462759,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":291,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4130,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":759503,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8K55AAD4GmjKsEAABwKgKMuBuAFAjB+D7AAAAAKACchCtogAAAgQFtAQCCAoBOstlAAAAAAEDAwc="}
00445{"flow_id":291,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4131,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":759607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4G52KJeXIwfg\/KAScSAAAgAAAgQFtAQCCAoD5JzbATrLZQEDAwc="}
00432{"flow_id":291,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4132,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347462,"pkt_ts_usec":760317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K59AAD4GmjmsEAABwKgKMuBuAFAjB+D8diiXmIAQAOWfCAAAAQEICgE6y2YD5Jzb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1499347465304,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1499347465304,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":292,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":304654,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nSBAAD4GKLCsEAABwKgKMuCIAFBo61DCAAAAAKACchD1YAAAAgQFtAQCCAoBOs3iAAAAAAEDAwc="}
00444{"flow_id":292,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4146,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":304749,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4Ijwu80MaOtQw6AScSCVOwAAAgQFtAQCCAoD5J9XATrN4gEDAwc="}
00432{"flow_id":292,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4147,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":305553,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSFAAD4GKLesEAABwKgKMuCIAFBo61DD8LvNDYAQAOU0QwAAAQEICgE6zeID5J9X"}
00432{"flow_id":289,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":738226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXBAAD4GTGisEAABwKgKMuBSAFDnp7Gex+DFL4ARAOWKHAAAAQEICgE6zk4D5Jpo"}
00432{"flow_id":289,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":738453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WutAAEAGaO3AqAoyrBAAAQBQ4FLH4MUv56exn4ARAOOEwQAAAQEICgPkn8QBOs5O"}
00433{"flow_id":289,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4153,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347465,"pkt_ts_usec":739178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXFAAD4GTGesEAABwKgKMuBSAFDnp7Gfx+DFMIAQAOWEvwAAAQEICgE6zk4D5J\/E"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1499347466553,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":6,"flow_first_seen":1499347332137,"flow_last_seen":1499347337710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":6,"flow_first_seen":1499347333419,"flow_last_seen":1499347338710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":6,"flow_first_seen":1499347334667,"flow_last_seen":1499347339710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":6,"flow_first_seen":1499347337226,"flow_last_seen":1499347342710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":6,"flow_first_seen":1499347338485,"flow_last_seen":1499347343711,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4154,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":6,"flow_first_seen":1499347339782,"flow_last_seen":1499347345712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1499347466553,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":293,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4157,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":553593,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KvdAAD4GmtmsEAABwKgKMuCWAFD9ZuXtAAAAAKACchDKcwAAAgQFtAQCCAoBOs8aAAAAAAEDAwc="}
00445{"flow_id":293,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":553731,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4JYOrdMQ\/Wbl7qAScSBFIQAAAgQFtAQCCAoD5KCPATrPGgEDAwc="}
00432{"flow_id":293,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4159,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":554288,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KvhAAD4GmuCsEAABwKgKMuCWAFD9ZuXuDq3TEYAQAOXkKAAAAQEICgE6zxoD5KCP"}
00433{"flow_id":290,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4163,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":738231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00JVAAD4G9UKsEAABwKgKMuBgAFDZtRq\/GoqHTYARAOUX5QAAAQEICgE6z0gD5Jui"}
00433{"flow_id":290,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4164,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":738452,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0J\/NAAEAGm+XAqAoyrBAAAQBQ4GAaiodN2bUawIARAOMSygAAAQEICgPkoL4BOs9I"}
00432{"flow_id":290,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4165,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347466,"pkt_ts_usec":739001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00JZAAD4G9UGsEAABwKgKMuBgAFDZtRrAGoqHToAQAOUSyAAAAQEICgE6z0gD5KC+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1499347467793,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1499347467793,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":294,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4169,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347467,"pkt_ts_usec":793906,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82olAAD4G60asEAABwKgKMuCkAFDARwrZAAAAAKACchDhYwAAAgQFtAQCCAoBOtBQAAAAAAEDAwc="}
00444{"flow_id":294,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4170,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347467,"pkt_ts_usec":794030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4KSQwyNLwEcK2qAScSCIigAAAgQFtAQCCAoD5KHFATrQUAEDAwc="}
00432{"flow_id":294,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4171,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347467,"pkt_ts_usec":794626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02opAAD4G602sEAABwKgKMuCkAFDARwrakMMjTIAQAOUnkgAAAQEICgE60FAD5KHF"}
00432{"flow_id":291,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4175,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347468,"pkt_ts_usec":739972,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K6BAAD4GmjisEAABwKgKMuBuAFAjB+D8diiXmIARAOWZMQAAAQEICgE60TwD5Jzb"}
00433{"flow_id":291,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4176,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347468,"pkt_ts_usec":740222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NSpAAEAGjq7AqAoyrBAAAQBQ4G52KJeYIwfg\/YARAOOTWwAAAQEICgPkorIBOtE8"}
00432{"flow_id":291,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4177,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347468,"pkt_ts_usec":740981,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K6FAAD4GmjesEAABwKgKMuBuAFAjB+D9diiXmYAQAOWTWAAAAQEICgE60T0D5KKy"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1499347469060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1499347469060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":295,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347469,"pkt_ts_usec":60900,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H0RAAD4GpoysEAABwKgKMuCyAFAQe87JAAAAAKACchDL9AAAAgQFtAQCCAoBOtGNAAAAAAEDAwc="}
00443{"flow_id":295,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4182,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347469,"pkt_ts_usec":61031,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4LKyNukIEHvOyqAScSCKrQAAAgQFtAQCCAoD5KMCATrRjQEDAwc="}
00431{"flow_id":295,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4183,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347469,"pkt_ts_usec":61777,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H0VAAD4GppOsEAABwKgKMuCyAFAQe87KsjbpCYAQAOUptQAAAQEICgE60Y0D5KMC"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1499347470328,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1499347470328,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":296,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4190,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":328150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvtAAD4GktWsEAABwKgKMuDAAFBLw+AxAAAAAKACchB9+QAAAgQFtAQCCAoBOtLKAAAAAAEDAwc="}
00445{"flow_id":296,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4191,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":328254,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4MBkpV8JS8PgMqAScSATBgAAAgQFtAQCCAoD5KQ\/ATrSygEDAwc="}
00433{"flow_id":296,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":328837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvxAAD4GktysEAABwKgKMuDAAFBLw+AyZKVfCoAQAOWyDQAAAQEICgE60soD5KQ\/"}
00432{"flow_id":292,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":739895,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSJAAD4GKLasEAABwKgKMuCIAFBo61DD8LvNDYARAOUu9AAAAQEICgE60zAD5J9X"}
00432{"flow_id":292,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":740153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aatAAEAGWi3AqAoyrBAAAQBQ4Ijwu80NaOtQxIARAOMppgAAAQEICgPkpKYBOtMw"}
00432{"flow_id":292,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347470,"pkt_ts_usec":740733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nSNAAD4GKLWsEAABwKgKMuCIAFBo61DE8LvNDoAQAOUpowAAAQEICgE60zED5KSm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1499347471594,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1499347471594,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":297,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4202,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347471,"pkt_ts_usec":594015,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VndAAD4Gb1msEAABwKgKMuDOAFAlMIJxAAAAAKACchABAwAAAgQFtAQCCAoBOtQGAAAAAAEDAwc="}
00444{"flow_id":297,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4203,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347471,"pkt_ts_usec":594175,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4M5lR7ajJTCCcqAScSA8lgAAAgQFtAQCCAoD5KV8ATrUBgEDAwc="}
00432{"flow_id":297,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347471,"pkt_ts_usec":594899,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VnhAAD4Gb2CsEAABwKgKMuDOAFAlMIJyZUe2pIAQAOXbnQAAAQEICgE61AYD5KV8"}
@@ -2611,14 +2611,14 @@
00432{"flow_id":294,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347473,"pkt_ts_usec":741406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02otAAD4G60ysEAABwKgKMuCkAFDARwrakMMjTIARAOUhwgAAAQEICgE61h8D5KHF"}
00432{"flow_id":294,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4218,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347473,"pkt_ts_usec":741670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hNhAAEAGPwDAqAoyrBAAAQBQ4KSQwyNMwEcK24ARAOMb9AAAAQEICgPkp5QBOtYf"}
00432{"flow_id":294,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4219,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347473,"pkt_ts_usec":742219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02oxAAD4G60usEAABwKgKMuCkAFDARwrbkMMjTYAQAOUb8gAAAQEICgE61h8D5KeU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1499347474100,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1499347474100,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":298,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":100876,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IdhAAD4Go\/isEAABwKgKMuDoAFDgcfehAAAAAKACchDOAwAAAgQFtAQCCAoBOtZ5AAAAAAEDAwc="}
00444{"flow_id":298,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":100976,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4OgnZn4J4HH3oqAScSB9oAAAAgQFtAQCCAoD5KfuATrWeQEDAwc="}
00433{"flow_id":298,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4225,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":101745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IdlAAD4Go\/+sEAABwKgKMuDoAFDgcfeiJ2Z+CoAQAOUcqAAAAQEICgE61nkD5Kfu"}
00432{"flow_id":295,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4229,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":741571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H0ZAAD4GppKsEAABwKgKMuCyAFAQe87KsjbpCYARAOUkKAAAAQEICgE61xkD5KMC"}
00432{"flow_id":295,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":741789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0QYdAAEAGglHAqAoyrBAAAQBQ4LKyNukJEHvOy4ARAOMenQAAAQEICgPkqI4BOtcZ"}
00432{"flow_id":295,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4231,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347474,"pkt_ts_usec":742557,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H0dAAD4GppGsEAABwKgKMuCyAFAQe87LsjbpCoAQAOUemwAAAQEICgE61xkD5KiO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1499347475384,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1499347475384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":299,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":384590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yGtAAD4G\/WSsEAABwKgKMuD2AFCdWh\/RAAAAAKACchDnnAAAAgQFtAQCCAoBOte6AAAAAAEDAwc="}
00444{"flow_id":299,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4236,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":384723,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4PYsYAVjnVof0qAScSAJpQAAAgQFtAQCCAoD5KkvATrXugEDAwc="}
00434{"flow_id":299,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4237,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":385274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yGxAAD4G\/WusEAABwKgKMuD2AFCdWh\/SLGAFZIAQAOWorAAAAQEICgE617oD5Kkv"}
@@ -2626,80 +2626,80 @@
00432{"flow_id":296,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4242,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":742016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09oJAAEAGzVXAqAoyrBAAAQBQ4MBkpV8KS8PgM4AQAOOnewAAAQEICgPkqYkBOtgT"}
00432{"flow_id":296,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4243,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":742120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09oNAAEAGzVTAqAoyrBAAAQBQ4MBkpV8KS8PgM4ARAOOnegAAAQEICgPkqYkBOtgT"}
00432{"flow_id":296,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4244,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347475,"pkt_ts_usec":742620,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IBpAAD4Gpb6sEAABwKgKMuDAAFBLw+AzZKVfC4AQAOWneAAAAQEICgE62BMD5KmJ"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1499347476667,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":6,"flow_first_seen":1499347341106,"flow_last_seen":1499347346712,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":6,"flow_first_seen":1499347342386,"flow_last_seen":1499347347713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":6,"flow_first_seen":1499347343672,"flow_last_seen":1499347348713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56186,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":6,"flow_first_seen":1499347346211,"flow_last_seen":1499347351713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":6,"flow_first_seen":1499347347483,"flow_last_seen":1499347352714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56226,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4245,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":6,"flow_first_seen":1499347348776,"flow_last_seen":1499347354714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56240,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1499347476667,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":300,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4249,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":667031,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86aJAAD4G3C2sEAABwKgKMuEEAFDYCDFYAAAAAKACchCaGQAAAgQFtAQCCAoBOtj6AAAAAAEDAwc="}
00444{"flow_id":300,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4250,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":667152,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4QTgdpFp2AgxWaAScSB6wwAAAgQFtAQCCAoD5KpwATrY+gEDAwc="}
00432{"flow_id":300,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4251,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":667916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06aNAAD4G3DSsEAABwKgKMuEEAFDYCDFZ4HaRaoAQAOUZywAAAQEICgE62PoD5Kpw"}
00432{"flow_id":297,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":742182,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VnlAAD4Gb1+sEAABwKgKMuDOAFAlMIJyZUe2pIARAOXWlQAAAQEICgE62Q0D5KV8"}
00432{"flow_id":297,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4255,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":742396,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HCdAAEAGp7HAqAoyrBAAAQBQ4M5lR7akJTCCc4ARAOPRjwAAAQEICgPkqoMBOtkN"}
00432{"flow_id":297,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4256,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347476,"pkt_ts_usec":742942,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VnpAAD4Gb16sEAABwKgKMuDOAFAlMIJzZUe2pYAQAOXRjQAAAQEICgE62Q0D5KqD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1499347479172,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1499347479172,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":301,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":172502,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iKNAAD4GPS2sEAABwKgKMuEeAFCusFPOAAAAAKACchCebgAAAgQFtAQCCAoBOtttAAAAAAEDAwc="}
00444{"flow_id":301,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":172593,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4R7s2gFNrrBTz6AScSAAXwAAAgQFtAQCCAoD5KziATrbbQEDAwc="}
00432{"flow_id":301,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":173365,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iKRAAD4GPTSsEAABwKgKMuEeAFCusFPP7NoBToAQAOWfZgAAAQEICgE6220D5Kzi"}
00434{"flow_id":298,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":743404,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IdpAAD4Go\/6sEAABwKgKMuDoAFDgcfeiJ2Z+CoARAOUXJQAAAQEICgE62\/sD5Kfu"}
00432{"flow_id":298,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4273,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":743593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA003tAAEAG8FzAqAoyrBAAAQBQ4OgnZn4K4HH3o4ARAOMRowAAAQEICgPkrXEBOtv7"}
00434{"flow_id":298,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4274,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347479,"pkt_ts_usec":744191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IdtAAD4Go\/2sEAABwKgKMuDoAFDgcfejJ2Z+C4AQAOURoAAAAQEICgE62\/wD5K1x"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1499347480438,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1499347480438,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":302,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4278,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":438728,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UJlAAD4GdTesEAABwKgKMuEsAFBzZ4wwAAAAAKACchCgCwAAAgQFtAQCCAoBOtypAAAAAAEDAwc="}
00444{"flow_id":302,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4279,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":438857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4SwTIR0Qc2eMMaAScSC+tQAAAgQFtAQCCAoD5K4fATrcqQEDAwc="}
00432{"flow_id":302,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4281,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":439546,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UJpAAD4GdT6sEAABwKgKMuEsAFBzZ4wxEyEdEYAQAOVdvQAAAQEICgE63KkD5K4f"}
00434{"flow_id":299,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":744072,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yG1AAD4G\/WqsEAABwKgKMuD2AFCdWh\/SLGAFZIARAOWjbwAAAQEICgE63PYD5Kkv"}
00432{"flow_id":299,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4285,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":744297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qw9AAEAGGMnAqAoyrBAAAQBQ4PYsYAVknVof04ARAOOeNAAAAQEICgPkrmsBOtz2"}
00434{"flow_id":299,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4286,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347480,"pkt_ts_usec":745154,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yG5AAD4G\/WmsEAABwKgKMuD2AFCdWh\/TLGAFZYAQAOWeMgAAAQEICgE63PYD5K5r"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1499347481724,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1499347481724,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":303,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4290,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":724497,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fSpAAD4GSKasEAABwKgKMuE6AFDTgqDBAAAAAKACchAqDwAAAgQFtAQCCAoBOt3rAAAAAAEDAwc="}
00444{"flow_id":303,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4291,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":724628,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4TowvlKP04KgwqAScSD0WwAAAgQFtAQCCAoD5K9gATrd6wEDAwc="}
00432{"flow_id":303,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4292,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":725410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fStAAD4GSK2sEAABwKgKMuE6AFDTgqDCML5SkIAQAOWTYwAAAQEICgE63esD5K9g"}
00432{"flow_id":300,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":744461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06aRAAD4G3DOsEAABwKgKMuEEAFDYCDFZ4HaRaoARAOUU1AAAAQEICgE63fAD5Kpw"}
00432{"flow_id":300,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":744593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Pg9AAEAGhcnAqAoyrBAAAQBQ4QTgdpFq2AgxWoARAOMP4AAAAQEICgPkr2UBOt3w"}
00432{"flow_id":300,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4298,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347481,"pkt_ts_usec":745315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06aVAAD4G3DKsEAABwKgKMuEEAFDYCDFa4HaRa4AQAOUP3gAAAQEICgE63fAD5K9l"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1499347484263,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1499347484263,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":304,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":263170,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UOVAAD4GdOusEAABwKgKMuFUAFABZrCAAAAAAKACchDp2AAAAgQFtAQCCAoBOuBlAAAAAAEDAwc="}
00444{"flow_id":304,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":263296,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4VQEZrkRAWawgaAScSB3gAAAAgQFtAQCCAoD5LHbATrgZQEDAwc="}
00432{"flow_id":304,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4310,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":264080,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UOZAAD4GdPKsEAABwKgKMuFUAFABZrCBBGa5EoAQAOUWhwAAAQEICgE64GYD5LHb"}
00432{"flow_id":301,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4314,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":744968,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iKVAAD4GPTOsEAABwKgKMuEeAFCusFPP7NoBToARAOWZ9AAAAQEICgE64N4D5Kzi"}
00432{"flow_id":301,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4315,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":745157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sx1AAEAGELvAqAoyrBAAAQBQ4R7s2gFOrrBT0IARAOOUhAAAAQEICgPkslMBOuDe"}
00432{"flow_id":301,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4316,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347484,"pkt_ts_usec":745937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iKZAAD4GPTKsEAABwKgKMuEeAFCusFPQ7NoBT4AQAOWUggAAAQEICgE64N4D5LJT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1499347485533,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1499347485533,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":305,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4320,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":533871,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaZAAD4GOCqsEAABwKgKMuFiAFALNGwFAAAAAKACchAjOgAAAgQFtAQCCAoBOuGjAAAAAAEDAwc="}
00444{"flow_id":305,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4321,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":533993,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4WJ5n4cfCzRsBqAScSBsXQAAAgQFtAQCCAoD5LMYATrhowEDAwc="}
00432{"flow_id":305,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4322,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":534757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jadAAD4GODGsEAABwKgKMuFiAFALNGwGeZ+HIIAQAOULZQAAAQEICgE64aMD5LMY"}
00432{"flow_id":302,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":745607,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UJtAAD4GdT2sEAABwKgKMuEsAFBzZ4wxEyEdEYARAOVYjQAAAQEICgE64dgD5K4f"}
00432{"flow_id":302,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4327,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":745839,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rlxAAEAGFXzAqAoyrBAAAQBQ4SwTIR0Rc2eMMoARAONTYAAAAQEICgPks00BOuHY"}
00432{"flow_id":302,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4328,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347485,"pkt_ts_usec":746567,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UJxAAD4GdTysEAABwKgKMuEsAFBzZ4wyEyEdEoAQAOVTXgAAAQEICgE64dgD5LNN"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_tot_l4_data_len":242610,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":782,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":310,"flow_first_seen":1499347291442,"flow_last_seen":1499347358996,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232674,"flow_avg_l4_payload_len":750,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":55632,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":6,"flow_first_seen":1499347351299,"flow_last_seen":1499347356715,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56266,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":6,"flow_first_seen":1499347352698,"flow_last_seen":1499347357715,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":6,"flow_first_seen":1499347356478,"flow_last_seen":1499347361716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":6,"flow_first_seen":1499347357727,"flow_last_seen":1499347363716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56334,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4329,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":6,"flow_first_seen":1499347360285,"flow_last_seen":1499347365717,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":303,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4332,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":746049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fSxAAD4GSKysEAABwKgKMuE6AFDTgqDCML5SkIARAOWOewAAAQEICgE64tID5K9g"}
00433{"flow_id":303,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4333,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":746698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05thAAEAG3P\/AqAoyrBAAAQBQ4TowvlKQ04Kgw4ARAOOJlAAAAQEICgPktEgBOuLS"}
00432{"flow_id":303,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4334,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":747274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fS1AAD4GSKusEAABwKgKMuE6AFDTgqDDML5SkYAQAOWJkgAAAQEICgE64tID5LRI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1499347486787,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1499347486787,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":306,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4335,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":787088,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D7tAAD4GthWsEAABwKgKMuFwAFB2mu1nAAAAAKACchA1KgAAAgQFtAQCCAoBOuLcAAAAAAEDAwc="}
00444{"flow_id":306,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4336,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":787204,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4XA0h5CedprtaKAScSC4rAAAAgQFtAQCCAoD5LRSATri3AEDAwc="}
00432{"flow_id":306,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347486,"pkt_ts_usec":787944,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D7xAAD4GthysEAABwKgKMuFwAFB2mu1oNIeQn4AQAOVXtAAAAQEICgE64twD5LRS"}
00947{"flow_id":304,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347487,"pkt_ts_usec":799367,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzUOdAAD4Gc3KsEAABwKgKMuFUAFABZrCBBGa5EoAYAOXCGwAAAQEICgE649kD5LHbR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4344,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":4,"flow_first_seen":1499347484263,"flow_last_seen":1499347487799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":304,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4345,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347487,"pkt_ts_usec":799500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0DF1AAEAGt3vAqAoyrBAAAQBQ4VQEZrkSAWayAIAQAOsOGwAAAQEICgPktU8BOuPZ"}
02830{"flow_id":304,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4346,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347487,"pkt_ts_usec":802541,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfDF5AAEAGsI\/AqAoyrBAAAQBQ4VQEZrkSAWayAIAYAOt9\/QAAAQEICgPktVABOuPZSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI0OjQ3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00434{"flow_id":304,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4347,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347487,"pkt_ts_usec":803232,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UOhAAD4GdPCsEAABwKgKMuFUAFABZrIABGa\/\/YAQAQAHGQAAAQEICgE649oD5LVQ"}
@@ -2709,13 +2709,13 @@
00948{"flow_id":304,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4351,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":170322,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzUOtAAD4Gc26sEAABwKgKMuFUAFABZrRJBGbHR4AYAR2qwQAAAQEICgE65TAD5LWpR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":304,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4352,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":173636,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceDGJAAEAGsIzAqAoyrBAAAQBQ4VQEZsdHAWa1yIAYAP19\/AAAAQEICgPktqYBOuUwSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI0OjQ4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":304,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4353,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":174373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UOxAAD4GdOysEAABwKgKMuFUAFABZrXIBGbOMYAQATnyNgAAAQEICgE65TED5Lam"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1499347489408,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1499347489408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":307,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":408846,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86N5AAD4G3PGsEAABwKgKMuGKAFByXg2yAAAAAKACchAWcgAAAgQFtAQCCAoBOuVsAAAAAAEDAwc="}
00444{"flow_id":307,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":408942,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4YpoWWpFcl4Ns6AScSCJ7AAAAgQFtAQCCAoD5LbhATrlbAEDAwc="}
00432{"flow_id":307,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4356,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":409729,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06N9AAD4G3PisEAABwKgKMuGKAFByXg2zaFlqRoAQAOUo9AAAAQEICgE65WwD5Lbh"}
01217{"flow_id":304,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4357,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":410297,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9UO1AAD4GcqKsEAABwKgKMuFUAFABZrXIBGbOMYAYATka\/AAAAQEICgE65WwD5LamR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjcwQUYwUE1SOUdKVDFPVzQzUFhXWUtBTk9HVjYxODRZTFdYR1VQQTA0QzNYQjUxOUI1NiUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02972{"flow_id":304,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4358,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347489,"pkt_ts_usec":413282,"pkt_caplen":1933,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1933,"pkt_l4_len":1899,"pkt":"AMGxFOsxABm5CmnxCABFAAd\/DGRAAEAGsCnAqAoyrBAAAQBQ4VQEZs4xAWa4EYAYAQd+XQAAAQEICgPktuIBOuVsSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI0OjQ5IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNg0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Ye0\/jOBD\/G6T9Dj6fdMBJxPTYXS1sm1UfvO5g6dFCWemkyE3c1uDE2dhp4dvf2Ena8CzZIqHi2PP4jWc8nvGH9fpvnfN2\/0f3AE10KFD3snV60kZ4m5DBbpuQTr+Dro\/7Z6eo5uygnk64rwk5+I4Rnmgd7xMym82c2a4jkzHpX5A7I6Vm2PLhtrI8TqAD7H5Y\/7Bet3ruQhGpxjMyant7exlrRr5WnzAawHBtrR4yTZFh2WY\/Uz5t4LaMNIv0dv8+Zhj52VcDa3aniRHxFfkTmiimG5f9w+0vGJFM5lpdcy2Ye5WKiCV0yAXX9\/vogo0E8zULUDuRSqEe1wz1\/ITHmkdjtHnd622h\/X3UoWGECl7B0IANUTOOBfep5jJCm52rQXMLTWtObQf92WFTJmQcArQ\/6yRTnKMQPLpFCRMNrPS9YGrCmMZIgzW5Eb5SGE0SNmpgxyHwF0xn1MySkPLIscvkqTQOW1HI+Y+HdMwITD2UNKJTQ+bYhbkMZa0tQ7ihU5rNYqQS\/wGQG2X\/d0GBc6OwWycZZe45krvOjIcyuEe+oMp4XYYMZy4N+BTxoIGN78AiluReLy0ZIaX5tToPx0+QWCMVEXIsnTgaY0QFBMISRy3sBqyg7olqs8keOC4taX+y5sU0CFiQGQQEqSjsNKstIf1bszWCIxn5oPq2gWc8CuTMgSWLo7GRWeJs4IIVGOgDdznYPYZtqxMKuyy4u\/4WgTyC05f6Zko58SR+Rf5jUuyelGaqqYUDl8ZL9M1psNszQ0Tg+MEk6rRKykgq3BU2dFo63xzCY5ikmpFXUD3PgN2W+Y8OZeJX9MBjgeyO+VUAWHrstmUY0ihAJ9ENsx5ZDYWvklEVFJYeUPQuDldTPOLE+RbDUW1w4EwDtiRK3sSP3UMOh\/vEzKiV9yaNhaRBld3JOXIYl\/ZrRf\/QWMPNVclFOYs9t8xPE4bazW6\/fdxcDYr6KXgVHJYezvS\/p+8VrEaiN4TLrZJTSlyP0KDNlpneWg3VjNFbj1eCVLBgdwAj1GPKRCs66VRMr4\/l3inlVQKSMWAX6hmoVc7PVtwKIy4p6Vcsq6LehCMpcMyLr3dAo6ruhipQ9LRMHkJY8QqyZxGqy6XX4YIMu6Z+hPjIpqptB\/DzaCSXqCtRYbd73IXTMZLVFNGhTPUSNXMa7DbN8P221RR6S9UviLB7asePAOQV24Pa7+VC0JSwi0IQOhmzmus2a+VCsD6p\/Up3ASVzLS+YS8Kn8wrW82XAPJowmtfPI5mEKKIhVOvAD2WvTXEN\/DtG0C1NJGA\/OujntWk9zi0eTKjeUOhepoll\/lZU1lGclot\/nIs2v\/P6tkyk0mHIgWxKRQqfvewz10ZiN2sqiEGZ4Y0T5h4zISTKWw0XKn8lBQMPjzc3dpqHO92zi72jv\/u188HH3e714Mc\/ze\/nR1efa18+\/jgdXB9ddps7H9u7161Ptb3Wp88bW1\/LEgLpp6bTcnwpbznb+jpvSQBOwqxrFh6uT\/5yz+DA2\/BPQppdVjBp1vL4gGhcxJVpPlXesMoZVbHtWSFE2Z0JM2I9u63As97cs571LLRjNBlDJ4rhVqLRLXZ\/XdY8iivjA24PqhTNEu8A2jow12tDf6W9Xt56VsT4urzlOFnkzPgtj1nAqRVtvsqWq8Lyl7G9XcbreHIz\/TGfJ2NfhuZ62B7Rn459kngWxBsY36Q5w0kFS3TNSnhV3RPqso48u2WhXnSuwwT63ey3SGEvpLw87\/iC0WR+mp\/Li+peaRZ65i55Nj8MU61Nn53nhyvOZgiOfzzP2bGM09gryGTUzrL+4tFhHygu4030wm0\/BYneBCSacPwGkGxN8UfhiIaQsw20hV20FFYPkqHP3heYsjKXQjO7SQUfQ94WbAT5s85C91KxxOTd\/TqBL0SDkEe5C+G7KA7QqXldymlA4oICbvWTTi9fCbgy10dQePFFh46k1A8eW2J3ldeu+LlrtZyAibk4s3dB+2Ln\/g+4BvoYkhQAAA=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1499347490659,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1499347490659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":308,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4363,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347490,"pkt_ts_usec":659748,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8roVAAD4GF0usEAABwKgKMuGYAFBT40ghAAAAAKACchD5NwAAAgQFtAQCCAoBOuakAAAAAAEDAwc="}
00444{"flow_id":308,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4364,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347490,"pkt_ts_usec":659895,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ZjtXjkmU+NIIqAScSAXkwAAAgQFtAQCCAoD5LgaATrmpAEDAwc="}
00432{"flow_id":308,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347490,"pkt_ts_usec":660426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0roZAAD4GF1KsEAABwKgKMuGYAFBT40gi7V45J4AQAOW2mQAAAQEICgE65qUD5Lga"}
@@ -2725,46 +2725,46 @@
00432{"flow_id":306,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4378,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347492,"pkt_ts_usec":747664,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D71AAD4GthusEAABwKgKMuFwAFB2mu1oNIeQn4ARAOVR4QAAAQEICgE66K4D5LRS"}
00432{"flow_id":306,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4379,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347492,"pkt_ts_usec":747882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KrtAAEAGmR3AqAoyrBAAAQBQ4XA0h5CfdprtaYARAONMEAAAAQEICgPkuiQBOuiu"}
00432{"flow_id":306,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4380,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347492,"pkt_ts_usec":748434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D75AAD4GthqsEAABwKgKMuFwAFB2mu1pNIeQoIAQAOVMDQAAAQEICgE66K8D5Lok"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1499347493167,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1499347493167,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":309,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4384,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347493,"pkt_ts_usec":167254,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VdJAAD4Gb\/6sEAABwKgKMuGyAFCUXbzFAAAAAKACchBBjAAAAgQFtAQCCAoBOukXAAAAAAEDAwc="}
00444{"flow_id":309,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4385,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347493,"pkt_ts_usec":167378,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4bJdzKzTlF28xqAScSB5WQAAAgQFtAQCCAoD5LqNATrpFwEDAwc="}
00432{"flow_id":309,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4386,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347493,"pkt_ts_usec":168132,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdNAAD4GcAWsEAABwKgKMuGyAFCUXbzGXcys1IAQAOUYYAAAAQEICgE66RgD5LqN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1499347494446,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1499347494446,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":310,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4393,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":446547,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G1FAAD4Gqn+sEAABwKgKMuHAAFAmKfEGAAAAAKACchB6MQAAAgQFtAQCCAoBOupXAAAAAAEDAwc="}
00444{"flow_id":310,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4394,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":446686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4cATAV39JinxB6AScSBKYAAAAgQFtAQCCAoD5LvNATrqVwEDAwc="}
00433{"flow_id":310,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":447435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G1JAAD4GqoasEAABwKgKMuHAAFAmKfEHEwFd\/oAQAOXpZwAAAQEICgE66lcD5LvN"}
00432{"flow_id":307,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4399,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":748410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06OBAAD4G3PesEAABwKgKMuGKAFByXg2zaFlqRoARAOUjvAAAAQEICgE66qMD5Lbh"}
00432{"flow_id":307,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4400,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":748600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01l5AAEAG7XnAqAoyrBAAAQBQ4YpoWWpGcl4NtIARAOMehgAAAQEICgPkvBgBOuqj"}
00432{"flow_id":307,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4401,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347494,"pkt_ts_usec":749389,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06OFAAD4G3PasEAABwKgKMuGKAFByXg20aFlqR4AQAOUehAAAAQEICgE66qMD5LwY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1499347495714,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1499347495714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":311,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4405,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":714214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ai5AAD4GW6KsEAABwKgKMuHOAFCuqYG6AAAAAKACchBfsgAAAgQFtAQCCAoBOuuUAAAAAAEDAwc="}
00445{"flow_id":311,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4406,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":714323,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4c4n\/DE+rqmBu6AScSBGaAAAAgQFtAQCCAoD5L0KATrrlAEDAwc="}
00433{"flow_id":311,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4407,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":715123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ai9AAD4GW6msEAABwKgKMuHOAFCuqYG7J\/wxP4AQAOXlbwAAAQEICgE665QD5L0K"}
00432{"flow_id":308,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":748673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rodAAD4GF1GsEAABwKgKMuGYAFBT40gi7V45J4ARAOWxoAAAAQEICgE6650D5Lga"}
00432{"flow_id":308,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4412,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":748941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hDVAAEAGP6PAqAoyrBAAAQBQ4ZjtXjknU+NII4ARAOOsqQAAAQEICgPkvRIBOuud"}
00432{"flow_id":308,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4413,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347495,"pkt_ts_usec":749659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rohAAD4GF1CsEAABwKgKMuGYAFBT40gj7V45KIAQAOWspwAAAQEICgE6650D5L0S"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1499347498249,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":6,"flow_first_seen":1499347361540,"flow_last_seen":1499347366717,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56374,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1499347364056,"flow_last_seen":1499347369718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1499347365320,"flow_last_seen":1499347370718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1499347366586,"flow_last_seen":1499347371718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56428,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":6,"flow_first_seen":1499347369077,"flow_last_seen":1499347374718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":6,"flow_first_seen":1499347370339,"flow_last_seen":1499347375719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4414,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1499347371602,"flow_last_seen":1499347376719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1499347498249,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":312,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":249443,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LPFAAD4GmN+sEAABwKgKMuHoAFBfF8L\/AAAAAKACchBrawAAAgQFtAQCCAoBOu4OAAAAAAEDAwc="}
00444{"flow_id":312,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4424,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":249537,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4ejKfeZhXxfDAKAScSD4AgAAAgQFtAQCCAoD5L+DATruDgEDAwc="}
00432{"flow_id":312,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4425,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":250343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LPJAAD4GmOasEAABwKgKMuHoAFBfF8MAyn3mYoAQAOWXCgAAAQEICgE67g4D5L+D"}
00432{"flow_id":309,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4429,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":749053,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdRAAD4GcASsEAABwKgKMuGyAFCUXbzGXcys1IARAOUS7AAAAQEICgE67osD5LqN"}
00432{"flow_id":309,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4430,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":749269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0bNRAAEAGVwTAqAoyrBAAAQBQ4bJdzKzUlF28x4ARAOMNegAAAQEICgPkwAABOu6L"}
00432{"flow_id":309,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4431,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347498,"pkt_ts_usec":750009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VdVAAD4GcAOsEAABwKgKMuGyAFCUXbzHXcys1YAQAOUNeAAAAQEICgE67osD5MAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1499347499500,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1499347499500,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":313,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4435,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347499,"pkt_ts_usec":500526,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82IhAAD4G7UesEAABwKgKMuH2AFAMLDfPAAAAAKACchBIQAAAAgQFtAQCCAoBOu9HAAAAAAEDAwc="}
00444{"flow_id":313,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4436,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347499,"pkt_ts_usec":500660,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4fa1N28pDCw30KAScSBgHQAAAgQFtAQCCAoD5MC8ATrvRwEDAwc="}
00433{"flow_id":313,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4437,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347499,"pkt_ts_usec":501436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02IlAAD4G7U6sEAABwKgKMuH2AFAMLDfQtTdvKoAQAOX\/JAAAAQEICgE670cD5MC8"}
@@ -2774,51 +2774,51 @@
00433{"flow_id":311,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4447,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":749303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ajBAAD4GW6isEAABwKgKMuHOAFCuqYG7J\/wxP4ARAOXggwAAAQEICgE68H8D5L0K"}
00435{"flow_id":311,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4448,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":749492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08MtAAEAG0wzAqAoyrBAAAQBQ4c4n\/DE\/rqmBvIARAOPbmgAAAQEICgPkwfQBOvB\/"}
00433{"flow_id":311,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4449,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":750258,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ajFAAD4GW6esEAABwKgKMuHOAFCuqYG8J\/wxQIAQAOXbmAAAAQEICgE68H8D5MH0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1499347500770,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1499347500770,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":314,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4450,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":770126,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YZZAAD4GZDqsEAABwKgKMuIEAFAvvZESAAAAAKACchDKIAAAAgQFtAQCCAoBOvCEAAAAAAEDAwc="}
00444{"flow_id":314,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4451,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":770249,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4gSIcKZ3L72RE6AScSDWOAAAAgQFtAQCCAoD5MH6ATrwhAEDAwc="}
00432{"flow_id":314,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4452,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347500,"pkt_ts_usec":770964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YZdAAD4GZEGsEAABwKgKMuIEAFAvvZETiHCmeIAQAOV1QAAAAQEICgE68IQD5MH6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1499347503273,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1499347503273,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":315,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4466,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":273427,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JtZAAD4GnvqsEAABwKgKMuIeAFAcz9QgAAAAAKACchCXdAAAAgQFtAQCCAoBOvL2AAAAAAEDAwc="}
00445{"flow_id":315,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4467,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":273500,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4h43pRReHM\/UIaAScSCEAAAAAgQFtAQCCAoD5MRrATry9gEDAwc="}
00432{"flow_id":315,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4468,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":274150,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JtdAAD4GnwGsEAABwKgKMuIeAFAcz9QhN6UUX4AQAOUjCAAAAQEICgE68vYD5MRr"}
00432{"flow_id":312,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4471,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":749121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LPNAAD4GmOWsEAABwKgKMuHoAFBfF8MAyn3mYoARAOWRqgAAAQEICgE6820D5L+D"}
00432{"flow_id":312,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4472,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":749319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0IoBAAEAGoVjAqAoyrBAAAQBQ4ejKfeZiXxfDAYARAOOMTAAAAQEICgPkxOIBOvNt"}
00432{"flow_id":312,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4473,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347503,"pkt_ts_usec":750094,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LPRAAD4GmOSsEAABwKgKMuHoAFBfF8MByn3mY4AQAOWMSgAAAQEICgE6820D5MTi"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1499347504529,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1499347504529,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":316,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4477,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":529243,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbJAAD4GlB6sEAABwKgKMuIsAFBuJcWCAAAAAKACchBTdAAAAgQFtAQCCAoBOvQwAAAAAAEDAwc="}
00446{"flow_id":316,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4478,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":529340,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4iwP0\/y\/biXFg6AScSB+NgAAAgQFtAQCCAoD5MWlATr0MAEDAwc="}
00432{"flow_id":316,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4479,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":530160,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbNAAD4GlCWsEAABwKgKMuIsAFBuJcWDD9P8wIAQAOUdPgAAAQEICgE69DAD5MWl"}
00432{"flow_id":313,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":749172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02IpAAD4G7U2sEAABwKgKMuH2AFAMLDfQtTdvKoARAOX6AwAAAQEICgE69GcD5MC8"}
00432{"flow_id":313,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4484,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":749423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qvZAAEAGGOLAqAoyrBAAAQBQ4fa1N28qDCw30YARAOP05AAAAQEICgPkxdwBOvRn"}
00432{"flow_id":313,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4485,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347504,"pkt_ts_usec":749974,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02ItAAD4G7UysEAABwKgKMuH2AFAMLDfRtTdvK4AQAOX04gAAAQEICgE69GcD5MXc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1499347505774,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1499347505774,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":317,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4489,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347505,"pkt_ts_usec":774649,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8e\/VAAD4GSdusEAABwKgKMuI6AFCzho6SAAAAAKACchBDvgAAAgQFtAQCCAoBOvVnAAAAAAEDAwc="}
00444{"flow_id":317,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4490,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347505,"pkt_ts_usec":774819,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4joOXGebs4aOk6AScSAD5AAAAgQFtAQCCAoD5MbdATr1ZwEDAwc="}
00433{"flow_id":317,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4491,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347505,"pkt_ts_usec":775533,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/ZAAD4GSeKsEAABwKgKMuI6AFCzho6TDlxnnIAQAOWi6wAAAQEICgE69WcD5Mbd"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1499347374136,"flow_last_seen":1499347379720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":6,"flow_first_seen":1499347375388,"flow_last_seen":1499347380720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":6,"flow_first_seen":1499347376638,"flow_last_seen":1499347381720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":6,"flow_first_seen":1499347379171,"flow_last_seen":1499347384721,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":6,"flow_first_seen":1499347380424,"flow_last_seen":1499347385722,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":6,"flow_first_seen":1499347381694,"flow_last_seen":1499347386722,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":314,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4495,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347506,"pkt_ts_usec":750244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YZhAAD4GZECsEAABwKgKMuIEAFAvvZETiHCmeIARAOVvaAAAAQEICgE69lsD5MH6"}
00433{"flow_id":314,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4496,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347506,"pkt_ts_usec":750532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YalAAEAGYi\/AqAoyrBAAAQBQ4gSIcKZ4L72RFIARAONpkgAAAQEICgPkx9EBOvZb"}
00432{"flow_id":314,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4497,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347506,"pkt_ts_usec":751057,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YZlAAD4GZD+sEAABwKgKMuIEAFAvvZEUiHCmeYAQAOVpkAAAAQEICgE69lsD5MfR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1499347508344,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_first_seen":1499347508344,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":318,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4507,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":344616,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QeJAAD4Gg+6sEAABwKgKMuJUAFDv7LYIAAAAAKACchDdRAAAAgQFtAQCCAoBOvfqAAAAAAEDAwc="}
00444{"flow_id":318,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":344744,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4lSsQaQu7+y2CaAScSDAbwAAAgQFtAQCCAoD5MlfATr36gEDAwc="}
00433{"flow_id":318,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":345302,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QeNAAD4Gg\/WsEAABwKgKMuJUAFDv7LYJrEGkL4AQAOVfdwAAAQEICgE69+oD5Mlf"}
00432{"flow_id":315,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4513,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":750609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JthAAD4GnwCsEAABwKgKMuIeAFAcz9QhN6UUX4ARAOUdrgAAAQEICgE6+E8D5MRr"}
00433{"flow_id":315,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4514,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":750892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03ZpAAEAG5j3AqAoyrBAAAQBQ4h43pRRfHM\/UIoARAOMYVQAAAQEICgPkycUBOvhP"}
00432{"flow_id":315,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4515,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347508,"pkt_ts_usec":751424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JtlAAD4Gnv+sEAABwKgKMuIeAFAcz9QiN6UUYIAQAOUYUwAAAQEICgE6+E8D5MnF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1499347509601,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_first_seen":1499347509601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":319,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4519,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347509,"pkt_ts_usec":601559,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2ZAAD4GcmqsEAABwKgKMuJiAFBgjKpCAAAAAKACchB3IwAAAgQFtAQCCAoBOvkkAAAAAAEDAwc="}
00444{"flow_id":319,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4520,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347509,"pkt_ts_usec":601682,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4mJHoK+XYIyqQ6AScSCyTAAAAgQFtAQCCAoD5MqZATr5JAEDAwc="}
00432{"flow_id":319,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4521,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347509,"pkt_ts_usec":602443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2dAAD4GcnGsEAABwKgKMuJiAFBgjKpDR6CvmIAQAOVRVAAAAQEICgE6+SQD5MqZ"}
@@ -2828,63 +2828,63 @@
00433{"flow_id":317,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4534,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347511,"pkt_ts_usec":752203,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/dAAD4GSeGsEAABwKgKMuI6AFCzho6TDlxnnIARAOWdEwAAAQEICgE6+z4D5Mbd"}
00432{"flow_id":317,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4535,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347511,"pkt_ts_usec":752491,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qy9AAEAGGKnAqAoyrBAAAQBQ4joOXGecs4aOlIARAOOXPgAAAQEICgPkzLMBOvs+"}
00433{"flow_id":317,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4536,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347511,"pkt_ts_usec":753005,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0e\/hAAD4GSeCsEAABwKgKMuI6AFCzho6UDlxnnYAQAOWXPAAAAQEICgE6+z4D5Myz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1499347512081,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_first_seen":1499347512081,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":320,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4540,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347512,"pkt_ts_usec":81528,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87jVAAD4G15qsEAABwKgKMuJ8AFAKmxWlAAAAAKACchBfLAAAAgQFtAQCCAoBOvuQAAAAAAEDAwc="}
00443{"flow_id":320,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4541,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347512,"pkt_ts_usec":81654,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4nwCiqB4CpsVpqAScSDsHgAAAgQFtAQCCAoD5M0FATr7kAEDAwc="}
00431{"flow_id":320,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4542,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347512,"pkt_ts_usec":82228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07jZAAD4G16GsEAABwKgKMuJ8AFAKmxWmAoqgeYAQAOWLJgAAAQEICgE6+5AD5M0F"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1499347513353,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_first_seen":1499347513353,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":321,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4549,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":353022,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ef1AAD4GS9OsEAABwKgKMuKKAFAHuIUzAAAAAKACchDxNAAAAgQFtAQCCAoBOvzOAAAAAAEDAwc="}
00445{"flow_id":321,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4550,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":353123,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4oqWR\/ViB7iFNKAScSCUQQAAAgQFtAQCCAoD5M5DATr8zgEDAwc="}
00433{"flow_id":321,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4551,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":353725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ef5AAD4GS9qsEAABwKgKMuKKAFAHuIU0lkf1Y4AQAOUzSQAAAQEICgE6\/M4D5M5D"}
00434{"flow_id":318,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4555,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":752663,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QeRAAD4Gg\/SsEAABwKgKMuJUAFDv7LYJrEGkL4ARAOVaLgAAAQEICgE6\/TID5Mlf"}
00432{"flow_id":318,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4556,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":752856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aohAAEAGWVDAqAoyrBAAAQBQ4lSsQaQv7+y2CoARAONU5wAAAQEICgPkzqcBOv0y"}
00434{"flow_id":318,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4557,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347513,"pkt_ts_usec":753618,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QeVAAD4Gg\/OsEAABwKgKMuJUAFDv7LYKrEGkMIAQAOVU5QAAAQEICgE6\/TID5M6n"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1499347514648,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_first_seen":1499347514648,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":322,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4561,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":648083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81oFAAD4G706sEAABwKgKMuKYAFBs5yiTAAAAAKACchDnUwAAAgQFtAQCCAoBOv4SAAAAAAEDAwc="}
00444{"flow_id":322,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4562,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":648183,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4pgH3WT1bOcolKAScSCn9AAAAgQFtAQCCAoD5M+HATr+EgEDAwc="}
00434{"flow_id":322,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4563,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":648952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oJAAD4G71WsEAABwKgKMuKYAFBs5yiUB91k9oAQAOVG\/AAAAQEICgE6\/hID5M+H"}
00433{"flow_id":319,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4567,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":753077,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2hAAD4GcnCsEAABwKgKMuJiAFBgjKpDR6CvmIARAOVMSwAAAQEICgE6\/iwD5MqZ"}
00433{"flow_id":319,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":753317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YDlAAEAGY5\/AqAoyrBAAAQBQ4mJHoK+YYIyqRIARAONHRAAAAQEICgPkz6EBOv4s"}
00433{"flow_id":319,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347514,"pkt_ts_usec":754032,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2lAAD4Gcm+sEAABwKgKMuJiAFBgjKpER6CvmYAQAOVHQgAAAQEICgE6\/iwD5M+h"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1499347517171,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":6,"flow_first_seen":1499347384186,"flow_last_seen":1499347389723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":6,"flow_first_seen":1499347385481,"flow_last_seen":1499347390723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":6,"flow_first_seen":1499347386736,"flow_last_seen":1499347392723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":6,"flow_first_seen":1499347389305,"flow_last_seen":1499347394723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":6,"flow_first_seen":1499347390580,"flow_last_seen":1499347395724,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_first_seen":1499347517171,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":323,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4579,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":171667,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PfRAAD4Gh9ysEAABwKgKMuKyAFAJ1z18AAAAAKACchAy6wAAAgQFtAQCCAoBOwCIAAAAAAEDAwc="}
00444{"flow_id":323,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4580,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":171771,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4rJwyiE5Cdc9faAScSDL4wAAAgQFtAQCCAoD5NH+ATsAiAEDAwc="}
00432{"flow_id":323,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4581,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":172550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PfVAAD4Gh+OsEAABwKgKMuKyAFAJ1z19cMohOoAQAOVq6gAAAQEICgE7AIkD5NH+"}
00432{"flow_id":320,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4585,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":753204,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07jdAAD4G16CsEAABwKgKMuJ8AFAKmxWmAoqgeYARAOWFmwAAAQEICgE7ARoD5M0F"}
00432{"flow_id":320,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4586,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":753427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cvZAAEAGUOLAqAoyrBAAAQBQ4nwCiqB5CpsVp4ARAOOAEgAAAQEICgPk0o8BOwEa"}
00432{"flow_id":320,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4587,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347517,"pkt_ts_usec":753952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07jhAAD4G15+sEAABwKgKMuJ8AFAKmxWnAoqgeoAQAOWAEAAAAQEICgE7ARoD5NKP"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1499347518410,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":1,"flow_first_seen":1499347518410,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":324,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4591,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":410024,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8FGZAAD4GsWqsEAABwKgKMuLAAFAhaxXYAAAAAKACchBBtwAAAgQFtAQCCAoBOwG+AAAAAAEDAwc="}
00444{"flow_id":324,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4592,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":410180,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4sCWVenKIWsV2aAScSDrXAAAAgQFtAQCCAoD5NM0ATsBvgEDAwc="}
00432{"flow_id":324,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4593,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":410865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0FGdAAD4GsXGsEAABwKgKMuLAAFAhaxXZllXpy4AQAOWKZAAAAQEICgE7Ab4D5NM0"}
00432{"flow_id":321,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4597,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":753167,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ef9AAD4GS9msEAABwKgKMuKKAFAHuIU0lkf1Y4ARAOUuAgAAAQEICgE7AhQD5M5D"}
00433{"flow_id":321,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4598,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":753364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JupAAEAGnO7AqAoyrBAAAQBQ4oqWR\/VjB7iFNYARAOMovQAAAQEICgPk04kBOwIU"}
00432{"flow_id":321,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347518,"pkt_ts_usec":754021,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0egBAAD4GS9isEAABwKgKMuKKAFAHuIU1lkf1ZIAQAOUouwAAAQEICgE7AhQD5NOJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1499347519679,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_first_seen":1499347519679,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":325,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4603,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":679510,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8A+RAAD4GweysEAABwKgKMuLOAFBZkgEfAAAAAKACchAc\/gAAAgQFtAQCCAoBOwL7AAAAAAEDAwc="}
00445{"flow_id":325,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4604,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":679602,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4s4k\/bw4WZIBIKAScSBkUQAAAgQFtAQCCAoD5NRxATsC+wEDAwc="}
00432{"flow_id":325,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4605,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":680191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A+VAAD4GwfOsEAABwKgKMuLOAFBZkgEgJP28OYAQAOUDWAAAAQEICgE7AvwD5NRx"}
00433{"flow_id":322,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4609,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":753504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oNAAD4G71SsEAABwKgKMuKYAFBs5yiUB91k9oARAOVB\/wAAAQEICgE7Aw4D5M+H"}
00432{"flow_id":322,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4610,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":753667,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sHVAAEAGE2PAqAoyrBAAAQBQ4pgH3WT2bOcolYARAOM9BAAAAQEICgPk1IMBOwMO"}
00432{"flow_id":322,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4611,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347519,"pkt_ts_usec":754244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01oRAAD4G71OsEAABwKgKMuKYAFBs5yiVB91k94AQAOU9AgAAAQEICgE7Aw4D5NSD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1499347522204,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_first_seen":1499347522204,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":326,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4621,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":204574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8G91AAD4GqfOsEAABwKgKMuLoAFAaMR6uAAAAAKACchA8PgAAAgQFtAQCCAoBOwVzAAAAAAEDAwc="}
00444{"flow_id":326,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4622,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":204711,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4uhHWnn+GjEer6AScSCg9wAAAgQFtAQCCAoD5NboATsFcwEDAwc="}
00435{"flow_id":326,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4623,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":205463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G95AAD4GqfqsEAABwKgKMuLoAFAaMR6vR1p5\/4AQAOU\/\/wAAAQEICgE7BXMD5Nbo"}
00432{"flow_id":323,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":754031,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PfZAAD4Gh+KsEAABwKgKMuKyAFAJ1z19cMohOoARAOVldgAAAQEICgE7BfwD5NH+"}
00433{"flow_id":323,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4628,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":754253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09khAAEAGzY\/AqAoyrBAAAQBQ4rJwyiE6Cdc9foARAONgAwAAAQEICgPk13IBOwX8"}
00432{"flow_id":323,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4629,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347522,"pkt_ts_usec":754994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PfdAAD4Gh+GsEAABwKgKMuKyAFAJ1z1+cMohO4AQAOVgAQAAAQEICgE7BfwD5Ndy"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1499347523488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_first_seen":1499347523488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":327,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4633,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347523,"pkt_ts_usec":488657,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bP1AAD4GWNOsEAABwKgKMuL2AFCTdmpJAAAAAKACchB2DgAAAgQFtAQCCAoBOwa0AAAAAAEDAwc="}
00444{"flow_id":327,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4634,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347523,"pkt_ts_usec":488812,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4vYacquOk3ZqSqAScSDU3gAAAgQFtAQCCAoD5NgpATsGtAEDAwc="}
00432{"flow_id":327,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4635,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347523,"pkt_ts_usec":489379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bP5AAD4GWNqsEAABwKgKMuL2AFCTdmpKGnKrj4AQAOVz5gAAAQEICgE7BrQD5Ngp"}
@@ -2894,34 +2894,34 @@
00433{"flow_id":325,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4645,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":755170,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A+ZAAD4GwfKsEAABwKgKMuLOAFBZkgEgJP28OYARAOX+YgAAAQEICgE7B\/AD5NRx"}
00433{"flow_id":325,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4646,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":755987,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZV9AAEAGXnnAqAoyrBAAAQBQ4s4k\/bw5WZIBIYARAOP5bgAAAQEICgPk2WYBOwfw"}
00433{"flow_id":325,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4647,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":756530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0A+dAAD4GwfGsEAABwKgKMuLOAFBZkgEhJP28OoAQAOX5awAAAQEICgE7B\/ED5Nlm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1499347524782,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_first_seen":1499347524782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":328,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4648,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":782374,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uUBAAD4GDJCsEAABwKgKMuMEAFAFWr63AAAAAKACchCuawAAAgQFtAQCCAoBOwf3AAAAAAEDAwc="}
00445{"flow_id":328,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4649,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":782469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4wR+L\/VQBVq+uKAScSBeeAAAAgQFtAQCCAoD5NltATsH9wEDAwc="}
00434{"flow_id":328,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4650,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347524,"pkt_ts_usec":783240,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uUFAAD4GDJesEAABwKgKMuMEAFAFWr64fi\/1UYAQAOX9fwAAAQEICgE7B\/cD5Nlt"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1499347526155,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_first_seen":1499347526155,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":329,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4657,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347526,"pkt_ts_usec":155708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vM5AAD4GCQKsEAABwKgKMuMSAFBd27WBAAAAAKACchBdugAAAgQFtAQCCAoBOwlPAAAAAAEDAwc="}
00444{"flow_id":329,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4658,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347526,"pkt_ts_usec":155864,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4xLVlk4tXdu1gqAScSBcLAAAAgQFtAQCCAoD5NrEATsJTwEDAwc="}
00432{"flow_id":329,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4659,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347526,"pkt_ts_usec":156511,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM9AAD4GCQmsEAABwKgKMuMSAFBd27WC1ZZOLoAQAOX7MwAAAQEICgE7CU8D5NrE"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1499347527425,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":6,"flow_first_seen":1499347393135,"flow_last_seen":1499347398725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1499347394398,"flow_last_seen":1499347399725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":6,"flow_first_seen":1499347395736,"flow_last_seen":1499347401725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":6,"flow_first_seen":1499347398258,"flow_last_seen":1499347403725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56764,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":6,"flow_first_seen":1499347399514,"flow_last_seen":1499347404726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4663,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":6,"flow_first_seen":1499347400752,"flow_last_seen":1499347406726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_first_seen":1499347527425,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":330,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4666,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":425398,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84vtAAD4G4tSsEAABwKgKMuMgAFAAyeh3AAAAAKACchCGiwAAAgQFtAQCCAoBOwqMAAAAAAEDAwc="}
00444{"flow_id":330,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4667,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":425522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4yBtIXfPAMnoeKAScSDCkwAAAgQFtAQCCAoD5NwBATsKjAEDAwc="}
00432{"flow_id":330,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":426269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04vxAAD4G4tusEAABwKgKMuMgAFAAyeh4bSF30IAQAOVhmwAAAQEICgE7CowD5NwB"}
00433{"flow_id":326,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4672,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":755915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G99AAD4GqfmsEAABwKgKMuLoAFAaMR6vR1p5\/4ARAOU6kgAAAQEICgE7Ct8D5Nbo"}
00433{"flow_id":326,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":756132,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0patAAEAGHi3AqAoyrBAAAQBQ4uhHWnn\/GjEesIARAOM1JwAAAQEICgPk3FQBOwrf"}
00432{"flow_id":326,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347527,"pkt_ts_usec":756867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0G+BAAD4GqfisEAABwKgKMuLoAFAaMR6wR1p6AIAQAOU1JQAAAQEICgE7Ct8D5NxU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1499347528679,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_first_seen":1499347528679,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":331,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4678,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347528,"pkt_ts_usec":679590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86w9AAD4G2sCsEAABwKgKMuMuAFDPaODJAAAAAKACchC+UQAAAgQFtAQCCAoBOwvGAAAAAAEDAwc="}
00444{"flow_id":331,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4679,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347528,"pkt_ts_usec":679685,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4y4jZsPUz2jgyqAScSD21QAAAgQFtAQCCAoD5N07ATsLxgEDAwc="}
00432{"flow_id":331,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347528,"pkt_ts_usec":680460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06xBAAD4G2sesEAABwKgKMuMuAFDPaODKI2bD1YAQAOWV3QAAAQEICgE7C8YD5N07"}
@@ -2932,14 +2932,14 @@
00433{"flow_id":328,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4695,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347530,"pkt_ts_usec":758058,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KhNAAEAGmcXAqAoyrBAAAQBQ4wR+L\/VRBVq+uYAQAOPx1AAAAQEICgPk30MBOw3N"}
00433{"flow_id":328,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347530,"pkt_ts_usec":758099,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KhRAAEAGmcTAqAoyrBAAAQBQ4wR+L\/VRBVq+uYARAOPx0wAAAQEICgPk30MBOw3N"}
00433{"flow_id":328,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4697,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347530,"pkt_ts_usec":758629,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0K+pAAD4Gme6sEAABwKgKMuMEAFAFWr65fi\/1UoAQAOXx0QAAAQEICgE7Dc0D5N9D"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1499347531303,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_first_seen":1499347531303,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":332,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4701,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":303327,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MvhAAD4GktisEAABwKgKMuNIAFARgDytAAAAAKACchAdrgAAAgQFtAQCCAoBOw5VAAAAAAEDAwc="}
00445{"flow_id":332,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4702,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":303484,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ40hb80TSEYA8rqAScSCaFwAAAgQFtAQCCAoD5N\/LATsOVQEDAwc="}
00434{"flow_id":332,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4703,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":304259,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvlAAD4Gkt+sEAABwKgKMuNIAFARgDyuW\/NE04AQAOU5HgAAAQEICgE7DlYD5N\/L"}
00432{"flow_id":329,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4707,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":758155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vNBAAD4GCQisEAABwKgKMuMSAFBd27WC1ZZOLoARAOX1ugAAAQEICgE7DscD5NrE"}
00432{"flow_id":329,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4708,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":758401,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rhNAAEAGFcXAqAoyrBAAAQBQ4xLVlk4uXdu1g4ARAOPwQgAAAQEICgPk4D0BOw7H"}
00432{"flow_id":329,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4709,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347531,"pkt_ts_usec":758921,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vNFAAD4GCQesEAABwKgKMuMSAFBd27WD1ZZOL4AQAOXwQAAAAQEICgE7DscD5OA9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1499347532560,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_first_seen":1499347532560,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":333,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4713,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347532,"pkt_ts_usec":560706,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ro1AAD4GF0OsEAABwKgKMuNWAFA1F6EdAAAAAKACchCUXQAAAgQFtAQCCAoBOw+QAAAAAAEDAwc="}
00444{"flow_id":333,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4714,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347532,"pkt_ts_usec":560815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ41Zu3G2tNRehHqAScSDTyAAAAgQFtAQCCAoD5OEFATsPkAEDAwc="}
00432{"flow_id":333,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4715,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347532,"pkt_ts_usec":561395,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ro5AAD4GF0qsEAABwKgKMuNWAFA1F6EebtxtroAQAOVy0AAAAQEICgE7D5AD5OEF"}
@@ -2949,103 +2949,103 @@
00432{"flow_id":331,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4725,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347533,"pkt_ts_usec":758173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06xFAAD4G2sasEAABwKgKMuMuAFDPaODKI2bD1YARAOWQ5wAAAQEICgE7ELsD5N07"}
00432{"flow_id":331,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4726,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347533,"pkt_ts_usec":758393,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0IeRAAEAGofTAqAoyrBAAAQBQ4y4jZsPVz2jgy4ARAOOL8gAAAQEICgPk4jEBOxC7"}
00432{"flow_id":331,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4727,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347533,"pkt_ts_usec":759097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06xJAAD4G2sWsEAABwKgKMuMuAFDPaODLI2bD1oAQAOWL8AAAAQEICgE7ELsD5OIx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1499347535081,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_first_seen":1499347535081,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":334,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347535,"pkt_ts_usec":81002,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="}
00443{"flow_id":334,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347535,"pkt_ts_usec":81123,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="}
00431{"flow_id":334,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347535,"pkt_ts_usec":81893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1499347536332,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_first_seen":1499347536332,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":335,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":332683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="}
00444{"flow_id":335,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":332809,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="}
00432{"flow_id":335,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4745,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":333573,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGNAAD4GPXWsEAABwKgKMuN+AFBSPZteJdF39YAQAOWSqAAAAQEICgE7Ez8D5OS0"}
00434{"flow_id":332,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4749,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":759045,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvpAAD4Gkt6sEAABwKgKMuNIAFARgDyuW\/NE04ARAOUzygAAAQEICgE7E6kD5N\/L"}
00432{"flow_id":332,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4750,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":759262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ocxAAEAGIgzAqAoyrBAAAQBQ40hb80TTEYA8r4ARAOMudwAAAQEICgPk5R8BOxOp"}
00433{"flow_id":332,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4751,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347536,"pkt_ts_usec":759993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MvtAAD4Gkt2sEAABwKgKMuNIAFARgDyvW\/NE1IAQAOUudAAAAQEICgE7E6oD5OUf"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1499347537591,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":6,"flow_first_seen":1499347403327,"flow_last_seen":1499347408726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56818,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":6,"flow_first_seen":1499347404575,"flow_last_seen":1499347409726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":6,"flow_first_seen":1499347407100,"flow_last_seen":1499347412728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56858,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":6,"flow_first_seen":1499347408367,"flow_last_seen":1499347413728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56872,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1499347409644,"flow_last_seen":1499347414728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_first_seen":1499347537591,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":336,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4755,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":591583,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UmRAAD4Gc2ysEAABwKgKMuOMAFC1fUYeAAAAAKACchBp1gAAAgQFtAQCCAoBOxR6AAAAAAEDAwc="}
00444{"flow_id":336,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4756,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":591721,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ44xyZUlKtX1GH6AScSDFMQAAAgQFtAQCCAoD5OXvATsUegEDAwc="}
00432{"flow_id":336,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4757,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":592283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UmVAAD4Gc3OsEAABwKgKMuOMAFC1fUYfcmVJS4AQAOVkOQAAAQEICgE7FHoD5OXv"}
00432{"flow_id":333,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4761,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":759414,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ro9AAD4GF0msEAABwKgKMuNWAFA1F6EebtxtroARAOVtuwAAAQEICgE7FKQD5OEF"}
00432{"flow_id":333,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4762,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":759631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0i7dAAEAGOCHAqAoyrBAAAQBQ41Zu3G2uNRehH4ARAONoqAAAAQEICgPk5hkBOxSk"}
00432{"flow_id":333,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4763,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347537,"pkt_ts_usec":760178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rpBAAD4GF0isEAABwKgKMuNWAFA1F6Efbtxtr4AQAOVopgAAAQEICgE7FKQD5OYZ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1499347540145,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_first_seen":1499347540145,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":337,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4774,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":145495,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8BSZAAD4GwKqsEAABwKgKMuOmAFDsIBPeAAAAAKACchBi2wAAAgQFtAQCCAoBOxb4AAAAAAEDAwc="}
00444{"flow_id":337,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4775,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":145637,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ46adBfH37CAT36AScSDoagAAAgQFtAQCCAoD5OhtATsW+AEDAwc="}
00432{"flow_id":337,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4776,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":146361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BSdAAD4GwLGsEAABwKgKMuOmAFDsIBPfnQXx+IAQAOWHcgAAAQEICgE7FvgD5Oht"}
00432{"flow_id":334,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4779,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":760518,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMxAAD4GCQysEAABwKgKMuNwAFAre67NXfpE+IARAOWdwgAAAQEICgE7F5ID5ON7"}
00432{"flow_id":334,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4780,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":760745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rf9AAEAGFdnAqAoyrBAAAQBQ43Bd+kT4K3uuzoARAOOYNwAAAQEICgPk6QcBOxeS"}
00432{"flow_id":334,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4781,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347540,"pkt_ts_usec":761481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vM1AAD4GCQusEAABwKgKMuNwAFAre67OXfpE+YAQAOWYNQAAAQEICgE7F5ID5OkH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1499347541398,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_first_seen":1499347541398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":338,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4785,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":398414,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WJdAAD4GbTmsEAABwKgKMuO0AFCKGUCmAAAAAKACchCW0wAAAgQFtAQCCAoBOxgxAAAAAAEDAwc="}
00444{"flow_id":338,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4786,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":398529,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ47RdwzayihlAp6AScSAVsQAAAgQFtAQCCAoD5OmnATsYMQEDAwc="}
00432{"flow_id":338,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4787,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":399263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJhAAD4GbUCsEAABwKgKMuO0AFCKGUCnXcM2s4AQAOW0uAAAAQEICgE7GDED5Omn"}
00432{"flow_id":335,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4791,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":760915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGRAAD4GPXSsEAABwKgKMuN+AFBSPZteJdF39YARAOWNWgAAAQEICgE7GIwD5OS0"}
00432{"flow_id":335,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4792,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":761246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nfRAAEAGJeTAqAoyrBAAAQBQ434l0Xf1Uj2bX4ARAOOIDgAAAQEICgPk6gEBOxiM"}
00432{"flow_id":335,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4793,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347541,"pkt_ts_usec":761799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGVAAD4GPXOsEAABwKgKMuN+AFBSPZtfJdF39oAQAOWIDAAAAQEICgE7GIwD5OoB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1499347542648,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":1,"flow_first_seen":1499347542648,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":339,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4797,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":648815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80V9AAD4G9HCsEAABwKgKMuPCAFCPt8g1AAAAAKACchAIXwAAAgQFtAQCCAoBOxlqAAAAAAEDAwc="}
00445{"flow_id":339,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4798,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":648966,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ48Js\/FwIj7fINqAScSBRdQAAAgQFtAQCCAoD5OrfATsZagEDAwc="}
00432{"flow_id":339,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4799,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":649714,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00WBAAD4G9HesEAABwKgKMuPCAFCPt8g2bPxcCYAQAOXwfAAAAQEICgE7GWoD5Orf"}
00432{"flow_id":336,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":761054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UmZAAD4Gc3KsEAABwKgKMuOMAFC1fUYfcmVJS4ARAOVfLAAAAQEICgE7GYYD5OXv"}
00432{"flow_id":336,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4804,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":761297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0o7BAAEAGICjAqAoyrBAAAQBQ44xyZUlLtX1GIIARAONaIQAAAQEICgPk6vsBOxmG"}
00432{"flow_id":336,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347542,"pkt_ts_usec":762044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UmdAAD4Gc3GsEAABwKgKMuOMAFC1fUYgcmVJTIAQAOVaHwAAAQEICgE7GYYD5Or7"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1499347545176,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":1,"flow_first_seen":1499347545176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":340,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4815,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":176704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HVZAAD4GqHqsEAABwKgKMuPcAFAahQa0AAAAAKACchA8gQAAAgQFtAQCCAoBOxviAAAAAAEDAwc="}
00444{"flow_id":340,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4816,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":176821,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ49weXgmaGoUGtaAScSAkLAAAAgQFtAQCCAoD5O1XATsb4gEDAwc="}
00432{"flow_id":340,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4817,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":177611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HVdAAD4GqIGsEAABwKgKMuPcAFAahQa1Hl4Jm4AQAOXDMwAAAQEICgE7G+ID5O1X"}
00432{"flow_id":337,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":762365,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BShAAD4GwLCsEAABwKgKMuOmAFDsIBPfnQXx+IARAOWB9QAAAQEICgE7HHQD5Oht"}
00432{"flow_id":337,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4822,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":762631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HBJAAEAGp8bAqAoyrBAAAQBQ46adBfH47CAT4IARAON8eQAAAQEICgPk7eoBOxx0"}
00432{"flow_id":337,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4823,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347545,"pkt_ts_usec":763383,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0BSlAAD4GwK+sEAABwKgKMuOmAFDsIBPgnQXx+YAQAOV8dgAAAQEICgE7HHUD5O3q"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1499347546427,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":1,"flow_first_seen":1499347546427,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":341,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":427962,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q6tAAD4GgiWsEAABwKgKMuPqAFBqhV6wAAAAAKACchCTPQAAAgQFtAQCCAoBOx0bAAAAAAEDAwc="}
00444{"flow_id":341,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4828,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":428110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4+qNxgXIaoVesaAScSAOGQAAAgQFtAQCCAoD5O6QATsdGwEDAwc="}
00432{"flow_id":341,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4829,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":428846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q6xAAD4GgiysEAABwKgKMuPqAFBqhV6xjcYFyYAQAOWtIAAAAQEICgE7HRsD5O6Q"}
00432{"flow_id":338,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4833,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":762236,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJlAAD4GbT+sEAABwKgKMuO0AFCKGUCnXcM2s4ARAOWvegAAAQEICgE7HW4D5Omn"}
00432{"flow_id":338,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4834,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":762530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02FdAAEAG64DAqAoyrBAAAQBQ47RdwzazihlAqIARAOOqPgAAAQEICgPk7uQBOx1u"}
00432{"flow_id":338,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4835,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347546,"pkt_ts_usec":763246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WJpAAD4GbT6sEAABwKgKMuO0AFCKGUCoXcM2tIAQAOWqPAAAAQEICgE7HW4D5O7k"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_tot_l4_data_len":242645,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1902,"flow_avg_l4_data_len":758,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1499347547687,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":6,"flow_first_seen":1499347412160,"flow_last_seen":1499347417729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56912,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1499347413405,"flow_last_seen":1499347418729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":6,"flow_first_seen":1499347414709,"flow_last_seen":1499347419729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":6,"flow_first_seen":1499347417243,"flow_last_seen":1499347422731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":6,"flow_first_seen":1499347418519,"flow_last_seen":1499347423606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":6,"flow_first_seen":1499347421069,"flow_last_seen":1499347426732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4836,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":320,"flow_first_seen":1499347355229,"flow_last_seen":1499347423381,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232389,"flow_avg_l4_payload_len":726,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":1,"flow_first_seen":1499347547687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":342,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4839,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":687536,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89IlAAD4G0UasEAABwKgKMuP4AFDYf+rfAAAAAKACchCXygAAAgQFtAQCCAoBOx5WAAAAAAEDAwc="}
00447{"flow_id":342,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4840,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":687660,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ4\/gRtWE22H\/q4KAScSAyDgAAAgQFtAQCCAoD5O\/LATseVgEDAwc="}
00433{"flow_id":342,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4841,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":688222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09IpAAD4G0U2sEAABwKgKMuP4AFDYf+rgEbVhN4AQAOXRFQAAAQEICgE7HlYD5O\/L"}
00432{"flow_id":339,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4845,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":762478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00WFAAD4G9HasEAABwKgKMuPCAFCPt8g2bPxcCYARAOXrfQAAAQEICgE7HmgD5Orf"}
00433{"flow_id":339,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4846,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":762738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0s9dAAEAGEAHAqAoyrBAAAQBQ48Js\/FwJj7fIN4ARAOPmfwAAAQEICgPk794BOx5o"}
00433{"flow_id":339,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4847,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347547,"pkt_ts_usec":763350,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00WJAAD4G9HWsEAABwKgKMuPCAFCPt8g3bPxcCoAQAOXmfAAAAQEICgE7HmkD5O\/e"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1499347550209,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_first_seen":1499347550209,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":343,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4857,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":209719,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eyFAAD4GSq+sEAABwKgKMuQSAFDq3lvtAAAAAKACchARzgAAAgQFtAQCCAoBOyDMAAAAAAEDAwc="}
00444{"flow_id":343,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":209879,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5BLEGGHa6t5b7qAScSD2kwAAAgQFtAQCCAoD5PJBATsgzAEDAwc="}
00432{"flow_id":343,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4859,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":210600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eyJAAD4GSrasEAABwKgKMuQSAFDq3lvuxBhh24AQAOWVmwAAAQEICgE7IMwD5PJB"}
00432{"flow_id":340,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4863,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":763038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HVhAAD4GqICsEAABwKgKMuPcAFAahQa1Hl4Jm4ARAOW9vgAAAQEICgE7IVYD5O1X"}
00432{"flow_id":340,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":763225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+1dAAEAGyIDAqAoyrBAAAQBQ49weXgmbGoUGtoARAOO4SgAAAQEICgPk8swBOyFW"}
00432{"flow_id":340,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347550,"pkt_ts_usec":764013,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HVlAAD4GqH+sEAABwKgKMuPcAFAahQa2Hl4JnIAQAOW4RwAAAQEICgE7IVcD5PLM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1499347551495,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_first_seen":1499347551495,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":344,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4872,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":495961,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8D\/NAAD4Gtd2sEAABwKgKMuQgAFDTqC39AAAAAKACchBVpAAAAgQFtAQCCAoBOyIOAAAAAAEDAwc="}
00445{"flow_id":344,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4873,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":496061,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5CCgVV5k06gt\/qAScSBgYQAAAgQFtAQCCAoD5PODATsiDgEDAwc="}
00434{"flow_id":344,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4874,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":496846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/RAAD4GteSsEAABwKgKMuQgAFDTqC3+oFVeZYAQAOX\/aAAAAQEICgE7Ig4D5POD"}
00432{"flow_id":341,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":497097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q61AAD4GgiusEAABwKgKMuPqAFBqhV6xjcYFyYARAOWoLAAAAQEICgE7Ig4D5O6Q"}
01216{"flow_id":342,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":497128,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ99ItAAD4GzwOsEAABwKgKMuP4AFDYf+rgEbVhN4AYAOWxaAAAAQEICgE7Ig4D5O\/LR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdNUlZTMVZPOUZMTzRDRkE1RkxKMTNJOUdVTE9GSDY5V0hPSlEwUEgwT0tFMkZNRzNNUSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4876,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":4,"flow_first_seen":1499347547687,"flow_last_seen":1499347551497,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00434{"flow_id":342,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4877,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":497207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0krRAAEAGMSTAqAoyrBAAAQBQ4\/gRtWE32H\/tKYAQAOzHVQAAAQEICgPk84MBOyIO"}
00432{"flow_id":341,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4878,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":497275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09kpAAEAGzY3AqAoyrBAAAQBQ4+qNxgXJaoVesoARAOOjOgAAAQEICgPk84MBOyIO"}
00432{"flow_id":341,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4879,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347551,"pkt_ts_usec":497713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q65AAD4GgiqsEAABwKgKMuPqAFBqhV6yjcYFyoAQAOWjOAAAAQEICgE7Ig4D5POD"}
@@ -3054,7 +3054,7 @@
00948{"flow_id":342,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4882,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":508345,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz9I1AAD4Gz8usEAABwKgKMuP4AFDYf+0pEbVog4AYAQJt\/QAAAQEICgE7IwsD5POER0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02822{"flow_id":342,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4883,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":511908,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekrdAAEAGKjfAqAoyrBAAAQBQ4\/gRtWiD2H\/uqIAYAPV9\/AAAAQEICgPk9IEBOyMLSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI1OjUyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":342,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4884,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":512647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09I5AAD4G0UmsEAABwKgKMuP4AFDYf+6oEbVvbYAQAR21cwAAAQEICgE7IwwD5PSB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1499347552736,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_first_seen":1499347552736,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":345,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":736899,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8B91AAD4GvfOsEAABwKgKMuQuAFCEqySZAAAAAKACchCswQAAAgQFtAQCCAoBOyNEAAAAAAEDAwc="}
00444{"flow_id":345,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":736998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5C6xPoYyhKskmqAScSB9kQAAAgQFtAQCCAoD5PS5ATsjRAEDAwc="}
00432{"flow_id":345,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4887,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":737743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0B95AAD4GvfqsEAABwKgKMuQuAFCEqySasT6GM4AQAOUcmQAAAQEICgE7I0QD5PS5"}
@@ -3063,51 +3063,51 @@
00434{"flow_id":342,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4890,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347552,"pkt_ts_usec":742317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09JBAAD4G0UesEAABwKgKMuP4AFDYf\/DxEbV2uYAQATurTgAAAQEICgE7I0UD5PS6"}
00949{"flow_id":342,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4891,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347553,"pkt_ts_usec":764087,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz9JFAAD4Gz8esEAABwKgKMuP4AFDYf\/DxEbV2uYAYATtZVgAAAQEICgE7JEUD5PS6R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02823{"flow_id":342,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4892,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347553,"pkt_ts_usec":767205,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekrtAAEAGKjPAqAoyrBAAAQBQ4\/gRtXa52H\/ycIAYAQd9\/AAAAQEICgPk9bsBOyRFSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI1OjUzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1499347555255,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_first_seen":1499347555255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":346,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4901,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":255750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81HxAAD4G8VOsEAABwKgKMuRIAFCgOPHGAAAAAKACchDBdgAAAgQFtAQCCAoBOyW6AAAAAAEDAwc="}
00444{"flow_id":346,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4902,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":255825,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5EiyOWdGoDjxx6AScSCtwQAAAgQFtAQCCAoD5PcvATslugEDAwc="}
00432{"flow_id":346,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4903,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":256616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01H1AAD4G8VqsEAABwKgKMuRIAFCgOPHHsjlnR4AQAOVMyQAAAQEICgE7JboD5Pcv"}
00432{"flow_id":343,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4906,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":765050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eyNAAD4GSrWsEAABwKgKMuQSAFDq3lvuxBhh24ARAOWQLQAAAQEICgE7JjkD5PJB"}
00432{"flow_id":343,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4907,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":765264,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lnVAAEAGLWPAqAoyrBAAAQBQ5BLEGGHb6t5b74ARAOOKwQAAAQEICgPk964BOyY5"}
00432{"flow_id":343,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4908,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347555,"pkt_ts_usec":765997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eyRAAD4GSrSsEAABwKgKMuQSAFDq3lvvxBhh3IAQAOWKvwAAAQEICgE7JjkD5Peu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1499347556523,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_first_seen":1499347556523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":347,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4912,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":523558,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89uZAAD4GzumsEAABwKgKMuRWAFDF1NARAAAAAKACchC8RAAAAgQFtAQCCAoBOyb3AAAAAAEDAwc="}
00445{"flow_id":347,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4913,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":523684,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5FYT\/QypxdTQEqAScSCgLAAAAgQFtAQCCAoD5PhsATsm9wEDAwc="}
00434{"flow_id":347,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4914,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":524253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09udAAD4GzvCsEAABwKgKMuRWAFDF1NASE\/0MqoAQAOU\/NAAAAQEICgE7JvcD5Phs"}
00433{"flow_id":344,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4918,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":765587,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/VAAD4GteOsEAABwKgKMuQgAFDTqC3+oFVeZYARAOX6QgAAAQEICgE7JzMD5POD"}
00433{"flow_id":344,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4919,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":765808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ps1AAEAGHQvAqAoyrBAAAQBQ5CCgVV5l06gt\/4ARAOP1HgAAAQEICgPk+KgBOycz"}
00434{"flow_id":344,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4920,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347556,"pkt_ts_usec":766549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0D\/ZAAD4GteKsEAABwKgKMuQgAFDTqC3\/oFVeZoAQAOX1HAAAAQEICgE7JzMD5Pio"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":6,"flow_first_seen":1499347422332,"flow_last_seen":1499347427732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57022,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":6,"flow_first_seen":1499347423604,"flow_last_seen":1499347428732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57036,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1499347426122,"flow_last_seen":1499347431733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":6,"flow_first_seen":1499347427366,"flow_last_seen":1499347432733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57076,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":6,"flow_first_seen":1499347428671,"flow_last_seen":1499347433734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":6,"flow_first_seen":1499347431192,"flow_last_seen":1499347436733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":345,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4924,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":765764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0B99AAD4GvfmsEAABwKgKMuQuAFCEqySasT6GM4ARAOUXrwAAAQEICgE7KC0D5PS5"}
00432{"flow_id":345,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4925,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":765980,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0f5FAAEAGREfAqAoyrBAAAQBQ5C6xPoYzhKskm4ARAOMSxwAAAQEICgPk+aIBOygt"}
00432{"flow_id":345,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4926,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":766523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0B+BAAD4GvfisEAABwKgKMuQuAFCEqySbsT6GNIAQAOUSxQAAAQEICgE7KC0D5Pmi"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1499347557789,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_first_seen":1499347557789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":348,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4927,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":789292,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82zBAAD4G6p+sEAABwKgKMuRkAFBn0PMDAAAAAKACchD2DAAAAgQFtAQCCAoBOygzAAAAAAEDAwc="}
00444{"flow_id":348,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4928,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":789349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5GT+u1l1Z9DzBKAScSChLQAAAgQFtAQCCAoD5PmoATsoMwEDAwc="}
00433{"flow_id":348,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4929,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347557,"pkt_ts_usec":790133,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02zFAAD4G6qasEAABwKgKMuRkAFBn0PME\/rtZdoAQAOVANQAAAQEICgE7KDMD5Pmo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1499347559043,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_first_seen":1499347559043,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":349,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4936,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347559,"pkt_ts_usec":43260,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nvhAAD4GJtisEAABwKgKMuRyAFDmPbeUAAAAAKACchCxxwAAAgQFtAQCCAoBOylsAAAAAAEDAwc="}
00444{"flow_id":349,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4937,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347559,"pkt_ts_usec":43351,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5HJJe\/AM5j23laAScSB6VwAAAgQFtAQCCAoD5PriATspbAEDAwc="}
00431{"flow_id":349,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4938,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347559,"pkt_ts_usec":44120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nvlAAD4GJt+sEAABwKgKMuRyAFDmPbeVSXvwDYAQAOUZXgAAAQEICgE7KW0D5Pri"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1499347560327,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_first_seen":1499347560327,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":350,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4945,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":327931,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rRJAAD4GGL6sEAABwKgKMuSAAFBDKIe8AAAAAKACchCDZQAAAgQFtAQCCAoBOyquAAAAAAEDAwc="}
00444{"flow_id":350,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4946,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":327964,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ICL+5A8QyiHvaAScSBoBAAAAgQFtAQCCAoD5PwjATsqrgEDAwc="}
00433{"flow_id":350,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":328860,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRNAAD4GGMWsEAABwKgKMuSAAFBDKIe9i\/uQPYAQAOUHDAAAAQEICgE7Kq4D5Pwj"}
00432{"flow_id":346,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4951,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":766306,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01H5AAD4G8VmsEAABwKgKMuRIAFCgOPHHsjlnR4ARAOVHZwAAAQEICgE7KxsD5Pcv"}
00433{"flow_id":346,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4952,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":766531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0m9ZAAEAGKALAqAoyrBAAAQBQ5EiyOWdHoDjxyIARAONCBgAAAQEICgPk\/JEBOysb"}
00432{"flow_id":346,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4953,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347560,"pkt_ts_usec":767094,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01H9AAD4G8VisEAABwKgKMuRIAFCgOPHIsjlnSIAQAOVCAwAAAQEICgE7KxwD5PyR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1499347561622,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_first_seen":1499347561622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":351,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4957,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347561,"pkt_ts_usec":622231,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JPRAAD4GoNysEAABwKgKMuSOAFBq0Q8FAAAAAKACchDTIgAAAgQFtAQCCAoBOyvxAAAAAAEDAwc="}
00445{"flow_id":351,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4958,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347561,"pkt_ts_usec":622349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5I6fc34\/atEPBqAScSC1AgAAAgQFtAQCCAoD5P1nATsr8QEDAwc="}
00433{"flow_id":351,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4959,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347561,"pkt_ts_usec":623123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JPVAAD4GoOOsEAABwKgKMuSOAFBq0Q8Gn3N+QIAQAOVUCgAAAQEICgE7K\/ED5P1n"}
@@ -3117,47 +3117,47 @@
00433{"flow_id":348,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4972,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347563,"pkt_ts_usec":766989,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02zJAAD4G6qWsEAABwKgKMuRkAFBn0PME\/rtZdoARAOU6XgAAAQEICgE7LgkD5Pmo"}
00434{"flow_id":348,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4973,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347563,"pkt_ts_usec":767177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pglAAEAGHc\/AqAoyrBAAAQBQ5GT+u1l2Z9DzBYARAOM0iAAAAQEICgPk\/38BOy4J"}
00434{"flow_id":348,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4974,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347563,"pkt_ts_usec":767715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02zNAAD4G6qSsEAABwKgKMuRkAFBn0PMF\/rtZd4AQAOU0hQAAAQEICgE7LgoD5P9\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1499347564211,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_first_seen":1499347564211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":352,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4978,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":211903,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87W5AAD4G2GGsEAABwKgKMuSoAFCF1MMXAAAAAKACchABawAAAgQFtAQCCAoBOy55AAAAAAEDAwc="}
00445{"flow_id":352,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4979,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":212030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5KgQ0EVbhdTDGKAScSCoSwAAAgQFtAQCCAoD5P\/uATsueQEDAwc="}
00433{"flow_id":352,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4980,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":212560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07W9AAD4G2GisEAABwKgKMuSoAFCF1MMYENBFXIAQAOVHUwAAAQEICgE7LnkD5P\/u"}
00432{"flow_id":349,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4984,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":767541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nvpAAD4GJt6sEAABwKgKMuRyAFDmPbeVSXvwDYARAOUTxgAAAQEICgE7LwQD5Pri"}
00433{"flow_id":349,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4985,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":767727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08HRAAEAG02PAqAoyrBAAAQBQ5HJJe\/AN5j23loARAOMOMAAAAQEICgPlAHkBOy8E"}
00432{"flow_id":349,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4986,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347564,"pkt_ts_usec":768317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nvtAAD4GJt2sEAABwKgKMuRyAFDmPbeWSXvwDoAQAOUOLgAAAQEICgE7LwQD5QB5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1499347565457,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_first_seen":1499347565457,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":353,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4990,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":457964,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CLtAAD4GvRWsEAABwKgKMuS2AFBcaycLAAAAAKACchDFmwAAAgQFtAQCCAoBOy+wAAAAAAEDAwc="}
00444{"flow_id":353,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4991,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":458144,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5La+IYdMXGsnDKAScSB8AQAAAgQFtAQCCAoD5QEmATsvsAEDAwc="}
00432{"flow_id":353,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4992,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":458876,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CLxAAD4GvRysEAABwKgKMuS2AFBcaycMviGHTYAQAOUbCQAAAQEICgE7L7AD5QEm"}
00434{"flow_id":350,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4996,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":767713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRRAAD4GGMSsEAABwKgKMuSAAFBDKIe9i\/uQPYARAOUBuwAAAQEICgE7L\/4D5Pwj"}
00433{"flow_id":350,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4997,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":767932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0kU5AAEAGMorAqAoyrBAAAQBQ5ICL+5A9QyiHvoARAOP8awAAAQEICgPlAXMBOy\/+"}
00434{"flow_id":350,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4998,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347565,"pkt_ts_usec":768477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rRVAAD4GGMOsEAABwKgKMuSAAFBDKIe+i\/uQPoAQAOX8aQAAAQEICgE7L\/4D5QFz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1499347566719,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_first_seen":1499347566719,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":354,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":719570,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bldAAD4GV3msEAABwKgKMuTEAFDBpl67AAAAAKACchAnZgAAAgQFtAQCCAoBOzDsAAAAAAEDAwc="}
00444{"flow_id":354,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":719693,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5MTiLAwhwaZevKAScSAzsQAAAgQFtAQCCAoD5QJhATsw7AEDAwc="}
00432{"flow_id":354,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5004,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":720308,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blhAAD4GV4CsEAABwKgKMuTEAFDBpl684iwMIoAQAOXSuAAAAQEICgE7MOwD5QJh"}
00432{"flow_id":351,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5008,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":769309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JPZAAD4GoOKsEAABwKgKMuSOAFBq0Q8Gn3N+QIARAOVPAgAAAQEICgE7MPgD5P1n"}
00433{"flow_id":351,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":769501,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fC1AAEAGR6vAqAoyrBAAAQBQ5I6fc35AatEPB4ARAONJ\/QAAAQEICgPlAm0BOzD4"}
00432{"flow_id":351,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5010,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347566,"pkt_ts_usec":770032,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JPdAAD4GoOGsEAABwKgKMuSOAFBq0Q8Hn3N+QYAQAOVJ+wAAAQEICgE7MPgD5QJt"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1499347569321,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":6,"flow_first_seen":1499347432482,"flow_last_seen":1499347437734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":6,"flow_first_seen":1499347433753,"flow_last_seen":1499347439734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":7,"flow_first_seen":1499347436274,"flow_last_seen":1499347441734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57170,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":6,"flow_first_seen":1499347437541,"flow_last_seen":1499347442734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":6,"flow_first_seen":1499347440119,"flow_last_seen":1499347445734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5011,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":6,"flow_first_seen":1499347441364,"flow_last_seen":1499347446735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_first_seen":1499347569321,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":355,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5020,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":321023,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8g25AAD4GQmKsEAABwKgKMuTeAFCWQ7AYAAAAAKACchD+xwAAAgQFtAQCCAoBOzN2AAAAAAEDAwc="}
00444{"flow_id":355,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5021,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":321119,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5N7q6xnjlkOwGaAScSDyBwAAAgQFtAQCCAoD5QTrATszdgEDAwc="}
00432{"flow_id":355,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5022,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":321909,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g29AAD4GQmmsEAABwKgKMuTeAFCWQ7AZ6usZ5IAQAOWRDwAAAQEICgE7M3YD5QTr"}
00433{"flow_id":352,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5026,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":769661,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07XBAAD4G2GesEAABwKgKMuSoAFCF1MMYENBFXIARAOVB5QAAAQEICgE7M+YD5P\/u"}
00432{"flow_id":352,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5027,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":769872,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0QAdAAEAGg9HAqAoyrBAAAQBQ5KgQ0EVchdTDGYARAOM8eQAAAQEICgPlBVsBOzPm"}
00432{"flow_id":352,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5028,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347569,"pkt_ts_usec":770441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07XFAAD4G2GasEAABwKgKMuSoAFCF1MMZENBFXYAQAOU8dwAAAQEICgE7M+YD5QVb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1499347570571,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_first_seen":1499347570571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":356,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347570,"pkt_ts_usec":571578,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l0FAAD4GLo+sEAABwKgKMuTsAFD4v6PuAAAAAKACchCnLgAAAgQFtAQCCAoBOzSvAAAAAAEDAwc="}
00444{"flow_id":356,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347570,"pkt_ts_usec":571722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Ow6nDyd+L+j76AScSAmywAAAgQFtAQCCAoD5QYkATs0rwEDAwc="}
00432{"flow_id":356,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5034,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347570,"pkt_ts_usec":572473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0JAAD4GLpasEAABwKgKMuTsAFD4v6PvOpw8noAQAOXF0gAAAQEICgE7NK8D5QYk"}
@@ -3167,46 +3167,46 @@
00432{"flow_id":354,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347571,"pkt_ts_usec":770684,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bllAAD4GV3+sEAABwKgKMuTEAFDBpl684iwMIoARAOXNyQAAAQEICgE7NdoD5QJh"}
00432{"flow_id":354,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5045,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347571,"pkt_ts_usec":770902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0C3JAAEAGuGbAqAoyrBAAAQBQ5MTiLAwiwaZevYARAOPI2wAAAQEICgPlB1ABOzXa"}
00432{"flow_id":354,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5046,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347571,"pkt_ts_usec":771447,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0blpAAD4GV36sEAABwKgKMuTEAFDBpl694iwMI4AQAOXI2AAAAQEICgE7NdsD5QdQ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1499347573065,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":1,"flow_first_seen":1499347573065,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":357,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5053,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347573,"pkt_ts_usec":65713,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8STJAAD4GfJ6sEAABwKgKMuUGAFCilH4sAAAAAKACchAgkwAAAgQFtAQCCAoBOzceAAAAAAEDAwc="}
00444{"flow_id":357,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5054,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347573,"pkt_ts_usec":65885,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Qbzm\/YPopR+LaAScSArTgAAAgQFtAQCCAoD5QiTATs3HgEDAwc="}
00431{"flow_id":357,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5055,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347573,"pkt_ts_usec":66602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0STNAAD4GfKWsEAABwKgKMuUGAFCilH4t85v2EIAQAOXKVQAAAQEICgE7Nx4D5QiT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1499347574366,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":1,"flow_first_seen":1499347574366,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":358,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":366801,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8umZAAD4GC2qsEAABwKgKMuUaAFCmeIIFAAAAAKACchAXfQAAAgQFtAQCCAoBOzhjAAAAAAEDAwc="}
00444{"flow_id":358,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":366958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5RoJ5n+MpniCBqAScSCBKwAAAgQFtAQCCAoD5QnZATs4YwEDAwc="}
00433{"flow_id":358,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5064,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":367683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0umdAAD4GC3GsEAABwKgKMuUaAFCmeIIGCeZ\/jYAQAOUgMgAAAQEICgE7OGQD5QnZ"}
00432{"flow_id":355,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":771243,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g3BAAD4GQmisEAABwKgKMuTeAFCWQ7AZ6usZ5IARAOWLuwAAAQEICgE7OMkD5QTr"}
00433{"flow_id":355,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5069,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":771460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0E9pAAEAGr\/7AqAoyrBAAAQBQ5N7q6xnklkOwGoARAOOGaQAAAQEICgPlCj4BOzjJ"}
00432{"flow_id":355,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5070,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347574,"pkt_ts_usec":772050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0g3FAAD4GQmesEAABwKgKMuTeAFCWQ7Aa6usZ5YAQAOWGZwAAAQEICgE7OMkD5Qo+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1499347575652,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_first_seen":1499347575652,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":359,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":652327,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XdZAAD4GZ\/qsEAABwKgKMuUoAFDuGWRzAAAAAKACchDsHQAAAgQFtAQCCAoBOzmlAAAAAAEDAwc="}
00444{"flow_id":359,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":652445,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5Sh6374H7hlkdKAScSClFgAAAgQFtAQCCAoD5QsaATs5pQEDAwc="}
00432{"flow_id":359,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5076,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":653228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XddAAD4GaAGsEAABwKgKMuUoAFDuGWR0et++CIAQAOVEHgAAAQEICgE7OaUD5Qsa"}
00432{"flow_id":356,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5080,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":771657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0NAAD4GLpWsEAABwKgKMuTsAFD4v6PvOpw8noARAOXAvQAAAQEICgE7OcMD5QYk"}
00432{"flow_id":356,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5081,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":771929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0N6ZAAEAGjDLAqAoyrBAAAQBQ5Ow6nDye+L+j8IARAOO7qgAAAQEICgPlCzgBOznD"}
00432{"flow_id":356,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5082,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347575,"pkt_ts_usec":772692,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l0RAAD4GLpSsEAABwKgKMuTsAFD4v6PwOpw8n4AQAOW7qAAAAQEICgE7OcMD5Qs4"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1499347578164,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":6,"flow_first_seen":1499347442626,"flow_last_seen":1499347447735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":6,"flow_first_seen":1499347445158,"flow_last_seen":1499347450735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57264,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":6,"flow_first_seen":1499347446419,"flow_last_seen":1499347451735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":6,"flow_first_seen":1499347447671,"flow_last_seen":1499347452736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":6,"flow_first_seen":1499347450180,"flow_last_seen":1499347455736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":6,"flow_first_seen":1499347451427,"flow_last_seen":1499347456736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":6,"flow_first_seen":1499347452731,"flow_last_seen":1499347457736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_first_seen":1499347578164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":360,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5092,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":164099,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86A1AAD4G3cKsEAABwKgKMuVCAFCbVdQUAAAAAKACchDMsgAAAgQFtAQCCAoBOzwZAAAAAAEDAwc="}
00444{"flow_id":360,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5093,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":164225,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5UJIGXyrm1XUFaAScSD3WQAAAgQFtAQCCAoD5Q2OATs8GQEDAwc="}
00432{"flow_id":360,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5095,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":165963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06A5AAD4G3cmsEAABwKgKMuVCAFCbVdQVSBl8rIAQAOWWYQAAAQEICgE7PBkD5Q2O"}
00432{"flow_id":357,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5098,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":772953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0STRAAD4GfKSsEAABwKgKMuUGAFCilH4t85v2EIARAOXEwQAAAQEICgE7PLED5QiT"}
00434{"flow_id":357,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5099,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":773242,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+DZAAEAGy6HAqAoyrBAAAQBQ5Qbzm\/YQopR+LoARAOO\/LwAAAQEICgPlDiYBOzyx"}
00433{"flow_id":357,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5100,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347578,"pkt_ts_usec":774083,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0STVAAD4GfKOsEAABwKgKMuUGAFCilH4u85v2EYAQAOW\/LQAAAQEICgE7PLED5Q4m"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1499347579405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":1,"flow_first_seen":1499347579405,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":361,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":405941,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mitAAD4GK6WsEAABwKgKMuVQAFAuJKdkAAAAAKACchBlUAAAAgQFtAQCCAoBOz1PAAAAAAEDAwc="}
00444{"flow_id":361,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5105,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":406073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5VD8Ip+YLiSnZaAScSC3ygAAAgQFtAQCCAoD5Q7EATs9TwEDAwc="}
00433{"flow_id":361,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5106,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":406936,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mixAAD4GK6ysEAABwKgKMuVQAFAuJKdl\/CKfmYAQAOVW0gAAAQEICgE7PU8D5Q7E"}
@@ -3214,7 +3214,7 @@
00432{"flow_id":358,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5111,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":774138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cK1AAEAGUyvAqAoyrBAAAQBQ5RoJ5n+NpniCB4AQAOMVpAAAAQEICgPlDyEBOz2r"}
00432{"flow_id":358,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5112,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":774157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cK5AAEAGUyrAqAoyrBAAAQBQ5RoJ5n+NpniCB4ARAOMVowAAAQEICgPlDyEBOz2r"}
00433{"flow_id":358,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5113,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347579,"pkt_ts_usec":775041,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TuJAAD4GdvasEAABwKgKMuUaAFCmeIIHCeZ\/joAQAOUVoQAAAQEICgE7PasD5Q8h"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1499347580693,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":1,"flow_first_seen":1499347580693,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":362,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":693907,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ma5AAD4GlCKsEAABwKgKMuVeAFCEtA8\/AAAAAKACchCllQAAAgQFtAQCCAoBOz6RAAAAAAEDAwc="}
00444{"flow_id":362,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5118,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":694030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5V5F9x9ShLQPQKAScSAtQAAAAgQFtAQCCAoD5RAGATs+kQEDAwc="}
00432{"flow_id":362,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5120,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":694951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ma9AAD4GlCmsEAABwKgKMuVeAFCEtA9ARfcfU4AQAOXMRwAAAQEICgE7PpED5RAG"}
@@ -3222,7 +3222,7 @@
00432{"flow_id":359,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5124,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":774120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rhJAAEAGFcbAqAoyrBAAAQBQ5Sh6374I7hlkdYAQAOM6HgAAAQEICgPlEBsBOz6l"}
00432{"flow_id":359,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5125,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":774189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rhNAAEAGFcXAqAoyrBAAAQBQ5Sh6374I7hlkdYARAOM6HQAAAQEICgPlEBsBOz6l"}
00432{"flow_id":359,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5126,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347580,"pkt_ts_usec":775929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T0RAAD4GdpSsEAABwKgKMuUoAFDuGWR1et++CYAQAOU6GgAAAQEICgE7PqYD5RAb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1499347583209,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":1,"flow_first_seen":1499347583209,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":363,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5137,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":209798,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8hK5AAD4GQSKsEAABwKgKMuV4AFAxSsWoAAAAAKACchBABwAAAgQFtAQCCAoBO0EGAAAAAAEDAwc="}
00444{"flow_id":363,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":209950,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5XgjIturMUrFqaAScSAruAAAAgQFtAQCCAoD5RJ7ATtBBgEDAwc="}
00432{"flow_id":363,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5139,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":211815,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hK9AAD4GQSmsEAABwKgKMuV4AFAxSsWpIyLbrIAQAOXKvgAAAQEICgE7QQcD5RJ7"}
@@ -3230,38 +3230,38 @@
00432{"flow_id":360,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":774140,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0b6RAAEAGVDTAqAoyrBAAAQBQ5UJIGXysm1XUFoAQAOOLbQAAAQEICgPlEwkBO0GT"}
00432{"flow_id":360,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":774143,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0b6VAAEAGVDPAqAoyrBAAAQBQ5UJIGXysm1XUFoARAOOLbAAAAQEICgPlEwkBO0GT"}
00432{"flow_id":360,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5146,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347583,"pkt_ts_usec":775842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UDxAAD4GdZysEAABwKgKMuVCAFCbVdQWSBl8rYAQAOWLaQAAAQEICgE7QZQD5RMJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1499347584472,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_first_seen":1499347584472,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":364,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":472745,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XXVAAD4GaFusEAABwKgKMuWGAFAsKR83AAAAAKACchDqTwAAAgQFtAQCCAoBO0JCAAAAAAEDAwc="}
00444{"flow_id":364,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":472897,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5YYTf0ohLCkfOKAScSB18gAAAgQFtAQCCAoD5RO3ATtCQgEDAwc="}
00432{"flow_id":364,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":473785,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XXZAAD4GaGKsEAABwKgKMuWGAFAsKR84E39KIoAQAOUU+gAAAQEICgE7QkID5RO3"}
00433{"flow_id":361,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5156,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":774761,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mi1AAD4GK6usEAABwKgKMuVQAFAuJKdl\/CKfmYARAOVRkwAAAQEICgE7Qo0D5Q7E"}
00432{"flow_id":361,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5157,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":774977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0i5pAAEAGOD7AqAoyrBAAAQBQ5VD8Ip+ZLiSnZoARAONMVQAAAQEICgPlFAMBO0KN"}
00433{"flow_id":361,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5158,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347584,"pkt_ts_usec":775812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mi5AAD4GK6qsEAABwKgKMuVQAFAuJKdm\/CKfmoAQAOVMUgAAAQEICgE7Qo4D5RQD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1499347585744,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_first_seen":1499347585744,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":365,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5162,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":744968,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CJdAAD4GvTmsEAABwKgKMuWUAFD9vEsXAAAAAKACchDrjwAAAgQFtAQCCAoBO0OAAAAAAAEDAwc="}
00445{"flow_id":365,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5163,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":745063,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ZQRxaCL\/bxLGKAScSAhRAAAAgQFtAQCCAoD5RT1ATtDgAEDAwc="}
00432{"flow_id":365,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5165,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":746751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJhAAD4GvUCsEAABwKgKMuWUAFD9vEsYEcWgjIAQAOXASwAAAQEICgE7Q4AD5RT1"}
00432{"flow_id":362,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5168,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":774888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbBAAD4GlCisEAABwKgKMuVeAFCEtA9ARfcfU4ARAOXHUAAAAQEICgE7Q4cD5RAG"}
00432{"flow_id":362,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5169,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":775086,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0C65AAEAGuCrAqAoyrBAAAQBQ5V5F9x9ThLQPQYARAOPCWgAAAQEICgPlFP0BO0OH"}
00432{"flow_id":362,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5170,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347585,"pkt_ts_usec":776772,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbFAAD4GlCesEAABwKgKMuVeAFCEtA9BRfcfVIAQAOXCVwAAAQEICgE7Q4gD5RT9"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1499347588270,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":6,"flow_first_seen":1499347455224,"flow_last_seen":1499347460737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":6,"flow_first_seen":1499347456462,"flow_last_seen":1499347461738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":6,"flow_first_seen":1499347457705,"flow_last_seen":1499347462738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":6,"flow_first_seen":1499347460253,"flow_last_seen":1499347465739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5177,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":6,"flow_first_seen":1499347461508,"flow_last_seen":1499347466739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_first_seen":1499347588270,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":366,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5180,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":270699,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nX9AAD4GKFGsEAABwKgKMuWuAFBMCdiIAAAAAKACchANQQAAAgQFtAQCCAoBO0X3AAAAAAEDAwc="}
00444{"flow_id":366,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":270799,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5a7qCbUZTAnYiaAScSBTqgAAAgQFtAQCCAoD5RdtATtF9wEDAwc="}
00432{"flow_id":366,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5183,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":271716,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nYBAAD4GKFisEAABwKgKMuWuAFBMCdiJ6gm1GoAQAOXysAAAAQEICgE7RfgD5Rdt"}
00432{"flow_id":363,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5186,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":774723,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hLBAAD4GQSisEAABwKgKMuV4AFAxSsWpIyLbrIARAOXFTwAAAQEICgE7RnUD5RJ7"}
00433{"flow_id":363,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5187,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":774971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zEdAAEAG95DAqAoyrBAAAQBQ5XgjItusMUrFqoARAOO\/4AAAAQEICgPlF+sBO0Z1"}
00433{"flow_id":363,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5188,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347588,"pkt_ts_usec":776643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0hLFAAD4GQSesEAABwKgKMuV4AFAxSsWqIyLbrYAQAOW\/3QAAAQEICgE7RnYD5Rfr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1499347589555,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_first_seen":1499347589555,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":367,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347589,"pkt_ts_usec":555860,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QWlAAD4GhGesEAABwKgKMuW8AFCYtAZQAAAAAKACchCRfgAAAgQFtAQCCAoBO0c5AAAAAAEDAwc="}
00444{"flow_id":367,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5193,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347589,"pkt_ts_usec":555987,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5bxlqZ52mLQGUaAScSBxqgAAAgQFtAQCCAoD5RiuATtHOQEDAwc="}
00432{"flow_id":367,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5194,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347589,"pkt_ts_usec":557644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QWpAAD4GhG6sEAABwKgKMuW8AFCYtAZRZamed4AQAOUQsgAAAQEICgE7RzkD5Riu"}
@@ -3271,105 +3271,105 @@
00432{"flow_id":365,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347590,"pkt_ts_usec":776161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJlAAD4GvT+sEAABwKgKMuWUAFD9vEsYEcWgjIARAOW7YAAAAQEICgE7SGoD5RT1"}
00433{"flow_id":365,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5205,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347590,"pkt_ts_usec":776336,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uVNAAEAGCoXAqAoyrBAAAQBQ5ZQRxaCM\/bxLGYARAOO2dwAAAQEICgPlGd8BO0hq"}
00432{"flow_id":365,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5206,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347590,"pkt_ts_usec":777155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CJpAAD4GvT6sEAABwKgKMuWUAFD9vEsZEcWgjYAQAOW2dQAAAQEICgE7SGoD5Rnf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1499347592060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_first_seen":1499347592060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":368,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5213,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347592,"pkt_ts_usec":60586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gghAAD4GQ8isEAABwKgKMuXWAFA6JsujAAAAAKACchAoLQAAAgQFtAQCCAoBO0mrAAAAAAEDAwc="}
00443{"flow_id":368,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5214,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347592,"pkt_ts_usec":60693,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5dZ5GzqJOibLpKAScSBWYgAAAgQFtAQCCAoD5RsgATtJqwEDAwc="}
00431{"flow_id":368,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5215,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347592,"pkt_ts_usec":61609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gglAAD4GQ8+sEAABwKgKMuXWAFA6JsukeRs6ioAQAOX1aQAAAQEICgE7SasD5Rsg"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1499347593330,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_first_seen":1499347593330,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":369,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5222,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":330555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8X5xAAD4GZjSsEAABwKgKMuXkAFAOABV0AAAAAKACchAJOAAAAgQFtAQCCAoBO0roAAAAAAEDAwc="}
00444{"flow_id":369,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":330650,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5eQdKIqzDgAVdaAScSBB+AAAAgQFtAQCCAoD5RxeATtK6AEDAwc="}
00433{"flow_id":369,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":331567,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0X51AAD4GZjusEAABwKgKMuXkAFAOABV1HSiKtIAQAOXg\/gAAAQEICgE7SukD5Rxe"}
00432{"flow_id":366,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5228,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":776580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nYFAAD4GKFesEAABwKgKMuWuAFBMCdiJ6gm1GoARAOXtTwAAAQEICgE7S1gD5Rdt"}
00432{"flow_id":366,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5229,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":776764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qddAAEAGGgHAqAoyrBAAAQBQ5a7qCbUaTAnYioARAOPn8AAAAQEICgPlHM0BO0tY"}
00432{"flow_id":366,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347593,"pkt_ts_usec":778543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nYJAAD4GKFasEAABwKgKMuWuAFBMCdiK6gm1G4AQAOXn7gAAAQEICgE7S1gD5RzN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1499347594595,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_first_seen":1499347594595,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":370,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5234,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":595504,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80FRAAD4G9XusEAABwKgKMuXyAFCOVJxwAAAAAKACchAAnQAAAgQFtAQCCAoBO0wkAAAAAAEDAwc="}
00444{"flow_id":370,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":595601,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5fJ5A+8AjlSccaAScSB3+AAAAgQFtAQCCAoD5R2aATtMJAEDAwc="}
00433{"flow_id":370,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5237,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":597549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00FVAAD4G9YKsEAABwKgKMuXyAFCOVJxxeQPvAYAQAOUW\/wAAAQEICgE7TCUD5R2a"}
00432{"flow_id":367,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5241,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":777501,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QWtAAD4GhG2sEAABwKgKMuW8AFCYtAZRZamed4ARAOULmAAAAQEICgE7TFID5Riu"}
00432{"flow_id":367,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5242,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":777693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0g7BAAEAGQCjAqAoyrBAAAQBQ5bxlqZ53mLQGUoARAOMGgAAAAQEICgPlHccBO0xS"}
00432{"flow_id":367,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5243,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347594,"pkt_ts_usec":779528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QWxAAD4GhGysEAABwKgKMuW8AFCYtAZSZameeIAQAOUGfQAAAQEICgE7TFMD5R3H"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1499347597121,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_first_seen":1499347597121,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":371,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5253,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":121690,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Xm5AAD4GZ2KsEAABwKgKMuYMAFDbqxDyAAAAAKACchA8MgAAAgQFtAQCCAoBO06cAAAAAAEDAwc="}
00444{"flow_id":371,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":121785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5gw3EDJr26sQ86AScSCvnwAAAgQFtAQCCAoD5SARATtOnAEDAwc="}
00432{"flow_id":371,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5255,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":122377,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Xm9AAD4GZ2msEAABwKgKMuYMAFDbqxDzNxAybIAQAOVOpwAAAQEICgE7TpwD5SAR"}
00432{"flow_id":368,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5259,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":778478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ggpAAD4GQ86sEAABwKgKMuXWAFA6JsukeRs6ioARAOXv0wAAAQEICgE7T0AD5Rsg"}
00432{"flow_id":368,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5260,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":778673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GjxAAEAGqZzAqAoyrBAAAQBQ5dZ5GzqKOibLpYARAOPqPgAAAQEICgPlILYBO09A"}
00432{"flow_id":368,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5261,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347597,"pkt_ts_usec":780448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ggtAAD4GQ82sEAABwKgKMuXWAFA6JsuleRs6i4AQAOXqOwAAAQEICgE7T0ED5SC2"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1499347598383,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":6,"flow_first_seen":1499347462759,"flow_last_seen":1499347468740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":6,"flow_first_seen":1499347465304,"flow_last_seen":1499347470740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":6,"flow_first_seen":1499347466553,"flow_last_seen":1499347471741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":6,"flow_first_seen":1499347467793,"flow_last_seen":1499347473742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":6,"flow_first_seen":1499347469060,"flow_last_seen":1499347474742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":7,"flow_first_seen":1499347470328,"flow_last_seen":1499347475742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":6,"flow_first_seen":1499347471594,"flow_last_seen":1499347476742,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_first_seen":1499347598383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":372,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":383395,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jLdAAD4GORmsEAABwKgKMuYaAFCJpsNgAAAAAKACchDafwAAAgQFtAQCCAoBO0\/XAAAAAAEDAwc="}
00444{"flow_id":372,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":383530,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5hrRW5D8iabDYaAScSBT1AAAAgQFtAQCCAoD5SFNATtP1wEDAwc="}
00433{"flow_id":372,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5268,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":385443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jLhAAD4GOSCsEAABwKgKMuYaAFCJpsNh0VuQ\/YAQAOXy2gAAAQEICgE7T9gD5SFN"}
00432{"flow_id":369,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5271,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":779373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0X55AAD4GZjqsEAABwKgKMuXkAFAOABV1HSiKtIARAOXbrAAAAQEICgE7UDoD5Rxe"}
00432{"flow_id":369,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":780803,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qwRAAEAGGNTAqAoyrBAAAQBQ5eQdKIq0DgAVdoARAOPWWwAAAQEICgPlIbABO1A6"}
00432{"flow_id":369,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5273,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347598,"pkt_ts_usec":782430,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0X59AAD4GZjmsEAABwKgKMuXkAFAOABV2HSiKtYAQAOXWWAAAAQEICgE7UDsD5SGw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1499347599663,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_first_seen":1499347599663,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":373,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":663313,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjVAAD4GG5usEAABwKgKMuYoAFAgjfstAAAAAKACchAKfQAAAgQFtAQCCAoBO1EYAAAAAAEDAwc="}
00445{"flow_id":373,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5278,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":663410,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5igR\/+x3II37LqAScSDmcgAAAgQFtAQCCAoD5SKNATtRGAEDAwc="}
00433{"flow_id":373,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5279,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":664389,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjZAAD4GG6KsEAABwKgKMuYoAFAgjfsuEf\/seIAQAOWFegAAAQEICgE7URgD5SKN"}
00432{"flow_id":370,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5283,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":778631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00FZAAD4G9YGsEAABwKgKMuXyAFCOVJxxeQPvAYARAOUR7wAAAQEICgE7UTQD5R2a"}
00432{"flow_id":370,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":778803,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zatAAEAG9izAqAoyrBAAAQBQ5fJ5A+8BjlSccoARAOMM4AAAAQEICgPlIqoBO1E0"}
00432{"flow_id":370,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5285,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347599,"pkt_ts_usec":780363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00FdAAD4G9YCsEAABwKgKMuXyAFCOVJxyeQPvAoAQAOUM3QAAAQEICgE7UTUD5SKq"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1499347602223,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_first_seen":1499347602223,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":374,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5295,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":223242,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZzNAAD4GXp2sEAABwKgKMuZCAFA0xTSkAAAAAKACchC6NQAAAgQFtAQCCAoBO1OXAAAAAAEDAwc="}
00444{"flow_id":374,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":223398,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5kLiWaZmNMU0paAScSAJYgAAAgQFtAQCCAoD5SUNATtTlwEDAwc="}
00432{"flow_id":374,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":224286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZzRAAD4GXqSsEAABwKgKMuZCAFA0xTSl4lmmZ4AQAOWoaAAAAQEICgE7U5gD5SUN"}
00432{"flow_id":371,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5301,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":779304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XnBAAD4GZ2isEAABwKgKMuYMAFDbqxDzNxAybIARAOVJHwAAAQEICgE7VCMD5SAR"}
00433{"flow_id":371,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5302,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":779522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0F\/RAAEAGq+TAqAoyrBAAAQBQ5gw3EDJs26sQ9IARAONDmQAAAQEICgPlJZgBO1Qj"}
00432{"flow_id":371,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5303,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347602,"pkt_ts_usec":781318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XnFAAD4GZ2esEAABwKgKMuYMAFDbqxD0NxAybYAQAOVDlwAAAQEICgE7VCMD5SWY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1499347603507,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_first_seen":1499347603507,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":375,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":507258,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rD1AAD4GGZOsEAABwKgKMuZQAFBpufjkAAAAAKACchC\/sAAAAgQFtAQCCAoBO1TZAAAAAAEDAwc="}
00444{"flow_id":375,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":507382,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5lDEx3+iabn45aAScSBR8gAAAgQFtAQCCAoD5SZOATtU2QEDAwc="}
00433{"flow_id":375,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":508295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rD5AAD4GGZqsEAABwKgKMuZQAFBpufjlxMd\/o4AQAOXw+QAAAQEICgE7VNkD5SZO"}
00433{"flow_id":372,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5313,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":780270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jLlAAD4GOR+sEAABwKgKMuYaAFCJpsNh0VuQ\/YARAOXtlAAAAQEICgE7VR0D5SFN"}
00432{"flow_id":372,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5314,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":780495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tm9AAEAGDWnAqAoyrBAAAQBQ5hrRW5D9iabDYoARAOPoUAAAAQEICgPlJpIBO1Ud"}
00433{"flow_id":372,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5315,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347603,"pkt_ts_usec":782244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jLpAAD4GOR6sEAABwKgKMuYaAFCJpsNi0VuQ\/oAQAOXoTgAAAQEICgE7VR0D5SaS"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1499347604752,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_first_seen":1499347604752,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":376,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5319,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":752176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ltJAAD4GLv6sEAABwKgKMuZeAFCga8DCAAAAAKACchC\/2wAAAgQFtAQCCAoBO1YQAAAAAAEDAwc="}
00444{"flow_id":376,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5320,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":752334,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5l5oMbaJoGvAw6AScSB2lQAAAgQFtAQCCAoD5SeFATtWEAEDAwc="}
00432{"flow_id":376,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5321,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":753219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ltNAAD4GLwWsEAABwKgKMuZeAFCga8DDaDG2ioAQAOUVnQAAAQEICgE7VhAD5SeF"}
00433{"flow_id":373,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5325,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":781251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjdAAD4GG6GsEAABwKgKMuYoAFAgjfsuEf\/seIARAOWAegAAAQEICgE7VhcD5SKN"}
00434{"flow_id":373,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":781350,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0y\/RAAEAG9+PAqAoyrBAAAQBQ5igR\/+x4II37L4ARAON7fAAAAQEICgPlJ4wBO1YX"}
00433{"flow_id":373,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5327,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347604,"pkt_ts_usec":783249,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjhAAD4GG6CsEAABwKgKMuYoAFAgjfsvEf\/seYAQAOV7eQAAAQEICgE7VhgD5SeM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1499347606078,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_first_seen":1499347606078,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":377,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5331,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347606,"pkt_ts_usec":78239,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83l9AAD4G53CsEAABwKgKMuZsAFA9+okEAAAAAKACchBYsgAAAgQFtAQCCAoBO1dbAAAAAAEDAwc="}
00443{"flow_id":377,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5332,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347606,"pkt_ts_usec":78341,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5mwyfi78PfqJBaAScSDLYAAAAgQFtAQCCAoD5SjRATtXWwEDAwc="}
00432{"flow_id":377,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5334,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347606,"pkt_ts_usec":80191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03mBAAD4G53esEAABwKgKMuZsAFA9+okFMn4u\/YAQAOVqZwAAAQEICgE7V1wD5SjR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1499347607344,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_first_seen":1499347607344,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":378,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5341,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":344496,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8neJAAD4GJ+6sEAABwKgKMuZ6AFBKtMV6AAAAAKACchAONwAAAgQFtAQCCAoBO1iYAAAAAAEDAwc="}
00444{"flow_id":378,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5342,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":344622,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5nrlgxvESrTFe6AScSDf2wAAAgQFtAQCCAoD5SoNATtYmAEDAwc="}
00433{"flow_id":378,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":345382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neNAAD4GJ\/WsEAABwKgKMuZ6AFBKtMV75YMbxYAQAOV+4wAAAQEICgE7WJgD5SoN"}
00432{"flow_id":374,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5347,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":782088,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZzVAAD4GXqOsEAABwKgKMuZCAFA0xTSl4lmmZ4ARAOWi+gAAAQEICgE7WQUD5SUN"}
00432{"flow_id":374,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5348,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":782329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0jBxAAEAGN7zAqAoyrBAAAQBQ5kLiWaZnNMU0poARAOOdjQAAAQEICgPlKnsBO1kF"}
00432{"flow_id":374,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347607,"pkt_ts_usec":783132,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZzZAAD4GXqKsEAABwKgKMuZCAFA0xTSm4lmmaIAQAOWdigAAAQEICgE7WQYD5Sp7"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_tot_l4_data_len":242617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":782,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1499347608596,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":310,"flow_first_seen":1499347419786,"flow_last_seen":1499347486791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232681,"flow_avg_l4_payload_len":750,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":56994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":6,"flow_first_seen":1499347474100,"flow_last_seen":1499347479744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":6,"flow_first_seen":1499347475384,"flow_last_seen":1499347480745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":6,"flow_first_seen":1499347476667,"flow_last_seen":1499347481745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":6,"flow_first_seen":1499347479172,"flow_last_seen":1499347484745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":6,"flow_first_seen":1499347480438,"flow_last_seen":1499347485746,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57644,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5350,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":6,"flow_first_seen":1499347481724,"flow_last_seen":1499347486747,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57658,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_first_seen":1499347608596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":379,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5353,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347608,"pkt_ts_usec":596103,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UBJAAD4Gdb6sEAABwKgKMuaIAFDT6AnDAAAAAKACchA\/cwAAAgQFtAQCCAoBO1nRAAAAAAEDAwc="}
00444{"flow_id":379,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347608,"pkt_ts_usec":596245,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5oh16C+h0+gJxKAScSBrnQAAAgQFtAQCCAoD5StGATtZ0QEDAwc="}
00432{"flow_id":379,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347608,"pkt_ts_usec":597153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UBNAAD4GdcWsEAABwKgKMuaIAFDT6AnEdegvooAQAOUKpQAAAQEICgE7WdED5StG"}
@@ -3379,21 +3379,21 @@
00432{"flow_id":376,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347609,"pkt_ts_usec":783073,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ltRAAD4GLwSsEAABwKgKMuZeAFCga8DDaDG2ioARAOUQsgAAAQEICgE7WvoD5SeF"}
00432{"flow_id":376,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5366,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347609,"pkt_ts_usec":783271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0muVAAEAGKPPAqAoyrBAAAQBQ5l5oMbaKoGvAxIARAOMLyQAAAQEICgPlLG8BO1r6"}
00432{"flow_id":376,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347609,"pkt_ts_usec":784116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ltVAAD4GLwOsEAABwKgKMuZeAFCga8DEaDG2i4AQAOULxwAAAQEICgE7WvoD5Sxv"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1499347611162,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_first_seen":1499347611162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":380,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5374,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":162032,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8at5AAD4GWvKsEAABwKgKMuaiAFBCbDaMAAAAAKACchChiwAAAgQFtAQCCAoBO1xSAAAAAAEDAwc="}
00445{"flow_id":380,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5375,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":162175,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5qKcQtTMQmw2jaAScSD\/rQAAAgQFtAQCCAoD5S3IATtcUgEDAwc="}
00432{"flow_id":380,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5376,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":163094,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0at9AAD4GWvmsEAABwKgKMuaiAFBCbDaNnELUzYAQAOWetAAAAQEICgE7XFMD5S3I"}
00433{"flow_id":377,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":784999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03mFAAD4G53asEAABwKgKMuZsAFA9+okFMn4u\/YARAOVk1AAAAQEICgE7XO4D5SjR"}
00432{"flow_id":377,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5382,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":785240,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0AJ5AAEAGwzrAqAoyrBAAAQBQ5mwyfi79PfqJBoARAONfQwAAAQEICgPlLmMBO1zu"}
00433{"flow_id":377,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5383,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347611,"pkt_ts_usec":787086,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03mJAAD4G53WsEAABwKgKMuZsAFA9+okGMn4u\/oAQAOVfQAAAAQEICgE7XO8D5S5j"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1499347612465,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_first_seen":1499347612465,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":381,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5387,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":465993,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dipAAD4GT6asEAABwKgKMuawAFAlJSuyAAAAAKACchDIWAAAAgQFtAQCCAoBO12YAAAAAAEDAwc="}
00444{"flow_id":381,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5388,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":466127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5rAZOYT0JSUrs6AScSD4FwAAAgQFtAQCCAoD5S8NATtdmAEDAwc="}
00432{"flow_id":381,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5390,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":467026,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ditAAD4GT62sEAABwKgKMuawAFAlJSuzGTmE9YAQAOWXHgAAAQEICgE7XZkD5S8N"}
00433{"flow_id":378,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":783999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neRAAD4GJ\/SsEAABwKgKMuZ6AFBKtMV75YMbxYARAOV5kgAAAQEICgE7XegD5SoN"}
00432{"flow_id":378,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":784293,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NJhAAEAGj0DAqAoyrBAAAQBQ5nrlgxvFSrTFfIARAON0QwAAAQEICgPlL10BO13o"}
00433{"flow_id":378,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347612,"pkt_ts_usec":785000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0neVAAD4GJ\/OsEAABwKgKMuZ6AFBKtMV85YMbxoAQAOV0QQAAAQEICgE7XegD5S9d"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1499347613718,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_first_seen":1499347613718,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":382,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347613,"pkt_ts_usec":718984,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VmlAAD4Gb2esEAABwKgKMua+AFCqCgi7AAAAAKACchBlIgAAAgQFtAQCCAoBO17SAAAAAAEDAwc="}
00444{"flow_id":382,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347613,"pkt_ts_usec":719118,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5r4KHPZlqgoIvKAScSAxUwAAAgQFtAQCCAoD5TBHATte0gEDAwc="}
00432{"flow_id":382,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347613,"pkt_ts_usec":719991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmpAAD4Gb26sEAABwKgKMua+AFCqCgi8Chz2ZoAQAOXQWgAAAQEICgE7XtID5TBH"}
@@ -3401,11 +3401,11 @@
00433{"flow_id":379,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5407,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347613,"pkt_ts_usec":785216,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0H\/VAAEAGo+PAqAoyrBAAAQBQ5oh16C+i0+gJxYARAOMAgwAAAQEICgPlMFcBO17i"}
00432{"flow_id":379,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5408,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347613,"pkt_ts_usec":787038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UBVAAD4GdcOsEAABwKgKMuaIAFDT6AnFdegvo4AQAOUAgAAAAQEICgE7XuMD5TBX"}
00947{"flow_id":380,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347615,"pkt_ts_usec":984897,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzauBAAD4GWXmsEAABwKgKMuaiAFBCbDaNnELUzYAYAOVJBwAAAQEICgE7YQgD5S3IR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5418,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":4,"flow_first_seen":1499347611162,"flow_last_seen":1499347615984,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":380,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5419,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347615,"pkt_ts_usec":985035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05rBAAEAG3SfAqAoyrBAAAQBQ5qKcQtTNQmw4DIAQAOuTxQAAAQEICgPlMn0BO2EI"}
02829{"flow_id":380,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5420,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347615,"pkt_ts_usec":987909,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcf5rFAAEAG1jvAqAoyrBAAAQBQ5qKcQtTNQmw4DIAYAOt9\/QAAAQEICgPlMn4BO2EISFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI2OjU1IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00432{"flow_id":380,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5421,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347615,"pkt_ts_usec":990887,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0auFAAD4GWvesEAABwKgKMuaiAFBCbDgMnELbuIAQAQCMwwAAAQEICgE7YQkD5TJ+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1499347616210,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":1,"flow_first_seen":1499347616210,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":383,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5422,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347616,"pkt_ts_usec":210936,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YLdAAD4GZRmsEAABwKgKMubYAFBJnwH3AAAAAKACchDJyQAAAgQFtAQCCAoBO2FAAAAAAAEDAwc="}
00444{"flow_id":383,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347616,"pkt_ts_usec":211064,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5thWFuJlSZ8B+KAScSBbkQAAAgQFtAQCCAoD5TK2ATthQAEDAwc="}
01215{"flow_id":380,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5424,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347616,"pkt_ts_usec":212886,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9auJAAD4GWK2sEAABwKgKMuaiAFBCbDgMnELbuIAYAQC6dAAAAQEICgE7YUED5TJ+R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdPOThIRDBHOUVKN01ORjdOTzRaNjg3WUJQVUVYT0MzUVlHWldCNlAxVUU2WUo0MzdGOCUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
@@ -3416,7 +3416,7 @@
00948{"flow_id":380,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5429,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":223837,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzauVAAD4GWXSsEAABwKgKMuaiAFBCbDpVnELjBYAYAS4wmQAAAQEICgE7Yj4D5TK3R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":380,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5430,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":227014,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAce5rVAAEAG1jjAqAoyrBAAAQBQ5qKcQuMFQmw71IAYAP19\/AAAAQEICgPlM7QBO2I+SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI2OjU3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":380,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5431,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":227908,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0auZAAD4GWvKsEAABwKgKMuaiAFBCbDvUnELp74AQAUl4DwAAAQEICgE7Yj8D5TO0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1499347617491,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":1,"flow_first_seen":1499347617491,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":384,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5432,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":491735,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8VDpAAD4GcZasEAABwKgKMubmAFD8gja7AAAAAKACchDg0gAAAgQFtAQCCAoBO2KBAAAAAAEDAwc="}
00445{"flow_id":384,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5433,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":491896,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5ubMDNHo\/II2vKAScSAL4QAAAgQFtAQCCAoD5TP2ATtigQEDAwc="}
00432{"flow_id":384,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5434,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":492438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDtAAD4GcZ2sEAABwKgKMubmAFD8gja8zAzR6YAQAOWq6AAAAQEICgE7YoED5TP2"}
@@ -3424,193 +3424,193 @@
00432{"flow_id":381,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5438,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":784851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dixAAD4GT6ysEAABwKgKMuawAFAlJSuzGTmE9YARAOWR7AAAAQEICgE7YsoD5S8N"}
00432{"flow_id":381,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5439,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":785117,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sMpAAEAGEw7AqAoyrBAAAQBQ5rAZOYT1JSUrtIARAOOMuwAAAQEICgPlND8BO2LK"}
00433{"flow_id":381,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347617,"pkt_ts_usec":785866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0di1AAD4GT6usEAABwKgKMuawAFAlJSu0GTmE9oAQAOWMuQAAAQEICgE7YsoD5TQ\/"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1499347618757,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":6,"flow_first_seen":1499347485533,"flow_last_seen":1499347490747,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":6,"flow_first_seen":1499347486787,"flow_last_seen":1499347492748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57712,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":6,"flow_first_seen":1499347489408,"flow_last_seen":1499347494749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5441,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":6,"flow_first_seen":1499347490659,"flow_last_seen":1499347495749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":1,"flow_first_seen":1499347618757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":385,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5444,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":757865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UcRAAD4GdAysEAABwKgKMub0AFCevDJ5AAAAAKACchBBkQAAAgQFtAQCCAoBO2O9AAAAAAEDAwc="}
00444{"flow_id":385,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5445,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":757988,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5vRXo2m0nrwyeqAScSBIAQAAAgQFtAQCCAoD5TUyATtjvQEDAwc="}
00432{"flow_id":385,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5446,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":758844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcVAAD4GdBOsEAABwKgKMub0AFCevDJ6V6NptYAQAOXnBwAAAQEICgE7Y74D5TUy"}
00432{"flow_id":382,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5450,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":785797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmtAAD4Gb22sEAABwKgKMua+AFCqCgi8Chz2ZoARAOXLZwAAAQEICgE7Y8QD5TBH"}
00432{"flow_id":382,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5451,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":786046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0w19AAEAGAHnAqAoyrBAAAQBQ5r4KHPZmqgoIvYARAOPGdgAAAQEICgPlNTkBO2PE"}
00432{"flow_id":382,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5452,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347618,"pkt_ts_usec":787857,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VmxAAD4Gb2ysEAABwKgKMua+AFCqCgi9Chz2Z4AQAOXGcwAAAQEICgE7Y8UD5TU5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1499347621256,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":1,"flow_first_seen":1499347621256,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":386,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5462,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":256083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Hc9AAD4GqAGsEAABwKgKMucOAFD+NnvhAAAAAKACchCWIwAAAgQFtAQCCAoBO2YuAAAAAAEDAwc="}
00446{"flow_id":386,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5463,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":256213,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5w6DP0I9\/jZ74qAScSCV\/QAAAgQFtAQCCAoD5TejATtmLgEDAwc="}
00432{"flow_id":386,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5465,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":257749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HdBAAD4GqAisEAABwKgKMucOAFD+Nnvigz9CPoAQAOU1BQAAAQEICgE7Zi4D5Tej"}
00432{"flow_id":383,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5468,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":786690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YLlAAD4GZR+sEAABwKgKMubYAFBJnwH4VhbiZoARAOX1JQAAAQEICgE7ZrID5TK2"}
00432{"flow_id":383,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5469,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":786937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02k5AAEAG6YnAqAoyrBAAAQBQ5thWFuJmSZ8B+YARAOPvtAAAAQEICgPlOCgBO2ay"}
00432{"flow_id":383,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5470,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347621,"pkt_ts_usec":787739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YLpAAD4GZR6sEAABwKgKMubYAFBJnwH5VhbiZ4AQAOXvsQAAAQEICgE7ZrMD5Tgo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1499347622524,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":1,"flow_first_seen":1499347622524,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":387,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5475,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":524750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QPZAAD4GhNqsEAABwKgKMuccAFAFlCedAAAAAKACchDhvwAAAgQFtAQCCAoBO2drAAAAAAEDAwc="}
00444{"flow_id":387,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5476,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":524853,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5xwFxGkkBZQnnqAScSA28QAAAgQFtAQCCAoD5TjgATtnawEDAwc="}
00432{"flow_id":387,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5477,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":525754,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QPdAAD4GhOGsEAABwKgKMuccAFAFlCeeBcRpJYAQAOXV+AAAAQEICgE7Z2sD5Tjg"}
00432{"flow_id":384,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5481,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":786693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VDxAAD4GcZysEAABwKgKMubmAFD8gja8zAzR6YARAOWlvAAAAQEICgE7Z6wD5TP2"}
00433{"flow_id":384,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5482,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":786913,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06MtAAEAG2wzAqAoyrBAAAQBQ5ubMDNHp\/II2vYARAOOgkQAAAQEICgPlOSIBO2es"}
00432{"flow_id":384,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347622,"pkt_ts_usec":787780,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VD1AAD4GcZusEAABwKgKMubmAFD8gja9zAzR6oAQAOWgjgAAAQEICgE7Z60D5Tki"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1499347623786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":1,"flow_first_seen":1499347623786,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":388,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5487,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":786814,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EPlAAD4GtNesEAABwKgKMucqAFD89nheAAAAAKACchCYUQAAAgQFtAQCCAoBO2inAAAAAAEDAwc="}
00432{"flow_id":385,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5488,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":786845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcZAAD4GdBKsEAABwKgKMub0AFCevDJ6V6NptYARAOXiHQAAAQEICgE7aKcD5TUy"}
00445{"flow_id":388,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5489,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":786970,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5yptg31h\/PZ4X6AScSBwSgAAAgQFtAQCCAoD5TocATtopwEDAwc="}
00433{"flow_id":385,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5490,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":787075,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0U6lAAEAGcC\/AqAoyrBAAAQBQ5vRXo2m1nrwye4ARAOPdNAAAAQEICgPlOhwBO2in"}
00432{"flow_id":388,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5491,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":787747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EPpAAD4GtN6sEAABwKgKMucqAFD89nhfbYN9YoAQAOUPUgAAAQEICgE7aKcD5Toc"}
00432{"flow_id":385,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5493,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347623,"pkt_ts_usec":788694,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UcdAAD4GdBGsEAABwKgKMub0AFCevDJ7V6NptoAQAOXdMgAAAQEICgE7aKcD5Toc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1499347625094,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":1,"flow_first_seen":1499347625094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":389,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5499,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347625,"pkt_ts_usec":94633,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QvlAAD4GgtesEAABwKgKMuc4AFBpNSsUAAAAAKACchB4CQAAAgQFtAQCCAoBO2ntAAAAAAEDAwc="}
00443{"flow_id":389,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5500,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347625,"pkt_ts_usec":94757,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5zhhGRuGaTUrFaAScSC9AAAAAgQFtAQCCAoD5TtjATtp7QEDAwc="}
00431{"flow_id":389,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5502,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347625,"pkt_ts_usec":95655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QvpAAD4Ggt6sEAABwKgKMuc4AFBpNSsVYRkbh4AQAOVcBwAAAQEICgE7ae4D5Ttj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1499347626349,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":1,"flow_first_seen":1499347626349,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":390,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":349553,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CphAAD4GuzisEAABwKgKMudGAFA4VWG\/AAAAAKACchBw9gAAAgQFtAQCCAoBO2snAAAAAAEDAwc="}
00444{"flow_id":390,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5511,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":349704,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ50a6Rl2POFVhwKAScSAZfgAAAgQFtAQCCAoD5TycATtrJwEDAwc="}
00432{"flow_id":390,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5513,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":351639,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CplAAD4Guz+sEAABwKgKMudGAFA4VWHAukZdkIAQAOW4hAAAAQEICgE7aygD5Tyc"}
00432{"flow_id":386,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5516,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":787712,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HdFAAD4GqAesEAABwKgKMucOAFD+Nnvigz9CPoARAOUvnQAAAQEICgE7a5UD5Tej"}
00433{"flow_id":386,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5517,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":787955,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fzRAAEAGRKTAqAoyrBAAAQBQ5w6DP0I+\/jZ744ARAOMqNwAAAQEICgPlPQoBO2uV"}
00432{"flow_id":386,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5518,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347626,"pkt_ts_usec":789581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HdJAAD4GqAasEAABwKgKMucOAFD+Nnvjgz9CP4AQAOUqNQAAAQEICgE7a5UD5T0K"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1499347627616,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_first_seen":1499347627616,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":391,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5522,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":616552,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GbxAAD4GrBSsEAABwKgKMudUAFBilXXYAAAAAKACchAxUgAAAgQFtAQCCAoBO2xkAAAAAAEDAwc="}
00444{"flow_id":391,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5523,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":616713,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ51QwQXQsYpV12aAScSBMBQAAAgQFtAQCCAoD5T3ZATtsZAEDAwc="}
00432{"flow_id":391,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5524,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":617592,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb1AAD4GrBusEAABwKgKMudUAFBilXXZMEF0LYAQAOXrDAAAAQEICgE7bGQD5T3Z"}
00432{"flow_id":387,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5528,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":788628,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QPhAAD4GhOCsEAABwKgKMuccAFAFlCeeBcRpJYARAOXQ0wAAAQEICgE7bI8D5Tjg"}
00432{"flow_id":387,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5529,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":788816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VyFAAEAGbLfAqAoyrBAAAQBQ5xwFxGklBZQnn4ARAOPLsAAAAQEICgPlPgQBO2yP"}
00432{"flow_id":387,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5530,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347627,"pkt_ts_usec":790090,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QPlAAD4GhN+sEAABwKgKMuccAFAFlCefBcRpJoAQAOXLrgAAAQEICgE7bI8D5T4E"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":6,"flow_first_seen":1499347493167,"flow_last_seen":1499347498750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":6,"flow_first_seen":1499347494446,"flow_last_seen":1499347499749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":6,"flow_first_seen":1499347495714,"flow_last_seen":1499347500750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":6,"flow_first_seen":1499347498249,"flow_last_seen":1499347503750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":6,"flow_first_seen":1499347499500,"flow_last_seen":1499347504749,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5531,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":6,"flow_first_seen":1499347500770,"flow_last_seen":1499347506751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":388,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5534,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347628,"pkt_ts_usec":789510,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EPtAAD4GtN2sEAABwKgKMucqAFD89nhfbYN9YoARAOUKbwAAAQEICgE7bYkD5Toc"}
00433{"flow_id":388,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5535,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347628,"pkt_ts_usec":789755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Q5xAAEAGgDzAqAoyrBAAAQBQ5yptg31i\/PZ4YIARAOMFjgAAAQEICgPlPv4BO22J"}
00432{"flow_id":388,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5536,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347628,"pkt_ts_usec":791512,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EPxAAD4GtNysEAABwKgKMucqAFD89nhgbYN9Y4AQAOUFiwAAAQEICgE7bYoD5T7+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1499347630130,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_first_seen":1499347630130,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":392,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5543,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":130498,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rFRAAD4GGXysEAABwKgKMuduAFDOysKMAAAAAKACchB12gAAAgQFtAQCCAoBO27YAAAAAAEDAwc="}
00444{"flow_id":392,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":130686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5252igpmzsrCjaAScSCxlQAAAgQFtAQCCAoD5UBOATtu2AEDAwc="}
00432{"flow_id":392,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5546,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":131560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rFVAAD4GGYOsEAABwKgKMuduAFDOysKNdooKZ4AQAOVQnAAAAQEICgE7btkD5UBO"}
00432{"flow_id":389,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5549,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":790451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QvtAAD4Ggt2sEAABwKgKMuc4AFBpNSsVYRkbh4ARAOVWdwAAAQEICgE7b30D5Ttj"}
00432{"flow_id":389,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5550,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":790638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0W3RAAEAGaGTAqAoyrBAAAQBQ5zhhGRuHaTUrFoARAONQ6AAAAQEICgPlQPMBO299"}
00432{"flow_id":389,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5551,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347630,"pkt_ts_usec":791498,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QvxAAD4GgtysEAABwKgKMuc4AFBpNSsWYRkbiIAQAOVQ5QAAAQEICgE7b34D5UDz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1499347631388,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_first_seen":1499347631388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":393,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5555,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":388487,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+pxAAD4GyzOsEAABwKgKMud8AFDgpIqPAAAAAKACchCatAAAAgQFtAQCCAoBO3ATAAAAAAEDAwc="}
00444{"flow_id":393,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5556,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":388587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ53x5W3jF4KSKkKAScSBkBQAAAgQFtAQCCAoD5UGIATtwEwEDAwc="}
00432{"flow_id":393,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":389504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+p1AAD4GyzqsEAABwKgKMud8AFDgpIqQeVt4xoAQAOUDDQAAAQEICgE7cBMD5UGI"}
00432{"flow_id":390,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5561,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":790426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CppAAD4Guz6sEAABwKgKMudGAFA4VWHAukZdkIARAOWzNAAAAQEICgE7cHcD5Tyc"}
00432{"flow_id":390,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5562,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":790670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HH1AAEAGp1vAqAoyrBAAAQBQ50a6Rl2QOFVhwYARAOOt5AAAAQEICgPlQe0BO3B3"}
00432{"flow_id":390,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5563,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347631,"pkt_ts_usec":791524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CptAAD4Guz2sEAABwKgKMudGAFA4VWHBukZdkYAQAOWt4QAAAQEICgE7cHgD5UHt"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1499347632635,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_first_seen":1499347632635,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":394,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":635400,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d6hAAD4GTiisEAABwKgKMueKAFDGJwbjAAAAAKACchA3mAAAAgQFtAQCCAoBO3FLAAAAAAEDAwc="}
00444{"flow_id":394,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":635550,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ54oMamRgxicG5KAScSCBBwAAAgQFtAQCCAoD5ULAATtxSwEDAwc="}
00432{"flow_id":394,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5570,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":636428,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d6lAAD4GTi+sEAABwKgKMueKAFDGJwbkDGpkYYAQAOUgDwAAAQEICgE7cUsD5ULA"}
00433{"flow_id":391,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5574,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":790472,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb5AAD4GrBqsEAABwKgKMudUAFBilXXZMEF0LYARAOXl\/gAAAQEICgE7cXED5T3Z"}
00432{"flow_id":391,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5575,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":790693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NspAAEAGjQ7AqAoyrBAAAQBQ51QwQXQtYpV12oARAOPg8QAAAQEICgPlQucBO3Fx"}
00432{"flow_id":391,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5576,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347632,"pkt_ts_usec":792470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gb9AAD4GrBmsEAABwKgKMudUAFBilXXaMEF0LoAQAOXg7gAAAQEICgE7cXID5ULn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1499347635154,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_first_seen":1499347635154,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":395,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5587,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":154437,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84sRAAD4G4wusEAABwKgKMuekAFB1fpEEAAAAAKACchD7kAAAAgQFtAQCCAoBO3PAAAAAAAEDAwc="}
00444{"flow_id":395,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5588,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":154541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ56RhPiSidX6RBaAScSAtdAAAAgQFtAQCCAoD5UU2ATtzwAEDAwc="}
00432{"flow_id":395,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5590,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":156427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04sVAAD4G4xKsEAABwKgKMuekAFB1fpEFYT4ko4AQAOXMegAAAQEICgE7c8ED5UU2"}
00432{"flow_id":392,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5593,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":791343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rFZAAD4GGYKsEAABwKgKMuduAFDOysKNdooKZ4ARAOVLFAAAAQEICgE7dGAD5UBO"}
00432{"flow_id":392,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5594,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":791589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0T7JAAEAGdCbAqAoyrBAAAQBQ5252igpnzsrCjoARAONFjgAAAQEICgPlRdUBO3Rg"}
00432{"flow_id":392,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5595,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347635,"pkt_ts_usec":793357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rFdAAD4GGYGsEAABwKgKMuduAFDOysKOdooKaIAQAOVFjAAAAQEICgE7dGAD5UXV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1499347636429,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_first_seen":1499347636429,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":396,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":429330,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AchAAD4GxAisEAABwKgKMueyAFDHeXU3AAAAAKACchDEFQAAAgQFtAQCCAoBO3T\/AAAAAAEDAwc="}
00445{"flow_id":396,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5600,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":429497,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ57LbsY4Yx3l1OKAScSAQ0QAAAgQFtAQCCAoD5UZ0ATt0\/wEDAwc="}
00432{"flow_id":396,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5602,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":431328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AclAAD4GxA+sEAABwKgKMueyAFDHeXU427GOGYAQAOWv1wAAAQEICgE7dQAD5UZ0"}
00432{"flow_id":393,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5605,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":791351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+p5AAD4GyzmsEAABwKgKMud8AFDgpIqQeVt4xoARAOX9xAAAAQEICgE7dVoD5UGI"}
00433{"flow_id":393,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5606,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":791537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PglAAEAGhc\/AqAoyrBAAAQBQ53x5W3jG4KSKkYARAOP4fgAAAQEICgPlRs8BO3Va"}
00432{"flow_id":393,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5607,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347636,"pkt_ts_usec":793344,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+p9AAD4GyzisEAABwKgKMud8AFDgpIqReVt4x4AQAOX4fAAAAQEICgE7dVoD5UbP"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1499347637687,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_first_seen":1499347637687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":397,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":687348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0xAAD4GaoSsEAABwKgKMufAAFAySC12AAAAAKACchCfvwAAAgQFtAQCCAoBO3Y6AAAAAAEDAwc="}
00444{"flow_id":397,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":687451,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ58BffWshMkgtd6AScSCKawAAAgQFtAQCCAoD5UevATt2OgEDAwc="}
00432{"flow_id":397,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5613,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":688298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W01AAD4GaousEAABwKgKMufAAFAySC13X31rIoAQAOUpcwAAAQEICgE7djoD5Uev"}
00432{"flow_id":394,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5617,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":792330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d6pAAD4GTi6sEAABwKgKMueKAFDGJwbkDGpkYYARAOUbBQAAAQEICgE7dlQD5ULA"}
00433{"flow_id":394,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5618,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":792529,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0I6hAAEAGoDDAqAoyrBAAAQBQ54oMamRhxicG5YARAOMV\/QAAAQEICgPlR8kBO3ZU"}
00432{"flow_id":394,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5619,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347637,"pkt_ts_usec":795320,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d6tAAD4GTi2sEAABwKgKMueKAFDGJwblDGpkYoAQAOUV+wAAAQEICgE7dlQD5UfJ"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1499347640199,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":6,"flow_first_seen":1499347503273,"flow_last_seen":1499347508751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":6,"flow_first_seen":1499347504529,"flow_last_seen":1499347509751,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":6,"flow_first_seen":1499347505774,"flow_last_seen":1499347511753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57914,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":6,"flow_first_seen":1499347508344,"flow_last_seen":1499347513753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":6,"flow_first_seen":1499347509601,"flow_last_seen":1499347514754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5620,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":6,"flow_first_seen":1499347512081,"flow_last_seen":1499347517753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_first_seen":1499347640199,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":398,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5629,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":199189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81CZAAD4G8amsEAABwKgKMufaAFCvK6yIAAAAAKACchChOwAAAgQFtAQCCAoBO3iuAAAAAAEDAwc="}
00445{"flow_id":398,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5630,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":199289,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ59rwV\/OuryusiaAScSBwCwAAAgQFtAQCCAoD5UojATt4rgEDAwc="}
00432{"flow_id":398,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5632,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":200219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01CdAAD4G8bCsEAABwKgKMufaAFCvK6yJ8Ffzr4AQAOUPEwAAAQEICgE7eK4D5Uoj"}
00432{"flow_id":395,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":792217,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04sZAAD4G4xGsEAABwKgKMuekAFB1fpEFYT4ko4ARAOXG+AAAAQEICgE7eUID5UU2"}
00432{"flow_id":395,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5636,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":792433,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0bhRAAEAGVcTAqAoyrBAAAQBQ56RhPiSjdX6RBoARAOPBeAAAAQEICgPlSrcBO3lC"}
00432{"flow_id":395,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5637,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347640,"pkt_ts_usec":794239,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04sdAAD4G4xCsEAABwKgKMuekAFB1fpEGYT4kpIAQAOXBdgAAAQEICgE7eUID5Uq3"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1499347641440,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_first_seen":1499347641440,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":399,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5641,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":440192,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tE5AAD4GEYKsEAABwKgKMufoAFB3dM2qAAAAAKACchC2jAAAAgQFtAQCCAoBO3nkAAAAAAEDAwc="}
00444{"flow_id":399,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5642,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":440298,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5+hNQiold3TNq6AScSDwxQAAAgQFtAQCCAoD5UtZATt55AEDAwc="}
00432{"flow_id":399,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":442231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tE9AAD4GEYmsEAABwKgKMufoAFB3dM2rTUIqJoAQAOWPzQAAAQEICgE7eeQD5UtZ"}
00432{"flow_id":396,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5647,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":791382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AcpAAD4GxA6sEAABwKgKMueyAFDHeXU427GOGYARAOWqmgAAAQEICgE7ejwD5UZ0"}
00434{"flow_id":396,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5648,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":791607,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0xahAAEAG\/i\/AqAoyrBAAAQBQ57LbsY4Zx3l1OYARAOOlXgAAAQEICgPlS7EBO3o8"}
00432{"flow_id":396,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5649,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347641,"pkt_ts_usec":793151,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ActAAD4GxA2sEAABwKgKMueyAFDHeXU527GOGoAQAOWlXAAAAQEICgE7ejwD5Uux"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1499347642716,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_first_seen":1499347642716,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":400,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5653,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":716181,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SnNAAD4Ge12sEAABwKgKMuf2AFDcdDFQAAAAAKACchDsmQAAAgQFtAQCCAoBO3sjAAAAAAEDAwc="}
00445{"flow_id":400,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5654,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":716283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ5\/aPKcRJ3HQxUaAScSBJiAAAAgQFtAQCCAoD5UyYATt7IwEDAwc="}
00432{"flow_id":400,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5655,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":717159,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnRAAD4Ge2SsEAABwKgKMuf2AFDcdDFRjynESoAQAOXojwAAAQEICgE7eyMD5UyY"}
00432{"flow_id":397,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5659,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":792219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W05AAD4GaoqsEAABwKgKMufAAFAySC13X31rIoARAOUkdgAAAQEICgE7ezYD5Uev"}
00433{"flow_id":397,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":792357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0J4lAAEAGnE\/AqAoyrBAAAQBQ58BffWsiMkgteIARAOMfewAAAQEICgPlTKsBO3s2"}
00432{"flow_id":397,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347642,"pkt_ts_usec":795114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W09AAD4GaomsEAABwKgKMufAAFAySC14X31rI4AQAOUfeQAAAQEICgE7ezYD5Uyr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1499347645232,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_first_seen":1499347645232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":401,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5672,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":232370,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rz5AAD4GFpKsEAABwKgKMugQAFBzf9KmAAAAAKACchCxqQAAAgQFtAQCCAoBO32YAAAAAAEDAwc="}
00445{"flow_id":401,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":232469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6BD8Et+tc3\/Sp6AScSCD1QAAAgQFtAQCCAoD5U8NATt9mAEDAwc="}
00433{"flow_id":401,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5675,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":234086,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rz9AAD4GFpmsEAABwKgKMugQAFBzf9Kn\/BLfroAQAOUi3QAAAQEICgE7fZgD5U8N"}
00432{"flow_id":398,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5678,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":793034,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01ChAAD4G8a+sEAABwKgKMufaAFCvK6yJ8Ffzr4ARAOUJnAAAAQEICgE7fiQD5Uoj"}
00433{"flow_id":398,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5679,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":793230,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vDZAAEAGB6LAqAoyrBAAAQBQ59rwV\/OvryusioARAOMEJwAAAQEICgPlT5kBO34k"}
00432{"flow_id":398,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347645,"pkt_ts_usec":794086,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01ClAAD4G8a6sEAABwKgKMufaAFCvK6yK8FfzsIAQAOUEJQAAAQEICgE7fiQD5U+Z"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1499347646486,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":1,"flow_first_seen":1499347646486,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":402,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5684,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":486073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8uWhAAD4GDGisEAABwKgKMugeAFCoNce5AAAAAKACchCGmQAAAgQFtAQCCAoBO37RAAAAAAEDAwc="}
00444{"flow_id":402,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":486198,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6B6AVzWvqDXHuqAScSB9RgAAAgQFtAQCCAoD5VBGATt+0QEDAwc="}
00432{"flow_id":402,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5687,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":488061,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0uWlAAD4GDG+sEAABwKgKMugeAFCoNce6gFc1sIAQAOUcTQAAAQEICgE7ftID5VBG"}
00432{"flow_id":399,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5690,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":793045,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tFBAAD4GEYisEAABwKgKMufoAFB3dM2rTUIqJoARAOWKkgAAAQEICgE7fx4D5UtZ"}
00432{"flow_id":399,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5691,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":793244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0erVAAEAGSSPAqAoyrBAAAQBQ5+hNQiomd3TNrIARAOOFWQAAAQEICgPlUJMBO38e"}
00432{"flow_id":399,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5692,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347646,"pkt_ts_usec":795069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tFFAAD4GEYesEAABwKgKMufoAFB3dM2sTUIqJ4AQAOWFVgAAAQEICgE7fx8D5VCT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1499347647733,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":1,"flow_first_seen":1499347647733,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":403,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5696,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":733010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cdhAAD4GU\/isEAABwKgKMugsAFDFxvHRAAAAAKACchA9qgAAAgQFtAQCCAoBO4AJAAAAAAEDAwc="}
00445{"flow_id":403,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5697,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":733148,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6CyQ1\/Exxcbx0qAScSBnHAAAAgQFtAQCCAoD5VF+ATuACQEDAwc="}
00433{"flow_id":403,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5699,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":734039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdlAAD4GU\/+sEAABwKgKMugsAFDFxvHSkNfxMoAQAOUGJAAAAQEICgE7gAkD5VF+"}
00432{"flow_id":400,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5702,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":792997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnVAAD4Ge2OsEAABwKgKMuf2AFDcdDFRjynESoARAOXjmQAAAQEICgE7gBgD5UyY"}
00433{"flow_id":400,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5703,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":793254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lcdAAEAGLhHAqAoyrBAAAQBQ5\/aPKcRK3HQxUoARAOPepQAAAQEICgPlUY0BO4AY"}
00432{"flow_id":400,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5704,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347647,"pkt_ts_usec":795042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SnZAAD4Ge2KsEAABwKgKMuf2AFDcdDFSjynES4AQAOXeogAAAQEICgE7gBkD5VGN"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1499347650289,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":6,"flow_first_seen":1499347513353,"flow_last_seen":1499347518754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":6,"flow_first_seen":1499347514648,"flow_last_seen":1499347519754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58008,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":6,"flow_first_seen":1499347517171,"flow_last_seen":1499347522754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":324,"flow_packet_id":6,"flow_first_seen":1499347518410,"flow_last_seen":1499347523754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":6,"flow_first_seen":1499347519679,"flow_last_seen":1499347524756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58062,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":6,"flow_first_seen":1499347522204,"flow_last_seen":1499347527756,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":6,"flow_first_seen":1499347523488,"flow_last_seen":1499347528757,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58102,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_first_seen":1499347650289,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":404,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5715,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":289951,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qjtAAD4GG5WsEAABwKgKMuhGAFAFSiizAAAAAKACchDErAAAAgQFtAQCCAoBO4KIAAAAAAEDAwc="}
00445{"flow_id":404,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5716,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":290110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6EbKc6N+BUootKAScSD\/tgAAAgQFtAQCCAoD5VP9ATuCiAEDAwc="}
00432{"flow_id":404,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":292884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qjxAAD4GG5ysEAABwKgKMuhGAFAFSii0ynOjf4AQAOWevQAAAQEICgE7gokD5VP9"}
00433{"flow_id":401,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5721,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":794975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0r0BAAD4GFpisEAABwKgKMugQAFBzf9Kn\/BLfroARAOUdbgAAAQEICgE7gwYD5U8N"}
00433{"flow_id":401,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5722,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":795171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0i9JAAEAGOAbAqAoyrBAAAQBQ6BD8Et+uc3\/SqIARAOMYAAAAAQEICgPlVHwBO4MG"}
00434{"flow_id":401,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5723,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347650,"pkt_ts_usec":797981,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0r0FAAD4GFpesEAABwKgKMugQAFBzf9Ko\/BLfr4AQAOUX\/QAAAQEICgE7gwcD5VR8"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1499347651555,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_first_seen":1499347651555,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":405,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5727,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347651,"pkt_ts_usec":555924,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NDJAAD4GkZ6sEAABwKgKMuhUAFBjE7f2AAAAAKACchDWVQAAAgQFtAQCCAoBO4PEAAAAAAEDAwc="}
00444{"flow_id":405,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5728,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347651,"pkt_ts_usec":556034,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6FRdfw4zYxO396AScSASYwAAAgQFtAQCCAoD5VU6ATuDxAEDAwc="}
00432{"flow_id":405,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5731,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347651,"pkt_ts_usec":561908,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NDNAAD4GkaWsEAABwKgKMuhUAFBjE7f3XX8ONIAQAOWxaQAAAQEICgE7g8UD5VU6"}
@@ -3620,65 +3620,65 @@
00433{"flow_id":403,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5739,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347652,"pkt_ts_usec":796882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdpAAD4GU\/6sEAABwKgKMugsAFDFxvHSkNfxMoARAOUBMQAAAQEICgE7hPsD5VF+"}
00433{"flow_id":403,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5740,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347652,"pkt_ts_usec":797100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0p0JAAEAGHJbAqAoyrBAAAQBQ6CyQ1\/Eyxcbx04ARAOP8PwAAAQEICgPlVnABO4T7"}
00433{"flow_id":403,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347652,"pkt_ts_usec":800831,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cdtAAD4GU\/2sEAABwKgKMugsAFDFxvHTkNfxM4AQAOX8PAAAAQEICgE7hPwD5VZw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1499347654065,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_first_seen":1499347654065,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":406,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5748,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347654,"pkt_ts_usec":65841,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8q1xAAD4GGnSsEAABwKgKMuhuAFBOzi1kAAAAAKACchBynwAAAgQFtAQCCAoBO4Y4AAAAAAEDAwc="}
00443{"flow_id":406,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5749,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347654,"pkt_ts_usec":65963,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6G55d2lhTs4tZaAScSA1EwAAAgQFtAQCCAoD5VetATuGOAEDAwc="}
00431{"flow_id":406,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5751,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347654,"pkt_ts_usec":68834,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q11AAD4GGnusEAABwKgKMuhuAFBOzi1leXdpYoAQAOXUGQAAAQEICgE7hjkD5Vet"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1499347655367,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_first_seen":1499347655367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":407,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5757,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":367825,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wQ9AAD4GBMGsEAABwKgKMuh8AFCmFkZxAAAAAKACchAA9gAAAgQFtAQCCAoBO4d+AAAAAAEDAwc="}
00444{"flow_id":407,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5758,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":367984,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6HyXTysMphZGcqAScSDioAAAAgQFtAQCCAoD5VjzATuHfgEDAwc="}
00432{"flow_id":407,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5760,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":371736,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wRBAAD4GBMisEAABwKgKMuh8AFCmFkZyl08rDYAQAOWBqAAAAQEICgE7h34D5Vjz"}
00432{"flow_id":404,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5763,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":797737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qj1AAD4GG5usEAABwKgKMuhGAFAFSii0ynOjf4ARAOWZXAAAAQEICgE7h+kD5VP9"}
00434{"flow_id":404,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5764,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":798002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+iFAAEAGybbAqAoyrBAAAQBQ6EbKc6N\/BUootYARAOOT\/AAAAQEICgPlWV4BO4fp"}
00432{"flow_id":404,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5765,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347655,"pkt_ts_usec":800781,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qj5AAD4GG5qsEAABwKgKMuhGAFAFSii1ynOjgIAQAOWT+QAAAQEICgE7h+oD5Vle"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1499347656622,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_first_seen":1499347656622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":408,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5769,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":622725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83x1AAD4G5rKsEAABwKgKMuiKAFBnH1eqAAAAAKACchAtbQAAAgQFtAQCCAoBO4i3AAAAAAEDAwc="}
00444{"flow_id":408,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":622884,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6Ios50nrZx9Xq6AScSBZZwAAAgQFtAQCCAoD5VotATuItwEDAwc="}
00432{"flow_id":408,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5772,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":624773,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x5AAD4G5rmsEAABwKgKMuiKAFBnH1erLOdJ7IAQAOX4bQAAAQEICgE7iLgD5Vot"}
00432{"flow_id":405,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5777,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":797693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NDRAAD4GkaSsEAABwKgKMuhUAFBjE7f3XX8ONIARAOWsSgAAAQEICgE7iOMD5VU6"}
00432{"flow_id":405,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5778,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":797937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VGxAAEAGb2zAqAoyrBAAAQBQ6FRdfw40YxO3+IARAOOnLQAAAQEICgPlWlgBO4jj"}
00432{"flow_id":405,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5779,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347656,"pkt_ts_usec":799804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NDVAAD4GkaOsEAABwKgKMuhUAFBjE7f4XX8ONYAQAOWnKgAAAQEICgE7iOQD5VpY"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1499347659123,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":7,"flow_first_seen":1499347524782,"flow_last_seen":1499347530758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58116,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":6,"flow_first_seen":1499347526155,"flow_last_seen":1499347531758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58130,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":6,"flow_first_seen":1499347527425,"flow_last_seen":1499347532758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":6,"flow_first_seen":1499347528679,"flow_last_seen":1499347533759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":6,"flow_first_seen":1499347531303,"flow_last_seen":1499347536759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5786,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":6,"flow_first_seen":1499347532560,"flow_last_seen":1499347537760,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":1,"flow_first_seen":1499347659123,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":409,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5789,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":123688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x6pAAD4G\/iWsEAABwKgKMuikAFB+qkyDAAAAAKACchAefQAAAgQFtAQCCAoBO4spAAAAAAEDAwc="}
00445{"flow_id":409,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5790,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":123847,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6KSKjQS\/fqpMhKAScSAvjAAAAgQFtAQCCAoD5VyeATuLKQEDAwc="}
00433{"flow_id":409,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5792,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":124722,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x6tAAD4G\/iysEAABwKgKMuikAFB+qkyEio0EwIAQAOXOkwAAAQEICgE7iykD5Vye"}
00432{"flow_id":406,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5795,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":799697,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q15AAD4GGnqsEAABwKgKMuhuAFBOzi1leXdpYoARAOXOgAAAAQEICgE7i9ED5Vet"}
00432{"flow_id":406,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5796,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":799914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NCVAAEAGj7PAqAoyrBAAAQBQ6G55d2liTs4tZoARAOPI5wAAAQEICgPlXUcBO4vR"}
00432{"flow_id":406,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5797,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347659,"pkt_ts_usec":803723,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0q19AAD4GGnmsEAABwKgKMuhuAFBOzi1meXdpY4AQAOXI5AAAAQEICgE7i9ID5V1H"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1499347660441,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_first_seen":1499347660441,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":410,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":441643,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJ9AAD4GfTGsEAABwKgKMuiyAFDQzcTuAAAAAKACchBSmAAAAgQFtAQCCAoBO4xxAAAAAAEDAwc="}
00444{"flow_id":410,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5802,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":441772,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6LJiYdyB0M3E76AScSCyxwAAAgQFtAQCCAoD5V3nATuMcQEDAwc="}
00432{"flow_id":410,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":448715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SKBAAD4GfTisEAABwKgKMuiyAFDQzcTvYmHcgoAQAOVRzQAAAQEICgE7jHMD5V3n"}
00432{"flow_id":407,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5807,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":802601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wRFAAD4GBMesEAABwKgKMuh8AFCmFkZyl08rDYARAOV8WgAAAQEICgE7jMsD5Vjz"}
00432{"flow_id":407,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5808,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":802841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dU9AAEAGTonAqAoyrBAAAQBQ6HyXTysNphZGc4ARAON3DAAAAQEICgPlXkIBO4zL"}
00432{"flow_id":407,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5809,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347660,"pkt_ts_usec":809604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wRJAAD4GBMasEAABwKgKMuh8AFCmFkZzl08rDoAQAOV3CAAAAQEICgE7jM0D5V5C"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1499347661705,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_first_seen":1499347661705,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":411,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5813,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":705590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iZ5AAD4GPDKsEAABwKgKMujAAFBNGwQwAAAAAKACchCVvgAAAgQFtAQCCAoBO42uAAAAAAEDAwc="}
00444{"flow_id":411,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5815,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":705774,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6MCaW9JGTRsEMaAScSDG8gAAAgQFtAQCCAoD5V8jATuNrgEDAwc="}
00432{"flow_id":411,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5817,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":709570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iZ9AAD4GPDmsEAABwKgKMujAAFBNGwQxmlvSR4AQAOVl+QAAAQEICgE7ja8D5V8j"}
00432{"flow_id":408,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":798683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03x9AAD4G5risEAABwKgKMuiKAFBnH1erLOdJ7IARAOXzXwAAAQEICgE7jcUD5Vot"}
00432{"flow_id":408,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":798834,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0FtdAAEAGrQHAqAoyrBAAAQBQ6Ios50nsZx9XrIARAOPuUgAAAQEICgPlXzsBO43F"}
00432{"flow_id":408,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5821,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347661,"pkt_ts_usec":802583,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03yBAAD4G5resEAABwKgKMuiKAFBnH1esLOdJ7YAQAOXuTwAAAQEICgE7jcYD5V87"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1499347664226,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":1,"flow_first_seen":1499347664226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":412,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5831,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":226936,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Ye5AAD4GY+KsEAABwKgKMujaAFDKDfHLAAAAAKACchAonwAAAgQFtAQCCAoBO5AlAAAAAAEDAwc="}
00444{"flow_id":412,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":227071,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6NqT+P5Dyg3xzKAScSAxwgAAAgQFtAQCCAoD5WGaATuQJQEDAwc="}
00433{"flow_id":412,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5833,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":227794,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ye9AAD4GY+msEAABwKgKMujaAFDKDfHMk\/j+RIAQAOXQyQAAAQEICgE7kCUD5WGa"}
00433{"flow_id":409,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5837,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":798166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x6xAAD4G\/iusEAABwKgKMuikAFB+qkyEio0EwIARAOXJBwAAAQEICgE7kLQD5Vye"}
00433{"flow_id":409,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5838,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":798393,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZulAAEAGXO\/AqAoyrBAAAQBQ6KSKjQTAfqpMhYARAOPDfQAAAQEICgPlYikBO5C0"}
00433{"flow_id":409,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5839,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347664,"pkt_ts_usec":799139,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x61AAD4G\/iqsEAABwKgKMuikAFB+qkyFio0EwYAQAOXDewAAAQEICgE7kLQD5WIp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1499347665473,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_first_seen":1499347665473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":413,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5843,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347665,"pkt_ts_usec":473433,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f9VAAD4GRfusEAABwKgKMujoAFDrVO6JAAAAAKACchAJVQAAAgQFtAQCCAoBO5FcAAAAAAEDAwc="}
00444{"flow_id":413,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347665,"pkt_ts_usec":473558,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6OhBKwT561TuiqAScSBdWQAAAgQFtAQCCAoD5WLRATuRXAEDAwc="}
00432{"flow_id":413,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5845,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347665,"pkt_ts_usec":474323,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f9ZAAD4GRgKsEAABwKgKMujoAFDrVO6KQSsE+oAQAOX8XwAAAQEICgE7kV0D5WLR"}
@@ -3688,81 +3688,81 @@
00433{"flow_id":411,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5855,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347666,"pkt_ts_usec":801276,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iaBAAD4GPDisEAABwKgKMujAAFBNGwQxmlvSR4ARAOVg\/wAAAQEICgE7kqgD5V8j"}
00432{"flow_id":411,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5856,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347666,"pkt_ts_usec":801521,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tlpAAEAGDX7AqAoyrBAAAQBQ6MCaW9JHTRsEMoARAONcBgAAAQEICgPlZB0BO5Ko"}
00432{"flow_id":411,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5857,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347666,"pkt_ts_usec":802035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iaFAAD4GPDesEAABwKgKMujAAFBNGwQymlvSSIAQAOVcAwAAAQEICgE7kqkD5WQd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1499347668069,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_first_seen":1499347668069,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":414,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347668,"pkt_ts_usec":69390,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TE1AAD4GeYOsEAABwKgKMukCAFANB9+oAAAAAKACchDz4AAAAgQFtAQCCAoBO5PlAAAAAAEDAwc="}
00443{"flow_id":414,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5865,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347668,"pkt_ts_usec":69518,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6QI2lo7HDQffqaAScSDGIgAAAgQFtAQCCAoD5WVaATuT5QEDAwc="}
00431{"flow_id":414,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5866,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347668,"pkt_ts_usec":70042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE5AAD4GeYqsEAABwKgKMukCAFANB9+pNpaOyIAQAOVlKQAAAQEICgE7k+YD5WVa"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1499347669336,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":6,"flow_first_seen":1499347535081,"flow_last_seen":1499347540761,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":6,"flow_first_seen":1499347536332,"flow_last_seen":1499347541761,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":6,"flow_first_seen":1499347537591,"flow_last_seen":1499347542762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":6,"flow_first_seen":1499347540145,"flow_last_seen":1499347545763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":6,"flow_first_seen":1499347541398,"flow_last_seen":1499347546763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5870,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":339,"flow_packet_id":6,"flow_first_seen":1499347542648,"flow_last_seen":1499347547763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58306,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":1,"flow_first_seen":1499347669336,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":415,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5873,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":336569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbZAAD4GaBqsEAABwKgKMukQAFClPsiUAAAAAKACchBxcgAAAgQFtAQCCAoBO5UiAAAAAAEDAwc="}
00444{"flow_id":415,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5874,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":336745,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6RAzOJpLpT7IlaAScSA6UQAAAgQFtAQCCAoD5WaXATuVIgEDAwc="}
00432{"flow_id":415,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":337456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbdAAD4GaCGsEAABwKgKMukQAFClPsiVMziaTIAQAOXZWAAAAQEICgE7lSID5WaX"}
00433{"flow_id":412,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5880,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":802315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YfBAAD4GY+isEAABwKgKMujaAFDKDfHMk\/j+RIARAOXLVgAAAQEICgE7lZcD5WGa"}
00432{"flow_id":412,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5881,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":802666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0mUhAAEAGKpDAqAoyrBAAAQBQ6NqT+P5Eyg3xzYARAOPF5QAAAQEICgPlZwwBO5WX"}
00433{"flow_id":412,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5882,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347669,"pkt_ts_usec":803399,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0YfFAAD4GY+esEAABwKgKMujaAFDKDfHNk\/j+RYAQAOXF4wAAAQEICgE7lZcD5WcM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1499347670582,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_first_seen":1499347670582,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":416,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":582234,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Rc1AAD4GgAOsEAABwKgKMukeAFDr3NOXAAAAAKACchAeiwAAAgQFtAQCCAoBO5ZaAAAAAAEDAwc="}
00444{"flow_id":416,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5887,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":582328,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6R5lF6M+69zTmKAScSCrXwAAAgQFtAQCCAoD5WfPATuWWgEDAwc="}
00432{"flow_id":416,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5888,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":583112,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rc5AAD4GgAqsEAABwKgKMukeAFDr3NOYZRejP4AQAOVKZwAAAQEICgE7lloD5WfP"}
00432{"flow_id":413,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5892,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":802666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f9dAAD4GRgGsEAABwKgKMujoAFDrVO6KQSsE+oARAOX3KgAAAQEICgE7lpED5WLR"}
00432{"flow_id":413,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5893,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":802888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0bPxAAEAGVtzAqAoyrBAAAQBQ6OhBKwT661Tui4ARAOPx9gAAAQEICgPlaAYBO5aR"}
00432{"flow_id":413,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5894,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347670,"pkt_ts_usec":803436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f9hAAD4GRgCsEAABwKgKMujoAFDrVO6LQSsE+4AQAOXx9AAAAQEICgE7lpED5WgG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1499347673136,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_first_seen":1499347673136,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":417,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":136683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89tVAAD4GzvqsEAABwKgKMuk4AFAtrG4NAAAAAKACchA\/rgAAAgQFtAQCCAoBO5jYAAAAAAEDAwc="}
00444{"flow_id":417,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5905,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":136780,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ThuKc6nLaxuDqAScSCViQAAAgQFtAQCCAoD5WpNATuY2AEDAwc="}
00432{"flow_id":417,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5906,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":137560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09tZAAD4GzwGsEAABwKgKMuk4AFAtrG4ObinOqIAQAOU0kQAAAQEICgE7mNgD5WpN"}
00432{"flow_id":414,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5910,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":803156,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TE9AAD4GeYmsEAABwKgKMukCAFANB9+pNpaOyIARAOVfjwAAAQEICgE7mX8D5WVa"}
00433{"flow_id":414,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5911,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":803372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05DxAAEAG35vAqAoyrBAAAQBQ6QI2lo7IDQffqoARAONZ9gAAAQEICgPlavQBO5l\/"}
00432{"flow_id":414,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5912,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347673,"pkt_ts_usec":803925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TFBAAD4GeYisEAABwKgKMukCAFANB9+qNpaOyYAQAOVZ9AAAAQEICgE7mX8D5Wr0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1499347674433,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_first_seen":1499347674433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":418,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":433683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DFZAAD4GuXqsEAABwKgKMulGAFBSGZZKAAAAAKACchDxsQAAAgQFtAQCCAoBO5ocAAAAAAEDAwc="}
00444{"flow_id":418,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5917,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":433829,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6UarF0RiUhmWS6AScSCToAAAAgQFtAQCCAoD5WuRATuaHAEDAwc="}
00432{"flow_id":418,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5918,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":434572,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DFdAAD4GuYGsEAABwKgKMulGAFBSGZZLqxdEY4AQAOUypwAAAQEICgE7mh0D5WuR"}
00432{"flow_id":415,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":803752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbhAAD4GaCCsEAABwKgKMukQAFClPsiVMziaTIARAOXUAAAAAQEICgE7mnkD5WaX"}
00432{"flow_id":415,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5923,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":804004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08aJAAEAG0jXAqAoyrBAAAQBQ6RAzOJpMpT7IloARAOPOqgAAAQEICgPla+4BO5p5"}
00432{"flow_id":415,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5924,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347674,"pkt_ts_usec":804525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XblAAD4GaB+sEAABwKgKMukQAFClPsiWMziaTYAQAOXOqAAAAQEICgE7mnkD5Wvu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1499347675703,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_first_seen":1499347675703,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":419,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5928,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":703973,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jIRAAD4GOUysEAABwKgKMulUAFDpsRfeAAAAAKACchDXOQAAAgQFtAQCCAoBO5taAAAAAAEDAwc="}
00445{"flow_id":419,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5929,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":704095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6VSdi3bc6bEX36AScSBS\/AAAAgQFtAQCCAoD5WzPATubWgEDAwc="}
00432{"flow_id":419,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5930,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":704650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jIVAAD4GOVOsEAABwKgKMulUAFDpsRffnYt23YAQAOXyAwAAAQEICgE7m1oD5WzP"}
00432{"flow_id":416,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5934,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":803793,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Rc9AAD4GgAmsEAABwKgKMukeAFDr3NOYZRejP4ARAOVFTQAAAQEICgE7m3MD5WfP"}
00433{"flow_id":416,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5935,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":803982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0z9dAAEAG9ADAqAoyrBAAAQBQ6R5lF6M\/69zTmYARAONANQAAAQEICgPlbOgBO5tz"}
00432{"flow_id":416,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5936,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347675,"pkt_ts_usec":804558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0RdBAAD4GgAisEAABwKgKMukeAFDr3NOZZRejQIAQAOVAMwAAAQEICgE7m3MD5Wzo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1499347678198,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_first_seen":1499347678198,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":420,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5946,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":198689,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86nhAAD4G21esEAABwKgKMuluAFCn23eyAAAAAKACchC2sQAAAgQFtAQCCAoBO53KAAAAAAEDAwc="}
00445{"flow_id":420,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":198840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6W5MMi3pp9t3s6AScSDKUAAAAgQFtAQCCAoD5W8\/ATudygEDAwc="}
00433{"flow_id":420,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":199565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06nlAAD4G216sEAABwKgKMuluAFCn23ezTDIt6oAQAOVpWAAAAQEICgE7ncoD5W8\/"}
00432{"flow_id":417,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5952,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":803858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09tdAAD4GzwCsEAABwKgKMuk4AFAtrG4ObinOqIARAOUvBwAAAQEICgE7nmED5WpN"}
00432{"flow_id":417,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5953,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":804064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oX5AAEAGIlrAqAoyrBAAAQBQ6ThuKc6oLaxuD4ARAOMpfwAAAQEICgPlb9YBO55h"}
00433{"flow_id":417,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5954,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347678,"pkt_ts_usec":804824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09thAAD4Gzv+sEAABwKgKMuk4AFAtrG4PbinOqYAQAOUpfQAAAQEICgE7nmED5W\/W"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_tot_l4_data_len":242337,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1499347679469,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":311,"flow_first_seen":1499347484263,"flow_last_seen":1499347551239,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":747,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":57684,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":340,"flow_packet_id":6,"flow_first_seen":1499347545176,"flow_last_seen":1499347550764,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":341,"flow_packet_id":6,"flow_first_seen":1499347546427,"flow_last_seen":1499347551497,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":6,"flow_first_seen":1499347550209,"flow_last_seen":1499347555765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":6,"flow_first_seen":1499347551495,"flow_last_seen":1499347556766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58400,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":6,"flow_first_seen":1499347552736,"flow_last_seen":1499347557766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58414,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_first_seen":1499347679469,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":421,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5961,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":469718,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80KNAAD4G9SysEAABwKgKMul8AFCXJE+kAAAAAKACchDuKwAAAgQFtAQCCAoBO58HAAAAAAEDAwc="}
00444{"flow_id":421,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5962,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":469836,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6XyRTq6MlyRPpaAScSA6zgAAAgQFtAQCCAoD5XB8ATufBwEDAwc="}
00432{"flow_id":421,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5963,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":470613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00KRAAD4G9TOsEAABwKgKMul8AFCXJE+lkU6ujYAQAOXZ1AAAAQEICgE7nwgD5XB8"}
01215{"flow_id":419,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":471019,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9jIZAAD4GNwmsEAABwKgKMulUAFDpsRffnYt23YAYAOVfggAAAQEICgE7nwgD5WzPR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdTWkdHSlJYWDZEUjlWV0tOODY0SDhMVEJFWjZRQzNHSlBDOFRVVU5BRUQzQkJMNEw4UCUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":4,"flow_first_seen":1499347675703,"flow_last_seen":1499347679471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":418,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5965,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":471025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DFhAAD4GuYCsEAABwKgKMulGAFBSGZZLqxdEY4ARAOUtuwAAAQEICgE7nwgD5WuR"}
00432{"flow_id":419,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5966,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":471095,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BqBAAEAGvTjAqAoyrBAAAQBQ6VSdi3bd6bEaKIAQAOzoVwAAAQEICgPlcH0BO58I"}
00432{"flow_id":418,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347679,"pkt_ts_usec":471187,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NB5AAEAGj7rAqAoyrBAAAQBQ6UarF0RjUhmWTIARAOMo0AAAAQEICgPlcH0BO58I"}
@@ -3772,7 +3772,7 @@
00947{"flow_id":419,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5971,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":515163,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzjIhAAD4GN9GsEAABwKgKMulUAFDpsRoonYt+KYAYAQKO9wAAAQEICgE7oA0D5XB+R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":419,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5972,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":519998,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceBqNAAEAGtkvAqAoyrBAAAQBQ6VSdi34p6bEbp4AYAPV9\/AAAAQEICgPlcYMBO6ANSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI4OjAwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":419,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5973,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":520708,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jIlAAD4GOU+sEAABwKgKMulUAFDpsRunnYuFE4AQAR3WZQAAAQEICgE7oA4D5XGD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1499347680746,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_first_seen":1499347680746,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":422,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5974,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":746296,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qSxAAD4GHKSsEAABwKgKMumKAFCMLAlrAAAAAKACchA+DwAAAgQFtAQCCAoBO6BHAAAAAAEDAwc="}
00444{"flow_id":422,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5975,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":746421,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6YpeBd3IjCwJbKAScSCNfgAAAgQFtAQCCAoD5XG8ATugRwEDAwc="}
00432{"flow_id":422,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5976,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":747000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS1AAD4GHKusEAABwKgKMumKAFCMLAlsXgXdyYAQAOUshgAAAQEICgE7oEcD5XG8"}
@@ -3781,14 +3781,14 @@
00433{"flow_id":419,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5979,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347680,"pkt_ts_usec":751622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jItAAD4GOU2sEAABwKgKMulUAFDpsR3wnYuMXYAQATvMQAAAAQEICgE7oEgD5XG9"}
00948{"flow_id":419,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5980,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347681,"pkt_ts_usec":788720,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzjIxAAD4GN82sEAABwKgKMulUAFDpsR3wnYuMXYAYATt6RQAAAQEICgE7oUsD5XG9R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":419,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5981,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347681,"pkt_ts_usec":791781,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceBqdAAEAGtkfAqAoyrBAAAQBQ6VSdi4xd6bEfb4AYAQd9\/AAAAQEICgPlcsEBO6FLSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI4OjAxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1499347683313,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_first_seen":1499347683313,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":423,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5989,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":313458,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8x61AAD4G\/iKsEAABwKgKMumkAFCTI2VlAAAAAKACchDYggAAAgQFtAQCCAoBO6LIAAAAAAEDAwc="}
00444{"flow_id":423,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5990,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":313586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6aQ4uuFckyNlZqAScSBHKAAAAgQFtAQCCAoD5XQ9ATuiyAEDAwc="}
00433{"flow_id":423,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5992,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":314244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x65AAD4G\/imsEAABwKgKMumkAFCTI2VmOLrhXYAQAOXmLgAAAQEICgE7oskD5XQ9"}
00433{"flow_id":420,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5995,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":804482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06npAAD4G212sEAABwKgKMuluAFCn23ezTDIt6oARAOVj3gAAAQEICgE7o0MD5W8\/"}
00432{"flow_id":420,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5996,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":804756,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WVJAAEAGaobAqAoyrBAAAQBQ6W5MMi3qp9t3tIARAONeZgAAAQEICgPldLgBO6ND"}
00432{"flow_id":420,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5997,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347683,"pkt_ts_usec":805476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06ntAAD4G21ysEAABwKgKMuluAFCn23e0TDIt64AQAOVeZAAAAQEICgE7o0MD5XS4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1499347684563,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_first_seen":1499347684563,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":424,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6001,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347684,"pkt_ts_usec":563427,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82yNAAD4G6qysEAABwKgKMumyAFDf7X8iAAAAAKACchBwtAAAAgQFtAQCCAoBO6QBAAAAAAEDAwc="}
00445{"flow_id":424,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347684,"pkt_ts_usec":563554,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6bLDIQ3O3+1\/I6AScSAnSAAAAgQFtAQCCAoD5XV2ATukAQEDAwc="}
00432{"flow_id":424,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347684,"pkt_ts_usec":564308,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yRAAD4G6rOsEAABwKgKMumyAFDf7X8jwyENz4AQAOXGTwAAAQEICgE7pAED5XV2"}
@@ -3798,98 +3798,98 @@
00432{"flow_id":422,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6013,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347685,"pkt_ts_usec":804713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS5AAD4GHKqsEAABwKgKMumKAFCMLAlsXgXdyYARAOUnlQAAAQEICgE7pTcD5XG8"}
00432{"flow_id":422,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6014,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347685,"pkt_ts_usec":804995,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0q2VAAEAGGHPAqAoyrBAAAQBQ6YpeBd3JjCwJbYARAOMipgAAAQEICgPldqwBO6U3"}
00432{"flow_id":422,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6015,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347685,"pkt_ts_usec":805699,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS9AAD4GHKmsEAABwKgKMumKAFCMLAltXgXdyoAQAOUipAAAAQEICgE7pTcD5Xas"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1499347687089,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_first_seen":1499347687089,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":425,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6022,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347687,"pkt_ts_usec":89585,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UahAAD4GdCisEAABwKgKMunMAFBn2\/fQAAAAAKACchBthwAAAgQFtAQCCAoBO6Z4AAAAAAEDAwc="}
00443{"flow_id":425,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6023,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347687,"pkt_ts_usec":89686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6cx2j8kIZ9v30aAScSCy+wAAAgQFtAQCCAoD5XftATumeAEDAwc="}
00433{"flow_id":425,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6024,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347687,"pkt_ts_usec":90261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UalAAD4GdC+sEAABwKgKMunMAFBn2\/fRdo\/JCYAQAOVSAgAAAQEICgE7pnkD5Xft"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1499347688364,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_first_seen":1499347688364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":426,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":364903,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8C45AAD4GukKsEAABwKgKMunaAFB\/Haw5AAAAAKACchCgjwAAAgQFtAQCCAoBO6e3AAAAAAEDAwc="}
00444{"flow_id":426,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":365035,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6dpm6d+Cfx2sOqAScSDd8AAAAgQFtAQCCAoD5XksATuntwEDAwc="}
00433{"flow_id":426,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":365851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C49AAD4GukmsEAABwKgKMunaAFB\/Haw6Zunfg4AQAOV8+AAAAQEICgE7p7cD5Xks"}
00433{"flow_id":423,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6037,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":805504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x69AAD4G\/iisEAABwKgKMumkAFCTI2VmOLrhXYARAOXg0QAAAQEICgE7qCUD5XQ9"}
00432{"flow_id":423,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6038,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":805762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0mMdAAEAGKxHAqAoyrBAAAQBQ6aQ4uuFdkyNlZ4ARAOPbdQAAAQEICgPleZoBO6gl"}
00433{"flow_id":423,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6039,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347688,"pkt_ts_usec":806519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0x7BAAD4G\/iesEAABwKgKMumkAFCTI2VnOLrhXoAQAOXbcgAAAQEICgE7qCYD5Xma"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1499347689613,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":6,"flow_first_seen":1499347555255,"flow_last_seen":1499347560767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":6,"flow_first_seen":1499347556523,"flow_last_seen":1499347561767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58454,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":6,"flow_first_seen":1499347557789,"flow_last_seen":1499347563767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58468,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":6,"flow_first_seen":1499347559043,"flow_last_seen":1499347564768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":6,"flow_first_seen":1499347560327,"flow_last_seen":1499347565768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6040,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":6,"flow_first_seen":1499347561622,"flow_last_seen":1499347566770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58510,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_first_seen":1499347689613,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":427,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":613266,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80NlAAD4G9PasEAABwKgKMunoAFDCAng2AAAAAKACchCQZwAAAgQFtAQCCAoBO6jvAAAAAAEDAwc="}
00444{"flow_id":427,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6045,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":613397,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6egCgzyzwgJ4N6AScSDTxgAAAgQFtAQCCAoD5XpkATuo7wEDAwc="}
00432{"flow_id":427,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6046,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":614166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00NpAAD4G9P2sEAABwKgKMunoAFDCAng3AoM8tIAQAOVyzQAAAQEICgE7qPAD5Xpk"}
00432{"flow_id":424,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6049,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":805582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yVAAD4G6rKsEAABwKgKMumyAFDf7X8jwyENz4ARAOXBMAAAAQEICgE7qR8D5XV2"}
00433{"flow_id":424,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6050,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":805841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0d1tAAEAGTH3AqAoyrBAAAQBQ6bLDIQ3P3+1\/JIARAOO8EwAAAQEICgPlepQBO6kf"}
00432{"flow_id":424,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6051,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347689,"pkt_ts_usec":806584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02yZAAD4G6rGsEAABwKgKMumyAFDf7X8kwyEN0IAQAOW8EAAAAQEICgE7qSAD5XqU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1499347692128,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_first_seen":1499347692128,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":428,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6061,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":128037,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u5xAAD4GCjSsEAABwKgKMuoCAFDepxD4AAAAAKACchDYcQAAAgQFtAQCCAoBO6tkAAAAAAEDAwc="}
00444{"flow_id":428,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":128168,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6gK6r2Hi3qcQ+aAScSA8AAAAAgQFtAQCCAoD5XzZATurZAEDAwc="}
00432{"flow_id":428,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":128924,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u51AAD4GCjusEAABwKgKMuoCAFDepxD5uq9h44AQAOXbBwAAAQEICgE7q2QD5XzZ"}
00434{"flow_id":425,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6067,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":806558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UapAAD4GdC6sEAABwKgKMunMAFBn2\/fRdo\/JCYARAOVMbAAAAQEICgE7rA4D5Xft"}
00432{"flow_id":425,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":806749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tIpAAEAGD07AqAoyrBAAAQBQ6cx2j8kJZ9v30oARAONG1wAAAQEICgPlfYMBO6wO"}
00434{"flow_id":425,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6069,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347692,"pkt_ts_usec":807517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UatAAD4GdC2sEAABwKgKMunMAFBn2\/fSdo\/JCoAQAOVG1QAAAQEICgE7rA4D5X2D"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1499347693386,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_first_seen":1499347693386,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":429,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6073,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":386714,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8yJFAAD4G\/T6sEAABwKgKMuoQAFBhE2QOAAAAAKACchABpwAAAgQFtAQCCAoBO6yfAAAAAAEDAwc="}
00444{"flow_id":429,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":386806,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6hDs1hgmYRNkD6AScSB7jwAAAgQFtAQCCAoD5X4UATusnwEDAwc="}
00433{"flow_id":429,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":387587,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yJJAAD4G\/UWsEAABwKgKMuoQAFBhE2QP7NYYJ4AQAOUalwAAAQEICgE7rJ8D5X4U"}
00433{"flow_id":426,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6079,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":806490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C5BAAD4GukisEAABwKgKMunaAFB\/Haw6Zunfg4ARAOV3pgAAAQEICgE7rQgD5Xks"}
00432{"flow_id":426,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6080,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":806679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0of5AAEAGIdrAqAoyrBAAAQBQ6dpm6d+Dfx2sO4ARAONyVgAAAQEICgPlfn0BO60I"}
00433{"flow_id":426,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6081,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347693,"pkt_ts_usec":807450,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0C5FAAD4GukesEAABwKgKMunaAFB\/Haw7ZunfhIAQAOVyVAAAAQEICgE7rQgD5X59"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1499347694661,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":1,"flow_first_seen":1499347694661,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":430,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6085,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":661136,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8mmhAAD4GK2isEAABwKgKMuoeAFATaje1AAAAAKACchB6XQAAAgQFtAQCCAoBO63dAAAAAAEDAwc="}
00444{"flow_id":430,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6086,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":661259,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6h4IeSXoE2o3tqAScSDJowAAAgQFtAQCCAoD5X9SATut3QEDAwc="}
00432{"flow_id":430,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6087,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":661977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mmlAAD4GK2+sEAABwKgKMuoeAFATaje2CHkl6YAQAOVoqgAAAQEICgE7rd4D5X9S"}
00432{"flow_id":427,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6091,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":806391,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00NtAAD4G9PysEAABwKgKMunoAFDCAng3AoM8tIARAOVtugAAAQEICgE7rgID5Xpk"}
00432{"flow_id":427,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6092,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":806612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Q8NAAEAGgBXAqAoyrBAAAQBQ6egCgzy0wgJ4OIARAONoqAAAAQEICgPlf3cBO64C"}
00432{"flow_id":427,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6093,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347694,"pkt_ts_usec":807341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00NxAAD4G9PusEAABwKgKMunoAFDCAng4AoM8tYAQAOVopgAAAQEICgE7rgID5X93"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1499347697189,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":1,"flow_first_seen":1499347697189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":431,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6103,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":189817,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88ppAAD4G0zWsEAABwKgKMuo4AFBV\/kLMAAAAAKACchAqHwAAAgQFtAQCCAoBO7BWAAAAAAEDAwc="}
00444{"flow_id":431,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":189928,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6jj3l3auVf5CzaAScSA3CAAAAgQFtAQCCAoD5YHKATuwVgEDAwc="}
00433{"flow_id":431,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6105,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":190739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08ptAAD4G0zysEAABwKgKMuo4AFBV\/kLN95d2r4AQAOXWDwAAAQEICgE7sFYD5YHK"}
00432{"flow_id":428,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6109,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":806520,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u55AAD4GCjqsEAABwKgKMuoCAFDepxD5uq9h44ARAOXVegAAAQEICgE7sPAD5XzZ"}
00432{"flow_id":428,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6110,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":806736,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA044ZAAEAG4FHAqAoyrBAAAQBQ6gK6r2Hj3qcQ+oARAOPP7wAAAQEICgPlgmUBO7Dw"}
00432{"flow_id":428,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6111,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347697,"pkt_ts_usec":807467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u59AAD4GCjmsEAABwKgKMuoCAFDepxD6uq9h5IAQAOXP7QAAAQEICgE7sPAD5YJl"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1499347698449,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_first_seen":1499347698449,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":432,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6115,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":449087,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iq9AAD4GOyGsEAABwKgKMupGAFDXwDs\/AAAAAKACchCuoQAAAgQFtAQCCAoBO7GQAAAAAAEDAwc="}
00444{"flow_id":432,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6116,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":449189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6kYJky3T18A7QKAScSDxLwAAAgQFtAQCCAoD5YMFATuxkAEDAwc="}
00432{"flow_id":432,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":449969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0irBAAD4GOyisEAABwKgKMupGAFDXwDtACZMt1IAQAOWQNgAAAQEICgE7sZED5YMF"}
00433{"flow_id":429,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6121,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":806706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yJNAAD4G\/USsEAABwKgKMuoQAFBhE2QP7NYYJ4ARAOUVSwAAAQEICgE7seoD5X4U"}
00432{"flow_id":429,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6122,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":806916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0m3hAAEAGKGDAqAoyrBAAAQBQ6hDs1hgnYRNkEIARAOMQAQAAAQEICgPlg18BO7Hq"}
00434{"flow_id":429,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6123,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347698,"pkt_ts_usec":807461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0yJRAAD4G\/UOsEAABwKgKMuoQAFBhE2QQ7NYYKIAQAOUP\/wAAAQEICgE7seoD5YNf"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1499347699724,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":6,"flow_first_seen":1499347564211,"flow_last_seen":1499347569770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":6,"flow_first_seen":1499347565457,"flow_last_seen":1499347570771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58550,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":6,"flow_first_seen":1499347566719,"flow_last_seen":1499347571771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58564,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":6,"flow_first_seen":1499347569321,"flow_last_seen":1499347574772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58590,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":6,"flow_first_seen":1499347570571,"flow_last_seen":1499347575772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58604,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6124,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":357,"flow_packet_id":6,"flow_first_seen":1499347573065,"flow_last_seen":1499347578774,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_first_seen":1499347699724,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":433,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":724216,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U2NAAD4Gcm2sEAABwKgKMupUAFDv6uGsAAAAAKACchDuvAAAAgQFtAQCCAoBO7LPAAAAAAEDAwc="}
00444{"flow_id":433,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6128,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":724339,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6lS1E1w77+rhraAScSBWIwAAAgQFtAQCCAoD5YREATuyzwEDAwc="}
00432{"flow_id":433,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6129,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":724992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2RAAD4GcnSsEAABwKgKMupUAFDv6uGttRNcPIAQAOX1KgAAAQEICgE7ss8D5YRE"}
00432{"flow_id":430,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6133,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":806873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mmpAAD4GK26sEAABwKgKMuoeAFATaje2CHkl6YARAOVjowAAAQEICgE7suQD5X9S"}
00432{"flow_id":430,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6134,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":807055,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0obBAAEAGIijAqAoyrBAAAQBQ6h4IeSXpE2o3t4ARAONenQAAAQEICgPlhFkBO7Lk"}
00432{"flow_id":430,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6135,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347699,"pkt_ts_usec":807788,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0mmtAAD4GK22sEAABwKgKMuoeAFATaje3CHkl6oAQAOVemwAAAQEICgE7suQD5YRZ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1499347702287,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_first_seen":1499347702287,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":434,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":287352,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dHpAAD4GUVasEAABwKgKMupuAFBhicEqAAAAAKACchCbBQAAAgQFtAQCCAoBO7VQAAAAAAEDAwc="}
00445{"flow_id":434,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6146,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":287465,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6m4\/xiwDYYnBK6AScSClcAAAAgQFtAQCCAoD5YbFATu1UAEDAwc="}
00432{"flow_id":434,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6147,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":288246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dHtAAD4GUV2sEAABwKgKMupuAFBhicErP8YsBIAQAOVEeAAAAQEICgE7tVAD5YbF"}
00433{"flow_id":431,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6151,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":808000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08pxAAD4G0zusEAABwKgKMuo4AFBV\/kLN95d2r4ARAOXQkgAAAQEICgE7tdID5YHK"}
00433{"flow_id":431,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":808218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08ehAAEAG0e\/AqAoyrBAAAQBQ6jj3l3avVf5CzoARAOPLFgAAAQEICgPlh0cBO7XS"}
00433{"flow_id":431,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6153,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347702,"pkt_ts_usec":808986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08p1AAD4G0zqsEAABwKgKMuo4AFBV\/kLO95d2sIAQAOXLFAAAAQEICgE7tdID5YdH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1499347703726,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_first_seen":1499347703726,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":435,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6157,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347703,"pkt_ts_usec":726679,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80EJAAD4G9Y2sEAABwKgKMup8AFAHaGb6AAAAAKACchBN4QAAAgQFtAQCCAoBO7a4AAAAAAEDAwc="}
00444{"flow_id":435,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6158,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347703,"pkt_ts_usec":726818,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6nwCGRKtB2hm+6AScSCt5wAAAgQFtAQCCAoD5YgtATu2uAEDAwc="}
00432{"flow_id":435,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6159,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347703,"pkt_ts_usec":727414,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00ENAAD4G9ZSsEAABwKgKMup8AFAHaGb7AhkSroAQAOVM7wAAAQEICgE7trgD5Ygt"}
@@ -3899,11 +3899,11 @@
00432{"flow_id":433,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6166,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347704,"pkt_ts_usec":808169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2VAAD4GcnOsEAABwKgKMupUAFDv6uGttRNcPIARAOXwMgAAAQEICgE7t8YD5YRE"}
00432{"flow_id":433,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6167,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347704,"pkt_ts_usec":808390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01QdAAEAG7tDAqAoyrBAAAQBQ6lS1E1w87+rhroARAOPrPAAAAQEICgPliTsBO7fG"}
00432{"flow_id":433,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6168,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347704,"pkt_ts_usec":808943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U2ZAAD4GcnKsEAABwKgKMupUAFDv6uGutRNcPYAQAOXrOgAAAQEICgE7t8YD5Yk7"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1499347705116,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_first_seen":1499347705116,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":436,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6172,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347705,"pkt_ts_usec":116020,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oq5AAD4GIyKsEAABwKgKMuqKAFDjSRq9AAAAAKACchC80wAAAgQFtAQCCAoBO7gTAAAAAAEDAwc="}
00444{"flow_id":436,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347705,"pkt_ts_usec":116143,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6oqWCrpo40kavqAScSDf0QAAAgQFtAQCCAoD5YmIATu4EwEDAwc="}
00432{"flow_id":436,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6174,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347705,"pkt_ts_usec":116886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oq9AAD4GIymsEAABwKgKMuqKAFDjSRq+lgq6aYAQAOV+2QAAAQEICgE7uBMD5YmI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1499347706399,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_first_seen":1499347706399,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":437,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347706,"pkt_ts_usec":399626,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8F3NAAD4Grl2sEAABwKgKMuqYAFBMGa4nAAAAAKACchC\/SgAAAgQFtAQCCAoBO7lUAAAAAAEDAwc="}
00444{"flow_id":437,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6182,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347706,"pkt_ts_usec":399769,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6pjZqykETBmuKKAScSAuywAAAgQFtAQCCAoD5YrJATu5VAEDAwc="}
00432{"flow_id":437,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6183,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347706,"pkt_ts_usec":400536,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F3RAAD4GrmSsEAABwKgKMuqYAFBMGa4o2aspBYAQAOXN0gAAAQEICgE7uVQD5YrJ"}
@@ -3913,50 +3913,50 @@
00432{"flow_id":435,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347708,"pkt_ts_usec":809735,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00ERAAD4G9ZOsEAABwKgKMup8AFAHaGb7AhkSroARAOVH9wAAAQEICgE7u68D5Ygt"}
00433{"flow_id":435,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347708,"pkt_ts_usec":809952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0n41AAEAGJEvAqAoyrBAAAQBQ6nwCGRKuB2hm\/IARAONDAgAAAQEICgPljSMBO7uv"}
00432{"flow_id":435,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347708,"pkt_ts_usec":810536,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00EVAAD4G9ZKsEAABwKgKMup8AFAHaGb8AhkSr4AQAOVDAAAAAQEICgE7u68D5Y0j"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1499347709252,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_first_seen":1499347709252,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":438,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6202,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347709,"pkt_ts_usec":252943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8u61AAD4GCiOsEAABwKgKMuq0AFAeNwewAAAAAKACchCQvwAAAgQFtAQCCAoBO7wdAAAAAAEDAwc="}
00444{"flow_id":438,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6203,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347709,"pkt_ts_usec":253070,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6rSwITsWHjcHsaAScSAU7wAAAgQFtAQCCAoD5Y2SATu8HQEDAwc="}
00432{"flow_id":438,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347709,"pkt_ts_usec":253824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u65AAD4GCiqsEAABwKgKMuq0AFAeNwexsCE7F4AQAOWz9QAAAQEICgE7vB4D5Y2S"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":358,"flow_packet_id":7,"flow_first_seen":1499347574366,"flow_last_seen":1499347579775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":7,"flow_first_seen":1499347575652,"flow_last_seen":1499347580775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":7,"flow_first_seen":1499347578164,"flow_last_seen":1499347583775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58690,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":361,"flow_packet_id":6,"flow_first_seen":1499347579405,"flow_last_seen":1499347584775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":362,"flow_packet_id":6,"flow_first_seen":1499347580693,"flow_last_seen":1499347585776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":363,"flow_packet_id":6,"flow_first_seen":1499347583209,"flow_last_seen":1499347588776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58744,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":6,"flow_first_seen":1499347584472,"flow_last_seen":1499347589778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":436,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6211,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347710,"pkt_ts_usec":810881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0orBAAD4GIyisEAABwKgKMuqKAFDjSRq+lgq6aYARAOV5SAAAAQEICgE7vaMD5YmI"}
00432{"flow_id":436,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6212,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347710,"pkt_ts_usec":811098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0NXFAAEAGjmfAqAoyrBAAAQBQ6oqWCrpp40kav4ARAONzuQAAAQEICgPljxgBO72j"}
00433{"flow_id":436,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6213,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347710,"pkt_ts_usec":811821,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0orFAAD4GIyesEAABwKgKMuqKAFDjSRq\/lgq6aoAQAOVztwAAAQEICgE7vaMD5Y8Y"}
00432{"flow_id":437,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6214,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347711,"pkt_ts_usec":811341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F3VAAD4GrmOsEAABwKgKMuqYAFBMGa4o2aspBYARAOXIiAAAAQEICgE7vp0D5YrJ"}
00432{"flow_id":437,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6215,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347711,"pkt_ts_usec":811559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uRdAAEAGCsHAqAoyrBAAAQBQ6pjZqykFTBmuKYARAOPDQAAAAQEICgPlkBIBO76d"}
00432{"flow_id":437,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6216,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347711,"pkt_ts_usec":812303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0F3ZAAD4GrmKsEAABwKgKMuqYAFBMGa4p2aspBoAQAOXDPgAAAQEICgE7vp0D5ZAS"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1499347712277,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_first_seen":1499347712277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":439,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277123,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nw9AAD4GJsGsEAABwKgKMurmAFCpjSAeAAAAAKACchDp1AAAAgQFtAQCCAoBO78RAAAAAAEDAwc="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1499347712277,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_first_seen":1499347712277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":440,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6218,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277163,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81Z1AAD4G8DKsEAABwKgKMuroAFDnlWqMAAAAAKACchBhXAAAAgQFtAQCCAoBO78RAAAAAAEDAwc="}
00445{"flow_id":440,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6219,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277240,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6ui8Jpzg55VqjaAScSB0yAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="}
00445{"flow_id":439,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6220,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277246,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6uYE2QpnqY0gH6AScSBHCAAAAgQFtAQCCAoD5ZCGATu\/EQEDAwc="}
00432{"flow_id":440,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6221,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277819,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01Z5AAD4G8DmsEAABwKgKMuroAFDnlWqNvCac4YAQAOUTzwAAAQEICgE7vxID5ZCG"}
00432{"flow_id":439,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6222,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347712,"pkt_ts_usec":277829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nxBAAD4GJsisEAABwKgKMurmAFCpjSAfBNkKaIAQAOXmDgAAAQEICgE7vxID5ZCG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1499347713588,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_first_seen":1499347713588,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":441,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6229,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347713,"pkt_ts_usec":588576,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P+JAAD4Ghe6sEAABwKgKMur6AFB3+v+7AAAAAKACchA6bgAAAgQFtAQCCAoBO8BZAAAAAAEDAwc="}
00446{"flow_id":441,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347713,"pkt_ts_usec":588680,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6vp4zY2Qd\/r\/vKAScSCfOwAAAgQFtAQCCAoD5ZHOATvAWQEDAwc="}
00432{"flow_id":441,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6231,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347713,"pkt_ts_usec":589455,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P+NAAD4GhfWsEAABwKgKMur6AFB3+v+8eM2NkYAQAOU+QwAAAQEICgE7wFkD5ZHO"}
00432{"flow_id":438,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6238,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347714,"pkt_ts_usec":811326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u69AAD4GCimsEAABwKgKMuq0AFAeNwexsCE7F4ARAOWuhwAAAQEICgE7wYsD5Y2S"}
00432{"flow_id":438,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6239,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347714,"pkt_ts_usec":811543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qBdAAEAGG8HAqAoyrBAAAQBQ6rSwITsXHjcHsoARAOOpGgAAAQEICgPlkwABO8GL"}
00432{"flow_id":438,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6240,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347714,"pkt_ts_usec":812103,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0u7BAAD4GCiisEAABwKgKMuq0AFAeNweysCE7GIAQAOWpGAAAAQEICgE7wYsD5ZMA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1499347716243,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_first_seen":1499347716243,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":442,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6247,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347716,"pkt_ts_usec":243461,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA821BAAD4G6n+sEAABwKgKMusUAFBsBhmhAAAAAKACchApywAAAgQFtAQCCAoBO8LxAAAAAAEDAwc="}
00444{"flow_id":442,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6248,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347716,"pkt_ts_usec":243592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6xT1wuHkbAYZoqAScSC6tgAAAgQFtAQCCAoD5ZRmATvC8QEDAwc="}
00432{"flow_id":442,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6249,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347716,"pkt_ts_usec":244352,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA021FAAD4G6oasEAABwKgKMusUAFBsBhmi9cLh5YAQAOVZvgAAAQEICgE7wvED5ZRm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1499347717533,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_first_seen":1499347717533,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":443,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6256,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347717,"pkt_ts_usec":533777,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GKhAAD4GrSisEAABwKgKMusiAFDZTNycAAAAAKACchD4NwAAAgQFtAQCCAoBO8Q0AAAAAAEDAwc="}
00444{"flow_id":443,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6257,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347717,"pkt_ts_usec":533949,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6yL+myOL2UzcnaAScSA9YgAAAgQFtAQCCAoD5ZWoATvENAEDAwc="}
00433{"flow_id":443,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6258,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347717,"pkt_ts_usec":534514,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GKlAAD4GrS+sEAABwKgKMusiAFDZTNyd\/psjjIAQAOXcaQAAAQEICgE7xDQD5ZWo"}
@@ -3969,23 +3969,23 @@
00432{"flow_id":441,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6271,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347718,"pkt_ts_usec":814003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P+RAAD4GhfSsEAABwKgKMur6AFB3+v+8eM2NkYARAOU5JwAAAQEICgE7xXQD5ZHO"}
00435{"flow_id":441,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347718,"pkt_ts_usec":814209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0G3lAAEAGqF\/AqAoyrBAAAQBQ6vp4zY2Rd\/r\/vYARAOM0DgAAAQEICgPllugBO8V0"}
00432{"flow_id":441,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6273,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347718,"pkt_ts_usec":814992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P+VAAD4GhfOsEAABwKgKMur6AFB3+v+9eM2NkoAQAOU0DAAAAQEICgE7xXQD5Zbo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1499347720094,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_first_seen":1499347720094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":444,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6280,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347720,"pkt_ts_usec":94904,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qt5AAD4GGvKsEAABwKgKMus8AFAqiGxqAAAAAKACchAUlQAAAgQFtAQCCAoBO8a0AAAAAAEDAwc="}
00443{"flow_id":444,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6281,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347720,"pkt_ts_usec":95052,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6zwJv9VKKohsa6AScSCaWwAAAgQFtAQCCAoD5ZgpATvGtAEDAwc="}
00432{"flow_id":444,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6282,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347720,"pkt_ts_usec":95794,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qt9AAD4GGvmsEAABwKgKMus8AFAqiGxrCb\/VS4AQAOU5YwAAAQEICgE7xrQD5Zgp"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1499347721376,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":6,"flow_first_seen":1499347585744,"flow_last_seen":1499347590777,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":6,"flow_first_seen":1499347588270,"flow_last_seen":1499347593778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":6,"flow_first_seen":1499347589555,"flow_last_seen":1499347594779,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":6,"flow_first_seen":1499347592060,"flow_last_seen":1499347597780,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":6,"flow_first_seen":1499347593330,"flow_last_seen":1499347598782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6286,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":6,"flow_first_seen":1499347594595,"flow_last_seen":1499347599780,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_first_seen":1499347721376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":445,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6289,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347721,"pkt_ts_usec":376008,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UaNAAD4GdC2sEAABwKgKMutKAFCqmpZXAAAAAKACchBpRwAAAgQFtAQCCAoBO8f0AAAAAAEDAwc="}
00444{"flow_id":445,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6290,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347721,"pkt_ts_usec":376131,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ60r+f8PRqpqWWKAScSAKhgAAAgQFtAQCCAoD5ZlpATvH9AEDAwc="}
00435{"flow_id":445,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6291,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347721,"pkt_ts_usec":376925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UaRAAD4GdDSsEAABwKgKMutKAFCqmpZY\/n\/D0oAQAOWpjQAAAQEICgE7x\/QD5Zlp"}
@@ -3996,69 +3996,69 @@
00433{"flow_id":443,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6305,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347722,"pkt_ts_usec":813677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GKpAAD4GrS6sEAABwKgKMusiAFDZTNyd\/psjjIARAOXXQAAAAQEICgE7yVwD5ZWo"}
00432{"flow_id":443,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6306,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347722,"pkt_ts_usec":813926,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uVxAAEAGCnzAqAoyrBAAAQBQ6yL+myOM2UzcnoARAOPSGQAAAQEICgPlmtABO8lc"}
00433{"flow_id":443,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347722,"pkt_ts_usec":814566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GKtAAD4GrS2sEAABwKgKMusiAFDZTNye\/psjjYAQAOXSFwAAAQEICgE7yVwD5ZrQ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1499347724082,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":1,"flow_first_seen":1499347724082,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":446,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6311,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347724,"pkt_ts_usec":82614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pn9AAD4Gh1GsEAABwKgKMutkAFAGCvTmAAAAAKACchCsiQAAAgQFtAQCCAoBO8qZAAAAAAEDAwc="}
00443{"flow_id":446,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6312,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347724,"pkt_ts_usec":82786,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ62S3KtySBgr056AScSB5twAAAgQFtAQCCAoD5ZwOATvKmQEDAwc="}
00431{"flow_id":446,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6313,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347724,"pkt_ts_usec":83329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PoBAAD4Gh1isEAABwKgKMutkAFAGCvTntyrck4AQAOUYvwAAAQEICgE7ypkD5ZwO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1499347725355,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":1,"flow_first_seen":1499347725355,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":447,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6320,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":355982,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jaBAAD4GODCsEAABwKgKMutyAFBT4UZ3AAAAAKACchAL1gAAAgQFtAQCCAoBO8vXAAAAAAEDAwc="}
00444{"flow_id":447,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6321,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":356095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ63J14+58U+FGeKAScSAHIwAAAgQFtAQCCAoD5Z1MATvL1wEDAwc="}
00432{"flow_id":447,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6322,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":356675,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaFAAD4GODesEAABwKgKMutyAFBT4UZ4dePufYAQAOWmKgAAAQEICgE7y9cD5Z1M"}
00433{"flow_id":444,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6327,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":814773,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0quBAAD4GGvisEAABwKgKMus8AFAqiGxrCb\/VS4ARAOUzzAAAAQEICgE7zEoD5Zgp"}
00432{"flow_id":444,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6328,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":815062,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0SPRAAEAGeuTAqAoyrBAAAQBQ6zwJv9VLKohsbIARAOMuNwAAAQEICgPlnb8BO8xK"}
00434{"flow_id":444,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6329,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347725,"pkt_ts_usec":815586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0quFAAD4GGvesEAABwKgKMus8AFAqiGxsCb\/VTIAQAOUuNQAAAQEICgE7zEoD5Z2\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1499347726623,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_first_seen":1499347726623,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":448,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6333,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":623497,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cctAAD4GVAWsEAABwKgKMuuAAFD+ZrzfAAAAAKACchDpnAAAAgQFtAQCCAoBO80UAAAAAAEDAwc="}
00445{"flow_id":448,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6334,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":623596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ64DDQROl\/ma84KAScSBxJgAAAgQFtAQCCAoD5Z6JATvNFAEDAwc="}
00432{"flow_id":448,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6335,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":624201,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ccxAAD4GVAysEAABwKgKMuuAAFD+Zrzgw0ETpoAQAOUQLgAAAQEICgE7zRQD5Z6J"}
00434{"flow_id":445,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6339,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":815631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UaVAAD4GdDOsEAABwKgKMutKAFCqmpZY\/n\/D0oARAOWkPAAAAQEICgE7zUQD5Zlp"}
00432{"flow_id":445,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6340,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":815893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XWtAAEAGZm3AqAoyrBAAAQBQ60r+f8PSqpqWWYARAOOe7QAAAQEICgPlnrkBO81E"}
00434{"flow_id":445,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6341,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347726,"pkt_ts_usec":816443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UaZAAD4GdDKsEAABwKgKMutKAFCqmpZZ\/n\/D04AQAOWe6wAAAQEICgE7zUQD5Z65"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1499347729211,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_first_seen":1499347729211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":449,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6351,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":211579,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NhFAAD4Gj7+sEAABwKgKMuuaAFCuIPmKAAAAAKACchD6lgAAAgQFtAQCCAoBO8+bAAAAAAEDAwc="}
00444{"flow_id":449,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6352,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":211710,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ65plKrngriD5i6AScSA3dQAAAgQFtAQCCAoD5aEQATvPmwEDAwc="}
00432{"flow_id":449,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":212373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NhJAAD4Gj8asEAABwKgKMuuaAFCuIPmLZSq54YAQAOXWfAAAAQEICgE7z5sD5aEQ"}
00432{"flow_id":446,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6357,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":817239,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PoFAAD4Gh1esEAABwKgKMutkAFAGCvTntyrck4ARAOUTJQAAAQEICgE70DID5ZwO"}
00432{"flow_id":446,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6358,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":817456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fTRAAEAGRqTAqAoyrBAAAQBQ62S3KtyTBgr06IARAOMNjQAAAQEICgPloacBO9Ay"}
00432{"flow_id":446,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6359,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347729,"pkt_ts_usec":818189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PoJAAD4Gh1asEAABwKgKMutkAFAGCvTotyrclIAQAOUNigAAAQEICgE70DMD5aGn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1499347730501,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_first_seen":1499347730501,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":450,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6363,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":501574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83upAAD4G5uWsEAABwKgKMuuoAFBoeQ40AAAAAKACchAqRAAAAgQFtAQCCAoBO9DeAAAAAAEDAwc="}
00444{"flow_id":450,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6364,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":501671,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ66jFwizsaHkONaAScSCSPAAAAgQFtAQCCAoD5aJSATvQ3gEDAwc="}
00432{"flow_id":450,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":502460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03utAAD4G5uysEAABwKgKMuuoAFBoeQ41xcIs7YAQAOUxRAAAAQEICgE70N4D5aJS"}
00432{"flow_id":447,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6369,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":817366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaJAAD4GODasEAABwKgKMutyAFBT4UZ4dePufYARAOWg0wAAAQEICgE70S0D5Z1M"}
00432{"flow_id":447,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6370,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":817612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TNxAAEAGdvzAqAoyrBAAAQBQ63J14+59U+FGeYARAOObfwAAAQEICgPloqEBO9Et"}
00432{"flow_id":447,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6371,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347730,"pkt_ts_usec":818343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jaNAAD4GODWsEAABwKgKMutyAFBT4UZ5dePufoAQAOWbfQAAAQEICgE70S0D5aKh"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1499347731797,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":6,"flow_first_seen":1499347602223,"flow_last_seen":1499347607783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":6,"flow_first_seen":1499347603507,"flow_last_seen":1499347608786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":6,"flow_first_seen":1499347604752,"flow_last_seen":1499347609784,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":6,"flow_first_seen":1499347597121,"flow_last_seen":1499347602781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":6,"flow_first_seen":1499347598383,"flow_last_seen":1499347603782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6372,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":6,"flow_first_seen":1499347599663,"flow_last_seen":1499347604783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":1,"flow_first_seen":1499347731797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":451,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6375,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":797840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84K9AAD4G5SCsEAABwKgKMuu2AFCGTjKNAAAAAKACchDmwwAAAgQFtAQCCAoBO9IiAAAAAAEDAwc="}
00444{"flow_id":451,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6376,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":797935,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ67ZFR3+Dhk4yjqAScSB7XAAAAgQFtAQCCAoD5aOWATvSIgEDAwc="}
00433{"flow_id":451,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6377,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":798629,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04LBAAD4G5SesEAABwKgKMuu2AFCGTjKORUd\/hIAQAOUaZAAAAQEICgE70iID5aOW"}
00432{"flow_id":448,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6381,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":817655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cc1AAD4GVAusEAABwKgKMuuAAFD+Zrzgw0ETpoARAOULGgAAAQEICgE70icD5Z6J"}
00433{"flow_id":448,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6382,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":817811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0sD1AAEAGE5vAqAoyrBAAAQBQ64DDQROm\/ma84YARAOMGCQAAAQEICgPlo5sBO9In"}
00432{"flow_id":448,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6383,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347731,"pkt_ts_usec":818403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cc5AAD4GVAqsEAABwKgKMuuAAFD+Zrzhw0ETp4AQAOUGBwAAAQEICgE70icD5aOb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1499347733083,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":1,"flow_first_seen":1499347733083,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":452,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6387,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347733,"pkt_ts_usec":83460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vJAAD4Gxt2sEAABwKgKMuvEAFCmnS2RAAAAAKACchDKIQAAAgQFtAQCCAoBO9NjAAAAAAEDAwc="}
00443{"flow_id":452,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6388,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347733,"pkt_ts_usec":83627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ68TrnH4qpp0tkqAScSC4ewAAAgQFtAQCCAoD5aTYATvTYwEDAwc="}
00432{"flow_id":452,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6389,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347733,"pkt_ts_usec":84166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vNAAD4GxuSsEAABwKgKMuvEAFCmnS2S65x+K4AQAOVXgwAAAQEICgE702MD5aTY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1499347734348,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_first_seen":1499347734348,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":453,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":348737,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gzpAAD4GQpasEAABwKgKMuvSAFDIKlelAAAAAKACchB9NgAAAgQFtAQCCAoBO9SfAAAAAAEDAwc="}
00444{"flow_id":453,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":348867,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ69JCAHRCyCpXpqAScSAd2QAAAgQFtAQCCAoD5aYUATvUnwEDAwc="}
00432{"flow_id":453,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":349426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gztAAD4GQp2sEAABwKgKMuvSAFDIKlemQgB0Q4AQAOW83wAAAQEICgE71KAD5aYU"}
00432{"flow_id":449,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6403,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":818428,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NhNAAD4Gj8WsEAABwKgKMuuaAFCuIPmLZSq54YARAOXRAQAAAQEICgE71RUD5aEQ"}
00432{"flow_id":449,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6404,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":818654,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0H2tAAEAGpG3AqAoyrBAAAQBQ65plKrnhriD5jIARAOPLiAAAAQEICgPlpooBO9UV"}
00432{"flow_id":449,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6405,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347734,"pkt_ts_usec":819205,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NhRAAD4Gj8SsEAABwKgKMuuaAFCuIPmMZSq54oAQAOXLhgAAAQEICgE71RUD5aaK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1499347735664,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_first_seen":1499347735664,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":454,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6409,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347735,"pkt_ts_usec":664516,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QgpAAD4Gg8asEAABwKgKMuvgAFB2opfiAAAAAKACchCNKgAAAgQFtAQCCAoBO9XoAAAAAAEDAwc="}
00445{"flow_id":454,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6410,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347735,"pkt_ts_usec":664610,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6+DN1JXXdqKX46AScSB\/GgAAAgQFtAQCCAoD5addATvV6AEDAwc="}
00432{"flow_id":454,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6411,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347735,"pkt_ts_usec":665384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QgtAAD4Gg82sEAABwKgKMuvgAFB2opfjzdSV2IAQAOUeIQAAAQEICgE71ekD5add"}
@@ -4068,46 +4068,46 @@
00433{"flow_id":451,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6421,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347736,"pkt_ts_usec":819316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04LFAAD4G5SasEAABwKgKMuu2AFCGTjKORUd\/hIARAOUVfAAAAQEICgE71wkD5aOW"}
00433{"flow_id":451,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6422,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347736,"pkt_ts_usec":819502,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01\/pAAEAG693AqAoyrBAAAQBQ67ZFR3+Ehk4yj4ARAOMQlQAAAQEICgPlqH4BO9cJ"}
00433{"flow_id":451,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6423,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347736,"pkt_ts_usec":820049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA04LJAAD4G5SWsEAABwKgKMuu2AFCGTjKPRUd\/hYAQAOUQkwAAAQEICgE71wkD5ah+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1499347738229,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_first_seen":1499347738229,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":455,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6430,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":229231,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bexAAD4GV+SsEAABwKgKMuv6AFCQibWGAAAAAKACchBTAwAAAgQFtAQCCAoBO9hqAAAAAAEDAwc="}
00445{"flow_id":455,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6431,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":229408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ6\/pIUQYXkIm1h6AScSBXtgAAAgQFtAQCCAoD5aneATvYagEDAwc="}
00432{"flow_id":455,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6432,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":229931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0be1AAD4GV+usEAABwKgKMuv6AFCQibWHSFEGGIAQAOX2vQAAAQEICgE72GoD5ane"}
00433{"flow_id":452,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6436,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":819587,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vRAAD4GxuOsEAABwKgKMuvEAFCmnS2S65x+K4ARAOVR6AAAAQEICgE72P0D5aTY"}
00432{"flow_id":452,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6437,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":819834,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01FlAAEAG737AqAoyrBAAAQBQ68TrnH4rpp0tk4ARAONMTwAAAQEICgPlqnIBO9j9"}
00433{"flow_id":452,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6438,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347738,"pkt_ts_usec":820356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMuvEAFCmnS2T65x+LIAQAOVMTQAAAQEICgE72P0D5apy"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1499347739497,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_first_seen":1499347739497,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":456,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6442,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":497368,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XjZAAD4GZ5qsEAABwKgKMuwIAFCYkYeRAAAAAKACchB3pQAAAgQFtAQCCAoBO9mnAAAAAAEDAwc="}
00444{"flow_id":456,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6443,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":497465,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7AiW6z+EmJGHkqAScSDzEwAAAgQFtAQCCAoD5asbATvZpwEDAwc="}
00433{"flow_id":456,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6444,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":498265,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XjdAAD4GZ6GsEAABwKgKMuwIAFCYkYeSlus\/hYAQAOWSGwAAAQEICgE72acD5asb"}
00432{"flow_id":453,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6448,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":819695,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gzxAAD4GQpysEAABwKgKMuvSAFDIKlemQgB0Q4ARAOW3hwAAAQEICgE72fcD5aYU"}
00432{"flow_id":453,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6449,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":819941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03y9AAEAG5KjAqAoyrBAAAQBQ69JCAHRDyCpXp4ARAOOyMAAAAQEICgPlq2wBO9n3"}
00432{"flow_id":453,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6450,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347739,"pkt_ts_usec":820491,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gz1AAD4GQpusEAABwKgKMuvSAFDIKlenQgB0RIAQAOWyLgAAAQEICgE72fcD5ats"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1499347740751,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_first_seen":1499347740751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":457,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6454,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":751827,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8V35AAD4GblKsEAABwKgKMuwWAFBKCo2eAAAAAKACchC+2AAAAgQFtAQCCAoBO9rgAAAAAAEDAwc="}
00444{"flow_id":457,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6455,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":751958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Bb1vAeUSgqNn6AScSASLAAAAgQFtAQCCAoD5axVATva4AEDAwc="}
00432{"flow_id":457,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6456,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":752516,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V39AAD4GblmsEAABwKgKMuwWAFBKCo2f9bwHlYAQAOWxMwAAAQEICgE72uAD5axV"}
00432{"flow_id":454,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6460,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":820415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QgxAAD4Gg8ysEAABwKgKMuvgAFB2opfjzdSV2IARAOUZGAAAAQEICgE72vED5add"}
00432{"flow_id":454,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6461,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":820603,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Ob5AAEAGihrAqAoyrBAAAQBQ6+DN1JXYdqKX5IARAOMUEAAAAQEICgPlrGYBO9rx"}
00432{"flow_id":454,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6462,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347740,"pkt_ts_usec":821372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Qg1AAD4Gg8usEAABwKgKMuvgAFB2opfkzdSV2YAQAOUUDQAAAQEICgE72vID5axm"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_tot_l4_data_len":242778,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1902,"flow_avg_l4_data_len":770,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1499347743331,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":6,"flow_first_seen":1499347606078,"flow_last_seen":1499347611787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":6,"flow_first_seen":1499347607344,"flow_last_seen":1499347612785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":6,"flow_first_seen":1499347608596,"flow_last_seen":1499347613787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59016,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":6,"flow_first_seen":1499347612465,"flow_last_seen":1499347617785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":6,"flow_first_seen":1499347613718,"flow_last_seen":1499347618787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59070,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6463,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":342,"flow_packet_id":315,"flow_first_seen":1499347547687,"flow_last_seen":1499347614979,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232682,"flow_avg_l4_payload_len":738,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58360,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":1,"flow_first_seen":1499347743331,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":458,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6472,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":331813,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iytAAD4GOqWsEAABwKgKMuwwAFCeqlZOAAAAAKACchCe6QAAAgQFtAQCCAoBO91lAAAAAAEDAwc="}
00444{"flow_id":458,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6473,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":331943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7DCbKjZEnqpWT6AScSAbmgAAAgQFtAQCCAoD5a7aATvdZQEDAwc="}
00432{"flow_id":458,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6474,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":332700,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iyxAAD4GOqysEAABwKgKMuwwAFCeqlZPmyo2RYAQAOW6oQAAAQEICgE73WUD5a7a"}
00432{"flow_id":455,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6478,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":821949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0be5AAD4GV+qsEAABwKgKMuv6AFCQibWHSFEGGIARAOXxRgAAAQEICgE73eAD5ane"}
00433{"flow_id":455,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6479,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":822221,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qUxAAEAGGozAqAoyrBAAAQBQ6\/pIUQYYkIm1iIARAOPr0QAAAQEICgPlr1QBO93g"}
00432{"flow_id":455,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6480,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347743,"pkt_ts_usec":822741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0be9AAD4GV+msEAABwKgKMuv6AFCQibWISFEGGYAQAOXrzwAAAQEICgE73eAD5a9U"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1499347744595,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":1,"flow_first_seen":1499347744595,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":459,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6484,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347744,"pkt_ts_usec":595039,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGtAAD4GPWWsEAABwKgKMuw+AFAw9lbKAAAAAKACchAK2AAAAgQFtAQCCAoBO96hAAAAAAEDAwc="}
00444{"flow_id":459,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6485,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347744,"pkt_ts_usec":595166,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7D5E+wDpMPZWy6AScSAR1wAAAgQFtAQCCAoD5bAWATveoQEDAwc="}
00432{"flow_id":459,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6486,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347744,"pkt_ts_usec":595930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iGxAAD4GPWysEAABwKgKMuw+AFAw9lbLRPsA6oAQAOWw3gAAAQEICgE73qED5bAW"}
@@ -4118,11 +4118,11 @@
00433{"flow_id":457,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347745,"pkt_ts_usec":823816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ttxAAEAGDPzAqAoyrBAAAQBQ7Bb1vAeVSgqNoIARAOOnSwAAAQEICgPlsUkBO9\/U"}
00432{"flow_id":457,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6498,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347745,"pkt_ts_usec":824578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0V4FAAD4GblesEAABwKgKMuwWAFBKCo2g9bwHloAQAOWnSQAAAQEICgE739QD5bFJ"}
00947{"flow_id":458,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347746,"pkt_ts_usec":913923,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGziy1AAD4GOSysEAABwKgKMuwwAFCeqlZPmyo2RYAYAOVmKQAAAQEICgE74OUD5a7aR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6505,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":4,"flow_first_seen":1499347743331,"flow_last_seen":1499347746913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":458,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6506,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347746,"pkt_ts_usec":914058,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hBxAAEAGP7zAqAoyrBAAAQBQ7DCbKjZFnqpXzoAQAOuyHQAAAQEICgPlslkBO+Dl"}
02829{"flow_id":458,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6507,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347746,"pkt_ts_usec":917362,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfhB1AAEAGONDAqAoyrBAAAQBQ7DCbKjZFnqpXzoAYAOt9\/QAAAQEICgPlsloBO+DlSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI5OjA2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00432{"flow_id":458,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6508,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347746,"pkt_ts_usec":918045,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iy5AAD4GOqqsEAABwKgKMuwwAFCeqlfOmyo9MIAQAQCrGwAAAQEICgE74OYD5bJa"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1499347747187,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":1,"flow_first_seen":1499347747187,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":460,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347747,"pkt_ts_usec":187648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eZ5AAD4GTDKsEAABwKgKMuxYAFDkpJi3AAAAAKACchASmgAAAgQFtAQCCAoBO+EpAAAAAAEDAwc="}
00444{"flow_id":460,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347747,"pkt_ts_usec":187775,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7FgZ9EBx5KSYuKAScSACkAAAAgQFtAQCCAoD5bKeATvhKQEDAwc="}
00432{"flow_id":460,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6511,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347747,"pkt_ts_usec":188323,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eZ9AAD4GTDmsEAABwKgKMuxYAFDkpJi4GfRAcoAQAOWhlwAAAQEICgE74SkD5bKe"}
@@ -4132,43 +4132,43 @@
00948{"flow_id":458,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6515,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":201174,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzizFAAD4GOSisEAABwKgKMuwwAFCeqloXmypEe4AYAR1O7AAAAQEICgE74icD5bKfR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":458,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6516,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":204239,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcehCFAAEAGOM3AqAoyrBAAAQBQ7DCbKkR7nqpbloAYAP19\/AAAAQEICgPls5wBO+InSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI5OjA3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":458,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6517,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":204951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0izJAAD4GOqasEAABwKgKMuwwAFCeqluWmypLZYAQATmWYgAAAQEICgE74icD5bOc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1499347748472,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_first_seen":1499347748472,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":461,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6518,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":472415,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W1pAAD4GanasEAABwKgKMuxmAFDolLkwAAAAAKACchDs4QAAAgQFtAQCCAoBO+JqAAAAAAEDAwc="}
00444{"flow_id":461,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6519,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":472557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Gb4tplB6JS5MaAScSCkAwAAAgQFtAQCCAoD5bPfATviagEDAwc="}
00432{"flow_id":461,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6520,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":473155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W1tAAD4Gan2sEAABwKgKMuxmAFDolLkx+LaZQoAQAOVDCgAAAQEICgE74msD5bPf"}
01216{"flow_id":458,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6521,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":473814,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9izNAAD4GOFysEAABwKgKMuwwAFCeqluWmypLZYAYATlaxAAAAQEICgE74msD5bOcR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjcxWFRRSk5KUVFNSkNPQlg1UkhEODhRTElUMUpTTDZVSkhNQzQySzVTSlJVOEpGWktRQSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02961{"flow_id":458,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6522,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347748,"pkt_ts_usec":477243,"pkt_caplen":1934,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1934,"pkt_l4_len":1900,"pkt":"AMGxFOsxABm5CmnxCABFAAeAhCNAAEAGOGnAqAoyrBAAAQBQ7DCbKktlnqpd34AYAQd+XgAAAQEICgPls+ABO+JrSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjI5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNw0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Ye08bORD\/G6R+B59POqBS1k17PVGabAUJHFBogU0Kdzpp5ew6iYl3vbW9CXz7G+8jWZ5hGyQUvPY8fuMZj2f8Zr31W\/d7p\/fP2T4am0igs\/7eyVEH4QYhlx86hHR7XXR12Ds9QU3nHfKM4oEhZP8bRnhsTLJDyGw2c2YfHKlGpHdBbqyUpmUrhg2d8TihCbH7Zv3NeivTcxOJWLcfkdH89OlTzpqTr7XGjIYwXFtrRcxQZFka7GfKp23ckbFhsWn0bhOGUZB\/tbFhN4ZYEZ9RMKZKM9Pu9w4a2xiRXOZay3AjmPsjFTFTdMAFN7c76IINBQsMC1FHSa2Rxw1DXqB4Yng8QptXnreFdnZQl0YxKnkFQ5dsgHaTRPCAGi5jtNn9cbm7haZNp\/kOve2yKRMyiQDa2xbJFRcoBI8nSDHRxtrcCqbHjBmMDFhTGBFojdFYsWEbOw6Bv3A6o3aWRJTHTrZMHkrjsBWlnP94REeMwNRdSUM6tWROtjCXoTNrqxCu6ZTmsxhpFdwBcq2z\/2egwLnW2G2RnLLwHClcZ8cDGd6iQFBtvS4jhnOXhnyKeNjG1ndgEVOF1ytLVkhlfq3Fo9EDJJmRmgg5kk4SjzCiAgJhiaMWdgNWUPdAtd1kHxyXVrQ\/WPMTGoYszA0CglSUdtrVPSGDid0awZGMA1A9aeMZj0M5c2Apw9HeyC1xNnDJCgz0jrsc7B7CtrUIhV0W3F1\/iUAew+lLAzulnWScPCP\/Pil2jyoz9dTCgUuTJfrmNNj17BAROH4wibp7FWUkFe4KGzqtnG8O4TFQqWHkGVSPM2B3z\/5HB1IFNT1wXyC7YUEdABk9djsyimgcoqP4mmUeWQ1FoNWwDoqMHlB4FwerKR5y4nxJ4Ki2OXCmIVsSJS\/ix+4Bh8N9ZGf0ynuTJkLSsM7uFBwFjH72taJ\/aGLg5qrlooIlO7csSBVDnd2zXudwdzUo+qfgdXBk9HCmz09eK1itRH8Al1stp1S47qFBm3t2ems1VDNGJz6vBalkwe4ljJDHtI1WdNStmV7vy73R2q8FJGfALtQzUKt8P11xK6w4VdGvWV5FvQiHKnHMi69XQKPr7oYuUXhGqrsQVryCsrMI1eXS63BBhl1bP0J85FP1tgP4eTyUS9RVqLB7dngGp2Mo6ymiA5maJWrmNNjdtcPX21Zb6C1VvyDC7kk2vgegqNju1H5PF4K2hF0UgtDJ2NVCt12rFoKtcfNXugsomZtFwVwRPp1XsH4gQ+ZTxWhRPw+lilBMI6jWgR\/K3izFtfHvGEG3NJaA\/e\/9XlGbtpLC4ssxNRsa3cpUZcxfyso6TtJq8Y8L0fZ3Xt9WiXQ6iDiQTalI4dPLPwttJHHzpoJYlDneRDH3kAkhUdFquFD5aykYeHi0udG86p0ffzs+Pz897nzfu\/p4cdjd3j4\/Oeo1j72Tv\/rHh6edP99\/\/egdX\/S3jw\/+\/Xq+u7H1uSohlEFqOy0nkHLC2dbneUsCcBTLXLPwcGv83j2FA5+Fv4poflnBpF0r4gOicRFXtvnURcMqZ1QnWc8KIcpubJiRzLMNDZ715571M89CO0bVCDpRDLcSjSfY\/XVZ8yiujQ+4fahSDFP+PrR1YK7fgf7K+F7RetbE+Ly85ThZ7Mz4hCcs5DQTbb+qluvS8qexvVzG83gKM4MRnyfjQEb2emgM6U8ne5J4FMQLGF+kOcdJBVOmmUl4Vt0D6qqOIrvloV52rgMF\/W7+W6awJ1JekXcCwaian+bH8qK+1YZFvr1LHs0Pg9QY22cX+eEHZzMExz+Z5+xEJmnil2Qy7uRZf\/HosAMU\/WQTPXHbT0GiPwaJNhy\/AKSspvijdERbyNkG2sIuWgrLg2QYsNcFpjOZS6HZ3aSCjyBvCzaE\/NlikdvXTNm8u9Mi8IVoGPG4cCF8l8UBOrGvSwUNSFxQwK1+1PWKlZBre32EpRefdOhQSnPnsSVxV3ntSh67VqsJmNiLM38XzF7s3P8B6AS4bZIUAAA="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1499347749751,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_first_seen":1499347749751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":462,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6527,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":751996,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IJFAAD4GpT+sEAABwKgKMux0AFD35MM7AAAAAKACchDSOAAAAgQFtAQCCAoBO+OqAAAAAAEDAwc="}
00444{"flow_id":462,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6528,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":752119,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7HSHR7QM9+TDPKAScSDevgAAAgQFtAQCCAoD5bUfATvjqgEDAwc="}
00432{"flow_id":462,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6529,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":752875,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJJAAD4GpUasEAABwKgKMux0AFD35MM8h0e0DYAQAOV9xgAAAQEICgE746oD5bUf"}
00432{"flow_id":459,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6533,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":824600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iG1AAD4GPWusEAABwKgKMuw+AFAw9lbLRPsA6oARAOWrwgAAAQEICgE747wD5bAW"}
00432{"flow_id":459,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6534,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":824845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0tdtAAEAGDf3AqAoyrBAAAQBQ7D5E+wDqMPZWzIARAOOmqAAAAQEICgPltTEBO+O8"}
00432{"flow_id":459,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6535,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347749,"pkt_ts_usec":825551,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iG5AAD4GPWqsEAABwKgKMuw+AFAw9lbMRPsA64AQAOWmpQAAAQEICgE7470D5bUx"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1499347752308,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":383,"flow_packet_id":6,"flow_first_seen":1499347616210,"flow_last_seen":1499347621787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":384,"flow_packet_id":6,"flow_first_seen":1499347617491,"flow_last_seen":1499347622787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59110,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":385,"flow_packet_id":6,"flow_first_seen":1499347618757,"flow_last_seen":1499347623788,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59124,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":386,"flow_packet_id":6,"flow_first_seen":1499347621256,"flow_last_seen":1499347626789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":387,"flow_packet_id":6,"flow_first_seen":1499347622524,"flow_last_seen":1499347627790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":388,"flow_packet_id":6,"flow_first_seen":1499347623786,"flow_last_seen":1499347628791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":389,"flow_packet_id":6,"flow_first_seen":1499347625094,"flow_last_seen":1499347630791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6542,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":390,"flow_packet_id":6,"flow_first_seen":1499347626349,"flow_last_seen":1499347631791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59206,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_first_seen":1499347752308,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":463,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":308453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8qStAAD4GHKWsEAABwKgKMuyOAFBMoE8CAAAAAKACchDvHQAAAgQFtAQCCAoBO+YpAAAAAAEDAwc="}
00444{"flow_id":463,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6546,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":308578,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7I5f6lZGTKBPA6AScSB+SAAAAgQFtAQCCAoD5beeATvmKQEDAwc="}
00432{"flow_id":463,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6547,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":309233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qSxAAD4GHKysEAABwKgKMuyOAFBMoE8DX+pWR4AQAOUdTwAAAQEICgE75ioD5bee"}
00432{"flow_id":460,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6551,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":825596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eaBAAD4GTDisEAABwKgKMuxYAFDkpJi4GfRAcoARAOWcFAAAAQEICgE75qsD5bKe"}
00432{"flow_id":460,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6552,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":825814,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+G1AAEAGy2rAqAoyrBAAAQBQ7FgZ9EBy5KSYuYARAOOWlAAAAQEICgPluB8BO+ar"}
00432{"flow_id":460,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347752,"pkt_ts_usec":826361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eaFAAD4GTDesEAABwKgKMuxYAFDkpJi5GfRAc4AQAOWWkgAAAQEICgE75qsD5bgf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1499347753649,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_first_seen":1499347753649,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":464,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6557,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347753,"pkt_ts_usec":649698,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA825ZAAD4G6jmsEAABwKgKMuycAFCJVjzvAAAAAKACchDDHAAAAgQFtAQCCAoBO+d5AAAAAAEDAwc="}
00445{"flow_id":464,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347753,"pkt_ts_usec":649826,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Jyb\/4pAiVY88KAScSDg6AAAAgQFtAQCCAoD5bjtATvneQEDAwc="}
00434{"flow_id":464,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6559,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347753,"pkt_ts_usec":650415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA025dAAD4G6kCsEAABwKgKMuycAFCJVjzwm\/+KQYAQAOV\/8AAAAQEICgE753kD5bjt"}
@@ -4178,44 +4178,44 @@
00432{"flow_id":462,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347754,"pkt_ts_usec":826858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJNAAD4GpUWsEAABwKgKMux0AFD35MM8h0e0DYARAOV40AAAAQEICgE76J8D5bUf"}
00433{"flow_id":462,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6570,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347754,"pkt_ts_usec":827079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0DhlAAEAGtb\/AqAoyrBAAAQBQ7HSHR7QN9+TDPYARAONz3AAAAQEICgPluhQBO+if"}
00432{"flow_id":462,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6571,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347754,"pkt_ts_usec":827634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IJRAAD4GpUSsEAABwKgKMux0AFD35MM9h0e0DoAQAOVz2gAAAQEICgE76J8D5boU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1499347756244,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_first_seen":1499347756244,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":465,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6578,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347756,"pkt_ts_usec":244736,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sh5AAD4GE7KsEAABwKgKMuy2AFCIyFgfAAAAAKACchCl2AAAAgQFtAQCCAoBO+oBAAAAAAEDAwc="}
00444{"flow_id":465,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6579,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347756,"pkt_ts_usec":244833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Lb17AxJiMhYIKAScSDlJQAAAgQFtAQCCAoD5bt2ATvqAQEDAwc="}
00432{"flow_id":465,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6580,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347756,"pkt_ts_usec":245448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sh9AAD4GE7msEAABwKgKMuy2AFCIyFgg9ewMSoAQAOWELAAAAQEICgE76gID5bt2"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1499347757502,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":1,"flow_first_seen":1499347757502,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":466,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6587,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":502001,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UWhAAD4GdGisEAABwKgKMuzEAFA\/lLpUAAAAAKACchCLjgAAAgQFtAQCCAoBO+s8AAAAAAEDAwc="}
00444{"flow_id":466,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6588,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":502159,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7MQtkPNXP5S6VaAScSCq7wAAAgQFtAQCCAoD5bywATvrPAEDAwc="}
00433{"flow_id":466,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6589,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":502760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UWlAAD4GdG+sEAABwKgKMuzEAFA\/lLpVLZDzWIAQAOVJ9wAAAQEICgE76zwD5byw"}
00432{"flow_id":463,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6593,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":827193,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS1AAD4GHKusEAABwKgKMuyOAFBMoE8DX+pWR4ARAOUX6wAAAQEICgE7640D5bee"}
00432{"flow_id":463,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6594,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":827429,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA060VAAEAG2JLAqAoyrBAAAQBQ7I5f6lZHTKBPBIARAOMSiAAAAQEICgPlvQIBO+uN"}
00432{"flow_id":463,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6595,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347757,"pkt_ts_usec":828213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0qS5AAD4GHKqsEAABwKgKMuyOAFBMoE8EX+pWSIAQAOUShgAAAQEICgE7640D5b0C"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1499347758774,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_first_seen":1499347758774,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":467,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":774129,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83kZAAD4G54msEAABwKgKMuzSAFAZPzI8AAAAAKACchA4sAAAAgQFtAQCCAoBO+x6AAAAAAEDAwc="}
00444{"flow_id":467,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6600,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":774286,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7NL2+p6BGT8yPaAScSDiPQAAAgQFtAQCCAoD5b3vATvsegEDAwc="}
00432{"flow_id":467,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6601,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":775001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03kdAAD4G55CsEAABwKgKMuzSAFAZPzI99vqegoAQAOWBRQAAAQEICgE77HoD5b3v"}
00433{"flow_id":464,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6605,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":827347,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA025hAAD4G6j+sEAABwKgKMuycAFCJVjzwm\/+KQYARAOV64QAAAQEICgE77IcD5bjt"}
00433{"flow_id":464,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6606,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":827608,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0N71AAEAGjBvAqAoyrBAAAQBQ7Jyb\/4pBiVY88YARAON10wAAAQEICgPlvfwBO+yH"}
00433{"flow_id":464,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6607,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347758,"pkt_ts_usec":828328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA025lAAD4G6j6sEAABwKgKMuycAFCJVjzxm\/+KQoAQAOV10QAAAQEICgE77IcD5b38"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1499347761418,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_first_seen":1499347761418,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":468,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6617,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":418781,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apdAAD4GWzmsEAABwKgKMuzsAFC\/aIWYAAAAAKACchA8ewAAAgQFtAQCCAoBO+8PAAAAAAEDAwc="}
00444{"flow_id":468,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6618,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":418909,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7OwFUgVYv2iFmaAScSBuRgAAAgQFtAQCCAoD5cCEATvvDwEDAwc="}
00433{"flow_id":468,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6619,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":419670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aphAAD4GW0CsEAABwKgKMuzsAFC\/aIWZBVIFWYAQAOUNTgAAAQEICgE77w8D5cCE"}
00432{"flow_id":465,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6623,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":828296,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0siBAAD4GE7isEAABwKgKMuy2AFCIyFgg9ewMSoARAOV+uAAAAQEICgE773UD5bt2"}
00432{"flow_id":465,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6624,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":828509,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zKBAAEAG9zfAqAoyrBAAAQBQ7Lb17AxKiMhYIYARAON5RQAAAQEICgPlwOoBO+91"}
00432{"flow_id":465,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347761,"pkt_ts_usec":829395,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0siFAAD4GE7esEAABwKgKMuy2AFCIyFgh9ewMS4AQAOV5QgAAAQEICgE773YD5cDq"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1499347762675,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":6,"flow_first_seen":1499347627616,"flow_last_seen":1499347632792,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":6,"flow_first_seen":1499347630130,"flow_last_seen":1499347635793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":6,"flow_first_seen":1499347631388,"flow_last_seen":1499347636793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":6,"flow_first_seen":1499347632635,"flow_last_seen":1499347637795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":6,"flow_first_seen":1499347635154,"flow_last_seen":1499347640794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59300,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6626,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":6,"flow_first_seen":1499347636429,"flow_last_seen":1499347641793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_first_seen":1499347762675,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":469,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6629,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347762,"pkt_ts_usec":675533,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U3VAAD4GclusEAABwKgKMuz6AFDBm6M8AAAAAKACchAbXAAAAgQFtAQCCAoBO\/BJAAAAAAEDAwc="}
00444{"flow_id":469,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6630,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347762,"pkt_ts_usec":675693,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7Proa5y3wZujPaAScSDRcwAAAgQFtAQCCAoD5cG+ATvwSQEDAwc="}
00432{"flow_id":469,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6631,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347762,"pkt_ts_usec":676416,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U3ZAAD4GcmKsEAABwKgKMuz6AFDBm6M96GucuIAQAOVwewAAAQEICgE78EkD5cG+"}
@@ -4226,86 +4226,86 @@
00433{"flow_id":467,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6642,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347763,"pkt_ts_usec":830285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XFxAAEAGZ3zAqAoyrBAAAQBQ7NL2+p6CGT8yPoAQAON3ZgAAAQEICgPlwt8BO\/Fq"}
00433{"flow_id":467,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6643,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347763,"pkt_ts_usec":830373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XF1AAEAGZ3vAqAoyrBAAAQBQ7NL2+p6CGT8yPoARAON3ZQAAAQEICgPlwt8BO\/Fq"}
00432{"flow_id":467,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347763,"pkt_ts_usec":831043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0VHVAAD4GcWOsEAABwKgKMuzSAFAZPzI+9vqeg4AQAOV3YwAAAQEICgE78WoD5cLf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1499347765229,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_first_seen":1499347765229,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":470,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6651,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347765,"pkt_ts_usec":229991,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oyZAAD4GIqqsEAABwKgKMu0UAFACp1HuAAAAAKACchApBgAAAgQFtAQCCAoBO\/LIAAAAAAEDAwc="}
00444{"flow_id":470,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6652,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347765,"pkt_ts_usec":230142,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7RRH+ZWsAqdR76AScSCEHQAAAgQFtAQCCAoD5cQ8ATvyyAEDAwc="}
00433{"flow_id":470,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6653,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347765,"pkt_ts_usec":230711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oydAAD4GIrGsEAABwKgKMu0UAFACp1HvR\/mVrYAQAOUjJQAAAQEICgE78sgD5cQ8"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1499347766506,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_first_seen":1499347766506,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":471,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":506592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMu0iAFC65SV2AAAAAKACchCb8gAAAgQFtAQCCAoBO\/QHAAAAAAEDAwc="}
00445{"flow_id":471,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":506720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7SI0\/7eouuUld6AScSDmxwAAAgQFtAQCCAoD5cV8ATv0BwEDAwc="}
00432{"flow_id":471,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6662,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":507484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMu0iAFC65SV3NP+3qYAQAOWFzwAAAQEICgE79AcD5cV8"}
00433{"flow_id":468,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6666,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":829773,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aplAAD4GWz+sEAABwKgKMuzsAFC\/aIWZBVIFWYARAOUIBAAAAQEICgE79FgD5cCE"}
00433{"flow_id":468,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6667,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":829991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0wJVAAEAGA0PAqAoyrBAAAQBQ7OwFUgVZv2iFmoARAOMCvQAAAQEICgPlxcwBO\/RY"}
00433{"flow_id":468,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347766,"pkt_ts_usec":830565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0appAAD4GWz6sEAABwKgKMuzsAFC\/aIWaBVIFWoAQAOUCuwAAAQEICgE79FgD5cXM"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1499347767793,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_first_seen":1499347767793,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":472,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6672,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":793081,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sEFAAD4GFY+sEAABwKgKMu0wAFC7\/0UIAAAAAKACchB59gAAAgQFtAQCCAoBO\/VJAAAAAAEDAwc="}
00445{"flow_id":472,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":793176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7TCCU6kzu\/9FCaAScSCEqwAAAgQFtAQCCAoD5ca9ATv1SQEDAwc="}
00433{"flow_id":472,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":793869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sEJAAD4GFZasEAABwKgKMu0wAFC7\/0UJglOpNIAQAOUjswAAAQEICgE79UkD5ca9"}
00432{"flow_id":469,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6678,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":830507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U3dAAD4GcmGsEAABwKgKMuz6AFDBm6M96GucuIARAOVrcQAAAQEICgE79VID5cG+"}
00433{"flow_id":469,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6679,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":830659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Wn9AAEAGaVnAqAoyrBAAAQBQ7Proa5y4wZujPoARAONmaQAAAQEICgPlxscBO\/VS"}
00432{"flow_id":469,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347767,"pkt_ts_usec":831361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U3hAAD4GcmCsEAABwKgKMuz6AFDBm6M+6GucuYAQAOVmZwAAAQEICgE79VID5cbH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1499347769077,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_first_seen":1499347769077,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":473,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6684,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347769,"pkt_ts_usec":77555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8n3VAAD4GJlusEAABwKgKMu0+AFAozWn\/AAAAAKACchDm4gAAAgQFtAQCCAoBO\/aKAAAAAAEDAwc="}
00443{"flow_id":473,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347769,"pkt_ts_usec":77717,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7T59G4FkKM1qAKAScSAdXgAAAgQFtAQCCAoD5cf+ATv2igEDAwc="}
00431{"flow_id":473,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6686,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347769,"pkt_ts_usec":78439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0n3ZAAD4GJmKsEAABwKgKMu0+AFAozWoAfRuBZYAQAOW8ZQAAAQEICgE79ooD5cf+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1499347770345,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_first_seen":1499347770345,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":474,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6693,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":345574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8anZAAD4GW1qsEAABwKgKMu1MAFBCsJ2xAAAAAKACchCYAgAAAgQFtAQCCAoBO\/fHAAAAAAEDAwc="}
00444{"flow_id":474,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6694,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":345670,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7UyjrEwnQrCdsqAScSDb7AAAAgQFtAQCCAoD5ck7ATv3xwEDAwc="}
00432{"flow_id":474,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6695,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":346469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0andAAD4GW2GsEAABwKgKMu1MAFBCsJ2yo6xMKIAQAOV69AAAAQEICgE798cD5ck7"}
00433{"flow_id":470,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6699,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":830850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oyhAAD4GIrCsEAABwKgKMu0UAFACp1HvR\/mVrYARAOUdrAAAAQEICgE7+EAD5cQ8"}
00433{"flow_id":470,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6700,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":831069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XBhAAEAGZ8DAqAoyrBAAAQBQ7RRH+ZWtAqdR8IARAOMYNAAAAQEICgPlybUBO\/hA"}
00433{"flow_id":470,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6701,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347770,"pkt_ts_usec":831626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oylAAD4GIq+sEAABwKgKMu0UAFACp1HwR\/mVroAQAOUYMgAAAQEICgE7+EAD5cm1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1499347771635,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_first_seen":1499347771635,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":475,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6705,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":635838,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jzNAAD4GNp2sEAABwKgKMu1aAFBxsHY6AAAAAKACchCPKQAAAgQFtAQCCAoBO\/kJAAAAAAEDAwc="}
00445{"flow_id":475,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6706,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":635963,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7VoJ3i\/mcbB2O6AScSCH4AAAAgQFtAQCCAoD5cp+ATv5CQEDAwc="}
00432{"flow_id":475,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6707,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":636742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzRAAD4GNqSsEAABwKgKMu1aAFBxsHY7Cd4v54AQAOUm6AAAAQEICgE7+QkD5cp+"}
00432{"flow_id":471,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":831659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XNAAD4G9GSsEAABwKgKMu0iAFC65SV3NP+3qYARAOWAmwAAAQEICgE7+ToD5cV8"}
00434{"flow_id":471,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6712,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":831868,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fQZAAEAGRtLAqAoyrBAAAQBQ7SI0\/7epuuUleIARAON7aQAAAQEICgPlyq8BO\/k6"}
00432{"flow_id":471,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6713,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347771,"pkt_ts_usec":832407,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XRAAD4G9GOsEAABwKgKMu0iAFC65SV4NP+3qoAQAOV7ZwAAAQEICgE7+ToD5cqv"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":6,"flow_first_seen":1499347637687,"flow_last_seen":1499347642795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":6,"flow_first_seen":1499347640199,"flow_last_seen":1499347645794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59354,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":6,"flow_first_seen":1499347641440,"flow_last_seen":1499347646795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59368,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":6,"flow_first_seen":1499347642716,"flow_last_seen":1499347647795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":6,"flow_first_seen":1499347645232,"flow_last_seen":1499347650797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59408,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6714,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":402,"flow_packet_id":6,"flow_first_seen":1499347646486,"flow_last_seen":1499347651805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59422,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":472,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6717,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347772,"pkt_ts_usec":832276,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sENAAD4GFZWsEAABwKgKMu0wAFC7\/0UJglOpNIARAOUexwAAAQEICgE7+jQD5ca9"}
00434{"flow_id":472,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347772,"pkt_ts_usec":832451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Yp1AAEAGYTvAqAoyrBAAAQBQ7TCCU6k0u\/9FCoARAOMZ3AAAAQEICgPly6kBO\/o0"}
00433{"flow_id":472,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6719,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347772,"pkt_ts_usec":833029,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sERAAD4GFZSsEAABwKgKMu0wAFC7\/0UKglOpNYAQAOUZ2QAAAQEICgE7+jUD5cup"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1499347774205,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_first_seen":1499347774205,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":476,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":205265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pr5AAD4GHxKsEAABwKgKMu10AFBYS10yAAAAAKACchC++QAAAgQFtAQCCAoBO\/uMAAAAAAEDAwc="}
00444{"flow_id":476,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6727,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":205412,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7XSGo4hpWEtdM6AScSDf5QAAAgQFtAQCCAoD5c0AATv7jAEDAwc="}
00432{"flow_id":476,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6728,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":205988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pr9AAD4GHxmsEAABwKgKMu10AFBYS10zhqOIaoAQAOV+7QAAAQEICgE7+4wD5c0A"}
00433{"flow_id":473,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6732,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":832507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0n3dAAD4GJmGsEAABwKgKMu0+AFAozWoAfRuBZYARAOW2xgAAAQEICgE7\/CgD5cf+"}
00433{"flow_id":473,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6733,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":832727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TPhAAEAGduDAqAoyrBAAAQBQ7T59G4FlKM1qAYARAOOxKAAAAQEICgPlzZ0BO\/wo"}
00433{"flow_id":473,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6734,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347774,"pkt_ts_usec":833278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0n3hAAD4GJmCsEAABwKgKMu0+AFAozWoBfRuBZoAQAOWxJQAAAQEICgE7\/CkD5c2d"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1499347775487,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_first_seen":1499347775487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":477,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6738,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":487117,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kr1AAD4GMxOsEAABwKgKMu2CAFDDYm5xAAAAAKACchBBVQAAAgQFtAQCCAoBO\/zMAAAAAAEDAwc="}
00445{"flow_id":477,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6739,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":487244,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7YJb\/j+gw2JucqAScSDUbgAAAgQFtAQCCAoD5c5BATv8zAEDAwc="}
00435{"flow_id":477,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6740,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":487996,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kr5AAD4GMxqsEAABwKgKMu2CAFDDYm5yW\/4\/oYAQAOVzdgAAAQEICgE7\/MwD5c5B"}
00433{"flow_id":474,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":833065,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0anhAAD4GW2CsEAABwKgKMu1MAFBCsJ2yo6xMKIARAOV1lwAAAQEICgE7\/SMD5ck7"}
00433{"flow_id":474,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6745,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":833251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gr9AAEAGQRnAqAoyrBAAAQBQ7UyjrEwoQrCds4ARAONwPAAAAQEICgPlzpcBO\/0j"}
00433{"flow_id":474,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6746,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347775,"pkt_ts_usec":834049,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0anlAAD4GW1+sEAABwKgKMu1MAFBCsJ2zo6xMKYAQAOVwOgAAAQEICgE7\/SMD5c6X"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1499347776753,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_first_seen":1499347776753,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":478,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6750,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":753871,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KqpAAD4GmyasEAABwKgKMu2QAFCtQdSjAAAAAKACchDv+AAAAgQFtAQCCAoBO\/4JAAAAAAEDAwc="}
00444{"flow_id":478,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6751,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":754029,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7ZCBpSP4rUHUpKAScSB31wAAAgQFtAQCCAoD5c99ATv+CQEDAwc="}
00433{"flow_id":478,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6752,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":754557,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KqtAAD4Gmy2sEAABwKgKMu2QAFCtQdSkgaUj+YAQAOUW3wAAAQEICgE7\/gkD5c99"}
00433{"flow_id":475,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6756,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":833358,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzVAAD4GNqOsEAABwKgKMu1aAFBxsHY7Cd4v54ARAOUh0wAAAQEICgE7\/h0D5cp+"}
00434{"flow_id":475,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6757,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":833541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04HZAAEAG42HAqAoyrBAAAQBQ7VoJ3i\/ncbB2PIARAOMcwQAAAQEICgPlz5EBO\/4d"}
00433{"flow_id":475,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347776,"pkt_ts_usec":834141,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jzZAAD4GNqKsEAABwKgKMu1aAFBxsHY8Cd4v6IAQAOUcvwAAAQEICgE7\/h0D5c+R"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1499347779333,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_first_seen":1499347779333,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":479,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6768,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":333285,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eChAAD4GTaisEAABwKgKMu2qAFDZQnimAAAAAKACchAdVgAAAgQFtAQCCAoBPACOAAAAAAEDAwc="}
00444{"flow_id":479,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6769,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":333428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7aoAKzpS2UJ4p6AScSAN0AAAAgQFtAQCCAoD5dICATwAjgEDAwc="}
00432{"flow_id":479,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":333991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eClAAD4GTa+sEAABwKgKMu2qAFDZQninACs6U4AQAOWs1wAAAQEICgE8AI4D5dIC"}
00432{"flow_id":476,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6774,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":834272,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0psBAAD4GHxisEAABwKgKMu10AFBYS10zhqOIaoARAOV5bQAAAQEICgE8AQsD5c0A"}
00432{"flow_id":476,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6775,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":834463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WupAAEAGaO7AqAoyrBAAAQBQ7XSGo4hqWEtdNIARAONz7gAAAQEICgPl0oABPAEL"}
00432{"flow_id":476,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6776,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347779,"pkt_ts_usec":835056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0psFAAD4GHxesEAABwKgKMu10AFBYS100hqOIa4AQAOVz7AAAAQEICgE8AQsD5dKA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1499347780605,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_first_seen":1499347780605,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":480,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347780,"pkt_ts_usec":605080,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Kg9AAD4Gm8GsEAABwKgKMu24AFBtBSvDAAAAAKACchDVKgAAAgQFtAQCCAoBPAHMAAAAAAEDAwc="}
00444{"flow_id":480,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6781,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347780,"pkt_ts_usec":605181,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7bgVufFFbQUrxKAScSD35AAAAgQFtAQCCAoD5dNAATwBzAEDAwc="}
00432{"flow_id":480,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6782,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347780,"pkt_ts_usec":605963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhBAAD4Gm8isEAABwKgKMu24AFBtBSvEFbnxRoAQAOWW7AAAAQEICgE8AcwD5dNA"}
@@ -4315,23 +4315,23 @@
00432{"flow_id":478,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6792,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347781,"pkt_ts_usec":835042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KqxAAD4GmyysEAABwKgKMu2QAFCtQdSkgaUj+YARAOUR6AAAAQEICgE8Av8D5c99"}
00433{"flow_id":478,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6793,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347781,"pkt_ts_usec":835276,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0941AAEAGzErAqAoyrBAAAQBQ7ZCBpSP5rUHUpYARAOMM8gAAAQEICgPl1HQBPAL\/"}
00432{"flow_id":478,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6794,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347781,"pkt_ts_usec":835805,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Kq1AAD4GmyusEAABwKgKMu2QAFCtQdSlgaUj+oAQAOUM8AAAAQEICgE8Av8D5dR0"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1499347783176,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":403,"flow_packet_id":6,"flow_first_seen":1499347647733,"flow_last_seen":1499347652800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":6,"flow_first_seen":1499347650289,"flow_last_seen":1499347655800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":6,"flow_first_seen":1499347651555,"flow_last_seen":1499347656799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":6,"flow_first_seen":1499347654065,"flow_last_seen":1499347659803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":6,"flow_first_seen":1499347655367,"flow_last_seen":1499347660809,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6798,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":6,"flow_first_seen":1499347656622,"flow_last_seen":1499347661802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_first_seen":1499347783176,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":481,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347783,"pkt_ts_usec":176569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8URhAAD4GdLisEAABwKgKMu3SAFAelFVWAAAAAKACchD3bAAAAgQFtAQCCAoBPAROAAAAAAEDAwc="}
00445{"flow_id":481,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6802,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347783,"pkt_ts_usec":176688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7dLS\/qxUHpRVV6AScSCfTwAAAgQFtAQCCAoD5dXDATwETgEDAwc="}
00432{"flow_id":481,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6803,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347783,"pkt_ts_usec":177261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0URlAAD4GdL+sEAABwKgKMu3SAFAelFVX0v6sVYAQAOU+VgAAAQEICgE8BE8D5dXD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1499347784519,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_first_seen":1499347784519,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":482,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347784,"pkt_ts_usec":519893,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CDdAAD4GvZmsEAABwKgKMu3gAFDyig2pAAAAAKACchBpxQAAAgQFtAQCCAoBPAWeAAAAAAEDAwc="}
00444{"flow_id":482,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6811,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347784,"pkt_ts_usec":520033,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7eBCNUBH8ooNqqAScSANLwAAAgQFtAQCCAoD5dcTATwFngEDAwc="}
00432{"flow_id":482,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347784,"pkt_ts_usec":520631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CDhAAD4GvaCsEAABwKgKMu3gAFDyig2qQjVASIAQAOWsNQAAAQEICgE8BZ8D5dcT"}
@@ -4341,42 +4341,42 @@
00432{"flow_id":480,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6825,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347785,"pkt_ts_usec":835351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhFAAD4Gm8esEAABwKgKMu24AFBtBSvEFbnxRoARAOWR0AAAAQEICgE8BucD5dNA"}
00432{"flow_id":480,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347785,"pkt_ts_usec":835442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0KRpAAEAGmr7AqAoyrBAAAQBQ7bgVufFGbQUrxYARAOOMtQAAAQEICgPl2FwBPAbn"}
00432{"flow_id":480,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6827,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347785,"pkt_ts_usec":836201,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KhJAAD4Gm8asEAABwKgKMu24AFBtBSvFFbnxR4AQAOWMswAAAQEICgE8BucD5dhc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1499347787097,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_first_seen":1499347787097,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":483,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6831,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347787,"pkt_ts_usec":97862,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87ftAAD4G19SsEAABwKgKMu36AFCLoOXYAAAAAKACchD14AAAAgQFtAQCCAoBPAgjAAAAAAEDAwc="}
00444{"flow_id":483,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6832,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347787,"pkt_ts_usec":98021,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7fr\/T2fti6Dl2aAScSCyBQAAAgQFtAQCCAoD5dmXATwIIwEDAwc="}
00432{"flow_id":483,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6833,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347787,"pkt_ts_usec":98799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07fxAAD4G19usEAABwKgKMu36AFCLoOXZ\/09n7oAQAOVRDQAAAQEICgE8CCMD5dmX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1499347788375,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_first_seen":1499347788375,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":484,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6840,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":375802,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8h61AAD4GPiOsEAABwKgKMu4IAFB6rY7PAAAAAKACchBckAAAAgQFtAQCCAoBPAliAAAAAAEDAwc="}
00444{"flow_id":484,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6841,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":375925,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7gg8gqx8eq2O0KAScSCVswAAAgQFtAQCCAoD5drXATwJYgEDAwc="}
00432{"flow_id":484,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6842,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":376497,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0h65AAD4GPiqsEAABwKgKMu4IAFB6rY7QPIKsfYAQAOU0uwAAAQEICgE8CWID5drX"}
00432{"flow_id":481,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6846,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":835637,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0URpAAD4GdL6sEAABwKgKMu3SAFAelFVX0v6sVYARAOU4zwAAAQEICgE8CdUD5dXD"}
00433{"flow_id":481,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6847,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":835897,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dx9AAEAGTLnAqAoyrBAAAQBQ7dLS\/qxVHpRVWIARAOMzSQAAAQEICgPl20oBPAnV"}
00432{"flow_id":481,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6848,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347788,"pkt_ts_usec":836634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0URtAAD4GdL2sEAABwKgKMu3SAFAelFVY0v6sVoAQAOUzRwAAAQEICgE8CdUD5dtK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1499347789640,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_first_seen":1499347789640,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":485,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6852,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":640444,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83o1AAD4G50KsEAABwKgKMu4WAFDDudQTAAAAAKACchDM9QAAAgQFtAQCCAoBPAqeAAAAAAEDAwc="}
00444{"flow_id":485,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6853,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":640581,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7hacXl08w7nUFKAScSD0QAAAAgQFtAQCCAoD5dwTATwKngEDAwc="}
00432{"flow_id":485,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6854,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":641324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03o5AAD4G50msEAABwKgKMu4WAFDDudQUnF5dPYAQAOWTRwAAAQEICgE8Cp8D5dwT"}
00432{"flow_id":482,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6858,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":836397,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CDlAAD4GvZ+sEAABwKgKMu3gAFDyig2qQjVASIARAOWnBAAAAQEICgE8Cs8D5dcT"}
00432{"flow_id":482,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6859,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":836610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nAxAAEAGJ8zAqAoyrBAAAQBQ7eBCNUBI8ooNq4ARAOOh1AAAAQEICgPl3EQBPArP"}
00432{"flow_id":482,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6860,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347789,"pkt_ts_usec":837157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CDpAAD4GvZ6sEAABwKgKMu3gAFDyig2rQjVASYAQAOWh0QAAAQEICgE8CtAD5dxE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1499347792291,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_first_seen":1499347792291,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":486,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6871,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":291066,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GCRAAD4GraysEAABwKgKMu4wAFDmKhURAAAAAKACchBm1gAAAgQFtAQCCAoBPA01AAAAAAEDAwc="}
00444{"flow_id":486,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6872,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":291132,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7jDnRnKf5ioVEqAScSArPwAAAgQFtAQCCAoD5d6qATwNNQEDAwc="}
00432{"flow_id":486,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6873,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":291908,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCVAAD4GrbOsEAABwKgKMu4wAFDmKhUS50ZyoIAQAOXKRgAAAQEICgE8DTUD5d6q"}
00433{"flow_id":483,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":836759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07f1AAD4G19qsEAABwKgKMu36AFCLoOXZ\/09n7oARAOVLcQAAAQEICgE8Db4D5dmX"}
00433{"flow_id":483,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6877,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":836945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uNxAAEAGCvzAqAoyrBAAAQBQ7fr\/T2fui6Dl2oARAONF1wAAAQEICgPl3zIBPA2+"}
00433{"flow_id":483,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347792,"pkt_ts_usec":837525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07f5AAD4G19msEAABwKgKMu36AFCLoOXa\/09n74AQAOVF1QAAAQEICgE8Db4D5d8y"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1499347793575,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":409,"flow_packet_id":6,"flow_first_seen":1499347659123,"flow_last_seen":1499347664799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59556,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":6,"flow_first_seen":1499347660441,"flow_last_seen":1499347665799,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59570,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":6,"flow_first_seen":1499347661705,"flow_last_seen":1499347666802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59584,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":412,"flow_packet_id":6,"flow_first_seen":1499347664226,"flow_last_seen":1499347669803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59610,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6879,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":6,"flow_first_seen":1499347665473,"flow_last_seen":1499347670803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59624,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_first_seen":1499347793575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":487,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6882,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347793,"pkt_ts_usec":575417,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86x9AAD4G2rCsEAABwKgKMu4+AFCp1uVpAAAAAKACchDRggAAAgQFtAQCCAoBPA52AAAAAAEDAwc="}
00445{"flow_id":487,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6883,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347793,"pkt_ts_usec":575512,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ7j6t+bU4qdblaqAScSCLXgAAAgQFtAQCCAoD5d\/rATwOdgEDAwc="}
00433{"flow_id":487,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6884,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347793,"pkt_ts_usec":576110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yBAAD4G2resEAABwKgKMu4+AFCp1uVqrfm1OYAQAOUqZgAAAQEICgE8DnYD5d\/r"}
@@ -4386,83 +4386,83 @@
00432{"flow_id":485,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6894,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347794,"pkt_ts_usec":837191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03o9AAD4G50isEAABwKgKMu4WAFDDudQUnF5dPYARAOWOMwAAAQEICgE8D7ID5dwT"}
00432{"flow_id":485,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347794,"pkt_ts_usec":837443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vBtAAEAGB73AqAoyrBAAAQBQ7hacXl09w7nUFYARAOOJIQAAAQEICgPl4SYBPA+y"}
00432{"flow_id":485,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6896,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347794,"pkt_ts_usec":837987,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03pBAAD4G50esEAABwKgKMu4WAFDDudQVnF5dPoAQAOWJHwAAAQEICgE8D7ID5eEm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1499347796130,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_first_seen":1499347796130,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":488,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347796,"pkt_ts_usec":130119,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dkVAAD4GT4usEAABwKgKMoAQAFA7jGawAAAAAKACchAqNgAAAgQFtAQCCAoBPBD1AAAAAAEDAwc="}
00444{"flow_id":488,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347796,"pkt_ts_usec":130269,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgBCKrPedO4xmsaAScSDCewAAAgQFtAQCCAoD5eJpATwQ9QEDAwc="}
00432{"flow_id":488,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347796,"pkt_ts_usec":130988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dkZAAD4GT5KsEAABwKgKMoAQAFA7jGaxiqz3noAQAOVhgwAAAQEICgE8EPUD5eJp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1499347797419,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_first_seen":1499347797419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":489,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6912,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":419654,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tZJAAD4GED6sEAABwKgKMoAeAFBmW6elAAAAAKACchC9IQAAAgQFtAQCCAoBPBI3AAAAAAEDAwc="}
00444{"flow_id":489,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6913,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":419747,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgB7MdTcTZlunpqAScSDS5QAAAgQFtAQCCAoD5eOsATwSNwEDAwc="}
00432{"flow_id":489,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6915,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":420247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tZNAAD4GEEWsEAABwKgKMoAeAFBmW6emzHU3FIAQAOVx7QAAAQEICgE8EjcD5eOs"}
00432{"flow_id":486,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6918,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":837493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCZAAD4GrbKsEAABwKgKMu4wAFDmKhUS50ZyoIARAOXE2gAAAQEICgE8EqAD5d6q"}
00433{"flow_id":486,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6919,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":837778,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lrRAAEAGLSTAqAoyrBAAAQBQ7jDnRnKg5ioVE4ARAOO\/cQAAAQEICgPl5BQBPBKg"}
00433{"flow_id":486,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6920,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347797,"pkt_ts_usec":838297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GCdAAD4GrbGsEAABwKgKMu4wAFDmKhUT50ZyoYAQAOW\/bwAAAQEICgE8EqAD5eQU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1499347798713,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_first_seen":1499347798713,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":490,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6924,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":713386,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LWRAAD4GmGysEAABwKgKMoAsAFA\/CD4fAAAAAKACchBMqQAAAgQFtAQCCAoBPBN7AAAAAAEDAwc="}
00444{"flow_id":490,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6925,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":713508,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgCwp5bxCPwg+IKAScSB+iwAAAgQFtAQCCAoD5eTvATwTewEDAwc="}
00433{"flow_id":490,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6926,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":714250,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LWVAAD4GmHOsEAABwKgKMoAsAFA\/CD4gKeW8Q4AQAOUdkwAAAQEICgE8E3sD5eTv"}
00433{"flow_id":487,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6931,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":837640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yFAAD4G2rasEAABwKgKMu4+AFCp1uVqrfm1OYARAOUlQQAAAQEICgE8E5oD5d\/r"}
00432{"flow_id":487,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6932,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":837872,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0UDdAAEAGc6HAqAoyrBAAAQBQ7j6t+bU5qdbla4ARAOMgHwAAAQEICgPl5Q4BPBOa"}
00432{"flow_id":487,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6933,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347798,"pkt_ts_usec":838630,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yJAAD4G2rWsEAABwKgKMu4+AFCp1uVrrfm1OoAQAOUgHQAAAQEICgE8E5oD5eUO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1499347801271,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_first_seen":1499347801271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":491,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6943,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":271157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZRhAAD4GYLisEAABwKgKMoBGAFBeRnDiAAAAAKACchD4DgAAAgQFtAQCCAoBPBX6AAAAAAEDAwc="}
00444{"flow_id":491,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6944,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":271281,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgEYSjN1bXkZw46AScSAdsQAAAgQFtAQCCAoD5edvATwV+gEDAwc="}
00432{"flow_id":491,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6945,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":271840,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZRlAAD4GYL+sEAABwKgKMoBGAFBeRnDjEozdXIAQAOW8uAAAAQEICgE8FfoD5edv"}
00432{"flow_id":488,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6949,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":838705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dkdAAD4GT5GsEAABwKgKMoAQAFA7jGaxiqz3noARAOVb7wAAAQEICgE8FogD5eJp"}
00433{"flow_id":488,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6950,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":839100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0EGNAAEAGs3XAqAoyrBAAAQBQgBCKrPeeO4xmsoARAONWXAAAAQEICgPl5\/0BPBaI"}
00432{"flow_id":488,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6951,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347801,"pkt_ts_usec":839620,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dkhAAD4GT5CsEAABwKgKMoAQAFA7jGayiqz3n4AQAOVWWgAAAQEICgE8FogD5ef9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1499347802549,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_first_seen":1499347802549,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":492,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6955,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":549433,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jF5AAD4GOXKsEAABwKgKMoBUAFDx5ZtkAAAAAKACchA4nwAAAgQFtAQCCAoBPBc6AAAAAAEDAwc="}
00444{"flow_id":492,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6956,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":549556,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgFQ6vzwG8eWbZaAScSDWJAAAAgQFtAQCCAoD5eiuATwXOgEDAwc="}
00432{"flow_id":492,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6957,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":550162,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jF9AAD4GOXmsEAABwKgKMoBUAFDx5ZtlOr88B4AQAOV1LAAAAQEICgE8FzoD5eiu"}
00432{"flow_id":489,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6961,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":839128,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tZRAAD4GEESsEAABwKgKMoAeAFBmW6emzHU3FIARAOVsoQAAAQEICgE8F4ID5eOs"}
00433{"flow_id":489,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6962,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":839316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA03+NAAEAG4\/TAqAoyrBAAAQBQgB7MdTcUZlunp4ARAONnVwAAAQEICgPl6PcBPBeC"}
00432{"flow_id":489,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6963,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347802,"pkt_ts_usec":840074,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tZVAAD4GEEOsEAABwKgKMoAeAFBmW6enzHU3FYAQAOVnVQAAAQEICgE8F4ID5ej3"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_tot_l4_data_len":242655,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":755,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":321,"flow_first_seen":1499347611162,"flow_last_seen":1499347679227,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232367,"flow_avg_l4_payload_len":723,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":6,"flow_first_seen":1499347668069,"flow_last_seen":1499347673803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59650,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":415,"flow_packet_id":6,"flow_first_seen":1499347669336,"flow_last_seen":1499347674804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59664,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":6,"flow_first_seen":1499347670582,"flow_last_seen":1499347675804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59678,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":6,"flow_first_seen":1499347673136,"flow_last_seen":1499347678804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59704,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6964,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":6,"flow_first_seen":1499347674433,"flow_last_seen":1499347679471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59718,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":490,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347803,"pkt_ts_usec":839295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LWZAAD4GmHKsEAABwKgKMoAsAFA\/CD4gKeW8Q4ARAOUYkQAAAQEICgE8GHwD5eTv"}
00432{"flow_id":490,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347803,"pkt_ts_usec":839542,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VbJAAEAGbibAqAoyrBAAAQBQgCwp5bxDPwg+IYARAOMTkAAAAQEICgPl6fEBPBh8"}
00433{"flow_id":490,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6969,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347803,"pkt_ts_usec":840244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LWdAAD4GmHGsEAABwKgKMoAsAFA\/CD4hKeW8RIAQAOUTjgAAAQEICgE8GHwD5enx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1499347805119,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":1,"flow_first_seen":1499347805119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":493,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6976,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347805,"pkt_ts_usec":119465,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ZmVAAD4GX2usEAABwKgKMoBuAFBq0H\/ZAAAAAKACchDYowAAAgQFtAQCCAoBPBm8AAAAAAEDAwc="}
00445{"flow_id":493,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6977,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347805,"pkt_ts_usec":119592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgG5Z9D1oatB\/2qAScSBTDwAAAgQFtAQCCAoD5esxATwZvAEDAwc="}
00433{"flow_id":493,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6978,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347805,"pkt_ts_usec":120408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZmZAAD4GX3KsEAABwKgKMoBuAFBq0H\/aWfQ9aYAQAOXyFgAAAQEICgE8GbwD5esx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1499347806390,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_first_seen":1499347806390,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":494,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6985,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":390445,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AxtAAD4GwrWsEAABwKgKMoB8AFC+iBnhAAAAAKACchDplwAAAgQFtAQCCAoBPBr6AAAAAAEDAwc="}
00444{"flow_id":494,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6986,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":390543,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgHy7zo2dvogZ4qAScSCwtQAAAgQFtAQCCAoD5exvATwa+gEDAwc="}
00432{"flow_id":494,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6988,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":391318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AxxAAD4GwrysEAABwKgKMoB8AFC+iBniu86NnoAQAOVPvQAAAQEICgE8GvoD5exv"}
00432{"flow_id":491,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6991,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":840453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZRpAAD4GYL6sEAABwKgKMoBGAFBeRnDjEozdXIARAOW3RgAAAQEICgE8G2sD5edv"}
00432{"flow_id":491,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6992,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":840676,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MYNAAEAGklXAqAoyrBAAAQBQgEYSjN1cXkZw5IARAOOx1wAAAQEICgPl7N8BPBtr"}
00432{"flow_id":491,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6993,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347806,"pkt_ts_usec":841224,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZRtAAD4GYL2sEAABwKgKMoBGAFBeRnDkEozdXYAQAOWx1QAAAQEICgE8G2sD5ezf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1499347807664,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_first_seen":1499347807664,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":495,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6997,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":664615,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PG1AAD4GiWOsEAABwKgKMoCKAFAzSiBUAAAAAKACchBtFgAAAgQFtAQCCAoBPBw5AAAAAAEDAwc="}
00444{"flow_id":495,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6998,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":664773,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgIqXGWCRM0ogVaAScSCEtwAAAgQFtAQCCAoD5e2tATwcOQEDAwc="}
00432{"flow_id":495,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6999,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":665486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PG5AAD4GiWqsEAABwKgKMoCKAFAzSiBVlxlgkoAQAOUjvwAAAQEICgE8HDkD5e2t"}
00432{"flow_id":492,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":840987,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jGBAAD4GOXisEAABwKgKMoBUAFDx5ZtlOr88B4ARAOVwAAAAAQEICgE8HGUD5eiu"}
00432{"flow_id":492,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7004,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":841171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA00d5AAEAG8fnAqAoyrBAAAQBQgFQ6vzwH8eWbZoARAONq1gAAAQEICgPl7dkBPBxl"}
00432{"flow_id":492,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7005,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347807,"pkt_ts_usec":841718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jGFAAD4GOXesEAABwKgKMoBUAFDx5ZtmOr88CIAQAOVq1AAAAQEICgE8HGUD5e3Z"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1499347810243,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_first_seen":1499347810243,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":496,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7015,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":243756,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+YpAAD4GzEWsEAABwKgKMoCkAFCAVuc3AAAAAKACchBWiAAAAgQFtAQCCAoBPB69AAAAAAEDAwc="}
00444{"flow_id":496,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7016,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":243894,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgKT1xLjSgFbnOKAScSC0twAAAgQFtAQCCAoD5fAyATwevQEDAwc="}
00432{"flow_id":496,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7017,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":244637,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+YtAAD4GzEysEAABwKgKMoCkAFCAVuc49cS404AQAOVTvgAAAQEICgE8Hr4D5fAy"}
00433{"flow_id":493,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7021,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":841524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZmdAAD4GX3GsEAABwKgKMoBuAFBq0H\/aWfQ9aYARAOXsfgAAAQEICgE8H1MD5esx"}
00433{"flow_id":493,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7022,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":841768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0za5AAEAG9inAqAoyrBAAAQBQgG5Z9D1patB\/24ARAOPm6QAAAQEICgPl8McBPB9T"}
00433{"flow_id":493,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7023,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347810,"pkt_ts_usec":842466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ZmhAAD4GX3CsEAABwKgKMoBuAFBq0H\/bWfQ9aoAQAOXm5wAAAQEICgE8H1MD5fDH"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1499347811525,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":1,"flow_first_seen":1499347811525,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":497,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7030,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":525785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/z1AAD4GxpKsEAABwKgKMoCyAFD5M+DDAAAAAKACchDizwAAAgQFtAQCCAoBPB\/+AAAAAAEDAwc="}
00445{"flow_id":497,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":525877,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgLJEEu3h+TPgxKAScSC8YgAAAgQFtAQCCAoD5fFyATwf\/gEDAwc="}
00434{"flow_id":497,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":526679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/z5AAD4GxpmsEAABwKgKMoCyAFD5M+DERBLt4oAQAOVbagAAAQEICgE8H\/4D5fFy"}
01216{"flow_id":495,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":526686,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9PG9AAD4GhyCsEAABwKgKMoCKAFAzSiBVlxlgkoAYAOVRtgAAAQEICgE8H\/4D5e2tR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdVUUU3ME5HVjgwVzRaQlZXUUVMRE1STUJZOUJGNlc1NTJaQkhMM0Y0VzRNSVA3UjdLNiUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7033,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":4,"flow_first_seen":1499347807664,"flow_last_seen":1499347811526,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00433{"flow_id":494,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7034,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":526715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ax1AAD4GwrusEAABwKgKMoB8AFC+iBniu86NnoARAOVKuAAAAQEICgE8H\/4D5exv"}
00433{"flow_id":495,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7035,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":526760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0keFAAEAGMffAqAoyrBAAAQBQgIqXGWCSM0oinoAQAOwZ5AAAAQEICgPl8XMBPB\/+"}
00433{"flow_id":494,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7036,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347811,"pkt_ts_usec":528084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fO1AAEAGRuvAqAoyrBAAAQBQgHy7zo2evogZ44ARAONFtQAAAQEICgPl8XMBPB\/+"}
@@ -4472,41 +4472,41 @@
00947{"flow_id":495,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7040,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":538031,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzPHFAAD4Gh+isEAABwKgKMoCKAFAzSiKelxln3oAYAQLAjAAAAQEICgE8IPsD5fFzR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":495,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7041,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":540974,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekeRAAEAGKwrAqAoyrBAAAQBQgIqXGWfeM0okHYAYAPV9\/AAAAQEICgPl8nABPCD7SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMwOjEyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":495,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7042,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":541701,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PHJAAD4GiWasEAABwKgKMoCKAFAzSiQdlxluyIAQAR0IAwAAAQEICgE8IPwD5fJw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1499347812797,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":1,"flow_first_seen":1499347812797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":498,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7043,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":797349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8YtxAAD4GYvSsEAABwKgKMoDAAFAQTEPgAAAAAKACchBnTwAAAgQFtAQCCAoBPCE8AAAAAAEDAwc="}
00444{"flow_id":498,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":797445,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgMBbJW45EExD4aAScSCoOQAAAgQFtAQCCAoD5fKwATwhPAEDAwc="}
00432{"flow_id":498,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7045,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":798223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt1AAD4GYvusEAABwKgKMoDAAFAQTEPhWyVuOoAQAOVHQQAAAQEICgE8ITwD5fKw"}
01216{"flow_id":495,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7046,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":798562,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9PHNAAD4GhxysEAABwKgKMoCKAFAzSiQdlxluyIAYAR0K2AAAAQEICgE8ITwD5fJwR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjcyTEVJVlVaQkxQS0JENTkyVjc0QTJXOEFUMTNYNjVBWVFUU0RXM0k1WjUzUUNNM1JXOSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
02966{"flow_id":495,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7047,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":801468,"pkt_caplen":1934,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1934,"pkt_l4_len":1900,"pkt":"AMGxFOsxABm5CmnxCABFAAeAkeZAAEAGKqbAqAoyrBAAAQBQgIqXGW7IM0omZoAYAP5+XgAAAQEICgPl8rEBPCE8SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMwOjEyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNw0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61Ye0\/jOBD\/G6T9Dj6fdMBKxFs47ha2zaq0cFRXbru00N3TSZGbuK3BibO208K3v3EebXiWbJFQcex5\/MYzHs\/43Wb9l\/aX1uB77wRNTShQ7\/K422khvEvIcL9FSHvQRt\/OBuddVHM+oL5R3DeEnPyDEZ4aEx8RMp\/Pnfm+I9WEDC7IrZVSs2z5cFenPE5gAuy+23y3WU\/13IYi0o0nZNQODw8z1ox8oz5lNIDhxkY9ZIYiy7LLfiR81sAtGRkWmd3BXcww8rOvBjbs1hAr4hPyp1RpZhqXg9PdjxiRTOZG3XAjmHuViIgpOuKCm7sjdMHGgvmGBailpNaozw1DfV\/x2PBogra\/9fs76OgItWkYoYJXMDRkI9SMY8F9ariM0Hb7atjcQbOaU\/uA3rfZjAkZhwDtfZ1kinMUgkc3SDHRwNrcCaanjBmMDFiTG+FrjdFUsXEDOw6Bv2A2p3aWhJRHTrpMHkvjsBWFnP94SCeMwNR9SWM6s2ROurCQoVNryxCu6Yxmsxhp5d8Dcq3T\/z1Q4Fxr7NZJRpl7juSus+ORDO6QL6i2Xpchw5lLAz5DPGhg6zuwiKnc66UlK6Q0v1Hn4eQRktRITYScSCeOJhhRAYGwwlFLuwErqHuk2m6yB45LStofrXkxDQIWZAYBQSIKO+3qsZD+jd0awZGMfFB908BzHgVy7sBSiqOxlVnibOGCFRjoPXc52D2DbasTCrssuLv5GoE8gtOX+HZKO\/E0fkH+Q1Lsdkoz1dTCgUviFfoWNNjt2yEicPxgErWPS8pIItw1NnRWOt8cwmOkEsPIC6ieZsDusf2PTqXyK3rgoUB2y\/wqAFJ67LZkGNIoQJ3omqUeWQ+Fr9W4CoqUHlD0L07XUzzmxPkcw1FtcOBMArYiSl7Fj91TDoe7Y2f02nuTxELSoMru5Bw5jMv0a03\/0NjAzVXJRTlLem6ZnyiGWs3eoHXWXA+K\/iF4FRwpPZzpr923ClYr0RvB5VbJKSWuB2jQ9rGd3lkP1ZzRG49XglSwYHcII9Rn2kYr6rQrpteHcm+19ioByRiwC\/UM1CpfztfcCitOlfRrllVRr8KhChyL4usN0Oiqu6ELFH0j1X0Ia15B6VmE6nLldbgkw66tHyE+sqlq2wH8PBrLFepKVNjtnfXgdIxlNUV0JBOzQs2CBrtNO3y7bbWF3kr1SyLsdtPxAwB5xXav9nu+ELQl7LIQhE7Grua67Vq5EKxPaz\/TXUDJXMsL5pLw2aKC9XwZMI8qRvP6eSxViCIaQrUO\/FD2pimugX\/FCLqlqQTsf50M8tq0HucWD6fUbGl0JxOVMn8uKusoTsrFP85F299FfVsm0sko5EA2oyKBz372mWsjsZs1FcSizPDGirlnTAiJ8lbDhcpfS8HAw5Ptrb3uSefq8t\/jbu\/v4\/bB4d7Vn78394Yfm4Pa\/rc\/Dprfvw767eF+5+Dfg\/2vrfP9i+Hh1s6nsoRA+onttBxfyhvOdj4tWhKAo1jqmqWH69M99xwOfBr+KqTZZQWTdi2PD4jGZVzZ5lPnDaucUx2nPSuEKLu1YUZSz+5q8Ky38KyXehbaMaom0IliuJVodIPdn5e1iOLK+IDbgyrFMOWdQFsH5not6K+M189bz4oYX5a3GieLnDm\/4TELOE1F26+y5bqw\/Hlsr5fxMp7cTH\/CF8nYl6G9HnbH9IeTPkk8CeIVjK\/SnOGkgilTSyW8qO4RdVlHnt2yUC8615GCfjf7LVLYMykvzzu+YFQtTvNTeVHfacNCz94lT+aHUWKM7bPz\/HDF2RzB8Y8XOTuWcRJ7BZmMWlnWXz46HAHFZbyNnrntZyDRm4JEG46fAVJaU\/xWOKIh5HwL7WAXrYTVh2Tos7cFplOZK6HZ3aSCTyBvCzaG\/FlnoXupmbJ596hO4AvRIORR7kL4LooD1LWvSzkNSFxSwK3eaffzlYBre30EhRefdehYSnPvsSV213ntip+6VssJmNiLM3sXTF\/s3P8BpMTCTZIUAAA="}
00433{"flow_id":495,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7048,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347812,"pkt_ts_usec":802121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PHRAAD4GiWSsEAABwKgKMoCKAFAzSiZmlxl2FIAQATv9zQAAAQEICgE8IT0D5fKx"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":6,"flow_first_seen":1499347678198,"flow_last_seen":1499347683805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":6,"flow_first_seen":1499347679469,"flow_last_seen":1499347684805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":6,"flow_first_seen":1499347680746,"flow_last_seen":1499347685805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59786,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":6,"flow_first_seen":1499347683313,"flow_last_seen":1499347688806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":6,"flow_first_seen":1499347684563,"flow_last_seen":1499347689806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59826,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":6,"flow_first_seen":1499347687089,"flow_last_seen":1499347692807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":6,"flow_first_seen":1499347688364,"flow_last_seen":1499347693807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59866,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00948{"flow_id":495,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7049,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347813,"pkt_ts_usec":820455,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzPHVAAD4Gh+SsEAABwKgKMoCKAFAzSiZmlxl2FIAYATur1wAAAQEICgE8IjsD5fKxR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":495,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7050,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347813,"pkt_ts_usec":823448,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAcekehAAEAGKwbAqAoyrBAAAQBQgIqXGXYUM0on5YAYAQd9\/AAAAQEICgPl87EBPCI7SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMwOjEzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1499347814066,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_first_seen":1499347814066,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":499,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347814,"pkt_ts_usec":66618,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NuNAAD4Gju2sEAABwKgKMoDOAFApMBSaAAAAAKACchB8ZgAAAgQFtAQCCAoBPCJ5AAAAAAEDAwc="}
00443{"flow_id":499,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7053,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347814,"pkt_ts_usec":66711,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgM6yTRTHKTAUm6AScSC+XAAAAgQFtAQCCAoD5fPuATwieQEDAwc="}
00431{"flow_id":499,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7055,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347814,"pkt_ts_usec":67492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NuRAAD4GjvSsEAABwKgKMoDOAFApMBSbsk0UyIAQAOVdZAAAAQEICgE8InkD5fPu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1499347815351,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_first_seen":1499347815351,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":500,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7061,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":351639,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aqNAAD4GWy2sEAABwKgKMoDcAFBV2UkZAAAAAKACchAZ7wAAAgQFtAQCCAoBPCO6AAAAAAEDAwc="}
00444{"flow_id":500,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":351759,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgNzeXu4gVdlJGqAScSBVOQAAAgQFtAQCCAoD5fUvATwjugEDAwc="}
00432{"flow_id":500,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":352544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aqRAAD4GWzSsEAABwKgKMoDcAFBV2Uka3l7uIYAQAOX0PwAAAQEICgE8I7sD5fUv"}
00432{"flow_id":496,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7067,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":842254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+YxAAD4GzEusEAABwKgKMoCkAFCAVuc49cS404ARAOVORgAAAQEICgE8JDUD5fAy"}
00433{"flow_id":496,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":842474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TXlAAEAGdl\/AqAoyrBAAAQBQgKT1xLjTgFbnOYARAONIzwAAAQEICgPl9aoBPCQ1"}
00432{"flow_id":496,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7069,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347815,"pkt_ts_usec":843256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+Y1AAD4GzEqsEAABwKgKMoCkAFCAVuc59cS41IAQAOVIzQAAAQEICgE8JDUD5fWq"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1499347816657,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_first_seen":1499347816657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":501,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7073,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347816,"pkt_ts_usec":657942,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lQ1AAD4GMMOsEAABwKgKMoDqAFAyzLAMAAAAAKACchDUswAAAgQFtAQCCAoBPCUBAAAAAAEDAwc="}
00444{"flow_id":501,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347816,"pkt_ts_usec":658067,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgOp6zxHVMsywDaAScSBOkwAAAgQFtAQCCAoD5fZ1ATwlAQEDAwc="}
00432{"flow_id":501,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347816,"pkt_ts_usec":658755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lQ5AAD4GMMqsEAABwKgKMoDqAFAyzLANes8R1oAQAOXtmgAAAQEICgE8JQED5fZ1"}
@@ -4516,14 +4516,14 @@
00432{"flow_id":498,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7085,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347817,"pkt_ts_usec":843606,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt5AAD4GYvqsEAABwKgKMoDAAFAQTEPhWyVuOoARAOVCUwAAAQEICgE8JikD5fKw"}
00432{"flow_id":498,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7086,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347817,"pkt_ts_usec":843831,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0maRAAEAGKjTAqAoyrBAAAQBQgMBbJW46EExD4oARAOM9ZgAAAQEICgPl954BPCYp"}
00432{"flow_id":498,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7087,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347817,"pkt_ts_usec":844555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Yt9AAD4GYvmsEAABwKgKMoDAAFAQTEPiWyVuO4AQAOU9YwAAAQEICgE8JioD5fee"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1499347819250,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_first_seen":1499347819250,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":502,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":250899,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LORAAD4GmOysEAABwKgKMoEEAFDtQwttAAAAAKACchC8OQAAAgQFtAQCCAoBPCeJAAAAAAEDAwc="}
00444{"flow_id":502,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7095,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":251024,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgQQkyBmr7UMLbqAScSCBwQAAAgQFtAQCCAoD5fj+ATwniQEDAwc="}
00432{"flow_id":502,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":251794,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LOVAAD4GmPOsEAABwKgKMoEEAFDtQwtuJMgZrIAQAOUgyQAAAQEICgE8J4kD5fj+"}
00432{"flow_id":499,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7100,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":844947,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NuVAAD4GjvOsEAABwKgKMoDOAFApMBSbsk0UyIARAOVXvgAAAQEICgE8KB4D5fPu"}
00432{"flow_id":499,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7101,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":845138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07VpAAEAG1n3AqAoyrBAAAQBQgM6yTRTIKTAUnIARAONSGwAAAQEICgPl+ZIBPCge"}
00432{"flow_id":499,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7102,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347819,"pkt_ts_usec":845842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NuZAAD4GjvKsEAABwKgKMoDOAFApMBScsk0UyYAQAOVSGQAAAQEICgE8KB4D5fmS"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1499347820510,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_first_seen":1499347820510,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":503,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7106,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347820,"pkt_ts_usec":510217,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zKZAAD4G+SmsEAABwKgKMoESAFBNgeRiAAAAAKACchCBvQAAAgQFtAQCCAoBPCjEAAAAAAEDAwc="}
00444{"flow_id":503,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7107,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347820,"pkt_ts_usec":510376,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgRIUqvVqTYHkY6AScSB6aAAAAgQFtAQCCAoD5fo5ATwoxAEDAwc="}
00432{"flow_id":503,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7108,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347820,"pkt_ts_usec":510997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zKdAAD4G+TCsEAABwKgKMoESAFBNgeRjFKr1a4AQAOUZcAAAAQEICgE8KMQD5fo5"}
@@ -4533,37 +4533,37 @@
00432{"flow_id":501,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7121,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347821,"pkt_ts_usec":845513,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lQ9AAD4GMMmsEAABwKgKMoDqAFAyzLANes8R1oARAOXoiAAAAQEICgE8KhID5fZ1"}
00432{"flow_id":501,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7122,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347821,"pkt_ts_usec":845658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA06lBAAEAG2YfAqAoyrBAAAQBQgOp6zxHWMsywDoARAOPjeAAAAQEICgPl+4YBPCoS"}
00432{"flow_id":501,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7123,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347821,"pkt_ts_usec":846482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lRBAAD4GMMisEAABwKgKMoDqAFAyzLAOes8R14AQAOXjdgAAAQEICgE8KhID5fuG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1499347823117,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_first_seen":1499347823117,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":504,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347823,"pkt_ts_usec":117412,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/vRAAD4GxtusEAABwKgKMoEsAFBFq9WkAAAAAKACchCVqwAAAgQFtAQCCAoBPCtQAAAAAAEDAwc="}
00444{"flow_id":504,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7128,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347823,"pkt_ts_usec":117538,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgSyhFRrnRavVpaAScSDZ4wAAAgQFtAQCCAoD5fzEATwrUAEDAwc="}
00433{"flow_id":504,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7130,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347823,"pkt_ts_usec":118291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/vVAAD4GxuKsEAABwKgKMoEsAFBFq9WloRUa6IAQAOV46wAAAQEICgE8K1AD5fzE"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1499347824426,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":6,"flow_first_seen":1499347689613,"flow_last_seen":1499347694807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59880,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":6,"flow_first_seen":1499347692128,"flow_last_seen":1499347697807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":6,"flow_first_seen":1499347693386,"flow_last_seen":1499347698807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59920,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":430,"flow_packet_id":6,"flow_first_seen":1499347694661,"flow_last_seen":1499347699807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59934,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":431,"flow_packet_id":6,"flow_first_seen":1499347697189,"flow_last_seen":1499347702808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":6,"flow_first_seen":1499347698449,"flow_last_seen":1499347703808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_first_seen":1499347824426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":505,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7136,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":426335,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80mVAAD4G82qsEAABwKgKMoE6AFCPwv7yAAAAAKACchAg8QAAAgQFtAQCCAoBPCyXAAAAAAEDAwc="}
00444{"flow_id":505,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7137,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":426428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgToZT9eBj8L+86AScSAvDQAAAgQFtAQCCAoD5f4MATwslwEDAwc="}
00433{"flow_id":505,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":427178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00mZAAD4G83GsEAABwKgKMoE6AFCPwv7zGU\/XgoAQAOXOFAAAAQEICgE8LJcD5f4M"}
00432{"flow_id":502,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7142,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":846052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LOZAAD4GmPKsEAABwKgKMoEEAFDtQwtuJMgZrIARAOUbUQAAAQEICgE8LQAD5fj+"}
00435{"flow_id":502,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7143,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":846263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA059hAAEAG2\/\/AqAoyrBAAAQBQgQQkyBms7UMLb4ARAOMV3AAAAQEICgPl\/nQBPC0A"}
00432{"flow_id":502,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347824,"pkt_ts_usec":846996,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LOdAAD4GmPGsEAABwKgKMoEEAFDtQwtvJMgZrYAQAOUV2gAAAQEICgE8LQAD5f50"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1499347825732,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_first_seen":1499347825732,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":506,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7148,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":732332,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Tq1AAD4GdyOsEAABwKgKMoFIAFDgbWNwAAAAAKACchBqdAAAAgQFtAQCCAoBPC3dAAAAAAEDAwc="}
00445{"flow_id":506,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7149,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":732459,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgUjyJE\/d4G1jcaAScSAmGQAAAgQFtAQCCAoD5f9SATwt3QEDAwc="}
00432{"flow_id":506,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":733206,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Tq5AAD4GdyqsEAABwKgKMoFIAFDgbWNx8iRP3oAQAOXFHwAAAQEICgE8Ld4D5f9S"}
00432{"flow_id":503,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7154,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":847958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zKhAAD4G+S+sEAABwKgKMoESAFBNgeRjFKr1a4ARAOUUOQAAAQEICgE8LfoD5fo5"}
00433{"flow_id":503,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7155,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":848150,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CgRAAEAGudTAqAoyrBAAAQBQgRIUqvVrTYHkZIARAOMPBAAAAQEICgPl\/28BPC36"}
00432{"flow_id":503,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7156,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347825,"pkt_ts_usec":848723,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zKlAAD4G+S6sEAABwKgKMoESAFBNgeRkFKr1bIAQAOUPAQAAAQEICgE8LfsD5f9v"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1499347828369,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_first_seen":1499347828369,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":507,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7166,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":369060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QFxAAD4GhXSsEAABwKgKMoFiAFAwDnAtAAAAAKACchALaQAAAgQFtAQCCAoBPDBxAAAAAAEDAwc="}
00444{"flow_id":507,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7167,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":369155,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgWKuqhlpMA5wLqAScSA+aQAAAgQFtAQCCAoD5gHlATwwcQEDAwc="}
00432{"flow_id":507,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7168,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":369946,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QF1AAD4GhXusEAABwKgKMoFiAFAwDnAurqoZaoAQAOXdcAAAAQEICgE8MHED5gHl"}
@@ -4571,7 +4571,7 @@
00432{"flow_id":504,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":846316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GLRAAEAGqyTAqAoyrBAAAQBQgSyhFRroRavVpoAQAONtuwAAAQEICgPmAl0BPDDo"}
00432{"flow_id":504,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7174,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":846362,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GLVAAEAGqyPAqAoyrBAAAQBQgSyhFRroRavVpoARAONtugAAAQEICgPmAl0BPDDo"}
00432{"flow_id":504,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7175,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347828,"pkt_ts_usec":846893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cPJAAD4GVOasEAABwKgKMoEsAFBFq9WmoRUa6YAQAOVtuAAAAQEICgE8MOgD5gJd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1499347829667,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_first_seen":1499347829667,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":508,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7179,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347829,"pkt_ts_usec":667453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lVZAAD4GMHqsEAABwKgKMoFwAFBnlqTjAAAAAKACchCd2AAAAgQFtAQCCAoBPDG1AAAAAAEDAwc="}
00444{"flow_id":508,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7180,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347829,"pkt_ts_usec":667588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgXAvgGqdZ5ak5KAScSD9iQAAAgQFtAQCCAoD5gMqATwxtQEDAwc="}
00432{"flow_id":508,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7181,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347829,"pkt_ts_usec":668333,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lVdAAD4GMIGsEAABwKgKMoFwAFBnlqTkL4BqnoAQAOWckAAAAQEICgE8MbYD5gMq"}
@@ -4581,56 +4581,56 @@
00432{"flow_id":506,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7191,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347830,"pkt_ts_usec":846409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Tq9AAD4GdymsEAABwKgKMoFIAFDgbWNx8iRP3oARAOXAIAAAAQEICgE8MtwD5f9S"}
00433{"flow_id":506,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347830,"pkt_ts_usec":846692,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0S49AAEAGeEnAqAoyrBAAAQBQgUjyJE\/e4G1jcoARAOO7IgAAAQEICgPmBFEBPDLc"}
00432{"flow_id":506,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7193,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347830,"pkt_ts_usec":847232,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TrBAAD4GdyisEAABwKgKMoFIAFDgbWNy8iRP34AQAOW7IAAAAQEICgE8MtwD5gRR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1499347832201,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_first_seen":1499347832201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":509,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347832,"pkt_ts_usec":201949,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Dq9AAD4GtyGsEAABwKgKMoGKAFARZDqAAAAAAKACchBb2gAAAgQFtAQCCAoBPDQvAAAAAAEDAwc="}
00444{"flow_id":509,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7201,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347832,"pkt_ts_usec":202044,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgYqpulj1EWQ6gaAScSBQgAAAAgQFtAQCCAoD5gWjATw0LwEDAwc="}
00432{"flow_id":509,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7202,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347832,"pkt_ts_usec":202819,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrBAAD4GtyisEAABwKgKMoGKAFARZDqBqbpY9oAQAOXvhwAAAQEICgE8NC8D5gWj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1499347833462,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_first_seen":1499347833462,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":510,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7209,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":462049,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8H+JAAD4Gpe6sEAABwKgKMoGYAFAzOSqIAAAAAKACchBItAAAAgQFtAQCCAoBPDVqAAAAAAEDAwc="}
00444{"flow_id":510,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7210,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":462176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgZimBogRMzkqiaAScSAQtwAAAgQFtAQCCAoD5gbeATw1agEDAwc="}
00432{"flow_id":510,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7211,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":462937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+NAAD4GpfWsEAABwKgKMoGYAFAzOSqJpgaIEoAQAOWvvgAAAQEICgE8NWoD5gbe"}
00432{"flow_id":507,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7215,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":847449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QF5AAD4GhXqsEAABwKgKMoFiAFAwDnAurqoZaoARAOXYFgAAAQEICgE8NcoD5gHl"}
00432{"flow_id":507,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7216,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":847691,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0HlVAAEAGpYPAqAoyrBAAAQBQgWKuqhlqMA5wL4ARAOPSvQAAAQEICgPmBz8BPDXK"}
00433{"flow_id":507,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7217,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347833,"pkt_ts_usec":848456,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QF9AAD4GhXmsEAABwKgKMoFiAFAwDnAvrqoZa4AQAOXSugAAAQEICgE8NcsD5gc\/"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":6,"flow_first_seen":1499347699724,"flow_last_seen":1499347704808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":6,"flow_first_seen":1499347702287,"flow_last_seen":1499347707810,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60014,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":6,"flow_first_seen":1499347703726,"flow_last_seen":1499347708810,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":6,"flow_first_seen":1499347705116,"flow_last_seen":1499347710811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7218,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":6,"flow_first_seen":1499347706399,"flow_last_seen":1499347711812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60056,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":508,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7224,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347834,"pkt_ts_usec":847470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lVhAAD4GMICsEAABwKgKMoFwAFBnlqTkL4BqnoARAOWXgQAAAQEICgE8NsQD5gMq"}
00432{"flow_id":508,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7225,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347834,"pkt_ts_usec":847731,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0YqdAAEAGYTHAqAoyrBAAAQBQgXAvgGqeZ5ak5YARAOOScwAAAQEICgPmCDkBPDbE"}
00432{"flow_id":508,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7226,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347834,"pkt_ts_usec":848315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lVlAAD4GMH+sEAABwKgKMoFwAFBnlqTlL4Bqn4AQAOWScAAAAQEICgE8NsUD5gg5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1499347836095,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_first_seen":1499347836095,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":511,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7230,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347836,"pkt_ts_usec":95456,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z2FAAD4GXm+sEAABwKgKMoGyAFBvhFCdAAAAAKACchDjpwAAAgQFtAQCCAoBPDf8AAAAAAEDAwc="}
00444{"flow_id":511,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7231,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347836,"pkt_ts_usec":95580,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgbKB84w4b4RQnqAScSDJAwAAAgQFtAQCCAoD5glxATw3\/AEDAwc="}
00432{"flow_id":511,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7232,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347836,"pkt_ts_usec":96358,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z2JAAD4GXnasEAABwKgKMoGyAFBvhFCegfOMOYAQAOVoCgAAAQEICgE8N\/0D5glx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1499347837373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_first_seen":1499347837373,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":512,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7239,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":373420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zIRAAD4G+UusEAABwKgKMoHAAFDQoPW4AAAAAKACchDcIQAAAgQFtAQCCAoBPDk8AAAAAAEDAwc="}
00444{"flow_id":512,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7240,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":373592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgcDH48pN0KD1uaAScSA8OQAAAgQFtAQCCAoD5gqwATw5PAEDAwc="}
00432{"flow_id":512,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7241,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":374296,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zIVAAD4G+VKsEAABwKgKMoHAAFDQoPW5x+PKToAQAOXbQAAAAQEICgE8OTwD5gqw"}
00432{"flow_id":509,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7245,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":848511,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrFAAD4GtyesEAABwKgKMoGKAFARZDqBqbpY9oARAOXqAgAAAQEICgE8ObMD5gWj"}
00432{"flow_id":509,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7246,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":848747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0U9FAAEAGcAfAqAoyrBAAAQBQgYqpulj2EWQ6goARAOPkfwAAAQEICgPmCycBPDmz"}
00432{"flow_id":509,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7247,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347837,"pkt_ts_usec":849523,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DrJAAD4GtyasEAABwKgKMoGKAFARZDqCqbpY94AQAOXkfQAAAQEICgE8ObMD5gsn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1499347838675,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":1,"flow_first_seen":1499347838675,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":513,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7251,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":675718,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8apJAAD4GWz6sEAABwKgKMoHOAFDGglATAAAAAKACchCKkgAAAgQFtAQCCAoBPDqBAAAAAAEDAwc="}
00444{"flow_id":513,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7252,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":675808,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgc48YB01xoJQFKAScSAiAAAAAgQFtAQCCAoD5gv2ATw6gQEDAwc="}
00432{"flow_id":513,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":676374,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0apNAAD4GW0WsEAABwKgKMoHOAFDGglAUPGAdNoAQAOXBBgAAAQEICgE8OoID5gv2"}
00432{"flow_id":510,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7257,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":849149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+RAAD4GpfSsEAABwKgKMoGYAFAzOSqJpgaIEoARAOWqegAAAQEICgE8Oq0D5gbe"}
00432{"flow_id":510,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7258,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":849406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hDNAAEAGP6XAqAoyrBAAAQBQgZimBogSMzkqioARAOOlOAAAAQEICgPmDCEBPDqt"}
00432{"flow_id":510,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7259,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347838,"pkt_ts_usec":849955,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H+VAAD4GpfOsEAABwKgKMoGYAFAzOSqKpgaIE4AQAOWlNgAAAQEICgE8Oq0D5gwh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1499347841229,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_first_seen":1499347841229,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":514,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7269,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":229542,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86g5AAD4G28GsEAABwKgKMoHoAFBN49cOAAAAAKACchB5nQAAAgQFtAQCCAoBPD0AAAAAAAEDAwc="}
00444{"flow_id":514,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7270,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":229694,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgejkRPOpTePXD6AScSCQMwAAAgQFtAQCCAoD5g50ATw9AAEDAwc="}
00432{"flow_id":514,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7271,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":230439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06g9AAD4G28isEAABwKgKMoHoAFBN49cP5ETzqoAQAOUvOwAAAQEICgE8PQAD5g50"}
00432{"flow_id":511,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7275,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":849617,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z2NAAD4GXnWsEAABwKgKMoGyAFBvhFCegfOMOYARAOViawAAAQEICgE8PZsD5glx"}
00432{"flow_id":511,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7276,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":849866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gzZAAEAGQKLAqAoyrBAAAQBQgbKB84w5b4RQn4ARAONczgAAAQEICgPmDw8BPD2b"}
00432{"flow_id":511,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347841,"pkt_ts_usec":850419,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z2RAAD4GXnSsEAABwKgKMoGyAFBvhFCfgfOMOoAQAOVczAAAAQEICgE8PZsD5g8P"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1499347842491,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_first_seen":1499347842491,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":515,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7281,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347842,"pkt_ts_usec":491750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lUdAAD4GMImsEAABwKgKMoH2AFCtqqt8AAAAAKACchBEHwAAAgQFtAQCCAoBPD47AAAAAAEDAwc="}
00444{"flow_id":515,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7282,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347842,"pkt_ts_usec":491871,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgfYhjECLraqrfaAScSDPUAAAAgQFtAQCCAoD5g+wATw+OwEDAwc="}
00432{"flow_id":515,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347842,"pkt_ts_usec":492638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUhAAD4GMJCsEAABwKgKMoH2AFCtqqt9IYxAjIAQAOVuVwAAAQEICgE8PjwD5g+w"}
@@ -4640,77 +4640,77 @@
00432{"flow_id":513,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347843,"pkt_ts_usec":850596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0apRAAD4GW0SsEAABwKgKMoHOAFDGglAUPGAdNoARAOW7+AAAAQEICgE8P48D5gv2"}
00432{"flow_id":513,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347843,"pkt_ts_usec":850802,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0DDJAAEAGt6bAqAoyrBAAAQBQgc48YB02xoJQFYARAOO26wAAAQEICgPmEQQBPD+P"}
00432{"flow_id":513,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7298,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347843,"pkt_ts_usec":851569,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0apVAAD4GW0OsEAABwKgKMoHOAFDGglAVPGAdN4AQAOW26QAAAQEICgE8P48D5hEE"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1499347845077,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":6,"flow_first_seen":1499347709252,"flow_last_seen":1499347714812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60084,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60134,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":6,"flow_first_seen":1499347712277,"flow_last_seen":1499347717814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":6,"flow_first_seen":1499347713588,"flow_last_seen":1499347718814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":7,"flow_first_seen":1499347716243,"flow_last_seen":1499347721814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7299,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":6,"flow_first_seen":1499347717533,"flow_last_seen":1499347722814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60194,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":1,"flow_first_seen":1499347845077,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":516,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7302,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347845,"pkt_ts_usec":77766,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA83IxAAD4G6UOsEAABwKgKMoIQAFCGLpxOAAAAAKACchB4KAAAAgQFtAQCCAoBPEDCAAAAAAEDAwc="}
00443{"flow_id":516,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7303,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347845,"pkt_ts_usec":77881,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQghDt+J+Thi6cT6AScSDVXgAAAgQFtAQCCAoD5hI2ATxAwgEDAwc="}
00431{"flow_id":516,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7304,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347845,"pkt_ts_usec":78481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03I1AAD4G6UqsEAABwKgKMoIQAFCGLpxP7fiflIAQAOV0ZgAAAQEICgE8QMID5hI2"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1499347846345,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_first_seen":1499347846345,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":517,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7311,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":345271,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NftAAD4Gj9WsEAABwKgKMoIeAFCnQ3QEAAAAAKACchB+EgAAAgQFtAQCCAoBPEH\/AAAAAAEDAwc="}
00445{"flow_id":517,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7312,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":345422,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgh6m5yHpp0N0BaAScSCexwAAAgQFtAQCCAoD5hNzATxB\/wEDAwc="}
00432{"flow_id":517,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7313,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":345957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NfxAAD4Gj9ysEAABwKgKMoIeAFCnQ3QFpuch6oAQAOU9zwAAAQEICgE8Qf8D5hNz"}
00432{"flow_id":514,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7317,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":856041,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06hBAAD4G28esEAABwKgKMoHoAFBN49cP5ETzqoARAOUpuwAAAQEICgE8Qn8D5g50"}
00434{"flow_id":514,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7318,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":856260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04FlAAEAG437AqAoyrBAAAQBQgejkRPOqTePXEIARAOMkPQAAAQEICgPmE\/MBPEJ\/"}
00432{"flow_id":514,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7319,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347846,"pkt_ts_usec":856820,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06hFAAD4G28asEAABwKgKMoHoAFBN49cQ5ETzq4AQAOUkOwAAAQEICgE8Qn8D5hPz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1499347847629,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_first_seen":1499347847629,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":518,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7323,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":629206,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TMtAAD4GeQWsEAABwKgKMoIsAFDM8A+LAAAAAKACchC7jwAAAgQFtAQCCAoBPENAAAAAAAEDAwc="}
00444{"flow_id":518,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":629329,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgizINJmdzPAPjKAScSBCAgAAAgQFtAQCCAoD5hS0ATxDQAEDAwc="}
00432{"flow_id":518,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":630085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TMxAAD4GeQysEAABwKgKMoIsAFDM8A+MyDSZnoAQAOXhCQAAAQEICgE8Q0AD5hS0"}
00432{"flow_id":515,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7329,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":856453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUlAAD4GMI+sEAABwKgKMoH2AFCtqqt9IYxAjIARAOVpGQAAAQEICgE8Q3kD5g+w"}
00432{"flow_id":515,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7330,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":856673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VGFAAEAGb3fAqAoyrBAAAQBQgfYhjECMraqrfoARAONj3QAAAQEICgPmFO0BPEN5"}
00432{"flow_id":515,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7331,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347847,"pkt_ts_usec":857403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lUpAAD4GMI6sEAABwKgKMoH2AFCtqqt+IYxAjYAQAOVj2wAAAQEICgE8Q3kD5hTt"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1499347850209,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_first_seen":1499347850209,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":519,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7341,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":209154,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OS9AAD4GjKGsEAABwKgKMoJGAFCA5HzqAAAAAKACchCXnQAAAgQFtAQCCAoBPEXFAAAAAAEDAwc="}
00444{"flow_id":519,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7342,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":209287,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgkZb8bIlgOR866AScSBvRgAAAgQFtAQCCAoD5hc5ATxFxQEDAwc="}
00433{"flow_id":519,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":210036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OTBAAD4GjKisEAABwKgKMoJGAFCA5HzrW\/GyJoAQAOUOTgAAAQEICgE8RcUD5hc5"}
00432{"flow_id":516,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7347,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":857325,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03I5AAD4G6UmsEAABwKgKMoIQAFCGLpxP7fiflIARAOVuwAAAAQEICgE8RmcD5hI2"}
00432{"flow_id":516,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7348,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":857518,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0iE9AAEAGO4nAqAoyrBAAAQBQghDt+J+Uhi6cUIARAONpHAAAAQEICgPmF9sBPEZn"}
00432{"flow_id":516,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347850,"pkt_ts_usec":858271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA03I9AAD4G6UisEAABwKgKMoIQAFCGLpxQ7fiflYAQAOVpGgAAAQEICgE8RmcD5hfb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1499347851476,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_first_seen":1499347851476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":520,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7353,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":476262,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8d+RAAD4GTeysEAABwKgKMoJUAFCuljDmAAAAAKACchC0pAAAAgQFtAQCCAoBPEcCAAAAAAEDAwc="}
00444{"flow_id":520,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7354,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":476389,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQglT2+WNtrpYw56AScSA+wAAAAgQFtAQCCAoD5hh2ATxHAgEDAwc="}
00432{"flow_id":520,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7355,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":476976,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0d+VAAD4GTfOsEAABwKgKMoJUAFCuljDn9vljboAQAOXdxwAAAQEICgE8RwID5hh2"}
00432{"flow_id":517,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7359,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":857862,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nf1AAD4Gj9usEAABwKgKMoIeAFCnQ3QFpuch6oARAOU4bAAAAQEICgE8R2ED5hNz"}
00432{"flow_id":517,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7360,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":858115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OT9AAEAGipnAqAoyrBAAAQBQgh6m5yHqp0N0BoARAOMzCwAAAQEICgPmGNUBPEdh"}
00432{"flow_id":517,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7361,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347851,"pkt_ts_usec":858638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nf5AAD4Gj9qsEAABwKgKMoIeAFCnQ3QGpuch64AQAOUzCQAAAQEICgE8R2ED5hjV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1499347852742,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_first_seen":1499347852742,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":521,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":742641,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87IFAAD4G2U6sEAABwKgKMoJiAFDnuKS\/AAAAAKACchAGXwAAAgQFtAQCCAoBPEg+AAAAAAEDAwc="}
00444{"flow_id":521,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7366,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":742791,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgmLb7idG57ikwKAScSDmbwAAAgQFtAQCCAoD5hmzATxIPgEDAwc="}
00432{"flow_id":521,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7367,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":743464,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IJAAD4G2VWsEAABwKgKMoJiAFDnuKTA2+4nR4AQAOWFdwAAAQEICgE8SD4D5hmz"}
00432{"flow_id":518,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7371,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":857986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TM1AAD4GeQusEAABwKgKMoIsAFDM8A+MyDSZnoARAOXb7QAAAQEICgE8SFsD5hS0"}
00432{"flow_id":518,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7372,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":858202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gFFAAEAGQ4fAqAoyrBAAAQBQgizINJmezPAPjYARAOPW0wAAAQEICgPmGc8BPEhb"}
00432{"flow_id":518,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7373,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347852,"pkt_ts_usec":858759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TM5AAD4GeQqsEAABwKgKMoIsAFDM8A+NyDSZn4AQAOXW0QAAAQEICgE8SFsD5hnP"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1499347855324,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":6,"flow_first_seen":1499347720094,"flow_last_seen":1499347725815,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60220,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":6,"flow_first_seen":1499347721376,"flow_last_seen":1499347726816,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60234,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":446,"flow_packet_id":6,"flow_first_seen":1499347724082,"flow_last_seen":1499347729818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60260,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":447,"flow_packet_id":6,"flow_first_seen":1499347725355,"flow_last_seen":1499347730818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60274,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":6,"flow_first_seen":1499347726623,"flow_last_seen":1499347731818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60288,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7380,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":6,"flow_first_seen":1499347729211,"flow_last_seen":1499347734819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60314,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":1,"flow_first_seen":1499347855324,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":522,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7383,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":324591,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82qpAAD4G6yWsEAABwKgKMoJ8AFBnHpBuAAAAAKACchCYqgAAAgQFtAQCCAoBPErEAAAAAAEDAwc="}
00445{"flow_id":522,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7384,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":324722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgnxQBHT\/Zx6Qb6AScSC0ZwAAAgQFtAQCCAoD5hw4ATxKxAEDAwc="}
00432{"flow_id":522,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7385,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":325467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02qtAAD4G6yysEAABwKgKMoJ8AFBnHpBvUAR1AIAQAOVTbwAAAQEICgE8SsQD5hw4"}
00433{"flow_id":519,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7389,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":858361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OTFAAD4GjKesEAABwKgKMoJGAFCA5HzrW\/GyJoARAOUIyQAAAQEICgE8S0kD5hc5"}
00432{"flow_id":519,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7390,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":858581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0rphAAEAGFUDAqAoyrBAAAQBQgkZb8bImgOR87IARAOMDRQAAAQEICgPmHL4BPEtJ"}
00433{"flow_id":519,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7391,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347855,"pkt_ts_usec":859317,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OTJAAD4GjKasEAABwKgKMoJGAFCA5HzsW\/GyJ4AQAOUDQwAAAQEICgE8S0kD5hy+"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1499347856593,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_first_seen":1499347856593,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":523,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347856,"pkt_ts_usec":593088,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8fnJAAD4GR16sEAABwKgKMoKKAFBRAjJzAAAAAKACchALdwAAAgQFtAQCCAoBPEwBAAAAAAEDAwc="}
00444{"flow_id":523,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347856,"pkt_ts_usec":593188,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgooY0Yx1UQIydKAScSBFtAAAAgQFtAQCCAoD5h11ATxMAQEDAwc="}
00432{"flow_id":523,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7397,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347856,"pkt_ts_usec":593779,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fnNAAD4GR2WsEAABwKgKMoKKAFBRAjJ0GNGMdoAQAOXkuwAAAQEICgE8TAED5h11"}
@@ -4720,111 +4720,111 @@
00432{"flow_id":521,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7407,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347857,"pkt_ts_usec":859229,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07INAAD4G2VSsEAABwKgKMoJiAFDnuKTA2+4nR4ARAOWAdwAAAQEICgE8TT0D5hmz"}
00432{"flow_id":521,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7408,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347857,"pkt_ts_usec":859481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OfVAAEAGiePAqAoyrBAAAQBQgmLb7idH57ikwYARAON7eQAAAQEICgPmHrIBPE09"}
00432{"flow_id":521,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7409,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347857,"pkt_ts_usec":860196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07IRAAD4G2VOsEAABwKgKMoJiAFDnuKTB2+4nSIAQAOV7dgAAAQEICgE8TT4D5h6y"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1499347859192,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_first_seen":1499347859192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":524,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7416,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347859,"pkt_ts_usec":192109,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PBpAAD4GibasEAABwKgKMoKkAFB0dnKRAAAAAKACchClQAAAAgQFtAQCCAoBPE6LAAAAAAEDAwc="}
00446{"flow_id":524,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7417,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347859,"pkt_ts_usec":192232,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgqTwonDidHZykqAScSAgtQAAAgQFtAQCCAoD5h\/\/ATxOiwEDAwc="}
00435{"flow_id":524,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7418,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347859,"pkt_ts_usec":192997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PBtAAD4Gib2sEAABwKgKMoKkAFB0dnKS8KJw44AQAOW\/vAAAAQEICgE8TosD5h\/\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1499347860489,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_first_seen":1499347860489,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":525,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7425,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":489399,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA842JAAD4G4m2sEAABwKgKMoKyAFDBtqytAAAAAKACchAckgAAAgQFtAQCCAoBPE\/PAAAAAAEDAwc="}
00445{"flow_id":525,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7426,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":489541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgrJy9x5\/wbasrqAScSBm0QAAAgQFtAQCCAoD5iFDATxPzwEDAwc="}
00432{"flow_id":525,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7427,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":490297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA042NAAD4G4nSsEAABwKgKMoKyAFDBtqyucvcegIAQAOUF2QAAAQEICgE8T88D5iFD"}
00432{"flow_id":522,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7431,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":859401,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02qxAAD4G6yusEAABwKgKMoJ8AFBnHpBvUAR1AIARAOVOBwAAAQEICgE8UCsD5hw4"}
00432{"flow_id":522,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7432,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":859621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VKBAAEAGbzjAqAoyrBAAAQBQgnxQBHUAZx6QcIARAONIoAAAAQEICgPmIaABPFAr"}
00432{"flow_id":522,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7433,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347860,"pkt_ts_usec":860382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02q1AAD4G6yqsEAABwKgKMoJ8AFBnHpBwUAR1AYAQAOVInQAAAQEICgE8UCwD5iGg"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1499347861783,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_first_seen":1499347861783,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":526,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7437,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":783428,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lM1AAD4GMQOsEAABwKgKMoLAAFBG1cXfAAAAAKACchB88AAAAgQFtAQCCAoBPFESAAAAAAEDAwc="}
00444{"flow_id":526,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7438,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":783526,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgsCSqnQ8RtXF4KAScSBQewAAAgQFtAQCCAoD5iKHATxREgEDAwc="}
00432{"flow_id":526,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":784321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lM5AAD4GMQqsEAABwKgKMoLAAFBG1cXgkqp0PYAQAOXvgQAAAQEICgE8URMD5iKH"}
00432{"flow_id":523,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7443,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":859409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fnRAAD4GR2SsEAABwKgKMoKKAFBRAjJ0GNGMdoARAOXflgAAAQEICgE8USUD5h11"}
00432{"flow_id":523,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7444,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":859594,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ruxAAEAGFOzAqAoyrBAAAQBQgooY0Yx2UQIydYARAOPacgAAAQEICgPmIpoBPFEl"}
00432{"flow_id":523,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7445,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347861,"pkt_ts_usec":860169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0fnVAAD4GR2OsEAABwKgKMoKKAFBRAjJ1GNGMd4AQAOXabwAAAQEICgE8USYD5iKa"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1499347863072,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_first_seen":1499347863072,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":527,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7449,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347863,"pkt_ts_usec":72990,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NydAAD4GjqmsEAABwKgKMoLOAFBzZGVyAAAAAKACchCvfQAAAgQFtAQCCAoBPFJVAAAAAAEDAwc="}
00443{"flow_id":527,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7450,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347863,"pkt_ts_usec":73147,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgs7A+ay+c2Rlc6AScSAa9QAAAgQFtAQCCAoD5iPJATxSVQEDAwc="}
00432{"flow_id":527,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7451,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347863,"pkt_ts_usec":73928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NyhAAD4GjrCsEAABwKgKMoLOAFBzZGVzwPmsv4AQAOW5\/AAAAQEICgE8UlUD5iPJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1499347864367,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_first_seen":1499347864367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":528,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7458,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":367420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SwNAAD4Ges2sEAABwKgKMoLcAFBKORibAAAAAKACchAkLwAAAgQFtAQCCAoBPFOYAAAAAAEDAwc="}
00444{"flow_id":528,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7459,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":367548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgtztJOKwSjkYnKAScSAsRQAAAgQFtAQCCAoD5iUNATxTmAEDAwc="}
00432{"flow_id":528,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7461,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":368322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwRAAD4GetSsEAABwKgKMoLcAFBKORic7STisYAQAOXLSwAAAQEICgE8U5kD5iUN"}
00434{"flow_id":524,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7464,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":860950,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PBxAAD4GibysEAABwKgKMoKkAFB0dnKS8KJw44ARAOW6MgAAAQEICgE8VBQD5h\/\/"}
00432{"flow_id":524,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7465,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":861168,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0VWtAAEAGbm3AqAoyrBAAAQBQgqTwonDjdHZyk4ARAOO0qgAAAQEICgPmJYgBPFQU"}
00432{"flow_id":524,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7466,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347864,"pkt_ts_usec":861731,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PB1AAD4GibusEAABwKgKMoKkAFB0dnKT8KJw5IAQAOW0qAAAAQEICgE8VBQD5iWI"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":6,"flow_first_seen":1499347730501,"flow_last_seen":1499347735819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60328,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":451,"flow_packet_id":6,"flow_first_seen":1499347731797,"flow_last_seen":1499347736820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":452,"flow_packet_id":6,"flow_first_seen":1499347733083,"flow_last_seen":1499347738820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":6,"flow_first_seen":1499347734348,"flow_last_seen":1499347739820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":6,"flow_first_seen":1499347735664,"flow_last_seen":1499347740821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60384,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":6,"flow_first_seen":1499347738229,"flow_last_seen":1499347743822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7467,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":6,"flow_first_seen":1499347739497,"flow_last_seen":1499347744823,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60424,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":525,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7473,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347865,"pkt_ts_usec":861495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA042RAAD4G4nOsEAABwKgKMoKyAFDBtqyucvcegIARAOUAmQAAAQEICgE8VQ4D5iFD"}
00432{"flow_id":525,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7474,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347865,"pkt_ts_usec":861692,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OAJAAEAGi9bAqAoyrBAAAQBQgrJy9x6Awbasr4ARAOP7WgAAAQEICgPmJoIBPFUO"}
00432{"flow_id":525,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7475,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347865,"pkt_ts_usec":862275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA042VAAD4G4nKsEAABwKgKMoKyAFDBtqyvcvcegYAQAOX7WAAAAQEICgE8VQ4D5iaC"}
00432{"flow_id":526,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7479,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347866,"pkt_ts_usec":862288,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lM9AAD4GMQmsEAABwKgKMoLAAFBG1cXgkqp0PYARAOXqiwAAAQEICgE8VggD5iKH"}
00432{"flow_id":526,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7480,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347866,"pkt_ts_usec":862476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0U0BAAEAGcJjAqAoyrBAAAQBQgsCSqnQ9RtXF4YARAOPllgAAAQEICgPmJ30BPFYI"}
00432{"flow_id":526,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7481,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347866,"pkt_ts_usec":863063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lNBAAD4GMQisEAABwKgKMoLAAFBG1cXhkqp0PoAQAOXllAAAAQEICgE8VggD5id9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1499347867086,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_first_seen":1499347867086,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":529,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7482,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347867,"pkt_ts_usec":86713,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sxZAAD4GErqsEAABwKgKMoL2AFBvHeVWAAAAAKACchAvzQAAAgQFtAQCCAoBPFZAAAAAAAEDAwc="}
00443{"flow_id":529,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7483,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347867,"pkt_ts_usec":86837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgvZcEWBbbx3lV6AScSBIpAAAAgQFtAQCCAoD5ie1ATxWQAEDAwc="}
00431{"flow_id":529,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7484,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347867,"pkt_ts_usec":87440,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sxdAAD4GEsGsEAABwKgKMoL2AFBvHeVXXBFgXIAQAOXnqwAAAQEICgE8VkAD5ie1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1499347868358,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_first_seen":1499347868358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":530,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7491,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":358719,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8189AAD4G7gCsEAABwKgKMoMEAFA06oCxAAAAAKACchDNWQAAAgQFtAQCCAoBPFd+AAAAAAEDAwc="}
00444{"flow_id":530,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7492,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":358813,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgwSCLK7WNOqAsqAScSBwXAAAAgQFtAQCCAoD5ijzATxXfgEDAwc="}
00432{"flow_id":530,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7493,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":359588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA019BAAD4G7gesEAABwKgKMoMEAFA06oCygiyu14AQAOUPZAAAAQEICgE8V34D5ijz"}
00433{"flow_id":527,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7497,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":863353,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NylAAD4Gjq+sEAABwKgKMoLOAFBzZGVzwPmsv4ARAOW0VAAAAQEICgE8V\/wD5iPJ"}
00433{"flow_id":527,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7498,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":863556,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0hc5AAEAGPgrAqAoyrBAAAQBQgs7A+ay\/c2RldIARAOOurQAAAQEICgPmKXEBPFf8"}
00433{"flow_id":527,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7499,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347868,"pkt_ts_usec":864329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NypAAD4Gjq6sEAABwKgKMoLOAFBzZGV0wPmswIAQAOWuqgAAAQEICgE8V\/0D5ilx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1499347869628,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_first_seen":1499347869628,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":531,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7503,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":628596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XbNAAD4GaB2sEAABwKgKMoMSAFAbjgUPAAAAAKACchBhDAAAAgQFtAQCCAoBPFi8AAAAAAEDAwc="}
00444{"flow_id":531,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7504,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":628690,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgxKd9DBxG44FEKAScSBlbwAAAgQFtAQCCAoD5iowATxYvAEDAwc="}
00432{"flow_id":531,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7505,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":629470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbRAAD4GaCSsEAABwKgKMoMSAFAbjgUQnfQwcoAQAOUEdwAAAQEICgE8WLwD5iow"}
00432{"flow_id":528,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":863985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwVAAD4GetOsEAABwKgKMoLcAFBKORic7STisYARAOXF7AAAAQEICgE8WPcD5iUN"}
00432{"flow_id":528,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":864249,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0yNpAAEAG+v3AqAoyrBAAAQBQgtztJOKxSjkYnYARAOPAjwAAAQEICgPmKmsBPFj3"}
00432{"flow_id":528,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7511,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347869,"pkt_ts_usec":864988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SwZAAD4GetKsEAABwKgKMoLcAFBKORid7STisoAQAOXAjQAAAQEICgE8WPcD5ipr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1499347872187,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_first_seen":1499347872187,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":532,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7521,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":187685,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ycVAAD4G\/AqsEAABwKgKMoMsAFDCtZL+AAAAAKACchApXAAAAgQFtAQCCAoBPFs7AAAAAAEDAwc="}
00445{"flow_id":532,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7522,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":187811,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgyztIpfbwrWS\/6AScSB0pgAAAgQFtAQCCAoD5iywATxbOwEDAwc="}
00434{"flow_id":532,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7523,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":188547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ycZAAD4G\/BGsEAABwKgKMoMsAFDCtZL\/7SKX3IAQAOUTrQAAAQEICgE8WzwD5iyw"}
00432{"flow_id":529,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7527,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":865038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sxhAAD4GEsCsEAABwKgKMoL2AFBvHeVXXBFgXIARAOXiBQAAAQEICgE8W+UD5ie1"}
00432{"flow_id":529,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7528,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":865304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0TQVAAEAGdtPAqAoyrBAAAQBQgvZcEWBcbx3lWIARAOPcYgAAAQEICgPmLVkBPFvl"}
00432{"flow_id":529,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7529,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347872,"pkt_ts_usec":866052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sxlAAD4GEr+sEAABwKgKMoL2AFBvHeVYXBFgXYAQAOXcYAAAAQEICgE8W+UD5i1Z"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1499347873465,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_first_seen":1499347873465,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":533,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7533,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":465726,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+eFAAD4Gy+6sEAABwKgKMoM6AFCd+qWaAAAAAKACchA6LQAAAgQFtAQCCAoBPFx7AAAAAAEDAwc="}
00444{"flow_id":533,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7534,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":465855,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQgzpjWOt2nfqlm6AScSC6ZwAAAgQFtAQCCAoD5i3vATxcewEDAwc="}
00433{"flow_id":533,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7536,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":466476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+eJAAD4Gy\/WsEAABwKgKMoM6AFCd+qWbY1jrd4AQAOVZbwAAAQEICgE8XHsD5i3v"}
00432{"flow_id":530,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7539,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":864959,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA019FAAD4G7gasEAABwKgKMoMEAFA06oCygiyu14ARAOUKAgAAAQEICgE8XN8D5ijz"}
00432{"flow_id":530,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7540,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":865190,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gIRAAEAGQ1TAqAoyrBAAAQBQgwSCLK7XNOqAs4ARAOMEowAAAQEICgPmLlMBPFzf"}
00432{"flow_id":530,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7541,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347873,"pkt_ts_usec":865922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA019JAAD4G7gWsEAABwKgKMoMEAFA06oCzgiyu2IAQAOUEoQAAAQEICgE8XN8D5i5T"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1499347874737,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_first_seen":1499347874737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":534,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":737577,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA88wxAAD4G0sOsEAABwKgKMoNIAFDgx661AAAAAKACchDs+AAAAgQFtAQCCAoBPF25AAAAAAEDAwc="}
00444{"flow_id":534,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7546,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":737738,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg0iSQssc4MeutqAScSBdZQAAAgQFtAQCCAoD5i8tATxduQEDAwc="}
00432{"flow_id":534,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7547,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":738427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w1AAD4G0sqsEAABwKgKMoNIAFDgx662kkLLHYAQAOX8bAAAAQEICgE8XbkD5i8t"}
00433{"flow_id":531,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7551,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":865237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbVAAD4GaCOsEAABwKgKMoMSAFAbjgUQnfQwcoARAOX\/WAAAAQEICgE8XdkD5iow"}
00432{"flow_id":531,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7552,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":865469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Hz9AAEAGpJnAqAoyrBAAAQBQgxKd9DByG44FEYARAOP6PAAAAQEICgPmL00BPF3Z"}
00432{"flow_id":531,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347874,"pkt_ts_usec":866060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XbZAAD4GaCKsEAABwKgKMoMSAFAbjgURnfQwc4AQAOX6OgAAAQEICgE8XdkD5i9N"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_tot_l4_data_len":242186,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":776,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":312,"flow_first_seen":1499347675703,"flow_last_seen":1499347745908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232186,"flow_avg_l4_payload_len":744,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":59732,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":6,"flow_first_seen":1499347740751,"flow_last_seen":1499347745824,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60438,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":459,"flow_packet_id":6,"flow_first_seen":1499347744595,"flow_last_seen":1499347749825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60478,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":460,"flow_packet_id":6,"flow_first_seen":1499347747187,"flow_last_seen":1499347752826,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":6,"flow_first_seen":1499347748472,"flow_last_seen":1499347753827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7554,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":6,"flow_first_seen":1499347749751,"flow_last_seen":1499347754827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00948{"flow_id":532,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":28300,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzycdAAD4G+pGsEAABwKgKMoMsAFDCtZL\/7SKX3IAYAOW9+gAAAQEICgE8X\/YD5iywR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7563,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":4,"flow_first_seen":1499347872187,"flow_last_seen":1499347877028,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":532,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7564,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":28406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0prZAAEAGHSLAqAoyrBAAAQBQgyztIpfcwrWUfoAQAOsItAAAAQEICgPmMWoBPF\/2"}
02829{"flow_id":532,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7565,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":32080,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfprdAAEAGFjbAqAoyrBAAAQBQgyztIpfcwrWUfoAYAOt9\/QAAAQEICgPmMWsBPF\/2SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMxOjE2IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00433{"flow_id":532,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7566,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":32764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ychAAD4G\/A+sEAABwKgKMoMsAFDCtZR+7SKex4AQAQABsgAAAQEICgE8X\/cD5jFr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1499347877292,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_first_seen":1499347877292,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":535,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7567,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":292759,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8t4hAAD4GDkisEAABwKgKMoNiAFCEB9ewAAAAAKACchAeJQAAAgQFtAQCCAoBPGA4AAAAAAEDAwc="}
00446{"flow_id":535,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":292858,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg2I\/o2nZhAfXsaAScSA\/9QAAAgQFtAQCCAoD5jGsATxgOAEDAwc="}
00433{"flow_id":535,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7569,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347877,"pkt_ts_usec":293640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t4lAAD4GDk+sEAABwKgKMoNiAFCEB9exP6Np2oAQAOXe\/AAAAQEICgE8YDgD5jGs"}
@@ -4834,7 +4834,7 @@
00948{"flow_id":532,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7573,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":304959,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzyctAAD4G+o2sEAABwKgKMoMsAFDCtZbH7SKmEoAYAR2lhwAAAQEICgE8YTUD5jGuR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":532,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7574,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":308038,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceprtAAEAGFjPAqAoyrBAAAQBQgyztIqYSwrWYRoAYAP19\/AAAAQEICgPmMqoBPGE1SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMxOjE4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00436{"flow_id":532,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7575,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":308755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ycxAAD4G\/AusEAABwKgKMoMsAFDCtZhG7SKs\/IAQATns\/QAAAQEICgE8YTYD5jKq"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1499347878568,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_first_seen":1499347878568,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":536,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7576,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":568081,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UNxAAD4GdPSsEAABwKgKMoNwAFDv6DGrAAAAAKACchBW\/AAAAgQFtAQCCAoBPGF3AAAAAAEDAwc="}
00444{"flow_id":536,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7577,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":568178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg3Dm1iqC7+gxrKAScSAPsQAAAgQFtAQCCAoD5jLrATxhdwEDAwc="}
00432{"flow_id":536,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7578,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347878,"pkt_ts_usec":568774,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UN1AAD4GdPusEAABwKgKMoNwAFDv6DGs5tYqg4AQAOWuuAAAAQEICgE8YXcD5jLr"}
@@ -4846,42 +4846,42 @@
00432{"flow_id":534,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7588,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347879,"pkt_ts_usec":867048,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w5AAD4G0smsEAABwKgKMoNIAFDgx662kkLLHYARAOX3aQAAAQEICgE8YrsD5i8t"}
00433{"flow_id":534,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7589,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347879,"pkt_ts_usec":867289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/y1AAEAGxKrAqAoyrBAAAQBQg0iSQssd4Meut4ARAOPyZwAAAQEICgPmNDABPGK7"}
00432{"flow_id":534,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7590,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347879,"pkt_ts_usec":867830,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA08w9AAD4G0sisEAABwKgKMoNIAFDgx663kkLLHoAQAOXyZAAAAQEICgE8YrwD5jQw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1499347881141,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_first_seen":1499347881141,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":537,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7597,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347881,"pkt_ts_usec":141710,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HhAAD4G9VesEAABwKgKMoOKAFDzHbOCAAAAAKACchDPUgAAAgQFtAQCCAoBPGP6AAAAAAEDAwc="}
00444{"flow_id":537,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7598,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347881,"pkt_ts_usec":141852,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg4pPHZMl8x2zg6AScSC0mgAAAgQFtAQCCAoD5jVuATxj+gEDAwc="}
00433{"flow_id":537,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347881,"pkt_ts_usec":142632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HlAAD4G9V6sEAABwKgKMoOKAFDzHbODTx2TJoAQAOVTogAAAQEICgE8Y\/oD5jVu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1499347882404,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_first_seen":1499347882404,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":538,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7607,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":404247,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eWdAAD4GTGmsEAABwKgKMoOYAFA4phxRAAAAAKACchAfsgAAAgQFtAQCCAoBPGU2AAAAAAEDAwc="}
00444{"flow_id":538,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7608,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":404320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg5hCgWTIOKYcUqAScSA+twAAAgQFtAQCCAoD5jaqATxlNgEDAwc="}
00432{"flow_id":538,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7609,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":404971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eWhAAD4GTHCsEAABwKgKMoOYAFA4phxSQoFkyYAQAOXdvgAAAQEICgE8ZTYD5jaq"}
00432{"flow_id":535,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7612,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":868292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t4pAAD4GDk6sEAABwKgKMoNiAFCEB9exP6Np2oARAOXZiQAAAQEICgE8ZaoD5jGs"}
00433{"flow_id":535,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7613,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":868510,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XsRAAEAGZRTAqAoyrBAAAQBQg2I\/o2nahAfXsoARAOPUGAAAAQEICgPmNx4BPGWq"}
00432{"flow_id":535,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7614,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347882,"pkt_ts_usec":869245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0t4tAAD4GDk2sEAABwKgKMoNiAFCEB9eyP6Np24AQAOXUFgAAAQEICgE8ZaoD5jce"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1499347883693,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_first_seen":1499347883693,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":539,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7618,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":693194,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WYNAAD4GbE2sEAABwKgKMoOmAFDBWz\/7AAAAAKACchByAgAAAgQFtAQCCAoBPGZ4AAAAAAEDAwc="}
00447{"flow_id":539,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7619,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":693320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg6YJ\/gJMwVs\/\/KAScSAqxQAAAgQFtAQCCAoD5jfsATxmeAEDAwc="}
00433{"flow_id":539,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7620,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":694064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYRAAD4GbFSsEAABwKgKMoOmAFDBWz\/8Cf4CTYAQAOXJzAAAAQEICgE8ZngD5jfs"}
00432{"flow_id":536,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7624,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":868448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UN5AAD4GdPqsEAABwKgKMoNwAFDv6DGs5tYqg4ARAOWpigAAAQEICgE8ZqQD5jLr"}
00432{"flow_id":536,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":868624,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0EptAAEAGsT3AqAoyrBAAAQBQg3Dm1iqD7+gxrYARAOOkXgAAAQEICgPmOBgBPGak"}
00432{"flow_id":536,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347883,"pkt_ts_usec":869379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UN9AAD4GdPmsEAABwKgKMoNwAFDv6DGt5tYqhIAQAOWkXAAAAQEICgE8ZqQD5jgY"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1499347886296,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":6,"flow_first_seen":1499347752308,"flow_last_seen":1499347757828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60558,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":6,"flow_first_seen":1499347753649,"flow_last_seen":1499347758828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":6,"flow_first_seen":1499347756244,"flow_last_seen":1499347761829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60598,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":466,"flow_packet_id":6,"flow_first_seen":1499347757502,"flow_last_seen":1499347762829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7633,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":7,"flow_first_seen":1499347758774,"flow_last_seen":1499347763831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_first_seen":1499347886296,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":540,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7636,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":296186,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8J3NAAD4Gnl2sEAABwKgKMoPAAFDfgE5wAAAAAKACchBCwwAAAgQFtAQCCAoBPGkDAAAAAAEDAwc="}
00444{"flow_id":540,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7637,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":296327,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg8DWbqB034BOcaAScSCOYQAAAgQFtAQCCAoD5jp3ATxpAwEDAwc="}
00432{"flow_id":540,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7638,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":297096,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0J3RAAD4GnmSsEAABwKgKMoPAAFDfgE5x1m6gdYAQAOUtaQAAAQEICgE8aQMD5jp3"}
00432{"flow_id":537,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7642,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":869005,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HpAAD4G9V2sEAABwKgKMoOKAFDzHbODTx2TJoARAOVOCQAAAQEICgE8aZID5jVu"}
00432{"flow_id":537,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7643,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":869225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qCBAAEAGG7jAqAoyrBAAAQBQg4pPHZMm8x2zhIARAONIcgAAAQEICgPmOwYBPGmS"}
00432{"flow_id":537,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7644,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347886,"pkt_ts_usec":869945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HtAAD4G9VysEAABwKgKMoOKAFDzHbOETx2TJ4AQAOVIcAAAAQEICgE8aZID5jsG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1499347887572,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_first_seen":1499347887572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":541,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7648,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347887,"pkt_ts_usec":572167,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vidAAD4GB6msEAABwKgKMoPOAFDy3tRlAAAAAKACchCoIgAAAgQFtAQCCAoBPGpCAAAAAAEDAwc="}
00444{"flow_id":541,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7649,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347887,"pkt_ts_usec":572323,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg85IicNz8t7UZqAScSBdaAAAAgQFtAQCCAoD5ju2ATxqQgEDAwc="}
00432{"flow_id":541,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7650,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347887,"pkt_ts_usec":572856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vihAAD4GB7CsEAABwKgKMoPOAFDy3tRmSInDdIAQAOX8bwAAAQEICgE8akID5ju2"}
@@ -4891,11 +4891,11 @@
00433{"flow_id":539,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347888,"pkt_ts_usec":869681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYVAAD4GbFOsEAABwKgKMoOmAFDBWz\/8Cf4CTYARAOXEvQAAAQEICgE8a4YD5jfs"}
00436{"flow_id":539,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347888,"pkt_ts_usec":869898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0PrdAAEAGhSHAqAoyrBAAAQBQg6YJ\/gJNwVs\/\/YARAOO\/sAAAAQEICgPmPPoBPGuG"}
00434{"flow_id":539,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7662,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347888,"pkt_ts_usec":870478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WYZAAD4GbFKsEAABwKgKMoOmAFDBWz\/9Cf4CToAQAOW\/rgAAAQEICgE8a4YD5jz6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1499347890192,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":1,"flow_first_seen":1499347890192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":542,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7669,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347890,"pkt_ts_usec":192783,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gVNAAD4GRH2sEAABwKgKMoPoAFBPU+2CAAAAAKACchAv6AAAAgQFtAQCCAoBPGzRAAAAAAEDAwc="}
00445{"flow_id":542,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7670,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347890,"pkt_ts_usec":192938,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg+hXA92bT1Ptg6AScSC5\/AAAAgQFtAQCCAoD5j5FATxs0QEDAwc="}
00432{"flow_id":542,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7671,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347890,"pkt_ts_usec":193656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gVRAAD4GRISsEAABwKgKMoPoAFBPU+2DVwPdnIAQAOVZBAAAAQEICgE8bNED5j5F"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1499347891536,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":1,"flow_first_seen":1499347891536,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":543,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7679,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347891,"pkt_ts_usec":536525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JsNAAD4Gnw2sEAABwKgKMoP2AFBiQUjiAAAAAKACchDAPAAAAgQFtAQCCAoBPG4hAAAAAAEDAwc="}
00445{"flow_id":543,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7680,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347891,"pkt_ts_usec":536658,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQg\/bwNNpHYkFI46AScSCzIwAAAgQFtAQCCAoD5j+VATxuIQEDAwc="}
00432{"flow_id":543,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7681,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347891,"pkt_ts_usec":537222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JsRAAD4GnxSsEAABwKgKMoP2AFBiQUjj8DTaSIAQAOVSKwAAAQEICgE8biED5j+V"}
@@ -4905,46 +4905,46 @@
00432{"flow_id":541,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7694,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347892,"pkt_ts_usec":871848,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vilAAD4GB6+sEAABwKgKMoPOAFDy3tRmSInDdIARAOX3QQAAAQEICgE8b28D5ju2"}
00432{"flow_id":541,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7695,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347892,"pkt_ts_usec":872035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0g5dAAEAGQEHAqAoyrBAAAQBQg85IicN08t7UZ4ARAOPyFQAAAQEICgPmQOMBPG9v"}
00432{"flow_id":541,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7696,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347892,"pkt_ts_usec":872770,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vipAAD4GB66sEAABwKgKMoPOAFDy3tRnSInDdYAQAOXyEwAAAQEICgE8b28D5kDj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1499347894093,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_first_seen":1499347894093,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":544,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7700,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347894,"pkt_ts_usec":93782,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W6ZAAD4GaiqsEAABwKgKMoQQAFDdYCsGAAAAAKACchBgYAAAAgQFtAQCCAoBPHCgAAAAAAEDAwc="}
00443{"flow_id":544,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7701,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347894,"pkt_ts_usec":93873,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhBBGWrmb3WArB6AScSAbTwAAAgQFtAQCCAoD5kIUATxwoAEDAwc="}
00431{"flow_id":544,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7702,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347894,"pkt_ts_usec":94658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W6dAAD4GajGsEAABwKgKMoQQAFDdYCsHRlq5nIAQAOW6VgAAAQEICgE8cKAD5kIU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1499347895396,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_first_seen":1499347895396,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":545,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7709,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":396921,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+PRAAD4GzNusEAABwKgKMoQeAFBBmIkSAAAAAKACchCcyAAAAgQFtAQCCAoBPHHmAAAAAAEDAwc="}
00444{"flow_id":545,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7710,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":397051,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhB6fI8DwQZiJE6AScSD2UgAAAgQFtAQCCAoD5kNaATxx5gEDAwc="}
00432{"flow_id":545,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":397620,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+PVAAD4GzOKsEAABwKgKMoQeAFBBmIkTnyPA8YAQAOWVWgAAAQEICgE8ceYD5kNa"}
00432{"flow_id":542,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7716,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":872974,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gVVAAD4GRIOsEAABwKgKMoPoAFBPU+2DVwPdnIARAOVTdwAAAQEICgE8cl0D5j5F"}
00432{"flow_id":542,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7717,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":873223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nk1AAEAGJYvAqAoyrBAAAQBQg+hXA92cT1PthIARAONN7AAAAQEICgPmQ9EBPHJd"}
00432{"flow_id":542,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347895,"pkt_ts_usec":873971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gVZAAD4GRIKsEAABwKgKMoPoAFBPU+2EVwPdnYAQAOVN6gAAAQEICgE8cl0D5kPR"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1499347896716,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":6,"flow_first_seen":1499347761418,"flow_last_seen":1499347766830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60652,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":6,"flow_first_seen":1499347762675,"flow_last_seen":1499347767831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60666,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":6,"flow_first_seen":1499347765229,"flow_last_seen":1499347770831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60692,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":6,"flow_first_seen":1499347766506,"flow_last_seen":1499347771832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":6,"flow_first_seen":1499347767793,"flow_last_seen":1499347772833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60720,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":6,"flow_first_seen":1499347769077,"flow_last_seen":1499347774833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60734,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7719,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":6,"flow_first_seen":1499347770345,"flow_last_seen":1499347775834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60748,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":1,"flow_first_seen":1499347896716,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":546,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7722,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":716455,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SsxAAD4GewSsEAABwKgKMoQsAFDW1Dn8AAAAAKACchBVSgAAAgQFtAQCCAoBPHMwAAAAAAEDAwc="}
00445{"flow_id":546,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7723,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":716580,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhCxEXQKe1tQ5\/aAScSDGowAAAgQFtAQCCAoD5kSkATxzMAEDAwc="}
00432{"flow_id":546,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7724,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":717346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ss1AAD4GewusEAABwKgKMoQsAFDW1Dn9RF0Cn4AQAOVlqwAAAQEICgE8czAD5kSk"}
00432{"flow_id":543,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7728,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":873879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JsVAAD4GnxOsEAABwKgKMoP2AFBiQUjj8DTaSIARAOVM9AAAAQEICgE8c1cD5j+V"}
00433{"flow_id":543,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7729,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":874095,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0noNAAEAGJVXAqAoyrBAAAQBQg\/bwNNpIYkFI5IARAONHvwAAAQEICgPmRMsBPHNX"}
00432{"flow_id":543,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7730,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347896,"pkt_ts_usec":874836,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JsZAAD4GnxKsEAABwKgKMoP2AFBiQUjk8DTaSYAQAOVHvQAAAQEICgE8c1cD5kTL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1499347899275,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":1,"flow_first_seen":1499347899275,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":547,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7740,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":275861,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8zuFAAD4G9u6sEAABwKgKMoRGAFBlPbtRAAAAAKACchBC8gAAAgQFtAQCCAoBPHWwAAAAAAEDAwc="}
00444{"flow_id":547,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":275956,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhEbZtc2dZT27UqAScSBRcwAAAgQFtAQCCAoD5kckATx1sAEDAwc="}
00432{"flow_id":547,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7742,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":276541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zuJAAD4G9vWsEAABwKgKMoRGAFBlPbtS2bXNnoAQAOXwegAAAQEICgE8dbAD5kck"}
00432{"flow_id":544,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7746,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":874560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W6hAAD4GajCsEAABwKgKMoQQAFDdYCsHRlq5nIARAOW0sAAAAQEICgE8dkUD5kIU"}
00433{"flow_id":544,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7747,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":874771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/iZAAEAGxbHAqAoyrBAAAQBQhBBGWrmc3WArCIARAOOvCwAAAQEICgPmR7oBPHZF"}
00432{"flow_id":544,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7748,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347899,"pkt_ts_usec":875549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W6lAAD4Gai+sEAABwKgKMoQQAFDdYCsIRlq5nYAQAOWvCAAAAQEICgE8dkYD5ke6"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1499347900544,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":1,"flow_first_seen":1499347900544,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":548,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7752,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347900,"pkt_ts_usec":544043,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T6pAAD4GdiasEAABwKgKMoRUAFAKnjlHAAAAAKACchAeUQAAAgQFtAQCCAoBPHbtAAAAAAEDAwc="}
00444{"flow_id":548,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7753,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347900,"pkt_ts_usec":544186,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhFRwu76qCp45SKAScSCjggAAAgQFtAQCCAoD5khhATx27QEDAwc="}
00432{"flow_id":548,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7754,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347900,"pkt_ts_usec":544760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T6tAAD4Gdi2sEAABwKgKMoRUAFAKnjlIcLu+q4AQAOVCigAAAQEICgE8du0D5khh"}
@@ -4954,44 +4954,44 @@
00432{"flow_id":546,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7767,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347901,"pkt_ts_usec":874646,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ss5AAD4GewqsEAABwKgKMoQsAFDW1Dn9RF0Cn4ARAOVgoQAAAQEICgE8eDkD5kSk"}
00433{"flow_id":546,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7768,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347901,"pkt_ts_usec":874772,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0SzFAAEAGeKfAqAoyrBAAAQBQhCxEXQKf1tQ5\/oARAONbmAAAAQEICgPmSa4BPHg5"}
00432{"flow_id":546,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7769,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347901,"pkt_ts_usec":875503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ss9AAD4GewmsEAABwKgKMoQsAFDW1Dn+RF0CoIAQAOVblQAAAQEICgE8eDoD5kmu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1499347903125,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_first_seen":1499347903125,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":549,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7773,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347903,"pkt_ts_usec":125153,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Iy1AAD4GoqOsEAABwKgKMoRuAFDn\/lpfAAAAAKACchAdOQAAAgQFtAQCCAoBPHlyAAAAAAEDAwc="}
00445{"flow_id":549,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7774,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347903,"pkt_ts_usec":125254,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhG41OTml5\/5aYKAScSBgbQAAAgQFtAQCCAoD5krmATx5cgEDAwc="}
00434{"flow_id":549,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7775,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347903,"pkt_ts_usec":125831,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Iy5AAD4GoqqsEAABwKgKMoRuAFDn\/lpgNTk5poAQAOX\/dAAAAQEICgE8eXID5krm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1499347904387,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_first_seen":1499347904387,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":550,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7782,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":387079,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wAJAAD4GBc6sEAABwKgKMoR8AFDhZ7qvAAAAAKACchDCNgAAAgQFtAQCCAoBPHqtAAAAAAEDAwc="}
00444{"flow_id":550,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7783,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":387179,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhHxZjS4N4We6sKAScSDrcgAAAgQFtAQCCAoD5kwiATx6rQEDAwc="}
00432{"flow_id":550,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7785,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":387689,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wANAAD4GBdWsEAABwKgKMoR8AFDhZ7qwWY0uDoAQAOWKeQAAAQEICgE8eq4D5kwi"}
00432{"flow_id":547,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7788,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":875368,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zuNAAD4G9vSsEAABwKgKMoRGAFBlPbtS2bXNnoARAOXrAgAAAQEICgE8eycD5kck"}
00432{"flow_id":547,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7789,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":875616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0gQJAAEAGQtbAqAoyrBAAAQBQhEbZtc2eZT27U4ARAOPliwAAAQEICgPmTJwBPHsn"}
00432{"flow_id":547,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7790,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347904,"pkt_ts_usec":876392,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0zuRAAD4G9vOsEAABwKgKMoRGAFBlPbtT2bXNn4AQAOXliAAAAQEICgE8eygD5kyc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1499347905694,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_first_seen":1499347905694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":551,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7794,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":694349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8dZJAAD4GUD6sEAABwKgKMoSKAFAcIA5mAAAAAKACchAycwAAAgQFtAQCCAoBPHv0AAAAAAEDAwc="}
00444{"flow_id":551,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7795,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":694512,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhIr8f9XqHCAOZ6AScSAPmAAAAgQFtAQCCAoD5k1pATx79AEDAwc="}
00435{"flow_id":551,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7796,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":695267,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZNAAD4GUEWsEAABwKgKMoSKAFAcIA5n\/H\/V64AQAOWunwAAAQEICgE8e\/QD5k1p"}
00432{"flow_id":548,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7800,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":874975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T6xAAD4GdiysEAABwKgKMoRUAFAKnjlIcLu+q4ARAOU9VQAAAQEICgE8fCED5khh"}
00432{"flow_id":548,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":875233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08z1AAEAG0JrAqAoyrBAAAQBQhFRwu76rCp45SYARAOM4IQAAAQEICgPmTZYBPHwh"}
00432{"flow_id":548,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7802,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347905,"pkt_ts_usec":875776,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T61AAD4GdiusEAABwKgKMoRUAFAKnjlJcLu+rIAQAOU4HgAAAQEICgE8fCID5k2W"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1499347908253,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":6,"flow_first_seen":1499347771635,"flow_last_seen":1499347776834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":6,"flow_first_seen":1499347774205,"flow_last_seen":1499347779835,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60788,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":6,"flow_first_seen":1499347775487,"flow_last_seen":1499347780836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60802,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":6,"flow_first_seen":1499347776753,"flow_last_seen":1499347781835,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":6,"flow_first_seen":1499347779333,"flow_last_seen":1499347784836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60842,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7803,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":6,"flow_first_seen":1499347780605,"flow_last_seen":1499347785836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_first_seen":1499347908253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":552,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7812,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":253421,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XLdAAD4GaRmsEAABwKgKMoSkAFDBACLDAAAAAKACchB2mwAAAgQFtAQCCAoBPH50AAAAAAEDAwc="}
00445{"flow_id":552,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7813,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":253537,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhKRv9+kSwQAixKAScSDKoQAAAgQFtAQCCAoD5k\/oATx+dAEDAwc="}
00434{"flow_id":552,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7814,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":254284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XLhAAD4GaSCsEAABwKgKMoSkAFDBACLEb\/fpE4AQAOVpqQAAAQEICgE8fnQD5k\/o"}
00433{"flow_id":549,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7818,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":875872,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Iy9AAD4GoqmsEAABwKgKMoRuAFDn\/lpgNTk5poARAOX51QAAAQEICgE8fxAD5krm"}
00433{"flow_id":549,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":876129,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aSJAAEAGWrbAqAoyrBAAAQBQhG41OTmm5\/5aYYARAOP0OAAAAQEICgPmUIQBPH8Q"}
00433{"flow_id":549,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7820,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347908,"pkt_ts_usec":876814,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IzBAAD4GoqisEAABwKgKMoRuAFDn\/lphNTk5p4AQAOX0NgAAAQEICgE8fxAD5lCE"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1499347909575,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_first_seen":1499347909575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":553,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7824,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347909,"pkt_ts_usec":575256,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8\/H5AAD4GyVGsEAABwKgKMoSyAFC+M4PAAAAAAKACchAXEwAAAgQFtAQCCAoBPH++AAAAAAEDAwc="}
00446{"flow_id":553,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7825,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347909,"pkt_ts_usec":575381,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhLJ\/QSQIvjODwaAScSAfjwAAAgQFtAQCCAoD5lEzATx\/vgEDAwc="}
00433{"flow_id":553,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347909,"pkt_ts_usec":576124,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/H9AAD4GyVisEAABwKgKMoSyAFC+M4PBf0EkCYAQAOW+lQAAAQEICgE8f78D5lEz"}
@@ -5001,42 +5001,42 @@
00434{"flow_id":551,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7839,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347910,"pkt_ts_usec":876965,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZRAAD4GUESsEAABwKgKMoSKAFAcIA5n\/H\/V64ARAOWpjgAAAQEICgE8gQQD5k1p"}
00432{"flow_id":551,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7840,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347910,"pkt_ts_usec":877186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0h5NAAEAGPEXAqAoyrBAAAQBQhIr8f9XrHCAOaIARAOOkgAAAAQEICgPmUngBPIEE"}
00434{"flow_id":551,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7841,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347910,"pkt_ts_usec":877920,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0dZVAAD4GUEOsEAABwKgKMoSKAFAcIA5o\/H\/V7IAQAOWkfgAAAQEICgE8gQQD5lJ4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1499347912141,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_first_seen":1499347912141,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":554,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7845,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347912,"pkt_ts_usec":141438,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8AShAAD4GxKisEAABwKgKMoTMAFAccoNoAAAAAKACchC2kAAAAgQFtAQCCAoBPIJAAAAAAAEDAwc="}
00444{"flow_id":554,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7846,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347912,"pkt_ts_usec":141596,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhMwGDz+bHHKDaaAScSAaKwAAAgQFtAQCCAoD5lO0ATyCQAEDAwc="}
00433{"flow_id":554,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7847,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347912,"pkt_ts_usec":142123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ASlAAD4GxK+sEAABwKgKMoTMAFAccoNpBg8\/nIAQAOW5MgAAAQEICgE8gkAD5lO0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1499347913416,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_first_seen":1499347913416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":555,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7855,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":416547,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80\/hAAD4G8desEAABwKgKMoTaAFDALVCHAAAAAKACchBEaQAAAgQFtAQCCAoBPIN\/AAAAAAEDAwc="}
00445{"flow_id":555,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7856,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":416657,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhNreW6gWwC1QiKAScSBl\/AAAAgQFtAQCCAoD5lTzATyDfwEDAwc="}
00433{"flow_id":555,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7857,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":417270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00\/lAAD4G8d6sEAABwKgKMoTaAFDALVCI3luoF4AQAOUFBAAAAQEICgE8g38D5lTz"}
00435{"flow_id":552,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7862,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":876833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XLlAAD4GaR+sEAABwKgKMoSkAFDBACLEb\/fpE4ARAOVkKgAAAQEICgE8g\/ID5k\/o"}
00432{"flow_id":552,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7863,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":877052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vHVAAEAGB2PAqAoyrBAAAQBQhKRv9+kTwQAixYARAONerQAAAQEICgPmVWYBPIPy"}
00434{"flow_id":552,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347913,"pkt_ts_usec":877603,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XLpAAD4GaR6sEAABwKgKMoSkAFDBACLFb\/fpFIAQAOVeqwAAAQEICgE8g\/ID5lVm"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1499347914710,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_first_seen":1499347914710,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":556,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7868,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":710811,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8oQ5AAD4GJMKsEAABwKgKMoToAFDafCXMAAAAAKACchBThAAAAgQFtAQCCAoBPITCAAAAAAEDAwc="}
00444{"flow_id":556,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7869,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":710961,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhOgBH2BK2nwlzaAScSCY3AAAAgQFtAQCCAoD5lY3ATyEwgEDAwc="}
00432{"flow_id":556,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7870,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":711543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oQ9AAD4GJMmsEAABwKgKMoToAFDafCXNAR9gS4AQAOU34wAAAQEICgE8hMMD5lY3"}
00433{"flow_id":553,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7874,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":877068,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/IBAAD4GyVesEAABwKgKMoSyAFC+M4PBf0EkCYARAOW5ZwAAAQEICgE8hOwD5lEz"}
00434{"flow_id":553,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7875,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":877285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cmlAAEAGUW\/AqAoyrBAAAQBQhLJ\/QSQJvjODwoARAOO0OwAAAQEICgPmVmABPITs"}
00433{"flow_id":553,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7876,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347914,"pkt_ts_usec":878015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0\/IFAAD4GyVasEAABwKgKMoSyAFC+M4PCf0EkCoAQAOW0OQAAAQEICgE8hOwD5lZg"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1499347917322,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":6,"flow_first_seen":1499347783176,"flow_last_seen":1499347788836,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":6,"flow_first_seen":1499347784519,"flow_last_seen":1499347789837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60896,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":6,"flow_first_seen":1499347787097,"flow_last_seen":1499347792837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":6,"flow_first_seen":1499347788375,"flow_last_seen":1499347793837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7883,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":6,"flow_first_seen":1499347789640,"flow_last_seen":1499347794837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_first_seen":1499347917322,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":557,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7886,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":322932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8CqdAAD4GuymsEAABwKgKMoUCAFC+4o3oAAAAAKACchAEWwAAAgQFtAQCCAoBPIdPAAAAAAEDAwc="}
00444{"flow_id":557,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7887,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":323077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhQJ4jpXCvuKN6aAScSCaPgAAAgQFtAQCCAoD5ljEATyHTwEDAwc="}
00432{"flow_id":557,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7888,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":323785,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CqhAAD4GuzCsEAABwKgKMoUCAFC+4o3peI6Vw4AQAOU5RQAAAQEICgE8h1AD5ljE"}
00433{"flow_id":554,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7892,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":876743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ASpAAD4GxK6sEAABwKgKMoTMAFAccoNpBg8\/nIARAOWzlwAAAQEICgE8h9oD5lO0"}
00433{"flow_id":554,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7893,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":876994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZtJAAEAGXQbAqAoyrBAAAQBQhMwGDz+cHHKDaoARAOOt\/gAAAQEICgPmWU4BPIfa"}
00434{"flow_id":554,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7894,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347917,"pkt_ts_usec":877513,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0AStAAD4GxK2sEAABwKgKMoTMAFAccoNqBg8\/nYAQAOWt\/AAAAQEICgE8h9oD5llO"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1499347918608,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_first_seen":1499347918608,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":558,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7898,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347918,"pkt_ts_usec":608238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vWVAAD4GCGusEAABwKgKMoUQAFB11zX0AAAAAKACchCkCgAAAgQFtAQCCAoBPIiRAAAAAAEDAwc="}
00444{"flow_id":558,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7899,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347918,"pkt_ts_usec":608380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhRAjuy7Uddc19aAScSD0bgAAAgQFtAQCCAoD5loFATyIkQEDAwc="}
00432{"flow_id":558,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7900,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347918,"pkt_ts_usec":608938,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vWZAAD4GCHKsEAABwKgKMoUQAFB11zX1I7su1YAQAOWTdgAAAQEICgE8iJED5loF"}
@@ -5046,44 +5046,44 @@
00432{"flow_id":556,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7911,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347919,"pkt_ts_usec":877533,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oRBAAD4GJMisEAABwKgKMoToAFDafCXNAR9gS4ARAOUy1wAAAQEICgE8ic4D5lY3"}
00433{"flow_id":556,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7912,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347919,"pkt_ts_usec":877784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OwlAAEAGiM\/AqAoyrBAAAQBQhOgBH2BL2nwlzoARAOMtzQAAAQEICgPmW0IBPInO"}
00432{"flow_id":556,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7913,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347919,"pkt_ts_usec":878311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0oRFAAD4GJMesEAABwKgKMoToAFDafCXOAR9gTIAQAOUtywAAAQEICgE8ic4D5ltC"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1499347921170,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_first_seen":1499347921170,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":559,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7921,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347921,"pkt_ts_usec":170850,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rYJAAD4GGE6sEAABwKgKMoUqAFCWpCaTAAAAAKACchCQBAAAAgQFtAQCCAoBPIsRAAAAAAEDAwc="}
00444{"flow_id":559,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347921,"pkt_ts_usec":170952,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhSrhgaXUlqQmlKAScSCpIAAAAgQFtAQCCAoD5lyGATyLEQEDAwc="}
00432{"flow_id":559,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7923,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347921,"pkt_ts_usec":171592,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYNAAD4GGFWsEAABwKgKMoUqAFCWpCaU4YGl1YAQAOVIJwAAAQEICgE8ixID5lyG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1499347922471,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_first_seen":1499347922471,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":560,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7930,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":471645,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+oRAAD4Gy0usEAABwKgKMoU4AFCzyHbTAAAAAKACchAhTAAAAgQFtAQCCAoBPIxXAAAAAAEDAwc="}
00444{"flow_id":560,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7931,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":471773,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhTjpB7A2s8h21KAScSAnOwAAAgQFtAQCCAoD5l3LATyMVwEDAwc="}
00432{"flow_id":560,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7932,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":472526,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+oVAAD4Gy1KsEAABwKgKMoU4AFCzyHbU6QewN4AQAOXGQgAAAQEICgE8jFcD5l3L"}
00432{"flow_id":557,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7936,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":878634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CqlAAD4Guy+sEAABwKgKMoUCAFC+4o3peI6Vw4ARAOUz2AAAAQEICgE8jLwD5ljE"}
00433{"flow_id":557,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7937,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":878852,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0y\/JAAEAG9+XAqAoyrBAAAQBQhQJ4jpXDvuKN6oARAOMubAAAAQEICgPmXjEBPIy8"}
00432{"flow_id":557,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7938,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347922,"pkt_ts_usec":879602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0CqpAAD4Guy6sEAABwKgKMoUCAFC+4o3qeI6VxIAQAOUuaQAAAQEICgE8jL0D5l4x"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1499347923737,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_first_seen":1499347923737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":561,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7942,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":737050,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ldBAAD4GMACsEAABwKgKMoVGAFBUeRhDAAAAAKACchDd4QAAAgQFtAQCCAoBPI2TAAAAAAEDAwc="}
00444{"flow_id":561,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7943,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":737203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhUa68naDVHkYRKAScSBKXQAAAgQFtAQCCAoD5l8HATyNkwEDAwc="}
00432{"flow_id":561,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7944,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":737734,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ldFAAD4GMAesEAABwKgKMoVGAFBUeRhEuvJ2hIAQAOXpZAAAAQEICgE8jZMD5l8H"}
00432{"flow_id":558,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7948,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":878449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vWdAAD4GCHGsEAABwKgKMoUQAFB11zX1I7su1YARAOWOUAAAAQEICgE8jbYD5loF"}
00432{"flow_id":558,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7949,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":878671,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cf5AAEAGUdrAqAoyrBAAAQBQhRAjuy7Vddc19oARAOOJKwAAAQEICgPmXysBPI22"}
00432{"flow_id":558,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7950,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347923,"pkt_ts_usec":879216,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vWhAAD4GCHCsEAABwKgKMoUQAFB11zX2I7su1oAQAOWJKAAAAQEICgE8jbcD5l8r"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1499347926328,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_first_seen":1499347926328,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":562,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7960,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":328507,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y4hAAD4GYkisEAABwKgKMoVgAFAOjvOTAAAAAKACchBF2gAAAgQFtAQCCAoBPJAbAAAAAAEDAwc="}
00444{"flow_id":562,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7961,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":328679,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhWB82qzsDo7zlKAScSC3fAAAAgQFtAQCCAoD5mGPATyQGwEDAwc="}
00432{"flow_id":562,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7962,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":329410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y4lAAD4GYk+sEAABwKgKMoVgAFAOjvOUfNqs7YAQAOVWhAAAAQEICgE8kBsD5mGP"}
00432{"flow_id":559,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7966,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":878386,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYRAAD4GGFSsEAABwKgKMoUqAFCWpCaU4YGl1YARAOVClAAAAQEICgE8kKQD5lyG"}
00433{"flow_id":559,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":879478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0x8xAAEAG\/AvAqAoyrBAAAQBQhSrhgaXVlqQmlYARAOM9AgAAAQEICgPmYhkBPJCk"}
00433{"flow_id":559,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347926,"pkt_ts_usec":880040,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rYVAAD4GGFOsEAABwKgKMoUqAFCWpCaV4YGl1oAQAOU8\/wAAAQEICgE8kKUD5mIZ"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1499347927657,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":6,"flow_first_seen":1499347793575,"flow_last_seen":1499347798838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":6,"flow_first_seen":1499347796130,"flow_last_seen":1499347801839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32784,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":6,"flow_first_seen":1499347797419,"flow_last_seen":1499347802840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32798,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":6,"flow_first_seen":1499347798713,"flow_last_seen":1499347803840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32812,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":6,"flow_first_seen":1499347801271,"flow_last_seen":1499347806841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32838,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":7969,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":6,"flow_first_seen":1499347792291,"flow_last_seen":1499347797838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_first_seen":1499347927657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":563,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7972,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347927,"pkt_ts_usec":657910,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NcxAAD4GkASsEAABwKgKMoVuAFCXD6SrAAAAAKACchAK5wAAAgQFtAQCCAoBPJFnAAAAAAEDAwc="}
00444{"flow_id":563,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7973,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347927,"pkt_ts_usec":657999,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhW4waOSnlw+krKAScSCP9AAAAgQFtAQCCAoD5mLbATyRZwEDAwc="}
00433{"flow_id":563,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7974,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347927,"pkt_ts_usec":658752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nc1AAD4GkAusEAABwKgKMoVuAFCXD6SsMGjkqIAQAOUu\/AAAAQEICgE8kWcD5mLb"}
@@ -5093,11 +5093,11 @@
00432{"flow_id":561,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7984,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347928,"pkt_ts_usec":879301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ldJAAD4GMAasEAABwKgKMoVGAFBUeRhEuvJ2hIARAOXkXQAAAQEICgE8kpkD5l8H"}
00433{"flow_id":561,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7985,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347928,"pkt_ts_usec":879514,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0EolAAEAGsU\/AqAoyrBAAAQBQhUa68naEVHkYRYARAOPfWAAAAQEICgPmZA0BPJKZ"}
00432{"flow_id":561,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7986,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347928,"pkt_ts_usec":880078,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ldNAAD4GMAWsEAABwKgKMoVGAFBUeRhFuvJ2hYAQAOXfVgAAAQEICgE8kpkD5mQN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1499347930265,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_first_seen":1499347930265,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":564,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7993,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347930,"pkt_ts_usec":265843,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OHxAAD4GjVSsEAABwKgKMoWIAFCpfquPAAAAAKACchDu7QAAAgQFtAQCCAoBPJPzAAAAAAEDAwc="}
00444{"flow_id":564,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7994,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347930,"pkt_ts_usec":265968,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhYivvJwGqX6rkKAScSA6vAAAAgQFtAQCCAoD5mVnATyT8wEDAwc="}
00433{"flow_id":564,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7995,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347930,"pkt_ts_usec":266702,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OH1AAD4GjVusEAABwKgKMoWIAFCpfquQr7ycB4AQAOXZwwAAAQEICgE8k\/MD5mVn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1499347931529,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_first_seen":1499347931529,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":565,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8002,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347931,"pkt_ts_usec":529902,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j75AAD4GNhKsEAABwKgKMoWWAFDyyRqRAAAAAKACchA1VwAAAgQFtAQCCAoBPJUvAAAAAAEDAwc="}
00444{"flow_id":565,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8003,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347931,"pkt_ts_usec":530027,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhZYdLW4k8skakqAScSBAWwAAAgQFtAQCCAoD5majATyVLwEDAwc="}
00432{"flow_id":565,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8004,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347931,"pkt_ts_usec":530792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j79AAD4GNhmsEAABwKgKMoWWAFDyyRqSHS1uJYAQAOXfYgAAAQEICgE8lS8D5maj"}
@@ -5107,43 +5107,43 @@
00432{"flow_id":563,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8017,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347932,"pkt_ts_usec":880128,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nc5AAD4GkAqsEAABwKgKMoVuAFCXD6SsMGjkqIARAOUp4QAAAQEICgE8loED5mLb"}
00433{"flow_id":563,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8018,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347932,"pkt_ts_usec":880313,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0g11AAEAGQHvAqAoyrBAAAQBQhW4waOSolw+krYARAOMkyAAAAQEICgPmZ\/UBPJaB"}
00432{"flow_id":563,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8019,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347932,"pkt_ts_usec":881071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Nc9AAD4GkAmsEAABwKgKMoVuAFCXD6StMGjkqYAQAOUkxgAAAQEICgE8loED5mf1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1499347934152,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_first_seen":1499347934152,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":566,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8023,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347934,"pkt_ts_usec":152021,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DbVAAD4GuBusEAABwKgKMoWwAFC\/7poKAAAAAKACchDmDgAAAgQFtAQCCAoBPJe\/AAAAAAEDAwc="}
00444{"flow_id":566,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8024,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347934,"pkt_ts_usec":152127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhbAhVp9vv+6aC6AScSC5DgAAAgQFtAQCCAoD5mkzATyXvwEDAwc="}
00433{"flow_id":566,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8025,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347934,"pkt_ts_usec":152914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DbZAAD4GuCKsEAABwKgKMoWwAFC\/7poLIVafcIAQAOVYFgAAAQEICgE8l78D5mkz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1499347935445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_first_seen":1499347935445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":567,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8032,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":445034,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lcJAAD4GMA6sEAABwKgKMoW+AFC8fgzAAAAAAKACchB1eAAAAgQFtAQCCAoBPJkCAAAAAAEDAwc="}
00444{"flow_id":567,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8033,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":445160,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhb4dfTaTvH4MwaAScSCz6gAAAgQFtAQCCAoD5mp2ATyZAgEDAwc="}
00432{"flow_id":567,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8034,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":445930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lcNAAD4GMBWsEAABwKgKMoW+AFC8fgzBHX02lIAQAOVS8gAAAQEICgE8mQID5mp2"}
00432{"flow_id":564,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8038,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":879824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OH5AAD4GjVqsEAABwKgKMoWIAFCpfquQr7ycB4ARAOXURgAAAQEICgE8mW8D5mVn"}
00432{"flow_id":564,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8039,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":880040,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09uRAAEAGzPPAqAoyrBAAAQBQhYivvJwHqX6rkYARAOPOywAAAQEICgPmauMBPJlv"}
00432{"flow_id":564,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8040,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347935,"pkt_ts_usec":880775,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OH9AAD4GjVmsEAABwKgKMoWIAFCpfquRr7ycCIAQAOXOyQAAAQEICgE8mW8D5mrj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1499347936727,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":1,"flow_first_seen":1499347936727,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":568,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8044,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":727621,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8IMJAAD4GpQ6sEAABwKgKMoXMAFAQdrqBAAAAAKACchBycAAAAgQFtAQCCAoBPJpDAAAAAAEDAwc="}
00444{"flow_id":568,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8045,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":727763,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhcyowg88EHa6gqAScSBLswAAAgQFtAQCCAoD5mu3ATyaQwEDAwc="}
00432{"flow_id":568,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8046,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":728282,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMNAAD4GpRWsEAABwKgKMoXMAFAQdrqCqMIPPYAQAOXqugAAAQEICgE8mkMD5mu3"}
00432{"flow_id":565,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8050,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":880623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j8BAAD4GNhisEAABwKgKMoWWAFDyyRqSHS1uJYARAOXaJwAAAQEICgE8mmkD5maj"}
00432{"flow_id":565,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8051,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":880812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BfhAAEAGveDAqAoyrBAAAQBQhZYdLW4l8skak4ARAOPU7gAAAQEICgPma90BPJpp"}
00432{"flow_id":565,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347936,"pkt_ts_usec":881389,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j8FAAD4GNhesEAABwKgKMoWWAFDyyRqTHS1uJoAQAOXU7AAAAQEICgE8mmkD5mvd"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_tot_l4_data_len":242343,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1902,"flow_avg_l4_data_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1499347939286,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":6,"flow_first_seen":1499347802549,"flow_last_seen":1499347807841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32852,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":493,"flow_packet_id":6,"flow_first_seen":1499347805119,"flow_last_seen":1499347810842,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32878,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":6,"flow_first_seen":1499347806390,"flow_last_seen":1499347811528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32892,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":6,"flow_first_seen":1499347810243,"flow_last_seen":1499347815843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32932,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":497,"flow_packet_id":6,"flow_first_seen":1499347811525,"flow_last_seen":1499347816843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32946,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8053,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":458,"flow_packet_id":311,"flow_first_seen":1499347743331,"flow_last_seen":1499347811268,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232375,"flow_avg_l4_payload_len":747,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":60464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":1,"flow_first_seen":1499347939286,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":569,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":286105,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86O9AAD4G3OCsEAABwKgKMoXmAFBSpnQtAAAAAKACchBz+wAAAgQFtAQCCAoBPJzCAAAAAAEDAwc="}
00444{"flow_id":569,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":286276,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQheYnhiyyUqZ0LqAScSCuhQAAAgQFtAQCCAoD5m42ATycwgEDAwc="}
00432{"flow_id":569,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8064,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":286844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06PBAAD4G3OesEAABwKgKMoXmAFBSpnQuJ4Yss4AQAOVNjQAAAQEICgE8nMID5m42"}
00433{"flow_id":566,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8068,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":881811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DbdAAD4GuCGsEAABwKgKMoWwAFC\/7poLIVafcIARAOVSfQAAAQEICgE8nVcD5mkz"}
00432{"flow_id":566,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8069,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":881995,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08btAAEAG0hzAqAoyrBAAAQBQhbAhVp9wv+6aDIARAONM5gAAAQEICgPmbssBPJ1X"}
00433{"flow_id":566,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8070,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347939,"pkt_ts_usec":882770,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DbhAAD4GuCCsEAABwKgKMoWwAFC\/7poMIVafcYAQAOVM5AAAAQEICgE8nVcD5m7L"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1499347940593,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_first_seen":1499347940593,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":570,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347940,"pkt_ts_usec":593756,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA87cVAAD4G2AqsEAABwKgKMoX0AFCR9XPMAAAAAKACchAzuAAAAgQFtAQCCAoBPJ4JAAAAAAEDAwc="}
00444{"flow_id":570,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347940,"pkt_ts_usec":593881,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhfTE5Ae8kfVzzaAScSD0kgAAAgQFtAQCCAoD5m99ATyeCQEDAwc="}
00432{"flow_id":570,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8076,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347940,"pkt_ts_usec":594634,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cZAAD4G2BGsEAABwKgKMoX0AFCR9XPNxOQHvYAQAOWTmgAAAQEICgE8ngkD5m99"}
@@ -5151,7 +5151,7 @@
00432{"flow_id":567,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8081,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347940,"pkt_ts_usec":882793,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WVJAAEAGaobAqAoyrBAAAQBQhb4dfTaUvH4MwoARAONIUwAAAQEICgPmb8YBPJ5R"}
00433{"flow_id":567,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8082,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347940,"pkt_ts_usec":883564,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lcVAAD4GMBOsEAABwKgKMoW+AFC8fgzCHX02lYAQAOVIUAAAAQEICgE8nlID5m\/G"}
01215{"flow_id":569,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347941,"pkt_ts_usec":874505,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ96PFAAD4G2p2sEAABwKgKMoXmAFBSpnQuJ4Yss4AYAOWvsAAAAQEICgE8n0kD5m42R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdUTlJIMFBGUlBDRlZYRUNGWlUyT1VZQlREWlFWSVdCOEhCWjFWQzdFWEE5UEdNR0JXQSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8089,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":4,"flow_first_seen":1499347939286,"flow_last_seen":1499347941874,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00432{"flow_id":568,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8090,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347941,"pkt_ts_usec":874510,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0IMRAAD4GpRSsEAABwKgKMoXMAFAQdrqCqMIPPYARAOXlswAAAQEICgE8n0kD5mu3"}
00432{"flow_id":569,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8091,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347941,"pkt_ts_usec":874645,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XA1AAEAGZ8vAqAoyrBAAAQBQheYnhiyzUqZ2d4AQAOxGLgAAAQEICgPmcL4BPJ9J"}
00432{"flow_id":568,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8092,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347941,"pkt_ts_usec":876112,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0f4NAAEAGRFXAqAoyrBAAAQBQhcyowg89EHa6g4ARAOPgrQAAAQEICgPmcL4BPJ9J"}
@@ -5161,7 +5161,7 @@
00948{"flow_id":569,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347942,"pkt_ts_usec":899520,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz6PNAAD4G22WsEAABwKgKMoXmAFBSpnZ3J4Yz\/YAYAQLs1AAAAQEICgE8oEoD5nC+R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":569,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8097,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347942,"pkt_ts_usec":903167,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceXBBAAEAGYN7AqAoyrBAAAQBQheYnhjP9UqZ39oAYAPV9\/AAAAQEICgPmcb8BPKBKSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMyOjIyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00434{"flow_id":569,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8098,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347942,"pkt_ts_usec":903902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06PRAAD4G3OOsEAABwKgKMoXmAFBSpnf2J4Y654AQAR00RwAAAQEICgE8oEsD5nG\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1499347943146,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_first_seen":1499347943146,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":571,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8099,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347943,"pkt_ts_usec":146476,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8TwNAAD4Gds2sEAABwKgKMoYOAFBjnu+EAAAAAKACchDjvgAAAgQFtAQCCAoBPKCHAAAAAAEDAwc="}
00444{"flow_id":571,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8100,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347943,"pkt_ts_usec":146602,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhg4T7s6FY57vhaAScSCMRwAAAgQFtAQCCAoD5nH8ATyghwEDAwc="}
00432{"flow_id":571,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8101,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347943,"pkt_ts_usec":147348,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TwRAAD4GdtSsEAABwKgKMoYOAFBjnu+FE+7OhoAQAOUrTgAAAQEICgE8oIgD5nH8"}
@@ -5170,37 +5170,37 @@
00434{"flow_id":569,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8104,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347943,"pkt_ts_usec":152289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06PZAAD4G3OGsEAABwKgKMoXmAFBSpno\/J4ZCMYAQATsqGgAAAQEICgE8oIkD5nH9"}
00949{"flow_id":569,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8105,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347944,"pkt_ts_usec":194634,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz6PdAAD4G22GsEAABwKgKMoXmAFBSpno\/J4ZCMYAYATvYHQAAAQEICgE8oY0D5nH9R0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02821{"flow_id":569,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8106,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347944,"pkt_ts_usec":198521,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceXBRAAEAGYNrAqAoyrBAAAQBQheYnhkIxUqZ7voAYAQd9\/AAAAQEICgPmcwMBPKGNSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMyOjIzIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1499347944440,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":1,"flow_first_seen":1499347944440,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":572,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8108,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347944,"pkt_ts_usec":440148,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SUNAAD4GfI2sEAABwKgKMoYcAFB5iuiIAAAAAKACchDTfAAAAgQFtAQCCAoBPKHLAAAAAAEDAwc="}
00445{"flow_id":572,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8109,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347944,"pkt_ts_usec":440276,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhhyVeGrjeYroiaAScSBc2gAAAgQFtAQCCAoD5nM\/ATyhywEDAwc="}
00433{"flow_id":572,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8110,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347944,"pkt_ts_usec":441033,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SURAAD4GfJSsEAABwKgKMoYcAFB5iuiJlXhq5IAQAOX74QAAAQEICgE8ocsD5nM\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1499347945720,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":1,"flow_first_seen":1499347945720,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":573,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":720318,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8sjdAAD4GE5msEAABwKgKMoYqAFDdpBE8AAAAAKACchBFYQAAAgQFtAQCCAoBPKMLAAAAAAEDAwc="}
00445{"flow_id":573,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8118,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":720417,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhiqh1kGM3aQRPaAScSDqdwAAAgQFtAQCCAoD5nR\/ATyjCwEDAwc="}
00433{"flow_id":573,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8119,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":721181,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjhAAD4GE6CsEAABwKgKMoYqAFDdpBE9odZBjYAQAOWJfwAAAQEICgE8owsD5nR\/"}
00432{"flow_id":570,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8124,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":882955,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07cdAAD4G2BCsEAABwKgKMoX0AFCR9XPNxOQHvYARAOWObgAAAQEICgE8ozQD5m99"}
00432{"flow_id":570,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8125,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":883166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cxVAAEAGUMPAqAoyrBAAAQBQhfTE5Ae9kfVzzoARAOOJRAAAAQEICgPmdKgBPKM0"}
00432{"flow_id":570,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8126,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347945,"pkt_ts_usec":883742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA07chAAD4G2A+sEAABwKgKMoX0AFCR9XPOxOQHvoAQAOWJQgAAAQEICgE8ozQD5nSo"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1499347948293,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":498,"flow_packet_id":6,"flow_first_seen":1499347812797,"flow_last_seen":1499347817844,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32960,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":6,"flow_first_seen":1499347814066,"flow_last_seen":1499347819845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32974,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":6,"flow_first_seen":1499347815351,"flow_last_seen":1499347820846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":6,"flow_first_seen":1499347816657,"flow_last_seen":1499347821846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33002,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":6,"flow_first_seen":1499347819250,"flow_last_seen":1499347824846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33028,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8133,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":6,"flow_first_seen":1499347820510,"flow_last_seen":1499347825848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33042,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_first_seen":1499347948293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":574,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8136,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":293377,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EvlAAD4GstesEAABwKgKMoZEAFDGn7d3AAAAAKACchCzjQAAAgQFtAQCCAoBPKWOAAAAAAEDAwc="}
00444{"flow_id":574,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8137,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":293535,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhkRGWOs1xp+3eKAScSAH9gAAAgQFtAQCCAoD5ncCATyljgEDAwc="}
00433{"flow_id":574,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":294260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvpAAD4Gst6sEAABwKgKMoZEAFDGn7d4RljrNoAQAOWm\/QAAAQEICgE8pY4D5ncC"}
00432{"flow_id":571,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8142,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":884377,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TwVAAD4GdtOsEAABwKgKMoYOAFBjnu+FE+7OhoARAOUlswAAAQEICgE8piID5nH8"}
00432{"flow_id":571,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8143,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":884596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0uRBAAEAGCsjAqAoyrBAAAQBQhg4T7s6GY57vhoARAOMgGgAAAQEICgPmd5YBPKYi"}
00432{"flow_id":571,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347948,"pkt_ts_usec":885366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0TwZAAD4GdtKsEAABwKgKMoYOAFBjnu+GE+7Oh4AQAOUgGAAAAQEICgE8piID5neW"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1499347949587,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_first_seen":1499347949587,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":575,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8148,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347949,"pkt_ts_usec":587000,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8QMNAAD4GhQ2sEAABwKgKMoZSAFBj7eYSAAAAAKACchDmUwAAAgQFtAQCCAoBPKbRAAAAAAEDAwc="}
00444{"flow_id":575,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8149,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347949,"pkt_ts_usec":587124,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhlIJuXRqY+3mE6AScSDs4gAAAgQFtAQCCAoD5nhGATym0QEDAwc="}
00432{"flow_id":575,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8150,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347949,"pkt_ts_usec":587886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QMRAAD4GhRSsEAABwKgKMoZSAFBj7eYTCbl0a4AQAOWL6QAAAQEICgE8ptID5nhG"}
@@ -5210,44 +5210,44 @@
00433{"flow_id":573,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8160,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347950,"pkt_ts_usec":885535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjlAAD4GE5+sEAABwKgKMoYqAFDdpBE9odZBjYARAOWEcwAAAQEICgE8qBYD5nR\/"}
00433{"flow_id":573,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8161,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347950,"pkt_ts_usec":885752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OAdAAEAGi9HAqAoyrBAAAQBQhiqh1kGN3aQRPoARAON\/aQAAAQEICgPmeYoBPKgW"}
00433{"flow_id":573,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8162,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347950,"pkt_ts_usec":886298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0sjpAAD4GE56sEAABwKgKMoYqAFDdpBE+odZBjoAQAOV\/ZwAAAQEICgE8qBYD5nmK"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1499347952161,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_first_seen":1499347952161,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":576,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8169,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347952,"pkt_ts_usec":161752,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8St5AAD4GevKsEAABwKgKMoZsAFCk\/OOLAAAAAKACchClLQAAAgQFtAQCCAoBPKlVAAAAAAEDAwc="}
00444{"flow_id":576,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8170,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347952,"pkt_ts_usec":161888,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhmwNHcNepPzjjKAScSBW4QAAAgQFtAQCCAoD5nrJATypVQEDAwc="}
00433{"flow_id":576,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8171,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347952,"pkt_ts_usec":162643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0St9AAD4GevmsEAABwKgKMoZsAFCk\/OOMDR3DX4AQAOX16AAAAQEICgE8qVUD5nrJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1499347953439,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_first_seen":1499347953439,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":577,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8178,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":439364,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+l9AAD4Gy3CsEAABwKgKMoZ6AFBhTFDKAAAAAKACchB6UQAAAgQFtAQCCAoBPKqVAAAAAAEDAwc="}
00444{"flow_id":577,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8179,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":439522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhnpvVsdUYUxQy6AScSDElQAAAgQFtAQCCAoD5nwJATyqlQEDAwc="}
00432{"flow_id":577,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8180,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":440248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+mBAAD4Gy3esEAABwKgKMoZ6AFBhTFDLb1bHVYAQAOVjnQAAAQEICgE8qpUD5nwJ"}
00432{"flow_id":574,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8184,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":885626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvtAAD4Gst2sEAABwKgKMoZEAFDGn7d4RljrNoARAOWhhgAAAQEICgE8qwQD5ncC"}
00432{"flow_id":574,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8185,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":885886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0l05AAEAGLIrAqAoyrBAAAQBQhkRGWOs2xp+3eYARAOOcEQAAAQEICgPmfHgBPKsE"}
00432{"flow_id":574,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8186,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347953,"pkt_ts_usec":886613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EvxAAD4GstysEAABwKgKMoZEAFDGn7d5RljrN4AQAOWcDwAAAQEICgE8qwQD5nx4"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1499347954738,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_first_seen":1499347954738,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":578,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8190,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":738523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8a+xAAD4GWeSsEAABwKgKMoaIAFCY\/8A1AAAAAKACchDR4AAAAgQFtAQCCAoBPKvZAAAAAAEDAwc="}
00447{"flow_id":578,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8191,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":738618,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhoh\/\/ieLmP\/ANqAScSCqAQAAAgQFtAQCCAoD5n1OATyr2QEDAwc="}
00434{"flow_id":578,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":739399,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a+1AAD4GWeusEAABwKgKMoaIAFCY\/8A2f\/4njIAQAOVJCAAAAQEICgE8q9oD5n1O"}
00433{"flow_id":575,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8196,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":885431,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QMVAAD4GhROsEAABwKgKMoZSAFBj7eYTCbl0a4ARAOWGvAAAAQEICgE8q\/4D5nhG"}
00433{"flow_id":575,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8197,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":885640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CRlAAEAGur\/AqAoyrBAAAQBQhlIJuXRrY+3mFIARAOOBkQAAAQEICgPmfXIBPKv+"}
00433{"flow_id":575,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347954,"pkt_ts_usec":886192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0QMZAAD4GhRKsEAABwKgKMoZSAFBj7eYUCbl0bIAQAOWBjwAAAQEICgE8q\/4D5n1y"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1499347957282,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_first_seen":1499347957282,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":579,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8208,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":282969,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82nJAAD4G612sEAABwKgKMoaiAFCv93QkAAAAAKACchAEYwAAAgQFtAQCCAoBPK5WAAAAAAEDAwc="}
00446{"flow_id":579,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8209,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":283121,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhqLwUjy4r\/d0JaAScSBUhgAAAgQFtAQCCAoD5n\/KATyuVgEDAwc="}
00433{"flow_id":579,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8210,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":283847,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nNAAD4G62SsEAABwKgKMoaiAFCv93Ql8FI8uYAQAOXzjQAAAQEICgE8rlYD5n\/K"}
00433{"flow_id":576,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8214,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":886156,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SuBAAD4GevisEAABwKgKMoZsAFCk\/OOMDR3DX4ARAOXwUAAAAQEICgE8ruwD5nrJ"}
00432{"flow_id":576,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8215,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":886376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Qz9AAEAGgJnAqAoyrBAAAQBQhmwNHcNfpPzjjYARAOPqugAAAQEICgPmgGABPK7s"}
00433{"flow_id":576,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8216,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347957,"pkt_ts_usec":887123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SuFAAD4GevesEAABwKgKMoZsAFCk\/OONDR3DYIAQAOXqtwAAAQEICgE8ru0D5oBg"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1499347958588,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":7,"flow_first_seen":1499347823117,"flow_last_seen":1499347828846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33068,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":6,"flow_first_seen":1499347824426,"flow_last_seen":1499347829847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33082,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":6,"flow_first_seen":1499347825732,"flow_last_seen":1499347830847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33096,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":6,"flow_first_seen":1499347828369,"flow_last_seen":1499347833848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33122,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":6,"flow_first_seen":1499347829667,"flow_last_seen":1499347834848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8217,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":6,"flow_first_seen":1499347832201,"flow_last_seen":1499347837849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33162,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":1,"flow_first_seen":1499347958588,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":580,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8221,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347958,"pkt_ts_usec":588448,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iDdAAD4GPZmsEAABwKgKMoawAFCTxierAAAAAKACchBruQAAAgQFtAQCCAoBPK+cAAAAAAEDAwc="}
00444{"flow_id":580,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8222,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347958,"pkt_ts_usec":588567,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhrCsuJaMk8YnrKAScSCkXAAAAgQFtAQCCAoD5oEQATyvnAEDAwc="}
00432{"flow_id":580,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8223,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347958,"pkt_ts_usec":589331,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iDhAAD4GPaCsEAABwKgKMoawAFCTxiesrLiWjYAQAOVDZAAAAQEICgE8r5wD5oEQ"}
@@ -5257,65 +5257,65 @@
00434{"flow_id":578,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347959,"pkt_ts_usec":886680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a+5AAD4GWeqsEAABwKgKMoaIAFCY\/8A2f\/4njIARAOVEAQAAAQEICgE8sOAD5n1O"}
00436{"flow_id":578,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8236,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347959,"pkt_ts_usec":886838,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pdlAAEAGHf\/AqAoyrBAAAQBQhoh\/\/ieMmP\/AN4ARAOM++wAAAQEICgPmglUBPLDg"}
00434{"flow_id":578,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8237,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347959,"pkt_ts_usec":887617,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0a+9AAD4GWemsEAABwKgKMoaIAFCY\/8A3f\/4njYAQAOU++AAAAQEICgE8sOED5oJV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1499347961167,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_first_seen":1499347961167,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":581,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8242,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347961,"pkt_ts_usec":167399,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8lndAAD4GL1msEAABwKgKMobKAFDSZyRWAAAAAKACchAtzgAAAgQFtAQCCAoBPLIhAAAAAAEDAwc="}
00444{"flow_id":581,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8243,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347961,"pkt_ts_usec":167495,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhsp1SlCg0mckV6AScSDhRgAAAgQFtAQCCAoD5oOVATyyIQEDAwc="}
00432{"flow_id":581,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8244,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347961,"pkt_ts_usec":168256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lnhAAD4GL2CsEAABwKgKMobKAFDSZyRXdUpQoYAQAOWATgAAAQEICgE8siED5oOV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1499347962480,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_first_seen":1499347962480,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":582,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8250,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":480121,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OwpAAD4GisasEAABwKgKMobYAFAZTIhjAAAAAKACchCBhgAAAgQFtAQCCAoBPLNpAAAAAAEDAwc="}
00444{"flow_id":582,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8251,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":480261,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhtjOuip1GUyIZKAScSAAcgAAAgQFtAQCCAoD5oTdATyzaQEDAwc="}
00432{"flow_id":582,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8252,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":480984,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OwtAAD4Gis2sEAABwKgKMobYAFAZTIhkzroqdoAQAOWfeQAAAQEICgE8s2kD5oTd"}
00433{"flow_id":579,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8256,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":886601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nRAAD4G62OsEAABwKgKMoaiAFCv93Ql8FI8uYARAOXuEwAAAQEICgE8s88D5n\/K"}
00433{"flow_id":579,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8257,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":886844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ufpAAEAGCd7AqAoyrBAAAQBQhqLwUjy5r\/d0JoARAOPomwAAAQEICgPmhUMBPLPP"}
00432{"flow_id":579,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8258,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347962,"pkt_ts_usec":887364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02nVAAD4G62KsEAABwKgKMoaiAFCv93Qm8FI8uoAQAOXomQAAAQEICgE8s88D5oVD"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1499347963774,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_first_seen":1499347963774,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":583,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8262,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":774226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82g5AAD4G68GsEAABwKgKMobmAFBdLG6iAAAAAKACchBWFgAAAgQFtAQCCAoBPLSsAAAAAAEDAwc="}
00445{"flow_id":583,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8263,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":774363,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhub+xS4sXSxuo6AScSCf\/AAAAgQFtAQCCAoD5oYgATy0rAEDAwc="}
00434{"flow_id":583,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8264,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":775113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02g9AAD4G68isEAABwKgKMobmAFBdLG6j\/sUuLYAQAOU\/AwAAAQEICgE8tK0D5oYg"}
00432{"flow_id":580,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8268,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":887769,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iDlAAD4GPZ+sEAABwKgKMoawAFCTxiesrLiWjYARAOU+NgAAAQEICgE8tMkD5oEQ"}
00432{"flow_id":580,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8269,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":887976,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ELBAAEAGsyjAqAoyrBAAAQBQhrCsuJaNk8YnrYARAOM5CgAAAQEICgPmhj0BPLTJ"}
00432{"flow_id":580,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8270,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347963,"pkt_ts_usec":888736,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0iDpAAD4GPZ6sEAABwKgKMoawAFCTxietrLiWjoAQAOU5CAAAAQEICgE8tMkD5oY9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1499347965133,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_first_seen":1499347965133,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":584,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8274,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347965,"pkt_ts_usec":133778,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8KcdAAD4GnAmsEAABwKgKMob0AFDtE5\/HAAAAAKACchCTpwAAAgQFtAQCCAoBPLYAAAAAAAEDAwc="}
00444{"flow_id":584,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8275,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347965,"pkt_ts_usec":133907,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhvTIVjMH7ROfyKAScSANzgAAAgQFtAQCCAoD5od0ATy2AAEDAwc="}
00433{"flow_id":584,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8276,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347965,"pkt_ts_usec":134474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KchAAD4GnBCsEAABwKgKMob0AFDtE5\/IyFYzCIAQAOWs1QAAAQEICgE8tgAD5od0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1499347966420,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_first_seen":1499347966420,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":585,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8283,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":420243,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8U6hAAD4GciisEAABwKgKMocCAFDUQeTqAAAAAKACchBmBgAAAgQFtAQCCAoBPLdCAAAAAAEDAwc="}
00444{"flow_id":585,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8284,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":420388,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhwJV63ns1EHk66AScSAKcQAAAgQFtAQCCAoD5oi2ATy3QgEDAwc="}
00432{"flow_id":585,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8285,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":420965,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0U6lAAD4Gci+sEAABwKgKMocCAFDUQeTrVet57YAQAOWpeAAAAQEICgE8t0ID5oi2"}
00432{"flow_id":581,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8289,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":887428,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lnlAAD4GL1+sEAABwKgKMobKAFDSZyRXdUpQoYARAOV6twAAAQEICgE8t7cD5oOV"}
00432{"flow_id":581,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8290,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":887645,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA02YpAAEAG6k3AqAoyrBAAAQBQhsp1SlCh0mckWIARAON1IgAAAQEICgPmiSsBPLe3"}
00432{"flow_id":581,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8291,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347966,"pkt_ts_usec":888192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0lnpAAD4GL16sEAABwKgKMobKAFDSZyRYdUpQooAQAOV1IAAAAQEICgE8t7cD5okr"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1499347967724,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_first_seen":1499347967724,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":586,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8295,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":724898,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8JnBAAD4Gn2CsEAABwKgKMocQAFDWSp74AAAAAKACchComwAAAgQFtAQCCAoBPLiIAAAAAAEDAwc="}
00444{"flow_id":586,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8296,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":725013,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhxDJR2HM1kqe+aAScSDwgwAAAgQFtAQCCAoD5on8ATy4iAEDAwc="}
00432{"flow_id":586,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":725768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnFAAD4Gn2esEAABwKgKMocQAFDWSp75yUdhzYAQAOWPiwAAAQEICgE8uIgD5on8"}
00432{"flow_id":582,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8301,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":887449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OwxAAD4GisysEAABwKgKMobYAFAZTIhkzroqdoARAOWaMAAAAQEICgE8uLED5oTd"}
00432{"flow_id":582,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8302,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":887666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oFNAAEAGI4XAqAoyrBAAAQBQhtjOuip2GUyIZYARAOOU6QAAAQEICgPmiiUBPLix"}
00432{"flow_id":582,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8303,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347967,"pkt_ts_usec":888208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Ow1AAD4GisusEAABwKgKMobYAFAZTIhlzroqd4AQAOWU5wAAAQEICgE8uLED5ool"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":6,"flow_first_seen":1499347833462,"flow_last_seen":1499347838849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":6,"flow_first_seen":1499347836095,"flow_last_seen":1499347841850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33202,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":6,"flow_first_seen":1499347837373,"flow_last_seen":1499347842851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33216,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":513,"flow_packet_id":6,"flow_first_seen":1499347838675,"flow_last_seen":1499347843851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33230,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":6,"flow_first_seen":1499347841229,"flow_last_seen":1499347846856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33256,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8304,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":6,"flow_first_seen":1499347842491,"flow_last_seen":1499347847857,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33270,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":583,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347968,"pkt_ts_usec":887827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02hBAAD4G68esEAABwKgKMobmAFBdLG6j\/sUuLYARAOU6BAAAAQEICgE8uasD5oYg"}
00432{"flow_id":583,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347968,"pkt_ts_usec":888056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pTJAAEAGHqbAqAoyrBAAAQBQhub+xS4tXSxupIARAOM1BgAAAQEICgPmix8BPLmr"}
00433{"flow_id":583,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8309,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347968,"pkt_ts_usec":888594,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02hFAAD4G68asEAABwKgKMobmAFBdLG6k\/sUuLoAQAOU1BAAAAQEICgE8uasD5osf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1499347970267,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_first_seen":1499347970267,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":587,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8316,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":267013,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vvZAAD4GBtqsEAABwKgKMocqAFAxLQXyAAAAAKACchDkKQAAAgQFtAQCCAoBPLsEAAAAAAEDAwc="}
00444{"flow_id":587,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8317,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":267140,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhyoPJF9xMS0F86AScSDmFAAAAgQFtAQCCAoD5ox4ATy7BAEDAwc="}
00432{"flow_id":587,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8318,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":267897,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vvdAAD4GBuGsEAABwKgKMocqAFAxLQXzDyRfcoAQAOWFHAAAAQEICgE8uwQD5ox4"}
00433{"flow_id":584,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8322,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":888983,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KclAAD4GnA+sEAABwKgKMob0AFDtE5\/IyFYzCIARAOWnNQAAAQEICgE8u58D5od0"}
00432{"flow_id":584,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8323,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":889201,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0vhtAAEAGBb3AqAoyrBAAAQBQhvTIVjMI7ROfyYARAOOhlwAAAQEICgPmjRMBPLuf"}
00433{"flow_id":584,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347970,"pkt_ts_usec":889948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0KcpAAD4GnA6sEAABwKgKMob0AFDtE5\/JyFYzCYAQAOWhlQAAAQEICgE8u58D5o0T"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1499347971560,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_first_seen":1499347971560,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":588,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8328,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347971,"pkt_ts_usec":560777,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XBJAAD4Gab6sEAABwKgKMoc4AFCpCuBVAAAAAKACchCQlwAAAgQFtAQCCAoBPLxHAAAAAAEDAwc="}
00444{"flow_id":588,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8330,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347971,"pkt_ts_usec":560919,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQhzgyg4heqQrgVqAScSBE8wAAAgQFtAQCCAoD5o27ATy8RwEDAwc="}
00432{"flow_id":588,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8331,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347971,"pkt_ts_usec":561666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XBNAAD4GacWsEAABwKgKMoc4AFCpCuBWMoOIX4AQAOXj+gAAAQEICgE8vEcD5o27"}
@@ -5325,69 +5325,69 @@
00432{"flow_id":586,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347972,"pkt_ts_usec":888947,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnJAAD4Gn2asEAABwKgKMocQAFDWSp75yUdhzYARAOWKfwAAAQEICgE8vZMD5on8"}
00432{"flow_id":586,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8344,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347972,"pkt_ts_usec":889121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07spAAEAG1Q3AqAoyrBAAAQBQhxDJR2HN1kqe+oARAOOFdQAAAQEICgPmjwcBPL2T"}
00432{"flow_id":586,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8345,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347972,"pkt_ts_usec":889665,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0JnNAAD4Gn2WsEAABwKgKMocQAFDWSp76yUdhzoAQAOWFcwAAAQEICgE8vZMD5o8H"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1499347974113,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_first_seen":1499347974113,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":589,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347974,"pkt_ts_usec":113075,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rk1AAD4GF4OsEAABwKgKModSAFAISxCIAAAAAKACchD+jAAAAgQFtAQCCAoBPL7FAAAAAAEDAwc="}
00444{"flow_id":589,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8350,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347974,"pkt_ts_usec":113222,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh1LQi4qtCEsQiaAScSAQEwAAAgQFtAQCCAoD5pA5ATy+xQEDAwc="}
00432{"flow_id":589,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8352,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347974,"pkt_ts_usec":113975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rk5AAD4GF4qsEAABwKgKModSAFAISxCJ0IuKroAQAOWvGgAAAQEICgE8vsUD5pA5"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1499347975371,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_first_seen":1499347975371,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":590,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8358,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":371747,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l4BAAD4GLlCsEAABwKgKModgAFCggleAAAAAAKACchAeFAAAAgQFtAQCCAoBPMAAAAAAAAEDAwc="}
00444{"flow_id":590,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8359,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":371873,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh2BVDgzaoIJXgaAScSAnsAAAAgQFtAQCCAoD5pF0ATzAAAEDAwc="}
00432{"flow_id":590,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8361,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":372596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l4FAAD4GLlesEAABwKgKModgAFCggleBVQ4M24AQAOXGtwAAAQEICgE8wAAD5pF0"}
00433{"flow_id":587,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8364,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":890028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vvhAAD4GBuCsEAABwKgKMocqAFAxLQXzDyRfcoARAOV\/ngAAAQEICgE8wIED5ox4"}
00432{"flow_id":587,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":890284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zodAAEAG9VDAqAoyrBAAAQBQhyoPJF9yMS0F9IARAON6IgAAAQEICgPmkfUBPMCB"}
00432{"flow_id":587,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8366,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347975,"pkt_ts_usec":890795,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vvlAAD4GBt+sEAABwKgKMocqAFAxLQX0DyRfc4AQAOV6HwAAAQEICgE8wIID5pH1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1499347976658,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_first_seen":1499347976658,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":591,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8370,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":658358,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Z4xAAD4GXkSsEAABwKgKModuAFDMdKbNAAAAAKACchChhQAAAgQFtAQCCAoBPMFBAAAAAAEDAwc="}
00444{"flow_id":591,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8371,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":658528,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh26qPdKAzHSmzqAScSCPCQAAAgQFtAQCCAoD5pK2ATzBQQEDAwc="}
00432{"flow_id":591,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8372,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":659161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z41AAD4GXkusEAABwKgKModuAFDMdKbOqj3SgYAQAOUuEAAAAQEICgE8wUID5pK2"}
00432{"flow_id":588,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8376,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":890118,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XBRAAD4GacSsEAABwKgKMoc4AFCpCuBWMoOIX4ARAOXexQAAAQEICgE8wXsD5o27"}
00432{"flow_id":588,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8377,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":890310,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0GrBAAEAGqSjAqAoyrBAAAQBQhzgyg4hfqQrgV4ARAOPZkgAAAQEICgPmku8BPMF7"}
00432{"flow_id":588,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8378,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347976,"pkt_ts_usec":891089,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XBVAAD4GacOsEAABwKgKMoc4AFCpCuBXMoOIYIAQAOXZjwAAAQEICgE8wXwD5pLv"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1499347979251,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":516,"flow_packet_id":6,"flow_first_seen":1499347845077,"flow_last_seen":1499347850858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":6,"flow_first_seen":1499347846345,"flow_last_seen":1499347851858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33310,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":6,"flow_first_seen":1499347847629,"flow_last_seen":1499347852858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33324,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":6,"flow_first_seen":1499347850209,"flow_last_seen":1499347855859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":6,"flow_first_seen":1499347851476,"flow_last_seen":1499347856859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33364,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8385,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":6,"flow_first_seen":1499347852742,"flow_last_seen":1499347857860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33378,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_first_seen":1499347979251,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":592,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8388,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":251367,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8naJAAD4GKC6sEAABwKgKMoeIAFCOM15oAAAAAKACchAliQAAAgQFtAQCCAoBPMPKAAAAAAEDAwc="}
00444{"flow_id":592,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8389,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":251461,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh4iSkzqsjjNeaaAScSDAAwAAAgQFtAQCCAoD5pU+ATzDygEDAwc="}
00432{"flow_id":592,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8390,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":252240,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0naNAAD4GKDWsEAABwKgKMoeIAFCOM15pkpM6rYAQAOVfCwAAAQEICgE8w8oD5pU+"}
00432{"flow_id":589,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8394,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":890860,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rk9AAD4GF4msEAABwKgKModSAFAISxCJ0IuKroARAOWpdAAAAQEICgE8xGoD5pA5"}
00432{"flow_id":589,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8395,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":891129,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0H3BAAEAGpGjAqAoyrBAAAQBQh1LQi4quCEsQioARAOOj0AAAAQEICgPmld4BPMRq"}
00432{"flow_id":589,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8396,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347979,"pkt_ts_usec":891846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rlBAAD4GF4isEAABwKgKModSAFAISxCK0IuKr4AQAOWjzgAAAQEICgE8xGoD5pXe"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1499347980524,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_first_seen":1499347980524,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":593,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8400,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":524401,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eP5AAD4GTNKsEAABwKgKMoeWAFDY8732AAAAAKACchB57gAAAgQFtAQCCAoBPMUIAAAAAAEDAwc="}
00444{"flow_id":593,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8401,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":524529,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh5YkRgUi2PO996AScSC3AgAAAgQFtAQCCAoD5pZ8ATzFCAEDAwc="}
00432{"flow_id":593,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8402,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":525222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eP9AAD4GTNmsEAABwKgKMoeWAFDY8733JEYFI4AQAOVWCgAAAQEICgE8xQgD5pZ8"}
00432{"flow_id":590,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8406,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":891349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l4JAAD4GLlasEAABwKgKModgAFCggleBVQ4M24ARAOXBUgAAAQEICgE8xWQD5pF0"}
00432{"flow_id":590,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8407,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":891608,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0mgNAAEAGKdXAqAoyrBAAAQBQh2BVDgzboIJXgoARAOO77wAAAQEICgPmltgBPMVk"}
00432{"flow_id":590,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8408,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347980,"pkt_ts_usec":892351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l4NAAD4GLlWsEAABwKgKModgAFCggleCVQ4M3IAQAOW77QAAAQEICgE8xWQD5pbY"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1499347981782,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_first_seen":1499347981782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":594,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8412,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":782559,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8XEpAAD4GaYasEAABwKgKMoekAFBFSZoIAAAAAKACchAwPwAAAgQFtAQCCAoBPMZCAAAAAAEDAwc="}
00444{"flow_id":594,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8413,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":782686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh6RlAFMiRUmaCaAScSDdXQAAAgQFtAQCCAoD5pe3ATzGQgEDAwc="}
00432{"flow_id":594,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8414,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":783436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XEtAAD4GaY2sEAABwKgKMoekAFBFSZoJZQBTI4AQAOV8ZAAAAQEICgE8xkMD5pe3"}
00432{"flow_id":591,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8418,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":891701,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z45AAD4GXkqsEAABwKgKModuAFDMdKbOqj3SgYARAOUo8wAAAQEICgE8xl4D5pK2"}
00432{"flow_id":591,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8419,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":892005,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RVNAAEAGfoXAqAoyrBAAAQBQh26qPdKBzHSmz4ARAOMj2AAAAQEICgPml9IBPMZe"}
00432{"flow_id":591,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8420,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347981,"pkt_ts_usec":892714,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Z49AAD4GXkmsEAABwKgKModuAFDMdKbPqj3SgoAQAOUj1gAAAQEICgE8xl4D5pfS"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1499347983061,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_first_seen":1499347983061,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":595,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8424,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347983,"pkt_ts_usec":61482,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8HjdAAD4Gp5msEAABwKgKMoeyAFDTp9m1AAAAAKACchBg5QAAAgQFtAQCCAoBPMeCAAAAAAEDAwc="}
00443{"flow_id":595,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8425,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347983,"pkt_ts_usec":61576,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh7KKfm1X06fZtqAScSDNEQAAAgQFtAQCCAoD5pj2ATzHggEDAwc="}
00431{"flow_id":595,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8426,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347983,"pkt_ts_usec":62186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HjhAAD4Gp6CsEAABwKgKMoeyAFDTp9m2in5tWIAQAOVsGQAAAQEICgE8x4ID5pj2"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1499347984370,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_first_seen":1499347984370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":596,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8433,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":370525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81w5AAD4G7sGsEAABwKgKMofAAFB4CR\/HAAAAAKACchB1HQAAAgQFtAQCCAoBPMjJAAAAAAEDAwc="}
00444{"flow_id":596,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8434,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":370650,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh8AzI3sOeAkfyKAScSAppgAAAgQFtAQCCAoD5po+ATzIyQEDAwc="}
00433{"flow_id":596,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8435,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":371399,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01w9AAD4G7sisEAABwKgKMofAAFB4CR\/IMyN7D4AQAOXIrAAAAQEICgE8yMoD5po+"}
00432{"flow_id":592,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8439,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":893032,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0naRAAD4GKDSsEAABwKgKMoeIAFCOM15pkpM6rYARAOVZiAAAAQEICgE8yUwD5pU+"}
00432{"flow_id":592,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8440,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":893285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0oG1AAEAGI2vAqAoyrBAAAQBQh4iSkzqtjjNeaoARAONUBwAAAQEICgPmmsABPMlM"}
00432{"flow_id":592,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8441,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347984,"pkt_ts_usec":894022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0naVAAD4GKDOsEAABwKgKMoeIAFCOM15qkpM6roAQAOVUBQAAAQEICgE8yUwD5prA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1499347985686,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_first_seen":1499347985686,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":597,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8445,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347985,"pkt_ts_usec":686995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8UVJAAD4GdH6sEAABwKgKMofOAFAxwJtBAAAAAKACchA+lAAAAgQFtAQCCAoBPMoTAAAAAAEDAwc="}
00444{"flow_id":597,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8446,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347985,"pkt_ts_usec":687120,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh84CN1TUMcCbQqAScSBI+gAAAgQFtAQCCAoD5puHATzKEwEDAwc="}
00432{"flow_id":597,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8447,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347985,"pkt_ts_usec":687910,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UVNAAD4GdIWsEAABwKgKMofOAFAxwJtCAjdU1YAQAOXoAQAAAQEICgE8yhMD5puH"}
@@ -5397,26 +5397,26 @@
00432{"flow_id":594,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8457,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347986,"pkt_ts_usec":893178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XExAAD4GaYysEAABwKgKMoekAFBFSZoJZQBTI4ARAOV3ZgAAAQEICgE8y0AD5pe3"}
00432{"flow_id":594,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8458,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347986,"pkt_ts_usec":893391,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0z5dAAEAG9EDAqAoyrBAAAQBQh6RlAFMjRUmaCoARAONyagAAAQEICgPmnLQBPMtA"}
00432{"flow_id":594,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8459,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347986,"pkt_ts_usec":894123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0XE1AAD4GaYusEAABwKgKMoekAFBFSZoKZQBTJIAQAOVyaAAAAQEICgE8y0AD5py0"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1499347988233,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_first_seen":1499347988233,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":598,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8466,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":233266,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aCNAAD4GXa2sEAABwKgKMofoAFBt56SsAAAAAKACchD2awAAAgQFtAQCCAoBPMyPAAAAAAEDAwc="}
00444{"flow_id":598,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8467,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":233392,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh+gH+IEYbeekraAScSDMUAAAAgQFtAQCCAoD5p4DATzMjwEDAwc="}
00433{"flow_id":598,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8468,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":234153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCRAAD4GXbSsEAABwKgKMofoAFBt56StB\/iBGYAQAOVrWAAAAQEICgE8zI8D5p4D"}
00432{"flow_id":595,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8472,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":893855,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HjlAAD4Gp5+sEAABwKgKMoeyAFDTp9m2in5tWIARAOVmZgAAAQEICgE8zTQD5pj2"}
00433{"flow_id":595,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8473,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":894041,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA08\/BAAEAGz+fAqAoyrBAAAQBQh7KKfm1Y06fZt4ARAONgtQAAAQEICgPmnqgBPM00"}
00432{"flow_id":595,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8474,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347988,"pkt_ts_usec":894686,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0HjpAAD4Gp56sEAABwKgKMoeyAFDTp9m3in5tWYAQAOVgsgAAAQEICgE8zTUD5p6o"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1499347989526,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":522,"flow_packet_id":6,"flow_first_seen":1499347855324,"flow_last_seen":1499347860860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33404,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":6,"flow_first_seen":1499347856593,"flow_last_seen":1499347861860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33418,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":6,"flow_first_seen":1499347859192,"flow_last_seen":1499347864861,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33444,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":6,"flow_first_seen":1499347860489,"flow_last_seen":1499347865862,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33458,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":6,"flow_first_seen":1499347861783,"flow_last_seen":1499347866863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33472,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8475,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":6,"flow_first_seen":1499347863072,"flow_last_seen":1499347868864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_first_seen":1499347989526,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":599,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8478,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347989,"pkt_ts_usec":526061,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8S9BAAD4GegCsEAABwKgKMof2AFDafYYCAAAAAKACchCnLgAAAgQFtAQCCAoBPM3SAAAAAAEDAwc="}
00445{"flow_id":599,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8479,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347989,"pkt_ts_usec":526184,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQh\/a7HZT72n2GA6AScSC0xwAAAgQFtAQCCAoD5p9GATzN0gEDAwc="}
00433{"flow_id":599,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8480,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347989,"pkt_ts_usec":526749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0S9FAAD4GegesEAABwKgKMof2AFDafYYDux2U\/IAQAOVTzgAAAQEICgE8zdMD5p9G"}
@@ -5427,71 +5427,71 @@
00432{"flow_id":597,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8494,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347990,"pkt_ts_usec":894920,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UVRAAD4GdISsEAABwKgKMofOAFAxwJtCAjdU1YARAOXi6gAAAQEICgE8zykD5puH"}
00433{"flow_id":597,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8495,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347990,"pkt_ts_usec":895045,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA09EhAAEAGz4\/AqAoyrBAAAQBQh84CN1TVMcCbQ4ARAOPd1QAAAQEICgPmoJ0BPM8p"}
00432{"flow_id":597,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8496,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347990,"pkt_ts_usec":895783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0UVVAAD4GdIOsEAABwKgKMofOAFAxwJtDAjdU1oAQAOXd0wAAAQEICgE8zykD5qCd"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1499347992139,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_first_seen":1499347992139,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":600,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8500,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347992,"pkt_ts_usec":139610,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA866dAAD4G2iisEAABwKgKMogQAFBfGDvHAAAAAKACchBqJwAAAgQFtAQCCAoBPNBgAAAAAAEDAwc="}
00444{"flow_id":600,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8501,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347992,"pkt_ts_usec":139764,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiBBHAQA0Xxg7yKAScSB+FgAAAgQFtAQCCAoD5qHUATzQYAEDAwc="}
00432{"flow_id":600,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8502,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347992,"pkt_ts_usec":140521,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA066hAAD4G2i+sEAABwKgKMogQAFBfGDvIRwEANYAQAOUdHgAAAQEICgE80GAD5qHU"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1499347993411,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_first_seen":1499347993411,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":601,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8509,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":411391,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wWNAAD4GBG2sEAABwKgKMogeAFD5yRD9AAAAAKACchD48wAAAgQFtAQCCAoBPNGeAAAAAAEDAwc="}
00445{"flow_id":601,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8510,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":411484,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiB6gRZIr+ckQ\/qAScSAgaQAAAgQFtAQCCAoD5qMSATzRngEDAwc="}
00433{"flow_id":601,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8511,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":412286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wWRAAD4GBHSsEAABwKgKMogeAFD5yRD+oEWSLIAQAOW\/cAAAAQEICgE80Z4D5qMS"}
00433{"flow_id":598,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8515,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":895959,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCVAAD4GXbOsEAABwKgKMofoAFBt56StB\/iBGYARAOVlzwAAAQEICgE80hcD5p4D"}
00432{"flow_id":598,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8516,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":896144,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0IpJAAEAGoUbAqAoyrBAAAQBQh+gH+IEZbeekroARAONgSAAAAQEICgPmo4sBPNIX"}
00433{"flow_id":598,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8517,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347993,"pkt_ts_usec":896723,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aCZAAD4GXbKsEAABwKgKMofoAFBt56SuB\/iBGoAQAOVgRgAAAQEICgE80hcD5qOL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1499347994680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_first_seen":1499347994680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":602,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8521,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":680838,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8eXlAAD4GTFesEAABwKgKMogsAFCPtauiAAAAAKACchDHFwAAAgQFtAQCCAoBPNLbAAAAAAEDAwc="}
00444{"flow_id":602,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8522,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":680963,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiCwnn9QNj7Wro6AScSAkFAAAAgQFtAQCCAoD5qRPATzS2wEDAwc="}
00433{"flow_id":602,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8523,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":681706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXpAAD4GTF6sEAABwKgKMogsAFCPtaujJ5\/UDoAQAOXDGwAAAQEICgE80tsD5qRP"}
00433{"flow_id":599,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8527,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":896085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0S9JAAD4GegasEAABwKgKMof2AFDafYYDux2U\/IARAOVOjwAAAQEICgE80xED5p9G"}
00434{"flow_id":599,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8528,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":896303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MHlAAEAGk1\/AqAoyrBAAAQBQh\/a7HZT82n2GBIARAONJUQAAAQEICgPmpIUBPNMR"}
00433{"flow_id":599,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8529,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347994,"pkt_ts_usec":896849,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0S9NAAD4GegWsEAABwKgKMof2AFDafYYEux2U\/YAQAOVJTwAAAQEICgE80xED5qSF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1499347997344,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_first_seen":1499347997344,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":603,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8539,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":344122,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nDhAAD4GKZisEAABwKgKMohGAFAyaklNAAAAAKACchCEBAAAAgQFtAQCCAoBPNV1AAAAAAEDAwc="}
00444{"flow_id":603,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8540,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":344232,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiEaQGXl+MmpJTqAScSDQewAAAgQFtAQCCAoD5qbpATzVdQEDAwc="}
00432{"flow_id":603,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8541,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":345017,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nDlAAD4GKZ+sEAABwKgKMohGAFAyaklOkBl5f4AQAOVvgwAAAQEICgE81XUD5qbp"}
00432{"flow_id":600,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8545,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":897375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA066lAAD4G2i6sEAABwKgKMogQAFBfGDvIRwEANYARAOUXfgAAAQEICgE81f8D5qHU"}
00433{"flow_id":600,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8546,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":897741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0p0ZAAEAGHJLAqAoyrBAAAQBQiBBHAQA1Xxg7yYARAOMR4AAAAQEICgPmp3MBPNX\/"}
00432{"flow_id":600,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8547,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347997,"pkt_ts_usec":898403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA066pAAD4G2i2sEAABwKgKMogQAFBfGDvJRwEANoAQAOUR3QAAAQEICgE81gAD5qdz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1499347998605,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_first_seen":1499347998605,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":604,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8551,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":605791,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MQxAAD4GlMSsEAABwKgKMohUAFBMT+e8AAAAAKACchDKZgAAAgQFtAQCCAoBPNawAAAAAAEDAwc="}
00445{"flow_id":604,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8552,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":605912,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiFT+qOY2TE\/nvaAScSA6WwAAAgQFtAQCCAoD5qgkATzWsAEDAwc="}
00433{"flow_id":604,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8553,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":606461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ1AAD4GlMusEAABwKgKMohUAFBMT+e9\/qjmN4AQAOXZYQAAAQEICgE81rED5qgk"}
00432{"flow_id":601,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8557,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":897471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wWVAAD4GBHOsEAABwKgKMogeAFD5yRD+oEWSLIARAOW6FAAAAQEICgE81vkD5qMS"}
00433{"flow_id":601,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8558,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":897684,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0OkFAAEAGiZfAqAoyrBAAAQBQiB6gRZIs+ckQ\/4ARAOO0ugAAAQEICgPmqG0BPNb5"}
00433{"flow_id":601,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8559,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347998,"pkt_ts_usec":898446,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0wWZAAD4GBHKsEAABwKgKMogeAFD5yRD\/oEWSLYAQAOW0twAAAQEICgE81voD5qht"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_tot_l4_data_len":242621,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1902,"flow_avg_l4_data_len":782,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":310,"flow_first_seen":1499347807664,"flow_last_seen":1499347876003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232685,"flow_avg_l4_payload_len":750,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":32906,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":6,"flow_first_seen":1499347864367,"flow_last_seen":1499347869864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":6,"flow_first_seen":1499347867086,"flow_last_seen":1499347872866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":6,"flow_first_seen":1499347868358,"flow_last_seen":1499347873865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":6,"flow_first_seen":1499347869628,"flow_last_seen":1499347874866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8560,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":6,"flow_first_seen":1499347873465,"flow_last_seen":1499347878867,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33594,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":602,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8566,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347999,"pkt_ts_usec":897487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXtAAD4GTF2sEAABwKgKMogsAFCPtaujJ5\/UDoARAOW+AgAAAQEICgE81\/MD5qRP"}
00433{"flow_id":602,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8567,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347999,"pkt_ts_usec":897605,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0fWlAAEAGRm\/AqAoyrBAAAQBQiCwnn9QOj7WrpIARAOO46wAAAQEICgPmqWcBPNfz"}
00434{"flow_id":602,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8568,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499347999,"pkt_ts_usec":898145,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0eXxAAD4GTFysEAABwKgKMogsAFCPtaukJ5\/UD4AQAOW46QAAAQEICgE81\/MD5qln"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1499348001148,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_first_seen":1499348001148,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":605,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8572,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348001,"pkt_ts_usec":148029,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8pkpAAD4GH4asEAABwKgKMohuAFDUG39mAAAAAKACchCoWgAAAgQFtAQCCAoBPNksAAAAAAEDAwc="}
00445{"flow_id":605,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8573,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348001,"pkt_ts_usec":148157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiG4I9+h41Bt\/Z6AScSAJQwAAAgQFtAQCCAoD5qqgATzZLAEDAwc="}
00432{"flow_id":605,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8574,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348001,"pkt_ts_usec":148896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pktAAD4GH42sEAABwKgKMohuAFDUG39nCPfoeYAQAOWoSgAAAQEICgE82SwD5qqg"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1499348002450,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":1,"flow_first_seen":1499348002450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":606,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8581,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":450018,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ydAAD4G8qisEAABwKgKMoh8AFCQawlWAAAAAKACchBgyAAAAgQFtAQCCAoBPNpxAAAAAAEDAwc="}
00444{"flow_id":606,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8582,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":450186,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiHx5OBm2kGsJV6AScSAe7QAAAgQFtAQCCAoD5qvlATzacQEDAwc="}
00432{"flow_id":606,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8583,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":450892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00yhAAD4G8q+sEAABwKgKMoh8AFCQawlXeTgZt4AQAOW98wAAAQEICgE82nID5qvl"}
00432{"flow_id":603,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8587,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":898410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nDpAAD4GKZ6sEAABwKgKMohGAFAyaklOkBl5f4ARAOVqFQAAAQEICgE82uID5qbp"}
00433{"flow_id":603,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8588,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":898601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA01SlAAEAG7q7AqAoyrBAAAQBQiEaQGXl\/MmpJT4ARAONkqQAAAQEICgPmrFYBPNri"}
00432{"flow_id":603,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8589,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348002,"pkt_ts_usec":899383,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nDtAAD4GKZ2sEAABwKgKMohGAFAyaklPkBl5gIAQAOVkpwAAAQEICgE82uID5qxW"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1499348003742,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":1,"flow_first_seen":1499348003742,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":607,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8593,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":742531,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Q\/NAAD4Ggd2sEAABwKgKMoiKAFCK7JhGAAAAAKACchDWBAAAAgQFtAQCCAoBPNu1AAAAAAEDAwc="}
00444{"flow_id":607,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8594,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":742626,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiIrxrFQGiuyYR6AScSDgIAAAAgQFtAQCCAoD5q0pATzbtQEDAwc="}
00434{"flow_id":607,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8595,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":743214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q\/RAAD4GgeSsEAABwKgKMoiKAFCK7JhH8axUB4AQAOV\/KAAAAQEICgE827UD5q0p"}
00433{"flow_id":604,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8599,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":899356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ5AAD4GlMqsEAABwKgKMohUAFBMT+e9\/qjmN4ARAOXUNQAAAQEICgE829wD5qgk"}
00433{"flow_id":604,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8600,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":899571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0S2dAAEAGeHHAqAoyrBAAAQBQiFT+qOY3TE\/nvoARAOPPCgAAAQEICgPmrVABPNvc"}
00433{"flow_id":604,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8601,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348003,"pkt_ts_usec":900302,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MQ9AAD4GlMmsEAABwKgKMohUAFBMT+e+\/qjmOIAQAOXPCAAAAQEICgE829wD5q1Q"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1499348006334,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":1,"flow_first_seen":1499348006334,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":608,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8611,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348006,"pkt_ts_usec":334523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8NJlAAD4GkTesEAABwKgKMoikAFAqsOqkAAAAAKACchDhQAAAAgQFtAQCCAoBPN49AAAAAAEDAwc="}
00444{"flow_id":608,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8612,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348006,"pkt_ts_usec":334694,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiKQqwf7AKrDqpaAScSAFBgAAAgQFtAQCCAoD5q+xATzePQEDAwc="}
00432{"flow_id":608,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8613,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348006,"pkt_ts_usec":335211,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJpAAD4GkT6sEAABwKgKMoikAFAqsOqlKsH+wYAQAOWkDQAAAQEICgE83j0D5q+x"}
@@ -5499,11 +5499,11 @@
00433{"flow_id":605,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8621,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348006,"pkt_ts_usec":900522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0WEdAAEAGa5HAqAoyrBAAAQBQiG4I9+h51Bt\/aIARAOOdDgAAAQEICgPmsD4BPN7K"}
00432{"flow_id":605,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8622,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348006,"pkt_ts_usec":901228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0pk1AAD4GH4usEAABwKgKMohuAFDUG39oCPfoeoAQAOWdDAAAAQEICgE83soD5rA+"}
00947{"flow_id":606,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":347280,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGz0ylAAD4G8S+sEAABwKgKMoh8AFCQawlXeTgZt4AYAOVoMwAAAQEICgE83zoD5qvlR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":415,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8623,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":4,"flow_first_seen":1499348002450,"flow_last_seen":1499348007347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00433{"flow_id":606,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8624,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":347401,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0qRlAAEAGGr\/AqAoyrBAAAQBQiHx5OBm3kGsK1oAQAOuy3QAAAQEICgPmsK4BPN86"}
02829{"flow_id":606,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8625,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":350540,"pkt_caplen":1837,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1837,"pkt_l4_len":1803,"pkt":"AMGxFOsxABm5CmnxCABFAAcfqRpAAEAGE9PAqAoyrBAAAQBQiHx5OBm3kGsK1oAYAOt9\/QAAAQEICgPmsK8BPN86SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjMzOjI3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWG1P4zgQ\/gzS\/gefTzpgpcbb2y+3XJoVtHAgsbfctix70kmRm7itwYmD7bTw72\/sOG14LdkioeKXeXk84xnP5N12+Mvga3\/07\/kRmplMoPOLw7PTPsIdQi4\/9gkZjAbox8noyxnqBh\/Q0CieGEKO\/sYIz4wp9glZLBbB4mMg1ZSMvpFbK6Vr2fywox1PkJoUR++2322HTs9tJnLde0JG99OnTxVrRb4VzhhNYbi1FWbMUGRZOuym5PMe7svcsNx0RncFwyipZj1s2K0hVsSfKJlRpZnpXYyOO39gRCqZW6HhRrDoeylypuiYC27u9tE3NhEsMSxFfSW1RkNuGBomiheG51O0+2M43EP7+2hAsxzVvIKhSzZGB0UheEINlznaHXy\/PNhD827Q\/YDeD9icCVlkAO19SCrFHoXg+TVSTPSwNneC6RljBiMDp\/GHSLTGaKbYpIeDgMBfOl9Qu0oyyvPAbZPH0jiYopbzH8\/olBFYui9pQueWLHAbSxnanbYJ4YrOabWKkVbJPSBX2v0\/BwXBlcZRSCpK7zniXWfHY5neoURQbb0uM4Yrl6Z8jnjaw9Z3cCKmvNcbW1ZIY30r5Nn0ERJ3SE2EnMqgyKcYUQEXYY2jVucGrKDukWpr5BgcVza0P9qLC5qmLK0OBASlqM9pdw+FTK6taQRHMk9A9XUPL3ieykUAWw5Hb6c6SbCDa1ZgoPfcFeDoBMwWEgpWFjzafo1AnkP0lYld0kExK16Q\/5AUR6eNlXZqIeDKYo2+JQ2OhnaICIQfLKLBYUMZKUW0gUHnjfjmcD3GqjSMvIDqaQYcHdr\/6FiqpKUHHgpktyxpA8DR46gvs4zmKTrNr5jzyGYoEq0mbVA4ekAx\/Ha8meIJJ8HnAkK1x4GzTNmaW\/IqfhwdcwjuU7uiN7ZNWQhJ0zbW8RwexoWbbegfWhh4uVq5yLO4uGVJqRjqH5yP+icHm0HRN4K3weHoIab\/OXury2olxmN43Fo5pcH1AA3aPbTLe5uhWjB6HfNWkGoWHF3CCA2ZtrcVnQ5apteHcm+1jlsBqRhwBPUM1Cpfv2xoCitONfRrVlVRr8KhahzL4usN0Oi21tA1iqGR6j6EDZ8gF4tQXa59DldkOLL1I9yPaqmdOYCf5xO5Rl2DCkfnJ+cQHRPZThEdy9KsUbOkwdGBHb6dWW2ht1b9ighHZ278AICv2O7Vfs8XgraEXRWC0MnYXa\/b7jULwXDW\/ZnuAkrmri+YG8Lnywo2TmTKYqoY9fXzRKoM5TSDah34oex1Ka6Hf8UIuqWZBOx\/HY18bRoW\/sSXM2p2NLqTpXLMn+vKOi\/KZvGPvWj7u6xvm0S6HGccyOZUlDAdVlOvjRRR1VQQi9Ituq5gaeBw9nv0BeLN3T6V0eqtgEW7590Dl2HlVtv7ad8vygXVhWsZ4YawW+tl4gzb0WDYeGnY2BkWuiGqptAIYngUaH6No5+XtbxErfEBdwxFgmEqPoKuCo4b96G9MfHQd34tMb4sbz1OlgcLfs0LlnLqRNtZ8+S6Pvnz2F4v42U8\/pjJlC9zYSIzm507E3oTuC8CT4J4BeOrNFc4qWDKdJ2EF9U9om7q8Mmluup14zhW0G5Wv3UGeSbj+LBPBKNqGUxPpSV9pw3LYpvKnwzPcWmMbXN9eH7nbIFOmCiWKbOQRVnENZnM+1XSXfX8+0BxUeyiZx7bOUiMZyDRXsfPAMk96b\/VjugJudhBezhCa2ENIRcl7G2BaSdzLTRrTSr4FNKmYBNIXyHLogvNlE17+yGBGaJpxnPvQpjXbzM6sx93PA1IXFHAo3o6GPqdlGubvdPai886dCKlufeto4g2+dhUPPWqNRMwse9W9VnOfTCL\/geoshewERQAAA=="}
00432{"flow_id":606,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8626,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":351219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00ypAAD4G8q2sEAABwKgKMoh8AFCQawrWeTggooAQAQCr2wAAAQEICgE83zsD5rCv"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1499348007599,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":1,"flow_first_seen":1499348007599,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":609,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8627,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":599846,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8+WFAAD4GzG6sEAABwKgKMoiyAFBEayYYAAAAAKACchCKyAAAAgQFtAQCCAoBPN95AAAAAAEDAwc="}
00444{"flow_id":609,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8628,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":599986,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiLJr5HteRGsmGaAScSDvkAAAAgQFtAQCCAoD5rDtATzfeQEDAwc="}
00432{"flow_id":609,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8629,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348007,"pkt_ts_usec":600554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WJAAD4GzHWsEAABwKgKMoiyAFBEayYZa+R7X4AQAOWOmAAAAQEICgE833kD5rDt"}
@@ -5518,44 +5518,44 @@
00433{"flow_id":607,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8639,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348008,"pkt_ts_usec":903714,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q\/VAAD4GgeOsEAABwKgKMoiKAFCK7JhH8axUB4ARAOV6HQAAAQEICgE84L8D5q0p"}
00433{"flow_id":607,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8640,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348008,"pkt_ts_usec":903906,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA05jRAAEAG3aPAqAoyrBAAAQBQiIrxrFQHiuyYSIARAON1FAAAAQEICgPmsjMBPOC\/"}
00433{"flow_id":607,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8641,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348008,"pkt_ts_usec":904666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Q\/ZAAD4GgeKsEAABwKgKMoiKAFCK7JhI8axUCIAQAOV1EgAAAQEICgE84L8D5rIz"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1499348010145,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":6,"flow_first_seen":1499347874737,"flow_last_seen":1499347879867,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33608,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":6,"flow_first_seen":1499347877292,"flow_last_seen":1499347882869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33634,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":6,"flow_first_seen":1499347878568,"flow_last_seen":1499347883869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33648,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":6,"flow_first_seen":1499347881141,"flow_last_seen":1499347886869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33674,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":6,"flow_first_seen":1499347882404,"flow_last_seen":1499347887870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33688,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8642,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":6,"flow_first_seen":1499347883693,"flow_last_seen":1499347888870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33702,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_first_seen":1499348010145,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":610,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8645,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348010,"pkt_ts_usec":145611,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA81alAAD4G8CasEAABwKgKMojMAFACvDRcAAAAAKACchC7nQAAAgQFtAQCCAoBPOH1AAAAAAEDAwc="}
00444{"flow_id":610,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8646,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348010,"pkt_ts_usec":145738,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiMxKQ6iIArw0XaAScSASYQAAAgQFtAQCCAoD5rNpATzh9QEDAwc="}
00432{"flow_id":610,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8647,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348010,"pkt_ts_usec":146474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01apAAD4G8C2sEAABwKgKMojMAFACvDRdSkOoiYAQAOWxZwAAAQEICgE84fYD5rNp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1499348011433,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_first_seen":1499348011433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":611,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8654,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":433036,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA89\/VAAD4GzdqsEAABwKgKMojaAFB2oBTCAAAAAKACchBmAwAAAgQFtAQCCAoBPOM3AAAAAAEDAwc="}
00444{"flow_id":611,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8655,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":433191,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiNplHDbhdqAUw6AScSASUwAAAgQFtAQCCAoD5rSrATzjNwEDAwc="}
00433{"flow_id":611,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8656,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":433910,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA09\/ZAAD4GzeGsEAABwKgKMojaAFB2oBTDZRw24oAQAOWxWgAAAQEICgE84zcD5rSr"}
00432{"flow_id":608,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8660,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":903584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJtAAD4GkT2sEAABwKgKMoikAFAqsOqlKsH+wYARAOWenAAAAQEICgE8460D5q+x"}
00433{"flow_id":608,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8661,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":903791,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0S+BAAEAGd\/jAqAoyrBAAAQBQiKQqwf7BKrDqpoARAOOZLQAAAQEICgPmtSEBPOOt"}
00432{"flow_id":608,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8662,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348011,"pkt_ts_usec":904532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0NJxAAD4GkTysEAABwKgKMoikAFAqsOqmKsH+woAQAOWZKwAAAQEICgE8460D5rUh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1499348012728,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":1,"flow_first_seen":1499348012728,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":612,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8666,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":728762,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MbdAAD4GlBmsEAABwKgKMojoAFBoxNXMAAAAAKACchCxggAAAgQFtAQCCAoBPOR7AAAAAAEDAwc="}
00444{"flow_id":612,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8667,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":728872,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiOhwV55UaMTVzaAScSDp3wAAAgQFtAQCCAoD5rXvATzkewEDAwc="}
00432{"flow_id":612,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":729471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbhAAD4GlCCsEAABwKgKMojoAFBoxNXNcFeeVYAQAOWI5wAAAQEICgE85HsD5rXv"}
00432{"flow_id":609,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8672,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":903526,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WNAAD4GzHSsEAABwKgKMoiyAFBEayYZa+R7X4ARAOWJaQAAAQEICgE85KcD5rDt"}
00432{"flow_id":609,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8673,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":903735,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0zURAAEAG9pPAqAoyrBAAAQBQiLJr5HtfRGsmGoARAOOEPAAAAQEICgPmthsBPOSn"}
00432{"flow_id":609,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8674,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348012,"pkt_ts_usec":904486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0+WRAAD4GzHOsEAABwKgKMoiyAFBEayYaa+R7YIAQAOWEOgAAAQEICgE85KcD5rYb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1499348015250,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_first_seen":1499348015250,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":613,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8684,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":250467,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SaJAAD4GfC6sEAABwKgKMokCAFA1NK9QAAAAAKACchAI\/gAAAgQFtAQCCAoBPObyAAAAAAEDAwc="}
00444{"flow_id":613,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8685,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":250592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiQJJKiEWNTSvUaAScSDjTwAAAgQFtAQCCAoD5rhmATzm8gEDAwc="}
00432{"flow_id":613,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8686,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":251161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SaNAAD4GfDWsEAABwKgKMokCAFA1NK9RSSohF4AQAOWCVwAAAQEICgE85vID5rhm"}
00432{"flow_id":610,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8690,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":904241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01atAAD4G8CysEAABwKgKMojMAFACvDRdSkOoiYARAOWrxwAAAQEICgE855UD5rNp"}
00432{"flow_id":610,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8691,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":904505,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0EYBAAEAGsljAqAoyrBAAAQBQiMxKQ6iJArw0XoARAOOmKAAAAQEICgPmuQkBPOeV"}
00432{"flow_id":610,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8692,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348015,"pkt_ts_usec":905252,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA01axAAD4G8CusEAABwKgKMojMAFACvDReSkOoioAQAOWmJgAAAQEICgE855UD5rkJ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1499348016526,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_first_seen":1499348016526,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":614,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8696,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348016,"pkt_ts_usec":526028,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82X9AAD4G7FCsEAABwKgKMokQAFAj2zFPAAAAAKACchCXDAAAAgQFtAQCCAoBPOgwAAAAAAEDAwc="}
00445{"flow_id":614,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8697,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348016,"pkt_ts_usec":526157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiRBmO\/1xI9sxUKAScSB2swAAAgQFtAQCCAoD5rmkATzoMAEDAwc="}
00432{"flow_id":614,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8698,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348016,"pkt_ts_usec":526896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02YBAAD4G7FesEAABwKgKMokQAFAj2zFQZjv9coAQAOUVugAAAQEICgE86DED5rmk"}
@@ -5565,42 +5565,42 @@
00432{"flow_id":612,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8711,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348017,"pkt_ts_usec":904556,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MblAAD4GlB+sEAABwKgKMojoAFBoxNXNcFeeVYARAOWD2AAAAQEICgE86YkD5rXv"}
00432{"flow_id":612,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8712,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348017,"pkt_ts_usec":904775,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0JKhAAEAGnzDAqAoyrBAAAQBQiOhwV55VaMTVzoARAON+ywAAAQEICgPmuv0BPOmJ"}
00432{"flow_id":612,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8713,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348017,"pkt_ts_usec":905547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MbpAAD4GlB6sEAABwKgKMojoAFBoxNXOcFeeVoAQAOV+yQAAAQEICgE86YkD5rr9"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1499348019059,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_first_seen":1499348019059,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":615,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8717,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348019,"pkt_ts_usec":59002,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bDdAAD4GWZmsEAABwKgKMokqAFBENIadAAAAAKACchAe0QAAAgQFtAQCCAoBPOqqAAAAAAEDAwc="}
00443{"flow_id":615,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8718,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348019,"pkt_ts_usec":59168,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiSoKVvNnRDSGnqAScSBh7QAAAgQFtAQCCAoD5rweATzqqgEDAwc="}
00431{"flow_id":615,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8719,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348019,"pkt_ts_usec":59893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDhAAD4GWaCsEAABwKgKMokqAFBENIaeClbzaIAQAOUA9QAAAQEICgE86qoD5rwe"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1499348020357,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":6,"flow_first_seen":1499347886296,"flow_last_seen":1499347891872,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":6,"flow_first_seen":1499347887572,"flow_last_seen":1499347892872,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33742,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":542,"flow_packet_id":6,"flow_first_seen":1499347890192,"flow_last_seen":1499347895873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":543,"flow_packet_id":6,"flow_first_seen":1499347891536,"flow_last_seen":1499347896874,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33782,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8723,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":6,"flow_first_seen":1499347894093,"flow_last_seen":1499347899875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_first_seen":1499348020357,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":616,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8726,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":357295,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MF5AAD4GlXKsEAABwKgKMok4AFAr8NuwAAAAAKACchDgrwAAAgQFtAQCCAoBPOvuAAAAAAEDAwc="}
00445{"flow_id":616,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8727,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":357391,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiTgvWFvMK\/DbsaAScSCVIQAAAgQFtAQCCAoD5r1iATzr7gEDAwc="}
00432{"flow_id":616,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8728,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":358178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MF9AAD4GlXmsEAABwKgKMok4AFAr8NuxL1hbzYAQAOU0KQAAAQEICgE86+4D5r1i"}
00432{"flow_id":613,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8732,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":904958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SaRAAD4GfDSsEAABwKgKMokCAFA1NK9RSSohF4ARAOV80QAAAQEICgE87HcD5rhm"}
00432{"flow_id":613,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8733,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":905225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0nPxAAEAGJtzAqAoyrBAAAQBQiQJJKiEXNTSvUoARAON3TQAAAQEICgPmvesBPOx3"}
00432{"flow_id":613,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8734,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348020,"pkt_ts_usec":905968,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SaVAAD4GfDOsEAABwKgKMokCAFA1NK9SSSohGIAQAOV3SwAAAQEICgE87HcD5r3r"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1499348021660,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_first_seen":1499348021660,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":617,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8738,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":660105,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8T85AAD4GdgKsEAABwKgKMolGAFAJiKL6AAAAAKACchA6egAAAgQFtAQCCAoBPO00AAAAAAEDAwc="}
00444{"flow_id":617,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8739,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":660260,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiUb24raMCYii+6AScSDLWgAAAgQFtAQCCAoD5r6oATztNAEDAwc="}
00432{"flow_id":617,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8741,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":660898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T89AAD4GdgmsEAABwKgKMolGAFAJiKL79uK2jYAQAOVqYgAAAQEICgE87TQD5r6o"}
00432{"flow_id":614,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8744,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":905158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02YFAAD4G7FasEAABwKgKMokQAFAj2zFQZjv9coARAOUQeQAAAQEICgE87XED5rmk"}
00433{"flow_id":614,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8745,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":905380,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0Q5dAAEAGgEHAqAoyrBAAAQBQiRBmO\/1yI9sxUYARAOMLOQAAAQEICgPmvuUBPO1x"}
00432{"flow_id":614,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8746,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348021,"pkt_ts_usec":905932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02YJAAD4G7FWsEAABwKgKMokQAFAj2zFRZjv9c4AQAOULNwAAAQEICgE87XED5r7l"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1499348024206,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_first_seen":1499348024206,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":618,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8756,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":206226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA82E1AAD4G7YKsEAABwKgKMolgAFCsqjf8AAAAAKACchD\/vgAAAgQFtAQCCAoBPO+xAAAAAAEDAwc="}
00445{"flow_id":618,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8757,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":206370,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiWCF9T2qrKo3\/aAScSB38wAAAgQFtAQCCAoD5sEkATzvsQEDAwc="}
00432{"flow_id":618,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8758,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":207142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02E5AAD4G7YmsEAABwKgKMolgAFCsqjf9hfU9q4AQAOUW+wAAAQEICgE877ED5sEk"}
00432{"flow_id":615,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8763,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":905861,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDlAAD4GWZ+sEAABwKgKMokqAFBENIaeClbzaIARAOX7PgAAAQEICgE88F8D5rwe"}
00432{"flow_id":615,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8764,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":906111,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0MrtAAEAGkR3AqAoyrBAAAQBQiSoKVvNoRDSGn4ARAOP1igAAAQEICgPmwdMBPPBf"}
00432{"flow_id":615,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348024,"pkt_ts_usec":906629,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bDpAAD4GWZ6sEAABwKgKMokqAFBENIafClbzaYAQAOX1hwAAAQEICgE88GAD5sHT"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1499348025497,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_first_seen":1499348025497,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":619,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8769,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348025,"pkt_ts_usec":497134,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA856FAAD4G3i6sEAABwKgKMoluAFBIkhdSAAAAAKACchCDMQAAAgQFtAQCCAoBPPDzAAAAAAEDAwc="}
00444{"flow_id":619,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8770,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348025,"pkt_ts_usec":497290,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiW4WAueQSJIXU6AScSDALwAAAgQFtAQCCAoD5sJnATzw8wEDAwc="}
00432{"flow_id":619,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8771,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348025,"pkt_ts_usec":497824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA056JAAD4G3jWsEAABwKgKMoluAFBIkhdTFgLnkYAQAOVfNwAAAQEICgE88PMD5sJn"}
@@ -5610,37 +5610,37 @@
00432{"flow_id":617,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8784,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348026,"pkt_ts_usec":907369,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T9BAAD4GdgisEAABwKgKMolGAFAJiKL79uK2jYARAOVlQQAAAQEICgE88lQD5r6o"}
00433{"flow_id":617,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8785,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348026,"pkt_ts_usec":907551,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0dUVAAEAGTpPAqAoyrBAAAQBQiUb24raNCYii\/IARAONgIgAAAQEICgPmw8gBPPJU"}
00432{"flow_id":617,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8786,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348026,"pkt_ts_usec":908282,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0T9FAAD4GdgesEAABwKgKMolGAFAJiKL89uK2joAQAOVgIAAAAQEICgE88lQD5sPI"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1499348028117,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_first_seen":1499348028117,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":620,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8790,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348028,"pkt_ts_usec":117807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80XFAAD4G9F6sEAABwKgKMomIAFDG6SLzAAAAAKACchD2jwAAAgQFtAQCCAoBPPOCAAAAAAEDAwc="}
00444{"flow_id":620,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8791,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348028,"pkt_ts_usec":117919,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiYg5g7TNxuki9KAScSBAQQAAAgQFtAQCCAoD5sT2ATzzggEDAwc="}
00432{"flow_id":620,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8792,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348028,"pkt_ts_usec":118705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00XJAAD4G9GWsEAABwKgKMomIAFDG6SL0OYO0zoAQAOXfRwAAAQEICgE884MD5sT2"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1499348029395,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":1,"flow_first_seen":1499348029395,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":621,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8799,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":395102,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DoBAAD4Gt1CsEAABwKgKMomWAFBGnvpCAAAAAKACchCePQAAAgQFtAQCCAoBPPTCAAAAAAEDAwc="}
00444{"flow_id":621,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8800,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":395197,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiZaKxK9BRp76Q6AScSCa+QAAAgQFtAQCCAoD5sY2ATz0wgEDAwc="}
00432{"flow_id":621,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8801,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":395961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DoFAAD4Gt1esEAABwKgKMomWAFBGnvpDisSvQoAQAOU6AQAAAQEICgE89MID5sY2"}
00432{"flow_id":618,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8805,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":908301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02E9AAD4G7YisEAABwKgKMolgAFCsqjf9hfU9q4ARAOURaQAAAQEICgE89UID5sEk"}
00433{"flow_id":618,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8806,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":908520,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0+x1AAEAGyLrAqAoyrBAAAQBQiWCF9T2rrKo3\/oARAOML2AAAAQEICgPmxrYBPPVC"}
00432{"flow_id":618,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8807,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348029,"pkt_ts_usec":909195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA02FBAAD4G7YesEAABwKgKMolgAFCsqjf+hfU9rIAQAOUL1gAAAQEICgE89UID5sa2"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1499348030687,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":6,"flow_first_seen":1499347895396,"flow_last_seen":1499347900875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":546,"flow_packet_id":6,"flow_first_seen":1499347896716,"flow_last_seen":1499347901875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33836,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":547,"flow_packet_id":6,"flow_first_seen":1499347899275,"flow_last_seen":1499347904876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33862,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":548,"flow_packet_id":6,"flow_first_seen":1499347900544,"flow_last_seen":1499347905875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33876,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":6,"flow_first_seen":1499347903125,"flow_last_seen":1499347908876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33902,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8808,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":6,"flow_first_seen":1499347904387,"flow_last_seen":1499347909877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33916,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":1,"flow_first_seen":1499348030687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":622,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8811,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":687033,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gAJAAD4GRc6sEAABwKgKMomkAFDF6nYHAAAAAKACchCh2wAAAgQFtAQCCAoBPPYFAAAAAAEDAwc="}
00445{"flow_id":622,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8812,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":687160,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiaQ\/ByIUxep2CKAScSB2PwAAAgQFtAQCCAoD5sd5ATz2BQEDAwc="}
00432{"flow_id":622,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8813,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":687745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gANAAD4GRdWsEAABwKgKMomkAFDF6nYIPwciFYAQAOUVRwAAAQEICgE89gUD5sd5"}
00432{"flow_id":619,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8817,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":908964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA056NAAD4G3jSsEAABwKgKMoluAFBIkhdTFgLnkYARAOVZ7QAAAQEICgE89jwD5sJn"}
00432{"flow_id":619,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8818,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":909214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ICFAAEAGo7fAqAoyrBAAAQBQiW4WAueRSJIXVIARAONUpQAAAQEICgPmx7ABPPY8"}
00432{"flow_id":619,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8819,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348030,"pkt_ts_usec":909887,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA056RAAD4G3jOsEAABwKgKMoluAFBIkhdUFgLnkoAQAOVUowAAAQEICgE89jwD5sew"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1499348033296,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":1,"flow_first_seen":1499348033296,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":623,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8829,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":296951,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LtJAAD4Glv6sEAABwKgKMom+AFA+iNZDAAAAAKACchDGWwAAAgQFtAQCCAoBPPiRAAAAAAEDAwc="}
00444{"flow_id":623,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8830,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":297096,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQib4da6BXPojWRKAScSA7jAAAAgQFtAQCCAoD5soFATz4kQEDAwc="}
00432{"flow_id":623,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8831,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":297674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LtNAAD4GlwWsEAABwKgKMom+AFA+iNZEHWugWIAQAOXakwAAAQEICgE8+JED5soF"}
@@ -5648,7 +5648,7 @@
00432{"flow_id":620,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8836,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":910376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0flBAAEAGRYjAqAoyrBAAAQBQiYg5g7TOxuki9YAQAOPT+AAAAQEICgPmyp8BPPkq"}
00432{"flow_id":620,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8837,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":910486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0flFAAEAGRYfAqAoyrBAAAQBQiYg5g7TOxuki9YARAOPT9wAAAQEICgPmyp8BPPkq"}
00432{"flow_id":620,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8838,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348033,"pkt_ts_usec":910950,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0H75AAD4GphqsEAABwKgKMomIAFDG6SL1OYO0z4AQAOXT9AAAAQEICgE8+SsD5sqf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1499348034569,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":1,"flow_first_seen":1499348034569,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":624,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8842,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348034,"pkt_ts_usec":569726,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8z7RAAD4G9husEAABwKgKMonMAFCoJTZ7AAAAAKACchD7OgAAAgQFtAQCCAoBPPnPAAAAAAEDAwc="}
00444{"flow_id":624,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8843,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348034,"pkt_ts_usec":569852,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiczTsUb+qCU2fKAScSASQAAAAgQFtAQCCAoD5stDATz5zwEDAwc="}
00433{"flow_id":624,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8844,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348034,"pkt_ts_usec":570616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z7VAAD4G9iKsEAABwKgKMonMAFCoJTZ807FG\/4AQAOWxRgAAAQEICgE8+dAD5stD"}
@@ -5658,11 +5658,11 @@
00432{"flow_id":622,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8857,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348035,"pkt_ts_usec":909748,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gARAAD4GRdSsEAABwKgKMomkAFDF6nYIPwciFYARAOUQLQAAAQEICgE8+x4D5sd5"}
00433{"flow_id":622,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8858,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348035,"pkt_ts_usec":909931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA07odAAEAG1VDAqAoyrBAAAQBQiaQ\/ByIVxep2CYARAOMLFQAAAQEICgPmzJIBPPse"}
00432{"flow_id":622,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8859,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348035,"pkt_ts_usec":910627,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gAVAAD4GRdOsEAABwKgKMomkAFDF6nYJPwciFoAQAOULEgAAAQEICgE8+x8D5syS"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1499348037175,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":1,"flow_first_seen":1499348037175,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":625,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8863,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348037,"pkt_ts_usec":175604,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8MahAAD4GlCisEAABwKgKMonmAFDKJM3zAAAAAKACchA\/HQAAAgQFtAQCCAoBPPxbAAAAAAEDAwc="}
00444{"flow_id":625,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8864,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348037,"pkt_ts_usec":175698,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiebQGLVtyiTN9KAScSDovwAAAgQFtAQCCAoD5s3PATz8WwEDAwc="}
00433{"flow_id":625,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8865,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348037,"pkt_ts_usec":176453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MalAAD4GlC+sEAABwKgKMonmAFDKJM300Bi1boAQAOWHxwAAAQEICgE8\/FsD5s3P"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1499348038438,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":1,"flow_first_seen":1499348038438,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":626,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8872,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348038,"pkt_ts_usec":438178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/dAAD4GNdmsEAABwKgKMon0AFAYNXJgAAAAAKACchBLVgAAAgQFtAQCCAoBPP2XAAAAAAEDAwc="}
00444{"flow_id":626,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8873,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348038,"pkt_ts_usec":438283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQifSSwJxVGDVyYaAScSBKLgAAAgQFtAQCCAoD5s8KATz9lwEDAwc="}
00434{"flow_id":626,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8874,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348038,"pkt_ts_usec":438896,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/hAAD4GNeCsEAABwKgKMon0AFAYNXJhksCcVoAQAOXpNQAAAQEICgE8\/ZcD5s8K"}
@@ -5673,44 +5673,44 @@
00434{"flow_id":624,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8888,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348039,"pkt_ts_usec":911056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z7ZAAD4G9iGsEAABwKgKMonMAFCoJTZ807FG\/4ARAOWsDgAAAQEICgE8\/wcD5stD"}
00433{"flow_id":624,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8889,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348039,"pkt_ts_usec":911241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0loRAAEAGLVTAqAoyrBAAAQBQiczTsUb\/qCU2fYARAOOm1wAAAQEICgPm0HsBPP8H"}
00433{"flow_id":624,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8890,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348039,"pkt_ts_usec":911983,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0z7dAAD4G9iCsEAABwKgKMonMAFCoJTZ907FHAIAQAOWm1QAAAQEICgE8\/wcD5tB7"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1499348041088,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":6,"flow_first_seen":1499347905694,"flow_last_seen":1499347910877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33930,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":6,"flow_first_seen":1499347908253,"flow_last_seen":1499347913877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33956,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":6,"flow_first_seen":1499347909575,"flow_last_seen":1499347914878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33970,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":6,"flow_first_seen":1499347912141,"flow_last_seen":1499347917877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":6,"flow_first_seen":1499347913416,"flow_last_seen":1499347918877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34010,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8891,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":6,"flow_first_seen":1499347914710,"flow_last_seen":1499347919878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34024,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":1,"flow_first_seen":1499348041088,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":627,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8894,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348041,"pkt_ts_usec":88026,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8l85AAD4GLgKsEAABwKgKMooOAFBaWpfjAAAAAKACchDg\/QAAAgQFtAQCCAoBPQAtAAAAAAEDAwc="}
00443{"flow_id":627,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8895,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348041,"pkt_ts_usec":88150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQig7ecTfrWlqX5KAScSD19wAAAgQFtAQCCAoD5tGhAT0ALQEDAwc="}
00432{"flow_id":627,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8896,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348041,"pkt_ts_usec":88744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l89AAD4GLgmsEAABwKgKMooOAFBaWpfk3nE37IAQAOWU\/wAAAQEICgE9AC0D5tGh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1499348042384,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":1,"flow_first_seen":1499348042384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":628,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8903,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":384336,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8rjZAAD4GF5qsEAABwKgKMoocAFClJq9HAAAAAKACchB9ewAAAgQFtAQCCAoBPQFxAAAAAAEDAwc="}
00445{"flow_id":628,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8904,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":384460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQihw9by\/zpSavSKAScSA6LAAAAgQFtAQCCAoD5tLlAT0BcQEDAwc="}
00432{"flow_id":628,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8905,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":385197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0rjdAAD4GF6GsEAABwKgKMoocAFClJq9IPW8v9IAQAOXZMwAAAQEICgE9AXED5tLl"}
00432{"flow_id":625,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8909,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":910916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MapAAD4GlC6sEAABwKgKMonmAFDKJM300Bi1boARAOWCLAAAAQEICgE9AfUD5s3P"}
00432{"flow_id":625,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8910,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":911131,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ZgdAAEAGXdHAqAoyrBAAAQBQiebQGLVuyiTN9YARAON8kwAAAQEICgPm02kBPQH1"}
00432{"flow_id":625,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8911,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348042,"pkt_ts_usec":911851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0MatAAD4GlC2sEAABwKgKMonmAFDKJM310Bi1b4AQAOV8kQAAAQEICgE9AfUD5tNp"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1499348043670,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":1,"flow_first_seen":1499348043670,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":629,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8915,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":670139,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cMNAAD4GVQ2sEAABwKgKMooqAFAsTnJwAAAAAKACchAx2wAAAgQFtAQCCAoBPQKzAAAAAAEDAwc="}
00444{"flow_id":629,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8916,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":670280,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiirQJ1Z6LE5ycaAScSA0CwAAAgQFtAQCCAoD5tQmAT0CswEDAwc="}
00432{"flow_id":629,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8917,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":671025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cMRAAD4GVRSsEAABwKgKMooqAFAsTnJx0CdWe4AQAOXTEgAAAQEICgE9ArMD5tQm"}
00433{"flow_id":626,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8921,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":910938,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/lAAD4GNd+sEAABwKgKMon0AFAYNXJhksCcVoARAOXj3AAAAQEICgE9Au8D5s8K"}
00432{"flow_id":626,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8922,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":911131,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0SDVAAEAGe6PAqAoyrBAAAQBQifSSwJxWGDVyYoARAOPehAAAAQEICgPm1GMBPQLv"}
00433{"flow_id":626,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8923,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348043,"pkt_ts_usec":911898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/pAAD4GNd6sEAABwKgKMon0AFAYNXJiksCcV4AQAOXeggAAAQEICgE9Au8D5tRj"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1499348046262,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":1,"flow_first_seen":1499348046262,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":630,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8933,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":262543,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8bZhAAD4GWDisEAABwKgKMopEAFAJXWijAAAAAKACchBb9wAAAgQFtAQCCAoBPQU7AAAAAAEDAwc="}
00444{"flow_id":630,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8934,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":262674,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQikQJGz7wCV1opKAScSA6NQAAAgQFtAQCCAoD5tavAT0FOwEDAwc="}
00432{"flow_id":630,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8935,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":263451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bZlAAD4GWD+sEAABwKgKMopEAFAJXWikCRs+8YAQAOXZPAAAAQEICgE9BTsD5tav"}
00432{"flow_id":627,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8939,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":911504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l9BAAD4GLgisEAABwKgKMooOAFBaWpfk3nE37IARAOWPTgAAAQEICgE9Bd0D5tGh"}
00432{"flow_id":627,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8940,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":911725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04L1AAEAG4xrAqAoyrBAAAQBQig7ecTfsWlqX5YARAOOJnwAAAQEICgPm11EBPQXd"}
00432{"flow_id":627,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8941,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348046,"pkt_ts_usec":912470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0l9FAAD4GLgesEAABwKgKMooOAFBaWpfl3nE37YAQAOWJnQAAAQEICgE9Bd0D5tdR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1499348047547,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":1,"flow_first_seen":1499348047547,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":631,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8945,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348047,"pkt_ts_usec":547005,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8PrNAAD4Ghx2sEAABwKgKMopSAFC7TzjPAAAAAKACchDYiQAAAgQFtAQCCAoBPQZ8AAAAAAEDAwc="}
00444{"flow_id":631,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8946,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348047,"pkt_ts_usec":547131,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQilKBYq9Yu0840KAScSDM1gAAAgQFtAQCCAoD5tfwAT0GfAEDAwc="}
00432{"flow_id":631,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8947,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348047,"pkt_ts_usec":547886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PrRAAD4GhySsEAABwKgKMopSAFC7TzjQgWKvWYAQAOVr3gAAAQEICgE9BnwD5tfw"}
@@ -5720,79 +5720,79 @@
00432{"flow_id":629,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8960,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348048,"pkt_ts_usec":912033,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cMVAAD4GVROsEAABwKgKMooqAFAsTnJx0CdWe4ARAOXN8wAAAQEICgE9B9ED5tQm"}
00432{"flow_id":629,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8961,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348048,"pkt_ts_usec":912253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0jz5AAEAGNJrAqAoyrBAAAQBQiirQJ1Z7LE5ycoARAOPI1QAAAQEICgPm2UUBPQfR"}
00432{"flow_id":629,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8962,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348048,"pkt_ts_usec":912967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cMZAAD4GVRKsEAABwKgKMooqAFAsTnJy0CdWfIAQAOXI0wAAAQEICgE9B9ED5tlF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1499348050079,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":1,"flow_first_seen":1499348050079,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":632,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8966,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348050,"pkt_ts_usec":79474,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Gn1AAD4Gq1OsEAABwKgKMopsAFCVUBKIAAAAAKACchAiPQAAAgQFtAQCCAoBPQj1AAAAAAEDAwc="}
00443{"flow_id":632,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8967,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348050,"pkt_ts_usec":79605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQimww3+sulVASiaAScSAovgAAAgQFtAQCCAoD5tppAT0I9QEDAwc="}
00432{"flow_id":632,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8968,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348050,"pkt_ts_usec":80353,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn5AAD4Gq1qsEAABwKgKMopsAFCVUBKJMN\/rL4AQAOXHxQAAAQEICgE9CPUD5tpp"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1499348051362,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":6,"flow_first_seen":1499347917322,"flow_last_seen":1499347922879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34050,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":6,"flow_first_seen":1499347918608,"flow_last_seen":1499347923879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34064,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":6,"flow_first_seen":1499347921170,"flow_last_seen":1499347926880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34090,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":6,"flow_first_seen":1499347922471,"flow_last_seen":1499347927880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34104,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8972,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":6,"flow_first_seen":1499347923737,"flow_last_seen":1499347928880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34118,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":1,"flow_first_seen":1499348051362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":633,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8975,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":362157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8ntRAAD4GJvysEAABwKgKMop6AFCG4ZTiAAAAAKACchCtAgAAAgQFtAQCCAoBPQo2AAAAAAEDAwc="}
00444{"flow_id":633,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8976,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":362258,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQinqx2HVxhuGU46AScSCnBwAAAgQFtAQCCAoD5tupAT0KNgEDAwc="}
00432{"flow_id":633,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8977,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":362862,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ntVAAD4GJwOsEAABwKgKMop6AFCG4ZTjsdh1coAQAOVGDwAAAQEICgE9CjYD5tup"}
00432{"flow_id":630,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8981,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":912378,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bZpAAD4GWD6sEAABwKgKMopEAFAJXWikCRs+8YARAOXTtwAAAQEICgE9Cr8D5tav"}
00433{"flow_id":630,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8982,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":912643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA04sJAAEAG4RXAqAoyrBAAAQBQikQJGz7xCV1opYARAOPONAAAAQEICgPm3DMBPQq\/"}
00432{"flow_id":630,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8983,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348051,"pkt_ts_usec":913354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0bZtAAD4GWD2sEAABwKgKMopEAFAJXWilCRs+8oAQAOXOMgAAAQEICgE9Cr8D5twz"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1499348052641,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":1,"flow_first_seen":1499348052641,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":634,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8987,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":641614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8j\/xAAD4GNdSsEAABwKgKMoqIAFBipISJAAAAAKACchDgSwAAAgQFtAQCCAoBPQt1AAAAAAEDAwc="}
00444{"flow_id":634,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8988,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":641737,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiogIs7XwYqSEiqAScSBBtwAAAgQFtAQCCAoD5tzpAT0LdQEDAwc="}
00433{"flow_id":634,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8989,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":642481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/1AAD4GNdusEAABwKgKMoqIAFBipISKCLO18YAQAOXgvQAAAQEICgE9C3YD5tzp"}
00432{"flow_id":631,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8993,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":912419,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PrVAAD4GhyOsEAABwKgKMopSAFC7TzjQgWKvWYARAOVmoAAAAQEICgE9C7kD5tfw"}
00432{"flow_id":631,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8994,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":912693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0cnRAAEAGUWTAqAoyrBAAAQBQilKBYq9Zu0840YARAONhZAAAAQEICgPm3S0BPQu5"}
00432{"flow_id":631,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8995,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348052,"pkt_ts_usec":913434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0PrZAAD4GhyKsEAABwKgKMopSAFC7TzjRgWKvWoAQAOVhYgAAAQEICgE9C7kD5t0t"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1499348055228,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":1,"flow_first_seen":1499348055228,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":635,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9005,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":228139,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8W0hAAD4GaoisEAABwKgKMoqiAFBaIFa0AAAAAKACchAUBAAAAgQFtAQCCAoBPQ38AAAAAAEDAwc="}
00446{"flow_id":635,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9006,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":228264,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiqK\/mxmbWiBWtaAScSBYVQAAAgQFtAQCCAoD5t9wAT0N\/AEDAwc="}
00432{"flow_id":635,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9007,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":229028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W0lAAD4Gao+sEAABwKgKMoqiAFBaIFa1v5sZnIAQAOX3XAAAAQEICgE9DfwD5t9w"}
00433{"flow_id":632,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9011,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":912581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gn9AAD4Gq1msEAABwKgKMopsAFCVUBKJMN\/rL4ARAOXCEgAAAQEICgE9DqcD5tpp"}
00432{"flow_id":632,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9012,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":912812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CzRAAEAGuKTAqAoyrBAAAQBQimww3+svlVASioARAOO8YQAAAQEICgPm4BsBPQ6n"}
00433{"flow_id":632,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9013,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348055,"pkt_ts_usec":913596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GoBAAD4Gq1isEAABwKgKMopsAFCVUBKKMN\/rMIAQAOW8XwAAAQEICgE9DqcD5uAb"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1499348056534,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":1,"flow_first_seen":1499348056534,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":636,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9017,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":534889,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8LdZAAD4Gl\/qsEAABwKgKMoqwAFDDZCKVAAAAAKACchDdiQAAAgQFtAQCCAoBPQ9DAAAAAAEDAwc="}
00444{"flow_id":636,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9018,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":535022,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQirDnT6dMw2QilqAScSBrLgAAAgQFtAQCCAoD5uC3AT0PQwEDAwc="}
00432{"flow_id":636,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9019,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":535783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0LddAAD4GmAGsEAABwKgKMoqwAFDDZCKW50+nTYAQAOUKNgAAAQEICgE9D0MD5uC3"}
00432{"flow_id":633,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9023,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":912866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ntZAAD4GJwKsEAABwKgKMop6AFCG4ZTjsdh1coARAOVAowAAAQEICgE9D6ED5tup"}
00432{"flow_id":633,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9024,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":913088,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0lGdAAEAGL3HAqAoyrBAAAQBQinqx2HVyhuGU5IARAOM7OAAAAQEICgPm4RUBPQ+h"}
00432{"flow_id":633,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9025,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348056,"pkt_ts_usec":913859,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ntdAAD4GJwGsEAABwKgKMop6AFCG4ZTksdh1c4AQAOU7NQAAAQEICgE9D6ID5uEV"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1499348057789,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":1,"flow_first_seen":1499348057789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":637,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9029,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":789900,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8cW1AAD4GVGOsEAABwKgKMoq+AFBo3mEQAAAAAKACchD4TAAAAgQFtAQCCAoBPRB9AAAAAAEDAwc="}
00444{"flow_id":637,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9030,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":790003,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQir7ZkVGbaN5hEaAScSDoJwAAAgQFtAQCCAoD5uHwAT0QfQEDAwc="}
00432{"flow_id":637,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9031,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":790582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cW5AAD4GVGqsEAABwKgKMoq+AFBo3mER2ZFRnIAQAOWHLwAAAQEICgE9EH0D5uHw"}
00433{"flow_id":634,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9035,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":913100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/5AAD4GNdqsEAABwKgKMoqIAFBipISKCLO18YARAOXblwAAAQEICgE9EJsD5tzp"}
00433{"flow_id":634,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9036,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":913385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0V\/5AAEAGa9rAqAoyrBAAAQBQiogIs7XxYqSEi4ARAOPWcgAAAQEICgPm4g8BPRCb"}
00433{"flow_id":634,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9037,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348057,"pkt_ts_usec":914097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0j\/9AAD4GNdmsEAABwKgKMoqIAFBipISLCLO18oAQAOXWbwAAAQEICgE9EJwD5uIP"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1499348059068,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":1,"flow_first_seen":1499348059068,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":638,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9041,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348059,"pkt_ts_usec":68980,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8SJlAAD4GfTesEAABwKgKMorMAFAzNVklAAAAAKACchA0lAAAAgQFtAQCCAoBPRG8AAAAAAEDAwc="}
00443{"flow_id":638,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9042,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348059,"pkt_ts_usec":69115,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQisz9Lu2rMzVZJqAScSBjgQAAAgQFtAQCCAoD5uMwAT0RvAEDAwc="}
00432{"flow_id":638,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9043,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348059,"pkt_ts_usec":69889,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SJpAAD4GfT6sEAABwKgKMorMAFAzNVkm\/S7trIAQAOUCiAAAAQEICgE9Eb0D5uMw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1499348060393,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":1,"flow_first_seen":1499348060393,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":639,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9050,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":393569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80ItAAD4G9USsEAABwKgKMoraAFD\/pcOMAAAAAKACchD8YgAAAgQFtAQCCAoBPRMHAAAAAAEDAwc="}
00445{"flow_id":639,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9051,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":393691,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQitr3giqS\/6XDjaAScSDyygAAAgQFtAQCCAoD5uR7AT0TBwEDAwc="}
00433{"flow_id":639,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9052,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":394271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00IxAAD4G9UusEAABwKgKMoraAFD\/pcON94Iqk4AQAOWR0QAAAQEICgE9EwgD5uR7"}
00432{"flow_id":635,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9056,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":912971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W0pAAD4Gao6sEAABwKgKMoqiAFBaIFa1v5sZnIARAOXxzgAAAQEICgE9E4kD5t9w"}
00434{"flow_id":635,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9057,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":913189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0\/WFAAEAGxnbAqAoyrBAAAQBQiqK\/mxmcWiBWtoARAOPsQgAAAQEICgPm5P0BPROJ"}
00432{"flow_id":635,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9058,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348060,"pkt_ts_usec":913929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0W0tAAD4Gao2sEAABwKgKMoqiAFBaIFa2v5sZnYAQAOXsPwAAAQEICgE9E4oD5uT9"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1499348061684,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":6,"flow_first_seen":1499347926328,"flow_last_seen":1499347931880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34144,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":6,"flow_first_seen":1499347927657,"flow_last_seen":1499347932881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34158,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":6,"flow_first_seen":1499347930265,"flow_last_seen":1499347935880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":6,"flow_first_seen":1499347931529,"flow_last_seen":1499347936881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34198,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":6,"flow_first_seen":1499347934152,"flow_last_seen":1499347939882,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34224,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9059,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":6,"flow_first_seen":1499347935445,"flow_last_seen":1499347940883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":1,"flow_first_seen":1499348061684,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":640,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9062,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348061,"pkt_ts_usec":684202,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8R+ZAAD4GfeqsEAABwKgKMoroAFA+FlOsAAAAAKACchAsggAAAgQFtAQCCAoBPRRKAAAAAAEDAwc="}
00444{"flow_id":640,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9063,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348061,"pkt_ts_usec":684363,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiuhWb4DgPhZTraAScSBsbAAAAgQFtAQCCAoD5uW+AT0USgEDAwc="}
00432{"flow_id":640,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9064,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348061,"pkt_ts_usec":685087,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0R+dAAD4GffGsEAABwKgKMoroAFA+FlOtVm+A4YAQAOULdAAAAQEICgE9FEoD5uW+"}
@@ -5802,14 +5802,14 @@
00432{"flow_id":637,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9074,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348062,"pkt_ts_usec":913332,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cW9AAD4GVGmsEAABwKgKMoq+AFBo3mER2ZFRnIARAOWCLgAAAQEICgE9FX0D5uHw"}
00432{"flow_id":637,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9075,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348062,"pkt_ts_usec":913553,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0t21AAEAGDGvAqAoyrBAAAQBQir7ZkVGcaN5hEoARAON9LgAAAQEICgPm5vEBPRV9"}
00432{"flow_id":637,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9076,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348062,"pkt_ts_usec":914286,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0cXBAAD4GVGisEAABwKgKMoq+AFBo3mES2ZFRnYAQAOV9KwAAAQEICgE9FX4D5ubx"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1499348064243,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":1,"flow_first_seen":1499348064243,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":641,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":243564,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Y\/tAAD4GYdWsEAABwKgKMosCAFBtqHUxAAAAAKACchDY0AAAAgQFtAQCCAoBPRbKAAAAAAEDAwc="}
00445{"flow_id":641,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9084,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":243696,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiwKN0\/hjbah1MqAScSBnUwAAAgQFtAQCCAoD5ug+AT0WygEDAwc="}
00433{"flow_id":641,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9085,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":244434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y\/xAAD4GYdysEAABwKgKMosCAFBtqHUyjdP4ZIAQAOUGWwAAAQEICgE9FsoD5ug+"}
00433{"flow_id":638,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":913784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SJtAAD4GfT2sEAABwKgKMorMAFAzNVkm\/S7trIARAOX80QAAAQEICgE9F3ID5uMw"}
00433{"flow_id":638,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":914003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0BUlAAEAGvo\/AqAoyrBAAAQBQisz9Lu2sMzVZJ4ARAOP3HQAAAQEICgPm6OUBPRdy"}
00433{"flow_id":638,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9091,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348064,"pkt_ts_usec":914738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0SJxAAD4GfTysEAABwKgKMorMAFAzNVkn\/S7trYAQAOX3GwAAAQEICgE9F3ID5ujl"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1499348065546,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":1,"flow_first_seen":1499348065546,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":642,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9095,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348065,"pkt_ts_usec":546965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA882RAAD4G0musEAABwKgKMosQAFA77ut0AAAAAKACchCS8wAAAgQFtAQCCAoBPRgQAAAAAAEDAwc="}
00444{"flow_id":642,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9096,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348065,"pkt_ts_usec":547091,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQixCTY4b2O+7rdaAScSCMDQAAAgQFtAQCCAoD5umEAT0YEAEDAwc="}
00432{"flow_id":642,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9097,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348065,"pkt_ts_usec":547854,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA082VAAD4G0nKsEAABwKgKMosQAFA77ut1k2OG94AQAOUrFQAAAQEICgE9GBAD5umE"}
@@ -5819,48 +5819,48 @@
00432{"flow_id":640,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9110,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348066,"pkt_ts_usec":914407,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0R+hAAD4GffCsEAABwKgKMoroAFA+FlOtVm+A4YARAOUGVwAAAQEICgE9GWYD5uW+"}
00432{"flow_id":640,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9111,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348066,"pkt_ts_usec":914609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0ajtAAEAGWZ3AqAoyrBAAAQBQiuhWb4DhPhZTroARAOMBPAAAAQEICgPm6toBPRlm"}
00432{"flow_id":640,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9112,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348066,"pkt_ts_usec":915337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0R+lAAD4Gfe+sEAABwKgKMoroAFA+FlOuVm+A4oAQAOUBOgAAAQEICgE9GWYD5ura"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1499348068136,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":1,"flow_first_seen":1499348068136,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":643,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9116,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348068,"pkt_ts_usec":136241,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8f2xAAD4GRmSsEAABwKgKMosqAFAaVGX7AAAAAKACchA3ZgAAAgQFtAQCCAoBPRqXAAAAAAEDAwc="}
00445{"flow_id":643,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9117,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348068,"pkt_ts_usec":136365,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiyoM4+ekGlRl\/KAScSBTywAAAgQFtAQCCAoD5uwLAT0alwEDAwc="}
00432{"flow_id":643,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9118,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348068,"pkt_ts_usec":136947,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f21AAD4GRmusEAABwKgKMosqAFAaVGX8DOPnpYAQAOXy0gAAAQEICgE9GpcD5uwL"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1499348069426,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":1,"flow_first_seen":1499348069426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":644,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9125,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":426418,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86kVAAD4G24qsEAABwKgKMos4AFDyvfGfAAAAAKACchDSBgAAAgQFtAQCCAoBPRvaAAAAAAEDAwc="}
00444{"flow_id":644,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9126,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":426563,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQiziWvrte8r3xoKAScSCPkwAAAgQFtAQCCAoD5u1OAT0b2gEDAwc="}
00432{"flow_id":644,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9127,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":427333,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06kZAAD4G25GsEAABwKgKMos4AFDyvfGglr67X4AQAOUumwAAAQEICgE9G9oD5u1O"}
00433{"flow_id":641,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9131,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":915429,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y\/1AAD4GYdusEAABwKgKMosCAFBtqHUyjdP4ZIARAOUA0AAAAQEICgE9HFQD5ug+"}
00433{"flow_id":641,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9132,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":915653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0FaxAAEAGrizAqAoyrBAAAQBQiwKN0\/hkbah1M4ARAOP7RgAAAQEICgPm7cgBPRxU"}
00433{"flow_id":641,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9133,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348069,"pkt_ts_usec":916386,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Y\/5AAD4GYdqsEAABwKgKMosCAFBtqHUzjdP4ZYAQAOX7RAAAAQEICgE9HFQD5u3I"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1499348070791,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":1,"flow_first_seen":1499348070791,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":645,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":791453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8jQtAAD4GOMWsEAABwKgKMotGAFAklpAkAAAAAKACchAARwAAAgQFtAQCCAoBPR0vAAAAAAEDAwc="}
00444{"flow_id":645,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":791613,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi0aOH7cfJJaQJaAScSDJXAAAAgQFtAQCCAoD5u6jAT0dLwEDAwc="}
00432{"flow_id":645,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":792328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQxAAD4GOMysEAABwKgKMotGAFAklpAljh+3IIAQAOVoZAAAAQEICgE9HS8D5u6j"}
00432{"flow_id":642,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9143,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":915441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA082ZAAD4G0nGsEAABwKgKMosQAFA77ut1k2OG94ARAOUl1gAAAQEICgE9HU4D5umE"}
00432{"flow_id":642,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9144,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":916467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0aDVAAEAGW6PAqAoyrBAAAQBQixCTY4b3O+7rdoARAOMgmQAAAQEICgPm7sIBPR1O"}
00432{"flow_id":642,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9145,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348070,"pkt_ts_usec":917210,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA082dAAD4G0nCsEAABwKgKMosQAFA77ut2k2OG+IAQAOUglwAAAQEICgE9HU4D5u7C"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_tot_l4_data_len":242497,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":767,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1499348072088,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":316,"flow_first_seen":1499347872187,"flow_last_seen":1499347941610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232369,"flow_avg_l4_payload_len":735,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":33580,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":568,"flow_packet_id":6,"flow_first_seen":1499347936727,"flow_last_seen":1499347941876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":6,"flow_first_seen":1499347940593,"flow_last_seen":1499347945883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34292,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":6,"flow_first_seen":1499347943146,"flow_last_seen":1499347948885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34318,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":572,"flow_packet_id":6,"flow_first_seen":1499347944440,"flow_last_seen":1499347949885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34332,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9146,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":573,"flow_packet_id":6,"flow_first_seen":1499347945720,"flow_last_seen":1499347950886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34346,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":1,"flow_first_seen":1499348072088,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":646,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9152,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":88629,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8DYZAAD4GuEqsEAABwKgKMotUAFAOsRP1AAAAAKACchCRCQAAAgQFtAQCCAoBPR5zAAAAAAEDAwc="}
00445{"flow_id":646,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9153,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":88754,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi1Q00\/Q8DrET9qAScSB1CgAAAgQFtAQCCAoD5u\/nAT0ecwEDAwc="}
00432{"flow_id":646,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9154,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":89529,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYdAAD4GuFGsEAABwKgKMotUAFAOsRP2NNP0PYAQAOUUEgAAAQEICgE9HnMD5u\/n"}
01214{"flow_id":643,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":90135,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ABm5CmnxAMGxFOsxCABFAAJ9f25AAD4GRCGsEAABwKgKMosqAFAaVGX8DOPnpYAYAOU37AAAAQEICgE9HnQD5uwLR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvP25hbWU9JTNDc2NyaXB0JTNFY29uc29sZS5sb2clMjglMjdLR0U4RVM5U0NRN0ZPUlk1VlNQVFlZNFI0VUhKTlJRVFBUQVk2TDlKUjFPVTQwUlBEQSUyNyUyOSUzQmNvbnNvbGUubG9nJTI4ZG9jdW1lbnQuY29va2llJTI5JTNCJTNDJTJGc2NyaXB0JTNFIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClJlZmVyZXI6IGh0dHA6Ly8yMDUuMTc0LjE2NS42OC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvDQpDb29raWU6IHNlY3VyaXR5PWxvdzsgc2VjdXJpdHk9bG93OyBQSFBTRVNTSUQ9djZvb2tmNmUyNm4xaWRvNXNpdmU2c2FpNzENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00917{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_tot_l4_data_len":729,"flow_min_l4_data_len":32,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
+00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9155,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":4,"flow_first_seen":1499348068136,"flow_last_seen":1499348072090,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":585,"flow_tot_l4_payload_len":585,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"205.174.165.68","url":"205.174.165.68\/dv\/vulnerabilities\/xss_r\/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:45.0) Gecko\/20100101 Firefox\/45.0"}}
00431{"flow_id":643,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9156,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":90207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0CEJAAEAGu5bAqAoyrBAAAQBQiyoM4+elGlRoRYAQAOzoyQAAAQEICgPm7+cBPR50"}
02961{"flow_id":643,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9157,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":93231,"pkt_caplen":1934,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1934,"pkt_l4_len":1900,"pkt":"AMGxFOsxABm5CmnxCABFAAeACENAAEAGtEnAqAoyrBAAAQBQiyoM4+elGlRoRYAYAOx+XgAAAQEICgPm7+gBPR50SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjM0OjMxIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTUxNg0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PXV0Zi04DQoNCh+LCAAAAAAAAAOtWP9P2zgU\/xmk\/Q8+n3TAJGJ6290N1mYqLQx2bHRNgSGdFLmJ2xqcOIudFv77e3aSNnwtWZFQcez35fP8np\/f85v15m\/d087gsneAJjoSqHe2f3LcQXibkIt3HUK6gy76cTT4eoIazg7ydMoDTcjBN4zwROtkj5DZbObM3jkyHZNBn9wYKQ3DVgy3leVxQh1i9836m\/Wm1XMTiVi1HpHR2N3dzVlz8rXmhNEQhmtrzYhpigzLNvuZ8WkLd2SsWay3B7cJwyjIv1pYsxtNjIiPKJjQVDHdOhscbn\/AiOQy15qaa8Hc80zELKVDLri+3UN9NhIs0CxEnVQqhTyuGfKClCeax2O0+cPzttDeHurSKEYlr2Dogg1RO0kED6jmMkab3fOL9haaNpzGDnrbZVMmZBIBtLdNkisuUAgeX6OUiRZW+lYwNWFMY6TBmsKIQCmMJikbtbDjEPgLpzNqZklEeezYZfJQGoetKOX8xyM6ZgSm7koa0akhc+zCXIay1lYhXNEpzWcxUmlwB8iVsv97oMC5Uthtkpyy8BwpXGfGQxneokBQZbwuI4Zzl4Z8injYwsZ3YBFLC69XloyQyvxak0fjB0iskYoIOZZOEo8xogICYYmjFnYDVlD3QLXZZB8cl1W0P1jzExqGLMwNAoJMlHaa1X0hg2uzNYIjGQeg+rqFZzwO5cyBJYujtZFb4mzgkhUY6B13Odg9gm1rEgq7LLi7\/hKBPIbTlwVmSjnJJHlG\/n1S7B5XZuqphQOXJUv0zWmw65khInD8YBJ19yvKSCbcFTZ0WjnfHMJjmGaakWdQPc6A3X3zHx3KNKjpgfsC2Q0L6gCw9NjtyCiicYiO4ytmPbIaikClozooLD2g8PqHqykeceJ8SuCotjhwZiFbEiUv4sfuIYfDfWxm1Mp7kyVC0rDO7hQcBYwz+7Wif2ii4eaq5aKCxZ5bFmQpQ512b9A5aq8GRf0UvA4OSw9n+vvJawWrkegP4XKr5ZQK1z00aHPfTG+thmrG6LXPa0EqWbB7ASPkMWWiFR13a6bX+3JvlPJrAckZsAv1DNQqp19X3AojLq3oVyyvol6EIy1xzIuvV0Cj6u6GKlF4WqZ3Iax4BdmzCNXl0utwQYZdUz9CfORT9bYD+Hk8kkvUVaiw2zvqwekYyXqK6FBmeomaOQ1222b4ettqCr2l6hdE2D2x43sAiortTu33dCFoSthFIQidjFktdJu1aiHYnDR+pbuAkrlRFMwV4dN5BesHMmQ+TRkt6ueRTCMU0wiqdeCHstemuBb+HSPoliYSsH8+GBS1aTMpLL6YUL2h0K3MUsv8qays4ySrFv+4EG1+5\/VtlUhlw4gD2ZSKDD69\/LPQRhI3byqIQZnjTVLmHjEhJCpaDRcqfyUFAw+PNzf+\/Xzw4cDb9Trf\/zk87V\/+de71BpeX7\/vvz46+fOt\/H\/QG7cu\/T3a\/9BunZ+93+r1ue2PrY1VCKIPMdFpOIOU1Z1sf5y0JwEmZdc3Cw83Jn+5XOPA2\/NOI5pcVTJq1Ij4gGhdxZZpPVTSsckZVYntWCFF2Y8KMWM9uK\/CsP\/esbz0L7RhNx9CJYriVaHyN3V+XNY\/i2viA24cqRbPUP4C2Dsz1O9Bfad8rWs+aGJ+Xtxwni50Zv+YJCzm1os1X1XJVWv40tpfLeB5PYWYw5vNkHMjIXA\/bI\/rTsU8Sj4J4AeOLNOc4qWCpblgJz6p7QF3VUWS3PNTLznWYQr+b\/5Yp7ImUV+SdQDCazk\/zY3lR3SrNIt\/cJY\/mh2Gmtemzi\/xwztkMwfFP5jk7kUmW+CWZjDt51l88OuwBxVmyiZ647acg0Z+ARBOOnwCSrSn+KB3REnK2gbawi5bC8iAZBux1gSkrcyk0s5tU8DHkbcFGkD+bLHLPFEtN3t1rEvhCNIx4XLgQvsviAJ2Y16WCBiQuKOBWP+56xUrIlbk+wtKLTzp0JKW+89iSuKu8diWPXavVBEzMxZm\/C9oXO\/d\/Z+qScZIUAAA="}
00432{"flow_id":643,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9158,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348072,"pkt_ts_usec":93898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f29AAD4GRmmsEAABwKgKMosqAFAaVGhFDOPu8YAQAQLhZQAAAQEICgE9HnUD5u\/o"}
00948{"flow_id":643,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9159,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":114528,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzf3BAAD4GROmsEAABwKgKMosqAFAaVGhFDOPu8YAYAQKPbgAAAQEICgE9H3QD5u\/oR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02820{"flow_id":643,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9160,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":117540,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceCEVAAEAGtKnAqAoyrBAAAQBQiyoM4+7xGlRpxIAYAPV9\/AAAAQEICgPm8OgBPR90SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjM0OjMyIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTkNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
00433{"flow_id":643,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9161,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":118238,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f3FAAD4GRmesEAABwKgKMosqAFAaVGnEDOP124AQAR3W4QAAAQEICgE9H3UD5vDo"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1499348073365,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":1,"flow_first_seen":1499348073365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":647,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":365184,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8Pg1AAD4Gh8OsEAABwKgKMotiAFCjeCG\/AAAAAKACchDtKgAAAgQFtAQCCAoBPR+yAAAAAAEDAwc="}
00444{"flow_id":647,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":365350,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi2IT1M33o3ghwKAScSAXMQAAAgQFtAQCCAoD5vEmAT0fsgEDAwc="}
00432{"flow_id":647,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9164,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":366070,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Pg5AAD4Gh8qsEAABwKgKMotiAFCjeCHAE9TN+IAQAOW2NwAAAQEICgE9H7MD5vEm"}
@@ -5869,7 +5869,7 @@
00433{"flow_id":643,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9167,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348073,"pkt_ts_usec":370632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0f3NAAD4GRmWsEAABwKgKMosqAFAaVGwNDOP9JYAQATvMsgAAAQEICgE9H7QD5vEn"}
00948{"flow_id":643,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9168,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348074,"pkt_ts_usec":412315,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ABm5CmnxAMGxFOsxCABFAAGzf3RAAD4GROWsEAABwKgKMosqAFAaVGwNDOP9JYAYATt6tgAAAQEICgE9ILgD5vEnR0VUIC9kdi92dWxuZXJhYmlsaXRpZXMveHNzX3IvIEhUVFAvMS4xDQpIb3N0OiAyMDUuMTc0LjE2NS42OA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo0NS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzQ1LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvb2tpZTogc2VjdXJpdHk9bG93OyBzZWN1cml0eT1sb3c7IFBIUFNFU1NJRD12Nm9va2Y2ZTI2bjFpZG81c2l2ZTZzYWk3MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
02822{"flow_id":643,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9169,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348074,"pkt_ts_usec":415864,"pkt_caplen":1836,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1836,"pkt_l4_len":1802,"pkt":"AMGxFOsxABm5CmnxCABFAAceCElAAEAGtKXAqAoyrBAAAQBQiyoM4\/0lGlRtjIAYAQd9\/AAAAQEICgPm8i0BPSC4SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDA2IEp1bCAyMDE3IDEzOjM0OjM0IEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjE4IChVYnVudHUpDQpFeHBpcmVzOiBUdWUsIDIzIEp1biAyMDA5IDEyOjAwOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpDb250ZW50LUxlbmd0aDogMTQxOQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNCg0KH4sIAAAAAAAAA61YbU\/jOBD+DNL+B59POmClxtvbL7dcmhW0cCCxt9y2LHvSSZGbuK3BiYPttPDvb+w4bXgt2SKh4pd5eTzjGc\/k3Xb4y+Brf\/Tv+RGamUyg84vDs9M+wh1CLj\/2CRmMBujHyejLGeoGH9DQKJ4YQo7+xgjPjCn2CVksFsHiYyDVlIy+kVsrpWvZ\/LCjHU+QmhRH77bfbYdOz20mct17Qkb306dPFWtFvhXOGE1huLUVZsxQZFk67Kbk8x7uy9yw3HRGdwXDKKlmPWzYrSFWxJ8omVGlmeldjI47f2BEKplboeFGsOh7KXKm6JgLbu720Tc2ESwxLEV9JbVGQ24YGiaKF4bnU7T7YzjcQ\/v7aECzHNW8gqFLNkYHRSF4Qg2XOdodfL882EPzbtD9gN4P2JwJWWQA7X1IKsUeheD5NVJM9LA2d4LpGWMGIwOn8YdItMZoptikh4OAwF86X1C7SjLK88Btk8fSOJiilvMfz+iUEVi6L2lC55YscBtLGdqdtgnhis5ptYqRVsk9IFfa\/T8HBcGVxlFIKkrvOeJdZ8djmd6hRFBtvS4zhiuXpnyOeNrD1ndwIqa81xtbVkhjfSvk2fQREndITYScyqDIpxhRARdhjaNW5wasoO6RamvkGBxXNrQ\/2osLmqYsrQ4EBKWoz2l3D4VMrq1pBEcyT0D1dQ8veJ7KRQBbDkdvpzpJsINrVmCg99wV4OgEzBYSClYWPNp+jUCeQ\/SViV3SQTErXpD\/kBRHp42Vdmoh4Mpijb4lDY6GdogIhB8sosFhQxkpRbSBQeeN+OZwPcaqNIy8gOppBhwd2v\/oWKqkpQceCmS3LGkDwNHjqC+zjOYpOs2vmPPIZigSrSZtUDh6QDH8dryZ4gknwecCQrXHgbNM2Zpb8ip+HB1zCO5Tu6I3tk1ZCEnTNtbxHB7GhZtt6B9aGHi5WrnIs7i4ZUmpGOofnI\/6JwebQdE3grfB4eghpv85e6vLaiXGY3jcWjmlwfUADdo9tMt7m6FaMHod81aQahYcXcIIDZm2txWdDlqm14dyb7WOWwGpGHAE9QzUKl+\/bGgKK0419GtWVVGvwqFqHMvi6w3Q6LbW0DWKoZHqPoQNnyAXi1Bdrn0OV2Q4svUj3I9qqZ05gJ\/nE7lGXYMKR+cn5xAdE9lOER3L0qxRs6TB0YEdvp1ZbaG3Vv2KCEdnbvwAgK\/Y7tV+zxeCtoRdFYLQydhdr9vuNQvBcNb9me4CSuauL5gbwufLCjZOZMpiqhj19fNEqgzlNINqHfih7HUprod\/xQi6pZkE7H8djXxtGhb+xJczanY0upOlcsyf68o6L8pm8Y+9aPu7rG+bRLocZxzI5lSUMB1WU6+NFFHVVBCL0i26rmBp4HD2e\/QF4s3dPpXR6q2ARbvn3QOXYeVW2\/tp3y\/KBdWFaxnhhrBb62XiDNvRYNh4adjYGRa6Iaqm0AhieBRofo2jn5e1vESt8QF3DEWCYSo+gq4Kjhv3ob0x8dB3fi0xvixvPU6WBwt+zQuWcupE21nz5Lo++fPYXi\/jZTz+mMmUL3NhIjObnTsTehO4LwJPgngF46s0VzipYMp0nYQX1T2iburwyaW66nXjOFbQbla\/dQZ5JuP4sE8Eo2oZTE+lJX2nDctim8qfDM9xaYxtc314fudsgU6YKJYps5BFWcQ1mcz7VdJd9fz7QHFR7KJnHts5SIxnINFex88AyT3pv9WO6Am52EF7OEJrYQ0hFyXsbYFpJ3MtNGtNKvgU0qZgE0hfIcuiC82UTXv7IYEZomnGc+9CmNdvMzqzH3c8DUhcUcCjejoY+p2Ua5u909qLzzp0IqW5962jiDb52FQ89ao1EzCx71b1Wc59MIv+B6iyF7ARFAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1499348074670,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":1,"flow_first_seen":1499348074670,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":648,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9171,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348074,"pkt_ts_usec":670569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8OC5AAD4GjaKsEAABwKgKMotwAFDSMxjXAAAAAKACchDGAgAAAgQFtAQCCAoBPSD5AAAAAAEDAwc="}
00444{"flow_id":648,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9172,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348074,"pkt_ts_usec":670696,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi3D0f4w30jMY2KAScSBP1gAAAgQFtAQCCAoD5vJtAT0g+QEDAwc="}
00432{"flow_id":648,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9173,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348074,"pkt_ts_usec":671439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0OC9AAD4GjamsEAABwKgKMotwAFDSMxjY9H+MOIAQAOXu3QAAAQEICgE9IPkD5vJt"}
@@ -5879,14 +5879,14 @@
00432{"flow_id":645,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9183,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348075,"pkt_ts_usec":917366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQ1AAD4GOMusEAABwKgKMotGAFAklpAljh+3IIARAOVjYgAAAQEICgE9IjAD5u6j"}
00432{"flow_id":645,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9184,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348075,"pkt_ts_usec":917611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0RIRAAEAGf1TAqAoyrBAAAQBQi0aOH7cgJJaQJoARAONeYgAAAQEICgPm86QBPSIw"}
00432{"flow_id":645,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9185,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348075,"pkt_ts_usec":918323,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0jQ5AAD4GOMqsEAABwKgKMotGAFAklpAmjh+3IYAQAOVeXwAAAQEICgE9IjED5vOk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1499348077218,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":1,"flow_first_seen":1499348077218,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":649,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9192,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":218866,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA80HtAAD4G9VSsEAABwKgKMouKAFBc0\/MNAAAAAKACchBelQAAAgQFtAQCCAoBPSN2AAAAAAEDAwc="}
00444{"flow_id":649,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9193,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":218968,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi4oOSV5eXNPzDqAScSD5+wAAAgQFtAQCCAoD5vTqAT0jdgEDAwc="}
00433{"flow_id":649,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9195,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":219749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00HxAAD4G9VusEAABwKgKMouKAFBc0\/MODkleX4AQAOWZAwAAAQEICgE9I3YD5vTq"}
00433{"flow_id":646,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9198,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":918484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYhAAD4GuFCsEAABwKgKMotUAFAOsRP2NNP0PYARAOUOXwAAAQEICgE9JCUD5u\/n"}
00433{"flow_id":646,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9199,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":918703,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0AaRAAEAGwjTAqAoyrBAAAQBQi1Q00\/Q9DrET94ARAOMIrgAAAQEICgPm9ZkBPSQl"}
00432{"flow_id":646,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9200,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348077,"pkt_ts_usec":919409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0DYlAAD4GuE+sEAABwKgKMotUAFAOsRP3NNP0PoAQAOUIrAAAAQEICgE9JCUD5vWZ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1499348078531,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":1,"flow_first_seen":1499348078531,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":650,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9204,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348078,"pkt_ts_usec":531918,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA86yNAAD4G2qysEAABwKgKMouYAFAizM+dAAAAAKACchC6tgAAAgQFtAQCCAoBPSS+AAAAAAEDAwc="}
00444{"flow_id":650,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9205,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348078,"pkt_ts_usec":532057,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi5glYndPIszPnqAScSAkywAAAgQFtAQCCAoD5vYyAT0kvgEDAwc="}
00432{"flow_id":650,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9206,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348078,"pkt_ts_usec":532812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yRAAD4G2rOsEAABwKgKMouYAFAizM+eJWJ3UIAQAOXD0gAAAQEICgE9JL4D5vYy"}
@@ -5896,42 +5896,42 @@
00432{"flow_id":648,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9219,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348079,"pkt_ts_usec":918905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ODBAAD4GjaisEAABwKgKMotwAFDSMxjY9H+MOIARAOXpvAAAAQEICgE9JhkD5vJt"}
00432{"flow_id":648,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9220,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348079,"pkt_ts_usec":919120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0e7VAAEAGSCPAqAoyrBAAAQBQi3D0f4w40jMY2YARAOPknQAAAQEICgPm940BPSYZ"}
00432{"flow_id":648,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9221,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348079,"pkt_ts_usec":919827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0ODFAAD4GjaesEAABwKgKMotwAFDSMxjZ9H+MOYAQAOXkmwAAAQEICgE9JhkD5veN"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1499348081113,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":1,"flow_first_seen":1499348081113,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":651,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9225,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348081,"pkt_ts_usec":113543,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8P1ZAAD4GhnqsEAABwKgKMouyAFAGWhgVAAAAAKACchCMEgAAAgQFtAQCCAoBPSdDAAAAAAEDAwc="}
00444{"flow_id":651,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9226,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348081,"pkt_ts_usec":113640,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi7IGSc2TBloYFqAScSC8dgAAAgQFtAQCCAoD5vi3AT0nQwEDAwc="}
00432{"flow_id":651,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9227,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348081,"pkt_ts_usec":114423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1dAAD4GhoGsEAABwKgKMouyAFAGWhgWBknNlIAQAOVbfQAAAQEICgE9J0QD5vi3"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1499348082422,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":6,"flow_first_seen":1499347948293,"flow_last_seen":1499347953886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34372,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":6,"flow_first_seen":1499347949587,"flow_last_seen":1499347954886,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34386,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":6,"flow_first_seen":1499347952161,"flow_last_seen":1499347957887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":6,"flow_first_seen":1499347953439,"flow_last_seen":1499347958887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34426,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9231,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":6,"flow_first_seen":1499347954738,"flow_last_seen":1499347959887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34440,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":1,"flow_first_seen":1499348082422,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":652,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9234,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":422606,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8EzVAAD4GspusEAABwKgKMovAAFDEhDu+AAAAAKACchCo6AAAAgQFtAQCCAoBPSiLAAAAAAEDAwc="}
00445{"flow_id":652,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9235,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":422764,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi8Dw+8kBxIQ7v6AScSDx4wAAAgQFtAQCCAoD5vn\/AT0oiwEDAwc="}
00434{"flow_id":652,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9236,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":423500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0EzZAAD4GsqKsEAABwKgKMovAAFDEhDu\/8PvJAoAQAOWQ6wAAAQEICgE9KIsD5vn\/"}
00433{"flow_id":649,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9240,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":919746,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00H1AAD4G9VqsEAABwKgKMouKAFBc0\/MODkleX4ARAOWTcQAAAQEICgE9KQcD5vTq"}
00432{"flow_id":649,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9241,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":919933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0pCRAAEAGH7TAqAoyrBAAAQBQi4oOSV5fXNPzD4ARAOON4QAAAQEICgPm+nsBPSkH"}
00433{"flow_id":649,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9242,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348082,"pkt_ts_usec":920677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA00H5AAD4G9VmsEAABwKgKMouKAFBc0\/MPDkleYIAQAOWN3wAAAQEICgE9KQcD5vp7"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1499348083715,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":1,"flow_first_seen":1499348083715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":653,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9246,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":715901,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8aIdAAD4GXUmsEAABwKgKMovOAFCsxEFJAAAAAKACchC5zAAAAgQFtAQCCAoBPSnOAAAAAAEDAwc="}
00444{"flow_id":653,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9247,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":716010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi847RWyhrMRBSqAScSATnAAAAgQFtAQCCAoD5vtCAT0pzgEDAwc="}
00432{"flow_id":653,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9248,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":716792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aIhAAD4GXVCsEAABwKgKMovOAFCsxEFKO0VsooAQAOWyowAAAQEICgE9Kc4D5vtC"}
00432{"flow_id":650,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9252,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":920097,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yVAAD4G2rKsEAABwKgKMouYAFAizM+eJWJ3UIARAOW+jgAAAQEICgE9KgED5vYy"}
00432{"flow_id":650,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9253,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":920316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0jCVAAEAGN7PAqAoyrBAAAQBQi5glYndQIszPn4ARAOO5TAAAAQEICgPm+3UBPSoB"}
00432{"flow_id":650,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9254,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348083,"pkt_ts_usec":921047,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA06yZAAD4G2rGsEAABwKgKMouYAFAizM+fJWJ3UYAQAOW5SgAAAQEICgE9KgED5vt1"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1499348086300,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":1,"flow_first_seen":1499348086300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":654,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9264,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":300221,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8GytAAD4GqqWsEAABwKgKMovoAFCxvjd\/AAAAAKACchC7\/AAAAgQFtAQCCAoBPSxUAAAAAAEDAwc="}
00444{"flow_id":654,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9265,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":300346,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi+jtWBzhsb43gKAScSCw8gAAAgQFtAQCCAoD5v3IAT0sVAEDAwc="}
00432{"flow_id":654,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9266,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":301095,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0GyxAAD4GqqysEAABwKgKMovoAFCxvjeA7Vgc4oAQAOVP+gAAAQEICgE9LFQD5v3I"}
00432{"flow_id":651,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9270,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":920721,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1hAAD4GhoCsEAABwKgKMouyAFAGWhgWBknNlIARAOVV0QAAAQEICgE9LO8D5vi3"}
00434{"flow_id":651,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9271,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":920982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0M\/dAAEAGj+HAqAoyrBAAAQBQi7IGSc2UBloYF4ARAONQJgAAAQEICgPm\/mMBPSzv"}
00432{"flow_id":651,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9272,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348086,"pkt_ts_usec":921734,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0P1lAAD4Ghn+sEAABwKgKMouyAFAGWhgXBknNlYAQAOVQIwAAAQEICgE9LPAD5v5j"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1499348087568,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":1,"flow_first_seen":1499348087568,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":655,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9276,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348087,"pkt_ts_usec":568323,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WltAAD4Ga3WsEAABwKgKMov2AFAj3nfKAAAAAKACchAIRwAAAgQFtAQCCAoBPS2RAAAAAAEDAwc="}
00445{"flow_id":655,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9277,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348087,"pkt_ts_usec":568445,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQi\/boFFliI953y6AScSDEwgAAAgQFtAQCCAoD5v8FAT0tkQEDAwc="}
00432{"flow_id":655,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9278,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348087,"pkt_ts_usec":569190,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WlxAAD4Ga3ysEAABwKgKMov2AFAj3nfL6BRZY4AQAOVjygAAAQEICgE9LZED5v8F"}
@@ -5941,46 +5941,46 @@
00432{"flow_id":653,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9291,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348088,"pkt_ts_usec":921632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aIlAAD4GXU+sEAABwKgKMovOAFCsxEFKO0VsooARAOWtjAAAAQEICgE9LuQD5vtC"}
00432{"flow_id":653,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9292,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348088,"pkt_ts_usec":921880,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0bPVAAEAGVuPAqAoyrBAAAQBQi847RWyirMRBS4ARAOOoeAAAAQEICgPnAFcBPS7k"}
00432{"flow_id":653,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348088,"pkt_ts_usec":922438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0aIpAAD4GXU6sEAABwKgKMovOAFCsxEFLO0Vso4AQAOWodgAAAQEICgE9LuQD5wBX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1499348090129,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":1,"flow_first_seen":1499348090129,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":656,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9297,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348090,"pkt_ts_usec":129532,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nGpAAD4GKWasEAABwKgKMowQAFDWkax4AAAAAKACchAeSgAAAgQFtAQCCAoBPTASAAAAAAEDAwc="}
00444{"flow_id":656,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9298,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348090,"pkt_ts_usec":129654,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjBAuWbjG1pGseaAScSAynQAAAgQFtAQCCAoD5wGFAT0wEgEDAwc="}
00432{"flow_id":656,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9299,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348090,"pkt_ts_usec":130226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nGtAAD4GKW2sEAABwKgKMowQAFDWkax5Llm4x4AQAOXRpAAAAQEICgE9MBID5wGF"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1499348091413,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":1,"flow_first_seen":1499348091413,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":657,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":413325,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8nrdAAD4GJxmsEAABwKgKMoweAFAj3q\/lAAAAAKACchDMQQAAAgQFtAQCCAoBPTFTAAAAAAEDAwc="}
00445{"flow_id":657,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":413450,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjB4dm6koI96v5qAScSD\/rwAAAgQFtAQCCAoD5wLGAT0xUwEDAwc="}
00433{"flow_id":657,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":414216,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nrhAAD4GJyCsEAABwKgKMoweAFAj3q\/mHZupKYAQAOWetwAAAQEICgE9MVMD5wLG"}
00432{"flow_id":654,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":922718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gy1AAD4GqqusEAABwKgKMovoAFCxvjeA7Vgc4oARAOVKewAAAQEICgE9MdID5v3I"}
00433{"flow_id":654,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9313,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":922988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0H6RAAEAGpDTAqAoyrBAAAQBQi+jtWBzisb43gYARAONE\/gAAAQEICgPnA0YBPTHS"}
00433{"flow_id":654,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9314,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348091,"pkt_ts_usec":923741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Gy5AAD4GqqqsEAABwKgKMovoAFCxvjeB7Vgc44AQAOVE\/AAAAQEICgE9MdID5wNG"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1499348092675,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":6,"flow_first_seen":1499347957282,"flow_last_seen":1499347962887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":580,"flow_packet_id":6,"flow_first_seen":1499347958588,"flow_last_seen":1499347963888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34480,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":6,"flow_first_seen":1499347961167,"flow_last_seen":1499347966888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":6,"flow_first_seen":1499347962480,"flow_last_seen":1499347967888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34520,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":6,"flow_first_seen":1499347963774,"flow_last_seen":1499347968888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":6,"flow_first_seen":1499347965133,"flow_last_seen":1499347970889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34548,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9315,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":6,"flow_first_seen":1499347966420,"flow_last_seen":1499347971889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34562,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":1,"flow_first_seen":1499348092675,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":658,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":675432,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8WzpAAD4GapasEAABwKgKMowsAFACaGm0AAAAAKACchAyoAAAAgQFtAQCCAoBPTKOAAAAAAEDAwc="}
00444{"flow_id":658,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":675522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjCznHw5PAmhptaAScSA2JwAAAgQFtAQCCAoD5wQCAT0yjgEDAwc="}
00432{"flow_id":658,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9320,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":676318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WztAAD4Gap2sEAABwKgKMowsAFACaGm15x8OUIAQAOXVLgAAAQEICgE9Mo4D5wQC"}
00432{"flow_id":655,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":923760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Wl1AAD4Ga3usEAABwKgKMov2AFAj3nfL6BRZY4ARAOVejgAAAQEICgE9MswD5v8F"}
00433{"flow_id":655,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9325,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":924025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0XSNAAEAGZrXAqAoyrBAAAQBQi\/boFFljI953zIARAONZVAAAAQEICgPnBEABPTLM"}
00432{"flow_id":655,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9326,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348092,"pkt_ts_usec":924755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Wl5AAD4Ga3qsEAABwKgKMov2AFAj3nfM6BRZZIAQAOVZUgAAAQEICgE9MswD5wRA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1499348095258,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":1,"flow_first_seen":1499348095258,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":659,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9336,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":258740,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8kglAAD4GM8esEAABwKgKMoxGAFCLy6cdAAAAAKACchBpMwAAAgQFtAQCCAoBPTUUAAAAAAEDAwc="}
00444{"flow_id":659,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9337,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":258898,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjEYHlr2li8unHqAScSCaZwAAAgQFtAQCCAoD5waIAT01FAEDAwc="}
00432{"flow_id":659,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9338,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":259488,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0kgpAAD4GM86sEAABwKgKMoxGAFCLy6ceB5a9poAQAOU5bwAAAQEICgE9NRQD5waI"}
00432{"flow_id":656,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9342,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":923720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nGxAAD4GKWysEAABwKgKMowQAFDWkax5Llm4x4ARAOXL+wAAAQEICgE9NboD5wGF"}
00433{"flow_id":656,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9343,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":923937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0v+lAAEAGA+\/AqAoyrBAAAQBQjBAuWbjH1pGseoARAOPGUwAAAQEICgPnBy4BPTW6"}
00432{"flow_id":656,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9344,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348095,"pkt_ts_usec":924670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0nG1AAD4GKWusEAABwKgKMowQAFDWkax6Llm4yIAQAOXGUQAAAQEICgE9NboD5wcu"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1499348096595,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":1,"flow_first_seen":1499348096595,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":660,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9348,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348096,"pkt_ts_usec":595051,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8gtxAAD4GQvSsEAABwKgKMoxUAFDl8LS+AAAAAKACchAAEQAAAgQFtAQCCAoBPTZiAAAAAAEDAwc="}
00444{"flow_id":660,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9349,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348096,"pkt_ts_usec":595195,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjFQs5xqq5fC0v6AScSCtoQAAAgQFtAQCCAoD5wfWAT02YgEDAwc="}
00433{"flow_id":660,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9350,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348096,"pkt_ts_usec":595952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0gt1AAD4GQvusEAABwKgKMoxUAFDl8LS\/LOcaq4AQAOVMqQAAAQEICgE9NmID5wfW"}
@@ -5990,159 +5990,159 @@
00432{"flow_id":658,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9363,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348097,"pkt_ts_usec":925100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0WzxAAD4GapysEAABwKgKMowsAFACaGm15x8OUIARAOXQDQAAAQEICgE9N64D5wQC"}
00432{"flow_id":658,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9364,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348097,"pkt_ts_usec":925281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMGxFOsxABm5CmnxCABFAAA0B3JAAEAGvGbAqAoyrBAAAQBQjCznHw5QAmhptoARAOPK7gAAAQEICgPnCSIBPTeu"}
00432{"flow_id":658,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9365,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348097,"pkt_ts_usec":925853,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0Wz1AAD4GapusEAABwKgKMowsAFACaGm25x8OUYAQAOXK6wAAAQEICgE9N68D5wki"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1499348099359,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":1,"flow_first_seen":1499348099359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":661,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9369,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348099,"pkt_ts_usec":359601,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8tSBAAD4GELCsEAABwKgKMoxuAFCNr4w1AAAAAKACchB+DgAAAgQFtAQCCAoBPTkVAAAAAAEDAwc="}
00444{"flow_id":661,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9370,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348099,"pkt_ts_usec":359726,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjG7WE+F5ja+MNqAScSC47wAAAgQFtAQCCAoD5wqJAT05FQEDAwc="}
00432{"flow_id":661,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9371,"source":"WebattackXSS.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1499348099,"pkt_ts_usec":360303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0tSFAAD4GELesEAABwKgKMoxuAFCNr4w21hPheoAQAOVX9wAAAQEICgE9ORUD5wqJ"}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_tot_l4_data_len":242323,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_tot_l4_data_len":103426,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1901,"flow_avg_l4_data_len":777,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_tot_l4_data_len":242640,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1902,"flow_avg_l4_data_len":780,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":6,"flow_first_seen":1499347967724,"flow_last_seen":1499347972889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34576,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":6,"flow_first_seen":1499347970267,"flow_last_seen":1499347975890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":6,"flow_first_seen":1499347971560,"flow_last_seen":1499347976891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34616,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":6,"flow_first_seen":1499347974113,"flow_last_seen":1499347979891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34642,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":6,"flow_first_seen":1499347975371,"flow_last_seen":1499347980892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34656,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":6,"flow_first_seen":1499347976658,"flow_last_seen":1499347981892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34670,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":6,"flow_first_seen":1499347979251,"flow_last_seen":1499347984894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":6,"flow_first_seen":1499347980524,"flow_last_seen":1499347985894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34710,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":6,"flow_first_seen":1499347981782,"flow_last_seen":1499347986894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34724,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":6,"flow_first_seen":1499347983061,"flow_last_seen":1499347988894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34738,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":7,"flow_first_seen":1499347984370,"flow_last_seen":1499347989894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34752,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":6,"flow_first_seen":1499347985686,"flow_last_seen":1499347990895,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":6,"flow_first_seen":1499347988233,"flow_last_seen":1499347993896,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34792,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":6,"flow_first_seen":1499347989526,"flow_last_seen":1499347994896,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":6,"flow_first_seen":1499347992139,"flow_last_seen":1499347997898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34832,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":6,"flow_first_seen":1499347993411,"flow_last_seen":1499347998898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34846,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":6,"flow_first_seen":1499347994680,"flow_last_seen":1499347999898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34860,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":6,"flow_first_seen":1499347997344,"flow_last_seen":1499348002899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34886,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":6,"flow_first_seen":1499347998605,"flow_last_seen":1499348003900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34900,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":6,"flow_first_seen":1499348001148,"flow_last_seen":1499348006901,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":606,"flow_packet_id":311,"flow_first_seen":1499348002450,"flow_last_seen":1499348071824,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":232355,"flow_avg_l4_payload_len":747,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34940,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":607,"flow_packet_id":6,"flow_first_seen":1499348003742,"flow_last_seen":1499348008904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34954,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":608,"flow_packet_id":6,"flow_first_seen":1499348006334,"flow_last_seen":1499348011904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34980,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":609,"flow_packet_id":6,"flow_first_seen":1499348007599,"flow_last_seen":1499348012904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":6,"flow_first_seen":1499348010145,"flow_last_seen":1499348015905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":6,"flow_first_seen":1499348011433,"flow_last_seen":1499348016905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":612,"flow_packet_id":6,"flow_first_seen":1499348012728,"flow_last_seen":1499348017905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35048,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":6,"flow_first_seen":1499348015250,"flow_last_seen":1499348020905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35074,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":6,"flow_first_seen":1499348016526,"flow_last_seen":1499348021905,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35088,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":6,"flow_first_seen":1499348019059,"flow_last_seen":1499348024906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35114,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":6,"flow_first_seen":1499348020357,"flow_last_seen":1499348025907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":6,"flow_first_seen":1499348021660,"flow_last_seen":1499348026908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":6,"flow_first_seen":1499348024206,"flow_last_seen":1499348029909,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35168,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":6,"flow_first_seen":1499348025497,"flow_last_seen":1499348030909,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":7,"flow_first_seen":1499348028117,"flow_last_seen":1499348033910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":621,"flow_packet_id":6,"flow_first_seen":1499348029395,"flow_last_seen":1499348034910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35222,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":622,"flow_packet_id":6,"flow_first_seen":1499348030687,"flow_last_seen":1499348035910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35236,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":623,"flow_packet_id":7,"flow_first_seen":1499348033296,"flow_last_seen":1499348038910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35262,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":624,"flow_packet_id":6,"flow_first_seen":1499348034569,"flow_last_seen":1499348039911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35276,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":625,"flow_packet_id":6,"flow_first_seen":1499348037175,"flow_last_seen":1499348042911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35302,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":626,"flow_packet_id":6,"flow_first_seen":1499348038438,"flow_last_seen":1499348043911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35316,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":627,"flow_packet_id":6,"flow_first_seen":1499348041088,"flow_last_seen":1499348046912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35342,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":628,"flow_packet_id":6,"flow_first_seen":1499348042384,"flow_last_seen":1499348047912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35356,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":629,"flow_packet_id":6,"flow_first_seen":1499348043670,"flow_last_seen":1499348048912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35370,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":630,"flow_packet_id":6,"flow_first_seen":1499348046262,"flow_last_seen":1499348051913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35396,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":631,"flow_packet_id":6,"flow_first_seen":1499348047547,"flow_last_seen":1499348052913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35410,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":632,"flow_packet_id":6,"flow_first_seen":1499348050079,"flow_last_seen":1499348055913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35436,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":633,"flow_packet_id":6,"flow_first_seen":1499348051362,"flow_last_seen":1499348056913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35450,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":634,"flow_packet_id":6,"flow_first_seen":1499348052641,"flow_last_seen":1499348057914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":635,"flow_packet_id":6,"flow_first_seen":1499348055228,"flow_last_seen":1499348060913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":636,"flow_packet_id":6,"flow_first_seen":1499348056534,"flow_last_seen":1499348061914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":637,"flow_packet_id":6,"flow_first_seen":1499348057789,"flow_last_seen":1499348062914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":638,"flow_packet_id":6,"flow_first_seen":1499348059068,"flow_last_seen":1499348064914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":639,"flow_packet_id":6,"flow_first_seen":1499348060393,"flow_last_seen":1499348065915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":640,"flow_packet_id":6,"flow_first_seen":1499348061684,"flow_last_seen":1499348066915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35560,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":641,"flow_packet_id":6,"flow_first_seen":1499348064243,"flow_last_seen":1499348069916,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35586,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":642,"flow_packet_id":6,"flow_first_seen":1499348065546,"flow_last_seen":1499348070917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35600,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":643,"flow_packet_id":133,"flow_first_seen":1499348068136,"flow_last_seen":1499348099366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1869,"flow_tot_l4_payload_len":99154,"flow_avg_l4_payload_len":745,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35626,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":644,"flow_packet_id":6,"flow_first_seen":1499348069426,"flow_last_seen":1499348074917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35640,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":645,"flow_packet_id":6,"flow_first_seen":1499348070791,"flow_last_seen":1499348075918,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35654,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":646,"flow_packet_id":6,"flow_first_seen":1499348072088,"flow_last_seen":1499348077919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35668,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":647,"flow_packet_id":6,"flow_first_seen":1499348073365,"flow_last_seen":1499348078919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35682,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":648,"flow_packet_id":6,"flow_first_seen":1499348074670,"flow_last_seen":1499348079919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35696,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":649,"flow_packet_id":6,"flow_first_seen":1499348077218,"flow_last_seen":1499348082920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35722,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":650,"flow_packet_id":6,"flow_first_seen":1499348078531,"flow_last_seen":1499348083921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35736,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":651,"flow_packet_id":6,"flow_first_seen":1499348081113,"flow_last_seen":1499348086921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35762,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":652,"flow_packet_id":6,"flow_first_seen":1499348082422,"flow_last_seen":1499348087922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":653,"flow_packet_id":6,"flow_first_seen":1499348083715,"flow_last_seen":1499348088922,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35790,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":654,"flow_packet_id":6,"flow_first_seen":1499348086300,"flow_last_seen":1499348091923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":655,"flow_packet_id":6,"flow_first_seen":1499348087568,"flow_last_seen":1499348092924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35830,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":656,"flow_packet_id":6,"flow_first_seen":1499348090129,"flow_last_seen":1499348095924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35856,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":657,"flow_packet_id":6,"flow_first_seen":1499348091413,"flow_last_seen":1499348096924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35870,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":658,"flow_packet_id":6,"flow_first_seen":1499348092675,"flow_last_seen":1499348097925,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":659,"flow_packet_id":3,"flow_first_seen":1499348095258,"flow_last_seen":1499348095259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35910,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":660,"flow_packet_id":3,"flow_first_seen":1499348096595,"flow_last_seen":1499348096595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35924,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_packet_id":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_packet_id":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test"}
diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out
index 6f501c9e8..079600c3e 100644
--- a/test/results/aimini-http.pcap.out
+++ b/test/results/aimini-http.pcap.out
@@ -1,12 +1,12 @@
00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614860229383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383219,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":383751,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384335,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQQAAIAGAAAKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384749,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQQAAH8GIfYKZgACCmUAAgBQb1Wbu5n7m7uF0nASgAEoVQAAAgQFtAMDAQA="}
00420{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBPoAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAEU6QAAAAAAAAAA"}
01211{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":384782,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"5kBKB+riApXG95NLCABFAAJ7BPsAAIAGAAAKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEXPAAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1614860229383,"flow_last_seen":1614860229384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":595,"flow_tot_l4_payload_len":595,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"Aimini.HTTP","breed":"Acceptable","category":"Web"}}
00420{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385479,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBPoAAH8GIggKZQACCmYAAm9VAFCbu4XSm7uZ\/FAQgAFUGQAAAAAAAAAA"}
01211{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385584,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"ApXG95WRWgXZu6TVCABFAAJ7BPsAAH8GH7QKZQACCmYAAm9VAFCbu4XSm7uZ\/FAYgAEVCwAAR0VUIC9tZW1iZXIvc2lnbnVwLyBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NjkNCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9M3RIOXlGZWt2WVIyd2dEMmlqTm1yYXUxMzk5YTN1Y3B2aDB1NkJYdkd0bkswVWEzMXlFNzVpUzRTcjJTS1ZKVzsgQUNQTD0zcXozOEozcWJqUVZXYlZ1Vk55WmVGeDlUSjJjNTN0WnU2dk1FWFRTWmx3eDROenNzbHg3OEdaZGtycDlBdFFKDQoNCg=="}
02404{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385643,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQUAAIAGAAAKZgACCmUAAgBQb1Wbu5n8m7uIJVAYgAEanQAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ2OQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwNjo1OToxNSBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NCwgbWF4PTEwMDAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpUcmFuc2Zlci1FbmNvZGluZzogY2h1bmtlZA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMDE2MA0KDQoyN2EzDQofiwgAAAAAAAD\/7X15c9u4lu\/\/qcp3QDN1Y3taliXZsiw70r2yLac1461lp\/ulpqZcFAlJ7FCkmosVTaa\/+5wF4KIFdvr2fVWv6iVdHZEAgYMfzg4Q\/DBNZn737ZsPU2m7+G\/iJb7sXkTSTqSwRSAXwnacMA0SsS+uhv3+D\/DvjZyNZPThgCvDUzOZ2GKaJPN9+XvqPXesizBIZJDsPy7n0hIOX3WsRH5NDrDLM2dqR7FMOmky3j+xsjYCeyY71n\/I5SKM3Ljw5Ke5H9puRVyGi4B\/PUALEv8JFxVxk8aeUxG\/eK4MK+IjtBJXxL1vL+H\/Mpz7crWLSxk7kTdPvDAo9IJtesFE2IErXC9OIm+UJnhjGaaRgK7FfBom0MMzdzTDbkUYiGTqxWIhR7GXyOpqX8NwFCbFwdi+b3UFVPK94IuIpI89h1HipIkYOEjRNJLjjoWInh4ceLNJ1fZmXuBVA5nApT2R8cHYfvagbhX+Z4kEcO5YVHLwdR\/vExF5++dh+GVmR1\/+mqaR9jhZwuRXoaFv53fDy\/5wfzj4+NPj6bt+\/6p+1RD1+VcRh77nnqnix7v703dX9Ge98Lp\/ZXj0\/O7x8e7m9N1l67LdL5X3Lv7j4\/Du0+2lbvqPt2+AptH30NRv9dubCv8Kmvr4l2iK4xWatkHxCpy2lWqaeo3zxvnJyziNVmm6bPZr\/d6fo6l2dXjVNOC01vRmmp6\/B6b++VXj6vLPwrT+9CaSkKjoKfmyyudGwi7pz1bCWvjXgNXa0wXCiKUYKyRrldW3tf2aKXyBrPWni3jRw4xX4rr1+qoIbpmqV8zjttLvnsdRANpqDGp4P\/b+W57Wm\/OvZ3Q5tmeevzz9RUauHdh8byG9yTQ5HYW+e7bw3GR6elLjZsZxsRHo9g+6OdvYdLEZJ\/TD6PRdo3F42GqdgXaW+1Murh82\/8atJE6xmZMVCi\/CGVicBzuIxc3D9g5qrdbV1Rma231XOmFko6E7DcJAUiclShuKfnuUfFPPXzbw78bnzwzwPTN8lcSehrN1FBm8WfBNjbl2VqZi63Auavh363Bmwei7mzxv4d\/tTSbbWqRBJPbIl982DR38B9s\/K3OH7rPZbPaavU3Tbn\/bCLV6rt48alxeYrXTaQgd6Vmq1Xq9en1tDGngygg7oSeePfRJ3G+rbb19A7b\/2wjcLBmdMl+Pw2j2DZyEiRec1oDsue264Pzgbygfhe5yS+mZagbHWpTqC\/ojai\/ok4Yu\/+PDAXsVHx4uhoP7R\/Y9dshr\/M1+ttll2xG+HUxS8Ec6O\/8Odx\/4bvfDD\/v7MIg0cBAGEYT9KIp3975FMkkjcNGiVJ79AZ7LwgvccFEFgKMojDpc7wzwGO8m4fyHTiz98d43vqr6oUOo7hUvqEp2dSb9WIpS+Y5yrxaLRdG9CsLkKU5H4wjcwiq6wTtnBPyzHYHL+eS5nZ3azll2PQudlTt+OJlIQL0ztqHPM6ELnuWTk0a\/hV4QJ+C4d2pnQpXN01GcbCp8++bg4O2boBOArzexkzCCXtyOGzrpDHw="}
@@ -16,14 +16,14 @@
02385{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385650,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQkAAIAGAAAKZgACCmUAAgBQb1Wbu7DMm7uIJVAYgAEanQAAlONVAAp6n4IpZpbWOnPOHqkbkowRF8xsfJ0FBoEq8hQUc8YWz6k\/sYHJgIKxHQB99ghae4YfENDgo4A+PCPHqZ+9AIL35Nc5srpHBkbOAQOJth7I8tMIbqEPV2GmmkB8MqUywD\/V2j8mmQ7R3uDLNhW4HPv2bIaHd6BAQVDxhayKnXEt0wSjID0EcZIHGgXkF1+uJdF6+wYMEJ7Owa2gGJCsoJqr4ASDDrEndDGJwjgGyS32WuH93cD9XgwYulRxHNmpC9wTJEiijdbFRnLTYGx7AFyGJLUIuNiTieQhIp1pQEdX2KhZcbIdH9RBXMm5FMVjHnnPNphltiQ0aOT+qRe5pPaAMhhYGrAIgF+zhDmJZjgnIZrLsQxwzpBn8MHcpmAxaJVZGoBSVxCV5IP5NDO42roVulZPkXR4bMfUcQpS8O4zIhhmBnmGZwX0ZEAIEAVwB25MaANbBT2QCr5u5SVQiEe4pBQZfWVqPcA5ww76tNnaV3jKx2hT0FijAM5QgqKYHaQlXAYBCC3w8RRcBOUZ+fZiddRkTOw51APUWXuDSwQChZsNaVRclWjgiUD4HG+ODEhnzgBTSBgLw+vhGzHZaKFDQAHYBbGYpH42FrAr0C3oekUPsw8xIDwPA4PO0e6swr+D8051opS0BdisfL5UYz452k44X9J8ojKNlHPK45QQTy1zLaDG9QUYBadSzb02e4iBEu+CjVV+PNoKdtHI29JN6lHFjLBSbjhXSK8dEDE7sXbGKgVXTEfFqDuWoAlmaFLQ4bNjTQbARIQUHd5H7XU+8PM5nyJQcWUV2EqGycKLJckPkVoSxFiCeCv\/R6tTJRKKTGRWplLrY3SweVRxPiwV7ZMPlPnaOEXApI5S+mGkfBPyykBVhelkWhTE3JWHKzz8En6h1o\/VWC1UXfjG7rrQqzhiV1YnVSQFpTSSc0mtwTMxcTtlhJgYNUXsEqmAYWZ\/kahPo3DCWrmkbFCvYF5DBWC6gZyOPSW12GuMOo5GwcZMMRNFLcpwq0H92hveQph9Knril8HddQ+jWnF3xRE5xOIf7zAI\/\/hpcNm\/HtxCMH3T+wxhOgS6V\/3hsA+h+5247v0q+rdQ+6J\/07+FqPnT4093QwiQ+w\/Uy1AiW2lVw\/Hlr3YUoZZGnwy95kjXodIFlzLT79p7FHqoQXj5CwTakBOXYiuArJpQ+MVBHCqscrTqhFEkHe4I+C\/CE6vE7mgv895LcidtUH65MxAxTbqqLydA2jJzW9XsQutAHYd0a5JM6jRrcjfeI5+LDFMazUOS6dXo7oyo3XWYSPZoYGzA3chckbIsIBDhghlKUwRcSVAkxCvk5RTbparoEYHsYqBLbrWTxNmrskgKdQmSTVEeT9c4jYj9DNNWBo5ICgpK0eXXJxAwbNsLTsWut0dRDeDJuhnjzfnc9xzKLYCyj9kkQNgTV3IdzxyVG4AYptODtpRLNoqIFKxDwOX3JNPkpoQSUE+iX3YL2BsqCLkXOH7Kzsqi6IuqiCV\/GjWij3lvVBJoGCS5FnNMRDik9SLtilSK\/UZIEAbYHFVjZiedsW1JpMO96JQnKCxtskFlJBX2QIIE0+MILJr4WDGPh5gg0yIAEC8F7Cpi4IEu575WTyXFjfoapxekSCsOSjRcaOsnLnDGML4FSVbCh+GvRC5ied0AA+LDQetaMEmhDuVKMJwcYe4LTK3OzQCPLZm\/EBeYEOSF3BajdsAAjZkbtTqmrBZ0nNVYKW6qgFoxN9DBqjev4k4kJR\/pxxQ5xBSITrDGWhgqdvM2cCYGRUTuNSL3IbDFcnsqLE8HZ6M92BOsXwupmkyj4phjmDx\/uZaOoBgx1z+VnKdJ5nRoh7RqjPCQL5xkSRJHRUg3q2GS4HBcUd41FgBMc36hIvPtGGLwSpA58gy8yg652AY2TTpqa5qrSCvpCo\/oIX1RUPMEJkGBANE="}
02403{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385651,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQoAAIAGAAAKZgACCmUAAgBQb1Wbu7aAm7uIJVAYgAEanQAAC4h3IHYTRW8Ic+DKWeCNlwosSk7BfU\/fr2BkIwNOxVAaRbMIRq+Y2EMHJHMaUDNB5OEBZ6DIYfiDRibE4AyMOLgy+Au8ND9cSqkHnSu33AdFySdHAv0F+Yz61HbBtUlAHCPyh8DkO8r+Qf2A7kI74CiE+U\/qhHSHj+EQ60itGqDeHliTkLgQvAvgEUsjgpLGb+sBa1h75Lr56JxSvowzeRiBcc6Arn2\/6ENnQVdBOfkQrPGYwcdE6kAdZfPo2vjqEYkpe3JJ4ivrNFOOHit4FY4pswthgUTmHZEnl5TI2jgYaCbyYs4ZYBRWKXpkIBacesUsC9ZT+eTPKnOlzfgDeITcFnttVK5MjI4kgXW3JWgLrz+KocpkFlLZkcTollerMDQGnvoNfZV1odAJflAgHM0q\/bH7Yk49VyTK+uzP6dGDfyLTjniQr5WPDsVK1S8K7Qig50RJtqRbchLU4X7Fpkoiiqq\/QFGWQlan7jt+GCsdUhQondPw82Q\/MVKRYHasybsp+2M0r3MaizreXyIb4sVnztpCJxixUjPK31SyzeY6H\/4aZTQgQABhhUd\/g4Aodj2HPWVSayR8WSIYLCRlE9Eb4sT1Z5VTLDESLR3o6SqOEvpQ5oBgwgVwV8kTVEd3ssI8ADMP3DcPYawklHRilfLwtDYBL1DQy4XkjpGnGeOr6l485ayVjByUJFSZ3EfByVHqVUktF7PqyEZCE4p3iLvKSxKsFCjJSB6dJH3j06gAEnBqwBd+xhyITmkq9kgjmQXURWTwNBqMPHHwxYwMye1jLnBabIkpnS9BuPClOymzJkyHopn9cvrYBRFMcbKMS4Zs3Y+kZzf7Cdw9REWUe\/MCjH6kHy7IjGt\/foUDi9o2N8N0yie4lNMg9MPJMpvk4i1s7zzC\/19Jyvxlaly3RylobXTcQqKXlUSR2Vlr5hFUNnm2Q9FGniNTiFWylA8ghsNjJlsd3aYMBlgRnHiQHy9Y08SlzmehS\/bedu15ohalfMo7QVtzxAgYHBQlyR4nFnBo6CCgB+Jx9gmTD3hgC3iWEpkOs2lxDN4Ir6jkHnUhWUPtopdG2g9PktBGNgOxkAfJFgdQeNSLq0q\/oNfPxziVs0GOPtuJsqLkLJOOBz7DkzALuSAdUOi8iLJ4WdJkE+xhOd9VlKXMsKJXl4QriHOWHsgexRCA84hsH0PUjDlzj54XAiprXLgx56bUCz8Tk3v2NbPvKncseclJJTK\/A+cqOknbRbK4sKzdIkWP\/KoSMWuGUwV5c5s8bspn5kOnS+Ah\/G4Kzg6OARcy80iQq8zCKFetdAeY2KX8GqBfuIPnbvElJ0TJhZaJlzeVR6fF5lYy5nRPR\/R6qNsmo4JyuaDzckl35E8UeClGEQrkggIN+TXBpJe6GydhVEgcRXJfnUXO6bAs9gA9TKsncMkLSjDBwJDKrZDjMfpRIL6+uwCbqLS6WiuG1s\/EBUYSvl9wOdgjoxUl0+pfaZmvkq+AB0U3jRbatKJ3bMrT5stuVVE03l7wjNslJiS7CBgvui91Enip06hriq3oAeStV\/SiG8aDhZW3SmGxnKaQfRntYJZcmLzmakBGTiPEdAGlDor15IprxP4xnrGdIaGW+bxgEwHATOT9rq5J8rqutpXkEF\/rWONMXNGk39i\/SVyoEv3\/Q3t4cENO7\/Yzbgvq39wOrnBvEOY61X6eq8Fl\/\/Zx0LsePH4Wd+fXg4893p70U3\/Y\/wTPDAU08Pnu01CcD\/u9i58wScrtPfavr\/sXj5961+J+eHffH0IL9NkS2ix0AI\/h7eGg\/9gbcv1h\/wEKh31Mt95+xBQqbRW6v79WVFVwW9Ptnej\/gvnUh59619eiP4BK0FYP2z\/vi+tB7\/y6L5i2x58G0NvHYZ8zsHqwMLCH\/s+feGQV8XDfv6AfuDdqCDRXAJ3+zf01EFbB8d1\/uh08Dn7pi8s="}
02405{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385653,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBQsAAIAGAAAKZgACCmUAAgBQb1Wbu7w0m7uIJVAYgAEanQAA3k3vY\/9B\/PpTn3oFcqCtx2EPn3m8Gz4K1cMdFV\/3P8Lo4ecdNoRU40aqh08AE9P7U+8BaIbbvctfBg\/9S51ivr97eBicDxh19YTuG2fm9u7xVxj3wyNcIFTY5VVvcP1p2Mf6\/YcHHhtQPoS2+npWrkEOHqGbIeBx+RmYAMMzjk4LLpvyvik7y9qLamDeiTKmlHNaz5mCcVuqTTy88F\/ixCzq5dUrV3B6M\/d89Dpz\/hQlqcCNiWPeEiJGduxlcd7IjtBHznaCZXKF6Y1b6RUo521DnB4GeclJ0RIESt9P1dnu0if1hgmCzDRhHUdv\/YIelyFRLYvBNyURQj9LZeslU1OIN8Ez2QOypL46g4t9C7VjjU4282JwqsAFTaa\/p3hgd2bhdbWPoVsB4zNiW672p7El4sS3Gp5K+9yAokOFHsgwjdU2u3wWi\/lDWoMD6KPCEWWb8OaATKU3tUukY3ReIRVsj0AVY7YbXUtt4sQ6J83SOMm2SHB6M+JdDRA6OalafxsBCpqCilrqiPBYXPBl1HYtSoIBQrzF1eVEAftV4+wIQZw4L0il+2LEqp7iUIhyDsRTlIzVXWSOPiIrM86ieJ69ebWooGmjbDpGpLS+yaxKzj+bZjtbgS3s5lhvqLhXJcmMPZr\/SO+agygV3OpI96mTMxRy4pdE1nMzBWZYexxdZ97NuKmlqFRfGS01RLC4+KkXTHCXx640AlAwlb6Ln88IyFNB8aIkaqAkK3si20tDDKXTJmN6uabAnzsULAVsse1MdGdq61nW3obEKnfBdcl1woOyVv2n3C1iN5638fHWPc4A5OmYpVo6yhY2CktIPR1n61hllqki4sbcLduUAc7DZa3esnU\/UIhhguW4B8TV2+1gGHIS0pJN0UHiHYcrMKhNHVlit8RwZa+FtQy4IjZI8ScWi1PRSyei0awIfBVRqBOOS1v+jZvH8RitwoGLL22Y56rZ8UZLXJ5W27Tz84r21Vne7d557+qq8L0l\/nCSeNdqtdtQ8JqDkXLaXnMwkjqHSr2QgUPMuygfQ4lHbv8lfW7\/CMjKkVGjLr1QMGDVBrPjVjgYg4AjLO1ZVXqeJCLJdkjnFqjKW+1xeNtPFH75BMe4fIJj+VDgaZSd8Eafyuu+1cdNbXqDpNi8Yof8BHeBXyLDvtZeTLDejcc1es94cHMPTl7v9rF4Pr3oaVvCSy8yQdzyHcaFvZPFRbIRBqKYzF8\/HbBW4+5oP6zOHUj11kvWb\/XtG\/XaB9WboJkhg6ZW6YChtOT6PkSB2YYLcmnU5tByx+qI1+5\/qm7+sbn4v1Rxnj3H\/AAjgN\/JkVLFpJiY5DQD29l8NIqY6odR1C2drPjizK3KPm9Cz2T9gS5B3y1+yE5xVzVKL2rUW63sPY3D+vo37QpH+x8zX2w7KNN8LGSB8O+vUjh5Wx88\/72H228heuubO684UB6u+KD7P3P8PX5A7Znf76FT+PDovQ0fNAJJwhUZShnI6GBRnU\/nf396eprOOshvT3gu66f50\/snf\/rUsX7MlGTp82o\/Wu+fnoa4Ya9Uh7bwRTL60drJNY86zE+roFoXP6uVPYL+p\/SDXaK8dGY\/jxl\/BmH+W49swztMrx4ZYvfUeboNn94TxZ0tB+EaxoAEFsha1beGL3y08AyYt\/rbIPo7KHymv1KS+AEW9cWOj2GI2\/8Zkj\/9VRRwBqB6x3rKXjvc8i0TJC77TAt9RnZtHFtpLz03sgqoFB7Jv12ivmby0idMfln5hAm+P7H9GyYQq0nyIkE3jbxMMam9P6cCP1Rpdfv5KefZCgRY2Q8H9PiqGlz5Fgq\/Wo4fP1n9GIrSk+rrG9A9EEcNFWQ++4pLx+J\/sy\/h4CH\/1toYRtvGoLRxnH3YZbaFfK2jlcbOP7vBgGpqR2vUbvrgxdb7WoluYV20\/JGp4RVvpfy9jPJnyVa\/G\/bSN+8K3Lc="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614860229385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":385965,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBP8AAIAGAAAKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386298,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBP8AAH8GIfsKZQACCmYAAm9WAFCbu7tlAAAAAHACgAEoiAAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386303,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBQ0AAIAGAAAKZgACCmUAAgBQb1abu8Cxm7u7ZnASgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386479,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBQ0AAH8GIe0KZgACCmUAAgBQb1abu8Cxm7u7ZnASgAHMCQAAAgQFtAMDAQA="}
00419{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386481,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBQAAAIAGAAAKZQACCmYAAm9WAFCbu7tmm7vAslAQgAEU6QAAAAAAAAAA"}
01114{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386487,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"5kBKB+riApXG95NLCABFAAI0BQEAAIAGAAAKZQACCmYAAm9WAFCbu7tmm7vAslAYgAEW9QAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2lnblVwXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLyZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLw0KDQo="}
-00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_tot_l4_data_len":676,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1614860229385,"flow_last_seen":1614860229386,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":524,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_SignUp_&_lh_=http:\/\/www.aimini.net\/member\/signup\/&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00419{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386780,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBQAAAH8GIgIKZQACCmYAAm9WAFCbu7tmm7vAslAQgAH3zQAAAAAAAAAA"}
01115{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386880,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"ApXG95WRWgXZu6TVCABFAAI0BQEAAH8GH\/UKZQACCmYAAm9WAFCbu7tmm7vAslAYgAHChgAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2lnblVwXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLyZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9tZW1iZXIvc2lnbnVwLw0KDQo="}
00794{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":386894,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"WgXZu6TVApXG95WRCABFAAFFBQ4AAIAGAAAKZgACCmUAAgBQb1abu8Cym7u9clAYgAEWBgAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MA0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwNjo1ODoyNyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiAyMA0KS2VlcC1BbGl2ZTogdGltZW91dD0yLCBtYXg9MTAwMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQoNCh+LCAAAAAAAAP8DAAAAAAAAAAAA"}
@@ -33,14 +33,14 @@
00761{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388449,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"WgXZu6TVApXG95WRCABFAAEpBRcAAIAGAAAKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAEV6gAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00761{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388751,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"ApXG95NL5kBKB+riCABFAAEpBRcAAH8GIOoKZgACCmUAAgBQb1abu8HPm7u\/hVAYgAGTBAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDA4IEp1biAyMDExIDA2OjU5OjA4IEdNVA0KU2VydmVyOiBBcGFjaGUNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIwDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTIsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/wMAAAAAAAAAAAA="}
00420{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388755,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRAAAIAGAAAKZQACCmYAAm9WAFCbu7+Fm7vC0FAUgAEU6QAAAAAAAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614860229388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":388780,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBREAAIAGAAAKZQACCmYAAm9XAFCbu+drAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389055,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBREAAH8GIekKZQACCmYAAm9XAFCbu+drAAAAAHACgAH8gAAAAgQFtAMDAQA="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389059,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBRkAAIAGAAAKZgACCmUAAgBQb1ebu+vKm7vnbHASgAEU8QAAAgQFtAMDAQA="}
00424{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389220,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBRkAAH8GIeEKZgACCmUAAgBQb1ebu+vKm7vnbHASgAF06QAAAgQFtAMDAQA="}
00420{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389221,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRIAAIAGAAAKZQACCmYAAm9XAFCbu+dsm7vry1AQgAEU6QAAAAAAAAAA"}
01223{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389227,"pkt_caplen":658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":658,"pkt_l4_len":624,"pkt":"5kBKB+riApXG95NLCABFAAKEBRMAAIAGAAAKZQACCmYAAm9XAFCbu+dsm7vry1AYgAEXRQAAR0VUIC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NzENCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9Z09pSm43NXVVOG1XVGZIRUlVNDFybFVCNWVZamN5NlBHeHdOa0VCcHBkWVdaME5QeDNzY0dtTXNVY003eElwQjsgQUNQTD1BNEl2NDZSc3FGT01vcU1uTWo4dTVVS2dOd3NHMHZEdW5aYXJkb0VDbGltOUZ1RmdDTmVZdWNXQ0VKM2pucWhwDQoNCg=="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_tot_l4_data_len":756,"flow_min_l4_data_len":20,"flow_max_l4_data_len":624,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1614860229388,"flow_last_seen":1614860229389,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.net","url":"www.aimini.net\/search\/?q=pictures&sca=","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00420{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389517,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRIAAH8GIfAKZQACCmYAAm9XAFCbu+dsm7vry1AQgAGgrQAAAAAAAAAA"}
01223{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389618,"pkt_caplen":658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":658,"pkt_l4_len":624,"pkt":"ApXG95WRWgXZu6TVCABFAAKEBRMAAH8GH5MKZQACCmYAAm9XAFCbu+dsm7vry1AYgAEyxAAAR0VUIC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSBIVFRQLzEuMQ0KWC1NVS1TZXNzaW9uLUlEOiA4MTA0NDY0NzENCkhvc3Q6IHd3dy5haW1pbmkubmV0DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93czsgVTsgV2luZG93cyBOVCA2LjE7IGVuLVVTOyBydjoxLjkuMi4xNykgR2Vja28vMjAxMTA0MjAgRmlyZWZveC8zLjYuMTcNCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUNoYXJzZXQ6IElTTy04ODU5LTEsdXRmLTg7cT0wLjcsKjtxPTAuNw0KS2VlcC1BbGl2ZTogMTE1DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vd3d3LmFpbWluaS5uZXQvDQpDb29raWU6IEFOSUQ9Z09pSm43NXVVOG1XVGZIRUlVNDFybFVCNWVZamN5NlBHeHdOa0VCcHBkWVdaME5QeDNzY0dtTXNVY003eElwQjsgQUNQTD1BNEl2NDZSc3FGT01vcU1uTWo4dTVVS2dOd3NHMHZEdW5aYXJkb0VDbGltOUZ1RmdDTmVZdWNXQ0VKM2pucWhwDQoNCg=="}
02389{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389630,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"WgXZu6TVApXG95WRCABFAAXcBRoAAIAGAAAKZgACCmUAAgBQb1ebu+vLm7vpyFAYgAEanQAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMzozMyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiA1OTEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTQsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/+1d+XLbOJP\/P1V5BwxTY8UTiyIpy7oiTck6nEziI7GTzMy3X7lAEpJo85B5SFays7W1b7Gvt0+yDYCkKImi5LHGmXHZSiyAABqNRqP71yBNvB76ltl8\/uz1kGCdfvuGb5LmyND8wCXeHuq5hKCOM7FNB+uvC7wY6lnEx2jo+6M8uQmMcUNoO7ZPbD9\/MR0RAWk81xB8cusXaCd1bYhdj\/iNwO\/nKwIqxFRsbJGG8I5MJ46re4m2x4FnaHvos6ETB1g5gnrwdXxWBLbef+a87cXM7aEzE0+XCXeIp7nGyDccO0E7aoWwraMRNER9x0V9RjEYsZKpE7gIqqHR0PEpA+OQEYvyxRoOKEtiss+kSM5cPLBwolPbyWtYG5JVDbq3IwOknmghLY\/no6M6frIONk1aC0E107CvkUvMhnA+dFxfC3z0VqPjHrqk3xBoX7VCwbAGIjYswzZEm\/iQxQPiFfp4bEBdEX4JyIdZbAispHCbNxgNxsish0PHubawe70t4pR\/z5+CeolA6tvh6cdO92P+49ujNxe1F91uT+4pSB7dIs8xDb0eFl+cntVe9NjPcuH7bi+j6eHpxcXpce1Fp9ypdufKW+13Rx9PP510ItJ\/PH8GPKl34alb7lbTCrfBU5d+GE+et8DTKlFsIKdVpRFPLeVQOaysl5O6yFOn1JW6rT\/Hk9Qr9koZcloinc7T+C5i6h72lF7nz4ppuXUaS5Qp99K\/XtTzTMY67GclY2X6yZDVUusEY0yluKwoW4uqvor2JlO4hq3l1kl5scacLd3xv2mO6biRjOsq+Avi5pnRqEGxT\/To2sTQ\/WENiHJZqzZYlD4YzLxnfCU1uTS6rbNsH1uGOa19Jq6ObcyvTYgxGPo11TH1OqdTkTiZvpckwqmLfSt5UQkvYjXmtqPQT516wrxONMfF1BfVbMcm9QyexpynPR8PHWuZNdaLN1roux72WenRT0odeaEXTn0PuwY2U1nkNOYGXknntA6+geSHnEW5WPqRN50T\/H7UdGkkvpbVRduxwOWeY9tDx+fL0xSOWpHK5V5v1TCgG8v+FvIn1RcEt4pmW6KflaKxbPXOJA\/L9LOapL+KIhuEj1WTfEvTFD6JC5Md9lkqlVqlVtoU4W+pmhm2k0v7SqdDq9WGDnQUKbUktVqyvDSGwIbVRzthLcaGZ8Ci\/LZI6\/kzQAnf+FKt8bUF6Mv6BnBiYNg1CdgeYV037AFNQ7nq6NMVpeGKp2t9ziq12Q+S1tgdJSr\/43WBo4\/X5+2Pb88uOErJMfx6hceYg8gcMrE9CAC5NHK\/wNVzfrX5+od8HgYR2BoVA7Kdrut6L3e\/uQRwtI18NyD1PwDhTAxbdyYiCNh1HbfB69VBHv2XvjP6oeERs7\/7jedE09GYVHeTGVYlztWJ6RE0V54LgdhkMkkCMdvxL71A7bsAIkUKyHN1JvgxdgHKXhp6Iyfl6nHecrSFK6YzGBCQeqOPoc86igrG5FIL3CvHsD0f+6Qh1VFYNgpUz08rfP6sUHj+zG7YgAoH2Hdc6EVv6I4WWIBoIWMOG9F4RIou4ZLnNczhq9wO5UjnSFg="}
@@ -50,14 +50,14 @@
00878{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389636,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"pkt":"WgXZu6TVApXG95WRCABFAAF8BR4AAIAGAAAKZgACCmUAAgBQb1ebvAKbm7vpyFAYgAEWPQAAucYYa9P8yDENbbqChzNeCZ2xSn8BF2zhrej8E62BLvjS3FLP0ZF96T22eSn6lOww9Fjpqn+\/YxxLS5Zx6Kt3IRu9xD88wzGxVpYD1hfVVvWw2mvuUMWrI0WS5VhoiXMb5k7qmD\/WsY5Y2ezEDk45OplaaKLwKDCUPN4g47hFdd2iXFSU8GyFhdkLB3bcPT7sfkQX3Y\/H56h10kHt05PO24u3pyfn6dMZHcmy4MfTvXuKPYMcPzzmzxwpQw\/THfOxs01TulP6Hyli0ByLikFzAuq1ChNxNBz9fHl5ObQaVESX3Ixf7lyaw8uG8Co+jWrurN1Xws7l5UfSJ+5cHZdecYn7SvgPYaZtoXZGaiexo73iNhN6ephpv2S8z52Ew0dNk7YzS0dju8\/QqPQuG5cnzuUOY7mRri1ZY6AMJtii2VkoV4jOeC3QQ5Sb\/w99HK6xQYUAAA=="}
02390{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389747,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRoAAH8GHDQKZgACCmUAAgBQb1ebu+vLm7vpyFAYgAFM7gAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3MQ0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMzozMyBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiA1OTEzDQpLZWVwLUFsaXZlOiB0aW1lb3V0PTQsIG1heD0xMDAwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCg0KH4sIAAAAAAAA\/+1d+XLbOJP\/P1V5BwxTY8UTiyIpy7oiTck6nEziI7GTzMy3X7lAEpJo85B5SFays7W1b7Gvt0+yDYCkKImi5LHGmXHZSiyAABqNRqP71yBNvB76ltl8\/uz1kGCdfvuGb5LmyND8wCXeHuq5hKCOM7FNB+uvC7wY6lnEx2jo+6M8uQmMcUNoO7ZPbD9\/MR0RAWk81xB8cusXaCd1bYhdj\/iNwO\/nKwIqxFRsbJGG8I5MJ46re4m2x4FnaHvos6ETB1g5gnrwdXxWBLbef+a87cXM7aEzE0+XCXeIp7nGyDccO0E7aoWwraMRNER9x0V9RjEYsZKpE7gIqqHR0PEpA+OQEYvyxRoOKEtiss+kSM5cPLBwolPbyWtYG5JVDbq3IwOknmghLY\/no6M6frIONk1aC0E107CvkUvMhnA+dFxfC3z0VqPjHrqk3xBoX7VCwbAGIjYswzZEm\/iQxQPiFfp4bEBdEX4JyIdZbAispHCbNxgNxsish0PHubawe70t4pR\/z5+CeolA6tvh6cdO92P+49ujNxe1F91uT+4pSB7dIs8xDb0eFl+cntVe9NjPcuH7bi+j6eHpxcXpce1Fp9ypdufKW+13Rx9PP510ItJ\/PH8GPKl34alb7lbTCrfBU5d+GE+et8DTKlFsIKdVpRFPLeVQOaysl5O6yFOn1JW6rT\/Hk9Qr9koZcloinc7T+C5i6h72lF7nz4ppuXUaS5Qp99K\/XtTzTMY67GclY2X6yZDVUusEY0yluKwoW4uqvor2JlO4hq3l1kl5scacLd3xv2mO6biRjOsq+Avi5pnRqEGxT\/To2sTQ\/WENiHJZqzZYlD4YzLxnfCU1uTS6rbNsH1uGOa19Jq6ObcyvTYgxGPo11TH1OqdTkTiZvpckwqmLfSt5UQkvYjXmtqPQT516wrxONMfF1BfVbMcm9QyexpynPR8PHWuZNdaLN1roux72WenRT0odeaEXTn0PuwY2U1nkNOYGXknntA6+geSHnEW5WPqRN50T\/H7UdGkkvpbVRduxwOWeY9tDx+fL0xSOWpHK5V5v1TCgG8v+FvIn1RcEt4pmW6KflaKxbPXOJA\/L9LOapL+KIhuEj1WTfEvTFD6JC5Md9lkqlVqlVtoU4W+pmhm2k0v7SqdDq9WGDnQUKbUktVqyvDSGwIbVRzthLcaGZ8Ci\/LZI6\/kzQAnf+FKt8bUF6Mv6BnBiYNg1CdgeYV037AFNQ7nq6NMVpeGKp2t9ziq12Q+S1tgdJSr\/43WBo4\/X5+2Pb88uOErJMfx6hceYg8gcMrE9CAC5NHK\/wNVzfrX5+od8HgYR2BoVA7Kdrut6L3e\/uQRwtI18NyD1PwDhTAxbdyYiCNh1HbfB69VBHv2XvjP6oeERs7\/7jedE09GYVHeTGVYlztWJ6RE0V54LgdhkMkkCMdvxL71A7bsAIkUKyHN1JvgxdgHKXhp6Iyfl6nHecrSFK6YzGBCQeqOPoc86igrG5FIL3CvHsD0f+6Qh1VFYNgpUz08rfP6sUHj+zG7YgAoH2Hdc6EVv6I4WWIBoIWMOG9F4RIou4ZLnNczhq9wO5UjnSFg="}
02392{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389749,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ApXG95NL5kBKB+riCABFAAXcBRsAAH8GHDMKZgACCmUAAgBQb1ebu\/F\/m7vpyFAYgAHL\/gAAgCTjk6WgOk+Yuhte8YCoqJM+Dky\/zcMPdjmAy1qchxlt2GLgEfd9OLdw8XoSkvVGjtfwPBEmjtye9l\/muGR2+aTR0qa0i9hFqOXRIbugmqzkVWkv2XInt0ev7u6mkBUY+wtU6bVlovsbE81RUSyySq\/dhWgKWSqcBbLPn317\/gzRgrvQZg1QYEOIhkfkJeTY1cnQMFlu1upVbhc1G4h2hHgrWuwSCN00Qov3coixxK1JtBD9l5yz4ZDPZrgeh0Nec1bPfDk0w6omU7lXDWg7a8FWcEi9UMjnaSxU4Jai+boQRc\/UTtFvDdSYuCyeptYacRvVkBDDE43yQRlpxDS9EdZASnCd5kKj1pBYO95aX0lDlqQfs4ggbuUbSjFJDmkmhpUEJuIuhNUBs+ANgQOyqpBC0rIRNo2B3RD44IWQnCBLFaH5mnol1Ie5aghtKA\/cKTpy\/KGhQRmejyBDo2U5qlEQmonc6wIGWVNK8AWiQZn9N9nWhR7vDtw1qk92wSm7VKCz7hzbcsBq0B4awjrzS6N1rPkFHwR7iS\/7rkFsvZATIirUtzYEEAisHuqGRC7xXOhoc\/VkUeB6tGwIzCYoBH4qAQ5gckLzArpGGPVY1\/HoCnweC0wXeEpv3uX6fTU8UknPW0lNoDopbEyQN1KUeA0clDK1fa4xn+rZAo6Us8CUHnDLjILnamu2PfgV6jqdS5tMxIHRj9aFXD6I2Csp0Cvd78LXBJ05o8AE5\/nF8IeoC1oxBbDwA8qjGXVYMmwlZExUqLfjcEmoEBw5lhCtEKbIdDyLUqH7TUmRp4hVANgohHMmUNguRMMQFGl5MS8sA49gVxuCLM9ZIjmO1exGC\/o1TL6NAKnAagMkGFkVrughwm0eE0slbmgmdmzVG9UjnlYsTYu1KHjQl2EXAMupzXNIo7f264LKRB2SSfbGg7rmf853lKzBFy6zQn+Sm2CU4OaYoE+jiCHAqiCKDUTHZzqeugMpKcU+HjsuAHQ2a46tmYZ23RBmYLcWolWAwMS1sSm2dL0XtnmZzj644U21GLz1A1i\/YhFCwjJYP+AdcDICcUZD8BakGU7PqmWVDAuEhbBAmIUFwiwsEMKwAFAS4E3HuTbIDNAcn7Y7AKJi6KSLA+J3TUIR8OH0rf4yVPJdaALRwpuL4\/cNYY3uGBDLE6ozCT2MZUg16XiKjDdQh4889KS4SZFRCgOxftyFh4T+wpwkFPg08COBCxxJLeKodHuUtPpRPrL7mfYqtFFD1Vu1HKImNPhEFvGHDqwKkALUZ7BwnRULd+Sx7VE9BNRrGaCFMN0\/RLGMCGXijQirMyC76NvC5T5kIUqsoxBk8sjqD2HJWy2OM4nI2BZpNPI0xJgmxHm\/Ghpza15+tjNx8Sgqtag6q3OqJbxQqvtKGchxYBfuQ0TGnd5RqcVapiasFfOk9ijwE6spEuaNgJi0GkJ0E0pAFr41iT2gHCsl8D50d4MyDym62KGq4xls\/8ElJsCwMQk37hRJqoe7HYqSuuMXb2cUi+12cu+kOLoVQoAUcT3HszYk2rXq3ArMlPp44EUj4OlwEA51UwkSc+Irdyvlw31AZtACFMicJtFtqqTUAMy7HVPvQZzEGfAu+5COeYizsVnXmc5BnMWVsaHUwytMa1\/uxmpA90opz6zb5pwAspk5I85oxs4ozEX8RPmVDMl3ZWhjhJrkeWjoOrFjtjQcs8+Uv0BNwf2svb6wuFfYuXXobdPRZSDwZmgRYpzJFYuR2ADAp4A\/HhuyaemvhusrMLVJ+muiznA1p+0tL+whL+5jplp+ugkvhG59huRX+C26XsBbtUxzhvh2XsiVYn0j2Maa\/3zTYFHkDuhVQ8k12Q3se5FjwWlEjt0Ivxc5GtlG1Ojt9HsRC+1zRO+MZxMkM39zGMpnPDe\/zT0PYF4cluin+YnH77\/R+J3aPU8URfRQOJ8="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614860229389,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":389866,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"5kBKB+riApXG95NLCABFAAAwBRcAAIAGAAAKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAEU8QAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390049,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBRcAAH8GIeMKZQACCmYAAm9YAFCbu\/hqAAAAAHACgAHrgAAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"WgXZu6TVApXG95WRCABFAAAwBSIAAIAGAAAKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAEU8QAAAgQFtAMDAQA="}
00425{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390279,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ApXG95NL5kBKB+riCABFAAAwBSIAAH8GIdgKZgACCmUAAgBQb1ibu\/tYm7v4a3ASgAFUWwAAAgQFtAMDAQA="}
00421{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390281,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRgAAIAGAAAKZQACCmYAAm9YAFCbu\/hrm7v7WVAQgAEU6QAAAAAAAAAA"}
01140{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390287,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"5kBKB+riApXG95NLCABFAAJGBRkAAIAGAAAKZQACCmYAAm9YAFCbu\/hrm7v7WVAYgAEXBwAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2VhcmNoXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPQ0KDQo="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":542,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.aimini.com","url":"www.aimini.com\/webcounter\/w.php?___hm=.net_Search_&_lh_=http:\/\/www.aimini.net\/search\/?q=pictures&sca=&__Refer_=http:\/\/www.aimini.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko\/20110420 Firefox\/3.6.17"}}
00421{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390401,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRgAAH8GIeoKZQACCmYAAm9YAFCbu\/hrm7v7WVAQgAGAHwAAAAAAAAAA"}
01140{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390501,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"ApXG95WRWgXZu6TVCABFAAJGBRkAAH8GH8sKZQACCmYAAm9YAFCbu\/hrm7v7WVAYgAFYUgAAR0VUIC93ZWJjb3VudGVyL3cucGhwP19fX2htPS5uZXRfU2VhcmNoXyZfbGhfPWh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPSZfX1JlZmVyXz1odHRwOi8vd3d3LmFpbWluaS5uZXQvIEhUVFAvMS4xDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KSG9zdDogd3d3LmFpbWluaS5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzOyBVOyBXaW5kb3dzIE5UIDYuMTsgZW4tVVM7IHJ2OjEuOS4yLjE3KSBHZWNrby8yMDExMDQyMCBGaXJlZm94LzMuNi4xNw0KQWNjZXB0OiBpbWFnZS9wbmcsaW1hZ2UvKjtxPTAuOCwqLyo7cT0wLjUNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCxkZWZsYXRlDQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpLZWVwLUFsaXZlOiAxMTUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClJlZmVyZXI6IGh0dHA6Ly93d3cuYWltaW5pLm5ldC9zZWFyY2gvP3E9cGljdHVyZXMmc2NhPQ0KDQo="}
00796{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390509,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"WgXZu6TVApXG95WRCABFAAFFBSMAAIAGAAAKZgACCmUAAgBQb1ibu\/tZm7v6iVAYgAEWBgAASFRUUC8xLjEgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDgxMDQ0NjQ3Mg0KRGF0ZTogV2VkLCAwOCBKdW4gMjAxMSAwOToyMjo0NSBHTVQNClNlcnZlcjogQXBhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtTGVuZ3RoOiAyMA0KS2VlcC1BbGl2ZTogdGltZW91dD0yLCBtYXg9MTAwMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQoNCh+LCAAAAAAAAP8DAAAAAAAAAAAA"}
@@ -65,8 +65,8 @@
00422{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390687,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"5kBKB+riApXG95NLCABFAAAoBRoAAIAGAAAKZQACCmYAAm9YAFCbu\/qJm7v8dlAUgAEU6QAAAAAAAAAA"}
00422{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390688,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"WgXZu6TVApXG95WRCABFAAAoBSQAAIAGAAAKZgACCmUAAgBQb1ibu\/x2m7v6iVAUgAEU6QAAAAAAAAAA"}
00422{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614860229,"pkt_ts_usec":390930,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ApXG95WRWgXZu6TVCABFAAAoBRoAAH8GIegKZQACCmYAAm9YAFCbu\/qJm7v8dlAUgAF84AAAAAAAAAAA"}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_tot_l4_data_len":62186,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":863,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_tot_l4_data_len":3586,"flow_min_l4_data_len":20,"flow_max_l4_data_len":551,"flow_avg_l4_data_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":14200,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":473,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":72,"flow_first_seen":1614860229383,"flow_last_seen":1614860229388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60714,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test"}
diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out
index 4ee866771..a40039e55 100644
--- a/test/results/alexa-app.pcapng.out
+++ b/test/results/alexa-app.pcapng.out
@@ -3,78 +3,78 @@
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","type":6}
00334{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976022,"pkt_ts_usec":526847,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","type":6}
-00440{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490976022731,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490976022731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976022,"pkt_ts_usec":731312,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
-00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490976022731,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490976022731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00452{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976022,"pkt_ts_usec":731374,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
-00431{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490976022741,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00439{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490976022741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976022,"pkt_ts_usec":741105,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
-00465{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490976022741,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00473{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490976022741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00464{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976022,"pkt_ts_usec":741164,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHL0AAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490976023264,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490976023264,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00833{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976023,"pkt_ts_usec":264023,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490976023264,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,33,3,6,15,26,28"}}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490976023264,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,33,3,6,15,26,28"}}
00833{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976023,"pkt_ts_usec":264087,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCCABFAAFX84EAAEARhhUAAAAA\/\/\/\/\/wBEAEMBQ5j9AQEGAHxtfzEAAAAAAAAAAAAAAAAAAAAAAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBePiC0\/vCMgSsECrYOQIF3DwMZGhjcGNkLTUuNS42DBhhbmRyb2lkLTFjMTMzNWVjOTVhMjczMTg3CgEhAwYPGhwzOjv\/"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976023,"pkt_ts_usec":267639,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"ePiC0\/vCAMDKkaPvCABFAAFIz1MAAEAR\/VesECoBrBAq2ABDAEQBNCIdAgEGAHxtfzEAAAAAAAAAAKwQKtisECoBAAAAAHj4gtP7wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgSsECoBMwQAAKjAOgQAAFRgOwQAAJOoAQT\/\/\/8AHASsECr\/AwSsECoBBgSsECoBDwNsYW7\/AAAA"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1490976023731,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1490976023731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976023,"pkt_ts_usec":731065,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
-00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1490976023731,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1490976023731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00442{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976023,"pkt_ts_usec":731126,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1490976024793,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1490976024793,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":793542,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWklAAEARM1+sECrYrBAqAQ1wADUAN5pbXVABAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAE="}
-00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1490976024793,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1490976024793,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":844591,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ePiC0\/vCAMDKkaPvCABFAABnz+xAAEARvZ+sECoBrBAq2AA1DXAAU9tZXVCBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAAcAAHADAAcAAEAAAErABAmB\/iwQAAIEwAAAAAAACAO"}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_tot_l4_data_len":138,"flow_min_l4_data_len":55,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1490976024847,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.7.248.176"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1490976024847,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":847601,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"AMDKkaPvePiC0\/vCCABFAABLWkpAAEARM16sECrYrBAqAdlDADUAN19T54QBAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAE="}
-00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1490976024847,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1490976024847,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":848551,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ePiC0\/vCAMDKkaPvCABFAABbz+1AAEARvaqsECoBrBAq2AA12UMAR0w654SBgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2FuZHJvaWQDY29tAAABAAHADAABAAEAAAEYAASs2QmO"}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1490976024857,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.android.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.9.142"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1490976024857,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":857901,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8rxxAAEAG\/k+sECrYrNkJjutWAFC1gOcZAAAAAKAC\/\/\/pcgAAAgQFtAQCCAoA9kgFAAAAAAEDAwg="}
00440{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":894393,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8rv4AADQGSm6s2QmOrBAq2ABQ61bhGRrktYDnGqASpajwtAAAAgQFZAQCCApVvgGZAPZIBQEDAwc="}
00429{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":896799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx1AAEAG\/lasECrYrNkJjutWAFC1gOca4Rka5YAQAVfDfgAAAQEICgD2SAlVvgGZ"}
00684{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":899914,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"AMDKkaPvePiC0\/vCCABFAADwrx5AAEAG\/ZmsECrYrNkJjutWAFC1gOca4Rka5YAYAVdZcQAAAQEICgD2SAlVvgGZR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgNS4xLjE7IExHTFM3NTEgQnVpbGQvTE1ZNDdWKQ0KSG9zdDogY29ubmVjdGl2aXR5Y2hlY2suYW5kcm9pZC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":32,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
+00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1490976024857,"flow_last_seen":1490976024899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
00428{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":983411,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0rx8AADQGSlWs2QmOrBAq2ABQ61bhGRrltYDn1oAQAVTCjQAAAQEIClW+AdEA9kgJ"}
00543{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":992071,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"pkt":"ePiC0\/vCAMDKkVoBCABFAACHryAAADQGSgGs2QmOrBAq2ABQ61bhGRrltYDn1oAYAVS1rwAAAQEIClW+AdIA9kgJSFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDMxIE1hciAyMDE3IDE2OjAwOjI0IEdNVA0KDQo="}
00429{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976024,"pkt_ts_usec":994180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0rx9AAEAG\/lSsECrYrNkJjutWAFC1gOfW4RkbOIAQAVfCLAAAAQEICgD2SBNVvgHS"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1490976027514,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1490976027514,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":514649,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WktAAEARM2qsECrYrBAqAc\/EADUAKrjvz8MBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1490976027514,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1490976027522,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1490976027514,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1490976027522,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":522377,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WkxAAEARM2usECrYrBAqAc17ADUAKKL+U00BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1490976027522,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1490976027522,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00461{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":523403,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NFAAEARvNWsECoBrBAq2AA1zXsAOK5EU02BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
00506{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":560355,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr0NVAAEARvLKsECoBrBAq2AA1z8QAV0oUz8OBgAABAAIAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAUAAQABUX8AEQxtb2JpbGUtZ3RhbGsBbMASwC4AAQABAAABKwAErcLfvA=="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":42,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1490976027567,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.223.188"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1490976027567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":567694,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81nRAAEAG\/9+sECrYrcLfvKd+FGxeQZ9gAAAAAKAC\/\/\/gAAAAAgQFtAQCCAoA9kkUAAAAAAEDAwg="}
00442{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":617961,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA86FEAACsGQwOtwt+8rBAq2BRsp36O4XTVXkGfYaASpajFDgAAAgQFZAQCCAor\/EXWAPZJFAEDAwc="}
00431{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":621372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01nVAAEAG\/+asECrYrcLfvKd+FGxeQZ9hjuF01oAQAVeX1wAAAQEICgD2SRkr\/EXW"}
01131{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":625622,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"AMDKkaPvePiC0\/vCCABFAAI51nZAAEAG\/eCsECrYrcLfvKd+FGxeQZ9hjuF01oAYAVd0AAAAAQEICgD2SRor\/EXWFgMBAgABAAH8AwP8yOM7BlQk\/N7361hEfifQEjFK9C+2z6dEAXB5upIKVSBsZf8WSacPFJ5360Xf7gbKvq4VJrM6Sp5Mx957SU1grAAozKnMFMArwCzMqMwTwC\/AMACeAJ\/ACcAKwBPAFAAzADkAnACdAC8ANQEAAYv\/AQABAAAAABUAEwAAEG10YWxrLmdvb2dsZS5jb20AFwAAACMAxAOeKIxvS+dmkCkOmeIUcJ137rveu8cp7SsJcSkCCJYpUIY+YBkt6aFuQ6LPrhBKvBHLUbeG3+HUzr5FnCqyl8+ID9q3G1h7YfsoYtCoJkMsPA\/kz1MiwPPwRp1Ls85ZA1SJko+D8IYkqP0qv5to9svOUJZSfo1gVcDl2auONMm8nfCIA74AFXnyO7ekI+VS57Ocl60m10z72XP7SkonMcdfpTgCFqrNIsf0dRbWAaOlueauQJaMo6gNlxUOxYiF9f84qwcADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAACwACAQAACgAIAAYAHQAXABgAFQBqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1490976027567,"flow_last_seen":1490976027625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00429{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":674065,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA06HIAACsGQuqtwt+8rBAq2BRsp36O4XTWXkGhZoAQAVSVmwAAAQEICiv8Rg8A9kka"}
00624{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":674201,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"ePiC0\/vCAMDKkVoBCABFAAC\/6HMAACsGQl6twt+8rBAq2BRsp36O4XTWXkGhZoAYAVTDZQAAAQEICiv8Rg8A9kkaFgMDAFsCAABXAwNY3n0bUCjb4zZ6G4o\/TWqWWSQ9p2ufUUcQGSbu2zc5aiBsZf8WSacPFJ5360Xf7gbKvq4VJrM6Sp5Mx957SU1grMypAAAP\/wEAAQAAFwAAAAsAAgEAFAMDAAEBFgMDACCIe6GZq9kBxo7r4HWprFg9\/LyCznTtsBrZNO9GTNpsww=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_tot_l4_data_len":864,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":35,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1490976027567,"flow_last_seen":1490976027674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mtalk.google.com","ja3":"a5a59633017c3d696d2c69350e5fc004","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
00431{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":676191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01ndAAEAG\/+SsECrYrcLfvKd+FGxeQaFmjuF1YYAQAVuVBAAAAQEICgD2SR8r\/EYP"}
00493{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":677093,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"AMDKkaPvePiC0\/vCCABFAABf1nhAAEAG\/7isECrYrcLfvKd+FGxeQaFmjuF1YYAYAVt+zAAAAQEICgD2SR8r\/EYPFAMDAAEBFgMDACC+XgFeI1a3FeBThI9cDRefvqyGssnmLngTl2GMEbbGdA=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1490976027724,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1490976027724,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":724821,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk1AAEARM2qsECrYrBAqASjeADUAKB2sfT0BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1490976027724,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1490976027724,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00461{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":725831,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM0NhAAEARvM6sECoBrBAq2AA1KN4AOCjyfT2BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAAEGAATYOtrE"}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1490976027733,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":39,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.218.196"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1490976027733,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":733585,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c0BAAEAGOiysECrYrNkJjorUAFAegTplAAAAAKAC\/\/+MiQAAAgQFtAQCCAoA9kklAAAAAAEDAwg="}
00442{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":741389,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
00442{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":741448,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
00441{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":776018,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8g+MAADQGdYms2QmOrBAq2ABQitTVYWKuHoE6ZqASpahLiwAAAgQFZAQCCApVvw3GAPZJJQEDAwc="}
00429{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":777780,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c0FAAEAGOjOsECrYrNkJjorUAFAegTpm1WFir4AQAVceVQAAAQEICgD2SSlVvw3G"}
00684{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":780692,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"AMDKkaPvePiC0\/vCCABFAADwc0JAAEAGOXasECrYrNkJjorUAFAegTpm1WFir4AYAVe0RwAAAQEICgD2SSlVvw3GR0VUIC9nZW5lcmF0ZV8yMDQgSFRUUC8xLjENClVzZXItQWdlbnQ6IERhbHZpay8yLjEuMCAoTGludXg7IFU7IEFuZHJvaWQgNS4xLjE7IExHTFM3NTEgQnVpbGQvTE1ZNDdWKQ0KSG9zdDogY29ubmVjdGl2aXR5Y2hlY2suYW5kcm9pZC5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":32,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
+00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1490976027733,"flow_last_seen":1490976027780,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"http": {"hostname":"connectivitycheck.android.com","url":"connectivitycheck.android.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 5.1.1; LGLS751 Build\/LMY47V)"}}
00429{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":793513,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA06L8AACsGQp2twt+8rBAq2BRsp36O4XVhXkGhkYAQAVSUaQAAAQEICiv8RoYA9kkf"}
00950{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":797029,"pkt_caplen":442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":442,"pkt_l4_len":408,"pkt":"AMDKkaPvePiC0\/vCCABFAAGs1nlAAEAG\/mqsECrYrcLfvKd+FGxeQaGRjuF1YYAYAVtXlAAAAQEICgD2SSsr\/EaGFwMDAXO\/EiqMB2v+WlbPg5zRioefIcPTtrVIfCONSCNUB+3i1QnYEoGqhU63lO\/mbrlXvS55jgamrAxF5lh4o4FiRDC\/rjU4hmEVB28OE6hv\/6yJWgqKlFdVvi1ZqJz2hNr0ldCR\/LRbPeNacXfwEZdWWNlaIl\/h2izTx1qb9X2WKsB6emSiByXTy7\/ec5RfJzv8b5VdtltffsDjjZuf\/BT+GidMfLJRJATytbHYaiJY1DhVIUXLlFJCbgu4diP8MDyJUdp05xJ9nhpujW+MpRyGbFZAHOqAbu5awlWXZvbKUfeQ8crktl2hWe0LWp\/x60fcjob9HC7TfTQKZZUnrF5Fh4Y+ax6Ml8P5wgl3+8ZddVPAxWG\/JZhqQsbkd6PTJVR0BjwAHlhNDZL+CWy43PCzOX+kq4ohMKeiYbeWO5t7XmbYfxgb4LigDgt2AAsepd+P9Y+ZloOerTY\/ueKLp7bB4PgIbSvx6VFiRJMujBTVacs8tXt6LA=="}
00430{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":824392,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0hBMAADQGdWGs2QmOrBAq2ABQitTVYWKvHoE7IoAQAVQdbAAAAQEIClW\/DfYA9kkp"}
@@ -85,26 +85,26 @@
00581{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":932358,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":172,"pkt_l4_len":138,"pkt":"ePiC0\/vCAMDKkVoBCABFAACe6O8AACsGQgOtwt+8rBAq2BRsp36O4XV3XkGjCYAYAV2X1gAAAQEICiv8Rt0A9kkrFwMDAGW4rSCJU6w1QBWCCb6icNhksEnegr0QmHa5CtWXaVWXyp\/EmS3xdVS\/COMw\/XBKLbVzATaXMKULZeFDGy5l4mra5MUb4wA\/owBQ3yNRRmNTrV5X4nsj64KrULtgpeeCdNYH2s8qKw=="}
00590{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":932494,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ePiC0\/vCAMDKkVoBCABFAACp6PEAACsGQfatwt+8rBAq2BRsp36O4XXhXkGjCYAYAV02ogAAAQEICiv8RuAA9kkrFwMDAHCM78KlL1c7f7AIAO2lgDLD7At70yiIFp+zTbNqBB4JNPsUDbfB39wAcF8CisSbpSx1Qqab9mKLjZBIu+K4YTvmXPsJnz+k7qZ1g4nGzviZLHMVrZrWPOOuBTGer9YvwWsXsblpk9rKRluW\/ecJtHqe"}
00432{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":958063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA01npAAEAG\/+GsECrYrcLfvKd+FGxeQaMJjuF2VoAQAVuRmwAAAQEICgD2STsr\/EbE"}
-00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1490976027958,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1490976027958,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976027,"pkt_ts_usec":958387,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQaiwAAEABYsesECoBrBAq2AUBiVKsECoqRQAANNZ6QAA\/BgDirBAq2K3C37ynfhRsXkGjCY7hdlaAEAFbkZsAAAEBCAoA9kk7K\/xGxA=="}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1490976027958,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1490976029184,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1490976027958,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1490976029184,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":184743,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Wk5AAEARM2msECrYrBAqAbwbADUAKEUyqIoBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1490976029184,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1490976029184,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00616{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":244910,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90PZAAEARvD+sECoBrBAq2AA1vBsAqWPAqIqBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAToAAoDd3d3A2NkbsAQwCwABQABAAAABgAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAQABDRV0cXAQgABAAEAAAAEAAQ0VdGPwEIAAQABAAAABAAENFXR2MBCAAEAAQAAAAQABDRV0Xo="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1490976029248,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.197"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1490976029248,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":248822,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xDtAAEAGmX2sECrYNFXRxdfKAbvTso2HAAAAAKAC\/\/\/liQAAAgQFtAQCCAoA9km8AAAAAAEDAwg="}
00441{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":325964,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqrg0VdHFrBAq2AG718qLhBMS07KNiKAScSCB1QAAAgQFtAQCCAptCebiAPZJvAEDAwg="}
00429{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":328330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xDxAAEAGmYSsECrYNFXRxdfKAbvTso2Ii4QTE4AQAVcgZAAAAQEICgD2ScRtCebi"}
00729{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":341528,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"pkt":"AMDKkaPvePiC0\/vCCABFAAERxD1AAEAGmKasECrYNFXRxdfKAbvTso2Ii4QTE4AYAVeNQAAAAQEICgD2ScZtCebiFgMBANgBAADUAwNT2KB0JrHY5dbwauLLHFhO0VZRwtPH9AKUlOkcVsOHnAAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAfwAAABMAEQAADnd3dy5hbWF6b24uY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":32,"flow_max_l4_data_len":253,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1490976029248,"flow_last_seen":1490976029341,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00429{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":386853,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09fhAAPMGtMc0VdHFrBAq2AG718qLhBMT07KOZYAQAHYgXQAAAQEICm0J5usA9knG"}
02375{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":387254,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc9flAAPMGrx40VdHFrBAq2AG718qLhBMT07KOZYAQAHZvywAAAQEICm0J5usA9knGFgMDAEECAAA9AwPuo9AAlhttAZnaq4FrlIhu3W20KiqECP2i3kzJGV6L3QDALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAwvoCwAL5AAL4QAGnzCCBpswggWDoAMCAQICEB1Kvap40Jr+eZ1BvOt6dmIwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjEwMzEwMDAwMDBaFw0xNzEyMzEyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRkwFwYDVQQKDBBBbWF6b24uY29tLCBJbmMuMRcwFQYDVQQDDA53d3cuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJaKGd1n\/gfHNZ02Y\/9eMAjyI8oXDlecrRGUA27X7VosTsU6RtkpZNhiNac7REqaKQZm2P4WjOWDVg2Ax69NQEL8wKsLDcs+bF+K8rZCBFiPdg6Jim78UCq8tJtGbo\/TM2m2W9rx29HW1sFJdsl5+Z5XxyUn5g9E0t1BTWkM1xMRZ5SlP4u1aJixAfzvTrXydFdl2c28zsd0X708ucJp+AMQgu5xkZJTQSlWvp6UZdM4\/paMgmjPgBeWFfWW1ESLsWImTlt7tmuulc2MAkWthHbSGzwCzv3UqxTQLmgISqqRTdDgeNndeiFlDiojIhwyS+ddmACSQZn0DyO31ULVycCAwEAAaOCAykwggMlMIHUBgNVHREEgcwwgcmCCmFtYXpvbi5jb22CCGFtem4uY29tghF1ZWRhdGEuYW1hem9uLmNvbYINdXMuYW1hem9uLmNvbYIOd3d3LmFtYXpvbi5jb22CDHd3dy5hbXpuLmNvbYIUY29ycG9yYXRlLmFtYXpvbi5jb22CEWJ1eWJveC5hbWF6b24uY29tghFpcGhvbmUuYW1hem9uLmNvbYINeXAuYW1hem9uLmNvbYIPaG9tZS5hbWF6b24uY29tghVvcmlnaW4td3d3LmFtYXpvbi5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVgYn8nxAAAEAwBIMEYCIQDp8WWCCDpbtC9Z72N\/spPAMoGM7d0bKGQ9VnLOU5flvwIhAK49N7TMmKEmtSNuc66ro1w0KeRpzF6CNDBwFyDVnBFdAHcAaPaY+B9kgr46jO65KB1M\/HFRXWeT1ETRCmesu09P+8QAAAFYGJ\/KGgAABAMASDBGAiEA0ZUEPCgtkf27znk="}
-00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_tot_l4_data_len":1877,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1669,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02381{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":387805,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc9fpAAPMGrx00VdHFrBAq2AG718qLhBi707KOZYAQAHbKZwAAAQEICm0J5usA9knGYmvQUZ53FuMTg6CV6NkRgpIId6RFAiEAtsbIk\/ABqDCVGcUPmKoTVnNJM7q5p2coRrM8lxbaxGcwDQYJKoZIhvcNAQELBQADggEBADrkqWwDHG2B+zTmpXTLBOozqobMGQwiAnMmkKH05H5f5JOt+OmGctCU7Ai4fGIXShWmGx\/2hhbpNhCKYEgqgWk\/3hZsbaiOyvf1gnqSIOG523d5\/bhCdncC2dczk4tW\/jqLBmy3hPB3A7f8hqWfuqXexVfv7XfKxwRd\/B8xPQkjXLOX69ny1Hptzlf0erCO4AMl6UiY+z9PGyEO3clGFtS4pwXGNoRwS1GqgZ6aBmASlGeJ9RIG+eXTUhXNvvUMZa4GnHSqumu4wBRTWU4muD+vBAxJcLaVJkOIOfVyMrTP5cuLvHzo3\/uNbrMqHlGNKCuvoftmGLC3CknMuyNPUJcABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSw="}
01213{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":387940,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJy9ftAAPMGsoY0VdHFrBAq2AG718qLhB5j07KOZYAYAHbVeAAAAQEICm0J5usA9knG+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMBTQwAAUkDABdBBPzMx8TOUh8k1r+fegw7wgtWljJgphBkEBMWhqW+sE7+pNfMMqzHIvysc0mcSYAsbpDkK\/3bMqVMoSTWqiIFwzIGAQEAaSQfcVECH6uvn+A6vmjR8w5CVPZmyjBFCOrJkytVISiS+\/+WYz\/jchUSzMQYQHDICH6pXf24TZQO+HkmgYhVM8birBo+mdePIyFGPX4AIUy+P3nCBcl0WZGUMltILeVhqxyzmUX3c3Ea8oX268svQxQYuHV52e2fK4ApMSwnxQyoWxA9rFmqERwwE66tvhydadNZX6l5rsPPNxKB+N8OQF2R\/Y+mreWkpYaydIV1DRrifXswzalurERmkrOrXYPtozVJG3YBD\/e1Jv7PaDNb6rhHxJkUPIZuwURxXW0nwWBAT2MVNXkI4b7YOKFwJ3+ddHr1DqachB7bc1RPOvLgVxYDAwAEDgAAAA=="}
-01298{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_tot_l4_data_len":3963,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01309{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1490976029248,"flow_last_seen":1490976029387,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3691,"flow_avg_l4_payload_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
00429{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":390112,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xD5AAEAGmYKsECrYNFXRxdfKAbvTso5li4QYu4AQAWIZxQAAAQEICgD2ScptCebr"}
00430{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":391909,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xD9AAEAGmYGsECrYNFXRxdfKAbvTso5li4QeY4AQAW0UEQAAAQEICgD2ScttCebr"}
00430{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":395479,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xEBAAEAGmYCsECrYNFXRxdfKAbvTso5li4QgoYAQAXkRxwAAAQEICgD2ScttCebr"}
@@ -112,96 +112,96 @@
00762{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":615366,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"ePiC0\/vCAMDKkVoBCABFAAEm9fxAAPMGs9E0VdHFrBAq2AG718qLhCCh07KO44AYAHakNQAAAQEICm0J5wMA9kndFgMDALoEAAC2AAAqMACwVFa0PclIpB\/guv14R\/HQ9H\/jalGzV7EvNl8eRaM6rfwATbsnQL+mEOp3WJA8tt3iJeTbU1fTRm1ahkKIzXD1rM3HYrAFFJWxuro7R2RKPwcSKgZYp3xYQmCF3dsYONqPFd2VHbwiYGKafu1C4SPI8xENEtlFTIonqCRmOjB5RVBgqoIrBBC2oN+15Kr6pUOvh3cgfsprLFFQ3pLChfqTgbke\/FeZ+\/LMZnhtEzXXdeYUAwMAAQEWAwMAKNB2GQLBVKtI4KJEpORCeTQJYS3XXx29sXHBIMDdNL4yoP0FMgPaUhk="}
00430{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":617749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xEJAAEAGmX6sECrYNFXRxdfKAbvTso7ji4Qhk4AQAYQQHgAAAQEICgD2SeFtCecD"}
02288{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":637775,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"pkt":"AMDKkaPvePiC0\/vCCABFAAWIxENAAEAGlCmsECrYNFXRxdfKAbvTso7ji4Qhk4AYAYTo+wAAAQEICgD2SeNtCecDFwMDBU9TjGQvT9dDrd69i1qiY\/boODLY8MAmuCHYx+nUFCs9M5mwTHUKLyAQVtgQjHuI8OesbCrRIRUa8sG08vNTpGT83hLxQ5v4xfY491JwZHdlrT5zSHchq9wmK7GSAVLnC2w2A\/MOofGRH\/1dSQmuaf9MlzPLyw9IG9FhyVLl2pkS\/c5jkGNS69Ut+wzsyX0Il\/0vi0my4KW4+FMZL1vmej7ZlAFKr9IJtwJ97V6onObB5xaccRyMkhOdUFUoDlY4l+PGYtSj3bm9moS7HbUyMUFpb9F3lTuGnHh++5fyuAYNq+XdCb4kP2aShGTVp961R6zmOf+KSyVL0tE\/8s5SQ2WICLd2KbXV0Tkx77rFRVSpZsyx22nD7BB3d3TUfnEbVm0HxfTIGhri6GNvgBhiEQYo9YmP4MjbzwL7cqCUn\/5\/ZtWEmUg5PMUE03UWezIMy14yNJa+utwmh8KqGUSPfkHKv7YidS8q5d3df\/NqlbJjnZc5Sg3g7+N922TsHtDcKT2JlSkyiXvbMIwm+mWPLLGVJ0470xicMVqnYmB2ejnbvGIbQHQJRIvcHOy6HN1bZI4mCRj7hTKMCdS7r1zRYrVSEvKEPX5qNAs9ci7q+Z6jwBX0ZPOLBcGVWZtpf3bjlTXmHi82zlrgHroNnlvCTSy6eM3hNaWsA4Rqq\/wWcqTUtNOtz+Ql6VCOekG18a\/bi\/QvRSWnc3COvxKj8VAjf7izFBEYiNB5Mh1cv2YS\/G3YPONNBC0bTtbfl\/xfUYKPs3BC8nL+ljMHfAMLgYfbWA4o1UdTBj6OxF7VBgQBf\/d8VZ+oL5LQXmx0lUz0iKcIw2vXLgPEVBbOK3Xz+UbePj87xFgxMpNnHGSJ7gBdCfB1qzA\/o6voAW0Q5NhtATD0DU+HsGdIakUJBvGUHN6i9mcovHPyBppqxvV4xn04wkJHRsomPbe5g5nhPK4biigAb1J\/MwWFSfmuDFI4INkB14th6G1BzDMnhsyXFokbUfe7ywuSTJt8krYBJMPJ6Uje14DRvOm5bek4O5fVhVXngS7\/+VFXmx+F7XjIIHxTPzEuVKmlQsFm\/7PLbOhXha0gCLr6q5cuQ9pEkd3+tR2NXjuM+EsOxTX582aHCOflTIPKrWNo1CtWpT1HYMtaOz6SxAJKKUyt6JrrTAA2jErGHu8HIcBGGslJnPla9wib\/AG\/RBFylE\/uEYdPR6IlZF0fxHM8BZWfOLiL8Xyr5NUxwdsXaRLayTQ01odss0Z\/xn923TV+\/mhrkXTUGWJ2pSE6eM3evxBFquQluaLfHCd7d87ooSpQE8qz6K2+GWs+VgEhttmf4ctce14W27UpVlINpsejsn3oN1gqsnDy1+QWHnbdR8KCSNSbH+okXCBN90vYIATvFn0OWS52rmeOLECtVplAJAwB3RQ7EP5VFAiU\/pYPD8ro0DG8bAkRD2r5ypV8fq8KLDEc66MB0KgvbEH6aWXPYiFb1ebh+PC+\/DSIFAsczvJunOtNxvwep\/smJ2tIMP6p9rulcHkDxWqo1H20MG9dLEUOuWnyDxd3kHDs8Y3tpbh+TwDG0vuovl+RMLOQzUnRx8GrUj+cPcgUy0RQypCCI26CRneNNM9ORaxlPCGIbUFZg+dipcEIqRgM0u\/3r5ErMwtfIkGTA4HWwVLL0GhtjDQ4Y5PKqhlMxNm658LXDLidtvI5NMMzpWoA1X3rN0+wd3U+oPUy\/RIhnyzllknZMf\/FIAnRrtWCCVfcKcSjoYtklIuf5vhQyD\/wUgAmz5Od\/9N9BtFq1gGRX6R8UC8UM8KUL1CKhrhDuhXHXmk="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1490976029669,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1490976029669,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":669574,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"AMDKkaPvePiC0\/vCCABFAABGWk9AAEARM16sECrYrBAqAU3\/ADUAMlRV5qsBAAABAAAAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1490976029669,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1490976029669,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00511{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":753315,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw0QhAAEARvHqsECoBrBAq2AA1Tf8AXGjL5quBgAABAAIAAAAABG1hZHMPYW1hem9uLWFkc3lzdGVtA2NvbQAAAQABwAwABQABAAACoQAOBG1hZHMGYW1hem9uwCHANgABAAEAAAAGAAQ0XugA"}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":50,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1490976029756,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":80,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mads.amazon-adsystem.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.0"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1490976029756,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":756146,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YepAAEAG5YqsECrYNF7oAIMUAbsV\/ygFAAAAAKAC\/\/9G\/wAAAgQFtAQCCAoA9knvAAAAAAEDAwg="}
00426{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":858463,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9PhAAOcGq4c0XugArBAq2AG7gxTPTpIKFf8oBnASH\/5MlgAAAgQFtAEDAwY="}
00414{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":859802,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYetAAEAG5Z2sECrYNF7oAIMUAbsV\/ygGz06SC1AQAVeXBwAA"}
00726{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976029,"pkt_ts_usec":862221,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPYexAAEAG5LWsECrYNF7oAIMUAbsV\/ygGz06SC1AYAVe0ugAAFgMBAOIBAADeAwPKXhDT4mBwzwJLaYeyeukYihakDqOb9JFzyzNNj0iN1AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAiQAAAB0AGwAAGG1hZHMuYW1hem9uLWFkc3lzdGVtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgID"}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":20,"flow_max_l4_data_len":251,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1490976029756,"flow_last_seen":1490976029862,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":231,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00421{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":30696,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo+q5AAOcGpdk0XugArBAq2AG7gxTPTpILFf8o7VAQf\/wXewAAAAAAAAAA"}
00421{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":30833,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolwhAANQGHIA0XugArBAq2AG7gxTPTpILFf8o7VAQf\/wXewAAAAAAAAAA"}
02379{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":31163,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXclwlAANQGFss0XugArBAq2AG7gxTPTpILFf8o7VAQf\/z6oAAAFgMDAFkCAABVAwNlwtDt1+129\/ts0wfs5IXAeZoTW74Qi4hFVGruYDFmbSD6hNqT7V8NMSlsTBXaJXvwdh\/mwJmG72JTwvhtDtGMN8AvAAAN\/wEAAQAACwAEAwABAhYDAwtGCwALQgALPwAF\/TCCBfkwggThoAMCAQICEBVhvoqjKV5laolbo4dEzZcwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA5MjMwMDAwMDBaFw0xNzEwMjIyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRkwFwYDVQQKDBBBbWF6b24uY29tLCBJbmMuMRgwFgYDVQQDDA9tYWRzLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7tQZ1n1d3JyMr1HGhDCCUdS7Wse1z5GFWBISK3pX\/b99sSTgcs3yTX4G3iGfYdC7A2q38+o1MFIlXlIuvO93xotlvWFuW2i+xn0G0MMirFGwLcjo26u7mLPymXoSG0OEijYu9Wpr4npMF0yhmvJG1J4tqawlqyvPUAa0g\/wsk2yg+gIPxQbsH+cJptjcdhErAGSX8Oa11cGlzfP663vxr+SUa0KPD+NeuGJAqYamTckhcwWlKk\/sk9P5ZHIxQo5ZL6VtlkH675DoxgW9Gxrr1jQ1EyJJGDetpGSApYGqIbkGJY6T1UV5kcWtC2kpQnQsQk6nN4pRg8AcJsM3K52zDAgMBAAGjggKGMIICgjA0BgNVHREELTArghhtYWRzLmFtYXpvbi1hZHN5c3RlbS5jb22CD21hZHMuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABV1SLqE0AAAQDAEcwRQIgXGqJyUBdirUS9lZWmr5JHMTrALbT0SwDURIaYBVASM8CIQDq5lxpAOOkVbMEZqKns3iJFn8756qx8Zlv\/CNDBAkd1wB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABV1SLqI4AAAQDAEcwRQIhAKSM+7iHPkddNrwntojww5ukktkhcTKjA2yMJcfT3l3FAiAZ3Pftas3dIcUgdDX3bl4NvadpT61K9QF2pjl1F7igYDANBgkqhkiG9w0BAQsFAAOCAQEAMutnmJtagxNXhsSB+c8O8amvz6IvDrEVnV3HU4DE9ERh9kiHsWglEKiZlpH2\/\/UO+6tZ55NJaRjEmM1BwhA9h+ZkYURr7Mid1tE="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_tot_l4_data_len":1859,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02387{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":31709,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXclwpAANQGFso0XugArBAq2AG7gxTPTpe\/Ff8o7VAQf\/zi0AAAi0hJpz9FnVuq8jc8kba9WvW7HI594Yds2wE7DuuChDCUrYD215w7Cl0Q7fB\/1o9RRmDHrx5yNPPaj5UftuhgUv+9XAIC2b3Y7DKK2L000Z9NLbIilkLU\/4PTX8ebPMJgYRpuOEIYYBLL3Sv8Pj\/gv9xFPP9hh0ntlj4aiVj8SeavnW6+\/\/CZNATNx6KmWx8HbZqoGSTf58g4MYoM\/b49g80oV3KZ4faDWRUnyyFH5FgpiUtNFgQABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5E="}
00976{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":31797,"pkt_caplen":466,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":466,"pkt_l4_len":432,"pkt":"ePiC0\/vCAMDKkVoBCABFAAHElwtAANQGGuE0XugArBAq2AG7gxTPTp1zFf8o7VAYf\/xkRgAAnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMBTQwAAUkDABdBBDd20fbp4ncVWf\/ACeE\/jxmGH410cWIoPh4+lYdeKjdaCW9h7Sopq0a2YKSskvivffVj8HChtq9sr1S6vtUQffUGAQEAa0ORxwOHjIroQssLNodNaC2N\/5uiNcAqJi1NmIvHyYdt\/gsQZODf7JgxEb3xT9fr3L8Q3Dhrwl68OztPpTZt\/2WvbGem+mJ0IjMsK4jfX5S5aCYQlefP0sFhDbZz3yKYz5Ebqk7QauiZnBOwHyVHqcM1brn7ekG3H5w5GqMTlobg7gX1cISNQHopaEtrnv\/QakxnXGLaq8mrLy3EKU3A4uQL0iFrVKfzihrIFPMV9zl0VqKSi3oiN087C53sI3DxI5lVaalLeYd8zZy1k5ahTLHTzwomkEBe21VBarvzWNtn4S6Zsmv8\/yxMBhL1OTn08dOns125SaRsRvQdcH3ukBYDAwAEDgAAAA=="}
-01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_tot_l4_data_len":3771,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}}
+01170{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1490976029756,"flow_last_seen":1490976030031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3563,"flow_avg_l4_payload_len":395,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mads.amazon-adsystem.com","server_names":"mads.amazon-adsystem.com,mads.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mads.amazon.com","fingerprint":"E0:2E:BD:D6:46:9B:05:03:93:CC:A7:28:7A:F4:57:9C:EB:40:8F:AB"}}
00414{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":35279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYe1AAEAG5ZusECrYNF7oAIMUAbsV\/yjtz06Xv1AQAWKQYQAA"}
00414{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":35546,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYe5AAEAG5ZqsECrYNF7oAIMUAbsV\/yjtz06dc1AQAW2KogAA"}
00414{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":36355,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYe9AAEAG5ZmsECrYNF7oAIMUAbsV\/yjtz06fD1AQAXmI+gAA"}
00589{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":92845,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmYfBAAEAG5RqsECrYNF7oAIMUAbsV\/yjtz06fD1AYAXkEAgAAFgMDAEYQAABCQQSbYevDP9e67TJFZfQFIvfhrr5+fnPuxslRjL\/1Oqgzdy3UNL8+il6UNI2zO0CB77cstD\/gOobfFgR4zapVFY0\/FAMDAAEBFgMDACgXfnjwCUbJnVyWNqB++orasSpB\/oDoUxDtVQIuNuCCkMuKefrmWx8e"}
00487{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":191263,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ePiC0\/vCAMDKkVoBCABFAABblwxAANQGHEk0XugArBAq2AG7gxTPTp8PFf8pa1AYf\/rsKQAAFAMDAAEBFgMDACgkJ2tRC1us4Bb\/SF1C2Bg+OskETKZ4uLVGrQFlE1Cp+H5wONFplMgo"}
00416{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":192572,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYfFAAEAG5ZesECrYNF7oAIMUAbsV\/ylrz06fQlAQAXmISQAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1490976030681,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1490976030681,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":681470,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWlBAAEARM1+sECrYrBAqARy+ADUAMIK\/xAMBAAABAAAAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAQ=="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1490976030681,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1490976030681,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00471{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":758514,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"ePiC0\/vCAMDKkaPvCABFwABQalIAAEABYqGsECoBrBAq2AUBAe6sECoqRQAANMRJQAA\/Bpp3rBAq2DRV0cXXygG707KdlouELZKAEAGm9GwAAAEBCAoA9kpTbQnnbg=="}
00474{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":890027,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ePiC0\/vCAMDKkaPvCABFAABU0XFAAEARvC2sECoBrBAq2AA1HL4AQPRGxAOBgAABAAEAAAAAC2ZpcnMtdGEtZzdnBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAABwABDbvFrk="}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1490976030894,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"firs-ta-g7g.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.22.185"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1490976030894,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976030,"pkt_ts_usec":894150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8J69AAEAG7nysECrYNu8WudGyAbvyuG3OAAAAAKAC\/\/+kIgAAAgQFtAQCCAoA9kphAAAAAAEDAwg="}
00427{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":102375,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwN3JAAOcGN8U27xa5rBAq2AG70bLD2Mra8rhtz3ASH\/580QAAAgQFtAEDAwY="}
00414{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":103941,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7BAAEAG7o+sECrYNu8WudGyAbvyuG3Pw9jK21AQAVfHQgAA"}
00726{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":106386,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"AMDKkaPvePiC0\/vCCABFAAENJ7FAAEAG7amsECrYNu8WudGyAbvyuG3Pw9jK21AYAVcWrwAAFgMBAOABAADcAwMXtWbEMzpaIh7LAfTS6lRlyq4lFkX3g5E1gYNEJ7C9NQAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAhwAAABsAGQAAFmZpcnMtdGEtZzdnLmFtYXpvbi5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_tot_l4_data_len":337,"flow_min_l4_data_len":20,"flow_max_l4_data_len":249,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1490976030894,"flow_last_seen":1490976031106,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":181205,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoTUpAANUGM\/U27xa5rBAq2AG70bLD2Mrb8rhtz1AQAOjHsQAAAAAAAAAA"}
00423{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":183372,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoTUtAANUGM\/Q27xa5rBAq2AG70bLD2Mrb8rhutFAQAPjGvAAAAAAAAAAA"}
02378{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":185749,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcTUxAANUGLj827xa5rBAq2AG70bLD2Mrb8rhutFAQAPgbgwAAFgMDAFkCAABVAwNIOq8yPYlur6ZafUHN6NRmcNxPmXicNTZ1Gwvq54oHFyA6uaWf0D7O00ORmVtY1zrMzrFebSXNGmA+g7n9X3pGpcAvAAAN\/wEAAQAACwAEAwABAhYDAws6CwALNgALMwAF8TCCBe0wggTVoAMCAQICEGlmyz6JXoqClmJke+eOTgMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjExMjUwMDAwMDBaFw0xNzEyMzEyMzU5NTlaMHAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRkwFwYDVQQKDBBBbWF6b24uY29tLCBJbmMuMR8wHQYDVQQDDBZmaXJzLXRhLWc3Zy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUNBbY+iFgqV0kV\/4qhcN0eVOlHNv18D18P\/tYAYwgLQSwADz+HaxRcHVfbvFCnnR2cPewWFdONdmqoIpXSJJgNHGupKzGdBw1sZI9Hvyoq5lpdSm14PfyJGBRdeYAYwtrU4zazzNN\/IWs0jTBh7CDuFx2au55TtK6Mp+eTsEoL3\/KG9+KVclDlvGekG2g5CEj7MLVNSSPvCOZozaG0d8RvoMbkWESLMthqkC33QRzrmnQ9W0SWWqBURuhM0Jh9fTa+69h\/fTnbHAjTH6KP5pqgz4J56Bnl8dRfTwZmyjDzuM2pkDa0DqNBWwYddfQVOBSKg1CVNRTD2NZC6eFh2OwIDAQABo4ICczCCAm8wIQYDVR0RBBowGIIWZmlycy10YS1nN2cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWJuaO8wAAAQDAEcwRQIgT43R93TPtqSKqOZQJUUmZm4idNP9R+6s0F1taEAGQVACIQDAyJBnhXevVCm0Hie7DrWDnNPC2nP2pUrNuqNnXkEeogB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABWJuaPBIAAAQDAEcwRQIgGZOGFaRk\/3N\/PnGTBN1gCTNmLbBrtubM76UgdjX5+FwCIQDAUFLeFnb7grgO7fU7+b2vIwzHNEF0QCraZfjh0EgEVzANBgkqhkiG9w0BAQsFAAOCAQEApf39MtcmxyJY3fsB++QLtMLrBL5MT+uAmow0MEiI3Civu1yialnnboddj1zqp+MvxcbMuW\/638RGEK3Dnhlfw2SARP3a3Fes1+PRMutRcBCPRpgYjDc="}
-00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_tot_l4_data_len":1857,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1490976030894,"flow_last_seen":1490976031185,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02386{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":186238,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcTU1AANUGLj427xa5rBAq2AG70bLD2NCP8rhutFAQAPj4KAAAMY3YoEpJpJNddMlAwDYMvooom9\/MKmzzdaAtIx6mr3wHuODqGFWdDWnlD\/uNw0Hq5q7a2WC1d3bKUo13KolRHHonCGUFZ1ACOBcPAus\/Tm0yZoleG1s6NSIfv\/vZfwqJ6pKr9CWUaA7XA8lBydJC4PNjsYwVVJ84di\/mfLcQBmoGbmwSGMZqqlULvzctUVMDXtDyxo4XNYKI0vtjhaLGx2EXLA8NeY639JkABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp0="}
00961{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":186324,"pkt_caplen":454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":454,"pkt_l4_len":420,"pkt":"ePiC0\/vCAMDKkVoBCABFAAG4TU5AANUGMmE27xa5rBAq2AG70bLD2NZD8rhutFAYAPjwIAAAZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMBTQwAAUkDABdBBNfxDLu\/fO8UIpgoRlbpPueky6f3J8FL+1Gbd6ds6FyitXEjMdUbm9soSjhZWDGiQ04JzW2gKD\/tbF1A5TNBzJ0GAQEAu\/h6UKCFymy76TpuxDfYO4SUD74QnsciYZZZqntzMTf0joB1ij659ZhouJ5sL\/0k972\/0GI+IuVUeTChokGmO26SXTEutRq4WvaLIdBfAm+8uaCz+7zVpHWvO2vxlvh67usN7OFLdyM1Ay0CAeYyyc2ociKkQ8kI4+F\/+w2yVe9wJFrjZg8vfC3+F81WE7fYZB2DZnBfi6t930twTqSio23\/v9Fvr9KVyaMwpcGzTgpdiCtf1hEeGwLFZSJTPFcOLS1WDBmJM1HUFZBlPdfmZqkXLQ2nKH7iKO9Gtg6lMMs+FRtcONrIkIosHfro6GcX5vypq7smocc4UFzQbIFEMBYDAwAEDgAAAA=="}
-01149{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_tot_l4_data_len":3757,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}}
+01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":9,"flow_first_seen":1490976030894,"flow_last_seen":1490976031186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3549,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"firs-ta-g7g.amazon.com","server_names":"firs-ta-g7g.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=firs-ta-g7g.amazon.com","fingerprint":"A0:32:45:00:21:A0:00:56:62:BA:FE:E7:68:81:40:5F:68:7E:A6:86"}}
00415{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":187349,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7JAAEAG7o2sECrYNu8WudGyAbvyuG60w9jQj1AQAWLAngAA"}
00415{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":187654,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7NAAEAG7oysECrYNu8WudGyAbvyuG60w9jWQ1AQAW263wAA"}
00415{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":187793,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJ7RAAEAG7ousECrYNu8WudGyAbvyuG60w9jX01AQAXm5QwAA"}
00587{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":217659,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmJ7VAAEAG7gysECrYNu8WudGyAbvyuG60w9jX01AYAXkfRgAAFgMDAEYQAABCQQSRfABpCNYhi1oKaf7pxyEpIZPVkuLnqt\/QeVmQIWSuHfjNV2404z5WTjqD2yZecbNRt64le+XDaTP+iJIUZ79aFAMDAAEBFgMDACg53qQ+en3zUZj3jGk4ylYy+SSYofUy8cmZiIXulh+xAYDZhLlVqdvg"}
00485{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":273730,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ePiC0\/vCAMDKkVoBCABFAABbTU9AANUGM7027xa5rBAq2AG70bLD2NfT8rhvMlAYAPhkRQAAFAMDAAEBFgMDACi0WEPKdF0Yw3PvRgOk2k0PM5HWwu08mgCfNlAksTVHXONpk5gHI5Y3"}
02392{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":278386,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcJ7ZAAEAG6NWsECrYNu8WudGyAbvyuG8yw9jYBlAQAXkHuAAAFwMDCN053qQ+en3zUk1b55MEYeJtO5sPRI+WuM2k0JaYZOqCXuwLSobPUIT0Gt2Z2ZoJBCIF8KgkMc567K9PjNKt7R8d8sq3SOA10NUhCW4XatnTYoTL0ZgEgFpCh0sw3BOIJetK+nAiefRDIdyBI0A7RbQrZu06gUxBx26ckoEXNP7+NvgK02kOQBNNbjBJFHFeNNWVxtHZC904JQx3LCOzcA1g9u6XylapTgUKleU7oUpMGoM8hpWr1aGhvzA71yqn1sY1J0oUEoFTfTSdPuQA4msy\/ZutC7kpZfRO46BEqAH8KndXfv+Bu7M7dEW8cZIeSUC\/V0Z+krV0vK7QsdBywZEqbymzTIjW4d9mYWgcIoWZsYQLTJfTpjj4M56d08ZDd5pySkfG7\/9guShmzHLbxGaZSJm6tPQSzjEIuiyfat6qZtA11ScCb1LUChnwPRhEY\/pwqfI3cEuLOwe2C07xqKDLnbEJDdnjp3wcEtBDKjGv0+IPWcQzmxhojZT26yXpJG9+vniiYNUutf5aUB10MEL2Yb2g34CzbERijHnJCwDr0N2ZmzJlJA\/Bk8vMRb34IMLfs0fHCD4YOSyr+dbvFFXqhe0e2YLuSvhQcM1UfVI+9zMK314CTLAP8C\/xU0qEljalkHc2rFXwPKAi0h2GsJkgI\/3WUEXYws8xLG23+c3w5yUOTK5rK0U3S4s9k7GpHw1CCVSvH8lJG3OmMG9RDLY\/ZYAJM+5EgKitdt7Ibge3TiP8OdkU5qkLgRIEUuc8fxvQQU3rHBmC30jM5Mey\/8x1\/1+r74aDEAXB0ERB8n0BCZxYWTL1S3ELpzswJfRfTqKa2wuR0DoIgJQdBgg7rHp2VwZkWl0lY1Pj9F8s7TlEvEYyzqxVhfwPzawyXJkMQvSAM4CD0cOPDmUftawXYQ1N+bZwaKVK5aE2t8vJLPYZoSDff3b3HndZONDpLFblxaAWZy6UEECpUCDFkHj0K3OxsRt8f0WHtVp8xrLe3tV0micONBDTB1PIEMtBWK7mx64sQ8EChw+uAW46WTaEouN1zCFQErb5bBZYQvElfVH8WVLysftY5rHayn34Z6RTyLr9p4cEUhX8BmmqWvJewZAS6es\/UsH0BjLchO+ASRHPcM2JB8wRp7OcKkB6LmSnHQjcGp5cV6hc6FyoUn+XEJ1Tc5W5Euky42vT\/oEr5V26ugGaBh2U\/fJ8EUePzSKJL96YUiEybz1JXvxErTjAD27tsMtEgwD6hlNdIC8RFPTN3oK\/ZI1oHT5F0Ga2jrrkXmqIKlxvyyIPg3i0d2MhTP+aAcH5Ocz1G0EIeFihAmA6FpeBkCDDklC6N4yKO6p4Q14A25UR4kMB2QttNdpZHTgbimYJxp1GD+79MwhgLqpCQQsNfmovwDXEWaX87lwNDs6ys8ct3YSChYw5moMFH0d6QQI4kvtkoHAtpja9H7GES7+zjRBzaAGjsuu5ONRaJBxonRZGlBX\/E7LIBHC0stEhThTIs2Uo69EJd3\/Z3Sjj4QswAe8V5SvKOocdt5Rqfd4GbX8M\/qFqu2K7CYd4WwqSxmvsG5Iogx2Dt2ieKLuB55P6sgZxK88h7SucKcJ0gsJI4oEL9\/JV5MsTaGAP697WuMNBZn\/+bmJ1l6anUZwnajINRo5hLk0r\/82dYMGlVvFldPCeLHKSBY\/RQwjbmpWbur+5L2H\/LX3ivCNUOMSIt3fgeZnV276oHa6EaVcuurovTCbCacDPKf8TJ972Lg4fY7AiaE5dCoVVifP2voR5gnuCeFgKROr19YaoOKXFTxlP1TpnZ+Hg+7ugy+0E0cottZQaa1WrMlbxAUY1W2Zw6OOagi9SV+0h+qpu11YwxAOBnQNfpNQGvc0PV9QCDrLk+KMgD1nNOr4Z+ysYCza6sTU71\/Y79pSchW8QQiXBf4z7qQACUz6QeN8na8f83Lw="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1490976031581,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1490976031581,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":581495,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WlFAAEARM2SsECrYrBAqAaBGADUAKk94StwBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1490976031581,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1490976031581,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":687199,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0Y5AAEARu\/+sECoBrBAq2AA1oEYAUS8VStyBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAA8ACwhwaXRhbmd1acASwC4AAQABAAAADwAENF7ohg=="}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1490976031691,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":137,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1490976031691,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":691694,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fGdAAEAGyoesECrYNF7ohsGkAFBD6jbWAAAAAKAC\/\/\/L1QAAAgQFtAQCCAoA9kqxAAAAAAEDAwg="}
00443{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":750229,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
00443{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":750280,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACePiC0\/vCht1gAAAAABA6\/\/6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAChQCMEAAAAAABAXj4gtP7wg=="}
00427{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":773552,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMAtAAOcGb+80XuiGrBAq2ABQwaTMUP0xQ+o213ASH\/5qBQAAAgQFtAEDAwY="}
00414{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":774951,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGhAAEAGypqsECrYNF7ohsGkAFBD6jbXzFD9MlAQAVe0dgAA"}
01497{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":776443,"pkt_caplen":862,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":862,"pkt_l4_len":828,"pkt":"AMDKkaPvePiC0\/vCCABFAANQfGlAAEAGx3GsECrYNF7ohsGkAFBD6jbXzFD9MlAYAVdWkAAAR0VUIC9tYW5pZmVzdC9waXRhbmd1aS5hcHBjYWNoZSBIVFRQLzEuMQ0KSG9zdDogYWxleGEuYW1hem9uLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMNCkNvb2tpZTogY3NyZj0tODQ2MTI3Mzg7IHNlc3Npb24taWQtdGltZT0yMDgyNzg3MjAxbDsgc2Vzc2lvbi10b2tlbj0iZWZ0Rm1ZNUY1clRnd3M3bitlQ2RYWlNUeUhjRHlrTmwzTTFwY28zUlZLanluN3ludE9rSjZMTEV5RDVEeGt1bjJyWkF3eWlRVU5QSnFWbThvR1hOcUhtZmYxcE45WUlrTC9pVEMvV0I2NXg3OUVhSFk3UDdCTDFmUktlSFgzcEhXOGVtN0hSekN2ZHBhdVlrc1dGWU8wTk1lVnJQejFjWGVaSHpXcnozOGY3cUZYbDkxcWhIWXZUZ3R1SldrbEZUZFpnaWx0TWJjL289Ijsgc2Vzc2lvbi1pZD0xNTQtMzEwMzI2NS0yOTMyNTE2OyB1YmlkLW1haW49MTUyLTg3NjM1MDUtNzMwNDkwNDsgeC1tYWluPSJ1aVRyTWU4d1FXeXp6Qmwzazl5Q1BsTFhSTVNVYW1NeENZNlFnUDhrOXB3SmZwTUpPS1lYc3lRP3NrckE4QWFOIg0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_tot_l4_data_len":916,"flow_min_l4_data_len":20,"flow_max_l4_data_len":828,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1490976031691,"flow_last_seen":1490976031776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":808,"flow_tot_l4_payload_len":808,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
00424{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":844460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2EFAANsG08A0XuiGrBAq2ABQwaTMUP0yQ+o5\/1AQf\/MysgAAAAAAAAAA"}
02246{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":859817,"pkt_caplen":1400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1400,"pkt_l4_len":1366,"pkt":"ePiC0\/vCAMDKkVoBCABFAAVq2EJAANsGzn00XuiGrBAq2ABQwaTMUP0yQ+o5\/1AYf\/M8QwAASFRUUC8xLjEgMjAwIE9LDQp4LWFtem4tUmVxdWVzdElkOiAyYWY3NjM1Ny0xNjJiLTExZTctYmYyYy0zNTNhZjRiYWUwZjANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpFeHBpcmVzOiBGcmksIDMxIE1hciAyMDE3IDE2OjAwOjMxIFVUQw0KQ29udGVudC1UeXBlOiB0ZXh0L2NhY2hlLW1hbmlmZXN0DQpDb250ZW50LUxlbmd0aDogMTA4OA0KRGF0ZTogRnJpLCAzMSBNYXIgMjAxNyAxNjowMDozMSBHTVQNCg0KH4sIAAAAAAAAAJWW3W+rNhTA3\/NXVNrbJAeDY8B96207rVrbW91m2sM0IX8SbgAj27lp99fPQBMoEF1NSqLY5+fz5eNj397c\/n5\/9XTz\/PDb\/et29csVREEE\/SdMrkJ4DaOrl6fV6ralrlcBtzbACZYRoE2zrop67Wf66TTdUAV+6LdhWunaBTcV\/VfX9xWTJnt0a+fUguBJXBB8yy8ItruR4IvWe2nK98fbu+zBXRCcVBVVHmAaIwVsI+m+qPPH+7sshvDNf9d58YGkscACKPqj4Lpe+59+2sfdTtgghCmKQNFQATqiqfMJkaANJp7Y6VoCI11R00so4TFUXpg9y+OTZkUp76Q3LNf2xxTlOKLxSesFdTJEKex9W7TLyoN0WrtdIOOQUdCOt+34hRbGJ2TrdQ+ZGNEpw\/FA3+q6ltxJMbBcH2pn3oOQEBy2AaG3TNbgz9fB+AmRqYBt7qZyqesAEZikINc6L2VW6lwPYlUW+c69OuoONojTGKFWRz87pGtHa2GBMlIGUYJJ0jJ8R5cJFKYJbolaH7OmpO8+BYtgwiLFWrCFsoYe7GiHysI6G2x4ghE47gonPVALOnG\/pxjHEvm9EYtMdbAFD2AcJwz4HKvCVNQVuv5C+T43Pn0iu5N273Tzv9ZsKSul+7ts4+G0kf\/MVqdsw0FjikoCS+1uKg8jFqKfaG+0cYYWbqY8lFGIwVelpBmt6ot9ym5CwsklQ8tL8CaKGKg1oMYdtdlP5QTBCM3MX0gjSekGg25\/+5Nzru9ezjHdRDNlP80vVywUl5ZdTJyI4oiDvvdlT+1U9vipXGrtClXwLk82QDxhEAh9rI\/UiBtj9HGoUa2ZDGAYYl\/FVZ4d\/bpM8p2eEGHCI9URlLdaM6HdFCEIww4RXadaUhMlUogxM1eDUgI3gy8LgBI8GrviaDNBMES+WZx1zIE0VmnvR9fx\/e1xbmlTMkWEjq0tRJWKNE7HUc0Nkg0nvdPtwfY\/fH+YMYpADF5ozb1HZ8eavgFnlRajEu8WMIVY8ikKenjjbfEMmu2+KEsbRFRhDLpWMyj5kLFYMgSsa\/uOEc+j2pmhKiZEgj7KGyGMtGN1pZSNdwojCrr\/WXXwPe\/zRWObwl8RxnuEIgJBN\/ThAW1onftLsf1f9ef5fMTOa5AkCQSlpsLH6ivDZmI\/CvWExUJFCnwMQW7kO9CNWwCJQlAt+xAtmGec+oY1Mj9WaXx\/twFkxN+H\/QgcJXU7acbB91SSEixPVLuVc4RhxvgY6R5SM0ww6G9rW\/keB3a6OimdOyb9Y0yAtvhOSv2DLg6jEA2s7zbKb33L+rtISNs+FNo6eGi38Ix9hBUonIhwEiuo5bH38rt3jiRMnd+F3\/37ryxYkJLQnxYhG\/tpmvnDZ70HTfd2PI+Gt6NtaFDUQr6td64qV6vn++1fX7\/9cb36dfUfPnBO\/LMKAAA="}
00415{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976031,"pkt_ts_usec":861847,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGpAAEAGypisECrYNF7ohsGkAFBD6jn\/zFECdFAQAWGsAgAA"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":147,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":147,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1490976023267,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976032,"pkt_ts_usec":762979,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGtAAEAGypesECrYNF7ohsGkAFBD6jn\/zFECdFARAWGsAQAA"}
-00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1490976032763,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1490976032763,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976032,"pkt_ts_usec":763274,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1490976032763,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1490976032763,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00469{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976032,"pkt_ts_usec":763299,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWePiC0\/vCht1gAAAAACQAAf6AAAAAAAAAeviC\/\/7T+8L\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHvkAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/0\/vC"}
00422{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976032,"pkt_ts_usec":852924,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoMplAAOcGbWk0XuiGrBAq2ABQwaTMUQJ0Q+o6AFARAH+s4gAAAAAAAAAA"}
00415{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976032,"pkt_ts_usec":855148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofGxAAEAGypasECrYNF7ohsGkAFBD6joAzFECdVAQAWGsAAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1490976035502,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1490976035502,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":502440,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"AMDKkaPvePiC0\/vCCABFAABWWlJAAEARM0usECrYrBAqAVwHADUAQq4NgPsBAAABAAAAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAQ=="}
-00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1490976035502,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1490976035502,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00609{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":549103,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC20jNAAEARuwmsECoBrBAq2AA1XAcAoid0gPuBgAABAAYAAAAAEGNvZ25pdG8taWRlbnRpdHkJdXMtZWFzdC0xCWFtYXpvbmF3cwNjb20AAAEAAcAMAAEAAQAAAAIABCLHNPDADAABAAEAAAACAAQ0AM87wAwAAQABAAAAAgAENBT4ysAMAAEAAQAAAAIABCLAPyvADAABAAEAAAACAAQ0ynf3wAwAAQABAAAAAgAENq23qQ=="}
-00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":66,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1490976035553,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00708{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"cognito-identity.us-east-1.amazonaws.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"34.199.52.240"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1490976035553,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":553389,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JIdAAEAG55WsECrYIsc08JXbAbv9XGi0AAAAAKAC\/\/\/OjgAAAgQFtAQCCAoA9kwzAAAAAAEDAwg="}
00443{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":610272,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7ldsM0X8G\/VxotaASaN9A1wAAAgQFtAQCCApEF1TYAPZMMwEDAwg="}
00431{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":612740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIhAAEAG55ysECrYIsc08JXbAbv9XGi1DNF\/B4AQAVfXJgAAAQEICgD2TDlEF1TY"}
00739{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":616784,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"AMDKkaPvePiC0\/vCCABFAAEYJIlAAEAG5resECrYIsc08JXbAbv9XGi1DNF\/B4AYAVcMvQAAAQEICgD2TDlEF1TYFgMBAN8BAADbAwP73M1sxI2HkRgH8V1BL3eSUwWF+lNvBxlDQftlXGYrfgAAIPr6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAksrKAAD\/AQABAAAAAC0AKwAAKGNvZ25pdG8taWRlbnRpdHkudXMtZWFzdC0xLmFtYXpvbmF3cy5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGGpqAAEA"}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_tot_l4_data_len":372,"flow_min_l4_data_len":32,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1490976035553,"flow_last_seen":1490976035616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":228,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00431{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":732914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KgNAAOsGNyEixzTwrBAq2AG7ldsM0X8H\/VxpmYAQAHfW9AAAAQEICkQXVQYA9kw5"}
02376{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":733287,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcKgRAAOsGMXgixzTwrBAq2AG7ldsM0X8H\/VxpmYAQAHeC4gAAAQEICkQXVQcA9kw5FgMDAFkCAABVAwP7nSxwqhrhC8hj3aebOC2aiUEQYFfw4zPSb3qj1v1bOiCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxcAvAAAN\/wEAAQAACwAEAwABAhYDAwt\/CwALewALeAAGNjCCBjIwggUaoAMCAQICEGwI7BVOWmitZ3sRtiZfemYwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA1MjUwMDAwMDBaFw0xNzA2MjIyMzU5NTlaMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjExMC8GA1UEAwwoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEVyrTia54iSkmNIRGZmxUNEuVY3MLSjObtHGMkw7JTq\/1eTc0SyWtwbLzUTEJE6lkpr4Z0yGlUyPs8tIIwEu1VABPNFNfOBuND80no464s\/smspX52u+dpEygzue+\/PZtYZu6y1Wp9inNZvnmHP55j+6091tVGkUiojxzlwtmx99grexjeBuvonQEOqw\/m9YhKDaEqQe1G8FQjT7GXFyl1Ur55CUl4qzK6T4zs1A7ZkkJzePZkqTGIS7yl6IpGbHkgCS17JuQBRa4Kx9tUUYNOP6SAQhncfthD7WR+8IQgUVoBT2kSd8tkb0gi7fkTOevZaCw60d14pDtXm1LZCdcCAwEAAaOCAqUwggKhMFMGA1UdEQRMMEqCHmNvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbYIoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVOjycDwAAAQDAEYwRAIgeRx26qlwGuyp5CZo6169qfCP7eBBq6wgfiBI8uf2ZXQCIAqZ+8wMSI3anvAs9qU2W0DX8hQHMYVBeJlmWOyt6OGPAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFU6PJwcQAABAMASDBGAiEAve+QSBc5nvjPJqYTbvkGkXTBlRpeoe82E9AtfBA+co4CIQDBquBi8+PV+5ofABQ7Q0wr+o+kmWFNed+WVgrlsofBajANBgkqhkiG9w0BAQsFAAOCAQEAoRTuYjU="}
-00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_tot_l4_data_len":1884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02388{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":733705,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcKgVAAOsGMXcixzTwrBAq2AG7ldsM0YSv\/VxpmYAQAHcMHgAAAQEICkQXVQcA9kw5gHSg6uLkzhbMvP38DorwCrBJ7tYjkxurspgkr9umwjIueJqITvY2CdnPF9ymYw29XOZiddB8omiDeF9PGl\/be\/oZcrTLppLW0vre7mvO\/NZKoK70UhxYBxqk\/\/wM5ZAXRkZGVi8S5TOiwvJZC25SGVgnuMd+zBfqfFp0CW1XoH6www1AdkELDMRWZikoacZHN661AMavapsPQ20yzXEwfWOZUvGcgVcugYZReoabBe4LgIPpGnGRoXw7qzLbrqv7CgasfNOUXNnZ6rdJjndgVL\/duEjtSIuR\/6roDFhD6BbAUFaJyg75DaN4oGJcRPk3gWnVUxE4DcUGrDsABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeM="}
01101{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":733821,"pkt_caplen":559,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":559,"pkt_l4_len":525,"pkt":"ePiC0\/vCAMDKkVoBCABFAAIhKgZAAOsGNTEixzTwrBAq2AG7ldsM0YpX\/VxpmYAYAHeRfgAAAQEICkQXVQcA9kw5S5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMBTQwAAUkDABdBBO0dlRwvj9UJ22v+tmXv9gHabrUVy9uJLKy\/2wSI+eBGhAKsO4Fn\/0tnwgTvneDo2LUhN1iKDsbVWJST7MBvJo4EAQEARzH5fGgmwf8skyCeOmIaBQEZQqq3FRgS6Bhh2q4tF2RBZ+LZsCJzrxloz0zMXzh4twd6HSPNDKsLBiTuyef4r0U7W+AdmTpbJzwcW4zxfdqheVZNKkmzvRM1FoSve0uBaJvoyU5BgenCY0SwzTU9LAtlf+lGdynmbfvso0qiUhX4LNSSu60\/0WmMcNWNu6Z0Sy9IS3uuF5Ok7+x3Y70EO2yrIivRpbuRGYlUDVtqbB3rLxMREtxGCCuRMOGjUriLPnWG4FWZe4sf2fGmlRTKR5ydwPy+WDhxiIsRS3\/6FRyczGmi+E8jMvcCKjoX6vvLYVobArr4dUfEUaoaACC4shYDAwAEDgAAAA=="}
-01200{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_tot_l4_data_len":3889,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":486,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
+01211{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1490976035553,"flow_last_seen":1490976035733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3617,"flow_avg_l4_payload_len":452,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
00430{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":735872,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIpAAEAG55qsECrYIsc08JXbAbv9XGmZDNGEr4AQAWLQVAAAAQEICgD2TEVEF1UH"}
00431{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":736148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JItAAEAG55msECrYIsc08JXbAbv9XGmZDNGKV4AQAW3KoQAAAQEICgD2TEVEF1UH"}
00431{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":737985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JIxAAEAG55isECrYIsc08JXbAbv9XGmZDNGMRIAQAXnIqAAAAQEICgD2TEVEF1UH"}
@@ -209,15 +209,15 @@
00503{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":851188,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ePiC0\/vCAMDKkVoBCABFAABnKgdAAOsGNuoixzTwrBAq2AG7ldsM0YxE\/VxqF4AYAHeWcwAAAQEICkQXVScA9kxGFAMDAAEBFgMDACgFksZRRM3rwwhubGkXNUPrc959OkrTfBCZxirVPmCm\/4th2FbAogMZ"}
00431{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":889957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0JI5AAEAG55asECrYIsc08JXbAbv9XGoXDNGMd4AQAXnHxwAAAQEICgD2TFVEF1Un"}
01393{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976035,"pkt_ts_usec":936329,"pkt_caplen":773,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":773,"pkt_l4_len":739,"pkt":"AMDKkaPvePiC0\/vCCABFAAL3JI9AAEAG5NKsECrYIsc08JXbAbv9XGoXDNGMd4AYAXlCLQAAAQEICgD2TFlEF1UnFwMDAr4AAAAAAAAAATfJNPwQcLlZX4judbcQgduxM9Q2zsByOrZWZ0Q5aRNkgfLOXPdKjG4bi70F83qCt6i4PUVxc1mSOjYIth1mOLxecz0hpwfF2n7j9xwl05WuMcAxTi8+k\/hkEP3\/mVul0eqvo6qXWv5YH6n5bpzjQf3I\/gX6YyCzUeotAU6zEgwnHdZXgcZX8gHKPt2OC062Ytjb\/7IWHfBFnPaFFC8C1WSvGlHFgiodSa7hPQRJXiuShdFAE9AhC9UD8IC+YyoTpRZijvUfEvRpE1TmG9eX9rWYRPwkishc8KXc+HU35fJaZABdgWmZajwl8PysfP5yX1fyxYemT9RI+a3JsoeHU3DFbeleAoiS5rFltrJc9RKD0LbG9VZO5ZcTk9OXRukURY+YnetLgSNL74Tn1QzHwAUYwn7vNu1kvOiXqANu+vLlRGcI41bZ8Hr11\/Ned1NTgwobDkZKqsrzVm2ecvNtxzDHtw1DQ+Ev+4uEyXI4mM2yZfXF9R+VMJtlIlb58eMJ\/kgTuevgmqTOYuaBeHg8lj6gzMX0tgc9URTBa0czZIGdEZeGa2b8xCol7obpxf8WiNp\/NK+SQ9AD84Zh9j8aonMYjmAwalFaqyg9D6iecp3KhjE7kzrAekUpHNBH258LCBUG78CU5TPp9sJDUzmx\/22pJ\/TGKVb5y2lrvCQV6L8pccrPTMv0j53zWCRD5gXFCEsx5lp6PoEqmgwHwNMzS8INu\/hUZjMxo2CjLa1P4r\/8P\/SN6q9WwH3JF8jWKW\/WKkLaG6Cqri0PPfxKWO17OT\/8UKuDgFGgySgYt\/A9bvZVDjXoo+h8xmhlp+aZrNdPtuggoUwCNRSLGObXXsPsJQNHPw10A5zhwZaUw4Pyx37q26UHhfNWYVoVE62R8v2G23AOpdZCxGzEK13tMsjA9Ge8BOJgDqU="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1490976037754,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1490976037754,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":754217,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8+KpAAEAGE3KsECrYIsc08JXcAbvRHbWkAAAAAKAC\/\/+tAQAAAgQFtAQCCAoA9k0OAAAAAAEDAwg="}
00442{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":803932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOoGYhwixzTwrBAq2AG7ldw4CtRs0R21paASaN+cagAAAgQFtAQCCApEF1cYAPZNDgEDAwg="}
00430{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":807519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+KtAAEAGE3msECrYIsc08JXcAbvRHbWlOArUbYAQAVcyugAAAQEICgD2TRREF1cY"}
00782{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":809016,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"AMDKkaPvePiC0\/vCCABFAAE4+KxAAEAGEnSsECrYIsc08JXcAbvRHbWlOArUbYAYAVfzMQAAAQEICgD2TRREF1cYFgMBAP8BAAD7AwMVuDHoPIxY5YbdWtXfttgnszJ6dj3kr1us3m0FTwAhaSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSOjoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACLq6AB0AFwAY6uoAAQA="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_tot_l4_data_len":404,"flow_min_l4_data_len":32,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1490976037754,"flow_last_seen":1490976037809,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00430{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":919951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0g1VAAOoG3s4ixzTwrBAq2AG7ldw4CtRt0R22qYAQAHcydQAAAQEICkQXVzkA9k0U"}
00631{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":920091,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"ePiC0\/vCAMDKkVoBCABFAADFg1ZAAOoG3jwixzTwrBAq2AG7ldw4CtRt0R22qYAYAHciBwAAAQEICkQXVzkA9k0UFgMDAFkCAABVAwM1Z0I3hU8\/U5RQe3Z00c0obd2iFFa8QOesy4Iwo9B3hyCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxcAvAAAN\/wEAAQAACwAEAwABAhQDAwABARYDAwAoHdMKptQnk8A3bs848dNLbLMTjoBCy7OmsLLWnBReSU837AUN6aAoNg=="}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_tot_l4_data_len":613,"flow_min_l4_data_len":32,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1490976037754,"flow_last_seen":1490976037920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00431{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":921465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+K1AAEAGE3esECrYIsc08JXcAbvRHbapOArU\/oAQAVsw9AAAAQEICgD2TSBEF1c5"}
00501{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":922485,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AMDKkaPvePiC0\/vCCABFAABn+K5AAEAGE0OsECrYIsc08JXcAbvRHbapOArU\/oAYAVsZFwAAAQEICgD2TSBEF1c5FAMDAAEBFgMDACgAAAAAAAAAADqIrS+IxAYMd3f9R8MMx7aKyuOPjPbmgk1vO7jUBOWy"}
01639{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976037,"pkt_ts_usec":950333,"pkt_caplen":950,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":950,"pkt_l4_len":916,"pkt":"AMDKkaPvePiC0\/vCCABFAAOo+K9AAEAGEAGsECrYIsc08JXcAbvRHbbcOArU\/oAYAVtTGAAAAQEICgD2TSJEF1c5FwMDA28AAAAAAAAAAX4iKOWaOYzEWjVC12xtgVX5tL7v\/xFudEeQfoO4Lb4n\/bgNL2oMTQpmJ7qfaTR3s6cfGkREyWmf3M6mDyJofCoPMkAWe2RmmUctPEr5Rih9UDp72zW82PtVvWHXMdantdQThrSpUTj8VlQzeeM1J\/Gev8LqIMngfgW1YJiczv1VRI2HfIyHDaABBA4r+k9fR3ao0HuXY4xRgd3Z4q2O137N+y161UOf616LmotS7OtrpIKNgVGWxUdJr\/1kQoHvg9fjP3bkyO05tjP8EoTKeY+J4BHCd\/Ka\/1YfkEGj2dsoLwML4pWgKeLNxb8nwdCvXP2pOMhGypmku1Pg9UmpfcsUv4tfETty\/N5fSreFe7UrJY4OxxvVKPs1FAJeefSqNbcXax27jq87iz1zUF7wj\/H9yzqZX5UzOFs+YrilSviPhYKuRO9y3wrNG7mTIWUGwD+dkbilAVXIigaIxv4gOm1HxCPol9MGXwyvGOuvk+bMZhzyW9WhsGY\/e8fW2TKgKXbXZV3V1\/uxAV5y7Kq0Vgd2GXpy\/aTnB4zwzE50sj+V5AXERE\/fr31kuUPjOB7MovP0gKHGKIZNghKvKDY0Vocs1IfISPsf3XGAtn0Xq1konIhr12zKXMpfMLBc2NTSSEa5X5UdT633g3ZfMnQ2rPgiIVj6Y9GiaAm6\/8A5DoLi\/5Fvdn+vPJroJbpTp091xEW+vVGqimvyKmn1f5trWvQIEyL3ICaRihUwQ1Z+IDjK0GaEo+nSl2PbWuC+jLb82xXQeJl7iq8wnffZMD\/vEw1m\/ZECbmsWZAsaG6CnQCf4\/rh6bx1Wk5yZLoFjLjpVVR8oZFCcw6BFFtRn7HxivuK5yf8I0+NqNI7PkAe4RWTZAqtmzL8TxDM9SdlJZOllg5KlwIjHQuiHWSdWeC96zC\/9rhaV615\/SHGnFFjMbASsdmBtUFohK1f1A\/dIu2q+RzAYfPB2SlvRLPPhiPFPndgEV8mc+EyoD2kVSgRk+4Hcw\/ode3ltXpqKoHIq6VzaOrxeWXWljggJ5ZLxuTVmCL\/OQMVv562X\/eMZKM13gZzwxFyLjj+jPu+TbHzoBA2x3SRQqOeFFFmAbjLQ6y8Ip6bY18cFrYgQbP3O3cF+T6BXDZ\/9jpoHGQbkZoullE\/MqQ5CXjrQe1w="}
@@ -225,56 +225,56 @@
02399{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976038,"pkt_ts_usec":46875,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcg1hAAOoG2SMixzTwrBAq2AG7ldw4CtT+0R26UIAQAH79hQAAAQEICkQXV1kA9k0gFwMDB6cd0wqm1CeTwfY\/6JqyyzHrmdsLSnyZzhOSfv2LsdCUUJnNTH+XPQKbBQ2tvAu7r6dyvvutFzfqhbkSygyg\/\/GKW7cGxYQbVw3MEjWtUM4Tum2FLNieBczvn6QouNW2wKC1WQb5sLqraXSOx+eeoiYVpDRUT92wi\/u\/QRxNxJQo95Xtxr\/kxVR1HMnbkc9VfJzNnc3K6w3BqdNUjZVcmRXyUDZtiDGh0vZKgdt\/PLINAih82YlEWsB0TRlnlTziQhbMrcmmoQODK7WzmHD13Apo6iKSNRH\/x37EsC044TvxijZIxkY7ctmTWRYq42FcEGQ51NRYBU3X4bchK5koWAonemhAy9RvS65SrMEEXZPsQ2iWd\/swlNigEa2xo8rDQvQWov7kNOQwmdiIJg7H9CRV\/npyNDRqnxgMPvEj\/aDDNX5ZNl+xIKvu9Ae11jSHPSF+ireIzar4KYAFMHmORkdvpkdw35eyfvfEUlITxgA0TS\/Y9XhDniO76SEvgYUOfIRWymr19vkxXOQDjBINkQwc+ddrk7d68pb\/lNNhJX13mBVP6QhjQug5eIx9aeB+hqMysKpCHEwtPMiBaxwIFVuPUvjJxTgtKP8MusIAv7mg1S0CYeSfgXFEznAUIdPc3\/JH0C\/mY3U1eh\/xLpHxiJFMZjDTi3P0EE\/wdQu9b1v1qvkCGsJ18uEQpIglMuT8unuToP7qaNNdk+AKwIrkMjhlEk+1WqFY3pvKXQCQLQP\/Y09z89oTE3N8bHBw+70ZO127chGl\/FUea7RreUPTa8zphcyHpbytMJGVehOYJiLxwyvpzFqR47VjKr069k5Q8LVXjOb7R31sxrkh6EpS374GRtdobeFV0ktgHbC8m8xEmgil0wdYPzXm3zhkifuiavWmayn8ub1xcJa2bZslHQ5OVRb3And8Nrxk0Lribup6zZmy922AZSubnydPsNUoefNKBPczwT\/fpLHYQARM691wIOC+RKKp8WHWa7eKhljlZlHl48LgxMPlDW9Qy7JRArW1M3mkKjULx1dB2oNduDkt5WbRvNwoVm2pq2W5kzMTzdg2Nzuz8OlkVl2r2HL1i\/rzlan9TLLYDjiNz48ymhbvpwjmbigcDScJlTbjrAZ1lfB7KNEhOig0QNVfgi5\/z8Yazd9waUNKBYf8TS\/g30wRT0axvgTRDT9EVXjOEF1NfqjoaXoizF4zpd0SQrm\/\/C\/17bMXjOSwNTmKM7pjDTRhLOefj61jt2MZmlqZb8QpZVOVLFIO4FgbzOY4fGnjC1S2E2Hwr6pV+N74S1PC5OoOAV+WIarQ3TYnVhaYlC8KKf2WJDI4bLFkQtp2lgc+l7nUlcdt6DAjMWj5nTY97dl0NBtDqogxxjZ4zwVjQUaJFihzj8t8tOgJDPAVkcQMZ+q9wjhC7hQby5uw0hjwUO8Vjns5a8i3ChK4QTcyLJb17rfxmlYY7Tz024CJNtcR1NHjFrop8P9WbwAZpoEsOQ74RfUB6tnR8GF3\/WNigdqjMafx6\/nP1ZQDfUfwVCe6tALPsI44GibGmri5gPf+FClyufHY+FfwuQoTneiGFEw1BKs5D5GV4Wxsj3eRlkUPx+zCUAJFFZcODgT2PNbt+9xG5jFW4ZGn9bg0UjLcG4XsX396srOOxOgZ+qdU1M2GWJ7WGcnrI1W2XNrW5KP\/VJImR9+BGs8\/SXIkZ5PU6+U5hc1S4rMBOuXqrVIG+ofg3zinxUjO4JWC8Uru1W3YWs15IHEQ7yb4eVlvrvkUms3zifNeI43JEVoNpm+TDY6d4SPFpvyk5cOM5kJNGGfCvV7KXaUooWS1RxdXtKkbASn06nIT0KCWh98PPpMpU3bPNwPp3L37+nPipTCC+i+yfZ1sbdbHZZa\/uBZHOjvQJov+uxBK42jVedFpFU0q8F8EKdAvhF8="}
01129{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976038,"pkt_ts_usec":47022,"pkt_caplen":582,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":582,"pkt_l4_len":548,"pkt":"ePiC0\/vCAMDKkVoBCABFAAI4g1lAAOoG3MYixzTwrBAq2AG7ldw4Ctqm0R26UIAYAH70UAAAAQEICkQXV1kA9k0gccx9r2ACg3Up0sx19Ck4Ty5UJP67\/vfpvGVCcHiOr8RwlVlfJM8T6YpWKaRU00yurVRjjCp4M5NNGc8XKTk8ZmNsAxvJp+d37naVPUwdktMDNzy68j3yOj2otTs6zSSrL6DeqxTW91SSWhXqOWOnQo3vMcEOhAFIz8+AO3EdxeouTvpz7CSNBYWzB5gH7oceADKTgQlrTtKW8E9VYsCI4YBPJHj7o6GxQKsQ+by7yP+UGWBlP6Bz6peBnanF5rIQWoJ7ig23OqChTdexeDSU9HE5lbl6ID6rDi8dQhnenUGZjMOEQ4G0RkxiGI1K2BhLaF\/nvfzCvscmyMaE4odOv1yTR2INpLvAUBK1Dx0AmYKHdF\/vUneBKy\/TXVhCzUT8sciFi3Fj+CpyLD7q4krOh57m2N6PuOe6JpMsP0drWP1K\/SOkj+PwMWaV8kUaadPXrqv2LZi9+pqbxESwJKesPstp8M2H+euAkR5fUMJe1rQjWPSQNtc\/7iI3xNZhDCNt7vFnwBUHSvgydL78m+Yn4lVYIXU\/5QrJrm1ukuH0jekf8Be5tPsj+CosnDhQE5pWtsY2PsgEw+fg\/gqhD547gOxY3DLLroSzCHZbH4lucuNvhzARKIWePfTfECFXgXm9HtJiuRnZXzRQqxRAkuLQxQsjamMK+Wbxwurv3h4DQsEfYfHQ"}
00430{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976038,"pkt_ts_usec":48809,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0+LBAAEAGE3SsECrYIsc08JXcAbvRHbpQOArcqoAQAXElXwAAAQEICgD2TSxEF1dZ"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1490976041150,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1490976041150,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":150466,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWlNAAEARM1+sECrYrBAqAdZmADUALY4\/ocgBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1490976041150,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1490976041150,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00470{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":151487,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR0jdAAEARu2qsECoBrBAq2AA11mYAPRDBociBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAUABDRe6IY="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1490976041156,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1490976041156,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":156517,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TnBAAEAG+H6sECrYNF7ohrJdAbvhYQATAAAAAKAC\/\/9vSwAAAgQFtAQCCAoA9k5jAAAAAAEDAwg="}
00427{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":212203,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwBzRAAOcGmMY0XuiGrBAq2AG7sl2f4NcN4WEAFHASH\/5jwQAAAgQFtAEDAwY="}
00414{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":215822,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnFAAEAG+JGsECrYNF7ohrJdAbvhYQAUn+DXDlAQAVeuMgAA"}
00696{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":217250,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3TnJAAEAG98GsECrYNF7ohrJdAbvhYQAUn+DXDlAYAVcoRwAAFgMBAMoBAADGAwO\/f09SaeVtExBhd3Gv\/ERXGLhlRtygdI3ZdlzQ0IY6FAAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGFpaAAEA"}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1490976041156,"flow_last_seen":1490976041217,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02380{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":278804,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfVAAOcGkFk0XuiGrBAq2AG7sl2f4NcO4WEA41AYf\/nzkwAAFgMBDLwCAABGAwFY3n0prRqzn+uUe7J2SGc9ycgvCdlpITNiR\/tB85Rx3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02382{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":279162,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcCfdAAOcGkFc0XuiGrBAq2AG7sl2f4NzC4WEA41AYf\/lbwwAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00886{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":279232,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBCflAAOcGlLA0XuiGrBAq2AG7sl2f4OJ24WEA41AYf\/mxKwAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01427{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01438{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":203,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":7,"flow_first_seen":1490976041156,"flow_last_seen":1490976041279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00414{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":281352,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnNAAEAG+I+sECrYNF7ohrJdAbvhYQDjn+DcwlAQAWKnpAAA"}
00414{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":286136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnRAAEAG+I6sECrYNF7ohrJdAbvhYQDjn+DidlAQAW2h5QAA"}
00415{"flow_id":28,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":286407,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTnVAAEAG+I2sECrYNF7ohrJdAbvhYQDjn+Djz1AQAXmggAAA"}
00860{"flow_id":28,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":289068,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFuTnZAAEAG90asECrYNF7ohrJdAbvhYQDjn+Djz1AYAXn5XAAAFgMBAQYQAAECAQAtzgORy\/g0g9vj2nHseW1WiPYwT4NhYLZDOMBm5MwopvvT6unfvXsWITHkcQBQ36M2UUO+dc\/0G2ILvmjO2zj78a3B8U9KL8ypPVL07jTTphRDvQ8Kf7ABFi4qL+Rv+iPgxKYp6YX5n1w36B6667LHkNCOOxvxG09MjDdzSdEnvNDtM87TdbjSkpGoS\/7R2LjC7Pb4759uDYBg7PUE3W5a6NS81NkWbHUmOaezy3fpfqOUvPgVsr3vOkgp940tmhXIobGeK0HN0jpk8i4xKJ6\/2E5cc+EYCUN\/9UvXrXCW7Yo+w1vHTmGyMYn2XLRcDsqSFZpeEcz8xHXI3W6M7zU4FAMBAAEBFgMBADDVDr1gu1wRttkhVNFJG5m0o0VRbOIw5nMFfmFU5flHVAYzqmYBp7fx\/y5SoL4pZTg="}
00424{"flow_id":28,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":346140,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoDFhAAOcGk6o0XuiGrBAq2AG7sl2f4OPP4WECKVAQf\/QgvwAAAAAAAAAA"}
00498{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":349210,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjDHpAAOcGk000XuiGrBAq2AG7sl2f4OPP4WECKVAYf\/QnqQAAFAMBAAEBFgMBADBEgj5BQlmqnjck6gJV3g3MD77DFNz8x0Ta4FpV9OmMaRgBcq5cWGP4bkCGZehVgXQ="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1490976041384,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1490976041384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":384197,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807JAAEAGczysECrYNF7ohrJeAbv1uZ3IAAAAAKAC\/\/+9JQAAAgQFtAQCCAoA9k56AAAAAAEDAwg="}
00416{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":389821,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoTndAAEAG+IusECrYNF7ohrJdAbvhYQIpn+DkClAQAXme\/wAA"}
01893{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":398164,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"pkt":"AMDKkaPvePiC0\/vCCABFAARiTnhAAEAG9FCsECrYNF7ohrJdAbvhYQIpn+DkClAYAXlFJAAAFwMBACBWeyzwMUIxuTS3EYK+r1KNk5zBXWTTCDBiRf\/exwOP\/BcDAQQQEOkjUEfxZD7cj5q98qZB\/VbRXromrwu7xTF1JPZ6IwVnFksbUYwa2rZcw4uE1KFPADaJ7OTfAe3c2xFQKkonXC+EUeptu1NlGDzpw4TlBkC3jBIvDwDjaFU2TK0IbQ48\/Z9jmuwB4H9P2AdE8j4RgojrtXCA6szky21LbyxtG3Pwv5jRAL1J0O73de9g2PFayrFGAKuoK2P\/y88EEa+\/pik3RmuBNdwH9C8Q0tSFLbsltH\/OyHJHnBqeXrgLt55ruANRtVvTZSriQsnEUCLd2hOQDxk1S5jOanYnjKdWQCeholwtryzdhqIL\/R0L2AVNABGffaHl\/7ejBl9XIIhhY0bVddpHQfYy\/T59dfPjKZZ3F1RTJbG9ntREnGwJEhYzaehmoJf1ukhlgp0LNgCro1RjSf2msdB8TM5YpkdL\/+keBnliovzDoT3CvwJ88kFuT\/PSH+d4ADkbjwVUUAMhzhdAGqk3+deoeOjAqG1tKJyTFnT2EGu2HtBSACi9IRN7G6KbQEVVyV8CcdbNq9hgSGv5pXLj+40yd8IRdcbJ6wxY8MO2O\/H9CSDhP\/I0RM2VAHQHsVjKKZqzbjR1NLZZqXSC31Ur7z7\/95ewD502tRMD9TEnQzX7484ZYvs3Y3Xy+Bq9BouyIcn9s5CSCYj\/SmwLesYGLOlscw4vO0WWfeL2yyWflboy6nfnD4wKx9DX6N59qUqgozN6ujalVm+CobDMZaga0b2JQEl4EjQZ5i7mBYTMRA+lPgAw667ea8uJoIwg8eYJiTQktN+BzkekDWWd0mUGC2stqODn1CKgqSxJJ\/hbPsI2DgDS3Q4SEO6O\/MzFDW8J+n9jrfe5pArFBj9WIaEtzJ26Ugp7WENNwZnNMaozIHaFaLaaCuuDbh5xAgBYGJreqQShj4OB6GiflaQhdfRDBKJhdWRykk8ej8+LDqkDtkd6ly\/XQsEkpRDp8iPd3rU5KflsV\/9LoXST00kvkuczWBSkYcsh0BMcHOgA2U6bRRGkWXKmr\/TtYwRIwSWAfjd+wkbHH1tpGjlpz+hx0aTzR2dUfocMAjsEYjJ0NHALL1HCFl\/aB2WYC8HH5+2lFgbxVne1x4wNLWtwBG08fZjJFlw\/FsF4fCw1\/RCxumWPTDCoWLG78SLssmas8HwWsm0fcdA6EdAjFPMduNMSu2JMvJR5DXkYZsLgK2hyjeaVzNFtSFtUIXqNgw3McS9PXyEgFeBvtu\/Q8IFGL\/jjIac7Y6blGU7gIgz4DSQ6KcUoYlKQVUNvEGaqe\/FAU8HXJhZj9Mq2bwnrP19+pA7wvtjce1jYZTJ\/3ocs6IRWnkkbHj8KXOlW4S36S9GwgB+eLj9cvI+ZpGODn6up71quuUcxM2DgchZU7OaG8co="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1490976041400,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1490976041400,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":400900,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ul5AAEAGjJCsECrYNF7ohrJfAburivQiAAAAAKAC\/\/+w9wAAAgQFtAQCCAoA9k58AAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1490976041428,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1490976041428,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":428918,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G65AAEAGvmusECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/V3gAAAgQFtAQCCAoA9k5+AAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1490976041434,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1490976041434,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":434841,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hqRAAEAGEYasECrYwKgLAZX3H5Abo8jbAAAAAKAC\/\/+78QAAAgQFtAQCCAoA9k5\/AAAAAAEDAwg="}
00422{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":437012,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QlfcAAAAAG6PI3FAUAABzNwAAAAAAAAAA"}
00427{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":439512,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwm7lAAOcGBEE0XuiGrBAq2AG7sl5u82R89bmdyXASH\/5VMQAAAgQFtAEDAwY="}
00414{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":440529,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07NAAEAGc0+sECrYNF7ohrJeAbv1uZ3JbvNkfVAQAVefogAA"}
00738{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":444441,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07RAAEAGcl+sECrYNF7ohrJeAbv1uZ3JbvNkfVAYAVcAGwAAFgMBAOoBAADmAwOSkZ7MV5tRrPXYmwy49debN2XXTGXQ0IImU9DOeZ6S4yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACJqaAB0AFwAYysoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1490976041384,"flow_last_seen":1490976041444,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00427{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":446155,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwNmhAAOcGaZI0XuiGrBAq2AG7sl88IzNAq4r0I3ASH\/6tEQAAAgQFtAEDAwY="}
00414{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":447594,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoul9AAEAGjKOsECrYNF7ohrJfAburivQjPCMzQVAQAVf3ggAA"}
00738{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":448206,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXumBAAEAGi7OsECrYNF7ohrJfAburivQjPCMzQVAYAVegPwAAFgMBAOoBAADmAwPMxcZuQn9QgwOiuLXeL1fCgh6paRvCicrfIqGcHwVG8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYamoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1490976041400,"flow_last_seen":1490976041448,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498208,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoOWdAAOcGZps0XuiGrBAq2AG7sl88IzNBq4r1ElAQf\/h38gAAAAAAAAAA"}
00534{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498343,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9OWlAAOcGZkQ0XuiGrBAq2AG7sl88IzNBq4r1ElAYf\/hRjgAAFgMBAEoCAABGAwFY3n0pDLntLgGwykQIDtHcfl7EStFhzm1bm1QlaW9friCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1490976041400,"flow_last_seen":1490976041498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":498392,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdOW5AAOcGZl80XuiGrBAq2AG7sl88IzOWq4r1ElAYf\/geWwAAFgMBADDsOjqesfDUuV579G+uPu83a\/hqraVpKsCM2bckzAXis8k6OSXRw1uoTW+upJFbDWk="}
00414{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":499565,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoumFAAEAGjKGsECrYNF7ohrJfAburivUSPCMzllAQAVf2PgAA"}
00414{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":499850,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoumJAAEAGjKCsECrYNF7ohrJfAburivUSPCMzy1AQAVf2CQAA"}
00498{"flow_id":30,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":500150,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjumNAAEAGjGSsECrYNF7ohrJfAburivUSPCMzy1AYAVf5oAAAFAMBAAEBFgMBADDA0tOeFpmMpXJArHJfzDEeAdxCbwhctWkDJ4\/AcSBVfFMlW9BPadbUTr5VYo5O1Bg="}
00423{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502643,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAon6JAAOcGAGA0XuiGrBAq2AG7sl5u82R99bmeuFAQf\/ggEgAAAAAAAAAA"}
00535{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502807,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9n6RAAOcGAAk0XuiGrBAq2AG7sl5u82R99bmeuFAYf\/jNrQAAFgMBAEoCAABGAwFY3n0pbDqO6chsJ3SoiJ8G0aBxUtUUc4QIfjuGKH\/QpiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1490976041384,"flow_last_seen":1490976041502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":502885,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdn6ZAAOcGACc0XuiGrBAq2AG7sl5u82TS9bmeuFAYf\/hLQgAAFgMBADCMDbwz1N2klcG9R\/iPv\/mjvmP9rWFYOVWX087nrtQOXmgu6MtSemVy1T2TGAoU778="}
00414{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":505056,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07VAAEAGc02sECrYNF7ohrJeAbv1uZ64bvNk0lAQAVeeXgAA"}
00414{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":505343,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07ZAAEAGc0ysECrYNF7ohrJeAbv1uZ64bvNlB1AQAVeeKQAA"}
@@ -289,45 +289,45 @@
01550{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":598595,"pkt_caplen":891,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":891,"pkt_l4_len":857,"pkt":"ePiC0\/vCAMDKkVoBCABFAANtjm1AAOcGDlA0XuiGrBAq2AG7sl5u82UH9bmjPVAY\/bgK4wAAFwMBA0Az2usVkOc6zj6ecIB6B7A+nXeAnDe7SZ8h4s7k6l3X1YzWlBE8ofhad4A3OsxMl5YdlfDTqyvXUvuqQfWo5CbRIX4MyF9svS5\/LLJIrY2vydXHPrfmPgl\/Dd6LmP9YjSZ2+cv1m2ajEvE0ZckF0eK9kqnc8LQEgLgVyLYTPnrKM0dZdrtAT+3LOYzJyy3fJB3bBhZuNcBmkS710f2+T2ztWcOPujw+y+nPpsO\/AFx4HebuNJCAoRX2UKdkdRH5i86aLWKoX18h3LEYhDMcRvjXlg2wBl2fUysWprNHHR0gTw\/nvTbqgHmsrMyAftC3eXk2FnAjkcIFKKek9gwo+qKUi+xs0vtPUFZhPFoAlGTLWNw+O0GNpKnNba85b2RfyQv81beiWvVcb193EPCLCdIvI3noe\/xhrSdoayQQATqHJ8aoVUl2EC+flHKEAli0ZgABGX1zT0hjQf27RK2QYLhVwbvvMLlv\/iqP8g7LcXmVwOY4aB+PuSZM3ICFUCvS+fEg0aXhy1kf+D3GVwklvu6QR8ZujkgkWA4AqcCEqbOLOmheNsq94Y8lbZWseipH8gIQLf3eBQyNPKCx4hG4nIbws9rwSimWe\/VlawLjimNj49tj7myBmKOSeG7BoUDOygIYLds5dEmaRRxtSux3eU7xrIKLtFhizwXr7tPB7g\/jglDvI7OmWsSqHD+b9caoelYKEfsv2lxZ\/t6AVpYStMeeL6qAojCU9ZH4S4rnCOv5GvoR4ciZ\/s1ZlQwkSKNCld0watQ8z0iKLXJJTWctKcJ8pygZWTEDBMAS7n8lnx3h2cxhmEzBYNA4dC8oOzIZrqngVW9a8YvdgEfrZPqpgo+txEtXFBrrk2w+MENx6GHDg+IFAeAm\/FZH3aC4pxsI62YoGIpVogfYldZcGbCCQW679bK2SCMg2HCpLHH8Nf\/3uiOp7kAfNxEcK7hL0NuCMqUGuW\/Dy2tIaZ2ffiPDSy97TUT\/AK9Ca1ChFwlXo6kO1N5FLctBitELRVLUiDDr7DOd+BpuJlucdTre\/4CmlM+sZHzgcG5UmYsDwb0nrrj29G66hkxxdHHsiwquapSx6BBUJekl8c7DqKDeFMkBpz2I"}
00415{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":629855,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoumVAAEAGjJ2sECrYNF7ohrJfAburivm3PCM3EFAQAV3uGQAA"}
00415{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":630136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07lAAEAGc0msECrYNF7ohrJeAbv1uaM9bvNoTFAQAV2WWQAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":680864,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzJAAEAGfuesECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9j3AAAAgQFtAQCCAoA9k6YAAAAAAEDAwg="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1490976041770,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1490976041770,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":770147,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWlRAAEARM0qsECrYrBAqAVOPADUAQZgzlqMBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1490976041770,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1490976041806,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1490976041770,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1490976041806,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":806940,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlVAAEARM2KsECrYrBAqActtADUAKHKAa+oBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1490976041806,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1490976041806,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00500{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":866893,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl0nZAAEARuxesECoBrBAq2AA1U48AUSKClqOBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAOQAENu8Yug=="}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1490976041870,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.186"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1490976041870,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":870965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8YDpAAEAGs\/CsECrYNu8YuoTjAbvEzS6RAAAAAKAC\/\/9XzwAAAgQFtAQCCAoA9k6rAAAAAAEDAwg="}
00617{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":938819,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC90nlAAEARurysECoBrBAq2AA1y20AqYS4a+qBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABMAAoDd3d3A2NkbsAQwCwABQABAAAA+AAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAgABDRV0djAQgABAAEAAAAIAAQ0VdHFwEIAAQABAAAACAAENFXRj8BCAAEAAQAAAAgABDRV0Xo="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1490976041942,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1490976041942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":942417,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BJdAAEAGWQ+sECrYNFXR2NSLAbvD9kolAAAAAKAC\/\/823gAAAgQFtAQCCAoA9k6yAAAAAAEDAwg="}
00427{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":952733,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwusBAAOcGsnU27xi6rBAq2AG7hOPN4I6FxM0uknASH\/5nFQAAAgQFtAEDAwY="}
00414{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":953612,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYDtAAEAGtAOsECrYNu8YuoTjAbvEzS6SzeCOhlAQAVexhgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1490976041961,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1490976041961,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":961796,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8261AAEAGgfisECrYNFXR2NSMAbsYT5UZAAAAAKAC\/\/+XjgAAAgQFtAQCCAoA9k60AAAAAAEDAwg="}
00723{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":962495,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AMDKkaPvePiC0\/vCCABFAAELYDxAAEAGsx+sECrYNu8YuoTjAbvEzS6SzeCOhlAYAVd4ugAAFgMBAN4BAADaAwPrd1S1ddQk7rUlC7xdTTn0up1nnk\/tmx0cHtuMmn3chgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkVpaAAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYuroAAQA="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1490976041870,"flow_last_seen":1490976041962,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00443{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":989388,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iuwz0jww\/ZKJqAScSDA4QAAAgQFtAQCCAptm51vAPZOsgEDAwg="}
00430{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":995382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJhAAEAGWRasECrYNFXR2NSLAbvD9komsM9I8YAQAVdfcwAAAQEICgD2Trdtm51v"}
00707{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976041,"pkt_ts_usec":995659,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+BJlAAEAGWEusECrYNFXR2NSLAbvD9komsM9I8YAYAVe71AAAAQEICgD2Trdtm51vFgMBAMUBAADBAwO5UA\/iZEVzwxa2fCwy81ITWHfzxsPCnxUHsdFTfcWAvgAAILq6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeAoKAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjq6gABAA=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":32,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1490976042054,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1490976041942,"flow_last_seen":1490976041995,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1490976042054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":54012,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8AfNAAEAGW7OsECrYNFXR2NSNAbumNE9OAAAAAKAC\/\/9PagAAAgQFtAQCCAoA9k69AAAAAAEDAwg="}
00442{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":56791,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71Iw+cfkHGE+VGqAScSB8QwAAAgQFtAQCCAps\/wWhAPZOtAEDAwg="}
00430{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":57764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0265AAEAGgf+sECrYNFXR2NSMAbsYT5UaPnH5CIAQAVca0QAAAQEICgD2Tr1s\/wWh"}
00706{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":58395,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+269AAEAGgTSsECrYNFXR2NSMAbsYT5UaPnH5CIAYAVdplAAAAQEICgD2Tr1s\/wWhFgMBAMUBAADBAwOGZCJ5XClhLW3uSio8xzT8mg+rdruUVrO5OZF9oNZ61QAAIIqKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeCoqAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIamoAHQAXABh6egABAA=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":32,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1490976041961,"flow_last_seen":1490976042058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00430{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":62566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01YZAAPMG1SY0VdHYrBAq2AG71Iuwz0jxw\/ZK8IAQAHZfggAAAQEICm2bnXcA9k63"}
00430{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":62700,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA01YdAAPMG1SU0VdHYrBAq2AG71Iuwz0jxw\/ZK8IAQAHZfggAAAQEICm2bnXcA9k63"}
02378{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":81606,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc1YhAAPMGz3w0VdHYrBAq2AG71Iuwz0jxw\/ZK8IAQAHY62gAAAQEICm2bnXkA9k63FgMDAFQCAABQAwNnOcRaJm9h2IiA8FHyGT2ob+d4Qt\/qg82KbIBXcm3x6QDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwML6AsAC+QAC+EABp8wggabMIIFg6ADAgECAhAdSr2qeNCa\/nmdQbzrenZiMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMDMxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAwwOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWihndZ\/4HxzWdNmP\/XjAI8iPKFw5XnK0RlANu1+1aLE7FOkbZKWTYYjWnO0RKmikGZtj+Fozlg1YNgMevTUBC\/MCrCw3LPmxfivK2QgRYj3YOiYpu\/FAqvLSbRm6P0zNptlva8dvR1tbBSXbJefmeV8clJ+YPRNLdQU1pDNcTEWeUpT+LtWiYsQH870618nRXZdnNvM7HdF+9PLnCafgDEILucZGSU0EpVr6elGXTOP6WjIJoz4AXlhX1ltREi7FiJk5be7ZrrpXNjAJFrYR20hs8As791KsU0C5oCEqqkU3Q4HjZ3XohZQ4qIyIcMkvnXZgAkkGZ9A8jt9VC1cnAgMBAAGjggMpMIIDJTCB1AYDVR0RBIHMMIHJggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFYGJ\/J8QAABAMASDBGAiEA6fFlggg6W7QvWe9jf7KTwDKBjO3dGyhkPVZyzlOX5b8CIQCuPTe0zJihJrUjbnOuq6NcNCnkacxegjQwcBcg1ZwRXQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABWBifyhoAAAQ="}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_tot_l4_data_len":1890,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":7,"flow_first_seen":1490976041942,"flow_last_seen":1490976042081,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02381{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":81999,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc1YlAAPMGz3s0VdHYrBAq2AG71Iuwz06Zw\/ZK8IAQAHZboAAAAQEICm2bnXkA9k63AwBIMEYCIQDRlQQ8KC2R\/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPwAagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA65KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oVphsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46iwZst4TwdwO3\/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuADJelImPs\/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWuBpx0qrpruMAUU1lOJrg\/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N\/7jW6zKh5RjSgrr6H7ZhiwtwpJzLsjT1CXAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE="}
02386{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":82340,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc1YpAAPMGz3o0VdHYrBAq2AG71Iuwz1RBw\/ZK8IAQAHazlwAAAQEICm2bnXkA9k63NlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzMwMDgyMTM1WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEB1Kvap40Jr+eZ1BvOt6dmKAABgPMjAxNzAzMzAwODIxMzVaoBEYDzIwMTcwNDA2MDgyMTM1WjANBgkqhkiG9w0BAQUFAAOCAQEAgQDMpzZdwJ3PrNgB8d8f1cjQX1Ry6VrhEzAt1lcEB4WgmdjO0Jj7\/gcGHmmN4xjsgLxWz0TLFJXU3wjsiTaR9iYjNwnlVX2RjmqVz5lsVlEMa28OUwUvMwlmN7cuMZgdMiCi\/EUGOIACQtCuusxL8xVXf3x1piP9W5dJahTjHK\/gDPNDIF+nVKPFnlMFE\/hen03A+k1mR9yGF\/JfOOfP\/b1322DA7bnEn3JSMiFcIxbsU2gE9h3ovCxMS6WLeuK87uLOMB+5jQuVgYqUfvRPYAHuBDr37eG8TeoadjSco88HooscltcumFNXAv5B6ADN85OBUnpTIBJzgqaLgcnVnqCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1U="}
-01265{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_tot_l4_data_len":4850,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":538,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01276{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":271,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":9,"flow_first_seen":1490976041942,"flow_last_seen":1490976042082,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":505,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
01472{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":82763,"pkt_caplen":833,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":833,"pkt_l4_len":799,"pkt":"ePiC0\/vCAMDKkVoBCABFAAMz1YtAAPMG0iI0VdHYrBAq2AG71Iuwz1npw\/ZK8IAYAHavUgAAAQEICm2bnXkA9k63HSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQQ1y7iRnHW3VDY1PYCjzM7D8B2gEdgVODVhoDvheQs+Vc40KfQdF1WgbIlWjQsTLmvSodoHbkDq\/EUGClnJCTH+BgEBAH+ak3vevbC804eFSvYlQzd\/stvCPDv5k5zc9jV+a0mfeIo9Sw6UfieSRW7\/3OJbsJ3IAmtFFdbLFm5bSiRUooBw1d6e3zTSCJSjrTo7ijPnxRQksV4ufwQyZ5sz1km9QaTz9hHOxSgiuUyfnkqpGngUhQVwAp7WHRm+YmdkwYaXSA4hc5tYxFoHwp+9kIMD8NuJPtkIg1sJJ60teIy0TxCaLX9o8LhdWo+YaTAnHHTal4JyulC8o4Mp6ErwgrQ\/R799vQ+7\/HMw7BQakjiEMI7htmdlfDLiy7vbYd+y9yBOKOZUP7g3WOJC9XHiqiGDL72FQc50tbLM43UR2dRzfBIWAwMABA4AAAA="}
00430{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":83834,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJpAAEAGWRSsECrYNFXR2NSLAbvD9krwsM9OmYAQAWJY4wAAAQEICgD2TsBtm515"}
00430{"flow_id":37,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":84152,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0BJtAAEAGWROsECrYNFXR2NSLAbvD9krwsM9UQYAQAW1TMAAAAQEICgD2TsBtm515"}
@@ -338,10 +338,10 @@
00430{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":101270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfRAAEAGW7qsECrYNFXR2NSNAbumNE9Ps3pFE4AQAVdxMgAAAQEICgD2TsJtF6Xz"}
00432{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":143678,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0\/KJAAPMGrgo0VdHYrBAq2AG71Iw+cfkIGE+V5IAQAHYa3wAAAQEICmz\/BaoA9k69"}
02379{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":149888,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc\/KNAAPMGqGE0VdHYrBAq2AG71Iw+cfkIGE+V5IAQAHYuIwAAAQEICmz\/BasA9k69FgMDAFQCAABQAwPrfV2nVHL1VGkmiTkZgHlDEMFJGiDPBqJtWtGWkPbC8QDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwML6AsAC+QAC+EABp8wggabMIIFg6ADAgECAhAdSr2qeNCa\/nmdQbzrenZiMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMDMxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAwwOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWihndZ\/4HxzWdNmP\/XjAI8iPKFw5XnK0RlANu1+1aLE7FOkbZKWTYYjWnO0RKmikGZtj+Fozlg1YNgMevTUBC\/MCrCw3LPmxfivK2QgRYj3YOiYpu\/FAqvLSbRm6P0zNptlva8dvR1tbBSXbJefmeV8clJ+YPRNLdQU1pDNcTEWeUpT+LtWiYsQH870618nRXZdnNvM7HdF+9PLnCafgDEILucZGSU0EpVr6elGXTOP6WjIJoz4AXlhX1ltREi7FiJk5be7ZrrpXNjAJFrYR20hs8As791KsU0C5oCEqqkU3Q4HjZ3XohZQ4qIyIcMkvnXZgAkkGZ9A8jt9VC1cnAgMBAAGjggMpMIIDJTCB1AYDVR0RBIHMMIHJggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFYGJ\/J8QAABAMASDBGAiEA6fFlggg6W7QvWe9jf7KTwDKBjO3dGyhkPVZyzlOX5b8CIQCuPTe0zJihJrUjbnOuq6NcNCnkacxegjQwcBcg1ZwRXQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABWBifyhoAAAQ="}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_tot_l4_data_len":1858,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1490976041961,"flow_last_seen":1490976042149,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02384{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":150124,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc\/KRAAPMGqGA0VdHYrBAq2AG71Iw+cf6wGE+V5IAQAHYW\/gAAAQEICmz\/BasA9k69AwBIMEYCIQDRlQQ8KC2R\/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPwAagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA65KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oVphsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46iwZst4TwdwO3\/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuADJelImPs\/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWuBpx0qrpruMAUU1lOJrg\/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N\/7jW6zKh5RjSgrr6H7ZhiwtwpJzLsjT1CXAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE="}
02388{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":150550,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc\/KVAAPMGqF80VdHYrBAq2AG71Iw+cgRYGE+V5IAQAHZu9QAAAQEICmz\/BasA9k69NlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzMwMDgyMTM1WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEB1Kvap40Jr+eZ1BvOt6dmKAABgPMjAxNzAzMzAwODIxMzVaoBEYDzIwMTcwNDA2MDgyMTM1WjANBgkqhkiG9w0BAQUFAAOCAQEAgQDMpzZdwJ3PrNgB8d8f1cjQX1Ry6VrhEzAt1lcEB4WgmdjO0Jj7\/gcGHmmN4xjsgLxWz0TLFJXU3wjsiTaR9iYjNwnlVX2RjmqVz5lsVlEMa28OUwUvMwlmN7cuMZgdMiCi\/EUGOIACQtCuusxL8xVXf3x1piP9W5dJahTjHK\/gDPNDIF+nVKPFnlMFE\/hen03A+k1mR9yGF\/JfOOfP\/b1322DA7bnEn3JSMiFcIxbsU2gE9h3ovCxMS6WLeuK87uLOMB+5jQuVgYqUfvRPYAHuBDr37eG8TeoadjSco88HooscltcumFNXAv5B6ADN85OBUnpTIBJzgqaLgcnVnqCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1U="}
-01265{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_tot_l4_data_len":4818,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":602,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01276{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":8,"flow_first_seen":1490976041961,"flow_last_seen":1490976042150,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
01482{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":150641,"pkt_caplen":833,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":833,"pkt_l4_len":799,"pkt":"ePiC0\/vCAMDKkVoBCABFAAMz\/KZAAPMGqwc0VdHYrBAq2AG71Iw+cgoAGE+V5IAYAHYupAAAAQEICmz\/BasA9k69HSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQQovUsDelzP+300eHZ2BCwGeDPOa7iaJmr7DgKQj2XbL185epLF\/tk3XkBzIzqhSVj17Jgra\/VHE7vXKmSJVHjOBgEBAF2BK88pLTcsPvJaIWGO53R\/7eB\/bCZJG\/9eVIs8cLA2gXK7esT3hlY54FyTNZqHdF8uPbydFYiBzRtou64FZcMTi5HrCLZvD1yyUHsDkgkZR0uuWOBvuWrr\/Mp6ATE8NlsVv5b2V2D+bfInxIV+AJoAFvYcSPPMS00EhMrauJztbvGZVNkX18bc8K+9f\/Fpz82WKHtM9Zpzkpo3TyAqmV7Hb0ZfUXvc3\/VJx3sFUnBkQMi49eiH4cpQ9qbQBPV\/h9FKPLqU8NMKXRk\/ERSO1fofkRo\/ZsQH\/PbdrizyYtjpYG72t9xn2WqZsuGiCIkjIncsW0x3zL\/f92U12T1D\/yQWAwMABA4AAAA="}
00432{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":151366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA027BAAEAGgf2sECrYNFXR2NSMAbsYT5XkPnH+sIAQAWIUQAAAAQEICgD2Tsds\/wWr"}
00432{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":152110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA027FAAEAGgfysECrYNFXR2NSMAbsYT5XkPnIEWIAQAW0OjQAAAQEICgD2Tsds\/wWr"}
@@ -353,10 +353,10 @@
00424{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":295751,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAozthAAOcGnmU27xi6rBAq2AG7hOPN4I6GxM0vdVAQf\/wx\/gAAAAAAAAAA"}
00425{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":295904,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoG\/5AANsGXUA27xi6rBAq2AG7hOPN4I6GxM0vdVAQf\/wx\/gAAAAAAAAAA"}
02384{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":302047,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcG\/9AANsGV4s27xi6rBAq2AG7hOPN4I6GxM0vdVAQf\/wgmAAAFgMDAGwCAABoAwMmtKBZx\/u7oCUrDiVw9Sf\/yT7y2V5hEh17RXa5URvIlCAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLXAsAC1gAC1UABhMwggYPMIIE96ADAgECAhA4NltvtzQZFjv8ve7WrL1kMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTMxMDAwMDAwWhcNMTcwNjI2MjM1OTU5WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4xMDAuBgNVBAMMJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXcGbXxOrpLbSVz1WkSGdOoQe5mOSrPSipk7JhfXK7xeLV9EIeNBuFrZZ2JZEF\/T4BDidLNCjBenxkICR9k1ltsHLlgk98tozeORSexEAFwZZZ9s8DgT4svJHN6DknTZB33LMrl0uZtYGMYTJtg2i7zDyXDxOLI1n18e+5F2KQpK5furnmaXxpwezrh7zkJJWH83xemhzKvGTf2P7xdwQctiL8MA0GTOV9GzToVw1xTG\/fau1xVatZmUQ6sGqK6xGKs+WZbRF9Mt4qMTd8kDtoCqmVTR+TyHHj2qCp1DarPl6Gd6QI\/kcrSDIB3BKPyHONFqOCqSOb229mecsrdElsCAwEAAaOCAoMwggJ\/MDIGA1UdEQQrMCmCJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVQfvs54AAAQDAEYwRAIgCg5bNh62K\/b2zUGTsrOfXRQ2hEOpUa4\/UZNWRL0DuRUCIC9U2rEr7y4HeC90xoTunNK9D9jfY4DC\/G+LRXCIr\/RIAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFVB++ztQAABAMARzBFAiAvW0BkxINB35W5rlhLG8DJboczX1rvev\/2LK5J7Okw4wIhAPdIkpGjTs1LVBwcD6WVj8wFfprle65WhoKwU3rdR0bKMA0GCSqGSIb3DQEBCwUAA4IBAQAuMikuMxAokEDkZMhLHxehHQqRelzQgDZAxTHsf0TNYtQ="}
-00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_tot_l4_data_len":2102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":317,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1914,"flow_avg_l4_payload_len":239,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02386{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":302298,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHABAANsGV4o27xi6rBAq2AG7hOPN4JQ6xM0vdVAQf\/zjzwAAuezDHJlNCFbTqooOmZYJgXVoab7DiVH\/6Mt5ORjD+xDySm9+wED9xtH3xbzA0EOMEACtHLBqFfq\/1lOc5hgyC\/+63I0ueasZimFAVTpOAfg0DSU7h28WSDMTted26RaIqN4sq1BpVil25TYFZfn5t4iL5IQKiMF1UU0oWKAur7VoeugGIxgnJ84P1ZMLgRYURE4RzooO30lwpIVEKYQDqnaRdo1pWpA3GUHbKgknDnyPO0iRRz+NFJg+3vtrwI58Qsq45pFOscz6uTUx4HuVks5duBZ4NBgwVAlyFWV4FwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hQ="}
02385{"flow_id":36,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":302667,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHAFAANsGV4k27xi6rBAq2AG7hOPN4JnuxM0vdVAQf\/zfTAAA3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxxYDAwZRFgAGTQEABkkwggZFCgEAoIIGPjCCBjoGCSsGAQUFBzABAQSCBiswggYnMIGeohYEFEUgAqiLimWfdfr16QoaeNLwNwueGA8yMDE3MDMzMTA0NDUyNlowczBxMEkwCQYFKw4DAhoFAAQU0bFki4yfDdFro4rNK1AX1fnPwGQEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvAhA4NltvtzQZFjv8ve7WrL1kgAAYDzIwMTcwMzMxMDQ0NTI2WqARGA8yMDE3MDQwNzA0NDUyNlowDQYJKoZIhvcNAQEFBQADggEBAJG4mKDAIkHJGohEcAXrjWcL\/X9efPGdSWnIujVQblXj9Sr0T36LlIP6QAecCnTuDUccLdRBVsLBrGLFuSZhZFAr0bCbBDXT6pzyL\/6othUDtcsJOWKfVOFjwAlPelx5E36DQxWy\/UrA8ffDBvCs\/rOG3McAu\/c86V66PK+nEJdWQ333YOD5+Gl2OWY7eiNxGk+60HEQY771HF27aILCKdV1jZAq4q93Td4HzHLhg8\/K21C8odN63ecG5gyRacL8wAMfhIjcpQTkPRcQ8A5YlZlYNVememWqBabsOL1RgB0iJn\/NE9tjFaweytAKzoVCni\/W8cvzyM1Xw0pZim0KetOgggRuMIIEajCCBGYwggNOoAMCAQICEERokGNpSAXWyvb9udHEBSEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNzAyMDQwMDAwMDBaFw0xNzA1MDUyMzU5NTlaMEAxPjA8BgNVBAMTNVN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqitCn32+QLqqv0UypRjFp6XQuyZrZxojgGML2TdmIzCun529IQIDjBtay0e+gHzpbxmaV3syrW21bLBjTcwZ8CX3o43Q+I5WjVd4Nkm5dNv1tAtRLFVe7OCfA5sYO5ZVPGllHeqsWMl7wjYDK9M0+OAAZXCXu5WDcZ3mT3VW+fvDRuPEHnMaZhIC5sIh\/POmvUsWf+aBTwm77otPaqw\/WWQ2Xk1sd442vWvW6yqCL\/C89qKaCLli\/9xRNJLDBUiuc5eJ+IoZv9G3gijlABp0b1fC39k5zZSGgZuBwq6H8sP8BgcXJhXpEUTGDBt7VHvtvZeNGqKVsDTiOy9wYTzE6wIDAQABo4IBHDCCARgwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLUQtMzg1NzAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zAdBgNVHQ4EFgQURSACqIuKZZ91+vXpChp40vA3C54wDAYDVR0TAQH\/BAIwADBuBgNVHSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIY="}
-01167{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_tot_l4_data_len":5062,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":506,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
+01178{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":319,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":10,"flow_first_seen":1490976041870,"flow_last_seen":1490976042302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4834,"flow_avg_l4_payload_len":483,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
01247{"flow_id":36,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":302750,"pkt_caplen":669,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":669,"pkt_l4_len":635,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKPHAJAANsGWtU27xi6rBAq2AG7hOPN4J+ixM0vdVAYf\/woDQAA9w0BAQsFAAOCAQEAeBzBYjVYR\/3Xm\/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7lenG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIxe7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Huuv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaSnUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDhYDAwFNDAABSQMAF0EExu9+kSbEcVy+kDTOqD5ph0CVu885HWo1WUP4j60Y7ufx6T4ne3QfUOgh0m59iXVrZv4gQAQVboF3fpTwhI+DDAYBAQBQrWs8FE08\/e+oPfUU5O9lJgi0ZphhbE0S0BpQ0wKgRESbB2jDkpAmwJ\/\/KHpln+fqIGtxfZgAJ6YYxla0+FugnjpF\/R4cG3hiAHY72iTgrCzO0H0XA3DxT5tosgA7NzxuRQ3B7JYx+GlO0O3WfdcniXnTZTBI9lfvIdP\/m3jpgJem+tZ7ObuLeue+otByHgBBUrR+5ouWaAp4qAF+L6OrAPiByT9+T3ckjzi\/RhWQW1r0ZJByU6oGVHqB7RRzQjEjUIi8Ft85HrgMOjM63UV2LdwRs87fyzxzLz8XNcNlphz9OUWBI5BVPDmJPAOEByLfapJz+Ws6SjF4SR6cXtRiFgMDAAQOAAAA"}
00415{"flow_id":36,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":306322,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYD5AAEAGtACsECrYNu8YuoTjAbvEzS91zeCUOlAQAWKq5AAA"}
00416{"flow_id":36,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":307238,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoYD9AAEAGs\/+sECrYNu8YuoTjAbvEzS91zeCZ7lAQAW2lJQAA"}
@@ -368,37 +368,37 @@
00477{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":396225,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ePiC0\/vCAMDKkVoBCABFAABTg1pAAOoG3qoixzTwrBAq2AG7ldw4Ctyq0R26UYAYAH5HlgAAAQEICkQXW5gA9k7ZFQMDABod0wqm1CeTwtRh\/BYnpdqNdoHINbL1W8\/0Gg=="}
00430{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":398154,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0AfZAAEAGW7isECrYNFXR2NSNAbumNE9Qs3pFFIAQAVdw9QAAAQEICgD2Tt9tF6YR"}
00445{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976042,"pkt_ts_usec":419678,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G69AAEAGvmqsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/VegAAAgQFtAQCCAoA9k7iAAAAAAEDAwg="}
-00515{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":375,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1490976043609,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":375,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1490976041680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1490976043609,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":609941,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzNAAEAGfuasECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9jeAAAAgQFtAQCCAoA9k78AAAAAAEDAwg="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1490976043611,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1490976043611,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":611721,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1490976043611,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1490976043611,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":617123,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00154{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","type":35085}
00467{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":811357,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"}
-00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":43,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1490976043814,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1490976043814,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":814090,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JoxAAEAGJqusECrYSBXOh6SRAbtDcGnhAAAAAKAC\/\/+2eAAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1490976043814,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1490976043814,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":814984,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bx1AAEAG3hmsECrYSBXOh6SSAbsCViBwAAAAAKAC\/\/9BAwAAAgQFtAQCCAoA9k9tAAAAAAEDAwg="}
00427{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":869135,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnhhAAOcGCCpIFc6HrBAq2AG7pJISbmyuAlYgcXASH\/4uVQAAAgQFtAEDAwY="}
00414{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":870392,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobx5AAEAG3iysECrYSBXOh6SSAbsCViBxEm5sr1AQAVd4xgAA"}
00694{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":870910,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1bx9AAEAG3V6sECrYSBXOh6SSAbsCViBxEm5sr1AYAVf8bgAAFgMBAMgBAADEAwOSNimGSrtikrr4BiDGBJaapUtZMMHJl95wUbRDfz5SFQAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeyoqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":225,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00427{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":873683,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwUbtAAOcGVIdIFc6HrBAq2AG7pJG1BAKQQ3Bp4nASH\/5rUgAAAgQFtAEDAwY="}
00414{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":875525,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo1AAEAGJr6sECrYSBXOh6SRAbtDcGnitQQCkVAQAVe1wwAA"}
00694{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":875775,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1Jo5AAEAGJfCsECrYSBXOh6SRAbtDcGnitQQCkVAYAVcxBAAAFgMBAMgBAADEAwMZJehCtkKewcHD+xJYxAVW6uEh3JFfPpUNQgyNLbS3VAAAIBoazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe+rqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABhKSgABAA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":225,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1490976043814,"flow_last_seen":1490976043875,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00422{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":919439,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2oZAANwG1sNIFc6HrBAq2AG7pJISbmyvAlYgcVAQARx5AQAAAAAAAAAA"}
00423{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":940982,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoQ5xAANwGba5IFc6HrBAq2AG7pJG1BAKRQ3Bp4lAQARy1\/gAAAAAAAAAA"}
00422{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":941110,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoQ51AANwGba1IFc6HrBAq2AG7pJG1BAKRQ3Bqr1AQASy1IQAAAAAAAAAA"}
02377{"flow_id":42,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":941369,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcQ55AANwGZ\/hIFc6HrBAq2AG7pJG1BAKRQ3Bqr1AQASzvwQAAFgMDAGwCAABoAwMaDsHOOMTHKZEyHCAHrbDT1zuy09X6mni39uBP3yYUByDM6LjLs2o++Mqa2LMvaRbhCir4ejKLTMZpm5kQ06LxHcAvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLbwsAC2sAC2gABiYwggYiMIIFCqADAgECAhAjXKYxTs1ErLy+l509p0IQMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTA3MDAwMDAwWhcNMTgwMTMwMjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEaMBgGA1UEAwwRZmxzLW5hLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiX1uuFeHp7s\/u9RJVeIg7pSJGX42DFxgePcypEXRXU1o3cArZybBO2C5Lpg6GM3f45K4KToO0khIXQJB7mXH4bbbQ3+YNFdt7793pBUrodbhy1vNPfwwdBaxsqZ6o5AMBkbpsaSUOdcoTvF9z7DiYKtABRBdPFplNooNjVCUNw9hfksqkbBfzmRXOVJUe6FB2TYGtc1mXHHxQSxvyBoGKYrbiWmhKRKN2oU7shNkGGr+2AY1qqKK5nRLcdy57snSkPzc1VrU7kChpo1TaC6Boi5W9qzCYG13onxMu6WbKte80fZF9+vPs9N9E66H+HyD7t7ZkEmtZMIt4ZpLRyDj9AgMBAAGjggKtMIICqTBaBgNVHREEUzBRghBmbHMtbmEuYW1hem9uLmNhghFmbHMtbmEuYW1hem9uLmNvbYIUZmxzLW5hLmFtYXpvbi5jb20uYnKCFGZscy1uYS5hbWF6b24uY29tLm14MAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZeQ7n1QAABAMARzBFAiEAyqHpuySuZQoGcM+I+Z0wX00rBtbjPPh\/qzCzZAyUhAoCIAhBWQVD0U3G8MO5dyAwrlvYf2mmJVOHUcCx971NZg0sAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFZeQ7oJwAABAMASDBGAiEA\/RAOoLROyik62vKihf3Zx1TBs1KxISOTjmjnjZrbf64CIQDPCRXOcglmhnaH9koY+cdNR\/1ozx5g78hwrDg9pc0RtzANBgkqhkiG9w0BAQsFAAOCAQEAoKU0Dbk5SCaAT6\/D0vE="}
-00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_tot_l4_data_len":1833,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00802{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":7,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02383{"flow_id":42,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":941664,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcQ59AANwGZ\/dIFc6HrBAq2AG7pJG1BAhFQ3Bqr1AQASxQFwAAUSPF\/O4EUbS8iqtYW7XeLLFSQkwsNcW0blJi29ViWiroJecqf42koTiJbu21bzXz9NnWx3QZbP7HECKHS8zsIT3wSAg60lzeHBDW9OEnRzctCFd061UcVfmvjmUGgRaAHvZ7KX0Enz4wDCPEaugLfuNk0KjthMfnxC15ABSBgZ3qZBOnTbwhDWuR8lFaApR2cPTN2navpN7AHeLN5gXvpLuLlv7EGbuQwuxCa1AGr9yt4Oc1bKCLJ9usVuCIWzTdGAutoouvNMxOnvMTumCjH0ejhkZjzXQl8u+jtC5TbVZqImKVOkayTYaP10vdNEAbljkABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jM="}
02389{"flow_id":42,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":941993,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcQ6BAANwGZ\/ZIFc6HrBAq2AG7pJG1BA35Q3Bqr1AQASz7nQAAguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMGURYABk0BAAZJMIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pln3X69ekKGnjS8DcLnhgPMjAxNzAzMzExNDQ0NTVaMHMwcTBJMAkGBSsOAwIaBQAEFNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQI1ymMU7NRKy8vpedPadCEIAAGA8yMDE3MDMzMTE0NDQ1NVqgERgPMjAxNzA0MDcxNDQ0NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBF6EKFZ1knzWaKjpd1EHbBhF+vBD+Pb5jGJvQ7g3vJZu86FO4kCtZBxKZ0Otr7kXawtFLPQhcBgtM3WGLDS7\/6wvTJdN4fZ0QyzCzTp6q+8UwYOO7uy7R3q0Sob7e\/vf5C10NcDwAqtk4zy4mw2gjKcjCEchqehMvhhObJZfZiwBSeTqEt4ZSJ0gBT\/rv1ZbLkIKs6y\/yS3trFv2EXbi1dDhXd+s5gDJQ+Z4IuN0AmnUA9gLpR7559r6n42AR1MvfF9nRl2troBchZJCqslWOgwvx\/Ih\/1i9PisnYAZyVoek0PXB\/OG\/kMnOd0UZkuJLSgx4XYAXEX2FgTY+xHklRooIIEbjCCBGowggRmMIIDTqADAgECAhBEaJBjaUgF1sr2\/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMwrp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7w0bjxB5zGmYSAubCIfzzpr1LFn\/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi\/wvPaimgi5Yv\/cUTSSwwVIrnOXifiKGb\/Rt4Io5QAadG9Xwt\/ZOc2UhoGbgcKuh\/LD\/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUgAqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB\/wQCMAAwbgYDVR0gBGcwZTBjBgtghkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1U="}
-01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_tot_l4_data_len":4793,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":532,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+01170{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976043941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
01284{"flow_id":42,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":942040,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKiQ6FAANwGay9IFc6HrBAq2AG7pJG1BBOtQ3Bqr1AYASzAwAAAHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4\/a+5XpxufufD6fAA8qZDYLX\/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsyMXuzCqxDoAkBqBZL\/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl\/aaq1BslxdPB7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiAfX0\/mSXLK4Dgdl52tAdcoDAedZSz+H6Y\/busqrTk1nTRwIksEFRr6U5ipHH8d5KWkp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4WAwMBTQwAAUkDABdBBEllDcHhxMuVunkjouqW5rZ0cMHu\/lXKfrPJea63kNxgOwmpA17bBgbsF60T78PVzzM4Nkg5m\/c5fxLY6MI0XeEGAQEAhlG8vYp1\/\/uAMnuQsF3sLoNJ8bCXa6oa\/bGPF6Q8HF7yLbZETPAeWVOHuqhBM1f6\/K4OYUSYDNZ\/hJDu55b12zPB9OLD\/tIiDBnSdclG98yDh77CIYgF1cQQsvFPMJhTmxkjCM784U\/zHG\/\/nEi4Vwb5ineT6NpP9B65VeNNQpfTjhm8HB3zKARqJ9vRiyXuHvyhF2knicSEEogMc9T1xh9A7T73DxoD4LGsPAvB+UKcNgyr8LuvLIg2t4ZHGA\/t044XX2PzruiBa8Y+xLppFmkhyTfl9BF0XcbflSpnNwCaja9eoGn5mZmEt7B1vkuUPJM5sqbZNGTt83c2L4UuVRYDAwAEDgAAAA=="}
00415{"flow_id":42,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":946397,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJo9AAEAGJrysECrYSBXOh6SRAbtDcGqvtQQIRVAQAWKvNwAA"}
00415{"flow_id":42,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":946753,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJpBAAEAGJrusECrYSBXOh6SRAbtDcGqvtQQN+VAQAW2peAAA"}
@@ -406,21 +406,21 @@
00415{"flow_id":42,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":947071,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJpJAAEAGJrmsECrYSBXOh6SRAbtDcGqvtQQWJ1AQAYShMwAA"}
00587{"flow_id":42,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976043,"pkt_ts_usec":957154,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmJpNAAEAGJjqsECrYSBXOh6SRAbtDcGqvtQQWJ1AYAYRaIgAAFgMDAEYQAABCQQQ2yyWqrplCs8nLaVkdkOZCEd7U4GgWDa9faxzobzdjTI4\/PHgKHmlWUYeHBoQaCi0yLOIgQl18jcTwXDKIApxAFAMDAAEBFgMDACgAAAAAAAAAAPVEUa5Au9r71L4PDHj7x8ZMTILtApPQDLTOyxz1IEXS"}
00694{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":129777,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1byBAAEAG3V2sECrYSBXOh6SSAbsCViBxEm5sr1AYAVf8bgAAFgMBAMgBAADEAwOSNimGSrtikrr4BiDGBJaapUtZMMHJl95wUbRDfz5SFQAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeyoqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1490976044189,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1490976044189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":189172,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8KphAAEAGHFesECrYNF7ohrJpAbvSj2UKAAAAAKAC\/\/8X6wAAAgQFtAQCCAoA9k+SAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1490976044219,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1490976044219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":219115,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8UU1AAEAG9aGsECrYNF7ohrJqAbsS8h7YAAAAAKAC\/\/8dtwAAAgQFtAQCCAoA9k+VAAAAAAEDAwg="}
00427{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":265954,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwK9ZAAOcGdCQ0XuiGrBAq2AG7smlcwjrL0o9lC3ASH\/7s8AAAAgQFtAEDAwY="}
00414{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":267960,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKplAAEAGHGqsECrYNF7ohrJpAbvSj2ULXMI6zFAQAVc3YgAA"}
00739{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":269016,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKppAAEAGG3qsECrYNF7ohrJpAbvSj2ULXMI6zFAYAVcFOAAAFgMBAOoBAADmAwNdGKNvzWhzY9OhvyZ+keLLKk\/7AQzq3mwK9RBmTgVI5yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1490976044189,"flow_last_seen":1490976044269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00427{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":285893,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZ65AAOcGOEw0XuiGrBAq2AG7smoL+FEyEvIe2XASH\/4tIwAAAgQFtAEDAwY="}
00415{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":287837,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUU5AAEAG9bSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AQAVd3lAAA"}
00739{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":288914,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXUU9AAEAG9MSsECrYNF7ohrJqAbsS8h7ZC\/hRM1AYAVcwFgAAFgMBAOoBAADmAwN0wOf7tRdLaTVmj8QP9secnQ3jNnC0CYFCDog2row9lyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB96uoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAY+voAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1490976044219,"flow_last_seen":1490976044288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":330889,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGa5AAOcGhlQ0XuiGrBAq2AG7smlcwjrM0o9l+lAQf\/i30QAAAAAAAAAA"}
00535{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":331031,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9GbBAAOcGhf00XuiGrBAq2AG7smlcwjrM0o9l+lAYf\/gsSgAAFgMBAEoCAABGAwFY3n0s+OFwAO8V\/5J6dyfR1C1CHVmCDi1eUwthRlD2rSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1490976044189,"flow_last_seen":1490976044331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00492{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":331076,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdGbJAAOcGhhs0XuiGrBAq2AG7smlcwjsh0o9l+lAYf\/hUwAAAFgMBADAnovXOyV8I2l\/aGa4Z1HI7eesiC0mUpD5+e4a9mo+VIF8oB\/XZKt\/k1+6yk4TgmJU="}
00414{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":334376,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKptAAEAGHGisECrYNF7ohrJpAbvSj2X6XMI7IVAQAVc2HgAA"}
00414{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":335539,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKpxAAEAGHGesECrYNF7ohrJpAbvSj2X6XMI7VlAQAVc16QAA"}
@@ -428,7 +428,7 @@
01954{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":358207,"pkt_caplen":1184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1184,"pkt_l4_len":1150,"pkt":"AMDKkaPvePiC0\/vCCABFAASSKp5AAEAGF\/usECrYNF7ohrJpAbvSj2Y1XMI7VlAYAVduRgAAFwMBACD6x\/Zk0wa9qRDBPzApOk9T4ya3blcW9w7ApUDXeNnBnRcDAQRAtpi0OCxmenL7SJXTpT9K+d1V4BWKnZmYpgrD2cTVP7OYZC5ne7g\/yaVBLkpp8iMUm78s878m+0UdddxZXnk6JFhEOc\/KBocdHFFdDyZK5bBrKAYGWwgIdHm04hIW\/KcZIDM6n8Ot2fx9IKro7XnGt7D7JKO\/mPThYhQX54JmUvXVzZQe4hOv1DWNzmuPYV59UJwJJ2G+ceNAtS\/UcibInMAqeK7x0\/pWwIP9immIPdN9rCXsQwD3LGHuiWupr6mszJxc1VoZBXa\/Xy\/m7K9TBtxGEI7oSNq0sLVcHJMQnW5aqu64+3HOXKat622tDSzbnsdENV+HcXmorZtH+AUESxgnN1xn46L8gNn6HuGBnkqSr43u\/awrOAa3OV\/6CefI3yb48\/CK5q6s6ULRRBv2NCsfFVlHivJ5svg811t3pzzqAETXkNC46B8nnjgEyzWCmaRNnDYvMKywGUio9PT8Yg8FHzpp6F+EW5WlQjUMQz5ejUZwPXWwGmXCENtph\/+6VTtepSRntfkav1dorjGc0mYB99EeBK03hpsTbG9M7IJ5igulYwF++XZwA96LHS8K21q1RuWcvvvgZNUFEkPrD4h\/Mo4eVa9neSmcHKtzOqu\/s+oyHmyObsYQOyGtYjLhd3GzNHgHSlXVFQKyR1rhl4ye1g9qvtOIJ6vP8\/vsC7WS2K9Fzafgl1RNooyeSNu8\/lh5ZmFIlVApbseB26049mAueBi3BF7mPwRG9AXPxZanL3bZEm3HQdJ+vjUZFW\/g99s8KN2yNoWznxxk9FlBUKUI9veK19aely+oK\/cvs5Y55GhoQ0ufCw2zlbMbuTHDKysjTOuzQBzc\/HJy07Mt0cXlhrDgEDxTQl37gFtmHosf7gwj0BHvjexfb8mtVhEIS4RxYR7eNgxZxC3zsNDoh5532ASbtL0Pvl0N1SpottL598Vq8feFQ7MQkwcFQIdVD71nYSfzduRQCudzKalg2XH4fNMVIgWyn8U7yuhJw19V6fhO2w8MP9jqFAcjXj+h0izh13DM5N0tI7P3LYAzZoYewiXnqkDsjPfDGUtjO\/2XO3M2AuhR+4wIKSIQazMUqGyW7YWCXU8dFYTvxIQXOxKANP\/9i2REk2B+w6H3ecAmjHiSN9Y6SRtsGpgv3rgnRKIjlN6LLP4YUzRd1Sjd6Z0lbcWMbOzesWXw1uUQGyC0ltSfrJf884LzrTnAFGTtUH5jUOnhUdElJZePPWuDkuxFBolCztDRXE8FgGGfm3uPS83nJ1Ne7ArJ02wcwHenGcjWSvW5yIzyZk\/6kp3kCG7xNkvc0Y54e5T1dRkqHnuSfPaD+eqZmgg1vM1xHwFGU2n6so3Mg532Db2jaBMLAWbAHIc+SXnIhSkz1ZZka34mhTU291gqxO1V7hTiddNmScPQOnD9RvQm\/ILMnNN3moOZ3RXFWhFf1UV0oZPdWXc="}
00423{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404656,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocTtAAOcGLsc0XuiGrBAq2AG7smoL+FEzEvIfyFAQf\/j4AwAAAAAAAAAA"}
00535{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404790,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9cVFAAOcGLlw0XuiGrBAq2AG7smoL+FEzEvIfyFAYf\/iwjAAAFgMBAEoCAABGAwFY3n0sVxO5X7DJN00ajdk\/JSDP+a79Z9DaYVUUTp6X6SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1490976044219,"flow_last_seen":1490976044404,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":404834,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdcWBAAOcGLm00XuiGrBAq2AG7smoL+FGIEvIfyFAYf\/gdhwAAFgMBADDVrr4si7BrFvG9TfhBXjNkgRRwAR0mp9ik9R+4xk\/I+FfdYAFc76qSetrnK94Ynuw="}
00416{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":407840,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUVBAAEAG9bKsECrYNF7ohrJqAbsS8h\/IC\/hRiFAQAVd2UAAA"}
00416{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":408717,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoUVFAAEAG9bGsECrYNF7ohrJqAbsS8h\/IC\/hRvVAQAVd2GwAA"}
@@ -438,56 +438,56 @@
00445{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":419794,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7BAAEAGvmmsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/UsgAAAgQFtAQCCAoA9k+qAAAAAAEDAwg="}
01555{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":420329,"pkt_caplen":891,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":891,"pkt_l4_len":857,"pkt":"ePiC0\/vCAMDKkVoBCABFAANtIBpAAOcGfKM0XuiGrBAq2AG7smlcwjtW0o9qn1AY\/bgHugAAFwMBA0AeXxoRGP2Qcycw9Oku2MFi3JZC4TsEXWCpZLHAqwV0V8ctpgFZtvXA8XRt4xvpuWXitH972oEKdPO\/gtfDWS\/xXkq3l\/LSq6ExGLZRNdv8krLmhZ5uHa8h32JtXdjkwDPdEJqHo8WxchcEYBHf01Qc6QpaS2Lx4ZmkkBgNVJYAnkLswAmjwLziCZh5TRXWb2dpFswnjFzZfSnBD8rZ1gRURdYjP1G5KTbonLFbbD++KLD+Omq2iGBzduXxhV0Ukyku8MGQo7qGMZY6H6wnxNvk0Hx7SUAQTV2BzwuUxEiIEUdDzCtHryj4\/6MZ7QgnLYqfod1czWuu7tTOKdiJSfC10lBqUtjyBC3qKzBufcYb4J\/vlEq8xL5hFIybWFhCQslLLtmfHC5lFU6qWi7KuD+CieiFkegTfAj0oYYskKUopnC2BtR8bW5NVWBUunXmtOpYuvg8Xcyc17yw8t+vxsZVD97QghmHKvGyVzw3VIrSumb9MCn0X4a6mjbgCkhNQnc878RzC\/J+OGRiX0fl0Wwe\/gp5h324Qm7fM7+p+g1D3v9hD3T+nrDDOpiCCW\/yXNJGitfmJBsJkO7RMpG\/T9TTt1w02uO+ooKFP5SmtjF+ORuqHlc9yW1ChKXtTfMPduf5JRThe2HNrXmiR6jbWhRWiR361amfZqwNEyTk8zOmi\/D2uV6q8KApBgKEFLjOnS9+sjWtqlUtKMw3y+DUTvhiszAGFERPIGzazC8yMEUbVtBLiBDvk354OX9I71UfzKU9WiEN+VkoDxMhN4W0tGh2CQ\/ZJf\/PNRvci2nlRp1vuPnoMPPynDgMJoSMiUZGFHYFpWj0FW+a3ZsrH8cFTaoKfmetAFalHpJs5ZhH\/74Uzz0Vo8q1gwPUbc9IrDiYuoSZTg2zPVMqsO4hEO+VYdKFIMlRM7nmamYWLjp+ZtlGO9aGxO4+vM2gwmns+ZVDWiFbm9t1gi61hsAZ+AMiSC1Zd8NGhavvqTWDNSkCA018cAckBfqL4WGdnwo\/47\/\/KZyVoTBXO5pt\/hdZLgwgz\/ACOBGIAlgyMJzlB0081\/zWyol7R+HlDsb\/OyMWG0osOjghuxIeCwPyAoqqMlmEZ1Kg"}
01977{"flow_id":45,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":431141,"pkt_caplen":1200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1200,"pkt_l4_len":1166,"pkt":"AMDKkaPvePiC0\/vCCABFAASiUVNAAEAG8TWsECrYNF7ohrJqAbsS8iADC\/hRvVAYAVejRAAAFwMBACBFr95JSKCNUxbfaxwfQqyrBY9nh9xfUfuEcIIPXDRcKhcDAQRQ205TRP6vQgnOKiwTlC3tbhtYdB31D20Ww4pHDyI0VYSYsOD4hQLzXYUTeQLVzP6q6GKkYC3BduX6S3CUYP6buvIxTWpB0JJxKGrR33xyMIju\/CiE2p3wHQ0xYFvFir8HtE97R\/PcQ\/JCBDe60jPHuGIbZSVY3TN32hIIiwXGV94rOLhSvJNjWSCNQVVFaRZIIpL7Cdjt85F1O3ciK7uPdaZ3rZPZb0pM4O1TNJqScASTQ7QOKochFQPnMI9Rm+kl9FBcrTRbCop0hVQYVV5KdnIaCBjL2xvcVfBb944G3y8xnChuQR6dq+GwCRQix8V\/wCaA8Q50kqWUDZZ4HsDaMBGGTs+3GH31\/Gi7poFRxw1++6kXZ6exQQ7Jy+ViUywRDmsL\/PqfyLg1Af6p\/W1xL9Ull+YtqivL892JsGGkFYi1W2o03JiomBTjAllC4AkFiDox4rqrrAPoFbjpGBmW\/0W909OlhpzgvoJ+hq1ijEci0UV++5w7hzzwtT1KJZpY7\/9RLtSajS\/nLcUgUEKL2ZZKRft1cs33aQtfij1n19wg6L85q1yqAlrXwNkitACeI6nmwmYtc1rYi3tYitQ65AwAyk7YBrB6Q+qC3Ep6ERXQ0MCw4j9eWpHzK0lQEt\/mPdBz3n19fuMmtMa39OgWOcYLqbRyoTLTLHHp0\/DLBg48pa98\/DPLgczt5cCaAVIuM2peUflYrZioELka\/QbuuvVC0aVDaU\/UY5+ptsBtHkt\/nnqdymF5YSXSi+xujwz+8dg3TBgVNqxuCu0IXB\/OVMPerPRF22019aAKs9Y7IS5wKCbIn0IxXPd+L1WwNmhjBZ+cNJysE037gKlKdneyEbrDFZVN9bxUXxXia4uyNbOhRbxinlApPSV9H\/L2vfmyNBTx1LXDG8S5Z2OApO0Du4vw0lTkaKhp+VWCqpz49bTkHB182Z97YqjD4++RK2M6fznM9Tnk2pf3+1JJaMAoWgDwL1zoGUt3o5\/DTqa+6ZPrbVp2mt1tfbaTZ3ZwcjfwXMw4w0QqQd46wLWUNmj1OBh1wV6CmwQ5BQXoBh49alLIU0aubkmOHgBFfpCcDvLfDA1gyAbp9XNReeRs4y01BkTGwJv8aaImrGON+A8vOpTl9Ya8eRXneQdjPlX0PmQ\/s+L1vV1hsawNdZ\/diXuP4WX7mwaZp4AmaSoJQNMq2C9nWTIdvCD23bWDPQznDDtdbj02gKuVdZkQr94isW29dJ9fsR8VlEjoF6CUFIyJG+sexZZbsutv6KwIIOWT\/OlaiisxW2GBRJqJAtG\/86uQS3Z+fLmjuholz4WT+fx7tOBz1\/4C16ZyTzAy+RCI\/6oDvi1M1+Nyr8KhvvWc\/FdAzu25WpGRYyxxfMd95+RWPzauTD57C\/fozkxPrhjcWTIuZJGrOqcSmXVilLyH7zPEHa5kg5+X6jnJuVA77WkdQ6ftUTTMZ0YTVzaxCjKmmfim"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1490976044439,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1490976044439,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":439648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8t7dAAEAGjzesECrYNF7ohsG1AFD+AvgcAAAAAKAC\/\/9LawAAAgQFtAQCCAoA9k+rAAAAAAEDAwg="}
00415{"flow_id":44,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":460028,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKp9AAEAGHGSsECrYNF7ohrJpAbvSj2qfXMI+m1AQAV0t+QAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1490976044488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1490976044488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":488653,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8GDVAAEAGLrqsECrYNF7ohrJsAbtUI1eFAAAAAKAC\/\/+juwAAAgQFtAQCCAoA9k+wAAAAAAEDAwg="}
00424{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":493883,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoZGJAAOcGO6A0XuiGrBAq2AG7smoL+FG9EvIgA1AQf\/f3PwAAAAAAAAAA"}
00423{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":494027,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoZ0xAAOcGOLY0XuiGrBAq2AG7smoL+FG9EvIkfVAQf+Xy1wAAAAAAAAAA"}
01550{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":494185,"pkt_caplen":891,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":891,"pkt_l4_len":857,"pkt":"ePiC0\/vCAMDKkVoBCABFAANtZ5VAAOcGNSg0XuiGrBAq2AG7smoL+FG9EvIkfVAY\/bg0\/AAAFwMBA0BpeJUjgNt\/WcAzCHO7QAdJj50vhQ8S2auMo5oIy6RJ6hic7nXdUOj2Q7272JlnTSswh3DBqafLPea0Se1u53YgYhoDLQbbAjw3DG4tx5s4OLbViL3vq8pn6lNKxV3O74j9qS9mj3kq04\/iXR3HLIIztzS+RRLeEy\/u2capvuvVu3PPQLv4TBUKBLC9BAas+YRtM1G2efDfo2GZpmXX3o1klw9OFJYamOjZwgvlTUZiSPPTq9sAkL09FbxfJBSmQTKKjonJyl6BoyGY7GH4pggBRVExqUdgGeljq58lNIsGfKXKmnr\/dyC5vSTGHYznt0Kf2JUZemNQ6I0O3TGzpZRI+\/dDjjDyZc90a6AdQbtnCgZ0VRUSuKfHrnIWuH6ho2rIpzsY+rLQXuniMXpgmnclAvTJbsSfv1MVlE40K8A75UfI8QNli\/YQ0AJZUWJPB2mjcoI\/mp0Zuu2aA74O3tDhYuPuf0mm9hW9UXEiar\/ONxlGDAEK4NoAB7FfyijDJTH4o+EkERJjnsfze1sHOGb3dZtLYFEf3FTP3Z5T9vl8bBZxrKBDMYgBdUktqt6ftYaLkaYbrQC2gaEJWDJX7zofDdJhPuQN3Xga40LS+zDAphx2i9AQB9Oa0KPD6XeSSHGHpS4tPVrSVP\/JSWNtTfZAvM2PvxwaS6OX0p+Juk9PmOdYta+Wj2v6wCe3PQrC6qjsKjKXfVjrys5O8JzxB5fMewCrO3+bGloB3GKCI4zq4FBbW3vsps0eGBsuLKMwRWy9MIfcGkfxfYyIoge0lWJ5CJ85HJvEWJ58pAN\/zSBawd9v7wgjjWWGhZUx+ZbDB4EqU6K1HYCvAK3ReJPl6GBzG+Az2FM837C6wvbYWbuIP4lEbbiB0QD\/tN\/ntkW8fMGVMiFeXUTybggP\/J9pOJLP1Y0g+hFJUvwNEdChbsOKRqFSEmDlGOV0snBw+HA4aUMa8I1yZBFJ+6K1l\/pYzqC4dZnB++stFhyMVMNkHbT2DurDkESp5aucSEMEjagewbulb7LyOBxCgUYbnnQHSbBh0FgQ6q9B5whzuzUwanBVXC0OBb+cSS6h7MPkCNjQTi0Wqrc9hSMhmV+MFf0PofzT"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1490976044502,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1490976044502,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":502988,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA807lAAEAGczWsECrYNF7ohrJtAbvCg5wLAAAAAKAC\/\/\/w0QAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="}
02039{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":503992,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1248,"pkt_l4_len":1214,"pkt":"AMDKkaPvePiC0\/vCCABFAATSUVRAAEAG8QSsECrYNF7ohrJqAbsS8iR9C\/hVAlAYAV3uvAAAFwMBACCcQFNIs5tKuGgH6K0\/Ln+s5JlQu3ARAb4UqFCTcYoYOBcDAQSAURp4RZU45ualtbnLHp\/xn6wIK7IResXMkN2fNSLCt+JqHCmjAodIhUUrwmAXWk3RNY6\/lZx4E6kNm1HyZ80h+qFZRtB9mjYErVotvhkuTfR1AMJ2QizzTFijaHNacfWvSNOqjU6G0fZcTgZKXEjYN4vw7iY\/yWOBBe83ss4peCz5QT+5pXn\/WuQgpj+o7fcG2eunqEhvNBhY8VAxRHCUBwEw8MTgSt0RV3xlascGzoNHwESmm66V53Y2o\/ZgX1AeK8AVrM4cczJDA325YDBdRB8W2cxBvD55267F5PcDZWnPfZ\/kot27HvI3+\/aGBYktCBJ+5hHIP0W4msBEQLxJKxuYTC1DZUlhwRw5Oz5LaL\/NXPQwWCEvXvHHQXGNqiwlyqLluqJj7OM2sjYKM7YOC3f3ShRu+1lhvvPAjzlhj4c9fpUvwRPwqDm0cye3VHNeOBjUNjvuwZ3HrqAiryEFDzwAadhAwJqVHLj7aO8yTy9+XFFMRUppY9ntR9JSMQ+10SUZFc\/3ufMqOYKV7WiJBSK\/kMYZpqHyBpA2WTiXx+6Nx+PWQkT3s0J0xZ\/t3EsPoW+IejOWgQYVT7a5x3lPBJFFmGeZQtjzT0CA1Git1MpuywqqYzA7pUyB888RSkg3KQg+yjzESEE0O\/mB0ibGqW+u9cuVXGyS+5s+iQXNuR+ofpgaXy8SXZnE7HkmUXtw7Fad55GN5p7JngM3GGZiK\/qeUUM6SKLFIngX\/ScEuP1B\/v2fv8NT0Z82IM8hZ0oRl0oNMLiiHgIWDepP4VDTShwW8JVS8nkfAyv494pQcKVxEsE4ZewNPD7xR5QIDQaq1hrWKvl+3+YDTx7v6fHWljHhVe+VDsnqd48AJcIRWC25r3py+U94jBmdt8xt5vGwPSek1CUW\/YNLWlSDDSx2lWwf0plh3WwjnKlzFk1RWWTlmoGVBJ\/0iJDwykBOB0gGwsOyUMYce8B1Ge24uoRPocyN903b774sz3LknMy6Dqk0XfKbpsHKTNzktdBmwXc+oD78Y7JLJlCoHt3OFj5t\/\/RIBxwMvnm+MSfn74+uur+NcMzwWbkKcnfvJsoPio4acnHmxoXrVWKEc1oKqMQO8DaYTJitpCCkHJEXwQFbljP60spvFzlbuM5W96QNyLRkPMIKzIX3ICQjGXDIgoVYJHhjUKpU\/bA9wgdwg5xFf9ctSrUEzzLHGP+L4ZXx8528GMSZo6xyB+kmBWjKmDhdTzZxYK927bnipnYne8V50uX08kSYppZIBb6rn\/ES+sAs7PkBDbG3IcDMEHpFIktICw2J8RJv1xWXAf\/zAF36aCxJC2rFVu2PBYIXp24hAozgbAwRWicCj17iZgzisuSw57etJPM6+x9XkoRVKRj36BQ\/x02MK4rb2j+\/OdqnFsuXkaHTjMMr8ctXmJal3bL3BJefA7nWWzZe9oNXIM6aLtXvrEfCjwLt4oO4RoKWvcaHLzqUCCwpVwc9VY4FgNZxhwH9qoGHRaTz1esmFLoySeBRMxr2rtygfvKUbC7KJXsC"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1490976044509,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1490976044509,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":509891,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dBBAAEAG0t6sECrYNF7ohrJuAbv0jjuiAAAAAKAC\/\/8fLwAAAgQFtAQCCAoA9k+yAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1490976044521,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1490976044521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":521564,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pBJAAEAGotysECrYNF7ohrJvAbuLWOumAAAAAKAC\/\/\/YXQAAAgQFtAQCCAoA9k+0AAAAAAEDAwg="}
00428{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":548899,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwjz9AAOcGELs0XuiGrBAq2ABQwbWwdDtt\/gL4HXASH\/7MNQAAAgQFtAEDAwY="}
00414{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":550714,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot7hAAEAGj0qsECrYNF7ohsG1AFD+AvgdsHQ7blAQAVcWpwAA"}
01748{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":552021,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMt7lAAEAGi2WsECrYNF7ohsG1AFD+AvgdsHQ7blAYAVc4SwAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLXRva2VuPSJlZnRGbVk1RjVyVGd3czduK2VDZFhaU1R5SGNEeWtObDNNMXBjbzNSVktqeW43eW50T2tKNkxMRXlENUR4a3VuMnJaQXd5aVFVTlBKcVZtOG9HWE5xSG1mZjFwTjlZSWtML2lUQy9XQjY1eDc5RWFIWTdQN0JMMWZSS2VIWDNwSFc4ZW03SFJ6Q3ZkcGF1WWtzV0ZZTzBOTWVWclB6MWNYZVpIeldyejM4ZjdxRlhsOTFxaEhZdlRndHVKV2tsRlRkWmdpbHRNYmMvbz0iOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IHgtbWFpbj0idWlUck1lOHdRV3l6ekJsM2s5eUNQbExYUk1TVWFtTXhDWTZRZ1A4azlwd0pmcE1KT0tZWHN5UT9za3JBOEFhTiI7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBsYy1tYWluPWVuX1VTDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"}
-00955{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_tot_l4_data_len":1104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1016,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00964{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1490976044439,"flow_last_seen":1490976044552,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00427{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":585107,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw+cBAAOcGpjk0XuiGrBAq2AG7smyRBTVcVCNXhnASH\/5KCwAAAgQFtAEDAwY="}
00427{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":585319,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOIdAAOcGZ3M0XuiGrBAq2AG7sm0P1nENwoOcDHASH\/7coQAAAgQFtAEDAwY="}
00427{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":585350,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0BdAAOcGz+I0XuiGrBAq2AG7sm67yvGb9I47o3ASH\/7eewAAAgQFtAEDAwY="}
00427{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":585749,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwIDxAAOcGf740XuiGrBAq2AG7sm+mtiDui1jrp3ASH\/59bgAAAgQFtAEDAwY="}
00414{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":587462,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoGDZAAEAGLs2sECrYNF7ohrJsAbtUI1eGkQU1XVAQAVeUfAAA"}
00740{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":587741,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXGDdAAEAGLd2sECrYNF7ohrJsAbtUI1eGkQU1XVAYAVdYfwAAFgMBAOoBAADmAwMHp\/uCPKzIqLpk\/u5Y5aYh1Wm9z8VlToWpRpTq02qhKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYiooAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1490976044488,"flow_last_seen":1490976044587,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00414{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":588696,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07pAAEAGc0isECrYNF7ohrJtAbvCg5wMD9ZxDlAQAVcnEwAA"}
00414{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":588921,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBFAAEAG0vGsECrYNF7ohrJuAbv0jjuju8rxnFAQAVco7QAA"}
00414{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":589054,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBNAAEAGou+sECrYNF7ohrJvAbuLWOunprYg71AQAVfH3wAA"}
00740{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":595184,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX07tAAEAGclisECrYNF7ohrJtAbvCg5wMD9ZxDlAYAVcZ4AAAFgMBAOoBAADmAwMbir\/VgnkPVKkE\/Xu6XjUcyinI0jcCde8BTkIAsu8XPyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAY2toAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1490976044502,"flow_last_seen":1490976044595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":595782,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdBJAAEAG0gGsECrYNF7ohrJuAbv0jjuju8rxnFAYAVf+XwAAFgMBAOoBAADmAwMrTrxt6fXaVT85w7y\/oBbFpkU1n1V7egWaCm1h86YfdiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYamoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1490976044509,"flow_last_seen":1490976044595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00738{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":596868,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXpBRAAEAGof+sECrYNF7ohrJvAbuLWOunprYg71AYAVeiCQAAFgMBAOoBAADmAwPd1iOBKblgnVQxNgabPGiTNhU8S0+QlhDIurluRG6LLSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYiooAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1490976044521,"flow_last_seen":1490976044596,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00694{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":649888,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1byFAAEAG3VysECrYSBXOh6SSAbsCViBxEm5sr1AYAVf8bgAAFgMBAMgBAADEAwOSNimGSrtikrr4BiDGBJaapUtZMMHJl95wUbRDfz5SFQAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeyoqAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="}
00445{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":679697,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzRAAEAGfuWsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9isAAAAgQFtAQCCAoA9k\/EAAAAAAEDAwg="}
00534{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687016,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9Mc5AAOcGbd80XuiGrBAq2AG7sm0P1nEOwoOc+1AYf\/iD+AAAFgMBAEoCAABGAwFY3n0svZffnx292YM8BnDkyDMEgFU6ZUM30vCin0OQyyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":486,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1490976044502,"flow_last_seen":1490976044687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687134,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdMdhAAOcGbfU0XuiGrBAq2AG7sm0P1nFjwoOc+1AYf\/i8uQAAFgMBADAjXdzGD8p9YnQldHh9YxALXWAXwN1X3Cmt0G+oL1RCiXl9rY9v1aF9RuFZZWwMLZo="}
00423{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687177,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo9upAAOcGqRc0XuiGrBAq2AG7smyRBTVdVCNYdVAQf\/gU7AAAAAAAAAAA"}
00534{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687209,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB99uxAAOcGqMA0XuiGrBAq2AG7smyRBTVdVCNYdVAYf\/iJZgAAFgMBAEoCAABGAwFY3n0sVJwAfa+qP+pSlcjK0QgKsfteydM32nitjujcFSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":489,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1490976044488,"flow_last_seen":1490976044687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687243,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd9vNAAOcGqNk0XuiGrBAq2AG7smyRBTWyVCNYdVAYf\/gbZAAAFgMBADA31L1CpuSX9tvoBVAXj3uLQtt2VG0MIpbTs\/buU9YZgPAOSIfvD1zRD+pCLCOtz2U="}
00534{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687345,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9LZ9AAOcGcg40XuiGrBAq2AG7sm+mtiDvi1jsllAYf\/i0FAAAFgMBAEoCAABGAwFY3n0sREHukAACBv+MMlmfhll64s8dZ38b+V21ucVGlyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1490976044521,"flow_last_seen":1490976044687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687474,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdLaVAAOcGcig0XuiGrBAq2AG7sm+mtiFEi1jsllAYf\/i3vwAAFgMBADCHc5j7nnRvQUlwwt7OEPWVsuRdvVFekiQ9SdJ8bXwjg8Akhsvu1Z2MXY6j060G5Yc="}
00423{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687923,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAov01AAOcG4LQ0XuiGrBAq2AG7sm67yvGc9I48klAQf\/ipXAAAAAAAAAAA"}
00534{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":687978,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9v1RAAOcG4Fg0XuiGrBAq2AG7sm67yvGc9I48klAYf\/hhGwAAFgMBAEoCAABGAwFY3n0s7cPTzU4hNB9icb7jbExZLZvgvDr5J+5XL+M+HiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":495,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1490976044509,"flow_last_seen":1490976044687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00414{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":690858,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo07xAAEAGc0asECrYNF7ohrJtAbvCg5z7D9ZxY1AQAVclzwAA"}
00414{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":691135,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo071AAEAGc0WsECrYNF7ohrJtAbvCg5z7D9ZxmFAQAVclmgAA"}
00497{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":691266,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABj075AAEAGcwmsECrYNF7ohrJtAbvCg5z7D9ZxmFAYAVfKLQAAFAMBAAEBFgMBADDUJkMOPMfhB4anjuCQG2H2kK8Z2iKH2qchiPRHNBXVdsy\/2Or2nf4s8tk0u80fjyA="}
@@ -501,10 +501,10 @@
00497{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":703375,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjGDpAAEAGLo6sECrYNF7ohrJsAbtUI1h1kQU151AYAVfQegAAFAMBAAEBFgMBADCQgznHY7nFQX7otVB6kk0KE6rz1+zQEUjbuqheFQqEzEpu1sNkZv+vVGnOmjPkT40="}
00422{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":704703,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2odAANwG1sJIFc6HrBAq2AG7pJISbmyvAlYhPlAQASx4JAAAAAAAAAAA"}
02377{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":708534,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc2ohAANwG0Q1IFc6HrBAq2AG7pJISbmyvAlYhPlAQASw0jgAAFgMDAGwCAABoAwP825uGtzUZToKKiBA9Kqd+TCLrKJmxGW2opuNLjegL2SCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD904628AvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLbwsAC2sAC2gABiYwggYiMIIFCqADAgECAhAjXKYxTs1ErLy+l509p0IQMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTA3MDAwMDAwWhcNMTgwMTMwMjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEaMBgGA1UEAwwRZmxzLW5hLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiX1uuFeHp7s\/u9RJVeIg7pSJGX42DFxgePcypEXRXU1o3cArZybBO2C5Lpg6GM3f45K4KToO0khIXQJB7mXH4bbbQ3+YNFdt7793pBUrodbhy1vNPfwwdBaxsqZ6o5AMBkbpsaSUOdcoTvF9z7DiYKtABRBdPFplNooNjVCUNw9hfksqkbBfzmRXOVJUe6FB2TYGtc1mXHHxQSxvyBoGKYrbiWmhKRKN2oU7shNkGGr+2AY1qqKK5nRLcdy57snSkPzc1VrU7kChpo1TaC6Boi5W9qzCYG13onxMu6WbKte80fZF9+vPs9N9E66H+HyD7t7ZkEmtZMIt4ZpLRyDj9AgMBAAGjggKtMIICqTBaBgNVHREEUzBRghBmbHMtbmEuYW1hem9uLmNhghFmbHMtbmEuYW1hem9uLmNvbYIUZmxzLW5hLmFtYXpvbi5jb20uYnKCFGZscy1uYS5hbWF6b24uY29tLm14MAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZeQ7n1QAABAMARzBFAiEAyqHpuySuZQoGcM+I+Z0wX00rBtbjPPh\/qzCzZAyUhAoCIAhBWQVD0U3G8MO5dyAwrlvYf2mmJVOHUcCx971NZg0sAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFZeQ7oJwAABAMASDBGAiEA\/RAOoLROyik62vKihf3Zx1TBs1KxISOTjmjnjZrbf64CIQDPCRXOcglmhnaH9koY+cdNR\/1ozx5g78hwrDg9pc0RtzANBgkqhkiG9w0BAQsFAAOCAQEAoKU0Dbk5SCaAT6\/D0vE="}
-00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_tot_l4_data_len":2283,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":253,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00802{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2075,"flow_avg_l4_payload_len":230,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02383{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":708686,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc2olAANwG0QxIFc6HrBAq2AG7pJISbnJjAlYhPlAQASwTGgAAUSPF\/O4EUbS8iqtYW7XeLLFSQkwsNcW0blJi29ViWiroJecqf42koTiJbu21bzXz9NnWx3QZbP7HECKHS8zsIT3wSAg60lzeHBDW9OEnRzctCFd061UcVfmvjmUGgRaAHvZ7KX0Enz4wDCPEaugLfuNk0KjthMfnxC15ABSBgZ3qZBOnTbwhDWuR8lFaApR2cPTN2navpN7AHeLN5gXvpLuLlv7EGbuQwuxCa1AGr9yt4Oc1bKCLJ9usVuCIWzTdGAutoouvNMxOnvMTumCjH0ejhkZjzXQl8u+jtC5TbVZqImKVOkayTYaP10vdNEAbljkABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jM="}
02389{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":708747,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc2opAANwG0QtIFc6HrBAq2AG7pJISbngXAlYhPlAQASy+oAAAguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMGURYABk0BAAZJMIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pln3X69ekKGnjS8DcLnhgPMjAxNzAzMzExNDQ0NTVaMHMwcTBJMAkGBSsOAwIaBQAEFNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQI1ymMU7NRKy8vpedPadCEIAAGA8yMDE3MDMzMTE0NDQ1NVqgERgPMjAxNzA0MDcxNDQ0NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBF6EKFZ1knzWaKjpd1EHbBhF+vBD+Pb5jGJvQ7g3vJZu86FO4kCtZBxKZ0Otr7kXawtFLPQhcBgtM3WGLDS7\/6wvTJdN4fZ0QyzCzTp6q+8UwYOO7uy7R3q0Sob7e\/vf5C10NcDwAqtk4zy4mw2gjKcjCEchqehMvhhObJZfZiwBSeTqEt4ZSJ0gBT\/rv1ZbLkIKs6y\/yS3trFv2EXbi1dDhXd+s5gDJQ+Z4IuN0AmnUA9gLpR7559r6n42AR1MvfF9nRl2troBchZJCqslWOgwvx\/Ih\/1i9PisnYAZyVoek0PXB\/OG\/kMnOd0UZkuJLSgx4XYAXEX2FgTY+xHklRooIIEbjCCBGowggRmMIIDTqADAgECAhBEaJBjaUgF1sr2\/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMwrp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7w0bjxB5zGmYSAubCIfzzpr1LFn\/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi\/wvPaimgi5Yv\/cUTSSwwVIrnOXifiKGb\/Rt4Io5QAadG9Xwt\/ZOc2UhoGbgcKuh\/LD\/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUgAqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB\/wQCMAAwbgYDVR0gBGcwZTBjBgtghkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1U="}
-01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_tot_l4_data_len":5243,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":476,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":11,"flow_first_seen":1490976043814,"flow_last_seen":1490976044708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4995,"flow_avg_l4_payload_len":454,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
01276{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":708785,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKi2otAANwG1ERIFc6HrBAq2AG7pJISbn3LAlYhPlAYASyPgQAAHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4\/a+5XpxufufD6fAA8qZDYLX\/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsyMXuzCqxDoAkBqBZL\/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl\/aaq1BslxdPB7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiAfX0\/mSXLK4Dgdl52tAdcoDAedZSz+H6Y\/busqrTk1nTRwIksEFRr6U5ipHH8d5KWkp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4WAwMBTQwAAUkDABdBBPt1O4wK+mY0dqg7diyHTgbv3Xrf\/1sLL3Gm+t1a6u6xIf8jiLQy9uH1oA75I21Ts8dk3PkXK1tX3jxfM55dQVsGAQEAQbjVrQtCzDEy+dmi5i\/C\/UKUWQ4NhjRVdBISrqMlvK8oeRECqntIZ03lZEQaM9SZPu6hHyeeJDSlJc2LzHueF+cu\/X0xTzCrnhTUUdCeTmuQEtM5DqcoRMN7Yf1igE037BdZqs9PwpmsmJARiH3y8EtLJuQh8RHXhDN1avl8XPldUGcXCuHhazzSyYBVL8vfnvrpFFU5eqsUEvKprwSqQCwelcZc5cDcT+ud8R1vC994oQ0IzQpFJMgNehxcRcfMUDhYWmFcL4ZsINReVqo84Uja9MPTB8Siiw+97yxtTJWf2HJw1Mf8CPaWEz9eZ9f+jn9GHbWMNDoUTnff3hf7iRYDAwAEDgAAAA=="}
00415{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":710673,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAG3iisECrYSBXOh6SSAbsCViE+Em5yY1AQAWJyOgAA"}
00415{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976044,"pkt_ts_usec":710963,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyNAAEAG3iesECrYSBXOh6SSAbsCViE+Em54F1AQAW1sewAA"}
@@ -537,16 +537,16 @@
00415{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":418120,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAot71AAEAGj0WsECrYNF7ohsG1AFD+AvwCsHQ8JlAQAVsSBgAA"}
00415{"flow_id":50,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":418383,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopBlAAEAGoumsECrYNF7ohrJvAbuLWOzSprYhelAQAVfGKQAA"}
00415{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":418508,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodBdAAEAG0uusECrYNF7ohrJuAbv0jjzOu8ryJ1AQAVcnNwAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1490976046418,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1490976046418,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":418630,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8dehAAEAG0QasECrYNF7ohrJwAbub2CWZAAAAAKAC\/\/+NLQAAAgQFtAQCCAoA9lBxAAAAAAEDAwg="}
00427{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":475196,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWCFAAOcGR9k0XuiGrBAq2AG7snCFN7lwm9glmnASH\/679wAAAgQFtAEDAwY="}
00414{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":478174,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodelAAEAG0RmsECrYNF7ohrJwAbub2CWahTe5cVAQAVcGaQAA"}
00738{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":478452,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdepAAEAG0CmsECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1490976046418,"flow_last_seen":1490976046478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00738{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":789894,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXdetAAEAG0CisECrYNF7ohrJwAbub2CWahTe5cVAYAVeQeAAAFgMBAOoBAADmAwN6ZK5x9InIPwhDa7EIgt6sqwDEMRodN28AtgITxHZ1ayCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9qqoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="}
00423{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":847559,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoR8pAAOcGWDg0XuiGrBAq2AG7snCFN7lxm9gmiVAQf\/iG2AAAAAAAAAAA"}
00535{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":847694,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9R8xAAOcGV+E0XuiGrBAq2AG7snCFN7lxm9gmiVAYf\/i2zwAAFgMBAEoCAABGAwFY3n0uDRrjb7Rl5ESNrS8pG4ecfknI5kybUgs\/rB4e7SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":605,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1490976046418,"flow_last_seen":1490976046847,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":849119,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdR\/lAAOcGV9Q0XuiGrBAq2AG7snCFN7nGm9gmiVAYf\/gZFQAAFgMBADANfMyy4KIo6icdo8GNdDAB+esaUQk8GNHXpAT7M+S\/GBPSyuHnlnjn6sgfLR3UVTI="}
00414{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":849760,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAodexAAEAG0RasECrYNF7ohrJwAbub2CaJhTe5xlAQAVcFJQAA"}
00415{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":850039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAode1AAEAG0RWsECrYNF7ohrJwAbub2CaJhTe5+1AQAVcE8AAA"}
@@ -555,40 +555,40 @@
00424{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":910315,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoUZ9AAOcGTmM0XuiGrBAq2AG7snCFN7n7m9gmxFAQf\/eGFAAAAAAAAAAA"}
00423{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":934406,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoVRlAAOcGSuk0XuiGrBAq2AG7snCFN7n7m9grLlAQf+WBvAAAAAAAAAAA"}
01547{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976046,"pkt_ts_usec":938070,"pkt_caplen":891,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":891,"pkt_l4_len":857,"pkt":"ePiC0\/vCAMDKkVoBCABFAANtVfhAAOcGRsU0XuiGrBAq2AG7snCFN7n7m9grLlAY\/bh4VAAAFwMBA0DpzrTTMnZ1U4O4z9z+AwzoNgEJXtoJOG\/lArGBgDwYOnEdGZc3\/al3mVvbCP0pr4bK+KvVCGCpTYQg8M1cbAYp8MHVyUntuYs5zS7aRXsvXgxvg0wVBp3jX3Cu1K5NdzWULAU9c0Pe6zgwuvT6mCW+Mw2AKHdSWdRFkkomvMPSJtDMWiaPfpH6Vx0cO0x9EIu3Rh2Nku5sdzAraKBfTXj8JNaTHJbr8pjxHUV6iNNwBXK2tjYhOL3OxJTwyv8gF0f9nGpID+n6zSluHNqBGJ7QU\/7uaJYFn38ymJ2RaBeZGc1YsKeEEbV\/EfWd5aXp\/Mw9okX5PVNsWmOIyFAb41ajhAqtGGmK05LBG9Gni3eFmUvCV\/\/cR5YUKAujLXmWUyQ4lVjKWEbuGJvvwxult+76dj2Mi6KnYWARY+aytVVQ4n2PuDFMPNpw0KXhVBI5XdEVPGDGfas2QjuR8Aj5vt+6fySO23iWJX1euTerQ48YfdikRQUmwZtNqpyTzJgbua+0pdvEVmjBQ0pXsZY9Thvf+YFfUZwM\/1nBrK6USfxGEZLrtkp3UKxp7sOO2U2a4XXhcDnUESojcX+E3oGqU6UP7gFjAskDdEt3x36r1uTJZtQrePSx3\/Y4LInigsHLAxUfZ7\/2iwy4Q0L\/HQ1gQQ0dvFmh2CD9dNBOJYymMNhb1Pd9MKeNv64ijqECUzlDcsLmNOqzoqeJUs3LDYg4fJXq2lHWcG31Rk6zfvWx\/2rIuxOevZvleQkPSdGXqBD8R56UelYHVW8Cy6gDL+A7Cxo3LEH4cbmVk7TTG2VoLLPvLmzXJFiAjED+I4kokb1VhXhxETbhT0qfUpsAOyE3nWR7av6UHzjNYWek8llsGakCeh65K+yzTXzqLI9O7A53GrVZo8lI+28n7KAQAVDo0979B7fvm0Pd1J0X0YsutB2HwlwrnF4O08CuvGAQo5PzltBKe9Mxthb90lsaOnMHQ+aKODsIB5bLrgncQgilgJxvCmkeynLp2lQ85x7B8UxuXkNN1p4TyadCWSWalib6rZOXrequp4SOVkD3jfIZ5314tYdZXYU8BzQP60xCX9fmhYwmr8IYB2yants4ZIIu2CXl"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1490976047014,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1490976047014,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":14580,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JC1AAEAG7\/2sECrYNu8YuoTxAbsotHSAAAAAAKAC\/\/+r6QAAAgQFtAQCCAoA9lCtAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1490976047050,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1490976047050,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":50685,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8zEVAAEAGR+WsECrYNu8YuoTyAbvILJz0AAAAAKAC\/\/\/j9wAAAgQFtAQCCAoA9lCxAAAAAAEDAwg="}
00426{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":71231,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYANAAOcGDTM27xi6rBAq2AG7hPHQ2dGWKLR0gXASH\/53JwAAAgQFtAEDAwY="}
00413{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":73443,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJC5AAEAG8BCsECrYNu8YuoTxAbsotHSB0NnRl1AQAVfBmAAA"}
00766{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":75090,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErJC9AAEAG7wysECrYNu8YuoTxAbsotHSB0NnRl1AYAVfKZQAAFgMBAP4BAAD6AwPSe8wUiJXpNpYC5p1xsYpcgdnDHHsp6lbLCZ0qkdBUqSAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRysoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIenoAHQAXABgaGgABAA=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1490976047096,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1490976047014,"flow_last_seen":1490976047075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1490976047096,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":96758,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Q4ZAAEAGA2msECrYNF7ohrJzAbuRhBMzAAAAAKAC\/\/+poAAAAgQFtAQCCAoA9lC1AAAAAAEDAwg="}
00427{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":107719,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwYitAAOcGCws27xi6rBAq2AG7hPIGkxHQyCyc9XASH\/45RwAAAgQFtAEDAwY="}
00415{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":109306,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEZAAEAGR\/isECrYNu8YuoTyAbvILJz1BpMR0VAQAVeDuAAA"}
00767{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":111087,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErzEdAAEAGRvSsECrYNu8YuoTyAbvILJz1BpMR0VAYAVc5bAAAFgMBAP4BAAD6AwOHjgfKXB+EyvQ1n9JLqidhikfJJ6RpsxoH8cEzQ3q86iAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRCgoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIiooAHQAXABjKygABAA=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1490976047050,"flow_last_seen":1490976047111,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00422{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":129729,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBwBAANsGcj427xi6rBAq2AG7hPHQ2dGXKLR0gVAQARzB0wAAAAAAAAAA"}
00422{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":133588,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBwFAANsGcj027xi6rBAq2AG7hPHQ2dGXKLR1hFAQASzAwAAAAAAAAAAA"}
00631{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":133701,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEBwJAANsGcaA27xi6rBAq2AG7hPHQ2dGXKLR1hFAYASzQLAAAFgMDAGQCAABgAwMyP\/fecoHYX\/cGoH7XipkW53idIn\/OYkaLBKM044m2vyAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACjMLCDqUBTO\/rZ7qHn8QM08BfjkdQdeSIpRVejewnydMKBVtcQVCnii"}
-00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":7,"flow_first_seen":1490976047014,"flow_last_seen":1490976047133,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00415{"flow_id":52,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":134533,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJDBAAEAG8A6sECrYNu8YuoTxAbsotHWE0NnSM1AQAVu\/9QAA"}
00484{"flow_id":52,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":134968,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbJDFAAEAG79qsECrYNu8YuoTxAbsotHWE0NnSM1AYAVtp9gAAFAMDAAEBFgMDACgAAAAAAAAAAB5+QHcCy7hTVmLHlCrKIY891MuDynMTvulSegEzf7o6"}
01459{"flow_id":52,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":146003,"pkt_caplen":820,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":820,"pkt_l4_len":786,"pkt":"AMDKkaPvePiC0\/vCCABFAAMmJDJAAEAG7Q6sECrYNu8YuoTxAbsotHW30NnSM1AYAVv4fgAAFwMDAvkAAAAAAAAAAcx54JmeuS10AT9KUjaz3ZIVv9bZ\/3ctMYZwgIYFRc4vwpsTgZOsMPqd2Ox960CGMzFf5M9pQsuKs7KO5OreMbPcCAV7XFeeyiGApovF9VXHWJaKEb7B0sUaUCNKhb8BMk1oZsmfg54qPXZ20XzapdYHuLjw+esiQ3WbUfEkU3lwZTKTgOHJ2moiEmRNdwu4cfmjgRU9D3jVgoFymoiYOD6k\/j9HWn+Dxd20f8SNwYxccunUPhuewsbhY5AGH2+iO3y1IjKIEGQY1PVBd7Er0MfsbuA\/SUFOO8QDQnN+XOu3k1lhfuLNqZlwSUWSkLA96AGz+oShXITAoa0p0Q8y4AZCKtbU3y0\/E\/A+z1rsIptLAymFSPAbyJMnsTK9iq2ttsb73vq\/si3WG2LZXnepCAYc0AoJpLQkGwj0rv4rdmiYBimU67+oD6z\/VKP5RaIre0zmzUcGY6N6Dkl5XXLB1hyz3KnjjgtBBLMwhTEldg8Z1frEXQRm56eNeZrBz\/4zJ5EdZf9c8eFkLQRJDIHFCDalyagTNNMmRnlU\/9OwId9ScedewcTbuesb+8tBabm5bV3vhWXfNDg0wkgx\/NpuaWqHVboSwxeloQuddCpJt7eFom95q\/vNEFg1DsW8xEqYZl14byoDfwTMxrh8dk7Ok5T\/g\/gXdTe3QpLseWiYx0qEAnobp\/Y+IVZ633IFmC2AcvRKVzJWtdUps4NQNOqnfK45lIcwXrOuqH8Hn\/Rebao\/fKmCmR2tZlrJYqh04WU7Owae1n33xqMUf5ALgA6ZfICjAIQzM4PhoaS+bSJCmcwbvMEmGrlAjR4qLnfL073VjYci7ys9HPpPRFmm2ph6czJNwjnlvnT\/cxJaqJylnFIZJzvDCrLfrkw9d4w6v+Qo8btWqTXERJq05BxVd41MtoUj5UIVwYAZJZg4GGKcjM3G8vNauE5B9gPTTK7Ugmm1OIdvoaFQ0hhdK8KcO5goVqQrOnF2cDafoS3UIA9RyCJchg=="}
00427{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":154862,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwRp1AAOcGWV00XuiGrBAq2AG7snPq5wFokYQTNHASH\/4rBwAAAgQFtAEDAwY="}
00414{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":155806,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4dAAEAGA3ysECrYNF7ohrJzAbuRhBM06ucBaVAQAVd1eAAA"}
00738{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":156667,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXQ4hAAEAGAoysECrYNF7ohrJzAbuRhBM06ucBaVAYAVetQwAAFgMBAOoBAADmAwPpgUoR+zK1io939odz8bqrlk+DvqS0v3DALb7a+kUiQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAYGhoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":638,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1490976047096,"flow_last_seen":1490976047156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00422{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":164510,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoxWZAANsGs9c27xi6rBAq2AG7hPIGkxHRyCyc9VAQARyD8wAAAAAAAAAA"}
00422{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":169278,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoxWdAANsGs9Y27xi6rBAq2AG7hPIGkxHRyCyd+FAQASyC4AAAAAAAAAAA"}
00629{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":169413,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADExWhAANsGszk27xi6rBAq2AG7hPIGkxHRyCyd+FAYASwSIQAAFgMDAGQCAABgAwOn1fo+swPnLkOwNQbXuOFdWVy\/oC3rjvLrnjYIbdkRCSAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACgGf7sVUH2dueYdvgPH\/6ULIjQ6Sw3FzHOToH9tZ7ISQ8nQCtzL5ihH"}
-00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":641,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":7,"flow_first_seen":1490976047050,"flow_last_seen":1490976047169,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00415{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":170378,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAozEhAAEAGR\/asECrYNu8YuoTyAbvILJ34BpMSbVAQAVuCFQAA"}
00485{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":170645,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbzElAAEAGR8KsECrYNu8YuoTyAbvILJ34BpMSbVAYAVvjlwAAFAMDAAEBFgMDACgAAAAAAAAAAKkrW6jYA92r8fgxBOnEadGYlxCo1\/QzhHlmwLBya6jy"}
01455{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":193531,"pkt_caplen":820,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":820,"pkt_l4_len":786,"pkt":"AMDKkaPvePiC0\/vCCABFAAMmzEpAAEAGRPasECrYNu8YuoTyAbvILJ4rBpMSbVAYAVvMLAAAFwMDAvkAAAAAAAAAAQGiim6vqRb1hZSmxgRWrcKu1i5RuXpIX86FMLd0DChNPKyb2eEUo6v8LHWIpYn7Lr+3KF6Nra3fNXPAXtVfBF2zjNSQaJz\/FH1wJcF4o6kMr7KZYg0BmGTepnR0hUuh5dZCkwx49nisEt1zDQO2cEMJZd2TbULnt0scCphOIHjiGBWMMQFd\/E1ykFVXCqDudeCdh6V1AkVaVyQ+uv98smhSMh1ov79FopkEdF+nUj4KiQKnbXwM7\/Z4YvPJCIkZFdBakTmLpX\/dMYz\/yFRf3D5IFOjrfVuKrXrqdoDFqVDaBopxanBjidWtoYubkKyO2wqm3hBB3B7DEiC8xwomCU+qrq8WFxsV22leKl4jIoq60wrLgGJN\/fK1Mt76M2EN4Qb6\/piyem1+n1MWQm2ndmZVZPPz8vcADa+snxoEXZSMYaq4h66edSMn+GbArPLEqOacwQAsQqdkYz08NuMzrrX47XJfS3r5f4qxikj9V2e9EoZY6gNpUf5ohjKcMvkzpm5COyWu+IA2XaJ9gPIjKnd3EFOcbAerbAmkDws\/o+2LxO+FtwkmHXugiHcC9Is\/36M0wFhMx8FmDW\/nUTnrOVr0w5F6Ctp47Lkj1C5\/PRY4L4TTleBc4ZlshROVke7JgZ0hcojuHzsvNxl3u7xlhf92IGS0ZR+MudncMNcJgDO9gA\/IN\/ROBhZxg2yjxdsJMOa0Op+iVqyLMLevMFocPAUU3gaC+RON8kgijNexdslcC+sA5SDelwgpNGNlf2Rm+89YWRW3T93x7xfb5xMRFL1y5e827yzKtV0XeMYSb03ynoZkaC0hfBZrFH1lMuECmBh4TIsFfcLTxm66wI+iItNp5W243XFHvfM0VLWpwyteh4kUrXBWmPf7cLE7UBMoGQky2NJPbyBxcg34Ryr5GYyWFzg4OGUoBc9hM8WbmxOJGkg0UAy9eCfYasR2wTy51BugAtq3mD6Wnk2Fp2XWdT16xPtTvXJKfS3MZa5lVxkG9A=="}
00534{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217627,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9T+pAAOcGT8M0XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/jAygAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1490976047096,"flow_last_seen":1490976047217,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217806,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdUAVAAOcGT8g0XuiGrBAq2AG7snPq5wG+kYQUI1AYf\/hlPgAAFgMBADAFstU4O48FFKnsq96DRhn6BmvmDlkeJmD4BEWUoY6SO6YVcyL6Vtc8D2agPyfeZgM="}
00602{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":217855,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"ePiC0\/vCAMDKkVoBCABFAACyT+pAAOcGT440XuiGrBAq2AG7snPq5wFpkYQUI1AYf\/ipBQAAFgMBAEoCAABGAwFY3n0vHwUTKh3kRQicQrFbwZi3ae4Tj1002+Y32pnlTCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABARYDAQAwBbLVODuPBRSp7Kveg0YZ+gZr5g5ZHiZg+ARFlKGOkjumFXMi+lbXPA9moD8n3mYD"}
00414{"flow_id":54,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":218621,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ4lAAEAGA3qsECrYNF7ohrJzAbuRhBQj6ucBvlAQAVd0NAAA"}
@@ -606,21 +606,21 @@
00423{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":447953,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBwNAANsGcjs27xi6rBAq2AG7hPHQ2dIzKLR4tVAQAUS82wAAAAAAAAAA"}
00423{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":448091,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBwRAANsGcjo27xi6rBAq2AG7hPHQ2dIzKLR4tVAQAUS82wAAAAAAAAAA"}
01109{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":453980,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"pkt":"ePiC0\/vCAMDKkVoBCABFAAImBwVAANsGcDs27xi6rBAq2AG7hPHQ2dIzKLR4tVAYAUT2GAAAFwMDAfnMLCDqUBTO\/8pEDnNpQ968LNqQIlMrRiN\/vhXPyoKE7Zf9+lPhvwygJ8Fy1hfPytXuqgaWgEJrI9KqRsknF4CxpNdJplUXhj7oVMy98\/XlNhgKaZ2Aqa9G5RYhBtJ0CLinVZZbd0TfyjyF33JUg7HzMeJjKpWYAiueZm0AaIqtdwBBNYos5pQmiMMu\/qb+KZRMeYzsVqlxURXHWVvhcBwGlgpwXTh2FCxu9efOs+Tv7cwV+cvjN\/WeblHaaQynqbRrl+rkes0mTKx5KK1GU4lmY7iarOxjMpyWzap2NDGEO7Ugrr239HpP6HuL+VhHTsoGSvQL\/BMi47KOUO91Q5\/DczWhoSGhM9KfqOZzxzpc2tJTL74jwJgl2HWaIcMwXwDHuk14CTHn3BmGIFa0Yeci6foUhC47UZPQyFYfv3xpAi7D+d2qOG5SKRVREW0a3kS1E5YRQQKmCZ0N8R\/0Ed\/xUhvQmRfgSN1AgT8R2OYB9UP9zoNZHNFtIUJlcjx6bMc\/agVGh12G5WMOhlKVzwsNraliOOVDuzSbXdefjNQ9r2Kljw3aVf4BUmyZmF7iw5ldQQF6k8jxlAwG2LFY7ET\/IYm0FIgW4AsIp8YpNsevwsTYzHa4l6s3uCqFAW8BsG4PitkfRJYHUWt0QFoGtCwIvEkNfr4Z+QHW"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1490976047560,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1490976047560,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":560420,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8csJAAEAG6uOsECrYNFXR2NSbAbtgrSImAAAAAKAC\/\/+\/5AAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1490976047563,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1490976047563,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":563011,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8y+FAAEAGgVWsECrYSBXOh6SfAbuD+JsFAAAAAKAC\/\/9DRwAAAgQFtAQCCAoA9lDkAAAAAAEDAwg="}
00442{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":602380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71JuiSVznYK0iJ6AScSA47wAAAgQFtAQCCAptkKkCAPZQ5AEDAwg="}
00430{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":603553,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csNAAEAG6uqsECrYNFXR2NSbAbtgrSInoklc6IAQAVfXgQAAAQEICgD2UOhtkKkC"}
01130{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":610667,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5csRAAEAG6OSsECrYNFXR2NSbAbtgrSInoklc6IAYAVfMzwAAAQEICgD2UOhtkKkCFgMBAgABAAH8AwN2BwhjfJbg5Am9t4WVCSBsvbJjgWDho9rtAy+p\/VRu5SBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTCgoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYamoAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":685,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1490976047560,"flow_last_seen":1490976047610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00428{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":629213,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwJsxAAOcGf3ZIFc6HrBAq2AG7pJ+6tUVgg\/ibBnASH\/6xFgAAAgQFtAEDAwY="}
00414{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":631210,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+JAAEAGgWisECrYSBXOh6SfAbuD+JsGurVFYVAQAVf7hwAA"}
00737{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":631468,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"pkt":"AMDKkaPvePiC0\/vCCABFAAEVy+NAAEAGgHqsECrYSBXOh6SfAbuD+JsGurVFYVAYAVcKJQAAFgMBAOgBAADkAwP\/\/gAuAk5v3TG7NhYWBuGwBvgFQjeXqnaZyi9wFBW4dCCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7CgoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAj6+gAdABcAGCoqAAEA"}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1490976047563,"flow_last_seen":1490976047631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00430{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":652109,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA09e9AAPMGtL00VdHYrBAq2AG71JuiSVzoYK0kLIAQAHbWWAAAAQEICm2QqQcA9lDo"}
00645{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":664674,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ePiC0\/vCAMDKkVoBCABFAADQ9fBAAPMGtCA0VdHYrBAq2AG71JuiSVzoYK0kLIAYAHbF0gAAAQEICm2QqQgA9lDoFgMDAGQCAABgAwPz\/rL0ydWN5C5NB8NrgWOFN9iaI2tPjg0HNAnksKY25SBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHa8AvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACjXnZEIwuYj8Sazmu3a+8RkCzOYfnum4J+cC0cC\/KHsJKFCmQcYLw3D"}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_tot_l4_data_len":881,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1490976047560,"flow_last_seen":1490976047664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00430{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":668051,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0csVAAEAG6uisECrYNFXR2NSbAbtgrSQsokldhIAQAVvU0AAAAQEICgD2UO5tkKkI"}
00500{"flow_id":55,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":668311,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AMDKkaPvePiC0\/vCCABFAABncsZAAEAG6rSsECrYNFXR2NSbAbtgrSQsokldhIAYAVuurQAAAQEICgD2UO5tkKkIFAMDAAEBFgMDACgAAAAAAAAAAGpyOypNCOuLYc1rrvLCseEJ8odMssHtaCeJIejNUkhO"}
02388{"flow_id":55,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":679392,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXccsdAAEAG5T6sECrYNFXR2NSbAbtgrSRfokldhIAQAVuEaQAAAQEICgD2UO9tkKkIFwMDCwYAAAAAAAAAAZRJ0WHBRpfMrlIJwaaSZCFDKqEjrdBPKTWYYElyibFFW+M+4oYFg6Z31GToR3evaJ1HvSWn4J4QSSh1Zfc4vZmdl+Z2a5Qpo+avFry6Ob\/j3ghhiS5QMlRGxG5zrckebRzM1HX018SCdKnEIJen9tOFhhYX\/B8uofG+Mj2Y6FDQVvNsE9vzcfWj2Z9j534jS3duVlZZVa7by5HFEP2S2g9CkpNH45NZD3JYReH\/28jQidhLcFicEZ6YRW+MhjF4PZV8n8lramLgBxzjBZoVbNCiCvm7ye2PweCXSSpCVu6o3hqY4jNr+40u5wyz\/afQv\/Cn5CYbBlw3anA6RKLaPfYquAuZIMquOWxXx1+TLfUkB7pBXBMSoawIccWIcDnEqhYtfReM2pQr7gcRkAzT9ct3hskzph0Ilc6hU3gru+d5sCd1Jkmo9tclteey47u21K3gbFhZyDnL8kCSdMaeHgciew\/g1hiBJwDCaycjaQY\/qIF2NwQf1dy608inuEAIhWfvoxK+so2q51uQOjp2Wy+mdWHe1\/4Wx6Y4fNsn0Gdg3fPrP4RgcOncSnTUKF08xGAqkvZxyoroFGIWEkSJeNe\/trR84kC9gdYyd71zdCXJxJObfm6gcXPq8RcEymlAxn1B8HuvUth51TDhVyO2ioQOIGOVFX1wtVNRs09JFu+TnVVPvQceWLQe+u1StOuD+3uV9qMgsYGnAnJln33YXtMmXc3WjZH7fgYG1ltZvqM5I16P1WBH5LRUim03cgAbaH6AcoOjS2tV8ixaYtQFLYNenDZxLEoDHa44NsyLgcCfr080XGaAc0HrraJ1eLcrvX2qD3hjXwYwUj04IAkWa1vI3hhHgwomACnQbZdaFWIkVeTbAROcGzxPdeLkuFev6yN4ZrjyFgMBPn2h5pMYWRKXwS6b8cbKhPmAEHS\/L2JyuqilIn5WvcQ9O7USSP6oTLuCaucluO9n+UwdhxIVwewKk6hLG0Hg3NUo6OuxpJNue+OxU99H9BimLglkFdh9zAI8DoHpaudzj1mTMlAwCQIqBGOXRFRm7S+dnSj3HdE7J+JtyACv4ll7A0fXiFJg7\/3ZyPjDROAAjJ2oDqRcqkTnahzBrVlrR7QOH0QtYerGOhXVyI1RTAWlRhphrOdWJl+swUWZiw3LA7Tq28kZsQr6qmthIZHyvZdboJN3pSKX4J8xhCkcZHUeCZDcnk8fV+DCopTL7AFc67uL1xJZRYhfxdXAqAiT4btcW6dh+8F6QykiIcNgJbr9P5t4BTWNGzJN9Zso9HaZIP+9W821WC3KdJWjj3Usz4ItWqRQWf84OIabvL4ZZj0u5p\/QHwvO8qkqjWKJWwvvK026AjYdG76HvqCFJFxnDkcHTX5gqpVmAmiI9zTPahCINhzaufgeRcIaGGIS\/YaAHC2X9DRXajRd0MS3WibnhG5tlu13hE50Thtrd2qT9Qr5adMQqz2pDAARSgODsJ7g4pFv18GmVrnINxwuBmlj3gCuB\/cB\/sdQPt1eEmPO9cCQX1jCq0ka3ehLrIkBJlE0lVQe2h8FbGL3RKUPdzfLvzQgYhkfQwQUK8L+9Ltp1xNw2BV\/5HScavuWz0lBYtn+L2XReZi52qD02gtIsBC1Fm28hIlbqVCG4\/\/TPVm2jK8g4cAS7ElG3qIf49HvinIVGO5yyAGQZjrcoB4kMLb+\/Cmo8o7V1jN23vW\/t+UEtsuP35grEpGMV43nfvrjfV2DOfwscUWFHn6KE8KPPuSs+0BupzgZoBOJBCoLc+WsdXkt6ZU1k5KvCluEWYPKdpA83GSHQOIfKMLjSHpCKg2ZIZFVedNWUorCJPc9n7TNPJKviTXNeGpSwDoFqdpsqyvS6lGb5rHoY4zygh09tE2PzcT3Q3GzxropigWk39I1bz1LJic="}
@@ -628,7 +628,7 @@
00424{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":694431,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoM15AAOcGcuxIFc6HrBAq2AG7pJ+6tUVhg\/ib81AQf\/x79QAAAAAAAAAA"}
00424{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":694892,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoaaJAAN0GRqhIFc6HrBAq2AG7pJ+6tUVhg\/ib81AQf\/x79QAAAAAAAAAA"}
00631{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":695425,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEaaNAAN0GRgtIFc6HrBAq2AG7pJ+6tUVhg\/ib81AYf\/yCgAAAFgMDAGQCAABgAwOS8\/bZwVfj9ZaYcThQkXYRujtLiD9w\/2gYQED02RFjLCCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD904628AvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDAChh7fC3fO7v+rOLu0MlGETE2X5WVPC+0YiyCPSFTnbp3RiifTKP1EJa"}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_tot_l4_data_len":561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":704,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1490976047563,"flow_last_seen":1490976047695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00415{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":696294,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoy+RAAEAGgWasECrYSBXOh6SfAbuD+JvzurVF\/VAQAVv5+gAA"}
00486{"flow_id":56,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":697069,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABby+VAAEAGgTKsECrYSBXOh6SfAbuD+JvzurVF\/VAYAVs0XwAAFAMDAAEBFgMDACgAAAAAAAAAACelpYCuQ1E8R6oZIRMM9OCYwa+Exg\/ZDZELOWS3o7qW"}
02404{"flow_id":56,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":708316,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcy+ZAAEAGe7CsECrYSBXOh6SfAbuD+JwmurVF\/VAQAVvFiwAAFwMDB8gAAAAAAAAAATCnAGyWbYtohtkp4wTfcanLLNGhIn7G3xnJcvyZDEGwWRXqtpZOdaVhnA2S80B2K1RJTSQ7cMfzx\/GI8ANh2A9AWgaowQfXhqbOAuR+45bIUpXKksqJXD8pPrCr3F5EiRDQB4HaApHutaHCNh8VBOJ\/MFhXimCvUih9xM58ITgOKYcVYoDcfwx1dixpMiD\/Ovaw77ZXZrIwMXzKtItzYBy8HBwB0JBGXElsaVHafscwT6ieptIjfQ92eZrFtZzmZJYKBFirjh4yEoKUDyCTm+\/CXHQLDbP8+VlKwH+a409W9zIEuXjHeGyDVhV9AvBGQQAyeWftjsuEFSH8D2TMf60t75wal4feiP4ihuLO5V+CXF94obJJOqHe+GqcoDdptDgkUiHg\/0vW6rxPwuxM49vAp+sFIhEF+Ctx37BggASF5ecr0lVVYx+2xiL5VLTWHy50CpD1vihGZTcgWLU1ViQQN0rp2TfV2s+Y3qW4L\/JrKHWGzux3YiR7zc7mkWbjtq8yLBXbwym8BZ49LsXHJJaJ9d\/aqWA6piURSVscwhY2N6T6ZcHmyi0NekZJyKMTcQvLhDXas79DcACjUFajKk39aLVq8hRd3XJU\/OMtgBjL0yaizFQoufZtSFHCUiHv4pUzCuZZfLmxrFGEoD85iByuvr1bnskaR38uwuR5ksk8CM+HCNNINo7N7GmuJMCYSshcZjY6gtveyJ5YUgOe\/Av\/aiMYYLe3ku\/CNe9om38wTQQKFLCwOvRG+z3lUuMJT9\/6swtMx8yFPK8enFiHYi\/s5cJ+c45LqHywkHcCSgho3gJwThyDoqbMF+yC8AI9GtiPNV4ZiaoBnp\/EDeDFkWk6Y\/TiR7uNhWcGXw5SLZwV3Qf4GqSfhJG9s02upC1BrEq6wa8H8ydnPf4PMaSYTTdHrRNTOw8y25O8euPAIE9PW\/keJRfss10USLm9Uz5S4CF3lW5FG\/M\/RbkQ2aS7tVP9oNvv6sOYwINoOjumJdYhaqUQhP5XvGV3a+pb+8nS9+4S52d\/qj0OAro\/ZThfoEoyfc1osE92uud4grsLdT3E5Sw6jrUKnxxBfnIAOXlLwgEK3FT1vZ4pC+sul3xSm540aSLgkce2IkvnIJHgeY3WGfP74HYppJLD+R5muR8wDhXXtLh4Ezjn9Mta6z5zcrJ5\/Rb5gjWTE7rEhEtyuXS0zwN5dYw\/lWYz7GtwkKtJKamScVime29n4Dse8+aIAQkwQ7q+Sx7f92CM2isIYIlPhXmEtDl4EVaiKQfM9pp3OYMf432w3bprdOM3HifSOQCEQ98ZkeOjIL45u5GZ+uLWI40GZzPIc\/JaCwDz8Hd876+c650CyFI7BnZB4+JM9vvnupeEtq9MrZ8j8Og7DkUuiHGiWacak36lJIz5JHX4pfp1upfiK4HrPjTt+sXjzyA8FN\/KZ2J\/jRzeu119ug8974\/ofOeQFxTdZo33gJyCSRlkYsdct+0e\/v8RFAZII5rljR2D+hHLiGI8SByaUnT7b7kVZL0NXMZ6hA48bhlsmVyMwo3k62QkucqeMNnomerg4Ud6myyyqwPg8WVj+MwadyaIK6L\/lBTuOiCD1651CVziNfC\/ioSzDpilrBU7dKwF56300euYtdw84EumQgwmUUmWa6t8BDD7PVfuOErP9tIeY7r93YFqJaKl1W7Lq43TI1eAN8kdGk\/x2sX9t3o5o7YUFl0PN0qsCSEhyGLfCIfALE+RyPRwaiN\/pEesf65d5VbUZKgQ0bkON9iAmMg\/kFzCzuEJAmfC9w0KgEdUZa0ZPD37xJaRBubm9zhlSUvNNeFi2zwGfxx7OjaTW7KZktmhJjpSfY7fjjdVwFuTQCLttLXpn9i3IxDTdXRL\/14EIhNdsfv2fyq1ymnQ1+w61Jums\/IX98GIXSCyuunjRlEN+6rSBcw="}
@@ -637,17 +637,17 @@
00425{"flow_id":56,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":789365,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoaaRAAN0GRqZIFc6HrBAq2AG7pJ+6tUX9g\/icJlAQf\/t7JwAAAAAAAAAA"}
00425{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":814057,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRupAAOcGX2BIFc6HrBAq2AG7pJ+6tUX9g\/icJlAQf\/t7JwAAAAAAAAAA"}
02404{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":832306,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcy+hAAEAGe66sECrYSBXOh6SfAbuD+JwmurVF\/VAQAVvFiwAAFwMDB8gAAAAAAAAAATCnAGyWbYtohtkp4wTfcanLLNGhIn7G3xnJcvyZDEGwWRXqtpZOdaVhnA2S80B2K1RJTSQ7cMfzx\/GI8ANh2A9AWgaowQfXhqbOAuR+45bIUpXKksqJXD8pPrCr3F5EiRDQB4HaApHutaHCNh8VBOJ\/MFhXimCvUih9xM58ITgOKYcVYoDcfwx1dixpMiD\/Ovaw77ZXZrIwMXzKtItzYBy8HBwB0JBGXElsaVHafscwT6ieptIjfQ92eZrFtZzmZJYKBFirjh4yEoKUDyCTm+\/CXHQLDbP8+VlKwH+a409W9zIEuXjHeGyDVhV9AvBGQQAyeWftjsuEFSH8D2TMf60t75wal4feiP4ihuLO5V+CXF94obJJOqHe+GqcoDdptDgkUiHg\/0vW6rxPwuxM49vAp+sFIhEF+Ctx37BggASF5ecr0lVVYx+2xiL5VLTWHy50CpD1vihGZTcgWLU1ViQQN0rp2TfV2s+Y3qW4L\/JrKHWGzux3YiR7zc7mkWbjtq8yLBXbwym8BZ49LsXHJJaJ9d\/aqWA6piURSVscwhY2N6T6ZcHmyi0NekZJyKMTcQvLhDXas79DcACjUFajKk39aLVq8hRd3XJU\/OMtgBjL0yaizFQoufZtSFHCUiHv4pUzCuZZfLmxrFGEoD85iByuvr1bnskaR38uwuR5ksk8CM+HCNNINo7N7GmuJMCYSshcZjY6gtveyJ5YUgOe\/Av\/aiMYYLe3ku\/CNe9om38wTQQKFLCwOvRG+z3lUuMJT9\/6swtMx8yFPK8enFiHYi\/s5cJ+c45LqHywkHcCSgho3gJwThyDoqbMF+yC8AI9GtiPNV4ZiaoBnp\/EDeDFkWk6Y\/TiR7uNhWcGXw5SLZwV3Qf4GqSfhJG9s02upC1BrEq6wa8H8ydnPf4PMaSYTTdHrRNTOw8y25O8euPAIE9PW\/keJRfss10USLm9Uz5S4CF3lW5FG\/M\/RbkQ2aS7tVP9oNvv6sOYwINoOjumJdYhaqUQhP5XvGV3a+pb+8nS9+4S52d\/qj0OAro\/ZThfoEoyfc1osE92uud4grsLdT3E5Sw6jrUKnxxBfnIAOXlLwgEK3FT1vZ4pC+sul3xSm540aSLgkce2IkvnIJHgeY3WGfP74HYppJLD+R5muR8wDhXXtLh4Ezjn9Mta6z5zcrJ5\/Rb5gjWTE7rEhEtyuXS0zwN5dYw\/lWYz7GtwkKtJKamScVime29n4Dse8+aIAQkwQ7q+Sx7f92CM2isIYIlPhXmEtDl4EVaiKQfM9pp3OYMf432w3bprdOM3HifSOQCEQ98ZkeOjIL45u5GZ+uLWI40GZzPIc\/JaCwDz8Hd876+c650CyFI7BnZB4+JM9vvnupeEtq9MrZ8j8Og7DkUuiHGiWacak36lJIz5JHX4pfp1upfiK4HrPjTt+sXjzyA8FN\/KZ2J\/jRzeu119ug8974\/ofOeQFxTdZo33gJyCSRlkYsdct+0e\/v8RFAZII5rljR2D+hHLiGI8SByaUnT7b7kVZL0NXMZ6hA48bhlsmVyMwo3k62QkucqeMNnomerg4Ud6myyyqwPg8WVj+MwadyaIK6L\/lBTuOiCD1651CVziNfC\/ioSzDpilrBU7dKwF56300euYtdw84EumQgwmUUmWa6t8BDD7PVfuOErP9tIeY7r93YFqJaKl1W7Lq43TI1eAN8kdGk\/x2sX9t3o5o7YUFl0PN0qsCSEhyGLfCIfALE+RyPRwaiN\/pEesf65d5VbUZKgQ0bkON9iAmMg\/kFzCzuEJAmfC9w0KgEdUZa0ZPD37xJaRBubm9zhlSUvNNeFi2zwGfxx7OjaTW7KZktmhJjpSfY7fjjdVwFuTQCLttLXpn9i3IxDTdXRL\/14EIhNdsfv2fyq1ymnQ1+w61Jums\/IX98GIXSCyuunjRlEN+6rSBcw="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1490976047858,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1490976047858,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":858519,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA84nJAAEAGasSsECrYSBXOh6SgAbtFc7NzAAAAAKAC\/\/9pQAAAAgQFtAQCCAoA9lEBAAAAAAEDAwg="}
02305{"flow_id":55,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":890964,"pkt_caplen":1445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1445,"pkt_l4_len":1411,"pkt":"AMDKkaPvePiC0\/vCCABFAAWXcslAAEAG5YGsECrYNFXR2NSbAbtgrSoHokldhIAYAVsQqQAAAQEICgD2UQVtkKkRbfB\/yi0bv0M7mB4yOZSYtWdZMXUZWfKPnTIcrXW5Fq02Dhm9p9qOYjxbpmkRWUE+\/QotKLObRj+l2uexMDkTXqKGtLcVKgfqQIq0yK9FYo3k0\/wUGwSR0fsQgb0SSGkA4phxIfU4fOf1C2THRg11kJCquJFngebOVK9m79Jq0y47YJqxj3QlMpa+O6UO4tYIbTjdtFtpoloYWx0K3f\/ey0i949h3\/WaTNsTbLBQiktDpJtb2NBuiukMTf4GRsmci3kX29\/083wrYiYjjkL8m7JHIcQny3YhQ8ACnxmWLEuXI7dO4Z51SJaRW+aHKACQnr3bK7ZkoHrjpL4muNQGDH9MjNPx7zaZ9pUgqPRwyY335Y\/o+5LBY7CLOsgQbOXw6Rd8bC6IeXvxHLpWbJn6eU3Xy4C5bZ7m1kRkxe6NBKhJSneNUTwsXkLZbH2YU0XCyUISYAM3n9OFeryoZoQlI0b2iFWcOjRgCYIAUY\/hbvGXT57C\/HZPiniljjsJNufM1dWOFnGrSpfWSu7p6Gf9VYNGt2bNFZJzvRe1jooMED4+1HVlHaGFss7sn4x7KQTi1jEWb8LtUGV\/yeVy6ukFf3tBDi1fIHQXXB+d9+XW6c6VYKiQp2ILjdHsZfWTR5JccJSkr5p8i6o+EtIeroB47hPwXZ8srW94eb10\/OVcSrV1IFuvsuahmsPoKmsCeSl4Y4kBuweFeZg3hCMW+lRrt3oawzBYMjmVZFbjiaD8dGcBzJNYJMTDec2Xgf2VEYooIgiL\/XxJ\/eh7yuh5wECi6jUlk2w6fvgA+NZ3pZxzTia3fd7E5uamqRVRMBQiSW7dV0o+Gbn5BJKCIYeubCHkcrRJu5uw99aFk+3c96It0XGwTAAX1taH24CoBpFcwRgvOEP\/VeqxBvvaqSd+R8pg+Ks1tDvZc20vgzCFn2UfAtme24J9WXYTVlrc+NQ4K7kBxy+XAOcJPgiXUVaszYQaL0HsXG0z\/k15HzU1lopjyVRa1K5fQnp0KSVaQUvPNOKohzGppNL\/Wcdn1knSTB\/L9qKo03HB\/KjSbltr7nD26j6rXZI1bgLhzI5FcS5p0RGHoQQ0fcmK\/FkZ9+EJQO1sy\/Y4YrVTj0shS1ocsHjBFh5dPEwZdwM2mHkibajPfosoeK2ltMlqsescpdllZ0yDN5qdQRW1lPJM7+tKVH0n0p9lLpItEOTcuMK6Wkq3gvLDMkXrXfHW8LDM6H2NZ8YbYLPqOUi3WWaoYcZgM40vgEXTbcy8Oq\/8P+BXLw7swwkV5nrH6lB7vb\/gC0hz7f1\/8sQUYZc\/zFUDwH5J1LMc2UfoSzXy+ixpTkXVA69ypYa\/IEfo5mNM0oMjIzB8CG1CsQxPnePNZNndM5Nt5XgYgRCcSUa9X82wwJjzpoQaCwqEue6dIn0Dbzm6MI7mjVvKi4lzuuGITHs3PPdrnMVgahtEi7Uj6dSCDYOn9vDebYxAVeCCpyMy30TzArFnwortiuHFnzh58Zm3ehtMcO3u6TFkrocZE5+8lgYPZ3+LVrGPPBQhNOMyi52DpdVbn1JMtQ3JAu1QopheZB\/UKrOuAz0ssjz9CGDHyyZ6pEThrNjTy62u24sSHdXMP2V8yuOIys7Z6kWZfEqFiBRiej2xdz1\/J6vhnMjK5Kq\/CCXWjiHuySdWXIrHYNKIGxMVbe5pKkNgTGZWWD3ONG450XVgYMSb+C5TtUYOrQDUcHHroP7avxU5IMZh3wD0DNFkEJsX2Vva9jZ3A6Rl7571sdC1NbSwO8tUkbRI2PBt2AvFtwUVRzfgpaeh6VsKQHy8Fsa7Y3t6BUPT184b3mvDr2p0cHML6KKM="}
00428{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":907178,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwsPFAAOcG9VBIFc6HrBAq2AG7pKCmhnFJRXOzdHASH\/6\/cgAAAgQFtAEDAwY="}
00414{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":908219,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"}
00736{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":908954,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"pkt":"AMDKkaPvePiC0\/vCCABFAAEV4nRAAEAGaemsECrYSBXOh6SgAbtFc7N0poZxSlAYAVeSewAAFgMBAOgBAADkAwNIPWEPEPoMeooP6quIPBRotR9ApG0zx\/9LIBRu+eswEiCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAgSkrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7amoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAg6OgAdABcAGAoKAAEA"}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":955394,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolARAAOcGEkZIFc6HrBAq2AG7pKCmhnFKRXO0YVAQf\/yKUQAAAAAAAAAA"}
00423{"flow_id":57,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":955532,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoielAAN0GJmFIFc6HrBAq2AG7pKCmhnFKRXO0YVAQf\/yKUQAAAAAAAAAA"}
00628{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":956403,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEiepAAN0GJcRIFc6HrBAq2AG7pKCmhnFKRXO0YVAYf\/zA0wAAFgMDAGQCAABgAwPOP+RKGUd13t632G8l750hX4NYqs4LPnj1y1rN5CC1UiCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD904628AvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDAChkuYkN2nMSNEW7NhhzGo2zdq3klZCAvkolDsxENbT6RLnVEjL+Gawk"}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_tot_l4_data_len":561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00414{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":957379,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nVAAEAGatWsECrYSBXOh6SgAbtFc7RhpoZx5lAQAVsIVwAA"}
00485{"flow_id":57,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":957900,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABb4nZAAEAGaqGsECrYSBXOh6SgAbtFc7RhpoZx5lAYAVvplAAAFAMDAAEBFgMDACgAAAAAAAAAAE0YwN8nVnBVAj8eHHzhkbGEPc\/RlqvYLkGf2PMdPLB6"}
02394{"flow_id":57,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976047,"pkt_ts_usec":970382,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXc4ndAAEAGZR+sECrYSBXOh6SgAbtFc7SUpoZx5lAQAVs1aQAAFwMDBsgAAAAAAAAAAQWr\/L+s1PzRlNLv1CXHm7Rth\/qt3OM+FoIRfxif6WKL7cZuchnhdZ7cIneCiCz1FIw1PB4MDCAw8ehqsh+fkaXafo7LmAqeGeI62ptxYtChGkQRIFaLJFPUqjY4XfpfCWOecCcJaHF5mQic2ZN8fZD1S337YuQkOjNfZN5ehIhgp\/wbHTwZgnKXC\/Oo2bIyw6e5JzRpTPype+IXp3OgIAVpf1fPXVX+kBqbmDtnrv+oaYiComT57SoUlje0EUGz\/qtQuXd3656PQrOAAWu5fWnrPOL6X\/qIOrR6qZwmlk80VDpc7fZvMm1vqQBayCQv3aN3UsBF26asNfPiVqSYKrbDnrsql9Wqvsd6Jqb46PzDDx+mmdZV1H1hD+a8FwQG6ILWppRQKUva2lUSKYK4VTVJNqc\/UI4a4Pzbqn6pGZi4Qjhj2vcPmnhhc1z6MqTF58LiQQtC6UhBGTBZhUnClkSs9xPDkqEi3\/osvaEIkgXYzhFxLUR9uJB+rxlufWK4fohYXE42qrSUxcycAYw3XSeonUEXyEHJMSBE5pn1ThxrwXw2C4XsEhRG+g46zCMhQ83fNWSVFV5DEJ6PA9ql6XHwtaKBB9KT2E2k0763l09hZVhQ+HU348YF7LfIQX9Ol43HaHeSz6KlgWLFBO9KUyS0aXjBk0IthVT39vV3OeYLw7vDdYyX2D2Df45LXdBVLSFLqrMu9PPolJczvbpnNf73X45hgIoEKHRRSWFkL7bRvVTvBIBCxjdVoPAjbSHJbWoRojmX8TWfaryVf4d8sCnAHAJvnaLn1d9eLsF2CYnPN0M9Cg+leNU4Gic88KSbPYBiaztjswTQw52zJc5Svi2ruvQw67+E9dCP3oxAXVpshsa6e4FnEUayihIGFm9mhNneuSsYPS\/VSa9FVKCUJHuLxMYrOhVnLkulzb\/kfHmCnxXS4uPs81DHuh9YOfFa2\/WeWfgN6le07sqdumfgBqwpeAfjMMxHFeItMNVrnjAC4Nare74ilFMgat1S\/Of8xmr8VONogvbyTU8Ydua3mjvtK2EmU8nGmv5mLN5UxOEowtI8uchQEyKvESGVvfrTgu6BMblebVBWMl1iAUjqm+g\/vDtL48uv\/q5bNnAWCjCFEqsq6MIq26P8zZXE2MaXp0kgGawp\/OcGuvoBpMtKfczHEJmVfHVN96zeMD7Uxv9\/DRYOef74wEyW8MaY1V8JcVWYstWfj3Ir6fD5dmeZPxBs75SWj5PZ4DnmOozPS4tdaoZaiKm4xWnZqHzOysHld0Or2yjexac4d0Y4onTlDWCR4e8Pals38N+2kq3vKXX2679xrfnj+vlH9qySWb+WhYuIYfeY1kkDSEQ2HUtvhIW8icCipR6UlQYmnV+BYBlxt28v1M\/oOk5H7MwGbxGxD92Q5n\/YeUPW+QhPUGTbSNbXpVx9o31ONjAU\/2rUjQ21B3HXghWtWDGMfF+jd8aCvUzu1krb+pPBZEr9WugeU3kNplhQoDn+cM64wPcLlo9LhhQ5LuAaVckcG0T\/4VUatLl7tLUyN7kKen5agJ2u9su+pVWdpdsxAfTSaeM3JH0YDCkaWw1PLMM\/Bg2PQq9w4TsYZLKvh5bhCxAbTWXQUHCCpVK3yI0oAgAi3eBI5TevJwJyrZ7aUigqqKCmte5PVZOKQyDmrhhoQ3heSJ+G+LPqRUw1Ne8PXerx3aeAO4lDA2fXJfcy6xcw2mHJH4TQY4FFewB0mPqy2RQb60vUOqnQVTGHlLRVRM+u9EHcAgoXL3e\/u9ZooLbUVzjecHkONyWpKkRZ06+4+CMFH4qHcGjiNeVJSylHdFQgTeJaVy9SXoJTCLknrx\/T+qc6e\/MUN7fAGr2ZV02MA0wMVUb5Gkkjp7GxK9Z\/PQ7LaBAbPImgezMMJ+1mXaoGsb6Ysc+KW6goTAAlFno="}
@@ -667,17 +667,17 @@
00415{"flow_id":54,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976048,"pkt_ts_usec":863911,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ41AAEAGA3asECrYNF7ohrJzAbuRhBRe6ucB81ARAVdzwwAA"}
00424{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976048,"pkt_ts_usec":926772,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoWpFAAOcGRXE0XuiGrBAq2AG7snPq5wHzkYQUX1ARf\/f1IQAAAAAAAAAA"}
00415{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976048,"pkt_ts_usec":927819,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoQ45AAEAGA3WsECrYNF7ohrJzAbuRhBRf6ucB9FAQAVdzwgAA"}
-00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00455{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1490976054009,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1490976022741,"flow_last_seen":1490976022741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1490976054009,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":9715,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="}
00426{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":70557,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="}
00413{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":71611,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1NAAEAGF7CsECrYNF7ohrJ3AbtDNXw2OlR3KlAQAVeVkwAA"}
00738{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":72460,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXL1RAAEAGFsCsECrYNF7ohrJ3AbtDNXw2OlR3KlAYAVd6FAAAFgMBAOoBAADmAwPBrmY0NdI\/E4D2qVtO38be10HD8gGTXfDLQBOZkXF05iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9amoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYOjoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1490976054009,"flow_last_seen":1490976054072,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168161,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAopJ1AAOcG+2Q0XuiGrBAq2AG7snc6VHcqQzV9JVAQf\/gWAwAAAAAAAAAA"}
00534{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168300,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9pJ9AAOcG+w00XuiGrBAq2AG7snc6VHcqQzV9JVAYf\/iO8gAAFgMBAEoCAABGAwFY3n02pkfhRwxBuUracjcXGcG8ABcBgmQTmuIOOTaqxiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":785,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1490976054009,"flow_last_seen":1490976054168,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":168397,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdpKxAAOcG+yA0XuiGrBAq2AG7snc6VHd\/QzV9JVAYf\/gC9QAAFgMBADBYgJOSAG3KoN5t3OUr36PqwqfhVZjAlZL1ZW1YvCcO85\/UenkepVu7W6vQ7zsoOfE="}
00414{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":169775,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1VAAEAGF66sECrYNF7ohrJ3AbtDNX0lOlR3f1AQAVeUTwAA"}
00414{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":170745,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoL1ZAAEAGF62sECrYNF7ohrJ3AbtDNX0lOlR3tFAQAVeUGgAA"}
@@ -687,24 +687,24 @@
01972{"flow_id":58,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":540107,"pkt_caplen":1200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1200,"pkt_l4_len":1166,"pkt":"AMDKkaPvePiC0\/vCCABFAASiL1lAAEAGEzCsECrYNF7ohrJ3AbtDNX1gOlR3tFAYAVdhDgAAFwMBACD3FLSKdQ\/+XX5awn7++AnVU6xJmoAF\/7g8XlgeCL3QrRcDAQRQ4UO96npQFzRFhjeiTHtHDG50Ual5ipWVuA+IzEiZemz9nQnbKIHcaxvuNl+N8Ze50eCsaR3cqgcXM27cfr9UJrrzm1NETgwhcRgv2\/UjTCEpYgeU+xJlCrXcw7C9FV65x8TptxLxxsONjQgmOaSxSzAq4DL\/I1ESDGqdmY1y3tQFGN5QD7eh0PxYbaiwj\/zF2EMlQtF4x5lbaYVz2YhU2PjkFQf6uPJSiNpaLTFcKjEQeCWFqsmO3rKpCxD+3qgoUooO3V59pNi1WFsQmYHJ5mzq7870TqX4pVuEprjImLe9Zs7\/i9WaVvVVvg\/NvRX7\/0SKAxx8HzHZzbFjt+6ewjLVcoet7wzxEj\/4CawU9wy2Q7KGD32FaV\/RrGNEpAB+FYIMTRNi7Ce1DkyRnYw6S1wMzAwjAuIxEMgcxlvla1VjCwqowcSkWY\/HD0NPOXcTN0mj7SZKN8YyHdIPLaYu10+b9QxFQZIt6G4W2j8PRSEFDu7RWhrrgvM5EcJcD43JLrV1W8EJnaCs9J9eE+vFpllKjTupJZLrk0NkFmafnQk73RWuSy6\/cxC1Cxf91V7fy2g8Dl90989+vW0PYx8iCYRRoN\/zF1b5+mPg6oibx0QQBpzh9IJhoWpLHZhG3gQaVamTEQT8fUWzczfRI8yHCNfLLzhmeRIu9suxsrgkIgbcqqAu3HdpvM73h4uFK0hWaxXJ9\/pINUFtClcbhyXNBXS28Hb+\/s39skTAGqz7MszK+4hYMkslwSWywcxC51+A1w+cvR8dqealfziZsqczNOLtD314ZCzx7RIkdQD52phBnh6AZB10f2c782KcVtDUgVG1CElr3jyRtkeozvPKJQ3dkqB2Q+vttdnWF22tWjop17\/\/Jh6p6o5yZTmfIQhzmeh3SgdA0KU7UmX8qYHISwQ8EcZ4DCmhxG748T0Ot5Fb7Sr5XnQnWOV0sUOn2stWl\/qLBGj2KXyN2s3by9rqJmfscu5viQvrKaZg34Eo5yM+IarO0iPYdW3GZEKB1ruNDsD49nEnML3Bp9huAvXTkM8XRkVnw2a4rt36a2PP6QXY5vHrAO1OboiY3ItQAcaotv62mhM3tSYLs8Wa6cf\/1XezPZUvMoEbAJy04t28PEmUekcD8ZCPsvSEJk8BjpexMhb1JuiZgRTpcpBRJlidwzvAdDzkpnWz4\/A+xZNq2xckJcB\/eQFZZKjodJe1GNEwj8oM28tFqhTPgPu2ZgaKNUGb2NGo\/MjWaEMwkaCPiOPN6qdwmFG8wNFHeiBMwEOB1UnO82mI8h3jQmABnvm4S\/grylNQ2cLCCpUA4RDj4VG5lTGXWeQK7klB+zUeIHUar4kZ4IIN85VdCdOFe27N+gLscUz9Z6SLnoR15oeHnAkmRXDAWS9RUomE87beC+rz54dLMjY7cYAo6ymUvv8bb05P6n5XuwgUlQ4BuKZZCPyXlvw3WAGtpkrhB4bZYG0e"}
00423{"flow_id":58,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":603797,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAor35AAOcG8IM0XuiGrBAq2AG7snc6VHe0QzWB2lAQf+UQ1wAAAAAAAAAA"}
01549{"flow_id":58,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976054,"pkt_ts_usec":603947,"pkt_caplen":891,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":891,"pkt_l4_len":857,"pkt":"ePiC0\/vCAMDKkVoBCABFAANtr8RAAOcG7Pg0XuiGrBAq2AG7snc6VHe0QzWB2lAY\/bj1VQAAFwMBA0CN4zxSn0WIgp6zpKQTw\/5cuGdz1hOBqjj+LWRIldo3mKsOyrwFLnLO+Abh8yv2mP5l3YNhPLeJ7ODo2LfypYcprJGQH8CRK\/cE1ab7x1aXidA6DUtSD2U91q2UyIRcqdgA19xo4uW8np840YTsacHk\/T2BUMf7nMDMEtx13qx2+vkXi524ymE58iN1H+f7Ii5Xs4LeujqRomq\/MlTxMO5rI0ID9EQQXgY05Xp6Zw8AfbaQFYhRFxwo0o1h8z54\/sbTlv6eeznXet3XkKDJRdErINEYvC4ydcetxCrxZVHbE1rQTvABclKPq6PI99Ylx8HVLPMFqjgytk\/yYNgG0Zn3fZ6ayS8pTEx9nuXs7s65OPsFx11xFT1A5PUm3N2Et8tQqBheJS23J9oNoXamqTNw6Mgm97WL7ntb9NcKbM3loiJv2jfYg1lb+fUQ2OQaiaiksgyp7sUAteV7eSwx6ps7bk2zU0xtYNoaIiZelAfw9CCcn6leX5kR6HjWq2kT2am9YSHzcE\/kMqG6LNoJKqH97SqoaLxwhJ1d8EoUTm2OT+QY4wMqdu7vfNJ0VNJGW5741It8k+IcQsVvfEWZnzZVj++ZrRghDuDaelhaYjtfEtuCcRl2XLaC0Vyr7WvwrAnbaxMqvpKDzYHBnoaD44xqPdQebK0ndvsReQF8fwi9e+1c2EqE2Mty6W9mPNp4RmkPeEUxtWfYY5gwqsJYyMiJZ2mCO2TCgrM\/pZcetKENpBLr8yxTdFJew3\/BGEmFTNQqarjkXnKqHjOU14iLMeQBvPK69sU\/sTCV9irGoXjELkaDrST6UiRVL3KHEquXHXkE1yJ5CQwnzW\/xdMYG2w15pQkMydBwe1GXHKUp1QqTOYTT6NqbgaantRMZUOlXaLDfg9xDru1M8qVig8U+ZPUDJcW189JEkNhp7jvzg+WXWdwY7bDL\/OmgtygpA7j0InF13CLZZgRAgee4pKoP3jrOsHtfYGS0V\/yHAhZ3UpZYBkeSc+Ib8M1aIs7SJyRTZDDaEJismsLXCFuXq9wK7DjHNvfhz4DUHstyeP4esI8NCt6xyx7T5w5bMw7sVQdnqJMc+2Nk\/7F2h+eBxwAr6Xah"}
-00430{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00404{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976055,"pkt_ts_usec":356710,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="}
-00462{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00445{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976056,"pkt_ts_usec":451595,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7JAAEAGvmesECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/\/QAAAAAgQFtAQCCAoA9lRcAAAAAAEDAwg="}
00445{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976056,"pkt_ts_usec":720767,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzZAAEAGfuOsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9d\/AAAAgQFtAQCCAoA9lR4AAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1490976057977,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1490976057977,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976057,"pkt_ts_usec":977153,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8quhAAEAGnAasECrYNF7ohrJ4AbvwDv4cAAAAAKAC\/\/9b6AAAAgQFtAQCCAoA9lT0AAAAAAEDAwg="}
00426{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":29112,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw9qRAAOcGqVU0XuiGrBAq2AG7snh1d2z38A7+HXASH\/7rbgAAAgQFtAEDAwY="}
00413{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":30172,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqulAAEAGnBmsECrYNF7ohrJ4AbvwDv4ddXds+FAQAVc14AAA"}
00737{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":32132,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqupAAEAGmymsECrYNF7ohrJ4AbvwDv4ddXds+FAYAVeo8gAAFgMBAOoBAADmAwMoaRx1UdIM893OKMmXrcWPDPO7AujafDygNOivm9PC5iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYenoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1490976057977,"flow_last_seen":1490976058032,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00534{"flow_id":60,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":82623,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+TBAAOcGpnw0XuiGrBAq2AG7snh1d2z48A7\/DFAYf\/grMQAAFgMBAEoCAABGAwFY3n06YnWpXQ3KkZkNmnBbnjScZILp4v2nCTgeJCnodCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":806,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_first_seen":1490976057977,"flow_last_seen":1490976058082,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":60,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":82765,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd+TNAAOcGppk0XuiGrBAq2AG7snh1d21N8A7\/DFAYf\/jnbAAAFgMBADB2ISI7ic+YHEik9OHUqENQACfM8Us2ZYbtF3T4R9O9hQhS2mrApgCURbQdUSxBJUI="}
00413{"flow_id":60,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":83814,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqutAAEAGnBesECrYNF7ohrJ4AbvwDv8MdXdtTVAQAVc0nAAA"}
00413{"flow_id":60,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":84094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoquxAAEAGnBasECrYNF7ohrJ4AbvwDv8MdXdtglAQAVc0ZwAA"}
00496{"flow_id":60,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":84678,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjqu1AAEAGm9qsECrYNF7ohrJ4AbvwDv8MdXdtglAYAVemOwAAFAMBAAEBFgMBADAGiYPTjtc9vV0eZCdoXLYDiIFDSB+hhP0S\/xH44I8pcXYammORqSdnhTA9NLhVxu8="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1490976058103,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1490976058103,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":103747,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87D9AAEAGJ+usECrYNu8YuoT5Abs\/ELk9AAAAAKAC\/\/9McwAAAgQFtAQCCAoA9lUCAAAAAAEDAwg="}
02388{"flow_id":60,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":105365,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcqu5AAEAGlmCsECrYNF7ohrJ4AbvwDv9HdXdtglAQAVdhAgAAFwMBACDP+2912In+jSNGMDyrCl6xvO0krdSFnGE+8myRyRumrRcDAQfgjOms7zQQKC7i7kgWur4n1hKz4N57UV9qK9y4uZJBTIcr4HeD76X7UNU4uRU9oFrDDx99D+lL0oK7lFpAxdCwB2qdifpS+8NtZ6TV2PqF4AGls8Mm4s2CJeL1nxz+OAOaJalxJfk8cf2jA3AOn5cLsiczcZFfhlI0qNgkYCArgn3nPjZc6ZCTCevr5+0HZPc1NdRpP0WDnTyKloDbz3hgOCgSAHKJQxq9CWP3XDu\/OE0166LJ1Iz9DsuRJkDyjYjHklxyXz2wocQvM1D6znG3cGcbm9kIMhGQ8HaQspbnkP4GSPYRXjhuzjHV5dq1GHWf8Lyw57jWNDjKeT\/vkdJOTGfg76IW1zkVptcnZG7neJ8U27nDOGC+9YxqCNj5YytIqmXRO32ReN04W+eFl86W4s2o632NZUAgWQdGwjsEmrNswatr0cB10EbJkNngWCyCD8ZL2qgqZh6jqmZ38LqIPImrWgSkOF8C4rMQRyxdSigDiB+ctIsGCfBmElejvymGxH4iPBVKg2vn7GwrtP3zVGj5OUwVikMH1Kucz7IUu86wXXZvlF4F\/P6WZulUGKc8R85YHV9laXCwmVDFpZEAf\/qBl9lYEL01+PRMm1WVjk0MhVm\/AMxL7LQKTlPdPMgWgpX4NwdYxXQMisls16syAR1XC+\/J5YTS54G4POvyRyk\/obGFWymoO4rOY3KvC4Koeta7PYqaPDlLqatApLYJreUNFeP13C4Q+WMToiglA1OS4d\/CpDMcCiRtSk4v+zQxL0NopaTmFNOqVBJ344hHQtUnGErmWOCKcl94yz\/Z27ndvaigSi6J8b17jgJG5+b31RZTYu4rsHnLoChQy8tOTd2dWgdiioNaEvwO7fcn9m\/bmUQhJ61biPprXJc7UAEDfAZDzl\/ql6z22qifWYhv0ewbn83N1dys2uNq2eCW5DWPPNFkeimpaBK6KdhtJk93hxPHdAVai1UW+IPSQfo01yPHY8FVjl3DbKKGz0iwVmt7oZyz0Cz06JTkjAMdjZS0JVbGRNkcdX+KIhrMHy+Pej91LFZk3NfWC2ydeekgYEPoXSMuNQRp99kZKSmvpas19YFvZWBEP76w6LlAzTWBxVt5QjvTRewdLd5uX1CXDvuC5SuwnYy0u+Xs18Hko6wO9F1BJi9+aqEFt\/x++Iw9RbkaU0EGqH5RF82UBmKjEWeSsv3SjjCwdRYCx0Xha0nOXKIEGE+WyLMeyNORZ04Ju9bszoAnWSZ8vW3rnrlHjv3OztImeybcZjBWDaTHjEGPqcjy8569U2dcYPsnE6c97rbuvOwkiAINx3ildi9sz7TIKWO\/VUik51JzS2U02GcLK1eK54+43HeARgtT3BFil1kf8aQL1ZPZTag2mGCgIDPIOUA3GOJ6UwQiUnR34OgUcXPwKd+zPFamH1o3XUYwNYEdYbi+wKdl7t\/D\/CfrqRTS5Xnudlf\/tPYT2gPp2hTs3A8uU18HGeAnIq\/hCf\/0r1smN8AJJ3J9llrmQO2hO0fX9h4uJgRXFJiLJeKLtYED5oMO+4wPLAgk1LlaHW1Ez3Gl8YQzOCrSG7gqBRuha7d5+9ZqEIvSav++lmPfuqjQk70A5NyqiO5PZW0G8T0EyplG\/flXyrjOXj7E4av2TkayaLfMvIbPhidd3tYVH2Kzo57q7bt8ZG7KvfQUfhPavuKjvPsONe1NeUWmJhu1zmcjh1K0pUS3rKLjyXJu+EDTBGCjivB71J17QC6VtiAPbpyl5np4vYtgprHAsvLqZ0wdY98iEwyB70BoEOsLMxHiahduvg1VtcvYQNPRcMKlFMPhogcCoSkh1GCKy4ZQ5B7DXLWUUHJkZwu8JpKphR3DF9O77kBHUy63v2tPTNgp47kyoMm63Bi1UHo="}
01230{"flow_id":60,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":105655,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":652,"pkt_l4_len":618,"pkt":"AMDKkaPvePiC0\/vCCABFAAJ+qu9AAEAGmb2sECrYNF7ohrJ4AbvwDwT7dXdtglAYAVf3jAAAunsmxzOkqcDVQm7oo1IktB8VpxfhIVUPjxAKg1+X9uU36oNz8x\/epm9P8SsDLDcRkmXf\/1jzWFTFdt5V6rw0U+cxMYxZ18WsD+kiPXrxRpPk59B0wAW7OVOkQpqtaLsdxlRbT+HrzbkiXwkS+UJnMlWnz+3z3KyC94kEnyv3L3T17Rg90nTq3vx+52\/ltv40\/CaWndbYsLSAyXD\/AZk6yocpcx\/PeHB+hk7pR1h30sJcrIzkFRnAdY1KNaqHvle4RkBQxGVKM5SE79yjxo82yJW8+eqQJfPtji7U7K\/St3cnKsf6A4vZvVwTnxANbGC6HqhpCEc9iXjbyNc+E+GxzqzXKV+gBiDrZ9lXHn1j3QBRzh1F\/AU4LjYNnORtkcIEtJ\/tSth5yVQRml7aZdgD3DJG3PmDOJW6Rf9tymLEqPEix8qwoHlwCdio1+qKtgbN1hMW0ea8pmUBC0c8Ngu1xiMKfBw218ba2lMTOHJUDYalfYmC7RUTh81w7TCF46bnoadJpudbkjO2PUOeGMZ0cSS+sPGpMZgP0rPw9l1zwJoe+U8TMf+K+Kq1XR16\/5kfortUa5KHd\/DDAKHGy4ywxmO9ZrqZowanW9GTWCIHyzeMAXqwN+DSJvUonlm8MM+QMGJpXUIVIsBiVjNs2InPW11vJLL0tA3VrA5RJs6Y9TWUsTK2g8SlidtfG1CTfo4TCLh0VRiVStfhrdgQgf3TctsTV16CYdTP+eXbE\/ad6WRIfWgXwd24+nIVAoa7cUBKBh6DnIQqYyzJXBSJdqSCpLstlQg0Wg=="}
@@ -712,13 +712,13 @@
00427{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":160050,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5wBAAOcGhjU27xi6rBAq2AG7hPl2s2uGPxC5PnASH\/7cPAAAAgQFtAEDAwY="}
00416{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":162207,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EBAAEAGJ\/6sECrYNu8YuoT5Abs\/ELk+drNrh1AQAVcmrgAA"}
00769{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":166385,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAEr7EFAAEAGJvqsECrYNu8YuoT5Abs\/ELk+drNrh1AYAVfN+AAAFgMBAP4BAAD6AwMOUC6Wi9btijW5bAYVZWtISVWnuZZb\/u1xZk+ZAvvymiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRKioAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABiamgABAA=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":817,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1490976058103,"flow_last_seen":1490976058166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":60,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":184433,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo6jNAAOcGtc40XuiGrBAq2AG7snh1d22C8A7\/R1AQf\/e1iwAAAAAAAAAA"}
02388{"flow_id":60,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":200181,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcqvBAAEAGll6sECrYNF7ohrJ4AbvwDv9HdXdtglAQAVdhAgAAFwMBACDP+2912In+jSNGMDyrCl6xvO0krdSFnGE+8myRyRumrRcDAQfgjOms7zQQKC7i7kgWur4n1hKz4N57UV9qK9y4uZJBTIcr4HeD76X7UNU4uRU9oFrDDx99D+lL0oK7lFpAxdCwB2qdifpS+8NtZ6TV2PqF4AGls8Mm4s2CJeL1nxz+OAOaJalxJfk8cf2jA3AOn5cLsiczcZFfhlI0qNgkYCArgn3nPjZc6ZCTCevr5+0HZPc1NdRpP0WDnTyKloDbz3hgOCgSAHKJQxq9CWP3XDu\/OE0166LJ1Iz9DsuRJkDyjYjHklxyXz2wocQvM1D6znG3cGcbm9kIMhGQ8HaQspbnkP4GSPYRXjhuzjHV5dq1GHWf8Lyw57jWNDjKeT\/vkdJOTGfg76IW1zkVptcnZG7neJ8U27nDOGC+9YxqCNj5YytIqmXRO32ReN04W+eFl86W4s2o632NZUAgWQdGwjsEmrNswatr0cB10EbJkNngWCyCD8ZL2qgqZh6jqmZ38LqIPImrWgSkOF8C4rMQRyxdSigDiB+ctIsGCfBmElejvymGxH4iPBVKg2vn7GwrtP3zVGj5OUwVikMH1Kucz7IUu86wXXZvlF4F\/P6WZulUGKc8R85YHV9laXCwmVDFpZEAf\/qBl9lYEL01+PRMm1WVjk0MhVm\/AMxL7LQKTlPdPMgWgpX4NwdYxXQMisls16syAR1XC+\/J5YTS54G4POvyRyk\/obGFWymoO4rOY3KvC4Koeta7PYqaPDlLqatApLYJreUNFeP13C4Q+WMToiglA1OS4d\/CpDMcCiRtSk4v+zQxL0NopaTmFNOqVBJ344hHQtUnGErmWOCKcl94yz\/Z27ndvaigSi6J8b17jgJG5+b31RZTYu4rsHnLoChQy8tOTd2dWgdiioNaEvwO7fcn9m\/bmUQhJ61biPprXJc7UAEDfAZDzl\/ql6z22qifWYhv0ewbn83N1dys2uNq2eCW5DWPPNFkeimpaBK6KdhtJk93hxPHdAVai1UW+IPSQfo01yPHY8FVjl3DbKKGz0iwVmt7oZyz0Cz06JTkjAMdjZS0JVbGRNkcdX+KIhrMHy+Pej91LFZk3NfWC2ydeekgYEPoXSMuNQRp99kZKSmvpas19YFvZWBEP76w6LlAzTWBxVt5QjvTRewdLd5uX1CXDvuC5SuwnYy0u+Xs18Hko6wO9F1BJi9+aqEFt\/x++Iw9RbkaU0EGqH5RF82UBmKjEWeSsv3SjjCwdRYCx0Xha0nOXKIEGE+WyLMeyNORZ04Ju9bszoAnWSZ8vW3rnrlHjv3OztImeybcZjBWDaTHjEGPqcjy8569U2dcYPsnE6c97rbuvOwkiAINx3ildi9sz7TIKWO\/VUik51JzS2U02GcLK1eK54+43HeARgtT3BFil1kf8aQL1ZPZTag2mGCgIDPIOUA3GOJ6UwQiUnR34OgUcXPwKd+zPFamH1o3XUYwNYEdYbi+wKdl7t\/D\/CfrqRTS5Xnudlf\/tPYT2gPp2hTs3A8uU18HGeAnIq\/hCf\/0r1smN8AJJ3J9llrmQO2hO0fX9h4uJgRXFJiLJeKLtYED5oMO+4wPLAgk1LlaHW1Ez3Gl8YQzOCrSG7gqBRuha7d5+9ZqEIvSav++lmPfuqjQk70A5NyqiO5PZW0G8T0EyplG\/flXyrjOXj7E4av2TkayaLfMvIbPhidd3tYVH2Kzo57q7bt8ZG7KvfQUfhPavuKjvPsONe1NeUWmJhu1zmcjh1K0pUS3rKLjyXJu+EDTBGCjivB71J17QC6VtiAPbpyl5np4vYtgprHAsvLqZ0wdY98iEwyB70BoEOsLMxHiahduvg1VtcvYQNPRcMKlFMPhogcCoSkh1GCKy4ZQ5B7DXLWUUHJkZwu8JpKphR3DF9O77kBHUy63v2tPTNgp47kyoMm63Bi1UHo="}
00422{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":218027,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRuVAANsGMlk27xi6rBAq2AG7hPl2s2uHPxC5PlAQARwm6QAAAAAAAAAA"}
00422{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":221852,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRuZAANsGMlg27xi6rBAq2AG7hPl2s2uHPxC6QVAQASwl1gAAAAAAAAAA"}
00631{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":222165,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADERudAANsGMbs27xi6rBAq2AG7hPl2s2uHPxC6QVAYASypigAAFgMDAGQCAABgAwMZs3HDWQcjLi\/oi9viGukGbi3DlY6+1KsrSoY3LJo\/AyAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACgujMIFuLizeNvWWphRrW50Jm1g6urxRCWPuUnyX4FJGO\/X3CWN\/A28"}
-00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":822,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":7,"flow_first_seen":1490976058103,"flow_last_seen":1490976058222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00416{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":222966,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7EJAAEAGJ\/ysECrYNu8YuoT5Abs\/ELpBdrNsI1AQAVslCwAA"}
00485{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":223571,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABb7ENAAEAGJ8isECrYNu8YuoT5Abs\/ELpBdrNsI1AYAVsbkQAAFAMDAAEBFgMDACgAAAAAAAAAAEjAJak8GHiloeNJZyA9qdTHhCajzppgOrp5CSsq+FOS"}
02400{"flow_id":61,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":234212,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXc7ERAAEAGIkasECrYNu8YuoT5Abs\/ELp0drNsI1AQAVsJAgAAFwMDCxcAAAAAAAAAAUOo8jkWmZvDPu5QHM\/s83uFH6a31ajoUfv2kXR10TXprhqlLcbmZXoaQ0ufa8h9cxPmiU04BDDLCZuXwMaxPMc0AxY3fs29COuAjmzZN6wOJbaka5s0Vc6ql2UYZ\/jsVWsSuM1sWCP3y2VjxmXOvP6\/uhzYvTJ0fvgnsz47U1Z1XJKRoIUf\/fAa3SB1OxGpQld5cEpKhTynDaT89A7jKlcErr7EwaDHl39iMHCx3bZJh1Hm+jmvw7s4bAZlvodOl53mUDMV2lFiOjwJqqV9I60kHGwqoaJjTgQSDIWZ\/ykHmvvE3LB4CZ5udm\/GsbwQbDRNgJbri2vaw5B17Su5M6V1xwTuJ14eFKZ+a8Yu8rIstzyVTILfxFpyApCdIADE2rKQDXPnAASOT2RqY+k+66nw8GLk4Fh1V2zutNnSfYmjqBws1rHKuRvWrJM1gLLPGr6ydMmSchFU1cLD\/LGrZlOWEVtQq\/oeIbU+tEMulxU+hF+nkAkAAu\/\/EKzRhx9gVRxFIAnUB9vwjhn+x5Rzid6lOvEBmnsJ2OLNoj7yWtsYEXlE996TM6P+D8UzVRX9pY6vh5aMbwiKOuNGuwN\/nQSWh1cETNDtOybk\/ibpQXo1xhHCwcyyhBNIAMvrlKxIshrgNWIA2nm9vV4xGaHck5eYF99oWsPTt66MnJNSFjiZ6sdNf+6MtL+d7N+gnNsAOIQ9NkFoL4vHseWxsLsIAYR0YWNoUgpIIkTK8yrIw5Dlrgal2CSiCIXDmv1gK3Xwu6Kr8wH8GPthMk09ducyER2zgDZg0GT7j6LXuD3PAsQIev3J2Uy+zYFcekPmn6DM+GAHW\/IJIO3L+Rjg4jkA1g8w4UvgxL76xUxePHAmbIXEATpds808KvXnlrUGHfWLU7Dph9mjFKejTENeB+dGNdiYRkW4MdmphA0t\/LmtSBzx0AGrkGW96ogFAWfV6JNZePwJ1iZnk8fOuccGIZsOMA14DI\/otE66bjjy5fysly3INezLSgNq4xWf2IbFQbzh2XA3\/AwnyT7RWsUgN5eZmcJSTL2j2FXML5nnNltsUvfU5LDoG+R0v\/baxKW534X9NGGMs4UfGQwHPLXDQt0sYWyz8\/U7ZrHEM9q2Ach7ArPhZbQdDus90wyHozCy8HLzRkHtPc5lTmYNP3UxqWUNVEdxC3y1zRHQn8j+Y1jm1sy\/rSWLI8jhzyyhO67IgIFIZZvGvy981iQyE80ODMZGvFzNk2ViTPVOk1fyDLnwgmUU8JNBTpneIrRfnqFQAwJ0Txd+DNpEOl+P5RGoEqMtYAIf4rsFYuoXIjKrOaaLhMsDHSX3nVM4SN62wCXijxu7RUfH4cRBoOcvTvNNfONxMGXoh3w5Z9X6ITgOEcoaui9kD0Dn8XpB7m84BA\/TbRGBunZD\/wroLGInxDReDzgjlT68sCwUW07h2mL1tV39\/yPbKgCaUkeXUriyIfubbAmRuUUy4J0gbGfzdLy2f+y14kKW0kP1\/7zxJiyc1rEjmee7zugB9S\/5NJkYKBwm202EcDg\/JhEO0J9uggHD1KUvmTfJ9q8rO6GiGYUkT8kM7Xp3V3S8RDhI3nnX6czfpV6wQUwsW0jQ3s0avZVBVTX\/51mFecnKGSMOvToPA02k+4yem53PrTCQ2vNA2rpn3TNXKjrFIPnlSeQeszA2g1cPWDrnKP9xP5WXX004IUngMLAmI8ecaWi8FxCiSqTpS7xt7jd0YJ1ESDoYu6DNs5L+d1Nd10hYuq5VaVHEMnY3UFBRE10RKzggEPSgH\/HoGXUk\/YEXQOSaABKc3nJy0DRb0hVYEzU1nlrBhlAOGsyDmxp+P2nQ\/4FGEuo9L8UDR8AOYis6xGKHINpkmysCF5eFY4GA9yEsr+etnCRsFHa1\/hUA+eX5ccvdV1v8VqbPT0aq1aJsNSf0qpY="}
@@ -728,27 +728,27 @@
00423{"flow_id":61,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":295498,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRuhAANsGMlY27xi6rBAq2AG7hPl2s2wjPxDAKFAQAVgfJwAAAAAAAAAA"}
00423{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":295971,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoRulAANsGMlU27xi6rBAq2AG7hPl2s2wjPxDJfFAQAbQVdwAAAAAAAAAA"}
00954{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976058,"pkt_ts_usec":310272,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGzRupAANsGMMk27xi6rBAq2AG7hPl2s2wjPxDJfFAYAbRfGQAAFwMDAYYujMIFuLizeQ4nSXSVL9qZytKOfIpxYUUDGWDQawdyHZKqojphbkEb9ji3V36Ni3FzDQ6ZI5H\/LQFzlV2XIx1aKRAsDd3VNAuoijGL9SXN+BdtCE1TPVcNRsmt9OTPDXh4iITtxYbu0h0C\/OYuwvc49zNSfZCFOPjriu481PcjMBbBKmH2uL4Z09IYZyBxKqWtG7tXjsZdTBFRX8P7PmIii8XphTVdZVKjSTxpAp2G4aMbegiSPo1tZg3CdNZxxewHpUfFmVoc1uScxZCzFlTFtSdfSWMn\/iXZOWx1ti18G0RDXlVt94vfvi++W8LysqmWxssCzq8pZpLkUZNrXu+nXB6mTNLl4Ch4KG7RJIyhguDJv2vUrEO6CP7+wplPfyD00RxHpMugImElKQNBo+Qkt0WE\/D0QCJBzIYhcTcDqNkS3AJT+\/xF\/Ruq\/pS8zt94EyxkKvYil37VacwvRDQU39nnVa32G3eeZC6WuoTXBw+FFgM2BYb9LQu6OP80LYUCiCnlvN\/M="}
-00431{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1490976064328,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1490976055356,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1490976027958,"flow_last_seen":1490976030758,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.1","dst_ip":"172.16.42.216","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1490976032763,"flow_last_seen":1490976032763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":842,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1490976023731,"flow_last_seen":1490976031750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7af8:82ff:fed3:fbc2","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1490976064328,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":328375,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88S5AAEAGXAisECrYSBXOh6SkAbuyb6ZBAAAAAKAC\/\/8DBAAAAgQFtAQCCAoA9ldvAAAAAAEDAwg="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1490976064333,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1490976064333,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":333083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WldAAEARM2CsECrYrBAqAa27ADUAKN4THgkBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1490976064333,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1490976064333,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":389062,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkwRAAOcGEz5IFc6HrBAq2AG7pKSpsxlXsm+mQnASH\/60aQAAAgQFtAEDAwY="}
00414{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":390589,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8S9AAEAGXBusECrYSBXOh6SkAbuyb6ZCqbMZWFAQAVf+2gAA"}
00735{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":392195,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"pkt":"AMDKkaPvePiC0\/vCCABFAAEV8TBAAEAGWy2sECrYSBXOh6SkAbuyb6ZCqbMZWFAYAVfKsgAAFgMBAOgBAADkAwP+0zyDGxXotNTaK9PKSDUhNTk9mpydrcn7is4FWWWLVSCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD90462wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB7OjoAAP8BAAEAAAAAFgAUAAARZmxzLW5hLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGIqKAAEA"}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":849,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1490976064328,"flow_last_seen":1490976064392,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00617{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":448088,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC91iFAAEARtxSsECoBrBAq2AA1rbsAqQ1IHgmBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAABFAAoDd3d3A2NkbsAQwCwABQABAAAAAwAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAAAEABDRV0djAQgABAAEAAAABAAQ0VdHFwEIAAQABAAAAAQAENFXRj8BCAAEAAQAAAAEABDRV0Xo="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1490976064452,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":850,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.216"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1490976064452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":452332,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L2dAAEAGLj+sECrYNFXR2NSiAbtfxHgaAAAAAKAC\/\/9kOQAAAgQFtAQCCAoA9ld9AAAAAAEDAwg="}
00424{"flow_id":62,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":454232,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolxlAAOcGDzFIFc6HrBAq2AG7pKSpsxlYsm+nL1AQf\/x\/SAAAAAAAAAAA"}
00424{"flow_id":62,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":454364,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoLF5AAN0Gg+xIFc6HrBAq2AG7pKSpsxlYsm+nL1AQf\/x\/SAAAAAAAAAAA"}
00629{"flow_id":62,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":454409,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADELF9AAN0Gg09IFc6HrBAq2AG7pKSpsxlYsm+nL1AYf\/yKfgAAFgMDAGQCAABgAwNZFVbZSvcTSV314tlSgSgSDpPxNEQHey5Fv+zjXifiHSCAoIhp+G+13yEt\/a9wFbgYbBGSpt6bYu8wE9XD904628AvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACjJS+BuJgZgFs99o+swdQt1fNrwpVdOGOEnGVQVhhE\/DUpgB386MGo1"}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_tot_l4_data_len":561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":257,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":7,"flow_first_seen":1490976064328,"flow_last_seen":1490976064454,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00414{"flow_id":62,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":460481,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8TFAAEAGXBmsECrYSBXOh6SkAbuyb6cvqbMZ9FAQAVv9TQAA"}
00484{"flow_id":62,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":460766,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABb8TJAAEAGW+WsECrYSBXOh6SkAbuyb6cvqbMZ9FAYAVtTEQAAFAMDAAEBFgMDACgAAAAAAAAAAB5+3oSCjbznaCKLIYQ+spc1nPoI9kpIfValJbNGrWJL"}
02389{"flow_id":62,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":474780,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXc8TNAAEAGVmOsECrYSBXOh6SkAbuyb6diqbMZ9FAQAVsLnQAAFwMDBskAAAAAAAAAAZ2mur3wHEqhBcXSSnx+ZemvwN7G0nMqa5GxGbTCUW4gy6SUIT\/OaGJCPx6ayzb9\/OX96KxEJdrsPABOmhPz5YHryuDlopiK38OqypRFr29WHVspKJDbRtXE+aAlI+kZ2OMhnRU6s70iVdc+qm2ZkxJkymgmtsEWMHYJQ4o9qQeJoFD7XaGkXQRgLqlfMrQgxFxl2OxbbexR5X7kHdcRysEF7pEEsbPbzGDfT+Z+kzwWOzMhSai1rduDhgpLMo0qDpwts+UaaLXaSm2nQZIGMpbiKW+kWg5SYh2PDZlaj4TEKFPK8wcNA3n998swSMjm8\/ATgIXiEALfHMBkvZj9EArGzZSkNjjJY4CHB74UUg0dfaJWNIAMycxqRZqWtWy97o00YQc3VlA+ZPC6Y1mCZI99oOzC44g\/aqWv6xZHtQ3qzX2KQBq7ys2SEo3LYF9cbmKPhkPItCogBztjZTbam6s26suHN2ljjYGCtRmWfqvQFxSi47KYeL2wQZ\/4C6T\/BwqPX348uiUdc3p2uhvYXxy7acLuB+peuzvgtoZKSoX8amdaynvN7Zgfmca4OOh3NSXPZSf5B2NZasKmro2Ap6NwXBhqZGwIap93F+Wdka9Yti5W62OuCrxZR17r7c09gPdc+HhtLA2MoipnJLv48LxLAv0niwcEbAzAVkvXXU9g6gsxGJ0C3zAtOEl2Owaa11dgo1BgVWoie6BAvyBYUqtbKtJyTE+fhQeIo4GOstAO70+G3zGd9puYLcQlcEMab45MYJc0G0gQ4o6e0bXjYgG2Y\/AUjD5itxA61JEIsRa6s9+ms2ZaJ\/y7HgDBG0LLYm6vIqtkyCj+SF73O8dYBsNlJJanAMS+KIP0E9\/5elUL9uFafeTOEUwtE5LEEXKf3niqTkS7HVbz349D6tMyBslU7APBw4wXKeG3I\/EiRsrT1ewves154Dtr0rz9uWvQF630wltgSQTUpge5sXsDqIvSBV3davLY2PxPShWxSTbNqLA0huryxGVgzaNdIZlGK0ZNgvVbTfuNNbtBu1ce\/xPFDYSMzfdbsozJOQkUsnTWuLV0BSlECXiQ6pkoVni1xD8mzG1B0C863uRglsLCxUKfjNIIyLacuPjkBFQGUemg4KkAva8pRm0ZKa+Zm8U7LwxQxjElPx\/1ipmdSMx8IYoQyVWn5qIrIY3fVgvFWX4wxQJFvpTSnQy2C7qOauYr4xcMO1S2sP84DcQ67eciEhLwdF6evMA1yjJrtUNbm93K9eDOs5WJY85cKrhjeD2X77EwxTUuhcirwFBKmv0dpL+a7nO1sXJnlhtLt1eiDLjSZRZie7bJg0\/I18F+bIRzCcgTDRNgzYHUhpnInrIHphzr\/CJxBCcaRqpz1mEBQmyyjtu87MVn9p6enjCAgM32T8vuRd8anmWpXtmxjB7bL7OCIBwVgez2EZK6NPV4BuY2EcSBKoCoCI5HUd42Hgf74qtXtIleaDtPisrw2iW1RpqcMANTdP+dEIYc7HuAZv7Cu+BdUkpYkJyRjT3mbKv\/Or8xXwUkvJTtkTxYCSwcspr7xqURTUbkoYnClWBhWdFa8l+UBORmXI8rlMj97Nk7r41vaawDBRS5t0dHefMyb7SkEbJnYRt53omnFc3IzsUmIT23iALNC7BMVtm7yVp\/sC1ACnJqtkKJRqtOFc97ap68fpmO+qlNX9ScmxkQmBBXCyIAyT1vStrXCvX54SfpdLap0y7g3C9aEE6NgLvKHeZS\/pVlEBVPMw2eyKdIZpulkRRupeTtd19wGZlnxTpnAgWARYNUTkJ9ukP\/zo2pSfZjZv70RcF\/kLygmE4ttZcnWw82ua8i56yATRzBjHO1bmxuEvKCxDPyQF5SRlEfUSbbz01lSX3UaSt3sZGD\/okXNFFt3mv+hhomvI4QE2qyT0b+eATojW8="}
@@ -759,11 +759,11 @@
00442{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":505269,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqqU0VdHYrBAq2AG71KJ+bVwJX8R4G6AScSBROQAAAgQFtAQCCAptHVo6APZXfQEDAwg="}
00430{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":519519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2hAAEAGLkasECrYNFXR2NSiAbtfxHgbfm1cCoAQAVfvyQAAAQEICgD2V4NtHVo6"}
01130{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":520567,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"AMDKkaPvePiC0\/vCCABFAAI5L2lAAEAGLECsECrYNFXR2NSiAbtfxHgbfm1cCoAYAVeoAQAAAQEICgD2V4RtHVo6FgMBAgABAAH8AwNl4D5WcIpeF6adbzNjl\/tiZhGpmavxSM5uXnDrdJHl1yBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHawAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTOjoAAP8BAAEAAAAAEwARAAAOd3d3LmFtYXpvbi5jb20AFwAAACMAsFRWtD3JSKQf4Lr9eEfx0PQ01nHGkidDCG7s9KZESOymslO\/GqdkoVsdJK5ZoYugmQyWHOp1tqWh2bA4KlSTUx1xDcGhPBYTENeT+hnpzYJuHISGm+WAjLYZpeScMXdEj+cpOxx40tMWY+U2GkrsQW5AIinC1PY+tiQWPYlKDKD6UtQmLCxNZDzFu5nYZUvgPU\/iQ7PiXNcQfJ3byiPYuj5cRmbUB10pxz435spf4lY4AA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYWloAAQAAFQBnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1490976064452,"flow_last_seen":1490976064520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":62,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":553234,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoLGBAAN0Gg+pIFc6HrBAq2AG7pKSpsxn0sm+uMFAQf+B3xwAAAAAAAAAA"}
00430{"flow_id":64,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":568500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0BktAAPMGpGI0VdHYrBAq2AG71KJ+bVwKX8R6IIAQAHbunQAAAQEICm0dWkEA9leE"}
00644{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":578107,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ePiC0\/vCAMDKkVoBCABFAADQBkxAAPMGo8U0VdHYrBAq2AG71KJ+bVwKX8R6IIAYAHZQKwAAAQEICm0dWkIA9leEFgMDAGQCAABgAwO0ahuAu\/mxCC7FLjcjJHsCRdjVzbWF6rnmSZki2hWy+yBHUQT65GzShmSQt43DXU\/iRpfvK3yVUZImuuA4WpXHa8AvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACgY50qTfNIcvqinmQ3E+DPfwPuU5K6raP7Loz32LgY07caLSfq6mttr"}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_tot_l4_data_len":881,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":869,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":6,"flow_first_seen":1490976064452,"flow_last_seen":1490976064578,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":673,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"5ee142340adf02ded757447e2ff78986","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00430{"flow_id":64,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":580324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0L2pAAEAGLkSsECrYNFXR2NSiAbtfxHogfm1cpoAQAVvtFQAAAQEICgD2V4ptHVpC"}
00500{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":580609,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AMDKkaPvePiC0\/vCCABFAABnL2tAAEAGLhCsECrYNFXR2NSiAbtfxHogfm1cpoAYAVtdUAAAAQEICgD2V4ptHVpCFAMDAAEBFgMDACgAAAAAAAAAAIzF4OdeVlaCewECt1pR31RMu8hup3MBOGRShskTWu0F"}
02395{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":601527,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcL2xAAEAGKJqsECrYNFXR2NSiAbtfxHpTfm1cpoAQAVvqUwAAAQEICgD2V4xtHVpCFwMDC5QAAAAAAAAAARsr89W8dyIR8Ssse8\/bbg9e4ZavJRJMt+k5rjZWeqISAX8hsX+y6QQjYDYkJfp6uT8prrq+kxOYAOiWoNfaRCWE0nvnvztgppMmfI3d1jX99KxqYxvh2oJZFv\/pvBQQkaVpAxcQObAFaZ9WU38jfrXuLSGfdDwHPEoJ96T9QCZrehgP7DcJlx+9RGi2M+774Sjm8A13cAFBAXfDpEqGMN9CoYOtdOZD1KIYbI1r5IUCqVe5FMYukWA9StzXAW1VxH97dyEkEoHGROrhofaAkHHYXxpjKE\/bWN3v74NZPaiZ\/GzoezOebqPF5gf9++OEpqwnbntFf\/cavlSPTjFWrELjPiqAbXzGqM+T0IduK98Ri991SX1eExHobxNmASPv84ChwaYFwFkktzbbyDImArkZAlFkIcp84flfawWv\/iSzvhRTrsmFqFsW1l9DMtGfK3\/y2YcO8kDLjGXNQKynTNsJDa8q5Dcj2SGETMJsGT0EzGOHbFA1ySIGw1OrYcPfbF+8NDLPUtVQLivlZSwOtaUKRSXem+FWq05LWUaJZSpAbXG8+mbChykwCPlIX+WK6tswBpfjZlRAxwaDQt8boVSi8nY3moWZxOTjsH\/IDwQxF4mWC\/dHXhw4UtECJDVz0Z6HZdvzg10hQ4XkbjpS2SFuwizAij26gsRhJiM2XHi7n05bv2jK\/ZRGXcrKXbVJB611XBjn7l\/AZ+jw7ynauPJiRczJifdGMHJdxWEHpfqCfJz+tWTeZo63WVLYGI7EnNT9XBWCvR7DvwHZApgESE29WQREUUlfhJFeiqdd3JKCwMZtICFhA\/rH0\/RYtoKls+\/LzpRsyruyt4WT9\/ckqpmjxqWuyBd1xD5c3g3lJRi6BjnCaoFOiBe2FCc4xpGqwyfhwhA97bBI1y1khgER4SRd1Pt3jfToaK633543mRG2pvJqwFHN268J9duEl8LzzlRo4DxSSkFDfNt1VBxuZQjSdb0gETMoFUcQC2t6CkPZBT2cWFabG0sH4eOtjUgCJUkhY5ti+KkHeuUG7pqWTGOjlDA\/nYMGLL8dOYHBr+K+Lrl9bpRPfNTbwfUh+gvXVOzWV45bRAIFfAPjFOZ66HEZpf4BExs\/kt1FXy1D3z4r5FaXaUn+RsE9\/Kn8HHA\/2RrjNKJCgwSnyuZA4jelwdXu1ifcuPD0eCAbcoUCeBu59I1eT\/WGRriPRxBpVK8STKe+KXw+wFKAhyeeyESCo\/kQ5SMwMHwGRQ8b8xgt7sIGnXK1s960rVhWZLMKRl7T2eDFGuWkPEeWa\/yOvrOYTpe9+pasC5q6AZH84cYg2TgiaoKfaEyIU+5Uus22vVab5SxDifHErwIEGBYEabVZI1xSeWD5ietfXP7AvpLxDK6rNxmY1F\/P6a1+hyR5ZYtrSBoSNOO4h2DRI+K7Sghu7ch+8ROegN2hG3QVXocxBPhOaqqex11MaCRq7\/PE1miu6xe7LbiXlFyf3ZbGBPvPtzEFgwnDVL47IVdcQYohpIHkMSUtJ1bXBJh51RidlS57vDpRZ42etFhN6a1wN58FXOJa20uTlA+MLzXdSPKmf+8u4zdcy2x8nMyasr7686ld5btiYFpfK2XujhkcXTUjXtK0P\/tPSQpYQBubFr7211VZaUCNWcLOUV+0EJrJr3MNep0z9INVy9clLNaeP2vM3f3k+D3YRXFKgsIIUj4fjIRge9cnHEi8uMVS+M4Of1CDtQSyHQIpWWJHv6DHxXSERUqW3eXAUlCYfji1vLOcib8z7nI1fkfkwCYBcUkHjWWzWV4IW3QOVFMORXDGiltstcEm+7WnrouxZcOR2Byvt\/hQRGeB69FswG4HKZi4ofbUAPLiUbZfGoRoDN68964LqMhjmx8dwlz7jo8KQjm1yq\/fgccFd0RAVWmLXuc="}
@@ -773,71 +773,71 @@
02404{"flow_id":64,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":603447,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcL3BAAEAGKJasECrYNFXR2NSiAbtfxIuUfm1cpoAQAVvGagAAAQEICgD2V4xtHVpCHSvFLP02i2EjE6Bz2rnFzJqFQblf5n\/ldDcKtoPJHJ\/VLJlp+sgU8GaXmngF\/QrXfk+S0fHnXRn2mVNtjv5hpFoDqIiBGRQYyQYDnCRbZvQNOgNKaCby8F7Sow0M042ZDx3Ogr\/ssg507Ueej3TZT2AnYJXR6e8kwRzTpBmJjHi52vdNf0sb8ZZGvIzsAPzHnhnqardvTxneKUmAeYCnMHI9R51BIz36YDZDqIZo0W9OnuysCaLupY8MaiZdy95MvqYeNpTDlUpUoZFwI2YFOs+rELc7a21Oh2A0Ht6L2S++j6RHiCjpY9BHN5wA4BlBkAYAztzEZjQ9pfDvHvg\/FejVI65lkmYMoZXfH9aMHFW3zntvvnSLyOyYEbig58DtImprboeymyw5loA9FnKWFE+JdgOdtGkmZXj3pvyrERQUGLLTVNwy7EZXbF\/lBTC\/5xGTqAa3a1JzPeO+7NNrxfusdNq4slGvOHtK9YC7vl9qWoJzCG9NRYyVSnf5eu7pNIxh3JEQE0RHC3JU0vrqSoWzPJo4wBKqI\/CYeP6JZfqKgCNwtWf6mf0gY4wQWHj6DAGLx2TFfaEO\/KgZEZXrcGT6GWXG9SAw+K11KHE5GtYPYLUicYMoeFUSwuJWTjksLWd04Es4EkuLoNGi4jBWGg+YiJVDJnx+RRatUwiDi1y85mG\/URGWvRVHXWLRZwGc0SP6YgS7xqQa7EdBSvK3rgQAfBfLzqssW0DmKPHWVfOyvzv5V2ZRZ4XdfdU2xFO5OJ31NIJjcgZgPvkVO4S6P\/FVlsdiuQX4\/EG6UYb\/AB27krGp19Oo4eMIG\/p7qix0TDPrUtA\/a+d529M+55L1KS8lH9iLwV2WAlLOchJqIKvGWReEZEX4Iw2P9h\/QRzDSsAqbysunGLiG0xCJYV9+5qW0pESbmAwUTBNBpuzbywNMN9q16XiA5NazdVQ4nUgmjfegoakFsVg1mB9nUGD\/RSj+mcW4yzMUNfcEH5xXw4BhuOVazW\/rNzJXyNhC5JlMR4K2QpoJOl6fdIumsv3KPQWLgvP\/UJzWpgNO3V46wI4KsMgfRfTQ6yRL4mf8s31UpIBHQHBfWtr\/e2yXR2Iv2c1eB+xiL8Eg0KdMqBeUbPlMcgXD9Ro7fzHp1EX7C1NOMTPcfoV5MBefsozd\/J++tmMt5WYyLxCUp2WKvMHCv342X3Jsv5NINtAEQTgKQeZkZYiFzQl92Nsi3XxdtmCAUAYrZZCLwzUxUzAwe\/353IQcYIjbBcHXDdVkh7whsD+R+FI8zBMRkLQuim7Qkyonj8iFPgE8bO9OlNJVihegnou8KfaVU9CKYo+sN59UWe3fX9zyJchn3Wly275LmHxNZQJEJQFPJsp+LzCixdEjKcMs7dOOfiNtPhbyMadXyGjU20JoZnNjaU\/VB7MdX9PiR02Va+jKTOaRb7WdZPgK0DdryPKDcsEqMmbuJH78sVQlQUUuTlJauaa2jw7J0RU303k3YzhjQwEouvKI8w4rWlO1f63suPB6X11x\/p4KtZfqdkhhsNuKRmwOBG+sxzRoKofHJhpqzPmobBeM6l8U0rQSQDv9x3lC\/jIr+Rth37yo\/KcAVv7FQn9vr6xtOES2wUSD0L61xjUggoPvNxpwaL1RcaIfWTwKF+Ey9Q7YPNjXHVnev5DJEVHe2+XCL6euo+P2APey+hjeCXjfPJZcma5MIrI6XAHJFUZUtQz9o\/a\/A\/+EGWEMaPPmfQpaYE\/tT+7JXD\/8gWKU5FSsf46Ca\/LvEgPIGrVVKwI2pdSmaN4M6LaG7TEKRN5csH53CNIyqooaMl8b7HnmiVBoQE9SxbxWVUwv\/Te\/6PLqpy6sHiDMt19+3JkW3PQ6XKCb9+kU8i4714wdkZ7ihd+aWoXmdKH60s89j+M1WFGDm+Z9XR72\/Xp7lUSCHs4="}
02368{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":603672,"pkt_caplen":1495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1495,"pkt_l4_len":1461,"pkt":"AMDKkaPvePiC0\/vCCABFAAXJL3FAAEAGKKisECrYNFXR2NSiAbtfxJE8fm1cpoAYAVsjqQAAAQEICgD2V4xtHVpCFNFoCQXT2zXedVdl3AzzXtshIASdRyqzMPJ0ieb5GIh\/6qV7Ar6ClcCZIaQYSJGM\/Xx\/xQ8PxP8T\/lqsNBhwuvww5EBLM3H+we3nWV6Iz7AerpeWIYepLDzk\/s7f8zrAtGK1TkqM4F6EeqYQe4O4O3ZMQiHdTroliZnfBDSpKvBOJ3BWx+Uw2kKm1sXUrlkv30vO82d8J3VPsHo5mEpwO4+ny\/r\/XOlihhLqrdyzMq5lzd3ASFfaZDnntUwfteHAST5DF3PmbuotNAGIlKyXj\/hUeoH+Svd8ChLasG8eNUKHN9+GZ9iK626FAqX9CToxAF+97l8ky+5y4FVxm3+rlFG5R9y15xzYG3YCj3n2RbG4cMdLL9yYsBS8VrvzFuqL580RdVOKIcqQevcPC+zPVxb9cbnVfA2qhzg45IzWCjLkafu2USof4br1XtznRJlhPrz1yvpWpDK8lJgejlXd1O3FhbuIjxKAUamUycz4fNGK1JzhkiC6k0TWFSW4H5RVr\/iZ7tZWWEdpImO957nAmsmoan6GKzcsWXPOKovLYkqroacpNA8tCaGTaAHgfb0HiusBxObegUPAB5KGg9S91XsUNBwyk7F8qgFwOYGQevhUomDwigu\/zj9KOgv0ZB+w89tg77NVZmqaOSkd0k7qHNTCUUmK2gbnT8SlYdVeBDe3iK\/vk79uSteS46Bxcv4110O\/f3Qe\/hGu3ITWDNQKfvMDQCFRWovTxIDxAUL408eb3XkX6I5N9LA8KyE2UAIqoOpv3Q+D2ElPTYvV3j2SxyAOKhbQZav5cr7pvoGCZpSya8p63EONJ890a4+2FJAdWLTc3R3MLtEE5noGwDnefNtSHDlT5LC7IEcqSbbNfYRvfDAPSInA5q56SYhoA1YQq8YZuPeMvkMngje20FEy0KpREjWf5BSG810\/QGNhRUn8SHgIir35kISCLvNtZBX70I7AC4O6agb4at6RDuKYbCoaqUnzqomi0AKOvzVGeENgrxvC6ZH7+jncKkxCamigGeDBKdus2a1pBFOlh8RkCsPr7ZfWwOXOrBL64ioLQK\/c07zpbIy3IwmQoMtL6KovdV7uPXBnFPOi1Lmefj6eQD2HfPgbt4hE47tXg6jHJmztjkSl\/H6o3RFIm8pZed+nxyutCk73f\/L6nAyVgzFhdbhAugkUo+ESUZwpBaI+WOKCpnZLBoxHzweUrec1ed1yYkPr3E4pFJBk9RiS8wwozsT1liQCyZEXIA0ToglxknbjRw0M9Bn6a8+H46EUcieFvfAnhMyCdUtyhyq2ZG6masyxvvD1uT3f26AvjDvI1CZrpPYELynYjAvnlYybBrQVzE\/JSx33BMOLI632ra8qnIIq6Zd3lK1AFT69DULtFPSPXeD6OVFfByxuYSyCh+Uuu2kjZfsGPhRdcsVDJWLyK6fOYBQ93GOX\/jPhy8U3T4VCvOWvPlvyLK3kvd0QOoPc1zGF1R9kezZsiSF63yFT8CxIOZXHqlH6dONN8F2zbcyN4JRiBcGHtw\/sTdc5zhYDjjP8KH1dSdbe6H6ZEcVazZd78b2pDAIDNcbUVoEpkYQR9G1RG1YOLQZKvA5Q37nxGdYRqN4O5sZ5h9qkP9uZS5l7GIO+hXuNcygIsGDyR2ytiIyl0Mtw00tfxtezRnwjqGdTMAQSyNPqMZTQ7E3y5Il+Kl+nHXpfFW55GilJCM09gKS6GVKgXs1nVk9isjCdU5ST4JeMTIF568bOYt6hQvLWIDuHOYQy5Ak2NKyHtA2aS8a63AzrofsZ6qLBBH8lZQ2prNO3W4t\/KNPBXkQDg+c+v0l5+TzNtkqLobZQfzfK2waBXVu0AS2lHXxpptFP\/F7R65y4eyeZDPublC8ZDZdBrThTWwYefSaTV3Lki\/OhVHRRUA=="}
00432{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976064,"pkt_ts_usec":675594,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Bk1AAPMGpGA0VdHYrBAq2AG71KJ+bVymX8R\/+4AQAIHoDAAAAQEICm0dWkoA9leK"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1490976067916,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1490976067916,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976067,"pkt_ts_usec":916709,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WlhAAEARM1+sECrYrBAqAe2EADUAKHojSVQBAAABAAAAAAAAA2FwaQZhbWF6b24DY29tAAABAAE="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1490976067916,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1490976067916,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976067,"pkt_ts_usec":965373,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ePiC0\/vCAMDKkaPvCABFAABM1zdAAEARtm+sECoBrBAq2AA17YQAOOTBSVSBgAABAAEAAAAAA2FwaQZhbWF6b24DY29tAAABAAHADAABAAEAAAAsAAQ27x2S"}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1490976067968,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":899,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"api.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.146"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1490976067968,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976067,"pkt_ts_usec":968666,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8kvdAAEAGfFusECrYNu8dkqLbAbtu3MorAAAAAKAC\/\/\/lJAAAAgQFtAQCCAoA9ljcAAAAAAEDAwg="}
00426{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":61060,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw1NlAAOcGk4Q27x2SrBAq2AG7otunydf3btzKLHASH\/7bQAAAAgQFtAEDAwY="}
00413{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":64020,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvhAAEAGfG6sECrYNu8dkqLbAbtu3Mosp8nX+FAQAVclsgAA"}
00714{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":66460,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"AMDKkaPvePiC0\/vCCABFAAEFkvlAAEAGe5CsECrYNu8dkqLbAbtu3Mosp8nX+FAYAVdqyAAAFgMBANgBAADUAwMdKoGNaOtWl2eYW4si+Xi4wmWhQDuns4mF\/nWjaB0YoAAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAfwAAABMAEQAADmFwaS5hbWF6b24uY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":20,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1490976067968,"flow_last_seen":1490976068066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":158441,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2FJAAOcGkBM27x2SrBAq2AG7otunydf4btzLCVAQf\/ymLwAAAAAAAAAA"}
00423{"flow_id":66,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":160303,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoZIRAANsGD+I27x2SrBAq2AG7otunydf4btzLCVAQf\/ymLwAAAAAAAAAA"}
02382{"flow_id":66,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":174408,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcZIVAANsGCi027x2SrBAq2AG7otunydf4btzLCVAQf\/xyoAAAFgMDAFkCAABVAwONMI8Iyv63AmFuDSfP\/0yielu7UE\/K6u6ZLOsVNCLwziBiAQrU5aukfZwJZmh36dxzlH1Ac\/uz51RcEmA3y0NT68AvAAAN\/wEAAQAACwAEAwABAhYDAwtECwALQAALPQAF+zCCBfcwggTfoAMCAQICEEHOGuM8VS7R2sIvlXez2y4wDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA5MDUwMDAwMDBaFw0xNzA5MjMyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRkwFwYDVQQKDBBBbWF6b24uY29tLCBJbmMuMRcwFQYDVQQDDA5hcGkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHJ3Pb5twdq2w41cJul8CLJbEA6UwYYsIktXfpEB0XIrWz3Lov2BDKoQ4eKM8IJXLcYjjiBDYAECriL1o5yUM7fvewij\/uUus3k6+t+3UH41jCAumPiKVrw0kxY6cQB4aDPS5SCZlaMw9dmCxwD0\/hE8Im18n2E8y6QaPYLMWQykmoFR1vwcqIU8sx74fS5EZruGZQXV5SFbXJyatXlzhyIp98bl2QsM+P43QhpE5oS2wp21m1CoTBZLGyvfC70Okq9J\/JFNykC88x6pWo3ztca98ZHcaE8mAlz2PfiZDrA8VwNpqXi0QtgNjg+xAKJyQlLPAkcNtVoxsFjiDaOePMCAwEAAaOCAoUwggKBMDUGA1UdEQQuMCyCDmFwaS5hbWF6b24uY29tghp3c3luYy51cy1lYXN0LTEuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVvepylwAAAQDAEYwRAIgYi4IRQJREnRkm3M\/z0PSCRr42\/srnQR36TRR2kSRPmYCIEtHXAsbBkpLUUbUSSG7BVrF\/\/FAKu7EMnSzk83azXCxAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFW96nLnwAABAMARjBEAiB+4n8nvaU3xVjE8+gmVSYLuatUIO5o3A9yJucLcJuIOwIgVCIxrAglUehS5N51k2WXJQwsXf+12jP\/5+GjHbr0EsUwDQYJKoZIhvcNAQELBQADggEBAGuxWokn+1oF72ZaXxMUWJRPXavX2Lpkrsjol95S83CR0jVQRM2WriDQRViktyJWg1VOkVdFRolgfaIPDOWjIWd54RFSBtAKetX2TE0="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_tot_l4_data_len":1849,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":907,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":7,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1681,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02386{"flow_id":66,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":174709,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcZIZAANsGCiw27x2SrBAq2AG7otunyd2sbtzLCVAQf\/zCTwAAqsxsINuDLLhY5Q2kdkU9+XVolUWl8QYC0tiGydpyImPxSLauHfX98pHOGiPFDGCJFhWs5bRoveA2VU9AQRLAj2LwO2m\/GFBZ+xuk3M+e9W7Lk5pycrfMtHzksuGeQtAx4OV4Utuv2WAwf8nR89cTIGwexgWD4bUZLYdwBdainm68bifoieHhXhZZNdBAGu+07VDgHiYwsGMizOxIfvdkAcbvQcMOUx3uGUCB4\/px2GbFElQYAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8="}
00978{"flow_id":66,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":174770,"pkt_caplen":464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":464,"pkt_l4_len":430,"pkt":"ePiC0\/vCAMDKkVoBCABFAAHCZIdAANsGDkU27x2SrBAq2AG7otunyeNgbtzLCVAYf\/xVlQAADrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDAU0MAAFJAwAXQQQgybwNcmYxYehlqaX0lDqml5f0PcJM8Fsah6vm03jvbZ4bkrnHlJGy5BFbvGNR3CLh8LomqWzOC\/9YxeFX7733BgEBAJW2\/1xJzMbdPlAc7ah\/z\/TRcDuRX8lO76Nq95Fma644QavQ0fbotVF+XzFExx2dNMBFTh4duz\/UEUmUr4HwtMdpfaKaKYTU9AMmVvpmnSsNfEDLT4KilnTQC9OZLrgI2u33q8tuhqJEvh\/Ej5x4euC2jCvhqIpQAN4MQXq2j\/SfYwBsBpeCrRbJ3z3SD+xMXJQhlvze2u+J9FfjMP88Hqar7IOV\/DbPJ5jiZaar9zAv56OIRd0Rdmk\/F8vj2MQEa+\/ZvN8h9cg0M0FFltgFjkBrYw8\/BKFICEnVXKn9iWSl+TkpSctAOborGxA3MboZnHKkSt8pZiOlENScGToxFaMWAwMABA4AAAA="}
-01152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_tot_l4_data_len":3759,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}}
+01163{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":909,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":9,"flow_first_seen":1490976067968,"flow_last_seen":1490976068174,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3551,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.amazon.com","server_names":"api.amazon.com,wsync.us-east-1.amazon.com","ja3":"bdf21e38e1f69776df407235625e75e2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=api.amazon.com","fingerprint":"1D:A3:CD:C3:06:9E:9B:A0:61:1E:1A:75:55:C1:A8:B0:DC:F8:75:2D"}}
00415{"flow_id":66,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":179829,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvpAAEAGfGysECrYNu8dkqLbAbtu3MsJp8ndrFAQAWIfFgAA"}
00415{"flow_id":66,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":180097,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvtAAEAGfGusECrYNu8dkqLbAbtu3MsJp8njYFAQAW0ZVwAA"}
00415{"flow_id":66,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":180254,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokvxAAEAGfGqsECrYNu8dkqLbAbtu3MsJp8nk+lAQAXkXsQAA"}
00587{"flow_id":66,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":229898,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmkv1AAEAGe+usECrYNu8dkqLbAbtu3MsJp8nk+lAYAXkRuwAAFgMDAEYQAABCQQQ46D6Y+UkGsvZQOcPhRkHCWnfIPXTDx\/pw1D0fy3NnkyB5H1viTB9LQDFgLBJbS3ysAlHrtm5l7+PPvPeTuTWkFAMDAAEBFgMDACjkCJX4dr0ILknXj8wy2V44ye61dT+shkTZjNif5tZN70vlauF4yX54"}
00488{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":307325,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ePiC0\/vCAMDKkVoBCABFAABbZIhAANsGD6s27x2SrBAq2AG7otunyeT6btzLh1AYf\/oR1gAAFAMDAAEBFgMDACj\/05YtkjPkhogM3qsd3oBvWrpIBlIsg+QyIW\/imeeQrNa1vk1Hj2Vv"}
00415{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976068,"pkt_ts_usec":313208,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAokv5AAEAGfGisECrYNu8dkqLbAbtu3MuHp8nlLVAQAXkXAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1490976071237,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1490976071237,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":237623,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA870hAAEAGV6asECrYNF7ohsHGAFAgR7VrAAAAAKAC\/\/9hTwAAAgQFtAQCCAoA9lojAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1490976071286,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1490976071286,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":286664,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8a3lAAEAG23WsECrYNF7ohrJ9AbuRJzFRAAAAAKAC\/\/+CYgAAAgQFtAQCCAoA9looAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1490976071306,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1490976071306,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":960,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":306483,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mshAAEAGrCasECrYNF7ohrJ+AbvI+MDiAAAAAKAC\/\/+6\/AAAAgQFtAQCCAoA9loqAAAAAAEDAwg="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1490976071312,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1490976071312,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":312877,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WllAAEARM1ysECrYrBAqAWH5ADUAKtG2BusBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1490976071312,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":961,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1490976071312,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":322934,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3TJAAOcGwsc0XuiGrBAq2ABQwcY3D6dGIEe1bHASH\/76HQAAAgQFtAEDAwY="}
00414{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":324237,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70lAAEAGV7msECrYNF7ohsHGAFAgR7VsNw+nR1AQAVdEjwAA"}
01457{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":324885,"pkt_caplen":834,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":834,"pkt_l4_len":800,"pkt":"AMDKkaPvePiC0\/vCCABFAAM070pAAEAGVKysECrYNF7ohsHGAFAgR7VsNw+nR1AYAVdFngAAR0VUIC9tYW5pZmVzdC9waXRhbmd1aS5hcHBjYWNoZSBIVFRQLzEuMQ0KSG9zdDogYWxleGEuYW1hem9uLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDUuMS4xOyBMR0xTNzUxIEJ1aWxkL0xNWTQ3Vjsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS81Ni4wLjI5MjQuODcgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IGxjLW1haW49ZW5fVVM7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBzZXNzaW9uLXRva2VuPSI3S0hoNVRqUzVrSkVsck5LcDdpUVlWZEY3U1VyYVV6QzdaallYOFNobzF5bXFZaGp3NElNR1FPNUE4Y3B1TStyS0ZyTVU2a3VjUlpwUDhSb3p5c2hDRVRWdlBIYWVHSzBXSk9LaW1nMnJlRTJvRmszOXhJemVzUXFoeGE5NFZhNVpuOFgyc1E5MDNqT2w2UlllWVowL2VCWDhkdVpoYVRNVE1pRk0veFdsS0NmZHdQNTF4WDhFRmNGcTI2OXBaWkR4YXpNSVJnbzQ1UT0iOyB4LW1haW49IloyU2tCV2VGdDh0YWt4P3VvSE1oQmdXS0o4QlZubTlWMFprVXNmM3FmbHBCaEBMSDBDVDBVU2hvaE1xSHpvWWYiDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_tot_l4_data_len":888,"flow_min_l4_data_len":20,"flow_max_l4_data_len":800,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1490976071349,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":964,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1490976071237,"flow_last_seen":1490976071324,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1490976071349,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":349196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lMZAAEAGsiisECrYNF7ohrJ\/Abuhu87oAAAAAKAC\/\/\/ULgAAAgQFtAQCCAoA9louAAAAAAEDAwg="}
00427{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":360390,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwaLpAAOcGN0A0XuiGrBAq2AG7sn5peFkmyPjA43ASH\/5viQAAAgQFtAEDAwY="}
00414{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":361620,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomslAAEAGrDmsECrYNF7ohrJ+AbvI+MDjaXhZJ1AQAVe5+gAA"}
00695{"flow_id":69,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":362364,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3mspAAEAGq2msECrYNF7ohrJ+AbvI+MDjaXhZJ1AYAVcLWAAAFgMBAMoBAADGAwOkcAvRwSrfQVVFK\/foqopFdMlvROgq0BQ0TyljveD8PAAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfQoKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAh6egAdABcAGNraAAEA"}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":968,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1490976071306,"flow_last_seen":1490976071362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00427{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":363611,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWSpAAOcGRtA0XuiGrBAq2AG7sn0V5Ch+kScxUnASH\/67KQAAAgQFtAEDAwY="}
00414{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":364685,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3pAAEAG24isECrYNF7ohrJ9AbuRJzFSFeQof1AQAVcFmwAA"}
00738{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":365551,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXa3tAAEAG2pisECrYNF7ohrJ9AbuRJzFSFeQof1AYAVcrhgAAFgMBAOoBAADmAwM07In88XJWi3gVEL3IAq3jnfxPPEmAP53P8CbtvduRQCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1490976071380,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":971,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1490976071286,"flow_last_seen":1490976071365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1490976071380,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":380614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Ky9AAEAGG8CsECrYNF7ohrKAAbueQXEdAAAAAKAC\/\/81bwAAAgQFtAQCCAoA9loyAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1490976071385,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1490976071385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":385523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fzdAAEAGx7esECrYNF7ohrKBAbt+UyUFAAAAAKAC\/\/+hdAAAAgQFtAQCCAoA9loyAAAAAAEDAwg="}
00500{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":389601,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl2DBAAEARtV2sECoBrBAq2AA1YfkAUYstBuuBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADUACwhwaXRhbmd1acASwC4AAQABAAAANQAENF7ohg=="}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1490976071392,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":974,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1490976071392,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":392707,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hllAAEAGwJWsECrYNF7ohukyAbtO5dxqAAAAAKAC\/\/\/iygAAAgQFtAQCCAoA9lozAAAAAAEDAwg="}
00427{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":431100,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwichAAOcGFjI0XuiGrBAq2AG7soCzlhpDnkFxHnASH\/7eyAAAAgQFtAEDAwY="}
02382{"flow_id":69,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432100,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd1AAOcGLHE0XuiGrBAq2AG7sn5peFknyPjBslAYf\/lsuQAAFgMBDLwCAABGAwFY3n1HWF0PVS6Hh\/OB54ewWN7EQ\/JAGtKcxvduR4tcQiB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02382{"flow_id":69,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432413,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcbd9AAOcGLG80XuiGrBAq2AG7sn5peF7byPjBslAYf\/lniwAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00886{"flow_id":69,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":432488,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBbeFAAOcGMMg0XuiGrBAq2AG7sn5peGSPyPjBslAYf\/m88wAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01427{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01438{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":979,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":7,"flow_first_seen":1490976071306,"flow_last_seen":1490976071432,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00414{"flow_id":72,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":433534,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzBAAEAGG9OsECrYNF7ohrKAAbueQXEes5YaRFAQAVcpOgAA"}
00414{"flow_id":69,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":433800,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomstAAEAGrDesECrYNF7ohrJ+AbvI+MGyaXhe21AQAWKzbAAA"}
00414{"flow_id":69,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":434031,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomsxAAEAGrDasECrYNF7ohrJ+AbvI+MGyaXhkj1AQAW2trQAA"}
00738{"flow_id":72,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":434199,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXKzFAAEAGGuOsECrYNF7ohrKAAbueQXEes5YaRFAYAVcyZAAAFgMBAOoBAADmAwORwZN3Gg+iPVw7yQc+k6Ude4qIjSThz3bWXaU7z9yE3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYenoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":983,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1490976071380,"flow_last_seen":1490976071434,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":69,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":434303,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoms1AAEAGrDWsECrYNF7ohrJ+AbvI+MGyaXhl6FAQAXmsSAAA"}
00860{"flow_id":69,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":435981,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFums5AAEAGqu6sECrYNF7ohrJ+AbvI+MGyaXhl6FAYAXnW3QAAFgMBAQYQAAECAQBJhI5pXt9KUuhYtXZVUTefHIRqb4mPusZhFGh+ntQ1k6GZTpZfcGc0TC5g\/zcEoQUMtm1DrA9KBjJLyTrFuym7ck2XMMF1ybVm7i\/N9brqQebh1dPL4YhjPe43l2GN2Hxk9AW3JPZlQWQYdyR1HD\/8TgWhbFH2ery3rfOhsHpXnkHWo2FVfROnh95Lgqytv\/0smf+Ez3W\/zmXyv6UNpf0c1CoJH9kI757fT0+1d+CgWqerFGIe7e6qvr2Goz9PfVhhOEARCqlPHX8+S4x9x0QfVrcbyWSBi7ZYKDXhDhz1qO2I6BL2oKbcrtNPEi98rMjrZ+QxLUlAN2JVDq8e8DB3FAMBAAEBFgMBADD53gbtexNDlUKXeiGNYz+QUmAU+ebu8AHo6N+yH\/puWb3ah2kVi8CbVfGJIqn0InQ="}
00427{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":438832,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwR+BAAOcGWBo0XuiGrBAq2AG7sn8uyCJ8obvO6XASH\/76GQAAAgQFtAEDAwY="}
@@ -846,11 +846,11 @@
00415{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":440718,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMdAAEAGsjusECrYNF7ohrJ\/Abuhu87pLsgifVAQAVdEiwAA"}
00414{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":440997,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzhAAEAGx8qsECrYNF7ohrKBAbt+UyUGKYaOGlAQAVereQAA"}
00739{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":441137,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXlMhAAEAGsUusECrYNF7ohrJ\/Abuhu87pLsgifVAYAVcuOwAAFgMBAOoBAADmAwMlSSyj1sonJu72Ryt7k8+6RtgrzaXQnI0RTQtftkcFSSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYqqoAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":991,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1490976071349,"flow_last_seen":1490976071441,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00738{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":441294,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzlAAEAGxtqsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1490976071385,"flow_last_seen":1490976071441,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00536{"flow_id":68,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":444188,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SDRAAOcGV3k0XuiGrBAq2AG7sn0V5Ch\/kScyQVAYf\/iw2AAAFgMBAEoCAABGAwFY3n1HoIqu4iz1t6q3Aw\/d1XGda8i7JbQ0V4SKKTuKVyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":993,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_first_seen":1490976071286,"flow_last_seen":1490976071444,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00414{"flow_id":68,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":445213,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa3xAAEAG24asECrYNF7ohrJ9AbuRJzJBFeQo1FAQAVcEVwAA"}
00489{"flow_id":68,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":445973,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSJRAAOcGVzk0XuiGrBAq2AG7sn0V5CjUkScyQVAYf\/j50gAAFgMBADBk9BasL9AE3pWKtlUjlgloy1YCNYsbYZdDrY7qJVR6QnHqM5QQ0PVDvzOM8Oobatc="}
00414{"flow_id":68,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":446909,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoa31AAEAG24WsECrYNF7ohrJ9AbuRJzJBFeQpCVAQAVcEIgAA"}
@@ -858,14 +858,14 @@
00427{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":448042,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0V1AAOcGzpw0XuiGrBAq2AG76TIsDp+yTuXca3ASH\/6OPgAAAgQFtAEDAwY="}
00414{"flow_id":74,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":449032,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohlpAAEAGwKisECrYNF7ohukyAbtO5dxrLA6fs1AQAVfYrwAA"}
00679{"flow_id":74,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":451916,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"AMDKkaPvePiC0\/vCCABFAADqhltAAEAGv+WsECrYNF7ohukyAbtO5dxrLA6fs1AYAVeOnQAAFgMBAL0BAAC5AwN6cp6GYC5xfAeiRgQRCWi6UVwyVXoduZRVV+ZY6Nku9AAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_tot_l4_data_len":302,"flow_min_l4_data_len":20,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1000,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1490976071392,"flow_last_seen":1490976071451,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02246{"flow_id":67,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":456701,"pkt_caplen":1400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1400,"pkt_l4_len":1366,"pkt":"ePiC0\/vCAMDKkVoBCABFAAVqJp9AANsGgCE0XuiGrBAq2ABQwcY3D6dHIEe4eFAYf\/O6JwAASFRUUC8xLjEgMjAwIE9LDQp4LWFtem4tUmVxdWVzdElkOiA0MjhmOTQ4Ni0xNjJiLTExZTctYWQzZi0yYjBkNzI4Nzk4ZTkNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpFeHBpcmVzOiBGcmksIDMxIE1hciAyMDE3IDE2OjAxOjExIFVUQw0KQ29udGVudC1UeXBlOiB0ZXh0L2NhY2hlLW1hbmlmZXN0DQpDb250ZW50LUxlbmd0aDogMTA4OA0KRGF0ZTogRnJpLCAzMSBNYXIgMjAxNyAxNjowMToxMCBHTVQNCg0KH4sIAAAAAAAAAJWW3W+rNhTA3\/NXVNrbJAeDY8B96207rVrbW91m2sM0IX8SbgAj27lp99fPQBMoEF1NSqLY5+fz5eNj397c\/n5\/9XTz\/PDb\/et29csVREEE\/SdMrkJ4DaOrl6fV6ralrlcBtzbACZYRoE2zrop67Wf66TTdUAV+6LdhWunaBTcV\/VfX9xWTJnt0a+fUguBJXBB8yy8ItruR4IvWe2nK98fbu+zBXRCcVBVVHmAaIwVsI+m+qPPH+7sshvDNf9d58YGkscACKPqj4Lpe+59+2sfdTtgghCmKQNFQATqiqfMJkaANJp7Y6VoCI11R00so4TFUXpg9y+OTZkUp76Q3LNf2xxTlOKLxSesFdTJEKex9W7TLyoN0WrtdIOOQUdCOt+34hRbGJ2TrdQ+ZGNEpw\/FA3+q6ltxJMbBcH2pn3oOQEBy2AaG3TNbgz9fB+AmRqYBt7qZyqesAEZikINc6L2VW6lwPYlUW+c69OuoONojTGKFWRz87pGtHa2GBMlIGUYJJ0jJ8R5cJFKYJbolaH7OmpO8+BYtgwiLFWrCFsoYe7GiHysI6G2x4ghE47gonPVALOnG\/pxjHEvm9EYtMdbAFD2AcJwz4HKvCVNQVuv5C+T43Pn0iu5N273Tzv9ZsKSul+7ts4+G0kf\/MVqdsw0FjikoCS+1uKg8jFqKfaG+0cYYWbqY8lFGIwVelpBmt6ot9ym5CwsklQ8tL8CaKGKg1oMYdtdlP5QTBCM3MX0gjSekGg25\/+5Nzru9ezjHdRDNlP80vVywUl5ZdTJyI4oiDvvdlT+1U9vipXGrtClXwLk82QDxhEAh9rI\/UiBtj9HGoUa2ZDGAYYl\/FVZ4d\/bpM8p2eEGHCI9URlLdaM6HdFCEIww4RXadaUhMlUogxM1eDUgI3gy8LgBI8GrviaDNBMES+WZx1zIE0VmnvR9fx\/e1xbmlTMkWEjq0tRJWKNE7HUc0Nkg0nvdPtwfY\/fH+YMYpADF5ozb1HZ8eavgFnlRajEu8WMIVY8ikKenjjbfEMmu2+KEsbRFRhDLpWMyj5kLFYMgSsa\/uOEc+j2pmhKiZEgj7KGyGMtGN1pZSNdwojCrr\/WXXwPe\/zRWObwl8RxnuEIgJBN\/ThAW1onftLsf1f9ef5fMTOa5AkCQSlpsLH6ivDZmI\/CvWExUJFCnwMQW7kO9CNWwCJQlAt+xAtmGec+oY1Mj9WaXx\/twFkxN+H\/QgcJXU7acbB91SSEixPVLuVc4RhxvgY6R5SM0ww6G9rW\/keB3a6OimdOyb9Y0yAtvhOSv2DLg6jEA2s7zbKb33L+rtISNs+FNo6eGi38Ix9hBUonIhwEiuo5bH38rt3jiRMnd+F3\/37ryxYkJLQnxYhG\/tpmvnDZ70HTfd2PI+Gt6NtaFDUQr6td64qV6vn++1fX7\/9cb36dfUfPnBO\/LMKAAA="}
02396{"flow_id":68,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":458019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXca39AAEAG1c+sECrYNF7ohrJ9AbuRJzJ8FeQpCVAQAVe7vAAAFwMBACB9go\/eBiMfdLbe7WUswxJ7yXC+os6RAlghCADs03ECTxcDAQYgHaMdIxe6zNRMHDVaBO2YntGmNR6RnkpNsgnQpZ6WqKmsfYs4Wwq7qGRFZDqPWwuFzN4fX3fxzOjAU\/8F4e7+b28uAsUBWkm1G8zyYwQPSGt7A73NNnwAIKbWlgh8c2Xt7NT+nNGX1jOe9ExfW02VrCv13mch3qvXEst1fV\/IfdkeVSujL+fsZCwBFgUEvhA1AgTQADx2BNuFZKgdWui3ZqsytMsN1EqaqgF0U4DPahwmxdHnWvQVJiRVd+TTOVjNi5GY0jDRzd+SsVXLCudVOG+FoocnrWaHjJ8eWTZX3F7rcVeLhEIFHO7Nj3Q5cr1oeQ8LxzDg4BX0BRzeavsQW4H02JmY36msYX2HofVwbM3pkbVH2fK8pWOrCx6pPBritMJWJJ3ml5wvcVtEF25\/OBR2SCsBuguhX6eOmDhX7UEQy9F1dbf6iwTkeYjx6O8wVtyPGktyR6pK4h2rBI++NRr3hS25B\/qnP1QmnLHkLS\/IKZUK3gPTZldqk2qoiX9KRDvvFPUl+FnvmoNYII0QgLmATIUXbN++URtt18NLcq6tLti7gXWRbqdR90T8puiUo2SZnSEru3HBRFic9RJ0kEJeasl4aY61D\/AgflWJKqMpAlIcKnyRKU8mTDwoZjZVZyytZwBIgXUK09ogODQO9Q2TXh4hphVZYJiPjolukkfdgVxZ6t5UpeQO0bq3By5DsRgk1TzFA7DluArDY3Tzgb69zWFKWud3Uv84KCl2Fc2XPwuxg6bF4157EvMxbF2AzA2o0M5W8Vz+YeDi5A01+w4\/gk7U941Zbfu04NWPRI8Y1qOwXn8JMOP77iPTj7HQFLwL7pSOqG0E9e\/4SLli0ekSutTe2GC+S15+xtZem7pIsMiw7khho3UhuZ4Ex5anadRm3nc6eUsIf7\/xxxb\/gcQKud8ACpq6c9+DOVGb36hE4D+VN9OYJI4\/QMZfSD2jfdsSQFUlx9OZz\/G72AMc61vZcd9UamMqT1CE5OsbP2qjKxGiYS5\/+KRaQN8GT80MJ1zR84hO8szPi3xXUoMwKYL7n6u4fdbXvK9kTv8wprZmFAVcv5QcTstaPFMPoipr2PVvDDWRmzboDcgOy06NMzURElI1Oo\/zcNozGWg1OM0xVuB8VqW7V2Bidf0nfv42+p\/T99uKq+dy5x7GpK8v45ozDuqFxKe3IjwCjNNKarFUGBYJ+10agOtLmVA9xRrt6RxzbZvOlmRmjL2sQzGIAF3mM68sL+oW1J10L1ZzWYde8K6\/0\/uLjpJ0377Tbt1Ocz4U+sxzCntJNdPb3ZUBIb0ZCVV6pJtI6XWnCr0OxorkSNe0xckcTdgE19zQyvpjjEKxVsAlgq\/7O6tZnQgvJHjZekPgyvKMiV9Bu\/NpggUdTVRHiBkXQxmTKt9k5JFhcmtufVrU5SCkrWfE3bATQGeP8mhnba0Y\/m26DENqkFK6k7Z4Z2LAB39ezkpwB64a2sBrizw1iguwuxIZbivwMo52JKz6f8SxT7HcH7j09QonfoBrZ6oDtdUXmlIQDK5BU8KviqwM\/wF6nCeaqMk+9L1iz0Bk40znvLcuzkXZXBcYnsocCQFHcWk9gVz\/tpk7vEA2LFVkTRoE1HHrWSaBfdJKf8Cl6EsMr0vrLAfY8nprkFH3u1x1XAqDljGYJnvhLeX0Aa8u+klMwhKUcMS1Tp8alkLweVg4LV5bEpp0PW6\/ttq9v2wJt1DHsYJDMMMuJhAayYwbYdMs7ZNx5xugQgUXzWzGqtBYzksUooljaMutZ1cF\/jhw1KhMvkZNQrUeDNFBkL317Z7Rkxhc\/cmhJ4+biOOi3A4lUngfuVdQopbDA09kSLVngi3mCYJwz6jt2GiTKtBb+hq8N1iSyrqOf33ezekKBrHGsH4="}
00415{"flow_id":67,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":458281,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo70tAAEAGV7esECrYNF7ohsHGAFAgR7h4Nw+siVAQAWE8NwAA"}
00625{"flow_id":68,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":458411,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"AMDKkaPvePiC0\/vCCABFAAC+a4BAAEAG2uysECrYNF7ohrJ9AbuRJzgwFeQpCVAYAVeBxgAA7XzbTfJPCljtPACuxNf910BkKL0BTjK7gsTdQXLRQd3P2iXVx\/zmjFcZIq4k7g08AHhc93Jk3CR+2dz3mTa4E7lk\/aTPA6sgqrE\/Co\/NrrNIKy+oHzLw1hkYlAO9G5J1l\/Dht+MWeLUHkZxUhK8Nh5lTFRXMd7XDp\/j2lVe46PpVFUhtc8XHH7BTzYTSxiXPqf6xOQcn"}
00424{"flow_id":72,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486392,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAodjdAAOcGKcs0XuiGrBAq2AG7soCzlhpEnkFyDVAQf\/ipqQAAAAAAAAAA"}
00535{"flow_id":72,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486531,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9djlAAOcGKXQ0XuiGrBAq2AG7soCzlhpEnkFyDVAYf\/gwpAAAFgMBAEoCAABGAwFY3n1HZlzaG39Wabnrdmi+ugu5LTH2Z63hbn1vRZ5tPCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1006,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":6,"flow_first_seen":1490976071380,"flow_last_seen":1490976071486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":72,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":486596,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABddjxAAOcGKZE0XuiGrBAq2AG7soCzlhqZnkFyDVAYf\/jtQAAAFgMBADAFZSWByLsoLy1\/csajsfivnhztXAs4zq7uoYJQMDQFipkxBSRUH6BUVLRAhMv2evI="}
00415{"flow_id":72,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":487416,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzJAAEAGG9GsECrYNF7ohrKAAbueQXINs5YamVAQAVcn9gAA"}
00415{"flow_id":72,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":488163,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoKzNAAEAGG9CsECrYNF7ohrKAAbueQXINs5YazlAQAVcnwQAA"}
@@ -873,7 +873,7 @@
00425{"flow_id":69,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":489150,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAocaBAAOcGLmI0XuiGrBAq2AG7sn5peGXoyPjC+FAQf\/QshwAAAAAAAAAA"}
00499{"flow_id":69,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":494162,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjccxAAOcGLfs0XuiGrBAq2AG7sn5peGXoyPjC+FAYf\/RwBQAAFAMBAAEBFgMBADBWGYFWbKhfozhvbfgdlDYFXwWJ5cfzoS2E+uV5UjntiBSNIykATpYl+72N9zISE24="}
00536{"flow_id":71,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":501486,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9TDxAAOcGU3E0XuiGrBAq2AG7sn8uyCJ9obvP2FAYf\/gL4QAAFgMBAEoCAABGAwFY3n1H4DyL9g\/1O6DL9RnLeqLLg8udYmp+nrKe5HWJKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1013,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_first_seen":1490976071349,"flow_last_seen":1490976071501,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":71,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":501624,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdTD5AAOcGU480XuiGrBAq2AG7sn8uyCLSobvP2FAYf\/gBcQAAFgMBADCwRun2EbMj42BvmYCZAbeOlpUhb8bhBcgyWdgABb0A86poQz9hHLJnBv5bFoOHXac="}
00417{"flow_id":71,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":502564,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMlAAEAGsjmsECrYNF7ohrJ\/Abuhu8\/YLsgi0lAQAVdDRwAA"}
00417{"flow_id":71,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":504428,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolMpAAEAGsjisECrYNF7ohrJ\/Abuhu8\/YLsgjB1AQAVdDEgAA"}
@@ -881,7 +881,7 @@
02381{"flow_id":74,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":511769,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve1AAOcG3GA0XuiGrBAq2AG76TIsDp+zTuXdLVAYf\/kF2gAAFgMBDLwCAABGAwFY3n1HSu1ZxzDw\/auCivD7kMpHzquqECpdXSsk4uYbkCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02383{"flow_id":74,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512358,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcve9AAOcG3F40XuiGrBAq2AG76TIsDqVnTuXdLVAYf\/mGTQAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00887{"flow_id":74,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512431,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBvfFAAOcG4Lc0XuiGrBAq2AG76TIsDqsbTuXdLVAYf\/nbtQAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01465{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_tot_l4_data_len":3627,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01476{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1020,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":7,"flow_first_seen":1490976071392,"flow_last_seen":1490976071512,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3459,"flow_avg_l4_payload_len":494,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
02395{"flow_id":72,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512612,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcKzVAAEAGFhqsECrYNF7ohrKAAbueQXJIs5YazlAQAVesjgAAFwMBACA1ItWOhLbsfIMywResWguv6Fwtz0Hp8xzG+xr\/uHTu1xcDAQXwKayzJaPXCA9rVHei6HHIjKLFFPjTlmK2QYga+up3rKSiQhu+VWY49bOw3S\/VgE4d1kxFLpb1z5eR+AZD75MuuacTPbABIwUqP0tJbyMxPgMOIBYetu+sSEG2m4KJVzBvEfBK4XaFHFbAlqSgc+QFmfYymH7kDc7NdLFnVYNqJgPhKsee36dAZSlq3L6GLiJobYNZ4Lkw6GTpSoDukeS1\/ibUFMfHNVxDvPVTsX+pSPB\/ij1X5xj7et2dQ7Q3fupvLf7k395s\/hwpg77cJAAmh3cYWCQS09d0e2M0i6NsPu518OGzJsqIysVUiupo5zZFDQEL1dwFxpw1r5GszQqiNbCInHP+OLQzk8PHcB4ruVmDutKDLdD3tjPLM2SpMjOvhXQgnJz5b6\/9rKTBUUaQxkhYoMrTtDu9JzIzG4FZs3aWsq4mCgZxbISQrLVjk5+a03MTaRSDjkdC2Mu3TfTybgtbTRXBNagXer1uidHze9SXkNgPB\/bVnhRYC5NEDWsZ\/4DG2zEXsmWN6fWvGI4oeyLOiIo9R3xS5LFRbASkV0a9C\/9C2873EoLz2tEubVWvABpBP04f3pV0FllAa4MbCau34t4nKAr4jGeqSEVhcWHam3p68wcK5iGxbm\/MNE51MDmdtSWCwF1tCcqoGvhpr\/nWznjHdnK9\/TfvebIuqwvPkkOFE\/o9MVTaqORDyoJHDVPRnWd8v5pqbK6OUz19UnmPTRYTfOFUmmFighAm3nes+t196gCbsmDuiXuPo8aDukv1rYWgFMCu5O5QzGV9E1hlyBJhiRaBnj3Y5suu0+PACtGDMqt94DuW\/kotF49zn9uYDcRGgivALv8D8iIyngz1e77k+lQQp5roJZYmU7qdQjg2gTawe+gLYZDy4kFG80hKf6ylL8pfz0DTDTTYiFTZIOytaSNpkFoUaxOh0h8K9Hs8zs87dHQRh0z7PggUFFTwRjuO6GFTb+oY1uT5nVfU8hpwdQY4KRQYwwQa5KBp7Yjxz0gj3K5lOZK5BP+JNeevkMTaTTboH\/ncv+fjCIQ+dpyWQzBBAmJny5wz\/u2sBQ\/YehOi10FAfl7KBA7dOyRgeAlj2lhTKUapMeXGF6FcTKa+QQad3LhDE7EXHnDOyjst7Q4WdigaummWRS5JUfzguqEntw36no6ZrNJDibU3FVvd1E7gY4uQzUvHRWS2d4hO9DqZoTU5\/CW+fKIHd892Hs\/0rbP4hpNZXC\/amq39AL26nM0VFHS2RyI3N5jA8zNYBM9qvgfcA4Iway9lKaF0zyXz8p1yPNbN5rrv88ZIkmrpdpklZMEWpXEhQMMNjKvmQuxoDE++6JYZvOxTAHRbjLsm5sKaASAKBBz1+lRrbHyaP2Nr24QRPpdpSNizC2xrHKEr+FbPPrdQZ6XRqMOOHjBFyRO6fLcFHR7uX3EuMd6ulDWzgqFKoAF87FGs+tBMqygAnb8t61k5HbSh2Nz+5lu7gf16ss\/2o7Y\/fRMlBpOtGd7\/WFsSjdvhrLjQJANrLjSZuI0dpHFJVMwGd5Ye1z5F6dGMn0CkhBtEz8n88Bzc5\/u8N3uXpnMk4tj2JI+sl49xuIcSzUD2+SH1TzbUXgdhvDizm662Aa9Ler7JwQMid8Y5jmAR6gHn2zaiuppMaqAezCWHLwB7oz9rvIuJk6UNbHDQ9SneN1lz80arz5mHo2n7vGE3EQ8QuEO8sl64q7G4EJSxGk5i92SbM4JneMyX6wRpQP5wJ+zmr+5lvVJaJqh2IQenn7O0OXcqNvJKnLBTmoOmfWxQVyWpAsawIhRVuH6Ddt5C60\/PztU8hLV4dHrc3N4Ho09Ot9Nb5lK5l1fkvTilhxlZAaLJMAnAMeopcmIu9XRiPZ3zUzBLpNul7CxS1Yw="}
00556{"flow_id":72,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":512894,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"AMDKkaPvePiC0\/vCCABFAACOKzZAAEAGG2esECrYNF7ohrKAAbueQXf8s5YazlAYAVerUAAA1hJWn5K9HkA5GaL8aM62erG6py7j6o3KWQJagZ1eEWONAmFvx9zGif3UeOMt3plh7vtPhBPNAW8uG0UGhVdOxy4RfWyVGqyzsC+9IGrt6ZHBjn04Egmuc9XXNPbkP5Oa8Hk\/NLmc"}
00499{"flow_id":71,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":513034,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjlMtAAEAGsfysECrYNF7ohrJ\/Abuhu8\/YLsgjB1AYAVf5iQAAFAMBAAEBFgMBADAB7XXixEKXZx9fUSjs4B0EgdAiHDJakuL8sQpJYQbh2fJipuEIESpKffh+zLMRwYo="}
@@ -899,7 +899,7 @@
00424{"flow_id":69,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":572965,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYKZAAOcGP1w0XuiGrBAq2AG7sn5peGYjyPjFslAQf+kpnQAAAAAAAAAA"}
00424{"flow_id":71,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":580875,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoUZlAAOcGTmk0XuiGrBAq2AG7sn8uyCMHobvVx1AQf+C+mQAAAAAAAAAA"}
00424{"flow_id":71,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":581010,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoUZpAAOcGTmg0XuiGrBAq2AG7sn8uyCMHobvWnVAQf929xgAAAAAAAAAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1490976071583,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1490976071583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":583104,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8H+ZAAEAGJwmsECrYNF7ohrKCAbsHHkWgAAAAAKAC\/\/\/3+QAAAgQFtAQCCAoA9lpGAAAAAAEDAwg="}
00425{"flow_id":72,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":583543,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAofKBAAOcGI2I0XuiGrBAq2AG7soCzlhrOnkFySFAQf\/eo5QAAAAAAAAAA"}
02401{"flow_id":68,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":584613,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcUdJAAOcGSHw0XuiGrBAq2AG7sn0V5CkJkSc4xlAQ\/bD+2gAAFwMBETCUPaYr1XSdwYvREdZWLxPgfkqTB5YyHHl4urWj0Rq6dP72wBkS6dZOB4G\/HSIQ3yXJT5gmhr3jlZCwn69dnmZrOuzv\/eXnCrGJWO0\/1WSxZ8T1oZJhYzVA7J9Z7\/Qw2cHw8KVg0nRJ6Gngp1CWzyt4MaFTQLCF+zvrOJ1cXp7WrcV0EhOEEBw6wvONMwFZncppJch3+tb4zuYejt\/oWc7b4T8m5DExUFIyzRR22UqQylnV\/2tEjj6nBKb+wM7YtGby+ddQc4LKI0FuC+7IAhacYv7cm6kUmHByyxuy2JKOVcgXo31U4C27LkWXCiXSfCVhoKyL4aPh0oMGhTPq+yNibKA3A\/NaEuHt2nbinGu5GusHM2a1A+suweAjlTP3\/bWDxLCpFf\/YrueT1JEFBaA8maOJE80F5QXAMiIRFawzvgPOT5CWRfnvw84GNQ9cl9vjImq0yTp7E7NTQykD\/bKlUvM646CDS4sr1y5YMSMAu2u4W4A4NSkDoyhA4m4kLWqGWEbORvylC0p9hjvzq0NBsDyScVfNe\/CIOUF3UDCK+Wbw060B\/fm8ZBCLDfQ3Q3sVnfUL9xpW357WJYIGpdZDtwiMa5uxd3WniFpMBYAb2OQFJ+PhxinKC3G5D+ReqvVUe5mcCbnrYhtXzDeMaEvWROhTsnN1Q7f0JAffpmA0SRSll3cuDZBUHdJ+hPCf8pDMq7jgg5PYmTal3u5GiKwNFA7NwvYTfySVnFxcB8Pn1CCaftHCJAD8E2CC0brZtd2pplAlX0U7GACdeaeXQFHkMiRNEtOl26xV5YRcsAy3d6yHTlS6Eawb1O6lgDUOAYPulafVt3ez+Uhaj7ZRcdDvwjILTXGYAwqargsSBnsUmhJX1+9NgwYBRH8tStEw6FWlDVoNHmu32vzJ\/cnOl9IqK02Trf07QOe4uy5epSC2eEZHWSTGCL86xUtNUUDiUEYK2l\/4v4wvNuivwHi6eb\/OidgZ+mru5o64vLiFQrt3s2cnC\/ZjnZ6VNP9rmPFHlOjMEVKffHukyXgANkTjLp\/ebtL0V+eY9tXgYjqBu5BnYK7AcIMsIy99M+LBTjG1E+c8DZO6VwfgtnUv3nCuTeLrmHlWVsIk6XgUXHAs8Jkt6CATTui0EmtF4n3lUruwMjbpdfD4XXIL24maBPFV\/He1OYby\/bsDxtwBBUOH35sXpQ5dmtWbbaM6lsvBSpxFdkLe53j6FTZIJYmQvdBuisUbtvQWKNou7LVeYiSUPDzDmpfh+M43cGdqlAGBOwS98O7+58eIPir1MwIy\/oLyDavyuuSBVP8VXWGgHjLP40PV9cBA4hTorHkzFj8d1fRsdk1jsgDvmxyFJDjem6SxHou\/NeGxe3rP2CIKa02rtUmiTaQBzA8\/v29LydErECp7+OS3\/6qK5j6itp4Z\/sYx1+SH0f8YrlTlipzDU5descJ9yD3mxMbdzakrdlG3cmeGnndpOLoWjRvgOQcITlazNyn0CIQYudTPU2NFALo3SGZ0VwgbKkNd3EAVN7KvQh2aU0GD9VL6Hqgl7ismtsF1\/5RGna7NdkzmAN48prQyyQ3BABWbARW5w4+g6BSHst4giEjmQubhGEkZSGknwtFmZsPuWmrq7Mi8D62+IhXYcXSkhVrhqdLeHTlDhUGbCwAVRXdlt5Xe1\/2YPk7KK672LzDj4TWvpBrGDVFf8CRHniHwak9ynoLxc5hFEULfhDLF\/3BLl4P1WbJV2kw7E4xGHewszmc5J59QXnxlA\/BTTRj7UNNJ82wtNyFGluKrE9j1q85jCt7c8QVEWxBhI88mMeFalcnrEvtfUc4DLaKXuCq0luMczeiwOxsgVC\/p6A+lwLmtNDN5uk2k\/7f1KCdt8qBzsPq3OgIYArexQkURUQ9TLjS6ltRUBJBhxK390uw+KRxfsWBBm0k7bNUnsiSyhKM="}
@@ -911,10 +911,10 @@
00428{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":640296,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwgCVAAOcGH9U0XuiGrBAq2AG7soJWhIA2Bx5FoXASH\/6YhgAAAgQFtAEDAwY="}
00415{"flow_id":75,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":641608,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+dAAEAGJxysECrYNF7ohrKCAbsHHkWhVoSAN1AQAVfi9wAA"}
00739{"flow_id":75,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":642022,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXH+hAAEAGJiysECrYNF7ohrKCAbsHHkWhVoSAN1AYAVf+QQAAFgMBAOoBAADmAwOE8oRDXFsSV3ryNEuSilTOl1C7aDt7WJHDEI4Zx+ik8yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9iooAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYSkoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1490976071583,"flow_last_seen":1490976071642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00424{"flow_id":74,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":672894,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAox49AAOcG2HI0XuiGrBAq2AG76TIsDqyvTuXi3VAQf+NGtQAAAAAAAAAA"}
00535{"flow_id":75,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":700208,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9hPJAAOcGGrs0XuiGrBAq2AG7soJWhIA3Bx5GkFAYf\/jJCAAAFgMBAEoCAABGAwFY3n1H7tprYGnn77iiblUs3pVsX7OsznnNQ5TSj9yK7yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1063,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_first_seen":1490976071583,"flow_last_seen":1490976071700,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":75,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":700348,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdhPlAAOcGGtQ0XuiGrBAq2AG7soJWhICMBx5GkFAYf\/hrxAAAFgMBADBggpjqg00ss3rdzoekLdoL0PT1y3WvcQwna1zchUAionSGNDMnhNpfXSpqU9zWdAo="}
00415{"flow_id":75,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":701627,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+lAAEAGJxqsECrYNF7ohrKCAbsHHkaQVoSAjFAQAVfhswAA"}
00415{"flow_id":75,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":701922,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+pAAEAGJxmsECrYNF7ohrKCAbsHHkaQVoSAwVAQAVfhfgAA"}
@@ -924,7 +924,7 @@
00739{"flow_id":73,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":739996,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXfzpAAEAGxtmsECrYNF7ohrKBAbt+UyUGKYaOGlAYAVdE2wAAFgMBAOoBAADmAwMyYJ1Vgi7pXUY+w9BYO5x0QgA8tcoAaPoo5I8kMHaIXSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYWloAAQA="}
00425{"flow_id":75,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":764043,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiXJAAOcGFpA0XuiGrBAq2AG7soJWhIDBBx5Gy1AQf\/diowAAAAAAAAAA"}
00535{"flow_id":73,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":803717,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SlBAAOcGVV00XuiGrBAq2AG7soEpho4aflMl9VAYf\/gclQAAFgMBAEoCAABGAwFY3n1HHbnxbLsDLLoNcR255BOdgpz59QMm4sIttZcWoCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1076,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1490976071385,"flow_last_seen":1490976071803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":73,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":803855,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSlJAAOcGVXs0XuiGrBAq2AG7soEpho5vflMl9VAYf\/jl4gAAFgMBADCzIi9vBBXuYwKUIiMvYHZXvDconsMjgvxRIJVCQutlwnHiInG5YyCGffU68ceIKNE="}
00415{"flow_id":73,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":804828,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofztAAEAGx8esECrYNF7ohrKBAbt+UyX1KYaOb1AQAVeqNQAA"}
00415{"flow_id":73,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976071,"pkt_ts_usec":805155,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofzxAAEAGx8asECrYNF7ohrKBAbt+UyX1KYaOpFAQAVeqAAAA"}
@@ -941,15 +941,15 @@
00416{"flow_id":75,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976075,"pkt_ts_usec":957279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoH+5AAEAGJxWsECrYNF7ohrKCAbsHHkbMVoSAwlAQAVfhQQAA"}
00416{"flow_id":67,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976075,"pkt_ts_usec":957509,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo701AAEAGV7WsECrYNF7ohsHGAFAgR7h5Nw+silAQAWE8NQAA"}
00416{"flow_id":73,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976075,"pkt_ts_usec":957661,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofz9AAEAGx8OsECrYNF7ohrKBAbt+UyYxKYaOpVAQAVepwwAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1490976076042,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1490976076042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":42813,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BbZAAEAGQTmsECrYNF7ohpD5Abuu0lmyAAAAAKAC\/\/9b\/gAAAgQFtAQCCAoA9lwEAAAAAAEDAwg="}
00428{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":114152,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwMG5AAOcGb4w0XuiGrBAq2AG7kPnjZM+NrtJZs3ASH\/4iEQAAAgQFtAEDAwY="}
00415{"flow_id":76,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":117098,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbdAAEAGQUysECrYNF7ohpD5Abuu0lmz42TPjlAQAVdsggAA"}
00652{"flow_id":76,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":117411,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AMDKkaPvePiC0\/vCCABFAADWBbhAAEAGQJ2sECrYNF7ohpD5Abuu0lmz42TPjlAYAVfYNgAAFgMBAKkBAAClAwGdxeV2toJ3ZUdADhSV31FbJ8VJ\/C4Ztf1iHRQqcc2FASCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1116,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_first_seen":1490976076042,"flow_last_seen":1490976076117,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00424{"flow_id":76,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":167842,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoM75AAOcGbEQ0XuiGrBAq2AG7kPnjZM+OrtJaYVAQf\/rtMAAAAAAAAAAA"}
00537{"flow_id":76,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":167981,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9M8JAAOcGa+s0XuiGrBAq2AG7kPnjZM+OrtJaYVAYf\/riFQAAFgMBAEoCAABGAwFY3n1Mp0JE4kOdseiNzFiy0qUvQpBLQ8w9ltp9\/\/G+AiCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvABQDAQABAQ=="}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_tot_l4_data_len":407,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1118,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":6,"flow_first_seen":1490976076042,"flow_last_seen":1490976076167,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00491{"flow_id":76,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":168025,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdM8hAAOcGbAU0XuiGrBAq2AG7kPnjZM\/jrtJaYVAYf\/pG2wAAFgMBADDLFCeLq7myUYguH+aUp+zJCMiGlEiiwkYEaQer603SBV4OGPys8lwNnx2pgKrCbxQ="}
00415{"flow_id":76,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":169337,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBblAAEAGQUqsECrYNF7ohpD5Abuu0lph42TP41AQAVdrfwAA"}
00415{"flow_id":76,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":169645,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBbpAAEAGQUmsECrYNF7ohpD5Abuu0lph42TQGFAQAVdrSgAA"}
@@ -959,30 +959,30 @@
00425{"flow_id":76,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":232829,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoN3dAAOcGaIs0XuiGrBAq2AG7kPnjZNAYrtJanFAQf\/nsbAAAAAAAAAAA"}
00425{"flow_id":76,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":264486,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoOdBAAOcGZjI0XuiGrBAq2AG7kPnjZNAYrtJanFAQf\/nsbAAAAAAAAAAA"}
02403{"flow_id":76,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":270217,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcBb5AAEAGO5GsECrYNF7ohpD5Abuu0lqc42TQGFAQAVddyQAAFwMBACCmutd7s\/a8ckgeUvf85rsXlEaFGlIxO4KJiCA8c9p5xxcDAQWQtH5hXOGnAQnFRemgF5yN4E4gZSYFJHIkFwCRzMS2oo4kvRnTcfXGwpwgDuEMrD\/GcwrlmbqwbvF5z+vbovjSFmB1W8MayDrbwaaSOc4S1Z0\/\/TVTigT7UxOBbxZ61X0kz5J24QVgSxo5iBqJDVLhIu\/bxcBRHle1ReAmYdPprT3W0EfPjrOAmpBb8\/JxlEAmRkF3OVPENPX+9SxcRY6oCrQAf8dqw22H2pqvEg4O0DH89WhMrrvtsrWYIj4Lkd6c\/WrxI7GVuPVyAOieSe4ooDjw8YeGDqYJLZpT1bv\/HGIvxm3VBe\/W5FEccdFpHMcCyycHfLhwDm\/KlBGTivuAO121TV+AmDTEtE0j\/XTBJuhiPLjvhUa3jYkirdBmmP1yjGSy0MCsIKwov77jqMHDUnXehd\/8RNrG6z+h8yqOSwTZrOZ1aT7ySPtT9\/oWvALKps3qBO38WJnGDPy7rxo14eG1ZdgaDkudA15hD0khscPDi5dbp6H7QoQSkpqQFLEX3pAoAYaWE4LJ4wJe9wxnPEgIIzhbRDf7OR4g8GfggRKRyA7aEju5wySG1C\/6paOUJrx4zzuEE9ruL7EZBnmvMuSiCBc7bfP78mXCFZwKpJ0K1tLRj0ADVpeAk1ctbA8x04tav9vhlAfCq2P4PtygRuS+Y+4m\/x8ndQvlE+y62YngTe+NKtlTWQHaQtFman2FfJbRxB0lKn939AyKeSq8XUbUSlufBwNfrx5qDdCIyrS0pw3ZXmDQoTCs1KM4pUQJI9l3BPXfRNZz9dpAPv99QZs0x3WWHSKoCo6fUVkshINZ7D4NMOq4i9M8HRFWCryAlmmqEcnAGB63cyKOJUM6ctiiwRhcl76EBbXTdz7ptwbvopC4q34N6+yQkAhGo+JRvnJ95Wx+p+v+17vWK9U0goVKmAV4qF2\/dAqqV\/pfGVsrOhV1HQpc6RbRqur8JwCTheuQZxO\/NBrS2wVELMnFrD4VA3aco\/1KiwoMi\/U5GTJLSe6E\/pa3xLKsTRkqRx2lRK+9bopXhRVLxbDqSmLaqBSNlyYMY0p1iIfw\/kaUHGyrcsKQGgS5\/IwFDqRfoQw7cWnWZBy2JwDHnrLz6Vw2QPozOhylSO1rjrLd6um9r2VEJroZhu23RBF+IYy+cLUPPjY20LjIWRERqMfCBO8cRETuYR3RVFnBYWtWT9mvH7kVPoKsjOCzmmjO67Js8Y5PJcoQo8cvtC56SeOVuIOB4sJFqQ32JOeSrM1TXrivLJGegAnzjw6kfOJuJX8mWgLlmKBhQNm4O51sS8OOvosjpkWD8PQoyGL23aLLsi9FrB4n+hJzG9CuBta8img\/sJycnDHlj1KyVqCb21+L4UOl6JkVL7walOgTGET28cL864qRI7rSs0GHW87sCcJN\/wrusOvzBroWBcoQcGZ8c2vaWQcxngOAP0oR3mFYd2RMCc1FgMNtgLOiwFW0WpqC2mgX02eYNRvtKGrYSimcwuzvYcH4cUcCw1rY+Llvw5w7FZDieYR9Pn\/w5JMfqRUNx\/V5kTL9dvfeWiVm1MiACVp2wgKfbP9B8Q8PMgvIpULin9YRJxltKuLYiHWmmV1JbVmF+MqNY4XWp3YdYsu8MvN2MQI\/fuuWmi\/yUFV0KGCve60gv22FsIlXETEPD7DT7QwL5C7F+6BRmlOlGZ6utdpNit1eMvbh9kaihqpskRyGjuSd4lvmKlPxbkdDU8AyFcCA0n4C8BsQI61VMQ3stgEvg9\/qqPjJgDK2q2mfZ6w3o\/O\/52GWS5DNap0QwHPTwHKJro4pIsfsUq3x+jky\/fK92z6fCyIBh3su8LfnFSveNlN3t9yfhThaKAassCwFyYVNa9bVhozxwo75JsTlLr7bnSVNQljaEbp9YK8="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1490976076275,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1490976076275,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":275395,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Bx5AAEAGP9GsECrYNF7ohsHNAFDXKVsFAAAAAKAC\/\/8C1AAAAgQFtAQCCAoA9lwbAAAAAAEDAwg="}
00429{"flow_id":77,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":338574,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwijBAAOcGFco0XuiGrBAq2ABQwc3F00\/v1ylbBnASH\/5mLQAAAgQFtAEDAwY="}
00415{"flow_id":77,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":340402,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBx9AAEAGP+SsECrYNF7ohsHNAFDXKVsGxdNP8FAQAVewngAA"}
01458{"flow_id":77,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":341226,"pkt_caplen":834,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":834,"pkt_l4_len":800,"pkt":"AMDKkaPvePiC0\/vCCABFAAM0ByBAAEAGPNesECrYNF7ohsHNAFDXKVsGxdNP8FAYAVexrQAAR0VUIC9tYW5pZmVzdC9waXRhbmd1aS5hcHBjYWNoZSBIVFRQLzEuMQ0KSG9zdDogYWxleGEuYW1hem9uLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDUuMS4xOyBMR0xTNzUxIEJ1aWxkL0xNWTQ3Vjsgd3YpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS81Ni4wLjI5MjQuODcgTW9iaWxlIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IGxjLW1haW49ZW5fVVM7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBzZXNzaW9uLXRva2VuPSI3S0hoNVRqUzVrSkVsck5LcDdpUVlWZEY3U1VyYVV6QzdaallYOFNobzF5bXFZaGp3NElNR1FPNUE4Y3B1TStyS0ZyTVU2a3VjUlpwUDhSb3p5c2hDRVRWdlBIYWVHSzBXSk9LaW1nMnJlRTJvRmszOXhJemVzUXFoeGE5NFZhNVpuOFgyc1E5MDNqT2w2UlllWVowL2VCWDhkdVpoYVRNVE1pRk0veFdsS0NmZHdQNTF4WDhFRmNGcTI2OXBaWkR4YXpNSVJnbzQ1UT0iOyB4LW1haW49IloyU2tCV2VGdDh0YWt4P3VvSE1oQmdXS0o4QlZubTlWMFprVXNmM3FmbHBCaEBMSDBDVDBVU2hvaE1xSHpvWWYiDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"}
-00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_tot_l4_data_len":888,"flow_min_l4_data_len":20,"flow_max_l4_data_len":800,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
+00854{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":4,"flow_first_seen":1490976076275,"flow_last_seen":1490976076341,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":780,"flow_tot_l4_payload_len":780,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/manifest\/pitangui.appcache","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36"}}
00425{"flow_id":77,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":401752,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAogcFAANsGKkE0XuiGrBAq2ABQwc3F00\/w1yleElAQf\/Mu9gAAAAAAAAAA"}
02247{"flow_id":77,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":421074,"pkt_caplen":1400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1400,"pkt_l4_len":1366,"pkt":"ePiC0\/vCAMDKkVoBCABFAAVqgcJAANsGJP40XuiGrBAq2ABQwc3F00\/w1yleElAYf\/OA3AAASFRUUC8xLjEgMjAwIE9LDQp4LWFtem4tUmVxdWVzdElkOiA0NTgzY2RmMy0xNjJiLTExZTctYTg4OC1iMWM3MTU4OWE1MzgNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpFeHBpcmVzOiBGcmksIDMxIE1hciAyMDE3IDE2OjAxOjE2IFVUQw0KQ29udGVudC1UeXBlOiB0ZXh0L2NhY2hlLW1hbmlmZXN0DQpDb250ZW50LUxlbmd0aDogMTA4OA0KRGF0ZTogRnJpLCAzMSBNYXIgMjAxNyAxNjowMToxNSBHTVQNCg0KH4sIAAAAAAAAAJWW3W+rNhTA3\/NXVNrbJAeDY8B96207rVrbW91m2sM0IX8SbgAj27lp99fPQBMoEF1NSqLY5+fz5eNj397c\/n5\/9XTz\/PDb\/et29csVREEE\/SdMrkJ4DaOrl6fV6ralrlcBtzbACZYRoE2zrop67Wf66TTdUAV+6LdhWunaBTcV\/VfX9xWTJnt0a+fUguBJXBB8yy8ItruR4IvWe2nK98fbu+zBXRCcVBVVHmAaIwVsI+m+qPPH+7sshvDNf9d58YGkscACKPqj4Lpe+59+2sfdTtgghCmKQNFQATqiqfMJkaANJp7Y6VoCI11R00so4TFUXpg9y+OTZkUp76Q3LNf2xxTlOKLxSesFdTJEKex9W7TLyoN0WrtdIOOQUdCOt+34hRbGJ2TrdQ+ZGNEpw\/FA3+q6ltxJMbBcH2pn3oOQEBy2AaG3TNbgz9fB+AmRqYBt7qZyqesAEZikINc6L2VW6lwPYlUW+c69OuoONojTGKFWRz87pGtHa2GBMlIGUYJJ0jJ8R5cJFKYJbolaH7OmpO8+BYtgwiLFWrCFsoYe7GiHysI6G2x4ghE47gonPVALOnG\/pxjHEvm9EYtMdbAFD2AcJwz4HKvCVNQVuv5C+T43Pn0iu5N273Tzv9ZsKSul+7ts4+G0kf\/MVqdsw0FjikoCS+1uKg8jFqKfaG+0cYYWbqY8lFGIwVelpBmt6ot9ym5CwsklQ8tL8CaKGKg1oMYdtdlP5QTBCM3MX0gjSekGg25\/+5Nzru9ezjHdRDNlP80vVywUl5ZdTJyI4oiDvvdlT+1U9vipXGrtClXwLk82QDxhEAh9rI\/UiBtj9HGoUa2ZDGAYYl\/FVZ4d\/bpM8p2eEGHCI9URlLdaM6HdFCEIww4RXadaUhMlUogxM1eDUgI3gy8LgBI8GrviaDNBMES+WZx1zIE0VmnvR9fx\/e1xbmlTMkWEjq0tRJWKNE7HUc0Nkg0nvdPtwfY\/fH+YMYpADF5ozb1HZ8eavgFnlRajEu8WMIVY8ikKenjjbfEMmu2+KEsbRFRhDLpWMyj5kLFYMgSsa\/uOEc+j2pmhKiZEgj7KGyGMtGN1pZSNdwojCrr\/WXXwPe\/zRWObwl8RxnuEIgJBN\/ThAW1onftLsf1f9ef5fMTOa5AkCQSlpsLH6ivDZmI\/CvWExUJFCnwMQW7kO9CNWwCJQlAt+xAtmGec+oY1Mj9WaXx\/twFkxN+H\/QgcJXU7acbB91SSEixPVLuVc4RhxvgY6R5SM0ww6G9rW\/keB3a6OimdOyb9Y0yAtvhOSv2DLg6jEA2s7zbKb33L+rtISNs+FNo6eGi38Ix9hBUonIhwEiuo5bH38rt3jiRMnd+F3\/37ryxYkJLQnxYhG\/tpmvnDZ70HTfd2PI+Gt6NtaFDUQr6td64qV6vn++1fX7\/9cb36dfUfPnBO\/LMKAAA="}
00415{"flow_id":77,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976076,"pkt_ts_usec":422990,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoByFAAEAGP+KsECrYNF7ohsHNAFDXKV4SxdNVMlAQAWGoRgAA"}
00415{"flow_id":77,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976077,"pkt_ts_usec":604015,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoByJAAEAGP+GsECrYNF7ohsHNAFDXKV4SxdNVMlARAWGoRQAA"}
00423{"flow_id":77,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976077,"pkt_ts_usec":660439,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAofjpAAOcGIcg0XuiGrBAq2ABQwc3F01Uy1yleE1ARAH+pJgAAAAAAAAAA"}
00416{"flow_id":77,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976077,"pkt_ts_usec":663527,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoByNAAEAGP+CsECrYNF7ohsHNAFDXKV4TxdNVM1AQAWGoRAAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1490976080485,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1490976080485,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":485167,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80qBAAEAGOXysECrYIsc08JYEAbs8Ao8fAAAAAKAC\/\/9XyQAAAgQFtAQCCAoA9l2\/AAAAAAEDAwg="}
00443{"flow_id":78,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":542065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAOsGYRwixzTwrBAq2AG7lgTyw5w6PAKPIKASaN+a6gAAAgQFtAQCCApEF4DYAPZdvwEDAwg="}
00431{"flow_id":78,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":543197,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qFAAEAGOYOsECrYIsc08JYEAbs8Ao8g8sOcO4AQAVcxOQAAAQEICgD2XcZEF4DY"}
00785{"flow_id":78,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":544389,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"AMDKkaPvePiC0\/vCCABFAAE40qJAAEAGOH6sECrYIsc08JYEAbs8Ao8g8sOcO4AYAVdhlgAAAQEICgD2XcZEF4DYFgMBAP8BAAD7AwOX\/QoHOQfrIm4YrainwIcb8HJqxyAya+r9gcsMJ\/OOBSCuITFLxCcAmkxVA5xh9l9LJAIe6ginKsjl8g3o3EcTxQAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACSCgoAAP8BAAEAAAAALQArAAAoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACPr6AB0AFwAYGhoAAQA="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_tot_l4_data_len":404,"flow_min_l4_data_len":32,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_first_seen":1490976080485,"flow_last_seen":1490976080544,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00431{"flow_id":78,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":602253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0HN1AAOsGREcixzTwrBAq2AG7lgTyw5w7PAKQJIAQAHcxBQAAAQEICkQXgOgA9l3G"}
02378{"flow_id":78,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":606156,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHN5AAOsGPp4ixzTwrBAq2AG7lgTyw5w7PAKQJIAQAHcJzwAAAQEICkQXgOgA9l3GFgMDAFkCAABVAwNj2KctM0Na\/qkL3AhDQbbmgHmF1exA4e8dcjKcsWPkOiA8m4w7XaqiKOLPNIUJPj6PG\/89XMnaw2YEcNPU6Y+GL8AvAAAN\/wEAAQAACwAEAwABAhYDAwt\/CwALewALeAAGNjCCBjIwggUaoAMCAQICEGwI7BVOWmitZ3sRtiZfemYwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA1MjUwMDAwMDBaFw0xNzA2MjIyMzU5NTlaMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjExMC8GA1UEAwwoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEVyrTia54iSkmNIRGZmxUNEuVY3MLSjObtHGMkw7JTq\/1eTc0SyWtwbLzUTEJE6lkpr4Z0yGlUyPs8tIIwEu1VABPNFNfOBuND80no464s\/smspX52u+dpEygzue+\/PZtYZu6y1Wp9inNZvnmHP55j+6091tVGkUiojxzlwtmx99grexjeBuvonQEOqw\/m9YhKDaEqQe1G8FQjT7GXFyl1Ur55CUl4qzK6T4zs1A7ZkkJzePZkqTGIS7yl6IpGbHkgCS17JuQBRa4Kx9tUUYNOP6SAQhncfthD7WR+8IQgUVoBT2kSd8tkb0gi7fkTOevZaCw60d14pDtXm1LZCdcCAwEAAaOCAqUwggKhMFMGA1UdEQRMMEqCHmNvZ25pdG8taWRlbnRpdHkuYW1hem9uYXdzLmNvbYIoY29nbml0by1pZGVudGl0eS51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVOjycDwAAAQDAEYwRAIgeRx26qlwGuyp5CZo6169qfCP7eBBq6wgfiBI8uf2ZXQCIAqZ+8wMSI3anvAs9qU2W0DX8hQHMYVBeJlmWOyt6OGPAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFU6PJwcQAABAMASDBGAiEAve+QSBc5nvjPJqYTbvkGkXTBlRpeoe82E9AtfBA+co4CIQDBquBi8+PV+5ofABQ7Q0wr+o+kmWFNed+WVgrlsofBajANBgkqhkiG9w0BAQsFAAOCAQEAoRTuYjU="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_tot_l4_data_len":1916,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1146,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":6,"flow_first_seen":1490976080485,"flow_last_seen":1490976080606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1708,"flow_avg_l4_payload_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02388{"flow_id":78,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":607043,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHN9AAOsGPp0ixzTwrBAq2AG7lgTyw6HjPAKQJIAQAHdmLwAAAQEICkQXgOgA9l3GgHSg6uLkzhbMvP38DorwCrBJ7tYjkxurspgkr9umwjIueJqITvY2CdnPF9ymYw29XOZiddB8omiDeF9PGl\/be\/oZcrTLppLW0vre7mvO\/NZKoK70UhxYBxqk\/\/wM5ZAXRkZGVi8S5TOiwvJZC25SGVgnuMd+zBfqfFp0CW1XoH6www1AdkELDMRWZikoacZHN661AMavapsPQ20yzXEwfWOZUvGcgVcugYZReoabBe4LgIPpGnGRoXw7qzLbrqv7CgasfNOUXNnZ6rdJjndgVL\/duEjtSIuR\/6roDFhD6BbAUFaJyg75DaN4oGJcRPk3gWnVUxE4DcUGrDsABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeM="}
01102{"flow_id":78,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":607335,"pkt_caplen":559,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":559,"pkt_l4_len":525,"pkt":"ePiC0\/vCAMDKkVoBCABFAAIhHOBAAOsGQlcixzTwrBAq2AG7lgTyw6eLPAKQJIAYAHdwGgAAAQEICkQXgOgA9l3GS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMBTQwAAUkDABdBBIrqCmcvg0vwWOeh3N2adQoX0qaqDalxl3WY1AX48Lq1UG0++2Mtd64UC8sFHOlg+CxXsdytUgQUobtnNDXPQZYEAQEAdBxUr7v6EkZwgVuVqcktsjoB\/vOHw2J9cBbqEBPPisNPNzbjuiY1zQ8118+qCgkYfmBJkv8WGaaQ3E1ajG5sPHiRaWffMT6jUpYgGcIjeulOE6wEQGvWu\/eAVyOFHPjHCo+QpnB9KHnv6Mjc3+Ka0QFFSADROBxE9Bdzxdc5jTn1XHfh3Mdr3\/vLhpjbY1YdS5VGbV4fcBiB6v3ABfr52BGn8c2zYRCn0H9tUoRM7qbnW5RdCkMFMpOkaOYpBgX5INWVCeQBuG3J\/yUtI7CStx2jkU30WrycEG9\/BsUBLe1JoJj4Xm9psTZ43kVAg+Td5iYOQuhCKOQy6+IBFaYCYRYDAwAEDgAAAA=="}
-01201{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_tot_l4_data_len":3921,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":490,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
+01212{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1148,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":8,"flow_first_seen":1490976080485,"flow_last_seen":1490976080607,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3649,"flow_avg_l4_payload_len":456,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cognito-identity.us-east-1.amazonaws.com","server_names":"cognito-identity.amazonaws.com,cognito-identity.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=cognito-identity.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"56:17:8F:E9:45:10:32:78:FF:FD:E3:09:60:5A:B5:3B:8D:8C:F8:34"}}
00431{"flow_id":78,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":608935,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qNAAEAGOYGsECrYIsc08JYEAbs8ApAk8sOh44AQAWIqbAAAAQEICgD2XcxEF4Do"}
00432{"flow_id":78,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":609257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qRAAEAGOYCsECrYIsc08JYEAbs8ApAk8sOni4AQAW0kuQAAAQEICgD2XcxEF4Do"}
00432{"flow_id":78,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":610173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA00qVAAEAGOX+sECrYIsc08JYEAbs8ApAk8sOpeIAQAXkiwAAAAQEICgD2XcxEF4Do"}
@@ -990,19 +990,19 @@
00502{"flow_id":78,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":681895,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ePiC0\/vCAMDKkVoBCABFAABnHOFAAOsGRBAixzTwrBAq2AG7lgTyw6l4PAKQooAYAHfxAwAAAQEICkQXgPsA9l3OFAMDAAEBFgMDACiWhI1ruLIrR8jg9wtW668uNxDVB7PSd256THrnBFN6MD4BwKFzuf16"}
01634{"flow_id":78,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":695586,"pkt_caplen":950,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":950,"pkt_l4_len":916,"pkt":"AMDKkaPvePiC0\/vCCABFAAOo0qdAAEAGNgmsECrYIsc08JYEAbs8ApCi8sOpq4AYAXmSSwAAAQEICgD2XdVEF4D7FwMDA28AAAAAAAAAASk0WhTCCbEf5uWLi5poSpI4x9VtVao+\/TIbtBw+pyOAboQDvOozHhOegvsi4VLJDcQS6Lcm5eDo6qsnjLfxAno5hsggjdbWfRVYN\/\/1C6MIe9y2xqRa2fa1fG7hOakLsbpU01W+zzHX3Pz5UUmag7zDwCp+oYFdSXSQ1zOjBb6DcYwKWUR2ijb8aRFwSDQYED4EAPD8RJirya+sNPRL6s2dK7yjC9T3Eh2u0HwSgwPYw1RtXx99bSVaC4G6ZhTdJ09gS2LU9Wx8nywszDRdrFi2PHbBYcfNhBHnpWWhyClm\/cWY02reCKYLzjrxI3EGrZO9ynili2n6r1yQVStyn7LSi7coH+EgdWLEGqb9W5ci+jhh34Oo2\/tXSZHKNoJnvcuLhEGHuSVYUTUaGfujPoeUOtk+XwJoHOo2hclBokMaUGdhsIOKR5yG8ayzASPNDTwxhGX9fsJr\/Ab2yXMjjslq0tGVSIcrEwVqSuNCKFKDMhQKU7tRU2bp3Sa5icLUGahyYnU\/xJ2ejSpbaR\/PcWlteqHw81edH6CsXG9ZdR+Vs26tXZTzrmR5tG0z\/Z1+V3iiKWsMDyZtMEVRJlASn0F9aDSSAY42DzlCXkbiXAlagCoyd+I0gjoP8DS\/wSLd3mdx+cMicUWqnwsDe1kMTb4Q7lCe4MqsCPdsArDVM51Sk4m0VcH91neOX+gEZDguFca\/a4yG78RSD7Lz7XNonWBOg9+3K1YECU+gJzZS3WTZZtUoX3o6E\/ujm2oUNJ20Ltf2vxOSkSRN93aWitvWxW\/L4S3GHL6rs5\/V3YZAT\/xuxlVacyvPtiFAKabsW727\/Xb\/Ds5tamntyrGj1cfOCOM8eJGDqtCXXFO+ow3ksexJobHCdOhvtPaUSkYELfXG\/QeQt2kXWf57mLdFq2\/EVYOHpeouY2tnsPAfUvAMgW7a1TF6jWkD+B8wfKX5oQ+IwnuZ77h2RA5W7x3G9A3vbRV5kQfPBN7UDPtVOTMTvD95PLpCI9igdeSCW0FrdWUgQlXfaFVu4gFOhTUjz2U5WdQQ7oDGoJghCUsRietOZRrxuIVuN9Vre4HaitZ3pPO9wM1Vw13nXiK2LkTvJuCH2y65BKm9rHc8qrdCDdVEDGuHEFyMHTHl8Kxr01SaZ+vGuXI4fHbRVEg="}
00502{"flow_id":78,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976080,"pkt_ts_usec":938221,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ePiC0\/vCAMDKkVoBCABFAABnHOJAAOsGRA8ixzTwrBAq2AG7lgTyw6l4PAKQooAYAHfwwgAAAQEICkQXgTwA9l3OFAMDAAEBFgMDACiWhI1ruLIrR8jg9wtW668uNxDVB7PSd256THrnBFN6MD4BwKFzuf16"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1490976082723,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1490976082723,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976082,"pkt_ts_usec":723840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8n\/hAAEAGdDKsECrYNu8YuoUFAbsbksFnAAAAAKAC\/\/9eHgAAAgQFtAQCCAoA9l6fAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1490976082964,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1490976082964,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976082,"pkt_ts_usec":964100,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NvRAAEAG3TasECrYNu8YuoUGAbttlGhMAAAAAKAC\/\/9lHQAAAgQFtAQCCAoA9l64AAAAAAEDAwg="}
00428{"flow_id":79,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976082,"pkt_ts_usec":969718,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwftZAAOcG7l827xi6rBAq2AG7hQU1exHsG5LBaHASH\/6SVwAAAgQFtAEDAwY="}
00416{"flow_id":79,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976082,"pkt_ts_usec":973229,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAon\/lAAEAGdEWsECrYNu8YuoUFAbsbksFoNXsR7VAQAVfcyAAA"}
00770{"flow_id":79,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976082,"pkt_ts_usec":975916,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErn\/pAAEAGc0GsECrYNu8YuoUFAbsbksFoNXsR7VAYAVfciQAAFgMBAP4BAAD6AwMHSRC2c+5r\/3MPJESGwrrTfqmqXxfWC6hnzFlITFd0gCAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRGhoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAISkoAHQAXABi6ugABAA=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_first_seen":1490976082723,"flow_last_seen":1490976082975,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00428{"flow_id":80,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":245594,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWypAAOcGEgw27xi6rBAq2AG7hQaUlSPBbZRoTXASH\/4ogAAAAgQFtAEDAwY="}
00423{"flow_id":79,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":245729,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoXwRAANsGGjo27xi6rBAq2AG7hQU1exHtG5LBaFAQARzdAwAAAAAAAAAA"}
00423{"flow_id":79,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":245772,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoXwVAANsGGjk27xi6rBAq2AG7hQU1exHtG5LCa1AQASzb8AAAAAAAAAAA"}
00629{"flow_id":79,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":245814,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEXwZAANsGGZw27xi6rBAq2AG7hQU1exHtG5LCa1AYASx+uQAAFgMDAGQCAABgAwPehMvu5novbNArKScBJhC9DeefEhWeATMztF98Cop19yAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACiHOfVoJ1AWj9rEVgWapKXkd5\/HZG1P1iTZT389LqD2yhjHifKuHigq"}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1176,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":7,"flow_first_seen":1490976082723,"flow_last_seen":1490976083245,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00415{"flow_id":80,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":337013,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvVAAEAG3UmsECrYNu8YuoUGAbttlGhNlJUjwlAQAVdy8QAA"}
00423{"flow_id":80,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":441405,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAom51AANsG3aA27xi6rBAq2AG7hQaUlSPCbZRoTVAQARxzLAAAAAAAAAAA"}
00629{"flow_id":79,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976083,"pkt_ts_usec":758587,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEXwdAANsGGZs27xi6rBAq2AG7hQU1exHtG5LCa1AYASx+uQAAFgMDAGQCAABgAwPehMvu5novbNArKScBJhC9DeefEhWeATMztF98Cop19yAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACiHOfVoJ1AWj9rEVgWapKXkd5\/HZG1P1iTZT389LqD2yhjHifKuHigq"}
@@ -1016,34 +1016,34 @@
00415{"flow_id":80,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976084,"pkt_ts_usec":801221,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvZAAEAG3UisECrYNu8YuoUGAbttlGhNlJUjwlARAVdy8AAA"}
00423{"flow_id":80,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976084,"pkt_ts_usec":869056,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAom55AANsG3Z827xi6rBAq2AG7hQaUlSPCbZRoTlARARxzKgAAAAAAAAAA"}
00415{"flow_id":80,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976084,"pkt_ts_usec":873178,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNvdAAEAG3UesECrYNu8YuoUGAbttlGhOlJUjw1AQAVdy7wAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1490976085644,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1490976085644,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":644885,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8I8hAAEAGIyesECrYNF7ohrKHAbtpd3wLAAAAAKAC\/\/9ZswAAAgQFtAQCCAoA9l\/DAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1490976085829,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1490976085829,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":829927,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8qZ1AAEAGnVGsECrYNF7ohrKIAbvGQPZJAAAAAKAC\/\/+CmQAAAgQFtAQCCAoA9l\/UAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1490976085832,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1490976085832,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":832410,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k2FAAEAGs42sECrYNF7ohrKJAbv5cMy2AAAAAKAC\/\/94+AAAAgQFtAQCCAoA9l\/XAAAAAAEDAwg="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1490976085883,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1490976085883,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":883325,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/VAAEAGPiSsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/94MQAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1490976085884,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1490976085884,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":884523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA83c5AAEAGaSCsECrYNF7ohrKLAbvdeYISAAAAAKAC\/\/\/fjAAAAgQFtAQCCAoA9l\/cAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1490976085891,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1490976085891,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":891455,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8K1lAAEAGbNGsECrYwKgLAZYiH5Cn8nSEAAAAAKAC\/\/9ycAAAAgQFtAQCCAoA9l\/dAAAAAAEDAwg="}
00428{"flow_id":81,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":970332,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHsZAAOcGgTQ0XuiGrBAq2AG7sofzK0GgaXd8DHASH\/6hqwAAAgQFtAEDAwY="}
00428{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":970467,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwdw1AAOcGKO00XuiGrBAq2AG7sojjQR2VxkD2SnASH\/7+lwAAAgQFtAEDAwY="}
00415{"flow_id":81,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":977753,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8lAAEAGIzqsECrYNF7ohrKHAbtpd3wM8ytBoVAQAVfsHAAA"}
00739{"flow_id":81,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":978060,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXI8pAAEAGIkqsECrYNF7ohrKHAbtpd3wM8ytBoVAYAVdMhgAAFgMBAOoBAADmAwMZTwgAvEIt2Qb5o7X9W24vk2EndyOWpP4UOltDjjzDCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACEpKAB0AFwAYGhoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_first_seen":1490976085644,"flow_last_seen":1490976085978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":82,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":978202,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoqZ5AAEAGnWSsECrYNF7ohrKIAbvGQPZK40EdllAQAVdJCQAA"}
00740{"flow_id":82,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":978330,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXqZ9AAEAGnHSsECrYNF7ohrKIAbvGQPZK40EdllAYAVchAgAAFgMBAOoBAADmAwM0H8Xsbj55clduvHcNurVJrQGc\/Pqbv8v55WlkE30hCyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_first_seen":1490976085829,"flow_last_seen":1490976085978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00424{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976085,"pkt_ts_usec":978559,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFEAAoAABAAD0Gmy7AqAsBrBAq2B+QliIAAAAAp\/J0hVAUAAA7FAAAAAAAAAAA"}
00536{"flow_id":81,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218051,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9HHlAAOcGgzQ0XuiGrBAq2AG7sofzK0GhaXd8+1AYf\/gWvgAAFgMBAEoCAABGAwFY3n1WmU2DpWAHVrvTcVkefcqPXG\/VUu7kD2bqD9s6GyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1208,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":5,"flow_first_seen":1490976085644,"flow_last_seen":1490976086218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218236,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdHI5AAOcGgz80XuiGrBAq2AG7sofzK0H2aXd8+1AYf\/iZYQAAFgMBADBumwbswz78F38KYUA1LReV72sE4fP2hoAfRqbMRoILN4Gitrad3ELxUnZammcSf8U="}
00428{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218291,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSbFAAOcGVkk0XuiGrBAq2AG7soktOgAj+XDMt3ASH\/7IcwAAAgQFtAEDAwY="}
00428{"flow_id":85,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218325,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwHTJAAOcGgsg0XuiGrBAq2AG7sosHecze3XmCE3ASH\/6IEgAAAgQFtAEDAwY="}
00537{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218384,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9fsNAAOcGIOo0XuiGrBAq2AG7sojjQR2WxkD3OVAYf\/it4AAAFgMBAEoCAABGAwFY3n1WO78rfAE+1qPfnKCZXIna9VF+PCVlge\/Xf2\/VpyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1212,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_first_seen":1490976085829,"flow_last_seen":1490976086218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":218416,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdfsdAAOcGIQY0XuiGrBAq2AG7sojjQR3rxkD3OVAYf\/hsXAAAFgMBADAU6xBGcB9xOb6V3MKpQJBHV2d3SRfKZoqC73gwWwdhkCQFO0MhyvP7PGydhK0Rqtw="}
00415{"flow_id":81,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":219366,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8tAAEAGIzisECrYNF7ohrKHAbtpd3z78ytB9lAQAVfq2AAA"}
00415{"flow_id":81,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":219650,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoI8xAAEAGIzesECrYNF7ohrKHAbtpd3z78ytCK1AQAVfqowAA"}
@@ -1056,14 +1056,14 @@
02404{"flow_id":81,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":243714,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcI85AAEAGHYGsECrYNF7ohrKHAbtpd3028ytCK1AQAVd30wAAFwMBACDC3oZMQUAJFgqGImspI1JgtrGV6qISEQQUVDep5Vk+vRcDAQYQYllnwQyirRprtYc9cOh8x9DubIPAPLA97P4FaBxXM9a5nTxsalhAr5mmsG7RJ6QzUWg6VCC9dl5QH07l8f0lYbDRY68y4mPr8pOMG1HElmcdsGCffFnaOrMfQmczl6Vj36uA+eOm5wTeWDfDlVjSZwvvdnk9bUuS5ZcsAtUUKweSIUK+wISvKQNvshjEizpklB1qh33RMSK40t5dH06V1G4TZ+vecYlTq1FvhIO5FNVWozd6cNqokRv4jYJcQkl1BlTHqSA+HB7gw6nvsUxFmZAUX\/9cbluWuK\/6\/Sx6YTDoZyRv\/VwrnrWxp2sPZ6sgkZ4I3dubm5T9AqOezB3t+mkK74ubZtVCyvzIkYnIWrmM8a\/BoMXkLdSlJIW31xZFLpHmWE3payuOp0SS0JUEPCvdXJbWcJ1IQ8vqr\/G4GdBIaZY668glsQn6TvBtM4kalZc9qHsKTQbFnh8IFBB7eKvLuSn6xs2kpb14zysIZcds7TRzw4xYtfoYTo23c5OYGGSNBoCfthyc0WY8ZN6qrVoR2Zjw6l4nBKRkKJvfSHe9+CGsHFJCvdpgnUwhGFjOxDmVf4yzCmlZTzbx0UEUjd54bHp5V0XRMR5tQCKcy5dWF4wCGgKbeDyBKT+UTjedMxvOF6C\/x1\/vrdiAM3UImrugM9eN329VOTTTnBtwMzL9hcv3XWrZ0lUDb0quQ8w4qmKMsVxXgL0zwfCjvJXyabikYnx+1kYeL\/5whPk8Dcu84XHEwaB5E1te7WADv+djq6\/0uIwOtusprwavsoLjx3rU\/A5Q1\/Gh6FdUU6NKu87\/JMLvs5rljFH6equlke4l6AJmwUTZjIvgnpn8oESxFQGZhABxALYxIf980LdQBXXfV14Rjz\/9pRyNiulQlK5FUZfjkpDchppAzERTM8VX0N5QPVjDfbFLNzV+m+voPJvexq5A7BAVufHZJPqDz2xDlKSLQQ1EHITU6EPXotJ2V\/nanp7AiCdZv5KR323utWu1I2K2D4kniM5tyJa\/3NWnNGbndopT8IwuSAktaQkvuFXVqoYYXA1Dtqu\/pYbYS5lZWqss1qv4jsZgdK32vAdRn7TatDT+1E3rfCTSSLS+CcU7kylaRvInTUhj0QNwdkDpZ5CcVrm46NBI\/x62XISGVeg8HpvWY0yyDVYsCrj9hq8nYyhbLygIIU\/xbiS\/WGyamipyOkw75lGQSrllNkfCvEFBYWBoDKBEszVOhAzYFmNE0xAiqIqZUG\/f6jTlk2J04y3YzQVdMPz+4x6OA2HXs\/ZkKHQyaNskv8MIrdAmxQeWVEEPUb+bCdb+P70XoDtBbixyqHO4G0m3FRV7gd+LLw9uUuUmYtdGxCerermsORvxqab+adJOgThdy8ebaMclQrD9tTPQSkMBc3P\/28W+\/2xp5gbiLcZnhItSFv\/NvgxlEoBvbt60AOPOcHnN2IkwG9IMNESoNTuwek\/AHM9T6GoHrVPGwhCc4eU0GeQeSxPnYiBE\/5ZE9QAd5t\/RowVgKN72LJbfKj0OQVovWvcxgE+nsR0m5slqjotHe1RW6eKBx8TFZABRJUJp8JIz\/BfiBMegNNgo3\/rryfkUahggch15PHK9F+3MDJbV5wHNgWFBnHy8CN+erjdpT8Tyinked6OgXP9zu2mOW5Xl65QfNyvoKZhpXLCRWpAWtDaelDm5jlQgKbCUzut70q82rluc+SsdTTNYZsjc\/Drvl4XS2B3+5ErCZmqad9eayZAhnwtFjUzfMb3XqmKAPZqrtnBreiUBF6UkCob2Q6ckjNa6lGxbC4oexjeiYU\/Uv8afNl+Ly\/Z4OklR\/QD+DSEz72IkOtGAvcm+BJcOhFsWhCGPS7wQGhPfycMmm9sZitcSwRvFqxd3a2Ysl6w="}
00600{"flow_id":81,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":244001,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"AMDKkaPvePiC0\/vCCABFAACuI89AAEAGIq6sECrYNF7ohrKHAbtpd4Lq8ytCK1AYAVcSOgAAiUnxJ8FdEFN4uQzu5DWCVUhw5fm8W51SwPQh5Tee6yHP\/q771b9at3P4VMm2MoEsYofFfYrlXDO8EPqyCLVwu7EkLHp+VOGvrC853LzM0wuNZkkNL8FCWE0VN2jHgweP4JQa3aEFhiV31zGYyBo4MK3l25inq5amLu3epBHGuYmtqymBiSM="}
00739{"flow_id":83,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":244165,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXk2NAAEAGsrCsECrYNF7ohrKJAbv5cMy3LToAJFAYAVdDMAAAFgMBAOoBAADmAwMX0DmvFoc93MqqbnDLtg4DTevZCvztq0wbg4n1o5FhxCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYqqoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_first_seen":1490976085832,"flow_last_seen":1490976086244,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02402{"flow_id":82,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":245249,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcqaNAAEAGl6usECrYNF7ohrKIAbvGQPd040EeIFAQAVdTxQAAFwMBACDsnx5bxH979p9in1g4C6mXugb4GvE3dbo\/oI3BhSRwIBcDAQZA8TFGdY5Cnc0\/XYQs+5AlG6Irr9Sz2m9DAwM9WrV6bMsprTKCZFcjxK9ZBJQ9sQkhr614pDKVqanZ8SOkegOtcLoA3vdmOZo3sg4HVCWt0hjGPOftz\/jLPvEPr3ZR5HuTnkSEnu1UQbluabgCPKGe\/fv\/gOQbBGhHGegr1tTwQR0S\/\/jmuaBUE4YDV2BIhXKlvySS4fJ0DicrOrbYiVHhWG4iYPShzKjSBjCHmC7uQpNeMmm1s8B\/5h+9Ds5VLEuKEJRgBn3Xaa9dfyTSY+G3MEhj2CvjWMEF0CJx\/fJnYesJMPJKmvVk7lKyvwm7gDsQM0oELYTJpkH1Dy50tOpIuxknQslAjIgVtpMXKtKz3YL0isgBKUTjP98jT3jBR1RQ0WygbjzIQISA9znCADJ9vgRtu0RToWDhQlxGs9Vzp8YYEOKHxSwVJ3wOUin9rsDeYwB1Lduj70J98Qp2wbfnL3Fg\/euVBMmZASRCHMdCuRtP0Gaqx9tUOyfiu8+eTDQ6sxjavkQ7\/36w418yaxHsqVobq7tLIctogSdWSUt7qjOp5u2aQkH93meOfrBr\/alEGo6zH+\/rk7S8qyMpJ+onED2Eu1yBuNQpDPQA7kWD3dub6BXy45U1YnFvVBrPr+JoqF8+I0WOFk8A5Dr5sRoS7JL0\/fbSNNHt27+Xb\/\/zj90P3ERYiR+jIPq3+TpClUZeQcoeAVddqLSUGe6JsZK+DP\/RcpkjuHTIt79G+dfMMGOS7ZiWOWKV2jt0DMKVcBzYNj8c+OCmE4DJ6i1p\/5StUq7xG6fSnnznkYJ\/SG7WwfQC8F\/xPnSfAxHoGqLU8Cpj3KJHlbH9n0WCaptlTukwD4+v0jqrbPEDhe8jSJDNXm6EW+0kHfT5edzybzkm81vuE3ZMfQNy9J+OwKsLvyjAFu+NFXdhovoDupLwIBR4KnKdUF5sk1HfmG3DCndR9KzUvm5MQ7GQFC9w44xM\/xn8l4u4IJuOjrwM3aMQw1w6+O3tYkJzp7cdS3129tBa31YVKcprlw8yRUxxpdOU89UM8HwIcnwXL7ywiIsQSATvKvUwqpb+M0nTuseOOTRWVnPWFG6KGB88+2De32yV3+gXfFnx43JR1hKUlx79i0UC+QJ6zlUOGwo4w\/dq714AIsv47mCflQ\/6gmZUKbUO5Tt7qILucINMwilG8BYBkwja4Knf3j4CJvmZaYVe9lI6hx76K9cJ8Tx3St24zhQXsNknGZZUL9WLBp2Y9cpZsuvwgdv78ubCFvcz4Vcz6G3MQB\/x+sXdSibEienfx4vYhdta8B3Wns9sEb1PJlrbzXK8iKTTW8yzQVtMXJl3rnf1p9Oz3iw5JNIaQlChccq8UeyKdbVyfWkOLsE0XDbEYOJ67aCcNrMw9e45nX\/JnTEqEMx8MxMYcgHLm0r+4sFIjg5DMV926Bhk8hHgbVLhcmafugCtf8BKEa9buE5Ij3RZV1ZtJosvsxt5VPPUYbWSTCyvB5LOzd6qxiAQh8u1JU0\/SJShBUscGgehs2cwti5ahOkc1a8NqvSsBajvf\/YZppyR32tjj5wtm8QoaBdB6hyAWfmiitlm4O56Yv4bWL7c9ZsZgcbQ5soNEYANZarJ1u8UpmjlGrJnJgSEtpMY2pRK8WNT1lgBFRAM3grlFc95z146qcetSZ\/5Ze2zyX7LgO9xx8Gampxe9IlyYzzJcVWPLwX1XwrrroOfEnQ7N7cxU8SfW+H6ANeR+1pJdApMuJI5soe56E6c3drbcqvzVxn1gD7SIdYX\/eJXmirjf0fxl\/6u0rSmgeTLEfMlADbY5j3z\/8i727kVBMmwcLLGoUecGmhugM8cM1tqFmi3Agza7b+7AAsqc3NqjR8YbwCk4O\/+E6jbyfuasLkIMIU="}
00667{"flow_id":82,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":245552,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"AMDKkaPvePiC0\/vCCABFAADeqaRAAEAGnKisECrYNF7ohrKIAbvGQP0o40EeIFAYAVdRlwAAmPuk9xQL067n6lGxgVKXBM4UFe5ZAxeONmzDM5vsajDS6B+FYzlFINNdpTzneoxvkF4rDLmx6krgshFu8XD\/vL2WJ+LtbZ5Wp1Ch9l4tql\/7dcrPfbrMVEr3XEKv8jHxIoNHvj3\/BurgjaveUEJCxyzFNzvf2b\/Kr0XeJu8Vbsb9hgCbdRBRa0FfRSSLULS6mOLrTNFr4L4gdUEcC91Pa9g0MbpowbLabZw9NXwc3dSdCqYVU3U="}
00425{"flow_id":81,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648151,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoF+pAAOcGiBg0XuiGrBAq2AG7sofzK0IraXd9NlAQf\/dryAAAAAAAAAAA"}
00424{"flow_id":81,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648216,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGBtAAOcGh+c0XuiGrBAq2AG7sofzK0IraXeC6lAQf+BmKwAAAAAAAAAA"}
00425{"flow_id":82,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648239,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoeUJAAOcGJsA0XuiGrBAq2AG7sojjQR4gxkD3dFAQf\/fItAAAAAAAAAAA"}
00536{"flow_id":83,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648262,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9SB9AAOcGV440XuiGrBAq2AG7soktOgAk+XDNplAYf\/gBdQAAFgMBAEoCAABGAwFY3n1W5OOWJNfC\/vUq2mNwZtKQmiBffDQIpiP84nPzOiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_first_seen":1490976085832,"flow_last_seen":1490976086648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00490{"flow_id":83,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":648287,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdSCJAAOcGV6s0XuiGrBAq2AG7soktOgB5+XDNplAYf\/gj4AAAFgMBADB3Tw1XVAuvmIcZBBsRqEr04YWcg2pwJ+22+vesqZrU91kZzVtkEQdmZMtZUaiTOM4="}
00424{"flow_id":82,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":649230,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoeiZAAOcGJdw0XuiGrBAq2AG7sojjQR4gxkD93lAQf93CZAAAAAAAAAAA"}
01189{"flow_id":82,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976086,"pkt_ts_usec":649588,"pkt_caplen":619,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":619,"pkt_l4_len":585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJde7FAAOcGIhw0XuiGrBAq2AG7sojjQR4gxkD93lAY\/bBVzQAAFwMBAjCqeWI8zN6yfHeNSLuqPghbU4a\/M+CJZqxNxNtF0mhEXG34bJhYJZaPwJjh69HiRzexfolVtKkBl5l4TMXVjTXm9ZS961bwSXAu1yf5GvpAz6DfSa1uA5xIPOFDAdq7UXv1KLidpyq3P9HYnVpd1paI3Ih\/GdzmD19o7ZT48Ne64cxrXVuWMG2+KDG2etHyuy4xYaPVZjC12N\/7psc6p0IsRat4Osb4ZYh2phLPtJGxF+ZU2BzTxttichMPj6\/IGL4yoI1vjCtpUZnQlCh4RMfaOXVWRG4uBWcw8PWpb5q8InMILwb0088o3ep7OldpUsgwa9MLiWA9xiHeVECcmx1pFek818F9q\/91nDE6lMGcRQ7m4Ivb40JYIUkZBUpIxv3qwxSbBfim0HwfdLmklctHmzsw3kPug9X4zwmvq\/RjK7xc+RaA1pIK2ArsCmB48zmG3DVzxSOCA60nD0uO5y4sRq88dF2odMcK2nlzywUodEmipJrxXgIotyBKL3W1VJVbuQ7IUkwqNOb0HQI4v\/bJsQBRs8w0wnnq+1MWbk\/bVK47MxQwpnm\/YSG5BgP+BM4Ibpqkv\/dnq210Dm5UB8ggwYbGyT4MLGGCopK3OJu4aFFl91ly5f4mSR3P7vnpLJyBVtA2+HDZIMT13d4oWoVXjJ2+kPIdplrPNdYxU9YnUNpsB0pKfIfZUwbKrabtB6N\/iadnJaD24\/yZe7JMVU\/DTLqYS4G6crqe38sXYL3UNg=="}
@@ -1083,30 +1083,30 @@
00415{"flow_id":85,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":329636,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3dBAAEAGaTKsECrYNF7ohrKLAbvdeYITB3nM31ARAVfSggAA"}
00423{"flow_id":85,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":474183,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoJzdAAOcGeMs0XuiGrBAq2AG7sosHeczf3XmCFFARgABT2AAAAAAAAAAA"}
00415{"flow_id":85,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":478345,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo3dFAAEAGaTGsECrYNF7ohrKLAbvdeYIUB3nM4FAQAVfSgQAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1490976088605,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1490976088605,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":605994,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA81ixAAEAGcMKsECrYNF7ohrKNAbu9HLbAAAAAAKAC\/\/\/KKQAAAgQFtAQCCAoA9mDsAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1490976088631,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1490976088631,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":631582,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8NFtAAEAGEpSsECrYNF7ohrKOAbuEplS0AAAAAKAC\/\/9kqAAAAgQFtAQCCAoA9mDvAAAAAAEDAwg="}
00428{"flow_id":87,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":845815,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwfFZAAOcGI6Q0XuiGrBAq2AG7so2w2ze+vRy2wXASH\/5ffQAAAgQFtAEDAwY="}
00428{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":845997,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3pBAAOcGwWk0XuiGrBAq2AG7so5AYHD5hKZUtXASH\/4xPwAAAgQFtAEDAwY="}
00415{"flow_id":87,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":847985,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo1i1AAEAGcNWsECrYNF7ohrKNAbu9HLbBsNs3v1AQAVep7gAA"}
00740{"flow_id":87,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":849989,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX1i5AAEAGb+WsECrYNF7ohrKNAbu9HLbBsNs3v1AYAVePOwAAFgMBAOoBAADmAwP1YthODLslBmCd7PjY7YVBLxQl6oZDQnpqrQA1aXZumyB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB92toAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACGpqAB0AFwAYSkoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1273,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":4,"flow_first_seen":1490976088605,"flow_last_seen":1490976088849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":88,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":850651,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoNFxAAEAGEqesECrYNF7ohrKOAbuEplS1QGBw+lAQAVd7sAAA"}
00739{"flow_id":88,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":854312,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF1AAEAGEbesECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":4,"flow_first_seen":1490976088631,"flow_last_seen":1490976088854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00446{"flow_id":84,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":880204,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/dAAEAGPiKsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/93BQAAAgQFtAQCCAoA9mEIAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1490976088937,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1490976088937,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":937719,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTlAAEAGCbasECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZowAAAgQFtAQCCAoA9mENAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1490976088958,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1490976088958,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976088,"pkt_ts_usec":958157,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFJAAEAGMp2sECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/FYwAAAgQFtAQCCAoA9mEPAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1490976089173,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1490976089173,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":173728,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Al9AAEAGRJCsECrYNF7ohsHbAFAaMGN6AAAAAKAC\/\/+yQAAAAgQFtAQCCAoA9mElAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1490976089227,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1490976089227,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":227335,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA835BAAEAGZ16sECrYNF7ohrKSAbuabb66AAAAAKAC\/\/\/kmwAAAgQFtAQCCAoA9mEqAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1490976089239,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1490976089239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":239508,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TPtAAEAG+fOsECrYNF7ohrKTAbvSFy3QAAAAAKAC\/\/892gAAAgQFtAQCCAoA9mErAAAAAAEDAwg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1490976089426,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1490976089426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":426961,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZGdAAEAG4oesECrYNF7ohsHeAFAhsQVZAAAAAKAC\/\/8IxQAAAgQFtAQCCAoA9mE+AAAAAAEDAwg="}
00445{"flow_id":89,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":930127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8PTpAAEAGCbWsECrYNF7ohrKPAbuIDFw0AAAAAKAC\/\/9ZPwAAAgQFtAQCCAoA9mFxAAAAAAEDAwg="}
00447{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976089,"pkt_ts_usec":963855,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8FFNAAEAGMpysECrYNF7ohrKQAbsDIHVdAAAAAKAC\/\/\/E\/wAAAgQFtAQCCAoA9mFzAAAAAAEDAwg="}
@@ -1114,11 +1114,11 @@
00738{"flow_id":88,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1292,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":16140,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXNF5AAEAGEbasECrYNF7ohrKOAbuEplS1QGBw+lAYAVeALwAAFgMBAOoBAADmAwO2qvjWcAzn6foPrm6RG05xGgv+E5HiiVFKOX3z9RkdZCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAY2toAAQA="}
00423{"flow_id":88,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37623,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo4RtAAOcGvuY0XuiGrBAq2AG7so5AYHD6hKZVpFAQf\/j8HwAAAAAAAAAA"}
00534{"flow_id":88,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37761,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB94R1AAOcGvo80XuiGrBAq2AG7so5AYHD6hKZVpFAYf\/hPBgAAFgMBAEoCAABGAwFY3n1ZkgSfZxpUVsjukL3QGrN+GftTic3QmVujVubAeSCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":7,"flow_first_seen":1490976088631,"flow_last_seen":1490976090037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":88,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37804,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd4SBAAOcGvqw0XuiGrBAq2AG7so5AYHFPhKZVpFAYf\/iKdwAAFgMBADBXbXWv9x8yogHMZKeomD9A3X3jhBGhFOe49dACaecBIRmNbQNQ40Kg6WMt6HISTwA="}
00424{"flow_id":87,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37840,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoexpAAOcGJOg0XuiGrBAq2AG7so2w2ze\/vRy3sFAQf\/gqXgAAAAAAAAAA"}
00537{"flow_id":87,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37872,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ex1AAOcGJJA0XuiGrBAq2AG7so2w2ze\/vRy3sFAYf\/h6IgAAFgMBAEoCAABGAwFY3n1Zaj55sS+EvodLnj8hxDSUiAwyyX\/BEsibV0fx7yB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":7,"flow_first_seen":1490976088605,"flow_last_seen":1490976090037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":563,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00489{"flow_id":87,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":37931,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdeyBAAOcGJK00XuiGrBAq2AG7so2w2zgUvRy3sFAYf\/hhmwAAFgMBADAbRVoyWiOBYOT3tZ1jA+7dCzYcrialI08fyQ25bUqqMrZSfP1nFclwrDaYAGhuKLs="}
00427{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":38134,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwtKtAAOcG6040XuiGrBAq2AG7spNBzzb30hct0XASH\/5DQAAAAgQFtAEDAwY="}
00428{"flow_id":89,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1301,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":38242,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwe6ZAAOcGJFQ0XuiGrBAq2AG7so\/BFRS5iAxcNXASH\/4B4wAAAgQFtAEDAwY="}
@@ -1140,16 +1140,16 @@
00415{"flow_id":91,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":174233,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmFAAEAGRKKsECrYNF7ohsHbAFAaMGN7Nq6xqlAQAVeSgAAA"}
00415{"flow_id":89,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":174513,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoPTxAAEAGCcesECrYNF7ohrKPAbuIDFw1wRUUulAQAVdMVAAA"}
00740{"flow_id":93,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":191085,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXTP1AAEAG+RasECrYNF7ohrKTAbvSFy3RQc82+FAYAVfMxwAAFgMBAOoBAADmAwN2ORpKrhOyHUV07StwwZSHYsVIRIzr5Y8\/9rRF0KIdZyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACDo6AB0AFwAYSkoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1322,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_first_seen":1490976089239,"flow_last_seen":1490976090191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":89,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":191751,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXPT1AAEAGCNesECrYNF7ohrKPAbuIDFw1wRUUulAYAVfLTAAAFgMBAOoBAADmAwPjfQc08nicJlIWvpWTsnguVDAWVUUtWHA8jlVxZgUfkiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYOjoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_tot_l4_data_len":435,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":7,"flow_first_seen":1490976088937,"flow_last_seen":1490976090191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":92,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":192268,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX35JAAEAGZoGsECrYNF7ohrKSAbuabb67n5yC1lAYAVccWAAAFgMBAOoBAADmAwNaeZ4ISZVz+LBPXmReGVk3y0uzNDLI3JpfNeWOq+pSDyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9mpoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYCgoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1324,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":4,"flow_first_seen":1490976089227,"flow_last_seen":1490976090192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":90,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":192765,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXFFVAAEAGMb+sECrYNF7ohrKQAbsDIHVervLSZ1AYAVdNGQAAFgMBAOoBAADmAwPYo856fiqLFy2iEPtPPss95VhSsyrseZstWVe+UbRC3CCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9ysoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACKqqAB0AFwAYenoAAQA="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1325,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_first_seen":1490976088958,"flow_last_seen":1490976090192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01368{"flow_id":87,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":193592,"pkt_caplen":752,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":752,"pkt_l4_len":718,"pkt":"AMDKkaPvePiC0\/vCCABFAALi1jNAAEAGbhWsECrYNF7ohrKNAbu9HLfrsNs4SVAYAVdt4AAAFwMBACBTHTUUf7nZivk0qlO4pg9NasPkO8JDsaE0BcacK23V6RcDAQKQAejy47FkkkRgHJazD3as3BYDKxznaUS\/KyPof+uTsmx6515XMMmCKPHnRnrgwiSDUX7D81zZNbBslDZ+N4EqLmgXQiDnn9SIGxW3yQ1LS7GaEoosmiz2Z7WXgt6P\/dY1Rd0F5A5Dh0GY1fzDeKJzfxP2tsmWoZSjOaIWsfiCwAA6ZnQTajASqCz80QagjfB\/itMlHucL7eGLZrUTpPU2NxarVKBNBPvgmgntwvon1uCQVPKJv1IVMO7XO+PeI0evbTQF+IB2UadJGxEKlV+sh0nPzelDo3WJYBhfGjUfR2Ebg30o4Ca1cfSds5tI09SiZpA6Ebqx3OUVYWmSD7x7hFihUxwaN7z3OEz3kkBFHk\/h5H0+WCu3\/qXfC1iMi+\/mac4zqmqsI+xgYzM\/fyHb5BcgSgAPzZCPZnF\/kJ9sJqaV4lgZIyrmIOo7vuLY3Wsr4Giq4yz+SPoJ9locMrLgfkaY1zWswWRGPFH\/gACfJS19w4dYC\/yTaJ+yh5px2rwbElSCCCzWfSlKYj0swIKibEFxZTfbjzq25vX0Vz7SPRopN0fN4ZLi+OC\/Y4vlpyNTeQOV+xwymNphrtt7uqtzp6nAbP83nHPiwgfO51\/SosUrZ546O8BASZ7+FtayyyTugDZBAgqKlxnImNKnVzyZM+34E1o6zSifwpIkEPUrjKp555MEPy5cRqJy2y6NiM3uKMBTLxLFIQe1CH3Jc1R9QGTL5L8hREDG6I+KAEWTxeQM7RUWHpy\/gEBEZNNhB78MC5\/5AvPBpK9YvhPjlSuy1DVYlb5Qq6CwTOURQXTMC5qd0rqKn\/5C+aA7j7dSdu2ux1+426MQl52y2uptW7dHxOUa9KGNcodWf\/PBePRA\/3k="}
01749{"flow_id":94,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":196942,"pkt_caplen":1050,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1050,"pkt_l4_len":1016,"pkt":"AMDKkaPvePiC0\/vCCABFAAQMZGlAAEAG3rWsECrYNF7ohsHeAFAhsQVaSlvBPFAYAVe23QAAR0VUIC9saWIvYm9vdHN0cmFwL2ltZy9nbHlwaGljb25zLWhhbGZsaW5ncy5wbmcgSFRUUC8xLjENCkhvc3Q6IGFsZXhhLmFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vbGliL2Jvb3RzdHJhcC9jc3MvYm9vdHN0cmFwLm1pbi5jc3MNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KQ29va2llOiBjc3JmPS04NDYxMjczODsgc2Vzc2lvbi1pZC10aW1lPTIwODI3ODcyMDFsOyBzZXNzaW9uLWlkPTE1NC0zMTAzMjY1LTI5MzI1MTY7IGxjLW1haW49ZW5fVVM7IHViaWQtbWFpbj0xNTItODc2MzUwNS03MzA0OTA0OyBzZXNzaW9uLXRva2VuPSI3S0hoNVRqUzVrSkVsck5LcDdpUVlWZEY3U1VyYVV6QzdaallYOFNobzF5bXFZaGp3NElNR1FPNUE4Y3B1TStyS0ZyTVU2a3VjUlpwUDhSb3p5c2hDRVRWdlBIYWVHSzBXSk9LaW1nMnJlRTJvRmszOXhJemVzUXFoeGE5NFZhNVpuOFgyc1E5MDNqT2w2UlllWVowL2VCWDhkdVpoYVRNVE1pRk0veFdsS0NmZHdQNTF4WDhFRmNGcTI2OXBaWkR4YXpNSVJnbzQ1UT0iOyB4LW1haW49IloyU2tCV2VGdDh0YWt4P3VvSE1oQmdXS0o4QlZubTlWMFprVXNmM3FmbHBCaEBMSDBDVDBVU2hvaE1xSHpvWWYiDQpYLVJlcXVlc3RlZC1XaXRoOiBjb20uYW1hem9uLmRlZS5hcHANCg0K"}
-00956{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_tot_l4_data_len":1104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1016,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00965{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":4,"flow_first_seen":1490976089426,"flow_last_seen":1490976090196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":996,"flow_avg_l4_payload_len":249,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"http": {"hostname":"alexa.amazon.com","url":"alexa.amazon.com\/lib\/bootstrap\/img\/glyphicons-halflings.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00425{"flow_id":87,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":208047,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoil9AAOcGFaM0XuiGrBAq2AG7so2w2zhJvRy3sFAQf\/gp1AAAAAAAAAAA"}
00428{"flow_id":90,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1331,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":208185,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw7D5AAOcGs7s0XuiGrBAq2AG7spCu8tJmAyB1XnASH\/7CGgAAAgQFtAEDAwY="}
00425{"flow_id":88,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1332,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":208227,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo2lZAAOcGxas0XuiGrBAq2AG7so5AYHGEhKZVpFAQf\/j7lQAAAAAAAAAA"}
@@ -1163,12 +1163,12 @@
00415{"flow_id":91,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":284091,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmJAAEAGRKGsECrYNF7ohsHbAFAaMGN7Nq6xqlAQAVeSgAAA"}
00415{"flow_id":91,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":294432,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAmNAAEAGRKCsECrYNF7ohsHbAFAaMGN7Nq6xqlARAVeSfwAA"}
00536{"flow_id":93,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313083,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9oyNAAOcG\/Ik0XuiGrBAq2AG7spNBzzb40hcuwFAYf\/gzBgAAFgMBAEoCAABGAwFY3n1aF6lPPNih6vU2L516RRA2PNaAuJQVoSG0DdNj8SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1343,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":5,"flow_first_seen":1490976089239,"flow_last_seen":1490976090313,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00492{"flow_id":93,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313127,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdoytAAOcG\/KE0XuiGrBAq2AG7spNBzzdN0hcuwFAYf\/jUMQAAFgMBADA0x1J7d28auzJxT4u1gKAxdUtWHUew0ZE\/2kS5Yg5wnR4VIrBhZAM9ViqPAHjPKYs="}
00535{"flow_id":90,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313160,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9+spAAOcGpOI0XuiGrBAq2AG7spCu8tJnAyB2TVAYf\/h1PwAAFgMBAEoCAABGAwFY3n1a2HUEHb8l+gdOfm0Wpe53BCEMctORC57U0hROwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":540,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":8,"flow_first_seen":1490976088958,"flow_last_seen":1490976090313,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00536{"flow_id":92,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313192,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9gXVAAOcGHjg0XuiGrBAq2AG7spKfnILWmm2\/qlAYf\/graAAAFgMBAEoCAABGAwFY3n1ai4AZfffdz5bHBi2EULPj6iyOuJD7kDTLpt0SsyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1346,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":5,"flow_first_seen":1490976089227,"flow_last_seen":1490976090313,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00424{"flow_id":87,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313223,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAogXlAAOcGHok0XuiGrBAq2AG7so2w2zhJvRy6pVAQf+wm6wAAAAAAAAAA"}
00490{"flow_id":90,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313255,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd+tBAAOcGpPw0XuiGrBAq2AG7spCu8tK8AyB2TVAYf\/ihaAAAFgMBADDHfuUUhfI1VeevQcG7Dtps2YOp0PzTwPXBH9I11FOaaptlvKvSxGvagTHcLnkxJmc="}
00491{"flow_id":92,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":313290,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdgXtAAOcGHlI0XuiGrBAq2AG7spKfnIMrmm2\/qlAYf\/gFiAAAFgMBADDdEn3FnYpyhAP6tAWBSGDR3e8YizyMcWbhCxETNYkJSRnD2z4Ks3QnAjsWHd6G06I="}
@@ -1197,25 +1197,25 @@
00425{"flow_id":93,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":528618,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAorklAAOcG8bg0XuiGrBAq2AG7spNBzzeC0hcu+1AQf\/cNXQAAAAAAAAAA"}
00426{"flow_id":92,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1381,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":528652,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoi29AAOcGFJM0XuiGrBAq2AG7spKfnINgmm2\/5VAQf\/cKcgAAAAAAAAAA"}
00425{"flow_id":93,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":528782,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAosGBAAOcG76E0XuiGrBAq2AG7spNBzzeC0hcu+1AQf\/cNXQAAAAAAAAAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1490976090572,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1490976090572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":572590,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8o8xAAEAGcF6sECrYNu8YuoUVAbs6msJ9AAAAAKAC\/\/863gAAAgQFtAQCCAoA9mGxAAAAAAEDAwg="}
02402{"flow_id":93,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":720500,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcTQNAAEAG9EusECrYNF7ohrKTAbvSFy77Qc83glAQAVenLQAAFwMBACD44FHjMfKewfxzYudxIpXCLItB1NQV1muzY\/d798KlbBcDAQZgoZInXHO9a\/RDDSeVUYBvycvA+lS55aPWGYYDHweR1MZA14GeeL19BzQ2hCPJsF0aTTB4YweLpKJF\/kfHoxQ\/Fw3qHRcH9I6qbhb5e+O3CNrELRczYGqEB8hcsA0Y0OyrYGC0BmFkwFsiE2svYlHUsIBdscNt4gzJG\/XkjXpTKhNSwTHXi\/4j\/N3T9gFwsOscfLT6CH3ZSXAK1isi5PE5Gs1eU3CqMd8qgGHaYuaBewyQbS+4dKhNHU2QgmKN8BJo25LfzNEC0AivMD28lAq+J4Wa80fDRt71SDzLwze+m3ULSRverhurIqpNuZFda\/3gnNpbsdGuZJmmo4c+bUdpd8mjwyYflr6VJugHyeI5CFM1G7jT5FCZ8X8UT243wurvWrtFZVQENmBLl9+hFtub7Fuv1TQIXsUIdoXtlR+6EWUeMsW9QleyFbHJ6nVVt5nKiNX0DqGCUdyiA3+ygyM4PjEdwXqP+sMmLM1uKdLCEX7bN1vl8U9g+H14nTlqWgcKGrDWDIm5njQSFgrLTq0DZQMu\/LQjVNY60WnUVFZ9capl9ccErsRT6QLuHcwhWROSEpap+6asa9hoWITyQnHHf+Pbm9I\/f14p1EAPsdYiM3f40B7GCbsB4xiKa3RgPw+L7GKP2ip2\/u+nzD3We0GLN+wfE26o5\/nYjFnEgkrJ2pHao6z5EPxXDupdDVIvi\/PoyVvlUq+D\/Ge6z7wm5zFQ5IJq3RGdeNrRFyg\/OCsjQ0IwpIN5CQT3jbWJKcuzRyXpOTxkW8m5SUiEh55evA+BDSjUAQSbpUAjue6h7J4jbhfFOqKykVETYA47aosSgS459rVz3cetKpF+aO+bhGOdLkRanshFLnFaKbnnafNcVIOR409K84abACiKi7WWOTFacDzKqcTW4LupNjzvzwqbjNJvCCtGYSBdQc7ZWqy6du53PTHcUaL2KA0y5ypD07P4LdIc2\/K5Wy0cd1SKbLICrOCtfpF9whBJZ+CSR0IE4hmfYnmFZFVDwtMffcaAdFMNOPWTgipuN1XINiLvDyYlb\/Y4F03SyVvRzx3zy+5hUwNF07BMM4eX18n7\/ArEvbHUV4zA2cMsmjEuuUT3ywqzrI7XvbdXkLC4q3e10X\/n1CEWpbNcbgIEqB+eYJEI2biPUwBW7S\/Dnkc9NSwrZ\/x\/euPEUXK4CSGgGq8Ij5IUKtV1aqcHTN7waVrVCJl9Q\/RZViK7+SGkqubZ0P+7RhQFbcxwuUFdzRT6jtOcaV+dGnEBgErFPxEomB8JaXlP9OHaQqx5oBi91MLoprKZBTUYOvA4F77Xv9YVFMXwxU\/kxaFIY6H6QP35OocijPkzgLvohZjd4jHabCA7mQXqZw4m5XO+E1PM2pNVMgKlaSzCbp3jIKdgO5mpO1qYK1f0cR2SHN2OQXATtF+ccd\/wUmFaz3gs6BUNnkrQqt6\/+GVaw8Twe6+uqeQWiASsmo8WpBlAJQM76jEAvJ+g\/ovnKk6Cga4RYti4\/9RK01c5pQU1I9BWLJj2xw24mjzaSFssO6l9DB4N7ewSncF0NkjCSgwhzSvj40H0flwRbpZrkso9VcM0WTJjidMTaM\/be473zZS7hr9grGj8F0sl3yf9czWS\/Ld4INvTwCa0bWrHck8K3JAvmYPDlJ0jouHthuvu9VvK+UtN9GhtImMvmNFPCqsNDyrTjsd\/hNs9cLghY1KAq+3bli+ziN0ZH\/hT8HJu3PTKTcveWkvgroBSHw0HiliaiFMBDkJW5Bg0NWNHaQpstQLx+vMRyO3zZOoIe8ScON4IDApzUAhXYVJXgytEDD8pZweKtucxXCP1MBvXhqArIViFE7a3AkcAuJQSCf+JxUG5GterlIwh2UkjzhfbMzNoSkFIJBDA2SUw0E4="}
00428{"flow_id":95,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":753591,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwZiVAAOcGBxE27xi6rBAq2AG7hRXpU+crOprCfnASH\/7pEAAAAgQFtAEDAwY="}
00415{"flow_id":95,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":756047,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo81AAEAGcHGsECrYNu8YuoUVAbs6msJ+6VPnLFAQAVczggAA"}
00768{"flow_id":95,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":757864,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAEro85AAEAGb22sECrYNu8YuoUVAbs6msJ+6VPnLFAYAVetagAAFgMBAP4BAAD6AwNTzm7uRNuMF2nu0jG4OW4cloVHrfFLs+QfEmruD54TVyAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRamoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABjq6gABAA=="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1490976090796,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1401,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_first_seen":1490976090572,"flow_last_seen":1490976090757,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1490976090796,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":796987,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AMDKkaPvePiC0\/vCCABFAABJWlpAAEARM1CsECrYrBAqAYuOADUANbcep0QBAAABAAAAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQAB"}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1490976090796,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1490976090796,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00425{"flow_id":95,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":958993,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAobwJAAOcG\/js27xi6rBAq2AG7hRXpU+csOprDgVAQf\/uz2gAAAAAAAAAA"}
00424{"flow_id":95,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":959140,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoU6BAANsGJZ427xi6rBAq2AG7hRXpU+csOprDgVAQf\/uz2gAAAAAAAAAA"}
00629{"flow_id":95,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":959188,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEU6FAANsGJQE27xi6rBAq2AG7hRXpU+csOprDgVAYf\/uFfwAAFgMDAGQCAABgAwMFxYNk4h7Cqgw+EpcZUuAI2voL1iACiKKQZmILf1NDUCAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACiMWogYyy4KpYQtzAOFhkVEkD0Z++tdsOXV5vG6W882qckfcMhjxJH+"}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1412,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":7,"flow_first_seen":1490976090572,"flow_last_seen":1490976090959,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00415{"flow_id":95,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":961685,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoo89AAEAGcG+sECrYNu8YuoUVAbs6msOB6VPnyFAQAVsx3wAA"}
00485{"flow_id":95,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":961960,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbo9BAAEAGcDusECrYNu8YuoUVAbs6msOB6VPnyFAYAVsudAAAFAMDAAEBFgMDACgAAAAAAAAAAB0w4gPWY3YckGqBaIlRln9W1Z9p7Eqgk+86BYrFQm4s"}
00521{"flow_id":96,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":982120,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"ePiC0\/vCAMDKkaPvCABFAAB13VlAAEARsCSsECoBrBAq2AA1i44AYd1op0SBgAABAAIAAAAADXMzLWV4dGVybmFsLTIJYW1hem9uYXdzA2NvbQAAAQABwAwABQABAAAADgAQDXMzLWV4dGVybmFsLTHAGsA5AAEAAQAAAAQABDbnSFg="}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":53,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1490976090991,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"s3-external-2.amazonaws.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.231.72.88"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1490976090991,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":991595,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8byFAAEAGdXOsECrYNudIWKNcAbsQFQ76AAAAAKAC\/\/\/K3wAAAgQFtAQCCAoA9mHbAAAAAAEDAwg="}
02400{"flow_id":95,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":992842,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXco9FAAEAGarmsECrYNu8YuoUVAbs6msO06VPnyFAQAVuT5QAAFwMDCxgAAAAAAAAAActyeU9kGBB4Bx6fhWNkvXnX\/ycJGoXNMIIWzcCQ6K+o1FaIuQR+r6K1327KsHUd8HxeBHbs4UW38KOSai5G5ubzbHhF7ICkED1Ojc36gnjtnpKf5K1WZzJ8zJdTAU1fVk9Ar\/oaE9Tf3wm9PSG8eKf0CSZfQhOdPTVxi05KD96Pzeh3kLzprPsXQKH3NgMp+wVtEjGOhNHP1AjimKapVNDukUpqdCgKQQku41uq87SSop68ODCb6vPE\/MgP5rayTaRQlswfsYw0K22yXcNGbVVmNPVsON6UKgp5EjBibNWffcUEycOSkIUPVFAIjxIqoCmO04hk\/WIgT181bHsP0BTn\/HqbFgZyHjS63o7LhaNaTJJPja\/WdkcGLtXic6r22QZRAjKmrbcjShqLeN8E9xq16eDoUaVs7uFtiOAxD\/SKVdokRoA3ULjFlHRVY6mqBW0i1sB\/Iu4HImonanSF8739+kFAXioTIOXpOtfE0h0gL6lFMNKW2JZe+VMayyyQwJFm++Zm4onJZfEE1QxKPwiAzf68cRgtcul+GnTVEMHLENKco4UV9wLzMtjroTHl8oCWuiFOy0mDos7bx+oGmf71CIVqFylzXI2mjiQr11omY6Wm7Rnk1YArtNsaLFMOkXp8iD8T0gv0Jwn6lKUkXIzdPr35wT5guaDw0O167\/UWfChaq\/le0lF5KXP3u9G2WAo2pW8Mydbyq5x9KA35JeA01euI4AzBj1yImsu+bLEZgJVMPrijAtLwLFoVdw2lIlYnRTfnrHIG6OpEEeuxb8tt9kqKrJdi7iLYubnpwbvbSpmiZi16ps8JMpWQkB7V8icm676ACJzhWN9aOc8VaiLDoxgBH3Se3tdClpcy\/1J\/Ijf0DLIc\/GNQGsxb0GsKJhH5orHc04y+\/ocGPoizSYvwuyhQFgZHK1QPPxnct74AsPkE1seEP0xgl5AeaVIu8AIIuM2G\/4AaV1aJbqyhmdyDE5Pz79nypgRFaxpLiY6lrvLIrn\/9jp\/gcJMZRoofd+laQ4vFcAbGevRCB4GXY7AKHPZmABvR3E09eEowhjxIYE0tVYZpCoI1vEyNax1XI1avbLA8qqQLZzSDfE3iDNR7v5PtOxPvNqnTAUaZOxBxOBw8qIkAgXzqKRWZIoD2XYRFsRzD+HCsOVMc0FooKXz9SCPfgbCEVbzbiotnYhMvrfjYiHEXb5DPSi4BczhWJZeeG\/M1fqd+UrcAsNeYq+ps1sJNQRfIheswrDrP+yn\/6oVBgbraDjRDNpAR73\/hgfKb1BLTZiEP7XcXjtF2Ve0hHSE3YNi55xGvFKeNmQYUeamfNMyYPCiVfkHpcAXq3wWN7prYPx\/7aozQsKeKtlrYVKZOF2BHgaTGjowSGV34jhEwChPHfSccEXrJKAMxtZR+vsC6+HjpR291Cti2IDs4A5U67YCFVN7KfgxucX8aTTooDQ17TBq9YKxi1rjkM+l2wBpsUTxgXylQW8osIpbIGszIi\/\/gugaIKbHwGWuN+eVJ0\/sHOXOeCeyu8\/ZSHs16\/JmokshEX5npHTI5seL9ykIVkwkrMkxvZMEwcNkT+y5X26FB0hvVaAEhw76M8MI+xtOcZqd2le6hiId7RZV1x4oXrNPq2SD\/vKbqDuVjW6rgEDgvwWMEgtZTBpUUyB212o9hb\/vrD+2IcPdPeJdVxKazxvZh1jkIO0+Dpy54sc5dGspxBnETqGNCIjnQM5l4SRu6l+X\/usrqsJYxcD5xrz+ursF1QwsdBRW3MzT52VisKJSNEejAvK8ewgcdaJn7cxqGLjalQD4IxQ3l58YP7bGePbW61CzUJDR8R2La62sDeVejBpyKXnq\/HKmyAcapRPMMLkiDaAfgheaSZny5kL1BDNonLmW6JlrwEc87Q6kg5WDOBMh8qpZNgjYhZO7ba4vkLqM="}
02302{"flow_id":95,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":993740,"pkt_caplen":1439,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1439,"pkt_l4_len":1405,"pkt":"AMDKkaPvePiC0\/vCCABFAAWRo9JAAEAGawOsECrYNu8YuoUVAbs6mslo6VPnyFAYAVsaZAAAorwvKCUypguS0t0clDFKU1VIF\/yIcCrecT8LlV\/7GlRC5Qmweu3RBIA9rBJJi4ok0UJgddYCY4xTn1gbUo+NHhl21tUZQ4O5409uBwBqPYrOswCxOYF31HDaXlv\/iBDwd1srdg2s35KAYwqGi\/ai39a0VYOnGwz1G14ulaQOK3l7bO2VLeF+m8Qz+xAmfO5B3KpZjbs6mqC8cHcrNatluouZyus6CPvhlVaeJoO8yjeEdJdpGfQFw1Ew61YBiD7\/TDt0IPF31DFovoQ55wD0IBOEFh4R0iWYZ6ebPOD7xZBZOCVg3iuqTA+MyiGX+JmGO2tK3TluE1floqmmdVbCQEgeEw1ea6lKStIDmeBoxVrRkbBWz53ajdGSTpQZtEsmQPL9Sdu4AFlqobPlD7HOUFnNO+fZ7xyv3Ew0pvthSXLKgCregPpIH1Xl9S4AOly3HaMQ4mSr+vgnbRDoK2nCWB\/jFF1IyGaQXimEqTK+p93+\/mCrH8nnzMuXVV493yy4zrO5\/i0TM7fHH9VWsWggE4wOsNiJtAg38WetMkk8HLZRlTv+wTTvTEKcucJYJWokARNUi+bTqHruvGGgvKoYna50EF6cscrTeazdJA4iEGOWQjW4uc947OIZ\/8uoHSyLSCTtO2SXRuqSRYQGLdNEujxfcAyhrOa6X9tn2Kw6aggzMw9alBb1SvtMx1wNNzvm2VZf7vit9CiKzp4KGMN\/nJ9yF\/Who+fRuwPST1NlmI6KCzsoHzoMmyf8dN7SkK90qJgOuaKo+O3T\/TKkm5fdYunrptbadqcTsVu\/qwF\/Vb33Ghtiw80WH\/T+hV1ohVeYE\/+Ug9fCMwmenQhMVnePDukWIejC+elRL7naEhQG49fwcOnHNQzYi9AdRKeCFwVvRJoWFWtSDmQGEwNC38sqhXAZzsr\/jIHPU7D7gkH1+XAXL\/JE6Ws3IbgGuY3WaW34LKcc5Ghc\/cPrbeSOmw9j0kUina08femOG\/8baBi60eIdC3AboFi8OdvbLzmZ8rYpTROt+IFAAMgjlK5DZyT3veAlGpLrmD5HYIlolVmgTZj2AMRMuXpwvZgaHooh0qAMCdQ7sTE3GIE\/eOHth6iAzcXFUoeOmIxwKV9fN+6pJsSEXq7pLKt8cgXRzmv6JaMInXk4OiHQWXE+Hf56iKzOcJ\/mrh71Fnw0VeWSpa2DOUd4zvkA3mJSSTnkflHA+pLm9edSpECb6SSup3dRrilywt91z\/dZJenzkDggwrFIYyaChs+yq9fsnXEHCCbzXQ+g\/A\/HBA0ZA13K9pF0mW2QfjbRy4JVYqzFvXQw4QZm+fFjCjAL5In0qxZ7ZRorDtTjilEj0QSXLwplgC+ApyVbdX3h6\/bi0dx+YfdUIc0jomhA\/1Uox\/BOvGRY5JEEhitlDachDk3b8Iwp7cevR49RVxrL0K5hsTqneRrXWd86o6UBByHG4gyN2z1PIrDGmI5UWEA8zNSbQpI9ikJzYMkEi3W5obPW7LFJIuqMGv9\/MOnqLi6\/r6J94Q33Hw4C30AP+4POuk6d8Z4v5uk8mSmhS5K4ma5dl5A99ED+mUZzZopmhQgneGEqzhPW90Z1K3ZuHkwuc0M7l4rbrzxJhR9sUugf+rHp4i9SBeyEUtYobi5+wbljiBl7AF2UTxmLiNTipJmG1e15QqyXNNbkCTpEqSH2YHaK4Pxa1vgqRaBhYxyW2dl9TO2mkI3LVWataIo+NCqmOGp1t4H+v7EiM+OLk+WcBM4BWADmAmWmUdhWppIHSyTuToFiaok3PFxt9hG51V+YpyErL8FAFdO\/f7K27d\/F0ugovo6qdeqGaUiPjye7t3KDSSAnJ5c="}
@@ -1223,20 +1223,20 @@
02409{"flow_id":95,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":994137,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXco9RAAEAGarasECrYNu8YuoUVAbs6mtSF6VPnyFAQAVuj0QAANxCfH8vwgkGACh4y7Pi6EXB3SnTfaJ1uWa9Z+l24sUibdzYOToF2OSUwVwu0FdpAe3m9J7bkVPfDfB2Cg3UEAEJgbXbd1HveTgo3qmgnQN\/k\/tmUW6pRreeMGu8zYe7EK5FdFNZwIaLBv8OtSqZAa6lOheJIJz23sfejkCcct50UhRTELX3fE4HCu9BxxeoXdpgz\/fvGHlCHlwFMAqf2kmAF4U62ETQ\/AYeN6hjWbPgTjN8QSxZZ13xdX9YE00ZOjmNLyDiqn2a605n9nri2y9YQAm2sYPpHedsZXTZRMkkgKkWMY+0TtAHlb4RGfbMloMxLna9D26v8rliMXEmRMhOSCToqExLmk\/VNE6tgEfIC3gdCTMpRqyB0yRPxQmA09hYi6OVFUCe+t5fLrhJ0KAicJg7Lt09CrfUmhDY8uyB2+mYO7IIYLTxu70uuzOmx3yt3gpcl0hO4f1pAJhK\/rmlAJR2htQvgFlxhBA6FPMqsNtalU1QhsJWqQdC\/KkSGc6M61KEG2nRhpoY0x1FDHXDozViQqXzcwZLI4BOkic\/u6Ozr+75CTlyLoLE2qmG6qitOJbVB6FlzZ\/C7c5X4G9vhvrffI1wDFjNq+Co19z0VpCxEpTo2UYLXKjVVcoZTWQy9jX6LT7eQWqvO82656j5GZZWZLkiZ0AhKMAS5zbbk0IfI3dkjB+re8uo9fs4GuAP3s7z8xnW0tmZRkG7Wj9N\/P6E3quHtWZe4l1NtXUT7KdgZhYg4mYSj3VMTn4e\/c+4\/Tpoy\/PdiZKgdY96mn92zPsqPwMy\/H1hG66WMa7TdZ9h94sIRoWQYDPGM+34EV6SAQzdF7rdi5Oodv1SiNMaKR0XqdwJzExjafGwJM2LWKgtbEJrHNBxRJDmb3SWHnrMMArc\/\/rjCZrNcUxAYms5fctfD6FZTfwDaIe5rXKiK7zxgf3dfSKoXgDb5AvaO2r7rtiHeIWp7nd088KoG2IbY\/a41\/XeL93SlWCjI0fY23UHUcp\/qIPOzINy4TDzZRlwGFtv8k70MH3FpG43J1nAQYg99HBfj4\/5gh+M964M\/HDbpu4PQG9qfInFCXqyDecXZ+g9ZdkYYO1epLVUguy\/NwzXQU\/OmuqUGJJZsaqVuBcjLfV3VzbZDKvsQJwbuC5h4LkJuUAkAsLI8rZ47LymfVJ3JMBdlBAGCY0e+MyD0++FNJGyC7C2YNMfVUbtugA7xLATO6O4oScNsZXdhRh7Yzvs+WYLfqGoymVFWgO55fCIvuGor9\/hBpfXVWc\/U3awUvcmRyRWX+TaEbB5zo3RcyGTmUJOB5oDcX0\/7kIEXvW6GCIW3W2adsF28ZNQOV6TdPGZACfZZzemjt1M28JRlyaTiEFWXug8adPLQVkWfqgIZZGaAi0s+108qI4srGwCmk4y8ZNHYWrheTCFd9swLherWCPyym++0M2iozjOjlrftGKlI1HxERrNUiyzcxyiWiXYOP81aQRvk9ooMxHzssKw8UPVVFJtJmrxBjuzntvS6D0eM13SwoeosZkNU3OeWiGWVCg8kL\/flvyhh1BtjGItcdOWtR\/\/D8r\/thxwWFh3XL3+elMG\/5GRJjy3SfrD7WVgILnKoYTNbvV8a1uhwYHk6U\/RfvWfeQri1W2Fp7NFF\/lxN8TzaByoCcPyKCH\/Hyq8u03P5zD\/vTleZYwk5pDe+hnEz0ycPl+WKVYZVsUhREXKTab7DXpL+\/4xkBF6Qya0735IcoO88GFsfeamFoVPDq+CeuAoL6pncVZL8w5dvIWeDVKjIb3NKPduDW6coexygISUfvkzLKb96cO6QPfpbT5AYLxlES8VKqoQuKTiGEGbMP\/B9t\/RJjqBFrfQu7q3eF8l4ibLSdpIQiiC0N1U4fddvZGoEQJdAZXX7vvwn49D4+E4L3CP6atkDU5oA3kGl6b3t1kvodxFcX\/Vdsnw="}
02390{"flow_id":95,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":994284,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXco9VAAEAGarWsECrYNu8YuoUVAbs6mto56VPnyFAQAVvo8gAAYCTMOMys2Ttgk7Blj9qH3ZxoNq5JXaVFLYv\/gP2Zs4jGleDDHo79Db6PHnhDw79qEiEr7yPJTrS2I+tU74+8oZrJFMI3AOdWVESIUWr5BR5Kra0l2XWZ0vn2b5O1AdqBl90W06IMnZV9Bmqf3\/PXWRh195gQAZ77uGEPM3QUdXmEqjADw3K0UcS2qHafOXJnqCG5YhHFvOElTcvlFZN6H0J0bmHHq6LcEXl8hOVrNPNyxP+whEGl5NoAbVZCrf4OYnMNcNs6gYvBvbdcXS5T0hXXErz5IPZ6X5ab6HEAA84fKUxdKe9dMmSDoNSsK4I+EGkz35UdSjBRUqHhT7kYASGNCtH7sNsO+cS0FzjS0Y6oCNxwzx40CUBP3NezY5Nbug9q70V\/1VQZwA2AwhxCTBUXkgFrbDtJjVcv76eCLhOp7EmMbyVksLYEbKIM1UOinS7ruUf2E3tZfJbRie0jGOT41jyVr45q6ENNh3IPs4M3WJQm+fZvcp9psfKJ0ZFp50Zba8IEJHoMhg3UccBP66WA9jSp57yx2DEKdT9KAd8vL6YcYFpkupL1ezxaK2Csc8DgzxnZ84\/dDYWMoh0HWmoWyuZ4orNJyz0JA5IA6TI0pJ7LXJgwF1z188ZfODTlTqeULkR8kFAzHqX1lXVZgr25p72PTV+BrBF\/K6CSyoSJl1d0MNtKQ38PBk4Rp+77Dt9tQIDb3Upr9PV0aztX5DrK17wAcw9UuL2giDcUNsy0jRS9K2q2wydBYAyAu1IusmGy3RDExnaXjiN0ufRCvx1TDdUU0pMnUilunVwp\/SsyiPYzzpORq\/Z24EwJb69NcsinD9oppAvOc+wRLmEofKTmslGAFipPHUfcXMEXjnGRQUgp10GqAVkpVUd3cEBtXezlH6fdaSl\/xspSax82uklb032GNTuwuxvyGBU8tHUjdMhGuyJHYvGqf6nWidTUpl3eyYnEmoKL1OUEHrIjigNh8PoJKiKA4rolQEG++2+RoNcBphO6VtYu\/JeLc6dHpMTs6XTirsiuMNGK+WiLuYliJ5wzE2y1vSzHzog6ChLp2CpydJYAXh5E6h7wEW9yKsnCVwygQREIliIGGxhVoOFTmt6FH4z98GeZxYfYnVIF0+saZrSQdIw83\/2VTxID184IY2\/tjsDByNZMrO9j2y59tYp9jD4+UZdwvvNKJQAuszJMzoTxSS1CSPGSBcOq9OT48IBmHvWGVKZRXtfPXSq45utNmOKksmt36Ffz1IyX63od\/pY0fIJllpcJDJGNPbDcHYbL2bdkkcHIoRA079etR5eEA3Rzyrs9Unoiw5YNnPfWeubl9E1cSzy6Lw5UCdqpgWdpvfKZIZqaRarUq+e6Pp1r5cl6QhJgJsKJSYTZL6ZUam5ilWsDrHJ27D2ugT50eYPTo9NBsJEK4XAZL6gr5V8T2OYR7XLh+M1rQCAqa2Q3qicomu0UlG69Upi3z+06J7QsDsKWfAYTlSXMyhNpy\/BqpEsySKyuggxRZDsn6IMjF4r+v\/ZRSZlu1JOSqg46KYC16lX0pXFA8lQg9PHlx+WkFh\/ju2W26cIBlcR1IebaOzX2Dr3s8wDR2N\/jV9xLt1MUUW7P7FMPNZEbuHZgh+zChv+eJx94LqzFxrAg8XcBMEX3o9mwPpCxKeh+Yk\/p3Ywh0rvlR+xDbAWp\/PdlLgPI59mizLPvjnU1FSo++jmQxmhl16c1ihUOevrq7YvcMpmZ1kpU0\/fP+v+hdXQINmecfS4aKSF35tmvIr7dvgYWP0Q1Kem37uSmDrIvbEpeidD69jVBROvrvpnHDTENhI40SbGvglUb1kZryyII94XncYv3tAo+WeipC\/2+wu1UCNre8jXD9TVtuvomYeKcM1kmnDbIuOoxRbGoDAfDtpQl35CxzixB9B6G3GCre5aQzU+zfqE+S2fDVST1dnlPyzA="}
02414{"flow_id":95,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976090,"pkt_ts_usec":995725,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXco9ZAAEAGarSsECrYNu8YuoUVAbs6mt\/t6VPnyFAQAVtGxgAAqYZDyQ5E9TA8X4p7Y6l4dDe5umR7MFmlcORuTtnUamoJjw8u7zAy8E4IfcM9t52FeiGOzi9FV1NN4wZEp6tOICBoP4m4n1iJP\/R+PeJSb2L8Dy+D9weuCOsL5nYfUU\/FUResu2HMISj+TurqnRPPe+4KkUOA4ivh5R3ZSdOYlvlAEKiILHP7q2SKA20it9pr3jhi+ad\/TUIjnJ3ThXtRO2w2QjMUwjCwywzq7Y2wSL1s9TwEK92QgAYYk+PuLIOa\/YGI8kNdOWhV7Wyl79dvNuyHt38kuMpi0OHO1W8rBVWpG6eoMwMkfDwQqO05RGWD\/7IAlhE\/bnN7A2NhyWRsSAIJsEaYnJhjI57u+ziErua7wXvFhJWzsReeEiwKisLSj8g1FA30PjNtuBhiyvZV7M8t7pPZlZQKtv1vuUQeyjUHfdFIgLrbf1Gt0qynQ7+qjZTgMW\/QAKF\/FfNGXGbNyqk7FEsxXk3TtsQDRSaTzCY631ml6hLyzg\/GntOdz1dTU7o3upUxKOnOAF9U0icV9XUV8hzAT1mjJw1nhDdaByf6Rp6jNesDMjlMEMvNMAYSKLpe\/4ECKHdaFEiEEqRg6jANUyHGEF5h80AW7W0HqMNgaJw\/pMIUCiETsxk1Vz1Kj2Ts\/J65bm8CaMSMxC1tHTwozaxgqwZ29rvvrJOl3wVT6NDuvZmUhZN7JwNyF\/z0\/5r5880rKRedAaHXUvZggCdsT5CmyUCOjIWSXp0FwkiS0cZ64ltnBniUPaGBzBP2\/Njc8ztFeXTvSX6a74k9Z63lfL7KUs1+YBFMiB4CAR9rx8YP+D2j2qaepb3604zMMyKk3AIkFjLQN+JYABxShGarjDSyRksR4Gyhz6WMAZWrwC6IzMHml\/uJgbbFkMuTGt2Mh8RKhN\/7rGUpNUmJyyT94SeSU1szQHMV6vZtjokS6bM0Q9XbloRVkJPpYbtn1IsEjvB\/El6OyjSxYY3ty17IXrofHBASqfxN+EHiPZwGk8VpQM\/6MQ3KeydunU3cLMSZQZX8Ir8TkUwWUH6mSVof\/n6esglM2ryMSGbTs598ZA44oyp6zpNwLMlrXdjTJ23E5Yseshl7qewQwR4xdEBopne\/9gnOsI2AQqR7TubK50k+EKFaAhUGsfaHRH+eArsF+vbEBFuo\/MUKWtD\/GZ+vB+BnDdCsYxiHCkjzrz3576HUNiasVKvd2XnGb1XZ+nEh6qZdmR0RRvuKxsxeM1d5s4wvf5oiQ+OriiP+C7Vh4zmZYcZFJzu0G7umRvyYBS2IBbkF1uQuzNVxOoH3ntlz45R06TEIzqLyBi6OcfdKPO4jlBGVf3bm0uRLVmyJuMw1Xg6tjd82CxkuvSudxzYvWR5w0\/A\/F\/EzKZ6UXDr1YAX\/j\/c0Awd3YN3DnHfH6TG3+hE38YaNQ\/lR2BTB5M2BkQIO0dWUEJrzfvhPGX7KVwaxAiJv+t7dhBzDps6xyUrmkrYO8jZfDntFpJY1UWQR4\/2S0v95lyNJE3g2aOMd\/1pGi0LzGLbs2McJkmKKVpPl+qRE3GI0QjlaEiqh+fJM9jh85nDBeoRgaGVewzaDdCMbcny4+sLmD7bthRr6pthg4d+v\/pe40XXRgwI\/RcSdzshDJ\/zSwiyJiIsVtSao7WuDtiePizRJP1QUaCmpvg+7Sy2ksglPxpYexV6A+U9FB+w94\/FHFfwxvros4C8+j00G3UtpGFN+NpiY+xzQCqwjpA9GE4rsavlDUJdvVlOMd4\/H\/8r2pfz\/PKynOANeJL8hEaiVe\/w9cnlYn0Tp8+x7OPezwPHFpGMvVb3LSMMiRUFclLubc0k71\/JnMehpaVJZia+Mw6qsfG7jgQhUrHnMje\/ycamUiI1IgCIR3rnmYN8mm6wbDsZWusG\/NcJQq8MM7isF7VdQmaXa7\/F6RWOrjJhVW7xPDYJPHHXVkD22oLk="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1490976091048,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1490976091048,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":48429,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA80ahAAEAGEuysECrYNudIWKNdAbtkFLBIAAAAAKAC\/\/\/ViwAAAgQFtAQCCAoA9mHgAAAAAAEDAwg="}
00433{"flow_id":97,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":160874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0KVkAACcGFEQ250hYrBAq2AG7o1w0YmduEBUO+4AS\/\/+yAwAAAgQFmAMDCAEEAgEB"}
00415{"flow_id":97,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":163241,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyJAAEAGdYasECrYNudIWKNcAbsQFQ77NGJnb1AQAVf4XAAA"}
00708{"flow_id":97,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":163513,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"AMDKkaPvePiC0\/vCCABFAAD\/byNAAEAGdK6sECrYNudIWKNcAbsQFQ77NGJnb1AYAVcUGAAAFgMBANIBAADOAwPiWwT6rMYxCKpzwVWlHQ4+YJCqbihOIRaiGpLsY6Y1LgAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAhQoKAAD\/AQABAAAAACAAHgAAG3MzLWV4dGVybmFsLTIuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAY+voAAQA="}
-00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":4,"flow_first_seen":1490976090991,"flow_last_seen":1490976091163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00433{"flow_id":98,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":217295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0Sq8AACcG8u0250hYrBAq2AG7o117lZ8zZBSwSYAS\/\/89vAAAAgQFmAMDCAEEAgEB"}
00415{"flow_id":98,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":219669,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0alAAEAGEv+sECrYNudIWKNdAbtkFLBJe5WfNFAQAVeEFQAA"}
00423{"flow_id":97,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":345076,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAozJ1AAOcGcQo250hYrBAq2AG7o1w0YmdvEBUP0lAQAD74ngAAAAAAAAAA"}
00543{"flow_id":97,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":345211,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"ePiC0\/vCAMDKkVoBCABFAACEzJ5AAOcGcK0250hYrBAq2AG7o1w0YmdvEBUP0lAYAD5MZQAAFgMDAFcCAABTAwNY3n1bB1IWchbASFbdS+TEN7MPbREAIen8zENYwPlHZyBPSeLkXjji7rxbuBfRuYdiOn9o7tUR6tCEdV9ZFui2uMAvAAALAAsAAgEA\/wEAAQA="}
-00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_tot_l4_data_len":459,"flow_min_l4_data_len":20,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":6,"flow_first_seen":1490976090991,"flow_last_seen":1490976091345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02345{"flow_id":97,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":345839,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXAzJ9AAOcGa3A250hYrBAq2AG7o1w0YmfLEBUP0lAQAD4APAAAFgMDCkYLAApCAAo\/AAXSMIIFzjCCBLagAwIBAgIQBMfcKOK8HBiR3kAN+oIkNzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSMwIQYDVQQDExpEaWdpQ2VydCBCYWx0aW1vcmUgQ0EtMiBHMjAeFw0xNjA3MTgwMDAwMDBaFw0xNzEwMjYxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYDVQQKEw9BbWF6b24uY29tIEluYy4xJjAkBgNVBAMMHSouczMtZXh0ZXJuYWwtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgFi5t9Poottv4yA9sjKTkUeKR0nxIcwIwvLFnS6eJtozACVXMgNBMnYNxtBJITuzZzMGfNOfQ5I3x4aR0p1Vh5BI\/oRM8Zize4Nb1RXsmlqU0QSAPBUn2aS2EzQ70GsGtlaA8Ypyc6xYmv\/ejtxi9iLOUyBQY7hmOKGiSHWC+fw\/kf1JwnVRUI1Ng2tpaadtJLUCsXxJtT1zYnAhOm22p0KTQf86wbxhwI5tBOIKYG15htwGbFHZjDh5jI1RmQgShWsxwIupqTrA1ZGunl3BSCih7giPwspTSV1paONn6iFhdaBisNmXAavJ031zbBm6T1I+AAl+jfuK\/0IGHd7UQIDAQABo4ICaDCCAmQwHwYDVR0jBBgwFoAUwBKyKHRoRmfpcCV0GgBFWwZ9XEQwHQYDVR0OBBYEFMRhhXtDQWVjWAVqI6zMSh\/+fx6GMIGXBgNVHREEgY8wgYyCG3MzLWV4dGVybmFsLTEuYW1hem9uYXdzLmNvbYIdKi5zMy1leHRlcm5hbC0xLmFtYXpvbmF3cy5jb22CG3MzLWV4dGVybmFsLTIuYW1hem9uYXdzLmNvbYIdKi5zMy1leHRlcm5hbC0yLmFtYXpvbmF3cy5jb22CEiouczMuYW1hem9uYXdzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGBBgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQELBQADggEBACGCc5e6zWQoCjtzewfTwAojL4HVsnvTH+kNkrApkaprXymS3MP6IUuyqzQo6pzl85nd9XJG6lNZbD\/Aj\/jAS+ZNXfa\/x9cR2IBjPsoZZkqlGLiqQHrbCL3ZOiQYQPZcyFcu3FXb6CxuxcrJa6CaUeJMZr3CsAdvpBc3s7zBqfVPMbF+V9EfEHLk3M9eWuVuXISnrn+pVpM8XZAq1R9\/0Gpke6hG0m8bP1ew0sdkBxG8ms8C3Sld\/w=="}
02036{"flow_id":97,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":346214,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"pkt":"ePiC0\/vCAMDKkVoBCABFAATbzKBAAOcGbFQ250hYrBAq2AG7o1w0Ym1jEBUP0lAYAD4t4QAArkanxPEbwbKd3CLwypjbfWs559TWHFzKn+j766LVovsuE5+bK+6wzq66lFFthbWdg5lIAyUv7wnwc1e52uTF6wz0XiihPS82EAAEZzCCBGMwggNLoAMCAQICEAGC+AmOouYmuRo7J4Qfua8wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNTEyMDgxMjA1MDdaFw0yNTA1MTAxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIzAhBgNVBAMTGkRpZ2lDZXJ0IEJhbHRpbW9yZSBDQS0yIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+cA\/gABc++biPBcCHXwXHBzH\/+1eh+NCCP9x8ETP7EhBr1NzNstuIcZMd7aaw3BXdJR1bBectTwZtSE8pEYQbUJJrIDlgRplVP6B08+voY6QyuyWbWr0br0WUByWme2zeZV\/AkrpJiyv8ypH9S\/h4+CJf1FgKnsnYz5dJDPHPhlUK\/N+EWryC+NjjYd3uqJzbJS2eUJzTZxK9rG0JvG9qRbWzm2HwAfGaT7074M5vuP3Q6A5qTnWsTAL3LukfODZ8nNys5KsCCB\/eRyrwkY509C7E0nQk0HoN3VDXX3NmDMJlSYoYg38IP3rSlZIM+7JeHVnubzrsEB67UGieIKjwIDAQABo4IBGTCCARUwHQYDVR0OBBYEFMASsih0aEZn6XAldBoARVsGfVxEMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAv4jdmwxrPkVXuKRT6UBC+mY3iKPF0FgdpO0QwPfW5SfVoNv63MI2p4AdJQmNGUrVpxptJ8hoPV8b2t76rdY0Noqsz5GKFQ1SrY5QMo1Og6h3kpqaslQ5leOwzjL6UPthwq+rH4XjOM5W7+yxY4IpApm1B2NjZs\/kvAsUbcGviOoV7HRiw0UuawW8XECnoDsPhVJZUpZGVCCCNaSyeLz9QtC7lVx+vpHPSoSS7DZD+RRMdp6Ep2GYLw9Fss0+0K4RMR5Dsi+JBiRO2B0Z3Qv27Hhf6\/yVLjlBX647MThU\/sSXdQQygnGJtb7qXB4vZ8wYQxSnU97oWkKjQVOFLSceY"}
-01212{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_tot_l4_data_len":3134,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1452,"flow_avg_l4_data_len":391,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
+01223{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1456,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1490976090991,"flow_last_seen":1490976091346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2942,"flow_avg_l4_payload_len":367,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
00874{"flow_id":97,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":346471,"pkt_caplen":392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":392,"pkt_l4_len":358,"pkt":"ePiC0\/vCAMDKkVoBCABFAAF6zKFAAOcGb7Q250hYrBAq2AG7o1w0YnIWEBUP0lAYAD5eRAAAFgMDAU0MAAFJAwAXQQQnWsznNPm2HYucYkoQuvDdbmWFDUw229evyAP852r8fLxGpaB196x8pjSmNGjfwAk6\/8jY4sE60j1vgHuf0R9\/BAEBAEAy6Ts+IfOsXtJqwShDUm7bdKAwEQn4ncLpauHbHhcQIc5W2Epa1kT3xibNsGPtUjSjln7tEECokWh7+lz1VzPgzUfiHtbCoQY1PyviGz++6eotQ\/sgSyVqUG3leaW1GBFbQyHwoZuitlymkEeRcUpebcN12Yyxf39Q3dbBzbxAFNuatGe4ESAur1jKJ9ZfxJVanRKEiYqGZ8gMRZqnmX9iRPtr2eCbcJxVkUvpLUMGbEsGKcHIFjj1KaG3Lgu7TWmFWExi0oi9cPdwwelRkdznkS6X+JDOA01jCVtgUXsqet3oI2bNrK4ktJawHqrEQH7YWk+gS+GNQzT\/EbHRP7c="}
00428{"flow_id":97,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":346549,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAxzKJAAOcGcPw250hYrBAq2AG7o1w0YnNoEBUP0lAYAD7PgwAAFgMDAAQOAAAA"}
00417{"flow_id":97,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":347251,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyRAAEAGdYSsECrYNudIWKNcAbsQFQ\/SNGJny1AQAVf3KQAA"}
@@ -1246,24 +1246,24 @@
00417{"flow_id":97,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976091,"pkt_ts_usec":349130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobyhAAEAGdYCsECrYNudIWKNcAbsQFQ\/SNGJzcVAQAXjrYgAA"}
00446{"flow_id":84,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976092,"pkt_ts_usec":902682,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/hAAEAGPiGsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/91dAAAAgQFtAQCCAoA9mKZAAAAAAEDAwg="}
00739{"flow_id":89,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":200367,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXPT5AAEAGCNasECrYNF7ohrKPAbuIDFw1wRUUulAYAVfLTAAAFgMBAOoBAADmAwPjfQc08nicJlIWvpWTsnguVDAWVUUtWHA8jlVxZgUfkiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYOjoAAQA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1490976093238,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1490976093238,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":238253,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AMDKkaPvePiC0\/vCCABFAABEWltAAEARM1SsECrYrBAqAaKnADUAMOTtwQkBAAABAAAAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAQ=="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1490976093238,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1492,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1490976093238,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02410{"flow_id":92,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":261862,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXc35hAAEAGYbasECrYNF7ohrKSAbuabb\/ln5yDYFAQAVdY4AAAFwMBACAxOXnbOB00Ydbq0myEW0OkHMSFkb95zBRYrCRko6JpzhcDAQYgNLTnSXQ9svgqfKWVlrQngszukuTE7nKnDUEZYxrlAmYbGa1uZ9dFMEH1kcfHo6zOTAkPkSr3v05auMyQXhxyUM+Qlw0ggqwNfizjxfRy\/UTnOo5Ec6FDh\/4oYfa+J46aZ9XLhR8omFWa60IDdQQgnw7SPrV+xQkLTAA4EIb0XbLbGsllipsNHeXmJeh0aGA3ht0tEkwFfjopVs3JQ9XxwS+ghp7l\/eHyOcCrcWOmijXPfIF7fB1t8qMue6sK75mbRQMyOpYkuHC6vGSBi3C6D9dHCwkc4ciV2PxV9fZegOkUhKJT2g893OeHbn+cGu9FChWLZYJ99HQUOumcrur+nZbplAojB8vDFFR+QLS3\/GjgzyyxRFnp1frnHqivV67H6xaSgX4To2ORRiqXdrWzrZTe5qwPtpIKGR5eCf6IenCVXl4BvbLE4M7\/j4sRpg8PMJpWFmWNpJqMDEzui5IhhQZEpuSYq8+NiyjiECAI3NgvGuGdAb39yEbyx8cvLebCZCLKdESYrjT9T8I24aJkp4ulxShcIvVbEgYsFrt4R7NNQmsZvsRraSN5AHW66\/lyhj2UvGjvWqq3zjkIMYYL7+Wl\/3Ucntf6dJt8ceMiIGFRYfTgvDfUSYChK+gyWNX6m29Vpy7tAffHakNsdC9yHGo7HevDE\/7oR\/VfgDFPU9LW4v1iipwz5CoUO2BkN3RrIQjhk0leTMfmnYusHwNR1\/82MFoho2R+4zWvVCSvCCDudehqGb7zkFaYdpSgeUqDlj\/a302l03x6d\/u5O5VKWEs5+Nm6CKagglsyTDXCtT5GMPJ9qOf1KzFXxmKfh1qPGPUjH6uMj\/GmJy0zHHzFCuFvHHs94qWBxhFpG2tQ6e9QQ1ebYXii\/gf9dlVuG3t0huSqTFhYDKyt5k0Z7s8QZ6WsmWGhC0fE3lSSO40hoN9Y5nrXsLSe6fSqCtQT03d03D02RE6GUz3sp+H8gXUCLmZb6sxqTJ209iw3scEnrzCEcXlA058OSXeJag0rV9Erllz5fbKrpS1kCvdLretW1tBL\/vCaHyRPUTAqLrg3\/yFXv78FN5NS31yhsRbNuWC4KWPGRsbmzbNqXSpLm9kYQLNQHMOzjnXOGZ3ynmiP\/Ekzu5zWrH\/GrQ0KbEt5xXHqnEjilk0STUzBka3cPdy8nHfJ8N2xtcw80\/2Scz\/SxWTBvAAQdmy7Qh965JZml\/onIcinXc8tG+6FIod\/TluEUGqO\/nfAgO\/qyqCOstVYkXzqAYQam9FOMH8sFEB9SdhdZ5rHslSZn9jCWBfaphItGETUpwGVGQ\/+I9\/5IqK59SDBxJZ79K\/K9KvvugTFitD8lD0I2dNrqDwk3SMpZ13IUi2xIZtYvGPPcHy\/hI5llZnaVeOqmx4KCM5wXWEoVcrVr0r4sd7p9HPoLeCWaW3j2BR5b0AVjA3Y0mdbN+C2RII\/VeVkCMaX6Su\/9FSy+A5KL6eDEQd1qNbMiJbjsWCnRcJSsq9GonkVGG2LnjE+qXT\/xBRWhUnnEiYNkH8484UfDNwoRVAPYeEM+Z\/TZQ3oKNstYo9ztA\/jxXvIXHuodw2JOBGY\/IqGutMlHdpOGB9ycbkRfwWNOIH8EKqoPD0gUTmb3jdoKTbIOjsbke6GQYzPhkZUJeiFuZQz02XnBPUJ+wKESpvBxhgVUuJl39RFf1GG87lRo94Wath7m0EGZK7ql7mBTpGY1K8j8\/X\/f8GwEd8JQwxjM+YuL20vfjEYa1AeWltEDcjw4Nd6ekBcJiZqv\/llpjT9sejK8H5iNlSWhjJmuUtkLe3YTNvZGPqOYEltH7SvUFE4WbOGrTQ13ySWzAifVyF\/DP56aNnNXFMewttDnvLLszCgJdF\/ZvgK9fj2UpjYBDMa8bM="}
00509{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":355795,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"ePiC0\/vCAMDKkaPvCABFAABr3WJAAEARsCWsECoBrBAq2AA1oqcAV3huwQmBgAABAAIAAAAAC2RwLWd3LW5hLWpzBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAIQACwhkcC1ndy1uYcAYwDQAAQABAAAAFAAEsCBlNA=="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":48,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1490976093358,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"dp-gw-na-js.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"176.32.101.52"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1490976093358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":358419,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGXMysECrYsCBlNKvhAbv82ZN1AAAAAKAC\/\/+6GAAAAgQFtAQCCAoA9mLHAAAAAAEDAwg="}
02402{"flow_id":93,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":420793,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcTQRAAEAG9EqsECrYNF7ohrKTAbvSFy77Qc83glAQAVenLQAAFwMBACD44FHjMfKewfxzYudxIpXCLItB1NQV1muzY\/d798KlbBcDAQZgoZInXHO9a\/RDDSeVUYBvycvA+lS55aPWGYYDHweR1MZA14GeeL19BzQ2hCPJsF0aTTB4YweLpKJF\/kfHoxQ\/Fw3qHRcH9I6qbhb5e+O3CNrELRczYGqEB8hcsA0Y0OyrYGC0BmFkwFsiE2svYlHUsIBdscNt4gzJG\/XkjXpTKhNSwTHXi\/4j\/N3T9gFwsOscfLT6CH3ZSXAK1isi5PE5Gs1eU3CqMd8qgGHaYuaBewyQbS+4dKhNHU2QgmKN8BJo25LfzNEC0AivMD28lAq+J4Wa80fDRt71SDzLwze+m3ULSRverhurIqpNuZFda\/3gnNpbsdGuZJmmo4c+bUdpd8mjwyYflr6VJugHyeI5CFM1G7jT5FCZ8X8UT243wurvWrtFZVQENmBLl9+hFtub7Fuv1TQIXsUIdoXtlR+6EWUeMsW9QleyFbHJ6nVVt5nKiNX0DqGCUdyiA3+ygyM4PjEdwXqP+sMmLM1uKdLCEX7bN1vl8U9g+H14nTlqWgcKGrDWDIm5njQSFgrLTq0DZQMu\/LQjVNY60WnUVFZ9capl9ccErsRT6QLuHcwhWROSEpap+6asa9hoWITyQnHHf+Pbm9I\/f14p1EAPsdYiM3f40B7GCbsB4xiKa3RgPw+L7GKP2ip2\/u+nzD3We0GLN+wfE26o5\/nYjFnEgkrJ2pHao6z5EPxXDupdDVIvi\/PoyVvlUq+D\/Ge6z7wm5zFQ5IJq3RGdeNrRFyg\/OCsjQ0IwpIN5CQT3jbWJKcuzRyXpOTxkW8m5SUiEh55evA+BDSjUAQSbpUAjue6h7J4jbhfFOqKykVETYA47aosSgS459rVz3cetKpF+aO+bhGOdLkRanshFLnFaKbnnafNcVIOR409K84abACiKi7WWOTFacDzKqcTW4LupNjzvzwqbjNJvCCtGYSBdQc7ZWqy6du53PTHcUaL2KA0y5ypD07P4LdIc2\/K5Wy0cd1SKbLICrOCtfpF9whBJZ+CSR0IE4hmfYnmFZFVDwtMffcaAdFMNOPWTgipuN1XINiLvDyYlb\/Y4F03SyVvRzx3zy+5hUwNF07BMM4eX18n7\/ArEvbHUV4zA2cMsmjEuuUT3ywqzrI7XvbdXkLC4q3e10X\/n1CEWpbNcbgIEqB+eYJEI2biPUwBW7S\/Dnkc9NSwrZ\/x\/euPEUXK4CSGgGq8Ij5IUKtV1aqcHTN7waVrVCJl9Q\/RZViK7+SGkqubZ0P+7RhQFbcxwuUFdzRT6jtOcaV+dGnEBgErFPxEomB8JaXlP9OHaQqx5oBi91MLoprKZBTUYOvA4F77Xv9YVFMXwxU\/kxaFIY6H6QP35OocijPkzgLvohZjd4jHabCA7mQXqZw4m5XO+E1PM2pNVMgKlaSzCbp3jIKdgO5mpO1qYK1f0cR2SHN2OQXATtF+ccd\/wUmFaz3gs6BUNnkrQqt6\/+GVaw8Twe6+uqeQWiASsmo8WpBlAJQM76jEAvJ+g\/ovnKk6Cga4RYti4\/9RK01c5pQU1I9BWLJj2xw24mjzaSFssO6l9DB4N7ewSncF0NkjCSgwhzSvj40H0flwRbpZrkso9VcM0WTJjidMTaM\/be473zZS7hr9grGj8F0sl3yf9czWS\/Ld4INvTwCa0bWrHck8K3JAvmYPDlJ0jouHthuvu9VvK+UtN9GhtImMvmNFPCqsNDyrTjsd\/hNs9cLghY1KAq+3bli+ziN0ZH\/hT8HJu3PTKTcveWkvgroBSHw0HiliaiFMBDkJW5Bg0NWNHaQpstQLx+vMRyO3zZOoIe8ScON4IDApzUAhXYVJXgytEDD8pZweKtucxXCP1MBvXhqArIViFE7a3AkcAuJQSCf+JxUG5GterlIwh2UkjzhfbMzNoSkFIJBDA2SUw0E4="}
00430{"flow_id":100,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":481996,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwL+xAAOcGd56wIGU0rBAq2AG7q+GBdUC1\/NmTdnASH\/53tgAAAgQFtAEDAwY="}
00416{"flow_id":100,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":486409,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"}
00676{"flow_id":100,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":491797,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AMDKkaPvePiC0\/vCCABFAADo8bRAAEAGXB6sECrYsCBlNKvhAbv82ZN2gXVAtlAYAVdf+wAAFgMBALsBAAC3AwMUk28qOfCX+6BknWYBVekF4sddVYXUxYb5G4wUZo66+AAAIBoazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAbmpqAAD\/AQABAAAAABsAGQAAFmRwLWd3LW5hLWpzLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAiamgAdABcAGCoqAAEA"}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":20,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":100,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":952522,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoBI1AAN0GrQWwIGU0rBAq2AG7q+GBdUC2\/NmUNlAQASzBkgAAAAAAAAAA"}
02385{"flow_id":100,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":953106,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcBI5AAN0Gp1CwIGU0rBAq2AG7q+GBdUC2\/NmUNlAQASzHCgAAFgMDDUUCAABNAwNY3n1di6S2tK83OuR6x\/Vk1WfaHQb\/fjmvRs8+b+gskCBY3n1dFrR1oDAIXc3AuFkKnOfZtk\/GQhS3v6zIpdKk+sAvAAAF\/wEAAQALAAufAAucAAZaMIIGVjCCBT6gAwIBAgIQddu4RKgnp9AKBCFQ7BHJUDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDkyNDAwMDAwMFoXDTE3MDkxMzIzNTk1OVowbTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4xHDAaBgNVBAMME2RwLWd3LW5hLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB7oSPmCckd3KygN+T1DM19CWoYk8vZUE\/JozMKL0TpIMe2QeyHMQqdvqaTuPI1brDtyJbyyUfky9CMjFZ4\/tvGndISi9iXCBd\/gPvUvGcsSjUMmkVX8XGjs3FEnL4Z3hRs\/CllzL\/6cXLWDDi9efHIvk0j8Bjed4VdqYEH\/daD81tKURUPyonU3HUFeNxy0KGg5KjjJDlrfSej1TM4J61ccyWVjumCH1AT0ltIhLc5tLpeI4wDSipJrdBEUPmNmWgoiucipYr0XpAqxsnLrIhgM76i6VIGfomUkz5rRY0q7O+SfsNjbhKHOsFWqJtoXTcYpmtiCV8qsbnm9227E89AgMBAAGjggLfMIIC2zCBjgYDVR0RBIGGMIGDghNkcC1ndy1uYS5hbWF6b24uY29tghZkcC1ndy1uYS1qcy5hbWF6b24uY29tghVkcC1ndy1uYS5hbWF6b24uY28udWuCEmRwLWd3LW5hLmFtYXpvbi5kZYIVZHAtZ3ctbmEuYW1hem9uLmNvLmpwghJkcC1ndy1uYS5hbWF6b24uaW4wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdbL95eAAAEAwBGMEQCIGBJj2409lWMTY3leVh+hZadQ9CA1g7R7q8ufddk53u7AiARfDhfwoOuM5JgidbgN\/Tmdb1UQXcO\/E9BYW50gez\/OQB1AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABV1sv3yYAAAQDAEYwRAIgYUUxMXJECP+ra5zTlmT7KHJ3uzsD5rDZB5gUoNfVOdgCIAQwwZ7n5B+1wXaalm1d1jJFC9AfOu5DmAUon0RVoM+uMA0GCSqGSIb3DQEBCwU="}
02390{"flow_id":100,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":953736,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcBI9AAN0Gp0+wIGU0rBAq2AG7q+GBdUZq\/NmUNlAQASxuvgAAAAOCAQEAK\/pDlVeej1No09ux9GJoUeanFif90eMaJxwd0\/pSpaDxqjzKaxZUSifF0KLHeRnk2CG6WD9421\/OYoinUJB0VlWsSpcv2pQu1BKuK+KgE\/JOd2BvgBPLG7DJtSQUGek9Rm1xNWX4RtUxHRL+x7E03aC9guVHIE6x6kGaSiwegSPN\/0N1XWTFiaqkDRJ5bCTMMHFhOfuCN9jLbg3z2X2VLSovwCi8ZdXg2KDjVy+j5IJ6OOZ5kT7ugiJPWJSq0vZy9mLlY\/uNCKpRHF7ANULrC7JP7s3fq3uiYPfbh\/6pD+ev3pvC79qIrZQalNURSoBFQIw4YAaSk3XBRqVNfZxBEQAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40s="}
01070{"flow_id":100,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976093,"pkt_ts_usec":953778,"pkt_caplen":536,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":536,"pkt_l4_len":502,"pkt":"ePiC0\/vCAMDKkVoBCABFAAIKBJBAAN0GqyCwIGU0rBAq2AG7q+GBdUwe\/NmUNlAYASynKAAAkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxwwAAUkDABdBBDQ7Zsmi55awstxAoD5YVFuS80uahpNp94czUjdedxVwigtOuX1ppyilGVgDD3v4BhhIHte5frdW5MKSlwHtCDQEAQEALIVuocSYhYFp9IkTvzZqAqftCQeVFoWhQjK9KbxAC2EUc4oLdWWjhDVD2V277NueUY1C1XRZP9yiQXEO7eETvAIwU\/2fPusBVepINnoPhS2BAxsuEPcA+i3vQVGLzS\/b9i8QgKpc96JJQ5TcPOg3n43GSlJu1gSJxWBI6R4oEIpJpYydJ9bJrVYXcTrzg0YeSTfxyivoT49t9C6dcKIj0J7tNCyp4P9Nzm1xjM\/EaTWoPfbkiS+N4KWI5u+yKLPHG46EfVj3IYUZAQFQNI0crI\/nChUZjglRmX0Hxa4Or7dZxgFwPaZlWR7Lx2rUolF0u3L3rboNyzPaWPrmGplFNQ4AAAA="}
-01250{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_tot_l4_data_len":3782,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
+01261{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
00676{"flow_id":100,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976094,"pkt_ts_usec":724334,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AMDKkaPvePiC0\/vCCABFAADo8bVAAEAGXB2sECrYsCBlNKvhAbv82ZN2gXVAtlAYAVdf+wAAFgMBALsBAAC3AwMUk28qOfCX+6BknWYBVekF4sddVYXUxYb5G4wUZo66+AAAIBoazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAbmpqAAD\/AQABAAAAABsAGQAAFmRwLWd3LW5hLWpzLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAiamgAdABcAGCoqAAEA"}
00415{"flow_id":94,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976094,"pkt_ts_usec":725548,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZGtAAEAG4pesECrYNF7ohsHeAFAhsQk+SlvB81ARAVvBPgAA"}
00415{"flow_id":98,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976094,"pkt_ts_usec":725672,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo0apAAEAGEv6sECrYNudIWKNdAbtkFLBJe5WfNFARAVeEFAAA"}
@@ -1284,17 +1284,17 @@
00424{"flow_id":92,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976098,"pkt_ts_usec":838042,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiNpAAOcGFyg0XuiGrBAq2AG7spKfnINgmm3FmVAQf+AE1QAAAAAAAAAA"}
00739{"flow_id":89,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":220208,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXPT9AAEAGCNWsECrYNF7ohrKPAbuIDFw1wRUUulAYAVfLTAAAFgMBAOoBAADmAwPjfQc08nicJlIWvpWTsnguVDAWVUUtWHA8jlVxZgUfkiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9CgoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYOjoAAQA="}
00538{"flow_id":89,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":286339,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9dQ5AAOcGKp80XuiGrBAq2AG7so\/BFRS6iAxdJFAYf\/g3GQAAFgMBAEoCAABGAwFY3n1j3jcPsMcAIdiIuSLM88\/OFSZtrCeaXYUsGhLw9iCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_tot_l4_data_len":1058,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00492{"flow_id":89,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":286477,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABddRBAAOcGKr00XuiGrBAq2AG7so\/BFRUPiAxdJFAYf\/h2aQAAFgMBADCdGcwOIl710sxEJNcOJTZXD3j+sWleBy0Peiv+xTQTfEXF8gc2Rm1CibUI7TEm3B8="}
00416{"flow_id":89,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":287456,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoPUBAAEAGCcOsECrYNF7ohrKPAbuIDF0kwRUVD1AQAVdLEAAA"}
00416{"flow_id":89,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":287756,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoPUFAAEAGCcKsECrYNF7ohrKPAbuIDF0kwRUVRFAQAVdK2wAA"}
00499{"flow_id":89,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":288059,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjPUJAAEAGCYasECrYNF7ohrKPAbuIDF0kwRUVRFAYAVe7gAAAFAMBAAEBFgMBADCfjEPAbb36FJormBeZ\/8MCYmVtS5QtNfExD9E34Tt+s8RDj7n3ctNLzBzT29bTpD4="}
00427{"flow_id":89,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976099,"pkt_ts_usec":353168,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoeCJAAOcGJ+A0XuiGrBAq2AG7so\/BFRVEiAxdX1AQf\/fL\/wAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1490976100559,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1490976100559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":559988,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1490976100811,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1490976100811,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":811415,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8BwBAAEAGDSusECrYNu8YuoUaAbt\/SWKxAAAAAKAC\/\/9R9gAAAgQFtAQCCAoA9mWxAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1490976100859,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1490976100859,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":859650,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8OO5AAEAGq6asECrYNudIWKNhAbuICV1bAAAAAKAC\/\/8AqwAAAgQFtAQCCAoA9mW1AAAAAAEDAwg="}
00446{"flow_id":84,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":920387,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/lAAEAGPiCsECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/9yUQAAAgQFtAQCCAoA9mW8AAAAAAEDAwg="}
00429{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":998827,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw6qtAAOcGgoo27xi6rBAq2AG7hRpDnUSYf0lisnASH\/5McwAAAgQFtAEDAwY="}
@@ -1302,13 +1302,13 @@
00417{"flow_id":102,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976100,"pkt_ts_usec":999988,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwFAAEAGDT6sECrYNu8YuoUaAbt\/SWKyQ51EmVAQAVeW5AAA"}
00413{"flow_id":103,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1609,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":529,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOO9AAEAGq7msECrYNudIWKNhAbuICV1cE8F9WVAQAVc8uQAA"}
00768{"flow_id":102,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":1170,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErBwJAAEAGDDqsECrYNu8YuoUaAbt\/SWKyQ51EmVAYAVcVawAAFgMBAP4BAAD6AwNQLskK0EtMvl083kPSq0nopXQlOdvR+0IZKHw7KLO7aiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACRysoAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABgKCgABAA=="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1610,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":4,"flow_first_seen":1490976100811,"flow_last_seen":1490976101001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00751{"flow_id":103,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":1872,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"pkt":"AMDKkaPvePiC0\/vCCABFAAEfOPBAAEAGqsGsECrYNudIWKNhAbuICV1cE8F9WVAYAVfc9gAAFgMBAPIBAADuAwN6LJpcPFiGGpu9Ln0VWrwN6uX9+Oq10gWhn0l9jMi\/ACBPSeLkXjji7rxbuBfRuYdiOn9o7tUR6tCEdV9ZFui2uAAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFmpoAAP8BAAEAAAAAIAAeAAAbczMtZXh0ZXJuYWwtMi5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIKioAHQAXABhaWgABAA=="}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_tot_l4_data_len":359,"flow_min_l4_data_len":20,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":4,"flow_first_seen":1490976100859,"flow_last_seen":1490976101001,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":102,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":80368,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAonQZAANsG3Dc27xi6rBAq2AG7hRpDnUSZf0lislAQARyXHwAAAAAAAAAA"}
00423{"flow_id":102,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1613,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":99172,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAonQdAANsG3DY27xi6rBAq2AG7hRpDnUSZf0ljtVAQASyWDAAAAAAAAAAA"}
00631{"flow_id":102,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":100346,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEnQhAANsG25k27xi6rBAq2AG7hRpDnUSZf0ljtVAYASyamAAAFgMDAGQCAABgAwNomJJTyRLdMZEQGwStnUDPt2Okhn+MHFq33qGLoWDjqiAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDAChyA9xUSZViCGDQ+CAg5P+SmIxrL5EQPvw8f2D6svvPM\/eNbomZ3\/FO"}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_tot_l4_data_len":583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":7,"flow_first_seen":1490976100811,"flow_last_seen":1490976101100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00417{"flow_id":102,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":101531,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoBwNAAEAGDTysECrYNu8YuoUaAbt\/SWO1Q51FNVAQAVuVQQAA"}
00489{"flow_id":102,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":102716,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbBwRAAEAGDQisECrYNu8YuoUaAbt\/SWO1Q51FNVAYAVtTewAAFAMDAAEBFgMDACgAAAAAAAAAAIPLBXx6v98+bexAuiXMZSMm8L\/q1sZ\/uxD1ItJ87nj5"}
02405{"flow_id":102,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":118234,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcBwVAAEAGB4asECrYNu8YuoUaAbt\/SWPoQ51FNVAQAVuIxAAAFwMDCxgAAAAAAAAAAQGoz15XcQJRG2SAzdrL+bLJtnMt7PB3pWwLCs47A3QrPh+YoSILe106Si4fED3Lnzfl1LSZ6lEx6cwesSiqefOyrbyD\/Bw+Vq8crnv8sYoEVpqdwnPPhpFfz3P2U0m\/mk+bWojtBw8vSDbgq8i1WBDO9qbBoKJG8bq+jiePUL\/IGVeH30bToDYB+7T0J6W2sdaQrmrGrw5\/LozbUavbpYEXxfVxYRGc\/fUzQ4OdpP4BN6UPFtH6oWMYHMEPjhEbNxArXI7qFZMwFWj1kJQWB+qYyZsT7TD9+1Qf9Qf0DX7VBqnvJ\/8GXzAGiRuUOQILo0AhBPF+tsdygxxhXYaM40zQgf7kuNoWmv13UXQr4te67eb9aEfqjPVYPzJBz529JIONo8z3Ir0VTtn\/L0\/Fc0OP7wLKBN\/x8\/kLJXJomcR3nnEbj344XFcVVP9NOhZmhomg0kkvQNPitemcvGygvHz0vgx63xqpyNDEnvTqBK6Z8Tp8oFqQWd67JVq7m8VIE55bN\/eVepuQEyhNOkf3fEv\/ZWtIecXsnv18A9KHd7I8z97lMhWbRFtnLTc0QbWQ2OEFsfal\/\/9w2w3jxT6vMWRkvypTg9TYNiIjCWpShO4dX6XnTONhWQmH6TYhAsD1LClpA4Z1ZgIHpgh\/e2sZKIp2YPJNhZiCfRpL91jXWe1G77wbbi+RrWS0qbA+NuqwyUrGAxiGSIC2cPN5f0cXg1muPzKGs9rh+WWUKIU4mr1tY8H95R5DF\/saalKUuRrfg3UcfFsWJ2R0yQspC+fIEKAKRC2JIv\/XldI7fXNL51jclVVyakt5SBtHG+dNVMcr9iLGcpt48qnR7Uew8vMBQkeO2yAnOrsVlFSJTDGoxMatwwtX55H2yRprKTWEZRHSvnPYK0Ul1irpZMQAn21KmaBm35y1oT1ST3pAU0MHeXVVWrvtkBwgSWb+bkA9LGeGrlWIbt16c6G2Ee4LzEHvxqvySyBpi\/AUv5IQXmaXCvZAHvqc1BCRqWxo6fHMN4PmUEvLrXgFLMMd8taX5ErpCtD1xrOkEkcYAOBSKgNYjhQEOdR6d3gjK8934mIBCg0XMRLLFahRomxGEmseZfbj2bSj3RkBUOh+nfsG5iM4rIlaRFTLvMxJAn2AvN4+0nuA8DoCGz5onZ6brtO3gZeakypoGZWegXXgikX9xHnqmI2IY5SnDnh\/CnlLC3ekFSte20iZLU5h5UYDWtKiKLqOU+NvY8ArbBvPtWQjGLrkROhq\/l5\/nSmUts3dc8f12WCRsjrvoASK1d00O5Doz0LJTgb2Y6fZmqN3K24Ub5aS4BB0DHiD9P+Rk\/O9CGcANdJibOaU94Os+gPlU\/GujkudAqv3K3RULMw0KCgpCItGPKgAkrchf0+77gehN4jefXwZFzBlCCI8JZZ+H2izwNKT3Uu0RcSDWfGEx1LYjJejJl5c1nNq4xMLnb33mp08DjmQXuB\/TEMDawjoev0s+P4ag\/mgu3QMIlO2eYaqQN6qIW8gWZxWBA\/iYzVlRcGe4s1df1gAb\/3Mmic9vhgA\/eH7DUtXSq1QNocrZXbweWq1R1Dqkf1Lg0p575G6E2oROlzysL1GtlVv7ys2Av7lrSE6mgWtbQ7Ahd6xh4IfpBIlac0f\/y\/IMFrS4bg6Qcwq6j8emwh1StvEBzXR+P8D8DE7H+Lc2ipX1hVv9v+g854av52RCqKDeN06diHGJs94aS1uQGfnx1MTicQxATVtx8MEtDJagaevlEDyOnNBnYrfU2eBIfuTEt8Zkxks6T2w45TzRYdy\/q8pwqwciRs+YAnkWpRPLTUWJKwCJ4jU004KaKZxgitogvYi5Z1x7VLdJIdKiHaATW8hjs5XDWMxZIPKryDa+ZvF2KitH\/dFuO3neFSwBVfFah8v\/UndV4ySVvhUF0sp7tywnbA="}
@@ -1316,10 +1316,10 @@
02008{"flow_id":102,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":119124,"pkt_caplen":1220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1220,"pkt_l4_len":1186,"pkt":"AMDKkaPvePiC0\/vCCABFAAS2BwdAAEAGCKqsECrYNu8YuoUaAbt\/SW8FQ51FNVAYAVv5gQAAFwMDBIkAAAAAAAAAAiZqs1Vb0YVgA6hrmZy2IxTyqurVSnyw+hLlHcN4uWAYD181xaQ6IkNv+jBs\/OPztuojzcEs8uq2UFY1KaKkl9RWaqUZF2DbDeW0RqohzScuud4ItZFd\/kwJqXiI8mH\/vLmAnJGEiwrOo5VjWJoRULPrRzcM31zSYgSsD9wq9cHnu0zsfFrOyoCA\/E6v7XWQhK8CAlRTjCwVS7JPNiopCk+eAgVzL8BQLFGxQSBzFkM4McZeShuZNBuJNBiIdNwNjqBUvlY6sqz\/V5c+23umNwNPu6wHZrtcPjrI03P0oDODTFny58WETqbwUG12nYSJ87SOfALxmzMuUwTLBQmFrZ9XHcXnSzolMt\/\/saQyKqbMgbxoTwwA70zktHncwrmKfTIP8vtcNS8TUv0vt\/08yi\/Vu\/CRrYiwoYijN3WRnrG\/bY30zhbHG1Qcrgto48g9mgEDoLPuy1i6v4f585Y\/lN++jkejerMFqkaCG8aI+23FAVUyXZeX9+2zXueRwT87vK8zwjwi6jBHJx3m+bAzzNGLpi\/PWQvCKAYulaHu4V95PA88sI0XQNVHMot++P5\/d1VS4vlllpKOQrcpqSX11KaNMEgnSnktBiHCCiO0Fd1HXuAesgIkvGVzdD9bZp+P83mMrHC+7ZkheUpHSS\/2iEO3QPySeG0+m8kdo2sUILbnU3bMt510HO4y2V8B1W2O1b9U05GZ6X7xJCwVhlGxsfCgyA7oj9DhGXyb2abcKzYLVu+hAGSZ\/+LPPWKJudu9IREU9rwEQdZt+gyh\/Vmk0P4Tq3MK3D2CJFuq74UHurRrlR4TTnAjwPmJYIEy17MyNBPo9plIWRhA1nm8P3IQA+3TSEbIVXJfxRq02CIErv4s2wdye5ztlTAv61x4T2pp2Kx4elQuiLF01k1G6RpFV4tpfAMmhUXfJBY8ILOnGhfM4d26eEliRyRMIW0l1OyA5cpimxUXWV3GUBFy4JJRGPDwge6RJ\/\/Eu2s12V\/4VkTjGAYsPa7tToH4hmkN9CDHoIRmaQYa8nX\/F\/UVEpC9a02sL+xlYk9YVgtYBN+rG3UtVaIdvlbowgCKGPKY3YhuJifwrc0X+f7Xd8F+v0i6b4cnG0gvOSRAKSArbTPY8kDq32+mcFAPFNxi\/m8mZ2bG8gwzZs8sU12nAYm4JWi7M7Xna9KLVGPkFaORcSFr\/x83rIyue5wOPTmaMwt4HOmEknYJFHa6Se8nIildN263ZyR6T9VcMTwDMu6gFJZv1IerkoSDr7mDAsqAE75mf9Uk30eO2yRipTToyQmUI8I3TAr3vDDMdXEo08psyVrEO6Vp63YI1L+IjtwVJlbRzL3dbLt457DutWNaMAmL8f3SkVbkvAphDXoOx2iBa8NLUbGqIKPgS90HAjgxZ8VuPnjaDxCWOg8CSKz8rzp0408q9\/hoW14Pw0FQ4Yb1K9wkNXAQcVr6v+X1YNkFao3xfM41nbN8GGTmB9v5Ww0OscMMCteo1QUAnror\/cTqHP1mh+qBvvs3dzp89f\/p\/rbmuh7aNvI="}
00424{"flow_id":103,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":182554,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoaBZAAOcG1ZE250hYrBAq2AG7o2ETwX1ZiAleU1AQAD482wAAAAAAAAAA"}
00544{"flow_id":103,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":182694,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"ePiC0\/vCAMDKkVoBCABFAACEaBdAAOcG1TQ250hYrBAq2AG7o2ETwX1ZiAleU1AYAD4ICwAAFgMDAFcCAABTAwNY3n1llS4Esy4awxtds68GA4tb2AgmMZO8jk83k75XHyAGw6pP2tZgkbIS4p8bLezgqIPjTSDOaVq9aJoKfGBKDMAvAAALAAsAAgEA\/wEAAQA="}
-00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_tot_l4_data_len":491,"flow_min_l4_data_len":20,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1621,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":6,"flow_first_seen":1490976100859,"flow_last_seen":1490976101182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":339,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02347{"flow_id":103,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1622,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":183239,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXAaBhAAOcGz\/c250hYrBAq2AG7o2ETwX21iAleU1AQAD5EeAAAFgMDCkYLAApCAAo\/AAXSMIIFzjCCBLagAwIBAgIQBMfcKOK8HBiR3kAN+oIkNzANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSMwIQYDVQQDExpEaWdpQ2VydCBCYWx0aW1vcmUgQ0EtMiBHMjAeFw0xNjA3MTgwMDAwMDBaFw0xNzEwMjYxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYDVQQKEw9BbWF6b24uY29tIEluYy4xJjAkBgNVBAMMHSouczMtZXh0ZXJuYWwtMS5hbWF6b25hd3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgFi5t9Poottv4yA9sjKTkUeKR0nxIcwIwvLFnS6eJtozACVXMgNBMnYNxtBJITuzZzMGfNOfQ5I3x4aR0p1Vh5BI\/oRM8Zize4Nb1RXsmlqU0QSAPBUn2aS2EzQ70GsGtlaA8Ypyc6xYmv\/ejtxi9iLOUyBQY7hmOKGiSHWC+fw\/kf1JwnVRUI1Ng2tpaadtJLUCsXxJtT1zYnAhOm22p0KTQf86wbxhwI5tBOIKYG15htwGbFHZjDh5jI1RmQgShWsxwIupqTrA1ZGunl3BSCih7giPwspTSV1paONn6iFhdaBisNmXAavJ031zbBm6T1I+AAl+jfuK\/0IGHd7UQIDAQABo4ICaDCCAmQwHwYDVR0jBBgwFoAUwBKyKHRoRmfpcCV0GgBFWwZ9XEQwHQYDVR0OBBYEFMRhhXtDQWVjWAVqI6zMSh\/+fx6GMIGXBgNVHREEgY8wgYyCG3MzLWV4dGVybmFsLTEuYW1hem9uYXdzLmNvbYIdKi5zMy1leHRlcm5hbC0xLmFtYXpvbmF3cy5jb22CG3MzLWV4dGVybmFsLTIuYW1hem9uYXdzLmNvbYIdKi5zMy1leHRlcm5hbC0yLmFtYXpvbmF3cy5jb22CEiouczMuYW1hem9uYXdzLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGBBgNVHR8EejB4MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3JsMDqgOKA2hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRCYWx0aW1vcmVDQS0yRzIuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQELBQADggEBACGCc5e6zWQoCjtzewfTwAojL4HVsnvTH+kNkrApkaprXymS3MP6IUuyqzQo6pzl85nd9XJG6lNZbD\/Aj\/jAS+ZNXfa\/x9cR2IBjPsoZZkqlGLiqQHrbCL3ZOiQYQPZcyFcu3FXb6CxuxcrJa6CaUeJMZr3CsAdvpBc3s7zBqfVPMbF+V9EfEHLk3M9eWuVuXISnrn+pVpM8XZAq1R9\/0Gpke6hG0m8bP1ew0sdkBxG8ms8C3Sld\/w=="}
02037{"flow_id":103,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":183407,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"pkt":"ePiC0\/vCAMDKkVoBCABFAATbaBlAAOcG0Ns250hYrBAq2AG7o2ETwYNNiAleU1AYAD5yHQAArkanxPEbwbKd3CLwypjbfWs559TWHFzKn+j766LVovsuE5+bK+6wzq66lFFthbWdg5lIAyUv7wnwc1e52uTF6wz0XiihPS82EAAEZzCCBGMwggNLoAMCAQICEAGC+AmOouYmuRo7J4Qfua8wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNTEyMDgxMjA1MDdaFw0yNTA1MTAxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIzAhBgNVBAMTGkRpZ2lDZXJ0IEJhbHRpbW9yZSBDQS0yIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+cA\/gABc++biPBcCHXwXHBzH\/+1eh+NCCP9x8ETP7EhBr1NzNstuIcZMd7aaw3BXdJR1bBectTwZtSE8pEYQbUJJrIDlgRplVP6B08+voY6QyuyWbWr0br0WUByWme2zeZV\/AkrpJiyv8ypH9S\/h4+CJf1FgKnsnYz5dJDPHPhlUK\/N+EWryC+NjjYd3uqJzbJS2eUJzTZxK9rG0JvG9qRbWzm2HwAfGaT7074M5vuP3Q6A5qTnWsTAL3LukfODZ8nNys5KsCCB\/eRyrwkY509C7E0nQk0HoN3VDXX3NmDMJlSYoYg38IP3rSlZIM+7JeHVnubzrsEB67UGieIKjwIDAQABo4IBGTCCARUwHQYDVR0OBBYEFMASsih0aEZn6XAldBoARVsGfVxEMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAv4jdmwxrPkVXuKRT6UBC+mY3iKPF0FgdpO0QwPfW5SfVoNv63MI2p4AdJQmNGUrVpxptJ8hoPV8b2t76rdY0Noqsz5GKFQ1SrY5QMo1Og6h3kpqaslQ5leOwzjL6UPthwq+rH4XjOM5W7+yxY4IpApm1B2NjZs\/kvAsUbcGviOoV7HRiw0UuawW8XECnoDsPhVJZUpZGVCCCNaSyeLz9QtC7lVx+vpHPSoSS7DZD+RRMdp6Ep2GYLw9Fss0+0K4RMR5Dsi+JBiRO2B0Z3Qv27Hhf6\/yVLjlBX647MThU\/sSXdQQygnGJtb7qXB4vZ8wYQxSnU97oWkKjQVOFLSceY"}
-01213{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_tot_l4_data_len":3166,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1452,"flow_avg_l4_data_len":395,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
+01224{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1490976100859,"flow_last_seen":1490976101183,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":2974,"flow_avg_l4_payload_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s3-external-2.amazonaws.com","server_names":"s3-external-1.amazonaws.com,*.s3-external-1.amazonaws.com,s3-external-2.amazonaws.com,*.s3-external-2.amazonaws.com,*.s3.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"ea615e28cb25adfb2f261151eab3314f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com Inc., CN=*.s3-external-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"C0:51:D8:FA:6B:58:94:F2:3E:4E:7D:B2:36:5F:02:E4:F0:3F:54:FF"}}
00874{"flow_id":103,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":185274,"pkt_caplen":392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":392,"pkt_l4_len":358,"pkt":"ePiC0\/vCAMDKkVoBCABFAAF6aBpAAOcG1Ds250hYrBAq2AG7o2ETwYgAiAleU1AYAD5HUAAAFgMDAU0MAAFJAwAXQQRmgmcUuMoenckcLDQ0lXwgLYL8n0\/0VvLZWK6qvbBr8Gs9SJ1oDIgoBRyU3vwjYLBHWK64HJuCN1BChmrzgeUtBAEBAFG9ENW6ChGGkHeoeOAmvl+W0ZI\/JA6d34IaTYASBKUKijTBXJaXuYgk79v2dIFC+MSz213G3HXe9jUe5+KdVzqwjBcqgzN7prDTQ2CFIc+b8pJmGk7ej1UB+4AhOpAG0W4DKt2qhpVCo8zgcOCw3ZNtYqcxGcfx72i6re5qYYPK4S+2LeEo6jInFhMCNgkpLJlhHstFEfl3ldiLJdwdJU59xZNf38zLJ\/WZBEwSC4j3oyLiAApt60F8SWQJB9lEo+isX+obFXbkuWHcm1LPIGqaULifO7GKH2LfHwq0BUyQaPYQL7XTxT9PwdQXWZMvBVDleNYKVtuqCw6WCZJe9ZI="}
00429{"flow_id":103,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":185397,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAxaBtAAOcG1YM250hYrBAq2AG7o2ETwYlSiAleU1AYAD4TwAAAFgMDAAQOAAAA"}
00417{"flow_id":103,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976101,"pkt_ts_usec":185531,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoOPFAAEAGq7esECrYNudIWKNhAbuICV5TE8F9tVAQAVc7ZgAA"}
@@ -1336,46 +1336,46 @@
00425{"flow_id":102,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976102,"pkt_ts_usec":188247,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAonQpAANsG3DM27xi6rBAq2AG7hRpDnUU1f0lvBVAQAYiJxAAAAAAAAAAA"}
00445{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976104,"pkt_ts_usec":573475,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8G7RAAEAGvmWsECrYCsl+8Z0IH5CvoFXQAAAAAKAC\/\/+9NAAAAgQFtAQCCAoA9mcoAAAAAAEDAwg="}
00445{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976104,"pkt_ts_usec":800373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WzhAAEAGfuGsECrYCsl+8Z0KH5BhrRWqAAAAAKAC\/\/9LNAAAAgQFtAQCCAoA9mdAAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1490976107217,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1490976107217,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":217569,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"AMDKkaPvePiC0\/vCCABFAABFWlxAAEARM1KsECrYrBAqATiMADUAMXUjXSIBAAABAAAAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAE="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1490976107217,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1490976107217,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":359299,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"ePiC0\/vCAMDKkaPvCABFAABV3nRAAEARrymsECoBrBAq2AA1OIwAQbpsXSKBgAABAAEAAAAADHNraWxscy1zdG9yZQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AAQ27x39"}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_tot_l4_data_len":114,"flow_min_l4_data_len":49,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1490976107365,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1660,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"skills-store.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.29.253"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1490976107365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":365068,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZVhAAEAGqY+sECrYNu8d\/Z+VAbuWKg0YAAAAAKAC\/\/9uYQAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1490976107365,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1490976107365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":365814,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87ItAAEAGIlysECrYNu8d\/Z+WAbsjoITLAAAAAKAC\/\/9pNwAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1490976107366,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1490976107366,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":366817,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8yY5AAEAGRVmsECrYNu8d\/Z+XAbtod6HOAAAAAKAC\/\/8HXAAAAgQFtAQCCAoA9mhAAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1490976107455,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1490976107455,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":455953,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fklAAEAGkJ6sECrYNu8d\/Z+YAbtWLhYAAAAAAKAC\/\/+laQAAAgQFtAQCCAoA9mhJAAAAAAEDAwg="}
00429{"flow_id":106,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":475725,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwq71AAOcGvDU27x39rBAq2AG7n5aOPa1rI6CEzHASH\/6yzwAAAgQFtAEDAwY="}
00417{"flow_id":106,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":477456,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7IxAAEAGIm+sECrYNu8d\/Z+WAbsjoITMjj2tbFAQAVf9QAAA"}
00707{"flow_id":106,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":479024,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"AMDKkaPvePiC0\/vCCABFAAD77I1AAEAGIZusECrYNu8d\/Z+WAbsjoITMjj2tbFAYAVdJtQAAFgMBAM4BAADKAwP4B+BuTBBzSprf0L4ScFyMs5UBKYxjcchKBNI\/gg\/KXQAAIPr6zKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgerqAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABhqagABAA=="}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107479,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00429{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":484245,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwkaBAAOcG1lI27x39rBAq2AG7n5UJgL2ZlioNGXASH\/4siQAAAgQFtAEDAwY="}
00417{"flow_id":105,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":485735,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVlAAEAGqaKsECrYNu8d\/Z+VAbuWKg0ZCYC9mlAQAVd2+gAA"}
00706{"flow_id":105,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":486585,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"AMDKkaPvePiC0\/vCCABFAAD7ZVpAAEAGqM6sECrYNu8d\/Z+VAbuWKg0ZCYC9mlAYAVc0jQAAFgMBAM4BAADKAwNhVWetGOgUJ6\/qUSs5PlkuSczE1Yh13cFVbTVOQK8mPwAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgWpqAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABiqqgABAA=="}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":4,"flow_first_seen":1490976107365,"flow_last_seen":1490976107486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00429{"flow_id":108,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":511896,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwxddAAOcGohs27x39rBAq2AG7n5iFQQi8Vi4WAXASH\/6ctgAAAgQFtAEDAwY="}
00417{"flow_id":108,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":513303,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkpAAEAGkLGsECrYNu8d\/Z+YAbtWLhYBhUEIvVAQAVfnJwAA"}
00705{"flow_id":108,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":514712,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"AMDKkaPvePiC0\/vCCABFAAD7fktAAEAGj92sECrYNu8d\/Z+YAbtWLhYBhUEIvVAYAVeFIwAAFgMBAM4BAADKAwNqGtrxEAyAkzWENgeiXeCCp8PZIZCzg0AB0basAuPyZAAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAgdraAAD\/AQABAAAAABwAGgAAF3NraWxscy1zdG9yZS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIGhoAHQAXABj6+gABAA=="}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1675,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":4,"flow_first_seen":1490976107455,"flow_last_seen":1490976107514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02385{"flow_id":106,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1678,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":577729,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXctZBAAOcGrLY27x39rBAq2AG7n5aOPa1sI6CFn1AYf\/lqiQAAFgMBCoICAABGAwFY3n1rOIW7oNSRBaCm8PAUHRKCqVhTjWcV2wM8OxfDZCDjl57+rOdpHXFgnzLflMNz4qaHfY\/vFo0YS4Pak7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="}
02084{"flow_id":106,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":577887,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7tZJAAOcGrZU27x39rBAq2AG7n5aOPbMgI6CFn1AYf\/kOBQAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="}
-01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1679,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
00417{"flow_id":106,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":580608,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7I5AAEAGIm2sECrYNu8d\/Z+WAbsjoIWfjj2zIFAQAWL2rgAA"}
00417{"flow_id":106,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":580911,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7I9AAEAGImysECrYNu8d\/Z+WAbsjoIWfjj2381AQAW3x0AAA"}
00862{"flow_id":106,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":582777,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFu7JBAAEAGISWsECrYNu8d\/Z+WAbsjoIWfjj2381AYAW2XcwAAFgMBAQYQAAECAQBgoQADUI8019hRClpG8zqavggjSqMJh7eOjSLDTeMMyPvb9gR2fCggHaiZWDb+8wp2t1P0M5XFtoxDe85MN4jDf17P1MiAf9d6Xah\/LPbfMQAHcSE2qLFNz1gGoY\/fXDToKxM9QOmhoV4M5qYgmQKtyBsuJShKB1nJIxbjcjq2XTpTF8pFEC5B\/4p5JqQl\/hR8Ta+DfaT\/79nuUXnsk1M7g5uzcd6iKOM+dwf5+QPZYdHJeizij6VY4Ov66AHOLj7UOzcq0VFClVCC4Sci2dFLTKBFHdJBbZfFrWLN7TSHsiOi7z43rRsZ0mF5vrh1eGZpXPTvv\/+2RwXIkLw9eqFJFAMBAAEBFgMBADCVQH9tHiBs52blypWy+sd+wRGDedbbtpVn3c+iTkU5SozGomy8Ul3dMW4VPX+6gUQ="}
00416{"flow_id":101,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":604245,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoEglAAEAGAjasECrYNu8YuoUZAbtS0XeSdXvoNlARAVfZAAAA"}
02384{"flow_id":105,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":622009,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXceiNAAOcG6CM27x39rBAq2AG7n5UJgL2alioN7FAYf\/kCtwAAFgMBCoICAABGAwFY3n1rpjCd4gua8GAnC04JFSskbFWWAA6z2HQGVr9B9iDAfW4EfsMQSa+tstNwiZkUQ2AHrzt9OdfZI4dRl7BlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="}
02084{"flow_id":105,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":622246,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7eiVAAOcG6QI27x39rBAq2AG7n5UJgMNOlioN7FAYf\/mHvgAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="}
-01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1689,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":6,"flow_first_seen":1490976107365,"flow_last_seen":1490976107622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
00417{"flow_id":105,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":623617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVtAAEAGqaCsECrYNu8d\/Z+VAbuWKg3sCYDDTlAQAWJwaAAA"}
00417{"flow_id":105,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":623865,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZVxAAEAGqZ+sECrYNu8d\/Z+VAbuWKg3sCYDIIVAQAW1rigAA"}
02384{"flow_id":108,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1692,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":625210,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXczPJAAOcGlVQ27x39rBAq2AG7n5iFQQi9Vi4W1FAYf\/lWXQAAFgMBCoICAABGAwFY3n1rqVW5nc7pK0t8Q96UIvIibG3NJ3jfQ0jSHhJUvSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvAAsACjAACi0ABOswggTnMIIDz6ADAgECAhA0Qbe7gak5NwZ8R7riI\/gSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTE0MDAwMDAwWhcNMTcwNTE1MjM1OTU5WjBxMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEgMB4GA1UEAwwXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Ae\/8bgpr5OT5\/RUtaQE+q8wE+dsD8nkwfLZqRQzjHJjtegSGks2UzorWQFjWLtG+i256c+CUJ1vhl+EHtTJZ4pFArm7qohc9RDPXtDwDQu18ZpRPvjmPS4TSA8nOK8r9xaX32HNCvTyderUUV1a0NNUIFpK+6LcIjbyGcyCaP\/FJoXT9nbIop+WM\/EKfFsl1CZWkXMot1hRn5sGz2p1s6jZXPOZOTnhZn+CIRXXyMbeIbCppJEhu1Mh3xOBhHGaQTS5iR+rFBoS27FGONZDnloMZn3fHoaN7SAvLzGU4FtqSO4B4tBauIUyFzQYO6iaZJD\/vbuhgO0BQjfmPbkX5AgMBAAGjggFsMIIBaDAiBgNVHREEGzAZghdza2lsbHMtc3RvcmUuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAMJuWvUYLSQ3sYCoWOsBqYtkf\/ko1GhTo5gNupiDsn+IgyuHoy4nKuZaSrYNFgoeo2FjedkWNhnFLW30u+UlkI\/WsY5Q52jq4whsQvbJG8+DPpZIdtc6nvl4qPL3EtlOXDVH4Kri+qlwwzdfFhWM3czMmLnBvlCUNq4JBqrvhmA3KF9qj7Wjwy5JVCsia2zuN\/X0zGerui2uwu5O4+4yVRP80x8mfsnUXusXD+hsYHeDwkYPFSKl6XIXtq3usyX8YcpYtOhR\/uF6aqIHWpFwE2\/CT3GQYiDmcFGlMFD5rvfyShw16+6g6q790O1FZfOvT39+SOIypcukxZXDU05O5RwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHI="}
02084{"flow_id":108,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":625580,"pkt_caplen":1289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1289,"pkt_l4_len":1255,"pkt":"ePiC0\/vCAMDKkVoBCABFAAT7zPRAAOcGljM27x39rBAq2AG7n5iFQQ5xVi4W1FAYf\/n36wAAdXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxw4AAAA="}
-01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_tot_l4_data_len":3054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
+01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1693,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":6,"flow_first_seen":1490976107455,"flow_last_seen":1490976107625,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2906,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","server_names":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=skills-store.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2A:40:0E:E9:9A:EC:7C:0D:40:AA:C9:C5:66:67:00:B8:3E:90:DC:B2"}}
00862{"flow_id":105,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1694,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":626736,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFuZV1AAEAGqFisECrYNu8d\/Z+VAbuWKg3sCYDIIVAYAW3V5QAAFgMBAQYQAAECAQAtXeLsNhsR6NA9m3kjRTlfhpGgrkMpJN08rID+yiecaTfTAu70h4pmc06r9DKnkVa5XH2N72Q1bbLK6kMy30JtaG\/\/18QIgZ8D67\/ce3x5oLpJhTB59KB3gjMH26APuw+uh9\/n6Fgwp9b6+zHTpPHfpdhUnecUMkSjpjuLYfnuP7Gm7z3NInT5\/tCLc1FclEXGyH3w8TmvGdEiJZ3Q8hfpiVEL\/N5jylA3ne4xBKXhHVdqpSnmOOex2fbqiqNL8mUax5GxxJeSrC31YXk6MLxZX2TBLBnWu1jdIGrRPs0J5pEOn+uK0s6U2aPy33bDeHu5qnDbmngyVDgVcf4zxeUYFAMBAAEBFgMBADDGAqxhW7CnKayC70qvsCL27nFlPdk2sK0FQx+MWL6McKvv5cbP29rh0+Ii6GuMMTU="}
00417{"flow_id":108,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":627008,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofkxAAEAGkK+sECrYNu8d\/Z+YAbtWLhbUhUEOcVAQAWLglQAA"}
00417{"flow_id":108,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976107,"pkt_ts_usec":627156,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofk1AAEAGkK6sECrYNu8d\/Z+YAbtWLhbUhUETRFAQAW3btwAA"}
@@ -1406,20 +1406,20 @@
00417{"flow_id":107,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1837,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976109,"pkt_ts_usec":912231,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoyZFAAEAGRWqsECrYNu8d\/Z+XAbtod6HPdPcDJ1ARAVde8AAA"}
00423{"flow_id":107,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976110,"pkt_ts_usec":45422,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo1g1AAOcGke027x39rBAq2AG7n5d09wMnaHeh0FARgADgRQAAAAAAAAAA"}
00416{"flow_id":107,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976110,"pkt_ts_usec":47667,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoyZJAAEAGRWmsECrYNu8d\/Z+XAbtod6HQdPcDKFAQAVde7wAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1490976114879,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1490976114879,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":879774,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWl1AAEARM1WsECrYrBAqAVG6ADUALQ0pp4sBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1490976114879,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1856,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1490976114879,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":109,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":880618,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR3zxAAEARrmWsECoBrBAq2AA1UboAPYqqp4uBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAAAoABDRe6IY="}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1490976114885,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1857,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1490976114885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1858,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":885072,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8u1JAAEAGi5ysECrYNF7ohrKgAbstn9BiAAAAAKAC\/\/81rgAAAgQFtAQCCAoA9mswAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1490976114894,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1490976114894,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1859,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":894065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA88bJAAEAGVTysECrYNF7ohrKhAbvIHJqDAAAAAKAC\/\/\/RDQAAAgQFtAQCCAoA9msxAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1490976114906,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1490976114906,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1860,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":906930,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8mqJAAEAGrEysECrYNF7ohrKiAbt67fGQAAAAAKAC\/\/\/HLQAAAgQFtAQCCAoA9msyAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1490976114921,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1490976114921,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1861,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":921759,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA87MtAAEAGWiOsECrYNF7ohrKjAbuMuIf\/AAAAAKAC\/\/8e8QAAAgQFtAQCCAoA9ms0AAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1490976114940,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1490976114940,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976114,"pkt_ts_usec":940294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnJAAEAGPH2sECrYNF7ohrKkAbvN5GFHAAAAAKAC\/\/8EewAAAgQFtAQCCAoA9ms1AAAAAAEDAwg="}
00428{"flow_id":111,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":60908,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcUdAAOcGLrM0XuiGrBAq2AG7sqGNgYNXyByahHASH\/5IZwAAAgQFtAEDAwY="}
00429{"flow_id":110,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":61052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwOTtAAOcGZr80XuiGrBAq2AG7sqDRCzchLZ\/QY3ASH\/61sgAAAgQFtAEDAwY="}
@@ -1432,30 +1432,30 @@
00415{"flow_id":113,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66220,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo7MxAAEAGWjasECrYNF7ohrKjAbuMuIgApZSj01AQAVeoMAAA"}
00415{"flow_id":114,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66341,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoCnNAAEAGPJCsECrYNF7ohrKkAbvN5GFIckqrkVAQAVe5RwAA"}
00740{"flow_id":111,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66464,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX8bRAAEAGVF+sECrYNF7ohrKhAbvIHJqEjYGDWFAYAVerKQAAFgMBAOoBAADmAwMTUXxa84E2F3pyMjY2W\/V+lEhi9FqJ+EKlZzRwMn7VOCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgGhrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYWloAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":4,"flow_first_seen":1490976114894,"flow_last_seen":1490976115066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":110,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66590,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXu1RAAEAGir+sECrYNF7ohrKgAbstn9Bj0Qs3IlAYAVf4uwAAFgMBAOoBAADmAwP360WETO0hSDqvk2qAYkKwSgYBIFaAvPrL9FgCIcYj3SCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9SkoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAYiooAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1875,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_first_seen":1490976114885,"flow_last_seen":1490976115066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":112,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66798,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXmqRAAEAGq2+sECrYNF7ohrKiAbt67fGRhH1dDlAYAVcYsgAAFgMBAOoBAADmAwO2XSVDdXNQjGmQUibPeB5qMKhST7rrpP3BhCu+r5mY3yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9KioAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACFpaAB0AFwAYSkoAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1876,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":4,"flow_first_seen":1490976114906,"flow_last_seen":1490976115066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00741{"flow_id":113,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":66928,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX7M1AAEAGWUasECrYNF7ohrKjAbuMuIgApZSj01AYAVdJYgAAFgMBAOoBAADmAwN\/4n78\/jPCxa1OijX2MR8fx7sU0O7ARqXBjxgvMTAhtiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9enoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACOrqAB0AFwAY+voAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_first_seen":1490976114921,"flow_last_seen":1490976115066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00739{"flow_id":114,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":67054,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXCnRAAEAGO6CsECrYNF7ohrKkAbvN5GFIckqrkVAYAVfgTwAAFgMBAOoBAADmAwOHALGigIjvApxLIe0mGRpTgcLEUyJobZ3dCQZJexl6RCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9uroAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYqqoAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1490976114940,"flow_last_seen":1490976115067,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00537{"flow_id":111,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":189981,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9YoNAAOcGPSo0XuiGrBAq2AG7sqGNgYNYyBybc1AYf\/ijGAAAFgMBAEoCAABGAwFY3n1zINgI1Vy\/FXdUMuPvUGDLWthjR2H7WINeUtzlBCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1879,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":5,"flow_first_seen":1490976114894,"flow_last_seen":1490976115189,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00416{"flow_id":111,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":193519,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bVAAEAGVU2sECrYNF7ohrKhAbvIHJtzjYGDrVAQAVeRlAAA"}
00493{"flow_id":111,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":199998,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdYrtAAOcGPRI0XuiGrBAq2AG7sqGNgYOtyBybc1AYf\/hN2gAAFgMBADB7pB5S47sHi48VnW8WLmVWafa\/K61NUo6qUxUYWxLiw8b1Kbg\/Xg03sM0eHRceYao="}
00536{"flow_id":112,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200136,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ReVAAOcGWcg0XuiGrBAq2AG7sqKEfV0Oeu3ygFAYf\/ig1AAAFgMBAEoCAABGAwFY3n1zJme6pFAslczvpX19TcUFgg3DbLK17SjfiEEQUyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":5,"flow_first_seen":1490976114906,"flow_last_seen":1490976115200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00538{"flow_id":110,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200184,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RCRAAOcGW4k0XuiGrBAq2AG7sqDRCzciLZ\/RUlAYf\/gsyQAAFgMBAEoCAABGAwFY3n1zE6Tufw7kJSJXbVavRo\/6lNuOwDxaW+i7VIwIKCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1883,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1490976114885,"flow_last_seen":1490976115200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00537{"flow_id":113,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200219,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9RepAAOcGWcM0XuiGrBAq2AG7sqOllKPTjLiI71AYf\/jGMAAAFgMBAEoCAABGAwFY3n1zTn6J09aDxTBb8TVltBdGJeEW\/LDcikVqGAruryCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":5,"flow_first_seen":1490976114921,"flow_last_seen":1490976115200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00493{"flow_id":110,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200250,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRCtAAOcGW6I0XuiGrBAq2AG7sqDRCzd3LZ\/RUlAYf\/hkXgAAFgMBADA37z1MUXYPCTkZzIkxPt0L62IG2JW4lQJa+PyuDrDQ9\/jP2tysOn1Oi765In4eobE="}
00491{"flow_id":113,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200304,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRftAAOcGWdI0XuiGrBAq2AG7sqOllKQojLiI71AYf\/jinwAAFgMBADBGgL8CbH+FphIn8Kw58CgcI1Hvy02Rc+ye4fIk9uZ91iGdsMyT+csUtTaAtdZ19js="}
00493{"flow_id":112,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":200423,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdRflAAOcGWdQ0XuiGrBAq2AG7sqKEfV1jeu3ygFAYf\/j04AAAFgMBADCZonBElb76M9e\/It2\/9+kwjK0rFBwkaSlpXnXJXqaRCCgerN1nZkwFif0azWrVX28="}
00537{"flow_id":114,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":201662,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB95rdAAOcGuPU0XuiGrBAq2AG7sqRySquRzeRiN1AYf\/gEdwAAFgMBAEoCAABGAwFY3n1z\/bQjY2ZjlLbA3DZTa+cwMTsfQ+lvAGzSBsvFwiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":5,"flow_first_seen":1490976114940,"flow_last_seen":1490976115201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00493{"flow_id":114,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":201740,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd5rpAAOcGuRI0XuiGrBAq2AG7sqRySqvmzeRiN1AYf\/gjVwAAFgMBADCY3eZagvXQQKtaOKvRqqxwqtoI6Fa+4RdiQI2sH3uhs\/j8UwHK3sEOkR\/OASIyoEo="}
00416{"flow_id":111,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":202589,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bZAAEAGVUysECrYNF7ohrKhAbvIHJtzjYGD4lAQAVeRXwAA"}
00416{"flow_id":112,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":202863,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAomqVAAEAGrF2sECrYNF7ohrKiAbt67fKAhH1dY1AQAVe3AwAA"}
@@ -1500,19 +1500,19 @@
02403{"flow_id":114,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":672210,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcCnpAAEAGNtWsECrYNF7ohrKkAbvN5GJyckqsG1AQAVeaNAAAFwMBACCVAsolemIjTXyS\/AxBEL4EvwJ0AgReq+\/dnJ7py5eTpBcDAQZg6xglvGF9hWSdTgHU8J\/p7kC5Mb8Tnz1hzpxpzlSgY9JlhHfddFP0jIAckhlAB8bvDSzSkQOZC9Fwi333Ne2dMboIPIOxSnecNT6oQ3aZGWtoFqVKqPppEL06xLeMyQniid4tFddV264EfoQ\/ki1knEIczVHC371xWjSuvj05y5GWQwpM\/eCB6hqpM9R6hTsTAgihjOAke+CaFu8zCJXg0qNGqKDuA9D3QmzGz8RiD95u2a4kLOpoKEYHHAfTt3bAAvzsqB144p\/+TcHGpqAARQ2K1pp6OdFw+onGNERmDE\/bCJVYXS\/4HHc2JWCDqqMv84+DkviL91ZhESecn5c+FbWCymc0tIc2BNRNI6HdT2lu0sZ+SF6YHekt7iE\/MrOpllBQzCOzQ0Z3V6vLTPF7I+8MTMY6nTj\/JBcyTgOv3PVXXwoJF0f11WA9nRWsNXcK7BDtDbeYRbezBxAvhT08lqHUQd3LogQ3IPc\/abAtJWARzlBYR60cwuIbt3yjlf54qegoswcMJajxXn3FGZCKM\/h89BL1TZVuyFRtzm7xycs+93JVOo\/6hkCxqsO2QPxjeBchB\/tKyXpF8p3JQbTKxMaqqnZC2afJhwGp1rOHeciCyzhzcfoPKxTQEy7WSNtLZi5lMDj9NEGGolQ2e+c6wRBHu8BDwUSl2fPQfX8UBR6W3HXzcZwoNIeVVPmyd67QYZ6NOAGyofuw3t6q6VjwvVo7LI03Sf1lf8yEhphtQlZkNCY8RCXmPsss1ZQBJpldyUhCe1NKxbKpZRItFmefB3+Xh63oiT+nBgfxA4DTAiNi03XR8ePUL\/tVowuXzjNFka8RKvcK9BzZ+y\/iZ\/Xbgc8LI7AQs\/PUUiv1aeWIMBz1bGDKREUSJkSzhaX4uK+5EyCv27gSOkXKdFOOBtL6xYLLGtkFtXS\/pKJ2pI2CRZTKQNX\/cmoM+zEOjMR1PSSOluAESi9nO7yn92OLlaHXThyMsBSIq3rzh6rpBn1tE54aUFgbUCzum29kq9X2\/oAUrOUGIHrn+TEGip691opUerDj2btsgPahiMwnnM2S93HIAEmb3\/JaNbyugRJXSwNSVjnv84prJWkSIJeXOEbVaoMkNKfCQm8uYoxdDgv5HGSJ444Nskh08mq2cqmu\/zKf2DoEMk5PLByuURgUJalOd96QvF0yIFwTBQxuS+3KgljqKRqkkLDnR0r56NYqS5bRegdSuJlD3tmC+sfloI1QL0CANyIwycjklamgHPCdbPo+TL0JGxdDZNnsdAqRFqJ+qUMunJ5IVAI1puEvtaGAy0FlMqd5QWLzXyGttSz85GAbRL1paJxLbxnJznsw\/IG6MJQou2oqwjehxe2S0SUHZZxjo99oyq2zNWbdMcEp0Igt3vpdr0blYcbSxoyuHN3L1OnaIVJ0WTMfxCwfwqUwtPOr\/0oLdY7uE+Mkv0CazNXtdrSgFzqhxm3Xgq45cpgOOeBqy4v7TH\/ES24L69+NbLx8zCoDlHetHIXID8dU8p\/tKex\/X13\/VCHG8+6O2UEUd\/8evInUmNUCU60M0bvZhdxjm\/bo6Kz7iQ6P+qLaVapSr6UgbCYBRfk5Ccw6J6DeY3S9TdCPYauFCZVHAYuY6sWH1j73+OQPmnZyJARMqEHeKdsi3qy76b+u00g\/BlkbH+QBndiz1rLj0szcV2Exmiu+LQVoeggSdFoEavdsy+JmkvU5C3pUQwjMF9bBB7XLgeqitfiFz1nmH99Z86v3SYNpONBBKQ0GfDzdxyERgLsZ7jvl7zCMl8Cc5swSowOld7XDDWiawIfMld2aDSCRGm717RlCE2SgZtqPna+jEcN+PTGFVpGN36EolG02mN1UpTT+b8viZzm7zpC89YNxU99QOQzmWDEh7Qg="}
00425{"flow_id":112,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":795386,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoVMZAAOcGSzw0XuiGrBAq2AG7sqKEfV2Yeu35FVAQf94xsgAAAAAAAAAA"}
00426{"flow_id":110,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":795523,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoQFxAAOcGX6Y0XuiGrBAq2AG7sqDRCzesLZ\/X51AQf955jgAAAAAAAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1490976115835,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1490976115835,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":835926,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWl5AAEARM0CsECrYrBAqAW\/GADUAQT0E1ZsBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1490976115835,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1937,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1490976115835,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":901902,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl30tAAEARrkKsECoBrBAq2AA1b8YAUeVS1ZuBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIQAENu8YtA=="}
-00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1490976115905,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00707{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1940,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.24.180"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1490976115905,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976115,"pkt_ts_usec":905314,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8JUVAAEAG7uusECrYNu8YtJKvAbsZEE7TAAAAAKAC\/\/+4mQAAAgQFtAQCCAoA9muWAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1490976116084,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1490976116084,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":84560,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8uXBAAEAGWsCsECrYNu8YtJKwAbtgAdLYAAAAAKAC\/\/\/tjwAAAgQFtAQCCAoA9muoAAAAAAEDAwg="}
00429{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":119939,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwcfNAAOcG+0g27xi0rBAq2AG7kq+qRjf5GRBO1HASH\/5e8QAAAgQFtAEDAwY="}
00416{"flow_id":116,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":121026,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUZAAEAG7v6sECrYNu8YtJKvAbsZEE7UqkY3+lAQAVepYgAA"}
00770{"flow_id":116,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":122233,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErJUdAAEAG7fqsECrYNu8YtJKvAbsZEE7UqkY3+lAYAVdXdAAAFgMBAP4BAAD6AwPrW9HSsEakj6mtt\/VNcOse9OO4StwA3f8PEsza4rC61SAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACR2toAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjKygABAA=="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":4,"flow_first_seen":1490976115905,"flow_last_seen":1490976116122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00430{"flow_id":117,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":248422,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwirZAAOcG4oU27xi0rBAq2AG7krCs\/eb6YAHS2XASH\/7iQAAAAgQFtAEDAwY="}
00416{"flow_id":117,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":249875,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAouXFAAEAGWtOsECrYNu8YtJKwAbtgAdLZrP3m+1AQAVcssgAA"}
00424{"flow_id":116,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976116,"pkt_ts_usec":407314,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiX1AANsG78Y27xi0rBAq2AG7kq+qRjf6GRBO1FAQARypnQAAAAAAAAAA"}
@@ -1525,7 +1525,7 @@
00770{"flow_id":116,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":107055,"pkt_caplen":313,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":313,"pkt_l4_len":279,"pkt":"AMDKkaPvePiC0\/vCCABFAAErJUlAAEAG7fisECrYNu8YtJKvAbsZEE7UqkY3+lAYAVdXdAAAFgMBAP4BAAD6AwPrW9HSsEakj6mtt\/VNcOse9OO4StwA3f8PEsza4rC61SAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LgAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACR2toAAP8BAAEAAAAALAAqAAAnbW9iaWxlYW5hbHl0aWNzLnVzLWVhc3QtMS5hbWF6b25hd3MuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABjKygABAA=="}
00424{"flow_id":116,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":335076,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoiX5AANsG78U27xi0rBAq2AG7kq+qRjf6GRBP11AQASyoigAAAAAAAAAA"}
00630{"flow_id":116,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":335216,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"ePiC0\/vCAMDKkVoBCABFAADEiX9AANsG7yg27xi0rBAq2AG7kq+qRjf6GRBP11AYASwooQAAFgMDAGQCAABgAwNZS3nfHykATu3CC7mmoc0bUWm9K4e9z4q18mgLdytBOSAK8IS3HVgGOc2sZcVp0kAKYJvK21\/4JhIPoGYmpJU7LsAvAAAY\/wEAAQAABQAAABAACwAJCGh0dHAvMS4xFAMDAAEBFgMDACjewnNSd4iq4yrAhkxqFaRy27cheBPD04w9zfg+PVa226nC0Bx\/D34+"}
-00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_tot_l4_data_len":1141,"flow_min_l4_data_len":20,"flow_max_l4_data_len":279,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":9,"flow_first_seen":1490976115905,"flow_last_seen":1490976118335,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":933,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00418{"flow_id":116,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":338241,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoJUpAAEAG7vqsECrYNu8YtJKvAbsZEE\/XqkY4llAQAVunvwAA"}
00489{"flow_id":116,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":338805,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AMDKkaPvePiC0\/vCCABFAABbJUtAAEAG7sasECrYNu8YtJKvAbsZEE\/XqkY4llAYAVsBzgAAFAMDAAEBFgMDACgAAAAAAAAAAPuw3vfT07cXH8vq\/blRyZQzQaizRHQlltz7tuMsMLX5"}
02398{"flow_id":116,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":351883,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcJUxAAEAG6USsECrYNu8YtJKvAbsZEFAKqkY4llAQAVskpwAAFwMDCxcAAAAAAAAAAbDA0awcoSZj\/cmHmodFtqWsaRwLMcP0AQLYfFlA7gOqSVi6G68dQgBCJ0RxOR+S40meHjuFDNamCqeas+vPbHIQwq5t0\/Fr8ZJ1ylxt\/mOidcttJL5EazrZeE7oQ5Dh6CY7+\/aUuI5ClXntzl0OfkC+VLOBDpt3B\/iJ2RKF63\/bPSg8YVERd4GQKCqJE+bRiUmQljE3d5qOwRGurLXdWkfPn91ysq5SItLS6xqP+wFngIXlQJuy0431zig16FZOFHZcY9GLLKxzEdP\/EHlfT2fWjjQz9OMJOSrOMo9NoBrCPn+E3DkmVsvcroGOaKiJ5VpZjP8Vl\/cn2bygKKs6zxFKksvq6dat1OQBm+kW1N0USv4hoqYUtPUD8mWw4RUPbPl8VLd28ibl1+pONk9YuzzvLh\/OejuYEJTNHa1J\/izyyikysEV8VX7umlyox50Ca6rtVgvYn+tXcdt7IFx9W5zGl0A2BLTyhVWgsk+FVU8CIdGEkDHDAxMRyMyHuIIqX9J7itKCL+zNj4VAR57NUO8joIGctOsyK57+vq6TQC\/\/TjLerF7IA7uhRqKHnM4UQZWCGwuidXpAoXvoE70UUNEW230Nn2XW5pdq2MxxcPDiIiaD0tVG+NNlCAgRnRNLJzQk0gZywFFmlMSwIyO4pJnxQbBRTasM2vvWKSSNWKygP1ErGKYSnAVw5Yit+8sZqsjAt5LJfr4Y02rb7dobO9iCySA2gCBIVAviY+htmCidKpF1fJm3n0eLM2k6ZF6s3ByJCdS37bvp0Y\/WJFRMvySiNVMXcayZ2xlnVf67Z2rmVCFH8YZh5IX5IWwXpnzBwgQUueqpAl7nWy5gCBz6dr\/PBXkbHDnCqaAmjsuf12s3UH2mzFipUWyn8XRJNFnH6PDSd7hMn9xs40870xxkMLna2yMpnipQN1afnfl6+GRuoQl9vlVzgzzr\/j74a3KWj0y+VVPEBFYlm46UyNRdvA3hQUuO4MByEWV7mVzRVDGQ0c5zADa6DrsXsC+lsocHm1XSMfY+tdbk2\/umUFdRg9HgRVUY6h3JEEx9crXdZOuRwtX3Cq2qeMjJDpUk5pkHxZmanRwZTvdBz8YPgwZbi\/TfIlKR4GJ0XrSCkYxSlJUUNywpCa0l3ljDdntCS3k\/zx9ubEng94M+ALvsePWJ4pVEl98eTdznLOZsi++VkcWmp3fqB5GfeEIIIr2JApduaImCibbYR045lvjzOvLIwH84glVehZ8VFQBWvtazuYaFwSddAZuCB9i8Fk\/tGlO73Z\/HQZJayB6QZJC5LsTH8gIob5Cl0rqE07Dr4N+ptG5F4J5qr1blh7BYvzfhEXBpLVBl\/Ju8WlNCxMqx387nZAJC5tV4r5MOQQ8qXqb8ug8AD+PbmxAxw4OD0phk0IsTgyg5iEsGdH\/3F9lfLg6Cj9ra2\/mTCJbrxxFz7XqXX\/3IT7vKajE5VUOhdRLXzxpdgfBYHseLqQPn6VRJmMVw5X2TXlKkkPYFMCxnlOOl5Z9Yo2qGjtxh8AIMyYAAIkiskwDCZE+wIhs3CSo6l3WbQFEDGUhJZgCnhKrnr9UTwOME5zh2D4mps9KszKepwMzpyS0yEhPOci3VVCCehnXRbQdfiyGKfuE9eMuRqMjljg+XEvqbV60Cfp5XBlilBSG4rfTwB+twa9kWKqUklDlgIG07apG2O9w5gwqIxEnvjwCQIA6GVYqCO48W\/pkXGiMdlaV9SuBj6TQUC6prv9f6al+UmoBK4BLVQJROcAXEWIzmid56SJPrMbnICrT3MmkoviUjCb9p6wBIpqJ26KYCb3gzbUlqADG21zQ3w+ZZRh6Oi7HnRRzagiI9+kR9zZe0kSkLvAdwOPg4TuVl0lZZgM9Ct1N4OH\/6dxq3PWI8aToM2yHYfxaG\/kA0q7iVxH+3X7cHq8faQ4Q="}
@@ -1533,14 +1533,14 @@
02404{"flow_id":116,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":436142,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcJU1AAEAG6UOsECrYNu8YtJKvAbsZEFW+qkY4llAQAVuApgAAefZ3E5R4ptFDhrqiuqKQ0arcfcySBzOVFDD8D7x8tO8IqVOwmRMdlwxU8Q7eqMxfTk9EXeEqZG69TDXtXwcYCteDADsO\/pOCwcF8zPAqMc7udl1QUufQiSRy+bMy7tsSYQayZjU+ETw6XpcFH\/MINKZda5Ry8qTRDYWkuVqYXSaGlepAQ2Otyzpopwc5Y+DJeDq8nlfPJaaKjKKzljuGMukEPIE4F5GAgl\/Wl22H9kp+BxGb5bP5U\/lQPCh\/rppuVDAN6x6VD4GwYSsqFkCmGL8y787lhLjne\/th2r\/hyHdbmtlUN\/pDIx4Db5AsWS2iViwFyBbOHrDUXwuVLN9Lk0FgEWy6J4LHYtTlBw\/LZzwBbdDO1U4+Aqc8FaXdskutGqs\/5hjrhV6TetzTRCJ8wPbOfLIDK0N6Q3hbIHeVcbCgi6gjvKMGdEzOQxwyKk6H1NARGdy5V0r3aGFHoSklmCBcGyAezxpdQEsj\/xVcj2wI1e83jPOV4p2cL\/+lB9Ws+yT9IeL3Udq2mt8mbAbyMTTPZHsKW2wGAzYR1eQqaTXW7w6bbowdDJK2oPnSnI4sET72GaRTRc7ntU2WDE0QrjYcz4gYGACGWS42NqeeSp0ZixGfeTndUiiFSG2oq8pA9BrQH0IqT7Adtgb+dAtgvJ5BwX0ThAg6gvyjTkWT6xjQiRgslR4v5fjpCzTcmztcl3LOUxb5Kd4mFgfzX9AOXih09iPZ97cB5UMPpBuu5R0JvAQ7F1yBmOT5EqhGpADsS8qlu5ISWy\/BEHl6YF3butsFWiDRYyjo4vgyvjgKfhj4FQnIFe077blHQSGDticu5lzLFeg+yGWkFUWK2Dt9eDlEseS\/M4aa051gIpSn52C+uR3Vr3Y128QfrCsZsS8IQJvofRbMXMbF7eHV3xnFiYm+K6Dx1R25FXm4ZVMQ\/KNPSBkY6zk4osif3YhbDpK+bdxpJpzMdKJ7Na6\/fDHJgsDin1u9GEmLh897wAtREFn7Gnh4ZM9dB5DXq0+f\/ZFBXhPVH16Ma\/Gm21zuvPl1jkVVR90ahqVG+DE1JUN6bbeO1BLH4qYwhuAiFgGJAqDWto8yJFjXlcuoOqoYGllzcJeWiA8Ld8iph18HLEJgwTk7J+KdPMi8mdF9RaLe\/lbq3ZGj5thKeFFk8piTb04s+ysXvjIyo4P59HB26eH8vkQXKddypMjjY1CRcLezGKC6sqPooPLixBS5Dttv6W3iEgFLgsNWvpPW84IFfEg6yoXvTE5DR2bv5AlkYUasHF7UB3A3G9c4Lit6A\/72c9vB7GuA\/2Amem34vRruJ7\/iCpCQN4a8A1MWiqDsuDP9JPBD\/L0bV7xajJaI7t\/8XICiWiBexYbrIkVUmJJ2Gj\/4x+1pGcC4O+4eRQm0XYhP6kFEgTZK3S07T2P26Nb+5H4xBnmK7PU91msb4mfgwVVZ9qZq3tL+gcFq19tb24Lw5VuC+C\/l8gtt\/eE3vYV5AbrClNHw4uddlTzj6B+ih\/9os0U8SqnAP+BeRLz6R1MVqe42\/hUSd1S6up5cTn2Y7CcXpFjy8D+1nQCAReoAqxFs2aRB3T16o5U+hqTp6a12XsmAuN8ixazHD13j2DgSyJu7TDC2yPTIleVYenBf7qZhVqAb9uWTUvVVtDyGfWcTTJVI64oeYd87p5oO3jxD6HCgFPsnTklm7Txfuh\/cJNZVPr6msIVINVPEFd8afVgfnkcgS3PmVQ2PG6vADg55CR1Z\/7pQyIgumH+d\/74OHgQ1RAHKloo4UfPzgeb4XUqQymbrH8iMEXQJOCbUpCilIONhsAJsobY5hsfd4+ROH8H0kVe0k1WP5YcAjRcDAwFFAAAAAAAAAAKrYYEDMqGj8xcllxPaJCK05D8YW9ItB4n\/Y0ftzso+NbL8O4ykvj96hnStE2QwSjA0dn8ockcVAZgQIzG3CGs="}
00766{"flow_id":116,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":436432,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"AMDKkaPvePiC0\/vCCABFAAEmJU5AAEAG7fisECrYNu8YtJKvAbsZEFtyqkY4llAYAVv26gAA8+MNFYinlBYjQ2Hj+t5wnhQlPi7Yzs44ocg4KG8IYqYc2GsURXaQW3BxKhWmcrGGN1WrTL43aw8nQfqeyFJ2UnsewknXI3JUNb\/7zlE998ToBOvb0Fl51wDtWY12H7KtoirKF\/YtRoZrnWS25hU5OICuJTWvnuwuixEEo\/z2nl5kdU321VNOzko3h9OrjraSd7TggyYO1vJF+SyaPIUHr0fnQkPB+mw62cXDU2zAsberg0Xw\/ERPF4fjd0a\/lsp60Tp+ltbxoMbBMwZy0yLWeZpDs76v+c6a8eZuM71USibf+Hsy5N8vsZORZy9ckRo2Gbi7aMKsp4n\/ZF+ZTsc="}
02403{"flow_id":114,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1977,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976118,"pkt_ts_usec":540723,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcCntAAEAGNtSsECrYNF7ohrKkAbvN5GJyckqsG1AQAVeaNAAAFwMBACCVAsolemIjTXyS\/AxBEL4EvwJ0AgReq+\/dnJ7py5eTpBcDAQZg6xglvGF9hWSdTgHU8J\/p7kC5Mb8Tnz1hzpxpzlSgY9JlhHfddFP0jIAckhlAB8bvDSzSkQOZC9Fwi333Ne2dMboIPIOxSnecNT6oQ3aZGWtoFqVKqPppEL06xLeMyQniid4tFddV264EfoQ\/ki1knEIczVHC371xWjSuvj05y5GWQwpM\/eCB6hqpM9R6hTsTAgihjOAke+CaFu8zCJXg0qNGqKDuA9D3QmzGz8RiD95u2a4kLOpoKEYHHAfTt3bAAvzsqB144p\/+TcHGpqAARQ2K1pp6OdFw+onGNERmDE\/bCJVYXS\/4HHc2JWCDqqMv84+DkviL91ZhESecn5c+FbWCymc0tIc2BNRNI6HdT2lu0sZ+SF6YHekt7iE\/MrOpllBQzCOzQ0Z3V6vLTPF7I+8MTMY6nTj\/JBcyTgOv3PVXXwoJF0f11WA9nRWsNXcK7BDtDbeYRbezBxAvhT08lqHUQd3LogQ3IPc\/abAtJWARzlBYR60cwuIbt3yjlf54qegoswcMJajxXn3FGZCKM\/h89BL1TZVuyFRtzm7xycs+93JVOo\/6hkCxqsO2QPxjeBchB\/tKyXpF8p3JQbTKxMaqqnZC2afJhwGp1rOHeciCyzhzcfoPKxTQEy7WSNtLZi5lMDj9NEGGolQ2e+c6wRBHu8BDwUSl2fPQfX8UBR6W3HXzcZwoNIeVVPmyd67QYZ6NOAGyofuw3t6q6VjwvVo7LI03Sf1lf8yEhphtQlZkNCY8RCXmPsss1ZQBJpldyUhCe1NKxbKpZRItFmefB3+Xh63oiT+nBgfxA4DTAiNi03XR8ePUL\/tVowuXzjNFka8RKvcK9BzZ+y\/iZ\/Xbgc8LI7AQs\/PUUiv1aeWIMBz1bGDKREUSJkSzhaX4uK+5EyCv27gSOkXKdFOOBtL6xYLLGtkFtXS\/pKJ2pI2CRZTKQNX\/cmoM+zEOjMR1PSSOluAESi9nO7yn92OLlaHXThyMsBSIq3rzh6rpBn1tE54aUFgbUCzum29kq9X2\/oAUrOUGIHrn+TEGip691opUerDj2btsgPahiMwnnM2S93HIAEmb3\/JaNbyugRJXSwNSVjnv84prJWkSIJeXOEbVaoMkNKfCQm8uYoxdDgv5HGSJ444Nskh08mq2cqmu\/zKf2DoEMk5PLByuURgUJalOd96QvF0yIFwTBQxuS+3KgljqKRqkkLDnR0r56NYqS5bRegdSuJlD3tmC+sfloI1QL0CANyIwycjklamgHPCdbPo+TL0JGxdDZNnsdAqRFqJ+qUMunJ5IVAI1puEvtaGAy0FlMqd5QWLzXyGttSz85GAbRL1paJxLbxnJznsw\/IG6MJQou2oqwjehxe2S0SUHZZxjo99oyq2zNWbdMcEp0Igt3vpdr0blYcbSxoyuHN3L1OnaIVJ0WTMfxCwfwqUwtPOr\/0oLdY7uE+Mkv0CazNXtdrSgFzqhxm3Xgq45cpgOOeBqy4v7TH\/ES24L69+NbLx8zCoDlHetHIXID8dU8p\/tKex\/X13\/VCHG8+6O2UEUd\/8evInUmNUCU60M0bvZhdxjm\/bo6Kz7iQ6P+qLaVapSr6UgbCYBRfk5Ccw6J6DeY3S9TdCPYauFCZVHAYuY6sWH1j73+OQPmnZyJARMqEHeKdsi3qy76b+u00g\/BlkbH+QBndiz1rLj0szcV2Exmiu+LQVoeggSdFoEavdsy+JmkvU5C3pUQwjMF9bBB7XLgeqitfiFz1nmH99Z86v3SYNpONBBKQ0GfDzdxyERgLsZ7jvl7zCMl8Cc5swSowOld7XDDWiawIfMld2aDSCRGm717RlCE2SgZtqPna+jEcN+PTGFVpGN36EolG02mN1UpTT+b8viZzm7zpC89YNxU99QOQzmWDEh7Qg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1490976130073,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1490976130073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":73503,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8j51AAEAGf0qsECrYNu8d\/Z+gAbt6Gf6DAAAAAKAC\/\/+QHQAAAgQFtAQCCAoA9nEeAAAAAAEDAwg="}
00431{"flow_id":118,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2002,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":307042,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww\/RAAOcGo\/427x39rBAq2AG7n6DOZIqUehn+hHASH\/7FQwAAAgQFtAEDAwY="}
00417{"flow_id":118,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":308849,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj55AAEAGf12sECrYNu8d\/Z+gAbt6Gf6EzmSKlVAQAVcPtQAA"}
00745{"flow_id":118,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":310007,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbj59AAEAGfmmsECrYNu8d\/Z+gAbt6Gf6EzmSKlVAYAVfa4QAAFgMBAO4BAADqAwN0b1XxRD1+7q81PZEt7s8JLjF+zs7TJetZZPnvHETq+SBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACBWloAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhqagAdABcAGPr6AAEA"}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2004,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":4,"flow_first_seen":1490976130073,"flow_last_seen":1490976130310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00538{"flow_id":118,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":469888,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9z7BAAOcGl\/U27x39rBAq2AG7n6DOZIqVehn\/d1AYf\/hZrQAAFgMBAEoCAABGAwFY3n2ChqENgB5ulodafVGXSlcQ1mED7PxYBMV1H121KiBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2005,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":5,"flow_first_seen":1490976130073,"flow_last_seen":1490976130469,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00494{"flow_id":118,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2006,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":470026,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdz9VAAOcGl\/A27x39rBAq2AG7n6DOZIrqehn\/d1AYf\/jOuwAAFgMBADBr7rcoma6yI9u+hwZHRhABfiFPvPkpGdxK57qKeW\/S079grGg18giIHqTY7wSdzXU="}
00417{"flow_id":118,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2007,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":472574,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj6BAAEAGf1usECrYNu8d\/Z+gAbt6Gf93zmSK6lAQAVcObQAA"}
00417{"flow_id":118,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2008,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":472863,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoj6FAAEAGf1qsECrYNu8d\/Z+gAbt6Gf93zmSLH1AQAVcOOAAA"}
@@ -1551,22 +1551,22 @@
00426{"flow_id":118,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2013,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":623836,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAouAVAAOcGr\/U27x39rBAq2AG7n6DOZIsfehoFZlAQf+CJvwAAAAAAAAAA"}
00425{"flow_id":118,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2014,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976130,"pkt_ts_usec":629629,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAouKVAAOcGr1U27x39rBAq2AG7n6DOZIsfehoGXFAQf9yIzQAAAAAAAAAA"}
02399{"flow_id":118,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976131,"pkt_ts_usec":242371,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcx0tAAOcGmvs27x39rBAq2AG7n6DOZIsfehoGXFAQ\/a+YWgAAFwMBBnDm8d4M8hDzs5VcMuD3P6vbkwfW+EgFi0ZTYBteuDlrMNJYmoCeCm8sN1RQwWSMGpV7b+nuLblSv4U9Hpbk1ax6xWQvpDgWskrbv8IWLHJ8Xtz\/elYLdnY59rA2C0Iz3eCmAtoCrXz6IlasgKsXLpa+wkaJ5BACxfUge4uDSyUSZ\/1dn+o3eO05+IbdkVrGluXjGk\/DvSxb5cc5iht+v1DOcAspTyhkx15ckUkDomquHkdhOFS8kXcPIsArM51XvL8A\/l3kRd1YhCHx4lhPJGqQaekA6mBEthjswM2ECh3Rb8AtmFmjlEcl\/k5RZr74\/zYa6xbDxRDiro\/dmTyxbcwM2nWqVn5mdap1EWpH1mFCmoVCnfDYKi1VIgntHr9h1FePSnrPPQEUWdRT2NeiP6CxeKaEXwXUAAN7x+AGT7TjVmuTFY1Re3nGzB\/zApGKTTjZG+\/c5RnNt\/+f5uvHWP5wyEGnVjyPHM7Q8\/6EN3oB6QybW0xQnc5bIPTQRSdsSBNCogiI+N54GpwmftGXjWGzSaA2+zv5sdZ1TeBuZxuUqSjhqyw+U6qqBEX9mbwSn8ebyWkxu1L1Z8eGdltJJwZIVZT7vJa2nNdRfYWUSVmetf8OMggcwMbrncBMENQYxzc8VKk9\/8olB77jARLRWkuzEeZHOQtv2npmblhQ4xEUkhRkKcVcFN72w81PnNZWqfgpNXIca9VzB+l18AdrXNFJmhr4\/7+htKD3WZuLwOkZqEso6SsI3EKUxUCCmmdlM3i0wTbXHmH7\/byesy+sljlNoIkfyRlOujVfeWMJMaAtL+OucooeJERS7he6wauu4+VbDx4zmLK7kCwtLcZgYB4igp8rIypCc0wpgIrnPMeqYPQGztXKX+gUs4c2shhRXlpJQ5DKX+V\/4eWhBsYQ7RIAcM1kr1t3x0Enj1bc\/mCc2Q8suOl6AUQf2O64qR7c4dYskjO9WXh2quVtssvdjH4JcvTeSm2TwvOqa4UxX6qOxHxfRjJa6B5w70qnyq4xtiilEUYu6Tu+mA8nOQ4t6fpXfRYwCH3ldKzhwxsxBltPJijYzMrFXn4u7bXFoZXd0I9Sr9ddP7vSvoQmG9965DDCXFSWSBfw6\/5ewjvFgWIPsMw+WC2zf7lgia+9Dm0ErtojL3PheBGfs9Jq8TKDnbXRM6dT77ceKYaxZTHL+M2V26P+o+k\/4nUDrXJvUxMGb1eHAUomYB4\/1MMwU6MymJc\/MDJvcz6PBLAsEMf449AqU4QBSVD6sXi\/WwNBdQkW2jenQ6Qr1EzP49pHYSb37T7iMThw+J3JAFAN8FDskxfqJnRFlD9z3Vi9Qps3Dd7\/YbPJ9amGbMdlx\/KY01xsol5yr9+pnFHsu7TnhX95IcEkXdBVKKPkatpbNkUGvQgvgZhpSdyl8BXtnzlSlaKMNWixXh9ZXjVUmhTZJjAG3OsCW7nL2yMpELRi2HyWrp9F7UUL6aX035rrStb3jj7aiGxNikUvvyO+3V40mezHJsyqHfJGcgJ8TGqKvIV0mtIp1BFfUltkD7XWapUsOvxLFfFtmBxhW70jAX7AAQiEQmSIdMMyITy3KlooIDDV+gd9qarohCgF\/mrN6eDmKuahhSyPhD0XUHHyny9HDochbdXKpELSIENeEqsEemkuLRQEiZ5K3ocdegKX2chjmN7revlH42EdTDaaD1DR3AZjsfEEzaYtWhc7m89oBYEjgttVgiQa4wIISyN+YYZn5ZaO12OTrQaZs2Yl7ghPGlXlNBgArf3ONTDSnE2bK3j8JHSQ8FlHGIOjYej3NNej8Yk9eVlFp8v2HyjE9MBK6XeJQpCLkuC67oIq3pLtcRVHPXyzX2GIQoESeElX\/gI5l6bNtpdyQ1Klfk9lhGxcV3vDvIPJfQ3oYJxe\/vYCDe11EpuBzeSVPBfIwoHLOoFo\/oDh7Sw="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1490976133936,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1490976133936,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976133,"pkt_ts_usec":936541,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"AMDKkaPvePiC0\/vCCABFAABDWl9AAEARM1GsECrYrBAqARM4ADUALyGouR4BAAABAAAAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQAB"}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1490976133936,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2030,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1490976133936,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00688{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":135541,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"ePiC0\/vCAMDKkaPvCABFAADu5XxAAEARp4isECoBrBAq2AA1EzgA2tC0uR6BgAABAAkAAAAAA2VjeA1pbWFnZXMtYW1hem9uA2NvbQAAAQABwAwABQABAAAAMQAfDmQxZ2Uwa2sxbDVrbXMwCmNsb3VkZnJvbnQDbmV0AMAzAAEAAQAAADsABDRUPzjAMwABAAEAAAA7AAQ0VD8QwDMAAQABAAAAOwAENFQ\/PcAzAAEAAQAAADsABDRUPxrAMwABAAEAAAA7AAQ0VD\/swDMAAQABAAAAOwAENFQ\/I8AzAAEAAQAAADsABDRUP9\/AMwABAAEAAAA7AAQ0VD\/n"}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":47,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1490976134140,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2033,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"ecx.images-amazon.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.63.56"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1490976134140,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":140538,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82ItAAEAGF7ysECrYNFQ\/OMsRAFDDaqo+AAAAAKAC\/\/9Q1AAAAgQFtAQCCAoA9nK1AAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1490976134141,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1490976134141,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":141916,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8xZVAAEAGKrKsECrYNFQ\/OMsSAFCeYrcjAAAAAKAC\/\/9o9QAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1490976134144,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1490976134144,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":144040,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85X5AAEAGCsmsECrYNFQ\/OMsTAFDQ0pfIAAAAAKAC\/\/9V3wAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1490976134146,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1490976134146,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":146057,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8TQZAAEAGo0GsECrYNFQ\/OMsUAFAHRT+wAAAAAKAC\/\/93hAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1490976134148,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1490976134148,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":148422,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8vDBAAEAGNBesECrYNFQ\/OMsVAFCK3c6GAAAAAKAC\/\/9lFAAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1490976134149,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1490976134149,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":149854,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EjJAAEAG3hWsECrYNFQ\/OMsWAFAy6mCEAAAAAKAC\/\/8rCQAAAgQFtAQCCAoA9nK2AAAAAAEDAwg="}
00444{"flow_id":124,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2040,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":198488,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxXC1q1Wit3Oh6AScSCcZgAAAgQFtAQCCAps+npUAPZytgEDAwg="}
00445{"flow_id":123,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2041,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":199672,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxSwmxNdB0U\/saAScSBYswAAAgQFtAQCCAps+nysAPZytgEDAwg="}
@@ -1575,23 +1575,23 @@
00444{"flow_id":122,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":199902,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxNJprFn0NKXyaAScSAI+QAAAgQFtAQCCAps+nOsAPZytgEDAwg="}
00433{"flow_id":124,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":200000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0vDFAAEAGNB6sECrYNFQ\/OMsVAFCK3c6HwtatV4AQAVc6+AAAAQEICgD2crts+npU"}
01168{"flow_id":124,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":200994,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXvDJAAEAGMfqsECrYNFQ\/OMsVAFCK3c6HwtatV4AYAVfMCQAAAQEICgD2crxs+npUR0VUIC9pbWFnZXMvSS83MXB3TUtEUlFJTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":4,"flow_first_seen":1490976134148,"flow_last_seen":1490976134200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71pwMKDRQIL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00433{"flow_id":123,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":201861,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0TQdAAEAGo0isECrYNFQ\/OMsUAFAHRT+xsJsTXoAQAVf3QwAAAQEICgD2crxs+nys"}
00434{"flow_id":120,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":202119,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02IxAAEAGF8OsECrYNFQ\/OMsRAFDDaqo\/vffTz4AQAVcBnwAAAQEICgD2crxs+n3S"}
00433{"flow_id":121,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":202247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0xZZAAEAGKrmsECrYNFQ\/OMsSAFCeYrck8hQixoAQAVeWrQAAAQEICgD2crxs+n3S"}
00433{"flow_id":122,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":202405,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA05X9AAEAGCtCsECrYNFQ\/OMsTAFDQ0pfJSaaxaIAQAVeniQAAAQEICgD2crxs+nOs"}
01168{"flow_id":123,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":203012,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXTQhAAEAGoSSsECrYNFQ\/OMsUAFAHRT+xsJsTXoAYAVeTLwAAAQEICgD2crxs+nysR0VUIC9pbWFnZXMvSS82MW9CVGIralp2TC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2051,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_first_seen":1490976134146,"flow_last_seen":1490976134203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61oBTb+jZvL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01169{"flow_id":120,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":203631,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2I1AAEAGFZ+sECrYNFQ\/OMsRAFDDaqo\/vffTz4AYAVdmfQAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS81MXdvaUw5a2drTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2052,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":4,"flow_first_seen":1490976134140,"flow_last_seen":1490976134203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/51woiL9kgkL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01168{"flow_id":121,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":203879,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXxZdAAEAGKJWsECrYNFQ\/OMsSAFCeYrck8hQixoAYAVfrxAAAAQEICgD2crxs+n3SR0VUIC9pbWFnZXMvSS84MWRpRlF5VmpITC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2053,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":4,"flow_first_seen":1490976134141,"flow_last_seen":1490976134203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81diFQyVjHL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01168{"flow_id":122,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":204208,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX5YBAAEAGCKysECrYNFQ\/OMsTAFDQ0pfJSaaxaIAYAVd2ewAAAQEICgD2crxs+nOsR0VUIC9pbWFnZXMvSS83MUdjQ05UYjZrTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2054,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":4,"flow_first_seen":1490976134144,"flow_last_seen":1490976134204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71GcCNTb6kL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00444{"flow_id":125,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":237090,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxaJEqCkMupghaAScSCurAAAAgQFtAQCCAps+nR5APZytgEDAwg="}
00433{"flow_id":125,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":238394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0EjNAAEAG3hysECrYNFQ\/OMsWAFAy6mCFiRKgpYAQAVdNOgAAAQEICgD2cr9s+nR5"}
01169{"flow_id":125,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":239068,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXEjRAAEAG2\/isECrYNFQ\/OMsWAFAy6mCFiRKgpYAYAVcSOgAAAQEICgD2cr9s+nR5R0VUIC9pbWFnZXMvSS82MTJ4bGFPSTJOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2057,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":4,"flow_first_seen":1490976134149,"flow_last_seen":1490976134239,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/612xlaOI2NL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00432{"flow_id":120,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":354330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0rhBAAPIGkD40VD84rBAq2ABQyxG999PPw2qsYoAQAHYATwAAAQEICmz6feAA9nK8"}
00432{"flow_id":122,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2059,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":354478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0wtFAAPIGe300VD84rBAq2ABQyxNJprFo0NKZ7IAQAHamOgAAAQEICmz6c7kA9nK8"}
00432{"flow_id":123,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2060,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":354525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0b+dAAPIGzmc0VD84rBAq2ABQyxSwmxNeB0VB1IAQAHb19AAAAQEICmz6fLkA9nK8"}
@@ -1658,15 +1658,15 @@
02427{"flow_id":124,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2179,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":950932,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc19FAAPIGYNU0VD84rBAq2ABQyxXC1smfit3QqoAQAHaEbgAAAQEICmz6ep0A9nLVja7q1pNyfzPuL9iP4v8Aw\/8AFGpt41+MurXGueMNBQHQdM1BVjs7NAoxdQxj5ZJs5+YgbDyBkhh6H8RP2grDxLrkt\/dOCWJGVHIwOPrX56+E\/Gq6VcG+a7ljmiZWt5YmO5SN3TBB9j6g471veIPjT4w\/sd9QsNdvAgVghMxycdTyc+tflXEvhD\/bGbfW6MlKLVlGT5VBdYxSTVm9dk73bufe5D4i4rJsJ7Dl1vq0tZebu7t\/PyVkfWXiL4veGrthFPPGdo4D4BHrTrV\/AXiPw20O+2kluiUcEAhlPG0jv1\/Wvz11v4h+L9euRJceMNR3uD8sdyQSxHGa1f2bNW+I\/wAVv2hPCHwKj+J+tWVj4q1yDTL2aCdTLFHM4RyhIO04Jwe1epknho+Hoqu5pcurSbd7a22Rvm\/HtfPaf1dRfvaXa\/4LO1+MPin4r\/BvSvF2n\/s8aVdeJfAeiXKxyaxJYmS38PX8uXlt7eXP75Ry5QAiNmycA5b4q8T+I9Y8UavPrevalNd3lw5e5ubiUu7t6knrX7EaLqfhe6S2+Hfg7w9a6b4X01ns9H0aJN0ccBYgs5bJllk+\/JI3zOzEnjAH5L\/tPjQ7H9oLxtZ+GNPt7TT4fE17HZ21rGFjijWZgqqBwAAK\/V5Yeth8JTlVSTld8q+ytNP87aX2vu\/zzD4mjicVUjS1St738z2v\/l1tvbY891S5dyfnJ45xWDekc4Oa07yU4JB6+tZN2wOSRXm1tj3aMbI\/oa\/4NGNSnuf2L\/FVi7kpB4yuUQHsPLt2\/nIfzr9TfizCJ\/hf4ijYZB0W5OPpExr8xP8Ag0q8MXGl\/sJ63rssZCaj4quZo2I4YbhEcfjAa\/Tj4vXAtfhZ4imY4A0a4H5xsP6185V\/is9aHwI9a+HU7XXw+0K5dsmTRrVifUmJTWzWT4CtGsPAui2LjBh0m2jI9xEorWrMoKKKKACiiigDy79qGA2um+E\/E4GBp3jC1Ez\/AN2OZZIGJ9sutLW5+0N4ZuPFnwX8Q6XYqTcx2BurQDr50JEyAe5KAfjXKeF9cg8TeG9P8RWpBjvrOOdcdtyg4\/WgD+aX\/g5k+D8vw4\/4KP3PisWhS38TaDHOshHDSxyyKR+EbQfnX5+JIgjTyzhs55Ffu\/8A8HZn7Ms3iP4QeEv2ltH00vL4d1H7PqMqLytvPtickj\/bFqB9Wr8HHk3BQsZXGOpr2MJO9FeR5eJjasaNrMSwGa\/Ub9h3xje\/D39nzwtpNgRG76WJn2nljJLI4P5MP0r8sbQkyKGJBZgK\/WD9lXwVHe6do+hzEqLfTraEIx4XZEqn9RXvZdhlicUv7p4Oa4l4XDtLqeJ\/8FiPiFqfjD4i\/DHQtVmZho\/w3XYpPQ3GpXtwT9SJB+Qqn+zNpK+E\/wDgnP8AGD4ryW4P2rUItIhfAyd\/2eIjnsBeE\/h7VyX\/AAVk1uKX9s\/V9BgmzBoeiaXp0C54Ty7OPcP++mY\/jV39m39v3wr8G\/2b7n9nDxX+zlpPjHTL3WpNSupNT1PYkrsIdoMRhcfKYUIOetZQdP2kubu7et9AkqnsoNeV\/uRrf8E+2S0v\/F3iq51OKwisdDWNtSnUeXbF3LB2yQMDy88+leu+C\/il438W\/Gzwj4K8VfGfSvF2k2txJqzppcCCKCaGGURMxGQSGbgZ4646V4V4e\/ba8JeHtc8R3Hhz9nLQ9N0rxFb20L6JbXSrbxrEkituXycSbzKxPA4AHOM1BZftXWOl+LtP8VeE\/hDoGkC0guIpoNOjWI3AkC4yyRrjbt44P3j0zXi5llssW6kowTk4SSfu6NxaVm9V8reZ3YTFOg4KUmoqSbWuyab0WjPtTSP2oPj5r3wp+J95q3izwXr\/AIabS9XtoNA1K5eO8sYY2uI0Z0jtnEjMI\/kV3UMQDuHUa\/7GPjHWv2Z\/gt4P07w="}
02419{"flow_id":124,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2180,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":956812,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc19JAAPIGYNQ0VD84rBAq2ABQyxXC1s9Hit3QqoAQAHaqcQAAAQEICmz6ep0A9nLVK+Dr+W78e62+o+LdRgt2kWxshayC1WSQL+7G5oXXJ6ySj1A+Lb39q3+19A1Dw7ZfDXR9Fg13nWW02MJJcoGJZW2IuCwLfMQcBjgc5qp4u\/av+KmteL7bxXpviq+0u0tmg8vQbTU3S2MaYO1lBAIcZySDgED0r5HFcHZhisHVwdGjGnSqTcmrpXUYJQTUZNX5nzXVruCctWe9Rz\/DUcRTr1KkpzhFRTtezcryabS0srWd7KTsfQHwY1cfs\/6t8b\/FmjCKGfSbiS30K72LviQ\/aJEAJHCkNbkqODgZBwK5fxZ+2d8SNX8J+D\/Efj3w5fPcadr636eIzlIbxUaZWgixEFUNGdjEMScHI548xX9tPV21jWZ9R+Huk3drrE0cl3YzSb0Z44Y4cnKlXBWJDgj72Tnmub+Nf7Set\/FzRNN8NL4fsdI03S8m3s9PGFzjb0AUKMdgvUkknNfR4HLa0sy+sYzDpzbi+fmXupUoxcdHd+\/e62d73Z4uJxMPq3sqFW0Vf3bPW8209rbW89LH1J8ada8B\/s1Wvir9p\/wzrMV14g8Z2NvaeGNi4VC0QLTrz8yuBHMxI\/gC5\/eGvDv+CVWg3vxB\/b98M69qd08jaL9r8Q31zI2eLaMzs5J9xkn3zXmnx6\/aL1T4z+HfC3hq78PRWFv4V00WdsY7kyGYCKGPcflGOIV456nmvXf+CQ8rWPxo+I\/iwA7dH+CniaR2C5IMtp9nQD0O+Zce\/HevdhSnDB+zlu7R+V7L8Dhpu1fn7a\/dqfVXhbQfDfhmeC6TxZHdvbt5rJbxnLBOT14GOOvXnpX48\/EzUn1XxxrWpSTb2udWuJC2fvbpWOf1r9K7b4iS29vqOqC\/jEtr4f1JnCHkOllNt\/8AHgOR3Ffl1rE5lupZy4O5yfzOa9jNaj9pCPNeyPPyGn7k5WtqZ9642dfwFZd02Rirl3IR3rf+BHwo1n49fG3wr8G9BDG58Sa7bWCuq58tJJAHkPsibmPsprwK01y3Pq6S2P6ev+DeD4PXHwg\/4JheArS9tDDPqlj\/AGg6sMEi5d7vn6faSPwr61+OiyXfw4udCtyfO1a7tbCEDqWmnRMfkTTP2e\/hzp3wm+Cnhr4e6VYLaw6ZpUUaW6jAi4zs\/wCA52\/QVf1q1Pib4t+CfBqjckepyavdgfwpbRkpn2MjoPrXz0nzNs9JKyse4xRpDGsMS4VFAUDsBTqKKQwooooAKKKKAEdVdSjqCCMEEcEV4L8NrOTwhqOvfCm5yG8Paq4sQ3VrKYmWBvfAZl\/4BXvdeRftB6WfBnjDRvjRbrttMDSfEZHRYJHzDMf9yU4J9JKAPKv29v2bNA\/av\/ZV8X\/BjxBaeamp6POkRCbmRjGw3L\/tAHcv+0q+lfyG\/Ff4ceLPg58S9c+FXjewNtqvh7VZrG9jIOC8bEblz1VhhlPdWB71\/apwRX4K\/wDBzl\/wTPvfBfjWH9tn4UeHydNv1WDxZDbR\/wCr5Cx3BA\/ukiNj\/dMX91jXZg6vLPlfU5sTT5o83Y\/IfRbi1g1a1uL8EwR3MbTKOpUMMj8q+8fFf7W2p\/DS5t\/CXwPRdX17xLEsvh+RJA62kM3zCSQqcB0ywKnHKkkYxXwIYpVHzKR712Xwf+NXiT4RXt3d6Lpthdm8iRHOoQlzHtztKMGDKRkjgjg46V7NLEV8NPmp9dH3t5eZ4uJwlDFR9\/W23a\/n5H6a\/BL9kr9kq78DRax+0z8No\/iF42vna51vxHqviTU4nmkbHyBYLqNdqgBQcZwPoBrav8Av2B9ADDRv2LPC05Uced4j19j+moivhTTv+CiHxhsLZLY+GdCdQgCsVuVJ\/wC+ZuT71ct\/29fi9chrqLQNEQyAxsN12QQRjGDP706sMpneSw07\/wDXyX5c9l9xx0oZrDSVeNv8Kf8A7afXWt\/Dn9kaz0SPxJY="}
02410{"flow_id":124,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2181,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976134,"pkt_ts_usec":956905,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc19NAAPIGYNM0VD84rBAq2ABQyxXC1tTvit3QqoAQAHZ70AAAAQEICmz6ep0A9nLVn7BPgo23myK0jeIvEuGMeC20Jqy4A3KMnjJ4z0Hg37XH7MPh3wnpD\/tCfACe4\/4QLULhLfVdIu5JJbrwrfyAstlM+My28mG+z3JAWVVKsRIjqOE079uv4uWWiy+HU8O+HpreScyhLtb6Xy3IALLm7wp46gc981gXv7VHxWL6idBuNP0WPWNOuNP1i30yGZ4b20mcu8EkNzNNEU37XXCBkdEdSrKGHHTqV6db93ScY36z5lb0bf4Hc6dOVP8AeVFJ26Rtr8kjCOsXb2yXv+k7Eba0o4XOOmcYz\/hWbca3DLksrg9wWHJxzyB644qm\/iy5trclbdCNw+YrkL1Azwe2ay7jXTeuQrIpI4UZ4wDzgKBXtyr3W558aOuxurqxd8puUjAwWzzVhb9nXHOK5mDV5Lhl8wgYGBhQOg9hW3pMwnjG4KSTjnrWaqXZcocqJLnewOM16D+zd+0le\/AKDxx4et9Lt2h8e+Ex4fudQkJ3afH9ttbsyqB97cbYRtnoshI5UA8XNGnl\/IBjsawdVQsWiQA5PTFTKWzfR\/kCV013PdYviZqFv4J8W3E2SLfwpPHlV34Zp4EB46cTfe9DXyJfyAkqB16V7Jq3xF8e+Dvgzc\/DOyOmw6frcyyXt0lqBeyog+SFpc58obnwnT5znOFx4xqUUsbNkYrHEV61eo5TVraLXp3OjA0KNCmoxd77mbcvnqenrX6jf8GuP7DVz8cP2pb79p7xVoxfQvBcTWumySx5SS8dQZSD32xMIz\/1857V+bPwn+FHjf46\/FDRPhD8OtJe91rxBfx2ljAo4DN1dz\/CirlmboFUntX9bP8AwS8\/Yh8J\/sG\/sl+G\/g3oVov22OxSXVbtowslxOw3O7ejM7M5H8O4L0UV5GLq+7y9z26EOp9F1S+Atj\/wlPxP8U\/Ehxut9PVNB01+x8s+bcEf9tGRc\/7HtVD4i+KZPCHhK51WzhM16+23023UZM1zIdkSAd8sR+ANej\/CHwFH8NPhzpfg8yCSe2t919N\/z1uHJeV898uzfhivNOs6WiiigAooooAKKKKACqPiXw7pHi7w\/e+GNetRPZ39s8FzEf4kYYP0Poexq9RQB4P4AudY8OX978JPGFwZNV0DAhuX4+3WR\/1NwPXjCt6Mpz1pnxs+Dvgv49fDPVfhd490mC807VbR4ZY7iIOvzKVOQeoIJBHcEjvXe\/HP4Yal4vsrXxn4J2R+JtC3SaczHC3cR\/1lrIf7rgcH+FsHjmuX8F+MNN8baKurWKPDIjtFe2c4xLazrw8TjswP+PegNz+VL\/gq5\/wTm+In\/BOv48Xnhu90iebwfql07eGdWZC6hD832aRv76jof41w3XcF+UoJg7Ag9+hr+w39tn9if4NftzfBfUvhB8XPDkF1Fd25W2uXXDwv1VlYcqVbkMOVPI7g\/wAw3\/BSb\/glt8fP+CcPxOudI8X6Rc6l4RuLoroniaOHKFSTsinxwkmBwfuvjKnhlX1KGLc7KW55tXCqndw2Pn2S8VokbYVG7BA7ev8AOt7w\/OJdOVx\/z3Uf+PCuSSZTapu4Jkbn\/vmr9lrFzY2ohhlIxKD0HJz\/APWrvU0jidNuOh0L3pinkVlP3zj86DqS4ObgLgcZzz+VYb6qJHLM7EsSc+uagl1R\/OHknnPBz3\/pRzkKkzZ1G6227ZcAZbaCvPBAznFUbee48\/fCVDK7Y3sowR9atald6Xd3h0iJrJN5YfaJpGATB7nOBn+lZNpqlmLiSxuEibzJHHnO2AoyDkEkDt39a65KN7NkQi+XRGhDemGQxyHBBIx7iui0DUVFuGEoJD5IHauW1O+0sbLiOVZEa5l3lQC3AG3jI4OeT\/hSaVrMttIo3jkD7rZ75rKT5J2KdNzhc9A\/tNXtw2fXvWVf6obS688qGKAECsZNfkWLyy3c9ag1XUWZiHfkoDg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1490976136930,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1490976136930,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976136,"pkt_ts_usec":930982,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8bqFAAEAGoEasECrYNu8d\/Z+nAbuZbx1qAAAAAKAC\/\/9PLQAAAgQFtAQCCAoA9nPLAAAAAAEDAwg="}
00428{"flow_id":126,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2237,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":42055,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwrQVAAOcGuu027x39rBAq2AG7n6dEArKimW8da3ASH\/7pVAAAAgQFtAEDAwY="}
00416{"flow_id":126,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2238,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":43334,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqJAAEAGoFmsECrYNu8d\/Z+nAbuZbx1rRAKyo1AQAVczxgAA"}
00745{"flow_id":126,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":44165,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbbqNAAEAGn2WsECrYNu8d\/Z+nAbuZbx1rRAKyo1AYAVcOogAAFgMBAO4BAADqAwNhY3NDhjYtpf41Zp5hXeye2JYVtN+jXNyco\/qKL4s4VSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACBenoAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhqagAdABcAGEpKAAEA"}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2239,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":4,"flow_first_seen":1490976136930,"flow_last_seen":1490976137044,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":126,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":221949,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAotQJAAOcGsvg27x39rBAq2AG7n6dEArKjmW8eXlAQf\/i0MQAAAAAAAAAA"}
00536{"flow_id":126,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":222092,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9tQVAAOcGsqA27x39rBAq2AG7n6dEArKjmW8eXlAYf\/gwgQAAFgMBAEoCAABGAwFY3n2J10RhgC68733hZUmscGmdgG8JZVPQEuz4sMP7eSBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_tot_l4_data_len":476,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2241,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":6,"flow_first_seen":1490976136930,"flow_last_seen":1490976137222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":126,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2242,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":222137,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdtQdAAOcGsr427x39rBAq2AG7n6dEArL4mW8eXlAYf\/im5AAAFgMBADCNB31WBPLwXL3aVlGdUkiEHXV16hNw+LYmC2gi25gCR793y4LyHNgldd5fo2sWHKw="}
00417{"flow_id":126,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2243,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":224105,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqRAAEAGoFesECrYNu8d\/Z+nAbuZbx5eRAKy+FAQAVcyfgAA"}
00417{"flow_id":126,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2244,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":227018,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAobqVAAEAGoFasECrYNu8d\/Z+nAbuZbx5eRAKzLVAQAVcySQAA"}
@@ -1676,22 +1676,22 @@
00426{"flow_id":126,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2248,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":357273,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAon+xAAOcGyA427x39rBAq2AG7n6dEArMtmW8emVAQf\/ezbQAAAAAAAAAA"}
00426{"flow_id":126,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2249,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":357435,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoogVAAOcGxfU27x39rBAq2AG7n6dEArMtmW8emVAQf\/ezbQAAAAAAAAAA"}
02403{"flow_id":126,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2250,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976137,"pkt_ts_usec":401218,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcbqlAAEAGmp6sECrYNu8d\/Z+nAbuZbx6ZRAKzLVAQAVfB8wAAFwMBACDiZbNXtdYZKphJts39B9gz40YxVGHdsz5DK\/66mpovShcDAQaAyHTN7OFAu+7w6BWUP6a4R3j+arFpY3E\/k9QfAYqXhGsAmIjVa\/k+QdxGauulHrPls1kQu3kaGiYXtTyoXtYtozWGsEJhg672OMOLNJMw1wPZ3MygbC6f1oBuNVp5iljwqUwRiQvECXBz7IExoSFDjvcGJ8weFY6RvGK99WEJcmkewc3QG14xud3uIfcCMj2KfM4uWJ3\/ZnTOBiV86vvHKxogF+ibfQDGcH+bPISNQUySd5nnr8Aergsj6YpCzsVBrSBq5qxYIU3TARsl6ijBfNrL8NSCtaNcxCFAenlKT1XR7RprRQ2iLV4MR\/VaaZP7vPf1zD5sqeUTslXebjCQ6zGrGs\/xUULZ2BTBd4shBWUaRd1a5dFzeNv4DtDEC08sMmWYYk01Ley5Hi2mYEgWBEOwbsQ1T8OiCYDzdacYfYs6NTDAnZu2J+gZp7AjxxlRpb8L0JTtGWcPjeTFVMop0vWn\/aGmuygBgRdCwUkZyQfM27oYZ+nqIkPuJChw3j4Lw98I6bAZ4IzBHhyrojG7l\/QdioS3zhsptbm88s\/IkNHoODOT4T6M69u0LxSkF8xuurSCfOJw6EHa27BCG9hpSbyMCAb5snLwJ2lV\/+gy+76QKBDVhHGUy3nOzRRMKrOWRcrtfqFO4kcJbmbMp\/Xfu10nnQlHJLSR1uhOLmXb1jUygeoYtbiIa7+NUQm9IL3h8fuOeyhQ3rjbuJUSlYtnkcvRwvvp9egk90dGT5a1oHReDq+c1BNqDWjvB34EADtlXmgc\/T5T0sgRkBwiwXe5BL9WJlIBudRq6L1hpFQDOwGCArA\/7f9CycI0Vcj8unphWy530d9Y78qhzjr1tS3qQVvjOufOWDHojZvYcZnIy80YlxB7B9Y07DI2HGY\/tslwFNsRp5q0WmWlczRnFK7d0\/b94wz84qPp31FukOLIO05nYZmik0QwO6tStjP4Fwy+hVMzgBvNuxz3CN1x3gbvyQqGMm5sGx2PSUkMlfI14GH5OSRcOqm\/sBdCoAtvBTG75SGanamo8EoDmwAb0xXfN7YO2hL8jBfR0mcoyf2W\/4UTfPsUNhVQEhg\/S7YAVLRHxjXu\/kFJ14RUTJ3aa92KPIeo\/ygbH7NG+QkpX9jAPEY5ZZyG6BHgJq0ZQZiUF\/7vPds\/QogKMox4Oomld8\/cs\/zzFd1mk4nCPbTGn2CLtfQ1\/6J570D5c4dGM\/tO049A9f8G2W4ZpM6YhArq7JnlqEZCmgPynFoO0Z9xzUtCtXp\/MSnVbKhe5voEqLT7fcgsE2Q2Z5n1yi3sO4zrd5sJit+cx5VaRhEsd7u57c5h4vfswcJvKouRy1zyqLRQ3nHBEwA8WiSvIl+oHVlssYOU3\/fnm6VjmUHKxUVvF+HpL3caIiNVd6fFXVIrOi0XxFZRUbwdC4bmoi11iOeo7uxzXEVzga6TYUcr76XkIbJKb4ia1rEyglfh8ZWClyouBU4sY5uGkWRIwSV\/GEhfig6riENVKjfFH7ql31ZFxwGQ0tqIfIh3TKvoJXTnLWIrm6Topb9nK5ldkseGMMxzfpnfBBm5WofZWVF9Odf0ngGPCz0HThpQbuTzPoirijp5tHMwNjJMNZww3ePGPR55B3M6YYVdb4lDs1NcY31H+dZcwI+vvh8gi1RHCLgcx8i9laBTYhLKk6QN9t2MbQVCX63PJFrD7IpYeI44Hg44MDHojf+QXQdB0peZpS4VgiTHUSQyxvFBZAObJOxcSdZJ5emLr9gWRPNwW2WAAlFxA+Gu5AQ0\/guG+Kps7+dgWKI8MAV2vPCMywVDBMNfHivBMsxZGFbyoCJotm6zqMkiX18A2hgpkOQIn6QphT5zjoQxQetwDxzvOV\/xBj2RhTII6vuPB1DpiIp3HAykd80="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1490976139642,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1490976139642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":642766,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ooBAAEAGTcesECrYNFQ\/OMsYAFAytNZaAAAAAKAC\/\/+zQgAAAgQFtAQCCAoA9nTaAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":643137,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA82RlAAEAGFy6sECrYNFQ\/OMsZAFDfya3CAAAAAKAC\/\/8uwwAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":643338,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ao9AAEAGhbisECrYNFQ\/OMsaAFCdOh5UAAAAAKAC\/\/8AwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":643559,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ziFAAEAGIiasECrYNFQ\/OMsbAFAzpLr6AAAAAKAC\/\/\/NrgAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":643759,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8c6xAAEAGfJusECrYNFQ\/OMscAFApFQd3AAAAAKAC\/\/+LwAAAAgQFtAQCCAoA9nTbAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1490976139643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2279,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":643974,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MrZAAEAGvZGsECrYNFQ\/OMsdAFCU10ZqAAAAAKAC\/\/\/hCAAAAgQFtAQCCAoA9nTcAAAAAAEDAwg="}
00444{"flow_id":127,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":667722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxh7572AMrTWW6AScSAgygAAAgQFtAQCCAps+nrkAPZ02gEDAwg="}
00434{"flow_id":127,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":669064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0ooFAAEAGTc6sECrYNFQ\/OMsYAFAytNZbe+e9gYAQAVe\/XAAAAQEICgD2dN5s+nrk"}
01168{"flow_id":127,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":669495,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXooJAAEAGS6qsECrYNFQ\/OMsYAFAytNZbe+e9gYAYAVf0FAAAAQEICgD2dN5s+nrkR0VUIC9pbWFnZXMvSS83MW5xd213bVJsTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2282,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":4,"flow_first_seen":1490976139642,"flow_last_seen":1490976139669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/71nqwmwmRlL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00445{"flow_id":129,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2283,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":674717,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxrjsd\/DnToeVaAScSDohQAAAgQFtAQCCAps+naYAPZ02wEDAwg="}
00446{"flow_id":130,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":674846,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxtRO\/n\/M6S6+6AScSAtRgAAAgQFtAQCCAps+ncBAPZ02wEDAwg="}
00444{"flow_id":128,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":674889,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyxlSuJ7038mtw6AScSDlMAAAAgQFtAQCCAps+nm5APZ02wEDAwg="}
@@ -1701,17 +1701,17 @@
00433{"flow_id":128,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":677885,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA02RpAAEAGFzWsECrYNFQ\/OMsZAFDfya3DUrie9YAQAVeDwwAAAQEICgD2dN9s+nm5"}
00433{"flow_id":131,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":678026,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0c61AAEAGfKKsECrYNFQ\/OMscAFApFQd4fxQzdYAQAVcjzwAAAQEICgD2dN9s+nXP"}
01168{"flow_id":129,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":678156,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXapFAAEAGg5usECrYNFQ\/OMsaAFCdOh5V47HfxIAYAVdhGwAAAQEICgD2dN9s+naYR0VUIC9pbWFnZXMvSS8zMTV5OUlFWFpTTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2291,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/315y9IEXZSL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01168{"flow_id":130,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":678278,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXziNAAEAGIAmsECrYNFQ\/OMsbAFAzpLr7UTv6AIAYAVdUxgAAAQEICgD2dN9s+ncBR0VUIC9pbWFnZXMvSS81MTAwanhxclFoTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2292,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/5100jxqrQhL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01168{"flow_id":128,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":678411,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJX2RtAAEAGFRGsECrYNFQ\/OMsZAFDfya3DUrie9YAYAVcODgAAAQEICgD2dN9s+nm5R0VUIC9pbWFnZXMvSS82MVNaVS1sUEZOTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2293,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61SZU-lPFNL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
01168{"flow_id":131,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":678550,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXc65AAEAGen6sECrYNFQ\/OMscAFApFQd4fxQzdYAYAVfD8AAAAQEICgD2dN9s+nXPR0VUIC9pbWFnZXMvSS84MU5pNUNPdXAtTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2294,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/81Ni5COup-L._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00445{"flow_id":132,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2295,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":711656,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPkc0VD84rBAq2ABQyx1XQZuRlNdGa6AScSCQFAAAAgQFtAQCCAps+n\/1APZ03AEDAwg="}
00434{"flow_id":132,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2296,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":713700,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MrdAAEAGvZisECrYNFQ\/OMsdAFCU10ZrV0GbkoAQAVcupAAAAQEICgD2dONs+n\/1"}
01169{"flow_id":132,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":714237,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"AMDKkaPvePiC0\/vCCABFAAJXMrhAAEAGu3SsECrYNFQ\/OMsdAFCU10ZrV0GbkoAYAVeRsQAAAQEICgD2dONs+n\/1R0VUIC9pbWFnZXMvSS82MVRmcDdaVmNvTC5fU0wyMTBfUUw5NV8ucG5nIEhUVFAvMS4xDQpIb3N0OiBlY3guaW1hZ2VzLWFtYXpvbi5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA1LjEuMTsgTEdMUzc1MSBCdWlsZC9MTVk0N1Y7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvNTYuMC4yOTI0Ljg3IE1vYmlsZSBTYWZhcmkvNTM3LjM2IFBpdGFuZ3VpQnJpZGdlLzEuMTYuNC41LVtNQU5VRkFDVFVSRVI9TEdFXVtSRUxFQVNFPTUuMS4xXVtCUkFORD1sZ2VdW1NESz0yMl1bTU9ERUw9TEdMUzc1MV0NCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KUmVmZXJlcjogaHR0cDovL2FsZXhhLmFtYXpvbi5jb20vc3BhL2luZGV4Lmh0bWwNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUw0KWC1SZXF1ZXN0ZWQtV2l0aDogY29tLmFtYXpvbi5kZWUuYXBwDQoNCg=="}
-00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_tot_l4_data_len":691,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
+00950{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2297,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":4,"flow_first_seen":1490976139643,"flow_last_seen":1490976139714,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"ecx.images-amazon.com","url":"ecx.images-amazon.com\/images\/I\/61Tfp7ZVcoL._SL210_QL95_.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 5.1.1; LGLS751 Build\/LMY47V; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/56.0.2924.87 Mobile Safari\/537.36 PitanguiBridge\/1.16.4.5-[MANUFACTURER=LGE][RELEASE=5.1.1][BRAND=lge][SDK=22][MODEL=LGLS751]"}}
00432{"flow_id":127,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":777944,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0x2ZAAPIGdug0VD84rBAq2ABQyxh7572BMrTYfoAQAHa+FwAAAQEICmz6eucA9nTe"}
00432{"flow_id":127,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2299,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":778079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0x2dAAPIGduc0VD84rBAq2ABQyxh7572BMrTYfoAQAHa+FwAAAQEICmz6eucA9nTe"}
02397{"flow_id":127,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2300,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":778293,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcx2hAAPIGcT40VD84rBAq2ABQyxh7572BMrTYfoAQAHaVlAAAAQEICmz6eucA9nTeSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL2pwZWcNCkNvbnRlbnQtTGVuZ3RoOiAxMzczNA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KU2VydmVyOiBTZXJ2ZXINCkRhdGU6IEZyaSwgMTAgTWFyIDIwMTcgMTc6MjM6MzEgR01UDQpYLUFtei1JUi1JZDogMjA0NjVmNTQtYzAxMC00MGU4LWI0YTktNmIzNjU4OGM2MzYyDQpFeHBpcmVzOiBNb24sIDI5IERlYyAyMDM2IDE3OjI4OjI5IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT02MzA3MjAwMDAscHVibGljDQpMYXN0LU1vZGlmaWVkOiBUdWUsIDA2IFNlcCAyMDE2IDE3OjE0OjMyIEdNVA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBZ2U6IDE4MjA5MDQNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIGI0MGRkNDI4ODg0NmIwMjgzMTNhYjk5Zjc5NzRkZmVhLmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtSWQ6IGlnUTc0dnV1YWJnQlBJYnEybHMxcFZueXdsZGF3TlVnU3hMY3dtdUo0X2JQMkNwRFFnYXJWdz09DQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwACAQEBAQECAQEBAgICAgIEAwICAgIFBAQDBAYFBgYGBQYGBgcJCAYHCQcGBggLCAkKCgoKCgYICwwLCgwJCgoK\/9sAQwECAgICAgIFAwMFCgcGBwoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoK\/8AAEQgA0gDSAwEiAAIRAQMRAf\/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC\/\/EALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29\/j5+v\/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC\/\/EALURAAIBAgQEAwQHBQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJicoKSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29\/j5+v\/aAAwDAQACEQMRAD8A\/fyiiigAooooAKKKKACimyyxQRmWaQKqjLMxwBXN614+VCbfRUDHoZ3HH4D\/ABoA6K6vLWyj867uEjX1dsViah8QNNtyUsYHnI\/iPyr\/AI\/pXJ3d9d38pnvLh5GPdjnFRUAbV3471y4JEDRwj0RMn8zmqE+u6zc\/67U5znt5hA\/SqlFADnmmkOXmZvqxNIJHU5VyPoaTBPQUYI6igCxDqup2\/wDqdQmX6Smrtr4z8QWxGbwSAdpUB\/XrWVRQB1Vj8RImITUbEr6vEc\/of8a3NP1rTNUXNleI5xymcMPwPNec0qO8bB43KsDwQcEUAen0VxujeOr+zIh1IG4j\/v5+cfj3\/Gur0\/U7LVIBcWM4de47r7EdqAJ6KKKACig="}
@@ -1778,14 +1778,14 @@
02413{"flow_id":132,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2405,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":952977,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcG6FAAPIGHQY0VD84rBAq2ABQyx1XQcMqlNdIjoAQAHZqvwAAAQEICmz6gAsA9nTjS7sn0vxFaCG4\/cTvEJgFZlaKQIJEcEhkdT7V0iOkiCSNgysMqwOQRS17cYQgrRVj49tt6hRRRVCPLvGU32z4yagQcrZaBZxfRnluHI\/IJ+dLWfpt4Nb8TeIvFCtlL3W5Ircjp5duq24x7F4pG\/4FWhQB2fw+i2aK8n9+c\/oBW7Wb4St\/s3h+2UjllLn8ST\/KtKgAooooAKKKKAOG8b2X2TXXlC4WdQ4+vQ\/qP1rIrs\/Humm60tb6Nctbtk\/7p6\/0rjKANf4EaiIPD154Gmb97oF60MIPe1kJkgI9grGP6xGu5ryKLWB4H8aWPjV222U6jT9aPZYnb91Mf+uchwT2WVz2r12gArl\/i98TdN+FHgq48UXsYlmJEVja55nmbO1fpwSfYGuorwz48XLeKvj34e8HTjdZ6RpzahLGTw0jMQpI9iqfma8\/NMTPC4Ryp\/E2or1btf5b\/I8vOMXUweBcqXxyajHycna\/y1fyMTwz4D1DxDqR+IPxVl\/tHWrr51gnGYrReoRV6ZHp0H15PTa3r2geFtKl1rxJrVnptjbrma7vrlIYol9WZyAo+przX9srxl8RfCPwfsrD4S+IJ9J8Q+JvHXhrw3Y6pa2UVxNZR6jrNpaXNxHHKrxs8dtLPIpdWVSm5lIBFeS\/t1eGP2JP2Dx4N1P4s\/ss+MP2m\/iP421S4tvCGl+MrtNemVreNZZpkivM2tjGgdSRa24fL5CEKxHm4LLouDadu7erb7s8nLsrj7JuLtrq3q2+rb6nsnhz9rT9jr4saxL4D8I\/tL\/DbxHqHm+TNo+neMbC7m34zsMSSs27HbGa1LfUtf8A2ctY\/wCEp8IF7nw1eSAanpMshKwMeFkU8kDpz+BzkY\/OH9pH4x\/G74leH4vFX7Qf\/BB34E6l4fv7u3tNCstR0XV4NZjkmkWC2tobqHSDMtxK7JGg8u32uy9VG+vX\/wDglZ8Of2iLzxZ44g1nwj43+Gvwj021fQYfg78R\/GFv4hvtK1oeXJJ9kuY1BtrOKF4wsTMzM8rFvug0YzL4qn7ajO047Prft6Pquw8wyuKpe3oVLVI\/DLrft5p9U9LH6d+F9PtLmCLxTLqK6hc3kCul6FwgiYBgsS\/wJ09z1JJrR1LTrLV7CXTdRtkmgmQrJHIgYEfQgivLv2UvGdtJ8LYfDmvatBHdaZqkunQrNMFaTBDKq5PzH5sADsK9J8T65F4e8Oahrp2sbKyln2FvvbELY\/SvXwGJhVwkK8dLpP0fX8T3srl9ewVKpCNvaJaeb0evXXS58ofECPxJ8QfiBqH7O+gfEDVL3wfod8bjW7u6dTNJMxybXzFA3qG3YyODuPO1a6XxDr3w4+Avw5u\/EmsywaPoOjW++Zo4mY9QqqqqC8srsVVVUM7uyqAWIB5\/9mKydvhr\/wAJReMXvNb1G4u7uZuWdvMZOT\/wEn8TWjYeHbb4tftk+DvA+swC50TwNoFz4w1C1bBjbUmmSz0syKeGVQdRmUHpLbROMGMV59OpVzLEfWa2s56t2S06LTTbfu9XqfsmdOhw3gXluF0pYf3bXfvT2lJ925Xt\/LFKKskZg+Bf7afjv4YN8YJviRq3hnXtRVZtK+F2h6ZpCfYbZ3GyO8vL+KctdqhDytGViU7o0jkKiRvPv2aPi5qn7Ql78Qf2dP2jfDkkPirwF4hayeLUbGO2uL202KBexeSzRSqs4ng8+AhXMQLRwsxiX6o179t79kjw\/wCH28TXH7Q\/hG5tVMGTYa7BO22VkVJNqOT5fzqxf7qrkkgCvFf25\/gD8MPhv8TPAv8AwUL+G3hG0sfE2k6\/aeHfFt9pcQhTWdB1q8t7WV7oRpmdoLh7W5SRz8gjkycMRXo18NSnRcbHwmWZ1jsPmMKrqPfvt5rtbyOy\/ZZ+IviH4b+PX\/Zr8eao93ayQNP4R1GY\/M0YyWg="}
02407{"flow_id":132,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2406,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":953291,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcG6JAAPIGHQU0VD84rBAq2ABQyx1XQcjSlNdIjoAQAHanswAAAQEICmz6gAsA9nTjCfYAkDttI6Fa+jK+RP2g538MyeFviVYri70PxJA6ODglGOWX6Eov619dI4dA46EZFc2W1JJSot\/Da3o9l8tV6HucbYSlKdDMqcVF11LnS0XtINKUkunMnGT\/ALzYtYnxG8Ut4M8E6h4hhjD3EUGyyiP\/AC1uHISJPxdlH41t15n8S9YHirx3beF7Zt1loBW6vyPuveOp8mM+uxGMhHYvGa9M+FM7w5oyeHtBtNEWYyG2t1R5W6yNj5nPuTk\/jWja273VzHbRj5pHCj8TUdbngPTTd6sb11+S3XP\/AAI8D+p\/CgDsoYkghSCMfKihV+gFOoooAKKKKACiiigBs0MdxC8Ey5R1KsPUGvOtX02XSdQlsZf4G+U+q9jXo9YnjTQjqdl9ttkzNAOgHLL3H4daAOGvLO11C0lsL2BZYZ42jmjcZDqwwQfYg1tfB7xbcKj\/AA38RXTPf6ZEGsLiU\/Ne2WcI+e7pwj987W\/jFZNUdb0m4vxBf6VfGz1Kxl87Tr1Vz5UmMEMP4kYZVl7g9jggA9erwr4tJLov7TWnX1yuIdW8PGCFz03o7MR9eB\/30K9S+HfxBtvG9hJBdWws9WsdqappzPkxMejqf442wSrdxwcEEDlf2qPhN4n+Jvw6kufh1rCab4p0kPPoWoNZi48qQjn90WUSYIDBCwDFQCQCTXmZtQqV8JeGri1L1s9fwueRneGq4nA3pq8oSUku9nqvuv8AM8sj+yfGP9sLwd4B0ord6b8NFufFHiyeMEx2moSWxtNMs5G+75jpd3d0E+8otYnIAdC1X9rz9pz9ij4iadB8NtY1HWfGGtWFwl9omofDAfaL\/Q73zorZLiC8jYJBKPtDZBYo8UdwsiugdDH4z\/ZU\/Yv8IfAPTviD48+Iev23hbw9Z3U3iHUZ9XfzvEF9dTwPJcX0aqTdag08SpEFTzFeURwqpEITE8LeFviT4v0Y+HfhH8F9N+BHhDVgr6nrFpfJP4x1G0+dktyUjMemsfMbMhnuJYld1jELkSJvTlQw+HV5XT\/E6KUsNhcKryTT19fQ5\/QdSOneMtAv7S\/8b\/F74waJYR3kHhvxXqFhY6H8O724tWQyalJp1pBD9rEUzL5ey4udsjNFHHG5kr174I\/DSP4K\/CfTPBeo62uo31rDJdeIdcMHlHU9Rmdp729dcna01xJLKRk434ycVqfDz4ceBvhP4TtvA\/w68M2uk6XalmjtbZT8zsxZ5XY5aSR2JZ5HJd2YsxJJNY3j3W9S8X6pH8IPAI+0apqR8u9lQ\/LaQ\/xliOnHX0HuRXjY3GpU\/dWnRLdvovVng5hmCjS92Nl9mK3bey9Wa\/7L\/wAIvAXjLwtN8RPFXg+0u7ybXrifT7meH51jwFxkfeUncNpyOvFeqa\/8JPh7rWh3mkr4K0iJrq0khWZdNiDIWUqGB28EZzXlXiPxV+1L8E\/GL\/Df4M\/s0QeMfCGn+DrefTNTfxJb6c7akrXJnt237izShYNp2qqs\/wAzYJK87f8A7Sv\/AAUIj8WwS2n7AZbR4fDM095AvjmyaWbUWjikihRztwFKzRklcEyISVCHPrYHBQw2ChSmldLX16n1eVV8ywGX0KDrSvTikvedl1stdFfocR+z78Ov2yfGngaPwj4N0Pwt4I0bTb+8tT4r8TzNqt1clJ3DeRp1rJGqru3LvnuUcFf9SR1+iv2e\/wBmzRPgSmsa9f8Ai3UfFHivxLJC\/iTxTrCxpLdLCHEFvFFEqx29tEJJPLhQcGSR2Z5JHkYvr6b4I+MrrxLqFu6eEvEdws+oyD5ho1+wCtI+OkMuBuYcK4yeGyOW+IX7dfgHTvE198OPgR4T1H4neJ9NlMGqW3hmeFNN0mbGfLvdRlYQQuON0MZluFBB8kgiqwkKWHpKGzjp\/k\/R\/wDA6H1PEGJzDNsc8UryhWbnGy0Teso="}
02415{"flow_id":132,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2407,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976139,"pkt_ts_usec":953617,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcG6NAAPIGHQQ0VD84rBAq2ABQyx1XQc56lNdIjoAQAHaCvAAAAQEICmz6gAsA9nTjLt9qLdnfyltJN9T4k\/Zt\/ZL0bQ7zXvF3wU8C2um2Om4v7zUNDtUggs4YxxIzqFWFEjU4PygID2zXhnizxzrn7Z02kaV4d8OzaD8F9H1C3vrY3qSQXvjR7c77UrD8pttMSRYpl8z95cmJAUSHPnv1v4d\/Fn9oK7j1j9rDxpb3WlpdJcW3wx8MsyaDCUbdH9rkdFn1V1YBj5vl25ZVItlZQ1dd4x8b+GPAGjPrXibUkt4UH7tM5eU\/3UXqx\/ycVGIxcVF8r06s6Mn4erVK8XVjeTfuxWrb87fl95x\/7QFu\/im68KfDGxYm71zxHAoVRkiNThmPsN4P4H0r66RAiBF6AYFfO\/7K\/wAM\/EvjzxvJ+0p8RNMe0jaAweE9MlHMUBBBmI9SCcHvuY9Nte8eKvFWi+DNEm1\/Xrry4IsABV3PK5OFjRRyzscAKOSTUZbTlaVZq3Na3otvv1Z1cbYuiqlDLaclL2Clztar2k2nJJ9eVKMW+6Zn\/EnxwngfQPtFrAtxqV5J9n0myJx505BIz6IoBZj2VT3xXB+H9HbRdO+zz3TXFzNK899duMNcTudzyH0yTwOwAA4FNtzrPiPXJPG\/iyIR3ksZisrENuXT7cnPlg9DI2AXYdSABwoq\/XpnwwAEnAFd94W0n+yNJSKRcSyfPL9T2\/AVzngrRDqOofbZ0zDAQeRwzdh\/Wu1oAKKKKACiiigAooooAKKKKAOO8ZeGjYynVLGP9y5\/eKo+4f8AA1gV6dJHHNG0UqBlYYZWGQRXF+KPCkukubyyUvbMefWP2Pt70AcvqmkXE15Br2h6g1hq1mD9kvo03cHrHIv\/AC0jbAyp+oIIBHYeA\/ipaeI7pfDXiW1XS9cVCTaNJmO6A6yQOceYvcr95e46E87VXV9F0zXrT7FqtoJUDh4zkq0bjo6MMFGHZgQRQBP8bv2UvA3xh1DTvEqTyadq+j6quqadNGS0AvljeNLhochTKqSOBJjcNxNcxJ8O\/wBqPQ5TaRQ+H9ZjXhbky+UzD1IyvP4V1OieO\/HvgoC21SOTxJpifdlDKmoQr75wlwB\/wB\/98123hP4i+DfG2+Pw9rcclxEP39jMpiuIf9+JwHX6kYrzMRlOGrz505Rf912\/DVfgePiskwmJqe0TlB\/3Xa\/yd1+B5HafBj9ojxi32bxT4p0zw\/ZscSrpoMkzDvg9v++hXp3ww+EHg34T6Y1l4bs2a4mwbvULg7ppz7nsPYcfzrqaKrC5XhcLU9oryl3k7tenRfJF4PJsFg6ntVeU\/wCaTu16dF8kgooor0T1RlxbwXcD2t1AksUiFZI5FBVlPBBB6ivDfGH7Cvgw6rN4j+DPiq+8FXs7s8sGnjdau7Ekny8gjJJJAOOele60VhXw1DEq1SN7fevR7nqZXnWaZNUc8HVcL6NaOL\/xRacX80z5v\/4ZV\/afk\/0OX9omwEHQypo6+Zj\/AL5Bz\/wKuo+HX7E\/gHw3rcfi74ja9feMdXjIaObVj+4jYdxFk5+jEj2r1jxH4q8N+EbA6n4n1y1sYM4ElzMF3H+6oPLH2GSa4fWfi34m8Sg2vw90drG2bg61rFuVYj1htzhj\/vSbR\/ssK54ZbhIS5mm\/Vt\/mz18TxrxDiKLpRqRpqWj9nCFNv1cIp\/K9jq\/GvxA8PeA7SMX5ea7uMrYaXaKGnuWHZV7Ad2OFUdSK89ePXPFGtJ4s8byRtcxZ\/s7ToW3QaepGDtP8cpHDSEeygDOV0rQLXTLiXUpbie8v7kD7XqV7Jvnmx0BboqjsigKOwFXq7z5QKn07T7jU7xLK2XLOevYDuTUUMMs8qwwoWdjhVA5JruvC\/h2PQ7TfKAbiQfvG9P8AZFAFzTNOt9KsksbYfKg5Pdj3JqxRRQAUUUUAFFFFABRRRQAUUUUAFIyq6lHUEEYII4NLRQBy\/iLwOcteaKvu1vk="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1490976142629,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1490976142629,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":629437,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Si5AAEAGxLmsECrYNu8d\/Z+uAbuBOjwrAAAAAKAC\/\/9GYAAAAgQFtAQCCAoA9nYFAAAAAAEDAwg="}
00429{"flow_id":133,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":691841,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw0iJAAOcGldA27x39rBAq2AG7n66gUyr3gTo8LHASH\/4OHAAAAgQFtAEDAwY="}
00417{"flow_id":133,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":696112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSi9AAEAGxMysECrYNu8d\/Z+uAbuBOjwsoFMq+FAQAVdYjQAA"}
00747{"flow_id":133,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":698502,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"AMDKkaPvePiC0\/vCCABFAAEbSjBAAEAGw9isECrYNu8d\/Z+uAbuBOjwsoFMq+FAYAVc4xwAAFgMBAO4BAADqAwNiqd1S7MhG5wB\/dT8PiLwUoMSITVffXbD1xI\/bdNzIUCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACB2toAAP8BAAEAAAAAHAAaAAAXc2tpbGxzLXN0b3JlLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGFpaAAEA"}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_tot_l4_data_len":351,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2483,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":4,"flow_first_seen":1490976142629,"flow_last_seen":1490976142698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00536{"flow_id":133,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816463,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB91YZAAOcGkh827x39rBAq2AG7n66gUyr4gTo9H1AYf\/i1wAAAFgMBAEoCAABGAwFY3n2Obh+Ev43oa4t9qN6MX4wxb9ryi9I8T8yVK9XgOCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABAQ=="}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_tot_l4_data_len":456,"flow_min_l4_data_len":20,"flow_max_l4_data_len":263,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2484,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":5,"flow_first_seen":1490976142629,"flow_last_seen":1490976142816,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":328,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"skills-store.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00492{"flow_id":133,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816600,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABd1YhAAOcGkj027x39rBAq2AG7n66gUytNgTo9H1AYf\/jqaAAAFgMBADAoR\/0TYnF80ADW+lgTaaOlzX3uxl5lxwxGronRv9lj8fc8AZpVx2yvoPs4v43USu0="}
00606{"flow_id":133,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":816742,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"ePiC0\/vCAMDKkVoBCABFAACy1YZAAOcGkeo27x39rBAq2AG7n66gUyr4gTo9H1AYf\/i3nQAAFgMBAEoCAABGAwFY3n2Obh+Ev43oa4t9qN6MX4wxb9ryi9I8T8yVK9XgOCBtDRI0q2icP6fVqlksmygn0U781lDdxNdezB5jmLBlqwAvABQDAQABARYDAQAwKEf9E2JxfNAA1vpYE2mjpc197sZeZccMRq6J0b\/ZY\/H3PAGaVcdsr6D7OL+N1Ert"}
00417{"flow_id":133,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":818304,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoSjFAAEAGxMqsECrYNu8d\/Z+uAbuBOj0foFMrTVAQAVdXRQAA"}
@@ -1797,15 +1797,15 @@
00634{"flow_id":133,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976142,"pkt_ts_usec":821390,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"AMDKkaPvePiC0\/vCCABFAADCSjdAAEAGxCqsECrYNu8d\/Z+uAbuBOkREoFMrglAYAVfOpwAAFwMBACAWxvN46g6VgVkZs0Q094LfgT\/pq9o\/SEAEMU9QrE06nRcDAQBwKXftPLjaa9RHJvDxrfOeAnk+zpErXzihm2xYqtTKGH4v5h7Cmhb8rfYcc1NFC8fQGwT\/0HfP9\/hEMUIL0I10Zoykkcbz0G273bRWcQjZsLzatb25\/hBybT1hGkCbuDmZ4b7hpuHawnx8vrzS4wZC7A=="}
00425{"flow_id":133,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976143,"pkt_ts_usec":16796,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAovV1AAOcGqp027x39rBAq2AG7n66gUyuCgTo9WlAQf\/fYNAAAAAAAAAAA"}
00445{"flow_id":84,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976149,"pkt_ts_usec":40436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8m\/tAAEAGPh6sECrYCsl+8Z0yH5CNbMQpAAAAAKAC\/\/9fhQAAAgQFtAQCCAoA9niIAAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1490976150029,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1490976150029,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2506,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":29230,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA86ydAAEAGW8esECrYNF7ohrK2AbvOUJPOAAAAAKAC\/\/\/DwQAAAgQFtAQCCAoA9njpAAAAAAEDAwg="}
00430{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2507,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":125051,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwoZ9AAOcG\/lo0XuiGrBAq2AG7sra0EJrCzlCTz3ASH\/4K2QAAAgQFtAEDAwY="}
00416{"flow_id":134,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2508,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":126970,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6yhAAEAGW9qsECrYNF7ohrK2AbvOUJPPtBCaw1AQAVdVSgAA"}
00742{"flow_id":134,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":127984,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX6ylAAEAGWuqsECrYNF7ohrK2AbvOUJPPtBCaw1AYAVchEAAAFgMBAOoBAADmAwOKdjFFpOOXsbbSqMMeJaFC\/d12VQO5ox2KdTo39VCnrCB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9OjoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACHp6AB0AFwAYSkoAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2509,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":4,"flow_first_seen":1490976150029,"flow_last_seen":1490976150127,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":134,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2510,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196553,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAokKxAAOcGD1Y0XuiGrBAq2AG7sra0EJrDzlCUvlAQf\/jVuQAAAAAAAAAA"}
00538{"flow_id":134,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196755,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9kK5AAOcGDv80XuiGrBAq2AG7sra0EJrDzlCUvlAYf\/ioFQAAFgMBAEoCAABGAwFY3n2WsKEO5j\/+XQ3InBz8BmJWU6tqL8GGvPxEhHBE0SB4kgfiZLrEZoIvfOT\/tQMGZLL4w9FhfVsGJHEZL4q82wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":6,"flow_first_seen":1490976150029,"flow_last_seen":1490976150196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":134,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2512,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":196807,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdkLBAAOcGDx00XuiGrBAq2AG7sra0EJsYzlCUvlAYf\/g0tAAAFgMBADASYFDIqpzI2dQ4RB9g2j6Kixqtu5sqtDIGdUVHpCxbAK9w8U0NNpbUWqlnRm3UmlM="}
00416{"flow_id":134,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2513,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":197780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6ypAAEAGW9isECrYNF7ohrK2AbvOUJS+tBCbGFAQAVdUBgAA"}
00416{"flow_id":134,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2514,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976150,"pkt_ts_usec":198368,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo6ytAAEAGW9esECrYNF7ohrK2AbvOUJS+tBCbTVAQAVdT0QAA"}
@@ -1815,14 +1815,14 @@
01362{"flow_id":134,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2526,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976156,"pkt_ts_usec":847148,"pkt_caplen":752,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":752,"pkt_l4_len":718,"pkt":"AMDKkaPvePiC0\/vCCABFAALi6y5AAEAGWRqsECrYNF7ohrK2AbvOUJT5tBCbTVAYAVeamQAAFwMBACCKzEam9ljsPv33r5OYYXaerLCH5q\/e7mZVb1oKLZ6xTBcDAQKQbsP4hTQxEHzwbyWJgK+7PhnWvP4lfEyWd6PsbIsn+4BF0w6jXmi5MnjZoAytLgr8gk8rEI1fiZM2yGqgDI+W2snl4rSsIFqAWuS4zJJAu2d3RL1sqcRkSQ29uJAB5CV3hdTFti1bWa5xsNhRp4wMLKKDqBkE3iOujKFmSY0JT5jbUtkuFS2ZRG64BTVxuxxH9wYwdQ58guUg\/7cNsvaAEJ2m7ZwkLyr2n810iIQZWuKz+BPmbXOkD4wVwBUVhrdWuqHvyyXYsvRjDV3851FqDyFWcykpl9QKUCaqHouoTdBOI98JdJyjPNIl+8sSmQxCsdOeJd8akqK9wBBtimOTNFi7QNs+dvMmzMwfYyWk4UuGccGXGA5hPKHbYbHMnkhW8u\/HIV+R91KDyQrSY\/qcRWjuVSD7ILEa5ipSPEzdGIOwXLpjZx874hMt06yrgOxrWvtKjqN11kmBDLxUX0yiwAurxpxM1La9gViCSpjNwsDtGyR0RpKRgu9saf4M4HMjdukuawa+Wx8atMyqHW5e+RSpc8N5uoDxFMD9oorfKniD2jyyuTCcasZ\/+\/PH+xTqMkFnCCHggzDnqCD+ZiEeIM6LVGPnSfPtp9T0SoRzvtkzgrXYc0KH1U+nOldDRjbyy0FUTp3v2HYe5gxcfvRzgSrv76mnOOMsKZYV\/RRcvzGrSWF\/o6LtdnobY7Vr8MGwUu7b+6xx1LpdhCwA9i\/PNiZZC+NpNhGujtqjWcUuBlzQMH+NgV2D6mrdsqILf\/TFM6GOCGiCBzza9XQ0ptOlpGzeHvCJNUP+zMntb5RVUgkLPlpNZCCgBchWaMgRhWleT+KuBw7H1UJBcBIDSiunAluakZmQsn6MMKqDMwagATw="}
00425{"flow_id":134,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2527,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976157,"pkt_ts_usec":263632,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAolx9AAOcGCOM0XuiGrBAq2AG7sra0EJtNzlCXs1AQf+zSRgAAAAAAAAAA"}
01192{"flow_id":134,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976157,"pkt_ts_usec":263710,"pkt_caplen":619,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":619,"pkt_l4_len":585,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJdlz9AAOcGBo40XuiGrBAq2AG7sra0EJtNzlCXs1AY\/b9ruQAAFwMBAjCBmVFlSzNSE06WNq\/BsDE\/xl8iNlCoaOONVU5kEfmPj5C5xGmakDrWy62Bk8z9jS1f\/8fwLRX1sJjUawbbli3ZR59M0OjI+kxDciMMLIk4DdRp6wlXYDRU2FfDu7ZEJsod6Zif0AD49hKF8mimkjq1Ld5DvESc\/qFD1qPbk1VWTjhO1fOHRYEQPS2F0L6\/aI7+Cn2b5yK\/A6OoITNFe22Ie5\/EJaXU1HPgkQtgDpFNnf9BKw8io3\/wcPniYx2CHy0ssK0q7WRPieD7AYHjmTUjUioWN\/cx7KinE2J5WAcmZ1\/mgBVgxc\/YqUthFjDyqGyiV1ewjvy1LXS2FVS9PH368TcUryH5x8qr89VRayrWCOKWiUACFDVM+QT6lTqI6Bf+EpbLfrjewRXDy+3Vw\/3G9WndrLFXjsavnAFYn6FnlAPf8dXN9A9YMxrZWK+ktzsSjtgnIdfNWduw32UWPka3XNYKe7zSatI3EMX3BdPmGI0nSU\/QrbIShtZbAo+ZdBDObiHE3MtbcMXwGI179AERQj63IgkKbne5Bvk2vb0mLfXUXIFwUwxJo03cNVpt8fHW\/h75PkTyPzN1x\/X5twoy4hdgcRzNbBLLHxqJIxwVtMnLFey83b86OjiNyXqNccfmHX1LJGzvQupzwSlrdIo6ZOSRxHuK0WVcVMZMbdw0ldlZq0oNI2xi9bphHjVGc3ojy3HDIMERwphzxNIQ9prTvMYr2m7RxN5MOjDUaWp1XQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1490976158680,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1490976158680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976158,"pkt_ts_usec":680003,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8\/ohAAEAGSGasECrYNF7ohrK3Abt2joLDAAAAAKAC\/\/8pLAAAAgQFtAQCCAoA9nxLAAAAAAEDAwg="}
00429{"flow_id":135,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976158,"pkt_ts_usec":840127,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwc8dAAOcGLDM0XuiGrBAq2AG7sreYM6oZdo6CxHASH\/6AKwAAAgQFtAEDAwY="}
00417{"flow_id":135,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976158,"pkt_ts_usec":841362,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/olAAEAGSHmsECrYNF7ohrK3Abt2joLEmDOqGlAQAVfKnAAA"}
00743{"flow_id":135,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976158,"pkt_ts_usec":842060,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEX\/opAAEAGR4msECrYNF7ohrK3Abt2joLEmDOqGlAYAVepYwAAFgMBAOoBAADmAwPtGRNrH\/FF66PH1PCooAX1Dd1\/3OeWvWeSDYxuFGcUDiCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9GhoAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAYamoAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2534,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":4,"flow_first_seen":1490976158680,"flow_last_seen":1490976158842,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00536{"flow_id":135,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":147892,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9ZJ1AAOcGOxA0XuiGrBAq2AG7sreYM6oado6Ds1AYf\/jWEQAAFgMBAEoCAABGAwFY3n2ejsBVJxuO9LpSs5v2aSzauuFSRGgpga0DGSdUzyCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2535,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":5,"flow_first_seen":1490976158680,"flow_last_seen":1490976159147,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":135,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2536,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":147966,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdZKJAAOcGOys0XuiGrBAq2AG7sreYM6pvdo6Ds1AYf\/glEQAAFgMBADBQGcC5qybAnI9iGstyBUWJgNk+lZDudarUeJSYsOnfkMQBIsPOKnH1wiFJDU8PRtQ="}
00417{"flow_id":135,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2537,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":499843,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/otAAEAGSHesECrYNF7ohrK3Abt2joOzmDOqb1AQAVfJWAAA"}
00417{"flow_id":135,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2538,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976159,"pkt_ts_usec":501227,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo\/oxAAEAGSHasECrYNF7ohrK3Abt2joOzmDOqpFAQAVfJIwAA"}
@@ -1833,31 +1833,31 @@
00426{"flow_id":135,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976160,"pkt_ts_usec":206885,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYPdAAOcGPws0XuiGrBAq2AG7sreYM6qkdo6D7lAQf\/dKSAAAAAAAAAAA"}
00425{"flow_id":135,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976160,"pkt_ts_usec":206952,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYRlAAOcGPuk0XuiGrBAq2AG7sreYM6qkdo6JolAQf+BEqwAAAAAAAAAA"}
00425{"flow_id":135,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976160,"pkt_ts_usec":206978,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYRpAAOcGPug0XuiGrBAq2AG7sreYM6qkdo6KeFAQf91D2AAAAAAAAAAA"}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_tot_l4_data_len":2382,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1366,"flow_avg_l4_data_len":238,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_tot_l4_data_len":11044,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_tot_l4_data_len":2759,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1118,"flow_avg_l4_data_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_tot_l4_data_len":2791,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1150,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_tot_l4_data_len":6241,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":367,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_tot_l4_data_len":7430,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_tot_l4_data_len":6484,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_tot_l4_data_len":3903,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":216,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1490976164994,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1490976031691,"flow_last_seen":1490976032855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2154,"flow_avg_l4_payload_len":215,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49572,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":32,"flow_first_seen":1490976041156,"flow_last_seen":1490976043655,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10376,"flow_avg_l4_payload_len":324,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45661,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":1490976041384,"flow_last_seen":1490976042405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1098,"flow_tot_l4_payload_len":2371,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45662,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":1490976041400,"flow_last_seen":1490976042398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45663,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":17,"flow_first_seen":1490976041961,"flow_last_seen":1490976042341,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5681,"flow_avg_l4_payload_len":334,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1490976042054,"flow_last_seen":1490976042398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":25,"flow_first_seen":1490976041870,"flow_last_seen":1490976042512,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6902,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1490976041434,"flow_last_seen":1490976041437,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38391,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":24,"flow_first_seen":1490976035553,"flow_last_seen":1490976036358,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":238,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38363,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2549,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":18,"flow_first_seen":1490976037754,"flow_last_seen":1490976042398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3335,"flow_avg_l4_payload_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38364,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1490976164994,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976164,"pkt_ts_usec":994460,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmBAAEARM1WsECrYrBAqAfpJADUAKhd4KNkBAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1490976164994,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2555,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1490976164994,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_id":136,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":58589,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl5+FAAEARpaysECoBrBAq2AA1+kkAUQAZKNmBgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAsACwhwaXRhbmd1acASwC4AAQABAAAABgAENF7ohg=="}
-00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1490976165062,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2556,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.94.232.134"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1490976165062,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":62082,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZaZAAEAG4UisECrYNF7ohptGAbs\/AhtsAAAAAKAC\/\/\/dAQAAAgQFtAQCCAoA9n7KAAAAAAEDAwg="}
00429{"flow_id":137,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2558,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":120284,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwviBAAOcG4dk0XuiGrBAq2AG7m0ayU5bRPwIbbXASH\/4vqAAAAgQFtAEDAwY="}
00417{"flow_id":137,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":122162,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZadAAEAG4VusECrYNF7ohptGAbs\/AhttslOW0lAQAVd6GQAA"}
00655{"flow_id":137,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":125978,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AMDKkaPvePiC0\/vCCABFAADWZahAAEAG4KysECrYNF7ohptGAbs\/AhttslOW0lAYAVcqOgAAFgMBAKkBAAClAwFXCTeQDMK\/FDjYD8QCr4+nmvueUE6Ddrnzytp5\/6hChCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2560,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":4,"flow_first_seen":1490976165062,"flow_last_seen":1490976165125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00537{"flow_id":137,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":190083,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9wjpAAOcG3XI0XuiGrBAq2AG7m0ayU5bSPwIcG1AYf\/p8IQAAFgMBAEoCAABGAwFY3n2lKrNMt6\/OX8FdZoR8ql5RDmr00v4XE5Mx8EPChiCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAvABQDAQABAQ=="}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2561,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":5,"flow_first_seen":1490976165062,"flow_last_seen":1490976165190,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00494{"flow_id":137,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":190224,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdwjxAAOcG3ZA0XuiGrBAq2AG7m0ayU5cnPwIcG1AYf\/oiSQAAFgMBADBdZ5j7PVlY8cSi8l8jfX\/OXPuu6Vgg3tkA1Tr\/q1QeYxZ4o\/GYivNNHdWTTKHOIPc="}
00417{"flow_id":137,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2563,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":191058,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZalAAEAG4VmsECrYNF7ohptGAbs\/AhwbslOXJ1AQAVd5FgAA"}
00417{"flow_id":137,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976165,"pkt_ts_usec":191348,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZapAAEAG4VisECrYNF7ohptGAbs\/AhwbslOXXFAQAVd44QAA"}
@@ -1870,14 +1870,14 @@
00688{"flow_id":137,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2571,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976166,"pkt_ts_usec":715739,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"ePiC0\/vCAMDKkVoBCABFAADtyNxAAOcG1mA0XuiGrBAq2AG7m0ayU5dcPwIhYFAY\/beG8QAAFwMBAMDJv35d\/4mG6xcuQdUXTW8L7k5gVEHMWQZwoBlF6usDy812CjYM7U1PdElAKcWIQgOJFIG8iiG33nf3XoZIiIpAVLYDf9Y89hEgE7bXAie3tIqR4W3xskqkH6ig88TldRDlkGl4crebAn89VA2QTRzdyixv3ETKn6o3DAiSD8T6h\/cZkgREUy85uUk5MsASg2LHRufKSVLZ6r2buWxlO1mki2TE1nygHir39sNCBGYD78Jm\/CohIvznj0x6GV7GuRE="}
00415{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2573,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976168,"pkt_ts_usec":813075,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoG7VAAEAGvnisECrYCsl+8Z0IH5CvoFXQAAAAAFAUAVeLzQAA"}
00415{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2575,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976168,"pkt_ts_usec":960939,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoWzlAAEAGfvSsECrYCsl+8Z0KH5BhrRWqAAAAAFAUAVcZ5QAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1490976169531,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1490976169531,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":531098,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8anRAAEAG3HqsECrYNF7ohrK4AbvvmuryAAAAAKAC\/\/9DtAAAAgQFtAQCCAoA9oCGAAAAAAEDAwg="}
00429{"flow_id":138,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":726806,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwhFlAAOcGG6E0XuiGrBAq2AG7srhwEXla75rq83ASH\/73zwAAAgQFtAEDAwY="}
00416{"flow_id":138,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":729899,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanVAAEAG3I2sECrYNF7ohrK4AbvvmurzcBF5W1AQAVdCQQAA"}
00740{"flow_id":138,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":731050,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"AMDKkaPvePiC0\/vCCABFAAEXanZAAEAG252sECrYNF7ohrK4AbvvmurzcBF5W1AYAVfzhwAAFgMBAOoBAADmAwNQGProSMl78hAUDaTmTX5yUTx4scZiFRjHHV08S9IO6yCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB9+voAAP8BAAEAAAAAGAAWAAATcGl0YW5ndWkuYW1hem9uLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACBoaAB0AFwAY6uoAAQA="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2579,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":4,"flow_first_seen":1490976169531,"flow_last_seen":1490976169731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00536{"flow_id":138,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":888180,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9eExAAOcGJ2E0XuiGrBAq2AG7srhwEXlb75rr4lAYf\/iM1wAAFgMBAEoCAABGAwFY3n2pJltIvltxhfK2SiAqZURuo+oby5xQQ9okKpdqHCCCMRQMGMoVs0icgvrIiO2DryH4GtgAAWm5say3aH682wAvABQDAQABAQ=="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_tot_l4_data_len":452,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2580,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":5,"flow_first_seen":1490976169531,"flow_last_seen":1490976169888,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00491{"flow_id":138,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2581,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":888318,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdeE5AAOcGJ380XuiGrBAq2AG7srhwEXmw75rr4lAYf\/h6LgAAFgMBADBQVkNT4uaaSSAglKmvPunGJayO3SHtKYOmCtH54SGOEkJf3Z9dbCNljTNT8klD2+o="}
00417{"flow_id":138,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2582,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":889444,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoandAAEAG3IusECrYNF7ohrK4AbvvmuvicBF5sFAQAVdA\/QAA"}
00416{"flow_id":138,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976169,"pkt_ts_usec":889719,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanhAAEAG3IqsECrYNF7ohrK4AbvvmuvicBF55VAQAVdAyAAA"}
@@ -1888,60 +1888,60 @@
00424{"flow_id":138,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976170,"pkt_ts_usec":32557,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoei9AAOcGJdM0XuiGrBAq2AG7srhwEXnl75ryh1AQf927nAAAAAAAAAAA"}
01512{"flow_id":138,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976170,"pkt_ts_usec":60686,"pkt_caplen":859,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":859,"pkt_l4_len":825,"pkt":"ePiC0\/vCAMDKkVoBCABFAANNhEpAAOcGGJM0XuiGrBAq2AG7srhwEXnl75ryh1AY\/bA27QAAFwMBAyCM59eoL8uEPTx75PFu3CAlP3YuWBpZaav0\/a+DG14Qo7qA\/c6ioOREyNdRUqIJEUqhIKlhgtmyzasadVEGOSjf\/Zny9WcpCVbMxGqAaUBnze1Y9biUleVEBeffIOUorc\/rAyvH\/H7csNNmwXhPfgTQmjWwPU4iiwHhi3GfI\/3o2lGq2xYRjicp1ijRfhco8S1MWhJ9ou85kE9buLp4ZNA1MLshCt7aqHFMCDiz9cb+INhKM3qSwa3Qyr+jyn2f71ahKl9uZVIePoVwLa21WJRPT1KuffvGIYHgfe4La265pPxv0RvMIe7grZfCPOzOID3WJTZdq6Phr+NiEivg2LTalrRrhREZcbwpd2qLz3KKZpg4mdVKR3BaCG83OQ7KQdMVdXTgEXjw6bte5PxXKgMPzx6\/ITkm5ODNkjpvQc5meLk8nKL\/MT88+RWg5yxlA1pyrug3smUsr6xlxahBONns+TIr1gLSd24v1cJukvxBeU3MwigL38FLNn5lQdf0OIRx865cUvTlhBImaRKnyskbZwQpnhTa+uOmGGkPIoN4A66NJbfVEPa5vGqeEwFqrDujVAswbSm3J4dNRYB0FhF5ozuhL6ndIyHop6xw5wlKAx3+4SXBlL7XUXl+0paJpUPoUZSawxdjGIqwvOI99A9ozlNl3NhM3cN9Qxf78x3h0rVADdaliQhkLyCVmvjNOhvOAUrAfpKXSYbEf+6bfUhPqWCvHqyYnSvZIDfBJ\/wMwklkyPqmI0a92NqljjOOksMkQ9f2FDktNRXOLRHb7cqAqzFRTeyNc4tGWaBs8j9cK+W\/tIDNED4NFPOu8JL3jcjIxpm7cNSM4c+1z5awEEnS351MO0Awy6z\/iMz3xm1xnOvpygxnODElQnpy1FxAI7Z+8WiS5IfgCOuXB7FVJ\/zRLuiSEj76f26JRDJeROR6pn1YJhpqeQU3DdcUUS\/hRoiHki\/FcGD1RCk6PXhAnclOKvElZidUmV+iRIzm\/dSMJiLWrOAZVELtvPF1dNCIflviR1\/U5eYNIGcg1c+nYCHkdCns6uOeJFE4oBv9YCD86g=="}
00417{"flow_id":138,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2592,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976170,"pkt_ts_usec":100674,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoanxAAEAG3IasECrYNF7ohrK4AbvvmvKHcBF9ClAQAV02+AAA"}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_tot_l4_data_len":2423,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1016,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_tot_l4_data_len":6933,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1198,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_tot_l4_data_len":6925,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1214,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_tot_l4_data_len":4870,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1166,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_tot_l4_data_len":2771,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1150,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_tot_l4_data_len":744,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_tot_l4_data_len":724,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_tot_l4_data_len":10393,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1214,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_tot_l4_data_len":902,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_tot_l4_data_len":43981,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":563,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_tot_l4_data_len":9156,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":436,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_tot_l4_data_len":10991,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_tot_l4_data_len":11707,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":365,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_tot_l4_data_len":6132,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_tot_l4_data_len":5019,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_tot_l4_data_len":7330,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":293,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_tot_l4_data_len":23419,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1490976177026,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":11,"flow_first_seen":1490976044439,"flow_last_seen":1490976046418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":2175,"flow_avg_l4_payload_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49589,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":26,"flow_first_seen":1490976044189,"flow_last_seen":1490976046415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1178,"flow_tot_l4_payload_len":6385,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45673,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":24,"flow_first_seen":1490976044219,"flow_last_seen":1490976046417,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":6417,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":22,"flow_first_seen":1490976044488,"flow_last_seen":1490976046418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":4402,"flow_avg_l4_payload_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":17,"flow_first_seen":1490976044502,"flow_last_seen":1490976046415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1130,"flow_tot_l4_payload_len":2403,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45677,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":14,"flow_first_seen":1490976044509,"flow_last_seen":1490976046418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45678,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":13,"flow_first_seen":1490976044521,"flow_last_seen":1490976046418,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45679,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":29,"flow_first_seen":1490976046418,"flow_last_seen":1490976048924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1194,"flow_tot_l4_payload_len":9785,"flow_avg_l4_payload_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45680,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":15,"flow_first_seen":1490976047096,"flow_last_seen":1490976048927,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45683,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":78,"flow_first_seen":1490976041942,"flow_last_seen":1490976046399,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41433,"flow_avg_l4_payload_len":531,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":21,"flow_first_seen":1490976047560,"flow_last_seen":1490976048909,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8468,"flow_avg_l4_payload_len":403,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":29,"flow_first_seen":1490976043814,"flow_last_seen":1490976046408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10383,"flow_avg_l4_payload_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":32,"flow_first_seen":1490976043814,"flow_last_seen":1490976046401,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11039,"flow_avg_l4_payload_len":344,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":22,"flow_first_seen":1490976047563,"flow_last_seen":1490976048928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5664,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":23,"flow_first_seen":1490976047858,"flow_last_seen":1490976048917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4531,"flow_avg_l4_payload_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":25,"flow_first_seen":1490976047014,"flow_last_seen":1490976048924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34033,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2594,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":43,"flow_first_seen":1490976047050,"flow_last_seen":1490976048924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":22531,"flow_avg_l4_payload_len":523,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1490976177026,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":26053,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AMDKkaPvePiC0\/vCCABFAABBWmFAAEARM1GsECrYrBAqARDYADUALXE1hGEBAAABAAAAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAQ=="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1490976177026,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1490976177026,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":139,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":105350,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ePiC0\/vCAMDKkaPvCABFAABR5+JAAEARpb+sECoBrBAq2AA1ENgAPRuAhGGBgAABAAEAAAAACHBpdGFuZ3VpBmFtYXpvbgNjb20AAAEAAcAMAAEAAQAAACEABDbvHLI="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2612,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"pitangui.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2613,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":116210,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8k45AAEAGfKSsECrYNu8cssZsAbvv1RDwAAAAAKAC\/\/\/QEwAAAgQFtAQCCAoA9oN+AAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2614,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":116594,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8pCxAAEAGbAasECrYNu8cssZtAbubwSdTAAAAAKAC\/\/8NwwAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1490976177116,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2615,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":116910,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lftAAEAGejesECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9NXQAAAgQFtAQCCAoA9oN\/AAAAAAEDAwg="}
00429{"flow_id":140,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":226809,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwImlAAOcGRtU27xyyrBAq2AG7xmzGEdgp79UQ8XASH\/7SVwAAAgQFtAEDAwY="}
00429{"flow_id":141,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2617,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":226953,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwWDhAAOcGEQY27xyyrBAq2AG7xm3jvKzYm8EnVHASH\/4drgAAAgQFtAEDAwY="}
00416{"flow_id":140,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2619,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":232232,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok49AAEAGfLesECrYNu8cssZsAbvv1RDxxhHYKlAQAVccyQAA"}
00416{"flow_id":141,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":232543,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC1AAEAGbBmsECrYNu8cssZtAbubwSdU47ys2VAQAVdoHwAA"}
00697{"flow_id":140,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":233706,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3k5BAAEAGe+esECrYNu8cssZsAbvv1RDxxhHYKlAYAVegdQAAFgMBAMoBAADGAwNlXadIw7yx7VLHe4UdO3wZiu\/EcwTKyJ+o5joejNiDegAAIGpqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfaqqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAhaWgAdABcAGEpKAAEA"}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2622,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177233,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00696{"flow_id":141,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":235757,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3pC5AAEAGa0msECrYNu8cssZtAbubwSdU47ys2VAYAVdEqAAAFgMBAMoBAADGAwPJsGFZNlhJRMty6KrMnV1YFeE+Nh3uPX+8iS4ufNPtYgAAIMrKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfWpqAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGFpaAAEA"}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1490976177276,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2623,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":4,"flow_first_seen":1490976177116,"flow_last_seen":1490976177235,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1490976177276,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2624,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":276176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8ZidAAEAGqgusECrYNu8cssZvAbuB1uWoAAAAAKAC\/\/9pRgAAAgQFtAQCCAoA9oOPAAAAAAEDAwg="}
00429{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2625,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":409998,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwnrRAAOcGyok27xyyrBAq2AG7xm8x5Gl6gdblqXASH\/5ueAAAAgQFtAEDAwY="}
02382{"flow_id":140,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":410580,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZxAAOcGRfY27xyyrBAq2AG7xmzGEdgq79URwFAYf\/krDwAAFgMBDLwCAABGAwFY3n2xoE\/i6JhK5Md85LDgTL+hjMKOoOipyrc3Qs63NyBbMnlmo5paikbiPJoGHJv6QkaI+z+FCbdHU5bqJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02384{"flow_id":140,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411097,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcHZ5AAOcGRfQ27xyyrBAq2AG7xmzGEd3e79URwFAYf\/nKWQAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00888{"flow_id":140,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411170,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBHaBAAOcGSk027xyyrBAq2AG7xmzGEeOS79URwFAYf\/kfwgAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01440{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2628,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177411,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
02385{"flow_id":141,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":411710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8VAAOcGC8027xyyrBAq2AG7xm3jvKzZm8EoI1AYf\/nh\/QAAFgMBDLwCAABGAwFY3n2xaq9TiacLU53\/Dedeq5VgVwSB6e5nEATT\/X1YcSB4k7UGdAl7o2Fj7GR\/vQXOKrGMzABpKlhDsMZpJU8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02384{"flow_id":141,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2630,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":412289,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcV8dAAOcGC8s27xyyrBAq2AG7xm3jvLKNm8EoI1AYf\/kVsAAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00888{"flow_id":141,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":412370,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBV8lAAOcGECQ27xyyrBAq2AG7xm3jvLhBm8EoI1AYf\/lrGAAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01440{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2631,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976177412,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00416{"flow_id":143,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":416579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoZihAAEAGqh6sECrYNu8cssZvAbuB1uWpMeRpe1AQAVe46QAA"}
00416{"flow_id":140,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":417365,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok5FAAEAGfLWsECrYNu8cssZsAbvv1RHAxhHd3lAQAWIWOwAA"}
00416{"flow_id":140,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":417885,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok5JAAEAGfLSsECrYNu8cssZsAbvv1RHAxhHjklAQAW0QfAAA"}
00417{"flow_id":140,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2635,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":419349,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAok5NAAEAGfLOsECrYNu8cssZsAbvv1RHAxhHk61AQAXkPFwAA"}
00416{"flow_id":141,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2636,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":419630,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopC9AAEAGbBesECrYNu8cssZtAbubwSgj47yyjVAQAWJhkQAA"}
00697{"flow_id":143,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":419812,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3ZilAAEAGqU6sECrYNu8cssZvAbuB1uWpMeRpe1AYAVfk5AAAFgMBAMoBAADGAwMsuk8budl5l63szylFKYvttXtVR+FVs3ji\/ibU4XOTkgAAICoqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfUpKAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAi6ugAdABcAGBoaAAEA"}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2637,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":4,"flow_first_seen":1490976177276,"flow_last_seen":1490976177419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00416{"flow_id":141,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":419939,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopDBAAEAGbBasECrYNu8cssZtAbubwSgj47y4QVAQAW1b0gAA"}
00417{"flow_id":141,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2639,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":420068,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAopDFAAEAGbBWsECrYNu8cssZtAbubwSgj47y5mlAQAXlabQAA"}
00860{"flow_id":140,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2640,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":423482,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"AMDKkaPvePiC0\/vCCABFAAFuk5RAAEAGe2ysECrYNu8cssZsAbvv1RHAxhHk61AYAXkX8AAAFgMBAQYQAAECAQALCG3vZqBa+DiSdpIsxNpU48jZGVBLiyxpWq8HS+vXfow4fTewK+CZZI9YK4+dVgLPA+3BRICXmv9b+phtEqfqbYlyWcOD53qo7BjWsP\/RS\/t64a42H9owhn5BHpCEFLe86OsYpvG7pFEbdWB2tk+GfMyUm6qubIMULVr+9aZTIJ9q44OHy8G\/+e\/ptqZ1umb35u+SZ5p+hhKYShcOk5EaHMhE67cE0lp9xxuC2VjB1zIN8h4wXDXjciTfXl0+cSNfFlvRLXogJlNGFM9olyI4c9IiER7XOsaQAEsjp6O2JYpdb9408a3WhRZhRfw71gUKlMVVFMslyj2NMkbxR+wAFAMBAAEBFgMBADDAQPJxSlPrz+ZWU4hjHEyChJhRJDw3ntYOyLpxIqT5fYa2GPy8ObOxzSKugJrx3rc="}
@@ -1949,7 +1949,7 @@
02382{"flow_id":143,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2642,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":551603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcFAAOcG0dA27xyyrBAq2AG7xm8x5Gl7gdbmeFAYf\/ku2AAAFgMBDLwCAABGAwFY3n2xtTCgBX2XxOgCNPe4QWinehtmaqxVaZztY5JDAyCbTc\/lJnWdRZ6KEAYyDThaI+O9lRqgAB2UK+xdOk8HCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02384{"flow_id":143,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2643,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":552912,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXckcNAAOcG0c427xyyrBAq2AG7xm8x5G8vgdbmeFAYf\/lmegAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00888{"flow_id":143,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553024,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBkcVAAOcG1ic27xyyrBAq2AG7xm8x5HTjgdbmeFAYf\/m74gAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01440{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2644,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":7,"flow_first_seen":1490976177276,"flow_last_seen":1490976177553,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00426{"flow_id":140,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGvxAAOcGTko27xyyrBAq2AG7xmzGEeTr79UTBlAQf\/SPVQAAAAAAAAAA"}
00426{"flow_id":141,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoWO1AAOcGEFk27xyyrBAq2AG7xm3jvLmam8EpaVAQf\/TaqwAAAAAAAAAA"}
00501{"flow_id":140,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2647,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976177,"pkt_ts_usec":553132,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjGxpAAOcGTfE27xyyrBAq2AG7xmzGEeTr79UTBlAYf\/RPRgAAFAMBAAEBFgMBADDysS8s17Av6q29JKVleCyRBxjY2knH\/ButdO+dAcV9hFGlhuDsUlPHeA3HbJgvBIE="}
@@ -1969,24 +1969,24 @@
00446{"flow_id":142,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976178,"pkt_ts_usec":110288,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8lfxAAEAGejasECrYNu8cssZuAbts9RaEAAAAAKAC\/\/9M+QAAAgQFtAQCCAoA9oPjAAAAAAEDAwg="}
00429{"flow_id":142,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2672,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976178,"pkt_ts_usec":284687,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAww9ZAAOcGpWc27xyyrBAq2AG7xm5KXM+cbPUWhXASH\/7T5AAAAgQFtAEDAwY="}
00416{"flow_id":142,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976178,"pkt_ts_usec":285843,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf1AAEAGekmsECrYNu8cssZuAbts9RaFSlzPnVAQAVceVgAA"}
-00432{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976180,"pkt_ts_usec":796726,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAABAMDKkaPvCABGwAAgAABAAAECBBcAAAAA4AAAAZQEAAARZO6bAAAAAA=="}
-00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00433{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_tot_l4_data_len":3973,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1166,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_tot_l4_data_len":5219,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_tot_l4_data_len":6078,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":289,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_tot_l4_data_len":5117,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1490976186164,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2680,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1490976180796,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":19,"flow_first_seen":1490976054009,"flow_last_seen":1490976055604,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1146,"flow_tot_l4_payload_len":3565,"flow_avg_l4_payload_len":187,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":20,"flow_first_seen":1490976057977,"flow_last_seen":1490976058806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4791,"flow_avg_l4_payload_len":239,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45688,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":21,"flow_first_seen":1490976064328,"flow_last_seen":1490976064897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5630,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42148,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":19,"flow_first_seen":1490976058103,"flow_last_seen":1490976058813,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4709,"flow_avg_l4_payload_len":247,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1490976186164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2681,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":164818,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8hhtAAEAGihesECrYNu8cssZwAbtODwEcAAAAAKAC\/\/9+IQAAAgQFtAQCCAoA9ocHAAAAAAEDAwg="}
00429{"flow_id":145,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":394721,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwCmJAAOcGXtw27xyyrBAq2AG7xnDcplSHTg8BHXASH\/7w+wAAAgQFtAEDAwY="}
00416{"flow_id":145,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":398073,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohhxAAEAGiiqsECrYNu8cssZwAbtODwEd3KZUiFAQAVc7bQAA"}
00696{"flow_id":145,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":398375,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"AMDKkaPvePiC0\/vCCABFAAD3hh1AAEAGiVqsECrYNu8cssZwAbtODwEd3KZUiFAYAVcX6AAAFgMBAMoBAADGAwNIp1N542sFVSo0EG+FRg60u0Yye1+MLqKN0bYZ2TEvIQAAIEpKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAfVpaAAD\/AQABAAAAABgAFgAAE3BpdGFuZ3VpLmFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiqqgAdABcAGHp6AAEA"}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":20,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2684,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":4,"flow_first_seen":1490976186164,"flow_last_seen":1490976186398,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":207,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02382{"flow_id":145,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":550555,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACpAAOcGY2g27xyyrBAq2AG7xnDcplSITg8B7FAYf\/kOiwAAFgMBDLwCAABGAwFY3n26REB5NKXR3I9dkWggmGDU6jpRlw5FpVJBuUrB1SCeZzFPhCqe0IawM80i0LIK\/kW95mA05nnVAtHMuFIHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02385{"flow_id":145,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":550962,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcACxAAOcGY2Y27xyyrBAq2AG7xnDcplo8Tg8B7FAYf\/no\/QAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00889{"flow_id":145,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":551062,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGBAC5AAOcGZ7827xyyrBAq2AG7xnDcpl\/wTg8B7FAYf\/k+ZgAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01429{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01440{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2687,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":7,"flow_first_seen":1490976186164,"flow_last_seen":1490976186551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3472,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","alpn":"h2,http\/1.1","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00416{"flow_id":145,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2688,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":553701,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohh5AAEAGiiisECrYNu8cssZwAbtODwHs3KZaPFAQAWI03wAA"}
00416{"flow_id":145,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2689,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":553964,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohh9AAEAGiiesECrYNu8cssZwAbtODwHs3KZf8FAQAW0vIAAA"}
00417{"flow_id":145,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2690,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":554095,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAohiBAAEAGiiasECrYNu8cssZwAbtODwHs3KZhSVAQAXktuwAA"}
@@ -1995,45 +1995,45 @@
00500{"flow_id":145,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2693,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":672375,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ePiC0\/vCAMDKkVoBCABFAABjDgpAAOcGWwE27xyyrBAq2AG7xnDcpmFJTg8DMlAYf\/RKogAAFAMBAAEBFgMBADA4p7End5KUwuKxH9Ha9msxq4AuncpgUjhFvfkTnyh9R3UJ82TPzFkRvwxRuPwx3fo="}
01416{"flow_id":145,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2694,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":690376,"pkt_caplen":784,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":784,"pkt_l4_len":750,"pkt":"AMDKkaPvePiC0\/vCCABFAAMChiJAAEAGh0qsECrYNu8cssZwAbtODwMy3KZhhFAYAXmiYwAAFwMBACAn98l8mgnWtMl7qgHwywekCwFFAQYaHAcxWLVquHJ8yRcDAQKwAeRXo8hPe2q8mC7ZlQGnGCo597e6ER1ZYY9saWfT5Z6UrNOhBkwwb4TVWKf3Mt75dszd5FLa5EcCPR1p0uOAGCzXArT45g6qlyrlaEdXPNiS9FkBA\/knKduD0zxVK3W8UZSExU+vH14lOqAZYMQVviK2eP31U0CzyxvwHosRy\/+lYKD+Lt2U36MswNRZTSrSTbNDv9RhcOb\/b31coIfUL4u5AeeyfGC7Hox\/\/cWOZPDUKRT9QN6E6nJD7GFmpWkQI2MVNvye7U\/1k3VqdKjFLA7lrhChx9\/8KXVMj5lQf1E\/7GpEregkNhifNTvm4DhLBA93I1+7JIVCgafY0a\/onzH6V+J1oUtoVi9aJlok\/Pw4xOdcWLGbqmyi3i5OkWfg8csz3cMqc31ZdlEhNLJsxZuid33QRPmwZZ+EmmUBVJ\/VuoC5Pv+LaBZ+vY\/nFQAZrgbNSvLZnSJ\/at2EWGFZQLUOCZJbnG75SiLTgsV291\/gUC1BRFfiz+LKscpIaCXggng1icAguWoDw5mAIQNmad1uTjYdxoOzMrB2ASejqFIxzBCkG7ABHWskB9AEFpA5kVMNWQNl9K51mvKTMY1WWx633o\/vKPwCNipecC1sJNSdkcFQZvATkEGiOaHSi688w2ryN5R1\/RKvWy\/Ca5wpT7JYgbmByIFxXX1Y8obBULWHQsAXr\/zmYXUossuMEeoPSn6kYSMu1\/MI+gE9KOhwpImWUkvuh8uWsbuk7efSmwariL4pERB586MwPwVeHtnAVPgvT+zP58btT4wxJ4gsCkiWrmefAnw9H+CBePH76mXlBfYC0bBP5royixndRmG7GFrm089w6SqioIdVKH7P\/MKmwI3YQbHU+o5t2Wo9fcIFrSoTZDPG8LFEQ+6O+s1Vgb+H293Clzfm9Dwcedj5kQ=="}
00425{"flow_id":145,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2695,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":753116,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoAqdAAOcGZp827xyyrBAq2AG7xnDcpmGETg8GDFAQf+mq7wAAAAAAAAAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1490976186818,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1490976186818,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":818047,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"AMDKkaPvePiC0\/vCCABFAABVWmJAAEARMzysECrYrBAqASHdADUAQT24ItEBAAABAAAAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQAB"}
-00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1490976186818,"flow_last_seen":0,"flow_tot_l4_data_len":65,"flow_min_l4_data_len":65,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2698,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1490976186818,"flow_last_seen":0,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"flow_id":146,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":879188,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6vpAAEARopOsECoBrBAq2AA1Id0AUTsIItGBgAABAAEAAAAAD21vYmlsZWFuYWx5dGljcwl1cy1lYXN0LTEJYW1hem9uYXdzA2NvbQAAAQABwAwAAQABAAAAIgAENu8XXg=="}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1490976186884,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2701,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"mobileanalytics.us-east-1.amazonaws.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.23.94"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1490976186884,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976186,"pkt_ts_usec":884448,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8flZAAEAGlzCsECrYNu8XXq9wAbvy\/\/kGAAAAAKAC\/\/\/9UAAAAgQFtAQCCAoA9odQAAAAAAEDAwg="}
00429{"flow_id":147,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2703,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":52905,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwqiJAAOcGxG827xderBAq2AG7r3A+ML0a8v\/5B3ASH\/6mVwAAAgQFtAEDAwY="}
00417{"flow_id":147,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":55606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofldAAEAGl0OsECrYNu8XXq9wAbvy\/\/kHPjC9G1AQAVfwyAAA"}
00725{"flow_id":147,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":57117,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"AMDKkaPvePiC0\/vCCABFAAELflhAAEAGll+sECrYNu8XXq9wAbvy\/\/kHPjC9G1AYAVc9QAAAFgMBAN4BAADaAwOYirXhV1FDzrGLqmFF+8oxLuoLV0r4D7tvlmDsmzXE4AAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAkbq6AAD\/AQABAAAAACwAKgAAJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAY6uoAAQA="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":4,"flow_first_seen":1490976186884,"flow_last_seen":1490976187057,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":147,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2707,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":161798,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYjtAANsGGF827xderBAq2AG7r3A+ML0b8v\/5B1AQARzxAwAAAAAAAAAA"}
00425{"flow_id":147,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2708,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":166204,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoYjxAANsGGF427xderBAq2AG7r3A+ML0b8v\/56lAQASzwEAAAAAAAAAAA"}
02382{"flow_id":147,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":167875,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcYj1AANsGEqk27xderBAq2AG7r3A+ML0b8v\/56lAQASy9KwAAFgMDAGwCAABoAwNbBWc9dFwyg7R8D846Z8gXXa0hCYfOUzPVTTGKEYz7mCBWqOpK0LXlu6pJqBfewEUvBs6zfstxucxnjHGkFbCwocAvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLXAsAC1gAC1UABhMwggYPMIIE96ADAgECAhA4NltvtzQZFjv8ve7WrL1kMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwNTMxMDAwMDAwWhcNMTcwNjI2MjM1OTU5WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4xMDAuBgNVBAMMJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXcGbXxOrpLbSVz1WkSGdOoQe5mOSrPSipk7JhfXK7xeLV9EIeNBuFrZZ2JZEF\/T4BDidLNCjBenxkICR9k1ltsHLlgk98tozeORSexEAFwZZZ9s8DgT4svJHN6DknTZB33LMrl0uZtYGMYTJtg2i7zDyXDxOLI1n18e+5F2KQpK5furnmaXxpwezrh7zkJJWH83xemhzKvGTf2P7xdwQctiL8MA0GTOV9GzToVw1xTG\/fau1xVatZmUQ6sGqK6xGKs+WZbRF9Mt4qMTd8kDtoCqmVTR+TyHHj2qCp1DarPl6Gd6QI\/kcrSDIB3BKPyHONFqOCqSOb229mecsrdElsCAwEAAaOCAoMwggJ\/MDIGA1UdEQQrMCmCJ21vYmlsZWFuYWx5dGljcy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVQfvs54AAAQDAEYwRAIgCg5bNh62K\/b2zUGTsrOfXRQ2hEOpUa4\/UZNWRL0DuRUCIC9U2rEr7y4HeC90xoTunNK9D9jfY4DC\/G+LRXCIr\/RIAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFVB++ztQAABAMARzBFAiAvW0BkxINB35W5rlhLG8DJboczX1rvev\/2LK5J7Okw4wIhAPdIkpGjTs1LVBwcD6WVj8wFfprle65WhoKwU3rdR0bKMA0GCSqGSIb3DQEBCwUAA4IBAQAuMikuMxAokEDkZMhLHxehHQqRelzQgDZAxTHsf0TNYtQ="}
-00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_tot_l4_data_len":1855,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2709,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":7,"flow_first_seen":1490976186884,"flow_last_seen":1490976187167,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1687,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02388{"flow_id":147,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2710,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":168572,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcYj5AANsGEqg27xderBAq2AG7r3A+MMLP8v\/56lAQASyh4gAAuezDHJlNCFbTqooOmZYJgXVoab7DiVH\/6Mt5ORjD+xDySm9+wED9xtH3xbzA0EOMEACtHLBqFfq\/1lOc5hgyC\/+63I0ueasZimFAVTpOAfg0DSU7h28WSDMTted26RaIqN4sq1BpVil25TYFZfn5t4iL5IQKiMF1UU0oWKAur7VoeugGIxgnJ84P1ZMLgRYURE4RzooO30lwpIVEKYQDqnaRdo1pWpA3GUHbKgknDnyPO0iRRz+NFJg+3vtrwI58Qsq45pFOscz6uTUx4HuVks5duBZ4NBgwVAlyFWV4FwAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hQ="}
00418{"flow_id":147,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2711,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":169796,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofllAAEAGl0GsECrYNu8XXq9wAbvy\/\/nqPjDCz1AQAWLqJgAA"}
00419{"flow_id":147,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2712,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":170086,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoflpAAEAGl0CsECrYNu8XXq9wAbvy\/\/nqPjDIg1AQAW3kZwAA"}
02387{"flow_id":147,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":172718,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcYj9AANsGEqc27xderBAq2AG7r3A+MMiD8v\/56lAQASydXwAA3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxxYDAwZRFgAGTQEABkkwggZFCgEAoIIGPjCCBjoGCSsGAQUFBzABAQSCBiswggYnMIGeohYEFEUgAqiLimWfdfr16QoaeNLwNwueGA8yMDE3MDMzMTA0NDUyNlowczBxMEkwCQYFKw4DAhoFAAQU0bFki4yfDdFro4rNK1AX1fnPwGQEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvAhA4NltvtzQZFjv8ve7WrL1kgAAYDzIwMTcwMzMxMDQ0NTI2WqARGA8yMDE3MDQwNzA0NDUyNlowDQYJKoZIhvcNAQEFBQADggEBAJG4mKDAIkHJGohEcAXrjWcL\/X9efPGdSWnIujVQblXj9Sr0T36LlIP6QAecCnTuDUccLdRBVsLBrGLFuSZhZFAr0bCbBDXT6pzyL\/6othUDtcsJOWKfVOFjwAlPelx5E36DQxWy\/UrA8ffDBvCs\/rOG3McAu\/c86V66PK+nEJdWQ333YOD5+Gl2OWY7eiNxGk+60HEQY771HF27aILCKdV1jZAq4q93Td4HzHLhg8\/K21C8odN63ecG5gyRacL8wAMfhIjcpQTkPRcQ8A5YlZlYNVememWqBabsOL1RgB0iJn\/NE9tjFaweytAKzoVCni\/W8cvzyM1Xw0pZim0KetOgggRuMIIEajCCBGYwggNOoAMCAQICEERokGNpSAXWyvb9udHEBSEwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNzAyMDQwMDAwMDBaFw0xNzA1MDUyMzU5NTlaMEAxPjA8BgNVBAMTNVN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0IE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqitCn32+QLqqv0UypRjFp6XQuyZrZxojgGML2TdmIzCun529IQIDjBtay0e+gHzpbxmaV3syrW21bLBjTcwZ8CX3o43Q+I5WjVd4Nkm5dNv1tAtRLFVe7OCfA5sYO5ZVPGllHeqsWMl7wjYDK9M0+OAAZXCXu5WDcZ3mT3VW+fvDRuPEHnMaZhIC5sIh\/POmvUsWf+aBTwm77otPaqw\/WWQ2Xk1sd442vWvW6yqCL\/C89qKaCLli\/9xRNJLDBUiuc5eJ+IoZv9G3gijlABp0b1fC39k5zZSGgZuBwq6H8sP8BgcXJhXpEUTGDBt7VHvtvZeNGqKVsDTiOy9wYTzE6wIDAQABo4IBHDCCARgwDwYJKwYBBQUHMAEFBAIFADAiBgNVHREEGzAZpBcwFTETMBEGA1UEAxMKVEdWLUQtMzg1NzAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zAdBgNVHQ4EFgQURSACqIuKZZ91+vXpChp40vA3C54wDAYDVR0TAQH\/BAIwADBuBgNVHSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIY="}
-01168{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_tot_l4_data_len":4855,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":441,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
+01179{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2713,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":11,"flow_first_seen":1490976186884,"flow_last_seen":1490976187172,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":418,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobileanalytics.us-east-1.amazonaws.com","server_names":"mobileanalytics.us-east-1.amazonaws.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=mobileanalytics.us-east-1.amazonaws.com","alpn":"h2,http\/1.1","fingerprint":"87:AD:E9:2D:E8:42:F0:5C:3A:09:13:00:12:93:59:04:84:C3:E2:2D"}}
01247{"flow_id":147,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":172885,"pkt_caplen":669,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":669,"pkt_l4_len":635,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKPYkBAANsGFfM27xderBAq2AG7r3A+MM438v\/56lAYASyYKAAA9w0BAQsFAAOCAQEAeBzBYjVYR\/3Xm\/4EwfOmrVReMsKq9MWqVMnqwKTcEKvxEcfj9r7lenG5+58Pp8ADypkNgtf+ZqzyjvgjfIuOqviXUJn291KE7qGEFV2M0OVsYR4o+zIxe7MKrEOgCQGoFkv+ksOL51ITCUibYvsunKIzTBkUNTJ9NdM4wOX9pqrUGyXF08Huuv4VbD0CDCRYJF+euTAxGzMQjtgJozyRXywZtHQsOc3HxX4yUvsT7gfGhKOu6IB9fT+ZJcsrgOB2Xna0B1ygMB51lLP4fpj9u6yqtOTWdNHAiSwQVGvpTmKkcfx3kpaSnUTrUGtcI9PbBQMnkhdhJIzLryF6u4dEDhYDAwFNDAABSQMAF0EEQ6VyXw3F3BqaSdxsypTomXvbT8UlkfxEeIH5uElUa7e+RNuc0fFllPjLQpwlqj89CUiFVp6xB+QQDaPCmIZnRQYBAQAnAJycr1kb4M7WMgvrILEicQKGfL5efEnnRpmhwvnT3dTNTrVFpiXd7YZH10FbyNAAsHWRv5aMmjNfwRzIhunHjy6GrRtw1CGCSqvHY05RTgEK\/fi0e2d0hRimrPq3WGGJkamcsslXCM2U8vCzYsd6e6jl7StxaZckFrEhKOws1JgIEECfXpQtT+HFFdQAEs5a0FppM8AGaGijDjuTOkTLolM68gIkSm0DDrqHfvjUAYVXQ\/uU15yFmlkHBtkcaktPaoJykporWoT09znmbjqWaPSAjAx14ZqtSLXDB\/UUn35NEsZMvrKKimRDC8I4NBRXRQc5RlIUpo56GOKYciK\/FgMDAAQOAAAA"}
00419{"flow_id":147,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2718,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":176303,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAofltAAEAGlz+sECrYNu8XXq9wAbvy\/\/nqPjDON1AQAXnepwAA"}
00419{"flow_id":147,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2719,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":176430,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoflxAAEAGlz6sECrYNu8XXq9wAbvy\/\/nqPjDQnlAQAYTcNQAA"}
00590{"flow_id":147,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2720,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":186819,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmfl1AAEAGlr+sECrYNu8XXq9wAbvy\/\/nqPjDQnlAYAYQ72QAAFgMDAEYQAABCQQQzmkwPDnOmIAg3QlRslB1qe+YTVHttWD20laAy60x2Os0B7HSPAVjAA8XjfHKOyza9XZlmTLv3isuTj3jqkskpFAMDAAEBFgMDACgAAAAAAAAAADNZr2CfC7plw22hneymwUt5WU5f307bBv+8beucmggc"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1490976187242,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1490976187242,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":242775,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AMDKkaPvePiC0\/vCCABFAAA+WmNAAEARM1KsECrYrBAqAeoEADUAKipZJj0BAAABAAAAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAQ=="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1490976187242,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2724,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1490976187242,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00502{"flow_id":148,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":508361,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ePiC0\/vCAMDKkaPvCABFAABl6w9AAEARon6sECoBrBAq2AA16gQAUSKUJj2BgAABAAIAAAAABWFsZXhhBmFtYXpvbgNjb20AAAEAAcAMAAUAAQAAADoACwhwaXRhbmd1acASwC4AAQABAAAAOgAENu8csg=="}
-00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1490976187511,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2736,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AmazonAlexa","breed":"Acceptable","category":"VirtualAssistant"},"dns": {"query":"alexa.amazon.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.239.28.178"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1490976187511,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2737,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":511761,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8IbxAAEAG7nasECrYNu8cspdlAbtMyaYzAAAAAKAC\/\/8I0wAAAgQFtAQCCAoA9oePAAAAAAEDAwg="}
00429{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2739,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":571606,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw3K9AAOcGjI427xyyrBAq2AG7l2UCDLyqTMmmNHASH\/7urAAAAgQFtAEDAwY="}
00416{"flow_id":149,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2742,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":575232,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb1AAEAG7omsECrYNu8cspdlAbtMyaY0Agy8q1AQAVc5HgAA"}
00652{"flow_id":149,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":577439,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AMDKkaPvePiC0\/vCCABFAADWIb5AAEAG7dqsECrYNu8cspdlAbtMyaY0Agy8q1AYAVf+iAAAFgMBAKkBAAClAwG16AV0b+GAfYYNp1IOTvu8DJ0f7IEfHu7urYszcZFfGCCDPveyl8oknA6Yiw9M10d1fqyNuQQHuX5ZwIOnN4q82wAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2743,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":4,"flow_first_seen":1490976187511,"flow_last_seen":1490976187577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02381{"flow_id":149,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":703787,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc5VlAAOcGfjg27xyyrBAq2AG7l2UCDLyrTMmm4lAYf\/o3xAAAFgMBDLwCAABGAwFY3n27mBV2WbDPq95nUgHVHgPA3C3vs5uXZdBrRcVDiCCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAvAAsADGoADGcAByUwggchMIIGCaADAgECAhAcRU2OfD5RXVxbu\/\/vTuNvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTEyMDAwMDAwWhcNMTgwMTEzMjM1OTU5WjBtMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEcMBoGA1UEAwwTcGl0YW5ndWkuYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYBiz7+LgeGD3Pa4IJcJ09bhuxaGQSx+xajoPkJc5erzMpRRS1Ah2pufryf6dws05DN70Qan0Ob6GrLw2\/HxaGvneCRZhiBGyUMFBcJjk1AKw9+Nf1hXE48DlafnWpGrqpfYt2zsG+eRrhPeKWj+oj0pEgYLwOn\/a4xa6m8CUPuQAn6\/wNlnTqVyC\/SG0Yol6GVytCBUh+TZofarTRdpyUAS308UAcUFDf6BimC5d5mYn2J5R4k65+6sdF0Lg5T\/DhNiIsjt\/imBX+pqRiOG+KKP+QbbicThn04ySXzkSx\/F+UEKU29ls2FzrMVLknBH7eb59tKsTdRgaRpZOW3joUCAwEAAaOCA6owggOmMIIBVgYDVR0RBIIBTTCCAUmCE3BpdGFuZ3VpLmFtYXpvbi5jb22CE2d1aXBpdGFuLmFtYXpvbi5jb22CEGFsZXhhLmFtYXpvbi5jb22CD2VjaG8uYW1hem9uLmNvbYIPYWxleGEuYW1hem9uLmNhghJndWlwaXRhbi5hbWF6b24uY2GCEmFsZXhhLmFtYXpvbi5jby5qcIIVZ3VpcGl0YW4uYW1hem9uLmNvLmpwghNhbGV4YS5hbWF6b24uY29tLm14ghZndWlwaXRhbi5hbWF6b24uY29tLm14ghNhbGV4YS5hbWF6b24uY29tLmJyghZndWlwaXRhbi5hbWF6b24uY29tLmJyghNhbGV4YS5hbWF6b24uY29tLmF1ghZndWlwaXRhbi5hbWF6b24uY29tLmF1gg9hbGV4YS5hbWF6b24uY26CEmd1aXBpdGFuLmFtYXpvbi5jbjAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWZBMcQIAAAQDAEYwRAIgKRWoVVA="}
02384{"flow_id":149,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2746,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":704324,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc5VtAAOcGfjY27xyyrBAq2AG7l2UCDMJfTMmm4lAYf\/rmzgAAjFI1u1wWl1G2XSDRRsDgI05xF\/R2SRNbNYayAiBoL+6shVDZBDW9cxLOAAPLGwr35RrKdMLHjy3gwdZfEgB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABWZBMcTwAAAQDAEgwRgIhALW9429CqWlJmY7bsqgu877wDiK6qslUq22hmi82aGQuAiEA2sOA1mIiLp7MIPis4\/n9ebUdQVRvG4dTZRoBrrVuMJswDQYJKoZIhvcNAQELBQADggEBAGYgKBIO9j5PJS1o\/wh6NT0DbzNhpExM4s36xlh\/fdFoLOzD3MnFCJ92BlxhyyvXuoWU5uoJMfpq+5QaGibLkf7L6tpnIbnlsv4eXNCJnZsn\/YBiXZkzN8b0IMudSLmP1WtQYDl4qM4g+dti6uq\/rY1mAvLnRMTSDUWsocTd+dUcSc5G9RwVrTdrCca7zCZA+MaMWAROzv86e0RCAZWlVC3xvQC\/4FJLnaRjBmVXMbodATyrnvRkt3AgTo9sdFFTCD3TqzZ4hhKNo+3kKUQSzvXWIBA1lvWZEvNmv9bA1\/cd7RNj4GLWLyUls2RjBH8NrYvZUa7GVTRCoAo+oCutXFUABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM="}
00888{"flow_id":149,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":704396,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"ePiC0\/vCAMDKkVoBCABFAAGB5V1AAOcGgo827xyyrBAq2AG7l2UCDMgTTMmm4lAYf\/o8NwAANDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccOAAAA"}
-01421{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_tot_l4_data_len":3607,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":515,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
+01432{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2747,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":7,"flow_first_seen":1490976187511,"flow_last_seen":1490976187704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3439,"flow_avg_l4_payload_len":491,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"pitangui.amazon.com,guipitan.amazon.com,alexa.amazon.com,echo.amazon.com,alexa.amazon.ca,guipitan.amazon.ca,alexa.amazon.co.jp,guipitan.amazon.co.jp,alexa.amazon.com.mx,guipitan.amazon.com.mx,alexa.amazon.com.br,guipitan.amazon.com.br,alexa.amazon.com.au,guipitan.amazon.com.au,alexa.amazon.cn,guipitan.amazon.cn","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=pitangui.amazon.com","fingerprint":"13:E9:3B:22:22:61:41:53:CA:B6:3A:AE:C8:B7:23:FB:A5:11:2F:24"}}
00416{"flow_id":149,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2748,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":707370,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIb9AAEAG7oesECrYNu8cspdlAbtMyabiAgzCX1AQAWIysQAA"}
00416{"flow_id":149,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2749,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":707649,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIcBAAEAG7oasECrYNu8cspdlAbtMyabiAgzIE1AQAW0s8gAA"}
00417{"flow_id":149,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2750,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":707799,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIcFAAEAG7oWsECrYNu8cspdlAbtMyabiAgzJbFAQAXkrjQAA"}
@@ -2043,49 +2043,49 @@
00417{"flow_id":149,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2758,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":934749,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoIcNAAEAG7oOsECrYNu8cspdlAbtMyagoAgzJp1AQAXkqDAAA"}
02172{"flow_id":149,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2759,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976187,"pkt_ts_usec":945561,"pkt_caplen":1344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1344,"pkt_l4_len":1310,"pkt":"AMDKkaPvePiC0\/vCCABFAAUyIcRAAEAG6XisECrYNu8cspdlAbtMyagoAgzJp1AYAXkbOQAAFwMBACDL9FsorFz49k2Ue1wJV\/eNJ8JgYmx9iqoZt+NLzw7L0xcDAQTgwDzalzIT6co5x\/wYFKcL195q+MOXL5wNiYjFXPV+YrErAOddFPtwdVnyccqSHB0piGgeyp8T1vPlk4TtCuQQ3NEh6fPTWrdt8MorKWq2VdEFRVmX5oNt5HjbnQFsMdTQSdYCKT5xSUnDzSC+xwKxI4V5SFUGeeYOxsT8IV2aqkpD3kgF7qVwFBx8v1gKuf0BoJlbAs2ad5wrFuaO0fZQ6gfvzpPWbObbM5Iydphe5xfv6jxbRdSXAc3iXyxLzhWAg1VYduuG\/cREhxw4BVAogDSAj\/Y4M5TOQNz7lhQkPXhmB5nu2RIywUPi8RV5wNfgFKzwYra1981cVtl5OLn2yXd2GuyLNsUiQbr7pO7VQMeSC8P2wauWDznHtqE96LoRWtNTBu5ZVBVZ2f1Zek79jHrZliKPt\/40RTJ6ud33lFA830q21\/LULzNyrqPC+C2FajK+r1XkUJjpUCaHDx5Tg7Enk5z8w0yQWl60jUvmN6lNH7I+wXMqxdDTonEIbPXHH6A+qr5YaXiFoCIuSnfNauWJO6UZAPy690HlEi99wJ4ABKinII0m3guodgpQmHnfNbel2nbyqaGPnRBKNXht2mBlQUPBBGV5wr43EcPVNS\/7t\/9tvcEi602dl5dmrU3Ni2p+il2YGyLi+zHU7W68hOLsXgvr3qtgGbjc5quLu3yG29ZV8fBm\/tPcrsYCkaEU6ItbAPu\/Y1j2Mzg+ecV\/jHo0XrS9J39OCoyXrgauSkM8Dau2OvZWIhfTXZ2JuNTDPn+2LHQcZWyqBcUTsaVpfTEttDj\/JshZrMD1GkYAuYWyxKwR+xvy50rq\/n3Op6UElEGvYViWmQtCIp1LYvf3p+xCstZGiIo6NR5cZRS7jk1gnEHgufmn4EgalbXlyX6Cy5KK6a\/pLVn+\/IGJ2QK8yrPih+ADab9kSm99ovHZrLaLCTQwGFTYKao7Rc\/lSv7tsqF9ibhwynKrtpGp8c3ZljQcVhgMGVc9AXy+RTelSGjtVhjU18B1TDOZRxmwJTZFq2Ccm96xbQ5lpe2wh0e2fyipVjSJeHZPZ8a\/EilS7ral6tf3D99dENv8Xnt9YP9VPVxZ30ny4x29BrhcPr\/Db4ssa8\/vD++cQnXLpzzI7VTVd0m6x\/n\/EzGnJmkz8O9g+fwyfqE1myHVTCBBhzN993ioIHDw9GUG4y2JWl6Gjuk\/8n2l20feyrhxOxaTteCtyrsnbVYlxkmC65Ca7nd4YrTFQidKIZe1oS\/zS18tGgiVEvgplzuzdhiuMtDTgPwaWetE9oh0Ww83s8LSBguONWheYI1ELs\/uwDX2RvEQ0mjhOWlWtIc1fy\/vKepR2KUiRKdDCltUWukCcDICD7PhtdLyt2sPegyfXT\/3iS5AmNoql9guXcvfgPWxcpqhGHfNVvxMrKca1TfA\/Dxz7eYySwn0798C2YbUm0GxjIxC8sEgupOX2kSQyQ3qJt96YMUkLoYkM+hFaybi2oZIaYAfsud9x\/t7MMDmSZf3++Nb46q+Z2Mml+0T1yOrjyfnf2CjhJ0+cGutb5hJ81ifilP7saHJPjIL18X\/w85j08AP8dDffC07G9i5lswcxdCN4DuIoHYPjaL4xyX2HyRKWmiRDXgaNzyn6fu5MTw7vSnDkSHE7aAHEqoPEsoPECEM8gWM"}
00416{"flow_id":142,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":480744,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf5AAEAGekisECrYNu8cssZuAbts9RaFSlzPnVARAVceVQAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1490976195484,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1490976195484,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":484942,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8WmRAAEARM1OsECrYrBAqATpWADUAKI0W4msBAAABAAAAAAAAA3d3dwZhbWF6b24DY29tAAABAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1490976195484,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2791,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1490976195484,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00621{"flow_id":150,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":524157,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC96\/xAAEARoTmsECoBrBAq2AA1OlYAqVJ+4muBgAABAAYAAAAAA3d3dwZhbWF6b24DY29tAAABAAHADAAFAAEAAAW8AAoDd3d3A2NkbsAQwCwABQABAAAAWAAfDmQzYWc0aHVra2g2MnluCmNsb3VkZnJvbnQDbmV0AMBCAAEAAQAAABoABDRV0Y\/AQgABAAEAAAAaAAQ0VdF6wEIAAQABAAAAGgAENFXR2MBCAAEAAQAAABoABDRV0cU="}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1490976195529,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2792,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"www.amazon.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.85.209.143"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1490976195529,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2794,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":529965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8suhAAEAGqwasECrYNFXRj6NkAbuAhDhYAAAAAKAC\/\/+BjwAAAgQFtAQCCAoA9oqwAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1490976195545,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1490976195545,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":545666,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AMDKkaPvePiC0\/vCCABFAABIWmVAAEARM0asECrYrBAqAZ3pADUANBzi5IoBAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1490976195545,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2795,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1490976195545,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":142,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2796,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":546035,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAovadAAOcGq5427xyyrBAq2AG7xm5KXM+dbPUWhlARgACfqgAAAAAAAAAA"}
00416{"flow_id":142,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":547004,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAolf9AAEAGekesECrYNu8cssZuAbts9RaGSlzPnlAQAVceVAAA"}
00444{"flow_id":151,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":572630,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7o2R8wwHRgIQ4WaAScSCn6AAAAgQFtAQCCApttHwsAPaKsAEDAwg="}
00432{"flow_id":151,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":573626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sulAAEAGqw2sECrYNFXRj6NkAbuAhDhZfMMB0oAQAVdGegAAAQEICgD2irVttHws"}
00708{"flow_id":151,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":574285,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+supAAEAGqkKsECrYNFXRj6NkAbuAhDhZfMMB0oAYAVf8KgAAAQEICgD2irVttHwsFgMBAMUBAADBAwPpTJSZ1poYdnnlgBS9wmRJ7foXKk14XitVw1d4X49ZiQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAeJqaAAD\/AQABAAAAABMAEQAADnd3dy5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAISkoAHQAXABiKigABAA=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_tot_l4_data_len":346,"flow_min_l4_data_len":32,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2800,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":4,"flow_first_seen":1490976195529,"flow_last_seen":1490976195574,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00432{"flow_id":151,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2801,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":617600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0feNAAPMGLRM0VdGPrBAq2AG7o2R8wwHSgIQ5I4AQAHZGjAAAAQEICm20fDEA9oq1"}
02379{"flow_id":151,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":621582,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcfeRAAPMGJ2o0VdGPrBAq2AG7o2R8wwHSgIQ5I4AQAHYeuQAAAQEICm20fDEA9oq1FgMDAFQCAABQAwNduu+JesKyGafrWGMXSdsoWSCaruFvtY6z0Kx5uTwzOwDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwML6AsAC+QAC+EABp8wggabMIIFg6ADAgECAhAdSr2qeNCa\/nmdQbzrenZiMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMDMxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAwwOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWihndZ\/4HxzWdNmP\/XjAI8iPKFw5XnK0RlANu1+1aLE7FOkbZKWTYYjWnO0RKmikGZtj+Fozlg1YNgMevTUBC\/MCrCw3LPmxfivK2QgRYj3YOiYpu\/FAqvLSbRm6P0zNptlva8dvR1tbBSXbJefmeV8clJ+YPRNLdQU1pDNcTEWeUpT+LtWiYsQH870618nRXZdnNvM7HdF+9PLnCafgDEILucZGSU0EpVr6elGXTOP6WjIJoz4AXlhX1ltREi7FiJk5be7ZrrpXNjAJFrYR20hs8As791KsU0C5oCEqqkU3Q4HjZ3XohZQ4qIyIcMkvnXZgAkkGZ9A8jt9VC1cnAgMBAAGjggMpMIIDJTCB1AYDVR0RBIHMMIHJggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFYGJ\/J8QAABAMASDBGAiEA6fFlggg6W7QvWe9jf7KTwDKBjO3dGyhkPVZyzlOX5b8CIQCuPTe0zJihJrUjbnOuq6NcNCnkacxegjQwcBcg1ZwRXQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABWBifyhoAAAQ="}
-00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_tot_l4_data_len":1858,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00801{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2802,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":6,"flow_first_seen":1490976195529,"flow_last_seen":1490976195621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1650,"flow_avg_l4_payload_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02383{"flow_id":151,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2803,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":622108,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcfeVAAPMGJ2k0VdGPrBAq2AG7o2R8wwd6gIQ5I4AQAHZCrAAAAQEICm20fDEA9oq1AwBIMEYCIQDRlQQ8KC2R\/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPwAagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA65KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oVphsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46iwZst4TwdwO3\/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuADJelImPs\/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWuBpx0qrpruMAUU1lOJrg\/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N\/7jW6zKh5RjSgrr6H7ZhiwtwpJzLsjT1CXAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE="}
02388{"flow_id":151,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":622710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcfeZAAPMGJ2g0VdGPrBAq2AG7o2R8ww0igIQ5I4AQAHaaowAAAQEICm20fDEA9oq1NlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzMwMDgyMTM1WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEB1Kvap40Jr+eZ1BvOt6dmKAABgPMjAxNzAzMzAwODIxMzVaoBEYDzIwMTcwNDA2MDgyMTM1WjANBgkqhkiG9w0BAQUFAAOCAQEAgQDMpzZdwJ3PrNgB8d8f1cjQX1Ry6VrhEzAt1lcEB4WgmdjO0Jj7\/gcGHmmN4xjsgLxWz0TLFJXU3wjsiTaR9iYjNwnlVX2RjmqVz5lsVlEMa28OUwUvMwlmN7cuMZgdMiCi\/EUGOIACQtCuusxL8xVXf3x1piP9W5dJahTjHK\/gDPNDIF+nVKPFnlMFE\/hen03A+k1mR9yGF\/JfOOfP\/b1322DA7bnEn3JSMiFcIxbsU2gE9h3ovCxMS6WLeuK87uLOMB+5jQuVgYqUfvRPYAHuBDr37eG8TeoadjSco88HooscltcumFNXAv5B6ADN85OBUnpTIBJzgqaLgcnVnqCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1U="}
-01267{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_tot_l4_data_len":4818,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":602,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01278{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2804,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":8,"flow_first_seen":1490976195529,"flow_last_seen":1490976195622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":568,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.amazon.com","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","alpn":"h2,http\/1.1","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
01480{"flow_id":151,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2805,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":622961,"pkt_caplen":833,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":833,"pkt_l4_len":799,"pkt":"ePiC0\/vCAMDKkVoBCABFAAMzfedAAPMGKhA0VdGPrBAq2AG7o2R8wxLKgIQ5I4AYAHa2\/QAAAQEICm20fDEA9oq1HSAEZzBlMGMGC2CGSAGG+EUBBxcDMFQwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCoGCCsGAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQQq7+OG+xg\/8oNuBojRP9V9As2tGw+zVGmefmg0lsVg6KQ6mAq0ZH6aAfjyMWk\/dryOLpcCGlfOR+0G6wmc2s\/8BgEBAF0FRQTQ0lAMjBFWfz8XMVy2bTHP1DcgndV06tpUp7DVqhCP7ncCTnfcF1hF4vqT2CJUjyulz\/IzF8kjCjyOw0iPJIwdTXOUcNvKuR6\/er\/h7DAENEoPiIzfzEZBeEx\/frbVaJ3XnsXXR6cD65VFQcTMj9iXqUvngM\/D0UREdxnbeBJTzCW49magPxMvlNqEqL+kNhDC72\/GejDi7n4LKYI+cp8O\/CEmbUBgMVIdjCHWT29oLp+fF+fE274Hqp1d9OtQp0wt1TbpDemNTnfDcQ6QbkkbgwP9ONHqfiGWTPs+KJAptx+8s\/KzvwZ76fv409pPBnd5x2MTtSAooBN7euEWAwMABA4AAAA="}
00434{"flow_id":151,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2806,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":624911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0sutAAEAGqwusECrYNFXRj6NkAbuAhDkjfMMHeoAQAWI\/8wAAAQEICgD2irpttHwx"}
00433{"flow_id":151,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2807,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":625698,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0suxAAEAGqwqsECrYNFXRj6NkAbuAhDkjfMMNIoAQAW06QAAAAQEICgD2irpttHwx"}
00433{"flow_id":151,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2808,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":625951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0su1AAEAGqwmsECrYNFXRj6NkAbuAhDkjfMMSyoAQAXk0jAAAAQEICgD2irpttHwx"}
00433{"flow_id":151,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2809,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":627064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0su5AAEAGqwisECrYNFXRj6NkAbuAhDkjfMMVyYAQAYQxggAAAQEICgD2irpttHwx"}
00515{"flow_id":152,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":628315,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"ePiC0\/vCAMDKkaPvCABFAABw6\/5AAEARoYSsECoBrBAq2AA1nekAXGuw5IqBgAABAAIAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAAFAAEAAAErAAwHYW5kcm9pZAFswBzAOAABAAEAAAErAATYOsJO"}
-00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_tot_l4_data_len":144,"flow_min_l4_data_len":52,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1490976195633,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2810,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.194.78"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1490976195633,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2811,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":633256,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8fD5AAEAGTQysECrY2DrCTr+rAbtBfvaFAAAAAKAC\/\/9RcQAAAgQFtAQCCAoA9oq7AAAAAAEDAwg="}
00613{"flow_id":151,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2812,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":634372,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AMDKkaPvePiC0\/vCCABFAACysu9AAEAGqomsECrYNFXRj6NkAbuAhDkjfMMVyYAYAYT3ewAAAQEICgD2irtttHwxFgMDAEYQAABCQQR\/iyUDBD5QHIqcL2y\/iDVj4\/p29H0Z\/7JlugE+juqz+ykVJVirfGOjGxDQc3m7NMxlpIR+w\/HNlOiuFcCxOd0YFAMDAAEBFgMDACgAAAAAAAAAAD03hH\/kAE\/axQU4iUFGg\/QO5KSPlw\/4sUYxxZRO1rp6"}
02410{"flow_id":151,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2813,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":647088,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AMDKkaPvePiC0\/vCCABFAAXcsvBAAEAGpV6sECrYNFXRj6NkAbuAhDmhfMMVyYAQAYTgzwAAAQEICgD2irxttHwxFwMDCG4AAAAAAAAAAY52sZVNdZiUHXZ+k2kOqXhrYmsaJV0nsvS6oJqnO0vfi1iMsGpn5eMIv9sk\/W6rYSMG6Y021EmGVoB7pqGb0ZewzHdfsautLhAcAMFTF\/0zKhPb4azdc2EN\/IrpS\/q3EM8wJu1HVsp5SvAZSHkcwcUAk6q0plzQEBrHKGs7zsKzwX9BZFhEVXMr\/Pi72wSZkvoxwD5MEcdIxRtbFMii8xX1H\/YqrLB4xk29OHRaFf5pD0Q4RdQVPb6HspD\/YA1kDrJC3fDJ1npG3AvznCsJnJOh2cITnhYD1OLFOlxJEX95+6JgJFc86IAeDYYFgTeWO89g5f4ZC3GSN4Brl0GshA1dTxTb6iFXvt6\/RsHYxs8XyWIxbPahnc3YvU7WuiSCe9j9OSeYh+z\/Khqtjj\/ynQa\/jpnwhNs24FJnqCANFQqaTbWMITOVJ1\/4QRaxsOwW+mcutXxuLnsm1WZsQIMcQLpmeF9VYbI9SPbpjvSxDVOqAoLriV86Fpg5CukgjXaTJuy67C6jbe1+m6c0BRyz6un0QJlOA9nlXK+VaZ9e6WNhSZkIdwCryf02JiQ\/zyT4Mt2mmUDtevVuOXU77+TVlVQguWY2\/5uIbk8Q3ijTFdWQcvOMW9lzTj0gLa5Jcf9vXyoaBIgAjIRKXK8BlEDwwpR7mF0Lt64hgH0pA913x3dHxgZ2olRKKZ7dKkKh3DBM5nmEcITeZKiemI\/RPLPGr+FHGMPkYTVVzHCO2cYjkf5aCDQHr8w5g4RiIsb3KckNDxl5xKpwZaSWSH5Iirgm3ucgSM4ClJuPr7XVaZAvKx5MGcQzDBbUMUKeOfzEZBD2bjxGmZok7Lk4LKPue6L622yK+b7NdsoYYVHbrRvVpNbHoeET0XNZD2\/x6sLJfRN+yOnSuD4FWn47HNwhEBt5wdYZp7e9dvbrXJaSiGcQPCU4sURGgWreGwUAhxiRoI8RqIBPufBwKeksk8\/oTq\/LI3E2gW84c+mzBLI4G2Y3Ncw7siB2mQrtzoxOmy+4pyQnar9C8qgum6N4snSVa\/HaGJ\/A7mIfvywKcUmxrG17r6GIj4RCKDS4F4+QiT7rB5iJDn+Zxk8mjivySOyVp7ooVg+X3\/I9pfpzmlr9i08OB+NXKixeOhEptwuVu4n0vsoBZwhHFREwnD5uCQZ82zNywpHa5W3k9xma9UJcL68daVdyDbPuoXsDqr\/S8+xdmQ6HGAwhmRPqDEu8\/ZPPl+ItCKmFQNf+N7IFJ7YCZ2SHX\/\/7FBFD\/YPG50YfjoIDfywk\/2axGcfJ+hhZZhAOp\/0KseXYU4RuOngf9lRqIv97mQ5xay6SYZNKwRgnhEQlClaOhh\/MAkxVrvhO3ffimYji9w2d3iq1EGiseVbzYw4dsnCVzz6Mn+KfLjcNYZz9ygA+JGq97OPH6IUUMeL\/h0tYfBje2WFH4yNF0tejxjKM0sZuRSazArI9HX\/QVOymP7V435k6BX7c99M8OyCzz\/AxuzLbFs58FlyI9\/jmXHJ7EI3BCnSoNNwyN+0qLope6V\/srVMN35nLdIJ6yZ4WKZhOOzfX3O8rM6bN15rPz3+31qXbX3Y30\/mgY\/mqn+0do\/1O3OxVjPZXaiwcKbzcaolXPGFu3oY1eDAo+PiugVk1+IBA45GFqpNuhOUli1s3T9rSL+5RfoGI8oROoS0vAjyebEvRXYAeeKzoj\/OjODTj33a0DGa1N5vYHXH9lXmMlRnxgHi\/hVb21asMmgxIrOX9NkwGjYlXz+pz0E31fhAvkKWryoh6idgzyJVhtOarHtekEqGmZn0VrFk05TdGcJD4vAh8CORn9E6JwpsNSe9LxKgEM4TYi6pqj2fMEYmsElm4jV5P58EdQERO69MqhyWFYLxBRWWCmOqX0lccc+n8xiwbGpd8EMND8MS3YUQ="}
00444{"flow_id":153,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":670657,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8ibgAADcGiJLYOsJOrBAq2AG7v6uBvvSDQX72hqASpajvAAAAAgQFZAQCCAoLBTvAAPaKuwEDAwc="}
00432{"flow_id":153,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2816,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":672208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fD9AAEAGTROsECrY2DrCTr+rAbtBfvaGgb70hIAQAVfBygAAAQEICgD2ir8LBTvA"}
00686{"flow_id":153,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":724734,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"AMDKkaPvePiC0\/vCCABFAADtfEBAAEAGTFmsECrY2DrCTr+rAbtBfvaGgb70hIAYAVcNmQAAAQEICgD2isQLBTvAFgMBALQBAACwAwOyGSGBgtCm4VEGsO9q\/vzaBrFVmU1Xzv04\/EnIjdiunAAAKMypzBTAK8AszKjME8AvwDAAngCfwAnACsATwBQAMwA5AJwAnQAvADUBAABf\/wEAAQAAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAACwACAQAACgAIAAYAHQAXABg="}
-00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2820,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":4,"flow_first_seen":1490976195633,"flow_last_seen":1490976195724,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00432{"flow_id":153,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2823,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":760501,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0idQAADcGiH7YOsJOrBAq2AG7v6uBvvSEQX73P4AQAVTAtgAAAQEICgsFPBkA9orE"}
02333{"flow_id":153,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":762060,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ePiC0\/vCAMDKkVoBCABFAAW+idUAADcGgvPYOsJOrBAq2AG7v6uBvvSEQX73P4AQAVSgnQAAAQEICgsFPBoA9orEFgMDAFsCAABXAwNY3n3DDL+algu9UzbgCZgTTV+cp0kWsPY9N9U8YH7x7iBtu\/9gnRCQJlHQwKGfvFkpVNjddeFLlYBCG+hlD2XCssypAAAP\/wEAAQAAFwAAAAsAAgEAFgMDDq0LAA6pAA6mAAcoMIIHJDCCBgygAwIBAgIIZm0NGUUgCcswDQYJKoZIhvcNAQELBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwMzIyMTcwMjUwWhcNMTcwNjE0MTYxNzAwWjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERjGx6s9o\/BcqozqN8UiwzbcHdCvaVPellf7KFLWtbsaC8Oo+QcYhDdeSGHkuUk8MV61V6Z+bLMK5AAp6NIqEUKOCBLwwggS4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwggN7BgNVHREEggNyMIIDboIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CDiouZ2NwLmd2dDIuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYILeW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tMGgGCCsGAQUFBwEBBFwwWjArBgg="}
-00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_tot_l4_data_len":1811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
+00863{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2824,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":6,"flow_first_seen":1490976195633,"flow_last_seen":1490976195762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}}
02351{"flow_id":153,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2825,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":762587,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ePiC0\/vCAMDKkVoBCABFAAW+idYAADcGgvLYOsJOrBAq2AG7v6uBvvoOQX73P4AQAVQAJQAAAQEICgsFPBoA9orEKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFByoUDDt8sNgYUgNmwsm\/RdPWzBwMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeBDAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBXMn6FcaNDiz0t7Pm7rqBB+T3N3J2fO3M1orczDg4\/\/cZIf+Ur7Fh3\/5tgpaEKZ5+g2l8qMj2x8X2xXC4ibY+o2R1LNOSF\/y1a\/U1vRkw5Kc2EujEECC2IrBhtW9fbRYtgqpsg54SR33OtZ5SoDKUZ56PNJxyE0WM2kIse3xFmjjYOa2L2j65EEBmxsv2QP9RLtKStWtzgYR7s8Jm1Gh6BZMJXEocAeCg4UDobKSswgkAgRDZv9AAWj71OF7b0n9ZnFFqZlTQZRiV5lSjwaKJp03eguOopp0jHYrt1WTZ3d7NO7moPP5Q467QO0ZoPI4ERul2KIzt+MpS7ZGIv+gatAAP0MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT\/xGXAaiEZ+4I\/F8YnOIe5a\/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U\/ck5vuR6RXEz\/RTDfRK\/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx\/\/zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR\/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU\/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYDVR0PAQH\/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEACE4Ep4B\/EBZDXgKt10KA9LCO0q6z6xF9kIQYfeeQFftJf6iZBZG7esnWPDcYCZq2x5IgBzUzCeQoY3INtOAynIeYxBt2iWfBUFiwE6oTGhsypb7qEZVMSGNJ6ZldIDfM\/ippURaVS6neSYLAEHD0LPPsvCQk0E6spdleHm2SwaesSDWB+eU="}
01987{"flow_id":153,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":763002,"pkt_caplen":1217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1217,"pkt_l4_len":1183,"pkt":"ePiC0\/vCAMDKkVoBCABFAASzidcAADcGg\/zYOsJOrBAq2AG7v6uBvv+YQX73P4AYAVScnQAAAQEICgsFPBoA9orE5Jxlac2HpEFQPy5XpZFRElgOjAmhrHqkEqUn85oQl31VAwb3ZlhfX2Thq11tpTlIdZhMKVo6jdMrypxVBL\/05hTVgKwm7ReJppNsXKTMuPBmjmTjfZriALNJx+QKqt1bg8dwkEZOvtDbWZZsLvUWNt5xzAHCEsEhxhYAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwMAcwwAAG8DAB0gc9698eUlMCxaFKOnpkh8c7JlrPELuN5bTz3++yT1BHkEAwBHMEUCIGWcd\/ky\/ajUG5GDR1\/EbSvufSoCI1S+rP1gR1+t+h1rAiEA2CbVXoIsbRsB0UDU3K8IHC+VO5FNBwp9jd7RjXSsAjcWAwMABA4AAAA="}
-01915{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_tot_l4_data_len":4444,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":555,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}}
+01926{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2826,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":8,"flow_first_seen":1490976195633,"flow_last_seen":1490976195763,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":521,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.gcp.gvt2.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com","ja3":"5bf38a5cbf896cd31eeef4d6ad1503e1","ja3s":"9b1466fd60cadccb848e09c86e284265","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com","fingerprint":"54:A0:1E:03:FF:CB:33:BC:9D:65:DC:D7:BF:6B:04:2B:F9:F3:D5:42"}}
00433{"flow_id":153,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2828,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":763683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fEFAAEAGTRGsECrY2DrCTr+rAbtBfvc\/gb76DoAQAWK7GQAAAQEICgD2isgLBTwa"}
00435{"flow_id":153,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2829,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":764914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fEJAAEAGTRCsECrY2DrCTr+rAbtBfvc\/gb7\/mIAQAW21hAAAAQEICgD2isgLBTwa"}
00434{"flow_id":153,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2830,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":765751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0fENAAEAGTQ+sECrY2DrCTr+rAbtBfvc\/gb8EF4AQAXiw+gAAAQEICgD2isgLBTwa"}
@@ -2093,53 +2093,53 @@
00495{"flow_id":153,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2833,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":828745,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"ePiC0\/vCAMDKkVoBCABFAABfifYAADcGiDHYOsJOrBAq2AG7v6uBvwQXQX73lIAYAVRb7wAAAQEICgsFPF0A9orLFAMDAAEBFgMDACCwAGwbxkE02sXDMu+6itAO3CJMbdGhkjTKTdngMMJeJw=="}
02294{"flow_id":153,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2834,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":850819,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"AMDKkaPvePiC0\/vCCABFAAWMfEVAAEAGR7WsECrY2DrCTr+rAbtBfveUgb8EQoAQAXiylwAAAQEICgD2itELBTxdFwMDBh2gXwjt3EUWxeToL8j0tNysqGf1QNRjrDPD1B7EXu9rPq27bNdX+R6NiIuSPFsQm7o7apZY\/ff27IS7cKvVjDWv9JwUlVaPXz4OmzpzFDri1\/e9SwKjocLDzNTHZXwnc1Sot6gypGDmghXdcPh9W7Ey0NGpfTDU\/Ydxa6QoFlW3miA0wTDVHF1XAg5Vg65doi8EDlKL8qmo4V2ETmsOaiWIv3cZIZhc5L\/XWo6UdiGaHMexnFkXHMlEFetI9qYmuDPG89vsUtaEIU84qBxkZZ2KlyJqrs0ASiWGkoAoOVjS0g3yFA8XZATv85mGd9loJHCkThkVEhLeN0EClUUCX+wpJcxDJY3O99KVsVOakSkx92NsfDmaGK\/ncBMtdxdsGTe4rePaSj8JjhccaI5x47m1PtxeBNXQ2vNzr0M3BCQNhbTa5ZPd415MLP7N9dcfrcqiesLq9Y\/2gOZnEJ2oL+Tn\/QMjuHvIjoVBtUxjvUsI7u26rpSxz\/EpEqGQF2nUcpY7ZruMaxlKcJrz4YQzS4tbRNDnEbu8GVPjfCuX9ERxrw4C9eJlaTEXXZV+Jd8jhd4I\/bnCAETyEUmLngkqJvikMCOkOWbRcCO2gaBzyWS5ndOmKRZkgtA0tA2u+jc55+\/6xXE8URST85R\/CyTT8\/L6C6o9Kz9S+V\/vlHnlIGHOgKglo\/z1J5mBcnAfg0HyGvRWPIfREkzsZGA5z2H23FUCJwRPiGhgxCN0Cdt3\/ry5HjDVyePVvlIZadsPMPmQCa86J5lKgiEam6aFLFUak\/wrHiPh57VcInQUhEv2fGUSOYd4W8FGAJYexZSOOL7S2wVPR5GXjFxV8clfHanOP5\/MJNbdrSjmUZbEvoaaeUD6aKYvAEKFf7ALoKR5+UHLBY4JP6YML8qfZYMS2Z6P6x+MK\/9A1o8iDuioTVB\/1HwLn30Fg95qv\/OpEkBRUcMAW8jRRp2gwOBeBAvOD7C0AbiyWycabUsYGUVAcL78ilKsZYfdNK8wqiki8pB2HPZ+Sl3Q27g5QOwghAzADUu0vrxOCqu9Fcigjj++mgUNTL82IDIR\/+IIfNHSvaInU+SJ5b1\/Xa9VmPF24vMVU\/YFGRW3kzv3mkFVAn4vFcr1hCu7EonGHfho2es\/KuRel+gOC2jR\/6qDcHCq8n4XpCXhUq81VW7y3XTX0whvM1iqHtc58HNqdfJPXhkD9AkLwVEiWe7wRo7vjcObqbkE7BchjFchZDflrebQ8BTOidpYepUCaKwpsd9fc1\/cNI3drTxCVNBLxYfCOs84zbLv0v8uYOFKM\/63AYzWFx4sN3YMBN1XbwKtJzXKq0U9Fwx3WTdD9P2L8M45MretZTPY0VF6lyokCbSwyJ38ED4QYTaNeNKGldKd1MkGDTHDpG67KD9X+x4A3a2PeFK9INBzbFOIkADOgFYUr2XwVkkZmXTHlPzERwagnQ+E2WAK55lId\/IAPWzmmnMYFWjQjiSCJDDdT3XYP92unjLmcC+raa5vUm4Ukigk+G89+fXCxmVr8pp4mmh3giz6bNRZpyNxDvSq\/e6UnG6jJN6ZuTaP+dYXxb\/z6wj+Basg3XvVTUR2uyXBDZhYvF7fm3zFpDEU7NIB1uR2\/51Fwn2snM2jNeSr6c6iRodWTFlBhmTIi2UtIat6OwLk+cgILsIo2UpmKzOys6nHzBRBScbZZdbRQFxuDfSQDkKkxbYB4unNiF7u7fywLwhnjlDWQJA5LkFcxlQZQVzMoHQAjV8Gq+VdiycPg1Vih6lJDB67qazr0bt969S2Tie7Tr4kJXVbB9yPFyjEkfafuNVc"}
00717{"flow_id":153,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2835,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":851506,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AMDKkaPvePiC0\/vCCABFAAD+fEZAAEAGTEKsECrY2DrCTr+rAbtBfvzsgb8EQoAYAXjjjgAAAQEICgD2itELBTxdy\/doybMCEQg\/D4aCyc9z4pOWaiz9DAgy7GNnhIaBmoi3hc31JaIKDxCLEJponZsOOr+E\/PQ9FCFQyRxOuGqYG+\/z4jHSFdoCP0xOhgIpHQQXBM4sTjs4q9X+LgxtylZR3Tjrk\/fnOP4A\/gtfjcLUDXAwlMdEMz2o0xGNW0azyZU8U3iZYmqLawBQlzXDne7HVWY5cS3hEx2\/\/eD1ypDHPnU5\/TsSMJlSP2AU1Cnjhhwv7th0yx3NoSsEOviXJ93A2eUFSS+kZ+svmw=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1490976195921,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1490976195921,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":921499,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AMDKkaPvePiC0\/vCCABFAABNWmZAAEARM0CsECrYrBAqARIEADUAOVP\/iiYBAAABAAAAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAQ=="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1490976195921,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2861,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1490976195921,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00611{"flow_id":154,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":980743,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"ePiC0\/vCAMDKkaPvCABFAAC37AVAAEARoTasECoBrBAq2AA1EgQAo8CaiiaBgAABAAUAAAAACWltYWdlcy1uYRFzc2wtaW1hZ2VzLWFtYXpvbgNjb20AAAEAAcAMAAUAAQAAAAMAHg1kazlwczdnb3FvZWVmCmNsb3VkZnJvbnQDbmV0AMA9AAEAAQAAADsABDRUPnPAPQABAAEAAAA7AAQ0VD7rwD0AAQABAAAAOwAENFQ+v8A9AAEAAQAAADsABDRUPj4="}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":57,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1490976195983,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2864,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"images-na.ssl-images-amazon.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.84.62.115"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1490976195983,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2865,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":983393,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8wa5AAEAGL16sECrYNFQ+c6O4AbsdU0twAAAAAKAC\/\/9kRAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1490976195984,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1490976195984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2866,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":984177,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8CnNAAEAG5pmsECrYNFQ+c6O5Abv6a4CtAAAAAKAC\/\/9R7QAAAgQFtAQCCAoA9oreAAAAAAEDAwg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1490976195985,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1490976195985,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2867,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976195,"pkt_ts_usec":985305,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8MZ1AAEAGv2+sECrYNFQ+c6O6AbtYObtDAAAAAKAC\/\/+5iAAAAgQFtAQCCAoA9oreAAAAAAEDAwg="}
00441{"flow_id":156,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2869,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":859,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7kDZGUl+muArqAScSCFQwAAAgQFtAQCCAps+oX0APaK3gEDAwg="}
00442{"flow_id":155,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2870,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":1010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7jUvy2sHVNLcaAScSD3DwAAAgQFtAQCCAps+oycAPaK3gEDAwg="}
00430{"flow_id":156,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2871,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":2121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnRAAEAG5qCsECrYNFQ+c6O5Abv6a4CuA2RlJoAQAVcj2AAAAQEICgD2iuBs+oX0"}
00430{"flow_id":155,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2872,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":3424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0wa9AAEAGL2WsECrYNFQ+c6O4AbsdU0tx1L8trYAQAVeVpAAAAQEICgD2iuBs+oyc"}
00726{"flow_id":156,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":3702,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPCnVAAEAG5cSsECrYNFQ+c6O5Abv6a4CuA2RlJoAYAVfOvQAAAQEICgD2iuBs+oX0FgMBANYBAADSAwPpjfK00MIrt3BxXOFv6gz55nS9q4nJk9FBExT7V8ZmxQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAifr6AAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAiKigAdABcAGLq6AAEA"}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":32,"flow_max_l4_data_len":251,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2873,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":4,"flow_first_seen":1490976195984,"flow_last_seen":1490976196003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00726{"flow_id":155,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":5425,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPwbBAAEAGLomsECrYNFQ+c6O4AbsdU0tx1L8trYAYAVfIxQAAAQEICgD2iuBs+oycFgMBANYBAADSAwPu6GGuPmyzw7dLNflsWT5nlBqUB1hxgKWeZNpugQIoJQAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAiWpqAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGKqqAAEA"}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":32,"flow_max_l4_data_len":251,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2874,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":4,"flow_first_seen":1490976195983,"flow_last_seen":1490976196005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00442{"flow_id":157,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2875,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":8146,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPIGPww0VD5zrBAq2AG7o7r33SsOWDm7RKAScSApGwAAAgQFtAQCCAps+o9VAPaK3gEDAwg="}
00430{"flow_id":157,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2876,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":9303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0MZ5AAEAGv3asECrYNFQ+c6O6AbtYObtE990rD4AQAVfHrwAAAQEICgD2iuBs+o9V"}
00727{"flow_id":157,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":10246,"pkt_caplen":285,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":285,"pkt_l4_len":251,"pkt":"AMDKkaPvePiC0\/vCCABFAAEPMZ9AAEAGvpqsECrYNFQ+c6O6AbtYObtE990rD4AYAVcgywAAAQEICgD2iuBs+o9VFgMBANYBAADSAwOZ4tBPqLqYdHU6SDQI1rutJPljePPKqcU84R0pjyIHmAAAIJqazKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAidraAAD\/AQABAAAAACQAIgAAH2ltYWdlcy1uYS5zc2wtaW1hZ2VzLWFtYXpvbi5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGEpKAAEA"}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":32,"flow_max_l4_data_len":251,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1490976196016,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2877,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":4,"flow_first_seen":1490976195985,"flow_last_seen":1490976196010,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1490976196016,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2878,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":16602,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8LWlAAEAG4smsECrYNu8csuLAAbtkEKeIAAAAAKAC\/\/+hiQAAAgQFtAQCCAoA9orhAAAAAAEDAwg="}
00431{"flow_id":156,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2879,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":28189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA04NBAAPIGXkM0VD5zrBAq2AG7o7kDZGUm+muBiYAQAHYj3AAAAQEICmz6hfYA9org"}
00431{"flow_id":157,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2880,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":30939,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0pFhAAPIGmrs0VD5zrBAq2AG7o7r33SsPWDm8H4AQAHbHswAAAQEICmz6j1cA9org"}
00431{"flow_id":155,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2881,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":31071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0oQ1AAPIGngY0VD5zrBAq2AG7o7jUvy2tHVNMTIAQAHaVpgAAAQEICmz6jKAA9org"}
02380{"flow_id":156,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":33481,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc4NFAAPIGWJo0VD5zrBAq2AG7o7kDZGUm+muBiYAQAHYHvgAAAQEICmz6hfcA9orgFgMDAFQCAABQAwMchVgr9AjLWixAKujTvHZoIk1uz271I4e\/jrQ7u2hALgDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMLowsAC58AC5wABlowggZWMIIFPqADAgECAhBpH0FX++InsW31pP5h+nftMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwOTIzMDAwMDAwWhcNMTcxMDI2MjM1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEoMCYGA1UEAwwfSW1hZ2VzLW5hLnNzbC1pbWFnZXMtYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEuJO\/+bBZp+65A3qd7KXAfp\/cKV5sEn6gPlLX+kNYjVLDHtwBivFeUG6bFEOhwWdlcNuDzu9KkW7lLTHitJ5nFNZV8ab6lWZc6IgABVBSUzarnyfLq7rKfC2JGnZNxMXEzi1Vj5qs4OUNzMETVJxx9HbMK3VCITO7h6OYz2D3VyZgIJwqq7Onpkkx2YSQTdtBy9Pr3Yx71pOWk\/3vh3jwlUgByGncft+zlHReypSHZCXLE\/RRSYVMOdSSWd9vlmStKxq5H0TRrvkLw+d3p5plGcmL7d1fjoFAWT259eL1DlUmYfkteR\/zCwtPSGW3K6F6CzoKpayF3+Zj22dILQUkCAwEAAaOCAtMwggLPMIGABgNVHREEeTB3gh9JbWFnZXMtbmEuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZXUuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZmUuc3NsLWltYWdlcy1hbWF6b24uY29tghJtLm1lZGlhLWFtYXpvbi5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdUkiseAAAEAwBHMEUCIQD6iIA+rmG7QUCCeoEWrVeccR1EZDWz9MXobNmyZkT4uQIgaiJVZCKRbwFdkbUxvM4Cisi\/8VdNDoagQ9TsWHWxRdUAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0\/7xAAAAVdUkitHAAAEAwBHMEUCIEoThh0jOnprHDW1k9YHcA6yuygvskznTHLMQPBWQS8oAiEAy\/WI\/dbVY6t2GtrwR2xpuZ7b0b0g40Bn0vI="}
-00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_tot_l4_data_len":1875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2882,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":6,"flow_first_seen":1490976195984,"flow_last_seen":1490976196033,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02384{"flow_id":156,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2883,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":33958,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc4NJAAPIGWJk0VD5zrBAq2AG7o7kDZGrO+muBiYAQAHZAyQAAAQEICmz6hfcA9orgtH\/sB3rLMA0GCSqGSIb3DQEBCwUAA4IBAQBkiDIxxnEZQrKUokw1tGkpri5hfM77NzUNZVWC0Fgdg74+ZMaxjY5ejtf+ySz7Q4YfW\/gX7WyTv0J6x9UzilKxYpa3x1E+FkaueHDs9uPAqFWK3dEAeXxMgoNrRERymOERcZoEhmu4s90r+y6wcrksN9W2xICvAv60b4k6vUuYH9j27CDbSivSCe71iV6zZ+kGTvIhEJRdwt3iYMyQwQMN55VSSzpX+SrB2wiDul3yiV4HjaS703ElwqvtEXQGCQux6WhUMHOBXzY0kebNFDKYD63s\/sHwq4c2qTdzD3pvCQ16okmwVy481q+faunmHtn14Kr9QeLcLqT7vLASm9BTAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+k="}
02390{"flow_id":156,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":34469,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc4NNAAPIGWJg0VD5zrBAq2AG7o7kDZHB2+muBiYAQAHaf0QAAAQEICmz6hfcA9orgdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzI5MDkwMDU3WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEGkfQVf74iexbfWk\/mH6d+2AABgPMjAxNzAzMjkwOTAwNTdaoBEYDzIwMTcwNDA1MDkwMDU3WjANBgkqhkiG9w0BAQUFAAOCAQEAlbbCUTPj5w12J6GrEmf5hV4iufntZZG3Y8S0pI0kB7GvfElrulxav4QgdcZbLdUPkMWM9+kneCt+exqXrJeZ+COEhhUEqc\/nVfEavr\/oYR62P3Lz8Ut0O17jXqENh\/mbjRoREBil\/CIzWU+luSiF\/ZMRq0H1zEw\/mSTmMnhxRiz6ahuQV+JItIEhPJlQs5iWx8ruofIcqOvKelrA24cDxEyufpN9ZEfQvyl5ymmsDXK\/xcHYknZLM3WSC0UUBnlcq4NYqiQh5Pymkkp2G44BW2p9GbWOYszSsqf\/C+hiL7zN1WiscirUykahmZ7D1\/a5eJFOsv0Tf\/hRZVBAlJ3ZHKCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYLYIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKgYIKwY="}
-01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_tot_l4_data_len":4835,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+01244{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2884,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":8,"flow_first_seen":1490976195984,"flow_last_seen":1490976196034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
01382{"flow_id":156,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2885,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":34748,"pkt_caplen":764,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":764,"pkt_l4_len":730,"pkt":"ePiC0\/vCAMDKkVoBCABFAALu4NRAAPIGW4U0VD5zrBAq2AG7o7kDZHYe+muBiYAYAHZ4RwAAAQEICmz6hfcA9orgAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQS\/2oyBC7yKFb2GJpph+VEAhud80AYfLwHrlG0+0onox2mf1eonEqAhMH\/EANDV1Fj160WyB6vHQ+A0mQLCmmbABgEBABpj1KRclHhCpjIukJZGFy\/9M0vMIyhjAW51yo7mTClI2FZTwUYOX3lWEYuE6rDACM72R8aL7QYty04bFV8Srnx411EO7LhkyKUGWS50CeS8kBumZJb4XqDJKOHu7JyS5NXVQfg9mupECI4Bowvqef32hD28qdSukXuchQtN+hIEMnZ1m4iIvGF75WiiSLtQhXWpW\/OkK3d8xQqFuaDw1qmoEc8rfPBngIm5lkE\/OHH+JhTyju729oGksGpH55tcQzeqdifeQtPkJwLwYf+F\/95rXlzGwbtWR\/fsAWQ5xyyXrMih6kvLtkBNnPgyfPpqKn1kR6+K3n5pZp0GCuh4FbgWAwMABA4AAAA="}
00432{"flow_id":156,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":36165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnZAAEAG5p6sECrYNFQ+c6O5Abv6a4GJA2RqzoAQAWIdRAAAAQEICgD2iuNs+oX3"}
00432{"flow_id":156,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2887,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":36458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CndAAEAG5p2sECrYNFQ+c6O5Abv6a4GJA2RwdoAQAW0XkQAAAQEICgD2iuNs+oX3"}
02380{"flow_id":157,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":37522,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcpFlAAPIGlRI0VD5zrBAq2AG7o7r33SsPWDm8H4AQAHZEGgAAAQEICmz6j1gA9orgFgMDAFQCAABQAwN0QmB\/9WLZlS3e1cIb5Gb70pzs63s8uXZIHTHQlCi3NgDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMLowsAC58AC5wABlowggZWMIIFPqADAgECAhBpH0FX++InsW31pP5h+nftMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwOTIzMDAwMDAwWhcNMTcxMDI2MjM1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEoMCYGA1UEAwwfSW1hZ2VzLW5hLnNzbC1pbWFnZXMtYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEuJO\/+bBZp+65A3qd7KXAfp\/cKV5sEn6gPlLX+kNYjVLDHtwBivFeUG6bFEOhwWdlcNuDzu9KkW7lLTHitJ5nFNZV8ab6lWZc6IgABVBSUzarnyfLq7rKfC2JGnZNxMXEzi1Vj5qs4OUNzMETVJxx9HbMK3VCITO7h6OYz2D3VyZgIJwqq7Onpkkx2YSQTdtBy9Pr3Yx71pOWk\/3vh3jwlUgByGncft+zlHReypSHZCXLE\/RRSYVMOdSSWd9vlmStKxq5H0TRrvkLw+d3p5plGcmL7d1fjoFAWT259eL1DlUmYfkteR\/zCwtPSGW3K6F6CzoKpayF3+Zj22dILQUkCAwEAAaOCAtMwggLPMIGABgNVHREEeTB3gh9JbWFnZXMtbmEuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZXUuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZmUuc3NsLWltYWdlcy1hbWF6b24uY29tghJtLm1lZGlhLWFtYXpvbi5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdUkiseAAAEAwBHMEUCIQD6iIA+rmG7QUCCeoEWrVeccR1EZDWz9MXobNmyZkT4uQIgaiJVZCKRbwFdkbUxvM4Cisi\/8VdNDoagQ9TsWHWxRdUAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0\/7xAAAAVdUkitHAAAEAwBHMEUCIEoThh0jOnprHDW1k9YHcA6yuygvskznTHLMQPBWQS8oAiEAy\/WI\/dbVY6t2GtrwR2xpuZ7b0b0g40Bn0vI="}
-00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_tot_l4_data_len":1875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2888,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":6,"flow_first_seen":1490976195985,"flow_last_seen":1490976196037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02384{"flow_id":157,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2889,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":38086,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcpFpAAPIGlRE0VD5zrBAq2AG7o7r33TC3WDm8H4AQAHbkoAAAAQEICmz6j1gA9orgtH\/sB3rLMA0GCSqGSIb3DQEBCwUAA4IBAQBkiDIxxnEZQrKUokw1tGkpri5hfM77NzUNZVWC0Fgdg74+ZMaxjY5ejtf+ySz7Q4YfW\/gX7WyTv0J6x9UzilKxYpa3x1E+FkaueHDs9uPAqFWK3dEAeXxMgoNrRERymOERcZoEhmu4s90r+y6wcrksN9W2xICvAv60b4k6vUuYH9j27CDbSivSCe71iV6zZ+kGTvIhEJRdwt3iYMyQwQMN55VSSzpX+SrB2wiDul3yiV4HjaS703ElwqvtEXQGCQux6WhUMHOBXzY0kebNFDKYD63s\/sHwq4c2qTdzD3pvCQ16okmwVy481q+faunmHtn14Kr9QeLcLqT7vLASm9BTAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+k="}
02390{"flow_id":157,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":38701,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcpFtAAPIGlRA0VD5zrBAq2AG7o7r33TZfWDm8H4AQAHZDqQAAAQEICmz6j1gA9orgdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzI5MDkwMDU3WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEGkfQVf74iexbfWk\/mH6d+2AABgPMjAxNzAzMjkwOTAwNTdaoBEYDzIwMTcwNDA1MDkwMDU3WjANBgkqhkiG9w0BAQUFAAOCAQEAlbbCUTPj5w12J6GrEmf5hV4iufntZZG3Y8S0pI0kB7GvfElrulxav4QgdcZbLdUPkMWM9+kneCt+exqXrJeZ+COEhhUEqc\/nVfEavr\/oYR62P3Lz8Ut0O17jXqENh\/mbjRoREBil\/CIzWU+luSiF\/ZMRq0H1zEw\/mSTmMnhxRiz6ahuQV+JItIEhPJlQs5iWx8ruofIcqOvKelrA24cDxEyufpN9ZEfQvyl5ymmsDXK\/xcHYknZLM3WSC0UUBnlcq4NYqiQh5Pymkkp2G44BW2p9GbWOYszSsqf\/C+hiL7zN1WiscirUykahmZ7D1\/a5eJFOsv0Tf\/hRZVBAlJ3ZHKCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYLYIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKgYIKwY="}
-01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_tot_l4_data_len":4835,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+01244{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":8,"flow_first_seen":1490976195985,"flow_last_seen":1490976196038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
01385{"flow_id":157,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2891,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":38977,"pkt_caplen":764,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":764,"pkt_l4_len":730,"pkt":"ePiC0\/vCAMDKkVoBCABFAALupFxAAPIGl\/00VD5zrBAq2AG7o7r33TwHWDm8H4AYAHZioAAAAQEICmz6j1gA9orgAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQSg\/YDzpbMGRfYIi0q8QT\/d3pG3qpHDoLGOM7k\/h0MymO3MF0Y9WrK5dBzpfpi64vnW3gx\/n2iUbSc3VDLQwWA\/BgEBABc5u17NF4UcOMvIuCb5of2WctWdLjxKYJGb+vNJXEr+DK2PljjiwnirXBY2Vr+9MjsBFjdfKUQh6QoUmuH+ITHiDIQJrGdyfLBJUxjYSxygbcq7PFTLhWu0yexZgvQefSRBevcGVO9mybvKTuLjKH2wmm8AKm9HywyvszutP\/7Bltnoep6K\/1tGsVNteEtGPFsefdxyRFum6laVeWbpTlWtdH+9iGiZqznpe0HfpX0Fg4IRa3gLfNBqBSUGk\/iYVRnFXyrhSl9cThSOnERH0Gu2Dc8AQw99CmvvCYLm\/ZFv54cELZnDxLLLu4vssc3EnZp320TJj3U6oOCal5ncCsoWAwMABA4AAAA="}
02381{"flow_id":155,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":39960,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcoQ5AAPIGmF00VD5zrBAq2AG7o7jUvy2tHVNMTIAQAHZQkQAAAQEICmz6jKAA9orgFgMDAFQCAABQAwOoc\/4c7y2t24VDpst7Vx0u3G0aKvYyQd+r9kFRBGY3\/gDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMLowsAC58AC5wABlowggZWMIIFPqADAgECAhBpH0FX++InsW31pP5h+nftMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYwOTIzMDAwMDAwWhcNMTcxMDI2MjM1OTU5WjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEoMCYGA1UEAwwfSW1hZ2VzLW5hLnNzbC1pbWFnZXMtYW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALEuJO\/+bBZp+65A3qd7KXAfp\/cKV5sEn6gPlLX+kNYjVLDHtwBivFeUG6bFEOhwWdlcNuDzu9KkW7lLTHitJ5nFNZV8ab6lWZc6IgABVBSUzarnyfLq7rKfC2JGnZNxMXEzi1Vj5qs4OUNzMETVJxx9HbMK3VCITO7h6OYz2D3VyZgIJwqq7Onpkkx2YSQTdtBy9Pr3Yx71pOWk\/3vh3jwlUgByGncft+zlHReypSHZCXLE\/RRSYVMOdSSWd9vlmStKxq5H0TRrvkLw+d3p5plGcmL7d1fjoFAWT259eL1DlUmYfkteR\/zCwtPSGW3K6F6CzoKpayF3+Zj22dILQUkCAwEAAaOCAtMwggLPMIGABgNVHREEeTB3gh9JbWFnZXMtbmEuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZXUuc3NsLWltYWdlcy1hbWF6b24uY29tgh9pbWFnZXMtZmUuc3NsLWltYWdlcy1hbWF6b24uY29tghJtLm1lZGlhLWFtYXpvbi5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcnQwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVdUkiseAAAEAwBHMEUCIQD6iIA+rmG7QUCCeoEWrVeccR1EZDWz9MXobNmyZkT4uQIgaiJVZCKRbwFdkbUxvM4Cisi\/8VdNDoagQ9TsWHWxRdUAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0\/7xAAAAVdUkitHAAAEAwBHMEUCIEoThh0jOnprHDW1k9YHcA6yuygvskznTHLMQPBWQS8oAiEAy\/WI\/dbVY6t2GtrwR2xpuZ7b0b0g40Bn0vI="}
-00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_tot_l4_data_len":1875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2892,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":6,"flow_first_seen":1490976195983,"flow_last_seen":1490976196039,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02384{"flow_id":155,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2893,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":40642,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcoQ9AAPIGmFw0VD5zrBAq2AG7o7jUvzNVHVNMTIAQAHaylAAAAQEICmz6jKAA9orgtH\/sB3rLMA0GCSqGSIb3DQEBCwUAA4IBAQBkiDIxxnEZQrKUokw1tGkpri5hfM77NzUNZVWC0Fgdg74+ZMaxjY5ejtf+ySz7Q4YfW\/gX7WyTv0J6x9UzilKxYpa3x1E+FkaueHDs9uPAqFWK3dEAeXxMgoNrRERymOERcZoEhmu4s90r+y6wcrksN9W2xICvAv60b4k6vUuYH9j27CDbSivSCe71iV6zZ+kGTvIhEJRdwt3iYMyQwQMN55VSSzpX+SrB2wiDul3yiV4HjaS703ElwqvtEXQGCQux6WhUMHOBXzY0kebNFDKYD63s\/sHwq4c2qTdzD3pvCQ16okmwVy481q+faunmHtn14Kr9QeLcLqT7vLASm9BTAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+k="}
02390{"flow_id":155,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":41445,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcoRBAAPIGmFs0VD5zrBAq2AG7o7jUvzj9HVNMTIAQAHYRnQAAAQEICmz6jKAA9orgdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDBlEWAAZNAQAGSTCCBkUKAQCgggY+MIIGOgYJKwYBBQUHMAEBBIIGKzCCBicwgZ6iFgQURSACqIuKZZ91+vXpChp40vA3C54YDzIwMTcwMzI5MDkwMDU3WjBzMHEwSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c\/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEGkfQVf74iexbfWk\/mH6d+2AABgPMjAxNzAzMjkwOTAwNTdaoBEYDzIwMTcwNDA1MDkwMDU3WjANBgkqhkiG9w0BAQUFAAOCAQEAlbbCUTPj5w12J6GrEmf5hV4iufntZZG3Y8S0pI0kB7GvfElrulxav4QgdcZbLdUPkMWM9+kneCt+exqXrJeZ+COEhhUEqc\/nVfEavr\/oYR62P3Lz8Ut0O17jXqENh\/mbjRoREBil\/CIzWU+luSiF\/ZMRq0H1zEw\/mSTmMnhxRiz6ahuQV+JItIEhPJlQs5iWx8ruofIcqOvKelrA24cDxEyufpN9ZEfQvyl5ymmsDXK\/xcHYknZLM3WSC0UUBnlcq4NYqiQh5Pymkkp2G44BW2p9GbWOYszSsqf\/C+hiL7zN1WiscirUykahmZ7D1\/a5eJFOsv0Tf\/hRZVBAlJ3ZHKCCBG4wggRqMIIEZjCCA06gAwIBAgIQRGiQY2lIBdbK9v250cQFITANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDIwNDAwMDAwMFoXDTE3MDUwNTIzNTk1OVowQDE+MDwGA1UEAxM1U3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQgT0NTUCBSZXNwb25kZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqK0Kffb5Auqq\/RTKlGMWnpdC7JmtnGiOAYwvZN2YjMK6fnb0hAgOMG1rLR76AfOlvGZpXezKtbbVssGNNzBnwJfejjdD4jlaNV3g2Sbl02\/W0C1EsVV7s4J8Dmxg7llU8aWUd6qxYyXvCNgMr0zT44ABlcJe7lYNxneZPdVb5+8NG48QecxpmEgLmwiH886a9SxZ\/5oFPCbvui09qrD9ZZDZeTWx3jja9a9brKoIv8Lz2opoIuWL\/3FE0ksMFSK5zl4n4ihm\/0beCKOUAGnRvV8Lf2TnNlIaBm4HCrofyw\/wGBxcmFekRRMYMG3tUe+29l40aopWwNOI7L3BhPMTrAgMBAAGjggEcMIIBGDAPBgkrBgEFBQcwAQUEAgUAMCIGA1UdEQQbMBmkFzAVMRMwEQYDVQQDEwpUR1YtRC0zODU3MB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB0GA1UdDgQWBBRFIAKoi4pln3X69ekKGnjS8DcLnjAMBgNVHRMBAf8EAjAAMG4GA1UdIARnMGUwYwYLYIZIAYb4RQEHFwMwVDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKgYIKwY="}
-01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_tot_l4_data_len":4835,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
+01244{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2894,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":8,"flow_first_seen":1490976195983,"flow_last_seen":1490976196041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4563,"flow_avg_l4_payload_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AmazonVideo","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images-na.ssl-images-amazon.com","server_names":"images-na.ssl-images-amazon.com,images-eu.ssl-images-amazon.com,images-fe.ssl-images-amazon.com,m.media-amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=Images-na.ssl-images-amazon.com","alpn":"h2,http\/1.1","fingerprint":"39:3D:27:B3:4D:FA:B4:04:AB:48:7F:5C:CB:A9:9A:95:F5:22:2A:52"}}
01380{"flow_id":155,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2895,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":41545,"pkt_caplen":764,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":764,"pkt_l4_len":730,"pkt":"ePiC0\/vCAMDKkVoBCABFAALuoRFAAPIGm0g0VD5zrBAq2AG7o7jUvz6lHVNMTIAYAHa+pAAAAQEICmz6jKAA9orgAQUFBwICMB4aHCAgaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQB4HMFiNVhH\/deb\/gTB86atVF4ywqr0xapUyerApNwQq\/ERx+P2vuV6cbn7nw+nwAPKmQ2C1\/5mrPKO+CN8i46q+JdQmfb3UoTuoYQVXYzQ5WxhHij7MjF7swqsQ6AJAagWS\/6Sw4vnUhMJSJti+y6cojNMGRQ1Mn010zjA5f2mqtQbJcXTwe66\/hVsPQIMJFgkX565MDEbMxCO2AmjPJFfLBm0dCw5zcfFfjJS+xPuB8aEo67ogH19P5klyyuA4HZedrQHXKAwHnWUs\/h+mP27rKq05NZ00cCJLBBUa+lOYqRx\/HeSlpKdROtQa1wj09sFAyeSF2EkjMuvIXq7h0QOFgMDAU0MAAFJAwAXQQReLnO1yK+O1hSGuIReaMebRch2Xe6TWDBUnwt+D1SYCGRypj+hmH7Qh+HltcnWSknA\/atb+OjQUf+KtA0w4GXJBgEBAHf91ZU+eYq2X\/RC+cBvtaEpbl2cXDoj9FpIkCktDAP1HDtlPz0IE6Sja6HOaXTlzo1VDdYFnFiD+B0ipEmyHZih8Oku75K8XGYSdZad5bdvpNAm+9bkFTUMHsYgkWsJRqOY+WaUmp957y95rYkUpYh1QGv5EECSRbXcF8rb6aQ\/MCkpvsO9T7rNAOcWpZjFUBIBQ7XS+wndknD5ivF7KAKA8F2YYWhHkQmrqFIpRbu3FHx\/h3WkzQcHo1yMVMNiYBEppPOS6CU\/f++4UZgne7ViQA0LK30h4XuPcdRQTSnhLYto1fjZ8vbeDQsfkblEwru0sR2UkzRVzDvpYYW4EREWAwMABA4AAAA="}
00432{"flow_id":156,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":49390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnhAAEAG5pysECrYNFQ+c6O5Abv6a4GJA2R2HoAQAXkR3QAAAQEICgD2iuNs+oX3"}
00432{"flow_id":156,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2897,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":49681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0CnlAAEAG5pusECrYNFQ+c6O5Abv6a4GJA2R42IAQAYQPGAAAAQEICgD2iuNs+oX3"}
@@ -2159,40 +2159,40 @@
00415{"flow_id":158,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2911,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":75924,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWpAAEAG4tysECrYNu8csuLAAbtkEKeJW8DRcFAQAVdmrQAA"}
00786{"flow_id":157,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2912,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":76549,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ePiC0\/vCAMDKkVoBCABFAAE2pF1AAPIGmbQ0VD5zrBAq2AG7o7r33T7BWDm8nYAYAHY+jQAAAQEICmz6j1wA9orlFgMDAMoEAADGAAAqMADAgJEsFgnfW6+1G9seOjvPHM6O74JMDRDFUISq\/ppn0DO9aqruIOfVaR5LrTCCzy8t+KvEVEZ9qC43JZtWToJcUGose6HTIYlEGiWxuq6zP7rmzs3klvP\/ASgYWRHDJlJxizCvIVNDChtT8\/DKQWm\/tl5+cXUbRccAodB3\/kKSEPNKGrehSZKuuxZjaGA7gc6KQVGFmLyMXG7NZWcyhDbf4U17z4T1RaqgOXpDmPUyNVqXu084rLQyc78Pv9rFuOwyFAMDAAEBFgMDACj8V+syjbuyeyHSHjpxxn6M\/tvtoBCvs\/AvB2aRjdjw6LFR5aY80QeQ"}
00651{"flow_id":158,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":79939,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"AMDKkaPvePiC0\/vCCABFAADWLWtAAEAG4i2sECrYNu8csuLAAbtkEKeJW8DRcFAYAVdgIgAAFgMBAKkBAAClAwEIvZt9+BC6Nupqw3rZKTOo5DVtg3EJn2TLxazoTB5EvSCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2913,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":4,"flow_first_seen":1490976196016,"flow_last_seen":1490976196079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00784{"flow_id":155,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":89028,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ePiC0\/vCAMDKkVoBCABFAAE2oRJAAPIGnP80VD5zrBAq2AG7o7jUv0FfHVNMyoAYAHampQAAAQEICmz6jKUA9ormFgMDAMoEAADGAAAqMADAgJEsFgnfW6+1G9seOjvPHBogvEOu\/mn+xMz3rJx2AUVfQFoKjLNeTiME4nQZ8RKXytF+lLyuo9ZDzCQHOJq92cL3aZ0NIvvbSODO5dssY3WT85lFrxetrZn4ITURLaz+aUXYwxqxgJhJGFAznejdzxcrfRWBt8RQNAqGDRNR3r+hzWG7\/lxvrspn2og\/kb0BxnsslEivK2W3JF6EsAOQ2c7dtxrtSH9iH1FQb9r8RC1TsTCOLTVddXjMDRl\/grcnFAMDAAEBFgMDACg43\/PD1dhqSfT6rC3wIL9Q4NHZ9+CkGzCs5EkXkPvjLN4mSRPNXJ97"}
00425{"flow_id":158,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2928,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":143111,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoKCNAAOcGQSM27xyyrBAq2AG74sBbwNFwZBCoN1AQf\/rnWwAAAAAAAAAA"}
00537{"flow_id":158,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":143271,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ePiC0\/vCAMDKkVoBCABFAAB9KCZAAOcGQMs27xyyrBAq2AG74sBbwNFwZBCoN1AYf\/pUggAAFgMBAEoCAABGAwFY3n3EdqMpX58ZXpF2Q6Q1jZwfZ4R0vjI8oQRX\/yTXKSCh56jEaMWoPL9OuslqKXpycwU0yxHxmHJEb6cXK1MHCAAvABQDAQABAQ=="}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_tot_l4_data_len":407,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2929,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":6,"flow_first_seen":1490976196016,"flow_last_seen":1490976196143,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
00491{"flow_id":158,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2930,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":143317,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"ePiC0\/vCAMDKkVoBCABFAABdKDRAAOcGQN027xyyrBAq2AG74sBbwNHFZBCoN1AYf\/oYgQAAFgMBADCJz2Z1Hciu4Jc7mGhTYE9YtOvxsJHpLsZEwejRBcKX73Y17G7NADlcbD9xgnDCzCU="}
00416{"flow_id":158,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2932,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":144592,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLWxAAEAG4tqsECrYNu8csuLAAbtkEKg3W8DRxVAQAVdlqgAA"}
00416{"flow_id":158,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2933,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":147041,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoLW1AAEAG4tmsECrYNu8csuLAAbtkEKg3W8DR+lAQAVdldQAA"}
00499{"flow_id":158,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2934,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":147954,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"AMDKkaPvePiC0\/vCCABFAABjLW5AAEAG4p2sECrYNu8csuLAAbtkEKg3W8DR+lAYAVeqEQAAFAMBAAEBFgMBADD2QvgoZCzL2sq9QkWBCk4oZYYnMOqmN0xgX5RLRlGnxcOsJXhxtOLqkEjsjWjhac0="}
01086{"flow_id":158,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":149644,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"AMDKkaPvePiC0\/vCCABFAAISLW9AAEAG4O2sECrYNu8csuLAAbtkEKhyW8DR+lAYAVfCVwAAFwMBACAq1pVXkGSW4f2YohoU+FIGpU10z0bdYKMLfEeBr1uVNhcDAQHAfuhhV8jDb3AMgYqrEAETSCFFdqHfJVviEQ8iPKs82cgGEJmw8cZX+0\/Tue8IqHeSYG25k3IedqFe++SBL4MVz2MbqgnG4hrhn0JcN3IUcj8gQFNfrpCBt7iLoL4qvQ5g81iZ2SzcatlKm2X2qtG6wRqOll220jIzVJlE0rDIU\/0tjXGOKpgW4jQrPDyzvsZsYifXbLKNlILac7lviqRlZsj+XbS5GiB3tGTtwuP9XnxXgEPPPwPD2Se4Le++yQkCaK+MlvF\/Tg6HPxctU+vgRJ691Ss2\/ZKGIqHlZh25\/2ux843yj0CESkW5C8Yfye0GkBwqUHoY0oJJ39jXZ7PnGcGfEYPegzYKSx7fA4o\/nqR2lEHu1ieFqTR+1O+e0QxVk0JauRqix7VF26ojv1ejMe1iMoyMSzCX59i4jFk8nPX1naK1fTnzojXksdlA7MQhEQeqcWAxvjI712FwqBANLeztME\/TxY7rW5H0bjc\/ZunyqwxdXMRQy\/xuxzCjrvGfff9tc8OnNgdiHqJm8MLH93hv9AgKGuTqdXWnErvhCpycV1FwvzfzAn+52a\/rbSMXaKJpwMltLLU3EYuMM3pfbA=="}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_tot_l4_data_len":2354,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1366,"flow_avg_l4_data_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_tot_l4_data_len":9214,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_tot_l4_data_len":5532,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_tot_l4_data_len":5242,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":227,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_tot_l4_data_len":7319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":318,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_tot_l4_data_len":983,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_tot_l4_data_len":902,"flow_min_l4_data_len":20,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_tot_l4_data_len":18692,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":566,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":10,"flow_first_seen":1490976071237,"flow_last_seen":1490976075957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":28,"flow_first_seen":1490976071286,"flow_last_seen":1490976075975,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8626,"flow_avg_l4_payload_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45693,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":20,"flow_first_seen":1490976071306,"flow_last_seen":1490976075950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5104,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":23,"flow_first_seen":1490976071349,"flow_last_seen":1490976075957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4754,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45695,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":23,"flow_first_seen":1490976071380,"flow_last_seen":1490976075949,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6831,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45696,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":14,"flow_first_seen":1490976071385,"flow_last_seen":1490976075957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":675,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45697,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":15,"flow_first_seen":1490976071583,"flow_last_seen":1490976075957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2936,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":33,"flow_first_seen":1490976064452,"flow_last_seen":1490976068180,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":17572,"flow_avg_l4_payload_len":532,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.216","src_port":54434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":158,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2937,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":206840,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGApAAOcGUTw27xyyrBAq2AG74sBbwNH6ZBCoclAQf\/nmlwAAAAAAAAAA"}
00426{"flow_id":158,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2938,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":206984,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoGA1AAOcGUTk27xyyrBAq2AG74sBbwNH6ZBCqXFAQf\/HktQAAAAAAAAAA"}
01233{"flow_id":158,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":210247,"pkt_caplen":651,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":651,"pkt_l4_len":617,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJ9GDhAAOcGTrk27xyyrBAq2AG74sBbwNH6ZBCqXFAY\/cTfAAAAFwMBAlA1\/jeW82DEgSiFV2UMawc3\/qHF7N+D9KTUZEWtF6KLA1Ve83SXjzsPkBsG1pIB6OXd6Z2YKnAb6s7oGvPyPCwwd+z88+vxjPlDvQ8Op\/xy+2QYKg5zNjX+FBB5TcguCVVaR\/qYj\/blYX9piqHP3WmhSQSOG03BpWYgdWXM23vcEg9yEeWEJphAbJPfg8GMYMhUr9FCOAl\/s7CLpm\/fwYrx\/A\/szEDOr9GDpUNxRwrY54nsI8++8pYTf40Z64+qZLGQXTgkG1lo6z\/j3MSYbnZKoZsu+6XN6+JS1bQHFz5yXbVfArwVIiwHuG6lFBh2uxwi5g+ZL\/ONXCuojIdIJLGmJ1lQlR0rTq3GqAqcKAX51z19zV1+9kyAmzmBH+ioagfm8N2Luh652u2undAmnBRwTbO7u3Z91\/ILkjah7fdFAOBkP44NU9Cte509wVjhjQw3WwI1s6GRWVqN1CY2WUWJNyOd61mxdxtGNMwMoPAI82tiMRnoRiuHdYAIRjppSiFswruRjd2SC7jiSw5Ht386QGxOSJbk3LIt9QpedaBeP5Y4\/ZiDE63NVjisHpYW6wWhJPkJHqbsTP\/I0Ay2RPI9BDFbohTw9h8syJeSs7sHEHIKj0drsiXFz4Vx1YVanVtIVawoCqqottCkUqmNTAkcqXU7iujU2aR0aEF+m\/KcKgJtSY+faBw6PvIo1o19pfD+mkfXzTqB72f6QiMLSNcIp3bh60ZcK73sGWTGOrrl3166rV3CM6ZYjQgXhush\/jmCb8q7BFaN8gfkhAImtrTk"}
00471{"flow_id":158,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":219421,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AMDKkaPvePiC0\/vCCABFAABNLXBAAEAG4rGsECrYNu8csuLAAbtkEKpcW8DUT1AYAVvbAwAAFQMBACCZ0zYYKq2pf3c+\/yzZ9rYaEKoGfov5k19l\/J3sUoGLzg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1490976196223,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1490976196223,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":223999,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8Y0xAAEAG+qKsECrYNFXRj5ZTAbu3TOm6AAAAAKAC\/\/+mLwAAAgQFtAQCCAoA9or2AAAAAAEDAwg="}
00444{"flow_id":159,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2943,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":257995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA8AABAAPMGqu40VdGPrBAq2AG7llOp3LO0t0zpu6AScSBd6wAAAgQFtAQCCApt5QucAPaK9gEDAwg="}
00432{"flow_id":159,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":259088,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y01AAEAG+qmsECrYNFXRj5ZTAbu3TOm7qdyztYAQAVf8fgAAAQEICgD2ivlt5Quc"}
00697{"flow_id":159,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":261315,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"pkt":"AMDKkaPvePiC0\/vCCABFAAD2Y05AAEAG+easECrYNFXRj5ZTAbu3TOm7qdyztYAYAVe1MwAAAQEICgD2ivpt5QucFgMBAL0BAAC5AwOo7Axkb8GLUakvQG63Tsv7HZAz5uQ4F\/rfU5NRiOqOZwAALMArwCzAL8AwAJ4An8AJwArAE8AUADMAOQAyADjAB8ARAJwAnQAvADUABQD\/AQAAZAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":32,"flow_max_l4_data_len":226,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2945,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":4,"flow_first_seen":1490976196223,"flow_last_seen":1490976196261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00432{"flow_id":159,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2949,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":295914,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ePiC0\/vCAMDKkVoBCABFAAA0uBVAAPMG8uA0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHb8mAAAAQEICm3lC6AA9or6"}
02378{"flow_id":159,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":300973,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcuBZAAPMG7Tc0VdGPrBAq2AG7llOp3LO1t0zqfYAQAHbCLAAAAQEICm3lC6AA9or6FgMDADkCAAA1AwOITJ+WtrmemlElVvtzO5mNNeHpceR5rWEa3LkT6uGYtgDALwAADf8BAAEAAAsABAMAAQIWAwML6AsAC+QAC+EABp8wggabMIIFg6ADAgECAhAdSr2qeNCa\/nmdQbzrenZiMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTYxMDMxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEXMBUGA1UEAwwOd3d3LmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCWihndZ\/4HxzWdNmP\/XjAI8iPKFw5XnK0RlANu1+1aLE7FOkbZKWTYYjWnO0RKmikGZtj+Fozlg1YNgMevTUBC\/MCrCw3LPmxfivK2QgRYj3YOiYpu\/FAqvLSbRm6P0zNptlva8dvR1tbBSXbJefmeV8clJ+YPRNLdQU1pDNcTEWeUpT+LtWiYsQH870618nRXZdnNvM7HdF+9PLnCafgDEILucZGSU0EpVr6elGXTOP6WjIJoz4AXlhX1ltREi7FiJk5be7ZrrpXNjAJFrYR20hs8As791KsU0C5oCEqqkU3Q4HjZ3XohZQ4qIyIcMkvnXZgAkkGZ9A8jt9VC1cnAgMBAAGjggMpMIIDJTCB1AYDVR0RBIHMMIHJggphbWF6b24uY29tgghhbXpuLmNvbYIRdWVkYXRhLmFtYXpvbi5jb22CDXVzLmFtYXpvbi5jb22CDnd3dy5hbWF6b24uY29tggx3d3cuYW16bi5jb22CFGNvcnBvcmF0ZS5hbWF6b24uY29tghFidXlib3guYW1hem9uLmNvbYIRaXBob25lLmFtYXpvbi5jb22CDXlwLmFtYXpvbi5jb22CD2hvbWUuYW1hem9uLmNvbYIVb3JpZ2luLXd3dy5hbWF6b24uY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFYGJ\/J8QAABAMASDBGAiEA6fFlggg6W7QvWe9jf7KTwDKBjO3dGyhkPVZyzlOX5b8CIQCuPTe0zJihJrUjbnOuq6NcNCnkacxegjQwcBcg1ZwRXQB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABWBifyhoAAAQDAEgwRgIhANGVBDwoLZH9u855YmvQUZ53FuM="}
-00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_tot_l4_data_len":1850,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2950,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":6,"flow_first_seen":1490976196223,"flow_last_seen":1490976196300,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1642,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02382{"flow_id":159,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2951,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":301456,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcuBdAAPMG7TY0VdGPrBAq2AG7llOp3Lldt0zqfYAQAHZ3mQAAAQEICm3lC6AA9or6E4OglejZEYKSCHekRQIhALbGyJPwAagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA65KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oVphsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46iwZst4TwdwO3\/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuADJelImPs\/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWuBpx0qrpruMAUU1lOJrg\/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N\/7jW6zKh5RjSgrr6H7ZhiwtwpJzLsjT1CXAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw="}
01203{"flow_id":159,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":301692,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":632,"pkt_l4_len":598,"pkt":"ePiC0\/vCAMDKkVoBCABFAAJquBhAAPMG8Kc0VdGPrBAq2AG7llOp3L8Ft0zqfYAYAHa4sgAAAQEICm3lC6AA9or6N5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHFgMDAU0MAAFJAwAXQQTdmbnpP4Fr5ZI1YgCAhOYyjc9sYpjvH\/OqjLe3kIpRyPPyrf9Om\/\/HCcOpvYjIIn1gaUttI+YofYUnMZg3SNBtBgEBAC\/uQDLLqN5O+ThJQ+QVG7GWvM3ziNJqgtkZyPzgvKZluz+h2NGdY9eXTJc2sfMokjnSoqaqklmh9lcmzwj7UpZHwjrob576dByUr8cJqUAOcfjJSk5JFsXX05Gw1WNdEb+nHcH0qroqmJfsAQUKjlqBrzFlmiZejvqj13\/9IhrYr3PQIcofWAcNaXdDKw4bj1AVxLM7zdvwFv6AeJkn4jC2StiLa+BlPEqN7nLedCsF08Bj68Fk80kkhm0tN00EPXWikwu42X2y\/BMlqM16Jp1GjOhE9l9Nu3aKlGBjEtmgHi5NeVz2Qq6YscMwi5iovtSAAon9y1bB\/nQo5vpTnhMWAwMABA4AAAA="}
-01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_tot_l4_data_len":3928,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":491,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
+01335{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2952,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":8,"flow_first_seen":1490976196223,"flow_last_seen":1490976196301,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3656,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"amazon.com,amzn.com,uedata.amazon.com,us.amazon.com,www.amazon.com,www.amzn.com,corporate.amazon.com,buybox.amazon.com,iphone.amazon.com,yp.amazon.com,home.amazon.com,origin-www.amazon.com","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com","fingerprint":"EF:14:6C:F1:5C:4A:F8:4D:BA:83:C2:1E:6C:5B:ED:C4:FA:34:1C:3E"}}
00432{"flow_id":159,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":304178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y09AAEAG+qesECrYNFXRj5ZTAbu3TOp9qdy5XYAQAWL2AAAAAQEICgD2iv5t5Qug"}
00434{"flow_id":159,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2955,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":304458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y1BAAEAG+qasECrYNFXRj5ZTAbu3TOp9qdy\/BYAQAW3wTQAAAQEICgD2iv5t5Qug"}
00433{"flow_id":159,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":304589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AMDKkaPvePiC0\/vCCABFAAA0Y1FAAEAG+qWsECrYNFXRj5ZTAbu3TOp9qdzBO4AQAXnuCwAAAQEICgD2iv5t5Qug"}
@@ -2200,31 +2200,31 @@
00505{"flow_id":159,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2961,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":370517,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ePiC0\/vCAMDKkVoBCABFAABnuBlAAPMG8qk0VdGPrBAq2AG7llOp3ME7t0zq+4AYAHbPRAAAAQEICm3lC6gA9osBFAMDAAEBFgMDAChWudD8\/Y9J6iJCqyx9UWDG+p1Ub4eVKBZ3gW7Vx+dmvGpgw45iiD\/j"}
01334{"flow_id":159,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2962,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":373815,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"AMDKkaPvePiC0\/vCCABFAALOY1NAAEAG+AmsECrYNFXRj5ZTAbu3TOr7qdzBboAYAXlOFQAAAQEICgD2iwVt5QuoFwMDApWR9kFTQTtEBqum0EOS54kK\/epsHsDCbY7my0cAB1FPW0FCw21SaHYyIKUII2ByVhf9srRtUVVn6z0EqiLG2dN048J0aVusxa26nLLQ0bpNxGyBJ8ppSVBNGAnADD\/GDEqtDTrqcx2rrnqKxIZ8wW4miwQUrshxTEhQWI3Auyv7ZupuT8t0jr7+4WdRyEhhUgQDZ3DkgwELqMwy4t1a8Bz2WbLalJlVE2YmoxqeQSdHyu\/QjalHgk29L6a+XFwbzflhmufDCku1E7MCBtXII2fEec\/+0NXtnDt9Lz9gJUUsvwM2JHMwWiMotJRE3NpmjlKfztTrTsezIE7+gHjxvzGX46xTnt\/myJC82Amw8jyngPyyFkbbB7ZyaMIVKRDz69P1K8+ZFa5p7PCrUIT9FcBqp9K\/G051BsaMwnxsMa6fTuO844ng4YA31nxItBLy9dEnngHNKmof+I2MCyeDgmlQ5VGOGUdiWqAWWnOsC6N5nUFkywJmkDP7Tl4qvLaTgoxs1Uxfv+OvuPG9kehg2KICCbcs1wRgOQM86wVQTAV8CtdOsbXOy\/QXS757w3sstI7gYDyfmSNi+VMqXHtwQzEduoBvrt6ScxczDMcjXXui+gWSwLKBnzQJpnwwVEFXhRym3fXlnHviTQUFTuMqZNe9UTsQ6kPxewp2QTeIdFLUWLlOZj4hHUI0FNpp64LA\/L+b0KNo4y1ym+WB2zzAWhufnwyrxeXGj\/rBrMbhhcTEmBrl+4Oll9C4gNFYubIUi\/r1Cwm0aVNpKUyNbrEVjF6oNhDJE8deJu3ibFJMlG4cG928VDAhCH5ghY7ytmiA2E1sKnpzOkAuzYDGl0Lh2d4wEsI7U5BLlfA3nluj9HVNyeWAZ5CN"}
01335{"flow_id":159,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3019,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":600964,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"AMDKkaPvePiC0\/vCCABFAALOY1RAAEAG+AisECrYNFXRj5ZTAbu3TOr7qdzBboAYAXlN\/gAAAQEICgD2ixxt5QuoFwMDApWR9kFTQTtEBqum0EOS54kK\/epsHsDCbY7my0cAB1FPW0FCw21SaHYyIKUII2ByVhf9srRtUVVn6z0EqiLG2dN048J0aVusxa26nLLQ0bpNxGyBJ8ppSVBNGAnADD\/GDEqtDTrqcx2rrnqKxIZ8wW4miwQUrshxTEhQWI3Auyv7ZupuT8t0jr7+4WdRyEhhUgQDZ3DkgwELqMwy4t1a8Bz2WbLalJlVE2YmoxqeQSdHyu\/QjalHgk29L6a+XFwbzflhmufDCku1E7MCBtXII2fEec\/+0NXtnDt9Lz9gJUUsvwM2JHMwWiMotJRE3NpmjlKfztTrTsezIE7+gHjxvzGX46xTnt\/myJC82Amw8jyngPyyFkbbB7ZyaMIVKRDz69P1K8+ZFa5p7PCrUIT9FcBqp9K\/G051BsaMwnxsMa6fTuO844ng4YA31nxItBLy9dEnngHNKmof+I2MCyeDgmlQ5VGOGUdiWqAWWnOsC6N5nUFkywJmkDP7Tl4qvLaTgoxs1Uxfv+OvuPG9kehg2KICCbcs1wRgOQM86wVQTAV8CtdOsbXOy\/QXS757w3sstI7gYDyfmSNi+VMqXHtwQzEduoBvrt6ScxczDMcjXXui+gWSwLKBnzQJpnwwVEFXhRym3fXlnHviTQUFTuMqZNe9UTsQ6kPxewp2QTeIdFLUWLlOZj4hHUI0FNpp64LA\/L+b0KNo4y1ym+WB2zzAWhufnwyrxeXGj\/rBrMbhhcTEmBrl+4Oll9C4gNFYubIUi\/r1Cwm0aVNpKUyNbrEVjF6oNhDJE8deJu3ibFJMlG4cG928VDAhCH5ghY7ytmiA2E1sKnpzOkAuzYDGl0Lh2d4wEsI7U5BLlfA3nluj9HVNyeWAZ5CN"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":840676,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WmdAAEARM02sECrYrBAqAQqTADUAK8ZJ2BYBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3210,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1490976196840,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00468{"flow_id":160,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":938799,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP7ApAAEARoZmsECoBrBAq2AA1CpMAO2jR2BaBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAA7AARIFc55"}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":43,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1490976196942,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3347,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.121"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1490976196942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3351,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976196,"pkt_ts_usec":942963,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA85QlAAEAGaDusECrYSBXOebn1AbuZi243AAAAAKAC\/\/8K4AAAAgQFtAQCCAoA9os+AAAAAAEDAwg="}
00428{"flow_id":161,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3353,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":23104,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwSYFAAOcGXM9IFc55rBAq2AG7ufUB00CKmYtuOHASH\/5wwgAAAgQFtAEDAwY="}
00415{"flow_id":161,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3354,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":24461,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5QpAAEAGaE6sECrYSBXOebn1AbuZi244AdNAi1AQAVe7MwAA"}
00696{"flow_id":161,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":26574,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD15QtAAEAGZ4CsECrYSBXOebn1AbuZi244AdNAi1AYAVcK3wAAFgMBAMgBAADEAwPgpEwF\/Xat48+4W37drUaLhGz9wRo+dbZ872q4eXXW7QAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe0pKAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIqqoAHQAXABgKCgABAA=="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":225,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3355,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":4,"flow_first_seen":1490976196942,"flow_last_seen":1490976197026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":161,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3356,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":73735,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo8eNAANsGwHRIFc55rBAq2AG7ufUB00CLmYtuOFAQARy7bgAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1490976197297,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1490976197297,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3357,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":297649,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8At9AAEAGSmasECrYSBXOebn2AbvarIm+AAAAAKAC\/\/+uEwAAAgQFtAQCCAoA9othAAAAAAEDAwg="}
00697{"flow_id":161,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3358,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":305856,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD15QxAAEAGZ3+sECrYSBXOebn1AbuZi244AdNAi1AYAVcK3wAAFgMBAMgBAADEAwPgpEwF\/Xat48+4W37drUaLhGz9wRo+dbZ872q4eXXW7QAAIOrqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAe0pKAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIqqoAHQAXABgKCgABAA=="}
00429{"flow_id":162,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3361,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":355099,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAw5DlAAOcGwhZIFc55rBAq2AG7ufYaDpo72qyJv3ASH\/6iLAAAAgQFtAEDAwY="}
00417{"flow_id":162,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3362,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":356307,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuBAAEAGSnmsECrYSBXOebn2AbvarIm\/Gg6aPFAQAVfsnQAA"}
00699{"flow_id":162,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":357234,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"AMDKkaPvePiC0\/vCCABFAAD1AuFAAEAGSausECrYSBXOebn2AbvarIm\/Gg6aPFAYAVf7IAAAFgMBAMgBAADEAwOvXx4qoD9hGvfdVqZ\/Da8Sic0\/mG13oBFGNV7wDdZlEgAAIKqqzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAexoaAAD\/AQABAAAAABYAFAAAEWZscy1uYS5hbWF6b24uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIWloAHQAXABgqKgABAA=="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":225,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3363,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":4,"flow_first_seen":1490976197297,"flow_last_seen":1490976197357,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00424{"flow_id":161,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3364,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":363647,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAo8eRAANsGwHNIFc55rBAq2AG7ufUB00CLmYtvBVAQASy6kQAAAAAAAAAA"}
02379{"flow_id":161,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":363795,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc8eVAANsGur5IFc55rBAq2AG7ufUB00CLmYtvBVAQASwbZwAAFgMDAGwCAABoAwPOAf88UvpX+7ZcraIGlUYPq7UQc8HBPQaYwBCIuU8KTiAtUR6zlCY0QJiHXwHjTYDYbMxvsohm\/FCDGCahoL5PjMAvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLbwsAC2sAC2gABiYwggYiMIIFCqADAgECAhAjXKYxTs1ErLy+l509p0IQMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTA3MDAwMDAwWhcNMTgwMTMwMjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEaMBgGA1UEAwwRZmxzLW5hLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiX1uuFeHp7s\/u9RJVeIg7pSJGX42DFxgePcypEXRXU1o3cArZybBO2C5Lpg6GM3f45K4KToO0khIXQJB7mXH4bbbQ3+YNFdt7793pBUrodbhy1vNPfwwdBaxsqZ6o5AMBkbpsaSUOdcoTvF9z7DiYKtABRBdPFplNooNjVCUNw9hfksqkbBfzmRXOVJUe6FB2TYGtc1mXHHxQSxvyBoGKYrbiWmhKRKN2oU7shNkGGr+2AY1qqKK5nRLcdy57snSkPzc1VrU7kChpo1TaC6Boi5W9qzCYG13onxMu6WbKte80fZF9+vPs9N9E66H+HyD7t7ZkEmtZMIt4ZpLRyDj9AgMBAAGjggKtMIICqTBaBgNVHREEUzBRghBmbHMtbmEuYW1hem9uLmNhghFmbHMtbmEuYW1hem9uLmNvbYIUZmxzLW5hLmFtYXpvbi5jb20uYnKCFGZscy1uYS5hbWF6b24uY29tLm14MAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZeQ7n1QAABAMARzBFAiEAyqHpuySuZQoGcM+I+Z0wX00rBtbjPPh\/qzCzZAyUhAoCIAhBWQVD0U3G8MO5dyAwrlvYf2mmJVOHUcCx971NZg0sAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFZeQ7oJwAABAMASDBGAiEA\/RAOoLROyik62vKihf3Zx1TBs1KxISOTjmjnjZrbf64CIQDPCRXOcglmhnaH9koY+cdNR\/1ozx5g78hwrDg9pc0RtzANBgkqhkiG9w0BAQsFAAOCAQEAoKU0Dbk5SCaAT6\/D0vE="}
-00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_tot_l4_data_len":2058,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00804{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3365,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":8,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1870,"flow_avg_l4_payload_len":233,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02385{"flow_id":161,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3366,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":363878,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc8eZAANsGur1IFc55rBAq2AG7ufUB00Y\/mYtvBVAQASxVhwAAUSPF\/O4EUbS8iqtYW7XeLLFSQkwsNcW0blJi29ViWiroJecqf42koTiJbu21bzXz9NnWx3QZbP7HECKHS8zsIT3wSAg60lzeHBDW9OEnRzctCFd061UcVfmvjmUGgRaAHvZ7KX0Enz4wDCPEaugLfuNk0KjthMfnxC15ABSBgZ3qZBOnTbwhDWuR8lFaApR2cPTN2navpN7AHeLN5gXvpLuLlv7EGbuQwuxCa1AGr9yt4Oc1bKCLJ9usVuCIWzTdGAutoouvNMxOnvMTumCjH0ejhkZjzXQl8u+jtC5TbVZqImKVOkayTYaP10vdNEAbljkABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jM="}
02391{"flow_id":161,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":363937,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXc8edAANsGurxIFc55rBAq2AG7ufUB00vzmYtvBVAQASwBDgAAguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMGURYABk0BAAZJMIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pln3X69ekKGnjS8DcLnhgPMjAxNzAzMzExNDQ0NTVaMHMwcTBJMAkGBSsOAwIaBQAEFNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQI1ymMU7NRKy8vpedPadCEIAAGA8yMDE3MDMzMTE0NDQ1NVqgERgPMjAxNzA0MDcxNDQ0NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBF6EKFZ1knzWaKjpd1EHbBhF+vBD+Pb5jGJvQ7g3vJZu86FO4kCtZBxKZ0Otr7kXawtFLPQhcBgtM3WGLDS7\/6wvTJdN4fZ0QyzCzTp6q+8UwYOO7uy7R3q0Sob7e\/vf5C10NcDwAqtk4zy4mw2gjKcjCEchqehMvhhObJZfZiwBSeTqEt4ZSJ0gBT\/rv1ZbLkIKs6y\/yS3trFv2EXbi1dDhXd+s5gDJQ+Z4IuN0AmnUA9gLpR7559r6n42AR1MvfF9nRl2troBchZJCqslWOgwvx\/Ih\/1i9PisnYAZyVoek0PXB\/OG\/kMnOd0UZkuJLSgx4XYAXEX2FgTY+xHklRooIIEbjCCBGowggRmMIIDTqADAgECAhBEaJBjaUgF1sr2\/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMwrp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7w0bjxB5zGmYSAubCIfzzpr1LFn\/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi\/wvPaimgi5Yv\/cUTSSwwVIrnOXifiKGb\/Rt4Io5QAadG9Xwt\/ZOc2UhoGbgcKuh\/LD\/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUgAqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB\/wQCMAAwbgYDVR0gBGcwZTBjBgtghkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1U="}
-01162{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_tot_l4_data_len":5018,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+01173{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3367,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":10,"flow_first_seen":1490976196942,"flow_last_seen":1490976197363,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4790,"flow_avg_l4_payload_len":479,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
01282{"flow_id":161,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3368,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":363976,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKi8ehAANsGvfVIFc55rBAq2AG7ufUB01GnmYtvBVAYASzZSQAAHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4\/a+5XpxufufD6fAA8qZDYLX\/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsyMXuzCqxDoAkBqBZL\/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl\/aaq1BslxdPB7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiAfX0\/mSXLK4Dgdl52tAdcoDAedZSz+H6Y\/busqrTk1nTRwIksEFRr6U5ipHH8d5KWkp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4WAwMBTQwAAUkDABdBBMd9bOsre+oDYVZ0qmDKBCWcTRmbZ4xNISLptCmJ2S0K7IppV6f1j7dBIyFIMFP\/wODrAfliVSz44H5ECfSVmd8GAQEALLiZpyBS3moGlZWBhoMEbneiab+LOW\/E6aqvn4\/ROErOmQJSzjP5ifYX7JmOFTEFajZb+bNwtEj3aUrrKog\/FWs5WxBLvq07D91SueiYs7zvyY5CXSDhfLuNV+4gEuNGRAFljwBE7TJ081Y2A5FdBRv+gOncA\/c7T6DLC6R9aAPeZ86JBf8YYTwjctLrJqTaEPC\/DtdVOy5Fd9LgkXtsgU43H\/+hQetxqnzfErw4EGnSZBhaDNPLVCBqz+CLI0y5Zh5ENd4Spy7Zft4GK+d9lQ0Jd+N5Die1kVQ9XKLc\/JFxsmEypqyByTHtzeY1bcHc7+M2qGoMre6SAv6h4OQwgBYDAwAEDgAAAA=="}
00417{"flow_id":161,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3369,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":367339,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5Q1AAEAGaEusECrYSBXOebn1AbuZi28FAdNGP1AQAWK0pwAA"}
00417{"flow_id":161,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3370,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":367593,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo5Q5AAEAGaEqsECrYSBXOebn1AbuZi28FAdNL81AQAW2u6AAA"}
@@ -2233,140 +2233,140 @@
00424{"flow_id":162,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3375,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":531809,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoFXlAANsGnN9IFc55rBAq2AG7ufYaDpo82qyJv1AQARzs2AAAAAAAAAAA"}
00424{"flow_id":162,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3376,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":531943,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAoFXpAANsGnN5IFc55rBAq2AG7ufYaDpo82qyKjFAQASzr+wAAAAAAAAAA"}
02380{"flow_id":162,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":532482,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcFXtAANsGlylIFc55rBAq2AG7ufYaDpo82qyKjFAQASwiRAAAFgMDAGwCAABoAwO5WKdwm7z7kCLhq0qcFlDEutB5z\/OteruJnxh3pbdF8iCRdsiwRX7lBuKi2xkvVBvsi\/pEkh+mqwTu4hSpvMh0GcAvAAAg\/wEAAQAACwAEAwABAgAFAAAAEAALAAkIaHR0cC8xLjEWAwMLbwsAC2sAC2gABiYwggYiMIIFCqADAgECAhAjXKYxTs1ErLy+l509p0IQMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMTA3MDAwMDAwWhcNMTgwMTMwMjM1OTU5WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEZMBcGA1UECgwQQW1hem9uLmNvbSwgSW5jLjEaMBgGA1UEAwwRZmxzLW5hLmFtYXpvbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiX1uuFeHp7s\/u9RJVeIg7pSJGX42DFxgePcypEXRXU1o3cArZybBO2C5Lpg6GM3f45K4KToO0khIXQJB7mXH4bbbQ3+YNFdt7793pBUrodbhy1vNPfwwdBaxsqZ6o5AMBkbpsaSUOdcoTvF9z7DiYKtABRBdPFplNooNjVCUNw9hfksqkbBfzmRXOVJUe6FB2TYGtc1mXHHxQSxvyBoGKYrbiWmhKRKN2oU7shNkGGr+2AY1qqKK5nRLcdy57snSkPzc1VrU7kChpo1TaC6Boi5W9qzCYG13onxMu6WbKte80fZF9+vPs9N9E66H+HyD7t7ZkEmtZMIt4ZpLRyDj9AgMBAAGjggKtMIICqTBaBgNVHREEUzBRghBmbHMtbmEuYW1hem9uLmNhghFmbHMtbmEuYW1hem9uLmNvbYIUZmxzLW5hLmFtYXpvbi5jb20uYnKCFGZscy1uYS5hbWF6b24uY29tLm14MAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFZeQ7n1QAABAMARzBFAiEAyqHpuySuZQoGcM+I+Z0wX00rBtbjPPh\/qzCzZAyUhAoCIAhBWQVD0U3G8MO5dyAwrlvYf2mmJVOHUcCx971NZg0sAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFZeQ7oJwAABAMASDBGAiEA\/RAOoLROyik62vKihf3Zx1TBs1KxISOTjmjnjZrbf64CIQDPCRXOcglmhnaH9koY+cdNR\/1ozx5g78hwrDg9pc0RtzANBgkqhkiG9w0BAQsFAAOCAQEAoKU0Dbk5SCaAT6\/D0vE="}
-00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_tot_l4_data_len":1833,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00804{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3377,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":7,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1665,"flow_avg_l4_payload_len":237,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02385{"flow_id":162,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3378,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":532619,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcFXxAANsGlyhIFc55rBAq2AG7ufYaDp\/w2qyKjFAQASyG8QAAUSPF\/O4EUbS8iqtYW7XeLLFSQkwsNcW0blJi29ViWiroJecqf42koTiJbu21bzXz9NnWx3QZbP7HECKHS8zsIT3wSAg60lzeHBDW9OEnRzctCFd061UcVfmvjmUGgRaAHvZ7KX0Enz4wDCPEaugLfuNk0KjthMfnxC15ABSBgZ3qZBOnTbwhDWuR8lFaApR2cPTN2navpN7AHeLN5gXvpLuLlv7EGbuQwuxCa1AGr9yt4Oc1bKCLJ9usVuCIWzTdGAutoouvNMxOnvMTumCjH0ejhkZjzXQl8u+jtC5TbVZqImKVOkayTYaP10vdNEAbljkABTwwggU4MIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jM="}
02390{"flow_id":162,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":532968,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ePiC0\/vCAMDKkVoBCABFAAXcFX1AANsGlydIFc55rBAq2AG7ufYaDqWk2qyKjFAQASwyeAAAguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccWAwMGURYABk0BAAZJMIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCBnqIWBBRFIAKoi4pln3X69ekKGnjS8DcLnhgPMjAxNzAzMzExNDQ0NTVaMHMwcTBJMAkGBSsOAwIaBQAEFNGxZIuMnw3Ra6OKzStQF9X5z8BkBBRfYM9hkFXfhEMUimAqsvV69EMY7wIQI1ymMU7NRKy8vpedPadCEIAAGA8yMDE3MDMzMTE0NDQ1NVqgERgPMjAxNzA0MDcxNDQ0NTVaMA0GCSqGSIb3DQEBBQUAA4IBAQBF6EKFZ1knzWaKjpd1EHbBhF+vBD+Pb5jGJvQ7g3vJZu86FO4kCtZBxKZ0Otr7kXawtFLPQhcBgtM3WGLDS7\/6wvTJdN4fZ0QyzCzTp6q+8UwYOO7uy7R3q0Sob7e\/vf5C10NcDwAqtk4zy4mw2gjKcjCEchqehMvhhObJZfZiwBSeTqEt4ZSJ0gBT\/rv1ZbLkIKs6y\/yS3trFv2EXbi1dDhXd+s5gDJQ+Z4IuN0AmnUA9gLpR7559r6n42AR1MvfF9nRl2troBchZJCqslWOgwvx\/Ih\/1i9PisnYAZyVoek0PXB\/OG\/kMnOd0UZkuJLSgx4XYAXEX2FgTY+xHklRooIIEbjCCBGowggRmMIIDTqADAgECAhBEaJBjaUgF1sr2\/bnRxAUhMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwHhcNMTcwMjA0MDAwMDAwWhcNMTcwNTA1MjM1OTU5WjBAMT4wPAYDVQQDEzVTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNCBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorQp99vkC6qr9FMqUYxael0Lsma2caI4BjC9k3ZiMwrp+dvSECA4wbWstHvoB86W8Zmld7Mq1ttWywY03MGfAl96ON0PiOVo1XeDZJuXTb9bQLUSxVXuzgnwObGDuWVTxpZR3qrFjJe8I2AyvTNPjgAGVwl7uVg3Gd5k91Vvn7w0bjxB5zGmYSAubCIfzzpr1LFn\/mgU8Ju+6LT2qsP1lkNl5NbHeONr1r1usqgi\/wvPaimgi5Yv\/cUTSSwwVIrnOXifiKGb\/Rt4Io5QAadG9Xwt\/ZOc2UhoGbgcKuh\/LD\/AYHFyYV6RFExgwbe1R77b2XjRqilbA04jsvcGE8xOsCAwEAAaOCARwwggEYMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1ELTM4NTcwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wHQYDVR0OBBYEFEUgAqiLimWfdfr16QoaeNLwNwueMAwGA1UdEwEB\/wQCMAAwbgYDVR0gBGcwZTBjBgtghkgBhvhFAQcXAzBUMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAqBggrBgEFBQcCAjAeGhwgIGh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA4GA1U="}
-01161{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_tot_l4_data_len":4793,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":532,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
+01172{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3379,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":9,"flow_first_seen":1490976197297,"flow_last_seen":1490976197532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4585,"flow_avg_l4_payload_len":509,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","server_names":"fls-na.amazon.ca,fls-na.amazon.com,fls-na.amazon.com.br,fls-na.amazon.com.mx","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"159d46e54a2c066ef95e656fdf034e1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=fls-na.amazon.com","alpn":"h2,http\/1.1","fingerprint":"2F:16:23:0F:F8:49:12:18:49:55:48:DA:E6:59:D9:B3:BB:0E:41:8A"}}
01280{"flow_id":162,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3380,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":533036,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"pkt":"ePiC0\/vCAMDKkVoBCABFAAKiFX5AANsGmmBIFc55rBAq2AG7ufYaDqtY2qyKjFAYASz6pQAAHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAHgcwWI1WEf915v+BMHzpq1UXjLCqvTFqlTJ6sCk3BCr8RHH4\/a+5XpxufufD6fAA8qZDYLX\/mas8o74I3yLjqr4l1CZ9vdShO6hhBVdjNDlbGEeKPsyMXuzCqxDoAkBqBZL\/pLDi+dSEwlIm2L7LpyiM0wZFDUyfTXTOMDl\/aaq1BslxdPB7rr+FWw9AgwkWCRfnrkwMRszEI7YCaM8kV8sGbR0LDnNx8V+MlL7E+4HxoSjruiAfX0\/mSXLK4Dgdl52tAdcoDAedZSz+H6Y\/busqrTk1nTRwIksEFRr6U5ipHH8d5KWkp1E61BrXCPT2wUDJ5IXYSSMy68heruHRA4WAwMBTQwAAUkDABdBBIWiITPfXkevSN595E7AeHI4bAYlKCh3Hyevd5nYAFRmzT4KzvOWez8cEqobdxQH4iczVn+6mtRkzfMGAfLUe1YGAQEAGlfmUCDRxYLhFUXgQD+CalyDqMZqyg4J832V9SRFsSPp5yFYghHhF\/x83WHJrv3EFv18ySMzeqtIXcZJXmD9ncxRLSYt2Yq\/bvGMTPo5g21P4GLLPltFEscwkTTyP1rVwFG2D+Y9nUiGG6w+cJ+Ep2S7CQdpQRyJtIYf1vT70NrCT6x5+8RBQadxMYujqp9xHlPELcPGjn\/7Ec6Sjn53nwK2dJy5DIDaGetxUdAxb4ID2kywHsSABDdU1ZjEVsATSe\/pXCqwWDBSiMoaofN818rGbNhh\/9SH+QPhbh8uKm\/izV4ltqx9AFj7mky1Rhruf921K98Wq1DCl+dfHnTUuRYDAwAEDgAAAA=="}
00417{"flow_id":162,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3383,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":618402,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuJAAEAGSnesECrYSBXOebn2AbvarIqMGg6f8FAQAWLmEQAA"}
00417{"flow_id":162,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3384,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":618662,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuNAAEAGSnasECrYSBXOebn2AbvarIqMGg6lpFAQAW3gUgAA"}
00417{"flow_id":162,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":618788,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuRAAEAGSnWsECrYSBXOebn2AbvarIqMGg6rWFAQAXnakgAA"}
00417{"flow_id":162,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3386,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":618909,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AMDKkaPvePiC0\/vCCABFAAAoAuVAAEAGSnSsECrYSBXOebn2AbvarIqMGg6t0lAQAYTYDQAA"}
00591{"flow_id":162,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490976197,"pkt_ts_usec":632551,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AMDKkaPvePiC0\/vCCABFAACmAuZAAEAGSfWsECrYSBXOebn2AbvarIqMGg6t0lAYAYRNaAAAFgMDAEYQAABCQQQJZBnvJnWA+MuEoBN0+HrOeSGGwWp\/lMUBpYesnGyEe8+EwOD1buwoY9PbYMqcEE2yeBvFpzQGBjY0\/Akn28BLFAMDAAEBFgMDACgAAAAAAAAAAKKmKckizYCC0IOZuaIZIUHBw\/f7WqAMKNzoOZNBC00Z"}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_tot_l4_data_len":6964,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_tot_l4_data_len":10035,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":401,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_tot_l4_data_len":13563,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":366,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_tot_l4_data_len":5520,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":324,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_tot_l4_data_len":14885,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_tot_l4_data_len":33432,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":566,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_tot_l4_data_len":13433,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":516,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_tot_l4_data_len":15059,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":537,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_tot_l4_data_len":16709,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":539,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_tot_l4_data_len":15709,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":561,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_tot_l4_data_len":30946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":606,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_tot_l4_data_len":13670,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":525,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_tot_l4_data_len":8913,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_tot_l4_data_len":32039,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":681,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_tot_l4_data_len":14771,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":527,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_tot_l4_data_len":16797,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_tot_l4_data_len":646,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_tot_l4_data_len":2354,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1366,"flow_avg_l4_data_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_tot_l4_data_len":9629,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":458,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_tot_l4_data_len":16171,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":490,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":1407,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1016,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_tot_l4_data_len":7372,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_tot_l4_data_len":13845,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_tot_l4_data_len":33419,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_tot_l4_data_len":9238,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_tot_l4_data_len":14534,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_tot_l4_data_len":4083,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":42,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_tot_l4_data_len":4002,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_tot_l4_data_len":11559,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_tot_l4_data_len":9624,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":343,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_tot_l4_data_len":6144,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_tot_l4_data_len":114,"flow_min_l4_data_len":49,"flow_max_l4_data_len":65,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_tot_l4_data_len":14926,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_tot_l4_data_len":261612,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":747,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_tot_l4_data_len":16954,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":43,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_tot_l4_data_len":36892,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":567,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_tot_l4_data_len":22501,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":401,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_tot_l4_data_len":4832,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_tot_l4_data_len":3003,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_tot_l4_data_len":2366,"flow_min_l4_data_len":20,"flow_max_l4_data_len":718,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_tot_l4_data_len":19892,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":405,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_tot_l4_data_len":12974,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":393,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":13667,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_tot_l4_data_len":8584,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_tot_l4_data_len":11074,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":381,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_tot_l4_data_len":4467,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":223,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_tot_l4_data_len":3131,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_tot_l4_data_len":5043,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":252,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_tot_l4_data_len":3019,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_tot_l4_data_len":5979,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_tot_l4_data_len":14473,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_tot_l4_data_len":3390,"flow_min_l4_data_len":20,"flow_max_l4_data_len":718,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_tot_l4_data_len":3261,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_tot_l4_data_len":3271,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":57,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_tot_l4_data_len":5432,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":285,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_tot_l4_data_len":3753,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1310,"flow_avg_l4_data_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":42,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":43,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":48,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_tot_l4_data_len":11436,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_tot_l4_data_len":1903,"flow_min_l4_data_len":20,"flow_max_l4_data_len":617,"flow_avg_l4_data_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_tot_l4_data_len":27953,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":47,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_tot_l4_data_len":7206,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":5829,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1452,"flow_avg_l4_data_len":215,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_tot_l4_data_len":5930,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1452,"flow_avg_l4_data_len":204,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":53,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_tot_l4_data_len":146,"flow_min_l4_data_len":65,"flow_max_l4_data_len":81,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_tot_l4_data_len":511,"flow_min_l4_data_len":32,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":66,"flow_max_l4_data_len":162,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_tot_l4_data_len":26834,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":432,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_tot_l4_data_len":511,"flow_min_l4_data_len":32,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":7,"flow_first_seen":1490976043609,"flow_last_seen":1490976168960,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":7,"flow_first_seen":1490976043609,"flow_last_seen":1490976168960,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_tot_l4_data_len":5448,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_tot_l4_data_len":168,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_tot_l4_data_len":13094,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":436,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_tot_l4_data_len":7891,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_tot_l4_data_len":8165,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_tot_l4_data_len":138,"flow_min_l4_data_len":55,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_tot_l4_data_len":2009,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_tot_l4_data_len":13618,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_tot_l4_data_len":144,"flow_min_l4_data_len":52,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_tot_l4_data_len":8508,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":50,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1490976041150,"flow_last_seen":1490976041151,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":54886,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":140,"flow_packet_id":18,"flow_first_seen":1490976177116,"flow_last_seen":1490976177850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6576,"flow_avg_l4_payload_len":365,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50796,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":141,"flow_packet_id":25,"flow_first_seen":1490976177116,"flow_last_seen":1490976187290,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9507,"flow_avg_l4_payload_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50797,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":142,"flow_packet_id":7,"flow_first_seen":1490976177116,"flow_last_seen":1490976195547,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":143,"flow_packet_id":37,"flow_first_seen":1490976177276,"flow_last_seen":1490976187754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12795,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50799,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":145,"flow_packet_id":17,"flow_first_seen":1490976186164,"flow_last_seen":1490976186790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5152,"flow_avg_l4_payload_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":50800,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":120,"flow_packet_id":30,"flow_first_seen":1490976134140,"flow_last_seen":1490976135403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13897,"flow_avg_l4_payload_len":463,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51985,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":121,"flow_packet_id":59,"flow_first_seen":1490976134141,"flow_last_seen":1490976135403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":31504,"flow_avg_l4_payload_len":533,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51986,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":122,"flow_packet_id":26,"flow_first_seen":1490976134144,"flow_last_seen":1490976135402,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12573,"flow_avg_l4_payload_len":483,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51987,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":123,"flow_packet_id":28,"flow_first_seen":1490976134146,"flow_last_seen":1490976135403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14135,"flow_avg_l4_payload_len":504,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51988,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":124,"flow_packet_id":31,"flow_first_seen":1490976134148,"flow_last_seen":1490976135505,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15689,"flow_avg_l4_payload_len":506,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51989,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":125,"flow_packet_id":28,"flow_first_seen":1490976134149,"flow_last_seen":1490976135403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14785,"flow_avg_l4_payload_len":528,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51990,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":127,"flow_packet_id":51,"flow_first_seen":1490976139642,"flow_last_seen":1490976140773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":29286,"flow_avg_l4_payload_len":574,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51992,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":128,"flow_packet_id":26,"flow_first_seen":1490976139643,"flow_last_seen":1490976140772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12822,"flow_avg_l4_payload_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51993,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":129,"flow_packet_id":21,"flow_first_seen":1490976139643,"flow_last_seen":1490976140745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8213,"flow_avg_l4_payload_len":391,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51994,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":130,"flow_packet_id":47,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30483,"flow_avg_l4_payload_len":648,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51995,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":131,"flow_packet_id":28,"flow_first_seen":1490976139643,"flow_last_seen":1490976140773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13859,"flow_avg_l4_payload_len":494,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":132,"flow_packet_id":30,"flow_first_seen":1490976139643,"flow_last_seen":1490976140781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15821,"flow_avg_l4_payload_len":527,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.63.56","src_port":51997,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1490976023264,"flow_last_seen":1490976023264,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":630,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":10,"flow_first_seen":1490976076275,"flow_last_seen":1490976077663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1346,"flow_tot_l4_payload_len":2126,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49613,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":149,"flow_packet_id":21,"flow_first_seen":1490976187511,"flow_last_seen":1490976190310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9181,"flow_avg_l4_payload_len":437,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":38757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":9,"flow_first_seen":1490976089173,"flow_last_seen":1490976090510,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49627,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":147,"flow_packet_id":33,"flow_first_seen":1490976186884,"flow_last_seen":1490976197347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":15483,"flow_avg_l4_payload_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.23.94","src_port":44912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":10,"flow_first_seen":1490976089426,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":996,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":49630,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":23,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6884,"flow_avg_l4_payload_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40853,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":37,"flow_first_seen":1490976107365,"flow_last_seen":1490976110047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13077,"flow_avg_l4_payload_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":7,"flow_first_seen":1490976107366,"flow_last_seen":1490976110047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40855,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":98,"flow_first_seen":1490976107455,"flow_last_seen":1490976110047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":31431,"flow_avg_l4_payload_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40856,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":118,"flow_packet_id":31,"flow_first_seen":1490976130073,"flow_last_seen":1490976134134,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8590,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":126,"flow_packet_id":41,"flow_first_seen":1490976136930,"flow_last_seen":1490976140745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13686,"flow_avg_l4_payload_len":333,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":133,"flow_packet_id":23,"flow_first_seen":1490976142629,"flow_last_seen":1490976148981,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3595,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.253","src_port":40878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1490976027514,"flow_last_seen":1490976027560,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":53188,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1490976115835,"flow_last_seen":1490976115901,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":28614,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":24,"flow_first_seen":1490976076042,"flow_last_seen":1490976177233,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3494,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":37113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":161,"flow_packet_id":24,"flow_first_seen":1490976196942,"flow_last_seen":1490976198168,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":11051,"flow_avg_l4_payload_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47605,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":162,"flow_packet_id":28,"flow_first_seen":1490976197297,"flow_last_seen":1490976198043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9036,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.121","src_port":47606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":23,"flow_first_seen":1490976071392,"flow_last_seen":1490976176431,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5656,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":59698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1490976031581,"flow_last_seen":1490976031687,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41030,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":1490976107217,"flow_last_seen":1490976107359,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14476,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":155,"flow_packet_id":30,"flow_first_seen":1490976195983,"flow_last_seen":1490976196942,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":13938,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41912,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":156,"flow_packet_id":350,"flow_first_seen":1490976195984,"flow_last_seen":1490976198040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":248700,"flow_avg_l4_payload_len":710,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41913,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":157,"flow_packet_id":35,"flow_first_seen":1490976195985,"flow_last_seen":1490976196943,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":15782,"flow_avg_l4_payload_len":450,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.84.62.115","src_port":41914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":1490976177026,"flow_last_seen":1490976177105,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1490976027724,"flow_last_seen":1490976027725,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":10462,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1490976024847,"flow_last_seen":1490976024848,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":55619,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":151,"flow_packet_id":65,"flow_first_seen":1490976195529,"flow_last_seen":1490976198776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34748,"flow_avg_l4_payload_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":41828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":56,"flow_first_seen":1490976085644,"flow_last_seen":1490976098828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":21353,"flow_avg_l4_payload_len":381,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45703,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":23,"flow_first_seen":1490976085829,"flow_last_seen":1490976088478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4344,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":19,"flow_first_seen":1490976085832,"flow_last_seen":1490976088478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2595,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45705,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":6,"flow_first_seen":1490976085884,"flow_last_seen":1490976088478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45707,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":20,"flow_first_seen":1490976088605,"flow_last_seen":1490976094930,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":1938,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45709,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":49,"flow_first_seen":1490976088631,"flow_last_seen":1490976098828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":18884,"flow_avg_l4_payload_len":385,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":33,"flow_first_seen":1490976088937,"flow_last_seen":1490976110046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12258,"flow_avg_l4_payload_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":42,"flow_first_seen":1490976088958,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12771,"flow_avg_l4_payload_len":304,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45712,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":27,"flow_first_seen":1490976089227,"flow_last_seen":1490976107676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8016,"flow_avg_l4_payload_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":29,"flow_first_seen":1490976089239,"flow_last_seen":1490976111839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10466,"flow_avg_l4_payload_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45715,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":20,"flow_first_seen":1490976114885,"flow_last_seen":1490976117017,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4039,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45728,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":19,"flow_first_seen":1490976114894,"flow_last_seen":1490976116921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2723,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45729,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":20,"flow_first_seen":1490976114906,"flow_last_seen":1490976117017,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":230,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":19,"flow_first_seen":1490976114921,"flow_last_seen":1490976117016,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2611,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45731,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":114,"flow_packet_id":21,"flow_first_seen":1490976114940,"flow_last_seen":1490976120960,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5531,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45732,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":29,"flow_first_seen":1490976030894,"flow_last_seen":1490976194743,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13865,"flow_avg_l4_payload_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.22.185","src_port":53682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":134,"flow_packet_id":20,"flow_first_seen":1490976150029,"flow_last_seen":1490976164211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":698,"flow_tot_l4_payload_len":2962,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":135,"flow_packet_id":21,"flow_first_seen":1490976158680,"flow_last_seen":1490976164214,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2813,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45751,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":1490976114879,"flow_last_seen":1490976114880,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":20922,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":138,"flow_packet_id":18,"flow_first_seen":1490976169531,"flow_last_seen":1490976175920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2883,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45752,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":1490976186818,"flow_last_seen":1490976186879,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":8669,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1490976071312,"flow_last_seen":1490976071389,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":25081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":1490976195921,"flow_last_seen":1490976195980,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4612,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":1490976187242,"flow_last_seen":1490976187508,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":59908,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":19,"flow_first_seen":1490976029756,"flow_last_seen":1490976171313,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5024,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.0","src_port":33556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":137,"flow_packet_id":19,"flow_first_seen":1490976165062,"flow_last_seen":1490976175921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1290,"flow_tot_l4_payload_len":3345,"flow_avg_l4_payload_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":39750,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":1490976164994,"flow_last_seen":1490976165058,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":64073,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":1490976195484,"flow_last_seen":1490976195524,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":14934,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":1490976196840,"flow_last_seen":1490976196938,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":2707,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1490976093238,"flow_last_seen":1490976093355,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":41639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":116,"flow_packet_id":31,"flow_first_seen":1490976115905,"flow_last_seen":1490976120950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10788,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":117,"flow_packet_id":7,"flow_first_seen":1490976116084,"flow_last_seen":1490976117005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.180","src_port":37552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":158,"flow_packet_id":19,"flow_first_seen":1490976196016,"flow_last_seen":1490976196282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.28.178","src_port":58048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":56,"flow_first_seen":1490976067968,"flow_last_seen":1490976168824,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":26805,"flow_avg_l4_payload_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.29.146","src_port":41691,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1490976133936,"flow_last_seen":1490976134135,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":4920,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":153,"flow_packet_id":19,"flow_first_seen":1490976195633,"flow_last_seen":1490976195989,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6582,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"216.58.194.78","src_port":49067,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":27,"flow_first_seen":1490976090991,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5257,"flow_avg_l4_payload_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41820,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":7,"flow_first_seen":1490976091048,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":7,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41821,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":29,"flow_first_seen":1490976100859,"flow_last_seen":1490976107676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":5318,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.231.72.88","src_port":41825,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1490976041806,"flow_last_seen":1490976041938,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52077,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1490976090796,"flow_last_seen":1490976090982,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":35726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1490976041770,"flow_last_seen":1490976041866,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":130,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":21391,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1490976027733,"flow_last_seen":1490976027826,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":35540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1490976035502,"flow_last_seen":1490976035549,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":23559,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1490976029184,"flow_last_seen":1490976029244,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":48155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":159,"flow_packet_id":62,"flow_first_seen":1490976196223,"flow_last_seen":1490976196880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24810,"flow_avg_l4_payload_len":400,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.143","src_port":38483,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1490976024857,"flow_last_seen":1490976024994,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.217.9.142","src_port":60246,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1490976041428,"flow_last_seen":1490976168813,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40200,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":7,"flow_first_seen":1490976043609,"flow_last_seen":1490976168960,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":7,"flow_first_seen":1490976043609,"flow_last_seen":1490976168960,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40202,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1490976030681,"flow_last_seen":1490976030890,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":7358,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":7,"flow_first_seen":1490976085883,"flow_last_seen":1490976149040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"10.201.126.241","src_port":40242,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":20,"flow_first_seen":1490976082723,"flow_last_seen":1490976084872,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":5020,"flow_avg_l4_payload_len":251,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34053,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":7,"flow_first_seen":1490976082964,"flow_last_seen":1490976084873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":30,"flow_first_seen":1490976090572,"flow_last_seen":1490976094931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":12466,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1490976100559,"flow_last_seen":1490976107681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":22,"flow_first_seen":1490976100811,"flow_last_seen":1490976107676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7423,"flow_avg_l4_payload_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34074,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":41,"flow_first_seen":1490976093358,"flow_last_seen":1490976194991,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7317,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1490976024793,"flow_last_seen":1490976024844,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":3440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1490976027522,"flow_last_seen":1490976027523,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":52603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1490976067916,"flow_last_seen":1490976067965,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":60804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"HTTP_Proxy","breed":"Acceptable","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1490976085891,"flow_last_seen":1490976085978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"192.168.11.1","src_port":38434,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":17,"flow_first_seen":1490976027567,"flow_last_seen":1490976028006,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":1437,"flow_avg_l4_payload_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"173.194.223.188","src_port":42878,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":1490976064333,"flow_last_seen":1490976064448,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":44475,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":38,"flow_first_seen":1490976029248,"flow_last_seen":1490976152630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12350,"flow_avg_l4_payload_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.85.209.197","src_port":55242,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test"}
diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out
index 5f7232a00..6dd1379ea 100644
--- a/test/results/among_us.pcap.out
+++ b/test/results/among_us.pcap.out
@@ -1,6 +1,6 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"}
-00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":23,"flow_min_l4_data_len":23,"flow_max_l4_data_len":23,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"proto":"AmongUs","breed":"Fun","category":"Game"}}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test"}
diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out
index 44e2b74d5..2388dab2f 100644
--- a/test/results/amqp.pcap.out
+++ b/test/results/amqp.pcap.out
@@ -1,13 +1,13 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118902,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1490904166118,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":118933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puJAAEAGlN9\/AAEBfwAAARYorK03ECYST3RmDIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00553{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119100,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"AAAAAAAAAAAAAAAACABFAACUxi5AAEAGdTN\/AAABfwABAaytFihPdGYMNxAmEoAYAV7\/iAAAAQEICgC+1cIAvtXCAgABAAAAWAA8AAAAAAAAAAABJ\/gAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puNAAEAGlN5\/AAEBfwAAARYorK03ECYST3RmbIAQSfD\/KAAAAQEICgC+1cIAvtXC"}
00827{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119203,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AAAAAAAAAAAAAAAACABFAAFjxi9AAEAGdGN\/AAABfwABAaytFihPdGZsNxAmEoAYAV4AWAAAAQEICgC+1cIAvtXCAwABAAABJ3sic3dfc3lzIjogIkxpbnV4IiwgImNsb2NrIjogMzkxNzI1LCAidGltZXN0YW1wIjogMTQ5MDkwNDE2Ni4xMTg1ODMsICJob3N0bmFtZSI6ICJjZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tIiwgInBpZCI6IDE4OTQsICJzd192ZXIiOiAiMy4xLjE4IiwgInV0Y29mZnNldCI6IDAsICJsb2FkYXZnIjogWzAuNzgsIDAuNTYsIDAuNDJdLCAicHJvY2Vzc2VkIjogMTEzOTQyLCAiYWN0aXZlIjogMCwgImZyZXEiOiAyLjAsICJ0eXBlIjogIndvcmtlci1oZWFydGJlYXQiLCAic3dfaWRlbnQiOiAicHktY2VsZXJ5In3O"}
00421{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puRAAEAGlN1\/AAEBfwAAARYorK03ECYST3Rnm4AQSe7\/KAAAAQEICgC+1cIAvtXC"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":0,"flow_tot_l4_data_len":480,"flow_min_l4_data_len":480,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":480,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1490904166119,"flow_last_seen":0,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":448,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01023{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119482,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQRAAEAGOP5\/AAEBfwAAARYorKyekqFfoHNnjIAYAXcA6QAAAQEICgC+1cIAvtPXAQADAAAAKQA8ADwBMwAAAAAAAGF2AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNSwgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjYuMTE4NTgzLCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904166,"pkt_ts_usec":119495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMNAAEAGHv9\/AAABfwABAaysFiigc2eMnpKjH4AQDjX\/KAAAAQEICgC+1cIAvtXC"}
00479{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":120866,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"AAAAAAAAAAAAAAAACABFAABdxjBAAEAGdWh\/AAABfwABAaytFihPdGebNxAmEoAYAV7\/UQAAAQEICgC+17YAvtXCAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="}
@@ -18,9 +18,9 @@
00423{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pudAAEAGlNp\/AAEBfwAAARYorK03ECYST3RpU4AQSe7\/KAAAAQEICgC+17YAvte2"}
01024{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121405,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AAAAAAAAAAAAAAAACABFAAH0AQVAAEAGOP1\/AAEBfwAAARYorKyekqMfoHNnjIAYAXcA6QAAAQEICgC+17YAvtXCAQADAAAAKQA8ADwBMwAAAAAAAGF3AAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0zgIAAwAAAFgAPAAAAAAAAAAAASf4ABBhcHBsaWNhdGlvbi9qc29uBXV0Zi04AAAALQhob3N0bmFtZVMAAAAfY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbQIAzgMAAwAAASd7InN3X3N5cyI6ICJMaW51eCIsICJjbG9jayI6IDM5MTcyNywgInRpbWVzdGFtcCI6IDE0OTA5MDQxNjguMTIwNTc2LCAiaG9zdG5hbWUiOiAiY2VsZXJ5QHRlc3QuY29nbml0b25ldHdvcmtzLmNvbSIsICJwaWQiOiAxODk0LCAic3dfdmVyIjogIjMuMS4xOCIsICJ1dGNvZmZzZXQiOiAwLCAibG9hZGF2ZyI6IFswLjc4LCAwLjU2LCAwLjQyXSwgInByb2Nlc3NlZCI6IDExMzk0MiwgImFjdGl2ZSI6IDAsICJmcmVxIjogMi4wLCAidHlwZSI6ICJ3b3JrZXItaGVhcnRiZWF0IiwgInN3X2lkZW50IjogInB5LWNlbGVyeSJ9zg=="}
00422{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904168,"pkt_ts_usec":121417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMRAAEAGHv5\/AAABfwABAaysFiigc2eMnpKk34AQDjX\/KAAAAQEICgC+17YAvte2"}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152163,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABTPztAAEAG\/Gd\/AAABfwABAayuFiiKm04N2t+K4IAYAV7\/RwAAAQEICgC+2LgAvtO2AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
-00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1490904169152,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00422{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sFAAEAGZQB\/AAEBfwAAARYorK7a34rgiptOLIAQDAj\/KAAAAQEICgC+2LgAvti4"}
00614{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152378,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"AAAAAAAAAAAAAAAACABFAADAPzxAAEAG+\/l\/AAABfwABAayuFiiKm04s2t+K4IAYAV7\/tAAAAQEICgC+2LgAvti4AgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkZjMzYWFlMjctNjlmNC00ZjQ4LWIwYmMtMmVmZGM0NTVjMTI4JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4="}
00422{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":152388,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sJAAEAGZP9\/AAEBfwAAARYorK7a34rgiptOuIAQDAj\/KAAAAQEICgC+2LgAvti4"}
@@ -32,7 +32,7 @@
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":153759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0puhAAEAGlNl\/AAEBfwAAARYorK03ECYST3RpeYAQSe7\/KAAAAQEICgC+2LgAvti4"}
00554{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":153858,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"AAAAAAAAAAAAAAAACABFAACUxjRAAEAGdS1\/AAABfwABAaytFihPdGl5NxAmEoAYAV7\/iAAAAQEICgC+2LgAvti4AgABAAAAWAA8AAAAAAAAAAABQfgAEGFwcGxpY2F0aW9uL2pzb24FdXRmLTgAAAAtCGhvc3RuYW1lUwAAAB9jZWxlcnlAdGVzdC5jb2duaXRvbmV0d29ya3MuY29tAgDO"}
00450{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":156013,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AAAAAAAAAAAAAAAACABFAABJHMZAAEAGHud\/AAABfwABAaysFiigc2eMnpKmiIAYDjX\/PQAAAQEICgC+2LkAvti4AQABAAAADQA8AFAAAAAAAAG9FwDO"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_tot_l4_data_len":1566,"flow_min_l4_data_len":32,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1490904166119,"flow_last_seen":1490904169156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":1342,"flow_avg_l4_payload_len":191,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","ndpi": {"proto":"AMQP","breed":"Acceptable","category":"RPC"}}
00422{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":156025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AQdAAEAGOrt\/AAEBfwAAARYorKyekqaIoHNnoYAQAXf\/KAAAAQEICgC+2LkAvti5"}
00467{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":594184,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAACABFAABTPz5AAEAG\/GR\/AAABfwABAayuFiiKm0+u2t+K4IAYAV7\/RwAAAQEICgC+2SYAvti4AQABAAAAFwA8ACgAAAdkZWZhdWx0B3Rhc2tzLiMAzg=="}
00422{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904169,"pkt_ts_usec":594213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA01sRAAEAGZP1\/AAEBfwAAARYorK7a34rgiptPzYAQDAj\/KAAAAQEICgC+2SYAvtkm"}
@@ -50,7 +50,7 @@
00993{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":135718,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AAAAAAAAAAAAAAAACABFAAHdAQtAAEAGOQ5\/AAEBfwAAARYorKyekqnxoHNntoAYAXcA0gAAAQEICgC+2a4AvtknAQABAAAAHwA8ADwBNAAAAAAAAb0ZAAdkZWZhdWx0B3Rhc2tzLiPOAgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkNTRhOTE1NGEtMTZiNC00NGFkLTg5OWYtNmMzNjI5YzNiNGVlJGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4DAAEAAADugAJ9cQEoVQdleHBpcmVzcQJOVQN1dGNxA4hVBGFyZ3NxBF1xBVgDAAAAMjYycQZhVQVjaG9yZHEHTlUJY2FsbGJhY2tzcQhOVQhlcnJiYWNrc3EJTlUHdGFza3NldHEKTlUCaWRxC1UkNTRhOTE1NGEtMTZiNC00NGFkLTg5OWYtNmMzNjI5YzNiNGVlcQxVB3JldHJpZXNxDUsAVQR0YXNrcQ5VH0NvZ25pdG9Db3JlLnRhc2tzLmV4ZWN1dGVQb2xpY3lxD1UJdGltZWxpbWl0cRBOToZVA2V0YXERTlUGa3dhcmdzcRJ9cRN1Ls4="}
00423{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":135886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0HMhAAEAGHvp\/AAABfwABAaysFiigc2e2npKrmoAQDjX\/KAAAAQEICgC+2a4Avtmr"}
00993{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"amqp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1490904170,"pkt_ts_usec":155347,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":457,"pkt":"AAAAAAAAAAAAAAAACABFAAHdAQxAAEAGOQ1\/AAEBfwAAARYorKyekquaoHNntoAYAXcA0gAAAQEICgC+2bMAvtmuAQABAAAAHwA8ADwBNAAAAAAAAb0aAAdkZWZhdWx0B3Rhc2tzLiPOAgABAAAAhAA8AAAAAAAAAAAA7v4AHmFwcGxpY2F0aW9uL3gtcHl0aG9uLXNlcmlhbGl6ZQZiaW5hcnkAAAAAAgAkOTJiZGYxYTItYjM4Ni00NDE3LWIzNTEtMzRlZDYyMDk2ODI3JGFiZjI3YmI1LTAxNDktM2RiZC1hMmRiLWQzNTcyYzMwOTc5MM4DAAEAAADugAJ9cQEoVQdleHBpcmVzcQJOVQN1dGNxA4hVBGFyZ3NxBF1xBVgDAAAAMjYxcQZhVQVjaG9yZHEHTlUJY2FsbGJhY2tzcQhOVQhlcnJiYWNrc3EJTlUHdGFza3NldHEKTlUCaWRxC1UkOTJiZGYxYTItYjM4Ni00NDE3LWIzNTEtMzRlZDYyMDk2ODI3cQxVB3JldHJpZXNxDUsAVQR0YXNrcQ5VH0NvZ25pdG9Db3JlLnRhc2tzLmV4ZWN1dGVQb2xpY3lxD1UJdGltZWxpbWl0cRBOToZVA2V0YXERTlUGa3dhcmdzcRJ9cRN1Ls4="}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_tot_l4_data_len":4278,"flow_min_l4_data_len":32,"flow_max_l4_data_len":480,"flow_avg_l4_data_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_tot_l4_data_len":10751,"flow_min_l4_data_len":32,"flow_max_l4_data_len":361,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_tot_l4_data_len":3045,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":101,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test"}
diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out
index 02a4b9361..f63d50c7c 100644
--- a/test/results/android.pcap.out
+++ b/test/results/android.pcap.out
@@ -1,14 +1,14 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454769,"pkt_ts_usec":772338,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454779631,"flow_last_seen":0,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":78,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":78,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454779631,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":631132,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xGGLNYKpxiwDYGpkCABFAgBirQcAAC4GWpAR+LBLwKgCEQG7xZj0WotEsqX09IAYBCokkgAAAQEIClsVyooR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8Hg=="}
00466{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":631208,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTrQgAAC4GWp4R+LBLwKgCEQG7xZj0WotysqX09IAZBCpyhAAAAQEIClsVyooR3+x3FQMDABoAAAAAAAAABZSZBhugqn7IvMs7ScmDJ6yQxA=="}
-00491{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454769772,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454779,"pkt_ts_usec":931221,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQkAAC4GWnER+LBLwKgCEQG7xZj0WotEsqX09IAZBCq7DgAAAQEIClsVy7YR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00529{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":571276,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQoAAC4GWnAR+LBLwKgCEQG7xZj0WotEsqX09IAZBCq4jgAAAQEIClsVzjYR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454780612,"flow_last_seen":0,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":78,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":78,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454780612,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":612355,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xGGLNYKpxiwDYGpkCABFAgBiArsAAC4GBN0R+LBLwKgCEQG7xZQAd+\/fhij6wYAYBTCNMgAAAQEIClsVzl8R3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8Q=="}
00470{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":612849,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBTArwAAC4GBOsR+LBLwKgCEQG7xZQAd\/ANhij6wYAZBTCw2QAAAQEIClsVzl8R3+\/bFQMDABoAAAAAAAAACeuqoxCRLc0dnl7lMGJ\/SkF\/RQ=="}
00532{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454780,"pkt_ts_usec":907526,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr0AAC4GBL4R+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTC0SwAAAQEIClsVz4YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
@@ -16,12 +16,12 @@
00530{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454781,"pkt_ts_usec":788994,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQsAAC4GWm8R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqzzQAAAQEIClsV0vcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454782,"pkt_ts_usec":747560,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAr8AAC4GBLwR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCtGwAAAQEIClsV1rYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00530{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454784,"pkt_ts_usec":220076,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQwAAC4GWm4R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqqTgAAAQEIClsV3HYR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454784,"pkt_ts_usec":313816,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDQAAP8RQnEAAAAA\/\/\/\/\/wBEAEMBNI1GAQEGAHhURwsAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454784313,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00534{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454785,"pkt_ts_usec":114944,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsAAAC4GBLsR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCj2wAAAQEIClsV3\/YR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00808{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454786,"pkt_ts_usec":281820,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDUAAP8RQnAAAAAA\/\/\/\/\/wBEAEMBNI1EAQEGAHhURwsAAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454787658,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454787658,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454787,"pkt_ts_usec":658770,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAgBThkMAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AYBDV85QAAAQEIChoMpyQR4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00423{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454787,"pkt_ts_usec":658773,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0hkQAADAGdsQR+LkKwKgCEQG7xg7EYLKItSIfH4ARBDUyJQAAAQEIChoMpyQR4cyf"}
00466{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454788,"pkt_ts_usec":86408,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkUAADAGdqQR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDV7OQAAAQEIChoMqM8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
@@ -30,61 +30,61 @@
00530{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454789,"pkt_ts_usec":276418,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQ0AAC4GWm0R+LBLwKgCEQG7xZj0WotEsqX09IAZBCqWjQAAAQEIClsV8DcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454789,"pkt_ts_usec":787671,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsEAAC4GBLoR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTCRmwAAAQEIClsV8jYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
00467{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454790,"pkt_ts_usec":710174,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkcAADAGdqIR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVw+QAAAQEIChoMsw8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454792,"pkt_ts_usec":980209,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIangkAAEARVHnAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00808{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454793,"pkt_ts_usec":758718,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDcAAP8RQm4AAAAA\/\/\/\/\/wBEAEMBNI09AQEGAHhURwsACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00467{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454794,"pkt_ts_usec":102756,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkgAADAGdqER+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVjuQAAAQEIChoMwE8R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454796,"pkt_ts_usec":360694,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIV+oAAEARnGrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00528{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454799,"pkt_ts_usec":4089,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBrQ4AAC4GWmwR+LBLwKgCEQG7xZj0WotEsqX09IAZBCpwjQAAAQEIClsWFjcR3+x3FwMDACkAAAAAAAAABGgk1MfD1SR1H5v5Q6dSq6XAgQAjDJnQ9jro2uiXnku8HhUDAwAaAAAAAAAAAAWUmQYboKp+yLzLO0nJgyeskMQ="}
00533{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454799,"pkt_ts_usec":515347,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"xGGLNYKpxiwDYGpkCABFAACBAsIAAC4GBLkR+LBLwKgCEQG7xZQAd+\/fhij6wYAZBTBrmwAAAQEIClsWGDYR3+\/bFwMDACkAAAAAAAAACH\/oI1Kw++l3rtTYoEdnoXbMNGznM5xRQS6qcOaP89cv8RUDAwAaAAAAAAAAAAnrqqMQkS3NHZ5e5TBif0pBf0U="}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454792980,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"android.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454796360,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454801,"pkt_ts_usec":77955,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xGGLNYKpxiwDYGpkCABFAABThkkAADAGdqAR+LkKwKgCEQG7xg7EYLJptSIfH4AZBDVIeQAAAQEIChoM248R4cyfFQMDABoAAAAAAAAAArlWa60ADWOMgYlfYrlhFGv+Kg=="}
00808{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454802,"pkt_ts_usec":453429,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDgAAP8RQm0AAAAA\/\/\/\/\/wBEAEMBNI00AQEGAHhURwsAEgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00808{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454811,"pkt_ts_usec":217599,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDkAAP8RQmwAAAAA\/\/\/\/\/wBEAEMBNI0rAQEGAHhURwsAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00808{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454819,"pkt_ts_usec":289636,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDoAAP8RQmsAAAAA\/\/\/\/\/wBEAEMBNI0jAQEGAHhURwsAIwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":29099,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIavtMAAEARM6\/AqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":653040,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD72DBiVgAcCABFAABJmVsAAP8RtXWp\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454823,"pkt_ts_usec":653165,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7xiwDYGpkCABFAABJ7RwAAAERKOPAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00569{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454825,"pkt_ts_usec":628962,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACa4oMAAP8RXP2p\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454825,"pkt_ts_usec":629044,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaWhcAAAERrJjAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454826,"pkt_ts_usec":369837,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABItCAAAEARQDTAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00808{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454827,"pkt_ts_usec":440179,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDsAAP8RQmoAAAAA\/\/\/\/\/wBEAEMBNI0bAQEGAHhURwsAKwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454825629,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454823029,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454825628,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454823653,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454826369,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454835,"pkt_ts_usec":472764,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeDwAAP8RQmkAAAAA\/\/\/\/\/wBEAEMBNI0TAQEGAHhURwsAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00455{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454839,"pkt_ts_usec":884181,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"TGr2n\/Yn2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAIz8BFqJChwkZ1iJYPgAYGUrS4o4DJHL\/S\/E6LdOr1skAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":53,"source":"android.pcap","alias":"nDPId-test","type":34958}
00482{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454839,"pkt_ts_usec":890005,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwB1AgEKAAAAAAAAAAAAABuBPQRawmcmCJuMCTTl787Fbc92e9r2cPO8HkAbqnp8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI+Bbd0vg6TUoOiFATr40\/ABYwFAEAAA+sBAEAAA+sBAEAAA+sAgAA"}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":54,"source":"android.pcap","alias":"nDPId-test","type":34958}
00809{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454844,"pkt_ts_usec":193681,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeD0AAP8RQmgAAAAA\/\/\/\/\/wBEAEMBNI0KAQEGAHhURwsAPAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454853,"pkt_ts_usec":81631,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAQwAAEAR8XbAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454856,"pkt_ts_usec":384360,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIA+oAAEAR8GrAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454853081,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454856384,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":4691,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"TGr2n\/Yn2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAItGYkOhXtVHFSBei+KDaRb2mr+UrA3yLPv\/bW2693f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":60,"source":"android.pcap","alias":"nDPId-test","type":34958}
00480{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":9017,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwB1AgEKAAAAAAAAAAAAABovI0nixZFFW\/ZpJww553gjQO2Uwi5137Ow8+iP3PqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6nQQ8V4nFthsHWtgZMXFABYwFAEAAA+sBAEAAA+sBAEAAA+sAgAA"}
@@ -93,78 +93,78 @@
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":62,"source":"android.pcap","alias":"nDPId-test","type":34958}
00452{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":13552,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"2DBiVgAcTGr2n\/YniI4BAwBfAgMKAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACSXhMQpT7Z+H8pmeIKqgblAAA="}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":63,"source":"android.pcap","alias":"nDPId-test","type":34958}
-00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":794321,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"pkt":"MzP\/n\/YnTGr2n\/Ynht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/n\/YnhwBLLgAAAAD+gAAAAAAAAE5q9v\/+n\/Yn"}
-00472{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00429{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454865,"pkt_ts_usec":802211,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
-00463{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00471{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454865802,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00461{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":26255,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAQAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAHjDAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
00796{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":405948,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"pkt":"\/\/\/\/\/\/\/\/TGr2n\/YnCABFEAE6AABAAEAROaQAAAAA\/\/\/\/\/wBEAEMBJv6iAQEGAO9+0loAAAAAAAAAAAAAAAAAAAAAAAAAAExq9p\/2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPQcBTGr2n\/YnOQIF3DwOYW5kcm9pZC1kaGNwLTk3CgEDBg8aHDM6Oyv\/AA=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":407712,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXYAAP8RB83AqAIBwKgCEABDAEQBNN9OAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454866407,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00496{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":448783,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"pkt":"MzMAAQACTGr2n\/Ynht1gBNipADwRAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAQACAiICIwA8Uc8B2OT+AAEADgABAAEl5RSOTGr2n\/YnAAMADA4ACMoAAAAAAAAAAAAIAAIAAAAGAAQAFwAY"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454866448,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00812{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":536260,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"\/\/\/\/\/\/\/\/TGr2n\/YnCABFEAFGAABAAEAROZgAAAAA\/\/\/\/\/wBEAEMBMg8gAQEGAO9+0loAAAAAAAAAAAAAAAAAAAAAAAAAAExq9p\/2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDPQcBTGr2n\/YnMgTAqAIQNgTAqAIBOQIF3DwOYW5kcm9pZC1kaGNwLTk3CgEDBg8aHDM6Oyv\/AA=="}
00801{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":538292,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFILXcAAP8RB8zAqAIBwKgCEABDAEQBNNxOAgEGAO9+0loAAAAAAAAAAMCoAhDAqAIBAAAAAExq9p\/2JwAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":803266,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
-00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":803383,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
-00485{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454866803,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00464{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454866,"pkt_ts_usec":894254,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWTGr2n\/Ynht1gAAAAACQAAf6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAEAQAAAAAQQAAAD\/AgAAAAAAAAAAAAH\/n\/Yn"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":34753,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA\/qSJAAEARDCrAqAIQwKgCAc7ZADUAKwPW+6YBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454867034,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00636{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":75877,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"TGr2n\/YnxiwDYGpkCABFAADPTgIAAEARprrAqAIBwKgCEAA1ztkAu4V++6aBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABCKACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAACCAA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAVQAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEwAEEf01ycB\/AAEAAQAAABMABBH9NdA="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454867151,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":79,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.53.201"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454867151,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":151119,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SJ9AAEAG557AqAIQEf01yePiAFBF7HpxAAAAAKAC\/\/9mAgAAAgQFtAQCCAr\/\/zLuAAAAAAEDAwg="}
00440{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":184863,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8AAAAADQGfD4R\/TXJwKgCEABQ4+KuJAPnRex6cqAScNDonAAAAgQFrAQCCAp2SOQ3\/\/8y7gEDAwg="}
00427{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":186637,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKBAAEAG56XAqAIQEf01yePiAFBF7HpyriQD6IAQAVeG0QAAAQEICv\/\/Mvh2SOQ3"}
00703{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":196995,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD\/SKFAAEAG5tnAqAIQEf01yePiAFBF7HpyriQD6IAYAVcOJwAAAQEICv\/\/Mvp2SOQ3R0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzYwLjAuMzExMi4zMiBTYWZhcmkvNTM3LjM2DQpDb25uZWN0aW9uOiBDbG9zZQ0KSG9zdDogY2FwdGl2ZS5hcHBsZS5jb20NCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":32,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
+00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1582454867151,"flow_last_seen":1582454867196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/60.0.3112.32 Safari\/537.36"}}
00428{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ee4AADQGAlgR\/TXJwKgCEABQ4+KuJAPoRex7PYAQAHWGuAAAAQEICnZI5GX\/\/zL6"}
01389{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231433,"pkt_caplen":781,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":781,"pkt_l4_len":747,"pkt":"TGr2n\/YnxiwDYGpkCABFAAL\/ee8AADQG\/4sR\/TXJwKgCEABQ4+KuJAPoRex7PYAYAHUjQQAAAQEICnZI5Gb\/\/zL6SFRUUC8xLjEgMjAwIE9LDQp4LWFtei1pZC0yOiBUZmRScWY2TzVNZjhFamtVSWR6amlwRWhKVzRQSHdWTUJ6bndmWmRSeTk2TXE2SDQ5SFRxWUdqRjZoOVd5VnNvRUpVMjhZeExNYjA9DQp4LWFtei1yZXF1ZXN0LWlkOiA1Q0ZEQkY3OUFCMENGNTIzDQpEYXRlOiBTdW4sIDIzIEZlYiAyMDIwIDEwOjQ2OjE2IEdNVA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAxNyAyMDozNjoyOCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiA2OQ0KU2VydmVyOiBBVFMvOC4wLjYNClZpYTogaHR0cC8xLjEgbmxhbXMyLWVkZ2UtbHgtMDExLnRzLmFwcGxlLmNvbSAoQXBhY2hlVHJhZmZpY1NlcnZlci84LjAuNiksIGh0dHAvMS4xIG5sYW1zMi1lZGdlLWJ4LTAwMy50cy5hcHBsZS5jb20gKEFwYWNoZVRyYWZmaWNTZXJ2ZXIvOC4wLjYpDQpDRE5VVUlEOiA0ZjE5MDZhNy0wZTI1LTQ3MmItODY4Yy0wMTA3NDNlMGViNGMtMTI4MDQzMDk4MQ0KWC1DYWNoZTogaGl0LWZyZXNoLCBoaXQtZnJlc2gNCkV0YWc6ICI0MWJhMDYwZWIxYzA4OThlMGE0YTBjY2EzNmE4Y2E5MSINCkFnZTogOTENCkNvbm5lY3Rpb246IGNsb3NlDQoNCjxIVE1MPjxIRUFEPjxUSVRMRT5TdWNjZXNzPC9USVRMRT48L0hFQUQ+PEJPRFk+U3VjY2VzczwvQk9EWT48L0hUTUw+Cg=="}
00428{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":231975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0efAAADQGAlYR\/TXJwKgCEABQ4+KuJAazRex7PYARAHWD6wAAAQEICnZI5Gb\/\/zL6"}
00428{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":232359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKJAAEAG56PAqAIQEf01yePiAFBF7Hs9riQGs4AQAVyC\/AAAAQEICv\/\/MwN2SORm"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":244479,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qTJAAEARDBvAqAIQwKgCAYvxADUAKg90oPQBAAABAAAAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAQ=="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454867244,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":275043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKNAAEAG56LAqAIQEf01yePiAFBF7Hs9riQGtIAQAVyC8AAAAQEICv\/\/Mw52SORm"}
00428{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":278659,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SKRAAEAG56HAqAIQEf01yePiAFBF7Hs9riQGtIARAVyC7gAAAQEICv\/\/Mw92SORm"}
00529{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":284329,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"TGr2n\/YnxiwDYGpkCABFAAB+z3oAAEARJZPAqAIBwKgCEAA1i\/EAapnsoPSBgAABAAQAAAAABHRpbWUHYW5kcm9pZANjb20AAAEAAcAMAAEAAQAAARgABNjvIwjADAABAAEAAAEYAATY7yMAwAwAAQABAAABGAAE2O8jBMAMAAEAAQAAARgABNjvIww="}
-00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":42,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
+00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"time.android.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.35.8"}}
00429{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":312098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AAAAADQGfEYR\/TXJwKgCEABQ4+KuJAa0Rex7PoAQAHWDhAAAAQEICnZI5Lf\/\/zMP"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":323339,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xiwDYGpkTGr2n\/YnCABFAABMoTdAAEAR2rnAqAIQ2O8jCLMnAHsAOGfAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOH81o7jEm7M"}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Google","breed":"Tracker\/Ads","category":"System"}}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454867323,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Google","breed":"Tracker\/Ads","category":"System"}}
00458{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":358613,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMa8oAAGcRKSfY7yMIwKgCEAB7sycAOKcPHAEA7AAAAAAAAAAMR09PR+H81tNW8KhI4fzWjuMSbszh\/NbTVvCoSeH81tNW8KhL"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":637290,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqXVAAEARC9XAqAIQwKgCAYbsADUALQrUr3oBAAABAAAAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454867637,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00465{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":639360,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRpSEAAEARUBnAqAIBwKgCEAA1huwAPTVyr3qBgAABAAEAAAAACGNsaWVudHMxBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454867688,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"clients1.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454867688,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":688207,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8oxlAAEAG1YLAqAIQ2O8meIDOAbtPCpBsAAAAAKAC\/\/\/waQAAAgQFtAQCCAr\/\/zN1AAAAAAEDAwg="}
00440{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":702373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA840EAAHYGn1rY7yZ4wKgCEAG7gM7sufL\/TwqQbaAS6yANxQAAAgQFZAQCCAoG5BEl\/\/8zdQEDAwg="}
00427{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":703177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxpAAEAG1YnAqAIQ2O8meIDOAbtPCpBt7LnzAIAQAVcmCAAAAQEICv\/\/M3kG5BEl"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":723627,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqYtAAEARC7\/AqAIQwKgCAdY1ADUALYAStecBAAABAAAAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454867723,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00657{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":759068,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"pkt":"xiwDYGpkTGr2n\/YnCABFAADaoxtAAEAG1OLAqAIQ2O8meIDOAbtPCpBt7LnzAIAYAVcMzgAAAQEICv\/\/M4cG5BElFgMBAKEBAACdAwMRGw5cHdksc9heZfp3I+xA9Dx3FfWs\/ESCI9YfdinRawAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABY\/wEAAQAAAAAYABYAABNjbGllbnRzMS5nb29nbGUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAALAAIBAAAKAAgABgAdABcAGA=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":32,"flow_max_l4_data_len":198,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454867688,"flow_last_seen":1582454867759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":166,"flow_tot_l4_payload_len":166,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00466{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":761577,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRO4cAAEARubPAqAIBwKgCEAA11jUAPbDuteeBgAABAAEAAAAABHBsYXkKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARgABKzZFEo="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
+00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"play.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00428{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":772247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA044kAAHYGnxrY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPAldAAAAQEICgbkEWz\/\/zOH"}
02331{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":788871,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+454AAHYGmXvY7yZ4wKgCEAG7gM7sufMATwqRE4AQAPBhXgAAAQEICgbkEXz\/\/zOHFgMDAFsCAABXAwNeUlhT+JSu0CzE6p\/I2\/gOP1A6Yws6UjVET1dOR1JEASCSHfJd41LVYRIobo4mn6bha35YI5pXY1xgIBtQkEQn5sArAAAPABcAAP8BAAEAAAsAAgEAFgMDDaMLAA2fAA2cAAlIMIIJRDCCCCygAwIBAgIRAO7eZWDNNcCvAgAAAABZcbcwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczETMBEGA1UEAxMKR1RTIENBIDFPMTAeFw0yMDAyMTIxMTQ3MTFaFw0yMDA1MDYxMTQ3MTFaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgTExDMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATKjE9IuwUMNbIbCmiOS1XWI2yPFLanStLIADumajnPmHrED+4\/bPKa3HXecM4hPVHL8OgqwVYWveZsS6OdF9Pqo4IG2jCCBtYwDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFCRtN1AKArkz3KlGMpfhLYkaPFkYMB8GA1UdIwQYMBaAFJjR+G4Q68+b7GCfGJAboOt9Cf0rMGQGCCsGAQUFBwEBBFgwVjAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMW8xMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2cvZ3NyMi9HVFMxTzEuY3J0MIIEnQYDVR0RBIIElDCCBJCCDCouZ29vZ2xlLmNvbYINKi5hbmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29nbGUuY29tghgqLmNyb3dkc291cmNlLmdvb2dsZS5jb22CBiouZy5jb4IOKi5nY3AuZ3Z0Mi5jb22CESouZ2NwY2RuLmd2dDEuY29tggoqLmdncGh0LmNugg4qLmdrZWNuYXBwcy5jboIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2dsZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2dsZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdvb2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8qLmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29nbGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyouZ29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdvb2dsZWFwaXMuY26CESouZ29vZ2xlY25hcHBzLmNughQqLmdvb2dsZWNvbW1lcmNlLmNvbYIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboINKi5nc3RhdGljLmNvbYISKi5nc3RhdGljY25hcHBzLmNuggoqLmd2dDEuY29tggoqLmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAqLnVybC5nb29nbGUuY29tghMqLndlYXI="}
-00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_tot_l4_data_len":1792,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
+00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1582454867688,"flow_last_seen":1582454867788,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}}
02338{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":789038,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+458AAHYGmXrY7yZ4wKgCEAG7gM7sufiKTwqRE4AQAPCeCQAAAQEICgbkEXz\/\/zOHLmdrZWNuYXBwcy5jboIWKi55b3V0dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IIZ2dwaHQuY26CDGdrZWNuYXBwcy5jboIGZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYIPZ29vZ2xlY25hcHBzLmNughJnb29nbGVjb21tZXJjZS5jb22CGHNvdXJjZS5hbmRyb2lkLmdvb2dsZS5jboIKdXJjaGluLmNvbYIKd3d3Lmdvby5nbIIIeW91dHUuYmWCC3lvdXR1YmUuY29tghR5b3V0dWJlZWR1Y2F0aW9uLmNvbYIPeW91dHViZWtpZHMuY29tggV5dC5iZTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTMU8xLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABcDlwaWcAAAQDAEYwRAIgPkDfmNQQtYk4PO65nKbFDPxrtuKj0LUnMBJA7dXsRIQCIEGeuacIhVOlrS+1iAVA0U0iyybUM0lG\/RPB\/3vh95L\/AHcAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFwOXBpeAAABAMASDBGAiEA\/aqZJ3\/UQPTU5w2ydUe+NIpSKGeWsTu9ETSgNqMyKQ0CIQCNTcmnSe+IFDSTDsIFaJSAF15KE5ZZWiPkZYaSiV0HpTANBgkqhkiG9w0BAQsFAAOCAQEAf9Q9aOGx44RDc80lasP1olu0dWIOJGY5YuCcfiy9u5dIiiKuSXtzOzfbHinsrRypZ\/SyVnGSiVNGW0zALKbptJsrk\/UwkVM5UMkrBXXd8OcIdDkc2mjMX3RWV2z+W1XBpLgvxXaDYJxRY33SZYn\/GVms0HRjU+vHV0jWAa0lnGb04ulB74lc8ikTRfDV0D5JnxBp3eCQIV6\/2zXyoWKf5\/L7HpkKZilrgNnjvtVtwvIglUNiWkFEhJDqrg7HjKhCi0ZfkaoPR1jWaWewiX8VRJPX\/C\/Z3PX6kK0TNwgehOJzcG6O45MHZMPb3MrHuPL141kYOvYkiBBMOFR7REu0DQAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SA="}
01628{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":789734,"pkt_caplen":951,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":951,"pkt_l4_len":917,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOp46AAAHYGm47Y7yZ4wKgCEAG7gM7suf4UTwqRE4AYAPB3NwAAAQEICgbkEXz\/\/zOHxhwt79EYYWXnI4MgqCMS\/9Ikf9Qv50RqW03XUGawr55CYwX74BzEY2Gvn2oz\/2KXvUjZ03wUZ9x13C5p6PhteGnQtxAFuPExwjsk\/RozdPgj4OxrGYoWxuPNpM0L27OkWWA4iDutHbnGjKdTG\/y82aSrvN08YdeTFZjugb2P4mRHIEAGTtesl+i5wFkSoUklI+TtcDQspbRjfPmjPYPRzW0krAcCAwEAAaOCATMwggEvMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUmNH4bhDrz5vsYJ8YkBug630J\/SswHwYDVR0jBBgwFoAUm+IHV2ccHsBqBt5ZtJot39wZhi4wNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5wa2kuZ29vZy9nc3IyMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMi9nc3IyLmNybDA\/BgNVHSAEODA2MDQGBmeBDAECAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3BraS5nb29nL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAagD42efvzLqlGN31eVBY1rsdOCJn+vdE0aSZSZgc9CrpJy2L08RqO\/BFPaJZMdCvTZ96yo6oFjYRNTCBlD6WW2g0W+Gw7228EI4hrOmzBYL1on3GO7i1YNAfw1VTphln9e14NIZT1jMmo+NjyrcwPGvOap6kEJ\/mjybD\/AnhrYbrHNSvoVvpPwxwM7bY8tEvq7czhPOzcDYzWPpvKQliLzBYhF0C8otZm79rEFVvNiaqbCSbnMtINbmcgAlsQsJAJnAwfnq3YO+qh\/GzoEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDAHMMAABvAwAdIHJo2c4KVN+CoUxaZSNZJAA1neTMVFMdaLlrhYyfhlJEBAMARzBFAiEA1aEQpiPcP2j255s8vrM7twEVl2fURcih\/qijiSimjZECIBovWYnKwFgg5yE9gM68Z2ly7RBtG2LFPMOcmq5NxiHvFgMDAAQOAAAA"}
-02156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_tot_l4_data_len":4159,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":519,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
+02167{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1582454867688,"flow_last_seen":1582454867789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3887,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"clients1.google.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"c60d01d600aacc2c04844595ce224279","ja3s":"b31c0b82752ea0e2c48b8ce46e9263e5","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00428{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":790200,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oxxAAEAG1YfAqAIQ2O8meIDOAbtPCpET7Ln4ioAQAWIfYAAAAQEICv\/\/M48G5BF8"}
00429{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":791027,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ox1AAEAG1YbAqAIQ2O8meIDOAbtPCpET7Ln+FIAQAW0ZywAAAQEICv\/\/M48G5BF8"}
00429{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454867,"pkt_ts_usec":791153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ox5AAEAG1YXAqAIQ2O8meIDOAbtPCpET7LoBiYAQAXgWSwAAAQEICv\/\/M48G5BF8"}
@@ -172,45 +172,45 @@
00497{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":7000,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"TGr2n\/YnxiwDYGpkCABFAABn5DgAAHYGnjjY7yZ4wKgCEAG7gM7sugGJTwqRcIAYAPAlqQAAAQEICgbkElb\/\/zPBFAMDAAEBFgMDACgAAAAAAAAAAGCBkTH0GlTpEG03TUiHoZEtrWtXoJe8ULPjsbHqT8w5"}
00428{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":15318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oyBAAEAG1YPAqAIQ2O8meIDOAbtPCpFw7LoBvIAQAXgUqgAAAQEICv\/\/M8YG5BJW"}
00858{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":127992,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFuoyFAAEAG1EjAqAIQ2O8meIDOAbtPCpFw7LoBvIAYAXgn1AAAAQEICv\/\/M+MG5BJWFwMDATUAAAAAAAAAARloW2AbeL3zCM\/FxBDPUlbQJO8P03c9V3tZ2In6JwC4p34fQaFDDmdyVo0vYbCj7yqvWAIMK+pMoWcRUNLm5xz6smYqyanNs+xhFrEwajdNfMaUt0DLmSlef9fgV8WhIEISQZPDD5I4WYC\/krL1xru5qePeoqVJQ\/5SnBtKtv6sVMYbRfwU5dFivRu2qWhzYIzkqjc0trYtEe2RJ3maRNpXD4ovdAjFNT5j8xEQkMVGU\/dQ\/Qg5ANnzXtS2oWpbghc60FaictIy4Iu3DGYmsxIaWTVAlXBBber9pLSjJDOdpfBn2h7dpvsVfqL79nOxJYYcT06G3Y4IqoK6Nulb8T4rx799WynRy4UKWNUki1\/ayIE+Wvg4JRPM5k0lzDrCK4cqkkQpYUJM58Rh5gk="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454868348,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454868348,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":348648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8A3VAAEAGs2vAqAIQrNkUSs0GAbvbqzdvAAAAAKAC\/\/+uLAAAAgQFtAQCCAr\/\/zQaAAAAAAEDAwg="}
00440{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":386134,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8PjQAAHUGg6ys2RRKwKgCEAG7zQbWjo3E26s3cKAS6yAJ1AAAAgQFZAQCCAq9hJee\/\/80GgEDAwg="}
00428{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":386954,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3ZAAEAGs3LAqAIQrNkUSs0GAbvbqzdw1o6NxYAQAVciEQAAAQEICv\/\/NCS9hJee"}
00681{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":424791,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtA3dAAEAGsrjAqAIQrNkUSs0GAbvbqzdw1o6NxYAYAVdNBgAAAQEICv\/\/NC29hJeeFgMBALQBAACwAwMhPT2KHzHW0LHLGe6T2CwyHBBvprpU2QgwVPHkrHLB\/AAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABr\/wEAAQAAAAAYABYAABNwbGF5Lmdvb2dsZWFwaXMuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEAALAAkIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABg="}
-00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454868348,"flow_last_seen":1582454868424,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":461131,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0PwMAAHUGguWs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPAhagAAAQEICr2El+r\/\/zQt"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":462800,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xiwDYGpkTGr2n\/YnCABFAABLqjFAAEARCw\/AqAIQwKgCAbfpADUAN\/8RnJ4BAAABAAAAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAE="}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454868462,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02334{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466397,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+PxQAAHUGfUqs2RRKwKgCEAG7zQbWjo3F26s4KYAQAPABYQAAAQEICr2El+7\/\/zQtFgMDAE4CAABKAwNeUlhUvrLDv7k9SIcDUVl7W67MLlbuQ+pET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMK2AsACtQACtEABn0wggZ5MIIFYaADAgECAhEAkmiT9mws\/aAIAAAAAC5xSDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDUyMloXDTIwMDUwNjExNDUyMlowcjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxITAfBgNVBAMMGCouc3RvcmFnZS5nb29nbGVhcGlzLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGjYvoWmAuEghf\/ulNjNGNsok42+wtJXhQpGeLGoP19pKNpl\/sL2YvefM41btnqT53ieXI4gPyoNKzjq6HcFxmajggQDMIID\/zAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUX9WmnWB+6rw+hoNKM5q3l7r85yIwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggHIBgNVHREEggG\/MIIBu4IYKi5zdG9yYWdlLmdvb2dsZWFwaXMuY29tgiQqLmFwcHNwb3QuY29tLnN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CIiouY29tbW9uZGF0YXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CKSouY29udGVudC1zdG9yYWdlLWRvd25sb2FkLmdvb2dsZWFwaXMuY29tgicqLmNvbnRlbnQtc3RvcmFnZS11cGxvYWQuZ29vZ2xlYXBpcy5jb22CICouY29udGVudC1zdG9yYWdlLmdvb2dsZWFwaXMuY29tghAqLmdvb2dsZWFwaXMuY29tgiEqLnN0b3JhZ2UtZG93bmxvYWQuZ29vZ2xlYXBpcy5jb22CHyouc3RvcmFnZS11cGxvYWQuZ29vZ2xlYXBpcy5jb22CHyouc3RvcmFnZS5zZWxlY3QuZ29vZ2xlYXBpcy5jb22CIGNvbW1vbmRhdGFzdG9yYWdlLmdvb2dsZWFwaXMuY29tghZzdG9yYWdlLmdvb2dsZWFwaXMuY29tgh1zdG9yYWdlLnNlbGVjdC5nb29nbGVhcGlzLmNvbYIPdW5maWx0ZXJlZC5uZXdzMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFwOW68ggAABAMARjBEAiAqXIB835y+StI5buVS70ZlHDYVp42pBYP8iJ8VwBmaAwIgFi2WB39kbmHISiQJx4F+fUlYSadFNWOwv5ONd22ERy0AdQBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAXA5bryXAAAEAwBGMEQCIBE="}
-00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_tot_l4_data_len":1811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02341{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466413,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+PxUAAHUGfUms2RRKwKgCEAG7zQbWjpNP26s4KYAQAPB+TgAAAQEICr2El+7\/\/zQtZgGRyfP8Xh9BjAoXEsnXOyBoQWwADXDGTG0w6+y6eQIgd7a87AnMAIPmI7vqMAfKvnTSoJvBOb1gkg1ivZpc6vkwDQYJKoZIhvcNAQELBQADggEBACwqIwztAr8ECO0nZPWuv8hrKocVp7JXUDUl6gLS04pdQ3oG4Gq6+3Yfxf51TY5HKfS6iAlw96X4sklrOMlR9DcHRm4II5E1BDvamYGGIS6+ubrneYT9JnqCB2impZNFovRoq9AJRtwL8OeB2dCQHyfNs9IXqJ3BVK5PaE8YnPX8XyiThhuysVUSK4BR92oQZSQSGCPU0cH03xiS6VDymdAcqRmRDGu56\/j57F+GLPuEMlkvhfcn2JT2eQD9GDGKLBgSQn5\/GlANVVPyhHLc7qYZODgzwZbqKxr7Evr6UAFLPeDQ+aXEwEAswp6RrcVDbLLQt21NvoVuYfmoMhElfWsABE4wggRKMIIDMqADAgECAg0B47SaoY2KqYElaVC4MA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTE3MDYxNTAwMDA0MloXDTIxMTIxNTAwMDA0MlowQjELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczETMBEGA1UEAxMKR1RTIENBIDFPMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAYz0XUi83TnORA73603WkhG8nPPI5MdbkPMRmEPZ48Ke9QDRCTbwWAgJ8qoL0SSwLhPZ9YFiT+MJ8LdHdVkx1L903hkoIQ9lGsDMOyIpQPNGuYEEnnC52DOd0gxhwt79EYYWXnI4MgqCMS\/9Ikf9Qv50RqW03XUGawr55CYwX74BzEY2Gvn2oz\/2KXvUjZ03wUZ9x13C5p6PhteGnQtxAFuPExwjsk\/RozdPgj4OxrGYoWxuPNpM0L27OkWWA4iDutHbnGjKdTG\/y82aSrvN08YdeTFZjugb2P4mRHIEAGTtesl+i5wFkSoUklI+TtcDQspbRjfPmjPYPRzW0krAcCAwEAAaOCATMwggEvMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUmNH4bhDrz5vsYJ8YkBug630J\/SswHwYDVR0jBBgwFoAUm+IHV2ccHsBqBt5ZtJot39wZhi4wNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC5wa2kuZ29vZy9nc3IyMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwucGtpLmdvb2cvZ3NyMi9nc3IyLmNybDA\/BgNVHSAEODA2MDQGBmeBDAECAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3BraS5nb29nL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAagD42efvzLqlGN31eVBY1rsdOCJn+vdE0aSZSZgc9CrpJy2L08RqO\/BFPaJZMdCvTZ96yo6oFjYRNTCBlD6WW2g0W+Gw7228EI4hrOmzBYL1on3GO7i1YNAfw1VTphln9e14NIZT1jMmo+NjyrcwPGvOap6kEJ\/mjybD\/AnhrYbrHNSvoVvpPwxwM7bY8tEvq7czhPOzcDYzWPpvKQliLzBYhF0C8otZm79rEFVvNiaqbCSbnMtINbmcgAlsQsJAJnAwfnq3YO+qh\/GzoEFwIUhlRKnG7rHq13RXtK8kIKiyKtKY="}
00643{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":466414,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"TGr2n\/YnxiwDYGpkCABFAADQPxYAAHUGgjas2RRKwKgCEAG7zQbWjpjZ26s4KYAYAPAc4gAAAQEICr2El+7\/\/zQtIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwByDAAAbgMAHSB7VtxCRs0c8B9etZT3IUKTQvlT5LDLWvonE9yJN3gFTgQDAEYwRAIgWQUikQAvlG1Y+hPTaCU66fj7H82hI\/D32LV46lBO2YQCIAsnO6sk7meCDdFHCBVwp\/+edGHHEih2ITumUaxcpKb3FgMDAAQOAAAA"}
-01468{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_tot_l4_data_len":3449,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
+01479{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":8,"flow_first_seen":1582454868348,"flow_last_seen":1582454868466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3177,"flow_avg_l4_payload_len":397,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.googleapis.com","server_names":"*.storage.googleapis.com,*.appspot.com.storage.googleapis.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.googleapis.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.select.googleapis.com,commondatastorage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com","alpn":"http\/1.1","fingerprint":"BA:BA:BA:55:69:9F:E0:BD:48:80:23:A4:B3:AD:C1:FF:EA:4E:17:C9"}}
00428{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":467589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3hAAEAGs3DAqAIQrNkUSs0GAbvbqzgp1o6TT4AQAWIbXwAAAQEICv\/\/NDi9hJfu"}
00430{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":468175,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3lAAEAGs2\/AqAIQrNkUSs0GAbvbqzgp1o6Y2YAQAW0VygAAAQEICv\/\/NDi9hJfu"}
00429{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":468291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0A3pAAEAGs27AqAIQrNkUSs0GAbvbqzgp1o6ZdYAQAW0VLgAAAQEICv\/\/NDi9hJfu"}
00480{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":503086,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"TGr2n\/YnxiwDYGpkCABFAABbmZAAAEARW6DAqAIBwKgCEAA1t+kAR93wnJ6BgAABAAEAAAAAEWNvbm5lY3Rpdml0eWNoZWNrB2dzdGF0aWMDY29tAAABAAHADAABAAEAAACxAASs2RID"}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454868511,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"dns": {"query":"connectivitycheck.gstatic.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.18.3"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454868511,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":511574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8PG9AAEAGfLjAqAIQrNkSA5AYAbuCdQgsAAAAAKAC\/\/91sgAAAgQFtAQCCAr\/\/zRDAAAAAAEDAwg="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454868527,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454868527,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":527203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8stVAAEAGBlLAqAIQrNkSA5AaAbtdpoaTAAAAAKAC\/\/8cFQAAAgQFtAQCCAr\/\/zRGAAAAAAEDAwg="}
00441{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":559889,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8mn0AAHYGKKqs2RIDwKgCEAG7kBpu4mZiXaaGlKAS6yC\/LgAAAgQFZAQCCApPRk15\/\/80RgEDAwg="}
00428{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":563343,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stZAAEAGBlnAqAIQrNkSA5AaAbtdpoaUbuJmY4AQAVfXbAAAAQEICv\/\/NE9PRk15"}
00692{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":563401,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3stdAAEAGBZXAqAIQrNkSA5AaAbtdpoaUbuJmY4AYAVcAOwAAAQEICv\/\/NFBPRk15FgMBAL4BAAC6AwOZySzIWyWPFv9jpx+5YWNqQg+xq9GVJmpUnw7vrnZc6QAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":32,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1582454868527,"flow_last_seen":1582454868563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":595991,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0mn4AAHYGKLGs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPDW6gAAAQEICk9GTZ7\/\/zRQ"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":597303,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBqkFAAEARCwnAqAIQwKgCAcjmADUALYwU2tsBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454868597,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":597743,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRZjUAAEARjwXAqAIBwKgCEAA1yOYAPQ9d2tuBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAAEEABKzZqM4="}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.168.206"}}
02329{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603874,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+moIAAHYGIyOs2RIDwKgCEAG7kBpu4mZjXaaHV4AQAPAi0QAAAQEICk9GTaX\/\/zRQFgMDAE4CAABKAwNeUlhUQJRQ5SuiF2G7xnJZiVxojJOS3exET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMNowsADZ8ADZwACUgwgglEMIIILKADAgECAhEA7t5lYM01wK8CAAAAAFlxtzANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDcxMVoXDTIwMDUwNjExNDcxMVowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMqMT0i7BQw1shsKaI5LVdYjbI8UtqdK0sgAO6ZqOc+YesQP7j9s8prcdd5wziE9Ucvw6CrBVha95mxLo50X0+qjggbaMIIG1jAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUJG03UAoCuTPcqUYyl+EtiRo8WRgwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggSdBgNVHREEggSUMIIEkIIMKi5nb29nbGUuY29tgg0qLmFuZHJvaWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIGKi5nLmNvgg4qLmdjcC5ndnQyLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiouZ2dwaHQuY26CDiouZ2tlY25hcHBzLmNughYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CEyoud2Vhci5na2VjbmFwcHMuY24="}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_tot_l4_data_len":1821,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02336{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603905,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+moMAAHYGIyKs2RIDwKgCEAG7kBpu4mvtXaaHV4AQAPA4hgAAAQEICk9GTaX\/\/zRQghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tghEqLnlvdXR1YmVraWRzLmNvbYIHKi55dC5iZYILKi55dGltZy5jb22CGmFuZHJvaWQuY2xpZW50cy5nb29nbGUuY29tggthbmRyb2lkLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNuggRnLmNvgghnZ3BodC5jboIMZ2tlY25hcHBzLmNuggZnb28uZ2yCFGdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tgg9nb29nbGVjbmFwcHMuY26CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJvaWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYILeW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5jb22CBXl0LmJlMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFwOXBpZwAABAMARjBEAiA+QN+Y1BC1iTg87rmcpsUM\/Gu24qPQtScwEkDt1exEhAIgQZ65pwiFU6WtL7WIBUDRTSLLJtQzSUb9E8H\/e+H3kv8AdwBep3P531bA57U2SH3QSeAyepGaDIShEhKEGHWWgXFFWAAAAXA5cGl4AAAEAwBIMEYCIQD9qpknf9RA9NTnDbJ1R740ilIoZ5axO70RNKA2ozIpDQIhAI1NyadJ74gUNJMOwgVolIAXXkoTlllaI+RlhpKJXQelMA0GCSqGSIb3DQEBCwUAA4IBAQB\/1D1o4bHjhENzzSVqw\/WiW7R1Yg4kZjli4Jx+LL27l0iKIq5Je3M7N9seKeytHKln9LJWcZKJU0ZbTMAspum0myuT9TCRUzlQySsFdd3w5wh0ORzaaMxfdFZXbP5bVcGkuC\/FdoNgnFFjfdJlif8ZWazQdGNT68dXSNYBrSWcZvTi6UHviVzyKRNF8NXQPkmfEGnd4JAhXr\/bNfKhYp\/n8vsemQpmKWuA2eO+1W3C8iCVQ2JaQUSEkOquDseMqEKLRl+Rqg9HWNZpZ7CJfxVEk9f8L9nc9fqQrRM3CB6E4nNwbo7jkwdkw9vcyse48vXjWRg69iSIEEw4VHtES7QNAAROMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKg="}
01608{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":603921,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOcmoQAAHYGJUOs2RIDwKgCEAG7kBpu4nF3XaaHV4AYAPC2NQAAAQEICk9GTaX\/\/zRQIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMAcwwAAG8DAB0gSrU5ywnvnkB7dZHgM0sLsZmnlRz1E8V2FCDzK2mLyDMEAwBHMEUCIQCPeNWXClhlpfwwmkAkeAjuRggqxb0S1CUaJEKYc87xtgIgR21phmoPwqRwHIAuDCtSt6vUsRiSJcTnj77tX2jgzCoWAwMABA4AAAA="}
-02141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_tot_l4_data_len":4175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":521,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
+02152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":146,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1582454868527,"flow_last_seen":1582454868603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3903,"flow_avg_l4_payload_len":487,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","server_names":"*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.crowdsource.google.com,*.g.co,*.gcp.gvt2.com,*.gcpcdn.gvt1.com,*.ggpht.cn,*.gkecnapps.cn,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlecnapps.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.cn,*.gstatic.com,*.gstaticcnapps.cn,*.gvt1.com,*.gvt2.com,*.metric.gstatic.com,*.urchin.com,*.url.google.com,*.wear.gkecnapps.cn,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.youtubekids.com,*.yt.be,*.ytimg.com,android.clients.google.com,android.com,developer.android.google.cn,developers.android.google.cn,g.co,ggpht.cn,gkecnapps.cn,goo.gl,google-analytics.com,google.com,googlecnapps.cn,googlecommerce.com,source.android.google.cn,urchin.com,www.goo.gl,youtu.be,youtube.com,youtubeeducation.com,youtubekids.com,yt.be","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google.com","alpn":"http\/1.1","fingerprint":"80:50:28:F4:84:F5:C4:C6:41:DE:75:67:38:C4:A6:E2:59:FF:75:42"}}
00428{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0sthAAEAGBlfAqAIQrNkSA5AaAbtdpodXbuJr7YAQAWLQ3QAAAQEICv\/\/NFpPRk2l"}
00429{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606703,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stlAAEAGBlbAqAIQrNkSA5AaAbtdpodXbuJxd4AQAW3LSAAAAQEICv\/\/NFpPRk2l"}
00429{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":606711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0stpAAEAGBlXAqAIQrNkSA5AaAbtdpodXbuJ034AQAXjH1QAAAQEICv\/\/NFpPRk2l"}
@@ -218,7 +218,7 @@
00440{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":843663,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8fo0AAHYGRJqs2RIDwKgCEAG7kBjGuYRJgnUILaAS6yAZNAAAAgQFZAQCCApRt9Th\/\/80QwEDAwg="}
00429{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":844578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0PHBAAEAGfL\/AqAIQrNkSA5AYAbuCdQgtxrmESoAQAVcxKAAAAQEICv\/\/NJZRt9Th"}
00694{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":936798,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":261,"pkt_l4_len":227,"pkt":"xiwDYGpkTGr2n\/YnCABFAAD3PHFAAEAGe\/vAqAIQrNkSA5AYAbuCdQgtxrmESoAYAVdmqgAAAQEICv\/\/NK1Rt9ThFgMBAL4BAAC6AwPJiz4b6rt+LTNT4uSDXUKsbprZa0zZMc753ZkGH\/Y+XwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAAB1\/wEAAQAAAAAiACAAAB1jb25uZWN0aXZpdHljaGVjay5nc3RhdGljLmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":32,"flow_max_l4_data_len":227,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454868511,"flow_last_seen":1582454868936,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"ConnectivityCheck"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connectivitycheck.gstatic.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00428{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454868,"pkt_ts_usec":964867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ft4AAHYGRFGs2RIDwKgCEAG7kBjGuYRKgnUI8IAQAPAwPAAAAQEIClG31Vr\/\/zSt"}
01608{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":31105,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"pkt":"TGr2n\/YnxiwDYGpkCABFAAOcfwwAAHYGQLus2RIDwKgCEAG7kBjGuY9egnUI8IAYAPA2mQAAAQEIClG31Zz\/\/zStIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMAcwwAAG8DAB0gi6uZsWfHiezSwbfq6DRkDn564CwchFJEx\/azysIlHjYEAwBHMEUCIFRKBiPbEC5Dn7ixMjVQzTFM1ptS4NLE6u7J5XY1wxXyAiEAjA1+D2yIXZT6j6vjd4XWqrnNsy8f+R33JV6fuBgC91cWAwMABA4AAAA="}
00443{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":32347,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkTGr2n\/YnCABFAABAPHJAAEAGfLHAqAIQrNkSA5AYAbuCdQjwxrmESrAQAV1KBwAAAQEICv\/\/NMVRt9VaAQEFCsa5j17GuZLG"}
@@ -230,25 +230,25 @@
00827{"flow_id":32,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":287135,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYnD0AAHYGJc6s2RIDwKgCEAG7kBpu4nTfXaaHtIAYAPB9EQAAAQEICk9GUFH\/\/zTnFgMDAOwEAADoAAGJvwDiAZR0wlJK56tqlFe1HOm0VA0hoNgd3WqRdt3VwNjJbABNFZ9zOd32WAw1h9XjV41RjhucVX7ApWvXZe5Zy+ti7+mo7AL9UE0iaxgA879V5c4wT1WxffCTNwn4rXks0Ez41Gfz8DZxFsum0C3k4EGCG4Jd5\/Rbzy4rsyMlDCqdSoUlFIJYawbJG2cjr8Rm+IAfDFYruos9nfazR2oqH\/hZ5w83F10f1D5Jzw1rluUTBwu8+qgbOURLuiVFYW4Lt2sayRdeUDmz3XRhiQmr8AfQi3w15FdrRfc2gQe7BuSdOSbMahQDAwABARYDAwAoAAAAAAAAAACZiErzXS0kd7\/KA9aEEAASjTiTXaFyZp7ND4tkNQ4v3w=="}
00784{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":288150,"pkt_caplen":327,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":327,"pkt_l4_len":293,"pkt":"xiwDYGpkTGr2n\/YnCABFAAE5stxAAEAGBU7AqAIQrNkSA5AaAbtdpoe0buJ2A4AYAYPsjgAAAQEICv\/\/NQVPRlBRFwMDAQAAAAAAAAAAAR4cFXslGpAZPuHoiPLlIlie7vqB6wq3xrA\/e6HrMCAQHz2AF8AbKO7FAUcqGUP7GLQ51xsck044J1hJDAPdfb27\/h7irFPkjP6rPostVsSj1gLzUkkjriCgLKhWHPXDK6UxDC7akrlGwl0ppS8gTqKGg747J9cJfIsuHktFX8IGsJ29ucQ6+0Bzp7lzmE8lCOe1j2cOeD7REoVaDT2u8RxWjfSuRKJfFQZzdl+7TBFRBZ5WoLQWO16D+nFqBLcAoN3m4QjwieOjfwnzwxDLCtoB\/Y4oDP5hUrPzeYkuWGrkZGwdD8BWg2421IjvNuTJ0v\/swtva+s2d"}
00827{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":319644,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYnEgAAHYGJcOs2RIDwKgCEAG7kBpu4nYDXaaIuYAYAPTElQAAAQEICk9GUHL\/\/zUFFwMDAR8AAAAAAAAAAf5p\/XqVoeBC+89RVlKX4rcaaMrlscPRmbHbHRxgxdrCAvV7Bne5xeVb0z3OXOQSUekEx2NhtiTxgNtf+gZbcg2rrGIapFfoHSdPK85pjcY33U27qzDoZH6rmTKn0oNLHEOxgIFsh7Zjz+9+1La3Ysk1WnfhSHwvWekf4lnoZFJ\/utO+KzhHrFOGWJa7bRGdk6JA3vrXf5Ue4+xzpKV+LFwwIlFVbQEUV2SgiUt6kKI7R5pCkzI8qv6QhpzLdsxR\/pIWDlZNPuIn4vTpoCU9bDBhk9rUrqpEz7fwRpCAIxbJZIgKdE8X8C5MSucg5ZkhVqj2AdXsX3TE6x0vaZHw8CULR5IPoEidIq04D+FdVrsFgUiucXB6Ow=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":361238,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA+qnVAAEARCtjAqAIQwKgCAZhgADUAKv996DEBAAABAAAAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454869361,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":363299,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"TGr2n\/YnxiwDYGpkCABFAABORPIAAEARsEvAqAIBwKgCEAA1mGAAOr6H6DGBgAABAAEAAAAABW10YWxrBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454869517,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"mtalk.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454869517,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":517223,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ooxAAEAGf8\/AqAIQrNmozsTQAbv86pehAAAAAKAC\/\/+fWQAAAgQFtAQCCAr\/\/zUtAAAAAAEDAwg="}
00442{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":556140,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA80VwAAHUGW\/+s2ajOwKgCEAG7xNCPRbjJ\/OqXoqAS6yAGLQAAAgQFZAQCCApmsf+J\/\/81LQEDAwg="}
00428{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":557517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo1AAEAGf9bAqAIQrNmozsTQAbv86peij0W4yoAQAVceWQAAAQEICv\/\/NUhmsf+J"}
00682{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":614403,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"xiwDYGpkTGr2n\/YnCABFAADtoo5AAEAGfxzAqAIQrNmozsTQAbv86peij0W4yoAYAVd6YwAAAQEICv\/\/NVdmsf+JFgMBALQBAACwAwNEQVlrFj9Y47MgZ8vO8k2FXJJ0JJ\/6X8XoKgfa\/cCzYgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABrAAAAGAAWAAATYXBwLW1lYXN1cmVtZW50LmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgE="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454869626,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1582454869517,"flow_last_seen":1582454869614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454869626,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":626114,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2ZAAEAG9TXAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9vQQAAAgQFtAQCCAr\/\/zVZAAAAAAEDAwg="}
00430{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":652270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA00aQAAHUGW7+s2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAdlwAAAQEICmax\/+r\/\/zVX"}
02336{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657605,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+0aYAAHUGVjOs2ajOwKgCEAG7xNCPRbjK\/OqYW4AQAPAyawAAAQEICmax\/+7\/\/zVXFgMDAE4CAABKAwNeUlhVGcr8B0rHO6b\/GCDsECzaxrb1DZZET1dOR1JEAQDALwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMK7wsACusACugABpQwggaQMIIFeKADAgECAhEAoHWTPAFc8ygIAAAAAC5w1DANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExMzcwM1oXDTIwMDUwNjExMzcwM1owcDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxHzAdBgNVBAMMFiouZ29vZ2xlLWFuYWx5dGljcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsjqQPYIy13aohxBJa9uxsCVQvXEygJmGQAXKdSWIB4Mx3+vfxyWREdR0fxBMuI+dRqwnGjHe+X69qUSw\/iDyzS4wH3PPj2hJhLOSqPbkVXYi4a1FQV4s65FPsz34RD9wcIYLllYLqAoEyUnNoh8Y7MLdrV48dBW2vS6LOIT7nONe1SVeVs+hHU423AQTJmwHvjZ9v90J\/37Uygpr5yN7Qr1YUVTz0g9RCo5JhouIED5uqoCnw9s1UEanNF3eo2KJA7xiXF4+rPOYHXJI+I4B1swv4lmftVNhJN5lTHckJnJvBFofyZWz5c2KsvolsX7XIVOPCCw6HmBzXRNRkTDzZAgMBAAGjggNRMIIDTTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUJbP0dPtET7nk1pC7uZnV84BjsbowHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwggEWBgNVHREEggENMIIBCYIWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYIKKi5mcHMuZ29vZ4ITYXBwLW1lYXN1cmVtZW50LmNvbYIIZnBzLmdvb2eCFGdvb2dsZS1hbmFseXRpY3MuY29tghJnb29nbGVvcHRpbWl6ZS5jb22CFGdvb2dsZXRhZ21hbmFnZXIuY29tghJzZXJ2aWNlLnVyY2hpbi5jb22CGHNzbC5nb29nbGUtYW5hbHl0aWNzLmNvbYIKdXJjaGluLmNvbYIYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tghZ3d3cuZ29vZ2xlb3B0aW1pemUuY29tghh3d3cuZ29vZ2xldGFnbWFuYWdlci5jb20wIQYDVR0gBBowGDAIBgZngQwBAgIwDAYKKwYBBAHWeQIFAzAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vY3JsLnBraS5nb29nL0dUUzFPMS5jcmwwggECBgorBgEEAdZ5AgQCBIHzBIHwAO4AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXA5ZxxLAAAEAwBGMEQCIGp+ch+ml1Z+2P0TpL2JC9EscUgS3U\/MGeFIVeTzrpxuAiBPPl62hWqFTci6xWjJgkPvjrSCn2SqIdPy94OXYSYCAwB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZY="}
-00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_tot_l4_data_len":1811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1603,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02348{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657619,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+0acAAHUGVjKs2ajOwKgCEAG7xNCPRb5U\/OqYW4AQAPB2\/wAAAQEICmax\/+7\/\/zVXgXFFWAAAAXA5ZxxeAAAEAwBGMEQCIAlbEL4rwzkATincBXoDw\/uNnAYaFfEUvYBUtNjtT0Q\/AiBYbwovSFT18FB1KMB1EKUpO69zHXxsSkUzL9XG81tiyzANBgkqhkiG9w0BAQsFAAOCAQEANDfZQXf8foDoXrYCeRLaTSs\/hfoYGwjKLhN8HOFomPkcUSDRuIkeaWuZ+aElHPcMXOl3b9lqYkQwobrOCzkC8hafH1Ng2x\/rN\/PSANEq4vdbNtEkleNxOrly2SKnX7No4L+9OCkUEZ0t+9kY0LEhYJlQR5lwAwQ4qsEWK77xHC8SWL26gyh+UblnxrcTqMuxURb3AOUlAJzi9rop8XgnkwrZ5BJdbWQC728quL4ImIEDIIkED6Qg8KcPybOLITdX0hmIQe79p1S\/VdMvrTP3vzrp1aPNqqxQRuKsYAVIX\/eg+rPt9H1vMs00mVf5vdhfp1ZC\/ZEWnIu+etuZ4F235gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOg="}
00931{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":657623,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"TGr2n\/YnxiwDYGpkCABFAAGh0agAAHUGWk6s2ajOwKgCEAG7xNCPRcPe\/OqYW4AYAPAVzQAAAQEICmax\/+\/\/\/zVXEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDASwMAAEoAwAdIBn+u7QgqnpE1LaIjhrhz5RsAdpexaWtkaz2KsS2djRVCAQBAKuBytnRvHo1xi\/DDalS6JuO9Un0m4Q4hFFaCdDPRcf+DxgelaVEAOJJXJc5Kr1BoeDGWZPCUBEf9xJZFl5bw54vOoNzwG7eu2zciQbQ3hSeZ1MftsM\/9ne7\/EJMck9gPMKQNhfshZwTAQohP55Lo\/EsXQuB6vxPMXIzpQ\/bQ5vJy6WbJuna2X4N4UtISD3xtBHL31xPnPmgtQU45rY492OnLgDg3yODhe86N4bYw+QSjfAhSw8PXZSFeIw18glJsRXne8QBsmKBFjDrvMeNyONL1afRlV+RsdVuhMGJHdUbzR\/m0uoIAyXSnWohltFeX0Di9GvdD+NawHonq2jL+CQWAwMABA4AAAA="}
-01283{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_tot_l4_data_len":3658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
+01294{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":176,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1582454869517,"flow_last_seen":1582454869657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":423,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","server_names":"*.google-analytics.com,*.fps.goog,app-measurement.com,fps.goog,google-analytics.com,googleoptimize.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googleoptimize.com,www.googletagmanager.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"9d9ce860f1b1cbef07b019450cb368d8","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com","alpn":"http\/1.1","fingerprint":"B0:D9:D3:57:C2:34:87:2C:FB:F5:E6:BD:7F:9F:54:65:08:61:AF:01"}}
00929{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":738399,"pkt_caplen":431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":431,"pkt_l4_len":397,"pkt":"TGr2n\/YnxiwDYGpkCABFAAGh0dwAAHUGWhqs2ajOwKgCEAG7xNCPRcPe\/OqYW4AYAPAVfAAAAQEICmayAED\/\/zVXEFwIUhlRKnG7rHq13RXtK8kIKiyKtKYhq2P\/11JJUNCJt63yr\/tQri\/hlQ3zRq2dnPXKFgMDASwMAAEoAwAdIBn+u7QgqnpE1LaIjhrhz5RsAdpexaWtkaz2KsS2djRVCAQBAKuBytnRvHo1xi\/DDalS6JuO9Un0m4Q4hFFaCdDPRcf+DxgelaVEAOJJXJc5Kr1BoeDGWZPCUBEf9xJZFl5bw54vOoNzwG7eu2zciQbQ3hSeZ1MftsM\/9ne7\/EJMck9gPMKQNhfshZwTAQohP55Lo\/EsXQuB6vxPMXIzpQ\/bQ5vJy6WbJuna2X4N4UtISD3xtBHL31xPnPmgtQU45rY492OnLgDg3yODhe86N4bYw+QSjfAhSw8PXZSFeIw18glJsRXne8QBsmKBFjDrvMeNyONL1afRlV+RsdVuhMGJHdUbzR\/m0uoIAyXSnWohltFeX0Di9GvdD+NawHonq2jL+CQWAwMABA4AAAA="}
00556{"flow_id":31,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":778854,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACRPHVAAEAGfF3AqAIQrNkSA5AYAbuCdQjwxrmSxoAYAXTxaAAAAQEICv\/\/NWZRt9XXFgMDACUQAAAhIL1QAZblmBaS6MGJRISNBquGjHKHv6oBM9BlgurCo98yFAMDAAEBFgMDACgAAAAAAAAAAL6QL605fB1xUgS6LTyTDwho0hrG6v3MkF+xlS4sSJrG"}
00430{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454869,"pkt_ts_usec":780647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0oo9AAEAGf9TAqAIQrNmozsTQAbv86phbj0W+VIAQAWIXbgAAAQEICv\/\/NYBmsf\/u"}
@@ -263,55 +263,55 @@
00730{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":51431,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"xiwDYGpkTGr2n\/YnCABFAAEQA31AAEAGso\/AqAIQrNkUSs0GAbvbqziG1o6amYAYAXinsAAAAQEICv\/\/Nay9hJ10FwMDANcAAAAAAAAAAaUjp1pLq7doAXFoRPhZWR58fJOAnEpRkxO8Mv4ktuLmRQtiUMdV95mG4kqqPDHeqpzHA6lmvtKElK4xI9opiKbL06SgDrYtAygpdyYEy0vutTDREtFTwp2s6D\/1TaKOmK4EaXURmC4JPOM6tf0cu9yJSwwmhaxSsGEm8viYV3nmq19Hq6+xXInWS6B+ABplV3bV+VSZNMMbuy74K1cGTc0K+PtSRYBPu4w2wUEAYSMdI\/gxkypgBLQVpTzAZp4Mbxk2QPOSe48DI8gFybwi0A=="}
00829{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":83405,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFYghgAAHYGP\/Os2RIDwKgCEAG7kBjGuZPqgnUKUoAYAPR1hwAAAQEIClG32bn\/\/zWHFwMDAR8AAAAAAAAAAQ7BhBG2DqqUMdwwsRseJG1rLbfoFfMGewoYmrVXALwA7JotYtDqBdPtWrARdP0z1AuCOC+kFPd\/t\/Cz4o\/KYIi1aMBLfMwwX7LmP2Xb8SYiD9VoTZSXEnGC8uXAjGSum\/ZcbiAhFwEHBotnLEOekifc6MgOgcJbQOoEw9EvxL+udMJ2Dbm25w09KdE5NQNAZruKREcbWqjnlkkXG\/IQj++BmW5eLSawGefGDc5FxLol9v0Cn8UbEjcC0ovNvBbu6AoKbdO6XhzsAhLW5IjlKz+nGVf5sZywenHdKYtgAWuGJf1ADfTw7bALT31Hp0ogHNXxDCVwmTy3Go6qvk3jm6sIDSU+6PxWH3ViVRmYZhPouOqlV5DGZQ=="}
00443{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":649882,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8g2dAAEAG9TTAqAIQ2O8meMFmFGxVMrY\/AAAAAKAC\/\/9uQgAAAgQFtAQCCAr\/\/zZYAAAAAAEDAwg="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":996454,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkTGr2n\/YnCABFAABIq6dAAEARCZzAqAIQwKgCAY8FADUANFCq5z4BAAABAAAAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454870996,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454870,"pkt_ts_usec":998449,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"TGr2n\/YnxiwDYGpkCABFAABYgb0AAEARc3bAqAIBwKgCEAA1jwUARA+05z6BgAABAAEAAAAAB2FuZHJvaWQHY2xpZW50cwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":52,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454871042,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":201,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"dns": {"query":"android.clients.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454871042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":42436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA83wxAAEAGmY\/AqAIQ2O8meIDaAbu5DOmwAAAAAKAC\/\/8p0AAAAgQFtAQCCAr\/\/za8AAAAAAEDAwg="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":51013,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq69AAEARCZvAqAIQwKgCAX6cADUALTLn3DQBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454871051,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00440{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":56176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA84WAAAHcGoDvY7yZ4wKgCEAG7gNr8u4aauQzpsaAS6yCywwAAAgQFZAQCCAqJFH+\/\/\/82vAEDAwg="}
00429{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":57218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w1AAEAGmZbAqAIQ2O8meIDaAbu5DOmx\/LuGm4AQAVfLBwAAAQEICv\/\/Nr+JFH+\/"}
00440{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":58563,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACTGr2n\/Ynht1gAAAAABA6\/\/6AAAAAAAAATmr2\/\/6f9if\/AgAAAAAAAAAAAAAAAAAChQAIygAAAAABAUxq9p\/2Jw=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":61577,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGq7FAAEARCZTAqAIQwKgCAR3sADUAMs+l\/agBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454871069,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454871061,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454871069,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":69614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8\/AdAAEAGfJTAqAIQ2O8meIDcAbs4lMrFAAAAAKAC\/\/\/JKwAAAgQFtAQCCAr\/\/zbCAAAAAAEDAwg="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454871075,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454871075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":75698,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8xAhAAEAGtJPAqAIQ2O8meIDeAbsJrvLMAAAAAKAC\/\/\/QBgAAAgQFtAQCCAr\/\/zbEAAAAAAEDAwg="}
00440{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":83686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8bmcAAHYGFDXY7yZ4wKgCEAG7gNxV\/jlEOJTKxqAS6yDJiQAAAgQFZAQCCAom516W\/\/82wgEDAwg="}
00428{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":87218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/AhAAEAGfJvAqAIQ2O8meIDcAbs4lMrGVf45RYAQAVfhzAAAAQEICv\/\/NsYm516W"}
00440{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":88655,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8Nk0AAHcGS0\/Y7yZ4wKgCEAG7gN4gvysUCa7yzaAS6yD0TQAAAgQFZAQCCApclUhu\/\/82xAEDAwg="}
00427{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":89851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xAlAAEAGtJrAqAIQ2O8meIDeAbsJrvLNIL8rFYAQAVcMkgAAAQEICv\/\/NsdclUhu"}
00465{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":90412,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRSjQAAEARqwbAqAIBwKgCEAA1fpwAPWeH3DSBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454871094,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":215,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454871094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":94545,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8RuFAAEAGM+7AqAIQrcJPco\/iAFBu6HAoAAAAAKAC\/\/\/iBQAAAgQFtAQCCAr\/\/zbJAAAAAAEDAwg="}
00477{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":100485,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWpmUAAEARTtDAqAIBwKgCEAA1HewAQssi\/aiBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454871103,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":217,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454871103,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":103439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8ApdAAEAGssnAqAIQrNkVysrYAbsvYjRcAAAAAKAC\/\/9bhgAAAgQFtAQCCAr\/\/zbLAAAAAAEDAwg="}
01126{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":103583,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5xApAAEAGspTAqAIQ2O8meIDeAbsJrvLNIL8rFYAYAVc5mwAAAQEICv\/\/NstclUhuFgMBAgABAAH8AwMxTXvusHBDhpdSzKEoPqQ2o90gb87HP3QFZwA4kEZ\/QyD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHgAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACBI0V5haWJofMB6PMnUO4IQ7keMeAwbqHFyCH7tJ8MoLgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1582454871075,"flow_last_seen":1582454871103,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01130{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":105198,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI53w5AAEAGl5DAqAIQ2O8meIDaAbu5DOmx\/LuGm4AYAVc8kAAAAQEICv\/\/NsuJFH+\/FgMBAgABAAH8AwNXR4IBK0icLctGWlxjvV\/JiAB62cpYMwCtfNZyJo3zdyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZQAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACDrv790wU6es29sORpkI+NUqAeVoQxGptljCga\/6WmGZAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1582454871042,"flow_last_seen":1582454871105,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":115584,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8q7VAAEARCZrAqAIQwKgCAZ6EADUAKMiehDwBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454871115,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00428{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":115912,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0NlQAAHcGS1DY7yZ4wKgCEAG7gN4gvysVCa700oAQAPAK1AAAAQEIClyVSIr\/\/zbL"}
00458{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":117429,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABM2yQAAEARGhvAqAIBwKgCEAA1noQAOIeohDyBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
00429{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":118481,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04ZEAAHcGoBLY7yZ4wKgCEAG7gNr8u4abuQzrtoAQAPDJHgAAAQEICokUf\/7\/\/zbL"}
00441{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":128611,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA83d0AAGcGtfGtwk9ywKgCEABQj+ImKPRybuhwKaAS87giVwAAAgQFlgQCCArBhO\/i\/\/82yQEDAwg="}
00431{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":130064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuJAAEAGM\/XAqAIQrcJPco\/iAFBu6HApJij0c4AQAVdDYAAAAQEICv\/\/NtHBhO\/i"}
00829{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":131065,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuNAAEAGMsvAqAIQrcJPco\/iAFBu6HApJij0c4AYAVesTgAAAQEICv\/\/NtLBhO\/iR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454871094,"flow_last_seen":1582454871131,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
02356{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132684,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+NmQAAHcGRbbY7yZ4wKgCEAG7gN4gvysVCa700oAQAPCzlQAAAQEIClyVSJr\/\/zbLFgMDAHoCAAB2AwMJ5+bEQZGqSbvKHHvA6OhZFmLIMc6WOA9IKTeVeBOJByD4xr0gtG8NjPlWhUg7IfWsznkFNClZBNvxMyLqGIrBHhMBAAAuADMAJAAdACAlVzu8mSjqJcKGpo9HI5rQXClsQPwaTgdhQ9yhViWzLwArAAIDBBQDAwABARcDAw4znWgR9q\/08TI8DEAJmQg\/\/Wyv7Xw6fUhWjAAVBXIY6dCFzbcyvv7G5RiACsP48WNvufQJs42gcLTe8rMwSk\/+okAS+08DsNSUqcCIAHlXLEVEJiNlLXC6URbkOsEp0h0FJsKi\/rnY2JFTLl\/4jWzt5z4JhBIYLiJwLeoskfchOXpZB1YcvWP4f1bIJwPM3x11+Z\/YcUbw\/RxQZIAyf45c9djprp1bM+ieVPgJSNjC5fa3BxQxdePTxWoNQCMixHro4X6dMtg0sabqwedtnXyLvnv1I66fcRLu5RC3J9H5CMffqptbGFa\/6EbHcFDYzSzTwLLOI5lXSsC8jI\/pKNMIMWdJzoaDyPqzSdiw3pHJGbjek1bmzlEIYjoKZmhJLEq2i9PjauCtkpAfw3XZ6kQXcJqd2i43EkqU00bF5X\/BtiZfQas49kbcdhnbbJfFxRHsmUr+y\/\/HkNcjJRU1Rq16b\/hriOmVOAK2jxHIwkc7NsnGWDZ7BweXYCbeGqYE6n\/mO+w8YWFDkRdIBgwzmFOBLwFWLjdPkb1Bus19SlMl\/gvinkrbtLTycyCdfpvCnKyA+x7XdTbYhTlrTnQdQQz3bQHYcJRIfkBz5QVAa+NC+pKWts0VxK5CwC8naJqnE1V8VzVIc3Z039tcc\/rDCX1lakH\/\/EJjM2mOmDt0HoHlg7U21qZtfCGKkuwBBhdLjjf5h6sv829St4z0zcYkxs7W3UXss2\/i95jMg2Bffj2qal\/yIXtXvgqtZgTVMQl4MRwfd0QFwubkwUGZ1tPe+Y8Kp6WKikKEvYcTEg55tmOdT54bu1E0mtW1chribtv5fpxbhnZdZpcyfvRZloSnNZ0V+JtnZASi1HFAINCUY+7Fc\/D40Nt5zgJaaAdW++RvNQHbNhOIYzlSWx3qyYHXa06nu5XGWe+Ozhj5Lw0j0ROnRHh9tSMUNGZhOQUj016EMbKa1+FHzK\/Q7spBiccqR5V+dGRMELW\/ZYUjHqFnVhORzbdP5XRHFC1TnZf5RiXjOeRAnY8uaaoxyTTVBKHS01j8OuO1Es05bzO9ZFCDMlLhbr9+95Ur8zv+Q2caTWc90VNRQiTXJC\/Fe7D+S0W5N1L0N0jbksz+xvjhU9l4ZhREP4Y3bnqrFKfuupc7UPZ\/9h7hrJhpDWmmwRTtph6IbI7re91q7E3j86OddBssD4S6DTQafJ3oYdYfNb3rLU8+92p+hfGNE5W0bAwBO\/qKScpdZ+o3t0Qnbbm+NMDkIN7dVpCxt7NTHxcoC5CbWLP3ewBtns8OjqQIOA8XYLMBU9mvKYXCxXQLBb70znbPL5P4NV1wCkcTYABDKKdxN2YGzE2Ue2U9xyfmOAXEqyeL62QWbh415R+EL0tx9jeAiPqDhCFyzMUEJyjmVbsC0uC4SX3+nGZeifWuC+XLGKBrz4VW6wrXm7y741f\/dBE7AX1drxNYZTSr+AwS1\/FKYaSJhPXer7dDI6zvAhkkqjPusZzXccnhPsGI2o7ODauEGil68M7qYcsS5+S4KINm7fb2IxlC730c651w8LQkc33wNs1AWnYIcuWSfQ6ljQeneJd59tGkBKWQczWPKhSyGHln2C2vd10ytttAXbGGm2OW6zAASXTQhhdWZDZKkhYv5oc4gucD5CWgPej8cCLBNxKv+R176fSL14zOhsHUM9017zEMHLhJNv\/b1uO3TTbnYuxJqKI="}
-00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1582454871075,"flow_last_seen":1582454871132,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02346{"flow_id":42,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132698,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+NmUAAHcGRbXY7yZ4wKgCEAG7gN4gvzCfCa700oAQAPDrTQAAAQEIClyVSJr\/\/zbLt2z1UUcE971oL44zCEN7OSbyOo0XDyXoI2kJMoGc6gPpAOusRu1EiAS+BQwa6qETsfOUAgIGfEQnKKwN77adL0ghyBJZKCR6YP2pee2HhJqwV4vcVl3Q2b1pujuIOlQrNIiQbE6hUVly292uSSSkoohu2KFiT1emMdOFqtM8\/BBqhwp4gFpnbSmDBpUB7a5GuelUbGOt8bSUpLcOeMeAMqNLfV+Rg32drLAKIQRpNDVt56AB\/SMRAI+xbCp+kUsvwh+aF+0mXvjs9EpPE6e7EheGPwQgMEdhiCfhyYGYTnjmE18U2wCa5QZwZXrhtZbNiUE58WK1HGlx8CzFVoivDUMy8dRUbvOoPYAdLMsC3ZRU9kKYh00c7xmhmiWbs5+2LFkvMuoqlCID3wbuMlIO8uTnz83TC31IASAsrcZ2K+AA2ML5cuuP9rt+jJX7Yap68TiGMOFTXM97rnIIImXcjJEWklH88Pm+iLv6fMuABpq5Z5xlGLTBPeQc\/S3bLMrgavBOJI4kPJ\/DUe1tu5CUmyeSC\/uohZ4icr53GhrRsRMOh182\/sdEVjJ8OsSdXtaWfXFesZ5vTF0hJ4+4p\/lK\/GRKiMSKfENoIyalP5SOu0aKcxmFHODNYl4xUiXmQdSzlf0OB7r7vNlre2gqxT2LgKIXL9mxtEGAvC6dMwblrx7aAnZ\/Ar0YEDX2sjIpSfvpbyC36ZUo9dnF+sdbgqWZxVxwsk6rNg2U311Tt+XXeGw796ohiQO2+3XBs+NO\/l2lx6vApnL3uY0FuGI7wNhmKVOzyxyq3B7V6PFA3awHAVkJ4JGqsQSAscg\/m2TJCQ8oCg+ln6WxA1J0YQfTPrazRVimvlWOIeX6xv6fFF9wOwATPh+9IoSlPVYpUeLZ9U4fWo7jahLaukWNdOc0yFwD+n8YA11FZ44EYcz6vLdYAyBijvHbx6E4RHMsuU3z2FnfXyWZcyDxO9UpefsBgGLIU+G1bbgmlTnqClr4uEeXS7iAlCt2uW6S7l0dSP+R1Eq6Jq4NRUeDaHKWJEIwulJFXeIs6x\/p+rQrMc2rZDch71dIJtK8tz2ZMgH9wxvf1nfi6agUwwq2oLQaWt2aak5zpWvG8RC6LgePPPNwR7c3zhC0ZmvBxT8333k3e044ZABu6I2CvqhaD8zndPZvdh15DsoKPtQTXpqM+e0a64IRUlAgX5iWcrZDDUG8WLTcGKD+v1GDjYLciVwB8DCvca3dMRUyHY68kZl9pItiLp9+BhqNpkvMyuE87dPd6xHJFG9fzNgxIO8vPDkN3aq8MSSh0dQ5GY5AD9zW+yL2c2DZwIRfSiies4njVt1b94DcdbdOqAMbuB9dB9dsFDaNTnCR\/aeOGuuBhq\/e3ay9nBjevJXs43TnXIg87JOpyBBMhcUEwC0NgNxqplaHHSUujzkFkF7uy+kunZ9ROPUHNG8W1p3U34qgyKiz1dKFeWTENnb9Yq\/5XwLCnPy6Pkw2APb0M3sXQxoDu31MHsgPXGd4y3pCjuiNGlVluzibQHNkA+5AVgPHYGiZEzgMqNo2XdLQRLJ7OPdVwqT6D4wj1gc6Nona7XvOK\/zcKK3nFQUAJ2eUX1sbI\/0Kw0Y8TuF4TfVpQEJ1NIWH+sPlD5FBivNEHBweSvNorw0vkmMdngedxbCK7UueiAuzo24B2K31hWIaOtfLZxWVVlH7FnbnV9P47C2fuc6rs0mGNY1w1X4MWY8t1dweAMn68RCQuvsFeGVzXKeMY3a91VXvfMZebDCnV7Sq7hQ4DxJHuW7YK49Xpsb5IHHtuvOBpaLTksrTU0nuC5CCByp\/RZECLZNLtp9xyn3TQEiIV\/Tvc\/VvL+2A7GmLdIn2LdDBmNJTk6IJRvJMORVRIFw91K8mQBI="}
00440{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":132705,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8KYcAAHYGldms2RXKwKgCEAG7ytjkokMBL2I0XaAS6yDzNwAAAgQFZAQCCAptKuid\/\/82ywEDAwg="}
01704{"flow_id":42,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":133578,"pkt_caplen":1003,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1003,"pkt_l4_len":969,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPdNmYAAHcGR5XY7yZ4wKgCEAG7gN4gvzYpCa700oAYAPAqOgAAAQEIClyVSJr\/\/zbL0aD9M93vMr5fqdmS4mkDG\/NqlO3EL3KnAGQCCLFmzcbGKdw6S6iiMnicj2Eow\/ZjeKi5GSwwotgon+b4xOHOfWzinjYD3GSW0w8Lm0J9xM+EV85yryWoRF\/h1cPLpb8yFXMhD9ZnjOg4vek06Vlgyk6UQLv7oDwBRwYG+hb0djvN5zJxuYbbtfWKrkvqhjgjeRs+quY3Ksc2Fn1H3kseet2PoTM1xskhMTIlIW80Br4ZvC2YTqSbpNl7L8TdWapih\/xtjGiF7EXM3ODjZMVTd27GpStn1rj539F14F1QPYbhBAXJ0Nbjikut+gRAWuHpinla\/84RNvuWfzlUz0X5rvpwB4MkT3MGbh9OSpVhtP+NlgPDbmDP1ZeeLv86NAiNPNlvwfcgtMdtkGZvvCvFxY6LQilPxHEkFwIdh3TB9IDSXRaoaVpZxRmsUO+3JeHfLLWbrPh8X4YepW\/HGvOKP6xRV23UpFSexWD7XchKYEWpssakxigOxS9Bh8v714Z+Mq\/zPg4vqNJSVXjwfD98u0\/enDhi2BHMuviV9XO7yceuYNE0J8JiRHJJbqwwBXR25LU4ZQXA2VvKuZFPfZG+wGBbcfyq\/9zuWc98NBsO6uhdL\/loisOIonOO+1SkLeF5apbAvDS9VwJGoBqqWiY3CESgkcm4uc4\/cTPg0aQjnpkTc3DjlSD+WcBKx3iYmerB\/tQxxDCNHO5KASnjJfwTiOLlz0txNi\/pGS52AdM6xanbcAcVv+OdTqgwodMBX8fhBJ7gUcxOc7YhmqM80LeVwynz219tfo5JEtur+QPJz9E5CgfBTdbgyWvuRaAxQBiv85c9+Ew\/MYc8XelxgCp\/67sXuGllJBHIhJZDq6GZjqE+z2e1NZXahepncvSEF4nfaSgeKpnT71A7XRM3N0kP8iyXd22+CDCydfXGaVwLTCZITtqcU2a23gWiJNTb1u4nh+36dFQlHPq3DHn2+VGR5RjYoT\/zEaVtH6HBzc1i6fnbXOYGsMNyDkrXLMUOdSXrktPZkJbbcuHWAE0BSov1gf8tCpsZ1hvibiQ5iDUmMKt\/OEmEDJZ6qQiIzxRlZ3P2IsrmiLXirlV7eCO2rrp4kSfQvd+Mw3aQm7cFOWrsWt5CFvcc2lsHSf2pHkQZ3RCBkJC6O3PsvvAt7yoNsFJ5lJa+EJX6sDLDxRRYUGHJZFYD\/itWK\/zGSX2izwH2ENR0Ex49B3NuyT5hTPbPT4rzu9t8xGnT3cS3rA=="}
@@ -320,15 +320,15 @@
00428{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AphAAEAGstDAqAIQrNkVysrYAbsvYjRd5KJDAoAQAVcLdwAAAQEICv\/\/NtNtKuid"}
00429{"flow_id":42,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135227,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0xA1AAEAGtJbAqAIQ2O8meIDeAbsJrvTSIL850oAQAXj7dgAAAQEICv\/\/NtNclUia"}
02352{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135248,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+4aEAAHcGmnjY7yZ4wKgCEAG7gNr8u4abuQzrtoAQAPCXWwAAAQEICokUgA7\/\/zbLFgMDAHoCAAB2AwMKr0VNlFk9hzoO6B0TUbLPFIcBa5zTSa8CWE84m3upOyCr3\/X3EqQMslzWKxfodTxbMmxBkYxsWxP2dnqi9pIeZRMBAAAuADMAJAAdACBOncCMF\/Ubli4Sd6cOqcYTMbk4TYGlE97BZnOiZEVtVgArAAIDBBQDAwABARcDAw4yrItIQaPRkSlxy6xdCUQOntopQbGn+0k1iB7I0SdVfNjJ785GPXlRsBy7MGhH4aMsLWF3\/TgqSoiygpHh8NMfwlD\/ax2aoC4TSk5+ZV99Ixkp75S1e3cV6ySUswf9mC0Rq+EQuQLTtMA0VqjBcuM2egRBKykD2E6zAGPOa3MkWS\/Wt\/ZLWkOt+ZTUj99CYLf81eVIKn40tnC0iXe8kzMItlyYbl1R1H58l3U+kCW4xLBokFbRt7vAxQ7JhG60lq72xyP7oJrv0VMznWqbdoBPLPslFKrsgKsvx+yEV6VWR3D5oUN3CfhfXRmYrIarsrSTBDCShIK7CgHX4CY4Ck1VLt\/xUmDR7htBea8QK8tLH4bqZRJypA7ftPZmcp+Ka+lGIXVfoI+lYsiL+FD7xrXpbheoAIh+ajDdH4kXMVtrctL4uGt325Fp2nyKWKMppJIEkGiNgS6qNUlSwDv+1RheWrVRz4ycg4ZDKJ2+FyLkV8OnHuiPDvhftL7yJHqqJ5zF8PbLAto7jCHnKnwLV\/RExMTHFZwUuQIZrD26T89q7onCltXqwTAR\/s5yPdiqhbyjE6nrLy6pILxYubTKfw1h+3RqnQh3bbPJ5Q2Qm4T5C17RIRojmmRhTBjl0q+aek+H0RtUIErqEGVTLhBSykaCdNmeSxdJIfc5+ow5vABT+iZhxVep3\/EiPwxMUEImxzr+wCATOk2iReVs76QzaG10uYC\/X0nzCLzBEOkqEyKxS3v6MIMgwxmjHSHq87ph0kuLf6WB3va6DAypQ45vHvUU+0BRGFPSriKx5BfDY9mixN+fj6anWwmAijYDWXgMoL61NRE7X\/mkmRmPiowWMaZAJjVjoSZ5pEr1yhS2+aDRl0wGK7PIsS+TJdksdU3LrVJc88Rl0lxRqVFdOMpk2QRbvzJaB4eww0L2Veyoi\/XZK\/sndOWsKxWJFYHM1oWcBl\/zZZPncosBDOZi0NqD6NOoo0v1fT\/\/60fYbPS\/JocVW3vtNCcjk4pexZqcZDs\/ddtCPZsgh1UlPkkzlA7cTq4fZlF\/WGEpJiA3gbDIlV0pnm89WaP5KSnBhJJnrZbDh5c4m2sL6t+YOQ4KFhpAbzq28ouPa4UTf5VM6zB8scMsdlreFBH1cjgEVB0WOsITzDb1q4MIfLAiyg6DUf69wYibTUW7y+bIerPA8XbfBRNM+yFv8YteWFMGKJu\/BbQlRddYc1EB\/GB83YsNEEZbwoNxy5GMHpVzDpCUKh7hWj02pJFOLhYL+lMq7+b+DwsTnSAkLSYYsFIwLLLFtm8v0P\/lFtNZOb5nSqKGWFUFZ5EHsd9B44jepv6IfEO3yb9VH+y0L1gRWsnovqVIzp+jy24PY5sbXaJ0RJvfHv6Z1DFLuIKQXZCLPgnytGouQ0v80uP00uZ1UG4h5kvU6Cci9DYDjGfGRIPySEjjoT4ws\/8zSUJJktRssPMBoPWaWE70+8w+vn37au6hJI0W0AdegB8gcWxn+oD7zlBQaJ9aNRurrRoQYYAq9x66xgb8JVwAh9sJ+5uHIueozDwzLagREKF2bWZL5xL4zxcArgS7gyF3rBDNa0JB0SZNzKNgpuaHGnZW\/9yPhHdlD3Au1bTS6B9mHkd1DJWTG6NlMl599wDCINnKAZHK\/25ZE4I8cK6IUOp2kx9L7IoPdacXuUukSko5nmMfRDEHob+C5rkqr72XOqs="}
-00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1582454871042,"flow_last_seen":1582454871135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02357{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135249,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+4aIAAHcGmnfY7yZ4wKgCEAG7gNr8u4wluQzrtoAQAPDRgAAAAQEICokUgA7\/\/zbLALlm2XpcYfM2DyFlVqPk7s0JB3WtTktzck8Ewa7zXiGjMzYBrp9\/N\/C2dhP5hyDgybBo6ueXj9le5zQ5xz1WVjLVp4U2urEU6tVqisaQwD563EQ903AtABU+dsq06EO8BRBxycTwCye55+aAqqoVyt\/7LzRhCurFDe9QFTcWhAm\/dGTrH1qA9TWjuqEhJgXakWOHwDs54MSE7Eh70Eqwk0mP4pK9j2FCxXIUPg2kGbN4sqstuD4EFvYcYCJrwCy47VLw72naM6+gD4T42lfjIIrU71rBBTvaRLjBPz93c5URebS7Un5mZaJsppcChdWk4KWsuYnMxhR6HxvsNjEj8iaLSHb3yiN06WIdLFRxyNYo8\/qJYuW+csM3WvMOKnnRtxWqemS6KxzCIANkuFC8TITGRaM2+QO1PUsNyDcxxiT6PuyOVlbv9I\/gojeHcmdDmgzIzSQ8C9u3PTyF9T49EU7zoZjLOPrn7CIwqL3Ki1CeTdBPHUPZN0VDOZW41FN3jk\/In0VgVa8goXbN6oZKluKMskPAWkKerSrXMQFHzXDN6DZhnL8yv4ufaAtrq1wnFvKaxOjcfsuWNu5+cYUkpMSupClQVji\/3B6qeGCww7THgAbR6wXoHM5Pru5FA9V40SEulL9nOC4JynMawx9TH\/7Bysn2G23GNv0aUHqtTVE6dueVMWzAjkyJXJvvmMUQKoG4m8vKnIZlST+B4hW3PCkKdDPtgl085enPSK2J\/uILf2JPCVUOAc6kowCDHAnUu+JBwzZZ9kujDnckSlNuFbu\/pYwu8R997Z3N8beaC8lrSj1H64ab6KfnGu5CXV4KS1DZBtlRoD3vAnB5E2wVoKy1rhbLjSSgdR779BRxOIbFL14GqdeVIg\/EcuQWs7oy8FOO6o3CimF1sv43Fof9EUlg05WQfTteUehcxVpdqSbTqlBoSUzc\/LecAYON3mwOtjHLH4cuJ1qI54lWwc8AVusmjFEyQHYME1AUmNNylg0+qJZIcXLlB2k9zWQAdU25JTv\/NdK1My+e0nvJxhqGD4cQ+8CreQx6M7G6oILm2rzHiZ2DHjO\/D4imcK2NsNuw0rssaBK3w36K3D2kg8eS9\/bnmZChRGxKeNNnZAz73Q8OqmnR\/cIC0abR+kkIkPS01Vi\/fSKrjT5rEcIC8DapG4mgeOm\/lDetfcraNeVxz290QxTrucRTQ7\/btIVH1Gll1wEC8BQbvA0I1uNXwk31dlhkC7G1rRCQAihkoRZf1b0uettdYqH+jO+gxzFN1B0WwsRZw3GuATUIAhDdTj4zNb7fKWyzcwaBQXhhZZ6XK\/vU61xwE6+iv4S7NQH5F0K+6U54pSLVURgE2fKRB0ML9j5ouJQYZsrbjn1B4elxHIcpQTqJHpVithfkxfBN+IuRVjSyoGbLuVI5ahmpDmkzv43rtmQVtT1BRvuZJMWhuRiS69bcXBO\/PPLymYgestkPsAsQX0BNqiSTubolwalXNHcC9WoeZR2gvVDe4HIU4AwLp74vpDA\/ElQLudMSmzwDqQkOxwYnvZuwZJDW3XkSMpZx8vb1vYT4cmg+XE1qOP5IXroGmkXfYf1gHgr8x61qiRC8qc50efg\/ONCGVJXzKJUDoL+9gvN1Nupn9QNmoFuc8Jns52txnFrC3IvRhuRTN0BIHAot8i\/3VbjHsddBw2ZfMyrO\/rIOewlf0qC8mocojJMbdmXa\/GWBXcsqk5L5eFYIecpJ2P6FSPoqX6i2adCKgNrm4Wmc9Voyq04Xxrct7NBlXqp+j0BPMqp1Efs\/xpViW9uHYyQhIOYElk1rPO+rSgxBXIOKR+5dJcrZi39YfZYAvATozgeptBTrg1x\/\/tjQu+wJaW7frU27FDC\/BR4GhdcOgUPm1Y4="}
01701{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":135250,"pkt_caplen":1002,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1002,"pkt_l4_len":968,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPc4aMAAHcGnFjY7yZ4wKgCEAG7gNr8u5GvuQzrtoAYAPCLOQAAAQEICokUgA7\/\/zbLWjyVBjvlXJ\/FuReGdke2EqW45bfZWi2TDOeztH7rL39rXHUf5vy+D7Bwv83cy6rLrJ4iplSfvTv4+mishpIMjmvfM5cChDiIIwReaim7vPx3GduyT78fMM0FedaSZ1NwUHOcS+KA2\/0w2SHCBTMo5YSEyayiDSkVhlI+O+leZx\/QxvFe2KzFOyaRAFb4QitWZw20IfOgCf3RBjTBTsUhXCC1ETxdjLEXE6VXKQMrPojkDPMgG5Un5BqMYt4RW5D01\/eGg7IfiEOT2a4\/Y3nHi6OtYTePLj1MGn7p2v1lhemQWBEReuYV\/1tebgC7mYeePoEyPpvnTV9ekWusAPlTm73tJgq29PQGeQl+l7MkJCKr5K6hvTfOPa3dZNXarjuZWsvLaXaDqU7f6FFwvjahncAVkctQCBcODmeCNfiE5tcjqKaYFAuxvxdZ2RlEc3prlEBMYkh9fMMRIfeNs1pbKT\/ehPr1r83w\/qSQyj1I7NF9evyb4SEUlAZZoF77GV4xuB6xokp1\/N7qW7zldWIQB5\/et6zogs+29vuJVOOy7Ih2PTmx9a4TXD14GqZ76ycqpuQKAK+O1hVOc\/RdqBHZh9FchRoqqbEDPp0yd\/cbK7kprMT47YyZRvVlUgteGjPLLH13irUz8XoeU0ip9GPeobKtlV16hmkOecicjraTfC6473WKEmG7aoEfrON3zrFWnH9GD\/mGIz7CDqk9EbLlNinV3e2kQGO+EBySWkIbxWZbIuXGBkYQIVae5RYLOG\/cYJroIfLQASbJ4v\/6lq6ONkkii6ZjFzgUmQV6\/3V4x3OITvZqsi2\/mMhu3ruerwkclyv2oUX3pJEA9VKblVFbenNg2\/EW6fQS3s6sAOkug7pWCC07Q5lT1KTaYeSLjuFKOSEfPL0GRtjYslB4gFJ2rvYVL7SgOiFJV9JksGQmpUEQtQuN+t2Sijfc1vJp+oFraEFkU4ao6ESH7+93u4sc+a9n6YvmXXuNqkuaW2cLjr4V6thqt7niWYdAAA4T0n6ptPo2PxLbChmGWHkaCrlSsA\/Ak5KkSOa6gzBI1Fi7m5plS5xQJSiW2SZGY9QKglFcHOvG8nqprNqSQVNVkoJ1M0z9xdWtEY1suVO8sbwN3Ih69VIN3Hv2SPntdHsYOEKVDYWz3H3j\/97fkWW2vMwUDbWj7HutDKIjmRzejOxaeYSOI4VlT7yWmTsHcGs9lpgc9xTn2f0yUmzeTvkpDnlN40B4ZtnrK3BQ"}
00429{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138374,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03w9AAEAGmZTAqAIQ2O8meIDaAbu5DOu2\/LuMJYAQAWLDCQAAAQEICv\/\/NtSJFIAO"}
00430{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03xBAAEAGmZPAqAIQ2O8meIDaAbu5DOu2\/LuRr4AQAW29dAAAAQEICv\/\/NtSJFIAO"}
01124{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138480,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5AplAAEAGsMrAqAIQrNkVysrYAbsvYjRd5KJDAoAYAVcUdQAAAQEICv\/\/NtRtKuidFgMBAgABAAH8AwMLzOxtO6hOmIYWfBvitg4r+7Wglg8GVNMAJsb\/jQkPqyB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKaqqAAEAAB0AII9uaDFaArcbql7rcKk4GhOXI2ordsjsf6j3VCsurBUOAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAhoaAAEAABUAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1582454871103,"flow_last_seen":1582454871138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00430{"flow_id":38,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":138589,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA03xFAAEAGmZLAqAIQ2O8meIDaAbu5DOu2\/LuVV4AQAXi5wQAAAQEICv\/\/NtSJFIAO"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454871152,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454871152,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":152402,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA82rlAAEAGneLAqAIQ2O8meIDkAbvMauxuAAAAAKAC\/\/8TjwAAAgQFtAQCCAr\/\/zbXAAAAAAEDAwg="}
00428{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":164798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03fEAAGcGteWtwk9ywKgCEABQj+ImKPRzbuhxUoAQAPhCcAAAAQEICsGE8Af\/\/zbS"}
01043{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":166063,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"TGr2n\/YnxiwDYGpkCABFAAH+3fIAAGcGtBqtwk9ywKgCEABQj+ImKPRzbuhxUoAYAPixuAAAAQEICsGE8Aj\/\/zbSSFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFZpYSwgWC1PcmlnaW5hbC1Db250ZW50LUxlbmd0aCwgQ2hyb21lLVByb3h5DQpDb250ZW50LUxlbmd0aDogMw0KRGF0ZTogU3VuLCAyMyBGZWIgMjAyMCAxMDo0Nzo1MSBHTVQNClByYWdtYTogbm8tY2FjaGUNCkV4cGlyZXM6IEZyaSwgMDEgSmFuIDE5OTAgMDA6MDA6MDAgR01UDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZSwgbm8tc3RvcmUsIG11c3QtcmV2YWxpZGF0ZQ0KTGFzdC1Nb2RpZmllZDogVGh1LCAyMSBBcHIgMjAxNiAwMzoxNzoyMiBHTVQNClgtQ29udGVudC1UeXBlLU9wdGlvbnM6IG5vc25pZmYNClNlcnZlcjogc2ZmZQ0KWC1YU1MtUHJvdGVjdGlvbjogMA0KDQpPSwo="}
@@ -337,26 +337,26 @@
00428{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":167064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0KaEAAHYGlces2RXKwKgCEAG7ytjkokMCL2I2YoAQAPAJtQAAAQEICm0q6MD\/\/zbU"}
00428{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":167424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rpAAEAGnenAqAIQ2O8meIDkAbvMauxvlTROSYAQAVeMkAAAAQEICv\/\/NtvIBAje"}
02365{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":175159,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+KaoAAHYGkDSs2RXKwKgCEAG7ytjkokMCL2I2YoAQAPB8+AAAAQEICm0q6Mj\/\/zbUFgMDAHoCAAB2AwOiQl3o+g7Fsx4mfI6kUhC4EbefXUTtlIWF\/8GgdhnuviB1NOTF0gGFb6IK4+2hAOm9SIxGs64I4ihATDO0kHBwJRMBAAAuADMAJAAdACD1dsfX4ol5BBkD4h5UKpi1tot14DNRO37PsJDMo4uyPwArAAIDBBQDAwABARcDAwtwB\/Iy9Hp1hwBFSdDO93J\/cAUXGLVlr3h3h84KBeMw9m9unc\/rCEexohSU5SBfAjxQlehWby\/An3V+IlE+RpO\/My6BWdaFGnhV433Xe3L786nudEIHoEYFAr\/6b5jkGFgT5Q3OoAwnCanCaOTDltHSwUKk0DN\/RZkuZJ5NjiwqpuU34HrGB949AWfEt1sqUicVNwZUzlSgY67wwodeB5wX6xtjvuOuYG4kNHq20L3BOm8phjSy95\/3gkpxvlxek6t1BWVgxKvV7+un4SRxjQm3eO8UK3ggvJqarZFD\/rBj2nuOf7x93lUQpbvfsSloTJEHRjmgQaRz75V+DDoBPvyk+9DYP\/HwnO0cYACBIAi90cjKofOGLh+3OxnAOMw\/0JU4Sg1i\/CPtR4h2o3XIvcpT\/2GRnUDp7vkKDcyKxFl\/cW3ugFX44F0OpUxui6v9rYD2h42GNimuFn3xUxdDOCPPuoBRakbKBt9zHSCPrbBJSpR0mBd9A9H4tIQ3AzyVR\/Z65uSORAcGpHzw26OGOcQTG4SZYZbGIUG+cvPJ4zQO3OjqcvuVMTDLK1x1a8ksc1cqD3qq4Yh49TkWoA\/4mxdgnx9Wj7mV38J2XNKCfLEbwQVXnJd5JupYrPtaGx23BlWfQlr7iAX5lX\/cHLwrOTUDC1r3r6yBUotGo+rQdrS61FGExud5R0DPjXYEGXhAcQt6fW\/EJ\/7Xt6MZ8ecoqaFJj47xCGEU0wVPqfLpjkMK5yPXVVjxpvGxiGuTs3198jT27nV4X0SLMNC\/yGKSNRsJ+QN4Tkhid8Hd0Bb2sy50XmNG0J77s4XzcvIgf48BOM2o\/cWRezBPx6IcRzuh412fBbuwWDo9GaFaU7NEN1+Eywgaf88zAhgAnVu12BMDzQPfUvT5jTG\/G4lHsub9PVRFfwiOfGZKExjponUkx7dTc4w23BdLSktlU4TDX+arks5wM4Uz1588LBAB\/+C+P\/xEfAU1DTnDS8fLdp86qeWYZ\/w4vLvt5u5AG1rLxPIiFvFkZNMijwWx5xSRESJQRGM\/nIwgovaNKYp9K9Mix7G1eS7P\/WgTdSulGrdSjYVYDRfjMUFAgdCZqDALqkwYxTWua6LW5++69jAHMEpGcaCyIrD\/JoA6WbOXfmZLFO4A\/Ci+1QyeRR8lmA2xOmkZQo98y4VoBX0D3FozheLIkZtNV+PUup0QzX9GPKP0Wt+h0Cmzgepx5jKcxURStiAZ6ltxzgILgBqbLlkoYwIo\/vexYhebS5peMeVJxRf3UGl5ZR1RE5aBseEXF+vt79swA0I7xKFB5+XiFk3cMbUXrc9gC\/ZO3bTe5y7r0s+jT0WELnbMPuXcoF3B9myZrMg72rtwDGpOGM9M8PEuGkKleqWUXStvyNfKLjyGvAs1VAJe9wfRRYW\/od1mm2\/Qx5vz6IORyyCdT6lGLli7kBuiPGa+PZQo1mTglrNp6\/VQQbBHnCjxffzIT5Ys0jb2v4aLdyQZ2RbSi5ooYdATYj7qUHEsTg5\/\/0y7zhqwPEWPvHagvw0Rer+ov5fkqAhOyAwdlxBlcwrv+QFit5bSeuyoU7G5Z4Dhpy\/kLbZQ8zzkY+vatD47\/TJTY+bHZnm7sZ2bPGaq8P30r2n0S7lr6VYlesAkFFBT8XS8hHHSH9RWK1Wn7DwW9vu5cxshVK091zJwuZY+BlW2SbU4vb3V9rEZIhKk8Lo="}
-00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":250,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1582454871103,"flow_last_seen":1582454871175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02348{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":176197,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+KasAAHYGkDOs2RXKwKgCEAG7ytjkokiML2I2YoAQAPAzUgAAAQEICm0q6Mj\/\/zbUKFp+bAY8R9u5KWQmwdC6MEBlLs5ujHycNry\/vfkvFr+3Az3xh\/o24LUXMiWqjUi74z0sXe+GKxsMWJfI3a1f0lo5gOHMXElqLKSO60H5YQX4NRrA5Ql4Y05Es0CWXhNrDPKYTQxJ3UrviGrcYBPR+hA\/OQiV++3P7Le0VeY9t8Dy0UGM3kRWqim8ELx4XecUAmN98B5BlYSY5Aug7t7Xr+WZtdswiidHztVCN8KfeYtosb2xFfQKtfV+iJ61Gv0SualbiOcyf\/WsfBU6EFzvblGAnWPhcUMWW3eHJrVAbmsC4R0owZiigiqcw2TzczwJ3roT+3cuv1K9Whoy7sfkESQQwT3poVh5Mt\/sjwzxmJj2wp5k1C3oiyKRfAoWnFJXRo7jt\/KhQIqzJYJ7zmeHU7+mJVpYKsQixRxM2j+bYgdI0788w2lY36VQvCfxGc9GHDqDH7ML6ZhTURaW7Zuxi9+VU4tih29rydTSkBnZijZe0csiPeOPO7GH80jlx9Injb7wrX7GBh05KM2VcQ18\/IDyWho1Mk8kAcKuCbSEyrxI6szFiq5R4k1hOCHoNjuxiUZW5Z0XP9wTguwvkKLKbszQKaBjabkfG4kgGZP1ZHj3JFu62nZHji1lFJNse8gafiVnrAsAGbov1\/hLlVMsVSn\/5G4CMcXEo5\/I5MFB4OVFspPe1c1J919JP9aQ25YzCH7AHXuYtt5SAri9BpdoqKKaT8T3X52zjGImec60zUjJyrt6Aa3uIak1MUf85TgHochEManIz\/DH82mXcWs0yaeGyTfruxfzl7zCum4J2y+Thv7+Kg12rxECr8P3mEpxwzyoV494zPGc5ESJpQDqSoViPQQXwo70YQUz+RiF3HpuE0K1reRQ08b+Sb+dPoleWTS9iG6fPGj9plAHBRX5HR2qXhZa0rfJXf4v8cJYr3ihicnylVspXiWmCueFt8O\/E+fv7lONnYUPOygQIBHdZRDuDbzH0ONbM2fmiAVicp6qrFfq0w1hWQGOhJEukRMFMCE11ttNaJjHNkuxATI4jtPzzS8J8ClR9cnqdYBikH8tjqd77Nu6t5r79WvZqGwIXwlYS3WERMVN\/GSOW4uyvj9dZ5k6YunYbO0BDfO5bXSKDQRnmuU+XFpzmnJZx5QJ45HHxGjJHGCLoUlkaImapTIJQE1NtF48R03TrD\/lcUphA\/u+SuViZr\/UBtNVH2xatvWqwFbTflH+XI474nPPKZzaTzvN1MZhFq8rJGwxHuptp1Q18Lcao6gQG+r39ZgxwvoE77qjkCG3rqbpsScaDUQ0dFAbLxi6SoVyYTrVVmSMvCZG9Fnq1nN7BupThxkMOdRcx0ycKjaL\/WsAxXEDk6HqptGJMufiKyQgDIYSwAVFnKECRRHxm82eMTMw3naoR9TWZOBjUoTMCvEid4MFCgO0L8r4CTcTHNQguhSm86fFOAxZGjTzVjQsv4vwlArPEbd\/YdKv2bPiyzz0iaY0N6hn9HvBqAWtf2MaH1iHPXqx9UJ2g9wW15aovD2QnPdPlHfGL3UV+hpAyN9v+ivGocqSQ2f7Jhykqs3riaS9uCgTXje5jOzU6Km1otCKVJF2y9DdMdKr4QSCVU+p7J8VdT59InZhs8aaGBNc3fqmLxlZw5pUBO+z6NHBo6G5UipFtYFVQcd2qefBOll86nunEE\/QnTBtxjJl7BOMIn9fNw\/1JIxjji5y\/b9S1INT581mdXmtH+mKzFL+W8GOGQ0ifZdyPfP+ZxRk3zR4canKdNkhkAxtlTcQ+JvYOsBKZdXoSth4qu6gD2M9NPs0eqL3VVldYcZSglCvpKHoVBDziTVVsVGCMlwSbU1iPMXV113R40thbPuaWvd2pnYamvPCLm5\/YwJyf3BzUrc="}
00744{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":176201,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEaKawAAHYGlNas2RXKwKgCEAG7ytjkok4WL2I2YoAYAPAHAAAAAQEICm0q6Mj\/\/zbUAlLuQZ7tC2E0I\/+a4yeVVUagZEEPssldkCoLqeJxckTw2TIPmak2VCzniPgQ7M4ovahjuMhAR7qP17BFuihlHGBi1Toiq7\/LsT1UbCaVj9KeWxU3qn5LqVESaWFILTwW4xepPErEhadU4P45jllOiVB7NTdj3qlwiIbh7f8RE8Y\/M17Nek1+tX909HFoLKuLYyNaKg70hb63ilQhvHFXdN5WdJQRR5iXkQxlo57FlsXrcD4fIlE9mL9um2nslYAlzcN39R+reeRMU\/alga+cZCm9X3GP0zzVr\/hbXlJDklrfXJPCxUo="}
00428{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":177863,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AppAAEAGss7AqAIQrNkVysrYAbsvYjZi5KJIjIAQAWIDqAAAAQEICv\/\/Nt1tKujI"}
00429{"flow_id":44,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":178611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0AptAAEAGss3AqAIQrNkVysrYAbsvYjZi5KJOFoAQAW3+EQAAAQEICv\/\/Nt5tKujI"}
00430{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":178669,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0ApxAAEAGsszAqAIQrNkVysrYAbsvYjZi5KJO\/IAQAW39KwAAAQEICv\/\/Nt5tKujI"}
00673{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":200149,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"xiwDYGpkTGr2n\/YnCABFAADo2rtAAEAGnTTAqAIQ2O8meIDkAbvMauxvlTROSYAYAVcGiwAAAQEICv\/\/NuPIBAjeFgMBAK8BAACrAwNFVUmkRCYrsTAD0Sv7c78jm6\/45rXgRFs9zPd5tSprMAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABmAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIB"}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":32,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1582454871152,"flow_last_seen":1582454871200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
01128{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":207179,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5\/AlAAEAGepXAqAIQ2O8meIDcAbs4lMrGVf45RYAYAVcaagAAAQEICv\/\/NuUm516WFgMBAgABAAH8AwM37xcvxqGOp1ZnThmurrs0HSWrnpg6Spe\/m2OgtSLfXSCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAfAB0AABphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAzACYAJAAdACAOqSgSSv06T6U6O4sZxiexLl9ocxA7uiPWoPZ34phLJgAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454871069,"flow_last_seen":1582454871207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00428{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":213549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA02kYAAHUGqV3Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPCMDAAAAQEICsgECQ3\/\/zbj"}
00430{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":221044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0bqkAAHYGE\/vY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDfhQAAAQEICibnXyD\/\/zbl"}
02338{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":230117,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+2kwAAHUGo83Y7yZ4wKgCEAG7gOSVNE5JzGrtI4AQAPB1aQAAAQEICsgECR3\/\/zbjFgMDAE4CAABKAwNeUlhXw\/3wc2vhUSZkKb51rJR+NfM\/M6hET1dOR1JEAQDAKwAAIgAXAAD\/AQABAAALAAIBAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMJIAsACRwACRkABMUwggTBMIIDqaADAgECAhEA73cYYUt8fA4IAAAAAC5xmDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDIxMjExNDc0MVoXDTIwMDUwNjExNDc0MVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELPMslgUlvxZOlDFYvRPJIO98RYKQx7uXzUIWylPrSSeXXdggs11MzbaxTA\/JzKiAqMFJpBn0DGKEJ4YQCImRt6OCAlUwggJRMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT1PLe33SjtRb34dzqS\/+P3nXUEHDAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBkBggrBgEFBQcBAQRYMFYwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMTArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nL2dzcjIvR1RTMU8xLmNydDAZBgNVHREEEjAQgg53d3cuZ29vZ2xlLmNvbTAhBgNVHSAEGjAYMAgGBmeBDAECAjAMBgorBgEEAdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTMU8xLmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABcDlw2rAAAAQDAEcwRQIhAKiMq3M57yXUlgoeYqdu3Wm6pPgATel4xUBWT9Z5YanVAiAG9Exs2TAXqLz4lW\/cJ9Mcq8V3x7TT4Zg9tcllvV2soQB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABcDlw2ssAAAQDAEgwRgIhAJBI42mkQs84OHrmgVPlkAaxJDPgWyM01l52BLtarMudAiEAwCu7RBS6gTdFaeB+EjpbufWTGQSZ3S9JlN7r5CX4lW4wDQYJKoZIhvcNAQELBQADggEBAINTwJW6way1WTWUCau2DcPJiE1XVScrIuTdGscq6bBjPmYLbltYagtUq++nDEE3fMDfb3\/0lmrSaefS+Y8zGNMO+H2xVDuDjOfCFr8ol\/MvwBkpR2V0P076EM62Ue2pWohNk8IAj8A29sd1mIwR48Hx4D6hOLDa5wKGouWyinkyKjxySDtpcbj9B8IAgNu+Sh98rjiuzhQSmxqoZ71CowmNO47tkJmsV3WbeB6rYBEo8eA+g8zpRsN2qA5M1Cj0LQXlmU6Q6BX+qyG+lM7hjMTtMHZTnvV5gSo1cfjyzJXHxdKTc\/sWMzsUhnYjNslISKlkmbwOw\/XR8VelOgif7MoABE4wggRKMIIDMqADAgECAg0B47SaoY2KqYElaVC4MA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMwEQYDVQQKEwpHbG9iYWw="}
-00785{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_tot_l4_data_len":1806,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
01965{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":230120,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1202,"pkt_l4_len":1168,"pkt":"TGr2n\/YnxiwDYGpkCABFAASk2k0AAHUGpObY7yZ4wKgCEAG7gOSVNFPTzGrtI4AYAPAW3AAAAQEICsgECR3\/\/zbjU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKgjEv\/SJH\/UL+dEaltN11BmsK+eQmMF++AcxGNhr59qM\/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmKFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7XrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd\/cGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7HTgiZ\/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoNFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ\/XteDSGU9YzJqPjY8q3MDxrzmqepBCf5o8mw\/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wWIRdAvKLWZu\/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZUSpxu6x6td0V7SvJCCosirSmIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwB0DAAAcAMAHSDeeqx9\/JOnXxCC5pZb8ZnoTJtcJSCnrdu9k9netQrvdQQDAEgwRgIhAK+r86lTqB4MRqt+Pyfm6s11BmhMnbnSgVOyTE1BuE17AiEAxIkQIYXvt3sIPutT+8bV7nV6iGZkX87vaDgjg4Y1AhsWAwMABA4AAAA="}
-01034{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_tot_l4_data_len":2974,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
+01045{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":7,"flow_first_seen":1582454871152,"flow_last_seen":1582454871230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","server_names":"www.google.com","ja3":"6ec2896feff5746955f700c0023f5804","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=www.google.com","alpn":"http\/1.1","fingerprint":"32:07:6C:9F:96:7D:CE:82:15:C6:C5:7B:49:90:53:A1:CF:80:4F:B0"}}
00428{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":234667,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02rxAAEAGnefAqAIQ2O8meIDkAbvMau0jlTRT04AQAWKF9wAAAQEICv\/\/NuzIBAkd"}
00428{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":234949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA02r1AAEAGnebAqAIQ2O8meIDkAbvMau0jlTRYQ4AQAW2BfAAAAQEICv\/\/NuzIBAkd"}
02349{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237524,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+brkAAHYGDmHY7yZ4wKgCEAG7gNxV\/jlFOJTMy4AQAPDiegAAAQEICibnXzD\/\/zblFgMDAHoCAAB2AwP9hhPvnJHsHwgbuB\/a12nYXFCLjZb+es2RITJfoZRhNiCC4Pfhq3JTS\/EIU4w5K41jaeqfs8B1xjYOKn01wppgBxMBAAAuADMAJAAdACDI9NmE7LsMgMdDQ\/xYQXylhs4qqJbymZX5d58CzKA9RgArAAIDBBQDAwABARcDAw4yhwbtAtoR\/a4xBK+O1BWDVt+21PZyVxWMqfhWUllj+XC42iKmRYz6Ew1Cdj04IUlKaq7oU9gQBkinQ2J87TkYzp3hMr+DojF19eU6ntn1BC5fVs3Y5xOH24Rjivc03t2pBaQM0Hb0XqLA2nn6obpTdDBqE+AyZ6lsSnOHlQJ1XjlZ3Pbs9FLpwfcmvmmG\/Id2P+LfRFob+\/3tm8mv9Uq0FvRTWH5Kuh+Xn\/+0EguwtZnd31JYmlTNT4uqMSWQfa6iCDtOBB4vYY33\/8WeBY2Ly8aceD97fKeLXxt8sm\/2EFlSRxTZAs1tOnKHXlFKTHMRv1itUCR99Xr0779cB35os1cBxRTLTpB9vjphPAX3nEyXI2mmKTZ5aYzKUnGIw2N6h2L4g8YRNtPCisTUzaf+uPn9oy9bYnlAeWuGzzr0tx18zNZbokF3rwBQi6XRsDigR6rZeLCH5rPR8eK0nYnTFFXbqJ7\/wW97+LBp+L76D5wUriJyJ3SS+nfVyJVMK19mZYV32qrxtA6hoWzZEqSq\/i4s2fub5YVkgyh8SeL9QW6RVLWsz6bcxcn+e6vYf0DofJgLy69GzdCurDH+ZRStWz+ndem34bIWVbYkx5XxvitFkLd9+85iIor\/q0ZtrSwmyqMpXA5P6gCQv02WmWopprUIPCEMScqpGAvQLjIlyAlezFgo2sIP6H5rtNzN7Smb1KbcPsiyNx2NsvHsRODx73Y6Osbeo0SKygmsh6kT9UiIFmiAUP9orghjMv4k3bLYltUyU1SCEAO1PX2NbNkaDRzCu5CHym8PfgUQfUAISpR88ZjUnFakkpvK0bM5l2Q5D2ZkMFg\/oWOV7ZJw5eGPAm1bfV72Ad6coTcz7VtCnga3gOufjTnCtNkpmkg5UUqPc6THPttlbYYkmtDnRWA86I\/Oq8ECtno5VNXj8J2ABVusp0oRAAvhKrnvdicUzHbsqhH8R4bwa+O90uoysJxEMoTUglCn5+S7pyQ0E6KUV0odKTmY\/yad5iKLruMqCCNn0kgFDmWDm6FRx\/JvsHj2sudKoOH9\/A2arSwSH4CKWHzVJhx8WGKfN2Ryjl8l+QUEXZa02weDaMchrls21CCnCYy7HSvd6oSJX6+1mCShaEgxLp3R8QV3L5HIaJW\/5SGkhn+SJCW71ZbBgpmZ0TBzoQW2c5Iwn3sCa0FL0FZnNp8lEc8pGkQdyl7qCJbBvyh79oue\/7IQj5M8FP4xalqQgpLehisDlE+dWlAjYtVcn2EmOVPBzLDFKVtgFxI2AEAz0mxg1P5tNIAlfauGUnxcPoh0P5hWs3wERy8iLMHgjiHIM54rIJI2XbY3r1VM2Hu75nCkVi3PUyIJtvhmjnRl41F1qrwfuZXDnhnIodUiOTY6ZcEw5OSMH\/x9uZ6Pz1HlJoebmmaDZmCC4GgjyS7hnaMbG1n2bsxKXdC+TKGZo9wc7\/NfTLYjMwAc3bS2V+yjpMW2Ur6z6MrGiT3heyj4ZlMaB7Lr6jVjkQSMZJLW0OlQi5EpmQFIPqb9MeInydeKvdUdpswe7zfVzkcDaSl5Vbi3j9PYijQ+3OHprcNAZmJLNiwSAbLaXJBkjsxcud3mUUBQT9LzhRtEIV0b\/OsUBIrccjzWJUGosM5fbRjY2nQxYg10UGkKzfpb3m8Rv1K8Cc02WawPivFiB1FdnpCrNg0cZEy66Tp9gulwcGa58qs="}
-00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":264,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454871069,"flow_last_seen":1582454871237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.PlayStore","breed":"Safe","category":"SoftwareUpdate"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.clients.google.com","ja3":"9c815150ea821166faecf80757d8826a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02358{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237552,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+broAAHYGDmDY7yZ4wKgCEAG7gNxV\/j7POJTMy4AQAPB1RAAAAQEICibnXzD\/\/zbl8kB0BU\/LoX9fP25axRi6mg+jrwjfAAdasFgcXjDqwFVU6VaTsul2cnbxO5J0BWqduNiWF+j9+9iksv2bjEvLQ6yzljqQdm3jGQ1SDSX7\/pVyt5tuz3NriQ3W6bekKGbTIZMSYTsb1XEZYrH6zvaRdlj5gFn4cIS7cibqVfQn9vQ1\/QdvzdVMEPQeNlyJ69YvLM\/e6yF1yKSyUJyEBsy41kvDL9mYCqm4SzrNP29Sx58fWJHNxdY3po7NaURYW8jnDoLXyzojO5c6Ng0uDC\/60Eql8TR42dVqT+CwpWu70Y3JD8s+o6KH7zPddPyrxSzRUoqiuRkE7bSE97RRz1+C3fxR7ooMYJ4sf0Lq0mR3XFAkZqAHSFUxx06S4q5iBRaq+MSiaJR9yJaPtODtMCp0v+ncelXeEuZyKaFBW2wXbNnX1oJmdN3dcyskJZXgq6tohkMC9BLM9eI1N8IUav7SIgh4FtZBoYJq25wiGjzjc7GzEUqs4N2JPWdKfdD9y8Lcv+NSYOtZY0bN3A0eNy4WnLDm7Spbc\/xi69F2X9s7EKcd3OyLM\/Q0Zl2Ol5qvjVDNu3LPsvDriS0h5Hnnvm+JYQeaZn5SPDpdYkGIhI9R\/VkSp2WrTqqlMC4NbXXxiK9X+z4GGXa78QmMRgex1xcCLDGB2zRvdeHu+Rwt8pdfEVdtCfOn4sXtRCNk+8fu8fg7GikzNSpc3w7KoqLdhfymIFg1hXZAhp8jD2PHPDpfFjt67kxKAEOHFprggf5L7jojuhTlxMgonaRPEKwnWJ2p2+wDmyvLzHB1GwHTv6VBWdsJqDnYLKPw9K7F+q1\/l2MQe6smPKOMPN3tRhWelrPHc2u\/6X\/ZOCzD\/TP1EX+hjPKaQz8+ayjsqCarYlbE2SbLEO3BsnWPpL7ZwBtrt41EFmrrvsYQ+x6P+ZaGkC0AUIF0h4HJJeu0ZEye6RSjn4m0ECmrjKfbi2yn8Ci+HDQFRdew\/Gr8uvOhWTqiKBkC7viSxMf0pjcXrJcmIWAfvKEGEimAdd4ZRwk0oE\/hC0TOrhdbwMPI7We\/c96IKsu7IhmvwjLU5w9exrihf7D+cgPpYgaxU3IcWJ\/IDKh5kMgiF5prSZPoC1KwpIoonSBqAsWeWrxIqwmjAqVT1ly1nrlSPZESYlcCqOLu1ErspULpxnjW2X3UxcBYcuIEOUqNEdvePKDDHQzzFdeDaI2z319DUR9jSDNK7BYwjCJIRxC5VvtP9OG2gV99uPNS6mCRUinynLHcz4hbafoU\/8DVgx\/QAEMSsTQoEYLZ1AV+1XCj9\/YewzH8ZJ7bJLsr1F8vxn2S3DdMyeSgxpA\/dYf2Qg4yHOTnhQ2+PE\/3oQVDD5hiQ8utO6X80v8MyHyoa+Kj81JDoH1CDyFp6iEN8kdCHfnBJtLfd+FYm52oJ8tks0C2JS5QB6qhh6PZElobgOutpvt9\/XUEKdjVnKniKiodRHqi7IJWliT4mMxAtgWznIIVuOzh9576xUmD9xvSyIewQ80V3xbGLKbR0gzVqRADKPpWvV4mA+i7vzQfM8xf5BMhlDBtKghWenh6kePLk8YQp1PBgU+Geafh+ibgiexxOWUocGyie2bHdCm4Sd\/Sd4Zbj\/\/71IiuJhG1r05bIBj8UY3KLzOlGJQnys9UvUqZs1S\/lR4cJ1Uf8duJ\/Fds6X3vr1Wtk7wxcj4I\/bRAmAbK5gage6cci5bla6T02NoyXVYGfTMrehYWh5tznIXiY5QZMVye9xkY36qPYMccHG2Iu8b268aQHUjlTFqjJ6YQuD6m41O0\/w2ONbwRAh0a0TZbjVFDX4OD1Yi3FOmctBmhA2iTCi3gt5Wkla1Smvb295ZJlocnhekhhhHZ\/GT4jV57FRRRGiSPtfx\/eeQ="}
01701{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":237652,"pkt_caplen":1002,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1002,"pkt_l4_len":968,"pkt":"TGr2n\/YnxiwDYGpkCABFAAPcbrsAAHYGEEHY7yZ4wKgCEAG7gNxV\/kRZOJTMy4AYAPCVYgAAAQEICibnXzD\/\/zblchfFAXewEzSV9HqufTsjhhEhtQ2RH1RAurqQ1J9cck46jI5nBzwm0C3F567qNX2QEjSFfQyRqAt6N3JdzKQFggApY6Yn9t2auMT7iqa78WxWCAWhSSUOPv5pY6cUlwhNs2Zg3cUKaDOyHidEplqt1h1nBn7aPLNPWOpL87Y4PPwpW\/+he3l3P87csp6LH4WtTQpqwWFJuaMjuajdhprFFpgXBJfL4EUjDqf\/oM0FwpO+rCfCSaUEWdHckF3qnHDCkb3ognd8X3L27+Pb8EW5mfeVEyquSCGX8DnXdumAHikx4qeuP2lhPRWfUqyKTWxkXkM\/a1sgqp+fBumTxzV7E3Gqg4QI2AVrE8iAPmORHrWkdpEmBzn3VtyeYWKpB\/gNbp6TPcxg18YxEuzFCuiqcI\/4FSQm1gNzNS+J9Z8J12c2QDszTktXlKt7TEMUYX1i0v2sBJhoqn6sE2kdWqTSpn5t55GsAxbS+\/lkpRqQtwCTKfR\/XZQx0cYrQ8fWxuAYg+G0\/aB91K0OVRvYEWmz\/t9JSAoFIySHAC0pTEWMD1y48mxiGne4HMup200flUz8jq2+Xa+bKaNeFzQ\/qqKid\/qU72O+7ZyKuUVIrFh21AWZCcO0fT7WgD1hkyMHndbHh\/U3SEh7bjgpnNsuIz12cDXa5IevNulHdT9lA1V\/oePl6ERSZ65+5xVaAI+s+k8sdMkqY+jfOg\/VVhazC+N365uyi1UdlYPhHmxa3xGIMrsAg7N5PI7HK8rLesN51vHtGsjJYNdFnaWbpJpHhD7CdLTB\/PaySnw3k6JdNaqXmEWOLI0442KxuGKsjoVUNE7EKSYdNC5kXc39zM7g4BtnVyRw6ZGT+nR4BHBmZ0YGl3IhPZ05vbMP9y64O8auGfXFPRKxj\/LJg4m5\/gXEdERjxJTnDsCxJET7oCBaUUPkylnt8VoHxhmEyND516YxH72ZLQi3LXCXIACdhs38rcGdMiHDxLTxiaeK0cMcOAAxE3U5AWEyutGmC1EXL4sKEY8+i96Dy3j76GHc6lhgazVoWttA819etuegE\/QURS54qtmIF8hFO7MT6TtQ7E+2qHHzeAXOSaF4EcYk1XGCb7i4VPRrJ2Xz+TIi\/JJuR1KT+AzE+5yu7C669IAKSkidYBRqn2XVeUGVRQoMLjpoIiypD88G8gMxWDAi5ZGtNfvzNDGUOsXtoVjiZ2Jfhhd8ssAS32Un36JTuN9XrK4bwS6TDuEMCTefBcYT"}
00429{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":240784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0\/ApAAEAGfJnAqAIQ2O8meIDcAbs4lMzLVf4+z4AQAWLZcQAAAQEICv\/\/Nu0m518w"}
@@ -366,16 +366,16 @@
00828{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":272515,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdRuVAAEAGMsnAqAIQrcJPco\/iAFBu6HFSJij2PYAYAVupDgAAAQEICv\/\/NvXBhPAIR0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
00520{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":276284,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB03xJAAEAGmVHAqAIQ2O8meIDaAbu5DOu2\/LuVV4AYAXg1rQAAAQEICv\/\/NvaJFIAOFAMDAAEBFwMDADXVRmSdtYV84rUYgscB7KZOxlHItd3y5xaAQ8+97H62qRsrr9NPFJFj45mvi9FpX6MWKxOldg=="}
00429{"flow_id":42,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":279443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0NsIAAHcGSuLY7yZ4wKgCEAG7gN4gvznSCa71EoAQAPD7CgAAAQEIClyVSS7\/\/zbz"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":292222,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq9RAAEARCXbAqAIQwKgCAbUXADUALUF1Da4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454871292,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00429{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":293161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04csAAHcGn9jY7yZ4wKgCEAG7gNr8u5VXuQzr9oAQAPC5SQAAAQEICokUgKz\/\/zb2"}
00466{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":294121,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRfN0AAEAReF3AqAIBwKgCEAA1tRcAPWwTDa6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":276,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
01043{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":307313,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"TGr2n\/YnxiwDYGpkCABFAAH+3nIAAGcGs5qtwk9ywKgCEABQj+ImKPY9buhye4AYAP2uDwAAAQEICsGE8Jb\/\/zb1SFRUUC8xLjEgMjAwIE9LDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFZpYSwgWC1PcmlnaW5hbC1Db250ZW50LUxlbmd0aCwgQ2hyb21lLVByb3h5DQpDb250ZW50LUxlbmd0aDogMw0KRGF0ZTogU3VuLCAyMyBGZWIgMjAyMCAxMDo0Nzo1MSBHTVQNClByYWdtYTogbm8tY2FjaGUNCkV4cGlyZXM6IEZyaSwgMDEgSmFuIDE5OTAgMDA6MDA6MDAgR01UDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZSwgbm8tc3RvcmUsIG11c3QtcmV2YWxpZGF0ZQ0KTGFzdC1Nb2RpZmllZDogVGh1LCAyMSBBcHIgMjAxNiAwMzoxNzoyMiBHTVQNClgtQ29udGVudC1UeXBlLU9wdGlvbnM6IG5vc25pZmYNClNlcnZlcjogc2ZmZQ0KWC1YU1MtUHJvdGVjdGlvbjogMA0KDQpPSwo="}
00431{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":308565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuZAAEAGM\/HAqAIQrcJPco\/iAFBu6HJ7Jij4B4AQAV88kQAAAQEICv\/\/Nv7BhPCW"}
00520{"flow_id":44,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":310761,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0Ap1AAEAGsovAqAIQrNkVysrYAbsvYjZi5KJO\/IAYAW3dLQAAAQEICv\/\/Nv9tKujIFAMDAAEBFwMDADVv854oia57qsZKL2XJMUFtHTxjeo6vjfgJRQUfy2PLm1T1JGRC5KM+KNF15Iy3q9pdxkWnXQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454871321,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454871321,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":321492,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8nfFAAEAG2qrAqAIQ2O8meIDmAbsuQarwAAAAAKAC\/\/\/zCgAAAgQFtAQCCAr\/\/zcBAAAAAAEDAwg="}
00554{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":333060,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKAp5AAEAGsnTAqAIQrNkVysrYAbsvYjai5KJO\/IAYAW34zAAAAQEICv\/\/NwRtKujIFwMDAFFJnZKaM9gQsevdeBdx89hdv7S7NW06cDUNblX2QxT8+Fz\/6srYXvn2lo26tjuuh\/o0\/uD1mTA\/amaUtg4XOC\/5vu97X0e0xIppBPzz3RfhtOA="}
00863{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":334512,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFwAp9AAEAGsY3AqAIQrNkVysrYAbsvYjb45KJO\/IAYAW0xrgAAAQEICv\/\/NwVtKujIFwMDATc82jPEDruuII+fpFTJEuZupdHBO9TshMIb2eLglBMe2a+soTgBbQLVgOkrQ17rR345soZYwnq8o8cZSRK1bN3xFJKjJrXXhw9JAuJZoGSOZaZbvxAGG8fMErxQHvFRArKk3YkHUTDw+KlHZoKuCjNcnW2TmKDRia\/A1H5GGhOBYkwqWL4tFoeZ1S1JIhpfFAzz7zqFGLrPetqe0xd+uSahDyOuBc+ffHsmD4xbTOUD3CCKEjEX\/SA\/7EqOrv\/0AdoL36p\/tt2RL5LmFIPx0523VRt7+DTe80TiqcCeOSt76JQSw3WwGoq3ddCcvQN3FJ+72iZ\/E5OKMst7yguhgo5GQrAWACWPPvqFC2YWnHzHK0DVMENxpnqc0nWY01vA37IUMiWEeYL6fWr1QZXZvgb4qr69gSxrjQ=="}
@@ -384,16 +384,16 @@
01727{"flow_id":42,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":335225,"pkt_caplen":1023,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1023,"pkt_l4_len":989,"pkt":"xiwDYGpkTGr2n\/YnCABFAAPxxA9AAEAGsNfAqAIQ2O8meIDeAbsJrvUSIL850oAYAXhFBAAAAQEICv\/\/NwRclUkuFwMDA7jcXSbmK+7whAoBJqkuLSQdNF0dOQ\/xEt0K9KXgAXlO+nMKeWY5RqBoBswD8QbQh2+LKGTlcqALheQbXFUcEUInngBab18DPttwjj1qeCr6lVeuLlqseDaZT0Rc+03FvOApJanR3Hj5qA+CM\/IoKYXulhMt5DY\/un1XHbqFpImaPS4ZDCaCZkuJkQwsjXsQQ\/V\/nZwvEZKLehvJu27L7YvhbDykKRfX64Vx\/qOrnTwb+qjsbXDYULlyac+zQbfpNQ1xLZcC8fMjI3OJhxzWaYDFXCUX\/075XnmS9JjIzH6Z6SeAblZXJDAJVAh5awPDg3Yr1s0AAjW+TN9UfD\/6HBH09hRYurHfUiMWUDT3xVFARnFYvwVH8cantQnttRhDL5TeyrChB9mmGttaWubpUtkiAwXl2fYvxp4QKAvqgrsYE1WWjjdMCgqtVb+w64RJ+knv49dC67n\/Ug+Z6badQ+6kg4VCHcoBzYjRkfsK2agi1j3dFSsxON5Pw+31iXniKDheOKFavHCnolai+8EUcSMD4H\/px4dfuv9IlS2g3InYdce4c77enIGF24ahns\/wU2S5BLGXp5tS24Uk0N6dp3CwkXrZkeIA8YBRSRVBRQNSkF4BL0UpxVHjP6vGPrd1LzG\/UYHC+PHjYiP8ZfWrslklydVMtjZiRUWZz2GKLJSnFzDqRK5lrpf8Qul\/AS+XdxIiiGyTc8\/8QFB8sHrh4BgS4h8xZjKWQ8ezMIvQTdGYCm9iI4N3Ay0irF3ICU+zIqVM1Zmv5JYVNZiT6EUrtEljAUJD7HzDkpC4r3KwvOvG69IQOOGLbvP3VYEwwPQpqw9eIImnrmQqZEd9+F5KD6IavEikqo9h0HhxXXZhJgzwMeOaQC6x1rgGhl\/zVi8gOVD1v\/N4EzhOiMwWtcqxtknM1LlzrGsC+7DONroynyymIvw8mR42pvXVl2l0HGeUCyAC55EgYbgJPKLo5Sz2ek6SBjDqwdYJNTiPZp5aZ7OxDRXfAqygjYL17huYnpYQ27CpCutbZaO59ubIHWFeNzpmEahhSFmZtnN27ekaYY4RHU9JLZ0FtQHnU9+SEZC68J8pI2e2RfQKAJYvy6MGC1ae71hs1ywtqJjlj0DUMuEtiDQZyqeRX6gzy2NirFu1ux5B+6HJyhOYZdclDDIWy76E6sRMdesPHR\/aSJCIvoflRIyR37hLMmWuHHUQ6nWB+yRQCrYxtluzJGJ2i9kYGZebpB5jVvUcVyUY1xc75t1a2dJzOuuJ5GB6"}
00428{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":335705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfJAAEAG2rHAqAIQ2O8meIDmAbsuQarxOuHFYoAQAVei8wAAAQEICv\/\/NwUfL14G"}
01129{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":339142,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5nfNAAEAG2KvAqAIQ2O8meIDmAbsuQarxOuHFYoAYAVe\/wgAAAQEICv\/\/NwYfL14GFgMBAgABAAH8AwM2HQqqNkiYixPn9BwY+6aPMTBPHUYVai51sP\/t1krD8iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jwAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZG6ugAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACna2gABAAAdACDaIvjlTeWP\/EfNzQgKtZHyge+ZIFM5wilp\/lsIRx8ZUQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454871321,"flow_last_seen":1582454871339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":343067,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"xiwDYGpkTGr2n\/YnCABFAABQq9VAAEARCWbAqAIQwKgCAYtpADUAPJHqlgwBAAABAAAAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454871343,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00429{"flow_id":42,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":347047,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0Nu4AAHcGSrbY7yZ4wKgCEAG7gN4gvznSCa74z4AQAPf28QAAAQEIClyVSXL\/\/zcE"}
00428{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":352300,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0sbMAAHUG0fDY7yZ4wKgCEAG7gOY64cViLkGs9oAQAPChQgAAAQEICh8vXhj\/\/zcG"}
00429{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":359254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0nfRAAEAG2q\/AqAIQ2O8meIDmAbsuQaz2OuHFYoARAVeg1QAAAQEICv\/\/NwsfL14Y"}
00431{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":359312,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RudAAEAGM\/DAqAIQrcJPco\/iAFBu6HJ7Jij4B4ARAV88gwAAAQEICv\/\/NwvBhPCW"}
02353{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":370051,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+scwAAHUGzE3Y7yZ4wKgCEAG7gOY64cViLkGs9oAQAPC4WwAAAQEICh8vXin\/\/zcGFgMDAHoCAAB2AwN8xw9S\/ZOSYqACMZeUrNR9nwHQkl7tx9m5Z1N7PUqw5iCPeQv28z7\/GLsaGfQh98BpWEFaJzPvJz3ZigJL3Bq7jxMBAAAuADMAJAAdACD0smEXO7sK7Kajb+qi7uP78Ilw5tC+\/EM9jWfm15fZKQArAAIDBBQDAwABARcDAwtb0zvn61NQhaNfMP1sNXgMUU6QWsPOKVSHr0GoGFNmRF4O8U6PjTuUN0wgeMwnAPRNfsjMNZKbzosHs7u1zzzzy71LJ8QsdwYw0AboGSe0PE1cp5h17he0769FJKf9+7CW3iTukjkyPv+v91NNwl7Zmm2ghRo26LgOQVHxAweObg7kqKAHrm7HgSAokWgfVi1cOYJhpwAppcMeKKXKAEJsW+REgajW9q4x0MDhZg3x1c64vwvaUeaN3YJh3Ce89kCVLAc+jOKsKJjmSid8gxFBvonydJziUgQpzXh9lTU6RTsWEGT8djskM\/KEQdwO5FafjOKwq7Wd42OOCtEUQpgfZimcP+zQhhr\/K0hC0Lxf9wBjJ+XOw4q2D\/5sT\/X8h1m3TmxgLnvXK85TII0wYzJhSvkcLiJabhue2MLQR1u0s\/tC3unWo+bjkZeJNx868ZSG3aFf1QXSBTzznOMSgrNCgnrpPrFYCI\/JvwSmnOX3dj+GIxhlPVwAxj4ibH7LuIPiPJbBh277DOA4Fo1saIYrTEM3aS325729bzcASVonz1Ntpyp2pvMVPKOQFbRNvYDA5DW6G34VGEBI5JQiXZegBNzYtfAyNvo5lTbcvfFeVs++NCeLjwwqGIiP24UHNp+28Mh5LaZnqJoVhnfCOs9M2UxoFNdqbTJ87gi42ato7QC1kDo+SvudEdG7hyvSha6hHZUKxdp1eVdmntKGiyhPQNMnJ5E9\/lVhZi3wF+WqDgr\/APH4nv8QtqqlKmVuXFjoh47ARurQ\/+n2V+hjVCeNy2Hna\/bLYyo6wRzCb2kutuQN5vA8xwCVCxWUwJnbPuCdJ4uu7++nxGpINYsdidBiCE4azcuRj0JHnvMUVkK9xBjo0DUop8sRPHIkDhjaExgKlAk0\/Kf+rX9rTZk2NTsukrHzIbpoT530hGk39slv5GC+rTxLaCaWLs92W6v+N3o1cahyMJYuW4kXwu86\/3iYoLI7GJE6UEVKMzq7q23thrhjZ9Y2NGNjaEs1G\/YbiUrC6heXLCe86Hb\/6Ux7mrzXaZ2TfA0ybHSuVkDKb3iNFCyEutyOj9q1+PQXSSn93ZWXNhfpGZqGgfF6\/3D2dZLZS\/oy1RQ4xW\/tkLo3gyq7pH3Iyqw60YTjzKhvXT78xpA+FH2aWRcJF+8OEKr3BhM22B2y9ZW1UKIMJyPQKDOW2b\/VqX44exkOUM\/c\/Ml1et11MIqEIgcelZYvpfGcwUQEt1E5cQZ06mcFPQUtHU9KqDSBB35dFOl7QxbfeJzg\/4pODCUdDafgINYp4fv6\/DMTGqS13jbR4zQn7VcC6Kr55583m1Vd4W4FUK4qYato9sNHcEGdNW9ir2WzMsvkPXzroDwJuxGokG0Uga1PJ0KPpf3XRNswLMqCAeGXxSQNxt39\/YzCCaVMdvjiY+14cGSjpeyuDgrVxOWnMmAmOhniOEMajU3Umza0YRucTOU09yg+DbCZ3XJVoTYYBaek84mbbBuShbY+d6swrTNuSq8G7Y6c9irlsWNQJhWjFe4elnawqsSDCE2P9oGna72653C4sgkLQfZsgesdZV+1rNHGspmKOkzp59y5vUuMgG7bSv0MPzoRq5cLoFjy6LFgEY+FOdTVPFOWXnr0mjKx4ObkuPcry8Rvrr9NVewCyJI5CCx7SBNrsoEIB3VEZGsPI9HQWLcPiIunXL74\/HI8zMs8Goc="}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_tot_l4_data_len":2175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1582454871321,"flow_last_seen":1582454871370,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02359{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371155,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+sc0AAHUGzEzY7yZ4wKgCEAG7gOY64crsLkGs9oAQAPD6GAAAAQEICh8vXin\/\/zcGu1IywbQbnDc5ksf3r3A9cpM75iOyHjU9m\/pzcf1D1KKa0Y+q8qTCI6ibmEJGvZBc\/pyC6bzW9vp\/RjW\/jEE6rxszvW9No1vC3+4Upo\/moRHxC5460pU5mEl0C\/rIhxb9ZqKz9imSAW1A1MFcxgIXjkqp2Txd\/69oex\/MnOc7nq3H3mXJcbElER2WggtIeNSwxA65XMFhRluAX5dnYiDIG+mhXOHPyKYFDhaEFkRG1gTWBt9ErqKKw0JabG8MSuSajimj0CIbFoA6ThiA+Fy\/lmymgrFaKoUXkg17lORKkMwV6q4tL7Dkc\/aQ3erUMXv21yjorSJtTEk2h76w3fxCi5KqK4CJQAC\/bSuVfrGaq+TwKISfi7gfKCfhYEZdUquwnh8ts2Svs6ue1VByD4g\/uplHRQFel2Av4M0DDLhE4WTarczEVm0tCpvySs7\/5a4E6mAb4Pvvhq3Ehwemz+tjXDky1NCTfSsNMHWLf2oocAKK\/IU90wJ7ZKQDVEyDwtAhgfwqz6QLRhBLGYYPGs\/CWxL8A1dtUTTDNro1ee3Hk+96VntFB3ewB0puBySlTttVaW28TG1u6dYWlJghTWmTKpmPiZBqgYDJJBNRnnzZNEl0nWhW90Ah2YUbd3FvRa4ckqGYSUHAvt6PNT2nOmYGK\/D5Gj1xyv7mHzD6RrF+RahYm8AqGJ6\/jByt74D6JhzqpJxMhw0mtFHSlP41fNSzdUSteM\/wI8nd1MgvTmAS6yKamFipzpOJGmHdyVn7Q6YLHSmrkOuKkK78jwZvaDUnVV4bLlDil8vlJenC7kFTrV2uCNzQdBqJRIrRYFRYCEBbjAH0LIrlRhoIpHwU\/wvAZ84hAtrOcMbLVQ3TXA2s0av+5rNScJAHXtGlvCHpyB+wup6BRoS1GLdw9EP\/fqg6jy+4J9klo\/eE47vA8YhATuD0wNeyV0tX1u+yUg2EyIwpj0x0hSwTQA6c34pTjAhYdO8zKX1tscCbLsxXRw45vEzpzFZRjfkAvKhLLcI3fLpTJyxFAm80fDCcTmSXlyMUIX+6paT3jiru4lb9x2FisU1TnQnAHuPg7ICf0EL1MHgr6SBu7GQ2MtbXyX\/U4VFgsU5oWKIwAOfqpKZt\/9n4tQmDfUu3w+CwO7A2usG1jd+VvT3Rh5tZECP0Ws1X3h4T3+2EuymphaGigx4Nffn+5FdtiJ2UbSPY6YoIuqAxifiIA6g8jfcLU1T4VRyLxYrJwt2h555xwlr3JOLQvlFdX3dW0klbYnmF91p0QMLwEUXTYJNVyno0FhSZ3ju9qztgZorW\/+F09caxSOnf\/roEJOxXCeMN\/hJk8uGefKDe\/yclC2svHEyN7S8wn5ny40jJGVrQiS1GJnANfH2RjRFQGRja9DFRh4JqER7bBGuAlPj05uE3M3aC53ghBh9I1lJ1RI3MxiH65S0XJk6XrOSVMH2f+215UAsHTlOQPyiw06Y6tw8Js010vfKDz2KEDIqUZcc3Q1YSGplrsomHOOjCU1tY\/N\/OR\/6bXcggsW0N9+nAx7oi0QxLlsSOBGl5z1hgrXUmUAV1cm8qxtBtZwFhfuG6vtDzcC0eg5p0yG32tYqai218Z1FPXvKTqB4tj+pA5vabVkFhPHdb6k0p+KuZeD1X5XGzFWwO68LIaIZ+lre3L+fhIw3WF0mHJ62dNTpA\/KfzUmhy\/FJvDx8O6VFjXLe+pa6qVGFpn7GWnMcLEbpoRaTQZCkFEiFNlFnp+B409wxFP8FXj3De4vr854OdUGXXfE+J9qDGi350rOaTiIvL5ZWZnj1jrXJvTS82NE2nn9+cKXs\/tMolW0uqYmvUXNtDHES5QHMevGBoBNyfMnOcF8rKgh+1erjpLO0zACGZsXft4PxbLWoP1Ks="}
00715{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371156,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEFsc4AAHUG0QTY7yZ4wKgCEAG7gOY64dB2LkGs9oAYAPCqKAAAAQEICh8vXin\/\/zcG7ueDwtBPQ+\/zXsd4N+IEldV7LTFV2EKTDrUd7hUGwSYlVe0vqdvSZnh5+J+xEX+LutOXu6gzXGICoDkMaViKEaCNE5scBgiduaC2FyrTG22vcjUAhYx0BAyOwo5phr51dWHRwZ8\/4NMZ59QJtbgQrURiXm6DkeH\/9kjPuwsj0TV5WyfnKb9U3B8F9KYSXt6tXbwTT2cLPpA7Kl6QYsKtDGlSH8ah+eEL5OjS9A6xeA8Iyp9c6uhfJC+Inp+pmx\/v2ge54HDt537QN4TWGHVU0CY="}
00411{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":371331,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMNAAEAG3+zAqAIQ2O8meIDmAbsuQaz2AAAAAFAEAACP5wAA"}
@@ -402,31 +402,31 @@
00411{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":375028,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMVAAEAG3+rAqAIQ2O8meIDmAbsuQaz2AAAAAFAEAACP5wAA"}
00411{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":375141,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAomMZAAEAG3+nAqAIQ2O8meIDmAbsuQaz3AAAAAFAEAACP5gAA"}
00488{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":383146,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"TGr2n\/YnxiwDYGpkCABFAABgqGIAAEARTMnAqAIBwKgCEAA1i2kATI9glgyBgAABAAEAAAAAE3NlbWFudGljbG9jYXRpb24tcGEKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAALIABKzZFEo="}
-00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":60,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
+00703{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":310,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"semanticlocation-pa.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.74"}}
00429{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":393426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA03ooAAGcGtUytwk9ywKgCEABQj+ImKPgHbuhyfIARAP08jwAAAQEICsGE8Ov\/\/zcL"}
00431{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":395482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0RuhAAEAGM+\/AqAIQrcJPco\/iAFBu6HJ8Jij4CIAQAV88JAAAAQEICv\/\/NxTBhPDr"}
01679{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":461751,"pkt_caplen":984,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":984,"pkt_l4_len":950,"pkt":"xiwDYGpkTGr2n\/YnCABFAAPK3xNAAEAGlfrAqAIQ2O8meIDaAbu5DOv2\/LuVV4AYAXio+QAAAQEICv\/\/NySJFICsFwMDA5EIY5j9ZA1qHIz45oNpOaFuKTa406BzzgMGq9aV2sseOT6uYn\/S+YukxH360M7FytK1cBcqsctNy7tE\/Klb21aOWi0JAjgnrqqEBilguRx4cGVc8w996lSUVfuXyH9\/dG8pLYMfJcnaGtOXQEdBX3vOd\/I0onjCU52qfnZ8zQjn3zLdnoI\/BrPsFLVNm+gW6Eyp9GsJrlAXTz8OQ7ayAoEbxoqUjazFmddEKh5ZQHlCp+\/S1PFnbr0zaTsFjMzTtRd4a+\/ln4EzpZna3ZgbhBIcZcLEGDw5ciSqm78DrnO5iELBPvdr8bqgciq3hshMY0LvQ7yEY0mR+g+5SpvodaNJiIfDykNERNrvjNi84v8eOzKbcZCBkewgxjxidZqELeL4Q9vC2sODnfAcm6XJtfOolPxuNh9FmKJGi1JfyRJNaNCYie8wSe\/aTGFVok6pIEjQnexa+epzyKwgyzA+GGOyMr\/Exthwh2MmvvzCwj8rH5SPzLdqOj9h+NgeGbklPFTg6b4O+l5pE2gRklmTt+RonbTYmKsgAZCnQIfvhKoJmg2Y+F2WQ2OwRSAP7YGxHdlkO5QnqRYNyupLj6xxwXhYe0QRCgePLpUp6gtXSwIWClCbXqFIyR3RGj+SeFLF7C4fi2UiLrARKRPBdHjCDXXuRQCH2UCws0sY2d5MqdG4Vuvj+mNVwkJMNof1x6EGI73isOezCI3ejxRm\/SJ0aQFhdZrg19UhfY0avOAs9b5BizwjtCFelMg8\/WR4w\/BePpLlz4RgZJgP4etDROSwWVNn+zlqiszR1IylfSOE7UHn96PnKgt69gzNHPIO\/Pxj0WhzoDDFAmKN4VxOQltJ7MfegURE7WCaHkw4WAOojRZB1fRLZDU0AOmywHqGa5feKhHhA6nH5yaqoETZyVMFp6My\/zk2gmHG6usapDIROPNYA\/5kb3\/YsHPUgaE4uasMwWZOkCgnTwvQ8d0\/D7iMFmkF37EOBRYDnzsNr\/qFYjJeVve42lyowjDq0Mbzu3WMoJdyOBrZwT47Q3LBORc8QVLUwzUPN\/YcohaRqc9Xjid9ZkZZNRrThrIZG2ypK0QWNv55SGIO+Y7\/PEbW7QOHS1p9W+a3GvL6mTCoxzhDV+VOEVg9Ejo3QIk3Kdr1QhXC8VtT3zmcryFAGrTVfkn+sqpXftUoBjBfouJCONDiM8Fk9Fr+\/80O5diBfaMbk\/1LdHOn"}
00429{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":474547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA04lEAAHcGn1LY7yZ4wKgCEAG7gNr8u5VXuQzvjIAQAPe0xwAAAQEICokUgWP\/\/zck"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":496841,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq+5AAEARCVzAqAIQwKgCAVlCADUALUQf0TEBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454871496,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00556{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":500216,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACRopNAAEAGf3PAqAIQrNmozsTQAbv86phbj0XFS4AYAXh5yAAAAQEICv\/\/Ny5msgBAFgMDACUQAAAhINwq9dm2l+1NqZbhRu5yA6j6RbJvmaMd4dASJb8g97h4FAMDAAEBFgMDACgAAAAAAAAAAHyPThhVhwEUPK3EZVkzHmk2upX9RvQBnCbUPrOAggRx"}
00466{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":536801,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRnZYAAEARV6TAqAIBwKgCEAA1WUIAPff70TGBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00831{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":538424,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFY1kUAAHUGVfqs2ajOwKgCEAG7xNCPRcVL\/OqYuIAYAPB\/hAAAAQEICmayB0j\/\/zcuFgMDAOwEAADoAAGJvgDiAZR0wlJK56tqlFe1HOm0VICTP5ZM\/eSHNSM2EnSKfUzry\/oUm6AATJtMRjz8a94e7NdE77GktTCb8W9\/REi7XjvKa9zAnUKqD351xUG6x23vdQzLarjM55gDmCiTGJTE8ECuAaYeBOyVdE7a4jahZlQ5K8Rht5jCI9tVIWfOGdj4LDS21nhwgv71QLVUNpo\/kvdBLsdVnNCwlFpRqUtJRdwVlBA8ttrRUdvraKOu77af5AxzZ1K+zVMBBHOYfeTvwFLZnmrpEU7qLLrKUtNpD1gl9s58z9XAoaWRJHqygPeXHxQDAwABARYDAwAoAAAAAAAAAACls3U\/mXy65X7Grzj2c6IzhQm8OEIMQqPstE+Q9ytycg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454871553,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454871553,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":553292,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8o7ZAAEAGEyjAqAIQrNkUTKpyAbt9gJSNAAAAAKAC\/\/\/OqgAAAgQFtAQCCAr\/\/zc7AAAAAAEDAwg="}
00440{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":591165,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8n5IAAHUGIkys2RRMwKgCEAG7qnIP+mJJfYCUjqAS6yAAJQAAAgQFZAQCCAqRSuAV\/\/83OwEDAwg="}
00430{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":592307,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7dAAEAGEy\/AqAIQrNkUTKpyAbt9gJSOD\/piSoAQAVcYYgAAAQEICv\/\/N0WRSuAV"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":600718,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBq\/ZAAEARCVTAqAIQwKgCAeYMADUALTc\/5u4BAAABAAAAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAQ=="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454871600,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":601103,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRUPMAAEARpEfAqAIBwKgCEAA15gwAPWHd5u6BgAABAAEAAAAACGFjY291bnRzBmdvb2dsZQNjb20AAAEAAcAMAAEAAQAAANoABNjvJng="}
-00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"accounts.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
01125{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":614271,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5o7hAAEAGESnAqAIQrNkUTKpyAbt9gJSOD\/piSoAYAVdLzQAAAQEICv\/\/N0uRSuAVFgMBAgABAAH8AwNx38g8c64XBkE7jetV3Cdtn9z0vCweKrcHtwdhHbSQ+SAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RQAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZE6OgAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClqagABAAAdACBvCWpMIieU6hTvNOrIocRNkNYDiS7EYWL5ZMqbRo33UAAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454871553,"flow_last_seen":1582454871614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00557{"flow_id":46,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":621466,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkTGr2n\/YnCABFAACR2r5AAEAGnYjAqAIQ2O8meIDkAbvMau0jlTRYQ4AYAW31ZwAAAQEICv\/\/N0zIBAkdFgMDACUQAAAhICz48gWJKZkp2KCZYEWlbEtnamYNOrvBXd8icZepK9lYFAMDAAEBFgMDACgAAAAAAAAAAKgrBLovHa9iALmwD3r2UN8P\/Cc1B+BYZJt55LSw9zEx"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454871623,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454871623,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":623035,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8E0lAAEAGZVPAqAIQ2O8meIDqAbtXpCQEAAAAAKAC\/\/9QRAAAAgQFtAQCCAr\/\/zdNAAAAAAEDAwg="}
00429{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":627484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0o7lAAEAGEy3AqAIQrNkUTKpyAbt9gJaTD\/piSoARAVcWUwAAAQEICv\/\/N06RSuAV"}
00833{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":634694,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"TGr2n\/YnxiwDYGpkCABFAAFY208AAHUGpzDY7yZ4wKgCEAG7gOSVNFhDzGrtgIAYAPDi8wAAAQEICsgECrP\/\/zdMFgMDAOwEAADoAAGJwADiAZR0wlJK56tqlFe1HOm0VCpWs2\/K26cuVt0+FdhYYcAWYeBOMH739QqoXqTZxdAwSf5SJMkskBjvOFCT2egFBRGdz\/dMQa+5zEG7KzOq8+a2cjNiNSFQTukt0\/JfWFxxYclpUg8+WWJMLKDlF4keVUBUuqhc3eLmRYgOPso9z5UsT7\/VPm60p2zlqL5BHD25XoT1UaPNRkJjTDwBD\/qzk9ErFC+85Zjzt2e1vrZc+B5QnFf4cqMxExq\/KExjhomz3HtjXzkdwfQ2L3WwYtsha\/0yWLJKeItQHe7kJtjmA7KLSRQDAwABARYDAwAoAAAAAAAAAAC\/tg0hOynrZ\/f7nkadyxJgik+pTzT93RTmcJLpr0rG5g=="}
@@ -435,7 +435,7 @@
00428{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":641192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0pAAEAGZVrAqAIQ2O8meIDqAbtXpCQFBCFopIAQAVdoXgAAAQEICv\/\/N1GpXP8l"}
00428{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":652290,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0n6sAAHUGIjus2RRMwKgCEAG7qnIP+mJKfYCWk4AQAPAWgQAAAQEICpFK4FL\/\/zdL"}
02347{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657677,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+n7AAAHUGHKys2RRMwKgCEAG7qnIP+mJKfYCWk4AQAPAEYAAAAQEICpFK4Ff\/\/zdLFgMDAHoCAAB2AwOPVTJtEs3gf1JQJ54x92TKTbqcMls2IBI7\/RbU2tFBCSAUmDom3MjZPcHpObhTXaYvtFsSBZnsdLd6vfStLts0RRMBAAAuADMAJAAdACCozDi85GAF8pR1Uiio9N4UGVPRA1gFdUuBR9Q3czJ9RwArAAIDBBQDAwABARcDAwtmEqagNpqEhAgJf+qZyqmCpO7zG\/YAcHcYyApmtEaTnl8cEqxMeQBHk2KbSOgUJG44WHMUhkl+2dDTTpIYPxRDrOLO8Rg2A6YgdrrsyDd9DQBa\/K0olttbUhRZRMlJoRKvOBHtvJ4+rFJPAk97\/AXv9BA93HVXZC+ChAsO\/ifM2TWK\/LcsQnQBFbjX4O+bdKzRl82CuV2z8UZyIcWwxQVIuTGHNAgSdb838jw3Xl8wPTm3jEl05I5d7QdpB+dOs4W50cPZRbfDbiD6H\/eSlp9XpSkDmC0HVWnCos8Jj4I3yCfRc6INL11ABaHz9jJPtEHGZBGt4BNhGQGbyLD91LjPNVNLnnMhtP3b3WURImoG92vNJqWkj9FMvDg4MadxFXT6S6JwBY9w75Y7DTNaxIVegVpCWV1PEl2jHNqltZPLtR7JuoJPbVEzIzBndk+zE9Qq09N190sA0UKg+T6RzgI7Xgg5nAYsMfrAAxXMrbc95wgQuUKr6bhp1fsgLOYObnAeTTRZlnbipIHPo4pOrNjY73d6D63j0T91b83lh7pnnDu6ufzlMvxATA0SUAbEXAqFAmEfXHcoZEQMfMQNTvXPjfs2X35J2gY9fnsXP3jhr9NNyoFVoTkXH8WXJEPczhBCL8WScIqQeP3HK4zMm\/ZJnHfSnIsOXKddfUGEkuLyHqlFcAuFstOB9a1b6TjNjq6YxbALUxZmsbqh1hCmu0dl0y1QAhoQUueTQeoPKXm1oUGMGikbS1CCDcmLHtfTs8HTseGk0xOiohRj+O3C265izRQUl21hZLDVxgq0uKrqp5SCWDA6Qc0q8xb\/2h3mv8AicunZab8angnAW7wQecOUbnM\/hsHYRPA92s+vp5TsYzO9rEz4T2e9DE0V6SYQMPwvigovQ23f+Nwx8WNogNCGkqwlNOrryULXSJKPANU4fSgAO7iQMUD3lka1k3obKzkWxmYoJcj1bNJYLC2jxr9CEUG8hNkMco1SDfT1vgV19eS1q\/luKVvxNuTDdsLumyBuk1aPRsLJ0O2hvmD3h\/5giSDc0i1DNam\/lcRjeteNPNJ8zktJdU3G7CNA\/OY9bwzX9RzwYnCovPol8wag5NbSFx45rEz+UlvzBV8Z4UehiNau1c7i+OMjxRJwG0xU7RrACKJDCI2IlZcNIt6tMSmSZREozix0IdeMybPIxeyFx93O1d1VODk9SqyWH4e6W\/CgpgweMA1GBpCHDBMjf47d8TupJ7B70+Z7pCg+ooRc6Sgt+0w2AWe7U4TxqzFP6TvraYrzA0u6Z7Iuo5pORbBwdwCMLORYpzehjs0u5Drpvb+QeZozsYsz+O5Ye\/96XfLrvwILLJqVlDq\/sqHFiRnllUQxvFEntDaYdcn\/x2ZoV046gazabq1VblZO7r\/2L7wUh0ZaRrtnpVeB2A3Dw+yRsShKwD6w+cETjaEUEEY\/ldhNmMJsqA6vuGQrbd7yqALw4zaEz1BlibQBia2WRyE7Zgw\/cTiScvqQgZ6yvYvadHtz3JyJNTf8ieY8MY4imLE2ubFTYKjKcjNECdz6e4aqfh6N9xIxgRDumXSWmGX7mozHYYK4PAagiEHRTTwlRNvkCXq5IVniYN83DlQ7LvkeawIMz3GDG50UuTou0Df6HRQat2YWrd0FVsVJOLJAuoESSM2nBA8NNNWxg1ZOzeHRN3tUka8W0mQGhBUthKnSnAc="}
-00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_tot_l4_data_len":2175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":349,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":7,"flow_first_seen":1582454871553,"flow_last_seen":1582454871657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02350{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657707,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+n7EAAHUGHKus2RRMwKgCEAG7qnIP+mfUfYCWk4AQAPAQIgAAAQEICpFK4Ff\/\/zdLqLgvwQsz5nuRH9DV7caoFdCHBSrOHMKMu3egajSHr8A\/4suOs2GODldjd3\/BZDeHGCaeTDaufj3j\/kjn7ksr6N4PnA1KHq6A3Nh7uRxg+OkKc84WQKURsNx1N7rf754xOJeBZ3BzRcqkHQmv3uSRH8N0EotoqTqifMFUF1a6MVyTU5zdDopBVDfXY4y1Gq6SLorPmYduc7UGkFy8kP2WpEL4603P4goYqry11nQdy1b1\/wdmBtn+vIhYDThJhj9pyA\/3S9SgUDJ\/yIof2wb6U7yUXyautg5PggX5dnVf6aDs6Mwaet06C87AYnyhDQrRZZWa7xo7eTQgK7z8GPQT8TIXV107uHawij7FDQdsNTxxqcJ8JIAUoYZHMgO7wcBrT\/aN0E\/rQkBrWCfJdYcBJGYBeXFCc5qv7MbXvL9saYbCbQyKcCY\/\/X7YkAY66DI9Oy3FrXUimebEdG92PgOkLqTorwgeZ\/h1cC5zVRzM+hqYlxznaihfUxzzA7U9zNY3YAarMRAwjqTwaupdtt6AvPBk3SLnhFBQAJgFSJ8gU8O9dUyEYqvkqv3Z\/pv6bQaP24XFSF4fwzTwrKflTh8Cn5vkafo0IxG5yVgghgpqIhZftjwNTLUAQgbHRVtfVmRhgPFqDvubD1Clx8fat4NpNF4+8iDDUGV726sOmJl+1Foo+aCzDi4n2I6ZC5Q0gih3jEs9dYbMIWr82+D8mqwTlVJf6voYuYpn7Q5q+yR2uTGj0vUNBIlIuSM6rna5D7MQ31vHidSIb8NNq\/GPv64DFu9ZJQpWv2Hpt4a1BJ\/TewZgP1p3MFw6+kmIgKQFjFesBR3JbgwgKkkiWMcmhN+Gp1n0p\/xzcahmDiqfK0XvmVrhT5M+tKiur1fqnCrvFxn5uzXPjXMYAg23iIv1j+92DYeAfsODR+2NVfSSM7VzeSyJpttOEmw06TLnVi2rocnoc4ddzLMFjRzbBAIFpbT8PkiUUOPgB8cbjboPbxzITYaa9NNmee8cwolxxJKut8o5E6slvI6tRjgZgQKvONHjoqYkBXImMyF9YAzLyKhe8wpP4H2NoGVBB5EvoerATnoME+EyjThmcq4j4zNf2b6+4opfvgyO0T9XgMjRDaqrIcIZOVxQgmZLTCzBI1tHvNU7QqWAQAo+PWdf\/27wBGqnZObwsribrd5JRVVzlKn\/bTdO\/F+ExjOQsbNH8uAgE6O5oIKk5p8654erBNA2i3QZadCUHYPbgN\/i6oX3BWSLscr8y2qGzy0udJIQKlqEQnKiRCT\/RcTmNGo5hbgnpWUNO35R8CAWTQslrOuXxPoreVgSwXGs+39s\/VvlmRBU4ccYjb3YJ8jlYvD7Ae43af0OdXu8EPBtPIltQtClVRrwY6Pu+9TKjrgmbeTypoigVCsJradiVgna+txFSR28Kozh9LeekPFT4Dw2IyBz8bQzbm7jrAoiilSC6w0BkZxRhLhIn8miXDKVqbG7zD7+HwvM7cNRRuU8DRyrPTRCV+Tqc62qRtnPkCGdOtLIKJQVVoJ0AlQc72uGKGRSKbhOlg\/Du+A+gIkx+TJ17RRebltDjGvJuflUx8Psuny83ezbKc575EMk7gElY+0+kqd5X7doNjCii9type77siEUFzRbWfh09gCQOfASJDiky5+uRlmmueWhFN9NBpg5Mz8UPPML\/4O6g2NoSKUajPyGbPzXf7lCGqpHG0B1NzReenex9p8bl29a2CZvcoAPwVVBfqAoM1WYKsWO6fFMQULlibzBFBgV2bI29Zh\/xgDn+D9BpzwHFSSL3GOVE8xPVyWBa9kZbZIoun76mMumf5mrrHAc1hoXdgGFpUnP5bgKNZA8wGsQSRXHs9jLfw6RzFDk8wRX8K+z2Mtihhs6+d4="}
00732{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":657777,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEQn7IAAHUGIVis2RRMwKgCEAG7qnIP+m1efYCWk4AYAPBrTgAAAQEICpFK4Ff\/\/zdLhZxPPl5g12SWR76o8mqaRhsahZZepmW088pypBWFGvuk7y0AUpNhokLZK1\/u06Xyo+4eMIMfWhu3AS\/4G4uJSMvcDp0pZZO\/E2pukUrNQJWBpomkGEbyq3FyS6A+VWn258iXtUs1w8X8IcXms8uWTo\/rpuXEf9hwHjuEB1\/Y+uM7wGtfibiHKyD1JkLzRtMypBL72dCHVnhlQLQesuCRQJL3udVVPbBKtkCkEYRXyxUdcHa8g4yWoQJ9qi1r1Vyl1tuA0VowniC5eSQrw88pwrRxtt32+0kvrXX42g=="}
00411{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":658879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAoVqFAAEAGYFHAqAIQrNkUTKpyAbt9gJaTAAAAAFAEAABrwQAA"}
@@ -444,25 +444,25 @@
00430{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":664677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0n7kAAHUGIi2s2RRMwKgCEAG7qnIP+m46fYCWlIARAPAKfwAAAQEICpFK4F\/\/\/zdO"}
00411{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":667034,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkTGr2n\/YnCABFAAAoVqRAAEAGYE7AqAIQrNkUTKpyAbt9gJaUAAAAAFAEAABrwAAA"}
01129{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":671535,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5E0tAAEAGY1TAqAIQ2O8meIDqAbtXpCQFBCFopIAYAVf46AAAAQEICv\/\/N1mpXP8lFgMBAgABAAH8AwOnqdAL3NdvDJFQu00MJRohbBr\/QjZxpgAY\/BGSZ5WHGyAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSwAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArAClKSgABAAAdACAb6mJErdFzNWCA7OLn3TVZSxKHowP8hLIwdOOd3\/6PSQAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAKamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454871623,"flow_last_seen":1582454871671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":676950,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrABAAEARCUrAqAIQwKgCAYHYADUALeidI0IBAAABAAAAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1582454871676,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":677331,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRtlYAAEARPuTAqAIBwKgCEAA1gdgAPR0+I0KBgAABAAEAAAAABWNoZWNrCWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAQMABK3CT3I="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"check.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"173.194.79.114"}}
00429{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":684801,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0YMIAAHYGIeLY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPBmhwAAAQEICqlc\/1b\/\/zdZ"}
02357{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":702687,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+YMQAAHYGHFbY7yZ4wKgCEAG7gOoEIWikV6QmCoAQAPAQwAAAAQEICqlc\/2f\/\/zdZFgMDAHoCAAB2AwPJv2kpRk5kOUnM2HOXTe5Yod0GBxnMyzCAyovUjyXAaSAH\/0kdSaWWl14l1kSxYkKqhEzX\/PL9dJ3FIy4nXY+zSxMBAAAuADMAJAAdACCgX8U2R1v7oA9Np4c3Oz7YFWZYN1sGxrATsrrnJaLEPQArAAIDBBQDAwABARcDAwtbCryhviK6rd70FfhdvqSrUX2UBHBS3nznbhwDa90nR8uM+b6CRbS2Vf3jreDvrYWrJMHAldbVALpa+VJuZl5DIM7xBbWLmLbQgNl1Wx\/8BlaA9MHzLPAmhGJLmvmrwoXdvuDtutplCDDlqmRWN7QZqknTjwBZ\/7e5noFL7L38N0V5T9vA0x5xQutrKvREjbkvxnXuH6bT\/\/T8HKlF9RMuTdwlaOFfGd6vAMAstYO2Z9QTl89ER1PNz6QhqKVcZtn9Owz0qf9d8Oel7OnbbR0u6loXcg3+az74yvdTIRI9dnRtYgZyxIW5Ln7JcBGQsyHaUWsXCKYEZSq1gM3QviFwW4iq6oeiZSPuYuwVVJCd6dxaIKGWzguTdKbMWICG9v7kTtetGA\/\/ge74b7VlB5QT1Q6+GA0Of+NljN8pFMixNNsme15H9FnSPbODaWQjmwVuqw+qnLbnMGvFSdC7JrR0s597NCtAlBp6yeGizENvpjjJm7+tGeFLXBARfgVyVFyxdk\/LAsuYtFX9ADYZEtVUJlTS7MzRdhghU34TQxGT+kkc3EI++enUCul0Jqtp3Xpz80LQZb1c87V+hOBNk974hnZkJ8BQOuDhKY6aUOUJaM2jKTujD\/FowD031\/uwLtunkTjIwLZPAMXXbz4qegXEP3nzI0DNboFqZxCS5qNje\/gQ43H6ziCDd7CJWfHjeZpHUgJnORG2En\/r4VjreI3PMzCzs9meVVpQCpi7\/lDmv3HbWlApHYX0dHwWOrC2QJWPJh8xkvmqnvyht2VX281JAzY3YnLX8xHJ8XFhg9E0FbachvwDEQP2QWgonJvKSp3BLbeOQlZpsr\/3UYQgbVAIf7alUJmrW2g9alp2Vx61hDpznqmHFXb8IkVvu5+5TS1c+1Zpc1tIZmJB2OVd11JRFdxGaRLa573+wmCAetK0iGgA2llBMoAtbgBF1oG+bLyzZJufrPhpO7iPBMx7lYsgiHASrjOteWSa6hMZa2P0xntrmtaUz1MRIIFvPkUHBwVxx+gG5g\/lHy32\/peF\/JVurqo3snJtctn23Uq4VfoZDdTSMREU8\/Ju1yW0Ige6oB37Yxv2hRtf4HquxZOOc\/REHSO1jTsCEg7MHgh40cXOkvB\/1pxotJSM2oa6INQZNbUl1vj+Lz0FgyWI8uxmSjNDnvoba3mxs\/Rocv0YesTP3m4GafAcT8aWBCwbpkKH4vRzezWZfMora0YQjZNBOWMF6AnvY5JOLmwFWgz1waqETy7Jk\/Kg7oq\/jm2iskmBQzDm8jiot76CHs6pv99DlUIYFcZ7tRcl6i0rH6l9YXdwJYBGpFmDpDjRgVimWJ5JrsyQ5boRxMimNjknLtSRlt24w4v+KcM2byUA698KF63Mb0PxMzXSNqgKa2b7ucmXA1UTOmzy\/oj0lcIlbZPkMDsSDpBoiTLX0\/zi4FJiJnQ1VZ0RnOXFNCUPWxVAgE8lsZxFLwEGg3L4vhjfAL0stabrPVlHiIydyZZAtcD4Zyc65UGPACS+sGGVF2GDuydrJY4E7OfTaqf4x3OGD9sFW8CjYKvcDoS16y7MTJWnnzIOlp9NqZkBOXLaWM86sr3hg\/DrSt3D6OB8aaKCrqGKoS3oENL9kyJc\/fYZWgzgveOQRBA5I2doP4HG5ASSmuTiMY9OZjujGEQsrPURHKRc6yI\/hsZ\/3zWx78UWFQbyOrCgW7U="}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":361,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454871623,"flow_last_seen":1582454871702,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02357{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":703713,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+YMUAAHYGHFXY7yZ4wKgCEAG7gOoEIW4uV6QmCoAQAPC6UwAAAQEICqlc\/2f\/\/zdZfiK+WJwsxBYmGTn1qaVgqL4IYylqnn\/Lq1zdC4mzB1Yy0c7Ekclg6PVka7l1Bdthap+1Gd6xAmTQCs49WibwnzDNYYs+EyUks0izRk\/6SVsM3kVt4D2vZLb0Qx0EbHt3ifthygGQN4raVoeYg0f1YI86iYv9+cLlbTi+Xjq42yyxCIQXxogJARHfyY2UGZFLX18yXFrcvuYUEtxKNeml0m5AElP3i\/SQhv1esmUzfPQUDjxO76Hb+GzvJ02hD1Z5XPohx+CEmDUgbslB1DldLYHzy9uA7g2JMs2WUfeYcUJsCLnYNRXFEY5YgDwnyw12TCtHeTrbDmcP7fq1Wa+u5EViwIDuVb\/+ozitr0mUKif3a\/hbYj0hgU5W46p+fTKJKeXImhGmluWtb3xFOFhi2QeDbH19jLJSr2g8mF9oZh5eqT3pvXsPzpbtlpKZTcv+bz6s7CNlXRQj+4GWUPBMe4lCZMKHuyFMnAZQI\/umK+Wp0C1M+CK1wLiRJRADyBSKN3Iyyx7wTCNciWokIf4LyK9hhHeyJym1rztAgCi2F7AdMG84lrxavlkPUMqpUq1Kr8ip81DpPc3GxFNIORoOYNZnLujkSccFHxGw370GBqlKaQR\/8BoRIN\/jKQOgECcSMTgPOQTlN00UkI2bBbsThda1H6TVEbTdxGH7TERIPZogdX0eTNNJ1gGbVfXJW53C+QgkIsAOPfDxHmXZuiHecZVTTah8c0GUaymFF8iVE8aBFpoKh3GbfJi7u3zme4c7C1gDxm0FbznTLdFYgYQ+iFgiiBBYlXQBVo9vuodi9b6AJic\/1rFzMhIcIWxLEqZUUnPAIKSY7M44lSvUTDTm3JEt0PfKOwbgBAnupWivQsJaleGhScqwWfueFK4xdYtdf49rITs9ZNQugEv83FUJcciWkmNgzmzra3i8wwq7PRBxd0YwX3EpbrQuV8OJIBmq\/awg\/BpzSdrpI5We3d333A1zUyfRMZ3fT+HwE7\/IMGlNEcdg2CRkAXypv1oTxg33EdBaae+A1x2aqoOWa2EgqWqzQBulfG2veFY0roT272lLuF0hJIlexxk2t3GtpoBA\/iqHncabaAolegSIzXJTSED3Vat4FClT\/6mANxsZ2aUoUCE0YzbrXZAkcuTN3bHxeqZ7sJKr0hEkKc0bNW04MWJ40bwrrtZo7M5RFOvSOWm8ArURk3Prz\/hEckpuh6uxtXhHx8p5YoveWp0Yh6oIZNmee+4EOf2U+eo8la5udpMXqMqxwJScGw\/IG+1XEHRvbVRh\/9MSsVUMsUu4n07EAs+ZVskg3PnshEUzZWkMOpAOO\/ZAq8T\/6E3HKvxor1ujf\/skHCnobTzJd\/zBYEHGIwcBZpv4jhrUzFSME3BRP+92Hu001j+89F9DRpTjPDimdqOx+D1jMtDXaIzcqbU31e+SkD1Cm3KrNcojoW5m\/cRtvkUtSmBUa7SXoLwMV52hWvVCnJ1xU\/+CmNR67CP\/1ZXRiW7LysEh4Cy26USUeJwNV8vdxRUp2EJ4GklIObpBLooaN+cln8nawsYz2R5DrSLgiN7AQbQ0MQ9SaUriMpwq\/yBiR6DGQJTcyWFjUxEKpI7XjiWCHyWXUgSh7m6ZikwMawndcM4AEzUXTywdiFPb\/JcOZjAS+T+j+S6QetHffxBm+c\/mWdCgDsivdzAHA\/CKm\/HZZji4QiQlgtudp9rDiBbpDaty13Rl8V6DcFIOlFUdJemkbnxSmGP8eBegoMnwGJlPoA6t5YFMRtDkkziZ22cPYxPYvtqJxa7tZ5s83yC6PeVa56eSvPrNgd7rjf5G8MFgLDnrdT09bXguJVyQGdd\/JWshx9kETD+BLP0tFriIOkff5qfSD+ZyCptLqFfI89OH+plr4pY="}
00716{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":703716,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEFYMYAAHYGIQ3Y7yZ4wKgCEAG7gOoEIXO4V6QmCoAYAPDmjgAAAQEICqlc\/2f\/\/zdZFInUiXd0kaYEdpcxleOS67gYnABGoCxqGAj2L6oEmIFGVoq\/Or1R\/UMCz28Vrm5swFo0M5+A8ibBsdRBrp4O9r8uMau1rSvUHb8Iq6L67JL1a744dtYrLnMMJ4A\/F6rcIxHrIVX0YhsMQxLeS70ceTQlbaTd5B1b9RQnxBddLAebAqW5398qiLSuU2DTlrzu18ELxtiXzFkIVdhNCF0T23rYqcvvclDZ14CHSE\/FLMpN9Ab6zW2Jx2SQxY4v2o68vWtF39FLsKwzN4c7nKbSbD0="}
00428{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E0xAAEAGZVjAqAIQ2O8meIDqAbtXpCYKBCFuLoAQAWJgcgAAAQEICv\/\/N2GpXP9n"}
00429{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704809,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E01AAEAGZVfAqAIQ2O8meIDqAbtXpCYKBCFzuIAQAW1a3QAAAQEICv\/\/N2GpXP9n"}
00429{"flow_id":53,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":704925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0E05AAEAGZVbAqAIQ2O8meIDqAbtXpCYKBCF0iYAQAW1aDAAAAQEICv\/\/N2GpXP9n"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1582454871741,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1582454871741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":741833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8FotAAEAGoFXAqAIQrNkUSs0iAbsOnCHhAAAAAKAC\/\/+NXgAAAgQFtAQCCAr\/\/zdqAAAAAAEDAwg="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1582454871745,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1582454871745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":745826,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8bVhAAEAGDXfAqAIQrcJPco\/wAFDXL1ozAAAAAKAC\/\/+PAwAAAgQFtAQCCAr\/\/zdrAAAAAAEDAwg="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1582454871772,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1582454871772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":772041,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CzhAAEAGb5fAqAIQrcJPco\/yAFDC1DxKAAAAAKAC\/\/\/BPgAAAgQFtAQCCAr\/\/zdyAAAAAAEDAwg="}
00520{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":772060,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0\/A1AAEAGfFbAqAIQ2O8meIDcAbs4lMzLVf5IAYAYAXhG4QAAAQEICv\/\/N3Im518wFAMDAAEBFwMDADXarbwkrqrPnfEARK1iXmIzlBg2eUTpj8CcDfqBTPbv0wL0B0zlGN1po0ii3NbiPPQC1NSc9A=="}
00441{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":781183,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8S\/EAAHUGde+s2RRKwKgCEAG7zSLiUVJTDpwh4qAS6yCWYgAAAgQFZAQCCAoTCsRq\/\/83agEDAwg="}
@@ -470,31 +470,31 @@
00428{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":786432,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0FoxAAEAGoFzAqAIQrNkUSs0iAbsOnCHi4lFSVIAQAVeungAAAQEICv\/\/N3UTCsRq"}
00430{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":787200,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0bVlAAEAGDX7AqAIQrcJPco\/wAFDXL1o0C99s2YAQAVcQ9wAAAQEICv\/\/N3bQ72G\/"}
00430{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":789558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0b9gAAHYGEszY7yZ4wKgCEAG7gNxV\/kgBOJTNC4AQAPDNxAAAAQEICibnYVj\/\/zdy"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":804912,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkTGr2n\/YnCABFAABGrB5AAEARCSfAqAIQwKgCAUfLADUAMmcLPGQBAAABAAAAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQAB"}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1582454871804,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":805281,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"TGr2n\/YnxiwDYGpkCABFAABWsEQAAEARRPHAqAIBwKgCEAA1R8sAQmKIPGSBgAABAAEAAAAACWRhdGFzYXZlcgpnb29nbGVhcGlzA2NvbQAAAQABwAwAAQABAAABKwAErNkVyg=="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"datasaver.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.21.202"}}
00441{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":807544,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8DHkAAGcGh1atwk9ywKgCEABQj\/Jn2o0VwtQ8S6AS87jgEAAAAgQFlgQCCArQTChF\/\/83cgEDAwg="}
00429{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":808693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CzlAAEAGb57AqAIQrcJPco\/yAFDC1DxLZ9qNFoAQAVcBGQAAAQEICv\/\/N3vQTChF"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1582454871814,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1582454871814,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":814833,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8CFFAAEAGrQ\/AqAIQrNkVysroAbtCYT8sAAAAAKAC\/\/889QAAAgQFtAQCCAr\/\/zd9AAAAAAEDAwg="}
00829{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":818736,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":363,"pkt_l4_len":329,"pkt":"xiwDYGpkTGr2n\/YnCABFAAFdbVpAAEAGDFTAqAIQrcJPco\/wAFDXL1o0C99s2YAYAVd53gAAAQEICv\/\/N37Q72G\/R0VUIC9jb25uZWN0IEhUVFAvMS4xDQpIb3N0OiBjaGVjay5nb29nbGV6aXAubmV0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgTm9raWEgMi4yKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzkuMC4zOTQ1LjkzIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkFjY2VwdC1MYW5ndWFnZTogaXQtSVQsaXQ7cT0wLjksZW4tVVM7cT0wLjgsZW47cT0wLjcNCg0K"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":329,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1582454871745,"flow_last_seen":1582454871818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":297,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.DataSaver","breed":"Fun","category":"Web"},"http": {"hostname":"check.googlezip.net","url":"check.googlezip.net\/connect","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 9; Nokia 2.2) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/79.0.3945.93 Mobile Safari\/537.36"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":823866,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrCJAAEARCSjAqAIQwKgCASm1ADUALW7k1fkBAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1582454871823,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00466{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":824351,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRS4IAAEARqbjAqAIBwKgCEAA1KbUAPSLB1fmBgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":827498,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8rCNAAEARCSzAqAIQwKgCAYBAADUAKPh7cqMBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1582454871827,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00458{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":827807,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"TGr2n\/YnxiwDYGpkCABFAABMd48AAEARfbDAqAIBwKgCEAA1gEAAOLeFcqOBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1582454871829,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1582454871829,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":829800,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8SmpAAEAGbHTAqAIQrNkUTKp+Abul3n3qAAAAAKAC\/\/+8ngAAAgQFtAQCCAr\/\/zeAAAAAAAEDAwg="}
01124{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":838757,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI02sBAAEAGm+PAqAIQ2O8meIDkAbvMau2AlTRZZ4AYAXirWwAAAQEICv\/\/N4PIBAqzFwMDAfsAAAAAAAAAAdYTA0yeiWvkRh3+WNBssZ+IsSXViUAAwITVDhsUv\/n+bkFtYk8kq3jBXrdCWRo1NsrcIswaGUUcm2k651tAlUVTMrSj6J3VNjuA2CNRBnhgUf0KKIsb70HD1RAGgpw6TdC0a9+9q2tX1epyRn8nAMxQ70HkBxlzeu1rg0ZiZ7ww9ZWQGuiNZvxPWBsIwnjMlarQ6IEunNKMe3a96xKcj+yoDcYORd4gE8NInPAaiHZaxvA9+9Htj0r1x2dU0+kh5Ly3X19LMQjkKnHxxXl5gt0l28WE9NaawiEWTm5EXe8QpO76SlfxWEp16E2E\/Bu0qcUlfv9bR\/yBJ7Ey4hlNhT+eAJV9rSsBdAx5TBwIUJkur+jF8XgA2EpTbK0Pi095MWrhOLgubUOqyDcEbhNdlLPfZGtcJ5DWCQHeMSFPOiLURf9cu0w2PhghROWhEVEBDie94urxNKfomCu435niTydxsriHK5xS+kt5He+25HKxROVFqUTDH4ybVgxpm+YaCMDer0820UofA6rV6FJ\/Tn9vK+Xi4C6J6MLctmSCsP1cM\/VgZlPEm\/Pv9aKZ4YnZaMsiHP8tzbAw9k\/o8r\/HUR0AohQoSzHw2firUp4zv74ED7RR6MFu8Pntsi73R+DoijausZ1d33jjwd53vwU37z8ma9o="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1582454871839,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1582454871839,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":839297,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8witAAEAGtnDAqAIQ2O8meID2AbsYfvWoAAAAAKAC\/\/+9gwAAAgQFtAQCCAr\/\/zeDAAAAAAEDAwg="}
00441{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":848736,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8oe8AAHYGHXGs2RXKwKgCEAG7yuig7Cw9QmE\/LaAS6yAtmgAAAgQFZAQCCArvemfU\/\/83fQEDAwg="}
00428{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":853064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFJAAEAGrRbAqAIQrNkVysroAbtCYT8toOwsPoAQAVdF2AAAAQEICv\/\/N4bvemfU"}
@@ -508,42 +508,42 @@
00440{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":867294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA8+7cAAHUGxias2RRMwKgCEAG7qn7jcCu5pd5966AS6yBHnwAAAgQFZAQCCArp2ZEZ\/\/83gAEDAwg="}
00428{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":873337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SmtAAEAGbHvAqAIQrNkUTKp+Abul3n3r43AruoAQAVdf2wAAAQEICv\/\/N4vp2ZEZ"}
01228{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":879681,"pkt_caplen":660,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":660,"pkt_l4_len":626,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKGCFNAAEAGqsPAqAIQrNkVysroAbtCYT8toOwsPoAYAVfGNQAAAQEICv\/\/N43vemfUFgMBAk0BAAJJAwNrXT7L+PJep4B\/dk8AB+uJB9Pwzmj4f8u29vBYTRHG4CDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbQAiysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAd6qqgAAAAAAHQAbAAAYZGF0YXNhdmVyLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBABIAAAAzACsAKcrKAAEAAB0AIA7SNmfcO9z5Fk8eILAkK8oUeEYOBFCgnNeuFUKzBOEGAC0AAgEBACsACwpKSgMEAwMDAgMBABsAAwIAAvr6AAEAACkBDQDoAOIBlHTCUkrnq2qUV7Uc6bRUrJdD\/LtOX9saWvlSIiAibjKIU0wHw9yQxl9yfCDql2xDdrNsm7zbF6\/OGNfdahzYSr6RfqSfTZGLDMZZfk1MJbPFSKnzYvS6jOEo3TW7x+9BZ4+3KDyjSvE5m\/8l2XSPqIu13oiFGgsmpE4gdERCudtURq0Ogikb8MlcSRimaW6Jyuzxd70fGrtNyd8LfqifFc1h2FkIDgK11FO2C2BHwFuqglbOegGmZKZuntDRxgQqNPVB57xYszkl2XDvW62m55mBMYgOxxISmOX9JOYaN4l\/oAeAdwAhICV8acJGk5urIeyURl35qfHipUs4BWNlBpXTDG5xEgou"}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_tot_l4_data_len":738,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1582454871814,"flow_last_seen":1582454871879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":594,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01127{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":880409,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5wi1AAEAGtHHAqAIQ2O8meID2AbsYfvWpTGBDc4AYAVfJZAAAAQEICv\/\/N43Dx9w1FgMBAgABAAH8AwOizyXUznqR2zg8twjqz4c\/1LcXNiJz8Xl8G8QuY+oU9yAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcAAiqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZFaWgAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApWloAAQAAHQAg3dtD4+BEPVHHfNtYISH7IY66a0OPmtM6OXNpxMB89XwALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACKioAAQAAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00805{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1582454871839,"flow_last_seen":1582454871880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":881494,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"xiwDYGpkTGr2n\/YnCABFAABErDBAAEARCRfAqAIQwKgCAZtQADUAMNjjuKUBAAABAAAAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAQ=="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1582454871881,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00519{"flow_id":53,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":888957,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0E09AAEAGZRXAqAIQ2O8meIDqAbtXpCYKBCF0iYAYAW2SPgAAAQEICv\/\/N4+pXP9nFAMDAAEBFwMDADUeoCqVohjOxbck2a5v5Pyyv1Fk1FpMgNW5QT+r4NnmhfmQ2DVwE7l9c1TQBuYpiVsdz55Ebw=="}
01125{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":890562,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5SmxAAEAGanXAqAIQrNkUTKp+Abul3n3r43AruoAYAVdhvAAAAQEICv\/\/N5Dp2ZEZFgMBAgABAAH8AwNXABRh0bUwv02\/tcLYJb8tWNqjNMehgKwAQKR+V6qhpSB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZAAiuroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZHKygAAAAAAGAAWAAATcHJveHkuZ29vZ2xlemlwLm5ldAAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQASAAAAMwArACkKCgABAAAdACBLZwILTiy6lRDHwjubzrib1KyQtw7d5xCTjiQBUnoNPgAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1582454871829,"flow_last_seen":1582454871890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00549{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":892841,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKE1BAAEAGZP7AqAIQ2O8meIDqAbtXpCZKBCF0iYAYAW2ejgAAAQEICv\/\/N5CpXP9nFwMDAFEyrbnJ6g4lCcl8fGr55cy4dgSJsqsxBYOBEOPjwhy8zTKp1bcUYupcfT8mB5D9a\/tIswIrfWM1UfUQyWgObXtLZcEhoiIdzik9SuLwFlKQkuU="}
01251{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":893680,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"pkt":"xiwDYGpkTGr2n\/YnCABFAAKQE1FAAEAGYvfAqAIQ2O8meIDqAbtXpCagBCF0iYAYAW2NnwAAAQEICv\/\/N5CpXP9nFwMDAlcD4iJ\/jPRtCquF0drwP2GZ2kuHnwLJVhypQf5KlAEVz0CdRqWLF\/E4v9AhgK1jksjBVADmPNL3ZuK\/Hv\/6ihMbxALk9beOiNipPBW7zVk0qNPxpCyinREk2yGnTILEAMKsmKojLR2xYtdo3P9Rlk+7tnqrVVTltYOZBzNNefPUfo9fCaXJqAGCnzqEXQMovEhb1aKY2vjJ0gZw5H\/zl8W+KL2+lidNLrVzlNSKekB+i7lEB3g65QNITwPZiWT05\/+mKMNaKmKnEfsZPzXFqAiSB9M8Sk06mpdK61S2Z9Uzf\/\/ycDhU6AROjlHrY+BA5QlUrIMkOo\/iS+xfbSWrLdCcU8Cf7NcuXTywlu+mahvC4sEeJTJStJTb8g36MBySHplLZ1KUgrdTOPJKxrIPSlbB38ODN6xkWjwpQ\/JaqkqTZGPNi7ac25dRlZ5hy6fThFOP5WcYgu7tlJF+ZdxsIMLaXoKAQkJJlydyR1w07hQKNoMBqHTxaMXgkWKI1jj6WA6VMOnc+VdJujytPfAldM6edYldGOHAEK4gcwrGeVPgNOxrm8KLri4fx5dOChmObLEzVjEQe1LA1jki7BheYByAbzgAR4AHVUffRFUZ4iRT06cq1HsIFXiNihvF4Z1ox8ftB8CbMI+qBycE2FEMCl16O4cm7kpRKQvfkIKbjNSXnIt8LhPtqE94ZxL8sR2szMand36ldeazSXt2CqehDZy04wcnOc3w94d15u1w15UTypaIprm55lLKSVcHn4O7iaE3L+rgpSe6z3S\/t8y3+iQ3JaQ51zRohA=="}
00473{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":894047,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"xiwDYGpkTGr2n\/YnCABFAABUE1JAAEAGZTLAqAIQ2O8meIDqAbtXpCj8BCF0iYAYAW1plgAAAQEICv\/\/N5GpXP9nFwMDABtkPRZwjvRWJYqbOhc+xpUQmZc0th6UFI3h900="}
00428{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":894669,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0AIIAAHUGgyLY7yZ4wKgCEAG7gPZMYENzGH73roAQAPC5RwAAAQEICsPH3F7\/\/zeN"}
02350{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":911317,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+AIQAAHUGfZbY7yZ4wKgCEAG7gPZMYENzGH73roAQAPDFMgAAAQEICsPH3G\/\/\/zeNFgMDAHoCAAB2AwPCu\/6wr8aE5b7PPfHVJn8Tev43TQ\/dv4YazQveDjrJzyAcL+vdmf\/YPEco\/YkV+JSTvE9P1MbaTiaPYiMm3qSYcBMBAAAuADMAJAAdACD\/ieAxCNwSQYi8\/CYIEU9iLFhTd0LghdqhtvUSuVKlLQArAAIDBBQDAwABARcDAwm5CWY9ip9gWhtu9zt7ThcQXhzqan0V1o7l6x\/zeyoNqXfMkG5TS5y7CMupzF4URfPmVp8AYpGq1sMwuyXya+rMwAPnsJdOPlXijhVQVdFR573zwfmz18XP4plRTCZmmDlhNMVRnNZESiCkLPctlmwnsblxLvyRgM+jVpPYJwXo\/qxRLML0BGhNS+VTnboXAaIasjOV6\/MkH2PKkowhKqbOtT6t2Rq0RGu\/UBIlW5ThabuniaP+1AY6MtYTFtsSiVSGN7E+hix9fBZtGm2vVXMFV3Min+8QRX72jJUrtHhRfYjPVCvEEdjykejkdEX9Yp4BEB8DXOiGuZsoClDKd\/Rtp\/wKag0acYYD8nHSgs3jEcQe+nHTjMmCk\/z4JppERuC9tuTqnTzK6jy8CiKTXYtCWpwwDqyhbdYCmHjXMzE4OjUAtRJ48WoVEGltZNp3BeyIKiQLix1bsDY1yy9dQH5OeAAQ4URv7fmhljTLnZCtbZ5GjuckJ7xO4wwiqMUA2HicNT+HaQBJZVrXWHnOm1nfisZ3atRYe6LkN+UPAw2peunCiNwJDrQh2QqxrrEOyZGruRNH9xmCYpGojJTWTaXGW33XaTGZnMeTQr9PN3dVE5bNtGuGY9p3qJikN+mnOk9bTv2nz8O+KqVdX2731aGpde436Zs0ikWVLJMowOGN0qe6zeFShNKqBeWB84PKUxEu+M5XG4GrK+3ex56gbRe00fVzUmiTcfgkt4y1fI2kdIKZk+bZQ+30TgrJoQbwdcOYvVXnBlI3rj05O4DBbVm6U\/+g74VWjpjgOthB3S5TTTyv9bsGYL2UMegweTlJBQRXSC7iIJma7n602M81NSE6C2cpBPxJcx\/hu5rvyz0Zw4X17sDhxc8jbSXxv6RPTbDSW1Qv9t8MjtGXFvmO1LLaYGBvHI47OHVuLJIu1RcyX2ZLkwsYmpc+NLjh7nRmgfbV9LqX7VTYcGd6qHpoOiTjPw4Lh0hHmhUBvH2BTUGfFJPgvn2t38D1jJtbxrN\/qeeumnQfE+Wwqt9qeNUYkup3srLObJakfp0FOIExbHTffa1DTSlNXGTdEirXcUwniAFggohhBQC9hpiP7vtMj5Ti4foFsbodNYQb70EAKeAoG6iMboXxcQmihTD8pX0AvYdmrjeENIQfCN22\/1Xux7CmKNhRHrD8A7llSNnQhxYVhVY7jsKRDEuilLCoFCnD6Ks4GP6rUO4lRapcAMcTwqRfAD1uo0SL5eG29JlfNnbhFjd3I+hgqwgpFovKMNCVBpLSehk1XzjsulSYBr3lwM+naytyRSXkr0U+BJPztq3U\/wNdhRxFUpmiVRabYVTjnL3tNrWOJWaRp6XY\/AkG18USC5nMGrk2Qh4I5nmmD9PivLTwdnv+JEWnsJen3pHLgVpCJ3+7iozJrvk0lwXjvsFI9zAULI1MEWo1ACVyk2udbxh\/7Ka55FnmLLKGKlZZKrXYIHZDz1PWeP1thqypKVrkYTjUZzR8Od3RIFnotB7nNgy4gMYw8zK+K1L9IP9ZfqMZ2Q\/G16H7JyGMHLbEgtHn4fxvQTz6quegyKgDGDIrqqS3v35qKZzIO9zhtEt9qLy9ad3XE2t2PSRho4bg2dMURxx74WsZTPFBx\/EjxQpODBU1\/ZITTlQFqLiokRbmUnuSFsiRK8Ap4IG0k2YvTfdv2zGLoPp0K7YTFrhhzcwb2fE="}
-00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":434,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1582454871839,"flow_last_seen":1582454871911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02078{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":911329,"pkt_caplen":1275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1275,"pkt_l4_len":1241,"pkt":"TGr2n\/YnxiwDYGpkCABFAATtAIUAAHUGfmbY7yZ4wKgCEAG7gPZMYEj9GH73roAYAPAU7AAAAQEICsPH3G\/\/\/zeND96rZ8KcpwGCajL5e1UbFoOKPqgx\/uV6oFNxUzW5HoTiQnbMEua+k1IMgAMlGzrMPqmxjLZC46qmoJt7owtjeGrDOFn\/LscN5s+kz\/PpZ7XvU6p9WRS4RzPkQ2Bswcw3Aeqhw88KHrtI\/7vblv0V7raO9mNuKAH1v+fka66dIT++DwbDQGfevDODKr\/gqlKQHQQDiYmjy9jWIiGk3rTKVkRcSPPDcgiZFXv8z6RCbkM0nDQZzhQ6adiXucsXvzr+pqfUvj2iTusNtJVkvxygL2rIo3He4F\/IoTw\/utRfrwAN5lvA3nlztuedBZW0VmFT2HFGguyZ3HoLDB+\/eXM8g6dZpIe\/LiaLkJs2Y3YrM7Vw6IB2Dnsz\/4k8EtpWNmPb3yG8Z\/o3l18mMQT0CK8Mn28wL5cobqwRHaiPAjiGac8Lxr8w+CtW5Qx5eLDUiAB\/9BdTQ+61\/uOz6bmdBl\/Cxej29Y+6aiibRDXI54JFPTRoY2EN+uRuKnLImd7xIv4ribSh7bCYwJor1pgob9Ds4840kLc3RPiY5eTw+PaxLfk2svXfDe61thM5IazPOaNbFjQPAKwCMjVlqbZusScjaeQD4e3WNs51prP5Lptmu3+OZIz3UYYZIUSH\/0Hfy55vkIY1YSJXvu3wCpYq79Ifq6D5JicKCPB90MQFUTtnPO+Q6fsX8yKExRpfQceC0TbMM6GzmfCRzpxpvQn3AhKWI2hf9LW+bhbzwAUSyTJ+1\/nRGdME3WiqbyERsnox3SAFNdyzJOI5C3xu1BiU2bVC81y66f6k0KjY57mlgkfAFn2gSBYwrt\/UMQNeQi\/M97ZX1nqPX5fENrQj0w2os2Ky1xq67IT2YwXQ7Z+UT8ShsVPvk3kOd75RW8XRYFWPoqhNXkbAxHCunbNYl7FUOgIcDSdIhIoxPyLWN8+Q7MTjdayT3Om\/xbD9BXOql4j\/sxYaEU57vMo8F+\/z1B2JfjAkd+w5nAZbQF\/epNGcvhv4sc4LZmkOhJfBzkKAZdH7B585+qWsk\/YlYk+XJXNjpNDe+ccw19cX2xxXsy4DE\/E\/+puOdfTdP8msTJnADomO7+vkaKfGGF1iYPpjp1SchHuHmM2Kaq\/2OoC2iSqrICv6OsEzUxYkxQMDzSpGZk\/3s17l0zbg17mSmatxtrTDSQaZWgQjdIWJUHO0YPKh4AgKcCG2jemS9qShBVX6uxrGbOOTm0oPtS3mqZpS1JyOnq2jAO9ze1KDJN7uLAV409e8EaM00XHklONUCHob9hiFW6dteOJCaxSF30n5IZiT5voMitZm6NA9n64IFARhTUCfc\/rfZKk3sdLmhPuEGUsPBmDEJWFcjPoj4\/KHTqDRlzDQsY+\/PkhCnJaddYRYWMoZsrgPxzCmcrJpRN25wuke5bdBBWfczNyGdd4vr4jNVwokcKEw6t2B04hDPUMTXKslyFFLJTYIBC5EOdgMIkYOQ+2WanSyjjwhwy2u9kaOgceZN+lQDFvUcQmV3nXfZnSZ+S8mghrYYCTw3X3LMyoaMttoaZAze1kIQ9BusBuXgpEiQp4RA2ZtLEUXQZtFI11PtbpRzVPW7z3XfYe5ozn83\/uDPQV+B3cUurZU"}
00428{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":913560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0ogoAAHYGHV6s2RXKwKgCEAG7yuig7Cw+QmFBf4AQAPBDpgAAAQEICu96aBT\/\/zeN"}
00717{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":913572,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEIogwAAHYGHIis2RXKwKgCEAG7yuig7Cw+QmFBf4AYAPCDsgAAAQEICu96aBX\/\/zeNFgMDAIACAAB8AwNXyuwDxMqVzVMdddxZ833D8C1lZmBy\/fnbob7+g9LiqyDv0sgDEuW0ydkkTNHJWYUIu7zui1THvKT7nSHdEo4WbRMBAAA0ACkAAgAAADMAJAAdACAbMxGW7At0HGDNDYgsDvU7\/zP00nEyGi+JFSenP9DTFAArAAIDBBQDAwABARcDAwBEmIk3Cfsq8y6kfOnRgN2JvXSQL48Jsuhz3DdaihsLhjVD1fUjNsHQjrzI+tlRQg3gUU5jKn9Z1P9IsA9DMYI8sr1L96I="}
-00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_tot_l4_data_len":1014,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00848{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1582454871814,"flow_last_seen":1582454871913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"datasaver.googleapis.com","ja3":"554719594ba90b02ae410c297c6e50ad","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00429{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":918461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wi5AAEAGtnXAqAIQ2O8meID2AbsYfveuTGBI\/YAQAWKzMAAAAQEICv\/\/N5fDx9xv"}
00428{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":919249,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0wi9AAEAGtnTAqAIQ2O8meID2AbsYfveuTGBNtoAQAW2ubAAAAQEICv\/\/N5fDx9xv"}
00429{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":919305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0CFRAAEAGrRTAqAIQrNkVysroAbtCYUF\/oOwtEoAQAVdCYAAAAQEICv\/\/N5fvemgV"}
00470{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":920611,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"TGr2n\/YnxiwDYGpkCABFAABUFXQAAEAR38PAqAIBwKgCEAA1m1AAQNQ0uKWBgAABAAEAAAAAB2FuZHJvaWQKZ29vZ2xlYXBpcwNjb20AAAEAAcAMAAEAAQAAARcABKzZFgo="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":441,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"android.googleapis.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.10"}}
00520{"flow_id":59,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":923052,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0CFVAAEAGrNPAqAIQrNkVysroAbtCYUF\/oOwtEoAYAVd7bwAAAQEICv\/\/N5fvemgVFAMDAAEBFwMDADWuL6pwY2dIV5u6\/9nmZIIdexhghTCWFLHE+GEvRKQh3wPKjSSu8ku0XJIM5+nfYupn+ZOFrg=="}
00549{"flow_id":59,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928214,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKCFZAAEAGrLzAqAIQrNkVysroAbtCYUG\/oOwtEoAYAVdWOQAAAQEICv\/\/N5nvemgVFwMDAFE\/VvvW6mNzVmgxZNu1+N4cHNqClH7bFY48b+AuqXlO9Z3OTRtvnlqvsWLprVSmODGDssPWzMZd8iaoYJxU+Wl3eDbRZPkYJ1PQLnFB8uLLHkI="}
00429{"flow_id":62,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928396,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0++4AAHUGxfes2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBd+wAAAQEICunZkVb\/\/zeQ"}
01190{"flow_id":59,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":928840,"pkt_caplen":623,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":623,"pkt_l4_len":589,"pkt":"xiwDYGpkTGr2n\/YnCABFAAJhCFdAAEAGquTAqAIQrNkVysroAbtCYUIVoOwtEoAYAVfpvQAAAQEICv\/\/N5nvemgVFwMDATdKL3OrNZSmAwMjJqMrvJVyg855UxEWRpxGgcaoPXmTnsSLvpTYH6BLB332un5PVUkjSzbZV1bWN1J+mV7bg0NcKAGygA62ln+wLaJVHCwaX3yGNWjy3v2TS8yYi9LRox60uXte5eQLnTVuwUpGLxWsIWfouu70\/IA5kqZO1\/eOWK1NqwWY1rJtc0mrgszJ\/fW3DI5\/COHYF6qndPsnowVLEO3eg77anY8GnaKRf9QORQ3dDbnGYu95icNPQLmZgtqAmf\/gioGn9ynV6vSzS2BcLLuVyDJ25lQG2\/aJnW09dm5bTxnxXL4AU\/rFK3DRRfLM+r68LzndF1cqPIoX8htgA2aKjoCb1jz6PmfCQagVNOSGh8YIwKvHQZwoFgSOvZT3C+YfwZp\/RBvIvUet6Z5QGCA6BsBSFRcDAwDsgAu6J26MgG49fR0qdXbyXcC2691mplsJGbZdCWdJl\/aFUs42hNKFU\/LYh21U2oaL1\/mx5+oDCV9dNqbCAFcDH6qWdVrr5xVew0ZiJS9HwPruAZz2MCupLTojaFRbTOhAaLN8t8qXnCdAOhOWrUYSU2UcLQPOA4BKK1+0Hkyk1A9psGRWJvAJuP686vu7vgMDDyrjAfvpGlkZDfxRy\/oBZc4EVdcSVddlv2DoiyQ7PCFpl6c0s6wEcqMjgt3LVe7b0Lvt5sEMS628\/ZbHBFSUyvsYD\/mW+rE0ZyhejU8087WcyKKGlfhkRDcRdpY="}
02359{"flow_id":62,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933947,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW++\/EAAHUGwGqs2RRMwKgCEAG7qn7jcCu6pd5\/8IAQAPBpQwAAAQEICunZkVz\/\/zeQFgMDAHoCAAB2AwMY5WYYbqaFaASWW6jnJVf7U9p5XrUmWmpm6Ht2OsAkJiB5nowSHXSTk06sjSwrAIShPUtbUgvH7+EkOPJ+Q5cJZBMBAAAuADMAJAAdACDAFdUrGj3bDPlmUUp8ngJrhEzu1yaWXZcraV\/aNJWbIgArAAIDBBQDAwABARcDAwtmsLRa58pzHIfJsc21G1uNReYhjZA4HvnFk\/S8IS\/ovK1Fa46AuRJbbd\/SBkQH3JOO5OLSor6xFjawkjg2pebtEvSS1MUT+bFvAB\/gwWVIJ2LaSgR1tJcDPx2dsgTw310EQdw\/pNF12k4r449An\/qDnLmVOGczrNNP49hCF5Ia+xEzx9\/c7o0YIHTfkzpVFEbWvqYmT1LAHMSWTJLTWNGncC5WaYnt8XB6qNKunKLJIJQ4m+yzyd7iECXhw4j+waJixfOcoZixpRO68SneDuGGpHNOj9Vg8bDuBusU2D22pjIvrrbkw39EGYBPiZfq4yy3NVohH9Tyk5vgBv6L9XkYdPu1lsBZNs96ieFDUuULf7ybpGBVgQIjqb9FbE9\/2VlzBqMDSNg\/NHyHI+7jQ8B32mB8p0XhdpUUb77Gczzu\/8GgROsDt5FE0XNQHUJxCLmAoQk\/r2rHmHOF2codfTtVt0qBxFsSw6kJPS1Ngkah0+0heiyqxOJd6LZrgLqnHzrw7ffXQgRtw0k5V6lZcithG8iqDzGyGhh7kHyYh8gSiDhn1\/qqrEPsinjKFCrcDy15UEguDov38fFdUR87rSynbaYHzcKcxgn6\/AUBZrFdBRuV2aC2xYoPgEy4J59XDTipNQkbNpm9\/En8SppUEjoJdp4W0urkLyMnxdE+e212xefreD8Vf07l3xo881eGFfaSwt\/9qb\/lkcJdIy9eww8EL8x\/M6ARJ7R9uvOdPlnvbMS\/gvcaxpVJxC0bB1KFizr08xT2yD3qp\/fRyB6wvVKIWZkTlptsyz6ksxLYMY9uQ8ZWbW52LwKg\/e0sbE92nCN+7Dpbzbe\/Zt9DhKNHCocQGTVEqpfY3pFDZ8NAX+cqiw5fTs2bvhuqoULfj+PY9kv+\/KOtBLs6auQiswxRpMDEUY7jLn7Y5gxsvllNC5w9z1U53PzMyCHbC6y+byTPTQu7udXi5UXTo4IfJobNukPgSf350\/mJCLefHxGSbEkpaIcCrl+DRBuUaGZdJt+XcYrfRyWimRPFrZoj70aE78wE+Bj4kRi0vL0ogx8PcW6XhEJqhEj3GTf6cAQaCK09K5rS7G7cz+EzGtvV4LD2t7axQqVOkC9ynUTWr\/sCdUm2MxmjCREWKeksrOzGH4A5ycN+STg6ikMxsmSHflIqNWPq3jMfYwSbbNGUZB7XvFpfYuRJ5WympQOKAfWJo\/hWFvIRDGLm0VmRS0hO3FQkS6rKIQAfDafXOcdhar75whYOqBeN+V+bNSeVEZGoX87rgFWqW4t+1jNFZ3gQDoLISrrgjggXAZ0yF4olD1t2FJ2gMWlP9CsJgFlwhs96Z3UcUMZ8kv5nwJkjjsD73CIdEidbBlb7tNT4ews2qnUwioO4UuBueQPR7XgYaDqVzmaACvVWecMODUNYKtV6ZgrFfbxA\/Nke18pXDb62Chp4z8MCNkzNDlZJqNmXvsIE+HSyCIo2YLxXWFAgvBvmzRtPVRXsdyRuEAlLVDpFgu8cuYVkNX+l5aASutLJWqFv1Cyo7TNYKSjMBd17QOmk\/l6MjgUtUy4H3dWGHGS9MB5mG+DFA0nUne2zuMIChziPpKOIcMJ55zNYls39klCKNBhwZxyZPaB9L7zXFkkyDehF\/57HLyrqz8G2cthrQQe7SPunALJ7hOmynS1h4UJtrV9RXfu7it3raX+HUIl\/ecgYofzt\/8w="}
-00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":447,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":6,"flow_first_seen":1582454871829,"flow_last_seen":1582454871933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DataSaver","breed":"Fun","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"proxy.googlezip.net","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02356{"flow_id":62,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933961,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW++\/IAAHUGwGms2RRMwKgCEAG7qn7jcDFEpd5\/8IAQAPAg7wAAAQEICunZkVz\/\/zeQin+K29WjhzqIlQsOlL9mUV3D1i8erOoQnAdFP8H1jV\/up+FHLX894E9mq7TdGVNqo8MpScCMaq0EXxPZfHAUyW+S9iaEqn5ZB6ZWSWxvpQZHbP16rteeiLf1aybO1jakVJS\/+S9iTPSvWqqoo8ZSxrRx7UkYzbAYlla8c\/Q4NkSLnNQARYa7mqnvpflkYQXYcdo8xK2h5FZ\/OyOS7cTdDFI3xIvk9Kt4IU8zLaO0B2+DHKtoi0oI0xkja3pahpAm2qGm8dAv1UFfJkfAiQHlMPgZZsptqIa4gd0SMs8R2irP8YxDfpGl3zP\/i1D4WLfSkQjKHgFqscAjiNoJJ7dtSH2bGmzHOV8zuafy9LE69CbzZ0dTWMZkPD1LC65hHdjECAqSFSy0zzoofm62wK74ty53qxd6S5wz+I\/R2V1dVrls3f+o5FdtEhxAXZ6uAgTIraMwC66ONbpIVYcRdNsvhrJ+1MI+R8DI+xwjveGMCc8103nLr9xnohlktbkgv28xfQFArBCfKboe3qM0Zbj+TpB5ub4aWXtc5sbAuk3ZmRaLEKYEAHUWkz2zIezc+pC735DOw6ppdbCXAzfzzer2FWYlizvVU57w+uErzGlpfvIPzqwl5F\/mEzyI4Y\/o7WQkIYBUnq4fAaO7HqwECM9xfoFY1PZ+FG2N9biGtBw1mKVoMjzaBY7SFGM2S+gGHpwuRtcF4mVPBMXZEtrQEO8E6crpeCe9kCThWztmaN1Y8reUBdyeJ9U+NEKWM2cdgKIXgvihRt6\/HyZZk7pSW8oXwW\/nwV74YATFzmEv2w3ZFkVY50LP7mJcRMTIXEjucaoRkhhlRNCySEvzFWMMkNNcKzcTjawZPORBlGqMMA865ebnfmz3fucJqegh+zE1nX5V4OubIN155066U8DXO2RmLgPcfc8t9YlGXVpRTSIV8Ifc+41+e22k43tDgBMWYOzeYCLuPukpLgz8+fzj+YUQzzQsEycvFlujMXPXxDQ2yJDnjNWAZ\/PWje+XjdUq14Em3LM4xOZOoURNoEVAWnfA+fHLjh44CBDnILb+i4OCWxwkrQrlzdcjSi2faHl76jBt2cS8eoMIaXbiK+0gED3yqd1\/eR33nJDSo+\/C7s\/QkEIa0Z30cO589bUkYo6jU72V+GxpmiiKRoPHpmv6Saw4qBClcz0qeoG4etjbVxpeODXNR9coAH\/6B4DgeQeYC\/2yztIx\/\/XhQSum3R2ycI\/2bZZtoXxLBmN+x236jlLzXOmYk04kKeSpyB1COCKE2KKy1WbKE5XXjiHNHI33c7hg6hy1nv52PITxMMMZDylstk9R0mum4lD8z+CW+zfUtuL2xQAXBOuoRy8bK8ZubB8V1ocIsSomtubtelDRu7h0TA2Vo2am1eYz6+RjWUxxbd45HiLMau+RJ\/mVdqEffAtgPglU7O1iUDU61vZDScU6OcTIXWJ1nLcjye\/GiRUE99yqUdgrTacPoBV4iwOa8jhoEjd1OH1vHtylW4U3TUgpA+bdsrryz4RrzT3QVn0GDxdooajdqOhIeYod2s4sieNDVK\/LgJZbjdYpfHCxLlLPc\/xanifuvHcs4DIxivgPGAQcBJVxyx7GpYqYyfSpBjmHDPww0rxYgCEH4dqWxHqJ3dutdbHCYYM3AP30GRQPUpjwTOwIgG\/YGuvlw6XagViWX3tSOYMwHzSWKzAy4HWOlB4+TtqGOw+uorekppyYjQDCGRknpCAOaaltFaTrgrimVSxA0Q2PCTMsZSRUlIPEZJgTWhokV2JGQZowfZ6aCPBBXYqz+5wIpRRyt4rdGlGZoI\/R32pRZT1Ma0+rngd1IolVcvriPTK3dBk\/6rn6yCleHc4E\/l4xp9bHHqn9Bii3NQOpz8Y4dYjm\/xs="}
00732{"flow_id":62,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":933962,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"TGr2n\/YnxiwDYGpkCABFAAEQ+\/MAAHUGxRas2RRMwKgCEAG7qn7jcDbOpd5\/8IAYAPDC7gAAAQEICunZkVz\/\/zeQ5ZMFJGThhmhvfLrWTr\/8+p4unKTT0n0E5LUmkSu428EPzfUlIpHGEhMRzSqBTdvJEel71Rrs340eQFiAU75SSl59qD5iSohBU9XX3H3SHlycFpw+sZhAEbXtFZP6RM47+u8indZ8CvZHpJ11K7dlTsGom6Qyo1Ezyk\/CZpxwUp+ChC6fcNOGUvWnQBdWeTRa6Sju7NI1uRpMdk7clRzueQscobaxkRobNrLVctD\/uBjLfV7eIg+jPkKsfVbryg3pxeLwxDC9X6TrBCZGeCaDwkRIHnPvWw3B7eJHMg=="}
00429{"flow_id":62,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":934993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm1AAEAGbHnAqAIQrNkUTKp+Abul3n\/w43AxRIAQAWJX7gAAAQEICv\/\/N5vp2ZFc"}
00430{"flow_id":62,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":935354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm5AAEAGbHjAqAIQrNkUTKp+Abul3n\/w43A2zoAQAW1SWQAAAQEICv\/\/N5vp2ZFc"}
00430{"flow_id":62,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":935460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0Sm9AAEAGbHfAqAIQrNkUTKp+Abul3n\/w43A3qoAQAW1RfQAAAQEICv\/\/N5vp2ZFc"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1582454871947,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1582454871947,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":947536,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8i1NAAEAGKc3AqAIQrNkWCq1WAbtFj7zOAAAAAKAC\/\/\/ZVgAAAgQFtAQCCAr\/\/zedAAAAAAEDAwg="}
01224{"flow_id":59,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":956059,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"TGr2n\/YnxiwDYGpkCABFAAJ4oicAAHYGGv2s2RXKwKgCEAG7yuig7C0SQmFBv4AYAPA7BAAAAQEICu96aD\/\/\/zeXFwMDAgFwnz\/9zhRq4TXfEutQixO90s6NJDKzRX+t6Ws7YF9lyrfbOzWQsc2thx+Tb3wQUxf8fi+pRfAi\/8BcINWRBGqj\/QiHgcq+tb74JSa2X\/6Qp4RyDQWP1I+2T0z1lBLObAsIHL7RLLga88K5AzjuA8EBjfdsrdjU+J44oERrTrKkqH7P2FlUG\/Q3XYBdFZxIH7d++aB3J+rWChwMb5HMbJD6\/gg93RxX6yd0R4R8+GOcvOafIbAYt+Q87ACyAqy524Jn9oskdr\/4tbFrIJt3PM+K0yEtkdSEAueUmFbbwAz7FVf5y1TmElpAAHFFVh1B8KQkmZnCRalckQpS24sutmF4f7kJlocTFPRfIrC8oy+wwcbbEXHoSsB6SnDSGv46vOLxB8nexElYwc5GPHRAhhBFk9uibdCQLOaDNE5RlsTMmtrCdJ3txU2GyYMzvVutvzxTd+dJ3G5IF5pN0n\/5moaF33Lt93ZmxwWZhEcoW2o0LbL7DK5otINHZP5AQS1r4Ei2Q9PHyqlbQQ4z+J6S\/gukm\/mJ8UlOac0dJzZWKH7WRPmYx0tIPfAXY2aKxcF+cwpmxgEDPRE+03rZLzZ+CxbO2UOA1yX6zYY\/VRSdzCZIw77eZfa5RVI5hI257PJj9N8s5Ro\/4bnH8Jasr3oLP3ClFoLCoExQQJKf3a1szZWfd4AXAwMAOXMDVRsH\/SQwHn8FOeCfp9pHQZwIAw96\/Xsc67RXMq1fzCZqAy+\/C48zV9GMsRRqs7PydqSSO6LNWg=="}
00474{"flow_id":59,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":960810,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"TGr2n\/YnxiwDYGpkCABFAABToikAAHYGHSCs2RXKwKgCEAG7yuig7C9WQmFCFYAYAPA95wAAAQEICu96aET\/\/zeZFwMDABr3Fs+IhNHLfhmvUV\/iFyWjU03ElxMerhpH9g=="}
@@ -554,21 +554,21 @@
00429{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":974035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0i1RAAEAGKdTAqAIQrNkWCq1WAbtFj7zP7b1+\/4AQAVcGrAAAAQEICv\/\/N6S7R9gE"}
00430{"flow_id":62,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454871,"pkt_ts_usec":986870,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SnBAAEAGbHbAqAIQrNkUTKp+Abul3n\/w43A3qoARAW1RcAAAAQEICv\/\/N6fp2ZFc"}
01127{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":14369,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5i1VAAEAGJ87AqAIQrNkWCq1WAbtFj7zP7b1+\/4AYAVeASwAAAQEICv\/\/N6+7R9gEFgMBAgABAAH8AwMkp2qM\/0db0DeLmsnG5Et9Elmp4AHL6ZUbDww1dSGLViDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJwAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAbABkAABZhbmRyb2lkLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBdVAAAAAzACYAJAAdACB+eKFCipAuqOQg5XnASQ8WeZbYj9YMN6X04Jt8S8pzfAAtAAIBAQArAAkIAwQDAwMCAwEAFQDxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1582454871947,"flow_last_seen":1582454872014,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01124{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":15952,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkTGr2n\/YnCABFAAI5Fo1AAEAGnlbAqAIQrNkUSs0iAbsOnCHi4lFSVIAYAVerwAAAAQEICv\/\/N68TCsRqFgMBAgABAAH8AwNz1LPSLb66vIVVbsJEbO8rYoUzZ7GYYLjTyvNVKkYlfSDBTSmXKzrioGGWwSCGVWAYIYzoWG\/0EeuQQ9g0J6ik9QAiEwETAhMDwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZEAAAAnACUAACJzZW1hbnRpY2xvY2F0aW9uLXBhLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAABAABQADAmgyAAUABQEAAAAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIMPUFJ0SGA7J26IrfYJXpc5MBLMHrRFiHqhzJJp5bVBqAC0AAgEBACsACQgDBAMDAwIDAQAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00813{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"semanticlocation-pa.googleapis.com","ja3":"33490b1d5377580b19f7f9b5849d7991","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00521{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":15971,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkTGr2n\/YnCABFAAB0wjBAAEAGtjPAqAIQ2O8meID2AbsYfveuTGBNtoAYAW2umQAAAQEICv\/\/N6\/Dx9xvFAMDAAEBFwMDADVbu6lmuoyUsN+4Pg9R95AiJ3cOU\/w0ELRSdXuiw82zCKp2P\/R3ocEPaJdhwqvhDQv8ND4drw=="}
00549{"flow_id":63,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":18285,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"xiwDYGpkTGr2n\/YnCABFAACKwjFAAEAGthzAqAIQ2O8meID2AbsYfvfuTGBNtoAYAW1KVgAAAQEICv\/\/N6\/Dx9xvFwMDAFGzhX3zSHCSeQpcf+zj8Wg7u0+TqEYwPvzEsCCIKC3h+Rh2v2i2Wc+KkH4gJdydkzKfja2tSy9hV1nfpRWuGELl22sRnalE\/L4M0AIVuHR+R3Y="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":21787,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkTGr2n\/YnCABFAABBrFBAAEARCPrAqAIQwKgCAdv4ADUALYKcD\/4BAAABAAAAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1582454872021,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01757{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":21845,"pkt_caplen":1038,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1038,"pkt_l4_len":1004,"pkt":"xiwDYGpkTGr2n\/YnCABFAAQA\/A5AAEAGeMnAqAIQ2O8meIDcAbs4lM0LVf5IAYAYAXhukgAAAQEICv\/\/N7Am52FYFwMDA8fkS\/Ydkg506bRsDx2aMu2LlYm3FmTcPfwbGg1JlpJX0\/WGVHylpv2llZD7rzzljb59bzFSez1T0MCbZ2bGCu\/qVr8XRR0Zowqkuedp1eBCfKnQEa584nR3lZivymtrU\/m0+f18jhItxNeYyEjfpEax17Gx6tBHE0eut62vMFfbiMGwIu8sa6FlWlInjTE+E7c2x5MK7iSwLlrLndU7Oq6x76XI1\/8pAavRR\/K1SykGT8f1mk0Le9kP\/af6ITJ9tImH4FaZTMOrmb\/Mp0ISTHIRrfWte7x6HwM5W+XROxPixm+\/IiiFY86CJsxNB7PhhkUTFLJ1OHsK\/9ekMdY083fBvAgMXLB19zCUer\/QrZpIC7ii+BHMAiE6l2zib1DDyt9S9DX+bbsIozF9Wg6RdT2vUP35mBh+mnYPtqLId4ogcPD3wP8A6eLu4Ox+7IiY3Ay19lRbEKY3W5GiAjwTFKsPmbcmVomh2KflsF0hbbJv8J920A7jlZZwPOsMgYVbx66S8LarZ4PMaYdclhQC1\/Bd7gbSlgyHfTwk2M2T5cgdIUbJKFr28gFjhBMoIOJ7aDPC+W7mHpnRRbsi8zigNAjk9Iq4uJ63eMGX6e86osrzVxl1YZ0VqTV3SkdM\/pJaP0SfN\/qPVNsTlepIk59Wp9\/qpxV\/RFzc94o4ZHakNsvKrpmha4jwrEfQiHwotG1ix0u38qgKeFd9OA8ntI\/Lb+8exQUk09KZYhOcxUkpmmzlFFTHCis8GFZ0dHg+dFp2f0z6mn\/QQ7gomWCTl8AUdhzY2PyhssLHO7nllYuPjQIvE7UoG+Y9Yrb1fLG3OMHiAc5VBCF26K\/XGR1T918nNJLbrky1nCmpVqOKDX7KsgLDTwpZjXI4Mn+dC1ajE0U+B9YMZvQJGINvQIp8DuxCSO5m1p3+VtQOsgtolIUlC8zWcFTaoZwypwVbXyPXUUHuBP7oDFaAYG62usQonw8xG5LlazHdAHSJCLonePTXaw8gtMVhCaVTN3tdnb6cG6iCZVMAqn3FU0GIV1h9tlVmO5VMJsYAtGwcOSbRMs4FpKhg9KLTSbwuhzw\/x+qVSm5FE0A1\/fj1TUFM7MyrQtG9njbPDfp7Vtn5N36RDG3+aVdK3zRjNk9FbwSWBXT2d\/+FzZ\/kwRoqI1aWkOFuBNSyV7UsGI5yTB3k\/vC13dwy+KKNWW2EaBfaeFjurAr9TajB5brdV6\/BoloMVRgKEkcSUmkfQiKmKmkKh40DJ4\/9bR3TDteTPMUOkoZNJoFHTTKQoTa1r1ZDDfap"}
00467{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":22430,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"TGr2n\/YnxiwDYGpkCABFAABRBMwAAEAR8G7AqAIBwKgCEAA12\/gAPTZ5D\/6BgAABAAEAAAAABXByb3h5CWdvb2dsZXppcANuZXQAAAEAAcAMAAEAAQAAAJMABKzZFEw="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.DataSaver","breed":"Fun","category":"Web"},"dns": {"query":"proxy.googlezip.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.20.76"}}
00430{"flow_id":62,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":24686,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0\/AMAAHUGxeKs2RRMwKgCEAG7qn7jcDeqpd5\/8YARAPBRkgAAAQEICunZkbb\/\/zen"}
00429{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":26304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA0SnFAAEAGbHXAqAIQrNkUTKp+Abul3n\/x43A3q4AQAW1RCwAAAQEICv\/\/N7Hp2ZG2"}
00428{"flow_id":63,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":30811,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0APEAAHUGgrPY7yZ4wKgCEAG7gPZMYE22GH74RIAQAPCtwgAAAQEICsPH3Oj\/\/zev"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":31849,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkTGr2n\/YnCABFAAA8+JhAAEAGvkXAqAIQrNkUTKqEAbsc\/M8rAAAAAKAC\/\/\/0BgAAAgQFtAQCCAr\/\/zezAAAAAAEDAwg="}
01218{"flow_id":63,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":32305,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"TGr2n\/YnxiwDYGpkCABFAAJ4APIAAHUGgG7Y7yZ4wKgCEAG7gPZMYE22GH74RIAYAPAjvgAAAQEICsPH3On\/\/zevFwMDAgGbyx0dKct4w0cQrKZqJxffiNdC5O312J70N23BOeqnmk+hhM9WV2qnmeDthqciqQNupEqy7C\/aa1wK6d4WZtINeu6mGTxcrFQs3ogNfXsmdkJqn63Akwiw9P60XEf40nGZPQAmzdgEFh1FYQ98FVevYy6Asv5g3gBWwcTFNpeKenDVKORJxxBaqHtp4FgzzykiwuY9lkyaotVKYR02eyxVmjM7eeR+QnPpvnUQ8FEbop9St9Z6QCYn6Sat900CBT6dq4A3KUGK6AkwHNjmj7XFX4EggqIcA4rYpVxniPKn8g29p3p\/Qk4VzsdG5nbkJCQjRjI7LNd1pt4ilciKtGt256aRTSlWhF35Rpjzj\/D2\/7YoxxSRv35\/0UV7JThre9pcqfl1AFllAmC9JNgHMtmDWIzoYfhZAgMjSK\/4ITCyBs+KHX0O+xNLqMJe4ZMbaQ8tVv89XxjVs4Q97Ijia6P5x94S\/J7vJVYdzfa0LogOLmt1lNvG0Ro1PhSTwLqmCgC10POpM4BpyY637pHKSGUHHlRDUXT68la0pALORTY5PQVDsS8bRQzRvkEC4rE0yxZGa+seR95yqoWDbFBHcA7qH6wxK6xWDXeYSI\/UclLKWbHtowuEZjXAYC\/LJtVFkRxKCV91lIdMQSq6bdq3F9LLYdL+TiCrpxM2LDdJsRj+jAQXAwMAOer8Qnat2OSTMbkuMPctf3pZIpH\/sPxOx9aaFeXZGPct+pXzzgyME4qt\/Mft1CbIKAzByg7YDeDQ5g=="}
00473{"flow_id":63,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":32323,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"TGr2n\/YnxiwDYGpkCABFAABTAPMAAHUGgpLY7yZ4wKgCEAG7gPZMYE\/6GH74RIAYAPCCEwAAAQEICsPH3On\/\/zevFwMDABqhPvYLz5iU2T1bnDXI4Y7BIbGOgUS60MVNUQ=="}
@@ -576,67 +576,67 @@
00429{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":35674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0cHAAAHYGEjTY7yZ4wKgCEAG7gNxV\/kgBOJTQ14AQAPfIvQAAAQEICibnYk7\/\/zew"}
00428{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":38562,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TGr2n\/YnxiwDYGpkCABFAAA0OQUAAHYGhiOs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPAEwQAAAQEICrtH2Eb\/\/zev"}
02354{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454872,"pkt_ts_usec":47699,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"TGr2n\/YnxiwDYGpkCABFAAW+OQkAAHYGgJWs2RYKwKgCEAG7rVbtvX7\/RY++1IAQAPCMDgAAAQEICrtH2E7\/\/zevFgMDAHoCAAB2AwNCJ34CryLHwzvLQqJBIHrJFiNfsNaHdx1eR2uFmuClXyDedzf23GKLBGTQ\/F9lciqAnLFBg\/D1SaN73F0X8icbJxMBAAAuADMAJAAdACA2FiHMnasy913b\/QD8AjPxTZ158qLmXw3NSQ7+ASWrVgArAAIDBBQDAwABARcDAwtu16sEy92A95bKUEGLd6uicpFA4WHC4rLKfybgTNPAHyTLADrBTV5c4IIKEv9IFoc45M5PX8btWzY16aZOqr9LM9ELJYVm6X\/NDfYrhCBqLqj+riWcgSYwZ+a87+Wr7KJQYcBHr4lklP0JRGYmN9FY9Pz1zQQ48sT8KqOzvJ0cF\/JAIQKnwBHpMtHLaGUZ\/AtLTbEJ5MapLWvURb0h8ktlzQDAAyyVMGLxmlXKQbvRDTTGaOi5CRQCHs223cbhUa6u3log5zT0zUjjoRy17qxg5nrTzk3dUp40Fll8xM93DcVwPK7GwHM6j31lYumoMyhNNaSRd02qeAT6ELm7oNMScDTXUKa4IWeknB7YHVw0180XOo0+QRXMM9dqyeFI+4R21gSfJTJkx12AZNz7mQWhjq2j0qf3ka7sfKgu\/xYaYpYDINRThFNUN9qiNJ1Ok9kM7fotvxM7lnYPyduOq\/hH6njzgQAB1QAhgQBB\/Ywwymwk+K6ZgwkLcMdwV539FoVA9ZOdTPUZMiocSX2GFwF6Axz0ps+indbPd+e2VPfiNUqVEsdKalxJFe8oRsZHRlEQLVuC0w0ct0llQUXNoGtPNlZu5G3ZOOuyL0BB2h11I9fqm6LBkawbvW4+H\/78D+wJaqpbcA\/dQOnvblJ0fKDvN7l4RdRc\/+WUMZ1u\/B+czJbEfBrJq6OEklXn4SucgKv0r5\/8H3FCl2KQpcD6Hl6+7HBtGnr7cg9hk+x3mYa7eEmfBbmfzfihXHo++5dBPlVxTelhf1Ruizafsx2KiX52aCIQl\/c2JpK5kMJQSUv+kJKjQZAWVNk4Apg6V2Fv1FbBiDeaCCE6KOOh\/KehPJiM3lyEjZwAcY27OPZci8SOwVE5AH690QfqfV3D8SMcaIF2+8KSbTkUYTdFkrh\/N\/xI6iwNmWh1byxsv\/Hyc+yg69SOfJLNFnUanfcKem2HvTVukyYwaS8KgrHeeRF\/LVCY6K\/a0lnlR3cnuTZ\/bWCM5acFjYKYifWzzCCL8I3h0s472Efm9fUpYKUS13qSY36A+Qh6WLVsWyRDEcK9OAwLaj2aoQBMnGCknMZi5RtpIkPjWFYwBXc6f5Je3qRDSUhoGDwPgPudXuhgPwkqRtUedZ+cEsWxMRqSqmfSozG49RD7RJiX6P6n6N0WPDvH3XoXfmw9rQWLF0c0258EW0J68VUd48Mdh6\/rUomSl0OuwG6CtVc5llkzDAxm9w8yNAOt6EPYcyEpoq3nKfHxKt1w7PT2zByMG4ncV0956WhbAaWzEdxj5dxiH5LPT7E5OLyTQ8j\/RoTUi6z25S8qcGk0zEPA9GJ\/bVs9m8Uevoy1Mer667E1lotvxykUA5kife5GyuIZTUEcccJ4vcVoiCMwsDDIwobvPLzwqhKXcJIXKiKOFZslMNVEMiaJA7ge1eHItrLeXreKGEtL5GRXYRT0mSEe7vP9+IiBYsqmH5pmcEOqzh7eC0FLDfU3kJ7iRE43HMKPcTUnMAXhwXLSmQrqoi1rVwpZosz7ZlqJ7Rx3AHq9Ol4duCWaom7a3xmQ0b9RuXz3L2yhPzGA\/zvuDAQQltbhHtIv+NgZe8cEpXavPK2GyXPCvFnf9Nx3T6lkTwT8nyG1m0OdfUAY79bmd73qiCi1TsOxlGqZWD5F3kCQuQP2PydEUnDT8XKOtxhDg7M230TjFKoHV6Zy\/eZqfc\/tjHk="}
-00875{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_tot_l4_data_len":795,"flow_min_l4_data_len":63,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_tot_l4_data_len":3680,"flow_min_l4_data_len":294,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":58,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":58,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":52,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_tot_l4_data_len":6050,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_tot_l4_data_len":5736,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_tot_l4_data_len":2143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_tot_l4_data_len":1286,"flow_min_l4_data_len":32,"flow_max_l4_data_len":747,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_tot_l4_data_len":616,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_tot_l4_data_len":6249,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_tot_l4_data_len":7312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_tot_l4_data_len":5821,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_tot_l4_data_len":7490,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00440{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_tot_l4_data_len":12687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":396,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_tot_l4_data_len":3978,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_tot_l4_data_len":7356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_tot_l4_data_len":4973,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_tot_l4_data_len":1942,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_tot_l4_data_len":995,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_tot_l4_data_len":5393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_tot_l4_data_len":5369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":60,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":42,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00466{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_tot_l4_data_len":3989,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_tot_l4_data_len":4037,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_tot_l4_data_len":6541,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_tot_l4_data_len":4060,"flow_min_l4_data_len":32,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"android.googleapis.com","ja3":"629b587f706aee60430ec3879c6edb66","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1582454780612,"flow_last_seen":1582454799515,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50580,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1582454779631,"flow_last_seen":1582454799004,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454871115,"flow_last_seen":1582454871117,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":40580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454871051,"flow_last_seen":1582454871090,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32412,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1582454784313,"flow_last_seen":1582454866536,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3584,"flow_avg_l4_payload_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1582454867034,"flow_last_seen":1582454867075,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":52953,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1582454787658,"flow_last_seen":1582454801077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"17.248.185.10","dst_ip":"192.168.2.17","src_port":443,"dst_port":50702,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1582454867637,"flow_last_seen":1582454867639,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":34540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454870996,"flow_last_seen":1582454870998,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":36613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":20,"flow_first_seen":1582454869517,"flow_last_seen":1582454872012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5382,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.168.206","src_port":50384,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":22,"flow_first_seen":1582454868348,"flow_last_seen":1582454870097,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5016,"flow_avg_l4_payload_len":228,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1582454871741,"flow_last_seen":1582454872015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.74","src_port":52514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":6,"flow_first_seen":1582454871947,"flow_last_seen":1582454872047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1935,"flow_avg_l4_payload_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.22.10","src_port":44374,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1582454871804,"flow_last_seen":1582454871805,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":18379,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454868462,"flow_last_seen":1582454868503,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":47081,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":1582454871827,"flow_last_seen":1582454871827,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":32832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":11,"flow_first_seen":1582454867151,"flow_last_seen":1582454867312,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":715,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"17.253.53.201","src_port":58338,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454866407,"flow_last_seen":1582454866538,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.16","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454869361,"flow_last_seen":1582454869363,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":84,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39008,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454866448,"flow_last_seen":1582454868606,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454868597,"flow_last_seen":1582454868597,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":51430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454871496,"flow_last_seen":1582454871536,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":22850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":23,"flow_first_seen":1582454867688,"flow_last_seen":1582454868211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5497,"flow_avg_l4_payload_len":239,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32974,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":21,"flow_first_seen":1582454871042,"flow_last_seen":1582454871531,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6624,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":15,"flow_first_seen":1582454871069,"flow_last_seen":1582454872035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5325,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":21,"flow_first_seen":1582454871075,"flow_last_seen":1582454871428,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6802,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454865802,"flow_last_seen":1582454866026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454865794,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff9f:f627","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":32,"flow_first_seen":1582454871152,"flow_last_seen":1582454871906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":14,"flow_first_seen":1582454871321,"flow_last_seen":1582454871375,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3562,"flow_avg_l4_payload_len":254,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":32998,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":30,"flow_first_seen":1582454871623,"flow_last_seen":1582454871978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6380,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":18,"flow_first_seen":1582454871839,"flow_last_seen":1582454872035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4381,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":33014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1582454871823,"flow_last_seen":1582454871824,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":10677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1582454871676,"flow_last_seen":1582454871677,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":33240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":13,"flow_first_seen":1582454871094,"flow_last_seen":1582454871395,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1510,"flow_avg_l4_payload_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36834,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1582454871745,"flow_last_seen":1582454871859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":755,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36848,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1582454871772,"flow_last_seen":1582454871808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"173.194.79.114","src_port":36850,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1582454868511,"flow_last_seen":1582454870126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":16,"flow_first_seen":1582454868527,"flow_last_seen":1582454869366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4841,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.18.3","src_port":36890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1582454867323,"flow_last_seen":1582454867358,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.35.8","src_port":45863,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1582454871881,"flow_last_seen":1582454871920,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":39760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1582454871343,"flow_last_seen":1582454871383,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35689,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454867244,"flow_last_seen":1582454867284,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":35825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1582454872021,"flow_last_seen":1582454872022,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":56312,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454869626,"flow_last_seen":1582454870649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"216.239.38.120","src_port":49510,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454871058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454866803,"flow_last_seen":1582454866894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4e6a:f6ff:fe9f:f627","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":14,"flow_first_seen":1582454871553,"flow_last_seen":1582454871667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43634,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":14,"flow_first_seen":1582454871829,"flow_last_seen":1582454872026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3573,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1582454872031,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.20.76","src_port":43652,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1582454871292,"flow_last_seen":1582454871294,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":46359,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":27,"flow_first_seen":1582454871103,"flow_last_seen":1582454871450,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5661,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51928,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":24,"flow_first_seen":1582454871814,"flow_last_seen":1582454872019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":594,"flow_tot_l4_payload_len":3276,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"172.217.21.202","src_port":51944,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test"}
diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out
index 955b6d5a4..3821fa757 100644
--- a/test/results/anyconnect-vpn.pcap.out
+++ b/test/results/anyconnect-vpn.pcap.out
@@ -1,90 +1,90 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569687240992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687240,"pkt_ts_usec":992580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9657,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"}
00429{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":9749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya90\/P93oAQEACb7gAAAQEIChwNaXeyL\/p7"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569687241064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":64503,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/9D4wAAAgQFtAEDAwUBAQgKHA1prQAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":142,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":422303,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKQ8auVpuYAYEABwEgAAAQEIChwNaxEAIdNWFwMDAGnlEQRtW5ojm6mWGmuJ194WM1mCL2bpF6lVRy8fAR1ACLW+\/3MKXobzfgt7ehMx+gNqTDxT8XKtVt5pIDD++LOG\/\/cqs3TN3c3wAeYVwc4BceqqH837rqaW0xgZLYui1J36mDCwUeIDu0c="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":142,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":142,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569687241422,"flow_last_seen":0,"flow_min_l4_payload_len":110,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00583{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425059,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAFAAEAGENwKAACVCgAA4x9J3ABq5Wm5uFSkqoAYARVOTgAAAQEICgAh1UocDWsRFwMDAGlPAxZ+sivF5tip\/a4L1+WZBjanPy6dIIBwPewIOXwBBC++JWdD5zwUQ1UFmtf+v81kwZap7Lx2\/Gcfr+ckh4zK2QCeLZSVHkvGQHTulBE1960y\/ZxOXKVM8M0GvGzhWev1+K8IvZbQRCI="}
00430{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":425121,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKSqauVqJ4AQD\/zHZwAAAQEIChwNaxMAIdVK"}
-00431{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":452023,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":56,"pkt_l4_len":8,"pkt":"AQBeAAABLH6BsEqhCABGwAAgGHkAAAECIZ0KAAAB4AAAAZQEAAARCu71AAAAAGluZyBzeXNjZmc="}
-00463{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":656833,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569687241656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687241,"pkt_ts_usec":657102,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7pHczjPFACABGwAAgAABAAAEC+IcKAACV4AAA+5QEAAAWAAkE4AAA+w=="}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00448{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":68210,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8\/+wAAAgQFtAEDAwUBAQgKHA1tlQAAAAAEAgAA"}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":271196,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBefwMWpHczjPFACABGwAAgAABAAAEC5m0KAACV7\/8DFpQEAAAWAPbp7\/8DFg=="}
-00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00440{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687242,"pkt_ts_usec":476020,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBef\/\/6pHczjPFACABGwAAgAABAAAEC6YgKAACV7\/\/\/+pQEAAAWAPoE7\/\/\/+g=="}
-00472{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00447{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687243,"pkt_ts_usec":71120,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/88EwAAAgQFtAEDAwUBAQgKHA1xfQAAAAAEAgAA"}
00447{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":72384,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/84KwAAAgQFtAEDAwUBAQgKHA11ZQAAAAAEAgAA"}
00584{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687244,"pkt_ts_usec":524070,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":251202,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE1h4AAP8RQxAKAADjS0tMTM6PADUAMDW7jEkBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAQ=="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569687245251,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00474{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":288531,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUAABAADYRoh9LS0xMCgAA4wA1zo8AQIZKjEmBgAABAAEAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AAAEAAcAMAAEAAQAAADwABAglZls="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.102.91"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":295996,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABE77wAAEAR6XMKAADjS0tLS+\/LADUAMHT3LLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569687245295,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":320461,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADoRnt9LS0tLCgAA4wA178sAgY60LLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":321860,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEwHQAAEARF7sKAADjS0tMTPNyADUAMHBPLLcBAAABAAAAAAAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569687245321,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00566{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":366723,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"NDY7z3UoLH6BsEqhCABFAACVAABAADYRod5LS0xMCgAA4wA183IAgYoMLLeBgAABAAAAAQAAA3ZjbwdwYW5kaW9uBnZpYXNhdANjb20AABwAAcAYAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwB8AAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vco.pandion.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569687245379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":379692,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95WAbsTaDYfAAAAALAC\/\/\/9eAAAAgQFtAEDAwUBAQgKHA16ewAAAAAEAgAA"}
00440{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420271,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="}
00434{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"}
00663{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":420749,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95WAbsTaDYgM80W6oAY\/\/+4KQAAAQEIChwNeqI\/+VnGFgMBAKIBAACeAwM+zYdRpoPn9yYDnCChCBgRRxI\/vte+Xuq+CHHW0pF46gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1569687245379,"flow_last_seen":1569687245420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00432{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":467901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA01g8AAPcGdFEIJWZbCgAA4wG73lYzzRbqE2g2x4AQgADXxAAAAQEICj\/5WfQcDXqi"}
02390{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":469088,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc0GEAAPcGdFcIJWZbCgAA4wG73lYzzRbqE2g2x4AYgADj\/wAAAQEICj\/5WfUAAAAAFgMDAEoCAABGAwNGY8X1XGeskR+DB6H8u05zgfXUF1Em8dt25Bz9wtftVSBG2iDOKRACO\/zsXshJ8HPrVULueirBjXs51B0\/QnctfgA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_tot_l4_data_len":1823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569687245379,"flow_last_seen":1569687245469,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00434{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":469147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80ckoAQ\/\/9R7AAAAQEIChwNetI\/+Vn1"}
02384{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509672,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/KkAAPcGSA8IJWZbCgAA4wG73lYzzRySE2g2x4AYgACa1QAAAQEICj\/5Wh4AAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02380{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509677,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcxrMAAPcGfgUIJWZbCgAA4wG73lYzzSI6E2g2x4AYgAAceQAAAQEICj\/5Wh4AAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00435{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80iOoAQ\/\/9L8wAAAQEIChwNevo\/+Voe"}
00435{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":509743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80n4oAQ\/\/9GSwAAAQEIChwNevo\/+Voe"}
02322{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547931,"pkt_caplen":1459,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1459,"pkt_l4_len":1425,"pkt":"NDY7z3UoLH6BsEqhCABFAAWl6qEAAPcGWk4IJWZbCgAA4wG73lYzzSfiE2g2x4AYgAA9NgAAAQEICj\/5WkYAAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwAEDgAAAA=="}
-01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_tot_l4_data_len":6304,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":525,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+01217{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1569687245379,"flow_last_seen":1569687245547,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5904,"flow_avg_l4_payload_len":492,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
00435{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":547999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDbHM80tU4AQ\/\/9AjQAAAQEIChwNex8\/+VpG"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576189,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569687245576,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":576934,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5SAbt7aDL2a\/IufIAYEADmYwAAAQEIChwNezsCYFg6FwMDADwAAAAAAAAAA\/6MZ3K3UnwgKSolneP\/V\/Ul5QfA4HWbTZY4CgoWP92J0WcPzatLmBPNGkrfeEXB3KaiGuM="}
00900{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":596440,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"pkt":"LH6BsEqhNDY7z3UoCABFAAGKAABAAEAGwAsKAADjCCVmW95WAbsTaDbHM80tU4AY\/\/+pJAAAAQEIChwNe04\/+VpGFgMDAQYQAAECAQBsGBLkfL+pTkLuJ1AGgMIFnah3sJlpMkzTBhiBUkjpMre1KpRGE6w5Vmh9mcRB8P2Z8iG+UJzjZhjxHKRMYI5\/HPqcNr7CwGjqxrHR8FpuukXr9KhtIzqsYfPNi4pKssz\/gboMgnK\/bH57fbMLH\/rl6Qbv+fL7TA82mmjPN0WTwWVrJUZAqyTnsUmZmpz4spFwoCJ6nU1L30wm66b9gA+e\/QX872qDo2wjvVQD8nLbP3BDVlBv2d+whR0Yx96Z8M95eNSEiq2kcSvHswPGAF1s5Fy\/Sgy+cu89iEXO3Cw7LvVg0czWvLRHTMoLLnjh0xr4QdBfhIAvFyx0cdTgHvuBFAMDAAEBFgMDAED7PFToWcuLeoMQBnfP0Z9XYdJUO2BBPTVQ39crvefndrJDQ5lSDQcQkDJTJ4R9W4JY3EjS+QSozFQVTKljyW1m"}
00537{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":636713,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"NDY7z3UoLH6BsEqhCABFAAB\/iREAAPcGwQQIJWZbCgAA4wG73lYzzS1TE2g4HYAYgACVLQAAAQEICj\/5Wp8cDXtOFAMDAAEBFgMDAEDllkG1IAug8S8sqM3n3iNS1LNB5MMCdyEdPjW7AL1gumzcUkXoZwb0oNzL6RTaSsQw4gsOBWyCNoSplvvWDSXv"}
00432{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":649655,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8JAACsGUUw0JfOtCgAA4wG73lNw7dXlH\/3wH4AQAAnwQQAAAQEICgCNhOgcDXs7"}
00431{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":653537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN5AACoGyTA0JfOtCgAA4wG73lJr8i58e2gzN4AQAAkgwQAAAQEICgJgYHkcDXs7"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569687245688,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":688240,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95XAbsu53nzAAAAALAC\/\/+c+QAAAgQFtAEDAwUBAQgKHA17pgAAAAAEAgAA"}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727730,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="}
00435{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":727790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"}
00662{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":728221,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95XAbsu53n0bMwKR4AY\/\/+TfQAAAQEIChwNe8w\/+Vr5FgMBAKIBAACeAwOyKS4PH48MEPNrcANjNvEKq9DZdlehvPjBqsUvxif81gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569687245688,"flow_last_seen":1569687245728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00432{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":771463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0q70AAPcGnqMIJWZbCgAA4wG73ldszApHLud6m4AQgABJugAAAQEICj\/5WyQcDXvM"}
02388{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":772680,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXckx8AAPcGsZkIJWZbCgAA4wG73ldszApHLud6m4AYgAApPgAAAQEICj\/5WyUAAAAAFgMDAEoCAABGAwN4vf\/NcbfYKtylqOiBV41A2BnhoFA3lGbvFRkrTB002iDNy7T+dcsoL9BRLaqv07Y1HoOlVVoee6IAolvNAV3AHgA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_tot_l4_data_len":1823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569687245688,"flow_last_seen":1569687245772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1615,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","alpn":"http\/1.1"}}
00436{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":772738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwP74AQ\/\/\/D5QAAAQEIChwNe\/g\/+Vsl"}
02384{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813606,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXck3MAAPcGsUUIJWZbCgAA4wG73ldszA\/vLud6m4AYgAAN9QAAAQEICj\/5W04AAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02380{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813610,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcm2cAAPcGqVEIJWZbCgAA4wG73ldszBWXLud6m4AYgACPmAAAAQEICj\/5W04AAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00435{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwVl4AQ\/\/+97AAAAQEIChwNfCA\/+VtO"}
00435{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":813667,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwbP4AQ\/\/+4RAAAAQEIChwNfCA\/+VtO"}
02396{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851826,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc+WkAAPcGS08IJWZbCgAA4wG73ldszBs\/Lud6m4AYgAAzlQAAAQEICj\/5W3YAAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
-01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_tot_l4_data_len":6359,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":529,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+01217{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":12,"flow_first_seen":1569687245688,"flow_last_seen":1569687245851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5959,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","alpn":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01931{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851834,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPlEsAAPcGsboIJWZbCgAA4wG73ldszCDnLud6m4AYgAAaEQAAAQEICj\/5W3YAAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00435{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851921,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwg54AQ\/\/+yTgAAAQEIChwNfEY\/+Vt2"}
00435{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687245,"pkt_ts_usec":851922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53qbbMwlQoAQ\/\/+t8wAAAQEIChwNfEY\/+Vt2"}
@@ -92,29 +92,29 @@
00585{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":426088,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKSqauVqJ4AYEABWlgAAAQEIChwNfn0AIdVKFwMDAGltB4Q9ZE7MwMLqA\/qW5WJXb0PHNtCROrUMkJHw\/OP719Jk7orSFs9TCm756O7SILnP3vnstuJ4xPfpszSDO6LW4XcEaWDlp33D\/dMihM\/bvEZuYHMlrzKnK9TylV815IAQKWsax0+Dp+A="}
00581{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428911,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAJAAEAGENsKAACVCgAA4x9J3ABq5WonuFSlGIAYARXEpwAAAQEICgAh1z8cDX59FwMDAGnSDUBTzxnFH9ckBLkGJJxtZYOnnoJTcPtGWYx7fflTVjXPGvnWJvT5kELd8Dyk7N8gqq17Y91Gw5NO81U2bwcOEaqqMVk4vbp1wYVpe8wc5fgUWL03+X7m6bLc5s5fILREqdmBY0Re1KI="}
00432{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":428970,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKUYauVqlYAQD\/yxKgAAAQEIChwNfn8AIdc\/"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":891499,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"LH6BsEqhNDY7z3UoCABFAAAzrdgAAP8Ra2cKAADjS0tMTPaDADUAH3AoGBgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
-00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569687246891,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924862,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"NDY7z3UoLH6BsEqhCABFAAB+AABAADYRofVLS0xMCgAA4wA19oMAah4oGBiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAAAyoAQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjpQAAABwgAAAOEAAk6gAABUYA="}
-00650{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":924910,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"LH6BsEqhNDY7z3UoCABFAAA4dQYAAEABY0UKAADjS0tMTAMDBdoAAAAARQAAfgAAQAA2EaH1S0tMTAoAAOMANfaDAGoAAA=="}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00554{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":981850,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMDQUAAP8RwosKAADV4AAA+xTpFOkAeGDHAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmjqBDkaOyBiBDkaOyA=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569687246981,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982027,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u70AAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
-00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
-00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00584{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982031,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgLwcAAAECCvoKAADV4AAAApQEAAAXAAgE4AAA+w=="}
-00467{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687246,"pkt_ts_usec":982614,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAg0EsAAAECaLwKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
-00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":192802,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEE6tAAAP8RumAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00523{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306185,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5SAbt7aDM3a\/IufIAYEAAjBQAAAQEIChwNgekCYGB5FwMDADoAAAAAAAAABP6P4Nbq7ON\/6\/AGxu6nGVDbyH\/VD4ZdKbxLWPLfwYcNeZogzNp7TOtgIRax\/b1ZBFBO"}
00519{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":306306,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"LH6BsEqhNDY7z3UoCABFAABzAABAAEAGB9AKAADjNCXzrd5TAbsf\/fAfcO3V5YAYEADtVwAAAQEIChwNgekAjYToFwMDADoAAAAAAAAABVQHVjyN4wBxs8m+2i54okht8UdFndDP4vwtKiUe9j1LvsBOOnvld8r5j6XDOjeRQG2g"}
00432{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":340869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VN9AACoGyS80JfOtCgAA4wG73lJr8i58e2gzdoAQAAkYLwAAAQEICgJgYh4cDYHp"}
@@ -123,51 +123,51 @@
00433{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8NAACsGUUs0JfOtCgAA4wG73lNw7dXlH\/3wXoAQAAnnrAAAAQEICgCNhpAcDYHp"}
00520{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347888,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8RAACsGUQs0JfOtCgAA4wG73lNw7dXlH\/3wXoAYAAmExgAAAQEICgCNhpAcDYHpFwMDADoscoyH7e3mD0YV5j76bq2IiuIC\/UPtlNWvhrdB63Msjxv0jshQMl60ISItlU90x5KX0HExOJgiVTIM"}
00434{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":347958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fBecO3WJIAQD\/7XUAAAAQEIChwNghEAjYaQ"}
-00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596034,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
-00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569687247596,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00585{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687247,"pkt_ts_usec":596449,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00593{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":5698,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACszwUAAP8RAGsKAADV4AAA+xTpFOkAmDTQAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCaOoEORo7IGIEORo7I"}
00625{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":6173,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8YAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJo6gQ5GjsgYgQ5Gjsg="}
00467{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687248,"pkt_ts_usec":620045,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"pkt":"MzMAAAAWGIEORo7Iht1gAAAAACQAAf6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPANy0AAAAAQQAAAD\/AgAAAAAAAAAAAAAAAAD7"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00416{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoT2EAAEAGMCYKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569687249612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":612686,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAogHcAAEAG\/w8KAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631596,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJhAADcGE+O4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPO0OwAAAQEICuMU+IIcDWOU"}
00432{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687249,"pkt_ts_usec":631602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJpAADgGjuC4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvt6gAAAQEICuMU+IIcDWN7"}
00585{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687250,"pkt_ts_usec":667991,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00434{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00448{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00442{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569687246982,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569687241657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569687241452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569687247192,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569687246924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569687242476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569687242271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":177008,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"LH6BsEqhNDY7z3UoCABFAAA+HQ0AAP8R\/CcKAADjS0tMTNZDADUAKtGSphcBAAABAAAAAAAABXByaW50BnZpYXNhdANjb20AAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569687251177,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00560{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":230505,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"NDY7z3UoLH6BsEqhCABFAACPAABAADYRoeRLS0xMCgAA4wA11kMAe\/FSpheBgwABAAAAAQAABXByaW50BnZpYXNhdANjb20AAAEAAcASAAYAAQAAA4QARQZucy02MzIJYXdzZG5zLTE1A25ldAARYXdzZG5zLWhvc3RtYXN0ZXIGYW1hem9uwBkAAAABAAAcIAAAA4QAEnUAAAFRgA=="}
-00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":42,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"print.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":429955,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKUYauVqlYAYEACLWQAAAQEIChwNkfYAIdc\/FwMDAGnBoRpnSakDpbbtOO1oFQFMvTatXfQ13YvHj0oLfGJl9JpWlsgauBFeoA7+JlmFrD8o9ELaYLgs9RsfLxNGWM8Fap769GXl+TuJe1SDZT7YsErPd9vuIVPm60SZhhH5VOfnzBgNpzDOaYk="}
00582{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432009,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFANAAEAGENoKAACVCgAA4x9J3ABq5WqVuFSlhoAYARVo3QAAAQEICgAh2TMcDZH2FwMDAGnME9q5WBaoTxO4eWqtx9PaFo02Fc3nfPNp8pF7vSt+swHbhi70yI0wIgY4irdjppeso7+tYJgVpxy3Dq7WX32l1ccQW5M5AFGSshc12Yls9xl2CLpSmG1mEsWpkHkZoEdQqG0j2ZVcEiM="}
00432{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687251,"pkt_ts_usec":432069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKWGauVrA4AQD\/ya4QAAAQEIChwNkfgAIdkz"}
00585{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687253,"pkt_ts_usec":740196,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687255,"pkt_ts_usec":989610,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3enMAAP8RnsgKAADjS0tMTOMrADUAI5+UjycBAAABAAAAAAAABXNsYWNrA2NvbQAAAQAB"}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569687255989,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00460{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18232,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"NDY7z3UoLH6BsEqhCABFAABHAABAADcRoSxLS0xMCgAA4wA14ysAM\/asjyeBgAABAAEAAAAABXNsYWNrA2NvbQAAAQABwAwAAQABAAAAIwAEY1YinA=="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Slack","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"slack.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"99.86.34.156"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569687256018,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":18732,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGqeMKAADjY1YinN5YAbvhhxKGAAAAALAC\/\/8SKwAAAgQFtAEDAwUBAQgKHA2jzgAAAAAEAgAA"}
00443{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50128,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UoLH6BsEqhCABFAAA8AABAAO4G++ZjViKcCgAA4wG73lg6Ai8I4YcSh6AScSDdlgAAAgQFtAQCCApVvxWbHA2jzgEDAwg="}
00431{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50218,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxKHOgIvCYAQEBVtUAAAAQEIChwNo+1VvxWb"}
01132{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":50357,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"LH6BsEqhNDY7z3UoCABFAAI5AABAAEAGp+oKAADjY1YinN5YAbvhhxKHOgIvCYAYEBXjtQAAAQEIChwNo+1VvxWbFgMBAgABAAH8AwP2lJ2Zoyt+6aEF0xJ\/aUe6evUZainhAnYJBIQSx1\/tWSCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscgAcmprAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZfKygAA\/wEAAQAAAAAOAAwAAAlzbGFjay5jb20AFwAAACMAsP2UHl3lVE0zaDd6PBof23w+FD8mx8e3Phvd1tTaMrFhi9+Td+e1NJsUbpbP9uRq3tuE3zRBdy5hybNsk8MXE51kvVMK0eOntSrDahuD42sFCkzVH\/S0PgpsSfI8A+giwf+frrZktkI4KRg3hCDL3AxOeo+p2XlfkQM+Sl1864masTeQczQS\/W7RtMRlmXf4940V2idU49yugeM67ej0Z92wy18bTBX2me+5KJfbuIBfAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAiamgAdABcAGAAbAAMCAAKamgABAAAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569687256018,"flow_last_seen":1569687256050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00432{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":92301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0OpdAAO4GwVdjViKcCgAA4wG73lg6Ai8J4YcUjIAQAHZ65gAAAQEIClW\/FZ8cDaPt"}
00634{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93242,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"NDY7z3UoLH6BsEqhCABFAADGOphAAO4GwMRjViKcCgAA4wG73lg6Ai8J4YcUjIAYAHZtAgAAAQEIClW\/FZ8cDaPtFgMDAFoCAABWAwN+R7Nshs\/ehq2TNPP3JdaT01yY+pmTbRbKEq72Sa92tyCNfN3\/DfWLQ8HungFwV0GCEYkIdCKU0GMUI0bm8cDscsAvAAAO\/wEAAQAAEAAFAAMCaDIUAwMAAQEWAwMAKDYMjtJfzeRO5qVw0Kt+Z2fVyY9j0seokftrrwCnACaby9QeanHF8og="}
-00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_tot_l4_data_len":875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569687256018,"flow_last_seen":1569687256093,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Slack","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"slack.com","ja3":"d8dc5f8940df366b3a58b935569143e8","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00431{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGqe8KAADjY1YinN5YAbvhhxSMOgIvm4AQEBFqkAAAAQEIChwNpBZVvxWf"}
00503{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93486,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"LH6BsEqhNDY7z3UoCABFAABnAABAAEAGqbwKAADjY1YinN5YAbvhhxSMOgIvm4AYEBHMjAAAAQEIChwNpBdVvxWfFAMDAAEBFgMDACgAAAAAAAAAAEkqWW9vMe9wu\/mI5boJymXWXb6Kk058wzXcVuC6\/gkE"}
00560{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687256,"pkt_ts_usec":93779,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"LH6BsEqhNDY7z3UoCABFAACRAABAAEAGqZIKAADjY1YinN5YAbvhhxS\/OgIvm4AYEBF7QgAAAQEIChwNpBdVvxWfFwMDAFgAAAAAAAAAATNLTuPHYyyTgb1ohdK2597G2vdYRI46G8U4WDCMBl2ySdHDtlVf62S4aRN6D1TdJgZ56yZhvPyeVW5\/6m4IoUR0g6x+NYIy7XNmMXQx9rbv"}
@@ -189,36 +189,36 @@
00433{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687258,"pkt_ts_usec":21922,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5TAbsf\/fCdcO3WY4AQD\/6i5QAAAQEIChwNq5EAjZD9"}
00555{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":269679,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"AQBeAAD7GIEORo7ICABFAACMyOAAAP8RBrAKAADV4AAA+xTpFOkAeGDGAAAAAAADAAAAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMgAEAACkFoAAAEZQAEgAEAA4AmzqBDkaOyBiBDkaOyA=="}
00583{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":270105,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AHgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QB4u7wAAAAAAAMAAAAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00715{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":297056,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"GIEORo7INDY7z3UoCABFAAEEsFAAAP8R9OAKAADjCgAA1RTpFOkA8ADKAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABQRTFAtUktFUlVSLU9TWCAoOSnADMAyACGAAQAAAHgADQAAAADbaQRuRFBJwCHAMgAQgAEAABGUACIWcnBCQT0zNzoyRTo0Nzo2RDoxODo1NApycFZyPTE1Mi4xEUxQLVJLRVJVUi1PU1ggKDkpDF9kZXZpY2UtaW5mb8AcABAAAQAAEZQAIBRtb2RlbD1NYWNCb29rUHJvMTEsMQpvc3h2ZXJzPTE3wFgAAYABAAAAeAAECgAA4w=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00585{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":679362,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00417{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAo3\/wAAEAGn4oKAADjuBk4Td5VAFBor5ytCT1EPVAQEAlzBQAA"}
00416{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":694131,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoLkYAAEAGUUEKAADjuBk4Td40AFBjyKiAGk9l7lAQEAA5gAAA"}
00432{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":710445,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0uJtAADgGjt+4GThNCgAA4wBQ3lUJPUQ9aK+croAQAOvGjAAAAQEICuMVH+AcDWN7"}
00432{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687259,"pkt_ts_usec":715492,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0NJlAADcGE+K4GThNCgAA4wBQ3jQaT2XuY8iogYAQAPOM2AAAAQEICuMVH+UcDWOU"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293660,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAACGIEORo7ICABGAAAgPP4AAAEC\/QIKAADV4AAAApQEAAAXAAgE4AAA+w=="}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":293706,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7GIEORo7ICABGAAAgpGYAAAEClKEKAADV4AAA+5QEAAAWAAkE4AAA+w=="}
-00470{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00595{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294255,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsLkIAAP8RoS4KAADV4AAA+xTpFOkAmDTPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4QABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00627{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":294693,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AJgR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QCYj8UAAAAAAAMAAQAAAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAwAAQhfaG9tZWtpdMAcAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAhAAwAAcAMAAwAAQAADhAAFBFMUC1SS0VSVVItT1NYICg5KcAMAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569687260469,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":469013,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"LH6BsEqhNDY7z3UoCABFAABaAABAAEAGj+kKAADjI8l8Cd5OAbsN94yysPePlIAYEACJPAAAAQEIChwNtRgGQIQkFwMDACEAAAAAAAAAA3VW6sM2CHDT\/Oy2e1MF3bFmEvrGQamtRJY="}
00432{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":489093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0Bk0AAHoGj8IjyXwJCgAA4wG73k6w94+UDfeM2IAQAPROCgAAAQEICgZA6j4cDbUY"}
00476{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521340,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"NDY7z3UoLH6BsEqhCABFAABUBk4AAHoGj6EjyXwJCgAA4wG73k6w94+UDfeM2IAYAPS6xgAAAQEICgZA6l4cDbUYFwMDABsAAAAAAAAABNY2znqkTRgDlTqE63fXsBbyQmM="}
00433{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":521410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGkA8KAADjI8l8Cd5OAbsN94zYsPePtIAQD\/8+iwAAAQEIChwNtUwGQOpe"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569687260591,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":591875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGxu4KAADjCCVgwt5ZEL8UzEFoAAAAALAC\/\/+sRwAAAgQFtAEDAwUBAQgKHA21kQAAAAAEAgAA"}
00450{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"NDY7z3UoLH6BsEqhCABFAABAE+xAAPEGAgIIJWDCCgAA4xC\/3lkWZHs7FMxBabASECzSsgAAAgQFZAEDAwIBAQgKeKa\/ZBwNtZEEAgAA"}
00432{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEFpFmR7PIAQEAgSNwAAAQEIChwNta14pr9k"}
00637{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":620743,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"LH6BsEqhNDY7z3UoCABFAADIAABAAEAGxmYKAADjCCVgwt5ZEL8UzEFpFmR7PIAYEAijywAAAQEIChwNta14pr9kFgMBAI8BAACLAwMD1fZJLnU2wbbg4p6uNb1F++uvR9\/ndJiHrNU+USXu3wAADsAwwCjAFMAJwBMAMwD\/AQAAVAALAAQDAAECAAoADAAKAB0AFwAeABkAGAAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAg=="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1569687260591,"flow_last_seen":1569687260620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00435{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":655570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0E\/NAAPEGAgcIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAQBDAdWQAAAQEICnimv4YcDbWt"}
02212{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667151,"pkt_caplen":1374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1374,"pkt_l4_len":1340,"pkt":"NDY7z3UoLH6BsEqhCABFAAVQE\/lAAPEG\/OQIJWDCCgAA4xC\/3lkWZHs8FMxB\/YAYBDDc3gAAAQEICnimv5AcDbWtFgMDAF0CAABZAwMaAXyK9KQuuGETu8cld9JV+FK0SGZRa7CR6lzcsmkkxyBhHCxWTv40pUYrPrn3znrxjXuLJZACYw3f0K4HrVcFssAwAAAR\/wEAAQAACwAEAwABAgAXAAAWAwMDPAsAAzgAAzUAAzIwggMuMIICFqADAgECAgg\/CBLhDwTMuTANBgkqhkiG9w0BAQsFADBXMRswGQYDVQQDDBI4MTM4NDU2NTcwMDMzMzk4MzgxDzANBgNVBAoMBkNvZGU0MjENMAsGA1UECwwEVEVTVDELMAkGA1UECAwCTU4xCzAJBgNVBAYTAlVTMB4XDTE5MDgyOTAwMTI0MFoXDTE5MTAwODAwMTI0MFowVzEbMBkGA1UEAwwSODEzODQ1NjU3MDAzMzM5ODM4MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM61Q49djLnJMOmkIF0ll0F\/YDwr0sJF\/HQcSR5fSdw7EdXfDbna6x6jdhxE3Qn9gu2zsKj9DdoI9x8pHf25SLIxWtWtVXw64g9Cp6Akq6ue6XUldOaLIbFwakz0yvQNQHH4InGpGhOI0r\/JKwLXHTVarq8xZxz1qic9dGtps1TA1LnKt1ghcAC9UIhSSffTCRd3Hsuy9tV+rAge2xQcSFu5jpM3jMoIhFZ64uHnyNVlB\/PvazPdCIc\/da6TNg09oFSH\/qcSJW25ei7RChN\/n+1Y9ZZlpthcccET79wBa7HyRx3NeKMXBXMjRpZ5jHAXjnoyo9EGU5NYfQfrfADRdd0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAaWilMnLLGQ2gXstlhQSHl0BxH9M1oZmy0zk+yCz0sx7sp4N4CzNfdXnzRNI1nOOjvmDOnoK\/rjhx5CHC5BKV8qXQgywjLv6TpvGuwR9ek3LBZZJgG6pIgEiCQy4fR4d0eonjwAPqjoL3IN6\/RLFeqp9yodmk0KnOElyg7\/70JrdDnAIUs\/fmFwqS5e9nnGF6lD+dFubpkplRTiN\/2sgrSN5o5wq\/jZw9\/jv07RNxswZ5b\/Xd\/m0seIx6S1aem4yFFpkW0ITMdscZToISSQJH21J82w7v+XjWmRg8mKpjueRaAmkWA0zA0X3yGm4a1zZlebgdFsP+1JTYS0\/4f7yL4hYDAwEsDAABKAMAHSCydU7QFYlE7imdhqa9AKGI8iMYpyccCRVwdMVtjxjGHAgEAQAOARPwkWMmg0R+fWFN8NRAQUSZPBqQ+HjdO1UI\/nFIojvvLcZsbxvEaJchrGKOwGbSsdK7ByPKFgf4xrxfWdx2lNjk0e9lLlSj20fPMXT0xD27Ai3JNC25GENTyTLxYdyFsANrA8WgEjo\/iRVH7lEYalpVjfagu0RxdU3ZUg2ouUrRkO8szgI+\/GQEOrUzC8+QTDEY9Md++ju1GWO07jJJf\/OlJg4H696Xgf+QXL0iAe5WMgucOeJioRMeA4H9BQGTv5XmpzqP\/6JX0BzGjc\/BbpIF2EPv\/T+uQX1X6A8Kw18ZHBNrHocnkRYb3DnvtB5Jzn0dqWmkTJauRfEbYX3tFgMDADoNAAA2AwECQAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgAAFgMDAAQOAAAA"}
-01071{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1340,"flow_avg_l4_data_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
+01082{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1569687260591,"flow_last_seen":1569687260667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1308,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","ndpi": {"flow_risk": {"6":"Self-signed Certificate","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e3adec914f3893f18136762f1c0d7d81","ja3s":"e54965894d6b45ecb4323c7ea3d6c115","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","issuerDN":"CN=813845657003339838, O=Code42, OU=TEST, ST=MN, C=US","fingerprint":"86:2A:47:EF:00:68:79:60:7F:94:E2:91:6F:E0:38:82:37:8A:8E:2E"}}
00432{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":667209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEH9FmSAWIAQD98MVwAAAQEIChwNtdp4pr+Q"}
02051{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":671440,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"LH6BsEqhNDY7z3UoCABFAATfAABAAEAGwk8KAADjCCVgwt5ZEL8UzEH9FmSAWIAYEACreAAAAQEIChwNtd54pr+QFgMDAzwLAAM4AAM1AAMyMIIDLjCCAhagAwIBAgIIXsE90hYB3ZMwDQYJKoZIhvcNAQELBQAwVzEbMBkGA1UEAwwSODIwMDYzNDY3NTA1NTk2OTQ1MQ8wDQYDVQQKDAZDb2RlNDIxDTALBgNVBAsMBFRFU1QxCzAJBgNVBAgMAk1OMQswCQYDVQQGEwJVUzAeFw0xOTA5MjcxNzA4NTRaFw0xOTExMDYxODA4NTRaMFcxGzAZBgNVBAMMEjgyMDA2MzQ2NzUwNTU5Njk0NTEPMA0GA1UECgwGQ29kZTQyMQ0wCwYDVQQLDARURVNUMQswCQYDVQQIDAJNTjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFYNZF26UjF+3XnUaEzq2uKuy6YckvZ5n1IhrUyH4zqRE0C5g\/BsCIvfkEE6TyupFQ4zMe+ASrbcfCFfmBXZn9EyO2y6o\/sbnd8HsF6Z3UUaKSHlnlxaRxv\/MedjLtwG3XZYZEuxpfay\/LAaGwVqFVP5hmYDEfjOT5Kd74arwkz4pyderrG697sUGTrgCw8fop3RymVwWeulqkHzdgm7wmvL9lgHGTFqzcYpnLz+ZplicVnyMy+m80fxpxNgKXAZDHsqfWX9O9dJf4wZXeSCnnj1yopzf5V0fJrs8CZKxE3rFS0er1ulRBi99xbJBI+1qCBTWPfbh7D6ri04FydMXJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBADsP0enuURs3RrXlAMTbQYO4wqobE2iXacBBrHaoyhepONSqo9LJeswi9sR0mW4u8pQnbYOlqS86pZKJPoTQxLjJStpwWaMckOoZFubAOcmKEg5Fv169c+tWMJLBEOBJdKU+YhDNjTpdiszbuzRV1IHnW5omZjzz8Xlq\/EtTVq5IFr01PSptO6Lm620bDTyzWb8zuoR+aK9zZ6MQSmapuxkhs6wI45NLCWPcDd+k2WXJTNEg0Ni9b9vWGyMSDvTr5jaKQL3SfcBzMGcs+ugkma3W7YyJos32zARkMqALlPxyp6ikFzYWStXBSoncv9kD5Q\/7BjaQOWjN+t4i3EVf\/eQWAwMAJRAAACEgEWtqWgfGgf7lXlCr+zcvsN4Qgt8lveG0WfR54DQFHDMWAwMBCA8AAQQIBAEAsWffEwMziaZMvL09fBehHeaMPCBPy4zOPiqMony+6Xiwx9LtzC8X8PPN4kszu6J82D28ZzGdS0R89EmGsI54fPcJb4xdJXHhRNCGJvvagm0RXsKnXJu5TU04COJlg2eWmUZFQVDXUl8lzLNpSqlDx60dYVxm\/ehx3oZkHZVz\/SX31RUux10n+FZ9kNjiYSOsnpXHHqbA1wtdNL02a3oAPazweDlxd5JS+FooA\/KVtL\/VXaGFNFM\/iUgYzUBE8FRRITZ6ZcwQjyrEKyQYJ+JZV8Z8cG3OgQJ2rRH2lrIPbNOPiuvdzqYfnVZRBXfOC9\/\/VUqYskdiTTJ69u\/\/fmCexhQDAwABARYDAwAoYHY4Vgfv4X8IKyXCBRgV3egp4WmNBU+ZqlfDhPXew9ZtGk+\/14sACw=="}
00433{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":700295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FQFAAPEGAPkIJWDCCgAA4xC\/3lkWZIBYFMxGqIAQBVoSBwAAAQEICnimv7YcDbXe"}
@@ -228,50 +228,50 @@
00434{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":733797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0FUNAAPEGALcIJWDCCgAA4xC\/3lkWZICLFMxIZIAQBckPaQAAAQEICnimv9ccDbX9"}
00991{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735527,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"pkt":"NDY7z3UoLH6BsEqhCABFAAHPFVhAAPEG\/wYIJWDCCgAA4xC\/3lkWZICLFMxIZIAYBcklXQAAAQEICnimv9kcDbX9FwMDAZY7dB3xmvKsFbpSGU5Z6+l16NuHUzEljEDzWYBP7ZWZDOZTGoZRttKdAB5qRWccWgycvaITMQnNtQn+P8N1Kg9uCikre4MryKs805hwnDbcg75H4yMsR7wuQFgTs3ao0XS512SZmYqnk5GfxR8tkIzviZsmpjxotnNqt1hJbce9L+zE12\/gtwBS\/A0RRY+P7kulc8bdxkXBQAHdXgFrz+qkBT2QjVQ49lNTuiWwY4CPM3DxJovwKuacISr23vMoR08eScybdrbrMeWidZ3LeIoKrXIMea0uS8qmp8H74Xl0uHJSlt+tNY\/eOZOUMz3Rh3Rure\/HjO1mQn073Oj0H1Xou7mBj6XUhyzMVXfmTDCt6Qbnwx13I6w1ibQVWsSRt+UVC7JZQYtyT+rTqV3dImDfT89H3ss5j1zUag41AW2R1hw9XRp9WLwHdLVjvIjtxtfr2OF2abRO1GDx6aJHg4pEb6MyIgcACB8qRr\/m29KEEUlyOt5y5XgodVs9fr8EAuCcviQ8QI47peMxp0wW+xrCU3vLaizy"}
00435{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":735584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGxvoKAADjCCVgwt5ZEL8UzEhkFmSCJoAQD\/MDhAAAAQEIChwNtht4pr\/Z"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751472,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"LH6BsEqhNDY7z3UoCABFAABXLuMAAP8R6zkKAADjS0tLS\/3MADUAQ49kJ8YBAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":751544,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"LH6BsEqhNDY7z3UoCABFAABT7b0AAP8RLGMKAADjS0tLS\/CtADUAP6A2wl8BAAABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1569687260751,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00483{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":767487,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXAABAADoRnx1LS0tLCgAA4wA1\/cwAQw7hJ8aBgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwAzEyOAIyOAMxNzIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.128.28.172.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687260,"pkt_ts_usec":772510,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"NDY7z3UoLH6BsEqhCABFAABTAABAADoRnyFLS0tLCgAA4wA18K0APx+zwl+BgwABAAAAAAAAAmxiB19kbnMtc2QEX3VkcAEwATABMAIxMAdpbi1hZGRyBGFycGEAAAwAAQ=="}
-00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":199,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lb._dns-sd._udp.0.0.0.10.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":34277,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPSYUAAP8R0J8KAADjS0tLS9+tADUAOxFSxpgBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQAB"}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1569687261034,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":35342,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPv9YAAP8RWk4KAADjS0tLS86PADUAO9rj8yQBAAABAAAAAAAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAAB"}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1569687261035,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":50458,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1360AjBq8xpiBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAAQABwCMABgABAAACzwBFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00578{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":54561,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"NDY7z3UoLH6BsEqhCABFAACgAABAADoRntRLS0tLCgAA4wA1zo8AjF9N8ySBgwABAAAAAQAADnZjYWNyYXNocGxhbjAxAmhxBGNvcnAGdmlhc2F0A2NvbQAAHAABwCMABgABAAADVABFBm5zLTYzMglhd3NkbnMtMTUDbmV0ABFhd3NkbnMtaG9zdG1hc3RlcgZhbWF6b27AKgAAAAEAABwgAAADhAASdQAAAVGA"}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":240,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":207,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vcacrashplan01.hq.corp.viasat.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569687260293,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.2","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569687259297,"flow_last_seen":0,"flow_min_l4_payload_len":232,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.213","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":317606,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB23NkAAP8R8swKAADV4AAA+xTpFOkAYmA6AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAyAAcAMAAyAAQhfYWlycGxhecASAAyAAcAoAAyAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
-00571{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00583{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":208,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1569687246981,"flow_last_seen":1569687261317,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00554{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":318027,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":152,"pkt_l4_len":98,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AGIR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QBiuzAAAAAAAAQAAAAAAAEFX3Jhb3AEX3RjcAVsb2NhbAAADIABwAwADIABCF9haXJwbGF5wBIADIABwCgADIABAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
-00582{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00594{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_first_seen":1569687246982,"flow_last_seen":1569687261318,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00585{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":436307,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKX0auVrcYAYEABPswAAAQEIChwNuMkAIdsnFwMDAGkquNBHUc+ChscXrUtRgCMYZjRJVOaQbTlODQaeY5amqm\/GjUiqzcV41wRmui04E3RqPf8DL0M0lIjsIbM19o\/m74SCL79srfXk80arhJGRlFMGMhcIdyIAYFhKQmR+T8ve+Kap9JlvJLM="}
00585{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438389,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"NDY7z3UopHczjPFACABFAgCiFAVAAEAGENgKAACVCgAA4x9J3ABq5WtxuFSmYoAYARVPTQAAAQEICgAh3RwcDbjJFwMDAGk+N0ALJRzLafZuvouf5uUs5D\/U0tzAEaeM6atOPCHqQy7mpl9mt8bavf1mAJLusCbLzj5NJ+78e5L239EIVOnh5iS5h\/9VQOkeND9rF9xLGZBWJl3sT7DKnf23IQJYNAQU58BplPorNjw="}
00433{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":438465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAldwAH0m4VKZiauVr34AQD\/xubQAAAQEIChwNuMsAId0c"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":485620,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPCDAAAP8REfUKAADjS0tLS+dWADUAO8LFIuMBAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQAB"}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1569687261485,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":486499,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"LH6BsEqhNDY7z3UoCABFAABPXz4AAP8RuuYKAADjS0tLS965ADUAO3SWXq8BAAABAAAAAAAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAAB"}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1569687261486,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":501464,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA151YAb4gYIuOBgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAAQABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00543{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687261,"pkt_ts_usec":506389,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"NDY7z3UoLH6BsEqhCABFAACDAABAADoRnvFLS0tLCgAA4wA13rkAbznpXq+BgwABAAAAAQAADUxQLVJLRVJVUi1PU1gEaHNkMQJjYQdjb21jYXN0A25ldAAAHAABwBoABgABAAAcIAAoBmRuczEwMcAiCGRuc2FkbWluwCIBawJtAAAcIAAADhAACTqAAAAcIA=="}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":226,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"lp-rkerur-osx.hsd1.ca.comcast.net","num_queries":1,"num_answers":1,"reply_code":3,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00522{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":136971,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"AQBeAAD7GIEORo7ICABFAAB2VcMAAP8ReeMKAADV4AAA+xTpFOkAYmE7AAAAAAAEAAAAAAABBV9yYW9wBF90Y3AFbG9jYWwAAAwAAcAMAAwAAQhfYWlycGxhecASAAwAAcAoAAwAAQAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
00554{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":137295,"pkt_caplen":152,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":152,"pkt_l4_len":98,"pkt":"MzMAAAD7GIEORo7Iht1gBoi5AGIR\/\/6AAAAAAAAABAg+RTq8FVL\/AgAAAAAAAAAAAAAAAAD7FOkU6QBivDEAAAAAAAQAAAAAAAEFX3Jhb3AEX3RjcAVsb2NhbAAADAABwAwADAABCF9haXJwbGF5wBIADAABwCgADAABAAApBaAAABGUABIABAAOAJs6gQ5GjsgYgQ5Gjsg="}
00585{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":751378,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1569687262866,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866211,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBvT9S8yS4AYEAD8CwAAAQEIChwNvkTkAuRNDi2ISqeLxJuBXTMcrWivnw=="}
00741{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866958,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"LH6BsEqhNDY7z3UoCABFAAEWAABAAEAGYIgKAADjot4rmd4xAbu3QBvj9S8yS4AYEACf4gAAAQEIChwNvkTkAuRNC2FzYPnyOhEIxzv9HgAAAQAAAAAABf0HAAAAAAAAAFYAAAAAABO4pgAAAfJ1AAAAGzdZOcQAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAAEjynVwAAAAAACz6PAAAAAABmQ+JAyo3EgU6LQwAAAAAAAAAAAAAACK7duMsBAQAAAAELYXNg+fI6EQjHO\/0eAAABAAAAAAAF\/QcAAAAAAAAAVgAAAAAAE7imAAAB8nUAAAAbN1k5xAAAAAAAAAAAAAAAAAAAAAAAAAAAbAAAAAASPKdXAAAAAAALPo8AAAAAAAAAAQ=="}
00456{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687262,"pkt_ts_usec":866959,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"LH6BsEqhNDY7z3UoCABFAABEAABAAEAGYVoKAADjot4rmd4xAbu3QBzF9S8yS4AYEABLrAAAAQEIChwNvkTkAuRNchVP5mraMf5Tgny7zRbHZQ=="}
@@ -293,22 +293,22 @@
00434{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":656518,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8ZAACsGUUg0JfOtCgAA4wG73lNw7dZjH\/3w3oAQAAmN4QAAAQEICgCNmHIcDcjU"}
00433{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":657346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VOJAACoGySw0JfOtCgAA4wG73lJr8i76e2gz9oAQAAm+YQAAAQEICgJgdAIcDcjU"}
00585{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687265,"pkt_ts_usec":823334,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1569687267035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":35097,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LH6BsEqhNDY7z3UoCABFAABAAABAAEAGwVUKAADjCCVmW95hAbsGNnxMAAAAALAC\/\/9wfAAAAgQFtAEDAwUBAQgKHA3OcQAAAAAEAgAA"}
00440{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77459,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"NDY7z3UoLH6BsEqhCABFAAA47VEAAPcGXQsIJWZbCgAA4wG73mHOEwD1BjZ8TZASgABbLAAAAgQFtAEBCAo\/+a5OHA3OcQ=="}
00435{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":77535,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnxNzhMA9oAQ\/\/\/yvgAAAQEIChwNzpw\/+a5O"}
00643{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":79534,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"LH6BsEqhNDY7z3UoCABFAADMAABAAEAGwMkKAADjCCVmW95hAbsGNnxNzhMA9oAY\/\/8upgAAAQEIChwNzp0\/+a5OFgMBAJMBAACPAwPfZ7WFHXaroFdgiVVapTjr1SY5uqwiS6qMuNeoYJyORwAALMAwwCzAKMAkAJ8AawA5AJ0APQA1wC\/AK8AnwCMAngBnADMAnAA8AC8ACgD\/AQAAOgALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":32,"flow_max_l4_data_len":184,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1569687267035,"flow_last_seen":1569687267079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00433{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":124375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA09J0AAPcGVcMIJWZbCgAA4wG73mHOEwD2BjZ85YAQgABx9gAAAQEICj\/5rn0cDc6d"}
02388{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125585,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcl8UAAPcGrPMIJWZbCgAA4wG73mHOEwD2BjZ85YAYgAAZSQAAAQEICj\/5rn4AAAAAFgMDAEoCAABGAwMS1dWiLhj30tQHka2clXwBubFYxsGakjI80hE4lMe1viAg22YFfj1x2h1EMb7b7Zs3Eyk9zl0UXNWLnU3ttyeOkAA1ABYDAxYMCwAWCAAWBQAHTzCCB0swggYzoAMCAQICEEzL1X2WMv84AAAAAFDtNsswDQYJKoZIhvcNAQELBQAwgboxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBMMUswHhcNMTkwMjA1MjE0MzU4WhcNMjEwMjA1MjIxMzU3WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIQ2FybHNiYWQxFDASBgNVBAoTC1ZpYXNhdCBJbmMuMR0wGwYDVQQDDBQqLnBhbmRpb24udmlhc2F0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDLELlHVBK6u0Ebo80pCb8efwbCh\/TMouznnqPBNL9tRNwaGpyybhpzuk1Zsi17UHvzdRRi5jC1ABXEEMLDXnTmlJa8rTgrPFp+bDbQ0hUdzWHHqPeU2HtG04mySjEkEvEPPwEnXQ9WDwkLnm26wRjipUJ8im1nDlikggUMLPlTTSKVgq3SBlVGLStLOLbOoOETJwpjr5YBSUNc5kkHfCAlc5qW4vLVkqFKFRcjyNxUOZxbBYtQaUddL0tuM4H9CfrWrqh9LLWx1xsOqHp+nS51DEO+pTwRR6wUyq6bNJMs+PbLCQs17zxAOp51PnIcZcczqbjMDGIgELfxksap7yECAwEAAaOCA5owggOWMDMGA1UdEQQsMCqCFCoucGFuZGlvbi52aWFzYXQuY29tghJwYW5kaW9uLnZpYXNhdC5jb20wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABaL+5ngAAAAQDAEgwRgIhAKxxvM9C5gPV1Owy4M\/Dyzx7kBpwyzXQc7wZ0mGBR9fOAiEA\/A\/FJxuASzJphQeYq5ltFnIhSeTPRbPItlQigQZkkDwAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWi\/uZ35AAAEAwBHMEUCIQDNq3daAkrYxX6VQ9b6GqComWKfQou0IMsDnXGHMLZiSAIgEnWktUcQyNRmFvjh+POicMbVzLnjlwLij\/eoPMW67IwAdgBWFAaaL9fC7NP14b1Esj7HRna5vJkRXMDvlJhV1onQ3QAAAWi\/uZ5ZAAAEAwBHMEUCICH\/OekR\/g8Jdz2Y7Qc3us2XTMZ75OBnWYjV61BMMxsGAiEAtIuo7AamIHqnZDAbI1eeM3ogDSbRJ5hn12CgIZCempMAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWi\/uZ5NAAAEAwBHMEUCIHkJ3QKOEfzyT\/nCAMVpK04S4woe8rsVcpjzIhSsRoSsAiEA324g9fbsnh\/O\/XKfcV4vnykRYq8iMzykYAT+PPtA1MEwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMEsGA1UdIAREMEIwNgYKYIY="}
-00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_tot_l4_data_len":1808,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1569687267035,"flow_last_seen":1569687267125,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1600,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00436{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":125658,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMGnoAQ\/\/\/sIAAAAQEIChwNzso\/+a5+"}
02385{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165921,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXc\/u0AAPcGRcsIJWZbCgAA4wG73mHOEwaeBjZ85YAYgACJBAAAAQEICj\/5rqUAAAAASAGG+mwKAQUwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwCAYGZ4EMAQICMGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQvbDFrLWNoYWluMjU2LmNlcjAfBgNVHSMEGDAWgBSConB03bxTP8971PfNf6dgxgpMvzAdBgNVHQ4EFgQUmi0VGuslo\/WsT4R+rNKNmFj1ZL0wCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAKdBE7Z+\/QgBIjgKdoPLQP+aFD6KtOZlOiHey04vsERDOADqNdu8unwz6N0izPw2l\/n+UoPoV6GrQkCjChT893I2Smv8Vj1mVR9ZW1nnkmVR9MJr+xC5Iw99s1Ntq2M7Knro\/38pMlTbzDdIcgeyuFS+2iILYDpWpJ7TdQfZH5XVAvdIk3ZnRxtGd7Lcy\/jVbSYIGFTi\/TuA8Bv82FbHnQSqp4ezyTgTKuHmdSMry0pP20Z6nga4Vd2slNm7KOIghxUpnvRfKqVpF04m1QFzXE34qRtPEU80S1e6wlIl8ZcZrL\/KcU+88mv0xL3dpgVjURuISIJE90mwZCDqslRXPTgAFEjCCBQ4wggP2oAMCAQICDA7pTMMAAAAAUdN3hTANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMTUxMDA1MTkxMzU2WhcNMzAxMjA1MTk0MzU2WjCBujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANo\/ltBNuS9E59s5XptQ7lylYdpBZ1MJqgCajld\/KWvbx+EhJKo60I1HI9LtchbwkSHSXbe4S6iDj7eRMmjPziWTLLJ9l8j+wbQXugmeA5CTe3xJgyJoipveR8MxmHoufUAL0u8+07KMqo9Iqf8A6ClYBve2k1qUcyYmrVgO5UK41epzeWRoUyW4hM+Ueq4GRQyja03Qxr7qGKQ28JKyuhyIjzpSf\/debYMcnfAf5cPW3aV4kj2wbSzqyc+UQRlxRGi6RzwE6V26PvA19xW2nvIuFR4\/R8jIOKdzRV1NsDuxjhcpN+rdBQEiu5Q2Ko1bNf5TGS8IRsEqsxpiHU4r2RsCAwEAAaOCAQwwggEIMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEAMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5lbnRydXN0Lm5ldC9nMmNhLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQc="}
02381{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":165925,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcuXcAAPcGi0EIJWZbCgAA4wG73mHOEwxGBjZ85YAYgAAKqAAAAQEICj\/5rqUAAAAAAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5uZXQvcnBhMB0GA1UdDgQWBBSConB03bxTP8971PfNf6dgxgpMvzAfBgNVHSMEGDAWgBRqciZ60B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAOdWOmINhyCxj03AdGTDL9gmszGnVydw3QfIyD+90w1j2eCcJNAiVki\/X37ij\/Q6B6aSc0z9NaCsVMQoVzFIEk+iTUMPZseLhaLc6CXTxNFgKP3eYQLjmaP9d5MhGxeyB18mCGFyDznHYvL+smQKT25SYhNKcprX+XLvwSq8hrMI\/SSRn1i6Oz6zMZBUYcuVsd9NSqLndjawASjUZ1G9zo3Xva2TD4I2DEqGK5w6GTdi0IBu+aqWMS2hm4yvHWAv7VhDUkfsd0zFYEIxE43V7EJ21OLH2qsqBZGzo8uKBVZdRf+HCJ1CiyTxbAEP2W7nVpfz\/B1BAZwewVfC3fm4tzAAFAzCCBP8wggPnoAMCAQICBFHTQEQwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDA5MjIxNzE0NTdaFw0yNDA5MjMwMTMxNTNaMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs\/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKKD\/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJHzuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLERcWMl3oGayoRn6kKbkg7b9vUERlC948Hv\/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHnt361U7EzIuVtz3A8Gvrim2e2g\/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaOCAQ8wggELMA4GA1UdDwEB\/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH\/AgEBMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9yb290Y2ExLmNybDA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0Lm5ldC9DUFMwHQYDVR0OBBYEFGpyJnrQHu995ztpUdRsjZ+QEmarMB8GA1UdIwQYMBaAFGiQ5GekplOAx4ZmpPH3S0P7hL1tMA0GCSqGSIb3DQEBCwUAA4IBAQBpM4P8KHpvfe+dVevFPnqddbPMwzg22TSiKGgY6h5p073n0HfauACDTkrPb9HxwSI="}
00437{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMMRoAQ\/\/\/mKQAAAQEIChwNzvI\/+a6l"}
00437{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":166003,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMR7oAQ\/\/\/ggQAAAQEIChwNzvI\/+a6l"}
02396{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203156,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"NDY7z3UoLH6BsEqhCABFAAXcsBcAAPcGlKEIJWZbCgAA4wG73mHOExHuBjZ85YAYgACupAAAAQEICj\/5rs0AAAAAP3Tk95hJnpu2nuHbmHctVjSxqDzZ\/cDNx78FA9QCxfHlxtoIpRPHYiMR0WEwHWCERe95qMYmk6S3zTS4acUT9pGzyUVzdraS9nYKW+EDR7fpKUyRMiM3Spw12Hj9HR\/kg4kkgK23+c\/kXaXUccSFW3Af2z8cAesaRSYxFMxlv2feyswzZeVBkdc3vkEalp3mipedp86sTpo9vQGgatlPIgCLRNVpYnsu68y655J9aWc9\/Lh83kGH0GnqugoYehqVQ7N5cSh2baH7V0rsTcgOEAAElTCCBJEwggN5oAMCAQICBEVrUFQwDQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjExMjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcGA1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNlMR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCViLDJ\/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr\/4JLya0+3kzbkIBQPwmKhADsMAo9GM37\/SpZmiOVFyxFnh9uQ3ltDFyY\/kinxSNHXF79bucetPZoRdGGg1uiio2x4ymA\/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ\/brLNq1bw5VHHKenp\/kN19HYDZgbtZJsIR\/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAwga0wDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjExMjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdLQ\/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4bCFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7ck7UsdvQlvtUWhksDAj3sryFqJ1\/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0YMUc8CJEjXFHrMgayembmgBgE\/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9g0JzUouqu6cpz\/VkHApN0byqrJ8q0P9\/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKrjPvr\/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO\/NatLR7rtoLkDh174EdZtL3V3A2s7\/8KK9xJYVbE\/4ef1q0PBYDAwSWDQAEjgIBQAAOBgEGAwUBBQMEAQQDAgEEeQB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiY="}
-01229{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_tot_l4_data_len":6344,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":528,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
+01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1569687267035,"flow_last_seen":1569687267203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5944,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"c9f0b47c9805f516e6d3900cb51f7841","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","issuerDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}
01932{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203162,"pkt_caplen":1181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1181,"pkt_l4_len":1147,"pkt":"NDY7z3UoLH6BsEqhCABFAASPwEcAAPcGhb4IJWZbCgAA4wG73mHOExeWBjZ85YAYgACVIAAAAQEICj\/5rs0AAAAAiZPyLGQBGRYGdmlhc2F0MRQwEgYKCZImiZPyLGQBGRYEY29ycDESMBAGCgmSJomT8ixkARkWAmhxMRowGAYDVQQDExFWaWFzYXQgU0hBIDIgQ0EtMwB1MHMxEzARBgoJkiaJk\/IsZAEZFgNjb20xFjAUBgoJkiaJk\/IsZAEZFgZ2aWFzYXQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRIwEAYKCZImiZPyLGQBGRYCaHExGjAYBgNVBAMTEVZpYXNhdCBTSEEgMiBDQS0yAHUwczETMBEGCgmSJomT8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBnZpYXNhdDEUMBIGCgmSJomT8ixkARkWBGNvcnAxEjAQBgoJkiaJk\/IsZAEZFgJocTEaMBgGA1UEAxMRVmlhc2F0IFNIQSAyIENBLTEAITAfMR0wGwYDVQQDExRWaWFzYXQgU0hBIDIgUm9vdCBDQQDBMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgC9MIG6MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLALMwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQC4MIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMw4AAAA="}
00437{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMXloAQ\/\/\/ajAAAAQEIChwNzxc\/+a7N"}
00437{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":203247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95hAbsGNnzlzhMb8YAQ\/\/\/WMQAAAQEIChwNzxc\/+a7N"}
@@ -316,26 +316,26 @@
00433{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":322277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0VONAACoGySs0JfOtCgAA4wG73lJr8i76e2g0NYAQAAm17AAAAQEICgJgdaIcDc9q"}
00521{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323332,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzVORAACoGyOs0JfOtCgAA4wG73lJr8i76e2g0NYAYAAmvvAAAAQEICgJgdaIcDc9qFwMDADr34AORZ\/mswQrOpB6saZ5OTdZLtVApkLcu7nvjHL4ZxtsMSNce\/N0YGd0SLA8DL+PkoKYgkm4G3tEm"}
00435{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":323402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGCA8KAADjNCXzrd5SAbt7aDQ1a\/IvOYAQD\/6llQAAAQEIChwNz40CYHWi"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3eiXsRe4AREAA75QAAAQEIChwN0AsAIb2q"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1569687267453,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":453153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAjsAAAAQEIChwN0AsGksZO"}
00432{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":454953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0sX1AAEAGc88KAACVCgAA4x9I3iGJexF7JTyt34ARAPMpJgAAAQEICgAh33UcDdAL"}
00432{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":455039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld4hH0glPK3fiXsRfIAQEAAaFwAAAQEIChwN0A0AId91"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":477342,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"LH6BsEqhNDY7z3UoCABFAAA5Pw0AAP8R2y0KAADjS0tLS9+lADUAJfklv50BAAABAAAAAAAAB21vemlsbGEDb3JnAAABAAE="}
-00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1569687267477,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":481295,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABG89oAAP8RJlMKAADjS0tLS\/PbADUAMlit7RYBAAABAAAAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQAB"}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1569687267481,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":482821,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnyhkAAEAGtC4KAADjuBk4Td40AFBjyKiBGk9l7oAYEABAcgAAAQEIChwN0CfjFR\/lR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_tot_l4_data_len":443,"flow_min_l4_data_len":20,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":307,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt?ipv4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00840{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":483863,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiADsAAEAGfhIKAADjuBk4Td5VAFBor5yuCT1EPYAYEAk5BQAAAQEIChwN0CjjFR\/gR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_tot_l4_data_len":438,"flow_min_l4_data_len":20,"flow_max_l4_data_len":334,"flow_avg_l4_data_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1569687249612,"flow_last_seen":1569687267483,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":60,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"ConnectivityCheck"},"http": {"hostname":"detectportal.firefox.com","url":"detectportal.firefox.com\/success.txt","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko\/20100101 Firefox\/69.0"}}
00461{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":493135,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"NDY7z3UoLH6BsEqhCABFAABJAABAADoRnytLS0tLCgAA4wA136UANZKzv52BgAABAAEAAAAAB21vemlsbGEDb3JnAAABAAHADAABAAEAAAAaAAQ\/9dDD"}
-00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
+00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mozilla.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"63.245.208.195"}}
00671{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":500594,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"NDY7z3UoLH6BsEqhCABFAADkAABAADoRnpBLS0tLCgAA4wA189sA0PLn7RaBgAABAAUAAAAADGRldGVjdHBvcnRhbAdmaXJlZm94A2NvbQAAAQABwAwABQABAAAAIwAeDGRldGVjdHBvcnRhbARwcm9kBm1vemF3cwNuZXQAwDYABQABAAAADgAoDGRldGVjdHBvcnRhbAdmaXJlZm94BmNvbS12MgllZGdlc3VpdGXAT8BgAAUAAQAAUnoAFAVhMTA4OQRkc2NkBmFrYW1hacBPwJQAAQABAAAACQAEuBk4UsCUAAEAAQAAAAkABLgZODM="}
-00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":50,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
+00698{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":354,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"detectportal.firefox.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.56.82"}}
00947{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507386,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJpAADcGEmG4GThNCgAA4wBQ3jQaT2XuY8iptIAYAPx2eQAAAQEICuMVPlUcDdAnSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":507460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKm0Gk9nboAQD\/TwCAAAAQEIChwN0D\/jFT5V"}
00947{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":512411,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJxAADgGjV64GThNCgAA4wBQ3lUJPUQ9aK+d3IAYAPOwEAAAAQEICuMVPlkcDdAoSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
@@ -343,71 +343,71 @@
00847{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":514776,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKm0Gk9nboAYEAAfMQAAAQEIChwN0EXjFT5VR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00947{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539325,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJtAADcGEmC4GThNCgAA4wBQ3jQaT2duY8iq54AYAQRzgAAAAQEICuMVPnUcDdBFSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00434{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":539385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKrnGk9o7oAQD\/TtGAAAAQEIChwN0FzjFT51"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1569687267677,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":677665,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"LH6BsEqhNDY7z3UoCABFAABb+tIAAEAGzQsKAADjNApz0t4vAbv\/h0Qcal\/PeIAYEACaRQAAAQEIChwN0OQwQN34FwMDACIAAAAAAAAAAwpFwR2TiNxP0z\/UzUIiCJ75mBQ8ToLTjZaT"}
00484{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713276,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"NDY7z3UoLH6BsEqhCABFAABXHWRAAOsGv300CnPSCgAA4wG73i9qX894\/4dEQ4AYAHaKdwAAAQEICjBBJbkcDdDkFwMDAB60PFmzucBfQdusHvXD0\/WWAM1faNPMBMLPArfIzdE="}
00435{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":713359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA09sQAAEAG0UAKAADjNApz0t4vAbv\/h0RDal\/Pm4AQD\/4TQgAAAQEIChwN0QUwQSW5"}
00432{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":764612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAihAAAAQEIChwN0TcGksZO"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":797747,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0xfMAAEAGCEEKAADjETmQdN42FGcxHLjbZd23sYAREACqlQAAAQEIChwN0VbVpVJo"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1569687267797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799414,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"LH6BsEqhNDY7z3UoCABFAAA72BEAAP8RQicKAADjS0tLS+u1ADUAJxlWhe8BAAABAAAAAAAAA3d3dwVhcHBsZQNjb20AAAEAAQ=="}
-00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":799516,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"LH6BsEqhNDY7z3UoCABFAABGM9oAAP8R5lMKAADjS0tLS8d0ADUAMjjn9V4BAAABAAAAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQAB"}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1569687267799,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":800486,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"LH6BsEqhNDY7z3UoCABFAABOdGcAAP8Rpb4KAADjS0tLS+i+ADUAOr+fEJABAAABAAAAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAE="}
-00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1569687267800,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00848{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":802917,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKrnGk9o7oAYEAAbSAAAAQEIChwN0VvjFT51R0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":805043,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LH6BsEqhNDY7z3UoCABFAABHoW4AAP8ReL4KAADjS0tLS\/rBADUAMyCpE94BAAABAAAAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQ=="}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1569687267805,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":812729,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9PxQAAP8R2yIKAADjS0tLS8sWADUAKZk5eJ4BAAABAAAAAAAABG1haWwGdmlhc2F0A2NvbQAAAQAB"}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1569687267812,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00647{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":814292,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"NDY7z3UoLH6BsEqhCABFAADSAABAADoRnqJLS0tLCgAA4wA167UAvhHNhe+BgAABAAQAAAAAA3d3dwVhcHBsZQNjb20AAAEAAcAMAAUAAQAABRUAGwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AMArAAUAAQAAFoEALwN3d3cFYXBwbGUDY29tB2VkZ2VrZXkDbmV0C2dsb2JhbHJlZGlyBmFrYWRuc8BBwFIABQABAAAE7QAZBWU2ODU4BWRzY2U5CmFrYW1haWVkZ2XAQcCNAAEAAQAAAAcABLgbc6E="}
-00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":39,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"www.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.27.115.161"}}
00948{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818781,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJxAADcGEl+4GThNCgAA4wBQ3jQaT2juY8isGoAYAQ1ulQAAAQEICuMVP44cDdFbSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00779{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818785,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"NDY7z3UoLH6BsEqhCABFAAE1AABAADoRnj9LS0tLCgAA4wA16L4BIf0XEJCBgAABAAoAAAAACTEtY291cmllcgdzYW5kYm94BHB1c2gFYXBwbGUDY29tAAABAAHADAAFAAEAAElSAC0BMRpjb3VyaWVyLXNhbmRib3gtcHVzaC1hcHBsZQNjb20GYWthZG5zA25ldADAPgAFAAEAAACOACIUdXMtc2FuZGJveC1jb3VyaWVyLTQKcHVzaC1hcHBsZcBbwHcAAQABAAAALgAEEbyKR8B3AAEAAQAAAC4ABBG8hEjAdwABAAEAAAAuAAQRvIbKwHcAAQABAAAALgAEEbyKSMB3AAEAAQAAAC4ABBG8iLrAdwABAAEAAAAuAAQRvIU9wHcAAQABAAAALgAEEbyHusB3AAEAAQAAAC4ABBG8ikY="}
-00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":58,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
+00706{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.sandbox.push.apple.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.188.138.71"}}
00434{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":818856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td40AFBjyKwaGk9qboAQD\/ToPgAAAQEIChwN0WrjFT+O"}
00603{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":819793,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"NDY7z3UoLH6BsEqhCABFAACwAABAADoRnsRLS0tLCgAA4wA1x3QAnFOt9V6BgAABAAMAAAAACTEtY291cmllcgRwdXNoBWFwcGxlA2NvbQAAAQABwAwABQABAAAYQwAlATESY291cmllci1wdXNoLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA2AAUAAQAAABcAHQ91cy1zdy1jb3VyaWVyLTQKcHVzaC1hcHBsZcBLwGcAAQABAAAAFwAEETmQdA=="}
-00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":50,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"1-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.116"}}
00506{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820816,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"NDY7z3UoLH6BsEqhCABFAABp+WRAADUGn5oROZB0CgAA4xRn3jZl3bexMRy43IAYARnThAAAAQEICtWmYt0cDdFWFQMDADDYQSIj3jkYV2ViIYpeEoheM2HYhDINcbYvi9M0lKa7pHKjHCudSoLIJkInalaEjXI="}
00416{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":820879,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00432{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0+WVAADUGn84ROZB0CgAA4xRn3jZl3bfmMRy43IARARmo0AAAAQEICtWmYt0cDdFW"}
00416{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":821826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LH6BsEqhNDY7z3UoCABFAAAoAABAAEAGjkAKAADjETmQdN42FGcxHLjcAAAAAFAEAAAmugAA"}
00603{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":824238,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"NDY7z3UoLH6BsEqhCABFAACyAABAADoRnsJLS0tLCgAA4wA1+sEAnlIeE96BgAABAAMAAAAACjI0LWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAcAMAAUAAQAASVMAJgIyNBJjb3VyaWVyLXB1c2gtYXBwbGUDY29tBmFrYWRucwNuZXQAwDcABQABAAAAGwAdD3VzLXN3LWNvdXJpZXItNApwdXNoLWFwcGxlwE3AaQABAAEAAAAuAAQROZAU"}
-00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":51,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":382,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"24-courier.push.apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.57.144.20"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":831823,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"LH6BsEqhNDY7z3UoCABFAAA3jBMAAP8RjikKAADjS0tLS8J1ADUAI5qcqN8BAAABAAAAAAAABWFwcGxlA2NvbQAAAQAB"}
-00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1569687267831,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1569687267841,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":841212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0KKIAAEAG11YKAADjCCVnxN4nAbsMJdDwho1uAoAR\/\/8iBAAAAQEIChwN0X94psIw"}
00502{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847611,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"NDY7z3UoLH6BsEqhCABFAABnAABAADoRnw1LS0tLCgAA4wA1wnUAU2BUqN+BgAABAAMAAAAABWFwcGxlA2NvbQAAAQABwAwAAQABAAAE+gAEEbJgO8AMAAEAAQAABPoABBGOoDvADAABAAEAAAT6AAQRrOAv"}
-00659{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":35,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
+00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"apple.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.96.59"}}
00468{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":847625,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"NDY7z3UoLH6BsEqhCABFAABNAABAADoRnydLS0tLCgAA4wA1yxYAOeBneJ6BgAABAAEAAAAABG1haWwGdmlhc2F0A2NvbQAAAQABwAwAAQABAAAAPAAECCVnxA=="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":41,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mail.viasat.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"8.37.103.196"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":851029,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LH6BsEqhNDY7z3UoCABFAAA9LvsAAP8R6zsKAADjS0tLS+LaADUAKWM2zl4BAAABAAAAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQAB"}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1569687267851,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":865600,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYAABAADoRnpxLS0tLCgAA4wA14toAxJ5uzl6BgAABAAcAAAAAA3d3dwdvdXRsb29rA2NvbQAAAQABwAwABQABAAAAzQAUB291dGxvb2sJb2ZmaWNlMzY1wBjALQAFAAEAAABWABkHb3V0bG9vawdtcy1hY2RjBm9mZmljZcAYwE0ABQABAAAHZQAKB3NqYy1lZnrAVcByAAEAAQAAADAABChh3iLAcgABAAEAAAAwAAQ0YAOCwHIAAQABAAAAMAAEKGHdcsByAAEAAQAAADAABDRgEgI="}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":41,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
+00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.outlook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.97.222.34"}}
00433{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":881275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0KOdAAPMG5BAIJWfECgAA4wG73ieGjW4CDCXQ8YAQTdZYOgAAAQEICninPiMcDdF\/"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1569687267988,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":988009,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0c9UAAEAG69IKAADjSn3FvN4qAbvQnkCVU\/eYD4AREABMcgAAAQEIChwN0hGhDZLg"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687267,"pkt_ts_usec":991361,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKY+gAAAERWl4KAADj7\/\/\/+u+QB2wAtlB4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00431{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":26329,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0lz4AAGoGnmlKfcW8CgAA4wG73ipT95gP0J5AloAQAP3kSQAAAQEICqEOCgscDdIR"}
00847{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":53551,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"LH6BsEqhNDY7z3UoCABFAAFnAABAAEAGPkgKAADjuBk4Td40AFBjyKwaGk9qboAYEAAWhQAAAQEIChwN0lLjFT+OR0VUIC9zdWNjZXNzLnR4dD9pcHY0IEhUVFAvMS4xDQpIb3N0OiBkZXRlY3Rwb3J0YWwuZmlyZWZveC5jb20NClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwLjEzOyBydjo2OS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY5LjANCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
00838{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":57131,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"LH6BsEqhNDY7z3UoCABFAAFiEVkAAEAGbPQKAADjuBk4Td5VAFBor53cCT1FvYAYEAAVugAAAQEIChwN0lXjFT5ZR0VUIC9zdWNjZXNzLnR4dCBIVFRQLzEuMQ0KSG9zdDogZGV0ZWN0cG9ydGFsLmZpcmVmb3guY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMC4xMzsgcnY6NjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC82OS4wDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00947{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":73855,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0NJ1AADcGEl64GThNCgAA4wBQ3jQaT2puY8itTYAYARVp4wAAAQEICuMVQI0cDdJSSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":77677,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA45bY75ACCk+7SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00946{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86320,"pkt_caplen":450,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":450,"pkt_l4_len":416,"pkt":"NDY7z3UoLH6BsEqhCABFAAG0uJ1AADgGjV24GThNCgAA4wBQ3lUJPUW9aK+fCoAYAPyo7AAAAQEICuMVQJgcDdJVSFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiA4DQpMYXN0LU1vZGlmaWVkOiBNb24sIDE1IE1heSAyMDE3IDE4OjA0OjQwIEdNVA0KRVRhZzogImFlNzgwNTg1ZjQ5Yjk0Y2UxNDQ0ZWI3ZDI4OTA2MTIzIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClNlcnZlcjogQW1hem9uUzMNClgtQW16LUNmLUlkOiBJcS1oTGRhcmRnZUVmOTBhU3dsQlZkRDJUbjFzY29hcnBlQlMtbUtNWmdLNG1lWGlWTEpHTUE9PQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG5vLXN0b3JlLCBtdXN0LXJldmFsaWRhdGUNCkRhdGU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCnN1Y2Nlc3MK"}
00433{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":86394,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP3sKAADjuBk4Td5VAFBor58KCT1HPYAQD\/QiegAAAQEIChwN0nDjFUCY"}
00432{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":176732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAg9AAAAQEIChwN0scGksZO"}
@@ -418,24 +418,24 @@
00434{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0y8dAACsGUUc0JfOtCgAA4wG73lNw7dZjH\/3xHYAQAAmAkwAAAQEICgCNmxAcDdNF"}
00521{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339498,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"NDY7z3UoLH6BsEqhCABFAABzy8hAACsGUQc0JfOtCgAA4wG73lNw7dZjH\/3xHYAYAAl3vQAAAQEICgCNmxAcDdNFFwMDADoscoyH7e3mEaLj9szbkWqqmEqDlelG3R9AcZ4tJ3XN64I60DPQ058YYyhPfpVvx4TCC6nlGIJyOZ\/k"}
00435{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":339560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0x1cAAEAGgLcKAADjNCXzrd5TAbsf\/fEdcO3WooAQD\/5wPAAAAQEIChwN02gAjZsQ"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":376485,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj5RAAEARlIwKAACXCgAA4wds75ABPzXfSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":559574,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKeUwAAAERRPoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1569687268559,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1569687268746,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00536{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":746220,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"LH6BsEqhNDY7z3UoCABFAAB\/CAgAAEAR+QMKAADjCCVmW9NbAbsAa+4DFgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AAAIAOQEA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":747509,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48Oh4MsCCjG3SFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjggR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":787837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAenAAAAQEIChwN1R8GksZO"}
00464{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":789706,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"NDY7z3UoLH6BsEqhCABFAABMkFUAAPcRuegIJWZbCgAA4wG701sAOF8pFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFGKRvPEadu7FYjYhjKxM1MN8EkEd"}
00564{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":790107,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"LH6BsEqhNDY7z3UoCABFAACTQPwAAEARv\/sKAADjCCVmW9NbAbsAf9nwFgEAAAAAAAAAAAEAagEAAF4AAQAAAAAAXgEA7YnEaZ6hZImmhCHr0JUfCBctWVvywlB71JRnxl7mI4ogm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8UYpG88Rp27sViNiGMrEzUw3wSQR0AAgA5AQA="}
00656{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":836308,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"NDY7z3UoLH6BsEqhCABFAADYxf0AAPcRg7QIJWZbCgAA4wG701sAxPjiFgEAAAAAAAAAAAEAUgIAAEYAAQAAAAAARgEALUKlqOqp+9af1GcxChS4QXaLYgzyjV+CMRoD1u04EzMgm7BxyKgEQGFPg0eizi7+AVQMevU74i4erAc5hyngJu8AOQAUAQAAAAAAAAAAAgADAQACFgEAAAEAAAAAAAAAQD8tH8NZsi0zp5KqIEac2zndlXephyhcvDs6uk0ts\/C74lCOOKMP7cl2vA0Fdivj2Vu+P3CxRTCYlcHvZh6mgEM="}
00528{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":837070,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"LH6BsEqhNDY7z3UoCABFAAB5ttQAAEARSj0KAADjCCVmW9NbAbsAZSHLFAEAAAAAAAAAAAIAAwEAAhYBAAABAAAAAAAAAEB13T5lRIw++YjQQ3Qkoyswag+IeQZwzjpfo12O7l1Xcp3w\/UpkhLeZaAWDRsXTNSL+R32oH3qj2v2CyHpmZrLD"}
00573{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":850848,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZG00AAEAR5aQKAADjCCVmW9NbAbsAhSBxFwEAAAEAAAAAAAEAcJAp8TP5L9aIAzjZZH+8T1estbsDYKyCkdkhe7+UIBVsNqyejSSkPEU7ONW2iokPbFMvxRUeCNaw\/RBrJMSNbsKC3EuMrgGykf+U9Wpz8EHY6SCoix9y+LnSEFWosh2QWwehPeVhCuFY\/xnfwN3j9dY="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":56,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1569687268746,"flow_last_seen":1569687268850,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":672,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
00573{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873245,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZ5VoAAEARG5cKAADjCCVmW9NbAbsAhSuuFwEAAAEAAAAAAAIAcIroYcS3\/qjlLAJ5hVgNA24x6wrtxtbMm99puobFdI66KucUrXLCm27CpIExufGVwJVqf2dvO9CVHHSBup6yXTyxuJs4l0NHL\/QivpVOwo7lEHdJCThBbAs8Wx+IU5suN7IEDaosnRxSWsC2AMv9YUg="}
00575{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":873381,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZfpEAAEARgmAKAADjCCVmW9NbAbsAhXmZFwEAAAEAAAAAAAMAcDzvmPLtB4V20+vs+Pcr7Wx7iMFNIgDukd6WG4O587T8V7dCFBodz9a9s7xVrA3ERlsVnzccWHU51YiWyOFePh6Fd3h3UTko6Na4xxDhX5uGJ0Xd7XUu\/x6Q+cY0WD4xtC+shdVmC\/8lPH\/\/WjPzLa4="}
00702{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":881674,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"NDY7z3UoLH6BsEqhCABFAAD54UEAAPcRaE8IJWZbCgAA4wG701sA5YSXFwEAAAEAAAAAAAEA0LaEehtTZv8b2CA+a2IlOUc+Bvbq1lzEFnHAPMXuajrB85eB1MKeGzW3VNDRQWRwwuxJPQ2mMwZHhCjKnrmWW5KS2qzAK+qFSujGSVdmMGee\/7OHdHST79gz89tgHJxfuyBQfhXTys1q1mdON9ThMXarq+ChjYzv1lGnip9ves8v5LamEWf6T4IWeU4PuLdBbrziDg0Q71+FePE\/DDBfGX+DD21\/jcgPrUfagJMgvz+9HTnoOO9cEAORFAF9xsHc0X3haTRRd5VwQoJZPeiTVCM="}
@@ -446,25 +446,25 @@
00554{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882274,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"LH6BsEqhNDY7z3UoCABFAACJOdIAAEARxy8KAADjCCVmW9NbAbsAddrCFwEAAAEAAAAAAAQAYKkcQctvWgGrvdO\/PrYGLApIwYpWUheFZjMVzufzIRAcKjKNazs\/06ngcZiPVgUqhcX84s760euS8M3xIrDvpCKFzKSAjWoh4pylx4pwlItuT3UmopW385XbWJ+K1TtL4A=="}
00573{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":882458,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"LH6BsEqhNDY7z3UoCABFAACZw3kAAEARPXgKAADjCCVmW9NbAbsAhfRMFwEAAAEAAAAAAAUAcAguDkNAFEpmjyLWL5ulA2X4vi7kL33Wj73almtX8jli+B8jjvqpmzC3x2W92joDZtuks\/EfbirzWU8ByPtXmm6aWQxjNAvCnmxuCC3eMGkqUoaqRSBLGTcN8OkSIzWZ47yqEaMjNbN1k4XgAqL+7M8="}
00586{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687268,"pkt_ts_usec":895259,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1569687269094,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":94582,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg7WwAAEAReH0KAADjCgAAAc1zAMAADBGuCAEDEA=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00819{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":223066,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj6FAAEARlH8KAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1569687269223,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00640{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":559943,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKtRAAAAERCTYKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1569687269561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":561873,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"pHczjPFANDY7z3UoCABFAABAAABAAEAGJUEKAADjCgAAld56H0gqQcOaAAAAALAC\/\/9B2AAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1569687269562,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":562299,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl957H3yCfYpEAAAAALAC\/\/8iuwAAAgQFtAEDAwUBAQgKHA3YAQAAAAAEAgAA"}
00444{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563567,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3UopHczjPFACABFAAA8AABAAEAGJUUKAACVCgAA4x9I3np8gG11KkHDm6ASOJBP2wAAAgQFtAQCCAoAIeBIHA3YAQEDAwY="}
00432{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcObfIBtdoAQEBWnIAAAAQEIChwN2AIAIeBI"}
00771{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":563819,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"pHczjPFANDY7z3UoCABFAAEvAABAAEAGJFIKAADjCgAAld56H0gqQcObfIBtdoAYEBUO5QAAAQEIChwN2AIAIeBIR0VUIC9zc2RwL2RldmljZS1kZXNjLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE0OTo4MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
-00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_tot_l4_data_len":399,"flow_min_l4_data_len":32,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
+00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1569687269561,"flow_last_seen":1569687269563,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":251,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.149","url":"10.0.0.149:8008\/ssdp\/device-desc.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
00432{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UopHczjPFACABFAAA0jT9AAEAGmA0KAACVCgAA4x9I3np8gG12KkHEloAQAPO1RgAAAQEICgAh4EkcDdgC"}
00444{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567040,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA8AABAAEAGJUMKAACXCgAA4x983nsgu1W7gn2KRaASqbA3ZQAAAgQFtAQCCAoGktWOHA3YAQEDAwc="}
00433{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYpFILtVvIAQEBX\/yAAAAQEIChwN2AUGktWO"}
00759{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":567320,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"2DE0IHf7NDY7z3UoCABFAAEmAABAAEAGJFkKAADjCgAAl957H3yCfYpFILtVvIAYEBU8YgAAAQEIChwN2AUGktWOR0VUIC9kaWFsL2RkLnhtbCBIVFRQLzEuMQ0KSG9zdDogMTAuMC4wLjE1MTo4MDYwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTWFjaW50b3NoOyBJbnRlbCBNYWMgT1MgWCAxMF8xM182KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNzcuMC4zODY1LjkwIFNhZmFyaS81MzcuMzYNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KDQo="}
-00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":32,"flow_max_l4_data_len":274,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
+00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1569687269562,"flow_last_seen":1569687269567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.0.0.151","url":"10.0.0.151:8060\/dial\/dd.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.90 Safari\/537.36"}}
02034{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570064,"pkt_caplen":1261,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1261,"pkt_l4_len":1227,"pkt":"NDY7z3UopHczjPFACABFAATfjUBAAEAGk2EKAACVCgAA4x9I3np8gG12KkHEloAYAPNXUQAAAQEICgAh4EkcDdgCSFRUUC8xLjEgMjAwIE9LDQpBcHBsaWNhdGlvbi1VUkw6aHR0cDovLzEwLjAuMC4xNDk6ODAwOC9hcHBzLw0KQ29udGVudC1MZW5ndGg6MTA3OQ0KQ29udGVudC1UeXBlOmFwcGxpY2F0aW9uL3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4NCjxyb290IHhtbG5zPSJ1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2UtMS0wIj4NCiAgPHNwZWNWZXJzaW9uPg0KICAgIDxtYWpvcj4xPC9tYWpvcj4NCiAgICA8bWlub3I+MDwvbWlub3I+DQogIDwvc3BlY1ZlcnNpb24+DQogIDxVUkxCYXNlPmh0dHA6Ly8xMC4wLjAuMTQ5OjgwMDg8L1VSTEJhc2U+DQogIDxkZXZpY2U+DQogICAgPGRldmljZVR5cGU+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOmRldmljZTpkaWFsOjE8L2RldmljZVR5cGU+DQogICAgPGZyaWVuZGx5TmFtZT5DaHJvbWVjYXN0MTY5OTwvZnJpZW5kbHlOYW1lPg0KICAgIDxtYW51ZmFjdHVyZXI+R29vZ2xlIEluYy48L21hbnVmYWN0dXJlcj4NCiAgICA8bW9kZWxOYW1lPkV1cmVrYSBEb25nbGU8L21vZGVsTmFtZT4NCiAgICA8VUROPnV1aWQ6NzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2PC9VRE4+DQogICAgPGljb25MaXN0Pg0KICAgICAgPGljb24+DQogICAgICAgIDxtaW1ldHlwZT5pbWFnZS9wbmc8L21pbWV0eXBlPg0KICAgICAgICA8d2lkdGg+OTg8L3dpZHRoPg0KICAgICAgICA8aGVpZ2h0PjU1PC9oZWlnaHQ+DQogICAgICAgIDxkZXB0aD4zMjwvZGVwdGg+DQogICAgICAgIDx1cmw+L3NldHVwL2ljb24ucG5nPC91cmw+DQogICAgICA8L2ljb24+DQogICAgPC9pY29uTGlzdD4NCiAgICA8c2VydmljZUxpc3Q+DQogICAgICA8c2VydmljZT4NCiAgICAgICAgPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQogICAgICAgIDxzZXJ2aWNlSWQ+dXJuOmRpYWwtbXVsdGlzY3JlZW4tb3JnOnNlcnZpY2VJZDpkaWFsPC9zZXJ2aWNlSWQ+DQogICAgICAgIDxjb250cm9sVVJMPi9zc2RwL25vdGZvdW5kPC9jb250cm9sVVJMPg0KICAgICAgICA8ZXZlbnRTdWJVUkw+L3NzZHAvbm90Zm91bmQ8L2V2ZW50U3ViVVJMPg0KICAgICAgICA8U0NQRFVSTD4vc3NkcC9ub3Rmb3VuZDwvU0NQRFVSTD4NCiAgICAgIDwvc2VydmljZT4NCiAgICA8L3NlcnZpY2VMaXN0Pg0KICA8L2RldmljZT4NCjwvcm9vdD4NCg=="}
00433{"flow_id":65,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":570148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pHczjPFANDY7z3UoCABFAAA0AABAAEAGJU0KAADjCgAAld56H0gqQcSWfIByIYAQD\/ChmAAAAQEIChwN2AgAIeBJ"}
00432{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":573371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3Uo2DE0IHf7CABFAAA0gDJAAEAGpRgKAACXCgAA4x983nsgu1W8gn2LN4AQAVwNkAAAAQEICgaS1Y4cDdgF"}
@@ -473,29 +473,29 @@
01958{"flow_id":66,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579863,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"NDY7z3Uo2DE0IHf7CABFAASogDRAAEAGoKIKAACXCgAA4x983nsgu1Z6gn2LN4AYAVwcKQAAAQEICgaS1Y8cDdgNPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8cm9vdCB4bWxucz0idXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlLTEtMCI+DQo8c3BlY1ZlcnNpb24+DQo8bWFqb3I+MTwvbWFqb3I+DQo8bWlub3I+MDwvbWlub3I+DQo8L3NwZWNWZXJzaW9uPg0KPGRldmljZT4NCjxkZXZpY2VUeXBlPnVybjpyb2t1LWNvbTpkZXZpY2U6cGxheWVyOjEtMDwvZGV2aWNlVHlwZT4NCjxmcmllbmRseU5hbWU+RXhwcmVzczwvZnJpZW5kbHlOYW1lPg0KPG1hbnVmYWN0dXJlcj5Sb2t1PC9tYW51ZmFjdHVyZXI+DQo8bWFudWZhY3R1cmVyVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tYW51ZmFjdHVyZXJVUkw+DQo8bW9kZWxEZXNjcmlwdGlvbj5Sb2t1IFN0cmVhbWluZyBQbGF5ZXIgTmV0d29yayBNZWRpYTwvbW9kZWxEZXNjcmlwdGlvbj4NCjxtb2RlbE5hbWU+Um9rdSBFeHByZXNzPC9tb2RlbE5hbWU+DQo8bW9kZWxOdW1iZXI+MzkwMFg8L21vZGVsTnVtYmVyPg0KPG1vZGVsVVJMPmh0dHA6Ly93d3cucm9rdS5jb20vPC9tb2RlbFVSTD4NCjxzZXJpYWxOdW1iZXI+WUcwMDRKNDg2ODYzPC9zZXJpYWxOdW1iZXI+DQo8VUROPnV1aWQ6Mjk1YzAwMDQtNjgwNy0xMDZkLTgwY2YtZDgzMTM0MjA3N2ZiPC9VRE4+DQo8c2VydmljZUxpc3Q+DQo8c2VydmljZT4NCjxzZXJ2aWNlVHlwZT51cm46cm9rdS1jb206c2VydmljZTplY3A6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpyb2t1LWNvbTpzZXJ2aWNlSWQ6ZWNwMS0wPC9zZXJ2aWNlSWQ+DQo8Y29udHJvbFVSTD48L2NvbnRyb2xVUkw+DQo8ZXZlbnRTdWJVUkw+PC9ldmVudFN1YlVSTD4NCjxTQ1BEVVJMPmVjcF9TQ1BELnhtbDwvU0NQRFVSTD4NCjwvc2VydmljZT4NCjxzZXJ2aWNlPg0KPHNlcnZpY2VUeXBlPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MTwvc2VydmljZVR5cGU+DQo8c2VydmljZUlkPnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlSWQ6ZGlhbDEtMDwvc2VydmljZUlkPg0KPGNvbnRyb2xVUkw+PC9jb250cm9sVVJMPg0KPGV2ZW50U3ViVVJMPjwvZXZlbnRTdWJVUkw+DQo8U0NQRFVSTD5kaWFsX1NDUEQueG1sPC9TQ1BEVVJMPg0KPC9zZXJ2aWNlPg0KPC9zZXJ2aWNlTGlzdD4NCjwvZGV2aWNlPg0KPC9yb290Pg0K"}
00432{"flow_id":66,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":579933,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl957H3yCfYs3ILta7oAQD+z5wQAAAQEIChwN2BAGktWP"}
00409{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":598254,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg\/t4AAEARZwsKAADjCgAAAc1zAMAADAmuEAEDEA=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":716353,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48KY4MsCCjHASFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MjkgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00432{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687269,"pkt_ts_usec":833566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAatAAAAQEIChwN2QcGksZO"}
00819{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":260892,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTj91AAEARlEMKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00640{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":560308,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADK9bsAAAERyIoKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00819{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":729313,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkARAAEARlBwKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687270,"pkt_ts_usec":740083,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA47wm4MsCCkExSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzAgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00408{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":101324,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgLGIAAEAROYgKAADjCgAAAc1zAMAADBGuCAEDEA=="}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1569687269716,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":49816,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1569687268747,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":50081,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1569687270740,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1569687268077,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":38616,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1569687267991,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":61328,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":867,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1569687268376,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":61328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00640{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":560368,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6NDY7z3UoCABFAADKB2sAAAERttsKAADj7\/\/\/+uDLB2wAtl89TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS83Ny4wLjM4NjUuOTAgTWFjIE9TIFgNCg0K"}
00408{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":606006,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg1aQAAEARkEUKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00432{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":692136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAATrAAAAQEIChwN4A8GksZO"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":764145,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"NDY7z3UopHczjPFACABFAAIeAABAAEARI1gKAACVCgAA48i24MsCCjOhSFRUUC8xLjEgMjAwIE9LDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkRBVEU6IFNhdCwgMjggU2VwIDIwMTkgMTY6MTQ6MzEgR01UDQpFWFQ6DQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNDk6ODAwOC9zc2RwL2RldmljZS1kZXNjLnhtbA0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzogYjNiMTBmNmEtMWRkMS0xMWIyLWI3NDAtYWU5NDc5MzlkMzA4DQpTRVJWRVI6IExpbnV4LzMuOC4xMyssIFVQblAvMS4wLCBQb3J0YWJsZSBTREsgZm9yIFVQblAgZGV2aWNlcy8xLjYuMTgNClgtVXNlci1BZ2VudDogcmVkc29uaWMNClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDo3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODY6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KQk9PVElELlVQTlAuT1JHOiA0NzINCkNPTkZJR0lELlVQTlAuT1JHOiAxDQoNCg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00586{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687271,"pkt_ts_usec":967353,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00818{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":80873,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"NDY7z3Uo2DE0IHf7CABFAAFTkAZAAEARlBoKAACXCgAA4wds4MsBP0SkSFRUUC8xLjEgMjAwIE9LDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANClNUOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENClVTTjogdXVpZDoyOTVjMDAwNC02ODA3LTEwNmQtODBjZi1kODMxMzQyMDc3ZmI6OnVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KRXh0OiANClNlcnZlcjogUm9rdSBVUG5QLzEuMCBSb2t1LzkuMS4wDQpMT0NBVElPTjogaHR0cDovLzEwLjAuMC4xNTE6ODA2MC9kaWFsL2RkLnhtbA0KV0FLRVVQOiBNQUM9ZDg6MzE6MzQ6MjA6Nzc6ZmI7VGltZW91dD0xMA0KDQo="}
00595{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687272,"pkt_ts_usec":376985,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7GIEORo7ICABFAACsXgQAAP8RcWwKAADV4AAA+xTpFOkAmEDPAAAAAAADAAEAAAABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEIX2hvbWVraXTAHAAMAAEMX3NsZWVwLXByb3h5BF91ZHDAIQAMAAHADAAMAAEAAA4EABQRTFAtUktFUlVSLU9TWCAoOSnADAAAKQWgAAARlAASAAQADgCbOoEORo7IGIEORo7I"}
@@ -506,9 +506,9 @@
00409{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":614667,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgdkAAAEAR76kKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687274,"pkt_ts_usec":834528,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00433{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687275,"pkt_ts_usec":135465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREAAGZAAAAQEIChwN7VcGksZO"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00504{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":139200,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgVbYAAEARDvYKAADjCgAA\/wCJAIkATLhJRX8wEAABAAAAAAABIEVNRkFDTkZDRUxFRkZDRkZGQ0NORVBGREZJQ0FDQUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1797,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1569687277139,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00479{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":144772,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOK\/AAAEAROM4KAADjCgAA\/wCJAIkAOvmHRYABEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00504{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":188381,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgQ9oAAEARINIKAADjCgAA\/wCJAIkATMRRRYEwEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAAAAAZgAAoAAOM="}
00478{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687277,"pkt_ts_usec":202381,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABOTbMAAEARFwsKAADjCgAA\/wCJAIkAOvmFRYIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
@@ -526,8 +526,8 @@
00409{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":624310,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgsKcAAEARtUIKAADjCgAAAc1zAMAADAmuEAEDEA=="}
00587{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2328,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687280,"pkt_ts_usec":978592,"pkt_caplen":174,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":174,"pkt_l4_len":120,"pkt":"MzMAAAABLH6BsEqhht1gAAAAAHg6\/\/6AAAAAAAAALn6B\/\/6wSqH\/AgAAAAAAAAAAAAAAAAABhgBH5kDAALQAAAAAAAAAABkFAAAAAVGAIAEFWP7tAAAAAAAAAAAAASABBVj+7QAAAAAAAAAAAAIDBEDAAAL9HQAC\/R0AAAAAJgEGRoQCRLAAAAAAAAAAABgDAAAAAAC0AAAAAAAAAAAAAAAAAAAAAAEBLH6BsEqh"}
00434{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":158363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UBJAAPMGvOUIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYkXAAAAQEICnincgAcDdF\/"}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":522,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1569687271764,"flow_last_seen":0,"flow_min_l4_payload_len":514,"flow_max_l4_payload_len":514,"flow_tot_l4_payload_len":514,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":51382,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2379,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569687247596,"flow_last_seen":1569687248620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00505{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2408,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":686916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/NDY7z3UoCABFAABgUbMAAEAREvkKAADjCgAA\/wCJAIkATMfLRYMpEAABAAAAAAABIEVNRkFDTkVDREFERUREREFERkREQ05GSERIREdERUFBAAAgAAHADAAgAAEAAAOEAAZgAAoAAOM="}
00433{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2419,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687281,"pkt_ts_usec":981171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADsmwAAAQEIChwOBx8GksZO"}
00434{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2435,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687282,"pkt_ts_usec":157559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0UoVAAPMGunIIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYgdAAAAQEICnindegcDdF\/"}
@@ -536,83 +536,83 @@
00434{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687284,"pkt_ts_usec":157706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0WbNAAPMGs0QIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYYpAAAAQEICninfbgcDdF\/"}
00409{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2570,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":129419,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAgwLAAAEARpTkKAADjCgAAAc1zAMAADBGuCAEDEA=="}
00410{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2580,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":632460,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"LH6BsEqhNDY7z3UoCABFAAAg9UsAAEARcJ4KAADjCgAAAc1zAMAADAmuEAEDEA=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":917856,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2587,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1569687286917,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00508{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918076,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="}
-00613{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":48,"flow_max_l4_data_len":85,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
+00625{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2588,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
00708{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":918669,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="}
-00578{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
+00590{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2589,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_first_seen":1569687286917,"flow_last_seen":1569687286918,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlezone._tcp.local"}}
00596{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687286,"pkt_ts_usec":919025,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"AQBeAAD7pHczjPFACABFAACsAABAAP8Rj7AKAACV4AAA+xTpFOkAmGRVAACEAAAAAAEAAAABJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhgAEAAAB4AC0A0gDzJxEkNzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2wELAWQABgAEAAAB4AAQKAACV"}
-00615{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_tot_l4_data_len":519,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
-00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00627{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2590,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local"}}
+00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687287,"pkt_ts_usec":737123,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="}
-00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2723,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2914,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":158305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0aqNAAPMGolQIJWfECgAA4wG73ieGjW4CDCXQ8YARTdYJBAAAAQEICninjVgcDdF\/"}
00433{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2981,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569687288,"pkt_ts_usec":697648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2DE0IHf7NDY7z3UoCABFAAA0AABAAEAGJUsKAADjCgAAl94iH3wAQcGNmjQa94AREADS0wAAAQEIChwOIOcGksZO"}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_tot_l4_data_len":4039,"flow_min_l4_data_len":20,"flow_max_l4_data_len":416,"flow_avg_l4_data_len":212,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_tot_l4_data_len":1276,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":20,"flow_max_l4_data_len":416,"flow_avg_l4_data_len":166,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_tot_l4_data_len":1032,"flow_min_l4_data_len":58,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":32,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":49,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":32,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":49,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":42,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_tot_l4_data_len":809503,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1477,"flow_avg_l4_data_len":331,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_tot_l4_data_len":1920,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_tot_l4_data_len":519,"flow_min_l4_data_len":48,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_tot_l4_data_len":1142,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_tot_l4_data_len":170,"flow_min_l4_data_len":59,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":50,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":59,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_tot_l4_data_len":3160,"flow_min_l4_data_len":32,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":20,"flow_max_l4_data_len":85,"flow_avg_l4_data_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_tot_l4_data_len":11015,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":193,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_tot_l4_data_len":347,"flow_min_l4_data_len":58,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_tot_l4_data_len":9034,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_tot_l4_data_len":24196,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_tot_l4_data_len":24648,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_tot_l4_data_len":988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":65,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1227,"flow_avg_l4_data_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_tot_l4_data_len":1142,"flow_min_l4_data_len":98,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":35,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_tot_l4_data_len":1944,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1172,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":51,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":41,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_tot_l4_data_len":3907,"flow_min_l4_data_len":32,"flow_max_l4_data_len":819,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_tot_l4_data_len":750,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_tot_l4_data_len":750,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":41,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_tot_l4_data_len":177,"flow_min_l4_data_len":48,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":39,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_tot_l4_data_len":258,"flow_min_l4_data_len":50,"flow_max_l4_data_len":208,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1569687268559,"flow_last_seen":1569687271560,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"239.255.255.250","src_port":57547,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":19,"flow_first_seen":1569687249612,"flow_last_seen":1569687268122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":3455,"flow_avg_l4_payload_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56884,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1569687240992,"flow_last_seen":1569687241009,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1569687269223,"flow_last_seen":1569687272080,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1244,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.151","dst_ip":"10.0.0.227","src_port":1900,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1569687249612,"flow_last_seen":1569687268086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":384,"flow_tot_l4_payload_len":1372,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.77","src_port":56917,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00453{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1569687287737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":15,"flow_first_seen":1569687277139,"flow_last_seen":1569687283186,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":912,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1569687260469,"flow_last_seen":1569687260521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"35.201.124.9","src_port":56910,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260767,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64972,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1569687251177,"flow_last_seen":1569687251230,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":54851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1569687246891,"flow_last_seen":1569687246924,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":63107,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1569687261035,"flow_last_seen":1569687261054,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569687245251,"flow_last_seen":1569687245288,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":52879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1569687267677,"flow_last_seen":1569687268288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.10.115.210","src_port":56879,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2441,"flow_first_seen":1569687268746,"flow_last_seen":1569687289262,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1469,"flow_tot_l4_payload_len":789975,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1569687261486,"flow_last_seen":1569687261506,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":16,"flow_first_seen":1569687241656,"flow_last_seen":1569687287122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1569687286917,"flow_last_seen":1569687286919,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1569687246981,"flow_last_seen":1569687272376,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1569687261485,"flow_last_seen":1569687261501,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267819,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1569687267477,"flow_last_seen":1569687267493,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57253,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1569687261034,"flow_last_seen":1569687261050,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57261,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1569687241422,"flow_last_seen":1569687286460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":2200,"flow_avg_l4_payload_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56320,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1569687245295,"flow_last_seen":1569687245320,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1569687267797,"flow_last_seen":1569687267821,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"17.57.144.116","src_port":56886,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":57,"flow_first_seen":1569687260591,"flow_last_seen":1569687262892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":9167,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.96.194","src_port":56921,"dst_port":4287,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1569687260751,"flow_last_seen":1569687260772,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":61613,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1569687267800,"flow_last_seen":1569687267818,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59582,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1569687267841,"flow_last_seen":1569687288158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":30,"flow_first_seen":1569687245379,"flow_last_seen":1569687245725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8058,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":54,"flow_first_seen":1569687245688,"flow_last_seen":1569687268830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22452,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":92,"flow_first_seen":1569687267035,"flow_last_seen":1569687288923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21688,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1569687267988,"flow_last_seen":1569687268026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687267323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56914,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":1569687245576,"flow_last_seen":1569687268339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","ndpi": {"proto":"CiscoVPN","breed":"Acceptable","category":"VPN"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_first_seen":1569687267453,"flow_last_seen":1569687267455,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56865,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","ndpi": {"proto":"AJP","breed":"Acceptable","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1569687241064,"flow_last_seen":1569687246096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56916,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":9,"flow_first_seen":1569687267453,"flow_last_seen":1569687288697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56866,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":7,"flow_first_seen":1569687269561,"flow_last_seen":1569687269570,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1195,"flow_tot_l4_payload_len":1446,"flow_avg_l4_payload_len":206,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.149","src_port":56954,"dst_port":8008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1569687246982,"flow_last_seen":1569687272377,"flow_min_l4_payload_len":90,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1070,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::408:3e45:3abc:1552","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1569687267831,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":49781,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":11,"flow_first_seen":1569687269562,"flow_last_seen":1569687273580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1140,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.151","src_port":56955,"dst_port":8060,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":10,"flow_first_seen":1569687269094,"flow_last_seen":1569687286632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"10.0.0.1","src_port":52595,"dst_port":192,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1569687267805,"flow_last_seen":1569687267824,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":64193,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1569687267851,"flow_last_seen":1569687267865,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":58074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":27,"flow_first_seen":1569687256018,"flow_last_seen":1569687267492,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":787,"flow_tot_l4_payload_len":3023,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"99.86.34.156","src_port":56920,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":12,"flow_first_seen":1569687262866,"flow_last_seen":1569687262912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"162.222.43.153","src_port":56881,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1569687267812,"flow_last_seen":1569687267847,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1569687255989,"flow_last_seen":1569687256018,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":58155,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569687245321,"flow_last_seen":1569687245366,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":121,"flow_tot_l4_payload_len":161,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.76.76","src_port":62322,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1569687267799,"flow_last_seen":1569687267814,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":60341,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test"}
diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out
index 3540f974e..efbc23951 100644
--- a/test/results/anydesk-2.pcap.out
+++ b/test/results/anydesk-2.pcap.out
@@ -1,32 +1,32 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":247036,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613977585247,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":260893,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcjnRAADkRLxDAqAEBwKgBuwA16HcASAAA7CKBgAABAAEAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAADSNAAEJT3fDw=="}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":56,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"37.61.223.15"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":542630,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C4AAIARAADAqAG7wKgBAdhQADUAOIRW6okBAAABAAAAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQAB"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613977585542,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977585,"pkt_ts_usec":553797,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"2MuK4S0uEBMx8Tl2CABFAABcBhBAADkRt3TAqAEBwKgBuwA12FAASAAA6omBgAABAAEAAAAADnJlbGF5LTliNjgyN2YyA25ldAdhbnlkZXNrA2NvbQAAAQABwAwAAQABAABtXAAEisckcw=="}
-00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":56,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613977595379,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-9b6827f2.net.anydesk.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"138.199.36.115"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613977595379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":379986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDNAAIAGAADAqAG7wKgBstOUG56PGHtIAAAAAIAC+vCE5AAAAgQFtAEDAwgBAQQC"}
00427{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2MuK4S0uKDc3AG3ICABFAAA0AABAAEAGtgbAqAGywKgBuxue05RZw\/OWjxh7SYAS\/\/+kVwAAAgQFtAEDAwUEAgAA"}
00408{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDRAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AQBAKE2AAA"}
00742{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380848,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"KDc3AG3I2MuK4S0uCABFAAEddDVAAIAGAADAqAG7wKgBstOUG56PGHtJWcPzl1AYBAKFzQAAFgMBAPABAADsAwNj3AGBpT3DvXWxFVWt8lyInfOzaE5lLOK0P1RS+v5ukgAAbsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwALwD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":20,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1613977595379,"flow_last_seen":1613977595380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00417{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":380908,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh7SVAQIADEJgAAAAAAAAAA"}
00419{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":381236,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/OXjxh8PlAQH\/jDOQAAAAAAAAAA"}
02383{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"2MuK4S0uKDc3AG3ICABFAAXcAABAAEAGsF7AqAGywKgBuxue05RZw\/OXjxh8PlAQIABdFgAAFgMDADoCAAA2AwOE4uKagyR4WpzZlTX3uV81nzJfBEzLEFSech4SFt7ExwAAnwAADv8BAAEAACMAAAAPAAEBFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMTgwODAzMTIzMzM0WhgPMjA2ODA3MjExMjMzMzRaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIaK0rq9eTlZvBcmZhh1H9c4WyavqU3KnPQjWKum4+D57QTq6vpp8Zc0mmlfSbdIckUvHjBDiS9uimzm4D4EcxdTgnlDkoD1BP4ueHjekNtFNgh04fFTTZyZVscL3oNitoLTkU4\/rpKLpwwbDC6h6+ytxWCa3+odO5IlRwhTW3afIESGML7\/I+EoPTOb1g2I21eLTPpw2Ey9Z+0sPtRAJpLulMSEj\/fpKcyvnqkLfpJH2HV0mGEFXtbfyn7y0dpUDxjRBb\/s55m+OHTMJOEXrDdEWfunUhL9cgvTyWnWwLxNdVWJEs4A6cGJ5pCETQrNRCkiOFuKXnFF3IE1SaR9ywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2PTeYQVpoK\/4FnIIlkh5oTJ+rM1qSGu6uZXaiGbYqvrjRGF0z4YSE+Dsi+oHIKKlFN7lTj2IonetId1bxX3mfUFFc6ADQqoEk3h87NEgrJdaCpIi\/Qm8jePsjyFN4Z+A+EycFrOMbq7rMs5rnAAGSEPy4hsFHG8OneF3O4rBgCM70YOduX2cQCQfAhJZVgos3r9uWUBhLqRgkyYpnx0cwgUl7PH8aRB0W1BDBtTpU0GDswuvU7QANMJA\/U5nmSE1oycJ+boqTuHQVa1pQq1EwvgFfgQnaJOLe+QLml0VFaxHmDnQrVnmRBIvH2hciN5dZgq7zNCC8xLxFzBrxXW0FgMDAw8MAAMLAQDM3P8099u0r5PnIjdrfYCIOEb0OZCo\/4MAKya\/lWGZGsYnrujP9yoMeXV2yLvTu7kuAPzePn77sycy3\/hvl6Zp6kV5OyRB9H6vxREG1klpzmZljFlBdZboUl0RmnvB8GL8iHcVMHWEC8Rj5OL45dI7imcsFseDZ3HMq1acOiIwt4HgVLAaJhuGuWcFvZyOAtIwvpZfawKTuJ2wQPw1A6F4AT2MRyW3E1B3u0Mk1UUxNrKEFRQZceM7MKKf5jS1FeeZWxBB7FYpK+zqe\/FrQAhtlkn7MZtzOl8wBOmniIt9wsrvumkU8s8XmI6mkltmDpPkTvX4p4m29qBcwlFj6ShjAAECAQDCHYAAeN+Fzo2goH8VTD\/ekbzedKa8cjO+06b1VIhzKulIRhJa7TDMAIKA+I6VM5UCzKeDOR9\/pjTkRKbNU1QwC9FCflZTdnnAPWNNbYS4P7fDZ1Tin0dYpBcIQF5dzGc9MBv+eY+XcC+\/ENM8n6EKAN5vowPUTiol3SuwagOILkDrs71ka5\/CAvjsLwrpwsAVwPGOr0JzPIV1p4pBDwTmT47a5Z0XPYi88F\/u93KfXqfqs3nzSzcRMrjPVT5neUgUiPYmc3iktFSX+pUl+vMSwj5svlkGWGUENFBO1HMT2+BQEEpP7yyL\/IvHJ3PDV7WyYGlOK6iboGjdiFlcpAnIBgEBACqMmVZNVs6IGGAvaodGnHjnzlNj4CSXPXzu43pnPxUt4ZSH6mEFirbmauhDTe7xq7CLLDdl4WEBy9+mA63uKHIsns1NxfMuFmjDtgW+FPZL41rbgDlAEU4hrZHyZ\/vigaajOEZd4SgRNTHFY7X2igHR2v7dSPEcLj32+tU9\/NpmbMhlNbqpUnXompGP2SuttNS1pyvio21FCYhaIC+rLWD1OQydP6s="}
-01013{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_tot_l4_data_len":1869,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01024{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1613977595379,"flow_last_seen":1613977595391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1705,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
00607{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391710,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"2MuK4S0uKDc3AG3ICABFAAC3AABAAEAGtYPAqAGywKgBuxue05RZw\/lLjxh8PlAYIAAyhQAA\/lfoKQRRf1Hxpsc6c\/yFjbVmgtO6ISUwVcLPkVXAi7DnESvmg0P2bwtRcTr4ZR9Nv2mLB1LE54nX2F3jqjkB9yM1nC+2ntDQGnI0l5VsuqIAnOB72eDWll8HFgMDADANAAAoBQMEAQJAAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAAA4AAAA="}
00409{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":391726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodDdAAIAGAADAqAG7wKgBstOUG56PGHw+WcP52lAQBAKE2AAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1613977595407,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1613977595407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407425,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"2MuK4S0uKDc3AG3ICABFAABAAABAAEAGtfrAqAGywKgBu8tHG54tLA3cAAAAALAC\/\/97PgAAAgQFtAEDAwUBAQgKHE34xQAAAAAEAgAA"}
00428{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407489,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3I2MuK4S0uCABFAAA0dDlAAIAGAADAqAG7wKgBshuey0dV\/SLKLSwN3YAS\/\/+E5AAAAgQFtAEDAwgBAQQC"}
00417{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":407676,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA3dVf0iy1AQIABwXwAAAAAAAAAA"}
00768{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":408312,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"2MuK4S0uKDc3AG3ICABFAAEvAABAAEAGtQvAqAGywKgBu8tHG54tLA3dVf0iy1AYIAC+RgAAFgMBAQIBAAD+AwM5xa94fzbZMZS38bcet4LQXQHW847W4Z2LW\/3GqgPjFAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_tot_l4_data_len":379,"flow_min_l4_data_len":20,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1613977595407,"flow_last_seen":1613977595408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02158{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":431292,"pkt_caplen":1340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1340,"pkt_l4_len":1306,"pkt":"KDc3AG3I2MuK4S0uCABFAAUudDtAAIAGAADAqAG7wKgBstOUG56PGHw+WcP52lAYBAKJ3gAAFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMjAwNjEyMTQzNTEzWhgPMjA3MDA1MzExNDM1MTNaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwap8kuXKAODl3oBaBKgWpoG5V\/9k9Re\/y85alMHsrZO3DL2CsBH2LGo\/FAOWUEOhQajl2GfY6wvsOvdSBeIfebFRqTI\/eyvzGX88OAXyXB8eUxPLEyIYR\/n+yQjHspQmrvuu8efb\/qsnD0wEfaZg0F+IVSnsvk7ydwKvfAM7cULUHZ0Rdjm5nVmmFqdnN4HPmAarEGGUZoYdf5diMMeygE8vYMiNC3GogaczMOURejt8nDKg3hDaVyqophSfYaYV3ITgE+Nh\/dVHh+EMMnYnecAfZjVQbrebwLeJyU4mm2l4eOcUa7XakXYely\/GV1aaQqmZEls1jwTB+rGy7S9NXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdS4QpIobUZqbbLjL4QoyB5qi3ZvARFTdDn\/9FwwTPSuHsKNhHmppWBwxEbx6h4A00T+QPgF+JpAon\/Xn567r0wRs+2Gx6\/cI8NKbS96Mi6NWr8UFxoeDYSx\/xaQiSAMRL05Q\/xUfL2hQSR7JGfXmwzGC2aMQ\/a06M6fbVNUSaZs9xsR+k3GRt9+n93NgXIOzAVQdbBETAx4gx2dNQDdg1wrP5pCoFNb8BplELzJqgvsS9+YJ26fnoOlRyktG8e1qKVEKb3BIRJYRTafgG9eC8SfhPYnYtFnIBtjzsJ3TB1zZdJVFNoxUozWRc3Qr7Gsi8TrD2m7DcORG5iDMlw1P6FgMDAQYQAAECAQDLZskNFwLc\/qW\/Nr+nKQJNvUu2f1z5l5YmbkSG9hgIFi2DKaaZOngFwl8rwI1rcdsD4nouljMfcV3R+yQGs5htzv39PiwagwI15EJ5bc86qPFaBEyzozXlfzv64MSTZBni6VjEm4tPNDoMy0H9an1vB5INebowvl5fmlYj9bNQkSnAjiIURhY0j9Tpp7s\/eNJllmD3\/sfXLji2SP9PkG9qtKRiWiWJREc7Xq9VAIgLGn\/VflVqkOU79Rny9e17uULj+hGQLIry9lPatmA6hQ1Q5Pm3eKSsywCcPEMX6RmXoSQ+nFRdiPbIli1CaOJA\/0krrsX4ONJiGju5DH3R1IzXFgMDAQgPAAEEBgEBAKJ1YjYtST15odzCEDfCmJThrwiNPIw7nith\/lKQBX0UeBtDcqCkoabtcjcTAM\/nktgo7lR8mg6WGh8yUR1jn6HMKh9wrcDxur+n0olwiIIAlF2SitqffUJ2Novw5iDG+eu27+IKY2BWxnqkhIq6tDdA6D\/Mo62TbFzYtc52yJSVXW70jTIyKoNHEsRBv+5A6TXkiXd7zjPBPvtiAitiCWyDfO9KjStAlkGCHrezoqs25iWAJiY9WNxLk8vLSCm\/kdWMAUW68+PYuCJrx298j7Et89JVhxDpqbUZnlOnhLNpaA5cVhkqAFr9+DTWOeICcY+Woka2369WVzgjKgZtlcYUAwMAAQEWAwMAKFniE076axSZ\/WgNd0lBZ0vXxrTb7Pcged+vpjq+VkIZR\/qdnoCgiPw="}
00419{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":432030,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBuxue05RZw\/najxiBRFAQH9e4EQAAAAAAAAAA"}
01653{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":440779,"pkt_caplen":968,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":968,"pkt_l4_len":934,"pkt":"2MuK4S0uKDc3AG3ICABFAAO6AABAAEAGsoDAqAGywKgBuxue05RZw\/najxiBRFAYIACNSwAAFgMDA1oEAANWAAAcIANQc93rHDa7Yn\/vpGRVRnhvqSjWGWzp6Or\/X5BwKz9BSYKrm\/ARXk3L0fDCc7MMGgIGaxXmx3fu83\/fGJHp3K1gYF4MO8nuO9gHaenVjCtCJwpHjBsdxIPaJ8lqqNMhSiYiPr6GCMCvRgiSn4dAB+FmPDrBIazl1JCDWxWyJsFCJzQXGoLKxOZdf\/CHUD48qVlxCOZWUEw6dcHXn0uMXx0ZH+o3m9iA0y+tanJNMPT9j8hl8M5wnU1LapGDOPAJeqMbEVhYKBX6Ec8SF3QYJsXEdAMZsyCuA189E9JUGjuTMhpnYraUjOqG0T7WArRcMY66XU99hkUMild8VpnW8XAPgMqKaz86l4tSB5lMHg80KqtMxQ+UDO2nmLGm\/5cVWZCD1xHxWWMFs\/5Gm8LUPD5dVM8ec2vzFxrHMzL31QcLupSrS87jBTGgajGU02N0Uvm9Hk2VwXpYAXJQYdMnDK8uSC00uadYSnufU9mPosVQNIGniaE66R8dJpyOY3wKNp6L122wp3U7sqXuh\/gPf4EcTkZoTFD7CMSswBlH5RxkBHsb+Qf0vA\/E9yrNFWEz7oKs1\/drxR7y3KZ9CAEiWd\/AN53Ho1UTXZtZdlzixPDR3rAUlcc7BlgedZFGOQ+tASjX0vS4NweZ9sO1RKW2HGg9QTXYhI44KsiJ7kn56uV9rgYx2ZjFw3nv99yTZ7J6G844PiPQ+maNlcI+bd4rpJDv7LGdS0XnMLZHcoyBMkGfe2M8VfnCq9+eXNKEhrHrnCRWTGQaMEKBn7SMyR4TJD\/y9\/5D6XoQWyL8AktmenCijetEFvvgqXQ0GV875WNn5P6zWDpHlNLCGv+qXvx6UcheOjqFdlSkhnFbSp94u35svgOn9YNSf8VKnsmr\/7J1WqSmqEbxF1qIa7d4ZOSmKvplfTPKXeRyGO92yM\/F6YQsqars3GDmYJj0Yw\/z3Wsg\/9k9AngRCT4udBWwXlckxpUdUfGFBs5Ljd0dOf5H2wx6nLQ3TeqWij73Wqf7pxqTqjqRhVTiLSSSjYOBXAmdYnyW1CW6kMy\/ECGAbX+NQtMVUYaNbnBlkYM51TKHkxX2zdxQaVkPpExEPjujGAejMsXhAE9bVDXTP\/bZGlxJKkF5eXAUAwMAAQEWAwMAKG1RYmNOSSRuC9jylMY1BrjYSWTZ7Sl21N3DRGHGPjjUMvJPYE3t7Fo="}
@@ -34,7 +34,7 @@
00411{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":440808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodD5AAIAGAADAqAG7wKgBstOUG56PGIFEWcP9lFAQA\/6E2AAA"}
00410{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":463648,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"}
01512{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":549041,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"KDc3AG3I2MuK4S0uCABFAANVdEpAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAYIBSIBQAAFgMDADoCAAA2AwOohSNK\/kyh2J0OL2EIWx++95ipjSPTUL8cYeQroRk5OgAAnQAADv8BAAEAACMAAAAPAAEBFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMjAwNjEyMTQzNTEzWhgPMjA3MDA1MzExNDM1MTNaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwap8kuXKAODl3oBaBKgWpoG5V\/9k9Re\/y85alMHsrZO3DL2CsBH2LGo\/FAOWUEOhQajl2GfY6wvsOvdSBeIfebFRqTI\/eyvzGX88OAXyXB8eUxPLEyIYR\/n+yQjHspQmrvuu8efb\/qsnD0wEfaZg0F+IVSnsvk7ydwKvfAM7cULUHZ0Rdjm5nVmmFqdnN4HPmAarEGGUZoYdf5diMMeygE8vYMiNC3GogaczMOURejt8nDKg3hDaVyqophSfYaYV3ITgE+Nh\/dVHh+EMMnYnecAfZjVQbrebwLeJyU4mm2l4eOcUa7XakXYely\/GV1aaQqmZEls1jwTB+rGy7S9NXQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdS4QpIobUZqbbLjL4QoyB5qi3ZvARFTdDn\/9FwwTPSuHsKNhHmppWBwxEbx6h4A00T+QPgF+JpAon\/Xn567r0wRs+2Gx6\/cI8NKbS96Mi6NWr8UFxoeDYSx\/xaQiSAMRL05Q\/xUfL2hQSR7JGfXmwzGC2aMQ\/a06M6fbVNUSaZs9xsR+k3GRt9+n93NgXIOzAVQdbBETAx4gx2dNQDdg1wrP5pCoFNb8BplELzJqgvsS9+YJ26fnoOlRyktG8e1qKVEKb3BIRJYRTafgG9eC8SfhPYnYtFnIBtjzsJ3TB1zZdJVFNoxUozWRc3Qr7Gsi8TrD2m7DcORG5iDMlw1P6FgMDAC4NAAAmAwECQAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAAAOAAAA"}
-01030{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_tot_l4_data_len":1232,"flow_min_l4_data_len":20,"flow_max_l4_data_len":833,"flow_avg_l4_data_len":205,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
+01041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1613977595407,"flow_last_seen":1613977595549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":813,"flow_tot_l4_payload_len":1076,"flow_avg_l4_payload_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}
00417{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":549471,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGthLAqAGywKgBu8tHG54tLA7kVf0l+FAQH+ZsRQAAAAAAAAAA"}
02147{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":552668,"pkt_caplen":1340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1340,"pkt_l4_len":1306,"pkt":"2MuK4S0uKDc3AG3ICABFAAUuAABAAEAGsQzAqAGywKgBu8tHG54tLA7kVf0l+FAYIADZzgAAFgMDArYLAAKyAAKvAAKsMIICqDCCAZACAQEwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UEAwwOQW55RGVzayBDbGllbnQwIBcNMTgwODAzMTIzMzM0WhgPMjA2ODA3MjExMjMzMzRaMBkxFzAVBgNVBAMMDkFueURlc2sgQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIaK0rq9eTlZvBcmZhh1H9c4WyavqU3KnPQjWKum4+D57QTq6vpp8Zc0mmlfSbdIckUvHjBDiS9uimzm4D4EcxdTgnlDkoD1BP4ueHjekNtFNgh04fFTTZyZVscL3oNitoLTkU4\/rpKLpwwbDC6h6+ytxWCa3+odO5IlRwhTW3afIESGML7\/I+EoPTOb1g2I21eLTPpw2Ey9Z+0sPtRAJpLulMSEj\/fpKcyvnqkLfpJH2HV0mGEFXtbfyn7y0dpUDxjRBb\/s55m+OHTMJOEXrDdEWfunUhL9cgvTyWnWwLxNdVWJEs4A6cGJ5pCETQrNRCkiOFuKXnFF3IE1SaR9ywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCZ2PTeYQVpoK\/4FnIIlkh5oTJ+rM1qSGu6uZXaiGbYqvrjRGF0z4YSE+Dsi+oHIKKlFN7lTj2IonetId1bxX3mfUFFc6ADQqoEk3h87NEgrJdaCpIi\/Qm8jePsjyFN4Z+A+EycFrOMbq7rMs5rnAAGSEPy4hsFHG8OneF3O4rBgCM70YOduX2cQCQfAhJZVgos3r9uWUBhLqRgkyYpnx0cwgUl7PH8aRB0W1BDBtTpU0GDswuvU7QANMJA\/U5nmSE1oycJ+boqTuHQVa1pQq1EwvgFfgQnaJOLe+QLml0VFaxHmDnQrVnmRBIvH2hciN5dZgq7zNCC8xLxFzBrxXW0FgMDAQYQAAECAQAiMOEYPS0Cq462+H9EtZcRg6RCo7GZHM\/txxOmn3CBPprsVwMPX+sGOLyndBqTV+vs+BqX0GYa+0R1hBy5LL0mtR1GuyxvyG67tUjzeF1nDKdfOvvEbMY1XBybPlztHRx5gw02b6+1m5Ywp7jVuK6qgCBOYAwhj6Aw2oYxULuU52CaSGQ6r3IiO3llfb8KlKvmt7y4UnG0aYyLAiiCjRbSGzfujupjjwNBYqoohOLhyWlpYWH12Xs5XaaiNDaddw6G7hYOsKyYn04XYiVFrfwbfHKUi965IOBjIEuvNuC7QG3B7JODw+wZNuMlgyynmXoESd8Lcsu0HgnOWM\/bTOVLFgMDAQgPAAEEBgEBAD+zwUbVwwjZeLFm3oHYXdOcfNJjH9Ym1dD96flP\/a94QLPL6arVuiuOb9rnmLB5rjSOB2PiXl9adrcgbV2lofqASE9ejadluab9VCmJjj+\/NZcdS1yQNstSu85P1Zc+BRNCz\/e0TwP\/E9W0JUAcjNSsp0vheEurgoM+cf6k4XuvwKaqKAtj6xcEpv1+JGO0PyejMfnYd9zOqIzT8M8wd6CClH4Sl4pTgj1Zefjue6Ck9FGIzefc0xX36L2O9wQL\/Pnm0O97IVDEmyx\/rNQoM+O9hVnVKPaYEk9FmlCNOHSKp95hllg7J2okT9Dgxqq4i8ydW+e7qnqXXBjvquezfrAUAwMAAQEWAwMAKIDoC+4aRr1dXYV0XRzAPO+S9Bd0SzHtHqjwd\/UeZOfah4i0a4E+CA0="}
00410{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977595,"pkt_ts_usec":604291,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodE5AAIAGAADAqAG7wKgBshuey0dV\/SX4LSwT6lAQIA+E2AAA"}
@@ -149,7 +149,7 @@
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":240,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":4988}
04027{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":263,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977603,"pkt_ts_usec":313834,"pkt_caplen":2745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2745,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd0FAAIAGAADAqAG7wKgBstOUG56PHFwWWcP+5lAYA\/2ExAAAFwMDCn5Z4hNO+msU3mQde8XauUXuibx23ZWOy1lfKlJdZeS7jbArOCdma5G1Oyj\/YHi4OgowtlsF3GCyvWAIcIaf2qvcUvo8xw+u+vFmA88\/ZFtsQrOzjtOQOjqB1w9IVRQDv2grZ\/g+TPfVtI2fmulJ6\/DmyG6skD8\/NJUWgh8nP2od5WwvpSZMAK4lfKeb2z0dUsUOya9f5mvFpFHQtfrBKUxJ+Qi3RehBwzTb55Ty8p+hZJJV7Iwzjy4pVLDEN902w5s1zPRfh8wp6Anmbv2bXEn0A43qLMRFkgBP5BI+igCLV7CUZs1YGzWqE2Qe5LZSZvQs9XJzBdK9uD29IREqU0HJNfHTRP5llSd7+z4nImKHOyeI7anpkMzlguOkoVfJQEajpvI3WE9X\/1CUkRjvlueAQCmBNgaGjBqVDukdBpXNlB3n+105fzXVNBRay4p\/b\/GcjzrAXO3IE9M5nF02cdlxykTYZ\/v51qwrR+BW7MUkGi3iYyceDRneOdImiEA8Fx2ms52erPvVB5WPOPh9wK4Bx+Olb78ikN5Z6ABTeAlOOHzSwfkuoLGi3VXydpd80btVVx94fLuzAnSflm6lw5yfcuyRzOr5GQAuVNsGcgID\/tfJAgJBy5t\/3GV7d0R70TiSGpc0dA8ovueO+whcxGg6XkvNylfFnAymmw0H4NMNkLqqo252fRfF7\/bzwTJQowsRZQOWGBqNMHe+7deiTVbvVwZYIsdMXNebCII3WU2oVVD64POtpmYsGKOTF2T3fYzkHHLWAVWGQXU1SehD\/X6lH4iv0uzHEKfY\/Hw8F02O8iWssDHjxDLKVUsInHxGwWBZgbF1MU72FDnuHR5CGNKs19Jbx9I2Kk7XDMbfxxqgpUygmTtFPYFKryt93oYMUkjkspSKsTBRkCWXQuaQo7qu35UlkH2lUKiV09U1wYPedcqUsQ92UbGj\/siMqOIyeQowgB+tEpc75tZfM8xnZmaiFsP4Vbf7x2c\/9r5dJp0GY03Yhup7L6msnnDvEn666l\/wb26yt\/yCGM\/WN68jMfQ9IAH+C39Dcs3b\/+kwvAnD044ZM3+CUM8hQFmGwe94aPz0bI46AuTKmNNXtxdN\/UJWxOhk3Slo\/7+xVgIu6ryQ\/3gqxm0qSPUTi4uLVp6WeJiJEXZ2OYpVb9Fy8UCEez\/wS41UwuJPv9fT\/EMbWyowl7srODAru\/H73XdW41KrMalzeWf6Mnb80av5KwiOs2Y23EoAu4D5z21i4Djf9v9ODq2KUOHe9qEvjwxVEnt1qjhsgG+OjPvdbTT6\/9Ya7HaguBU9fuN3skEP7nGJfAq5gvs9hwzjCnB2a4GfmzDhmVfHwtgGTFvvXET24NHuZ4K\/8PXaQD8fBsQPzmNoslsonoxEPXlubw07HA7kKD+zNBa6FR1oTEAvBYYHKVjVMGlbNwITm1Qe+SWAuqxnY1eq541bN2ZEe9inXHIZnCVkpt9QFo2+Wnlii6gpZKNvdvJGlt\/Ck9K\/d3yfuDmJ2HoqpJzzoojRioHe9nS6KdtHQiVxWDCHyTmPDoeJjFgmNShc1KNJCxdYSrbkpXIAJvp+2EtxPnijllODqp9E1tFwH\/rzveFmx+Wc1K7P3nLChjoT3ufyQk2mhbp93u\/64NyqZVuH7fRyBlfDOR8yN+BEsixebRyiiK\/FnZJ5fLjfhgVme8+WX021lqeGUdX3m\/VkkyJXsLdoBOPanm+WsGtt6san0iXRmZTigkrHoUlUqrF+qmPvvGm4dgD5dKZXTfVVcTvCeBoWiu84Jakxdh0f5VPyQtD5ET57bn8KGcxpAXRxzH6jCiH4XJoOqxeENkjlNoX\/E9R6S5uAACvvrA+ORK8fhz5MVGKF957Ut5GZNW84r\/Ky2TYqrF46WgAZBGJux69\/T4D1US4ZkgNfUGfpuRGDdidMFNf6yW+ITJBzigOL5NJlsMkQOChbTmqlMe3ls+Sb9u2RcrE33nNSiQxahx1SH2r4CGe4a7tQFwvlhdpZphEQzqrbUvlU3xdCMtTxxne3XgGSF8j88eoUPM0jqDUPlrBbvd5mXogZYZLOEfpyiMSNnbwIvEq3R6cCrmh5DdIorOBdj+RAuOyzSD4Z\/2iae2GDHelQyAemjxPKnVE2d0KVuxBWFPtd1zdWXTDCyFU5H5lDpkgf1mzHiNrvqSpBI7YVjs7mwDQOgbo9RmT4uxCkEDz5IWg47a+P4f5fcyxrdxQTjDQIpN7uN2CBc2Oq7JDZQYuUrbkmwr6hIAG0JW31HQHIKbQw56Eq\/UwylTe5Yw3Xapi+ctffH8Fjo74SgVjOfurQWtPkJ9y1\/XCYJlkQj4Eq9NGKVml798jEO3kWgIeLF2jcL\/xBEFbrjd03vbXKYB1444cMPq+N0eZDETbjBDQsHeHxvCVoTSxbrakgRAQrc3H+aBqBNYRqoVwtvSSFd8iLiG8W+DEr5zp94CSESrQl6Z1\/VXyEAlkGYB4NLUO\/vDEyyviQJyNtmzhFLw76uw+al1LSas8zYAYzxy9kQ4rSDMZ\/wy\/xerQQN8zFOZZ8My4SWoU+5ig+EmAZjEK5XhiKMyvL9KoFQqLei0e8SmBe3lYb\/th5YG37aWDNvw7KvJZCtvAGp55TDsGVsNU7Fcv69v3YfLy66ZJ09UzqvnzQOTuNkBcMftHM1AvQ7FLM5FN49i089r0\/PDCaCegLQIa8yH4jZrCgiAK9DWPBsJOYCcVcnTyElMFGWKAQDuy1ySm9g6fXErhjvXhHTS+t9a7UxzxKaObgCXnBVCEULXe03mmu6RWF8GioBeesdzkyfjBjHk13FB+ujRnul6P\/dcW7e44Iw1Sx6zdRz6QcbuAdMXxeHZ4bm6MuTvlVw85lnaquFyRVNxzYZfjSsR8b3Ny2hF370r70\/0L1mFO4BBnD503vyP5FGEUer6jOORAbVTvjkfv7DfT5ce+mqBnd7hI9nyQza5Z0fatgMDGKwWiclhCNav+XhjFgM+Mwr14C2gJjUDg9mfO52JQBrmzyQuDTC1bfYod7Vodp\/oStGrztMdFIBGm4gqba7qS0CZ7u9eU+lY6j57OMtLpGXhbzy6fEEUkWLB9\/J6wcBps4b9P2obOHVJ45sa+as0LsL1RcdUCU8bHEUzFkgHWDh5Bx6gLVQQmPtT0+kXpnPw8VH7nAt5zbP9PKg9mkYMdlrpXIZQYH\/vYZ\/s4\/AO+h5uy5L+gjfhFfEim+1bTLMvy\/gIapPFI+FVw78Eb39bDVBsZhXArGP72zkjqH60HyLuuVPZr6X+LiRvTF4ct4kmA\/t3Q8QPnOFyiRxqDR82tP4\/aMS0FPR4Sq9rD63\/BKuBBcmRXTwRi82ovnDQdBp35qpuj9GdbPJjSQE2nfmX2hsX6Xk76ZHbaL8KjLyiEkhDJl4ImfOLo1YPuIq1a3DUWjFYRw8EY9o0UkUO568j\/Fc\/yC\/CfR4bTRmkKaj8Hr4ucVe2POT1Wd1gY+y2vQppzcKvXvnmHhNabFyqyW99JpzheV2QazE\/pof2oLvgPRXNjBs9DyMCTvOSAAhuyUC+3+iJ4y7VqFLJJ88sglwH+eYe7d5DWImyW5UB4S"}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":263,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2711}
-01016{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977604238,"flow_tot_l4_data_len":21934,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
+01027{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977604238,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":16810,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"ee644a8a34c434abca4b737ec1d9efad","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"F8:4E:27:4E:F9:33:35:2F:1A:69:71:D5:02:6B:B8:72:EF:B7:BA:B0"}}
03262{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":359,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977604,"pkt_ts_usec":476233,"pkt_caplen":2184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2184,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd6tAAIAGAADAqAG7wKgBstOUG56PHIiRWcQFglAYIBOExAAAFwMDCE1Z4hNO+msU9LBvnBdfz8pT3uIpAXl9v8baPCclctzafizqusRLc+3yBRrxsTQWeM+z\/j15TWKILyUHSn+85MmEVgMVvQ0naJDIPu9CFBTDGola9mExfWT+oniDrqVp1gDABVnjk7XDV+j312n\/hzyqb4ibRnC+bFrWzgCW1GEKZC1q\/E\/6hCR8a6NWoWAXlJURq1D\/2FNJECXg84tGVTlZUZ1hjKYFe1ajrioO0kHG42Cd8Zjh8z0Xueajz3JAzS640hLUA9UiOwKymZvLlEbzmhvESjy7FaJ9bekboPw3bn\/Jlj8ZF47zmQeEehl2qQ6htreM+LkT10pyuawnjdSA49JLH62hAyXThdYpAqJip7Of2\/W4b1J\/sOcFmX3l9KAFnOoqthb7U+hWo4LNbMBAreRWvbyJBqBBBkZtLMF3OI\/lgS2KRgiGqWPlc5\/8IqmFk9teB0eXT3W90Ps0UUvmRSCUsuyjlE2EUCed5yhGbXvuJ8xSirr7nIFa1dYweQN7QjZ0sg00UI7aXkhkgieHniYh7BkAzTo5ugnGnsZrDAocUbXzyptfnLrllkciPWt6N4rg8c\/xwdNBoEXRr4P2mFanIOSfwLfesF\/8nIMB4jD4dzmMHqwwnijrCTzHMjJCWGjBiVcn\/UQYAqSGPRdj\/olBVabavlmrH9Royswmu55\/v0PdSgyGh\/aF1NdAgMCQWfK4iTLXOnXiEhxUmiaGmwJhqej+pUp9yjksckOwAldsZVm2TEe1KH7VnJBozetryh05+IDLSkv0zfcXCynFCbOfRrXJi9E5rMp+EFcmkCd5du5qCwA7mioeIjdmsg6o\/hZay9NNqv+SjegBeEnWjGidm62Bg2J3ugleU05MdTEjPG\/0WEVFE4YLoZ0+Rmk27LsJ83E69N6EM7LIqHaBy4YgdBXCwRYXMBiZ7\/eXyR8ouKpqBrgyc0zmgTMfEguyU7bGFL8oz\/66InO2PDAb3K1g9EivYV0J8FGZbXrGGgeE23xb1i3E7zCa4xispnmUp8ZnvfmRqlLtxCp9xRo6wVZs\/8OOR3ozRmiI\/PMUf2ocLk1A7EQ06Bysnei2m9sDgUmz3xW18h43AuI3Dq2dw8luofIYO2mIw8PGK3r5t2XcHhzApuS2sJNMJzPVZjPnXGXlhTtPZq8RtPkaHlZqnY8opMkhjFF9Aqz3\/NEmWCFimFinDFcmhKzw4Zc11XVddg6SqbuK6go4CDvysm0p0t9NPekVu4zDVD4EAMuugSYVQPLC+GjcaxjX9UJufqiIKF2iGtSmbJ5\/R0oXR49FUnI9yHKXJ4k1LJbs5ulkD\/zGTnwCq17x21cHuxnM6jXwS\/ZjHHSGC3ISErC25VTJIcskqau\/dLYahxzXBtlEISVUbywuDuTbM8bVfs1bmyjIqYpqoABDoN8znMk4tsz9h\/kXlXKkCe6C+ec5cX0UVZQMIW14dtHVYELwX+yQ11ENYgNnbDvK9eYwU0VtThgC3i1tU+NwupUlXjxfhWt4d9x+S1Drfg2\/F29sYlDkdvYZFNRxoce3hBgJMPkIZEwqQFdENALY7ybsrObH42iP1NFKqM2PiLlHgVkrXHPep5p5nTaEGT1K4XQKFidsDE\/TU5jp+uV5i7tmWslQ3X0hd1lqhRPKzFSxhrdL\/OkYNUrKk8pswZhw3Z5L1hzdrsD27Qhrf+B3glSilptp8X7Eb52KYHrcuXisGa5DME2Lrzq7wHZEcCZuFh\/f9pqqJYEw3qNzgBQZCUbbeWgAPqTdMSOTev3F1ZSLvjeDledsYbcWvH+19SSbYW5Y+wa3pdx8cHj9rgNJObLJ0gF\/YxIeWBWbMgRPm9VI884Bq0CmrSk7ddVJJwqxpMhp3yO6unpbvR+zfTdO\/gFuftha41xabyjq2RbwbJS\/QEAhDCTueFRp8UI79s9E8eeZNx9EvY6Nti3XxVxAo3tbUi6gx1ha8BjET5MrziHMVJP584CS0eGAzo8fj1U9Uc+O6iOZvqO0xkwHZXp+13zpS+c+REzva4Oj9b6ImTr0r\/rqGg9rLH+ngtAU8Go4I7MCxaT+qMw3Sn\/jD1ZwNCOtlEOXIH0ppz6oLuqXGCJt0v8B4q3O9\/iS4Etdlwc5FwSC7vNZeM7RhhTBOd920Cgdf6+edNDGmsNO4htWQFAC0nm4yH7hY\/lMyTQ\/Go58thZciiFw4Cej0V0w9z1lZr0Y19WT5BpU\/41Rhs5jiD4sEvnn5fsC0k7V8yO3RdbF3LAesZcbukPjgqMXj48hBw8gAwlDe4wqdAR8FzU4xAgi67KDy5J9aahTmpodMn3eAlq2seT1sprowIc5H2Jr6vfv0RSDSBv125+qvt0xa5w4kAcrHbM+eOH0yjmMG3GLfBJVMa4Vk1NsKaJ0UQ+RHQJfAUAyJ8xY4LRIPsJajoH2jPGjFbI4LDI8bhoRIdBFUKHN9uZjbq3H5dTZloX6t\/+mVMaOBCiuB0wF96KeaIfPnoIAfsOIL4RAjJpyEA8YqwiLIYneZIciytK4JU0djusymFsgD3QmBLLM3T8wmJfmQs+XxdV6LUZCGbP48aNe2PEu4cgNFp0Gedax29OKBqKQJrrDAOojGxNEFqD+wgFm25xNUI\/oXWJUXCHAhyWvKF06pmsW8PgL9krA7cX3OGZh+fx6Ouf09uuPaEUfCe9q0DYD5wRHLyGMQuCzEVKuvUYxbp4bFbcuyJYIyTf6WEilDAJELMx+kjzm\/H5Jsd3GEHZoFCHlCgDalTY8TAlsEpBNykvZp6\/PHoKQjUrmjAolT9SDrLsJqIlaBNF2AmQ\/Iyl1mM2T2GFnQmg84apLYPcFrVeD"}
00177{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":359,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2150}
02586{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":429,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977605,"pkt_ts_usec":157936,"pkt_caplen":1685,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1685,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAd+ZAAIAGAADAqAG7wKgBstOUG56PHJqJWcQKplAYIA6ExAAAFwMDBlpZ4hNO+msVBGAU\/CQ+++T94X6aPp5XOKoWc8p1LFmHdGVPh9BmLi6fwPmaM4TfFP18K97w+JrG2mMRmj1tdgTVpDxt1C0Gncnny4rfOTrXTSleZ5fZVTWiCSG7aNbBqkDSL349Eg9z8IeGPlnYoPEN4tP0hVZemLcZgvILCgm49DsuVR3nhYp4sy6rhIgg2ckXEUXDokzjgL1yjIvt0ScqIB4okJR1wK79N4XZqDHUn2McD1b0N9v3pDlMk30O+IeVoz9StvBgQxoSM1A5v2XOynHvcw3I8aid5vEAfPOQwi7MSG1PCJ0p3e78RTR5AvwoWV5tJbAp5WWCvBGG8HYJ6RuplivNDXK02J7ld0qN7u7Q\/nmAnAOYa\/GWwRKg9Tr4zfIcTQXCCMH8YRxab5gJYESXf\/z1ewgfmFdNttFpDtF3N7hOkJJmZHsJzuVof1rADifgRt97Zt+Isn2GstbeNF7UKJMLnv75OfDd2jVaGyCWOSqr\/89o5b0Qcba9pNbd27IaXMZ396LcYhHzQDlZLBOMY+gl3DT40bd0Qn3wMvCOe79J\/29yZ6+yHg0PB8z38SVANS+MLgd5MHawzoK6qP\/KoynzQmsUhdMqkAc0u5QRyWPT6U3NnyyEfroJ1LxXZiO0p\/fJaarHw0cLP1fjQ7KcB\/LPZEOL57GO\/hkiUjKlr9T\/zgfe0MpybuxtbUS5tZFJNfvjqzwCDWxHE6QvgtJYBEYICQ9457KYO\/wcbNLey4CBV4x\/6U3oxvEnGBaUwLbpibk59xCzCzXuzLKOU2h\/EHV6JrEnWQFj7q+IE54AaAPZmfjFNLhs8FI3pZolVNQe96OFf7k5LQqyxz6oZ1rNO+dd9\/S1xOcgbh4tB3VzpRlIif9Xfi6vpxQgpAp\/Ckg4g9P2rmweTngy7EZcRiPY\/bi2lc5tqtIT2YjwokS+09PlxQOwAQPW9v9MUl+HVmH9C+i2v5UfxK\/4ypGKOP4BxiKQOzzNuz++qNx\/SX2yG+XNVmn4xGXdzlc2H8mwNwrvpt0+QLWBHW19hkrtqlSNDdhPAKKnjAc9OMKU7xejzXqyMWinIDTpLMEj5I3dKLCyxRQJXLZTienT2QWOT\/xdc50wNc4XYcA+6WBY7IyfdBJBT+rLgTGDSH1\/zTXELobM+rGuJkzTFRw9bqFFXtxSCc772VJ12sjK0vXDvFWKoFaNoe78LZ5voDtMwqopYvwpV7H6nPpWna\/o4CSRCyA3G14Am\/fxios0att5z9q+drHHVURelxPIt6ukJOio91iJVDLpBHbf1hgwox0kd\/+SeiP1mSjU2kGz8LrctjvSpmSRN6a6sKEorwbTCfZd78Qn2UaEncdDQIPr3BaGwPF4TGFI0Wu\/hgVJlFDzcuBsXN4DnS0YuWlgUdm0mq5mHA6s6lEm9Sw10GlrxnAmjH85PGF8NK+bJAyFRbkgKNmxeLMD2\/fJM9Yy30wqYmAchsBRZiFltsLa0nUe+XTAR9Hq2HXsEEZ4EdZwmwTjJRctTrzyhro2HYoydJS1pGm0+nd1efNqtke4yktOnOtU1KavI+p+2vrcYUysE5QjNXan78ayVsfgNcFNqMFZS8HNwDAfprS4urmn6HN0VMtMdjgGQRPG16qegP966dnrBVAaVqv7RxbWSqR9ZgtQN4kznoApYsQ\/htBNdcpggCk7aEeCp4hqA5E3Dgh9f+uZnbb36LAJBjvyFcmH81G3Lk5YlhF\/zSVvLKUb0MTqYenR0yMx4zxUl4GHoYotJkkka9m13vFT0upUDpqUYIAPW\/ssc5jgoqrMk9Hhi5y+7HWKQgjrdb6nOU4S5uyGOKDW4mE6\/rPBHp0fY5ylYs03GpUua9a\/glfenyNSCemqQlPjbCThLJwe2Q+jRt0ZttjgtfXYUtXdKQPdi9kDvDLF6bC6lPNdETt6RPwULQMHokPt4D2I843jsNIop+cnms6WRAoTEy\/nJlP0Xf6+O2AOve7kIGWj79Hb+Txxi7fe6XvRzr\/AFPz42M5rbE1CpgUgXEzV9+mwpu53B6ibIPrxe165c8h5iqFjNOd91m2C48D0xK3n27tv8SErJpnkzhizKwvbaMs382VOUnMh31zjjLabE7N9jb\/tEo1n8oAFoazbbRyR7uBihqWES0IVOQF2l2EDE0lPDLdJyXw="}
@@ -922,8 +922,8 @@
00178{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2511,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":1581}
03252{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613977618,"pkt_ts_usec":195735,"pkt_caplen":2180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":2180,"pkt_l4_len":0,"pkt":"KDc3AG3I2MuK4S0uCABFAAAAiTlAAIAGAADAqAG7wKgBstOUG56PNqDiWcRUSlAYIBKExAAAFwMDCElZ4hNO+msXh2bUnODOizPQiAddzId5s0L6Tw4B2tyJ0YG6Lk9xeCjCkk5iyV\/TcZ+MkCeyOMxeyKngR\/0L81CbJvcp2HY5+PJ99RjORMM0hFqL0M9FsClysAMVqzfPzL0uTI+AMuQYjmp2qqS3n0jD5Mc\/OI6AQf5alcy5blcc+SRlMpLpNTjaoZqhbqyN2OjZAQ0RCghY1jgDpcpPpjzXwFfM+eUtNLtomqzUozUMvSGBCPubR8ysHpKf08rz9nQsYe\/eQy1W+fGZ3UevRU4e0ziP\/Z4ImlVCjTNEZ4Q1m5e1dfxc\/2iPO\/xRUkfR9tTq5C7ck1L6BG5Sbs7srBImqkQCfZO0borStlxpNfdnOV3FAeKPjPu+OB0GQFdSoxU3ShgSCS+s3yhVPiImHbrFfcRtfPcymodIF1QSeUI\/b4QvFBs1xUsetwKnOpQQqQSJnJmm5p8kAXEr+E17QnDNbQ7YpszC1yHmy8ntEIl3A784f8yXufRNOYJFir+O43BaD0qfe\/E8ybQFEb\/wMzNxH0PbiaGM6fZuRxuetCSAU5wDWUE+emEiVkHNdRsVQGRAbJoutoRZnkFzwA6CyosjbLdzxuScaUYQtz\/x4oANzVRMAMzmVJ4c5nalbJW8JxLGB5MZQ9JCVYtUqHLLUdCfyU4E4HlGdK5rNarSj3ruUr+\/5kCGel2xiNIDS+c9xxjT8sS4zj8gfHVq5EP7LPuFyWrTkRmqr600UXyM+yqOFXwyU43fpvj4RXm\/bDgFfkcz2MeJFCky7zPaaOAskDznNnLRmqzyBHEcnqVNwNVWmZnSPzmAPX1eSxSk78DEv\/4pC1Zw33pmGNtPqwzbm4adGRSJMpXA1ESn83MO5nw2tlad\/f6XtHIDIIFcAd2ybubKHggF1GlVj0fZ3rkpkpXpbeP4HjVWCmpZlmt5hrqOnYKCXIoA9d5Q9eU9x0bDgEw8UsAs8Z2cGt7PGrb+Qv7bmsIIrtbYJoehXXLytxGqTyGFHgdtZ1iR39hZ3t83j6Mygm3lc680av6XxYpuCod\/9ENBc+yDd51\/4a1SVvyKfKpS1J1NPGkdCHXxqze5lGusMv4rpLextd++aXgXm4pp8tC9u7v0Y3ESoZOdsgdZjwRtBAwxPUuMR+bTiGlzmFAWnBxEgtA8qwqoeJ8fN2BBhxRSoyiJIjvIbrD\/ViWh8M6a5vCi9FaH2BHmTSkUujKoS4Ui05Uf0s+HwGa2T\/ncn+QF0sBjLTpC3akoGTkw2dqmGtGGg9JL9sxQrC3Z8P2+K0kklga\/87NYKb1gwl8HI5zrx04BnBtRZsYBSRVsc1GywvAc13NndpSo5neCnmnBd\/1I9+HIxUef4wi7p4C66Y0I2booJeN+ZoBGc\/1Y4vtaXbEsPJKJMDqB+BLCw0nSvSbDYYxB91phOhOel5GanFtMg+9nyM\/3XGQvKxO8noAo3CMoOyP7NgQIfjHvFH8Bz6xZMI7QqDGNnOF1uX5CACJ7YsOw8FPJLyQlYtZFFGiMTTrapto3gMpziUDCXvss50gfevS3poRlxl+s6OS85vpXalhuTHFjf8vGxSXfWFquDf1RFg9CUy8zk9PSl1vxgrx0OTqElj9oGT3+Vx3qZgn2bqf+592wbJFWx25hJrBNvBVEbn+OJNrZuuEh1HCoz98Rw4ULrJKM3qfOdDRZ2usK\/f4PyleqeEhwP7aUVZX0wKYFXL2UxfGiK7yY36SpPBq3Ln32t6dvMpaObtqNj+Kfr4ImRxmqQhe0B5zTHV67SrOYPC5E+e3BuEgNN6g9Xu7lBtLjFEUVfT\/s+OSTv0ASorfZmSXHEGDDlch1PtzQNW9Rg1xFAIoMDwxtBj3jiKEIJKWJ2FNgC2FjB+FshqIdc1deJTLE2ymgSABs\/nFAcJERH5Eh8SDc80l1fUqtgee0KKG7+UiEYG9HBLhxrjLYpW6nqwKOnP5iS5J75eSdcaJPQ2RCDoI48f54M\/u0C5mjF4KxZWfbF6W+LA7ItzNMe\/dXWOBsTFS8qH5T20g\/3IZenJtIlcn5ix8kqRSNhmkt78WK6PYEC8Frnz87GbQ2+TF1AIO24YEByT38EkpPfVZBJEKa7vsROTk\/wrD31hqsKtZVqrDC7NcjVOE7GiftEXF+1sA8Yo1W\/gcl71x2tP6c6oxG0OS7vSR61oZ9c4wtxmZsalZYl9wvy0wjtzOgCqQPbk69W7bNvn1ZXADwPJ8YWuzH9z1aPWM2csOqghu72ChTMW2zQtB\/qGY49wPVNjYcmbEB+443LWlsFCjcunDLVmzxVAIJIet9kbYse0PhUurR66Ele1UdzzsBsHU08\/5dPnbKk+8hDJCPyIztDNktODA9+bPmDu8JJ2UixUjK4TEzkxYFIQMx0hR4gryqlUJRl1sbbMr7VctjZdbpqLiiFuSagY+pSdIQ8GPFcdtrfWsXnDYoiBXJ\/5j+UKyYU4B2pUY38w+mhHW38VyltT030eEtueb0ipynzmIgzRdJZ\/W7TPMibiy2oykdpbb6SZ1ujx16jzA3iU7pPElUkIOkKOSxtREPgbzIlknPYKGoBQHdq0GpxSL0i9d7GU7NtI2fcQYpwP4X\/sj3JNdosmuOXAeEPYsSMWQmH+qrj6FSm9gE+WhZfWc2hGNRD7Y6OGdYaU0Q60pRVRul0FACZqyMrb5y97MpVuuqRxKzn2r7P+Z+KtgKO7S7rNMVQmOq0tVktiH\/Ws836Z6\/328nnzLauw2NXRu0qwbtytvVv0f2sBuTbqbURJET4ciDSSyF7wux7TlhQsY\/qPPlXKBUkVGHetfK0nSty5hsQc12nShr9kuLAog="}
00178{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2513,"source":"anydesk-2.pcap","alias":"nDPId-test","l4_data_len":2146}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_tot_l4_data_len":3652,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1306,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_tot_l4_data_len":21934,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":56,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":56,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1613977595407,"flow_last_seen":1613977595964,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1286,"flow_tot_l4_payload_len":3316,"flow_avg_l4_payload_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":16810,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test"}
diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out
index c0b9a26c6..c946c4c5d 100644
--- a/test/results/anydesk.pcap.out
+++ b/test/results/anydesk.pcap.out
@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591342198821,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821353,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":821804,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"}
00473{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342198,"pkt_ts_usec":998446,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AFBW5dKtAAwplUdeCABFAABYtotAAEAGCwfAqJWBM1PvkI3\/AFB7i55dMVwSUlAY+DR5WAAAFwMDACvmz9mv7V5oqHbrZghdQbdzwBFFDzsTJ43BfdwI8acT8HfThIVfMXtYD9Ln"}
@@ -8,18 +8,18 @@
00406{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":30587,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAotoxAAEAGCzbAqJWBM1PvkI3\/AFB7i56NMVwSg1AQ+DR5KAAA"}
00625{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192188,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"AAwplUdeAFBW5dKtCABFAADHe1MAAIAGRdAzU++QwKiVgQBQjf8xXBKDe4uejVAY+vC7swAAFwMDAJokrUQuni1bFHnCrCrci8mu17SSshonC+8pGDiK6l\/Phzxh+NqjpoA5ePRAbTasLuAk4CkeR\/3tMjzdi54ShmUijEg7vw7jf2Yibglow2dlbDkiN8RweFkh8WAg9qfiulu\/uBXqXNlyQGNFnq0FuLddJpIfp\/rRQZTfZvnPbpMerzuj+HtmaUXL4pG6hubYJ0hdsp6pU1FeUjm4"}
00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":192219,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoto1AAEAGCzXAqJWBM1PvkI3\/AFB7i56NMVwTIlAQ+DR5KAAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1591342199201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":201196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AFBW5dKtAAwplUdeCABFAAA8CJBAAEAGudPAqJWBM1Pu26oPAFApppzyAAAAAKAC+vB4hwAAAgQFtAQCCAqukMx3AAAAAAEDAwc="}
00415{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366001,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AAwplUdeAFBW5dKtCABFAAAse1UAAIAGRx4zU+7bwKiVgQBQqg9odWR8Kaac82AS+vDm4QAAAgQFtAAA"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366113,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJFAAEAGuebAqJWBM1Pu26oPAFApppzzaHVkfVAQ+vB4cwAA"}
00765{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":366725,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"AFBW5dKtAAwplUdeCABFAAEvCJJAAEAGuN7AqJWBM1Pu26oPAFApppzzaHVkfVAY+vB5egAAFgMBAQIBAAD+AwPH+2RueS0bCFAjOjiKaUYj6rfjOOjwnxNAapJEdabvkAAAgMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANsAywC7AKsAmwA\/ABQCdAD0ANcAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMMAxwC3AKcAlwA7ABACcADwAL8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
-00872{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00883{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1591342199201,"flow_last_seen":1591342199366,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00415{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":367083,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1YAAIAGRyEzU+7bwKiVgQBQqg9odWR9Kaad+lAQ+vD9lwAAAAAAAAAA"}
02165{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532111,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"AAwplUdeAFBW5dKtCABFAAU8e1cAAIAGQgwzU+7bwKiVgQBQqg9odWR9Kaad+lAY+vCKSQAAFgMDAFcCAABTAwNe2fR3FKnG2hMjkf\/flk2Q8alQACN4Gw3ceEAvBvF6LSCBWeatQQeDcBonXd4xN3eteAA\/15hN7vAwUwn3lLPAk8AsAAALAAsAAgEA\/wEAAQAWAwMItwsACLMACLAAA0MwggM\/MIIBJwIJAPGIMHZ0UySTMA0GCSqGSIb3DQEBCwUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTgxMTE4MDIxNDIzWhcNMjgxMTE1MDIxNDIzWjBGMQswCQYDVQQGEwJERTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxFTATBgNVBAMMDEFueU5ldCBSZWxheTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEimSq43jXFd4y0DWmX27+lJ7CD1sFgnD\/iYL6vzT5r88O9fhn8M\/e++YZZi52ShTQpoZZcpRdLmq451xVL8rL8wDQYJKoZIhvcNAQELBQADggIBAGaRMkjCQwOFjmCpjVewPT62MuIafRSC4Z0O+0QWB1PHDHb2GlJ5LWbUFThy1vpyjh19L1wPCxJWhaY8PttZrUJFsoFAOthHxaopXOcDA0mgW0k\/ljLL+1fwcvADKqBcacDvUvI3a9S1Cibm6CC5S4u7Y95vZWqfXdfBl5stME6agYW0HJKm7dh6+d+dA7OQnHipyLoOPKzsFNt9UbOXBrn2d2Cr\/lmDr46XVinH235xedHH99q2yPevjyTgGwDfFtEZD9FanUcBfCdTgE9e5p5qbCT+p+SAfI5YsNQSTfArm7reqCIp\/\/ykK+bUhdN7zx9uuxCVXAzDJjlTyOx8NOJ4zttMDeZwfJev+OGhYVouqoNxF0SgnfxMEfy0XPp2wXEZoySQO0+pz8APHRZysuwFzalvy9pDczR8elyWDce\/2b4BkLc4W7yJheLb539UUoq+3al4Vc7dPrKTUuUPOBbOuzXO4Z9Zod+eDRw0b1QJQAniymVNFEJMPaOrgfLzTcGa\/dKQ1diwXhIKLMNWxN7bQ5LBrfHh\/PvD74hacQYkXLdHYW\/kukh6eIsjvV9uEW1d+2PJsVgVlaMm0ky2p+Q5POfjWbYrXy6OcO14LP9VzsT8ZminOkRX8km1ObtFBCwm03x93FrfzkmQzxQdQ99Hr49V9XxJA52jASKsiq2RAAVnMIIFYzCCA0ugAwIBAgIJAIf7DQy3sYvoMA0GCSqGSIb3DQEBBQUAMEgxFzAVBgNVBAMMDkFueU5ldCBSb290IENBMSAwHgYDVQQKDBdwaGlsYW5kcm8gU29mdHdhcmUgR21iSDELMAkGA1UEBhMCREUwHhcNMTQwNDExMDIzNzU1WhcNMjQwNDA4MDIzNzU1WjBIMRcwFQYDVQQDDA5BbnlOZXQgUm9vdCBDQTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxCzAJBgNVBAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtBVBDdoa01og\/vnfvwqM8aSt79RUlufigrcNAOrxN+LXjKEWO6BoCDiqbdsmvqZpkzaojh5w3KyBHuLdFoM0tRVw9YrNne5dgHxaeKIHpK7m+NYx+lx7u+Ba61Evl7\/2+zMnkLPY5A=="}
-00931{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_tot_l4_data_len":1707,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
+00942{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1563,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
00407{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532151,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJNAAEAGueTAqJWBM1Pu26oPAFAppp36aHVpkVAQ+NR4cwAA"}
02173{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532596,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"AAwplUdeAFBW5dKtCABFAAU8e1gAAIAGQgszU+7bwKiVgQBQqg9odWmRKaad+lAY+vAgpgAA4M1oO2qHbKYN59i9Yd9WayrhHCv1n7+F3YxbBh5xf7pKpkCwdxfqLD9blBSFLq0RYauI9gG7s0dr4oEY8Y455th7DGOGg6xwhHUnLTU9e3uozrJIeQg4LYImfpNLMnZmhaf9yvEKL8diD2pA\/hprWBxT5GPBdYOaq3gESYMf5yNwn6O\/aNEzL0zeXoaYfWF9ATT1nOnLQWuuUCtn1dnyAvxfo1I0udxn7\/pzxZRA6rWK95js6Ju7hmxvNjeKgIyfhPbKSnYico1SfYV1TVXvra\/z5RYjAFvotu1+ny6AS+7VX9xl6Ync26ZDBLvO\/alMLxkzquZxIIb+RYuX5sgdT3C6x8DD86by2sKkG92JTuwc2nskj6pC+RQyg2hjyCa87BOzDQvitgjGxgZ+oxZvFdIbFlI8HyKRJRcVzEKC2juoOccqUMrZTKCMlTN1A3C436DJsrKLGziDeTLDEtozlkL0kRGqxiYxvOpDijBUZcVDnlA7+pGTDp07I0o9Q8HGIptory\/8AYBSGAUiDr1q5C7J1uzFj\/MTswIDAQABo1AwTjAdBgNVHQ4EFgQUGWV5BoDG3rKqWJlXsjZc7QFijUcwHwYDVR0jBBgwFoAUGWV5BoDG3rKqWJlXsjZc7QFijUcwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAgEAs6pHF6Sv0mA0Fa0l1Y4oXsGqsY0wVptHdvLgIFQGPfEjwu+7ofKf46sMBr9UXgwaNVZt4ZNLxZlfkIZ+UoOUoKBHNvL88sJNcMnJbjRcpw8E\/esWXoq+hjugDHN\/o\/VfPSvFQQxnCuNIK8pi9qmaHsnkRLwX+dtcRZgJaezIY++FKU5x7fmZrEkgipC8WY7x86WZmRLjp3vlaDSrU1qt8UTKun\/CpnOSEOqMscbJ1eReKw8eSpP5bUwGhZBlUdOJzC6ia7Xk8Oo3Nal9wMuHEjJykyFRgR2jDMqW+IH0kqCv9xkk8+bN6hEpyfEpHbIrGBq0o8BYxHA5eKeI13QywoBig1jjtD4luFYsYHdSJaphMtGXjXckNCTF2\/LdYcjtY1cOwnDlH1LdbG84strtnacvh\/qzcOVkTfnDAtVG2h\/L8Fgg\/ESW8Mq2mznmzyfQLJl01MreR4jt3\/ecO6yKYtJ1kNkAgdP4wkeOmr2Hbc7lmn8odqR3xj+5v03xy98PLHP+tGDjJl6D8q42VpTpp52hPcpdbj1dqG\/ypY\/znmiFJ+zpZ4U0Fg1FNBSOBwx7JVFU8z+hKu+aF55R3hZk+93hyJQJjDm7d3PUZrtJK1z6K1eLZq33qHA7j54Jcd4SLu0CEEzVZx5y\/zo+NG2SYD1EXvQhYO5sLjpzGsMmavQWAwMAlAwAAJADABdBBJ4gqxu\/2Olw\/hDX4IRz1MnzWKHEoX5juzKFl0QvBpFxBeZDIFVOPCUvPpMn9UXfXp86d\/EthPoo4ljdTojgB5IGAwBHMEUCIF6xn0Z4OO3SABgfd1qVxd9TCdOKbYjboKDHbv2IgbH\/AiEAucA6fUIcRxnJDOsdT3ZwF8RSH7h1tM+xpD5QGUIjH9AWAwMAbg0AAGoDQAECABYGAwYBBQMFAQQDBAEDAwMBAgMCAQICAEwASjBIMRcwFQYDVQQDDA5BbnlOZXQgUm9vdCBDQTEgMB4GA1UECgwXcGhpbGFuZHJvIFNvZnR3YXJlIEdtYkgxCzAJBgNVBAYTAkRFFgMDAA=="}
-01133{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_tot_l4_data_len":3047,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","issuerDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
+01144{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1591342199201,"flow_last_seen":1591342199532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2863,"flow_avg_l4_payload_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing","30":"Desktop\/File Sharing Session"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","issuerDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}
00407{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJRAAEAGuePAqJWBM1Pu26oPAFAppp36aHVupVAQ+NR4cwAA"}
00416{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532935,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"AAwplUdeAFBW5dKtCABFAAAte1kAAIAGRxkzU+7bwKiVgQBQqg9odW6lKaad+lAY+vDvVAAABA4AAAAA"}
00408{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342199,"pkt_ts_usec":532944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBW5dKtAAwplUdeCABFAAAoCJVAAEAGueLAqJWBM1Pu26oPAFAppp36aHVuqlAQ+NR4cwAA"}
@@ -34,7 +34,7 @@
00483{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3394,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":256699,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"AFBW5dKtAAwplUdeCABFAABbtpBAAEAGCv\/AqJWBM1PvkI3\/AFB7i57AMVwTU1AY+DR5WwAAFwMDAC7mz9mv7V5oqiGs9UmHGy59yVVeeA5lJVIYioWWJ6DRPZ7\/AKPnOzRdEdmukW2o"}
00418{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":256927,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwplUdeAFBW5dKtCABFAAAogvwAAIAGPsYzU++QwKiVgQBQjf8xXBNTe4ue81AQ+vBOWAAAAAAAAAAA"}
00481{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3423,"source":"anydesk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591342229,"pkt_ts_usec":454086,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AAwplUdeAFBW5dKtCABFAABZgw0AAIAGPoQzU++QwKiVgQBQjf8xXBNTe4ue81AY+vB\/XQAAFwMDACwkrUQuni1bFlXQfhlbpM1ompEjuxnWze1GuQIrlqNjGlJEE1Ae4+mTb0GZcg=="}
-00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_tot_l4_data_len":2556299,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test"}
diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out
index 88d51d16b..589180ebc 100644
--- a/test/results/bad-dns-traffic.pcap.out
+++ b/test/results/bad-dns-traffic.pcap.out
@@ -1,17 +1,17 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012623,"pkt_ts_usec":234684,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486012623234,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":242985,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1486012623234,"flow_last_seen":1486012624242,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325522,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"}
-00768{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":99,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":325823,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR8\/FAAEARVKHAqCtbBAICBIx+ADUAPZ97lHsBAAABAAAAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
-00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1486012623234,"flow_last_seen":1486012624325,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":361,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012624,"pkt_ts_usec":382053,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFjwlHuBgAABAAEAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSOTZiMjAxYTYyMTAxMGFjMzYy"}
-00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1486012623234,"flow_last_seen":1486012624382,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1486012623234,"flow_last_seen":1486012624382,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":445,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"7cd501a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00472{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":339317,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9NNAAEARU7\/AqCtbBAICBIx+ADUAPZVqopQBAAABAAAAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
-00729{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1486012623234,"flow_last_seen":1486012625339,"flow_tot_l4_data_len":546,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b11c01a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1486012623234,"flow_last_seen":1486012625339,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":498,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b11c01a621c362010a.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00513{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012625,"pkt_ts_usec":434289,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFDmopSBgAABAAEAAAAAEmIxMWMwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSZTE0MDAxYTYyMTAxMGFjMzYy"}
00471{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":390267,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9a9AAEARUuPAqCtbBAICBIx+ADUAPeaXV2gBAAABAAAAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00517{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012626,"pkt_ts_usec":493531,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA1jH4AXiCIV2iBgAABAAEAAAAAEjBhYjgwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSMGUzZDAxYTYyMTAxMGFjMzYywB8="}
@@ -21,19 +21,19 @@
00656{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":521830,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5LMYS\/DDAhoR+f4qCABFAADXAABAADMRVQ0EAgIEwKgrWwA1jH4Awx2PmROBgAABAAEAAAAAPGI3M2YwMWE2MjFjMzYyMDEwYTU3NjU2YzYzNmY2ZDY1MjA3NDZmMjA2NDZlNzM2MzYxNzAyMTIwNTQ2ODg2NTIwNjY2YzYxNjcyMDY5NzMyMDYyNjU2YzZmNzcyYzIwNjg2MTc2NjUyMDY2NzU2ZTIxMjEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhZWIxMDFhNjIxMDEwYWMzOTPAgg=="}
00473{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":522162,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR9pxAAEARUfbAqCtbBAICBIx+ADUAPTyE+j4BAAABAAAAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012628,"pkt_ts_usec":571529,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1jH4AYCrM+j6BgAABAAEAAAAAEmYxZmQwMWE2MjFjMzkzMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1NWE3MDFhNjIxMDEwYWMzOTPAHw=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012635,"pkt_ts_usec":73060,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486012635073,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00525{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012636,"pkt_ts_usec":79520,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1486012635073,"flow_last_seen":1486012636079,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012637,"pkt_ts_usec":85359,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1486012635073,"flow_last_seen":1486012637085,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":273,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00526{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012638,"pkt_ts_usec":93433,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/K5AAEARS77AqCtbBAICBNwiADUAY1PDy0gBAAABAAAAAAAAODQ2YjEwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="}
-00765{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_tot_l4_data_len":396,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00777{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1486012635073,"flow_last_seen":1486012638093,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00528{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":101974,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ZNAAEARStnAqCtbBAICBNwiADUAY\/RRFrgBAAABAAAAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAQ=="}
-00766{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_tot_l4_data_len":495,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1486012635073,"flow_last_seen":1486012639101,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":455,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00567{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":174914,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"5LMYS\/DDAhoR+f4qCABFAACWAABAADMRVU4EAgIEwKgrWwA13CIAgtZjFriBgAABAAEAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAcAMABAAAQAAADwAExI2ZTE3MDBmZGY1NDE3ZDAwMDA="}
-00769{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_tot_l4_data_len":625,"flow_min_l4_data_len":99,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1486012635073,"flow_last_seen":1486012639174,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":577,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":175147,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/aBAAEARSvLAqCtbBAICBNwiADUAPVKHMO0BAAABAAAAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00522{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012639,"pkt_ts_usec":238003,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYAA+MO2BgAABAAEAAAAAEjJhN2IwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJjZWZiMDFmZGY1NDE3ZDI1MzLAHw=="}
00473{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012640,"pkt_ts_usec":199072,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR\/oFAAEARShHAqCtbBAICBNwiADUAPZ+EE+4BAAABAAAAAAAAEjM4OGUwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
@@ -43,20 +43,20 @@
00519{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012642,"pkt_ts_usec":281373,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"5LMYS\/DDAhoR+f4qCABFAAByAABAADMRVXIEAgIEwKgrWwA13CIAXlbsi0KBgAABAAEAAAAAEjUwNzQwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSYWM2YjAxZmRmNTQxN2QyNTMywB8="}
00473{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":238555,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRAC9AAEARSGTAqCtbBAICBNwiADUAPaQHCm0BAAABAAAAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00523{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012643,"pkt_ts_usec":293987,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA13CIAYLAaCm2BgAABAAEAAAAAEjc2MmIwMWZkZjUyNTMyNDE3ZAxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChIyOTkyMDFmZGY1NDE3ZDI1MzLAHw=="}
-00774{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_tot_l4_data_len":63345,"flow_min_l4_data_len":61,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":274,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012691087,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00529{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":177697,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486012730177,"flow_last_seen":0,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00573{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381593,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"}
-00770{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":99,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":381905,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
-00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_tot_l4_data_len":294,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":371,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1486012730177,"flow_last_seen":1486012730381,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00523{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012730,"pkt_ts_usec":437815,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYGtAeT+BgAABAAEAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1YzRmMDFlNmRhNmVhMjgzNTHAHw=="}
-00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1486012730177,"flow_last_seen":1486012730437,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1486012730177,"flow_last_seen":1486012730437,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"b54101e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00473{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":395086,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL1lAAEARGTrAqCtbBAICBLdxADUAPbE6V7kBAAABAAAAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="}
-00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1486012730177,"flow_last_seen":1486012731395,"flow_tot_l4_data_len":451,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1486012730177,"flow_last_seen":1486012731395,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00515{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012731,"pkt_ts_usec":485911,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXCh8V7mBgAABAAEAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSYzQ5MzAxZTZkYTZlYTI4MzUx"}
-00731{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1486012730177,"flow_last_seen":1486012731485,"flow_tot_l4_data_len":543,"flow_min_l4_data_len":61,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
+00743{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":374,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1486012730177,"flow_last_seen":1486012731485,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"317301e6da83516ea2.skullseclabs.org","num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}
00736{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":414191,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"AhoR+f4q5LMYS\/DDCABFAAEUL4lAAEARGEfAqCtbBAICBLdxADUBAJjrdSEBAAABAAAAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAE="}
00780{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501587,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"5LMYS\/DDAhoR+f4qCABFAAE1AABAADMRVK8EAgIEwKgrWwA1t3EBIdVsdSGBgAABAAEAAAAAPGFjZTMwMWU2ZGE4MzUxNmVhMjQ3NmY2ZjY0MjA2Yzc1NjM2YjIxMjA1NDY4NjE3NDIwNzc2MTczMjA2NDw2ZTczNjM2MTc0MzIyMDc0NzI2MTY2NjY2OTYzMjA2ZjZlMjA2MTIwNjY2YzYxNmI3OTIwNjM2ZjZlNmU8NjU2Mzc0Njk2ZjZlMjA3NzY5NzQ2ODIwNmM2Zjc0NzMyMDZmNjYyMDcyNjUyZDc0NzI2MTZlNzM2ZDY5Hjc0NzMyZTIwNTM2NTcyNjk2Zjc1NzM2Yzc5MmMyMAxza3VsbHNlY2xhYnMDb3JnAAAFAAHADAAFAAEAAAA8ABUSOWIxZjAxZTZkYTZlYTI4M2IxwOI="}
00511{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":501994,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AhoR+f4q5LMYS\/DDCABFAABtL5BAAEARGOfAqCtbBAICBLdxADUAWY4gBY0BAAABAAAAAAAALjY0NWIwMWU2ZGE4M2IxNmVhMjY3NmY2ZjY0MjA2Yzc1NjM2YjJlMjAzYTI5MGEMc2t1bGxzZWNsYWJzA29yZwAAEAAB"}
@@ -65,7 +65,7 @@
00516{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012732,"pkt_ts_usec":620037,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1t3EAXPaPLhSBgAABAAEAAAAAEjMzN2EwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSMjEzZTAxZTZkYTZlYTI4M2Jm"}
00474{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":574897,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRMElAAEARGErAqCtbBAICBLdxADUAPeYHvL4BAAABAAAAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="}
00524{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486012733,"pkt_ts_usec":669835,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYDm3vL6BgAABAAEAAAAAEjU0NWIwMWU2ZGE4M2JmNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChJhOGRkMDFlNmRhNmVhMjgzYmbAHw=="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_tot_l4_data_len":1607,"flow_min_l4_data_len":61,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_tot_l4_data_len":63345,"flow_min_l4_data_len":61,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_tot_l4_data_len":1772,"flow_min_l4_data_len":61,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":61305,"flow_avg_l4_payload_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test"}
diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out
index 72019a0e3..534055020 100644
--- a/test/results/bitcoin.pcap.out
+++ b/test/results/bitcoin.pcap.out
@@ -1,5 +1,5 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1301327937725,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":725033,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"}
00570{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":800894,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"}
01786{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327937,"pkt_ts_usec":931550,"pkt_caplen":1067,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1067,"pkt_l4_len":1033,"pkt":"ACPrIpS0ACNshovhCABFAAQdZEVAAEAGfhDAqAGOvKXVqdgVII1UFpbu9ORI4IAY\/\/\/JGQAAAQEICicy22UwkrtL+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZZ2V0YmxvY2tzAAAApQMAAGlfIuqcfAAAHKh7ybVTxuZIQjrl7yTcgS++hNhBt1zq9NegAAAAAAAA0isW7TPLR9+QJv0A5WbZVCvm695mFYsw+RcAAAAAAAAKtKqLikjG018uz8LfLAtdjFIkeP\/i1erq1gAAAAAAAJBdQRxOhTejsSgFAkOe4jLdh+MgkNThEJ18AAAAAAAAuqLvaBfSt3u\/xIqIdA14a1vMRWgufw\/9NSQAAAAAAABmO+ZaHQMV8GVsd2tLL4rFQTc0+9Vfwkt\/KAAAAAAAAJT+LTuh4xfC31zGm\/GrV7uiO60OaIRMkzcNAAAAAAAAuhdRV0aXd6Zg2v\/d1GRW41CXeTNnyZ2lADQAAAAAAADN6C3MlB3uxd0izHdkP3dhS0au0yU7AWAQZwAAAAAAAL+B7POHga71M99A8Eu3CYdV7ruvTTFqTRaEAAAAAAAA3UsnAThWfVMwqZa+fYK\/+mnwaocTsbQIG1kAAAAAAADey3zxujtbDGk\/QTgO92YcU4PswnA6nOZ6FgAAAAAAAMDzxV+Dq1G5LChOJMi\/klliIw7dOCRLUwU1AAAAAAAAPos8A4n6clF7nKE4hFivm22s790lzTk\/xUsAAAAAAAC0sS5A1Mm4fwV3yc3Q1LndsofGdqv023cDhAAAAAAAAGvuGwU2Et\/fX33Zfbvd3fo\/8TaDBcaUcU3CAAAAAAAAP2JWK5H+eMf+Pv\/jSxNvOoqfqtxRlUdLIhEAAAAAAADJveYZh3372qwQQlL9GVXITa9jJ6DXXZhGDQAAAAAAAKMYV6DpTz6VcKhTn2GDUxJn1w6c\/OztngqRAAAAAAAABDCPkjdagfw0FOqHQEeRGYOTGUOY4U7Z+TMAAAAAAABH73UkZZo8i3KUfaLV4BIT5FRuJgLU9+S6PwAAAAAAAEhKQKlsPJI3JIw8Tb+HHwelgYW13heoG+NwAAAAAAAAGoeNNbO0PKw7FoNOsSIzS8W\/U8wXt9nuho8AAAAAAADVlxLK6O44NewFXywS+BNdzYycb7g7WSY\/qQEAAAAAAKqI+qWcSpEbTrldQNWUJik+3hdENRtaz0ynBAAAAAAA\/6kPGMjbu4hU+GZN83C9X6Hc1si6bqd\/l3UhAAAAAABKw0jIrFFXJp9oPx6NizqHl5jwjXfMij2VrHIgAAAAAG\/ijAq28bNywaaiRq5j90+THoNl4VoInGjWGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -15,7 +15,7 @@
02387{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907506,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc90dAAEAG6U7AqAGOvKXVqdgVII1UFsJv9OSPg4AQ\/\/8yYAAAAQEICicy228wkrxZqAAAAAAAAAIAAABbjacOO7ehJZKVVWBuwsVZJAX8Bcw9IQXLUwAAAAAAAAIAAABjKtyaZqub0a4QXrTXEOBXlIwuMyPoV4DXyQAAAAAAAAIAAACAesXRl6IxwOyV5rAzrmK0xgwV0ECh6q1lYQAAAAAAAAIAAAAZ3Ce83jjP2cB\/YkVFKayz2mPdZT6\/9q61LQAAAAAAAAIAAABDXTfaeHhZTzaoTC9yLc\/x1tEQ8v0eLMsIbQAAAAAAAAIAAADHxCcUlFXv1nxG\/Un1lT7zUQz1aQaW60nrlQAAAAAAAAIAAABiy\/ssIz44IxlIFKKbPRPtUXtJBR8dH1F7OAAAAAAAAAIAAAB+C64bJTtdX1J\/zCmdYBw1OIu+e1JH5UsBLAAAAAAAAAIAAACDjnaBAfvBfVkcgYEW61m7mTcs4+PYH7NXQgAAAAAAAAIAAAD8Sjpzl\/pY+XFSowU0O4LxKn\/L9BsMXKsn0AAAAAAAAAIAAAC8FUOH\/VjMTxePh4ApiBasBHoleUIC3mQHfgAAAAAAAAIAAAAmbZqYsH0gTlDkfffK1gNwYmh\/jcOVqJcBqQAAAAAAAAIAAADBzrVj4n2PWVxKPqHQnl7ke4jLdODGx7xXswAAAAAAAAIAAADtYzsSYg9zJ+5Ant\/vI12yJ\/GL+j8dEZdZkAAAAAAAAAIAAACRPmzbiuVERFgTPXed3ITPDiku4aM7ABZ2jwAAAAAAAAIAAABD1pJoBCang4F8mmlWwggeUZisn\/y31zd6QwAAAAAAAAIAAAAwxmrukdIUcly6ZFfnQDRhZos9g9uwtyR6qQAAAAAAAAIAAAC0END0y8tvhp\/P3MfPoA8KZkbYVYJCwVemmAAAAAAAAAIAAADX2b5x9eabvJhOSVA4NGX+kmrUKSXRdqAYHwAAAAAAAAIAAABPpfUijIxCUdc+QLG+51K5bz8xKt+HQ8A6igAAAAAAAAIAAADRDU6ZIkEen36+OmJS+U\/GvSSnsltpY1t8PwAAAAAAAAIAAAA4uOl3D305fKBKWNkRL4i5yFijWRzcCxFyNwAAAAAAAAIAAACnhkaxzwNMcsmFyHSdUr+FlHFjb\/uBNmRNfwAAAAAAAAIAAADyH1Q29uptBEJP+W4wPXx\/9bE3Ow7wTgJGGgAAAAAAAAIAAAD\/LEOghtOIND7Go0RUlv50ytNO3GT6jOgnUQAAAAAAAAIAAABxeAVupZn0dP1Jb5hExzbXcqT0qW0JgzCBqQAAAAAAAAIAAABYUtnIiLe7MkHBuFY0T6UGYXmUAKvmox5xSgAAAAAAAAIAAACKk46AtUsdWEaHJOu2oKg6ZQoFrY5KtaNdVwAAAAAAAAIAAAAq3wVd58394lRc8Xh4b7n5NdNK35WH\/GVtYgAAAAAAAAIAAAAB9cvs1eJeNT5V66JoDG7tEbF5DGla39pgpgAAAAAAAAIAAAB9cORoY7ss+Xwo1DFnGzt3PgraWS6uU2d+twAAAAAAAAIAAACpitNVmS7sGL+R05I+4\/GbQXHvf7G2Vt4tMgAAAAAAAAIAAAAySdqEQB2q579u083ePrH7xO2SrBI1Ox2wOQAAAAAAAAIAAAD6CcjKIGDqeq1dD8I3fA2vJhI54RLu+G5PqgAAAAAAAAIAAACsQYqq4PhWny574BusoOFbshrLGHrjFqPmuQAAAAAAAAIAAAC8sBxOvhoPwRr1hN83rfS4PJ2JEbBB8GHoRQAAAAAAAAIAAABaL1nFgCg13zZv2XqRr9o6y2fxW63cg3uKUAAAAAAAAAIAAADpsC9lcwci2Pom\/WtKofBPnWluv0PicNy42AAAAAAAAAIAAACM62zvxVs9uuPrrkvKPwExilN9rux1aZnLKAAAAAAAAAIAAAA5Cjk5P\/KIP+7UC4V6ObHB+RS\/O73aKFStcgAAAAAAAAI="}
02379{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":907546,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXc2g1AAEAGBonAqAGOvKXVqdgVII1UFsgX9OSPg4AQ\/\/\/56gAAAQEICicy228wkrxZAAAANFGo\/z6uJ7Abi3hfWVNEj1QESpreLDm8usMAAAAAAAACAAAAn5Fiv3MNhGlrGiyJcW6lDlRgENf24689azAAAAAAAAACAAAA3qf5dOV8Ece0wCfz3rcjQNn8iV2i+oujXDIAAAAAAAACAAAAyu3T3NWc+n7Emtw4Sp9DzpoLQmZWURUonlcAAAAAAAACAAAA+Eh4N2oeZVyT+MKgvUCWSHXCbYXh1sJjXDQAAAAAAAACAAAAjdi\/\/1Kp6JzwnsXLILVhmlGXQ4ZqxMKgNX0AAAAAAAACAAAAO8HliP9XesCS8ukGAfBIwyyd9zCB2fswZZ0AAAAAAAACAAAAvsqo6pR0voT3qNZ6UF3vwlSzpEe7M0oexikAAAAAAAACAAAAr44gQZUaQvKEACLsgTANbuq\/WAhEW7mUUl0AAAAAAAACAAAA0sMA6ru0+Xi7uxKkbRZR32QuDO3yG1bNUh4AAAAAAAACAAAAagcb+PNjlEZR2uJfagtN1smCFZqEsPHSP48AAAAAAAACAAAATCZQ4EsTCuucPnmANjCUYpEe92RJZKW5uk4AAAAAAAACAAAAfPQlXPKU\/JTfizU11C4fKQhNFxA1Spkpe4UAAAAAAAACAAAAbU05t9qvVUcOh3wOLFKB2pkOFMn2uj9aNVQAAAAAAAACAAAAdtLEOyxHwSMT16ZPmuqXd7OHRCigZaIJipgAAAAAAAACAAAALdGqkV1PhqQQvIcPuheyhCxDjy9WB+mhmSAAAAAAAAACAAAA\/R4yoTNooNK7DE5fek5G5567wVcMf+zFgC0AAAAAAAACAAAAdsKBfim4kQkrB02NwmxUTxtGEpest77N8aMAAAAAAAACAAAAbQD1EwPbZZ4sCNskT6G0pEm8Wpj2Be2zzDIAAAAAAAACAAAArNFzVmWtN2T0dnDfpPyq6FjZgl7wTNq6xyYAAAAAAAACAAAAOiLW6feqExsFNOruu5td6YOEVl2iHRP7n9UAAAAAAAACAAAAhcWpz8GA\/d+pKNbd5LeJrRmG3VP+off6340AAAAAAAACAAAAnoIgtftcS1PS1OHY6N+c5kSbD9g2664byl0AAAAAAAACAAAAdCytp5E09CsK6nkX6g44F7Tk0P0f72uE8GYAAAAAAAACAAAA1tqgYlmjIwna+gtHiFQl0AAF547iSsywa5AAAAAAAAACAAAARh+QXkqCEZFK9+NdphUjifuGyOrycz0f6D4AAAAAAAACAAAAwWnyfGnakCJftTQ5QLVNBgxUJCfCJkjvhacAAAAAAAACAAAAsN5AAQ2Cq\/ran1sJJQvg4khgJ54eKfKvZVQAAAAAAAACAAAAPTi0SHWvEOdJy8Qji\/5JwnLxQfXQC8vWj0AAAAAAAAACAAAAzz+6IsjY1IpWbIHYD55Fsrg+pVsPrmWtKrMAAAAAAAACAAAARV1q0Fb27DZJ7NmutMdlEnSBKhEV2yTq7zQAAAAAAAACAAAAO70OQaLFD61WYynQC+81\/\/G2G+8pzBCI8HgAAAAAAAACAAAABqotZj5Yzi6HQh8Rejrtr00qWnOWIK2Z2ToAAAAAAAACAAAA6hWbzAmWf2vcsAou\/Cb3jjt5y3aLExl7EsEAAAAAAAACAAAADBBghf4aRc5Q1bNoNYiebWmSVFy+Qpid0m4AAAAAAAACAAAAAHZbjuWHp40tuMxQs0D3nvFunSJxQ+RxAZ0AAAAAAAACAAAAoyRSiuAf8lrO3LVlr6xDCvr9MDT2HIZMISsAAAAAAAACAAAAX1gJgVD57qeamx+eDXSP0Vnegh\/xnV6zbI0AAAAAAAACAAAA6ZU9gW8JTg9abPJGVuuR\/+B7o99tG6znaKYAAAAAAAACAAAArjoryxXDD6QD1axKA1PKZ7Fluf8pEM7Cj8UAAAAAAAACAAAAJ0gVads="}
02380{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301327938,"pkt_ts_usec":909012,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXckTtAAEAGT1vAqAGOvKXVqdgVII1UFs2\/9OSPg4AQ\/\/+0owAAAQEICicy228wkrxaXHqZ1BxTHVL5qGd\/c6dAphzrrkPWAAAAAAAAAgAAAJJhTrfbpQdOm\/uqE247YlpGdYjEalIg6AkIAAAAAAAAAgAAAPSdfPpxJMw2qUY9NfcVEWYQOkGeee3304EdAAAAAAAAAgAAALr6ohUXy+6TbDRFvt0lq8M0pLr1suNrarXaAAAAAAAAAgAAAMQ5ZPZjCTVyscEHJ07NW7ANy5tyFXTxjw45AAAAAAAAAgAAAA5I7m1PBtvo7M3of56uNctat\/bYA92XO8h9AAAAAAAAAgAAAOjKLx1FRICxdUWAXv3XCosAo2QRsVhZlZuAAAAAAAAAAgAAABiNjPey8ooJCez7xYvUqLAJPOPGwy1RRpRNAAAAAAAAAgAAALzMdu+6yf+ozA96+AiYGiWKSivRXCwVQIemAAAAAAAAAgAAAK\/cqkoyX6KOmTFmsU7DtyIJ\/EOzvmpdnvZkAAAAAAAAAgAAAGjBZr\/UYwdB0KL6iSUYbzs9TxEh5PKyhirNAAAAAAAAAgAAAIJiE4B5EbAF3qKB6SZeaNlD2fmChjsWGPBmAAAAAAAAAgAAAPFQbxAziINuHsoO32VrKKjlzwsr5Ib9iblUAAAAAAAAAgAAAMO4CPlsoPBLA7lS+te0hvxapXgew8vNDkZNAAAAAAAAAgAAABj7\/rpNhNmNeY6l9SFHEQ\/Zw3KZFrz9fLovAAAAAAAAAgAAABtu1XgDL6y3kicrJbMcMQi3W3Qf1GOy6cFWAAAAAAAAAgAAAHoGdhs3JHPMX1Z+1AAZAazUZU0J7MdTAV5dAAAAAAAAAgAAACGJjlqcm9hvBGQMyKUjsi+LGgy0eLkcvD0MAAAAAAAAAgAAAO9FBhDjHO4Lfxg4LnSPHyMJxBIbisgDlBg0AAAAAAAAAgAAAG7EMuvnK2UbmjuHtozYfbaQZDrd0w0dE+YkAAAAAAAAAgAAAMKealrzNLURTWbo95g19B6dAyk1AeQ0s7ACAAAAAAAAAgAAADqKbktpBfluOfGywijBVAKpwLc9NOV6ZIfaAAAAAAAAAgAAAE41ovTk8asJkKIswlP1Nx4098UJp5VVMvZRAAAAAAAAAgAAADWeOtdlUUl+m3709kYO+6em3krg42ytPEBSAAAAAAAAAgAAAG1gXEaLYCUk37AfT3xRMAxBc5epnztHaOPTAAAAAAAAAgAAAFVBencZmqV8PYW4DTVlVWCgHfrNaNMQ2P2pAAAAAAAAAgAAAHbiKyPrDvAPJ1GeTn1al+vfZWGWah43tu6wAAAAAAAAAgAAAJTJAAbK2tRegaN8aXdu\/RKGTD8VF8PjTYysAAAAAAAAAgAAADNDqVQ4IxKoV66CB8vpEnB93LEabDD+CCdVAAAAAAAAAgAAANQCylmMIc\/llFVC4E27OU\/KHrkqQc03KGCHAAAAAAAAAgAAAGzuHplXBcQxX0OUDPsAUFYuF4aRNSTrysUOAAAAAAAAAgAAAHqH4OMdwTpm4STHKxuJckcUNC7r3Xug1AoEAAAAAAAAAgAAAJzFa\/sxDRHMv06XibQiMXTRRab+gegLbi2rAAAAAAAAAgAAAO9dG8AfOs2bSJszPquk74wVRJXXi6LBV+V4AAAAAAAAAgAAAH4HSlyxTwlP3Ij26FP2322QazeLPyr0ppC5AAAAAAAAAgAAAAacJZvfmzaNcXR9YoOEDRI3b6ZY\/B3Fcie0AAAAAAAAAgAAAGbDaJYCxqWhwk9ebMtBcZbJoTHPQBu6zX+vAAAAAAAAAgAAAIA0BZ4C5Uix+zMOi\/sLiJVPV6ojY8lFj94iAAAAAAAAAgAAABNGafpkAC7\/oFgPSriE0wbRXcUCJW4Fep8OAAAAAAAAAgAAAJGIqWp+7i5azR0XyLfAEtJne226k0vOW32wAAAAAAAAAgAAAFL7A0DB9SzH+tcfurY="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1301328089970,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328089,"pkt_ts_usec":970465,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdrppAAEAGTZrAqAGORXY2etggII0QKtRyRVLzIYAY\/\/\/YagAAAQEICicy4VQAPPkD+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/RXY2eiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII3pIMJ+i724nwBQvgEA"}
00569{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":23170,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdT81AAHYGdmdFdjZ6wKgBjiCN2CBFUvMhECrU24AYAQRFgAAAAQEICgA8+QknMuFU+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAADZsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtggAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FdjZ6II3xDaOK7c9BwgAGwwEA"}
00450{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328090,"pkt_ts_usec":82335,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIT85AAHYGdrtFdjZ6wKgBjiCN2CBFUvOKECrU24AYAQQkRgAAAQEICgA8+RAnMuFV+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -31,7 +31,7 @@
02459{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391812,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUelAAHYGbwxFdjZ6wKgBjiCN2CBFUw7CECrhQIAQAQS58QAAAQEICgA9MW0nMubk+b602WFkZHIAAAAAAAAAADN1AACPeeze\/egD94eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ATQJGyCNG4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AlNCOCCNXKGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmD+giCNeJmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AmLbJyCNv52QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/AtLYiyCNfZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BUzxlyCNnYmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/BamfMCCNQZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/CBqBDiCNbZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DAV5AiCNbJyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DFutkiCN1YuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DJrYQiCNQZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DKr4JCCNqZ2QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/DsjKMyCNWZqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8BYyCNN5eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em8eZCCN8KOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Em9ojCCN3ZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GADkqiCNepCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAQueCCNZYeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAadUyCNppKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAad8CCN8JWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAlLyyCN0YeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAvEwiCNvpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GAw+IiCNzomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GA6SZCCN05GQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBI3UiCN0omQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBKADSCN3YqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBaFsiCN4ZOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBeI6CCNMpCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBnbPiCNzZGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GBpepSCN3ouQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GChW8SCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GC4vVyCNmaSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDLKniCNl5yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDagmCCN54yQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDmSHiCNlqGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GDwEbiCNyIiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD2hRiCN2ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD6ilCCNioyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GD\/OFiCNjImQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GEhY0iCNRJGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GE0WxSCN9Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFQOOyCN\/o+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFRGpiCN0ZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFYH+yCNv5OQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GFvheSCNiZSQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GF3pGSCNQpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/GGz+PCCNh5OQTQEAAAAAAAA="}
02459{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391813,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUepAAHYGbwtFdjZ6wKgBjiCN2CBFUxRqECrhQIAQAQT10gAAAQEICgA9MW0nMubkAAAAAAAAAAAAAAD\/\/xhtPwcgjfaakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhuSywgjauMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xhvynsgjauPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh3hUQgjcOOkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xh+yQEgjTObkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiA9YsgjbiUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCRnAgjU+hkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiCgsAgjTiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiD\/8kgjcyMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiKeAcgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiLAhEgjfqkkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiQuT0gjSCNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiUH4UgjSOjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXUPQgjSeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xiXXOAgjeiakE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xijXUUgjcqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ximvAUgjf+WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xituAIgjeiVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xixAFEgjeuZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xi6vpEgjfOikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjAv2kgjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjA3KcgjYaikE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjF+mEgjV6jkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjQWSQgjYackE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjeT+YgjU6kkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjj2DIgjY6TkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xjrwJwgjcGbkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj61PIgjQeckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj7dS4gjSqPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/xj72bIgjZGPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yMLuIwgjemUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZs+oIgjWugkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZuBrsgjRiJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZwojggjQakkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/yZ9KGIgjdSTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymRaGogjZmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ymxHzogjXSNkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynUDiwgjfqSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/ynobxAgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4AHE0gjceKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y4pYkYgjQqJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y47ECogjaCUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6EvxIgjWmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6SJtEgjXqjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/y6TlNkgjbuXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIAKw8gjVWdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zIugKUgjTOJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/zJahWEgjV2MkE0BAAAAAAAAAAAAAAAAAAA="}
02464{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328234,"pkt_ts_usec":391815,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcUetAAHYGbwpFdjZ6wKgBjiCN2CBFUxoSECrhQIAQAQTD7gAAAQEICgA9MW0nMubkAAAA\/\/86CS+PII3QoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87XxLxII37lpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p46rII0pj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/87p8JfII0po5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88MGJ0II0WkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/88Mx9\/II3TpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888G+pII1WlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888SllII0jlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888dkcII3flJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/888vMpII0ujpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+EOrmII14mJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+H9clII0KipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MMoCII0CoJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+MdfzII3DlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+UzM7II3+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+V8ByII28o5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+m+muII04jpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+wPIJII3kpJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+3UtFII1\/lZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+5MPqII2ppJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8+7F4ZII14kpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8++M+pII1ih5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/fkgZII1tl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8\/ppzxII15nJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AD1HsII3hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFm3WII04lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AFuvNII10k5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AGaDwII2il5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ANYDoII2InpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ARnQrII3nlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbsApII2Pn5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AbtvCII0YkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AeVaEII0+kZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AhkYvII34h5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AkUKVII2fkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AlwETII2MiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9AzkJiII2hiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Az+2GII1JiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A0BzSII1OjZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7nxyII0mlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9A7rdDII1XopBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BG1DZII1SipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BHD11II1Jj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BH9CxII2fl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIEcCII1KmZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIFBNII1ZnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BIn33II0diZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKEa9II3vipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9BKJI="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1301328319392,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":392147,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdlslAAEAG4RzAqAGOSlm15dg0II2cIEOJr5xIoIAY\/\/\/04QAAAQEICicy6kgDS\/0c+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAC\/sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/Slm15SCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII2qu+Pk33arXQC9vgEA"}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":451340,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdR2RAAHYG+oFKWbXlwKgBjiCN2DSvnEignCBD8oAYAQSuQgAAAQEICgNL\/SInMupI+b602XZlcnNpb24AAAAAAFUAAAAAfQAAAQAAAAAAAAC4sZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtg0AQAAAAAAAAAAAAAAAAAAAAAA\/\/9KWbXlII1O39\/bLGJPkgAHwwEA"}
00452{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328319,"pkt_ts_usec":554549,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIR4lAAHYG+rFKWbXlwKgBjiCN2DSvnEkJnCBD8oAYAQTU7AAAAQEICgNL\/S8nMupI+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -47,7 +47,7 @@
02462{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":217722,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZhAAHYGFw9KWbXlwKgBjiCN2DSvnGCfnCBEVYAQAQNezgAAAQEICgNMJH0nMu43AAAAAAAAAAAAAAAAAAAAAAD\/\/0NWXB0gjeyXkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0NWmMMgjSekkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLLbQgjTOZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OLrcwgjY6PkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OYOmIgjf2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oe4sogjSKVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OhVnIgjT+VkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OoiBwgjZWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OpAY0gjaeTkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Oq3nYgjSKUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrIXggjcGdkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrhTkgjeaQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OrwCEgjfKRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OsEJYgjfuQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OszDUgjXWQkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Os+REgjb2SkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OvR44gjWmMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwLEggjR2WkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OwxGsgjTeJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0OxIf4gjaKjkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0O4dIAgjVCPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PBvuMgjWeRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PFVDUgjWWJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PMAZAgjRqVkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PTQecgjVKWkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PUCpggje2NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcGPggjQuRkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PcdGQgjQaSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PiipEgjTKYkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Pp1xwgjUmqkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PqmGcgjaqMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0PxmB4gjRmUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P5xC8gjT6NkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/LfYgjY+akE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0P\/N8Agjb2bkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QEPaUgjcyZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QFbBMgjUGZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QGW7AgjYyUkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QHrWggjdmJkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QMFxIgjSWPkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QPWWwgjUGKkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QhDuggjf2ZkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QkU6cgjRWgkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QlQeIgjfmSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0QrViwgjXuMkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0Q\/ZGYgjbWSkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REYVogjeCckE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/0REyYIgjfaJkE0BAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":219537,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJZlAAHYGFw5KWbXlwKgBjiCN2DSvnGZHnCBEVYAQAQPGsQAAAQEICgNMJH0nMu43AAAAAAAAAAAA\/\/9EUlsgII3NlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZUKiII0dnpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ83+II3qkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EZ\/ugII0wiJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ea+XvII1UlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Eb8nfII0bnJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EcL2vII0apZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ec6ibII0JnZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Edfw7II2rj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EeW4lII1UkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkEDnII2YlJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EkctyII04jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ek9NnII2Ck5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElboGII0JkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ElsRIII2UlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ErNkvII11kJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvBoTII0umZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvTOmII2TkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EvwDMII13npBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EygJ\/II0KppBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EyhVaII3zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9EzRTWII2nkJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E4PZAII0tm5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5LjEII3GlpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E5V5RII1gipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9E6HgVII2ro5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FBIiVII2LlZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FHHXiII14pZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPGerII3woJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FPoMMII15n5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRm9SII0ekJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FRu8OII1IipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FTQiCII0zi5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbX8sII1ApJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FbaoiII0Dl5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FcEAQII1+opBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fcn4tII1ijpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fk8JiII2gj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fl\/cUII2zkZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FneJLII1Go5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FnhluII3qjpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FoFR\/II33jJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Fpf6NII2unpBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqYauII12ipBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FqZ5yII0Wj5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FrNQzII1liZBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FsKZBII01lJBNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9FslpSII2ViJBNAQAAAAAAAAAAAAAAAAAAAAA="}
02463{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328420,"pkt_ts_usec":255873,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcJoFAAHYGFiZKWbXlwKgBjiCN2DSvnGvvnCBEVYAQAQO9OAAAAQEICgNMJIQnMu43AP\/\/RbQFESCNTZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbTHGiCNcqWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RbeT7CCNVZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rc1BOSCNAYyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RdBPbiCN9JqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/ReV4diCNeZuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rec4xSCNy4+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RetVgyCNq5SQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfORpCCNlpyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfhQOCCN85qQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RfmKviCNPI+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RhhpBCCN4IuQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RinN9CCNDKaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjEcOSCN8piQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjRLzyCNeJiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RjzAbyCN8qKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RkKd4CCNBJWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rkin4yCNUpOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RklpGiCNnZeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlFrGyCNeJCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RlhSziCNspGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RllZBiCNJoyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rll68SCNwqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rlm7USCNBqaQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RmJd0yCNf5uQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnF9hyCN5ZWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnQDpCCN76CQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnRKOiCNAo6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RnxDOCCNYZyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RoAF\/yCNB4mQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ro3A3iCNSpmQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RqlXtSCN\/Y+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rqv90iCNgqCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrd4+SCNRYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RruWayCN+JGQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rrx0piCNZpWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr2AsyCNxZKQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rr6n+iCN2JiQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RusWxiCNRp6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvFKJyCNZomQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RvtA0CCNMpeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RwO9FCCNAaCQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Rw4BuiCNqqOQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyBS0yCNeI6QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyGW8CCNEaWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyMYNSCNA6aQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyO3HyCN8Z+QTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyWoWiCNEIyQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/RyqyTCA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1301328472925,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":925065,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328472,"pkt_ts_usec":987383,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"}
00452{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328473,"pkt_ts_usec":77893,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -63,7 +63,7 @@
02382{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711361,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcPyxAAEAGnl\/AqAGOQkRTFthXII0tj8bs9ZifdoAQ\/\/\/SMAAAAQEICicy9YgASvKxAAIAAABFXWrQVvbsNkns2a60x2USdIEqERXbJOrvNAAAAAAAAAIAAAA7vQ5BosUPrVZjKdAL7zX\/8bYb7ynMEIjweAAAAAAAAAIAAAAGqi1mPljOLodCHxF6Ou2vTSpac5YgrZnZOgAAAAAAAAIAAADqFZvMCZZ\/a9ywCi78JveOO3nLdosTGXsSwQAAAAAAAAIAAAAMEGCF\/hpFzlDVs2g1iJ5taZJUXL5CmJ3SbgAAAAAAAAIAAAAAdluO5YenjS24zFCzQPee8W6dInFD5HEBnQAAAAAAAAIAAACjJFKK4B\/yWs7ctWWvrEMK+v0wNPYchkwhKwAAAAAAAAIAAABfWAmBUPnup5qbH54NdI\/RWd6CH\/GdXrNsjQAAAAAAAAIAAADplT2BbwlOD1ps8kZW65H\/4Huj320brOdopgAAAAAAAAIAAACuOivLFcMPpAPVrEoDU8pnsWW5\/ykQzsKPxQAAAAAAAAIAAAAnSBVp21x6mdQcUx1S+ahnf3OnQKYc665D1gAAAAAAAAIAAACSYU6326UHTpv7qhNuO2JaRnWIxGpSIOgJCAAAAAAAAAIAAAD0nXz6cSTMNqlGPTX3FRFmEDpBnnnt99OBHQAAAAAAAAIAAAC6+qIVF8vuk2w0Rb7dJavDNKS69bLja2q12gAAAAAAAAIAAADEOWT2Ywk1crHBBydOzVuwDcubchV08Y8OOQAAAAAAAAIAAAAOSO5tTwbb6OzN6H+erjXLWrf22APdlzvIfQAAAAAAAAIAAADoyi8dRUSAsXVFgF791wqLAKNkEbFYWZWbgAAAAAAAAAIAAAAYjYz3svKKCQns+8WL1KiwCTzjxsMtUUaUTQAAAAAAAAIAAAC8zHbvusn\/qMwPevgImBolikor0VwsFUCHpgAAAAAAAAIAAACv3KpKMl+ijpkxZrFOw7ciCfxDs75qXZ72ZAAAAAAAAAIAAABowWa\/1GMHQdCi+oklGG87PU8RIeTysoYqzQAAAAAAAAIAAACCYhOAeRGwBd6igekmXmjZQ9n5goY7FhjwZgAAAAAAAAIAAADxUG8QM4iDbh7KDt9layio5c8LK+SG\/Ym5VAAAAAAAAAIAAADDuAj5bKDwSwO5UvrXtIb8WqV4HsPLzQ5GTQAAAAAAAAIAAAAY+\/66TYTZjXmOpfUhRxEP2cNymRa8\/Xy6LwAAAAAAAAIAAAAbbtV4Ay+st5InKyWzHDEIt1t0H9RjsunBVgAAAAAAAAIAAAB6BnYbNyRzzF9WftQAGQGs1GVNCezHUwFeXQAAAAAAAAIAAAAhiY5anJvYbwRkDMilI7IvixoMtHi5HLw9DAAAAAAAAAIAAADvRQYQ4xzuC38YOC50jx8jCcQSG4rIA5QYNAAAAAAAAAIAAABuxDLr5ytlG5o7h7aM2H22kGQ63dMNHRPmJAAAAAAAAAIAAADCnmpa8zS1EU1m6PeYNfQenQMpNQHkNLOwAgAAAAAAAAIAAAA6im5LaQX5bjnxssIowVQCqcC3PTTlemSH2gAAAAAAAAIAAABONaL05PGrCZCiLMJT9TceNPfFCaeVVTL2UQAAAAAAAAIAAAA1njrXZVFJfpt+9PZGDvunpt5K4ONsrTxAUgAAAAAAAAIAAABtYFxGi2AlJN+wH098UTAMQXOXqZ87R2jj0wAAAAAAAAIAAABVQXp3GZqlfD2FuA01ZVVgoB36zWjTENj9qQAAAAAAAAIAAAB24isj6w7wDydRnk59Wpfr32VhlmoeN7busAAAAAAAAAIAAACUyQAGytrUXoGjfGl3bv0Shkw\/FRfD402MrAAAAAAAAAIAAAAzQ6lUOCMSqFeuggfL6RJwfdyxGmww\/ggnVQAAAAAAAAIAAADUAspZjCHP5ZRVQuBNuzlPyh65KkHNNyhghwAAAAAAAAIAAABs7h4="}
02382{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711410,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcJD9AAEAGuUzAqAGOQkRTFthXII0tj8yU9ZifdoAQ\/\/+PywAAAQEICicy9YgASvKxmVcFxDFfQ5QM+wBQVi4XhpE1JOvKxQ4AAAAAAAACAAAAeofg4x3BOmbhJMcrG4lyRxQ0Luvde6DUCgQAAAAAAAACAAAAnMVr+zENEcy\/TpeJtCIxdNFFpv6B6AtuLasAAAAAAAACAAAA710bwB86zZtImzM+q6TvjBVEldeLosFX5XgAAAAAAAACAAAAfgdKXLFPCU\/ciPboU\/bfbZBrN4s\/KvSmkLkAAAAAAAACAAAABpwlm9+bNo1xdH1ig4QNEjdvplj8HcVyJ7QAAAAAAAACAAAAZsNolgLGpaHCT15sy0FxlsmhMc9AG7rNf68AAAAAAAACAAAAgDQFngLlSLH7Mw6L+wuIlU9XqiNjyUWP3iIAAAAAAAACAAAAE0Zp+mQALv+gWA9KuITTBtFdxQIlbgV6nw4AAAAAAAACAAAAkYipan7uLlrNHRfIt8AS0md7bbqTS85bfbAAAAAAAAACAAAAUvsDQMH1LMf61x+6th\/o8N8aHkr7wr8ECQcAAAAAAAACAAAArKo3+zDpxlL2nEP\/3d1oS9iutturX4B52nEAAAAAAAACAAAARfzjwiPeZ0flmgweGmX2tJVQwL8MvknAoykAAAAAAAACAAAASB5euyMIlfGEtj3qEE5TYjHr2z1bccGqn4cAAAAAAAACAAAAeVnBbHwqpKyK1rcCdXTEWJntYcK3okUpOTQAAAAAAAACAAAA5KgJjoa5ei\/vYUOuWIWTRjHK3LfoehnZHCgAAAAAAAACAAAA5IbidwMDw5BgR15kcqqEoL2z3qC2QzUvTL4AAAAAAAACAAAAdkBslBkKiy3\/LmRyFa86NDmuE7G6H352Tb8AAAAAAAACAAAAhP085R0B6efS4IxDBy\/OsTK8Kqga2MJ5PbcAAAAAAAACAAAAO02KVrR6aE2rfE+ZFdYPcOTmaqRkWQZS6qwAAAAAAAACAAAAf5Y6XGhmU49OzkTrh1iU1guiCZCVvcOZYy8AAAAAAAACAAAA4NoGbNcr1NNbzpyDtUfMmpVsQUyJj1203NQAAAAAAAACAAAAyc3j05VK8McSh\/T0XvY3yMLZ0UOY6GQdhU4AAAAAAAACAAAAe1098SMwfT8bLgiHrFJ0MbhlWXMd\/4agSDwAAAAAAAACAAAAqgwFqWUyklZ7fPjvSnfO1R619bvAQk7g5J8AAAAAAAACAAAAIiwS6RZvsmDWMdAA6GTGKsp8Iyxxknayuh0AAAAAAAACAAAAPTVzJGF4TyrxgaUSCX8Jut\/vdKByuQhlGMIAAAAAAAACAAAAwp9Cm8B2W7AD54HiaJ+JRuLynlAjoS380B8AAAAAAAACAAAAc20bFearSkapJgTgs9ecd1xBog0bdmvDmncAAAAAAAACAAAAvbaZ9Jy3L747GMKaga0N06XTw7JKDSRzuUgAAAAAAAACAAAAwnWTLeXALAn5w522q9P6YECo3KeVee1+AskAAAAAAAACAAAA9g09piEVm9shum6Wx\/vXXRX2dYjcZRZndg8AAAAAAAACAAAAblpXvCT19Mg7oMJUKnA5eS6MrHg1EaY1GTMAAAAAAAACAAAAtmRuSOhKGer96r4S5OxzpmyFeRRnsLhls9gAAAAAAAACAAAA03L1iEnzDxJ+X\/J1L0686vfCTgcl9fSiPTYAAAAAAAACAAAA\/HRKISCabq0Vp7Sd0UrVPJNd7ay6JPNmFYkAAAAAAAACAAAA3uU\/6OpiQVvuxrqCp5kNJ5MWMjwuAiyIkzUAAAAAAAACAAAA6YxFzypDqvOqMmmO28qUmZtxNZcaEvdNsSIAAAAAAAACAAAAjmtOep5Jyv5WwgTsbq+ENSueNskEjU\/pz7oAAAAAAAACAAAAf7o6uor2Pud9ASRI9Ci5qBCvf8cdKTVwxJIAAAAAAAACAAAA0PTviA2h0VgW0JA="}
02382{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328607,"pkt_ts_usec":711425,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACPrIpS0ACNshovhCABFAAXcTRJAAEAGkHnAqAGOQkRTFthXII0tj9I89ZifdoAQ\/\/+W6wAAAQEICicy9YgASvKxEtbia+zAFosRvZlvRWFdAAAAAAAAAgAAAK+N8wyz2+NyPC3uk2aC4K9BtrDiHxRn9pIpAAAAAAAAAgAAAI4oDWrqj19GZPIOEvbFhc+FeqUzigDwvsoSAAAAAAAAAgAAAAwX5EqvP3lTY6y+Y4WfFvLo8Wlb7gEIqk3FAAAAAAAAAgAAAKq4BMkaJPJW7ZO+o48CmY4dstKhXSuc4wS3AAAAAAAAAgAAAGehpd\/+j1eZfGi4sjd1NPkjk5aSHzeJZcIsAAAAAAAAAgAAAAjBZdUstdgIEQbRTbWr6I8hCehe0L9HyHg2AAAAAAAAAgAAAAIujaIuPzWzMwT2x8KwfoDGZuYy6w53x3qdAAAAAAAAAgAAAIV1Sc5NbUWv3lMm18LaG38MNWngifDemeQLAAAAAAAAAgAAANh5afRkPt2LVvqFCh2wDgjwZYR9WsDBT70BAAAAAAAAAgAAAEu686rHaCUU9lgnwUKVYxb6ND4tbABowLp6AAAAAAAAAgAAAJoekg5hnUdVhxDiuO4pCFiJNlZhZHh2gNGhAAAAAAAAAgAAADQVeJHeUb0JawS0q1oGY7hw6kEG0y9VAljOAAAAAAAAAgAAACZb\/tBE9BuBKW\/R61IJFrqA3LzhWTm+AwqVAAAAAAAAAgAAAKhPcwdELPBw5qHr+Nt30PbvRjDlgCWmmgKIAAAAAAAAAgAAABiQc59fQOKO5NJxxpRkoHe\/kjTN4bNq8RykAAAAAAAAAgAAAJfBeBEgW+DRP9id8mrxfkO8jnnVXMHqfXAiAAAAAAAAAgAAABBXCIVoKFDJxvVK7JR9zIZRrnrIvgC3NS8sAAAAAAAAAgAAAMIWv8HUSmiQrylpM70T6xFSwGai5UQ\/iRdfAAAAAAAAAgAAAMOD\/4A1xzCPrVUH8uPi+LbG\/8dxG\/yo7OtpAAAAAAAAAgAAANXRq4OleHWPB1XjK2hS+JU6vZInIH1P6k9YAAAAAAAAAgAAACjCbLNR7uZ40saHM6n5a83mw74PjUR+8tkJAAAAAAAAAgAAAMm7GZ8nVpaoW8+QH44jWZ\/3jZzBQiuEkkgXAAAAAAAAAgAAADOuloceXtV5\/WD7yN+wCcKKHUORl5YQGIYLAAAAAAAAAgAAAFR4YTNLv\/tOGdZZwHowmnUao3Z4dXzI5n+WAAAAAAAAAgAAABWoZ3QgEsq2F+08TICFiBBZslLLbOJzVBlJAAAAAAAAAgAAACfyAic0uO09\/h6sBmT5HdrHQe6XINUmmLIUAAAAAAAAAgAAANyF3AEQwOfXIOsNvpsIt4FJRQs4Rs7xti+WAAAAAAAAAgAAAHnVEK6Nkwoo9ATeHtFauKbkCZhn5l8ov8NlAAAAAAAAAgAAAAgEDuvLL04YGUh58QlrbLS630gILBMLNnWMAAAAAAAAAgAAANjATLDiGQXgWpPKbnsXTv\/7z2OjohpGTf8cAAAAAAAAAgAAAPHDDqAu5BtThheJpjtS0EQmcpwPO\/JLBn26AAAAAAAAAgAAAJ4LZFri6DXBQPdjJOPqIJdHXbSs6hIDJSRiAAAAAAAAAgAAAF4cmmcnuYHX7JX\/e8whhI8Anl7EmX1Uol7DAAAAAAAAAgAAAJVbzfHr5cRnQn2JRfkfPD9ObptrnH76MXB0AAAAAAAAAgAAAO5QxZ6yN8BpLlqdbynfw9B8x3J7esapJqWwAAAAAAAAAgAAADm0EvV4HVRE1W5mO7JnxVLLrvi2o07gaBA7AAAAAAAAAgAAAO5995F4t6IbrRFOIJ1eb4mgkTe+ee5TrqwhAAAAAAAAAgAAAI8qiGDXHXsjExspqHTqpKlS\/2C\/6Gevr4d+AAAAAAAAAgAAADrpi2NFLURr3H1xE4pY6mqIPsxPlafbX5SQAAAAAAAAAgAAAMug60RTMRGrrs5PR2eZr8shyTg="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1301328699728,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":728375,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"}
00572{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":856583,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBc9AAHUGaMnD2hCywKgBjiCN2GjjI7MTQQ13l4AYAQQ8gQAAAQEICgAAIhwnMvkf+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAAA4s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthoAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/D2hCyII0FGo5IhpYwXgAKwwEA"}
00452{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328699,"pkt_ts_usec":969841,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="}
@@ -79,7 +79,7 @@
02231{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328741,"pkt_ts_usec":904043,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"pkt":"ACPrIpS0ACNshovhCABFAAVpWp1AAEAGRC\/AqAGOw9oQsthoII1BDYi74yO6GoAY\/\/IcLAAAAQEICicy+sQAADKGAAIAAADY5Jv9Wp5Y\/VlK7zn+M3psyO6v58ocr1gjXwAAAAAAAAIAAAAj8y\/VFduFnfS\/W1tJVw9BqvcP+Ga\/L7DxpQAAAAAAAAIAAAAdulorUZ0r1Bp5qvW6n69WNVmqFtc2o7nuIQAAAAAAAAIAAACF4EsrriG\/Bg\/avUsxsnIUfzWxYyP7H8KiVAAAAAAAAAIAAAApMlJSuruXNQJ7E3j6VqJtU3vB+nvF+jwqLwAAAAAAAAIAAAAU7wWylRiKT\/t4gncKZvvlTkJ8DIDqwpvGEwAAAAAAAAIAAAD8xxgHVYziGdILD9iQ3prYr72u\/hAy6BC9dwAAAAAAAAIAAACTmXkCJ1IZc1TVCwpGVRao2iznUJO185KD5QAAAAAAAAIAAACBrhd1Wx3sR3wtVZklG7lWj2m57BQ4waFRfwAAAAAAAAIAAAAplaMAc59KTILzEbWvcjOLcBgzWeNtIfvnxQAAAAAAAAIAAADdRkXGEpZzojHNFWqS2mbbQ8escZ8u7GwkDwAAAAAAAAIAAACiGpPD2anVXmVX51ZmiapNqv8MBUZb81v3YgAAAAAAAAIAAAAveyvKJQJnlZfzL+\/VNoZSq25Pa+MOTMF8IgAAAAAAAAIAAAAAYAfEddAhL+QxG+1YfbZAiOyScjI70T1mAQAAAAAAAAIAAADDlkoOm43jthXUl89SoydtGxsVamIkHDRQ6gAAAAAAAAIAAACjoXYnqgVTWl95XjR5C0xXPz6nwE7Yk0jcjAAAAAAAAAIAAADCR9WKDbDxORMbL+vCle1i2Z7xWbJ+Yl9OUQAAAAAAAAIAAAAuMJir\/wxm8Rl6WlLgD45t5fApksy\/2k0ASQAAAAAAAAIAAAD9w92hC+Pr5XxNHUnNj\/JUifYpKT+YfFyqYAAAAAAAAAIAAADIE4l07qncQPmkE2WdezFAXjIicNDHHDNLMwAAAAAAAAIAAACnX5pJsvIfYbXMXP98w+eMXM64pS5r1Tvc1AAAAAAAAAIAAAANXn+pUFty9m8JNxoUo+Ydy+uIfYHaXBxKBwAAAAAAAAIAAACiDiTBYx8c7bEKFbZqQGbuSvQbD7y2takz4gAAAAAAAAIAAAAPcUg68CObZPUfwPMdVy2SA6O0rWDt9eawCQAAAAAAAAIAAADqrR\/3MdSq8qfxib4ya2e9RCt5VwCbXeJzggAAAAAAAAIAAAD5OvOCDWK8u0\/V239MWlC7gFWosSybYCEhlgAAAAAAAAIAAAD6Wgpf3zEkEw34629N6KE\/5yJ5ArEORx8RlAAAAAAAAAIAAACueQIT9wQlfthpG6x8cqYrfudb\/2EX9p5r3wAAAAAAAAIAAABcWCay6ewzlVfP9qTq6DD6hxVBRpAhIWoSiAAAAAAAAAIAAAAUGJCFgf8XbmZs+AoOz5ps5ceOkDHIKYgjbgAAAAAAAAIAAACMdLfoHXtZIC95N1dOOZG0IVr9sKfUDcI34QAAAAAAAAIAAAB2ddp6YyatHmLm7NKZpu6pyevVyw+3+tJ5ZgAAAAAAAAIAAACAZtgQU1Rchqkb+uMisrXy5eAYxPzOgIh0HwAAAAAAAAIAAADnyOKsbXngA6pszznyHxrwURyEjFmXrkKAigAAAAAAAAIAAAAPZU6E4uOdc8X9iSxXWroXE1qYYfjeuqzKRwAAAAAAAAIAAABpQUMlHnlok86akaHiVT\/mFi59FmSc7k0X8gAAAAAAAAIAAAC6RXEw4hRQEPMKqEsjA1v0qVL+N+wky+uT0AAAAAAAAA=="}
02460{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":100003,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB51AAHUGYbzD2hCywKgBjiCN2GjjJCWSQQ2N8IAQAQTtnQAAAQEICgAAMv4nMvrPAAAAAAAAAAAA\/\/9OZhMCII1fp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OaTyqII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oak4KII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9ObbYrII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OgMTJII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OibIBII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Oj4sMII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ok01XII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9OmluBII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PQ+u9II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PRuXOII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PWFH5II1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PYWlEII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PZysAII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pb+qKII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcDUsII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PcHKJII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PfD5SII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PgRhjII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PjJQTII1dp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PpBoMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Pqw2rII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Ps8qYII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PtblHII1bp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9PzG9HII1Yp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P0EZ6II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9P\/knSII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA02HII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QA5drII1ep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QHtqMII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QKtbLII1gp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QOMSbII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRCrkII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QRuxGII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QR4dUII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QSEnQII35vrTZYWRkcgAAAAAAAAAAM3UAAO3uR5P96ANep5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QWUxSII1ap5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QZZdZII1ip5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qf5LXII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QqwaJII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsJT0II1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QsZMiII1lp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QvWeGII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QwaTGII1hp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyl23II1kp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9QymOOII1Zp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/9Qyt1KII1cp5BNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8="}
02462{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301328743,"pkt_ts_usec":131888,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ACNshovhACPrIpS0CABFAAXcB55AAHUGYbvD2hCywKgBjiCN2GjjJCs6QQ2N8IAQAQRnRAAAAQEICgAAMv4nMvrPUMtdtiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UMv5tCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNW6PiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNkerCCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNoQyCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UNzYxiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN0dSCCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN01MyCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN6CESCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UN\/eXCCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UOskVSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UTk33SCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UVjeMiCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWuW\/CCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UWyc4yCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UW37PCCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UYoMSyCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZDx8yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UZExAiCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uafu7iCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua6aSCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ua+D+CCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UbKHmiCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ub9iASCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcH7AyCNVYqQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgHZSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UcgWpyCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UeapJyCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UegJwSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UerxUSCNYqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgI56yCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UgdeYSCNYaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UghK8iCNX6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ug0QPSCNWKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhAfoSCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhBs8CCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UhxcFyCNZKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiA7RCCNWqeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiM06CCNY6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UilhHSCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UiuZ9SCNW6eQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Uix\/9SCNWaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ui4++yCNZaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkMkpSCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkTZDiCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkXVniCNYKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UkZgGSCNXKeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/Ul+wDyCNXaeQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/UmM0OiCNW6c="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1301329304767,"flow_last_seen":0,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00574{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":767401,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"}
00572{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329304,"pkt_ts_usec":813916,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"}
00562{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329305,"pkt_ts_usec":5443,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"}
@@ -95,16 +95,16 @@
01870{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329452,"pkt_ts_usec":712485,"pkt_caplen":1127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1127,"pkt_l4_len":1093,"pkt":"ACNshovhACPrIpS0CABFAARZDTBAAHQG1Ya4OqV3wKgBjiCN2L80MwsxLLUZT4AYAQHM7QAAAQEICgBWFqsnMxZ++n6+MXdJ4u+twdkAAAAAAAACAAAA4BAp+E5t3fS408bFqpE\/\/hkfWcf\/zfqjsSMAAAAAAAACAAAAIfi7dhvcEdCBSNSxRq5Hm6R9wZrQayfYcl4AAAAAAAACAAAAHMtkV8QTp9IoDHGKNgOG0XWJOUzCLcCG1ooAAAAAAAACAAAAspqp8Za6fkh6Z\/bk8M\/lDCL9JGw9rp2yIgMAAAAAAAACAAAANkOEl+sX7xUI3Nd0J07eBc7racPQUz3PEC4AAAAAAAACAAAAl5K8Hydtr+3R296ltOG1eAvrVsJab5yOV7IAAAAAAAACAAAA6f5FMFep8IMaloV0PabEOSL8qMJK+TrLHVoAAAAAAAACAAAA24myD4vHq\/HO6OzbjFefT\/YSFwl5pZF5qXgAAAAAAAACAAAAd9SYBXQsqh7m1St16FFO6Rg8EW\/SRSMgBE4AAAAAAAACAAAAyeoaNnxM6RcNDykulfymi3EoTRyecsgs4kwAAAAAAAACAAAAMBaoNlda28fwPeD55ImDakJDCofgRs7fGxcAAAAAAAACAAAAQ0zQpFBY+vD7A+MBLFWG2lHwGYE0AT5mZTQAAAAAAAACAAAAayK0b\/8KK0Ik6bTCIrR91I5J\/pqn6PJDA80AAAAAAAACAAAAOps8JKFEM7olbQ82oOr+msKxdCiS8Z9G6G0AAAAAAAACAAAAl4ulFuAOeouIhQvRHKZ51s0k1m9ntFNzkzAAAAAAAAACAAAAKrdbM40QuqIihsksc8BXhg4Eu70MzPZFoPEAAAAAAAACAAAAztQuJbCVvsVMJ2tPBuiN7I0HTV1\/kUqnYrQAAAAAAAACAAAAyW0FjhwgD\/VfNzGDGcXdN9ufgnALxTxNLUAAAAAAAAACAAAAohaiXHMEESUpOqZPu4KD+TAoztB2q6hvLioAAAAAAAACAAAA8Gn\/NdxL4xH\/hgO\/wfKa0bJ1nGjvVn0hWEYAAAAAAAACAAAAPWe2sZ66IMqkxTA\/4bmb62fFY5dtRACLcUkAAAAAAAACAAAARIHwm4wncIDZTlzJWkkMmEK6LcyGkmXREegAAAAAAAACAAAACieUYGaByb97j7\/Bv\/pr1clbrb6QxY+RHY8AAAAAAAACAAAAnIBUFcPI7oNWjreyJ6bdnFB04xA1Q\/hJ1oUAAAAAAAACAAAA\/vBv+voVdlPr8GRHgS6vEp\/UYi3gD3xDbEYAAAAAAAACAAAArecNbP5tNl6fBXg\/l6JeAj56WZCX17wue54AAAAAAAACAAAAXM8eXOjZ2Yo157oy9cd1Og7GkzRim899UrUAAAAAAAACAAAAy6P7Cxfs6k++VTFzmbisuT7u10INTy11WgUAAAAAAAACAAAA2a+CgrTYJEAL3z44pyE+y+tld\/QwzBgjwMYAAAAAAAA="}
00514{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329459,"pkt_ts_usec":907535,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"ACPrIpS0ACNshovhCABFAABx3JpAAEAGPgTAqAGOuDqld9i\/II0stRlPNDMPVoAY\/\/++0QAAAQEICiczFsgAVhar+b602WludgAAAAAAAAAAACUAAADz4eNcAQEAAAAYg4ufJ32yLdAwF+WR3fXVdidlMCL1gr70pTNlRjPDUw=="}
00510{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"bitcoin.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1301329480,"pkt_ts_usec":211491,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"ACPrIpS0ACNshovhCABFAABrS6VAAEAGzv\/AqAGOuDqld9i\/II0stRmMNDMPVoAY\/\/\/9ZgAAAQEICiczF5MAVhmU+b602WFkZHIAAAAAAAAAAB8AAAADTXMNASC2kE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/206XacgjQ=="}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_tot_l4_data_len":157645,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":916,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_tot_l4_data_len":157645,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":916,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_tot_l4_data_len":78705,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":661,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_tot_l4_data_len":78705,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":661,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_tot_l4_data_len":3548,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1093,"flow_avg_l4_data_len":131,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_tot_l4_data_len":3548,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1093,"flow_avg_l4_data_len":131,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_tot_l4_data_len":110136,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":684,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_tot_l4_data_len":110136,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":684,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_tot_l4_data_len":22798,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_tot_l4_data_len":22798,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_tot_l4_data_len":186584,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1342,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_tot_l4_data_len":186584,"flow_min_l4_data_len":52,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1342,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":161,"flow_first_seen":1301328472925,"flow_last_seen":1301329809936,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":104984,"flow_avg_l4_payload_len":652,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test"}
diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out
index ac57356ff..f61be8c94 100644
--- a/test/results/bittorrent.pcap.out
+++ b/test/results/bittorrent.pcap.out
@@ -1,51 +1,51 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":246718,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="}
-00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455469967246,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01302{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":465293,"pkt_caplen":624,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":624,"pkt_l4_len":590,"pkt":"xCwDBkn+LFbcjDU0CABFAAJiKFpAAHUG7uJSOthzwKgBA5Whzpinc5NTxcwDkoAZ\/SDtQgAAAQEICgCEQ0UZ2\/AZNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTllMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI4ODhlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/9\/b\/v\/\/\/\/\/\/\/\/\/+\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/+\/3\/9\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/++\/\/\/\/\/\/\/\/\/3\/\/\/9\/\/\/\/f\/9\/\/\/\/\/9\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/7\/\/\/\/+AAAAABQQAAAJlAAAABQQAAALYAAAABQQAAAB+AAAABQQAAACJAAAABQQAAAE5AAAABQQAAAARAAAABQQAAAK+AAAABQQAAAMvAAAABQQAAAKkAAAABQQAAAGlAAAABQQAAADmAAAABQQAAAHxAAAABQQAAANdAAAABQQAAABXAAAABQQAAADTAAAABQQAAANxAAAABQQAAAJrAAAABQQAAACTAAAABQQAAAFjAAAABQQAAALoAAAABQQAAACGAAAABQQAAAG8AAAABQQAAAMMAAAABQQAAAGu"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00520{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":550422,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4KZJAAEAGAADAqAEDUjlhU86Xz5EMkOfxIylUooAY70J1ogAAAQEIChnb8UUAFHnUE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhJMcBHQL4ndrvA="}
-00608{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00616{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455469967550,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00581{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469967,"pkt_ts_usec":858917,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkC49AAHcGgo1SOWFTwKgBA8+RzpcjKVSiDJDoNYAYAQJHBAAAAQEICgAUefwZ2\/FFE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wornNx4q0nl1XkqQAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTNlMQ=="}
01260{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2405,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDC5FAAHcGgOxSOWFTwKgBA8+RzpcjKVUSDJDoNYAZAQLSoQAAAQEICgAUef4Z2\/FFOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUzMTM3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg4N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/93\/\/\/\/\/\/\/\/\/\/\/+f\/\/\/\/\/7\/\/\/3\/\/\/\/\/\/\/\/v\/\/\/v\/+\/\/3\/\/\/\/\/9\/\/\/\/\/\/1\/\/\/f\/\/v9\/\/\/\/\/\/\/\/\/91\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAtIAAAAFBAAAAngAAAAFBAAAAeYAAAAFBAAAAUUAAAAFBAAAAskAAAAFBAAAAGcAAAAFBAAAArYAAAAFBAAAAVgAAAAFBAAAAQEAAAAFBAAAAjMAAAAFBAAAAqAAAAAFBAAAAMoAAAAFBAAAAxIAAAAFBAAAAlIAAAAFBAAAAc8AAAAFBAAAAkMAAAAFBAAAAagAAAAFBAAAAhsAAAAFBAAAAzgAAAAFBAAAAacAAAAFBAAAAxQAAAAFBAAAAw4AAAAFBAAAAVwAAAAFBAAAAqI="}
00627{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2492,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"LFbcjDU0xCwDBkn+CABFAADK\/idAAEAGAADAqAEDUjlhU86Xz5EMkOiMIylXIoAY7zF19AAAAQEIChnb8wcAFHn+aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpSOWFTZQAAAAEP"}
00444{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469968,"pkt_ts_usec":2632,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCeFJAAEAGAADAqAEDUjlhU86Xz5EMkOkiIylXIoAZ70J1bAAAAQEIChnb8wcAFHn+AAAAAwmf\/wAAAAMUAwA="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":259674,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4K5tAAEAGAADAqAEDU9i48c6fyNXli2jySWt7B4AYK\/LO3wAAAQEIChnb9+x4G0bsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjvi3q9Fc8jVIrp0="}
-00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455469969259,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00541{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":318758,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"xCwDBkn+LFbcjDU0CABFYACGozdAADIG1mVT2LjxwKgBA8jVzp9Ja3sH5YtpNoAYECl7XAAAAQEICngbRx8Z2\/fsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qniMLxLorRFP2hZAAAAEAFABkMTplaTBlNA=="}
01337{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391655,"pkt_caplen":648,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":648,"pkt_l4_len":614,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ6SOJAADIGLsdT2LjxwKgBA8jVzp9Ja3tZ5YtpNoAYECl87wAAAQEICngbR0YZ2\/gmOmlwdjQ0OlPYuPE0OmlwdjYxNjr+gAAAAAAAAOoGiP\/+zfQTMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk1MTQxM2U0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAxLjguODI6eXBpNTI4OTVlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/3\/\/\/\/\/7\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/b\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/9\/\/\/\/7\/\/\/\/\/\/\/99\/\/\/\/\/\/3\/\/97\/v\/\/\/\/\/9\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/X\/\/\/\/9\/\/+AAAAABQQAAAG6AAAABQQAAAITAAAABQQAAAHTAAAABQQAAAA1AAAABQQAAAAQAAAABQQAAAHdAAAABQQAAAMaAAAABQQAAAE+AAAABQQAAANHAAAABQQAAAN+AAAABQQAAAIEAAAABQQAAAHOAAAABQQAAAGSAAAABQQAAAC8AAAABQQAAANcAAAABQQAAAGMAAAABQQAAABAAAAABQQAAAFbAAAABQQAAAEBAAAABQQAAACdAAAABQQAAADUAAAABQQAAAC\/AAAABQQAAAKPAAAABQQAAANe"}
00606{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":391790,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"LFbcjDU0xCwDBkn+CABFAAC41NtAAEAGAADAqAEDU9i48c6fyNXli2mfSWt9n4AYK9\/PHwAAAQEIChnb+G54G0dGaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpT2LjxZQAAAAEP"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441455,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4XbBAAEAGAADAqAEDTzXkAs6gOSOymifHI+P1WoAYmwf1TQAAAQEIChnb+J8AAH2QE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjqb8v2rPEXkzqd0="}
-00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":441488,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4duZAAEAGAADAqAEDeD4h8c6emaQxnKbPGdPY9oAYmwdcRQAAAQEIChnb+J8AQ+diE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsdMZTLXvd5m7DE="}
-00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00547{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":680695,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"xCwDBkn+LFbcjDU0CABFAACJEvpAAHcG+5FPNeQCwKgBAzkjzqAj4\/VaspooC4AYAQLEvgAAAQEICgAAfaoZ2\/ifE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wovPx6i8m4ev0sHgAAADnFABkMTplaTBlNDppcA=="}
01300{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689018,"pkt_caplen":620,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":620,"pkt_l4_len":586,"pkt":"xCwDBkn+LFbcjDU0CABFAAJeEvxAAHcG+bpPNeQCwKgBAzkjzqAj4\/WvspooC4AZAQKoaAAAAQEICgAAfaoZ2\/ifdjQ0Ok815AIxMjpjb21wbGV0ZV9hZ29pNmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTE0NjI3ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5NmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/9\/7\/\/\/\/\/fv\/\/\/\/\/\/f\/\/\/3\/\/\/\/\/9\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/v\/+\/\/\/\/9\/\/\/\/\/\/\/\/+\/\/\/9\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8\/\/\/\/\/\/f\/\/\/\/\/\/7\/\/\/\/\/\/f\/\/3\/P\/\/\/\/\/4AAAAAFBAAAA2sAAAAFBAAAAW0AAAAFBAAAAlYAAAAFBAAAAdEAAAAFBAAAAPQAAAAFBAAAAtIAAAAFBAAAAMsAAAAFBAAAAyUAAAAFBAAAAKMAAAAFBAAAAMQAAAAFBAAAAcEAAAAFBAAAAtMAAAAFBAAAAiUAAAAFBAAAAEYAAAAFBAAAAT8AAAAFBAAAAe4AAAAFBAAAAjwAAAAFBAAAAvgAAAAFBAAAA2oAAAAFBAAAA2AAAAAFBAAAAJgAAAAFBAAAATQAAAAFBAAAAQ4AAAAFBAAAA0w="}
00601{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689132,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"LFbcjDU0xCwDBkn+CABFAAC1EEdAAEAGAADAqAEDTzXkAs6gOSOymih3I+P32oAYmvb1igAAAQEIChnb+ZYAAH2qMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTpwaTQwOTU5ZTQ6cmVxcWkyNTVlMTp2MTk6wrVUb3JyZW50IE1hYyAxLjguNjY6eW91cmlwNDpPNeQCZQAAAAEP"}
00447{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469969,"pkt_ts_usec":689263,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABC3FpAAEAGAADAqAEDTzXkAs6gOSOymij4I+P32oAZmwf1FwAAAQEIChnb+ZYAAH2qAAAAAwmf\/wAAAAMUAwA="}
00448{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":170199,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"LFbcjDU0xCwDBkn+CABFAABCmoJAAEAGAADAqAEDU9i48c6fyNXli2ojSWt9n4AYK\/LOqQAAAQEIChnb+3R4G0d8AAAAAwmf\/wAAAAMUAwA="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":233620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB45PBAAEAGAADAqAEDlxpfHs6hWJHZNtVIfkyTS4AYJnO4TgAAAQEIChnb+7IRKfdEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjCQUdTBqR8vIZE="}
-00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1455469970233,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00582{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":293627,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"xCwDBkn+LFbcjDU0CABFAACkCYZAAHIGRuqXGl8ewKgBA1iRzqF+TJNL2TbVjIAYHVxFKAAAAQEIChEp94AZ2\/uyE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coXQqpAS87AVXIDwAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVfYWdvaTFlMQ=="}
01263{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357464,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"xCwDBkn+LFbcjDU0CABFAAJDCYlAAHIGRUiXGl8ewKgBA1iRzqF+TJO72TbVjIAYHVwHogAAAQEIChEp97wZ2\/vsOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTIyNjczZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1Mjg5N2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2\/3\/\/\/\/r\/\/\/\/\/9\/3\/\/\/\/\/9\/+\/\/+\/\/+\/\/\/\/f\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/+\/\/\/+\/v\/\/\/7\/\/7\/\/9\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAUAAAAAFBAAAAboAAAAFBAAAArkAAAAFBAAAA0EAAAAFBAAAAD0AAAAFBAAAAvsAAAAFBAAAAPwAAAAFBAAAAPMAAAAFBAAAAqcAAAAFBAAAAX0AAAAFBAAAAY8AAAAFBAAAAaEAAAAFBAAAAo0AAAAFBAAAAPAAAAAFBAAAAegAAAAFBAAAAjYAAAAFBAAAARsAAAAFBAAAAm0AAAAFBAAAAoUAAAAFBAAAAUoAAAAFBAAAARkAAAAFBAAAAswAAAAFBAAAAiYAAAAFBAAAAXA="}
00599{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":357569,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"LFbcjDU0xCwDBkn+CABFAACxx\/1AAEAGAADAqAEDlxpfHs6hWJHZNtX8fkyVyoAYJmO4hwAAAQEIChnb\/CoRKfe8dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcaXx5lAAAAAQ8="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469970,"pkt_ts_usec":452512,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB41kZAAEAGAADAqAEDTzeBFs6dL0HtOa3YPhLeWYAYVhCSYwAAAQEIChnb\/IcCXeBSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjpi3Emqkm5uHs80="}
-00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00591{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":153525,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"LFbcjDU0xCwDBkn+CABFAACrZhpAAEAGAADAqAEDlxpfHs6hWJHZNtZ5fkyVy4AYJnO4gQAAAQEIChnb\/0ERKfrcAAAAAwmf\/wAAAAMUAwAAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":321042,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB48HJAAEAGAADAqAEDxmSSCc6n6wMx0mzN3F5zZYAYZooahAAAAQEIChnb\/+QB8nE1E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjuG56+SlFtqa9S4="}
-00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1455469971321,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00571{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":481962,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"xCwDBkn+LFbcjDU0CABFAACcFzZAAHYG0wzGZJIJwKgBA+sDzqfcXnNlMdJtEYAYAQK5ewAAAQEICgHycUYZ2\/\/kE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopccBVvnEHfGIYQAAADnFABkMTplaTBlNDppcHY0NDrGZJIJMTI6Y29tcGxldGU="}
01274{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641866,"pkt_caplen":601,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":601,"pkt_l4_len":567,"pkt":"xCwDBkn+LFbcjDU0CABFAAJLGqBAAHYGzfPGZJIJwKgBA+sDzqfcXnPNMdJtEYAYAQJeTwAAAQEICgHycVYZ3ACEX2Fnb2kyZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTAzZTY6eW91cmlwNDpSN80BZQAAAHQF\/\/\/\/\/\/\/f9\/\/\/\/37\/\/7\/\/\/\/\/\/\/3r\/\/\/\/3+\/\/7\/\/\/\/3\/\/9\/\/\/\/\/\/\/\/\/\/\/37\/7\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/f\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/9\/\/\/gAAAAAUEAAAClAAAAAUEAAAAnQAAAAUEAAAAVwAAAAUEAAACuQAAAAUEAAAAUAAAAAUEAAAA8gAAAAUEAAAB4QAAAAUEAAADfAAAAAUEAAABUwAAAAUEAAAAKgAAAAUEAAAANAAAAAUEAAABXwAAAAUEAAAAaQAAAAUEAAAAmAAAAAUEAAACfAAAAAUEAAADWQAAAAUEAAABTAAAAAUEAAABBgAAAAUEAAABegAAAAUEAAAA1QAAAAUEAAAAxQAAAAUEAAAAvAAAAAUEAAAAnwAAAAUEAAAC6Q=="}
00605{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":641981,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"LFbcjDU0xCwDBkn+CABFAAC2nnFAAEAGAADAqAEDxmSSCc6n6wMx0m183F515IAYZnkawgAAAQEIChncASMB8nFWZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMjp1dF9yZWNvbW1lbmRpNWUxMDp1dF9jb21tZW50aTZlZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6xmSSCWUAAAABDw=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469971,"pkt_ts_usec":675839,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4IXFAAEAGAADAqAEDvmfDOM6mtimT1S+nN0acgIAY\/\/9DtgAAAQEIChncAUQAv2TsE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkGjzZtimXS5YKE="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455469971675,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00446{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":78142,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCIPVAAHYGyZfGZJIJwKgBA+sDzqfcXnXkMdJt\/oAYAQEO9wAAAQEICgHycYEZ3ACEAAAAAwnrAwAAAAMUAwE="}
00590{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136116,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrWLRAAHIGbE2+Z8M4wKgBA7YpzqY3RpyAk9Uv64AYAQLhNwAAAQEICgC\/ZvwZ3AFEE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xopUl3euuGS1IpvoAAAEBFABkMTplaTBlNDppcHY0NDq+Z8M4NDppcHY2MTY6IAEAAF71efs4aCApQZg8xzE="}
00570{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469972,"pkt_ts_usec":136499,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"LFbcjDU0xCwDBkn+CABFAACdvFdAAEAGAADAqAEDU9i48c6fyNXli2oxSWt9n4AYK\/LPBAAAAQEIChncAw54G0oPAAAAZRQGZDg6bXNnX3R5cGVpMGUzOm51bWkyMGU2OmZpbHRlcjY0OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABl"}
@@ -54,26 +54,26 @@
00438{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374421,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xCwDBkn+LFbcjDU0CABFYAA7Gf1AADIGX+tT2LjxwKgBA8jVzp9Ja32f5Ytqm4AYEB4d7AAAAQEICngbU7QZ3AcQAAAAAwnI1Q=="}
00484{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":374553,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"xCwDBkn+LFbcjDU0CABFYABcD45AADIGajlT2LjxwKgBA8jVzp9Ja32m5Ytqm4AZEB6lPgAAAQEICngbU7QZ3AcQAAAAAxQDAQAAAB0UBmQ4Om1zZ190eXBlaTFlODpjb21tZW50c2xlZQ=="}
00447{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469973,"pkt_ts_usec":590592,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFAABCWLhAAHIGbLK+Z8M4wKgBA7YpzqY3Rp8Zk9Uw2YAZAQFLnQAAAQEICgC\/bJ8Z3AbVAAAAAwm2KQAAAAMUAwE="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":358684,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DCdAAEAGAADAqAEDUjrYc86rlaExvR02+FTOIoAY\/\/\/swwAAAQEIChncC64AhEXwE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjk6UZQGZj8psqfs="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455469974358,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":533855,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WuVAAEAGAADAqAEDUjlhU86qz5GeFCpM34MiOYAY0pJ1ogAAAQEIChncDF0AFHySE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjjDhVI8cWXj55ew="}
-00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455469974533,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00590{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":879822,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrC6JAAHcGgnNSOWFTwKgBA8+RzqrfgyI5nhQqkIAYAQJ8JwAAAQEICgAUfLUZ3AxdE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wosdxOntFzioIvnoAAADnFABkMTplaTBlNDppcHY0NDpSOWFTMTI6Y29tcGxldGVfYWdvaTBlMTptZDExOnU="}
01259{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888825,"pkt_caplen":586,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":586,"pkt_l4_len":552,"pkt":"xCwDBkn+LFbcjDU0CABFAAI8C6RAAHcGgOBSOWFTwKgBA8+RzqrfgyKwnhQqkIAZAQKTPAAAAQEICgAUfLYZ3AxdcGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNTMxMzdlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTA2ZTY6eW91cmlwNDpSN80BZQAAAHQF\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/+\/\/\/\/\/\/\/\/\/r\/\/\/\/\/\/\/\/\/\/9\/\/P\/v\/\/\/\/\/+\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/ff\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/7\/\/\/\/+\/\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/t\/u\/\/\/\/\/\/\/\/\/gAAAAAUEAAABGAAAAAUEAAACxAAAAAUEAAAAmwAAAAUEAAAB\/wAAAAUEAAABMwAAAAUEAAABJgAAAAUEAAABZAAAAAUEAAACOgAAAAUEAAAA1QAAAAUEAAACEAAAAAUEAAACFgAAAAUEAAADTAAAAAUEAAABWwAAAAUEAAACMAAAAAUEAAADPQAAAAUEAAADSQAAAAUEAAACnwAAAAUEAAAAeQAAAAUEAAAABgAAAAUEAAAA0wAAAAUEAAABJwAAAAUEAAACfwAAAAUEAAADVQAAAAUEAAADWQ=="}
00630{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":888918,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"LFbcjDU0xCwDBkn+CABFAADJ6cdAAEAGAADAqAEDUjlhU86qz5GeFCr+34MkuYAY0oJ18wAAAQEIChncDb8AFHy2dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlI5YVNlAAAAAQ8="}
00456{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469974,"pkt_ts_usec":889121,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABH5SFAAEAGAADAqAEDUjlhU86qz5GeFCuT34MkuYAZ0pJ1cQAAAQEIChncDb8AFHy2AAAAAwmf\/wAAAAMUAwAAAAABAg=="}
01414{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":129053,"pkt_caplen":705,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":705,"pkt_l4_len":671,"pkt":"xCwDBkn+LFbcjDU0CABFAAKzM7RAAHUG4zdSOthzwKgBA5Whzqv4VM4iMb0deoAY\/SAeWQAAAQEICgCERjQZ3AuuE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3woo6KDyQqidsX6OsAAADnFABkMTplaTBlNDppcHY0NDpSOthzMTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGkzODMwNWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MDdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/e\/\/\/\/\/9\/\/\/\/\/v\/\/2\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/7\/f\/+\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/7\/\/\/\/7+\/+\/\/\/+\/\/\/\/\/v\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/8\/\/\/\/\/\/\/f\/\/\/\/3\/\/\/\/\/\/\/\/+AAAAABQQAAAI1AAAABQQAAAEuAAAABQQAAABqAAAABQQAAAE\/AAAABQQAAABtAAAABQQAAAKkAAAABQQAAAElAAAABQQAAAL5AAAABQQAAANYAAAABQQAAAA2AAAABQQAAAIPAAAABQQAAAJBAAAABQQAAAAOAAAABQQAAAMMAAAABQQAAAJ5AAAABQQAAAF6AAAABQQAAAJZAAAABQQAAAATAAAABQQAAAM4AAAABQQAAAItAAAABQQAAAHdAAAABQQAAAEPAAAABQQAAAMNAAAABQQAAABX"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":234548,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4WJNAAEAGAADAqAEDlxpfHs6vWJEERbWJ8qKonIAYJJ+4TgAAAQEIChncDxURKgrLE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhul1XASmRgFxRA="}
-00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455469975234,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":240646,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4VgZAAEAGAADAqAEDl0j\/o86w6hjbuZSz\/XvqFoAYKEhZAgAAAQEIChncDxoAaM\/9E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpHIptJ+s3GSLpo="}
-00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455469975240,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":265759,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4dKFAAEAGAADAqAEDTzXkAs6tOSO1PcfcBOlxsoAYN4r1TQAAAQEIChncDzIAAH\/nE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjpuHBUmeY0dBAis="}
-00610{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00554{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":295037,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"xCwDBkn+LFbcjDU0CABFAACPKABAAHIGh9GXSP+jwKgBA+oYzrD9e+oW27mU94AYAQF3EQAAAQEICgBo0AMZ3A8aE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wopW+kcQUcjSA5QoAAADnFABkMTplaTBlNDppcHY0NDqXSA=="}
00571{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":314407,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"xCwDBkn+LFbcjDU0CABFAACdCeVAAHIGRpKXGl8ewKgBA1iRzq\/yoqicBEW1zYAYHVwArAAAAQEIChEqCxYZ3A8VE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC2coV7lk33H8ZRraqcAAADnFABkMTplaTBlNDppcHY0NDqXGl8eMTI6Y29tcGxldGVf"}
00949{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":341953,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"LFbcjDU0xCwDBkn+CABFAAGz+chAAEAGAADAqAEDUjrYc86rlaExvR16+FTQoYAY\/\/\/t\/gAAAQEIChncD3wAhEZHAAAA+hQAZDE6ZWkwZTQ6aXB2NDQ6UjfNATQ6aXB2NjE2Ov6AAAAAAAAAxiwD\/\/4GSf4xMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6UjrYc2UAAAABDwAAAAMJn\/8AAAADFAMAAAAAAQIAAABlFAZkODptc2dfdHlwZWkwZTM6bnVtaTIwZTY6ZmlsdGVyNjQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGU="}
@@ -81,38 +81,38 @@
00642{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":379692,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"LFbcjDU0xCwDBkn+CABFAADRiRFAAEAGAADAqAEDlxpfHs6vWJEERbYz8qKrG4AYJI64pwAAAQEIChncD6ARKgtUY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTI6dXRfcmVjb21tZW5kaTVlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0MDk1OWU0OnJlcXFpMjU1ZTE6djE5OsK1VG9ycmVudCBNYWMgMS44LjY2OnlvdXJpcDQ6lxpfHmUAAAABDw=="}
00661{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":393811,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADeIplAAEAGAADAqAEDl0j\/o86w6hjbuZVQ\/XvsloAYKDdZaAAAAQEIChncD64AaNAEMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpdI\/6NlAAAAAQ8="}
00458{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":394012,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHP2VAAEAGAADAqAEDl0j\/o86w6hjbuZX6\/XvsloAZKEhY0QAAAQEIChncD64AaNAEAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":407300,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4fvZAAEAGAADAqAEDeD4h8c6umaQbpzY0C9TW44AYjjZcRQAAAQEIChncD7sAQ+m5E0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjhq4aGFIV+2F24M="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469975,"pkt_ts_usec":622629,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4JlBAAEAGAADAqAEDTzeBFs6sL0FM+lulp3q\/xoAYVhCSYwAAAQEIChncEJACXeJGE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjsY\/A3YcaePRRY8="}
-00611{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00619{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00456{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":169825,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHu31AAEAGAADAqAEDlxpfHs6vWJEERbbQ8qKrG4AYJJ+4HQAAAQEIChncErERKguWAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
00493{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":244642,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"xCwDBkn+LFbcjDU0CABFAABjNRhAAHUG5CNSOthzwKgBA5Whzqv4VNChMb0e+YAY+6GlEwAAAQEICgCERrEZ3A98AAAAAwmVoQAAAAMUAwEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":336620,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4SfNAAEAGAADAqAEDxmSSCc6z6wOon+tuBozVl4AYZVEahAAAAQEIChncE1MB8nMrE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkC3tYvcSfI56Y="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1455469976336,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":513452,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFEACEZqRAAHYGg6bGZJIJwKgBA+sDzrMGjNWXqJ\/rsoAYAQLT1gAAAQEICgHycz0Z3BNTE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wokMyLr47j7jk1aEAAADnFABkMTplaTA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":582427,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4BctAAEAGAADAqAEDvmfDOM6ytinSUvXkM6bvoIAY+3dDtgAAAQEIChncFEcAv3iAE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkKv+eYrLs2+ChY="}
-00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1455469976582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01309{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697499,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"pkt":"xCwDBkn+LFbcjDU0CABFEAJjaOxAAHYGf3\/GZJIJwKgBA+sDzrMGjNXnqJ\/rsoAYAQJs0QAAAQEICgHyc00Z3BQDZTQ6aXB2NDQ6xmSSCTEyOmNvbXBsZXRlX2Fnb2kxZTE6bWQxMTp1cGxvYWRfb25seWkzZTExOmx0X2RvbnRoYXZlaTdlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNjAxNjNlNDpyZXFxaTI1NWUxOnYxNTrOvFRvcnJlbnQgMy40LjUyOnlwaTUyOTE1ZTY6eW91cmlwNDpSN80BZQAAAHQFv\/\/3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/f\/\/\/\/\/3\/f\/\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/f\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/9\/\/\/\/\/\/7\/\/\/7\/+7\/\/f\/3\/f\/\/\/\/v\/\/\/\/\/\/\/9\/9\/\/\/\/\/\/\/\/\/\/\/\/\/v\/\/\/\/\/3\/\/\/\/gAAAAAUEAAAClgAAAAUEAAAA6gAAAAUEAAAAugAAAAUEAAAA4AAAAAUEAAABqgAAAAUEAAACZwAAAAUEAAACTwAAAAUEAAAC8gAAAAUEAAABiQAAAAUEAAAB3QAAAAUEAAADdAAAAAUEAAAC\/gAAAAUEAAACJgAAAAUEAAACiAAAAAUEAAACvwAAAAUEAAACeQAAAAUEAAABRQAAAAUEAAACCwAAAAUEAAAAkgAAAAUEAAACdQAAAAUEAAACoAAAAAUEAAAAAQAAAAUEAAAAFAAAAAUEAAADTw=="}
00666{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469976,"pkt_ts_usec":697619,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"pkt":"LFbcjDU0xCwDBkn+CABFAADktcxAAEAGAADAqAEDxmSSCc6z6wOon+wFBozYFoAYZUAa8AAAAQEIChncFLoB8nNNbmx5aTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OsZkkgllAAAAAQ8="}
00538{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":23540,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"xCwDBkn+LFbcjDU0CABFAACFWMJAAHMGa2W+Z8M4wKgBA7YpzrIzpu+g0lL2KIAYAQKm2wAAAQEICgC\/ehQZ3BRHE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLUJUNzk1MC3xovjV8bH+iIGCHSYAAAEBFABkMTplaTBl"}
00447{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":34844,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xCwDBkn+LFbcjDU0CABFEABCbrhAAHYGe9TGZJIJwKgBA+sDzrMGjNgWqJ\/stYAYAQF3lwAAAQEICgHyc3EZ3BQDAAAAAwnrAwAAAAMUAwE="}
00599{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":175253,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwJkxAAEAGAADAqAEDxmSSCc6z6wOon+y1BozYJIAYZVEavAAAAQEIChncFpQB8nNxAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":229541,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4L\/xAAEAGAADAqAEDlw8wvc61t5l0EJCE2E\/BJoAYIPWJ4gAAAQEIChncFslLXJigE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjv4JZL7rS4V2Vgo="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":119,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455469975265,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52909,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1455469970452,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52893,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455469975622,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.55.129.22","src_port":52908,"dst_port":12097,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1455469977229,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.15.48.189","src_port":52917,"dst_port":47001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1455469969441,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455469975407,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":285065,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"xCwDBkn+LFbcjDU0CABFAACLG6xAAHIGY0mXDzC9wKgBA7eZzrXYT8EmdBCQyIAYAQLHiQAAAQEICktcmNgZ3BbJE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogWCKk\/sCNEtOuUAAADnFABkMTplaTBlNDppcHY0"}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":119,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1455469977285,"flow_last_seen":0,"flow_min_l4_payload_len":87,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
01294{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324542,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"xCwDBkn+LFbcjDU0CABFAAJcG65AAHIGYXaXDzC9wKgBA7eZzrXYT8F9dBCQyIAZAQKR1gAAAQEICktcmOYZ3BbJNDqXDzC9MTI6Y29tcGxldGVfYWdvaTFlMTptZDExOnVwbG9hZF9vbmx5aTNlMTE6bHRfZG9udGhhdmVpN2UxMjp1dF9ob2xlcHVuY2hpNGUxMTp1dF9tZXRhZGF0YWkyZTY6dXRfcGV4aTFlMTA6dXRfY29tbWVudGk2ZWUxMzptZXRhZGF0YV9zaXplaTE5MDA5ZTE6cGk0NzAwMWU0OnJlcXFpMjU1ZTE6djE1Os68VG9ycmVudCAzLjQuNTI6eXBpNTI5MTdlNjp5b3VyaXA0OlI3zQFlAAAAdAX\/\/\/\/\/\/7\/\/\/\/\/\/\/f\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/v7\/\/v\/\/\/\/\/u\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/v\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/37\/\/\/\/\/\/\/\/\/\/f\/\/3\/\/3\/\/\/7\/\/\/\/v\/\/f\/\/\/f\/\/\/3\/\/\/\/\/\/v\/\/f\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/3\/\/\/+AAAAABQQAAAMOAAAABQQAAAApAAAABQQAAAJ1AAAABQQAAAKiAAAABQQAAADVAAAABQQAAAH3AAAABQQAAANZAAAABQQAAADFAAAABQQAAAN2AAAABQQAAAD5AAAABQQAAAD9AAAABQQAAAL9AAAABQQAAAKRAAAABQQAAAK6AAAABQQAAAC9AAAABQQAAAFxAAAABQQAAAHwAAAABQQAAAJKAAAABQQAAAFDAAAABQQAAAJcAAAABQQAAABWAAAABQQAAALUAAAABQQAAAI2AAAABQQAAAB7"}
00659{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324595,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"LFbcjDU0xCwDBkn+CABFAADe4MhAAEAGAADAqAEDlw8wvc61t5l0EJEh2E\/DpoAYIOSKSAAAAQEIChncFyZLXJjmMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OpcPML1lAAAAAQ8="}
00457{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":324725,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"LFbcjDU0xCwDBkn+CABFAABHCeZAAEAGAADAqAEDlw8wvc61t5l0EJHL2E\/DpoAZIPWJsQAAAQEIChncFyZLXJjmAAAAAwmf\/wAAAAMUAwAAAAABAg=="}
@@ -121,12 +121,12 @@
00482{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":954819,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"xCwDBkn+LFbcjDU0CABFEABafuBAAHYGa5TGZJIJwKgBA+sDzrMGjNgkqJ\/tMYAYAQFDwAAAAQEICgHyc80Z3BaUAAAAAQEAAAAdFAZkODptc2dfdHlwZWkxZTg6Y29tbWVudHNsZWU="}
00477{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469977,"pkt_ts_usec":955018,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"LFbcjDU0xCwDBkn+CABFAABWJDVAAEAGAADAqAEDxmSSCc6z6wOon+0xBozYSoAYZVEaYgAAAQEIChncGZoB8nPNAAAADQYAAAMwAACAAAAAQAAAAAANBgAAAzAAAMAAAABAAA=="}
00599{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":174644,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"LFbcjDU0xCwDBkn+CABFAACwZdxAAEAGAADAqAEDvmfDOM6ytinSUvcrM6byOYAY+3dD7gAAAQEIChncGnQAv35iAAAAAwmf\/wAAAAMUAwAAAAABAgAAAGUUBmQ4Om1zZ190eXBlaTBlMzpudW1pMjBlNjpmaWx0ZXI2NDoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00522{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":413724,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4DnNAAEAGAADAqAEDX+qfEM65oPXUDpz5ZKj0loAYkUPBEAAAAQEIChncG14CELSbE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvUWScco35PygrU="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1455469978413,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":422152,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4xBlAAEAGAADAqAEDX+3BIs66LDm\/gbIP+oH76IAYlsHjJQAAAQEIChncG2YAA5hpE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjvGP0W3l6zj59Ik="}
-00612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1455469978422,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
02384{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574300,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+LFbcjDU0CABFEAXUB15AAHYG3ZzGZJIJwKgBA+sDzrMGjRYqqJ\/tU4AQAQG8XgAAAQEICgHydAoZ3BtZaj4Otodbsp7HwOrWkU\/l\/Z5dQRXljshJbIjPWf0VHO+Ec\/y3FSyWmsRQp46nPFKjHG0PZVKmHo4Ws8XSdOtRrVKmJnR9tRw2Lpv2cqWKq0cLhavn8Z4TA47AUc0w2JUa8KcqFaOHSq4mphalRSnRgqWW4rMcRVoVlTxLjhcVQhTjSqylNP2UpfjD8Y9M+FMPxh8eeE\/2dfFGreIvh5Z+Ob+1+HWva7HJFrGoQXll4Y0qLUPt9lNJ9p0PRruPVIbL7XokxuNNkKWcEt1MzV5X4b8ReJPB9i0eiXZ0eOz8PS25vdA1zUNNkl8O2mtaPexzW+npqYtl0rW4XtzM7G4E0zD99LvmtbT97JvGn7OX7VnjbVf2XU\/Zo8UfBr4TfB7QLvxb4H+Oa+A7bwv40+FureGxDqPia1vNHn8F6fNZeFdZuNVsZjBd6\/rjX1iWe4NnfQWZs\/52dJ1YWWn6bfvts47nSbmzuZi0hha0GlWclraxwaTLctcweTE63KShXCT3b3SmdPOr7TJ86eYT+sYanicuzjKKWHxLwmIoqhiaeLxU8XisJOlUy+nQoS9uqHtfYUVzUMbXlh62FpqVFT97hLO8f7D6nmeFqYSeFoUZSk8RXqrEYKqsWp42pOLwTWJxSVaNenUw1J03Gph68K1oTh+j+s\/AP4kftGa7YeLvBem+H7D4cx+GdGtrS7l8RNq3h7wk04uLK80v7dbiTWk1f7WEWeSTRbiManb\/AGkAAEAJBwAAAzAAAMAAeEyvA55bwvDrn7OWp+NvDvjLxNdWevWVzfx+DLLw9p9j4rsrjxrd2V1dnx54eW9vdP0e3l0G0naO9MlidRjaUkWqSOZIcnwV8SNTn\/Z51DSfh20PhbxB4Q8Q2tzqslhf30fiu40PWdfbUdKvI7HSLhEZhBHdSRXhjuYLeOAbkt2jjNfMt\/r\/AIt8R6qza7rHi7Ufs1nf5jtFuNQi0rToNEvNVurWzttMms7B4UkUPLcJaw2t2qvO03mMxr188w1THZVl2PxGcYlLMcup4RYOvQVaVLD4GnHKq86+Yc+PeOhmlClTq4zDOMalPKczw7o151Y8tf8AccbnPCuVQwtbJOHpw4qWI\/tivm6qwp4SrDOIQzGeBwGUYTJsslgYZVWxCwtLEYbM7RxmFxTwbpupQeGi1W5uZLi\/v7p73VtcmmtNUtdXuxaahJa2M2qW8ems1ml1dQXd85aQyaXerMqy3ETXEoEQlT2D4H\/G7xx8Kri58J6APhX4SuPG3inRrnXvEHiXwofEV\/oUenmw0rTri8NhqWtTDwtoDJJfXlvFpU9yFMjoXVAG+frtJ47WwtdWOu32n3drb6ZPYTCyuna3jkiW7\/s2e4WFIpVS5jEUb3NxDHvLSSqIRnuvBF5p2lPpXxA1Xw\/4Lv5Tq2uyeH\/DPi7VtW+0arqOqWlzbW+v6zommXNjB\/wi\/hC6XLRzzWQvJE+ystxAs0i\/PZ1gaWPwtTJcxyKliqde\/s6OHeFlRqV6Mm6S9niKlWCUHTlXlSeHdDD1IKtKHssPOR85w1n2f5Bn9XN8pzWvk9WCn7TMG6tSph6GIaca0cTGWMq0WuesoVMNhsRXU413QlPndav+vP7SfxM8UeH\/AIA+L9B8DePPD\/ibwHYXeg+DfGfi8eM9OsfFHiPUJLa51WLXLjwd4UsLXwdpqeHr2Rr+y0q3juXs5J5RJF9hSS5n\/Fjw3dy6tB4nvZ78wLpn2i\/ht7lIIo2vFktrlNRjsLrUbdZtQtlmVIbVJb2SN42YSSASNb\/c3wluPBnxm+GUOm\/FDUrr4a\/CH4Oaz4w1z4qa74EtPD6ar8Vte+J+kaze+HhaR65rc8s3i+60vTFsNMDW2vSWui2GEiSD7Lbn4V8TR6RNPr+naJeeJJ7HStRu5PDc1rc3qald276v"}
00453{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":574440,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFMFJAAEAGAADAqAEDxmSSCc6z6wOon+1TBo0byoAYZVEaUQAAAQEIChncG\/wB8nQKAAAADQYAAAMwAAEAAAAAQAA="}
00591{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":654379,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"xCwDBkn+LFbcjDU0CABFAACrIv1AAHYG\/pRf7cEiwKgBAyw5zrr6gfvov4GyU4AYAQLALAAAAQEICgADmIEZ3BtmE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wog5gTbVhOs8MSY8AAADnFABkMTplaTBlNDppcHY0NDpf7cEiMTI6Y29tcGxldGVfYWdvaTJlMTptZDExOnU="}
@@ -144,38 +144,38 @@
00468{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":893762,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"LFbcjDU0xCwDBkn+CABFAABRH7FAAEAGAADAqAEDxmSSCc6z6wOon+11Bo2YcbAYZVEaXQAAAQEIChncHTMB8nQqAQEFCgaNnhEGjaOxAAAADQYAAAF4AAAAAAAAQAA="}
00452{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469978,"pkt_ts_usec":905805,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"LFbcjDU0xCwDBkn+CABFAABFwtlAAEAGAADAqAEDxmSSCc6z6wOon+2GBo3YfoAYZVEaUQAAAQEIChncHT0B8nQrAAAADQYAAAF4AABAAAAAQAA="}
00440{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":118255,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"LFbcjDU0xCwDBkn+CABFAAA9WCBAAEAGAADAqAEDvmfDOM6ytinSUvenM6byaYAY+3dDewAAAQEIChncIcwAv4ZsAAAABQQAAAAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":213097,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4U25AAEAGAADAqAEDU9i48c6\/yNUzq1kTBM6UFIAYL5vO3wAAAQEIChncIiN4G2eaE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1Bjq+Lj4Q+qUQM4PY="}
-00614{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00622{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1455469980213,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":262874,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4esFAAEAGAADAqAEDXUH5ZM6+emiQl\/fDL3XicoAYTYMYvAAAAQEIChncIlIAH\/RSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjkTA1ljAvA+q8j0="}
-00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1455469980262,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":275201,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4g5FAAEAGAADAqAEDXUHjZM69Sqzdpe7S802+OYAYVXMCvAAAAQEIChncIl4AhA2FE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjlkhEgSgYOOKqPw="}
-00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
+00621{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}
00539{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":297747,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFYACEPABAADIGPZ9T2LjxwKgBA8jVzr8EzpQUM6tZV4AYECksHwAAAQEICngbZ84Z3CIjE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMTg4Qi2qnlHDgsE5LNSCYRoAAAEAFABkMTplaTA="}
01340{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371695,"pkt_caplen":650,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":650,"pkt_l4_len":616,"pkt":"xCwDBkn+LFbcjDU0CABFYAJ8C7pAADIGa+1T2LjxwKgBA8jVzr8EzpRkM6tZV4AYECkszQAAAQEICngbaAwZ3CJzZTQ6aXB2NDQ6U9i48TQ6aXB2NjE2Ov6AAAAAAAAA6gaI\/\/7N9BMxMjpjb21wbGV0ZV9hZ29pMWUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTUxNDEzZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDEuOC44Mjp5cGk1MjkyN2U2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/v\/\/\/\/\/\/\/\/9\/f\/+\/\/9\/\/\/f\/\/\/\/\/\/\/73v\/\/\/\/\/\/\/\/\/\/f\/9\/\/\/\/\/\/\/\/\/\/\/\/\/9\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3\/\/7\/\/3\/9v\/\/\/9+\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/+\/\/\/\/7\/\/\/\/\/\/\/\/+\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAiQAAAAFBAAAAQwAAAAFBAAAAisAAAAFBAAAArIAAAAFBAAAAFgAAAAFBAAAAxMAAAAFBAAAAgYAAAAFBAAAAfgAAAAFBAAAAvcAAAAFBAAAAm0AAAAFBAAAAMYAAAAFBAAAA0sAAAAFBAAAAXAAAAAFBAAAAMEAAAAFBAAAAecAAAAFBAAAABcAAAAFBAAAAI4AAAAFBAAAAHoAAAAFBAAAAgkAAAAFBAAAAMsAAAAFBAAAAGkAAAAFBAAAARwAAAAFBAAAAdQAAAAFBAAAAFA="}
00816{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":371807,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"LFbcjDU0xCwDBkn+CABFAAFUAnpAAEAGAADAqAEDU9i48c6\/yNUzq1mtBM6WrIAYL4nPuwAAAQEIChncIrV4G2gMaTNlMTI6dXRfaG9sZXB1bmNoaTRlMTE6dXRfbWV0YWRhdGFpMmU2OnV0X3BleGkxZTEyOnV0X3JlY29tbWVuZGk1ZTEwOnV0X2NvbW1lbnRpNmVlMTM6bWV0YWRhdGFfc2l6ZWkxOTAwOWUxOnBpNDA5NTllNDpyZXFxaTI1NWUxOnYxOTrCtVRvcnJlbnQgTWFjIDEuOC42Njp5b3VyaXA0OlPYuPFlAAAAdAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00587{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":390227,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"xCwDBkn+LFbcjDU0CABFAACocqBAAHMGfF5dQflkwKgBA3pozr4vdeJykJf4B4AYAMOuCwAAAQEICgAf9F4Z3CJSE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVUMzQ1MC3wogL0Pl3FbMgdQMAAAAEAFABkMTplaTBlNDppcHY0NDpdQflkNDppcHY2MTY6IAEAAF71ef0Mhifaor4="}
01292{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469980,"pkt_ts_usec":488536,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"xCwDBkn+LFbcjDU0CABFAAJYcqJAAHMGeqxdQflkwKgBA3pozr4vdeLmkJf4B4AZAMO1LAAAAQEICgAf9F8Z3CJSBpsxMjpjb21wbGV0ZV9hZ29pMmUxOm1kMTE6dXBsb2FkX29ubHlpM2UxMTpsdF9kb250aGF2ZWk3ZTEyOnV0X2hvbGVwdW5jaGk0ZTExOnV0X21ldGFkYXRhaTJlNjp1dF9wZXhpMWUxMDp1dF9jb21tZW50aTZlZTEzOm1ldGFkYXRhX3NpemVpMTkwMDllMTpwaTMxMzM2ZTQ6cmVxcWkyNTVlMTp2MTU6zrxUb3JyZW50IDMuNC41Mjp5cGk1MjkyNmU2OnlvdXJpcDQ6UjfNAWUAAAB0Bf\/\/\/\/\/\/\/\/\/\/\/99\/\/\/\/\/\/9\/\/+\/\/\/\/\/\/\/\/7\/\/3\/\/\/\/\/\/\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/7\/\/\/\/\/\/\/\/\/\/\/\/+\/\/\/\/\/v\/\/\/\/\/9\/\/\/\/\/\/3\/\/\/\/\/\/\/\/\/\/\/36\/\/\/\/\/93\/\/\/\/\/\/\/\/\/\/\/\/\/fv\/\/\/9P\/\/3\/\/\/\/\/f\/\/\/\/\/\/\/\/\/\/\/\/4AAAAAFBAAAAm0AAAAFBAAAApQAAAAFBAAAAI0AAAAFBAAAA0AAAAAFBAAAASAAAAAFBAAAAwgAAAAFBAAAAHoAAAAFBAAAAV0AAAAFBAAAAfQAAAAFBAAAAwsAAAAFBAAAAmsAAAAFBAAAAhwAAAAFBAAAAuYAAAAFBAAAAmQAAAAFBAAAApAAAAAFBAAAAFAAAAAFBAAAAc0AAAAFBAAAAa0AAAAFBAAAAx4AAAAFBAAAANIAAAAFBAAAAu0AAAAFBAAAAwoAAAAFBAAAAEoAAAAFBAAAAME="}
00470{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"bittorrent.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455469981,"pkt_ts_usec":133971,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"LFbcjDU0xCwDBkn+CABFAABQyXBAAEAGAADAqAEDU9i48c6\/yNUzq1rNBM6WrIAYL5vOtwAAAQEIChncJYd4G2hMAAAAAwmf\/wAAAAMUAwAAAAABAgAAAAUEAAAAOw=="}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_tot_l4_data_len":1031,"flow_min_l4_data_len":46,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_tot_l4_data_len":1035,"flow_min_l4_data_len":51,"flow_max_l4_data_len":552,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_tot_l4_data_len":1286,"flow_min_l4_data_len":39,"flow_max_l4_data_len":614,"flow_avg_l4_data_len":160,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_tot_l4_data_len":1208,"flow_min_l4_data_len":60,"flow_max_l4_data_len":616,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_tot_l4_data_len":1035,"flow_min_l4_data_len":51,"flow_max_l4_data_len":552,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_tot_l4_data_len":476,"flow_min_l4_data_len":51,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_tot_l4_data_len":1111,"flow_min_l4_data_len":100,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_tot_l4_data_len":1043,"flow_min_l4_data_len":51,"flow_max_l4_data_len":566,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_tot_l4_data_len":1042,"flow_min_l4_data_len":51,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":208,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":100,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_tot_l4_data_len":478,"flow_min_l4_data_len":46,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":119,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_tot_l4_data_len":1312,"flow_min_l4_data_len":41,"flow_max_l4_data_len":616,"flow_avg_l4_data_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":46,"flow_max_l4_data_len":586,"flow_avg_l4_data_len":202,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1455469977285,"flow_last_seen":1455469977324,"flow_tot_l4_data_len":956,"flow_min_l4_data_len":51,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_tot_l4_data_len":1057,"flow_min_l4_data_len":46,"flow_max_l4_data_len":567,"flow_avg_l4_data_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_tot_l4_data_len":277999,"flow_min_l4_data_len":46,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1323,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_tot_l4_data_len":690,"flow_min_l4_data_len":100,"flow_max_l4_data_len":590,"flow_avg_l4_data_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_tot_l4_data_len":1265,"flow_min_l4_data_len":79,"flow_max_l4_data_len":671,"flow_avg_l4_data_len":316,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1455469967550,"flow_last_seen":1455469968002,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":871,"flow_avg_l4_payload_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52887,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1455469974533,"flow_last_seen":1455469974889,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.57.97.83","src_port":52906,"dst_port":53137,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1455469969259,"flow_last_seen":1455469973374,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":1030,"flow_avg_l4_payload_len":128,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52895,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1455469980213,"flow_last_seen":1455469981133,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":209,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"83.216.184.241","src_port":52927,"dst_port":51413,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_first_seen":1455469978422,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":520,"flow_tot_l4_payload_len":875,"flow_avg_l4_payload_len":175,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.237.193.34","src_port":52922,"dst_port":11321,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1455469975240,"flow_last_seen":1455469975394,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.72.255.163","src_port":52912,"dst_port":59928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1455469970233,"flow_last_seen":1455469971153,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":951,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52897,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1455469975234,"flow_last_seen":1455469976169,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":534,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"151.26.95.30","src_port":52911,"dst_port":22673,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_first_seen":1455469978413,"flow_last_seen":1455469978679,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":882,"flow_avg_l4_payload_len":176,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"95.234.159.16","src_port":52921,"dst_port":41205,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_first_seen":1455469980262,"flow_last_seen":1455469980488,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":732,"flow_avg_l4_payload_len":244,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.249.100","src_port":52926,"dst_port":31336,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1455469980275,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"93.65.227.100","src_port":52925,"dst_port":19116,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1455469971675,"flow_last_seen":1455469973590,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52902,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1455469976582,"flow_last_seen":1455469980118,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":584,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":155,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"190.103.195.56","src_port":52914,"dst_port":46633,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1455469969441,"flow_last_seen":1455469969689,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":554,"flow_tot_l4_payload_len":850,"flow_avg_l4_payload_len":170,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"79.53.228.2","src_port":52896,"dst_port":14627,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1455469977285,"flow_last_seen":1455469977324,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":552,"flow_tot_l4_payload_len":828,"flow_avg_l4_payload_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"151.15.48.189","dst_ip":"192.168.1.3","src_port":47001,"dst_port":52917,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1455469971321,"flow_last_seen":1455469972136,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":535,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52903,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":210,"flow_first_seen":1455469976336,"flow_last_seen":1455469982106,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":271267,"flow_avg_l4_payload_len":1291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"198.100.146.9","src_port":52915,"dst_port":60163,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1455469967246,"flow_last_seen":1455469967465,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":558,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test"}
diff --git a/test/results/bittorrent_ip.pcap.out b/test/results/bittorrent_ip.pcap.out
index 948fa9988..4b4685462 100644
--- a/test/results/bittorrent_ip.pcap.out
+++ b/test/results/bittorrent_ip.pcap.out
@@ -1,5 +1,5 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_ip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492508985380,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02401{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380744,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYlAADUGywC5OBQkCgAADtGOiNaC0hsOOk8HpoAQAQ9pDwAAAQEICnOGuIMAaon5wq2wH+fJAB37WaFc0xGrpC62Mk25YlmPUd6ck3UOPlnlmaLDK5iccRQxV6Lrpsvp\/uuH07fwJI5d7\/2xQsXKRbbf\/dZsog8rfXyOu4oWkiFqn16z1YOEpNojRPpe7v7oH86SIuoL3dpLCw3AXEVUNxwx2S7LDL5\/rfeDM8+Bcl\/\/R8Opw8m+od\/En5GEEzZ3xGrHEqfzxOcCFet4txleRVwSMtJGmJGEZlxnSc9bQojqyP8G3\/vCd1PweWLboTk+NjSajTAv1YG+aTAyluKRr0qFOpDKQmC3IVqzr4W9DmG3o93pWPJfaiwZdc0LXafyZIup0T3O+0SD+1KX\/MXVxLlbkrHIObYhG0KRzwzkIiO\/HR3aqzKcLzpGqVYzgATNkx6loBM2zXf8m\/XhjwgHW\/CGReGZFPmB8J6GzYgFDRMMKktYU5wo0oK4SF13YaHyFNIDAJL3DAyL5r+1U9G1+dr8PIMRJp4\/FwQSe6a94CTR4ZskCkdLrs8tj1RsuwrXTbzvqBJzUsQBm9rJfZm4y9w1pfULJ8D1TYjJjMzSDEl0T6hV8EZ4dmzL6IhYkOgH8tql6Y93Y0ddSoYv324931xWI\/bR1RKV7BANQbXUG2pG0h2KZpa6XgVabRUtP99Tr7\/5gqL\/IS2bD5xlSK1xPITsCAn7s7qmMuBYou\/b61yEnXpRH5c7+HPoOUXeVk4W9oZrQVAXk5BbSMEHW5RfTBUhNP++2i6eHn+vUbuL8UK5lLIATIcvvZI9dlyGFiLHDfDqqIZCrFy3RyOhH2X\/YORdIg7sw\/ndDLMFBseU\/KWeXwePK6mHg0z23nZaHdFSoeEOxwrWY0lgWUBWjSyZYzTSBwlfgqsQztiEM77xdLWOhbIlx8\/nuG0COEMh2y1lyIiYlKLCMQXTS7K\/j1FVuF\/8tvPyElMf3rWajnXt3EqUVmFpQ6LS9QxFLTpgEdeFnf2qL+AmoEuGUjU9kJweI25uL0Z9lzpQhvvCq8wd9I+ftZPKuA6dZ\/k3GrkabkYxGDbzhE5ROw\/DgJVMx8YTocrJYMUrgGEF+p9he2ru4LLtxOeShPq42CbnIGyZfsPr53QY+AEuNN1DHzxtN+wF\/8izHYs9Nm7vOWO5FyqA5I1eXm+bYBqxrutPktuKTr3AfJQHxFyberh\/WGaCmyY1JDhaxqT6lahZjq\/D+h\/+cEW317H+1sg6aF1yFTeoDuELtGhphh\/6RwybG6XySF4DX3+mdR3VpDjIljqG2zlOcw4y9GPTB0vD0AfEp6VvCyFfJDbXcmK3LpFLGEF5msQT5bCRePIl2ts6C5\/K71IHEGDPO2Pna8kfaM4QGJ2FEOm\/xWLLsagIQPw6MSeEcAjjO6xkOeOb7btfefPF4Kqyu4ZO6Dzvgl7z+p4BOxyjwIming13hAtv7syoCsUTcyEZ7qN3Z1aE0wB8ZLg5qK0FPpcYv5DNjm96suA59qoy4XiMdUVp7mB3au2pxK33YcDYQwNH4vEAMRMnaiZbwUYX7PyP2fmGyj4etY6\/bzsgqteorOb3gC0UWBkYEiO9kyElGbVXiYAbr+cNxxY6pf6owquBKfCW+9gNQM1Gf3JOhOZXrurW533Z43nBgLYv3+V+2tLwZ1ozPyKPrSjCuP15ektq6c1rgVAbemep1fdRC8ScYX38M92H9PR2+eGCsHtEDQpBXk5LKK8TFCIvKYqIOASd2UUU5JBJTDxPo8Dwxaolh1aYwuyIWd2Y0ZZS0MaxB03Gs37ZQEebCoytVUbaQ8N4pKz7QcsA+9kfdLFgkcDGaBaeG2k\/9sjsS9pkJk1hIC0qCshMy5uCV2qA5VPCarO85ASgoheRo5nDYkD5BXNn2XlPP\/DEADBYv466aYqeaVlkvH4VxCi5CTumh0poopX16s9g9P5WDW3G3znJwzFtdiZlOelig10="}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":380750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h3tAAEAG294KAAAOuTgUJIjW0Y46TwemgtIgtoAQCI+fXQAAAQEICgBqiw9zhriD"}
02389{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":381419,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnYpAADUGyv+5OBQkCgAADtGOiNaC0iC2Ok8HpoAQAQ+BVgAAAQEICnOGuIMAaon5BuPRLy3uJClpq06N5WbznePjpAb33PwIhDmQzu2amLpqojqD8pITOs+XbaoSgUtCjoMw918bf1kT0PwfNLnQaxL48UHV7myOpaEdJ8VltTypXbxcXCetJJM6gRvH7ym+4hJ4tcr2zekZutLAQjA2A1uiGfgzMF1ut0E7fVqsfQrYv72\/xPwmLPE4vfQ2X8WomSOaMi4wt5m+fmcqD7e+bckg26tp0o+Czgwy47BmFi4tSe42zJqjwrbuZnRxl5R1O\/j7cS3DzHcfxdJVuWBfwx1MvQ49JuS6eYyLe3XQFNuxixXY6GXXeERkcbxBT7Lb1riJflqG+q1NPO57Xk5XbpGzlWX5ncKkblZ3LrRtwKyglC891nWyCbf2GMAiMGfnq2EhxvbsKz+j\/pt0frlmE5XglerKsRhqlt4JvKk9gCPdDlnkSpgt6vcuoRIOxrfm2eTAVfNhx6CQ2IuVPhOAasCwOkG8pUGkqRe6LODGhZMagzSpBj0qEbTOP\/nZ1wDKXgmIFlGyxm0yxZeJOVzBPs3Wrce7TsuReOlTpVaNLpjSe0nIjh79sNpzxXRN3fq+DrJoG6mde11Cr+PE0XpMjWYssAFpJAtA5MN5uyVzdtyGbzHO2mZ2dVQuy\/LKNeOg54Hed4XqXZ+YkcRdAV+qxpt+i5443UdMfoggkY6Dgmeas8IoGPIxy\/F1aYn\/0ntdXOdQCtLaPtnVeWNZ4i8Y1jQqdGs5FP\/yYvhK9ZjwZ30aedmX7HdQavUFTxo+CIzJDcVRVJmSizwljNmn53GAdwtF9ZOliUAJGuhU2aX2CdjlNpcIIhcjR22VSkt2uEj7UTioi2efL2UNX9NvUsNym+l5gYa4e5G1cEFwRCjaIVkqdDBSDJdg3POuDFgeU6vIhhLuQXoicw04wO+Xjc+NIvW0g4HOyvXMjMLo+1lIXWf\/wil860bZ8dcJKnGIOZaWsA0QaDBIFhW1u2oBSFO\/9AXIm8behQDqQz5asWfGHjJdg8Oy0tMlQWMBK9pDo30IjNPez7bfZj9hxZ6sb5FDvSj6iwwn1H6NIpmLF6aF4BPDl5bvjAlqbaae6vn\/bEdweGulxxyKri96vRMASxK0NDSViZF9pzX2TEtg1z68PnNJexmxFyI\/1\/jw4iTSFgTpmkWn\/HZdU52OFen96owDvY6j78ZdkHaN1r4xDrNDPIeqxWhgvXe8ss4awVKrb2YX089D\/MitjkeShQZBZ42JvzMY5MvxJSl2zFv\/L6rNZ7NgZ9+eUWL\/AfLeo5F1xuMTKDJsFgJFmRyraDsNdpy+6q7fX6k9D+pabZs6K158Kg0fVT2yQIBroDGxM1QE8faZZCIHtc4OXJfstrC3lA8Lmy+ub2Vhg790zL7DKhf3deHSySeAIxpQlVytfpOeRHbueQ977qmpJ6mNwxivN07QLge+I5TV9UAm8C\/8mEKXRZwCTgksGem0MHtLQHcHgAyVq3DwvrLIbgJFg+qrY8f3YSjrTKDCxnFFqEf\/k+DpR0PIB8vx8d6i7CqO80LKMLY09+pIsRbs1iaREhcvxtiSQcPorl+xzUOpFF+ynEOJwniCrLZ9Um3lOIQwekvMzVg1\/E8kwhzoUVfq65oC1Nj4qhJYXWBdOegYHdoLPw9e8D61y3JA8fmRXFd1eMX4AQ4se+E0wzfA\/1x2bkZe2YNOndoBBB+Nl1kSDpp36avXMKGGqgGUv8JnWRPrFSmswcbiHJFltbqFgrm3JaB6LsMDYkZ3Q4oWjkBYH+AqtZlcLeDiXmiTreMV7hQ1sYkZnyoS0VB6rFVH+0+WXLmbOY7Um0YGrs3I2CFSOj2qxt9f9kMiKPgQpbYcoA9TAl7kD4ysSlXUeSvrMg63NJUKn+J\/RHzYJDMuRaxlCrLjRkiwIAM6wOD\/KLQPtI6e4VYwtvjiy84faZt6WMI="}
@@ -15,7 +15,7 @@
02402{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389958,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnY9AADUGyvq5OBQkCgAADtGOiNaC0jz+Ok8HpoAQAQ+X1AAAAQEICnOGuIYAaon8LCTCy8BVB\/Gv9oQgc2xUgGbPdfX3rG\/ZE14UJhCmmhYGEbhY8wuCB2inw6R3mSCVT7jzowALqrF2Nox6uvPYqUa3pMV1o31kPTJItZAqzh2X92Vdm2W8tDE67kRecccl7FH6rP1Y1Nr+9YwvVidGw\/aVcRk3uhG1t1CDDaJR5eqxmu5rctvagUaqoA00Jor19TBM5mWpx1NJzC1e9pveCLdDd2Qzu5vZA4uNgsYSg\/Bc4K3+QULjQ+uoj4iN+wvgnudZXW2C6UcFAWx3R32PLGJ9ugtwpbiieXmC8MQ\/Jr0TyhAExROaHsrw6RXsIgjwulSLbDiz2jAjMTT9fnI89jRFAPW2HUibKJmyv4Ij53TS5bNmYZNB4gU78iqXfbYhG7Lw4Gsi5y0r\/2U6VCfI3TkB1+vZuVh2vxMeuI9wropVyEg0a7zcAGnG\/bE+EmSLBEZj4fVp+tJ3hrf49RG6uJ94QdRbUtTGthXcaL5KgZNMsgVV0qk\/r9cDkQGBxd8Wr\/rVfPukRI6stUqp\/MRaHjaIbuIVd3CwWfRPP0kK13U6LRTo0kls+odv5waPHflMs04Wa2WUcZ16O\/x8sNe602vVIXe1erbnLV3IYG+L6tDhhkfHeCY3qD7snP70z0E4bHLqHfAqOtAltp+agmOP3RpZw7zk8mpfizzzxDlGuEBEpHIkXCCzBJi25ml844RCSuSMVtSfJNQmYNKDDeo4VAKIuWvGwULQbZc2oY\/B\/k1vD5VXBKhVklHAaS7VgCVwiqGbFb93wy51ECSEQfCZXgEy+cXny\/L3AhUT6SnPH3d5qIcCixxX9Zhq9xxLOeYijFd\/hbxAVHKYjyOBWJa32bIjjP5aSZQzxf+pgHYbnOT65OnARIZtdl8hCLyMqV3GMC5c1zHWHb+9GtB2NwJg5CH6liQU7cLoNTFU9m1JqyZntCrx\/\/daplbtRuN\/3nMEhb1Op4p0vE91qR+FjSF5ABi4bc+TnmPAGuXMIdpi3C27NXv18AwgtT7HlVWMcWm2v7IUXIOGjwi\/HuUS4y\/IZoCN5DC13lIOWUovcvWOVkFnWLDh+6nQx49GxfBT3+qdf4c7eqs8f253Z9Yu0jgwDsUFC1WJLDGmPkeASfXYluDZ6ED6Kv6TTnXSH5zBqkD0SKs5Ntw1FwszKqrmRxshIDSFz4DieYLYcRzG2m8uzvpNmeOOQUTHbJuvsA1tFpYmJAKECKCI86mvtpTn5IkBhJ6y+QGdpYUz0UmAJS9PgR86I0F16yiYLfFwwY1I0PgelBKYUI6tTgAZyZptij\/I98hYJj3C\/igN+AZ1YWqnqV8JoRD7IA3b+fPO9cH7wZm6knRCdn4NGQ5jx5j\/gYYg5Bk7j+VwsfpKwSQJEcofNY5XU6Nq6LxQb7E2yWPVOc1I3XWzn7ERkNSsR9ZWKXlCpOVZGleQLVs7XKpGtXGQttJSuDlm\/pQSrUjOkadxG6AyVX+VzhssdrX3uSouqHLteQNbXstqvj3JgXzrFnZQrE1mP5Bscc3SGTWps5dDotab6bDPWPJOuLGnLH+RKVEXzKlTOLL1ELqVVcoMhcrvaK1CYxQ\/M4netH1I92H9mfjQBBnsohy9MceFeDBOtIEg5h+NCZ2TzopL53gZunEH8iGMRs2\/w23\/Wl0cFqrsDEUEmSyQr1mwyL63yyFFXhRxCiufiQEtUer1vkBQSOFL83bpbR0PRnKCCJKg8Ig8nRKZCxQGfu\/3R1logz+6i57p2E2Bb00tu51D4uD00P6HRxAUlOqBxK3aHJ0J5DSLf7HAryv2ty7N+4Ap0XGV344X\/\/rEbBUl\/3e6p1546\/blAXCxbHA\/rSKpoq4k2cc3081hoLRpzfKHkCdIzRYQB4Rl3oGCkh\/3pAbARmnOv9hOmzRhgcis5zgv3DOFknmhid70p4dt4kbL9Jk="}
00430{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389962,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0h4FAAEAG29gKAAAOuTgUJIjW0Y46TwemgtJCpoAQCRd84AAAAQEICgBqixFzhriG"}
02391{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508985,"pkt_ts_usec":389967,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFKAXcnZBAADUGyvm5OBQkCgAADtGOiNaC0kKmOk8HpoAQAQ9TXAAAAQEICnOGuIYAaon86kCyxYzDt33zmhYULc6p5S0NUXklgbxQ2lLgxjEbV6TISaCK+l4l45eomYRprbaDV1Mn0ZEjO7ADMeBq1v0WphjN869OXm+GAuEcy7tCaRt4eBV7STsjPsbdLeDl4roSW4emk2P9nLWwvR42cc7d4B56Z2yQPlshp3zYMtITRYl9TWFSMWe3FdqJRe0gVurJZlATKtrnTC970\/qwHEVc3tCarnWtN8Q7ryOSnj+NVWh2+aUllIC+kjoBd8S0jFOQgmTdPF62sGJXT\/B9eWl38\/MEdL4knoQIw4ymZRw5PFl8ySWNayCLfG2Kt34JpGHNoDTcsuwQp2EAsNQEejW6F2TGN9q66yKi\/6KlqzjC5+kajKKdAYHrcu0Je71ggcazKjMr1cvGSOPDZDVcL4C\/nl1LjWRPREQLLgMOhCBDhle9jwKd+sdnrvlHNCkUVFLEESsREhcBKQPerraWyn\/VzeCkCknVyr5o5F9lCKn8irdw0+aG4kC\/xNIjh8ThUNj1\/AxAkteG7hfKybcOklmTemUArOgONClt96sKaNJBf3X4tblwgyyNsAlk7siZrwbVQ+ju+oA99u7FtB+ch8Z9lHXeU0Rm2Mt4kqDpUwHCxd8a7t0slj9S4SpdqHYUpF50oj9Xuy7olByVmYuLhZYe0jS1clOKh6b4Jg4bc1SM33\/G7AMrQbljRcFOrgD4t6nGzUpLM5GB4a1\/LrGe1VmAMT1eTqeoGYypqsJrX7DMAHfmirDNLYVvS34CP2cJ1VIc3fY6wX7iheEWbPWUXqW72OLi1srW6osh1SR9xj8e1RgdYCPDUJIx6brffNUgtrGSE3nH0lxOybCaCyjPDO6PqXqOg4+7p0ricx\/ho6S5J3sy5Ynx3DsLEQaKfahtdDnn9MjFnO2SOST6TbFcfBmNpKUWlo6JQFJnbVpU0i0gYqzIBghagebCdk6Dqn391FIr\/CBnuWRz3cFlcbolVXcCuN2+SD6JxFebpRVh57INHQE\/dG4dDD3wgYQq+vj5J2V8Ejyb6Zn1lRC+sZCHeL8TNssFp+fMLpUJwZmGy2Q0wrYYB1tiq4vYDdf2TJ8+RHAs7WKTPNiV2em1sqKs8bA2txP8dnO56ZPrRY7eIdDHFHntiA\/JjPJqe5Rhhoz21eFoSvKkR8euFwh7QC3xFX4uuEMN06gE4gN1\/yrTp3iz3YlWbA2reoYMKPUfHVUcewV9Yteskjvwe5HkHZ+a3c5AjHXXe6BNSUAkxKANQ\/J5k7x87T62t8mh4fEeMJF0bLTR9f12Pxh4gpJnidje4BE+VTgVNP0LnEjieN2\/W+9zul3jCDOHF8rpHPBXno2jbc9Nb5gUbYNoQ3p4w12KycAAtiAA\/vBC6yc8Zl15YXWM0i3m\/7bvPPDjHEJ1PVfqBPbDDGhx+7vfYAwxaHRcA\/ax6sQHCB8YhT5SUGiRptEySbmm3GbFreiywtVr6SA2Krob9ff1SqGA2LdHF8APd27j7j35KqslqF47jLVjMZCcb3agcMtv9osGZX7RSoWpcfsL\/SWdN3+UhRXoaiO5NoWJf5J0L1exwIzF1aivg+0Rv7ZO\/TWEBuq4TIllEwgPcd6wRk7SO1T1k2PVoRShDy3d22Vm4sBxaUOLUjaqbYUt0Jk7xbDLWWRPzAPansXvI0qDIrLevoy2eyBO0ylGa8ORoy1zcrXT2VMYqnzoyoH+TjkHpOICAcoOmxgqHIlJN7JB2xeaVsdhDtbR5S1Ueg4C+0PLiWzITdKIUpDS79Cwbu13HVzcs3vubirGqB6wcu6gX37WeN5SHmOVjvNpWbIahXL54HB81EHShQ+uuc33MvkIsr8EO64dydI7DkyrfrQkDl\/+olMD1bcBi1PMZofR0jaIiFb4B2OzflU66KkHP9MNmizJM9k8EjO0Pex0TPDSjF4ApTpHI40="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492508991649,"flow_last_seen":0,"flow_min_l4_payload_len":1448,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1448,"flow_avg_l4_payload_len":1448,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02403{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649218,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOpAAFYGvBFN3q4UCgAADgsythIFf+fAyg3zkIAQAQRWiAAAAQEIChotFWoAapAXoFZsJoOEMtF8fPEtH7H+tnsdcSzA336oJmu4Vmd4+L0QrQI3vtKCetbBuRYf5q6g4O6T0Jwp+QqkdwPc7HIErcfsszej+MIWFWM+kOUmjcQ4ZzXdJdcDBn8tOzKM\/z8HdD\/MBa7YQ6L8mDTXwMbVhCmQLgbAVb5T2wqH8d9UkDVqlE4CdoiXFdq7BoinmTI+n69Jp92R8vC9PLr05497LGrl2kCzOEtw5RufMIBravi7K9SBGj9g6MGJ8Fw8hqrm0xOpXgEmn75Yv5o7t9GISbIYVy6cnlHVv3p+RW+VMGwcGC7\/D8E\/tusAAI1dhhSRgUnFFYFSAhbWAYsPLVL6f2ZAA68rnkVJyWqRKoLWS9t6fiygCJzsXpD9reclTF0ougyKNwzaySeCWEv0QML+Mc8VyLOsOYyTGjsuSAfPgnofr1U0FX0E+Zvh\/RvKsbWYAahJWgUlShdPHqEf+qR\/o\/pKADGNHH1h3AqhOjp1sxLJwUPyaG5MlbUXcKVh61M2C2gpAegg7EAaAMPjQxLgKq\/PP7MNzdJEA63NK8hFrb8ZkqIDg3piw43Cunv\/XwlxpJUPkgp65a0PBs0M2QTqbJUuWTg2V4FnBQVHNECBwZQ4vvIu0vJQqGvH\/1zLIgddrBciuHp1CsBXaHYMArE\/398PWRUyXJEwhjJvpcr\/Uq2id0s9SinNP35BTHlbGR301Q0vBviN5TCZSdt50xv+uNPxsXhH0qlx5d7nEbPjEt1LaE3rg6CTrMllJQv9RJgn1gkpfaOQCka2Oxa\/B3z4el5uj9l5KnbMyvg\/P2FuSDbdV0g3ONFCT1KjW6yeLDaOGaYVsHSACSF43ghrE5lHyI011V2XTfwRwthCTlThs8g\/780ycHMTFQxKocL33iHFGEvuHAXD1GwgQlFY2VYQPl4UylaE5WnB5+k25VUMulXxcNr9Vrlfv9ZQS5WGr6fv\/lbK6o+guHKYyXbUs\/gpwBFqjud16lcsgZL+rWu9vscuTUuStWZG+nCx\/6SZbSTD\/nZ7xafjL7TxukeSNLa8cdjTDxIBHS+e0QwJp7L36i0Jn33HjvSTZoyG4YNIg0PFii7jtuvKebpx1Ad2MDsC+Inwz4W+7FiI30s+aTiXOnwEKsi2Rvla0\/A4j6JEujop9WovLrEfeuwn9m4qKx7igLTJZcpSUUSSpzTCh0SHieWaepQl+\/WY4XaKtEBTPCGDH1Y1xQkC0fZv2v\/wPULChMHwxkA8jqK1+ntgDOWX9aH78LcwkyQC3fhQvIjJN\/zj3BUJpqROJBIiWV1\/owLBEFZXhl8JqX02\/sm\/uWY4H4jERLsn5zGEQkjIDgit3OfyHPsoVLm4OswgtlkPQbN2IXxNoNcFUwT1ffARs\/DtLlXY7vNEMgQg3FzRVLiunvO29LGYW7dLFc1U3HxByATWLIpVBA6SiX6sITCkjHO+NLpV37cQFSe9jAKO\/fmb9voWfNIdLzvieh8R7MyORkneGyzSqqUJhsc60hN5SSUTqEFaWPZZCGV30wCKl8\/4lJWmdAQZXC4VPd47njmoImX2HL9aH+gazhp\/2y3hvOlvHHPBMSupE2t4RF3jx9kbuVQCSq9osZktCArUv0ri0ZtR5dNz9DV72xERQVKh6U0XXmbmdXWVmw0OA7m6D\/q3NiRmIfYybOWSbQIatIdYO04QXBCsK7111IbYcEVX74or\/kfGT6eIISYtZHYWAXjPKfIrY+lUMW47gfW0LcohEMRBAUK\/jBCTv5rV4CdfOUUTqfzCQHxmMKSJdiDkoGJNJ4IvyWLatplgOPd4RDMYBVNuZILHQw3bWbpI5ynVbrCBaM\/SysRaZ1jDvedzcl2b+8fJIvh9PiapmS7NU6IDXTaW1NJ2N\/lM+2DD0w14cFU8GNPo\/XVSUVo9XrZPfQ2OmgPL9X+xhG5Vb78="}
02401{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649223,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOtAAFYGvBBN3q4UCgAADgsythIFf+1oyg3zkIAQAQTgjAAAAQEIChotFWoAapAXo34tMz4skfaHlYY\/ScNpDxIpCs+P5jEsNAxpbVkUCDph\/pBzMB\/LwnipjHQtHoSdK8T5c6F80YLV8r4yOc6N2BSayttGT02IcKpL4u7OmmkC8v9\/K17IrOvPSiKzm8IXRcVGvWLEe7mSpkbGXP8Zg500fAiD07gmzEjqDvcGQwae\/\/c+fT68j5qTn4EIMnlVV6K3u4\/YjaSNQ5X0kUrG4oshGwbT6lOr7qjrcpHx811m57vXMYMYdLpZlpYL3oCUJJoZmbYnALEOz0mDJkuefbnLwlSq1HWKxOP+GdZiMuM3zqBFAhRFpOw0wsHIgYwiLZnjgU2necxHkVHPeXyRvs7PXtFfjrsS9PYsP4dh+js8z\/HcmJYGR83xYLEXA4a0\/eDgV2ZN3mJ246foC2z7ESpSlbDC7rDC7kxPuL+vxgE1IJunPjOeZX8vRzrWdOhpseT6UBY+SivCjRALwumw8jaII\/0avXIXosCaJWtRKZMmdFQaTdoQK8gsWTQBoGt2TE2kZXnWB\/rApZxcgbQEyzgxgcTfZBPcV\/3V1jRhF4D7oaPJc9EpwDGnjV9Mav5Q3stag588iPoH2gzQBtl7pZHgOHi1XQcz5kB19l3w4lPjAd5YKvzqL2+O7HLsqkxJvCc9xdSQMeZIq61Xc8hUjm3R8ibutovYPhKqO94ataVUmAYrTHLBUiOgGFBdvIxrvTCmQQ9Be+7ybkUWeqSsixsDWzQI5UUaBY0MPN+FMMQYdval+DZSlnOiTbIx1T7PKkq\/0wFPkNyo0knB1r\/EsQVn2O7BFGfSq4gT9z+dYK0E9w3X7FjlS86WoHdTb5RRBw8xH8Fh7dSqdNJBR1IzH\/32Lu5S+67T0h\/5z9BRLTqqyqP5iwd+vtZ0GOkBYlS9TsOPdxhIjSaj1w5CC827\/kTX3P5CMBTKq5L34ltxCBEy4fxlNOgSgyr2c8CzN7W3+9q\/2lQHIwhVb+JW8Wui9hDMNU\/wujR5n32OFvwD2QHVeJRQHs166q6yxxlMKx68f6TXlexEhPC+g5jAK+iIE9t12iL2zbNyEIrU9BGVwHSjvi9dn\/R2rW6+XZTQ5m9I2MvRHE4KW0mfjS0Bbxx07TQtwhn0mE\/CuyZtLYMHn\/xUxoXUl6ReTcf+DQcD6PDQVb5u2Ac3XqIXomVn6ks7GOKGpAS1vo1sy9N9B92UnP\/Esv0qk5vYtzQGnayZMCdNm5iN7cXyeHDQvrsA\/syaRP23zdQSDJwkhDiC7grWYuL00L2z9fymp8OdI6qZlZmC5UP5erWZ\/y\/NATjfTE2lPIZ4CufAdTNaV+HL\/OENr7VzqlcUSPMJUpZe\/uPBX4hb5PTr2k79iqBn5W2bAOg7f8OUTsuGNCRx2esiT77WgsjtYMLWGohNp8xgnHEQ\/f2U+Umki8C6MAJk5V+ShBv27oPYtAaESwDy4i6pXIdNqgYbuC8tjYHTTxYVK5PLBUAnT7sfWJ9tNba8K7LfESYNsMZ2NEyYLSogogqOIBqX2RhGWFxZmcmNyMr+mipx2RqzLPtlvv8+kvPsAMtUmyl3amIiZgIvn8KvwnKuxavASbzL1yhnGFf8G5TIUTVmmJkA4hggxNpWmxxcPef\/HOamo4tsekfmXeSCur6ixMEpKu8xonqrX8ZyK9dEJzbc4+ry2K3zY5v+u6KriUQwOdDYzrn9xlIYWXlKpIJMaRT7Yel9DnXLtQGGVgPboCYRdqKv8AvtOJ6Ejw2yug8KSDGMadC0cnfSs\/SOYlGavKDGmtW94SCRgDE3gRafvD+c0eaoWKwQu9\/JSnpokqEi2gK8TdXJt5arUnG6ISh\/qG477G+d+KyVZJFRXyLBDKMJVuCHgdN+PBrPL2G\/4T28dATlQcAmGchVsj0We7WEFzT6cH7Ok7VBXgCxQGetulH4jjNutVlTNpowG9g="}
02400{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":649227,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXOxAAFYGvA9N3q4UCgAADgsythIFf\/MQyg3zkIAQAQTEnAAAAQEIChotFWoAapAXin3jI4ARKjVzLsHKHqf0eIbRIWzLABcT2\/h2G1F+6R1+NYd0dCvt0tnxxfqRWn1RYuahphiLQ4wktD8lNPU4DtXpNdlpqumKgvrZFXodsWrom1N8t6xryu\/E0m1Z1ql1ee+DLth6NH74VmruNLYD6SnIbzvOwjO0xPCx33wakRciHkq7RP5ztglIb5eBKAYKpFTqldfebbBBj2NzIkO09M5Li6a0Q+yGxmjFz7xt3wmahWpzenfF76rsuBEBdPOGn3cIIEo9V4GpW\/1Lcy2Y6golYpINKPuoe051x0p6EfkwNEgNTVI5PknJjh8DLQy+S+iiabNPy4Wuz4Z29sO3UcTbI0FXzNSE5+arxO9fGVzsHQZMzMmCpF9GrK\/B30GHG\/ZyHQhyziSR6y4xyvAdJ8nTfZFnUBURWjDzzHbLKGnUTQljhNTua44LZUkCPYPLvnSqy3oyAbMNEHf\/KaPyDv4qLw3IB7d\/2XNyxwUcZzNdmB1fwMvTAkHYUi\/uqnAjN1mXJltMT5wC7iN8jYNZNjPeE0a9hYlUtRfFiUPLxbpYYVapCnh2FX+Ctm8GX4fkqVbh9kSeGcLX9kJLBzDy3Uop3tSAD5xZHmhI9Q\/IPKsJ8jLCiu9IY8O4W0azacMqwq+e7GXbIKTziJnlV+q1WBdAYrxocVCNXeDGKmflDYMiuGvRsv18Jrf\/dTmHFWW1R1LuDQtpnQOev\/ZBOBXXD88wiwd8mSiCjN+1vRnCm3P5te+C1QJm4c9BezvsE7mVWhUpIyw2keZusvaHbIKjJv5qf\/xE+txjn2o\/x+3YZBsV5yTHUYDBHIRKiiAfMckqW2pwZZOXQ9IlIQYT5UN6o1EA4NhUw7oaR6J1NgSTOxxPFScL\/3+F5TDHrQg7TBZaLbbHXVKbpo7mvD36CLfqDYNXssdIEltIBoy8AZRd8xI5GQuI5gFP6Wjf\/3ooDq6WagIW4vzQx0UC3+X\/w7COBEw6kRpulcGFosgCWGhwgAMrtTSilcfPSfMq2VgN\/r6xOs3egY\/Ge42To0LGUB\/vnPYy3Cy6lIZ0jPqucO4NwE9iO1vMeB0CPQwGmzE5iKea01O9t8Wm6iirfnMI9eXzbKY1ux0ThzsmJTNJBFy\/WfcKj3WsWoJBBTgEtxjS1EqielS1GSFQEHjui24ubSBIaCgeQ96sdh3IObHf9FOqkiMIhh3ltxxCHP0Km7DyQzN3HJcL+xjpP3Ae6E+FFo7LOGrYSDbyWcNXbSISJHso+3Znv6YGWBEbXj75Ie69B+d1sZ2\/Yk1ZTb7seX02Fbq1BL4FhkImhuAJO+JnQ1p3pchczUOp8T53M507sNc5xmvei1IGViEBgZtci6UfQl\/2Te3fVdx7hdovgWOoa00R6VxsT2gGeWrcLix0CkBy5U9C2qUC07JgOdY9ysGZcGos4SlBO5NO0xM7t952urMo8OrVFsXvdL28d9XRtQJY7yQy60XKugdg1UYzhmSoQyRjNi5m9+\/V0YeBm1pOWdj\/gOvBNko29IxSXZuGaTEBFpoPFVWPMt\/gVGpFT9m2SwjT2XBytKEyjcppJvDRynyqUq51q\/MW8\/f9uSyn3Q06zJDysyVOgWA7ZmGxp5sxwT8\/Em\/M\/euPjOWONXGNQ2lnBuUlQbOPYhiFMwptuMeZck6Sg30qMH32vhZbKicNnkmDMnUCW3ChWQIe01E02FgtEwaDgj46+76jPfyR7Yf7epGBpMrhlj2Mh7rQWgjjhegI82Evg\/8nW64VVVvU15kEbexGTS0v4x8KcoGnqIsBK0MLIrq8jFQLhK6SQrGlhfZvEzJFlf+4TGr4C4UBx9AnZ8umxn2rXOXQCwiwqElsdIs8KReJMwfCYtUvdEmRNXmClaV+MEiWCDdLnx3HVC7AO6ywQjaBwA25YN6L96xFQTMRuEeo19Qvx\/8="}
@@ -31,9 +31,9 @@
00430{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":655766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pL8BAjLCGM9eF7izCABFAAA0sWRAAEAGg18KAAAOTd6uFLYSCzLKDfOQBYAaqIAQX+uwlAAAAQEICgBqkTAaLRVq"}
02394{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662177,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPNAAFYGvAhN3q4UCgAADgsythIFgBqoyg3zkIAQAQTQ7AAAAQEIChotFWoAapAXTPv37xKBkoPcElMXJP4F6GkLBpIwNvPUyhbAXIPXCxH3rsfyP2Mf60BHbSeuspLgDZ\/KA0RID2XY68rmNpCJj+1ifQEadclYnN9QraJ9Hk9mmtVWe4LhShrgqO\/L6UEo2iBw6\/hvVzJzWX9X\/6KszxZb23GyMbco0bUU61\/2zjDsTp7WWwO0eZWK+7yS6XZFQIajjf15D8hKQw4r75p\/Hil8m3+nJ6DaIx5SHxDNbcNODJAT\/uGSnovNzrmQCIXkAaj43ukrVXAdcVhDz+U409jOs9SBUNE8SeJ205EpV5+CG4J6\/yNfKdGED75RIUfsR57433WxaBIezraHpW38aY4eX84kX5tSqALijjwQaQ4GJ4b8hKqOhKGpjNs77PesVmEJrFTm8VixZzBOHQ77zLEDSVP8v4xTHrXKNpK+ZnWA9jaukBJBf+VaDBOxLsdiV3BqAneXxMsDzWW8u3E8GU2JXZjubG6DKFS\/tOnsOQarpWkt9hDAYcn7FSRgdyebve3gt7jHdSeQrTUY1dVzg5ehZUXUHqjX0r9C9i6tgABOQCim2IdjSaeV8hpRwCNvyC84rnTTvYotr2HcujGIUMJ3kfwQdSqhRfz9OXDyC6MX0adDDXV6JIjCkKCmfKs3uG6C9zmEUmIqhLMfEu3xhONN3Z0FBt+zc4ZES2qixYTgce0+UcZ\/rZq3NxqhdKqYguk+KFgDEVZYWAZSReWhUBdlNcD\/sLsSzSL4hTHS1P3Kkhyv8+FqHTCZR20ozKNMw7voSOFfi0hzNMNZ3DbqO6TZWHn9sdpivnCwEl9y9gd0+b\/3AwNoQ+DAdSEYmmUNqhIl5QezNikwirjGfA5oSXbTps7oT8rTnuaPRiOP6dYBe6IEhaHZcF5fB11Ok1GBo3s4Rq+mcGOTeb5OeTcCwCCgBLEQ6EqvMZWZTx8vy7MOMAARWCBSh3tNHOif34oMOskf9lpTaIQqCx8kzFSqnBW8lm2c2FMP3oj3MiVpZ1Pk0Oj9pI4c5SJchAOMXIE+mIDd7c9vxlb+TyRgzkrarmo1UFRee8+0DBTfrgkl5pxOvUyxkAX+ezFKu6p7WqNCMQ2XJrbEVJW8flwrbk2O51h3E68KhZF4oz5pOzlrC7yK9lTq+cdmQwDag4Iz6\/dy35t1GcC+GH+JXLOwIiA6l2E\/I+AR8Bxx6kKblK3TuhHrmOAEF0VvwReAMAxOncr0VW8CYRJKlSQCwDdE0qDKPYFToKkrO29WGtSfr0qfQDNOuk4PGAp6OaxVIk2x34oLtOz+xXds01bfe5+8VSie3cerqt\/aJQuFf9WPL44LmbvACsRg6JgerrcOsO0zz8hp3N5iY6u7RI9s7h1YY+uzpp2RLlUjuBKRL23q2lctRA8O9XaSEfCd4DfJITDxEtTqsxPNGTQYvBYMLMts8fxKM\/qmaFGrEF\/F2Z\/eVPygQJLn0T9AnmeomiQOOUdDyht5Mt\/fcxM16dRXlzqVdaKap4D9z63aJfjmUp\/AWMcMWJg7fUkBZTSB008KTAc+fJz5od9gZzUNjqeizGF3BIGR5EFdTFPpX\/irlzCphDdnQe7WrGMCD1wxlOeoTD+gh5mhVHwEBzDrYcryeDvGP+PdHrJZZAWJ1nsr2gqpDZVWJ2xVadt0P+h\/GDGfUod1FtVZBG\/QSDxR7iqJVl4KNOEvtCmld4Kk8gdRZZpB87TiKNJuW81HmI2hyNPY9Tvgas6JDOzbDec7TiryT6HZmHkq5GCRb4Tc46fJAx2ipoDbLdX75fyAA+QJwvEPh7hoIklnuh+MtZz\/9WX43JGNxqzEs4yHkBBuGVNHC9RTC\/amzwJSC0oV0Pb4I79iKSPPyAtT6fbZkQF0VFWQU0nOaW9Zmnw2CiH0I9xCDrZYeHB4SrTQyO7XsArVkw9vdLyyhhUjrUnnW9yk4\/o="}
02399{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"bittorrent_ip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492508991,"pkt_ts_usec":662203,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"GM9eF7izpL8BAjLCCABFIAXcXPRAAFYGvAdN3q4UCgAADgsythIFgCBQyg3zkIAQAQQ3QgAAAQEIChotFWoAapAXYNOsn7lwbwgXErTPWnqHh1cl69dM2t2JJ4jmOcSnHYWJHX3dJ2IbVMw73tm6RhzQ37XmqEPvCmoYGyw69iDhYe+2b9SGubuLVyPTiKywe\/C92yKYICgV3TQzuGAnNC\/RYvE6WsIR+06b6F73RqsePJ7BFhgzUWaPSRSnwtsFtQZXlwaa2z7xMucEQfrw7PBKF6JXxhAcZgBDq9tGmnnt79PSPtGLNwCoGbMr7IlTUHvmiQbEF0BkjOIR9CREqChtHEtror7tBdmyzgsXX7d5B2lnP069nRDIyKxRbrIULeVH7iCXxLYpKQROdB5VUppMlSTgNGBOudBdcGCUtuFz7GbqdaxJCdv3x2GOP0a7t8+cYW1nWSXI3h5O1j3rNIXpzd4IvdndVS5FlQfsTTt0QHE74QtLqR\/O7Ft97z7lEGWS+WEIkSGTwUtrEOrpfUQ35NdK7TUod30ErQjccBRXTnv5Fz2ZBQ7fNLswuq5x8uVHKtSCpVmNt0+dZoZpJpg6L6x80UQEpBZepgbu94HM\/dJ\/hEMASN3wCswf8acbuHuYkWQYkFbuzdM9DnyYfKkxFx10BMEagMOhdYdRFV4PkEHTJQz+\/Fx7q5yngGQE6bRZ\/b3IBWul9igmEYFszK\/5b04G6C7hyE5cUOqtsSsIIR83HaX18R+H7pG8Hr1cEYLzI2oQ4gAxsLpLe\/ohICfLM4tSUNx1kqMgp\/lRs20I0vNSDnLy0omLjYc6SXbtCw7iCv8VTGLmfl+qnKOieBEurv\/36cS17VqM90Svc9MGGlAKh33+BXHiS6f9r2\/esj5e5mSiS1NPpBFUHiOzzyfbZm+oMIhtPCRkolGkSDQwqVRhFTf02\/qFunpdTBFN7c\/BH76diOgZPz+Rue2ziTL5NKv+jalBU7QjPQt2Rxduaz7NfMLZu35DJYutzypJioTmqNrYv4J8mOl6\/FPp2345\/6IGrYSjpGmTAQYDlW0QDu5iLD9TbgSE+svxuhBBd6vr0OwxaoSQqxbOLedBX+j8e2\/O3zd2pe+PuV1KoglCy8DyvSIR8d\/rezcejg9HwBuiSti1u83wn9jHghW96buN0BVyD3FeqcAADooPtJTFw8lcNOsHy6jxEBZCWKwhMLzNsN4yHt4+hRIDfkC5AyA55XsGoJ1Nko4yOewoN+WrXd0AewLO8Du2bSHPeoq2jMtOxc9UESatwsvIjPOR197ghQiUhBJVrNSkpMcjrbhPpEutm2Altzoi8gS7voI5iEg+DtP07gnzuTSC76hE5AsovHX8knu\/e5XxbHehHyc7jZ9GPR1l7xzC\/Y5sOIMV+jNxVIhBuvCEE5JrIIFJIbkEJqYyxE069rUf6UCpadFw5VhkcIjwSDPMwpU6TzNZ0yCdQSByLwH7\/jCujElqw3o1qHEttVlgR6KOEG4DKVm3bhbS6lRjvllQIrcfsDxztiYCDEfVqHa72Hhx0Eds+y\/wQCyQdVz\/FHnq8iYyTf\/GePJz1H4HKfILJqqcHRjtuT2odIv+Nm\/hELYDXaBYO3em2jmCNUvruQomTUZoOdkn24MD9503F9rQtW1BPYGzI9w93UNLkyKgQbq9qk5sALPFYAlQMCagNniGZhDXD35b3Vc2qjebOGhcz\/Hk+cCAaNmdm5KSGQQOqSNZsyhex\/ptVCJl5FVE2GPnyqG8SJRuMLzuL\/LRO+DCGcL3j38PzGcSNZg+qMnrfekvZEhgQfQFT\/BRHDsUExwBRHOZ6pKMLEV0PRJYOCMsV8U9fvq3suA+W++1Uf9beaH9QD7PptNameLfjiupm4iKR80Lt9MJbVdbycEMiMEE89BlhXTY83Y4EG\/l4R4OgIiMo4SXLhlDNY9\/4MM1p2UwOwo4gzZmV520IvMBJmkQE5hkEeSP+hUwb6AKm5XmcfeBbn865ZYi7j+Oz7xF97U="}
-00589{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
-00590{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
-00586{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_tot_l4_data_len":36300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":756,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_tot_l4_data_len":36300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":756,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_tot_l4_data_len":267352,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1048,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00600{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508992859,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00597{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1492508985380,"flow_last_seen":1492508985594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":34752,"flow_avg_l4_payload_len":724,"midstream":1,"l3_proto":"ip4","src_ip":"185.56.20.36","dst_ip":"10.0.0.14","src_port":53646,"dst_port":35030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":255,"flow_first_seen":1492508991649,"flow_last_seen":1492508994096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":259192,"flow_avg_l4_payload_len":1016,"midstream":1,"l3_proto":"ip4","src_ip":"77.222.174.20","dst_ip":"10.0.0.14","src_port":2866,"dst_port":46610,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":479,"source":"bittorrent_ip.pcap","alias":"nDPId-test"}
diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out
index 63b3ca9b2..b1e568d66 100644
--- a/test/results/bittorrent_utp.pcap.out
+++ b/test/results/bittorrent_utp.pcap.out
@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00542{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385034,"pkt_ts_usec":843882,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1456385034843,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
00543{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385039,"pkt_ts_usec":236076,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPR1AAHARR3hS83ErwKgBBf3Jn\/8AcOi+ZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AbAuK1Rd0f1URppB\/xHRD5bKZTE6cTk6Z2V0X3BlZXJzMTp0MjoZ4TE6djQ6TFQBATE6eTE6cWU="}
00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274000,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="}
00447{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":274157,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"LFbcjDU0xCwDBkn+CABFAAA60g0AAEARAADAqAEFUvNxK5\/\/\/ckAJoYDIQJTAgb\/P19\/\/\/\/\/AADwAEnH5\/UACAAAAAAAAAAA"}
@@ -16,5 +16,5 @@
00545{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":747238,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+LFbcjDU0CABFCACEPltAAHARRjpS83ErwKgBBf3Jn\/8AcGQkZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AKNLQi81\/RCcQj+jdmBNANVsZTE6cTk6Z2V0X3BlZXJzMTp0MjpdRzE6djQ6TFQBATE6eTE6cWU="}
02397{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":805866,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"xCwDBkn+LFbcjDU0CABFCAXcPl4AAHARgN9S83ErwKgBBf3Jn\/8FyCGxAQBTAxD2SHQJ8T+lABAAAOf5Scj8LyukouNrwUcnHBaQa20z\/P8AHdLMNu2WZZdo9jx61Mq\/MnSVXq2PKIiIiIqkREqCICikREIiiqqIuK2Faz6fbus+dzXd1q9It9ttDyt2LCbJbJYs9CdF1xFJiOaAwo8M8oayXEFOzo+IFP1dXNRdtGgGqGm2re2HIpDt9sNzFq64iUaejM2EYOo84Mmc0StETZFHJE7\/ACeAwECbJTt\/vt3\/AOVaUZNedM9GsckX\/NrNbHLnkt4K2uymbDEVhDF0QROCIBeadJ1xFZbRQEkcUyRvn756mkPINsuPWTS+7XDPdx90ssKKdut2NSHzYn+3E58lW\/EDR+NAfIUbRwe\/RehNIfHQenrkm5SyauajYTrzZcolR5LKX2Lfrtw9BjSlNtHIsZ9sSZIXAfAkaadQGfbGItopHxfWlKVlX\/19f\/8Av\/RirVepjrHl+im1O9XXCm7hHutxmx7S7e7cSidnYd7KclSQC69uiMCfIKJyQITQ0FF+r0y7tOvWxzTCRcJkifIBmdGF2S6ThC01PktNNopKqoINgACP3CIiicIiJUK6EWxm0+sVrywwcgwPEgfVZMlx8uzg2hwkQnCJUFCNUEEXqAoICgiIinq+oprriupmGroNp4xZ9TNX79c24MezxmGp5WZUV4JEhTNo2WX2wbeZLsbbrAvE7yCBzVtdAdHLXt\/0axPT60Oe4iWOEjByepD7l8lVx9\/qRmoeR03HOnZUHv1T5IlZgbvNxczehuOk6M4xqvj+GaJQfAl0vtzuceNbprjBKb0kTcRo5HBuC23HFw23Cjg8ioP6xuNdddpGj2hWjzGdac7mLPlGouOvNSVh2i5Q\/NNdKW0LLkMGJCuxiYAicIuzykrfZPEiVrptV1S\/LTtx06zJy5\/GZ9yssf4jN9v4PJPbHxTPo6iicSG3k+kUFeOR+lUWpVr5LtNet1qmS48CRdJDDJutwYhNi9JIRVUbBXDAEIlThFMxHlU5JE5VMttN9g2oe+m+yNYNxmQ5BhsubNfiM4k1bEiyGoDY8MowrxksRoXScRG3GSI0AnFIle8i8\/Bn2H0st6Vsx+05\/IuOkGSMsFk0M0gzrnCdBh4WQlA2nmAWzktSUIG2lcbdURF5W17a6VnV6W2LWvBtfd2+N2SL7Ky2fJo9vgxvITnhYalXRtsOxqpFwIonJKqrx81VauBux\/CxrJ+5l5\/gXqir0uPwJ6Z\/6z\/3pLq1VKzV9TLe5p5d9Fc70WZjZA1n0maMJ+FKtisBB9rcGHRddMyRCakNN+VkmvJ2AwU0b7cVJfpvbpcq1gw3E8Jl6R3jG8Tx7EmY0POHn3XYN0dhqxEVttVjgCESo4XVHTUfEQ\/PhVS79YLaGbvL5pFs7uOlGmsm4BqnmGZvdStsM3JEeA7Eisp7YxXlJLzo+NvohkKC4qeM1aJba+llnOW6J6oZxtr1RlSLXfYTLN0sdjlTIz7MUiDzSmWXAcJSJxt9h9Gm1IURuQaoBd+1yd3m5y17S9GpOcT7d8bllNYt9vtHnKP719xVJQ8qNuI31aB5zkh4XxdeeSSqAaebLtct\/unEHP8AVPXzw2G9+K4Wu0w0+JxxMEcYUzisusxYzoiPHDfY+XHUcRtxDFeg2Aao5Ftu3aZHtUu+Vx85xMHpgWWbbkRxuFNbaWU4KKp8sirYvi8wnk6SR4Hjl0z1KpVSt8e\/7HdqGPDb7EVnyzUWS8UZMfOeqFbRWOrgyZQNiSoKEcfhoiaJ0XFUCRBJU+TXX1IsQ0M0O0\/y+ZZ\/iuZ5pZYN7g4XHnoJsMPtg4bj0jxr0aHsQCat8uGPAjwLhN8r6eO7nUvWXUfU7ANZ2Pg2Z27w3q22R+yuW+REhuLw6yoqKcNN+SIrfl5dJH1VTcROR4rcFuQ143Ka85Jo3trCRZLbijz1qyfKxdabZJXfEyZE48wjkUo7oyw="}
00440{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"bittorrent_utp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1456385040,"pkt_ts_usec":807007,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"LFbcjDU0xCwDBkn+CABFAAA2viAAAEARAADAqAEFUvNxK5\/\/\/ckAIoX\/IQFTAgcHYOz2ERRIAADwAEnJ5\/cABAEAAAA="}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_tot_l4_data_len":38565,"flow_min_l4_data_len":28,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test"}
diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out
index e847eba6d..1d04265b1 100644
--- a/test/results/bt_search.pcap.out
+++ b/test/results/bt_search.pcap.out
@@ -1,10 +1,10 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00555{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752225,"pkt_ts_usec":251619,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1430752225251,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00556{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1430752525,"pkt_ts_usec":284866,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_tot_l4_data_len":127,"flow_min_l4_data_len":127,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"proto":"BitTorrent","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"bittorrent": {"hash":""}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1430752525284,"flow_last_seen":0,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test"}
diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out
index 722854986..0fb91cb72 100644
--- a/test/results/capwap.pcap.out
+++ b/test/results/capwap.pcap.out
@@ -1,11 +1,11 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328949,"pkt_ts_usec":167396,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_tot_l4_data_len":73,"flow_min_l4_data_len":73,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1422328949167,"flow_last_seen":0,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328963,"pkt_ts_usec":915032,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1422328963915,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00458{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328966,"pkt_ts_usec":914891,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00783{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328970,"pkt_ts_usec":67630,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","type":351}
@@ -19,13 +19,13 @@
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","type":383}
00829{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422328993,"pkt_ts_usec":294069,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","type":383}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766358,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1422329005766,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00571{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":766854,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_tot_l4_data_len":122,"flow_min_l4_data_len":122,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00545{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767224,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANoAAH8RpGHAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_tot_l4_data_len":122,"flow_min_l4_data_len":122,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1422329005767,"flow_last_seen":0,"flow_min_l4_payload_len":114,"flow_max_l4_payload_len":114,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00545{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329005,"pkt_ts_usec":767984,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"uDhh8wWsJOmzR64gCABFwACOANsAAH8RpGDAqAoJwKgKChR+MFwAegAAABACAAAAAAAAAAACAABlAAABACQAAAPoAAAABQIBAAMAQJYAAAEABAcFZgAAQJYAAAAABAEAAAEABAAJQ2lzY28yNTA0BBgABQAAAAAAAAoABsCoCgkAAAAlAAcAQJYAANAAACUACwBAlgAAl1THBF8A"}
00494{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":765658,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"JOmzR64guDhh8wWsCABFwABlAAVAAP8R5V7AqAoKwKgKCTBcFH4AURfgAQAAABb+\/wAAAAAAAAAAADgBAAAsAAAAAAAAACz+\/1Z4mrz13vIlLHFGU8KNmBPwkXkcj0vpbAEOfTafYoZSAAAABAAvADMBAA=="}
00482{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329015,"pkt_ts_usec":861407,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"uDhh8wWsJOmzR64gCABFwABcANxAAH8RZJHAqAoJwKgKChR+MFwASAAAAQAAABb+\/wAAAAAAAAAAAC8DAAAjAAAAAAAAACP+\/yDAqAoKMFwSNFZ4mrz11boJ8TslJR9U5jzXLHEUL1R1yw=="}
@@ -40,9 +40,9 @@
00906{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":44504,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"pkt":"JOmzR64guDhh8wWsCABFwAGWAAtAAP8R5CfAqAoKwKgKCTBcFH4BggMgAQAAABb+\/wAAAAAAAAAGAQ4PAAECAAQAAAAAAQIBAKzqmDA5ptloyEefacEa3YZgJXJyrzHF9nOG+TK9vyBNPWeO9+lhySpNcxfS8U9xgOzjbnL4Y8XZDOAhiQFo8vgjxgbH1rJwvhKQMjpbB+xdMWwdAZVbqz\/DJLtziqhxnhe\/GeuuhoXqmlJ7RBS889V98vMqx8wmgWQ9IXwmnK36CCAZCauFy7HXZ0sOzDk9wNxlY\/eY\/72RK74kwLuFDOHXIPaNDAU+HsbXTmvlbNtFVnwHDJimGDggl85KsTO808\/4PBQujPnd0LudLsXt0Z3ZQQ7ZfuPbaIy4ykb9jPf8UlzC+ettkAlrxmevD8RB2ZeTOWIDYXnJFAhBcldYXJQU\/v8AAAAAAAAABwABARb+\/wABAAAAAAAAAEBV91YC49Abw+RBYmothQ3D6tqvTueKPrWukdB\/wh0UtvIy46qL++VfDHw4siAWRqqz+G6lxJZxWYAYP9VmMLsC"}
00527{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":178283,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"uDhh8wWsJOmzR64gCABFwAB7AOBAAH8RZG7AqAoJwKgKChR+MFwAZwAAAQAAABT+\/wAAAAAAAAAIAAEBFv7\/AAEAAAAAAAAAQM4p0S2Be8BScJ9\/t\/V5ioLrBk4kt01aT9C3ULVTwKotu4SpBhH4dYERsQJCgfQ\/FU95FjFjz1ipPTEr6AwbtI8="}
02374{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329016,"pkt_ts_usec":179779,"pkt_caplen":1499,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1499,"pkt_l4_len":1465,"pkt":"JOmzR64guDhh8wWsCABFwAXNAAxAAP8R3+\/AqAoKwKgKCTBcFH4FuaeNAQAAABf+\/wABAAAAAAABBaDmAzlxG66QVgkbosOGeUT5ktnM5kdDfqf0y4vZqHLD7ovzkRUa\/ObwOn6cYo4k9jzJQ6DMeI\/pr1EqMM\/AQirdxUjnphrCvlQhnglSCjmfZzINoGTcU87gocQNDgpypIE8JUFoPssg9PTkH\/c3zwNhbFDYvXQb5W2E\/UgYlVhikkkuN7d5FHT1h0PeLAckT63E4BEjFCelTVt6BqW6m+hq2vSZVEAcyoPuCMfD9z2FT7q61X2dcy41n6xQXr9OH6n8GWB2KblI+G0rmxzqC8DI9godC1JS8pBIRoI6yzZ8ZS9awHZUGf5k9fPcqxjjWL8J3dVlpkr4NzoXIBBCutVy\/5vfl8TbznxfTj7WziOniRxi+Iq24YaWL125+5UOOq8f\/zrftURrKAA9Yj2Do9NnNzE5h5kjOYFgZ+vb5vHA5W0IReEdYx4Ttsa3aZgoDc8QzeJSD55fLryL8nFdQW\/b6jHH6AsD4puPyKK12dCPsGdGbM0rMmFmtHOgBuJC72YtzPoNLKkVvKEEFgOYXK4onfbLLKAyWFvDafHnW9r5C3b5Hp3hbDLL+oxzlyHTPIDAPJgIAlLPTRo3Ma\/DHW14LsIx\/VRbCm7RVOZmzsVJYRDxf4n6K3aE45qtE58Zx0JFUB+yaEU6Uj\/iU2otshPCHbaRI87l9up85Ubwe3XRpgWSMtBZHZa0OTK3JIBIpMREShejSDLyKY+DnnNAoUnP\/7Ql5GVRBzZk\/QVy0u5lMSQSRMOF94ZXmpkkPdAxOlTVa5Ctro3OB\/WgmXbqLn7CLEawsy7i4OEM\/WnKUNDoB\/sO5hI3jAZG1+1ahmYqcdB5eVTkc\/fiuQak5G6m17muwaPWb3w3U6ffihNB1G\/0KZWCbJPI8oYBb0LrUG5\/efcDg2u6A5c6z774+yc1\/G1e3ie58xZUTJFwWoktEOOpYTKRyabVbkMeOD7fdal7VKbOlqnYYmCEVwynq2wyezZ1CMOPW94YDVkf9vO\/iFqRI0nrMAH9iiimfMD1bugFELyVDn5km63nh6nOyWmfOx1z6bxiiUOKFS4\/LYzlgovSdTCM8U2xFzjpasIC4XBo17pikTq1YpFHF5ZEsHIKa\/37lNcuYcn47q+wScm9i2IQ9kaLjI3mzMEOOGATB2NXOxfmV75qrGCBqw+Vvo6eIc3exWC558ll1oubhh1ajMKghB9wTXibG3lNkdb8gCKsGZk8MgR04ly0wrr4EGlv+gDQHMYbQFOL2eFlldKmVreEcLLGnhaPdMAvCF0UtdldbMjHcpIgbn3EL939HB28U0hOygU4J7S2\/MMCVwuQzKSqORR33idf2RynyvJBNFqpxMSGo5SRry4yCVsXD7xhGcMeMxDJrv4V\/mVkyRARl+R0jDprQYwEPdJgtt2PpqA55\/mcAcdAkHfuJZgKlQ0Vlf8nYtva9l84XhdZddmXlNcAXfkljZkNXHOqwQvJAmkKnZddci10scaj7OfU0sWlnTEAc5q9WHUiSun4sWxeKZdsn7oBUugugaesjlM5UNVUMHW7Rz3Hj21EOdnaCUQ1G\/mR9\/uiB5C2kdSvnpquEg+\/Cy8R3v4jrDoNBgsWmikv9GvL5Sji8foVqG1EYRqL7KnLdfHl1zk9SNomSEvntwoUI9eLKpsc5cMHQtnlUpcdXNGNQLDXqqgxXzEcgm0eeHB+NeiAFESghJEIkfRhFrs+0OKNHIYfgp+CHzYezil7WJPa2xzTS7eevs+L4+qJ7a4yO5C4SiGQBWrT41vsY\/uwuHHUJowpcu\/9P6pD08V7adBfe1BFvL9hq0zrk1iIJiI5otDB0ITAToyjfxx3j9Zlg+X8cBKPfE0XET4RYDNMr955aHBJz4dk81Q6TxnUQy0j2vAOsfFaxIbSJi1RJyGKlBZaB9mMO15X8SnWAVEtMz4="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329017,"pkt_ts_usec":533285,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"JOmzR64guDhh8wWsCABFwABsAAFAAEARpFzAqAoKwKgKCTBcFH8AWAAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFKDMU3RsAQJYlAAEcq6fyE50AAEcACwAFJ\/9UIA8C1d0="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1422329017533,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00619{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":33268,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00738{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329018,"pkt_ts_usec":533282,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00542{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329019,"pkt_ts_usec":33154,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"JOmzR64guDhh8wWsCABFwACJAARAAEARpDzAqAoKwKgKCTBcFH8AdQAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFPxZ83RsAQJYlAAH4Ht\/dIQ8BABcALAAFORP5UJQCtLDdGwBAliUAAfge390hDwEAFwAsAAU5O8ZgngK0sA=="}
@@ -65,8 +65,8 @@
00572{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329136,"pkt_ts_usec":181810,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00818{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1422329141,"pkt_ts_usec":909488,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00147{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","type":375}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_tot_l4_data_len":98,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_tot_l4_data_len":524,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_tot_l4_data_len":56296,"flow_min_l4_data_len":72,"flow_max_l4_data_len":1465,"flow_avg_l4_data_len":259,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_tot_l4_data_len":28020,"flow_min_l4_data_len":59,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":394,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test"}
diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out
index 07634098e..9bac9d6fe 100644
--- a/test/results/check_mk_new.pcap.out
+++ b/test/results/check_mk_new.pcap.out
@@ -1,10 +1,10 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1512031663734,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734797,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734824,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="}
00427{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":734985,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"}
00448{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":736952,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8soKyPpERjIA9qTsCABFAABDXtNAAEAGkkjAqGQywKhkFhmc5nZuqQJO1XLoOIAYAONJzwAAAQEIChZRXJ4rDGs\/PDw8Y2hlY2tfbWs+Pj4K"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_tot_l4_data_len":159,"flow_min_l4_data_len":32,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}}
00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"}
00786{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737054,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"8soKyPpERjIA9qTsCABFAAE9XtRAAEAGkU3AqGQywKhkFhmc5nZuqQJd1XLoOIAYAONKyQAAAQEIChZRXJ4rDGtAVmVyc2lvbjogMS40LjBwOQpBZ2VudE9TOiBsaW51eApIb3N0bmFtZTogYnVpbGRob3N0LTkKQWdlbnREaXJlY3Rvcnk6IC9ldGMvY2hlY2tfbWsKRGF0YURpcmVjdG9yeTogL3Zhci9saWIvY2hlY2tfbWtfYWdlbnQKU3Bvb2xEaXJlY3Rvcnk6IC92YXIvbGliL2NoZWNrX21rX2FnZW50L3Nwb29sClBsdWdpbnNEaXJlY3Rvcnk6IC91c3IvbGliL2NoZWNrX21rX2FnZW50L3BsdWdpbnMKTG9jYWxEaXJlY3Rvcnk6IC91c3IvbGliL2NoZWNrX21rX2FnZW50L2xvY2FsCg=="}
00428{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":737114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwtAAEAGbg\/AqGQWwKhkMuZ2GZzVcug4bqkDZoAQAO1JwAAAAQEICisMa0AWUVye"}
@@ -16,5 +16,5 @@
00429{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":739142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gw5AAEAGbgzAqGQWwKhkMuZ2GZzVcug4bqkDeoAQAO1JwAAAAQEICisMa0AWUVye"}
01104{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":740312,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"pkt":"8soKyPpERjIA9qTsCABFAAIqXthAAEAGkFzAqGQywKhkFhmc5nZuqQN61XLoOIAYAONLtgAAAQEIChZRXJ8rDGtAdWRldiAgICAgICAgICAgZGV2dG1wZnMgICAgICA0OTQwOTIgICAgICAgMCAgICA0OTQwOTIgICAgICAgMCUgL2Rldgp0bXBmcyAgICAgICAgICB0bXBmcyAgICAgICAgIDEwMTAzNiAgICA2ODQ4ICAgICA5NDE4OCAgICAgICA3JSAvcnVuCi9kZXYveHZkYTEgICAgIGV4dDQgICAgICAgICA3MDM3MTc2IDIwNDkyNzIgICA0NjEwNzE2ICAgICAgMzElIC8KdG1wZnMgICAgICAgICAgdG1wZnMgICAgICAgICA1MDUxODAgICAgICAgMCAgICA1MDUxODAgICAgICAgMCUgL2Rldi9zaG0KdG1wZnMgICAgICAgICAgdG1wZnMgICAgICAgICAgIDUxMjAgICAgICAgMCAgICAgIDUxMjAgICAgICAgMCUgL3J1bi9sb2NrCnRtcGZzICAgICAgICAgIHRtcGZzICAgICAgICAgNTA1MTgwICAgICAgIDAgICAgNTA1MTgwICAgICAgIDAlIC9zeXMvZnMvY2dyb3VwCnRtcGZzICAgICAgICAgIHRtcGZzICAgICAgICAgMTAxMDM2ICAgICAgIDAgICAgMTAxMDM2ICAgICAgIDAlIC9ydW4vdXNlci8xMDAwCg=="}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"check_mk_new.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1512031663,"pkt_ts_usec":740384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RjIA9qTs8soKyPpECABFEAA0gw9AAEAGbgvAqGQWwKhkMuZ2GZzVcug4bqkFcIAQAPVJwAAAAQEICisMa0AWUVyf"}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_tot_l4_data_len":16910,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4128,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test"}
diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out
new file mode 100644
index 000000000..158750860
--- /dev/null
+++ b/test/results/chrome.pcap.out
@@ -0,0 +1,117 @@
+00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620902507870,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":870345,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"}
+00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899110,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="}
+00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899217,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbUERLxUu4AQECxZJAAAAQEICjN0klQ6mxVS"}
+01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":899556,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuJAbsdWbUERLxUu4AYECwCqAAAAQEICjN0klQ6mxVSFgMBAgABAAH8AwPXeqDyUs\/4\/4GpyC7cQmIfjIDYOwMiNhyWri8r2nhJziBwlN\/eL66WXpAzektMXIQLhsqrrKWrh6bikEQBRa52KQAgmpoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACA68Y2Vy4YgXwTAo+K4xouQJsapDvYw\/iCmjTHqJSW2SAAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620902507870,"flow_last_seen":1620902507899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":928884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aC5AADQGT\/mSMDoSwKgBsgG7+4lEvFS7HVm3CYAQAfplMwAAAQEICjqbFXAzdJJU"}
+02374{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":935852,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaC9AADQGSliSMDoSwKgBsgG7+4lEvFS7HVm3CYAQAfqdbQAAAQEICjqbFXYzdJJUFgMDAHoCAAB2AwO94en+BhMsHaREDHoXYfvyRWdvCf8e\/Agqu18UcRXmUCBwlN\/eL66WXpAzektMXIQLhsqrrKWrh6bikEQBRa52KRMCAAAuACsAAgMEADMAJAAdACAjITGqKUQtwsE17yP4VuaZDUVfbTm5qZHgcQ4tr2o0IRQDAwABARcDAwAqzmsawG\/aetzyLO5Vqmctg3ohQB8GpO2393UqH\/ijkooYM0KZIfrc5f2TFwMDC+GAJ7D3lDf7+5CbVftWbZJPrzLcjKzCoy1E7j3t7QqMy0mqGXwKVdo1oPO9+DxwhRaVkECaMJYSdiipZhQ+jqfXamoALQcvNKYnYmaW8pvMC2kZ5+L0vASzGAajEBBo6XYuR1PNjiHZv4mspEACkoo\/YFqOLHdqd12ql5+W5GmCsoxMrpAJXDL3KB4gB7qEMRTmBGOu5ta1PBWAn6CbrhDsExjyDAq336pfZhWtLX2bpkqsaNSqf7aEhh2JkR1zxiFak0FFizQ9vFBEJkULIC7JmVglg7UZgFBVgrHjjOFdwoZxoZy8uK0dwlOYBwlXMZrLjqAdiVGBPngPgdb9TB0BgX97UzPVvUfW74F2hst+k\/IacarJwmtarxUqqqgiSPrCHYVLuQRpXxqibYjV3dG6ksPMczqxfIVatbhWYs0jg22w0YSLkgTMGdQFihTArgps51WTP4JS1q\/M\/pccm\/1MGM8qmfr1518gXoMRW+PSfCqxUAAdMZz7B\/1fGDurgxBzRC8Xdh3D+3JRS0kd\/4QsVfSnTgFbpMkQD9Usp7cyLOxf2BvDH9kw74xV2Et59rH33\/x6ezl+Nus7T3UWBYEC\/lT9IWD8pfniywAHMhK5HdYbKMG7DW5mrcEQgvSrTymsav2qf1OlrzNLzFfNuA0TUZ3lEMTa+9Qq+jw4Lef69Znlkm+mJKBiY9ZswMemsQ37gsMOobBo4foPKNWuF54kZtgTzmy9psS+BBETteloXbAk7AYShI6J95XYhMw4PuW37QB3zm8vi6TFmAh+uxZKCXT1G1kn9y+BHMdwxYShTyEozBvwc4OeZlJHEC9\/ROynB6Bjls\/J47HXn40mSaYHCbJBYvyDoDrAydxE1bOqlnEChRNVOMHQ20Kd8+\/Rtt80\/sAsoFc4\/Bt1uufeA4CYV+kReTGbc5BeNSacrg\/Tko5C+coCRdV684Yc9yOO2BpCt2+BDMg1paE+yP0sSAnV0k5jR9Ik5HrSkClobI6AgvLfvRXo6DurI\/ErcG\/ikt9\/PJxo7w1F6igFv30diYkAVxSBB8DX7NDEJ7GaIH3zBWXlpJeeM1Pz5k9DqKzxL3VGhg66sGg6wesmKbPkzN9tE\/QKLGG7OSoWM48QJcuCSdAOKAWFpxzwnolalhMp1qEexzMEHHygHJgdEwLY4FtvUuI9ukrVNrQsQbpfT16gXBCOKcNfDdS90JDiZdFcdoGriHuaa0kqETueBqMOJvmj71\/vjaEyUPtblVcJ7fK7hgjqETTHhqVbiJe6ZG6Iuvp8B5NCFwhOtmKJ99KRbIZ18mOoVPgdhiAWi9Gv3wdCD\/RedRBIZSnWDQwFZqiRrZClM9\/lqqvTPGmTtNpRPcTLFcA6O8BMsUK1XtYY5us0j\/caQy++ONAzO8WX9THYIHZ9xieDc9FrP5Jh3sXIGTlxVlkcdlaegJqeHVp3uznPi6m0ovhZq8qGDcnsr5sz4QZ5TSahFUpT3HgPGDoJBOFIJMaY4i++XvBnsHMcBtEDjCy7Z4iMti42qoaRsE3EB4CfwFimgKHUTSsEBAF3WXCVdcWEyItkTaJcCOZF5LTh6Owy4X9uDBmBNWEU04zQnm4ymvoe2NIbjspeCyoTyXOgstQnmKix7VHRFIdrXtvnB0tu+TcayuupS1RBCHWkq8axBS2Svuim"}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620902507870,"flow_last_seen":1620902507935,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02379{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936064,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaDBAADQGSleSMDoSwKgBsgG7+4lEvFpbHVm3CYAYAfrPkQAAAQEICjqbFXYzdJJUxjnsEbtL0BSIlnJfN5llHlyTsAFqVh8A5zI0ut6+NxtbM8\/imNL6xaNRj8wcfMpnQCZDQJqgG5xXln\/GYBEoWhlxmhyWR2Lpm2x+R+1HzABN36m0RPa6zHkByFrfPTdNF1n\/LdNDzBAmcjK6W9KSmq5AKzqGONS7vhOIiB1JR+fJrUIcZItAFq1cUhxWK59ewK0UJfgQucEwNa1HUqaHorXl6LpeRUWnCavaQRYpKb0Yol03cXIiSUyGcr9bp8VqweuiYKxQmon3GaEl1IPZlBciTXuXxhovi1UkbedPbyukWRaRGXLmmpwkAoBIlSAkoLE88GDYNi2pq3p3vNP1xuAJxELyBopLvkElOX234GFq95rqtov\/FtA1mGAIO6oB0o4PIv8yW36RDrCKnmdyOO4yk7H1tChzLPaFGiCPEM5j966CgFVsIIsvoYdK9F0B0pRUyb4kvGZ6llm59XAp6TsNjbxEynBz\/wqPMSnevVAwXYw3PFBE3fKJJnTfxq+lLO716u83o4EOY9hAF4LNMPn12c9va15VbGSUXY7vOKM7FInDZZzHKSq07PyrelmKDPfJoqanGRTRAe9eZo8iwh3wnS2kbEUZbexYOdsmt9D5e9el\/NkPCRDGJbb0jjUYrqo\/vSg0DqrvvmsMHZiA+hAGHAKBg6Sv6HrnxCB4bYQqvuWNBKGdnWBf4BS+JS\/+1aHVuud+RsvxyGKhHUPlnDPedQxrrjQuYS\/xXh76tSB0cJhtaVqjCQPr3R4UppNHNEyqtpVbQkpxz87kBF1VTjsFAuWsPiSvUwn1Tsr2dIVWlhEPuKDcy418n3ooBSfbjc5dkJhDSIr6AYZ8gtBBNXT8U6SYh21c9TR25nbRNzRycbMi\/Cq1BnU7KX0vLGvRSMdvx9nSDuP\/tu2OIWSxWOB3HbapMll1T3fksa6m904w5Lv0r1inIfvs+UQkAjMvjzn8oAl4srRc4MGkcpHj3glUNvvwuRLKOqm1FT\/zEaFPNCzOa6zlQW+FLzf\/Fmt3gGJn4MFAbg4CpU7RfuIxsWou+rIpJhounGcNi+d9wfezO5Vuq15NauX8L01ywbdnsO23XFfyRE6yqHXHji6Fp+UH\/RvTlwYQnaCAFkIxr4zKl4kSg5XI2XTAwnc9vQ0COl2Qxv8CWjWdtZ71yopUjCeLxrqKPkj1PJ139rvqP\/FipAZxVB+0R2XE23\/ocNUo3ESwwmL7sbAOSy7s0JJMguQpmUjN\/tN2q1f0tqEEqYqkKMJfpSYga4dOjVux3AMmj9RJqT1SDK25i9E8AICnBBg1iPi8JitsipwnnUQhnRXfZbvPCimsPJIcp2Owk02TUqxCVRut\/W08O1ARKahLy5Nn1R8s58E\/c5JJk4jczYkk7NKFkCvqf41BYaM7eoZkv1sNI8TuQ5ETcJxjwxJWfM05KFnTklcexo8qROXA4Ny597ElNO998Hyt0D5QOnARRZF6ar1ko9mLrHdCwOuRntY\/nXsZyfARKAb2QV65iw1t\/\/Lu\/Azlb3IsM5i10Y\/NdhUh1yJNfKfKsgddusEc8GDs1foMVVoyBP07xklhg43BJV10X+EYze0XppvQgl9EMtkjHHjgABp0b93gmvKoFqOMmnvYN0GhfyrPpAgu86hU3R\/j2zbHTlaffiqjk81phGAM9n9jcf+jAfDQTxPoxdWCEbHijPGwYEzZbfyfaDPOQtc4do0wGjkSfAWpidTVO8UEUUYTrchhZ7RAjk8uVUfT3wM7+HFLjOqinBbmhuVzg1W\/WbexrXsn3Ep+uGE0H11zbesVR9EZrQyFQSCBos5gq+qFbei31jyAf3kTRd2bWb4oKGzcM7QJw8\/t+es\/6z\/67FNQQY8MS\/22IN4\/niGlxRq6Gib+4q6PSmwDrDzwyMbBylLsFjWt6\/r5kDG5"}
+00421{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbcJRLxf+4AQD9NL8gAAAQEICjN0knY6mxV2"}
+01378{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936563,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2aDFAADQGTTSSMDoSwKgBsgG7+4lEvF\/7HVm3CYAYAfr8fwAAAQEICjqbFXczdJJUrRs\/wAnOAwB0z9pBueElFo\/1+aP5LiCKNfUyYFj26EkHhPq5SToROb6NhL79EZujXALq6g5v3QBFRE9oec2aPqMlCxswjZKq3HzLJBdKax6Ibtq8cLlMWV1BP3UJS5L7PS8I32g6IPKoB\/VTujst1E6shKTYOUcEdAjPgbQ0NCCXAOSvOl+j+lTVWs5X8hUZP7RtdEDb+n7FIrxAK5ZbyLrfvZ7MUbYR9Ji11n4ylVmnDKLd0Yd5vYWaX1qtHvtgbCbFCLBF17f+kl1LlHoIV6v1G1kanGviK0CeeDuiTzBlZq0jFwJzfddaTsM9C4ufpn2mRaCZ0AEDlVjnOq0VAtL5mDGJ1ynQaRz8RNwGXCYO3OjnJAW4k2S0sos8qbibm1Wzp8jeu+JkwT7hUJ3UrNiCBjJEPMO8VKHG9rsdNxzLr3YaflHmOytJ86qUhikgMOW3\/+RxFTYbNhcDAwEZoe75ck\/1kvpV4Ky4TDeZEzI8Sx0nO3B89o9+WmY8rLylrT4OjdkhyUE5msw01syko4jXlGBQS5\/Xqk9hl5kV0eq9kbSe18XAFpD0GGpwQIm\/NrSVBmah4HXlXXrYTR7GWtj6A0WuDCq815VoW2eqM3axe3RFeIyduPSJJAyLMczTuFXB6iNTzgSoz6LauTCA87n8LUvcDcDDo6rmGJEZ5+JUq6bVah\/CadC1yBKCS+GBlN3feKJ0pirWRh3fzJyeaJOu1HpVccsRFytNKqmL6XK9mWr3OdH6wrr33JwAF6QN0RgYMQXXI2C72jspgbBrpTxaPJDQ8kSRYQHsk3UZzwj1kJTqqSBOLvWjdHegWKDSiGJ9tk1yKxcXAwMARbf\/Acvdt4JoOJUI2Q8koVq998pnmtWTFr2Gf2cGDSjaMPsw5QN7i4bRE6rMjPOWraHUJzf8OOrKJGLvL5FrpvdjIy2DSQ=="}
+00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":936591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuJAbsdWbcJRLxivYAQD+lJGQAAAQEICjN0knY6mxV3"}
+00538{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":950183,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuJAbsdWbcJRLxivYAYEACzrwAAAQEICjN0koQ6mxV3FAMDAAEBFwMDAEXRNba7gobRuv\/jJFxV6kN9RSerIVKTWO2RnkLfSs9d8RPhLqAJpt\/sOqdEZUU0oWmlSvbZ2wfxBxXk5DS\/Bs\/k3B9gI3M="}
+01441{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":950505,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"pkt":"EBMx8Tl2KDc3AG3ICABFAAMiAABAAEAGqTnAqAGykjA6EvuJAbsdWbdZRLxivYAYEAD9tAAAAQEICjN0koQ6mxV3FwMDAumXZF1hXlxiT9rAsXFIZF6SZ\/Rn9D8dUZaSs0o87u5FtyEoT9ZsbkWjzaiFuC9cXOijUCzl2zR7A2J0TQsovpPaJYpRp0oNU\/fwce9UGGzrELO8ULmZcXKht+paXgVKHzJjAOSnZZiV\/KUnc+J4VgfkJtSkZG4e0eKVG+KrvX9e6XFtZ9xcB7b93B4oSOF2CnbyJh7S+LogdNxtoVz9ahDiKpmSJMhekbneeIvjq2dul1UCCCa5SuMftWAEbTnxef7Ynwea6CqAdJ2vOylJOlr2amu07qv0epDw4fpYpXR5JKhLySF\/OMo1W1HCn8VZEt2SSTlwQSTq6d58kyUIRBE0h\/osR+MghU\/qDttbJPlAGWmvyxHeEQTG00ty+K0uDtBwpHMFwFOiBFRz+DNPmQjpN3HZBtAz0Qks4TZU1tEYSL+82atKnLzv4WlQ\/xsaH21WbjiuUG0T6y2d8m6\/4zlzPmcoJl2607F2KBKeZ9m920EwiTzHF\/hGh\/jsR6iPbcEfA9EKi4RydUFQ7ff0B\/9UCal33xyImx8mD+qp97nrZKid08pfKpzcoRUY7Q5Q2dAxAO2KWh4I6NNRYaINIi8BUUSoNAFLobDIbkXT4V4VKZKxTwdYyABKIUHG93Ns4nXjjpbK5shfusllM\/0InCXYDCq3Z4vxgDsSE4pZIpVU5GGPO4QRpZmweTEdfL8hnmtQV1PGVLX89RWt6FZRt67TGBUHuJR1NZafNj3uILXR7cqEuxTRyS25siu6QYK+uCTEXRRmfDhBheAlc4DRZb7KqhonKiZ11lOUkAAmapb3ab0nqwi4mlw8BTgb34eFyup7ZNcTZG\/mMbkD+eIVVGwKUEgYpE5dZHsx+Lq\/3qgtiBiIrwCHWNz3tJIyzMuB7V563pcF5OfhCC5wRdr0ekBO4G2o6Py85NFB2bJsXX8R3YtYmjAA3dE41d3\/bjAHsIXHnaFUgW3PoqskncqmomBm2Td5IjXBGI7N"}
+00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDJAADQGT\/WSMDoSwKgBsgG7+4lEvGK9HVm3WYAQAfpWfwAAAQEICjqbFaIzdJKE"}
+00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":978873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aDNAADQGT\/SSMDoSwKgBsgG7+4lEvGK9HVm6R4AQAfVTlgAAAQEICjqbFaIzdJKE"}
+00834{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902507,"pkt_ts_usec":979058,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjaDRAADQGTsSSMDoSwKgBsgG7+4lEvGK9HVm6R4AYAfWIxgAAAQEICjqbFaIzdJKEFwMDASqu82MYOF7Ocu0N6Rl7HCPMVxYJ0Yu4+wefoeMAmbRYZjTOJkRiwbOdCfASWo+p47ayCLCa8qiZPOcZ3x98ClvtFFUSN3056CfnE6+RJ5K\/RyQvU0Cqfug73XQD0k5hNEX\/+hMD5+TMkYmeIpGVbnZEbhaVJrxMfumjrcRrjcuPFwcolVrTo1B7hA3S2yKMbJ6iUBoR7LS6Ra6MivUODlXDVvbhLq3NFifyUpDKDVM2VRwESUrIhKnY60KryH0Va3TWlzar7hL1OJWBWTy3n01IH+oJQStgKurFFksiT3ssfVcLyUlprjWO9ht7\/g1zddPPREF05oXaQ3YfB+aSxgHz3\/HQOyjoohrMsbaXLpxIj0326qtEUmfxrHgP0dwR0asUQmHul79w29Qa"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620902508740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":740717,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuKAbtgbcSnAAAAALAC\/\/+8\/wAAAgQFtAEDAwUBAQgKM3SVkQAAAAAEAgAA"}
+00435{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769205,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4peZebaYG3EqKAS\/og23AAAAgQFrAQCCAo6mxi5M3SVkQEDAwc="}
+00422{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcSoXmXm24AQECxT5gAAAQEICjN0lag6mxi5"}
+01284{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":769889,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuKAbtgbcSoXmXm24AYECx0PgAAAQEICjN0lak6mxi5FgMBAnYBAAJyAwMCqtk1wgF3mmHFXReI\/INqovtCWlLQ6UL0XjDl9ThBTyBFEoSZoVggbsz2GSx\/2xqlntevPGmCQswE\/y7Vr8pzswAg+voTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJWloAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACATE3e3OFsrXs0GvT5ceuP9pkQHg+4NxHatNUTRuXn\/LQAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJKSgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygBngBlIoyGbwAmgLDQpl5tkcwSk5CG+PkofYG3BR++\/05URLCmQGIN0IQZ3wYvZDIPQMaT5XV4vgN\/p08X7Xwm8dAHtBI2fhXt28FHYxsb9XJq+8hOm5sXSXLGO6GylxYnyhIfh\/OF0m2pK20c0EttaG+X3xopJYhysPLovAxdq5OL5GeDqW0fQEgKWN242uqonFBbxnO+qq2JLFeGMuG8av6DBM+Qo\/PTS7rThi4\/wN+hgwtddmcHTtBzYRgMCZEydI\/48AJXj+BvvB0P4qgtNLv2ttlF\/gO+w5v9rup2LAG+TJEsoGQLplU0t0UBXZMYKeRmkAMTBt6WqitMghRGDh1vMPhh2n4xwuiB1UQQlCdhgcI7OwWsmMdWaBHOR6DAlIEwx9R8o="}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1620902508740,"flow_last_seen":1620902508769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":797588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynRAADQG7bKSMDoSwKgBsgG7+4peZebbYG3HI4AQAflffwAAAQEICjqbGNczdJWp"}
+00777{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":800346,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4ynVAADQG7K2SMDoSwKgBsgG7+4peZebbYG3HI4AYAfl7hwAAAQEICjqbGNkzdJWpFgMDAIACAAB8AwNEvGNnKlFs8rmia\/9733xHKqrcA43HdYGe+N5e+obMDyBFEoSZoVggbsz2GSx\/2xqlntevPGmCQswE\/y7Vr8pzsxMCAAA0ACsAAgMEADMAJAAdACDM1NRtnCzUR410ICWHD9eCVd8djufKQuKceuW1g1yXXwApAAIAABQDAwABARcDAwAqCYF7vx0P2kawwO4\/SddttBGBjuWmlx2mbqZAG42aEFb8Hsk1mL16Unl6FwMDAEUoKkDspLQAqh6sJdrBcZzItRF2CLVA9WnCr9bMS4cpqKwnj8nHqEavvrwBGXeFVuw+SB+QN6axuVl2MnhulcEjUFG0j70="}
+00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1620902508740,"flow_last_seen":1620902508800,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00422{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":800419,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbccjXmXn34AQECNQNwAAAQEICjN0lcE6mxjZ"}
+00535{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":802460,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuKAbtgbccjXmXn34AYECObtwAAAQEICjN0lcI6mxjZFAMDAAEBFwMDAEWN\/WLUQHv6Jdjx9uLxisnhCQRHYpIWN+UNEcjOzDB3LOMW9mUBMe8n3AU4xW\/lcUbakFqqg0RpNbEojAL6nqd2Vw3zGCo="}
+00422{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828719,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynZAADQG7bCSMDoSwKgBsgG7+4peZeffYG3Hc4AQAfld8wAAAQEICjqbGPYzdJXC"}
+00832{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828835,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjyndAADQG7ICSMDoSwKgBsgG7+4peZeffYG3Hc4AYAfkjzQAAAQEICjqbGPYzdJXCFwMDASoK99X7peGLel+vBKFIQchqeP2r94hUgvj3R+NS0k53CQC3pHBXjaQ36rJN33aZ2+WUlOSMK2XbwFUmtctna73Gsk5J9LdfRc3xcLyY9fM82FYz+x0XztgmYjj1qAhhRsK1OjbDF4klraXJiQ2XmM076UKED11XWm+09m98sDnbaRGF4EOaUWOKFVElzC43s9UdnlnxhRVN+rhhvD+CbtnpY8SJQUasszWyozDN0tU9vbvRHlCQnK3Ts58hzVIM1IPhCwSVVgWGmbaTnoS0cDU1UMTE\/ttf5SS\/yDBt7hC2lFQ85dF4t86x+Tu8I+3gnfvMwUOCYa6Wc6OUBxifF7oEyaTTkwbfvrfAiEOWd1UFeJLXkhfxSNDWYwQB4kd9EJERG7WvoCdXYUVv"}
+00423{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902508,"pkt_ts_usec":828882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuKAbtgbcdzXmXpDoAQEBpOjgAAAQEICjN0ldc6mxj2"}
+01392{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":270667,"pkt_caplen":783,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":783,"pkt_l4_len":749,"pkt":"EBMx8Tl2KDc3AG3ICABFAAMBAABAAEAGqVrAqAGykjA6EvuKAbtgbcdzXmXpDoAYEBqE8gAAAQEICjN0l3Y6mxj2FwMDAshIBmLbUmNyqGq5bZtWIEkTQEfzU5L5rPzKZ+6rHYeArP2fbK\/kbyvx3Rw94ExEzOSv60xEtOToTNEEVdo1H0mZHmANUiwR6f+aNhCWgqBlMfs84fb5rg81ssTO5OHt597Oe9PkXmBfYCkAvhQbsn5aQM35L+Sjxw8xgJzoxOcQbAPli8mMia+44FbqNkPrq1nISrPQAi1BS3xxm0pt3texgbSZJzQFOkMZrdn+B\/CvLnUw1kuxGiGQQGIMqTzR4Tc653x9y7NjxzBiK\/cA0LL\/tJLoUfPBYKqpQ5VPTfVphc7gXRnemxWOUMmYFhjhMqQgAm9526DpC78NqtKMgXiwF+tNVUHcQkzQheB84bi1CDvox3d7sTZ1c64jna4clJ9lq1bXqb4GOEM1Juw3E4gjSEdrC3zaTv9OXC8iIBhui6N5yMIM4odP38gIq7RkhjkuFaopeRctjRe43mJqh2ZZ7ZxryU\/M+vGtU4H+qO7H6fxA38Lol43NziWB2QzJedR4YSGRigT2AM12T31K7baDa4COsoV\/2+jWM5g\/SDSDBveybZJ02q8\/I1WBTCkUwgISAp65JfEuEFPhLlaaQf7zSFtOxPkYMwQcmM4t24HvCplC6zQsBxpzc88WxvuvXcz3GnrnSCY+5zLUSOluHNlElaPPKBybqt98dniClbc8zESHP8zL6RTISvxyErfR95g3HcJoleJUgwvUruYi9xm4isbbkKt45EdW2UsbDAoeti4cY4Ot2YV0q1KIHUsQuJjsB3ckUC14VjzfVI0GvSDNczcXXhp4uK5u60wevNSDPi5MJpr8rDAA3Btqq+CcQLCvwWIzyl5+U9F6pPMIHiTc2C3D1h6RKhCrUkLV6utzoV\/Z5FIZffQhVEuGJaXtsyHUk5ZOaJ4fbXnLZtzhnMPydapJB7ydqWJEW423G4\/1gQlsKVDwfjhs"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620902509272,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00440{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":272814,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuYAbvjd2YSAAAAALAC\/\/+WlQAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620902509273,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":273191,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuZAbt3hYKuAAAAALAC\/\/\/l6gAAAgQFtAEDAwUBAQgKM3SXeAAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620902509274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":274034,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuaAbt39JnFAAAAALAC\/\/\/OYgAAAgQFtAEDAwUBAQgKM3SXeQAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620902509276,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":276446,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvubAbvm4fjEAAAAALAC\/\/8AcwAAAgQFtAEDAwUBAQgKM3SXewAAAAAEAgAA"}
+00423{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":297599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ynhAADQG7a6SMDoSwKgBsgG7+4peZekOYG3KQIAQAfVWcgAAAQEICjqbGsszdJd2"}
+02388{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":299347,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUynlAADQG6A2SMDoSwKgBsgG7+4peZekOYG3KQIAQAfX6owAAAQEICjqbGswzdJd2FwMDATGYJH3Tfh\/VWL3n9mUsS4wSTQKFYup+YEAvZABy0CISZyvXqVjGbPr8PrY4qo\/Ab76GAua7iSHmfFkM9KN61\/p5N0HweQKYekUJtIDynTUX4lef8jhzPQPIGByIALiUfFKUZJz\/xVuexdJyaozEpz84y0Q4ybb0G+PfT5jWlXoe4EiQ4qBOpysdt3Y\/xlftcKEtvAHgIubFuagkT+1ZzWBP0wW2OabCiMzMzxacdu1lcn6S6ff82N9w4PGRbrHGGgc8RIOszyZlcvlDWsOzZ8hMAPJNIA\/nbY0f\/qA5qBsqHTuew1X8rne6oKtynCGk0wNnweKZ+iTYE1+yWX5tgs5p5W1ZsvBxm7z5gobnESyAayyx+Jg\/efW3x6pswK8zW7WEpVGnItUafwDon9\/nOKVzuBcDAzrI5+xRgpIaQTp3YZR3RdvqfCY9ISq9w5pgf2qpbib3D\/T9+dCQeVmJE6TLnA38s5tYBLJcodOOBY25WTIdsLJ\/AeuD7TwtHcl30tav+TlTwLND\/gMfHcPRIi4EGavP25JKzpSTd954tJfB6B9brfpNzjcmLR2YVIRADZMNLpkRzNlazKpFr3mlT9z7UqaZUsiEk2IFPUpnPMOIuVGAlB7NjGXPFxKtWmSLR3gU9ZkaIPv0cdT0tyeWunr0Viouyuc9fqZKetIeuRE\/cm\/Lh1Dwxvn5dMsfH6bhmkIcIzzNk+5Dg2rqz4RBiZLlldneK8EUGWszYCKcmitgLXQA31G1Od5YsMH\/qaPL8N\/yNYXBn5fQF77jdAvax8DMaC5AgZpbdno08nQkA5rufI1wjIgscHC6ZKXopD+\/xDR5RI\/RCez4e3KNF1XsQeSppCCuSTuuDO6Hp+6Ecl9Y692OkIrgq5vtOKdF49ETDpJLolM\/mV1tueJki36LadFzSkI0royzSABbYIRdSDojQ515IOND1NVpwF7+E7nP62DA20AGRV6LHvbcKExdbSczMprz34KTr5IJUFWBOuTykSKhOZCjIRv4Fc+duN4n\/Rfm42G8KJG\/O6p+wnYYKWgB2WkTEZUBBkAoLcD7mfpU9PG3LyEmp2HWxGfz\/54b1CPfw3avDvHLgHpi33am0FDlnrsPXxbfyVvwHgKIrucX1lB5zvKCwiBOvNMAljVlbdi6II6llSBIDESqGsbpxU4gFch6R9w9UzDCTcy\/td16\/gmOj2yDq5dg92jhI1oZdqrO0NFvDWmsUr4zT1HypPuJO8h79ZFoRKcnk1BZdJchsJPTgC68yQ\/IwSTv\/7VjpDBXPLzouKeBgk03TzlYT1S+f7AyfxnWJtqsIN7tfJJ1Kt71d3sijlujrEcTfEF1RG8YtjvGuCfH0eHV1\/g2NnTSnfNzRPFGFnaRRSOeV1LY8hFJ8GODfyBzs0XsvxsVIqAZlSeSba86yFwCpsCt45MlR2Un8shf\/rMTDKuz5z9uo22sQPN3aEI5bYUXPq6RvwVPNzsfeH06gwZ7Mdmt3awsvZvp\/w4+NtVHF6dR6ibuT+LS8DqJJjMynlJTf5sjWUO81wFUWLKP6\/o4pJLP1Qwa59S2lL8fvTDf\/Tqc0gynrRvkM0dV+vnHt2msCNybrm6DLRiRvDXyd1AwN16WF4YL0KiyUawUpG5Bv4DzgSLzQ7oBCREh\/HAeyrgM5dtgmb4bqntEs11RESYWRm0ohYv1PLxkPsA8jdkOllAP\/Xr3H7iE9ivQdvLsEYwCZRzCcfyBmCTC3Zzl5yEJWpnCzJku6G7Nbw+4BASkoUWncfgapZWWurpFRPHNoY\/UL9B\/IK7jQFo07qrZiAyvxPtWjLPogMtnNWXCRwTJtp1ICkWMG64zGGAdpYJWgaBpfZ6Qun89srdD+YBTdGp9hI\/K4Y8mtWHH\/WxsJ\/Hg4EnOxlvTamX5t7nDxdidy\/1F"}
+02370{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":300740,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUynpAADQG6AySMDoSwKgBsgG7+4peZe6uYG3KQIAYAfUSZQAAAQEICjqbGswzdJd2iBdv8rknz43663CQ3HHZU6BwPuOgM\/EFKaVdXpps3SaxihhhqMqscxR0ZEHWcAxt9wp1m3GcYbTMPxdyEx8IW7dBn2P1571KovpgVCOoeVYhVmvkrMyh4GISw1VqMcveYFjzeOrZ38lZuNutCkHPgB86B1KdBd5n4SKA++5wEjYs7OdE7CvP9CO\/TtO\/JXyHcSyhBVVSodk2x8FvyVhzZRKeV04ULyw+Wb79qS3W46FbK8tIvpaDY+IG8TtWRJomIsVWcHZ2Z5SN1\/Fa1Ue7uCQRIK+v486gsSotvwMr3Tm+J5HJPDGos441+G5sq8ZOCrvAIbZmr4iTjebFsoQcPsDsjbySwAeEQrVn+fGmkOnxaAhNR+3YGN\/orTVdNINUNrQ4Ei8fsgWpkuRjtt0zj199VT0mM58av6S6DDxeLSVKplq96Ga9WPlXs+wgR8CV3DDqXzmPLtUiMbEXCjrXhyCaRPgU3mClUwx4otddnYm7Ku25KEzKK5vwAp5LwkCiQa6Z1TVUnIqBHgT9gFoDSHWaTZ20lFEyJrCx6hwYrbqtX9A30QOpS0UWdicKv7tMTFycAHMKLtAZEYN9bSubK06Hokr+Xl8RhJYcbeVaD\/L0HibbVFAoky7A1TPWUT5O3\/Xy7a2DGrABrlUgrQFskVwHLCPm6oV4Jk7ovUCWzZUMXcAJbq5xEURM3Wl8Xdf2f2eq4wuNc4rKy5svkFceQAQSX7gxigC\/GTdpP+rgqEQcBf2jC9o9yC6JTF\/l8CGHSbrYQGMrdKTZVZPh\/7GQ3jNN2nOYrdzSm9swsCbPzs6avxRHTOW9yTeWhkk9o69jMJzhQyazL8G5yBPS343EZES22D2so9Gn2Z5CnUF+RyuvFBRTIhFUVE+llLUKVBEUgqONgcwtjwMqoYQcvszIzrzbP8Gz5IdEhhpYw4MmvrPcy9V7x9ArKjWcp0YLrWWDz8bGVgdGtWTvgnHbB11Xylyk\/KKuKl+3GG3BCoG7eCec3B1e25bbL3paQfAN4iZLJc2mPZtax6oc1efdHbqsGE4P\/zhLSPqL\/bCTrc77i30cioIOVtDFQAYlw82P0wlM09K+1g42oeKNbNLFGthIvMfv3f9NKCCvU4NfCzzrIPMWrkM1e+3kRzyixnM1yzp1Ef+gIAAaxHwkWQWFAUZKyFhqyPjCg+sdPtyVe1g6cSL2gsyAAnu7lYEyB2p4LTCveb+Rdy\/+kFee5Xnv8\/PE8ahxmC7Fq7PElgTKOJiEl6BxdX0s7egh1AX45S6Da8K59JuFtFXuaZreShYvls\/oInQVTC4XgrY7XZiq4OMjSp+E4chfvs7sNoEMAlBv9gxhyeDz4xNA2jUnRxYtAhkxF3JrS9DrB5c9nkpMAYh48uLJxRM1ilsrSf0FbXr6MGOyVdXUr2cvD2yNig9hLz31NYk7iNazhMeUgSqrNTh11crG1reo8eNGr6LE4bES3yaosxGN2rMM2hxJAH7iFQB\/hBR4s3oAMXtkeApEnSlGZcE+xy5EkXFMNBfS4k\/6QLXRLYUwp5CmIRORG3bhs1oiE33uM+9MnBbAeraajDU4VwK9jd1YrbWVUq0WheLWoBLt8vAk0Nd0e+P7YlKA6qDCG0IqG+4iI5iF\/18fCBxY27BIvYNkoyIjBDxivI2RONp6zISb8TSuRrnoco2a84cJlOi0V43wqkZVQ92gOvWGk8knrAIfTrPOW1X+zYNdLiSZq7HnoimtM+CmiHxmD60ixsVsJqobFciMXApCb0hKSuYIKuHOcK7oQQ1l191Ojp50q1yoRnu3hzwAmaCcK9xRV3aHGLTyGRuCk6Fx67iGDfW\/zcoYaIbZqnaOB\/BuWaFdpfZBcWQtyvPR7qE7wx8HDrTddrYX9vLqu4xh9T0UoQcuyMdcpKpIBb+38JA2ywbx"}
+00436{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5l1X2J5d4WCr6AS\/ojLGgAAAgQFrAQCCAo6mxrNM3SXeAEDAwc="}
+00423{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYKvdV9ieoAQECzoIAAAAQEICjN0l5M6mxrN"}
+00436{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5gJQMJ043dmE6AS\/oiH6wAAAgQFrAQCCAo6mxrLM3SXeAEDAwc="}
+00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302633,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2YTCUDCdYAQECyk8QAAAQEICjN0l5M6mxrL"}
+00438{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5p\/iAsOd\/SZxqAS\/ogA1gAAAgQFrAQCCAo6mxrMM3SXeQEDAwc="}
+00423{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":302760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JnGf4gLD4AQECwd3QAAAQEICjN0l5M6mxrM"}
+00436{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303215,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+5sh1fPg5uH4xaAS\/oinwwAAAgQFrAQCCAo6mxrPM3SXewEDAwc="}
+00423{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4fjFIdXz4YAQECzEywAAAQEICjN0l5Q6mxrP"}
+01283{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303389,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuZAbt3hYKvdV9ieoAYECw9qQAAAQEICjN0l5Q6mxrNFgMBAnYBAAJyAwMbONTKSobWCChLaoCmtvCx9\/pcgkTaqzrbkutJyPLiiiAasQqGVnwXQsOOo5jRZ6QYT1CK7uD5XdKRBJ7yUd1W1QAgCgoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJamoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACCMB4Sr5kZOgAN0tULVonTgn5Nij3DsLDlo2DGvxFS3UQAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygCWLE0kui4sgtM1uL6vzp2XjKj7qFF1cVEZiZ8DNfAhnNOKGWmDqAezjvAmwhBr0lj+CkITL1PZY+KIE92UEd83VIlba64swaeetUJem3b6DiVZr+sG6v5nO24w5Fq5jNooCYgea\/kSCyAgKJw9zXAJkF+ALbg2UnYNwTrdv8UPPYWK\/\/FZxs47otAScGMYES95F\/UddJx40v3LL\/2MTqfWFWQPciC8dXh3pVmMH0FgERSOK5xDJguySwBxpXYyQEhLfajyKuuk1x0FpqqqHVJ9noGsOyOGkaLXVVsVSRGH\/pEJvYOGNaqccYbo8GZWI7U8\/S3MAMTC1t7pqBopyN+bNR3r+6YjgqI8u99b\/DXkSmTFHlni2n471uDYr96gynKaHq24YiaE="}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1620902509273,"flow_last_seen":1620902509303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01287{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":303683,"pkt_caplen":701,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":701,"pkt_l4_len":667,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKvAABAAEAGqazAqAGykjA6EvuYAbvjd2YTCUDCdYAYECx0YQAAAQEICjN0l5Q6mxrLFgMBAnYBAAJyAwMQHmJhlHeScT7a9egK2SjOzyaNKX\/ov\/FX5TftMs8zmCCfkPb+1ZsEYNNrxkVe5BM24z4mIR25BtkXl0BC4xubrQAgSkoTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAIJSkoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBHHmvJqS0E6b1sf\/QNMqQwNI+sBMgqNEguKyS9wQXAKwAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDJaWgABAAApATsBBgEAMypzcqAzWsBAZINcgx+ygD\/1Ed8AhagbFDO4w9YNA2cr3sFrEQ9Slid5TZVf2ljtvHdasUip2wOHkRhUjqWumvMshtAJmTDjAZ+n4aciI2iElpX+sae8N6RFewPghBeuv+gvEaLKOqScM\/qhAMP+UjLorSsDoaMAZ40hGjqSRu7qFHq+SxJ2eZsZ4xm5quGG\/cLYpXLjWAIttRHSotpAwv2wFae6ujdlZejhNSfP5lI0b3xZ+2LWmU\/E5doQrJa\/voNJ70V\/d\/M6psU+c4L9ACb94Vf\/p\/Mo+CIkORvg6qwDPWUhGqnoTtz9mIPpXylHEcA96JXtyeO1rrBJSBG4U48diqoAMTCrJK8S79Vkr05s70NDyBq5vnuFSQ573cgHwcs9lkE2t8U8BogXT3+gejSZgS\/IG2s="}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1620902509272,"flow_last_seen":1620902509303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01119{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":304055,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvuaAbt39JnGf4gLD4AYECxAQAAAAQEICjN0l5Q6mxrMFgMBAgABAAH8AwMCpM4ap6FxMcuum4k0rFOx6HKELsU74ZewAm9NNFHrHCDl5mYK5NyKLhR+6cYFEa62hVKl7RtVXWgVBX69oQSHcgAgKioTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAI2toAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACna2gABAAAdACDVdDEDWQarcksPiULXEPcvgATD\/InPdHmyFksU9j0rLgAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDKqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1620902509274,"flow_last_seen":1620902509304,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01120{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":304589,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6EvubAbvm4fjFIdXz4YAYECz+5wAAAQEICjN0l5U6mxrPFgMBAgABAAH8AwPu4vpXPVJNlXrjnZXiqHfet\/5isXgiQo8YmHFRC+jacCCRSxgXbR061vVKAt5s22lo06L3Jln\/c9UF2p0z2Uc8+AAguroTAxMBEwLMqcyowCvAL8AswDDAE8AUAJwAnQAvADUBAAGTGhoAAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC7JB7a1tLwPRdP883wFtQgfEydREFgd5BZJX4R7xYdSAAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAJEaQAFAAMCaDIKCgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1620902509276,"flow_last_seen":1620902509304,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00423{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":331464,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmJAADQGXcWSMDoSwKgBsgG7+5sh1fPh5uH6yoAQAfrQ2gAAAQEICjqbGuwzdJeV"}
+00423{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":331480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ro1AADQGCZqSMDoSwKgBsgG7+5l1X2J6d4WFKoAQAfnzuAAAAQEICjqbGuwzdJeU"}
+00425{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":332600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neJAADQGGkWSMDoSwKgBsgG7+5p\/iAsPd\/Sby4AQAfop6gAAAQEICjqbGuszdJeU"}
+00423{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":332619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NpVAADQGgZKSMDoSwKgBsgG7+5gJQMJ143dojoAQAfmwiAAAAQEICjqbGuszdJeU"}
+00779{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":333977,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4ro5AADQGCJWSMDoSwKgBsgG7+5l1X2J6d4WFKoAYAflGUgAAAQEICjqbGu8zdJeUFgMDAIACAAB8AwOW8QHI76H1FbK1zy9TxteroBBhH+kMoXErAXH1+chUeiAasQqGVnwXQsOOo5jRZ6QYT1CK7uD5XdKRBJ7yUd1W1RMCAAA0ACsAAgMEADMAJAAdACDJaIxLn3zJRVwUefCeKmtax\/7VXrl5gFitp0w4aaNHLwApAAIAABQDAwABARcDAwAqfuYJBezZMzUPYjrnR6wbCHM4WQkLhPVcAYjTuf+xEjsQi\/ba+DKbttcpFwMDAEWb3AKYdMM70kgDDgrJVb6b2tMsYjgYmNVQE\/ZB\/ShFSXcte2DmUlVZ7UR\/dSSlcF91W+kWjmL6XQNccWlPii0KtspXP00="}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1620902509273,"flow_last_seen":1620902509333,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00423{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYUqdV9jfoAQECPkawAAAQEICjN0l7A6mxrv"}
+00536{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334622,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuZAbt3hYUqdV9jfoAYECPB\/gAAAQEICjN0l7A6mxrvFAMDAAEBFwMDAEXYvH8kGtAzlg2rP3ab2Gp7Hxkjec9AYRk+0soUKoNzsQT\/jByhtXCexgx8UIRDBfo6RgeUqdHQ7rTiZOBs0B8d+4HkDUg="}
+01379{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":334956,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuZAbt3hYV6dV9jfoAYECPzPQAAAQEICjN0l7A6mxrvFwMDAr3lNOWVFdOqbGnI5CK66QA6DJex9aCdUmmndBhY9CySHCjyhnlQ+CHaIb0snCVUvnrf0H9t4Q\/Irl1XjLpsKMW\/+wU1dYL++b1ioK8hjuP7HAmgQ5GtFi6OMj60hdNYzyYRlnn9p1Pf9Wt4SSek+lImgr8ChmHXjKkMyio3gWwSLcmPmmkgq3TNZXJ4FO6X0n\/pGOE1eOp70M5LklKr8zNHETk1+DOimPKGxkum7RwKQ2DkxpUSlMQy8tjlkUWUghgtgwjZjpAnPib9EMvT7sKmyxPcXIZc1Wsv9vGyCyna2hw0YdoS7xolOevB3\/+yWD9MKnG0YAitkkfUsfRrF9iaQ1+ywVUhy6G\/zHwC2lJ6EudTOBAJqNOUaOopjt8nn2TPZGjQKihPFNWLhBtyuBCEExpOhq7oQ6QiN864bwdc4er0twYu8FQ0FnKko2VE0GFEfA8yqNEmQouY4SK6OpZtErv5eCg8ilnF3+IV2r1NQUTZp0TadottydcYFSKWZrW\/6vSWEfdRuM18bzfU8Sd3SciJythWdYtqwh8kZCwj72+Hus7iSpx8VKnzwPbu22qrMBx4sRL3yErU4lAa3VgaVLDtdsip5UrAqAHKyVLeIopG66yUi4Jj+8nLNwtO3huFPs\/cHbCwIo8Vj9ay3RwYnRj5G7Y2MpE+9jX6v9bfC4RhzRzzYQht3y4xN0hEOR6GIDGobzMKi1c6gMWyqi2N1HgB4R0\/7XSnEgHIc506l4SmynNTxbaOeLkMkvSaRghNTim6hZjPk3zN+YpkOtY1SnVzT6q+o28pOB2Pq\/bQez0PfKGTZ0FUpvqkz+5k+xponzjPYgfnYevjNjT8CVSdeVLsDw5UZyZjrhP6O0CD5LeNO8rZkyuyRZcb5l1uC3atUyDax9QgzjS3LPbBtaCejKdFXz2qZvNmTV459A=="}
+00778{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335101,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4NpZAADQGgI2SMDoSwKgBsgG7+5gJQMJ143dojoAYAfk1rgAAAQEICjqbGu0zdJeUFgMDAIACAAB8AwPkZhV\/CFMUXSOxpFAWonuooUxpGSNmtDo3Uqjzihq+QSCfkPb+1ZsEYNNrxkVe5BM24z4mIR25BtkXl0BC4xubrRMCAAA0ACsAAgMEADMAJAAdACCN0\/zbQsvjb3hnLPe3E37bDYQ4e\/SZgcXunIdOJm8TXAApAAIAABQDAwABARcDAwAq+RADG23kmGTGqaVxGTThcTPRQNJ\/sjJeiLuR3aWwLpHgrsP54+gqQXznFwMDAEU5RRcjsrYDGGeRuNRWxdwU6KN2XTW9FomsEhhA0zy7X8KSiczwqiZ2jMWdJglHh5jzT6clo8zGeofhO7K+cB7KpdL9YZ8="}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":132,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1620902509272,"flow_last_seen":1620902509335,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":895,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1b73862eae8f1711440a446b1ef357fd","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00423{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335143,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2iOCUDDeYAQECOhOwAAAQEICjN0l7E6mxrt"}
+00535{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335520,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuYAbvjd2iOCUDDeYAYECOiGgAAAQEICjN0l7E6mxrtFAMDAAEBFwMDAEVGTL+ox9ul6btUINs7TqsJYKoGjs3WxYDA9ShTGnEtazqdA7pO6ld06AsP2KchlJ3gCPw49O\/Hrrfm4ULHnRYama2LxxI="}
+01381{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":335714,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuYAbvjd2jeCUDDeYAYECNZRAAAAQEICjN0l7E6mxrtFwMDAr1rKNCPoZt8SN48UoSZcJEXuVva6fDnijPk6gbmFhRAMW4RxpEl9V0sep4T3HNb\/pAwqLCnNicTnp9Csj9ieQE6UZa+HsfsdB03726QQyyZ8FD+aPQVXB0ueOhrmmZJ99RSaXq8KiOdIP72yBbnCc9R89F8fsX1C1\/QaXccX7MhNP3GlwNMIPJ0RSHdCI6kIS9bxnQiikC7Q6xx8v\/cHjWiufOiUzwZJ9\/TB7u9tH5mZdMrPqdyvfSKqE9kdJWw8khf+Xog2+Ka6\/Gi8+p8RbKBn2a3Qr\/AeSr7V82xhP544bycc\/zz97ZKBM0Ex2pOa5RL9kxvLF9TOp+gBDAYs9CruQF78J+uKgDMLaEgaxQZS4lrzqmadi0PyxEvwkZafPTKbw89m6e36uP2uzHF+rMzw8jYOp1QiPuY3e208zdkyGVysmWquNai2Hsyb6uQI\/yqfAdJIGjDqWF5sgTtV1mh3sVSwSPGIItF09AvFhgu39ZJNYdMi3Hakyhe9xV1cnnZyV7kaLDeTUG8JC3AGFz4ycsBVGRMd5umioajCepH0Agpbrh\/ctwf7ZkKy+f2xDbL3fcn2JioCIQDa9NptEh4Uy9LovBnyZfUQNVYBKcmJSj8FXcPwsgp+k4V9ooOQKFIX7ydFkQDfB\/QRxK+cGTGZMx4TkDwSPSQ5XHWk5D7fusaI1vUH1+TeClLxsvOxEHSQYlZ6MpwNtawrXAhGQ0Hp4j1zWzyIAwGNEGsEUuaEKQ+45N3iflrmLL4xQuCPGvJnjMJ70m7acKl9Iqvq2E6DmIEE0MEl3S8FAgcCIJsUXMaOLPa6PgzvOBmqZ683i6TEHRB8JP8VOy2qjcrifKfD2yA0X5qQpZlbTBJJEAJ+25SPVWwPfeTm84DTXwpghCHoTslO57f9\/oX6Ze07vvQDCinCRKjsFJ0P28ejw=="}
+02381{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":338226,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWmNAADQGWCSSMDoSwKgBsgG7+5sh1fPh5uH6yoAQAfoExAAAAQEICjqbGvMzdJeVFgMDAHoCAAB2AwPedgxUUUMfOcDOCNys2evRevSKuiAKjhnNmDAm\/ANdDCCRSxgXbR061vVKAt5s22lo06L3Jln\/c9UF2p0z2Uc8+BMCAAAuACsAAgMEADMAJAAdACCb\/Fd255IpJniZBkmOnyZum9tsJlRF6Qb7t9wmKZv1ChQDAwABARcDAwAqJrLCP0epfioXEHzV\/NhQpewJZQ3\/aZEvnXWLtaEe2SHKBQ4wnR154xPzFwMDC+HSHImEkNeVwPuF7UkYMEi\/Itsna3Ho5b1+rIJ\/f3mJ6MIcpuwOd6NC88vrsSHi6awRUB0W6nkZ2fUU6iAJ\/25lEfUGc2vQTWCR19rMsgGOg+ndWdNkVJX8wBoClwlGOBUqqzRyStTDRFhzDyFPn\/C1OOzdjRiyD0GU7Otn016Gv33xfGlEweGNAp2YHYd1p66s8H7YlVk5oAt1Gue2L6hAOElAl\/Fhvrfh6cz5xphHmoEXdAf9+w8zqVgCSqaenfOZpmSsanP+Ino+vK\/XDXvwDkqC6FdfXmRK8Oek8z6fxwHJfHelxMqVNDwJA1GyafsxDbRdbNSgTWzTDottNBJf60XFzXYLVCzfmU5WUqVDwFkTQ3keV0phvHroh7s8a5\/KUAm2qimFh9sQNJ5MOlo0igUWSIQZbGBCfmp9kSZxfaGn03VZxJiov2kSKh1tmkG1XITG2oPfN6YqM5zU\/\/Qj9v5Bahm71KPuybWznP\/59Is4b8c7DVXDBrYvZ6PaQZfib6EQQ+Wqx0Xviqfqjwe68JLxk\/TuGNm2918RYf9gBSiJH4WCO3w0Q2Vdx+MIfTsXyQR1nmxLBT+D6XXas1AOlCJT1BuwP6dFz03mOYoAjBBBy1CmkbKXSd7rTMhbuUT18XcLWOOpVPuurksUEIr67hkp2\/zNwpGsbBKTrZAr1YZ0wD9jAxnHprpXFwvwEoYWdmlABNDsgtE\/f8I3Q8eKnH4kjfSaeYc+nYIsago5EXWbjLWslPs7Jwiv1HLSl0bqr4rtsNd9E77NbB5ZCkJX1uK4k+GvjpqmZYEmV\/NJNvzTrnompAfvr9TTHsDA4cVHiE7l1kAU+WbtDkhOBgm7red7gh2zXzcnUkcWmuPt6olQrIO5lhz0AGIH0Q\/yc3hPmL1sT1qbC0YoEifK219RMWmSiJuRG0a4kVNi2nK6D\/93rb7PEayWZZ\/E67JfZOaee74M6cK29Z13fEn5e7cUg0KwCGrsrKLyIZDtFmh1TQ6YgdUyHPPk1s2ZbvP8LXqwKp\/uL9VtRmtzfYQ9hc7aWmfd0sF\/Be\/RVf+jqwik6gBDtv+Vsz28eCXHTZdSeUNV0WEAd7SIvifsoraSDi9UlX4eL2rxkK1BElM9DZ4zo4+x2G76uXl6LLMa6iu9X55p+SPBRqdqnUVM6L\/+3VCYzuAH22FDDLsOqeK8Z6eAB6Su3BE1csZTNvffC40LUPnJDQph4pyTpYj5MuQHIEuEMvd2xOfnbg52jTzPUfFDatc5fRutdsYBUGWafgVQQAxEdfFg0+iSkl765QL1rlhrrtkytWJN1+QH\/zspkRdMXgJARibtGrkrHOIz+l8zuSeSgpMM2u7z4xn4etMis+aNbovoTM8kCrDboSDWxAre\/IMlqAB+5bdHMkToRVp75fDe\/Z3E5x0bD\/Ni5KFA8bZ9dysGBbQUWvU4Ta6Pj9ei5aZ+JIg1nBNC5CLGqTen7wpBHfNMJF0pa9nhPzOVWDzzPQ9DnALD9pPljlivyYJGK6IncasrfYGDhUqlB2dv8BO\/NEhtjjNy4aqozW1w8PKk19A5K1hyf9IA23W7TxOHbtd6C8XtcBLYE0auzd2SlS0shbUfZonaWR99N\/394ubx5K6XwNUIDhvDfKsLCoX4F1u1l9RKev99eSpYEQKwD9Wg5c+U8t3d"}
+00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1620902509276,"flow_last_seen":1620902509338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02391{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339519,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWmRAADQGWCOSMDoSwKgBsgG7+5sh1fmB5uH6yoAYAfoBqQAAAQEICjqbGvMzdJeVN9c7EtSlDPmQRDP2Q62N5REOuNXlHGeoaeU+Hrs636\/0qFgilHR4hZ918\/eeB+HYQkhnNQPWTJy2jKSl9RbOneBPl0y\/0LvcKljh82DHbhiTXfI4iodKlrHGRH1+gpEnZtV3NpeHr1Mqox8WtVSdixQ5sdBOSpnqwubnmvgxDq45ZRZ7Ofg0ZpG3486p9rOKTMwOUa39OXt\/RQRpZOceETa+3xHbuNLr+dI9oSoZxSR33Tub8UDRHT7NKriAEKp0LmySBr2csj+vySAl0bRw5MjUPPx8vCwBNOdZ5oRqsnI6iZYGgg6kN8UQHExr2FEpoTrepqqqTfwXMUzpqGi342nqRKgXm7UHL2PzAueGGbesQEIpsZ1kgyr9MzOKYXRerMU7m6VDp9kp4PJmUjp4qDyAByWY3fyKwnJHws8Etm8OmIFlTtQB\/XrLJBbOfASTnLKkxwd0r76TB9e2Y1\/LrKxdEmEQeD0\/qs31gHBvC\/J1XZM0yklI9toA+G+\/pbq1AApLBpUAUpvo\/xtc0p8G\/9TBfv1nKw2xVFTSWegsufzgA9wiwqRGce09NMQT8RFpw8R2T7G9BBtcIJ9eihxJUbiHuzLbxr3zOMZ06zMV75wm5hSIJQ18QGMKy\/V\/lIWoguQRUd1uka22B2Fzc1nkkNDf9J3\/ubhXXtgZfu2A4t6CDv5eKmV3zZcx0Jv4dhh5S+thKfzojCUvfQNypjNVJv3bnnAf9WxcCullZeNR5\/wL0DGFS+e4ELUkkI9tvDwrHQmPJhTHbehb5nox3gh+pN3OmJuLth8WEjLkesDyrj1gnSFdHIbLxTqlpvbyKtOGbYzgVbbeD2Drg4jK03pUNYFVXQIvNBEG5zpWsFmwqV2q7moxon6ldmiEEfmxGTyMwv94Zxhv6XZMu9mBJH4I3usnDZA3\/Z4z\/li\/T65gfarNrSWovJpfbu1CFeNRxl+x3sqCl5NSG34gj\/EkfgJgXapijJNsQ1PBnP2Ca+wdyG0d6dK9ruucygk\/kyYoKyctc+d3h4LBzRLaGtHnChSrSqC6EN4NeMqn2lqmreXf6ztjjYlkN0Z4+FZz0WwVe0b9UcDRorEwQ8dlqDRn6GWzZbpF2DsoX6AM79PD16oLehZEXeU4Ll3xupSQAIq6x0OOtnJm\/cYrTJ+yx196gb2Y0qn\/lHj1Il1DbMb+8plVQApsXCQbS1y4F7zQfNXYNLnj7U7+rXesoIhC21tQVpZAOj82Os8GIGe1eaHlYJYLwRdJBl61\/bqyYIdeiMwoRJwz3YAkoTzPbj+wtL+vtox\/MsV5LWCk7O5hhzebCi3rv5hrW13cPuDGGqQbTLK4YsvLRsyJzo4l+EljD5qgMROG5yPH14yy2U\/UHWSRbidNBrJbsGvKHTm5EWhmTdVNxtjGiyszxDwEOKU8p5MiMyGkZvIi+nOmSHiD5aOFoE0urnA\/0DVuSZ52nZZd\/W8M6wLRXt6jr7PgYz\/iwivyKM\/RtfuSx77BwNxcv+YRwq263jIQRZDATPqwkO3\/0\/waYDk\/LtafUuhunSC7pEv+U3eP6tmg1dfdHTX6i742wgfQsWJpdYm3P\/Q0omWlqDX+i56yz5CWHKCcbkkbYT4LPeCrH9icDeKqI\/TMmci3bShb4qRn2qAYe7j\/JPG9K9jKNFJozXUBQ3RIb2y6DmW30aAUq334aouszkdV3\/h3Ux8L+1cHrqSq\/TKU4o5PKW15OnMNtwsTdt07y1VzcqxgZAM3GJSKfJy\/J6dCWKQB3tZg2lfqw+5tgcX7m5JcVw87\/1Fsj7paAPDMuRJwDzO2fvFHImypVc+\/olOy9EbEocV5U65hLSCEiTcY9Ei6SE1GNZEwYfOwRsApz\/pRf+Y3jFhlM3adihK1jxQzcwRdQTv93lKm7dzh9LU3RYX+64tkQ\/vY"}
+01382{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339533,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2WmVAADQGWwCSMDoSwKgBsgG7+5sh1f8h5uH6yoAYAfoWUQAAAQEICjqbGvMzdJeVXPHqRPLX4s0krLyauNXBvgdrpLgsgyolPXTqzdDKq23hbQ6y3VNy7MN0S0GNuHlSi2iXXwh64Nr0ywFkoUkHEWRtQozerVKwcmUrS2aOESCJfNdDaQQqnLSD82Sse\/B5yRhlzX+baP0NENM0tvGYx5O9yPilfC\/i2tLmwt2SO4SjCRD6AbolRpw6fVv6uieWl8v\/\/bzeB746J9U5vR2YHqxnTjeNB95twngmHakW97vmb3ZYj5l9WFpGt7O6dIW3nDgzqQDVeNV+tDgAArCsJB\/VdxcMYqMgDdIs2olG0YixnWwABZs4itvGMn0F2djiNmVa4SCetZ5OXDoAIilbLD\/mT1Kg2lcaWJPjhgWNMfXAjDuM1wKdqWYJZ+zN6jy578iQZZ9cI7Jz37T2fKC+8GlqA81qCWwQ9viMp4o5Sg1zxFpWiTc9uIvKx3qRVgLd67eSRgfjU0LC4RcDAwEZdoiE7ewOLlskgSUDg4gT7KHyczl0kBKdEMGMrV+MbBnyVHORFjx0dN4hCBdCGDbslSiUFqrR68Ldw5kW85AjxGGgApwZ\/goYXWRQFQC3eDa4zWD\/CAs0cLoBS1BitGNXi01SP3cMdaVtv9VK5IqfJwimLd5oL\/deaES\/sG6RRw+5AW3vbHAaXyWfOVApCUVZQACJ5+lXI0\/8kdPQoUWcKzLM0CHRKLoGTpqchkOjsuGFdSVnJZYdzPcwYNqiLfZjT6Rj5SV+8lWpFA94TRmKvFBKjRK8I6LA4az2PDGQ6Yoea9GtCRGs2oZUhoMX+P+xykJVITPX5kmTnuj\/2ZZc53ARu6FK765hh8Ce8obcG45gOiJSEuAU9dcXAwMARao6r45aCpFvjPYUSBsTTJP0t979TZ8WuHub8Tvmhu52IG8SAXyzXIJeP8kyyz5VSbjPpSpkLlkb3QHVXFjgPMA2L9oRQQ=="}
+00424{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339572,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4frKIdX\/IYAQD9O3mgAAAQEICjN0l7U6mxrz"}
+00424{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvubAbvm4frKIdYB44AQD7y07wAAAQEICjN0l7U6mxrz"}
+00536{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":339958,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvubAbvm4frKIdYB44AYEACNZgAAAQEICjN0l7U6mxrzFAMDAAEBFwMDAEXIE+ky+eXdAAowZrDF2iASqJevMzZAqkPwXZR49xOX\/yHB1MAjxBHbaKN3DXd2g40aj76Mz69fY5QGzbybXv2siT17aaw="}
+01389{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":340249,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvubAbvm4fsaIdYB44AYEAAldwAAAQEICjN0l7U6mxrzFwMDAr2upkdOXPSMI9VbIVQVTTABYwj7d0BXmbEprrsyirjbSMGFfXn\/AiScdgCHi7GSPJ61DDmaIipZOrV2x2cx59beh7VGE\/8NDUWkIJg8z7M8\/cyGjbWem0IdzZtEQaCFkH3HkdPM9\/sLvKLeoefBj+\/Qj2\/fivqJ+zPmMmVdYDWoUS3a+ENfBNLP6S4CSS5vH9A0rvQj+\/oH7loY5cZzyKh0pBlyMrPYsHVtvKUhwqawkaVeF6igum5yKtl6pnpw0DnRJkCEu1geTIWjjonNcCxcMAmWDcEAvjWpQFp5sYcbcHBLD+shtrNcbXLAFA7GH1qWkRMuIM3ZARPdpgak8uYaO2yCzB\/kh7pfQ1HXD+Y3C\/gCDw5jdjPv1Int3JEP4VkjKEHLjQ1\/62VAUchxMV2RGmsGLQlWTtSvan45SepYEeDVqG7aq+CYJNlcmHvl2v+WEMk+TQlE3a1MJG714XW7atzpw4+zuj7spjEa1fRSaJzw8VmEVsxlQvZrmU6Tren5shxF+A5WhymBQsSne90rnkMCMpyx\/Zbu+SMj77OKCKQWChSMPfAdzYpDACvSCv6ifm986\/yYC+0uT81EbhsePLgD5nP4NBPqw7P1TrksKYzRIJuHlOuxA8VcG3IfTsEK5Jsof7yk2uUIP1oSDSJfWG0S4qI97sbv9+9IRwflIliBUJcVLU2HHX80cW81bsuM5nQgZV\/mfrvqIkic8tOJ\/KGJJ\/UfQch8Sv5OHVpLfR\/cP2nekYNoIBedpvVz0GlQOouFLPzNIOkySZXb8BRQNCvVO3ZwHSUZw0jU\/f1k8KN9PfokPK4tKUrzqN7G1hrtw0BQtsBiS3PS4Z3ylKUAwXM6k2W9VoYp6hAtOOjTscdF3ZjKHNsExtEKGlemQMonN7jMldbxxtAP77L9uBy\/U1P7s0yBqmYHfO7BbA=="}
+02392{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342220,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUneNAADQGFKSSMDoSwKgBsgG7+5p\/iAsPd\/Sby4AQAfrsgQAAAQEICjqbGvQzdJeUFgMDAHoCAAB2AwN\/ao9fohuuO4DwbzYyxm4xgiKYYWaHqAAt92\/7\/+gmDyDl5mYK5NyKLhR+6cYFEa62hVKl7RtVXWgVBX69oQSHchMCAAAuACsAAgMEADMAJAAdACDNZbBtn8\/BQGP4uWuTuOBCokCTH0nuv8LV20IOyQVLMBQDAwABARcDAwAqdxiuKCItZzPBkU80LA2bEHdILvg6+g2KyZJ3eObnp7DbWSX8kjzIKD1eFwMDC+E5BgE6w56C0drOWMIAp+qaHuMstdlkWsZ8kZjO4xtjju1dwQQjJGZVbaRLDiftr3h6vo\/vOTkEyTztOUG8Bgiztz2zTIgYJXD940tFuJC80hZFlUyqA8SettGxSqbFY29HzoK3\/lQGablEJifMIjsrtGO31VDtilBBATr9tZBRErZhTt9ValbmvJBKdmyImE+UFMH\/pjlqVQIrJoTyfuD5U9WgnZ3Q\/SYcMdMLUkO7jJ8EtR\/3MLBnKMjx6ui7\/hQwbc+ABVQ3K3NKKTf2MtVXRhOL2acEP5V\/LtFxOn8S4faa4HtaZHf5j\/z2eaIdgx1VmUlbNLFpEQ4a\/mCHVhBZRSNzzD7V4fJdJ6AJsjSa0X\/ZzDFUgAdkWK3YVdTxE\/K9mZEmPnSqoDHtkP1qtwRthDx9wJuojET\/xhC\/ly2juuai3zfR+MkA678FIQdev0Jv7B1oMtT3t8mTyVS75x8clolzxRBh5qwCyhzL4HMvFTOpWatPKHwuuv\/D2XzrdTKIKHTWJnXUsEC1dIVVvhadgO0l9Hm3\/wChUiZT10GX4V3h0YUfIqfRi6FFDnMV4tOKpCMEg356wq8RUWHX7jAehQSPH\/z6eQ3FdAJqPWDYS0Qv+2sX7\/JQzSk2+95NnMamMQ9Fd\/5GkoFSsSYMAaGCQUg\/TUHtSWEOfHBoZ1O21aqGy7lPOpcC\/FZRXd6DvBD6uLjTG\/Xl5eZyxxduaTL6dJuxPkuxCLC5IDT+7b4OUoQgPVI9NS\/ERNL3obzo2jkQGXoEY7xzJvE0HQ+VwsfsNeEXsQ77j9taDVF6gHw064mQE1Zk9oDI\/c3s84OtegfNfE8\/OVLqTE0g55sBqq8NkI\/S3OHzrr3kKExVKqtwD8UeQGKn16POaiunk6ozlall6Jy1YHKJGnDl\/FJ7GICCZ4va4B7KUHIBnD6pD6K8tevyVzCIfx6CTsXdbc9tG3LACBxgF99T1l0b8kIGlyGYCNsGYuUrRL5upYDBjh78T8k5rrdZSC6323EFt+k0wdYlCJ0PzT9tXzl\/TYcJCw6909JssdFXhQzR6swivkSs1vgcdFlEMcuYvPkBDZygWhP2QBbA+Pc934EqnxCjtbhDpf1+nGgoBRk\/RRD7stYDqbQh+dX5ObbAbj5MyyuawYhQGo3OL9K2hSIsapF5okFoKH40iijXSsbaDc40pH2bN\/5aHVi4RBkxUhJJIZtXAM0kfa2mhXU9lTS8xk9Fc5sRJTyYs61PQyBE5bq8IsvKDVaRbhnoSM9RfkupzSz64xH3+ATpZb2seljageB6YxSj7wwyxNuuFzubeOQItSRcwquuoMBbPg6at\/hkqhJELLDA\/9T1dI6zXlaRi6zIgCyF7AOEYlVwc+lUIRLEDxkSKiBIGkWbyahZIx20AdsCh1EvzvjNO\/g8l\/eCDobPfRGbqg329MK3sEF3aLnU0JnRiTfXDNQ7kGzm\/K+nBF5HKB+e9hvSt4b7YIDbtYgQxMqpoQpU7STc\/xBIikNlR1Z0PcSncguYG\/MhYayhMIrScKejHuCobO6zlRzIv2ypf4rnH6gkDdGkOKyuhktLvZjkbOQkSXkr7Wv8oYAthAPzoQMtsB8ZKIVu6phSyH4bK1McOeaYAJWWAoBDlv2GSOSeIy9iSeuEfgUMGlUhHVo7xI\/QW60+AOuM"}
+00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1620902509274,"flow_last_seen":1620902509342,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+02372{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342342,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUneRAADQGFKOSMDoSwKgBsgG7+5p\/iBCvd\/Sby4AYAfpZnQAAAQEICjqbGvQzdJeU6kxq7c99ne80Konh\/TWfSLz9rUDhgwOWMJ5qaSxL\/LdF7LzQOKA\/yf\/SJ2ogF+9oQpooSurKAPH48SIEzeFVATfTYWd3NER5kCmvdm+4I94zpFquSbgJwH7kdZG+IZRyo8HzZPrQryy2rwPMU3JHrIE7lF3kZIoUgqEAB+E8QSo9Vs53eCDSFBjG68tlE3\/26W0V0b3J502ageF5ugKSpTelSmehW++8ZKf1mXZx4UXpS2hg41K6j6FHZMkZDjy38Pjre2gDwsWQz4eE1tM6\/vziJT10pqBJn6O41AJU5ehvLjDYOye2VX+Xb14bs7NZjulNdb5s2z1uOm1odJ03SUBgcLbQP6v340u1VXGIO63IuiPOgipQG+54xzBgPvYXoIiWuM+AJVKcbT2QQIQeYZR95Kump0aocoLHhER4QDN+KmXeC1jjlKm67iHIMlbMhB0FsHsaDuJQN+Hr6Byq7i37AH91hUmVuLHn6bbOizOTbzXvDWyEgTIUr7HBbUjp1u4b746qkOyuAokO\/2silxmF7WoZNgNJBZ4TuqypRSqqX+lZmuHWrSVaRJxj4p4A2nxN2Y4GwiRc7c0NRS0P0hTxyeoaneDKVX5Ul6xpdOo4hTX1kObvRSvShU0Lc1C411g+N2o1N1mjm4mmKKdRD0gv6RNPmX9hutu9vqO51FQK8AyVufZ0QgECcZtFjehWx90576dIgjfIewyQm8hdLaVzrtvdSby12QZmGXDLlbEnlWQTRpMbuMISmZLyCATlCv\/BAwXl1XaDUT\/IZRbAwF2mTYYkMpezJd6h\/e7+xqwHpXxOZ+41dxx9yMK4sNg0MZX5CQOZeYQSxeY4lxsOt\/mpKfao7MXpAaLnF1iU68P5eBDOWppfXwRkh+thItQHyHvnCdrII1lIqeO2SAEJMcvDIAIMTyonvTNpKfJVfXmLWliCz99QRUgk9TuGHItKVgw28vMY31hbnLmDDaH2J5oFjxjhExSJQAxq+Uy4MMb1JpkwsReOBYq2b8odE4vhyrAQTiKmdZqrzsaeGMy6WjI28hx+CPDSOnajtWMMBdzj7kBPhRFqNwEIOkDO+8nWwHEXMKpOyoXUs2sutDnlnI7+dRaBFZHjUcaPceYXKE+tmPhdRpvxj1gN9vtZOyctMAkRe8dNC8vQMFPXMa6h8MiSDBf4qM5GVQwJi81bNZSmyYMnls+3TxtM8LmmHXJtgTHOA3NVsw0ix5pZy4zlwWN45vmYaCqUro0j9KQEC0KAAjrjZeBjPuYRxuJO+nYs7MesyXyfx30u1CaM1jxOsspQ\/UZPQ64\/93GNskCWqA\/+kXVdW8qIDS0ZlyqI09lpw4bgKl4scJUvyKi0z\/v\/Rk5bLSS7pXdG8fUpntxVINJvYYH2tfYLU9zikN2ATUC9WoADUHwER4cY5MJKtO+0l57Yf2n6u4Oth\/IOUifsYXsKrKDYL3nTfEOyeaF59Nwov4phVN8llbrPchx23duwaZv0ZyMPS+C8XV5TYfREsQBG+++Y9O940M16AjWiQIagMcO2vvpKUkXneGcUBIXAY\/L42X4zOwBi4x6JVmMvh\/pryyw8gmhSJ1Ejc8Bvw0FSOBcLxXLPRU9B02VgajKHvtc+Go5haMbBKwiNTvXlCjWazMKWWrUNf7NlCi8Ja3NcPRNvRi4qBnrwuIsR1DpXlSkRnFPPh9SfemkpSvzw10YQFaiH+zxhaVM25VU6AfH\/gFyN8DEazCoyEiGOHPo8EJ9qeraSHj1FgSzFGxfTNeqSROF3\/sQutKwH4nYGNuKT+ICD7A9eHKqX3Rimcqjt+i66aZ5OrIu8swRHG8dlw04qhdAB+5LZFbdxJ2Lh36fuEQ46IWG7JKdHh3uoeHWfwsiMoyvhqbioMwOiHogcAlO4f+IQWGVt7lmRnfdUYzEe"}
+01387{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342357,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2neVAADQGF4CSMDoSwKgBsgG7+5p\/iBZPd\/Sby4AYAfqb1AAAAQEICjqbGvQzdJeUFVHL61glF02I6+\/b8jA9asu8OAv5Nxdbkgk1eaWnmtjS0hjbNRly334HhGUHOT+mvABDKIB29q+DJ1cf\/qR9ntNx\/J3v4R9llRfU0+GU\/zbjuEyL3Wp6y3GCYqw0qT+2KWn4gu4PcB\/OlqAiwPVivUCRvBsfbGywp0zZKxcYOwvk39HPI7egetDphxzJTYlhuzY2VmCLeJ2SHa8uvjo55Vf05b8USXzappPp8wtv77Hv7dB8O7Yro33nAaE8NVOwSP6MzOfg9XpzAHjnPB9RfwLMBZUl4GwibdCzCQ+nAv2BythiAIJ8NRR1TuRyaFgr\/YV+Oe75\/bIHgU8ccuSJ1HW0ZcsJ+4bJcBZE9K92VoDpHdCLcb6MnZmTZDlKCqwDa\/Ro4Wq\/AjX1+IX26\/KZuf833b\/ONIeFtfvPvONQWmrjykTrb8ZpMwo\/aIKY45hfiHShtPk9msmAzRcDAwEZetI5q5VFku7VokCl\/BY1pS8HsMmUaH0Zq7GVHB2tD7A3LFW3Ui6nPDohGL33ZVDEkYe95v1YHLwvmYmTZ9Qh3iLSsp5yhvRyPSgdiDIF65UIPGnYKmU4vF591MEvApQpzRvud066KMqVgPx\/Nko1yiCboju0FsXG8ZMtKuq1adoMME1p18LO1mjw5g0kWCvetKnINWHNOe32I2hSxVeNXdkGPepBcgMcPbhdjkFefFxdJHR3ZgfiFD826afcA8A9UikFPdm8sBmVc0EQdJl2qUGyzOBJsEjWMI5zz6Ef4iRmF+AN09lDj66\/BhugdFHdSepWy2l6+XDcQNCIWV1ub2F10i+zqLfxtpEwsGlakkdRfB776sYWYCwXAwMARUqsIf8y+c1VyWAiVm7zOfY4xskosopH4p2kmMQBCSIUSCl8kUdVW1CN2Prv1ogmHn628fRCYjuHjtchhi18s+2Xis654Q=="}
+00423{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JvLf4gWT4AQD9MQpQAAAQEICjN0l7c6mxr0"}
+00424{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuaAbt39JvLf4gZEYAQD7wN+gAAAQEICjN0l7c6mxr0"}
+00536{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":342841,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EvuaAbt39JvLf4gZEYAYEACjswAAAQEICjN0l7c6mxr0FAMDAAEBFwMDAEUVtP9Z5XD+4IuV3RPHhMQE+RfrfieCRT1b0dXdR4vhL3knI8t1Enz\/ERe8BjYcGVDciBBmuqKolVi+Ns2a23qxafiI13Y="}
+01381{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":343074,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL2AABAAEAGqWXAqAGykjA6EvuaAbt39Jwbf4gZEYAYEADdaQAAAQEICjN0l7c6mxr0FwMDAr3u3bgNH5j5f2w9yr5dG4DOwpaZQPX\/Rxry461pDK7gY99V7a71X6vuBj+jUi5xiCsrF\/b9Tt7Hyooh7qB4oFYKOXN75yC+05H9UMvjO57qg7s+EixjcxLvhBEj4l9JFW2IXeNMFyIdZo3n9KST84iIfK+dXMU6jXOC7tupgv8aZ1\/kGU8EMzVsL\/IfMiveDqtYDoDL2o0WNUlC0V6XLbfHywjtBx6VhF1lxi66mEU8ShyHYBEva9YiPctQ5JWwwiww3vXd6JjPeabWTj2e95ST+O50edBkt5dg5uz8TRA5Gc2esqipoLKLUbI\/ojc1VBFgF+6l1znn+Gi2B7wghWLUjgPzaL4a6hiK5qPUKcy43TsdFQAGztmATyci8TmQCM4\/EGrXAK6ootD1gLD6SPN+Mp8G3DIYxNlnHt6IImQIJiJcvRmRdu2CpOuhE1Q7bgDk4ZKCcFnsb+H1NqkHVk\/tdQhYsWrO9EQr8jSrg5PYxvIVTtCJsfu5NhIcTM7W6R3shlwtMHJJo4RW7stoo0ZeSwWLVRe15N9IBOkjPq\/RHWmj4j9wQXWa2LQ5GpRpE1vkiHwC8IKEtimWONHWLM7eki+uP+qlhR0tIUCCbxXFbhFzdcDEL74GmfaqOVwUcYCCCqPnUt+DJJvhgAzDAbBfrzAqVjDy+mABCCxoXQoBNxSvEUpxak75zRnDwlnYMz4PSUIDP3MwVZSP5i80YDh4PBbZEdO2G+A0dEa4tdT68eVo5cSNNe5nF7J3PGu93V97cQTfRABQhGOaVJCD9EvwTdfgApxFiHlvDXdsQbMG92WSi9r5tdjzF7YzRNMvOXjjO5nhrKnuEKlbg3Sq5lCFaGgajBOykF\/wa7x7ck9OpJSb87cmOHpRH2yDd1zA5YOXoFunIsIEHuH2pwsY0\/yiiGGxfP7BgKaTzdw+2g=="}
+00424{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":360219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ro9AADQGCZiSMDoSwKgBsgG7+5l1X2N+d4WFeoAQAfnyKgAAAQEICjqbGwozdJew"}
+00424{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":361277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0rpBAADQGCZeSMDoSwKgBsgG7+5l1X2N+d4WIPIAQAfTvbAAAAQEICjqbGwszdJew"}
+00834{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":363595,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjrpFAADQGCGeSMDoSwKgBsgG7+5l1X2N+d4WIPIAYAfX6PwAAAQEICjqbGwszdJewFwMDASoDpIRaxqKLBigqEAkkT+nsWgU9Rkeb8Wlz6XBgeVBlAEcAd\/TCDTScCVHL2N1+54EbmMTZ8Im4ecIEnuTmqtbkNtTyjb5eoxTosvN3q7mPHp1lYsoldZ8T4r8y7AF0FvJbKcnrGGIsbMED30lr4+7rWArpXuJT310Z6B10Bf\/nrCRZCSVOcpG21cPMwckmMZjOatWExkBp7iPynCm+hF+AH5EHdEG2XwWbwMA2zxlJIYxsgvJ7rGse+uRPgwyozEq6JypldfLy2C99jSRacaPgH8qH8uLnjnLzbfa+txGw1CcjvapT27zPvHCZmQzm6QfVkfzlGPVDVxl9TDwDc6Jvr+jEe9wx64CJE\/S0HyNej6qcq1T+p2UK6cBHw4z9IzWEwYuPIGGt69C3"}
+00425{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":363643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuZAbt3hYg8dV9krYAQEBrf\/gAAAQEICjN0l8k6mxsL"}
+02381{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":365355,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUrpJAADQGA\/WSMDoSwKgBsgG7+5l1X2Std4WIPIAQAfW0WgAAAQEICjqbGwwzdJewFwMDATFFo0twhudXtBOByDthArsm\/NsbYg20i9wKvK5gD+ZdKBb5Ow3zTzQYhu8pv5ZdNxZN+IoEwxIJqgeOcMUtRlkIhtA8SpjfF0JLXK9Au2NvX98S7DGzFTJUAWCzJZTwNiT\/7yvj4CIGsKn07JmtRLvL5\/7gSOMxgIdB5Y5nE0g+Cm9Au19So5YSS+y0zJhE6Dw0UOGreBq4PiRUqf563ntGqMt85pd1ig8S\/cD6Hc4B6JuZD7rHsnTSfB+a57NQt7n34SPzQMc5Om6OuePCQehqQfIhM74dq1MozS4uLsCjd1DGjXmmfgGX7vSmg3+3JZymmUCMGxSWrZe2h5t011SD1WSBylghxJm0aR258ZJO+eyJm8C95AzKtcUe5zbE+nnU53d8nta6EmxaujDRjw+eghcDA0ARALbGaNtcCQGb3nvi0m8dQ3f9Xx4LNicvSZ7uQV7jjIZPcmhrQw8rVEgPA2JODJqKYLhgRFIwPr0MuvZYMjGM\/XK3yMZVAP6i8M3jHMqIaxjpcQdoGmxDvTqWIOk+\/ZEi2sMQqdVzvfhtAExpTPGLuxrSPyTF7aj1HDgJgcXeZ9nxPorJ5EjXyTC8rs4TXR7+IVds7R2Ch5it\/TwGzxN70CKgxbNZyT3sY9YkcgOnU3GvOMm1R9pK69e8irqaNOY2\/mYvrfjcuZc3rtwTops3V8WxKtHMvTF2iRsm5e9391\/t\/CuCJnSN\/OxT50hbVow6hZEFcZoXp6zSVh2cmY8hXNwwgfZXkg3zwypLUnSeWGYKwg1bnGEmUfGz2sa9hjVtQbctQYoCJbjvMIks7v+auy6FlTe\/QOH8NylaPT77G3C35h+Z91meK5RY\/Ooxcq9BTQ0CTj6KxlpoV+8HXrzBpLqSA8ppJXnbo3hdHFnStKMiVJaJLHT2RDPEJ+Tg\/BB8wQAGRO24HRgMssr1lXt8x4B1lqmJFz2WgQunucgXv1XDbBz1P8QcDLUM7yw6IgSYWiB+SSMKrxevxIYTWt1bNUr+LA50kDBvuepxTl\/KSpaTFxuRakwVJRz1sHK4at8a1w85zgt0FmyubSCmu3qVQWatQZ0QBDTPPSNlyMOA5fP8Q4nC1ecx8pNBkojnw+KG5jTZJ\/ijD2RmjQN4hw6I1UCWC34HuDyxQG8thkfDWU768GS5tYRDTe0HIEHNE+UI6I7UK51LkjrcZZczSASxJGrlsNMkB7rTIcqhQ08smPxBZVXjYufzVRwraUBOsIotk1DAT+UPkAoNSHO9rbLsTTm15wDqX\/ik9u2cRBBgkbOT2OSzS\/X03ejR+Q7XZMF+sUmZjcj4QGsJbfieGaA0qmNmx6XpYjnxiaPUuXAIXmiMUA8fKVjFUhBOVob4nASt799boIWbjHjnIjSBBmxoCdxVOhMCKnbUqkmK8gw\/DeTv2vf1+w5htpGiuxFCr7fxB0gCKzttvibhxmf69m6tfzNjWM15FX0OedZc47tOAYaqyCfNrXk+0zGqX6CRP+XJ0ZVwt3mGRsyvWe0ws0moiwqWHwd\/LZ1K8Ql8lcJzi7bUUbVlvi48cEbhfK03VBM1xqH3hPUG9AaW1kE7\/QLMlrWh8VTJGA3\/oCx7T3IDcs\/T1WCZA+D3UrRAYCiDEAeOBR8BJucu4Nu60stJABjEbS2bfTlSE7YETqwwamkwDf3HaQw9pJO21iJ41C\/L6Utgkr3nEy\/tujTTuGviTT\/Ff7ceQEHoFZtKwZKfWBtKaXB+O7PPuAadk0W3vXfSugrhjCsxn8Tpros4uErpJmqEsE2Zi8ZQycaGFrnVHbsznWyTx8tdmCq4qaz+hF3bUBdjLzFdmJYItOESOEkUHgeridDTNuukBLTVrEgtzuMkDmBDQFtiETCJ74p\/+z30NsdKrDuTRXUyUE\/ME\/cKaMX5esPHQUW\/"}
+02388{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":365591,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUrpNAADQGA\/SSMDoSwKgBsgG7+5l1X2pNd4WIPIAYAfVqbwAAAQEICjqbGwwzdJewqfwgVZf5QOIBH69lxd5OII0yX2XdzeBWUqjORrYauXFFPN\/LOOlab4JZafjzukxfORwotQmA2d+F5iYuBHa\/OYJF+yo9+2pyBlGHHpKL\/RG7s4Bj8w0jvgGndwWza7kH+WjgKhANT7\/nti\/+zMjraOrubWtUUlI6Nq1i3p5wD3Pl6D4nOs531XUJcLYOAo0CtKij6LmXnLM6TghFzAuAiXOr2MUcOnK\/0IhiSkYjLcj2BQ9e2fdFQvvB5U3ofEvHtHE3BNbEd9GUsYivq00a6NrO8QLVbY7yNMKZWDdHYEHk623NnckVwL\/mqrNLWLH+nbdPQm1YRPw+gdb4BhUGSmMpZnaG1dWf1rOjBzg7FfkF5Lu3mL8yitmia6zAzFFmalPgLvW63Ia1u87oivNs7dMNK4FD48iN0ujBKr4z3x2rBfcM4y7m2iPq4VxACK0rFt3CsDAYzlkLj3ynFonKNGwTXYcAaSwZQYCvvJ2LP\/+i6YhuYfBt41GBc4tkcPNSYalPGFsCfBe9Jo3VfEgpx9hifHSPjkz49Aluj7JTMiyXb2G7B0lfVWiDRZoOjOBXuHwQdSU01CKwsfhbnGOer33DIhZ863dgImnVMsVF\/UuD\/Hqh4uVc1Fq47M7duRwlRcO7HNJQeqGd8PWnxSeEgkZqtC7mq2LsKLvNkAjGGpknL0cnneoqTIpN4J1BvG+ly0U0JzBZEIlU1Do\/UDcmcohWoTLdxHgpcAzZIEcLrJSi7i2bKIhoAbMqePNcj5x60WN8XsKTbeKmaZoNbOo4EiVZOKFo12gaGKoowDuamTDIToTNmSUzmbcsOg5oOdPF9BuLzo8CBlbXsocO4byUSk0oVwJt4GdVk2Cw1dEGhrz50aSqUMkAd2kNLao3oovmCy0cI+u17vQYLNCWFzhP\/e\/eymTk6mRvw9c\/Qb7uO\/eXYOpMbEHWhV0lo+mnIhS3PgSc3bk\/lFMf0B9ytTIQA3EkwtgW6t9ZYLQ4PP5\/utvHM\/8xLlYLf03ltT2TV189ooAgMjjWfrSRfT6njTSRh5X9ytZjQYGRKoIy2utUfLHSbrxSq3Sdxe6fsL9poMrBFyaR5pVNW5RwqSXFQch6C6kcbN9nI1hoDdTwHvuKxbGWa7lBDXannGohPGnYtjFoY\/rct9xyo0FNUJdg7pAS+pj\/m1oHtffc2g1HHdsmrFzKrJvN5wRhzZXZty8NHwxCCYS8fciEIcpBOL\/OvWnRZytUH3ubMtZXqqvrrk9KElCTnHR95dvZkcK\/EWJK5y4HpA9wQ9ZpyV2K\/NeG\/d4DnXX51jplQ7C\/2RP9cJrN8hHSyIglTx64J+AMFmhQuIrR3UeiXV\/EZ5SEidpXFHcZ7yw0YfkpP64rphqqP+kk2P73\/faci6M5RnE\/L2pXzGSZZffM4uSYp+bCtO9ruu07OvCUnjM0u2z\/FYFoJAYPFmiTJOYgdH+6HUsWzXnRqfF8rT4HXc6WhdrPb6cM8JnzEsqCsocX3\/\/chFBTxHYTjgAlQV2l4Kyyl+pNmwdfv+0omaT2A1CIwD\/PcBdbx6wb3LyAytVe7cuTupajKnHDRTHB6mxB8ia\/t\/HC1k40F6LMs3MgT2vdZ7Q5XgcFanCr+Ijr2SnZPneiFDN4kBDgX+9Wl3nGqyaKDDJUs7VmsYMSAv4q+ZJQtY1CxdYbJoFAf1oGPLZ4exg\/nYBAXoX5QBfKheaU2X3d7WeEYCtU\/jjzQDQOYP8VvUVpQiPtFKSDyYnCDRT7W3oY5P5gOhcZeZCchGCKdjfEiRPm8V25S5fOTzzmAlS0zhEgmU482DaFBElYYSwzkjiD0W1AFc46bvPkIu7+Fzl1+wWwz08vHXH\/Ag9EhI5Qdk5vukBcxk2l2XYJ9Q9eQMfc2DICIt8xLzKtTxNZ0CGvRjTl4MnKVxRd"}
+00424{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367099,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmZAADQGXcGSMDoSwKgBsgG7+5sh1gHj5uH7GoAQAfrCRgAAAQEICjqbGw4zdJe1"}
+00837{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367101,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjWmdAADQGXJGSMDoSwKgBsgG7+5sh1gHj5uH7GoAYAfrYnAAAAQEICjqbGw4zdJe1FwMDASoNj27aXqQCuW3A\/wxlTmyM28boRDJynZKkOqLzqWjzDtUTHKKDyyI++JzwLJw6pIkKqtdczn8avtdhFUQ5tKEYGIugUuoyRqMVuQo0pvTfi2EoB1ucjFA+Qn5I7\/bluEnELmswVoSV2JDFLZN4cP7pMwQx0pj0mR0HqeXqIv5ZtAQgNDbE15t\/UVKqNNXvzK0IeTaf1f9YFBCsJLi2on2nTwdeM2n\/LbUB3hZE2wX885ANQ2EhfBRsFHRveu9d6W2RZf+3lNazVpjZtiEA7FT9vyBBI\/MO4IilsmjNK5ob8YiG6S5mkKQPCBF1i4CmP0ZhHvnySjpftseTmgnZ\/CJqJyDbq3ohEDt6aOlXFKMCWWqfX33uvne3p9mh3P1M7SwmTpRYtbI9F4vv"}
+00424{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367101,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WmhAADQGXb+SMDoSwKgBsgG7+5sh1gMS5uH93IAQAfW+WgAAAQEICjqbGw4zdJe1"}
+00424{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NpdAADQGgZCSMDoSwKgBsgG7+5gJQMN543do3oAQAfmu+QAAAQEICjqbGwkzdJex"}
+00836{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367122,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjNphAADQGgGCSMDoSwKgBsgG7+5gJQMN543do3oAYAflgvgAAAQEICjqbGwozdJexFwMDASq3bHvl4r0lP4smBVektA3a73cTg1NcXG1ZMDYfcS2bVv1f3zU3r4FKKJ2rh3Qt6eyLpZ5Q+vcUgCsdS6eoAldzjt7cuspWthW\/T0H6hdNO\/EAMAE6q1hp8sY46W3onyJaAzHooBHjpugEUkkuYvfH\/gkHF8cVKzNPQws4dJCnZlQWSnsQgYBGbCQA7fMuIXJ3Kqb6kCSQ5J+XgHoX1Okc\/+IPnFwbm8S6dSSqW7sNtriOukpa2tXEfPLRB9QhteS9OdKGinw35YMYmFD9tnLiyCeH26pTX5xp7v8isnDxH5rxELHftdz4jzzm0I7BX9UdghjU7Zjrq95P3D0b+wYsANJmO8EbukDQW1Ct1nVRhs+rqBuhuRqLgsSU+MxusdfHX\/DwJ7qa5pIAQ"}
+00424{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NplAADQGgY6SMDoSwKgBsgG7+5gJQMSo43droIAQAfWrCwAAAQEICjqbGwozdJex"}
+00424{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":367172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EvuYAbvjd2ugCUDEqIAQEBqcywAAAQEICjN0l8w6mxsK"}
+02381{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":368106,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNppAADQGe+2SMDoSwKgBsgG7+5gJQMSo43droIAQAfXyXAAAAQEICjqbGwszdJexFwMDATGcmvn8zYefzEogJk35AtMEwQ8FyVCc6ByqwKFG+vRdtGhsJD3zHljACeE04haokhJ8rD1jRFHQVitkV88USNhLtOdEtC7EPtXg4\/HRCd+V1551UEpdPj95kjpoYGdROYhvT50NONI\/bzQWkUs9v8+dnLCRX0bCCCzPebkhro\/Hmq0ElwqTUjGexJrWiBpv2X9nZN6ZqH67NeYRStvU73rabo0js0SRCx7oXvsQiKFcPjOXjkAX1ThOYrvlZ\/+TWqIJAGoolzSx9KGYqJN8k69osJxAOVb2vJxzK2rJV\/WnWtoIFmKf4CKBJeSQ8SAxDpTDOR+f6\/lPZGjIvsk36mlPJby1WUhjfxpspSvVGk10+evfQiGg4PlRaJUStlOo+hZ2ZANNK3bvX+jMIVIeXbNEzBcDAzni8NNSIlaPml7qK+o0nvOKWFjghGH9z\/Y7j4PLHc+8qF9M08s2vRZ6+twSoRioaQdghrvRFIE1LZZYlqwMg5nmv2D8WYKn\/P+pyAUBKpqt8AULR+dw2OQxCzV4vAwXy6j8dEzTsCh1K\/gIeHQgznVlPrZQc8TaB\/VpFeipwxfVxgYrUznAtpfL7N2fXwR0+d5Maccy3NNFArfhq2YFErzqmbIjG57wGUifp+lHRlCbbbNqMNzn+7+GnO+6RJnaMRX\/QZvKD86qEdsuKNCuN+DYpCdQ+aVby2H1F\/+ii+HbtR29fioLDmRgHe1lRDrhJW1A7qJr8LiYn7FzybbsLw3xbrgTXfQhYw2NytCnbarj3pSaFeRt4bQ0K3XuaojtoCGkG1HW9uwAXaFaRHjN\/Qhe2rt66vfIydiNWySb85Wf4Y0H8NLrvSc\/+G92fuR5RZHkBBxXMT2nF5Ux0lzyqXjKH2Q0bZDy5CN\/+Zu7V4+DfzrcKLka4ig+S9GlYsb2WqPmGDtdgtCUB0j9KdZp8ICyZnmqWvGUxDSfgVyQckcqi1FBwP7rL688kL\/CjZbUfYdgiyj2ojz4FH\/Zhy+JvkrxoPJsWpkg4ypnetBSOJ2pnYSw9UFIaFcGmmhP1Md6wmtO0SruDrXxjAnMYdG0Z+7VCpLCprj6s1RztTd5sxTB8i0rhOSqtBAN+XBHgfsJOEMlw9EcqlTBT+EeWxYv0\/xg2SzoO0Q+8nmSevhTPoD95CALUbWvM3jUWm808jnyx3Fvj\/DW0xgGT3M4suPscgpWij0qoMlWHvYdSgI3RMxjTMn4wYHiPMc46+esP3pMKZyZP9e0PtB5il2yv5XYDnjukuOsEXwdrXvi6uDRzQ6YniAvlvwyATIwUxbTZMHZKLN5E6eiSu4NvVP5UFS5HwE1AxYTkD+8YfiDBcEMH+ZMFU5ANjTD77ax1Y41gBB6h21naZA19chGvvvKum9MviXiboknnjvfhyYfWN6Zi7R5gYLb38vdANUWvFDa3CmmC+\/xQzUsgQWFUAKCPX8JxXn6xTriIa3FYsabbmk6QHiVnYga3ji\/uAVL\/+4ST19v\/h5IlMTXGYn79VQu3xzop78Ko0VoLbjwPh9ccC8LaXRIOgP\/4\/nwUKthmEPsUCkAVFsKRgwqrUdK3qAgZz38sp22ibWvO98nymCmnoZPJZF1O+JQjhNORRCWx8JQGI4kvQxH00KEl5Jff5p6UG1Z1Xp6m4qi\/ExPGPxlr04+5EJ96GU4Dv8HQv5PevgyhjsHxO\/ayNeEqFNObtZ0trkGR4wZ\/s6ze6sydSiZI1KD3MsZgg0rqwYAgV8ykDTcLvTFaWqL0olUmW852jBvFB7ZWk1L9xSu\/qjdceiWaSDwMozU9MnDPse3gwOzFZw\/mKHptaRfkZhXI5IcAAMlX953DgEQ1SM\/idcjGe637R6LfJK3ql8J3ppGVgzMS04J6HNEi+avFiQFEyUXvtdpSWxvogGmElfF3Sp8"}
+02379{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":368215,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNptAADQGe+ySMDoSwKgBsgG7+5gJQMpI43droIAYAfWKlwAAAQEICjqbGwszdJexxPNQdteAgjyvmyiQepYIVQZ03Yf\/N2Kpm3rLXJEUQetWCfuY5PggdOrqpitJfzD+uqeKQ+7FUmzq3JqrrLdG4MbAkcuNSP\/yBOA0AzVMUafvx5E2Nwm2JG+hEQLTT07Tc4JX5XY78O0QYbSu02jWlmvMNxAATxp+U21FtgbWRZ6wAM87Mm0di44G1SVQHIoLo948pTF1XwypouC\/RfECD41pNElZernaOs\/wv1kCUxfl+jIfIkl4ig7\/dsboKSXlY4QXzS+NKGp1DZxKOXrMfSbYb2u5v9JCJpbXp2Snfo5Z6yfoWdftrczZbTRt7aa1SnG8TOjPDwqNkzfTwytH3P6Tf4IX2gKqcoAcZGdu3RzuTzVXGFfOsjX3lN9dffxgCFkvsgF8dzdWAkJc\/g5+BPbOPM+ucCNVO3ArIev16fxVQW0op8sxDnGpaZbMu9Gy0KyvxtQ3WhY6WD+oUVImlLfuXjCqMCg2aLX2ngfRoZLcedkwSwxAOj6GuP6yJYTHtF7R9ipzysDL3OHlR8I5enhMueRrFB6cB6VuRHkFXV8kjVEJTroEpsxtda+A\/qUTBfgzjP\/b7Mkgeydh8rFPrnuNT7RTvcxzrb2ZJds3tGEIC4msJqrevBr3yFH41rQR5md783Fky9gzTQkyD06vcfTWzXJfpaxH3B\/TiCwdZveFk3jqtuKZklIMALY03gOzyrGHkdp6mTZ\/xC2JGhRj9xZgiCSbXuxywHwPOkmIpkMoLsR8YHu+BrIJonRiEGl34hjxabk6aZ0YRgGkwZADtJq\/2V1zrmqJ6kISlGDXb+mTzxEmmfnaXcHUxrRWtbHRuG6VqATR1NgUvyzXhnwrg1Mn8PyuBVchA9KSL53fBb5lzsHM1fWT6AF5WalOPY50IF7yxlaMHvjg3FNn8S7k1oO7McSoObWK\/1nUpHEjqo05GBXKMx+M5\/q00rY9kNL3XJh9Fp1oPJ3DVIytTyY2ixjmx4vfS4PktBRuVnaXqfYrQOlzI4OBOjqcb+X7IZ8qZxny+jETwnj1n419J87tmKfIajwDEmZpY\/snjgKNFvnQO\/eu1GakhkimAzUw2wWX7r9dFFP+YSE2klw5Cbg8r2i96TQwpBqqZgwC2z8dJQ\/aSyTPTUVACkWcDWULpzhq36I\/p9aBmiHd\/90MKDOyL4WrKc1GffApinT9KMS4ZZsnla3ZEjjCZPvD9sbphbgvbOQDCVULM3fTdklDO3Fx+SOO41lWqDXXWIq87462XKln804\/A5Y9nZrCuYSN3oFGVoLaXUHPdrgbUDpntMSq0R8IRvqzqeyf77+xqF4MXOHbR9rHtL262Y53\/Fgj8201RMopY5oFvDCztKQU3SPyLdQqQOteS0HOqPGfgi9Rt3V1pTk3iAxei1\/+lyaqU8AnMUydtsq4sJMli2eIFhsiZqPOumAM0j2s3\/b0\/A3MCouuJXSJ5\/7PUaqbyElPN1Z1a3Hss5gTkRou3irIuIls5xZcIVmUCa5VzuObjUsJ3DSp0QTH3vbJ\/Oxg6XN7hNrSzrn+iRqZ8yHtMDyWELkd5TSroKpxNoshVhUB+TTjftB1qes13RPFXUJy0vSn6kriojj+aAx6lrFAuxH8KMlu52wnYGNFX+gZTkyDYhhWenPDzQESPgDFImyt8YE5NIZkbz4xAXFrQHjulBMPS2\/a1pf+no+vZnZf0zg\/AAupX+hS6ZHPzIccgFRGcEhtkdZoU4u0YlnU3+v8amEexB1BhQzHRmzn2UP+QgDYgE0Kpd71L+VjjmkYjlOfl7pMezB1fzxUrBI3FuSGdqYZWnhoYrOtBvYpomX08VpJRjBPVyqza1moNZLRxQsusI2orFgeCRAf8Rio4qbv0twuaGtmXiwtIYlYSX9dzYDQBdVpJclukN\/N4roC\/onhZQYExKlT"}
+00426{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370352,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0neZAADQGGkGSMDoSwKgBsgG7+5p\/iBkRd\/ScG4AQAfobUAAAAQEICjqbGxAzdJe3"}
+00426{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370468,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nedAADQGGkCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAQAfUYkgAAAQEICjqbGxEzdJe3"}
+00846{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"chrome.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620902509,"pkt_ts_usec":370585,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjnehAADQGGRCSMDoSwKgBsgG7+5p\/iBkRd\/Se3YAYAfV9JAAAAQEICjqbGxEzdJe3FwMDASqAJRG6bgsbTW0tWRsjRYVGzw9H6gvxErz3e5D\/27VNhWASbt\/0PEltptiu389fTERtuCmmRusUQRw8btYWhKKYy6KckWYkE+6x\/7q4R9bYW0ih6KOhgAi\/cH2GADtxZ6ussAdlzyCJlkjv+vazlqpZeq0Jhjf7+nUOmgwRazjst\/FtIcJfUh634Oav0SiiDA1ZlevmBcX354z7M2\/nSm95\/mVD8ytZN\/0pg6jP98N1XAoBQ+41y58S1q6k3m51Oh4K8wBd383AO\/6iqnSKmamyeg\/2agMRVBw4Dict381VYLjIcmwAvXnTzAnSXsAWFAcfriAwwIE0Vpus4qeP9P6h9YA2N7BkX2vWZR4jWt14ppy\/8G\/8PaR2YFFWOgV\/gVOc3pC93ZzIIfIK"}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1958,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902509612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"aa50c12a5dfa717d9d6ab34e97de79d5","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":862,"flow_first_seen":1620902507870,"flow_last_seen":1620902514626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":687973,"flow_avg_l4_payload_len":798,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1134,"flow_first_seen":1620902508740,"flow_last_seen":1620902515037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":930115,"flow_avg_l4_payload_len":820,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":376,"flow_first_seen":1620902509272,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":297726,"flow_avg_l4_payload_len":791,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":214304,"flow_avg_l4_payload_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test"}
diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out
index fccf78522..b7d16050c 100644
--- a/test/results/coap_mqtt.pcap.out
+++ b/test/results/coap_mqtt.pcap.out
@@ -1,63 +1,63 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957710,"pkt_ts_usec":293035,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957715,"pkt_ts_usec":764217,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nQWMwAgAxVDAv\/NchYzKy53ZWxsLWtub3duBGNvcmU="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957717,"pkt_ts_usec":200749,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nUWMwAgyuNDAzf9chYzKy53ZWxsLWtub3duBGNvcmU="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957718,"pkt_ts_usec":629009,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nYWMwAgvHpDBEZkchYzKy53ZWxsLWtub3duBGNvcmU="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1333957710293,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1333957715764,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61044,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1333957717200,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61045,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1333957718629,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61046,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1333957720,"pkt_ts_usec":773953,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_tot_l4_data_len":27,"flow_min_l4_data_len":27,"flow_max_l4_data_len":27,"flow_avg_l4_data_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1333957720773,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":17876,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"}
-00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_tot_l4_data_len":27,"flow_min_l4_data_len":27,"flow_max_l4_data_len":27,"flow_avg_l4_data_len":27,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1375090528017,"flow_last_seen":0,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00425{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090528,"pkt_ts_usec":127292,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wAMpjBgAOkb"}
00597{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":153497,"pkt_caplen":191,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":191,"pkt_l4_len":137,"pkt":"ACTop0mhuCfrprIvht1gAAAAAIkRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjOC2wCJMIhCRVcPB5D\/VGhpcyBtZXNzYWdlIHdhcyBzZW50IGJ5IGEgc2VwYXJhdGUgcmVzcG9uc2UuCllvdXIgY2xpZW50IHdpbGwgbmVlZCB0byBhY2tub3dsZWRnZSBpdCwgb3RoZXJ3aXNlIGl0IHdpbGwgYmUgcmV0cmFuc21pdHRlZC4="}
00425{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090529,"pkt_ts_usec":165959,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"uCfrprIvACTop0mhht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAMOD1gAFcP"}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":12,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":676575,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwAfdD1AAs6gt3N0b3JhZ2X\/bXlyZXNvdXJjZQ=="}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1375090926676,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00454{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090926,"pkt_ts_usec":735550,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"ACTop0mhuCfrprIvht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAfeP9gQc6gh3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00438{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":26698,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"uCfrprIvACTop0mhht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADxEoWMwATY+NAA86h\/215ZGF0YQ=="}
00425{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":86791,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjPESgAMfrZghc6h"}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":240020,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"uCfrprIvACTop0mhht1gAAAAACYRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAmaNlAA5Uit3N0b3JhZ2UKbXlyZXNvdXJjZf9teWRhdGE="}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1375090935240,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","ndpi": {"proto":"COAP","breed":"Safe","category":"RPC"}}
00426{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375090935,"pkt_ts_usec":293289,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"}
00454{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":616928,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00439{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091005,"pkt_ts_usec":672713,"pkt_caplen":73,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":73,"pkt_l4_len":19,"pkt":"ACTop0mhuCfrprIvht1gAAAAABMRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wATioZgRZUj\/215ZGF0YQ=="}
00454{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091022,"pkt_ts_usec":221897,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="}
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1375091022,"pkt_ts_usec":272173,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gQpUk"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_tot_l4_data_len":93,"flow_min_l4_data_len":12,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_tot_l4_data_len":143,"flow_min_l4_data_len":12,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1375090926676,"flow_last_seen":1375090935086,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":976582,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":977291,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="}
00419{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907244,"pkt_ts_usec":175731,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332152,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_tot_l4_data_len":22,"flow_min_l4_data_len":22,"flow_max_l4_data_len":22,"flow_avg_l4_data_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00416{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332556,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="}
00419{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":532086,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnmO\/hCAAnAERyCABFAAA0ELxAAIAG+FDAqDgBwKg4ZdEYRF3fAvFmAAAAAIACIAB3eQAAAgQFtAEDAwgBAQQC"}
00425{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"}
00417{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"}
00437{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7095,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"CAAnmO\/hCAAnAERyCABFAAA7EL5AAIAG+EfAqDgBwKg4ZdEYRF3fAvFnrkjtw1AYAQCebQAAEBEABE1RVFQEAgA8AAVCdXM0MQ=="}
-00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":20,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7143,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CAAnAERyCAAnmO\/hCABFAAAolKdAAEAGtHHAqDhlwKg4AURd0RiuSO3D3wLxelAQAOXx0QAA"}
00417{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":8181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKhAAEAGtGzAqDhlwKg4AURd0RiuSO3D3wLxelAYAOXx1QAAIAIAAA=="}
00492{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":16406,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEL9AAIAG+B3AqDgBwKg4ZdEYRF3fAvF6rkjtx1AYAQBtHAAAMzoACUJ1czE3SW5mbwABVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
@@ -69,14 +69,14 @@
00493{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":43373,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEMJAAIAG+BrAqDgBwKg4ZdEYRF3fAvHFrkjuJFAYAQBqdAAAMzoACUJ1czE3SW5mbwADVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"}
00419{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":44633,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKxAAEAGtGjAqDhlwKg4AURd0RiuSO4k3wLyAVAYAOXx1QAAQAIAAw=="}
00420{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":242073,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEMNAAIAG+FXAqDgBwKg4ZdEYRF3fAvIBrkjuKFAQAQA6MQAAAAAAAAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00528{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00529{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483239,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+rAFAAEAGnMHAqDhlwKg4AURd0RKQSIQbeoYoHFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00530{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483346,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+f0hAAEAGyXrAqDhlwKg4AURd0RObj0l5TWIKIlAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":106,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":106,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483430,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":106,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":106,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}}
00424{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00420{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":484395,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMVAAIAG+E\/AqDgBwKg4ZdETRF1NYgoim49Jz1AYAP8qugAAQAIAAgAA"}
00419{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":485428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"}
@@ -127,9 +127,9 @@
00530{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00530{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00428{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -144,9 +144,9 @@
00534{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00427{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00533{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00532{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1032,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00424{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00536{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00429{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -161,9 +161,9 @@
00529{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00422{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00530{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00535{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1927,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00430{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00537{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00430{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}
@@ -178,12 +178,12 @@
00530{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":504810,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"CAAnmO\/hCAAnAERyCABFAAB6FSUAAIARM5fAqDgBwKg4ZcSPRFwAZtwsQQOAbEZyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTYgRUVUIDIwMTYifQ=="}
00422{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":512120,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"CAAnAERyCAAnmO\/hCABFAAAtX+dAAEAR6SHAqDhlwKg4AURcxI8AGfHhYUSAbEaLL3IvQnVzMTdDbWQ="}
00535{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":636911,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FUwAAIARM2vAqDgBwKg4ZcSPRFwAa923RgOAbRWOzuOZuXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNiBFRVQgMjAxNiJ9"}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_tot_l4_data_len":13320,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_tot_l4_data_len":13394,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_tot_l4_data_len":13420,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_tot_l4_data_len":13342,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":100044,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":100124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_tot_l4_data_len":99996,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_tot_l4_data_len":100439,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1922,"flow_first_seen":1455907243976,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test"}
diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out
index dc08bb37f..09b078362 100644
--- a/test/results/dcerpc.pcap.out
+++ b/test/results/dcerpc.pcap.out
@@ -1,11 +1,11 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":650,"flow_max_l4_data_len":650,"flow_avg_l4_data_len":650,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01262{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979607,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":650,"flow_max_l4_data_len":650,"flow_avg_l4_data_len":650,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1602860709979,"flow_last_seen":0,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
01262{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":979608,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993940,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1602860709993,"flow_last_seen":0,"flow_min_l4_payload_len":170,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00625{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860709,"pkt_ts_usec":993941,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"ABwGCybtAA7wSJ4FCABFAADGAAUAAB4RGLPAqAEUwKgBC8AJwAMAsvR9BAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAAAAAAAAP\/\/\/\/9aAAAAAAAAAAAARgAAAC0DAAAAAAAARgAAAIEBAB4BAAABCfGlMMdfbUe2f4BzQ53qrQACAA7wSJ4FiJKBAgAIAQAAAQABgACBAgAIAQAAAgACgBCBAwAIAQAAAQAUBZg="}
01685{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12562,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
01685{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":12566,"pkt_caplen":995,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":995,"pkt_l4_len":961,"pkt":"AA7wSJ4FABwGCybtCABFAAPVAX8AAB4RFCrAqAELwKgBFMADiJQDwWYXBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAEAA\/\/\/\/\/8DaQAAAAAAAANVAAADVQAAA1UAAAAAAAADVQAIADwBAAAACfGlMMdfbUe2f4BzQ53qrf\/\/\/\/\/\/\/\/\/\/AADgQAAAAxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA8AQAAAQnxpTDHX21Htn+Ac0Od6q0AAAAAAAAAAQAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAfADEAAAAACAA8AQAAAgnxpTDHX21Htn+Ac0Od6q0AAAAAAACAAAAAgFEAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhMAGAEAAADD1of+eJ4Doazb5b\/LvCe2AAAAAAAIADwBAAADCfGlMMdfbUe2f4BzQ53qrQAAAAAAAIAAAACAUgAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEQAkAQAAAMPWh\/54ngOhrNvlv8u8J7YAAAAAC21ycGRvbWFpbi0xAAgAPAEAAAQJ8aUwx19tR7Z\/gHNDneqtAAAAAAACAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABwdRAAAAAAAAAAAIADwBAAAFCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAgAAAAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBgEA\/wAAAAAIADwBAAAGCfGlMMdfbUe2f4BzQ53qrQAAAAAAAgABAAAAAwAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQEAAAAACAA8AQAABwnxpTDHX21Htn+Ac0Od6q0AAAAAAAMAAQAAAAEAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAHAVEAAAAAAAAAAAgAPAEAAAgJ8aUwx19tR7Z\/gHNDneqtAAAAAAADAAEAAAACAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEGAQD\/AAAAAAgAPAEAAAkJ8aUwx19tR7Z\/gHNDneqtAAAAAAAEAAEAAAABAAAACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEABgQAAAAAAP8AAAAIADwBAAAKCfGlMMdfbUe2f4BzQ53qrQAAAAAABAABAAAAAgAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAQEBAQEBAQE="}
@@ -15,16 +15,16 @@
00572{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":32496,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYAAAB4RF17AqAELwKgBFMADiJQAjCmEBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAIABP\/\/\/\/8ANAAAAAAAAAAgAAAAIAAAACAAAAAAAAAAIAEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAQAA"}
00573{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
00573{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":62922,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAcAAB4RGNfAqAEUwKgBC8AJwAMAjBCNBAIKABAAAAAAAKDel2zREYJxAAEBAQFNAQCg3pds0RGCcQCgJELffQCp\/TWKNRISgAQAHAYLJu0AAAAAAQAAAAIAAAAEAP\/\/\/\/80AAAAAAAAAAAAIAAAACAAAAAAAAAAIAAAAIEQABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63382,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1602860710063,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":63386,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"ABwGCybtAA7wSJ4FCABFAACgAAgAAB4RGNbAqAEUwKgBC8AKiJQAjEB6BAAgABAAAAAAAKDel2zREYJxAGQBDQAqAgCg3pds0RGCcQCgJELffYDI+0MAABAQgAAADvBIngUAAAAAAQAAAAAAAAAEAP\/\/\/\/80AAAAAACgAAAAIAAAAKAAAAAAAAAAIAAAAAESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAAAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71384,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1602860710071,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","ndpi": {"proto":"DCE_RPC","breed":"Acceptable","category":"RPC"}}
00572{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1602860710,"pkt_ts_usec":71385,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AA7wSJ4FABwGCybtCABFAACgAYEAAB4RF13AqAELwKgBFMACwAoAjHUlBAIKAAAAAADeoAAAbJcR0YJxAGQBDQAq3qAAAmyXEdGCcQCgJELffUP7yIAAABAQgAAADvBIngUAJ7vVAAAAAQAAAAAABP\/\/\/\/8ANAAAAAAAAAAAAAAAIAAAAKAAAAAAAAAAIIESABwBAAAACfGlMMdfbUe2f4BzQ53qrQACAAAACAAA"}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_tot_l4_data_len":2260,"flow_min_l4_data_len":140,"flow_max_l4_data_len":812,"flow_avg_l4_data_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_tot_l4_data_len":3502,"flow_min_l4_data_len":140,"flow_max_l4_data_len":961,"flow_avg_l4_data_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1602860710071,"flow_last_seen":1602860710071,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49154,"dst_port":49162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test"}
diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out
index 5bfb8d8fa..af5302a33 100644
--- a/test/results/diameter.pcap.out
+++ b/test/results/diameter.pcap.out
@@ -1,11 +1,11 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":0,"flow_tot_l4_data_len":364,"flow_min_l4_data_len":364,"flow_max_l4_data_len":364,"flow_avg_l4_data_len":364,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1263278878271,"flow_last_seen":0,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00870{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":271686,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00726{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":292831,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00891{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":336701,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"}
00726{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":344805,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="}
00822{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":350601,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="}
00642{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1263278878,"pkt_ts_usec":357703,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ACYYlIbAABpk3ZWLCABFAADUlYtAAEAGfAcKyQkLCskJ9Q8cxw34vDFo9+H+qlAYIYAUAQAAAQAArEAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAwAAAZ9AAAAMAAAAAgAAARZAAAAMAABBbQAAADdAAAAMzvaZ5Q=="}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":192,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":192,"flow_max_l4_data_len":380,"flow_avg_l4_data_len":296,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"proto":"Diameter","breed":"Acceptable","category":"Network"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test"}
diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out
index 45cff52dc..805c5c17a 100644
--- a/test/results/dnp3.pcap.out
+++ b/test/results/dnp3.pcap.out
@@ -1,5 +1,5 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1097501938503,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
00417{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503079,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="}
@@ -10,13 +10,13 @@
00413{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503490,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFpAAIAGmmsKAAAICgAAAwrlTiBVHBrTUsY4hlAQ\/\/9HiQAAAAAAAAAA"}
00413{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":503490,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFpAAIAGmmsKAAAICgAAAwrlTiBVHBrTUsY4hlAQ\/\/9HiQAAAAAAAAAA"}
00431{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
00431{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":504844,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5kmNAAIAGVFEKAAADCgAACE4gCuVSxjiGVRwa01AY\/\/+NwQAABWQKRAMABAB8rub3ghAAT70="}
00414{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097501938,"pkt_ts_usec":655139,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTFtAAIAGmmoKAAAICgAAAwrlTiBVHBrTUsY4l1AQ\/+5HiQAAAAAAAAAA"}
-00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1097502623045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
00417{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":45756,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="}
@@ -27,14 +27,14 @@
00413{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":46134,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRZAAIAGma8KAAAICgAAAwrzTiBm5W0KXPq2SFAQ\/\/9bhAAAAAAAAAAA"}
00413{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":46134,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRZAAIAGma8KAAAICgAAAwrzTiBm5W0KXPq2SFAQ\/\/9bhAAAAAAAAAAA"}
00431{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
00431{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":47417,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5krpAAIAGU\/oKAAADCgAACE4gCvNc+rZIZuVtClAY\/\/8AfwAABWQKRAMABAB8rur5ggAAm1o="}
00414{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00414{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
00414{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097502623,"pkt_ts_usec":227359,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTRdAAIAGma4KAAAICgAAAwrzTiBm5W0KXPq2WVAQ\/+5bhAAAAAAAAAAA"}
-00477{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1097504102255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
00418{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":255746,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="}
@@ -45,13 +45,13 @@
00414{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":256118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTjxAAIAGmIkKAAAICgAAAwsMTiCPBdutcwdUkVAQ\/\/8QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":256118,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTjxAAIAGmIkKAAAICgAAAwsMTiCPBdutcwdUkVAQ\/\/8QUgAAAAAAAAAA"}
00431{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
00431{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":257400,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5k7NAAIAGUwEKAAADCgAACE4gCwxzB1SRjwXbrVAY\/\/8pVQAABWQKRAMABAB8rsnyghAAigc="}
00414{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
00414{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097504102,"pkt_ts_usec":401087,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoTj1AAIAGmIgKAAAICgAAAwsMTiCPBdutcwdUolAQ\/+4QUgAAAAAAAAAA"}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1097505644006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
00418{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":6837,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="}
@@ -62,13 +62,13 @@
00413{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":7259,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAVRAAIAG5XAKAAAJCgAAAwQ4TiAZahgdlmx591AQ\/\/8HhgAAAAAAAAAA"}
00413{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505644,"pkt_ts_usec":7259,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAVRAAIAG5XAKAAAJCgAAAwQ4TiAZahgdlmx591AQ\/\/8HhgAAAAAAAAAA"}
00427{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":20,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00427{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
00427{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":35890,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"AAKzznBRAFAEk3BnCABFAAA3AVZAAIAG5V8KAAAJCgAAAwQ4TiAZahgdlmx591AY\/\/9B+gAABWQIxAQAAwC0uMDBDdIt"}
00432{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
00432{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097505719,"pkt_ts_usec":83365,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5xflAAIAGILoKAAADCgAACU4gBDiWbHn3GWoYLFAY\/\/CgYQAABWQKRAYABAC\/sNH3ggAAujk="}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1097507785883,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
00420{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883614,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="}
@@ -79,14 +79,14 @@
00415{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883944,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaVAAIAG5SAKAAAICgAAAwQ+TiAMLRLLtl9I81AQ\/\/8rIQAAAAAAAAAA"}
00415{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":883944,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaVAAIAG5SAKAAAICgAAAwQ+TiAMLRLLtl9I81AQ\/\/8rIQAAAAAAAAAA"}
00432{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00432{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
00432{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507785,"pkt_ts_usec":885063,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5x5BAAIAGHyQKAAADCgAACE4gBD62X0jzDC0Sy1AY\/\/+x7AAABWQKRAMABAB8rsDwgpAAQ6I="}
00414{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00414{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
00414{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097507786,"pkt_ts_usec":52507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAaZAAIAG5R8KAAAICgAAAwQ+TiAMLRLLtl9JBFAQ\/+4rIQAAAAAAAAAA"}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_tot_l4_data_len":1173,"flow_min_l4_data_len":20,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1097510947092,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
00418{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":92701,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="}
@@ -97,14 +97,14 @@
00415{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":93064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZxAAIAG4SkKAAAICgAAAwSHTiCYpsdU5Yg011AQ\/\/\/OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":93064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZxAAIAG4SkKAAAICgAAAwSHTiCYpsdU5Yg011AQ\/\/\/OxwAAAAAAAAAA"}
00431{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00431{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
00431{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":94289,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yZpAAIAGHRoKAAADCgAACE4gBIfliDTXmKbHVFAY\/\/+b+AAABWQKRAMABAB8rtb9ggEAYEY="}
00415{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
00415{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097510947,"pkt_ts_usec":292162,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBZ1AAIAG4SgKAAAICgAAAwSHTiCYpsdU5Yg06FAQ\/+7OxwAAAAAAAAAA"}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_tot_l4_data_len":6225,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1097512255234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
00419{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234470,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="}
@@ -115,13 +115,13 @@
00416{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234830,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpRAAIAG4DEKAAAICgAAAwSgTiANrtDD+Q2AtlAQ\/\/\/w0wAAAAAAAAAA"}
00416{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":234830,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpRAAIAG4DEKAAAICgAAAwSgTiANrtDD+Q2AtlAQ\/\/\/w0wAAAAAAAAAA"}
00432{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00432{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
00432{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":236054,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5yohAAIAGHCwKAAADCgAACE4gBKD5DYC2Da7Qw1AY\/\/8eDAAABWQKRAMABAB8rtvxghAAVeE="}
00415{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
00415{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097512255,"pkt_ts_usec":427660,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoBpVAAIAG4DAKAAAICgAAAwSgTiANrtDD+Q2Ax1AQ\/+7w0wAAAAAAAAAA"}
-00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1097513177295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
00419{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295531,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="}
@@ -132,15 +132,15 @@
00415{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295941,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUtAAIAG5XkKAAAJCgAAAwQ8TiBc3qwgBtOdpVAQ\/\/+b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":295941,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUtAAIAG5XkKAAAJCgAAAwQ8TiBc3qwgBtOdpVAQ\/\/+b9QAAAAAAAAAA"}
00433{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1097513177295,"flow_last_seen":1097513177297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","ndpi": {"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}}
00433{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
00433{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":297272,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"AFAEk3BnAAKzznBRCABFAAA5y1pAAIAGG1kKAAADCgAACU4gBDwG052lXN6sIFAY\/\/\/I4gAABWQKRAMABgCZtcb2gpUBD9Y="}
00415{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
00415{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"dnp3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1097513177,"pkt_ts_usec":421231,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAKzznBRAFAEk3BnCABFAAAoAUxAAIAG5XgKAAAJCgAAAwQ8TiBc3qwgBtOdtlAQ\/+6b9QAAAAAAAAAA"}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_tot_l4_data_len":4473,"flow_min_l4_data_len":20,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_tot_l4_data_len":3327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_tot_l4_data_len":783,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_tot_l4_data_len":1005,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":135,"flow_first_seen":1097505644006,"flow_last_seen":1097506028601,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":39,"flow_first_seen":1097513177295,"flow_last_seen":1097513185107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test"}
diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out
index bacbc588b..5b21fcd82 100644
--- a/test/results/dns-tunnel-iodine.pcap.out
+++ b/test/results/dns-tunnel-iodine.pcap.out
@@ -1,17 +1,17 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51082,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1282356640051,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51175,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnnOC0CAAnx266CABFAABZAABAAEARImMKAAIUCgACHgA1rl8ARRoeErCEAAABAAEAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAACVZBQ0tEA8XpAQ=="}
-00711{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_tot_l4_data_len":117,"flow_min_l4_data_len":48,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00723{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00485{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":51979,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="}
-00766{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":48,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":162,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00538{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":52258,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"CAAnnOC0CAAnx266CABFAACCAABAAEARIjoKAAIUCgACHgA1rl8Abm4wMN+EAAABAAEAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAAHTEwLjIwLjMwLjEtMTAuMjAuMzAuMy0xMTMwLTI0"}
-00767{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1282356640051,"flow_last_seen":1282356640052,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1282356640051,"flow_last_seen":1282356640052,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"laegpumiplhhpz12ynd1efljwlkjcgwy.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00463{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":57774,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="}
-00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_tot_l4_data_len":350,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00535{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":57973,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnnOC0CAAnx266CABFAAB7AABAAEARIkEKAAIUCgACHgA1rl8AZwLqTw6EAAABAAEAAAAABnlyYmkwMgZwaXJhdGUDc2VhAAAKAAHADAAKAAEAAAAAADAAAAAA\/\/\/\/\/1VVVVWqqqqqgWPI0sd8shdfT87JSS1SIWGpcSAlswZz5thEMHlQV78="}
-00741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_tot_l4_data_len":453,"flow_min_l4_data_len":48,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00753{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1282356640051,"flow_last_seen":1282356640057,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
00509{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58185,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"CAAnx266CAAnnOC0CABFAABtAABAAEARIk8KAAIeCgACFK5fADUAWRsabT0BAAABAAAAAAABKXppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItBnBpcmF0ZQNzZWEAAAoAAQAAKRAAAACAAAAA"}
00570{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58315,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"CAAnnOC0CAAnx266CABFAACYAABAAEARIiQKAAIUCgACHgA1rl8AhD+SbT2EAAABAAEAAAAAKXppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItBnBpcmF0ZQNzZWEAAAoAAcAMAAoAAQAAAAAAKnppMDNhQS1BYWFoaGgtRHJpbmstbWFsLWVpbi1K5Gdlcm1laXN0ZXItLg=="}
00521{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58430,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"pkt":"CAAnx266CAAnnOC0CABFAAB2AABAAEARIkYKAAIeCgACFK5fADUAYgOpi2wBAAABAAAAAAABMnppMDRhQS1MYS1mbPt0ZS1uYe92ZS1mcmFu52Fpc2UtZXN0LXJldGly6S3gLUNy6HRlBnBpcmF0ZQNzZWEAAAoAAQAAKRAAAACAAAAA"}
@@ -21,6 +21,6 @@
00508{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58865,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"CAAnx266CAAnnOC0CABFAABoAABAAEARIlQKAAIeCgACFK5fADUAVBazx8oBAAABAAAAAAABJHppMWFhQTAxMjM0NTY3ODm8vb6\/wMHCw8TFxsfIycrLzM3OzwZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="}
00557{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":58974,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"CAAnnOC0CAAnx266CABFAACOAABAAEARIi4KAAIUCgACHgA1rl8AegzWx8qEAAABAAEAAAAAJHppMWFhQTAxMjM0NTY3ODm8vb6\/wMHCw8TFxsfIycrLzM3OzwZwaXJhdGUDc2VhAAAKAAHADAAKAAEAAAAAACV6aTFhYUEwMTIzNDU2Nzg5vL2+v8DBwsPExcbHyMnKy8zNzs8u"}
00531{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1282356640,"pkt_ts_usec":59078,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"CAAnx266CAAnnOC0CABFAAB4AABAAEARIkQKAAIeCgACFK5fADUAZN9j5fkBAAABAAAAAAABNHppMWJhQdDR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P0GcGlyYXRlA3NlYQAACgABAAApEAAAAIAAAAA="}
-00749{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356654812,"flow_tot_l4_data_len":37534,"flow_min_l4_data_len":48,"flow_max_l4_data_len":1478,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_tot_l4_data_len":37534,"flow_min_l4_data_len":48,"flow_max_l4_data_len":1478,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00761{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":259,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356654812,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":35494,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name","23":"Suspicious DNS traffic"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"yrbi02.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":35494,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00138{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test"}
diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out
index 367c63b31..b1b8dab2c 100644
--- a/test/results/dns_doh.pcap.out
+++ b/test/results/dns_doh.pcap.out
@@ -1,13 +1,13 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1571089200789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":789290,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":876498,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FgjymHcL1AQEAAggAAA"}
01104{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":878306,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"WkBO7NFkeDHBvV4kCABFAAItAABAAEAGIamsFAoEaBD4+cLVAbuk7FgjymHcL1AYEADUpQAAFgMBAgABAAH8AwMqXU892mwEgrbPk2vmEoCiukOQrlB4\/N6a6iNUaK2vhCCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACD0aVsNTtl9Lx5GVsNGBkDynRSOBTbpOHtuKkwLAFQkYQAXAEEE\/AmIeggJ9IHU1kIvKs+Cnhzk3A1QGe6QCQ18\/XG1ZOdvRPgliMZgJr06algkRN3zqCIAxCiyg6awi6QlLrsiLQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00406{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968624,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eDHBvV4kWkBO7NFkCABFAAAoZNYAADAGDthoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4uXQAA"}
02184{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968629,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNcAADAGCcNoEPj5rBQKBAG7wtXKYdwvpOxaKFAQAB4szwAAFgMDAHoCAAB2AwPwfVV8aOGgOqslnV\/1t67BvhE\/CUUPutQ7u\/ptPTMsHiCE4TBtR7O3Oe++UbyitDTWkNNjEWHZ1bNNN1quFsNy9hMBAAAuADMAJAAdACCW52eP3c9sJ7BucVzz5YXXrL\/9fKgMov2fd47YrNSOEgArAAIDBBQDAwABARcDAwtfl8dSqVJlFhhTrB6kCzdrJxMUxk\/\/NKmGFjSBcjqQg\/Oh4ocDInoxcfj8KqE4iPkrtYlIcWuIVzQZ5IEBgfzN9WiWEcp1vI7mZRdFuFbDM\/fMO9IRIgd0li2Z0iJ6prtW54qu0svWjPTN6C50IHOaMtYoo4mZOzFHXFH+nqxe93yeb2DM4Lg87Qop7FoA0G5kZFBdSEoo1Ic5XXGp1uoIupJ6iThilwtRyOcRxHPSEjmICdrH\/QMovglbqjFWQoKA9+NiXFNCSpAfGFIGZE74hWzG5lTHaFCCp2MkXYja46xT2NGan01mhUmWb3PW9ykuOi2GEY5B33r35wgRivDbvWKKi5FF5gkybxgDwYeFGANoPOjkbTywLR8CS5auIQkzBVa7Y3TKvUsJ8TfsUO4lZU6Niw\/8bkjXCOUdu6hSvFq4AdO\/aAt8cWCKfNw+b1D\/fcmQ7C4nb4Ou6+eBeJoqpIFH+rWEvp7l+9xwRMUWhj2zaRNUtBlSFwOQa6nUuTvNdMkUkoUxTkah\/7SyIp8ZXcq69DTBCkZI30bNtsgV+MEDREJL3xDosALMkMo8K1pkW3SnfmHDYv+eBqs1iTksxIycfW1s\/Q97V\/1iheoXh\/KQxscnA\/qDBhOTXMBrOk5zzuscmr1Rm9FDiytNTY\/DTw6lWopw2CwIICs2qaOrOJdoAQaVb7BeQjqUHYaKsKli65Ftdd69eRgAZ9BKrlqd1DLDYPF+gToz3nwYDP56BJFkW9gjUaW64fUtolc3E64AUh5PFDMkw2xOqI4yPmCKqZJiT+qGVWXkzZSeLGcoggFlVYMBXfCAIoD1ql6ZrIVW5l0nlh0XnLsSKwdoE6AZlw0YEiGoKXrrUaD7LWhe3k1EySK7ELeaW7y\/TBwEiRNhHJqVKIq8OEVK6XfuS5XTZsE8SxvkbETrEmaOCQ4J2EqO16p0yTLZU3d0quY0DDulv7\/IT+u6nblUy85dyHiH41bpJ1Kplgs1CEyjsiE93uGom4jeN5oxLFF\/J7gFeR5sCCkV\/h4OgUS7Bt\/R72XV4q\/W5XrY5nzIU8WDRQITC07tdcqoYtuyeGb+uE5hmONbXwKG8Ctuj4HLRVnT5ju0MPOev2GYMiQR5yTgQGNnCfU\/1Tk7bfp\/S6UvEFtP5wA8PFiHH5PFxbokSUKyRpUcr891X88DPczspXFX5YHF\/JqtGTO4ZxgjbBacpW6sXNzSQlW+7odW1heUGO+ytF5gLBX6HKdc8K\/dwg7CD2R0e2+iAS0XjVuXqX4GXc24B2gZ\/f\/5w0SvWR9+n1Wd7TgB0wQyGNs9a0U9nx8UcXk+ZUTqnDHJoqGuC4NWSQ5I7EF7AGsofYRU+7yIUfao8K5zn\/RX1pnZXFvbg2nvwMXtNrhP9+qo\/B2ROPofj8fuqjqUf6CmxPuxoDX8uD15RtA+Twb6CTkgVGZ5aoVX6PVYhU1ohghbb035VSYAsRNNd91H0CI5FHKCB2SZKu2I7B27i9Y\/ClP8JPpdDuN\/gQXoSnOda6CcVE+qD8kyh\/79T4hL30ZJDId88m0\/+w=="}
-00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_tot_l4_data_len":1973,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02172{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968631,"pkt_caplen":1354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1354,"pkt_l4_len":1320,"pkt":"eDHBvV4kWkBO7NFkCABFAAU8ZNgAADAGCcJoEPj5rBQKBAG7wtXKYeFDpOxaKFAQAB7HaAAA8nvqig4\/mGd5hDrPzdsd3zWxrDG3ItVS2\/yx5vVtYxtIfA48NHveoVgHuoT0s91lX4UKZ448iKsrI6EBVUsNDAQrxtQ6pbM+nYO7zyLXksZC1MOImY4Rx+CtBFP6LEWz2I321KxNHT2PAppv4VdZEih7Z140XcLD3J4lTzuyWyxjXKtlEO7D5qrj8FM92DH4nX+G3uH4z6AcZfwFo41rGPcmLRP0ECZ1Z4kDzjfd9UbmqVmDohZNVYHwfjKOfp3LpmITpCYllmotBQXyfFJvAfYUU94fEmOcMJz7rwLfuJRmTZ5G3i+9DoNfPvaO0zAAgUfVX9fth1HoptxHwY3mllh+NBGQOkwGnmVzxjTHqT79nidxKs165NF97ghXpYRlInd177kCXia7oseAoDjRabU9xpyHfacc+aeEM7AcSUal5or2aMPi6j+hqexvnNlIOTX9085k8\/XTyj9lXJzd3ldKqyCsgD8pSX20a8q8MrW1vdhOPVbgV+M3UZXbvi0EsfruxKbiGbCvdAKUo+WsND2xsF9hghtBuO3CBi73D1EIb4lWWjrTib\/HX+lluNoBaQRj8g2jWXkD35o3aNXuO9Yze12C2bW7MAOgS50jOQcXHksXqhqDHjLTNhsfBxMt8u3FmF8PpiVpilW30OrZ5yw\/1XZ63oa+eHBIoByqm5kyAT+iLMcFfM9O3+CpLJLEyr6eyr5\/C2ISizRKsq3+\/+5HDWzb6YCkgbNovJSskHZ4et0X94IcSaEbCATVSt1dbYFhzsT0TdB\/muRpX2ZAX286vHchMG5IBXUivdQHy1ec8wvQTufW3zzc0Hr7KFWfHm2Jh2DiKDT8sd\/KMQwjD\/MtV1ipI9y8UmRMm6aHMd95A2WA4I8xyk4ifdnGZcVOxz1myl\/QxxSORURppT\/bv+6McPdK07PaPsGtHMAuLKzms3JmvykSegQcs7jnhxQDe8bhCTB\/ynIM0xnG9hp3AxN+LK5diR1Ggxwoa16plvF3cVq9JXEVV4rkC9DauZDJKEt0WkLBmvdAkOU9edOrC\/ngauFFHwffGNylgxRWxX9HXZir4jNPoD4Z5\/3AA5UDnfUuwByTERhmAT2MwA+m1wmQ06\/y6GEOOttUsDi0Em7Y4HHhBCTXLBo88oIQ8uJtblqhiOj2mlU1yFhkuxHEntt31Zj59COHTDEDWoSFdqSRkYZEEZSkZcsW6LEMfgitVHhoRZCWct6bgP5RFABnXKtqllD7pCsjr\/S8bYPrDsz97\/Hsb9zkpK5sFdUwdpPxRnQbgCQUUv86qZ4Iv2JX1xGuH88eLPgJvPsyLmL61n2ifuweKT0sTNENN46hR+G4In3Y2ORCo13GEeE\/1wtMinv84rNxCDKFqY1epgUYs23C1232tLcXqjuYQYjdcLS4zPGFQMbsR741LBOD06fC\/8RD1gxjLsHrsnCCrSMCL+K8C+WOFh9tqtRO4ZjpIwCaj6unlavg4hR\/sAqW+red6Midy2ySfE8RV7Ujss7CqWHZqem+jeuo0p59rFs50Q93KacTG3UQIlhC4fB9o9zfI+l2jE+ltpyQU+BT2vDg1MBFvlDWHnEdaQ5KelW3iVsevF\/GNv2F4+q3fK\/peVzd5jI1TbqVtEvuQGJttO9v8C6CTQRHkjn7U6MsO6FYaWV0JxWd1E2vTYXo6MhfcCMlhYP5QiU0Fl2\/Futai78DKbFID0B7IFybOYxhwKL8nZTzfEDlCA=="}
00406{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":968732,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQD9cUfAAA"}
00406{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":969243,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"WkBO7NFkeDHBvV4kCABFAAAoAABAAEAGI66sFAoEaBD4+cLVAbuk7FooymHmV1AQEAAUUwAA"}
@@ -17,5 +17,5 @@
00644{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997105,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"WkBO7NFkeDHBvV4kCABFAADSAABAAEAGIwSsFAoEaBD4+cLVAbuk7FpoymHoGFAYEAAeoAAAFwMDAKVH6TqazYA7ng6LT4l7ICcI+zDrPqkD74EaZ6KlHesT55LnIvUipV2qXZpL8fzDqyEQhFLmXlLAQ93tMr6RsRmWGutBjX2OhZG68kQ4zzqatM7jcG4Y2nVphp4aNS7ac9Qo2\/v7IVdjtQB1CkeQwcFBtxuU+JEsGcEl4y5hc2GPOmwe\/WlOtwx06\/p3NlOkXM54GAVosDROpyIcNMw\/TJ\/7wU2Gazw="}
00738{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997215,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"WkBO7NFkeDHBvV4kCABFAAEbAABAAEAGIrusFAoEaBD4+cLVAbuk7FsSymHoGFAYEADbRgAAFwMDAO5\/vj0XEVnApHWZyVont16WzoBfdkAUmUbtIto2rVqakjpRrb9v2jurJwqyY\/z6UQZ3HmonNk14uRAJ2lvf9WUw3Lxqp7XnO9mc2Y0eGDeOQ78Bx7eTPAZJQY8jyiAoQ0jXnRqdThIktvVorw4e0Wm1AXUizW5CUhMfL\/E8EAZDMdczfxELdU1ZS42ZaZ+Phxpxn5fNufCX++USMGjMdp0Yzm2pqkSCVTURNOtV4CfYYOT0WamTvw9J8T9gizqAu6EOuMORP1Jd2wYehzjyC0fMtnDXpkcDrt5TeWwCR9SAmt3pp7M0dWeWWko8+S69"}
00518{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1571089200,"pkt_ts_usec":997306,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"WkBO7NFkeDHBvV4kCABFAAB3AABAAEAGI1+sFAoEaBD4+cLVAbuk7FwFymHoGFAYEACdtAAAFwMDAEqnnHxUsCqmPBkBxfdKmS1LGWAClj9T3prwE3TeVTsVPs4vesfDED+gBYka+2qIBZHm9ndhgvy1QPO4+xzZ0FzqwIc8Gf+UTIjqXQ=="}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_tot_l4_data_len":15534,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1320,"flow_avg_l4_data_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test"}
diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out
index 8b9719026..c968c5f48 100644
--- a/test/results/dns_dot.pcap.out
+++ b/test/results/dns_dot.pcap.out
@@ -1,13 +1,13 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572783663234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":234722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6hAAEAGpKrAqAG5CAgICOOyA1VVRPv47jtL2YAQAfbSlwAAAQEICiovlTaOOwAQ"}
00692{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":269902,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uCfrK5DxCAAnjau+CABFAAD6w6lAAEAGo+PAqAG5CAgICOOyA1VVRPv47jtL2YAYAfbTXQAAAQEICiovlTaOOwAQFgMDAMEBAAC9AwOCK\/MuQQ5sSYHkQFarOZKq84a6P\/ILns+YkoRGDIAgSQAAMsAszKnArcAKwCvArMAJwDDMqMAUwC\/AEwCdwJ0ANQCcwJwALwCfzKrAnwA5AJ7AngAzAQAAYgAFAAUBAAAAAAAKABQAEgAXABgAGQAdAQABAQECAQMBBAALAAIBAAANACAAHgQBCAkIBAQDCAcFAQgKCAUFAwYBCAsIBgYDAgECAwAWAAAAFwAAACMAAP8BAAEAABwAAkAA"}
-00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":32,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":302644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"}
04560{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319899,"pkt_caplen":3135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3135,"pkt_l4_len":3101,"pkt":"CAAnjau+uCfrK5DxCABFAAwxcqsAAHcG8qoICAgIwKgBuQNV47LuO0vZVUT8voAYAPDelAAAAQEICo47AEIqL5U2FgMDAD8CAAA7AwNdvsYvAkHw9e7UIX3PyBcPhbDwczOdLTRET1dOR1JEAQDMqAAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKegsACnYACnMABh8wggYbMIIFA6ADAgECAhEAm93VOAzvaEYCAAAAAEfYsDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTE5MTAxMDIwNTg0MloXDTIwMDEwMjIwNTg0MlowZDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxEzARBgNVBAMTCmRucy5nb29nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDabVL3kPdFkZMO4tZFZTS3pJCwgDAv0Vaooht8m3xHNG+02FQTpPXnHzVnED+66l8hLi\/lnzRXG3UO6kuSQ4n4aWPEu9y2EfYMSeRt0uZ0Oyx\/Nx0pLeJwf6Q+MeFJ8ViEiMtGPi6uWxbiLjtXxqXEEiYRBaFtX5jMDwm6wV40e+vEiP\/kQOf7WOTGimZzcxCCcJn8hFiAlLXC4ByzIwFE7xcVdP+ydRE9Zy9T\/Y0rFUDDjCcYJFpw5Py9J+9HYCFAcloNZg8S1ortTsRH90h3RwM7Tn\/bVSEzsWHebAF6mMcoc0B8uk3A0szJiY3cqwMwi0ESAYx1nRkHC3pbrq5\/AgMBAAGjggLoMIIC5DAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUeGOKNB8SqBHv7OJWGnOorUt7eUgwHwYDVR0jBBgwFoAUmNH4bhDrz5vsYJ8YkBug630J\/SswZAYIKwYBBQUHAQEEWDBWMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxbzEwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzEuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtt65opAAABAMARzBFAiA2zaOLybV\/po66kZBkyy8WcFZVe8T\/uksXcjWZlDY2pgIhAPeTjLqwHjLhH2wgJ9gFinuuR7lLCOmx+MCyMKiIOxiBAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFtt65owgAABAMARzBFAiEA1B5xDge6E+cVFJVON0YMFY48b6xoUFxQUvzMkiMWUYYCIGScEKTeAm5hjbas8zubogEIcrvEFI\/6e0RKPgdzzou\/MA0GCSqGSIb3DQEBCwUAA4IBAQA9Dp7Wqfw2aYKeyr7uJlu4SujZSvaN675RHdEPhMj+qJGop\/Gq5vJbt91usUroGfvDFQb8VoGPSLFynOC5OY06PXWWCd5c5kKN\/iTeEjX9Ha8HQlh9FEvaul9Qz2lQt+cRe3qRpImpRl4DMKtgNOCxk9SnRVEA3P1o+uOVhDwcPdK2VQ2NPqzeGatK+IxwlukNqW6ZOiKyZvEqQawdfWbDQ40fYxm10LSZdohzHkPn9Oar7WOKW1cMYwnaW7ItZQ9mFqJrMky8xTzHCDRgBJdrijixQdHfxSUsfSCPGAUn5KR0BMBA9hr5HksIm6zCgJYEwKr1jJCqJhVnFhxD4c7tAAROMIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEyMTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQGM9F1IvN05zkQO9+tN1pIRvJzzyOTHW5DzEZhD2ePCnvUA0Qk28FgICfKqC9EksC4T2fWBYk\/jCfC3R3VZMdS\/dN4ZKCEPZRrAzDsiKUDzRrmBBJ5wudgzndIMYcLe\/RGGFl5yODIKgjEv\/SJH\/UL+dEaltN11BmsK+eQmMF++AcxGNhr59qM\/9il71I2dN8FGfcddwuaej4bXhp0LcQBbjxMcI7JP0aM3T4I+DsaxmKFsbjzaTNC9uzpFlgOIg7rR25xoynUxv8vNmkq7zdPGHXkxWY7oG9j+JkRyBABk7XrJfoucBZEqFJJSPk7XA0LKW0Y3z5oz2D0c1tJKwHAgMBAAGjggEzMIIBLzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJjR+G4Q68+b7GCfGJAboOt9Cf0rMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSaLd\/cGYYuMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AucGtpLmdvb2cvZ3NyMjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnBraS5nb29nL2dzcjIvZ3NyMi5jcmwwPwYDVR0gBDgwNjA0BgZngQwBAgIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9wa2kuZ29vZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAGoA+Nnn78y6pRjd9XlQWNa7HTgiZ\/r3RNGkmUmYHPQq6Scti9PEajvwRT2iWTHQr02fesqOqBY2ETUwgZQ+lltoNFvhsO9tvBCOIazpswWC9aJ9xju4tWDQH8NVU6YZZ\/XteDSGU9YzJqPjY8q3MDxrzmqepBCf5o8mw\/wJ4a2G6xzUr6Fb6T8McDO22PLRL6u3M4Tzs3A2M1j6bykJYi8wWIRdAvKLWZu\/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZUSpxu6x6td0V7SvJCCosirSmIatj\/9dSSVDQibet8q\/7UK4v4ZUN80atnZz1yhYDAwEsDAABKAMAHSCENl1POvb6My7D4hPc\/sMJ7Tufg\/LCEx1rGH6qSE8RaQgEAQC5wySkCTDkvijEKyzcSo\/8MnFKyuNuS9ozlsIo\/40DVij51vWGmHTS5GhFyCASQxaHGFTYsSHNMC3Wgv1H5KA3Mee1B9o\/hTw4uoTHLTeXjL2YEsYJN9UTVvZQVJzdkM4XQcWw5Br+vs7\/JC6fD8JjJh5+eSdQSQUB1aDgH89Z9ZwCeYsojgzQtwUQ5wgEEXVn+8ro2wBZ1wX27tOYjI\/oTWlDrsQz8l4usXnSogdtc1LL9t0IoL8kjOwDk997Z7u7Ftz23DDAL\/5t80M3zHefGPuWFCnrCFYqLE6vev\/cyzB+YQm+GAEHnkVrh2JZz65l3\/Xfzwl06w\/f+XmJ7He+FgMDAAQOAAAA"}
-01180{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_tot_l4_data_len":3475,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3101,"flow_avg_l4_data_len":579,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
+01191{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"4fe4099926d0acdc9b2fe4b02013659f","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}
00422{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":319932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w6pAAEAGpKjAqAG5CAgICOOyA1VVRPy+7jtX1oAQAenSlwAAAQEICiovlWiOOwBC"}
00544{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":320932,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"uCfrK5DxCAAnjau+CABFAACJw6tAAEAGpFLAqAG5CAgICOOyA1VVRPy+7jtX1oAYAfXS7AAAAQEICiovlWmOOwBCFgMDACUQAAAhIIM\/\/7FVcfHSFoqNIHr07cwqtvDH7hAhWndiIOh8GFcLFAMDAAEBFgMDACAsJJrG91X8jl9pfndV2J\/0bngr7Be5pjDHfr3UQO+thw=="}
00456{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":321029,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw6xAAEAGpI\/AqAG5CAgICOOyA1VVRP0T7jtX1oAYAfXSrgAAAQEICiovlWmOOwBCFwMDABJ94OHAwTINl5f66A1sOf3\/IT8="}
@@ -17,5 +17,5 @@
00581{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":362911,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"CAAnjau+uCfrK5DxCABFAACkcscAAHcG\/hsICAgIwKgBuQNV47LuO1jqVUT9aIAYAPA14wAAAQEICo47AG0qL5VpFwMDAGtCZAKYrlOw7p7Ypme9t\/jxCtE4s3HbB+oF3nvBhGolPit9CQPVOUDaPHWJ6Wddy5sdn+0b82cMnVdi1F6cKaM9dEhCKMWku7ZXhgF9LPwgwe31yVB9tI+mAU3oHSrmP6q7mlJnO5Q6OCmQ+g=="}
00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783663,"pkt_ts_usec":363038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uCfrK5DxCAAnjau+CABFAAA0w65AAEAGpKTAqAG5CAgICOOyA1VVRP1o7jtZWoAQAfXSlwAAAQEICiovlZOOOwBj"}
00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_dot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572783664,"pkt_ts_usec":523258,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"uCfrK5DxCAAnjau+CABFAABLw69AAEAGpIzAqAG5CAgICOOyA1VVRP1o7jtZWoAYAfXSrgAAAQEICiovmhuOOwBjFwMDABI82N\/gUdWtanJsd6FACr8N0eU="}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_tot_l4_data_len":5053,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3101,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test"}
diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out
index 96ff4a582..8d165f947 100644
--- a/test/results/dns_exfiltration.pcap.out
+++ b/test/results/dns_exfiltration.pcap.out
@@ -1,17 +1,17 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":717893,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_tot_l4_data_len":181,"flow_min_l4_data_len":181,"flow_max_l4_data_len":181,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1580978146717,"flow_last_seen":0,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00863{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978146,"pkt_ts_usec":888524,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"jNzURr7Eqqru7hERCABFAAF0PC1AAD8R1RrAqMunwKjcOAA13DUBYD3xOR2BgAABAAEAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAHADAAPAAEAAAA8AJ8ACgZkbnNjYXQ\/MjAxZjAzZjUwMDAwMDAwMDAwNzEzYjkyNzFmMDExZGM3NjQyM2RhYjM5MmMzMmMxOGJmYzk2YjZkMjY5NWEyPzZhOTExYzk0NDcyZjU5NDA5YTVmNTI2MDEzZTc2MDE5MzY2YTA3NzkyOWUzNDgwZmJlNmQ3YzRlZGE2ZjkwOBRmMmJjOTlhNjAxZTFhODIyMTMzNgA="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_tot_l4_data_len":533,"flow_min_l4_data_len":181,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.546b03f50000000000a6023ed4df184d6ac5c2628b47714fdee584fed739.5a03b5b1e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00570{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978147,"pkt_ts_usec":753419,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1580978146717,"flow_last_seen":1580978147753,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":132,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1580978146717,"flow_last_seen":1580978147753,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00732{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978147,"pkt_ts_usec":755001,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"jNzURr7Eqqru7hERCABFAAEQPNhAAD8R1NPAqMunwKjcOAA13DUA\/N3XfRqBgAABAAEAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAcAMAAUAAQAAADwAbAZkbnNjYXQ\/OWI2MTAzZjUwMGVlZTIwYjE1MTVmZGZmZmZiNTU4MmRiY2I4YzYwODg4NzY5MjFhNGI2MTNkZDkyNDIyNWQ1IzM0YjgzZDM2ZjJiNWJlNDljMzM0ZGIzMzAzMmFkNjE4ZTc1AA=="}
-00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1580978146717,"flow_last_seen":1580978147755,"flow_tot_l4_data_len":917,"flow_min_l4_data_len":132,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1580978146717,"flow_last_seen":1580978147755,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.91f003f500f61221810aea000004863c691580ecad66f64ac7ddb87b89c7.9200821e527d4e1763253c25e297e2aa4113d0","num_queries":1,"num_answers":1,"reply_code":0,"query_type":5,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00530{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":768689,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"qqru7hERjNzURr7ECABFAAB6emtAAD8RAADAqNw4wKjLp9w1ADUAZimpRz4BAAABAAAAAAAABmRuc2NhdDxhMzVjMDBmNTAwNTcwM2M4YjFiOGNkMDAwMTE4YjUyMzQ3YWViMWQ3MzM0MGM5N2NjYTQzYzM0YjI3Y2YIZWRmMGRiZGEAAA8AAQ=="}
-00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1580978146717,"flow_last_seen":1580978148768,"flow_tot_l4_data_len":1019,"flow_min_l4_data_len":102,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00792{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1580978146717,"flow_last_seen":1580978148768,"flow_min_l4_payload_len":94,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":979,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00607{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":770600,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"jNzURr7Eqqru7hERCABFAACzPONAAD8R1SXAqMunwKjcOAA13DUAn\/NXRz6BgAABAAEAAAAABmRuc2NhdDxhMzVjMDBmNTAwNTcwM2M4YjFiOGNkMDAwMTE4YjUyMzQ3YWViMWQ3MzM0MGM5N2NjYTQzYzM0YjI3Y2YIZWRmMGRiZGEAAA8AAcAMAA8AAQAAADwALQAKBmRuc2NhdCJmYWVlMDBmNTAwZmFjZGFmZjY2Y2Y5ZmZmZmZmZDMyZGJjAA=="}
-00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1580978146717,"flow_last_seen":1580978148770,"flow_tot_l4_data_len":1178,"flow_min_l4_data_len":102,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1580978146717,"flow_last_seen":1580978148770,"flow_min_l4_payload_len":94,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":1130,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
00481{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":773336,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXemxAAD8RAADAqNw4wKjLp9w1ADUAQymGG10BAAABAAAAAAAABmRuc2NhdCJmOTdjMDFmNTAwNmM3OThiOGQ2ZTk5MDAwMmUzNzcyYmM4AAAQAAE="}
00546{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978148,"pkt_ts_usec":774576,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"jNzURr7Eqqru7hERCABFAACGPORAAD8R1VHAqMunwKjcOAA13DUAcnoeG12BgAABAAEAAAAABmRuc2NhdCJmOTdjMDFmNTAwNmM3OThiOGQ2ZTk5MDAwMmUzNzcyYmM4AAAQAAHADAAQAAEAAAA8ACMiMjU1NTAxZjUwMDM1MjJlZjQ2NDE1NWZmZmZmZmQzYWE0Yg=="}
00481{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978149,"pkt_ts_usec":783307,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXepdAAD8RAADAqNw4wKjLp9w1ADUAQymGMhMBAAABAAAAAAAABmRuc2NhdCJjMDgzMDFmNTAwMGViYjFmNDIxYTAzMDAwMzMyMGE2MTViAAAQAAE="}
@@ -21,6 +21,6 @@
00483{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978151,"pkt_ts_usec":800983,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXeuJAAD8RAADAqNw4wKjLp9w1ADUAQymGXxkBAAABAAAAAAAABmRuc2NhdCJmYjhiMDFmNTAwMmZjMDE3ZTYxYmRhMDAwNWQ3YTZhZWFjAAAQAAE="}
00548{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978151,"pkt_ts_usec":802508,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"jNzURr7Eqqru7hERCABFAACGPjJAAD8R1APAqMunwKjcOAA13DUAckeuXxmBgAABAAEAAAAABmRuc2NhdCJmYjhiMDFmNTAwMmZjMDE3ZTYxYmRhMDAwNWQ3YTZhZWFjAAAQAAHADAAQAAEAAAA8ACMiYTYzZjAxZjUwMDc0MjhjMzBlMWMwYWZmZmZmZmQzYWE0Yg=="}
00483{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dns_exfiltration.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1580978152,"pkt_ts_usec":810482,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"qqru7hERjNzURr7ECABFAABXezVAAD8RAADAqNw4wKjLp9w1ADUAQymG420BAAABAAAAAAAABmRuc2NhdCJjNGY5MDFmNTAwNDcxY2Q2ODNlZWQwMDAwNmY5MDdmMGY0AAAPAAE="}
-00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206666,"flow_tot_l4_data_len":50136,"flow_min_l4_data_len":67,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_tot_l4_data_len":50136,"flow_min_l4_data_len":67,"flow_max_l4_data_len":352,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":255,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206666,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":48096,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"dnscat.a35c00f5005703c8b1b8cd000118b52347aeb1d73340c97cca43c34b27cf.edf0dbda","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":48096,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test"}
diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out
index 8f705ce7a..54d02e35e 100644
--- a/test/results/dns_long_domainname.pcap.out
+++ b/test/results/dns_long_domainname.pcap.out
@@ -1,8 +1,8 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":555538,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="}
-00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1599686652555,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00562{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1599686652,"pkt_ts_usec":578187,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"}
-00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":69,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":69,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00707{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00138{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test"}
diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
index 1973dd544..50495673f 100644
--- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
+++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out
@@ -1,114 +1,114 @@
00498{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01099{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348929,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348955,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348966,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348987,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946735705348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":348993,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01099{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349002,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02382{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349026,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00194{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01099{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":349060,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946735705349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00667{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":453738,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5oAADQRQF2VOOQtCgAAAQG7lfQAwC\/rf0eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00666{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":457124,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5sAADQRQFyVOOQtCgAAAQG7640AwNpVf0OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00666{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":457244,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC5wAADQRQFuVOOQtCgAAAQG7spoAwBNIf0SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00666{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":459813,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00666{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":460564,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00666{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946735705,"pkt_ts_usec":461257,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705453,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705459,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705457,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705460,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705461,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705457,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705453,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705459,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705457,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946735705348,"flow_last_seen":946735705460,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705461,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946735705349,"flow_last_seen":946735705457,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01100{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327173,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01100{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327201,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcFytAAL0R8M8KAAABPtK0R82cBB0CCLXvByMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01100{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327262,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcFyxAAL0R8M4KAAABPtK0R8FuBB0CCLXvByUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327323,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcFy0gAL0RDQ4KAAABPtK0R6rkBB0GBCq4ByYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327335,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQFy0Aub0RMeEKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":20,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327384,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcFy4gAL0RDQ0KAAABPtK0R+AzBB0GBPVqByQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327399,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQFy4Aub0RMeAKAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":22,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327408,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcFy8gAL0RDQwKAAABPtK0R9AzBB0GBAVtByIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":327438,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQFy8Aub0RMd8KAAABPtK0RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":24,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00664{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":355250,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWguYAADURTls+0rRHCgAAAQQdxzwAwvgJByeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
00664{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":356160,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWguUAADQRT1w+0rRHCgAAAQQdzZwAwvGtByOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAD603DX03HFYUGSUUMZQ5AFHqQDCbcRbndp5mF3SVu19eScXuGrpg2nLc5WDzV06y+FJw+Dah4cv34QVXrvZ7Q8nY1y4iPNLnPDmhCiX6M9Qv8kZOhpPDs+tmijF9ICJLydjXLiI80ucXop2NF6KdjRga6m0"}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328460,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcHPkgAL0RfJ0KAAABuYbEN9HBIPsGBAgHfxoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328460,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcHPpAAL0RYFwKAAABuYbEN5IlIPsCCECUfx8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328481,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQHPkAub0RoXAKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":29,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328494,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcHPsgAL0RfJsKAAABuYbEN4i9IPsGBFEJfxwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328516,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQHPsAub0RoW4KAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":31,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328530,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcHPxAAL0RYFoKAAABuYbEN+gNIPsCCECUfx0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328621,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcHP1AAL0RYFkKAAABuYbEN8UDIPsCCECUfxsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328639,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcHP4gAL0RfJgKAAABuYbEN9dTIPsGBAJxfx4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739304328,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":328653,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQHP4Aub0RoWsKAAABuYbENwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":35,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":360382,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWmUJAADQRblq5hsQ3CgAAASD7xQMAwuTIfxuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00669{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":361228,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWmUFAADQRblu5hsQ3CgAAASD7kiUAwhejfx+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00669{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":362796,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWmURAADQRbli5hsQ3CgAAASD7iL0AwiEOfxyAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00669{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":362961,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWmUNAADQRblm5hsQ3CgAAASD70cEAwtgLfxqAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363242,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylFAAL0RDRQKAAABaO66wK6oAbsCCOaEZFgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363260,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylIgAL0RKVMKAAABaO66wN6lAbsGBMqkZFUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363265,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylIAub0RTiYKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":42,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363274,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylNAAL0RDRIKAAABaO66wJrnAbsCCOaEZFYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcylVAAL0RDRAKAAABaO66wOd9AbsCCOaEZFQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylYgAL0RKU8KAAABaO66wOj5AbsGBMBOZFcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363284,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcylQgAL0RKVEKAAABaO66wK3LAbsGBPuAZFMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739304363,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363288,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylQAub0RTiQKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":47,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":363289,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQylYAub0RTiIKAAABaO66wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -121,85 +121,85 @@
00666{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":396523,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUET1AADQRUHFo7rrACgAAAQG7530AwCs5ZFSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
00666{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":397090,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUETtAADQRUHNo7rrACgAAAQG7mucAwHfNZFaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
00666{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":399567,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUET5AADQRUHBo7rrACgAAAQG76PkAwCm6ZFeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAF2CGRuc2NyeXB0AnVrAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAhKdWfhZK3D+gyCT1iixW\/FSRGoXDftkwga2BkZlttUlKSV94EyK2+BzaupeI4vEl+rXXsyVAmoCDcu2+5DAsD7Asxq95SKQwdQwh70VVdkKEIfYOFTawzG9XuIku9iynsCzGr3lIpDAAAAAFfU3cYX1TImA=="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599728,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhNAAL0R0ewKAAAB0frxGYAZAbsCCIXq8VkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599740,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhQgAL0R7isKAAAB0frxGdrjAbsGBM5Z8VQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599754,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhQAub0REv8KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":59,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599762,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhUgAL0R7ioKAAAB0frxGZEDAbsGBBg48VYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599775,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhUAub0REv4KAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":61,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599857,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhZAAL0R0ekKAAAB0frxGZQ+AbsCCIXq8VUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599866,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZhdAAL0R0egKAAAB0frxGYYUAbsCCIXq8VcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599889,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZhggAL0R7icKAAAB0frxGefnAbsGBMFR8VgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739304599,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":599904,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZhgAub0REvsKAAAB0frxGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":65,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00657{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":626301,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPni1AADcRISDR+vEZCgAAAQG7gBkAu2Pi8VmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00658{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":626439,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPni5AADcRIR\/R+vEZCgAAAQG72uMAuwkd8VSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00658{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":627573,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPnjBAADcRIR3R+vEZCgAAAQG7lD4Au0\/B8VWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00657{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628040,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPni9AADcRIR7R+vEZCgAAAQG7kQMAu1L78VaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628366,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRkgAL0RA98KAAABKU9FDapZAbsGBIt\/BsABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628383,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRogAL0RA94KAAABKU9FDbSVAbsGBIFBBsIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628389,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRkAub0RKLIKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":72,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628405,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRoAub0RKLEKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":73,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628422,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcpRsgAL0RA90KAAABKU9FDdrrAbsGBFrpBsQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628431,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpRxAAL0R55sKAAABKU9FDZT4AbsCCDEyBsMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628442,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQpRsAub0RKLAKAAABKU9FDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":76,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628531,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpR1AAL0R55oKAAABKU9FDdtxAbsCCDEyBsEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628565,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcpR5AAL0R55kKAAABKU9FDallAbsCCDEyBsUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":946739304628,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00657{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":628900,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPnjFAADcRIRzR+vEZCgAAAQG7hhQAu13p8VeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00658{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":629078,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPnjJAADcRIRvR+vEZCgAAAQG75+cAu\/wU8ViBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhtZWdhbmVyZAAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAfYAKepZwtScVP1uN5sT5N32akeuKSAV4oXU5Dhs9DYGIJJAdGKfXtNXiElvsQvm00KyC1gH3yBcsV0UHMhcHDXsbONUID12Y3+IJuxI0oT3pvizj3NQWIv0z50xYMyIaexs41QgPXZgAAAABX1N8A19UzYM="}
00663{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":788094,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcYAADIREz0pT0UNCgAAAQG7qlkAvgzwBsCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789535,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc6z5AAL0RYcwKAAABMw96+rLHAbsCCHDfxkkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789547,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc6z8gAL0RfgsKAAABMw96+pfTAbsGBFECxkYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789570,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ6z8Aub0Rot4KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":84,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789691,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc60AgAL0RfgoKAAABMw96+uk9AbsGBP+VxkgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789707,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ60AAub0Rot0KAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":86,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789731,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc60FAAL0RYckKAAABMw96+o88AbsCCHDfxkcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02384{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789776,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc60IgAL0RfggKAAABMw96+phfAbsGBFB4xkQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789813,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ60IAub0RotsKAAABMw96+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00195{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":89,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":789862,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc60NAAL0RYccKAAABMw96+pXaAbsCCHDfxkUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":946739304789,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00663{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":791217,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcUAADIREz4pT0UNCgAAAQG723EAvtvWBsGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
00663{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":793685,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcgAADIREzspT0UNCgAAAQG72usAvtxZBsSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
00663{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":804750,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSRcQAADIREz8pT0UNCgAAAQG7lPgAviJOBsOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJ0egRkMHduA2JpegAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAA1OqoPAErbOR3M17\/\/Kp81C0M1irw8YLMFAcPIvcR6xyplTIczMGQTrzWWN9IPA9l2Zy1iwuUTL7se0EmV4wWC0NhfmNsLEH2LkBE84etohseSn740G5SsmjVFMMQ1O1aQ2F+Y2wsQfZfU52hX1OdoV9U7yE="}
@@ -211,57 +211,57 @@
00662{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":821200,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTDfNAADURyGEzD3r6CgAAAQG76T0AvyfFxkiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"}
00663{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":821208,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTDfRAADQRyWAzD3r6CgAAAQG7jzwAv4HHxkeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"}
00663{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":821381,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTDfVAADURyF8zD3r6CgAAAQG7mF8Av3inxkSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxzY2FsZXdheS1hbXMAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANmtKqgh6GipMki1mJfjDA0AnYgv5x5ccE3t3oFTaUI52T95jfN1yOwZ4Avs9tatx4lCV7PDmZkXQULOG2i1+g8X39eqNuFP4dSqiJZOoeF4tcdLtZP0Xezh1C6PMdZNUhff16o24U\/hAAAAAV9TeY1fVMsN"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155161,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1NAAL0RVBEKAAABizvIdOhUAbsCCBaGc5UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155166,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1RAAL0RVBAKAAABizvIdLjtAbsCCBaGc5EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155210,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcU1VAAL0RVA8KAAABizvIdMSfAbsCCBaGc5MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155235,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1YgAL0RcE4KAAABizvIdKpxAbsGBMEKc5QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155243,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1YAub0RlSEKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":106,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155254,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1cgAL0RcE0KAAABizvIdJLbAbsGBNikc5ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155262,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1cAub0RlSAKAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":108,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155306,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcU1ggAL0RcEwKAAABizvIdOc6AbsGBIRDc5IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":946739305155,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":155318,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQU1gAub0RlR8KAAABizvIdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":110,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00664{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":187672,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF51AADcRFxKLO8h0CgAAAQG76FQAvuw2c5WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00665{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":189032,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF55AADcRFxGLO8h0CgAAAQG7xJ8Avg\/uc5OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00664{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":189550,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF59AADcRFxCLO8h0CgAAAQG7uO0Avhuic5GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
00664{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":191295,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF6FAADcRFw6LO8h0CgAAAQG7qnEAviobc5SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192522,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZYtAAL0RdE4KAAABwx5eHLr5IPsCCOQQMs4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZYwgAL0RkI0KAAABwx5eHIJZIPsGBDAsMssBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192615,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZY1AAL0RdEwKAAABwx5eHIhFIPsCCOQQMswBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192620,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZYwAub0RtWAKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":118,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192703,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcZY5AAL0RdEsKAAABwx5eHKw9IPsCCOQQMsoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192710,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZY8gAL0RkIoKAAABwx5eHNIzIPsGBOBTMskBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192727,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZY8Aub0RtV0KAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":121,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00664{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192746,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF6JAADcRFw2LO8h0CgAAAQG7ktsAvkG1c5CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192763,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcZZAgAL0RkIkKAAABwx5eHKz6IPsGBAWJMs0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":946739305192,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":192783,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQZZAAub0RtVwKAAABwx5eHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":124,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00664{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":194519,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSF6NAADcRFwyLO8h0CgAAAQG75zoAvu1Tc5KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJ1awAAEAABwAwAEAABAABwgAB9fEROU0MAAgAABjDMcMbz7yA0RLegztcBfq7VeYHKBaMLey+aMNVSTMo4Qj51\/gmF1JL4mny7Kl7CHKqU1ouuslp1lX1chQTTD+JLJw323p3g\/i9lq2cywGbzFxjIXwRFrAIdM6Cq64tY4ksnDfbeneAAAAABX1N7RV9UzMU="}
@@ -269,28 +269,28 @@
00660{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":214065,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LVAADgRZ3DDHl4cCgAAASD7uvkAvLLLMs6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00660{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":217619,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LdAADgRZ27DHl4cCgAAASD7rD0AvMGLMsqAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
00661{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":218005,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LZAADgRZ2\/DHl4cCgAAASD7glkAvOtuMsuAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219291,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciBpAAL0RGIYKAAABjgTMb4DKAbsCCB1KAhEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219317,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciBwgAL0RNMQKAAABjgTMb+4iAbsGBKD1AgwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219319,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciBsgAL0RNMUKAAABjgTMb4EvAbsGBA3nAg4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219331,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiBwAub0RWZcKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":133,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219342,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiBsAub0RWZgKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":134,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219372,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciB1AAL0RGIMKAAABjgTMb6nxAbsCCB1KAg8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219398,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIciB5AAL0RGIIKAAABjgTMb8w8AbsCCB1KAg0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219453,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXciB8gAL0RNMEKAAABjgTMb7cIAbsGBNgLAhABAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":946739305219,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":219467,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQiB8Aub0RWZQKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":138,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00660{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":220178,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQ+LhAADgRZ23DHl4cCgAAASD70jMAvJuWMsmAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydAVmZm11YwNuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAANu1cuNn82W5kyvuIYj3yDd11LkL534iAFDK9fBQA07jnu8CUEQwYJt1XxEE91D0YyFd2wLooVHv9yyAcc0SAAB5FL6yNLYbucmv1fHy4RsAcOv\/0XhGDt+qQ0bl\/YNRIXkUvrI0thu5ATQ9Gl8jB9hnnVXw"}
@@ -298,59 +298,59 @@
00669{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":326235,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg00AADQR55mOBMxvCgAAAQG7zDwAwg0OAg2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00669{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":326268,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg04AADQR55iOBMxvCgAAAQG7gMoAwlh8AhGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00669{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":326588,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg1AAADQR55aOBMxvCgAAAQG7gS8AwlgaAg6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327834,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwI1AAL0RNQwKAAABlXBwCsNzIPsCCMhQbAABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327882,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwI4gAL0RUUsKAAABlXBwCpxJIPsGBPr0a\/0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327899,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwI4Aub0Rdh4KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":146,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327955,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwI8gAL0RUUoKAAABlXBwCtrWIPsGBLxpa\/sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327973,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwI8Aub0Rdh0KAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":148,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327975,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwJEgAL0RUUgKAAABlXBwCqZKIPsGBPDxa\/8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327975,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwJBAAL0RNQkKAAABlXBwCuB5IPsCCMhQa\/4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":946739305327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":327986,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwJEAub0RdhsKAAABlXBwCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":151,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":946739305328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":946739305328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":328010,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwJJAAL0RNQcKAAABlXBwCti6IPsCCMhQa\/wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":946739305328,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":946739305328,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00669{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":329996,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg1EAADQR55WOBMxvCgAAAQG7qfEAwi9XAg+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00669{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":330270,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg08AADQR55eOBMxvCgAAAQG77iIAwusoAgyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00670{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":331904,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWg1IAADQR55SOBMxvCgAAAQG7twgAwiI\/AhCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00476{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348735,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCJAADsRLU2VcHAKCgAAASD7nEkAM5Mra\/2AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348929,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348955,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgAgAL0Rk+4KAAABlTjkLbKaAbsGBGxVf0QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348966,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgAAub0RuMEKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":159,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348987,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgEgAL0Rk+0KAAABlTjkLYqnAbsGBJRGf0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":946739305348,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":348993,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgEAub0RuMAKAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":161,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349002,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgJAAL0Rd6wKAAABlTjkLYMdAbsCCDw8f0UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcCgMgAL0Rk+sKAAABlTjkLYmcAbsGBJVVf0IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349026,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQCgMAub0RuL4KAAABlTjkLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":164,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00475{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349030,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHIUUAADsRmCqVcHAKCgAAASD7w3MAM2v+bACAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":349060,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCgRAAL0Rd6oKAAABlTjkLeuNAbsCCDw8f0MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":946739305349,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00476{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":350183,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCRAADsRLUuVcHAKCgAAASD7pkoAM4koa\/+AAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
00476{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":351475,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHTCNAADsRLUyVcHAKCgAAASD72tYAM1Sga\/uAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
00476{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":354664,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHIUgAADsRmCeVcHAKCgAAASD72LoAM1a7a\/yAAAABAAAAAAAAATINZG5zY3J5cHQtY2VydAVxdWFkOQNuZXQAABAAAQ=="}
@@ -361,28 +361,28 @@
00668{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":459813,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00668{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":460564,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
00668{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":461257,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241769,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+l9AAL0R9vsKAAABrGhdUMFoBaMCCMyOtDkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241775,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+mAgAL0REzsKAAABrGhdUMbhBaMGBCsUtDYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241786,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+mAAub0ROA4KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":179,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241796,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+mEgAL0REzoKAAABrGhdUKNIBaMGBE6vtDQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241823,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+mEAub0ROA0KAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":181,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241870,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+mJAAL0R9vgKAAABrGhdUJWLBaMCCMyOtDUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241888,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+mNAAL0R9vcKAAABrGhdUOhhBaMCCMyOtDcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241927,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+mQgAL0REzcKAAABrGhdUN5GBaMGBBOttDgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":946739306241,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241945,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+mQAub0ROAoKAAABrGhdUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":185,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00850{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":433658,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"pkt":"ZmZmZmZmRERERERECABFAAFbc7kAADgRQ2SsaF1QCgAAAQWjwWgBRx3ktDmBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
@@ -391,32 +391,32 @@
00850{"flow_id":78,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":435017,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"pkt":"ZmZmZmZmRERERERECABFAAFbc74AADgRQ1+saF1QCgAAAQWj3kYBRwEHtDiBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00850{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":435542,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"pkt":"ZmZmZmZmRERERERECABFAAFbc7wAADgRQ2GsaF1QCgAAAQWjlYsBR0nFtDWBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
00850{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":435760,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":361,"pkt_l4_len":327,"pkt":"ZmZmZmZmRERERERECABFAAFbc7sAADcRRGKsaF1QCgAAAQWjo0gBRzwJtDSBgAABAAIAAAAAATINZG5zY3J5cHQtY2VydAJqcAR0aWFyA2FwcAAAEAABwAwAEAABAAAAAAB9fEROU0MAAgAARetMpee6oZgp6bqFLigcb0SLVmyPyCbHZR6HuGkwY4G1zZ8bDjrU7\/iD1UD40EN1uvlcdqls0BZMl43HwVwZARZAkJHggho4ekmN0Zb884jA2erV10Cju7fjg6Pz8KRbF0CQkeCCGjhfU2UoX1NlKF9UtqjADAAQAAEAAAAAAH18RE5TQwABAACIFa1N+k0s+4iBtwxUZ\/VXDn6QTrqbz7JAjEb6C42munCjxleQqYGFgM5AgV1cY1L\/xiUTddAkkuTfkcOlN9YEFkCQkeCCGjh6SY3RlvzziMDZ6tXXQKO7t+ODo\/PwpFsWQJCR4IIaOF9TZShfU2UoX1S2qA=="}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":43748,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":53299,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":57395,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739299327,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":49518,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153416,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIctEJAAL0RBKQKAAABzbl0dJXNAikCCAUEnScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153426,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIctENAAL0RBKMKAAABzbl0dJffAikCCAUEnSsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153446,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIctERAAL0RBKIKAAABzbl0dKoIAikCCAUEnSkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153524,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXctEUgAL0RIOEKAAABzbl0dMo6AikGBP1vnSoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153527,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXctEYgAL0RIOAKAAABzbl0dJWGAikGBDIonSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153537,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQtEUAub0RRbQKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":197,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153540,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQtEYAub0RRbMKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":198,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153654,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXctEcgAL0RIN8KAAABzbl0dNoOAikGBO2dnSgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":946739311153,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":153670,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQtEcAub0RRbIKAAABzbl0dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":200,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":81,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":306630,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADShQAAADIRADHNuXR0CgAAAQIpqggAvpKvnSmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
@@ -425,84 +425,84 @@
00669{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":312303,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADShQQAADIRAC3NuXR0CgAAAQIp2g4AvmKqnSiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00670{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":313518,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADShQIAADIRAC\/NuXR0CgAAAQIpyjoAvnJ8nSqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
00669{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":314055,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADShQMAADIRAC7NuXR0CgAAAQIplYYAvqc0nSaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdmcmVldHNhA29yZwAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAn\/hr1LBKsWo8ISWGing3CJIxyJebVH0i+FiEft0kNqLwa8d8MG0HYasP8XBuGRRYuXbJWON+8OmftD\/GOCqkDQBv6De0v2\/+w89vsWNxuh1o1S9D9qyf\/kIslLiOA5h7AG\/oN7S\/b\/5fU2VhX1NlYV9UtuE="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802321,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcgu5AAL0RWGMKAAABNEHrgdoaAbsCCOKYCnMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802386,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcgu8gAL0RdKIKAAABNEHrgbTpAbsGBA+NCnABAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802400,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcgvBAAL0RWGEKAAABNEHrgc6vAbsCCOKYCnEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802405,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQgu8Aub0RmXUKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":210,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802444,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcgvEgAL0RdKAKAAABNEHrgbpFAbsGBAozCm4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802455,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcgvJAAL0RWF8KAAABNEHrgdqrAbsCCOKYCm8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00597{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00609{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802465,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQgvEAub0RmXMKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":213,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802507,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcgvMgAL0RdJ4KAAABNEHrgdhxAbsGBOwCCnIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00601{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
+00613{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":946739311802,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"DNScrypt.Amazon","breed":"Acceptable","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":802526,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQgvMAub0RmXEKAAABNEHrgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":215,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":85,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":102709,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiJAACkR6nc0QeuBCgAAAQG72hoAwNtICnOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00669{"flow_id":87,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":103356,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiRAACkR6nU0QeuBCgAAAQG7zq8AwOa1CnGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00669{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":103386,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiNAACgR63Y0QeuBCgAAAQG7tOkAwAB9CnCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00669{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105245,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiVAACkR6nQ0QeuBCgAAAQG7ukUAwPsiCm6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105460,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRfwgAL0RYAgKAAABMw8+QZecAbsGBGX0xUgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00669{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105464,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhiZAACkR6nM0QeuBCgAAAQG72HEAwNzyCnKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105484,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRfwAub0RhNsKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":222,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105560,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRf1AAL0RQ8cKAAABMw8+QbOpAbsCCDQmxUkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105609,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRf4gAL0RYAYKAAABMw8+Qd1wAbsGBCAixUYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105630,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRf4Aub0RhNkKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":225,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":89,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105709,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUhidAACgR63I0QeuBCgAAAQG72qsAwNq7Cm+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydApkZWZmZXItZG5zAmF1AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAHR7dJhGoyFx8KdrkIsoh61C8rxtxAaFzxQo\/agVQzzjpZ5APiE6q3FOpAI96QjakMreCrdTAjP8EJbJX\/I6UH9uHXHTkXq4cOyA70iJwlafDxONoi+u6\/0zTNviG6FU724dcdORerhwAAAAFfU2DvX1Sybw=="}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105859,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcRf8gAL0RYAUKAAABMw8+QYLxAbsGBHqjxUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAW9AAwFuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105877,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQRf8Aub0RhNgKAAABMw8+QQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":228,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":105922,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRgBAAL0RQ8QKAAABMw8+QarCAbsCCDQmxUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":946739312105,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":106245,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcRgFAAL0RQ8MKAAABMw8+Qe0\/AbsCCDQmxUcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAQAAAAAAAAAAAAHBAAwBvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":230,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":946739312106,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00670{"flow_id":91,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":130685,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"ZmZmZmZmRERERERECABFAADZ1MsAADURfjwzDz5BCgAAAQG7l5wAxS3cxUiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
00670{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132025,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"ZmZmZmZmRERERERECABFAADZ1MwAADURfjszDz5BCgAAAQG73XAAxegJxUaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132036,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwbRAAL0RUGYKAAABLZm7YKO5EPcCCKvPMPgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132111,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwbUgAL0RbKUKAAABLZm7YJQCEPcGBM6aMPUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132131,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwbUAub0RkXgKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":235,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132157,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwbYgAL0RbKQKAAABLZm7YLOjEPcGBK77MPMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132174,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwbYAub0RkXcKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":237,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132193,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwbdAAL0RUGMKAAABLZm7YLPvEPcCCKvPMPYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132228,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwbhAAL0RUGIKAAABLZm7YKh5EPcCCKvPMPQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132266,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwbkgAL0RbKEKAAABLZm7YJ4DEPcGBMSXMPcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":946739312132,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132283,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwbkAub0RkXQKAAABLZm7YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":241,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00670{"flow_id":94,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":132855,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"ZmZmZmZmRERERERECABFAADZ1M0AADURfjozDz5BCgAAAQG7gvEAxUKLxUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA5za3lmaWdodGVyLWRucwNjb20AABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAG60zsERLlFII2wj6zTIwofCbgq4wxjKMp9YEu9fS884Cf11c1Q4cTQ+J+ZjK7ZH4aaqK8VPbAGFYW80ueYrfwU8FAQJxEup2Hwk1EI2Qz7npiyDDRkpQyGDCxkaPRZtbjwUBAnES6nYAAAAAV9TrQRfVP6E"}
@@ -515,55 +515,55 @@
00667{"flow_id":98,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":180283,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWP4BAADYRWuEtmbtgCgAAARD3lAIAwjE1MPWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"}
00667{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":181028,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWP4FAADYRWuAtmbtgCgAAARD3s6MAwhGWMPOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"}
00668{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":183337,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWP4JAADYRWt8tmbtgCgAAARD3ngMAwicyMPeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9zdGgtZG5zY3J5cHQtc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAJDQ0ZbvRpC3D0bgumZKuy3tvg+CeWgIXh45Ishvbc3SjW3OKRxUShg2C7mIARv2NR589zRzZQEE1IcPTnNuvwAPMT4OYzIpCP1X\/njGK43zV6uPrF4F7max8o8+EVSzPA8xPg5jMikIAAAAAV9TfFZfVM3W"}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286003,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDJAAL0RMhoKAAABQlUec9pYAbsCCCOeLCwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286028,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDMgAL0RTlkKAAABQlUec71AAbsGBPfPLCkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286045,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDMAub0RcywKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":254,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286047,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDRAAL0RMhgKAAABQlUec5yjAbsCCCOeLCoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286137,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDUgAL0RTlcKAAABQlUec7lIAbsGBPvFLCsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286155,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDUAub0RcyoKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":257,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286168,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaDZAAL0RMhYKAAABQlUec9NgAbsCCCOeLCgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286182,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaDcgAL0RTlUKAAABQlUec4syAbsGBCngLCcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":946739312286,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":286200,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaDcAub0RcygKAAABQlUecwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":260,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":399677,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOhAADYRDa1CVR5zCgAAAQG702AAwE8ILCiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00669{"flow_id":103,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":400829,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOlAADYRDaxCVR5zCgAAAQG72lgAwEgMLCyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
00669{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":401005,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOpAADYRDatCVR5zCgAAAQG7vUAAwGUnLCmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402199,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7t1AAL0RzDEKAAABXV\/ipbSvAbsCCALbx+wBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402248,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7t4gAL0R6HAKAAABXV\/ipcAiAbsGBEBnx+kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402267,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7t4Aub0RDUQKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":266,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402318,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7t8gAL0R6G8KAAABXV\/ipeMBAbsGBB2Gx+sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402323,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7uBAAL0RzC4KAAABXV\/ipaSsAbsCCALbx+oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402335,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7t8Aub0RDUMKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":269,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402350,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc7uFAAL0RzC0KAAABXV\/ipeY4AbsCCALbx+gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402392,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc7uIgAL0R6GwKAAABXV\/ipZ6TAbsGBGH4x+cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":271,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":402408,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ7uIAub0RDUAKAAABXV\/ipQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":272,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00669{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":405003,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUFOtAADYRDapCVR5zCgAAAQG7nKMAwIXDLCqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADd8l9MieIsifjQGavIzw6tdHygby+pfz9uNV\/2so9cMC7hGKDfc+LzmB07CCRnhhWiHEKH9gFPecA8dSkDUDQHbk9p0e06j3wfoDIfK8NHA0t38M\/xpcLwZlzH2416A0JuT2nR7TqPfAAAAAFfU1T+X1Smfg=="}
@@ -572,57 +572,57 @@
00665{"flow_id":109,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":463702,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTA\/MAADYRf2ZdX+KlCgAAAQG7tK8Av+Gux+yBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"}
00666{"flow_id":112,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":464794,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTA\/QAADYRf2VdX+KlCgAAAQG7pKwAv\/Gzx+qBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"}
00665{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":466578,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTA\/UAADYRf2RdX+KlCgAAAQG75jgAv7Apx+iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANpczIEZDB3bgNiaXoAABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAEQUmbKEod9nlyKPPrQqGP9Ls8t6H\/YHI72RThtMayAXvqOxd6z058i8UJ7+KMLpc+YgjKuAGDN2+1oeB3OFIgnw9LuNjyX7NTXMUO6Dulhi3d3ExK4wLeAsg632WDfaPfD0u42PJfs1X1OugV9TroFfVQAB"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403292,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsFAAL0RhlMKAAABM56mYZCrAbsCCJzVB2IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403317,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsIgAL0RopIKAAABM56mYbiZAbsGBBC9B18BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403330,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsIAub0Rx2UKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":281,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403338,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsMgAL0RopEKAAABM56mYbPyAbsGBBVmB10BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403350,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsMAub0Rx2QKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":283,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403392,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsRAAL0RhlAKAAABM56mYdyuAbsCCJzVB2ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403417,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcmsZAAL0Rhk4KAAABM56mYeuuAbsCCJzVB14BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403417,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcmsUgAL0Roo8KAAABM56mYbvBAbsGBA2TB2EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":946739317403,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":403429,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQmsUAub0Rx2IKAAABM56mYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":287,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00675{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":428375,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhpAADMRgkAznqZhCgAAAQG7kKsAw\/s4B2KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00674{"flow_id":118,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":429999,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKh1AADMRgj0znqZhCgAAAQG73K4Aw683B2CBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00674{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":431691,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhtAADQRgT8znqZhCgAAAQG7uJkAw9NNB1+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432544,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc141AAL0RhaIKAAABsDjtq6L1AbsCCGC6smcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00675{"flow_id":117,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432560,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKhxAADMRgj4znqZhCgAAAQG7s\/IAw9f2B12BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
00674{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432581,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKh5AADMRgjwznqZhCgAAAQG7664Aw6A5B16BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc144gAL0RoeEKAAABsDjtq9cGAbsGBFSSsmQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432615,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ144Aub0RxrQKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":295,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432619,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc149AAL0RhaAKAAABsDjtq8ijAbsCCGC6smUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432660,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc15AgAL0Rod8KAAABsDjtq49EAbsGBJxWsmIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432673,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ15AAub0RxrIKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":298,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432695,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc15JAAL0RhZ0KAAABsDjtq79wAbsCCGC6smMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432697,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc15EgAL0Rod4KAAABsDjtq7zFAbsGBG7RsmYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":432711,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ15EAub0RxrEKAAABsDjtqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":301,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00674{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":434574,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADXKh9AADQRgTsznqZhCgAAAQG7u8EAw9AjB2GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxhY3NhY3Nhci1hbXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAAAQt4OLzm4x3OBnTPVYOyWbwQ07ZuPzfh5UHeUSDpkuLilk8PnzqIG19XCvUsQGZmTzZ+d2RjpSDvvlP\/+37YoDPjwKVuBVGSevZiWx3QxU\/Ww92uJXMr1\/GUOUVCxbO0A+PApW4FUZJwAAAAFfU6w6X1T9ug=="}
@@ -630,30 +630,30 @@
00676{"flow_id":122,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":461291,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcYmYAADkRwAqwOO2rCgAAAQG71wYAyMCVsmSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
00676{"flow_id":123,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":461317,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcYmcAADoRvwmwOO2rCgAAAQG7yKMAyM73smWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
00676{"flow_id":124,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462162,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcYmgAADoRvwiwOO2rCgAAAQG7j0QAyAhasmKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462281,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwFtAAL0RvgEKAAABstjJ3uq7CAUCCD+NfScBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462322,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwFwgAL0R2kAKAAABstjJ3syECAUGBG5EfSQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462335,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwF1AAL0Rvf8KAAABstjJ3s99CAUCCD+NfSUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462337,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwFwAub0R\/xMKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":310,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462369,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwF4gAL0R2j4KAAABstjJ3sv9CAUGBG7NfSIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462376,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwF8gAL0R2j0KAAABstjJ3pbCCAUGBKQEfSYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462379,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwF4Aub0R\/xEKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":313,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462388,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwF8Aub0R\/xAKAAABstjJ3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":314,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":462404,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwGBAAL0RvfwKAAABstjJ3uV0CAUCCD+NfSMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":946739317462,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00676{"flow_id":125,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":463523,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcYmkAADoRvwewOO2rCgAAAQG7v3AAyNgssmOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjEIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAABl3+ykQSZujAz2k88UgiWZ8EW8WsV\/cZTbX4vJmZY7W5pQMpzujkuwlfjXc+3bckBxwziAxuzLgEVuJhZegpADIiVqOfVhh6bINcwjX2cKXslxwpVLP3wwY1fcQglCKacmJWo59WGHpX1OncV9Tp3FfVPjx"}
00669{"flow_id":129,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":493097,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfxoAADgRxYuy2MneCgAAAQgFz30AwELIfSWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
00669{"flow_id":127,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":493564,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfxkAADgRxYyy2MneCgAAAQgF6rsAwCeIfSeBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
@@ -661,26 +661,26 @@
00670{"flow_id":130,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496294,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfx0AADgRxYiy2MneCgAAAQgFy\/0AwEZLfSKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
00669{"flow_id":131,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496321,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfx4AADgRxYey2MneCgAAAQgFlsIAwHuCfSaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
00669{"flow_id":132,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496650,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUfxwAADgRxYmy2MneCgAAAQgF5XQAwCzTfSOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlzb2x0eXNpYWsDY29tAAAQAAHADAAQAAEAAAAAAH18RE5TQwABAACUEmW5IqEpBOIJ6OaaARxYZGtpF\/IlhAtf26qHIkb2CzdApz2tTrsIcpPG9I9VOY64aWiKVSPR4fI2Zci4AowMZh1rbmzrBh4Ds7P4I2QNBDqhYpufqNWKNKJm6\/BuBFZmHWtubOsGHl9TOclfUznJX1SLSQ=="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496723,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbsxAAL0R7dwKAAABLUxxH6jYAbsCCGFBZBkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496730,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbs0gAL0RChwKAAABLUxxH9fjAbsGBNdkZBYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496749,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbs0Aub0RLu8KAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":325,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496759,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbs5AAL0R7doKAAABLUxxH8mFAbsCCGFBZBcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496865,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcbs9AAL0R7dkKAAABLUxxH6sAAbsCCGFBZBUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496868,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbtAgAL0RChkKAAABLUxxH+k7AbsGBMYOZBQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496872,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcbtEgAL0RChgKAAABLUxxH8tlAbsGBOPgZBgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":946739317496,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496883,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbtEAub0RLusKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":330,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":331,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":496886,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQbtAAub0RLuwKAAABLUxxHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -691,87 +691,87 @@
00670{"flow_id":138,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":822049,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSA+pAAC8R6AktTHEfCgAAAQG7y2UAvkIqZBiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00670{"flow_id":133,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":825451,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSA+hAAC8R6AstTHEfCgAAAQG7qNgAvmS2ZBmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
00670{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":829317,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSA+lAAC8R6AotTHEfCgAAAQG71+MAvjWuZBaBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAr5zEv1WGx7jem2pK2nflqiaMVF6rzF7WHGlvrWl\/ySW6UfM8aTB84zwXL6LFGFBJtiDl\/1MLBjf7\/4+Tj2baBU4DeMBZ\/3\/bX+\/ckKf+At437jBg5+agLK3mfgxAT218TgN4wFn\/f9sAAAABX1NRj19Uow8="}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38037,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3JAAL0RigEKAAABl1DeT9J0AbsCCDh2XDIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38043,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3MgAL0RpkAKAAABl1DeT7G5AbsGBKXWXC8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38059,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3QgAL0Rpj8KAAABl1DeT7pxAbsGBJ0gXC0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38062,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3MAub0RyxMKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":341,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38076,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3QAub0RyxIKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":342,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38155,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3VAAL0Rif4KAAABl1DeT8tIAbsCCDh2XDABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38168,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+3YgAL0Rpj0KAAABl1DeT+EkAbsGBHZpXDEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAAFvwAMBbsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38185,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+3YAub0RyxAKAAABl1DeTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":345,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":38215,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+3dAAL0RifwKAAABl1DeT5ZvAbsCCDh2XC4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAEAAAAAAAAAAAABwwAMAb8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":946739318038,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00674{"flow_id":139,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":59490,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4ZAADQRFDOXUN5PCgAAAQG70nQAw+UcXDKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00674{"flow_id":140,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":59779,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4dAADQRFDKXUN5PCgAAAQG7sbkAwwXbXC+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61047,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXchAAL0RQhgKAAABjgTNL+aDAbsCCB4KqlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61065,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXckgAL0RXlcKAAABjgTNL8TTAbsGBCE2qlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61081,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXcpAAL0RQhYKAAABjgTNL5zKAbsCCB4KqloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61087,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXckAub0RgyoKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":352,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61101,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXcsgAL0RXlUKAAABjgTNL8rfAbsGBBssqlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61118,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXcsAub0RgygKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":354,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61197,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcXcwgAL0RXlQKAAABjgTNL9NQAbsGBBK3qlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00674{"flow_id":142,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61202,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4lAADQRFDCXUN5PCgAAAQG7y0gAw+xKXDCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61216,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQXcwAub0RgycKAAABjgTNLwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":357,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61289,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcXc1AAL0RQhMKAAABjgTNL4w\/AbsCCB4KqlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":946739318061,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00674{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":61517,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4pAADQRFC+XUN5PCgAAAQG74SQAw9ZtXDGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00674{"flow_id":144,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":62260,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4tAADQRFC6XUN5PCgAAAQG7lm8AwyEmXC6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00675{"flow_id":141,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":63093,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"ZmZmZmZmRERERERECABFAADX+4hAADQRFDGXUN5PCgAAAQG7unEAw\/0kXC2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAdvcGVubmljBGkycGQDeHl6AAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADbIkde1\/iXw9F8aP3hFzW\/UlCbjrsaMoYt8+MW53XVHmJZ40u2KJ1Y5p9+bOkgm9KOg6J\/Jk5OIIo5rrGKNcsPhxVktS2XlAVyckcTA1HXSkhBDvC7R+LCFU83mg2ymgqHFWS1LZeUBQAAAAFfU5R+X1Tl\/g=="}
00672{"flow_id":145,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":164590,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEe8AADQRWDiOBM0vCgAAAQG75oMAwm2uqlyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
00672{"flow_id":148,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":167743,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfEAADQRWDaOBM0vCgAAAQG7yt8AwolXqleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
00672{"flow_id":146,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":168571,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfAAADQRWDeOBM0vCgAAAQG7xNMAwo9hqlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":168986,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuoVAAL0Rw2MKAAABwb+7a5HQAbsCCEABLy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":946739318168,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169044,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuoZAAL0Rw2IKAAABwb+7a4wtAbsCCEABLysBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169070,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuocgAL0R36EKAAABwb+7a4H\/AbsGBBdyLyoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":367,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169102,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuocAub0RBHUKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":368,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169132,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuokgAL0R358KAAABwb+7a9PHAbsGBMWnLywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169132,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcuoggAL0R36AKAAABwb+7a7+QAbsGBNniLygBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169148,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuokAub0RBHMKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":371,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169153,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQuogAub0RBHQKAAABwb+7awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":372,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":169188,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcuopAAL0Rw14KAAABwb+7a7\/bAbsCCEABLykBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":946739318169,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00672{"flow_id":147,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":170686,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfMAADQRWDSOBM0vCgAAAQG7nMoAwrdpqlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
00672{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":171174,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfIAADQRWDWOBM0vCgAAAQG701AAwoDiqluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
00672{"flow_id":150,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":175518,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWEfQAADQRWDOOBM0vCgAAAQG7jD8Awsf2qliBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczQCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAAVJsH+RdJNH3D0PM7heo\/dPPI3i1+4vLX8T10ivxa\/CqjJyTHnmZoOX4oJMyJ42Khrgw6i1Ft4Vh\/Rb2U7RsAXZ5P9pZAltiMSwIbLDTpLjw5sG+xMI0gbdPS4ze+O\/Bdnk\/2lkCW2IWX62bll+tm5sSrlu"}
@@ -781,87 +781,87 @@
00666{"flow_id":154,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":202449,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSHkhAADYR5+vBv7trCgAAAQG708cAviDrLyyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAzGGkyIiowp8pFszsXxkEW0y0qS06At4miIE7AyLIdZ2u5Jf0Kd+gqa\/ZnKsGDqB9\/JqMQzB5mxntdDH0TQRsCBpBtMbo6VmIyWnkxOdJSeZWPK9K\/gWr4WDPFo1HWxdqGkG0xujpWYgAAAABX1Oe6F9U8Gg="}
00667{"flow_id":151,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":202650,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSHkRAADYR5+\/Bv7trCgAAAQG7kdAAvmLhLy2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAzGGkyIiowp8pFszsXxkEW0y0qS06At4miIE7AyLIdZ2u5Jf0Kd+gqa\/ZnKsGDqB9\/JqMQzB5mxntdDH0TQRsCBpBtMbo6VmIyWnkxOdJSeZWPK9K\/gWr4WDPFo1HWxdqGkG0xujpWYgAAAABX1Oe6F9U8Gg="}
00666{"flow_id":155,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":205762,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSHklAADYR5+rBv7trCgAAAQG7v5AAvjUmLyiBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAJiZQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAzGGkyIiowp8pFszsXxkEW0y0qS06At4miIE7AyLIdZ2u5Jf0Kd+gqa\/ZnKsGDqB9\/JqMQzB5mxntdDH0TQRsCBpBtMbo6VmIyWnkxOdJSeZWPK9K\/gWr4WDPFo1HWxdqGkG0xujpWYgAAAABX1Oe6F9U8Gg="}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":49186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":946739317432,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":48325,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":946739312402,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":40595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48391,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+LxAAL0RUngKAAABMw980LE\/EPcCCHK1aUUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48428,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+L0gAL0RbrcKAAABMw980MM3EPcGBKwyaUIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48442,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+L0Aub0Rk4oKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":385,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48478,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+L4gAL0RbrYKAAABMw980JWmEPcGBNnFaUABAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48481,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+L9AAL0RUnUKAAABMw980NnYEPcCCHK1aUMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48490,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+L4Aub0Rk4kKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":388,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48494,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc+MAgAL0RbrQKAAABMw980JvmEPcGBNOBaUQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48503,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ+MAAub0Rk4cKAAABMw980AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":390,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48530,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc+MFAAL0RUnMKAAABMw980NJ\/EPcCCHK1aUEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":391,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":946739337048,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00671{"flow_id":157,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":76414,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoBAADURNfszD3zQCgAAARD3sT8Awv\/QaUWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
00670{"flow_id":160,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":77210,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoFAADURNfozD3zQCgAAARD32dgAwtc5aUOBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
00670{"flow_id":158,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":77231,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoJAADURNfkzD3zQCgAAARD3wzcAwu3baUKBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78105,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/chAAL0ReVsKAAABp3LcfZBCAbsCCEbGm2kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":395,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78124,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/ckgAL0RlZoKAAABp3LcfZZsAbsGBGHYm2YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":396,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78136,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/ckAub0Rum0KAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":397,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78188,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/cpAAL0ReVkKAAABp3LcfZuIAbsCCEbGm2cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78192,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/csgAL0RlZgKAAABp3LcfbItAbsGBEYVm2gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78199,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/csAub0RumsKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":400,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78205,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/cwgAL0RlZcKAAABp3LcfejFAbsGBA+Bm2QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78218,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/cwAub0RumoKAAABp3LcfQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":402,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78271,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/c1AAL0ReVYKAAABp3LcfbKzAbsCCEbGm2UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":946739337078,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00670{"flow_id":159,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78771,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoNAADURNfgzD3zQCgAAARD3laYAwhtvaUCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
00670{"flow_id":162,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":78813,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoVAADURNfYzD3zQCgAAARD30n8Awt6UaUGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
00670{"flow_id":161,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":79094,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWnoRAADURNfczD3zQCgAAARD3m+YAwhUraUSBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydA9hbXMtZG5zY3J5cHQtbmwAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPvb\/epXmbtmpFJPDJPj0\/8kG2WLVy9aKZXG64Z\/RD4Asb+lk0fHUNVwKqjvyNJwSQDMlfv0kF+DU4Xf9AOufg1vl\/oZmXyGUvpIk2ki4WFZb2z8KlMPRm7olQdpuGdje2+X+hmZfIZSAAAAAV9TS2BfVJzg"}
00668{"flow_id":164,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":183164,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADU4rUAADMRX7enctx9CgAAAQG7lmwAwOCxm2aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
00668{"flow_id":165,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184603,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADU4rcAADMRX7Wnctx9CgAAAQG7m4gAwNuUm2eBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
00668{"flow_id":163,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184787,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADU4rYAADMRX7anctx9CgAAAQG7kEIAwObYm2mBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0xAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAACtvTpPmuzdARCZdHINGnm84Rta+Q9yZkJOIOBZH1xDWjyTETMesMGOqAFTeyjt37OaMFtfnU1CukJNcbLtFisLiXsfUndKvm3+Vr\/KkwQySWxBEvG+JEE+3LVi8Tb5u3eKex9Sd0q+bV9TqoVfU6qFX1T8BQ=="}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":169,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184822,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcw6lAAL0RhukKAAABBb2qxIuWAdECCHNXsoMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":170,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184840,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcw6pAAL0RhugKAAABBb2qxK3QAdECCHNXsn8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":171,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184850,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcw6sgAL0RoycKAAABBb2qxOL4AdEGBCbssn4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184865,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQw6sAub0Rx\/oKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":413,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":172,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184926,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcw6xAAL0RhuYKAAABBb2qxJ8sAdECCHNXsoEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAG7AAwBtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":173,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184959,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcw60gAL0RoyUKAAABBb2qxOUaAdEGBCTIsoABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":174,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184962,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcw64gAL0RoyQKAAABBb2qxOllAdEGBCB7soIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAQAAAAAAAAAAAAW3AAwFswAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184974,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQw60Aub0Rx\/gKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":417,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":418,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":184975,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQw64Aub0Rx\/cKAAABBb2qxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -872,31 +872,31 @@
00682{"flow_id":169,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":214486,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"ZmZmZmZmRERERERECABFAADfmrhAADkRNRgFvarECgAAAQHRi5YAy+QIsoOAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAcAMABAAAQAADhAAfXxETlNDAAEAAECBm+\/xTzDeD4KSjeZIgKwk3d3hDoaJSO\/h1pwRZePAj9XQLJ\/4Aa45W8vDBSKrJViJIaMolD7iTZBWDGXuFATTYhzIUZpFJ+MsooNEpkdNSme+M97PW3cWzIMHmxZ+fdNiHMhRmkUnX1O28V9TqKVfU9NN"}
00682{"flow_id":170,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":214820,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"ZmZmZmZmRERERERECABFAADfmrlAADkRNRcFvarECgAAAQHRrdAAy8HSsn+AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAcAMABAAAQAADhAAfXxETlNDAAEAAECBm+\/xTzDeD4KSjeZIgKwk3d3hDoaJSO\/h1pwRZePAj9XQLJ\/4Aa45W8vDBSKrJViJIaMolD7iTZBWDGXuFATTYhzIUZpFJ+MsooNEpkdNSme+M97PW3cWzIMHmxZ+fdNiHMhRmkUnX1O28V9TqKVfU9NN"}
00682{"flow_id":172,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":218356,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"ZmZmZmZmRERERERECABFAADfmrpAADkRNRYFvarECgAAAQHRnywAy9B0soGAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARuczE2AmRlA2RucwdvcGVubmljBGdsdWUAABAAAcAMABAAAQAADhAAfXxETlNDAAEAAECBm+\/xTzDeD4KSjeZIgKwk3d3hDoaJSO\/h1pwRZePAj9XQLJ\/4Aa45W8vDBSKrJViJIaMolD7iTZBWDGXuFATTYhzIUZpFJ+MsooNEpkdNSme+M97PW3cWzIMHmxZ+fdNiHMhRmkUnX1O28V9TqKVfU9NN"}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":59749,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58104,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":946739337184,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":58650,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":175,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756593,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwiRAAL0R5K8KAAABuf2aQpc1EPcCCBcWY0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":176,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756593,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwiUgAL0RAO8KAAABuf2aQq21EPcGBC1ZY0YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":177,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756596,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwiZAAL0R5K0KAAABuf2aQrL3EPcCCBcWY0sBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756609,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwiUAub0RJcIKAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":428,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":178,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756620,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcwidAAL0R5KwKAAABuf2aQqoUEPcCCBcWY0kBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":179,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756689,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwiggAL0RAOwKAAABuf2aQrwfEPcGBB7tY0gBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756709,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwigAub0RJb8KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":431,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":180,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756792,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcwikgAL0RAOsKAAABuf2aQpZSEPcGBES4Y0oBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":946739348756,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":756812,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQwikAub0RJb4KAAABuf2aQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":433,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00668{"flow_id":177,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":800047,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTW7dAADkR0Ga5\/ZpCCgAAARD3svcAv+AkY0uBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
@@ -905,28 +905,28 @@
00668{"flow_id":176,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":804292,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTW7lAADkR0GS5\/ZpCCgAAARD3rbUAv+VrY0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
00669{"flow_id":180,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805526,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTW7xAADkR0GG5\/ZpCCgAAARD3llIAv\/zKY0qBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
00669{"flow_id":179,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805555,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTW7tAADkR0GK5\/ZpCCgAAARD3vB8Av9b\/Y0iBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAxiY24tZG5zY3J5cHQAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAPzOPvxAqRNc7Q72GZx6clSW\/rILjCJS5AVCUtIfh\/knKqjuiGnU\/ySlMpkdSKAUBEzuxnQcAR\/n3q9w6kY3ZQBbAAtR8Cvhyf4swkJ5CXEM5Flzvf2K4fhPC+UgsGecNlsAC1HwK+HJAAAAAV9TdNFfVMZR"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805654,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclaRAAL0RCvwKAAABjgTMb8m\/AbsCCB1KEX8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805763,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclaUgAL0RJzsKAAABjgTMb+dYAbsGBJhPEXwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805774,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclaZAAL0RCvoKAAABjgTMb6OnAbsCCB1KEX0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805778,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlaUAub0RTA4KAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":443,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805808,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcladAAL0RCvkKAAABjgTMb7UbAbsCCB1KEXsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805827,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclaggAL0RJzgKAAABjgTMb99cAbsGBKBJEX4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805843,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlagAub0RTAsKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":446,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805857,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclakgAL0RJzcKAAABjgTMb7oFAbsGBMWkEXoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":946739348805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":805876,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlakAub0RTAoKAAABjgTMbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":448,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00670{"flow_id":183,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":912043,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIMAADQRymOOBMxvCgAAAQG7o6cAwiYzEX2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
@@ -935,28 +935,28 @@
00670{"flow_id":185,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":916753,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIcAADQRyl+OBMxvCgAAAQG731wAwup8EX6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00670{"flow_id":181,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":917597,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIYAADQRymCOBMxvCgAAAQG7yb8AwgAZEX+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
00671{"flow_id":186,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":917627,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWoIgAADQRyl6OBMxvCgAAAQG7ugUAwg\/YEXqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANuczMCY2EFbHVnZ3MCY28AABAAAcAMABAAAQAAAAAAfXxETlNDAAEAAG0rJMeHQmadAAjPo7oVfCGn+vVnYNn+3VnMSzQY0rAkl3fyY6FeDYzevPOP9Wx6CFjMcHM\/npT74\/JxSlg\/ZQ+xYYapuSWJmSy0bkM5eaAYWq1iOjOwzrlApye0OOzsPbFhhqm5JYmZWX62h1l+todsSrmH"}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01105{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804527,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YZAAH4Rg9UKAAAB1C\/kiJXjAbsCCHuObd4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804527,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcIEwgAH4RfVAKAAAB1C\/kiIW0AbsGBB6ibd0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01105{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804529,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YdAAH4Rg9QKAAAB1C\/kiMtYAbsCCHuObeIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":457,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":946739380804,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":804545,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQIEwAuX4RoiMKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":458,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01105{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805007,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc\/YhAAH4Rg9MKAAAB1C\/kiJ9HAbsCCHuObeABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02388{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805259,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/YkgAH4RoBIKAAAB1C\/kiNwPAbsGBMhCbeEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805278,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/YkAuX4RxOUKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":461,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02388{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805613,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc\/YogAH4RoBEKAAAB1C\/kiO3VAbsGBLZ+bd8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":946739380805,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":805632,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ\/YoAuX4RxOQKAAAB1C\/kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":463,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00668{"flow_id":187,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":832369,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWpUBAADIRKWLUL+SICgAAAQG7leMAwtNqbd6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
@@ -965,26 +965,26 @@
00669{"flow_id":191,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":837836,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWpUNAADMRKF\/UL+SICgAAAQG73A8Awo07beGBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
00668{"flow_id":192,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":838291,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWpURAADIRKV7UL+SICgAAAQG77dUAwnt3bd+BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
00668{"flow_id":190,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":844050,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWpUVAADIRKV3UL+SICgAAAQG7n0cAwsoEbeCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAJmcghkbnNjcnlwdANvcmcAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAAAGnqbCRK7WvFnA0fqnvTaP0TkhGLYlM337fP\/M0VQi0o3wTy7gpqyMQZFkjfrWn031Ofm4JJLwM1X8FbNxmrQCWUcFQ8RQkVXWSFLecisgk5xXaKVbLy2ZX6VNRztvrCJZRwVDxFCRVAAAAAV9ToghfVPOI"}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":193,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":983948,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcVMVAAH4RMmQKAAABVQVd5uZEIPsCCHXB4\/IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01104{"flow_id":194,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":983956,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcCx1AAH4RfAwKAAABVQVd5sTjIPsCCHXB4\/ABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":195,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":983957,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcVMZAAH4RMmMKAAABVQVd5rY2IPsCCHXB4+4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAAAcsADAHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":946739380983,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":196,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984007,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcVMcgAH4RTqIKAAABVQVd5t8CIPsGBKCC4+8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984034,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQVMcAuX4Rc3UKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":474,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02387{"flow_id":197,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984041,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcVMkgAH4RTqAKAAABVQVd5spyIPsGBLUQ4\/EBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":198,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984041,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcVMggAH4RTqEKAAABVQVd5plbIPsGBOYr4+0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABAAAAAAAAAAAABccADAXDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":946739380984,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984057,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQVMgAuX4Rc3QKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":477,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":478,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":984062,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQVMkAuX4Rc3MKAAABVQVd5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -995,82 +995,82 @@
00659{"flow_id":196,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739381,"pkt_ts_usec":17698,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPeUxAADQRWSpVBV3mCgAAASD73wIAu3q74++BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
00659{"flow_id":198,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739381,"pkt_ts_usec":17727,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPeU1AADQRWSlVBV3mCgAAASD7mVsAu8Bk4+2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
00660{"flow_id":197,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739381,"pkt_ts_usec":21276,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"ZmZmZmZmRERERERECABFAADPeU5AADQRWShVBV3mCgAAASD7ynIAu49J4\/GBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhpYmtzdHVybQAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAQmF4jrNkSB0NiNqctWCLsz9Hoe15aS6mrwyMq15DMDKxowa47TLEyU+dCwefDt3RvbYdetUltVlZd+8gb8kmCcgRT\/L7wkmA5gU0xv13eDWtHcb4jTpxlTH+X73K1n94yBFP8vvCSYAAAAABX1Nm5l9UuGY="}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":199,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46803,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcBYVAAH4RyuMKAAABi2PeSMWpIPsCCCyCmlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":200,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46808,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcBYYgAH4R5yIKAAABi2PeSJ22IPsGBPDSmlQBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":201,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46811,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcBYcgAH4R5yEKAAABi2PeSMk1IPsGBMVRmlYBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46819,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQBYYAuX4RC\/YKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":488,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":202,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46818,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcBYhAAH4RyuAKAAABi2PeSLJyIPsCCCyCmlcBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46826,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQBYcAuX4RC\/UKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":490,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":203,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46859,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcBYlAAH4Ryt8KAAABi2PeSOgIIPsCCCyCmlUBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAAAcgADAHEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":204,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46881,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcBYogAH4R5x4KAAABi2PeSMKEIPsGBMwAmlgBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABAAAAAAAAAAAABcQADAXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46903,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQBYoAuX4RC\/IKAAABi2PeSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":493,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00668{"flow_id":202,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":306378,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSWtFAACoRyuGLY95ICgAAASD7snIAvm5FmleBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
00668{"flow_id":199,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":308620,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSWtNAACoRyt+LY95ICgAAASD7xakAvlsMmlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
00668{"flow_id":203,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":308868,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"ZmZmZmZmRERERERECABFAADSWtJAACoRyuCLY95ICgAAASD76AgAvjixmlWBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydANkbnMEc2VieQJpbwAAEAABwAwAEAABAABwgAB9fEROU0MAAgAAAR0hTbelwStbUvrsyN4TMcjd6ciaJLWS\/+lAjdb\/qhY\/GqLYEoO6rv\/+JZlrPe5rwefrjN2pIualeqx6XQ1AD9Zj2kPVDPuO2VaFeIl38Qe5+u3sSCCBiqzaCgrP\/G5+1mPaQ9UM+44AAAABX1NQIl9UoaI="}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47770,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEJAAH4RqpMKAAABkFtq47ysAbsCCL4UZl4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47802,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEMgAH4RxtIKAAABkFtq46CUAbsGBGABZlsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47813,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEMAuX4R66UKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":499,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47817,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEQgAH4RxtEKAAABkFtq47xtAbsGBEQqZlkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47828,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEQAuX4R66QKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":501,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47867,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEVAAH4RqpAKAAABkFtq49QhAbsCCL4UZloBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47873,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIclEZAAH4Rqo8KAAABkFtq49itAbsCCL4UZlwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAHHAAwBwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47885,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXclEcgAH4Rxs4KAAABkFtq49O8AbsGBCzXZl0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAQAAAAAAAAAAAAXDAAwFvwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":946739396047,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":47896,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQlEcAuX4R66EKAAABkFtq4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":505,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00662{"flow_id":206,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":69636,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTkQZAADcR9hiQW2rjCgAAAQG7oJQAvzbjZluBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":211,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70457,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcSFhAAH4R+qEKAAABLuPIN4INIPsCCLnwFdMBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":212,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70514,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcSFkgAH4RFuEKAAABLuPIN5ViIPsGBDRUFdABAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":213,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70525,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcSFogAH4RFuAKAAABLuPIN4HeIPsGBEfaFc4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70529,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQSFkAuX4RO7QKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":510,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70534,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQSFoAuX4RO7MKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":511,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":214,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70539,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcSFtAAH4R+p4KAAABLuPIN8RlIPsCCLnwFdEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02385{"flow_id":215,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70548,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcSFwgAH4RFt4KAAABLuPIN6yBIPsGBB0zFdIBAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAXAAAwFvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00447{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70559,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQSFwAuX4RO7EKAAABLuPINwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":514,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01102{"flow_id":216,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":70559,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcSF1AAH4R+pwKAAABLuPIN8AZIPsCCLnwFc8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":946739396070,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00662{"flow_id":208,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":71145,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTkQhAADcR9haQW2rjCgAAAQG71CEAvwNXZlqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
00662{"flow_id":205,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":71393,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTkQVAADcR9hmQW2rjCgAAAQG7vKwAvxrIZl6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
00662{"flow_id":207,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":73027,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"ZmZmZmZmRERERERECABFAADTkQdAADcR9heQW2rjCgAAAQG7vG0AvxsMZlmBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdANvbmUAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAALkTa3PmYOnbKVsenPA+dUbqb7bPdeethm+r51VaewMcP0sfe1RtTAHcc8Uvs8bFQylZgA4Na3Yk4xgl2KWmKw4bPctGhBgarq2J2ya3ifLfvYsxbqqez8iaBEin48TCXxs9y0aEGBquAAAAAV9TgfdfVNN3"}
@@ -1081,26 +1081,26 @@
00671{"flow_id":212,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":109227,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWzCxAADcRvxMu48g3CgAAASD7lWIAwgRZFdCAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00671{"flow_id":213,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":109459,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWzC5AADcRvxEu48g3CgAAASD7gd4AwhffFc6AAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
00671{"flow_id":215,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":110024,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ZmZmZmZmRERERERECABFAADWzC9AADcRvxAu48g3CgAAASD7rIEAwu03FdKAAAABAAEAAAAAATINZG5zY3J5cHQtY2VydARyZG5zBmZhZWxpeANuZXQAABAAAcAMABAAAQAADhAAfXxETlNDAAEAADn5TxO0FAodB0MfyNII\/q4yfvBzna8lha8rHqMZH6brB0hzmteXf96oRMNtUVCp592lxf62HHwuDSbhBbtGtQcalorpuHO8PTt\/PSXI1nToKeQ\/\/4xUAF+WFp6Iz9p9KhqWium4c7w9AAAAAV7URQBxousA"}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111009,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKehAAH4Ra2AKAAABa6o5ItRnAbsCCGeiszEBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111010,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKekgAH4Rh58KAAABa6o5IteRAbsGBOOGsy4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111023,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKekAuX4RrHIKAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":528,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111084,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKepAAH4Ra14KAAABa6o5Io3vAbsCCGeisy8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111148,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcKetAAH4Ra10KAAABa6o5IpGnAbsCCGeisy0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111157,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKewgAH4Rh5wKAAABa6o5IoF3AbsGBDmjsywBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111164,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcKe0gAH4Rh5sKAAABa6o5IqSdAbsGBBZ5szABAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":946739396111,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111169,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKewAuX4RrG8KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":533,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":534,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":111181,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQKe0AuX4RrG4KAAABa6o5IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1112,26 +1112,26 @@
00677{"flow_id":221,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":216191,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcvzgAADQRYVBrqjkiCgAAAQG7gXcAyB8LsyyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
00677{"flow_id":220,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":216406,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcvzsAADQRYU1rqjkiCgAAAQG7kacAyA7asy2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
00677{"flow_id":222,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739396,"pkt_ts_usec":218321,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcvzkAADQRYU9rqjkiCgAAAQG7pJ0AyPvgszCBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdAl2ZW50cmljbGUCdXMAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAI\/a1gzqXBRkeMMNLdByUsrCAeXq9pAoSIZvWZO078wHKN5t9zokYno4cH1X8DUwDBTmKYZNXI496f2ZPTyfGw7EiDsrhQ4a28OXE48fibQ4VcAHxN0Yn+p8BQ7Bz9i\/KcWIOyuFDhrbX1Oowl9TqMJfVPpC"}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01105{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460375,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcPTRAAH4RwyoKAAABucF\/9N6cAbsCCPyL\/I8BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01106{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460376,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc9\/NAAH4RCGsKAAABucF\/9MOOAbsCCPyL\/IsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01105{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460415,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcPTVAAH4RwykKAAABucF\/9OfaAbsCCPyL\/I0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAHKAAwBxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02388{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460524,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTYgAH4R32gKAAABucF\/9NaIAbsGBKQ8\/IwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460543,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTYAuX4RBDwKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":546,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02388{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460550,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTggAH4R32YKAAABucF\/9LTqAbsGBMXY\/I4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02388{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460551,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcPTcgAH4R32cKAAABucF\/9LtjAbsGBL9j\/IoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAQAAAAAAAAAAAAXGAAwFwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":946739400460,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460564,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTcAuX4RBDsKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":549,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":550,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460566,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQPTgAuX4RBDoKAAABucF\/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -1141,28 +1141,28 @@
00661{"flow_id":224,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":519729,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoalAADYRqAG5wX\/0CgAAAQG7w44AvM2w\/IuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00662{"flow_id":226,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":520977,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoatAADYRp\/+5wX\/0CgAAAQG71ogAvLq1\/IyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
00662{"flow_id":228,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522189,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoaxAADYRp\/65wX\/0CgAAAQG7u2MAvNXc\/IqBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522562,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQhAAH4RLuEKAAABTUJU6cGgAbsCCGUBsp4BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522566,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQlAAH4RLuAKAAABTUJU6bQ8AbsCCGUBspoBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522597,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQogAH4RSx8KAAABTUJU6Z0RAbsGBIoKspkBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522601,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIcaQtAAH4RLt4KAAABTUJU6cJEAbsCCGUBspwBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAG+AAwBugAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522616,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQoAuX4Rb\/IKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":560,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522616,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQwgAH4RSx0KAAABTUJU6cZFAbsGBGDUspsBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522632,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQwAuX4Rb\/AKAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":562,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522705,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXcaQ0gAH4RSxwKAAABTUJU6d8VAbsGBEgCsp0BAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAQAAAAAAAAAAAAW6AAwFtgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":946739400522,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522721,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQaQ0AuX4Rb+8KAAABTUJU6QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":564,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00662{"flow_id":227,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":522927,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"ZmZmZmZmRERERERECABFAADQoa1AADYRp\/25wX\/0CgAAAQG7tOoAvNxR\/I6BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAl5b2Zpamktc2UAABAAAcAMABAAAQAAcIAAfXxETlNDAAIAANT+QyCeqOpvY3ek9vOTVGrWy3oc27D9SS491oCJRe7RQWKb3q0aPb33Ziq0RP9PPCzRMBy1lW3l6rz74jWgmwszJtIbCS+4i64Fme9c0vB4hxz+sKp41i8d9KRbhVFMbjMm0hsJL7iLAAAAAV9TV8BfVKlA"}
@@ -1172,31 +1172,31 @@
00675{"flow_id":232,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":551914,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcDmkAADYREsFNQlTpCgAAAQG7wkQAyKDDspyBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
00675{"flow_id":233,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":553042,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcDmsAADYREr9NQlTpCgAAAQG7xkUAyJzDspuBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
00675{"flow_id":234,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":553659,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"ZmZmZmZmRERERERECABFAADcDmwAADYREr5NQlTpCgAAAQG73xUAyIPxsp2BgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlyZXNvbHZlcjIIZG5zY3J5cHQCZXUAABAAAcAMABAAAQAAAAAAfXxETlNDAAIAAHTELXM+13EPB+IE+zJ9PQOXdJ7IKBJfAx72Wd7gihP8hRGtsF77cDm0yhz652JqAFc0tI+h6KATFWPKnD7HPQCiR1MNmirJFbpEf5fuBV5xkfCiHCm163IIgp4yvCcsa6NHUw2aKskVX1OfeV9Tn3lfVPD5"}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":40374,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":51509,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":946739391046,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":49796,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":187997,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vJAAH4RAOYKAAABF29KzejDAbsCCCUSS8MBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":946739402187,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188013,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vNAAH4RAOUKAAABF29Kze20AbsCCCUSS8UBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01103{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188014,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"REREREREZmZmZmZmCABFAAIc1vRAAH4RAOQKAAABF29Kza75AbsCCCUSS8cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":520,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":520,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188041,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vYgAH4RHSIKAAABF29Kzc81AbsGBMTJS8YBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188042,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vUgAH4RHSMKAAABF29KzYToAbsGBA8bS8IBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":576,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188057,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vYAuX4RQfUKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":577,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188062,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vUAuX4RQfYKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":578,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
-00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02386{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188092,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"REREREREZmZmZmZmCABFAAXc1vcgAH4RHSEKAAABF29KzerRAbsGBKkvS8QBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAEAAAAAAAAAAAAFwgAMBb4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":946739402188,"flow_last_seen":0,"flow_min_l4_payload_len":1472,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1472,"flow_avg_l4_payload_len":1472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":188109,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"pkt":"REREREREZmZmZmZmCABFAABQ1vcAuX4RQfQKAAABF29KzQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00196{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":580,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","l4_data_len":60}
00668{"flow_id":235,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":352103,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUpqhAADURe3gXb0rNCgAAAQG76MMAwNUkS8OBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
@@ -1205,279 +1205,279 @@
00668{"flow_id":240,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":356283,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUpq1AADURe3MXb0rNCgAAAQG76tEAwNMVS8SBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00668{"flow_id":236,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":356940,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUpqlAADURe3cXb0rNCgAAAQG77bQAwNAxS8WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
00668{"flow_id":239,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":357934,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"ZmZmZmZmRERERERECABFAADUpqxAADURe3QXb0rNCgAAAQG7hOgAwDkBS8KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAlldmlsdmliZXMDY29tAAAQAAHADAAQAAEAAHCAAH18RE5TQwACAADFMi1FdTWI6xs9AIHJqo\/A+wDfjlj3WkVYnoIQAvOP3ISfoMelOBqvsYElaECIkBkM1KRmWo7IwtwzQE5GK6ICxIfEdneiwuXVbSuJIibtWiAHFQr52HeEOQNDYtX2pkLEh8R2d6LC5QAAAAFfU1VGX1Smxg=="}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":197,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":838,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_tot_l4_data_len":1807,"flow_min_l4_data_len":327,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":903,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_tot_l4_data_len":571,"flow_min_l4_data_len":51,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":285,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_tot_l4_data_len":571,"flow_min_l4_data_len":51,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":285,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_tot_l4_data_len":723,"flow_min_l4_data_len":203,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_tot_l4_data_len":717,"flow_min_l4_data_len":197,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_tot_l4_data_len":847,"flow_min_l4_data_len":327,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":423,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":197,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":838,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_tot_l4_data_len":1531,"flow_min_l4_data_len":51,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":765,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_tot_l4_data_len":1807,"flow_min_l4_data_len":327,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":903,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_tot_l4_data_len":717,"flow_min_l4_data_len":197,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_tot_l4_data_len":707,"flow_min_l4_data_len":187,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_tot_l4_data_len":723,"flow_min_l4_data_len":203,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":195,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_tot_l4_data_len":571,"flow_min_l4_data_len":51,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":285,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_tot_l4_data_len":1807,"flow_min_l4_data_len":327,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":903,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":195,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_tot_l4_data_len":1680,"flow_min_l4_data_len":200,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":840,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_tot_l4_data_len":1531,"flow_min_l4_data_len":51,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":765,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_tot_l4_data_len":1671,"flow_min_l4_data_len":191,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_tot_l4_data_len":723,"flow_min_l4_data_len":203,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_tot_l4_data_len":717,"flow_min_l4_data_len":197,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":200,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":197,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":838,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_tot_l4_data_len":847,"flow_min_l4_data_len":327,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":423,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":188,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":834,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_tot_l4_data_len":708,"flow_min_l4_data_len":188,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_tot_l4_data_len":711,"flow_min_l4_data_len":191,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_tot_l4_data_len":710,"flow_min_l4_data_len":190,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_tot_l4_data_len":1674,"flow_min_l4_data_len":194,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":837,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_tot_l4_data_len":1667,"flow_min_l4_data_len":187,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":833,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_tot_l4_data_len":847,"flow_min_l4_data_len":327,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":423,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":190,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":835,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_tot_l4_data_len":714,"flow_min_l4_data_len":194,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_tot_l4_data_len":712,"flow_min_l4_data_len":192,"flow_max_l4_data_len":520,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_tot_l4_data_len":1672,"flow_min_l4_data_len":192,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_tot_l4_data_len":1531,"flow_min_l4_data_len":51,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":765,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":946739611961,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":39816,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":34885,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":53045,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":51647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305192,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":37595,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312183,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":40451,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":36668,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":53117,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305329,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":43505,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":46140,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305453,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312406,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":47432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348917,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":47621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":46314,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":35005,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317431,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":47257,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312130,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":38812,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396210,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":54375,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396108,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":50277,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317428,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":37035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396110,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":44161,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318062,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":38511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304818,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381021,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":51826,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396218,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":42141,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348803,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":43540,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304627,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380844,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":40775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317810,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43776,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318205,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":40209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304399,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59641,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318167,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":51935,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317822,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52069,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":39007,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312400,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":55896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":49115,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337076,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":45375,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":54305,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":55046,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304362,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":53697,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311314,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38278,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":38242,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":2,"flow_first_seen":946739402187,"flow_last_seen":946739402352,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":59587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":41800,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318171,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":54096,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":52911,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":45815,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317462,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":36676,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396073,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48237,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311310,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38349,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304361,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":37413,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317463,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":49008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":50335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348912,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":41895,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":53811,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396071,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":48300,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400520,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":54920,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":55768,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305384,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":57465,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400518,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":56988,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396215,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":36335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305218,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":33369,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":59709,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":50601,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312407,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":35634,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304810,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43365,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":946739305328,"flow_last_seen":946739305354,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":55482,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":50757,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312399,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":54112,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":35734,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":52284,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318175,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":35903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":43129,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":34324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":53887,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305214,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":47865,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337183,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":38508,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":48159,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304397,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":39655,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317461,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":51363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318170,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":40138,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318168,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":50387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400553,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":57109,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":50403,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304788,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":43609,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":2,"flow_first_seen":946739318168,"flow_last_seen":946739318202,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":37328,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":59354,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55409,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337077,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":49975,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348915,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46363,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317493,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":60091,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":57636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318201,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":33279,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":60334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312405,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":40099,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317434,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":48065,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312136,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":43714,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304815,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":45767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396214,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":55185,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304793,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56043,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311308,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":38879,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":38283,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317432,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":46066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305459,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739299327,"flow_last_seen":946739299356,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":52636,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305217,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44093,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":45497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337079,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":39910,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_first_seen":946739312286,"flow_last_seen":946739312401,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"66.85.30.115","src_port":48448,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396113,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":49177,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304791,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":56177,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348804,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":44469,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305351,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":56022,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305330,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":60962,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304629,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":59367,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305194,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59194,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381015,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":46646,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391308,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":59400,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":2,"flow_first_seen":946739380983,"flow_last_seen":946739381016,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":58948,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306435,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":56902,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312133,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_first_seen":946739317403,"flow_last_seen":946739317429,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.166.97","src_port":56494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337184,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":36930,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":32793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337214,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":44496,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52221,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304360,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":50435,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":946739305192,"flow_last_seen":946739305220,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":44282,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318063,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1659,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47729,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318059,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":53876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_first_seen":946739318061,"flow_last_seen":946739318164,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.205.47","src_port":59011,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":52056,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305457,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":45722,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_first_seen":946739305348,"flow_last_seen":946739305460,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":35495,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348805,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38482,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305349,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":555,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":50035,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312102,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55834,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337188,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":59589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1791,"flow_avg_l4_payload_len":895,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":50913,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":47685,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317494,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":52356,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318202,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":54215,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305331,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":46856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":57090,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":2,"flow_first_seen":946739317432,"flow_last_seen":946739317460,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"176.56.237.171","src_port":41717,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305461,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":33565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304806,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":46229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304628,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":37123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739299327,"flow_last_seen":946739299355,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312105,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":55979,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_first_seen":946739318038,"flow_last_seen":946739318061,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":699,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":52040,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305187,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":59476,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":33143,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380837,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":56335,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348913,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":59224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_first_seen":946739348805,"flow_last_seen":946739348916,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":57180,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400550,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49568,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":2,"flow_first_seen":946739318169,"flow_last_seen":946739318200,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.191.187.107","src_port":35885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402357,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":34024,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312464,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":42156,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312463,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":46255,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312181,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":45987,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317829,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":55267,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_first_seen":946739396111,"flow_last_seen":946739396216,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"107.170.57.34","src_port":37287,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":2,"flow_first_seen":946739337048,"flow_last_seen":946739337078,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":38310,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305348,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":40009,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739304628,"flow_last_seen":946739304804,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"41.79.69.13","src_port":38136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312178,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":41913,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":946739305349,"flow_last_seen":946739305457,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":60301,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396069,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1655,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":41108,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_first_seen":946739348756,"flow_last_seen":946739348800,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":38709,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44491,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":2,"flow_first_seen":946739396047,"flow_last_seen":946739396074,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":55469,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311306,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":43528,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":2,"flow_first_seen":946739337184,"flow_last_seen":946739337218,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":707,"flow_avg_l4_payload_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"5.189.170.196","src_port":40748,"dst_port":465,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311312,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":55822,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396109,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33246,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312179,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":46063,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_first_seen":946739312132,"flow_last_seen":946739312180,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":37890,"dst_port":4343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":58740,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":946739312106,"flow_last_seen":946739312136,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":701,"flow_avg_l4_payload_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":60735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_first_seen":946739311153,"flow_last_seen":946739311313,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"205.185.116.116","src_port":51770,"dst_port":553,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305189,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":47341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":2,"flow_first_seen":946739396070,"flow_last_seen":946739396107,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.55","src_port":33293,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_first_seen":946739400522,"flow_last_seen":946739400551,"flow_min_l4_payload_len":192,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"77.66.84.233","src_port":49732,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_first_seen":946739312105,"flow_last_seen":946739312132,"flow_min_l4_payload_len":189,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1661,"flow_avg_l4_payload_len":830,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":56688,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402356,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":60852,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337186,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306434,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":59489,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317825,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":43224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":946739304789,"flow_last_seen":946739304821,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.122.250","src_port":38362,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304393,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":56997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304394,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":44712,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400522,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":826,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":47971,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_first_seen":946739391046,"flow_last_seen":946739391306,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":45682,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":2,"flow_first_seen":946739400460,"flow_last_seen":946739400519,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":692,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.193.127.244","src_port":50062,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304369,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55123,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":32970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":2,"flow_first_seen":946739337078,"flow_last_seen":946739337190,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":45747,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":59707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380834,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":34228,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":2,"flow_first_seen":946739312402,"flow_last_seen":946739312466,"flow_min_l4_payload_len":183,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":695,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"93.95.226.165","src_port":58936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_first_seen":946739380805,"flow_last_seen":946739380838,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":60885,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":2,"flow_first_seen":946739317496,"flow_last_seen":946739317819,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":694,"flow_avg_l4_payload_len":347,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":51589,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739304599,"flow_last_seen":946739304626,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":56035,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":2,"flow_first_seen":946739380804,"flow_last_seen":946739380832,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"212.47.228.136","src_port":38371,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_first_seen":946739305219,"flow_last_seen":946739305326,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1658,"flow_avg_l4_payload_len":829,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"142.4.204.111","src_port":33071,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":2,"flow_first_seen":946739317462,"flow_last_seen":946739317496,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"178.216.201.222","src_port":38594,"dst_port":2053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739304363,"flow_last_seen":946739304396,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.238.186.192","src_port":59261,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_first_seen":946739380984,"flow_last_seen":946739381017,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":39259,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_first_seen":946739306241,"flow_last_seen":946739306433,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":49512,"dst_port":1443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":946739305155,"flow_last_seen":946739305191,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":827,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.59.200.116","src_port":43633,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739304328,"flow_last_seen":946739304367,"flow_min_l4_payload_len":186,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":698,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":59405,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":2,"flow_first_seen":946739402188,"flow_last_seen":946739402354,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"23.111.74.205","src_port":44793,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":946739311802,"flow_last_seen":946739312103,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":828,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"52.65.235.129","src_port":46313,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":946739305327,"flow_last_seen":946739305350,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1515,"flow_avg_l4_payload_len":757,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.112.112.10","src_port":42570,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":946739611961,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01195{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739611,"pkt_ts_usec":961483,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcJkxAAKYRdegKAAABl1DeT7m5AbsCSDi2hxVktS2XlAXK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDO6Ugg3iONmSyzFBmv3WeUbwZp9IYiTM191d4EGpSNgn1Vnmhi0dnshrsldty0p0rog9vCUpw6jzc4+P9Puw1SQZaVq6AQHs9j8FHA6TV2fEODI+IleWgpNwN7RkTyReTtbcAyqcw4LZqRdzr4SFPlNOAV9QpavHsXRRYeP7A8ijLspxo8F1YH1toI16qO3Wyz3w2HsVy3nP0JwlulITaJBD9qG3whIbZyqhQYyJ2BvR67IS++x+jXq0MGJud5+s9l28XPdTs\/vK3y+tQd2+A5CezpWRNwOoTnzQrdnO5idkwCcFNbHZKDQFROmtVXAPisaIFuh2zDBTP9EootPFJMHtt5MCwQKxsqxAokmytyeHxjFqA8WwfVcAi5mF\/ZuGsfcjSKloXW082oaEMVSIkwJ74\/Jb+rJZiHxMq58YuihNtogJ1XyZ7N5w9vgrIru3Mf+Yb1s51E\/BAtAVet5JOSYKjHsRrwqjR5SM92Qhm81hCxh\/GAZd8BGwMYGW43YzzX7cWwZTJxpff01gK7OvmzthL7xQA0ARPjY6jfbbFZeg4DdbEVEZyuWoK3KXb6sDjKwxJLrncbQshDJtGHzwOzijM3V5WnhnWXGriaawdzvTvZzhIQ0srq9F4tmvJ8cwU537l2ggbdtCOlpHKYsSA7i9H4MB3lIBKJSrAhjGcr6R+mT\/OaHMOBRDayFlbn\/EG+N1\/YwEFto6"}
00916{"flow_id":241,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739612,"pkt_ts_usec":32164,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"ZmZmZmZmRERERERECABFAAGMXAxAADQRsviXUN5PCgAAAQG7ubkBeOzQcjZmbnZXajjulIIN4jjZkssxQZqSDAUmKpfd49BFPcXUJNsH1tfF8ILOrmEInURZhClsi8Vfa6egoR1ZaEP2TFIvnnwmg3DMIMPj1X93gFJnlICV6s1bYKcQ0IVszmSovV29MoXsJXRtqoBvjWoL6erf64n\/9lY7Pizn5GAIJ+ZpdKmiKxdjxBHa0Bf9zJfNMagz21JNImGKGgrF3C+muN5QaVzi53jM6qhgKER\/YzujMJfiHF\/aaLCV7ensBtZtMGPEX2NyQDksoYgHkNVty+uHcb5FWtodWfWQwK\/pSx8\/6EDGrCYsD3hCk628LO83kEMpLh3mWe\/DOYJ4VpTxZ8unmS83bK0xOwnj+LV6NHmYBoNZVrz1zkXkqx7GlUurn5Yj1XRRPDFjXpVJqBkZG7vuwQAAc0Zs2zwVPvHOdh3jfX9L6TmayQGceJ8L7zIXqi14xI3xt4P62MSxtYdyqx5X5yN0e0crNQn80yUKKZ8="}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":376,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":946739614386,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":946739614386,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01196{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739614,"pkt_ts_usec":386871,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc989AAKYRHsYKAAABkFtq45cEAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCN0sI1afsDgB7g4z3waLSDC2o9apEHGrmX1\/\/XVDTnA82XGV5BkJ6hyx9SwD+WiC6uDTp6AbKbCDGnUn3j+tLJpn2hItHoTa\/xeDArjby7slJF40ySc4tPuE+UMiXypOsTanLuynVvS9n8gbILRPI43brHHY7HDFenFZDOtfB+JxdnOOFNDYhfJprBR2DTCXiO3N4Bex+NG0pKxAEiN254J3qeD3\/OAwnKA81+nREhgnE+6I0CyIA201vB4x+d\/+mhwpFUuUhbbD\/SfJPnQXjy3jOXtIJLaIFLNycvxG+PS5Ojxq9uCtE2XhA4tfk90STkQEJNACVZbLwRyAcYZfg9qxeV8twgsNlEDF5PIG3nzQvpvywuTYlFQryvjTvIH4VR9wK25AyfzR7C\/t+iRavrUqnzmU\/fAOG0CvTaSqHI+4MnbhUZVoxS2UyUFdELJqReTeLin8fcrvX1wJgCVSp8+cPs7vBKaV+JiLAgU+OxuxldboVrer9459FyQl4WFjHazGEL4xKqJvMIvrueodNiqXGE6cS6tIYUKgaQ4AFmKHlACJF\/olwP9NoAOKSUY3Y66DFQ4v+LM9mU+SWhao2muTb4Tju4w6ERuBOUyzP9LBhYeQUMfKmBYpIb+UNg41n6P7vyU8kDamY+f+xv4B8HSDYKX2DWu9KXaFSPBiu3SXVmscc3+ivcw18HJ9BS2CgGcv+eo7Dnd"}
00740{"flow_id":242,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739614,"pkt_ts_usec":411248,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEMVHFAADcRMnWQW2rjCgAAAQG7lwQA+NqDcjZmbnZXajgjdLCNWn7A4Ae4OM+V95TEH+wEPWjCUqAPqLgKz03zsgxbeQD\/5ecQsA4RfRBRViLb9egczysjt1OolDW9kDXjXmmQiF571kS9rCn31TE60wfdQuvLsxXdWOqgaclRBMIB2+xIEcqZiOOnbAC3owgMpf07BM+8qosYU+1EzXz7EouWJa8VxL5FW0SNfmJsYYBjcSkC0myJwAMFESyFpxNCQtb+Z3Q2X9FOvOphUjS1Bh6POqoHGB4CgchAKjQ4X8fxQb5Wv65jhpmBRnmn5yUbcKZT8A2zfL7KGiy9Vrk+mU3WwB6UiVmU"}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":946739615603,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":946739615603,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01203{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739615,"pkt_ts_usec":603613,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+DdAAKYRHl4KAAABkFtq4+vpAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDCAf8ZxPLtyAmkbotfhN9FBFDCeDP4ncrd\/TOhQoXS6aaK7Qk9xNjCJAE83nYrNPvD\/886RDhSKbcIu9OfJQKTcWCPazM2lBZj5zsNZveK3aqI2jCfxNNTpF+6txS57\/tj1ipnKY33r09Y4upstDW1n4WR1Nsfz7UrdB6\/6T5NqtK9QGMv\/EvcCVnsI4etNtWFQzRfRc7E0Skos7MBtpGgiC86vsChOu7VYwrpe6b0CyOg6OcUDxGDoVs5ICEPVHDsd2RqeGP3QVPcQgf4RCQy1ImYumox7n6l80U\/14hvlajMMIkDpEpiu4KAyZSDWRXbhAD60XmVYOZ0blLEelAzhupD39arDQughZsQic9xuigYdXIQBw\/Fbye0tmt8ihEnYnMhGIlRckiYzkA2ioG3ckpl1JlkazwpX87IXdgB1wqkVRuynhNnc1hxUbpiv0BrBR\/fV0UhwJN\/T1pdWRfFcsSRYMRLW\/ixpyROEV8e41kHMNotPvlHLtOyi\/2lXQAveUUQT3pByUNSr1McJDQGc7QNA5zFLNTZBJqb0kxE\/mLWe0EMXj7XbfUBu7q2gn8G7CETqFs71z\/s7TC\/nsaD\/ETkxWcTnA0aNzC2E\/O5fjyCETbuv3jbGkWzJPfOkBc4w2M9f3qNHjwEkn1LJYLOKWSLyq34DWAVom05p8N+1XzUjvKKpr2SZf2pwRkSXCrFPZsLRFNDkb"}
00831{"flow_id":243,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739615,"pkt_ts_usec":628764,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"ZmZmZmZmRERERERECABFAAFMVRFAADcRMZWQW2rjCgAAAQG76+kBOCk6cjZmbnZXajggH\/GcTy7cgJpG6LWEOqYXy9eZW2i3Qbkc+\/ab87nm8hxILOmwmIagjS3082zNqzOBnUfDvXH1wdeKy55EXymmAOR3ISimesD3NSPRd1l+RxmfBHNn3a7Bw5aEHaIlwaCNLNQFqK+BhPyPkErS5VbNOhmY5xHp0Ui2kKe72GXKf4WLQR7zh9TTBssKJNiCiW7f2BiWF1TEyHipKDeny4ICpyTd3Wo2+B3IqtOVZ3rHmsTn5k+U7Dl0LO15r3tqh6n0WPCSwFlzqIYmOuOCTIqRIw6ZGfDu889dv4sOKdhqSdpo5gBsF5uRtahg1DOgrYIIV6k+VvSO\/ChUBVAry4GOrZXgTyxKsOYZ+21X5TNc3orLlCmaabkA\/armCA8Dr977H97D0+Y1rw=="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_tot_l4_data_len":896,"flow_min_l4_data_len":312,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":946739617004,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":946739617004,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01196{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739617,"pkt_ts_usec":4122,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+TpAAKYRHVsKAAABkFtq48ULAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDMYv6lXLSTAmrdvTCyOYpoj3kt1OReSCqSRptuX3NltyQeLyb5cvSCa8IppjLkWscLpkUyp0EuX0uRM80Z0tP4bkozd9zL82wWjC8W8tmOO4RTgddRqe2OW6UcaHGdoyLPby7WVQbLUZtFO6cYUzbEsqfBQPgCTh\/qKzkBHUUFOcOzpUyI3MqJzYO0+HYvDMlUyYOn02yFtLLa5Pq1FzqbW8q5lSsV54O2im5U817KNJVnj\/1Ex0RZMgloFaQtGlXZoAu0SSgUwvvAL1FO1uoRRAx+AcSeEgZ9dYJhUksMKZOl0pd1gb1y8kNBpupQux9D3tnmm7KlCbGQCOdJ7gfT1HbeHBBq0E1\/iBd8zqzehjb3a24okMSsxmhLmPfcn4P9uZtYdGDWmUahJxq\/ugthfP8l7FCJb27pTFxpBGhYYKBpCs8n66CHCXntWVKyqe9MG6tK4sOASpV12JTr1YNDUpJbbagNSSVC5+IbRWJ9kB5Tr1rdpADAHtTZhkSuXY7lHM\/VYuUqKr1+qXLnLCAo5cFYbfySTD\/RlMa1jGWX7ZjRRid5DRXgauaKlqQZ3kXMkfTFpvDON8m0NTWj9A1FG\/47eQpOKy5YSZ3VSyyGdtTjV5AwxRf0u5j7LIlgeShVaNcOEV16mq+tTopZDdjg\/q8bR3f8vgTH0VjGrhrUoHlYjd9nR+n\/OCx\/s7syonVC6jt\/ML6xGu"}
00745{"flow_id":244,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739617,"pkt_ts_usec":27798,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEMVhtAADcRMMuQW2rjCgAAAQG7xQsA+AQwcjZmbnZXajjGL+pVy0kwJq3b0ws3QQmU1oaTmLs\/KBJiu7G8scEX3PGgxPg+ruVnqVNFUraQxsErWYtLItB90wPdHcXiqlBhJWtFp4LLnWAvhKLKhjFEw\/atFhZeDiqXStF1L94cSN904FNHbkEph9CBTREE+edOKfiP4WqHgqjHUNPQp7n\/XDg\/V39BVU7YZKgJKtX72jHsW8p+y1tD4\/oB5Dnpf9M\/FhDm1mUKnuHl2H9\/fkExtOnA6OjnoUWzl+W3CX4dYlGVJl9MVrQvZzZFoWkXil+wG5XW3z1KVD3tlSpd4VUIxP+btk8gcC+s"}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":946739620053,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":946739620053,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01195{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739620,"pkt_ts_usec":53560,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc+yVAAKYRG3AKAAABkFtq45NPAbsCSL5UGz3LRoQYGq7K1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDJIKeRwV+B3o\/S1Vi20pwQIdLtPPzfiWHWJQqFzxTOLyCv2P6iXlQZj5XjV3kgHWrJU4+x22jVmI8HXUQsL4Ett9CycuHxHxWcs\/QYSIRhXy4zBDqi\/TRLgCDvexnLEbWrLVqZlx1oiHSo5WUfrBG87Hnp2cAe\/gsf5JPymP1MD3qdNPqZTHuk8S3o2b7BAHlFbKntVCDBSVQ2u7L9Ln\/6QrREPkeEFI1x9w5DZ5HrdTDgz+nlHzDSJBD364iAl3eoetv8rISqtBsiSLQHroHpiaUZtlR34l9Vzjmefx2nlmLBPG9TXLLZ\/mrHRFJkh\/uUcYYlECvdkuHlyfOYBwWiwoiqEQ+llPw\/pJiTU8CEAtaLv6CbONOtgp6JdiKE6d43D6uaZcFnqBbwg9eaCGVpcGiuUf8O0AgPu2sDwbVkeFGCSP+1RYWtMKN4UHnlXAzPp5xMNSLWhVnOiQOltHL0A4mIocw8NAKgYgB5WImGwHYZJTu3vKHL1ma4UUJgC2aPqavoEA8xSewTk8+kcdCu+H7U80l6uImg5OwmEHjnULbQ0NG6WqqnmnPPxiAFv0OcQF6VQejNwyFXYLHhqFbcBYdLiQUtlr\/CQbqH4bkFMHbjKfSQ5+8dmJhmOjdlgfwyZVo9qRa+DzThEZzNmUms2ITRpkxyxskJfLxizZZ7rIR6efqljBrZaiXsrJyXuIjgdlqkXHyYFN"}
00660{"flow_id":245,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739620,"pkt_ts_usec":112675,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADMWFtAADcRLsuQW2rjCgAAAQG7k08AuMXMcjZmbnZXajiSCnkcFfgd6P0tVYuPcDHPBNH+Q2V36ecIOy5+Vn6hASP7zwS+HB7\/COLeZpsYSR\/D4KtiLxFMLHMCSd4CEFa3HkazvGkn1cTMf7cEedRa5ffS2XboBOubQlEIegWZ\/uOw8cxjcAsifupeBdcSOB0uu0iqAXb97mPtwXo9C5m\/fEJEqoOJOH7mervMe4nPhBoqZk\/lTKOfh1zHYDnQCY0xNdH9fhG+JJ4="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":946739660371,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":946739660371,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01200{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739660,"pkt_ts_usec":371388,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc6wNAAK8R\/JUKAAABwx5eHJ\/+IPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAyVmLtuOyOPrdbG9Aa84c6ABESOcWKO1lD0bmXASu6Lp1JrrhdSsrfi+qCLd+yV08wcBIOyOD3xWu+JqcvR+qyyD2wAqK+7GtNLfa5CYKvl4+qE+B8Fdcg3etmdvWho9v6RWRGqvWQ79X3lh7drodQ5tDBKL+haa6jK+KUocn+9wX11hwHxQkGR1McxgwheyWwiQ8yk86\/0X3FOuLzu\/q11WpJtGw+xpq\/OB+8OUVOD89R6Mnj\/UOcx7obvr0eYbF5A8onkaQEbT7AaiYRJQ+hA7ZZDi2ljxg+uDg1AUnD5AkpxvEvbz9buRkBehRmtAjmpjCb+1eSSGGy0pj3fWliJpufCy0cLqKeBAa8pN+PboX7ibcQKD2oLVDzOMCPNysRr7U4iSHLRzA3mGLlWv1wmtPqVLl\/EoRbf02Q+FQ\/4r6mOaMPxUziXWn4x9EAZfWAyRDD7Afeh1n3Kmrb8xH0TDb8AwH7WhW4050ZoDY8fwOoRj\/\/yicxCkUFPRn2\/1wmsWfaim9o7xstoH1TFkuOYolb5zL0b\/s+Q6LzmCI0CRhGzcGbTPbKaxkq5YwwG9Y4Y7yX3r23bemnved9GKHI+BB80yEb94yRK1wmhzXgZyDB626hQAGMFgeYF1jYBg8XUeiAWAkUeVdpaFQcCYu3RciaRBtQKGADb1WYqE\/SeWtKsrZLM+n2BJmC8O6wwHCEtXzUPi0rg"}
00940{"flow_id":246,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739660,"pkt_ts_usec":417793,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"pkt":"ZmZmZmZmRERERERECABFAAGcN+1AADgRJ23DHl4cCgAAASD7n\/4BiHhncjZmbnZXajgMlZi7bjsjj63WxvRslmVw4ADDYw9Zf7rvWXePF7DzWlPhjWqgv8O9se2dHg\/hMkwpzbF\/IwWGmMmxEowkpKXdmkUibqvznKVpkcwGgbuuCaS7Y6VBAIjGo9kWj7NiKTrA6Y4suMJM1qQ00IXt9U3jt4cutk2V8vfwhRYcaNOhsYhZrStljarNU+tA0k9iIXbco1x+a3RzKSkOB\/31hiwlYARdPxVfA4tlw7PDeRv6xT+b+Zv+a+jVuxZiNAikFvbCic9wNteLeIi7n5SfaDU1hH5H0TBuxqIVG9IHOsQSrBqKpNMeo1qfha7yS2X+OJjDupJOcyA3aK4UBMnSr\/hwPHcnofH4+5e3N9vB71o19Y0N1Cu3OIZZTlMMscwt3XDJIpsNrPW0k\/KXOVig1xeZdDezEjIt7JmJY9nlO847+Hb404Ny9pRCt57zdrjCVnAEbkkF4phZwF7K\/zzTOwqW\/8CPNUPEe\/A1vTBCVo6HwXAA4OkIci3U"}
-00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_tot_l4_data_len":976,"flow_min_l4_data_len":392,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":946739719617,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":946739719617,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01196{"flow_id":247,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739719,"pkt_ts_usec":617737,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc7JNAALYR9AUKAAABwx5eHOmkIPsCSORQeRS+sjS2G7nK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDBMo9soY0c0\/zLwoUlxND\/bzQvpDiK25XnQMxT75lxBrJflDrZ3TYKCZk3StXCyTPG2FEGcG4hxHWTOmqcbZoIHiQGoGkoQihxo2BUKPI0pv0p51t1V26edh28hXvxxPPw7SntT7cr75g96KEBOTmpz8vKr2JtKP2b7u7k2V1lEcb4dyw8IiZpBWjdyNCmd3NDqhxitoMAdVDWaaN+p4NUnsh5LOnpcy+BudMvUiIPxrci+i2KL44M4RFazBU2s57RNqiqEv2bkqUCThU0SgEc9wzNR0FW71ZK4hudAWH8M3\/hAXcN9AewD\/AaJXRVgDGL0qn\/KRenrwTdCnxi6HDTa7amK+XsctsA25HOCRbRxeQJwScz6KcVEdK2TbQ7TCqCmGiDFCvYDXyDQlbjKYXmp0\/BJYjaZCnwrJp12tBAZ0x6OjhYZwAWscu0uhjPmD9iVirzPedIzLRyxaMWlLGePyHaAj4Or7sxUvict7D7E89\/0BkN8XtgG7lgmFT7zBoSzurlQ88vZsCNnKrFOvXYxZt2fBsVODLujNj\/tDQxfHRhSVCSuXN1WgXvmx8\/4SpEwOdjJ8GjGun7mZ2UfbnIj9QtUtWtJKU6mASD9XU0UWic8hmr4RcPHxhUnHJGAJ046xlUlER7NkMJm1TYibdKqask11nfPMpD0VjWYxoY7AOCRP0FnM2aYF37QqRyAsLBiMZsWdVVPm"}
00989{"flow_id":247,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739719,"pkt_ts_usec":664203,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"pkt":"ZmZmZmZmRERERERECABFAAG+RWVAADgRGdPDHl4cCgAAASD76aQBqqggcjZmbnZXajgTKPbKGNHNP8y8KFKW+XSruqbViU5UWiUSva7p4q\/AYRczDRsV3nci5xVTY3W7NmNbgWd95Wn1LHJZkVPpqTVw1qBPY5mArBhf+gRPUeOFfECdd+ofJDaoGOvOFyamxhIyROMRMgW5dPvOthc+oP4fRsaTLVk1jsGJhVCC8lL5C7WuKe4QsVCug6vlUb5MDgOey6PWAfheq6uh\/Wb6o6xCo9SsCbwnrsE4\/c3AnoD6VGu4z3OHcZv3Of85CH1fdBZtiEXJ14iGDgR0ySBqfwkfNqV\/amN09mhv37d8Bukwbh0NRB9ju6Oyp6QVJsBxuvpcLx3ia\/I19JcfBxIdSgYP2PNeqmV9aFF\/5i5eq\/gB2ziWHE3n4eWmdHy\/5HtzZoouaDQrjeTLDoGeRsyQ8AbAcbxTJeYc\/hyvjG0S4Dh4GFFMLk5QGrpOAQxsjlasHPCZNUlI6FaWbg9J6wj4UctB1m9PxGlOpLCTcjHtKT14QtT3C0e8B5m0\/g4kyAvL0ntLRf8vwUxpdglUbwcHEqyLa0eWST5dVlmaKw=="}
-00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":426,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":505,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":946739720236,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":946739720236,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01195{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739720,"pkt_ts_usec":236687,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcgJBAALYRD\/QKAAABMw8+QbCyAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDOvN3LKmlsKPJgnxHDgQO2HIwu\/7HgUbhvSQLUmgTButtVYZ7ynSLJeOyVR7apKprNCXG1CB6RzKxjyoWSQdDjHQSudtBqe8pb0jpoyikDKAP5jZsuhlLmSafeiWgv4b7FcEcaSLItWNKLNEkAAXUwpoLIVbFjTOnXrLtfp8ddH5RkIQz3yuUJ9Nr9mnfMn04Kowojf10wKowiddPU5KKVho7F0cvcKjFtvuttnCHTnagcxAyTEmIcCymyhGi+h9M4qiKb4nZlaO8w0zOAMAC1r78IGbvmw2MC\/y\/XFDrOtYAyDWcOnUil1BFM0d\/Bz+j1o\/P8xdWxuA8zW6LX70nyKPAmn2+XMm6v93oH0oPPpEb87KAvDSvCagsZZA4fpWnggw8IDtM+xGjIpanNsL2VG3CCZ8SJchr0dd0ybGZUr6\/QWXs1PQNuAQq7PtTY0h5VDncSKKbfMtAy3KYwk5hwtNLo5PMwSgkhumRRE888qSzJlQJGBNzGsf1NwJANZTAqrVJeK8b7f+2pTSgrru+nRtvffr5TCeW5qGtpkkXT1G87oaz4FH2RV1Xm1JIdrzicLRjoj866viGnjQ5b2\/UKZWoCT22+fKnqSPDxIXp73HamN35GQ751GknwXsyMVZZbtLrbqcV6TqrFj8sSTjExCJ80Zk2kq4s9KvTe8IudfZv2VZnKat7igdMc61peD9CbEijjtfZYoC"}
00746{"flow_id":248,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739720,"pkt_ts_usec":266316,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEM3XMAADURdWEzDz5BCgAAAQG7sLIA+HYgcjZmbnZXajjrzdyyppbCjyYJ8RwtW4RTIlvIG\/FZbH1Xp2LSeUte4yLE0KEYJIy\/W8+x\/FH3nQM381uStJPi54eYTbEiFOHb6+tNj6JfFejP8ANh9SW7+XztIQKHTMkKaKwDijmfQK3jWMvzYn5RQLy\/kgEd3jZcHSQ4+mGlJFAq0q9\/sxSmeRSE7Bf4lfghgGePrvRax2LVMOPyLQdEzOtXRcimFhC\/P2NV+z\/yC5UUyjWbNHflc5ZhEb6wjqEIWWaXMR9PmHFkJmX18vLk2mHCcaPJ0ISTpxtaV1D5IuKPIa2LIoH3gyFLk8kBlxy8"}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":946739725845,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":946739725845,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01197{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739725,"pkt_ts_usec":845905,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJcg7xAALYRDMgKAAABMw8+QY+KAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDHgMkBVee38D+I7fnhBktgHf7os968\/qL0XkoqwhIpo2rKPzGWXe2G9NgFMScZ1tv4\/+yOWKKWYUUiUyLx+7PMrENy\/k+jN+yzdctk2Zo3FLcHvC79XH2TY1F0O7cJD1wjxZI3\/IHMcd6PNvU2hGrzF+GquS0c6mjapr0bbntYIeD4+Xf\/ITOco5AtKhdlLVR6qs44J9FD4+1MhlzKeOoRa6oiskDhR9SKCiLE0vY6WaFISx1KvaV1\/AWlTq+Ma\/RCIZcpIwRnCK5x9qtU8svtd3XmYK5sxwzMlT8VpdCDkudem2VmnpOeldtwd4GZeCkcdGXhDpTvkco7\/J7KzU8Em3dvt1ZFDy4TcFUOFTvtGhCNRYamvuZtqV1ariMFQakPC5kVsCG2gSYSztnSwq2hbNURFeBG0BsgQjYyNkq5wGuYsXMV6s23vt0COGB4x1t6Zn8jjY5lWn7t84BUSUEjxNSXlazc9hfUsGYBk1YNyvKVIOa4XVjl\/NR0vRtizEXbk8CW7UFlpZywbOaEBbweblLU4zywJ5qKZiL8sEsu9XT1G3qBmTW8cVYrUgsGb+gfIiskkKUwoOtt9RL+Teq82rqtdl6NJyjfa8lJ6hpSkFQGXkbcjp3VueVgKLzTUvGcLRMTp0C18n\/FNAt4vg0zRX0o3Lss4rXcLQ3ZMQHCelaCESW7C4sZpRGMwGTOa2B2AzD+kO+ZGd"}
00748{"flow_id":249,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739725,"pkt_ts_usec":874210,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"ZmZmZmZmRERERERECABFAAEM4eEAADURcPMzDz5BCgAAAQG7j4oA+L7VcjZmbnZXajh4DJAVXnt\/A\/iO355MVB4P\/\/Rk8\/R8bJwvIdLtYy13W15OTi+Go1C5ARLPQjyVOYrIdtt78KeJtxqvLGMYFgf90WzBjkKY8vjgNB0MPV1q9fSbDPwYJMt9sDZnnX7J06DitoJz19fiGevmNqdw2iS+W0+hbeSiK8kirJT\/QpPdxVHp2xD743rTjnXejSHner\/lxnNhKbPdOrwzbBbFmJ\/STzN7we3lc\/L7tRfFce0lf4Dadw+FNCaY6kAAQ713YJ6hg1mApwixRpXpT16U0DoxmV6YKXf9KevXwY7CFTGcq9MsTSP1FQYE"}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":946739727013,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":946739727013,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01192{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739727,"pkt_ts_usec":13003,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJchI5AALYRC\/YKAAABMw8+QYFBAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDAvLo+OTm36q6otOO+fGemzVvq0dD3jxm9VGAJSNGJ7CPJoGqXj8m9e0jdRInMcNRA9p4+0Ni8e31vogtljvbwYYgmhAZTxwGYs6C50cDQFt1uHfEvD15mlAq995eAVsOx9PzSthVaX\/ivHpOY6L3Ij\/Ef7SZJJCujYYFW73myi8HjWORk7BxBZfRqH+6sXHsTHW9JgIyfg81CrvoYmjj6eguA0dO39fTJaKjXzcpWKnEcMMNV4ml8LGnAy0T9PzW3di7md5aeCc6dVE4FKwEMVWCPhdhJoRf2eXkrqBw09LkEK01y9a7hl1hmtvIUWP7Fpi4bKoZT2dc0fFL1f9KzoS20B8JdI1HDtUFbfn9WkC6dXWkvGuh\/9+Rlymk6CKSLR0QVl5o+\/deX43CF3YmoxgH2snZah0gHUFwhHSA2MzyATzLiO4hwopOla7EXLAzrjJnmBpaFbHi1L+QqXQh2bLrcU+P9O4f9I6E21iw7CMaLWnshFHMR4k17Kr3eYvvp5nk3smnj6RkzbyXiwre7VxnxR8luWJiFKQAtgTS7iTP90QNwfWgaQbUtbBzkaFhJU0sLHhiOY7bVruAAJT6m3XAbRU\/eHVLtQFKfLcw5DBcGucce2S1ZsrhqHFcOTeV5s1bkuGYusFVrqTNERXk+qQd0EJRZ80ghllq3WCfjIbNz4NU54JpS6KXFVABPgeMm+7RrRRXRHV"}
00662{"flow_id":250,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739727,"pkt_ts_usec":39034,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADM4h4AADURcPYzDz5BCgAAAQG7gUEAuGT7cjZmbnZXajgLy6Pjk5t+quqLTjthMYRcpmrtygKi+8ge\/d5a\/EggfKFstwqlUcEQ0npRyt3o\/+nrMu7IyAemLvDGwM3nY6O0vBX25jf4NlD5NhKqGUUpFydrLINODy\/Et1yVVHUUL4VBz3CwT8bs4b54QwYXASMjQfnf\/0NTpkvJ+0v2f5ntIAM7o81gzx\/1ovB+r6k93kwem7LHnom40gyZk3GGiIOpwn\/P\/XOKwtE="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_tot_l4_data_len":896,"flow_min_l4_data_len":312,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":448,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":376,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_tot_l4_data_len":976,"flow_min_l4_data_len":392,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":946739861286,"flow_last_seen":0,"flow_tot_l4_data_len":584,"flow_min_l4_data_len":584,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":2,"flow_first_seen":946739620053,"flow_last_seen":946739620112,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":37711,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":2,"flow_first_seen":946739615603,"flow_last_seen":946739615628,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":60393,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_first_seen":946739617004,"flow_last_seen":946739617027,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":50443,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_first_seen":946739611961,"flow_last_seen":946739612032,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":944,"flow_avg_l4_payload_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"151.80.222.79","src_port":47545,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":946739861286,"flow_last_seen":0,"flow_min_l4_payload_len":576,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01198{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739861,"pkt_ts_usec":286767,"pkt_caplen":618,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":618,"pkt_l4_len":584,"pkt":"REREREREZmZmZmZmCABFAAJc8z5AAGQR70UKAAABMw8+QZ7jAbsCSDRmPBQECcRLqdjK1L0mf5PIChUIPitfU3P1xdue2oSi59s41xANmFlcDEDim3A5yf0wjjkn7c0KZ99+wsaC8Q0jJNdVtRyvQ4vttz57bauXWf7aWWZI9GXe13Bq\/1R6iUwT\/A0\/zRCc0Ayq9cmcu623YyCddihLAAMnrLyfM6t6rL27MiG1nzMzmCPyF28NwS5XqwjPRfHv4CZ99g0HmhnodYUO8q68IgHhgstyCXs7D74EPnDSNCXWvxBvHIE3vRmyPvunw0teioCjIqxqULRcggjd13KNSzhv65LTFQDOYbWOCn+rymPlyEaTGV8M85qpLCbZBx+P2mZMjdPflMOxEUQrHk9kdqOlL2mWcrX2tI9xOtQuzvv+NeAjtLGeixP59GGL75pvlLSdqyad1gu\/frI3Onyk042MoSYGJ6RwV3eaPNbZQCtEwb9AOFIXBmvRH9XM7npQUXePLACdz9iCTPKnV7Kw8ctrZrqQ4N6l7ZvcAG2rUT+Q9\/LXDXqKjl09ujD68NhiQh61LzaYdfK4i7pycnU4qJoDyh6wqXlEnhJrx33Uml0q43\/LZkKq6+gBtMyFx1G0t8TXOxdVJjjFCI6asgc8Kxe6G3w1FuEYOCYdPJ1BDXSvfQyl+xvLRdx79zlvjoh3CA3lgSqjekZ4r\/nVmPAWeluQHxO36OZiUmB2ai6gs8+TK+H6\/M45c1\/tfkqR+WeZABxv3Wq+MtDzkLR1Ba9KFIEFLcYA\/aPSp26qFfnJhX4KU8kKJXh\/RvHe"}
00659{"flow_id":251,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739861,"pkt_ts_usec":499384,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"ZmZmZmZmRERERERECABFAADMBL8AADQRT1YzDz5BCgAAAQG7nuMAuKxVcjZmbnZXajhA4ptwOcn9MI45J+2cfN20Dl9sTMp3rF67X\/jDpIVgb1a+3\/m31lpJBtYvfwV0B9vwzZtjNo+jG7GftQDbJaUY\/oveZ3k2CcZHOjICUKnGXvyF5yEl+85urFpytmNQcYoVHSk5XuOkfP++TbbcrYxYsDH+x2d1Xg60pF+BeHKLrLF0X3ik2Kl1hdwwJCMdJ5w1\/ra7TZUP4kyuPD6WApR9UYb+H+3yIn0="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":426,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":505,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":248,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":184,"flow_max_l4_data_len":584,"flow_avg_l4_data_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"DNScrypt","breed":"Safe","category":"Network"}}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":2,"flow_first_seen":946739725845,"flow_last_seen":946739725874,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":36746,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":2,"flow_first_seen":946739719617,"flow_last_seen":946739719664,"flow_min_l4_payload_len":418,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":994,"flow_avg_l4_payload_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":59812,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":946739720236,"flow_last_seen":946739720266,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":45234,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":2,"flow_first_seen":946739727013,"flow_last_seen":946739727039,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":33089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test"}
diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out
index 8d402a051..8ff81b9b0 100644
--- a/test/results/dnscrypt-v2-doh.pcap.out
+++ b/test/results/dnscrypt-v2-doh.pcap.out
@@ -1,23 +1,23 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":533748,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946739298533,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02338{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797787,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq1TBAACsGSrWLY95ICgAAAQG70arq+8CueX\/bslAQAfmvXQAAFgMDAHoCAAB2AwOWvrm4FPC7V7PYuN+Lshod\/nezEzfqc01CK\/K8f2FrjCA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WRMBAAAuACsAAgMEADMAJAAdACDl61zVHhMWB0BdL3ddlBFKSw5Lr9HVe6EkVLOcYVLAAxQDAwABARcDAwAksgraFQq8T84jfrRmYc223NGnVGbYG\/xj8xk4v\/EJCHm3s9w1FwMDCVmg97DgSdnn53nb0jGLv9F1+4VVO1DlJvFZ4CsfAqRyJ8a0jMqAaeRjhyCNwiDpU+6mevWKgpxWfYNjWShazkI7oaAh0ocoGs0\/Z2Mwn5ZIkIv+OuDwieAM9qTwhi+fGVM4H+qU8v3e8TtrqoxC+IgZVc8V3I+\/yPEjroPH33YYxxjju5aqvElJCjEI4urJQzXoWsAq6uQKccy5WfzKSDhJNZ8AVPquU8SpWKmo\/\/E2qD+dKLWJFgaub29gXMXjQTVzoJxdvVKG52mcWm6EXETLAVeqYVAn1jxtrmpkg13Vk85sRN2hjK5eeu4ap8rf7Lodf5tfmhv8SVfULmdGCNmmvgZMJkjmNfdKrw+XnrBHNQP2GC7kgKzhx++y9Ur+7CtcaZ0Stuv2mMWKbTn30OOZzAWiYjVeWw1PNj6IPMesZYC3bO1PwS8+BOlQEPumskRErqRklUuVJ1OXsXJn8o9P7B9r5RxumsKPZbrYuGjTJfVUwTIwaAH4g\/GODGK2+B5YB\/Z\/6LysjXxF0obthFSDlDUGBTCdDZdGFQyyl8u0xri2sr4xv5TWFpIjmyYys6SXqhW7QRXi8cM\/fGE\/JM+qZpyddar8bHdCLxGlvvPz4eCxh6lg0sugzb6K+mUo6W7gtEoQaKMIAakeMy2FOKQ3NMe5\/F+3b43gHog099YK8NKs2bvSG\/W7LXyo8PnUinj+AVLnzhrSe+qvDBw9a\/Jp7AkHbVoQwt\/EIF5\/d5w+4KMlJPMSzCUov8rfi\/CCF\/iVjvModtxk+gLz4pUaK3XRZHYtLxfH7FHcLizTZ3sSU4i+tweqvPEyxXE1E7Y+KMLDCV+QkbWkWi9gMec8ZJ3GBnIg+iSrehGCt8i8t7Lu9Wc\/2fGKgQfE9jJe\/fDA2odknuy5GV2960tQvEZAXB0c5GJBhjiPYJgYdgJ2fzUt\/xLgBoWg0zKHa\/soHWqBrLympLp+VepVMyzuzIJ6QgGVTCC1EFSrrSUxkNXDsBrwmyRP\/9FLF9pdzZACXTb6S8myrZazmvEdGdk04PjNhUiHGlUT03OYvmagf8Ya\/4VRzGGdV43OAGkQYeu0ZY\/heh9h7fucuCFB8CyBx4wy7OhYHBnDOYz2gdf\/z49N039rzJarMWXOwbROgeoXzcsBH8Uj6StZMCbM\/ZBGWByfEjHDl5w8E1dbyJx5XuC65RezHZrv05dJlBbVSEsHIMbDl7IWOUdhpeDNskZrQ+GdU5boLCtHmvrbs62KT\/zlJm2mOApHTvifRvmqKBz9tPtGNCG6XGCZWhEY3FFyS9rmcTpceJwTCfQYlzYKZslhMKd4J63ankp0RnGQLgodwM35ISK98+Kq2hNOJCTBOCxPPsHuXjZuhXdIi8QCW9VQZqww\/\/NjZPMOPy4jcZ7Tkixh7\/JmbpMEV7PnrhAXh21z+u5dLFH52pKdwGRat6A94UDcInit5rOcJtblnF8P7F8IlQqF3WFZurZBuXzllHTzbwe54UUGPwrqwyOIUkW6zUYU\/09YfhXdyYwY1MnGRAlrE9sPr4V9Vgn7ZntvhQgmKz\/jiHNHuRGaj\/PJAjEPTmoQib9SfYaA5fyYDQmsautNL\/cJ4oyfD9Jembyctib1BIp9Ramfe6PSsBXI\/0Ka52Or"}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_tot_l4_data_len":1733,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946739298533,"flow_last_seen":946739298797,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02251{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":797978,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"pkt":"ZmZmZmZmRERERERECABFAAVy1TFAACsGSuyLY95ICgAAAQG70arq+8YweX\/bslAYAfkcrQAAThemFBuD34j0ZojpR7nDk08tEILyrSrE7HS0zZ4kmhXJJxPvCajO9mPz0f1Ba7CUeJZuC\/ww3Lrn+zD28CW1o9VT3LiWNj\/tk7IhVjR3oxyzXVyp8GIUKoCq+rFgLmVNv3t4E9NSsp0vzaP0F7j0JBrlPSojRxE2tlZsJ5feSSYzKGVucsWX6pYRquGlpuPfdHODx0L8ifTKNZ7sMGSXufTYU71W7zucIJWTJn92oiP3KQmXtYYb39SlVhRkoPmox0CcWIbUIkPk1mOfiZj7ZHZGdjmSkO+stoE+mAIy1qeh6xhTg7nyjAGvTt0OEbSBbL64py0gHtL8p9MnYDH\/rEu94PzROteC\/nq08LwZZof+0aydUgoyNJpYIzziL6obgZ8r3XFfT2yBZeGRYlK+7j980Fzg4IJlxXjB\/7u4t3CFM2KzwkVTOl0QgQ2WdVMZr63UzYIuBqVeqhjDwph8EAIPfj6GHii36awX1ARUIn+i2we8pqEICyjrrtz5abqrvBqhOgUymt9799jpjN96PN89rSa+qz8R5hSWva8Z0q12NMSUqK4V32q2T+XbFuVZUlGqNPo8Q4LGFZXuYD0rXuNudeUYIvyeE2j5uqdZqZHCJg4amyAZz0RTts0c1\/NYqX2y5hPaOLvInAlZn4kgRx8P3JUIFzzVPNJJ35uuAChT5mattKXxu8qwume7sBZMgcO4xIk9V0GeDf7Q0iqbxG1cZybv7JIhiCiaIbji819I0oDOejGbK2XffVEsRj3+LURpVM8fUmFAk669Ff\/Nr+yt6tH9Ktz6qOevm0rhgviDIUwzLNJNTxk3pvt9wNVus\/LUfcLiMKspToabUtDV2KtFlgjUQBZ6M603sQeMbcyD6v4zye6TReEZisbYDNmcge+IFl+e+6gIZYcwnBnjL+IMuKODuiRDaCLQJS72LiQoTClqyWNhk8p3nZX4LJsLVi6dW6cV7ErhFynQJtxWGrvo9DrmvbJGRV80Ul449jTrc22WvgTBKnaXTTsv2pw69IL3ziatAlwA6VUKivZyuSnP\/qeqQsLIM3h1xsud7x+raSQILbisV46QaEMOKNMhEo4f9EE5vYtzwm\/ngKP6CEyyxa5eOnqoj72FpXRNgDKcpbuNQSddL+rkopq\/y8uRR5TATut5xq9zEjEQLnRu3bhaqmLH7wPAre5tejGNaBElH9ZorCCzrnrfL+5ZFV65djnMn\/burxQW9SIIOlDcRe3ddZxIf\/z8dXGWfc\/YJ2alVKWABNBLcFPeFubCnDOGFnp7WaEezUQCo1huX1d\/AR2t9ZFIxb+\/2YA0Fcu4FFOucBmHB64h34YnG1QktWj0QN6yNlW1E24ubX3xPextdjh4av9ufsqLyV+lQC34GqCFKa3D2btbNVuYlf3F\/nsdPHHCRn+svJvZKssoO39MnIg20E8\/NZSYgAW7+dMxM2JbTCDpQf718V5e42Tcc3D\/MVuwLpSLFUnGgbahF3PvczhUvo5QFk5tF0YRiH+1QJX+P4Bld+SLzREBNKhff3\/yg9uJJKca+U+6nBcDAwCBaMxAcfS4h68NX8O4\/JsJCa+QWF87yNO9r0+szCZ1TeWGW\/KMvQNFzX1G+Y2PEnQ68hI4LpJQIC4VjBdW13rCggF8QR46NY3HL4enM7oteZTlqkQvxVphVmRyDsYFcjY4u2fGUw5LFrsQktQhx2VsQTygsXipX2KtdmPdscHLlgGRFwMDADV5C7WBlZ+ocDTA\/zppOjhaktsCXwO0sG+1hu0Zi0K+GaWwxXTJGdG0p2vdDlGf4dOI0eNxTQ=="}
00454{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739298,"pkt_ts_usec":798962,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABG4UpAAL0Gsf4KAAABi2PeSNGqAbt5f9uy6vvLelAYAfUqoQAAFAMDAAEBFwMDABPWqttRMY+Z46PAR95YRNrv8Sy\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00797{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":58659,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDIvZAAL0Gb1YKAAABi2PeSNGsAbu+7R6jIfk4pVAYAfYrngAAFgMBARYBAAESAwOSQ8JxHhGuu6wLKnGtwDfaCU9fn2zkXyLvCqG6Z1EJrSA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBvduxHcveHyzSwUHe1UMoR3WO30Q1YJASO6Gqd5f5rOQ=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":946739299058,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02326{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325554,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq+oRAACsGJWGLY95ICgAAAQG70awh+Tilvu0fvlAQAflBFAAAFgMDAHoCAAB2AwO4E1L4A\/\/vaa3qFy7zGtkSllYVpFARFReL8E9wQ5edfiA97l3xa4NDBUHApuStJw5z26JVCZKgohlNqcovRpE62BMBAAAuACsAAgMEADMAJAAdACC6hi7aKoaulrg0kHVy9iX3JtIXsjOWFqMY4JtXoR3ZFBQDAwABARcDAwAkVn7ui3VtyEjBPho8csX4cWU91LDHlldd37yMDuMkm1WrNSA\/FwMDCVkNxERPpxFp1hU3MTygH94nI+uO3MFA6Pgc7Cjgsqv9R94L1LzqnlTJ9qM2GdC3DoaCFMZy2rvnd3TUb44js1wH\/ZjR\/tueYjuCchsydXsjOJIItHXpv6rNdoQc5GxilmSN3ZLV0BdssW6zhxxgQaE3FYajxWXTTfgzUzOS+6W++jmvd1q00zg+8Q0qSguzfNUtyikLzjXqF591w71tmw1RwueDWDRqOR8D9ArOOASC\/gfHKocbf3MYoPn\/L3+LeyjDo7Dan2mPuEUKlItjagedNzassvjfnCKDfWzjTYX1Oj074zzZKYUi326SCBVqvZ4BTAJFklyVRE2\/7w5a9Hu3TkucSU4uD6YDgHvYuwr1PUeuJlpLcTtMIe6KqdQO6VhykmmEfKtsuoqKDau0V16KSQWM2aCvsVesKQ3DSQJg5rL5yIwj9vpyWnaHxDEgfEIDmYjy\/Axgsm7vfVWFF3Jrfc1xzCpgVx2Wzxxl\/maZOzNTYwZUTU3hLDZjHHXTyifvb45snBjXrLw3E9kNt6T2lmZ7d2lzBq35OqiFyiqDdqg5nN+wvKg6FFTseFXwn\/Cnava4JqwJeCYBLZwtvjbxpmY\/Z7bzc6mZPg2Sh+dbDSkCl3bi0C7OGN4lTKk6SakWyrfvl60M9dBFHVDrzgKu7xbDvPEvSNcZq2Dx1QXy2oMyLZnD977uZ9nLe2MaP79hLJNgy4v+jriXtA5fuVRTABndd0eLGpCNoQRcyQEasclWVE0X3djEYjD5W2s+8ID+COBoWOoyP\/WAq9bDmdFuLbZL5YcQMg6OEX37+6VcGXh24mzLjiWqRW2SXZBECP5e9Kp+qBc4nsLJy+\/cCFFzWnnOIeDNkPzITjeYYG62LLpDcjihxenHjNkU8aI6W9z7HJRAKXj15JybI7ZavgKdsyBJSz8Rv17E9WgwJgE24FqtNa6LcXPjCIVJ4JA\/FRIvlJbq2\/PV2grzaPllz7EIQXESn4AAbsSK6v\/afg1rifhsSGv2yYjxwtRB5P9D+FT0dFjO2m9zDYEYLvFPNAv2\/uEF0d+ML9zrDfaDdz6z+wzZI7tOXb+ZgoELySqXWnZpXCKfAbAaRdkBWG9n\/7DEkPQfGc3BRuxecF3gZRN5TjRNnS3L\/z3Mjd0kgq5NvuPBzwr++r8PkzDyv4SrhrEho0ZXiTGQlO7AUNavDHJ2E6WcvB6wH6w+nDu+LafkJwVBrA3g2ry2AgWQYQlCtuH3p4tS5epl0vy3sOsnzjbAIulHq4VIitq5pO3s+sczN2QL3hoGMgZmvfNYCCppei2sMRM3JeTXdDamDavAss5ffhc7o9sFzFOhYwBHF3K+RDvF+\/0hY+kvloFXPT7w5qyKb029c\/+Vu3kK8iCqQMpkd\/Y7fPVoDJRSebia6NkOtp0QF10Wqdh2s0768F9ux8l3ns6Ahcvm\/CEcnhylTvqF1H8nFLoIPnLNfkqliriwfEB7qB8aB8psWMvXozj1u+xw79vKaBVDClx5kPg1ndY1UZCkXuVmLOZwvxWWc0tuTJcMVug1lNwCPKGUEoQ6IRWLIe8NCbqmkI6bW\/5Xu20soyB9iTbKgsh2xLBekpYgVl8gT8VGJflOjydyD64I9+T\/dXz5zy\/0oPQP9q2vSa5j"}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_tot_l4_data_len":1733,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":946739299058,"flow_last_seen":946739299325,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1693,"flow_avg_l4_payload_len":846,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02250{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":325747,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"ZmZmZmZmRERERERECABFAAVw+oVAACsGJZqLY95ICgAAAQG70awh+T4nvu0fvlAYAfmmIAAAiW51QuqEfobYElojzNdmal3NmvuNd\/aotOFuZKIcd+01MY62EHH7E56\/oxK0qr9J58d7Jfc491vr3AkBsKJZSE5EN1LMlpXioNrse464nnbj5nYCt1y8iJtaYVHfHT9x8ujbG\/T2N6ZekRm+ONP3O7xw3rubgw7ubQJF\/KHEiRVFPrbIwq5RI7VTRdfrd3b9Fc\/71kitl8ImBckYsh09FSa2nRQrqALNG43BNA+FPS+D4bALfGJGztFq32s2D2cWRj2vno7VjQQWYQsz+9R40cUHWMbbW0anf7aLopYHYwhAUnxfUJyLSGv\/hcuY1JoGSes4gPPm0w\/KvSPUfmH1XOcuJRdoXdElY5F\/m9je9IUq8euoPyf0PXU\/w6wn+q9PJNYNblwNWPVkVSF6bp87Ycrz+bZvhmrk3ipYYu58\/qf3ItMXsHiYNDHVbyhTOrrT84X2uXkA5ajgilxkHZCWJdDIvRFwT++59P5vI4krRFU0SPX1eygQdMslXLsxvfqQATVp3sK76bt8qHa8rMRVLCfPA3UPe8Z9q\/JNBVvEPCwFBWQICqqCApD7kqMSclaEy89K83LVugXlNfNOargw6YlUR36QNrsco2xSkkpbYZSag+guZDt8NaBOAQqx6Dtx5yS9ZeM2TaZ4Tva3cH5WwTw3nwMfyBrZkmKclliFlyL+l3\/Ft\/1cAhtU5U7a4LgYVbdqsQxRVbeUPAwUZ68y2BGyj5Xg8Mtci4mPsgh+bnyNL5K5y9jSltRS79PDJA87B7hqXTRUrELkxjFWaMPAzghsENt\/UjelVjAgSWUxzpqxPV+2hED3HVp9LJOBmZIcSEVN1eWHazkX+mtW2m+0GAsZaxamutLzgJh\/DRJa7Jw23fjV9PCXnj9MWSdJstPENtBI0OVh7PH0+uAGt1zxMdGzUgBU2QlNOO7S4UuYD0Y26DtfRFNsa3yyMMJMA4d1B+99D0rLBp+YTr6CIQlSGW7\/MY0mGzKXnXLKEBMjIoE76aJQADNrOQ1pUsHUbMNYSxpurIgJZbgBG3OALLoptMECW3PsCTpgXkQ2OmVE11D882PmbdA0f4acC7LQATIGoxF7ZIVK6E9Vi5\/LR0AueJFdtzLq+oc1+GpS8l4A7KvQzJjHl8BFVtlJFp5Ft91g8c86AHAIukg5AmfSwO3K4Rq0SXUs8KcP29aiI1bA7\/K0iAEMbAiDcRNwXEEo+uNEfshUZQDIyZoBHdLzMTL\/2s9ouLF90mtZTkbub4ko0oHCp0UBuhgnfDbrA69yTnP91yV8UR8xswBSaiV12vmMHeXGGKIJ6dQbgPNn5OzZbyefQz5\/sH6dHxYbcGGfd+8wSxfEi7DokbKnmTmetH85RkCusy06sJkhFgf9bhlEmk63Cet5cz7Z7ea9PrtiS\/xOPZoAmLR8AcrBNB\/tHpNVlFcTM+gO6pHXXYSwt1o+rdQxZT4lFn7kVxmARBzEGQB8TIogOkRi0YtdMrX\/cAGbQWx0wllwfDL\/JIISbxKwUNTT45zepGk3OVcnv0694KsAM6Pujlm7XvrZ+hcDAwB\/JlZfTL2CfKHweE8ivDA\/8Dj4s9MhpgBrmwa3P4sMMqXQFKgI6jQB7iGhbQGftnSVKI+QCxWleTjngiVWQbRq4xwswRPPuCr\/EteohSIpdjvjIjT4EQlykWjN3TxUSVyvVSA8Rp0nUkHXzRzNgRwt1EKIchjIYekan95L5wPtZxcDAwA1P8zjtyfqh9OaAN1qf+msLEHbyvTYhKC4e6LNeICCaSA3aHIsCQ1pZdcK52vQiTVTlBfFsLw="}
00453{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739299,"pkt_ts_usec":326863,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"REREREREZmZmZmZmCABFAABGIvlAAL0GcFAKAAABi2PeSNGsAbu+7R++IflDb1AYAfUqoQAAFAMDAAEBFwMDABNO8IRSNKqnBU+tmi3o0yr7jeRP"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_tot_l4_data_len":318,"flow_min_l4_data_len":318,"flow_max_l4_data_len":318,"flow_avg_l4_data_len":318,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":432784,"pkt_caplen":352,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":352,"pkt_l4_len":318,"pkt":"REREREREZmZmZmZmCABFAAFSUVZAAL0GFwkKAAABuV\/aKsW2AbtqjRCaK20m8FAYAfZViwAAFgMBASUBAAEhAwPqrEqAFBwbSYnmd5FQ4vhXWCXQOM7WSA+ydz5Uq2T7jCDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACyAAAAIQAfAAAcZG5zLmRpZ2l0YWxlLWdlc2VsbHNjaGFmdC5jaAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDBZSA439npt9wjB\/Qij4hgUYqoHU3i8\/GsiDYDjRoMEQ=="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_tot_l4_data_len":318,"flow_min_l4_data_len":318,"flow_max_l4_data_len":318,"flow_avg_l4_data_len":318,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":946739304432,"flow_last_seen":0,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":298,"flow_tot_l4_payload_len":298,"flow_avg_l4_payload_len":298,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04349{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474088,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA8Y9AADUG9KG5X9oqCgAAAQG7xbYrbSbwao0RxFAQAfVfuQAAFgMDAHoCAAB2AwMcSuw\/xeEh9B9zohSBYXmLCSdYelc0PZguMzAQLdc5lyDruFBRjE\/ZRtIlov08nzXX8Izc\/f7Ut++FjeF3CgO25xMCAAAuACsAAgMEADMAJAAdACA9LiT1RQf61DUAcNgmrd9PJwh2JRIEeJ2AayVwYZe0VRQDAwABARcDAwAkpkFL6pYrY48v\/7oiAzlOAXfNYnXJT5\/VQ9ye3Jhdgfb\/qFcIFwMDDINDI+OvHUF+FRNUcqHGAtixa5OM3ESWY04brG7N5Xjztm8RaH\/MawsGpkLkwKimhVGQ6ciJhhX175QbHhfhLL45mnkevxxrQGot9ty+fzwVg7GUUCbrsUr32l6TD4OY9EXQQSyuoBvDePneEphgFWs2uB\/zEFQxJzZvf194T3VRrMXZftbpf\/YmEhwWBzhFxCXz7FBI47mE4BFAjuyUMEWUzwiwE55sybcBJQIrcz91caVnRcYmA1Wi1qK5uHVbVaqkF1jIcRZS6+N+xmFq9MBtbs1TttpF6z36PG19i1g1CIx8xl4wpaYvqDA7QOoSL5x3PMqBtb0k4c3Q\/zEwDdawR+TYy7hNCaHkQ1sAWum3cmhRVUAXu9xkbB0O3nyNloM3\/1BpKJAhKkuU\/V2kkZGB6Ql\/kS7sAxcWh603OAJFGoXqcwc2spjFNCK4ea9Hs8PmACV\/UTaJ7lrlVw2HKBfFrLZE4S2HECqocWhjyVs89\/VZtJDOJu7pXlvP6vYnAZ+sKU9FZHgQ29hFtZTpOUnFJKyIZ7qR3IrvVPATpVytUzMEEVKArnVXT6TYqqci\/q+Ob0fbpe70cziyO7QaX7DT+VhBEhzijRbBVrFLadSpyh0XwKqeuShTd5lBEg4jq+0xz6QU3AR+JKO5yFNIu3wqn66JM48D8VfHh\/P6zoK25bt+h0uyMx2Tdvz0o8sXcXOlNbkjxJTj+b3L48sroz1OixQLEwkGWR0YALDiDYZDaGEdLMJeKpDENsvWGjQzbcLGtxojF3IPZE5plenMHHam99lQcz7tOMhTuD0tu9K1ubLwoOk+K9ZSx+jQ\/y8OgEHvmzPhQqCD3uYFzKXprY15BXYSgVl4JkFtCc53KhrIqQpwfu8AGb8d7NaM+YwOO8C5+0rvVtZQVjay20f9c8RH+m7E+z6+gghCL2zO42Qf0EGAmfsmAKXMp6WNxCrd7mkU+MupYWwFGBmLvHH3Vl5XVJZL0bTZyhceC5c2NC8KJ3G3fmI41pUyCIqBiCF4naOVVb20hz4J7t7d4+3vNMlh9pkutkDtBUG\/sopbYKTD6kxhRU0nbMYNcJYsotavdtxk+5ricax8dlXTEQUyVGuU7VzQro6ZTS2J\/N+Dqw0JjCzhzZM4Iy+Zigsyz452Mxwn4H+POZW9AEa8UJIqsMXNYUOgxqdRZORU8gjSaaYtyhn4ZgPLYzJWev+UYEVbkQQlIs0qMsnDALKCKs\/vPLbMaZzLaWAeXOQBcQn6dRdSl1OHdjVYou9K0wNLFmi57+vod9Ufwp9xSCvh3ThgMiLBs9ntZ+DKnnpNK7K++8wDuLBmnbcYEnUZrZqGa8EXM5oLFPSizN87UN+K45Q\/S\/mtl3uxWe3MQN2DDd0vZIT\/pM6xA4vmgKQKhOGh1G\/LsJ4bGVvyfPbVWvvPsPMrkNeqwnVRFRE+JcuPLjNn3DyJRPv6SImnNR3F3p3NDu+U\/bZYbpfAqdtebmwkI6E92\/4EaRwnMS8jUU+nm4J3KxRiQRAHf2ic3MpHIJFU1alZ3UsqHJ6ixFmoZGKJNMub9RVwhhoMDob7lsWG2+BH4aWefcCL1wBXs4NIWJsY2Ws638ztVCok6ObVcpsMJe2l2ribLtt6uLyB1eEKfooGXoxgtbiHn8UI8BDgLRXpCnA7qK7wNCPv\/hXV\/5qObuA7HW\/C2qkSIpV\/R39i9wwVQ1ug1QIQz\/Ivm\/r6WLd0npdZrGVu5GBOJgUSRjnZQS5nqzdQ7xc5efsR5ICHi2XulsD+Zl3WQXVxYViEQMZNQRJCVpPIcx8YSgUINm5M6giDWQvYaHGMiifN+4pLOGo7UDtXSoYcIPou4kTo7mt5yFzAggk8EG0TmExkKN5uy8guvzoGiu3UmP1ayFSZA5TF4Hxgcg+2NpMUwTAvYDD0pW884S8fOW9HXDNECKzwG\/oVVn5NMUQqNCBUKpIkrq4caPrR60LP1G1fKKVz2Mf14oxUS6BYWLwcRFuY6LigPfz3Ch2bE\/jL+itDz+psExENk+g1PfaK4go+YhsmYCnhhZtTocVAIm+qVANsaIE47+Mr\/3qaOf1rseYxdMsxv04vxWH70UAraH7Y4AGe1DhKm55YgPg2VNLv+h443L3JtfuQRH1c2k3TEXhdwCAcDQH9W699eTwV8ntiQTxjZssTXuxQRFgjLr00HeNPNF7n2H9VgT8LsXQAt4\/i29eoQanjq3bUca84pwERHpxJCf8pS1a1KaFzMXvwUcJQOHW0Q\/N1pQGzvCpgH08Dx9GmHQ9KyzJ\/25WSu25QUZfal6F7L79g8iREwvmDUfy2lEv7mGnvWdhk02quVGsRpK9JEZQWo1rmsoDlNw4F7rXwD7R+U4RUfRyKkcbXPHiTg6YeMzcydsycniM9RaMjPPob9n1bk26ufx+9SlvlwwzqBTbOelsik5jIa525vbi5OIQxSrn0plookRa9xUJNwJ0omdn9j\/AW9IsSa86jM4scUrSMFbeKS4NfQDG9J4VYxzdoR7UNco77sa40\/zPWSa52BjRajNWVVhLj2o4JJQ1TdUu1\/Y89xmSzFKfGWeLSDj5A40mFHXGu4ywpzLC8Nndnau8G5aFKzcr\/e\/FYXUsoYZybTLRRgFBh9CldD2TTFeVueuq98o4ZVu+q1YYgsJKBwBBdV7ZQvj9\/cuG60fpzaNEiWJubkXSKKJvv74KXiPSXeDhQYLSS52OcrIzafNPniFrdcohvXMGEBoTJqcVbFo3+5iC13wm4mlmo+quy\/l2iSqCs4wxDhhSbLnO3Mj4Jo+xpM+BWcGCqCQkZM3XVKq9YiLnmUpBqToMdPk8pxszpPKZj1LhkprcBdvtCOBdOnwV08YRjPbT04P1DuRJXM7LDfWyxwk\/Is8GGMA1w6+\/RlaDUJ4QA8kKf62dGdodCfjoiQVkcxdXgak+xv+ho1izHEaG3Cxi3\/0JNNkwi2GYgruxc5fmKOdC4sqtkxC8j7I10mTh3+xdhudUBx0Sfr8yXq66S2KI88KrN3whtG4+sfGtAkvxG1DDMgti4zkfemFnlOATAqP5VRZM6U99yi4VhRBfczJTw1gBFetM1BkbvErs0YQl2nnzhNtTGtufXl2uHH4oKan\/xnak8wRRzvD04JQK431fn3TEvjjqMfQgcgW2JNC7Jyw7AYjY5nB5jUcAvogHpO11F1M9vRMop+cLQefP6yxy73IHNujTUtW4L99fDdjHVHLSrb7JdVLoGFBt3fFHLJFZwGyi73KaVuA8iLogqAdT6WIlJVQpMEOX0IGn7EhGzmKBzxPYnYlqqEBMEmrbIy10AsTQseVjaAzuWns\/HCPxtq5uB5ayh6r0SQlamctp8CNeSGkejLyD9InFUv\/cN6jEeAPw9ln90Uo+NcJcsUJLeRD+0uBhQVWKlzlgFrsdNHfyZgldWogT0yc5biAQ0YsfjTotPSED4mJ044\/CPZYxO\/WG1WatWJcgbBPZpTJOczqp0KaqRJnQpbibu0vaCcUf\/KqPXTh9mQWbhQvkie6BJSQGOWuxP4jMOKd9ZpnBr0kUhcDeMAPaBISZnWKXpcStlkCGJnAAKL5CAgF\/30XUkXB1LxIrTS74Ar8WfurKCvwBWG\/WZugVENhYI47kxJo12a6YH"}
-00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_tot_l4_data_len":3242,"flow_min_l4_data_len":318,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1621,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":946739304432,"flow_last_seen":946739304474,"flow_min_l4_payload_len":298,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3202,"flow_avg_l4_payload_len":1601,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.digitale-gesellschaft.ch","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01548{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":474151,"pkt_caplen":892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":892,"pkt_l4_len":858,"pkt":"ZmZmZmZmRERERERECABFAANu8ZFAADUG\/LG5X9oqCgAAAQG7xbYrbTJIao0RxFAYAfWPbQAAW0wo1H0j139pBXgBmTX+NlnQSaFEq5K3Pk3KVeGnXpOOLq4X08kQBuG8lGioiVe9QPOeM1XWvGxPlasRKFYrXBH86PGVaXAalDOEWJlV3PHRUUevw5fI6G+9XzuHkGZKTzPpIIOZ3iAzfHnVG3aTpqTBf7xHcc9kM1a8UHbmE4vJrXG9wa2HwWF2bcpsRjUYBUQxiid3MXG7FbSTEXHjqgO4LQdR6Xrrbq+Co3CdY49hyuqnRUiglv3ZkZvp\/BcnFskV9iJiOLBUK+jpAhnIdIbviFi78T5PQD4Tbyt8STzKJ4\/mkCRReunmywmmxKyYx8ErZcAkoKDR9IOJ3LCf8I8uzSUCcTKeSSnHS6ASYLDpWersQuLDgg3Is5Hb+2kMH37wQnKetidHgJqxmhLBaw+NX16ETkRc5vqPLeAmNQjzUjFZW029RGYPrEM\/M2aIcKp372plYpuhFsySXWIydCD9tqNCwZyquQ9nS3XV\/M4rQP8eJtxF8c+LbyHgf4cpoHUgBE4Qg\/rQ8QPjUfA1pwRPb\/2owpEEJi4RutXWP+JydB0D0ebOUJIyGUMSTIpJcFH2AKhLGUYE6NfckNeCzln4nEp2+qOXsbfMejtOZFyyhHVzHpRSbGA51CkajxcDAwEZGvKJBQnU\/r0Z9hIPhFlH3EC+7xZqS+s7+uQ2E96CDW5iU++SeFvwmMtUyG5rZZUMcBGpLzGamrlpIcWB85XVCU4gt4ssg9\/BdLmFwKiGqbmqVBGWt\/8gKtXdyHqS9eDrvNFNLvTrsxnC0XEzuTedB4Vu4WIaC7MUadYnyNgpkYSxjxFL6J71Xhm+92aoteroJN4zzFxDDd8rAkDnu1z+ZiBNnpB\/Gl8e1OMkCP6vsWHqZoCX9H9vn8tgHDIFyxXWqZDdxctsoUH7QrryxeYlvn1njblpv3w6tKj8ghJZAtQ3ko6UuvntUQvQpT48C+AbzDC+CMGpscAjbO2LKlP9fB1a9O37Dse31zOmm1FlQiiQCvlL1EpsgdEXAwMARSV8NSHQ2Cma7zLl9Np9i8ttiytzR2iGli71aKFmLcmNdXIXIfvH2D8Tx5IjanqSAuAMgykIOqh1u3rHE4swCwSQXoiMxQ=="}
00528{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":476319,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4UVlAAL0GF+AKAAABuV\/aKsW2AbtqjRHEK201jlAYAfVUsQAAFAMDAAEBFwMDAEXf5i7KhTG4S8dv24+5p+S+LhQ+PYyJONVNe1tUvJx\/L+\/9b0i1+dS9lEG6c5mDNHT9GO4jeygeA+4A4wrs7q7eoeKIu20="}
00537{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":476473,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+UVpAAL0GF9kKAAABuV\/aKsW2AbtqjRIUK201jlAYAfVUtwAAFwMDAFG0yPRl5vfYgYrNqN6Xr0RSsU8qyxBJs\/X5WTC1lrz\/gpr+0l90DKKjt1jArHygBMrF84aQB1D6XplQ1nx8u1Fux106dKe9yzC6\/Eneuw2en7U="}
@@ -31,11 +31,11 @@
00460{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":516599,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8ZdAADUG\/9K5X9oqCgAAAQG7xbYrbTmSao0TblAYAfXKPwAAFwMDABq2w+EgNw1Uc4R5UXmOYRclitVqGcW6tjqy7Q=="}
00565{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":517294,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSUWBAAL0GF78KAAABuV\/aKsW2AbtqjRONK205sVAYAfVUywAAFwMDAGXrvgAlUHCjITpl4KMASatmqna9e\/E+FqvmZh7UxJcnge5ROlIX9hZsf4Ya92Ea2RROdlp098UA+mdHl5vxFOf1boQLJpYUnuHc3BdCsWdWSLwcpgO\/rDPjVLlI4Me24bd9SJzWTg=="}
00569{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":535061,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWUWFAAL0GF7oKAAABuV\/aKsW2AbtqjRP3K205sVAYAfVUzwAAFwMDAGlo6TRtzKG2Adwzj03nWd9OaygWX7gjGe9hX13CVMXOcFy2nYCY6j\/80gf5Bt1OkzQH0vPzsKbCxgckIEET7XKmYgeG2kNLad+9Ya0NpTF2SiB0RB7Qw\/V29rzYCtSBJC6ss51HwxxhdQ0="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":846437,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFKCqJAAL0GKn8KAAABM56TMtqaAbsV\/EiYhf03fVAYAfaIyQAAFgMBAR0BAAEZAwMDM0zFcZBVaq8jarHhMnn706tDCSlU6qIcSdmbVQbksCDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUcmVzb2x2ZXItZXUubGVsdXguZmkABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgp73dM21LptFd0ThW7be4\/uwlUqgVJQtqqMQYrFbmEGQ="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":946739304846,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04667{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":885416,"pkt_caplen":3185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3185,"pkt_l4_len":3151,"pkt":"ZmZmZmZmRERERERECABFAAxjgA1AADcGL\/sznpMyCgAAAQG72pqF\/Td9FfxJulAYAfWT4gAAFgMDAHoCAAB2AwOQkeJmPgfI+2\/Nb2YFPwnrh6xqnBenx5u8q1ZnyWqFbyDb4Qi2Yz\/q0+XeTvQ9QWQ6+8m8vlFJqWD30N7xMHe76BMBAAAuACsAAgMEADMAJAAdACAildRAk\/Ii9q568Shy0jK1lY4Sb1nfErCeFDdP5ao6KBQDAwABARcDAwAkQtxzjO6Y1fKC\/+pxVLm\/ix+V3OPJ68RUn+6KLdAjN0rm7jqVFwMDCjCAB4dDMRsvk08LXpiehq\/g9vbt8WAZZyX0IwUW7zm2s2JxksqGXN7MA4aQXMsXbea79jo4WvO3p6dz8ckR6\/GSVEFX2o1gGE3SmFE8bI1yIk7FWs3aYgxYwqLKQEvbN1ogdjJ6GVf+z5kiMwtt12G5tdTf7rSfZ3NH6Yk4oM8Elpl9VtGpp2o0FPfY8QB0bMd4GPEVRd4k3sqTgevSs5A\/CC4vXXDNw8uBoNAhPcBJ041jkXgJVSYm9QwFsJI4LdQTSOvpWGu8g3Q7\/FqYiPFofKEmMJ\/qdjv4rC472QK9MBOUQREh1M+X1zwZya0Ac0YwCKyp0B6QV8x8ZfPc4YWcPVw\/CzcsYjigSbp5JV0L4gyAue9Gh6S3YYS9bSWcQ6OYfhcUgIVrottiHisZ3rFZLnhHY2SXkUzy2eOnD3Qi87\/nZ2OjGdHVYvM8Yu4DBGax+k0RD3dyn9+WKeU6QKdkf0bt\/mxpZ+gCW+joqGHWhH8T8mliVYu97Vp1QkdwgpRB7hXYN0Y6CGFsBPw4pzAHjVBFBgDGgx3FLp+jHtYGS4QJXS1JHRsP\/ek1Bjr6PmHXQaaRrJ7LWjgQKI7Gha0EZqsq38SOF+eicMwDFpzc3B+5eNIjmjJW4NSel0FytKTt9ojc0NWkn0EYaG0EgY6+6x2nvzg5YX9tM13wZT\/oz2Ot9pPHCaabuHca2dbfesbpNetZkot4ox97XYVrqgngmst1PfSQmtM98M5ptnPmd\/sO4Q2zmY5zCyE4gqZJ\/jBMttfXco2\/5avcH7mX5ejSI27aNnLJexzSKXQ+JaOKITzvIhr9MApYef8a6mxmBG7KvaOHtWpBt2xvsdwkyGKaTSFivERAQJ3qVVpBnDVBNegKy8yEp45YgbraKILphly37eCzmeR8+BDQHM0\/olAhROBUZh\/RONZXvUkl5SKTRjHC2xvJNaeZYZ+hmdzytY6JxtjOWIkXJWGOQ1NLnp8ApIWyE\/uNNjzCwSksu7oipiMjp9\/TYKv3dTCD+5Ol7BQVVV99RWf0LzZ8iQzJsQx4OWgFzyT+Rx7ZVNnTGOrqRbAycjVipQHP7zlio12QWc9UNzJCxesOye7ivdDzyOxpzywnD3v8hSp\/9zPmf\/3ENHJgy8O34UUO06MOahgiokayYgWdjmVbemjxT1TryYu0gDna\/E6EV3qm9EmJk3uwiz6F8MD8T978R+EclF8jScCvS+0rc0myMoeeGSKvHZ59\/bY\/8uMlpK\/glxn4tf2FrEjMiwTYfD\/iCofxemvMkvC\/JJfgLtIuT4eRwYnzHY6tx9RKYdE3USzn4\/mm5qo5iJNIvjNV0kDlflg2at\/H0LoUPuAQDzKEIijJENcZ6pth1tAfPuzZbqzQybao7+N7tXszvfJs6XQ8U0IN8EKUruqqe63LmjAuODDmoGi5l1XKUHloz2N6Z0c6GOIMVwe3VD3oKEzis5\/IqukPTBIlPi3wM9hPvIjDsgqHeQuZwd0P2uGkmxxX+CQ\/eHLZcMkC6yXGIsoms\/DqqMmKImF+\/kg3KVbsOWynlp+qs+GRnuEe5Gwcck3bNanvNfRO2hnDlR3xxWpDeCDtY554dnKSdrEsmz56E3HZY7CS4xffa2qaRU9o8FE6oWceQ2YomJuE\/bMT3knxqniPrzl1K3GkigMh9J1i47zylUFJIasxWeeT4rnsrPdwO5pPpDZPDAhZZKqamf0Xxf7UyzOur5bQ0RGdSbDmjCGZUxwrcQgCzOocJ07C3y9f5\/cPHLy4Hcpi9nKHy5+zMgLxDuHh45d7g5aX2opBYeDFdZVkS35fhN\/VA5YDY3hjQkRRPMbthZpOOEiiUTiyQGuttf7SmNH1qqd0+P4R98lk6wmtu\/RYPzzoAOrY33Oweyfv45FrUJjxFb3dkB2JJBL+a3b7QXiEHk+jfi2DFJC8R1nDmEiD7lG0zp+GgCp2hMKrzTinc3jq7XrvSXgjRArW5vMll4UVtkgCZOG8JOPCJ+1InS6ZkzsHBlVE1ulhcQ6O07QOIetMX\/TQcpOws1Y3zI6xlDo7QN9RXjghTw1OQy\/e7csIpoqCDP+zQIn4uVNd9knXoZalNv0Vl+aMYpSUZU7SqXuPd5TrgUjyDCp5uSeJ7PvFxTrvq2m\/J4PCA00dz61blph4TnR5jqkjnWkPCWysgjmFP6jSXDVhi7OEYKJ3O5rj9s1KlWrTAKqEQ1WqkKpYs5zhjZX8C2jJXc7kR7CLzfiUXF\/NgCKD1oPTUZ3B8\/5yhnRignY4ZXMdGmmpuO\/YtIw9z3hTG2mvGzyDH+lTissPE7qvJQZpSJa3YSyfqgptZgRRY3rqQwM1Uan0WZB\/VyeZi71E8HGjmCdytjr1tbuT47siLcnpw\/tnXbVcW0DRQa0UluCuUeRWsFfgTuUhjuWHPeilVqW8TKVGxmd00ikgPoQa60hulHvmRZ5KO6vzi71RXX6dL\/wcA9t7hqc08oZMCG7pFOGbkwZ0H2Ou1cGKyFuTh2P28nKV1VsXeJy03j0rMepvwRePH7BjQM109D5zTvZ+x9U7LeeU5p\/97XLGVSvHyU6QoAkvI7FvvpHkTyoqhk2wuau1Ks3W6ziSuG5ItHrlZeoz2vdhzoVB+PdecdxLzV339b9A3nHa+rng\/3RfrU7m\/xV1uGOltE\/q6T8zbMwllfgMWQHWJtalokkS691O3vXWaxSb0GH3Eukn2GTLqT7xyn8hsg3I5F5pOCMspm6GHKCedNXQt\/rOrbG+70oNkLEiqOTucHrzdm7u3q9vZm5H7InHwwhmYB9o+wmMx9CpSsan17Eu6kQzONsC+k776iKm10F9TFCFRzcFvoSkJVRCogWUna5X6unZPh90yhZj+joK9OmDYl3uGf3cxeeYhuWr7BFipgMV88P5BfhbMuQJTiRkmE2tdVLKXiJJMT3RIuLttxViwKIZxqrsBPVZWuFgeoB\/tNKx1MPoFMSkd6Ady\/JPiKCd\/Lo+LSa+EGciXu3JhsD37LOO\/iaE1hxwYGWesFtcRBD82I4gt\/VZ4IZMSaNKHgm65E6lCcq41BJ\/gbuCDCFJ47l5UE8QhYSOHmp5J9j5vA1FjZFm5Iv6VRZaegnWKKRCmp+e5pBYWdf4T92iFA3wkmAojnbzcZPXM1FL7vahyaLx6fEfTzbYntPyfIJ2l5KJE855FQl1WRsib7X80Yvtknk5W4cHEv1yr1kjUU2CGJ8WMhJhi5rps9ncDKvd4PP0dTrH0ia8H78o1K4OYwHp0nPI0tpDBJqSO906qPhy7pON78NLR8NLi7ebyinTbjqYrIeAPW0BcPQXfo+ePTRQEGlW7G5LCAYlQCvO5j\/LMgF9c3iJwt3nUbOE+eqHvK0\/PHJmQK+ijLfXFLdBd6NBQSn3sHF\/qzgQRE5VwfSRmK55bFmg0PCiTnhGTWzfK0OvOvyyAAiwvXCaBV+gFnzKnwwQ+4ebBmLMgQpqYGGOrzwhV7P+RvbAFwMDARmYqpARsWX06T7\/aIqUa3gqpszdt6QdkNXpjrjP\/CtX9C+2AHbAmlDaq+eynMum8sDVzFoKFvQfGpt91s0+c4BcfaWSQDicP6abNOaMq+Hp75lMfIATEOyO9cUpGtsxdjbO98fR3ligfvynTicYTBBKOabjGzsvGqpIQNsc6yP7ec1DM5IvytEF3WMD\/BSWfSyCMBkPc77J1iCDteQqYtaAe0whPDVMG6GGDORujY8TM3L19IZL3YvYjw7AjSCmeKp+dThVSFL7D\/ks2Bt12v6Pc4J\/bL1kxAzO4vYx1vazs5rxcAfFBrI00UuE4UKrW1AuFrQrWAmy8gFVgJ7l+nCzCeDoyrV14OgMNuqUXIpirZiejq2fhnoXshcDAwA1MiDkD+m6EfUtBdx\/Pyl0ehgKaB76+ayZoBt6uEP7tnUDn+hUUsmcN7NZ1IZhFxhyx2uKd6w="}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_tot_l4_data_len":3461,"flow_min_l4_data_len":310,"flow_max_l4_data_len":3151,"flow_avg_l4_data_len":1730,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":946739304846,"flow_last_seen":946739304885,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":3421,"flow_avg_l4_payload_len":1710,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"resolver-eu.lelux.fi","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00507{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887457,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoCqRAAL0GK18KAAABM56TMtqaAbsV\/Em6hf1DuFAYAfWH5wAAFAMDAAEBFwMDADVGrMk33Jx9u4V9oT8gk9T3N9siooKVMszOs96zlvjMst5cKF\/6mDE\/X3tfb1uyKq+NLUpVEQ=="}
00535{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887574,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+CqVAAL0GK0gKAAABM56TMtqaAbsV\/En6hf1DuFAYAfWH\/QAAFwMDAFHXdLFaAz+Z2rHdRMF6waDqPR4Tw1IOHDhUOX4GIW3IMxkSZnzM4IxIu8uFUy3E0ZKGcdTqsrNExBJvv2oqkuc8+GXwUqWl+KahajxLfpnsMkI="}
00661{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":887767,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYCqZAAL0GKu0KAAABM56TMtqaAbsV\/EpQhf1DuFAYAfWIVwAAFwMDAKus1yP1uKqMf1urenhXvkk1hHi5ysvI5vyFfqtgY7v\/4nRbEU5uNq0wg5+jVbveXNEZspGMDNtai7WF8t2v\/t5LwbYD+cQyx\/yKWMvd+aPvRdf9hU+NHxeDFND1qO6ntW\/6XX3UERjRgJPnDDWLmLo9EfSKCZqn\/QZLxvp1pQX6lmDwrVkvwYAqwv6GnlidXXNWG\/GwqTe+iZ37GYK1wGymo\/DctlUHBZMn+D0="}
@@ -49,11 +49,11 @@
00560{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917223,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRCqtAAL0GKy8KAAABM56TMtqaAbsV\/EuRhf1IW1AYAfWIEAAAFwMDAGSama1Yhb51kK2zbQ6rM5eFyfh7rS1snhG9VmY4XL+xDlnXMLc84rbL3uR95gwnzpyGXbL2WOZQWI4tSDxAo8uplzLFHVcroxi48kgP5kyZVcB\/WhwSKkWrDV3iMlXjmckAj51E"}
00568{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":917307,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWCqxAAL0GKykKAAABM56TMtqaAbsV\/Ev6hf1IW1AYAfWIFQAAFwMDAGkg3rUd+kv9D7LpeRqMgxeTsATVsDIt1mVHZnZqap6LKtw1K9Gl\/XnzCbmcIcjEn6NFnYjtNrvcQuyI+J3IiMpas9FE+4hRsQRXQ8osoT3u2QKxF0Kde5d9akjBi20rbEm5NigAzZOpgMU="}
00483{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739304,"pkt_ts_usec":944858,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"ZmZmZmZmRERERERECABFAABYgBVAADcGO\/4znpMyCgAAAQG72pqF\/UhbFfxMaFAYAfVMZQAAFwMDACvzd62r12MvNm4T9ST9QVvoNu+55SlThx2NBggyYv+RPK5HD9OFiDS2kFMI"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":16448,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIJYRAAL0Ggi8KAAABuf2aQugMAbv\/W2fgE34PaFAYAfYWNwAAFgMBARsBAAEXAwO7rF9fivBYq0PPnnVftpI5xv63Wth8iDXYIbCI66xBbCCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zZXMuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIHdlaU8VTQtoxOo631cPtMLo1fhD\/NP8\/WHh2FCfWmp6"}
-00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":946739305016,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":61248,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA+UlAADkGKDK5\/ZpCCgAAAQG76AwTfg9o\/1tpAFAQAIMgbwAAFgMDAHoCAAB2AwNWoPreEkJ\/UPiZCRV0IEx6jRSqugqY3M+B37V87ydZxyCVvQ4J9sHqcW\/KB2T6FVper40CtcJE9we9duJ2lwo5jBMBAAAuADMAJAAdACB0RVn8jGqUM9fyfUTkTuhvHxWfPva1vJ9a18\/+TyUNbgArAAIDBBQDAwABARcDAwteuwCVRbAjw9pKtY4dNJzB+NkDPzUPU\/YSrAhwNpHIEK5V+o2\/HqZHUFxtVJbEBPgURU0pRFWa9dL9lQp8LuDwWHwDq1H1B4wIu6Cjn5BK872nUeQltRw5+FbrO5MDeZZJRgg48HKHnsK1mBHQnXLVwFvBE\/e\/UwSrANn9vg+B6zkss+nwjnEuw1XfKHcjr3B+gq7Tt\/pkx\/SEVt9DDhoVQjkT+nj8Ch6uFvKMxBfoNlGXQAfQ76Cfus9zBAZT5EY1YHp8kypEbWJsqWobkhk3j7efutg\/+7i\/\/3hwY3S4DA+PZFxsrSsM6AIVwaJ95fOH1dRdOyCRxbfVQ1s5uNDJcA7OdsaNR8VQ06UA5uK3FnFY9IaeCSIuzswKtKKP\/cTlEabfxoFlZbInteiv8UhvUx14oYH8877iKbTHauga0SrPYwJ3hDQ38FuPBJ16hIcickFsAxoIxHcrJTcDxD31\/+27P70ucqJUKNnKmwnMS5iCjU275dZeWQ9Zr0T4s7GAOpJ\/qhuQ0adCzilfe+zxessB1BHzKqNpomqUeAJU6wiiIZGwIQCSR9TnB+R6Furn+4OgUG6PGNdXCZNQ9itsUGoaOah9Fd+b\/mJSMoK\/FuhgIcCIxvGAml0OlSPbxxyIuGAWgYtRBimB3o6JaqY5BlDiRDxZX24w4nNBhNEgZ23H2qCY1hFOw\/NxAIqZ6i1OczcdQK5je4mFGQnk7n2Dd0xCvT\/QbVT+DGwohNzMpmrD81sKP2YRMryNcEXaCYgEk0oi4bjQNtHjwEi3WiSTxdHtROjzPbx1MuktYL6gASggOg1Ub+v8yVRI6bLdeV5Xwvz5ZxoF9vdrBEyvVBdMauaRYoyVnXm15LfrTPUCeXkHS1kWpj909RBaupD8tKI35AMNBM63GiCNIPCKacZOle5IpXYl1uAfPyEf7I7c\/Z2VAGWif0f1eRsudqghQ1VDSbMFMSOUlZF8oqR69Dp+GUrZSkzXH\/vlToVdum7PDCHkza\/W9cBDPI5wtxaPFdq19aD9CF4UXzcnY86h4hX1BAKMl5ymvY9oQmQKwLyZZk7gJ3BG3QSRRkEJLHmElRTA\/j6+UD2DUirljLXPFbrXC2eKn2CCwq3Zuv5P5wO5+t0UU\/yghFoQluNjQ3lfw4zQuwuXqm940OzzyqoEcUuHVR8IXnZ8TZqE90q8rCtGIOP+LD4hWpqBqHuwk66vMcJQgwNCFXix5ZnSXLN0BgV30sQI8N\/4QNcrVg18QrqrwMX5353ArFRERLIaGuZFxOud2tKJXNi7\/8bnQL4pfggVMDHzys0Vv2kSkmMM9AH5fy6is33XJQsCiLeVAW2BJv0HWG\/2v54ftufeuJKqjAweFaFpf8nOnSzUujidt2Hj6vD7NzSy9u5bVuAiVU8CLsOjLUQDZZwuXq5KPOpcqPkwUfO\/JhY2IYSty68WbtoEQ\/LicI5G0k7qhGVYDDLZjTT029eOEYuXI7f+lB6Kb+6SLaMGDm8r9Mw7ebinM16XyWOwJ5JBUayf+vtez432JNrnbq1SGS5rLH5Fg5ZMgKUFbGPULmfIDV2jwsa5no0weJKoBPHSF0j2z2Ws3ZeYohMSNwPof+eIkWPeDsS0odMH3bOI8vjnmbAlt1LEuTlP9Bgfbe4EZBkTArblnr1PduSYp9HHqPcDcdegoFu3tk12XJWCeAczLwMdcKTivhfzRMPv6R\/QbwvNULNcqw3kjep\/lhPa8MK5fd2CGyIw+LCWxGXv+q\/ds\/TSYSN0doo9wcXYWwj8LntYcpK6i8bE1mnU9HhfDXOdgKZheyUxq\/2aHTotcU7hlwJGxzG1S8L2XOL+e5cK\/uWYrHMSCsilBLjzbaE58\/UhgQTo4G7REl65txB7jkxytOXC2V8igiA\/VVPL1iSyOqszjZhZj\/KQ7cRXbuiY2hUvh3d1GHeunUPxkjVr7SBFLwo5npluN5uAfc+7Lx2v8sh\/0AXjRBQzrzXUGOKzmSDk4EsluiAOjG78HzOAmharQORiNXCoRaRa+fhf0Ejafe7HoDuKqj5ukCKAbsCU6se\/uViDv0Ko0frloNjTZWVHeFLAU\/8Rxbf5R8lMV480rpPEWmLytLklZol4xviBgu3uvWIUzW30atpHjpq+x1y1B4ZeqEOMO83R7O6ddmc3f06vtoo06tW\/Agu9h766pQvpNm2vTYudTnd6DSqBlKI5KeonXz4AxZiEG5DKNiVkur+pxwlM3ugAjT44z5C6NIq2xLtYBKvjI4ZiVK+oThODcy5mgGaurXo21aX3cTizFa3bH6OPqttL9gjP05Bka27HY2jgRwKVSbziiMro9AX8Xsmg6S2yWOPjJLfqZCcbtLmpaNGvdFtOkH77j4F52qkt+me41p1UftUvN6wiwxxp99NI0\/fMosQgl7ighWoY2W\/IB0fXHatEvBsmPr1KEj7P+aJaj7oNVmyRVuFHPwaBwwi7T8Vvj9wG3gSDuuYdP5+UFDM+35GxMSRkihqY1Nf52lvDc2vDx7TdolcUJnmrezHB7iOplwsA\/pnoSxDqDzY8u2hWCRC+c4jg1z3vL2zvzGplrkFak387ZT7iXl569hRQY0g6W72J\/qU\/wWvKrh5aic7Fca9+09fN8mKvizdcBFS1tmo5ud9hSP5IApLh\/AqNGAsSvFB77AMVMPcqCZqs\/LzhQ6p8mk1Ztud+POMwqvs7eCTrsyIwvCFHr3MjxRECobkoOUnKuDn6O2Ba4MeFaOtHE1XjJdkhICNgy76FwlNk7qa2miONerIZrFWrQmU2yx1Al5ihAv+BSYo7OLYt9zXUcCSntdFwaG5iWvn2D3TqvQcyGsX7n8R8YOUmBL+xEDz8\/cHI76eHoMT9Gcmgev3Cz2de\/7ilgKsoMsC9dl+Ldtg+QDnuzeji5lROtOH+fv+MRICCWa3t+oaVa2XgjAhIywmeaAGP7+W10HhLqbtIimjrrdbxpeltnnJv0HxLov9cXj+b0Pm2tBSSGlhGmiCqLRib5vepRDq5ASTdoFYCIMH422KVZztJ1b63ltyCjG5NtOVaK\/MkO7\/KWS1XPbQXAVUScApoXkKlzQiVxTCMZQoZIoE4pH0+fjzQcElC405f+pmLRfF1iVpdbRwPdWdjvokVy8bVGY3GGXVtgS7DasELvMxZruoBcMEH12JcU31nt00epqRaM7Ty\/hGPJ9RgbFIN6nscoLHLm6YFkdOMqn+3D0CMvB4x652Bu8PF5m7DHJMIBJSoh\/WEUOZDxlHi5CT9KYRNTMZDhIkJj++9o8TtwBf\/+FOKgQZYlLc9emRrICiIhqz7dIu9M1nNq8igrwodBBqfV3IJasHHoy\/F57WNpO6ufh54oPFaVKYJn1bg656yNokeiXMSkMhJsmjb0+SAmQ0rTBRRWtbjoeZCc3gkigutNXY3WNHxKSc5xsJ9iyr3gTZdRpWgWbT+isP5Ovqam4GzSglt\/k+unyjMz4\/f8vVi\/7W288anM52u2gAT5Id3RGTrtEQDPQ8UVftSrylfoNAZTKGGhUJLAcmefkYZfUt\/EB+t1\/S5DOAvsgdK0URdbVybob0RmFJKIBsQ7DYRwD\/HgqXJ6uMDVUKO9XoO+9dwhRf11sqhooAzPCeXtVLggV615qXldaBtBjJ4Fa\/LAamnbZck+pr1D1RAPJP4HQwfBLL\/eWmzwOCA4y+tqnSn"}
-00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":946739305016,"flow_last_seen":946739305061,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnses.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00613{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":63924,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4+UtAADkGMvi5\/ZpCCgAAAQG76AwTfhrA\/1tpAFAYAIPkeAAA4ov2OS2FYwHLyLK8HvldhjW58oZhz\/dEDG0qRvP07Xrr9KbrwFzXsPAENpwnRYTilEXtuGTXfjP8+51dqVC3h3Voz6vzPB2E1qN7598iQNHjvdaBjrZ71M3dNmhXs0fudaDBYxVH3HnrCgr\/VoLnr9AAImTV5ybiMJS9e3W0V7h9Z35p6EhyTXdDS8\/1x5Ew"}
00505{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":65983,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoJYdAAL0GgwwKAAABuf2aQugMAbv\/W2kAE34bUFAYAfUVVwAAFAMDAAEBFwMDADXfncreHH\/w41ETGxAbKhaT3vZm4z54UR30vbUShr9IVbJ7OCCA+pMljhOzcbHXS37RYg7ndA=="}
00534{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":66151,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+JYhAAL0GgvUKAAABuf2aQugMAbv\/W2lAE34bUFAYAfUVbQAAFwMDAFFCEWDs3sccqWd0uheET3JL6DjLTtPLiQmtDDP\/Rl5nPBW1sUJXIKVZtvgSbC59saZ4oVaBt07mMLExEbGQTB1v0bQ3ojKnMrYG+LAmpLooAew="}
@@ -67,11 +67,11 @@
00561{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110719,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRJY5AAL0GgtwKAAABuf2aQugMAbv\/W2rVE34e6FAYAfUVgAAAFwMDAGSwGvxSL3FIyDR310\/9O7PcMPe0ggdrreIARkJTs2CLGVT1Ypiw13DA1nyD6gImpazyC5vUf1UFekKskNcT2L7LbMB\/g+5wrrV5znXzb6XmxNp1ibeEuMn3nwejnFN9EIiup5Kt"}
00570{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":110871,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWJY9AAL0GgtYKAAABuf2aQugMAbv\/W2s+E34e6FAYAfUVhQAAFwMDAGl4Ax7b\/n2TYV+yAF7kw\/tZI7yNepzO7WMF9ElM742tNU0B1rqhUIxffsYxoT0e94SkRODtGgqBbI5T1DuYgzpRkCmv\/VBGiBWFJFnG96I91tiatUHn0Ag2aFFicyHE0j8xCQuA5vGVoO8="}
00465{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":152934,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL+VFAADkGM1+5\/ZpCCgAAAQG76AwTfh7o\/1trPlAYAIUVngAAFwMDAB5IOLZETBFPI2tNUcP0eQPXsxWmDRunSXpjj7yYkUU="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":650572,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBLvBAAL0Gw1EKAAABrGhdUJ\/qAbvjN2w6lQOuzlAYAfbLqAAAFgMBARQBAAEQAwPaSOnODEW\/53X3FLI0n+Mih\/iyk2Bze7sXLhS9N0ueoyDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALanAudGlhci5hcHAABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgYin8bJdqHx3ibHrbfDgwuFVcZV3PPNkWvp1zHo7\/2AM="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":946739305650,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02386{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852459,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUYr5AADcGEPGsaF1QCgAAAQG7n+qVA67O4zdtU1AQABbJOgAAFgMDAHoCAAB2AwMioc+jlzNc+VBJaZcDKojs21jGEKcSNKyg9ExllQqy+iDada2r8SjLZf4K7a+NbQASLzSYT4924P6pAuqOJM8\/hhMDAAAuACsAAgMEADMAJAAdACAdEExo5yrIKmMZ4nrOia6UHa7Zh09ZMNUZYLDF+NYxaxQDAwABARcDAwAkT\/VVW9e6tSXUn2DgdOFI1vJ9CWMqaG0B1UgAogfcRWwpZ74dFwMDDDNZ3TFhx2HRd\/d\/BnLRqx3w9gJyapE59ga0mk6Gbdpy2uhfU1raH\/kLDwO0PHahqFeiov5PtmafDzH5oAzRDBThfFaKNK986AJtqna7+\/+W9HqZppsUeMeFtSdutMbm9VkvNNWFsngalQ8\/TjlWYt\/LNabidW0R+diEYRXkVHectSDnGgpIKw7AqJmgGmRJSQFZmk8mMFHUip8Ns8L0Qm+4mFM3OyM2y8uotBFp52jwBE4JcdWTlWvX638UUEwGd0+Jev1b4UZvqaI8gBJQiwDYthQvx2cilE03gvQZUs1gLv40OT\/eDg1VwASYtXu1QKuaTXj67d3FvJUxTfjdc9Un1x\/xpNxQ9IvL0JgGMqp5Nvz4C+qRYd\/CysKeUwM5LkGikxDP3qZXZjcRDF3CvWl\/0RJAgB68oCh4lzQ6BTBYQsLIO+2npSdMMO1mcmGxOeyAtRoiglI\/Mu+7bxclTAdkFUgpS6V0wzwluZmFW7Rx4iiSeZWVmQDKjFeHStRAafyFrtH26wCU1ei1O7zDiCd\/St5EWtAfoATjugif\/dASmeS6peR\/N837DyefuOM7XNJbAUXXdVYFQbj88dVPYC1ZWfSpl1wPAKf87TREgv6h4ZkxzRnB6COvKSvUqklCC1SSMJfennS1L0Etglf8wZsulJYWIe6+sEiyvEkrN24bb021w2X\/KuVEn+j5dyEDiGG5loD+4VYwc9G5Wa+jxRUO0+A62CO2opPif7xWIxQXRSJ441bKp\/i7j7P+cl88sdZsTxv2ygPWKGEBO4XHbg95EUra3m5LdhfhQUM\/e\/n+Ak+LAL3mStir5xjEDf9+haA4s5VbKmTRNrJtFiUwt198TeBjvlKCejLbJO6d8gE6SQECz4iM7IcNa\/bXR7adNUuu8qhullq5WfyiHcztVpItdHmrHXbaCsGaPgIKVpIJp30oUBjXbdyBrklTyARetsx+L4hfDlDZiZOEujpickcQVHRV+Rq6dF5UrRJYU3XU\/ZcqBeRvNXpu9d46M\/bhnVClgq2Bd+aOiR2kaho07AGNJ9Fr4k5Jos+2Q6DGpQasXC6x+iPauGKBp59nwGXbOOKtd8ArTxOlVzQmOZH6I0tx+iKMplPSCHR8FFec2EwXBLm\/1vyI9Pwo+zYiVdHp09rRHeJXaKGgiynxtv128gHPWfts6k\/bUS8N1Dw2y1OWa2cDxVOv79IA65ALHyABrPQbEH+byQd5tzeWrWUmzmNi3p4jdd62IgsA8HkYmsZmy5jIyKyWEYlUo1SPeqjIhX9VriaKoSoSKPFRDULdhc+03ZBXd6SKMHCSS7x6DpL0ufFkfc0ZfcGyz8s\/jngcscp5gmPQrY+VfOmrZe4EnOIAqkwdbS5Vejc5Yga2D4LRGGWgMYBm5SScqu5500ZCpE0WmkryZPm\/4OMJ47iDZWRTkVie5Ea9ONRDlM9tVglWZF\/oUiAJVVWh4mt0z6nVYUgTMbtTn0pDKN\/0TJikQ5gt3TXgtioj57ko+eiK8raQcuhqyXG3KA52lsLM2MmWuS6VxCjD2hxANDc3R7BZOaM4bmyza4JUsEms3Y5aNGYiFwaMTvyvPSX55q5QHTJ\/Mi827fNg4TtCrFRxN6XxJuU0RfIATOX3faQkD1YP1V51gStaTXEj1EBrNyqEnKqYk6Yxs2aBmn4CqaTQ7ru+2yyoapdX3D0JCzKb"}
-00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":301,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":886,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":946739305650,"flow_last_seen":946739305852,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1733,"flow_avg_l4_payload_len":866,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiar.app","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03390{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":852672,"pkt_caplen":2248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2248,"pkt_l4_len":2214,"pkt":"ZmZmZmZmRERERERECABFAAi6Yr9AADcGDgqsaF1QCgAAAQG7n+qVA7R64zdtU1AYABbTIQAA7khOXiRDmimON10SUW6EdkRNtideeCAmsCP9ufTAbxPBEESbRp6rJdX9WpgeGKEcs1FSJYqSgEbwbmVZ45a190xHBVgYJoheRrXwVU8\/AsBaHDXul428WYkRrLMS2d7ip3ZonDd7PZHF6J0j5\/wI70KV9AUCOBt\/Btv4kzO+Hj+j3yK5bLSbWlRhD1fuMQAb+cF537u0\/U3MsC4OMo+87usOrwz6eMrKL+s31DCb4z6f8eENi68oRi9OZYKpoRYjhFkw0unmspSreLKjulrpWluVXrk1btWPgYpUVnavuXquTK1NtVner355EoOvAf5CAN1Y8OcMXqML8XqYMeqEg34ZtCcYr+tnetE29K921LwsoIOkJdbaiCVLTv\/9X++VjLPLL4afBqrrwx2ZkXw2VSOvNSpMcVsFQ2sks0er7rCvo3vy970zXk8N2ZRM9DEPyk4S8i+C3Yw3j6efIbDNyRRGIb1TGn6z1LzsFfHkHQ\/coPiZhIhvnK6o5iGWcHYOGEPLh4XlmZt5EnCBavREWdcXDAq+Rj+biwLLNbp9Xm75T3bbWxLQivCzGfNO2oBB8jJz2Zicez5S7098raXjnFVLWws7S\/ZjTQ11gAbLNqyHJOm\/RerOFZpkbGJsCCKjsmgBFYujoZTifdvrnskuFGuKqjRU7sBnWY38jO4yTlznAvt2Cf2\/I4bnh5roD5\/h3R\/5c28EQTDGmOL2\/KspdGSS1bjToJBQbcS2YbFnjwR5yrS+5SOLXVmRcZDGU4Ke3DaCJifWpD1EVuVb2ilryPAD8yGt9JaIe3cT9jnaxoJojKtbQNqrLa4+HAzDJSTrT+I7IXNvzHDQ5HJdRQkyKEzhMuedfOGX3aae0qJMXEdgmL8U1YL9LUgqs4gaInFpYecyGYMFaC7RpVTbVJ8AclN3JFij4ikMLs8OvolwBsIUxkwvTd2kxXvS\/GtkZpTdB40Qwypq6\/slHam9c8zmzEZ9VsQqYPOs7EU3IWXPB\/7jwR\/Swoqx9IepHlyCi3ipHUa3krt79WKeMN9slFrvDSuGQo7cCX4PwLWqGq1s8n4xGAwbb4PADqo8FJSgQHdjNMolIHMWyuqk5nqOgc0W36SeHQOxctDFxw00aD7\/ZIjnA7m+97J5Qh0XWgw5Lpsc8Mvp+VBxyMQklBuDFOyN3HJKbg943DoSjIMucZn1tzh8KOxw0Xql8+gP0Tj\/ncw8jVi\/PzuMVXmWMiQX\/wdJfEzJkJUlcXDAAE2IesO7KR0oZhnwcsaVEwrsJruOKxYtv2pbkmhOIxpFm4wJGmE+2JRFXkQDnRtvWvAJoF\/v0k69TDViO86TF2AjLFejfwjQQnCJXVkS4fuCh3i1TYrS+lUkfVezPrjjWW3F2LEdQQXJZmRfoBHSJjBhCP+Dcoc3jONSa9PXKqNJSf7Vo6MbkHB0XBcD7sdIZ2\/wIgxkllAd1uSaGBwJI8\/jhtA8RENMPWOxsz00xpbl8rHi+OkSD\/7Q58nbh7qhfzlemdSmsTNYU4yTeEr2yQTmNZcolwert2uPuF9VK2g\/3nveH2piPFCpAJOd4Z5dmxFR4fRYAGlILa5aNYiyWSR3G947wAwiYaU7l0JrzUlByQFpex9hGDkjjcctCUn8127O6yoOswVES887ts\/gfsXkn4d0JROgJbDiWFnN7j7+sZKWDkghhJYjTBSDkBNASiM9XLxgQ\/DaEwEwxYA7HjPEO\/8BxDusP8aK8hEqBPa8c8eFHdAYT3Eu2hChRagjV1O7Z0Zuc1z25GaMGiFKl7kwOrHIqt7609HLDEc8DgoFPHHr7IZJAecPMzvqj2CVzFTWl+NcGQgu1OZDB7YN8IsYE0Hj2wxjJJ4M8ncKFSWkLxvPRwAg+0hpC\/tSOqvX1jgKKAZg82Jl+tqVLBoZ773\/7qHfr\/BAX6oJ0vKtNpEDEGeMy6jjr8KxmYOPhgJuUsXOSiQKReqTW0HLQJn9LpGUn4zKUgOBpUtJCVQOwstz8rJvV98lhrypc92o1bXoXeUIxGojGdQmZAgxriin+ux8aVQDWCuRuunDdKlwCqYBaBQ5f2rPbpDMmRJRFIQV93Nffpu5y2M2nD2zqfxShtHtZqK9Odguom6eKtfMYRNoP0\/G2utDI3qzWXA4Mjnq20qW6WLp3\/OACxfwxJs+mIIux4CN4Of382BKD+HUg6iVDD+mi+PZO8yXcm+iMHr94FuVjknbJgwr8pz8hnl6BJO7Py9BRIAZSwIskF6wOgI\/\/4Qr2JcZ3TwaII9SEN+0Sx8PMXXAKDv89DA4GNqNhV0hw6VXwyvbxpg4tI+badMBjtd\/o4XHqPH+BgFz6M8EMB4Jddticq89uWfyyGOVmNlx8K6oUYEdD6RJBEwIP6yYPzzeebCbDK3en7B16cFcus7h8285+5Wxpsa9ruV64Q9ZoEhEUMGgffnT5ajZ+UpmS77fDl+DfNEzJY8TjXm9EL8XAwMBGQ9SGwhaT+0AWTV1WADn36NruqoDTHdQXMB5KJVX+hyENZfYkPjY19bk0TmuSlxnW4sPXtcFmHvEzv8TYCgHXXFqdgaXEgdtFhRRSPS0CqywSlTwtg9zlqkP6Vu\/gi2jnM2lX\/S3paNkHLJK2Xs42G6p+yMmyRBfn14DEFDykxvC8z+scW1WMMiVZcbQBKhJ+Ek8WtRoS9WYaJ74jobV62XFVLje4Al6wOy0PssyggYMNCsvtsxQ5KXxmsj4du7sF6hIaLMWOz7O8LamYiEYnY4YByhzDbINOM3XB385ribm3TlBE2FwQhpCNmgQNjG7wIBC9IfEBLxv5rxwvF8PVckgsWpRxADmo+gltAb0\/tgSzKl\/30lZxZ8BFwMDADWhE8bE7ktzdpeT1iEQv9HPHLrjBcBDs9EHJnB16E0omVuS5qQqwxUOOBNAVfkBff92\/dyz\/Q=="}
00505{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":854743,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoLvNAAL0GxCcKAAABrGhdUJ\/qAbvjN21TlQO9DFAYAfXKzwAAFAMDAAEBFwMDADVZFDeGx9jhCVSvCDaoaTI7mm2C6bZOxUPj4ceROxo5CeHsTjuSnwiy3kJv2riOTzR6QvI4fA=="}
00534{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739305,"pkt_ts_usec":854887,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+LvRAAL0GxBAKAAABrGhdUJ\/qAbvjN22TlQO9DFAYAfXK5QAAFwMDAFFabSFzRWPlZVKWzVkzQqDNwl3RlR5jphaFJDPBgV+CTmoVTmB0SLiXAGsFcB3shFjQukJa1DJWCTsOPPotW0xzi+wcsm0T4LkQV8d6PaOHtYA="}
@@ -84,11 +84,11 @@
00570{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":49558,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWLvpAAL0Gw\/IKAAABrGhdUJ\/qAbvjN29olQPAulAYAfXK\/QAAFwMDAGn1FOkTV8bkkUFsuChemkwWhSKcZnZUV5rDptmc\/he41kQXSfhBbGvHpaGpylzzgsGVyupoZ20AruLps9TDAGvxqBhIazXRcryUNoAnFkGoZvlonJzUO8s+\/7AiDlBJ8C3ozU7+6HZhRlE="}
00799{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241227,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"ZmZmZmZmRERERERECABFAAFBYsVAADcGFX2saF1QCgAAAQG7n+qVA8C64zdv1lAYABYDRAAAFwMDARTrTqe\/uHssUSe\/BxhHUCQnJdK8zPVZzxi61zBMtiDfzpbO88e+tPjHzdRl6FcUa+bNfalZxPGXaQ+zB1NyAOYpH2UrhmWzi1qPlCYzZkG8Szz1HaauJAYnB0P3OPeOU4747d+bb70yirGt8iJL90AeQy1tELZt6ToWjyyyDcQ50bJED8\/OlUkfbS6pcPtAKzSdD2oH3ZDav5+EQgksXYHvZ3e2yPeCOi6FPQya7KNI5O05wb2J0Yrqi+eF9cKQx6Ef0GOy1QN8QgjZG7D4y\/SoPB4TeV5S72x0nGMxV8z2gZ3r2w2ez3ujPbpr0kHRNVU4Pa7+P11fiZ1flJCoH7xKpzJtrzRY\/BfEtfcWpiTZMR8qzv0="}
00466{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739306,"pkt_ts_usec":241606,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLLvtAAL0GxDwKAAABrGhdUJ\/qAbvjN2\/WlQPB01AYAfXKsgAAFwMDAB6h799Z6YSmgeoCnvmbPudRM5Zunhi\/Era65MsC8qs="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":588567,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGz7FAAL0GqFMKAAABp3LcfZKaAcWpCIgSh0x2XlAYAfZF5QAAFgMBARkBAAEVAwNM+6CQ4xrTV+1tOPP7h0Gj90S89M7DOPc8QQnDuq\/mRiD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMS5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDUjoSgwC\/YwRC2sL4\/9W3ATSzLtM\/v84EfifaAhQZfWw=="}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":946739310588,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04632{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":697795,"pkt_caplen":3154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3154,"pkt_l4_len":3120,"pkt":"ZmZmZmZmRERERERECABFAAxEyD9AADMGLsinctx9CgAAAQHFkpqHTHZeqQiJMFAYAfVQ4wAAFgMDAHoCAAB2AwOMlhGBzZbQdgMB7SlRRNR6aAHyhH11lUBOX85ujHC26yD0eC9rhNsSjRzwJJQFthL\/q1ufnITsbP94aSBdrdhzDxMBAAAuACsAAgMEADMAJAAdACBUUq246Yl+EWhWLEvZvcutMb+IirYuhEzXmLk3lr59QxQDAwABARcDAwAgZrqPXWP2zV85oWOqSEKZV0DzXUfiOwwJJ+C5CgZ1QqEXAwMKFVw16EKwmaYl6UqgM5FDRFEvQkVVdsBwborgCOxUvP2YbrJsHBMovDHHpAcBFTWebPQJMSKasadU094aHDRpLPrxxCjXB2pxM0WIqTvteHWIfU1Fk5\/NpqSuHKzO0Ra3PwdESYixe\/zb6sDdKKc1TRT99VsGnFNvwT\/9kRj6LGAVtWhnVsCfJH598qgWQ0wNsN5\/qg97535WjDSAoptbAHelOwuJgc8mZW87Z778lSdbGSJVYmbS+Kzpu3czloyo+k8tnMR0gAcl1hEQQ49kVF90oJqhnl11GE\/B0nhnrDcMC484Ni2gzPflOc2ve4l75Bv19quG6UuBjAJ+lAILT2sCAli3NgfXnu\/RIxYWHOwg5dkUsitPEbeddf7oCeQEhHZOIe8IWZHCTWJ8Xas6gq1DtDEctxSwxYTmBOPQYJURvi5XAJunxgkYorZ1S5H22PsJbPQoDTXE7jb\/MK+t+sJi\/qLBk\/QTcK+QjjpfOnPOG6kcTfb96PDiNmimFlhI+7qPbHOuBFKP3RlOfNCtE0LR80aRulQJ7mOKrhCqpMkFgCoXo\/4IvZulEfNa6rLjjxU0mGwRO9C\/8SUW\/MWxf9V+fhaFIFLLIrdk9mjlOAh4RTjBuIhZwdSm01OHFabvxJQc5nWUTI8sDv\/4Hth4Nmyyi395Zo\/bIgvPNsPA6YqSbJJPw7TRXj9EpeXABU58rfRMlnEHMcHSeAnr61+lHN29cf2rb7cQuEObxOV+r0Ti2hnTxG1kzZXxUKMf1TJz\/QNCPdFs\/8sc7I75BLceNNdyiMxbhvl0\/mQYkbbTX+E01I4nneSr0YAWi\/dj5OFWkY5oKdT3ijaj5ZnH8mUoUzF6gidtHrJfWLUutNNAVK0ii3hJTxAh53tLa55cziofBXUjER9OxqdXFQX0xk0dW5\/N25Am3sfN4K9G9Or+Mq0ZjCUN\/b\/4AAu5iVdc2xuiywbhKCKv\/+1ba649i2+11N2NuNP4WLerjRdmVgUEXTqjPsE1bvdPpgn\/tgD\/NfJO4snitGVo2fF0AIvoI8ffNDBM8mHNAe\/P4wCN21PuNzrXMiMwd7BKvHy1yaV3bx1ZcbZVsRq2ArQ\/sz1xvbYIM5K\/4uE3U5TUD7iEvNa+H0F0t5Pm3xl9hPFjB8UQZyCzE0eaHFxztuY1AhJrANiSpn9KUApux28hlfmPpxZwwY\/4voaTDNDh4a6l1L\/5bBlTMZQ8ZTPo3KsCc7rYoLRgUBfec4EVT3pXIcfZwnttUMEultj1OSOdAYKMUVl+Ae797PlHj+BPOvQU1JP+1NxmeW9EkPxvKNxTuFB8Ql03lSa0sP7N4iOT4LxwTyM6btUOuFjsDMq5fFh3z8x6u4eDmVvymYi2lDSt123i5VnAGlmqe2vlBnBoLSjRbpHHKNWC14LFSfaclke+Fsk\/LXqRdmrmwoK42FR8QM5yBJ4V4XBtfp1iJayJWXrv2Yp\/Jw2nGI\/8spJXweIKBfFJYNDE+FKqYVx6uY0QURwmsxmAiNbUSW3iE5ptj6f47Bqqzcu614k3woIktKLvq+R5kAUl\/94OeFfc1MDcYQiS1itHZ6WgYMqXlALhkIaagT341vLWH8EINXXu\/JPbuL4ratmRZsOHcAq4Z64Qth7VsN\/NAOgVmBZa9WLc6jmBs+\/7oNewv6pYbinaC9eFjw+AUviDZIoPDTI2cqHtCKNJKtQeYF8JwZdso+kGs0e4hY6Ekh+Gt4QIAdcddPMJiEMdHRRcI7TJwLsTmixFKIFFEmFMcRnAgRce970vQl6+J2m\/3\/zT76RlKTnb6S5cA2Gh1xVWfifqZ+dJJ4S6U8o2kzOx1BcO4lPr6QndhbLXBopt+TnAxhiNVC0jGSLxxKfJsKliuCmauybike5VfhMB74\/Zd9LI0lHZcyjtrJZpkqIdf9mUmq84TeFEVObpfDxeDp9pwfwnzY7CZiAhc8H7X\/B4eL6QPbJJeDvWRsaiMa8MtOGUovwBK\/1RmmRbBs9Ps\/WvCegAP2zZsifFoeWn3IFAPuF2t4F1jzP6KFB2fJjiCF\/xSMUdVX4mSSLxUy6Noq6HH8DTkiTT7i5Rtb6Z+6YPqTrIz0kRUJm8ymK8qGaWvXbafgJW+zAD6LQJ6Uz\/H9ede+fQeVaNdwR2ZGANN93T8+CUOO\/5QCgVylxvI+WkULYljrgmsAHGf2x4K+AdzUNCRbtqqamvoa9+H9TZ6D9K0XHtu60WRh\/xvg+0kvul3oISkBwW\/5VC47CJIkeqDKIcaH28dzjF68bVaWHBCOA\/QVspO8f7PM39uibr2ZI\/9qT7jw8Z+41laurnLDDiiTcv8nIyk9gPkkLpL0gZ8B7RwNepdi9poakmfyvLsu7noykkUZPrrciaDs4AxlMW2SE0l6ggoSXHblXDfGv1qrkJ+wYHqoIpx4Orz9BIDwmFuIK9uApDePCMMJ8COMRLP5+c7CWBbef3qNt43feI9i3DxrqohnnAeDQ5XayaaeIrWeswn\/yTkRhpCGBJsg0rlCy0bwelKJ5jOd0Z6yAeLdgeBTN7mANe1L7262l3N\/TUj4BGdpkUJSKWZ+F5L9xh3ZDx0CN7nut3setCOi4jALV8qZWBwNBsnPw\/1et9Mhz5yQU5W4hKDkIkR0JbpteXZI\/YulIUs304N95S0rMRs+F91Z\/I1bjxYITEBnA3nKgeOqnJG67UQeyBJy3Wot3ZWs1FnfHSinzEDRXoy\/in3NMk3Ee4UJjJJVvh1u1kB0flpae3nwu8yHniwAQeA4V\/IYlytwzxmH9UBxClJ1YaCH4QYvYTNNn4X5yrgDRFy8aRZbx7KFTZjETXMAwD7jXdzFpBRNyur7a5hxwjkpR1nPJHXNHbl9ulhBQraPk64O22lXmWhmTqqJxPCHLTJc8dCW9Tw+MWIDqlSC6iP\/uFGWMugMNTbPpm71YwCV6DE3MM5Iw3r\/pJtSMpVM1czkfmhYfe8YtiZEI64Bh59v3JQ7Geu6i4Q2THuBrvHiZucUzufDS6W\/DBGI9K4\/J9OjIx3bbp4KuEgDSz3alUQX8h9N3c6Ve\/ecJdJcy74VVi6oGyfaHP6IVk7S15X3oTFjfGBcG+hk0a0dR\/W0BGALH+pY8iH726JsGgeEg52jxxJyoyqN2BP+Onsb9VAjI4Axsa9MyFPMa6R4QE78VraMZsIMjQY2e6jOI2lFaIx1i29CS8IB7OY+l9i9GRSJhN1TC+qRidWiZdwiZ6CGxjzCAIjCNtYYMpt94CcLWARqfnvGVuwq7RqWOpW3L6qgDcGRhcwof3dXDPhz02YMhWNSauXVnUXZfqF8vmR+tgeJWIevQpdj5ioEIsT2Um5j+gijjHh859fJLDhzYVmYtQ3TEi737GfFw2SXnggL\/Iy07c7IZEI94AezYiyRdA9+kLWGaO\/dAL2rthXXz37bspZFnOGyuB0KI3G4RabCIXAwMBGcOMNM44BDplKj\/3Ojq4jdtuoD82NTa5b2k5zkFslQd12hFn3q5eB44nkwI465O8I9pSVocWpqU9EbYhTvyK1R8N4URD7Q5PMRg7Umy5tkS2hB9uZLmMl9DoKxlIW+kyr\/KuqeGrCAN583A5M1yhRuOwYF56CIKxvuyChPRKUAt8\/70gOTQjynH\/\/1nGoYgPF\/ta4eVsTLhuzDLb9mQMc16\/4VLa51E7HgIT9to4lg95nWvnMoIyp4a8sRcKKCYU92Ot4xWr0tqEIEu0fXIbk7\/Ta2loRt8FUwirJas4rlQGX1glaJy9RyPTHTwKV9kLdjGIRncOAxHu\/8Q7IfLg2aWJ07\/3naoyq6szJDQTcE3S8LB44P4jJ13NFwMDADUJ1y22teIy1dcIiwJwX4cS160nI55Nkh7bUzq2ftRXjrZxugVJnOhQTCokK54\/+GLzaYeqbw=="}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_tot_l4_data_len":3426,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3120,"flow_avg_l4_data_len":1713,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":946739310588,"flow_last_seen":946739310697,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":3386,"flow_avg_l4_payload_len":1693,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns1.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00505{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700192,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoz7NAAL0GqS8KAAABp3LcfZKaAcWpCIkwh0yCelAYAfVFBwAAFAMDAAEBFwMDADWIup5ey1m73Olzdr+La\/pgBsOV2156nE0gjo7pkVZbX+HWq3wNBOBZgTPS2Gv4V1H1NoVl6Q=="}
00536{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700329,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+z7RAAL0GqRgKAAABp3LcfZKaAcWpCIlwh0yCelAYAfVFHQAAFwMDAFFigyjvaz4NANCTzY4A\/FUXStyH+vseBven0alEeSEgvizXGcy1JnutBrGtSy8oe\/Q87ZYytxhafI\/Pby87ceV10hAtpAb+z8MULO4M5g4llwg="}
00654{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":700554,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"REREREREZmZmZmZmCABFAADXz7VAAL0GqL4KAAABp3LcfZKaAcWpCInGh0yCelAYAfVFdgAAFwMDAKrhH5lHsVppiHapV0zMHNQK3jqxCpj8r+ER9OICFkNzJz9qMJa5JYEXb22MhKW4BH33WnJ2LmSW5MNK8j08SmNpIfM2RW6B6MFQCpHtWW9tEcGzveBruJEzzvXnhr3LZ5undg3ELbCtFU1iSyysu6j3nVfIFS3ncxFxzeF7SNyd5mNUDjIyfOHruygpvCXPI1LCM85A11NVhG1DXv\/2DVueewebUqyir10dfA=="}
@@ -102,11 +102,11 @@
00463{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807508,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLz7pAAL0GqUUKAAABp3LcfZKaAcWpCIrjh0yFQlAYAfVE6gAAFwMDAB5H180FN1WxacaxhnoQHhq2NjiZyrRyAme0TEU8JOI="}
00564{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807613,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTz7tAAL0GqPwKAAABp3LcfZKaAcWpCIsGh0yFQlAYAfVFMgAAFwMDAGZ4tXqlwfbAQvZu8ODXG8wQDCvKFpu\/Su7bFHNR4TqZWjHfQcytP0HkKD+su6Jwbzx6PS8b9VRvaNXJwIYoXHnyA0b\/zq9gf9gDnSOtgSSK654K03rZszN9Ew6dltH4fGIG912EB9U="}
00568{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":807685,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWz7xAAL0GqPgKAAABp3LcfZKaAcWpCItxh0yFQlAYAfVFNQAAFwMDAGkkDzU65XfdIOYT+nJzAb5iwIS79Iug7SsJVvuIivcTddhHId7chPL3Z4DfINNbg5VXCvFXc9IpSlgsLyK103E8hL6U6\/nz6LtSnd0GMTNlhz9hqobz83bi9FGSwAgX\/N289OYycU2ONOA="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00795{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739310,"pkt_ts_usec":980322,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBYCBAAL0GW60KAAABuSuHAZUqAburhCguMeSlTVAYAfYCHQAAFgMBARQBAAEQAwM7gJo4OG7S+iUgpLXTuxo5Xw1OBGj4DiyxVBvpcTjrrSC1ygzgmnU02BGfASVXjVBWPNfoJIqu28ODMXbR4UvXGQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALb2R2ci5uaWMuY3oABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg+HQ6d2TRAhXiPlV4SzYTTgVvyRFR0ttaRH8caXLPDAE="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":946739310980,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04468{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":16000,"pkt_caplen":3057,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3057,"pkt_l4_len":3023,"pkt":"ZmZmZmZmRERERERECABFAAvj5XlAADUGU7K5K4cBCgAAAQG7lSox5KVNq4QpR1AYAO0MvwAAFgMDAGICAABeAwOYp2uqwk2kagwv1bFvuG7BP4gwxFJK\/HnbYlDDBgxtByBtkhDnIYlAH5FeNvmtcy43X+awJKk1khM1gLQ9O4\/1KcAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwn0CwAJ8AAJ7QAFUTCCBU0wggQ1oAMCAQICEgOvzNhD6HsqkMaua9kU943O+TANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwHhcNMjAwODAzMDY1MzUwWhcNMjAxMTAxMDY1MzUwWjAWMRQwEgYDVQQDEwtvZHZyLm5pYy5jejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSBtMaoOIrrVwbIP2cWYEJHSXjqgj\/\/9tkWX5PXpNopleDTdQVoDYtrhgWWdCxKvyghVnCCvqzpAdxH9iHJ+YDCJvMhSONvyUnQC+8wqGClBPGGgWuYJiWCNGWLq05jQxU5OjFamZYLeA83J41w0hXJ0caGVgR+ZmGHFjjdBCJABPqlSZbx4n\/8eqoqwv3W6903WKQrR8zszV5MtKKlTANB6QP2yhXI+UhhzdoeLxrEImAA6gxL2BOHWdKuBhBuV+ph8YRaL5IiMHVdXgcmxhPMtLDMaXcrlQWC6XO\/mVYjsQjycz9NHwfX9HBGmqdB8EpxpqAzOMv4Pfea+srqI+sCAwEAAaOCAl8wggJbMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH\/BAIwADAdBgNVHQ4EFgQUiF81uRjtpDLZWzD7gWIvMHk\/TcYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzAWBgNVHREEDzANggtvZHZyLm5pYy5jejBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc7NP+yAAAAQDAEcwRQIhAKJu6NqRyIYQsDPHU\/A2REhgeKHjM4x+XnuUUYMuSVKBAiBvFXWETRjBcg4jaK4iYqlFL3MxxHaFAihU4M5Y1\/QWIQB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABc7NP+0kAAAQDAEYwRAIgbhSITSEVzSp\/pS3dsOxVrCnCOPr0QsQS\/Z8OeZ0VJL4CIEqFJZjRYER6kq4HNRyZ4yzxaPbu\/njrCFn4rfkG\/MO7MA0GCSqGSIb3DQEBCwUAA4IBAQCGEOIQRUNcWjsX719Aj278yDJZeRktrpYQiEzTApT2VFFAVk9RNpDtIgove0nygMmo0gYcRhVp8veJjqVoyBOpTj8fBZ0k4jHFaDhaRBi5aQXOMln+cU\/N+ZZyxOF\/OvhfMIgmGnNpnX15fmj0DD6pQOeMMvjd9\/6LhaAOIYehc8T\/qnYYgS+NN4PGwZ62L8NBcloKk78UBZkehMmgkPB4R4UGWU+P\/9wBXoct8xHeSEI\/RKypAvQONIxcx+PGOfY7cug8EawYjQxeC0dBrCPA4HuTbflrjLpxCEjs2nsPD4SXJGGl7AoG4paGMGZjt4DcZO2jhWz5unIehkjqEM\/fAASWMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA\/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan\/PQeGdxyGkOlZHP\/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h\/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB\/onkxEz0tNvjj\/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf\/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr\/1wXKtx8\/wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so\/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6\/DNFu0QhYDAwFNDAABSQMAF0EE7OwduzycCFyh5foVYUYJfj2csLLoqbmNrs4ksDiqkMaHC2NulFxfST4jcCRZ19YEaLojL5JVRvlluRb8LA6yDQQBAQARbpzNdpCTfHNn9Bz14lNKRHZrsXa4X4EmfyVVEagU6WSCW5UKp3bMis8UAzosg4RFbcIE\/BqKgmQG64Bt\/cGitnxq47bonIC\/OFLylrM320R6R6uLkQuGNQpkUlgrZKL\/+YkYqd4ToLlZjenqQeguYlPWOUvDEduCfvOd+A9y2fcGuSyrbb0En99qwYiK1PUm11WXjEDQ91vzKm5Pz2wWWFYuywvRbHOtLetuqGEfMtz5QTTP+GA2fJf1SHhqAtT7v7XaP+5Wvee65IgIoNU6aiAVYz3hwW\/AkDmTqCcqZ608Q7A+R1MIFZgfnWqkxiaXPHcpFh\/8pcgjckhLtTiSFgMDAAQOAAAA"}
-01080{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_tot_l4_data_len":3324,"flow_min_l4_data_len":301,"flow_max_l4_data_len":3023,"flow_avg_l4_data_len":1662,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
+01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":946739310980,"flow_last_seen":946739311016,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":3284,"flow_avg_l4_payload_len":1642,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"odvr.nic.cz","server_names":"odvr.nic.cz","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=odvr.nic.cz","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"15:57:4E:06:5B:3D:23:22:EF:BC:2E:5B:A3:3E:A5:76:BD:14:01:4B"}}
00587{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":48333,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"REREREREZmZmZmZmCABFAACmYCJAAL0GXEYKAAABuSuHAZUqAburhClHMeSxCFAYAfUBggAAFgMDAEYQAABCQQS+L1tdhkv27psDloITDJmmm+nkuKGJ6kBYeGBEdwUOSK4polbbfA55gXHwNtK3Y1Aq1CUhl++X\/zqhOD+IGqi8FAMDAAEBFgMDACgAAAAAAAAAALayQyzNIxhtoOFefQYzbs\/rDW3NZGb\/HW2xO7qHfaVY"}
00485{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":82444,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABb5XxAADUGXze5K4cBCgAAAQG7lSox5LEIq4QpxVAYAO3kswAAFAMDAAEBFgMDACgM3BAgXmTBrS3s\/v\/TLpgtdJ4pAYEQBzm8bgZO9q3GlVtpE11XxqpT"}
00466{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":82460,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ZmZmZmZmRERERERECABFAABO5X1AADUGX0O5K4cBCgAAAQG7lSox5LE7q4QpxVAYAO3YLAAAFwMDACEM3BAgXmTBrtvUUjN4IXyxDqm09\/JiypfLAmSXnwNvJzM="}
@@ -120,11 +120,11 @@
00539{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117844,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"ZmZmZmZmRERERERECABFAACA5YJAADUGXwy5K4cBCgAAAQG7lSox5LHbq4QrSVAYAPUtRAAAFwMDAFMM3BAgXmTBsszXKmPJMeQOI0MkfcYQA+ooKae5hUP4MLmmY0Ld7Ih0Dxjdtk95UcVjx99quseqon6HZoBzdoLKcy0HNp6dn4X8nvirHS9hBjPbpg=="}
01110{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":117867,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"ZmZmZmZmRERERERECABFAAIi5YNAADUGXWm5K4cBCgAAAQG7lSox5LIzq4QrSVAYAPUvDgAAFwMDAfUM3BAgXmTBs1EK1nwDpA88In8MceRrmtJr2Wr4aoGn3\/n2lDfrsPqQIBb4xIkDKr+I2Sj+uDNXlePUZ6J1jVI+0qdO9IqbHhqFT22V25ts0QyQ4VGab5UJTinlh\/mN\/OiNvXbisYzaG6BEYfKj3wcbkNUWOxfW7DrEIJk2c5tdTz9u\/f0Vrp5jE2tqJHmzfL\/0yUnewzzy0R00ovZ61HlVYKs+Nrzgbi49J2eDzKj2GlootXyxkli7MBhoNehJ6BqKpnQhvFVjHXixnbu\/3miHh15czY04hueDFv23\/N5Db2FZhL05Xp9Fe5ZThoWZOpYKBWQZlTb265ZkcmCVNJNZWkNkvGOtw\/fK6QkzIJaSQnMKlnCD94ceC0oVOpbKCHADINuM1SwUtcuZz4wsykjAlHWdJkknp\/W1GjsBrD6z\/QdBQBqFyTbn+nEqESVwEhOTVz9BPSGznJc+44haEBDvenvoKqPZ\/y68H6aaocqKOSld1\/ZOolE4+QDtZBSk50c\/DsvdUtXFg6t1b40dUBvlcKDyIKs6VFOGyO\/BfMIruYRGQm+7Gq8xV2iH4YP93CtqIEycckUV3HnkYB6thnLC8c6ovcFGmZZX1aXXD6KzprKovxrN1Yw9fQjLR0JzntgwVfgZCvZ5aCfFG4E+lVeKVNJQ\/xE="}
00472{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":118184,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"REREREREZmZmZmZmCABFAABSYCpAAL0GXJIKAAABuSuHAZUqAburhCtJMeS0LVAYAfUBLgAAFwMDACUAAAAAAAAABY9aRMDmOR8f9esMpluWV5JN3iwergY59UqdwDxq"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":335665,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF8W5AAL0G+HQKAAABCQkJCso6Abuxr7nkL4f0JVAYAfbUBgAAFgMBARgBAAEUAwN330DAziY7Qy75ow2vvPPweI0WjrfNmIygzjgDJAOaiiBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AICW+8u6SZcrHjrKSceEpWhhd\/sXKRaui0Qq2OMNRWOwf"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":946739311335,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02390{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":357881,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUEqtAADsGVKoJCQkKCgAAAQG7yjovh\/Qlsa+7AVAQAHdneAAAFgMDAHoCAAB2AwPsHFeUVovCXmWpA4VyNoqF1JeqKqRwRROYqOPJU94DoSBkC+TeFnwD\/kQWoA8NwSkWiR\/ZS3JD6l8yhQXJVgAa3hMCAAAuACsAAgMEADMAJAAdACBGm95D7Gx83XoeinRk1rxGpZA8u1buvy6HtAvs0UM2ZxQDAwABARcDAwAgBCGr5NOssVZ7TUX4BrL7MyB6aRLwiu1feUb2m7o8fLYXAwMKaD942IoOSpCliO6ZHVfN+ruurWUvz7jYgeJjK7SV5aPdpOPU+gCK34wDZjZp50dMaIsg77NAx4MrmJU6wTsTAwZldztvUMpws2wEYMHKWN686r\/ZugmuzBYB3tOPhjCMvk8pBO5Z4lVJQc9Hb1RsJ03QnqO\/EjZsCDIJr3EwAdBfauIjY3hi6AzlRf9VL9JoUREwghpYtzQDH4RvKScS6ISuIZ0qtqLTaSpG1rQC+HJZ6KKhTxZKSTcym6aIqvAR7ZiyINnXnDnxtWbl8cRiOiDv8PdDsr+5E5xwhcf6QYoUCBscXYYl1EwqfCWZLU9EdSEHvyBTgkaNAt3XMqrEl7x4wjZ94SWxkiQsQ3IyHj5ooHHdJLNgfAhAZ1sF3MqWOMepm6yBmJwKpSpxHS0\/\/oYNPpH+52R4vidTCtKs7UfIN9SKrOu0JFbGVqc8M5lplCXOQx4+S48+BecP0sGtTkcShvyBVSAANiwxQTDnS7JinVgGYtRwWjEqrWQJJopko6YuGLn+wkhYZkogv\/onHZtE4hlsg01xAHJ9PxQYxWbOdVfS1w0JvhE5EDMILwTMYm\/YfzaRcfZnN3X3c8PldLUC8Q00rxaePA+7a5mbMlVzZ\/ZKqlpmGHRhU3G\/b+Za7F3XZpTKcWJ\/+pP4OAaUaey+j0NOSrl7D3\/HeWq7P0vSd\/KYIm9oS0ZJvLtsffCfxTm2zwDcPGhRfKW16iadTUvmoczzCHSYvw+n8hl61iMBIgJerq\/CN9KkicrNEfU8QCR9bMF1D3CABgNImMdCKODlAcrpb\/Ya\/cQUwfP\/CWuVsZ3s+sh12SEW9JLfAgHTnuYwcMjbvAf2Fgpb\/+WmXCT93+A3gLKANXIVA2PfvntvndGO4gXYEiHaUhu4qZSsHkkcQJ5rwvJrE4CSJC\/fp+te7FlAxBXZxU3peCLLIMzIhccFKuqNX9+cPYxqAzm+f4FDsJg5KvH5AIh6Nda\/JBKZzhlz2omWzUxsNRCyzYkCR\/6xx8emByUElOOQjp3\/HRm+WaL5aZHnOk2myD86PdWR0IdZibdlJEHJ2\/GXJsQQv95dhA35hvgjWHiQLe0QLkAtPzosLXULXc5d7ytqMATetgFrOl+B+IuaEJAtm5NdT9m+\/Uo1nl\/TbvSaNp5EaxK2DPhV7Vt+vxmsBj23m0aDhv8PPgUfy9wK\/Niqob3bOD6oQrofsTggzpDg\/0PeQx+LRnGU46v4ljhYI4JoQY+cJBFQKWNeFww9uy1s8SJhz9LzcLFv+j30Vt+r4FFm8AZfzHX3wSuBELuShY7dZHSjQzxqOJfeGLr5ThoXw5ldv54ifSY52Lfxp8BkElu7BDDbf4F6XdVR3aRKy8Yk7ooQevFc0GOsxn7jXeMuFiaf9M\/MspabzWIKD5sTaMPvexVqQrSIhAE01MVqTa8zAs1n4D9AszPAZaArvvaw1dpUAGCn22YGrLkylRxMCN07\/HyOXir6cpxUbsvRgSag8LgIuYbY\/Ta1KZ2trDeXprvYofOqOqX\/ep4LHzQHiCFm14LvDzSoMa4qqUdxfJfOjiZQVsJdT+2uThs188toZRMoZsziXxP++fZpO4m\/wGTJ13ciJYHkQjnaWtFJW9KHR4pPyXX3T1W5XcomUZpNi+tnQlSKiXPl02KPyhw0qdY8Z0WoKV536f3wtH00HuTa3UIk1hZxDmxFcYOKvSwc"}
-00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_tot_l4_data_len":1777,"flow_min_l4_data_len":305,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":114,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":946739311335,"flow_last_seen":946739311357,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1737,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02540{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":358034,"pkt_caplen":1616,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1616,"pkt_l4_len":1582,"pkt":"ZmZmZmZmRERERERECABFAAZCEqxAADsGVDsJCQkKCgAAAQG7yjovh\/nRsa+7AVAYAHfZAwAA1xiWPE9sRZ+HRED66TQP2BK\/H\/\/55yXpchOqptSfdmizDwWdekTWC4fynK8Z2sZPt7VLeiJJja8C3BQX9Rz0xZnn1eoThbbJA0Ru7pA+5J7tyanMo4IQcPUIBSO5p49Bymfzm29G5qjErMG7mQ0OPPjTCRaB\/UjgjbKvSEcd8\/qlBT71ZfI4uv2myCBr7kstCCXPIR18CKF+Z2\/VrH6vxRdx\/DMaAsMgc41PzNU7xNOukRDZxOR62YLQKe5TOm9eGAE6qQfGiWVQuBPTBNCMLbyMtxxnLWSXpHUM8lAFCuaK7Kc6QBacccBEf2G6WUxZTWFo3b0bLTLXGsaAdMgEEvX57cRGL6Gq8YWmgloFc0L4YPSBPg4QXqG2603cgV+j6PlTHv6e2HefSTdXdeLXiPRCN345+9Y7w0ERX6leOOccKhVG5SuGrnMow7zmCn7a2KZDo6IK6nPbbrDUtvAROe\/2qAE2VCX9KID9EijWEziQ9XCbVPjeL02DA\/rYN7wYXRiJgCIeBs3cXR7OygqBY2+3+XFzo9TaLSJOjL2D0foR73wSCVhYWptmpzwaIHjhZCo4rI5hdLdI5wijBOAwhmr7WRW8Yv8AQsnvt1Z4coLNvTRubKzb6tX\/Oxf2jOtE8ql46ReYSM8F\/WAKChrNRMIbb1FxJ7q10gZXMDttRcPXX\/qGmHUzaGCJmbtVGS68jgVwThCO60XMMu84lvsX\/Ppf9SgVkWGycwU0+7rBExjec94Gk2PRYtyBh7FtK\/ojKF2Zx1IbH4Ped7sLfGR4i7sMPLWNn+T5wJpId2IpurmzQEup+Wmo7GS+GCV0scp4nxOFT1awumcjwSZT8bYpF93Gq1VRsPaw1Ed8OHX5e5gmoY4MVzie+NT9SEgMn6ichQsu5snHAMbc8\/IWQxw1j4WN38V6zcIh4u4V1Gd7SkhAHeYNQaHO8zyvvE8ImQNU3iYNHLIKvw9jrqWUBqp23GQnf3jir7+jnbT6O6iTPLexjWoZTCF\/FtolEJ0e895tZWyhQDvFKtQE5PBsOvi7\/BalOF7pvRKDn\/re0ni0oWgQPdEaU+LIaPzCC8LkWYd5oE27150iJxzh1Gp8SiKQXDLhLhi579hHj1+ols2JqJH8RdJfR0+VmnJeuW7LLf+BRMSJBXoQCCLgwxC7f\/h7fFu2xKC0W6c42fJZaQRckgm7zcULCvbrdB3\/7TiSzFX4IqscHoIIazQksB3SnhTuJmLtEq0s5iQGUGxfhlMGhmMgzukQ6S3xziGVGLlkCIIbeLTBQrX9TXDN8S1GsZEFqBjMPt\/N1zN3ViQ2J2at2dPSgSFskYDCKI7W279fwmbZs7V8tsMKdl7zI9bVkSm8TK+VOCU7uRHndZTCFD0rVG1nulq\/L99PnlHGAGXK\/CqGETUVVLlDxaOxEAgpjONuItzxylFN2ddXgvj3hTCiDE8O0ZeY5HxF3kaLieLFjiKlcFdLwH+yoWIasdZ5ETRJVqr26OzVYBTCPTfSgbwHD0EdFC3v31MUjg04ocQ4ZiFf7dRFVtWmOWN0r2SpHXy2xEBvMuqeP3vQyXuuz6g6Dn7YZmJY0+sx4Fy9C8oBJAE0ZwKxguZmJv1GeQHP6tU\/veMnBxdJr3tx5OgYDk+909nj4a5TD3cRR1pqKY8PwvBnQ1a7o21Mx6az\/nj775\/EQh2soovj6zthqPP\/vtXFBBG3tG\/sEPeFuYX44cpRhz5K3N4JqP6Lp6W3KZYJ1EwmXdPWiQcbK\/K0dzC4LCmApJnMsipnxLFAxIsyZnv1pRKdZtp6E4ZNkwItTRiePKudtegvLH1+qbg3pXvAj\/AueIMUCY+nZ2bEiLI67RcDAwBgsXSJyFgjJRWpsUIwFa+B3HudQHKrExr60U8JLlKkL\/P\/S+PEy7whFdA90+7WJF1F8DCmOjyvxxrrWdZx35m5pHvRkiSavCeWDYlRzcWBeiUF0TAz0e0CdFpMI0nfm+C5FwMDAEXIcqRX1+3I4YBN1ZyTwBh\/\/IzIU5lJHrJKAnGrUu2ocpCQI2eEwS+zVK0zKk1o2WUWMhhsV2wCrUmzne3qZHF1rWYeRVk="}
00528{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":394899,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB48XFAAL0G+T4KAAABCQkJCso6Abuxr7sBL4f\/61AYAfXTOQAAFAMDAAEBFwMDAEVsvNBLawQQ\/QfxJf3NLpeF7eAiUlhCDm37dRf6vXOC0VcPLFJUrmdWYdRdI8w8wDD+uKAkMT3Wsv2DaZVXdNXVQPPAkgM="}
00536{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":395002,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+8XJAAL0G+TcKAAABCQkJCso6Abuxr7tRL4f\/61AYAfXTPwAAFwMDAFFoIkgZAncDrVQtZhxU59u2TnfYXuklezZY\/lnRCXnYBC1Rn+rtNjTEGwm84kLz7QwRhvXYq2B9+mlphTgCBe3P2jyxhVVoBcmooRlGblt7DM8="}
@@ -138,11 +138,11 @@
00563{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417268,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACR8XdAAL0G+R8KAAABCQkJCso6Abuxr7zAL4gDklAYAfXTUgAAFwMDAGR9NyGzywy8SdhomKhtO\/rl30vXbMuXESX\/Q8svv20kgZYHPLVif9KPBXpYw79WxwwmtvYreHRJn7\/WUhroH5ZlNkuGsDwGzjA6xI2Sey+ge6QhNtyEV9KdchXRnVn2Msg\/+Eh0"}
00569{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":417407,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW8XhAAL0G+RkKAAABCQkJCso6Abuxr70pL4gDklAYAfXTVwAAFwMDAGkxHi7McmOLywyC2PPw48UhmG\/9LXtg7UsntSmiizF8Yv9hL\/Ad329PtDJntMJthJHT0ze2DDxyNWp+GsXY2IzfJqhuk3CVqOHhIXcY+f1E6Q0xPMk6i38qjmbOTbgzfhZkNPGDhHAtPqQ="}
00670{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":438918,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgErRAADsGWZUJCQkKCgAAAQG7yjoviAOSsa+9l1AYAHsy3wAAFwMDALOz4PktMFNHUYrjN62jZzcxw2rdFk9CrcaNJdo6vQJbYD3BkXnVTr8yO7lhjCoid0EqYQG+pQtv2M1dVuSBYMKnxUHfKmyRLxDA4ztpH9k6i0xArNPBFhlubjZeUmnLnGOFdZcEY5NrixI1zSznaRB0eNi4NZNdo8W75WFzCb7Bh473FVqN60zSDdXW9\/k84Yy\/z5tJw2QECH94F+ndKFsosBHDrntfy138Vv86iPQcEg\/geQ=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":566393,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFTLFAAL0GMYcKAAABuYbEN9gaAbsU0wRrjALq7FAYAfY\/sgAAFgMBARgBAAEUAwN53D+IdbyKMqUcdChlG3BH1byG6PSts1pdzll38jdueyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIASid2tq+mdmASZBUTGU5iyt2F1JUvrNCp22BxrDleoO"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":946739311566,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04347{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":603972,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAg39AADQGeX65hsQ3CgAAAQG72BqMAursFNMFiFAQAfVJ7QAAFgMDAHoCAAB2AwNkY5ffptLk\/1RQxoHPHysW3r9+0ddQo4Z3YjqxuStqKyClHPY2D7aJB29xaaA7zmDQUztgP6bTAGw+VMEA\/cNmhxMCAAAuACsAAgMEADMAJAAdACDs3oZu6oN3lGaq4ly6\/hAqFwB\/djty35eYhaI2Lxe7SRQDAwABARcDAwAgv82VBnjlaTkDEuDhSukFo4HH4nI6fax\/zFPW2XozJ0kXAwMOr9L3WKPFCRevhqaVGoGS+x\/kXxxMckfNoOqk04UOi2nffzkls4dz\/6PwTgD2O+tiYezNJxr\/6WpHVX82B1TCh5LVuQtfmobZqrhUuztxfuDnZpjdtqBFN8\/ThU4OUKCLhdBohaEJUJaODtpSPbvHLMo+XUoovzoT0\/zM8eQTXQpCXzBBMJx7xHTAsbkvGn3C+AG5zWAlrqlt8rw8cJvpcKk420r2AjCbqQCcOhIk9fgtrE6sGQpDmvb1eDYkMJL0ZWhtJpArnw4DJbVlN2eqshODC2oEeU4LRs6HxumiPK1q9BAYm9j4B\/VQvljlxD1l2D54nI0XTtCqzYVH05VeNSyKwY99P0gfk5KbNuwMkg76KjoZ0pANDmDoK2O7MRcalHkbOzBtmCZzhD7k0YW7eqNkMU5wTjhw6\/SKqF25gZNB9Nt6RXkKo6zhp67SL4jpzGRuSRzfeNfXwE70s6GkDEHT87ePp0CPZwkccES0koYuFCUJ8ZPaF51CsuO3hEK6HLj90BijpqZSqxhfc1mm\/yqD3lLZlsT6EnUdCBK75PQ4LqFtNj1aZVWZmY0bISdBsjTgcU\/azUhlVpbtuwFzbRgeZMjYItDFV3G2Mz1lBTIG8+EI15TAfiX3THktTEDNdXWRIKZWc6CdSZSTQj5epKSMIDeZ3ym23Y5D0uYv2rRWwF77WpaBXG+MUxbpeWleGLZxmojsUrhsTN3K\/SO4YTnIH3mEDcbuEL\/C6kXZUUc3JKUkSmGmNO61dgMehbma4fB8llee+ia3ZxrMWwvGiTS2tpm78Rjdk2lVGQ4Kw0Hv16lr+xG8BLc4CMV63wU9gsM8SvlR14rXUIcZ1w1IVKRMCPj5\/ktzqCSdsd7JLAu6iqnF+tffAp0R7hABno4kl79WtkvKmhCxs2C9rHaxhWuglRBec9Q1dOU4n\/q5s3oTaT0MWOiB9FA9hPVkcr5rHO5WTaUTZCO3f07agWWupUC0SrT4kMq2F7GC\/qyJUokz54psYmDyksoYU5W4XunHAPWif32UI8qTU8ZnD9BGfH74hn454rDYVO6L7CccMxZlmp851erV6hvxeQE4QFic5+4T+9IQsqcHez2OFejw6vdevdAwPVqE+KjL4UP+MGf4lbUn4WzekrRNg4+OLWhqMW5jPxgVFLL1X\/7LXlyiUW3FZsQlx3wHUnrfnXgRsgIdVSezz4HY0222o0JjMjRIsMAML27omWMbFkL1GH9F5whlSmkQo7tR4pkO8ZObYU6gN63eRur2pr9yUb6mdaHxKmoMOtTc07t4c0mmYRPcKvUuGEq\/qFZAib\/Cn9qtJSED+KsOJFP3lcOvHyBWmDkPTuXhIirjxvNRHlhpCinnvq51BRLv0iIYtLa4+FWzOnZxdtRmb+J7gXcYqMUZr8f9hSbjcXpRs0qTCNkn\/vEFebnj0Oa5wWQ\/wyYqcIXbH0+Qg2t4MHCtt5puUCcnWiddPmXVCEbusxDhj1mW7Wb7s7TbeMJNHqJK2wkpexuwL1VqKOcMpKkVK63qTpeBRS7pKr42\/e4RAue3aCNMwXb2qN+nhV\/yAs+no2\/T8CA38S+A3XjJrTp3nRj3b7uYGTvq6vgcySIveyFsNVxbpOrMNJwA55r7OmJm\/TMMYu1Cmm7ApgsYESAyvVbBcTmlsCXf4kc5\/PCSNGVGXc3ry7HZ6UrNLiBxVinlqk+M5YS+nDMxRpBRZ\/l5jocQH\/hTpYeDeBYM6nlOI3a42ojQOf0qu\/s3tJK0pVMQq+L3fiObQL0w0ki8zB\/Pq94eJzcgGDCpDBI5rSkrXqKSKwE\/TPxGGb4EW3iPF5GMaLLk69BANjmbdOWrRbmSOZIerFLKML4S4ISArr9z\/Hd6jn9grfPQF5QPRgsy72snzNYK+cdD78EVK3JLSsYYqn88MbAXaWnvt\/NrtPJL0QXd+HGti75Czr60Z2exrtdLfvuyhP6EA\/OJF74UO1DMZkdkO4dBy70z4Gu4gpkQ7cqPDY0GZ19ZQkhDdIe6tY\/KPM4UldVfU5Ox+v3aicLwXXKsL1aYiIDMExLQqDr8Vp6Rg8MhQd15RVUWWezyYpN93w5RckR2WthYnNZNsPa7iVvEbmCiUoUkbzt39o4APEG2T8nb60w4QPGzL8Bs+6zqpdT6PPZQOoSFcrit36uSRZP8iGT1fW72Vs+Zxy5GcZuta5oSW5oky8Ru7NnhXKgfldlxRBIOjtCyzFizIawHPWtdb1FNijZyZVKdj4BP0ocR0b5RYPeWT1DhR9qwqhFmLRHqWhBkA5vK7BpYSEPmeNp9JvF8mc9PzqPXFx4qv46sa0RB9Om1TkSniqOmaKfC0VJ55FKEd3mCSVa1mQ2nzlNyLUC\/G6NFqNfA87dMc8kmjkPDW9L4TPuUdk6cFk2SWFMlOT4UEAqyKhiuK9S2TSwt8uFOPCTdi2gCXoEJdX+9z6vM3zP1D618aG60X5Ut6n4\/mqqX3ZYS740az2d1czqYB7kjzMa99L4RSKw9Nv7MMuwMNSxkhAXISg5MWpacHw\/KAdEQ1nUyITpRoICmtn4wFkGI6VHWSC4OZg5gMWs1Z3587N6CIw3eN5rLnfYJ5l6ZBNqLnr+ciVip8x2IDHWDGTGr5OC+uJxAOEMiK+fcS0il3LgKzbRTF6C8+Y0IWjT3NlBZzIZBcCE3FjrijIv+69vNs6VJAKOlSW3f43x0FPmVvFyGHd0hZ6go7pV\/2O1uABkUwtp9Jfvr8prX7E0NzIH8AuTCtktrwjOAvCJu4CHVfpkaygbTIxPH5m45oyD64MuKPbsc5SlgZwhfZunmTwVDMaVpXGfayrmusZgZ\/07zHxvKOvoAfTCZXoYameOeAqJlNLuCW2W26TogT5fb\/9WF1j5kVLVJW3+Xr3WsDu87Z6wA7xpdVjSQWvWXCJ9y6jEXbNwmvXmeHALYBp+DdvlGU6uIsmqv2tJETpbTRkgR+f7Dhm8aD8084eT\/a67jbRGqTJcyCWp8HFxcSFdtdPKZoErFiYrC7xPgwqW36MeKC3pPi5nT9yuHbuL7yiKV4x9J1dDJBmuStOS8bPFHHOamsDufj+1xHeCKIDfJN+meXy0zdvw70PEKqqZXmCwfi2TfqRVP7d77vAzcphP1F9+RnUlovNNUieiBKgaaaLwfIEAiD84YhuItQrVIeJCa0jqOgMbgEKi1twm5DKS0bcizlDtDFNkFvRAghS6l8H5MMzc8ps2oVnq34RHWoVdxAXCkHDkkmpkGwGKoEP+YEVOArEfXlh0taA60GiWgLXrspKhJVAnjFiuxV1QiMjD4R5UbJ+BnJTGXsaH\/yPppjwU5bzpYvq1TPW2pdHuooLQ3rQ5gXMFPVeJEv4l3u9D\/o1MxYmTHF6ag0Pg7EYa9IiJh8NJsAWlNoM+jz3\/neEdRD31BwTKccVefTs8giAaZY3hKJ1XXe6Hys7XZMAJR72EIr5DA0qa2euR8ERpA8eew\/h0vqG8NScpvxxA8Cdjmhn\/JwaSSF9ubglNVw4f\/Z3JUgBYq3\/\/+9aFTg5SP56AY5voL2goU8TTHIbBp4JfOUmUTToGPy4GEqVcJNDAs6V2L7PobZ6srGT2l40lZacD46Db+MrlADUrWNBC6GAGEaOIzjsVXO2C7zOXrZPBi"}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_tot_l4_data_len":3229,"flow_min_l4_data_len":305,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":946739311566,"flow_last_seen":946739311603,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02306{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":604153,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWg4FAADQGf2a5hsQ3CgAAAQG72BqMAvZEFNMFiFAYAfXAzwAArcpCfmGLOKjDkyzsTe+IPkiqYnruzR41MPuGsz88MQqvC3a9HfwXJ6lzqQ4rCWJcWhWOM\/faQczL\/u4LUA47B+3hgIraXqwM7U0QtAPKeofLhsqBn12DazruSHbiIbxy+mEUG3S56+4ZRbB44U5cKRW56AecOVegPdxq19WX7WP4+ZvrOsXSvkcqGqyY6l57+wMNGtK9Hor0ODYeWdBnCWx+J55Yp1BLeNHq9nHIKHj0qCJNcTpuSY3kcxYIKgCzUqmtnXdoJ0GIMlbY2ljKsarNr5cWoMUbBujc0flI7F15VAzRku1eV3Kl\/7Wukzg8w4HiH6xnnC2hyeJ\/S9kg8k3Thktb0MRLph1xkAte3QZc08opc3Fwo1Ft6aRVOUnBzMc2ygQi4cXDCHwkiaI53r8gMzkS7anbEcS4yQcROtN4r2sH3n\/Y2Qw1v5Gb+U\/+RFg8+P9ZzSoFBkttBuC7bMKkuFovtwfD7bmTraXz2TwXRpY3Ao54+\/SNvuV3GwVsY67MLueBEgpQWATGxrbkACZtD4C+lpPBC5\/54MNyZi6y2\/bINiwBN2SHIdC0sG5gR\/DV19ykdqXF3pfYHlmfR3703pqTCdiZz1zhoMZLCPXVwnRt08WzrSf9AJPIVrVED87vfcSxcnSNe9\/uUQ+fPjNxmvMBL8ur1shycxG8A4cFPyuqBeBuBrfVjZFKQN3\/5iT\/qY3bW5kYmBDrHkL2xegzf\/Moa8towjQGmRBeDyc9Fogbi4Bl2lSDI\/x3VZI\/8yRCU0YCrn33V5Yytpt4Nri5jL3CrvqNUKuK49C6RMwZ1n1NkjUcpjeYGCGRXo6SbIn8CHVjiCEwFZ8FbQctAnWvdqfTpT0bXGelftgC9CQThu\/W+ybRqQdwN+K5c2QiXPYvO4kT3LD6oCwacJ4x3t9XRv3AXxYa1UbtXwad0Q5XC17E9XVpbbgKhrlco595yY5V6j1HdG8AkTRI1DXbEp3foy5yEjtW0o9bfHyhwUqC6TBXcyz4z4cHmh5p6A6BMpnvPJtMyGOVMKQ7LtCwwAKXNWcMVkLjSAZ+IrhMtGXoEFJcdmyQxTOI+OfCfdgm6q9yTer0lySMXu3yBMcL6Vn1SuMzS2FSE1aXKAyCBb3XF5Tfnf2rLe4r3hkWTr8Mmu\/+5cpIK1r4NWR0zq6iT\/lnsbxmS39yt3YHMSpG1r36HYatyCzF6kZo6KyW2UJ6fBqDVBmGD6CXSVAKejLC8pL1qmuOu2eXU804WhkOIkczZMz7pQW6C0A+bVJsEuL5Kd7KV\/W2IGcqNMtuMkFf1vHE4VTHRAmWpIDFt5I4ja4qA9N7tAzSWPkgtQseSnNvTrX+nCc0rsjLviAcYafijP+ATzRDOBcDAwEZYz205aORxNiMwaiQeObwk59GyoJ+T+YW4iSATpt8cc0OU+XkwulympL8b+KCt76fJXCt3rgEOglVp2lJQDaaCL0\/EDry33zbH0MtKm5P5nEWpzvQFhaXV1WeS3oS65S\/3UVJT7\/Hm\/AkB6N0iCgWEeK4i80RHGCYRIweyu9kQIUklvy2RlmccKeVQTq37O+\/HqRcQLsrpTkATqOJMvj0MaZ7zkYReeTUbtUUtzasEHVGtHimiktW2DAjF2G7BrMbQnAbkBNJMIcDNYwAwDUJvD2+j752nnR\/ojUHAoRsnlpRRGw8k7CJ0b0wBSknElPWssxoC\/r5K7w37x9u118AdMWjqtzSlF2uDe2PtsgCUxjOE7EkCZxpOWsXAwMARUyGMct3ItX2QiSoGAs2qAHwCi9mgPaAr45Z5ZYVR5NUAg5k1dXUDUazzqq9GbzXT1\/7OFi8y8eMdJWfTGFw9qor9xL6ew=="}
00528{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":606690,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4TLRAAL0GMlEKAAABuYbEN9gaAbsU0wWIjAL7slAYAfU+5QAAFAMDAAEBFwMDAEX5LOrm\/q2t2eUGDASTuROoLPaXY3V7nIjXeCI2LSFnWiFzKh+skLRrkkkVsvCS7j6wsu3v4MgbuWujQFuzeh3uUOaKgmo="}
00535{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":606815,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+TLVAAL0GMkoKAAABuYbEN9gaAbsU0wXYjAL7slAYAfU+6wAAFwMDAFExh0tAyckORIsAyWSkeVyMG1coXJ4zHtSy0EnQML4KrQawGJNWi7QaLyPqSsPuMMVvSIQJabV34HcU64MxycruXFBNdtWfhrY94XOKn7mHGQ8="}
@@ -156,11 +156,11 @@
00555{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":641933,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"REREREREZmZmZmZmCABFAACKTLtAAL0GMjgKAAABuYbEN9gaAbsU0wdjjAL\/T1AYAfU+9wAAFwMDAF1on4nRvK2bkyWrlP0SAUuwD6w5rSzlhYgB6nl5ZQnEauQD2MIH+b+D4mRwD\/YaKUTywjUobUg\/VtD7WsuFfZj8T2odlVaHwsNqDuInuL5BG64WdECnwrPMmLga7G0="}
00574{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":642037,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWTLxAAL0GMisKAAABuYbEN9gaAbsU0wfFjAL\/T1AYAfU\/AwAAFwMDAGktFlMcQj8Va+OYpDNiB95\/ro587yr93e8zdihbqyMV83P2IZwsj0f+Jv9pHYGQ9n2AtFwdPKePqMzPeblgmCnpM3qDLrw8kY1C\/pQgd\/Qdtlar9i\/afTUePgE7YfQmH2jHTE0uokGzZb4="}
00687{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":676139,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"ZmZmZmZmRERERERECABFAADqg4dAADQGhAy5hsQ3CgAAAQG72BqMAv9PFNMIM1AYAfVnsQAAFwMDAL2QlTU5MNbz+YYrvQfbMQnVVpssEvR+MjlkcOHM62BV0M7DDvyuV8VlfsrwJh6+bCtT\/6rB\/jECI\/SJOtv9w0JHz8w5lYAYSg7eFz+LalbB2hwEqp6U7v3N75+vEfOdsLYkulzq\/cXhvHOPXSRhaeLc24NkG87nlS5QBbHje2FsnGVDwjXfKAh0YBjlxQe0btOA\/Wga8xh0lymrB5k1eb9\/jeWmcathMoM\/0N5YAHOqOLLyX67dwh63luW+DXs="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":703652,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIvxBAAL0GjQMKAAABMw980MyiAbu+o\/fohj5JlVAYAfZx1gAAFgMBARsBAAEXAwOEmak1ToTEOPVX0jBh7rLNZM1Gt5\/Gr6ZvrmdHklieHSAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zbmwuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIGzt4\/5xvtyifU6VTcrfvT+YrIEhagkzRKKKlOYdvDd6"}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":946739311703,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04359{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":732715,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAX8dAADUGahUzD3zQCgAAAQG7zKKGPkmVvqP5CFAQAIN8DgAAFgMDAHoCAAB2AwNcTBj+nowDUUbglTTLuZi3m0Fgte272n9LPifxOMv7HCAP2LkoS3kAHcBOg6onjDU7HEdrdZ3cuMs9iD3w5kCD4BMBAAAuADMAJAAdACCPdFwMNjRtfUXHati0iPvUS7ZISUYNc1KeHBUbO8YTWwArAAIDBBQDAwABARcDAwte+JJAD4P7EW1qK\/KMQB2haaLigWKb\/DYNFwlVC4RO51bq0M8eao6QlrOrDJOFceHVJKhl1p8Ibfrg\/vTRNCJB\/UcW+Fedt+hD1iuUDwTCFZavOS7xwPDkL6497l\/MLuLG4DXgnGeZQ+ANIJd3qmkp82hmnma4vPPfih3FXm2d\/orPnXJKqjQROYWvMcbtvj9Ebb\/txBSHxVMCrKgG408ySWMQj9wSJ3YFhq0yzQL4\/vZaLuRC+Soen8TCR9PMAvnOESL67SWkKNvrhHs7A8wve1+FS4QJZG0DVnfyZjC1lTDakOFEVj8uyQCDIeUSTCCRymHyRKKDInznJ9K1ylbbeIGdenKpQOC\/PvdDSl7uxqaByB3NSIma+imeWtGfSsSVz2bgzfRCO+1shU4LOWr+fJj4VfVm44ziFmXpQXba4f4sLTdWNOjDqe5hsphKeTPq6cjwHY\/8d4YQO1mASNyJu5PHaom1vL8or5mJSUE6nK9PPUFEoI+arXXrdILbrGh6AFzUXQGBrrAdekMh3lpPbuWJTMnyJ+tNhczzi4OaeErbR+eZBtyO483ig0A5ofFGX3QqSY+x\/jYa34H7RpPgi7E73Kv3qvag06VhkcjqWXPokFDtuDpOCx1sHam7i\/mBXaEeSIMn\/6ibfBibK8Ssyhd351G+u7nIG\/kPMrFG9dX2lYQXotCoRmApyZWnnIvnb1Ems9MFs1nWg90WJfHxHinrSdpjBeU8iAbpS\/jrwrYxGk3gVDAv9VGAkZlRz60RiJgOn74olT+JGbdB87Dmd8zXzGHRAs6xX1wLyFHdLBSPxN+wXikNtBamIrek5su\/OhIPfJ9Db8D4NRmo2RQxqPr7fuFEkduV14PFpTKUsiEOkhDJwNg8LiATZ7RVwMg6yMpsydYcgvfMea751TpJNvE95FINDC3Rb\/\/f0HmE4sSUBcBPMBavqAtQ7YhyYupjzYKChAX9lCvR4V0MA3gDeswYrL6CJ2QWYyZ1X5kp+MoOy0A6lbwTY6FAqgtyYhKr1esD7uta6z13oZTeC8zVTDF3SZq3we2RpHyfhsBTKY94xuStpqoHpzXuf67EN9Ci9BXk7ctHV6chPXxbzfNbfHejhQSWblCUVsEWcGJTaWPfYy8Qk91uEWvknUwg3\/gnkTaxOpg74KZR+eQhsLtgXu83uRIpmos4uiAQqNFCr46gFv66IhjUaLn++05xvOtQF+pJff5ceYA3+HVtzS7siCW14iQ0F2g+nmUdK\/l5e2iBJ9jUDVjX1gbsI6q3sWAVlaZSWaqGUPI7tEUJQO+uLheM+t5WJ2hIuHlBrb7V9x7oPe\/w4Jyh22GAaILXTviEQ++5bF7t0H5J22\/uU82cBtUmtPnPK980jnCJpoWHcd5b8NrM+3vBCp31WdecAix\/bw5hrhpdYb3Wuo00LpEwMw5n1XbAIEscw8D\/TDkT3R8DdqFFvsOwEJgVupjA7F1prq8T49hiTkdYl+giz2p0Ayt4KR\/SKb+oWG3y4ZtrykubZr+Qfc18G7yRy1UzXXJ7wFTK5WhTLREjxeCpH6IaQ2zDQ5+I3brP682k2XRTd3nMiVhZaMNZjB3MO3yAICh5zK9ucc+onrCYJIYI\/CtjBj1mJ\/oiWvsTssUIxMNevGNJc8s34PU+GVpiWU7G1gOq2\/oHbQNmNjM6utdbIKFu2BrwDIIIyRNAnfbb8mkTirEZY8JOBVWtUMwNF2wWG\/znmaTdvsV5XVYinNGBvCLJ4cl4jpIhiQHJif7TdKLHCM1mnqE7oXlP0MjNOI8YrXpYFJApJqV+nQMhEAl320hWRRZS9jvtYuADMZM\/zqsrhOwTRUYvn5TUWPPSLkDCWWQT\/boP1Zrm7ipJ29gjQr5TspKmpn4J6SGBQtqSqLcPrjFY1FGqzT0Cxa7I4qGdQmb7BlBoZsZba4XtkUxqQDb7GQ7lF9QZ8stU169sKy3x8YQd1brzqNHrkIJDSvbZZhCJGpijHPtgp\/QG6Dw2\/BImDmY1tBmkVrEm\/bZ+xumAD64t1fYO7WaWjuGbU0Y+9l0+9zDoVeHa476WXFF01qNlSxZZAxFkrGmva65Ha2zNip3N87qP3nyH+3kbjqzMKrpNdw3pOcpWv+PdRxpJZGkBM4aT6LXbJdAxBLLkkepjX3bVMWm9bedod1MvUUZQHAIRVofMSy8iwjG593htNanCQUBVZUhdnlVrmQD4OR5EjaE0aFJSUsVHU2VO9DX1cb2EnPoiZIzX378PPrzLoeda6yE90ZvWYSJeMUQJgjFljjq1Vmv7zPz+m4Us7Q\/oFgLEuTkw4eq\/OB+aA8STNn4AHoTw1B57\/koj\/Tsd4yxadruMqmxj8G0neUx2FN2AmiTBa4RjoLGNzELD8QTXTHG2\/lxfzCVwHvLq9JxQf3uprD59F8Loph7ycBJ+j\/BoYH+iVGt+6GzZ563iyu9UeY0+AiljVO0GFvxbuhFk79OBcmYfgnlTvugErVv1eoGzzwF3KK3N67S4ysk\/cJIT\/DoRZvga\/lMRKstxDLEaDolPIBoEiu4mAsdPBxa5KjB\/uaPK\/Gvldfb7QWo\/hvHLZAM3qCGVxLZ4OSPZzTuJ4fJWIQaOXTrFJVv4TYo67KpO9uvbnZUtP8hCVop9O2qXs\/NKl69+XIEhMfw1KYOxJAcgDxH4xjWm9TWAA+DhZvFs31qLGWSu3CzrM+geUCeE\/Vlrc8pmCZFikrptNtJl0uwOfLeuZUF7VWjDr6R5HxdwbmReRnk8DeQUb8\/JzwIyCR78O7TDjY2uL4IEBoTWwTpLR+tDFV4fNsyzL4VzpHaIwnMWTyomGHXhNDLAvBXN5lZAH1nY9D82KvJ+P8HK2FgOErfXrK6gPfonD48R1bCJofrjuMQkEZVQBGqn5ypZTPRu6EwnkBn4q0ARPtqm0QEoQ1VuhulmyIu4zwbE+pgZlGBWhO+4WIy2SuF0h7yFf\/0cbwCehkDSsGDVM9QRwmW02sBUez1\/0Ml7N8nkc2bCsJgo\/fEUXj1TOn7cIchmlzf+MvAjyYfcGhECzHaENxMQIFKZWAib9UAuoVCbRMTYEaO8+NZKwO6bZTHvUzm+gaaUre7sgcCCP\/wfz0OXBRWwpNRR4m\/LwYXSYWMMhKP7tqCCj6OXjzq62VPsWFinT4KE+SZYXF5y6EZay9KdRh4kW7ybiZ7hqI6uqO0\/mKAHQ\/xlXAuQ2EOnYG47KeZUkoht4zFh4Q7AcG7Q0FtDwRhJqM+GVySAg9IbIymkvgNTTZyOY3isJHVYzmKvFAgPib7ERkwsvRQ\/S8lGEoG+lZogb0KK4PyuRpdocXBa4Io1guVhX2K44\/qHOYqiQPL\/Vb5wtdOiDpag22zTziquJAPx3Cc98vOxAd33lx77fZMHNMz95phNb\/gH\/oBI60jIQ5icFLLZs+m7nP7\/6KXDZlQEY8H6HyN8CbMnqheODed7gRjDQsbXi9MHr27blhbJLCz\/qn8J0uletyL+6GpmTu9W1AZiLdNt26PN\/1uozWEq9dfJLpT7KZnW6S0qvTBGlR4kX8O3fku9pK2qyz9s7t7Ockp7sMMWorJbLnKYK0PgDcQi4HUA+VDHi2RlLA\/XZ9u3fGBeP6zmmrFeEhRc6glZV1JpHMW35YHtgDMlMPiXVu6VYVSboWqwuvKzMobkKuX8tZFxZtF8Qlpv25zGgKwz"}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":946739311703,"flow_last_seen":946739311732,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsnl.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00616{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":734143,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4X8lAADUGdNszD3zQCgAAAQG7zKKGPlTtvqP5CFAYAIMEyQAAeS0tOv0CsE56CKvTlOFyTsi\/xDWjEiSHZ06cNkY05jGBZ0BY+\/8ar9VauCfvuAhmfbkHRsufSt9+BCdWOZTLG2pLv7Rqy1KMbXDj1dE3FFg5TtH6GqR+kavc+JEGFEgehaZ\/FbuVi\/sk8mhzGqOKXx4crPRKN7mN3k61duL6EtdmqASfaRcWFkjwmH\/5s907"}
00509{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":735907,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABovxNAAL0GjeAKAAABMw980MyiAbu+o\/kIhj5VfVAYAfVw9gAAFAMDAAEBFwMDADUgVFuFuNgwePbawSbqpxqNFUCOzmkYzG2pGl01BK01AFH98ErPdE\/IsFBOcddeF+MHO+I0\/g=="}
00539{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":736019,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+vxRAAL0GjckKAAABMw980MyiAbu+o\/lIhj5VfVAYAfVxDAAAFwMDAFEtdUh44cEGQdA3iHwUtUH1NhGg8lVZ04bNaTVbyKMgEel2TlTxN4YD1\/YJJ3t8IZOkmDbABbG1rTX\/m4jdYwD9NvWe4\/dWFtcJFflMl6AIJvE="}
@@ -174,11 +174,11 @@
00466{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763803,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLvxpAAL0GjfYKAAABMw980MyiAbu+o\/q5hj5ZK1AYAfVw2QAAFwMDAB6tOffBq7b64QmsSd+v2c786Zhv5fiYEDuaa3zhYCk="}
00569{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763883,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"REREREREZmZmZmZmCABFAACSvxtAAL0Gja4KAAABMw980MyiAbu+o\/rchj5ZK1AYAfVxIAAAFwMDAGUSdilsnk\/DPCg2yJSmsPDr7T33UpDt7+fouyU7qugS3mc9WlRpzhBODn6kogeE8qQPmYW+sgOJpYyaj\/fEVTl5HFaT10uDxxLeSCv\/DfULel8k7sQWkW\/x89wDwp8NSpi0WLeX0w=="}
00572{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739311,"pkt_ts_usec":763986,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWvxxAAL0GjakKAAABMw980MyiAbu+o\/tGhj5ZK1AYAfVxJAAAFwMDAGkcIdxZpkdanT9u5zf3CPqQB\/78XpNb\/ByXljyCZgyJpkvfvLYi97zU3lVUx1ibVLgT1FzxzwmcB6WJ8gKgQ\/+uQH1RAtsJmi+4IgEvK59Ia4TDcUFuqPyr9T47vrlX9m3EHNX1jLuPzfE="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":203391,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEaI9AAL0GaqQKAAABdMuz+KL4AbtonCHmRxNJVFAYAfbqtgAAFgMBARcBAAETAwNLJ0LoKZs0jG4db6SH737y8naHXDM3S+mAdGRoYzSPaSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOcnVtcGVsc2VwcC5vcmcABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg33Waic8Yfh0yJ5buIXWM7xt29S4VxDeDA2qvuzRytkE="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":946739312203,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226652,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6JAADYGLgJ0y7P4CgAAAQG7ovhHE0lUaJwjAlAQAfWSIAAAFgMDAHoCAAB2AwPlxRfYXMEhZdQ8ajfb6CRVs1xCMiaZqVFxrCKnBSpfMSD3zYs+eWXICfX4e3zLCPsIhyJf4YitXdBLrNgVR3LKFxMBAAAuACsAAgMEADMAJAAdACC7U5tcN1lyGmU4zwJoCO50vCXYPM\/QvTMxioFdnZMwahQDAwABARcDAwAgWYRxXowUwkrzaVinqnzWcQ+TBbMUOwCXts50ql211fAXAwMLXdNQugGPXsJ\/8C6qtHlVybUGs7I40LMTA5OhGA+5YDHeNrEuEhv+tu5lin4eHBImQq4kbeHEAo3aNZo3KmURuDQDW8qwTnUEVfBOev0Cp\/PjSdjbD78ol0y5nY2oRm2fbsKHJzJSSjb0AciAo1LrQOgCF2CvMV+eyOyHUYct\/0CZzYMkLxKZwgRjyAJuXMfA4yEKZGM2df01\/BUbSo1Rl+1vGFFUkgKmIgKkRy+Bl\/5\/aUS0H7x+NZdUl10aLbTaEzyxHvC5FKjKyKio8Nq1FnOONx6t6a1NxwFwus79kTDzOhi2RBBAptjB5bREXvI7I78ofmPnYWckOqrJFFwvKuiJMXscIR8meUqP2LfgWzMDMhsH4p0jN+l3Gq+FBdoxKNoG26O484i0pfOfynG5VCfFmeEmq9XB2jrTV2FwEB1w6FHC1GMZVEK60qV4O+pPgrZRJMZSzwllOfjef8V42EZAcff6ioa4KXyU2Lg36HO0yhYzbeNUU3pAi5\/qwo\/8uuPNfVbKx0eipCjwx5+0hZa74DG\/pD0GzntSqS7YWEdlhEup1mtZmQo0eaDjwGNrCt+ZhJgQy3V2hPBCa6ygW9VMF25ycsILPfVx1AuqPxUOHW4j094S0MBQegEN0J3yWeWaiiBlzmaP9zyQI2IatrzAzhNsYChDHK+csfeO9ThoioAfgwS3AljMljsUX8LckrIXpurphG9MTttyGcbyuYOZgMBCh0hvfGempBEWQ87aRGnYict7DJMJ4ANT6I8mIRYfs9ktyEUtlVvr4PQNKARgob1jc7dcCzVhF1wheYyQGYeS88ndMehrocaatcfPAW+sGsd\/PlwCwZjCKZRZc+RY8UIBMVVQFkJfKmd3vMc6ZdNW+eECwipaKd\/GGSBQQLLSZMZlc2\/fq5kgX+ANS93WhwsRG1d13Nrw0y\/ATREqmOdYnxg9NReWvH6Y9oKaWK0ORmDf6ge12lS9oVHWz42D+xzkGejOSsWciqHXAH+yg6krTEDYRK\/FPbGud1EfOntNRDB8fuTqg6A3gnOVkf5Fe+6Udnrmytaz7VKwjYRLdi7vz2qagJMVcAAVeEuovh5FOb\/1EXijxsxUB7j\/jcKgZC3AwFJv0DQSdWi57X+9030WJdNzGWfONsJDey166z5gtgIr0gWE3XSAHs3+JszFzgP3FC9xVilACKjY2RhRQyvT6fGwve0GSnMhLdXxdeZ6r4BSk1XrmYwxLzeXAWqaNfsfk0zirnPcN6UG26k3lnJ6hvodPS8WtfbDlmo8y38gK+0yMKaENYnpsWQ48t8ZDpKCeCokx5kJ4EaYicnC8gtp5emEtPLOmyhRS\/Kx67Xu26y0PrFyj7Ld8XnP+XpwQqAHuqyPPLcA7ULfoMWkppyHnn9L21Mz+6Ml1h7gnl\/ZwxToT4wqDJUExA47\/9+7Gr\/oh5kj8z6qG0LWqBHYWfEqQZ9C6c64n2xAiBIjVtW2HmMJDocq5nLsWLSEY96ngephvH\/r2i4gA320QycCOlUbe7IShXjhfHajvNFk9aT9mVr+xKfGAIJr4upUShXmjRDRgxjZ9A2ryxbqx35tiU7DJrZpjO\/5DMzEBxvVggb2jlqmTLhZH4TtJi6zfeCLrUu+11tfn0GJzj4HRmOyvzdz8MwTSgWBVisogZKhAqzzkq5ai5YnEcmNOW52YkN74XGWlccUSq2JFZXF"}
-00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":304,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":946739312203,"flow_last_seen":946739312226,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rumpelsepp.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02393{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226720,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUJ6NAADYGLgF0y7P4CgAAAQG7ovhHE08AaJwjAlAYAfWhygAAp6lKTcn83BQxpQ2W+POQkJxpRZXfacCT49dCzRTmvnt7\/eMDX1qsnmxcn8IW\/\/jaiVs0n6JrCEPqM3KpB310Ezncm8MGw7ZSfjBA5NhRsYZd6g\/lnjS76Li5236Ye\/OssNOz\/mjZ3Pxtb9lckb\/iUUI\/CTV\/O+8693wmOcz\/ttlVvcsf2F2cDnHv69Z9ZcBThvWSK1Fyp8msppNqA2rjumUxHY0NG8Y6Cz7YUFXsrxgVnCyIlXLFSqfPySagEMAo+BwG8r0qoeYlZ+taxtjBF+CPFNBs5wvSzuudNsLZAlsoLeVbC7V4nVAvK0ZozwjUaQXydZ7If0bf1gWwEwbOWvwXqAGoH05iR0Faj+nrSPK0l15jvP1ksCKE\/mIp4VHggNWOkJSAoQLhJ7eDNcolNe3VlYAesuTAoWHjzA4h2mXXEBGcexNswvAECexp5rG8zj4HDx39qgDVWk3o0eoSeBD1Uedt57E3iKOheQuYjuGPkNLW\/CT1EKc1xsQFJaPuXeJntSsuTJIbn\/JmjGMrhs2EpgTuc4i6KbgNr+Dg8naPJNChEcAoURckVZ0QP1tlwwQ3au79pUNst+WdCcPkSU8h2p+dgHNltfLpGpzxtjAkiMDwJHlE7uKJfM3Jooj+j8pbChIDWDckUBPBe4tCMPlI9VbP7p8jHCN+Jbgx\/vlzb\/jhrZ3VmwNp1ed4spIYgJkRtqvwQ8Z+wh5eYA\/rsAfAyJTWCHM70B9AefRgCTo9QDWJRLYx1cy2\/Boia47DDoYb3uBS7QfII4eh4Kp0F4K7dkOLwQWThipleT\/tvJB91q4YO69guoqAikyr2u0R4I\/dsfO61jRS\/0OGcoHRfzyYT6Gw0389lH9EFy84qx0Src85OaD1tRwt6pfR9awywt5CBZe04hE0tSwRbw55PNLODVlESQS0e66OA\/M16o1ABO7aMZrc1JmwD6a7e6weEeFmAazedN8hZmlYv1tms5VSBekoNgGF0CPdRNH7+BWQQ\/oy6wbYcn9T8DbY3EESV3ngHV5p7hWwxUALrbhEOn\/rgSRIuWBulfZWiwjpGLHCmd25Lp9PvWu2ARh3jmQWx3LqaLBWQZ2RO9BztLQCxX\/fKF1FJ2Nxx5CvAx1deQyJI3ILd0FX\/RREt+JafDB83Cz6gQe6DiXexfTUxaiReu6RStMeEaz6P71JkxtuCl0MQOV+trcnTBAsrOiC0Pnp41ddFZ9LyjPw5Mwgkq5S8GDPbsUHU26OG2nr4C2Qc8pral7heokrRYgBHlPnskyAlkCxuL+0XPLYLPIRRcJ64nRekoDw2yg6gDPsz4RcMVRLhEiIfkrCTlBJmmDuRqLpZJpecdlBmRfFHNMXGB8i+H\/\/tNPFLdJAZryXO\/8h5nkH4Mq7yLQ6vkIR62sgbVPD0Qe836LfCEQO\/hxA9iWtbqSJ07ScNvoG2Czrtvhfwq400gs5KtFeBbk1AFnMyczsxPdl6tp142MbR3VLQmj78nlxilK51hORcVLi9ktXxGEonuDfod4vDjaA3pJ\/0ADkZjstpvA2GHymd+GbXXXQzsOxrlPNaHDKM7gA5XeYsGBeDXesqay1VJZXsBwjzKmLHBEfMmuTQkRGywy3RBFrIumMzi24aTghRx9FA\/ZPDZtgNyArr3TSzkQB\/WYB0FDxqBDH7pfBnH8cJXOSx4GfComMuGBhw8lB8S7RS+Tun6aoozaQ7NOXFkWLUNwlMATJg\/u88xBUir9H293nJp613ia6G8KaLtsNZhb97810Q6p5rpfzJ8sEbxPvnOBsJoN2uNaptS39DLNaJ78nP1N\/6JenLJUIebOzoNXR4wfNgVp5Coyyjw8dfCFDyuNA5Oi18AcVmGaGj7TK82vR9gQ2IWuTm0sTMl0T1RNelk87ZLC7oqgqi01091WCo6H3\/T5HgzDHHgrz3hvSk8s9"}
00877{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":226748,"pkt_caplen":393,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":393,"pkt_l4_len":359,"pkt":"ZmZmZmZmRERERERECABFAAF7J6RAADYGMll0y7P4CgAAAQG7ovhHE1SsaJwjAlAYAfVGjQAAa5XmI3QYf4U3GsgNUiYg6nE+sTM2tlCEaWD8a+yhV47rmE6kvvkUyHudhyGiVLBix\/s2Tl66k6oMofRZkQrLXScZtdHRIfQgK9btbsMM1xTaTzfknUCL8Cww5biZh9NDUry8F8w5qpojEKHzH3A3\/4lC6uHgw2s20sHxwLZeI\/SjDolPw0HgqtQ7HRGthKZGgTF7EF5W3jX9zyxYcKT5Z+6a10K\/AJDS4B9NuFR6g1KQ6qPeFwMDAGD+4QCAyHAuMeUJDl\/3cFciykXBFAH+fIJCuocOnRHoaZKbLjxfCuEOFssJeNkoB7QqAW9OD5gzqBZNRuNAkbcUPEYKafd8lUfYNtA6Qc4Hu\/0eRYaPXNNUA8lYtFnGE6cXAwMANeAmEtdH6fzebaiXt7tDhzhyIraQebUR9GWfb0bTVPXdXtGXRnRa+RFnQlFlafsVPs9+iBkn"}
00511{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":229199,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoaJNAAL0Ga3wKAAABdMuz+KL4AbtonCMCRxNV\/1AYAfXp2gAAFAMDAAEBFwMDADVrZKXXCOBBCDNpYRE7STWc\/HnJjONF20ovpuvcRz\/QdPSitaw7jbrSJSqUOOsH\/fAYewK\/Rw=="}
@@ -192,11 +192,11 @@
00587{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":253667,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"pkt":"ZmZmZmZmRERERERECABFAACjJ6xAADYGMyl0y7P4CgAAAQG7ovhHE1aFaJwkkVAYAfWNfQAAFwMDAHbNNMxlK2hi+kM73RG+R9mVK1k1n278Xq2fwo65cKzW32ncn3dJ7kB\/wz+TBKjCjHuzTa3am\/FIFV25etmokJlONLLJrfcoS+4PkOtmintpqLX1\/mQcZ5cwcG1CyWfqnc5A+A1kfAB6j4X1LC+tm9SmlL8k5lmx"}
00809{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254160,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"ZmZmZmZmRERERERECABFAAFLJ61AADYGMoB0y7P4CgAAAQG7ovhHE1cAaJwkkVAYAfU4YgAAFwMDAR5OjaBU4K9RxaEOIHl9RkqXTssLDishesbzjLuUbDAZDJRFnzyaj8ejMM2ueTD6CLNtc2jjLJ57t1g80LgQbfy+JUMoRcjIg2IhWkko7S39iw6bgbvyFu3qH1cVkJkjMLOEtHMOGvK4yLYcn21AtyDTIr0Dds40lNJS5EgMcBmhGdtQpaMyXjkJRvHbR3JAZL+cEgYUfuF7xSkh0zPrqz7JjgwtwL0VYQpeusE93XLn+m308ziE6DVryUHuJj7+c7wd8sJ8cb5hVwtxDaAvhSlRMwIlHPrEGLQBNmUFaMohgZq0V19XXuBHz+cBpdoF3+8cnhG48hJE9MwRgEbCeOVFu\/pxXrE0wmFPSGGGmePjRa2StuxxBWE6hgEkPVLz"}
00466{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739312,"pkt_ts_usec":254389,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLaJpAAL0Ga5IKAAABdMuz+KL4AbtonCSwRxNYI1AYAfXpvQAAFwMDAB4\/8FLPAjMrydunzm041lSiRjMKOj5EiHlPHgxxkXE="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":842290,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDy\/NAAL0GDsoKAAABwx5eHOp6AbvJsoUZMUH8QlAYAfbjLAAAFgMBARYBAAESAwOCYT7eCU1xUXbhTPV2JlKPIHcY7sPH2WwKtpwnSeF8xyAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmZmbXVjLm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAw+TAbBBMqcOYtJZmoA1qcBE16Yt0ym3XOBLcMkrVpDQ=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":946739317842,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":868005,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAyWFAADgGjB\/DHl4cCgAAAQG76noxQfxCybKGNFAQAfXtaQAAFgMDAHoCAAB2AwNkyl8ogzMlAhTUQA2TsMh7Q0Cc2\/3wZHCiwad1Z9NoaCAex0Qk69Rnwb5oftgvyqN3KWFf9IzenmheX1LYHsKC9BMCAAAuACsAAgMEADMAJAAdACD+8H0HbVGEEmZC5hZLdNizcuC\/0pRP3fgeIP4D\/GwhdRQDAwABARcDAwAkfwnuX6wEOZOBUTjar1eVwNX\/5E0Ocx7Di9qIEnerial2sCiHFwMDDDWV4W2nvLW+\/N2l4x6sJgc8wiYdu5HOhM21Gm3mnFcxKO2Ie6ZC8TBNY2Mpp7Yb5rcL6bqv3cZKl4w3lzpNGDKGTjZnaTdTckz2Zj9T\/bsrBq0FYycXELwNiLo2fX1zTKtRPyLUu0GGauan4AQwcaDjRQzNlNJGd6461bdar1412MhrLksAOF3Zz32PJXTXtFU1mwvYVqphcZDb4pPZ0N+gjj7dNR4S3YwPGEbwlcx1UcGfiv3pyH+UUZNMH5Baw9z+5KY9RTPE3Rfw1bhKsm9xadHFb6suVuYDZzfowFS+\/J7rFZVNyczZA\/78zcdYuuXbTxeDjPhOqxAoQDX7VF1HojbcFFzFMGuyikHPdDYckD+WeR5lbhzc\/IDh75MNMf\/KMikRmHFGsWSPgCfnHcJinGKvxJJW58RraOB\/5irkT41Kj2mTP7rHD5SNd2CjxOxspgfL21g9EgRySSvXC+1MOm1qzwLgfjx1ZGRqf62CTxE1WBGLSGVSBUD0U9VUbvm7X5SNczaQPf0VLn8L3p7i1Ks07MNKvx2UZUXfrd\/RU2JWlAdhuGfs4RK7IYupZ9gwETRs4hxHaE\/JmiH23lQ8LvM6OtMsbQ6PirB\/Qq+igXuyD0TY3sAc4gdxm+SJGHsDpdSKgD9SodG\/vExsIGp+Gl5tevJKVwUT0pGU9EjX1Bi1e0B1xZ5ye5cjD8jxqC6fGWDYbc0qUQnT6Ei3AwoDVwqGAF6EPjjKHUKSNJDHKDRweWDMJ8eQeivUqlu+lhWhCAE9lUvj8qFKlloewows6Y7yqVUmSPPw60JQ\/7KRplxJ3xUWU3++WylOr+8YCwNo64NgMLldroBbTf3wwNL5K2B8K2fa0ar2Xxz3JO0bcvkksssiMRLPicETirp6CaB0jh\/JBv+EtfNF9XlRRV3bVxTCpp5g2WrRk6UQuYXfLZgXXpvWsW3UQwQvcMLuqGRqk0Lrq45fax67cEa4ablkdoldX6BJdVjUPEVJmY\/4EAB6c5ffE2gmcKP798gpjRuEOsJHx7lU8XAha86w59XzXonwVhFiFEiku0\/ryBztip397enoLu3d\/DdWuO13MC2xztCFDC63o+OIx4LKccR2dUluAwyjMQHJH2QfKyLnH3gJwChS1jbNN6JjmBlIjJ5F5oE0c\/LLe7ZNRcNl04\/gPLP3X4Ig1u++FkuVZR4VffxYIDiKTeCsRjSq8xT0sFQrVMRqRExsxUpTFlLjgmk+4A5gz+AWsHQgXQDHpc8q+tpaaLw2T\/VxrMhaAlTNwD0R+fPu6xqKcmZ7K4tPJ18rUG2cCEq2Vyx\/nZ5Bsb4X51YWHYwI\/b62OL85Ky892\/YpuTiyCwr\/n7zKZjbYHc3bE3kJITVYYhhm7SCsQwZLdboBPXK1hc5zPXoZ51+dKsAS5jlTrL7t90UaX+3d5RBjR5yWI+hwkpRHZC4YPu4wFBj9CS+kKkAjOdshMO3DBnfsoKT51IiDooH56PULR9jXPjPvXwHziEAOD5lKZLhl\/1PpgUaU+m0Qhb9DGdPkvd5L5MtmeN6AG3ojp00pWioyce1OEa+lwCX86DDB4V50XA8WSmUf8Ruv9dDKOkEto48W94o6jbWCBaVHLa30AI1sBDsLlVma26j5oIbiMjlGK8ArsP5ukW3ec2Ucyyw4OeOhYe4PTq7O8QJdyRJffrasJ10uS+VJlhZE6nntiGTZcHenBLx6mVY\/sNy\/xKxBzOkMpSKdjL8GC01HDHp6JDU\/ZHpm00Le70fm6tFZ9vCb5wPUsyYycjMTWmiSgMdLOaewpU9tlODZTwi8DEVWJyEa6fkCFWYdu3u0ydeu8NzIOlQcZ1lyy\/E5qNM0pqUIMKgu+I5sA\/1d+JmmvGoRZQYTQTUa3kxoSS7rPzyV28dHyfYsyZ6xH4xX0Te4M4ymNWY+c\/L9THfsDN\/oVSD593mlv7UAAlNYa3xzFv8UKd\/o0wqF1apADEX5sol\/96BK9yt++kADu5RkL3Q9suLz5lPpANm2QRRIs8Ow+4yzU\/7qCzwe3wQndBdO2mvPNrxNQWX0RWtNADT1hADdzQX8UO24dOXh4qk+iHH6bl8lfIvW8+qqcF2nRbvY6bMLSrGQokwAzcMtwiZdjIJEsFZPEIqPD7EZnzjfnQijrIF9Wn4vbTwPzBnADd1msbtKeSaVNdMJih6KLod12TaeDOeCDRiB61IfXV9dgIKfGFyMlxjk0+d6Grs+cJ7UQzYlQ0mX0vg3on5LNDK23JzvxJlO9RApmtXu0TOUl67cxwpSzAdhxbWvI8l0V4Ai4I3tdYPelpVFVsSo+cgXM3bWISOOqQjzDzqnRV3rpFOpKmYj18yo6Iw3eQgPQrdVloO5tfEf2RUtUbOK+ineibqkTHcOjvhuseYK31qZJs+iTw0+voLfLVtqWLppBhUR5ajc3xYiWsGOK3UP0Zb+9tGTDp7eUX5mpFIs5TGNFA+qxq204tT5KujsIYtCIDdSXn6JYPAXRTlwA4oEjKa3OoGb33tMMT9hVxCQHDLFOs45v41USfRH5jGOfkuc9t77jPR84y7jSr8tXiXsE5CuwKv3P7uF9BVlABkx3ZlxEIz4\/1UR7mzFGAx9K\/RIDlF6SxU6mh73+mMXE0JVkoSTGdIPiDILMtKbfWz72\/UvSW7dTt35fwXmnQwL7He\/RlLL0\/sjJ8vBxcVsv7+Y0XxXaeqzhRtNiCnRgUcTqfLUOJS8aBbh4HPdSKkdltzZb\/S5Lper3Z8zxxuZkIif3ZJ\/gz\/T0iQbX6Et9RMROBoUHjPg5pKYqkENDxoMG\/MC0WVGiX5R06OFe3s9dZ\/ozvLZvYcEZE7N7F5n9sPRwd+I+59lPh72uicIxFdChXuEOxCFU0V3rGzpol1Y\/VsMpTxsDCKvlfGj6qXugNMGkxmq51kciXtj75pUlzwIMe6kQUn2jTFnukdp6OPxrp0T4\/lDiC3VaK0fB4xi6LdOz\/EwCzEu7lICtRLOOwfKoiPsMnC\/K4Myo47r7qgooc6Dyct7xyGHbGYJon8e+PQMECksrlAXwIcA8LQoEysxirtgk51VSp5RdhUCampTO83NLVIjW6\/5AUld9ViiwVRqzLBg7wtcqkBPZd3uqzxG5sC5MeKaDzMg3QKygjiklub6zdiCWJK8V5PVpgiHBa0as\/kw\/NbzRIp8\/DH7U1o9eDK98CHzu8jiLgQ5n1w2IYkMJA1JpBIvlpsoUz6Qe08g4O6AzxZi5RyC6\/8K7\/Ed0NrDjr+G1S6iNZ+qijE4QRaBke9Co9IWob47jnSAaxgFwziKOB2hnQn493UlWhwDwQZuENq4DusUKLl4gaZTo1LvBrcu9EW+pZ0sdlBNW+e5bo09BfXSYhwTQVczSoVWspRueOrFVGx29DRpvDMWXSToev+\/5dhguN8sE7\/6r6UStt1tBEq6JkIdV7o\/cGVmADZ9PpG+uKpSV95fJQxwhEgMidjt9Nuj7TkbtLKuomHY1OGt2HlKFszmF624Ixr0UPZ7oS0P3i\/BbBVqEJdJZsiVw4MhJvqQMjH63aJ9Ie4EL24xwrBjLm1YPTGhWjPxzGPCBhmgSj9u3DHYv7ANgf\/CwtQN4PY6wBmanZg8AFnKkxZzdFSDH5pdfVl85gHQh72n"}
-00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_tot_l4_data_len":3227,"flow_min_l4_data_len":303,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1613,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":946739317842,"flow_last_seen":946739317868,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3187,"flow_avg_l4_payload_len":1593,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.ffmuc.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01443{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":869199,"pkt_caplen":814,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":814,"pkt_l4_len":780,"pkt":"ZmZmZmZmRERERERECABFAAMgyWNAADgGlH3DHl4cCgAAAQG76noxQgeaybKGNFAYAfV6GQAACB\/j9FRzrXDeV1gMTvdtnDbaxVBoJBh9cy8pOcYrD8iqnoIgGbCFSCgUCuevEmCLqMD6ndxwNBjeWxvehtGcTzYfxO5MsUhftQ0+dqR1WhFRhDtmvuIG3Q\/1JnJ+iTTGKy7+d19ANVD5kJS2Kbw1kq1CCeKCETSjOhUhw85xD38cYnUuHGOyMgN3a57KOUyOmb4EwXoByM8BsVlxu1vc1oPozugCeie0GDWpbdeaEmjgROEgR6DsCHE32e8OUOXMw3\/fTV5lRZlHvoE+WIdAJO23JksMoSbzH5lXNpwBfPg5fllHB2gzZy73MltgSTbtU05NdkOcr1ZFoqdQ2V7wBDgCUult1m1frKnm9RbG5so0kMdI1K2imdVR2omx+E2ZIA0aLFwNHZ87uVzv\/27AUYdBTlcNoD9yJPyo52+VSIEhFJ+iC6HMt6T8vMgHE9t8doC6zzQ5PPfhV0Y\/wHOciEZ1QCJawdjeaWA1oK+LH3dEkeN+2N6ZvT6aGJRirsBAqqpY1jcHkYSWOu0YNfkmmhcDAwEZhRt19HF8btCDpTYJhT082yjULJw4KauCEpxSogJCDv0wIm\/nxsgKWJ5swMbqyuXpT7mdSSff3VOjrgPc6f4pSWMC0gPkidij6lKAHSShm5G9hfxPyAE5LFfSUSjOyv6KeU3qvvH\/y9kOCN3ZJI34MmNCSHjx7F7SwgBhT+XBQWcGdTlLW08ufWjBpFEV0wweQ+sorOCpyYk1BQhN7aPpwW+8cPmzhDQyCikmnIgsWh1OdzHEfXqnhQmoNEJoF7iPcZZ2Q5XdXc7TB5Nr97MOlFTANPGwh+Z0IQ0oeyTOBC76R3rCyPcgQuUbw2ZmngRvKZCro22Tf+lTL3RL8Wypoy8hNNZMukYZOxZV3pu1hHfTdtt5At2T9yMXAwMARRSoalzVajpzS8ANj2fKvjjGfm\/L7CaKj2s8TbmN14sqePDJ6R8MH8TM+nnzmnQKkuZgpCVkmHfyoZtoN5aVAw1RpWQU5w=="}
00528{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":871016,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4y\/ZAAL0GD5IKAAABwx5eHOp6AbvJsoY0MUIKklAYAfXiYQAAFAMDAAEBFwMDAEW5sMLbd0gmem1uKXhOn4xsScvIMh841vOSv25s7WegMWRU2Aswoauuqax20OLYWSZS0GCafTK4XRon6bwmx9k2Q1hF9xw="}
00537{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739317,"pkt_ts_usec":871144,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+y\/dAAL0GD4sKAAABwx5eHOp6AbvJsoaEMUIKklAYAfXiZwAAFwMDAFFGa1RBxhcsaVS1JTQbsm6b3akfyKh\/Q2QTKdRkJM6NqfDPzD3c5QZ89kS9wTJn28NiChl0RiDJUJUnuw7FkiBDzP828V4cNxsAiVSYcyY6e6Q="}
@@ -211,11 +211,11 @@
00798{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739318,"pkt_ts_usec":37345,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"ZmZmZmZmRERERERECABFAAFAyWpAADgGllbDHl4cCgAAAQG76noxQg7JybKIylAYAfXY2AAAFwMDAPTBSH\/KUN9Ho41cffCQxrJYqIef6Xn8cytekOXeeAPHjzza5w5Lk\/Fs5hXSHCDw5NX72Ztnf7IH6QGxoxyIJ1HUWKk+Edlf1yCaaiWSG2qK0boEbCex1OgZCSzfuqjAo1mHvYIcjlHdYDJB5a9RjE\/U5d3pi1ylEMZuVl9S7BmnFfzWYQLG9VTEqRoJUXsx5QLiwYAlmszUJDalFHNSRVxzZZvw6QxVh+8FC1InrW1oyRKR2xFIYp4YUJ3wdWp5tEn2LIvCuBP1JRsGgB49yTiHweVhl2D1toTYHLPXBFKveGUx4gMgeosIn4YM+HOhJb4bRHYOFwMDABqApNe+JAK5l37wbw8X7NNtNzFmPvcJ8YVILA=="}
00449{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879259,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAzAFAAL0GD78KAAABwx5eHOp6AbvJsojKMUIP4VAYAfXiKQAAFwMDABPOFDsRNkPmvUgsjvIivquiUuss"}
00450{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739327,"pkt_ts_usec":879293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABALvxAAL0GxEYKAAABrGhdUJ\/qAbvjN2\/5lQPB01AYAfXKpwAAFwMDABPe80YjBSFaopQ49brkBueHC77J"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":955395,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEM0dAAL0Go94KAAABuelq6LZCAbsgVVLXybMJllAYAfbmxAAAFgMBARcBAAETAwMcr1WdeadOHog3lEpiodEeAcm2gZJgU0L8O6YStA7tWSAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLmRuc2hvbWUuZGUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgsGpq4zmMsA+1iGgtz9f+LYYNyHCIQZ\/zq3SyFDX6FwI="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":946739336955,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04354{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992908,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAvuxAADkGkf256WroCgAAAQG7tkLJswmWIFVT81AYAfXxAAAAFgMDAHoCAAB2AwOH51VjdKQ\/AZQoSOmoC7jYQ9n9NqAbTWqEvktHdZeP0yAYYApreqfeMV002xSAt2FZT+xN2PBaLBfkQPkpY2yRnBMCAAAuACsAAgMEADMAJAAdACBHlT\/ckNv1zu+YfSt\/zxC2rtSjIy\/UHNmUMGM8UGyVRxQDAwABARcDAwAgwilHvuszxY2P55AdC9vc0WNmaI98gk9UASFHh+rOkuIXAwMLGSaHw6LineCaEcA9j88fiSZ7p3jmYBOCmFwXmWuJbNVbDX18tcQr3ZATZwug3WdQUgZQuGPbLNtio7ePY9WJu1m+mcBvlmSf8p+kNIdmks3LygnPjDC2c6UxorLMoKdZpIF74n0UwdI1haIk7t9SxqKBNHhLqhVzXfA\/gYf10GXPi1hxhIDRS0KcW02uf1aHSSQNM4lfDYD4RpVTTVdscI7J3G592b5BxWNyVv0Whq0mJ6igzcGRSA9ve9GnhfQ7PQUMhLbnBs6Wh4\/E06aah5j\/y2NN9Rc5DR0mq07rU5Ce+\/XxD4lUU+ekKKMEv73SbncelyWJ8Y5vAOXrDEqq81ak\/UBhx9qx8\/JbLt7htRmRK4POVPXjov3f3Cr0\/J9vWUZrGJZBIzd1UHWlYZqWZ2e4zJnIzt4CgmUiyp0aneIGvtzNkXr50R32ENIRIAFyE695Wqs8jERpSPGsHn3huPrLifotNcrG9GhWfn+P06Pt7D4zUiFfvh+LyEBgC4g9mLo7FFTR9ZBh4cvU6KR2JbkcthJ2\/eit4GXyWKglPq9JYKNPyFUXXYoA+haf0kKxXZykljYvB6S+pRhq5fgW9P0TnapNy0IoETL\/FsgOgMCO0tJLa6wJ+moPbCUrnqhRlYqM1pTafI1RDq9YRk8QTG21gC3tmzmBSfh\/ZYdFQXZmYXvWfFwGRjyPIT9+zMlqq2Pdp2JskHpsbB\/FwB1MOL4EMGO2rEvqAN\/G+LUDaZwDQErYmrvokCqs5wzQjVzO+vQiri8OiX7KtSVymFdc3QbFXkOIAgL4ZCdwmcaz\/rCx33yioKUWWt5qTqCZ9pmtXhl4HcAp8XhgUIEYBgprpf\/Ti2fp0ElRAFLFXlwNoLI9iggooHHGhx21Tg5YhcbP60KH\/320Ma9w9iPFEDojm9a7Uksk9S+uRWv4OhUAAYKjuWZotkEozfx2xPJWhN+3nf+Iha6M\/PTSY3MMhm1WzIZxhGYM104LxfJgMU8G9gWojlgvjhJ9uq3S6TQd83u3bJfgu1uC+MqFUVxe5NSUl7ikQ0I2+aFOcROfwG1sC6mO3ReC1pSOUUz4gO3A9SSBBDyhLMPE7cirAIcpsT33LqFeeSDEu0N967vwR6xVh0M7jpo7PUXyGgThPlyiOpRF9s8WGXtAs8kIwGDjwgfzhZb+5Ica\/Es\/V\/Dcco2lqRgq\/dcAdyZM5sv0arfbaybN8N7gqsGjPTm+jzsbUO6EEvEXHs0ldZG8m8mE2GFXoShd8wgIhqj+fRxwQgiYi3jFhqxSX8HSBaQWBy4gUMLE10OhfyAXvg9pZiOtBVXbyXYhifDjhNa8C4V7nKfsRjcc+IPNLOUCpNnF7zVC\/0wEFNmAysEgZKbiQ7nvWTQEj\/4XkHTl7q+V1nyze+YBcVwnousw\/sC5PPMkFjNe\/rVKH6Nl21Xz4CEnFJQWyg9SJCs8VgXn5Gx1la2fl1eBBcFXXyYGSGvhO\/t81KOmn26l6yIAJ+49g5RwCWqzmcqOfJ3ZxKGRw+Q485Of16n26ALDBRuhLDlJPjC0rbaer7p0vcHW895cpbl01o6MkW2RA6neV7IiozPr9ltdIu27V3GvvBr7fVargxd2L+tYgyfTl9\/WILWXDEQZ1hdvd3QHM4PdFHFrVVzTGEggsJMhAt5dWLBf1xkH6HOVjXSYC7QWsq9x8ZMQQFScuqTVdGfJ7phQpuljGNTYHS3Fr6g3GHbNodTeleAa40XcWPRR1QvCNrU4+1mAEfui\/VF5yCnzl57O6v4AZaL+xkQS3bq5TgH0cEyHZIZPSXLjPO+kUoZirl9ExMfDKt7TaVQdS2YK2Ak\/Zeh3+0YL9HobNvrh9Kdgz2l9vzkzpGJFhtkFPLbfyoUqy9qVF5BYXMDsDNfzLRqQCkxTChoU3Oq5WC+NNoDfVEiV1uqKr4CPZT+MhJo3dMWH5rs\/NiqvW5Ts1TD9YHqyVEww4VuTJUEbvVoPl69h72o9XVtS7KLsKkPydjzTTKhHgn+fyRDhXnwLBWppDpzlYOaK5Bu7LUZ7jwPpDGb2uHb\/NdM6kLWzWHLfaWGXR9MiHxj02STxuaoJkhvcxJyZ4jf7EzDEtGtwrRtO9550RF2CTHt4JP2DLjHk039ZthYCTpxRqRekm7pNrIMm6JYaNTmH7DS2CnClfcodyWQo4n2PKz2RufAiyCR1Iovd48L90Pg2ksKOnBbJR09P4LdtuhxQLd8MMrL6a2NJAZcO+1X34ekx37pjBc0ECEHI\/F2EsMCaSmXvfpKvJDUd4hm6Lh+s4zDGKyYb0h4IN9C5WV\/0KBLeUKLuzHg0tLbCpWl5JAtrGio\/3uzgZW3lPesajgf6\/6yAiqz5a5LojXhnEilNNECArJbZRC7dxSLQfHafj61RDK6iVUhWyQIyby8NmvYxyArKL23gG\/dtpUv9vzD5buro8NzKqBt4kyQq5AyRDl9Pdx90dbqzL\/wNfIMw2mirNqhLtAV3Lcmt\/A5VrjLx4ZixfonmUVwV7Oggr8cd2H76iCaLM2zov\/KSvGOLzKOj0+VfjyUlo5Hx0LkrFyR4dGU8OrY4\/30wah66XxEoGD44ZGGY9mmIzDkQJmAUZmkkS7CDbDg1Z8FYCE7np6+eulLdG560xvNnTNnZupEtGdS5efhEH8mvJ96YqbwwP7SeMnjliahQXu1+lakhVlu8+nICagunD7qLvS+Fg8H3c6rjbWQ5ju6044gUUjdx9m9ucGTb1DOdOSzatH4eu\/xj8ZAYSsVq\/DNz\/DBK6wsphchGHTe6SX3Win5Q9xfrgZYWPZHl0ArgB0ilWMiV\/ALLyorbVNLl9DHnMkx10GmbnCSrwAOigo8SWLMZlWe1j\/W9cK63Ok4pAEypI+tsaU4+KGNcg\/Y809pje8RhsRhZyPyRSO4W7\/HH8AmTmAipBXMFJFIlbGBgYuDxl\/k3WXdS2IEVB5uVrdrK3IuYdnPCCcVuL3hLwj6k9lhcwgEM27zriQrtCvCjvLyB8dJvyzZCywv3b9Z9hbJbpIZQI3lMz+XJWCtXR9B5wT2TiwcFkZLA8v\/Gj2OeLuTROa+JmAs1Cy1LT3LNHOmrtPT6ceYpz72COQRQio7ykebG+XDgiLiCvhnLtQVxEQCyclUf0DdNX7KRiUsNtpm9qhk\/7G3HsLQ++6h8v1DP0f5LGqLcix7u2oI33Cf4OwaMqtYGg3yPzbp5wNZ8XB9tSXKBPcsjkv4tUNMLMknHSDtW7RBZerB5euuv2oYXeLw6W1kFDZQwREcwkkkFkPaFTf2R0OaQ0s20yEJ+2MP7zAUxwADciRnXdaSacxi\/MFaNm0cuKFuTZ4y\/Y5UDPv5UQlN6az+4ZYU2R4xFvAktPXCaDzYwhyETBBXTQ3kCDrI2ulxdBfYOIiMYjZjYc8xv3tq1mBsJ+7sgbDu2gL\/fzU\/XzK9B7Kcn43ttHaGeIj+jaXeNq015DYfGa1PFCW5NxEG6gmnM2Xks2\/Rnpc+U3EocTaXUc80yTiNXgxgwYfe8v7xwjDD8vmvRwIAbeusZYjtv2\/kzAUu4e+OEPcd3Jl7OxogoNIIdrVgd4b6ak43cbXB0SXrSOX\/1U+4+a3+9h3qxiMRT+7taHA6EbLauuw0gFFTQLeevuvsRegZK"}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_tot_l4_data_len":3228,"flow_min_l4_data_len":304,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":223,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":946739336955,"flow_last_seen":946739336992,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3188,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.dnshome.de","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01404{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":992967,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"pkt":"ZmZmZmZmRERERERECABFAAMAvu5AADkGmnu56WroCgAAAQG7tkLJsxTuIFVT81AYAfUY7QAABNww0uNuIsxm8qmdOPnMYeMk326YaxrhZ4BeE0iQsCOXpRsiKt+zuMH\/p46kXln3RjaOovnK3lxdaHFHnp3StO0w+9qyP8dfRt45iKXPZFHyuSZwyZICfazc2HX7baqawWsKHZ5R1vywVP6AqZpQ8xcDAwIZV+38qSfJjoOS9nhUEl3M5HQzO5DKRWLOqxVrOGS63iBZfxHLzBoty2qy3aDDfnx2Xca0b33wH+vr40qRx9mkz2WtuJs2PYtZyC6YxK5JHe0kUVYNQ8e0DmF1+83AmxFepTqPZR2RfXf2xtUUMst9Opu0LUgXejoef7ambf+g9Hfx1wcIPED7otCGjweGJmU4YxhSCmvm\/0prJdQTwLXZC1W3mnq5JD37u0ZpUZMdfulvx59AlBuxI9dDcGROTozpsYCeE9oOe\/+Op0XuIETBK4vQLjS+LqRPSPWlSzl34Ie9Lj5RtzFBiCOGkmC7wa1QGFdc0GBzHqe9X2VH4rhHT\/IVDbq7gKOuuDcZFEQo8KQkkgT\/bghJzCpIQIarVLOPJxv7EiP8jhgdtK0VY7ia6u+987fqrobyPuMatQbDO9AYRrsJJ\/ihFxuvGwFO0eh7s9vftBi8t0DzNQTsnPfAcZ\/ZhEkLxw\/vJIZfSRisiciHHsUp4piy+90mTdN5MUCDY5ry7DKAw6vfyOQHg9r82wvKNjwJ+rcekPLEv\/FHRvy1AZ1HMnW6KZrjJNV8SoDwDvDT5+zsDiOQRZ1eS4AXXC0O32K6gqAACjcqP2miu29e\/oaEK6\/b1NO2Ve4\/XFw2LcUxmiYpmfORgcrg0e71Ts168PRZOrwhuw4jECElrQOXPiGerekKt0pjC\/PXBVUwNa02PEriryGUFwMDAEURcT9DfIBolrnsJBL883VWax5ssbCevOTqwONlZ29TVRgiw1ubDPfUhqNcVCvs6bW1xyVTdeWqdjyxvrhijbOm0mBmopM="}
00531{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":995910,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4M0pAAL0GpKcKAAABuelq6LZCAbsgVVPzybMXxlAYAfXl+AAAFAMDAAEBFwMDAEUCA\/YbRSqPjsGQUsI7BDvq7g3hnx8stX\/\/v2CQCTsComt49V00Fj0d8MRffKPSBQAZmRH9pre9c9BbaPqDdrxQX\/Gf1xA="}
00873{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739336,"pkt_ts_usec":996291,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"pkt":"REREREREZmZmZmZmCABFAAF3M0tAAL0Go6cKAAABuelq6LZCAbsgVVRDybMXxlAYAfXm9wAAFwMDAFFiDwiRDXElbRhM59ReF6s2xqZG8RLQbqz4wpPrraKkN\/Q3HPC6T46YslyC7AJMSo1NEY1ep3FOrNlIA11HSwsb5eOMMpx8WNDUcPEe1r1vVzwXAwMApUI30qxbqbhWVyYGeOCEKJy06pkPug+PlPNXOwNqmcyrZw643t3j6fa+nNEdRxSXRCRihM1WRyQ8iDH\/Q6XjG26+a3iPD20brSBgI4tGq7G71TfgEfNyG78PMIFUuUshkFsOPrECbUFrz0HKwT8gbHFBzWhP05NjVu8n\/gZhYtaxOtJ07AMV4usaM8JCEutaHKQ3nCC\/lD\/U1rGT4byhQ2tvATBrCRcDAwBKAo5u9aU\/uRFkDbdy7aiGyC6ZSDQdw31Itx4Bjw1AGDdS3RRyIuBDENoUs4sCaKjPHDchsbmbEb3Gdh0r7veFFmABVf5P8Ws6UQ0="}
@@ -227,11 +227,11 @@
00569{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":20009,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWM09AAL0GpIQKAAABuelq6LZCAbsgVVYbybMbY1AYAfXmFgAAFwMDAGlkty+gqGrZ6kcEx6eBNJkFXATj\/PJ2qcItHe\/UVJd0Zib66d2kn86BcOtb4B5FFYHtH6onDNf0gbokZwIoYEMVa0r17ktTXFUNebFvyIdqYEIhAVbONH2RHpX1ccsyOFmwuGRf8aZpw9E="}
00683{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48007,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrvvdAADkGnIe56WroCgAAAQG7tkLJsxtjIFVWiVAYAfXszQAAFwMDAL5fINknzSWUmJfsu6P5GG2HB04fm9Xp7ShxhoWlZA2Gsvv1uYsUhk1FoHjhZmw3jgY7hhBO4qrsQXrxPHGKcJRhNk5YjXZq0Iq+Xc\/0f\/Wfudy5r79osixFidmFWbYPxQ+dQuZ0OQb1xmezDUI0x31kyUuCW2Rp54AKfccofoQiACif0\/hxjLMQJ0jL0Irnhj4RevmIj9hvfxGMqPHsfxDIUxm6IpyxgtbAA4OSpTMWQWyososskgVkuA\/Ffiha"}
00464{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739337,"pkt_ts_usec":48238,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLM1BAAL0GpM4KAAABuelq6LZCAbsgVVaJybMcJlAYAfXlywAAFwMDAB46We2Qp+l8+vEhQuOpjYEBZk1tUGLiEp2u6nYNM2Y="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":407664,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGD1pAAL0GczUKAAABlTjkLYysAcV+b2P18dMOKVAYAfY7WwAAFgMBARkBAAEVAwN1j0zYbg0sj5M3182ApIbVPce07i2k0VciV63ZowCdCSAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+QAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG5zMi5kbnNjcnlwdC5jYQAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACDGkG2e0e5ygLjqcZTIOnp7CQIXlvblqyaK24BObKyFNQ=="}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":946739348407,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04625{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":519522,"pkt_caplen":3152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3152,"pkt_l4_len":3118,"pkt":"ZmZmZmZmRERERERECABFAAxC6ChAADQGGGuVOOQtCgAAAQHFjKzx0w4pfm9lE1AYAfVGVwAAFgMDAHoCAAB2AwMRVjU7SKUNCImmvfttR+GlB5jHaN+TnBAPl2NNilPzIiAqVc02WrOXRNItgTWsiYtxSSngWuVjvyRNgTc9xl83+RMBAAAuACsAAgMEADMAJAAdACCw4eX0v0AF\/2ysIrFslRpf1BB8aJflBi+uBQjF\/mpUaxQDAwABARcDAwAgSKLdPzNvW2jgnkkt1ArGKeMX1pOVS05PtE3+\/eUokuAXAwMKE7xrj8Cd0gecm+XxCtcCbfqp0Xw17l8bEv\/shADxxxp2Bzbyoz5R49XobAcn0zX4NMbYWhifQlUUPNi0pizuvO4Z2uJ7BgjBOgi7uGW9+EclkcQWPWUejxuRe7O410Q5Df3K0lFnTAKG5Q8hFQzWRLGpFNFdEHr9f\/gxxabZC79EC8Yp0yPXv\/HmMDXkQ4MFiklGk+tPcmld0DJxvUQMzeQxCm86Y50216avc9vAu6fj0J+kYdXk7oWDmD2dtLnR5EwpZu8cRY2UbUkl8ALnrb07VMOoFJY7zPFJIjuPu6NJRBVNZJB3vE0d6+a5PM4g6gDBfk3e5g98tlFHWiMNmuoZFlZFFaCJemgWUBnumrnynKFU46wjegkqBdCTk4d+NWELHpY6VAZduP79nQdaN3tx1a2c01muRMXnx81+ULomH3\/REIZL8cJwn+2P90vZcz0nqHAdHNiNOVCuiRaWyF4Wvtc2sEcGUjXGdVCvWK5\/TAJXm0J2jHwKksw9UwwmgBH2L6bGrwRyHCJ2cw2hrKj3bjjl++Bt52RqDx0PVra\/rDo\/D9uT1POR1MaM\/x6LwSGCpAydntCKtia54FgA3Uhl\/nC30fr8SinEx99ZlxNZcUwMiSNiiKzXEm9FsWYC\/mMQzJV1i0LpOAR5NQqTWYZcgE0\/OveI8ff5IAowgJ+Hh\/4cxgYyfxncxnZuou7BNW6vK67qt4eHbNzMxkGd+MYfZPjpdNHgl0+9xwS+qPx5Geun7Q7WO597TYhUFRG65T4qW2mYIUwL1aivadFz0v3ufWodzPjitCdjrW\/CjxtgUeuQtpa9t6KowJyhDmylZ7M\/A\/0JA+G7fTgIe1TbG0xXzz8kDHjrceHEBB3fFYvU5PKsGoQIH7p5mVRtoWylDhNC8a99xzxvR321Mh05C\/rxybySPX5rS74BeJ3VVwh0u5wrKR0eaWETinu\/8G\/XeeDanjx9v3DJgHY+pmOJ6EfJAfykxOYeiP4203LV9khy85bpP5JKwpS2QMRmDFSBHdsHpJDRK\/DdvVbwNlWzfHpmLZWIHourYiO61Z3oUmy4jI6OPDHv5EeJ3GNgfdU2yVIDdXq\/feGnWjZ1ojjDmfZzX6Ga4usOS7QhUW\/qRlMWXjj0hWmVMuLgwxGhGIXFKHCnNkMvxhSfzVsE\/fi2RWPnsN8Y42mvONkcXcfz9fwVNPYZJ6vnJUdC38oFYuyxT6LU0tUbEwaY\/ADwFl01XGl4ZRLV0i0vW1o2ORCGan1S8ji0kjp1PF5SgkDszY7oyvcHWR2j4C6IQfUNuW9sz\/BQ14X4v9\/xe+MBb1f30kVxu3I5Z5sCgwSJyclzM\/f\/w7+dPBCbaDnko\/4n8h05Ca12TAlFGzHkKPnx1A7nHgTXQTbJZXVUHU1yc6wwHk03G82kbZx+9FOzA9UNN9spmOc1YFepJxRmeK9M4veJGaNpfRVGQg2bta2RYDoDQK6oksPTzxPlWmkrVyuPbKNRQte57AnTO0NVTFr+bzDGOQFV5KuQbIF5hun\/LyUUKo6IgZruMikB6RR4IQ2uwGAocW75mLZis5bpZE122ilxmqMjkobAkDhx94FariZ5KfD\/Dr73ksFu0dQOrbgEoWdEDM1QJlwefbcBwmDPAZLTV06HvqQLrQ3a1J+ItnjBF\/3OcuGO6PNfCT4mXVZw\/XCZX37Gyj2evv5QnGXPK1+Sz2Q5HIbp4HDap\/+BBCzFRfzqg0GnGl3jD7AOmoAQDjzGfNFmTCT3IVA+v7COJSJTgvupRfK8IGZ6AChkDUM1D7TO\/gBXEdODTbF1kgj7tfbZE7QwEaK830652BNyQJGc4RRNwEbSlnyim1OuU6TMP1kn575di9kDVNjDx2AGxl9r8\/Snh1yll75FKAvMdPXTtCkrIgF4ok5dKpFUBKte07uQ2NnmiDy8tXArJDdFY7b0nRfBceQeXxY+261VTVS3qQ8BgkT+EbOmZjAyNz47hC\/w2WDlet\/NE9emDu\/WKqWCIy3yA1831JCwRHJDtJVAd9ss2dknfVJUGkTZeyaziCfo\/hUPLXsYyHku+nVEJbqNRpQOhPnb2jeGQfmWpk2og0U8kSEHESILcSFehIwO8Vb02doDEPxmjiluOoiNj8DTjVwesJzOCze3nnZ5thxuSrDhczvTCxNeMi2LoAi6IHJwv6yKmP3cCkUEWe4z9AbWZf4hUxJmNVNy5Q7vVV994JHX8omBPWK038vtH5PW7a2OYFKIdjI2Yz6SzJZ+OqlYbYFCmqa0c1eGXVB\/8TqdStQuai1fU0TE\/mTy2FB8c7NSR\/VKsBC8I6sIjqPn9nPpsLX4Aa5DuM2tqeuJozI3MGtgrFFDrWyvjyt1h\/ISepVOPB\/T+JPzE5fwBCeACmNByH9IK2FVF9+wHSMnDH3Rdcgq4pgz6QU4cUluqyfpyzHlgAE9GfUnMqJiECiCuREVqACQxSZ7sa2wTa0di8dAGzoqN4wIPrx\/temySP8MWqmu\/laj2zLNnRd172onl\/m0hR+U8Hv2MACSDGStNO4O5BZwFSeic72yCVIqhVfsgHETqQg8hlMMT17c\/Uj9ao0O73iw5Wjk\/7cB+lK3LZb6byC2wyyD+pd3TtLmM3qgg8MtUgLGKfhsIhfUQTp\/XqEKFU5NCsHHu5VZEHHRdrJOXdW\/pdNLP05EW9nsN0M81ZPdlsv4so8uNoBrTLmnVUIf8Xa\/+SxfhPXt5a7K9AzUWWAjnEVKewBClu712Lm3rXDDG8akrRqhMVator6IljVQJj5vEGH7cBag89maUZ4A+3FglL2gnFPZqquwNwRZ\/3ZI\/mK3YEJZaZg1I0ttRdpLCWXjXUB\/Ipx3mzzk088GloS95doYpwADCEaNRAt8ezUks5kQLYjOijiV4kNTL4MxFeNVH8TtI\/eKEzXoMQeONGsl0ElE1PvGiv8WDRmkmPVWFKUutMd8AsdJvQyoKp4+YBesIZnfv5oqwoZYzY6xW0eyUs26A2QPqxn4XpA6GW55Ed1urfGB\/LM4y6m1PQnCV91nOX\/rijw0hyc632Jc4nJK2Fy84ObW9S4LluL+dKVbnJwm07LENwwbm524\/mub+gizMq1y+sluBrCe\/URmcV1qijGxp4HTb+RHA1oHAF\/FwkQx5VCNkGEMN0VqUf0AhXzQ7n792nY1bKlqBB5bwOJqseO8f5u7xOkvAJgvo15UUiFg3Fs2KF6ThIQ+YMon+lnrc8ic+qxARfjEb0cUl2zxPZdn9Pk3JDZvc3FGGanhfOsuSbbIvGq9hrnu1dWnHdMIQG0tNqt5ibv87oqeA73DYcjrRkRvnmr+NgiyzjsYvnZnavg2SVhWLOyeYi6z6452amFOWjGib+uO3a6rOPS\/dTZTQ6OPLUcWKxkXHJYeC+Yo0LWKJwuFiHg7pi2FgUOZ1c24VzSrIDORj9fOesNSZQSAFwMDARkW8VkjAKLO1iVO3Z32JB1I03p1Xf19NsjcozTvJTA7tEC3r\/iX403MlEBRFX3aGlXo2cYSoUTLuYUpZWzaPV43zoko1HlYoj3YCwOBNXEdg1n9iG9nfj9q6\/IWDsPyy9SboWjcQJVD0zE5qJ8DwGucAIvsQ7D0zCtLvnxWjjpqSDdb9tOBYDpaZBZU8KCwR8LHjkKDpJkQyCpohil6861j3biEmWgZIX0h067Jmu+\/GI2jSqgEcF0VdDgb777Odt1jnDUv6rPpys\/KpOKpGwd1sOOD1atUuwZ2VWxJpoQFOVZofLGtGDAGLonrwSCzj9\/ObIFITDrXAwr6TE8\/SO2citlABmWDWJNFMQq1IU16fmzPW9wZ2jhYPxcDAwA1KFs5Si96rO1Ec9S06xPPSvxONjZOZ1eDJyi5V7B3adcTvi5GDWF42J9ne7Y2tNbnJdDWBMM="}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_tot_l4_data_len":3424,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3118,"flow_avg_l4_data_len":1712,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":946739348407,"flow_last_seen":946739348519,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":3384,"flow_avg_l4_payload_len":1692,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns2.dnscrypt.ca","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":521785,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoD1xAAL0GdBEKAAABlTjkLYysAcV+b2UT8dMaQ1AYAfU6fQAAFAMDAAEBFwMDADViidEmWrIRj1bupCYNTHJ+IR+sbSf6KT90A8qW52RQBURyQL9vFT6E9CFjlI93BJu2cr+zKg=="}
00536{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":521926,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+D11AAL0Gc\/oKAAABlTjkLYysAcV+b2VT8dMaQ1AYAfU6kwAAFwMDAFErq550LH95uke0rm23VPceTqLIT5XXzMqalNs7I2JJrXOWUChHedceFo52rS2b6I6rUVra47JaBhmqJSjZZC8zmJ2wvcqD4AZr7WxTsoZAniY="}
00657{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":522094,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYD15AAL0Gc58KAAABlTjkLYysAcV+b2Wp8dMaQ1AYAfU67QAAFwMDAKsOGAidzVIImZBe8IrlHfcbcM11mmaHWvkM7H5DrafIKyBdOKxCc4GdZm+Qq+PXfPf0ndmV5FWH7h+IZADqRJal\/xOyFOe6Purf+ohwLWuQQt\/ZupLyqJH7ZZNQ9xhnhti95OsaKR2Y1b4EKds3ijmnaoMndpYL0W0+RcfMCAznlz3IcmNPTwpP+DR23n6pUpxgqmz18syHYKiy0yZrey0DrSIKjKAW6G9+eko="}
@@ -245,11 +245,11 @@
00562{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632552,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRD2NAAL0Gc+EKAAABlTjkLYysAcV+b2bH8dMdC1AYAfU6pgAAFwMDAGRDuH0SRNge4KtZJvTqZaQaq1HgJSCCMpnQKHMI6ovV3CB\/t7j+uraRVyqkljO5z4BxQF+HTGb50xsX4UmW+lMgAbNvmHAFAzVZFYVqLizRSaFP7VQiTmHMNiIa\/c1OBP6HA27b"}
00570{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":632819,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWD2RAAL0Gc9sKAAABlTjkLYysAcV+b2cw8dMdC1AYAfU6qwAAFwMDAGlXhFdWqvEhyTlDp6w1hPZVH1D4QGtG5TFAn\/M+fvanG054BYUJax5Hl\/f1KcEDrezIHYgOsJiAwxt7unRbKlztIlLkkXB8fI0RhD6y08eFlXpDTXDQ8ateflvgRq7dQVPGMZlNlXa5z5w="}
00465{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":742064,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL6DRAADQGJFaVOOQtCgAAAQHFjKzx0x0Lfm9nnlAYAfU93wAAFwMDAB5Ji3IaPqPqsPpO7e7I7ITP5Ggy7RENl6Impzd4GGE="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739348,"pkt_ts_usec":961764,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIPztAAL0G074KAAABLZm7YJSCAbsJfFJ\/n27j2lAYAfaq8AAAFgMBARsBAAEXAwMZV\/YJsl1KDGHp6vinUuSzBgwYUj7HikeN2yT\/6PXJXSCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zc2UuYWxla2JlcmcubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILqIx\/2aPwjQ+1CtVREnVkbTOyfaXxjQI4MYF1wNoZlj"}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":946739348961,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04358{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":12422,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAVvpAADYGOMgtmbtgCgAAAQG7lIKfbuPaCXxTn1AQAIO1KAAAFgMDAHoCAAB2AwPVEzRRR6mT0E92uybAnGbGZWeWVD\/m1\/eNOhfsedWm3iCCG8AdBIamvVFUtiPCGd7atl\/XGLRDF4fN5wiY+j2o\/hMBAAAuADMAJAAdACAZ+iIImd19O1rP7adwYQe9xC\/+1jN6jL9eBLofHG6SbQArAAIDBBQDAwABARcDAwtedm5F60tr1KSpSWgXMdmmX3Ys4sUEWudZbc\/GVmqkUsaepFDQQ8mcPIjegsJEHlTqywqGyBqt0c8EFI9PK3y9wMc\/+3ozr1s1L0Jd42MTaMhOndcbb8aYEnSYi\/zIVpLn6qdOkfyxUEfDDwQC7tdpz8rWkLOD8s1Gc\/+GapP01LuZUSoxJKMEPFivq1rS7ax5uSaTQJul+x0Q1A7WKBQI96lxNlKhu8S\/F6aiQdLb9bng9LygmgdlJ0IMNTAzSle754kwT44x6hxHdY+dgL3FfpB162mfDfNtflZ3mHhPTnkpYtlwwqsdseLzRBUZP3Q4Ja18aDfnLKv6lwZqUkYqVbKbxYZxo1iV+7HgYRo00AC9h97+\/fjdDvQp1\/ZlgGZVor6fI\/2UbNyKd+CKXq\/WxiWd3cfOC5mfsohQgZfh0mCkf9dr3uz3ujKCV4y2skvjk\/nvMYWaCk8YYJ09fpkBhHkvDLX34BQkxdq8SFFlf9KC0xLeicU3h\/prF3BxKbFcEuJVsTQ1IwCvvKPttu9bXK5Pot+r5ctGacxaL2PbnIguGLNO3oXuqP1Q9c+9bIOgs3SrVqvTzY6u7z71LwLT4lIRUT1tdFuzNBsI3uP36b\/9IAg3kdqQ6B86AhSq6s9YI9cVyIl6Ij\/v4hTBVX3z6+HeVN1ZOCnsTQ5pzdsr1wh7Urw2Dq8ujiDkOD+Fou6dMOYoID0SKEwKKw1eszHLhxLaCFy\/r3d7Go4MVMtt3WT79fbDbeLxIVt3hgCghutkKtcuHd5chD4oLWELh6tM9hPl+4nCK4m\/+O5cbKg6OL6jCTY\/gO0DykmoFGAjlffWT5qFPKGIHd1y6jfLFBTeg895J4XJsRYeS8WWpPvi7T\/OrrEOEoSups8MYg4y47m6jBSiviaU3Egrqb9OmbARusmAkBOc+b7sPEV3vJ7rmbEmSmp9es6Ma1hTLKZ1zLv5y87EpErdv2GmabDERgys3rQli1zICByjjT3wKTtOmnCFVus\/kEZ20ZKIT3R1SBoRFrSMK3NkxEq+liNvGGcf+EHNQ14qDPBLs0m+Amz59cCkIeFxK62ZDg\/D8+8JoEQZlyE9AWaFti+8vDVxBObTHdc9i3Kw7ewteJw63QBC9EWl8n8clagy9wb+UFjl1FNsicAfIiO1Xs\/Zye+Z2EVvEt6aOGsYYXUIiuSHHHy+OTANd5q6FtSmxH5d29V\/RRYtUF+RFNqvu7jCJbpfY4CMi\/uFQpCXgIsM\/FuZw9ietB43gXYBJPigmUjQOJrnl2aOEVZN25twSZkyFkDyfGhTbcdXECqNFF8TnC98sE4z4cSyaAj5eIgD8KWiILJX2yoi+dB+VLGxM9ljCfyywhEqQD9FxwMPenX20RdEq43Qg2oM44SbTOcaPyRK5R1+UoArEareBxTtwbIj1\/gYPRWTkZ8pK7ELTpeDzq5dz0ptJVwSUIH0JdKkVE3RFHc7LCdWysSVUeFYgHXl28Deq1y2qizxSTQTQGj788zPkj9nRqwsew3ffxErP0pR2erOmxzmRPzUcbJ79H2yupuK1CFndSabVcPzkp0n+2KlKx3Rn8tyf\/hn5qm64LAaVaGFpUoNBQQlUEAUYg9kdMVxRV9nD92+mrKa+2JReRncweAA5LhgzrfrEPwyc1B\/FBpBxwIyV7Xy5RQehy\/n+t2tqgDOZsROSPZV\/c502uShsqQ80dFUM5RKxh0mzHQFM0OK4kAUJhq4wyFBHR892ibgw3EufqDFUX7y2fDW3v9sHJ0PjEBQf0Z+LPQlMJXmUS7wgfHtNIgpjboq9\/XXfFayEzII5Ncg7bWrTiyo4JZFWiVHcfds+TlAJ90V8nR81jNjJjiPpWGiw\/wBoLReBkDgcemdC73ykLweu4Hz14TsLOSuTZsu5EZr2HV10q+61hH6ogeRQcst3XaFzwE6kceLYfEcwH6tnp0hMB9x62cNInT6JQ8Ps6Dsa1MRUtnCTsYL1E0KIBY7R9nY7dSZJpv6\/qCWpPnVEfxATo177u2nsXiV3PW6LNV3vcyinTzbbKWNsqHSX\/Rxrwf+OdHXgpeBX43CwbB+Rl\/n0BchEVnzKV702Gf9HUv7cdBb0q\/i8hYFIFBzZttYWXxvMMCuX5vFFfZ+rdfdvsqESgmVU60GNMEWlpOcj4wiK5O4Sufp7t63lXuXFEGAyK\/zCX6bTsoTK5InJmYeoxH7z6vro\/3e6Rs6NXLtea8yb94qYkPEVBEqGEipZDsyb\/R\/lWwE43D7Aub6g9hkVbl53hLJGZnLMYjNGkky7jnCfZMKDiaQ3bMKv84lVUSDkp3sK9qeuBF1mmZVLhv9HAxir3SYBNQzWsBGcCUpO9xkV8FP0kj\/iTW\/FfLKk\/DKd+BUjaxMV2uhSSQCmVokip5q8tl9J4DEAniFz7fyP2MXZu9ul4s+9NyHUnr96E7oyJz9targa6lIbTNrabDpef+RQ95Jg3dEACMFcNChtfiB\/b3jxW+VTLzdeEUKMhmN9RiB66l3ilE2UeLuKgX3mDdaXzGma9QHxu929MG9uV3gmQHGDy5TCH2vSSxC6z2\/OmzDacBVelfY5Epw7lZBVVGZZnkHXtDZ9aRkPwQ5ycPlis7xyXgrmjnzVXCU2sPi4g8aIZETiD58CL1o5eQFVuuBNN+YXqwNw72pWFPr7n1hEhwv6Vw12CTiC6plOVTlmWo7Hq2\/pHWhiu+RR5lh+vtYdVwTRC30+fnyRct1ka9vbNMqvCrrwxYa5D5R79sdMZcHtogzlIhlvBA\/hEtCrwDCOTsOVV\/YHdG3yKWN4O6RFwnZZifYo9t6777XaaqBBnRbmAIh24x\/s0cQdV+c5CkmqhwnyVXuFfH9t0XQ1553XL2pziV2ZWgjNschuXZ58zhktYtAMF0VjgYyEW7jDxhCpc\/J+cRaztT52A0ytvkRgmQaVyJn+aLdW9sCq3AlQ8gfIfMUsOa4qrrfYi\/W6wC7p\/JpUVApLzH2mKuhH3cCajbIykaOD4hdj7uAYv5ROV\/V+1+PXMG5ia\/9hbHOgDJFO9d9IqY7KSn3C+1mBqumfNrcdhFQFiTH43iJKL7gLi6km2zN5cYKZjrmjbjv3JkWSUwYRpPDfBjgX5JiTKnp6do79w4bx6CpetzdKmLMsuX1smdlFu3kujpvbqv6a1KH6F4pTm1MQ5RJmmfgdquxg6OsIIvP\/kEDn+LVg8ZMm87yYyquFkOWwe1Uj\/Vi3kL4fPIR5niD5XVoEWohLwDdVCqKts+2P1GYyEHqQAMrqWmQegZl\/LhTQw4INPlPDFEm0yb+KBOh00ktbHzCM3CFPGnzYO3alldd67nq954eKLkUOGB9MeSY7cUwdbulO4dr11zq3CmOecqOMxOt2f\/VIopIebzlUenef+vRdxbO4ewVSqUhsy+yoPWXBOpZPgLhhY3LxBP7ooDeCCIO0lcZB\/CBSyUEgiFK4lZ3kAGz8uFt3A\/vRHHEykEvXspKCwmakvQLGtne7shF+m0j\/3K2vxEjTMcnD1pU47tDCPXW32n5d+GKj1kQXvMBCTdCNuO1i0NSTDkuKc7j5+f6O6RyusC0fFzTP7MVdbXFBb1omPMQEuUSj0+hj0rK73sjeV5xq8OVFpFoURjJ2NwQsCAu\/jAm112150nTKknyPg+N6HqbvoOC0Wpkh7IwnBnV+fSTZjZ4AEkEeoKm"}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1616,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":946739348961,"flow_last_seen":946739349012,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3192,"flow_avg_l4_payload_len":1596,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dnsse.alekberg.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00614{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":15352,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ZmZmZmZmRERERERECABFAAC4VvxAADYGQ44tmbtgCgAAAQG7lIKfbu8yCXxTn1AYAIOAngAAUbudk7Sx467B78RwxwixN7WbszxDSJth5tiFKuiBrGoB9KFJtYBVt1C9rFJk5PyiCKlQsUVoHGHAH28fXEOq226wLx4N\/Z5eAHXlqMB6V1mSenxLPr5ItjgHCvxui0hIr8CHs4BD\/dcyFi\/lJAfYyCLIMg195o3ptTftZf8UL\/yW+5j1eIJyx2wYxG1Bmojg"}
00506{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":15974,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoPz5AAL0G1JsKAAABLZm7YJSCAbsJfFOfn27vwlAYAfWqEAAAFAMDAAEBFwMDADXzhu9IckZdRF5p9rktj4FIPv\/RwuhvcZ5iWKfecDRsL5LtFLthbeqdmQGRbwyypD9mazUNOQ=="}
00535{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":16008,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+Pz9AAL0G1IQKAAABLZm7YJSCAbsJfFPfn27vwlAYAfWqJgAAFwMDAFFS6HSolQONUAW59PBdGtgVHQTC6yJoVCA4lOkKUOgLspS0M5eGwl4vbADuT6W\/63Ogy8VduvtD38O7x2SBJDrj07p4QErHcergSl3nvKoUwYU="}
@@ -262,11 +262,11 @@
00569{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":65278,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWP0RAAL0G1GcKAAABLZm7YJSCAbsJfFW7n27zRFAYAfWqPgAAFwMDAGn6PtIkVHmoMJzjgnATo\/ZJEjP78dbfTDYCDqYkTi3+wLGg0MV7H5ZkPBTMTwrv4al6lvpl6iYG+my2jimgUkz\/xkX3NfQvTv8nr8kDL3hBX18zhdwCA1rVR9xVIWVhkT84sSRuAePVKBc="}
00466{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":111124,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLVwFAADYGQ\/YtmbtgCgAAAQG7lIKfbvNECXxWKVAYAINn0QAAFwMDAB72vYhNJfr2emZvkuGwRpUrsgwkpkyMMIbGlSfK6XM="}
01125{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739349,"pkt_ts_usec":138384,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"ZmZmZmZmRERERERECABFAAItVwJAADYGQhMtmbtgCgAAAQG7lIKfbvNnCXxWKVAYAIONrQAAFwMDAgB4l98RxKWfbSMotLDSiQR6edN2EYdpxWoGfSeyS0FoxV2bjBprpJnZ2sR6iqNqaW\/HJKptSnpncrSntS57Q5FQ06f8g+Ne1Nto\/RhX0aRCKOG62K3tZIL1VwtOwgn9so58Dtam2oYRg0273TQzl+9k3X4GKn54g26VYZ3sPhxiOPtJkAPonIbhid2\/PGAf8i6TxbGZsPdWzUDht+loR4pnPvhPoEqtqRiB6jWGXFXKTjtxTdPA\/Dvylgr8o+IET0PNTx+\/FA88nKpol4vEMqD1wK0cOm6kAgbWXem59l+QFeLj9cnAypndtz\/iygelWBfg095HxRc5E8\/H86vDjJOgqxHn3iPKUcDQkEY3mCiPPHHv7V5aI7gCVpSUD4hBSJweM3aYy9K8KudaxjdeBDNcQszGKW5YbWZAgOzxfW9mi\/F0hJITePnojX5vfuD+8PGEJbqgaN9Fwze\/6Dr26TNn3hYNefkzZ7nYjkbz6Ar6NGK2sy3\/72VNBDv\/f9MXtoHnBE7n26+Ao5HDKCn7T6ATKLTROkSfTeDzEm+gpac8DD8VQQI\/tIyUwAQ58dmjQrj5oLPrz6UzjX49qyJraIYEMvYva0b3aVwSDw4uMV9SGhQW7AuPLeDOHtSXqgvHYpAWGM6dwpk7EclOgaLoz+iCAzmfIobpkzxHKtO\/ZrixCQ=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":159307,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFsX5AAL0GP4sKAAABuetRAa5gAbtwXMMeYngARlAYAfbM4AAAFgMBARgBAAEUAwPEqi+8SizamcFZuiOMoqnZy7ZEtN03UH+nij+VYBL3GiAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIAlFpvTRrkboC35Gi6Kti1ZQzFT3L63Tg7Ad2VS1Z0Nh"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":946739354159,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04631{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":179666,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxSLpJAADQGQGu561EBCgAAAQG7rmBieABGcFzEO1AYA+rX7QAAFgMDAHoCAAB2AwNebHWZixx0UeVpRBPFfxfOwpvxbfyV+ENeQi\/Un6YmQyAFdLPwuVYC1BfptVDzpRdMmd95Dbs0SjTzk4T9Cfoa3BMCAAAuACsAAgMEADMAJAAdACB1L93FSUikFZRCKYl+OoNXGHhZBDYuCiNIjz\/6VCChXhQDAwABARcDAwAgdZlJOwY6+pChCwvT27tLGZnet+yerzqND\/r13r3OLdQXAwMKE5aV9MRHEDXFawxN2Z6ZXTlxr30g5cib8A44fkQ64oQQPk\/j2rM6co+1b6nblkLeVstFbtdteXwKa840eY9TBhZcpregM8Gpq1oOWaP3aNoy3x0m7PtgdMXWTRJ7rBzMj95YpQgnRNENvlH3xRXTNJuz0OfawrfLZMK40dTY8qdEtSvVWaOv58OBFTZzds8x7Jv0lUMqTicPkVrWkLGPasMnh+a2IVbs4dzr6AhsFrB+RZ1Cwi3B7S6zzr3HKx3FQGuVtHh19izb6w3PsdZ173iclTsS5Bteswb+0EdgltfMU7tCCWlZhlMw5cbiqzX6GLMdzRL4kMNW6gZ94dTc92SBIwy+nEoGbWZhqTeDuHiAUARf+gliy5YoFjW\/PRAypf5PMRtEZClIDkjH3prUoCFGtLR5uf4Ro0aKo3ih\/KCyAGbVEIvG4bDrcfRxO0cIiVz1g0D8AUPbTDsJO+EPspEYZgIriHIBYFx\/k\/flIHH3EjcpqIe+X8XzMf\/XqWL46qAhN1cBUZXyVc3ZIhpeJ7ZcaAbPdH2pnTMTM+2Go4igirnaKWq3AflEDkSSdueX+UQOyAZUkd6Z\/x1Mwq9Tb7hXL6vtOYcRcpywMzYkakngWETbQss0CojZbN6WAPS\/E+Yya6CgGI5Mt3dulPgu8jNdumumeB1P2glp9qwQHuvHZ1QS+cPtS5x1raYCp7T5sLegZ7EBanNjOEnVAU4IhPuW0ciFUM9Mj\/BzgDWE\/hUdNhPhhQjiaUBq7VyAXKWvyO4Dx2Fel0gu0u32uA\/SHIYv4dBAj17ghhBMv+sGNC8NMtNWhv9aqIp0FgaNgTJ0u6ZahzAQoaba8gKEvhS9MXrxWiCXAHjt1VsuslTiTWmDXRn19O8C7v9DYdY\/x+ZHYaRltrJ+iDZDtT011nG9MjUMy2gT88psevKL0b5pLEr8mJZKye0N3pZbPCi7mofLMsInUgCJYAIJe6z94EV17S9g5MdytiaRjgrDRHDrubquER\/+3IoTeZlSES8Dx7zlXZ1xB0O+hR5nXJGyIskMCiVwzAersZ9n8hiUAXpNADMi79ZOaHWxepo2ogdjtLk6L5RJOzsW\/4O9s\/bE+P+1smYJ8Xz\/vrKCk0smpZMpgO1UV8s8gCIdy3Fy602DcQY72cCEk\/bea7v72CbMggpz6myeQuHNx9T5ZrAHxOyDqp4pkMAhTfD0dC3xg5zkOkSQr5pJx6ievuDl8+wenRgTssVF8J1H1XRwU56YwKhMsgqTn8eD+cywTh5zCo9dNvl9ZfHWmV3Mdg4aJz1dYzmdkUhSu46Md5G4HmOnLwI\/XQbyhHcZ2WUU9mvD9BvjP9kn2RjUXcRT+d\/cwjt2Esxb2ENHpq2bs5raN\/CIbWH\/kUQRUUCpYL9CdmiBZpRtJPrOXy6iWAKofUme88d2tr7pTpEzcTLRU5BoYhPgOVQbcXw1q3yaTUVQB4Wvp1Zu7ruywhz7ujDaUupe4ypGeBHoMNq\/GonbnedBdKUd5q1Hau\/cYgTRejjU\/rutBsmd1TsWFTtw4Narsizl07q94yxV1+nrTG1gDq+RefJI3JM3SA8ccXZmrC6\/9FsgFjt+2cDWt4JB10cFksHu2\/ml\/dASyc2jx2disClcngjvd0YpBOF1xYxILWWqUHc2SCZLZ2Aroa1pMW21jKFGB4Ar1xpSSuVVcPsSSozoKj4\/j0FvDgtwJoY1rK5ezs7yUOh0iG7\/TmlCa9VwcqKlbka3ucK+EV23eB8BAhdfkU1ZRvrzop+h56cTHnAqdzA+huEFkYic20FxEaceaf8SUoyM1\/uxur0377YEwqxCUCLmkpdjf2hKaG2o6w6dX9vCExiNhM2Jlol1IlMb4fWmsojPIiIMoMr4vCBzw+JJJUMfUwOy6sleF+nP5muuQ5rVTMwbb+OCuGE2jDpUYai822DbFN3NNQkq3i2+StVf9WCISeMMwfPk+unXE38SgIx+97\/gooknQY70IX3TsgQKFcc1SEcM6rgwk5pR4rwHfer1xQNsM1RKZGf8xeZa+ag2yg\/IxDT4LymayHchHxdaigJz4AcxjPrNuXaoi2s3E1xPh2H1clb\/ZJJwrzY7BZjc1TQovWjOw6wm8GHMHRYPWaLpFhaLJX6iixp0BBfYBFzNmIvcsaGPhpGQIWG8LNHl1vR+XYpcJzMWemerQw5\/TiIwzhe4xLQ3Ee69tOX2fKhT1GAVUyB0oeuLgjlb0FpWzQ\/lyORIy\/GJNnRuRgdZy8RNv03eZWNeLTHNU8amNvoSqoCJx28QcG4ZFWjkiBlGlisQg9MS7LfxB5YDcM35ukvbr57gX64nw00G3GJe5JnYnqeIHNIuWQI7nvVvBHP3PfWTKRa21nyK90D70j+bxIjA68ylRrcDSlrq9zK60l62NWR551fMFXxuoHTFc7qQ+K4J0ESDuqw7x47BFgsRGeVuVNYexUC0TU1lBMwcu9BGg+0G0+duPvOP3aW+jzZAhqEMopcx946w0BTw\/+bJ5qiZX+nSvNF+IzKPfnXq7G+okmmjpg\/ianwcwtjvgrAC4pnZGY+m\/27CyJiTEi9fYvN2T1KGpFt19LfH\/UKHKmZdKRHhHpgpAUwyz0ixR7JCGsZBCNp7SmZtoObLBfKyYFLS1OdeJn33VC7QU5ZIB0TIGMOnasD1IIceFavDDD1uWjFat9U8TSvdQkrVOP0H+iiog+bscrfkzNeLsrOj5JaS96ZDARUESAXVBQE+wq3Z0J6WrNdNJCanh0R13lIIfbBO3tp1JQaYJcU43NTOBatEStIgR6pggN4HF+DO2dNPqB6DJlllwkNWiMSwaSg\/Qokswn+fLJvn7pPXb8ILKczNLht2jz9aEp0+I8QfJ9sljCRmG\/qdZknc3MVkUZCxQWgeYvnw16OCgKVrO7aXg97ZXgFQywgIz4XcG4cQlmlUgZ5vBckLpEq1wb47O2DC7oYeIkB7WvMn7pIP5qKMmIewtCOip18QV5mNZQ7kfdTHrJyhNEAXbfaMkBbJyAVJGCBIYwvhIF13Izb7B6Cmnolxq1r5eurWQOB44xUuJop6m5Nm5hxmATag\/xOQnBP8r2vNMxUihmUT8anHH3UfjXAY915xtFCA13IdATjUK5r\/nOjWuYELtJmgRJ2oeyJFl+xU3enOifKqvSW9w3npBMuO6+ND+s2KXgdXZpDonBBs70SsK8NzgIT\/8A0se3txfhbwpY2EseDOLiVbMtTN8WhjrhnZpDEjzwdCV8jV8ki7+xTW6Ae32nBN9uRAZ20gpXPNrrgk+1oPaXal74NAuojgux90nmy7fGQvJ\/CCkJUFP2+xt7moAmNV6Bvh9GIV51tdhbag9+AtGmBI8WUGXz9QPwduT4nOO+Ia6cTJuP1+CL3tb+p6ijB1Jg583CQ8vtkm3Pw8NXcvYMcBOIpsKkRrBsD67+irg6nQFwMDARkSIsFlIX96rBVOSHF8j3nD4OzTmAKQfrZ20qhfNZw8PH0q41dWeUeDXwstCBpDPbSnxrC2ED\/1S7AKbK3628b0BuTXrCb9vI9IIN\/fjnNzXGCyCTfNGyQC7Z2s3ZZgGilAyQTgWS6IBv0X\/cXimIPEtNGeEgUfHp2ZiHChqtgUwdJbYZhYRpk9Vh4PP\/G\/geKDMJuF9LkfMNZa2A5\/kJwnnbAN+9JGdzxyQUZGqq8DCQqxQ4uAbnIJmcLNJBx9PHCzhhj8vk0E7hUaqEkvClX1iiIhNhFlmQ9FsqBvx5KYUvaVI86YI314BKZUdBn0Gn9Psqh3g3PCqYbuhSA+KXAHAB6ifkPpQbZxhpKA+yQN\/aKxaWBvyR8fvBcDAwBFUlHyM0i8aQGJ+PRPScWQmM6JruXTVxzLP2v5t10WMRjAfhtdK+kbZwmOwuBqS0fXovjROfDM5rGu95fh\/DYXUBWZSAER"}
-00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_tot_l4_data_len":3439,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":1719,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":946739354159,"flow_last_seen":946739354179,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182236,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4sYBAAL0GQFYKAAABuetRAa5gAbtwXMQ7YngMcFAYAfXMEwAAFAMDAAEBFwMDAEWXq32pwHEzhcGDp\/NKLjvxgMAkksKxKcFIOFCDodEb90S6h8Gu0G\/BLuFfZ5sttQB7HESBT0tBjYEfHL61VthvR6QOjls="}
00536{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182350,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+sYFAAL0GQE8KAAABuetRAa5gAbtwXMSLYngMcFAYAfXMGQAAFwMDAFGixfX+jyF1WhRHrN0+9CkAoYVj9DMr4YJ1kGbeEieNSecS+q0w\/iwl0yO2jmQwPz4JR3HyX5YbhQTrE+hYVumNbIkZKWuNU8LLxZezccE+lJ0="}
00653{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739354,"pkt_ts_usec":182529,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTsYJAAL0GP\/kKAAABuetRAa5gAbtwXMThYngMcFAYAfXMbgAAFwMDAKbK9JgVHlFfw34FW0sw7dqQdGptZcZlO2RVkyCS9wnAksDujYS\/HvTuJaYyWrH+y2X4Bmu1xtRT05JwyRgxId\/Ba7+JzaKKgwintj3e33DfQyGya0AOLueZ+\/oQp7LSw9HD2MZM1r2dZ5ajI\/ki9R13QBfBlmX9ZJhMygxhpuJ\/kgAEbTo1exiYt1KPairdfATdtJ33NozQdJtvL9vaKpTjWkiyjKod"}
@@ -283,11 +283,11 @@
00449{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914174,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAsYpAAH4Gf4QKAAABuetRAa5gAbtwXMbRYngQ8lAYAfXL2wAAFwMDABNRzPKFC48C1Fna9B1nJzgOx45c"}
00449{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":914261,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAP0ZAAH4GE7wKAAABLZm7YJSCAbsJfFYpn271bFAYAfWp6AAAFwMDABObfBxL8bMwvnBw43SK8etxZJTY"}
00449{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739364,"pkt_ts_usec":937875,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABAvvpAADkGnS+56WroCgAAAQG7tkLJsxwmIFVWxVAYAfUuaQAAFwMDABOXRSu08WL10pc3CGxVUSKDv69S"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":11190,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFF9DpAAH4GIdcKAAABdMqwGqhiAbtWR3H7NJTy0VAYAfbm2AAAFgMBARgBAAEUAwO\/FCTCx\/QYlyW+S6EGE0TFYQ1H3k3FO+5pvJMM4NWMBSCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKpgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmxpYnJlZG5zLmdyAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIOxloY7MOWvSgZ3hQaojp9inJ84Sw+igf7hW9Y3pU+ch"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":946739374011,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04655{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36272,"pkt_caplen":3179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3179,"pkt_l4_len":3145,"pkt":"ZmZmZmZmRERERERECABFAAxdEw5AADYGP+x0yrAaCgAAAQG7qGI0lPLRVkdzGFAYAfXx8AAAFgMDAHoCAAB2AwMfdsQbzuiYRNDg0SBjCCwcHmnTX\/WaALeQBUBykWdcaiCY7MF+HV8NsAFc82xlqHj0YcQW9bewwKxZQwscQJJKphMCAAAuACsAAgMEADMAJAAdACCFS52dOnPWMZ+6KGOu9y\/QLNkNywSlNldrBcP9ygUsJBQDAwABARcDAwAkRYbUEe0KLtMYBo7DwIYWcyipqqBN\/bxVehyh0Sw6cb936jKFFwMDChoofwyGB1vpwXv7Xn4hXSbG1vtIeMernYPn5eAfJWckDiE1Vl5RxqW26TSWUTfmtG\/80SN\/HcC8sF8BZiFAAmCY47UJ7uXvVoDqw8BmwUzQhTAJ8CR9FaoGVeJsM5UnR3QsIEHqP5KqlB9iD+UdFFEShzmfIEBTbyB2lP4pQWBOWz2wOPIXZhQnKMJCxu1mnXifSB+KRolJ9fD2dQ4Cx5+85+F56fGG9StYfwFmGPIeJARJjwh49nZDI4iYWv+ddPBM2\/KJRuF+1TvTRam5R+I0m2+MFl1IOG\/mGs22lUpFRiEafHau8IgYwLtIsVJVRXeEF23eSSLjZSGlI+95kanzpb7Gq+bxaPB\/4KE\/EZB\/HHORaklfdEzQyROMT29wGcN987isDVey45rLfbLMKOZqZTAfIY9fCmEJfoMGXsfxScuGJL3kk9ktG5XOrDaDe+Mw8iBMs6aCgsJWCKp9AlmnI6jM+Pkj5pJEm1bom4ksHEDAz1NZ0ftN\/sVLZn9Ug2C7F7lT1GzkA6PKlKc6EZ2z5CZ6jJ2Z6Y6MlAZziPoOQu4qTh3J+nE8GcgGOJ+4zh9BbyrU\/zs1GjsbXVkHAo7jDaYOsfbK6OwpKfl4fhdC60RX1KjskIAX35OHA\/IXKzAnkgHHInCPGyjRoDeCN\/xxIMzVFrKXTCwf2SPOaQSeCd\/JvCgSVj\/dHhq8zdYnlFf+z9VXpf9xqp8dTGqqOXUGFnDAdjBQ71FnqfI6ubmeRFAjPpvyUbaEAnejXwHU9g6Nb1kInR39UeMaOlkv2XbX4eVVedQBnQ80TEebS+RYgvF4z+JaZdzTDBKsiCrr90MrJqELQ15ruqB7RM0T7bzUmBAp55RHbt\/ccY\/TkG\/gVsixMDlDFkIhMYt9MdUi87PoFTfnAamhlvAw7oZO8\/F7iHmtBa\/Ep7E0DP9U5QDAi98hWmChSAXTUreygTLQuqQnUJmosGexWw5Cm8TG3r4N5gnkEVB3HVNF0Bviuw4E\/LgbkZLCP6\/4igcruIsBRgEN00dS6JnGlucNL86jMmrPxWv6fGd6uX4GyIhA8xlh3VmZmkdtEaBCAvedT6MuQU0ug0OS0vhYWi4hpFSwBYkEc7nVVyMbvGRC\/t6cdur00RqtQCHbN+NyMsAYQCMLcN\/MBgJi53gtKoOeVRxL9efr0oSMfPFjg62k6KC1lR+0S5m3Izs0xuBIpZ4qwdqzDBYxqETxd2mAw6qyV9\/+c2vTZTjQfcpnp7y1uBxTcCkKvdXtnytMj88r6V3CNsrCqoiP+HgdZ35NIzfdjE8dt6Do9yQiQH9DyOtUx8mNKBWoW2GsDQem5ZGAtDwjmFRhkWEqvnuAWeKZRQvsxDNQX1VGCheiYk47AXsweypHM0kF7Sz+NMdgmJ2lYhFlZ1\/ixGlfZSk6mjv0hogoEvvV0z6\/T5ayYUiYrSxxE5CRTBXiQ0ShTnl8JnNrX5f1+PEHiTs9VmgpKgcqyhnAx43FvFz+tjAq2kHUpARsisN76U\/4szTnIzPWHuhFJGJXIYtA6KvZZsRr8X45Bjm7782fphZHssP9T11fz+rMBuNZkB+9kENQs834qUDrDWQYlgtgokMydJHahHIc4rs8RwpnWkwnfbjQyRwpkoSDjqKCsoWgqmckVcAlWtfj+PYNdYUV0GJVz3MaCILZ2I6i8QDOlFT6AvpNPYOGoGbJ0wKc\/iRHcSqwHkLOlqAj9rNOane\/dG8vbDHghfqFdeNPvQAcyGldxWfqiN032Vix7+oZXOFXeLNRXDRdMWbSqMlyCprTcKldxAe+jYGRK\/SRNNln4bS6loI5LqK5kRj1qHOQs4VYAvb6aRZkpJmFfA051r9ZTveZwX8QvPcsUhSp6WJroM5RdVgMoZWRw3V3kLzy526l\/XjarCqs7b9zg4\/0UThyCoRZXRIaapKAxcisr606oQ90EO6V1\/rxbH5QoNdmuIBJXUiCC+vi9DaFQhw7IS7rYl6bCaQkE1gKVqVjcfGFNbkwZ6WVIIFLAd4AULNZ0EbDr3Jxz4Q1Kv61lNl9GOAmC73UocSHTqPhV\/xb9YLlv4Qj8A9VyOXsI3ysVAT7Q3JqQoSzzANJennQVJORrvCGjBFhIJA1XuVUswlY7d8l6GIPFEndkzdJv+mqLebs92Ve7y8gHX+5\/N3bWQDbvROspZd9Rw2VYwhVeRkdNNkB9Zd4yf0MJA6FKQTPIvZ1j4Zvrf8Zqj1FK4+Pu5YWK2VzQ1bAzEZ5TAhqXro79v42FstXXH9Bjh6xGWnYs4EgdjNtrw9q9vDDHzkCgGXErTBS5tZpn4eq4iayRQKOUo2Bjzuikc3GCcT7DGLOzNijLOjpstykBtjYEBagL1lzeuQbGqMxLzwOzMZiM6Cr4dH6Ct7enfPKr1l7EDqLb80TAVFsE6E9zPStbSvvDsesVjI0LnHLpiFF3QD7w\/cMgXGCCQFz4kjOyjxN1ueQ3BiQwzUZI\/KQVjymbQQOaDcU\/hamroqvDR3psu8zkzqDRgXxZpAhYSs0ypnNhUomh4K+raYSufO72xoIxT3MchbmB2xOG+FHTInGWwMp665VQ8P5TZyqYPfZdJpda3UJ4l4i+8AGeTKq9cySdx4swdISz3V3xxrTEFxvjq7CgCc0mdfHRwUrslFZ\/8xz\/GkZ7unKM4nUXsR2wjAWglEejYWAjwBH57asssV4a1smVbgfitfljZxOQxeCULZkhU5iCbDWtt61dkKbIg6Z5Ib6wqsZbKsTNF5BUW\/OluqVhEnnxYi4bC2p8oeMOIg9Xp0ohk+2eyHzNnL7PsT\/0TJd+8z\/6rR4GfsNhau8JwG0sVxaM3gQ\/C1BUi59C0tclt8uqB8v4sL+nw1kYxtxvVF+WgZBhsUG6jtsTkz\/h7Vqr1uE1yqk6VMywMNzSK3C6Y5jNYNZlGRunhyx+Wvqoy4kyzKlb5KJu0D6Ibb9tx4jkjfsAgRv1kb1\/YV+5pR9kOWTI7kTR0GhRhEcYVSuszO6GztHF17jUv1HGqvUE2Y1nYTruioVBGxNU2n\/3D8R0H0Ev+WM\/lE1CkAFwkkBnRPnHTXpqQgZZhPNhQeacIL4PiCwXLGj68pqU9sBR5k+Qs1xeKaXL1uB\/+DlBrxDF37H0xYTjNyCifmppE9xs8wUURoGCYQz8YrJzWYbNTp6iS3VA9PqxHbxpwe+T0EJG3w+ckQ4AZZWQJfpeYEAjUJVTV+JzyForU6vnGB\/f4UtM5hkLlLR2yX4QW5z2sMH+oemvxHSO3c4dMYOamZjpEAr8HZR\/eYtA\/+k47KLbbuC8LadTWp9kx60hq9j0ZTOjnZRbmpU7x4+baRS3lSZ4uCKQhRDRs1bz+OmCsokrpdBvyRNmpmdHu7+xcAAbWr3GDiMDDj2MeLocIu6VxMJmWwaV6i6S3OZRKsCOQTd0Jkp8jCBeqO4YH7rnKVrcOwj8x\/xgYsXAwMBGfgS0Z5JTGD28Vyg2LfJHOWz9mr0ZY69GFX94xRplNLJ90YhSqkDA41SrPaRCa\/yRHZpmo6Z1mQO81cAsIuYw3\/dzrRByb+dTIlW9yt\/sOP7usPp6PbdD4rTPrbEK4QR\/+wMzHeanap2HaJcY2tnK9Pk6wr3URSABWoCiW8bBJ44gM\/wYSxUIN9fZQXNHmUFX2+4E+pzfHMX+TPSUHrGMWaQGF+jm8f8JzgtBamlKFf0T7ESBzmOVDFYKLq5HkwIpwu7FecWONEwB4QKksZp77Ks7VMI9z7kgYi8fKP1AlrK0wJXYhtL9bgNIor7UcK\/cBVJ2AclPTcIWxPGf\/H2qC2ccHzN2oQA1YRLpy6QS\/qocCCtoi9irrhlFwMDAEUNWvqMs\/h03WKKdBMbYkawhmSS9CnEEwNmSHsUo0aFsC+NuRuOS7d+gyt4adOBPfCXNUuX7r\/jeMTBHE2RkzGNnd\/d06g="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_tot_l4_data_len":3450,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3145,"flow_avg_l4_data_len":1725,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":946739374011,"flow_last_seen":946739374036,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":3410,"flow_avg_l4_payload_len":1705,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.libredns.gr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36951,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB49DxAAH4GIqIKAAABdMqwGqhiAbtWR3MYNJT\/BlAYAfXmCwAAFAMDAAEBFwMDAEUX9381c\/+R1qgydby2LZz\/D1isDmITv8iB3tIfcLl3X1ZN85j+RzDG7ZR0PP5I0SioKkHY5OtmjMfBNJaLny9tLOB5RTM="}
00535{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":36988,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+9D1AAH4GIpsKAAABdMqwGqhiAbtWR3NoNJT\/BlAYAfXmEQAAFwMDAFElX+TKJBiopImIj2GXQOtwcKaEiElkh8K2UhzQ0jUKPgTXoSqnHz5ocovk7BGGFmhJ86k+WLCOTysTJDvQuF8U0maWZ1+mvmRXguvsmflwWCA="}
00650{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":37045,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADT9D5AAH4GIkUKAAABdMqwGqhiAbtWR3O+NJT\/BlAYAfXmZgAAFwMDAKa4vc8Mrjz1P93k75fEHIClEV7TNmkIFwWl\/1AVOuTvIrxY9revacc0XrdxN40np8KrY4KxIZxf4IUauu1u\/n+AqXbQHYwvrskX9qmD6BDtChuI2f36i5DNyXHNbP6X+z0PV63njfV1lCHhAzCnzpgOU6S3kxl+xtdlvsM\/YbjgGP9PXPXPCaKSUZs6ZKIy0FGbC45IvrIAh1RuNDWWb3MhJ43W1rsH"}
@@ -301,11 +301,11 @@
00571{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":60679,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACW9ENAAH4GIn0KAAABdMqwGqhiAbtWR3VANJUC\/FAYAfXmKQAAFwMDAGlZefRuBILhCa44nOQseZvAsQiGp\/GaIQOPhH5d9qoTVY3e\/V7BxLhHxrEUmNpn\/fgjQH5YM8B5ugf6JBLlb1AHH5glyGJ4Cph3RmHdM6pJZZcRVHlRUuhYyr7qtZo4Gx6TGsVJ86U3szE="}
00465{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":82021,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABLExdAADYGS\/V0yrAaCgAAAQG7qGI0lQL8Vkd1QFAYAfXsZQAAFwMDAB6y6866gsVlqQ5blx3VUSPxGKjLjp2AbFxiT6ORdzA="}
00872{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739374,"pkt_ts_usec":206227,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"ZmZmZmZmRERERERECABFAAF0ExlAADYGSsp0yrAaCgAAAQG7qGI0lQMfVkd1rlAYAfUHogAAFwMDAUc4DYTOZtj9RXaaH7NpXAZQoqO7YbUhHjfdLeYlWaZISP7ukf0Spo0Y6JI7sq\/THwW\/2aINKtVyHbzum7s938oBiCWCWlDHlFmioYWWMCtEkL1QBq6mHzyhbywvcK8uUcvnk5mqUm6dfcpJMxuIUSQvQRo0YQM7UazfyCgZ89vuIF5ljKsic3QusDiGQToPfUhocEKHeNuPYlzUpj6AObtFOU4I+TpxCSnXaELR0u\/4m98fVmXRwLZ7bdo7BBhoQ39ZDRxlHTGTfLV3Q939OYOdR7\/3l1Zz9lstfhrGGHdAc9K7FIp\/GsFktO8pxjwfazTv9vS+TipJBKh6Vh+MXnKMS22HH8cUTt0H9YimmrKVnGvR9VwobKnoJFO\/0Xyf\/DhYv\/F8bo1EjVf0EFsT7B0fJbfgde38L3BTwRZoW83NPlV1AaSZ1Z0="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00812{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":281333,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"REREREREZmZmZmZmCABFAAFK6MRAAH4Gn0EKAAABVQVd5uaSAbv2ZmEwaR3\/oVAYAfZ05AAAFgMBAR0BAAEZAwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACqAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6FKiZGfISPafy0Na34RI3z\/9T8Zo5Ona0mhcVKXwyTI="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":310,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":946739378281,"flow_last_seen":0,"flow_min_l4_payload_len":290,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00551{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":310897,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"ZmZmZmZmRERERERECABFAACL5iJAADQG7KJVBV3mCgAAAQG75pJpHf+h9mZiUlAYAFOUtgAAFgMDAFgCAABUAwPPIa105ZphEb4djAIeZbiRwqIRFnq7jF4HngniyKgznCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAAAMACsAAgMEADMAAgAZFAMDAAEB"}
-00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_tot_l4_data_len":429,"flow_min_l4_data_len":119,"flow_max_l4_data_len":310,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":304,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":946739378281,"flow_last_seen":946739378310,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":290,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":194,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ibksturm.synology.me","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":311104,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"REREREREZmZmZmZmCABFAAAu6MZAAH4GoFsKAAABVQVd5uaSAbv2ZmJSaR4ABFAYAfZzyAAAFAMDAAEB"}
00948{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":345011,"pkt_caplen":445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":445,"pkt_l4_len":411,"pkt":"REREREREZmZmZmZmCABFAAGv6MdAAH4GntkKAAABVQVd5uaSAbv2ZmJYaR4ABFAYAfZ1SQAAFgMDAYIBAAF+AwPCcBaP\/DC8hVoTSokbsQvpjhaLnYrt7eKsiMQ8EXb5AyAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAEPAAAAGQAXAAAUaWJrc3R1cm0uc3lub2xvZ3kubWUABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwCLAIkAGQCFBAB6WaWPH4a58n9Vy55153vrND8HYB2nYEr9eTtZhQvr+K0wZRqcd7gi5my3icRP+cC95AMjv\/RLUwvWTvGJ7GfxsQEr1DgaPphz4mtIisyUKe88RjwGENhqVmgi77BxTjgWyUr8yPxR8mF6KE\/7+m+uTvX0I8U7batlyYLLDKS1f5LZug=="}
02385{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":399920,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXU5iVAADQG51ZVBV3mCgAAAQG75pJpHgAE9mZj31AQAFN8ZQAAFgMDAN8CAADbAwNIKgS7jpOm3HVoUCYARJcxpv0e2pnrGqQEP1+d4\/l+rCAAGOihE6CuqcDNXckkTdE7CmzbbGzUcC6GWkBVFb5CcRMCAACTACsAAgMEADMAiQAZAIUEAeE\/O1tgYRiVcokShB4pBhHDtpOcmZTWZEJ3WWyUiziuftscb\/mJOaokEXG\/H9g0yLEWB6CYoRWEF2tWUaOQd6sTAO9QnSQcXwEgCwxj+oPPoyoRl87ZgP80IUzDPKqvRKWEd6LgyUEknnYWgB+jfMPhukTtsx2LumAfGk98NtpA\/Y92FwMDACSr7z10NJZX97cncZDfxTIwqcwGEk0dFMzRmunG4z6NhW1TAfkXAwMLmEHWpQFir83wP+qLpcDdLZW4kfLuaEE0xA1iqgZkBheEyhI3OMt3rG1GomTFacOUZKnqvPeVzno1kubg0a7bcO4s+YnZC1nllBAdtvwi6JhitnO\/qjjdgMZh\/toQx7dbXIDaEOpUhk4DSiC0pUn3TLQKP3QnDI9J6zM\/3hICQypUyN2XsBOpO8Kshs6tkPyJK0t04n92xfic2KaN2Du\/Y1RoSYDwYopY2uXDNlJAvFiSENQaucl5hJ9HUtqf6rL3R1PqqoGdeIIxyO3C8N4bRz38oiP7dj09QADhqmrSh1Legt+MEbxdo4Wz79uT4OIPw\/IXrrT4dwDE0bIkqCAh8ZHWYt6d3mYUiSaXSMdKVroLUqZQNEJ1HcMZXXI+QLTq8f0tMM4vTRPw6Wu29zr6y1zCwa9vadztxDuj4SJfvF+St\/LC8yEYi\/J0fLkVsinvDOvwDtpr1V2y4ijKD3S07Klb97dV14s\/pG6hRWBCvbGJB9riC4jEGBwZKuJiaT5s6xhqnCvV37jwn43s\/D7fFp+UVFfyRiNFyK6wgrgqkEfn0qgK0Ou4sL1Cd3lScMu8A+imAP0aXG7\/gOb\/g7KSazB0sr9F0croUvc0GcTkm3wrnpIQJxOymC8rbzj\/XSzgt59E4CqWr8bUGBapyNrHFRvwkdyBCGd3y4scXqG\/Bo3tmOuYomiagmMReDh+R6GpvvfDKYO1EmlF+lxcpd07Fv3rJ7XYZzARykPnnIiJHWh432oHR1mLpKPn4oV0AI9rbnn0yDsU1Bdb2MHFCaSpTN05WNJWbTP6sYNJ4dynOQs86xCEbEop9leaORUo8Xqei5+PKZHngeuMm6Eq69P\/NtmUxGz58M8MFrdv7iFa32SUnywxkzwuzDKIcksuVZ\/AHuAB3SJ16GMM4vDhfs+GYHSQ3Po6XX4hItqlv39HCOEZkFi7UMoYaI2eO3GdWpUDSkCO9S+5Uyd9Sm0fpq2THrBwTW1RL01ZCb6bGHsFOfJCmi8Ws7P\/\/1IHcGrh85znh6nQmHTxjoApqeasI9XpcCWdYL33T6WNFdF5Jlav9dxM63W0CEDj+a4Aamok7CsgWVcV0L3J95x6l\/zeL3w2i1vG1phsbz+mD7g6OvKF9niHovEgSt4Kvra1qBNJlFzpfDWQ9NHtQUdKY6diuNbxRIgbkIUGd3iC4eO7dJkU3QmiXgSscI7RsZbU0R7ZkTQ4P5mOoyawOvyeYnAXHr1FBqoE6RrsGRpSAmtwgpW1pdvdXyPaMNzNzem\/M1tvoMiwfNnJtjjhnmv5EircGjwGDyJoWlqSIVlyNtdTCeRW2iQQ03JtUQ68\/wW3LtE6ur2KJC6mT+60DD45BXln4xqxdhWlGDqQOgWqwD27VpZ5PBdtwxXSwZpk706PnevI7Qf+i9CpJGbsk+AncI73f2sTM+rnD0RGZ8nTSUL5\/bwfnj+ZSyVJF22P9CO+knTzkqATHmcTXgNaDO8DyL0VCPWn\/oSyyTq1PzfGzhLb0F61LpkqLtUE8Dldgms5IjzNdOv4UPecjmkytayLd+PP4CmYKkWyv+3Al7b0UgDw"}
@@ -319,11 +319,11 @@
00845{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":490575,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":365,"pkt_l4_len":331,"pkt":"ZmZmZmZmRERERERECABFAAFf5i1AADQG68NVBV3mCgAAAQG75pJpHg609mZlflAYAFOecwAAFwMDATLvFn2dCHpX5ucAb60\/bust1dF4G0efxnH\/Ie9iI0zRiLlB4F7RHnYdsRD+gDXrcCgEcYSd+eq6qrEY7zZPOSeWNMGdfP1yZ\/+a4jZTpYfLQg1\/wmhGiIjweUwOFipd2GZGk4yBoXHYbC5\/rIZO2ylpFfwrLcIVNOwrhGb6oe5i4uEwijqDjc36MEJy9Sj+yjaXSSKDdwCCec30eNEiETJhyR+Jb6QsqCV5zD2yWL730sPIWV+9PWxxFzhcPRsV3jPvl8AxHLu8CSujyHjA1twKQp3hhHDvoQHnXSML\/5AThuWBdNCPwK\/dnCGMYTy8NxPNABaz5og1l\/mYTq8teV8Xur7ai9p6Hm7+9pv5MENUWf6husIDCKq4yVsRH8jhdZCifEUReGYd31ngSHcz9O\/KC3M="}
00535{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491314,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ZmZmZmZmRERERERECABFAAB85i5AADQG7KVVBV3mCgAAAQG75pJpHg\/r9mZlflAYAFPxtQAAFwMDAE9iFvd+NSXnn3akoG9wS0pu\/nEwPEZTzjOoUC7LcJkPFKktQGRfkVZfGjUsiAXh7VHiXv+17PPH6j\/Z6a4+gnh2sfbG9SMbuK5DsCclqYjs"}
00461{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":491396,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABH6M5AAH4GoDoKAAABVQVd5uaSAbv2ZmV+aR4QP1AYAfVz4QAAFwMDABqjGCxcM+TPK0TxPC54YtVIhaoXfHJm0O1RLA=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":577768,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDLylAAH4Gh5EKAAABaBwcIoO8AbvZKqUSoyMYWVAYAfZGMAAAFgMBARYBAAESAwNktN1XF4bqrby0niN\/MgT4p6NPXKBlRwOJCoza94pvXyD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANanAudGlhcmFwLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBNe3CKgugpSU\/ahaeKXUN1ypv0O\/7wv4rJDS1FbyCQKA=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":946739378577,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03807{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":607705,"pkt_caplen":2557,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2557,"pkt_l4_len":2523,"pkt":"ZmZmZmZmRERERERECABFAAnv8ehAADcGAyZoHBwiCgAAAQG7g7yjIxhZ2SqmLVAYAEJO3AAAFgMDAHoCAAB2AwM5\/Tpf+0rVAVLiqp3AKzeP0oc5LUJ7LbPa16oj3TgNDiD9DZHEPvQMzjP6pbu5TmyGbnG5vDXlt6MJFI6XifT24xMBAAAuADMAJAAdACC6HV5GLKVmM89uM3s2SIWu43Lfyhq5unw8YJ6WUfrNYwArAAIDBBQDAwABARcDAwk9PLTYD+JT2QAppt0TUbAwAmxAstQCMsQy32ww9oSEEAAMGSMNt+TTdp0V3tZ3ctmeFKC8drVcJHMoKPW\/gLMtyIUmD\/3+eYMhUKtI+3FRz671m\/FiCxQ+DYhEAA2djrJV7bAD8riXyaqFyW2aaJF84flOMuq9DLwOUI0IypM1HnMNVT7vNmCordbJ4vYfoJCHZ3Jdxa1PMxflxUdqb7t2xbf5y\/m1Lgj+QBUEN2VGq3ZK1ktt1GgLlt5OMY6q\/EMncuhg\/OHccuz87CSxEURWL2O5XG3NQ8ZSkyDIF1XtrmR6FGXAhlzN0GIMFD4mIZ5QqyhyGprKsDD36CWqaTOR27WUIRMeWgua2kpjr+elVVRiIT0yfyvShMeR5KvvMj5AG9M4S4\/qWWxJjIv9qLfYm7RWSC4r34hNlFnFlqsqqqzzh\/BxMvV1bwxfAaqA1qBideWKRVA+7EuN95c4ue7X\/hRVHEx3iQLqTqKG9s8vcXeE42KLZOgVl3B7xu8\/i92\/WkhbHAp1VaoXVrJw6GLiISb\/po8DiOQt5NIdGX5eDQSEZ7O9baKasLWzq1YkwfZijF3n9KVs9qv2KSy5IfvS0SD4T0T96JowaLvO1lvBNbG7CindkMAn7au9+n1sxBnSgPOEhxjP6eP7I9klViNjl15nUFM6o4r0CQuVxRwVYjFh10tMhUtqr5ufjJtftBeIT7Z6ffMsMrzPdyzkIvDM+swGXo7V35YzVo8DyoBYe9uM0JJnrorf04OKftnG+pjuV1J118k\/TcF7dgWMascYwrYulqMRqr3vNGGbqZxylwmKp462M5UtGuo+qerBWSrRXWS6eh\/Pd34MrDX1VmvCOR23Z07RB6KZ9U0a03sYPKhsU\/m8X7Y3lJg3mFbu5qAjYzD1O+cD4Myf40iIoCP9xcs4bu1pUmgjVbsp3ut86GCDAgM+2h3m+dYO91dTNrC6JdnpsdKfoGqobbC1Nd6P0Kznfd6xn\/BQDvXNQHfd3IPzPYj2FRyDUuFDyWgT\/cwlGc7O60WUydzXXvs9ttqI8TuCUJYd1Ao8xx8mAgIvrwtyiwJR5QZQxYq0NnVo97JO1hRxuXJb+LTsywktm+cb6647KFCAIE22xi+EiXjOKZOlKgY\/++l2PKcbQh7+iHITgTYo09PyNcnTJxUwLKCZUcpj08uHLE+si9w6kmA+pKFDGKHD2OQi0\/dVl+2FqCH2+A3DCa2Gg9EWzElOrJ9mp3PsOzxGAh1T1616sYT0her6SVuXlhCGP0slwtRkTfN5tnJIo22tEgWtQ+b6y1PTsvRTouR9DpgUBw8BD3g0lRYqf3KAJIjUNpSvsRMGe0P3S4KCcJTz19EnjfZoP6uX+a1+4rjk2AihvF76LGF5wO7bsnmmIDYTvndhSZUKAm3a49yHTGG7gVwYkqmq0TRbx3kmFRXEBuvlULDIz+RlQyLwuJX5uRyHubvUf803FCAz\/4a9pnE6WEDc+zOoXHErWhAfoc5tjJI1gMxGX8U3yJwrwEtij2gQTn0Bbv4+6DXg8iV1mRetvz2V395BS+h9qVm0PJky45RjI5FxKVNW8VUHbBkrW32Ln2Pm3mojmUt+Xsx7zInkOkVoS97LxHGe13JTpikDPPGgpjpEoHIcQRKqtRb0XznaWZx01cfmn3isfcOxCOvXJUXQwHOBr0ZOeVU8JyV5j86F3c2x16THC9pMZadmbjMRbWkSLTw4DMHNpPKhS6WbcQJhxPZwfAVbKEjktlF0JguUnWmRyDWlD919TvF+XWK\/xSop+ME26vjlWYdWryJvX71XiN34ciEg6jsS9BSYdT6j+C8MLHQApTVrKIlUjg7LizXHOZ\/8TbPIjDL1MmbwanCPsnz+x51R4gaxLum0nLoSL+ZmdQWjq\/uyo2YE03WUuDCwEqP451PgmdaqLRPfWLB1DwCAkXZchOxevuMOjyvWV6dC+e+ksCIkxwJmTgcBQXwfuBwje22m5Cj2nv\/zq4aMsV7kiFOS1VcPYLEbw+c4UolvdLrBBCbMxCQZeGhjAzGdsZDuX\/6sRIGIbuHAE8nIh+KJ0joM4KoZNtLXSA2HqbNN+kRQ5gTFmAp4mqAOgsHxAv6V1xCZg8P3MEffeog7NEB4\/K8wtwtgVyjvZaZ4E5jbN5Fjj\/jqK88SEXhkPYnN+on2bA\/r\/BMBIaoCajkogUyGLoyIPMT+pBrWa+wfZKdLurwPxZw+jCxKJC0\/mmFBL81N3ktV2QA+uWulN8QPCd7cD0\/Hjf2QklIJga5shMEJkHY6px3Tk68O3abNmIreZ6S\/N71agsTVbVTSaRlprW4p5D79LYThW+q2zikyKF2eG4VtVQ1Z087sY8sCBmmZG8ETPN5Xq0TN3Q1mXCkwjS9y4DvkEf4d2VKsFN6yj110+kONDzC8lVgKicr46oqIhZ9cyUDwr5+MuFqHiF2KMvJx9XA7v9+a265RIEavlSRTRm3PXbeYNOWUADrJWXjguUacdKmikyCoiD9vRp7ll6YxsV5jSfRT\/9SmZeNE+aTDy2wakB7qY1oeeLE4kVchDyQa22zUAtVHOgOvTZInJYA\/takDFgegJnQaYWISVIejbCOHLLvY\/LGAj1CyqRrh1\/LJm06TJxFQn5cMNb5SSEJFNyxF75PSPT288zWx2Va0aIhDIB+vku9QlaiV4ac8CwDTFNaqbQKECa5ibv22eB002L0jyDWacUoUluFvwofh+CTE377hEPfvjsRjX+V3P\/erPya8F4fW7JQkFJgCrTK1VaoDF64ZvLzNQJ5aCIC3Js6D+sD6g4jOpLHGy2zHMlk9wTN+yBybuSBsrJL9uS5j3JgQRC167kARpn8\/3wkN3\/lvlFPoVYVhj99l\/NeW6y\/YdomeNnyw0D7qas3wz1t0EQFticUf9LLfRMzRHEf20AYOoy9Fonct0XWUb6fLDU7CQJTqCHU8Eiy+rgD2t\/dxE4NlpfZ2ZSbDZ7QWFdftipHKlR4nJqLL0sU6kjZ8SydsZ8oAinHCIV9v5PNYgUBa8WbGYb2kgxJMSN3jbYzsoGwAsbdeAghc0S7LurZvISJXwa0jBqUzUHZmweZXCdDnfDiPc92KCXG9hA13VfXTouQnTd0zyBwPxIcvLGDhAu1CCSmBlGZrOEjmOi1\/i4ug\/A=="}
-00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_tot_l4_data_len":2826,"flow_min_l4_data_len":303,"flow_max_l4_data_len":2523,"flow_avg_l4_data_len":1413,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":326,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":946739378577,"flow_last_seen":946739378607,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":1393,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"jp.tiarap.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00506{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610153,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoLytAAH4GiGoKAAABaBwcIoO8AbvZKqYtoyMiIFAYAfVFVQAAFAMDAAEBFwMDADUQNuPt6m2nY9MgXiEHZRB5L+gDtuMOMxUUfy82Uox32sOXoFpXHp3NUSfU3Rmr6gABtUijkQ=="}
00537{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610269,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+LyxAAH4GiFMKAAABaBwcIoO8AbvZKqZtoyMiIFAYAfVFawAAFwMDAFEdfSV7R53tWPLwbpLAvpYZkl19\/BcxP+TDWyhLaoxetWjrDvoUAtcNmsNiuCZnkdjB+V3dT5jW3XlxFbDY728t\/WQMk1LbxBUFh8jkvOtgrcU="}
00651{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739378,"pkt_ts_usec":610406,"pkt_caplen":223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":223,"pkt_l4_len":189,"pkt":"REREREREZmZmZmZmCABFAADRLy1AAH4Gh\/8KAAABaBwcIoO8AbvZKqbDoyMiIFAYAfVFvgAAFwMDAKSMB\/dBKj3UpGjMiH6\/1VnkucRlgJJUh+qKTpK1hnLktIkXTIZNK771WiAD8CCQWY\/50puGvx13gF6dxepR2eZrDXtNRM3+WITv7yAVM2zLslCIU6mXHswTWezDiNss0zAMjO5iTucBRew73pLZ7zSDttwfLKSZX3jAzQuGsed6FSQJLBSwHHVgAkaiewtxnPDS+tpjzWocy6dfvO6T067l7AmVDQ=="}
@@ -337,11 +337,11 @@
01029{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622855,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":504,"pkt_l4_len":470,"pkt":"ZmZmZmZmRERERERECABFAAHq8fRAADcGCx9oHBwiCgAAAQG7g7yjIySq2SqoQFAYAEP7KAAAFwMDAb37Utqmzc\/XQr0xKkwHhSi8+JTkROqFExNKhMimdYKmM8saokrmuJmrL7IGM9+N3ycEamRylc2+xYqrPF6XixY0I1nBFnNaQSklbfiR1ULXPyfFvTDlL6Bqfbx7o8HsH161ME\/J7NpQ9dA7SaCPyg9wTxwUspP3+LPiBsloIiDfpqM6oEtCJAzUApakoZrLjqZvEHpDmut\/iBLxVuDdF6oFrWZusviWmCmENt8wSv96QGh6g9k4pRKyPlybPp5nhfR6Fyc7a1lBUn6J4rKeho+4TSjmuVc1HqW7F0s1QTUFfgchU2WEfVz40sc2VpImXUddoXvLqet3SRzH9H6L4n\/CxOnMGZFMtLiRlSiM5UxdC0fA6IuMhgHpx4oITJYq84qucDn6+X\/e+7kcWKqm\/ycygq2YIAjXx9u2hWAzNPCVCUU6hhZgEOhD3\/5E7c6uioiFH1LDvsWvxxMQMcdx0tG9dL7mCPaiY1m9eHZMErAoKKj66qZuj6dU8Z7sAgReu5w\/GJHJJFz4gbWWI\/wx0nBh4zpXZnPXbqdjs7eT0rSXlhkiziyaPxH1E+0L96xVEpU3ZIsIAbNx21ckAsxG"}
00461{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":622883,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH8fVAADcGDMFoHBwiCgAAAQG7g7yjIyZs2SqoQFAYAEOAPwAAFwMDABp2DqgZV0Txz+XGhszRzilLqpOniLTFqPk8IA=="}
00605{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739379,"pkt_ts_usec":623279,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"REREREREZmZmZmZmCABFAACtLzNAAH4GiB0KAAABaBwcIoO8AbvZKqhAoyMmi1AYAfVFmgAAFwMDAIBw+gd9vJeD\/x8X5Xd0lYOO0wTp\/\/7OmS\/7wdThDKO4T2Gvhv4LE68i5UtMPxdw7+72aREJzgTku82uWhfzjH6MBuSwQZI7NM2yCK7qMauc56q1AMWz5yTsz5cdbPAp7C3Nm4PvKkfSPPjHAa1HlSg\/iu0oITjeQnMELwjuPGchpQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":697543,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIsgNAAH4Gh+8KAAABAQAAAdIqAbvH6z5LSWNp6VAYAfbC9wAAFgMBARsBAAEXAwNccnLckexdP3Wz7tsKiknbwUElui2FZGSKODu9LnFkjSDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASZG5zLmNsb3VkZmxhcmUuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIM\/CjtFE6\/BfV0qVOcMMUIig11i56\/tpHaQ1FlARye8w"}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":946739380697,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04281{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":725098,"pkt_caplen":2892,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2892,"pkt_l4_len":2858,"pkt":"ZmZmZmZmRERERERECABFAAs+VjZAADoGHccBAAABCgAAAQG70ipJY2npx+s\/a1AYAELM7QAAFgMDAHoCAAB2AwNqFtv3xWSYHbL\/TEVcxTgtPyY5syhT1Ar0J7GcYm2olyDCKDL2dIORj+O\/DGu\/+ddISHKLc0yxsHWSEQ0iee1a7BMBAAAuADMAJAAdACABwPRBPqMH6tP2UgTdU38yy4IBdMrNy3Y26n6nkJgoEgArAAIDBBQDAwABARcDAwqMAOf8HgLdG4eR2zQrlVcXNJK6gSgekjnntDDuH\/5mItzTS2PjuRorCZtp1e456Yzxd\/c9Pjo0KqOApsf0Oet3HLAxOPX\/4mq0oqPJv6\/pWYh6XkL49x7kn3sA8FLizWIik5oy6pRjSBWFf6tqxUO+Djt17wQK6yhMls9hUq1ClHJUh6Qn273NZpiWOuHCd9wGeCfeInHvS8qk0EqIdne\/5O3+AKgM\/cALapdKbBhIoAyrPwqC2hLjGuasAzda3QO\/+ESHum\/F9d6o\/5K+8IYpY8o8qtVJ6Drg8futbzGhAS87lZYW5UeuuFH05CzhM6cODq7gNj4mbPjTJ5ApTRpwsXEw0cwu6tAiKdHBHu4s131JOS1nhPpDpOs1W8FqhOijP5pChk7nVfwQ9Bu1xYiYmTlZWYP4bC0IhVSltsY4+ffd9etk6QNu1u5Seoh1QaWRe4DU8GYPqDdj9ywHuBnTu\/kdk6yObRcYizbhLyG5JiQSyxA9bv7iPMzOSI\/oPD6Rw4c6cy1qJywZ7F9o\/W7KUU6pYYhqWRcunfBOy2cedxZtVaWxcAQGD7VjEr1GjI\/ndJEL6DV\/vUO5PSsHgdX\/GScVrZdS\/KHwHxAHOv1BpKxNHl+ElIeVfCJc4tBsNkoBf5+COT0BV1cqDq\/0TqIcpVxlMv3\/7JDTZZTI\/wMxcbTZkEC580\/OL4P7o7ZBv1lVciiiGUxirK0Wn0VmKVkOPUH1VVDEVtxbspQjAQAudOqLnKMivdYYnLWKcLFjjfuE8XwFn1JkF2YyGgtdu+0wxe7V3QdQyeX6wSKDfGOBn1RHTiZSQJLrjf\/MjK6PK6+6dmcX2K\/Nos\/HKCWzOCSGOxH6pgvl94s\/0dDawx7iAmW0aKHP7fN\/Qsuj7qBRlYmeX3wDSe3ACAyO8PJtifBKRUnx+i44zF\/TEZT9\/0f9hj1yXYZhM4IttxvCtS3N7k187lM2JB6HB4DmePSpA5UfxEPRq71lNWUsDLAAiN3ekJSKoZ7PUpp\/6SJsuSwyITjf4EqBLpeWL9MrWeNXoUk5W1F7hWZmXxUwbc9PMEuirTVJUIeKJcMT3hUo1x6K9jQ+3H\/3FjLuAvSaGN20\/JlmWzUhH2c19MbTsBdNUca8p5h9ftAYWxNZFi+BPME56GacRIjusosOaDm6TM6NIeJtcd5nQ0Y6NbfwEe7MdB0akdNH1SZ5FpPCUXE+5h9eWmGzxT6gCZx6qvA46+kjmSPa8Cj85dDYPgUItxPMDzQDmcDkFl4Jtoqp7CsVbgDs2FaRSNSCg+ZMEThJQx0\/Aqz+vGM8Axcf5cpBgdqJqmkgft7WVM6LgxM0bWa6ReLOTbftdrjvt51qS7oW8iSFCaAMyVHnB9nNub1rCB71JGnHgmpLaDriPHmvZHyXG+tF3YYxqKFpVLMzSELDqif9S44Mrb9ZjnIWKvGQryM\/QSKoEg5X7zctl4vxNBFap6BlJhqRr3fm7FAc37N2CcUPqfx3Q8d+odOusP4Ls3Xq2Sur1UmBSNW9zqMAV9eCaagN4swiO+HX9D1JhZPxXTW9QWyDXi2zI1HI7LUB70fqeJS7u5T5BooNTQeoNzZVCvWOXWLt+ZiIbxI46okrDHFQXi\/x2G\/UqXdfkOEinNyh78FxOnrKcOtvfU1vQdaz7Z3d1S6XTGxIbp7Avs8yqCBkfYYx0okhQoRYkFViIAKhs8EJ22ENemkpy\/xMNRrY7HXIqAF0plC7ASy6aRPBxNQLpe6Ed5IaeUHDV+pWuEiLAgXAO3BIyMmN+dKwyJRSjGew81SAxYCXzqNGK2p7GdpO\/XP0maghqEG1aIROtTBX2ArldnERnpk4NXjDbfgsSkzP20ClfXeN4yjZTmAjINRHsDFyBG2kVPsbWM6bJ6sXUqNBkjHzH8mUguB01CThNReqO2rGsLiKr5qTMAwxKxjfEdoEJ+OdtfVMDr3B0PaBDiW6NDXICwJTMjrTiHsqLMySrS2T3BXPc1yBL+jDROuKYyhTZQzCA6ktzSKC6wAMC\/2RMbHnV4JUqSuJoXnZI1jiGQfafDh9qm0ZR91\/Upntxs\/kWZ9Zofn9x4gsvGL94XY2stn+kYJ+lpR5T38ZBRBOsXu8bAGsKAP+3wt7PlEML8VYdMSv1Y8XhaZ4vQZT4mxjokM8a+\/vbBm5OFXEOAsw3UpeMp5Pdlywdfks9xANyyHcs7XyT+4nzRjV93W+RbJVksh761\/0CsogB0Bf4AeRq1b8bSy2mVWD\/C9oBFlc4PSw+jhx1uKdorr8amCiJ2bwSUXaBBKYKGtf3eKS0Vrr8DWhAzmAupA8TRMiBwDgWH\/pSpuuBxo4fKT36lTdVMpKIp966xzVRYeAdyJ8dQTy5jeDQL1o\/K9FAvaIxIHdqy3Ai9UpxdTmYwoZXk1RGWSFQPWK2eEqydFLHkwLiG2A9OQ8pCYrZlqHUn1snev7fQAbwrXFOXDJskS+CYp+0GQvu\/Fu37N\/vYvDe9yQ2BjQyb\/Aq\/mNLHkdVzTu+oIIX6og2jNse2SlImfdMuiBssQFePUieOP3nrkgegmZDkJvZU8\/IJtyIPGhvEr4wy0KRjmbk1R5TV1oh+Gvyump800hgoeZ6yINLishVXjkSrZbw30TzgVyIHMXbfVH5cMb\/otpjX8v74ViZ68NiQoVQGCiu9Qccb9jITaHI7YqId83HAhD0Mgcvql8x4riVhsLhWBp7KARZMNylg6FCWQzYhkomLcDqOeaHr\/i3Kucv0p5GzUzkUvhbOyyBarVy1r5EY3Ff\/LeERfwiWeu9JMjSlW9a76FWzNvpbjiVQvAXjpJS+B6vW0S676\/2F\/QVlBvmv\/1e3jfE46NEORC\/KvStAu1+NCVXXkgYYjYaavSuMFqEVMBLpNt3pqmD175kYHYjG6R6TDv0nmjRk\/fdkSOg4ydMi2g43e05SDICPCTBrKL+H8pdmtKEp3WxofXZCtNR+ckTvaTdfJXZMWJbImpAgp0edudixTNqo9z3f5BRBQ1U170EzzThEQIMmS6RHUG4MBWpfatZDm+5s5WqxzAc+f48z+5\/Rjpm1MjT7FAj2QOS2mS1pZuw8jR7f9mlmDHlYUa7yULFKz+EOcDFjny+TGuKCw6tBmvp0uAgOgbWkR3PGwLQlgJNN5qcasz\/DdlRFFRc1kdK872NuK41RPGMSa34kfvjKckPj3jn4ntsF1i9WcRtXZaTKddZmAVoibh8F7o+\/2BqWfWHshjLjbv2UXOWt85MGeIvvR+JAZ4lQKxhMp4ApqHsqTnv9vjAIsk+AJwp0L3kf96BrAf5lxFwLByeiu2ScazZunSG5IvLxJ2cCZzgYOFm\/xSZPCmFYvKNJw727A0qH0cpDBKVk4Z5vvRen3ROFERblATF0imHD72RVGcQ\/rMrcnTAneuS+605QxQwV5cyssndlHujOT5cJjQwi4Me+A9i\/U+gGMItbvzyiV\/bH\/dnSH\/6+REX1pIGyZTP+9n2MXLAZnibrKAMIRfK2TIfrOe5jmJF94vcBm\/\/5ycPeTZII89RYTOm\/OYD7dCL\/Fj+p2ZF9GMMq1KmH\/crTCIqHICoTep9ezhaM3lurJnltFyZNv3oliEoTfl"}
-00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_tot_l4_data_len":3166,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2858,"flow_avg_l4_data_len":1583,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":343,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":946739380697,"flow_last_seen":946739380725,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":3126,"flow_avg_l4_payload_len":1563,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.cloudflare.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00508{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":727790,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABosgVAAH4GiM0KAAABAQAAAdIqAbvH6z9rSWN0\/1AYAfXCFwAAFAMDAAEBFwMDADVke5XeBLKUZMMwsdywo3cwWM6dcwvPxEIBrrKuQwAVECVGBCt8L\/1vmMSczXlzhvKSsbEzJA=="}
00536{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":727917,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+sgZAAH4GiLYKAAABAQAAAdIqAbvH6z+rSWN0\/1AYAfXCLQAAFwMDAFFrhWmS7Y1bCOIeKODPz+I7YfqENoT6TMuVqwyG4G3SX6UxpkGUbLXAM6aI3cio6qRGa53fwYiMMoMH2Pgmh7dvXF8VRjQEWsyymfdbjhOkNcQ="}
00653{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":728094,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"REREREREZmZmZmZmCABFAADVsgdAAH4GiF4KAAABAQAAAdIqAbvH60ABSWN0\/1AYAfXChAAAFwMDAKhknTtbWPjKRxC8RF8H9CkmrA+Bk9ZccxNWxVGeMn2xlgfxJ+N\/oa2lauG31Sz2Z1dteZDbkTjSzDgqVARVb0wPo6eAtwO4lFO50Slr19o+QoMq7p+H6F9zmQss+aX8BSdKO823UvcZWjEYIciGcgJZ3gCCgxZcU44M0uB2tLCuz3HkSp0QwPOmeFciqWF26PpPzwsdHrIS34z6Hc1U7Hanulmh94TGEzY="}
@@ -355,11 +355,11 @@
00571{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":752776,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWsgxAAH4GiJgKAAABAQAAAdIqAbvH60GGSWN4NVAYAfXCRQAAFwMDAGnag5mpGQgyzK72rYLgzjTgXEFF7\/vyM5TeCE56xwsqKcnLoJ5Rnj29UWbQvKgKVIeHXwFZTTBHNy5hunyZRNsfNL\/lBY7OHjRJZ\/tbRyLFVy5Rc8aufiha9M+GIYlpfxX9UzyDOKSKPjo="}
01172{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803936,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"ZmZmZmZmRERERERECABFAAJVVkNAADoGJqMBAAABCgAAAQG70ipJY3g1x+tB9FAYAEM6OwAAFwMDAii8Xmxld8hU204So8nXWjN2bDXb44adJyX9PgYCuYIYjLgHmCQ13e1C77q02upopuuUE+DZH37WWKB0HZQJc4vdpnj+btI1+b2a4Op1YomlhAkd+Z2moUJeXvIWVVVQicor53wHSeMCZVZFWuzDKXAy58RktEsPkmFSISj7AD3WGR5+rXknr8FTc9SCvR2ml8vGZVSewehHfsywPa8nxqU88aLpw\/wzjhBY+E+PFSc0OL7efQJoxJAchIgd75oq26kOoQ+p1\/xyd8hr9WCYzkkuEVDxU3UKt0WiJxfzF3oD15gh+70w8b\/o5oTPup5viecUBoXUONak3zQKCHWU9hunWv+wfGC8C1aY\/VQGhWagW5DR+9F\/H9bc2u7pgBVi4a86fuLOJHKHrxpx45th3SxEOfHLaC435iz0hs4LTr8PwMQYyKa+EcDrl3pwPNRDrhoz9Ps6hGNCpoIXvN\/U8PdLsZh7l5IKHBdPTHtKqwz0ooNk76cTD+NZR2+z7BCX61s02HsZwK8R+PCUhfJ8FZn5biuLNGReXkrWhoEqfnq8+cTZClZlXTKPKWQ3U1NOMOgwnAjhVoB08gTW3DocEFswOvvHa5kmbpNwwgM5uqN+qzzCSyzPq43wdAazRGe9N6Z9y+Z6yjndZYfTKJHI4x+CI8BkaxKNOiT\/QKIueVFJXYYNsbuXqFmYR\/Nq9XCCvX1L35G4Ey8vHgo6ZUHvM1J5RyS0dTJSKwA="}
00463{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":803966,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABHVkRAADoGKLABAAABCgAAAQG70ipJY3pix+tB9FAYAEPaZQAAFwMDABr+tfnjAL4t\/Y1IAjERbdL\/wJntZcUUnRUN2A=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":870131,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"REREREREZmZmZmZmCABFAAFEC7lAAH4G5eQKAAABLVocAII6AbvzwYfFjc3Z3lAYAfYLTQAAFgMBARcBAAETAwME0sG+tMqbxpRl1DV8Z2dnX5LfzpIiHTt74xC1bVbZqCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvgAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACkAAAAEwARAAAOZG5zLm5leHRkbnMuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAghy6XniNnPGDj9u0r7tzchu6tmfTKqCDkZge3YRdGMjI="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":304,"flow_max_l4_data_len":304,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":946739380870,"flow_last_seen":0,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02391{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903397,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXUAxlAADQGM\/UtWhwACgAAAQG7gjqNzdne88GI4VAQAnmV4AAAFgMDAHoCAAB2AwNSUVDmrRSBFJr3VlpPTiOBfna69z7Ip3AgaZ4JY8XZPCBq5Am0FD9Ax\/Z0hd9jpGF+x36pK3fx2LqXRJeDdYghvhMBAAAuACsAAgMEADMAJAAdACBgLhCqxZDxBYT0wty93r8WAtFFYd34UV+f0SYd9yF0RxQDAwABARcDAwAgNdJG6I7V9ce0uN\/W8MyCm58pWjfsCFZXXJnMcWaU4P8XAwMJ4l4xzn1tklFeMfXUSkilkOHkR2CrV0Fk61C4hUjayiVX3XCUzF\/nVmk3NsjsUuGQs+ELPFl7aLMJpdeipyb\/BRKM7DDOdlmSjSZFpz3sI+4Ap1vb842GKpbBCp1KIgOgnmXfMMwnL4uKzNN2+XpL8V9LwuMNROahwk9tJrSx3BZQnvVy5qktKVugzkoTSb9fPpFovSjkUbQUBQuFWl2cxLyQBO6gjWiaDBpgoqREkqW2UGurTHpBXCvX7xTK+SGfs3VLNGPL\/jM509wXezmGXrBZolGpSBcCmwqP5AGjSUkJQ2KFF8\/5I5DLe1rWw\/7rCzdCJgW7dwItPpQigYvEpUhaTQyjzhLtXm4Br1gtr+Iuf0HPHYTCtm1Z9061ijlO7AesYAg3NSX4lpTeBeQNzqwAGQi0kxU+8BsfAI4uhNY4fwD\/tgZRm00kCDUGr0Hw1O0\/9wcQo2OrT4hVI8sBPv9rovACUd1xTXQBUu4c2UNVQr\/DAwgtr3oGHXN\/yf6hHksHqaO6ThyUELGPZgyTaAEJeYSlV\/UuFXosuXrXk+4M4bQmtm8xQA\/hPEgZw03CxD+XIQ9CziCJc2Lx3r4h2FdBiMwzohldpvHSBUXM2GuHl07Muv9yz1FfyzqYAimU2llIffa6XcR6\/N9ex4PCYrVYeRifJmT\/hN608lQ56Pm4ckRgIW72lS0ILwL91eG\/PWLw1TWr9OHqib8dqID1N28WvnDQAc1WG+OfvFA5Lx7KtiZ9\/3KI7f7RCYG\/5anpOjN3Yvo+yrHT\/\/9yxTpA2EDhXmw1I+drMKCfdVXEwoRqrQDXQ3qu16NE+piWO4zYtxH6MrZOf5GKUoqj85zhZkJ6n3Wtdfmw0p2w7uWnPZarz2kRT1hGv0H7uWAwQsIO2witiCTCAX0VhCKqX5eg9HlVQxEJ8e6aZG6udk28L+hlu2DjHm2cK3LT5siYCZ+61rOCmuWYzAzB4PZwDYNVRnV0GsHgMCnZc9N4\/ighhHZqiYL81av1zekzo7Qcc39eQmJB1\/vhuqI4+c3vKnv7ROdK1hsAX7hP\/VFs8H8ZF9FxFv36aFuAu1HQxIxhZTCwXDQcu5TzVx1PL5uguNjR7pwef7T5COi4aTCL27yji1k+uS4xQgf7uM7lfjr7UlwSz76e6z\/NdrgDABxN2pYomW51+xON8iXDOy0cXgxInpylLI6lmV7hJWGh+rssjjMTkzOSia\/tb6HN8MDXz8ND7qC4wdRBL+K2XXzk7CxXSZKHbU7oBKE3VuTcSRmBvFAj4jzbuAW9nVI5Yw9M7KxJ0oNCiAer+7rkuV1\/dCwQt\/7\/zkSRGAemKSurrkjoqozLCUcuNRu2YlaJLAc\/PeEJmeHXWSos8ReOKG9libwm6aBbFjBhBGqk11oBFxYMJe3fE8zx0cKng5v141kUW5K8KykDBQPlm38itlnDfJBFaB9Jn9F1Dk+fc1GMvxAKNX1KD189yDAOfdy35szVs+4vU19xgaD3Asb+3zoIgGeHaF3v5zAsODf1V7zFmYGD1A5VyodE+SZcg8yBGqWdCjN6Dq7+yW5n4whEBATh9+W8PK0m19STC9EnY\/KFQ8CMbZglLaqGH9UHLlwuaNZUfgFyrj24dAMianUUp6I5pp2CbweoDVXgQfGbkHcfYC\/73I2CAYRQxi4XFXP\/UJ7vD4Iv633KLKMEpQYwdikhrjOP"}
-00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":304,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":888,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":359,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":946739380870,"flow_last_seen":946739380903,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1736,"flow_avg_l4_payload_len":868,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.nextdns.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02333{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":903454,"pkt_caplen":1467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1467,"pkt_l4_len":1433,"pkt":"ZmZmZmZmRERERERECABFAAWtAxpAADQGNBstWhwACgAAAQG7gjqNzd+K88GI4VAYAnlzfQAACEkFkdj1Us7HE6XsQGxneQX\/pTaXJNHBzTBwjbjFH2PSLY9gxHervwko9HwLHhkgWdiRotlJENzv3dIlV0Q25g7GanzLzAoq\/bJLnF1bxRf0nf8R7xwqHIiEyWrnrfJqukts8v3m8MMBnkDAGd5xOmtynEVhFSJmjPZeWlanPH3W\/gPE9eVpcr\/bC8aD31d4wHJftv6KUYCRDzDXbCSoL\/6F7bgfENCEavhYW2LuID8zVPN+yKzb3WDD71Bfm\/QzlUMFQuZM5HbG0c7uIAOOAxkawVYPNiqL2TFCk1ynXFgmF4gXvbL\/HYrDLFRfjW4de\/NkjjSai08L+PfACua2q5oTvt2qGJPeolVEHsMmZEjEwazNhDwGqFKG5OP+F531r01cH7BTJcZ05QE7qXBrbvqwdtdoGPvG50ZEjeoenLq9i4bYfhTR7gqdrp+nT5HdXBlwZ3BA7TNBvRO28EIkDbwnbkKR1uAOgeHpmVvBpmpiphn4DYQZvVFKBDcAp0CgnjFhQ7BpU5nrco2WQPx+1Dj+wVwuk8wQg4nsuaxF9uoh5BJPTUJDd+oGcKzJnMyQnjiAungCkABFhOHccfPCI4WdjBjLMLNqgoxHw6DJHYylEKtOB9OnnXDF2J7Jvo9Dz26D1KrzmXsDWoLDC1fC96J8yd93fYvTZHskQxfY50BQIAKcBIdr8K4+MowCcaLlKXgQ2BvySvU9B5mJVdaqmTLF1fzesL+WRRK51q7IAwLh77wssc7jt76mm0H3PAWysYvmp\/NCiSKfjKaaLkm9x2NoEkekjBVCT4zJZaY12lyFWkBUvQQdolUu\/1tiRf86EnZ+MpspCpIhymi\/IUp68M\/Eb+2ljNKVmV1Er+pytZKFdhm+LxFZQDgPvwZts5tJVArrKTXEX7mbMUyNCFK87rJIQtF3h75H2QQdF8Dne8XAGsXDDnswycmS8W4DR2ei8Mvw6EchukCH49+5iX+zWw8yLNfbuXrdtwpsTWibehpgDGJwJ32GJ3PUhcT2O8ckRkT01hA4OhJ5s8FVi9G4sK5PSDUaW\/FVD5mXCOlbG6fI8ep93Cq318IKEa9gHWkRIcGP1KNeJ0vqPt6W+fiprWcAT+y38\/pHS\/DIldwWXxoakgp8kEgE10+BHsdUGoLtM0vHARs9JoXziCU\/gwCe4xJoYT7yIuKPLoyyOJzupzLZV+Yx6GthfYTU5x9FRZbuuSu\/4e+BWK3Ph42jg8FFm3MjO7iYnNl4v1+ChQKVR7XODNZWDH3jwqcZ8qhbkD9u5SI6j\/BA1C0rUPcBjh1+6XjoNgW\/MuFBBpUx0b9PcVFriOAhMdQziZ17xbnHnF7nwzD4ltsyPw098+Y62NYg0g7ZzmYgr7Bp\/OQu72rrzto9ZurPdNMKCU\/kuUSQfJNRXnpCKpphgwF89PQmt81ZhzDDg8jGUYjA+eCwP5b5c3W1mHz2rbpTYaJ5WAEPawg7kcD\/0daljt7SoSzY0j1SW+z8PqelVSwUwhQf5v+dUBJntKDTvIA8dd3\/P5RebSAS6fwWCMpEa2Wpe0EbiTKfmmwomuAMmkjN4HlloVMdOTeEonHISxyYlgXipaeXT8CPFbuFXE4ejDU2aTkR9\/ZIbgoZdx7IXmaK+NxS9KICVTe0LPka0QmobSr15yArkyNHaP1EjswXAwMAYdZTBGnK4vcmbufHHRKWT+kPKyQO98Boq8AW86\/7q3c0DIh4T2TuGPAeaW+ueW75g7BJBBU7YuGFvnEEgi07qTSBXDL1UISZX8PwWOHA6mln36hZp5MmWU+JESIy2cQgYeQXAwMANQq+Suu4\/zFTPT1s4z\/CUiKzLUAWytPdwzfRZmXCp50PDxLOSYvzo75EbO+96Njs+ccRggY7"}
00510{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":907201,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoC7xAAH4G5r0KAAABLVocAII6AbvzwYjhjc3lD1AYAfUKcQAAFAMDAAEBFwMDADXqnL\/aOrn0ACDUNs\/5OlNFpIHBA+TE3F8+\/Z5EIvZ1VnRDRjwJhogJkYt\/Q3H0b0fjAhpU+w=="}
00535{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":907355,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+C71AAH4G5qYKAAABLVocAII6AbvzwYkhjc3lD1AYAfUKhwAAFwMDAFFzwYDG03zIsCu775EDRZ4OSzL00weZVbglbgfpbwM8U7J+7uomYsjKj6MjKfVgOgHkAPvTphVgv8ZNnos8qRet2Hk8sVVcepl6hWnfJr3ih7o="}
@@ -373,11 +373,11 @@
00786{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":940948,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ZmZmZmZmRERERERECABFAAE2AyBAADQGOIwtWhwACgAAAQG7gjqNzeYG88GKdVAYA4Vd0wAAFwMDAQlsB7yIRhmBmY\/vv1SXZzhkhlHvNOJM5tBUvUzg\/VsaDJwCkQ9CBIfpygaQ6w4IxZXSStc9ORhCKCRjwVgLqwJjuC3iK8phAqs2VINkkcyWwjZCopzPp7DH+OeIwV4fTOsBa7UpL9pxthM0sOQAB1gOL\/ovuBuZ85sSbJsGkC7+ClqiyEz8Xs\/NaRrekhNCvfHsNjVpJP0oxDSRsuqMlAhIa3Rtkq7M5cdTBzQ1aXm6ebSZAIa6sv0rIyC3PG\/QPmTj5AV5b+CfTaV2LETRjg94tsyaloyKKw02AVvbDAaLs+vJEhkLHHPhzv\/ZC6nL30llEMmLzz692lEh33CTowjmyVMIa5+PUt88"}
00570{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941386,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"REREREREZmZmZmZmCABFAACVC8NAAH4G5okKAAABLVocAII6AbvzwYqUjc3nFFAYAfUKngAAFwMDAGgRVXdwoQFkT5SxPu1w7EW8p\/0u7VDqPc9wI24Np6CHAU6sa+HueSFuM3KNdFdDMW4tXn4LXazSJ+hVOe7VdIBWkIJGCmjq\/a0GBM2AD2XRyWWu3pSDv+y23zeCjlI7AewIZ4CU0+0RUA=="}
00569{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739380,"pkt_ts_usec":941468,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWC8RAAH4G5ocKAAABLVocAII6AbvzwYsBjc3nFFAYAfUKnwAAFwMDAGlsdpEmub0+t10g9q5Tr3vsXAWirmH7TIxUkMmOmRTA6ry3dLoXppmgosG8dB8yI\/3nqYyJ4lrJDIbgJI9R53xwGlp2q4bhy7L3uYUgxnz6KYV6OjO+ud1FprIZ4TijnSiNTGSwgGokadQ="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":90774,"pkt_caplen":340,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":340,"pkt_l4_len":306,"pkt":"REREREREZmZmZmZmCABFAAFGrgFAAH4GLMUKAAABiJDXnsvQAbv3Oz1sep96IVAYAfYiJAAAFgMBARkBAAEVAwNZtcLiAhjzwZoFuSzepzhVh3+I+642bR2Bdc1go+HJvyB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACmAAAAFQATAAAQZG9oLnBvd2VyZG5zLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACBPoxVI1tXnUcUqsbORFpVub7e\/4DvFTpQM4hnCin1UEw=="}
-00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":306,"flow_max_l4_data_len":306,"flow_avg_l4_data_len":306,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":946739385090,"flow_last_seen":0,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":286,"flow_tot_l4_payload_len":286,"flow_avg_l4_payload_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04635{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":124265,"pkt_caplen":3170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3170,"pkt_l4_len":3136,"pkt":"ZmZmZmZmRERERERECABFAAxUg1ZAADcGk2KIkNeeCgAAAQG7y9B6n3oh9zs+ilAYAO0tMgAAFgMDAHoCAAB2AwNC32Ly6HNyagXW\/50d2q6qJAOmShuP86HMxipBKzBmwCB94\/ND5pNfeKEuu8RDLRRLZQtcZUnz37DmCj0UC1geOBMCAAAuACsAAgMEADMAJAAdACBiVzglBWvQOWIt\/inusfkCbeAeDbm6AiXUcYUQ0SeUdBQDAwABARcDAwAgVY3jrnTrJkAawm+Mv8gBTn6zfdywiZ3PkfSROpmIxNoXAwMKFapXpMK700YralL2NJ+2AqPfCUAacni3qdcZUnufsXl31+F2NSHowZS8bEZc4wYIOhESfjBH81NgZUBCJL0cGqDMG7c\/GafBLHylsDncbVfIqhYnumIxgnBjMekzN4Jr3Pc5g1dWYk4XIPvLeMa1AeLFQqOY+unh1DHuo4FV4KfjYjnh7ERuvhffEbloWyMHFdAQi8p2J65FwIVJHxtFX6hmaEMmHATlFHHOx1RIGQmbmA5r5k0vgPGiuUMBe1e8Ay6+kNyhTTutV32hMuU4\/4gl06pCrT6iDU4Fx4eNT+Bo6E12QIKo042tC7Wn8Kl\/KILiC4TaY1uTO0+LE4wVqs5DJHWwykde\/Mpu9moeLZ0VhV6Rnx2ocHW4rczn9gPX5qTiTrDgHO7CKCVp0Yo86Aw2suyeRkNR6Pz2DTuex3RC6JD+6hKlKYjQfx6kO1r8jKEZ8UZCGU+Rw2Pd2IT\/whiiT5Kf7zLPm28Fu5xYAFYob+TbRXBcQ0z8XUJIWzCMQvkjyj\/EBbyfhm8Iz194guweTL19Y3Q2XO+NnAUm9ihjSHpRimJ0Ale\/24shK7Q0gI7NtX4Sy93vR61pN+Zbul9p4+Mos8cFPIfYJPR5DmxNv9L\/cWnYOwtiE8KnRSAYR+6q3d\/0S6rIgkskZa1GGNAffeDtgnD5SVrh+YhdzCWZCb6834ULGghfWcw8DVqJTSeWttzs5JvcUzLfaxv2WQHaWCXuUpmCZy6HgKkW3jxYYWr2tyqizXXXq732dtVhz4LWmL9EHS1WzONzEhrNFQDtpAQ95k9MRPEdXjg0bNse0lpUI4AUqhIkxWgs0j+8YRzV3BBFFrpEwA3Ylhpo+Wbg8IG0hFyThCaHTvj0vN5WKh94GQCSIjO11AtJoS9k0tl5NWJ7dp2n0NCYI25hp41FivaF\/BBZqFxHTd\/4w8k1KmIQOky6ICw7WRykbaqxzUboD5Bq7peIuOsiwZoUMD+BDbF\/3fE\/CVHWoaOcr09A0PaL0PLhUDjARYyrR4LsVfpqkH4CZh+5Jr1aOIJ+zgcH7Gme4o7fpj5Ml+hu\/y+kOOZZN5J0XdtmvZE5w20Osrk+W9YsiLIeYNt9SB2i7LEsIRfsOrVhh9XsJ8\/VF+0Pp0BTxOsC+9Ft0\/Qj6hgm17CCVsOwdD0VhkUWaus1O+o2PGnC8v4FL3kFyyqT6BtubEcffH1AbvnEid+VZXXjMTJvMB6eWAs+UqpOrNnkCEZAK35TZ0tRUT\/0MJ65M3rSS8cnt+LL4apIWh9CenPODN35ZvH8b3XA1lwJHej3o7w4KZBEvRoLt8OxNNvwpgMfHbFpXZIqbODt95v1PnTJxwC\/vTEturbRIFjRNgt+KCX3zfwvULi6DBxiqBmChwECudELdgYVXSzaQF56hOrspt7m7cSP\/bSuhLgvGoeM7hRIXBgEFXWWobiqWKLPkIiUnd3zKygePoMYOZHF1u2D1V4jxKHpRJ6c0k9v9f8PV1\/2cqY\/66gHBBbRV41oC7rjWm5aIoPFQPYH0PovphDScGBnJ6jwAMRZhEh8stnUD5D9slPJ\/emP0c\/PTpb6PEHZyu0Q7qMTKM1bbEpBCcvYFzyVsCvmHuicyOKAs3xMxmCmWm4Eqf7griGXbNKYrhS8laSwuwkSEnXVtwhIr1b+a3aGOTQNdzJzZMKbJeIH1FS5VDDqACuwzlpn2\/PpEcmP5h\/q7H0tPqDs+gUGEHDMancSkknkDjnO8AWIHrv7XSmAw8MzBpM2IwCdCuY2dZXBowy6lZV\/inUY7ZvvXtbP6a8QnD\/\/IUygRpu63NQLm4VeKCFEprpn1cgwz5cL4vjrW8z1Oy+wINHvxXqkotg8FbTmtoSQdi7m2\/uaxkwXGvCE+Ey\/VyskJtt+1lkVPt6gqRb1ZVRQm9DD0JoMxHNgFOAaDrB+WFlvX4dGQvQzwATgRC8IKAuMZ8oKSe0p8HpA+6MvWjcmzVE8kVy6HlIQ+H75lU+B2jVUeDC7BKjayT8YnFAN9VHJiYBcwsc6cBByDnSSlpjY95o1fVD\/OvMoqArUx2Avc07VIGr\/MqkoiuFsBZpt7HMy13Sks4rLBRM4blbz1tgnQW4V9XKGhwXXv\/r\/C7JzoFDKo1O5LL2d9NrS47Pk6pIUPyJaZQjYfdcqsgSPEYWloR+Ff71Pv2pzjT7Sxhw7YViV\/havSqMuVAeVNrx2FMlZ7\/Bjxt5t67OkjvVTbouDt\/zCvvPnjRGuWwfp0n7UEFUPBk0VQxxGTP46k14fFISL3DGCnaRmvSrBlk9oDA6joQ7sLe2wbd3yp\/7JTFG1yDws5hd9oSrDxTaFhT45Qw3wjaIXqpHrDVkIJVV3fSH3u051VvqUmuXNvgcA8QfJRF+xOWpwuJtANd+GaqvaC+iETLzkP5VxYMxDGAjzMI0o+7huhk06Ls+Jf4doAnMQ5xvzlXN0Jrm+66K6cwpPwq24uT0WBbVDSG8a63HdMk9Pitugm8gT5TfsMmkXcm8XvYm1EpxDTSUVXFdXoLfWyXIhhuACKArB7XcNbTOuzKmBQBNDeLFYB1E9Xt4xRs2cOc5M8BTSXsHSPQTYdc21dTZiVfSAP6\/2Gshg6m4bugupSvk5LVq6A3lh9ffmzYt3Db3zvnfSy\/Tt0BCYi48I1IzHC+nCbjFn40UDUHc5XrNCkmhQS1xNJg2qHFTjjUPePEW4+j3bBQRUYXBtmXyjbe7imkVYxn1jKZ8UW4USSgX9QTTgWMboFPNKvAGle0s4p63tKesbx5ZYZnXD1JMoq2wiuX3opjO2N0ancv\/RxoLDDssEhCe9dO3easTHhI9ARvh9rKZYKF6v6Kl1ISp1JmJSDWM7inua1o+4o1SDMyo05cBVGhhMTS\/9p3uBa3Q1+zink\/HkPt7+J8Qdeq8lFck+4f63IssnVRJTPYYtIlJvBDnEIzxlrIFjJvmSNN4lcsRZJPOIHxFfXw8TJRTgsvPxtdi3tSQFm4F+2sukCmWqPEy6giI87MQfoD2C\/Yj2M+9KXDCNq9W6tv2b4CTjfHZU+XTLbVYONSXTzAYgn5lkwz08bD2gqCs44qF\/KSJheO2v6XSQicbKpwE887mn21\/pZ1Aw7fFPdQKOSr+ozmKo3Hb7k8xRc9xS+jbMArySJEwlivY0HatI+S+fkF+iQUSFVepgBMwShL52IjMRPaDyXtnlg9nE04NDcI9V\/O40c8DJA21O6zuYXUndYIEnkJP\/UZOqiU4vEYGHHSxvu9z+OTP3HTmjMdAhSyUL1oGolZq+yT9EbInHY55rq655Oq72NwpUp+JpPgCJKsED+NjtqOZ3sxznqDpY1ghAohk4yNRdPDZzbaGgQemzPXCmXrFUsJTwcXd\/xU2NomnNTP3pmszYNUkgCR3tnkTvld9wZ\/IPs3fkgYPdntgi8PuMGjCH6ME+NhxjtV2MwDTodlIXAwMBGU0t8RnrdJi\/j1+SnvZYpC3oLybUZ0YAwC7FNMEEzD3PWZ1mQcdYkqPO6V4n6ARpcK+AxFYr2ZmYp5VZ6aP4ufUuA8CpPBGwUlNcZ3M2nwocOtccZ2oJCl6+gngVMfWFCnvPyKdJAIVEiwSYCs+M06T9K8Dn7IVtMoEfwHeIvTYluO2bnPQHkZLgVvtx4CODgchK9krbewpUgSyVMOqarNN5yC6WFzhdNiofu8YhqHlXXyYNaQehlZN2BSM6BAq9rstGdYvwLr32NuZBk40ppHqXSd1NL8zbf+k8yuXVg+g2tFIIoJcrHKG\/jMtPDHaZoxXSW0XP9QnmktFPm2sVrC8auYwtvIIcyHfmG4LUFWv9oOl2RWB0AiDdFwMDAEX95TGyYknbRQv3FxTdx\/ySOpsXyo9B3C1mQe9wKL+RuBQiooWFUmPWbB6tbYWNx9OjEFACLxCx4a2G5wYexWMh\/ScbEd4="}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_tot_l4_data_len":3442,"flow_min_l4_data_len":306,"flow_max_l4_data_len":3136,"flow_avg_l4_data_len":1721,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":946739385090,"flow_last_seen":946739385124,"flow_min_l4_payload_len":286,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3402,"flow_avg_l4_payload_len":1701,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.powerdns.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00528{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126461,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4rgNAAH4GLZEKAAABiJDXnsvQAbv3Oz6Kep+GTVAYAfUhVgAAFAMDAAEBFwMDAEXEY3mnjR52mKqLxIMUmRZZcXFLr4uTi7u4xG7UfhN8KpUlgxkvImJLngXBZJdhlsdOO80qBVROy\/zQG1hjQj9e57h2KPE="}
00537{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126589,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+rgRAAH4GLYoKAAABiJDXnsvQAbv3Oz7aep+GTVAYAfUhXAAAFwMDAFFwNNZDnjPK+shBymQiVBXbt7xi202dOQR8Rrb+yjJPWnLgMbhsBD51RnG9LISVe3Ei\/llN05tBlMIcUdZIzxbBUHgMMlLa7+nN2BwIgI3qz\/Q="}
00644{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":126743,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"REREREREZmZmZmZmCABFAADOrgVAAH4GLTkKAAABiJDXnsvQAbv3Oz8wep+GTVAYAfUhrAAAFwMDAKFAqHgt5ACD\/Hcnb0rfPawr1OJLN70nlF3dkYhA7ZQCOVewA6hwaIedDAlnDsEzTPRBpJWDv46vr2npo9S7MmryglbookGhf8BtnT5kHpryQnIxzmMUSkMe06vjg0NEJ8B00c40pwt2ffEb9ttTkd+oxC3Whylux+1Us6Kk9rBwv9Fj9VurRmLTFoD8b6q2+TC8GBevn3AcTvwA4+53G6VP4g=="}
@@ -390,11 +390,11 @@
00552{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154893,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"REREREREZmZmZmZmCABFAACLrgpAAH4GLXcKAAABiJDXnsvQAbv3O0Bnep+J7FAYAfUhaQAAFwMDAF7z9ZllIUJYVifkzfTmNZkbfoqBmuSaCnxtztvKBDeHssiwVOQo5nSR6hS5QkqXs2NqvhncFigbQkXSNOHHZD5sGv+1+C9xTFaldSDCLlu0cWZ1cb3oGLBlsyO6ttj6"}
00569{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":154944,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWrgtAAH4GLWsKAAABiJDXnsvQAbv3O0DKep+J7FAYAfUhdAAAFwMDAGljKoEdACJVSu6LfUQxS7Zexs7VdtZ0WWd3zkpBzdNePqSAkmPDwdqpmsW3s8yVNWD1l6kq2LB71Xq3IVZ448YTWlaSIx78F+mVdDN7fDH0CMeFIDqL5DKGDEFzM\/1oGnCGpoQmFfwpMcc="}
00671{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":188288,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ZmZmZmZmRERERERECABFAADgg15AADcGns6IkNeeCgAAAQG7y9B6n4ns9ztBOFAYAPU26wAAFwMDALOTK54BMRDpe4MtRO4mvaKSRanWnUcsocEhf9imDZHTA69qRe1uMpLNe4m7Qp6bbB11SlMzzljnJWHK+xtT3NsLO0bn8SbPTm\/fP2HByAEIKCeJjzX6cTzrqctPaQMfDSYpsZyjirFQZJWd9zNZ8BqFngUuVVeMYAnqiHHR711KLHnNmYB21LdkXKWJ\/KQgiEfOFQlvg\/OO7+9BRDX2ISiFdjwYwba6lX0BaMvdwPOAIYVaXQ=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":216755,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDj7xAAH4GQrYKAAABaBwAapkuAbuxqh8KTGGTY1AYAfYqeAAAFgMBARYBAAESAwMGpOiD7bGSBZJpQPwx8jjTz98dXRQiG2dJooZruAvSbiD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoAAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLmNyeXB0by5zeAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACCocx\/g1t9BSq0aHoBq6EokYegQUNndj200eG6GOsFbfA=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":946739385216,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02388{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246047,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"ZmZmZmZmRERERERECABFAAXU\/OxAADcGF\/VoHABqCgAAAQG7mS5MYZNjsaogJVAQAEIzqQAAFgMDAHoCAAB2AwOeWrg8chGRKGTlO6HJ1p62TG+C+NnG3SsfyKZ3JDWszSD6XuSv8nbXMIfp9OgUL1wdFi5SuPi3kly1rdyONGuyoBMBAAAuADMAJAAdACBCHrrBrdBjTxY914LUzlqx\/FQ6u0oPg+tIKo8Yp0xoIwArAAIDBBQDAwABARcDAwk65sXHo5FyUtAiAM03V5kAW3+LXGLR2yplHW327Ar7lBVn+cWyqRXyVDveXS6Tg0vk7DEhWyy4Lki1hEqLM5o32Zp445RQDsbrctFBNFcOMJmryYHv6cTI1ALBX4o3m7ShqxgiNr648SOfRyoVsKr13ok5Co8m3yWWjvTT7U22a\/V25Yf1TTU5ZX3C3nLhUlp8F4S6K70cvraldnw\/uD6FRUq1lAFYY+RdFtBona62R3kW3zAEmLHlxjwypAF3Ed8HpEUN3N6Hh8WR8FPduTTrU1rGJcfthDCSePngGTmyI7kai\/r2bxnw0X75rGWPasNSz\/szhNdRWEo0KOZIuIIBBW21rDG1KEO\/5TMjvtncyk4jgN5jajgEgs3G7B7IN47mqI9K2FWa09ZHw5D9ghGF6WusPDND4+h9gRzFYMTRQAs+YDOQfRoqmeDcHvQas+1JnEYjeG1g+nCoph2J1xKskq4pSu\/4\/GnANXkQNNVNHjjq8pJ5wm6ibeZE1gq6PVr0nZRMBq7E5\/av8PC0+acRxKixaAa33wWyU6SeZcL1kZkunKDWXWcdvdQy51Xenyz43fec7O\/+7mHHRsySVytdXjgD0ZKChXJn+AmwQrC7OY5cEE84MSyXQywUeiGMZz6HP3Gxw+6pQWrQZTjvM2lPibOGlOclGV30N96QQ95Wm7tUJbwgXYzy1Ap3e6BhUMIyFcI9\/pMzhGjOExmlzyT6BDYONbNyjHW2odTpZ8WjTWXt5ItMp4Qf4ciPCegZXwYLxQYwEVRpcpQCUbjq9DqojYcETIPE8pYwv+pEogBkJ36XO7ISaByslei0uwlMTDGqahxFUG9xNqF2N+uBuGm3rP1N0De6EH72L31wAMHQLr+g\/Z6vH8L0t5ZBiVyHRYWFiBaqBS7sS5CL7XIwxWU5nT4+O0vg9\/RKsE8R\/V3oTcaEyuOxZPN2ld4OexQ1VlWcqVQyk2Twbmq7OKKuOtMkJEEelQzBbVDHxrvHpN4rIHzn\/9TLkc3K+Gw0IKsO0YEfzDLQOy1LPBOrUtSvkHpTT\/9tKCeQ5oeaxAcdxjrW8Ob6O3OfTjPur4i7Dr1vbtCqdprUT3YFFMRDZ26nuYQwhC4uKvrLCR3YBND9okLFnTd\/lUt6yGc2upOIbcXBXCyaL3ONPVCFw2rLhSE+P67Rrx0pQ\/PN3BUeVHTUY5OZL2UVofmKcp3kyCsJpqyPvgqtN6sEvjlAvawn31gSxqPJMO+J4TEIN4NsQHeQPoQbqZEwJ5dggsoNl6xy1PlfH8FxBn\/\/\/Lr2eBnvYK65olzMCuvQ8qYuGMLDeKU+eAivsl062ELuv+\/dM8uhg7Eno5vDfDKFHEJLzWRw5E8iFnEoRLS95ap\/irULTPgAA0QmZ5jn1YuEDktj\/0IeFc53AUQ0iqNqf8q3TqQngAAZUKBI7Sk44RP395w1L0Eyzfl4IxdNlReV035GNhrN\/DGIe5cd9OmCUDwyYWDZ5z1ksNzw8W+uzpiwBt55f0ZJkvLbFgiMA+gkUt4hT8f5WK5dSjcjsu1hL60eqoQvBa0lWD42dAL0xAVrNk06unSiy5OJX2WBK7Q7No9ybhYFoGzDI8ZzAHGp1Xz2h+but\/3A\/uToYXT+zhFlUes\/MlMz6r15CtQUfWQhXV2DbcqYzcNr7XtwvhWwQRBQjoyEwldiUNrV4kfA5BNVrLK+IAb34EZEEXlsaVEYZdfTSkwf5mFzUW8YEGENVFtWYgvqKiwzQRm4Hnu9"}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_tot_l4_data_len":1775,"flow_min_l4_data_len":303,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":887,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00836{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":946739385216,"flow_last_seen":946739385246,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1735,"flow_avg_l4_payload_len":867,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.crypto.sx","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01836{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":246097,"pkt_caplen":1102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1102,"pkt_l4_len":1068,"pkt":"ZmZmZmZmRERERERECABFAARA\/O1AADcGGYhoHABqCgAAAQG7mS5MYZkPsaogJVAYAEL3vQAAj+eEnaAC9OtjNn9ZDhuY0QkIU8Et3SozIjmeFN3jl5ynvaSd0TNRCmKpUZKf\/fvqVCNBLPVpc+a1\/34xSlEnpJggvfLX55X87U+wFE+Gr7WzyudHjYSOPmOcexDC2hRAzeXYq1TgqVwJwEh4MCpq5hwfPH3wEyqIpcTyPqNEKua3iGoGl0jDllgnOyDy6qMtoHeGHyOqCPa7ViWWNsuvANnFYfP4DWXgq8fcNnwinGDW24misysy6Sky1Qfcgf01K751PVkPm8BzlnUWtr7bdFh8y4G4SaM7Ac3Zldy8pQDT1EbhFcuRGdsZ0naorgHPYs0SmR0Y3t6UYCsF0YOkjsdAEbpFIfyrBCBlh4z7aJh9xKrg\/5jQsdBuWbO9f+feot414m65BkfEsJNZt6q0OhiZBadbjN3fS3WVyRW59gC6+MXzyIF5Wxx4OnO6rWDTIiTViNpHvl70VUj6EIp7jtN+701iQ9XIbvLRRNs1dMLQv4llg0va54eLOiI8Tefj84dHZQatLYpsLcK1X1xgMBQvJdmlFwbKncCrUOCkGSrsZ4LVBWhcaxKoO36xnPPDV8cinSkrG\/rQoYT4tiAfTIWSqbjcWcgucf0EZWFYbi9MDrGUzUcZr82zbUhnYlEj1+aY2lv2lSt5AqGSaUKeQRwioCypPc3dHt1C72aRiX4CCSBeRj4DN2l\/vJTlcaPiDNg7t6TPWllts+Co\/OdFgVAkJAl+HIZBjiQtPGdBZH0Q8WHs19m6ieXdVdu3SXksmcJ4OArDrkVebghoJZJUEvtdYdAu0CxG32Y7Bdxe9zNMbKMIjUZThhjnA7hE+UoUNNr4aUW73torTPDm\/PasISFjUH1CHoDvjfn0IYzqO2vVaat\/SFbmMFs6UfAByhfgtTIBdM4vlalC4vJ\/3gPNzVh1u1xqYYIU6wN60WQoEexxjHdAMBBR1w+y4czMCbyPxsYOQzTZedkx2ofb\/xA+Z+8rEmaj0xb8Fyln6Nq8bsbjlAzp8F+BPhhygJC1D1SpxfIjpLhJ5pR8cCPnmFuv4Wb6pCT3F\/xJW7qpcmMvdn7rOqlw0sLhKBRfOeheFxSJrKe9iavOuolDEItae4jRrh8cRuAabSIDs\/KL9d4qTkbOnc6ryMLcKUz4QDjr3QIMIHJiOX9+2DVL5+3CGc336xPBx67NPWns3pKxWZovEglaPedBeKa1Ay9zwVrpcshhz8ZViqEZyeGf3Bhnr9gYf6a2k+91KFhxPRsj3wr6DG1ZrNf\/1DpWp8C8Eic8yqmZ7eLKXZwe+Mz2GUUCbxCXRoPG9q7XWM+v0cWz5lxW0nXaPM0vHHCL7Iqhc5wjeX5d9z5lx39pQN3jzFWZB4SuiTobndYtfC9FvqzivwC8uagzgYQI8AhesQ=="}
00507{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":249072,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"REREREREZmZmZmZmCABFAABoj79AAH4GQ44KAAABaBwAapkuAbuxqiAlTGGdJ1AYAfUpnQAAFAMDAAEBFwMDADU1mfBqFD8uaoHHksUqQF0WMpTshJt1M0V43sKcAkWhg0T\/LJZoQXQ8FIVxhBlb5ZxztNSQTw=="}
00537{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":249187,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+j8BAAH4GQ3cKAAABaBwAapkuAbuxqiBlTGGdJ1AYAfUpswAAFwMDAFEr\/4Kxjdy2JlHhHqoeUlzBoSChhU4AhSRE+IUjehRAWKkNfzysT+0Oa50QZXF5YPbgpgDZmub9nHv8hWg+dGd\/l6r8nkjmi0wO7m6LEwq8g1Q="}
@@ -408,11 +408,11 @@
00463{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337114,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ZmZmZmZmRERERERECABFAABH\/PdAADcGHXdoHABqCgAAAQG7mS5MYaBfsaoiOVAYAEMWLAAAFwMDABo\/6em8S+cskJCsgTPlQqXRsWlC4TiMQ4i7bg=="}
00604{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":337591,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"REREREREZmZmZmZmCABFAACuj8ZAAH4GQ0EKAAABaBwAapkuAbuxqiI5TGGgflAYAfUp4wAAFwMDAIEKgmKWX6YJ7EyrwW6UghlXKcoJ+dlzOTuPpcSLOsTbquE2gnNikXT6K1Wm2i1baScC4\/wKLo2OPiGC3Luvwce+I21tzmxYzD8LqsuN+\/aohVjp1coCNcS12EFOamPV40OYgKnUNYc0etOgF4dXD\/z9B5EUsK\/F0FqgOPBxG1vjLKc="}
00837{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739385,"pkt_ts_usec":379039,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"ZmZmZmZmRERERERECABFAAFZ\/PhAADcGHGRoHABqCgAAAQG7mS5MYaB+saoiv1AYAEQvTQAAFwMDASwIOtnhxHgdCgQey4U19\/NOVQeoKhAjFytVdqdlNMepeyLN10r8EnEvFgwlJOqbn3jVg4D5gHhOz8YJayO69m35\/gSva3GMKU3IYEt4mRO7Og72e7CdTt7WlPpuH2yJzlDoMxqM8WIVENPl5wDi7D0LA7rWEPagJRWBBV9g7FAv1zAp4Avqs8vJrDF84dxBjJ9N0EWun0QJUwWdK7e3Get20X9+B+j\/UxjxhfG77h4DRB+zhIFQ5sPT95Rh6TYcIyIUJk0sap6MOtu+\/0pPK3fwozE\/Qw9UbZga\/69PyXill0sssG3IU4A0Iqkz\/yhwP69NxS4HELP6acm1AabWnpDspLBmF3ezb5xhszBYT37rQZYehwSV\/yqSX6InrXWao0z0iINaMnm6sjRuAgw="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00800{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739389,"pkt_ts_usec":936448,"pkt_caplen":335,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":335,"pkt_l4_len":301,"pkt":"REREREREZmZmZmZmCABFAAFBc1lAAH4GKTYKAAABLUxxH8s8IPtar+ZR\/RI3kFAYAfZgWwAAFgMBARQBAAEQAwPDKTE3gtHe4YkRucyB7lgiewe8eRdkAeXi8xQ\/UXf8siCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAChAAAAEAAOAAALZG9oLnNlYnkuaW8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAgBTSef\/+Gs9funZgaOAKPCcHz5qP34E4cKsNkKCajyxU="}
-00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":301,"flow_max_l4_data_len":301,"flow_avg_l4_data_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":946739389936,"flow_last_seen":0,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":281,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02335{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265010,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z1AAC8G9+gtTHEfCgAAASD7yzz9EjeQWq\/nalAQAfntdQAAFgMDAHoCAAB2AwOTWCXgGAu71\/Yvi6NLTHUrXueot2ESWHeiaJfdHE5RUSCUJYNjNKAcmo3iKZ+yKMitYiljKY339PIqZtuOYBZE7BMBAAAuACsAAgMEADMAJAAdACDWWloo6cinLldR+cnVD8kRD\/l0Q2+aXf\/fBY+S+WSMRRQDAwABARcDAwAkRhOnfgeD\/nNOoyXIFtppA82CTRb9QELrjIuZ4Sms6\/A\/wFXWFwMDDR5COUoGySb4hNNJ9UU6WNVu5EkkD6YuaPuXJ8CsVpFNJmnkrUN+8qnnRcWKvhiCSeJ8dFamc6FJiqYTi+y4vhj\/9CUzXrDpoIqCPPPJVzrO7TRKenUWLYob8NzsM\/dFIXxOJTiZrwtOg0PRbjHk1oNiocDmQfIuK+9XQjJXpmH6WXi1GuKS6BI\/Mhq7VeFosQzd4f6PedlOLyqUiLqOkZBu8shjDKqJBgT+asclbYKMS0So4WatuM12p1csrxpvTCnaj0btgSWvRlOtA5V89mkHs0RlWfRzITmJodp36A7TpRfkiq+5ADaJkK4PCqzM7n58+S7faojcjUVNv3TZMKR9X7THNbnF4RYlkXi+yQzERvi6AVU4qjl1T3oshQYm+0uXk6wZy\/EHFkS0kI4JdkMrhx\/QDyFE9JrZnCDaKSbgnVDXGxQ6JI3KX68rAnXlo16wEjgmYiB\/CpDOACPBUUmkRPrMxrIYGRVY5m4VHDtxxsBR+4pWd57JVtTXFf0dDyH1zJz6Z40Wrwh\/p6Qz5d2q3mQqk2qU0E2kn8++EZD8541s2A3AenqtWVuRk32zNIyJfY0yQnjyuK0juMCVOEjM4+TSdiFJcZE3rzM52S9F4fUWq+Qa6izwHy+3rJUcjKQaK3KU1ecorGHjAhe9fanpg8OhUEfZK30POLsPc9a0KJ8Bhzb\/xTp4iMokguZqwGUeiTSNyWJBScTyI9LLhhKpNOWbmn0FCwxaV5Mbt+mvTDDVs8cw9GaOZN49PQe6J7UFtKhXp+jLkt\/igfMPvVErRgHNbDWAx05yKKN5cVgAGz+obL+4ZX79sXQRNBQfrfR7W7COyUVVMPxrdFItZFJXlJ2qtiFtfv22UGoflFY2zoiK9sk9Zj+K1u+9Vmzjs+RITpDecu73geffdixXjb3urBW4FykkW7oiu0nkWHDQgL+KviHt9Tm0lU0Hzsi8YTo4OdVu\/QwCcmn\/9YMQoYmxguinCV0SqsmSoXYPpWKAlUH8vnANpkvHS7OU72AWRuphcFRa4RXp48xd9rXEW7d6pcKpL7UD\/qAcfrqs3Aq3OBcZjm\/9+CZ\/HA+ws2AIqrw+2oY4SiSGn\/cjxInZ1S7KChZFleUsKWilMt0S80n1UHIe0ozJo1YpV6O+256ILtDlEXLc4L\/\/W\/Y\/61lq\/\/f9IHao9y20WHTGbxQOKX1rXuMjgZIEMZvVKqcKW+vUa6jVq0bpPfVryu2fyy6bH4O8lkPOuhDeO5FxfnatEMjgu7F6t\/PeACLHie\/Eg2ezTBDOdT85sb1vFD3nB3c3wl9xSQGoUXMREa3dlU4yyKTsRvhF5IVHX+WZrnZEXNIyBa2yqUn\/9nlC+Nlg+hPHBSdvrZNSMA+riMftxpQlj6FTL7EYx8bKMIfPYnyZddeZmxpXN9XqWLs7KrnqynK9ZMJhVvaIAMfyuBU2fqyPpflnNhs96RaJ+FGM\/iw\/mZYOsIhH2JBIZKVlvkBCQxCbysphauFVIsTMYeZEcsoCjFB1qKXHuCceZxP4Jy7kiXMgSTdDFzzGYgYfCng1fFfHI7zfjdtWkPQ9HPe5f9egBljz+JDS6ehJP7PfY20bsjB73IKGpwaFJB2W5txeWuX9YJMSmwLmC9CvECSoWQlENl+g"}
-00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_tot_l4_data_len":1731,"flow_min_l4_data_len":301,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":865,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":408,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":946739389936,"flow_last_seen":946739390265,"flow_min_l4_payload_len":281,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":1691,"flow_avg_l4_payload_len":845,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02322{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265099,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"ZmZmZmZmRERERERECABFAAWq7z5AAC8G9+ctTHEfCgAAASD7yzz9Ej0SWq\/nalAQAfnqiwAAu9LAVBlO+s0L+nkwU4YXcw1SOmlRl+XSnXuO6tKFQ694AGFrib2S2f3BX7B1582XtNQQL\/1IwqS9eCXYJzjdfbbKDKnkw+MRH36zeNfFmebdTa26VGWOgnZNECwEpmFBvEXSt2RPI6ofb1vE32eZrFh79Bpuwp1PCG2ngGNn3Z\/o1aRMv577hTiLGHUP3zlCYCAacHiSAEi\/LQgxJOLyR9jugiMcNQxMzI9B1anoxyifvPkh2BJiEbyAypQ1hQGudgFCLTi2Txkt7Eu\/NIUQoPpDLsdh3lHWxNLyLEP9wpzBgp6l3ilL84X1Mk7ZHQuPK\/Oz4yfrJd+G7Oo6i1yrQ\/Adp3qU8KnQ9ptwaIVLOtg8g5ENilAbdYS7Ka3cZHFz4gvVtmLddRHiTcXVf5C1ypTeGluZMusSnmJOjPWY5fp5RP99ayjRwQRdkg+IcNHiO31ps8qxZvYyOJZ7Fb87gLgZwV0IUvyDuDbizEwr2XSGbMEZuVoSHx9QyUP+A3BPmqRGGD9RWvZIaULosdFkVeC1hEiNEcM30Eo27GhCBEkpzGPbQ95LfK337HDa9UlKAktQhKwG8\/hAtMIbbv5Noetnx3T81i7FzhkyHH\/C6g3BkR97pP7xxNGSesRAej+0SV1z2Ux2yezANH89JV1k9OQdFbMalrjLnx8kanK4YG3Zfke83pATlf6RAPV3lPyNNDQQypoZkugKEUxOXS7Rx2XEo0segrTQp7Q+35xLorFirg\/3rbokzMw54\/alVY08gHsLJlNmadq9IZ0Hjxo7ykUIQsSRH59BS476g7Zzq0D6LzWm8dRwgOJiFmUme9r5za2XErhkjyFFtknvfbQcxGFpshYQjf44nBtFebBI6Th81Pz6P4vS1Ab5Ldbe5kqW2W6OFyHBCtpJQLdqxOC1y4j8o1zpDr\/5I6fMit0JvTc1WNaN6qBFlg1P6Gaatd4VK3xOWgpdV7lGy9Cs1aJIggG2JQikJ7xxWvncFI3YNX\/j7e31omXzttI+wKWBnq3libBpSCKXTzvdWZpJ16RDkXLbmBFLlruWHpbIZvg3vh187AjFKcBshFCVg\/9CKx0tdclgUGbHqJ7E6OtJIm4m4kox5tzQjCDUJNS29SjoWoK9anOoaXw7azu80JwAvB5wDC4mKG4pcolzPcWCdGzgc4j\/1wLg0a7\/6J83Mv9Vwe7sgJa0WfVmJh67OWIpAbZv84XgLPcLVo5yXd6\/yWWRMvn+kXy6mm6tMTinzOpwIpfSCVQtp3DNLsEUsIkV1DrWVNbTPvH5GCVkQ8p3Lo5BGZ2lF4qqWWh0bwR33Xc69aAXaHUgKcezVe1FfG3x1Q3qp0cn65Dxae+n\/hfZa1KqbpdsxY\/eLTfFV7m+HIJAbLFSSzH7PU\/MSQj8rvEXnuHMSR3htHNgcZRMLZGZNMcEgX88HYGJMITbgLbQ1nfRTwzL8m8XTnhZtErha6pHrFlPsZ1RNjcoqZKgLKdMg2ezfrI8Jq0lQFzAOf3F4VPbIGq1krTP43rpCLbzYETrqQH8Xz467NmG5PHVJ3Hne12KAqQma4zC6YHwFBTwWUunyHc7Z86uw6NV1GMEfe39uxIB1Th3Q3mEC1zo37vRQUYEr8R3n9WX5ZtJpDmxGTtrG8c0JVrUZpjFnqPj2Uj069ivRfFVD19zTIWIWwVZHNTkf54z1SZJ+bsWwla3CC3KyaPHGsTreYdevDYggE2Ww91a5tn8NCHUwyaWPcCmBikp3+fKDZwg0dx3gKVzU8Hf9Km4EdsDin7gSeY7n3yByLcyqnB3hOSBc1nuPCEOi+hB9GXpEuBRdmMhQLcAelRdGq2lZwOE87jAboVg7rc+WH1wOyzCb4UJFuzyaFs37Li8enr+"}
02160{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265198,"pkt_caplen":1330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1330,"pkt_l4_len":1296,"pkt":"ZmZmZmZmRERERERECABFAAUk7z9AAC8G+GwtTHEfCgAAASD7yzz9EkKUWq\/nalAYAfkKnQAAxcNxhA6xEjxlZ373intfSZN4U2+G3f+XvEboDRbmKIP5AyWTb+VftsHBbQDGTbvv0P7GHMQw3FWpHoRzaT5OEEMGXspnLcQMdVJt\/tw1MUWxBTfFzOt+sZ8N\/710Gy4Bj3O\/a3UuTiB+rCwc6qF1hTKT9uD\/hxD5F9bhFMArqmoNvbpY+hI714HwnUz5zHHRRPjSvUySFd\/tIXbrfkjy9Pt8CYYSZpcLvasThOoVyKZp3Qahu4ZiiIlaT4DxIgT8QCtOzJk6I0Q+Kbi71T\/ntSeqr8eLumh5NjzrY5Kchjq8wfLl2k03ViB0CDn4D2UgwiwsDxkMNzqcb8lMMo1gQD4nSSe1HTKCEdTfjeW4m1KYSg\/2CHt2InMeTBNo4EypeUe95bQS\/4al6dlbxS90APbpxC1Ot15Wzla5emO42u677gdPk5x+IpL8d060ErBh1e0rU6rW10Ytu3ysEVjrHpjc83LTEuIvJWJjGzm7fiQIAH0WEfokQAs5rGZEJ9jo3\/cA+xY2Abi2E43T4hJyBHvCQsiGz7LLeaXhOK6ow\/DJSrzicaRq6iEow4oa\/dAxa\/lC\/z3sSXt1FO6I5i6G7U8iS4HSg4JXSdknkzeDAYa1M2UH7\/lqTXtUSwsOqRtyG8QAFMTP0toGOq+jpPVJ\/bfqK9adFd1Ihx473BktjS1eS+Az2RUelP0QamhyG4F\/HotBW64CkuYKqvBlw2M8\/dzezftJzkOkK9SnHzFsbvNm1WODcpOZvO5t\/ogDpFQmoaqVUG+vLQokK42qcP7L2zX3Rcuf5UTBJ3+3S7NmglMobsgnAjUg0fnt8R0VxabOYMarXg2ZlKgdQL3vskU9+YGbJRX\/4oLMm8qznuFxBUiib+oUxtWetjrrNbuk7FNn8WQfXcwwhcTYwgFJatUhqF2EZkTXG1hKlCTom6Clp\/04mCW4wkb9vn4Hv1mTFwMDAhmC4dDt\/pXp38eVi56\/Tc0W3NYb3fwfw2VL4VwasY08aApKk+QVkG8E4WM05dMzJ3tM+KhcV2KgLIeDtX9fuaPzVpJ+l1\/nE7aFrU\/hTzjh+iv9ijKlKaCHhWeLx+4hbwy9iyPZgVrruC++AKQNMCmkT6y3UOURSEZ7M7rToXFjCncVyfIw7wfxB92gr+1qP\/FgvI24PGb8QfU30XaQxNOCDF9LCpfMvKKwJfk5QrSyOTpnJJRSt5xFXiaDt1WVaBAcINL6OKcXAfQ1+K05oASvBKcWxj8IENa4PmDMAbzmQxlcEc0EsN+QoVJv7Ml5\/lBq0C3vaQNMcnpXpIW3ZflF4gFFEBgTG3iqnc8B4K6OdIINgawtBvSiQUdXYJ1bYulpxACvU9kDeJqcY5cJgm6\/uEyTGbWvDouNBuPwtrCrC0IZE1DwuQ6lVKbNp5McCtB0KMSePUvy2t\/bN5v5a347VTUdcaRBTTyL9KlSuC+BMMs9OrwmenbDUePO+6uOBvFaIdzF5\/4ywKnXN0cFOX82njBMRiouOaEA8scTx5CC9CHkqAXua7RnVt6UZ1Ix6mEDU+whUE48uYruJ\/bRj6e4hZx6NdRONMAwMXQBD5wVyxMQCrAsNjv2L5RU2SssVOmQgeKqZ\/mtiPFB31fsdX\/80b2eeE7Q2xITfJ5AWRW2NJ8xT61RsekPZQpNyd7\/bWUZXXwEySVpHNsXAwMANQ0O8C1pUHkvIH9BBA=="}
00475{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":265231,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ZmZmZmZmRERERERECABFAABR70BAAC8G\/T4tTHEfCgAAASD7yzz9EkeQWq\/nalAYAfk2SgAAc4ENe0G5ulHSVo9U8Di2+Rff9T48vIN31l10ubtaT7+HT\/yeAS5vvgc="}
@@ -426,11 +426,11 @@
00463{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":581729,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABHc2NAAH4GKiYKAAABLUxxH8s8IPtar+j7\/RJIn1AYAfVfYQAAFwMDABo4gQ0\/ti+GmkptcE2+fzBrSGCpuBrJi5HiKg=="}
01487{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":582718,"pkt_caplen":838,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":838,"pkt_l4_len":804,"pkt":"ZmZmZmZmRERERERECABFAAM470RAAC8G+lMtTHEfCgAAASD7yzz9EkifWq\/o+1AYAfc8BgAAFwMDAwvE4VKvhwzxAvyDSBmV\/HWW8jrle\/2tIQrCHtgM4SEn\/MUbhLTf4gE2RQUohu+XLi7hNVkAAiCXy9BUxG\/BHXX89qoktGZKutZimmLlY6nEIRetaVs9kfhl4nPV4JIbX2KBT87OOtrDwqwIPawgP5htuEMxTx4sui6fIeL9CH9yD2firPvONAFmSWcN\/MOC6JRs9IDxTASCNwcgykFjPX2groCYqkEB2WOvOn8\/wW4ERgWZc+WIMsPz3ki0aEqeVfOwxti3O3RM4RLv9va6MKucZz8qaINHcfN6EVYEx2p6GR6ZwHPuIqU8VTWtmJEJqO9d3\/vKEbpnddrcUuxj8SG\/2\/wjKwPdHi3VpOCOvichdJN5nG7ZTr+5FvOCf1SaXiv3OySrY41O4fmTcyIFogTcjoIIBJOakc50PdfaMpLiFcjUNgplla95StqW2vagjm+2PPwVs\/qJ2KNRTMe5Yjgc5FfrHDbfIpvKm3li\/9UUkot6OjGCiZUFkynZrKe3d\/RBplnqEJAWUc0uQFIYNGXD6GdIVIxFRtx3u45qdZkmqIJ0PtqT5cHl\/rXkJRbJU1xLPycijyQw8kll3MMhoLwLczGH1Li1Fl68nHwfTXWne39dFpB8N4OBRGbct8nzE51iY0mKXGz8ngE2xq\/3Ckzvyyl2IS2673ohAqyKdxS+fIV5vIvBQrzfVaIzh9WAvbckzqhehyJ15tbxoUU+GMvYR3G9jcBmIRoeK7doD1BQmj6iTlsq3uGJy3iI8piNfDXe6oczyaibYRyGS4+Ep4WgvZNMDwbFEkEx1OjqCVNf3qFhFkgslSFgUfyow6u2srbMLe\/zmzoP0Bu+b9qxQtbXq9VQFPNGXlUi\/ilUEAaiElrYJOtrhUYQufEmNHhllxHZ8vJn+serjRsYVN25u0UiE9HGAuVFqCpoP8ssTIW9z\/4MhqNwMgECvvzaWu6a2VpJe4rWFN+NVOW5E19pib89T77fsjxffi3TiwTkQT4o0UE6wags7O73cu2rrwTz4b0tCejkUo\/yVNYHoQ=="}
00564{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":583111,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRc2RAAH4GKdsKAAABLUxxH8s8IPtar+ka\/RJLr1AYAfVfqwAAFwMDAGQTbp72Fcho4nrmgw40E8KxYIGuP0OPkWfS59V3PlW+86dER1\/SLENpVbWQOr2\/IvStSqCI+I4U7XIX8X0TVY4H836AapEtnh3hhTXQPIuOfgU\/m87qaWiOeWaecqoAAQYEbJRQ"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00803{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":933403,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"pkt":"REREREREZmZmZmZmCABFAAFDddBAAH4G12cKAAAB2akUF4T0AbuSPuOKlASrClAYAfavsgAAFgMBARYBAAESAwMYXSzw+8AvMstO05PQ7qPBj27f4mGkG8QM9OU7ZRFcuCDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4wAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG5zLmFhLm5ldC51awAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAuLsKlIgLTs2y17K315yEyJxqnsCXfl0yS1kyaNKG0aQ=="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":303,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":946739390933,"flow_last_seen":0,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04634{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":967766,"pkt_caplen":3165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3165,"pkt_l4_len":3131,"pkt":"ZmZmZmZmRERERERECABFAAxPNc5AADgGUl7ZqRQXCgAAAQG7hPSUBKsKkj7kpVAYAfW6vgAAFgMDAHoCAAB2AwNggvgT348vLVfztyje+nh951Uui2O3z\/vCGwcNEmcL7CDJZDN\/6VucUquGKl+O4ES6VCX4Z6V\/a7wGR73kRIiX4xMCAAAuACsAAgMEADMAJAAdACCYu4Q1ZjtZfYUrS3fwrroPQafz4tTgHn9jgiQX2w0NexQDAwABARcDAwAgr2vUeHfWinGo7k2fDAirV2y2+2vt58RojQUfF3ywprIXAwMKEF7v66Q95J7Madk2ZEcExfHDptRh16jabZXVGAjSu6ZVpQdW9tsq8WD0VxRfdaushrVbrrTRIk5I0CixRifCcooy6c56kGsUxb8wL+Z+QNmR5uWAeV9nzzlGQpBhNwq90IzHQbBwHdfR22cB\/o+gnP0zKhtFT5pdVatUFFMBXYFPBfgmW+yElY9JLYGDSC\/IIw728fBQlRPlTOPnC6Bd8HZeDEbFd7L\/8oeIRd34AfymHYlFpxJ8CjS4xP7I5o8GpeBcv96KPHtYZV5dsMuE75XBxooOpL9Gr9IWBy6AEdPGcU29oVVhWirzJ93HxYSeGAAYTfsu16+HrpOMUAzFMOyXwLKfIjR9Jx84Zvi3ytxvu8IPsZAmQB9iLco+v\/PYNz44XswLq2rQZtIH4a7\/SiljnI7OvMEtw+9+0ohSjEBjqZNpZ4+Di4Oi4uvLSj90PiJtsiIz50r+luuFIJLrHS\/Bx2ooWNGmf8wIpBNOEoC8uYmbQEc0M0F6MgPM2\/Dc1rxiGmLW966znBcYtqEPAIF5LP4HjDzAMEtUySTvYC8cLBRrZgX4sNAbkCcpNw4QFS6erQa8jKBVOZjyMqQVsAikZDL76qZyWnWAbrLmD+ESPhH+LiOjwj\/BVLLmuPIqP2HgrWrkMLok\/KHXuIbZn7C1n58rcMZq7V+5f3gEi6kXuPOTozMsLixf3wStDsNPpLZW5vF+Opg\/HPuTYMBM+b2VDW0oQ+mGR3v0lSfTyZb2sccxT0\/YFa2\/gZNRs9igar59HBmzwzWtwto1Lj2+tqjOzo9Vxzmqr0QO+5jA9knewsPjci1iEHsBRvkAHDUo8mzkBfWBM8t9UZZElcDeWIg7oO2uY349FEzTQzJrCGLOJ20pc10E+6FXsRSoQcdecc2pqUoNYisiO4BgvfGVRTx3PyLsE2LqpgS5+upDBiBuHq9GTnvPUwfjHUOVZfhEY9kzfkMm52CF0hrFbS1FqZu2k5xWd1RZ+YdcxocleEJLDXEEeCaF2XJug2p3sgxI8AQfg96H0lHo6\/ce7YWyFTSQ5214Zlm5R8arc+k+FFIGpKsd1JRZDuMs6lUG2OcuW4k6GmXOA9lL00+Pu1LlWECRAA38IcMLlvDeoyIVPF5RKHTFbtFfFeynrkfS57BDgpnUQsOLofW+MsR51VSL7z5rFWkT+0yA0OJ4P5J1dZjOVbRrnPj+lP8KBidjvuv\/+vQR9AYL2FUFonbuHYQ6NUOJSyw\/q3koSUCoI9nF1rL5SbnJpgQ9XzQ2ozstAI1DR6AAJPio22EFuEDMEoFVvE\/liE+8UHQnOZNeIN8tMqUAL+WlkvDEcrehWMNUpY287pebSO3eZPDe3egHiaBMZQIlL4jO1lfEjJdr5RXvT9Uv4MVNGGGXCQtr4IWIfMjPSJmmedmBdcxMuZnxTJ7jKLERRom+1LtykcTtbFMZ6nwh7KNIt58CGrTH3Bh+ClGWC6JtjiLbGXtcN8TOs97BoUvfH2xS4muIblEv23sWDZt8uHBdYWb8qBII2zRRCNz4TWmEJd5WuNBsZajJ6+izq\/kuJOWcsJ\/3ClD+JPyh\/faP5RIOC8TtW52DI8iUXjhh0HYoQNP5CK\/yGELUKYphGmQcP1BV0e5C\/xs86j3J4Tqg0y4WesV3d0jU+gkOa\/xZNpDrlV+JnewVAhCkK2UsUk3C84VdKoqUnp9Pil5XcszuqrrK5fn2Ja3xJCvI9oUZYFRkj+cpcHiFBzHL8vrxujIbPqQsQDehofVoxDKQvUog5ZiOw9rqXCH+rf4pa2omETeM1OE52\/bijRwWFKerGk95vgv7mf\/pTz2jvStIe9mIenHJWL7PEZH9sdGDeZQKhralY5AEfcr8PAGFV0XOY4OvHkHHS\/kY45xH7Heg3RGSUSAkY6LhaxYZOH3vCb8pDwz4M8eJ0\/MawhboSpIfQdoDBfBZibpy+ix0cl6f9YHPnTxwCWpi11t8Y\/Ioe5G719Te12HR1+3LJDUG4+t8UMioCT3GNag7c5mMGY+V+40MlPf33OO2SuBDaNUe80cz9ZjBk5x+9\/8yZnlpBgJheqdBeGVTSfNj\/\/ykzVs+ovI3rQWJ7MtuR80iZzcYqQWbI4RBftGKVwyCcJOskMGArD6+UArYfVGIccM6l6ZaD9x6dkigf3LAHA30iuQXdDyjNpxgxl4iSK0oLixFkkGZE94ONcw\/GLLOMYGf3ZsNLQSPf2qyfAF5BKKKg7FAQid7pqgyCZp5F8XKbACdlEb9Lar38xOjvjnewcnGzD4Z6c9THtqSZcDPbz8aL6DmV9lXZmD6\/ccDsDkRU90nhHSMrUF5R8hxDMoP6Be02AohXJwQbll1wPcUEyYk+tfY7XoP1gsqXecmTp+tusAg1\/AwZK8oozX5LgL2HyoOuByw1lgzh0RLilH5JrY3yk0E\/jG5JRoV\/y41cG7xAhvYbSNXDFCXbKeSVI5tgPheZvJ9ZUyIfStt125MRChKnoA2n+mG9KzbpZpyVz66ndTD0j3XU1kDOqjF1\/SbGf1+fhwWGaMMcZUYzUS1y0NN++mGlj87\/Z\/u1peJJRpJLZAkwhE6\/qyvUgAeD6bdzGa3m+9PvZxqRFg4uO5BEHphZPz4E5S9y+qwaFy+ng2E0E\/+Mq99pz8NTeooSlgjy86miBLzf74wOBFSoHbVN0PHL56xSrx12FRC1SCfzqnzT4BREj4eRgr5sVcZJpcqB\/DJ16zqD31Cdz1F6VAt5mHD5hgyW+BhQO6jtpBgHqFisMVPWD18uXILfOEcLKzexTq0enEqkxPPztMgd3lKJoJoLn9D15r82RK7HhKsmZiDKUuCdmH3DjKAbtkj9uSMWDKDEZ7ALu1TTrcVpMz\/u916YJjVrsJ4zke1Y\/PKCwgQji1xX0Q1uKg+Qhmzj0YA6C\/ZB8hBOasuUjTVZER2lXZpSogcQcgdsx7P47du+ZkiOIevUp1ckurR953sVaD3ci+d3blInJn3V2H1nd41bCStQkPyhbrCiGVWDvB4NjqVSIh6ypL1X2Tez7o9uIFek3e\/KdLnjoJYgUoUCdBCeRBScD+0K+sqvZzi8z7OnTzhYK\/aCGv11HpK88nhB\/fu4rCw6Clf8iUvZmwOIdmA\/mXVezV7u9+Y+L4mJOPGGV+Ie7YQjoii0W0J9zldsek4JrCNAfpxxvmfZTghYCrVQJNlGcKyp+LE4s0nXJXsv8iOBmDMV\/qiHS\/RfVp0Al+GVjFpErgTgXH8uFG0eZxhSX5TnPtc5X3FjIRORKWkOyTX+MlnBU+yWrj3iWALBhonn7tNa85eK0vFJHHFGyQm3hMEk7psuYZdoK61bs1KKeUi4RTDX274TTDnDx\/vYrXCGEMbInwJeEUUq10Y0AUNC+ikXVAlZm5\/6b3SLH1mmyzy5AwgfbHNdBdm2h13eHYAHANjDp++p3nOFwMDARmCniHbpabBh0wmz+4GvD7gEaHTo1WwpHFuO0rRndT2cE+rB3NSEIZ\/OfAhdTV9eadRkxEucZ2zRFouLobhVj7VuatuyZROJYubLXxY0L2AD9VfNIXMUeRNHnXvmwyBiqm\/8ZuzuiYxPVzYGJuS41vYyyQm1ND0\/vWricRWNYCIXjgbSqk6PFYh1FVGYRV8SSt7kE3Z3NtrXGW3LuaKD8ymXSg9dYJ9GwRxcPV5is5NEijit\/K0HuZymRnz0biX0ibyZ3bQdAu+3E+KHkL1KMxQnoIP\/X4lavINi95Z\/1+WkK1enaEAwf7tuLJlq5tLt+JOe3OVPJYXu+hVDAzfIFEvugfqxQ4aetpIOYSy0uy\/8Blk6BuP7s0kZRcDAwBF06XPl0W4alPWKLcZUBV1\/sR9gwxnLLJ0WJlMdAUkQ1CCMVwzdsK8lkkZUPttQ7nY8WKaipYb2yNRvSYmxfuU2S\/nIBiL"}
-00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_tot_l4_data_len":3434,"flow_min_l4_data_len":303,"flow_max_l4_data_len":3131,"flow_avg_l4_data_len":1717,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":946739390933,"flow_last_seen":946739390967,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":3394,"flow_avg_l4_payload_len":1697,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns.aa.net.uk","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970010,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4ddJAAH4G2DAKAAAB2akUF4T0AbuSPuSllAS3MVAYAfWu5wAAFAMDAAEBFwMDAEWr1XNIOucPlOXvVPAlxCVPjuVei0Kv510pke\/KbmmoYPXHQYgn\/dXPL9SYgvzqDxY7NHWdbkgaLyLveAQw2UhT5DxScM0="}
00537{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970156,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+ddNAAH4G2CkKAAAB2akUF4T0AbuSPuT1lAS3MVAYAfWu7QAAFwMDAFH5fOXuGGQTCSec9DTFnTKi073A3dyDK5aGklXxdlyqkvpUyevkvdQoFRxqD\/oXjlTQmrcRcGuGVlNE943mWtSSfq4hBwQRGa56H8GFDP\/RQpo="}
00652{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739390,"pkt_ts_usec":970361,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTddRAAH4G19MKAAAB2akUF4T0AbuSPuVLlAS3MVAYAfWvQgAAFwMDAKbOcashR5\/uMF3amwObsbFEZG4juIUud\/eSvh8GM+2\/skB5mrP+x00KhZsh7TmiL5saD+QkYu20S1OFq3z3EABJ7aHU2OgjGgUR7ODTq6fEo3O2ABLyrcG9Ds272JZCpBMNmRtXCFGpAhXKEUch\/vntLpgNQ1ZkdXe8TE6GtgT\/Sgi71RWZ53nstVrSnXdxp9dvYCNB5SywsI0xQcpCQ875V6im+3qb"}
@@ -443,11 +443,11 @@
00567{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":6752,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWddlAAH4G2AsKAAAB2akUF4T0AbuSPubOlAS61lAYAfWvBQAAFwMDAGkgWZNHHwUbRMjYZgPim+jcVPA8lIvlt8uCJ2eZKbKkof6emBeQB4ZuiNcpdnGozUD8xcUuYn90pq9wM3IlcVmBkjD\/l6WaohLg4aGOCUJtHm3lL5Nl+MBLSzJ21bUZhqw2ulCaIjhcHjM="}
00685{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46287,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrNdVAADgGXbvZqRQXCgAAAQG7hPSUBLrWkj7nPFAYAfVNeAAAFwMDAL6TKnbkFATDhtx3ySWDDQ2If6D3T\/atYxe8jN8eJLMXkaT60hSuSj6Caq8pc3kR55Lc5n7zezg\/M1IjudVoQ834E7mBmLpGlFm9+uVdppFEj25R9ZxcsIt3ktWSIpcsHbSqwQRsaNAehftbwQVvrwC31Q8L0JUTIrtkgAAd4jE3c3TS1omS2qjQ\/7VJt66M+cUwBoULTREmH35UDP3G4lm9V9U\/m7fF\/\/rigsamLr5yjLd4wBFYa9kShAV8+AC6"}
00464{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739391,"pkt_ts_usec":46588,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLddpAAH4G2FUKAAAB2akUF4T0AbuSPuc8lAS7mVAYAfWuugAAFwMDAB5L2lkJjpLClO8v9wZzC+dOrVqBd4j92hX82Nk7jW4="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00813{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":294231,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMOfJAAH4GNZwKAAABkv84YqrGAbtdpqacr2JwdlAYAfaNXAAAFgMBAR8BAAEbAwPHJz7Bz9zA6vh2mAtXguxbTFdhb5D1tFb1Dou8iu1ITyDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZG9oLmFwcGxpZWRwcml2YWN5Lm5ldAAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACADmPqzqEwwIPykBECgQ7iBmKhoGpqhv77PEzGKWzxqPw=="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":946739400294,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04351{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340313,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAAABAADgGq1qS\/zhiCgAAAQG7qsavYnB2XaanwFAQBBOXkAAAFgMDAHoCAAB2AwMDsBehTQYQ\/iH2Yhpyf+mLl1C35r3Ho6TovknKnjr8riDK94fArz+mQ8rbbzgPn8nq5li5Q+JT9k4ZyOL9YBHZZRMCAAAuACsAAgMEADMAJAAdACBo4BH+AA5SyDExxRIaGpKShy1vmsbixTg2m2T2NedPDxQDAwABARcDAwAgvk7ezJo1JZP9LjmZFBvdhSYoK5Td7g7\/A2oIAgI6osUXAwMJ2yS0n6M3Ydri+rIgYVXd+jwuTvP8FF1HMS4hAE9YkVd0802YEbU3pHhUuQANn0vXApBPxbj3FV9uCCuIZCOL4zY7+k\/N9QNOxO6wgqwyjpqF\/MSuGzGbkODdKsjr3MXDrOEDT8UY4Cf7sbDSqOIkajzwlllabjLyw\/JVxOtUepEpKMKQWPduyvGLlnSE+4Pi9X1F5dljLFonfMSt9epl2VwSF1nq8Zl4KKstqyQuG\/zmvd2vjAUtpZ7bRJhqcQEAuZwHSvB\/MtIxXfAzVeG47SjsazBlsuRoBS3fTomilsUH4J13\/0ChaLizKxEdSZ2w2K00iVdJ7hQkti8Yk+XaV61AEfwts012l3Az0Ul6QGn+ovAsikUEMTOdEJmAEExk\/NRuYh4YJeat0fT6qqxPxOtp8iJmxclZOIdEdtKfFRlb\/Q3pIWRMmx+BKdsNQm6TtOsUrqgzJEovgnDvaBUadejY9LBbNHqxMK2V6F7gbnGKVjBjB76l32rCkAGXZjYpu99n3pc8VsX6toeCgNv6uuTb2IhBkEMBsiXbrPavcq8F51o9cjY6ri1T23vFWkuEBAAWOdINJTApJO1joFFgFxyMMNnlCpJoVnqu0i\/rinlDFg7S9CtMSJ0Ubb2fcMiTZVA8sg8c2grczf38tyMaZ9tLwrWkyrDaM66WF+r\/Smzgjb3lUh8vJ3yJCEPyKRtiP8bLVA86MJJR6swDhhbPo5TZc3HPN3paBxU5U9DTyACxQnk6EYqYsA8ZokkmQV3rXvd3nlNnXQvP8iTrcL1LydrbGPEmcxzftt97lwfP6IxI3O3sNlij9LY+i3W9W6NVdJf0gVlPHB34DPsUDzGCBqeTZuUD+fgbA8m0vHZeGLaeh2n\/ATJxgu83kBANWSs0j4JxeZwkxA4LQE6k9KdadeiuFQWUUsCMoytEmeRS+e2CKC26bva8V4F4G5ILpiDrVUa9OPpnIugEC\/pCpbfo45ejO0OYsjmcSB9VHs67ODTG8tfG\/HSnEWghmAKv96DqsZyAaTmkT0JkH5FkXlCzBQ8v8o8b6rSE0lRW\/lesYflMu+sWf50UV63CFJyy6fgpaJPxCw8SCnSJ9Wfe5036kFXS9TxM7sPwyghnAoVeaf7Fck3c5pxthPEaz67tzSOMeekQJOQi7xMcEt3jcaR5XiiPfvpfvbXLOiTYOMcz4nBR25XpUeWEHByMxgi+V+13jYe4gb5oIp\/OYL+ldNmokkEz0NkrXv9PYcDVxLHdE8YvZjA+Y3MOkWFCk9BM\/Rn01CyqbL8CmN\/DvCsMgWqz9BmPnWHQOqMnYSTykXgSFe9FyeKoNSng2DkGXmS4Ish3yys0i\/QIlGlT9piLrC2UOh5tHQYhdkxZTzWOLoSNhJgdpKplLIWgmFyDHNvrhDmwq50tATdlnRMhe0ry66PsM3l0lek7HZ1iPpCZ7a660QlaPE9SZFbRD2hjaqHqZrlPWWwgi6eHfY0gu5vY3pzyuUgNc+IY+oeDLEyaB3ysUDN7Sr1IZYyAtSiOnN0WLtHIeg9uqvR4NEBF0XEfeRxZT0n6RrygJ1nWV+kailDfsz4vklZfPYltDFOyTnwOyyzBO2WpBi+QHoJdR5a+ci207f4TAHC5iWzq9Ov\/CBA21s0iwXcKHtUUuFkXfGsSTcHlMRdWRoqqdrwRmUkHc5FaU6RNse5tyVEdBKfOwfXkDw8I22zIDBmTO4YVBH4Dzw0SEVpSPVqE8m2STbZxIzmRtVGFxbw45tbGu6NUyHfb6XRJMV4vKdl8h+lVfwIggGdSBSYb\/J2WkIjXI5Z1\/s5OXr498b\/Ul1cfjj192V+QV7YEDHDJ0wunGAConliOcHcZIZrOpVaNMM7NeTBxiiUgynpVWjltr\/LQuk0Pld3mEIxmwXht0KmUnXyCvTBJgPYroLRuneYRQPZ1JOgkt\/kdsQBmYrZvkRHKWFwNxkLAhypRqmOoE6eO9TYZgchFtH7ouVK4C6vE0wlk\/wNdktEQVjtjEf81TNo\/lytMdDE\/EAGs9weyRqd\/Hmz5\/6yLIgAilI7sqB7dEuE0iiOXk4T95pQbOjvSnwI7M4B7Q3oDNdWJJRZNp2tZGQNCVfj0OFzEKSZbanefGx8qbWewy7Iup5wriwLbBG\/B7ZFkxdmUnEdpL4pTOBRMxGDxRjV5ioqpujq6Ef07dgH3IGRgJHxsp9J2Qlj8S7lCwwOsTDkI+PhLsXzzIudX\/ZiC+lH4Tm6LciXTHf3hDkr34EJfXHJ2WpSeeCsJZBkZx0OJpBR3y1cyrhzb66IxG0uSRnndSXXBNAmD+Gghsj7Kg4E50GUXibzQRhDNRs87q1TvRNjyYI9h\/opUmKnHAkXz4SItfTxaX2LIVbjHXv1XndcnuHwhJgHhiVGswZvXlXVlX8K4fGgnhgpZ7MSQN2lSYmnj2j7A1n8u\/xbD+JqpDU+SOMNWtYlDQ0M+WzoE91BSSQYj6pIr9DxppqLCgUAfJpZxJ8YTmINwfhMZVMPhUF+vys97o5XgriLF7uzxf2I4907edC79eKV1Vf3Ui9qrIThroIUvlpq69fVaplHqZXdbs+zwj7e2bSPVWUVR0G4cA3aU9fbVCQvpl3a\/SuOWAYL5O1\/gu5GJXDImY\/gEO1xe+OVqS2aF0XojyeNtILIeW1nDYyaMtRMD0J7qIxHbffBANlspXb0qgGJLXRsdV8\/\/lQ9fV9vIoHgsaUsdWxpVNTmqaQBhX+l7X3gEUnrZ2jVkY6Oh5aU+eYdso\/pGSL+gHQ1M1e6uj4SYxfEhZHY1voW\/zrjGcvC2BmpxPhTrZRQE7Z8GgjqyG\/K9Af758C5W6bNB\/xr5yeKDI\/G5cyIFeblO2dJmHUb92Zs9qV6hqZGonI7Nft2QsKRvSQjz6cpX\/ZVUA+5e0AnpZpXEPBjJfZQ24FXs9QBvGk2XnWW8Dboig8I5f6Aa0W91KG5sO3Doyp3jU3SQ\/ah58ZIaBgplOwc2\/XF6kzcQLnHv217TTOCL7ScT90UL1M8uz6xGKTqy83KCKRxOqCSmaU4GimFhTvfwqF7ljKegUp6S9OeYOOt+VYDC0UeVysX6yYVwgIBxXA8D51WCmgGdUznHhIQtp1cWWN2T6pBItiud+sR32LmiE5tMUZYbwm2xu\/Nih47FXpRY2xq\/SEOEBCWv+pct34wnV4RwGw\/IvRU9BDEL1I7Sc1UFJRrazHP37UtPsKE1Z1llTnptgsNBNnDluQKifySFsqvXdr8Wwvn6V56upoM0fLxPG\/\/F6OVsniKNnqDtgpVsVi86SZ5O9M+5OvtEmUD8hQl4gxL2QqLYZIWV6vswIZSATUQuw0pUlpiEaj4PymXC95\/5pMEQnYMyOGFn2xcDAwCAmr0Gh4ZNVa+hT2Dwwrpwf9EMB3SMWmSnSLNfZ1YP9lq\/H3H\/YzkchSbogwVw+NXvSKa3Q5dILWczbhkBruescLznbqY0DC+TTlEnvK+mjob5wwR3lQsp8odDMfmh22P3SAFc1ZvCoRb2GkaVN69lxvgMa3mO7aDcfiHSTbC8C9cXAwMARePoOyVbKZG3xXgBtpg5jANBShpYQchD5Po7jBmjBEffrOCijDBbST3aotIn5HBfw8iB7gJCrbmWU17Z2peLW9KOid+9"}
-00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_tot_l4_data_len":3236,"flow_min_l4_data_len":312,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1618,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":440,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":946739400294,"flow_last_seen":946739400340,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.appliedprivacy.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":340375,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"ZmZmZmZmRERERERECABFAAApAAJAADgGtq+S\/zhiCgAAAQG7qsavYnvOXaanwFAYBBNMgAAA9gAAAAAA"}
00528{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":372740,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4OfVAAH4GNm0KAAABkv84YqrGAbtdpqfAr2J7z1AYAfWMiAAAFAMDAAEBFwMDAEWvoM+cBnqYmnkRkDPuwLtAUVkYLlQ03USNt7TH6Ov+UQEEyvORaaPH3O3ZNMzL2MgXRjNUDyx4v+rdCpv8GZgAXv9\/o9E="}
00537{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":372794,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+OfZAAH4GNmYKAAABkv84YqrGAbtdpqgQr2J7z1AYAfWMjgAAFwMDAFF\/agLwf2hkurOtclPc7PloPgHX8tIH4ISdSa4EvDGmjxH6c1qM4Rsw8Ui8OUp\/ZpG22ARbOXsOsMotn0yCCQpPKADwUIKVj5BjlvTnVXcua0Q="}
@@ -461,11 +461,11 @@
00571{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":422486,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWOfxAAH4GNkgKAAABkv84YqrGAbtdpqnor2J\/alAYAfWMpgAAFwMDAGkskbE6jojziEWZcr57nfNO3QVwvQHpO7RpYrit0PxYi\/EdGvNfu4dy\/1VG2nMOx2X5QyLU7PTvVX9K1Tk31jOxrfcpc4jXuSE2rb1qXnua7aXnvU1Clxzf9Q5XRvJCVGrIefRWpqyqjP4="}
00691{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":459806,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"ZmZmZmZmRERERERECABFAADsAABAADgGte6S\/zhiCgAAAQG7qsavYn9qXaaqVlAYBBPuLAAAFwMDAL+5P1wGAW7bqRbFQF49PLOyL7Nktp9V27s\/vxONurX4s2n\/rQw\/Pc6utp\/JQlx92Iwj0pMSpIonnsrcCShzvBfOIR4WwTTnN18t69G6PIAyQbjCzKU1Y5oI08MKAUN7p2wK9FhJ6KKs7dY3QsCtHu8Vp\/\/1URT5ZXAiCCddtgsJ4DVxjVT9RBqSeaO0vFHPJdMho6CfUjl26TvqbCuOy+ZmMvzj1FGAx9OM+o8vAKjrH07NZSC3jl7sTS6mK38UsQ=="}
00465{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":460114,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLOf1AAH4GNpIKAAABkv84YqrGAbtdpqpWr2KALlAYAfWMWwAAFwMDAB5mHAVxw6qC2wo8lvd1nMMLvER4s1pZjX+1yYfWJU0="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":581420,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":307,"pkt":"REREREREZmZmZmZmCABFAAFHpuhAAH4GfboKAAABwUZVC9OUAbunNzlTos+VOVAYAfbYRwAAFgMBARoBAAEWAwO9Yq6mzn6Kf+YkY+w4Q\/vo+7yhlWhjohroCY4Mal823CCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XwAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACnAAAAFgAUAAARZG9oLmJvcnR6bWV5ZXIuZnIABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABoAGAgEBAMIBwgFCAYEAQUBBgEFAwYDAgECA\/8BAAEAABAADgAMAmgyCGh0dHAvMS4xABIAAAArAAkIAwQDAwMCAwEAMwAmACQAHQAg6wutcF723xZ1OaF0ooDfgy7xahyBeOD2x7PNk\/t6gG4="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":307,"flow_max_l4_data_len":307,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":946739400581,"flow_last_seen":0,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04341{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612150,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuA435AADQGgOvBRlULCgAAAQG705Siz5U5pzc6clAYAfXigAAAFgMDAHoCAAB2AwPum08l8a\/xsIE7sf4ouj1cFjIcJvTzL6IcltC8x2MVWyCy3rkp5WTaWd5nTdItXIFahRCh9ETfjIRyGCS4r9a3XxMCAAAuACsAAgMEADMAJAAdACDFCe5GcFoAINJ8W\/U00yxwlYg7Wtx0yaBhsZxlJVHAahQDAwABARcDAwAgjb6\/bt9RU3n7f\/XK70kHoogWe0pWzujxYyDQFCzDS9sXAwMKFyLHVFWncnvuWpj00oLMIDtr5tAZiqfcqzwOOMNYqfKKQHH219coqZSx1dHk2hi5d1LB3GytI8vYkc59i5RQQDbXAHUuezlbBvO8F+B3yrBrypISyNX1A4sx1E9x9g092nWO74tZVT++3VZ86RoDvvF0ZUqxTSHr+1nR9kKZh0N5lUkvTu0aK5ORhVWNfmq0hwnrW5s27rBfHFIN8y0h27yxFq4SIl7wwuk6Mq7vkrvqIsM5xqyCc\/9Xu0OqSF3zUNnkItIrGQeIJp3LGwwIhQxxQAsnuWmwcXNFRqEzMD5jbEtpKYkHahCBuU\/B3PKrCTX8+YsVVjGS5Qrjne3Kr5FWp6nlPfIH59LkIEasv75h75FcjD+7wr54z1JIPpP7ZrLR5PywuD6f88xvloKZN+WwiXGAie649c7JKsyGwCn507cb9CeSrJLhgRoQlUSUEBlnxiSHhJ2mw9owqvmzHqRqTxGrXh9qTPYDQpk5QRLmSGX3D7g6VS6CrNB+GfCK6SPMgzdR+k8lAJJdHOY0ZZdv+Ya6nA3r8RDkXrspyuJsV4QMPLAoNzQvGen9CeK5JxcSLtBMp5q0B1DBO5EIcsoLQQ6lCwlPm8U6NZmJK6eA9zbgzP80r8LRBBpZx1beD6mw3j+TpFAy+igQ8+ETtD4YPbZPWCgC6xVG0u33AvPq8sRsHwGqnzJp1MW\/CDUHInzc9xT9j80aqrzF0XcmMIsrs4KNMQ8QDQCsJmct9U0iMbkLXGLFA32BoRsU95KY+6gDs57twsE3JaqfYSuTq\/Dlicgoiy07U8DZsIf1tKivKbhBZS1qr1PaAU2W3RuJy+8koP4fg1irOvcozqBrDOixlNBNoG8ob7RGwcT3Z0ArR3tWTeHxhQydU29KSYU8HwZniOUgn1K8cz071\/P8S72m5u89j2RZsoG54t+A\/1vLyZMsjOXjwepn9YLOohxBXEIx84KuxUh3bAga+k\/yE8GW5vng0KtP1aBiU4Tc6A+REN2DA3ij6lHoD2sFhJA2fLcssM6OpAK\/moM166igfSm3LqGC4gK+TDj4gtClJchy8bvN8tctQ8iFjFj\/6qv7lxplsZ49PvHPbnKju\/tev2fd5dDj7QcMjqNvhblPBUZ32SOOjxBH3RE7aBpBLMz7W1\/NpSWcgM15pyZsPx8isO02KbyH6gAHIs+ZEGj61i6mnrDsMNesZUMUM55VeDXhdpD8kmxGJpLZ3bsJ69dZmjx3Rf6Zgw2KbXhlm6KMoEBrRSd15+xgTimUz9H5N6PvNLfaRiGX8r4RI6AIPrxRNjrz1JtdmeN1NzdaLUaHCvnql7jjxoX9Sn8xtUQxnkcUzYoweeIrvi9ulLP7ucnd54pGXhyPpURQBCM2nU9nbu+b6Pbj4vx7uFCRh\/lkqhRWVdTtE5uZmH8x4uxAXTdo\/R5oSgAkEsgUzYbuz4+G0Ch0T6jruu4T9ekEthrBCQJjN3fHGBcpM7AMfx+FKZas1DTjRC6L41JS2ixQWYjQbws0Hx+sBQGG6PAX0ilnkOFTCqdi4OZ+YhHBZ3aa4TDran\/FLmLs4pdGLb\/oqLyzwsvNQ7jdGUh2A89lsoDzqOObMQCUrWrG7EbmBEy\/sbHnGgiIy31PynXQexT3lSGWXsVy54UK1SdBZ18JpRAq1XaEcJZV9BqOYiMFEVnHR9zwIUFWwIjG0UpAOSNn7blveeCwW\/YovVsVKboGuW3yyReDZYyNgSvRfgvPpiG+pklW5Ihw+wYJ1sPXS0I2yAnATL00hg3Bnv3J6\/Z\/+4vJOHMRe5zCkPZYK8w\/AOnTp5VZVUALMm2aJruUFq4CXZyWMk1kbL3XBzpFB\/roJe8IiU+Kt9kQ449THNAxRUoavQeSeXnuQSkwDYmI0buLWeiaEzMUY5OavuLtDgD4c+avQlGrce7Ozez1RlLgPgV+i3DcrjoWos6tTeu8g4pr3NuCp14nKYaub7Vt2s0JPBPZqY\/MuyLA\/e3Fr\/OMlh\/EauRFDsRaqiHBJ2mP3NA8\/ZyaQQcWAIVjHSjsVGu2nQBYWjKsZ8mKcS9VpMr9ndCkWOs5Sz5zWAutH8paKKKAqBcvloCRHOWIfcJ9h9uc3Lq9DYb+le+8B4yxwh7qQJOXNZwdUQbb19fMRPNRiaEzON5GpXpNywN75iIVBnfCJp5hZfV7tIfK22ta\/Z6stqDCIyk+p27DCeEPYmTJDSSHKNbedRdn0\/iB9LUsBrCmi7IRRBlE2Tr8s2JDIPOoL9S4j6C6g1r3fpCuw4mXBrcGCfNjDw6rPYEplJqhIiTO+juQuxn5Prjqj21RvbfTbyzJIvTV7a0Zy5SJ1YWQ9z3NLs75HRnYaEIc3G103AKPkytzCjXINk0eKUkCZXrW9QupQw5YZCi9c+zr9e6Nsrg4KBkr13ePLbPEqhzK0TgphOe\/BgDw39ES3e0uIMvXuKrcPIZlkW8iZdSPWqT0Pls1rgFcXIxjJuZzAKdz9RIDjZGrpzpHXAzwarf0m0i2Gtw3bYKFHdkTT5n1uaYQthMuQHJHi+p8XDFtekQax3jKJD3CiZg+YeLzJ5Uo0iEidZKe5rH7ZzgkT8O0rVZwq5niGJgbiV3EUpPldHNKypyvkj3ycT9kY2IJU7ZpXJRnpDRxjhVDO4G\/kK6jqgKdwB9YrN8ddL2ErNeFlxtrqM8tHt2ZYdSMZYCnp2omvPy97RCe3Cp\/HGnLxpRs+DW569z8h8BSfI\/zMEZeQ4RsdRgF8hz+rQ8SRDGvtaqUblOPSNlurg9vSpcyYw7DcuCxkCASBOvLXbWh8As7fT8An8+JscVf\/lq\/mGQvDlSuFNj+tDMXoI0ZKapFzG\/KPdLhwKgFCipECC9Er6NeMVnAw07Z3oto50ydjbh57kzukh0zqDBLZjEhtFpoAiVBqZg7B50ytdFgK+6hZgsHjVoNuFRf32MJngr13fBBtHKo\/VHaVg4drs9W9DfAL1w5rtOMVsX6aUt1YAeiwdGBNEPyNmvNCcEQOj+xzMfVoOLm7SUXFyIm1n+reDHyXo8yNG7LkDYjmq\/JLkrpjl4bFeLBsdG760CBaEUCZJd3nvhfPPBsfCBF5PswuYpAEifKeZ17NlOaSrxj79WssKYt4uUKm2gm9JHcvNneM5n7DQEooPTVEVYNOgvXrRVlbfz+Cy2kBP2gCp+jUrcKx4YKGEhDuMaL8PfHGRT2vA7nqzUU9C3cJ3emOjaD7KMjipJvPBaA7U+L8ujhu2gJWLx4yY7mn3RV6K2HsrFjTJduvDGB+DqQg96t2CJjvMbpqIitN9hBxZbznMh3XU1HogwVfIbOe8Ug8cikY7ag9rW6E1CfeBwa9CM8u9CTXlTgumW220WzI\/+S8CMvOup0C9PugMt2Jc4cXDvNs+dyRWH3X7QIImonFrQ6RaFIHlbDa5gqN+0VC87hnjQE8OUpxOAg1ReSXhcDAwEZLWp\/o3fXWPvp18ZXCuvlFC4i5H\/0jL\/Tq956IZziJu\/XhSjlSr056BPu7zKCegDZWzYsK6oLPWAfcvtcSfAPACHpLE+JYCNMevr7LjdkYBxYeJsjktZDgoEi7lSxc1XaPOcOHuKcNBIZPhHzY\/jpu14RecKRjxP8M4PlZTTXUvzf286xa1A7FPGcV7e6"}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_tot_l4_data_len":3231,"flow_min_l4_data_len":307,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1615,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":946739400581,"flow_last_seen":946739400612,"flow_min_l4_payload_len":287,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3191,"flow_avg_l4_payload_len":1595,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.bortzmeyer.fr","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00712{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":612199,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"ZmZmZmZmRERERERECABFAAD+44BAADQGi2vBRlULCgAAAQG705Siz6CRpzc6clAYAfVAMQAA7MoGonW0Fj4lHArVaOCgJtbHn9aRY0n9LKnu3cTyqbChLhfccHsdC81z2fZ+Ukv\/nAuBoKACJX8Pwem5JBIGeQ+hR9gvbJqO0dljTEjfnQJGlcWyJk4FqoFjayNoVLdbRg\/yWeK8VeLtflQjLxqwMpDM\/QbduG5HAuBrFrE4C7dTGq1PezTGhU9pqGsXAwMARb1ScBcpf\/m81VPRA3LW\/2mv0IZmicbA7T0x5byJ5bKDeMQneniKc1y1kH9Jz7ueZz9IjjqOqk3CW8r0ZREMc3BCfYPYBQ=="}
00529{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":614392,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4putAAH4GfoYKAAABwUZVC9OUAbunNzpyos+hZ1AYAfXXeAAAFAMDAAEBFwMDAEWxR7EUjZHkVtX08CQhsaM\/Xs5Q6DMNginzkPCY+KYKSCqwTiH7uki4RDfQf\/Ey5MQ7C8dbvaWK4mwFe9xZLaA8IB711hA="}
00535{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":614509,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+puxAAH4Gfn8KAAABwUZVC9OUAbunNzrCos+hZ1AYAfXXfgAAFwMDAFEBK72qoyavs84v144gQzkZ+lvScOqnCOg4Fxl2R1DXDjRCzInGloAcyb9frAgUO2t8D8mxkuPsXSeiPIHZe9AVf6jmwOKW+LIq2uGYnRymDuE="}
@@ -479,13 +479,13 @@
00569{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":643099,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWpvJAAH4GfmEKAAABwUZVC9OUAbunNzyQos+lPlAYAfXXlgAAFwMDAGl2Br1EfvOd+7oTvKC3kE7CXBP\/2IvAewAtinvUxfi9a9UDm0t4OOCcLCJQfBTLqmjIaFlNVaCrSE4mXly1X6PfjJglufG+Yj3IVrGULPk9zqrUZstqStRuEBJJM5YzfTUxQjZllbU9xx4="}
00466{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":670800,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ZmZmZmZmRERERERECABFAABL44tAADQGjBPBRlULCgAAAQG705Siz6U+pzc8\/lAYAfUtRQAAFwMDAB6GTFZkUYOJTOEIFUQpPcd97xSl2MUDje80zwgABzc="}
00688{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":676307,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADr44xAADQGi3LBRlULCgAAAQG705Siz6Vhpzc8\/lAYAfV5MAAAFwMDAL4Y\/TNvQbA387qryrTfghOJwmBq7MrrqjaXgMYkUrdb7+JV7GyX2G1PlYEBhrHtmGmLe8TY\/GzaK\/74z5502T2LG8iavzUZbT7qD3yWi4wLUUuzZgCc8gQgsaBuwMQyskQjNARBgpNUYYX\/vIFT3JcxdZbYJJamKEp6CJnx0\/ERgrjyKOUeId0DgNdohXVJsvUqUinT5MHse8b9T1mcvnPy7kU\/joqvQgHKNgEtNxFahCTXP\/UEY3nBkseKTsx4"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":702099,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFILINAAH4GS1wKAAAB0frxGYuCAbtSRrNTwAekRVAYAfaFCwAAFgMBARsBAAEXAwMzpeRPPpmPOBWwlYuEr5uNgoasUYbxY5rOmYFKCjGtJyAIAEydch7b9cupGuDzo92xh9NLKrnQMxUlfE7nWZM5\/gAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJeuQLdGEJN7n7Os\/LoZLYTlp1p11dddxIYAQZdOassB"}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":946739400702,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03183{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727632,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgouN1AADcG\/yHR+vEZCgAAAQG7i4LAB6RFUka0c1AYAfWL6wAAFgMDAGYCAABiAwNagb8+u4y1yd1xwzS1nH\/nTUIdC4eY2A55MtUayrM8fyDO5yrWZS4Aa1iS7gSLPLT\/C8LAuC029TJv1sr4CTESSMAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
-00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_tot_l4_data_len":2376,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02419{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":727678,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxuN9AADcGAVfR+vEZCgAAAQG7i4LAB6xFUka0c1AYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIBuLZjnTB3Kjce7+mNxfaBiRgPo4iNkyTjzm6+fh98MBCAQBAAD35z4OurpaleuYyQXrRwgunZx5itw99f\/qns7fqVRPpCakkPBqYtIkrAQds7t3x9gcyB3pN\/ek7QU4lXsRRnsrWpFsVpkkgouj8noQcYPmvp55cuzOEjLxYK5KOB1bU10ZmdANW3hMqgjTathZk6jfjNOD8MgF15uckgPUXOITOpG7UYd\/YtxRx7xgMGY0jlH\/+xeUF+NSAiy6s9oSi0oU\/QlatPOidPhVmRC84vWQNkgJhZubcKWseKLjiRRL9zUmMJ2fjig0R0EKUVh0pAUSNWsA0m3x1YIPV6kX\/fzGNkCBx4kijVkxENgEgAD9si+WguAjMtSH5qQYN0CMxwsWAwMABA4AAAA="}
-01105{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_tot_l4_data_len":3877,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
+01117{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":471,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":946739400702,"flow_last_seen":946739400727,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00544{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":729872,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"REREREREZmZmZmZmCABFAACFLIZAAH4GTBwKAAAB0frxGYuCAbtSRrRzwAeyDlAYAfWESAAAFgMDACUQAAAhIFrMk2g1XxRnkwN933MQ\/vEuKAIrPsEtdQ8XwZlKgX5QFAMDAAEBFgMDACgAAAAAAAAAAEgtNJFxGFxxxT5Wgfvmxud3VLSSH9hQHBUaUB9qvfYZ"}
00487{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":754083,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbuOFAADcGBuvR+vEZCgAAAQG7i4LAB7IOUka00FAYAfVwaAAAFAMDAAEBFgMDAChUn0cMTAufsksasolz73Qdzf\/2+QYz6jP4Gw+eKrW+TSaX2KNtN3mv"}
00510{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":754122,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ZmZmZmZmRERERERECABFAABtuOJAADcGBtjR+vEZCgAAAQG7i4LAB7JBUka00FAYAfU4+AAAFwMDAEBUn0cMTAufs5C+MZY2hrafZ4EG2X+BGXTwD+FMqilLBcQDOoGlAmOq+AbxwIvaJE1kGGXhoFbZaiZKMJNhg4aR"}
@@ -498,11 +498,11 @@
00984{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779063,"pkt_caplen":469,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":469,"pkt_l4_len":435,"pkt":"ZmZmZmZmRERERERECABFAAHHuOZAADcGBXrR+vEZCgAAAQG7i4LAB7LWUka2WlAYAfVtVwAAFwMDAZpUn0cMTAufttXw+Wnq4a8GOUVwXNhriVC+b\/v1NA\/TyyizPF8SN+\/iANfNdEIw1hHOjLXIBSC6TIq6yVuNTS4jkIJ6\/75YqlD37vd8cKEbuAO9g2HKvtcAbZnIZb16EEM4Y8x1DXRNcy8QnNtphGW34V\/Wo8lNlfUhdjlnpmEjh4EizEdoIcqeltCAb7bB\/o1fCtAxdjINx6EGlPxt67yknjg8s2L7hU3IBhwhMwnDDtgK2qDefPoi4gD4bBr3J53vnc7WVHILxO0qJPSiXDPfbcj9YoaAbQV9BCBRLu9Q1JxnViIe8reyImKiqe4+oiGn70GKVoXu3U91sni5Yqi\/qok1JBy6h5mp0YpMpZdhodzyfLsIU4mJ45hIOnNX44QZnvy1S8zz46tMt38y35Qi0KiAlpBHo2CkiINwbs4oXv5s5gXforYuJBIMuRpbpROYVhGd3ijjZa4cLYfpxKlkvaykl1XNpOvOin8ZVPFh\/OuslgR90VJbuURRuq0f9sqGz67CPebLxAqreB3KV4+1KDGxjte9vSueNQ=="}
00570{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779528,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"REREREREZmZmZmZmCABFAACTLI1AAH4GTAcKAAAB0frxGYuCAbtSRrZawAe0dVAYAfWEVgAAFwMDAGYAAAAAAAAABXG\/KQ+1f119dlMHblR2yidnQRbPvW\/zq63F\/igpgY2RqnaozqFyuABfvZrMQkxz0fmLCoThfIqwIZSAKsK+0ZpgoKUVQoA\/SuZsr\/YGiOO2ertUe8\/qVvDQqLhwLz0="}
00582{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739400,"pkt_ts_usec":779624,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"REREREREZmZmZmZmCABFAACdLI5AAH4GS\/wKAAAB0frxGYuCAbtSRrbFwAe0dVAYAfWEYAAAFwMDAHAAAAAAAAAABkcWKuZir635GoU1xm6sJ2pRP8I0lJaRiou4x857lKheGwpvuwMadXPtJo+n0\/ZVfO2j\/AWrt\/rHPyN+D9GGnGfJgyGzaweQAcKD9eDsiGzhiW0OZAjxJa9MS\/UdwGs\/MkWfhwyKm0VG"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":864559,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"pkt":"REREREREZmZmZmZmCABFAAFMN1VAAH4GvigKAAABX9jlmatwAbtGU6iimu8Jz1AYAfYHbQAAFgMBAR8BAAEbAwOH23fm3DrJaQXLovxzyYyk5R\/PesPVPPqPMsnNPw9NhCA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACsAAAAGwAZAAAWZmkuZG9oLmRucy5zbm9weXRhLm9yZwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACAgB93oNekrupxQPrzRHifFos9GGTUaOGYLuLqXCSqLFg=="}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":312,"flow_max_l4_data_len":312,"flow_avg_l4_data_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":946739401864,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04343{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922095,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuALHhAADcGBdJf2OWZCgAAAQG7q3Ca7wnPRlOpxlAQAfURoQAAFgMDAHoCAAB2AwPibR+Wkzsx56DJDm5Eu1YLQR+8sKrid6w\/L4hLlzFi7CA+BKUjIeM9NnmcNXI7jO56RaAWoMnCcXIJRfPvBK89HRMCAAAuACsAAgMEADMAJAAdACBuK8qBa63Irnemz8DqNJ321mRXUwu2HpEN9mUutJb4PxQDAwABARcDAwAkUOaHYP5iZ2NNWAzfU4nuMAsSlIi3Xu6evUH+ePghzyW3lf1oFwMDDTdyOxvGAqdaXqn7mk56YQOkftztBpxUe9++1VUjQL0UTPE4dDghDlADUJrVIMNoajw7OVNVUJlwwZLv4SY0Vx3I7ELfEhgQAcbo8KTKAm9O2ms4MsOpGyCQp3Ck5bHL2bE4iiWi1kZ3XUOEqkWhVOIsnrRavV3YbdvOPn4o+EZD19BNo16d7FYA9cwlYFl0b+UOCHVkbAV5Ro0aksFmIDr9nN\/SKS5iC8KA1HQko\/XCtoZt\/uj26L8Jnm5j0xvi5PCt7eYN7FAf9foi+urRIknTbj0qt5H6t5n2fn2SPs3+74zq4arLW6Grk5JVfjN+EFn6r2Kqt2DBASpVLNRJlEJ\/bKKlz+O8J7CBDjbsuIjIaIhIezaNNWlBddC5u8MicCjaXDfeK0Y4HdjfUV3F5+ceyWCg99LhDO6xG0CeQL6QAIRHV0AxoEVRoc\/2vMJczsdaR6IckxN7UiFIufmha90IusH6BRII8ooR6OU8Y+2rZzYh5iUJTMhKuwIGbOPxF0ajku7y5uTYXkibFy\/3YRErBGtPfTP8lfcsC0F+hSBQLoIlrMlmFjzaT8UDL1Fvuj09G9ZfRK\/xhCkh\/7LpCMAmZL6FGK8dmeyLYWLMckLWasSF4SpcTPWxHh7bEgM8pdQOrhyOwV2+YyGE03XoHny98Ri5sKrhPxH0mGzGNnfYcuH6skZHVwAgYnBYfjM2lceI\/e8LUGXM+\/wIkpWQtiAxj5n9jqC6nREJd3P5hFhhc0S7dmq+lc8Ma343e0W1q85dFAt5euDl0kwrHQBD26Gn0UFzkp+rMUWqJmbE4SEGibShhwSALXJQIigpcGwGc5IATb5iv3WP28Ditv7SIopWvMI9EzLxDQqdqFyPqSJV1GQA4imlHzXCdMmJY\/F6D02T5M85XegGn9Uw4gKTdpJtNdQMeDpMCJmwPpp3X9pZUOt1oTofSb+42UBMYdGAmqh\/lucphpoooHZAFYzgka8EA3+5grzvvRKo1W30cuUHEkcEYum5QQBIn5p1pvfjSQasw1NoCcIklAiODFbTUw\/XBBzGVXrXLo+F9mr5HZJoE6PhrzpGbM+TbC9rdnXfxtb3I6K\/1AuBezoFfnGsw9Dx8ypoJ2UB3C5fLrpS2ieFOMX42\/Dh6ibKZmCZ2IU\/pKi9Kpxz6Ld6HAwuoH4Me9ywi7Ln36mC5YB9\/TIfNIYZgMETrU\/MCg2bIGnZ8vBftq4oKoZH5CfsoxNFs2PFEG\/5CVigap\/tCrH2NE2mXjfyEkFGiVnnGzcQq0blObS7iaq5g9ULTtsStUYEWVhOXk\/yHu5D3\/u6I0Omh\/4izYUAvc\/ASGJ3mfA9dMkNtOEG3hZYmo5CA9GnSRpy2RNoU8Pnf1XinGwNO1Gx8Pk+Rv6O6rF61GXd3j8LIla3tC+sE1vn8o1HuVrg0vtx6svaMmP8iNm4OXIuTyI0c3BbAjgOOu1kSB8ysQJy2HfJ8f+33ewV4FsqQND6r5bZILZFNT6hlGwEaOaKRgd8Dnd4N9fsicUPP3uwhfe3QdvqzyV7OOrXV1IVMp9zwSZ0pMfc8VWLEkiJAKnWpdefyOUExkz5+iOPBxgjTOCDXI2cxb6a85tRWFrVYfRjxQzYvDOiZkMdWovVcpGmC70Cf9f8rBw+ttYEmVtXQq6aUTGji6XfZ4PQSD6aFRmGvyCQ+CTuysuZPRTT+5cBQgpxWr3YBN+426lIaYsxvZASckGkJyHw7wpODlcoQhARdIU2IKEFRJvw6DT5X9zlpEEie0WCTVJ\/dO+1+JbTJMju5fx4Qacw2bdHAKBR6bgpX06u1h2Q89XiuB5q4CfjBycr3kVeONIM0plxcqhvNckbcicJV\/JrJUajfW3F3ZFA8QjvfJykVgp6OKAIPXZNUHoSa3jNomftQSYqyBfMezehknXHShl6ZuQM+Lvb\/uVlinF17iXo2SvKnezJm3fj5cHaM4wuZjkDVCLAE\/Nyn58e9ksRwhD\/gK97rjgBNP1ml+iaYZj1YbBsIP0G755OxhWhcssAbTkI8hBniALaUqQLLPs72nFgtfIXuPTAuoXoMJT42ulwoxGs43\/GTmjksUYpRygFZP5B0dC11WQeR8PhWFcDRYGLV7beAlYwch7ld5nUdJC5mrDnIj419\/n346cz6AR7+0Rr1O5IOtvdQctvdWRZfPDcKiKYfWWWQsFX4uwaKZ7iAJIc3Lf2Hi65\/5WG2H6DXV2pbdFmOOEMbCE9vzIalbNO5yuH17ffgvNYeseN8QYcMc1RjXhkpanOQhCXFt4LROEa0cWaGgGU8KVcV0lHoP38Yqy9\/r9NNO4BBtoRTZYqyQ2KiKQOeL\/DjGmqmnMdtRKO3G2+28PYYcreNlQFUQC1YZRjis96nJONLOoYWGmJ0Ajkc88jEcPUWJ+sQ1Ellx00rNPIeTKszE7eeP1Wj7159+psV+5ymtU7Wt8kdIG49kp2vIgkZ9Wr8jWgezRdBIRoNkNszLOkziHLmtjo71cfnALRZTzE3WjtfCQAqXYkE67df0jceQto9+YJvgwPL7SKReSla4kC23BVgPVvhUiIRAomTXxQfxzJl60MjaMhKYx8sdY8yirN79hBVxNOKvYgeXSM9ea5v58WsOsjoz8vxu1i6IS+wpQDUJRL5+7QRTbXkU\/IgZJ2JwIpYJc0TbCcC+KyzLGP46kWX4\/BnWI6G+lC3q+tZ9lzQmQowB2OgB76ZZzVRvbALuU+R4sPYYq0cv634FKIpwY3EtlYdlCLWfp7ZlgIV62ujlYvHhZTRnGetjI9EyQMIK7XK1fm0YXedSc3g1l5p3dkHYgG0bAtbWa59V3\/IoYFT00HruXjbYzC5+RMiqTRk0M0TGZSrhfPeJjn02Zk7jMnppUxVbahEe2he8Uscmty4roTPIhZyQUTcLmzDMG3cPUpihzyQpbl0WSI0dX58QFWhZM7xH+JJmJ8yAAlZtScWFT+AUyElBRyoWx1bFwnu5cjcTiBOKcIA77CG8sc2sMV00Vn5xS5qVm32olnJkfc6ppnqNQxjiR9wVkT49+iYCtbdmX6IKyWQeVFgUqJQ5BvdNdt7w7dJUeuhPf3VRpEO\/JuTbLlvGkK\/mwXyq24LF3XMtkm5t69hBaSeNohEZao6QmYxZ+NYvxyXtLt2f77PL2m3kxOteUzIZiuV3nkbaSTk55VWkCshKS7HYDGARWAphsf+0I+2o6\/uoYI0UX5N6tebXNoxQAq6JRpkCJZ\/PM5xuxlj\/WGjyfe87wS7vqJa3nEKMo793Ew3S5oj8lEIMcctbFE7wTV1TjUaweZw+Z3iwk0WNd4mhDiOEObjosKaAJZJCKcwHWWPj3Pv6sHr9LXFpkSQghXzPF88XInFPHMmaNePQ5+SQ27ys1WSoLOzvUvoiLb3ySSw3OKanqLRonKV7Zpi0Ytvm7fQizCZ+5Ne\/y\/c1MIzQYpj0KO81JwrZo2y2Ztgzyet8\/H8T5HbkOQKczJbxrmsEvEXSl\/OZ3PT4cobEGmH79r1jJnga64YFXN1twHKTB5tOqayNYoY8HWJExA6ECQm2d8vIM6vU7wGAu00l0do6yKY07icxt6ZdPJ5cHBwXXmOf03M\/8KffX9hGO6Tv76sw1+cR37dJRviYmME\/l8otZxWSrf"}
-00836{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_tot_l4_data_len":3236,"flow_min_l4_data_len":312,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1618,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00848{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":487,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":946739401864,"flow_last_seen":946739401922,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3196,"flow_avg_l4_payload_len":1598,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fi.doh.dns.snopyta.org","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02047{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922153,"pkt_caplen":1246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1246,"pkt_l4_len":1212,"pkt":"ZmZmZmZmRERERERECABFAATQLHpAADcGDIBf2OWZCgAAAQG7q3Ca7xUnRlOpxlAYAfU2WgAAHSeqZDGEXrFb+J1opG1dnPi4zgteeVslY9ZmFJlRTMTFOW+365tsM\/eWSLFN26wQY3yg0Y1FR+FA00qPga4\/wX0RoMfU+SI0dBiZB1tmIlqRr+vkKc2KX7jGL6yH9pbjNmGWfzy9B2zla2g4HVLW8pCqD27lbyw+DGZ\/hO2inmJfO0WMCDqHjCOm+F+BP64YRotqRni9BCcdPp\/FvRYRcX4k5KVXiCE2z69wUVsqPG1llKJj1CFH\/RsTm3g3KbtdQU0GjyNyQl2CDpurTyUPQ92fUKA\/X0cBMPJgzHC0dOP90IUWPM1DD3nsbrNmpz8lP9N79mRwF5LTOHbbfvAKtpN8hLwkt9ukwyBmXk8C+zmVLmgKdtBBeCiCgbaFL\/aA+J\/nNJ3jy0mYq5nUvVXTh2Z7\/bG7F7D15e+NHDTFMXBqoMonQB16IlIlFtAJa+1TB8nMDEieCqXSm2meI\/wkXXc32Srtv3AtM6vxPAOrV+x9rponJ6AacvE6\/cmUC4WCIDgujE5nGZYcMZSggbR9\/Kt6utpNlB5VFi1pEVrNaFZHw7aT6\/CtVG+zVSwvyQk0KhE6erbsuDtzZMxLvCtcsV6pPfC\/PRbO03YGJv8DK8LahvowpjPqbaymGAnYP9bBjmcj8Zybby5MtwMog5KW7YAI9rBYlENeM2Dy3vHARJIR5GB+j33qs5hvPkWTV3o9HKuDltN6e\/7cTcTid6DRvXmO1ZA7RcWnp1v9dX0nqCg+iwrqPJuk36pRQQSp3pYE1EAHLCzt3501t+KApLCxYzEbirRWptNyoeeEE5uOfBxYTM2WMleevobNDlfBM03M0aFglzGS3lCRV0yNWw\/ZBGahRO+XjHuBA+QxkBjzNIYvhBcDAwIZaqpl7KO\/aoS\/xaq63oePn\/l4wkgopi1lsaFYbJflvn5lJQcRSZHGqRIptAjGXWny5qRxC7sgGucrDoA5XZJpJ5rL1sQGrNBBnHYCcdhfkRgu0iYOklGG9xE+slZId49jcsAtWEU2I\/eEF\/gzGmcDoIKW9\/IU0pMNXTdWiWofVVPUZs\/Lb\/bN8htmbbfjLuBzEKhZpgveVlZPj5VXAuHEhXXk0ROaGAVglMZsxHsbdDUcKPQjQ9mHgMzqt\/SN4SKDhA1+9LRLSL4g\/ZmJxnsYsJZiPRXZLdaU9Cy+A4CQPYNfuO+XNekAtQHOOCFWcDjdfU7K6gPp+jdG+6zR71EFMeiGo9di5FuI+fsXGMjNiflcFg3\/oiEiQj+c+SXhXmg5cUUmZisM56tSTYoDbqV2I0clprpOcfYkTtT92I6EUzloL7npuW1zLxMXE7nwW5JzyWrlx3xaz6AAfotCwxm5ob\/ht48eMSnaGsDmVMmIKcAeXj9r\/Qgfm5ydj17A\/wWCVm\/7gADpBdFs4VTLiVB4jIonZRHnx0E40hyOWZIsEIEnMxJxrW8PkRcFDV5sXdcHtfh7iWchE466qSDTtK21gAz66LAGzIzDSi4jTfEAt1SbNYQ4BmQyjL19w9SMP8BzTvwsIFe6hnwpATT+7somRA\/Z26b4QEU5K1DZ7oOX\/WGJvzzyrIbd4MSiv77t6sgdhQ=="}
00534{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":922171,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"ZmZmZmZmRERERERECABFAAB6LHtAADcGENVf2OWZCgAAAQG7q3Ca7xnPRlOpxlAYAfVWYgAA2V5hLsUbgAEXAwMARXXob5MYCcvmeQLUlTRsCD5Me1SM3hQe8X\/HgcHMk2uI0LOPU2IcCIkNX9+C7LIGQhPSeM57X\/Qd94pvwqCsYv6NMr\/xuQ=="}
00528{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":924807,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4N1lAAH4GvvgKAAABX9jlmatwAbtGU6nGmu8aIVAYAfUGmQAAFAMDAAEBFwMDAEUW+ynfPIUPgWsGIdUFpk0OwOAClb0Oq\/mIShKs292RBPHxvRC8jQty7TSrdGva8zXMNO4LmAoXO7IVucdmZqSgYyt9EQo="}
@@ -516,11 +516,11 @@
00467{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970552,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLN19AAH4Gvx8KAAABX9jlmatwAbtGU6uLmu8eH1AYAfUGbAAAFwMDAB4Nf8UJeas06r+T3i6\/\/7y1II+ujukEFzKxnznhsWg="}
00562{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970620,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"REREREREZmZmZmZmCABFAACRN2BAAH4GvtgKAAABX9jlmatwAbtGU6uumu8eH1AYAfUGsgAAFwMDAGSyk1KOdSdDi7O85h4PA7Kj1kLRD8Cvyu10TnJET0F2PpxtEkeiBWme8hFIBcwhfrN+u\/Tulm6\/k6XcAsDJdXdNFDD6wwHPy+S3J4XDEn8tXTis7ukzh5mU35a7uJWAcYD72OkA"}
00571{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739401,"pkt_ts_usec":970714,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"REREREREZmZmZmZmCABFAACWN2FAAH4GvtIKAAABX9jlmatwAbtGU6wXmu8eH1AYAfUGtwAAFwMDAGn4jD7I94ILrD7yyLiHEy5w+P9gXVYReJhoXDO4JiMUs1dSjEejMlBhK6LplTsX8\/Hb7o6IqK0sUCjWidZwT\/UOjxb\/JoRhBj5HBAsOKbGfXFD+LzRVsvAk4SCxSRdqAk5nuAYKrAeE+oE="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":59475,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFMVtAAH4GEoIKAAABLuPINt7iAbvHEJB+u++XVVAYAfa5DQAAFgMBARgBAAEUAwMZSog080zqV7Jj5Dvb3ndcTDVXiuYN2\/F4nl5oM8685CAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPcmRucy5mYWVsaXgubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIJ7aJCDYGU5kBdEWwbRqPCTJbp2+gk2aiKbS3L7SQcx7"}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":946739402059,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04361{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97803,"pkt_caplen":2958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2958,"pkt_l4_len":2924,"pkt":"ZmZmZmZmRERERERECABFAAuAZpBAADcGGhIu48g2CgAAAQG73uK775dVxxCRm1AQAfXDSAAAFgMDAHoCAAB2AwMvYFLfcaEHo3aJMGXc3Nj5JHcSpejvVC+OlDWKY+lERSAD8\/DpQOi68rj3Dpf6v96RxtLLH4tYGgdf5WLODM4bbRMCAAAuACsAAgMEADMAJAAdACCh186lBtHTNByoJBA0po27dnFNUREe5HIPKtcxu6S2dhQDAwABARcDAwAg9o2cPZarHTdrUnIxRn1VCbJHnvCJutGQQOHJwtgi\/RAXAwMOr0yaSOXTVxNy1MdOCL2l0VNtPnwh1Pur1Peod0tJjP9bgm\/AXbCeom1NL8K2T1J0dOI2RGuShy8YsyfJSw5Wmm071ESTozks9\/pWNhc8EY3OZk6mCQg3Q3y0vd4NtUzxexbQ\/ljBYll7ps6UiVrepG46JDr3EaPIsRJxAZ8gk2GaeDNtt7RJ53LkT05zfjvHMA6aBmH7t2BOZWkMQkrXRLmYtnSacXrlIzcJzUpGVRU0MO5jJX8g6q6PFhL59lDZu8Wsxk4Ijhyg4K8UnAjzRt0sqrXp6a0SqTxPZDzAPdhdwet3y+1QvN+aCu84nNSfCfN63IrHLSK6g6E3lem15SKv2YkiXF084ouwYBCBJXJ0DejPRccdH+Bp7CthOdZD9VLsoaB6QmK0BYE+B3JLwPXFYwO17RILfiGHekeCLv1KycofjSKkrY8yMabLa35ij5iLlwpIadsWJnwxXtZhNE88TO3LP+8rk3SThdBjlwIn02grC3P5DVdRHQUuYvIj+XumPYY4OniV3MWQD5oVffgmBaE\/MiLcfXRUvAgscquxip1c\/\/iyBNFRLF3RUPwBL5NcLPUAOiX8VC6qW6UmkIisNPyl59sHHQPhjQtTaV3HdBxVSxa+lXvafEDpCFPhfq7Z8DomnjFz314Mo2YICe+ZZ\/VP\/fu7\/DCzGaGMJt\/y8fB\/6C7VSPpretnL2mHkpzqNNsRNJHmpTbExTf\/W0z7d7eRfUyi4HRoWhN1u+9quMVSyao8SZFSb9c6pJV2Cpd+PDnrbNELHRV\/F65mKZXLF2SBEFyPK6XtRb+DOfMx0N6eOXr93S\/6+HvwSpArnHXm2qs+EDh7L5OyLbYX7hk\/pTg3eyPRsiU+T1VKMmTm3HYiEMmPROOISeM2PorfGczBqiAbHiPnaSSCDWzXHHee3yjPZXq9NGQADWivkdXNHAGorqs10ePRotp6azTgDg+3xjhiyUN8\/5\/JSc3Kyd9\/Y7eBwt2u3jJ0Ir1dMpZrh8Xytn\/oFEDmMRBapOHclfLOBBRZGJk+RA7J4ax9KIam6HVgRqufRZ7dV+VdgeVMjYSy4DQHs6oQV1dnsfERFBqYVQdJ93jWD1Gsdc8Pxx1qQ6tb7lnC4UqWJg2j4TF\/4asugxqLUp8iztI1CeTH4Reu1S6K\/rL+\/r1FEIu\/3a\/Pc+80qIi1Y87Z88cA68V6AnrKI\/jRFdeUnKaulroYDyincGpznQ32nbV7\/a8ufW3HqHzuY8Srdsdzg7OWNNr818v6m39ySIusJPgs5uFC9xvx8R+dIpVEYzkh3Q2eeeMG9\/8K2vIPpbbOtWSl8S5FN+69DYbQxN3KXTRYnKAcgBhodqiyj+6scHhaFARQYGoblFVqgXvJu7mshFdDHwBCaC5uowdNEKy4yrw5ottXf3H2NCsu9qcfXXi\/z\/OosB\/qYdcOqltwSq\/80V+8Ge38CLLZRSG\/4XrYzdhVDiFWoHxmaBU5QDEtQZH3S5OWqN1YkEB+FuSwADN6wY1gWAHclaDt280QNrqehBd4CwSsxy7G0qCDy36MMZMs7kf2Vj2TgH2Ktlytg+thkxDKtjS\/3aeMtSmm43ddFCAwkHZueXWUvoZnXP444s3zmu+73i2ZuHERFPrHSjFT+Y1Mpgo0Q6tWu1ilCv3IprR0S6yOnEJ5GH5r1Gf8ZIpGpefh36oorDOpgHiyqyCCd2qxXI8dwpeWwmWx2f1fKIN+bOmeDA+2HTL5b\/h\/S8LxTnnbWVqrgwQxdpAQ1xCVDtsVFko7TfSsPQoikR1NXdGw35qIw15E77U92szex\/zyWrA\/2KGcD2M3u3eNzXjjgmkxW27iRaDVs9Dg00I8PXscfPuLziMbIIt+Qm0SfB\/SFf1ylBL4HammClVdC7YNhrs4NDTvUTrxAf\/9BLynvePRrZvNzUMjBT8JtlvsBmnasO+COXrGwGyL50S3HH+eTrpMH9LMnT\/2nWeiT7sDmyjA9eJmW05\/8DRI8uR2ignlELeQeE7ZYC8KKYreOyXVjuVJO8KRaBbSIU8dUGF\/ILBa6hey1v4zK5JU1MHXOVQdX1RkKit5IUXefBWJ4R0BtjoPPFwKYAfyrsAKBcQzvKsyota24c0cDVjMzge24BKry1Tqr123sw9sTncyGrJzrjJCAkeCEkQo\/KqOKmxNrr6CtJmmIByoS+EjVKjVpJBluAdt5s3qw9VBr\/A44f7M4XZ82OLHYLOdXuuY4Rgtek4oFOa\/eUNUqECm7Y6b272wQZRBWvplBYlD2RWyR8BI01QWkzD2WfZpeGCzTSL5ABcGznl3CTw+DF6WcoeJd6SbUQUUEPVBF4u3zdh9b1Jl9zNuwWauO57o6a9eFR5unb1g++tHtZoIerFI1gyMEkvujqSt\/jK8uIRkRYOGlslTd\/3gwipdTVXxsLWi2fDz9+hxgVNOGQx8\/XNWyG1F\/L1mjtzU1UBNgZmslQP0EHO4J0uMMhguKNrTksx3df79c\/0PdkBKYtPr+8Ipj\/SC3QYRzf0s53zKfkSiObQ\/sOVJpwMvMhEUZunN4GQG+WMzs5eDRzdpQVJe47jiYijmkgXFbUCq004yxOCosLJYnsGKuZDQyE0z4teBgJH8ZC2mVlhO8lAz8gPU5mm5pEBH0gFKqsINKjcIbhVPUHYBlhBeR1erIfe5hsNdbM\/YCyGrep30hH+qZ\/IBF\/s3j2eRJAN56DPG7eQXCsiZSBsk9PTgJ38fSGAbaH0pLxsq2c1CaH7DzSlA01ud99lTK4rI7nRSGX9tAnrwTrORIzDrntkMH1VggJmMFY3EGxAMzh1CUd24C\/NVxnQ9P5qmX0Sgg6uSgxO2c7COAq2edHC\/ucd7dmb9rLGiOGU7YGRxfXuPTU+xfVNmV8wvcxQY9WY3QcHJbT2Vz2Hldj+q9L+347LUl4d5nRCyZOpijGWSFFM5lFqup\/GoObWXXvMsTO9NawTXovnf4MnjeZczPg2FrW3tlX0uBW7P24cE4VNHjvnvHknCsLft2dOFPhwAUA7qVOuJixr0stgCN8eCmK\/n1WzppsTm55hMBmYIkE9rYwxrxXiN39LFT+j0SlpiMqf5n1b7aJjSjiQjm1\/T42XF5prhRwaxJyOBzS5a2w2BxZDhOvMuBRY6ZtDe+ptzu07\/eUIO\/cQq36LXuMCRYTHNEIXnWWtA0vjAcmq+EwSCLEygFwVxoPgN5h2qTp7SdJVushbBgsziLiKFyhenEAkjP4tYMg82sWXtGvK2T4GbMrKF+OJsVll7gTGHENl+vuBtGryghKs2kRZov918dT+VWdywju+ew9zl+S0NiyZlvWu+CmHSGFpvtCqWMXNaXEERtmXJVFofSJ7ykCfNo49lq+tJOi\/mrPExexfpWVgisqVMvGukP+ZkhcE5Ck47mFMZqfJTRL364HqGaNbc7EKIab24NToEVrdLyvx+sQZXNXCyXhOVxnIWFgUdF0PMAFDvMwWrgJTufvZcx1q\/rK6GjKie1KAVcLQPkAeyb2aBh0GehIKRHB5OLWsjRXWSnC7RfnFW6K8cokr6NiSGrPTHJtZfW+014hI265qPA0R6qLZ3SkGPsU2l+ULOh8f4TsNZmRbk\/UzcCp9zJB2\/sAwMANTEmXxPw2yMWVIdXVMdzqrOV"}
-00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_tot_l4_data_len":3229,"flow_min_l4_data_len":305,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":1614,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":946739402059,"flow_last_seen":946739402097,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":3189,"flow_avg_l4_payload_len":1594,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rdns.faelix.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02303{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":97864,"pkt_caplen":1444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1444,"pkt_l4_len":1410,"pkt":"ZmZmZmZmRERERERECABFAAWWZpJAADcGH\/ou48g2CgAAAQG73uK776KtxxCRm1AYAfUU3AAACNSc59sPW4OZKm6qSD7jsBvdulSTgK8LagzUdpT43FqU1TjbgFd6vr1YcfE0NFplErjVqY14Uy0e6vIiPxevgsH6OdIHZm6pvnG3NGQZr+Eawc3lwPRCg\/OYwfYOVATUQ+D48eMINi076ymhr9WarR1T\/muiarwvLXYV6Uhar7rOYnX1fnOldHU7V9Vf3n22jVlaRu9FvfUlIGCuR9DlhblioT6Pi7Xq+9B1pOrzTS3d2OyN7sMIE6PuhUF9VrXN4uLhsAemVKcWU2V+BGjWtfszG7hr7paN5M0A6WlSiJP5ugBdx739u3B3W1+KfLwVvbAx3Uf4RJvYnlmACvSx012Jhzer\/yuM4tk3QVpBdK\/jPEaTPWBaLG7GbcEgCr8Dd01cNEaknAYaE3S81foMCYQWnkCSEzXoXSN2X+GKzFZl0S1\/cEXQGO2yVQzWkPUMhh0gTbASy1MtoPkBs1VLmccZG6VMIanE\/Pd1\/AmN+44wbWDJ+AcIisgRr14kHkecxeo6qEPvRckWi1Y+MB43PdM38kIUuB4ny7fwppqpmv8DILGQ0779kEvzfVRiZrCYvFXu\/QOSUdvmxjdD6cpAlFDWsPq2Pc93te5jeGVaL0ejtHRLIxI7z\/Q501zSpx\/Cya9ypg5U1NAxSXKe10YJjCTWrmOYKmnYerWRan08XbdkvYLJUzjKsspm7dhtxg0E1f4GsSbQFVWwrs\/ZM+C5sBOiJWUOh2pogAFGGsfjjO9vzloRUIbA2Ux9PdhnCAwgsxjwIpMB0l+UdFEMsbPJQhlOxGEwe2dnsCm5A+xtqvz5mH9nbAz2uU5hDs7xBrPc+8iDApG3YcmB6tDQMRmVl4wND49H4\/Hb2EGewuCKV1\/lze0iB9RIgI9rfK\/5kPRVAptvZ2+Rek\/4ghlbEG+l+OpOmeFXbOF8BuB9O0sPArzn0gERY+1PqlX8USIY4KAapC8vGnRNqePUVgog6kgSCom8jkuyrzOHCdEM1CnPySLw7a\/tPZxODv2GVX+BkBTvdcEhFOjQ1TZSMjExVd8xloEm8\/FJ6+H0jkz8IvfKaJAX48951TiRuA57Va3CSiHx+djtV0dMa0UJnQcAEaubJWYUsRu7sYXVg8tQm7wgM9eerw0ql07SNc\/dHQUxeGfY6HDVaN4jlbWxp48tTf5vFa+VilGPTo45486GBOKU+5wyUckgVnRpF60eC3RcISu3IMve+0In4k9R88DIjvwS1SST04NZPv7f41CsbwoBIpKZKJAFU+NplzdS0BOyBcGgjEAzzOtpFJ7jXjBK8x1DEPVeN6HSSbNaiOV7VevW0oBjFRBvVLEmxy48HjBSY3QWjS+yqFN8Qy4bledb1fb4GI3oWPT+BRcDAwEZfpmEI\/d7cy4YyqdnKDwIn\/k3qXWNAj2sXjRKguMhqhlkOdUvzFkzzM0xeuvfwnq6QSn3NpKskeWNBR8K+ECaE3mhCxghdnhLIum9rgOMvkgnfyBTDAfYKNN\/d62vQY6u4rbxXpDQk04FVnBPxSfPHXuC+oF8kMOU1++DK+ZoETlcuLrk2BRjjMQpK7pf+k1VI6pVnOclLhCXYHQjMUHZufh3HVG3mM7BF+lzB0K07EInEh+Ccp7LdqMGfKnUNXPWyokhcE9BzZJT2yWb8DylKWRWvZNetxzugclU9IhwHPPfcLEVBg0Fudoqm9ZGps0h7H+c6XIpsbql70txNRPE+wXofhHvkqNoGKLp9YrmmnKta0xlevWHOwMXAwMARTi1\/bQ1JQowGKIWBX\/iwQMAp\/a2d7gVFXnQQSu7gEMDkgFlDNq8l9T+VqanQcvXHm8wx\/TYqk2+tBPvp+6SO7GVVfwN5A=="}
00527{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":101600,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4MV5AAH4GE0wKAAABLuPINt7iAbvHEJGbu++oG1AYAfW4QAAAFAMDAAEBFwMDAEXKqSJC2lkh5G42SMH+kUqPJFSCLOrnY5qYiyyOSGxU019Z3g1+admSewNNt0yPEZJoMQ1+JpUFad+MGHQ3aW46rImbTFY="}
00538{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":101756,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+MV9AAH4GE0UKAAABLuPINt7iAbvHEJHru++oG1AYAfW4RgAAFwMDAFHgR8CaAUsNqdt5xPfcdxXk\/ccwFxgxpSNMxvQytY9LevtkgxLHXMiQ60Vij3ZxU\/QEiR4Cl8Vf7C\/woRAEzI9Vk7xgbuIDVQT9L9Z9gXPTwyE="}
@@ -536,11 +536,11 @@
00682{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739402,"pkt_ts_usec":187345,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ZmZmZmZmRERERERECABFAADrZphAADcGJJ8u48g2CgAAAQG73uK776vOxxCUJVAYAfV0OwAAFwMDAL6wyx998YbKxmhMw3+CbPsfnr4wXvWu9\/nfQvNorwHZg0srS5b7iFdGjGxZUGNlFBD4TLH3AzFc1xK1\/J0T2VFH8uDpGe8owqNCKImjGik5Rfd5F24uYKSGIYmxbUfgE5PK2eru+BRCrL8IEcqvV0LwgKt5CQaKMtHOFanb7Cza85s9XyOcjYz9wcZRJTSv46SL8xZ0wNzMBRezCeekROZM5P3D2xzeSAqSrV3f5Ck85qOoGJR8Qi7HLCko8nA2"}
00488{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739415,"pkt_ts_usec":188752,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbg19AADcGn1KIkNeeCgAAAQG7y9B6n4qk9ztBOFAYAPXJwgAAFwMDAC7p4enar7a69h\/ap6n0W5hiq1K9j0xA71Ah1sGQS9PZ3SOPEcpAhCVrUATzJZDF"}
00449{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739421,"pkt_ts_usec":46730,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAddtAAJkGvV8KAAAB2akUF4T0AbuSPudflAS7mVAYAfWurwAAFwMDABPAQVvrxZDxyu0V2WbXi8Wc7\/ph"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":327563,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFXkZAAKYGop0KAAABCQkJCsqGAbs6mTvywXrNXlAYAfbUBgAAFgMBARgBAAEUAwPEiPyvZDyiU8chFqn7v3nOV\/W\/daCFgBrWvLyeLgdOBSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHngAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG5zMTAucXVhZDkubmV0AAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIELSbbeQ+1Z\/PGkzWYpOrrGvdC\/XSIyiiMDimHGqOwN9"}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":946739603327,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04497{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":346755,"pkt_caplen":3068,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3068,"pkt_l4_len":3034,"pkt":"ZmZmZmZmRERERERECABFAAvuVbVAADsGC4YJCQkKCgAAAQG7yobBes1eOpk9D1AYAHferwAAFgMDAHoCAAB2AwPPxPF58rRx8NlAStddGtWmBxk0TsgFRMyjmLE2UJLzOSBmgVOewdr23+YbXlV2oJqCio3+iP7mE\/SqSoHvhanHnhMCAAAuACsAAgMEADMAJAAdACAXimL6oC2BgKKkKv2GFQZ0YvKv9UBLIqQLjYesKsDOXxQDAwABARcDAwAgsv\/aMwoaVLJwBsdUrBspRDIe6WOUfDjyPvz9+wtEYK8XAwMKaJbt\/ye5NqlSM6\/tOfe9bC5ygGHuvTHGsEkug50mliwDXC+zbimuaXpevBCVc6v4emlocpuYSolXpHjPLZ5mH\/n\/Wwg\/zT8DKTys1phOBjndqMIJ26DAd1BULzfsS4\/LPzxUrBzIWvX6A2LKLmwvvolWTixlKxXTGAwoKmNpvOmmolp5p0KnP+05uqYpZwQr1eiVG4Jbxo4RKPp2m5qudj526IfaIUxv6TymwnkyKidb8KJ7fECEEmqDTEJYi3AMqq0F6jVWm4S\/Cw3xWxFHQLXfbhWl\/xQNbH7sQr1+VP1aT1KVnkPOnmrjsvXKtU37nhtNVagiwB4tTsa0XjgxO6nNrduMisjiP1kYOcjiQ52IvQ8yUcLxoVZvs66brT2XF4X+BUOjv0f2D+iKuSPPaodKDokIKfB3EFHwrxtXROObndCkt2l8uoO\/YFwn4AVaivPS7QA9y1ZB5oLifA+q5b\/fsbKJUohIzT23SgYvI1FZi9km+tWoalj+0eMzm2XcwysPa97vGSKpeXtbzhnBE6t0DL+SCNAkdyN9iZf+SkkYuc1rpy8H6FsnB0MNHcLT\/7h9UpysD4zCa5uCyld0qhDdV3MzU7a7heBLLZvpkeoMCMY0KW7Nghl3Tf2jMPhPpMXgWhDsiEqTDOOStqJ6ji5D3nXcz67NA7onASlOfxCYNM8r0u017+zZIe1OE+PpBYW8chi30ujo48vE+6Zr1LXdzMZq7SQ9KcvNds70bZNXXOxSMjMXLVZIXnbsRiW02iiUe4S1V8qA1xoY+tL3PM\/3KBP4ZSUn0i9oU0Zm0bhbtwOS\/9R3KZPgmCI+1g7zZ+sqsIKC0g2uvkEsdNIqhrXU224qW6xxP\/j7fBBrVPw5fuLCU7p8+Yh1Cpxk4zFmUhl0XbcAlqLu7rHI4fQoDUdIgemBLeSEl1+Y\/z6KYsqD8NYrgKAvSsbZ1H\/Vdb3V1ajFVEUtmvJbvjf\/83uaxbTgecYPCPp7fDTlwk8SSHepVo8KtWsduLEs3DxEjvauvr9rL7FbVuDjSA3SeEqhFhGtSYJioWjgprG3WdpQzYP52GvnOKwXu7vjaJad3BS\/DxKTEtPTMDE4Fp6cDirnN3wrVazuNyc6gO+xpNalCZ8Rd4w5DmHczo4DwVyfZ9Fxz7k2fB4TnNz9ILT10qjnOlN\/ksy+JVVDJTTX6v+Ua3SCh6Bynhcuz7SktArn4gMoxcY2E4z4hIcGQHNkb+py02aK7EHGVgPR74HZosi0lhtUl4dpwbcfDHkQU+oVloy53x1IxuauA66S2qPneNDmRr8rKf9GU\/LJH2dezQ+WudmVZtgHXrLWtjuFmnH7eaBODVb8UwsA0Ge9wdJPfbyaGd7iLOv94vz10GXsEVy\/CXkZZhekrbvjToLvfDqaRAilCzMBHwybWhwwRUQsUh\/rPF7FXEJaXHA+eAZPWEuEetxByN3cFbJKFAiJ4IoKIRBIkGZxaTOcLn\/+XdFg3+W\/lMlmaqOUp903NihM97Rw4Bpqxex1vlYSLEh1ll9uJAf5iJVYMcmiqcaYXWfQOEXWR1wEE7wZE1+wo9+np3wP\/ty0jb3vy8+oqDWA8OdUjkdhqeUyfjZfa6t7pr4ITQpHLy0bNHsZ48wim0yu3Y7a6artue3kmQYcW2RckDOWxjAYg9ikO\/kwS062tZFHnT2VanvAd16qor00inyMS9VT8p\/085mt8kQkGSG0rip8q4xWZYbMFCfcEVkD4E5q7utpFEDkZ964uRE2Vw1PzBHn62rcmtvUqQaoGAFjFlHLMS40f9r+HKG7wRWTWQ29d16NsH+Xu0qXRhzWgjImijKWlv6KBGT1Cxynn\/KrehvF0361FyBUkJo1S1Ztxsubdf3ddeGeEr99d5oc\/xgpXMAl6ZIfUBPJjnOeC932\/TOOjMzG7PhOgunB+ggqQ5LQc0CX3c5BLlJtBtobycDsl7t\/eLrX\/bMfWq1dBy8SxYnEvGbNHrForDiuOA\/0lI3GVO62V5P1dM2BK8fdHneO0FhK969xszY4KacAP0CD5Aah0NJ2dzSGVZQtRmv\/TuFZlUQB3cFfHJYpNMU\/sn32bfB7GWJI2MhPEITiLal7HIPxgTikeJcDL13qUn7bk19T+rXcadCGiBoKDb40Dx6ogDfm4H0pA9C7OZJC0LRf01KZZRBjQs4x5ewT+p6+Og3SFrrTJ8ObJe\/TFocDQSMCBCWHQJqFicRtnWl4mmw+qTCsSoZQ\/ibkZFi+igS4TWV+31tPjazydJfOrW9xLZSgCilkMeJWYl8vH1ijLI+xCM8xxlQj5svlwHqvt+EkteECF3EKEt55AWpnRTNzzJivCSHy2gGPxW5UKKBkiSUoPFh0qyVjKN5HqDcW5MrFR2HpLqhuRbEXoannFiepiMp6aCVRMgYzvmQIyFH17\/3pokulHalnqX0gFQkjPqUPYf6B8\/o0H5LL0kahUiyL+d6BqSr8d42vsjYrpSfDaIcCW+FFGcj\/61Y6Fdihg57b1nq47mVWBJ9vcfq6xagmjwoJrNbwHaDS0XVSxL6y45zWrDfovrm0VvelVEdjwsn0FcoL6zZxDjjOt0EJP+OSVXcMeuY7uIG+KTnnHoV0vMvgMsIMiJbtYXgvda9zrqGty0FDqsOWmIdUCMf7t9LcgXTVP1POJeyDb0J4B38BTX3wUkWV7Ddf9ih9u7A\/m95uqIUbBJE2UeEbEEHif0BvcJl8E3UGeXVNiKRj7lxmplRVER7ystoW7OIAwNXC3MbNiwrjMNGlyZxeIZvGJIjHlQuApwLZsjzZzABT3\/zDbS43YjZzqyO21cEI3xf5DfWK6ZyU3Gjytb2PX5Te\/wOkKfusuGJNyYU73DNCw6\/IA2qWOmaw7\/mXzErXE2WxarQFcAU6el9VnuyWPJs57xlszen8XWYD0zQcAkiZ9pBOymEDFngWCP8+c+AEG42RtW8heXsNn6Oe2ZAWO\/0AXBzQr+rO1qlWDZzv3V7XELPKS49M71P\/6XXdYRKeCeHIn9vIc91j0OnL7GZzEPRVrpELGmw5rN7x6AqDoK3g\/LGcF47Fu59pwNqH3h40OLoshBk76izruGCqusL4Ms6YFarwUJkiUBlvhjjR7yHu721yX53PmlJXwCPueaRMxPhyJUl4AErQ3xPn5KAYXOjk3\/LnBLmSDl4f8PDkxmKUVaitsKqWvpl1TTX0fA2ZAqmTFey5ifEjBKLesy4caeyeCMEZZjMOhPX9MKfIEGous6lHCaZSQQHUSMY1BTylXmW622\/10lQS8aN1mce++r7\/TAswiTbum59NRH+1WXDpTaq5aRBgs7Pc6pr4lABNwxmieRHx0ER8V5gmxNVB9ACpzjEkp28DmYAH1\/iiBQfjkW2oblAVhUqcezWZUUEbpTbTAEj81Dzg+Fe2EsJFV2MiLhqH0ZMEkKY9oMnGyGvqY11wK7Qf4HXmtakoM3CF+wPbb9he7ffoRbYXCwbxTcDrBSEJdjOMhsSClbW03C9LGM4s6RAprMpnuw2wArtlzcr4bo701pOupS\/tdL5NkaZ2ZzsCChcDAwBgOnNpVcvc5YFZ3YuA8YRoqsuLDn4GImAnVqFIX3IzoTnZe29KOqUXQC0V61jJdr5Jnb3k3MOCdTH2u+HBBkKmYvlFb8GpDbcgObm2pFs9vNSY1WNyfnlLuFSQCBkHWe0UFwMDAEV7D2ZJm3CG6uFedmkozBwacoDrnHkQN6RCxC8K2l8lcKCSu3Q0j3XFRWsykB64fgtOqxtlPlxXpmtKrFqiyWDCeX9Q+Jw="}
-00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_tot_l4_data_len":3339,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3034,"flow_avg_l4_data_len":1669,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":540,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":946739603327,"flow_last_seen":946739603346,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":3299,"flow_avg_l4_payload_len":1649,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"dns10.quad9.net","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00530{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374765,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4XkhAAKYGo2gKAAABCQkJCsqGAbs6mT0PwXrZJFAYAfXTOQAAFAMDAAEBFwMDAEXJf2y8xWhMhAZA2WXz9agwI9f91RKP49sWLlsKAqD2Anz18+mnUXeRrd7MefwrF\/wulkzvUzp\/PNHsE\/j94eCMWT0CzeI="}
00537{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374833,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+XklAAKYGo2EKAAABCQkJCsqGAbs6mT1fwXrZJFAYAfXTPwAAFwMDAFGj4ZdVWENvHP7mlWww4fyc\/LCUwAcUVZSTOZOCuihsQZi0qxZIU3KBjmxt4UsdwiDNOUBuB692q78ru91BCfhzjqstzxoqRC1z\/lvOLOyurCE="}
00657{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":374894,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"REREREREZmZmZmZmCABFAADUXkpAAKYGowoKAAABCQkJCsqGAbs6mT21wXrZJFAYAfXTlQAAFwMDAKeCWd2l1u2Lq5nscCXqD9rzuIFbFEIFXZRDecLEcxbM7PSMCkfJA+iEkaf0cGjV8LczZrsob3nZH\/qH4fB6bL9ggwzZsJcQ\/vTsjE5m2W4ZKgiwKat7BKpY36LD\/9Afx1qnea6QcjD2EWkQhCPe1Soya4r1y5EkeNxIyteNSI\/VQNM0d8BDdw9EJlLgnh+Uvy7R4PE6D6LtYWxW+\/MgQt9Sj\/BpbZZ8ww=="}
@@ -551,11 +551,11 @@
00634{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739603,"pkt_ts_usec":405726,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"ZmZmZmZmRERERERECABFAADHVbtAADsGFqcJCQkKCgAAAQG7yobBettjOpk+xFAYAHtFOwAAFwMDAJrlZdBVS0cKHJnqEJaXIqAMqgJO9gAwybL2E7xe9qQZDr4J2CA0CxAtNC0Boxr8btXLopFLp0PWcJf8L9I6Bnv9ARtkisdIMLLx4GNLsopMbMvf1P9LXCNWLKmRGCDKo3N4vvUhY7bBpv6nEeDTO\/oU7mh5T37WkPBRQhHrVJs7lTiljdD2tCiBraXCJY+h+e7jpTKniTc\/A+Xc"}
00449{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":406126,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAXk9AAKYGo5kKAAABCQkJCsqGAbs6mT7jwXrcAlAYAfXTAQAAFwMDABPuHGcQnap0Vm7XVP89BjuxPcso"}
00529{"flow_id":32,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739633,"pkt_ts_usec":413039,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"ZmZmZmZmRERERERECABFAAB4Vb1AADsGFvQJCQkKCgAAAQG7yobBetwCOpk+41AYAHvgMwAAFwMDAEuf8FnU6xhGOURGBoRDN3wq2DAZCmPVTSnU3vLzpSv0xnEWwtxWw+S8xLuhv8sm5rPi9TW2uaKE9E2ATpSI\/WmLTaqDOIUZ3oIMR9g="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00804{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":512401,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"pkt":"REREREREZmZmZmZmCABFAAFFx6JAAK8GN2cKAAABuetRAa6gAbuz5lknlG0\/21AYAfbM4AAAFgMBARgBAAEUAwMfgFJ2Kafn6OC8bsQNsKFbNXsDyxgypaGgbuYoVgNdqiAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3AAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAAClAAAAFAASAAAPZG9oLmRuc2xpZnkuY29tAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIIH2RRfX3PNaXYMOoXj3ynNGqfHChI6\/gAXerDGvzggi"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":305,"flow_max_l4_data_len":305,"flow_avg_l4_data_len":305,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":946739661512,"flow_last_seen":0,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
04642{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":535299,"pkt_caplen":3168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3168,"pkt_l4_len":3134,"pkt":"ZmZmZmZmRERERERECABFAAxS7o9AADQGgG2561EBCgAAAQG7rqCUbT\/bs+ZaRFAYA+rX7QAAFgMDAHoCAAB2AwOIv9853ekbZoNmLmgcqNPyyS1j9KmZm6LL1EB3x+W+MyAeN08qEmNJsvb5yXXS9i9uE1kipCfBRoZuyc\/JvsnF3BMCAAAuACsAAgMEADMAJAAdACD6x6OWYowjGpQ7hpL1\/XAvKAPz7Qey4KV7v02zhqXZdBQDAwABARcDAwAgyc0HM+W8H8TE3DEJWTZrLIbavzRZjtX85L8RdcWlDvUXAwMKE3Ep4ySuvwn1mgGngq567huqNt4kq0krhrI\/h93Xu5m86O9X2PLgikjAQ\/f9b0D4TlJnxV9cGU04GfVlCuVdBuDl1OIowNDzv97yB1hnS\/nmnSeVxy1F8D7\/C2lvCqf2cxAVE09ueyG1Z8bXZ2QECTYKbWaJhHhH3grXMLxM9TK7dwfYp5ry3mgBLj8Im1sBBtK1ijR5DOPlXD4i38GWBdXuEFX66BB\/RJoRwVEIncNbQelSZeCqjUb3u++TUwMNQylDBUpnEAe47WxBvCiB3j4t00aQSmqM0TAluU8dwn7tiUiJEwAYZgDG8XeCA2d8CwkyaaNUs0P3Rp5Ub77dFKLlWkM7Ox84gnAyRhVMHCmMumYMkWKlAivuj\/eXgWwWByB6smKGxdGHvMorcYTbQq9mZYmNNNkDPDaVaw5533PFvpx4ba99q1b36RpLWXBUvp3e8mh0pBow5UcR930tP8k9y3Mp\/Hul\/USMW6fOtKvrODulyByiQtZSjqe6z4\/9jz9br68\/R0pBmxYIdiwDh9sAHDejB9VSYvk7ssbBQpn+Jgwnz6Ryy+sDgPoInVRafSLVQ2XaqYm5f6C0Jwzhr6UtNZ4\/zNTcpzOWnfrCB0SA4OuUkh\/XzE\/16DFk8ZQDliBoueyPhn8cEizoLe43IQ4BRx1FGhFopJsvL2cINLJIZh8DTM\/8W7f\/ASccXTbKN3NreGL2zPJ9HkyArzmAuS0H6AWBUpZyjU0X4LPypLaoIp74s3Z6LMGrDv+Q9HPcSM3AsvYaPpVMikXZgrncjZjmSO3nKjVK7tuPHzmBxV2ASbUY9dkYy7qS1LbwD5HCaZkMJLquTC43\/zrZa9Cf+VJlQO+7\/bTkI19jV7MBsNxvCJS3vho32OcNSgskst5WCDisQYxOEJ7yIiJ4Qj131r3komITCdIi6sfPNECBD925ao9iSOw1a3NghVbKi1Ke9+osy6p4OIfl7R\/jJIRkFpjTHB9lrhuKyd3x90HahF\/Bgrc+0OPDW3df50BV25QUTv0YHg583iZZwuimhgpeeN8oRbZn4Oz1sb61wMILMVA1YkIFgELm6QWH0EjBDa5PcdPXwcXSRAXJR2\/zX8giHU9oVoqfNaIjA+SmyaolS9o0C9Gxx9xhkTFg+SAbN3Goh5osUJrTzgif84rF3v\/clkf8\/ZhPyDROa9H0yWh+TK3VY9NLRXxv12lS5FZMqutTNAtmppSaz1n5imbXVp1Da9\/rGuGJgyHbUPRjpcY\/qQ4nrdYPUt0lBpjbxywR21B5bH94VrAutoZgT1NlpA1fjy8uX6CC\/PzzpWgwoLz2\/ah06JLAEuj5ndY\/3P\/Cea86JZSQRIAOkxHfXLLrlrueGx1dvDahl9VAk02WVblMiy86oo72YX2jdNNf7IRMOaPtI08s6slCfPDpn3bANNyLKCX6T8oskMhdiK\/HIjCb1KyAdgQ2+yLvi3d+MuMeWmC07amcrbn+OTYQQNPWx6i\/o5VJfAp896EdOSd0n7JnPYzTA1M2RyiA5D2thGuZ18x5oW4andkKefpZLKocbhraKqdRDR2qHe1UOjP7ac97YdAdmgxzkuJnD41fZ8SEi5Zg3NfdmEEfpkvRjC5orTLd0fIsx5c1+XLU\/R3b4bQM96DkiRuZJ1NUlIhf9JvTA7QhsNS9Evhm+KxSrzo4fPncRHMt8lm5+VkFq5jZsS\/4aS9tmtMGO7fcr\/LpSveCPtAloCQrU+vhpaXaC4\/SCuRji5PdK182R618OsLro46yH5FqoSw3EFuupxW4KHdDcJyAmbvTP3RLz1SxCnflYoAqTczyrDRGBg9\/VwVoEVI1F90s2UJwdF3wAnZAvtsFo0aX7P\/QLLigT0+21EtehOsx99nALYpQP+Wes4pdBUuuM1hrGs4phO3GFIyYVSCdORl3bwKcDgUn6jxeA5jLALqAkUQz6oQZAw+UAmaFT7liB5ZMHspe2Nk5qb3bDaj1FmXHIWt\/85M5M02qebtth3yNCkr6Yp8QH7DkvUBEcBvugZfGdO8uohym\/eNU58r4tZ+dX\/tuHtfYu\/HTthyF6zJIA5NCwZI8ZPOa0Ik2ZVHuDdccBZzRFIr6iS6N658h5UD2w34\/Zc25OfWHIIyNU8f8\/IYCk9XVJNve0Okk42KtkEZEvU5b0G1QgC8PnK8r+XSR+vGYlx30IHhP0Drstay6UqCpdjb38zyt16Qx9KI1K78\/2x0ZLR7g9lNe5aJSm2DGdBsBLk1r5a74FD95UK8Adgld6WS3J1isO2nKe9Xs1y3yG0BHL6PVzcVJ6xLZkhyj81HERDbvsw89dCQ0RJq5YmEae+boIDnKyAnLYzUgmbMRlc1g8JOgQmr6\/NRcNQVzPj9Tmr7h+4nauDzZ0EwSB6bpnhekE6zTzsN8ksFy6WPV1V2TWaFMCxIJpm4tqxJloTCvFyT3CBtW57hPqqD33WSzMFQ4mYuH5Kgu\/JydyuTxbX33iR4YxYd7QhqiqEqf7Z40jPc99ZwAIj52PTzQ7U+ojkqP4MuUynWiVDvS\/8M2\/Vvth6PA4ClC+NG9V0jqT2CwEy0LU0ERe0qEd656+zZx\/fgC3xfIuWV0svyqgeH7U8anrlDCpp7N40O2SWqb3L3JMSf4o49g5Y7jySS1fW2+m5VjaQqCccoq+\/wn0QIhjH7Xd2oER1gcyADsjGJt5aqBudWst9NAdC7\/E6mgwXOhZmtXb1lcPmN1A3ldDXRkgXTncFzTkiGIgqqygowkLd1h\/u0K8p6hXN6SporJbwLrTenWrNDIG63gFBLm2D7U+S642eghPumVgo7B1N6elGvUpSDX3m8qB6zRisoSKoWKWO5xgUo0OWMndotDAaZPAq3bhL2Pxzdl9WOKnnP6NOK4+F4BC3OgZgYIEUhrknbM3wBtdHfsfGuj0RFj5lNw2AlFe8pNBDRkjYdmUdc0f\/vnWwnfo22NWKX1BdiVu7196lmWb3TQ4gFhlK81yNy7eFJuFbgrYZ5PUlfjIwTDgxIXshraxns8270zwqor2u3QZYQoN4I1EUcEja7lh2qdAWxfca\/zxpKtNeCFUm8zfvAy2hjwmAqVnw7n4Et+Xyf9ksFEQ4\/qzsOHpBM0zGs5xxH5dXSgC84hPug8TuHm5XeS02QK5ivwcMFrRGIBts0M6ytr6tm6t5af5Z2U58e0QlvyTSXCPiJUK3gUQUYViS\/IjXLR2ycg4306mXwXdbQ8v7MG8Jbo+42mtOwsAND+01bl1fOhl5IjO\/hKWjGNBJndlQaRfYzoY1bNcjrUVpsWniWOjJBYJ9yapHVp6DQ0QxTAp4enh41yjjXkuC9cO0IfBYAr0q3doev3F6MDmfD3QC30o0nnTuJKglBmQmNqmFF98Ioa6LYtVQSVj9fT7Jq0Jj7\/w6McuInFQUSdd3NIs7zDF4f1McMigXXd3svv1byyFwMDARmEZ3FvSkJXAws42ybGrYb\/Ga9WUTit+emudCQdO3qxSLRL9Xz90Zj\/0AIfatwlfnnVgLFc5QxTIdMvpyCnIjSAcDaEJvu6yM03S3K45PurYyNI6VNrD8T3C7JZ2oGRKr9xNDuiMdmtC9\/9YGpIp8JcXSnnpIql+dalqpwG9n50trcQI0C4J+hm1Yu6USN4wzVC+tr3gsW6PyyDAAs17vVbo+Scs5p00FZ1o\/rHfMtLfFwh8MAYWoGvtptGh9N2zS+PrJ1tBcSPIWnstLtsnAnrYxfC9FGgvCH\/DigiWfhGZwyoa504FzWxS6CzOvDPhsC522yXw\/\/MDJuJbpdH1g+oBnB701N1aymW+zBchXMoA1YOfcUScPREsxcDAwBF82UTEIbXenVn7eF73krbJp8pjxkB3FH+h3306Rr5JIHM3AbirkPdWnHupm94YxIhIDqYUbC9YcWD3w0dLlmwNJiAVT\/+"}
-00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_tot_l4_data_len":3439,"flow_min_l4_data_len":305,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":1719,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":946739661512,"flow_last_seen":946739661535,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":3399,"flow_avg_l4_payload_len":1699,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"doh.dnslify.com","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00529{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537491,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"REREREREZmZmZmZmCABFAAB4x6RAAK8GODIKAAABuetRAa6gAbuz5lpElG1MBVAYAfXMEwAAFAMDAAEBFwMDAEU4SkGRhTVOzjkja1xO2w+N\/vz+OkRmcdhLqaqpXQNb6A6SRcM4Xi9F7CyJ7zWjY541e0wZEZOfbwCMOI4VGHKGlHVB\/Ow="}
00539{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537611,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"REREREREZmZmZmZmCABFAAB+x6VAAK8GOCsKAAABuetRAa6gAbuz5lqUlG1MBVAYAfXMGQAAFwMDAFHO0jbbFd53\/ZuDXr7vmFxcqFu0J8Lh\/X61p5xsIdeiV0og3mV\/A6pcxScMeZBlAeEIH5hDkEBw1sCQ9Mi8V+\/F1osqkP5BLLW5Wz8JDl02L8Y="}
00650{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":537759,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"REREREREZmZmZmZmCABFAADTx6ZAAK8GN9UKAAABuetRAa6gAbuz5lrqlG1MBVAYAfXMbgAAFwMDAKbOQ7z0brbBFxgWZxwhW0QoxqthM\/YW2w0x8djZzSiWzVGpKLqzVQgkOT3HmOXxWdTl2fvHJh3N5G4mHK5ZWfcqKFlK\/fPDvKjV9wXy2wts7afxohUDvCcvWmA2n3Ej1Bu+ajruE2SeIFZ8sHHacL4bjLmiwm5VQ\/eEaQaQGwb91Bxh8GH0Jbyin88rP63FYAmiEMZR6fMeJDXgQHxpsypc8wZI+C21"}
@@ -567,13 +567,13 @@
00465{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739661,"pkt_ts_usec":578915,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"REREREREZmZmZmZmCABFAABLx6pAAK8GOFkKAAABuetRAa6gAbuz5lwXlG1POlAYAfXL5gAAFwMDAB47P6zsJLwbwYHugGHZbxWAzApODX7VmeBEgUQGckw="}
00449{"flow_id":33,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":578957,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"REREREREZmZmZmZmCABFAABAx6tAAK8GOGMKAAABuetRAa6gAbuz5lw6lG1POlAYAfXL2wAAFwMDABMWEHy35xGvTWnWCOeYpetAF3W+"}
00449{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739691,"pkt_ts_usec":599667,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"ZmZmZmZmRERERERECABFAABA7pZAADQGjHi561EBCgAAAQG7rqCUbU86s+ZcU1AYA+q7SwAAFwMDABMugBtN+BphYqwIRyb7JrNaAFhQ"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00805{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":619145,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"REREREREZmZmZmZmCABFAAFIcKVAAGQGIToKAAAB0frxGYueAbsFpAMoj2Q4kFAYAfaFCwAAFgMBARsBAAEXAwNRmx2nSkx+6m6KcnM1jGr2d9+E6hEUWeU+Rct80JF14yBFUW7fbN2m28L3JLX9K8uSgoBCeEP2oBBIn6aFnchRZQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACoAAAAFwAVAAASamFyamFyLm1lZ2FuZXJkLm5sAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AILzmWxHpwarRt4Ej829OBgtUnpC5uzX3e58yGu+riJtB"}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":946739879619,"flow_last_seen":0,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":288,"flow_avg_l4_payload_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
03182{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647275,"pkt_caplen":2102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2102,"pkt_l4_len":2068,"pkt":"ZmZmZmZmRERERERECABFAAgoIhBAADcGle\/R+vEZCgAAAQG7i56PZDiQBaQESFAYAfWL6wAAFgMDAGYCAABiAwOvuIoBv9aLdY9+pRuVYLTvaIEBB5j8JJqoUP\/T+o4DJyAaq0H4FgIYS60khmCU6D9TGVas7XFToGUgExNzFU9aPcAwAAAa\/wEAAQAACwAEAwABAgAFAAAAEAAFAAMCaDIWAwMKAwsACf8ACfwABWAwggVcMIIERKADAgECAhIDDKJHTnwjwsnrm2DLrI1zNLUwDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMB4XDTIwMDcxNDIzNDcyMVoXDTIwMTAxMjIzNDcyMVowHTEbMBkGA1UEAxMSamFyamFyLm1lZ2FuZXJkLm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9OPyuZ6JwIE6bPDfiRhbYPMkVlSRq93tijiXoOFC9OQc4eXtoMomU6kKPy5Z0NTzEB3WAHxrA4SRx6q3\/yefPeWA8HsMuYfQZpftg95obbyxbYYejVTJGcDt7bBAbyfyHwpa9VQXCZ1NM6170XCwqiTXQ5pCT67h001VbP663EnKohkf0MUwppbn6Q5xEFc+o+3D6IU\/rxkzW1SQTh0phbzb1Op8DfM63A\/ZtxaA5UoEOBp23CMkB\/vP5ul2uJharTqU\/BfvvV3HB\/zu9o43hkbooUEyMuBJn0+O6orVhwG1QVKM6xj5TM6ZcijU2+3rS+x7vNJUt\/bTHh7sHDviQIDAQABo4ICZzCCAmMwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRLbCV+QerkMWgquQ7dzQvZqcefiTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcvMB0GA1UdEQQWMBSCEmphcmphci5tZWdhbmVyZC5ubDBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB3AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABc0\/ws2wAAAQDAEgwRgIhAMWgM8fCSKocSMS6vNmRTIKDzMWXKgtHRh\/4TftRR0QHAiEA3JSerrntM9u7waurWrvwybuL6dB9RsJnzjR8MMY9tuIAdQAHt1wb5X1o\/\/Gwxh0jFce65ld8V5S3au68YToaadOiHAAAAXNP8LOOAAAEAwBGMEQCIG6J2T+qpPVVFxjS27cFglwKmn3u\/zi2QCL4kFgVvwefAiAZm3eKKyeMogTwUuYzbx+RsfIEqA9nNOdkRRv\/z1FxuzANBgkqhkiG9w0BAQsFAAOCAQEAcAija84yR1ADOoiyrdQFCgxJZB2BUUNBtRgi8ZPFZIdUaVPomyGL3oK59c6IO+gMw6xbSeGsLaVjettLRMJ2uMl6JZkgjV1Bhp3NdPQKieFpoaEiEBUAwqL8TSBKdJ\/mAMQLAKadqZ1hZKcVTPtXVdd5Q28iLasE\/NjtopLZOa1XOJt0sUbRAHa2FOZzb42ureqnIdzzYgm+hY18KJUkfrSxCg2dd4MTgQuYu+ZhUpaMB2rAm94XcTgVTGO5ADi5NM0oEFFNdNKrAyCom1jWC2m8LyYfCzUJEAYCAUd1WL438vW1Z0FQZK5dAca9qTf6FxrRdYRYrY7oGND3IwvyWwAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0="}
-00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_tot_l4_data_len":2376,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00859{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":565,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":2336,"flow_avg_l4_payload_len":1168,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02424{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":647564,"pkt_caplen":1535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1535,"pkt_l4_len":1501,"pkt":"ZmZmZmZmRERERERECABFAAXxIhJAADcGmCTR+vEZCgAAAQG7i56PZECQBaQESFAYAfWJtAAADwEB\/wQEAwIBhjB\/BggrBgEFBQcBAQRzMHEwMgYIKwYBBQUHMAGGJmh0dHA6Ly9pc3JnLnRydXN0aWQub2NzcC5pZGVudHJ1c3QuY29tMDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1\/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA\/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFKhKamMEfd265tE5t6ZFZe\/zqOyhMA0GCSqGSIb3DQEBCwUAA4IBAQDdM9cR82NYON0YFfsJVb52VrlwSKVpRyd7wiQIkvFaH0oSKTckdFEcYmi4zZVwZ+X3pLxOKFHNm+iuh53q2LpaoQGa3PDdah1q2D5XI56mHgRimv\/XBcq3Hz\/ACki8lLC2ZWLgwVTloyqtIMTp5rvcyPa1wzKjmMx3qOZ5ZQcryyj+OhZSgc5SDC5fg+jVBjP7d2zOQOoynh+SXEHBdGxbXQpfM8xNn6w48C97LGKd2aORbyUbL5CxGUY99n4bpnqHuaN6bRj6JaWRhxXg8hYvWLAGLyxoJsZLmM3anwz5f5DtQ0oSRE5vc3oo6qSqbntMfYfd4MkCRKeHr8M0W7RCFgMDAhcWAAITAQACDzCCAgsKAQCgggIEMIICAAYJKwYBBQUHMAEBBIIB8TCCAe0wgdahTDBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMYDzIwMjAwOTA0MDA0OTAwWjB1MHMwSzAJBgUrDgMCGgUABBR+5mrncpqz\/PiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7\/Oo7KECEgMMokdOfCPCyeubYMusjXM0tYAAGA8yMDIwMDkwNDAwMDAwMFqgERgPMjAyMDA5MTEwMDAwMDBaMA0GCSqGSIb3DQEBCwUAA4IBAQAoMB1ePZKC8NpTy2434kCI6h8NAXGSDejnRZYFr2QSx+TpoZipUWbMWCq8UzrMIxKC8UJACJQc6RIM+Xgz0ZRbGx25OD3V4vLxsczn\/nEIsXCHGvGoEBJqPqesQfpmU9r+oB2CbUgxGaJxDFqnidG6tH5KNxFVbrX2lPzXeDzKwLN1eUiZU\/lMuAOJwkK8zmwVXP5H7g6aco+MiZp06K8b\/Da3w0YGUY9fjEablMtV5ViuxARhZw1pWYWZo\/jGfvICDNvPKmx8V1X1Z4R8rNjm8UiPRR8P0NarasVvNtWs+6fXGpl\/hFMZzj6z4oAVh0vYNXKYxmaDs8l6pH8OOZ\/cFgMDASwMAAEoAwAdIKQoxhH\/Z4NdCHDs7qK8wmGbCtHgbBpAtyYYPJoz0BNpCAQBAI2s5yjtMrI9QJNozqSEdCsumaSKt\/QNxoJ5PFMWs10MAWl+5CjGLSlpjhytuQkP602gJ28TSQHyyO39DQ2pHRZ1MjKiwLUGQnSrx7B1qsIRx8U65WEhaQ\/Oefjv8VGGg2Nnh0hcGrHjYUxlGavnUge+GnGDrvgzWTdBb6fu\/ASgdFWYo\/L\/cx\/DQSF7KqdfFLYtqS\/mVGjCi+aU3DGzfokfH8gTddjOpZA9DbKNE5R+fiOUj+uHJsETXL1+AHkZ1DyEVNTPTtlzClPqiVFZoiQLHaM5Rks\/r\/SATzjVrNW7MyikygwLvRY4rKK4uz5N88k\/vqkRvVB4EA04vef95bIWAwMABA4AAAA="}
-01105{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_tot_l4_data_len":3877,"flow_min_l4_data_len":308,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":1292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
+01117{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":566,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_first_seen":946739879619,"flow_last_seen":946739879647,"flow_min_l4_payload_len":288,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":1272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9":"TLS Expired Certificate"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"jarjar.meganerd.nl","server_names":"jarjar.meganerd.nl","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"2464432ec440b95b36263230c3148d11","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=jarjar.meganerd.nl","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"17:C9:8C:F5:DD:1F:0E:0F:DC:C5:42:4F:ED:C4:CD:57:5A:5D:7A:4F"}}
00547{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":649898,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"REREREREZmZmZmZmCABFAACFcKhAAGQGIfoKAAAB0frxGYueAbsFpARIj2RGWVAYAfWESAAAFgMDACUQAAAhIDhgl\/pgcZzI6lO9kUAZaFzioUwXXdw7Ym0x6dU\/q10rFAMDAAEBFgMDACgAAAAAAAAAAOFPtsf5Zh\/ZpfjCXPcTMYNe90ERP2qdVmtu1keYta\/S"}
00486{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":676025,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ZmZmZmZmRERERERECABFAABbIhRAADcGnbjR+vEZCgAAAQG7i56PZEZZBaQEpVAYAfVgFwAAFAMDAAEBFgMDACjtN4hu+Wj5TjjaWNwCyZ8ctKfP1eL5gPNYY2UtZk64saxD6JdGPhjz"}
00514{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":676058,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"ZmZmZmZmRERERERECABFAABtIhVAADcGnaXR+vEZCgAAAQG7i56PZEaMBaQEpVAYAfW7lgAAFwMDAEDtN4hu+Wj5T72OhZyUZQISOWl\/\/qTKLhF2qZvrmv3+8i7gpYLzyJ27T1c244ZQ8rq8Ep2UkicIrJvjhNE5\/mV\/"}
@@ -585,38 +585,38 @@
00808{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":797498,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"ZmZmZmZmRERERERECABFAAFIIhpAADcGnMXR+vEZCgAAAQG7i56PZEchBaQGQ1AYAfXh1wAAFwMDARvtN4hu+Wj5UmDU\/NMvzW4ZaZqdIfuvzN649M3dg1IslZuV497wZdEWN18SPWfNvNW8q4xHtzKTRCxZAREEWQlp4nWAChN9Hf0WxJtC4IwpmzNwtcEChHWK9OqnFadz54IjXtGIgyjPtiP9fPB2F8WZ5zS+xv6fFfbEDAHBnShO4sPY76jns+QN2mo17OrzBGKkRb9cfJAt3iMizwZUpOlQOP2GiA85Nvlo6Yb9YkROjwvoZdV9nxmOZsEFjMzRr4OgXqZov\/LdhkmpLzhTBsID8buM\/NdEZejpGf0vO4i4denS\/k8t04Fc8guOCMoh6UEz6cm3PEl+vJqH8CPXw5T1kX6wZ8C7qcgMbHakCiCtWYQ2ONg2qedqPksX"}
00474{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739879,"pkt_ts_usec":797870,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"REREREREZmZmZmZmCABFAABScK5AAGQGIicKAAAB0frxGYueAbsFpAZDj2RIQVAYAfWEFQAAFwMDACUAAAAAAAAABVhjIGTs+\/AOgfYG19x5nx37HUS1BlwfDA6hyRYj"}
00461{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946739888,"pkt_ts_usec":204388,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"REREREREZmZmZmZmCABFAABHcK9AAGQGIjEKAAAB0frxGYueAbsFpAZtj2RIQlAYAfWECgAAFQMDABoAAAAAAAAABvrFh2UDsPRtvqC2sowvAB5faw=="}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_tot_l4_data_len":5927,"flow_min_l4_data_len":51,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_tot_l4_data_len":5556,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_tot_l4_data_len":5165,"flow_min_l4_data_len":51,"flow_max_l4_data_len":2068,"flow_avg_l4_data_len":368,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_tot_l4_data_len":7077,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":353,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_tot_l4_data_len":5644,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3131,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_tot_l4_data_len":6769,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":398,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_tot_l4_data_len":6081,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":405,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_tot_l4_data_len":5436,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2523,"flow_avg_l4_data_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_tot_l4_data_len":6196,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2214,"flow_avg_l4_data_len":387,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_tot_l4_data_len":6365,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3151,"flow_avg_l4_data_len":374,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_tot_l4_data_len":6132,"flow_min_l4_data_len":51,"flow_max_l4_data_len":3023,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_tot_l4_data_len":6292,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":419,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_tot_l4_data_len":6815,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":400,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_tot_l4_data_len":5583,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_tot_l4_data_len":5584,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2858,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_tot_l4_data_len":5685,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":334,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_tot_l4_data_len":5357,"flow_min_l4_data_len":21,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":334,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_tot_l4_data_len":5030,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3134,"flow_avg_l4_data_len":386,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_tot_l4_data_len":5852,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3145,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_tot_l4_data_len":5468,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1582,"flow_avg_l4_data_len":321,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_tot_l4_data_len":4845,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3034,"flow_avg_l4_data_len":403,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_tot_l4_data_len":7232,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":401,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_tot_l4_data_len":5898,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":327,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_tot_l4_data_len":6994,"flow_min_l4_data_len":26,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":304,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_tot_l4_data_len":5594,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3136,"flow_avg_l4_data_len":349,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_tot_l4_data_len":5067,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_tot_l4_data_len":3157,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":789,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_tot_l4_data_len":3155,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":788,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_tot_l4_data_len":5744,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3118,"flow_avg_l4_data_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_tot_l4_data_len":5802,"flow_min_l4_data_len":44,"flow_max_l4_data_len":3120,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_tot_l4_data_len":8783,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_tot_l4_data_len":5059,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_tot_l4_data_len":5760,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":384,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_tot_l4_data_len":5856,"flow_min_l4_data_len":44,"flow_max_l4_data_len":2924,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":18,"flow_first_seen":946739400702,"flow_last_seen":946739407673,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":5567,"flow_avg_l4_payload_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35714,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":22,"flow_first_seen":946739312203,"flow_last_seen":946739327905,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":5116,"flow_avg_l4_payload_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.203.179.248","src_port":41720,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":14,"flow_first_seen":946739879619,"flow_last_seen":946739888204,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":2048,"flow_tot_l4_payload_len":4885,"flow_avg_l4_payload_len":348,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"209.250.241.25","src_port":35742,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":20,"flow_first_seen":946739389936,"flow_last_seen":946739420902,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":6677,"flow_avg_l4_payload_len":333,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.76.113.31","src_port":52028,"dst_port":8443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":946739390933,"flow_last_seen":946739421078,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3111,"flow_tot_l4_payload_len":5324,"flow_avg_l4_payload_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"217.169.20.23","src_port":34036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":17,"flow_first_seen":946739311566,"flow_last_seen":946739327918,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6429,"flow_avg_l4_payload_len":378,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.134.196.55","src_port":55322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":15,"flow_first_seen":946739336955,"flow_last_seen":946739364937,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5781,"flow_avg_l4_payload_len":385,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.233.106.232","src_port":46658,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":18,"flow_first_seen":946739378577,"flow_last_seen":946739410674,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2503,"flow_tot_l4_payload_len":5076,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.28.34","src_port":33724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":16,"flow_first_seen":946739305650,"flow_last_seen":946739328075,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2194,"flow_tot_l4_payload_len":5876,"flow_avg_l4_payload_len":367,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.104.93.80","src_port":40938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":946739304846,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3131,"flow_tot_l4_payload_len":6025,"flow_avg_l4_payload_len":354,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.158.147.50","src_port":55962,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":946739310980,"flow_last_seen":946739321153,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":3003,"flow_tot_l4_payload_len":5652,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.43.135.1","src_port":38186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":15,"flow_first_seen":946739317842,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5992,"flow_avg_l4_payload_len":399,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":60026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":17,"flow_first_seen":946739402059,"flow_last_seen":946739432187,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6475,"flow_avg_l4_payload_len":380,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"46.227.200.54","src_port":57058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":16,"flow_first_seen":946739354159,"flow_last_seen":946739364932,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":5263,"flow_avg_l4_payload_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":946739380697,"flow_last_seen":946739410804,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2838,"flow_tot_l4_payload_len":5244,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"1.0.0.1","src_port":53802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":17,"flow_first_seen":946739400581,"flow_last_seen":946739430677,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5345,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"193.70.85.11","src_port":54164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":16,"flow_first_seen":946739400294,"flow_last_seen":946739430460,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5037,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"146.255.56.98","src_port":43718,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":13,"flow_first_seen":946739661512,"flow_last_seen":946739691599,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3114,"flow_tot_l4_payload_len":4770,"flow_avg_l4_payload_len":366,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.235.81.1","src_port":44704,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":946739374011,"flow_last_seen":946739404206,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3125,"flow_tot_l4_payload_len":5512,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"116.202.176.26","src_port":43106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":946739311335,"flow_last_seen":946739327906,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1562,"flow_tot_l4_payload_len":5128,"flow_avg_l4_payload_len":301,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":12,"flow_first_seen":946739603327,"flow_last_seen":946739633413,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3014,"flow_tot_l4_payload_len":4605,"flow_avg_l4_payload_len":383,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"9.9.9.10","src_port":51846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":18,"flow_first_seen":946739401864,"flow_last_seen":946739432023,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":6872,"flow_avg_l4_payload_len":381,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"95.216.229.153","src_port":43888,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":946739311703,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5538,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.124.208","src_port":52386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":946739378281,"flow_last_seen":946739408545,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6534,"flow_avg_l4_payload_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"85.5.93.230","src_port":59026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":946739385090,"flow_last_seen":946739415188,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":5274,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"136.144.215.158","src_port":52176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":946739380870,"flow_last_seen":946739411017,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.90.28.0","src_port":33338,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946739298533,"flow_last_seen":946739298798,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":769,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":946739299058,"flow_last_seen":946739299326,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1410,"flow_tot_l4_payload_len":3075,"flow_avg_l4_payload_len":768,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":19,"flow_first_seen":946739348407,"flow_last_seen":946739365024,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3098,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":36012,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":20,"flow_first_seen":946739310588,"flow_last_seen":946739327990,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":3100,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"167.114.220.125","src_port":37530,"dst_port":453,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":946739304432,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":8183,"flow_avg_l4_payload_len":272,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.95.218.42","src_port":50614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test"}
diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out
index 23ddb15f1..0dbf3d6b0 100644
--- a/test/results/doq.pcapng.out
+++ b/test/results/doq.pcapng.out
@@ -1,7 +1,7 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":199591,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="}
-00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1606056093199,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02098{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201842,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="}
01070{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":201890,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="}
00713{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202274,"pkt_caplen":279,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":279,"pkt_l4_len":225,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAOERQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEADhAPTg\/wAAIAi72eOch5MP7QhOL+O5iCYx+UBDpLbz6hVr3VQhQggh8jeSy4LrSByAKcA4h02NrSHlYfiZeIBfX4cUD4rj0whBaxqv8GZptq0Yh86VFZ7cihClGjSAiHi72eOch5MP7eD67j31tF9Ewc7\/cDWWW5sbKgeZ8Ni53gCKJC4UiBzoddfNqguK6L47A8v5MfBqkmPLLd375Ln\/BizbinX7j2Wb\/eMxuHFSq+9VI36g5fjgo4+MYm50K5k9Iro9bud9p1Ez1Q+5mh70eHrGquqOwXiz\/D6V"}
@@ -10,9 +10,9 @@
00492{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":202473,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAD8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEAA\/AFJMu9njnIeTD+1UZ3UL1a3XfRaN5wUfWs7iYRlISEYaJh8AeMvzJsGP1FxH1D7p62sJHL54hGmz"}
00535{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":209998,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMflHgN8pivud+t+xRWTjwsuKf67lT\/nM9uYZhGnTjZKGw6ObJH\/xJ9ga6sYiFSk22PsyWv4EW+86EoI8R8diOdKlj\/jL1WT6sn8whw05"}
00534{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260163,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
-00426{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00430{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00600{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":260178,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRnKgAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBSTi\/juYgmMflcDuw8PGqwk7AnmnlBLKl9VVw5FwNIUr\/uwhxQriWlV5lsPREfqCWcyBCgL5DIrZMPOHK4EaoyceBY8ce9ZV4nlYvSeOP\/TgYtdDng"}
-00460{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1606056093260,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00535{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360401,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00599{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":360423,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQTEgwAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBBTi\/juYgmMfl+TZ3+Hmg+6BC4SDTuwiFJDfNooVH1WKEmkSpLklzCTh\/kA9o9N4HNfPmXD7MqNM0jiO2jHXBOtk8kidE7CVxn0BTfngjMfjmwfG7Q"}
00536{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056093,"pkt_ts_usec":560720,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"}
@@ -23,6 +23,6 @@
00599{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056094,"pkt_ts_usec":761968,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"}
00534{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056096,"pkt_ts_usec":363686,"pkt_caplen":147,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":147,"pkt_l4_len":93,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBRTi\/juYgmMfk7fzjw3Vkk9LKBWcCW8JCljapCgvuQGIA4MlTOIZaNPxeCLfwxGo8OzSiugSvTVy7BU3rCif4Dtc3ePYXiNIKKXsDwOeyqUoLvTo8o"}
00598{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1606056096,"pkt_ts_usec":363710,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQT2OQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBRTi\/juYgmMfk7fzjw3Vkk9LKBWcCW8JCljapCgvuQGIA4MlTOIZaNPxeCLfwxGo8OzSiugSvTVy7BU3rCif4Dtc3ePYXiNIKKXsDwOeyqUoLvTo8o"}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_tot_l4_data_len":4032,"flow_min_l4_data_len":63,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test"}
diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out
index 6d5868440..49e10561a 100644
--- a/test/results/doq_adguard.pcapng.out
+++ b/test/results/doq_adguard.pcapng.out
@@ -1,7 +1,7 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02073{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":43144,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="}
-00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1608278425043,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00588{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":79621,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
02072{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":84825,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
02097{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":122822,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbQAAD8RO05ejA4OwKgMqQMQoG4E7CdXyf8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRABAlUp76TjgEqdop5UKSI\/F6C7Gd9+z58rAvv5K3VJcoj\/wbKGCvwUk7hAIZQkwS0eQW8volAE\/nQLfPF\/ox4Fu54Iz80wj9fAhhK9DPh9I3m5cX1kBTgklYoQzHtAgZePSyxHP6hihn0FPt1BzVGGJcnUShw4Fy27vLE7qS\/7U+ePnY21jz69vyKuwXZuTiiipLJ8YK+0o6f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qREQSNEAdToqwkUBeCPSTrtq1i+\/poFtGCmte08vfTNyuyRI2BuDSMLi4bKO8pdcS2OC7T2X+MCJiync2qglwLaK\/ZU6bCtCK6b7VW919zbwzxcwIxzakqRvR\/mHdyX39t6PkLoaGvK0X2vbjcfBtb8h9mxy2cMiCG7\/xmTssSfThjiW\/NA9r+eiSMaDW26lOxC0Myi2DyzhDaTuSGSXZwR3CdWz\/ehHzTlDnGfh\/fqCFNYcS3v3UJiv+Cd0NLG44Vb9GGFrsZAF0TFEPoReaDJEc8E0xrNED0dRphUxIr\/DqFgN88iZ7j379UNmsHXy+9mWkitLF30R2ORqsURlznCsncam1RRgTWr4gcq9w4PNs52tqYlXDTCw4di7UTg\/DXRKcsZbsYlRVAfuycbyKPF0+Crf95FQRqiDvujNGcSTFX0VUkcz4Fa3pVHkQZTqBaaJldHmG75IwR2jDpJHz0f8U25KfeMiidTlxNhhm4ZqtGvKIQ4l+F6Qgx3jz+Qgf4yWjkIytmooZaorzphY\/a1kd6q15yS9OAMFDlQGdC5w9pE5P54RHRZK\/rZQvTXChmSf0vHRtYR3c1oFoJT5F8p2MZU6xhBjIUVysia54dwyFSZwbXqhUTXJrPSmDnqDfgBnK15jat6fjDPn9EWVvi7jaxG881+aOZ0xxnx8yaRNN3cCXPRxuMVSBmS7R7uoMquwsmmUOS3HlBY98FG9pd\/pxl6D9GixGNYBEezKcsx34lBBN0+GU4QtQleLTJjzhkmdkqnu\/8ysyuk3AuGjDDpL4t9TZcSgmggtEeEIAD2uQ2Zs4+WrO+VF5RxXbNWqozAUKDXdWU4IhvJksaRt8LtCWMK+Q00gsZwn3bWnNtabhQ1da83CeC15FJEtCDSDfxhmRH8vWgIrJbPgN8gB44r7wKu16DvYGW8aqf7zmsckEnkXbn9FLsfs6ALLsVL2msz6xtzgVn74SrIXydDwMfx1fXsW5dM2nkOLSCiM7YyFahko2kEAUPa6aTOfHxZLl9R7YCHnpAfkDCw04yVocKSaV5Pw7dDALMPZTFdRwdAqoyp3JhcsW4wUVqsp0PTozIQzKE7JAcqGlvFfwXzZ7er6uAZdx36hfYDgYoKAl7S301UkQuX9mm323V1dh5OybrgeBmnlr+MoKe0Mw9PiTuvSS8+Q3jyvTGx5OnutvIwmCJZ3KlkUzAfZXELr6zCDgD5WkbH12NIA\/4Eve+66VJmSimGr\/rnpAwbN5efr8WSYM7kHl8\/tHLa\/St+DGu3hHqjLCX57P6yvpn13zBn38N5nhVh4BtxHTcXl9nJ40h9Fo7xe0oRT+d04279tPg1uhRPq+kJCTbSuAl9GMdjJxVxoxsuu0aJpaqKEm+d\/QnaM4+TSccA=="}
@@ -16,5 +16,5 @@
02084{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":433118,"pkt_caplen":1284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1284,"pkt_l4_len":1250,"pkt":"mt9Y+uvcCL6sCxduCABFAAT2AbsAAD8RO1FejA4OwKgMqQMQoG4E4gBv5f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRES8jklNSP9hrfN4jT\/oyQHcSv678Q3HxgKkoiWZGDaBC9fuLqj43rzFbUWPQXOctpekdVNsG+sw2+UDf+j5N4NVeHiTBwygNKR87tBG6VGF+xe7HUhOzSJVrsJerfW8g2boHf63jFMqMCOX4mIJinnpnqF39WJH3QI7MUjoh2OjVCdRNsiqtu+BaNmL4A7qsIG9L1EcW4FcHFZWf74VHYFFpX5GBMd3DtHQ\/k7N+PRhSDjEBQEpBnpxNvfdpUkdr8+rJiuWCgKnaOhMoEaKk8bZqYDW5EtRRNEc1JJhGljj9Ai3+poWtmuCYM6blueibrDpzikCawKG8z5t6aeBBKHUotg8t9lnAkaHDir\/gnyQD+24HGJt5V3MowhSdsZq27BqutG00ruayP13yMnzxkRmKgwORdpWeKtFs1y3lBbqL35MwNRbHbpLNvJLXcf1l5Avjm6qAUfmBGdXXYv5hAuIG5bEzA\/4FFZ3S4AoYifkoSeKwWrwT2b\/UK577pWxO2lE\/hqFZxOEytWoksc4WLxAyV2AI2ivIPy7WCBk7hTDHvTIbf2TqrmF+KPEOAyMqtPWu1p2wUO6rxLdwkHaRk1qjv+XItfKwaQKvCEUbLyQfYGkvWu+gog6kDChkhP34xu9CnFLQwf0+TJGDbxBxpCHbI2r+Kl+q7VufCJCw\/rBb16\/ANyJp6nFt0TxTs5kj2yy1fGuQVV2P3oiuJ8yVQGZOliW0r9x+8sQBYiG09W4G0DaDbOyZUfkb7dWMABROT7oAHHSrGE3FZfrFPOwKd6i2V7nHb8fT8tx1YG4+cL6RJr52cgKSuLmy8T+RSSsmAVnrg\/3yC340z+PNexJSsSAPK\/Gq\/Voy894IB0FoDkAQd\/DuKm6L0Z6Bis6Q14E5Zd66vAyChxbnK1m\/nBnSjcLGfOsvzWgWcjqrnarhCd9nP1Ij5pZC4G9gNxiCYUp2Va1qFs3moAy7Pla8c+Ya2wO1lfOpuEsBU3crhGOzbQZ52w\/1OW09Rbof75DZjMAbbecCX0Sm9\/AGGyJrzLG+IEAM8xH4c2TMzKRQMxRjCxWngD7asrBmwW8rofjdnk4X\/l+xws9Xjnq++LbsjwY9soooCiuPRsKejOnwD+wv0fcsCl1NFnOK7uP9J39NSw5nkcxriUaHt\/rIF\/R9L+caChbdWFj3nzEfER+FdTX+T\/NRWxa\/V1WDyY7ajEsg0s0jKG4DlUpzFTqHklMr9UkDgJrTEjWZcX+kaGxfo5Wv3jz2kkN9Tfz0K+vwnF\/q8ZWRxxnLYDCcgvwHI+52Qu9a0p9nFv6o1frifR36oQ+Z5kfnpvSggh3acsGkJC7Rr\/0LWuYEIM1TrL0Hg2q62ewfYJz0J5Ejr9SG\/Y9iTBUOY66VIuXBOWufWEiWhk2GFD29XOrBjXB7jlK3AfQJWFHy7w5cBze+n754afVyeVnT8w9zvgyR6QNIxRvqns+0BvqK9Zclf8XVTwY4sVRAqbtu+7mSt0+wEAb+pG3MFUJ4mzT6T8KRY2XnzL4Mc8+9KVp5Bk7rxQmqgGLXWZOt36IpgRhHIfOuNBn1IJLD7cJ6ec7EvKFUb1wB3SvX\/bsEl9SzyWfyNgu9c54203uC55g"}
02084{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":433130,"pkt_caplen":1284,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1284,"pkt_l4_len":1250,"pkt":"mt9Y+uvcCL6sCxduCABFAAT2AbwAAD8RO1BejA4OwKgMqQMQoG4E4mLZ7v8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRES8HGytFNakml4PzAwQaQZHc6jIBpQl61gKTaclBkH4l3lK3V26WShey\/TnsdSvKDKpXYJGGJjSSPz6xmEhdjXEAMBVaiKjETXFEOzDPRh+kQQJauoDKkCd0CQNrMhAmicwZKZ9inPEPTcitdqKPoItDvEVpKDzWn30RouaCWx0Ccaj3z30pphsLP9mmA+KzRva8myzrv5GvuishmfTYsSPOXeJe1fh4J4wfoyoFsnqFB+Rj6W+PS3WP3wlFg1ELNUK6FIRQTgFh+0sOM\/hh1pnp3QGgLuOvDO6aOeFjv8ayRYlMc1zLoSi0bJHeuqs5YENToAkzQAN\/SDhzdkft7JAolL\/cvx+82oCUXcS8NPngDaI3BOOxMlJuEliwhdAlSOQdO+FWWJweQ8\/fhateqpC+1G9wl8XvUQX8\/ljx3YJnKOvmmUG+SPCuuLNGecHoKK8AY4t9965\/YRUpnl7iCtuYexpaBXzvtdGBimVRlgDAjcJmavFlD6AkxsFnRP38YTbgm\/wcTnf+2CYkHkFS8+CJhNXsxaBXrxmRjoaWxccVEItR2FDbEPK9wy7VRD8Df+zNx+h2S5v9CUFigRwa1vGtZ2Z3Q+CYwWIf111cTy+\/GsjPZwr26hKiRQUyH7\/Au75L0uJN2BejTlIWvH+N\/aNaYn6NJ+ZFRCj2JWXv5VddGUEwh9CkQdti9buvBrvAhbSgJiKk60RyCRIWWhsxb0MQCFoPicAx8MkVopeJ9dmJW\/qa\/CYRehizNujeyQ4FJjGZm+h2OBIdsHXA4M3urzh51TBucmYcOyQzO8s3eGI6H22s73JCw3Yb8OPLtNLz\/l6own\/Tv7VrGrU5CJMEHjRWZG2lcJ7zSJt5g0E4KUi2o0caspq9HJkIT671OeDW55yNgJGKdRAtFE9B2LvuQWd\/U440TUqWCPe1i2nH5tEi5qQ4uwnAV2FNrRw7y6NzZ5GuNLzmfffcYi\/84cQkNgYe4Pwlcmdv9NW8qrwH8JdGojxVy410oHNENrZaepxULgnSVuPmqLfNhLp3Flo\/fCWou2M7DeW+9MYECvR2R9a945iMKHLbvx7lqs2Rl4ISPs8tpXLB3kvH+B5thX+jMs08Zix4fPWUXzBu8KLQLtQqmg8KLKaGSKwKZtyItXfGptVMu+M5tSJvaHHwwWOQ4o3kbftK+gvqEsFzoqdIowBF5DGabmWpL8nsANK0auN\/C5+5RzFO3ftzU2W6UlEy+cvv4LWxIKaPG2tImVo75bpC+W8VeUGoN\/xLjFX+sPAYBhewRVbO76GPWrk12jjKph7VUv6wija5t+9C17hKQmGyG9nxBLHoTLn4mIhl5Ai0d54tqw+wpXfuc4a\/PSM3DYc9DvribAwKi+wa+IE\/Uta2UvQUEZgeroX+qbGY23MpOrFQ6xsR1XBQBHPcAnKEh21lh1MGzqOg9p38iaZtfQWeUBkredgJV85jgzzWY2xkBlReo\/xFP9qXhC3e5zLKid17nylp5VgRbLAehvboaHsLbSANdUdKGvWJQuCmIWpgQ2LOTMJkEc5ryNX8QPHdRD7x9HDttgDv+QJTM8CjnxJF45XgiTNZjfrhjB0Y7J7BLK14uTv6MNSe\/St9r+Z"}
00714{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"doq_adguard.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1608278425,"pkt_ts_usec":552488,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"CL6sCxdumt9Y+uvcCABFAAD\/XadAAEARolvAqAypXowODqBuAxAA63Wt4f8AAB0ECv0qRBFd\/nzqdcW5fqNlTwscOQuxdUBAFgVCbN\/RWlf92Bi4xbsmestxwaOWzmLs0UOVup1GWKiJ0THmdCSxOUYMjjJQlUfCJ\/s8QbJV\/u5t7rXjjRFpv18K\/SpED3H7Bx4sBoyGtGJqEQTxS\/oeZBY\/wYowmf3EpJiUs1hRtfh+uoDwfq87X5glE18OQjoYidfBw7A4Umc8TkwRbDOR+jZ7zQbXe3U2zDrO2LQieDEhB+\/tUlVyGsn2PAgQPNlwZczAYXjqFOGeUuxU1TZ4wjfK6+evSSxkFUfwNAg="}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_tot_l4_data_len":34381,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test"}
diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out
index 90a933bbf..8c227b0d7 100644
--- a/test/results/dos_win98_smb_netbeui.pcap.out
+++ b/test/results/dos_win98_smb_netbeui.pcap.out
@@ -15,15 +15,15 @@
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":101878,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00498{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553896,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1576409797553,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00499{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":553965,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCAAAAIAR0rfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":554005,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCQAAAIAR0bfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00499{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409797,"pkt_ts_usec":586916,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgCgAAAIAR0LfAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":47534,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00483{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409798,"pkt_ts_usec":642006,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00498{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409799,"pkt_ts_usec":23617,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -34,9 +34,9 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":348591,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":543745,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1576409800543,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00508{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544216,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":544288,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00508{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409800,"pkt_ts_usec":583272,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
@@ -53,10 +53,10 @@
00509{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793465,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793598,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHQAAAIARvLrAqO+BwKjv\/wCJAIkATHyvAAIoEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00509{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409802,"pkt_ts_usec":793661,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgHgAAAIARu7rAqO+BwKjv\/wCJAIkATAu6AAQoEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00452{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1576409798047,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409807,"pkt_ts_usec":597015,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":132208,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409811,"pkt_ts_usec":517809,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
@@ -71,7 +71,7 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409817,"pkt_ts_usec":241324,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1576409807597,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409819,"pkt_ts_usec":547009,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":77}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409822,"pkt_ts_usec":253028,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
@@ -98,10 +98,10 @@
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409846,"pkt_ts_usec":177854,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409851,"pkt_ts_usec":581302,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1576409851581,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409856,"pkt_ts_usec":181279,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
00485{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409859,"pkt_ts_usec":28684,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
@@ -160,17 +160,17 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
00486{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":175103,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":101}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409861,"pkt_ts_usec":597261,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00553{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409862,"pkt_ts_usec":195835,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":166}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_tot_l4_data_len":185,"flow_min_l4_data_len":185,"flow_max_l4_data_len":185,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1576409861597,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409866,"pkt_ts_usec":206390,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":142}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409867,"pkt_ts_usec":606753,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJwAAAIARsjXAqO+BwKjv\/wCKAIoA0Qj3EQIAEsCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1576409867606,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00435{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734666,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00160{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":75}
00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409868,"pkt_ts_usec":734893,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
@@ -378,7 +378,7 @@
00161{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","type":47}
00501{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409926,"pkt_ts_usec":557294,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgPwAAAIARm7fAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00500{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1576409928,"pkt_ts_usec":60524,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AFBW6YlWAFBWM3ieCABFAABgQAAAAIARmrfAqO+BwKjvAgCJAIkATOGIAC4pAAABAAAAAAABIEVORUJGQ0ZFRUpFT0NBRkNFUEZERUZFT0VCRkZDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_tot_l4_data_len":2432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_tot_l4_data_len":1064,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":12,"flow_first_seen":1576409867606,"flow_last_seen":1576409923353,"flow_tot_l4_data_len":2358,"flow_min_l4_data_len":185,"flow_max_l4_data_len":215,"flow_avg_l4_data_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":12,"flow_first_seen":1576409867606,"flow_last_seen":1576409923353,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2262,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00142{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test"}
diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out
index 09cfa8f83..d750ad94d 100644
--- a/test/results/drda_db2.pcap.out
+++ b/test/results/drda_db2.pcap.out
@@ -1,10 +1,10 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1175543772220,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":220609,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221098,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":221136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"}
00651{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":338468,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"AAwpfMZqAFBWwAABCABFAADXIrhAAIAGgZbAqGoBwKhqgBLvw1AKtGex\/V5WSFAY\/\/8dAAAAAInQQQABAIMQQQA5EV6EgvKRg4NtgZeXk4mDgaOJlpVAQNHDw\/Dy8fDw8BfD8MH49sHw8UsBEbF1H\/kAAAAAAAAAAAAWEW3UqNfDYMiWoqOVgZSFQEBAQEAADBFa0cPD8PLx8PAAGBQEFAMAByQHAAckDwAHFEAABxR0AAUADBFH2MTC8mHR5dQAJtABAAIAIBBtAAYRogADABYhENToxMLyxMJAQEBAQEBAQEBAQA=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_tot_l4_data_len":271,"flow_min_l4_data_len":20,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"proto":"DRDA","breed":"Acceptable","category":"Database"}}
00408{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":338790,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"}
00557{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":339518,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AFBWwAABAAwpfMZqCABFAACTelVAAEAGaj3AqGqAwKhqAcNQEu\/9XlZICrRoYFAYGSAErAAAAFvQQwABAFUUQwAYEV6EgvKEgvKBh4WVo\/Dw8PDww\/Tx8AAYFAQUAwAHJAcAByQPAAcUQAAHFHQABQAOEUfYxMLyYdPJ1eTnAAcRbYSC8gAMEVri2NPw+PDy9AAQ0AMAAgAKFKwABhGiAAM="}
00766{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543772,"pkt_ts_usec":347614,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"pkt":"AAwpfMZqAFBWwAABCABFAAEwIrtAAIAGgTrAqGoBwKhqgBLvw1AKtGhg\/V5Ws1AY\/5T1dQAAADrQQQABADQQbgAGEaIAAwAWIRDU6MTC8sTCQEBAQEBAQEBAQEAAChGg1Ojk4sXZAAoRodTo5OLF2QDO0AEAAgDIIAEAFiEQ1OjEwvLEwkBAQEBAQEBAQEBAAAYhDyQHAAwRLtHDw\/Dy8fDwAHkhBHTRw8Pw8vHw8NSo18NgyJaio5WBlIVAQEBAQISC8pGDg22Bl5eTiYOBo4mWlUBA1Ojk4sXZQEA90cPD8PLx8PDUqNfDYMiWoqOVgZSFQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAfWvnffDwfQANAC\/Y48Ti2NPB4sMAFgA1AAYRnAS4AAYRnQSwAAYRngS4"}
@@ -16,5 +16,5 @@
01049{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":834282,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"AFBWwAABAAwpfMZqCABFAAH+el1AAEAGaMrAqGqAwKhqAcNQEu\/9XlekCrRr\/1AYJEI2HgAAAAvQUwABAAUkCP8AL9BDAAEAKSQU\/wAAAAAfU0VUIENVUlJFTlQgU0NIRU1BID0gIlNDICAgICAgIgAL0EMAAgAFJAj\/ALHQQwADAKskEQAAAAAAMDAwMDBTUUwwODAyNAAAAAAAAAAAAAEAAAABAAAAIf\/\/\/wAAAAAgICAgICAgICAgIAASTVlEQjJEQiAgICAgICAgICAgAAAAAP8AAQAAAAAAAABVAAAAAAAAAAAAAQAAAAAAgAAAAAAAAADAAQMzAAEAAAAAATEAAAAAAAAAAP8AAAAAAAAAAAAAB01ZREIyREIAAAAAAAAAAAAAAAAAAAAAACzQUgAEACYiBQAGEUkAAAAGIQIkFwAFIR\/xAAUhUAEADCFbAAAAAAAAAAAAH9BTAAQAGSQaBnbQMgCACXHgVAAB0AABBnHw4AAAABbQUwAEABAkG\/8AAAhTQyAgICAgIAAm0FIABAAgIgsABhFJAAQAFiEQ1OjEwvLEwkBAQEBAQEBAQEBAAFnQAwAEAFMkCABkAAAAMDIwMDBTUUxSSTAxRgABAASAAQAAAAAAAAAAAAAAAAAAAAAAAAAgICAgICAgICAgIAASTVlEQjJEQiAgICAgICAgICAgAAAAAP8="}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":898122,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AAwpfMZqAFBWwAABCABFAAAyI31AAIAGgXbAqGoBwKhqgBLvw1AKtGv\/\/V5ZelAY\/M3JNgAAAArQAQABAAQgDg=="}
00485{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"drda_db2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1175543773,"pkt_ts_usec":898676,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AFBWwAABAAwpfMZqCABFAABeel9AAEAGamjAqGqAwKhqAcNQEu\/9Xll6CrRsCVAYJEI06gAAACvQUgABACUiDAAGEUkABAAFIRUBABYhENToxMLyxMJAQEBAQEBAQEBAQAAL0AMAAQAFJAj\/"}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_tot_l4_data_len":5399,"flow_min_l4_data_len":20,"flow_max_l4_data_len":683,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test"}
diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out
index c8f38a78d..88d9fbb9c 100644
--- a/test/results/dropbox.pcap.out
+++ b/test/results/dropbox.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":481938,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":104,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1455907271481,"flow_last_seen":0,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="}
00522{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":585820,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EM0AAIARN+7AqDgBwKg4ZcSHRFwAZzJrQgM1Anj4ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="}
00415{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":587798,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXZ1AAEAR62rAqDhlwKg4AURcxIcAGvHiYkQ1Anj4iy9yL0J1czE3Q21k"}
@@ -16,9 +16,9 @@
00526{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":130232,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EQ4AAIARN6zAqDgBwKg4ZcSHRFwAaGrJQwM1B8\/MNXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":132073,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXc1AAEAR6znAqDhlwKg4AURcxIcAG\/HjY0Q1B8\/MNYsvci9CdXMxN0NtZA=="}
00526{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":239138,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8ERsAAIARN5\/AqDgBwKg4ZcSHRFwAaNHfQwM1CFi1RXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMiBFRVQgMjAxNiJ9"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00523{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":856457,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EWkAAIARN1LAqDgBwKg4ZcSORFwAZ7scQgMdqQeYckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEyIEVFVCAyMDE2In0="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_tot_l4_data_len":103,"flow_min_l4_data_len":103,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1455907272856,"flow_last_seen":0,"flow_min_l4_payload_len":95,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00416{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":858898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXhFAAEAR6vbAqDhlwKg4AURcxI4AGvHiYkQdqQeYiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":969405,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/EYMAAIARNzTAqDgBwKg4ZcSORFwAa8WlRgMdqhF5z0YYRXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMyBFRVQgMjAxNiJ9"}
00424{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907272,"pkt_ts_usec":973211,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyXh5AAEAR6uXAqDhlwKg4AURcxI4AHvHmZkQdqhF5z0YYRYsvci9CdXMxN0NtZA=="}
@@ -33,9 +33,9 @@
00530{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":530785,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnmO\/hCAAnAERyCABFAAB+Ef0AAIARNrvAqDgBwKg4ZcSORFwAassPRQMdr\/Kq\/CfKckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjEzIEVFVCAyMDE2In0="}
00423{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":536055,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"CAAnAERyCAAnmO\/hCABFAAAxXnBAAEAR6pTAqDhlwKg4AURcxI4AHfHlZUQdr\/Kq\/CfKiy9yL0J1czE3Q21k"}
00529{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907273,"pkt_ts_usec":658448,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EhcAAIARNqLAqDgBwKg4ZcSORFwAaYovRAMdsNz8WXxyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTMgRUVUIDIwMTYifQ=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":88318,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"CAAnmO\/hCAAnAERyCABFAAB9EncAAIARNkLAqDgBwKg4ZcSIRFwAaR7GRANSj9XGl0FyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTQgRUVUIDIwMTYifQ=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_tot_l4_data_len":105,"flow_min_l4_data_len":105,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1455907274088,"flow_last_seen":0,"flow_min_l4_payload_len":97,"flow_max_l4_payload_len":97,"flow_tot_l4_payload_len":97,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00419{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":89637,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"CAAnAERyCAAnmO\/hCABFAAAwXqNAAEAR6mLAqDhlwKg4AURcxIgAHPHkZERSj9XGl0GLL3IvQnVzMTdDbWQ="}
00531{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":193327,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"CAAnmO\/hCAAnAERyCABFAACBEpIAAIARNiPAqDgBwKg4ZcSIRFwAbeMnSANSkLugNTWCkTE2ckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00424{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":196759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0XrRAAEAR6k3AqDhlwKg4AURcxIgAIPHoaERSkLugNTWCkTE2iy9yL0J1czE3Q21k"}
@@ -50,9 +50,9 @@
00525{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":779814,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7EykAAIARNZLAqDgBwKg4ZcSIRFwAZyZkQgNSlWdockRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
00418{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":785600,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"CAAnAERyCAAnmO\/hCABFAAAuXwBAAEAR6gfAqDhlwKg4AURcxIgAGvHiYkRSlWdoiy9yL0J1czE3Q21k"}
00526{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907274,"pkt_ts_usec":902701,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7E0wAAIARNW\/AqDgBwKg4ZcSIRFwAZyoCQgNSlmPJckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE0IEVFVCAyMDE2In0="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":690777,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FCAAAIARNJfAqDgBwKg4ZcSPRFwAa2JLRgOAZtDWwMpn\/nJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNSBFRVQgMjAxNiJ9"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1455907275690,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00426{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":695868,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="}
00533{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":831283,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="}
00426{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907275,"pkt_ts_usec":835251,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"CAAnAERyCAAnmO\/hCABFAAAzX45AAEAR6XTAqDhlwKg4AURcxI8AH\/HnZ0SAZ6ExGoh1VzOLL3IvQnVzMTdDbWQ="}
@@ -67,59 +67,59 @@
00526{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":504810,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"CAAnmO\/hCAAnAERyCABFAAB6FSUAAIARM5fAqDgBwKg4ZcSPRFwAZtwsQQOAbEZyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTYgRUVUIDIwMTYifQ=="}
00418{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":512120,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"CAAnAERyCAAnmO\/hCABFAAAtX+dAAEAR6SHAqDhlwKg4AURcxI8AGfHhYUSAbEaLL3IvQnVzMTdDbWQ="}
00531{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907276,"pkt_ts_usec":636911,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"CAAnmO\/hCAAnAERyCABFAAB\/FUwAAIARM2vAqDgBwKg4ZcSPRFwAa923RgOAbRWOzuOZuXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxNiBFRVQgMjAxNiJ9"}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_tot_l4_data_len":13320,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_tot_l4_data_len":13394,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_tot_l4_data_len":13420,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_tot_l4_data_len":13342,"flow_min_l4_data_len":25,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1455907271481,"flow_last_seen":1455907282686,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11720,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":200,"flow_first_seen":1455907274088,"flow_last_seen":1455907285181,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11794,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":200,"flow_first_seen":1455907272856,"flow_last_seen":1455907284046,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11820,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50318,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":200,"flow_first_seen":1455907275690,"flow_last_seen":1455907286608,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1459182796665,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":665502,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"}
00784{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":44,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":803,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.204"}}
00784{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182796,"pkt_ts_usec":786743,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"eJKcD6iO8IQvSpdgCABFAAE\/AABAAEARtPbAqAH+wKgBaQA12G8BK6cig5yBgAABAAMABAAEBmNsaWVudAdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAwAALBmNsaWVudAF2wBPAMAABAAEAAAAUAARsoKzMwDAAAQABAAAAFAAEbKCs7MA3AAIAAQAA9bUAGQducy0xOTI2CWF3c2Rucy00OAJjbwJ1awDANwACAAEAAPW1ABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwDcAAgABAAD1tQASBW5zLTU3CWF3c2Rucy0wN8AbwDcAAgABAAD1tQAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDArgABAAEAAkcJAATN+8A5wIwAAQABAAJG7wAEzfvDBcDMAAEAAQACRu8ABM37xPzAZwABAAEAAkbkAATN+8eG"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1459182798602,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00446{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":602362,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDOVFAAEARfKHAqAFpwKgB\/r\/YADUALxT2I4YBAAABAAAAAAAACWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQAB"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":807,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1459182798651,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00437{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":651426,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7OV1AAEARfJ3AqAFpwKgB\/sZlADUAJw161e8BAAABAAAAAAAAAWQHZHJvcGJveANjb20AAAEAAQ=="}
00747{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":781825,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_tot_l4_data_len":366,"flow_min_l4_data_len":47,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client-cf.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.240.174.31"}}
00747{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":781825,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"eJKcD6iO8IQvSpdgCABFAAEkAABAAEARtRHAqAH+wKgBaQA1v9gBEDDEI4aBgAABAAEABAAECWNsaWVudC1jZgdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAFAAENvCuH8AWAAIAAQABU2AAGQducy0xOTQ5CWF3c2Rucy01MQJjbwJ1awDAFgACAAEAAVNgABcHbnMtMTE2Mglhd3NkbnMtMTcDb3JnAMAWAAIAAQABU2AAFgZucy01NjQJYXdzZG5zLTA2A25ldADAFgACAAEAAVNgABMGbnMtMzE1CWF3c2Rucy0zOcAewK0AAQABAAIhDwAEzfvBO8CLAAEAAQABU1QABM37wjQHTlMtMTE2MsBwAAEAAQABU10ABM37xIrAQwABAAEAAVNaAATN+8ed"}
00772{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":39,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
+00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":343,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"d.dropbox.com","num_queries":1,"num_answers":11,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.160.172.225"}}
00772{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182798,"pkt_ts_usec":820682,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"eJKcD6iO8IQvSpdgCABFAAE1AABAAEARtQDAqAH+wKgBaQA1xmUBIb321e+BgAABAAMABAAEAWQHZHJvcGJveANjb20AAAEAAcAMAAUAAQAAAQsABgFkAXbADsArAAEAAQAAAC0ABGygrOHAKwABAAEAAAAtAARsoKzBwC0AAgABAAD1swAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDALQACAAEAAPWzABIFbnMtNTcJYXdzZG5zLTA3wBbALQACAAEAAPWzABYGbnMtNzczCWF3c2Rucy0zMgNuZXQAwC0AAgABAAD1swAZB25zLTE5MjYJYXdzZG5zLTQ4AmNvAnVrAMCAAAEAAQACRwcABM37wDnAngABAAEAAkbtAATN+8MFwF0AAQABAAJG7QAEzfvE\/MDAAAEAAQACRuIABM37x4Y="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":813,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1459182816605,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605524,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3NAAEARdoLAqAFpwKgB\/o1NADUALHL+F+YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAAQAB"}
00441{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605583,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":815,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1459182816605,"flow_last_seen":1459182816605,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":605583,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAP3RAAEARdoHAqAFpwKgB\/o1NADUALO8im6YBAAABAAAAAAAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAAB"}
00599{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645471,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"eJKcD6iO8IQvSpdgCABFAAC0AABAAEARtYHAqAH+wKgBaQA1jU0AoAOWm6aBgAABAAEAAQAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAOwAGAAEAAAHWAEUGbnMtNzczCWF3c2Rucy0zMgNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAbAAAAAQAAHCAAAAOEABJ1AAAAASw="}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":44,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":817,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"log.getdropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":5,"rsp_addr":"0.0.0.0"}}
00599{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645471,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"eJKcD6iO8IQvSpdgCABFAAC0AABAAEARtYHAqAH+wKgBaQA1jU0AoAOWm6aBgAABAAEAAQAAA2xvZwpnZXRkcm9wYm94A2NvbQAAHAABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAOwAGAAEAAAHWAEUGbnMtNzczCWF3c2Rucy0zMgNuZXQAEWF3c2Rucy1ob3N0bWFzdGVyBmFtYXpvbsAbAAAAAQAAHCAAAAOEABJ1AAAAASw="}
00799{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
00799{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182816,"pkt_ts_usec":645514,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"eJKcD6iO8IQvSpdgCABFAAFLAABAAEARtOrAqAH+wKgBaQA1jU0BN+znF+aBgAABAAMABAAEA2xvZwpnZXRkcm9wYm94A2NvbQAAAQABwAwABQABAAABpgAXCmdldGRyb3Bib3gBdgdkcm9wYm94wBvAMAABAAEAAAA1AARsoKzDwDAAAQABAAAANQAEbKCs48A7AAIAAQAAAkYAFgZucy03NzMJYXdzZG5zLTMyA25ldADAOwACAAEAAAJGABkHbnMtMTkyNglhd3NkbnMtNDgCY28CdWsAwDsAAgABAAACRgAXB25zLTEyNzYJYXdzZG5zLTMxA29yZwDAOwACAAEAAAJGABIFbnMtNTcJYXdzZG5zLTA3wBvA3QABAAEAAVNyAATN+8A5wHMAAQABAAFTTAAEzfvDBcC6AAEAAQABU0wABM37xPzAlQABAAEAAVNQAATN+8eG"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":821,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00668{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00668{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566407,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfQ1JAAEARNKvAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00665{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1459182817566,"flow_last_seen":0,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00665{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182817,"pkt_ts_usec":566700,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf1cRAAEAR35DAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":827,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1459182818229,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00442{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":229650,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"}
00732{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":263375,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_tot_l4_data_len":348,"flow_min_l4_data_len":44,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}}
00732{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182818,"pkt_ts_usec":263375,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"}
00668{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673445,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00668{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673445,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
@@ -127,47 +127,47 @@
00665{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
00665{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1459182830,"pkt_ts_usec":673733,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":39,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_tot_l4_data_len":1218,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_tot_l4_data_len":638,"flow_min_l4_data_len":47,"flow_max_l4_data_len":272,"flow_avg_l4_data_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_tot_l4_data_len":686,"flow_min_l4_data_len":44,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_tot_l4_data_len":1218,"flow_min_l4_data_len":203,"flow_max_l4_data_len":203,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_tot_l4_data_len":608,"flow_min_l4_data_len":44,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_tot_l4_data_len":1118,"flow_min_l4_data_len":44,"flow_max_l4_data_len":311,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1459182798651,"flow_last_seen":1459182798820,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":624,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":50789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1459182798602,"flow_last_seen":1459182798781,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":264,"flow_tot_l4_payload_len":606,"flow_avg_l4_payload_len":151,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":49112,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1459182796665,"flow_last_seen":1459182796786,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1459182817566,"flow_last_seen":1459182830673,"flow_min_l4_payload_len":195,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1459182816605,"flow_last_seen":1459182816645,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":1054,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":36173,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":534592,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391465,"pkt_ts_usec":535228,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADENtRAAEARfv\/AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":838,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1535391465534,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1535391465535,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539748,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEaV5AAEARDx3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":839,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391495,"pkt_ts_usec":539946,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEPR9AAEAReLTAqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1535391495539,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00633{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545240,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEd25AAEARAQ3AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391525,"pkt_ts_usec":545589,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADETEZAAEARaY3AqAEGwKgB\/0RcRFwAsEMFeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":176,"flow_max_l4_data_len":176,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":842,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1535391525545,"flow_last_seen":0,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00630{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":168986,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jlBAAEAR6fXAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":843,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1535391651168,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391651,"pkt_ts_usec":170134,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SNZAAEARbMjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_tot_l4_data_len":171,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1535391651170,"flow_last_seen":0,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":163,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00630{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":506990,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/jm9AAEAR6dbAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00627{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391652,"pkt_ts_usec":507202,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/SaBAAEARa\/7AqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00630{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":513859,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/nwpAAEAR2TvAqAFA\/\/\/\/\/0RcRFwAq9+deyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
00626{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1535391682,"pkt_ts_usec":514087,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":205,"pkt_l4_len":171,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAAC\/ZDZAAEARUWjAqAFAwKgB\/0RcRFwAqxz2eyJuYW1lc3BhY2VzIjogWzE5MDc2MDQwLCAyMDYwMzE0MCwgMTY3MTU2ODYsIDEyMzUzNTAzMF0sICJwb3J0IjogMTc1MDAsICJob3N0X2ludCI6IDMzMzEzOTY5NzEzOTU2MTA4MDE1Mzk5Mjk4MTIxOTY3OTIyMTUzNiwgImRpc3BsYXluYW1lIjogIiIsICJ2ZXJzaW9uIjogWzIsIDBdfQ=="}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_tot_l4_data_len":513,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_tot_l4_data_len":513,"flow_min_l4_data_len":171,"flow_max_l4_data_len":171,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_first_seen":1535391651168,"flow_last_seen":1535391682513,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test"}
diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out
index 4e63eb9c5..0fe16ba80 100644
--- a/test/results/dtls.pcap.out
+++ b/test/results/dtls.pcap.out
@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00599{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1545143424891,"flow_last_seen":0,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00599{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1545143424,"pkt_ts_usec":891780,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":163,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test"}
diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out
index 29e04ebb2..630ba2656 100644
--- a/test/results/dtls2.pcap.out
+++ b/test/results/dtls2.pcap.out
@@ -1,11 +1,11 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_tot_l4_data_len":89,"flow_min_l4_data_len":89,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":748597,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_tot_l4_data_len":89,"flow_min_l4_data_len":89,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00474{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":964622,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
00547{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":975796,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
01511{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":332250,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"AAAAjZtQSEb7zh73CABFAANVIjBAAHIRjULUINYnPURumfARzzUDQdzuFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/QPrINelLG7enELoywMmLfG2olv7VWJxKvMqptASfoUAAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"}
-00985{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_tot_l4_data_len":1111,"flow_min_l4_data_len":68,"flow_max_l4_data_len":833,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","issuerDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
+00997{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","issuerDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
00782{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":353093,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"AAAAjZtQSEb7zh73CABFAAE3XSMAAD8Rx209RG6Z1CDWJ8818BEBI325Fv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEAoPXajyskrpyHTkXbJ8FmL57PBfY\/1TaYT0bzW3Kr\/EpwtXdjHcT+pbN8fPukJ\/mC77+vYOpZWDwhv6Nx\/DWp4Jvn+yqgQnC64Z\/WXIsAN1uH\/RV8WJNBQO\/19cBEfleSZaqoNGsu62Istna8HtfGBMBOW62\/qT4k\/3jE7EIn98BOINebIKb+ueGO2MzhHcT6EOkstFNcsc5W14JWO6dIoA0xAoGASDLKiRftqqbK+uNDPzk7xqyION59r88L7bnvJSephUmgMk9aDR6JDm0Euq5IRA2K\/nrTo7X4CfxJ3dHmr2zBkzimXJBaPSUeHK+7lDt96ihQtzG744bK2Rmtmg=="}
00516{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":355159,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3Y5MAAD8Rwb09RG6Z1CDWJ8818BEAY5VMFP7\/AAAAAAAAAAMAAQEW\/v8AAQAAAAAAAABAmdae2R4Wrb+V6WhwK9Dq82JRkPRlJ1zLvMeBmyoW80TVchkoOoZ+xT5QgxIMaEuKJqU6++RTeS7q5JEifcpBVA=="}
00518{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":573420,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3JpZAAHIRi7rUINYnPURumfARzzUAY7OjFP7\/AAAAAAAAAAQAAQEW\/v8AAQAAAAAAAABAmirY+WsSvTJjrUcGUksCxxC8bx15KwpJKDfXIxtf9hmYnH4fzWhB+IyZOZGqLOiHa\/\/TRA60JKjrE2I17tux7A=="}
@@ -17,5 +17,5 @@
00546{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":269254,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ8X0AAD8RM8E9RG6Z1CDWJ8818BEAdfPJF\/7\/AAEAAAAAAAMAYBsxJbxcmazMF1yZgVTjATb6Zon2xvveF2DtWggeNJLukjO4pdn+D\/5eRo12Wd7\/4LZ3qt\/WbDF9H1pWcnP1HjOf9Qg27QHN1pgBe8RKEE74PJevpF0HOEG9Oj0Qqtc73g=="}
00498{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":484678,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AAAAjZtQSEb7zh73CABFAABpFWtAAHIRnPPUINYnPURumfARzzUAVb+bF\/7\/AAEAAAAAAAQAQEAOtAoAQz3o001yodc3wtrR1khwhq9qQtJWfE5XJAcqfJdAJLX8pS9nHegbomNdxzflcV6TIhGRgTVvDEGTAX0="}
00546{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911706,"pkt_ts_usec":647553,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ2GUAAD8RTNk9RG6Z1CDWJ8818BEAdWojF\/7\/AAEAAAAAAAQAYPlR045oqJCgSMh7ALVP58tRoxRJJZfJelm4LrwIvz5OUnOverhJu\/z67oZASGIM5zE03Z8YpZZX+V95itxyIN8Rawc56lHbJd\/wSy1wkJnsupWPJbKTGAml7J4a\/LW8KA=="}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_tot_l4_data_len":3971,"flow_min_l4_data_len":68,"flow_max_l4_data_len":833,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test"}
diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out
index 8eb93cd89..b32adcf25 100644
--- a/test/results/dtls_certificate_fragments.pcap.out
+++ b/test/results/dtls_certificate_fragments.pcap.out
@@ -1,11 +1,11 @@
00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00832{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":726225,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":320,"flow_max_l4_data_len":320,"flow_avg_l4_data_len":320,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1556606275726,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00476{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":848420,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAp2BiAAAAtzPNCABFIABM4VFAAD4RKogj0juGCrrGla2bmbMAOPKRFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FGas+MFHIUbk58MIduuc4UCKEPlD"}
00861{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606275,"pkt_ts_usec":913729,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="}
02310{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"AAAAp2BiAAAAtzPNCABFIAWg4VdAAD4RJS4j0juGCrrGla2bmbMFjGwmFv7\/AAAAAAAAAAEAQgIAADYAAQAAAAAANv7\/exvJyLXWPruOHL5MK7Y1JsnEAS0AtJ+iPSn4YJ2mNsIAADUAAA7\/AQABAAAjAAAADwABARb+\/wAAAAAAAAACBSgLAAYLAAIAAAAABRwABggABgUwggYBMIID6aADAgECAgIBDjANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQTAeFw0xOTA0MjUwOTU4MDZaFw0xOTA1MjUwOTU4MDZaMHcxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQ0wCwYDVQQHEwRPc2xvMRswGQYDVQQKExJPcGVyYSBTb2Z0d2FyZSBBU0ExEjAQBgNVBAsTCU9wZXJhIE1heDEZMBcGA1UEAxQQKi5vcGVyYS1taW5pLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAORPM+HvV9uX\/YNDU1hkJZQiq9CpOzjLL+wmzk\/mxknC\/lzt7\/2Qg3qbyuKW5iBy3JZxaPO52oDwxIsilmeOkz4Mh8DnHyTx32hID++IiL649AXqYsGsHk8LI47iaUM6ub1Eu8MRDgFfIdgDsB\/iOYBVS6hhS44QgmBZ3WVRQHREe6jWyQtKDKooXtnRMU29d8xdLHTrujs0FtnJ437d+DiadyE+snuairyQNNrpLSNIZ\/pq6ewzal4u0NNe\/WlSiQTKqZBXXAL88GeYHTv+6w0xcxAqMiJvKS7otsvURb+7AhEr9BfD5cpFwVxi+SZQILibozwuzFJXx+cIypgIV2UCAwEAAaOCAYEwggF9MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMCsGCWCGSAGG+EIBDQQeFhxPcGVyYSBNYXggU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBToCRx51cxkoksSq+PH5Da9dPhtITCBvwYDVR0jBIG3MIG0gBSyo8s55dkAqfYHaJNGmRcwX2DgzKGBkKSBjTCBijELMAkGA1UEBhMCTk8xDTALBgNVBAgTBE9zbG8xDTALBgNVBAcTBE9zbG8xGzAZBgNVBAoTEk9wZXJhIFNvZnR3YXJlIEFTQTESMBAGA1UECxMJT3BlcmEgTWF4MRUwEwYDVQQDEwxPcGVyYSBNYXggQ0ExFTATBgNVBCkTDE9wZXJhIE1heCBDQYIJAM0pJwGa9KPrMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDAtBgNVHREEJjAkghAqLnNhbXN1bmdtYXguY29tghAqLm9wZXJhLW1pbmkubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQAsxMazt97mPzh89ugKFn+gchqN+8gwc\/qgCr24OgrCxlbcAuboN9GwNVyzEBLp8xf5X2uUbpzhUkNw8Da3gcOG9WRU6jbrD1WcRY6JvO0Mmn7tYOByaat2bf6co4aeqoorQ4XfH4XhjO0fNkhSxSnFd+YB1aTRfYQRZ9pIyqogmNC9mJGTFtFs6cJjs1UFLJ2Xs6n5RJMSgKdDdAS6NIKDCnhLmY29DHpiEqG4lF3or6tz0shqbW58O48+6Ff2qWryOZnPPF65AmJhRVUGil0HqRIZ9cej0+Pf1mpRxVU7o1XhXNWwazwIl8+tAnIOdpr7DJtkDNmXYyRKwOo6aEAWQeceETyNh3LwIE2unnIZhLc="}
-00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_tot_l4_data_len":2136,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00806{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":35205,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="}
00919{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":85753,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"AAAAp2BiAAAAtzPNCABFAAGSW7NAAD4RrwAKusaVI9I7hpmzrZsBfv3dFv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEADepD\/V3arFOYbwmKE7AyLr8Mlkxjf\/+JALcGEfko94eqwWztTmhz+5MHaC3z2G4vijVYtEU0sNUf4k4UL6wwFhc4ONU9ksZxVeWDxj085t3ouboFjrKqqf+Ez1VEasOR\/SQEHHJBKwmNh7bq+rPqD1Ue7o869xS0Ymdb4H9LtDDNAji6o60xxgjRgSC+FebqYWIv5JnGs2WkXpl3IhmfOFW6W5CEXtUG4NfVmU9IoLdnFP2SU65LWmxaCyTTqkryoC1SLTZLn+hoNIWj\/VtnnGu3nDwz0uOmfkkiYJPNH2dCcUwbCzyPYZumVNhytb8RGLPdT4cTupH4gydkV5dULhT+\/wAAAAAAAAADAAEBFv7\/AAEAAAAAAAAAQH0w1cLD04ZuwDU4bylSo4luvAkRseqvzP1gwxOBxPHlWhFGADtoMC\/32s4rqRyxoBSovKcS+f0vYtpwuRvkYq8="}
00796{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":208505,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"AAAAp2BiAAAAtzPNCABFIAE24VlAAD4RKZYj0juGCrrGla2bmbMBIraNFv7\/AAAAAAAAAAUAsgQAAKYABAAAAAAApgAAAAAAoBc3O+4w23k\/5z8GmKukkbjDMff5rrk7+NToU1SbJXCJnHEd6A2yutLzkCFjPTUj2iskxW+N5pGd\/HbH9Qs0cxkoOl\/FD6MeDKEPJz6HYBc7KVaNKEb2MrMrzg6NpAvMub2j0tEIcZeMLviwl0np+UKk5QdSS7sg2rNtbo06Ti5lD5dlFmfJNUs0h3c6AXI9tTgKknO+3QAfCn9pgzqxmz4U\/v8AAAAAAAAABgABARb+\/wABAAAAAAAAAEAHEaSBn03cC\/XnLHWJ0nYeygw7qpVGF+6b6MyV9BDeZlXEG1sCX1Fbw2CrpWqusRdW\/O4z5WTa6iBvyaiIiXy9"}
@@ -17,5 +17,5 @@
00672{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":387758,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"AAAAp2BiAAAAtzPNCABFIADZ4WJAAD4RKeoj0juGCrrGla2bmbMAxbChF\/7\/AAEAAAAAAAEAsKOaNTjAgsTjXGffOf5e6kLpRuzzr7ka\/PR7CUHZuK8VNdXrkV1W06A+1tn0237G0C5cdaB5n5EllSJwXcHb2nHT\/XUVs8pP4enU1DNtdnnoKdnYbPodN01annfE0UbDAiDRUdECfRLF26BsmXy\/cY+9YosZUzWAyy0\/fDAg4rgR9Wf5i9Cz4+JyeHQ+ZRZGSUfakeFjkqX98r9W8mmvznQOaHeKhlpFTuam8Xs3Bt6w"}
00607{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":388073,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"AAAAp2BiAAAAtzPNCABFIACp4WNAAD4RKhkj0juGCrrGla2bmbMAlUz7F\/7\/AAEAAAAAAAIAgF7X9rlHDap9CZLTo4tXGcTqwQ2WiFJEXTqSfAc28aXOrC7SUyG\/BB7vUo+G2AG4V453rc8KT3IGeWmOK1Ytt8oWOXU9OGIN39kkVlMttVkl1sMV+SQQj3ORu402RcTbM1wMCAB\/Q9NpTysQO\/19jKpxELJ4mD0GCGmJxRgN0ChV"}
00714{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1556606276,"pkt_ts_usec":388085,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"AAAAp2BiAAAAtzPNCABFIAD54WRAAD4RKcgj0juGCrrGla2bmbMA5bs6F\/7\/AAEAAAAAAAMA0GXW0AV0AJtu0HPaz6RfzO9CZWHXd94kCiafP4nVscZ0fN+GHYFWd\/lv6OnyFN1LFbq1Hc1un3I8EQgIV9EyEXZymewAmNVoOpK44k\/X58OiRLTx0ka7NyiK8sq6JLUl1H2lAnGTrfQLPNzkrlc7KU7sQx922PVFO2GshX19R+IBXtxhY3LuWx5UHxgtU0Mm+AyZx3mijZlUhGlL7LgNUEQgZvTq+RIFlr5mZGDSlKzsQb3ZBrh4wmALuEwSh0ZOoyYhNEc53O0hzv2UAoIYxmQ="}
-00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_tot_l4_data_len":5298,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00146{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test"}
diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out
index 39022a11e..1760625fb 100644
--- a/test/results/dtls_session_id_and_coockie_both.pcap.out
+++ b/test/results/dtls_session_id_and_coockie_both.pcap.out
@@ -1,10 +1,10 @@
00500{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00553{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":775130,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_tot_l4_data_len":107,"flow_min_l4_data_len":107,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388499775,"flow_last_seen":0,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00483{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":786468,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAAAAAAAAAcAwedSCABFAABMjnQAAPMRxAzfdGn3ucRx762bxFEAOGNSFv7\/AAAAAAAAAAAAIwMAABcAAAAAAAAAF\/7\/FBwO\/CFwEASeBoBTHTZO4F6qQqae"}
00580{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":813030,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="}
00649{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388499,"pkt_ts_usec":833900,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="}
-00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_tot_l4_data_len":468,"flow_min_l4_data_len":56,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_tot_l4_data_len":468,"flow_min_l4_data_len":56,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}
+00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00151{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test"}
diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out
index 913bfe98a..b3e0a6454 100644
--- a/test/results/encrypted_sni.pcap.out
+++ b/test/results/encrypted_sni.pcap.out
@@ -1,14 +1,14 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01380{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680386,"pkt_ts_usec":576239,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01384{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680387,"pkt_ts_usec":847337,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01378{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680391,"pkt_ts_usec":590254,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJM1prHJ\/+qDqcKEqpG5xU365kjS5loGMkTxyoKwRhL+l3TthfgE+TKCSsunPt4vNjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test"}
diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out
index 87d480e7f..666c50960 100644
--- a/test/results/ethereum.pcap.out
+++ b/test/results/ethereum.pcap.out
@@ -1,63 +1,63 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508362,"pkt_ts_usec":274369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578508362274,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":333871,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508363,"pkt_ts_usec":692141,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":272113,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382390,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00626{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382655,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":382946,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1578508364382,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00625{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":421473,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1578508364421,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422230,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1578508364422,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00625{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":422710,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
01822{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519784,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="}
00965{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":519815,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522823,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4zfAqAG4QipS9t0kdl9\/aKJnAAAAALAC\/\/+zAAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGaCDAqAG4pRZrId0idl9zKqGzAAAAALAC\/\/9E3QAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522827,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNxTAqAG4aCrZGd0jdl\/sFGYiAAAAALAC\/\/\/WdgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522913,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNRHAqAG4ovOgU90ldl\/qeq6yAAAAALAC\/\/+NewAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1578508364522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":522958,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGYCLAqAG4I570l90ndl+E\/i4vAAAAALAC\/\/+eigAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523037,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqeDAqAG4ImGsFt0pdl+dmoURAAAAALAC\/\/94yAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523039,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngTAqAG4NOelbN0qdl\/FC\/gzAAAAALAC\/\/\/SVwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523109,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFafAqAG4v+qixt0sdl9ft67AAAAAALAC\/\/\/4vwAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523145,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGdIHAqAG4NLvPG90tdl\/U+mmAAAAAALAC\/\/8nlgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+YrAqAG4EopsQ90udl8TbQyrAAAAALAC\/\/\/LAQAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523185,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFLLAqAG4EopRHN0vdl8VNVkbAAAAALAC\/\/+X7wAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523293,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvA\/AqAG4WSZjIt0wdl+afwcPAAAAALAC\/\/8MDgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523327,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/8DmAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523356,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAfvAqAG4soDD3N0ydl\/wysJIAAAAALAC\/\/9AcgAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523418,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPejAqAG4Iv8Xcd0zdl8e+UQoAAAAALAC\/\/\/MUAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1578508364523,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":523420,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGRzjAqAG4A9EtT900dl+bF1VlAAAAALAC\/\/9IRAAAAgQFtAEDAwUBAQgKItiUTwAAAAAEAgAA"}
00598{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":563748,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"KDc3AG3IEBMx8Tl2CABFAACxV7ZAADERmgVCKlL2wKgBuHZfdl8AnaK0fEIbGBqDvIrgEkHISxvw4daIo1RSAPsaWiRQZnDOwteCpdNuEHAKkf4qhTn951kjq+ta18NQVXgW\/g4PPXuXiV0Qa\/G9UyK1NNATBLMnTaWqYuSaSklfuyWrYJCN+duPAALyy4RPFs69gun3gun3oGE9eACysJzHYDAgc39fUYaAxGcHwJ0T9TM+bdQkH1h\/hF4WIIg="}
00437{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":565857,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GcyYjnvSXwKgBuHZf3ScG6rxyhP4uMKAScSBDbwAAAgQFrAQCCAo03AK8ItiUTwEDAwc="}
@@ -65,17 +65,17 @@
00437{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":566297,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="}
00426{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":566341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"}
01103{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":568148,"pkt_caplen":561,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":561,"pkt_l4_len":527,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIjAABAAEAGXj\/AqAG4I570l90ndl+E\/i4wBuq8c4AYECy0dwAAAQEICiLYlHw03AK8Ae0ENFbRMbDoR8q7\/lBVpSLdvQ0ss\/KysYDT3cgeuBsRepnhTempELxTDDzyA+2tnSS3\/ruB2mpEbWEuSedlIoj8Q+\/G+12XRxalYMJALGF\/Er1BufURk5A1YQ9d2FudC\/iAy\/0\/SQgKSDzazWMxd7m1Lzwbt1nkw8ZjTM6FPB2McyXwSH7Wjc1nUQhgSn5LWTODVqRQ+X4PuwvkifJR9XsBkh3VIgyEdaHFX8Yr3KzeLOekLEwSI0yKjH4ZLdpjDM5KKnBhg548bY6D30ay\/BaaMyf58ioyShCmLNSMSsFYyQQfVVYzvtvrZbl6LBsAaCp1QztDCCDI5Nl2M+bjMCsqt67khRdyIfZr+458mG08qKTyjO8oMmjYTZnLSmtS\/VNx\/QIJ5AL1xUckB+Ry3W4m+FfUNCXmhxM8jJ7Q4eEIQ3o0C3wBOm4q5OMhy77zHLV1U8n+1P3lzOlz1qwVcBSZ3c6jcmKjn7wAUE56CQ3m8W6n0IFKPd3C6lqMAp6k49eCxjEMbPCq3GbuLOhnLL0327qOy9StdTswkzKaOg7a3WHDZrriFvESwbOC3lodEcL\/J8VODIzTYk7iMhP3qabE+jkUi6\/1UrkkkLHqBQ7cfZ4aoH5Iqr35Sjr2YB7HO6Wo2LBxq97lA5uIai0r"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_tot_l4_data_len":643,"flow_min_l4_data_len":32,"flow_max_l4_data_len":527,"flow_avg_l4_data_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":495,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01175{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":568221,"pkt_caplen":612,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":612,"pkt_l4_len":578,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJWAABAAEAG\/+TAqAG4soDD3N0ydl\/wysJJ+FRpUYAYECwg3gAAAQEICiLYlHxfPQwNAiAEhpkrlQBwH8ddEcq0BdL83Bo3hypa+fGbFwNsVRwx6iJqkT5ihZAS\/ej6odE27zVMZrwBgqFs6p9Y1qpQoG5AV\/xzB4ClP9AB\/3NVdEZa3hbMgtTl1WhChUY7PebrIbb7y7PKnhNG+fKkKEu2x79pMd24HXnzXjog8DrnqEwTWv5KnyKedSGLXPCsTmlzQN0QJEEY6J5nOrHUU8dFU21ucoziHzGqWR5upt8sNYEWXNo6BUoTw\/WutZuGkhbYkbg5yWqRm30izxfOmiC8VyOi\/XMkx2UM3FBf8b0juv8c6D9s\/qC+0wi8mopLq4rc0gMxNoHlt+XzgDmJJFmvryPOV\/VAXW0q9oQMgKbtHFLpFdW31b4pm9vkytbPbkbcxgYGzaDvLEvKf9fu6uiqaksKWf+ZV+QAMMtjZP7GkVhpNpwxIdCnaZadlVVgG5B+NfjFmgFxDlq9z36B5kVcAWPa24LZ\/YDsz5uz6kgth55OzqmUOcrjN0\/VL65\/IbGLyC\/XZeQucYMmUi5JlCrKEYIFZvdF9RFCHhZvdXS1fXnC5BRkGI9NSx1dKmp\/59WBa70i7aYEdFQrwisFND8qlAvWK9W60aDIMUoR\/G\/TpuNnaF7w6dROBlznoePkr7Mlqpx\/UMiw+Y\/vg9yIOdXpZ2b4tI2QpgNHpymKXmH3PbTxBdPmO5c6fcZf5qmOPHf8dq+j7gt1qe6Ulo\/6iuixGxQb"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":32,"flow_max_l4_data_len":578,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":546,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00437{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":569557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="}
00425{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":569615,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"}
01074{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":571106,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"pkt":"EBMx8Tl2KDc3AG3ICABFAAINAABAAEAGukLAqAG4WSZjIt0wdl+afwcQBAH0FoAYECxDKQAAAQEICiLYlH5fmkPpAdcEgS+qh2jbezyTSBMSn3K2Hympu6ADf5Hlhjv3vVL89xA433ok\/DfJinh\/mQLRmjZUTP2ynwWLoVuXup3DiktHavBeMvYUR1tKgWpIZFgiy8srilONDu7zwe36OziVlsdnfH4gSQevsTp8YzK3HiklBd\/TTzXG41FvrNfXRl0zTEnAkH0BVlO4ojSBnU\/nYt9V2hlnEaW\/mcpIq0oI11JhMcTShgByHbHchSeVwzNObDaAQftXXQb8kI5eimoPm+90BWPKsgBHFRySPtchPOCB8zI9RK+yAUPy9Xy326ZL22UBsRclJLFHStO5RO4HXPST4yDuQFk4\/9KnRJ98AT\/0plbhjnGAl98jUbiaRRduLNzZR1ZinqX7RdydZboE4IDCpbqb1\/g8WPCtd6NaVAQTTJHhSgs0gR2sVCN5w6nQL\/\/j\/IUC5jj+Na3yzuTMzHeG3Tt3xgJylfyrPTRda62GOUBHb2QVvLfiIOpfmrdpm\/RBZkb+8D8agiXAsIHe0qgMJsRKezrpQan7dnp9CRGst2ez5Ikv10YSuFE0HrQSq\/NP8A4+RHCkIvxBxl0tyCYcSeGZkRpLT4Sfg7T1+JOKVVaOIgCBzeXKsNkI\/CCGzGAPItw93RQ="}
-00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":32,"flow_max_l4_data_len":505,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364571,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":593446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="}
00425{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":593616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"}
01122{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":595041,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGO\/TAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AYECw7TwAAAQEICiLYlJWnEIc7Af4E5Ftu7jhsh85mLz6DNdsr0rAu57KuMEEixSIhTUDBiDfVxvICkA5Md\/KKK0k3oE9+USvcqszUqPqZS0YzQ9lY1TT\/7cu3JyyOo6CJXkfDE4lma+SeZys01m9T952LuyvfS48J7XlHZgraHR8cc3n8HM9YAHMsuedtFBG9prv6HDrQGSb03gVP6VxROea7RSYAn+GEuUGG2+5SwvTtMvcBGDkNIFf0+rzM7Vup0UcVtmwoDndxJ\/4\/VfNR50YiBMyCiwTTtO52rPZkFb3MCR7wVc28UdXcwGsfavpyG0m1ZyTVuctUw4csneHOJU0nHt14r4rU0983EE3nyiF4JrC6UWya4O12uL7LPLkqGQJnpWpfiNUK\/CEAiwiZR+8f3CuR\/L9bCfrWwBIJAAZ69SxxRcB85802N1ESA\/KDY5oKA8in0wBWRTMOSh+WJqLWlR0xlxNbRcKueBbcg6sgqnZuuypIrzOe6pkjQ9Y92tWs1UJguFwDFK3aBIqvwRXCHt0IIRtFIjv637tCzfR4kZQX7JDqbOBeRFtA9zcohdcYuHGtI63P8PaY0lv6+B4+xY2kBnmR55inLSnZNGcaFlPXXxfXBf7FGwL4BL3G9JKfxtGcGk\/eaHYb+98xEWv\/CFZwcwGDKxGiTf6dYH3fob6Ul5r+ZFAJ378vDb+ajQc="}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":32,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":629148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZWFAADQGqKWygMPcwKgBuHZf3TL4VGlR8MrEa4AQAOuv4AAAAQEICl89DDMi2JR8"}
00425{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":629323,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z0xAAC0GC+IjnvSXwKgBuHZf3ScG6rxzhP4wH4AQAOvgIwAAAQEICjTcAuUi2JR8"}
01040{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":630141,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH0Z01AAC0GCiEjnvSXwKgBuHZf3ScG6rxzhP4wH4AYAOu1rgAAAQEICjTcAuYi2JR8Ab4EMXzZd\/uUvLzmW9ZAV5ZzOVFA7pd8bUkz3vs9pOmjSoEoCj9YgC8TLhs5Vksnb+FI3PVeEvkGUatxz+WNtzmfIBwncRiahVtuT7mfd7IORkOdlGkB8NArQxmOzyerFVFPC\/bHoXCz7xit8pHK8xBp2JYqmu4WK7mkjpnrswAispYrtwnyj3pqxVWbBI+2cluetz6gddapthJNDXd72gXJl5djVqpyWMCYPYFx2b01TFG4V7+P+EA0tASeizr1co2UR1ptVw\/DKfm8ykJJocYg+2bjHoxuFydYt+0nTjMAil1Oa6f3rw3OUWaeNbse1TSiM7wkiYNhj9o2AYsLpt\/IvHCcT+LVtuN9d\/+sxJeBAoL0S3xzTjmrX7hU8hcBxrXs2FO7MAD2z6QqbXpqXbWX71\/rrboDM41aWuupeREhfei7qxsPvkSwR1tHbKwOag\/aN+T1Pd4lTHZy4wR\/OjjfYaDLrb0TO2K+ecwnlTkZ1h4hvUb1bMIDEQd7XBxOz1G7CBXNx4p\/HYw4\/1RJ+QW8DF\/mMEicohp3oFZBsgk9yGxS\/NGjk7IzMcJksCvqyGUJ8H4RNDq11xJGttLzIQ=="}
@@ -100,7 +100,7 @@
00450{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631311,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABEZWdAADQGqI+ygMPcwKgBuHZf3TL4VGul8MrEa4AYAOuCqwAAAQEICl89DDUi2JR8yjgzdiqPQc3ERKwWeITX2w=="}
01829{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631547,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="}
00970{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":631563,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMc1AACoRgKc056VswKgBuHZfdl8BsY\/7AbVh3gWo8SfsvrDfXBEY37aMXJSMN0uUwOwpyu6B6jgWoyOOeaZfW8p8K7cC87fG39PLVlOFXQ3jYq9vtOfBDX6bH8L6Ud1+tJEwlS7mp2rbZA9sYf1hxy8FHTKGSTs\/AQT5AUT5ATz4TYSKyQxXgnZfgnZfuED5J7sOgSfNlVjTASmSDY7Fy7YY+BpFJY7pXwctWhMJTcOmMj122JoEqWmMFn5AxleLHeL+JqTFgSdcxQ2RnazX+E2EsAmI0YJ2X4J2X7hA9ktwuFCVbr2r\/BglRNLo78e9LIAJZ\/m+C+hWU0f89Bx2rrwMw00HbBQ0vUlGFoe1fvsEkUHUVQGEbKsMLaak+fhNhFBCUN2Cdl6Cdl64QKZAuhr8bhttB8APdDnL12FVc2oOf7Cmm\/Y3npKkXJW9Dwps8lIG5ynIfbmR5Jk+ofa3SNxvldAlmXVUluLeK3z4TYRV1mw0gnZfgnZfuEDCrBy3iaIRw9zhFQbbMZN19+v5HOsBbt3w+xt1mt5PoxBj5B0SHwdUTQM8H\/QXv\/y283eJhY+z4AISqPo+Z4tUhF4WIGA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1578508364632,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":632239,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGCOPAqAG4MyY8T901dl\/qiNMXAAAAALAC\/\/88YQAAAgQFtAEDAwUBAQgKItiUuAAAAAAEAgAA"}
00425{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAZAADQGGBVZJmMiwKgBuHZf3TAEAfQWmn8I6YAQAOutFQAAAQEICl+aRBIi2JR+"}
00929{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":636299,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGjsAdAADQGFqVZJmMiwKgBuHZf3TAEAfQWmn8I6YAYAOuDtgAAAQEICl+aRBQi2JR+AW0EnJ5fzsMrXil5F8Nzp0mm1VxyUnRV4T1BIpSe7g\/E+N1+2lOs2frTyI+5SasLlRq0wjMhTCMALlCbFANK41nr2v4Z79x7xApLXqyuhIn7JVZKANCoIQgB5XzMFBS3\/9BwBFlShd95WOJ793tKi4K8LADeuSMgN\/pTabWcosjb3YZxWK+Lelc5YxLmfSxxFV9wWC7K6QvbU4KIrj5QFQAU5ACvFqXM4\/TthkOFXySYa1VxvNxosb+NXuTtu\/Fd9s44Tdg8r8LdTpzNdFab8G6yuG8\/5jbZ0Dd++JWkhXSwwcGUPRLHC9h1W+HzQIiqPE81khvY2cPK5ki4+\/OM9fouJhdymaaFoZa7urm3VDxCiasFi\/gMlYembXYGLrd9qaxggLy0jGI88Elgd1UOyRdOpdPm1a0rFZnwViGwedGd9B6RVOn2JNV8VgXBFHz+LBSpuyNETHRaxkFJOaNldk3X52Z9UGGF2WftC9d\/lg=="}
@@ -113,14 +113,14 @@
00438{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":646518,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="}
00427{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":646622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"}
01050{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":647922,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH+AABAAEAGM1PAqAG4ovOgU90ldl\/qeq6zu+0RD4AYECxhVgAAAQEICiLYlMd1Z9P7AcgERo6ealhQS2J+mLynCbY1Hy1VHiXXjBEF5aZwYGsb1SkyTi2BlJLR9jlm5o9Yd4cS3KEoVJoAklWjbSq92M\/MxJ5i\/czl+D12\/rOTJp4IahyydQsdmxoEz+gZK86QtII\/+oGTj+U6VBaWExPYNq+C5V6TyVuHtDJDL3Y5atSFV0vzcy50rbayLeR0ayU7X+skthxj17LZfPA8iwm2c0WQGrMZnTOZhZMrFs3qwxnotfISDwNhBYVpVFhbc8xQauW4yRaREul0OeSJjKTRqmwVmJi81T4w2q2ijNkQBElUV02KdBr8fSu0sAI3MZj7mpO0vMclcJzVexbpn6a8CFqneMX9Apb9+9fepGMwGi2Sd\/qVXR7MMB6XN2e01TGbAUdypeN4yE4FkNu0ytSmPuRSqOixZkDpRu9orcap45t0\/IY5QKnvZ4vGh7T9AxgZLVBMyYJQoDqPZmcYhAb0Uox6lV8OBTYagrByVt\/zHKwHf0wIQ3a1Tgn6QQRhkbselkN+OOVMLmPmzwgCPNNnMubc940pqhI+cDCqm\/aqRhGmY62LP3sI4ch0mQOjJP0GeE96z1UuxyRqXNxQ46lB5SewRzVYwD3TBZA="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_tot_l4_data_len":606,"flow_min_l4_data_len":32,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":151,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364647,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01834{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":649773,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="}
00972{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650052,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="}
01841{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":650675,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9MdRAACoRfig056VswKgBuHZfdl8EKRKyNhMNoVpKai\/zY6JtPK148+n8O0oeVuWetq0EUGeIZ+RtfSVG+aSj2EjmgE\/VzJtID8hcsMA0vo5I3RXPomPj3yUethvOHViNcPLofHHgt6Et2w\/V\/IZQwikbIBWnB9DTAQT5A7z5A7T4TYSAADOMgnZfgnZfuECzAedbnywh7LLXCkndomTntsSUpeaU+X6fjJnfrZQaB1R+H8I82rjSB7H8uOb2MmX2h8Eh6LA0rwKGlGg4GwHK+E2EItltD4JSCIJSCLhAV7xweLkhFnsF60oz420o\/7aRuvQDfeaR5dpY3JYLjsX+vIbrgixVpsHDBYr8HpBMbqyvQppwqy4HYepbXQ439vhNhLmcKfiCdl+Cdl+4QIpjJmS5Gps58YQUc3o0wkmgpBHEx1gDORbTV1rWIFwK7dVIOGdwy7ueFkd0ebURyFnWaX56rb2vwE00TcZVQc\/4TYRYYyPigm\/xgm\/xuECpd\/dXqwhUtMXwMPm+u9hAJuGJB0TlNeJH\/rhwYyfJLba1YjqffEkcEK\/elP06ULgIs+MSln0Dqh5H+5kYnNGk+E2EZc\/gMIKdZ4KdZ7hAeuBt+eVpr\/lD6zfG4rQPZ1zeBes7bOJwSykdL6ML2QKv452iWFBJMIYyvlNFnq\/\/C00h2CuZ\/anhkV9S20AZY\/hNhDTCDYuCdl+Cdl+4QLBhjnLjpcFxFmfKTcMgokq3D+uNpAukzphlJv9fJvmZpMDVt4vA7QCl\/tQeO6YywXwxPSo5mqDxT4Mhw84RQzb4TYREt8O8gnZfgnZfuEDIng59WZjTY84Fc4kJnGTPNYzt3nnlhEfJGfnOrlC6yoc7pGIyxRJAuIHlFFkehfT\/MZnQKZAPAlW4w64AegZe+E2EJox0OIJ2X4J2X7hAUcnvye\/EDV8yhpr44tuNjcH1iKn9VgwhEfiCj6tWu2I48UyT\/1NGoVARZK9OdquCOZ6CApHQbW+DYNgMbETGWvhNhANdcHOCdl+Cdl+4QD\/UX2IqmKGVR1qU9QsLqb3KjV3UDG2NojB8dIr7Jri2pn3jv\/+bXP6J9JPk1pIlWnrC4\/MFYoxS2N4EW\/3JczX4TYTOvRBhgnZfgnZfuEDSgII3zWEN0R4iExLhys3S9YgXOxu2LLtFpLUyUOie168aVDZZDdIBkFFi9sbcxATorv1KnwQmEOhtDobrFgpZ+E2E1YVu74J2X4J2X7hAOuWZ6O0wzMscIvV20fKJ6imvL0uabNom7Rtt3\/mq1Yc\/cUISC095aLfdfnNtvPxS8fkoG\/ogbmJFfhJwViVFH\/hNhC9cJiiCdnOCdnO4QGKt2+KrFMp40sLt\/0+vqoO+7cd+LGeqSI3nARXhQPO7oSmSUrCcwDSYZBC7QsBPfwF6JwXzHNJha7yydiKEG9+EXhYgYA=="}
00971{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":651426,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFMdVAACoRgJ8056VswKgBuHZfdl8BsWtYNy\/hj5gk8D7Qb9lhdkjiXuUss1RO4UI6kATznWWyDqOMchQJpCnqSV674XgLJ5rYR9PaOEhT48beQDu03i7VZVNxX8nv2G6qMXRfP0\/h3IH3SU3lIC1bxcXTs3w00ZHeAQT5AUT5ATz4TYQi3xdYglIIglIIuEDVG9dFjWMC0aHQ4vqnlKYK0gcQOne9YNbF01KJqjowzmQZQVcpjdSvYUQ2oIynqEm3wQCNB+a8ozVymcPr6iYo+E2En1nK6YJ2YIJ2YLhANx7lUx+IU5K\/T0hlFB\/0kJV+5Mpc43wZst9aIXFLC3h2rT7jqKAorAWccnKDf3zh0thGd+rgV1dnqgKCM26ALPhNhFnd2oWCdmCCdmC4QFU0BpRJJdzLAqOeJ+LAjuBufhPi0BPM5VRHqi1HMHWSXj+rjd73LjnWjILlW20x3ZLEJfz2+7zut8KH8MBENo34TYRZKAXhgnZfgnZfuECPxq5\/\/aZwdoEnw4F66ja2vzoSmIIUuIfx7Q3gAQliMJDvmV1wYTJr3\/S152jKmk+KnQJu72UByI1G35q3AZ9bhF4WIGA="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00628{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":654361,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1578508364654,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":655558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0tVBAACcGoaMi\/xdxwKgBuHZf3TMrXBsHHvlGKYAQAOuT7wAAAQEICqcQh3si2JSV"}
00973{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657661,"pkt_caplen":468,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":468,"pkt_l4_len":434,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHGtVFAACcGoBAi\/xdxwKgBuHZf3TMrXBsHHvlGKYAYAOsCCwAAAQEICqcQh3wi2JSVAZAENpARAs4gLKabLp0D6Y3Nyp\/GQ9Kz6V06NMSPQOKv3s9Ejuvu0WkofnnoeHbu8ZeqAb3RapSJwXVNMkmZlJB7T5N8BMeBtnaSaRRVqYAB1mZYcujkK0QQ\/gjskze8v11lDscXXcxVmVKvoEBO2fdb15qhRf5yVLm+55brffXQVKwdLSoZKXhOX2lTtT\/cXJTctoLowqgfdEJqRaZjfdoozad0DBG5GDaLM8mlOshCHR9zCDEGPBfXOkHyDrgJz\/QzLxeX2qTwvvp4nNk5MZD7M9fxyO8Is+tDxSOgA5h02FSPo58jFXIjlCJ52F3cGJYjqyDCLJ7ocE42DZiwALTPlUhui69KIZO\/jGhXYvljZAr\/wIKDF+g6slDfzXufd+XlO7X6Z4pR7IcDGZd\/qJRB3udbzPsAABo+UqXwr8ujaGoqzr4KzhLqvRzgDLIbN3hwRJsT+nNmIX4FXoAPgVnMevSofHWKf8aQK8cWo4WGWVBHyJix3Cz83Bf8Ca2LbFuzYHy1c8enEjfCI1Xsb5iW"}
00472{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657663,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUtVJAACcGoYEi\/xdxwKgBuHZf3TMrXByZHvlGKYAYAOtT8AAAAQEICqcQh3wi2JSVmzR\/Z2r4JlLZOXsyzI3ghD22rwaNEB4McRzPEE97aVw="}
@@ -134,28 +134,28 @@
00427{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657801,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UYpK1wcvIAQEB6CywAAAQEICiLYlNCnEId8"}
00438{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657828,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="}
00426{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":657930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1578508364659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659294,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"}
00964{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":659971,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="}
-00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_tot_l4_data_len":543,"flow_min_l4_data_len":32,"flow_max_l4_data_len":427,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":395,"flow_tot_l4_payload_len":395,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":667606,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="}
00428{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":667656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"}
00438{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":668680,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="}
00428{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":668739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"}
01006{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":669552,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHhAABAAEAG4ZbAqAG4QipS9t0kdl9\/aKJoI\/mFeYAYECzM0QAAAQEICiLYlNkdkmB\/AasE+v2aCVNnM9qWpvTSHLoErqBLg3QSZ\/tMLN0zJwbq9Mu7q3VJWJNHr1heAKUFIH6bvGaLiNrFnIPCKtgOScwiTFw54GiWDntwJGw8S+My1sqbWwD5rVIxP74gpnGytj6O4F8rmrsyuiCsm77q8dfz211MKn3j7YhZmMWRYURZRdJFY51v9X7khyKovEo46VYW2jGC6GVtWcTrDZDFJYn1e7LsFlaqQaxOYfrD2tz9VK5oXG6zm+eA7MB4mCMofI9yaMLuWFfMklNuksZWQffmLOkkjvu+JeHXPBtaXcMyG6VQPZJt5vhTrK\/7tBIlYl8s5ITS6No1RpH0BgIPXt+46ugXdA5HzKZGb0lj1Jqo7E5sc7dPngrn9FSmEo456JbHmmJNKy0g4v\/k7zERy0mVrS+SUdpPvt6FhVgG960MG14DOtzVo3TIF3qyoLS+K3GzC41yovcXuYwGLCbuyXph1W5BQKu1Xl8AY3quLjxp+IoaGsJALixRryGkpmUSIIsbwWErVFKVYiLqsRpD+6+H6II578lFsF0CkB8cpISbWAjzV02hsEOVgzK4"}
-00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_tot_l4_data_len":577,"flow_min_l4_data_len":32,"flow_max_l4_data_len":461,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00999{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":670234,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHZAABAAEAGB0rAqAG4MyY8T901dl\/qiNMYvMNKmYAYECzM5gAAAQEICiLYlNphOp2qAaME5oGp5GvmHIWgGGU93Sb4NHYjusUApM6sRP5i8qY+HzhQdCIFLnndrt7Lyb35ijFh\/RKRZMveJjaTrvg07LR7B4kXgNNmDCnZ2mleUCoqai5pRFszdTaWzaDsM4Q3Wpw7y0J8UpUFV6JX3TRY81kn1wATSI1nzIaZiu8M7z9ugzT1Bhp5p5TFxbdeYQO6JrfMV4SRpyBXU0Rr7lBPIIFGiWnTkFtnxAhgodqQRFvRwZqLnZCsgQbUsh0fSXnkXvrGai3JM75BbyPWqwTWuWiqsasopvi+xYlm0p3aCAgHFYfwBoK2+KEvTZF1a6IBLF7ajmDeyzfdyjRL\/4Fdv1tddrUHTtxiT94TQMGrf7w+6PD94c1BvIA\/tb\/lxk1wzuF9hyaRwsvRsoh5iUSYTluqLNaUZEyWxIttTdFdUw+4KtjnqIaaVDrFEF2xOF4vZXkHdM6Nz+NtV7XrL5ILFjgViwhX3DPu4RTPwZeAt0lPJnUpfywRheWctZ\/iNqYU3QdkPrFOAx1inq1ZAUdz9ftjWvMI+49unsEi+QuvIeQbOJO4fA=="}
-00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_tot_l4_data_len":569,"flow_min_l4_data_len":32,"flow_max_l4_data_len":453,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1578508364632,"flow_last_seen":1578508364670,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00757{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681522,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEksAhAADQGFyNZJmMiwKgBuHZf3TAEAfWFmn8I6YAYAOsQnAAAAQEICl+aRF4i2JS8xcqDUka6Nv2S2Ufz6z\/Pc4tUOEiP2qX35MgcMm\/FRcBI1j4Q8LC7QUcc9JL\/Yw3KyGBqgE03yu+YnYklie4xu7Al3VM2TQGz54\/LgRl0\/Ie5C27Q8ysWIDe7ZEW+uiq4a95fxvQnunVacIlTA0Gpw4J+oGybZovq+Rk5DJxjUmwrb8Uy6Vt0\/oPrb6yV5\/MR+SZ8DsrePdRSAl65pGEVkjyYpKbSgRz1ChT52ZoUU2vYtyjxLRwORKHS28j300fvx67g0QIGEmJy4CquA1lMx31OufL1tZusRvGCS1tl8+mE6ykfwjozXV8dBrI12PHz"}
00427{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0sAlAADQGGBJZJmMiwKgBuHZf3TAEAfZ1mn8JmYAQAOupewAAAQEICl+aRF8i2JS8"}
00427{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":681623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwmZBAH2dYAQEBmaJQAAAQEICiLYlOVfmkRe"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1578508364682,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":682687,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"}
01939{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694292,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="}
00865{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":694327,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":697110,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"}
-00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1578508364697,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":712647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0yT1AADEGTrEzJjxPwKgBuHZf3TW8w0qZ6ojUvYAQAOtzCwAAAQEICmE6ncsi2JTa"}
00894{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713144,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGIyT5AADEGTVwzJjxPwKgBuHZf3TW8w0qZ6ojUvYAYAOtDVgAAAQEICmE6ncwi2JTaAVIE8c7Hq5ONAC4\/R2UmKB+pU3BBRCUeN9Cf5BBGHA+DoxS5SlI8U1u9j1H\/Y6CPLI4CRb+QFrsBclsPm\/KPU8JGQ1PynzKCnLAbak\/y2NGwmkePHs5rBh3R\/svTp7gcODQvsx1GMGLb8NwXSqyq2TMPyRpALl4do7TzwQpS6\/oaQzuDJL7vKkXZCUpMHN9DzjKKtai0sGnk+UkdFANSwlkBNNqC+BT2y6l6Shhfb9N\/55qoJNa194yfobhSGIAfxWSiPLsr5nymVKt2pEr1UBCKdPVL1MuYJnHXYMe8bOk1sJheVDBy9HmLvMGdALare0q2EpYk6wQ2UQmQfCfytF+5t3VD6nmV9Sw\/ZolMbiG7RNZPrX9QpLN0iruDeaUP1mdoXnny5MTe+Ri3+7MMAPL9D0gEgvEZ83RmXs+HaypXwnsJDNkI6JVcRk5X\/ta4EMMxjg=="}
00471{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713190,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUyT9AADEGTo8zJjxPwKgBuHZf3TW8w0vt6ojUvYAYAOuWGwAAAQEICmE6ncwi2JTaDKbYTK0e7YzAyq8CJTCkEPjRnlZmQ1Ln\/nt1w+7tb0U="}
@@ -167,38 +167,38 @@
00429{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMDoAQECBiNgAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMEIAQECBiNAAAAQEICiLYlQRhOp3M"}
00429{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":713322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNS9vMNMLoAQEB9iFwAAAQEICiLYlQRhOp3M"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1578508364714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":714836,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"}
00440{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717778,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="}
00428{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":717893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"}
01096{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":719135,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIeAABAAEAGNTbAqAG4aCrZGd0jdl\/sFGYjIWK3YYAYEAln5wAAAQEICiLYlQnu0q\/IAegEP2pezgVKWt8J8LrduXpDyCo1FSJyTyJ5lbbH7EMZGv5G3Ivb1Abhvkw0dCEBVV6UxMSYllHcXVIlysO4yRAJrD5b3f1+VOKSoFLSg1WcmxxEFO5pnU9HGIUQEJOaDwrvCvMmNd\/GyeuIehvlbz29a4IXVRSSdhfjxmtwfJH+UkHpQ4uA18eIcetGchNx7gI7Oz0jMukXSf6+fHPd5WzMA+QkRtKtiOA\/Ie9P0PHPpHyImbvmHyYsAnQAyF4U1Vv15ymELSbMPh6zJQBf6IEP1\/CsQtKLagSDJKpl3a0jUjZwfj\/oq5+fdfqdkyAe+2Dk+tJ3lqwB+Dn4UKkYaFJ02\/UB95EcD\/zFU66a5SFkLQDvY3+vcobTa\/lD7OTd6xDAWEFP2BjNtfPoRyhVmxGgL4bywwcRwT6f1g2LccJsDy4U775nSR0Ycq1gnFsOfvC1Y9DaUuFcWbL7Z3JghsVJzD7MutydGKoI2UvduWqCdBRnpaAxRMcAZl5TC\/i+u2g5IW+pDMOuiS2ibZEmMWOlF4ZWAnJCS4GUFO1bcjbhwDALyFMTF0NZdpp8BmB793G\/lfe5Ar+ZIMVJs8CawDm2xKMURTt++U3mblRrsMZgCuWrzMqnUgZd5lFo1bOfVXFU2qOsmJmGig=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_tot_l4_data_len":638,"flow_min_l4_data_len":32,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":490,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01830{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729181,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="}
00970{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":729798,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":732443,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="}
-00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1578508364732,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751141,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="}
00426{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":751248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"}
01080{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":752659,"pkt_caplen":545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":545,"pkt_l4_len":511,"pkt":"EBMx8Tl2KDc3AG3ICABFAAITAABAAEAG8arAqAG4MyZRtN04dl9aLQCWZAevFoAYECzuoQAAAQEICiLYlSeBHInXAd0EVrOafIpouoTHB+BW2z3Lrv3HnCw2ZQBRlgf\/19WqTwFOA04VbQy1wFUS6HAgPfHy8NaOV77ZdRJTSAq8L7x6Kw4II\/hUO4r9f51nr5zJtR+NmQtihw\/oG2toqeE2gmxFBm\/FJEAZ3BhAyklgcpYoSgeZNb37AeD8R7SxXsV96FZAMTuwUePPPwvKLx3F3XQBJXGqmL8ZZ4kHijHRXepMXtDyrqQ3dHLW36bgCyBffbPJwK11VIZBOg1ZO\/6QcCJyM8WU+cI0sTPBasm4PzbCQgYhaSkC8C0ehkpBDkbMoXij9k0WKFOVrIEsyZ\/24n+unHUtTe\/yYV6dUpEywFRJGupzIBFEQIrlJ+R7y5h8fxbPkC6UiykbmNIdFoDGxOiSYBL3yeK7GSTvjks9NeQTQC1eqeVk6U54EyDTlZ2t2cddwvBBj+fMzUkesX+MlQsGkokjFLEpHTsTH4jgy5EiQVvgHqBHad7G9fBM4q3K7UQYmh0hkSGogPuWCsrTo\/YkV2pbe8nJuLqnzRBnEBsCwsw9rDIf0YsG5\/lfaKRt7lzM\/aZlRjLHsqGkZkpqrfD7R6MXqp\/xig+JCvg0MFvDNMp3tp3C7Lm+dgS5zbrMV4EKIIIpgqxAKcHEra4="}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_tot_l4_data_len":627,"flow_min_l4_data_len":32,"flow_max_l4_data_len":511,"flow_avg_l4_data_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1578508364682,"flow_last_seen":1578508364752,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":479,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01936{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773663,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="}
00864{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":773700,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":776411,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1578508364776,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784751,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="}
00429{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":784843,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"}
00440{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786203,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="}
00426{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"}
01038{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":786351,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH2AABAAEAGnE7AqAG4NOelbN0qdl\/FC\/g0LI3M54AYEAnlyAAAAQEICiLYlUhgPx7\/AcAEc2W5VRvDPnxC6ZNXtTyqjCYGMJUjTmjJUOUKnKosvUpjeLi1KBD9Gl0SpSGXIrkNn6C7KE279Sjg7DOSGoDz87EyUEGvUMFz5FN+U0r31bAICZnXfuq0lc9rs1kf7bNjD+ORYtLIa4UJy8enNIxPAk4HwvA+3rJiQq7bf0vBIBgSlJaEL3OkbL6PMcsY6AytCbHWwQNUqzrVKw1VPJ77xU02+dwqjsZ\/lrg1uD03lNKdyEFlGJ02BeF4E8JPm\/1hoH9nxyZ0rAyA+9TJoUNufqAtqvXZoNVAIn3u4I4vwUfjQ0cH1zU1rdHXu\/0AdLT00gIkyCjc+K8qB8caufkR1jWmZQjBGcjUMPyICieFwbw7o7SC+pa398OX2A5zUFoYFrbYryFapSZRoXkA7E7gSEMsgt4gzjFWaFDjtj0gQrWn4v5OEC3H13NYTU9aT1O3BBZjFDrxgPl5OXj6YzFyTFts2likup6YT33hM88mz1kg95ej\/aoS7kzfOq0iUWTyXKiVppXe0XEz6KhMTO1k\/fmz1CFkehBQ4QXp9fBwcm3bhXe0dq1V80Nq7Aur5aw8K3KW7Z98W\/5G+9OrMGYD"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_tot_l4_data_len":598,"flow_min_l4_data_len":32,"flow_max_l4_data_len":482,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01126{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":787529,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGE7PAqAG4v+qixt0sdl9ft67BaRBwQoAYEAly\/gAAAQEICiLYlUk0GJnqAf4EJhKzdp5pxVQQvZobp5kh+TMF4U\/9E6m1Jb+siU6axKLN+2ZwcIbYufIaN4E1lBtRBxLO\/\/\/3u1CE3oPIXdiN07AhovNAxOgbgENvj3edoo4ICQLGTlBtFbWMvxdBfO+HD5jIH45SObfWIcb0dqjhtOZEdT3CoklJ2b3tMaa5KvkuVFfHwBlaXTwwgAmPHK7s0eXQe17EcT1aCvqSjCCMCCT+8SLinZlW5+mC2pjasEK2OxNuBI9ZU1j\/06qGWR\/mX19XFBQ564nSx\/vZTcv\/LDr5JZ6kVv6ACGrzgDr5ZcOBAIhv+jXwCEpZbzb5mHOVCBb2xQgQNYdfe9BePtcJjPpI\/ZB3+k3+QqRRnAqJCUvrgjfrhnoqBfnZz5Aa92zocc1VuRRwDtWXxF6l4MKhV+YtgjJTQMR2GaI4A4rUu32gdoJ92BBS2gyGJsovefVT5Lp18y4Ggu4XPQZFm31kOhjJGWGyFISukDajIOMlmXuuoktRIYXDsDK+FqGiTLBkTzEuq\/nOQwqHWqUVQv7AtprM8kmJpux9joitBQ9HjtTajRaKcZg4FiAWJsOi0hTrrxXvZLdMGiwPpOvIgWPKH9\/e48WCSCXXeAUIHyszHT55IhnBxoUaDb3mbTerDdH5IGQYH\/H3dqim9yRTiafMm4+oArTm0GJNE7en8qQ="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":32,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":789015,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="}
00426{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":789130,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"}
01034{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":790328,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHuAABAAEAGRx\/AqAG4UpHc+d05dl+ffKVTRZ1E3oAYECw2hgAAAQEICiLYlUuGNr5sAbgE+BmJLzoAbqRJcy4E\/iNtAFtLgtXpllstBclKEt5AnMXYGDdphSPJ1KIQvJTGf+9D1\/uw8EOSSNaNpRNmhN1YpzqwBB+UfOM9qX2vrU3G1YJxG2RZPME5ZUZk\/kgeZ7rIiOnYRKx6kWFUUnLZ8OsoDa3t8bX5X+9+dwsMEQyO6lSJzX\/dEyWFv6AJN2hdOJnpLC472Lu7+E2LUrGhQLC+Emyq1jOnKhDSFttfS00NHmPXwFrclYGDOLl9k+5+G3D529p9EZ6wbdj7Qz\/oRYRnaEpr2ctyJRZdjfnsWEEKb1qoRibikyw5j02Xg59M6viqKIkVIPCRQt5JerVtVIirhv22Km\/aNWFPejNJFLRRr5rwcZVcBqS+S\/tv6ngY\/ko\/\/k2gl4+\/KFrzspSi5aYNJ9t7ke+vJICy6PdG4QxxH8dkPVUkP3dIi1tg77kY0whwnoK1RAs9h5hFL1uTlk2FcOdFu2a7OtIJV6Hxt7a0VtuZleF1M98V0iWkzUB3MBf18p1iVLiMtvw\/17+Q+Xu8T9F2B88ZHPhzy4V1FQfIWioA8cFKRqsn9i6ldmWM9imMP1gRI2YqEw=="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_tot_l4_data_len":590,"flow_min_l4_data_len":32,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1578508364714,"flow_last_seen":1578508364790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":799543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZZAADIGtYai86BTwKgBuHZf3SW77REP6nqwfYAQAOuzMQAAAQEICnVn1Hci2JTH"}
00884{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":802654,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGDjZdAADIGtDai86BTwKgBuHZf3SW77REP6nqwfYAYAOt4rwAAAQEICnVn1Hgi2JTHAU0EtOpNEU5HOqta1IKk18cALBRNcNUFMt8\/jxWo6k\/x5CorwhdPLVmQmNw8ugr4Zh17jmZPWmFySs5ZXDvCgd+0DxCZZEj8TRvVM6jxF9q+sW4rHYfhTpuT9igIFzKihq093rVp7rqxpaYjYBVje5XLKeNJ1a4G7hB2SaB4\/jOn3Mag\/GmrvNb4FEsg1nEC+VvcjwsLs4QQLjC1bCIdi9DDtP3r8Mg\/p8GzBIsZzS5uU3wI1zKdIxeD5NqRKZttCcW7Dk57pViocAhVxd4LM1DM9n4kMZYzZa8E8f5xqxv2Hyjnusgn3zYuHdnQKCnwOeD4d3Zmea4EwdO\/bt+9cJsZke2RAS5x2ARVFIWTIom2fKkFWTJ3LtK0mH0G3Acut64vrZEGl9CUh0glARF+seri0f0wpCvERLhP4VLFB7huEB4f+\/x6rkEoYcLf+1s="}
00427{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":802745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qerB9u+0SXoAQECGiGwAAAQEICiLYlVd1Z9R4"}
@@ -210,7 +210,7 @@
00438{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":817367,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="}
00426{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":817435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"}
01017{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":819362,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHjAABAAEAGvfHAqAG4KEOQgN02dl98bCWTRvcd0YAYEAkbTwAAAQEICiLYlWZyLMYFAa0Ey5AJp+rqiYui2XJhTnXZBJkH5XqkpqhKXB9q3N\/UBg6aH0ITAIzQTYh41Z0vqIfdNbFjI2M7A8sN9PUiSu8TV5Cs64LQASrBDQCF8MVxSCPGNQ6BEWmSENswxL8ceRJOueTfy5OvLaHSA7FXRwT+XvNykJjth+MvcIxmFGydmjSa4fyssivk0NkecLBk\/LbiDmJu2BTeTgoXHjKEDMg87SrK1iTUWixOVjx7O2MGaELLaKpspEqTGl9xj2HeqWUHMVWd9V+dS7Y+56TCK0GPSragl2QnRf7VlQlCvw0\/MZ7iu\/AW4\/XSWDzw2rHMxbRtGn+M7VSLcDq\/Qe7Z+lWYwJUFWb9o71ZK\/rbouY4G6\/cjr45B\/iiKv9hR4avvCTKzqULT9xMbKgm+cd4Qnn+lpk7BKcksqIBdq8OmF8WO5boWxQBTm85Nir2n\/K5LqPNW5ucu43bvpiH+URwIIGtOBSqDWbESlgX5+Lt+RVXXjyMMA\/ixkSucsRdGQOvHXlsG2vz5qqJ9X2NATbeDunAC77oN2Jcn0vlr5Y\/q51yA38qsdLYzTxhlrKEm+sQ="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_tot_l4_data_len":579,"flow_min_l4_data_len":32,"flow_max_l4_data_len":463,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1578508364659,"flow_last_seen":1578508364819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":822285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EGtAAC8GR9kD0S1PwKgBuHZf3TTdrvLTmxdW8YAQAOtVRwAAAQEICk6VEKsi2JTS"}
01066{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823015,"pkt_caplen":536,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":536,"pkt_l4_len":502,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIKEGxAAC8GRgID0S1PwKgBuHZf3TTdrvLTmxdW8YAYAOu8qQAAAQEICk6VEKwi2JTSAdQEXW6fVgBGyC8ytrEu4ahZmzF\/xFp9QwNg0DSZ\/+M3wczRKpcxqDPKDwbh6lmGx\/l8m1tkcHNypK0UkKl9xFFfGk+x16UgGgOagXkQFc\/e2JXSUHr91\/ldo5U2nO8vfuURLkPkbD2bH4exu01h2kbp8sshYe6sqlQvHgK4\/pW7if2MoEZbGLVNd5sqXOkW\/9+k4PwFSd9eUc4UqThcJJ7UUk72teDjvy7RzkR\/BHxpUyoCAAp8B1eOd5xOUze9dRSGd4DRQdAn1pjNFI5u1KqC9Zl3OqgNuHsUizLJpc6vgwGXEb0JJYwnUCFjO4Ti8NTfDWOsfNsPB6TQYWhGE46mNIHxHYhZcVmtYiD02WDSYGQ+DqRnICN+9Xl3Unw+pzahKEM7pC6V73xolfQKn06XQrbqAlu6vesrHaZljcaUMMRPMRyXY2U48YpGHTkraaJGC3DvFAv96kuvKclPBqVlBmrPkatpSQt8PYP5BwIvfVd0fjawIdAJfDAoOJmvCKVYsF5QdYLy+cTxJnrLLst0iGEj9LhZFLs\/JqXGXQOicB0AvCarFpl0nM4bePy6LgAB7A1Y5p1U2WPXdjHuDKh86I61tiUO3VCmdaDwbpT3k8JQLYU="}
00426{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1bx3a70qYAQEB1DqAAAAQEICiLYlWhOlRCs"}
@@ -224,10 +224,10 @@
00427{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1bx3a70zIAQEBxDhQAAAQEICiLYlWlOlRCs"}
00439{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="}
00426{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":823597,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1578508364824,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":824682,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"}
01152{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":825302,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAG94PAqAG4EopsQ90udl8TbQysLsAz7oAYECykNwAAAQEICiLYlWqmusMwAhEE9VEMnxi7\/+u3S\/7SD265WwXEe4fwDjOiQLsVOQxpxalSy7LlsUK4AEo+a1Qu54SdJYKUHtZVjJeiTzpaNscMEPnLhkYVoH1ZsfMM3SzSNckPwo27vBvsTXbvepFdGGfyt6oFIMjfApJBdBhKGuhBHU6KYxOnBPvkfjAzhNAEG9ZOct\/f9PMzeR\/3HfpP\/\/foRU+R\/UwxyK3KsOUDV7ivmQnjXPHpshdWKhSI2CmV4f4t9S2wPNhYMZFG90t1+c8FUX4hZ8IJSblZ1Hw\/xRVdy1XIr79XD\/YbXUlCbMbQSwpyRMeybOWZ\/3FFKK4\/m072RVgcU5vgNs2kQIANqMn50n9GdB1kT5VpcmbfktccGTcPpL5cqtUiHf9rj39T3mWxv4q8GrISLBQTR\/tbUOSXcuAGYHTUa5PLnQdiQlMB2NU3XarTCVXOKj2xulN5GvsPX5Wy2aKOHMGmdrt9tRWyzeNSeOUUMuTlnroJDaW6hq8\/QtG57+o9cfcesHmgUsKpYao1qZUd8lFRvDjla17QhLWfcHO9Zm9qK6x9TBb29EZ6\/QlYYuy+Jy9TbYE\/LjA7KJU9R0TdX0NGBywzUrgAwjm8rFolFhr0dTH8CYc1zYL1wnwny0ezNRkgVRVqWSfxkV4mnKvCfyi9XKSx7Th9OnlEAk6m8Cg8tenmIjIAm6NyXqFCsVFiylc5ACi9wAUl"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_tot_l4_data_len":679,"flow_min_l4_data_len":32,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":829266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JQ9AACsG43ozJlG0wKgBuHZf3ThkB68WWi0CdYAQAOuoBwAAAQEICoEcihsi2JUn"}
01028{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831143,"pkt_caplen":505,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":505,"pkt_l4_len":471,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHrJRBAACsG4cIzJlG0wKgBuHZf3ThkB68WWi0CdYAYAOvEVgAAAQEICoEcih0i2JUnAbUEk0KGjGJagFndDHA+KKn\/VT1eyvRKqxKxxDSpqq4SVF+jceeNADw9hBltpVnuSWdtx30sbXMrmNc3T2yLX8HmLwXp\/8+qe\/ygamYBh3Lsyf+jiEa7m2phZOC4kk5HUe2I2MKDjEAHD5GSQQ1TnqmGYY+zsNs+WR8YozLHUxRxhmEIeJ3JRf8x+zquQBVBl9TtmswUlJzqOdYvRgVRIuXSRwL+EA6JMGXT2b2MX7cMdU5NEz+sJ4HXZdrStbJRnFH71Bjp8\/fpbKfH1sj8YoFjAomgdmqjt9bYgxIuPcygXTdO\/mX+8\/xcfkMErpSk7dXHIjMiyrFbfHWCgomfQ+aLFikQRHEXStTxYHNLMlm63EaK6+KF7LrRwJWMM5c2AQ8qGQehDwIi0\/KIU8\/cvQqRIr1KXuPGw4u2ptD\/VnVJk6FtFK\/iKM5LLbGqvhd+xToDZpw+Luxesthj8TWfghI\/l25AnpL8wjtrSxCW46XDTmiaybEccYzTi0NjYmlj5sFB9LnjnUuat7RzCmsIqpprwPZxPNGFDEUjs8wgnuepKDZeMVqg6Q5IyYUOCeMB9NW4tK6f8A=="}
00439{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831187,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="}
@@ -241,19 +241,19 @@
00427{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew7oAQEB2WswAAAQEICiLYlW+BHIod"}
00427{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew8IAQEB2WsAAAAQEICiLYlW+BHIoe"}
00428{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":831474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQJ1ZAew\/YAQEByWpAAAAQEICiLYlW+BHIoe"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1578508364832,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":832618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"}
01071{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":833343,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"pkt":"EBMx8Tl2KDc3AG3ICABFAAILAABAAEAGEufAqAG4EopRHN0vdl8VNVkc\/BYyhoAYECzL6gAAAQEICiLYlXFjgYkbAdUEwUIR9YgFXZ9yiOt5YBH4UtFaqA+cwIzRVHYokt1jt3NSo7VChRqaTps9paUa0ngH25xMfgJbcuBsMxxTxgihIKn5VUXXgWDlNYyvU0KlT1bNUEI4mKZzhEJdNwjpMn9paKBWzu2LEMjx6bLou4eS13z\/nVxfNlGL0J7vv8\/wC8YQ1+XvQyGDWq4sjQibEugRViJciB03P97SSio3NTS6h9JYGoEfM9nybcbgUflDrSQcxM3wZhLR4RyXHFofiZ6ItK5WZXSq5pX\/rioqKS6rjD\/Od8+ItIp1Os0RxmLLf4DWm4\/UMEN2gFSO\/\/Glty20yCOSCBOfFj8FNpqoruWb3E+P4CmQ2C\/teNBBz+h3griSFolu7EDV7zs7SLm4DR4ICIyHvtuOPkeooGrl0tep6tLaxHM2ZkQOiUJRKu+5pHwHgHmEbBncVaLwnhxRCP51iVfM2TEGdhOXmZNW\/1FyvH8rso8UOfKabPq7CXCpZK38otIKu601tzRMGFOYwWIHKFmd+rKAZ\/NBoZt\/6W8POfwll5vHjI\/FLep7U77tKANlUam924r9s1XPKaPkH9fxcGGux9IUOJRyhmfvWk\/b8yyfBvntIhfV4oqnCZvlQGRKNPXA"}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_tot_l4_data_len":619,"flow_min_l4_data_len":32,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":471,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841546,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="}
00425{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841574,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05dtAADEGDGhCKlL2wKgBuHZf3SQj+YV5f2ikFYAQAOvH9gAAAQEICh2SYKIi2JTZ"}
00426{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":841644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"}
01063{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":842889,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGqBTAqAG4ImGsFt0pdl+dmoUSxN8e8IAYECxvWAAAAQEICiLYlXoxzJM4AdYEGJveRyADLBVKMZahhxe8iy1nCsj88Hn+VCI1ZhH8ThkexIjKZ+gJYRQs9Q8gp0SxRWzlL5srOK7RHQgSezx5G\/2f5opTn8gDQbkYtGhwjaig5UGd3nYCtNjo3pCCtFwvkRTzqXD7Iq0dJgNpjddTaYtUSbwkACumo05BayrfheKfTdJBPJv4f77938XoB3wVQGi3+4i8FyBVBEotI1MXCvmmdMMeptmcfZ638VllMi0Rh\/VHNdjByLP5DCJhUbASWlNYq5nTN81l9oBtm6tpK0e3U71XqFmOUBgwsvscezKqJuaS5SLLWDm62tco9F1i1T9deAc+xWYOLh7B6+BPGVCW7OEK8VzLykyjEaYVNul1gMC2i3lEUxgxdhUIarKuBtjTCTnBpAdiTrbyqCyJlcP0ujLYSllDh2QJQBwLFgJXajMxYFrZusLYdYxpnC5ZIRBdqu5jmEILq8DKiERj97BbSqTxBqUCTYFh1W1cas7gmieavik5Md879U6gYGowC2B7ISqaHTDHCsFSbiSBCOT7MR0EUftgrHLkMPUsSHLzSBZIFPQ+IShfvCynVEtzTumRCr7JCgLWeSyeJC88QEtbW4KnuAEA7XeI0LoSYPB0KbF1Ag=="}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_tot_l4_data_len":620,"flow_min_l4_data_len":32,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364842,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":862022,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="}
00426{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":862123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"}
01205{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":863419,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJyAABAAEAGZe7AqAG4pRZrId0idl9zKqG0Z0WM+YAYECyyoAAAAQEICiLYlY41gVUZAjwEBrdPJBbCQwcUaoZCxDis5JSdEax7zMEY4YCdFlAa+2wwGZZ36EDRJsHY24RNDnZBxeFf8+ZYUch2Et7cUHdOXQEUZ47rnkJZmX28hwqPmsvMZwp0u4SsCwU6fDyp5wu3oIPprKqawSO0UwnZY+qOmAlywjHywDySvCmDcdQBHBAbqXg1hFaS6Zu0Yt+EmQ2SXgRv2lskxE+IPCMqlp61qCZ1mhCMgaLwif0PE0IsCA4Ty7TRHTNw\/Hf6TDCrt1\/nHIlW8gmA4jbsBJFZ4LZ+iMrFvWSd\/WoyRpQV7SWRTmpkcyOKLkF6tl2IFdeTTulP3ebUqN6EVnU5au\/BAs41oHA62GK8cobjDyWi2CyTt1aND9UoQFP0l7rB\/ErpMTMKRLEA5Zuwomefcbzmr4te87Tw9oCQCNhAjDwdIOGYD+SpHBB5ILy+9YGqT5Ex3m8DlQTlIggLKSRs4in1kBUBXdUsd9iqqai5H1KXm240BSureCWGelR7oXdvMDpi3zozgae51NiLBIgx+gMQ\/e3lL4W8nVto\/mof3tKTtt98bkiqwWDH6qvnYvhbhiVFm07CuKqLpWNU9Wcgx5kxbwBbKPXf9Fq8ZzDEoB3F1fq1U+75d3yGrfUh2hXruV2WlkO+1dSAMLYM1d7nPwWFt7EhOMM+7PK06co\/LVWapNmiFCLOcJVyBl2rRvFJ1I02w1KAIchuBZOnx1S0yzLXBGNEPLiUxKE4kHe89VgmIYEJ7MA7FceloAWK1TcFJQ=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_tot_l4_data_len":722,"flow_min_l4_data_len":32,"flow_max_l4_data_len":606,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1578508364522,"flow_last_seen":1578508364863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":574,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00997{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866266,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHa+qFAADMGWYlSkdz5wKgBuHZf3TlFnUTen3ynDYAYAOuFtQAAAQEICoY2vn8i2JVLAaQEbR9vA4hTDZTsaicm3PEQBs1j86Mycfx789yK5+er465ZfyX2n+nTL58MP0xXLKumuX4y77o14\/toVQMmgRjref+Li68nmPtzUmRtU6SEiahbKo37gS4o3M3QF24kGfey3mNBMKT5ToCRQ39nsVmniGV9g4P5ptNKDWJzjosVv\/EszkgGjDts7d78DQ7fT2aF320kValLQcix2tmbKmAHJjMXNvalPWdBFatY1S3SuGiGT248si4LQvX2LhXcMwMNmjXWSm+ZhyVJ6x8N4c0v5VGlJ7q7w0O\/iX79IUfl+TWI9iG4W1vhAosinoYpiMwZUIL688QZo6IvsuhRlPxz0382tUcXd4nr9U3qtZtBw1pnwLKQfkYdchFHLfW+8mV04ZtHZwqSa5CSmB5Qb8duMliiUFy\/ljj65J7vDVtz5fgIwfuLnqtVvR40aKApzo0dLBcVMhz+ay0+xMwy7aRazAp8CHMTMyNk1SJCyHuFy0f5ZZoRQToG5brr9QqeDUfXm1EDXAoRlASzdmea2bev430tJ6icFbvR+n7dpGFOdQOcJeM="}
00427{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKcNRZ1GhIAQEB5RUAAAAQEICiLYlZCGNr5\/"}
00471{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":866929,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABU+qJAADMGWw5Skdz5wKgBuHZf3TlFnUaEn3ynDYAYAOtuJAAAAQEICoY2vn8i2JVLnLL1gX77HRpC9TPLOTpMrB\/B6hvFFwZfZ0YjLMCkpx8="}
@@ -268,7 +268,7 @@
00439{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":877648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="}
00427{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":877742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"}
01143{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":879259,"pkt_caplen":591,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":591,"pkt_l4_len":557,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJBAABAAEAGcoDAqAG4NLvPG90tdl\/U+mmBz3e59oAYEAlUFAAAAQEICiLYlZtvJb2EAgsE6xKTJBXQxsEIcblA8YWuGBlX2edvBfmPvBZkXHaWRp91epP7e4iIONLEkPKzPxV9IOyZHZcedpL6hYw6wInQoYlx+hppv0waMgIBWmLSTCfvWNetW7\/ShUyZAVcQPqGlZUEdnS87glSJu0TjWVcFlCwUtszBLcpoYlQWRo\/JA5Lg76kyqjO6Ew9RRl57E\/yW7YtcGLE4hzf+4phnzIJI0qrFMHBpdQYxL+0XdAiCPBejALuRJfF4GROCFL+9u7bkhR\/8x6fIWCuqxQwaWHSEHNT+nyNtVkKO\/Co5BQTXYH8NLkO3b\/3\/ef6RaOw7ll3BNFwWjwgG6whXD97UbkJQCwYvADJVjzMFiFI\/D7TLzirbinSeAkcosvdm2jW32UZLF7aFimYj7b3YKrZ5DITIlum52kZX7HdRz2dcxrT2fJRY662FpzIpDKESYgeKbNSTcDvE6lq71DP3omqTEMVuNWaobDW0\/GQ5t\/dJ6+hwQ+f3oDrVu8NtN3eJOI26wZA2QllfeJCTOYHtrV9Au5kIisZW34dRuE82YwceXJObXdwZaKBzuEMB\/dJ7R7IxdUFSfdzKeDDCom1eoEJTWquldifuxur8RpRxD978Rcw\/UDm06vv\/O4ldRcSmuf6+DQmMtWQeCRT8Z0D3nVHJ5Apy5nUhPndFWebhn8oNQ3OVevgEP4m5NWDATyCX"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_tot_l4_data_len":673,"flow_min_l4_data_len":32,"flow_max_l4_data_len":557,"flow_avg_l4_data_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1578508364523,"flow_last_seen":1578508364879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":525,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920071,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0y95AACMGiEFoKtkZwKgBuHZf3SMhYrdh7BRoDYAQAfqZdwAAAQEICu7SsIki2JUJ"}
01059{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920350,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIHy99AACMGhm1oKtkZwKgBuHZf3SMhYrdh7BRoDYAYAfoG8gAAAQEICu7SsIoi2JUJAdEECf3\/gUaB196qa5SKbq61ayfaRe5YPi8bE8Z\/ruIusKnunXdyfMLWFFhxkiakm151gYheppOQ5HLhbk4iradZvSQB6VCqdwqs6JGGEKaSbZM3Iq79iKwwWiMAUxlmy6uoYLlsjCUWoBbR1crrDSvda72I74SsPY+FZJJSCwuTPYehunpr0iWeFd54jsoRHCEkLOWvlP1bWj\/1YdQT5oBMQYb58z3HoHcluozQ1LMUl9QwiD0rin9C7jneWOQLIX6pAUH2ZANTLnj9zWQfyjRQXu\/x6yxujquPe0jie3d3nIQ05+1PMEQwhTIcZWNfr+fzsA0dc54uUkPBRf9WWgHc8Tb23z7FvzW8hnnQnWKaC8VhQB0PKZtQMtoFmlPJo8WsiKfXWyw6XemOIP9as83AKzCms0jG2YgRhhr2FGHAWOrX\/1H8dkm2z+M6MXDod0rpfBNzviq0kGLLbhlmtuih9+X71QTPS9IEszBwHqPMz8qLqIf2XLyLWNy0L+IaZhjfRLVg1rEGsLODLQWnw4FYBhCXawM8AeJKjP6Ei1no4LRv9WTnY\/y2WulLwAKTb4B1ZGjpOdKco70HMG0C8rRdK2+WWwx7sn8XKbxVKJZ4pbU="}
00472{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920375,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUy+BAACMGiB9oKtkZwKgBuHZf3SMhYrk07BRoDYAYAfrC\/AAAAQEICu7SsIsi2JUJ6mDqKlOK0qjZ8Js5u+lMMkh6tR1OPY\/JYhy6CX7L5ec="}
@@ -280,16 +280,16 @@
00447{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920578,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBy+NAACMGiC9oKtkZwKgBuHZf3SMhYrlX7BRoDYAYAfofVgAAAQEICu7SsIsi2JUJridXwKMiLkho+m7GyQ=="}
00429{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5V4AQD\/6IwQAAAQEICiLYlcPu0rCL"}
00429{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":920604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGgNIWK5ZIAQD\/6ItAAAAQEICiLYlcPu0rCL"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1578508364922,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":922060,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"}
00711{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924422,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEjZhAADIGtLSi86BTwKgBuHZf3SW77RJe6nqwfYAYAOsoBgAAAQEICnVn1Q8i2JVXqB4IhOXyDkG7gf4wVue1YBFCV\/+yw6M8jA+kibTv3mtjlRHP9tP8c4lZMHx4Bnj7mMHTlL3Za4w7RRGZo8UUWGTgaOZ8JOqKt7XBLl7t5KWgTNCjGVv3RUP6yr0BVUHzhnpspLE08nXhRp8eeEgMQsae0889yLYtd+IUmq6Pe66E5ioWd5V9CkIGXfzLzJydx6Pqnbs79okijpwxi3jn33pSoE12UO5sqd1y+ayd3FqVRJPuM8YUW0R+3V2bORENbDuTDn4j9PpTkJU+JkYd9A=="}
00427{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZlAADIGtYOi86BTwKgBuHZf3SW77RMu6nqxGoAQAOuvTAAAAQEICnVn1RAi2JVX"}
00428{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qerEtu+0TLoAQEBufmwAAAQEICiLYlcZ1Z9UP"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1578508364924,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":924936,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00629{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":925232,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":179,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1578508364925,"flow_last_seen":0,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00426{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":930055,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P7RAACgGl+woQ5CAwKgBuHZf3TZG9x3RfGwnQoAQAOutlAAAAQEICnIsxqEi2JVm"}
01003{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931019,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHbP7VAACgGlkQoQ5CAwKgBuHZf3TZG9x3RfGwnQoAYAOtYugAAAQEICnIsxqIi2JVmAaUEJ+RTTNaKeJ49mHQgWlpVTQRI5VG48UZGnvDZ\/AXr1VILVQ9O1idwrzt6K2OMjJS9o1PVpWsNbIc8MH3IjByixnPI9KaVPx8mXNul5rqpONyNvE5D5QWT7QN6E6ROgZb3VBBaBChGxjDzgiqHf4VZq6+uTHnRLiTmJu\/tJBvVpuLS74tvdGNWf\/ih9Lb59or8oIye9cnRXq6QxNeqRegxacdxpmNvHnOsH1xYtvZd1gtIbMggtewyo1Dn1VrEUGaLZ8YIgei0fI80M4TI9+xxREWwNuy6j\/qfWcyHp\/IioJKoTY5PMyJ4KJhV4tkpllur+NCk6tolE+JLCfz3+kzwQONUkKz1790S6eJjaC9wtPHxoSqGiRezES8T+hj3cweRz44i07e\/5U6uMQTy\/OLpemir\/+Cx4TKBoObiU1Pv90jumuEPVRu+IkyCniPJGlxWCVp4cTWCCZ14UgcAQOxJs8PBSt9FMlUREzy6Wh9d+m6VtVXDspOi\/YN\/Wdg+ar21s9AW80kk5yvRk7Bz32Y5TzOnIe31AHyU8KXllbzRMJWOieG4"}
00471{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":931064,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUP7ZAACgGl8ooQ5CAwKgBuHZf3TZG9x94fGwnQoAYAOt\/8QAAAQEICnIsxqIi2JVmT9YL9qHOr0+NjibtWyjL3KtIFwbnBG9OdvuZeHcpAyg="}
@@ -303,20 +303,20 @@
00432{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932136,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGv5\/AqAG4KEOQgN02dl98bCdiRvcfuYAYEAC0BAAAAQEICiLYlc1yLMaj6A=="}
00438{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932308,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="}
00428{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1578508364932,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":932939,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"}
01215{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":933835,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJvAABAAEAGgj7AqAG4n8tUH906dl\/csM+sa1tl\/oAYECyPNwAAAQEICiLYlc5PeKo9AjkEpygvnKchHo\/9hxvr5Qw+iboZdo3f3SG7EZvjwd7w\/2cK9Gmp6AB3QTgV0ZKNW3oRtB3OCMj3x8Ruf4hglrPOR8z4gDspichx80Fp3Ii29HmJSooT1ooAwg7QLR5ppOcGiZ0Jee4UwPmXpUCT\/zV+YSxP5MVCiOEH7pByreL9e7s\/NcDeXys4Mo2BRac\/Ej9PResGlgyJh+9FLsXYSx4qZZuwqVCSJSb2XvfEsdTUfWxG\/mlGpGgpf5whPWlAfSz7Oe20c\/f0EdzfgDI9NJpGEjPOBSos\/GuZ0hM9rufVviW2svr975inq+J81tRJ\/ITe1XewQv7g8Xh3dCaSK53YZfjTdmQ2lPtSUaUAWxaD6y7+1W9M79N28CR4hwLEamR83zpLpjhCprS98oS2yZdyQPypaWCSL5+Dc9PGnt860mDm3PmEP69QRVGEgjznQxs7cNWxBeOK2RmYlLOQN6jQA2jxoF\/oOCb3wnN1p\/QyoRd9SyLYwvhPzKpqx\/ZWP+rDLa4sxoTk+7shWb5NDLqplnmJeSxdK+pu7BT4hkAgCMiXUcfj11g2f1fEAf\/z0KfvHYTs3\/pLisnKePFZSFhM458MqwFxoShf1p5bn+un+y25Fcp4W5\/WlRb3XNf8hqwLrfEM7l5rzvGHXMjE7r9jYvWo\/\/uhbuPEvG4FWDxInlL42CndUL+cc9p0TJmh5wXFTY7uBRbaL2JUuah2gQ9\/kEYy1FwIdqoxyM5d3V9+KLYteT7hmCs\/\/g=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_tot_l4_data_len":719,"flow_min_l4_data_len":32,"flow_max_l4_data_len":603,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1578508364824,"flow_last_seen":1578508364933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01836{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":954898,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="}
00976{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":954930,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="}
00439{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":957524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="}
00427{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":957613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"}
00995{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":958746,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGs\/zAqAG40frwzd0+dl+Qvtts\/4NIR4AYECw\/fgAAAQEICiLYleYN8FcJAZ0E+FMyZM6APP7oCGTdgWb3yFwhYBpKGGdHxVs6\/WFawsMKFTP1GE4bS9ZGKitYFI6X9SczYGK34fv33vN7bwOoHuDLSEmFepT6qKIXU0o52LpqO4\/\/S4iCaTUFZU25DlJm7rKyaYiQUNQs188t1MgWKQJll9l7A5c36CcJV13HcpT4uHcO11tQbpUDfAmYHf8g91oohYLCK840wTh1pzwjGdFtPtKPIlkFk1I1KlhfXLsnea7v1Q\/ShXbNxFHOeNcmQxZQK\/djTCT5xFTl26m5hPRLr7bo6oEShkma0QAzk7dx4oLmxs6xdhraZ8\/KLIrywgGOsqHtYNCAN1bYwBrh3O3VymK8Mc6Id82RS+1OENrFg+MVBhmQrqzd8EKkdPY62PYyc6nFRZKHWeOUieBs0SzBcjgQMxcKSxChYDCR9Zj7HIJe0hUt2Ra0u2gRnlW5LF\/F99KO80qZeqJg+U5xv2dN3bWuOXucPVSSrR7+GQvchgofcyhiHymQaVedRTSwqM+Y31quk7elIGo9u8xUlOwxOWWPvJhRHhOVBQ=="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_tot_l4_data_len":563,"flow_min_l4_data_len":32,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1578508364924,"flow_last_seen":1578508364958,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":990287,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="}
00427{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":990409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"}
00991{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":991987,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHRAABAAEAGtkLAqAG4ouQdoN07dl+4t7BeC326f4AYECwyYQAAAQEICiLYlgTR1xFdAZsErzFRgvu+Gdxcx8TKMVxCghDEriO47E5WudgBJPwgVI5ZeUhIj6FWmZ5GxS3JxEI3bBsCNxoaNNpP01hxoKhEu1EuvoxJRf5XfcTJIGw\/MFwRUJh4HL6kR\/jn34l+sva7q\/WyBXlKzPvIRyzywJ1liXjzmxWKe2id5RSlSAow7T5WvtdWiKAb+nXnc7dkjdSjBSKUZ4TTMkO3IjWL+SKI\/3RSCrRnVPtjGYzAFMfVqRv\/uMD1bNp7y4KZ3\/jk3dviqla0NKL26oQNWkRx\/4lRibAA6HeaPLM5EgArtMUSv2WSdh06L9cv5SBvdr6sXpVDgCmt\/IBu9wB4E3kRd31zpdiB6YpVP1mIQgvvYH4AkT0mp2\/8YiSPGmkCB87975cUeLvFeYmvzgoEFASJ+ko3QR3ID+97V6SPEWW2uHZrMaeTrekStj9bkslYH4ydQQHK94CwkhOvMVHIWadQZJ822MSClpsnqpeC4mc3YVT5mKjjEGKet7TUkOlxYVXovRKIKlxDSNSeRJrI\/fo4Rx5zBxDCYkf5z665yx0="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_tot_l4_data_len":561,"flow_min_l4_data_len":32,"flow_max_l4_data_len":445,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1578508364832,"flow_last_seen":1578508364991,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508364,"pkt_ts_usec":998772,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZbFAADIGXerR+vDNwKgBuHZf3T7\/g0hHkL7dC4AQAOvJnAAAAQEICg3wVyoi2JXm"}
01100{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":1817,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIiZbJAADIGW\/vR+vDNwKgBuHZf3T7\/g0hHkL7dC4AYAOtU1wAAAQEICg3wVysi2JXmAewEZ3rJYy5TecuiIy3XEDhQ2Fh\/p0n16XYdHvXBIJ8wmpzivfvAodiwowe\/A7raxpXDHqMKDPBHC53xQRHlWvyCaxe\/lWDir7EUBFWqp5qCUI9N\/Rio3ahiSFpNGg\/TR4VRCc0d9E0bTgVGXuTeaLwDWREpaICBTIg2Vou36U+p1PhzznGD6AM43RVAXUFm9Tgp1ROGSh+7MYDQ5G3mpABJzE8tqqMNpZRgs6HRdZhoR0SDrWJE2Kd9vKRXwOXI3Be\/7jYGHTQ0u51lh+piAiwaGesjhSvwZig27ANkQPwB0l5kWFPbeySsC1G1FTnML47diFj9gqJOnQ+N9B3twRgbVncaoLKWAavqDxqGpWBH3Tiv0BgwRqKsaJG5SGS7hiAgHdN9qBT5e6QedELa3hMMMC+5oS9wDHMFWCvmdtEt9dRQl8zF5G\/NJg0SlIyAuD3+L2sh55H1PrYUjPcO8vxhdovWjVWt\/uCK3QXqi1tMv03XSq3eIVhqv3kyzQlvYtGSecflQ\/axOqJ71Q3zx9wfZVMQisQmhPgAOdfvw82j3RsR\/9tIDilwyCwswGi25WEegWC3WWr8BJOl1cgHkaqHpRsAiDMSrLxOWAJ5Qww4YFwg0cdp+\/VuJQE5BAKHKB1FCeFKyb8se4TXbL8="}
00425{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":1888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvt0L\/4NKNYAQEBy4VQAAAQEICiLYlg0N8Fcr"}
@@ -350,18 +350,18 @@
00446{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8448,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBxttAAC0GYcq\/6qLGwKgBuHZf3SxpEHIwX7ewwYAYAfoeswAAAQEICjQYmu8i2JVJfTDJzPSuNlS9oWrX0A=="}
00426{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByMIAQD\/56dQAAAQEICiLYlhI0GJrv"}
00426{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":8475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft7DBaRByPYAQD\/56aAAAAQEICiLYlhI0GJrv"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1578508365009,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":9842,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGb3XAqAG4kFt4h91Bdl90OGLhAAAAALAC\/\/+IEgAAAgQFtAEDAwUBAQgKItiWFAAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1578508365021,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":21490,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1578508365029,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":29590,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":38942,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"}
00437{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39176,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="}
00425{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":39222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"}
01167{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":40566,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGbWXAqAG4kFt4h91Bdl90OGLiKZdnp4AYECxqYwAAAQEICiLYli\/bhaVwAhoEqFEYWui6uaX1mTBG6rJ\/8JvXZeblYDaaKyL0iuOXiWEObGPARK82c8HTtYWWLQhhxAruLAGbxlpr9w7TvDfbVeP\/MRkgtRzc5TCtFameRcH+B+d7AFEdB4usVsU0ck8Wb5F0ikKql9UW81QbaWN2PMkJOtgVoarvJIHAhzBLIMaYXnbzlDS7VFeGTtrkaBEoCBjrBqk+AkezR\/Nv3w+HC14Kwvf\/W78CAyl6tSH14ZXV93iy7UvEP9oI+Ek9ILiFD\/ZpJgcmi1zQM+EiwWSa0UhsLPO0bS19vUIkPVsCN7VcyuAZ\/eQu2gCAFOMbcpKjM406IQF3RzQI+8St0zhrFWneji\/DwmDDltFKqKXlAW5Xi0Is6il2pY2wLukNaMGuMfoWKdNwka5Cdi1A+QGqyacgXhvTr6TyEIs+C2yw3v+D8HjPpBDWFBSwbb\/\/jdzQhUCBfp8WIW8dYat+PUpqCGdtySVtdUgDhcrRLC0kDe8LnTZEtKIGm7bqd0RsDfIgzD\/S+QZ\/Bas4wLL0si7aVjq9NydSlEwtjb2sMaxkzhwLEwQboe7wi\/mqzaFljgD8Odc2h6DZ+tfjfIP5ovETNkHB5GsyBR8lqa6f\/uD8LjuBKbJodrD8U3CVN197WCmu7PxSO96wloa6Y\/pq\/M4Hq\/lbP\/tqWBDOMzwjyvfhDX+w+gI69UUFWFhcCTkTEO51RjRg4K\/eHL3m"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_tot_l4_data_len":688,"flow_min_l4_data_len":32,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1578508365009,"flow_last_seen":1578508365040,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":41341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0z6lAADQGwM+fy1QfwKgBuHZf3TprW2X+3LDR54AQAOw5ggAAAQEICk94qlgi2JXO"}
01119{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":43166,"pkt_caplen":579,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":579,"pkt_l4_len":545,"pkt":"KDc3AG3IEBMx8Tl2CABFAAI1z6pAADQGvs2fy1QfwKgBuHZf3TprW2X+3LDR54AYAOz4IQAAAQEICk94qlgi2JXOAf8Ea4ImeDT2hlTJdW87oL0+drKtPIBVOQCw5+PKK\/xYCt6d76q9BAtBfxtUvOshsWGHFaBML0EbkVruevkx07WZJRdFwQg6onEzckMhT+SwhMtlffvPhYmTfrnMo4qGqEaKn+kH4HG2kZno2v77xMuGOuA7rxkPYbjkCRJx6WsG3TCokIYpdURE9maqAmoJYnI84eILglL0LEsWFqJqKpEM5U7V6KmT\/72ozF3awawbgD0MAVzoKgD7\/3rVencsSVhd8SD5Edl5ZOPpJcbhLd7r81PdHEWUxXp3Kswn07UwofGh4TX6vfoQwm1IgmGMVdo4vNP4cPqUocHXp9VAUu\/sM4KiclPuaPiiMREswcF5XMoybUP5gUDTNhjwQq5ZYXEFIWYd9LMyPxUHTaSIQnz1tgBoRrFSBIG5iIUXKuBu72STXUBM6VZP1prjqPmcIqsxtC6YaJBg3fubgFvUWc31WjmW0q27TxcLjboX4ozHEMgDBAhWBZ3jPgOPWOtXJKYM\/z0+JfCdx2fCyfpZXo2pLqafxIxTAgi8\/n0BmW8YLaN6YJfK89tWmUlAaF55tt1BjktVLG52FGtxEeUUpExEFr3mKYmjLGLcn9\/uG++KGbKmeUoLn7l7mqIlhpbfjoQ7bP+upqgpwPL4+j7tPW4q+PautAM632KoI0d7yzni"}
00427{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":43220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csNHna1tn\/4AQEBsn8AAAAQEICiLYljBPeKpY"}
@@ -373,17 +373,17 @@
00471{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44194,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUz6tAADQGwK2fy1QfwKgBuHZf3TprW2f\/3LDR54AYAOylrgAAAQEICk94qlgi2JXOJ+pFvqCq2VJlu7F2z8Fq0p0vzt4GVNN645NbvcgqCuU="}
00427{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csNKXa1toH4AQEBonIAAAAQEICiLYljFPeKpY"}
00430{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":629,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":44303,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1z6xAADQGwMufy1QfwKgBuHZf3TprW2gf3LDR54AYAOwXWAAAAQEICk94qlgi2JXOIA=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1578508365045,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":45064,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"}
00438{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63785,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="}
00427{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":63889,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"}
01137{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65166,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI9AABAAEAGu+DAqAG4Etunn90\/dl9+5\/UfX8vPzIAYECwSKQAAAQEICiLYlkYSyYNbAgcExEL6k7iDCmvDnLTJQ493cMoyN1vB35yNoXPALiSuhgaS7ozJbRQbYOIH3P2cKiRvQXZnyi4u4Lw9Z+qm430tq6fsEdocQZExsicq33nFabONqvhhdUCa\/Ycdml2wvn5dpDCXVB9DNlrFeOeFE91jSn+\/t\/1SEOuxaQXmtjOwaQ1rpHIUzUgqbMGDk2Xf\/clHNIrP+8dybicogNvvQdnfbOpGdx1BoT0UQ\/cJXLKng37Bgj1WiAiOYJXJZa8JBRrhcHue5nPxDIJBjNepGAEan7DM7ryaKTAgOvU\/Di6OjPj6R7ouWTk82ibH7ElOw1FPPG5org7fTBskGPYN2GwayBKfWJqhgX9Gm1oPuX1X+g+ulBxYo6+kcnIZf2UWtLkGazBcTymT3ikMsPJcAOx6Ez506cWe12f8KbpoTZUvcT+X1eAJbGBrWT7DguMC80iDihkY\/yzY\/n3QuAZq24LNcyxoBP\/uCwVTm8qaMGfmyat1VRjTTPpp+Fj+UiG42oX6jN4ArwZ513sZwkaDYmzIysegLaM5r3\/zIAY5u9dqFaz0kd9hCdidoGIQ0QsFKfLzcRD16xeZ1Z2WCedBAjFbCQYMbcXNCoLuX9swWHUyq5fABYOQJH2AbDJ3jx4sK0iNO0HqAWR0fuWK4AaZIlse6PDKjcaLDe4h\/7OZqPG8cMv39kbM44A="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_tot_l4_data_len":669,"flow_min_l4_data_len":32,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1578508364932,"flow_last_seen":1578508365065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":521,"flow_avg_l4_payload_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00437{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65326,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="}
00425{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"}
00625{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":65549,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00994{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":66752,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGuazAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAYECxOmwAAAQEICiLYlkcLgra+AZ0EfDFSBUJ6d0+2D0oST02\/uFUlU5RNbQ3HbgqvvNxJKs0OzpHFikNJND1E67AmEorBEgaJseJj+vhGZlyE+Dle+PraWO9mbRrzmtxOgCJZV4CSArT5OQKw2v896ro2qDbOnZCIAxVnAVC9t9odXFYn7H\/gYvVHuaUln5s5mZ4HQ1T8d9T9DiC9L0hrnW5hBxNsN9G8mAOE9jI8ne8sU1Ju3PpSmoLGYt\/2tMKQdKr3b6JvR46ryyF\/ggTQgDOWO+\/\/u7PHJ2w89w4U4HzsOVMmyycVcHql5kvxMaP2MLZBCuWAGfiQvP4NDhOCYJsjW3VrG5K2Se593uQZXIKHtw8sp3F8iPUqyZjRQzR+LL2nJieUq1Y8MfHd1XPGtuFN0votDo3t4Nr7vKG+x0dyopQ8vTOADKbE6V90Y1PkWCGFKzm\/uPJTFa3gZOK8RWQ3Hw7nJYtcfP6Oj2jq2M\/rl54gn8L6crAUrrqlXOvZvOmxqzmJqV2JMCHrRSAFnh\/3FkjCShQBU8f8\/+NikG8L2AStayI0zrPhTf67SIngfA=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_tot_l4_data_len":563,"flow_min_l4_data_len":32,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1578508365021,"flow_last_seen":1578508365066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":68441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nAdAADQG33mQW3iHwKgBuHZf3UEpl2endDhk\/oAQAOuyXAAAAQEICtuFpY4i2JYv"}
00868{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":70537,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF4nAhAADQG3jSQW3iHwKgBuHZf3UEpl2endDhk\/oAYAOtPmAAAAQEICtuFpZAi2JYvAUIESXuPYkJdnA\/CZFdhgBAAQtUX15B6DCXuzDqnZftI8v2UfukN+j0ZKLKND9611k0yd+cQoBrvik6pa0PTCGNuokXiAm5QbGDT\/sOq2TsXHlaRxuYtW4V\/62NEEGYjvyW4IVBXO67uIVSG\/vwgJgnILegoyco7IJx6Q8WTcegO6Wpps6uGe5qxjajcN5q4VoLvRLDCBkuMQ+gNuyOMFg4hFO88v7\/BaZBaOb5HZnrvGsLyS2NBce8nrnTKfjNnjvra5wy0uLrf4EkRXun93WrneUlxwyh9Xwg3PdOeP\/F3JqQg8szGZ0FMwXioq0mOpYAMx9iiAXsmdInBDI\/SldNnIc3qvJQqDulANBYFXINDax92JBX51mQ9tj5oaZZ43WGzmCX9g0auTWVK1mimetm8cGl3trX3RqsynNq+tKvQbVRs"}
00425{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":70640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGT+KZdo64AQECGhxQAAAQEICiLYlkrbhaWQ"}
@@ -395,7 +395,7 @@
00437{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":74018,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="}
00425{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":74135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"}
01063{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":75281,"pkt_caplen":535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":535,"pkt_l4_len":501,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIJAABAAEAGppnAqAG4sj4dt91Ddl+W2yuEDuN8z4AYECyHqwAAAQEICiLYlk7DycEqAdME6NVpajcosq6RM49EGro7mYWbbbLNPN0MLR8kLHZfx0gRuQ1caCQe4U0yUSQ4FqRJFTruoIMfMjaKuB5qGb42uaZfwZcyKyxvWHFQhDs3V1cVuKsNQi9FwM92VgquU08\/I7P7tp\/yUr\/C7VdnIVV6LXyRXLY8SD6SKG8OONIDAfnYGALwXTqYNdb7hmCLjNzLez2AQTXSY0BU6PRI6I+6Xrh5qM1Dxp+uimk1eyS3NPJv+CNAfyRBfI2fRVz0Rx8+c5jquClOTtxiybAEqmdUQtmzluB0+8XEtBbdaCEUu8\/nPQGFeFM8TaJX0fehgXJmCID7QO\/ZOjjty5w+lJljUWbiQnS82Tv7ClrXA5YBJUCb7hPWdEY7D5Cr5tFcy3pQmxdYpUDw3iHqF6ZtLpJBxTh1nAmgVEIzc6Ngf22J6TZ9R35GKyScLBTruRS2zqaCP8fx5W6gqUU8sykz7bsuYPbkz+JXFT0+wtH6sOTjWji6hB8VrfktEi+dELlD8HfujNk3V1tLfHGnF6YOPbmxMRvTb1sUSfnNi2Xggbyo9qfg0\/SGNRxxb1dRKsUqwf\/i+FRRNuU4kTnBm3ou2n2sQQSnceBQMx3V07zKNuITBC74Ug=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":501,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1578508365029,"flow_last_seen":1578508365075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":469,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00425{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":76934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WHZAACYGuyASimxDwKgBuHZf3S4uwDPuE20Ov4AQAfk32AAAAQEICqa6xFgi2JVq"}
00858{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77677,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFyWHdAACYGueESimxDwKgBuHZf3S4uwDPuE20Ov4AYAfmaywAAAQEICqa6xFki2JVqATwEMCsTVW6PRW6\/boJLnJbxMXbG7Q4n\/VS8nFAXzztz2Xvm4ZuV1C1UKeOZqvMNWpKN7U45d84Y7AkTUC\/DpdrSUGNjiPb9BC2BBTX7+ncf7C4ibqcAhq4F4FpnZGCFimXyuZTQj6Gvi2hkRE8R35o216G9LgwLpmNKypL7PL438El9ODf4ptjriwKC5FVijAjeVsPfutb7mK5SBanC6QHvOpjE4egptFZpKo3WqusMT3PwgSblljEpJG9M4\/NSi25jW0qhOiQtzH64HZNB80xPYBoxidQi3Mlx58wTRISrHqOKKtyh4ALo4lWKLwBtKik5YzVw28WQsDhPOZ51\/XDKUH+R4zdy4rKkiI4RLmah1ZFu9TsJqy7bd03m0jQZQ8MLBqoj\/uM8ZNSQRrKFZ5ekHz1YOY+S7lK0zXRU"}
00469{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77688,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUWHhAACYGuv4SimxDwKgBuHZf3S4uwDUsE20Ov4AYAflSXwAAAQEICqa6xFki2JVqj3Qyu+5+uy1+28jwkZ3YRlGt3y1Sf7962SCA0mk3wIQ="}
@@ -407,7 +407,7 @@
00447{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77948,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBWHtAACYGuw4SimxDwKgBuHZf3S4uwDVPE20Ov4AYAfms9gAAAQEICqa6xFki2JVqdj9nUXn\/sAhEHAq1Mw=="}
00427{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1T4AQECAnagAAAQEICiLYlk+musRZ"}
00427{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":77971,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQ6\/LsA1XIAQECAnXAAAAQEICiLYllCmusRZ"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1578508365079,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":79165,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"}
00426{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":91439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SuZAAOcGItcSilEcwKgBuHZf3S\/8FjKGFTVa84AQANu3cAAAAQEICmOBiksi2JVx"}
00438{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":92283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="}
@@ -423,8 +423,8 @@
00447{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":93803,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBSutAAOcGIsUSilEcwKgBuHZf3S\/8FjRPFTVa84AYANsf4AAAAQEICmOBik0i2JVxF4jwu0sCYR894Thpaw=="}
00451{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":93812,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABESuxAAOcGIsESilEcwKgBuHZf3S\/8FjRcFTVa84AYANt5wwAAAQEICmOBik0i2JVxicyOakUFu81kNVzra1b2Ow=="}
00987{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94017,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHOAABAAEAGN7DAqAG4uduFPt1Fdl+PNscpnSpDbYAYEAwFAAAAAQEICiLYll9\/mc8NAZgEXPbdvtbTmRXtZvkhCpRu89E\/NC0evMSWxfI463ZMNvhJiUNtLl29hStqf1WWeBU1k0TTyXeOv\/rfDFTYD+juJGFonoyCsM3iL6Q9\/v964LYgEWMX9ALB4X30q9QaWo0Bm0qK9UwCQ8U15JoruS\/niDmalsIWQBLJ9q0Ij0l+QS2w4MJipV05eRX1u42NiX0nmbgf66P3ENbOZj\/1aRDDyF+yjCJSZexZkCh3TyvjVjrGklMAsE77Hx\/c36JFY8gxNN5UQueSZRyjaLRTsI3yKKslk2JbQ902NRTc1Rojsg1zBhHRq\/ORbfBLpQVnAzo9YYHG1v3ZkBmEr0D\/uZNUW7OFL1C89+KGfRCCauAg+mHJwhFjmKdLe6NbjRExzUYQIm1BV51xri9clMmcaNO1RuyCxI3E6JGhWjmuGD8Bu8l1qU7n33tia+dLRd8o+DqGHtS040to9Oiy5u2Jm96xP8m1GRaVb+lWWnQCbdKr1vIGF4mbQblvVd7WqYL7sCqoH0rk2G\/9qPEDzYYKUSpck5aEa0\/xYu4="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_tot_l4_data_len":558,"flow_min_l4_data_len":32,"flow_max_l4_data_len":442,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1578508365045,"flow_last_seen":1578508365094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1578508365094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":94625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"}
00716{"flow_id":39,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97308,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEnAlAADQG3qeQW3iHwKgBuHZf3UEpl2jrdDhk\/oAYAOudKAAAAQEICtuFpasi2JZKOD1kVbLrdC\/cTcdqNF\/\/M4myJbuDPiTQR6RUYgwP1uedKee7VKs2H4QewUbNHrtseikxjhBxWZkorgltADGDmRfEe6AzdQcAqJEB6uNyh4vIfEFBKBXV8fdGKEgFbUP2ckfVnYD32cFPqYFvzB1Hv2pBmCo0\/bM73fFG\/xOMNjWlbZdEdNl8R0hfgpQcGWH1T1goLnjUzh8o835V9CrzJubJpsi36J+WHIjPS2e38krYjJGf8DvXs\/hb9yvVQc3X3BKPL6jhGHuYwGCshh9jcA=="}
00426{"flow_id":39,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":97356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGWuKZdpu4AQEBugGAAAAQEICiLYlmLbhaWr"}
@@ -432,7 +432,7 @@
00439{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":104666,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="}
00427{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":104768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"}
01071{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":105962,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIOAABAAEAGa+LAqAG4rGlePt1Gdl8dOmroo1VV\/IAYECwW7QAAAQEICiLYlmkbAQsKAdgENvGWIALcyRavCBwbJt1CfNUg\/w7vVWHfH8J5KWihknwYvxplDsXdyWftAj3G+fM+tQYNeRRqV9fPAVRLVkaPykgCZGMetBWkg8g1EQ5mFEgViw63sadlIN8S9WN5GIBRApVfJbbSlMCfWJcZa0tH9XH+xD63X5naFx\/I3C1h66Om1nAJG5Ix1OtubjPWyGTU8F+rguM8ojtmeMyjjp1jZWtYEA7u9eG7fK1N7Fz3wOYh0oApyB9a4p0XRXoYqGzktKnqG2qgJ\/vVp7pWmKPFqQSD40qodQj9kGT35wOKykcoBdUL7GG\/mn8npTocOfCIlUJ4cbQ3th5eBKJWW1WxKlcppyejoAqPdrdWMU8QLppI7nY+a1pOVsyIzTtAKx84qjz778ulAgPZT9fYxUV3GWeJ9CTOyWEvSIygOEK\/WtCrKhuzO+oBsHjvkRRGfO7E47d2BnncLP0X+sMrN5GROuYTifxzQSWjbk6ZH2n\/L8C8i5DWouPFCmxx\/Nq+5zSzTuT+ld4ByyIZWtjl1e\/\/fcHy7eVWGpMQXFUHpvYms7eTjj3Upw9Njh5lpaDrp2sXm3male0wN2mS2E4hsrP1KirQ+3qCHlEQ8gbr7WvKvYCWx4+Bxpvz"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_tot_l4_data_len":622,"flow_min_l4_data_len":32,"flow_max_l4_data_len":506,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1578508365079,"flow_last_seen":1578508365105,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":474,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":108162,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0MqxAADQGlJ+yPgrawKgBuHZf3UIGbP5IMVZ7GYAQAOt2BQAAAQEICguCtusi2JZH"}
00880{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":110289,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGBMq1AADQGk1GyPgrawKgBuHZf3UIGbP5IMVZ7GYAYAOtPJAAAAQEICguCtu4i2JZHAUsEbZLu9HK6aqELHPJRaL9WSJojADRt58n2t52VgpLYsTbpinRCnTecyo6\/1xIK9mWXGz+bZW568ODjL4TAfcTw44nn6BCj8mqap+PJZ\/HckjpbCIRqjT4vvekYz7m9mrGTVOebzo1H9qdRuZ0mZKAv93Ib7YZwa+Io+Gum0w04GHa5\/Tva2qzD5G\/KXz43s1cXO7hIY+YQY68lwXPt3WfnjQu6VeAfAqWwPD6IU0JBLZUeksqk16L\/cfjnMgxCayz\/FudAemMjW7gMN1qQIDrPrbQ9XQYn7AHDASXAsLMJoLF5G1MZUxiosu+H1sz5o\/u+MPPkfcdwohNWrkMnKOBn9KFu6GeNtsUv4VGORk7cHdyfmGSVMg2h2Ro5e+lpdKBhxG4hX3sPSTnWUAUAQCAKVvVGF51f+hIsQFfPz06DcnAsS7ri9iNypIAG"}
00427{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":110391,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnsZBmz\/lYAQECFlWQAAAQEICiLYlm0Lgrbu"}
@@ -497,11 +497,11 @@
00471{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153186,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABUqERAADMGHHui5B2gwKgBuHZf3TsLfbwUuLex+4AYAOueOAAAAQEICtHXEgQi2JYE6YtirRyaIoVB7ORY4lCsOeH3eCuwvQEPRCr1biylf50="}
00431{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153199,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1qEVAADMGHJmi5B2gwKgBuHZf3TsLfbw0uLex+4AYAOtdKgAAAQEICtHXEgUi2JYEcw=="}
00430{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7KrC328NIAQEB6\/xgAAAQEICiLYlo\/R1xIE"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1578508365153,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":153718,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1578508365154,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":154075,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1578508365169,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":169225,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"}
00427{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09h9AACMG5MkS26efwKgBuHZf3T9fy8\/Mfuf3KIAQANuwWwAAAQEIChLJg3wi2JZG"}
00438{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":186673,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="}
@@ -509,7 +509,7 @@
01105{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187803,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIe9iBAACMG4t4S26efwKgBuHZf3T9fy8\/Mfuf3KIAYANtyzwAAAQEIChLJg3wi2JZGAegELLTaIv3HkQATOD+AZhRSyZMluygoKhXoE74sjJR7N3+fTYUnwzZs0BkXypYu30jLWQvLH8oAePx6JychxTxO1tNYYcaNkbXSP4yBV\/CLqNjuH\/RHf5gs2+FBLVBoKm0SvmIcoaHebgjaRWYYXG1sjATtkjcgEu0L2o2W+HVp5FWYm9u3AOBkexAE0Ku\/BCTRkzfWVTX+pnmhEWEveb2r275EhgDb+XRes3+Z5jppALvMIfFzXTu\/DxAVixFXbUlJkCiiltG\/eP\/SYsKPFzMH7uV0FRIqmJIrA6jSvkg8uEC3igVI6RGebb7kypy2Jyzfnk4iOvoALuXFbXW8zIgI7fdRh5hnF9OjJkcqheJJWgU\/2bRPhokHghxSiBjqik3CGzLncYVeDWUleTgyxtt+nAmFH\/mwB98PKjXYLWYJ+3iAU\/LVgZOLtJ9eeAdI4tY\/6oI4mFuxUs0fRF6\/MTD8jR+pRpnMs4Le0efQOGqbJwFPuJifN\/KRq5h8ry2CKRj+KS62N8wQv+z4zzCAZUNDSbC\/gzwJ+t3hghqn8B\/J\/sT6W1q9R83JWLS4DYhPMMfJyREaxVLHUMXb0Hvck24zEmGPC68\/pc5hhvPt6FGSSYD\/\/vsBTKRauz9WUTcfsGx7HSPv\/VyLcQ=="}
00428{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vRtoAQEByexwAAAQEICiLYlq8SyYN8"}
00996{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187928,"pkt_caplen":483,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":483,"pkt_l4_len":449,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHVAABAAEAG36LAqAG4iskMV91Ldl\/HR3E6ulBujIAYECyeGgAAAQEICiLYlq+1b4mgAZ8Ej76Lsxeo0JjhmQv760+e3sDcPI+1NwtbEdQlOqM1IGu+sKFczssAjsKF1N0uSA3EFE1bjOFzOmT1oFXkmPWaqPQ0jAxsR+jtrJ3V0GFTF5BbRz1\/DMZmwP84GMD3KpQlXMSBc++ETHQX3CPcN8IgMjdR3QT0IM+uwS0uEPDQt0vCSfRyooOouihC9YtpM2aAbShI2qiEG11Ab26I3oDh8cg1fK+YeODq4vlfKF4mM+fKD6sSFgyaJ1m7dkOv1d2nBelW22p0yDyP8DpGa1+bdSyn+YdRUY1BRjeptaC0bfgepWFJ5HA66\/\/v9wbXlTEDZ3mvc\/CWL\/5b6cyw8iYzyH1QswjAEnuyStTLMTFI+xMU2sMfifZJ0P3bXe\/dbHC6F1\/88QfXI2e93pgkZBpgBSfBPzzjryponn5tfywe\/UWwEuEj8dOsFVIRxJgdI7s+pJdO1b1g+KHuKGk2wwvnxhLf8hpJ6\/wdpga\/uoA5GhdKUYfG9fU8IrF5nmEnH0DWeT2URdcwN4dH3IBbthpwloLq43NhWyrxO2tEcl5j"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":449,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1578508365154,"flow_last_seen":1578508365187,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00471{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187958,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABU9iFAACMG5KcS26efwKgBuHZf3T9fy9G2fuf3KIAYANsDZAAAAQEIChLJg3wi2JZG4qGVIF\/rNS4b0ha3yk0E2UhJE+8SAnGMPc5yyiee5Fs="}
00430{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187968,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA19iJAACMG5MUS26efwKgBuHZf3T9fy9HWfuf3KIAYANuDSAAAAQEIChLJg3wi2JZGKw=="}
00429{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":187986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR1oAQEBueqAAAAQEICiLYlq8SyYN8"}
@@ -518,13 +518,13 @@
00429{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188081,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR5oAQEBuemAAAAQEICiLYlq8SyYN8"}
00451{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188179,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABE9iRAACMG5LQS26efwKgBuHZf3T9fy9Hmfuf3KIAYANuriAAAAQEIChLJg3wi2JZG8fBAxzjaRWd6BoyLtAOXEQ=="}
00429{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":188207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/coX8vR9oAQEBqeiQAAAQEICiLYlq8SyYN8"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189114,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":189369,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1578508365189,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UNhAACEGQrU0u88bwKgBuHZf3S3Pd7n21PprjoAQAfmqiwAAAQEICm8lvuMi2JWb"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1578508365194,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":194618,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"}
01040{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195889,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH3UNlAACEGQPE0u88bwKgBuHZf3S3Pd7n21PprjoAYAfkNlQAAAQEICm8lvuQi2JWbAcEEfexCFt2jnTqWIQ4crQ8vIbdE1KnH8YHvTHdpE2WBn7WNjuJtME\/5vnUJYGr7Co2bbwwMFxhtwsytreX0hhXyzz4vHIJFNkShaTT69RQDTl8JRvcPBZIgYN0p4T9tQtR5KgrWxun53a8fpwaDpsVIRnZQamAF5FksKmPmU+VDHaAj46s7l\/R5UQLWsjIHELWVkUgWJPFcjF3u\/de1aUrt18amXqYuviEKJrRcI4W46S8iCbN40sw4USJH8pQnZj6nCivGF420eAl4bLGwXm6OC3x9HWg+adWTmjqRLwSmzOYgceT9nM2HE67tBp92+PIBvsqUepzgEHG3NzNqVT\/Pafhaaq+0cmnUve9S0dM4EbJaQeLfm9aii2YC1tqgtp4O4kJgoNgt+uHhwqqhICVTp7KiM3mzaycQCwfuRM+YVv+zy6rjZizKBuKWJuxoVA3kGYlrH4fhE2DXXIIIDUJNv3yUKH1G+YauLqqTQ+T9sYkmCT4ejriP40uTp4WcbyE5dKED9fbNOTmq5R7sjFiWkLpWsCbqSU3p7Tdjecyb\/U0XkIAb\/RGTov\/OHhEUynnOjnwjI08W8Va5i2+TGe7WgA=="}
00428{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":195994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+muOz3e7uYAQD\/uZrAAAAQEICiLYlrRvJb7k"}
@@ -539,11 +539,11 @@
00439{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":201994,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="}
00427{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":202054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"}
01151{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":203398,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAGPXbAqAG4sAmI0d1Mdl8ouUvcQji4PoAYECzTgAAAAQEICiLYlrusVDbiAhEE8PJpnPbySdRqYDVxMP+F\/sUREqF\/ZPapL0ZkwOKMkrT9n4zoxh41j\/glS+PHo\/5d9kUdB0t8XsUegDI2rTK1qd731I+OxYB5atRAvsAHKjhEJvXyxBlcONwpQSP\/EbY3bHhBzCKl6skIsbvrHid\/G+pdbkvCg99m5ksWTyjKeOLBOEzpnsCQQJ46PAi5Gt+cDzFuB51Q88zUU35bDXVA0lLvIw+\/X9Ad5weyrfi170rwq+ovDDRTwLnXqPpcqTfzPWDebsd\/6JjsLeqiFe0w+TGqkb7XnmvyJRXCCSwZwNWBqW2wMglzYEG7ltbYW98qdjPkjWQR+9tsbEjKGZaGADeDpJTqev97xI1vdrueDinIGP0oRJzLadvSTqC2Ltp\/C5Yi2IWcYPY8sywmbCd7WiiseixOfbruQnBYJcuCqP9v9CzDCs5AIhr5M0ZuPRMu5dbjOvMkXJ3NW6ba6vBl30SnnPSKHWyXB5KIK4IjuThpFVBpTLHLgCfrizWGDE\/hM2VI817zJI53Z4uO\/Bb+w7RrXYUFd2cFzRSZ49MZ\/vQhuKbfvsBPQ88Ow0AARIwIVnac6G2XL8ek6PHG7zFReTp7DodXUTvDgJg7wZNQ8sPEdVrTFE2Fs9IZezbTOy5TaeVX30ypx3wwNi5iz9g3SdiXLC8HImUZXOcXLmnt\/fLL7x6cPdF8T6a4GSRCrRxx"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_tot_l4_data_len":679,"flow_min_l4_data_len":32,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1578508365169,"flow_last_seen":1578508365203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":531,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":210541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="}
00427{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":210643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"}
01052{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":212245,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"EBMx8Tl2KDc3AG3ICABFAAICAABAAEAGWCXAqAG4I+T6jN1Kdl95PESuL2h214AYECioawAAAQEICiLYlsOaQodaAcwEDGHd5l7+RqBaG9K9E7p7eG1uwAqixy4kSbBlThBTBG3PJd151620cEM1KQv3FuVJ+m1O2Bl3PuHLNFy9+uCW9rXxDdjuGQLXopWglXnwA4vfKEaNoP1guYL9OWT9VrChHEKiZqWq5OPiLXJzIZxm0n+wOzc0TDxP3Ht4K\/8RxdBrGYRmBMp07Ku6MClzvshXnlOvFHLazXKckRDG1GrWhz3NC7HBzBC9vkWn4WuX0jDrGRuGgtbmHSC64XeGp91\/wQF5bA7lAbI7LP3qdWbWTriU3RLdD8BmAS\/9dis\/zPdM5RETmZgdmAGlh3YwpDE5sG4MLluRHTzgmeIW7EmXVuGjbPylkf5LQudyfHFWA8SFV8O+KuOXVRm\/H7JIFsIytQFbbnKqauEeQrW+BY51hlWUwFSH9NDdlRqtdSDGMYgECxSuxXCShGy9Px\/C7H5nI3SxVQKdMhmtMLGuO5bZFjGsHe74YCTQbrTiV5NRiVqSYealCdEu8Pya28B4kuNJe4f9BwCRIHIINgi+gSgDYgqkleDY0V8p5fcl7nNE+5TRnQ6seUsPtEv7gQuDD9lZ+LTCKuzbZiHiplBuxx7+2Bnil1lw82hEQJ2q"}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_tot_l4_data_len":610,"flow_min_l4_data_len":32,"flow_max_l4_data_len":494,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1578508365153,"flow_last_seen":1578508365212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":220554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0oJ9AADIGTqSKyQxXwKgBuHZf3Uu6UG6Mx0dy24AQAOts7QAAAQEICrVvicEi2Jav"}
00886{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":221938,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"KDc3AG3IEBMx8Tl2CABFCAGABIRAADMGdOSsaV4+wKgBuHZf3UajVVX8HTpswoAYAfptVgAAAQEIChsBC4Ai2JZpAUoEKu4MH3rKRki\/wZp+pLlvmCPFUHz83D8Uysnt\/uVSh4\/tGNo7yls8\/eTe9O\/hr7SOV1EBx4PVYZOuxUD2kNNbbq8OFHsub+Eaf2\/vXqQJ42UcjEq0xsdn0Mb6yRBy3irW63B2ZO0tGPufyhr1qx5iYVFrzvDsahcfiz\/rgvBbA51rqTuRR72tiHPex3NpymrrfZVYAJzj6ID6s7NBoU8uZ6YwpcF+BbBTLe1WOjCYO0HeU91tAWCGxv5N4fgI3xhYBPyiMUaf8ZByFBcUIlT5\/Y6\/Av4xwTb8jmNTIp5B\/Xe9hypAe\/p9E0n68kPbQkph0SWhYtNpJGaUrwBs9enk6EWTDsy9ZvQEAT3x2rD6fZv23yoMyWZv94PS7zWbsvIhhSUK8LbmFjAvYJG0iZ7urnIVC+\/0HYOAQFFK35yaUkBVvQ1zhmP3AXY="}
00427{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":221982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmzCo1VXSIAQECHhLQAAAQEICiLYlswbAQuA"}
@@ -563,10 +563,10 @@
00453{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225068,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"KDc3AG3IEBMx8Tl2CABFAABEoKNAADIGTpCKyQxXwKgBuHZf3Uu6UHADx0dy24AZAOuM\/AAAAQEICrVvicYi2Jav1jRaKtLwi0beQ4e4XxuKrQ=="}
00429{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3LbulBwFIAQEB9cDAAAAQEICiLYls+1b4nG"}
01121{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225314,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIwAABAAEAGtF3AqAG4VdZsNN1Odl+\/h8Kjb6ZlboAYECw2MQAAAQEICiLYls9ls11ZAfoEoC3aHaIYpG5Sxx6O8FXsfPZQeNM1OJsBBwZRsqnAvPSRl\/wZXOiCwtj2F6lFdpdsX\/t7QMqDehmqQ+9vERZs9PILcJLcBml7Ez9pBoXKWo2a1xhp9o6yCMZgukG0MBan0OKAz47yPC5wnomR\/MuLddByIHP\/f\/h\/o6Qnrr1MmY+TM7SuRmDBQf8v8wWNvCAoKbXByuyrmRjJZrU2hDpQzpN4v2Bw7oyPFNlmvz0MKwBU7CqeCSZeCWaTlXhpFAlV36AIgHdE4mmb+gQtXFHUXB9WpHTuiQMm1scnmCYryQ8dOvcVFbv5TmQ8Kj2oSUGkcrB3ssC8ZytCxYX0rZedl0d0Q+DiFqxbwHcfjoh3DpqVbSn2vdfOCR2qdhWS14gskGAO0InEx6PohcRV+m1ZyFsXfOrikb4qfgfqUI9UP2KncRJp1c5Fi0tR6YuflDWYF7UGbDWjl2wRylBwf3GccEyb5dDzE4lv7AE3RKd2bMclnR+bx7IsMu5WJC07eJd26S5YVacSnSPJb+5RJ0hVb\/gBVH\/o84gCBh3u\/eMuCT7sc5gynbtDNrNRUySNxNNyIKuvBaDfYp+WLiirjjcfu85ARWFJ+YBheABUeZucfRZPhnvyjyZaHsqwqyEuFr9gtV3NhBAl2ctvT\/1EdG2AgSvAxTl8l4jvSA=="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":540,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1578508365189,"flow_last_seen":1578508365225,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00473{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225521,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAG4SPAqAG4iskMV91Ldl\/HR3LbulBwFIAYEB++egAAAQEICiLYls+1b4nGToybzwjlxFiIlSmpCZLTvKJaCcU4dDONFHdW6naBXD4="}
00434{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":225531,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAG4ULAqAG4iskMV91Ldl\/HR3L7ulBwFIAYEB\/94gAAAQEICiLYls+1b4nGXg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1578508365226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":226088,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"}
00427{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":235931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03PBAADIGcJiwCYjRwKgBuHZf3UxCOLg+KLlN74AQAOsY3wAAAQEICqxUNwQi2Ja7"}
01009{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238288,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHg3PFAADIGbuuwCYjRwKgBuHZf3UxCOLg+KLlN74AYAOs6tgAAAQEICqxUNwYi2Ja7AaoEYUpDMueFQ29SYV04DhjKVkzrfBOIzAJy2k96xLiVPC91+TyvsLpnxRqP8LXVlOLtHcmce\/jW3zRyIMDcExOzW1G2EF8ZpU+eyftEVvJ3eZjqKjGzkGUuajzUBL3\/xzWdxJLxfPxvuu2Qzb4Nl7h7vY0jBocCuiToAim3My5afbpu+OQYLydrbK\/DJ+JWD+ptIR2XIVU8N3npHewuEofawLiLlgyh0wRr3GIvVNEZHCTIi+ycYzcVvVoHPmP9JCx46zE4KvgZkf0v3vH0ytdwn99dEwUQYNaSIuy4+ms9Tp5hGABdt1R5XienBqbiJ\/bl\/V4uySwjeBXhgxLSTJEtBgu2oqy08jjR2eUs0ugH3oxhrfgbnaIucZbZIZW\/zPPw9VcYF0qylTErTDAp5bm3mC+AQnFiWU1tU51wpYzyWvSXQta1y4PZCxQPtAjEgtcyw8Igm7lcHF9sxT11hsqO1tzEd0YNVsuGB5J19DtscEfH3u33nG4ORZiAG7Xspcj0kMeh51oC+\/aMvJ8NoXr9CrIKZJZyGrTDkyzH8II2x0SXsTYp34jnG2o="}
@@ -579,7 +579,7 @@
00428{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":238718,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouU3vQji6K4AQEBwHnwAAAQEICiLYltqsVDcH"}
00473{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239135,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGP2nAqAG4sAmI0d1Mdl8ouU3vQji6K4AYEBy6BwAAAQEICiLYltqsVDcHmZBEPBcbAj6Wf5Qavau+nh\/irgtiI6tR9CHl5eZxE4g="}
00432{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239147,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGP4jAqAG4sAmI0d1Mdl8ouU4PQji6K4AYEBxFdQAAAQEICiLYltqsVDcHwg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1578508365239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":239758,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"}
00756{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246408,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFCAEkBIVAADMGdT+saV4+wKgBuHZf3UajVVdIHTpswoAYAfpi5AAAAQEIChsBC5gi2JbMoagBoDvlsI1RFYeIr1BU6AhB7X1Y1lBBp5PbNNbeSifm\/w7DNEZlWpxj166YKTICrCHQC0PL9phdL8IOezcQfm\/ZbCTmbZSjxZn5FTaF9xndT19Y+wtto5+D5L3U3YbVKclAy78hwqF3Qytv75\/e7Jo435Rnjg50musiH2pjhj+y\/ss3gyVuYjR5ZuiXNY3H5QQ5bGoRdiQL+wtfsqaFYCs+1a+ovcEGn7h9a9tj0PuRvmEjUDb3s9Y2xZ6t1Si\/goTN5bhl9U42SL04OFrAx0H0P+CQ6U1JkiSgS9gLpp5OaYfPvoExw53yu8uswsDM"}
00428{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":246486,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOm1yo1VYOIAQEBrfZwAAAQEICiLYluEbAQuY"}
@@ -603,16 +603,16 @@
00428{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":269961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAQEBTuIwAAAQEICiLYlvaaQoeW"}
00474{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270123,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGWdPAqAG4I+T6jN1Kdl95PEZ8L2h5QYAYEBQdZQAAAQEICiLYlvaaQoeW0ZdzpKtiUhfhIx7WeV7\/+5iewNRxWOu\/lShzWkhuDQ8="}
00432{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":270133,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGWfLAqAG4I+T6jN1Kdl95PEacL2h5QYAYEBQv+gAAAQEICiLYlvaaQoeWvg=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1578508365271,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":271977,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1578508365279,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":279592,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxArAqAG4NAmARN1Vdl\/t7etbAAAAALAC\/\/\/ZeQAAAgQFtAEDAwUBAQgKItiW\/gAAAAAEAgAA"}
00760{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293591,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkOBZAADIGi1NV1mw0wKgBuHZf3U5vpma9v4fEn4AYAHr1awAAAQEICmWzXZ8i2JbtjiX8N\/UkjGHiI4KK6khM\/chT1LHox1qUiskn1P9E0bM2lBJuKEUJVzv0ZpQPhZkJpHzHtxRh3lj\/xt\/j98DYRYmrZSlFmiljtU\/TqsEKD5YcQo50QMa0zscLgJKEDYc73pDuPHAqTaZlezbGr0\/zkhv5ZN+34hCODv8NdoORc8P6X\/UXylQERF1HrCsXuxDnfTo+PpPBmt8Texgoh7A+pDFftuOC\/NzbVkocAYoV9KGW+uUqxpSFE2s45Hh4KNsP\/yh6yWO1kGOXa7wuiVy1tbbCN2g6wrbb2opFPDrladJZEav7kjTTx48sbgd7cyXH"}
00429{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":293690,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAQEBq1KAAAAQEICiLYlwtls12f"}
00474{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":294050,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtjnAqAG4VdZsNN1Odl+\/h8VPb6ZnrYAYEBqvswAAAQEICiLYlwtls12fk05E\/eNp2gBn2Wn2YezoSgCwsTFTQBL0WeUZCIZvQhw="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1578508365295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":295537,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1578508365300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":300081,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"}
00600{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315790,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"}
00572{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":315825,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="}
@@ -620,34 +620,34 @@
00715{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386800,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEERKJAADcGbXoiYawWwKgBuHZf3SnE3yB7nZqG6oAYAfoxBgAAAQEICjHMlYIi2JZvGdby6dME+3x4dvya5AgCwvqTN38qxsoQG0cVajFonOjSLqEqRyBei\/9lSFrSkhr8elR6liSUj+p7b0DEsed7ZiXVa4yCEb9HejeECGlcsfrhCxUTzn3AiEDMdLM6NvjPN\/s4BZwVMKiL2utDwrMkOAfN\/Y+CugH0SGzKoHXaxPA78qQbAxrbjdN4m9Zc\/t1hGf5Wm3pbjqQuWhEervR7QU9RvZQzqMoxtdq9s6Iwi7TVA7hVHJ3h4940Itigx7bj+mWQrtUAYEE1SvseyocxXg=="}
00428{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKNAADcGbkkiYawWwKgBuHZf3SnE3yFLnZqHC4AQAfoE+gAAAQEICjHMlYIi2JZw"}
00428{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":386829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKRAADcGbkgiYawWwKgBuHZf3SnE3yFLnZqHmoAQAfkEawAAAQEICjHMlYMi2JZw"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00575{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":408726,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1578508365408,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00601{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409418,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"}
00571{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":409833,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="}
00439{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":411322,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="}
00427{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":411408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"}
01201{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":413075,"pkt_caplen":639,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":639,"pkt_l4_len":605,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJxAABAAEAGK3rAqAG4M6EXDN1Udl9XVw7QLoVUAYAYECyDfQAAAQEICiLYl3c+6INOAjsEhZMwnv7AYIDvDVtrVuj584tbTBHPl5FfxNiETDe4\/2bbkHyZOsBBL2pjw7L50JQ7E1u6e7FU3XqiDLBvtHiYyrNJbDsbzTSeAUmmiGGn\/rVs6lWdKtzqX+Yhe52EHPlvLH3EJKxiwLzJCxpyscYV76Mqzt3rq+U+IQ8dwmh3Nb7YKN8W\/tFY\/aFWAb+DQBv6piiVGN8793L3cIiNtkqYb7PDjTj9a+ncM9xXzaPAfp6yTqM2P3pcHJbQlDXOK6zL\/DacoT70CWvHMTvMMYG+7l3\/hTiJQjWtQWZPWxijqkdUJQhjH752XlqtwvHYViAJmgTRfE9h3NXhZdPvFlE3OSwtEiQtD6cT465FNzZ0dTChmNiu5LCCyWaKQ\/I+bjDfEgLhzs0xrzGLWfIGJ9ql5HbMedUgn9vXVbw5+MyIb5wPRO7KjKgYR0d6fMgz0VfsMPMQEs74x9tmu8LBoq06ZbKzFR3RrCkNqNFWVWB8wxhRV2y1IscRVfVZSGDcFyS3LfqvhCD9fbm6ctSysMr8LClBfsdKckU5V7Ba7MT48uPaPWJ2BOO2cQ8e5CzsJPSdwENL+PGg8oqEDsIlZDFsyhtbUoQMuq8EsBrrvTUxXLLyKiWfsv3hAZGADQvFJFgZKLVzP29GR23Tms3MsAvvZ1I81kwPVLZfpOlL8TN5aBDd1jeOEV7U7tRNdmajrAkTnSaC4RECbrWjMoc+XWcxlp43tI0NDuAj+vR0ccAA38wI6iAFENOiDpH2"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":32,"flow_max_l4_data_len":605,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1578508365271,"flow_last_seen":1578508365413,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":573,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":419060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="}
00427{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":419127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"}
01223{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":420924,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ7AABAAEAGP9\/AqAG4neaYV91Sdl9OT1qzFZLkIoAYECzcTgAAAQEICiLYl32827CpAkUEkClDEehLobmQbbq0Gz88T6EtnrPK5m21ZMthOtQadc9Bu2BpGWCvf9sJsO1HNQSMiG\/gRXiUvC1qsMYknKuo5riP0O5pCPUXOV9\/dCGVmpEoJbX9Cu4SU8oOVVcq0BW5mBcSCXRzqVkJ6OuFKGVTETzXDICOVY5\/x4IlVl067mKLB\/y5BdW+kH6ZLpWMCALAcMn2\/N\/iuz7T4n58+LdBAiZGJcKZIWLhE0kGcJEWBFrygfok1RQVFkWtbGZu7Yv7S3BhIHHDNoh2JCQyRKUOY3W1VSS+94ol1wQvZHK2D\/7cg3DZHBIELc1hEYWnGs7+v+aH3JWQbtMvGudM\/\/TxcEs5sbHPj2iuPwUs+GWr\/ABYrJbqnLktLNlolZ93lHC2AiZh7UnQSEZTQ2C0klPi0thw4o3CnU9xvXxsrflgbGFAzwNXG03KE25YHxzaVDpGfCzy9Gr6gwSGkF3c3kmPryW7WuvlPz9g4Qw01EnLeHPggGUoZYmc0gvvD3Dsvfo9uusSrfCPX9JGhzriLcXtplCdwocezH9CR3bPV\/XtsjxN+Nr7eBjpfw3OsMQ4OAwbZ2HbAGUJo15wGuvtlDl6V61+4R5Cg4votIpuRyRgpVUBGlee0R7tb2JnAr4Yd2w1u5wUF+hroymJMt828hU4NcUZIN8xqd5NItltnYBHoXPBTsYssjGvvdmkIN35e9KfJyCJj5cohl4gdMFpEjXdRXq5jWfjrb4KRRnkt1m8IiceoNy6GFXL7gqcU9Jy\/F0tjlZ37g=="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_tot_l4_data_len":731,"flow_min_l4_data_len":32,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1578508365239,"flow_last_seen":1578508365420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":458807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="}
00428{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":458850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"}
01079{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":460380,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_tot_l4_data_len":620,"flow_min_l4_data_len":32,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1578508365279,"flow_last_seen":1578508365460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":472,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":461164,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1578508365461,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465293,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="}
00428{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":465408,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"}
01138{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":466737,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":588,"pkt_l4_len":554,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI+AABAAEAGHnrAqAG4tqKhPd1Hdl8HffxHof\/J1YAYECxPlAAAAQEICiLYl6Y8EmDbAggEdoa9oP2cg5WbFRFp1huJY5VX6jNWR4iP8q0\/ZL+UfNj5WPNc5X3v5yp6YKaivB+gVGyrqfEZ+GjIg4XUCsubChBVe+OydG5YXSKovd4Zvd2sMMyI2oOC03c\/\/kw7hbjJ+rbBQxdWEgnQfHb5jg0KH99eYra9BRmnscjtPZ0VPLlbqSIcGOO1IiECUgTAOnr7SvcmyLFIiAGvGrvIdBrTIX76tgcsbBfHLo9eTIxNuEIPzftpoJlQRkkJFNo8lNqUk\/8C6TDddviZkLmf4HMeMlelv0\/SasZ6LuKmyQqv+6Mt7JjKWqNyxGEEereBZV30a3IwqqLc6nUseUnNUQaHuDiCR2cYJetm4kh+05RWknax3MTWGgsKyA1\/YRLowef50NB62eOQ35t\/nBtZreItPNm4cNzObl4w+R+inyZ6li8vfc3BlOL32oXm0w2h\/yO0+x2iMoMFs5E9MhSHHxNibIum2iNU6EkUL9wtesdWPyKtSi9lBYLQsSPpaLzTCSWPERK9PKL++NBm\/U676p1bFKl4W7\/Ejrza39gV8xmvOiBamM+U+6+vGXo0NysfKdV7T+LqlOjRTzZaPkLZ\/iVcI1ZddWk4e4FedK17QLh10zktBCaEDabKeg0lqB4s1r5My9st7NMBbRXcQGzOAxWryiBkdnxlPs7Ka+FwnQf3qTCDYsXMFh2h"}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":32,"flow_max_l4_data_len":554,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1578508365094,"flow_last_seen":1578508365466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00441{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":485758,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="}
00427{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":485867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"}
01163{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":487180,"pkt_caplen":605,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":605,"pkt_l4_len":571,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJPAABAAEAGQD\/AqAG4ikurvt1Rdl8erUWVBnX6iYAYECxdtAAAAQEICiLYl7qkAfsSAhkEh\/JdZMRsvJD50CNbEaijDchFk3OeRxtIP9ocS2obT6LBAseQF6pytODiuXSbVf+Tmz5zqYi1Ty803nXLMzQOvNkOxSwkZkVUAfx+vDSqcJWe9hIdwkIOFWQ6Saby8ldXdWtC8ihaXIOuPl\/\/xLwvlUX\/F9SqKUKM2mTHVKVmZXgsN+9R9+ScHBB86uiM2WW9EfrUqPwS1DZZgmVd0oVjiW6ZFQZ3uPmqvpA6EbIm4iw+wZ7DthnkwGPRVZ2WbUXisIz138NTOUZM\/of5lFF2Ni55b0jr9dFQlRBYV4BTowlUzbb0h4uWSigpsDVoB+vANxwYYpZzi2g5VCJfZY0kwv2sj5u0zJyf820aBK9BeOggBjLsPc7pgxzkphmVfkJoriXillvShMJUQ87DOlRl1PLwZwUsNbx+xSd4Gci1PEnLhRjr2+OXJBia0DcecgMaNsdXFH\/Z+KB5x\/HWiSM\/B5iczT0gPqTog97WV5H8npGpr53JyOCZIkdRs6s4OiT9sjzU+5klAakPECUL6RpVCfWzm2fNKv+\/PiMlKEbfS72BxbX8uEN1Vt0pLKbA09K6PG1LiR65jTcj4prXGZrttMrIUK0cSW+Q2+OFTPpvS1jewPwUKp2bh5sojycr9XLKS4yBBP4pqTrPiuWsLhL1S9I5\/x1THo924R+UfL\/YLunQddGt+mPuZ0CGIL7Lm5eEAO\/WaRtrUCk="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_tot_l4_data_len":687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":571,"flow_avg_l4_data_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1578508365226,"flow_last_seen":1578508365487,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":539,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":553053,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA019hAADEGZN4zoRcMwKgBuHZf3VQuhVQBV1cRDYAQAOytEQAAAQEICj7og9si2Jd3"}
01002{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":560301,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHZ19lAADEGYzgzoRcMwKgBuHZf3VQuhVQBV1cRDYAYAOx5KAAAAQEICj7og98i2Jd3AaMElrnjCS78C012RtSCEFzgBwfeOrYXkm9L03KmAT91mYcbJS5rUkD1wCGw72dNUNBAUUXpnsL3\/WEfMdBwfF5d0GztDi325Bo\/tgnFwVTMIyJ9G8zLr00Pv9Gqgjl3FWBxvjIpwkFRdkNHAYtQQpt7SG\/QJZ97vvjyEBtLzdbeKobqKHJMm5INAMGYql85\/6914UHkJmZQxqjzjr1ozB19yu+hdbBJrGlWxPNmWMVZkCa+Zoc\/UC833Eq0570s88+cxYyGgx4jzGWlj6y7KdDgd+pj7yhbOgp2c1sJXKi\/iP0\/ap+IkXp4EMRmfg0Ng+i9c1rRZMajrxTTZ\/6Q5scXrR0O83VPMrSV9wtRMPh4RM70cFN0IF4nniajPbYJigJswAbUytn6jiodA47XUig55EVMoeL0yGjDjA1zMOAAfLe6i3eIgs1QVyflAabmYNYUOznrLZ+T+M1pDCUEHelba3IjtPIBm0+pI4pyRuDDc8X+enLrTXfDxatThxZMV49MsKFk2uKmZWrjJRx4nflMXa2lSKfU3mXrx1+vGC12yHS1YQ=="}
00427{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":560398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVxENLoVVpoAQEB6brAAAAQEICiLYmAE+6IPf"}
@@ -659,17 +659,17 @@
00472{"flow_id":54,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567015,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFAABU19pAADEGZLwzoRcMwKgBuHZf3VQuhVWmV1cRDYAYAOxkzgAAAQEICj7og+Ei2Jd3b+p0Zi5PrK+rKZYwUNUYR5dfWQ7Ch8tPqncxWPhSikE="}
00428{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVxG9LoVVxoAQEB2a1QAAAQEICiLYmAc+6IPh"}
00432{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567315,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA119tAADEGZNozoRcMwKgBuHZf3VQuhVXGV1cRDYAYAOw6PQAAAQEICj7og+Ei2Jd3cQ=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":567882,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1578508365588,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":588602,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1578508365592,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":592330,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLq7AqAG4VmvzPt1fdl9sf4vVAAAAALAC\/\/8j6AAAAgQFtAEDAwUBAQgKItiYHgAAAAAEAgAA"}
00427{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593653,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"}
00412{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":593768,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"}
01006{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":594975,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHbAABAAEAGasTAqAG4I+XoE91Wdl\/o6wkD8x8mjVAYIAAS7gAAAbEEziim\/J0gI8gjAVY+YmyCFFnqH0s5j5T0so8TjsA51obDHc0Rqz2AdCozLs+UTk1cW9Y5OjQSK8Y31YFyoo8Sh4CTbFuJ4RxMa\/yBpXWlsq91wodmIbZ0TFzI02phx1+XzfP\/VUH7OzLCHU4h4kT8KvUeuuzDiXeRKp3KFGQiCfbiffkYqfEmxNQvkTb3bSuC7A8z6koun3pmBF22PF5x0CnRQDoed\/Ii0RtaJmiyQ4GdsJxavdJzD\/2guMA92F0O2B3er6P8w0lQ+UJuLCFacbaeCM9fT+\/GAhNt77XxcoerYekezrYhubw03HpgaHzjzy6JTcDypLc42mlWXJsvZ52w7ejgK7bcZB++5VYrmPz5YbsWfdqD+S9cUUrP0guijgLVfELMV+E0CflWtwtRP9SavemrOvy\/STy0yfl\/QD3317J6FBeo6KQy1txk5g6pQBHzb7Ex++\/1RrCeCi+2gIuN\/LSZS2IA7emeedvnVvyOQN4icPyUtjCg5FVYqUWdvItRpzo+7uX6XrHM8ZUHAl0B6HzG\/h+08MNm7+8VB7YBQ6RQi0iLtTs1obyhkH7J"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_tot_l4_data_len":551,"flow_min_l4_data_len":20,"flow_max_l4_data_len":455,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1578508365295,"flow_last_seen":1578508365594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05IZAADAGbZ+d5phXwKgBuHZf3VIVkuQiTk9c+oAQAOxb8gAAAQEICrzbsV4i2Jd9"}
00964{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1391,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603599,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAG75IdAADAGbBed5phXwKgBuHZf3VIVkuQiTk9c+oAYAOz1AAAAAQEICrzbsWAi2Jd9AYUEiu06kQiDK+9uOuoMwZjPRpVMVnOIPe10u66FuxSo\/8swWJ62RkpZ\/TP4ko5IDqFuDjAriI\/PN22Y2zlqyZImGujwh+pdxrILNCh6fNyZnRZhZdc\/OCJtSPf7UHGzyPDktQiQ9T0rNa3KGy12KWTXCsNiUQAraLiUVfC\/07WS9nFTgfzbKaWAzyzd42dBjZQ\/tMzxBcBjB3JPK6DAhbZJmY+UrYIwRB4oo58MyRpQf0g4k2esz4M65yuGcjz1NB8DiWhX6IASTpS1j6BewpZIKvzTVfBv37rg\/1g45wZg2jSPcYU5iG4uXSxMQnEJgbbA415Sw7zw515zhYF0ns4wJVkDH2uBZjcfam+fFmOilf2Aw\/vftGBEi8nOuqSx4f05YswvACprLOkyUkKegj4doQi2H7ueg\/uPP9+7E+4JkL9ElYXdgMO\/ltPwYrDdbZ6tSwgAPk2mBTX9IanyMPHVSbjySPpiYdsC5A+SrTPpZZFQ40cQt5QcZThGOrjPjXaA+8hvDA=="}
00427{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1392,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":603683,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1z6FZLlqYAQEB9KiwAAAQEICiLYmCi827Fg"}
@@ -685,15 +685,15 @@
00440{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":628408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="}
00429{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":628530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"}
01101{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":630052,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIiAABAAEAGj5vAqAG4ynAcat1Pdl84sWAmWFsmn4AYECznUgAAAQEICiLYmEAnH\/CcAewEFIjySTWjNne5ecrwaJ8uEFZ6wTzHckJ9nhOvk1tbhtUW2QAs\/NJT1OQvq1ruN09+K9w4xLSE1oPw\/JLCyqPILre12hJRVnTenujmnJQ4kZfKDPWnrIRN9tAy\/zuTBRW5GN11nkVHXlFkerHzkgQOGThWa9EquiBlzy\/kF8rSfO+9pcizDiJ8ojL\/vOGx2vK0HoHbgpiwO\/P+dJnTEN+Pje\/5LF7lgXS6h\/\/8cHwKNYmhZhwyPl2L3adaQmgedfbuj5IPGsy3KDSYKNXQjT1GL1HF9VzqZaiJYkyGXky043+jGhsqtajrdIw0itUYUcU1oW3q2mokm8j3eykCiiC+aZqOeCs2Q3jwcybKlr6JvoAf0RVO4TlY1rdZO9FBMsloUtqtyaEFnzkwONnlmtAvXaxQyXOiSyOBDMSPv2FGVcY3KKPuSOiWRc5gHtA9+Ma9LwoeUEoFRWkVQ4VDo30xD4C16YzBes\/TCLkGdcD6zIpzoes6H0PlfBaaBWO6uOw4uZthiDBNlB5Q97pvZeyNS4COaj3Usxcojpo+mX39Wjm36tvwn6skBxdaCSvSZzlLANPJ0qRh4zXodHRVpvRuwXe8ms7KastdEBlPKgZDyhrdx6bb29fra2HEK5j+u+JT4zv4AJCPo3WLfJw="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_tot_l4_data_len":642,"flow_min_l4_data_len":32,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1578508365194,"flow_last_seen":1578508365630,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":494,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00441{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631404,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="}
00427{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"}
00439{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="}
00427{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":631621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"}
01161{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":632984,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGLJ7AqAG4VmvzPt1fdl9sf4vW5qCK0oAYECxOAwAAAQEICiLYmEJQzL4rAhoEiPjdbB4Kgwl\/PHapbSVH2zNIQK7AWWYtANw9khTPrqfFaiG7hw8fy3FHkDjGMA5jVqMoDIzdBBBvVUP6bqKBY9pYw1aVPYSZ\/GxjPlRteY8+bb3qTe1SpBlH1FX5ThLiQgUWD6\/tw8h0to43qJDr0yz+z\/ZnTYWXcLKdBELTN6nj3OnuhgVIBk8rtZUgsEfckIn9WEPCbB0dYrkhHKGgt5GynLdCdl+S5E6meb2h\/4I+MlrHqLmw+1qCvhhT9tJ3jVvSIhbpshZRhsYYo3XBbFfGsv9C4pgnKjKNn2y9njGxhAREtxMbZtNYWcHodt00ieY\/a5dad5r5vhOWGl9ftWz1jTN6cJchvW2cw7rj\/srwPZiBUf\/9ILjFvk6nKYrtLr8QVgBbS4ABS+ALElvcfLqP0KuU5onA3Jw8rzXQOYhLSb1mC+Wqcf6wqJwgNotJ8Y1QzSZDsbsQVQW\/KXBTufZVqupzNKNQmgzAHznb9DuIjWFdsOwb4CXDao5ZeiPeA55UuL1dvi7eRtSYguvi021EBxQ\/GKNOHCcaNxEFMr+xIpHh4lkybLQuyKaY+jMX7+XSH87RQfggdlAc1bKATomLc+N5DLFbMFgfh0NM+5k6gq0WEYX2PaZl3Otaeqfvl57dPy6TIg\/y+3guItFdnGQtcdFE+Du1WPHup9HI9HIawoOFK6hL9+nZFGuZbL9XMwrfOW4dkT79"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_tot_l4_data_len":688,"flow_min_l4_data_len":32,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1578508365592,"flow_last_seen":1578508365632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00959{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":633113,"pkt_caplen":455,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":455,"pkt_l4_len":421,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG5AABAAEAGVVbAqAG4p1Z6Mt1edl9ccbjxTPJGY4AYECwuPgAAAQEICiLYmELTe0haAYMEZ6RWlMCufi+FQ5wsc1aYeQdeBtzI218JBnTD\/4XzF4uu5E0fGWELqanbfUzRHRnC3Ii7806UEU2AY9ictpA75dCoFoa11U4tIHuqPv5zPU5\/1ye\/zTvCDPXpoEmsBI0zIwNUY6V\/gjXAFyU17GFmr+sLBsIa6EHTUcZIHiVGxBQVuSZXRwdtyKKS1L1ouv1UavOgXI0xiX0aOUisfyAVPJu5G\/lOv4DXFYiIKEUSC4fGBvK2FseP9elGgH9sTG1nljFlF2+lW5clLyqngkDEsG8Th9XGaC4v9bVI4AZpdMO6jAky7oOJy\/8+cQ+s\/2+n8EF9Ht96RNhUZws3u1GD9gGl\/dybwejRDgNFePJDQmzNjjTCWadMck+kTt0H59V6p27ML8Ig+raZNsB\/CrgWvmG0sPuvNFoo5ehOQNQCPEl4LKvaMlbGhI6EHshUnYwJNlmY86hEYAOZqtMXemyPa9pZ3QJAJa5RVo7zQz4OuuXvnbYY9aZtxxnS25rGeeIxUCI="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_tot_l4_data_len":537,"flow_min_l4_data_len":32,"flow_max_l4_data_len":421,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1578508365588,"flow_last_seen":1578508365633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00427{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0Cs5AACwGzUA0CYBEwKgBuHZf3VXR7JfY7e3tNIAQANvnMAAAAQEICoMgQc0i2Jeg"}
01012{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652691,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHgCs9AACwGy5M0CYBEwKgBuHZf3VXR7JfY7e3tNIAYANv6PwAAAQEICoMgQc4i2JegAaoE1Ups6ubRjS4U6jmsM3FWAfcsZBb4yEzK1wOmt6IBH6fUMXJPMzFii61Cihtl+QMCYxQ+ZaxnA7qxHU2uvdU\/ItsZuXe3WLE5hgOOB4f+waoCYYMs7mSr\/apjE0wAEfpI5zd7MhzreI4DlR\/TwImxOl1m8d3v7F3R\/CyOnuJpAnQ7qQvSWV0lv02mzI\/smnJzHnwTZ7Np3TCgcAVF7Mlm5iy\/1mzrVZOfCjE5WyRKJlX12SFGu1S7MW3ITrfAv97pksflJfo1g9+Auz2N1zEPeasnb8LSqXLB9QhuRpxEWWYDdZMzzgAzfi0kkHWImjbYeW8b89N+OV2a0cJIIV6Yj6uYRvpJ\/koZIUrbt51JZrd1Rhar74cYQaaBzGAn+DGsQdbFOLzVfM2SIetJjpnCmp9tDAT+P3AUOT8a+2x1qHYrWJV66cUqfHGy75VWNVIkNz9iHK8UiCnsR+XUAHqzEOkvv1G7NmwyFagpsXblKhVwol\/C0gXa\/DmaxSG5Bc8aqVb4SBdBaVpNm7mFdPnKo8N5iD8UGRQ2z5zvpo1G99Q62m1KAaZTc\/I="}
00471{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":652708,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABUCtBAACwGzR40CYBEwKgBuHZf3VXR7JmE7e3tNIAYANt+iwAAAQEICoMgQc8i2JegdZYj7iqe2ipfPfAuIk20LujaADegKDpiO67O8kQSkEk="}
@@ -724,8 +724,8 @@
00439{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":688431,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="}
00427{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":688547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"}
01172{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":690049,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJVAABAAEAGDbXAqAG4fNnrtN1Xdl9L2gYj8Yj3voAYECzDmwAAAQEICiLYmHjI+HIBAh8EpBqek9IOd2DX3EmhTksPsRZtaZjiAo+lpZ5W2weEBnKWHQDM\/F9NsadhZ63pl3xv4ocAKVGXjfFUvBKZPAoJmuB\/bOkGr6g3QgsiHYWW4nIgEAe02a0n0ReBDRxbjbJsn3\/YJNkkgYQovoW08TU6AjTqONdN8R+e8gWmUAIK267y0hhxo5hNl0QGN35GVd4Z\/bpKroxasnTUUZkl+ETbpX7go59BNWHxd8NPWnrZJ+n\/GXBxSM9qpg1W0HDKcswUAss3Z9s3Zmd9To9DkN2h1GFu9GTLUSQYf3uSetUMPRbFqweMwBGjDuUi4Bs2ToJeGUmVlej9HFA\/3l3q5JXsKlh4K6nfHNO90M333Z+K4yB+3XT9YlHc5OcItlt8wH7eRX4SnTg00b\/SfR2kVh7mbPca6nP59EM6\/KYDq82eH9brr+HSE3aYrPnJlsNz3XCf51p84McyhI\/wzB1XYQ5\/OfE11+FPNQEsgV8RT0HvxtPReFCXcbYoki0KLc2Jc+xtu0Xe8WkSgyL\/Elm0YYrrnyyUs9qBHeXfFQI+LjwWyGpDChQT1pH5jvSB+daPeHiPVeCqqfF4vEx6qjoI1zDf0TBO6NCaCEmZjr\/fUb00V99k\/SiQMMBt+sNLGDfau+mMq9DQgpnfoJxpuksbI9PhnJUiVAO2nToGCLWxbZsfxwd\/UBJ7++AIcNnzOzewH+pSqVrSWJUwQUBxeLiPNxE="}
-00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_tot_l4_data_len":693,"flow_min_l4_data_len":32,"flow_max_l4_data_len":577,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1578508365300,"flow_last_seen":1578508365690,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":545,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1578508365701,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":701530,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"}
00758{"flow_id":62,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709379,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkIvlAADIGGNFWa\/M+wKgBuHZf3V\/moIw+bH+N8oAYAOsi2wAAAQEIClDMvn8i2JhlsiWpxCVKpZuV98HXaGsGWdACwNWMp23fbiYao02\/V9U+GnM7vrMSRo6kYst9eNmf+N0ZGg\/D7iaBdnPZh1sM3xwK6i+FGvnpd+k8EB+SoEEPH7YxmS\/hnrdLBMIDHE9hEu8Gy1cWHh2elZcgreTdphnoYfu5kimzVmsUGItfWJ0YjwLpSn7qhMmCTQh7Z9lTULxymUAC+XPWvQOw\/c3Cijw6mymkgjCtcKvpI0ddb0PZwgC2ot5od\/bFPuEDBXuHa0WAw5uUJkfU3haWm0QdUn6J3nxQD044wrVPMQgwNpYTanRBjtxtTs0LxAI23dVc"}
00429{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":709477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf46i5qCNLoAQEBnNOwAAAQEICiLYmIlQzL5\/"}
@@ -733,15 +733,15 @@
00713{"flow_id":61,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1508,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":711921,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEacJAADMG+UinVnoywKgBuHZf3V5M8ke0XHG6doAYAOt8gAAAAQEICtN7SK8i2Jhl0GZhOk6I9uZwYf0gw9wiYBe3JEESZOxFY\/m1z0AQEkWN1djYWmJR7+gchVSdPtj3lJioStrlkAlGVVAtuuQvN1PH+x1cLqZzkw13SAwMTVlz+Y95LWy\/sqxH6cHOmCj9Bzj9jlTEhCM0tw+hHhonGMwnpzWUwm0tNXzkxdhOFgOOQpMCt4hQ9Ps7xeqtipIj8Ilc+12YpyvpJMhwLoo4rWR6BlGEWwLOLSEaYvf1tbnNeMkeUdqg3Ib3u4bdVcrRPygFKa2kHy9n4IwdrYPxMQ=="}
00428{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712022,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAQEBqqXQAAAQEICiLYmIzTe0iv"}
00474{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1510,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712179,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGVrvAqAG4p1Z6Mt1edl9ccbsmTPJIhIAYEBof4wAAAQEICiLYmIzTe0iv5NXl\/jx2D\/KlQyWhxFLwE59FuHBoR1OI8ZxPbkmwVYg="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1578508365712,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":712625,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"}
00628{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":736342,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1578508365741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":741903,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"}
00441{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="}
00430{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":742990,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"}
00953{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":744302,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAG62zAqAG4i6L\/0t1gdl\/B\/P6G3qHC44AYECw86AAAAQEICiLYmKvjm6OzAYAENHCOMR2bTGVXFagrrP6AMRRXdSZyFBQAhe3AXn\/UD\/J2TEF5TMmsxTXpzQuKxUYCcseZbnZC7D6Yc0pmv1Z5txsS5jyXOTlSclCVYyVIBajV1cZcoGybREI9eyWxCKDfcsO9EpDw6GRpVfIGrAi41MI08YQYOFMuFmUdaXOwGBBkOvQvbJOv3UZxjQS\/P6iXPviQ2wCJOBH6lnf+MeMPmmbOw4n1EWuUumxXuFgXtnN7JPo4J10B6h1HnLjxJ+MAYbsKuguerCy1rm7lOzRgdXQyni9bdeP8EUKpl4H8KmWSvZ1E4ZMAZvCZjJFrYJgk6YMbmXF85LUKijeeOqXjmuGIYxlJf3w9bU1\/IBF2UUU5GZYAr+LFw4Cg5xPMNPbe9A4xAk2Nc2BzSz5lNbXZzMWV1Yk7u7Cj7i65qKu9UhOe91ZiBrpAvUxkFmrorTb5ItgUfX5XXV7DLSz9jemxfGeSemsc9UWjnmQLsmRO9mOJgas4f9bQq5Co5Ci33t8="}
-00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":32,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1578508365701,"flow_last_seen":1578508365744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00428{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":747172,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0upBAAC0GmsmKS6u+wKgBuHZf3VEGdfqJHq1HsIAQAflmoAAAAQEICqQB\/Bci2Je6"}
01055{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":750221,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"pkt":"KDc3AG3IEBMx8Tl2CABFAAH\/upFAAC0GmP2KS6u+wKgBuHZf3VEGdfqJHq1HsIAYAfkU5AAAAQEICqQB\/Boi2Je6AckE4Q5wGqK1h74bUJm90BoelIadPmz6lhRRewU824Xu8ALgikKOs6+S0ZDdUZKu6qfCHoc3Ef7qREsftoUNOn2oEsib3dwJ2oZWIL8sjJJiY8bRLvatC+D9opwtVKOUAkvECTzF1WiH\/QomgbSwzq6SesHdvzAhAxFfMG6jqjm9lPCrkJsXZ8\/T1AZ+9TOMuZNqkTAoKR3S55AVz5rdnYaQOcq5x1y6WGMGW6\/r3uooSMVJ3Rtz61\/QntbzcXBSmsU40MKRXFgu90UYpAOOFkJbSKCFYMxJniO5dp\/u0i\/8p9k9jLoZihNqWPcMPnq2XJ0aKf9CgG2siqU7ci0huup1kRssf4qqSKhrzSKqRha8eQkpcZXrCPeMOJ7zfaeq0QJ1Lo7jrwZAVjOgAtLP6mx4PsyyZuYMaGebeLIz2p\/GzeDOparKqAGlDOIaaw\/thW4LLeDXg9otlz21J4gRhgO0twBHNNny8h+TX2h3eHfnqsopHIzdWCjlm6AHIHbrHugvtSaLKGqVTBXj\/fxcxnsqoAHY\/pFxsyYoqEEi57TBuVsskqVz\/eibNjtfvHzH0z2DSbjzZOB8GKJGUnAv0vIE5zftB0Cz1BdV"}
00427{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1550,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":750295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUewBnX8VIAQEB1VuAAAAQEICiLYmLCkAfwa"}
@@ -753,16 +753,16 @@
00432{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751135,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA1AABAAEAGQlnAqAG4ikurvt1Rdl8erUfQBnX8lYAYEBssTwAAAQEICiLYmLCkAfwbKQ=="}
00603{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751198,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"EBMx8Tl2KDc3AG3ICABFAACwAABAAEAGQd7AqAG4ikurvt1Rdl8erUfRBnX8lYAYEBv9DQAAAQEICiLYmLCkAfwb977E\/ObWYhuqDmyfPgIPwuTmOBezAwvI5cp\/JEum7h5HFcXkmQuscOgcYwoP3pghW0t+Prm\/B8dpBXtVhybDWgUcizbPQrfaHmSDkR9NePwPwpWQOEuKKTKPp5daoVMw3wihmo6gc+IRk8r8HiVFKnnBeU3eKqpy8c\/xqg=="}
00432{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751220,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGQlfAqAG4ikurvt1Rdl8erUhNBnX8lYAYEBvg0AAAAQEICiLYmLCkAfwbYv8R"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1578508365751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":751805,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"}
00440{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":752998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="}
00428{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":753063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"}
01198{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":754605,"pkt_caplen":633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":633,"pkt_l4_len":599,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJrAABAAEAGlGLAqAG4Ti+Tm91hdl8xKZuZz2MjwoAYECxJTAAAAQEICiLYmLNPJ9\/rAjUEaxC968g2R\/UCKOkAMZOG2GOOWkhEE4hBMPwWXGSryh5laEOY1kWT5ispkEnM\/49AUGIIZuJkqD2akSiX\/XVah9j1CHxvoQXnNWCiYfCGLvgMMQzSq2sHb3uVyYKm6ZIChx3IU71KwVaUjNwWUK5WEKS69CEDFdEB33CJ8ZVANf1A7J2459ZkzZUYmuWuESN6qwVAnAnkW57zzCZJ6tekLSrTgxSufEuRo3rLg6y2SWrXZHsMfm8NWC\/coOdUr+hoUV\/5a6o1UoK9kWAk77KyyfipxirR8r7OAjT3q2Stt\/WbpSPWcYV2qqS9Bm4nw5FL48cIcqcdiLPSIb9dEYxC38Z6TP+rtTho8YMsg5GKttdHQR2UgIeOQIgGdeiEqpNL79eaB95gl4RjhykkyaZTqPIP1c1y7eskq6OXasaM5vYH3ha952yxGXLJ8kk\/2FJx8uYrmBx1LLHCx11u5jQNtKtpl6P3LlY88u9lsBi8XGN9pRwXfdB8uUsqhG6qxr4\/YzujpZDRhIcmXTfuFAoCyZ868l0pneYeWhzm8aVdXGngXPpPjlIlA+fh1Dr\/mlSIjt3dwk7D6Hc0GdedJcfKJqZNzCWgifQSHPMms2eXsh03tI85ZIV0zZZIkF1s1LTorhEXICW6oYC9SAvhr5ELvUJ9Gp\/pI3HsEx1stHXgNgeDS+ZTDCNpCRfRNLsSY6c722ZAI0Q6tM+xt1LeuTTvyJ+2D8LSRE2JV7ipflk\/HQZyYEle"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":32,"flow_max_l4_data_len":599,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_first_seen":1578508365712,"flow_last_seen":1578508365754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00440{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":776923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="}
00427{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":777046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"}
01154{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":778282,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAGLI\/AqAG4I+sl2N1jdl9d8bOcqknE0YAYECw8GwAAAQEICiLYmMk1IQWkAhAE9LX9UDkdTQbLSSKVf\/o+Rbx+cVd78lZfof4WIy1rhMxz3RbpZOK+P94lXMknoMtxJdJQ4A7\/BT3XtB0RN9sUSmjLER26V8aOZ0XKqPmaES\/WPIEFoA6jFEgWSAEtlrcyP2PAwHXqAL3AbQbWGq7PeHB6kv65feTwOi0ydjhJegpyNynyq5tDvSCMsfS2rYkVvUQJGHAU1XK9mqnysHXV8shlebGWRPpI98y1Vxgu0az+7R+egzxR+1BHJN63c+WI9rT8DdcDeJ8KCs1sdnHfcQSyErvf77ZnV\/JsK35u87tFZIhBtc0ha+H7KMsboUnC9ei0iN\/8IUhS5l6devCaEtiowIFyVnWsdGX93DG2McymFU2OUXkEXXRwh3MXWAL1FOfL\/pAsIA1JMiQr\/1EwZ08w6Lj\/yH5r5mTzwJpNcgmyuo44bG5DTYaRB4B9LALur1c8OhYSmtc1hVX8t3t\/iblrMzQiGxF+F\/NAYKQqo\/hrfLdv2S4at4Q1Bcj+GaRaNOwVK2GzfBQ3qBzh0uXtO7lSIzfWd4Ic6VPqTqFQj0\/zWxTGfIn0j3loyEBQRx4YDTqeVkXtu7Is\/9MIlC0FYIpCog73jaUasZzRlH0g\/phdSxjBoehWKT1sYQjp8X9ya0ttTiK9+LoRf4iQjvixkpPAseX9BpmombBDue+eKW\/A5eOEFZroFm1HsfbstLY="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_tot_l4_data_len":678,"flow_min_l4_data_len":32,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":169,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1578508365751,"flow_last_seen":1578508365778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":530,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00628{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":781990,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"}
00428{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":785326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bUpAADIGjaSLov\/SwKgBuHZf3WDeocLjwf0ACIAQAfsspAAAAQEICuObo90i2Jir"}
00919{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":786372,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGYbUtAADIGjD+Lov\/SwKgBuHZf3WDeocLjwf0ACIAYAfuP7gAAAQEICuObo98i2JirAWIEKyQ7BcAfOyYrN7gPqSvnbne1ZAdjaA7FHyazUIU+faeI7qWkewj+qXxZOJ9iPet+u0+XUOEkGF\/vTBzVaFrHnRPwwRLB6YfWcwrqgpWcyAph9VdH0KpBygaJLTimCpE\/xHgFEXbI0\/164yhOd2npMJGBXzBm+sK7bQZEZSd0lZiaQKT6gQ4gKygTWWyZQb+hFNGP+NY4TO5Bd5iKAwS2l1V\/zlX1Mxe84dAl3uSmUTU5eW+3zayW81o08lvMYblEUMOE5q2hJevddzzCpAKCbBplbMzf\/gCaiRvO14LX\/AQItUYJm6F3jCUsVIS\/pN+i3N011o5qDFyGswU7HNpxmpLySU62Wba8t\/hRm\/zC9D+0f6IHuxoEUgmzXIxuiUiywOheoU84Detr5vLBcJdDiBHnbioLF\/FsOXB0Cu\/\/MFquv10zNTKL3yMEpz1vxIzYZmMHT+P8qhJmJmORkqjd1B0="}
@@ -788,12 +788,12 @@
00439{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":813172,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="}
00427{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":813279,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"}
01172{"flow_id":65,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":814591,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJXAABAAEAG4FrAqAG4XkQ3ot1idl9YCAH0m6Jh0oAYECwXFAAAAQEICiLYmOhpF+qfAiEE37iLH4Byz5aoVSIRnj\/Qz4MQ9XDR0JF7ApiVzj4ntUnldVXSA4CHeCHd1\/eXkzJccAECqPGKuRQf+rvknIMC\/OtOHBpZCHgdYlh9xfWnJAocRvLEeyW1dproXyl1uvktLucffIdsaa6c2BS4MJCqbTvploXJIsmsceqMipXJUBjWV2VPKdFwMlXfmZKFa6ozHzQWxB+03uQQjwg6EOMavhW8dIPCLc6Tve+wDEsYuXE+toFcJ5mRy97txst\/YhfbJ0JxnhBR3cO\/U15XLrxW1t\/hwZJHJ3LnmJC7I2qsvs3CeFRF71d7Gk1mWoQjydgaczYOZzUBGWMkbo3Vl+DaP5LXHfZZXLYQTaJeBbzOAoGzGm7Lpw0IM1HKyZCRoEZrj7m5bK9AMdgjFnchyiocKfXHcusfs2YQjxWurgaSwEQKFs8T1+3dh+B3oSs8z\/aefWfCbqvwGEibR+7PIAQxZ02KE7954qZAL3mwaPBKfTB3pqiJ8OD59Xx6VcaQParzV50QhNAvZWDrV9Ucawysj+mArBGtpIGa4WspYliUgEOp71y+8bBYopILao4xL16IC1QXd+DAYWY+8iBI2yhSdXEkJrsWtYScV\/EbjYLXSddQ7GAMuZNR54+1d+\/8X2d8i78texnyACB+jGphwMoXatKNJL7gfFnqvN\/CPZi9bvy5kEbRdr0KrRSqX5ZJ8v770NGtGVtZGzmnt7NFMU40Yg=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_tot_l4_data_len":695,"flow_min_l4_data_len":32,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_first_seen":1578508365741,"flow_last_seen":1578508365814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00628{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":818517,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHexAAAEARgjvAqAG4Etunn3Zfdl8As7I6jzNiPJIVM3tcF4QguFz6RQGGDso0T\/4eOeRfeMWf4oyQ0IEszB80EYqWvZ5Dhv0d0QTf1b4I2pLi4d6Z91CPKy22KMZLr0TQSl9sdxLmB2kXyrRTAu4NovLwLl22EUUjAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBh"}
00714{"flow_id":66,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827688,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEZFdAADsGznkj6yXYwKgBuHZf3WOqScYzXfG1roAYAfkJoAAAAQEICjUhBdgi2JjesSAHdzO5xunIQpnmN9FX6FS+6+b+rlWAitKZqUsN4JlydDNh8mjvrOyihrLOXJTVyZdVGQVit5m7jfF9BmqEeWNzhIvRflyWm\/7rbphV1TB5YWg8EYXCYgXZjCll5Gpz80Qig1n\/Rrb7wvvj2u967cbqB6Ft0QD6UJ40QYYPNqui6TpHdf1eozH\/E1Yn4adzsVtU5tcU+qCS92tdcfxlyUViHe73BxjKps79HdJ2C8FnJ9y7CJbKLMAda6BPUcVByhJgxZhvbPLj9qCx9aOCRA=="}
00428{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bZeqknHA4AQEBqKWQAAAQEICiLYmPQ1IQXY"}
00473{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":827902,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGLoHAqAG4I+sl2N1jdl9d8bZeqknHA4AYEBqCzwAAAQEICiLYmPQ1IQXYxmUj79op++5WJO44HUqPuDNYLWB9AuJOPqqc\/gMDtt4="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1578508365828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":828265,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"}
00428{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":837105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0q5tAACsGiei2oqE9wKgBuHZf3Ueh\/8nVB33+UYAQAHo91wAAAQEICjwSYk8i2Jem"}
01092{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1680,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":838947,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIcq5xAACsGh\/+2oqE9wKgBuHZf3Ueh\/8nVB33+UYAYAHpECQAAAQEICjwSYlEi2JemAeYEOFCoDomJpGLeDJQ7AD4gQWAw\/fExrgJLefLaC9Xp4QZKgPOYtoYKSLvC2B0a614x6+NWZNtV6HiBjdMsZDbdolHQ7JzELC37ylnG635DqDVSgHSvy3lh2NfoniEZfAfH0cEIiUWbe3mPyTPe6vTdxkhO4RfsSeCl\/Iuv0aPuaOjPapzEKrdgIX97jXJ7VdfIECX4djICMGTBhet8wSyTQzA6hSIiU5n+3hFHmS4KopsAX3K3nhQBVScbt+VlKCGzYcIM94qH20W4U5\/bSAv22yO5EZSl9L2SBS1fUPL+EHCWZd5y0xwwjB6fGQ57Pqq\/QaZo5vt+RxCYfTtCT+rgwHESoJSbydmutp839nAHLxFv8U\/sulhVQGHtPDKKGWpvluVQvKv8yffG6WmH083mBF6i\/TvfA1Ai8ObQP7DDyGRPV4A9tvK927LKkSq3Fy6Q+WMHRlkmJiKtSH0ePIcOW19v9o7oR\/EBj4+UAzku5MRdXcJ3EJEnyVDe1T1h6AOYr2KqlQUrTNUgPVr9WpA7AsJCBDGWItCB0o3cOywzU6MfqSdN4cAUlYvuBuffQ4gLyo\/Wr32TQhogtgqsZ1ASnhilAwuU68iuHCPoS4jRbh1o6TuKRrtjI7CjSC75sywdKhLgC24="}
@@ -806,9 +806,9 @@
00451{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839812,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2KDc3AG3ICABFAABBAABAAEAGIHfAqAG4tqKhPd1Hdl8Hff5xof\/LvbAYEBygxQAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+eA=="}
00622{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1688,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839868,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"EBMx8Tl2KDc3AG3ICABFAAC8AABAAEAGH\/zAqAG4tqKhPd1Hdl8Hff5yof\/LvbAYEByf\/QAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+htnM9YjeCBpeUlMdaGr6u0okHbghKJ5iKuG51mCVFuMQDYcMIeM2B3nAaB6iRiZuIcnO\/vYn3SJ3jO3zGU0sB0k4gNoAfMCVJUpE5SiBRxJHYfHz6RHc8ehuJQ7gaqA+Vx+Z9SWjcFEMdNLt\/KKwarHUTmi9+rCEAZt8oA=="}
00451{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1689,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":839890,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"EBMx8Tl2KDc3AG3ICABFAABDAABAAEAGIHXAqAG4tqKhPd1Hdl8Hff7uof\/LvbAYEBxHrgAAAQEICiLYmP88EmJRAQEFCqH\/y+2h\/8v+G5i1"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1578508365846,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":846680,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1578508365852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":852452,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"}
00420{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":881659,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEm9AADQGZggj5egTwKgBuHZf3VbzHyaN6OsKtlAQAOd\/jwAAAAAAAAAA"}
01000{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":883657,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHZEnBAADQGZFYj5egTwKgBuHZf3VbzHyaN6OsKtlAYAOeH\/wAAAa8EmQomFbi70KhC3XxE72DxBvD9p5iLXoswYW6\/gAhAtcBPdy2IF4g6Zsq5L6mQY1FFDy9F6hOmLuhrR0m1YC9bU6dTqjuLL2diEP92tYsMIrcMmOhv8kWba3QViUQKRuxX0IClDzcDI3xHcm1ntJ8uOsPuOF7huyMD8urSQEnC7vb7AuArLdhIhwaVFvKSE3pYDW43iQm8hmM+xEqITniENZtEQMMAmoRwZwcStvSG97fzWbjIG36BdoGU+IpEHCoOJxR3Y4j4RDxqPo59MtZWDy8AYJks3tkaucKHsJshQsMnyYdtLPVGI\/sR2jxV3+deLU+5QQ92are4rPfF+ZVa2vfdzFpjY7Iuq1MkKIkebUBcatJYe3q\/PvAKwfKCxCzRNRWB9ntGSR8wu0QeNeIenGMExE4V2FmxPxXRzaRmHYpEhIrXz6ppvQ7wtTTufbdh+bi1s01fgpRYVksPNqakCjEoiT1qGjol4PpRaJlQOJQjf2DZTcHYLuRtLhaFTkJ+inH0azYx8Y5tTnN+XI3D8kJ8RSUWNU4GKv\/+B9nt1rWrdutj6m6j\/iOnVThJZA=="}
@@ -821,7 +821,7 @@
00414{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1732,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884334,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oYVAQH\/5epAAA"}
00432{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1733,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884440,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA1EnRAADQGZfYj5egTwKgBuHZf3VbzHyhh6OsKtlAYAOcChwAAPNB3aYtxQoCP62kIAA=="}
00414{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1734,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":884469,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wq28x8oblAQH\/5elwAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1578508365885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":885366,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2crAqAG4z7TO2N1pdl+dzwtmAAAAALAC\/\/8dEQAAAgQFtAEDAwUBAQgKItiZJwAAAAAEAgAA"}
00427{"flow_id":65,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":888301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TipAADEGo1NeRDeiwKgBuHZf3WKbomHSWAgEF4AQAOtgdQAAAQEICmkX6uci2Jjo"}
01114{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1752,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":889284,"pkt_caplen":570,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":570,"pkt_l4_len":536,"pkt":"KDc3AG3IEBMx8Tl2CABFAAIsTitAADEGoVpeRDeiwKgBuHZf3WKbomHSWAgEF4AYAOsCFwAAAQEICmkX6ugi2JjoAfYEfPh5MrmObWsuLcvqinChq5GezjbAjlW0JZ27Go0F7k3xuihDSFEU0yi2f5uu7VSsIa9gYq0vfpLLYg+8a7mnqYafh2s6S7p2xg6Mtjlskj6mN+Rz68sJHZN2s6w9KGc7y4JA+jMwLBLYs8\/7FGRICdElFj6R1I1vUUWgk1KChmZhc6oJJ3aZ9wSqIxUqhUAWDqLaHkpUHIYz8caq7+Qf4RM\/Ife5u2GgEt9h6n87CaTIYjZ1icZ4+LFwI8\/6rhZ6ePhM\/pfiOVr+0b22J2AGqnHinspoEPF5Ri4drhFdX\/esUUM2PA936wbK8AtKEH34droaY9VEuXJPqnQca+sEMUZk8I0exXK19e4YnWJoF0TX\/RZyB\/HAKtcB10UdrcDPdxtbLCgOAEQ\/WB8yMfsLHsqWNnxQiMOwJJi3DLOzxI27vsPDOkraVydyNxjDxi15cxb65bqHOnEdjoIWTE+dOu79thyGowh11y7AiwE9cCMWbI4IWHtt\/c3ZpEwukSPjTbUm92e8ceA0\/sHG\/xLh5qGMKZBTt3CIiaqp2BpgyMIKHhsl4HMIgXKa\/EBOOSpa0uuKUTjfSj2Koe9PjHUD4d1VBWtDh03833QakssG6c1qooHrAG1RJCUap1uJSFAsVA9WAlXNNEBQHhGq80xRFlp9wXrj"}
@@ -838,14 +838,14 @@
00441{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":903324,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="}
00427{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":903403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"}
00953{"flow_id":68,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":904731,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGtMnAqAG4I+SeNN1ndl9FuX9bssfB+IAYECwuKgAAAQEICiLYmTmAlezxAYAEAI1WBIPOD+hvKzPihfgTsOhWByW+C6Yhi3aeyyxqusCgQH9q37FRiEsngnOCMI7rJEwEPvgUNolGAytmmnyJRsIzn8vdMIkApueE7gMLi1YpwTjQaWrs+8xiJzorrCETkzisBPhidyCcKQ8Kr7fMnn0S3bt2fTuis2U17aEnv4rA7qNEJ8\/qQ5MkfWeXh5GUk7QhxTxf6VWzZJ9gCVFp1hgqpFInxoD2RNquVcofYzLkoB5d9NYmXmMCB\/qQogZwzumq7QPVd1imlhdTGHBWnP7S8KIIuUh8Qbp8ZLK2AYPjY11xLDym9J5RNBVK8mtNpRXDXJTPh+QjbCzaLb0dMDVQlgD9QBs\/WLOKpoOvhBwf3GhqdniMnF2B\/RZcNkHU\/1mz6h1baVoqZvvLDXKFuU4QXpkwBNr+0pNztLGHhSmPsjE71AWc7lo\/1OrevhLNW+p2gRC9\/GtyljgFr98tzwExGKsXkY2VdoZiaj0TAL+A8kThPoEqTVMfwZ8EVYI="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_tot_l4_data_len":534,"flow_min_l4_data_len":32,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_first_seen":1578508365846,"flow_last_seen":1578508365904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":919739,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1578508365919,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00439{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":925923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="}
00427{"flow_id":70,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":926010,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"}
01115{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":927412,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIqAABAAEAG1+DAqAG4z7TO2N1pdl+dzwtnJw8AtoAYECz3aAAAAQEICiLYmU1cfI6dAfQEOtheYzZ3ToHpdnjPq+WTlV2N5YhX4HNfpe1NKrOUZnLF1eT\/PeeoMMIkKh\/DkVHT5erq5iLxOcqC8dq2P9yyBVP9NLipJL+0WTRaDCfOFiHp6eQuX4fc\/C1mgNozcW7bne9FJjl4PMHYYsSA\/cfk1Po4ifI83DgcIadRba3\/Lpfh5z5yYHFNZEPI6DvXWQgpBAp9MWZRHnK2h7WjiD8wEOe0ez0HD4JoWp4BbpZF8LYgL+gBjgp8rckk6fDFLIv3cC+uMNaFnCpqhBSZxmJH2km2+BJaGY+UdVvSlXi0QiW+WPWdZRcj6\/HDQ+zbwJU+0pKdv4YBHcLU\/VxaaVCQJHVrxSqBXdw01gj0Fp50lJVJ476zGKf92Kf8jOUW82E8kedUehXGuJZQ47uAEanwY6caqald0YLfNWDjPm3lcpaCUMfI\/8u7BO6+\/8zCh7WVaZ28LT8I1ki9SGCivJoHRgKXEqq+ENPd3dhz\/saYb51gTVsfgiuDB5cF02dKphNqRedTZtbSueN\/+dPjnDlI3fDrLr0zByX8auwNsXlmkWzsTEMlwd\/or+AvjTG8hkunghjoOmGqza5uwUKQUntCo9BS+5Tk10Nb6kYc7gwSsd\/9zPpGEYJ7vw4Rv96NsaInOoafZRNhi0su2r64NPkrkLStyQ=="}
-00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_tot_l4_data_len":650,"flow_min_l4_data_len":32,"flow_max_l4_data_len":534,"flow_avg_l4_data_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_first_seen":1578508365885,"flow_last_seen":1578508365927,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
01839{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":942163,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9mydAACMRO64S26efwKgBuHZfdl8EKYZTXl9nR0bCigsYkwIouquQyc3+AofEtLxBt97YcJjIhIQOQzvpw7JSwTRVmtMyVvNUwbk8AzsQ3J0Q8IuRnoqtSTMHQWtczvdT5CiWh8Il1YF8Oo+DZ3rLImUzPg567\/HAAQT5A7z5A7T4TYQx94sMgnfKgnfKuEAldMvpilMmmsXOb0UiK\/pXcEX9wLnsvFxN8YoJD+fRgLlvBTTnnertwVO7jqz2nnkV5grBGTxPtpFPqZtvXv79+E2EM1PtLIJ2X4J2X7hASKAqA2BKTdiaCPOcmghiOUqLTmhIU\/iFN0FzORI9QqL\/ASydUi62EHwXTzA\/fp65KG0mifkavhHHMz9\/Mj5oT\/hNhFhjXduCdl+Cdl+4QMfTD069OG9K65Uq2FO30zDLaxIQfh9M3JMigsMMVxWs93PhZyVAUKIF8OllHyKtZ6JDfb2n6\/3Zd33I7Ue6EOT4TYTOvWsjgnZfgnZfuECMwlbkxKXdVRuNzPxOBmCH\/d6gKK0jTWuF6N7RXiQtBDknmQpQqFixyQ8vWuWWmQbbID+2TmbfmTeVdesiv2ys+E2EiPRn+YJ3yoJ3yrhAnBJYZrwVS6WL8YPbZVm5Hvr5wD16ulrvhVmO\/md71STVG46jVUdnKMefuDHCWyWOKYjnoTE+AToblCDJhIBdAfhNhE4vk5uCdl+Cdl+4QGOPEJSx+\/AwdHFMTlis\/v4hIK5ESY9sqvOOhpuoig0RTP9hGcBXbDqTjsNmMoiSwIwPlu3zy6eGfQSwtin9LNf4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2En0FGdYJ2XYJ2XbhAHyheJE13j6VRmDRu4fEmJC84AjXDdidjXm+UkegBH2Pesl26jJ4VetGifnXfNc9Um70sLhA4A0Nb+xgd8yykgPhNhDTW47uCdl2Cdl24QEEhpAYNBSJLHygnprVib9JuD7\/j4GV8dQW0sc+sa5VdmfAlgKVT5PqKKl5X+Oq80\/KZEmlO0DJGsV6rd66IOSj4TYSVOPCZgn4vgn4vuEBAXa3H9lkmL\/cI+T56li9\/a\/8fcuwqLHFKohKlOHbQerBqUu81nyVV4pg99cRR1\/tRUSx3ITG+w5bqki\/bwlhF+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhLlFaHqCdmGCdmG4QPlZR+AY\/WWyOFBfHYsE0NSSfqb3BulToEx6P+biNu\/IDgwANxeAv\/UuIgLLd9bJXAyFKqlCUB2gYwf\/1HIjo6GEXhYgYQ=="}
00976{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1779,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":942196,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFmyhAACMRPiUS26efwKgBuHZfdl8BsUOp1uvul5h3yP1+blVtAfMQbNxR28H+fcm6RpfgKuMuvbzkFLfpL84iIRZj\/Onq7iQP0Ckcfw9BNQP+F5mzam7gIh7ykP8ukizRNryNjdFnk4oFCnTmet3\/DXM+QE35816JAQT5AUT5ATz4TYTPtNC5gnZfgnZfuECGNEfubTO5SeBErTUqmVt5so9Zgd6EYO6ylOwljlCQBmkGlzohTkRpuVGHRqnv0LYVWbwPs3oeiiRudzIU\/qX1+E2EI+SeNIJ2X4J2X7hAV4A+3JOM1sCZmzEn5hJK0x9Sm2mL4KT0K1aWj8WeSai3nPOGDjBh5uMRqogMw00qBit5PBP6jpfh65yUjNwoFPhNhLkZzNGCb\/GCb\/G4QFrXd\/U94Bj6lef5AMbYfa9GdtSMAtzjvIozUMZotoIFcCaoNltPM19KoYFMBU8UWewm2cIULQW\/TDRsghGZ1an4TYQS6PSJgnZfgnZfuEBlPSPX8lLcU2iUNM0ydJ\/NQH2W3\/cg3hYOddSURBRT8m5e5b3cJ\/Es6rWn9ugiqojj4rdcFXfRNFBz+yGqrzgKhF4WIGE="}
00595{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508365,"pkt_ts_usec":951357,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"}
@@ -868,12 +868,12 @@
00712{"flow_id":70,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4677,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEEojVAADMGQ9HPtM7YwKgBuHZf3WknDwH0nc8NXYAYAOvksQAAAQEIClx8jusi2Jly28iJfqlnMu83LDC0xfM0r0E5TfT75slEXNEgJtxw1Uh1n1c6RZA0jKvLXongUZeEzF1o+6qT8VGaLqdNX0XHczpZi\/6FmmSm2rKhKy75HrF6fiuwMO85wHyVZ84xLnyt3JBC7I\/KTgittaNvVG4UACTsfigRc86McQ+KCKyIUyrK74yEU1iFP8wyLKgfocUfkq\/7Hvaj0xLc6aZwUbnRdEQatoYHlWB8VjwawanY1hqJT5m79uBHezOp42ATeQPGjU++4M3MyksCxtsjgS6xfw=="}
00426{"flow_id":70,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1826,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4708,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ojZAADMGRKDPtM7YwKgBuHZf3WknDwLEnc8NfoAQAOtERgAAAQEIClx8juwi2Jlz"}
00426{"flow_id":70,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1827,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":4779,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzw4NJw8CxIAQEBs0ZAAAAQEICiLYmZdcfI7r"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1578508366005,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":5550,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"}
00712{"flow_id":68,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19399,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEElshAADUGKbMj5J40wKgBuHZf3Weyx8NqRbmA3YAYAfu5ZwAAAQEICoCV7WYi2Jlw\/VchYp9WnJ3+zFkHxCjUeSKKubwsCzHL8F3dpFfOBNfc1Ru8d+rMRG0ACVM7R1aP0Gloz4D2ImwPGrOpgt0zMlapCRo9ZRaZwSOxFvB8eNy2LSd8kKTMGqh12atHZD5B3DUxSi8J0YaA2ELuoQ1aoKH0GJe+pHOdo+BX28euGlBhzdLprYhTDnJtBBdM7lhPLxIaWTScqzqpqavJcB8EkKzLl+\/jsfVtsUmAzsLvMxRboV5sZPMkADF2JBssusdztVyBiuAhngXx6XyXilkCRQ=="}
00427{"flow_id":68,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19476,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuYGNssfEOoAQEBklogAAAQEICiLYmaSAle1m"}
00471{"flow_id":68,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":19814,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGtivAqAG4I+SeNN1ndl9FuYGNssfEOoAYEBmgbwAAAQEICiLYmaSAle1mKsWiTIXS5Mc5RUOD6OkYbREkfBTkkeSNB0THQamLANU="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1578508366020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":20357,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"}
00444{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":29471,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"}
00751{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":40439,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEkMZJAAC4GdhdOL5ObwKgBuHZf3WHPYyUdMSmd0IAYAOwP5AAAAQEICk8n4Qoi2Jiz+WuEmVeTussSRtxNbHdPT1uknZCO3iddAUlEGG7lnqrwBDdgCsFPrF1yK6ImtV01Mnntqk3rvSImsW63OFSPlrCmXlcGRTibgtIkW4MDAJ\/AskVpKnUkjiuqdygkabvXTvkGzMSN1Eh8OFn9iB40+j0XyeJH1kkHBTI6eXW+6BehVc8YcucnQzoL5CQztC\/0koPs+Yk8vxJhNzXXV5aGmau3sxddLaJmY9GhZD8VIdI2h1IErpT6WMvnh8eCeOKCPxhisAX1TQiJjBTFThGrygeqLrUdvV9y1dwohRW8iWuHHiTfXIExtJCa6VnA0ZYM"}
@@ -881,15 +881,15 @@
00438{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":47911,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="}
00426{"flow_id":72,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":48028,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"}
01196{"flow_id":72,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":49271,"pkt_caplen":627,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":627,"pkt_l4_len":593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJlAABAAEAGVbPAqAG4M1PtLN1sdl8dp4x3z94FhoAYECzkGQAAAQEICiLYmb5pVMVvAi8E\/d9Shp1Wof8nVfGKSM7RJvZNnmo9Ga6lzZbYzi6xSLj4mEhy87UBYqhItSXH4wiYhdnDEJxLeAeplMjCZwQTwUI8r\/mqMtilbtgqJT7FHqn0KzlloleWAbZcf6RlrFtZ+F8jJ7d3e\/qZCiSBcMfqrrKnpnfxc6PIgqW5xYAYLK9yKcvSLAthK38BCICCNxyBBw7u9bug3ilfal21loP8Z1nrYKE95xWUGXfm5fAO+XMs4jFhl3lCjbaO4X7O\/JRozVxKZzbQbET0htqvSmBtotzO3mbtHUrxkXocnjFFfRVAvVFQkIv0y2lSmDhN2\/kaxj\/C9pgnKUdG9kNfypLyW1MZftVLhrXhB9NbB+8rz2h\/\/8pPaj6K1fgAlnijKLWFb1uatTe5sSuE5gwtbVsLNBM8LabHDjVaIM0\/kYnHq5r+3\/aXBoTt8dX\/gq1i3sQtVBYZmFfJqH\/SkNEzGdUjeFFGAv7VDOYmrElKcwUexLIhXyJFoioI4\/cRNch1Va2\/IlEtxbqmlzxSxGwCLmkvpyRDYfxTKPC5NyhDapWoF1kUdBp+nzPdGgI26LRewDIJuRJhKJEardu5IggSLJb5AkveE\/UbFjmbKj\/XiD2mL\/0Ba3t9izaWL9PFZQRtpRodbjv22\/8K4lmJ2HjJFnn2txGVtr0rMlkpzMuQYvRt3qcLcpw57AfIeEvnEdP+VwFcYzFTY77NGn7Bk4C7pH0Cb5Yui+\/0U8zszRFnU4LK"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_tot_l4_data_len":709,"flow_min_l4_data_len":32,"flow_max_l4_data_len":593,"flow_avg_l4_data_len":177,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_first_seen":1578508366005,"flow_last_seen":1578508366049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":561,"flow_avg_l4_payload_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":53699,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="}
00427{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":53757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"}
01036{"flow_id":69,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":55031,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHzAABAAEAG2y\/AqAG4ijsROt1odl\/ttHvcdXFX84AYECxJRgAAAQEICiLYmcPYuYPhAb0EyFeCRkVW7xKjMJnkKdVN4VmEcRbZb6qac5GzUua9GdONKNMWjh5cdEV09YLTutDtYHGQDnHn76SSjHS+061NKkbohQJuV4I7kbzXsKd9Qa09IaHs8Z1\/2SlmEx9qpaxj3x\/puNCp2K1CS8MsEj1RFk8Yb0eFQtqjhLs\/FkKfwZMK9rGGqe68FOs1s1zkpiD9Vgj13\/IcntW99pt9wSexahGzJJOLD3TAKDPUeMdUj7rBi7b06Y3buzihLZVOQoWjabiMbAWHJOTcdZSv9xrxMq2SPwwKaV98\/x3+del4d1nHrx3tECAvBcIjIRX7\/ugU0u5dNNbrVfIvbOZrn0RgEVow8X\/LFaRlKusezAac574M4r9vaUCFW7kzUXZbLakP+KO3M3u6l9TNDc\/mjr+am0Hz49uo+hCGmj0lwjeEbB4DRzQI61poEZ9UBxyJyci5GsyZILcbb9e4tercN8jUjknNWYi\/WR0W8WZFZZMHMO5FCPUc467eAS+fok+tU5bA5OUk4xPuV9XutmdmDJuBWsXnaeelN5b5MWxerAH7MBBMBgR2RSH7aWdbn3cuC8hFs1vuMnNnJoxNFHd8"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":32,"flow_max_l4_data_len":479,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00438{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":58177,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="}
00426{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":58290,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"}
01215{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":59449,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ4AABAAEAGv+HAqAG4WGNd291tdl+CSdQdZDKVsIAYECxi5gAAAQEICiLYmcdXTVsMAkIEkU6nNDsxTimm1+lLIM9VAtDD96FWduAKv2o7tn9pg5MVAkOlOVQb\/Xnad7N8GyCEZIAprkWLu5XsJegMQIC8fkIR9S38ycW0YYnM\/im4zvuKRhf\/c3huXgugQKX39sJV\/7Ha9xRxYzIlvSSFLsDo\/6Qn4IO++AZaabw4aKrdnQ0WMQhOnXE5cJMAPFZxbbfL8IxuO7Dz1K0i5h5bkCeK9+\/Gt3b\/VyW8c5Zhh0UkXEzpp89UPtnGpJQXAG9IqEnLXUSMD1LpV66H4a8Qc6nvfeq5vU\/xZjZAyzvEW1q5ILYGeQvc8GMntYiEgfDfED8vvMAUPdnXeTbHW1HeANMbiHXCbZhK2+gXVzpSgv74B9pnRDZnlgnutHC\/8XPbTHEZuJkR5UGgSYC46E5rszgjczIZo4pVPtCYlNkNRpKDzCOJl6sqAvlw1xq0rBJa3A1x0jnRfsq+lQgOvj3G7eSUdu7jVUEamyfkInFJZhPtc0zm5EESxm7D3cqablMR9oTI9Ezj5XKyHFmra0B9wQjEz38HdfaUDzTs8DHGPSK34n5+cl\/xlQVz4N1xqA5D8lqHtrp2yCCYjg+3V++Er7SZLvHCRxmWZYVG0WQp905J7e9aoBpaRRifRIpj8LjvV3Qav5XZ11iUErkIqvJdI3buKkfz6f42KqHb8SZRPPn2hi6vy+yjx+0yZFXPpsmgIUkO9lHJxTj+R38BFIe5uM7xzCcSI6M89NfNaAOg1fZ5DfyPg+0xi9rbBtRivyHaZkRfPw=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":612,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_first_seen":1578508366020,"flow_last_seen":1578508366059,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00426{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66179,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0RYJAACwG3kt82eu0wKgBuHZf3VfxiPe+S9oIRIAQAOvB9QAAAQEICsj4c4ci2Jh4"}
00929{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66535,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGk1PdAACcG1CHKcBxqwKgBuHZf3U9YWyafOLFiFIAYAHZg7wAAAQEICicf8lQi2JhAAW4Eb4tJ4G0jm2w2X\/dME5pw7vBa9j9ujIWIKs1wYP1tPpT\/JMFATlW0qVpxMkCH9duymFjwMU5KrD3BPQhTeMFKe4hWJT3IWd5JIGgm1wRv\/epylyFqqL1ZQXmZ8+FAUctl9hZ45+DUgNYu5jDw5TE6BWg+pTb4WO9NaRwmsqvxFJkrOzTQY7RUkqeLF11yrrhmQAOk671BkBostX733SY03j5J2I89zTwy7rzP+VfVAcLjaiLu1ZCSAja37gScTIARq\/8Hi95BT9wkXsvyjDE0qz+A\/HG6CSCINuBOFCNSm+3F0L4nSkQyzhCUQvPPJGb9DRx1OV2POt4AnXmOmldfV9VssdrXMg2KbqMmmjuooxPlh5iubQXg9nnuNkC3jPI8Y3bw9bHW6SKs5FKUJ0s1h8NIvL0Jm4chNTujBy02Lz0x3JZXPgIJJJe\/4xdGFMyFazMdL5Y\/H0rbFz0t4fZ1B7x8A87E7XEr\/L5Ldp4="}
00427{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":66650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWIUWFsoD4AQECB4aQAAAQEICiLYmc0nH\/JU"}
@@ -912,7 +912,7 @@
00431{"flow_id":57,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71354,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA3AABAAEAGD9PAqAG4fNnrtN1Xdl9L2gjh8Yj5JoAYECDQSAAAAQEICiLYmdHI+HOMxwkY"}
00451{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":71381,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEAABAAEAGD8bAqAG4fNnrtN1Xdl9L2gjk8Yj5JoAYECA17gAAAQEICiLYmdHI+HOMGATc1lZhbFAlvJTq3pUoiw=="}
00471{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73178,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"KDc3AG3IEBMx8Tl2CABFCABURYVAACwG3ih82eu0wKgBuHZf3VfxiPkmS9oIRIAZAOujxwAAAQEICsj4c4wi2Jh4rr7DuxmIwtJpSsrQz7Sxem3AKUGCV5rPSZt7ukB2XoM="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1578508366073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":73881,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGPnfAqAG4zr1rI91udl8AOSk+AAAAALAC\/\/8AywAAAgQFtAEDAwUBAQgKItiZ0wAAAAAEAgAA"}
00900{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81054,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGPMZNAAC4GdatOL5ObwKgBuHZf3WHPYyPCMSmd0IAYAOyIdgAAAQEICk8n4TMi2Jm2AVkEJZ5cU9MDJlBNDXIXztcPdOBLHNvcRoMXO83z53y6EuOfQkNEaKSu\/v3bFSWa7m2knZBnXbPEG8LEd7zNzLvq0HuwDTEJvABQSpScSTfbunVx+nesDScVTsThcpgMBRsm\/08NVVKIMPuc2AKyxl669J8d3GEVarD8GV\/EIyM9ZLqOa6j8ekumxdegV\/\/6qklVQSG4bNSUMxfvcWSgwTfFLd2HaDulqveu5BLerLUV88uiiA3nrG+sP4JoJ2uQ36SChibpDPJ1lrBC0ph0F6YhErOQMvl6dV58POnN8fRemxFRZwJjMHBNJd64lHI6go8F15WqN8dzJXcZzo35VrJ8t\/BChothVgx0RjzsDg4tEqHlAb1N0FiPcY8b4VfHYiCdDuWGGnUD+6IxNFpsLDw2R3DhsU4MWB17W375bxlkAwsDtIh5jzF0T3lPmEUNSkfiKcoj0WD8\/Pg="}
00426{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":81149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZ3Qz2MmDYAQEBm9QAAAAQEICiLYmdlPJ+Ez"}
@@ -925,7 +925,7 @@
00453{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":82057,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEAABAAEAGlonAqAG4Ti+Tm91hdl8xKZ5wz2MmDYAYEBlMBgAAAQEICiLYmdlPJ+Ezk5AMYSvFtw\/6\/LNCBCQ7WA=="}
00472{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":82417,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGlnnAqAG4Ti+Tm91hdl8xKZ6Az2MmDYAYEBm91QAAAQEICiLYmdpPJ+EzUEeyoazh7D7PL19FH7tlm\/ENzOokkNHBRSNeZo6HyGA="}
00978{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":83506,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHIAABAAEAGWg7AqAG4DfsOx91mdl9PCwRidy3gf4AYECz5oAAAAQEICiLYmdsTnX6eAZIEFrCo0N0ttqxpYaQ6\/DDzSswuwkgUgdNkL3WZM1v1fyZ2Ylb0NhLSoQBhonZfsRcPAuF\/WO+nwsCvfGQeXaGMXAMSJ7v0OK8rWtUAPR\/+qKg\/XDdHLSziLdfWzAHrSQazvItj3Lw3XRQytKVnPvrtJorfzhpqvmlk3d37bBGJ23mvRwVp6tPmv1ESOYsCymML4zMT1t025sBho2nQSsaSJ4ZnhF0vk41IwL32D5dq21fVy5+y1NCcpufvNBWXe2eG07dRg8loNL6osx09j8oPyPKWdkxz7f\/DS6IBNmlc912u9lmrDEBrovoPr+LTCo8NesjjPWN0GGyRe3fwZ4NJTeCiNRLC8wl+lpmnFnS\/\/w+3lom\/uRfaeuXXdvZmEq8WiM6jvqdvu+VG1DiPSG4DrK31EcD8gbYHKYXiSBoMYQDJ\/z4TrLKf4Ij6fWuNND3e3uJqm4GTASLM2T5zBmJCMa1h0RvyDJ6RKhfmsA4tFXWF4FD7J9ZVLqqtXan1mlOvoM8do0UUOv6GHD3Zlxjl0SY="}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Mining"}}
00427{"flow_id":72,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":90791,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0\/xlAAC4GasozU+0swKgBuHZf3WzP3gWGHaeOqIAQAOzR6gAAAQEICmlUxZoi2Jm+"}
00927{"flow_id":72,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":92320,"pkt_caplen":432,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":432,"pkt_l4_len":398,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGi\/xpAAC4GaVszU+0swKgBuHZf3WzP3gWGHaeOqIAYAOytOQAAAQEICmlUxZsi2Jm+AWwEWjjva5QWmp3vGWesR7IRqIsE5fQYHzAEbOCBJchDIemq1HWu1HB6VIM5Hp\/KJ9QlOqR4W7jVPsaowfNnsBvJtTZG460snQaRFqBAd3CcoV8yXpX2QNS4U\/iPIOrzMvsNkFLBsirknEgh4rjazC6U742VFERXAwxELeBUAe05Iz5hYHrGjQ5mOrpvV\/1haMWqbjQNmLeMHneQefia4uaygz\/+2vRiTzWPLwgat+DekWQunRH1ka4+d+horKwAjbDStF0JjlxmUJZgk45xS+\/XJtM+695bO6nXGR6OFLrowCm9Kl+Xe1oEpSs2OO\/SM4cCLMTOHXY29Dnfby2bHKbnepI3bOWsaFNYmPOcA+HqJlykgioPBxtOUQFKap58BCDOHr0kPlds\/XJ+iJoczHSHWhLrjVQV\/+nWfjX067ToTfE9bPwn7JymVPOWVub7fTU8WXUpSSCcMtBKgoaz7jotgiK\/CkUxgf7t7H7t"}
00426{"flow_id":72,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":92376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp46oz94G9IAQECDBIgAAAQEICiLYmeNpVMWb"}
@@ -945,85 +945,85 @@
00439{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":117663,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="}
00428{"flow_id":74,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":117769,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"}
00981{"flow_id":74,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":119559,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHLAABAAEAGPOzAqAG4zr1rI91udl8AOSk\/hQVLAYAYECxdpAAAAQEICiLYmftn2sBGAZUEFk3FYfNys9s55XyY23YdDU3mEgfTwzJe27SlFM87eEMrJbt8cMgfjrjKWMiVLh8DFSnipO+kUBBPaWEbU3Ynmx9QZ3LCiokcuUn7Dv\/+DsRlOpOb9d7+9uxwgEIscONdRtih2SP3JkYCA5iz3x9iSDdCsdlbaZrLb4ApkwQdkHEdITIkUszUt2IX2uTJSV+yWP5LgWIqw0LC3HCjWNkdNsXaTWnyoaf2cxQE1sr8DLAEkla6sbskUUPcZxZdZjiulq\/TmUBdEsi20dCtnTcf\/jmlhSZy3voPmKqnhBPKSsaSYV7gSfuhHvsx91uppt0PNe3c4y1gZjJmVqYegwNwd0Rhv3znUxx3KvFnJvEHZ7qFrzJd+ENToWIdx6FI8UpuevN49imKrwGh6WMiZD5f+DuvvAz7122yS8O20jeD8xnmRJeaN9NLvP5y82I4mw+mgnTQZFXTXU9XVqqqQlOkUsTMTiF0dbm32C97Qj202x3I4SGZE8nwdInxnX8nY65E\/K8JK0edlNviRiUkfu9o\/gCJI\/Y="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_tot_l4_data_len":555,"flow_min_l4_data_len":32,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00718{"flow_id":72,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1989,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133177,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEE\/xtAAC4GafgzU+0swKgBuHZf3WzP3gb0HaeOqIAYAOy\/HwAAAQEICmlUxcQi2JnjOWodgF8zqqT3ux8u1K\/g6U6QBmyPDWBUcKgtfjzQ8ZlvmNh1rnQ0\/PjijhpEydaVIxPYRaibF5WEb1KrRVfkRhE5xHjp+CWzD39yD5ssUUl0J1JfqZGOmgi9deNFDOPhY+vWdzzZzmwC1A5nNc7kk8dUVJrtrtv373RjRw25qIqq\/0+\/hFZW00NdV0znJoUGJE91KNHYPMi7wCtFEj6Ucp0mi8GwDXYDJrWFHthe7h6\/TwY2K3iLjVuLLfeXN76lHvSq1nVFTCIT67e9N28wUg=="}
00429{"flow_id":72,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1990,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp49Yz94HxIAQEBq\/WwAAAQEICiLYmgdpVMXE"}
00474{"flow_id":72,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1991,"source":"ethereum.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578508366,"pkt_ts_usec":133434,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2KDc3AG3ICABFAABUAABAAEAGV8TAqAG4M1PtLN1sdl8dp49Yz94HxIAYEBrpfQAAAQEICiLYmgdpVMXEsbvcLYadChRphbpgRufGc3E5TGLY9wr\/00\/QEFUd68g="}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_tot_l4_data_len":2246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":571,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":32,"flow_max_l4_data_len":479,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_tot_l4_data_len":3436,"flow_min_l4_data_len":20,"flow_max_l4_data_len":442,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_tot_l4_data_len":3296,"flow_min_l4_data_len":20,"flow_max_l4_data_len":494,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_tot_l4_data_len":2265,"flow_min_l4_data_len":136,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_tot_l4_data_len":2164,"flow_min_l4_data_len":20,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_tot_l4_data_len":3327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":579,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_tot_l4_data_len":2254,"flow_min_l4_data_len":20,"flow_max_l4_data_len":445,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_tot_l4_data_len":2228,"flow_min_l4_data_len":20,"flow_max_l4_data_len":534,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_tot_l4_data_len":1808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":455,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1144,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":136,"flow_max_l4_data_len":136,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_tot_l4_data_len":555,"flow_min_l4_data_len":32,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_tot_l4_data_len":2467,"flow_min_l4_data_len":20,"flow_max_l4_data_len":527,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":20,"flow_max_l4_data_len":453,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_tot_l4_data_len":2422,"flow_min_l4_data_len":20,"flow_max_l4_data_len":511,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_tot_l4_data_len":2328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":505,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_tot_l4_data_len":2363,"flow_min_l4_data_len":20,"flow_max_l4_data_len":540,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_tot_l4_data_len":2554,"flow_min_l4_data_len":20,"flow_max_l4_data_len":606,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_tot_l4_data_len":3718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":615,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_tot_l4_data_len":2124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_tot_l4_data_len":3043,"flow_min_l4_data_len":20,"flow_max_l4_data_len":501,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_tot_l4_data_len":2134,"flow_min_l4_data_len":20,"flow_max_l4_data_len":421,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_tot_l4_data_len":2418,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_tot_l4_data_len":2439,"flow_min_l4_data_len":20,"flow_max_l4_data_len":485,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_tot_l4_data_len":3058,"flow_min_l4_data_len":32,"flow_max_l4_data_len":599,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":136,"flow_max_l4_data_len":155,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_tot_l4_data_len":3354,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":137,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_tot_l4_data_len":586,"flow_min_l4_data_len":136,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_tot_l4_data_len":4026,"flow_min_l4_data_len":20,"flow_max_l4_data_len":578,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_tot_l4_data_len":2114,"flow_min_l4_data_len":32,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_tot_l4_data_len":2401,"flow_min_l4_data_len":20,"flow_max_l4_data_len":502,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_tot_l4_data_len":2255,"flow_min_l4_data_len":20,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_tot_l4_data_len":3718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":605,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_tot_l4_data_len":3248,"flow_min_l4_data_len":20,"flow_max_l4_data_len":504,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_tot_l4_data_len":2080,"flow_min_l4_data_len":20,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_tot_l4_data_len":1901,"flow_min_l4_data_len":32,"flow_max_l4_data_len":577,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_tot_l4_data_len":2088,"flow_min_l4_data_len":20,"flow_max_l4_data_len":449,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_tot_l4_data_len":3274,"flow_min_l4_data_len":20,"flow_max_l4_data_len":506,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_tot_l4_data_len":2271,"flow_min_l4_data_len":20,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_tot_l4_data_len":293,"flow_min_l4_data_len":136,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_tot_l4_data_len":2373,"flow_min_l4_data_len":20,"flow_max_l4_data_len":563,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_tot_l4_data_len":2449,"flow_min_l4_data_len":20,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_tot_l4_data_len":609,"flow_min_l4_data_len":32,"flow_max_l4_data_len":461,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_tot_l4_data_len":2493,"flow_min_l4_data_len":20,"flow_max_l4_data_len":522,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_tot_l4_data_len":1675,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1144,"flow_avg_l4_data_len":558,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_tot_l4_data_len":2086,"flow_min_l4_data_len":20,"flow_max_l4_data_len":418,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_tot_l4_data_len":2495,"flow_min_l4_data_len":20,"flow_max_l4_data_len":544,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_tot_l4_data_len":1818,"flow_min_l4_data_len":32,"flow_max_l4_data_len":554,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_tot_l4_data_len":3977,"flow_min_l4_data_len":20,"flow_max_l4_data_len":526,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_tot_l4_data_len":2451,"flow_min_l4_data_len":20,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_tot_l4_data_len":2166,"flow_min_l4_data_len":20,"flow_max_l4_data_len":463,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_tot_l4_data_len":2512,"flow_min_l4_data_len":20,"flow_max_l4_data_len":557,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_tot_l4_data_len":1677,"flow_min_l4_data_len":179,"flow_max_l4_data_len":1065,"flow_avg_l4_data_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_tot_l4_data_len":2280,"flow_min_l4_data_len":20,"flow_max_l4_data_len":562,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_tot_l4_data_len":2215,"flow_min_l4_data_len":20,"flow_max_l4_data_len":593,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":136,"flow_max_l4_data_len":179,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_tot_l4_data_len":3244,"flow_min_l4_data_len":20,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_tot_l4_data_len":1557,"flow_min_l4_data_len":32,"flow_max_l4_data_len":612,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":20,"flow_max_l4_data_len":490,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_tot_l4_data_len":2240,"flow_min_l4_data_len":20,"flow_max_l4_data_len":572,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_tot_l4_data_len":2648,"flow_min_l4_data_len":20,"flow_max_l4_data_len":603,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":33,"flow_first_seen":1578508365226,"flow_last_seen":1578508366012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1302,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1578508365852,"flow_last_seen":1578508366055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":447,"flow_tot_l4_payload_len":447,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":61,"flow_first_seen":1578508365045,"flow_last_seen":1578508365241,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":54,"flow_first_seen":1578508365153,"flow_last_seen":1578508365387,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":462,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1578508365189,"flow_last_seen":1578508365942,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":2209,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":30,"flow_first_seen":1578508365846,"flow_last_seen":1578508366076,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1268,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":50,"flow_first_seen":1578508365741,"flow_last_seen":1578508366031,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":547,"flow_tot_l4_payload_len":1803,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":37,"flow_first_seen":1578508364832,"flow_last_seen":1578508365305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":413,"flow_tot_l4_payload_len":1122,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":30,"flow_first_seen":1578508365885,"flow_last_seen":1578508366042,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":30,"flow_first_seen":1578508365295,"flow_last_seen":1578508365885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":435,"flow_tot_l4_payload_len":1172,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1578508364925,"flow_last_seen":1578508364954,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_first_seen":1578508364697,"flow_last_seen":1578508364773,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1578508365567,"flow_last_seen":0,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1578508366073,"flow_last_seen":1578508366119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":407,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508364664,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":1247,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining.Amazon","breed":"Acceptable","category":"Web"}}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1578508365038,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":38,"flow_first_seen":1578508364632,"flow_last_seen":1578508364787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":421,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":41,"flow_first_seen":1578508364682,"flow_last_seen":1578508364899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":479,"flow_tot_l4_payload_len":1222,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":30,"flow_first_seen":1578508364523,"flow_last_seen":1578508364743,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":31,"flow_first_seen":1578508365189,"flow_last_seen":1578508365331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":508,"flow_tot_l4_payload_len":1435,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1578508364272,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":45,"flow_first_seen":1578508364522,"flow_last_seen":1578508365440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":574,"flow_tot_l4_payload_len":1274,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1578508362274,"flow_last_seen":1578508363333,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":64,"flow_first_seen":1578508365239,"flow_last_seen":1578508365961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":583,"flow_tot_l4_payload_len":1758,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":29,"flow_first_seen":1578508365021,"flow_last_seen":1578508365192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":415,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":54,"flow_first_seen":1578508365029,"flow_last_seen":1578508365211,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":469,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":30,"flow_first_seen":1578508365588,"flow_last_seen":1578508365744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1578508364732,"flow_last_seen":1578508365736,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":41,"flow_first_seen":1578508364523,"flow_last_seen":1578508364723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1218,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":453,"flow_tot_l4_payload_len":1207,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":37,"flow_first_seen":1578508365712,"flow_last_seen":1578508366123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":567,"flow_tot_l4_payload_len":1842,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1578508365919,"flow_last_seen":1578508365951,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":275,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1578508364776,"flow_last_seen":1578508365781,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":299,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1578508364382,"flow_last_seen":1578508364651,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":3306,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1578508363692,"flow_last_seen":0,"flow_min_l4_payload_len":129,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1578508365408,"flow_last_seen":1578508365790,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":554,"flow_avg_l4_payload_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":69,"flow_first_seen":1578508364523,"flow_last_seen":1578508364687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":546,"flow_tot_l4_payload_len":1846,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":24,"flow_first_seen":1578508365194,"flow_last_seen":1578508366069,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":1326,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1578508364523,"flow_last_seen":1578508365619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508364937,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":470,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":29,"flow_first_seen":1578508364523,"flow_last_seen":1578508365656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1379,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1578508364922,"flow_last_seen":1578508366029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":65,"flow_first_seen":1578508365271,"flow_last_seen":1578508365838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":573,"flow_tot_l4_payload_len":1762,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":53,"flow_first_seen":1578508365279,"flow_last_seen":1578508366038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1652,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":32,"flow_first_seen":1578508364714,"flow_last_seen":1578508364919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":1168,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1578508365300,"flow_last_seen":1578508366073,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":545,"flow_tot_l4_payload_len":1177,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":36,"flow_first_seen":1578508365154,"flow_last_seen":1578508365257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":417,"flow_tot_l4_payload_len":1048,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1578508364654,"flow_last_seen":1578508364729,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":52,"flow_first_seen":1578508365079,"flow_last_seen":1578508365297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":1734,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1578508365169,"flow_last_seen":1578508365272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1578508365461,"flow_last_seen":1578508365899,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365331,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":43,"flow_first_seen":1578508364523,"flow_last_seen":1578508365354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":471,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_first_seen":1578508364522,"flow_last_seen":1578508364841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":429,"flow_tot_l4_payload_len":429,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364519,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1055,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":42,"flow_first_seen":1578508364522,"flow_last_seen":1578508365097,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":490,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1578508364421,"flow_last_seen":1578508364694,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1136,"flow_tot_l4_payload_len":1651,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":36,"flow_first_seen":1578508365701,"flow_last_seen":1578508365828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365223,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1275,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":16,"flow_first_seen":1578508365094,"flow_last_seen":1578508365839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":522,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":62,"flow_first_seen":1578508364924,"flow_last_seen":1578508365071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":494,"flow_tot_l4_payload_len":2045,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":39,"flow_first_seen":1578508364932,"flow_last_seen":1578508365309,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":521,"flow_tot_l4_payload_len":1315,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":35,"flow_first_seen":1578508364659,"flow_last_seen":1578508365043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":1158,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":42,"flow_first_seen":1578508364523,"flow_last_seen":1578508365511,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":525,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1578508365828,"flow_last_seen":1578508366083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1578508364382,"flow_last_seen":1578508364650,"flow_min_l4_payload_len":171,"flow_max_l4_payload_len":1057,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":30,"flow_first_seen":1578508365751,"flow_last_seen":1578508365853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":530,"flow_tot_l4_payload_len":1396,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":24,"flow_first_seen":1578508366005,"flow_last_seen":1578508366135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":561,"flow_tot_l4_payload_len":1439,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1578508364422,"flow_last_seen":1578508365065,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":448,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":48,"flow_first_seen":1578508365592,"flow_last_seen":1578508365773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1832,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":12,"flow_first_seen":1578508366020,"flow_last_seen":1578508366101,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":580,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test"}
diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out
index d81c66534..a980f25f7 100644
--- a/test/results/exe_download.pcap.out
+++ b/test/results/exe_download.pcap.out
@@ -1,13 +1,13 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":4796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324116,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324323,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324979,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"IOUqtpPxAAgCHEeuCABFAADBALNAAIAG\/\/cKCRllkFtFw8ANAFC+hvgfPu\/YuVAY+vAITAAAR0VUIC9zb2xhci5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiBwd3R5eUVLek50R2F0d25Kam1DY0JMYk92ZUNWcGMNCkhvc3Q6IDE0NC45MS42OS4xOTUNCg0K"}
-00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00411{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":325236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
02368{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623372,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbQAAIAGNdyQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vA4RgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxNzo1NDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjc5MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LURlc2NyaXB0aW9uOiBGaWxlIFRyYW5zZmVyDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0icGhuMzR5Y2p0Z2htLmV4ZSINCkV4cGlyZXM6IDANCkNhY2hlLUNvbnRyb2w6IG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBwdWJsaWMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADF5hWJgYd72oGHe9qBh3vasqVe2oOHe9pbpGfai4d72likZ9qAh3vae6Ri2piHe9qBh3ra\/4V72nujO9qdh3vae6Nn2gSHe9qqplzaiId72nujZtoZh3vae6M+2oCHe9p7o0bagId72lJpY2iBh3vaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAA3BYtdAAAAAAAAAADgAA8BCwEHAABABAAAwAQAAAAAAGIRAQAAEAAAAFAEAAAAQAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAEAkAABAAAJAACQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAsZAUAGAEAAAAABgDyAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAEAGAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAKMzBAAAEAAAAEAEAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABgOwEAAFAEAABAAQAAUAQAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAxGAAAACQBQAAMAAAAJAFAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAAPIBAwAAAAYAABADAADABQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_tot_l4_data_len":1749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
02109{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623382,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcBbUAAIAGNpuQW0XDCgkZZQBQwA0+795tvob4uFAY+vAhYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00412{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALZAAIAGAI4KCRllkFtFw8ANAFC+hvi4Pu\/jYVAQ+vAhaQAA"}
02237{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":624937,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbYAAIAGNjqQW0XDCgkZZQBQwA0+7+Nhvob4uFAY+vAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -17,5 +17,5 @@
02532{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630207,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbkAAIAGNdeQW0XDCgkZZQBQwA0+7\/Ndvob4uFAQ+vCglwAAAAABAAAAg+xUuRUAAACNdaiL\/POli02k6PMCAABfXovlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6PO9AQCLTaSDudQBAAAAdBiLVbCD4vuJVbCLRaTHgNQBAAAAAAAA6x\/HRawEAIAAx0WwBAAAAMZF+AGLTaTHgdQBAAABAAAAg+xUuRUAAACNdaiL\/POli02k6G8CAABfXovlXcPMzMzMzMzMzMxVi+xRiU38i+Vdw8zMzMzMVYvsav9oTSlEAGShAAAAAFBkiSUAAAAAgey4AAAAiY1A\/\/\/\/aGwBAADoydIBAIPEBImFRP\/\/\/8dF\/AAAAACDvUT\/\/\/8AdBVqAIuNRP\/\/\/+jcAwAAiYU8\/\/\/\/6wrHhTz\/\/\/8AAAAAi4U8\/\/\/\/iYVI\/\/\/\/x0X8\/\/\/\/\/4uNSP\/\/\/4lN8ItV8IsCi03w\/5BAAQAAg\/gBD4W3AAAAx4VM\/\/\/\/nAAAAItN8IO5YAEAAAB0D4uVUP\/\/\/4PKAomVUP\/\/\/4tF8IO4aAEAAAB0D4uNUP\/\/\/4PJAYmNUP\/\/\/4tV8IO6ZAEAAAB0D4uFUP\/\/\/4PIBImFUP\/\/\/4tN8IuRYAEAAGnSoAUAAImVXP\/\/\/4tF8IuIZAEAAGnJoAUAAIlN7ItV7PfaiZVg\/\/\/\/i0Xwi4hoAQAAacmgBQAAA03siY1Y\/\/\/\/jZVM\/\/\/\/UouNQP\/\/\/+hmvAEAi030ZIkNAAAAAIvlXcPMzFWL7FGJTfyLRfyLiMwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNABAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNgBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNQBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7IPsEIlN9I1F\/FCNTfhRi0306Di6AQCLVfg7Vfx1CcdF8P\/\/\/\/\/rBotF\/IlF8ItN8FGLVfhSi0306L65AQCNRQhQi0306MC6AQCL5V3CVADMzMzMzMzMzMzMzMzMzFWL7IHszAAAAImNOP\/\/\/2oBi0UIixCLTQj\/EseFPP\/\/\/wAAAACNhUD\/\/\/9Qi404\/\/\/\/6LG6AQCLTQiLUQSJlTT\/\/\/+DvTT\/\/\/9ldCuDvTT\/\/\/9mdAuDvTT\/\/\/9ndDDrRQ+3hVj\/\/\/+D6AL32BvAQImFPP\/\/\/+s4D7eNWP\/\/\/4PpAffZG8lBiY08\/\/\/\/6yEPt5VY\/\/\/\/g+oD99ob0kKJlTz\/\/\/\/rCseFPP\/\/\/wAAAAAzwIO9PP\/\/\/wAPlcBQi00IixGLTQj\/UgiL5V3CBADMzMxVi+yD7AiJTfyLRQiJRfiDffhldA6DffhmdBSDffhndBrrImoBi0386NP1\/\/\/rFmoCi0386Mf1\/\/\/rCmoDi0386Lv1\/\/+L5V3CBADMzMzMzFWL7ItFCFDoRs8BAIPEBF3CBADMzMzMzMzMzMzMzMzMVYvsUYlN\/GoAi0X8i0gcUf8VUFVEAIvlXcPMzMzMzMxVi+xRiU38agGLRfyLSBxR\/xVQVUQAi+Vdw8zMzMzMzFWL7Gr\/aIEpRABkoQAAAABQZIklAAAAAIPsEIlN5ItFCFBqZotN5Oh3FQIAx0X8AAAAAItN5McBSFxEAItV5IPCcIlV8ItN8OjO2gEAi0XwxwCElEQAxkX8AYtN5IHBwAAAAIlN7ItN7Oit2gEAi1XsxwKElEQAxkX8AotF5AUQAQAAiUXoi03o6I3aAQCLTejHAYSURADHRfz\/\/\/\/\/i0Xki030ZIkNAAAAAIvlXcIEAMzMzMzMzMzMzMzMzMzMzFWL7FE="}
02138{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630216,"pkt_caplen":1302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1302,"pkt_l4_len":1268,"pkt":"AAgCHEeuIOUqtpPxCABFAAUIBboAAIAGNqqQW0XDCgkZZQBQwA0+7\/kRvob4uFAY+vB0WgAAiU38i0386CEAAACLRQiD4AGFwHQMi038UegQzgEAg8QEi0X8i+VdwgQAzMxVi+xq\/2ixKUQAZKEAAAAAUGSJJQAAAABRiU3wx0X8AgAAAItN8IHBEAEAAOiLCwMAxkX8AYtN8IHBwAAAAOh5CwMAxkX8AItN8IPBcOhqCwMAx0X8\/\/\/\/\/4tN8OilEwIAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/ItF\/IPAcFBo6gMAAItNCFHoqYwCAItV\/IHCwAAAAFJo6wMAAItFCFDokYwCAItN\/IHBEAEAAFFo7AMAAItVCFLoeYwCAIvlXcIEAMzMzMzMzMzMzMzMzMzMVYvsUYlN\/LhIW0QAi+Vdw1WL7IPsGIlN6MdF8AAAAADrCYtF8IPAAYlF8IN98Bl9N4tN8IsUjbCQRQBSaKBdRACNRfRQ\/xXUVUQAg8QMjU30UWoAaEMBAACLVQiLQhxQ\/xVIVUQA67rHRewAAAAAagCLTexRaE4BAACLVQiLQhxQ\/xVIVUQAi+VdwgQAzMzMVYvsUYlN\/ItN\/OiFFgIAi0X8g8BwUItN\/Ohi\/\/\/\/i038gcHAAAAAUYtN\/OhQ\/\/\/\/i1X8gcIQAQAAUotN\/Og+\/\/\/\/uAEAAACL5V3DzMzMzMxVi+xq\/2jIKUQAZKEAAAAAUGSJJQAAAACD7CCJTeCLTeDoOuQBAOipGwIAiUXoi0XoixCLTej\/UgyJReyLReyDwBCJRfDHRfwAAAAAjU3wUYtN4IPBcOj27wEAagBqAGhHAQAAi1Xgi4KMAAAAUP8VSFVEAIXAdBGLTfBR6F\/lAACDxASJRdzrB8dF3AAAAACLVeCLRdyJgmABAACNTfBRi03ggcHAAAAA6KPvAQBqAGoAaEcBAACLVeCLgtwAAABQ\/xVIVUQAhcB0EYtN8FHoDOUAAIPEBIlF2OsHx0XYAAAAAItV4ItF2ImCZAEAAI1N8FGLTeCBwRABAADoUO8BAGoAagBoRwEAAItV4IuCLAEAAFD\/FUhVRACFwHQRi03wUei55AAAg8QEiUXU6wfHRdQAAAAAi1Xgi0XUiYJoAQAAx0X8\/\/\/\/\/41N8OifAAAAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/IvlXcIEAMzMzFWL7FGJTfyLRQxQD7dNCFGLVfyLAotN\/P+QNAEAAIvlXcIIAMzMzMzMzMzMzMzMzFWL7FGJTfyLTfzoXQgDAItFCIPgAYXAdAyLTfxR6JDKAQCDxASLRfyL5V3CBADMzFWL7IPsCIlN+ItN+OgPAAAAi+Vdw8zMzMzMzMzMzMzMVYvsg+wIiU34i0X4iwiD6RCJTfyLVfyDwgyDyP\/wD8ECSIXAfxOLTfxRi1X8iwKLTfyLCYsQ\/1IEi+Vdw8zMzFWL7Gr\/aOopRABkoQAAAABQZIklAAAAAIPsDGgYAgAA6NLJAQCDxASJRezHRfwAAAAAg33sAHQNi03s6FAAAACJRejrB8dF6AAAAACLReiJRfDHRfz\/\/\/\/\/i0Xwi030ZIkNAAAAAIvlXcPMzMzMzMxVi+xRiU38uABfRACL5V3DVYvsUYlN\/LikXUQAi+Vdw1WL7Gr\/aBYqRABkoQAAAABQZIklAAAAAFGJTfCLTfDoiScDAMdF\/AAAAACLRfDHAChfRACLTfCBwdAAAADobEsDAMZF"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALhAAIAGAIwKCRllkFtFw8ANAFC+hvi4Pu\/98VAQ+vAG2QAA"}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_tot_l4_data_len":693561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":986,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test"}
diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out
index e8fff24c5..01c86eae5 100644
--- a/test/results/exe_download_as_png.pcap.out
+++ b/test/results/exe_download_as_png.pcap.out
@@ -1,13 +1,13 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434903040,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":40298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440451,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":440784,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlJAAIAGv\/QKCRlluWJXucAtAFB7PMGXLy4K1lAQ+vBJBAAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":441012,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"IOUqtpPxAAgCHEeuCABFAAC9BlNAAIAGv14KCRlluWJXucAtAFB7PMGXLy4K1lAY+vA3lwAAR0VUIC90YWJsb25lLnBuZyBIVFRQLzEuMQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClByYWdtYTogbm8tY2FjaGUNClVzZXItQWdlbnQ6IFdpbkhUVFAgbG9hZGVyLzEuMA0KSG9zdDogMTg1Ljk4Ljg3LjE4NQ0KDQo="}
-00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":20,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
+00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}}
00418{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434903,"pkt_ts_usec":441168,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoESMAAIAG9SO5Yle5CgkZZQBQwC0vLgrWezzCLFAQ+vBIbwAA"}
02375{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":53845,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcESQAAIAG7265Yle5CgkZZQBQwC0vLgrWezzCLFAQ+vCXagAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxODowODoyNCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvcG5nDQpDb250ZW50LUxlbmd0aDogMjQ5OTA2DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDI1IFNlcCAyMDE5IDEyOjI2OjI1IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRVRhZzogIjVkOGI1Y2YxLTNkMDMyIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAAdgnHaWeMfiVnjH4lZ4x+J2v8RiVjjH4kw\/BaJXeMfibD8EolY4x+JsfwbiVjjH4lSaWNoWeMfiQAAAAAAAAAAUEUAAEwBAwDSQ4tdAAAAAAAAAADgAA8BCwEGAADQAAAA8AIAAAAAANAXAAAAEAAAAOAAAAAAQAAAEAAAABAAAAQAAAABAAAABAAAAAAAAAAA4AMAABAAAGTQAQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAA8N4AAJ0AAADU1wAAZAAAAAAAAQBo0gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkBEAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADACAABsAAAAABAAAIQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAI3PAAAAEAAAANAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLmRhdGEAAAAIFgAAAOAAAAAQAAAA4AAAAAAAAAAAAAAAAAAAQAAAwC5yc3JjAAAAaNICAAAAAQAA4AIAAPAAAAAAAAAAAAAAAAAAAEAAAEB\/r39SMAAAAPg3EBo6AAAA7CdUe0cAAQA6xeGNVAAAAMMfsEleAAAAAAAAAAAAAABnZGkzMi5ETEwAb2xlYXV0MzIuRExMAGtlcm5lbDMyLkRMTABOVERMTC5ETEwATVNWQlZNNjAuRExMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00761{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_tot_l4_data_len":1745,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
+00772{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}
02115{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":53857,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcESUAAIAG8C25Yle5CgkZZQBQwC0vLhCKezzCLFAY+vA9vwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00418{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":54024,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlRAAIAGv\/IKCRlluWJXucAtAFB7PMIsLy4VflAQ+vA9xwAA"}
02243{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":54281,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESYAAIAG78y5Yle5CgkZZQBQwC0vLhV+ezzCLFAY+vA4awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -17,5 +17,5 @@
02264{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":55696,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESkAAIAG78m5Yle5CgkZZQBQwC0vLiV6ezzCLFAY+vCF8gAA6LBFums813x8GqfsAAAAAAAAAGRFQABMAAAAUAAAAN9uiYgizvFGuh2dNdOBjtEAAAAAAAAAAAAAAAAAAAAAAwAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPYVAAAAAAAAUEZAAJwAAADoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAAP\/\/\/\/8AAAAA0AAAANEAAADhAAAAAAAAAMPqUh0p6LBFums813x8GqcAFH2S901MS6oECpq+XrR3y+IzLEEPxUGmS11wcgPVKeOSxrAzpaRGvgd9xm+yfh4xjrter\/k+T7eGjRsDtdunPwEAAADgAAAARoT\/DwMAAOxiHWDQkSRJhGgetLBl\/ZJowTPquYefQaoiGxAoHisfAAAAAGITVyAAAAAAAAAAAAAAAAAAAAAAAEFNTUFDQVJFLmpDaGFydABqQ2hhcnQABwAAALRBQAAHAAAAcEFAAAcAAAAsQUAABwAAAOBAQAAHAAAAhEBAAAcAAAAwQEAABwAAAOw\/QAAHAAAAqD9AAAcAAABgP0AABwAAABg\/QAAHAAAAsD5AAAcAAABsPkAABwAAACg+QAAHAAAA3D1AAAcAAACUPUAABwAAAFA9QAAHAAAA7DxAAAcAAACkPEAABwAAAFw8QAAHAAAAFDxAAAcAAADMO0AABwAAAIg7QAAHAAAAGDtAAAcAAADUOkAABwAAAJA6QAAHAAAATDpAAAcAAAAIOkAABwAAAMQ5QAAHAAAAYDlAAAcAAAAEOUAABwAAAMA4QAAHAAAAeDhAAAYAAAD8M0AABwAAAEQwQAAHAAAA\/C9AAAcAAACgL0AABwAAAEwvQAAHAAAA8C5AAPQBAABsK0AAAAAAANBqQADQ10AAABYAAAjgQACmFUAAAOBAACoAXABBAEYAOgBcADgAMQA3ADIAMAAwADAAXABEAGkAYwBWAGUAcgBvAG4AYQA0AFAAYQByAHQAMgAuAHYAYgBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQbQAAmAAAAAQAAAGwrQAAAAAAApGZAAP\/\/\/\/8AAAAAwCtAACDgQAAAAAAAGMdUCQAAAAAAAAAAAAAAAOgeQAABAAAAoDBAAAAAAADoHkAAAQAAAPAeQAABAAAA7B5AAAIAAAD0HkAADwDiAWgAbABEH0AAHO5AAAAAAAA09mAJsDBAAMAwQADQMEAAQAAsAIgGAADgMEAA\/\/\/\/\/wA="}
00420{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":55794,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoBlZAAIAGv\/AKCRlluWJXucAtAFB7PMIsLy4qzlAQ+vAodwAA"}
02285{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download_as_png.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434904,"pkt_ts_usec":56830,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8ESoAAIAG78i5Yle5CgkZZQBQwC0vLirOezzCLFAY+vBtPQAAAAAAAAAAAIAfQADol0AJ8DBAAP\/\/\/\/9AABIAjAYAAJwxQAABAAMAAAAAAAAAAABIIEAA+JdACawxQAABAAMA5CBAAPEgQAD+IEAACyFAABghQAAlIUAAMiFAAD8hQABmIUAAsCBAAL0gQADKIEAA1yBAAEwhQABZIUAAAAAAAPQeQABwHkAAqhdAALAXQAC2F0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMIgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM8gQAC1IEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9AAHAeQACqF0AAsBdAALYXQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBbCQEhwYAAOkrSgAAgWwkBIcGAADpzksAAIFsJASHBgAA6cFMAACBbCQEhwYAAOm0TgAAgWwkBP\/\/AADpp08AAIFsJAT\/\/wAA6SpQAACBbCQE\/\/8AAOmNUAAAgWwkBP\/\/AADpQFEAAIFsJAT\/\/wAA6bNRAACBbCQE\/\/8AAOn2UgAAgWwkBP\/\/AADpWVQAAIFsJAT\/\/wAA6UxVAACBbCQE\/\/8AAOn\/WAAAgWwkBP\/\/AADpYmwAAIFsJAT\/\/wAA6eVuAAAAAQADAGwrQAAAAAAAJGdAAP\/\/\/\/8AAAAAUCxAADTgQAAAAAAAQNJQCQAAAAAAAAAAAAAAAOQhQAABAAAAiDZAAAAAAADkIUAAAQAAAOwhQAAAAAAA6CFAAAcAAADsIUAABAC3AWgAbAAEI0AA8OVAAAAAAACo7WAJmDZAANA0QABAABgAOAAAAEQ0QAAFAAMAAAAAAAAAAAAUI0AAgJhACag2QAAFAAMAQAAJADwAAAC0NkAAAQADAAAAAAAAAAAAjCNAAJCYQAnENkAAAQADAEAAEQBAAAAAzDZAAAMAAwAAAAAAAAAAAMgjQACgmEAJ3DZAAAMAAwBAABgARAAAAEQ0QAACAAMAAAAAAAAAAAAkJEAAgJhACeQ2QAACAAMAQAASAEgAAACcMUAABgADAAAAAAAAAAAAnCRAAPiXQAnwNkAABgADAEAAHwBMAAAA\/DZAAP\/\/\/\/8AAAAAAAAAAPwkQACwmEAJDDdAAP\/\/\/\/9AABEAUAAAAMw2QAAEAAMAAAAAAAAAAACQJUAAoJhACRQ3QAAEAAMA7CVAAPslQAASJkAAHyZAAAAAAADsIUAAbCFAAKoXQACwF0AAthdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUIkAAbCFAAKoXQACwF0AAthdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8IkAAbCFAAKoXQACwF0AAthdAABcmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGQiQABsIUAAqhdAALAXQAC2F0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_tot_l4_data_len":511293,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":957,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test"}
diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out
index 3df54978f..403531405 100644
--- a/test/results/facebook.pcap.out
+++ b/test/results/facebook.pcap.out
@@ -1,32 +1,32 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1472393122365,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":365661,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668038,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00692{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":668183,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"pkt":"mAyC0zx8MFLLbJwbCABFAAD44NFAAEAGjlPAqCsSQtycRMtiAbv14btz7B3zc4AYAOXLxQAAAQEICgBLXBi7uwhkFgMBAL8BAAC7AwNbh8URkho8fraMBpv52BLid6sw70NU5sSdt5TqEulpNAAAGsArwC\/MqcyowArACcATwBQAMwA5AC8ANQAKAQAAeAAAABEADwAADGZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAAAzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAg=="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":32,"flow_max_l4_data_len":228,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1472393122365,"flow_last_seen":1472393122668,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0+htAAE0GaM1C3JxEwKgrEgG7y2LsHfNz9eG8N4AQADsrTQAAAQEICru7CXIAS1wY"}
02289{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981938,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWg+hxAAE0GY2BC3JxEwKgrEgG7y2LsHfNz9eG8N4AQADs4NQAAAQEICru7CXMAS1wYFgMDAEoCAABGAwND9eJDZ6XRoA8\/vZrNEztYnJEjgkJwJf+Fvp1IGEEGSwDAKwAAHgAAAAD\/AQABAAALAAQDAAECACMAAAAQAAUAAwJoMhYDAwtvCwALawALaAAGrTCCBqkwggWRoAMCAQICEA7LCTmysQFUuJVwx7IrekcwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwHhcNMTQwODI4MDAwMDAwWhcNMTYxMjMwMTIwMDAwWjBhMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCk1lbmxvIFBhcmsxFzAVBgNVBAoTDkZhY2Vib29rLCBJbmMuMRcwFQYDVQQDDA4qLmZhY2Vib29rLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNjR3TW94lm2+5sfVBWM279OWL1HvrgQ\/CLp0p6Y+EkqJfuURuRCmYRQHF8B\/RQlMVxO2WT9xQyzRtKhvHC0h46jggQXMIIEEzAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUQwmTQPoRSzAz7PKHbo1xGM+KvI4wgccGA1UdEQSBvzCBvIIOKi5mYWNlYm9vay5jb22CDiouZmFjZWJvb2submV0gggqLmZiLmNvbYILKi5mYmNkbi5uZXSCCyouZmJzYnguY29tghAqLm0uZmFjZWJvb2suY29tgg8qLm1lc3Nlbmdlci5jb22CDioueHguZmJjZG4ubmV0gg4qLnh5LmZiY2RuLm5ldIIOKi54ei5mYmNkbi5uZXSCDGZhY2Vib29rLmNvbYIGZmIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1UdDwEB\/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc1LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSCAWkBZwB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABUat76fsAAAQDAEYwRAIgKMh9hl3xFDKdOlA+L8KZgOwTyPkfXZ+KCoH7+eoCjPUCIChvf5ezJwFmu4lNxahTOjTO9qtGrvFwvbgnLcIDKPYsAHYAaPaY+B9kgr46jO65KB1M\/HFRXWeT1ETRCmesu09P+8QAAAFRq3vpvQAABAMARzBFAiEA+3vO+h10a+t2IHcW48BYcrMhNZrAQy2okHfht5raX20CIASqi0LSrMrRh99wVMc="}
-00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_tot_l4_data_len":1792,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1472393122365,"flow_last_seen":1472393122981,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00423{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981941,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NJAAEAGjxbAqCsSQtycRMtiAbv14bw37B3434AQAPvLAQAAAQEICgBLXHa7uwlz"}
02295{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981946,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWg+h1AAE0GY19C3JxEwKgrEgG7y2LsHfjf9eG8N4AQADuuwwAAAQEICru7CXMAS1wYHiIgUzbfk1u4H1v8gAXRmlqrsAB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABUat76o8AAAQDAEcwRQIhAP4sttTvlf\/8zXhxgYitOrOjEgyCsti1TObxZv7UfjSlAiAtK9XVE4ScmdkWZRUI3FllxcAsapXn6YOfryaLORAmKDANBgkqhkiG9w0BAQsFAAOCAQEAqpGuUgGMYPYCtpTrr27r3TzI4W8Xq7gogOzcVIJWJMEWCOHCyD48D1MYQH\/fQTaTlV+x2TVDXpRg+dang2p9x7T2C5B2+LQKwTENFhi1y3Fc+ZMCIaq7QP3uChup8sMOJRNjZ6JC63nqX4\/72Lt2jF9hyiy+AUQJrzYeqfdAHKSzZXhCaATwSwx\/H9kT9go7NXlzacc8cOVdBpjqiNXda+ZmYlfPr9D7Z5vgyCA6ubZPOXpfxP2gRoy8x0Sns6tSSduGl+0uvIBWlZ\/SY4RX55IVMuR1xYFSyzsm4V1L\/eA5XoEGr8x+d9GdmgZv7\/f84oZaFlrCBN6A43gfD\/x\/3wAEtTCCBLEwggOZoAMCAQICEATh56TcXPLzbcArQrhdFZ8wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEwMjIxMjAwMDBaMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuAvwiQGyG0EX9fvCmQGsn0iJmUWrkJAm87cn592Bz7DMFWHGblPlA5alB9VVrTCAiqv0JjuC0DXxNA7csgUnu+QsRGprtLIuEM62QsL1dWV9UCvyB3tTZxfV7eGUGiZ9Yra0scFH6iXydyksYKELcatpZzHGYKmhQ9eRFgqN4\/9NfELCCcyWvW7i56kvVHQJ+LdO0IzowUoxLsozJqsKyMNeMZ75l5xt0o+CPuBtxYWoZ0jEk3l15IIrHWknLrNF7IeRDVlf1MlOdEcCppjGxmSdGgKN8LCUkjLOVqituFdwd2gILghopMmbxRKIUHH7W2b8kgv8wP1omiSUy9e4wIDAQABo4IBSTCCAUUwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFFFo\/5CvAgd1PMzZZWRiohK4WXI7MB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBCwUAA4IBAQAYipWJA+Zt31z8HWjqSo+D1lEvjWs="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":981949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NNAAEAGjxXAqCsSQtycRMtiAbv14bw37B3+S4AQARLLAQAAAQEICgBLXHa7uwlz"}
00969{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":982477,"pkt_caplen":463,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":463,"pkt_l4_len":429,"pkt":"MFLLbJwbmAyC0zx8CABFAAHB+h5AAE0GZz1C3JxEwKgrEgG7y2LsHf5L9eG8N4AYADuw+gAAAQEICru7CXMAS1wYRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwCUDAAAkAMAF0EERq6qtVs+wlPiSpplvzQpl8xqpRCV1pYimiyndghyaLi0KrU\/et7CPLDLOIucFZNxmUMTOUmvE4hnP2Wy2B9megYDAEcwRQIhAP67F\/d984Px9CxMpzSME8RoPRYET1dJTXwpWwn2T8hCAiBggRuhv+1VT+cAs37zbeQCKLzT3F7BpIYqvzA+mB42GhYDAwAEDgAAAA=="}
-01241{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_tot_l4_data_len":3705,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":370,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
+01252{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1472393122365,"flow_last_seen":1472393122982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3369,"flow_avg_l4_payload_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"facebook.com","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","alpn":"h2,spdy\/3.1,http\/1.1","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9"}}
00426{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":982487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NRAAEAGjxTAqCsSQtycRMtiAbv14bw37B3\/2IAQASjLAQAAAQEICgBLXHa7uwlz"}
00599{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":990165,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"mAyC0zx8MFLLbJwbCABFAACy4NVAAEAGjpXAqCsSQtycRMtiAbv14bw37B3\/2IAYASjLfwAAAQEICgBLXHi7uwlzFgMDAEYQAABCQQSAlgFY9IZcjwQPBd3SSxYnf5W+I6IUQLtCuTFvKSoeSzJNC4vEueRm01PoOXo\/YGxo9wieuDET4bYBjDPBwwHxFAMDAAEBFgMDACgAAAAAAAAAAH5uX9yyXIxa\/zk1zAh0oKXPuwxd4KdkybU1YwbgOWCw"}
00950{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393122,"pkt_ts_usec":993660,"pkt_caplen":449,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":449,"pkt_l4_len":415,"pkt":"mAyC0zx8MFLLbJwbCABFAAGz4NZAAEAGjZPAqCsSQtycRMtiAbv14by17B3\/2IAYASjMgAAAAQEICgBLXHm7uwlzFwMDAJgAAAAAAAAAAc1QwtVeiDayGp42RLjeGVZj7uusHrtykGKrYSjjNBGdfytHTjX9BqGrlhXFHpRI5ItIqF5wbI3Nqys0ptk4tAzrygmznNhWxQoPu52Y\/2q5ev1hTqM9zVAYO69k9ViDv4PGfZTA\/mKDh9u35bh5+5Lc+9VnxzGiacOoCBjoFoHl0efTCcO8J9jn5m9LpinK4BcDAwDdAAAAAAAAAAI++\/8fKkykP9LN2diw\/ZLeccHIf7AmammL3LSyLuG0NLtQIzrm3wKc263vGeN\/FtNieDg6mLxo5Stcs0lEBjR882KaYUmxO7s+M7nLDtv9QkHTeOCqHja00h\/9SIxm\/cBIYs79aawQSgEsMqI6BriBpjfnVPwivJ2yY2AOlfd43Sk3tdCCAEBJBDmKf2K49XMIJLldx3c21U\/bO0GCSz+ps54bHcM7PzkTD8mhzMUCbgFfPa2vUMFnPfXJsl3toBxWZxDo4tx04+z2k4vusMRjzjy7x\/o="}
00782{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391297,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"MFLLbJwbmAyC0zx8CABFAAE2+h9AAE0GZ8dC3JxEwKgrEgG7y2LsHf\/Y9eG8tYAYADvLfwAAAQEICru7CtAAS1x4FgMDAMoEAADGAAKjAADAFQiR\/u1qMSyuiMG2jw0zD0BOx2ZEoC+h5yfZ\/aHoiKV3agik\/rOIcv8JwkST852oQ+ROkK1rjV\/TZjXRBB5lldDYcaKy6KlnuCIAl26B6voPrnm\/eMncwrwsOJt6ySPFwAoK1XUVBKrtRNpVUB9MB3kJyjmXk0vHN8sOa8PKBJZkPxVqY1F\/hstlsqgEtyaTW5BmX1FNIh7VpSwUBZ+UWIhRtcJRMowhsds+M2OCtUGV7eCAtsg9z0MSUxkUoQaXFAMDAAEBFgMDACgSNvkDis0ZoSTD4XoWdCm\/HywniGJgJMyf0JxvM2W\/MIyhKa7W1\/lx"}
00536{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":391325,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"MFLLbJwbmAyC0zx8CABFAACF+iBAAE0GaHdC3JxEwKgrEgG7y2LsHgDa9eG8tYAYADt+fAAAAQEICru7CtAAS1x4FwMDAEwSNvkDis0ZotYDEUHWuujm70FV+TWEIePaonjZDsqD2mGpm1zTEdYm0dp9+D54ih5TgReTCCLrCeU6vVxFhqVpVAMMpplemlzSyeZD"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1472393123550,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":550766,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00436{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682883,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":682902,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
01128{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":683095,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"mAyC0zx8MFLLbJwbCABFAAI5dR9AAEAGYrTAqCsSHw1WJK5GAbsvASg+cOnYd4AYAOVjFwAAAQEICgBLXUglRdDWFgMBAgABAAH8AwM+9tNpxmZK\/eWu6BicR\/VdzCeqETHBQQTjNp6ce6Re6CDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qAAawCvAL8ypzKjACsAJwBPAFAAzADkALwA1AAoBAAGZAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAMAVCJH+V6O+8X2imm8A5SDgHXzaZOkxASoAP7PEoNjKKl9CQSOx\/teLVlne5tIoYDG+cMhqc3xPewtsO6jtNu2A8OCQyx9HEmHS7QX20VvDQq\/STGmFYAcDBbKS4nC6fio3njGW7FzDfetud3qZZ7+M0xYt8VAkhG35Ct6tGM4sR0dgJpKxO\/\/uHgQ595Wbqzav3mtgVLdqqXZj+Rm0AO2brTOq4RRSAn0Yz2Qs7sU+3hKk3fw1CrFvT3svUypcWbkzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAgAVAFkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1472393123550,"flow_last_seen":1472393123683,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
00424{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":837584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0CRtAAFMGvb0fDVYkwKgrEgG7rkZw6dh3LwEqQ4AQADtuqgAAAQEICiVF0WwAS11I"}
00626{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838069,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"MFLLbJwbmAyC0zx8CABFAADGCRxAAFMGvSofDVYkwKgrEgG7rkZw6dh3LwEqQ4AYADv9TQAAAQEICiVF0WwAS11IFgMDAFoCAABWAwOyE6NOKTMBswvrpLFOz1jmB39VCfqFE6Rr+kbsG3T56yDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qMArAAAO\/wEAAQAAEAAFAAMCaDIUAwMAAQEWAwMAKPBm4AzPMe30kcGHV47ykMueUWB5RUjEcIK30bhxhSXw4FWjRJShiRs="}
-00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_tot_l4_data_len":871,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}}
00424{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838077,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dSBAAEAGZLjAqCsSHw1WJK5GAbsvASpDcOnZCYAQAO1hEgAAAQEICgBLXXclRdFs"}
00495{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":838321,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"mAyC0zx8MFLLbJwbCABFAABndSFAAEAGZITAqCsSHw1WJK5GAbsvASpDcOnZCYAYAO1hRQAAAQEICgBLXXclRdFsFAMDAAEBFgMDACgAAAAAAAAAAFa8+ZgbktrV2bEUW\/LVlxKn8iTxi1uR4wfFZ6+jvK3W"}
00950{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":841603,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"mAyC0zx8MFLLbJwbCABFAAG2dSJAAEAGYzTAqCsSHw1WJK5GAbsvASp2cOnZCYAYAO1ilAAAAQEICgBLXXglRdFsFwMDAJgAAAAAAAAAAa1AvEsdEhKWtFsYyKCSIZFQb24K0xqOqsKQSejpyp2bP9QjXILHDCqannIgzjwRWOPvR1sfRj6X5M5ncKKgcGTJ4wV6DAVzLtEDTFXGdOgt69+4lyfXgI3tmSRm910P3v78r1ADwQw9K4lDgUSelpEV4iM2BLBa1TLJpDvlv2BDELBMZLhosoZL6dBgi\/bqHRcDAwDgAAAAAAAAAALpwqa95RaQnPy5hX3XtEuUJjJ6\/OuaqpSYnLHWy5ddTG1RbBdEv5zPZ+z+QfrLzaawhKi8Z5rOr6unurnL86TuyICCxizNXVJKGgjCtzDaFSJqbT9C\/ZUDJVOGdP6YBzuq+KlkfeG5kXVevU49J1u2I\/7rHNcTEQuRJzwUCl7qJnxFD4ue8qDO9FZwZ9uyQpvPq9T7m5dx9jo6hlY3PV\/Hdv6yNi6jgzS5od5hXZExZug3vGU7e7eZavjJ5+HZgUnxn\/sZIvn6X4xu61ztPKrDKNWiTE4W\/t4="}
@@ -36,6 +36,6 @@
00484{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":968290,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"MFLLbJwbmAyC0zx8CABFAABeCR9AAFMGvY8fDVYkwKgrEgG7rkZw6dmALwEr+IAYAD9ngQAAAQEICiVF0eUAS114FwMDACXwZuAMzzHt97ZyjO39DSkFoBZdHFHJZUlTmsJ7MnD+3N\/jhCYy"}
00425{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393123,"pkt_ts_usec":968321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dSRAAEAGZLTAqCsSHw1WJK5GAbsvASwecOnZqoAQAO1hEgAAAQEICgBLXZ4lRdHl"}
02314{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"facebook.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472393124,"pkt_ts_usec":87521,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"MFLLbJwbmAyC0zx8CABFAAWgCSBAAFMGuEwfDVYkwKgrEgG7rkZw6dmqLwEr+IAQAD\/xPQAAAQEICiVF0mIAS114FwMDBfTwZuAMzzHt+F\/CnhQc4vog1mXqgUZ7RovGYIf4aFPsiVxEl4j6uvny01g1HY6CBgPuO4sMMP0VKo58e\/op5HRJ64ooOSmwtghUYOYrD54VKVDnxPI\/StkMSinVYzLPaZzw\/M1yLnJ6M78+Bu1Xzt\/gKy6A+MGHvUIf1GPzb+AwCG0XotLwxlTIg3\/MmjciLEwsjGHxiJkEjLN82mGKZu4zJ3N3uyhp5fJSHAbiJ4MXgne2LRjkGFnoXhzV25ABOUQUX6BPTDM8YrAMKPsuVIUsq5qyXXzTYsrimkbBLe++PLrcRI97c4M0M6J5cF8eoanyXRRRcNqKrZEenJQGf6VNxZO974VnB0\/Jck1VYDdyz3esX3JphaCS5oeDahP75ZwLlYD\/el8mOsXWly7ZzB\/MNhB9u4gP2e5R0fZXmbgcaqbkCOYnPmjlwAwNjO+CKYvGZrEYmAb3DUbQon+vciE9Gh3fraldg4xNx0Unr1MZEAiwOxUhIy\/kbx4BhQaBgBqXt0cb2N9mgpdXTKwwYbx3ET9Ev+Nq8eJmgNpLdk2FEQRz2+\/swRlxb9wKznyl+GtIQifFL30gxdlmmNv2V8MGgY6Bpik3KNjMhpyE4LDCy1hoKsiw35gfIh1dfQWgVF+NeJd6I5btZ\/L\/JBVApU38+cIIgxjB5eBP45OzfOUol5vz5Ds2LMYzkXLrgL4fRfn5qH52w38zGW8T+CadqAJleSXsNbrX5JXHYqJx6HxIhnYkGqMGK2dU692XQLtg0hcEJD1397W9181YyiKnRPSfl8kFe4JsjrJQhBF2oAisZ+F\/sFybYwicovw3hcVUS\/+MM8l7fN7F17pQOuasUdmqLBvAj00Cf0y1B9tpPYxQGZcRPdC4C99pWoYtTTaKrsG23KIbYStpVMS6soexTSPR7xdY7LSPumwUbMrPeADSIxzJz0SXXvDKG3fykIUEaEh7ovOGhqs6Pv6eJ9cchQ4Quz6OZvHxuM6Ll\/wQonAMDdl4nozVygotuVtEB\/r0slhT0qHsnyHp\/C9f6b6sRUHrll7jb99Cj3WszOGc8+y+NM6mN5fN3JGy2cFQJUbZCVD5JNZkmfSDY56H\/oSma\/wSionWOvplj0WSqlc512FY7RMVZS7rorj7D9Lm0ZzYGo+JBW5YJDouUOP99Aei+3qU4pI9xCJCg1yIoma2N+ZG+n76z72ZAAaNeWbFaQ9z610MopjNuhVVsVk\/hAyFMzGTGbhs\/WG9yOavdTToAL68tXUCoRJF88ZfOjRINv+b\/m\/zdqK4XMLpYwkkmtBWnLPbIktxXaMwDWPHw1E8NCxpKHIU8qcXMTagjXwTOTAfHbE2BvwuvYVwy5tgglBwegL9dB6xW8WO5D4rul3PKNO36o+A7RLWJgo\/7\/gD7FMMqi29XFPaq2G07BefT1OVbTFbW3O0uSozE5X\/EiHPn1Ts4sX\/G8s41bbkWcuJF2+rO0O1HG8dN+DmyOCPkk1AOMvT0O+V9oR5xFuirOQcHXZPpHDu8plVBrr+3qZgOmIWj5g5cjnYrncmd40kAgqxsDyVCCvmws+PtrgbH1vQk+682M85K2\/kHGVGiNbwiHrUmRoLwzWNAlejGLoiuOoXWhnPE\/nLesC5ZR7QliWUPg5RgWuwveUB4rfa4tlujgiKoXv0pgyhXfcfbLcm5Zr\/7NyUCLo2jnw+b7Y1qqPSBLP0vccfDk3eBh3IwPZJg5ZmZQaCVwzquphe7W4bHr0wdJIzJibEfBiICpoNq3Ly2cYVCDFTeVfZsVtdWCiIOmkg4+ha5qE73D6jX+3ha8dDGlybO2L29HSXijqjQbYATwm9lTdIQmGcxOs="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_tot_l4_data_len":5099,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_tot_l4_data_len":23372,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test"}
diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out
new file mode 100644
index 000000000..a0e8630bb
--- /dev/null
+++ b/test/results/firefox.pcap.out
@@ -0,0 +1,117 @@
+00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620927997754,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00440{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":754367,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"}
+00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="}
+00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":781165,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmizBCYmRhoAQECyfcgAAAQEICjQMlIc8IAcu"}
+01121{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":782476,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGqiLAqAGykjA6Esl5AbuZmizBCYmRhoAYECyf7gAAAQEICjQMlIg8IAcuFgMBAgABAAH8AwMtfA1DC+zpycv9FdmNMUC5bsJuWnUXyup0IQWmFDUmuyCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAdqToAdMIvwxEDg\/g+CRDkTMPXNvyCkvGWZE1UHNfqdQAXAEEEaSrAsB1d9DD1rsZ6fsTBmwbdQjaww3ssMweKLDjtvm89IHezibH\/di6RtXqjZOkOURxpgJe+Gaam1ctoaup48QArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQCUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
+00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620927997754,"flow_last_seen":1620927997782,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":808417,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1BAADQGLNeSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfqrggAAAQEICjwgB0o0DJSI"}
+02369{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814169,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUi1FAADQGJzaSMDoSwKgBsgG7yXkJiZGGmZouxoAQAfo6tQAAAQEICjwgB080DJSIFgMDAHoCAAB2AwME\/IVNR8YHN59n5JIn5OLBcnuRgXmmdwUJNb3yWfe6pCCHAxBTXkoz\/MfE2bI\/cLBp15kHYdbtt6EVNjvh9SpQCxMCAAAuACsAAgMEADMAJAAdACB31+3SIdmrl6xd49aoJIqxuaK1fCHaTSuqQC01YPhfDxQDAwABARcDAwAqKbS4AviaSHirJxsA69TCMSk\/Lbn92ZLIlyEVMFg0KizTD3JEt2eWXoh9FwMDC+GLGTON3A9hbQyHnYarVMSdpMNwTmP\/\/VIcNO69YQ8dIKDBiyCqR74yqqw6p9jqB9aH5UYU4gs5ZJS+Nd+3t4aqVLuDe6I+VCT1CGBO17gRLQwJ18QJ4gCFDHLJ+utg8DjQrIBq++S1U9dOjIMOKNBQL3fm+ftZCKPK8u1bmbQy9gtEsgiZcW0qZU9fR2uRY+Liq5DWEpqmLDij3HTFnCb0Y1aZ3O7+JZn0ArOctwQmY+5KkruDTghoKg0tMInIZWxJS\/Pl187tyyhhM1GBYh2a5B5eIICCbc4NQl\/5cKG3g98L4nA1yRhZCG6spGuv9C+9eiiSZ2IbX1TjZelgUaMZyIJ704DJRwoPIRwTObBQkaEvmiFe2Uy6I+ctN6h4sFHkFQOa0GmxQ0delL+SQxOLvZGViku8XbepDmlv+lGBYtaBYwlN8KWfuOnLQ8DR0zmDZabxTqtQdqZmygagamptpeRXuaWH2Ghz\/1EUth9AtlHBUDsGau2m3FRC2Row5FGuGMPo8pzz9kyymr4B\/gFYTajaEkeIa3vXGQMtEf7U\/mvK5cG4sIFqheAO+8wwCJuUeErHlMtXQWxpmmfwarS2z1daM\/2biQVJNYqBd7RczB2B7\/5vdg599xf++2ubsF6mOZSq6jloQHGKu3x4ABE1f9h2l7ES5XaJUub1IkoyWSSv4IiLJUiS02DjuF8YVS11pu6G+e6NVra6eykTs3kgev0qkEahDuevD0erk1YTc6E19W5YXeLm9513H9wQStbcCZzCuoXhEiC4pHbt7dup28LmqOJxW72vQXGC4EV3aNo3EgOlvSirQaG2wBNqYm8BntqisxryiKvj2WwQX2qDDPsFzqL0tTXyFImXDnU1HuBItUGsrpe46Ig6qwKMctQ98zTmVDwwTt9zrPR\/0vkQoK+R4W\/qW8BPByKyYzSsHsSh8sIqGhYxiFgh3SCNVTttZWMBXHFO34MRhAkgqZflentHKNtN8xj7krRC3rBdSTd7lwoA3zqQCMzWzAQnWa1wakoUvrLguP9ckJ+sGOpnueNxdA2LzOPR2t5R9WhqGDWWc1blr0vs2a\/gsCkfjdwv0NllQTzVkkFJbogSxUcZ5kEKmtyRtnEhaoYnoLX7I8dOcsCipiEghZhI0JX11S8R+DqwbK+QB\/13XOjzO4P4p0vlNLT9dpOKwj0iXwd1JHX1ljB2xq8vj2LDqns2J1QLudLaMEbjHT4fE4HZu4qPAeuIHgzCDwC6SZcWVNEXSloDPcYFhr6GCUogFcxUZxC\/5zbpbQwjflaT4Y0+M1Mj\/ETUxRlgy2YYywbDVSyAoKZ+IjbhBRQkIOVdX2gKEUCd1sI3xdEZFUAX2Ta4KGNJBIXBqYGWL88SImqjgB2hWV9E3Fx\/bwuA3VyAhIrVLOxuaKYmbrK1VhquTi8s6HBdxAQrJRAZChorrJpkX4Xd4V0tBzZxAthG3v7eiH7T1XRjmXSWgpYefp2M1f0PGELh7NCI54xvRLiGOaEhc4r9vauzl5IJWBMqBZ0GCRMegXmPLcXiYE7DGNy3MySh41BSdfYd8HrRZQRJAuNTTjnzuNSBkoLzaI9wJu7dAvhEBikr9gVtXx99G\/wIdJGbuH6wqWTck2f3nlm73lf5jo3dvpYavbX4Ural7oS5fMTw+FFECSgh0fWg"}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620927997754,"flow_last_seen":1620927997814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"1fd36067223570569bbf156fece40978","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+02380{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814214,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUi1JAADQGJzWSMDoSwKgBsgG7yXkJiZcmmZouxoAYAfpPUwAAAQEICjwgB080DJSIkV5fYoRXYC6+czPRTPt+PI+ePKFm5zRZjUHFHVSD9BFp5p6G5OjZer+b+ukzC55Zeyg8VAvRfmsbJwWiTPkdZTns1DZ1hLMBO2A0RSDrj673FAQ3y5IGaFMbkuWhN6\/GSBgOosvp5VtjWi7tFbFHtv7irCAT7l0c\/yzyWnRX9+vBBatumVDDZ9PuNftreTHg4gueVbRJth65g6ezpjrKt33UgGNstaAqzjd3mSaPBpI\/yg3Mnmr0O8YKcDjxpmKGQeEmtbRQtoUTYKI4B2ZheNZ4Ng42EizmFX1YPZt\/Q\/OJznTBeCukLKwXlQhi1uVHoGjIqY5qc4ot2u8QJF8koE8t+S3lm3pDjFIzQkrLSXFaKdWLT0\/T2ZICC5w1aJ1xXjdeVqs8AZCDUNVZbsRxTKss2mX0pv7ocNzv4M\/xAbXcTSYPlWrg3M3sWEwYw0O+mRjQ1NlFqUG+A40+ZqjeJpFLmcRwI+89XTcBsjJKf\/C5vB40wnFjRr06m6j780lq+LDTQjkpF8\/KPFbFnWfrr\/5PJ6AyPcZHntl\/cpCXNgaTnhEBLsvp81OhGVrrMf0pF5x4M9o3JI7YfIHKNae6\/DeP6LsddkrmSC1qgG0PkRbFfOY0KmtVUvy7qA4EW4bU3bkymfrpjXK0PEKY+4CpRlJ5zaTIB+www0Gv67IAqDVrUelTje9Wc\/RkOn9ghTHylBR0NYpY7kg2LlcdjM0yWmnShECdTyB5qMB2I07w9BBIgcvLg8D7kFrHSjCTxjF0gJ2Q6Td92suk0eKENRMEjfjC9dY4rngZbKaAO1vgwIHYr3NQR15Qt4lzyWpc6CsoTJpNL+RaQz1eK8jRTp0l4XFS3mbdbo\/GNXl0nG6xHliw7vaIz9jj91THzjW0r1MyoZ6\/hVe754CNaNGo5iA1fkBtJLmBQ6QFWEaXA7szl4wvOVFfEkmxylXpJ\/jleWZnprKh7xhIFqob1ppMzBytGFJlbpSTj3VGOx9XpVdKH\/pyLwK7E43T+XG0tvlEeiyL2pETIzQfkEIyIzqhUy0hPpNjyFK8kVK66BrSapwCVO9ez\/G3YpN0UBKZCviArPkYeabvtdfqYTD0sSoVBszLCb8mn9LgridT6F+JVp21cVkoHqv+WrCzqmxh0OgbbfKJ7aogr0zcAb4rtyUs4V5WzISzfJXPvV43l0bhzt4f+E1NzdzcwOpg920l9wRQpvMWLPbfYlaEif4nugFTSjRplH0+aPmmJEI6+DYPqmkr2NiNWGYSJ5hSquzJiKvEf90BBeQ8NgM0AMWesDPcIBqJKzQ3BUYp2ZHzxU03izHLe5m\/TK1kEkNV5+Dd1PWyoL1\/aHk6QDhLoX1jM7s3FyNVGZM9rx0G\/WZkziBfP18tUsNgwv7r5kzcrvqjSWNldf6iYP\/bWLhSVEsiBNNNDn3oPr9ByscZIF2djk5KD092\/F3zs40oFcad0awOvJWKGck9kbAIDk1aijHjgiCsg1VTzRtsIyDQTLXZ6mSgP9YofcZ1EYWYCtKqEGoB2p4ySAVCivEE0Lwxi55Lee6A4zzOpVGUOYYAYoEcaPqaQKL1vfwMBLlNvd654\/2JBSCA+wbk01QasdHDFZapIRNZ\/FIipG6kGdmIoK3IgxmKxNnX8tMN95YkopidBkk5ndgpMYAf2Q5LDoSQIB1NDdY9AX7McnFdlMc9+BVPv\/o67NfauPfh4MVT+AqkqqcjfWaZ6yRAi7ASCYjJuCVVNM0Ql85B0Nrykfrdj8kOTR1BBHS+9\/48qTsz+cLge5Pto2qFEzK9Gu9Q65fqyrSIuhWT6kG1Mmxv+H7RY\/XmH6kPIfqjRlbTtpQXrYIO4+\/2EcXiMt4gKmydtS2RMTFH\/dOVDm6PefMBA8hyuWIq\/po4b121NW3T9U9CbFgIa\/+3kX4wN10q"}
+00422{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmi7GCYmcxoAQD9KSRgAAAQEICjQMlKc8IAdP"}
+01382{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814713,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":772,"pkt_l4_len":738,"pkt":"KDc3AG3IEBMx8Tl2CABFAAL2i1NAADQGKhKSMDoSwKgBsgG7yXkJiZzGmZouxoAYAfpAoAAAAQEICjwgB080DJSIp4SWpGynD08srhmoHLcT1L+lOXCTVY0zI21x6tCi\/KN7l5Bge69QubFgZQ+p9D1bqbq1JQj+vdMzs\/IEV10i4GpRSp\/e\/vdUFP3BnGjn7Db4fY7SBpYDjZChBiR8yuaSgNqAjZ1EsU6a+aq3fy1aChqzDVGJrmXapx+HET2Bb0s+cAgsUSdd5FySH3sSa5Cn5ie54sR5FLPmFIxz85gfnH9jshW7SHKdEIXXOptKt5wWhWa38XzHp32iPAe1ULhFqHlEUY89OSOwkUg2Z8NvrjuV8hTDGSDZ988N81fCQuJD1UPNi5hvju\/BcheDO9SQ674ywae4RTw0DC33N4lCh7LBtrejzggOBe1F3Pum6dWZFNJU7Q\/U\/sa61DdAFjQ5HAX3giupb8IhOxcw1GwygLkp4vg2atJAlm0doj8TWl3N+rOenIBhAWjZDZYx6izKxpmLJq6miofpqRcDAwEZTHOMey5f17piY2ecIsjB8AbV\/hf2RJYOPgdEyz5hPBL\/2ltrVQqdW4cRJQXqL9UL99ntD5k5BNlTc8YrNGS+xA2e85zLzhgYco3VjXHtJWDGlVkzitQR0EQXAeJUNc30SlLzi09ZWeBUISrlEdwSpyPlZj4HS3rBdDbQqUPQHpO5cv2bIgWSC5HwIbQ5ztPX45L3PIb8MvmwnEBkIBVEmeYIkoJH6cXRWN7OAOviuOUr1Q5SrfJv8jBoAqw9tcdfavOAjVH6YKo9Zid4xUAcQmnXFnE+etrPUIOhdS3p\/HSgsVfhnMJfQ\/uAa19nPUDTtyXNfNGnGiiDYcM\/fRhvUKXkaBpKYZLqnSXFujkcCayoUKQIpue5cgEXAwMARfszIXsYpl2rxYVmYkU5WhD7BIqhb9+pbJP0zRspYGuh1OATP9+L5sTFZQ\/uJgOh4xd6Jf2faZO3UOr0teRLMWkjTt3NIQ=="}
+00424{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927997,"pkt_ts_usec":814753,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl5AbuZmi7GCYmfiIAQD7uPmwAAAQEICjQMlKc8IAdP"}
+00535{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":25730,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6Esl5AbuZmi7GCYmfiIAYEAB0fQAAAQEICjQMlXc8IAdPFAMDAAEBFwMDAEUTMGeuPTeb9XvxZvm+XndNsmj776lWHiXbLp\/a6z9tHxl4PtBeEQgf9YFwSs9N6KVAalQKS8nnlQGgdyxQgqkFQ+kCeJc="}
+00950{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":26043,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGqqXAqAGykjA6Esl5AbuZmi8WCYmfiIAYEADG+gAAAQEICjQMlXc8IAdPFwMDAX1mmjlNgRtv2HdDc9DHwIJcor2mehVk9OzpDgRjq8T7RT4zMMrPt+vU3I393O86opoTpmxixLPlK3nsolNb0U76IvV5mzi2mq9MOgDHrVQD6088YMVOY4RaDR9BJf9aECkln9yQagODvzpqQMQZHEnpVRedvxjTxDqYqKotyPZbVmPT7UL+zdF0V840h2DsDLTWoy4r+jAYjtWK5YQuY1Y4WS7ly\/z\/3E0NlPy0KV+cJNaOE0S4OwPFerIzQ3dF\/icYd62xuavWJYqii0\/vQ4KsEDULozweLEbctrHW2\/4E9ulISHHVvf+vDK0HVT2DP6n4Wd0AM7A3Wyjd\/DDgiCsatAwmTZI1od+4Ehu4BrSWpGOO8rjjoAJirEieWFYAvc5VAfImQLGCODFyOMNya\/q056rbdgtKRlle2y+jvjvHK2UZXHlydQOM6SeMuQHAnT7Ea4ajC72IzO\/y3kagXp48TrLvfh71jzkz+av0Zj467nJh4EWNFNWCRcCb1MM="}
+00423{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1RAADQGLNOSMDoSwKgBsgG7yXkJiZ+ImZovFoAQAfqbTwAAAQEICjwgCDw0DJV3"}
+00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":50744,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0i1VAADQGLNKSMDoSwKgBsgG7yXkJiZ+ImZowmIAQAfeZ0AAAAQEICjwgCDw0DJV3"}
+00839{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":52053,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFji1ZAADQGK6KSMDoSwKgBsgG7yXkJiZ+ImZowmIAYAfeLUQAAAQEICjwgCD00DJV3FwMDASoP9FuzT+77Tm5LhnbV9Sewvckun\/o2cHeV8a0PFUdl0epVn0JCwFYw2u\/995yNitv5yqlG3GEkdm7UQiE9Gi2Lm11MZMfOgzEgGE7tw4EPD8NZfoc6KvKG\/EKi6HaMMu3xTVD4KckhI5IBXrC17xJ4Uq4V3k6\/I6pJafhgUUqVWwtMNmFdARevRhzVgfwjOyXIBSlW9Ra85a6B\/grdRfOZaeMI6dFx1FiRZelQc\/jQwre+wP8hT6TMxQFaNGfY8VBcIXSI8jl69MJKva8P9fOnLuAZG\/Rwz8J9BdVkLkplzI3gR299zmDOn5UdfaLW8sI6B4r98nQKcfNz8mVq2oAjyRFuAPgXVurS5JVSEW\/klPnjhWTjh33GGXx5iwA96\/zoTwtThauP6NiC"}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620927998782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00443{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":782772,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl\/AbveSGQcAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKNAyYZQAAAAAEAgAA"}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620927998806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":806443,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmEAbtCftk8AAAAALAC\/\/\/03wAAAgQFtAEDAwUBAQgKNAyYeQAAAAAEAgAA"}
+00437{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yX\/JSxfE3khkHaAS\/oi4VgAAAgQFrAQCCAo8IAs5NAyYZQEDAwc="}
+00424{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":817261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGQdyUsXxYAQECzVWgAAAQEICjQMmII8IAs5"}
+01348{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":820522,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6Esl\/AbveSGQdyUsXxYAYECwwygAAAQEICjQMmIU8IAs5FgMBAqMBAAKfAwO3vIr9uiJ48zzMf52GsXt4xkS1HnhZS28F\/9nVtQa\/JSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ogAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIIYQxSluq6g42rhsNiC0vZO+RSLs9Lc+BoLP46MvmywVABcAQQRH6zF0G3XQTSNI3Y1zyDpklxgrGlYydrEUXDKsmOlWDTlQccHbDWUx+QCuHh\/4fXU1rkqfToj1sH7nwHIfkbqSACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bJYAMTBgVj+1QQAEnNQ6YMh4adur454Yr31knwx6D0ttCCNB5Ar\/5l2gc7rg2qVLaQE7hUg="}
+00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1620927998782,"flow_last_seen":1620927998820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00436{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":833815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yYRFBnlrQn7ZPaAS\/ogBdQAAAgQFrAQCCAo8IAtKNAyYeQEDAwc="}
+00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":833884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftk9RQZ5bIAQECwefwAAAQEICjQMmJA8IAtK"}
+00424{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":849436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051pAADQG0MySMDoSwKgBsgG7yX\/JSxfF3khmxYAQAfjgwQAAAQEICjwgC1s0DJiF"}
+01343{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":850076,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmEAbtCftk9RQZ5bIAYECyN6AAAAQEICjQMmJ48IAtKFgMBAqMBAAKfAwNAzR6c7iJcDBDZ2OSnohULz18pBZGP2l3acYhLNliW1SCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMO9fLbtYoy7wr4nDFrsvn6ZcJoE4YIn7v76H+x9iAkkABcAQQRxFV6yz59yZ1DVbyModG076e+kDUcckNtpF88rNlUIK9cS8XHrZokfkMFIciZwd8LHFIC9Gsa3UC38ksGr2hjkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygKHqX8dlc3gNHYe5ARjKH2m\/2THc30fZqwWttqz+MhhOBuir\/aONtTrQ+uN7prJ0qsiw+PKiGDT2X3k4SV5DVAwgaBQQfVaChGgTL9TuxTqcXjABL+DsrumeTVx0crsf4BGQigfE\/UGrAhMWWGWMyPGgrBY5dCxjFeXPzI6n5izjK21UO4m4mGQ0knXt1a5aWSs4hVAntH\/1nWn46Yvp16v6wnSNwCgTmCuvGO7uL6zEmlN6b697mGRBnn3CmjjivLPd2RlnN\/sRHkJFZT7sQh6CfBBulV\/PEeGcX2XjnDtUC3g5CQsKyPjk\/HDxhhMKJlw9bLMAMTASbwuo8QWja2o9mr0+Frf3OIK5pq78cRY8SbYmyrN4A0Z9kQhYPaolWzEoVShdu5I="}
+00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1620927998806,"flow_last_seen":1620927998850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00780{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":850942,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE451tAADQGz8eSMDoSwKgBsgG7yX\/JSxfF3khmxYAYAfhQtwAAAQEICjwgC1w0DJiFFgMDAIACAAB8AwPCN2vwEodka+LTPcQOQYDiEUHZ0u\/XcrOKUS9DH9yuqSARzVdUDjCom9ejIr9F9nHpr\/Ooxj6X4lFWVS4DuL59ohMCAAA0ACsAAgMEADMAJAAdACDmeNBaB8UW8yV\/zoPdiy1ahFWCdd6\/JoZYXM8fB4gkEAApAAIAABQDAwABARcDAwAqTkeYYvXCV0Xz5H5NRNMxqPiVrUaADG5OWPFKriD6a9CD\/cuKWMmw7APcFwMDAEUePV6QnMUKL4Pa+ZNLUCPh2Jq1MJLKXMd8HigYk3uFOO2Fq7AbmxEW5mQ4F3O99JPJ+WVSmBB33hwNS7ZNXbnYyRoMu0w="}
+00805{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1620927998782,"flow_last_seen":1620927998850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00424{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":851001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGbFyUsYyYAQECPRdwAAAQEICjQMmJ88IAtc"}
+00537{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":855159,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6Esl\/AbveSGbFyUsYyYAYECP6cwAAAQEICjQMmKI8IAtcFAMDAAEBFwMDAEVX3ivdvTYtrbQcUUjZRly14I9CJKnN\/0UbUQmuCXgi7sTfk\/QGXacXAH4u0CnHjf030kV5mmLPXFGgtNWx8KKA2vgS6r0="}
+00896{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":873754,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGSAABAAEAGqsnAqAGykjA6Esl\/AbveSGcVyUsYyYAYECPQzwAAAQEICjQMmLA8IAtcFwMDAVmTzb7t7fyIuSr93GElPoLRJl7KxVjYaglEzsUeXBdyqddnCTbhV522sjG+sTSiMcoW6eRSPQjNCMj8bnMxVlk+g03pZb1+3t3D5B1GXN4aQ57Wg74H6fZRm+RPNWeCsh2+blbCQUdmSuT8sIXlFRLpPTqEs1bN4cVWvy61KNWX1csSf+YAThUDoJrfwuCRlAJg5U3vexTrrnprwr2BSBtaf+BNCd\/hHWfqbaKA1kUsGFlznZjoQiYn86uLuqtjn3ZOp5AwXfsQF+QMwi0BAMudpwrJYN5OXAvMp5pE3Nw4ADZaTqpLw03DjbOrzyqZ3+HLKis2MC0u5CiBcOsi1OKRMuV73VzzU0qeSSSWYDvCAlLD6ZQoGU8DIywJjd7B3u2wn9lTPEV0W0uwQ8ZSJipGRksCBwOa11FnRIAIQFdb7LW+D1J03KtADT95902iI4Yr22hpnvSX36Q="}
+00423{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":875954,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCZAADQGRAGSMDoSwKgBsgG7yYRFBnlsQn7b5YAQAfgp0gAAAQEICjwgC3U0DJie"}
+00778{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":877179,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4dCdAADQGQvySMDoSwKgBsgG7yYRFBnlsQn7b5YAYAfiyogAAAQEICjwgC3Y0DJieFgMDAIACAAB8AwMn3JmQZtyDm7XgOn7Biwm09omSkxtVuDEiqQZZzpXnLyCaZ4UhDzGNmamCWj7lh5yndtX+A5Qj\/Vo0pS14rgaccRMCAAA0ACsAAgMEADMAJAAdACAFrURae50a6nOhcq9+rEw6rf2oc\/OA+f1SufFt1LthFAApAAIAABQDAwABARcDAwAqK0vhjklLx0QOdwSDAwIoG9eHutwcYVNrgCo+HC\/AKldBOV1f6ZzBc4EpFwMDAEUAzs8WwNlILjQmeQv06V04EjJDeP2\/Wa79UNIkCu7iNdH0dS0u93E1AXIo5rwA17Jh7hbYACziGsey+EQRshgn1fdryB4="}
+00805{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1620927998806,"flow_last_seen":1620927998877,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00423{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":877228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftvlRQZ6cIAQECMajQAAAQEICjQMmLM8IAt2"}
+00425{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA051xAADQG0MqSMDoSwKgBsgG7yX\/JSxjJ3khnFYAQAfjfMAAAAQEICjwgC3s0DJii"}
+00837{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882594,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFj511AADQGz5qSMDoSwKgBsgG7yX\/JSxjJ3khnFYAYAfj4zwAAAQEICjwgC3w0DJiiFwMDASrPJ4D\/QNPCDgScnwDvpk5C6exE0ybRDo8w5tMGfZR01sdDchCr1prd4MQb4lw+rEzk5lpJGsOV+AoZjl1xIp+eqrPinhT+yOMvgCP+aGVAd8f+piYdOOlIAYqUl3jmj6Bgj730XIE1W\/R2cXuNS3n0FtofvEQH1qFn7RoT5oV9RwMl5Rq7x+qbiSUqqo3m\/YfAw1gaBwZCJ6h1yx9cPiLX0BVnbcoKkjLwJQ0HwJM084EtZpvIJ3+L7JEtxk4xDbhMudEKD1tL6vMutJgjj1CbLvUOVt17b7IDKhljfEoUE9Q4h5QeTJfm0s4ypDY4SSQSRSv8ZtN2uhjO\/3WDz7+OMTQ6QjtEEEovTfZp\/H1K4InvDsSlh7+QiAWDziF4ivlCYNaqe7dZ2bWJ"}
+00425{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":882648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Esl\/AbveSGhzyUsZ+IAQEBrOagAAAQEICjQMmLg8IAt8"}
+00534{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":887292,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmEAbtCftvlRQZ6cIAYECMlogAAAQEICjQMmLs8IAt2FAMDAAEBFwMDAEXtXEmqudPykmzBo6E9v03HUDEtLQh3qoeobiHrcBlZVIn3X7i6PDhcFRqGit0Pi4IFOqPP0EbQzg0wK3LCMW6iKvqt8NM="}
+00425{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":901067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0515AADQG0MiSMDoSwKgBsgG7yX\/JSxn43khoc4AQAfbchAAAAQEICjwgC440DJiw"}
+02379{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":904055,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU519AADQGyyeSMDoSwKgBsgG7yX\/JSxn43khoc4AQAfbMywAAAQEICjwgC5A0DJiwFwMDAXu6YAsMuzXaTk19dFQf+z7XUb19xMFIN6yYlr8fNDX9Shl8PuSnBzNGgiY3r7ahC5I4b5dvVWcnijxF\/J\/piRff2npBWAjo+V8GSUq57Wzg7U+Z6aN1WPsAj\/qoZNs691axgN\/ZcTiMntJAqSdi88KwsQ3nuOenmgUrY0pWyAb4uT\/OcMyLhdHilOm0nITNjiYBxUXmg5W2czOgf7Gyw\/zr6wgJRuHOwS2Oh\/LfFed0ZdqZ7gIftweOEVWdbTpLVe\/fqs1dc3ESeCQvJmqklkeOPLwk7FYpzC3x2PqkySB+ilCyrEHr+o1HvlczMVF4F8xJoHeRzAJTrW7LM+\/DrrGso1mIvePCnStSE88xfh61ZKDs+7wnMdE32elM0N2tzJNYuF6KBdUzbpB+KxinDG5Or\/ksTrILEKIsx8Z9h\/EUtgSUuMQNUzQ\/t\/pkJOr8aMe7qSyvbmB4VuBZgmWZMf\/aT51Rg2wCBpWrohwV8+AqzbO770E\/7AxSwoc1FwMDB81z+a4as79zvdyqGi9oCdZXBV0j6YzUKnIhhWpNHkHE30kRgy1LF0XhPlNJVBGTNG+5ub4KzHHCOGMZd+hL1kP0YlQQIHaJvnTklwElGLvX86fMYWLGUsm9QQH4KeWQfwxPRP4iS7ywjrXSYK+yWRbLAgW6WqTJigpDj2fWY2zmwIu+zhR\/6apIA2FxBWZxP9oni2a3Z6x47HRljVkfXOvA2i78k02pqXHv552OixHW3iITGoMdqgmc5bqLxbYhAhQe9xgntHtH21Tqq4vmCglhQbLC57hGNF2LJtCdeJhw4UonQlrLtWTJwXZMDQvi9+WSimTFjq5T0H5XF2mg8UWXY4S0rwObcJxYw6Rn3TyFrl\/yosoJbi43HE12I2msHy+P0PgWN6pXsR9ubJeYt5bMn35K0BMOUCLEx5QEtvzIOI1YHjqi0Z4cMhGBdRv7Tt7bydhprRE2pgvF\/AapwDg1k8twUZzo8eHsfI8gCeyVrsxGRgVl8J0wwavg32VlhsoaHRSQy7xxrJ8JXcPQGB9SmOa7ECFABVeBq7CJa5NgErSAmxcvP6\/YmPY6LOjbrxjBxq9ULktWLk0M8w4oJGYbFX9xQzPzcnTKqg4fYCg\/CnR9rum3B1QZGjwhZIrYgmQ+fpYxrDvBoCdlDVXhVjMDXDIyyDaXayN7gmQz2ieguaSHMtb6UwOqBFvTkpK5L97CjPPk8Xp5S\/wD+uPnLTmDkPcAiduh+kZNAF4PFmOa67NHGpc1MSs3Mx2cNy+dqy1JKpuvDhHSxbwXnQoqHce3deU93+j37IOIoktUeO0q+bGE3h22ArEupyw5qoZ8TJNFfyDjoiAKqf2MsVcFqJwxWkPzOHvhJJSEVJ5LUTmNb7L1p\/6RJDFqVgEGXXPsrgjoD9hmSVte8aYhS1kaV8q6Dis3DGIICqqFl\/rlLk2zeJuhy7n9JxKNGP21tZNJzdWkUoCiaCdc+cCXyE+q8FMvg7uZcpIHCAq1l5rYprSAvjuApTmBE5fPN0D0l+TNCBBZYutFOlr4xnxeTdsgmoVCaLvtKAPQATDx7OWB5LUDdkOrOHgmZpzH2rMEJSMqkiESIZmkFtQgcx1Kns\/zozzscjCDc1j2F6KOYN4islUkSyz6gH7Ffbzs7XCkovk4S4RBHTVTH22Y48LC+C1ATzi+mOtDnPDZQRLFqOgKou+IH0yR9q3VbOy7tZbL0Wz7HNxGyUD\/0wvvFjI3gbibnMLDIMChxhtXBzXPeA+ob3RyS9\/Lw+NP2igeNo3Var16cMM1W9BvkbErE4BraL7mUBW+axY6I2md7gSPMydjcuZ3lHMvfiOOWrHoshtPaR4HRpTDRM0iDU54\/wfuqN9jPSCUGIy0JBTrFHReMVmb1AKO\/f8wySr5phH8rDcq"}
+01758{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":904175,"pkt_caplen":1042,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1042,"pkt_l4_len":1008,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQE52BAADQGzPaSMDoSwKgBsgG7yX\/JSx+Y3khoc4AYAfZtDAAAAQEICjwgC5A0DJiwNWBEnBjCnTX\/7++Fh2HaqSLZj5qEpeKr6ZYia7eMtvRxAbSEUz\/VnR\/ZYxv6eGOPoXv0lAS8W0n9nVrMQQdWydvUTPZYirH9c72f7LD9Xi8NxdiVoNSMf3Zu2sxzF87I52yN3+tetDGXLJBYHp2NNWhsYAv9S2YZRXGaqOjNtGSvBoPRo90mzKKiVZAI13JKXVP0MnOYURO\/Vb7R5aQDLg4rMhNoZtOBfc\/ANaB4LmsVKuyNgSL5HEwP+\/xSb94ANajy51CW7M11c98hym9qLMZuZhuacRfhXxT1GmUuVTAbXYXnhpb0Zm\/t+9057vWlMr8bD3GdmCXSteOFUujHYdsp4pEDGeFRavgwdl984N\/xaGfyzB69b16R8QOwHMI9lhlX5ejCuWSBx2cPXcvhKwjRWNOBTlC+ahNlCfKliQsGw2AVMaqWSXK+jLd2xKcNkEgwLYeydqti4ACAPSGYTIR0ECOJkd3e+HcZ3faEZ0LUxdzMKv4FNlTyC\/n6sje4UI3M+kFm2w8PhBBRF7r9Y59PCVTUGmqCWRJyC0GkzQt4go6qHkMeG3Ux6wcLkC92Sl5dD0p7SV75Dbcqds5mGDENDnOXANf9Z6tV8v+yckXNq5kCiV2QhtR4sm9wk85ExBLW6mqbHDtbDkufMG6c2ZhlR3OKR+tOPgbaQ+9dizWod9c8gOlXFobfZWu1MTYA7\/xiNFpVzaVW2PoSxMwZTXDRMzD2msyirIP8BkAnr+TrBEIKsIW+BWJW1JKwF6KFR2R6KSQVTcJlpBtW\/L6gPBwzSxXM+woekotVBOjnQeG9WnqTnZFSimr7J2Tc\/Wk3FyC3h0Smv5BkUqLEJSVAH4BCLPeHmMoMLyoM8uRdN2Kf679TlhnXUWOHn4\/FphIcO\/rV+Eb+\/gYRdi9XqvaAJskuG9SO0shv7r4FjCh1YCujcM0qkcCfSg60fZG6buWfl6tLB9OUuCVwecVSdMBHRGydh5Ea74FhJ\/WoAMtUKlrv3DnaDsfpwyItkzCcK+8BpeZPtNbWtt7\/ebaO0mvXDMquVH6S1GNz2ENCYwfAT2l88N5Gtv1R3VQgyjd6NAZMNP0LeZ4regJxJFiXeJkbgyIc0jMMbxTtd3\/1z+o9fwKshSZ64W1sBNV1oNat0UhEyMbrfKAdrEP3\/alJrrfeqqAM3ZL4X\/eV2rzxJxE7jvWv7OXnnfIqlpb4\/oW8BbDnHKBhmv7M5rfBAwdX2sRXsr7zzgeKbpVCMZTDWf\/fzkoaERcDAwAZujmj4Iyj7rcD\/LQcGVMZ2G5yFHKaUYA5mw=="}
+00424{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":911928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dChAADQGQ\/+SMDoSwKgBsgG7yYRFBnpwQn7cNYAQAfgoPQAAAQEICjwgC5k0DJi7"}
+00836{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":911947,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjdClAADQGQs+SMDoSwKgBsgG7yYRFBnpwQn7cNYAYAfj9LQAAAQEICjwgC5o0DJi7FwMDASq1Z21pVej08oRQ33gsiycooX\/qwyUvev3W+EPfcGjvVO9JhzFuy2DBGRIO2MK9lSnS1UqRIlX3S4qebsjbG6GVGGb+eaULimNqL1uOpHpd7i7MboFQAi7T1ewXVIfToeO0ObI\/sRMmCFDJrtQ+kuQyavR7WfuM4SJxRBdul0W3wMHIgSgR9nosr8A70xlhXb6U9xuljJlEwj9HCd4i\/zpSkGNw52bdzbhTaO51+ikeuIBkKiuFPYRNJ6jBZ7ENOdwwZ76zFXMP5\/8RyXMnn0KWhWzaHPst0DDJAUtRPbqZOELHfpHyfzQ\/vXqZ+IXJLX++3wAScwC1USx00ZTzVDqAfNlaJ+WhaSzC+V0W+1pKmMPU8oBmWcXRzHxYI92eERGGNuDx6lMsQYHa"}
+00424{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927998,"pkt_ts_usec":912007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCftw1RQZ7n4AQEBoY1gAAAQEICjQMmNA8IAua"}
+00928{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":107805,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGjAABAAEAGqrjAqAGykjA6EsmEAbtCftw1RQZ7n4AYEBo64gAAAQEICjQMmX88IAuaFwMDAWpPmDd\/2mec\/g0XLq+a\/iK47u470VOnAOBzHqZ5iADOy3G+\/xqwv9Lw6TjOJy2DQ+qWqlvLsngR9kgj9m6jhgNK4WiBnS7HxwRm8JqdUqc9OUGEvUOTfFEwHvm010Vjor+4qrXkLfPrMtP2PZNWpd5v36cislsIlIgHuIuZRmKae9qItp5qscFjx8lq1lqP\/udjpAGKCAy8Z5UFUFntqty5Oe8XVW\/i4SBCCQO0bpSmXSulKfU7RUcEAbbbXTTthpXuYWgfxjpd0PPiJnWS1jKDy9RROlWcfftDOg+d+jiPKHYfgorVRtcVRPUHIBZizJQd2ft9QejQpUsSnYz9L+pz7pxV25xPx7uhYcK9GFtHzACJ5URhvJOcpgX0fVPIbS40WYq2FktCwPn\/67Axd0DghuvTF+IHidqexcc+6yUb\/lvv+mbMeYRV4SdMyQVIcMv6MnMoCcLSFU2DRwBzKkFrnmKP7Kl\/KL290w=="}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620927999109,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":109976,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmPAbugsPXqAAAAALAC\/\/947AAAAgQFtAEDAwUBAQgKNAyZgQAAAAAEAgAA"}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620927999111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":111334,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmQAbsCvXBwAAAAALAC\/\/+cWAAAAgQFtAEDAwUBAQgKNAyZggAAAAAEAgAA"}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620927999112,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":112216,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EsmRAbvLRPiuAAAAALAC\/\/9LkAAAAgQFtAEDAwUBAQgKNAyZgwAAAAAEAgAA"}
+00426{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":133337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0dCpAADQGQ\/2SMDoSwKgBsgG7yYRFBnufQn7dpIAQAfYkAAAAAQEICjwgDHY0DJl\/"}
+02251{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":135180,"pkt_caplen":1406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1406,"pkt_l4_len":1372,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVwdCtAADQGPsCSMDoSwKgBsgG7yYRFBnufQn7dpIAYAfYoLQAAAQEICjwgDHg0DJl\/FwMDBTf4RbFzY54J+vYB9UvY7JPIz4c2Nsd\/Cu\/PL2qlhn9gpXx9tL+kYzNOCshRsGn4gZBO6QyTq4ipgSfvYsMXHNSgsK8584S0CgIPjA6iTkFoAq20TjOv\/YPqFXClQol7xgr9Qeubxu8ZdimZ6plwGQ3pmaLhPA7Povv6fqnXRgUT98Wcj2L7VeeXMG\/635fJsIGoFSgwg9s85c5iY+1\/aiQAlFf8G8RMoC5iDaQkSSgbWDsHikthXlhUiGVQBm6cC8Vtj9HC0y02tp004YKV0Zhw86vfo2Xu6XOy5YPErjmvC7PPXC8QAisKHD7tcbqB4SvkESKRdMKKzsueKxLV+IVKQxFJr4mQvzZsEb8e9zVKE+tu7AGoKhMEK3xL0pvZZrbgK1jNdckXzgBCzEO8YQNW4Uqey32IvyTSL1Rjnhi3LAInoDf0LfvHDgwv0Ak3IEoR8jaq\/sZxX00zeNCKHckA38RJq+kipyLTC38+JlDrgEoXDjFWWFyEtVAMtmB8nY+XcU5XC7VC4CFmcVE7JKwHYCtwXK6wTC2f5avciRsXbyG7Tokqad5MwxrIQgctYYO09hCFG5Eg767N1cr\/50ULAH97h+PoV8QrAF60O+DfVhBjXEHwSfWPtH+G5PQy5GVJsHeoXgi4nRMzPGR6OAZBFmfRWPY4qz\/KxE4\/mSIL9oVA7xJ0g2L9FgChE0XhM4mswICv72LU0LOcCRiaM1In1UVSefiZ3rlAsC3Rk3ZRnWOSlk\/GfQ+TzI60GNQWxbTQaMpmBsMpPuDtxg+UUmj3GnFzLk7y2PneybdZkqEKjhDP8sVjoWyr0E\/cSTCjxOZiPr120477wtXuXx3I5ApwxOmhmEndpMPopSbfmy2TJq6UArO42ZcujaOo5\/T6kl3ag8\/Ke7AnMLku0pOyZLmPzbCbpB346uvyCZpiMxDIa74UWV4o5P563s6wJC3Fhxyd+K7o8KcFesoXfQK4bK5U7YI1A0yOqRqu1re3rQPBe\/Mw2tCDwGZRQiV5rXNgz5dH01qsxrE49DXADIo9GmrhI0jDkz+IItzNGiVJGRYIxhH6Lk6gesd0C95AffW+DwaOtbsTSyi25MJYY8tdosZOUnk4g8PuY\/Hdj4X0NrkLhqieLDYvLf5hY0OSjXz72zCl9mJXsLvwnRLyhIc0IdeTpg6aQk+9pkGBbkbeGKRCjFQA\/AIlWktGIXpz7Gyf1PW3sh4hfq0Iq2eB0h1SkeiLLibZ+EfGfqVSyw+IvkKmjdoHwc58x+I895LBdFV4QQlRZunKThp6qRhxfEdbQfgxoFuORdt89Nvc\/p7\/NUmjVOyBc1F\/aRH\/tnRivRBRLtn2LPM7P\/m42lno1PLPYi\/BZY5AnNlJVJE99Qy5nOHeGJ1lWIief8aIncjlfTmv4Ibt+DaQJJqTAUYhhSbUHVLJGije+Sc1\/qj\/Q6bm5gfeMUvskDONatZmpqzhK9TelbRzQ0IDpXSrxtbX7ycFPSM\/l+HoN+13utecbUHrz6Q4KZfDFai94Z5a4Nqk2L+H\/3SFcEvq0TV0L8Cb694C9ux2XB7S4K0mJl0+JZb7EErvvC4f0WibiuCpaB94Q8jUe0gE0FDPs1CbkRk4rH6TWGV2y\/\/blWgkOaJ7nz77T8TYB8SyP1\/LW4irJW2oXfwgetKgu3bfVn5m4Sc4Ux\/C0lEhtFO\/XTJgG12uixlVZZAoEC4+76EUPjIDAQ4lXNzcRBMg4U7nLjJk+tgWLXB\/iMYZVhX2jeAczAjxodvGRjVtPiBpumvMX7Y="}
+00425{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":135237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmEAbtCft2kRQaA24AQD\/AQrgAAAQEICjQMmZk8IAx4"}
+00437{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138093,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yY9yeaT2oLD166AS\/ogrVAAAAgQFrAQCCAo8IAx5NAyZgQEDAwc="}
+00437{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138095,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZBJLtVRAr1wcaAS\/ohHrwAAAgQFrAQCCAo8IAx6NAyZggEDAwc="}
+00424{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138163,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPXrcnmk94AQECxIWgAAAQEICjQMmZw8IAx5"}
+00424{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":138166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXBxSS7VUoAQECxktgAAAQEICjQMmZw8IAx6"}
+00437{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":140847,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yZFyBGfZy0T4r6AS\/og7hgAAAgQFrAQCCAo8IAx9NAyZgwEDAwc="}
+00424{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":140932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPivcgRn2oAQECxYiwAAAQEICjQMmZ88IAx9"}
+01349{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":141444,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmQAbsCvXBxSS7VUoAYECxqegAAAQEICjQMmZ88IAx6FgMBAqMBAAKfAwMib7sEwVHJP8NafDdEcMRu+2BtW80kInWBAD4KrwhQpiB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIMy+F3v+RcJdQkDhcgxxv+q0LPoq\/2mdWLz4DbhUlU0JABcAQQSHckCcHdMJGlaj94G9MrpqvN\/LQY4GmzuN\/x59Xu\/wdGrOVrynO7q9eaBmxxO48u8iWBXSYIjZIO\/YAQtrWf0uACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSEAMTC7DFviiMAHSyKO9UJflICxrfrBiSjn+Q51G\/9zze3vin9E\/h3yoA8+LmA5m8meUew="}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1620927999111,"flow_last_seen":1620927999141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01347{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":143664,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmPAbugsPXrcnmk94AYECwByQAAAQEICjQMmaE8IAx5FgMBAqMBAAKfAwPLbD5gOnSMmUdmLValgevvP4bb+k8e08lwqX+YbKGt3iAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHrZFQRNw5ldSnTOZrYb4ROYY6jGIfJVGxBV4uizHTpsABcAQQS3NAbJNADMbeg6uNBn+xHw3ydMMZ8\/z0knTfC\/Pk5sGbbav2GL7wpVEgjyFzNhlOyo4p3\/\/ZRvEWbgTq4d2O7vACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSMAMTAdEIyR1ohqOXooWJz4QOYPIEnPNAiJJdYf5MRX0x2j7hrA220r1vjmga7S5HF+hl8="}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1620927999109,"flow_last_seen":1620927999143,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+01345{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":148674,"pkt_caplen":746,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":746,"pkt_l4_len":712,"pkt":"EBMx8Tl2KDc3AG3ICABFAALcAABAAEAGqX\/AqAGykjA6EsmRAbvLRPivcgRn2oAYECwS0QAAAQEICjQMmaU8IAx9FgMBAqMBAAKfAwNFQzpkgfyhNgbTNJ5e9Ud666zcsVLrnCFPuu5R0gMQ5iCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACMgAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AICxuuwafTKLEKqG16GJB5qZPLJEh4U2+SES78FZlA\/54ABcAQQTAAyquj6BD0IPU30kXgMXDwejI4l0XzpOwpQEzc8hKPk7HPRn0O\/XXDhe2CgGPmdE8r3OyDN41Lk+AQK9FIkrkACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQApATsBBgEAMypzcqAzWsBAZINcgx+ygK7vZjFETFDV+K4OTU2h7iMgn6BkHtGH526mQ4bqBfv1cHLHiyotXTUtt7v3XJ+Pve3eILUUdCMTAf6ppR\/5v1DvtEEhKEUYvXLDdpRLI5UYlBKJOeJvFEHMVCMj1\/VQu3rqDjEDWvU95zAtCzn3RTsyGtKwLG0LJBEVcKxZ4IRBUjqiSWvy3+DilYpWnbXb\/2GrqKzSVFxIMcA5Pizs1nnSPkfNgZxF\/G8ArqEEZd9PBSbejDG9p9aZJLOqZhLKYbmoSskc1bzO9DF6Hs11\/gJKXH0oS6nxQr28NltJX3EV6GF0q1MNFnHb\/mNO0AWNcyUzmSgAMTBBOwyJxtnEOswesRCmg08gZTe717MpXIgpoRB+yZwyzrZ5Gi9t5mtcvX9nEpcbXSo="}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1620927999112,"flow_last_seen":1620927999148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00424{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":167303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2ZAADQGgMGSMDoSwKgBsgG7yZBJLtVSAr1zGYAQAfhwIAAAAQEICjwgDJk0DJmf"}
+00779{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169718,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4N2dAADQGf7ySMDoSwKgBsgG7yZBJLtVSAr1zGYAYAfjtoQAAAQEICjwgDJo0DJmfFgMDAIACAAB8AwOxJHcpqIpvC18FCWzUKHkoYGQs7wIUjZL\/LYUv\/aZbSCB866aqa7yFxIfhXZTYSAx6ddVCnWqOsCWmpuTunaX1mxMCAAA0ACsAAgMEADMAJAAdACBuvWJlHC99KIckWXlI8xZxlxI+vQFkSmIeIs20I+gEKAApAAIAABQDAwABARcDAwAqI73NNikoPcgSu4rHBtmtdze6EeDfOqUmIj5PGjl\/yCo3qX6BHyTNr0oJFwMDAEXhI2q8sSv+DeEdc7FfSNvNtaBRgCi7ICaTMi3PdjP6BozSBScPGy7PpI0U5upr12nSbBnGk\/OY8hh95ywJeGsRp5Dr8Y8="}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":156,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1620927999111,"flow_last_seen":1620927999169,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00424{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GipAADQGnf2SMDoSwKgBsgG7yY9yeaT3oLD4k4AQAfhTvwAAAQEICjwgDJs0DJmh"}
+00424{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":169806,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXMZSS7WVoAQECNg1wAAAQEICjQMmbg8IAya"}
+00781{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":170826,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4GitAADQGnPiSMDoSwKgBsgG7yY9yeaT3oLD4k4AYAfhZ\/wAAAQEICjwgDJw0DJmhFgMDAIACAAB8AwPLFE14fAq9z4SO9x2K2GgtJOaV1nO5HKU7DZTimhNZNCAlkc8vad1pAkmv3DLXWEMycffSzBs5DNVF7m0FcRK\/nRMCAAA0ACsAAgMEADMAJAAdACCtYtSWY+\/FBnNvDcbFziQv9mDWOD1F0U7saoBSr9F\/cQApAAIAABQDAwABARcDAwAqIzklDPve64TQW1sRhQ9Ngvotc8R6P11yXBuykrPQ0UmmBnJrHeYe5rSVFwMDAEVATALq0r\/4n2zKs+zG1IHzW63jx+8O+3J3MWaf1uDZ2OpVF9mjIV\/A4PEIwWwGb2JPb2UXioVLNrILrx0ogc+z8WJOUzw="}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1620927999109,"flow_last_seen":1620927999170,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00424{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":170903,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPiTcnml+4AQECNEdwAAAQEICjQMmbk8IAyc"}
+00536{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":172669,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmQAbsCvXMZSS7WVoAYECMzIAAAAQEICjQMmbo8IAyaFAMDAAEBFwMDAEXSJ4tFk8tOTU0TdsqYIGUNc2Y8gonwbH9UtGFEzPUT\/vkVyz7muSY18bQwXOYr0Vd1exzUjZkkW8aKxtVfi0AeAU47ab8="}
+00424{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":178235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RutAADQGcTySMDoSwKgBsgG7yZFyBGfay0T7V4AQAfhj7AAAAQEICjwgDKI0DJml"}
+00781{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":179715,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"KDc3AG3IEBMx8Tl2CABFAAE4RuxAADQGcDeSMDoSwKgBsgG7yZFyBGfay0T7V4AYAfi6TwAAAQEICjwgDKM0DJmlFgMDAIACAAB8AwNlgoQ2Pdpv5X4Rg9R+p+YiQIAQMiIt5js0EYdba8vb2yCf4hyAAf2e1Nqt4X\/d0hmTfioGtwn0kLEAuqj5y87exBMCAAA0ACsAAgMEADMAJAAdACAvcqWUlMdp0QSYolIvVNgW7+woCYu1M5HmREWdVwz3LAApAAIAABQDAwABARcDAwAq0DMa0J5ea5uC09Xn5tWWHKxomevqoxo9n46q6Yt7XJrb\/cKtxBpm8uOKFwMDAEUsrmzIHMcq98OCxjVDEPHkcar4UkPE91bjG9D+qLNgAdYwRyVA3\/QutS6SaTmodgNW977X\/NxVXTU850L6\/oce3j\/MeI0="}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1620927999112,"flow_last_seen":1620927999179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":940,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00424{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":179798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRPtXcgRo3oAQECNUoAAAAQEICjQMmcE8IAyj"}
+00537{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":181982,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmRAbvLRPtXcgRo3oAYECNz8QAAAQEICjQMmcM8IAyjFAMDAAEBFwMDAEUpWU+q6IIQ+vjgsO19mOPvUJe+zC6SBjdAkkeK98voA6qEgejaG8myE5XpdRhfSr4pNH\/XrVcLiXmV\/NXXGLlRQYLjzmU="}
+00929{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":185519,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmQAbsCvXNpSS7WVoAYECOh4QAAAQEICjQMmcY8IAyaFwMDAW3MPxNyYrxLMOxqF16UUVrHIQV56KUGuJ406eUc2EfPtWFYG1vcwLHFGr3j6OfVnMMNf5qotxDsmLVS3roXsL5q8wwjLXILlK0IwpDshhSrdRAyg360LNOhDxyx18Y+0zDXdoJypW6kcEgdLYLzRhlGgMQNtPs8l6PhIUQGoSpYq\/CjoF7iDvpkeny7lLcDy1ebl9jcetR9El5JXIjrgrckwViaOG7n0pZqAzZrymWbRh4SZk919peADoYi6AoSASI2kOrY6nkxZrngdSpAz9eAipQPZYp8XChMa\/EH39slZdcE8A33wKPIp7IN+N2Bra5BCNPjHNO6oduB4SV6GHV52WbFdL2T0E7EqWlX2WRpIdGXiUpMa5OXgWsZvYrsdhKh0eG6AYW\/\/kXod+3RSA5MgCaJnAysUixpK1o+ki+orZDtqMZykIPUT6bfTLiUsJmcTQWYmsstiN\/xhR3\/HcBGELnfDaz1jSWhAllstw=="}
+00537{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":191162,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"EBMx8Tl2KDc3AG3ICABFAACEAABAAEAGq9fAqAGykjA6EsmPAbugsPiTcnml+4AYECNoqwAAAQEICjQMmcs8IAycFAMDAAEBFwMDAEWxL3YzswQsjepryozRyik2Y1glAEUibL\/h4iG46W3VAxeg0RSRMFvYaUCnkaQ0TqdFtgCL4+AN\/nkCSfbAMPM3WKytlBk="}
+00932{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":194963,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmRAbvLRPuncgRo3oAYECM66AAAAQEICjQMmc48IAyjFwMDAW1U2xza9iTqJdLlZnXQ\/mm+K+ldI52rwOH0S41gAU1C\/qJurwWcs0Lhv1nA5QMztQe7NgmQdefEqL2FR4y8f+fFdn3MCtv5MRC+e9CdAZQuiB3WyMZv2KsBm44vNeIA5jhgU5YalmtYwdbCYi1t0lzs0m21cuWCWpoILtpQQpJteSwdQeSjnzlV7faqShVs\/yjzbcOHzh8+rcDpaSGzRZZ+\/GpwAgy2fLwtiBEdSnsAGlZLlQ7S7SRqqg9WcKXsLYSW3+IEE3Gg7t7iw\/K2waP0b454O4X1ov2mBWQ7MpEfJ9RsWTzr9ES371I4Xt2\/51Uj49M9I8tRIWIounLp7G+t1cRo5+8daosT\/VSupRt1\/+MyNu56vVppax9SrmbrXd7dkz+oieRAT4N2HFKNWxSsgjfPwou4JX4LzoKhjX0NQHgoA7JGdfPvST3zQ97Yhck9P5Z4vLFZKcBk0ndRHhhJ2XergcuKeSh64rI\/Lg=="}
+00935{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":195119,"pkt_caplen":436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":436,"pkt_l4_len":402,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGmAABAAEAGqrXAqAGykjA6EsmPAbugsPjjcnml+4AYECPg1AAAAQEICjQMmc48IAycFwMDAW0EmYEG\/nyhdRB1EXn\/YYebkjdhYDWtJ6dVHGAV77MWam2jTIPcqLAU8acR1Kiktnzox1KoFEq3RIe+KZsCbsmOgSN7rQXPxI4A0IM1DIewKcu2tY5WQ+ZCvzbCCIhmpWXr1836laY1mxMHX0Z2\/BMudQMQRb5EaEciDvA8l+hFeW\/KbS+dqxL6xbKKIK3URLF0iz2gb7VbTbkcZYMdtdaH3auRv5o1FuoCxkTc7\/v6aSqHILPcCmlSGY+ZwY1YqGBFjFP+FZJ8+1U9JIGrGrU8LvUQDGCwzMENalM7pbD62ygsff6nSL5F+8IrM5iMdQkzpFVo\/aBU4dIyVTU0z1rUkn1SF8yVUm\/37YLaX0txSb\/DOQFjF\/+iMQaCLjtcyPSGDyg\/Ad88qfUzUBNF\/R3\/UJjBgwSQ293ilgnnwniiCk4tALK6wLMmC0+clSGOFO7UsCoDsSRiC4rphunV5iLUJ7Hpho9+k4Z08n4mlw=="}
+00425{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199315,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2hAADQGgL+SMDoSwKgBsgG7yZBJLtZWAr1zaYAQAfhukwAAAQEICjwgDLc0DJm6"}
+00840{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199317,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjN2lAADQGf4+SMDoSwKgBsgG7yZBJLtZWAr1zaYAYAfgmqAAAAQEICjwgDLc0DJm6FwMDASoG+IVoZspJWbAzjHMk+jGna\/EMW\/zVG6clqPZmvmtjGOhJZao5xqzCyt1OMIywvrhj\/H7NTcpOGhWvRBaNgY1oXiWyMaSsdmjHWjnaYpc8tQ9X9Vvei9pLKsA6avyw5HbKJdYJHxDzIzTnlGY8k+\/2Y\/yaVcmAKQ72\/jfIrHap+ZWYaJd+FlitVNgVllAnYZ5j6Ia6kYCuvoj6i\/MgdxqWNZP50y3dsAOc6WdV9y1DW2V3H1nEsLlKcDHeJ+iwEUCHNGCXa49HVRR5kcFYfoQKGkcbDrOH6BcMdyGcFR5HvOGcnT645fa4zifB8oI6cwyKt8gY7fb39GkHcKSgF6vK7QgC9WnYR6J+zy7zTIko\/o3EZpCsX0HNvWC5wTFguMDOdgMjjM80W21y"}
+00425{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":199378,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmQAbsCvXTbSS7XhYAQEBpduQAAAQEICjQMmdE8IAy3"}
+00425{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ru1AADQGcTqSMDoSwKgBsgG7yZFyBGjey0T7p4AQAfhiWgAAAQEICjwgDMI0DJnD"}
+00425{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0N2pAADQGgL2SMDoSwKgBsgG7yZBJLteFAr1024AQAfZr2wAAAQEICjwgDMQ0DJnG"}
+00844{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210804,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjRu5AADQGcAqSMDoSwKgBsgG7yZFyBGjey0T7p4AYAfh+0wAAAQEICjwgDMM0DJnDFwMDASprTsQKu9s6aaCEj+w7ZjrqMdxY1YwTls8\/pAgJZGFFKQVPKgDdKpYh3+K\/By9DOOTpcwgAOyavB9fKHp6uzhrHA2VS\/iWboLvDMORzJ3u7ns4KJiDX0ie8g9wGHpJuv77OEh+h8WcWltUNESMlkrFo\/ZLrSVbM1YlONLN50AkxLQVcfLcLLoHktq5OSc\/yCyeJt9PFH3yESRpYMhgkAwhHEvrxhoMA9j\/zLboyN2JX16IS7XWL2fGO\/KTb4xOpxU8niCpVj\/JoslZ\/oouZ3jesMFH8qCeqk6Hgj1+5EO6+mqH0YqKPot1QM7KNudqLR\/rmKD3\/onknThUaQ8CdX+VUkopodDy5\/dVg9XqDqoP2AP5TAimTy6lIQbY2F30x3pfOHQ+p9noSRaBp"}
+00425{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":210873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmRAbvLRP0ZcgRqDYAQEBpRfQAAAQEICjQMmdw8IAzD"}
+02379{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":212445,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUN2tAADQGexySMDoSwKgBsgG7yZBJLteFAr1024AQAfYGaQAAAQEICjwgDMU0DJnGFwMDATF0RHAawjZ1xwJEpkOucPPB70wmdUpLM5FGhxZtPH01hVZA+W1MH0KFQ2ngnqDhR2gC5NtZ3qAH4foqNBGYlIzd6czfKVwMH0UNytJFOlGX960gb\/73I6scHWNSzZrVTjkEN5LWyFdJPZ80mFXmwcd9kldsNT8TMiJISLbE0jgKFBW6MVdOYy8lalV\/Tea36X0DqVQNOXDBFUT4bfOCE8nlYvlh7GHWrgn1q2j3E0y+Gnmr3JMyHzyeyL1oS1chX2UHYfzHB7h8VN9GAdClP0jydfowKrGvdRqXWGqVHrl8Thr0gdNCE2bs5t9XlDJXd+24FyoVLY8r1l5lvDQhDQFyaVCmvgM6yursou+DjlQ7qopGr\/SWBtSeRWCpQ5Nwklr\/ZrtmSz63y\/9FTxPwAQLqrxcDA0ARl0YUIyH632gTGpJ2rd\/KQnV3yZTVwSP9ZfFOmRfmhz0FkPaGmmzqjKZUl9NpenolIKr+b\/uzfZTGEnJP0yFzm3aNuvUfv8xemXY0zqrBx3mIZu6G9Rnh0+io1Gz\/5E7Ih6thABLy8uMsPT5F2E7+n2VhhRjmZ2LvV\/qqFxKQnurqwdKQVp5PUHV77C20XWufw1dWwoVMXQ2gilyg1mgGW+WeO42NC4hzxj0xY\/EiTBAm69Jcl\/d4a0TVV+mfdyDzSMu+\/PMSxOFlT55NEAKmXgq5BZ1vwotjBw39UqYDnUMZM2mlTcErTDHcus6LlhvkcKsWFLLYDs67P\/tI9EmaQplL2l6L3V3hEDozbgCQwZ7IPorLNAFw7OPt0dEG3IAFENzyzL5nz17DI9c7KlxI4y037ZHQEF2zkveQpoU+x\/7xr8byBZ3LU+iyxy3mO9bIyjPv3OKwKwP+exZDZnexXL6lxMT7m9oBbRtON45NogFu4ZfWEcjbFjIWVFUUBsYLwA5\/BLoi9z7bpoKIDFxSkblYC5T6MBs2W8rRnSF9E2TjXy3nOBYAKCvzT79o3eOiejVTJd3W5ziiyBgTwV8z9+qRJmwD2mIMl\/A3ED3nV\/Sm1c559\/OgUCW79HrUHuaB+BQKUM5BeIjew5QEKacGEOnV5qpdmNCAr4Nc3yLIealKSSzvMH8cduykEbHGL8Vi5MVTKKK1JEPSwkD7zqWftg8uRaESS8JK86n40vS5vJlQ\/HUu3ZXXKkpt+dS0fXLRyqrLIlr819R8ZiGEdFBsYQ0ST5BCZ2616WT6z2r\/yPkzpZpxVg7xX9chsjlnbJXPWpnjtfKtHX4KpTkXidK6p8P3NHGVjI8DP6mENQjWf1CMHSveoFMUUbdkSWWLovn\/IdQi3vqXA3w1GHxW6t0Mw8fDHhX1vp97B1j4TpPOM+mQhi+HEwTIUBdNgixwAAXmTr67LQ6urmmsQ98IalGtbpZmeOuU9t90DZDogBhtlBzR\/xu49EPxt\/11GpDHUHIqnlt5M+QalTTKmNpyf65nyrtZ8AaW0C5hX63hP7HRYOmfew\/7Y8UaOoINwJz02yGVfIZ8QiID4wNrWT2mWTYG6y9fYYPcHYgsarsCRtmNoP5DECEg3w1YA3zl5hYEYg0JV9w33+dp5TwzKi2\/HXskWNp5ZP5ng4bbQWNNfGwKfrHnSLK7PjGv5Br\/e3MbXY5nXCzLNJPPn3bVE\/Xg0DqvwaslmH7Lfb16dsRJwX1xpe6AHyN6jlIuJtMRYaIdD32X4acBjIKVQZX4Mi9Rk1jiJt2MheiNW5jV3xqLTNIAxhb6vBP9ciZyU72WrmwxOFivr7S\/qDupSUMMxjY6i1pIhbg0Zlzrt5XVcNeax1+NM2TGG08HaPX1+PiooNIVDZwSlCNvPvGwNLNu34lbxQBVhpQM7mPqvKDARvtZVZSIFirsxNPL2vU95lZA6oKDM5QvYfYP7cFFS7Xtv9DiRPGt9xTvuwuC"}
+02398{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":212559,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUN2xAADQGexuSMDoSwKgBsgG7yZBJLt0lAr1024AYAfaswgAAAQEICjwgDMU0DJnGggbaRUBnA9iB8\/\/pIgT\/IGEA8ghXPMhk2sjYTlERDRQhptygv3oYwuAGVIALZ2YmhhEQwaHyIB\/oFHv+j88SvENwtHkwcdjPhEBmrCDaR\/\/a1L5bE+WsLHjU\/U7CuRftKG5qJX7c\/oggdsYaCLN7Ob7+TC6eNVzIQAki0Zc8tOK\/YoJVZjsOI9l3lBqqbRD4h2fEN\/8LnS8IFJmT0QdABeBvmWviyC3JcFLtpkJCOePEFW77EiiYjTPHT3djiRBwczUJIFrpYimFXc4BvvcPMuxc64mvPWsmy5AeHrb2\/\/s8pLIa9Yo\/ltXPUvz4EQ1ERogHhDdz4ii+YqfIdWSTg8EsVKae0znHk15bDazUng8ALmsyD1KXP2YVMIcVebKKt+CeD7Y6k+n0fNEM8xi3v99uKPAi31mNZSfMUgrZ+SpfKLNPmbTclUZyPLvMFvQz5VBw+Lept9Tq9d+11dKTSYz\/CC9PdLXr+pWjWYdu14ffUhPqhYRkksOBrihnXaxX\/8D17ZHkZxv9eBA\/z9xz2V9HNWIZNs76Fw5TtCTl9\/WdJxtW+xvtkRC5TPe4g9rNqar8eX7Fq5gMzeuCX8QpuP5UYdrSvGbREOAfv4e+vkeWQVCLJntzBCCB7luyAGfrubFUSeJJQ84m3WRHl4QbaI\/cYPRUn\/GDXIosc2JzWf8yPRJOm2hWUF9rW6DLbArnscFZQo7CCIiqoXo8x9sk\/dqaaTm3Ne+VnFiOVgKFmkKcXwMmklD\/Aq+xLBDDnhQD\/LbzBROxRnl9sQKYQ57DdbFhXAPnapsJPrO4RGraEFQbEuk\/CI0ppxyEYulcvuHpMbHUVU86FYQfylrKCsKmyqB3jT9E4sVThvSegxj09AWqdkHDm2XT3mbK24YpQ+Mo6qE6IPGe5VC9ZCjZYgiWLqbWUO4kkbv3nk5eAuJJ5tMtZwXixhT7GUUvhIMX18ORedC\/49pD8UH65qvO2\/8h7wii34+EI88pvtWVR5HWsydL9US0QJ1AiIpmQG9\/nS0\/oKN\/5SeYrfbnfvoRvRycGfIS4WSEZgxMRGBRKlyETLDkaglqjEd\/tM5+oa\/zqsc28hQsBNYhpEVw7AC\/QwuVjnE0N0nAko5cRsT5pd1zIQwLVb0DtnfAYm+gT5VeAtTbbzehbZaV+Was5xq9qpGbi7GLuxPfd4E0xD\/5NYgCgsHmRvGSOMJpaHiPEjRJ7pw4n5RNmW7SJLla50LTUsas3vJguztLalyOeLrCe+woiQcmk5iyzj9\/750rMRb5X0hOYFb2IPNKFSM1OZBlAUa9c2rXwccyN\/Jru4nLn6RpLOvPO7VVxpx9kcP06M5mZU8f+9RRNItAmS9Z8CCob7a0pnxv1sLtQVdysLPUqi5ys3VbDk+3YQq6vOotmsHf1biJL6q\/RDVPYeCSY3coXP5mqLce7RYWWLjBn2MDAyJn5Lhp6BEul5qVLsSZk\/7plKPQT0YTifKRGvadRzqaIUy+rjp2gfNj9pc56ld0AuEkJ9IXBSrL4gAk4rMSRee8gNIoFpLo6tzvVvWoKGIDA8RsDnQJVUcNfAy9oR24iKlZYdJAHV2gAxMmAcInaNCxPXBu40O+Tdwj9lgnH1En\/BmcaZMHY4dYAG2h\/4VtsrKJlOhnHJjz5mXP1NOVas32nYmYBwc9S\/DwwTU4cSU3Rtd4lwv5giHfBZ+9ptdmKxo0\/5b\/hCQZaWAQ8ZaR5CLb\/0Bb1utNqDyR\/rNTor5Xnpoprj70WfLvt8yZ14\/JY1kDc8Xb4IcClQqMD6slDOD+\/xqXEhguiQVOvX7rAtd6HBBtYwN7HJ0Imoc0BENCdUZVCw58Dw9b9ULseixYQutJXMlokrnP2CzfCXypLbhWN\/nihd1MAQVnNStFsIKi4L9J5T\/fllZMr+mOX6aEWGYNiUkL"}
+00425{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":216429,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0GixAADQGnfuSMDoSwKgBsgG7yY9yeaX7oLD444AQAfhSEwAAAQEICjwgDMk0DJnL"}
+00843{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":217704,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFjGi1AADQGnMuSMDoSwKgBsgG7yY9yeaX7oLD444AYAfhr7wAAAQEICjwgDMo0DJnLFwMDASpeztZqzeNHxAj+4hz3yYAgrTP9my3S7cBBG6m4F\/mxytks0O6DDBAZB\/zghDomWEzU+dzEkY38eF7Qg5+0TYkOFypWiz+AAZtxlqgP3F4vmeTyW40\/R2CkKPcYORX8opIrnxtb5TqKRv6FlrgRD2UjngUVhKA6dcxK9XdDo5NvHLz8x\/imrPPT98VjwiZUichzVIUh\/l\/oEfxl96jEMb9ygqN2dcHwNpmtoZFbGADCh15TmmeUvYTzxHW9GH\/j0eJ8+BURPnRyuw\/Dsb7aNBl8s\/D+1oCtJE9n4iP6LU4m4TXtSgvM6o\/zD7qC3MR9adtaLRvIJ0eikWIqHNrHTk+lEd\/qTzpoJgPnfB1L1ygwiIZ7zeAsnXvn3TS6NZKRSVrDtfqUBvxojnpw"}
+00425{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":217740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EsmPAbugsPpVcnmnKoAQEBpBOQAAAQEICjQMmeE8IAzK"}
+00425{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":220550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Gi5AADQGnfmSMDoSwKgBsgG7yY9yeacqoLD6VYAQAfZPbQAAAQEICjwgDM00DJnO"}
+02385{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":223683,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGi9AADQGmFiSMDoSwKgBsgG7yY9yeacqoLD6VYAQAfbLagAAAQEICjwgDM80DJnOFwMDATGDXmNX+I9QTrE0Oc4hf0vKSLv+BetVGQTqqxym0znX1BUFR+u7Ajh1XlXwPT3q08TPNDfs8Tqk5+oKvQfNPRMnDzMYMoEJ5oOggfYWu9atuUmV\/S\/OzLGLsGoeIEQCZh7RDPAC13wst4qu5WYQgI6pZ4RgbwSStUHKzK1QgA3zhgDu+Kdg9vWwY7LFaf60qBYB1HXhfz8s7iHn5xsqLg8PRuyPCWxcXStRl0w9o65tkECE3jXKPFx8S6\/AZjNyRVAQ6SpMuaI9UWINexnAm6cjISur4O5cPW1ep4W\/xVd3Oh+K\/eJi5u\/jtuzShQh\/Pxqf3Fz6iJugTrlpNbp2fkpbp2mfiaAHmIL3g+TbiGJVvbMHYgVELNmXe2a2CUk6igIOev1fNvMEvGLi7h+\/jzwmsBcDAzniUE9cVzmJBQ+qAdXhiQoHIoRyBeeKXPoRIPEP4VyS2dn3o3\/yj6AFsBRWBWZkUCRBGpJqfePwylWwXYcvsPonbe\/DUDVvTSpJBXsz+4WuQ8AgbWC++q7VzXwxTDR0WDWjdF5ylOLKUy61IH3s5Er0\/LkRTpPCv4sPZTqlyKmXYaCSk3pwIMDH85SlTTlocHuArc7MscIKCgVXDRBxV+kIHWC3X+GqKbN07kbkjOtiWRj3Q\/XxZCEXXngHttmE6GdXd1zdWjjVICm9Y2xr\/nvoLAYZ+Yy+sAe8PkBobv1RhkDoLuvE0mGMijn5qx4uJ4ThIlo6JKOU4bdLgBiqFHTuQRDZxKcyelps0yWJp+5BLIsbjDMhLLIGXjK4+E8mfHOprrTIXU98V255V\/VAfI91MCYPuc03UutWFNd7C5fE5+osY+kb\/5PRoF1BI9yUclGiudfk+NYNdWYF8iUoHLanXaMpUNYG987TJnJzEOPNrqT8KASZbVP29IH2n1Zd9exkB3u4K\/zojitvVHFVcINNo3wicxeyvMz4DBcRVIO\/4UECk91xU\/kzE24GVv21ZJMZ708GbpwzhJZd\/sHeqAFZIqfrB7qOX\/r4REBeCzWmWm+RZ4V10U1uhbC5uA3yeQs333l9Wb+yAxVa2w2rI0W6m\/2ZcIEj0KP4hpJqnnzXUXL\/n8gEpSqfRPP6X3FSGUx4jDymnT3FANl739Y70O8xvMr+HmbDvKozKvzXkPLr7b6yjGMXCi7\/khPBkioFZsT\/TGbSJMUe1g2F+f7m\/eWZ1ogmmFgGNCed+xCpnsfCTgWjyTX0SOMwmBmniC0qIf64sfHNHSie5enypH9WLrDV3KzIESblcZzB06wDM6tMxPd35bkKsIRJvBrQ9K\/1s5VpMsBtJC9ZvCV7XBHq8SkmOZVnY+4grGM1cC69YA1gftHFvSllxcNxav9KJS5L+C801XxyvaS5WMJZF0kD5PD0lA1ZP3DE0UVLFMmXUBe5ZrgbF7naWn8mepSBH1lpcBiIHARXZ0OxceUZZptv01r+qmgzufPP+3DmSXgYDSUlBLg38k95ZnnJnTELfIBzbVqdQWS6sfE0kmEZaIjFikzqomsSNCc1xYoNjHwT5yPc+0DPhiajnKRTyJyuJOtpR9Yyi3uAQoXueADdjghO9r6CictOkWfzvgZosAIM9RX\/PfftS5UdaT6U5l3gE7vLk3b362KODaCDVAiI4XtZOa7zPCnXM8\/LAXRMty1zQKdwQvtHAyfCsNGNqEP+Gsx6\/ZUXqGVnPHfzQWmqqnP+hRgQMd\/NDDY5Qowy43HEV1\/0ICfYGRGaAMbJfgfIf\/Qg0fWJTSwrPEtXiiwjCJiYY+imXtMGphxRouUxp1GaDhKwwtV\/MEnYXXZY3XmdR5ER1P3bykGjVLGIYygt9DjQAUSJwUibgKAJSUCOoLEFcDx1sItP5ptN\/YHhmEp3LqrKSeKuJniyo2jKYy+Jc5IxbotVEduj4DxX"}
+02382{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":223830,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGjBAADQGmFeSMDoSwKgBsgG7yY9yeazKoLD6VYAYAfZ6AAAAAQEICjwgDM80DJnOWBQWN\/Bzk6JX+wMkfCHWDizjimajWIBAY\/7wZcrWbX7GntVAaIOXGHYTtwdcZc3\/GYNWWjjQFF\/oWDJwrFIoBX3uAFKRfqz2Sz26Tb9zbzS3k7G7GMRsL2ElrndcG4AAr6Ee2svDvNUXzvfNnvdtg5x7OjFHOGisAaAKtv9z9iGixFBuC7dWgPZ7yQ70orPCxW64eF3iOSRlFtTM0AgzM9RoibLiRPDVpwbf1r4Z+NGM3OI6kcMQv6y3j7bK6t2pXDIFA\/z2\/+6H64DJ1N127O8c\/pFYRwJSASxmsv4PyV8+lviJPKFTPy1AXelEKuGHI5AsbnvFRecU5eMWAX5H2oW6Jp4BopL94r07\/ca9myAY\/l0Ge09Rw6hqiKgOxtF7rgmmx4xucMAWu7U5ijmwCo6zuu6qwQzee6jX1Pk\/cOkUXpO0v1R1a\/0\/+5eNv2wuwQg7OxFprBOJ0lgcv\/MIs5gGX+SbCMqU6XDAc\/gMMEXV0RieZSNrMNwgeQVhYReZC94\/kVSCru3jvvH0g4MyxCIitI\/uu1k0Et9vfCrQsneN23sENrcznsSbaeYzpPULHEpSD\/Al0oe7Si+DB5AB7enLDJ4hfUCLdJMxc1mNbatE0etq8iF5gLp44xS7iC8itiMVhNu+B+4AC7l1m6FiSwXRO1qRe9CHIh\/M+3uNcrcoO1+VpVqWr4xcUVkhOgAKvoBOtACZuuOtEzCX3Rdxrzh9EORQDVspIvFGA5xS3JlKwk2pDdnGpRE2qB6tTytCsYNQkqmXCpqOeIotCqWBlN1\/z9aNiVTy2qs9N0UJVsHJvr82BkRGV4HWscjUj4FR6Ha+nJt2w4PD8\/yzLAiUs+NHm7r77EyXT9kM0Mrj5dfdS5Kt4XHf9OPb96jdxTNwoa9upjaszW7\/mrZwgYPWhVrlzKZRJxs8xmyaD\/ByTzh499iyWo9NhxPxy6gfnUXle04PM6h+cUl7SpHnqRLs3eA9n0T591WR+sYadx9awaOeo276+Cdsnj6aih2c13sfHQER6IJiTNk3nTy9jB50\/2pSSmTAoWnkyYyhmA9T\/cfHuUPVz6XWU0F9efBlmqVTauJi8VzcXH7i1qkFhz8KsidETGTbkImgcOtEISeXUxg0GcUxA9E05rg53lwPJT7HKQls\/3Td6B1ov8fYQTj3iRzx2wgFTjkjKA6Ccr3aikIkoL1IAOEHhC4uvgrZ7hgOZf6PJrPG\/dGP2uOAvzije24aw56LOYnUrrwjmDumiXyD79d4cS1fPlEcY1Hk4OXvl9li4Fj00eNobyWLGLnDai6R5bItIAIugSqef88HZucBkbSclYG8iKKZecmiJBsHmJC\/qj2H1YQVD1VUAGcg0s3iJ21MGDYz7cj3z4LuU4vthZ60Q5xe0ZyV+feVEVChAgXWGflpxjLRnIeBmEij77dUr6N6Q0OI8lcWmMvDQBMuvOxGpUOWjgBlbrHhlYe2NNyUWzV8NEnzNemGBDZMcS\/R0Ow1o7rayw9B3+oYKj7cVxsoULjrXTpXFsLN2My3rTvcqHnwfLh7cA8g8fTbEeBsequGcK+hPRSEtz\/p5whkag0pKMv1J8O25cR6hluhOt1nrhuJZNfxc18mGOYvHufRoX58s0elR3CB70n13krb7bGPFvMHp26fhVtE+OMQkwO3NuMXnklp9ZnoLWiAa+v2hsEJN4iDrL9wXUaNlwFfHpFLiGDuuMIbqVc6YMQE1g1iQzF6DZrn9Bu2HGur+s6i6wz+rY9M4nnQr5JpuYhtf201aRku8fe4Ty71J3Spjkh8GmLQluzV7Nn7\/TMzGYSZhM3v1E6W0ZborEqLupYsSPXvDLIqNBkR5fQlUE2SrYH4YBRyf3c3ISRvZbMQKgiBNsTZr4FoxiA4sjDVuoLwaiSJTxgD\/xiSg9coeMqM"}
+00425{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226198,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ru9AADQGcTiSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZfogAAAQEICjwgDNA0DJnO"}
+02377{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226686,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvBAADQGa5eSMDoSwKgBsgG7yZFyBGoNy0T9GYAQAfZkjwAAAQEICjwgDNE0DJnOFwMDATCFItPF6rhHl1\/YPDMm6GWa4HPcCuK3mqzRTOvvGM6NtGhFTVozdHMGJUEg+z3B0BwleVJpB0reYbEUloZUNqh+kMOlhUZkm4pupaUY0U3DCPm5Acsk4V8tBtBDRLG6xi5ISPF0fnoOemdPNS5pkmhpcXIQTJwrun+oXoL5UMlx4p6HorQcXT3ymZw9p3ypfFXkNfWHg05tgi2hPSGA4o2hvt12+\/r5TqNogm+YBmdd5EhiErbSF+joVzv3duY6fTgEB86x2h8HE\/TFVEHU8HKlPkU6Svy67aTvtbLONANSb8cpYbsgRmmZbRuoDoqmKhfmkhF8uqt5BA5bHxI9CRcQuESZNqQ03RWwnd0xSJ62fuTT7fNyfbaItVf+d+C4AcL5+m96krweQdTXjAV0ZPLmFwMDIeAN9X2eDfUrz11hvbQsIH5c5SfESCAAlIcc2dpQ97y8luRHUEzUkqXDf\/PLM9KOB4UlHlDacLBy1+b8ityG6\/T9TcqAtZtO8cZtb5T8k\/oOc1vYtX\/fgq8q48fIWSmBZU9jTzBi6aEuKMRRnFRhiRxNh9dyb0Yy2FB6oHFwHwHwf5PAHxnV+X59ajF1exRa1UMHzVir8f4FXkVOKMv8cUQQoB4shcljjAEh3YWc4GwJNz6EtfFw9aKeyANS\/FfpHhP17AitFF420+2PsvZPCQFk61oBLlZBkwQu2TpYfarh3hR6rObQFgBNt\/1xoQzprgM51ImkTMS7QSgpgPmVlxM2EATn9cyIKyHbcO4IofjSmxOC\/TVgLA4\/PR3n8QyGp4vmho\/FVYR1+q79PXff9tf\/5mnDk82iUl448pw+rTHDgB1Oejo8OWfKP5yNUeJ+CuRxcCMXRvnXeM1fLPveq3kCveongKC2oflEtuUNEL6fFI94HtalTDWb+Ux8GjoNpr6BxzJKzjHMKM6LZges2fD8PHJZbfzIaskZvfdSBuolTgW2sBuqhivFhjELX+oUCjiKGociBtPOA8Ni+\/iEtI9NJHp8aGoFdSWFa1uqewlQMVodLxawlNpmg0WtfeZ5YSM1OPkyyX4YciYb7q7tYNunRHDhhT2kJLE5A+8q5rTA3u0q\/wL3yJ6FCCwtYSbvldQZTy4MIsOSqzYsDbFrfXCZYTRHYU8H4LJOB5HUdwtbykh\/5sC+HVoyTLbuocH\/spyZYSNkpjWdlwHoH9h9umAjBgwyDAEwyXjzox1tkv\/qvECE3\/OJ6FiVTmMRRf9fk8lPbfiL\/rPXKcw3bAJLJd7PjfDQ8RdRnfJXD0cS6txrN1TTPgHumvmuAmrVsrS+bWAC0Yysl\/Bz95z5obxGI8PQbvH4IU3C4dLfyvW0Jdl2HjBK5yw7HYjAM2htntg23mpT3fqAfn6gy6C3g5KyIP6o4FqT2FGtQaU9Gdo0eFIKiQ4k0TzMBHtWJW0x\/Zg\/+rNMWKMN8WllqBzrpncwdqW6r89jEdyeR+UFAMUXkISP1VN8q7rZTM+jwA1qnjUi6YaGu9TgOt\/Q2Bi21rv6wZKWBIQvMkpzMFXnEaZHpOxm8PFeM\/8E6Wy0MhwWlBotTz0taZJm3bg+JnHp8U6XTLPeuyi+k9vgASq4vBuqC4FV+G9CoPjLqe5WcPy96wz34Gh0Zue2fVjELTOUewWs9fpSmP0Q39IZFXpW9Hs\/lWFoE5yPY++XW1eJ76eVN3B3iDAdUBtcjMOfxmSlic0NyNauA57QWMuFhJj6UlsNJvOpJzYCB8JfOI40SaKcX0nHBIBldeKKFvwAMCT1Y9LjaFM9Ab34HTrSHJye92uqoYM1CzMXhYOvDWXUHtNhZBQra1Olu1ergOfzFZC4stSCM+dwXkAKV8OPjlDGnieK85H2V5M8SEsAsk0jsbmK9VpvJeZs9zJUSvbATHYsyqm1FczDpSo3nRy+"}
+02380{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"firefox.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620927999,"pkt_ts_usec":226805,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXURvFAADQGa5aSMDoSwKgBsgG7yZFyBG+ty0T9GYAYAfZGWQAAAQEICjwgDNE0DJnO46bdv8K\/Cv0Y71KHBDx2E6DhVxHnO\/Vz+xRwx2MqZfoXdkMxPSicnl3rYCYWn0W24kGlecvyv7f0wZjyQvEeJD0ho1yneg4\/xbfN6nJQCbyAHn52qAkHGnKjO1KZDQzFc+5TrtwQEh+BUcCr8cmLjsOay578DJPCS8ae7imn292Lro+q4p\/3K4HTVpMrHgLfaY6hGzqsUOvRYnp+mBY5J563lmxOlx\/X\/oRuF++LlsfkL4e4knMLMkCVM+4iUfa04TW9CkLfEBrv4TH6EnUWnZyHOF8RFK\/1abv2HzFnA6zXuYU\/Kd5MKn+6eVVnhXGptFU+YDY9XL86PB+02SsiTjKa52KdTP+9os8CK8SqxnVrHpeE8v2tj2IhDJHzCsyjbWxg80M07qQn9G6WWAfhwMD03oDyqCwxVdIW\/MNogzyD29FkqRX3j9n7yWj8xN+nH1XMHDS6XIuSGpwiPcgoHxc0cUkIR5gIcEee+K3NQoHTxX6ggiXJFwDsSAltMJPa777kTM1SAmCL6mIKH5RFm5s+L7B9+mAtbO8rBf5cnca1izIIU+eT1mvlWCfXyubs\/uJZuUdJr7Y86g6QqP+IPTdFl4C7gy0KF+hZPVpBQkFjAx6PRGdxZ3N4LgGKVsnxLmp7ZUheaHfua3vO7HM7OSvw8l\/ze9oD3As+2V7Wmo2giwB8EPOPhoPXSkNhVN8I8jb+AsJnkzY9ecRVSW83tpBDyKQ2XjpmpBwQ9EVwM4CmUKlheybzefnWu1t1PoK21rSakqzAdjrlBFAfkN5f9coT9sI668vA7pI6f2kN4GZ8tIyQwALesL5d32vkjmxhcR9Ephra5vd9TYwTxhKz1Hw33GqfwwnnkzroMItWkC94MT9\/VKvHCr9Tkne6c675Spl2JDFJ3wb5Sydf4A7x2Qg3fRV4opVqzovvzIGgjiZp0CujVL5zOXAkS2HnJxxBD6a2gGfwbj\/Z6sWKOHuDmD\/QBbc9R3zoENgebZ5HtkdkM5tiFNi5InBSHUuObtHnicUdsBv00hPvLUdi0axYCkTtOQYGUheExhiPQQEYgxhPteOzgbjU3mg9+D4CAvzmoWQwsXki5G3MHnAl4MXqGvqYE35YBip6lmx7\/qQkQLExsjMjl+B7GjF\/GjOrYPDQp\/yGV3pHo3O93LWc+UPT+cyc6Ae20\/u3TH3HOo175rQxEg8VW8HVppHsPzIro2fS3GjdyYvBkuLUwDQqAMX4KVTQ4dnO2qsHL+PKVSYcWYly94o5AN77+DmqopSXpQNbyQlzyIzvrgEAOQMj3QfQWQ0Bn8P5Mj+x97H31p8bwf+iNIyw1Swh8fBDvI+AQ0NlZQabe8BzYQmSmRcuhpnkpzfl1wqCP41Ddi8oRLH9G6sT6xjZ+wCmKYQkpmcJBB2Lh8WPQieK6YZvKXFoH7WLC9q24PuGX50w+D4GOr9tvvtBJ2hYPSmZZCP5F+s59SjEghaoKmMGmcH3ppSVAXFE+rrhyYwS+lcqrXjygZhVDgxenUAdLAcDP\/yEtCVPz1MHb1t8t6r7oVmy9HlRVXy8DrtoIbjLDK+Zp2b2M4ERf22yJYBywgnxzDl3qvMmzni+KXjVOVDd078bzWIe3hT1D+ZNLLWcU49PEPJzQXgUobzxSiw8OKUxu2RM8AsKXQbk3i7x\/4DNic0LLIwxlebFuv\/Hup8TuMCyQR9whOnAxau+R2yPyGEHDSf\/wWqW4kDMsq0pZwak4tNm1YE3WjpiXtBoHK1xlAOgyUil\/3uCxlv\/\/guIJMnwv3zRPe9\/AZVpFL0rBjS9F0LKy\/khl2r2y4uw+8DTcXG8M12ci\/8\/7or9Eg+8WXPvfCVuEk60aMXsSqG7KFu6NpASmHnKw7OeZUmavwS1YmSksKTYzohf8zu7u1yDfIYmAtV0cNsQsU45"}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1636,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.iit.cnr.it","ja3":"ab78a7ef7106e8144808f22ab4a26dc8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1065,"flow_first_seen":1620927997754,"flow_last_seen":1620927999853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":891202,"flow_avg_l4_payload_len":836,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1031,"flow_first_seen":1620927998782,"flow_last_seen":1620927999948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":869503,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1387,"flow_first_seen":1620927998806,"flow_last_seen":1620927999915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1189641,"flow_avg_l4_payload_len":857,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":255,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":200954,"flow_avg_l4_payload_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test"}
diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out
index 4b3d7e512..22aeda8e6 100644
--- a/test/results/fix.pcap.out
+++ b/test/results/fix.pcap.out
@@ -1,21 +1,21 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":118,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":118,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":242949,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":118,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":118,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1493755109242,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04yxAAEAGeKvAqAAUCBEWH6pKD6BFDWoBN22A4oAQ\/+CtQgAAAQEICuQi8\/bKviaM"}
00457{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243242,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"THK5MeMlACJNe\/gxCABFAABNT3sAAPUGl0MIERYfwKgAFA+gqko3bYDiRQ1qAYAY\/\/8cMQAAAQEICsq+JozkIvOrOD1PATk9MDAxNAEzNT1QAQA4AAAUjFEGgw=="}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":243423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04y1AAEAGeKrAqAAUCBEWH6pKD6BFDWoBN22A+4AQ\/+CtKQAAAQEICuQi8\/bKviaM"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":264927,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"THK5MeMlACJNe\/gxCABFAABSVaMAAPUGkRYIERYfwKgAFA+gu2Bwv8eLGL2htoAY\/\/8FlAAAAQEICsq+JqLD2CKPOD1PATk9MDAxOQEzNT1QAQBgAAAA1ygEAAAC+SgE"}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1493755109264,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":265074,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQVAAEAGvtLAqAAUCBEWH7tgD6AYvaG2cL\/HqYAQ\/+ACDgAAAQEICsPYIsvKviai"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301176,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPilIAADIGAaLQ9WsDwKgAFA+gsgqYEHEay+C1D1AYXjiwMAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301346,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPdAAEAGESTAqAAU0PVrA7IKD6DL4LUPmBBxQVAQ\/\/9nMgAAAAAAAAAA"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301518,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"THK5MeMlACJNe\/gxCABFAAB3JWUAAPUGwS8IERYfwKgAFA+gu1Cc6Eb967pj5oAY\/\/+1oAAAAQEICsq+Jsaxc69UOD1GSVguNC4xATk9MDAwMDQxATM1PTABMzQ9MDA2MTI3ATQzPU4BNTI9MjAxNzA1MDItMTk6NTg6MjkBMTA9MTEzAQ=="}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_tot_l4_data_len":99,"flow_min_l4_data_len":99,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":99,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1493755109301,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00526{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301555,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB+LPhAAEAGEM3AqAAU0PVrA7IKD6DL4LUPmBBxQVAY\/\/8uDQAAOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00421{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":301679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA04B5AAEAGe7nAqAAUCBEWH7tQD6DrumPmnOhHQIAQ\/+BBSgAAAQEICrFztPLKvibG"}
00566{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":353604,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"THK5MeMlACJNe\/gxCABFAACbilMAADIGAVXQ9WsDwKgAFA+gsgqYEHFBy+C1D1AYXjh7AwAAOD1PATk9MDAxOQEzNT1QAQBgAAAAEiZl+XgqbZqYOD1PATk9MDAxNgEzNT1QAQBIAAAAEiMAk8A4OD1PATk9MDAyMAEzNT1QAQBoAAAAEicA\/o\/4Kj\/T2Dg9TwE5PTAwMTYBMzU9UAEASAAAABIjAQ3SOA=="}
@@ -25,9 +25,9 @@
00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQZAAEAGvtHAqAAUCBEWH7tgD6AYvaG2cL\/HzIAQ\/+ABaQAAAQEICsPYIunKvicG"}
00422{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":365361,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0nQdAAEAGvtDAqAAUCBEWH7tgD6AYvaG2cL\/H5oAQ\/+ABTwAAAQEICsPYIunKvicG"}
00414{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":395535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPlAAEAGESLAqAAU0PVrA7IKD6DL4LVlmBBxtFAQ\/\/9maQAAAAAAAAAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440420,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzMAADIGwMTQ9WsDwKgAFA+gshDsZRC0r0wvBlAYWghECQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1493755109440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00413{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":440588,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkFAAEAG\/9nAqAAU0PVrA7IQD6CvTC8G7GUQ11AQo65yMAAAAAAAAAAA"}
01023{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444758,"pkt_caplen":511,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":511,"pkt_l4_len":477,"pkt":"THK5MeMlACJNe\/gxCABFAAHxilUAADIG\/\/zQ9WsDwKgAFA+gsgqYEHG0y+C1ZVAYXjjFugAAOD1PATk9MDAyNwEzNT1QAQCgAAAAFQ1XhioHoSAAAAASIwEGMRg4PU8BOT0wMDE1ATM1PVABAEAAAAASKj0JADg9TwE5PTAwMjABMzU9UAEAaAAAABInARVzWCpMS0A4PU8BOT0wMDMyATM1PVABAMgAAAASJwDYalgqas\/AAAAAFQ1XhysBQG9AOD1PATk9MDAyMAEzNT1QAQBoAAAAEicA0Mk4KnJw4Dg9TwE5PTAwMjABMzU9UAEAaAAAABInAKMCeCp1O7g4PU8BOT0wMDQxATM1PUcBARAAAAAQDD\/xesxO+IuXAAAAAQAAAHkMP+sGt6ol2NgAAAABOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZWtzgrAKqjmDg9TwE5PTAwMjABMzU9UAEAaAAAABImNWfgKwC55dg4PU8BOT0wMDI5ATM1PVABALAAAAASJjCRmCsA0Mk4AAAAFSMBA2ZAOD1PATk9MDAxNgEzNT1QAQBIAAAAFSMBEqiAOD1PATk9MDAzNAEzNT1QAQDYAAAAFScBA2ZAKwExLQAAAAASJk8WGCsAtxsAOD1PATk9MDAyMAEzNT1QAQBoAAAAEiZtmpgrAKfYwA=="}
00414{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":444934,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLPpAAEAGESHAqAAU0PVrA7IKD6DL4LVlmBBzfVAQ\/\/9koAAAAAAAAAAA"}
@@ -50,9 +50,9 @@
00528{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":597948,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"THK5MeMlACJNe\/gxCABFAACBilgAADIGAWrQ9WsDwKgAFA+gsgqYEHTgy+C1ZVAYXjhSGwAAOD1PATk9MDAxNgEzNT1QAQBIAAAAEisA7ILgOD1PATk9MDAxOQEzNT1QAQBgAAAAEgVVWCMBaV+4OD1PATk9MDAyMQEzNT1QAQBwAAAAEicBYb6YKwD0JAA="}
00415{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":598146,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoLP1AAEAGER7AqAAU0PVrA7IKD6DL4LVlmBB1OVAQ\/\/9i5AAAAAAAAAAA"}
00483{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":647685,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"THK5MeMlACJNe\/gxCABFAABgilkAADIGAYrQ9WsDwKgAFA+gsgqYEHU5y+C1ZVAYXjgdegAAOD1PATk9MDAxOAEzNT1QAQBYAAAAEgVVWSIPQkA4PU8BOT0wMDE2ATM1PVABAEgAAAASKwDk4cA="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00476{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":654913,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbr+gAAPUGNsgIERYfwKgAFA+gu1oMn5kifDan54AY\/\/9QgQAAAQEICsq+KCgaP0xfOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1493755109654,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00421{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA07JVAAEAGb0LAqAAUCBEWH7taD6B8NqfnDJ+ZSYAQhgAbHwAAAQEICho\/VIrKvigo"}
00541{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":655263,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK7JZAAEAGbuvAqAAUCBEWH7taD6B8NqfnDJ+ZSYAYhgDh+QAAAQEICho\/VIrKvigoOD1GSVhDT01QATk9NzEBeJwNx7ENgDAMBED9QER+x684kdwisQEtDR0N+xdw3WXtx9miEbPMQugqQ48\/iuGQlxuHyXzjXMrlCdLrvt4HtKKED90WDdY="}
00518{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755109,"pkt_ts_usec":665470,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"THK5MeMlACJNe\/gxCABFAAB57E0AAPUG+kQIERYfwKgAFA+gu2Bwv8hFGL2htoAY\/\/9dtAAAAQEICsq+KDPD2CMlOD1PATk9MDA1OAEzNT1QAQGYAAAAPxVYGakAuoAAAD9SAlu8AAAANAUlSCUHog0lSSkBDwAAAD4FWBgkYigrAAAAMCAO"}
@@ -70,12 +70,12 @@
00529{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":141942,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB\/PkRAAEAG\/3\/AqAAU0PVrA7IQD6CvTC8G7GURIVAYo64pmAAAOD1GSVhDT01QATk9NzIBeJwNxzkOgDAMBEDtg4i8jpcckttI\/ICWho6G\/xcw3fRcx1miECPNQqhKQ40\/iuaQpxubyXzjmOrTB0jP+3of0JLa8QHdKg3Y"}
00404{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":231279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAoyzYAADIGwOTQ9WsDwKgAFA+gshDsZREhr0wvXVAQWgi7NQAA"}
00587{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":245077,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"THK5MeMlACJNe\/gxCABFAACs6yIAAPUG+zwIERYfwKgAFA+gqko3bYJGRQ1qVoAY\/\/\/H0wAAAQEICsq+KnbkIvTXOD1PATk9MDEwOQEzNT1HAQMwAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAABfIMQERMzLwF1SwAAAABAAAOIQxAQ3Cj3225QQAAAAEAAAwDDEBibrhgmZ3LAAAAAQAAA44MQDGMzLwF1SwAAAAB"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":320014,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"THK5MeMlACJNe\/gxCABFAAB1U\/wAADIGN9LQ9WsDwKgAFA+glvwzTd9PWnk+l1AYb96N\/wAAOD1PATk9MDA2NgEzNT1HAQHYAAAABVkI5OEMFeFiPZCEMAATlYJyAAAABFkI5OEMFVZHfdCEMAATwIJ3AAAABlkI5OEIW+2APQJxEAQ="}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1493755110320,"flow_last_seen":0,"flow_min_l4_payload_len":77,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":77,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328857,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb5\/wAAPUG\/rMIERYfwKgAFA+gn9aNJ1RO\/ryrG4AY\/\/8NBQAAAQEICsq+KsnWRqh9OD1PATk9MDAyOAEzNT1HAQCoAAAAAVkI5OEMBKkS\/dCEMAAJlIEx"}
-00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1493755110328,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00424{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":328967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9ZAAEAG7AHAqAAUCBEWH5\/WD6D+vKsbjSdUdYAQ\/\/\/knQAAAQEICtZGrHjKvirJ"}
00414{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":362185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAouAtAAEAGhg\/AqAAU0PVrA5b8D6BaeT6XM03fnFAQ\/GxkGwAAAAAAAAAA"}
00452{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":441940,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"THK5MeMlACJNe\/gxCABFAABLyzcAADIGwMDQ9WsDwKgAFA+gshDsZREhr0wvXVAYWghDRQAAOD1PATk9MDAyNAEzNT1HAQCIAAAAVgxAWLVwoAAAAAAAAAE="}
@@ -84,17 +84,17 @@
00415{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755110,"pkt_ts_usec":942754,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkZAAEAG\/9TAqAAU0PVrA7IQD6CvTC9d7GURZ1AQo65xSQAAAAAAAAAA"}
00507{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422176,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABwiaEAAPUGXPoIERYfwKgAFA+gn9aNJ1R1\/ryrG4AY\/\/+zfAAAAQEICsq+Lw\/WRqx4OD1PATk9MDA0OQEzNT1HAQFQAAAADVkI5OEMFgYg3VCIUAATiYF3AAAADFkI5OEMB9wg3RAAEAATiYAA"}
00425{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":422362,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9dAAEAG7ADAqAAUCBEWH5\/WD6D+vKsbjSdUsYAQ\/\/\/e0wAAAQEICtZGrcDKvi8P"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956116,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP7\/wAADIGm\/fQ9WsDwKgAFA+glvYLJrChYuT9OVAYYmg1SgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1493755111956,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956292,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPOZAAEAGATXAqAAU0PVrA5b2D6Bi5P05CyawyFAQ\/Gz0DgAAAAAAAAAA"}
00529{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755111,"pkt_ts_usec":956474,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POdAAEAGAN\/AqAAU0PVrA5b2D6Bi5P05CyawyFAY\/GyQmgAAOD1GSVhDT01QATk9NzABeJwFwTEKgEAMBEDyII\/dJIu5g7SCP7C1sbPx\/4Uz1cd5jRy02UDKQg2LbFAVafJ2cIfgG+dSraCR3s\/9vUY05fYD3SIN0A=="}
00477{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21192,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbUHoAAPUGljYIERYfwKgAFA+gn9aNJ1Sx\/ryrG4AY\/\/8jgwAAAQEICsq+MWbWRq3AOD1PATk9MDAyOAEzNT1HAQCoAAAAClkI5OEMBKcgnRAAEAATiYAA"}
00426{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":21357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9hAAEAG6\/\/AqAAUCBEWH5\/WD6D+vKsbjSdU2IAQ\/\/\/bogAAAQEICtZGrnPKvjFm"}
00405{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755112,"pkt_ts_usec":50148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo7\/0AADIGnB3Q9WsDwKgAFA+glvYLJrDIYuT9jlAQYmiNvgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353296,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP8tQAADIGmR\/Q9WsDwKgAFA+gmLZKUJEYQJIHD1AYWpQ0OgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1493755113353,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00525{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":353689,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB8GO1AAEAGJNrAqAAU0PVrA5i2D6BAkgcPSlCRP1AY\/\/\/ZrgAAOD1GSVhDT01QATk9NjkBeJwFwTsKgEAQA1ByICWZnbAfmFbwBrY2djbev\/C9Ucd57bkLs8g0motoWZR7Co4KqtOMTXN5rBaQop77eyGWTPzcug3M"}
00407{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":404609,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tUAADIGmUXQ9WsDwKgAFA+gmLZKUJE\/QJIHY1AQWpSMrwAA"}
00478{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755113,"pkt_ts_usec":567320,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbkAcAAPUGVqkIERYfwKgAFA+gn9aNJ1TY\/ryrG4AY\/\/98qAAAAQEICsq+N3DWRq5zOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
@@ -111,9 +111,9 @@
00415{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":450077,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoPkdAAEAG\/9PAqAAU0PVrA7IQD6CvTC9d7GURilAQo65xJgAAAAAAAAAA"}
00480{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576090,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABbCkwAAPUG3GQIERYfwKgAFA+gn9aNJ1Um\/ryrcIAY\/\/\/qjgAAAQEICsq+QzHWRrLFOD1PATk9MDAyOAEzNT1HAQCoAAAADVkI5OYMFgYg3jAEMAATiYB9"}
00427{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":576253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACJNe\/gxTHK5MeMlCABFAAA0b9xAAEAG6\/vAqAAUCBEWH5\/WD6D+vKtwjSdVTYAQ\/\/\/DtgAAAQEICtZGs8rKvkMx"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662603,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP0h0AAC8GyO7ZwFYgwKgAFA+g0FJoqda4F+2kj1AYRRhFXQAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1493755116662,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00527{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":662933,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9Lt9AAEAGGv\/AqAAU2cBWINBSD6AX7aSPaKnW31AYhgAmIwAAOD1GSVhDT01QATk9NzABeJwFwTsKgEAMBFByIJeZJMN+IK2wN7C1sbPx\/oXvjTr31bLRZgEpCxUsskD1SJOXgx2CH5xLY4WM9Hru7zWiKNkP3UcN1g=="}
00406{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755116,"pkt_ts_usec":788876,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo0h4AAC8GyRTZwFYgwKgAFA+g0FJoqdbfF+2k5FAQRRid0QAA"}
00507{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":18095,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"THK5MeMlACJNe\/gxCABFAABw0W4AAPUGFS0IERYfwKgAFA+gn9aNJ1VN\/ryrcIAY\/\/\/t8QAAAQEICsq+ROvWRrPKOD1PATk9MDA0OQEzNT1HAQFQAAAAClkI5OYMBKcg3hAAEAATiYAAAAAADFkI5OYMB9wgnhAAEAATiYAA"}
@@ -122,9 +122,9 @@
00406{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":99077,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8tYAADIGmUTQ9WsDwKgAFA+gmLZKUJE\/QJIHxlAQWpSMTAAA"}
00481{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":100000,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"THK5MeMlACJNe\/gxCABFAABe8tcAADIGmQ3Q9WsDwKgAFA+gmLZKUJE\/QJIHxlAYWpTOmAAAOD1GSVguNC4xATk9MDAwMjkBMzU9MAExMTI9Rml4VGVzdFJlcXVlc3QzMTI1OQExMD0yMzYB"}
00417{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":142205,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACJNe\/gxTHK5MeMlCABFAAAoGO9AAEAGJSzAqAAU0PVrA5i2D6BAkgfGSlCRdVAQ\/\/\/mqgAAAAAAAAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668152,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"THK5MeMlACJNe\/gxCABFAABb6MoAAPUG\/eUIERYfwKgAFA+gn+AbjTX8bvFE4oAY\/\/8xhAAAAQEICsq+R3VyD9Q7OD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
-00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":71,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":71,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
+00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1493755117668,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","ndpi": {"proto":"FIX","breed":"Safe","category":"RPC"}}
00546{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":668466,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ACJNe\/gxTHK5MeMlCABFAACK1yxAAEAGhFXAqAAUCBEWH5\/gD6Bu8UTiG402I4AY\/+CkEwAAAQEICnIP3\/PKvkd1OD1GSVhDT01QATk9NzEBeJwFwbENgDAMBEB5IKJ\/Ow5OpG+R2ICWho6G\/QvuSsd5td5oU0BPixQsusCsLEuXgzsSvnGurBXDSNdzf68R4gj7Ad5tDd0="}
00425{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755117,"pkt_ts_usec":687593,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"THK5MeMlACJNe\/gxCABFAAA09L8AAPUG8hcIERYfwKgAFA+gn+AbjTYjbvFFOIAQ\/\/9+KwAAAQEICsq+R4lyD9\/z"}
00459{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755118,"pkt_ts_usec":23991,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABPU\/4AADIGN\/bQ9WsDwKgAFA+glvwzTd\/tWnk+l1AYb96XaAAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
@@ -171,16 +171,16 @@
00459{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755131,"pkt_ts_usec":957249,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"THK5MeMlACJNe\/gxCABFAABP8AAAADIGm\/PQ9WsDwKgAFA+glvYLJrDvYuT941AYYmg0UgAAOD1GSVguNC4xATk9MDAwMTQBMzU9MQExMTI9ZmFybQExMD0yMTcB"}
00527{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755131,"pkt_ts_usec":957560,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"ACJNe\/gxTHK5MeMlCABFAAB9POlAAEAGAN3AqAAU0PVrA5b2D6Bi5P3jCyaxFlAY\/GwoNwAAOD1GSVhDT01QATk9NzABeJwFwbENgDAQA0D9QET2Jw5JJLdIbEBLQ0fD\/gV3w8d5lVYY00BTVBlRm0GN2kPpBHcIuXEujSUGmX7u7w3CVI8f3Z4N2A=="}
00405{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"fix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1493755132,"pkt_ts_usec":7515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"THK5MeMlACJNe\/gxCABFAAAo8AEAADIGnBnQ9WsDwKgAFA+glvYLJrEWYuT+OFAQYmiMxgAA"}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_tot_l4_data_len":23399,"flow_min_l4_data_len":20,"flow_max_l4_data_len":477,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_tot_l4_data_len":2792,"flow_min_l4_data_len":20,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_tot_l4_data_len":2072,"flow_min_l4_data_len":32,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":57,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_tot_l4_data_len":441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":20,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_tot_l4_data_len":17013,"flow_min_l4_data_len":32,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":76,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":32,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":72,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_tot_l4_data_len":695,"flow_min_l4_data_len":32,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":69,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_tot_l4_data_len":21072,"flow_min_l4_data_len":32,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_tot_l4_data_len":572,"flow_min_l4_data_len":20,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":57,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_tot_l4_data_len":1007,"flow_min_l4_data_len":20,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":20,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":456,"flow_first_seen":1493755109301,"flow_last_seen":1493755132102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":14279,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45578,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":70,"flow_first_seen":1493755109440,"flow_last_seen":1493755131870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":1392,"flow_avg_l4_payload_len":19,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":45584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":36,"flow_first_seen":1493755110328,"flow_last_seen":1493755132019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":920,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40918,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1493755117668,"flow_last_seen":1493755127687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":40928,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":11,"flow_first_seen":1493755116662,"flow_last_seen":1493755126832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"217.192.86.32","dst_ip":"192.168.0.20","src_port":4000,"dst_port":53330,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":222,"flow_first_seen":1493755109242,"flow_last_seen":1493755131889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":9909,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1493755109301,"flow_last_seen":1493755128771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":40,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47952,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1493755109654,"flow_last_seen":1493755129718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47962,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":401,"flow_first_seen":1493755109264,"flow_last_seen":1493755132120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":8240,"flow_avg_l4_payload_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test"}
diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out
new file mode 100644
index 000000000..a7a6a06e8
--- /dev/null
+++ b/test/results/forticlient.pcap.out
@@ -0,0 +1,102 @@
+00479{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1621067203571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00446{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":571879,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"}
+00438{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="}
+00426{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":633503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlmzPZBHKQoAQECzFugAAAQEICienPKAGP5Ck"}
+00658{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":776571,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"EBMx8Tl2KDc3AG3ICABFAADfAABAAEAG92DAqAGyUlEuDfFtKMutlmzPZBHKQoAYECx8qwAAAQEICienPS4GP5CkFgMBAKYBAACiAwNgn4XDHhk9zkDSeKikF83Z2kCbBVuvXP2YO+k8PIUoXwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAATQAAABAADgAACzgyLjgxLjQ2LjEzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1621067203571,"flow_last_seen":1621067203776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":171,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00427{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":840255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WuhAADQGqSNSUS4NwKgBsijL8W1kEcpCrZZteoAQABDUiQAAAQEICgY\/kLgnpz0u"}
+02363{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":852128,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUWulAADQGo4JSUS4NwKgBsijL8W1kEcpCrZZteoAQABBZ3QAAAQEICgY\/kLknpz0uFgMDAFkCAABVAwNMQYg+z1Akfi0bYPhJZIpw8023veuBHo\/hhYl77vjjiCBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
+00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1621067203571,"flow_last_seen":1621067203852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1611,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01801{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854111,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlWupAADQGpTBSUS4NwKgBsijL8W1kEc\/irZZteoAYABDBnAAAAQEICgY\/kLknpz0ucHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQR+URWW5b3gDqWmVPPVzCdlCGa\/ZaV9D+4Y5LUq\/JTO8Pk5ntccgmPedHiM9ZU+yI6Wp\/rtlbvgg4DA+MifFvwbicOs51Y5U3e0warnAkqqHAVMg54Z2\/Qq5XYxJF4LlrwGAQEAWiagxs18C1Nhbm1NTKu8WaMewNWGkzOuz+sQcA0aJfYoWKbFGvHp1IlkAACJzZSXn\/iVpmF3vwwULnxcomU2Jm7bqHJEoHYbHaKETn\/JXTHTi9F8FfA9aTPhqRbRgB9kmFz57jnAd2soS7OLctE2FyEyl1eh8Iw34k\/LtieEZUTP0IVeRumrkcgyvDMtvHjnzQwo2bNJ1TF5ORTWalkmUYP7xZr\/I2xxHX45rTw+lu3\/wkZrzwYISP6GFzLrAwZXf9Yfqkdj3OARN+OOLJGBDKwq4Zwx2cHOfixpe9PzhlM7RkGV1O8gqkB5ewCDY+E+jNPxSzyZflcHUtKhGw1lJBYDAwAEDgAAAA=="}
+01091{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1621067203571,"flow_last_seen":1621067203854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2620,"flow_avg_l4_payload_len":374,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00426{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":854223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm16ZBHT04AQD9+63gAAAQEICienPXgGP5C5"}
+00575{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985738,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFtKMutlm16ZBHT04AYEABn6gAAAQEICienPfkGP5C5FgMDAGYQAABiYQTvWBhKDRHH\/ODiOXdjlYaQWgsQRuME0zv3XHyBRRCZmTerEMFWFOfxHpdD05AKQ2xP+jA6kpB\/8E5bgg5jjZwSOsuOZT2bsHpIGDYh0lqRNfLwBslWlCzqDoy59tf4QEk="}
+00436{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985743,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFtKMutlm3lZBHT04AYEAChvwAAAQEICienPfkGP5C5FAMDAAEB"}
+00491{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067203,"pkt_ts_usec":985759,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFtKMutlm3rZBHT04AYEACP1QAAAQEICienPfkGP5C5FgMDACiPvzq+zAUfbHcuAAZMPS9qDTujM0mpb\/a9HQZw7GJsXrVVo4K4R32f"}
+00428{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":58367,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WutAADQGqSBSUS4NwKgBsijL8W1kEdPTrZZuGIAQABDJeQAAAQEICgY\/kM4npz35"}
+00499{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59366,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnWuxAADQGqOxSUS4NwKgBsijL8W1kEdPTrZZuGIAYABBhYQAAAQEICgY\/kM4npz35FAMDAAEBFgMDACghidHAtJpSKRWJ59jA1JNw42oTY\/dmGXJgbzbWcnpUpjfbaFQB1oJG"}
+00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":59478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFtKMutlm4YZBHUBoAQD\/65EAAAAQEICienPkEGP5DO"}
+00653{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":392230,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"EBMx8Tl2KDc3AG3ICABFAADYAABAAEAG92fAqAGyUlEuDfFtKMutlm4YZBHUBoAYEAC3jgAAAQEICienP4wGP5DOFwMDAJ+Pvzq+zAUfbV7XzAzO8kyR6SPi8+PHCMVSKeRefo6BBzxUVgted\/7S1JXrgvYiGetmmO3jPHiDrhWDcVz4c+8efu3wOgT\/E492kxUPwc4UjVhxyhE1wUkDMmngdrzgo2WN7UjpoAyrOo3GIIKKfsJy+eZgSNyosoprodoMnyncoZZE4wMSWTW6IpN4DZSPYGeg92KNxCBdcNED2ldshwM="}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1621067204622,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":622472,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFuKMux1NwAAAAAALAC\/\/\/kHgAAAgQFtAEDAwUBAQgKJ6dAbwAAAAAEAgAA"}
+00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682265,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8DZFAADQG9nJSUS4NwKgBsijL8W6yVLN5sdTcAaASOEC\/ugAAAgQFrAQCCAoGP5ENJ6dAbwEDAwo="}
+00427{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":682424,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NwBslSzeoAQECwWWwAAAQEICienQKoGP5EN"}
+00705{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":827269,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFuKMux1NwBslSzeoAYECwJbQAAAQEICienQToGP5ENFgMBAMYBAADCAwNgn4XEp+uBSLXTSYGmDjytSwbEIFYHQALSGOu1WZB+OiBAKAstRSAMu1dd4iOTCn8qfpwAVoV+sGTLYNRnbzZqNgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1621067204622,"flow_last_seen":1621067204827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00428{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":886490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImlAADQG4aJSUS4NwKgBsijL8W6yVLN6sdTczIAQABAlCAAAAQEICgY\/kSEnp0E6"}
+02364{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":898197,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUImpAADQG3AFSUS4NwKgBsijL8W6yVLN6sdTczIAQABDMewAAAQEICgY\/kSInp0E6FgMDAFkCAABVAwPNKKzk0kFbGwK4GoGYDE7Clte2bxu4mBZlYF57\/OTSeCD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExsAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
+00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1621067204622,"flow_last_seen":1621067204898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01802{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900059,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlImtAADQG3a9SUS4NwKgBsijL8W6yVLkasdTczIAYABA\/5AAAAQEICgY\/kSInp0E6cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQRDWmAmCg7XsTW+RvCAC0sbZ+SBRkSgFCUlkz\/IwN\/8c\/NJIrs+ILcpIxCCI0N9sDPjc20vF3fhrL8oZBKZYp8ZbnTlpZrSiKibycLeXw1ASLbNdqYX3C+izklbSVJ\/tokGAQEABsO0H8vdCw0252tfIzfTfFWWJXTldG3BxDkkL4g1+0rLC+30WT+5h111YwDniV9p6SpJPWnP79Ah0p2blDE6FrdGElq5cIPT03Cte5Pygktzt3LkZAIscr\/HNfshHX6DT6B6gCsDRe7LT\/CJ7zw1pxErmsA1VDwZhwGwND6YCSsyyG2lqPfClwFiQwG5pR8Nn9ZXofREIJEnZTR6xf6a\/b19Ct7XaRLkl4il8P\/3lf+8eWV3jWuMnq0bAFbV90AD4k8m030f14e+Hkz8j4wGDwWOwBAO\/Bd5sFNzy7yX+9njCybmLTwDm6Ou0XWocGTEvAzh2sjgkSXR1g9SofMVgxYDAwAEDgAAAA=="}
+01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1621067204622,"flow_last_seen":1621067204900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00427{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067204,"pkt_ts_usec":900142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1NzMslS9C4AQD98LYAAAAQEICienQYEGP5Ei"}
+00575{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37894,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFuKMux1NzMslS9C4AYEAA1FQAAAQEICienQggGP5EiFgMDAGYQAABiYQRMlk9Sqm8x7BO7Ac\/JDkvTlimMq+ZTv2U1j379dVY8SgvRAiH5jrVV0Wx2QR8wjgugOy2ro2NKKw4TbZbYXO4ZIWGRnWkU\/sfj+8WhWYs3YarXXSOfhe5kLw3fJTpeBlA="}
+00435{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37898,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFuKMux1N03slS9C4AYEADyOgAAAQEICienQggGP5EiFAMDAAEB"}
+00489{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":37900,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFuKMux1N09slS9C4AYEACTFgAAAQEICienQggGP5EiFgMDACgf6ycOGoisF0h9nBZSXpGNUmJ9jfcKojoAJNMP8smnzz4+kDYh3VrI"}
+00429{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":108650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ImxAADQG4Z9SUS4NwKgBsijL8W6yVL0LsdTdaoAQABAZ9QAAAQEICgY\/kTcnp0II"}
+00500{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109043,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnIm1AADQG4WtSUS4NwKgBsijL8W6yVL0LsdTdaoAYABAqlAAAAQEICgY\/kTcnp0IIFAMDAAEBFgMDACiaUVlfnayZVBonB\/0bq4uxNvKj8siuQLcBr0MUxggpqZLArDcYZrpE"}
+00429{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":109116,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFuKMux1N1qslS9PoAQD\/4JjwAAAQEICienQk0GP5E3"}
+00655{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":445671,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"EBMx8Tl2KDc3AG3ICABFAADZAABAAEAG92bAqAGyUlEuDfFuKMux1N1qslS9PoAYEAC44QAAAQEICienQ5sGP5E3FwMDAKAf6ycOGoisGDmLuUPZx2+NBbgG8KhkWAB8Nz3dy4fDJtcvavNE9o\/ywFaGef6yNl1gdZXprd9Iu5V1f6t9\/EoQ+5QZ04TdKwgyu\/EBULZ7KUZNs7Jbcw465+G0CHW26Yhh9qQ0z2C45s76iEvhqy08QAZyAysN5FJGljaNK5642VdzWV8l8lwsxzieIYZW6mxl3LZE0\/8o6UPl0seZUrJw"}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1621067205651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00447{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":651500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFzKMsSeiBCAAAAALAC\/\/87PQAAAgQFtAEDAwUBAQgKJ6dEZQAAAAAEAgAA"}
+00439{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710127,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8c5FAADQGkHJSUS4NwKgBsijL8XP7CfxqEnogQ6ASOECEzAAAAgQFrAQCCAoGP5FzJ6dEZQEDAwo="}
+00427{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":710225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiBD+wn8a4AQECzbbQAAAQEICienRJ8GP5Fz"}
+00705{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":856632,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfFzKMsSeiBD+wn8a4AYECzNugAAAQEICienRTAGP5FzFgMBAMYBAADCAwNgn4XFQZiH+y8CHLF8hTQg3ogVgVp4VG9EWDmmbkf39yD6v6cDBAZPGVnAvwM3jxR4N1cBHzzI+povGklxwtUExgAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1621067205651,"flow_last_seen":1621067205856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00428{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":914177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRJAADQGlvlSUS4NwKgBsijL8XP7CfxrEnohDoAQABDqGAAAAQEICgY\/kYgnp0Uw"}
+02365{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":926006,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbRNAADQGkVhSUS4NwKgBsijL8XP7CfxrEnohDoAQABBMKwAAAQEICgY\/kYknp0UwFgMDAFkCAABVAwOYnBh1oFf3ZFZgK6KsDRsjcw1liD4uUa6U3S\/+hnNkKyAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3Pc8AwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
+00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1621067205651,"flow_last_seen":1621067205926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01798{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928157,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlbRRAADQGkwZSUS4NwKgBsijL8XP7CgILEnohDoAYABDaoQAAAQEICgY\/kYknp0UwcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQSpCI+VU7scjI3LZuh6jYdR3hiS+GXuFJu25gRBjlJW6+WSybs3rdoGEEOYPd0BnWod+IHDRUnzR2ptbIn0wosun1EaK94f345iYnt80TzVyXB5UPM880CNCqj3UAZBoVIGAQEABlPh0A5Bm60QzR6b9DrW1Tfbwxn2udCztNSTaJXT\/2w4ngli8i8InoI82Wg27s2xkKI+vFQA6sFXSo7U3KaUCCEJlgLtSNg\/2A\/b\/1bwkoDQHt9uOpgGm45ce2lS1OLsqZDhNE\/gp98CcpcVfkuoaFWhyChqJBI6ViV8ayFLbffU3P9h8KG72wFOW2INm+MYlr3WytPis+HH9IVw2Tjc7jMVS7nQhFv6L7\/0Gi2LedZL0ZpR811lOPPCyOX6piYedCFJaL4vZDBViQeRrG3asy2ZAurbxozYYclAUua5HyYR9ykN7S9W1f2gspfkn5vrULgtoCnuvsoXYPofDnqTfhYDAwAEDgAAAA=="}
+01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1621067205651,"flow_last_seen":1621067205928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00429{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067205,"pkt_ts_usec":928256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiEO+woF\/IAQD9\/QcwAAAQEICienRXQGP5GJ"}
+00574{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":69996,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfFzKMsSeiEO+woF\/IAYEABb9QAAAQEICienRgAGP5GJFgMDAGYQAABiYQS5klChCa1nu02InQSoL0lqkSpQKQso0+o5k7FR4cIlwmA8FNGNPgAOoglyMxSwmZD+xq8zmrxdr8+9ElnZVss7a3SMEwDf9mpkhDJzZcJXJeOg4cqF2AXi3h7DiDRygyA="}
+00436{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70001,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfFzKMsSeiF5+woF\/IAYEAC3SQAAAQEICienRgAGP5GJFAMDAAEB"}
+00494{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":70025,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfFzKMsSeiF\/+woF\/IAYEAAqwAAAAQEICienRgAGP5GJFgMDACg\/EKPn7uMD3g\/9A372am0PiizumOS\/7xcBlN2Gm6fq1JY4BwdMMHUP"}
+00429{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bRVAADQGlvZSUS4NwKgBsijL8XP7CgX8EnohrIAQABDfAwAAAQEICgY\/kZ4np0YA"}
+00499{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":139880,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnbRZAADQGlsJSUS4NwKgBsijL8XP7CgX8EnohrIAYABDIqQAAAQEICgY\/kZ4np0YAFAMDAAEBFgMDAChMdauOcW6Ls8zMpiVvg2ZTht4sOE2iePygPE6IcwmsrDzF4ZSHgKvC"}
+00429{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":140004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfFzKMsSeiGs+woGL4AQD\/7OnQAAAQEICienRkUGP5Ge"}
+00690{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":274735,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD0AABAAEAG90vAqAGyUlEuDfFzKMsSeiGs+woGL4AYEACMlgAAAQEICienRssGP5GeFwMDALs\/EKPn7uMD3+wpjQBRFW8e1EcPlV6Q6ObSOqheHzsJDzuPoZN+Gy1ymx+9FyKqEEkIOfMazwYQ1jHzyLN0ANGU6MOzbuoIkP6aN6cUV6Hq5u4aMPaai27JxkjW\/meB7CaPzYnZwVS0XzMoNt06YmeNjlaCEypgQR5oxOqm3kSg3\/Prt7AgH4LaxXpG1bhEcVfWFCh9HtyS8dBtzsLRqJiDXjhHZNpSebLaEzxVTZ+rzaFcK8i17+PsWOwB"}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1621067206773,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00447{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":773010,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF0KMspKYnJAAAAALAC\/\/+2swAAAgQFtAEDAwUBAQgKJ6dItwAAAAAEAgAA"}
+00439{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA85JFAADQGH3JSUS4NwKgBsijL8XTNezJoKSmJyqASOED3YgAAAgQFrAQCCAoGP5HkJ6dItwEDAwo="}
+00427{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":833438,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYnKzXsyaYAQECxOAgAAAQEICienSPMGP5Hk"}
+00707{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067206,"pkt_ts_usec":977150,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD\/AABAAEAG90DAqAGyUlEuDfF0KMspKYnKzXsyaYAYECwOmAAAAQEICienSYIGP5HkFgMBAMYBAADCAwNgn4XGR7oIUOrAwfXLNhOc\/stRXR3cpjisHDHrOmoG8CAELNgcMkheJM59FCR9MMzWP2xubihBgP\/7aZ8AyE3PcwAsAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ0AnAA9ADwANQAvAAoBAABNAAAAEAAOAAALODIuODEuNDYuMTMACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1621067206773,"flow_last_seen":1621067206977,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00427{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":36967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4NAADQGYIhSUS4NwKgBsijL8XTNezJpKSmKlYAQABBcsAAAAQEICgY\/kfgnp0mC"}
+02365{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":49233,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUo4RAADQGWudSUS4NwKgBsijL8XTNezJpKSmKlYAQABA9RwAAAQEICgY\/kfknp0mCFgMDAFkCAABVAwNnZ\/OJo6RE7hyRtbLqvOcQnYNZvPW\/uW6Wzk3ZmtG85SCfyViooWLsKJeuaidxXFUrV8SrVuQwq5HnaWw9\/qL7fcAwAAAN\/wEAAQAACwAEAwABAhYDAwezCwAHrwAHrAADzTCCA8kwggKxoAMCAQICAzW7EjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTYwOTEyMTAwNjIwWhcNMzgwMTE5MDMxNDA3WjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxEjAQBgNVBAsTCUZvcnRpR2F0ZTEZMBcGA1UEAxMQRldGNjBFNFExNjAxMjA1MDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEkm3gy+fQGhP2G3iuLy8Thk0QvM9U+dmrsYDJ1gwTHyP2UJIhuJ02jfqRZiIvG+je9kV8s9R6mzJXHVuydgTIhOMjh5QYIPHRW4YuWrenkWAdCvgUyMPMMiz1hRBJvLfxGfMuKuiciYpdme8IwFlVz0WEZtQiIKspYk3LEKQFRg7EKq06hH7bjGSy9SkYiePX2\/K+0OUnL0KzGGpclRznUlXHfbVieNGeCTxeVpQoQK08D2Jl+FwRVE70QsL4ZCv6VMXYQCF1PrGR3pqMCr5ndr3OLTbmHxvvE9x8dx0KrEupPp\/gAIeWYX+g61\/j2hEO5ZbV47v2a619aMDCKTFzAgMBAAGjDTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAGnFfq2BB7sjnPn7mxKxLcB1FUKVGXmAyucp\/B9HVTQoE17Xl1+r5Vk0e9mZnjsVLg768p9ebGiiJdLeYRDlXK8g6qPSAnMzChCYAybcvAY3HxUYjSFT\/qPmInVgIry0shRIlrcAme9A3JylKBPVu3qiGNI6CaLUkC1Frxq9l2xiEWQ1Tjkm6Z0R1CEZwU4128hVF5ItS8lcBhikdcXjtsh3Kg4Go41t\/JVB6EzbQ8JhaM2\/jUDdDNoGqONDpHkRwAw1XbU7nhl4Kk3nD24cjs5xuyx049VRnmrp29nXpOu1NoxuV2ncaG+hMlcNaEGX8e8RaSdY5V5V\/2KIMQLuazAAA9kwggPVMIICvaADAgECAgkA2vY2tEPUpYswDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1cHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMB4XDTE1MDcxNjIyMzQzOVoXDTM4MDExOTIyMzQzOVowgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxETAPBgNVBAoTCEZvcnRpbmV0MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAMTB3N1"}
+00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1621067206773,"flow_last_seen":1621067207049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1643,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+01799{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50833,"pkt_caplen":1075,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1075,"pkt_l4_len":1041,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQlo4VAADQGXJVSUS4NwKgBsijL8XTNezgJKSmKlYAYABCMkAAAAQEICgY\/kfknp0mCcHBvcnQxIzAhBgkqhkiG9w0BCQEWFHN1cHBvcnRAZm9ydGluZXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DtRc9A1EhLIw05ZQUjRO8GwptUPgyEpi3i\/68NEncZmgpruBB+gn6vgzXjFbNM03bo2sm1S61hJSYOZf+bmtujbgmO0Z3HUXMovr7dwModQNXzBkIjQNBktqaGBs0nt+\/RV6uCy4lfGny6vMUkDbmlurEf1fq7WU6zg2oIzoJMe9Wn4iqZka5xWYVBMyH1+ITQvbQgVjQrnBz8Ldc\/U9rQLNcu7qyaO2vSmvBeKwZKJOTGDT4dNI7bi2\/SrkAE+B\/M5Yqlf1vqBoy3XuveFKLkaEoSVsIMYu0xt0pyV1ujE0FBnmfE9E0VLbot17l24HyOhzpHB2C\/12zFJLXsdYwIDAQABoxAwDjAMBgNVHRMEBTADAQH\/MA0GCSqGSIb3DQEBCwUAA4IBAQCHF\/uN7GdKtM2yGmlemIyaUrkL0fG5BBlBP92rQWSY3\/tynqu2CXfpZR8FT3mJrSr0YmdrFtJalc7iOrjBPm+UYIgRqJqMksnHUEVG7t0xRmeSajIi8pPz3dhQaUBl4YwT9ZdUFoAeyPjAiFgg4y9SbtUHfBQr1KNm2fSoYTP46PGZaOcnb5yTrulltEuXyA65EHo6QUiI2nyyU7TyDiVchiq4ciW0LtEJp01A\/Pep9i9biekhbj3TgkfgJQC3O9tF0OzgwK+zMq484gK+bqmeqKfUAion7hwzA+tVXIE3k2wiGiEBSNIQu2VYlHWpDsdPlD21UsKv+o6cQcSSjLiHFgMDAW0MAAFpAwAYYQTUu6wEEm6jsmXU0yCYD24OySeP+iql+oNZD\/TENWomz8k3jQ0IADMd4YxMPl5ytWgSDJI0fUn4l7Pbd8SWOodXcjYWJky+pbPSTG4pE5j1a+TMscEtWyiG7MEYLuOQnp0GAQEAeAyX7k5IEdhJ82TRB9jAixL1cTZ9S4jLhZM9mQDF4W1ZbAysAmH\/epKtzFX0GaHRNM5NqLRszFjgjwLZvy8GQf6PW2tsMa4\/XjHwzG39mZZQ\/tuqMW5fGtDACQES2AMZiyyWKtl62n5Tzfc5bRe8avX1eNr8vigRLuIIT\/uaxkBEqMs5SKi9qQ5GA1gXm5\/Ledt6fXFLZ6OJdUYI81WtqDQPwxsopyTTYPKIt5qWywK+XI5DDt4ZBx7H4ckwY6RQK1SzHtbuVOlBs8zaSezGrl1YMez7g+S9zMTU\/dkvPCBz\/Y8RRU9GC+Hl3FW3p8IpvWvTNllCUHU+afkH6s7cBxYDAwAEDgAAAA=="}
+01092{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1621067206773,"flow_last_seen":1621067207050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2652,"flow_avg_l4_payload_len":378,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00426{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":50911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF0KMspKYqVzXs7+oAQD99DCAAAAQEICienSckGP5H5"}
+00576{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191301,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"EBMx8Tl2KDc3AG3ICABFAACfAABAAEAG96DAqAGyUlEuDfF0KMspKYqVzXs7+oAYEAAu7QAAAQEICienSkwGP5H5FgMDAGYQAABiYQQ6kYoBbfIPDz94x4EusTtku\/dKN6TebFHE7uNWy8hsH504MR0EB6yxCJ\/pHBUq5uckb9Cdeka0R1KNmmvqhigAcMRqWMpqtJ6uOmMrC9CHBTNAsA0RhGxxoAIhd5OXoE4="}
+00436{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191313,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAYEAAp5wAAAQEICienSkwGP5H5FAMDAAEB"}
+00491{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":191346,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"EBMx8Tl2KDc3AG3ICABFAABhAABAAEAG997AqAGyUlEuDfF0KMspKYsGzXs7+oAYEABAWAAAAQEICienSkwGP5H5FgMDACjQiYyfqMB2pawPsR9Y6SCtqKtiDKoC\/WclUtRXEJiI+cZ2+gMJ1f+8"}
+00445{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAo4ZAADQGYHlSUS4NwKgBsijL8XTNezv6KSmLALAQABCzMQAAAQEICgY\/kg0np0pMAQEFCikpiwYpKYsz"}
+00429{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0o4dAADQGYIRSUS4NwKgBsijL8XTNezv6KSmLM4AQABBRogAAAQEICgY\/kg0np0pM"}
+00436{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":259296,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6AABAAEAG+AXAqAGyUlEuDfF0KMspKYsAzXs7+oAQEAApmwAAAQEICienSowGP5INFAMDAAEB"}
+00499{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067207,"pkt_ts_usec":262580,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABno4hAADQGYFBSUS4NwKgBsijL8XTNezv6KSmLM4AYABBEPQAAAQEICgY\/kg8np0pMFAMDAAEBFgMDACiulq2pdMiDxsWPQvueOyAAw83reAvmnyN0DGxWcBtQ2f1JK+jBTh71"}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1621067209199,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00448{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":199710,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfF8KMsekCMzAAAAALAC\/\/8eiQAAAgQFtAEDAwUBAQgKJ6dSCQAAAAAEAgAA"}
+00440{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA81pJAADQGLXFSUS4NwKgBsijL8XxcuXqIHpAjNKASOECG6AAAAgQFrAQCCAoGP5LWJ6dSCQEDAwo="}
+00428{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":262372,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCM0XLl6iYAQECzdhQAAAQEICienUkcGP5LW"}
+00854{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":264717,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFtAABAAEAG9tLAqAGyUlEuDfF8KMsekCM0XLl6iYAYECy4MwAAAQEICienUkkGP5LWFgMBATQBAAEwAwME0ZbiTglAl8IIF\/3QYtFxUOfO4VmvosSnyqFik3+gECB0m0E8n5ro5FpA+fOauorg9Y\/MUiqxzclkM+TtS7iPJgA+EwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAJ0AnAA9ADwANQAvAP8BAACpAAAAEAAOAAALODIuODEuNDYuMTMACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAABYAAAAXAAAADQAwAC4EAwUDBgMIBwgICAkICggLCAQIBQgGBAEFAQYBAwMCAwMBAgEDAgICBAIFAgYCACsACQgDBAMDAwIDAQAtAAIBAQAzACYAJAAdACBs1PQ+qJEvrZx4kd6w\/yirfgThWirK26NCg33JqRCxNQ=="}
+00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1621067209199,"flow_last_seen":1621067209264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00429{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":326813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA06FRAADQGG7dSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDsXwAAAQEICgY\/kt0np1JJ"}
+02362{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":346748,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU6FVAADQGFhZSUS4NwKgBsijL8XxcuXqJHpAkbYAQABDZeAAAAQEICgY\/kt4np1JJFgMDAD0CAAA5AwNUBzBqQ9tE91yRCnCEASczkwE6\/gOv+6viNjQyh6uYogDAMAAAEf8BAAEAAAsABAMAAQIAIwAAFgMDB7MLAAevAAesAAPNMIIDyTCCArGgAwIBAgIDNbsSMA0GCSqGSIb3DQEBCwUAMIGgMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRAwDgYDVQQDEwdzdXBwb3J0MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTAeFw0xNjA5MTIxMDA2MjBaFw0zODAxMTkwMzE0MDdaMIGdMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMREwDwYDVQQKEwhGb3J0aW5ldDESMBAGA1UECxMJRm9ydGlHYXRlMRkwFwYDVQQDExBGV0Y2MEU0UTE2MDEyMDUwMSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QGZvcnRpbmV0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMSSbeDL59AaE\/YbeK4vLxOGTRC8z1T52auxgMnWDBMfI\/ZQkiG4nTaN+pFmIi8b6N72RXyz1HqbMlcdW7J2BMiE4yOHlBgg8dFbhi5at6eRYB0K+BTIw8wyLPWFEEm8t\/EZ8y4q6JyJil2Z7wjAWVXPRYRm1CIgqyliTcsQpAVGDsQqrTqEftuMZLL1KRiJ49fb8r7Q5ScvQrMYalyVHOdSVcd9tWJ40Z4JPF5WlChArTwPYmX4XBFUTvRCwvhkK\/pUxdhAIXU+sZHemowKvmd2vc4tNuYfG+8T3Hx3HQqsS6k+n+AAh5Zhf6DrX+PaEQ7lltXju\/ZrrX1owMIpMXMCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAacV+rYEHuyOc+fubErEtwHUVQpUZeYDK5yn8H0dVNCgTXteXX6vlWTR72ZmeOxUuDvryn15saKIl0t5hEOVcryDqo9ICczMKEJgDJty8BjcfFRiNIVP+o+YidWAivLSyFEiWtwCZ70DcnKUoE9W7eqIY0joJotSQLUWvGr2XbGIRZDVOOSbpnRHUIRnBTjXbyFUXki1LyVwGGKR1xeO2yHcqDgajjW38lUHoTNtDwmFozb+NQN0M2gao40OkeRHADDVdtTueGXgqTecPbhyOznG7LHTj1VGeaunb2dek67U2jG5Xadxob6EyVw1oQZfx7xFpJ1jlXlX\/YogxAu5rMAAD2TCCA9UwggK9oAMCAQICCQDa9ja0Q9SlizANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmb3J0aW5ldC5jb20wHhcNMTUwNzE2MjIzNDM5WhcNMzgwMTE5MjIzNDM5WjCBoDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTERMA8GA1UEChMIRm9ydGluZXQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UEAxMHc3VwcG9ydDEjMCEGCSqGSIb3DQEJARYUc3VwcG9y"}
+00885{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1621067209199,"flow_last_seen":1621067209346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1753,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+01763{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348677,"pkt_caplen":1047,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1047,"pkt_l4_len":1013,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQJ6FZAADQGF+BSUS4NwKgBsijL8XxcuYApHpAkbYAYABCpVAAAAQEICgY\/kt4np1JJdEBmb3J0aW5ldC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUO1Fz0DUSEsjDTllBSNE7wbCm1Q+DISmLeL\/rw0SdxmaCmu4EH6Cfq+DNeMVs0zTdujaybVLrWElJg5l\/5ua26NuCY7RncdRcyi+vt3Ayh1A1fMGQiNA0GS2poYGzSe379FXq4LLiV8afLq8xSQNuaW6sR\/V+rtZTrODagjOgkx71afiKpmRrnFZhUEzIfX4hNC9tCBWNCucHPwt1z9T2tAs1y7urJo7a9Ka8F4rBkok5MYNPh00jtuLb9KuQAT4H8zliqV\/W+oGjLde694UouRoShJWwgxi7TG3SnJXW6MTQUGeZ8T0TRUtui3XuXbgfI6HOkcHYL\/XbMUktex1jAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIcX+43sZ0q0zbIaaV6YjJpSuQvR8bkEGUE\/3atBZJjf+3Keq7YJd+llHwVPeYmtKvRiZ2sW0lqVzuI6uME+b5RgiBGomoySycdQRUbu3TFGZ5JqMiLyk\/Pd2FBpQGXhjBP1l1QWgB7I+MCIWCDjL1Ju1Qd8FCvUo2bZ9KhhM\/jo8Zlo5ydvnJOu6WW0S5fIDrkQejpBSIjafLJTtPIOJVyGKrhyJbQu0QmnTUD896n2L1uJ6SFuPdOCR+AlALc720XQ7ODAr7MyrjziAr5uqZ6op9QCKifuHDMD61VcgTeTbCIaIQFI0hC7ZViUdakOx0+UPbVSwq\/6jpxBxJKMuIcWAwMBbQwAAWkDABhhBMm9s8Y8J88iOw9K3+u\/3AfajdDmrOpBOO7giMyfvSo5L\/76QGF2ZlvSm5\/aYk7PEkCLUKOwycUsoss4h\/BaMQU642JPmP9wHYeCTg+9d9CS\/+TR1nnQLnRts\/8c07kKowYBAQASdYRrtnQlQGsnr5R9dQPyOge8X+Ol+hFeyjDQ05ioqRL2NErNJ\/f\/5E2vi9SjcqwCh\/8Rvtgxf4MWxHT6e+W4J3MkugNzmGTmtOIZuWfKU069SGKwwFKpf99govz567LcYHAuM6Fcu8TDjaNFc\/xkEzhqjGXW0+ocq9JKdMBGLnb+ooYJ1j3Hn3gnd2wBcI5NVa+d6JU+S2SHRTFuxmt5wnEO8a6XCffR1RNI4YgkpUsYwj8KPa0\/FY2fsM0Y7aw00S1JBF0SQ1uMsB4H74MKpmQ1XhXANJp1eqsFjBJ8mFwjk1VcoRdvIoEIC3kt5cXRdjSemxw85wvfacyQB2pcFgMDAAQOAAAA"}
+01150{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1621067209199,"flow_last_seen":1621067209348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2734,"flow_avg_l4_payload_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"},"tls": {"version":"TLSv1.2","client_requested_server_name":"82.81.46.13","ja3":"40adfd923eb82b89d8836ba37a19bca1","ja3s":"e35df3e00ca4ef31d42b34bebaa2f86e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=Certificate Authority, CN=support","issuerDN":"C=US, ST=California, L=Sunnyvale, O=Fortinet, OU=FortiGate, CN=FWF60E4Q16012050","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"AA:8A:CE:95:99:2A:E0:A4:11:42:E4:C8:40:D7:DB:87:1F:4A:23:45"}}
+00429{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":348733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCRtXLmD\/oAQD+HSxwAAAQEICienUpoGP5Le"}
+00648{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":359930,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMx8Tl2KDc3AG3ICABFAADSAABAAEAG923AqAGyUlEuDfF8KMsekCRtXLmD\/oAYEADMNQAAAQEICienUqQGP5LeFgMDAGYQAABiYQSZ4VMIFZunofNsZKskfH9CoUgEbmPZM0172VWSipLEiZJ8tBi\/dHcTG7RCWrNcz2\/AQcYpNTA8ndBbNxkUK+HcYMWAPwYzPIZ4h1KcmSlyEOlOUeciFUxTbOcYEEByNToUAwMAAQEWAwMAKFEeBZdZ7Ez9Dk9UFd\/JAeDaptobTxU9txDkeQwFw2\/S5DFGqpTkZnw="}
+00763{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434000,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEm6FdAADQGGsJSUS4NwKgBsijL8XxcuYP+HpAlC4AYABGhyQAAAQEICgY\/kugnp1KkFgMDALoEAAC2AAABLACwZZ5ezzAqP9XZMgDoL75RZ9gKsZPtv3hFgtTFajzKS8k1\/xXE2UCuTttunJSuBdIuKnEN\/Z99ojHQB0lZwOl\/jM0gwh2EA\/I4zNTxQf7PJXpRHQf3ROtUVUwTQMijIEMa04osUwsU4WGHLeJX38Ov5jzlweBhxRbW+NGtPsf0oW7yQnCIs+4EBuGsjX4ef7FPEE4ombBosBmM3sxpznGrqFUZaO+DnJkmP0+l9yxH78cUAwMAAQEWAwMAKDjhilnLpQKXwZ7zjsk+KQxeJhW\/yKcV\/p5IeQ8pH8uqlOmBkLiZfsE="}
+00430{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":434122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCULXLmE8IAQD\/jQwgAAAQEICienUu4GP5Lo"}
+01148{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":863706,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAG9fnAqAGyUlEuDfF8KMsekCULXLmE8IAYEADC4AAAAQEICienVJcGP5LoFwMDAg1RHgWXWexM\/mIEDJ\/McXA79GaLqQ5pQt9rVkd6JDfUN4ZkXKSM5GEiQRpeNRfiTGywxAcOBrqBRZj1LP9N\/xr6kcPnz37IVvdng99Zu4qN0tu3JjAWqzlmGI8hL0h\/dF3ikHLYbqzz+5dpKPySqLIJXA2nqfQAyBQ6C78L+iHxvXCl7csbkhIKiJqyuobIhGViKzgc4Fz61jlXTZH5oUZlirB9FOYDKALeku3FV62alcW3sCkgk737CmTUeO1MDinSrEL0N1r84hQ68LeAyeYuDNJLdkvf9R8P0RWklgudkNlEIo3ijFTwEZeUrH1dKQI6FZvNSFNIrPAF6xijePjBkSU5r9TFijYT57lMN18yLTe+4Sb+ajDgAedyIH9R3zU09dyoMVoZbrKh0oPZQS1amJPq+cTaoweXsucOqHvJfib6fFONqLJqK1f+OjSvb9SKdsrmbV30wBxxh7RRNkQOvyVK2L+8kvnHlH7GU\/mRo3GXRpsHJ3nB3H+Z4Zlr1jfKiIhIQ+cC\/rGWj3sg1KazHr5l+rA8SAWkF6dHDkSndqtrQl9obY51F\/21FofIVg+RdqN+czJ2ToVOszESmLY9oYccQR+r1CfJCwu55ROBTq1M6E5\/2O7m1UwZ2WTFIAMVXKRbHfkuq7F4ixdDqxeVcKBZSjAIFXDlIuBm7GsV2+LccE0EHC+DBzSoYpw="}
+01477{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929036,"pkt_caplen":841,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":841,"pkt_l4_len":807,"pkt":"KDc3AG3IEBMx8Tl2CABFAAM76FhAADQGGKxSUS4NwKgBsijL8XxcuYTwHpAnHYAYABJplAAAAQEICgY\/kxknp1SXFwMDAwI44YpZy6UCmGq90u0xpH+SWX7ArQhxGoFyYzhteRYnGGj9ujnorokis6dxlUOpBMe4Qi3frKXBnQ2KpQk9GehHhJQTecOvD8CrAxpffjF\/gLgBdNaNY4NyiIL0mrCmbImPw1uxfTGXZ2t6I8ey7fWkTARZnVFiEfNkCsuO5cKaJzkei+RcWDnnVeBmkbvxqX7105dP\/vY3dE2wX3mpkXVoDvUWoNh+u6NCMm2hIBt2LAvgDXKnZwIjOfAdJN09oXkHRVWoBuZOo8Iivm0wpzGFxAE34Lbr+07QO8zo3digkSQRyRGh1jAcbZmyz+KLsajqn5cJMrJ6cGelxe+64at6k+JhsvLAtS44wuQq4iHEICApXevboeLwC8SdmVvmPOgQltKq\/nJZxH3XvoS+glODB7fv6RToBwUwAoIZecZEK5G0YWjYDojAQyqq5PDO\/3SFaYROKelZ8uiwxbAULBSoySoVUXduAM7HzUtr88MCqzkaHA66OxXgxx8HKeqkcKMRE4+4x9TwonVpd6RtnDA32Sv12o5p2Vj1Kq6yLmDqFIbrRXCNwpKFGBt4614EYpFV\/7IMPwD7Ek529bOo5utyAyTDIuPeVPj8eE3\/5aZXX7lT+BTHbFHeoyHKzi90ZV3d7XR3BStzkMsOAgUl6cBHrTslMA23O9v7QOsh5ceDXHQdXs1knd7lOv59PDtRkOBkIwSw9HwS+OHlVx23Xve7ogGe4wURgOR0JbHbYEHQrln5RphPxuA3hOrY1MAmbhbmF4GQ\/NOozuXTa6n+9T8\/0+rpEVktCQdedJUq2XJHryBZtPgAbthRtBC8bLElx4RL3NiO1uWX9fFqLN1PdmZ+AJYrtLIthmsjj0m1gFKseBlPFSFAEkwvMIhl9+2ATIQEp54vUdZkExcDP0f311TzfETsG3588mXZfgOVKqUmf00CQTffPCZl7JdJJhOKuXjFIEk2ZYGcnrJdpksbC60cpzNeb9Rco0uXdabJQmqEJSCC6Wc1LHWeAOVd730yn1TEDw=="}
+00429{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067209,"pkt_ts_usec":929134,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+AvAqAGyUlEuDfF8KMsekCcdXLmH94AQD+fJnwAAAQEICienVNgGP5MZ"}
+00833{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"forticlient.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1621067210,"pkt_ts_usec":13684,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFcAABAAEAG9uPAqAGyUlEuDfF8KMsekCcdXLmH94AYEACyHwAAAQEICienVSwGP5MZFwMDASNRHgWXWexM\/2AsPQ+vcQD6Zrq79uzdvo1W7uAfC\/k3Byxhuizp\/YGYPMVkseftaRj2FAH4N018E4DBa+lsL9iw+ZdF6EwUFEV9dU86dto3QLflhJd79EQEWry9hfEixzEL5qg3vL4B9+HG9XiwsmnlyQsXu3q4hobjm6f7dl\/tLVTXOm+RfKFkQWrOQos25nenEVSy7gEpcimMFjYLMFf151XwfwKy0jS3xvMmtVtqXEUQ5dljnoYADAHHgiQywX37bbFJuUorxqp2XW\/jSBpLjwzMpOBxWPCcYkSfX2DtP2ri+jJbddTED4521ycf1HWorm4iKnB5RUfnR5SfBytC10nISYiaI+Vactl9PdL8VSrK2LgqMTFYHb\/lL13xz7xgHZ4="}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":21,"flow_first_seen":1621067203571,"flow_last_seen":1621067204682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3422,"flow_avg_l4_payload_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":25,"flow_first_seen":1621067204622,"flow_last_seen":1621067205708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6751,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61806,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test"}
diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out
index 6559e95dd..12af9d6bd 100644
--- a/test/results/ftp.pcap.out
+++ b/test/results/ftp.pcap.out
@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1552590234892,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":892296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"}
00431{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919708,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":919816,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYGABWjI5fuWCrB04AQECxjbgAAAQEICjtXmLQSZ\/tN"}
@@ -12,22 +12,22 @@
00441{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590234,"pkt_ts_usec":976972,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2xCwDBkn+CABFEABBAABAAEAGAADAqAHUWoJGScYGABWjI5f+WCrCCYAYECpjewAAAQEICjtXmOwSZ\/tbUEFTUyBOY0ZUUEANCg=="}
00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":45752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OopAADYGpvJagkZJwKgB1AAVxgZYKsIJoyOYC4AQAAMV2wAAAQEIChJn+207V5js"}
00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":66945,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xCwDBkn+EBMx8Tl2CABFAABLOotAADYGptpagkZJwKgB1AAVxgZYKsIJoyOYC4AYAAM0PgAAAQEIChJn+3I7V5jsMjMwIExvZ2luIHN1Y2Nlc3NmdWwuDQo="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":32,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1552590234892,"flow_last_seen":1552590235066,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":106,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"anonymous","password":"NcFTP@","auth_failed":0}}
00420{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA0AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAQECljbgAAAQEICjtXmUUSZ\/ty"}
00428{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":67325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2xCwDBkn+CABFEAA5AABAAEAGAADAqAHUWoJGScYGABWjI5gLWCrCIIAYECljcwAAAQEICjtXmUUSZ\/tyUFdEDQo="}
00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590235,"pkt_ts_usec":94015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0OoxAADYGpvBagkZJwKgB1AAVxgZYKsIgoyOYEIAQAAMVWgAAAQEIChJn+3k7V5lF"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1552590236580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":580045,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYHZFXuwKKMAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1efIQAAAAAEAgAA"}
00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1GRVxgdmK2Nw7sCijaASqbDL3QAAAgQFrAQCCAoSZ\/zzO1efIQEDAw4="}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":608298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitjcYAQECxjbgAAAQEICjtXnzkSZ\/zz"}
02034{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637965,"pkt_caplen":1271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1271,"pkt_l4_len":1237,"pkt":"xCwDBkn+EBMx8Tl2CABFAATpn4tAADYGPTxagkZJwKgB1GRVxgdmK2Nx7sCijYAYAAMMxgAAAQEIChJn\/Po7V585LXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwMDAgRmViIDE5ICAyMDE2IDEwMDBHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDczNzQxODI0MDAgRmViIDE5ICAyMDE2IDEwMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAgMTAyNDAwIEZlYiAxOSAgMjAxNiAxMDBLQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAxMDQ4NTc2MDAgRmViIDE5ICAyMDE2IDEwME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQwIEZlYiAxOSAgMjAxNiAxMEdCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNDg1NzYwIEZlYiAxOSAgMjAxNiAxME1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgIDEwNzM3NDE4MjQgRmViIDE5ICAyMDE2IDFHQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgICAgMTAyNCBGZWIgMTkgIDIwMTYgMUtCLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAxMDQ4NTc2IEZlYiAxOSAgMjAxNiAxTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgMjA5NzE1MjAwIEZlYiAxOSAgMjAxNiAyMDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAyMDk3MTUyMCBGZWIgMTkgIDIwMTYgMjBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgMjA5NzE1MiBGZWIgMTkgIDIwMTYgMk1CLnppcA0KLXJ3LXItLXItLSAgICAxIDAgICAgICAgIDAgICAgICAgICAzMTQ1NzI4IEZlYiAxOSAgMjAxNiAzTUIuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgNTI0Mjg4MDAwIEZlYiAxOSAgMjAxNiA1MDBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICA1MjQyODgwMCBGZWIgMTkgIDIwMTYgNTBNQi56aXANCi1ydy1yLS1yLS0gICAgMSAwICAgICAgICAwICAgICAgICAgIDUyNDI4OCBGZWIgMTkgIDIwMTYgNTEyS0IuemlwDQotcnctci0tci0tICAgIDEgMCAgICAgICAgMCAgICAgICAgIDUyNDI4ODAgRmViIDE5ICAyMDE2IDVNQi56aXANCmRyd3hyLXhyLXggICAgMiAxMDUgICAgICAxMDggICAgICAgICAxNjM4NCBNYXIgMTQgMjA6MDMgdXBsb2FkDQo="}
-00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_tot_l4_data_len":1353,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1237,"flow_avg_l4_data_len":338,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1552590236580,"flow_last_seen":1552590236637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":301,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","ndpi": {"proto":"FTP_DATA","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
00420{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":637967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n4xAADYGQfBagkZJwKgB1GRVxgdmK2gm7sCijYARAAOfgQAAAQEIChJn\/Po7V585"}
00420{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJoAQEAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AQEAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":638093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYHZFXuwKKNZitoJ4AREAZjbgAAAQEICjtXn1USZ\/z6"}
00420{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590236,"pkt_ts_usec":666222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA0n41AADYGQe9agkZJwKgB1GRVxgdmK2gn7sCijoAQAAOfXAAAAQEIChJn\/QI7V59V"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1552590241545,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":545143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYIX8sNBxpOAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eyYgAAAAAEAgAA"}
00432{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573913,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1F\/LxggMTnkwDQcaT6ASqbBmYgAAAgQFrAQCCAoSaAHMO1eyYgEDAw4="}
00419{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":573957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFAAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE55MYAQECxjbgAAAQEICjtXsn0SaAHM"}
@@ -43,8 +43,8 @@
02347{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605531,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOdAADYGYvVagkZJwKgB1F\/LxggMTpVRDQcaT4AQAAMc+QAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00420{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2xCwDBkn+CABFCAA0AABAAEAGAADAqAHUWoJGScYIX8sNBxpPDE6a8YAQEABjbgAAAQEICjtXspsSaAHT"}
02347{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"ftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1552590241,"pkt_ts_usec":605595,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xCwDBkn+EBMx8Tl2CABFAAXUeOhAADYGYvRagkZJwKgB1F\/LxggMTprxDQcaT4AQAAMXWQAAAQEIChJoAdM7V7J9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_tot_l4_data_len":224192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":879,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_tot_l4_data_len":224192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":879,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_tot_l4_data_len":3259,"flow_min_l4_data_len":32,"flow_max_l4_data_len":273,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_tot_l4_data_len":1513,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1237,"flow_avg_l4_data_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":323,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":216000,"flow_avg_l4_payload_len":847,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test"}
diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out
index 03a4ba890..97956b71d 100644
--- a/test/results/ftp_failed.pcap.out
+++ b/test/results/ftp_failed.pcap.out
@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574361625864,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":864342,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="}
00470{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878212,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="}
00456{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361625,"pkt_ts_usec":878234,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="}
@@ -15,6 +15,6 @@
00465{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":74667,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACYGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QchwFQbPgBgA4XzJAAABAQgKlgV6zFbTThFRVUlUDQo="}
00479{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88560,"pkt_caplen":100,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":100,"pkt_l4_len":46,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOAC4GOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBs+ZN0HOgBgCAFELAAABAQgKVtNPzpYFeswyMjEgR29vZGJ5ZS4NCg=="}
00457{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ftp_failed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574361633,"pkt_ts_usec":88598,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3Qc5wFQbdgBAA4XzDAAABAQgKlgV62lbTT84="}
-00620{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"hello","password":"","auth_failed":1}}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":32,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00630{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download-FileTransfer-FileSharing"},"ftp": {"user":"hello","password":"","auth_failed":1}}
+00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test"}
diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out
index 218096938..b02c7423e 100644
--- a/test/results/genshin-impact.pcap.out
+++ b/test/results/genshin-impact.pcap.out
@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":822667,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1615497372822,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00425{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":843789,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="}
00631{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":883763,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="}
00537{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497372,"pkt_ts_usec":914092,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"}
@@ -16,10 +16,10 @@
00591{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497374,"pkt_ts_usec":420722,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"eJS0JASgYDjgxTWgCABFAACoRFwAAD8RtJLAqAJkL\/WPVeWOVlUAlES5MhgDABWiDTpSAAABuqolIwQAAAAJAAAAAAAAADIYAwAVog06UgAAAbqqJSMFAAAACQAAAAAAAAAyGAMAFaINOlIAAAG6qiUjBgAAAAkAAAAAAAAAMhgDABWiDTpSAAABuqolIwcAAAAJAAAAAAAAADIYAwAVog06UgAAAbqqJSMIAAAACQAAAAAAAAA="}
01994{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497374,"pkt_ts_usec":454693,"pkt_caplen":1223,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1223,"pkt_l4_len":1189,"pkt":"YDjgxTWgeJS0JASgCABFAAS5L5FAADcRjUwv9Y9VwKgCZFZV5Y4EpQL+MhgDABWiDTpRAAAB4qolIwkAAAADAAAAFQAAABE4ioiS+rtY\/qakj7lgfNlA0lknPjIYAwAVog06UQAAAeKqJSMKAAAAAwAAAF0AAAAROIzwkvq7WP7upI+5YHzZQNJZpIPgsbuy9jJ0NvZg5hteI8juk\/wat6qO2GbxdwGu6TiMdSxu9KXlOP4Xfbaq+MTwDev3KeW4Qkm3pCpS4MQt5MGvUJrKkRnoEzoyGAMAFaINOlEAAAHiqiUjCwAAAAMAAAAnAAAAETiBe5L6u1j+tKSPuWB82UDSWaSF4NFkpucpvZg4Y+4wMxm37TKnMhgDABWiDTpRAAAB4qolIwwAAAADAAAARQAAABE4gXuS+rtY\/pakj7lgfNlA0lmkn+DJZKbnK72DOErM++RMueyrD\/JsCIL65B9q2LviMC1nb2jEFkChXAV94oXwuPOOVjIYAwAVog06UQAAAeKqJSMNAAAAAwAAAEkAAAAROIF7kvq7WP6SpI+5YHzZQNJZpITg\/mSm5ym9DhlC7sN5Dd8Xvgbme5d51mD49rS\/yIAk5I9kauRcrn8JxxgRE252oVkApksDMhgDABWiDTpRAAAB4qolIw4AAAADAAAAJwAAABE4gXuS+rtY\/rSkj7lgfNlA0lmkheDNZKbnKb2ROGPuckdrtu0ypzIYAwAVog06UQAAAeKqJSMPAAAAAwAAAD8AAAAROIF7kvq7WP6MpI+5YHzZQNJZpJ\/gyxSn5yu9mTh2zOHkTcntqw3ydgi62GDxaae7+CM9675t\/JDKQIEU3LIyGAMAFaINOlEAAAHiqiUjEAAAAAMAAABFAAAAETiBe5L6u1j+lqSPuWB82UDSWaSf4OlkpucrvZI4bcz75Gy57KsP8n0IjfrNaBTYu+IwLUdvaMQWQLBcG32bsKe5845WMhgDABWiDTpRAAAB4qolIxEAAAADAAAASgAAABE4gXuS+rtY\/pOkj7lgfNlA0lmkmeDkZKbnK70nGkJW6ObWQE5KCPpwMDPQUDHvDlsNotrrlH3csKm6bBJNojNjIt7hMmpdxyHoMhgDABWiDTpRAAAB4qolIxIAAAADAAAAJwAAABE4gXuS+rtY\/rSkj7lgfNlA0lmkheC\/FafnKb2eOGPuY18pt+0ypzIYAwAVog06UQAAAeKqJSMTAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXguW2m5ym9ljho7k53CcjuMqcyGAMAFaINOlEAAAHiqiUjFAAAAAMAAABFAAAAETiBe5L6u1j+lqSPuWB82UDSWaSF4PZkpucpvYI4aO5JJCm27bEG4sTZjMJx4fAGluIwLVhvaMQWQKBcBX2pjp65845WMhgDABWiDTpRAAAB4qolIxUAAAADAAAAPwAAABE4gXuS+rtY\/oykj7lgfNlA0lmkheCxFafnKb2eOGPuAHoEtu2xBuKHqI3CceHsBrTiKi0dHmnEFEC8XBTcsjIYAwAVog06UQAAAeKqJSMWAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXgzGSm5ym9mzhj7iBmc7ftMqc="}
01967{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1615497374,"pkt_ts_usec":454886,"pkt_caplen":1206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1206,"pkt_l4_len":1172,"pkt":"YDjgxTWgeJS0JASgCABFAASoL5JAADcRjVwv9Y9VwKgCZFZV5Y4ElIPFMhgDABWiDTpRAAAB4qolIxcAAAADAAAASwAAABE4gXuS+rtY\/pCkj7lgfNlA0lmkheD5ZKbnKb2BOGfuFR5Qt+2xHOLP2YzCc+HzBqrAu+dMYWneBVAFjRVFGileZvwvOGg0Pa3K+jIYAwAVog06UQAAAeKqJSMYAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXg0mSm5ym9kThj7nNsRLftMqcyGAMAFaINOlEAAAHiqiUjGQAAAAMAAABLAAAAETiBe5L6u1j+kKSPuWB82UDSWaSH4PFkpucpvRIdQg7qxCLgI0UJ4H8gPCN06e8+MO0AheiUftymqbpsEk2XNGPW9S8GGgI9rcr6MhgDABWiDTpRAAAB4qolIxoAAAADAAAASwAAABE4gXuS+rtY\/pCkj7lgfNlA0lmkheDsZKbnKb3dOHbudVZ3tu2xHOLC2YzCc+GvBoLAw4FPH2reBVAOjRVFGikCZt4vcSh5PK3K+jIYAwAVog06UQAAAeKqJSMbAAAAAwAAAD8AAAAROIF7kvq7WP6MpI+5YHzZQNJZpIXgthWn5ym9njhj7kdcKbftsQbihKiNwnHh7Aa04iotGB5pxBRAvFwU3LIyGAMAFaINOlEAAAHiqiUjHAAAAAMAAAAzAAAAETiBe5L6u1j+uKSPuWB82UDSWaSd4NVkpucrhYwSas5\/HcBY6ZsI4HsgHSN06e8GtmGLMhgDABWiDTpRAAAB4qolIx0AAAADAAAARQAAABE4gXuS+rtY\/pakj7lgfNlA0lmkheCyCqfnKb2lOGfuGGQJyO6xBuKAt43CceHXBtriMC0cAWnEFkCHXAV9g\/CbxvCOVjIYAwAVog06UQAAAeKqJSMeAAAAAwAAAEsAAAAROIF7kvq7WP6QpI+5YHzZQNJZpIXgqhWn5ym9uDhj7hpFT7btsRzimKiNwnPhyga0wMPoFmFp3gVQVPwURRopZ2bzL38wND2tyvoyGAMAFaINOlEAAAHiqiUjHwAAAAMAAAA\/AAAAETiBe5L6u1j+jKSPuWB82UDSWaSF4MhkpucpvZA4aO4BYHC37bEG4v\/ZjMJx4eIGquIqLWNvaMQUQLJcOdyyMhgDABWiDTpRAAAB4qolIyAAAAADAAAAPwAAABE4gXuS+rtY\/oykj7lgfNlA0lmkheCsFafnKb2fOGPuZUFktu2xBuKCqI3CceHtBrTiKi0eHmnEFEC9XBTcsjIYAwAVog06UQAAAeKqJSMhAAAAAwAAACcAAAAROIF7kvq7WP60pI+5YHzZQNJZpIXgum2m5ym9ljhj7jtGRbbtMqcyGAMAFaINOlEAAAHiqiUjIgAAAAMAAAAnAAAAETiBe5L6u1j+tKSPuWB82UDSWaSF4INkpucpvZg4Y+5dbGO37TKnMhgDABWiDTpRAAAB4qolIyMAAAADAAAASgAAABE4gXuS+rtY\/pOkj7lgfNlA0lmkhuC6FafnKb08lGPmY8vsvRgt8+95JoAp8Pz+J6ZIrCTOTurXH1a2hpFQCTBb5noG3V8\/wyHo"}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_tot_l4_data_len":4427,"flow_min_l4_data_len":28,"flow_max_l4_data_len":1189,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":739661,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1617969465739,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00427{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":761279,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwmj1AADcRDQgv\/qltwKgCZFZW5wkAHNyDAAABRQACIqy6msTNSZYC0hRRRUU="}
00552{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":796897,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"eJS0JASgYDjgxTWgCABFAACLETwAAD8Rza7AqAJkL\/6pbecJVlYAd4PurCICAM3EmrpRAAABbMl+tgAAAAAAAAAAUwAAAOjKqWZw60qL9Yt3tYWQf\/bh4A8CmEwZmVNWIKRXCgqptAdyiLYHXIWEStbbdMV+nhEs6cNA1hYEnQ\/rbBPfqVmPcWA0wHkHrhALTrzN2JnmCbMb"}
00439{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969465,"pkt_ts_usec":822356,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="}
@@ -34,10 +34,10 @@
00591{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969467,"pkt_ts_usec":457136,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"eJS0JASgYDjgxTWgCABFAACoEAEAAD8RzszAqAJkL\/6pbecJVlYAlGYbrCICAM3EmrpSAAABMdB+tgMAAAAIAAAAAAAAAKwiAgDNxJq6UgAAATHQfrYEAAAACAAAAAAAAACsIgIAzcSaulIAAAEx0H62BQAAAAgAAAAAAAAArCICAM3EmrpSAAABMdB+tgYAAAAIAAAAAAAAAKwiAgDNxJq6UgAAATHQfrYHAAAACAAAAAAAAAA="}
00557{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969467,"pkt_ts_usec":482889,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"YDjgxTWgeJS0JASgCABFAACOnmtAADcRCHwv\/qltwKgCZFZW5wkAekgerCICAM3EmrpRAAABT9B+tggAAAACAAAAHQAAAJ34WIfI0kVMGX\/IRvcrSMme9rwA4BADg3cAGfocrCICAM3EmrpRAAABT9B+tgkAAAACAAAAHQAAAJ34WIfI0kVMGX\/IRvcrSMme9rwA4BAD4AAHGfoc"}
00477{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1617969467,"pkt_ts_usec":485845,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"eJS0JASgYDjgxTWgCABFAABU7MsAAD8R8lXAqAJkL\/6pbecJVlYAQJJBrCICAM3EmrpSAAABT9B+tggAAAAKAAAAAAAAAKwiAgDNxJq6UgAAAU\/QfrYJAAAACgAAAAAAAAA="}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_tot_l4_data_len":2110,"flow_min_l4_data_len":28,"flow_max_l4_data_len":616,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":491441,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1618759616491,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"proto":"GenshinImpact","breed":"Fun","category":"Game"}}
00428{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":511233,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"YDjgxTWgeJS0JASgCABFAAAwBJVAADYRLowI0UW\/wKgCZFZVzV8AHCclAAABRQAC8VwSg\/gZSZYC0hRRRUU="}
00632{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":572945,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="}
00538{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759616,"pkt_ts_usec":601044,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"}
@@ -52,5 +52,5 @@
00875{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759618,"pkt_ts_usec":701851,"pkt_caplen":396,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":396,"pkt_l4_len":362,"pkt":"YDjgxTWgeJS0JASgCABFAAF+CHZAADYRKV0I0UW\/wKgCZFZVzV8BagUrXPECABn4gxJRAAABgJCX5QMAAAADAAAAJQAAAJqL1J+puS+c4iZOjLzuk7ttpvZ0TBiz7budkMSNEVFmutQdZ1Fc8QIAGfiDElEAAAGAkJflBAAAAAMAAAAYAAAAmovWbKm5L5ziNU6MvO6Tu22m9nbiEZ4IXPECABn4gxJRAAABgJCX5QUAAAADAAAAHgAAAJqL1rKpuS+c4j9OjLzuk7ttpvZ0Rhh9s920CGhKqlzxAgAZ+IMSUQAAAYCQl+UGAAAAAwAAACUAAACai9SfqbkvnOImToy87pO7bab2dEwYs+27nZDEjRFRZrrUHWdRXPECABn4gxJRAAABgJCX5QcAAAADAAAAGAAAAJqL1mypuS+c4jVOjLzuk7ttpvZ24hGeCFzxAgAZ+IMSUQAAAYCQl+UIAAAAAwAAACIAAACai9VOqbkvnOI7Toy87pO7bab2dqydu6C7lphg2QPxZhPf"}
00666{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759618,"pkt_ts_usec":715293,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"eJS0JASgYDjgxTWgCABFAADgBboAAD8RY7fAqAJkCNFFv81fVlUAzKPcXPECABn4gxJSAAABdpCX5QIAAAAJAAAAAAAAAFzxAgAZ+IMSUgAAAYCQl+UDAAAACQAAAAAAAABc8QIAGfiDElIAAAGAkJflBAAAAAkAAAAAAAAAXPECABn4gxJSAAABgJCX5QUAAAAJAAAAAAAAAFzxAgAZ+IMSUgAAAYCQl+UGAAAACQAAAAAAAABc8QIAGfiDElIAAAGAkJflBwAAAAkAAAAAAAAAXPECABn4gxJSAAABgJCX5QgAAAAJAAAAAAAAAA=="}
00472{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1618759618,"pkt_ts_usec":761347,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"YDjgxTWgeJS0JASgCABFAABRCH1AADYRKoMI0UW\/wKgCZFZVzV8APR45XPECABn4gxJRAAABvJCX5QkAAAADAAAAGQAAAJqL1VapuS+c4jJOjLzuk7ttpvZ2nowWKgI="}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_tot_l4_data_len":2765,"flow_min_l4_data_len":28,"flow_max_l4_data_len":614,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test"}
diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out
index 30865ca7b..4f465b9dd 100644
--- a/test/results/git.pcap.out
+++ b/test/results/git.pcap.out
@@ -1,10 +1,10 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460821630164,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460821630164,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":164056,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="}
00430{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":221958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="}
00418{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":222020,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"}
00513{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":222080,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"nJcm0ghCPJcOZtCOCABFAAB5Q1hAAEAGSYPAqABNBZnnFbt3JMp+hgtFasBOVoAYAB1NLgAAAQEICgGnSCErjWmrMDA0NWdpdC11cGxvYWQtcGFjayAvY29sbGFiLW1haW50L3dvdHNhcC5naXQAaG9zdD1hbm9uc2NtLmRlYmlhbi5vcmcA"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":32,"flow_max_l4_data_len":101,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"proto":"Git","breed":"Safe","category":"Collaborative"}}
00418{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":278031,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J+9AAC8GdikFmecVwKgATSTKu3dqwE5WfoYLioAQAHLGLwAAAQEICiuNabkBp0gh"}
00690{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":321879,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"PJcOZtCOnJcm0ghCCABFCAD9J\/BAAC8GdV8FmecVwKgATSTKu3dqwE5WfoYLioAYAHIZMQAAAQEICiuNacUBp0ghMDBjOTM0ODUzNGM3NjBkMmY1NmVjZjkzZjhkNjdiODRjNWYwYWJhMDc3YzEgSEVBRABtdWx0aV9hY2sgdGhpbi1wYWNrIHNpZGUtYmFuZCBzaWRlLWJhbmQtNjRrIG9mcy1kZWx0YSBzaGFsbG93IG5vLXByb2dyZXNzIGluY2x1ZGUtdGFnIG11bHRpX2Fja19kZXRhaWxlZCBzeW1yZWY9SEVBRDpyZWZzL2hlYWRzL21hc3RlciBhZ2VudD1naXQvMS45LjEK"}
00418{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":321931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1lAAEAGScfAqABNBZnnFbt3JMp+hguKasBPH4AQAB7FlgAAAQEICgGnSDkrjWnF"}
@@ -16,5 +16,5 @@
00422{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":471592,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J\/NAAC8GdiUFmecVwKgATSTKu3dqwFKffoYNooAQAHq\/YgAAAQEICiuNaeoBp0hU"}
00433{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":471621,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8J\/RAAC8GdhwFmecVwKgATSTKu3dqwFKffoYNooAYAHrFngAAAQEICiuNaeoBp0hUMDAwOE5BSwo="}
02347{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"git.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460821630,"pkt_ts_usec":489457,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"PJcOZtCOnJcm0ghCCABFCAXUJ\/VAAC8GcIMFmecVwKgATSTKu3dqwFKnfoYNooAQAHrgqAAAAQEICiuNae4Bp0hUMDAyMgJDb3VudGluZyBvYmplY3RzOiAxMjYsIGRvbmUuCjAwMjkCQ29tcHJlc3Npbmcgb2JqZWN0czogICAxJSAoMS81NykgICANMDAyOQJDb21wcmVzc2luZyBvYmplY3RzOiAgIDMlICgyLzU3KSAgIA0wMDI5AkNvbXByZXNzaW5nIG9iamVjdHM6ICAgNSUgKDMvNTcpICAgDTAwMjkCQ29tcHJlc3Npbmcgb2JqZWN0czogICA3JSAoNC81NykgICANMDAyOQJDb21wcmVzc2luZyBvYmplY3RzOiAgIDglICg1LzU3KSAgIA0wMDI5AkNvbXByZXNzaW5nIG9iamVjdHM6ICAxMCUgKDYvNTcpICAgDTAwMjkCQ29tcHJlc3Npbmcgb2JqZWN0czogIDEyJSAoNy81NykgICANMDAyOQJDb21wcmVzc2luZyBvYmplY3RzOiAgMTQlICg4LzU3KSAgIA0wMDI5AkNvbXByZXNzaW5nIG9iamVjdHM6ICAxNSUgKDkvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDE3JSAoMTAvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDE5JSAoMTEvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDIxJSAoMTIvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDIyJSAoMTMvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDI0JSAoMTQvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDI2JSAoMTUvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDI4JSAoMTYvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDI5JSAoMTcvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDMxJSAoMTgvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDMzJSAoMTkvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDM1JSAoMjAvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDM2JSAoMjEvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDM4JSAoMjIvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQwJSAoMjMvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQyJSAoMjQvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQzJSAoMjUvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQ1JSAoMjYvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQ3JSAoMjcvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDQ5JSAoMjgvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDUwJSAoMjkvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDUyJSAoMzAvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDU0JSAoMzEvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDU2JSAoMzIvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDU3JSAoMzMvNTcpICAgDTAwMmECQ29tcHJlc3Npbmcgb2JqZWN0czogIDU5"}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_tot_l4_data_len":70945,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2912,"flow_avg_l4_data_len":788,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test"}
diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out
index 4bd2c0654..905ac057e 100644
--- a/test/results/google_ssl.pcap.out
+++ b/test/results/google_ssl.pcap.out
@@ -1,5 +1,5 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434443394683,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434443394683,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":683939,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="}
00417{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":717671,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443394,"pkt_ts_usec":851093,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"}
@@ -15,6 +15,6 @@
02343{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443398,"pkt_ts_usec":327656,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"gMbKAJ6fAA6OTbSoCABFAAW+fNkAADMGqMLYOtRkrB8D4AG7p1PuIxaqemdzaVAQp5RWwgAASW50ZXJuZXQgQXV0aG9yaXR5IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCoEd1zYUJE6BqOC4NhQSLyJP\/EZcBqIRn7gj8Xxic4h7lr+YQ23MkSJoHQLU09VpM6CYpXu61lfxuEFgBLEXpQ\/vFtIOPRT9yTm+5HpFcTP9FMN9Er8n1Tefb6ga2+HwNBQHygwA0DaCHNRbH\/\/OjynNwaOvUsRBOt9JN7m+fwxcfuU1WDzLkqvQtLL6sRqGrLMU90VS4sfyBlhH82dqD5jK4Q1aWWEyBnFRiL4U5W+44BKEMYq7LqXIBHHOZkQBKDwYXqVJYxOUnXitu0IyhT8ziJqs07PRgOXlwN+wLHee69FM8+6PnG33vQlJcINNYmdnfsOEXmJHjfFr45yaQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBRK3QYWG7z2aLV29YG2u2IaulqBLzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4IBAQAnjM\/pxzu+wG\/oloT7nFxdkOR324syYJtl2IUmtbqfHt5kTh\/GyCBbCZ+rqeAJNEWiZSU3PX9abyDM+frxHY8QDAI6xMkBdpa+m\/kV2DnRxQNHdriKjDHWYNXkj9v6PMbVmCj4HI8XkTTLy1J60fs6IOThhrHYGA++1odkjcUKJUJR77I4uOAd0OH85vSvRrrvwL\/FtAX1lHUM\/qK+Arrqhlv5NbNm9cWNhaEaI3caGRdUE2CfC+G0nCgq+a4CNG0lk5yCqBd78YWw0w9Y4fux\/pyho+j9yT\/013HcvYykGeAhIyNVE4+kFgIJfrmv7ttTZL1xL7k5zjC3tLxU4EcHAAOBMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg\/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt\/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ\/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwE="}
00837{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443398,"pkt_ts_usec":595261,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"AA6OTbSogMbKAJ6fCABFAAFiBqhAAEAG1k+sHwPg2DrUZKdTAbt6Z3Np7iMdcFAYLLBd8wAAFgMBAQYQAAECAQCJE\/UgWC1ephqdHlX76FYEvfsgrbMWPzUiKCabJKOq+PPxveMMBWMoKrAR383+Za5DefH15hpBf6KHSBreRxt4DCtCeYZyOCOTnaHmJuA+B+CpAvxIUauUywgA0Kbv0PY\/h2DOTF85nFsyyCCRlu5+Z\/Hagc5FBjk5JLDWo82AqJaazwoDzKcLFLAkqYtOgQGuLs9u6iqKkrvx9Rlomd+2PxuohkGYjk4iGsVFmSRrlhKDxifSDIlNWNln2rjAgXo+hjOSOs+xzBkSIMieIqFTTdF9t1nhteQEs3JQXWgLW4EkCINmccl84iq7ma03klyZ8Gg+dxC3vXdte3pIvlN0FAMBAAEBFgMBACRVFaqlyGalIwzWGm3pOUlb5hIiHh6emt5yoX3HqC5Oozr9Lv4="}
00828{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"google_ssl.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434443399,"pkt_ts_usec":540882,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"gMbKAJ6fAA6OTbSoCABFAAFYfNoAADMGrSfYOtRkrB8D4AG7p1PuIxxAemdzaVAYp5RnXgAAAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOBgQB24RJuTksWEoYwBrKBCM\/wCMfHcX5m7sLt1Dsf\/\/DwyE7WQziwuTB9GNBVg6JqyzYRnOhIZqNtf7gT1Ef+i1pcc\/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+DNusdVm\/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ\/EhYDAQAEDgAAAA=="}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_tot_l4_data_len":8136,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_tot_l4_data_len":8136,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test"}
diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out
index 7778cab87..f1981f3c9 100644
--- a/test/results/googledns_android10.pcap.out
+++ b/test/results/googledns_android10.pcap.out
@@ -1,32 +1,32 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592552824409,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592552824409,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":409182,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":632762,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552824,"pkt_ts_usec":856545,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0g5MAAHcG7dkICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT4OAAAAQEIChWqbQn\/\/5Cw"}
00437{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":296508,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hHAAAHcG7PwICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT2gAAAAQEIChWqbsH\/\/5Cw"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":913529,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8tGBAAEAGuAjAqAGfCAgEBLusA1UTsXihAAAAAKAC\/\/9hlgAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1592552825913,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":913790,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8yAFAAEAGoGPAqAGfCAgICNrYA1WXsATAAAAAAKAC\/\/8uSAAAAgQFtAQCCAr\/\/8zBAAAAAAEDAwg="}
00451{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":926858,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8q2cAAHcGygEICAQEwKgBnwNVu6wOvAEKE7F4oqAS6yBkegAAAgQFZAQCCAp\/X4MU\/\/\/MwQEDAwg="}
00451{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":927045,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8xdcAAHYGrI0ICAgIwKgBnwNV2tjD\/e2fl7AEwaAS6yBjdQAAAgQFZAQCCApkDcpF\/\/\/MwQEDAwg="}
00439{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":928257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGFAAEAGuA\/AqAGfCAgEBLusA1UTsXiiDrwBC4AQAVd8vQAAAQEICv\/\/zMV\/X4MU"}
00651{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":928997,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOtGJAAEAGt3TAqAGfCAgEBLusA1UTsXiiDrwBC4AYAVdpogAAAQEICv\/\/zMV\/X4MUFgMBAJUBAACRAwOw6eX3GPuUCseewx8KJQKq65uZZdDYuRYi0MWCjT+jCwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":32,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":929178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0yAJAAEAGoGrAqAGfCAgICNrYA1WXsATBw\/3toIAQAVd7uAAAAQEICv\/\/zMVkDcpF"}
00652{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":929471,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOyANAAEAGn8\/AqAGfCAgICNrYA1WXsATBw\/3toIAYAVdohAAAAQEICv\/\/zMVkDcpFFgMBAJUBAACRAwOVSYhvB5NCZzUc9GHHE6Pd9b9dT20UrbAk09jz7PnHSwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":32,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1592552825913,"flow_last_seen":1592552825929,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00438{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":940289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0q3UAAHgGyPsICAQEwKgBnwNVu6wOvAELE7F5PIAQAPB8fAAAAQEICn9fgyL\/\/8zF"}
00439{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":941529,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0xdkAAHYGrJMICAgIwKgBnwNV2tjD\/e2gl7AFW4AQAPB7dgAAAQEICmQNylT\/\/8zF"}
02349{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":957880,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+q3sAAHgGw2sICAQEwKgBnwNVu6wOvAELE7F5PIAQAPCh8QAAAQEICn9fgzP\/\/8zFFgMDAD8CAAA7AwNe7G15nhrimki9bfrsYlGl8blRww\/L601ET1dOR1JEAQDALwAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKgAsACnwACnkABiUwggYhMIIFCaADAgECAhAvmt6tSZ\/54QIAAAAAayAjMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwHhcNMjAwNTI2MTUyMDAyWhcNMjAwODE4MTUyMDAyWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEGA1UEChMKR29vZ2xlIExMQzETMBEGA1UEAxMKZG5zLmdvb2dsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSUeQONctZz3uIqdtC8TGzE8AMaYsmZY88YVzUreJdL\/0dCZYsl1UYc2OvENRHpKfNCZpRv3xMOZvi3kh0QIb5zzddzOkkBUd2hU7s3ZwZK+HaanofZZUCn6DHRVW+tAvbhDsfNhYq7nC6j\/GNW5VGjRotNORp5ATy1MpfZF93XgmaHNixqtpC\/0gM5Gwth6D+1fVJsvBEgZyIPBayP3lOd1yAvzdIkSpwWaZ+TKW+85OK4yyy7S2o1vCDDK3Zq6\/jUumhBP5SJmDA5tr4dukkEoqVyhPnxGcB4hDmwyVDU2U8rmqCGQULfKb12DBmiiJOYbm5pqVj1JBv0+p3j1E0CAwEAAaOCAu8wggLrMA4GA1UdDwEB\/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFRNGvRXRy0wAb7J2sKkmYhLWe3zAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzFjb3JlLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABclHIpS8AAAQDAEcwRQIhAL8PRht0GjLwxvKgvt3ME7Lvn501gSRHUbzJgY3HddfrAiBITPBWXKB\/EsGN\/qthElwjtyifjXyQCtZL82ZOsBNAqgB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABclHIo2oAAAQDAEYwRAIgW3oiEOXHmxVJukyPKedbFKLAHU+NWNHGdGVRZy3Vv9QCIBZ565g8plNNkx9OSGvGcmllJquFv0Vpmmf0ZrIkVQCpMA0GCSqGSIb3DQEBCwUAA4IBAQBP8NFNA2o7BvU4C0BZ\/YuA2G4="}
-00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02354{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":957993,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+q3wAAHgGw2oICAQEwKgBnwNVu6wOvAaVE7F5PIAQAPAEzwAAAQEICn9fgzP\/\/8zFBWU\/U1SwWFqB51XKOk\/9gYc9EfnV8DMmwcygUgaToHLYUMwUZiFSJ1LqRJEm3oknKcmGpn6E+8rpojBhPvTewD8kzc3KtWn0xIyDeDz+Z1J8g\/uv+o2If+iKyGWYGf4RT\/KFSb\/lYkCgp373jBd81x2dBToH41zJgQMiTcRji8A4I0eyWkRpuReYMwBKatDuD2J7yUI9b+O06es4KhBC9a+DKwwGcm20clrv8FMBPBA3oxgf2d7Tp3YHw5XBW1+9IPzq88tSTj+WKJs15ATWPHPRFsSXyMFQZgstMB5d3dOB2ANmme6AIIj99uss4gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMBLAwAASgDAB0g4nmrM262XiykqlB2xZzqc4FfMkSM5xnUvsKMyRbrTFQIBAEAc9yvpTXoneegkGptgrdLO8zLJfwWP3QvPGg="}
-01118{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_tot_l4_data_len":3230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+01129{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00767{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":958075,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAEjq30AAHgGyAQICAQEwKgBnwNVu6wOvAwfE7F5PIAYAPCBTwAAAQEICn9fgzP\/\/8zFWkXoaRZWKwjLSUJGN3CmDF5dRNLykDwG7pTkFkLN7gp\/102O6AmwwdVceRHgogGvAykqYxKCmAi77yZ4Ft3DRhWHkP57qZJu3+2PxOP2VPziPKgJ+WulpnZmEM\/6aXA72fn15Q\/r0IUSLwpglfA2aaOTek0bfdKz6On4IdcjxIKFGo635zNHz4MngRG9urLcfGYnSr8Qi7SwcOcGknBFO7H52eKxKLwygtnmepN8U5+eUSHT3eUeqARJbDeeVVg43xpyB\/9thjuefxarX+24DRIRgWkhS4nZrfqe\/D18PQYU\/eyjmTwWAwMABA4AAAA="}
02349{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":959083,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+xeoAAHYGpvgICAgIwKgBnwNV2tjD\/e2gl7AFW4AQAPBNlQAAAQEICmQNymX\/\/8zFFgMDAD8CAAA7AwNe7G15+krGjyXGxyOdK20AGJ3di6M5uQtET1dOR1JEAQDALwAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKgAsACnwACnkABiUwggYhMIIFCaADAgECAhAvmt6tSZ\/54QIAAAAAayAjMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwHhcNMjAwNTI2MTUyMDAyWhcNMjAwODE4MTUyMDAyWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEGA1UEChMKR29vZ2xlIExMQzETMBEGA1UEAxMKZG5zLmdvb2dsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSUeQONctZz3uIqdtC8TGzE8AMaYsmZY88YVzUreJdL\/0dCZYsl1UYc2OvENRHpKfNCZpRv3xMOZvi3kh0QIb5zzddzOkkBUd2hU7s3ZwZK+HaanofZZUCn6DHRVW+tAvbhDsfNhYq7nC6j\/GNW5VGjRotNORp5ATy1MpfZF93XgmaHNixqtpC\/0gM5Gwth6D+1fVJsvBEgZyIPBayP3lOd1yAvzdIkSpwWaZ+TKW+85OK4yyy7S2o1vCDDK3Zq6\/jUumhBP5SJmDA5tr4dukkEoqVyhPnxGcB4hDmwyVDU2U8rmqCGQULfKb12DBmiiJOYbm5pqVj1JBv0+p3j1E0CAwEAAaOCAu8wggLrMA4GA1UdDwEB\/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFRNGvRXRy0wAb7J2sKkmYhLWe3zAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzFjb3JlLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABclHIpS8AAAQDAEcwRQIhAL8PRht0GjLwxvKgvt3ME7Lvn501gSRHUbzJgY3HddfrAiBITPBWXKB\/EsGN\/qthElwjtyifjXyQCtZL82ZOsBNAqgB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABclHIo2oAAAQDAEYwRAIgW3oiEOXHmxVJukyPKedbFKLAHU+NWNHGdGVRZy3Vv9QCIBZ565g8plNNkx9OSGvGcmllJquFv0Vpmmf0ZrIkVQCpMA0GCSqGSIb3DQEBCwUAA4IBAQBP8NFNA2o7BvU4C0BZ\/YuA2G4="}
-00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1592552825913,"flow_last_seen":1592552825959,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02356{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":960222,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+xesAAHYGpvcICAgIwKgBnwNV2tjD\/fMql7AFW4AQAPCIOwAAAQEICmQNymX\/\/8zFBWU\/U1SwWFqB51XKOk\/9gYc9EfnV8DMmwcygUgaToHLYUMwUZiFSJ1LqRJEm3oknKcmGpn6E+8rpojBhPvTewD8kzc3KtWn0xIyDeDz+Z1J8g\/uv+o2If+iKyGWYGf4RT\/KFSb\/lYkCgp373jBd81x2dBToH41zJgQMiTcRji8A4I0eyWkRpuReYMwBKatDuD2J7yUI9b+O06es4KhBC9a+DKwwGcm20clrv8FMBPBA3oxgf2d7Tp3YHw5XBW1+9IPzq88tSTj+WKJs15ATWPHPRFsSXyMFQZgstMB5d3dOB2ANmme6AIIj99uss4gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMBLAwAASgDAB0gz7rMJbgrJvLNELNJ4ltNigCj+UX2TiWQMThYrp6byhkIBAEAqwkJBMouQT82rL\/jSgisqQw4wiLt1+Xmi+E="}
-01118{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_tot_l4_data_len":3230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+01129{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1592552825913,"flow_last_seen":1592552825960,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00769{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":960306,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAEjxewAAHYGq5EICAgIwKgBnwNV2tjD\/fi0l7AFW4AYAPBBaAAAAQEICmQNymX\/\/8zFxYLVsh0XBPBon\/dZK5fwP0f+D6HQBgodlevFaX40Qojl6fN5kYFp\/IMamekDmny2Tg+MQYdHS+NKqsqN9JkaZdY57lJcoOtbiFZlorHig6Gur0c3O64+IY9\/yzForraiSJSH05G8FeV1u2pdTO3ohu1K2vcU4NSoV1T7GxWd4M4gz8nhxQnJzW1EK3wgWliMbyOJPXeTKIRwsf\/8siihdwQBVxH+fTy1LIc3v4onjL8JdSGFTqyv1emQ12oetaF0Y5mfXrLSAFsT4A5mNd1\/wWJpF9CmCjcQ20MzmMAtWB0t\/3WTT\/MWAwMABA4AAAA="}
00439{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":963546,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGNAAEAGuA3AqAGfCAgEBLusA1UTsXk8DrwGlYAQAWJ2ZwAAAQEICv\/\/zM1\/X4Mz"}
00440{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":963743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0tGRAAEAGuAzAqAGfCAgEBLusA1UTsXk8DrwMH4AQAW1w0gAAAQEICv\/\/zM1\/X4Mz"}
@@ -42,17 +42,17 @@
00560{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552825,"pkt_ts_usec":992866,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"EBMx8Tl2ag\/ahpuQCABFAACJyAhAAEAGoA\/AqAGfCAgICNrYA1WXsAW4w\/36x4AYAXhpDwAAAQEICv\/\/zNVkDcp6FwMDAFAAAAAAAAAAART8lEX6ZoAkVgX7dDGPPd7aOXVC56IOwlYrJPrXITEl0kw2smePPpFiQ0QHAmpKlI3Welu7CqTq2DaJ2VTWEoUuXYN80BTAqw=="}
00437{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":2622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0q4wAAHgGyOQICAQEwKgBnwNVu6wOvA4yE7F57oAQAPBuVwAAAQEICn9fg2D\/\/8zT"}
00439{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":11360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0xg4AAHYGrF4ICAgIwKgBnwNV2tjD\/frHl7AGDYAQAPBtSAAAAQEICmQNypn\/\/8zV"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1592552826036,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1592552826036,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":36505,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA80uBAAEAGmYjAqAGfCAgEBLuwA1WtLB4AAAAAAKAC\/\/8imQAAAgQFtAQCCAr\/\/8zgAAAAAAEDAwg="}
00450{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":49329,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8wHkAAHcGtO8ICAQEwKgBnwNVu7B94BEWrSweAaAS6yCziAAAAgQFZAQCCAq0eUC+\/\/\/M4AEDAwg="}
00438{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":51146,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uFAAEAGmY\/AqAGfCAgEBLuwA1WtLB4BfeARF4AQAVfLywAAAQEICv\/\/zOS0eUC+"}
00649{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":51495,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADO0uJAAEAGmPTAqAGfCAgEBLuwA1WtLB4BfeARF4AYAVfZbQAAAQEICv\/\/zOS0eUC+FgMBAJUBAACRAwNJCyrg3LiPOkzp25J1tFPL9Xy02QHRBJvQzPxg67QKYwAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":32,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1592552826036,"flow_last_seen":1592552826051,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00437{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":64156,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0wIMAAHcGtO0ICAQEwKgBnwNVu7B94BEXrSwem4AQAPDLiQAAAQEICrR5QM3\/\/8zk"}
02347{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":80321,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+wIgAAHcGr14ICAQEwKgBnwNVu7B94BEXrSwem4AQAPAKFgAAAQEICrR5QN3\/\/8zkFgMDAD8CAAA7AwNe7G16wqMnCBI7o10QL4Qs2RPVUByrn0FET1dOR1JEAQDALwAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKgAsACnwACnkABiUwggYhMIIFCaADAgECAhAvmt6tSZ\/54QIAAAAAayAjMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwHhcNMjAwNTI2MTUyMDAyWhcNMjAwODE4MTUyMDAyWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEGA1UEChMKR29vZ2xlIExMQzETMBEGA1UEAxMKZG5zLmdvb2dsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSUeQONctZz3uIqdtC8TGzE8AMaYsmZY88YVzUreJdL\/0dCZYsl1UYc2OvENRHpKfNCZpRv3xMOZvi3kh0QIb5zzddzOkkBUd2hU7s3ZwZK+HaanofZZUCn6DHRVW+tAvbhDsfNhYq7nC6j\/GNW5VGjRotNORp5ATy1MpfZF93XgmaHNixqtpC\/0gM5Gwth6D+1fVJsvBEgZyIPBayP3lOd1yAvzdIkSpwWaZ+TKW+85OK4yyy7S2o1vCDDK3Zq6\/jUumhBP5SJmDA5tr4dukkEoqVyhPnxGcB4hDmwyVDU2U8rmqCGQULfKb12DBmiiJOYbm5pqVj1JBv0+p3j1E0CAwEAAaOCAu8wggLrMA4GA1UdDwEB\/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFRNGvRXRy0wAb7J2sKkmYhLWe3zAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzFjb3JlLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABclHIpS8AAAQDAEcwRQIhAL8PRht0GjLwxvKgvt3ME7Lvn501gSRHUbzJgY3HddfrAiBITPBWXKB\/EsGN\/qthElwjtyifjXyQCtZL82ZOsBNAqgB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABclHIo2oAAAQDAEYwRAIgW3oiEOXHmxVJukyPKedbFKLAHU+NWNHGdGVRZy3Vv9QCIBZ565g8plNNkx9OSGvGcmllJquFv0Vpmmf0ZrIkVQCpMA0GCSqGSIb3DQEBCwUAA4IBAQBP8NFNA2o7BvU4C0BZ\/YuA2G4="}
-00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1592552826036,"flow_last_seen":1592552826080,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02354{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":81468,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+wIkAAHcGr10ICAQEwKgBnwNVu7B94BahrSwem4AQAPAopQAAAQEICrR5QN3\/\/8zkBWU\/U1SwWFqB51XKOk\/9gYc9EfnV8DMmwcygUgaToHLYUMwUZiFSJ1LqRJEm3oknKcmGpn6E+8rpojBhPvTewD8kzc3KtWn0xIyDeDz+Z1J8g\/uv+o2If+iKyGWYGf4RT\/KFSb\/lYkCgp373jBd81x2dBToH41zJgQMiTcRji8A4I0eyWkRpuReYMwBKatDuD2J7yUI9b+O06es4KhBC9a+DKwwGcm20clrv8FMBPBA3oxgf2d7Tp3YHw5XBW1+9IPzq88tSTj+WKJs15ATWPHPRFsSXyMFQZgstMB5d3dOB2ANmme6AIIj99uss4gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMBLAwAASgDAB0gQMZqc6gvwDfUHBB\/NhZ917SiHzfCAFxuKLUdjAFRuXsIBAEAkoRtBukMYTri6pWxn5QcneJrzssFHv3z65o="}
-01118{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_tot_l4_data_len":3230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+01129{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1592552826036,"flow_last_seen":1592552826081,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00765{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":81567,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAEjwIoAAHcGs\/cICAQEwKgBnwNVu7B94BwrrSwem4AYAPCFQAAAAQEICrR5QN3\/\/8zkFbaAdPgn9Xj8uyFqLPU+JTr6qBW1nG\/d2+KaEzIAXr6bjwYGXTiSp9ZvYPJb0OMzDZ2LBvK5xtDjG9GZOwNAks+89\/1CY78nKowg8GyRuecrOeqGDGQvNOKgdru0Frfgcj0D+HgdCjduRsmDboc4wkUAUeA+P3UBRQrsAr0gqIBmX3YfhA4NCQ4oZ7qnMb90HCJIr9jquCRjaAZTFW514qhB7sAyEoBR2cESB\/AXpCIgC947j6aaut4nYMLpv4jcNBeY3vyfH4oyO8xlKFbmUcH4xaQ7j\/RxMzwjYKkQy6bUBpkzrOwWAwMABA4AAAA="}
00437{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":82584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uNAAEAGmY3AqAGfCAgEBLuwA1WtLB6bfeAWoYAQAWLFdQAAAQEICv\/\/zOy0eUDd"}
00439{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":83623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA00uRAAEAGmYzAqAGfCAgEBLuwA1WtLB6bfeAcK4AQAW2\/4AAAAQEICv\/\/zOy0eUDd"}
@@ -63,25 +63,25 @@
00439{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":151385,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0wLYAAHcGtLoICAQEwKgBnwNVu7B94B4+rSwfl4AQAPS89wAAAQEICrR5QST\/\/8z4"}
00438{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":207745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0hqoAAHcG6sIICAgIwKgBnwNV2jAOPHBKaWPSFIARAUTy8AAAAQEIChWqclH\/\/5Cw"}
00420{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552826,"pkt_ts_usec":208808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGaHnAqAGfCAgICNowA1VpY9IUAAAAAFAEAADEiwAA"}
-00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":426405,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl9BAAEAB0IHAqAGfCAgICAgA4JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
+00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1592552827426,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","ndpi": {"proto":"ICMP.Google","breed":"Tracker\/Ads","category":"Network"}}
00480{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552827,"pkt_ts_usec":440141,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAA6JUAAgABem3sXgAAAADqxwcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00481{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":402579,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABUl\/5AAEAB0FPAqAGfCAgICAgAgPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
00480{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552828,"pkt_ts_usec":415412,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ag\/ahpuQEBMx8Tl2CABFoABUAAAAAHEBdrIICAgIwKgBnwAAiPEAAwABe23sXgAAAABJawcAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1592552871852,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1592552827426,"flow_last_seen":1592552828415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1592552871852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552871,"pkt_ts_usec":852324,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0V5sAAHYGHtYICAQEwKgBnwNVu2A7uJADhSLfzIARAX\/+2gAAAQEICuSDFST\/\/78G"}
00422{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552871,"pkt_ts_usec":941265,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAAoAABAAEAGbH3AqAGfCAgEBLtgA1WFIt\/MAAAAAFAEAAC96AAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1592552878549,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1592552878549,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":549677,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8PO5AAEAGL3vAqAGfCAgEBLviA1WhETzJAAAAAKAC\/\/\/ccgAAAgQFtAQCCAoAAAAnAAAAAAEDAwg="}
00449{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":562423,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8nAYAAHYG2mIICAQEwKgBnwNVu+J3bBxFoRE8yqAS6yB6VAAAAgQFZAQCCAo7E6h3AAAAJwEDAwg="}
00437{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":563796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PO9AAEAGL4LAqAGfCAgEBLviA1WhETzKd2wcRoAQAVeSlgAAAQEICgAAACw7E6h3"}
01142{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":564695,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAI5PPBAAEAGLXzAqAGfCAgEBLviA1WhETzKd2wcRoAYAVddrgAAAQEICgAAACw7E6h3FgMBAgABAAH8AwMrWAyrTdDxfgOP+1tzuunb7Cy\/yXCgSWeXoKBkBPrVPyA3JDMO7OphzpU36YzIUm3zGK0YYOmlQM62LkpDm0rDGgAewCvAL8AswDDMqcyowAnAE8AKwBQAnACdAC8ANQAKAQABlQAAAA8ADQAACmRucy5nb29nbGUAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwDiARwM3mDSTy2KnFOJMzn7stzGYyX+ErxweKZvMWA+DHe7GLRnLRUybuHfiV5knTQIjhK\/GK5IIqvLNAmTKNvSo0hv8h0ulRB0aqm8FwgEpkVHHcM6UG5TzNCQ9KdT\/k7UNWuK7swRz9Yvi+k8q96rcEJr\/LXENmBb2UY8tY9l2xJKbBYA9tKwIPIBAerEXFDAPYWZdKDd5Q1S\/gPO223uC0X1er\/jYr9tA39W1m4B\/\/vKp4wt45p5c\/xW9Tg39T7eLvvvPWnCGQRfWtPx5seY9+CMB7cDPpL3T3JV2Fpgho3ydgANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1592552878549,"flow_last_seen":1592552878564,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00437{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":577342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0nAgAAHYG2mgICAQEwKgBnwNVu+J3bBxGoRE+z4AQAPCQ6QAAAQEICjsTqIYAAAAs"}
00637{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":577421,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"pkt":"ag\/ahpuQEBMx8Tl2CABFAADHnAkAAHYG2dQICAQEwKgBnwNVu+J3bBxGoRE+z4AYAPBK3wAAAQEICjsTqIYAAAAsFgMDAFsCAABXAwNe7G2uCykxvbVdBcxAJcwMizMEDI80T9lET1dOR1JEASA3JDMO7OphzpU36YzIUm3zGK0YYOmlQM62LkpDm0rDGsAvAAAPABcAAP8BAAEAAAsAAgEAFAMDAAEBFgMDACgAAAAAAAAAANwZZ3mHbB4\/MCX8h+8kQXM4R1XQtwh2o3bU+qtBI5kE"}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_tot_l4_data_len":872,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":164,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1592552878549,"flow_last_seen":1592552878577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"b734f75d22aaff9866fbd5d27eef9106","ja3s":"1249fb68f48c0444718e4d3b48b27188","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00437{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":578889,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PPFAAEAGL4DAqAGfCAgEBLviA1WhET7Pd2wc2YAQAVeP6wAAAQEICgAAADA7E6iG"}
00507{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":580026,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2ag\/ahpuQCABFAABnPPJAAEAGL0zAqAGfCAgEBLviA1WhET7Pd2wc2YAYAVf7KAAAAQEICgAAADA7E6iGFAMDAAEBFgMDACgAAAAAAAAAANm4HIl2OyTAmc5U14SCMz8r4I+dvSSVjJRSzcy89BtT"}
00438{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":597024,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0nBIAAHYG2l4ICAQEwKgBnwNVu+J3bBzZoRE\/AoAQAPCQCwAAAQEICjsTqJoAAAAw"}
@@ -91,24 +91,24 @@
00438{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552878,"pkt_ts_usec":657604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0PPRAAEAGL33AqAGfCAgEBLviA1WhET+hd2wezIAQAVuM6wAAAQEICgAAAEQ7E6ip"}
00656{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552879,"pkt_ts_usec":308855,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADTPPVAAEAGLt3AqAGfCAgEBLviA1WhET+hd2wezIAYAVtM5AAAAQEICgAAAOQ7E6ipFwMDAJoAAAAAAAAAAmn5\/+4ILFRPfNGt4q8o8vcvtz73sPbtaxwnqGBasfUF\/qq7OLbp\/mKbYQ8PaarzPUpCLTPdQ+sBOAQ4CDaFkM3x8fofwCDGcygT7A1YwRVGQpwHkTJE8vro477jrqvHjodqaSM8V0mWsI3PqlboE3fzxj5T2inAx2gMxkBr2uVksMjgv4tqjDazn6CMgwVEWSW+"}
00438{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592552879,"pkt_ts_usec":327056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0nXkAAHYG2PcICAQEwKgBnwNVu+J3bB7MoRFAQIAQAPiJRQAAAQEICjsTq3MAAADk"}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_tot_l4_data_len":4531,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":215,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_tot_l4_data_len":4531,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":215,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_tot_l4_data_len":24559,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":236,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1592553007037,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1592552824409,"flow_last_seen":1592552826208,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.8.8","src_port":56024,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":265,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":21,"flow_first_seen":1592552825913,"flow_last_seen":1592552826030,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3843,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48044,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":104,"flow_first_seen":1592552826036,"flow_last_seen":1592552867048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21215,"flow_avg_l4_payload_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48048,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","ndpi": {"proto":"DoH_DoT.Google","breed":"Tracker\/Ads","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1592552871852,"flow_last_seen":1592552871941,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"8.8.4.4","dst_ip":"192.168.1.159","src_port":853,"dst_port":47968,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1592553007037,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":37028,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA8FgpAAEAGVl\/AqAGfCAgEBLxSA1VGZWurAAAAAKAC\/\/+KUgAAAgQFtAQCCAoAAH2hAAAAAAEDAwg="}
00450{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":51414,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA8ScwAAHYGLJ0ICAQEwKgBnwNVvFKvdpW\/RmVrrKAS6yB4FwAAAgQFZAQCCAp\/c2KvAAB9oQEDAwg="}
00437{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":78898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0FgtAAEAGVmbAqAGfCAgEBLxSA1VGZWusr3aVwIAQAVeQUgAAAQEICgAAfa1\/c2Kv"}
00652{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":88078,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADOFgxAAEAGVcvAqAGfCAgEBLxSA1VGZWusr3aVwIAYAVd\/mgAAAQEICgAAfa9\/c2KvFgMBAJUBAACRAwNWAMlRN\/y9+y5bn87kl8S7SwnuvLXD9du+\/Dt1fS20NAAAHsArwC\/ALMAwzKnMqMAJwBPACsAUAJwAnQAvADUACgEAAEoAAAAPAA0AAApkbnMuZ29vZ2xlABcAAP8BAAEAAAoACAAGAB0AFwAYAAsAAgEAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQ=="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":32,"flow_max_l4_data_len":186,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1592553007037,"flow_last_seen":1592553007088,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00437{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":101326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0SeYAAHYGLIsICAQEwKgBnwNVvFKvdpXARmVsRoAQAPCP6wAAAQEICn9zYuEAAH2v"}
02347{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":118877,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+SfAAAHYGJvcICAQEwKgBnwNVvFKvdpXARmVsRoAQAPAH2gAAAQEICn9zYvIAAH2vFgMDAD8CAAA7AwNe7G4vYWtcBNfat74UY6eggZEkCjQVV0VET1dOR1JEAQDALwAAEwAXAAD\/AQABAAALAAIBAAAjAAAWAwMKgAsACnwACnkABiUwggYhMIIFCaADAgECAhAvmt6tSZ\/54QIAAAAAayAjMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3QgU2VydmljZXMxEzARBgNVBAMTCkdUUyBDQSAxTzEwHhcNMjAwNTI2MTUyMDAyWhcNMjAwODE4MTUyMDAyWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzETMBEGA1UEChMKR29vZ2xlIExMQzETMBEGA1UEAxMKZG5zLmdvb2dsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSUeQONctZz3uIqdtC8TGzE8AMaYsmZY88YVzUreJdL\/0dCZYsl1UYc2OvENRHpKfNCZpRv3xMOZvi3kh0QIb5zzddzOkkBUd2hU7s3ZwZK+HaanofZZUCn6DHRVW+tAvbhDsfNhYq7nC6j\/GNW5VGjRotNORp5ATy1MpfZF93XgmaHNixqtpC\/0gM5Gwth6D+1fVJsvBEgZyIPBayP3lOd1yAvzdIkSpwWaZ+TKW+85OK4yyy7S2o1vCDDK3Zq6\/jUumhBP5SJmDA5tr4dukkEoqVyhPnxGcB4hDmwyVDU2U8rmqCGQULfKb12DBmiiJOYbm5pqVj1JBv0+p3j1E0CAwEAAaOCAu8wggLrMA4GA1UdDwEB\/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFRNGvRXRy0wAb7J2sKkmYhLWe3zAfBgNVHSMEGDAWgBSY0fhuEOvPm+xgnxiQG6DrfQn9KzBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAGGH2h0dHA6Ly9vY3NwLnBraS5nb29nL2d0czFvMWNvcmUwKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZy9nc3IyL0dUUzFPMS5jcnQwgawGA1UdEQSBpDCBoYIKZG5zLmdvb2dsZYIQKi5kbnMuZ29vZ2xlLmNvbYILODg4OC5nb29nbGWCDmRucy5nb29nbGUuY29tghBkbnM2NC5kbnMuZ29vZ2xlhxAgAUhgSGAAAAAAAAAAAABkhxAgAUhgSGAAAAAAAAAAAGRkhxAgAUhgSGAAAAAAAAAAAIhEhxAgAUhgSGAAAAAAAAAAAIiIhwQICAQEhwQICAgIMCEGA1UdIAQaMBgwCAYGZ4EMAQICMAwGCisGAQQB1nkCBQMwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5wa2kuZ29vZy9HVFMxTzFjb3JlLmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABclHIpS8AAAQDAEcwRQIhAL8PRht0GjLwxvKgvt3ME7Lvn501gSRHUbzJgY3HddfrAiBITPBWXKB\/EsGN\/qthElwjtyifjXyQCtZL82ZOsBNAqgB1AF6nc\/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABclHIo2oAAAQDAEYwRAIgW3oiEOXHmxVJukyPKedbFKLAHU+NWNHGdGVRZy3Vv9QCIBZ565g8plNNkx9OSGvGcmllJquFv0Vpmmf0ZrIkVQCpMA0GCSqGSIb3DQEBCwUAA4IBAQBP8NFNA2o7BvU4C0BZ\/YuA2G4="}
-00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_tot_l4_data_len":1780,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":297,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1572,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02353{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":118996,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAW+SfEAAHYGJvYICAQEwKgBnwNVvFKvdptKRmVsRoAQAPBRqwAAAQEICn9zYvIAAH2vBWU\/U1SwWFqB51XKOk\/9gYc9EfnV8DMmwcygUgaToHLYUMwUZiFSJ1LqRJEm3oknKcmGpn6E+8rpojBhPvTewD8kzc3KtWn0xIyDeDz+Z1J8g\/uv+o2If+iKyGWYGf4RT\/KFSb\/lYkCgp373jBd81x2dBToH41zJgQMiTcRji8A4I0eyWkRpuReYMwBKatDuD2J7yUI9b+O06es4KhBC9a+DKwwGcm20clrv8FMBPBA3oxgf2d7Tp3YHw5XBW1+9IPzq88tSTj+WKJs15ATWPHPRFsSXyMFQZgstMB5d3dOB2ANmme6AIIj99uss4gAETjCCBEowggMyoAMCAQICDQHjtJqhjYqpgSVpULgwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTcwNjE1MDAwMDQyWhcNMjExMjE1MDAwMDQyWjBCMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMwEQYDVQQDEwpHVFMgQ0EgMU8xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BjPRdSLzdOc5EDvfrTdaSEbyc88jkx1uQ8xGYQ9njwp71ANEJNvBYCAnyqgvRJLAuE9n1gWJP4wnwt0d1WTHUv3TeGSghD2UawMw7IilA80a5gQSecLnYM53SDGHC3v0RhhZecjgyCoIxL\/0iR\/1C\/nRGpbTddQZrCvnkJjBfvgHMRjYa+fajP\/Ype9SNnTfBRn3HXcLmno+G14adC3EAW48THCOyT9GjN0+CPg7GsZihbG482kzQvbs6RZYDiIO60ducaMp1Mb\/LzZpKu83Txh15MVmO6BvY\/iZEcgQAZO16yX6LnAWRKhSSUj5O1wNCyltGN8+aM9g9HNbSSsBwIDAQABo4IBMzCCAS8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSY0fhuEOvPm+xgnxiQG6DrfQn9KzAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnBraS5nb29nL2dzcjIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5wa2kuZ29vZy9nc3IyL2dzcjIuY3JsMD8GA1UdIAQ4MDYwNAYGZ4EMAQICMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBABqAPjZ5+\/MuqUY3fV5UFjWux04Imf690TRpJlJmBz0KuknLYvTxGo78EU9olkx0K9Nn3rKjqgWNhE1MIGUPpZbaDRb4bDvbbwQjiGs6bMFgvWifcY7uLVg0B\/DVVOmGWf17Xg0hlPWMyaj42PKtzA8a85qnqQQn+aPJsP8CeGthusc1K+hW+k\/DHAzttjy0S+rtzOE87NwNjNY+m8pCWIvMFiEXQLyi1mbv2sQVW82JqpsJJucy0g1uZyACWxCwkAmcDB+erdg76qH8bOgQXAhSGVEqcbuserXdFe0ryQgqLIq0piGrY\/\/XUklQ0Im3rfKv+1CuL+GVDfNGrZ2c9coWAwMBLAwAASgDAB0ggCn9KJ2XCNb7ry8hpgGU6pw393hGZZvmzoFNvymkWmgIBAEAjiA8lA1oBI8a8vFGt+VqaY1Oxe5ryAh45uc="}
-01119{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_tot_l4_data_len":3230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
+01130{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","issuerDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}}
00767{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":119074,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAEjSfIAAHYGK5AICAQEwKgBnwNVvFKvdqDURmVsRoAYAPBSpwAAAQEICn9zYvIAAH2vpuPGZP4JgUyAM7wCOdE4Fc16QU9KxcfuTIhOOPUog3Y3FGW+vpnz9jN1jLRfVrzUArxGxWLXFvRtjHjwsl6SCEkYsNE5RY4uTRDpU9uWBYz91xhpepEE0Quki2+5+Ao69X+zNarzIcksJTy7VNGA9mPObcF2ja\/A0h9v3eN06YBN5Gx+VkaA9eKqoP2Ok\/RNdhaTA3wp4woECZFYPCqog7eqqe\/\/eYo2V4kaFBuDro79ZWnsfyPD\/hfrPae1LgaUONOZb\/c2utzv2C7AVX5Zi9BG0\/aEPCZmoDR5UwzEKpJQ2FHTtCsWAwMABA4AAAA="}
00438{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":120580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0Fg1AAEAGVmTAqAGfCAgEBLxSA1VGZWxGr3abSoAQAWKJ1gAAAQEICgAAfbd\/c2Ly"}
00439{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":121115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2ag\/ahpuQCABFAAA0Fg5AAEAGVmPAqAGfCAgEBLxSA1VGZWxGr3ag1IAQAW2EQQAAAQEICgAAfbd\/c2Ly"}
@@ -117,6 +117,6 @@
00843{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":149896,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAFYSgMAAHYGK0oICAQEwKgBnwNVvFKvdqHDRmVso4AYAPBy2wAAAQEICn9zYxIAAH27FgMDAOwEAADoAAGJwADiARwM3mDSTy2KnFOJMzn7skYIQXN0\/2tY\/9Yy+gWv+Ue7CvPIHCD5aJ5WQlCE11QpsnW60kjdl4gNz\/wsv9vCMdmQOOU3d\/dW+j4lHIFbnJmU3tTSxA9x+upSkAMJac8C8bp+qBGFGUs2U4s0Ko+QjjDu9HQyL1\/X\/Gd7VX4r+Vhti3LccpMwsHpiZ0o4JwPuthPI0LbcWoWxWnr4g0fil3IGw6UPbuA\/anPZyjKokO1FvKa0\/kNP2xizN8lpRdvl72lnswNXvfpKBnlVuksDYmrDKAks1HH63C83hGox2x+qiRQDAwABARYDAwAoAAAAAAAAAAA1U+0e0zdH7jZ6YkApz\/r+7sqkbi97MpL\/Yw+KPaFP5w=="}
00657{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":152248,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"EBMx8Tl2ag\/ahpuQCABFAADTFhFAAEAGVcHAqAGfCAgEBLxSA1VGZWyjr3ai54AYAXiZ1AAAAQEICgAAfb9\/c2MSFwMDAJoAAAAAAAAAASvU9Egx87RbkmJ13pZK7LHbvoZqJEW+LMQCXUVUsYXXYOT0A07A9oBhbd3xAqGLJVjanY8YjA+PchbEeksYAxBUebXNWt3CLGgqUZ1zZL2W9RktPfe\/xpJ61Di5ER1tDbATkasN2MFVlbRIP0cM9hu\/oS8YMUya1uNp3pnEVI9bPChlf\/XPzz7so24uZvPXyyE2"}
00439{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"googledns_android10.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592553007,"pkt_ts_usec":169844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0ShMAAHYGLF4ICAQEwKgBnwNVvFKvdqLnRmVtQoAQAPSBbwAAAQEICn9zYyYAAH2\/"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_tot_l4_data_len":24100,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_tot_l4_data_len":56597,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":234,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test"}
diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out
index e6d1daeb5..b905610a6 100644
--- a/test/results/gquic.pcap.out
+++ b/test/results/gquic.pcap.out
@@ -1,6 +1,6 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02226{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591876186,"pkt_ts_usec":378535,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591876186378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test"}
diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out
index 8539763e8..0df301115 100644
--- a/test/results/h323-overflow.pcap.out
+++ b/test/results/h323-overflow.pcap.out
@@ -1,6 +1,6 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="}
-00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test"}
diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out
index 7c12daac3..118f52014 100644
--- a/test/results/hangout.pcap.out
+++ b/test/results/hangout.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00534{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516947,"pkt_ts_usec":751092,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="}
-00581{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
+00593{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1468516947751,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}}
00535{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516948,"pkt_ts_usec":761773,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="}
00534{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516949,"pkt_ts_usec":760074,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="}
00534{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516950,"pkt_ts_usec":761344,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuZ4AACwRvGhKfYZ\/Clk9DUtp3FYAcMbxAQEAVCESpEI0V3JrM294eUpQYkUABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFNC9mufBZa6t2mlytRWG+GVqRPeFgCgABFD8O5k="}
@@ -16,5 +16,5 @@
00537{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516959,"pkt_ts_usec":761943,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACEz3MAACwRppNKfYZ\/Clk9DUtp3FYAcACSAQEAVCESpEIwbERtNENYWTlOSXgABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFLskEr4nSL5TTWv7Gw6qDRufq\/+8gCgABLRf+vQ="}
00537{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516960,"pkt_ts_usec":765333,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACE0JgAACwRpW5KfYZ\/Clk9DUtp3FYAcHRZAQEAVCESpEJQTHJwc3FEeStHK2YABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFDEX\/dQ5fy+SxiE0bgZSagBAyTwBgCgABD1H6LY="}
00536{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"hangout.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1468516961,"pkt_ts_usec":759411,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"CJ4BbNkmACFeRhcmCABFAACE0uIAACwRoyRKfYZ\/Clk9DUtp3FYAcEuMAQEAVCESpEJ3RGRuSlI1b3p6TVQABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFJx22As21z4ewdrKbbQZAFr9rafBgCgABAFQq5M="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_tot_l4_data_len":2128,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test"}
diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out
index 4967331af..b54217266 100644
--- a/test/results/hpvirtgrp.pcap.out
+++ b/test/results/hpvirtgrp.pcap.out
@@ -1,10 +1,10 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614852331255,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1614852331255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":255737,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="}
00416{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":284558,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":288514,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"}
00590{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":296153,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACs5ERAAD8GMYzAqAJkoCzCQrXqFGfdahKKAppmxVAY\/\/8HHQAAFgCEAKqIQmLfq0myi1Ms5EEjm+6cqoVS+bxA3bvOHHc5Gr2Pc4fCkAGOamMfQ3uS+B4J5cuhz68jJKVEgot70CvKeNsy83XzEd14C9vITFbQomfEQv2BBG44aXbDk7QFABdKzsf570s20zguGi2FIzxy4bDOl\/aEx4b8vTDa5Lopbwqr"}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00416{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":324408,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAoPalAADQG46ugLMJCwKgCZBRnteoCmmbF3WoTDlAQchD0HgAAAAAAAAAA"}
00482{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":324408,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABcPapAADQG43agLMJCwKgCZBRnteoCmmbF3WoTDlAYchBsHgAAFwA0ALeBW7oKi+k1TtC17w2GtDqVjJhGyqIXSSNY2NorcSUs8bg2XOCZ6WmuJBSEwwua6Q=="}
00411{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852331,"pkt_ts_usec":329272,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5EVAAD8GMg\/AqAJkoCzCQrXqFGfdahMOAppm+VAQ\/\/9l+wAA"}
@@ -16,13 +16,13 @@
00412{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852514,"pkt_ts_usec":680765,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ElAAD8GMgvAqAJkoCzCQrXqFGfdahPUAppnP1AQ\/\/9k7wAA"}
00461{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852568,"pkt_ts_usec":970632,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABL5EpAAD8GMefAqAJkoCzCQrXqFGfdahPUAppnP1AY\/\/\/HhgAAMAAjga8Y+mTHKRgHxK4T9K7Pmi5ba5AGM3Hd3TdYOuCacpY="}
00459{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614852568,"pkt_ts_usec":996771,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLPa1AADQG44SgLMJCwKgCZBRnteoCmmc\/3WoT91AYchDRgwAAMAAjt4FbugqL6TVO0LXvDYa0OjnRUEy5OX2MCJZHmh6LD7E="}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614861892925,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1614852331255,"flow_last_seen":1614852568996,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1614861892925,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":925577,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="}
00417{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":952589,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"}
00412{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861892,"pkt_ts_usec":955948,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WhAAD8GMOzAqAJkoCzCQudAFGcyIeJpBsGmiFAQ\/\/\/M3AAA"}
00598{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861893,"pkt_ts_usec":49805,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACs5WlAAD8GMGfAqAJkoCzCQudAFGcyIeJpBsGmiFAY\/\/9C\/QAAFgCEAN6ad12vjvhLoixuxT8aZYq\/2dGSjC7UuP02Oq\/SoodI5RH18GW5vvruNEwZXw4E6ZEtZTk\/nZI+diU1VZAL0f\/lV6sBW2mG26yKhQW\/TnodhQF6mbv1KN4y6UW+B5wntB\/hGwxZx3ggdc59JjZ3UYEr9S\/sz6K\/WElEzxkrlyNo"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1614861892925,"flow_last_seen":1614861893049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00416{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861893,"pkt_ts_usec":76422,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAo5zpAADQGOhqgLMJCwKgCZBRn50AGwaaIMiHi7VAQchBaSAAAAAAAAAAA"}
00486{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861893,"pkt_ts_usec":76422,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABc5ztAADQGOeWgLMJCwKgCZBRn50AGwaaIMiHi7VAYchA\/ywAAFwA0AAVd92FLAhYpCQJ\/ti+\/UvQrFXjgEs0ukXA0lryQ6NkPnrDexTmPlKGgxFaW13\/1Kg=="}
00411{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861893,"pkt_ts_usec":79902,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5WpAAD8GMOrAqAJkoCzCQudAFGcyIeLtBsGmvFAQ\/\/\/MJAAA"}
@@ -34,12 +34,12 @@
00460{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":79454,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABL5W5AAD8GMMPAqAJkoCzCQudAFGcyIeOzBsGnAlAY\/\/\/0oQAAMAAjsMmLPCq4xRkkqZYSVziy+XYA2FVR+y1ETLuZCrMw9DA="}
00458{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":108226,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABL5z5AADQGOfOgLMJCwKgCZBRn50AGwacCMiHj1lAYchCDuQAAMAAjBV33YUsCFikJAn+2L79S9Hu98amxbcieeybQGGi4+78="}
00413{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861898,"pkt_ts_usec":114372,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5W9AAD8GMOXAqAJkoCzCQudAFGcyIePWBsGnJVAQ\/\/\/K0gAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614861998723,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1614861998723,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":723587,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8bUJAAD8GqP7AqAJkoCzCQue8FGe3KQNZAAAAAKAC\/\/8fjgAAAgQFtAQCCAoAAkxNAAAAAAEDAwg="}
00417{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":752102,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":755762,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"}
00590{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":769322,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACsbURAAD8GqIzAqAJkoCzCQue8FGe3KQNadGbIs1AY\/\/+TrQAAFgCEAAiEIm75Zy9VjUl+5IerSq31im9iiLiR7yC1EKTt3UZUDIvzmJzS8h4KLbNPThmQ1QigRVFIS+UyNjRfUWaAtxQmjZpmMmOXCehX0iRvSqjyAHMyTpdZ0ZK8tTSp4KvvS4Z8D9n4XXG7+pf9mkL4Vd7qfMcpPZN7co6napRCuwTA"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00417{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":797954,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAoFkhAADQGCw2gLMJCwKgCZBRn57x0ZsiztykD3lAQchAkAwAAAAAAAAAA"}
00484{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":797955,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABcFklAADQGCtigLMJCwKgCZBRn57x0ZsiztykD3lAYchD8JwAAFwA0AMRT4mJZzCdcGNEyC\/JNL0HRxh37nOdLg2Wd+nY0pyjyBlzCnzm3DBwKxxEO3gupyQ=="}
00412{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614861998,"pkt_ts_usec":807356,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUVAAD8GqQ\/AqAJkoCzCQue8FGe3KQPedGbI51AQ\/\/+V3wAA"}
@@ -51,14 +51,14 @@
00412{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614862056,"pkt_ts_usec":317414,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUlAAD8GqQvAqAJkoCzCQue8FGe3KQSkdGbJLVAQ\/\/+U0wAA"}
00460{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614862060,"pkt_ts_usec":685520,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLbUpAAD8GqOfAqAJkoCzCQue8FGe3KQSkdGbJLVAY\/\/+ilgAAMAAjfUUhpFsA+ortuBjcLF4EmXWqGgDyyVDq6b7MTKj3szs="}
00459{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614862060,"pkt_ts_usec":713776,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLFkxAADQGCuagLMJCwKgCZBRn57x0ZskttykEx1AYchD\/KQAAMAAjxFPiYlnMJ1wY0TIL8k0vQbZdqY1Nu5m3owvXDpjbXDE="}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614876808445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1614876808445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":445263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="}
00417{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":474414,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"}
00411{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876808,"pkt_ts_usec":478680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMDxAAD8G5hjAqAJkoCzCQuoQFGeH4ylaNIR6OlAQ\/\/8r5QAA"}
00591{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876811,"pkt_ts_usec":615624,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACsMD5AAD8G5ZLAqAJkoCzCQuoQFGeH4ylaNIR6OlAY\/\/\/hhQAAFgCEABdxXy0SK3CzRLf940mMHfKryr1VnB169qGATSA5jixFOxT9i5A9e7F4xBN2sCaQaPJXsWn7O56dsE726LUxMdlygcgoD0oK14ueRX8T5eZkRcQGJHhoDt06pSJ7Vtpey+tlC8Cska9Tt7kcimqenxibrexZmmyaj0Hsf+uT1hB9"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00417{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876811,"pkt_ts_usec":644558,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAoo01AADQGfgegLMJCwKgCZBRn6hA0hHo6h+Mp3lAQchC5UAAAAAAAAAAA"}
00485{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876811,"pkt_ts_usec":644559,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABco05AADQGfdKgLMJCwKgCZBRn6hA0hHo6h+Mp3lAYchCBAAAAFwA0ABtIRwA6lyXoxG\/SeDNiGEOrfobZ\/mzDfvV+7TS9vNzb6EFJJCVoYG5RuStYZpk7Rg=="}
00411{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876811,"pkt_ts_usec":648853,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMD9AAD8G5hXAqAJkoCzCQuoQFGeH4yneNIR6blAQ\/\/8rLQAA"}
@@ -70,12 +70,12 @@
00458{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876907,"pkt_ts_usec":442799,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLo1FAADQGfeCgLMJCwKgCZBRn6hA0hHqRh+MqpFAYchCwyAAAMAAjG0hHADqXJejEb9J4M2IYQ4gfhimTIR6Rjvq6lY7IAgo="}
00412{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876907,"pkt_ts_usec":447330,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoMERAAD8G5hDAqAJkoCzCQuoQFGeH4yqkNIR6tFAQ\/\/8qIQAA"}
00462{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614876926,"pkt_ts_usec":772711,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLMEVAAD8G5ezAqAJkoCzCQuoQFGeH4yqkNIR6tFAY\/\/\/Z+gAAMAAjyIodMNRXz\/M9zzkPrnUqQb4b6qFiucLzwHlYNBwTHjU="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1614877863379,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1614877863379,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":379823,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="}
00417{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":406025,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"}
00412{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":410788,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"}
00593{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":430508,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACsnQRAAD8GeMzAqAJkoCzCQpzYFGd4ZLUT\/nJevFAY\/\/9h2wAAFgCEAFeCoLQYkZVucFSlTilhAUO4J2Gc\/xNv4bSVAhSEOKUK9H1p9TyCs4HXw0uhyo2PPSWpxWiXGIKnoP1IQOXwjxvjoWs1kUpThTMlaAQYVgOcRiK1tZrmLAdDEfrq3WNHZxnudDyECwqpv67F1VqOqftf2asba7gyuRDMInsQPi\/4"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00417{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":456632,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPZAADQGdF6gLMJCwKgCZBRnnNj+cl68eGS1l1AQchDb3QAAAAAAAAAA"}
00483{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":456632,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABcrPdAADQGdCmgLMJCwKgCZBRnnNj+cl68eGS1l1AYchC3vAAAFwA0AGIb1xXEJST+bHv0nkXbo6ALIIXHqYqMtLLfTVVxPBaFbpIVuQAKsrXp2LobMOoQ8g=="}
00413{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877863,"pkt_ts_usec":459736,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQVAAD8GeU\/AqAJkoCzCQpzYFGd4ZLWX\/nJe8FAQ\/\/9NugAA"}
@@ -87,12 +87,12 @@
00638{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":310689,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"eJS0JASgYDjgxTWgCABFAADLnQhAAD8GeKnAqAJkoCzCQpzYFGd4ZLWX\/nJe8FAY\/\/9WggAAMACjD6k1s6cCoMfBa2c\/f6Rdz7a2Ysd0Cc1BFWvf4U7b2NsdLbTk4M4d9mFMXanEt\/gDJYn82zWDx8jbCtM68BkmcAQVawO1BRpWRbklJdTkCuEIHU8TgFnxPcFUoVK8n5VCMu6K4oHn7gCBqc9szhaeqtMErVT2nyWCIv7ZlxMDT8OZhppwNaCHzj22Lr9eauheboJSIBYZ9VM9R7BT6+QYAA=="}
00418{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":336329,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPtAADQGdFmgLMJCwKgCZBRnnNj+cl8TeGS2OlAQchDa4wAAAAAAAAAA"}
00460{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614877864,"pkt_ts_usec":559887,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLrPxAADQGdDWgLMJCwKgCZBRnnNj+cl7weGS2OlAYchD41gAAMAAjYhvXFcQlJP5se\/SeRdujoJwSaYnLSwg\/wacM8qSGS1w="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1614880256676,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1614880256676,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":676767,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="}
00417{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":703598,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"}
00411{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":708701,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"}
00591{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":732594,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACs7gVAAD8GJ8vAqAJkoCzCQosyFGf2oDFfiaoPnFAY\/\/8f0QAAFgCEAJPbSCaIgYJAv72t6+9wMSbhbGCpMIHq4QEiFn9cVpoUpAzAhIkL4Drs1AaCxzLUFgA09j+Bl+RpSUp6DtaLWuhIO9Gnvu5XUzJAq3+jgAYYgyeP7mDgv3z04Kw3cGmW8nIjjnTadh4CWlfCP+aNEWF\/psIZrRbRsmwZNT1hV3yi"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00417{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":758583,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIFAADQGqNOgLMJCwKgCZBRnizKJqg+c9qAx41AQchC25AAAAAAAAAAA"}
00485{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":758758,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABceIJAADQGqJ6gLMJCwKgCZBRnizKJqg+c9qAx41AYchBTwQAAFwA0AKEGVvTkD3lNVHbGMnMKJiUE1\/C5IEtrWk8Pi7J\/3sfWKW35RTXAkZe8JxKoHT+U7g=="}
00411{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880256,"pkt_ts_usec":762867,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gZAAD8GKE7AqAJkoCzCQosyFGf2oDHjiaoP0FAQ\/\/8owQAA"}
@@ -104,16 +104,16 @@
00461{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880490,"pkt_ts_usec":543211,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABL7gpAAD8GKCfAqAJkoCzCQosyFGf2oDKGiaoP81AY\/\/\/EQAAAMAAjwUQEu2CsR2W97xmnEGjlqjkgkjyV8Kx1DYEFWw8EI7I="}
00419{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880490,"pkt_ts_usec":568367,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIVAADQGqM+gLMJCwKgCZBRnizKJqg\/z9qAyqVAQchC1xwAAAAAAAAAA"}
00459{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614880490,"pkt_ts_usec":568599,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLeIZAADQGqKugLMJCwKgCZBRnizKJqg\/z9qAyqVAYchAKPgAAMAAjoQZW9OQPeU1UdsYycwomJY8zn40JnOirVi+jk0vz7mc="}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_tot_l4_data_len":939,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1614892184461,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1614892184461,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":461059,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="}
00440{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":487051,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="}
00418{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":489981,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnwq4QVsoE+Eak\/WASchCx3QAAAgQFrAAA"}
00411{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":493451,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoo7RAAD8GcqDAqAJkoCzCQsKuFGf4RqT9EFbKBVAQ\/\/87owAA"}
00592{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":500609,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACso7VAAD8GchvAqAJkoCzCQsKuFGf4RqT9EFbKBVAY\/\/8H1wAAFgCEAB\/dPJC1NNpR5jEyp\/azHMnx7hPd5sLIIBsuYCDXwZ8xSHWSANFJ8PAcShWe3kySHpa5ZAwIyfsk5AZS5yFnOrvB9HdEMSOCG+a1++qQW9BiQvkkL9r4zpUrpXXqkzschjzFLxxJEiBUP3Oz2tulpVDkTSFGq+R4j8Y3+IIy6hIi"}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_tot_l4_data_len":276,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1614892184461,"flow_last_seen":1614892184500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00417{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":528935,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAosgZAADQGb06gLMJCwKgCZBRnwq4QVsoF+EalgVAQchDJDgAAAAAAAAAA"}
00484{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892184,"pkt_ts_usec":529108,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABcsgdAADQGbxmgLMJCwKgCZBRnwq4QVsoF+EalgVAYchAXagAAFwA0AILfpoVu0CUFuQYxFlklOC3OeZ8addKh0kpkQQtxx0HeqDJs8\/BAdXrCJACd7ic9pA=="}
00411{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892185,"pkt_ts_usec":113898,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoo7ZAAD8Gcp7AqAJkoCzCQsKuFGf4RqWBEFbKOVAQ\/\/866wAA"}
@@ -124,12 +124,12 @@
00413{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892185,"pkt_ts_usec":660780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoo7lAAD8GcpvAqAJkoCzCQsKuFGf4RqYkEFbKXFAQ\/\/86JQAA"}
00460{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892314,"pkt_ts_usec":18583,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLo7pAAD8GcnfAqAJkoCzCQsKuFGf4RqYkEFbKXFAY\/\/+VgwAAMAAjZZ3X2xTEM0Pc8Ee9F7OVQYqXp0oT8Q6woFUmHmRVn+E="}
00418{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614892314,"pkt_ts_usec":46506,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAosgpAADQGb0qgLMJCwKgCZBRnwq4QVspc+EamR1AQchDH8QAAAAAAAAAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1614894888601,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1614894888601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":601792,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="}
00418{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":628926,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"}
00412{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":632784,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"}
00594{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":640676,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACsczhAAD8GopjAqAJkoCzCQqY4FGfLLz4Z1Us2RlAY\/\/9TSQAAFgCEALAY6sFBRYGCJimG0Yasbc4USwZsJQL+15UsYRSuD34UJT0hT\/I2HwIAh0S2LuxxZ9L1ox\/LsKTAy33IDcyC7gG8qaAvQ8rXlqULmrLWq5FGmibZ+6UKLMjpqZv1GBBNOyGaMw5A5AWqgUlWQ\/HDmuJLLH3YYviE23k6BUVyxAi7"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00418{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":667157,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAojUpAADQGlAqgLMJCwKgCZBRnpjjVSzZGyy8+nVAQchBISgAAAAAAAAAA"}
00485{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":667378,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABcjUtAADQGk9WgLMJCwKgCZBRnpjjVSzZGyy8+nVAYchDYmgAAFwA0ADxgKfpQDq8ElcQxNjsWzPYGEeGN\/heSSI3D3eAFBwz7xf1dRHPq9KuYXYaqdGzbCg=="}
00412{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614894888,"pkt_ts_usec":673533,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczlAAD8GoxvAqAJkoCzCQqY4FGfLLz6d1Us2elAQ\/\/+6JgAA"}
@@ -141,12 +141,12 @@
00412{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895189,"pkt_ts_usec":27109,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAocz1AAD8GoxfAqAJkoCzCQqY4FGfLLz9j1Us2wFAQ\/\/+5GgAA"}
00462{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895277,"pkt_ts_usec":741473,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLcz5AAD8GovPAqAJkoCzCQqY4FGfLLz9j1Us2wFAY\/\/+ezQAAMAAjfSFNyYh3liHBj99rFHuZ1Ae4L5OSZFNdWuL\/qI5c4wI="}
00461{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614895277,"pkt_ts_usec":767885,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABLjU5AADQGk+OgLMJCwKgCZBRnpjjVSzbAyy8\/hlAYchDkcQAAMAAjPGAp+lAOrwSVxDE2OxbM9kHuUgOjwsCJ\/LfzfE2i34Q="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1614898090218,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1614898090218,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":218683,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="}
00418{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":245916,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"}
00412{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":249719,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFNAAD8GBgLAqAJkoCzCQqcMFGeOCpYkKLBB0VAQ\/\/9ANQAA"}
00598{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":270116,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"eJS0JASgYDjgxTWgCABFAACsEFRAAD8GBX3AqAJkoCzCQqcMFGeOCpYkKLBB0VAY\/\/\/zLQAAFgCEAB69YSqrq286BNH+RkBR\/ra9YOLjaKmbOZRBG3SUU\/e5YV+nJFsDFBHibJbRGiGulMTY6q4bY2q0EKkpPnDzrSD3aBufvOJX3B2HWkRYKYs33\/wiOrr\/AgKGhE\/ErzJnYi\/YDub+uEWY94hbjRXs7qmPMfXS6EmVEcD6Yu7kTpoc"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_tot_l4_data_len":236,"flow_min_l4_data_len":20,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1614898090218,"flow_last_seen":1614898090270,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"HP Virtual Machine Group Management","breed":"Acceptable","category":"Network"}}
00418{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":296670,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"YDjgxTWgeJS0JASgCABFAAAo1ItAADQGTMmgLMJCwKgCZBRnpwwosEHRjgqWqFAQchDNoAAAAAAAAAAA"}
00484{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":296873,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"YDjgxTWgeJS0JASgCABFAABc1IxAADQGTJSgLMJCwKgCZBRnpwwosEHRjgqWqFAYchAB0wAAFwA0ADMahi3Gg8w54RpuqsSE22XLqLl1o0JaYCiSTfGlSNZZEbFCq4yaeurw3tbqsJn7rw=="}
00413{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898090,"pkt_ts_usec":300385,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFVAAD8GBgDAqAJkoCzCQqcMFGeOCpaoKLBCBVAQ\/\/8\/fQAA"}
@@ -158,7 +158,7 @@
00413{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898128,"pkt_ts_usec":265713,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJS0JASgYDjgxTWgCABFAAAoEFlAAD8GBfzAqAJkoCzCQqcMFGeOCpduKLBCS1AQ\/\/8+cQAA"}
00462{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898324,"pkt_ts_usec":146735,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"eJS0JASgYDjgxTWgCABFAABLEFpAAD8GBdjAqAJkoCzCQqcMFGeOCpduKLBCS1AY\/\/\/62gAAMAAjOflOmc8A59uITyAmkBk4LYlBBj9mCKXfikAGxfDmnW8="}
00460{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1614898324,"pkt_ts_usec":173693,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"YDjgxTWgeJS0JASgCABFAABL1I9AADQGTKKgLMJCwKgCZBRnpwwosEJLjgqXkVAYchDQXgAAMAAjMxqGLcaDzDnhGm6qxITbZe9mg0vSvWTKd8TOkdNjs\/4="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_tot_l4_data_len":924,"flow_min_l4_data_len":20,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test"}
diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out
index cfaf71540..0729fc788 100644
--- a/test/results/http-lines-split.pcap.out
+++ b/test/results/http-lines-split.pcap.out
@@ -1,10 +1,10 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593713340401,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593713340401,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"}
00432{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401724,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":401990,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"}
00469{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":402042,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABjzZLGIYDjgxTWgCABFAABOt61AAHkGyJbAqAABwKgAFJlEemkrolmy\/HGvwVAYA+z\/KAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHRvbmkubGFuOjMxMzM3DQo="}
-00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
+00688{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}}
00416{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":402061,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVdAALIGChPAqAAUwKgAAXppmUT8ca\/BK6JZ2FAQAfaBgAAA"}
00456{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":402236,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"ABjzZLGIYDjgxTWgCABFAABFt65AAHkGyJ7AqAABwKgAFJlEemkrolnY\/HGvwVAYA+zalAAAVXNlci1BZ2VudDogdWNsaWVudC1mZXRjaA0KDQo="}
00416{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":402249,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVhAALIGChLAqAAUwKgAAXppmUT8ca\/BK6JZ9VAQAfaBgAAA"}
@@ -15,5 +15,5 @@
00426{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":404101,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot7BAAHkGyLnAqAABwKgAFJlEemkroln1\/HG2IlAQA+reqgAAAAAAAAAA"}
00426{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":404575,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot7FAAHkGyLjAqAABwKgAFJlEemkroln1\/HG2IlARA+reqQAAAAAAAAAA"}
00417{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593713340,"pkt_ts_usec":404597,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"YDjgxTWgABjzZLGICABFAAAoAABAALIGR2rAqAAUwKgAAXppmUT8cbYiK6JZ9lAQAfbgnQAA"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_tot_l4_data_len":2003,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test"}
diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out
index 9fddb3f25..9793b5935 100644
--- a/test/results/http_ipv6.pcap.out
+++ b/test/results/http_ipv6.pcap.out
@@ -1,13 +1,13 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1448269123954,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1448269123954,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269123,"pkt_ts_usec":954061,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="}
00456{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269123,"pkt_ts_usec":971846,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1448269127395,"flow_last_seen":0,"flow_tot_l4_data_len":214,"flow_min_l4_data_len":214,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":214,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1448269127395,"flow_last_seen":0,"flow_min_l4_payload_len":182,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":182,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00704{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":395120,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="}
00510{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":395195,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="}
-00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02234{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":400446,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1448269127400,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.it","user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}
00456{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419269,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="}
00456{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419302,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBABMJ2aAAABAQgK493E7RINbDw="}
00511{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":419312,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAEYGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBgBMJRuAAABAQgK493E7RINbDwXAwMAIamaKXQXAEJ+l6GRGDPCWYkk8\/GIYJF1yZM9UcV466R1KQ=="}
@@ -32,46 +32,46 @@
01135{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":772665,"pkt_caplen":581,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":581,"pkt_l4_len":527,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAg8ROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawIPK8MABegNpVD\/7\/JYzlk\/BYlFgZIFfHfw1bXDQPU6CVEq6Zu\/BN0YX9q8KdtjKz2kPswP0T\/MG7ZhdaSfLUFJ\/NAYhY0mRcMGmmQmzmHRbHbwhWps05f8n34Tn1sNM6rta9iduCVINYTfizjYboc2gBDUNrR1ydHxyATtR5OcnwZXWufFWI6Gpbt3UnrADrDmQFUA4LLUXdcHbpuaa4prYi0tyxFayQabspYn\/ZywEYFFUpeYQKZYTE3+DvxTvMRhoUnXr5KYUUm8NE47p7y6iMh10tXVxlCG0fUT56wBvqGjwp82AXSLgEBqdD4s9IbTq968YdwVm3+fqkZzoUy6vJLLKtOhwhmb3r2un4HNlyBhDC9okkeHVeoP6rRTVH2H2mFRFML6lvQ2z4xnVsAp91cbQFqZA193cC0uG1pmYmTO7yDRVqkQpn\/lDbc7KneAGzV8DlalkwbPwa7nWCswi0D\/QFCqWuRXDw3AnvmOK0AmMJDBj0SbmaI6I8hQNDshiJP0u3hnk2fPONfuO+0LgMdPuNSQdHyHX2\/HtUa2P61qhIgmdqHF1Kg258fqOSj7c3+IXv7KZqzcqZkZaeW9P3fi\/UZBrlLPztduZdIVHnA57DmtVGMZk3\/VAShaEcfqkJoxfeEYE\/nlQsTB7gHtRv7AGgXEh3Ma0W7mjss\/NWZlpszmpfpl3pY="}
00480{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":798722,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAADARQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwAwFZEMSb7i0\/DtzNYHRDHMJE6JwbqCwTUm1pgKamJUbxHMwtRxH0S17Bee"}
00467{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":818509,"pkt_caplen":91,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":91,"pkt_l4_len":37,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACUROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawAlJwsABu4AWQBJc6S\/ABpFwRqNbmpSh1W8j6OzpFWJyQ=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1448269127922,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1448269127922,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":922059,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIAwAAAAAAACAI5SQBuwROHG\/ILPHEgBACniVsAAABAQgKEg1swGh+tvU="}
00457{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":940031,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggDAAAAAAAAIAgqAA1AAAEAA3qswP\/+pw1MAbvlJMgs8cQEThxwgBAA+ZiqAAABAQgKaH9m+RINFL8="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1448269127960,"flow_last_seen":0,"flow_tot_l4_data_len":206,"flow_min_l4_data_len":206,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":206,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1448269127960,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00696{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269127,"pkt_ts_usec":960079,"pkt_caplen":260,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":260,"pkt_l4_len":206,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAM4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwDOCoAMj5N114hr41MJBd7sKG9JfODv2KzX0uexKi4OUzkr936AyksmjfKzejWhR1IllABVz6\/Nd8+DDPRvVbNJa4sAljMB\/byd9EnDrnASdvNnincHpyqVPP90d4TSxj+ARZa\/L622T2LNfPxOM6m\/si1ZmPjMCf2wR7DzkfTBciJe2oZugnMhbWbTFVoln8LtSZhpET4oRj3Jk\/IY0Vhm0AHAVNXjHBEt89UVS7Gr6h9OBH5HRJ1TIdTk4GJ40SQl9lgo1l4eCx0="}
00535{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269128,"pkt_ts_usec":3411,"pkt_caplen":143,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":143,"pkt_l4_len":89,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAFkRMyoAFFBACwwCAAAAAAAAAF8qAA1AAAEAA3qswP\/+pw1MAbvXaQBZLuIAB1nnejc74Zg5YssedTReRP0KRIf1hcs3Aafoe+Tuwy6JT\/77UOdg9PcT9s8XDyyGEBG\/Mph8KZAg9aAfxnp6BrSLMfMbzThg3fGY8Pw0dHA="}
00471{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269128,"pkt_ts_usec":28795,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwAtCd8Mj5N114hr41MKZOnBWgR9A+MJ4bypcpF9U29vj07q+fvNp9EO"}
00693{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269129,"pkt_ts_usec":551204,"pkt_caplen":257,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":257,"pkt_l4_len":203,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAMsRQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwDLFiwMSb7i0\/DtzNYIgWvfZMMzgV0eLq0rcF8Wjfdc88El\/OKe3m4b7L9HS+mMBEYrS+doCavo0g9v4cjNuvKk8Lt9jqbVMq4hpZuUInyA\/FDGcB9PdVXM1PG9Twc53K\/NE22oYsP600rWQqAeBHFPUIlrjHB7GsGewzsm\/LoNAyfg92ccCbiDQGEU7VnL8MvE74giVX7LYq16CD0sRU278L4kXMTwks9YhQkTkzvxemT+Ky6GjVXsflRJFFvd1vRUrGaTm7w="}
00473{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269129,"pkt_ts_usec":597234,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgROCoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbuzawAoTL8AB+q\/vPhS\/ZnAgyOaUqmaLKPlvPx\/8rQ+trou59iqhw=="}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":575377,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1448269138575,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":575474,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU0AAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="}
00469{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600012,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXmyY1W1zoBJvkBOIAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00456{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600069,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBAA4WsSAAABAQgKEg13LQBerOc="}
00469{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600079,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziew8Z1OoBJvkELPAAACBAWgBAIICgBerOcSDXcnAQMDCA=="}
00456{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600097,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBAA4WsSAAABAQgKEg13LQBerOc="}
00745{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600311,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXMqpl5tgBgA4WvmAAABAQgKEg13LQBerOcWAwEAzwEAAMsDA3KnuJVYkfUxfYZivfoDxsSlMXT0r7J\/8CEfMp57IxYdAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00745{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":600449,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnU5Dqs4ogBgA4WvmAAABAQgKEg13LQBerOcWAwEAzwEAAMsDA6vh\/5Bm8Zaj64wlmhNi+L0mv17cXjOZyxYSV5DW8g55AAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1448269138575,"flow_last_seen":1448269138600,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00457{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":625594,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXm2Y1W5HgBAAdLB9AAABAQgKAF6s7RINdy0="}
00458{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":625652,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziiw8Z4igBAAdN\/EAAABAQgKAF6s7RINdy0="}
02382{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":627411,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOqziiw8Z4igBAAdLr0AAABAQgKAF6s7hINdy0VAwMAAgFwFgMDAEECAAA9AwPbHrwc7Zlupy05Lmaoc8pOPmXnptE8luGpRyrXQPj6zQDALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAxDjCwAQ3wAQ3AAFTzCCBUswggQzoAMCAQICEGlwh8ZXzEdaqUNvI9+NN8MwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTUxMTE1MDAwMDAwWhcNMTgxMTE0MjM1OTU5WjBRMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRYwFAYDVQQDEw1zaG9wLm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR6BIHt+rHaCaBL\/qKK36Y6zgLZa7uQ42uYff0TmO+nrjezjVzokWSc+b7XT8xiQLH5AkqJ9Lf\/\/NeqkB1fm7\/K3k27TQzmGn0gZ\/gjZ0up1RGHlcWqkmBgu1hm4kF0hAptThu\/QQTHz6OE2C2JERem\/TCFrM+LeqAlRcK\/9iYu2odCWrMkYWJu1Zur8eL0LtVyxc3kqCMWwu7at46P1qNP8vTbSQDxFLJTvozfhfIr+zQT412txGL1UCyQye5MRn5Abou0RkIjFXoM+zdLQQC3yVy\/Jd1s9wnLEcoBoeKxiqK5BJxLO\/3yH8uWwyg8YUFbd5+1cgJHdZ69cFgM4ZwIDAQABo4IB3TCCAdkwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFJAVUwm3FdB8i+jm6lJjVmDmcoYFMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTArBgNVHREEJDAigg1zaG9wLm50b3Aub3JnghF3d3cuc2hvcC5udG9wLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEABHga0CoUddKc8gTKl8pscY7onSvxASeGg6n14z8FhR2xLi3sQM93tAHGjfXnqbvor3abNIZbNbF0KzRdqJu4Pf8lRVflEivDChvy3JGmTgemN9zWuDPZ57rHKIP2WX88hJ\/PhjhgpWwDlVARS9gLCvB+ao\/MqFUPnRHIB\/ozv+GFroJaou2ptXCVpGzEcU5eeKmEk7EDV1FIeaLukxlf2pdWAhu92nfkdMVk7CEaYe2jnnRpGgH3FSI7e35KuJ6qcNoKFw3CRdQMfoBimHtdql+6OuUlCrOYGYcfLlT2dHNLRy5B10L6oRI="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138627,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00456{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":627454,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxniJDqtO8gBAA+GsSAAABAQgKEg13NABerO4="}
04042{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":627512,"pkt_caplen":2754,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":2754,"pkt_l4_len":2700,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAACowGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOq07yw8Z4igBgAdHV+AAABAQgKAF6s7hINdy0a7lRZZvgTMcu9Q3ViDTlQU1VpfPinQgAGDDCCBggwggPwoAMCAQICECsuburZdTZsFIpu26N8jAcwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOwgIZ4aBZpOs4NY0s\/QHQ00nAZMcLYgVFFjqooMAMAn8dzNvEoW13A6MPhvnjBpw+C4GKm0kbrQO++kvbjCDt1c5eZY4+Da9MwrC3RV5SLzTeSCRktEGuAJf3vmfentB6p1OAO3yt9ZZVb5dHCnyFiyKXjbOE4JZX0HAYYJaP7i0Hk52husrRzXvpxCqaKCGRTW+STyWl8no13SbcRqXQrFk1jP9OkUNQP1mTHmxRIe5YFKv+dVB4PkywHIYT+muYvOA7lB6FUtwDkyQYbssnUUXmcN4lQ6QN4Uql7bZ+yM1t7i4dJ3Nd3EUwgKrjskELr71Eh9q55Rudf67lhYKlAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBOK3ZPkhxiNom6d8EnBfQc1kSdqZo+qtVmZgE+6knmojW8+vbdlY6ZNZgONhh1sd3dUHJ8rtx3iM4P95AgyqNnLh9Wf3vhROpClcRdDQFQRhXygYlZbIrdjPESoY06QoqY+Es0eyc7CLRvJDtynWN0WDwabD9PxxGayKj1tTfvEEXGbNngXpUms+uto7nufwyaZjVzMmBO5d2KYSxuUhF3aJbTGHVRFQAbdIjd4cc4BEMo6Rb92QXUXUcnYNb7ODtscqKU+EIa3+1vBoxFwgYAquTo3Nm14XN47PYj3NHdbI4aj6XqVHyWt8P+VY6NSV78ZLvPPr2W62nNv+BI8WKCEOUMRlfyM9rQyGPtxh+UBZZKGpHR9+vPj1KuDQjZPqigUenBh3TVyfd0qy5T+7t6+5fi+B8mj7PSoOA3Wyg7MeUOVy1auK15rF4gZhqluaa1OcH1mEP\/7vmnp\/3uyiQ9gBbEF4+KwWChDK5bQ0eRS9WaF1\/51IfBwoy35+IPMBk3hqzg3EID5pSona79DyRRlM6SCNH8UPADQHuIWe0O3azSd4I03AaVAtiQ+S3qN9UaYNBnINfYQgtFr4Jo3t1mJDeQKZQZRhkluIDXy9SGKGpEcCYjYqmfhm+\/upBw0lZ3hXjv6iWpF85QcowAOqrj22M0n\/gGcQHigiDU\/m+9sQAFeDCCBXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu\/xGXx\/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09\/mX+1\/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg\/DKWUSe8Z8PKLrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q\/0lYvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsG"}
00456{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":627538,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxniJDqt4ogBABIWsSAAABAQgKEg13NABerO4="}
02383{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628475,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmXm2Y1W5HgBAAdOrGAAABAQgKAF6s7hINdy0VAwMAAgFwFgMDAEECAAA9AwP\/gr+10+Po1U2wbWlKPo3WWKrp+1kU8G6Kz6lqITIQHgDALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAxDjCwAQ3wAQ3AAFTzCCBUswggQzoAMCAQICEGlwh8ZXzEdaqUNvI9+NN8MwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTUxMTE1MDAwMDAwWhcNMTgxMTE0MjM1OTU5WjBRMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRYwFAYDVQQDEw1zaG9wLm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR6BIHt+rHaCaBL\/qKK36Y6zgLZa7uQ42uYff0TmO+nrjezjVzokWSc+b7XT8xiQLH5AkqJ9Lf\/\/NeqkB1fm7\/K3k27TQzmGn0gZ\/gjZ0up1RGHlcWqkmBgu1hm4kF0hAptThu\/QQTHz6OE2C2JERem\/TCFrM+LeqAlRcK\/9iYu2odCWrMkYWJu1Zur8eL0LtVyxc3kqCMWwu7at46P1qNP8vTbSQDxFLJTvozfhfIr+zQT412txGL1UCyQye5MRn5Abou0RkIjFXoM+zdLQQC3yVy\/Jd1s9wnLEcoBoeKxiqK5BJxLO\/3yH8uWwyg8YUFbd5+1cgJHdZ69cFgM4ZwIDAQABo4IB3TCCAdkwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFJAVUwm3FdB8i+jm6lJjVmDmcoYFMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTArBgNVHREEJDAigg1zaG9wLm50b3Aub3JnghF3d3cuc2hvcC5udG9wLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEABHga0CoUddKc8gTKl8pscY7onSvxASeGg6n14z8FhR2xLi3sQM93tAHGjfXnqbvor3abNIZbNbF0KzRdqJu4Pf8lRVflEivDChvy3JGmTgemN9zWuDPZ57rHKIP2WX88hJ\/PhjhgpWwDlVARS9gLCvB+ao\/MqFUPnRHIB\/ozv+GFroJaou2ptXCVpGzEcU5eeKmEk7EDV1FIeaLukxlf2pdWAhu92nfkdMVk7CEaYe2jnnRpGgH3FSI7e35KuJ6qcNoKFw3CRdQMfoBimHtdql+6OuUlCrOYGYcfLlT2dHNLRy5B10L6oRI="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1448269138575,"flow_last_seen":1448269138628,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00456{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628511,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbkcqpmQBgBAA+GsSAAABAQgKEg13NABerO4="}
02373{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628541,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmZAGY1W5HgBAAdO2IAAABAQgKAF6s7hINdy0a7lRZZvgTMcu9Q3ViDTlQU1VpfPinQgAGDDCCBggwggPwoAMCAQICECsuburZdTZsFIpu26N8jAcwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOwgIZ4aBZpOs4NY0s\/QHQ00nAZMcLYgVFFjqooMAMAn8dzNvEoW13A6MPhvnjBpw+C4GKm0kbrQO++kvbjCDt1c5eZY4+Da9MwrC3RV5SLzTeSCRktEGuAJf3vmfentB6p1OAO3yt9ZZVb5dHCnyFiyKXjbOE4JZX0HAYYJaP7i0Hk52husrRzXvpxCqaKCGRTW+STyWl8no13SbcRqXQrFk1jP9OkUNQP1mTHmxRIe5YFKv+dVB4PkywHIYT+muYvOA7lB6FUtwDkyQYbssnUUXmcN4lQ6QN4Uql7bZ+yM1t7i4dJ3Nd3EUwgKrjskELr71Eh9q55Rudf67lhYKlAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBOK3ZPkhxiNom6d8EnBfQc1kSdqZo+qtVmZgE+6knmojW8+vbdlY6ZNZgONhh1sd3dUHJ8rtx3iM4P95AgyqNnLh9Wf3vhROpClcRdDQFQRhXygYlZbIrdjPESoY06QoqY+Es0eyc7CLRvJDtynWN0WDwabD9PxxGayKj1tTfvEEXGbNngXpUms+uto7nufwyaZjVzMmBO5d2KYSxuUhF3aJbTGHVRFQAbdIjd4cc4BEMo6Rb92QXUXUcnYNb7ODtscqKU+EIa3+1vBoxFwgYAquTo3Nm14XN47PYj3NHdbI4aj6XqVHyWt8P+VY6NSV78ZLvPPr2W62nNv+BI8WKCEOUMRlfyM9rQyGPtxh+UBZZKGpHR9+vPj1KuDQjZPqigUenBh3TVyfd0qy5T+7t6+5fi+B8mj7PSoOA3Wyg7MeUOVy1auK15rF4gZhqluaa1OcH1mEP\/7vmnp\/3uyiQ9gBbEF4+KwWChDK5bQ0c="}
00457{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628563,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbkcqpmmVgBABDmsSAAABAQgKEg13NABerO4="}
02135{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628622,"pkt_caplen":1326,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1326,"pkt_l4_len":1272,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABPgGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmaZWY1W5HgBgAdJPHAAABAQgKAF6s7hINdy2RS9WaF1\/51IfBwoy35+IPMBk3hqzg3EID5pSona79DyRRlM6SCNH8UPADQHuIWe0O3azSd4I03AaVAtiQ+S3qN9UaYNBnINfYQgtFr4Jo3t1mJDeQKZQZRhkluIDXy9SGKGpEcCYjYqmfhm+\/upBw0lZ3hXjv6iWpF85QcowAOqrj22M0n\/gGcQHigiDU\/m+9sQAFeDCCBXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu\/xGXx\/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09\/mX+1\/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg\/DKWUSe8Z8PKLrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q\/0lYvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsG"}
00458{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":628652,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbkcqpm5tgBABJGsSAAABAQgKEg13NABerO4="}
01357{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":635605,"pkt_caplen":742,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":742,"pkt_l4_len":688,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAArAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSbiqmbm2Y1W5HgBgAdMtVAAABAQgKAF6s8BINdy0BBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS\/g\/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBB\/iYgJMZBBHJ84TXA\/bT1U8sy7OWVyfkc6G\/87ELj\/IEJz1iHdAPZOgBAyISSfD50qM+z8q7OzfUwUAdlPGfTQGAQEAp4cW5jdt\/W6z7Lb\/gkrLUjIW0dJ8PHG\/ZwAUIl999MflxWuNkgI\/XrLnSu92ZUQaoUFKO2afLt2hnI9jkpwTjZlRJvyCrBT+tPbcMLbMQNPzJyp3s9S6HWhQcvEYla5P43\/IBknvwt6y8gvG\/53+epc1qUBLmIGMG5qXW9Va0z\/21gSJJAwB4VX60sqMlJytqfcHDBh9E5OPezdXrBY8ka8kJF0HTjyUa6n4L065Ix5mTySfOEWtaRH3ZJ904UXxKvR82LS\/zOCtQwCjvnmC884r7nLvLShK3b8f\/HeLfDMJmVBAGwP8f71mMjGZd2qsvjENnjnZ\/tWj5+CfRP7xZRYDAwAEDgAAAA=="}
-01194{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_tot_l4_data_len":5364,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+01205{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":12,"flow_first_seen":1448269138575,"flow_last_seen":1448269138635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00458{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":635648,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbkcqpnD9gBABO2sSAAABAQgKEg13NgBerPA="}
01351{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":636898,"pkt_caplen":742,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":742,"pkt_l4_len":688,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAArAGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOq3iiw8Z4igBgAdEtJAAABAQgKAF6s8BINdy0BBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS\/g\/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBK9Da7enVTgKDFo3dp9D2ZSqSg29XA\/B9eMRpfJFUtlvNE3+XEzQY08gZspdnR1f9QPx5qG5S8oXK\/McD3d9nhUGAQEAGII47e54zqqIKgxkUsNbjrwB3irxozphph104L\/qxh44x9nwtDy\/Pxj94P6g5QYK2kJM5+BMLtrveIuj6gXVWuZ4nClmSbrXUwQy69IpGe8S\/v\/rOrq0aWnjo8Z4qV1HltVOs821rZ6HVkKp37tfaNRpLTefdXr4qEu8hIZnLBrUrvAs50NpZxpQX6oqta6pplhf4CRGS8+dfr8TcKsL8ycBsqZIJ7hywsR2gs2Ghr0NMwjAV5uKecEBxySbyilA4zG9jpobpauvIkc\/z\/hdWPaf9IH74x9zkhj3LEqZD3bthFM4fRblvSkAmod+s8aczp7YGeCaBNpVZDnaf+7JOxYDAwAEDgAAAA=="}
-01194{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_tot_l4_data_len":5300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2700,"flow_avg_l4_data_len":530,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+01205{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1448269138575,"flow_last_seen":1448269138636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00458{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":636926,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxniJDquC4gBABOGsSAAABAQgKEg13NgBerPA="}
00631{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":637296,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbkcqpnD9gBgBO2uQAAABAQgKEg13NgBerPAWAwMARhAAAEJBBNWDt8ZrBvz5dueP\/aomnZb+jhQ+bA7OfrnRoZ5xj8q3Xbd9m9fa4XdUTQKHEW6053f0odL76ZWoQqwcQ0AD5LAUAwMAAQEWAwMAKAAAAAAAAAAA7SA6uYWEmcQRKWMFkBZdArEL8RdWN3BYP7\/siN6rDgs="}
00634{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":638739,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxniJDquC4gBgBOGuQAAABAQgKEg13NwBerPAWAwMARhAAAEJBBCi8P\/EExM0Xu6JZErQb\/mrysQLciXK\/MPBwDe3\/RtXCA+1TMXC6HMw2Ppf0shM99s4lIkFKPpuBs2liuhCpjNUUAwMAAQEWAwMAKAAAAAAAAAAAMjj9iBhSXJD0M52DevX+Zy3OY\/d+OUBXzGhOg7EaYwE="}
@@ -79,78 +79,78 @@
00833{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":664165,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGOCoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuScEOq4Liw8Z6ggBgAdHBVAAABAQgKAF6s9xINdzcWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R3Gkq0wSBn+JJrOvPDuGcaeSeQYfYW8XiToXNfzxX95HoarO9PH5fFlOD2LF\/WhIJ8kZHn6PO5gYzl01z8hqzsfijA0jKKV2GWrCRSGwu1bJ9vtgZ2uQlA3t7EDCyA8mtvJmvqOeLY2b2QRZUZ\/jiGR6S\/LaH7oJTBUtddg1SBi1CGaieQtSjIJyikpKr0pxp12OU7\/ICH73vQdw\/07zVK5fWlbYmyKox0BfYySBx5X8Uz3QifaButrbMN+nd9JkWcFAMDAAEBFgMDACiEuSuOd0g+FPcdT\/BvxyVDi\/LHUtOzqJIxutwBfqrrX+uxTroXvDIw"}
00458{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":701994,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnqBDquHKgBABTmsSAAABAQgKEg13RwBerPc="}
00458{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269138,"pkt_ts_usec":721261,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknABu7DxnqBDquHKgBEBTmsSAAABAQgKEg13SwBerPc="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1448269139219,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1448269139219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":219031,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9NoAAAAAoAJwgGsaAAACBAWgBAIIChINd8gAAAAAAQMDBw=="}
00470{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":239626,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8YOHPTboBJvkPn2AAACBAWgBAIICgBerYcSDXfIAQMDCA=="}
00458{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":239713,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBAA4WsSAAABAQgKEg13zQBerYc="}
00746{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":239900,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9Nt05S\/HgBgA4WvmAAABAQgKEg13zQBerYcWAwEAzwEAAMsDAxNG7IQgXbVqJt444LAcQyYZDBjNyphCo4eH+1bCSic4AAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1448269139219,"flow_last_seen":1448269139239,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00458{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":260425,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8cOHPWvgBAAdJbuAAABAQgKAF6tjBINd80="}
02384{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263228,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlL8cOHPWvgBAAdKEoAAABAQgKAF6tjRINd80VAwMAAgFwFgMDAEECAAA9AwPZKCPjZPliuXEyb5\/i+kCdBwZ0PhXjXwwbzR8X949FEwDALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAxDjCwAQ3wAQ3AAFTzCCBUswggQzoAMCAQICEGlwh8ZXzEdaqUNvI9+NN8MwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTUxMTE1MDAwMDAwWhcNMTgxMTE0MjM1OTU5WjBRMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRYwFAYDVQQDEw1zaG9wLm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR6BIHt+rHaCaBL\/qKK36Y6zgLZa7uQ42uYff0TmO+nrjezjVzokWSc+b7XT8xiQLH5AkqJ9Lf\/\/NeqkB1fm7\/K3k27TQzmGn0gZ\/gjZ0up1RGHlcWqkmBgu1hm4kF0hAptThu\/QQTHz6OE2C2JERem\/TCFrM+LeqAlRcK\/9iYu2odCWrMkYWJu1Zur8eL0LtVyxc3kqCMWwu7at46P1qNP8vTbSQDxFLJTvozfhfIr+zQT412txGL1UCyQye5MRn5Abou0RkIjFXoM+zdLQQC3yVy\/Jd1s9wnLEcoBoeKxiqK5BJxLO\/3yH8uWwyg8YUFbd5+1cgJHdZ69cFgM4ZwIDAQABo4IB3TCCAdkwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFJAVUwm3FdB8i+jm6lJjVmDmcoYFMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTArBgNVHREEJDAigg1zaG9wLm50b3Aub3JnghF3d3cuc2hvcC5udG9wLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEABHga0CoUddKc8gTKl8pscY7onSvxASeGg6n14z8FhR2xLi3sQM93tAHGjfXnqbvor3abNIZbNbF0KzRdqJu4Pf8lRVflEivDChvy3JGmTgemN9zWuDPZ57rHKIP2WX88hJ\/PhjhgpWwDlVARS9gLCvB+ao\/MqFUPnRHIB\/ozv+GFroJaou2ptXCVpGzEcU5eeKmEk7EDV1FIeaLukxlf2pdWAhu92nfkdMVk7CEaYe2jnnRpGgH3FSI7e35KuJ6qcNoKFw3CRdQMfoBimHtdql+6OuUlCrOYGYcfLlT2dHNLRy5B10L6oRI="}
-00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":125,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1448269139219,"flow_last_seen":1448269139263,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00457{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263266,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905TVbgBAA+GsSAAABAQgKEg130wBerY0="}
02373{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263309,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlNVsOHPWvgBAAdNP5AAABAQgKAF6tjRINd80a7lRZZvgTMcu9Q3ViDTlQU1VpfPinQgAGDDCCBggwggPwoAMCAQICECsuburZdTZsFIpu26N8jAcwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOwgIZ4aBZpOs4NY0s\/QHQ00nAZMcLYgVFFjqooMAMAn8dzNvEoW13A6MPhvnjBpw+C4GKm0kbrQO++kvbjCDt1c5eZY4+Da9MwrC3RV5SLzTeSCRktEGuAJf3vmfentB6p1OAO3yt9ZZVb5dHCnyFiyKXjbOE4JZX0HAYYJaP7i0Hk52husrRzXvpxCqaKCGRTW+STyWl8no13SbcRqXQrFk1jP9OkUNQP1mTHmxRIe5YFKv+dVB4PkywHIYT+muYvOA7lB6FUtwDkyQYbssnUUXmcN4lQ6QN4Uql7bZ+yM1t7i4dJ3Nd3EUwgKrjskELr71Eh9q55Rudf67lhYKlAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBOK3ZPkhxiNom6d8EnBfQc1kSdqZo+qtVmZgE+6knmojW8+vbdlY6ZNZgONhh1sd3dUHJ8rtx3iM4P95AgyqNnLh9Wf3vhROpClcRdDQFQRhXygYlZbIrdjPESoY06QoqY+Es0eyc7CLRvJDtynWN0WDwabD9PxxGayKj1tTfvEEXGbNngXpUms+uto7nufwyaZjVzMmBO5d2KYSxuUhF3aJbTGHVRFQAbdIjd4cc4BEMo6Rb92QXUXUcnYNb7ODtscqKU+EIa3+1vBoxFwgYAquTo3Nm14XN47PYj3NHdbI4aj6XqVHyWt8P+VY6NSV78ZLvPPr2W62nNv+BI8WKCEOUMRlfyM9rQyGPtxh+UBZZKGpHR9+vPj1KuDQjZPqigUenBh3TVyfd0qy5T+7t6+5fi+B8mj7PSoOA3Wyg7MeUOVy1auK15rF4gZhqluaa1OcH1mEP\/7vmnp\/3uyiQ9gBbEF4+KwWChDK5bQ0c="}
00457{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263329,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905TrvgBABDmsSAAABAQgKEg130wBerY0="}
02135{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263377,"pkt_caplen":1326,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1326,"pkt_l4_len":1272,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABPgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlOu8OHPWvgBgAdHo4AAABAQgKAF6tjRINd82RS9WaF1\/51IfBwoy35+IPMBk3hqzg3EID5pSona79DyRRlM6SCNH8UPADQHuIWe0O3azSd4I03AaVAtiQ+S3qN9UaYNBnINfYQgtFr4Jo3t1mJDeQKZQZRhkluIDXy9SGKGpEcCYjYqmfhm+\/upBw0lZ3hXjv6iWpF85QcowAOqrj22M0n\/gGcQHigiDU\/m+9sQAFeDCCBXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu\/xGXx\/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09\/mX+1\/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg\/DKWUSe8Z8PKLrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q\/0lYvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsG"}
00459{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":263396,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905T\/HgBABJGsSAAABAQgKEg130wBerY0="}
01349{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":267415,"pkt_caplen":742,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":742,"pkt_l4_len":688,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAArAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlP8cOHPWvgBgAdF4MAAABAQgKAF6tjhINd80BBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS\/g\/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBD2xb2w+AyhgNL1Ea+IB6gNLJPQe17qolJGh73dEAol4RjGQeSFOD\/NPmT77Q3Viq201duRUnw52HMOYpmrx950GAQEAOj5A6WoO+xMEjQDDWMDSGXl4yufn+BZYB8IoL9LZnLHq5TRppVGDQrNSIC9fNsZjGiZq1zv7P5+8bfL05O4O1UZTc9ix8YVecK5J+PSSXkTiRYDTgrfY0tNmZTvnWhe5ASHBpm\/XLdIirEgicq3XUYXIn9ovidsbgahnWcf1fBFOffvfGPhK\/QM4GgIIX7vHn3xyeOpKkDm2zQ5\/R2v9ojV1r6K6suLl+rqARg3+0euzjfwEZdKgoJuGqJGlPe5EGcRLcCUahd3XmQDu9UVTjCsuleyd3Cz7i\/a2oC+kIVtCkl0roGGSqcgQvzigOJ847ejeL6su8Yoi\/mghciZcNhYDAwAEDgAAAA=="}
-01194{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_tot_l4_data_len":5364,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+01205{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":12,"flow_first_seen":1448269139219,"flow_last_seen":1448269139267,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00458{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":267465,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905UJXgBABO2sSAAABAQgKEg131ABerY4="}
00630{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":268658,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABknYBuw4c9a905UJXgBgBO2uQAAABAQgKEg131ABerY4WAwMARhAAAEJBBJzPR2sM7OXWdxxTH8ExN47HkmvsmfbFKoKpWKuQbAgx16wrf2Ju0jo7UKJ4ey27iDy9z0akfx+6qqHS0YZyK\/MUAwMAAQEWAwMAKAAAAAAAAAAAVYNTEifBKSPslrliap2MBJ4eUNQS6r3F5g0RZT2LNnM="}
00829{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":290633,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSdnTlQlcOHPYtgBgAdCYUAAABAQgKAF6tlBINd9QWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R32JsXZKQkGVMRBICFQu21kmwsUFbQ4fWFEWniUJQ1U5Ndjg3zAKrWb+Xo64MaD9i4KF18Y58k0uqRdFnrY7SfNc3skH1KszimnYvY7GZaehYi\/O8Dp9uxj18b58fTf4imGbk9R14dKUOK+lbCmVGaj\/amG7vnxb17jKw3vP9B6TUc1IqNvMfuLr8tfNwVA0O7GNYD3XVbD7MXao09q\/SvVaO3XO5Z4rQfLdFiLMs9SBSTuY9JlPaSwHcbvTLJDwv6FAMDAAEBFgMDACgsEaR9WDcIXZeWNgvSMO7Uz+Mu+b6EsYO33vgkZDfPmJ9HXC947vcV"}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1448269139314,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1448269139314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":314022,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BoQAAAAAAAA7t6twBuwxnksLpg7gmgBABC+E3AAABAQgKEg134BvnLVo="}
00459{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269139,"pkt_ts_usec":321037,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGhAAAAAAAADu0qAA1AAAEAA3qswP\/+pw1MAbvq3OmDuCYMZ5LDgBAD0zk\/AAABAQgKG+fdWhINH94="}
-00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1448269143410,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1448269143410,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269143,"pkt_ts_usec":410021,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAyiAEBA\/IPrOsAwAACXenXQBu97bCAR6JAzggBADIfF3AAABAQgKEg174HFvpAM="}
00460{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269143,"pkt_ts_usec":539406,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gwAAAACAGKyoDKIAQED8g+s6wDAAAJd4qAA1AAAEAA3qswP\/+pw1MAbuddHokDODe2wgFgBAAa0\/sAAABAQgKcXBUrRINT9U="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1448269144306,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1448269144306,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":306064,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAACagSYBu7SkSa3RTHVvgBABRwoCAAABAQgKEg18wD9sNbI="}
00459{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":348055,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNSoAFFBACwwCAAAAAAAAAJoqAA1AAAEAA3qswP\/+pw1MAbuBJtFMdW+0pEmugBABd0eeAAABAQgKP2zlshINJLA="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1448269144450,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1448269144450,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":450926,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhUAAAAAoAJwgGsaAAACBAWgBAIIChINfOQAAAAAAQMDBw=="}
00471{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":475600,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+S8HnzYWoBJvkOerAAACBAWgBAIICgBesqQSDXzkAQMDCA=="}
00458{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":475660,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBAA4WsSAAABAQgKEg186gBesqQ="}
00746{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":475880,"pkt_caplen":298,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":298,"pkt_l4_len":244,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAPQGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNhZ4xPkwgBgA4WvmAAABAQgKEg186gBesqQWAwEAzwEAAMsDA4LVJCHbKPrRWLN7cMDCu4vR3mRdCUE46R109x1CWpcaAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACC\/wEAAQAAAAARAA8AAAx3d3cubnRvcC5vcmcAFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1448269144450,"flow_last_seen":1448269144475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00459{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":500458,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+TAHnzbqgBAAdIShAAABAQgKAF6yqhINfOo="}
02385{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502317,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE+TAHnzbqgBAAdDDbAAABAQgKAF6yqxINfOoVAwMAAgFwFgMDAEECAAA9AwMAjdo8TPv62Bn8h6jKQAFFTlSb\/Sp7gGn8tQgcYd8DNADALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAxDjCwAQ3wAQ3AAFTzCCBUswggQzoAMCAQICEGlwh8ZXzEdaqUNvI9+NN8MwDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTUxMTE1MDAwMDAwWhcNMTgxMTE0MjM1OTU5WjBRMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFDASBgNVBAsTC1Bvc2l0aXZlU1NMMRYwFAYDVQQDEw1zaG9wLm50b3Aub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR6BIHt+rHaCaBL\/qKK36Y6zgLZa7uQ42uYff0TmO+nrjezjVzokWSc+b7XT8xiQLH5AkqJ9Lf\/\/NeqkB1fm7\/K3k27TQzmGn0gZ\/gjZ0up1RGHlcWqkmBgu1hm4kF0hAptThu\/QQTHz6OE2C2JERem\/TCFrM+LeqAlRcK\/9iYu2odCWrMkYWJu1Zur8eL0LtVyxc3kqCMWwu7at46P1qNP8vTbSQDxFLJTvozfhfIr+zQT412txGL1UCyQye5MRn5Abou0RkIjFXoM+zdLQQC3yVy\/Jd1s9wnLEcoBoeKxiqK5BJxLO\/3yH8uWwyg8YUFbd5+1cgJHdZ69cFgM4ZwIDAQABo4IB3TCCAdkwHwYDVR0jBBgwFoAUkK9qOpRaC9iQ6hJWc99DtDoo2ucwHQYDVR0OBBYEFJAVUwm3FdB8i+jm6lJjVmDmcoYFMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBPBgNVHSAESDBGMDoGCysGAQQBsjEBAgIHMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTMAgGBmeBDAECATBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3JsMIGFBggrBgEFBQcBAQR5MHcwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTArBgNVHREEJDAigg1zaG9wLm50b3Aub3JnghF3d3cuc2hvcC5udG9wLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEABHga0CoUddKc8gTKl8pscY7onSvxASeGg6n14z8FhR2xLi3sQM93tAHGjfXnqbvor3abNIZbNbF0KzRdqJu4Pf8lRVflEivDChvy3JGmTgemN9zWuDPZ57rHKIP2WX88hJ\/PhjhgpWwDlVARS9gLCvB+ao\/MqFUPnRHIB\/ozv+GFroJaou2ptXCVpGzEcU5eeKmEk7EDV1FIeaLukxlf2pdWAhu92nfkdMVk7CEaYe2jnnRpGgH3FSI7e35KuJ6qcNoKFw3CRdQMfoBimHtdql+6OuUlCrOYGYcfLlT2dHNLRy5B10L6oRI="}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1448269144450,"flow_last_seen":1448269144502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00458{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502346,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xP7EgBAA+GsSAAABAQgKEg188QBesqs="}
02375{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502370,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1460,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABbQGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjE\/sQHnzbqgBAAdMGsAAABAQgKAF6yqxINfOoa7lRZZvgTMcu9Q3ViDTlQU1VpfPinQgAGDDCCBggwggPwoAMCAQICECsuburZdTZsFIpu26N8jAcwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYDVQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOwgIZ4aBZpOs4NY0s\/QHQ00nAZMcLYgVFFjqooMAMAn8dzNvEoW13A6MPhvnjBpw+C4GKm0kbrQO++kvbjCDt1c5eZY4+Da9MwrC3RV5SLzTeSCRktEGuAJf3vmfentB6p1OAO3yt9ZZVb5dHCnyFiyKXjbOE4JZX0HAYYJaP7i0Hk52husrRzXvpxCqaKCGRTW+STyWl8no13SbcRqXQrFk1jP9OkUNQP1mTHmxRIe5YFKv+dVB4PkywHIYT+muYvOA7lB6FUtwDkyQYbssnUUXmcN4lQ6QN4Uql7bZ+yM1t7i4dJ3Nd3EUwgKrjskELr71Eh9q55Rudf67lhYKlAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBOK3ZPkhxiNom6d8EnBfQc1kSdqZo+qtVmZgE+6knmojW8+vbdlY6ZNZgONhh1sd3dUHJ8rtx3iM4P95AgyqNnLh9Wf3vhROpClcRdDQFQRhXygYlZbIrdjPESoY06QoqY+Es0eyc7CLRvJDtynWN0WDwabD9PxxGayKj1tTfvEEXGbNngXpUms+uto7nufwyaZjVzMmBO5d2KYSxuUhF3aJbTGHVRFQAbdIjd4cc4BEMo6Rb92QXUXUcnYNb7ODtscqKU+EIa3+1vBoxFwgYAquTo3Nm14XN47PYj3NHdbI4aj6XqVHyWt8P+VY6NSV78ZLvPPr2W62nNv+BI8WKCEOUMRlfyM9rQyGPtxh+UBZZKGpHR9+vPj1KuDQjZPqigUenBh3TVyfd0qy5T+7t6+5fi+B8mj7PSoOA3Wyg7MeUOVy1auK15rF4gZhqluaa1OcH1mEP\/7vmnp\/3uyiQ9gBbEF4+KwWChDK5bQ0c="}
00458{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502387,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQRYgBABDmsSAAABAQgKEg188QBesqs="}
02136{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502424,"pkt_caplen":1326,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1326,"pkt_l4_len":1272,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAABPgGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjFBFgHnzbqgBgAdGfrAAABAQgKAF6yqxINfOqRS9WaF1\/51IfBwoy35+IPMBk3hqzg3EID5pSona79DyRRlM6SCNH8UPADQHuIWe0O3azSd4I03AaVAtiQ+S3qN9UaYNBnINfYQgtFr4Jo3t1mJDeQKZQZRhkluIDXy9SGKGpEcCYjYqmfhm+\/upBw0lZ3hXjv6iWpF85QcowAOqrj22M0n\/gGcQHigiDU\/m+9sQAFeDCCBXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu\/xGXx\/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09\/mX+1\/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg\/DKWUSe8Z8PKLrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q\/0lYvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsG"}
00459{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":502441,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQkwgBABJGsSAAABAQgKEg188QBesqs="}
01351{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":508746,"pkt_caplen":742,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":742,"pkt_l4_len":688,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAArAGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjFCTAHnzbqgBgAdEgsAAABAQgKAF6yrBINfOoBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS\/g\/FfmoXQzbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfjJw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBJiK2\/BideKfR1qOExk62fGRCWO2sbsTGMg8kBgp\/XWed8w7lN6TH7katN9FQAuM6QJRCknrwCZbIYUjEa3xSFUGAQEApa0tLzKyKNP+lyejluUdWDdieRM7AioHIwKIkLfmz2Z0HUDJamWCJU\/7Fgi24K20RGjwACqjPGlOi0\/9Feiexc\/BkTbGp+mpQud8KSLy7P0F1ITw9gKHiFkMFnjjf0bcAs9MnuHWki27C3Rq3GgCWJY3Bhg2PQm3FG98tBh4OxyKdP9B5jLAg\/R8nrvj7Peoh7VNOySr5p8jp5oRsYSAN8aoAHrPzx3syVAJhAzIj8aUkKehEQW+CjRa886JAiLZw5HaJ+UGUxLDoeJjT8o70Pd++J5O1Hf1SBEzRD47aEdCxXD98RTr0G51ixMjRyL\/DSl+nfGmIhnaxY3CAxgeVxYDAwAEDgAAAA=="}
-01195{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_tot_l4_data_len":5364,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
+01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":155,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1448269144450,"flow_last_seen":1448269144508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":4964,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"shop.ntop.org,www.shop.ntop.org","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=shop.ntop.org","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"FB:A6:FF:A7:58:F3:9D:54:24:45:E5:A0:C4:04:18:D5:58:91:E0:34"}}
00459{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":508786,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQvAgBABO2sSAAABAQgKEg188gBesqw="}
00630{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":510248,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkoIBuwefNup4xQvAgBgBO2uQAAABAQgKEg188wBesqwWAwMARhAAAEJBBI2kiTbFVqk1DnTMkksLyBJY73L7yEM3biwxnYTxFSEWSVY81Ndsd88TY9qGNC+qUQjFAAStyjdWtIZMKeYeaE0UAwMAAQEWAwMAKAAAAAAAAAAA6LNWqSOV9xS+am+jb+odvLJ3wy3u8abT8cohbnsD+cQ="}
00838{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269144,"pkt_ts_usec":535687,"pkt_caplen":360,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":360,"pkt_l4_len":306,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAATIGNyoDsMAAAwDQAAAAAABwEAEqAA1AAAEAA3qswP\/+pw1MAbuSgnjFC8AHnzdogBgAdJvpAAABAQgKAF6ysxINfPMWAwMA2gQAANYAAAEsANDvs7P+YV2DQXBR8VMRR3R3OIv\/Ead+tcM\/fneMx5kPIpBedJOYBNv\/DjGBgwssRMpXMNnsPcQ80l3SJ8zKGOODHeRFN\/L2WcR\/BL\/hMZa2fuYoATXULlLMbr3M08PAbqVZC\/btKDT\/5xY\/ujY+EEbwfkz73Js7\/kppVheXfGPkL8IzEJYvYoebv4PHpvKl2c1xfyHumPru6eiY88sp7UK9JV9pZD2pNU\/werVtYVSDCzhNSlmajLB2as7Q1SRUyNj5EgiqP3O1Z4YmgpIWm4wyFAMDAAEBFgMDACgndRFmdPhy5vjdcuuThpfWuc2y2v2fq1H6j93EAvEgrMYJHKjRT1pl"}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1448269145458,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1448269145458,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269145,"pkt_ts_usec":458059,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAS6SoBu3aemNPcvXclgBAA6hVxAAABAQgKEg194OPdWG4="}
00459{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269145,"pkt_ts_usec":478561,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBIqAA1AAAEAA3qswP\/+pw1MAbvpKty9dyV2npjUgBAA8BoIAAABAQgK494IbhIM+eU="}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":905115,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuykAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1448269146905,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":905214,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfMAAAAAoAJwgNR+AAACBAWgBAIIChINf0kAAAAAAQMDBw=="}
00471{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912188,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTbEj630oBJswJfaAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00459{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912247,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00471{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912258,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACgGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmT8LSrsqoBJswEUcAAACBAV8BAIIChvn+wESDX9JAQMDBQ=="}
00459{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912275,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBAA4dR2AAABAQgKEg1\/Sxvn+wE="}
00764{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912481,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrfTp+pk3gBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA983Ohoy\/qhBKvCaVPmNiUY3vp8oIoa+qbmtm60AZHnPAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_tot_l4_data_len":368,"flow_min_l4_data_len":32,"flow_max_l4_data_len":256,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00763{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":912613,"pkt_caplen":310,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":310,"pkt_l4_len":256,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAQAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKuyrowZlAgBgA4dVWAAABAQgKEg1\/Sxvn+wEWAwEA2wEAANcDA2fZZiw9kTAlONWXaPhqH8RvUelTTuaSCvPTIzelaImLAAAgzBTME8wVwCvALwCewArAFAA5wAnAEwAzAJwANQAvAAoBAACO\/wEAAQAAAAAdABsAABhzLXN0YXRpYy5hay5mYWNlYm9vay5jb20AFwAAACMAAAANABYAFAYBBgMFAQUDBAEEAwMBAwMCAQIDAAUABQEAAAAAM3QAAAASAAAAEAAdABsIaHR0cC8xLjEIc3BkeS8zLjEFaDItMTQCaDJ1UAAAAAsAAgEAAAoABgAEABcAGA=="}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_tot_l4_data_len":368,"flow_min_l4_data_len":32,"flow_max_l4_data_len":256,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1448269146905,"flow_last_seen":1448269146912,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00459{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":919451,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTfEj67UgBADiC68AAABAQgKG+f7CBINf0s="}
00459{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":919741,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmUALSrwKgBADiNv9AAABAQgKG+f7CBINf0s="}
05221{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921030,"pkt_caplen":3633,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":3633,"pkt_l4_len":3579,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAADfsGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjun6mTfEj67UgBgDiOJRAAABAQgKG+f7ChINf0sWAwMAUAIAAEwDA1ZS1Vqrh\/+W1GIc\/lVWfzshjIUK09RI1Xdei1GsoGBMAMAvAAAkAAAAAP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xFgMDDCYLAAwiAAwfAAW9MIIFuTCCBKGgAwIBAgIQAVrw2UyttN7MusUVVtTbKDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE1MDgxMjAwMDAwMFoXDTE1MTIzMTEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5hay5mYmNkbi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJeKbqqJTDMFuaScMLbAi5jJbo+rPkXrK8hHzsaHfNb4pJ0m70ReiywBLEEtw4pO6JtFnd2cdyNhAufXYHalx8GEb+7jOq8RM93DytS6BgDYZ6JIRkxxN8WeR6VSSrrLtV5a43OoFePh8jHpFPpa1WOcluB9hbv\/uV+fm8z7PnBCoTKp08w+PD7gnd0ysjj6o2HARfwzNFKXMducdP2ZS2hLC4M8LhF2a6lqZtDHFtwNq1hQPSxjVsYWP7DuxHiQIT3JI+RqKGiBHo2HsyPL5b2m9WEEg5KB\/UJj51ZN4IHeahppbIOO5imUn+2VvPYqxQ7tvwS591OV+ow888z3uXAgMBAAGjggJmMIICYjAfBgNVHSMEGDAWgBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zAdBgNVHQ4EFgQUXgLHmQQC2sFz\/sPuX92ZvGzJYXAwgb4GA1UdEQSBtjCBs4IOKi5hay5mYmNkbi5uZXSCFXMtc3RhdGljLmFrLmZiY2RuLm5ldIILaWdzb25hci5jb22CDSouaWdzb25hci5jb22CD2FrLmZhY2Vib29rLmNvbYIRKi5hay5mYWNlYm9vay5jb22CGioucy1zdGF0aWMuYWsuZmFjZWJvb2suY29tghRjb25uZWN0LmZhY2Vib29rLm5ldIIYcy1zdGF0aWMuYWsuZmFjZWJvb2suY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0fBFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3JsMCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYDVR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBADL\/o3nO9NiRkmsfVQjUOwxVl3ogNnCmWNwM10WJXHNotnEpR18uttjOccX0Ui4wfUIHVeFWdD4rniNtqHRgSrtdch4L3tLq2F4m91qPLFO9vl+nTxInvwKnKLafXBYI2Tw6oJKk4neD0s6gK4zcVCc+3TCRCOkBdKGKaxTcnW1OnJ4ZE132pgcMpvKhbbd99jykRU3GL5jI+Yntrg3+rK6\/kTkdYR1dEiRgVzn2u3llTB5StrYgRjZhrDjh3Kso4ZCQnzpjqEOHEdqOVfW4XjnKEPQ7yU9ywPnNgR6S51TY5QubAStieiHxZjsgpwfcGTBHkhC\/4cT08yQZcuygG38ABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB0GA1UdDgQWBBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zANBgkqhkiG9w0BAQUFAAOCAQEAHuKlSJ5s21M4D++mGiqs4gND7Zq8Po51G\/D9LiJZrBPAYeLn+umZzYcJdVQov0Zg3L5RLJLzG5F8MQhw4je5wVuovaMLAPsaFf0DrVhqxcckmUhHRjEeku+0X040x5C\/McH4sYSG0JwBqt+KVgbOOukOrpd0XddxmkJ0X96NQ3ze6VXtaQDLBeB6YWEz0RlN+QjuoDnFJTW3K8QPst3xpbcOJMQmKI15d\/Uv8Fe6fAfU4fzNWjBXfoYQR90xH9f8osK\/MHxdJKro+a5fanTCzmuzRtghvinUjl4V1kJK5zJvpLFrUYNYvj9tx\/vaAyHLahYZTgrwrYTKXZSzWnb3YRYDAwFNDAABSQMAF0EEdVssJh0Cb8Sn7\/0vWsusHPsMr6joODooTT10fgU1HCbmZwNjplYCIJKAOv4pixoichucKQaWK4moVycwK5RoFAYBAQBIiyJJ9IO4Xlggpj15k6fKJSfB+QZuIzL9dagjwsHNTCbN5jDzwTAUB0JjswNfsIYNU+bxmI9AbIk\/cGx5taGVxsSZIFq5kVyzUmTgSUFWThWXXRdt0R6oFEwYDFRi3mDX2Ss7MVPVmAn+Ua+r8sGpv58AKDVonY6JxJHjsi8TZCHfmAzYHdGbbKicpcE9ojc0QKX1FztqCEH9TIdFe72pKfbbO6co0Q6nmBzy7FUuRD0F2OvxRKcEaNhoZBoaMvITYu6tn22XH94umB9+RsdAEmfHuhWH\/3RA7IU4CQOzJRF\/Ukc7i+\/TjG+OF3ILSvkR7VvkSNss3xx1J1tva9feFgMDAAQOAAAA"}
-01270{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_tot_l4_data_len":3979,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3579,"flow_avg_l4_data_len":663,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
+01281{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":628,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00459{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921070,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrtTp+qcSgBABGdR2AAABAQgKEg1\/TRvn+wo="}
04290{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921142,"pkt_caplen":2942,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":2942,"pkt_l4_len":2888,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAC0gGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBmUALSrwKgBADiN+eAAABAQgKG+f7ChINf0sWAwMAUAIAAEwDA1ZS1VoubJT\/jzYg8CAzV+IT9zuWUy4HhVMrtH7FeZnfAMAvAAAkAAAAAP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xFgMDDCYLAAwiAAwfAAW9MIIFuTCCBKGgAwIBAgIQAVrw2UyttN7MusUVVtTbKDANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTE1MDgxMjAwMDAwMFoXDTE1MTIzMTEyMDAwMFowYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQKEw5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5hay5mYmNkbi5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJeKbqqJTDMFuaScMLbAi5jJbo+rPkXrK8hHzsaHfNb4pJ0m70ReiywBLEEtw4pO6JtFnd2cdyNhAufXYHalx8GEb+7jOq8RM93DytS6BgDYZ6JIRkxxN8WeR6VSSrrLtV5a43OoFePh8jHpFPpa1WOcluB9hbv\/uV+fm8z7PnBCoTKp08w+PD7gnd0ysjj6o2HARfwzNFKXMducdP2ZS2hLC4M8LhF2a6lqZtDHFtwNq1hQPSxjVsYWP7DuxHiQIT3JI+RqKGiBHo2HsyPL5b2m9WEEg5KB\/UJj51ZN4IHeahppbIOO5imUn+2VvPYqxQ7tvwS591OV+ow888z3uXAgMBAAGjggJmMIICYjAfBgNVHSMEGDAWgBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zAdBgNVHQ4EFgQUXgLHmQQC2sFz\/sPuX92ZvGzJYXAwgb4GA1UdEQSBtjCBs4IOKi5hay5mYmNkbi5uZXSCFXMtc3RhdGljLmFrLmZiY2RuLm5ldIILaWdzb25hci5jb22CDSouaWdzb25hci5jb22CD2FrLmZhY2Vib29rLmNvbYIRKi5hay5mYWNlYm9vay5jb22CGioucy1zdGF0aWMuYWsuZmFjZWJvb2suY29tghRjb25uZWN0LmZhY2Vib29rLm5ldIIYcy1zdGF0aWMuYWsuZmFjZWJvb2suY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0fBFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3JsMCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYDVR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB\/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBADL\/o3nO9NiRkmsfVQjUOwxVl3ogNnCmWNwM10WJXHNotnEpR18uttjOccX0Ui4wfUIHVeFWdD4rniNtqHRgSrtdch4L3tLq2F4m91qPLFO9vl+nTxInvwKnKLafXBYI2Tw6oJKk4neD0s6gK4zcVCc+3TCRCOkBdKGKaxTcnW1OnJ4ZE132pgcMpvKhbbd99jykRU3GL5jI+Yntrg3+rK6\/kTkdYR1dEiRgVzn2u3llTB5StrYgRjZhrDjh3Kso4ZCQnzpjqEOHEdqOVfW4XjnKEPQ7yU9ywPnNgR6S51TY5QubAStieiHxZjsgpwfcGTBHkhC\/4cT08yQZcuygG38ABlwwggZYMIIFQKADAgECAhAKXxFNA1sXkRfS79QDjD87MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDgwNDAyMTIwMDAwWhcNMjIwNDAzMDAwMDAwWjBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2EKKRAfXv40N1EI+B77Iu1hvgsNcExQYyZ1FblBiJe28KAVuwhg4ELoBSkQhzaKKGWo7zEHdG02ly8oRmYExyp5JnqZ1Y7DbU+gXq28PZHCWXteNmzAU88ACDI+EGRYEBNpxwzunEJRAPkFRO4kznof7YwRvRKo8xX0HHoxaQEbp+ZdwJpsfgme51JEShA6I+SbtgOvqJy0W5\/US62SjM61ESqqNxiNtMK42FwGjPj\/I701XtR8Pn6DDpGWBZjDsh\/jyGXrqXtdoCzM\/DzZbe3M+ktDjMnUuKVhHLJAtigS37n4X\/7TssnvPbQeS3wcTJk2nj3r7KdoXh3fZ25e+wIDAQABo4IC+jCCAvYwDgYDVR0PAQH\/BAQDAgGGMIIBxgYDVR0gBIIBvTCCAbkwggG1BgtghkgBhv1sAQMAAjCCAaQwOgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTCBjwYDVR0fBIGHMIGEMECgPqA8hjpodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0E="}
-00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_tot_l4_data_len":3288,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2888,"flow_avg_l4_data_len":548,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
+00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3080,"flow_avg_l4_payload_len":513,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1,spdy\/3.1,h2-14,h2"}}
00459{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921170,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKvArowaRogBABDtR2AAABAQgKEg1\/TRvn+wo="}
01397{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921369,"pkt_caplen":777,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":777,"pkt_l4_len":723,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAtMGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBpGgLSrwKgBgDiGxBAAABAQgKG+f7ChINf0suY3JsMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB0GA1UdDgQWBBRQ6nOJ2yn7EI+e5QEg1N55mUiD9zANBgkqhkiG9w0BAQUFAAOCAQEAHuKlSJ5s21M4D++mGiqs4gND7Zq8Po51G\/D9LiJZrBPAYeLn+umZzYcJdVQov0Zg3L5RLJLzG5F8MQhw4je5wVuovaMLAPsaFf0DrVhqxcckmUhHRjEeku+0X040x5C\/McH4sYSG0JwBqt+KVgbOOukOrpd0XddxmkJ0X96NQ3ze6VXtaQDLBeB6YWEz0RlN+QjuoDnFJTW3K8QPst3xpbcOJMQmKI15d\/Uv8Fe6fAfU4fzNWjBXfoYQR90xH9f8osK\/MHxdJKro+a5fanTCzmuzRtghvinUjl4V1kJK5zJvpLFrUYNYvj9tx\/vaAyHLahYZTgrwrYTKXZSzWnb3YRYDAwFNDAABSQMAF0EEj0rTBErBdzprdzONHas3lBLREc80W\/32cNxSj3iJqQ9vu0Dp8zE\/d7nSpVPcXA7NkhQWuNV8r0HGGuSxawhVzwYBAQCTNyBmRHbeE3mrDlWomymgtoP1eDV1cWzM7mtNHz8jhWRrxT0EFNdw5+V1Piq0GZBsPQvoy7AeP3b7GA2p4YPruLGpJJ8\/5UE79\/YF47MbzYUROKCRt8HITDX\/7NnreDO8\/zRebNh6pfosFFJxhT61bwl3WtOoOwnCERCcdAyHuloWDSjZY0zffNBkILbNfz1lKD6Fz88KakKSN\/g0YwoGNFaWSOb\/D7eGRWTANqhZuTK8RuHWMuhXlQkpe7CXibnhkczSn4IeP+KnBlcQQK6ZtXZDZlKjlmpTj8L+vIvGHIQixPFES+e\/3HdwnrFW55IO3F1MhGiC7xLM\/4alZeX9FgMDAAQOAAAA"}
-01270{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_tot_l4_data_len":4043,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2888,"flow_avg_l4_data_len":505,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
+01281{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1448269146905,"flow_last_seen":1448269146921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":3771,"flow_avg_l4_payload_len":471,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s-static.ak.facebook.com","server_names":"*.ak.fbcdn.net,s-static.ak.fbcdn.net,igsonar.com,*.igsonar.com,ak.facebook.com,*.ak.facebook.com,*.s-static.ak.facebook.com,connect.facebook.net,s-static.ak.facebook.com","ja3":"d3e627f423a33ea41841c19b8af79293","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance CA-3","issuerDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.ak.fbcdn.net","alpn":"http\/1.1,spdy\/3.1,h2-14,h2","fingerprint":"E7:62:76:74:8D:09:F7:E9:69:05:B8:1A:37:A1:30:2D:FF:3B:BC:0A"}}
00459{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":921403,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKvArowacbgBABJNR2AAABAQgKEg1\/TRvn+wo="}
00631{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":922261,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPrtTp+qcSgBgBGdT0AAABAQgKEg1\/Thvn+woWAwMARhAAAEJBBN3R5PXwMPzZz2nMnGQami8pV3SpzN0YQkERfC1yJ9Mqy\/GKa7eYDffP2t8k9aqcajQnVv86yePutuFUEHwcz2gUAwMAAQEWAwMAKAAAAAAAAAAAN35VNt7e8Eus7EPHQL7by0oQmynUiyqZ24VcS0UkEOk="}
00634{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":923656,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAJ4GQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKvArowacbgBgBJNT0AAABAQgKEg1\/Thvn+woWAwMARhAAAEJBBCsvrtmXkq7vlrwd9wU5MuJa26vkg+D0spkE\/QfHhZpv9ZR3t\/PZv+DxosFyg\/CdTlrU2QjdItsyB9fedIP2XWoUAwMAAQEWAwMAKAAAAAAAAAAAnryPL+XtHqy8cBKU5ZAlDwxGY9UKkivgM3VjYSpGBQQ="}
@@ -158,27 +158,27 @@
00791{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":931566,"pkt_caplen":328,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":328,"pkt_l4_len":274,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAARIGOyoCJvAArQGXAAAAAAAAAjYqAA1AAAEAA3qswP\/+pw1MAbvPjOjBpxsLSryIgBgDiAPWAAABAQgKG+f7FBINf04WAwMAugQAALYAABwgALCmxpnijZhcM64vCu\/Oer5dI9ws+1Sh4C7e+6h1VezKkkWzLNFOEhCxJ\/e7qeGje77wq1c0Blk4oGMX66OZHyF83TvWUgG977HQR4Unb6sRF6SzJpK3+NvQ4YJwzQVAfePJydOI+pOgZQbTUW5\/pGjx+9RjBv1HOCpfeNAlfvdP04FY2woLgiThgOywr\/tzZNPKbYyeS4+ln9C4KCZcXfMdZtabq0sCVLel6B+tEDDsARQDAwABARYDAwAoDsyLHNtuAalm3dvDfTp1jLQpg9kJAp9VNWjWGA9tvoytcPS9bJWjNQ=="}
00460{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":966054,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z44Bu8SPr1Lp+qgEgBABL9R2AAABAQgKEg1\/WRvn+xI="}
00460{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1448269146,"pkt_ts_usec":970056,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqAibwAK0BlwAAAAAAAAI2z4wBuwtKvIjowagNgBABO9R2AAABAQgKEg1\/Whvn+xQ="}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_tot_l4_data_len":4539,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2888,"flow_avg_l4_data_len":378,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_tot_l4_data_len":4475,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3579,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_tot_l4_data_len":1457,"flow_min_l4_data_len":32,"flow_max_l4_data_len":538,"flow_avg_l4_data_len":104,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_tot_l4_data_len":1457,"flow_min_l4_data_len":32,"flow_max_l4_data_len":538,"flow_avg_l4_data_len":104,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_tot_l4_data_len":12629,"flow_min_l4_data_len":37,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_tot_l4_data_len":5988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":315,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_tot_l4_data_len":5924,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2700,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_tot_l4_data_len":5956,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":330,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_tot_l4_data_len":14213,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":546,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":45,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":45,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":12,"flow_first_seen":1448269146905,"flow_last_seen":1448269146970,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":344,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":10,"flow_first_seen":1448269146905,"flow_last_seen":1448269146966,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3547,"flow_tot_l4_payload_len":4139,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00553{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":14,"flow_first_seen":1448269127395,"flow_last_seen":1448269127510,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":506,"flow_tot_l4_payload_len":1009,"flow_avg_l4_payload_len":72,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":62,"flow_first_seen":1448269127400,"flow_last_seen":1448269138520,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":12133,"flow_avg_l4_payload_len":195,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1448269139314,"flow_last_seen":1448269139321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1448269127922,"flow_last_seen":1448269127940,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":19,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":282,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":17,"flow_first_seen":1448269138575,"flow_last_seen":1448269138746,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2668,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1448269139219,"flow_last_seen":1448269139339,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":5364,"flow_avg_l4_payload_len":298,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":26,"flow_first_seen":1448269144450,"flow_last_seen":1448269144884,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":13365,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1448269123954,"flow_last_seen":1448269123971,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00539{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1448269143410,"flow_last_seen":1448269143539,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1448269127960,"flow_last_seen":1448269128028,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test"}
diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out
index 99dcbc56a..98f3a06f0 100644
--- a/test/results/iec60780-5-104.pcap.out
+++ b/test/results/iec60780-5-104.pcap.out
@@ -1,10 +1,10 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1219992231267,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1219992231267,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267238,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="}
00428{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267345,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":267487,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobS9AAIAGRKysG\/htrBv4TwYgCWR6t61K62XTwlAQ\/\/9wMQAAAAAAAAAA"}
00424{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":283482,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubTBAAIAGRKWsG\/htrBv4TwYgCWR6t61K62XTwlAY\/\/8BHwAAaAQHAAAA"}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1219992231267,"flow_last_seen":1219992231283,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00424{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":334870,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQVZAAIAGcH+sG\/hPrBv4bQlkBiDrZdPCeretUFAY\/\/lJFQAAaAQLAAAA"}
00424{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992231,"pkt_ts_usec":540194,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobTFAAIAGRKqsG\/htrBv4TwYgCWR6t61Q62XTyFAQ\/\/lwKwAAAAAAAAAA"}
00424{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992239,"pkt_ts_usec":282338,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"ABXFGNTMABNy14eKCABFAAApbTZAAIAGRKSsG\/htrBv4TwYgCWR6t61Q62XTyFAY\/\/lwIgAAAAAAAAAA"}
@@ -16,12 +16,12 @@
00426{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":323204,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubUBAAIAGRJWsG\/htrBv4TwYgCWR6t61Z62XTyFAY\/\/nFDwAAaARDAAAA"}
00425{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":324568,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQVxAAIAGcHmsG\/hPrBv4bQlkBiDrZdPIeretX1AY\/+pJFQAAaASDAAAA"}
00426{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992291,"pkt_ts_usec":478741,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobUFAAIAGRJqsG\/htrBv4TwYgCWR6t61f62XTzlAQ\/\/NwHAAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1219992393215,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1219992393215,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":215803,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbYNAAIAGRFCsG\/htrBv4TwYiCWRtLtqlAAAAAHAC\/\/\/i0AAAAgQFtAEBBAI="}
00429{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":215922,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQXdAAIAGcFysG\/hPrBv4bQlkBiJI3nuobS7apnAS\/\/8eOQAAAgQFtAEBBAI="}
00426{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":216061,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobYRAAIAGRFesG\/htrBv4TwYiCWRtLtqmSN57qVAQ\/\/9K\/QAAAAAAAAAA"}
00426{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":217157,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubYVAAIAGRFCsG\/htrBv4TwYiCWRtLtqmSN57qVAY\/\/\/b6gAAaAQHAAAA"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1219992393215,"flow_last_seen":1219992393217,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00425{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":220279,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQXhAAIAGcF2sG\/hPrBv4bQlkBiJI3nupbS7arFAY\/\/lJFQAAaAQLAAAA"}
00425{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992393,"pkt_ts_usec":418249,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobYZAAIAGRFWsG\/htrBv4TwYiCWRtLtqsSN57r1AQ\/\/lK9wAAAAAAAAAA"}
00441{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992435,"pkt_ts_usec":817781,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"ABXFGNTMABNy14eKCABFAAA4bZRAAIAGRDesG\/htrBv4TwYiCWRtLtqsSN57r1AY\/\/nkBQAABwcHBwcHB2gFFxcXFxcXFw=="}
@@ -33,16 +33,16 @@
00417{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":281875,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQXxAAIAGcF+sG\/hPrBv4bQlkBiJI3nu1bS7a1FAR\/9FJDwAA"}
00426{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":282039,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaFAAIAGRDqsG\/htrBv4TwYiCWRtLtrUSN57tlAQ\/\/NKzgAAAAAAAAAA"}
00426{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992485,"pkt_ts_usec":282569,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaJAAIAGRDmsG\/htrBv4TwYiCWRtLtrUSN57tlAR\/\/NKzQAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1219992486295,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1219992486295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":295923,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbaNAAIAGRDCsG\/htrBv4TwYjCWQlpaXOAAAAAHAC\/\/9fMAAAAgQFtAEBBAI="}
00429{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":296052,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQX5AAIAGcFWsG\/hPrBv4bQlkBiP13h8HJaWlz3AS\/\/9KOQAAAgQFtAEBBAI="}
00426{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":296202,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaRAAIAGRDesG\/htrBv4TwYjCWQlpaXP9d4fCFAQ\/\/92\/QAAAAAAAAAA"}
00425{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":297425,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubaVAAIAGRDCsG\/htrBv4TwYjCWQlpaXP9d4fCFAY\/\/8H6wAAaAQHAAAA"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1219992486295,"flow_last_seen":1219992486297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00417{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":468944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQX9AAIAGcFysG\/hPrBv4bQlkBiP13h8IJaWl1VAQ\/\/lJDwAA"}
00425{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":669954,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYBAAIAGcFWsG\/hPrBv4bQlkBiP13h8IJaWl1VAY\/\/lJFQAAaAQLAAAA"}
00425{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992486,"pkt_ts_usec":935574,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobaZAAIAGRDWsG\/htrBv4TwYjCWQlpaXV9d4fDlAQ\/\/l29wAAAAAAAAAA"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_tot_l4_data_len":683,"flow_min_l4_data_len":20,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":29,"flow_first_seen":1219992231267,"flow_last_seen":1219992392222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":3,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992546,"pkt_ts_usec":671779,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubblAAIAGRBysG\/htrBv4TwYjCWQlpaXV9d4fDlAY\/\/nL5AAAaARDAAAA"}
00425{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992546,"pkt_ts_usec":673258,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYFAAIAGcFSsG\/hPrBv4bQlkBiP13h8OJaWl21AY\/\/NJFQAAaASDAAAA"}
00426{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992546,"pkt_ts_usec":983652,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobbpAAIAGRCGsG\/htrBv4TwYjCWQlpaXb9d4fFFAQ\/\/N28QAAAAAAAAAA"}
@@ -51,15 +51,15 @@
00426{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":194723,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"ABXFGNTMABNy14eKCABFAAAtbcJAAIAGRBSsG\/htrBv4TwYjCWQlpaXo9d4fFFAY\/\/MupwAAGBgYGBgA"}
00417{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":196644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQYNAAIAGcFisG\/hPrBv4bQlkBiP13h8UJaWl7VAR\/+FJDwAA"}
00426{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992589,"pkt_ts_usec":196807,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobcNAAIAGRBisG\/htrBv4TwYjCWQlpaXt9d4fFVAQ\/\/N23gAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1219992590188,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1219992590188,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188368,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbcVAAIAGRA6sG\/htrBv4TwYkCWQxVG2fAAAAAHAC\/\/+LrwAAAgQFtAEBBAI="}
00430{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188498,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQYVAAIAGcE6sG\/hPrBv4bQlkBiSd+ybXMVRtoHAS\/\/\/GywAAAgQFtAEBBAI="}
00426{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":188640,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobcZAAIAGRBWsG\/htrBv4TwYkCWQxVG2gnfsm2FAQ\/\/\/zjwAAAAAAAAAA"}
00425{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":189788,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubcdAAIAGRA6sG\/htrBv4TwYkCWQxVG2gnfsm2FAY\/\/+EfQAAaAQHAAAA"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1219992590188,"flow_last_seen":1219992590189,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00425{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":192812,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYZAAIAGcE+sG\/hPrBv4bQlkBiSd+ybYMVRtplAY\/\/lJFQAAaAQLAAAA"}
00425{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992590,"pkt_ts_usec":406364,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobchAAIAGRBOsG\/htrBv4TwYkCWQxVG2mnfsm3lAQ\/\/nziQAAAAAAAAAA"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_tot_l4_data_len":394,"flow_min_l4_data_len":20,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":16,"flow_first_seen":1219992393215,"flow_last_seen":1219992485282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":3,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1570,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992650,"pkt_ts_usec":189448,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubhRAAIAGQ8GsG\/htrBv4TwYkCWQxVG2mnfsm3lAY\/\/lIdwAAaARDAAAA"}
00425{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992650,"pkt_ts_usec":190856,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQYhAAIAGcE2sG\/hPrBv4bQlkBiSd+ybeMVRtrFAY\/\/NJFQAAaASDAAAA"}
00445{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992650,"pkt_ts_usec":408217,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABXFGNTMABNy14eKCABFAAA8bhVAAIAGQ7KsG\/htrBv4TwYkCWQxVG2snfsm5FAY\/\/NbXgAACQkJCQkJCQkJaAYZGRkZGRkZGRk="}
@@ -68,14 +68,14 @@
00417{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992676,"pkt_ts_usec":579888,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQYpAAIAGcFGsG\/hPrBv4bQlkBiSd+ybkMVRtzlAQ\/9FJDwAA"}
00426{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992686,"pkt_ts_usec":414411,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubiBAAIAGQ7WsG\/htrBv4TwYkCWQxVG3Onfsm5FAY\/\/OoCAAAGRkZGRkZ"}
00417{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992686,"pkt_ts_usec":533107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQYtAAIAGcFCsG\/hPrBv4bQlkBiSd+ybkMVRt1FAQ\/8tJDwAA"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_tot_l4_data_len":398,"flow_min_l4_data_len":20,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":17,"flow_first_seen":1219992486295,"flow_last_seen":1219992589197,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1571,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992710,"pkt_ts_usec":190541,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubiNAAIAGQ7KsG\/htrBv4TwYkCWQxVG3Unfsm5FAY\/\/NISQAAaARDAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1219992782348,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1219992782348,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":348776,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbjdAAIAGQ5ysG\/htrBv4TwYpCWQN1WRMAAAAAHAC\/\/+4fAAAAgQFtAEBBAI="}
00429{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":348894,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZFAAIAGcEKsG\/hPrBv4bQlkBikE5Jl8DdVkTXAS\/\/8aCwAAAgQFtAEBBAI="}
00425{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":349033,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobjhAAIAGQ6OsG\/htrBv4TwYpCWQN1WRNBOSZfVAQ\/\/9GzwAAAAAAAAAA"}
00426{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":350496,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubjlAAIAGQ5ysG\/htrBv4TwYpCWQN1WRNBOSZfVAY\/\/\/XvAAAaAQHAAAA"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1219992782348,"flow_last_seen":1219992782350,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00425{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":353159,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZJAAIAGcEOsG\/hPrBv4bQlkBikE5Jl9DdVkU1AY\/\/lJFQAAaAQLAAAA"}
00425{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992782,"pkt_ts_usec":472527,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobjpAAIAGQ6GsG\/htrBv4TwYpCWQN1WRTBOSZg1AQ\/\/lGyQAAAAAAAAAA"}
00441{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992804,"pkt_ts_usec":345282,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"ABXFGNTMABNy14eKCABFAAA5bkBAAIAGQ4qsG\/htrBv4TwYpCWQN1WRTBOSZg1AY\/\/leQQAACgoKCgoKCgoKCmgIGhoaGho="}
@@ -85,12 +85,12 @@
00426{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":954548,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkJAAIAGQ5msG\/htrBv4TwYpCWQN1WRpBOSZhFAQ\/\/lGsgAAAAAAAAAA"}
00426{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":955088,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkNAAIAGQ5isG\/htrBv4TwYpCWQN1WRpBOSZhFAR\/\/lGsQAAAAAAAAAA"}
00418{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992818,"pkt_ts_usec":955112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABNy14eKABXFGNTMCABFAAAoQZVAAIAGcEasG\/hPrBv4bQlkBikE5JmEDdVkalAQ\/+NJDwAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1219992819942,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1219992819942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":942883,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABXFGNTMABNy14eKCABFAAAwbkRAAIAGQ4+sG\/htrBv4TwYqCWRBsBqPAAAAAHAC\/\/\/OXQAAAgQFtAEBBAI="}
00432{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":943016,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="}
00426{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":943166,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"}
00426{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":944348,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}}
00426{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992819,"pkt_ts_usec":947305,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"}
00425{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992820,"pkt_ts_usec":98246,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAobkdAAIAGQ5SsG\/htrBv4TwYqCWRBsBqW+cLukVAQ\/\/kSvQAAAAAAAAAA"}
00442{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992852,"pkt_ts_usec":463357,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"ABNy14eKABXFGNTMCABFAAA4QaNAAIAGcCisG\/hPrBv4bQlkBir5wu6RQbAallAY\/\/lJHwAAaA4AAAAARgEEAA2RAAAAAA=="}
@@ -101,8 +101,8 @@
00426{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992889,"pkt_ts_usec":928069,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAubldAAIAGQ36sG\/htrBv4TwYqCWRBsBqm+cLu4VAY\/6mhmgAAaAQBAAgA"}
00442{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992889,"pkt_ts_usec":959139,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"ABNy14eKABXFGNTMCABFAAA4Qa9AAIAGcBysG\/hPrBv4bQlkBir5wu7hQbAarFAY\/+NJHwAAaA4IAAIAZAEKAA2RAAAAFA=="}
00425{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992890,"pkt_ts_usec":99579,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABXFGNTMABNy14eKCABFAAAoblhAAIAGQ4OsG\/htrBv4TwYqCWRBsBqs+cLu8VAQ\/5kSpwAAAAAAAAAA"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_tot_l4_data_len":626,"flow_min_l4_data_len":20,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"iec60780-5-104.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1219992909,"pkt_ts_usec":959873,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABXFGNTMABNy14eKCABFAAAublxAAIAGQ3msG\/htrBv4TwYqCWRBsBqs+cLu8VAY\/5mflAAAaAQBAAoA"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":20,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_tot_l4_data_len":1373,"flow_min_l4_data_len":20,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test"}
diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out
index 6e7bfeadd..28d8d6434 100644
--- a/test/results/imaps.pcap.out
+++ b/test/results/imaps.pcap.out
@@ -1,15 +1,15 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590857744659,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590857744659,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":659641,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":706356,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":706435,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNM\/OzIui24AQECwI4wAAAQEIChRNnWGpw+fs"}
00730{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":710196,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEXAABAAEAG+SjAqAEIp2PXpMVKA+HRNM\/OzIui24AYECzQ0gAAAQEIChRNnWSpw+fsFgMBAN4BAADaAwNe0pAQoUxdbqNEmHqACTYoEy7RbC2uNC4pbnZPkmPkMyAkUBxuKNil5bUhgr6oHofj7e9MtyuIV+orRKnjfI7R5wBCAP\/ALMArwCTAI8AKwAnACMAwwC\/AKMAnwBTAE8ASAJ8AngBrAGcAOQAzABYAnQCcAD0APAA1AC8ACsAHwBEABQAEAQAATwAAABIAEAAADW1haWwubnRvcC5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_tot_l4_data_len":375,"flow_min_l4_data_len":32,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1590857744659,"flow_last_seen":1590857744710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00420{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":749621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NrtAADQGz1CnY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfwWAAAAAQEICqnD6BkUTZ1k"}
02369{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":765146,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNrxAADQGya+nY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfxVqgAAAQEICqnD6CcUTZ1kFgMDAGECAABdAwOfgrSA6WjX0\/3bgxe9pFUcnFyG\/QenpshET1dOR1JEASA5G93X3lHFcXr52PvowLj3FwYD9ZOIEetGhRTXZsZEOMAwAAAV\/wEAAQAAAAAAAAsABAMAAQIAFwAAFgMDCfkLAAn1AAnyAAVWMIIFUjCCBDqgAwIBAgISA58oybaH2TVaChA3pSw\/RaD7MA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MTgwMDE1MjJaFw0yMDA3MTcwMDE1MjJaMBgxFjAUBgNVBAMTDW1haWwubnRvcC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn2jXTiVzhDTMembY0AutsY35QPHczcjlfxiBJF85Fc8A5Uc30Ug5Moh81voxNc8JZjkpGlaxEUQr2Gc\/LeK4eJKauFOGO9VnIPUhJn4H1h\/ipfPxSrjLcotoDsDbn8k43xBepg1Oi0\/L6jNBKRbhpvlk5XauhFsHxRpTocc3fegaxc4QJcAR4hScnmBBDQobZZEivtlIfO6aPRENmSl3w07AUmEBpiAkLD+lmIk16RExNrx+wttAcmcWIlxrB03rAX9ZYoSLUfp2nx+6+ks8hY7PUy221Z2REZAzhk0KJ8a59JeFZqsMq9ceOIHF8cnU23Yq\/irrgrOZ\/KnG8j3\/\/AgMBAAGjggJiMIICXjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFN1D7LKLRQaQaEerADcaze6\/SEI7MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe\/zqOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wGAYDVR0RBBEwD4INbWFpbC5udG9wLm9yZzBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AAe3XBvlfWj\/8bDGHSMVx7rmV3xXlLdq7rxhOhpp06IcAAABcYravGgAAAQDAEYwRAIgKJAra50qE9ZRajJGZJtaLa2vL0zAGBVVjPY70d8Ha3QCIHG0LDxu6WDr2JWC9li869OxCrPF3+mBD070st0tE8lvAHcAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFxitq8lwAABAMASDBGAiEA+vsQKD+JhtYrYAS\/DsL9gcpSemHlv4dTHjZ0vICbPgYCIQCu00aklsZvhDs0dEn+EjgyZVBXPJdrT5Cu3w8t+KdGujANBgkqhkiG9w0BAQsFAAOCAQEAk+HnVq+HN0aXxhEuh2KVnrK8YlZe+tvB2Y9StG\/pBEBzhj7v+RMKWkSMg3cOh7jnPUs3ZpqELE\/VCxRywJs+PiJW5t7rAomi+YrOlo1mGQnC6FHJWHUBQITwfslnIKBv6ViBgXDOI3mtpiIaHgXvbnq1\/5LOaFkSRSwEtoI9yBhY0R38xuIAu0RoX190By3WR+pDLjMzigTIYB3KFKBPrkiFRxd5tWwlzAUESwrfV4kKg\/spL8ZZw\/zcHEXtlmvjWutlGkPptzcY5LmPWbqKHJNf\/JEA"}
-00807{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_tot_l4_data_len":1879,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
02368{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":765232,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNr1AADQGya6nY9ekwKgBCAPhxUrMi6h70TTQsYAQAfxLpAAAAQEICqnD6CcUTZ1kQdb9Z1odgUZGbXdGPKebjp6ANy70rjJDv+twKf8h91YZEzB7kzEDv3vjvAAEljCCBJIwggN6oAMCAQICEAoBQUIAAAFThXNqC4XspwgwDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0xNjAzMTcxNjQwNDZaFw0yMTAzMTcxNjQwNDZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp\/z0HhncchpDpWRz\/7mmelgPEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL\/W08lmjfIypCkAyGdGfIf6WauFJhFBM\/ZemCh8vb+g5W9oaJ84U\/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q\/GxH8Mwf6J5MRM9LTb44\/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAX0wggF5MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX\/xBVghYkQMFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3pkVl7\/Oo7KEwDQYJKoZIhvcNAQELBQADggEBAN0z1xHzY1g43RgV+wlVvnZWuXBIpWlHJ3vCJAiS8VofShIpNyR0URxiaLjNlXBn5fekvE4oUc2b6K6HnerYulqhAZrc8N1qHWrYPlcjnqYeBGKa\/9cFyrcfP8AKSLyUsLZlYuDBVOWjKq0gxOnmu9zI9rXDMqOYzHeo5nllByvLKP46FlKBzlIMLl+D6NUGM\/t3bM5A6jKeH5JcQcF0bFtdCl8zzE2frDjwL3ssYp3Zo5FvJRsvkLEZRj32fhumeoe5o3ptGPolpZGHFeDyFi9YsAYvLGgmxkuYzdqfDPl\/kO1DShJETm9zeijqpKpue0x9h93gyQJEp4evwzRbtEIWAwMBbQwAAWkDABhhBJ26sNdAoJ73tApfTsPTSM9t4CD0Z502p4q5uL0eKpaWvGSd6MeyxK18UH1UbYeKLXsSs5d9peITkkqK8GqNuDuMq2+HdDC\/jF\/wgYZewkROEfS9K7KN0WyY0l3z+dwNZAQBAQBNWuezEYv5\/20pU3h8W7ev\/oKdof8VkehBzqueU2OYLY8cfDzkD\/yXj4\/j\/oZwPZ3fztHigP9viL2XH954iVqcc4jEp\/RC6wUkGLov8yOsBacOaF1ipc3pABwK1DhmR9+4k1vEbD04jFbh"}
-01010{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_tot_l4_data_len":3351,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
+01021{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","issuerDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}}
00637{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":765234,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTNr5AADQGzq6nY9ekwKgBCAPhxUrMi64b0TTQsYAYAfzSbwAAAQEICqnD6CcUTZ1kAPSFCvb8OYHeJTvCvkpUKEbmM+UGhIJhREjvK899r8eOFMYAx\/++EEmK3kxoLRjkxC0on9rLVxnLicHl6SST3oXXiRnYJk3Rvb1VHjVM43LMFs64hyxL15y1H0fSiLC8y0u5d0f9ylbwOfKcMRoXGM96Zl7NBK5iPS0H2WqW1xXHdzk9\/iuf3Euv+nK4b0gYBXMzVK82FgMDAAQOAAAA"}
00420{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":765298,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNNCxzIuuG4AQD9L8rQAAAQEIChRNnZKpw+gn"}
00422{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":765301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+gvAqAEIp2PXpMVKA+HRNNCxzIuuuoAQD838EwAAAQEIChRNnZKpw+gn"}
@@ -18,5 +18,5 @@
00492{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":868194,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAG+djAqAEIp2PXpMVKA+HRNNEczIuuuoAYEAA7XwAAAQEIChRNneqpw+iQFAMDAAEBFgMDACglJ8Mzvl1tB2IhOqlbKgTgBKc91pKNDFqA2GYulIqLvB4p2N7Frl1n"}
00422{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":905615,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NsBAADQGz0unY9ekwKgBCAPhxUrMi6660TTRT4AQAfwIYQAAAQEICqnD6LUUTZ3q"}
00493{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"imaps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590857744,"pkt_ts_usec":905735,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnNsFAADQGzxenY9ekwKgBCAPhxUrMi6660TTRT4AYAfxr8wAAAQEICqnD6LUUTZ3qFAMDAAEBFgMDAChAqpq8t2fITIfMhvOf8DvJz3jdHhYAkNco57ZHSCpyv0i\/fAHB+HFs"}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_tot_l4_data_len":4516,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":225,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test"}
diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out
index 97d5a0855..975b966b2 100644
--- a/test/results/instagram.pcap.out
+++ b/test/results/instagram.pcap.out
@@ -1,18 +1,18 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436720898354,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1436720898354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":354402,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1436720898386,"flow_last_seen":0,"flow_tot_l4_data_len":1397,"flow_min_l4_data_len":1397,"flow_max_l4_data_len":1397,"flow_avg_l4_data_len":1397,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1436720898386,"flow_last_seen":0,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02274{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":386781,"pkt_caplen":1431,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1431,"pkt_l4_len":1397,"pkt":"ABsv8H60QPMIw47hCABFAAWJa5BAAEAGjI7AqABnHw1dNISQAbuIwY4ypNSTmIAYARMTGgAAAQEICgAD6otaUmp7FwMBBVB9SXVyqGN\/Z0IQOrRWeDqy2ESAojaAx4QQZK8Nvn9P2WG4BrAo87sybB9iQ6L07zu3SJx\/yEENym+6oXOIueLurovz4xM5H+e2VkXRxNwq2D0zbcPaARfl1kqZ5lxozT2KxP5upnv5ZlZknUeHJ9iJUeI933878+9Wa2p3jAkSn4v+PhMZ8tdKr\/DbC4Dao9UoiB0NXUAr3Yz5mLZxqwvhp7T5JBYmrpug0k+c+c5jewd+5zMMLlTOh9zrkFpN\/SPdxljY89SWMG4iWok6qAWd81044WQFB8MMk6d1YEgnl4MTRR4s5nra0RAZ\/18nINKDy\/+7OtbIdykHRTDGdkzNglojGhlbMwXwCoSaU7eaC\/UG3QHuANJheRiTxBbb9LObDO61gFXBkdpo\/nFCQJ5DEAR9LRi5VbgUevhOk8v2CnW3NfU8tU\/NhXT2Fwav0PyuAxlku4R0TFjGrX0lMbSi5TfJsyWyqS9JUaHL9+9Lo2MolHMixycuQJ8OBJfxMjbh4vndGe6E5xjywRDhon5Ivpm51kbX7pr85erPPQ5esyd11\/S2GN1nyosTrQfKPFTMJ2PKe2m7QTQt+uAz\/lbUTHbMP5WXngggI0bC1v64BOTbVZvk5uSBRBJTxfNNwpu5Mu42yT2kpORmWxKLjzXxHI3WY0zq00CLVkZ1W4ZdSNXs14xkPKnh8GETvWNyrC0OkJAC\/senhsF4RXOoqIV\/fvDhI7Lz\/aB3VqgZGkZTiT2tG0nkNbTl36TNhCL0NMIpdEkg3CtkeHnRpYXxlFUaqjl0oiNlqmXrT3txeOlkpgLeE8sil6hQeUXLUDxeB\/KJ3hVWQV57tvquoi3TQ0mdlDPh3nKxwFekfGvexzie5JWVEiecROjBicDHlMGZSqgfGOOL9obBhKFQKyGkKwqvDD0GLpn+uVlqpq4HgYehGmZsXkGfKjhOvgYnCN46aHecrF2yix3uKy9HcGVhEh0jdkP6ZVKeYPjfh1VormnzwC798pJrA6FXeukKkQhENaxtIfjtfZqrhxgkGn44Wi6ohn6pe\/FHHmbNcPgV6V8fsqp75GNTcdW4payqjcXiRcbHyE8T1\/Qx4baiJDp6KLsZS4gAneRh+ALhxukKM03jbRUClXAh8oRiLl0u+SOlflfwh8goOCkzbht0yzBBd5s+YE\/rKLvLODamT6vRSajD988ioyLCTi6O7PjCpIz0x86CPfl59RFLMWfW1DDNxLLiQpG5QmdGA\/0xKZPtgucNxJfMg8zisuAsBotSOZNTt7iyYW\/IMjbjZfUDk2XnW0FMevjvN1dNSzxncEScDgEwhOZR\/bPFjnmrDfWVV5x9BRHI5MP8wUwSlhypizc+qxTGIgicImjYGkhAIz+xcFmXadM0YNZEvMZaj9aBOHMX1Oble6EYxmSHOrpQKqfzbWeMlvwrQYuci0kLy\/\/bshVduwlDBy5JYqDunQnZyDGNhNVfyaH+ng8KQ6sBqINnITFXfAnCkwXV\/HK1iUkb7QzoqBn3gpftCp83hNH0foudA8Gdf6kurlWwgMEOXi5BfTqlD4DwASXt9A68u1P9Zz8s0alrX2UlusB6fvL9Q9Js6MLwiQyj+bjdEcQ3Uplwrw6qLdouhHzsdgkMnVdwc2l5wv8KPOcXqmQvqjndZFz1nXaAVhwsFoo1zwY3LiNiYjhwWSYaeCHLdPVBHtAjW1OZFou+zyYe9X36AFhBBqrW+04QrWGvIhn1jD27wWhOa1bAC4ScjrpH0lKPe5njeedOXaKkZFE++EHilCzyFRBq6mDF3sb10u4yUIsQcfD4LLSh"}
00424{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":475679,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA05iNAAFUGAlAfDV00wKgAZwG7hJCk1JOYiMGTh4AQAE5t9QAAAQEIClpSq0YAA+qL"}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":499269,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAAFIGTqyt\/GsEwKgAZwG73D5XFMWUHoSlo6ASOJBK1AAAAgQFlgQCCAq8TYT0AAPqiAEDAwg="}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":499483,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0TytAAEAGEYnAqABnrfxrBNw+AbsehKWjVxTFlYAQAOXaNgAAAQEICgAD6pe8TYT0"}
01052{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":501130,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"pkt":"ABsv8H60QPMIw47hCABFAAIETyxAAEAGD7jAqABnrfxrBNw+AbsehKWjVxTFlYAYAOUQ3QAAAQEICgAD6pe8TYT0FgMBAcsBAAHHAwFVop8CNJ6Qudiud2vb4pMs1Ustmw2JKPU\/VGUbAAAfqCAvcExfwJCbXHILQOxXqreX44nTobQUpbpO1CIvwxwdmABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAATgAAAAgAB4AABt0ZWxlZ3JhcGgtYXNoLmluc3RhZ3JhbS5jb20ACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMA0ESu3Am+FRFWL6GFZ5cqeqMrKeBDNApsKnRfHnB5aZ0M+PnsUszH1NK1OcamWdgk3loMTjkeuY8vQf2EKeUIJw0J8WDG8kiJQeedkexy97ZHld7N8L4SURKmoEJD\/aT59gmDPLTPklzVSlv38lUivPzyDaJ4xWo0Y51eIH5hGdTyPxvePHdwmlZHT25nawNC\/q4GMjx1H6cysD5DjhLucBMKfR+thQ8RsDmqWIcBbaeRKiGNOGevr+YgzwaPf99rNe8LLrWBk293Kmn5cEdDLBg="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_tot_l4_data_len":608,"flow_min_l4_data_len":32,"flow_max_l4_data_len":496,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1436720898354,"flow_last_seen":1436720898501,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01257{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":551576,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"pkt":"QPMIw47hABsv8H60CABFAAKZ5iRAAFUG\/+kfDV00wKgAZwG7hJCk1JOYiMGTh4AYAE6DfwAAAQEIClpSq5UAA+qLFwMBAmB3TNLiDxMdaG\/77FJR8O6B7ETM5PL1YEwRicjM0iP0UHaAjwUM69tZJRboKPSJSylQ1372woiRMUoGT0dkqivXwS77nykGpDpQxH2zG\/qLmXj10Apbm9mNJzojbuGkVAQeXciVaLovJfxV8pe4ApuOMtqX+wzNa0ZzIxrRfdGy1r+REoc96\/duttzeccU7r8F+0sSj4kAMBptpjPxHIWmQ8bvcQmsOZTBbtWqbInBydwnOzZKHuUG4UpWsNoKQLrxSa1ETAsjugoyEe5PPT8+cb8Irh4mKsNfbStX5KDjpe9Dme8aKUCL1ceYHHjALeMY9l4fx2o0KIF6TukGkzvqR8cZ+qcyDG5U\/HYh5lxYTcHS7lDXS1PzV6XOR41h1cZ9L+KxXE6JczRHCSiNT1VF7boI4Qizj5lEdfdajhSQHOEg16UAhsZHpgK1G5Iki1ek6rdWyUqwchJMZYUThaRdJpKv9RM0OW9cAtKW4cZKenq0TEdOPDEBRCwskRboA6Gi3YnhJ3qdvDGkTLGo9t+FpkGczAZZn4gKC4xoEybQb10OFqFb4BP0BHlc1dmzqbYjWeEKW2wJjaNEaqdUvlusDaKzJPAfd\/FC3qcdqBy6RoP1rw6AWfXgFirXb5SF1IsZGaICO7Vi\/A05NBIj2TN+sAkrMTvlnJxzijI3OS4z\/O7pdS0yJ1AhdM2CbNqiTSP1\/fSWG2i895LYIERx7TAiABxyhh9ufac6WLn1D9wJV86snpuHfJEPWipx7pSJs20IjfVBIUe\/onrcoOjL6GotP95FotxVNOdpbLqczmpv1mQ=="}
00425{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":551759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0a5FAAEAGkeLAqABnHw1dNISQAbuIwZOHpNSV\/YAQATA9dwAAAQEICgAD6pxaUquV"}
00425{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":646547,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0QOlAAFIGDcut\/GsEwKgAZwG73D5XFMWVHoSnc4AQAD2vaQAAAQEICrxNhYIAA+qX"}
00629{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":646669,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"QPMIw47hABsv8H60CABFAADFQOpAAFIGDTmt\/GsEwKgAZwG73D5XFMWVHoSnc4AYAD2yzgAAAQEICrxNhYIAA+qXFgMBAFECAABNAwFHLmXJR9\/q2J6Pslnr9f62ZQAg36o7keVHgwUNpsaSASAvcExfwJCbXHILQOxXqreX44nTobQUpbpO1CIvwxwdmMATAAAF\/wEAAQAUAwEAAQEWAwEAMPTbPcZwJ6zr\/OQt29Uiiihx7RTlLMyZgMzrIXSjRTqWbLg4j\/BoDhkVd2Y7f8IgKg=="}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_tot_l4_data_len":817,"flow_min_l4_data_len":32,"flow_max_l4_data_len":496,"flow_avg_l4_data_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1436720898354,"flow_last_seen":1436720898646,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":609,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"telegraph-ash.instagram.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"acb741bcdffb787c5a52654c78645bdf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00425{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":646760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ty1AAEAGEYfAqABnrfxrBNw+AbsehKdzVxTGJoAQAPXaNgAAAQEICgAD6qW8TYWC"}
00508{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":648195,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"ABsv8H60QPMIw47hCABFAABvTy5AAEAGEUvAqABnrfxrBNw+AbsehKdzVxTGJoAYAPXQFgAAAQEICgAD6qW8TYWCFAMBAAEBFgMBADA6BSvr\/cw4t8bShR5c7IU4xFAIHF9VHAsMRl6WfI2i0nHFHmxUuXsf++F7l3akxsM="}
00426{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720898,"pkt_ts_usec":829347,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0QOtAAFIGDcmt\/GsEwKgAZwG73D5XFMYmHoSnroAQAD2t1wAAAQEICrxNhjoAA+ql"}
@@ -33,18 +33,18 @@
02102{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466768,"pkt_caplen":1297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1297,"pkt_l4_len":1263,"pkt":"QPMIw47hABsv8H60CABFAAUD5ilAAFUG\/XofDV00wKgAZwG7hJCk1KF4iMGXbIAYAFgtQAAAAQEIClpSswIAA+s0c9PZpcIdo97vqW+zDXNfxkt+5hSLMDEOaNcRMP8OfQNYlAdI\/OjaYdVFTkhzSJImLWOwFsxHEMr4z1ldNgdfL2IzOZi0Mr6VsXdj\/Ko+13o+n3EyPGZZfWEW+3jo62tYZj3o2SLxydN+UaP07FHfnrKWg1nX6V+JnZ\/a7vBpPJKTEh8CeyEAFgNrA8ezG3bPGiFzbGUKz4alw+O6yxjc8PVE5DLdKsn4mJJ7LRWsGx1LZe2edYPbD7JPOeqDZNmAnfunxmaJy2ooLPYo62K3OJENRAiormRpmEhQzyCCP1ZuFnyBnrf5fYqQwgx+AmmwxtjVdrq47NGqhc2lEmv11\/6HhH5OzQDE1vQcZRwKnnqR7gFD8\/OfRF4tqcU7BfY6Oku0ulpIwoUNKkLStMSa9EsrpkVRA8eDgQioanyZi7PyGy8bvA3F0GiaAodDtsSVOB9GLRy8owX976nTVuhflViEarITMbH4afs58Rx2p\/kX+CN6Di1dmJVpcpuAWScpMXikphTkFn\/jSWIj7Q3I8M5SlL2h4d4r4nqBqOgDHBh+4wKTodwZT5NeImHmN70ZbJSe1rIrPBBEEEj2Iv92uNutSpiDWBnn24mr42kV+hcFG3oB6IC5rFdjT2ggv2GoAnu1N8jJk6r7pnv9FnO2sPE61MAi7iMgvttfLY6UYPW4JGkMJP0PaLqLshHBb8FTj41fB0fl1jYIT7Adee0C5IYu\/a5qzIb6v\/pcLZYsjbIt3akCFzjPSSSUOGy5WyVOme+hyVpkgHoNz\/wD8TzeoLUrQL56PLVJ0L3IGsvTXLwyRac0QFJJcOwdgUWd\/wnB9TYbEN5njfMqAPwIern2gMkt+mrM4CFA7yGdf1hF2YXrKekjDb4oszhct8XZ7uvH\/9xY7KRQ66Sij6T6baPQo8Hn7zTL19q9qb48PdFg5VWkyAoRDYHv0drCDdYV3vgGyFxbAcdHz2cws3+XD4lB2+O9o+UCaRb4XCQD8VJgweKIsDuty4TxuYXJPts9SPh\/qjT+ff8fhwAKO4ci4abqPyQbAJCM8rN5T5l2F2xibZo+oM4JSGbEVxscUlx+BiyBQ2OEfoAo4CkmWSwqo3IlpSAmnxbo71q07Lw9Hj373+I+Xoei8XdHu8ZSJCjLWlCdcFgilGeXqOEL61LsJfI\/BqksucXwTtLXieaVZAccFyk2Yi1ppHfj6Q30i5vi+\/DwRPT8CKZtoU3ZjsN6vtjY6FkOHq9WQ3j0hB2TqfjEL9rEc44sipkeBKGl6SOERe0s\/u7RnoW\/uHb5zAqgngDSRUi2Tr2jEdlxljG7PKNc5o7sP4H9iMdycA3Z8EzbHryjRO6FKldJmsB+D1y3gZoSUNBZRax6I35tpYAaZ74HE\/SXUi6MdevGH0LF+nL+\/srldyrxE34Y2rHtfKTNZCR+V7EIIib0kvb70lDK7NXMYdc7ivaZv12714QDSUNgJLjeSHd5o+Ahvrv6DorDbdPw\/JhK\/ngErDQMFmfQC92KMgcmnPyc59ZhuKJ+9RPPHf2XbQw\/Bl29MwMm45Vgoq1kk6K7PG6Ck+O76jgmz3kuzlFOmsy+rF6giC9x+Be\/ZZczNRg8ee+\/TAhXnw4s\/4doRa5LK0VGwjB4nlFkucQGhA=="}
00426{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466829,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0a5ZAAEAGkd3AqABnHw1dNISQAbuIwZdspNSmR4AQAeM9dwAAAQEICgAD61taUrMC"}
02337{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":466859,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWq5ipAAFUG\/NIfDV00wKgAZwG7hJCk1KZHiMGXbIAQAFghJwAAAQEIClpSswIAA+s0FwMBEADO1SD0fHe843XJ+ZCOsNse8zM32GCiYFzzQfE91JIzbvwKe5v5AojHnzd8Wl7xnd22RogOxu5mhHMXv+7gqxkRujNqA35I\/rekY+c0kH+\/NSEyhs13IVdOUvD59xSQ76XNlZhIX2Xko0Ujj89TytZG5NxEGw2JLZI12mLK\/g5a3flx\/J8hZXwcLBRqzBjvvQaZl\/uZfneb65tfZAHBfa2ufzlLs7JZ3BUDM81wWhbIMe2t4KJ16+dUvWdOAOnEu9ZLqWxo2GhoKSKyi6fIo+gieCl4b9EH\/cKAYDIB2T1y3AG02pFtYejKcW0pDhSuvE+LlCShkDevJtXkqE\/96fTPU+kGFn2Qwrek2kde18SDzMd2Xp7+gakArcV7zrJ+QtPsKp76SrAEXQtaDoH76oSlGZcjixiuTacLQQUVNs31sJ8te5vUsDjHoOxNEXc+m+tbi5LMd6coYVh8uDFhm1\/qpTqcLkCRZ6tkNYfN5rbfrh8BIGqkzvpcFtt4ODJzaRhHJLTbIgTpho3IlML0bD9x0mwzQXu+zrpQpcdgfd0TiLCJrt7UYVObyELXY\/6LuFunz+G9OHxZdH3Cb6RT1Gje4opqLVz484fLFNsmXvlM6kJ\/1FPC9JDqYn\/7fJ9Ohc0XVFH6NIg1Qmird5JP3szzmDc2kxh5b6FvPIkvPcxGWN\/Smh76ITW+XMhl8fpCxQLkePunhDquVopN8T0lKT2Rr\/DeFwl+cxiN78G8hvhOSX9kWTE+\/ey1TIgwX7ezJ6GuIKG+OaWgSZWVXeZJYl0KZbA7L2uCmgjtl\/xYdDJ0acH51sYUNDs2b+d+ZfKMdOw7Ys+K45Wv9xe7Iwxs8oWgnmnUYSE4gn\/QT701yKr\/\/jSZlBWSPDIvemWROGW4VIFY3byV2wHOcLrG8nR55fQ+P2mKz6bq9yHGI\/7aySBuQ2D4E7sMvHw0tHATY+SckFimZWeTp7BvrEsQB2wcE6OK8b2bWsAA6\/7MBbuZ80TMJ\/buDkXeamt0hYUbv2yHjvoLmWHRrz+Zcw\/ujCQm8JVxDHghVA0gbhztSs69wgYPdi5It1hGIM\/upxkfsVmC\/EVXLtDdT2824YvYOLLMTrv0G5lf4ao1pRZwJOrISBejPGJyaiPv6mfPQlFvEcBDQpE7Ad\/ILXeAsY15qJnOepLznFfgTjW1Li3LfUkNpGLPJIfdhTT29RHqUD+wM3QVdE3wf1hO0XJv3FsK7IccMA1iNP5GCOqVCpy3\/DwdyNM7zBIxORN7gHEXphyzeEiyJXP7Zz8lLOV\/2JK607pHXDPslnXzcOgbs6nhUvLDwk1vRtX\/uZlQLzOSYLhkNSaWZJ8TCBi\/3QsyIZFBfdkrg7LRtUgvhOmM976D0CHChLfxXh0UI4CRv5Ef1DajJOmP\/gDwfDfOzCTjtfq+xCOreQdh7QYwO7Qd0I3dhmY1CX2w9E7YdK\/4igT3+vKQaqJnay5Or\/VsaB+hYCsif3Sdn4TEnoqMMK+QCCHxaeTEFdWzU7Xm3abNrp\/tNh7Zk+3BXNNXNZCTB1vSLUUEip3cSDc3zVR3jn5ug2TPnaUyxJnpL303hAaZaTlVq21XQbafyrFkgplOlXTHuHenvUWFf\/4\/0HinXAyyHl2KoL\/oGAu6aZiAZv+lpEMPpOkDJd0QOWATyCcUUKlG4RZqFAQE37vG3REc\/oD9K3Om1NhLzYJsJe3\/MP06CdpnU6V8Zgc+R1SstbiSDAKazAmbZyPwcC6JVPYob+BIlnZZKydUo7eEnwE0kdXt64hzFWZL2\/jph4cOmLxKtWjBLkiYbzniBSU01HWVWQs8V\/acIoFVfnLOknrGJQh8ZcfRmvO97xj7mtYX"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00777{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":684083,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"ABsv8H60QPMIw47hCABFAAE4wXBAAEAGQn\/AqABnLiFGoJegAFCP9SVkp0jV34AYH+olJAAAAQEICgAD63Ga3vWjR0VUIC9ocGhvdG9zLWFrLXhhcDEvdDUxLjI4ODUtMTUvZTM1LzEwODU5OTk0XzEwMDk0MzM3OTI0MzQ0NDdfMTYyNzY0NjA2Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtaC5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
-00822{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_tot_l4_data_len":285,"flow_min_l4_data_len":285,"flow_max_l4_data_len":285,"flow_avg_l4_data_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1436720900684,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-h.ak.instagram.com","url":"photos-h.ak.instagram.com\/hphotos-ak-xap1\/t51.2885-15\/e35\/10859994_1009433792434447_1627646062_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00768{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":687959,"pkt_caplen":319,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":319,"pkt_l4_len":285,"pkt":"ABsv8H60QPMIw47hCABFAAEx0CVAAEAGO5vAqABnUlUaouJQAFA6kgvvKZIczIAYH0cqkQAAAQEICgAD63FWCuc2R0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTE1LzExMzg2NTI0XzExMDI1NzYxOTMxNzQzMF8zNzk1MTM2NTRfbi5qcGcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1nLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_tot_l4_data_len":285,"flow_min_l4_data_len":285,"flow_max_l4_data_len":285,"flow_avg_l4_data_len":285,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":291,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1436720900687,"flow_last_seen":0,"flow_min_l4_payload_len":253,"flow_max_l4_payload_len":253,"flow_tot_l4_payload_len":253,"flow_avg_l4_payload_len":253,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e15\/11386524_110257619317430_379513654_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":690339,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"ABsv8H60QPMIw47hCABFAAE3v7dAAEAGS+vAqABnUlUauq1bAFCj1oFKfMvpWoAYDTz8dgAAAQEICgAD63JUYaBjR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExMzc5MTQ4XzE0NDkxMjAyMjg3NDUzMTZfNjA3NDc3OTYyX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1lLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":291,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":291,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1436720900690,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-e.ak.instagram.com","url":"photos-e.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11379148_1449120228745316_607477962_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":692262,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"ABsv8H60QPMIw47hCABFAAE3iBFAAEAGg5LAqABnUlUaueJtAFAE8EMOWjfyZYAYD+bdMQAAAQEICgAD63JZ6ogYR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExNDI0NjIzXzE2MDgxNjMxMDk0NTA0MjFfNjYzMzE1ODgzX24uanBnP3NlPTcgSFRUUC8xLjENCkhvc3Q6IHBob3Rvcy1mLmFrLmluc3RhZ3JhbS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEluc3RhZ3JhbSA3LjEuMSBBbmRyb2lkICgxOS80LjQuMjsgNDgwZHBpOyAxMDgweDE5MjA7IHNhbXN1bmc7IEdULUk5NTA1OyBqZmx0ZTsgcWNvbTsgaXRfSVQpDQoNCg=="}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":291,"flow_max_l4_data_len":291,"flow_avg_l4_data_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1436720900692,"flow_last_seen":0,"flow_min_l4_payload_len":259,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":259,"flow_avg_l4_payload_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-f.ak.instagram.com","url":"photos-f.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11424623_1608163109450421_663315883_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02335{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":716768,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+uH1AADkGTewuIUagwKgAZwBQl6CnSNXfj\/UmaIAQAiku5gAAAQEICprfPdsAA+txSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDExIEp1bCAyMDE1IDE2OjU3OjA4IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTUwMDMxDQpDYWNoZS1Db250cm9sOiBuby10cmFuc2Zvcm0sIG1heC1hZ2U9MTIwOTYwMA0KRXhwaXJlczogU3VuLCAyNiBKdWwgMjAxNSAxNzowODoyMCBHTVQNCkRhdGU6IFN1biwgMTIgSnVsIDIwMTUgMTc6MDg6MjAgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDBjMzQ3MDAwMDEzNjQwMDAwNjM4NDAwMDA4MzJiMDEwMDBiODUwMTAwODdkZjAxMDAwZDRhMDIwMDlkYTIwMjAwNzY3MzAzMDAA\/9sAQwAGBgYGBgYLBgYLEAsLCxAVEBAQEBUbFRUVFRUbIBsbGxsbGyAgICAgICAgJycnJycnLS0tLS0zMzMzMzMzMzMz\/9sAQwEICAgNDA0WDAwWNSQeJDU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1NTU1\/8IAEQgEDwQPAwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAUBAgMEBgAHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAANnYrv6OWePnpwvl4Ucr5ZqutmsxzGNFZbBKECWI2oX8gp+rqOdscgJarTJrPTiAtUZEnHz0qOljcEskD1c01Rksi2ko7C10FaSJqLDY0bkkglRK+J01IqIm99eIL6jmheWgjCKVJUTsjcmxJXNVG3K1KNr3irtvMCithKVbraoq9cQKb5mse+vydpRzhEXinDIvFyoIspSDsdW4LfVORbSFGS9z0Q07Vapihe24SRFCV8D5p7U4fInJNSacY9CnDoLekTpOusTppdQVRUWk5Z3S6nSOaiisOZWrWqtSjFjqVjcxzA+ktxbdV5FmYfOO1PR5O6tOVN6dGCvruavqOenPG2AT0hWptvhfNzvglTijkaS2WB9FlYElvdXcE7qNkc6sYnO6nwWWwvB6cwHJ3BI+Pk7LqzU7SQPCRiRBzWw1M8o9Wr7h8yd2Yes0RUdMne6nInZbXUcjq0gpefEOw6FZdhsSpo1\/NNSRGRwz8KussbUKdHc9LXYK7JQkHbZE9CMRrLHVuCy6tIhIp+ajbOxDZOaN8kM6b52TRosiOmpWqktXN4fR9WcyxQQ3Mi1m1NxKzxO57gjldCOau1Guh6KocxG0s90jNuePlRqSaiqL7xrhlZBD1ROCogrq0VC86jwXI66CmfUcy84e5MlIKemSZRcnZWo5lqOCIVpafMuyjnIKtHOmrjanNWmV0at9VUdlavIty0UHfcNVBHhvASbQRlyCBWndG1xZlpvVXVpuTtPpPHelHPmiqjZJuxJVci8tKRVa6m0Lsg1QJNocO+lKMV1BqVN+Km1zbjrI1P1ZzUr6iNEZRL5ZRw56q6yDgmfWQLsg16ZNg3hkHi+ETQdInbdS4duCJorHU42r7hqMKoMQCnCeAuojkF0F8BRBzhkEpcFpK6im5sQ5GRJU57qi78tptbhTpBzLHQKE7qrwsdX4LS1+Ts9Uc1YWugWOruCfoFCwtRydla3CsLCo7DIlTl6FQm6BQnWuoT9DwSpCoS9DwTdA4JVrqE\/QKOx0ChM6u5EjoeCVY+ZIiIA="}
00425{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":717195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0wXFAAEAGQ4LAqABnLiFGoJegAFCP9SZop0jbaYAQH+o19wAAAQEICgAD63Sa3z3b"}
02335{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":717531,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+uH5AADkGTesuIUagwKgAZwBQl6CnSNtpj\/UmaIAQAim7PgAAAQEICprfPdsAA+tx90aIlfAo5VgaFp1RR2lqIF11HkXG1EC0kCNTtiUHtjVp6NcD2pwL3cCqxUOdE4JFh4qboeFOsCpz9Eidh9bgtdXUdh9SVOeSpyd3qyp2GRODmO4I0mRkHS8KHpOY3nKhiq8InOUI+lYNvLwmo5jSORAzTOTbndzUE5Y3MVUQHOi4UqtVNyNQUqN4JEYoPVnA9Y1CTo+HL0aikRnBI6FBzLC4cqxIKVYeHKkfNTLCqbuYgpXQqORYuFN0aJyOi5k\/QKnMtfhWUroFpK\/BZ6vwTrAo5kruCfoHBMkSse6B6UnRqNeZwpejUb0a4ORqg9E5jlaiHonAvciarG9iObyOVEB\/MQUjo+Ke+BQnfVVOZYFFZSuo7HVlCwlfgsNhQJ+hQJuh4UqwuHJ0SBK6HhyrAqUvQ829WtFIsSAPSdHMCWEZAk3CjSXgibY5qBJ1CDp+CJLCBAs6irLb4dPrTAhbPwonSOCDpkCJZOCPnqEXSo1GsqIj6RRxJKgo+m4IVm4cPWECLrHDq9Ogmc\/gj5eEnKo+a9oIqqzlaoIqPQndwKqI25WuS7u4Hcjxo5HDZ0iCZz+R3c5tj0cNiqiSdyiY9HJpzubY16iYqqNjlRCKqg3l4E5UDkXgReUER3A1V4E7nDaj3BE9yA1e4OTkBVagORvA7m8CtRQdzlm4GzRuY+fzmPnKDedwNVeBeRwLy8nZWCdWreQIGTJWcSSvCBbXKqjrKCrrMjIekQUXS81E5yoj5\/AxJHBC93AiOcNjnKNiP4IemUUD5FCLpnjpusvRVS2g6rbyhQ68gUVtNarNnRqBbKBVkkcKDrajqLYcFZbD06nW+Cp1tGVFtqiktvmU1tclVbbeFPraBXS2o6S2lCp1vh1EsqKq6yiKy2ECssjWm8\/gTlUacrQVEUHN5AXmKDuj4HJyC5HINEc0SK1wI5jgc1UG5WonI1OT5U5jXM4lyIoI+JzXOTgfzeTc+HglVqpvcijR\/Km57XqkRzQjZI2oi5yOWK9A5XcNnLwlc6RVC2y0IelUI2zIDOXhN6VSoknalG9yjje6QcPSIDeV4RLIoV2zuCu2eNqDpkag6RrlOVAcqcDnRqN\/R8KZGIiR0KssLWVOV0DRWHQcOZ8KBP0KpyLFwSoxRuRqg7m8hyNUE5VBq9wcjkTR3OY1zkG1H8kxXK3G9rko0e9jGTqnTdZcKi64rdF17kUGklTBssxaZRsnQK\/TsFEkqMj53CRHcLu7hryIDlY8OVFQ5YUHOsHBP0KhYdWULCwNCZYOZOtdUTLW5q6lXk7nU+C6lVgW0r8E\/VlatMhVOboeamWFETpErJei5OTo+adzeByxoEvRcN6c0T+bw17kErmKNeZwpFicNVZzT0YiU6R8OXoXBIsSse+FUS9C8JUYo5OjUJOjVD1Yg5kiQJkjUH9FwSrDyJEajJUa1OToualSNoTJGgSpFwToxoTtjaiz0LSp5KvBbdU5O11N4NjsxuIWzoOBszGolc4UaP4I0laDGyI0jXoCLyh3ciFRWg7uaNVbzT1YiJUjcNyNRp8jHJqyTgjSy0Iem4IUma03noDec0OVeBvLwNRVJbz1G1HoNEeompJwMXnji5eEqORtFRwkVVTaj2AqtUOTkacncm6JUaVWuFy9w15vA\/mID3xKD3R8D+YqciN4bnMQUiNcNea4OTlDuRQaqoHdyg1FUEaqoRUeEbn8NqS8OJX8lGr1HE56hE53A1yqnajtNTq9aYMe6OZzD0rQYj0BiO4TEe1pGvcEaSoNGS8DEe5ETZuZB0zSY1VWRucoRJKgNWZ6cHSPCBZkBrZ1HXbfVFBb0bKiWeFXWVGo+l4IVegJy8JV5B81eEnLzOcxU1RHM5HqhjncNivVEbZWMj6VBRu5zIk="}
@@ -93,7 +93,7 @@
00468{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":879091,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"ABsv8H60QPMIw47hCABFAABQv9tAAEAGTK7AqABnUlUauq1bAFCj1oJNfMxlZ\/AQEUsuYQAAAQEICgAD64VUYwVLAQEFGnzMtFt8zNWXfMypR3zMrtF8zJKnfMyYMQ=="}
02353{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":880250,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+G29AADkG8qxSVRq6wKgAZwBQrVt8zNWXo9aCTYAQAxTAQAAAAQEIClRjBbIAA+t+DCqMbFwx7JxEXBUu6GulOBOJyE58u0hdRthkLrO0QqvBlCufqVAgyxVWRlUXfQ7Qoi0wU31qhlkeE4Q639P3TT25VQfngwZQVDwqrYT\/AFKnmQnYP91ROrVVGoTOHc7XC+GA9JTG9qcCnUm2lyoYEpphMRChcSPwlxTpIb8muFVn4qKYu6Qj9lRp1qrQ8VGAHwJ\/3XCm5gkzktlWuZ2+EHXcO8\/dcRR0qN\/VR+IfsmPsrSBoEXXOdWeqQ+o7K2OH93xKdDGl3hUfW1o2XE1Q\/jXucLhMQhb0XEa+EclUqZOVDWhGoqZLaoePqCq8Mx3e1UacEKcJznaJ73l0JlGmGi4XO3K2iFxFJxpt2AOpTqL8SCuCmm4tcq1QBUH3N\/VcTwzH92jk7sNpwQrgmVbDKfVlyL8JxRnlwrpdbEqpSa78RUnkkey4uCzRfi0zfq1UntraLqjh32HdVq7HZcczsvit\/HlCqeJqRTbJ\/sncPoar7vZqrMp1e22IGITOJriQWgtTeKoPXxAi6nomvbTaH1dTog+XYKbGAdE72kqpbd+KoTB3SnNJ0Rprhmgf+V+GdDlVK1JmG5XUqVMn9FS4e831kGfoPC6dMmdU66Ypj9VUpvnqFyp1+m2TlDibsNwE8j6tU2sA7SJ8J9R++iJbgleoSz9E2f1QunKry2k5SNlD4lG6FSJbUBVVvJp6rI+oLQgrh3Q6FXGZ8oZP+pVWp2DP57CqZipCrNwj6QVTPcFUGn7KmYeFV7Xh6guOcBGqGdrclNLt0bYwnkim4eUwEU5VKrc60pvshCKPcIXFCKtvj5OFaDXBdo3uP6Lh6gvc9+rl1HEubwrouHd\/9e6\/hrg6k6l4yqjLu8Jv8p7f1XkHQqtSNKqJ33TgZe5uwVGkHPFM5AyVEMqQNyFWsYadM66\/sqjjUNg01K4emKLLzrqqJHWDn+ZVT\/mawAAC6dpgqbQrk4g4CDiGMqf0rw6VLGiRqtlUhMa0n3TWWjKcfK9QvA\/Uqwj8SXOcqgfTd1CqfFMiVw7mB7gzRVIIXFNd1LjoeV0LU8gE4Jy4bQwrAGwSqn4JuC\/4hUi0jCBgeypUCILoyqvB06ncdUf4dbm6U\/hHzDUys7h29GE2u+pFKIA1KfxrGg4R4bi6g6r241XTd4yqTXhwDk80hA8LtnOiYHDTRYCq0n1BIThbgqAqfBl7Ze6J2XwVEavJVSgALmmfZAEnuTaFI7KGtwAmtfcS\/wDRDwiDshgQU9iMsGkoduVeZlF7dl8S84JRdTBuTa9No7Quu0f5kypJ0id1xVSmaXTGSmsG61b2p2E5sid16qYcqjfqTSWm4KqAReN1Tdlrk9tzcIe3+of90e4J7dkPzmHK8FOyJX9TUNU8S2R90fP6qqL6chNl41VjhmFaHepEBudUXCCCdVRaHU3D2XTDW9RqovkIO8L3W6\/iNH\/qj5KfZw9R\/wDV2D\/uqNP8FsmDr9lWu6rr9ZX8K\/mPP+VF1venMteHj07\/AKplT6H7briZ7QdNVZ\/ykDfJVCmG0+ocSU+oZPT0L9Vc7q3EyYVNr3fiP32XFVajKUE5f\/sqZeW2ASBn3XBtba6qVWILpC1RamjKZ\/LcxMAFMEq\/uwi\/EjKc\/wA6Lh7W3VNV8T23blMa57pcmtgKN1xdc1HubsEDC4T+Y4DdVO0ABPDalNwWFhCHCIhCm2YKNmy1TmpryxMeXMnynUsfdN4TOUynUfU6Q9IVrW4bqEWuJliNTiB2iMbo1H7qvS6jRVYcqgyvVNjf1PhU+CothxNxHlOzorG3YVWiZuBwnOg6KQUDATTIwE1kaJ1OcHVfCgr4d4HqXRbsV04XTbOV2ahXAnVNa0nBuKFIo0aszcIVmJlGdQUGF+mSvhZ1cvgv8y4="}
02354{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720900,"pkt_ts_usec":880311,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+G3BAADkG8qtSVRq6wKgAZwBQrVt8zNsho9aCTYAQAxQWCgAAAQEIClRjBbIAA+t+nTBghGNgFcyIDVDTsjc1SVRAukJ4ByFlVdVQDT6kBZNP9lqiyAqRkGmU3EtVF17U\/sf\/AHQx2+FVEFOwfz9WyqXdThP7XByPa5U9M7J4gx4VAy23wqfa8sK2ysgIKowesbLh3y0ppMOauGd2pq9kQnt6jTTO6qMseWnbnUHbS4f9T\/8AJR0\/U91vkbfdVXy5zWm5s7rgQWUbv6j\/ALLFRhYd0CntNzvATnuDIOiZWZ07LZjCYSWwdioHUt85Xw5A6uzsJtOGNt8LiRU4jiSymC63GE0mmD74VNvTpBo1VenjJym4yplNMaqk8CpndOq\/hgLqAmLlfhOl31LgQZdKth3sjUYxsvMJ38QaO1oTazDRBVQDqGNE5q4JwFYyqrA4Ez3bLhnh1EtcsaLpU\/EKtcxSV3DRGphAnVONy4enxbh2sx74VPLe\/VuydMIODGj90HdQdidWNIW6wnvDm6QU0V3CWs\/VfCuJDfOpQY1jbKeFbe2EGWqB7ohoVSm2NEcIZTX1D2hmm6YyqTdUwPCdRpvyQmgN5wnwe0J4gwrYauGim2XL4ll1re4+yq12tMI8TcYZGEwvzCpEBybWDvQi8AS\/C8bo+6+6OSrVbDoKpuDDlT\/dSIhVdVS7W\/dEw4OKdVAOi6knKPaZCftUCoOh0eVWbi7whp\/p\/wBlUEhOGEPzqJntXDuzCrNnROyA5UTmPKqCT98KmYf91V7ageviqejsL4iloMqZMJ5Oi4d9mFuqBgwmOMIFaLQr+I0c9VvKk2+oGlU3dXiXVipFR4paDVy4nhGQatLHsqHEssbTOITaia4HdCA67zhPoTmnn2TQQCD5UQ4nyhw5fDzgD+6fDxB0VO5jLXatVcH41waYkqlTur2n6VgjKrDtyjjCEaIvxhTmV1i4RyBREnCoinw9GAZJ3V4HUP7K+53eV8fDOmLB+ipuLu8BVWsb3+UUCWuuC+McBBVB\/wCGZ3Q0UrBFrk78Ix+ydoqbW6lUuFqcQcCG\/wBSo8LS4fLf3OqIP3KqcJJ6jcE6hNNR1QscLQzVVWOLmFqbhn4mAmwKRJ0900vJ6hHbsE6uS2WqjfZ3\/qp5Oda2V7lVPVACuc5vem8O3UhNptao5XLXTZRnHImdN12mbU92YUScp3cIQpUiO7C+ApzJcXIUKdMY+6ee33WPSDqjXo02taHfonVRdpITXOaMIvByF1GE6q6TjdHOqgO1WFTg48KC1VDKo+hPyyE\/JnkBcxfSWqmZEeEwtfTlel2fsfshpadsKo2D+ew2ulN7aqeMrZzUwwn5aY+6Pn9VVbfTkKoN0xgb3FNBm4KoSX6Kk7uKdogbXJjy5M0RITh4VQdSm5iewtdCpusDvJEKnUsELqtmRgr4t0W8mvcz0EhM47iGbh33CH8UqfVTav8Aiv8A\/EP3R\/itN3roz+qZ\/EuF\/wDaj9kf4lwx1D\/7L\/iHCf5v2R43hD9Z\/ZcRWa7iDUpJlM0+9roO6PFPYfSnVa1Y5Kqg2gx8kQpUq5DipbBXVkn3UqF\/DyB2HdcVSEEAYUIjswunMSnlg4cMClTycLxBTrgYdsmG5zWnSVRd3QDhdzMuRfUcJbgJtwZccqqbhD8J7mupFhKoNdaA83D3RpseYVob2k\/oqnTDMD9k0ACPHLG67fKq8U0GAP3Qc+r9UBUqY118KHIEKcYRuG2EZgpzmN902obpUvGoTyxrfxCqTqTx+Gqrd1L3YOArogLftXSezMyBqhVveAMeVUqsODnynlhAt+rwgz+ka7roH6j9uXctVTkGFBXunZKGCrg77J64eYREtQ9J5U3QYTxBlDtdK4Z2bVWA184KFsSfUO0qoE8Z\/Pa6VN1OVo\/7rQqme37JwjHhUT22pwglqaBIWNBhPlrpRkOlMdc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1436720901182,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1436720901182,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":182283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/BAAEAGs3DAqABnTUMdEYS4AFDrYaSj8+woZ4AQH+origAAAQEICgAD66NkobAz"}
00428{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":182466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0W\/FAAEAGs2\/AqABnTUMdEYS4AFDrYaSj8+wze4AQH+origAAAQEICgAD66NkobA0"}
02343{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":183137,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nH9AADkGdFdNQx0RwKgAZwBQhLjz7DN762Gko4AQAq9DyQAAAQEICmShsDQAA+ufWEdJBRPnaSmosKHYDmQEyGHV3GAwTrGe5kQxyGEYyxmyELBrJc+SMi3dmmwq1mAYjd9asgZG6SWIbmuecSeibLvJUKPOw0JlNLd+SsFoR4AyWWZMuWzjy22t8lg9nL1yby0j7G5yGHP2UfvrthqhUQLZPhRPRii5ZImLbbxtBh75Nwi10QstpiiOURwgsk\/gse0fhODW3xEaIlCTuwGMxEsajO6KBwgVZE4oD8EZJ8CUI+IftidbAnEAzCB+CxiXeSUkT7I4PLvoy1NnMNCUuGI63ybZNQBpkMtmgmFlmfthxhK9DguCw4XPNprshLbUVoAbHdBaG0WibQPaUDoawN0QnEMFu5OOsEXu+c3ydgozRy0R9FbV0F8hsoSyHLIicGyGMakQqAYSTks8J\/2+\/kORfizOWuAtMcMCSaUPfEY6f\/ttodWXWPLX7bzs5o8i2FH5IZ4wLEpEOhwV2MADYJIWDBmF9CQdn6hh1kzmvWM7b4SuFg+iI0QmrTgRgMl\/rAMZDtwdyKQyk+DPksJTgtrhZZRA\/GY+X2oyKfiboDY0NouOzUthrGCw4ToWxqMKM+rf1sDDAEsjSzJB7rCfcDOwibANVH23SwWhh5rFCY04ksXdhurOKpIBQXzCwN2yHF8S1j2hc2z0kMsCW+OeS+e5HaaRoyzZaCzPNrgnwkhY7i8yZQkeMkH4woSzgHZw7AMoJTs5nD21BiRDuFCBqB4lGX+kk55UTfE62aMJ9jBPBhqltnyYDTEarQKEsWGbVjV7cRHRc\/JgmbZkQlW0YI\/xZdFg6wN2R+J3fOBbBmIcOvB5bIKiWTEFFXRESk7pA\/G3UwXXKB8XDGTJIAkPv49GZuMRZBkC+FhZzCzZ\/iYJh8LIJjV10uzY7Q6E8RpFbyee3Ru25UC5ETbDsFPCaR1ZZC+Qlrsu3Z2QOnm5Ijct96wHLCiQoCUx5CFCGTynRCNjadMyB8tlLRKCwv7KX++dvy1I4Ngs+X8bALTsRQ81XIDydJihBYicmO+O5EykyOu25b+jIYCOXX2WfISuvyX8JiI2GJxqYZEg+OZPoDhxBrn8TYtguClNRehGIQDtqZcwjb\/V86w0sQMOHMZzpnYBjpA8i2eJoGlmik3CQHHMRm8DxLkyFvCZWDFGTUEVI6mHEnfCoaSoN+\/pJIKAlCT4XxDOVC6F8g19jfq1eEJAj0k3u3yFtEJC0DXJolurtJkzJ6y5KHJWSGujZ7ucFS0YjpIoSX0blPAySPJvg33fP2OLma7cQ\/o6PyUHgctick8cobWRNWzIJG3koi8vkKbBIHEMIhdatBUZ40kmN4wtVBz4xoAKljf4v6tXAUt\/sabl0bLkuRE5KikyGgBCbojsrcdwSEGEBomIUFpEl4TvPOqQ8EQF08if3O9FnhnUw2jwQHpaPsw+3EzgNs0zWy6OB623FWGwH7yRctwfDWnw6uSz7AvbHpmHBs+lzanaBkBBq2DLF24dyAfJ1fyW2F8GD9sWLVnjCGZF3EsLst8bQIxxKOwYkoOS2WRsw0xVMJlnywe3Dcc8w+9gQNiBfxyDpYA\/BXzFgEQ3SDtI\/Iov2XBZk1lmPY59tj\/SH+23V5dy\/iiOkLW8UdeiSozNTMFJIdoa309Kn34h+DTnlxZPJVqKRj7du3Uk37CetFC6vFxS2151HHC6aWXemK7B3BpAILjJ\/RL8v0ZA5dOz14w3bAaJWBEg+oUMkesS4WzNnMtGFzWDqZOmcWARMZvW5QUXehDRGok1aYS2VUwcI4nRFkmR4HYk3YsQQ7hbSjts4wBuESi5cIWAPkICk+lgVslThZsIux2ZS+mHik4DwoYI7IF8QlYXTsSiw2By7i5s7AeQhpAzljeQfkQaQPQMK5P3IVCAQHZWMgI="}
@@ -109,32 +109,32 @@
02342{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189210,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIZAADkGdFBNQx0RwKgAZwBQhLjz7FpB62Gko4AQAq8q+wAAAQEICmShsDcAA+ufyRGDBYEdZ02\/hkBwZxnkFxSQCEwNmr09iMv2GcGCYXZL4CaRkwAI7eahMYyaLCFHwJhqBUvZ4FiwbKbm83q5RQEYxkI0Smr3e2c1umJVtwLwOAZSuvrmU24IRXw5gV6R78YDls1rjHVV3lFJysPEJ4vHhpk\/42JZFbSjzKOBCJi9hgiClAoDTFrTJ+ALizTwG8Ovb3PgmAbS6Br2N7FYUPNyOxttSuZbF7CLrw5QxLGg0NMIiSo0DIPBlGf8drCUaGKt\/wDKiYzrAWigolNjZirroqVRh1u4\/G44McaeQya0g5Pv1ujIfdnkn6QlAtKSAJRVED5kBMwDoWR3zbW5G3I\/FssdhsxsUzhZ6DHoNxCZXM4Ry3ADeBP8Uc411ld4ZJcdQSPhL4JJtiQ1WGOq+HKxVRNUZzNqdQMvPJSNZLzYGBhoKxC7AxyjhYkZkKv6MhPEn43KEiEY7fSc0QgqHv8AxkxEei79ImV+FVqsFsGoAF3qU3kvFk8ndYFYemHUIFuIUaE8e2\/snzB2u1yQTEfrKqWzoo4ZbbswIrQE8ckGBUj0wxgOm\/TFMgUHO2YSCMQWmXgPgw39SU4lh8uY2hc4BPI2d9Z7G\/JhGBFnJELG1cMPnxneBFNwzSxBkgy7GAbTX0swEs74U4EEO69NiLWgLjodj1mqEqeYdwTrPuRHsMK0WkUWkQbEAF9IBkFEO6mkSNmzBY73MfABPJgChMO55XrD4i4I+gyidD\/iF5+h6JLxpOuwHoEUS1H5od9osIcs6XnXJL6pNDsGI6RIuKlExK9bfE3XYjo54TDlyMvY\/qZuNmJrCfLjrAHaiMt8WCLcH6BYNRgoTA9YodOmDg2FD1kKUXjajSF0QgABCPE0jJfpdLLg2N4sjQIuiG\/ZPyAokruR1swNJuJ86cK1APkKIqggwMAR0hEcfa\/GfW2uBUsUysQElDUahswySB22hEMnSvNsbHVEQeA07dh3rf5EcCxYEDuarg8Ogtj15PiRZcLmIDGJRyaVhgAbyUTxJUiEIFFjGJYzESDeSiHJtyXMLRmtIPLEU1sj0vWkxILg3QYypJ1SxNuFf7ipCmk04L+GHAHnQ6mLyC6JBPiJgfJsGpQV6mxskVsJpu7sPTN6RtE7pZtcoZHQNAWoJC3gsA\/KDiiIBi8jlBaiYJHfLadcboyQmUivmc5GMWbpyT9lfrovKfQ9yyNSQziBIQm0YK5SD0sJbBAeNCAQk6mRiJFMH14Bm43IKwmpR8ghNhVHoyZyj4rKHcUOg8ZfgqIU3\/EJzuqKTxF5hlpyS3PAhKDJ5+N3sWF5jbfvkJcDRJCPJDFYcdxdgM77giYze72cY8nTfqmDxjHjRLQK2D4j55qQzvfg4bmlzPGE5eQXUQu5PE66mMJYmVSjWT2aSIiZSZKxj7DP0bsMZQcWA4uMrZxzLyAbwOz2yDif4QVaAdxWyL+ScPWCf0b0v8b6fIaW3R2BvPJAOFpyNvm3j+2WSeYfsd+z8oFhLeUK6sMwtmj7T7cbkwpZuEDtDpnhIid5BCI6ZEANhNOfx9b9EKTSwx+jAiwYFUkZQMMfQAJRyQCkLCg4jIVfNElMHy65ZPBhFIIsCdi4+MK57ROWTh2ebe08z5xT48IeWoh\/HCCiqCGdRYkTFZSHkUOR6eB1L6C54WgYbFbnGw9gVeE4PVyR2Dylm5RMfmi5IDm\/AlZEfGHoYbHEW7LQxlVM6S2bPtMCKN+sLVEmoTWXyjsGC\/rmVQHAIEuXiwMHg70ozM2HgZQUaYXyMsJSrsZZP+X2Oydj7cNgfElBIbDUAwz3wdNDCZ4XX5calgvOKdOD14M0oRP6jlprycPsadHBl6IwASjudsRIuDTEvBLuG4C4KcDy9xj0OtAUWj+XcZM="}
02341{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189271,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIdAADkGdE9NQx0RwKgAZwBQhLjz7F\/L62Gko4AQAq9JsQAAAQEICmShsDcAA+ufamAzJyIRNISCjC4EJNlu5XpA1jlANKhYbuWWh15TI6oFianASnO9KRfh4OvOUZcAEIfKuPH8PsBL5SbfZjyGPOz3tzwUFQgq2OoxN+T1DvZiAL+uIvSDTecjGkaCfK6FRAjdkjuDbI6Kkh08L\/SAGbAIT+6cWfhEizekY+Mdk8El4zesZNgPJ38lck1yRjhuR9xnRt0e2HcFnY0ArSxdJwR8SABGZiLmkV8GpuZQa\/hA4WffBlsdMMtlM14NlPH55FGPg4ovFhAUCGChBTTt179pGV85OFg+WCNcj1GxvhWDhyZUvKFyB0plXoW6\/IAaGCe7j37THzPcNGDBrIHhIyBqc2o6lG7OhtOHNW1Z8UcXa2zQwIdGzrjxADbLGScnOYY6L4FusZ75fsz7b3IQe0FXVgzATwfAoBiazENzs2xB1BHZhkVsE2GMseNWM\/kNRDHyGtUQ\/WDG8gfoldcAFLtAj+LgouIkn62A5I\/G6s6wgNwAiES4tjpkLGAjodGPIDinTK3XciChggwFZunzTDNmVVIdlNiLPew\/JLN0FzZgqLtDSb0mnYTmnDrQVjbBZFyArGwbVtmLDETze6kGSIW4HZWC9b45Bz2ptng9C8hNs3vaY2VZ9WethY1PgzzEAMIRsxRRNERr0cECHUw1VcB7xJpsTzwNAVLduEHfYyYpJJXVBZ0D8GniRo5zYO54qcG5NMAF02Hc2e1jcZQlDTfYaKEEhOozABA7Ag0RzexkItAI43z2CfqodwNbLmS9eZa2B+kidvzkrvZP98JIyvlBNLHUzIHJJnSyy3JLEY4j+7ABPelwEw5rSGAD3BnumCErSBIQGgVOXozYJrbglhfSZ0I\/Wv5FHhG79Kvu3r3HptnyAXEK+FKE0OTfRW\/jBnF4k3Hj3S69CxtCEtV7Y9XvCcovG\/QlMG3jgxcJ4bdIkZlAHydVvKsXQdGtmUvUPBYZ7xJPey5o2NvsgieGqsGhWitbAUDUCQ4WAZ2yHFDcLjQR1AB8Zh9EseRiCBCTRqHboaIGcZw8R2YwCADWnDZRjf3LecsDLrqRhNdgiUG7hITB2NJD0l\/iMcZfoJ0jCAEw5EvNpMhB9PA2BkjRNNI+LGEFoFHCwjHNBOgm5TukXFmhHroAsQjA0AlJRZKNFzOsXZZ6Na6lUuxGAoPW49Md6PUobNTBpvSJg2QgTif7E9ZoyL8zj\/xharZz2rRTpgXc7VGQD0XJy6Hyk86HKz5kbDAOLRcZhM9IZn8Y0NVuSBLkrbOSDDOmCdJ2CKO0ZmhjYCWhxa4V3r0C+pmq5A6LaUTuGmABxh2Vnt2Cm8tLuB0Cy43yzD4KEjBDjO+6EnpOXotjSPNH1M4kYCKh2wQnlTGnAcLYJmSoYxEbw1ZPxmfE2t3zhiqmdKbyGkZY\/bfTQxmSA6kwlLEQVA+AiZ0oGaM4NRGzpindhALRQT2ZmCDsiHkQcCuYdeB9AJsRPlFr0Li5Rxl4OI0sIMFLE7VOIdgFAnpi+NsQgqRSeKOHHSZFM3eFhAAexPpj6Up0rgomOhNiCRueF13qy5sgVykABArqsg7LsWhtp2Jaw5IJAqA+oUKyJYAoFfAm+q4wCmHW7YpblneqTw8VbPmdzUUesHLQAg7Q2RuOZ4b\/AIJskbcZAb5BRl43hGxdeTv4kVYM38JbiX0YTTBliizZyU4ELBTQFB\/EHBD28Zh0TpbMscYHcszgRPTDOdmunujgDWwOQZlmyic3MlCrFrEBBYjoR0fNuDNbsGDBU0bBDBw0JkW7rnhC33OL9VeQ2ADEInZXyLBot88VRcmzSH9gmnHTsm9WXoOw9YmlNB8EuAg8Nc6UnRlxJ8WyNoa7USeTzjiiDhNAc0wFrBcZWznq+b6I7xO4MDEsFeE="}
02346{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":189302,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+nIhAADkGdE5NQx0RwKgAZwBQhLjz7GVV62Gko4AQAq94qgAAAQEICmShsDcAA+ufnyVwCJctLTQPdBPyjsSI47nQsIW5zSaP\/Bg053gaSip5cipBKooeEGphrkgYYI9wzmMlPsIngHtRPBtIcajSKSH+plqexY9BsImIcu0bFrKO+pGQckTK3MI0ZScE2OuoRVUYGk6iXKigH0w0wAahr0ngoM3Je4+jjM6TOieZrNm5tILGtkpEj5azB0lpiwx4VghIp0PKmZAdqRVY2fhmqDdIMm3tp+f8TdckCn7jvSEwsJ4bMRM0MknyN6WvibDxoMKcwtLZvkFNzsq+qFx8NMtXVtjJakEB+2XVxbNGBA64KHm1gdDiRnh0j7QrWxAebJ0FtMiMxouhIM3h7oC51TCMS1nT8MF\/Np8jWiIstb2KBmxrYwwUyBPBBpoM2nT8LyIxrfqgErx1Zgs+PFiC\/OTphCJ62mtg0nBLo4TgM20bXwQgs4RO2vPqtINqJHy8CNP+IaDjRKGdGegIjIrUdiAlgyI5PQ2O2N1laVaZVR3WHYbjzRoG\/BBUyAp7ryDOPTh6Z0bj5\/m452OGzooVRVCDnjTxpu\/LW8uhbJ\/mEPAsCD5smIBOM3PrOZpgRGlomMOfLb+SDyTHfNJohQQ7AIgtIEimrsPpFkHtyBgzhV+H\/IyDpfJpku14IHVu1bSdtGQ37BsbIA6TqRvCDIX2NTpy6MIXOXRuGw6SBRDjdmruaZvxoH4xEF\/wnq+AJsHEEYRgwKQpFc+2TrHgLekSGg10LYS+ROqMPxhnSQ4pIZpkLWqwTi70PBB8RIbjDN2aA+TQJsCNo1NmCARS8l98nBSEiGwI6VgxALN5w9UpkbNO5mo0V0BiNekfotHsGh4EAYcxLkze7azCV3wvcb5BfO2YQGsYaZFhvaHMW2yX2xYEG4LqhODbkAPyB9YMbpfnZf5xEQXduCNQMIm2g9VrAkB9Q3dilFrQjDw5A4PAQ1fNFBJwZy6MSDYAuilIq3XJPMBnsPhxp0IkTniQfwzF5x+I0U0xbDKgtwapgEOhYQvWtWYkch5DRtigzzjFAyKdhN8WRsAgB0jFFVmkTLcQUGWvkFHV9dxQVZQYjncWoikcyBP18lZfxQpTkwjZZFSAEhf+EQaDbJE5KhoVnABvJY6XwAhpNsNwXYbxuFKd+A1sJMW5CrY9unbWGcF1bALcSNLxZ4GRob4Qc6QsgmDZgd28TRAM3C4dF21nJ4dYR3WR\/LeAy3Ft7jaxHYR+Ii\/UngKzPqLec0Qk5855tYjgt5FQhQwA0NNRVTmgBhFR3w2yYuvENcV\/TMU81j2INrEqnm1yBei3mcQdbyylZKEQNKGvtF5T\/LT5swwCMgl2yeATxMY8e1hDTCeRBBQo8G0VhlL5A7jGNi0YZfkUDEYaYcsAI2MGN8ti+M+aNggTBWyn7MEj7AW\/WCNEQTgDjJlYpNJMkPADYMJOLAb+yx5tmjXm8UEJrIH7PIsfft2AlTQdtuCmrfGyPNGZwQ9j0CQCwpplHGQJBhzsEmsIBO+\/3HPC3YeTp14h4l\/4T92P7bcQscSxwUB\/x9wwvHTPCVHfKl2\/rhHFEHl0oRVjcfZ+yx9vqfS0zfhciaIEFOIAdN9MNIKXM3zre4LqbVdARQkhj8WCgfi4DyDwrRyYlKBZ471QOQwiwUM74OIzWkwQZiYliES+LFDUnbKW7ASL5kpZGj8KbGycbGGbsc+Boj4vncdJqgDhmN7nGVKL7J9c3hv1ekjuF1GXjzU5AOJeQqsZ4jDU4w\/Mb4stHk0GlpYiHC7JNHYG+Yf2aBsMWnWIwW4ce5wL42wx4OCWSSmf8BmclPCwmZJGvngA0DguyaLVSagJdWsLxAEoGFhFaCbFIWOI2pSwI+6MOwxb62fd8\/1JnRZaRF41QoLzzJmL3\/ockKKy17F1crgavTE="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":290,"flow_max_l4_data_len":290,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00774{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720901,"pkt_ts_usec":262544,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ABsv8H60QPMIw47hCABFAAE2VBZAAEAGt67AqABnUlUamZHmAFCdoJYSxR9Z0oAYDfbnvwAAAQEICgAD66tZ6cc2R0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMjQ4ODI5Xzg1Mzc4MjEyMTM3Mzk3Nl85MDk5MzY5MzRfbi5qcGc\/c2U9NyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWEuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":290,"flow_max_l4_data_len":290,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-a.ak.instagram.com","url":"photos-a.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11248829_853782121373976_909936934_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00550{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":17091,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5AAAIARdcjAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1436720906017,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00550{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":19075,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5EAAIARdcfAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
00550{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":20631,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5IAAIARdcbAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00546{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":22462,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5MAAIARtB3AqABqwKgA\/0RcRFwAbz4HeyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00550{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":24293,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"\/\/\/\/\/\/\/\/ABZEH1lmCABFAACDA5QAAIARdcTAqABq\/\/\/\/\/0RcRFwAb\/+ueyJob3N0X2ludCI6IDQxMzc2NzExNiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDA5Mjk0MDNdfQ=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":25422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"\/\/\/\/\/\/\/\/ABsv8H60CABFAAA0BsVAAEARsaPAqAABwKgA\/wIIAggAILagAgEAAAACAADAqAAAAAAAAAAAAAAAAAAB"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1436720906070,"flow_last_seen":0,"flow_tot_l4_data_len":645,"flow_min_l4_data_len":645,"flow_max_l4_data_len":645,"flow_avg_l4_data_len":645,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1436720906070,"flow_last_seen":0,"flow_min_l4_payload_len":613,"flow_max_l4_payload_len":613,"flow_tot_l4_payload_len":613,"flow_avg_l4_payload_len":613,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01261{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":70589,"pkt_caplen":679,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":679,"pkt_l4_len":645,"pkt":"QPMIw47hABsv8H60CABFAAKZYWZAAFUGhKgfDV00wKgAZwG7hI6seG5hv38UHoAYAGuTKQAAAQEICltMYqkAA+18FwMBAmCl7hwsC927JcFSAZYWLzz9PCOE13q\/R1R\/4Ep\/l7+HHbIpOFFcCYs42I3wFOgWiBw3wjx3pJOgTGydZF67jt6\/BKND+v8oyfRpnqlS5YMAWUNymHV7uHWxp+hxonkw6cNC93nRZtrxzkz6LP0NT0kghBPZC1Qj+5R6TJU9O4JNVgnaOk7a2PLjjlpxNviWyDprqQXVx0ggqtiTSBMr7Uc5EfDpzAAkL4Ijs+Gp7u5RRsTL\/vjjpIbFtLB91jbWUmuE049zO8Z0ZXe+NUKtpOUeDZz+3zpQ7uf3ydorfitQX7zdybIk3\/bzSVhOShF3BJrYBLAD2AQ24us0\/KfVGECFrd6OK2BQqjf6ncI9qOXNwiVF\/2inbzY\/Q3OsYRcS7XHEaq0O5REHcT8SzE5VoLX4XXQtBoZwVB5Yrj77GtBQdmGZD6u8UMQpctBx6N9Mr51OWWfdFnAbts6SnZuXGzlYjqJOxS7Vx73Uw8fCkf1IEri8UI1qbM9veDNciQdo3CmVyvU7iM87rUz7C0f+A4f1opsUJ5+EheBr1eGc36Efb4\/Ualnnz3nkJR3hncStDick4US+OxlgvGof266YJgZuAwCGxYg4vW2knDKYz5umzCws7lIHpIdAFNPByVtoUTPTPQS5UKgIEdb95j7F6DccGwtWvRW1Al5LucPJI7zWS2dtNSdT\/Ojj1Rno0QRGwZ45j0In5POotAgCjk30MTwIN5HhcpigFfTCmuPMsYmTn6MoC7DboyOfYCjSc6fhkNqfZ2xyKSzKyqklgdTHeGfRwO+op5ygRsksmKTJ1Q\/4mw=="}
00427{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720906,"pkt_ts_usec":70741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Ga9AAEAG48TAqABnHw1dNISOAbu\/fxQerHhwxoAQAW09dwAAAQEICgAD7YxbTGKp"}
01730{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":201021,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpGbBAAEAG4A7AqABnHw1dNISOAbu\/fxQerHhwxoAYAW1v8wAAAQEICgAD7mFbTGKpFwMBA7AOHMI1ALyiYU3ya6qg+prWQI\/n9ANspqMl7L4ePI46MbeMU\/IIKBcoHTRp\/G5Sihc5nIJHuC2+37mEcl691gW4u\/TM4cTkpTf1jvX2GQ4y6\/txghh7z8FoXfNbqCHIq72qOYxX78zowj+FiMRcWPEmeWcWoH+gdWfhPA\/lkpOWh7PAWcTM6YhVbfKMzFVog0eNO6nAQ6Db4QV49GBIVCzfrXCBVeXZAcW0CL72bBYmhxsuCeKWPO3s6v5st61\/TqBX2wKyuhuh0iYRoQoS\/wYMoppq1iw5UM\/55LosXWjVhX+LnpSLv52m8IfyQkh1vrv+SJ7KjFgIF5haejMGRgEB6k28tUeT6FGaiUo32klBF\/ovhJ\/7PzYE5+p1Zs2WdUsskxD79HTvK6ta+oXXgI8zxnT+FY6f4Y3Qg+b6yTS68sbWyHT6\/PezdvhWfHtL0SSgHp8goibROD\/tT\/ewXwhvrOEixGKhip+cFDAiL8AxMi3V3Lo6cis85J1puKveGyk09JQyFUAk\/2r5Yl++ASyNB2yelevEI5wg+VsEb8Rcm\/QA7noQyfs1T5YOnO8NCBiPmye5eIk\/wZxnX1f+2xdUrgycDikO6k0cQg3utcfRP10t4qmvTrg2ek70WkuE+ATLg2Um1eRaeb81BxGpDBojTreWbcm5dcICJMpu5Jn\/w\/\/OFgLDd8zIcqEDUouT6ZCScciar49BKHurWy8NKFla9SI75KJQz9yq3QZyAG0rJc2lhQMyl9+7b4Ogizx8Jo29kTu8fZJSlg+ABrC1jcExXQD49OmAnZxwfKy6D2pC9Rse0qtqmzV+ovVEbJp+oxkyoXka2nmc36kfQhlZgI7KVixFLMTTlCevMnYrq1xJ\/MKzvCd6IWf+N5EocWD+ilOqptHNEIAOXJmgXODhL5KGWjQb8\/91W1IyUi6q\/ngSGvVRUpY8iujk6L\/C+Bbj\/Dm4AkcumBcragxaghvlWXmc47QSkqomVkZppr19doVE596Z\/iAcdVNMq1wy+2v27UYh5CMr3l5X59P07fb7g36BHbE7SHRjrHyy9CTFMxhEf0YgUq5TdIHDFI5lE\/KxLNZVidU3ki5Un7VFtJrfQka6os1jVOGfB9pUZq5Qsmwf1i\/ygu+C28zlN53MQWP6wHjI3WJZUBr81SukNH57IK2c2EyIu0E+HAgTgoJHe51A\/fUmZ1cYv7+JWrlM8pRHdKg4V83a8+0QRZUGb14qwNk4zB82iOuTyKlfeqGDo1mtsQ=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1436720908216,"flow_last_seen":0,"flow_tot_l4_data_len":981,"flow_min_l4_data_len":981,"flow_max_l4_data_len":981,"flow_avg_l4_data_len":981,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1436720908216,"flow_last_seen":0,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01719{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":216981,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpl5BAAEAGYi7AqABnHw1dNISPAbuBQH+NqOzE9YAYAR7+6wAAAQEICgAD7mJbGFWXFwMBA7DGXKcxYYzj4PsFQPMmYQehh8iuvFDU6ChyMypfRInDCFuixSLIKOq63dIUv38njMJN2kVy\/t+T8m9xPVbEGAFdD3PpSc3SZZnBHiv5tCRNZzMhDLWXPkOIN9Lutipqd5IVnEEsBFkO\/fZ2K81T8PYPXOUELo\/sV11FwruvuAKdrrJSJDxsNb8ZavjfuhrjTCNZ8992aq+Ku9jOSU4Xa7Q\/BYCty1PvPxxBeD0eYCG+tOtkysHtjUZlr1d4OQxDr\/61YS0x9iJOXjnMBoobCu17VKBkd2hUXNptzi\/uIUhzamB9Rremxs\/xa5ErUN6bjCfTqClJMKTo2+EPLLC2OrnUwhZPfwAqX4LMjZxrO4OjWeKTq0PJEWrYJt\/hZgR9r16F85siGrf6FK1kTDvb0+vybKakTv5L4R+tKZVBNuaZabfxVkkl5TNMskAuzgaRl4NAmD9vaxsUvWa1r1eavZpU2b4i3TllipunjR4aQEFb47bl0X9Ru9Hl1x54J53nJ+MJknrPmdJbHBa5kRwAqKgaQptXtnMz1WTWV+Q8a53Upaic+O0txvujdC90+KUOiiTbhfTw0gAmNmPQmi2l+V2tphQpp2jEsWxETCl2LSUnlcR9XDLGnBO3KYnN9C0+k2yBKCMObHAcOzwdJWheAOhMNBVSNpFtrfOE6uSTsVbDj23xeCxxC1QAM7YJmxoVRhtdVyIDYYANmHTFeA\/uC6oLDeExrKyQP7kSEfNbdUqTNPu\/MJKIjJDZu1yLmyvi1O\/nGho5EDKw8IVXPxnfKKPvaQH2GtI88pEfGeAEyC\/HE\/tmFwWll7dh2qPp5A3wF8sKJ3O0eDAbcGfPED7oJA+EsxJAhKT6isvErCueBtWMHVSeiLsoME8tf6cS9zzgnk33LczZTQgm29MSHE7ZL2GeiGbzuGwrTGDnk1VDLJRove2wMug8H7\/TzDu7ltmYb22OyZHWPR+qBc0SXnC41HvKpdG4l5lloyRu51PXhn1Z4SBmRKxgHOd10WPpGH9Et\/GeMS7LFYrc7oqcb6G7UCvo5VgI1SuJrJeY0vV2tCM0MyJYykeRmE4\/7F1xpcmuoE1e5ET3+6eiLGpqXUS7VkABwgQafZxjQScCWI5pekzUYOfjX5epPROl\/DzQKTCdpj3Gvhf2XBY54ImjWPLE32kUQllKDfXNIYtYFjXJbjsc4Zka4\/X4kGWgbCWN+dmnakKME8cbt\/+4rEk8PQFIv1W4FPcpki7hccXc0xhFEqm0Sw=="}
00427{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":250978,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0YWdAAFUGhwwfDV00wKgAZwG7hI6seHDGv38X04AQAHYJOwAAAQEICltMay8AA+5h"}
00427{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":259859,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0u1VAAFUGLR4fDV00wKgAZwG7hI+o7MT1gUCDQoAQAFyKzgAAAQEIClsYbBQAA+5i"}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":290,"flow_max_l4_data_len":290,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_tot_l4_data_len":111,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1436720901262,"flow_last_seen":0,"flow_min_l4_payload_len":258,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.153","src_port":37350,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1436720906022,"flow_last_seen":0,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1436720906025,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02324{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":430543,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqYWhAAFUGgZUfDV00wKgAZwG7hI6seHDGv38X04AQAHYxngAAAQEICltMa90AA+5hFwMBBgARSjwF8KhmW+xanE7Cgv\/HSeKfgB9iJwdyFf7NjjTFJxOJ97KS+l\/PKf9a18l3iaN5nJnghazHfHKEIKPn0HUVm3aObaE37OE9YqPGRma1S+RTM74dXif+0iSSxDn0pj9FkMiEQhhwpKbZTwe6Rma+4mOaI3ffuaHFUQVI8eXrEh+32DbHqMURzga2ro8v5i96gY1ciGkt1ZKxVQHtAE9OT+s6wAs73rZCIoOezZo+1KrVH7lB8hs8iOneE0L\/y6HC8+CcpW696ea\/DwvQ2tYNSWxpHpRJBTogcPPFvz\/JG8q5LoWYz72aAau8oktbMc6sSw0wvxuz+4U931T+em51myJo4clNg6LXF++UJQkliZN3hFE3O0tNGniBKUyvZgZmc0CNjtTLc8\/ZGXdg7xAG9Hjl3VmLLbM5WeOqL8TcK2Oeio8KKXsWMMf7AO+FdYDkljioQ+V5Qz8eH+h4xam36OSGGk5v3\/GNChk4FGOoQa4ijz2zszw+La3NZOKMSqptdUgOYI6FWf7M6sz7tf7JOUwip+aQGPtcm1foaIABYTdjML2VjP6Hcf\/1r70k0Ttw1rBM2IqlKSMaXND\/ec3Tk6NvJuEMY0EkTO0kTRAdNe4OZJcte4lcpscyHxPkJA8sMwRyvrFOKuPqtc2NjwlQ2YY9tFx4sKtOpW6nF3YS3ubg9R3r1ALqOAKY\/5U18nRRWLef9TQiY8FsY7G6xDGexOezRiClEKIbz5gVQJw1mk\/mcShj2MW0Ac8Q0kmGFKCYDV6OQ+geveBLyU8R+uCOvnOb5w+\/aGvsBXAaTSK+j+vi3gI\/HhBqiEFZi5p9\/f7p\/63KWDJj7Vsd2ZjEQvevv8UvW9uvUJhZhGLElPvqAriqFpbe+2mdQBgaaQ88tr1Fuyoa0Zlyyqh0PRvf\/yxvnK0ejXYMInzDkRlKob3hl0ePhIXSMzbF5Dl3m2bVuw55wrv237UgiMxWHEzLXJ1lRUsE1jIqwDYxVBCTuJvvRTB4202iSO4ttzvmtcJJdOlCIyXlaL9KqFDahV7QkiN7WINK+2N+e+MF1io4CBCZ99qYxBObgrwqN1nWX3m95zZSEOYMec+DllH8BIz3ITrdJeTFQPDq4g\/PLibA8xb09JTUNkBP9+U2uCDbLGlhoBhzk16Pij5N0+pNGo1aPHnFJ80gLAso2DjQoNRFL48qTAyFGpm8IxJY64EWb53MpBBQbeOT1fmrEmf1fBnhu4mvqfKzeuVLaGhNx4BlVxMZ+LegQl93Pg20Jfxlv49gWWgAbQfGZNM4rJNEFKqR558JjHh881qe\/l0j9fRye56kq1WM64J9tCLro4yNBiPhBj1+v0BJi8iU7LO6QlXCv7Ij1sPoibxCA6cU1JKDIW3h9Y8BuWhQe2fpDs+s2IrH1HGTu7dy9+BL6QUEpi3NT6Bvk3D\/TJN+gYMqXRvHeFoURMw9Ts93HcCIlWEiqbAial\/D\/xIqTsIeCek+QG\/5qCErLGThsJn935F9SpY1jGa8zSvM6FTdO2luwW9DMl41Wy3+ZsHBaekN9lTeMrL80eoGTeY+XCBiQfXUZFcQCy7Z8W44QiJsAvZCBU8\/wBFjVN9twIjHZZaS8zwalMD\/UNlmECLxDGj5M\/hKOspYOly6Sp5vumu0Snr8il2oI+s2vbxw8HlhThk9mwJoQuiy1qxxXui8kJh1oQvS3v1wlirdDTLVG12LB2POxFe0j4Pz3yBl8nkDNEY2g8UrpwkU0q7\/lEIpg9ypV4C2FKuxS9bRiUgypJamzPSI4Gp0\/DdFoAUDR8WleXzgmUB9tD8BDCsNQJU1Ad5xy6EWbn4B04HbwiUJpzYi39J2Bmm408sEuoF2"}
00428{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":430696,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GbFAAEAG48LAqABnHw1dNISOAbu\/fxfTrHh2PIAQAZo9dwAAAQEICgAD7nhbTGvd"}
00626{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":431001,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADDYWlAAFUGhnsfDV00wKgAZwG7hI6seHY8v38X04AYAHZQJQAAAQEICltMa90AA+5hpaN2iHfEdv\/X3pr2Xt6PWOrdWTYMlE+JBgtriQdQqsJJVEdRWj83ZvHQme+6V9l\/gV9Dtaxw1VeeFseSZYUkAyBGMPIcSJ2+VNcYH0iI1HitOwXV9j0T62qHHtMw7FKCliiHdkIsZrHHF8Y\/sTvDmt0\/hraFG9jcmj50TyPHVMKujRCQwbDTNeRqyqJKlkw="}
@@ -151,101 +151,101 @@
00427{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0l5NAAEAGZeDAqABnHw1dNISPAbuBQINCqOzQcIAQAaM9dwAAAQEICgAD7nhbGGy9"}
01457{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432649,"pkt_caplen":817,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":817,"pkt_l4_len":783,"pkt":"QPMIw47hABsv8H60CABFAAMju1lAAFUGKisfDV00wKgAZwG7hI+o7NBwgUCDQoAYAFwalAAAAQEIClsYbL0AA+5iwU7OL1BOP6W+69MgTa7kJMvrDZwAERif7IXm0\/yV8DuwvtM4NO7zugIMxMw1qvCTQPzrrJT29ccXkpQ0gfaqUrfaqdIFj1GaQH3ra\/gtamUIA268LhAuVYmf98h1gRhDYy2bfU4CC5g++OIIWcxEbUQc7vMPXgSou+YzZCg7luSplAYGSPKUGK\/PJoQe5bjUbI\/NPyCnmM\/ueb6Hb1dFVRmRUExkvd0enYSXuuv+PJJ4USY2VJV3efw+86gMy3461uCYXLV2o+TDy3MpUjucuwJwHOLnxdwX8QCxXJt4yZ+rWEfA7Cl7c8y5oTV7ebOeXrbxTjNHPK0ErgwNBkr0jm66tobzD3zUhrAxVXql8gPKU9oucHClBn4qVOD8GNw0n\/DT09nm+zx5TYolgqIr7oiWSJOcx3+8CXMVSecU5xN1eB1fZJq6U\/wc\/ZK587DNV1PRcq3Ug+eAOPwfiSZs+438nOHGTt4aX\/l7opTQAA10ZB2DufcAmWttpEc3hcOPkdjHfeffvB5esznyyVJGswMTlRarGNfUNQzr2ZwbQNEy3Gfl2aR8fgqwFlSWpJeVoqbNpU2\/w0YL7L+V1IrAKa1WB5UBQFTrmSNJ\/femg3728O\/9VV4Hn4LD8UYj4DVe7jU03hs2pjwcrb7gmFS7kTknZO3DuUT9fgJsy6KURhO+K\/8bThHqal\/Z8W3tw4RMe3sSaXjMHvQH2Hvdll3Ch\/40F0Eh\/pxQQdhu\/LLe0WQk6CAt9Mzwq1qW+QzgpV4WNltE\/SD9vm2\/ueK1866ka7KdUUGT4SkpFxF144b+bn4RakrsbmW2f3wIOhFDLD3RI8GR19cpoTf68Pit8+ad0F7Hlk6KNHYS8zEXmqGwa2+wGL8oKHopuwLpj9aXPM3IH7gd2Lr+f5hiCRF\/\/tf04pVyJFShpDZF6856ekomjCHvNoRoiVBOLSL3zpb0\/lgf4dGw3F8pnLGLUOv\/1KOQtEGquL1fNZ9paVuCoNaBDg=="}
00429{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":432710,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0l5RAAEAGZd\/AqABnHw1dNISPAbuBQINCqOzTX4AQAc49dwAAAQEICgAD7nhbGGy9"}
-00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":464754,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
-00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1436720908464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00478{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":464784,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvRcAAEABOq\/AqABnwKgAZwMDE08AAAAARQAAPFm5QABABkodwKgAZ63CKBTA+AG7+Mu3wgAAAACgAjkIlxQAAAIEBbQEAggKAAPuewAAAAABAwMG"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1436720908466,"flow_last_seen":0,"flow_tot_l4_data_len":981,"flow_min_l4_data_len":981,"flow_max_l4_data_len":981,"flow_avg_l4_data_len":981,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1436720908466,"flow_last_seen":0,"flow_min_l4_payload_len":949,"flow_max_l4_payload_len":949,"flow_tot_l4_payload_len":949,"flow_avg_l4_payload_len":949,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01713{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":466005,"pkt_caplen":1015,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1015,"pkt_l4_len":981,"pkt":"ABsv8H60QPMIw47hCABFAAPpXL5AAEAGnQDAqABnHw1dNIPjAbuhtt+gEOOOT4AYCqMt2AAAAQEICgAD7nvwIEj8FwMBA7DXpbZuuL+a3+A25sPf3KC8vtrovZX7fcip20iH4gbDYKHRurDuUNBuKdxbaf8w5NnTQml9NHFuaiFV9xaPTEtRbbFB9QgL8vlHsxgX1jfO9ZT6YB1lbKI1n65g8AZltFoEnCsmCE1IOxVyjBVZQT7po2puEnrF+kDYe4098KgZgFIZStFzMtmo9XOmOfNP+iRYctfjIeGJz8jQ1lFBvHEsbbQIygOCYn9oDm7CXWwj2LvemnGFKWnWYwKY2HgH6zrHi9xUd7CDCihcewk3nTPbbyiC\/Oifk2F1KjvO+B1lmqoGqUOYx21p5F3Yy7giHbLKSW+ti05sAV0fAKz7Z8+aVWuucvLaUbW+dSKFEZubeujNKIbXr7vCkpaZCatjRYZUgGNtsk2NBSXDlVMA\/v3I+TpoH8L5Ft2TQGs+aL8gJ2KVF6O2+ZYxZ96KcyiQmukk5fWpPjyBq7B0lhl8\/l+87aNWAB+03OvN8FhYV+S\/gv75JF3N388CBkyP4ME8FRt4W55y8LCj1tqiL9fodHUaE6F0ridmX8h0+Dsd82vVVQdbomtwYWVDLtEOA4gG2jJjDPllVf5J8xmFGHsA6M\/TDTHEfu8LTRQc1d6jnJGUH9Eeq7GjZHoFXfcfkpY9BGbqJWKidAdwRrWxc1XI2wcOmTiqvy3W0kHXHGHBqtUOPHt80fdZz3Php0HqhVjapNrBUUzl1zXCtqo+\/D90yVXLpIbqbzqp1UOs3uY9nrVZKeWZAphdT0b38N153F9QCQaE1j\/B3yRInHVxnxDr8\/wXaBQutJGt+fT8YapiNjDh2B5Fe\/VzJjaUK9\/s\/F4+YAkFfcLJJgpkyZ1FyjpKFDmEKLJS\/hWon3VkTkSPBJyUnbR06ETQWOqnwWcQKPcsS14LaHbhuVhKdt2tBBxQtcd0OoPW2aLOEDh9uAs1wndQ8cDwLHeWOSYDiwyq7hmF978JHTDY5T9UPy1BfhkIGr1397oeYW8tQLiHwwHKS6l11zZwAq8rb2bsBNkrNvLFUBdxAJWO7YtLy1slqNoFAyDdp7eKwmaP317WVsHGvyiwNdASVNzu1pbccCR6AgqCnTrbOntDjyNK4u2jrQuFCeBAMKVe19ptimavwWdWcfiYh6zgKaavEskV4nXhC01pvDJfX\/uuk2wAy46ocrpdos3RqXm7EpLF72d506O+IxXSSlwIplmFgawKqTtoIASL2SkYHX0Y3wKxf+vCHqdiD1nEkmvwUYQ8dkrjuTHBA1bDvg=="}
00427{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":518251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0kN9AAFUGV5QfDV00wKgAZwG7g+MQ445PobbjVYAQANn+UgAAAQEICvAgscMAA+57"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1436720908521,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1436720908521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":521089,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y1AAEAGBcbAqABnLiFGoJehAFBl4Bu99+Pb34ARFTc19wAAAQEICgAD7oGa3vT1"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":523744,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICMgTADUANxLxN7ABAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1436720908523,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":524019,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oFAAEARewHAqABnCAgICINDADUANycOb2MBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1436720908531,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1436720908524,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1436720908531,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":531495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKZAAEAG2ADAqABnUlUaueJuAFA8SfXPvvA\/t4ARCm0uRAAAAQEICgAD7oJZ6tXr"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":533449,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABsv8H60QPMIw47hCABFAABL7oJAAEARewDAqABnCAgICGesADUANyZVhbMBAAABAAAAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1436720908533,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":542421,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0lYxAADkGdmcuIUagwKgAZwBQl6H349vfZeAbvoARAeZr3wAAAQEICprfXG4AA+6B"}
00428{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":542604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0\/y5AAEAGBcXAqABnLiFGoJehAFBl4Bu+9+Pb4IAQFTc19wAAAQEICgAD7oOa31xu"}
00427{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":567720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0dopAADkGnRxSVRq5wKgAZwBQ4m6+8D+3PEn10IARAgj5iQAAAQEIClnq8RsAA+6C"}
00430{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":567842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0NKdAAEAG1\/\/AqABnUlUaueJuAFA8SfXQvvA\/uIAQCm0uRAAAAQEICgAD7oVZ6vEb"}
00751{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":570222,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"QPMIw47hABsv8H60CABFAAEjliwAADgRGn8ICAgIwKgAZwA1yBMBD5NUN7CBgAABAAoAAAAAEGlnY2RuLXBob3Rvcy1oLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAZACoQaWdjZG4tcGhvdG9zLWgtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAADHJABYFYTE0MDgGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGrsBxAAEAAQAAABMABC4hRqHAcQABAAEAAAATAAQuIUawwHEAAQABAAAAEwAELiFGpsBxAAEAAQAAABMABC4hRo\/AcQABAAEAAAATAAQuIUagwHEAAQABAAAAEwAELiFGqcBxAAEAAQAAABMABC4hRrc="}
-00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":55,"flow_max_l4_data_len":271,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1436720908572,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":360,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-h-a.akamaihd.net","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.174"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1436720908572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":572816,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8iDpAAEAGfKPAqABnLiFGrq4OAbuyG2a8AAAAAKACOQg2DQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00622{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":575624,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADD9CwAADgRvN4ICAgIwKgAZwA1g0MAr7pub2OBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1hLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAAhACoQaWdjZG4tcGhvdG9zLWEtYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFRcABYFYTEwMDEGZHNwdzQwBmFrYW1hacAmwHEAAQABAAAAEwAEUlUamsBxAAEAAQAAABMABFJVGpk="}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":55,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1436720908576,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-a-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.85.26.154"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1436720908576,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":576723,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8nwVAAEAGbbjAqABnUlUamqDdAbvgTnGDAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1436720908577,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1436720908577,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":577363,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8GZtAAEAG8yLAqABnUlUamqDeAbviOvcdAAAAAKACOQguLQAAAgQFtAQCCAoAA+6GAAAAAAEDAwY="}
00622{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":579988,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"QPMIw47hABsv8H60CABFAADD9DAAADgRvNoICAgIwKgAZwA1Z6wAr0GdhbOBgAABAAQAAAAAEGlnY2RuLXBob3Rvcy1nLWEIYWthbWFpaGQDbmV0AAABAAHADAAFAAEAAAA3ACoQaWdjZG4tcGhvdG9zLWctYQhha2FtYWloZANuZXQJZWRnZXN1aXRlwCbAOwAFAAEAAFQ9ABYFYTEwMDcGZHNwdzQzBmFrYW1hacAmwHEAAQABAAAAEwAELiFGiMBxAAEAAQAAABMABC4hRo4="}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":55,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1436720908581,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"igcdn-photos-g-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"46.33.70.136"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1436720908581,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":581361,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABsv8H60QPMIw47hCABFAAA8pvhAAEAGXgvAqABnLiFGiO3sAbtrdUh\/AAAAAKACOQg15wAAAgQFtAQCCAoAA+6HAAAAAAEDAwY="}
00440{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":594270,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC94uIUauwKgAZwG7rg7lq\/ivshtmvaASOJCK2QAAAgQFlgQCCAquiQq2AAPuhgEDAwU="}
00427{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":594484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iDtAAEAGfKrAqABnLiFGrq4OAbuyG2a95av4sIAQAOU2BQAAAQEICgAD7oiuiQq2"}
01038{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":596986,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"pkt":"ABsv8H60QPMIw47hCABFAAH2iDxAAEAGeufAqABnLiFGrq4OAbuyG2a95av4sIAYAOVksQAAAQEICgAD7oiuiQq2FgMBAb0BAAG5AwFVop8Msco7JTYCiSEgd5WJ6x+wAZ09x9pH2BTgSj6HeiAsyBjUAkvNj+Oeiua6fMd0i3Te2wBseBO7KkfIYnjxtQBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAASoAAAAiACAAAB1pZ2Nkbi1waG90b3MtaC1hLmFrYW1haWhkLm5ldAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwDAgpVMjhoyukvbzvvgY8vKz+CVeFzcF\/g\/VPAKm5BNPcEPZvcKEyInje21R26PDrL8bgtYDZ3N9U9y5AXbnH7jp0cPyRAfWjA4cSGxi6h4zhjIqjk5h+7xiaMe9xN6RSCAZQUZ6fmY2fdoTp8v32IaNBDsu8cfAr9L6MK8is0ChbSYf3ZmxGQXC+FeEH\/YYAM86nfFaXHSgF53711tVoXkoJQDN\/pSPqcebe7sZk6+jIr\/+yFd3LQbo6ok\/ZYVZAVO"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_tot_l4_data_len":594,"flow_min_l4_data_len":32,"flow_max_l4_data_len":482,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1436720908572,"flow_last_seen":1436720908596,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":603242,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGDAQuIUaIwKgAZwG77ezRfJMua3VIgKASOJCHDAAAAgQFlgQCCArOjo1YAAPuhwEDAwU="}
00427{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":603425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvlAAEAGXhLAqABnLiFGiO3sAbtrdUiA0XyTL4AQAOU13wAAAQEICgAD7onOjo1Y"}
00778{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":606294,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"ABsv8H60QPMIw47hCABFAAE2pvpAAEAGXQ\/AqABnLiFGiO3sAbtrdUiA0XyTL4AYAOW8wAAAAQEICgAD7onOjo1YFgMBAP0BAAD5AwFVop8MQRa\/LNGPcOhfcnf+rMAKLSf4OFV0ZRHxry69ZyCXpJ10n72tSFpYW4ZT6kMvwtZuo9Q9LTXctqN9z+ZxLABGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAGoAAAAiACAAAB1pZ2Nkbi1waG90b3MtZy1hLmFrYW1haWhkLm5ldAALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_tot_l4_data_len":402,"flow_min_l4_data_len":32,"flow_max_l4_data_len":290,"flow_avg_l4_data_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1436720908581,"flow_last_seen":1436720908606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":258,"flow_tot_l4_payload_len":258,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":615114,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN0D2rVm4E5xhKASOJDLywAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00428{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":615266,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwZAAEAGbb\/AqABnUlUamqDdAbvgTnGEA9q1Z4AQAOUuJQAAAQEICgAD7opUeSUG"}
00439{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":616060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGE75SVRqawKgAZwG7oN5hmBQZ4jr3HqASOJCH0wAAAgQFlgQCCApUeSUGAAPuhgEDAwU="}
00427{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":616151,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZxAAEAG8ynAqABnUlUamqDeAbviOvceYZgUGoAQAOUuJQAAAQEICgAD7opUeSUG"}
00735{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":617006,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"ABsv8H60QPMIw47hCABFAAEWnwdAAEAGbNzAqABnUlUamqDdAbvgTnGEA9q1Z4AYAOWB4wAAAQEICgAD7opUeSUGFgMBAN0BAADZAwFVop8M+5Fn2JtR0XC3DjC1k6QlRCdk+PzEKMeFZf\/I9AAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABqAAAAIgAgAAAdaWdjZG4tcGhvdG9zLWEtYS5ha2FtYWloZC5uZXQACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAA=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_tot_l4_data_len":370,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1436720908576,"flow_last_seen":1436720908617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00734{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":619081,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"ABsv8H60QPMIw47hCABFAAEWGZ1AAEAG8kbAqABnUlUamqDeAbviOvceYZgUGoAYAOU9twAAAQEICgAD7otUeSUGFgMBAN0BAADZAwFVop8Mx+4o5JlDiMj20RJ7KJRI3UtRsi0RYXWiY3UJSAAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABqAAAAIgAgAAAdaWdjZG4tcGhvdG9zLWEtYS5ha2FtYWloZC5uZXQACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARACMAAA=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_tot_l4_data_len":370,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1436720908577,"flow_last_seen":1436720908619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":623750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA08nxAADkGGWkuIUauwKgAZwG7rg7lq\/iwshtof4AQAebuTQAAAQEICq6JCtQAA+6I"}
00427{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":630189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0HkFAADkG7couIUaIwKgAZwG77ezRfJMva3VJgoAQAebrQwAAAQEICs6OjXMAA+6J"}
02331{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":633180,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+HkJAADkG6D8uIUaIwKgAZwG77ezRfJMva3VJgoAQAeZbzQAAAQEICs6OjXUAA+6JFgMBADwCAAA4AwFVop8MTSgOmRsGnYvnerNu9wOXoR6rDvIGOgk4ZR+S5gDAFAAAEAAAAAAACwAEAwABAgAjAAAWAwEPDAsADwgADwUABcAwggW8MIIEpKADAgECAhQDvzrvL6J8lrjKj7lZzTMsnVARODANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTAeFw0xNTA2MTkxNjUyMDdaFw0xNjA2MTkxNjUyMDVaMG0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2FtYnJpZGdlMSEwHwYDVQQKExhBa2FtYWkgVGVjaG5vbG9naWVzIEluYy4xGjAYBgNVBAMTEWEyNDguZS5ha2FtYWkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aLEkOCQxkE0nfPVlfraw4G75O4JEeSlRW1zKhn5OiCejRRPF7ha04I80NXzpLA\/tzpstXo66tMUibKsHLYIbVtB8oSIpx86xKeq8BolyxN4B3v7BC9fc17tGdJU7Peb7OkU88pTRhVUiOQfvI8YxMU1ycyxtn6L7yF1rVXpUgiMR9xIoMePtrmHwmxFPiBjj1Fi5Deam4+Aue4XAh05FsmKa2n86yrVmRetbT\/bKRPBfUurOVaNWUO7f4FxfiiKmog7COy88Nhe6EsJTSdmB7kg3i+QgczeqMi7d8Ymw17IODXgorClqRQIGdTIXnMhC63ChKRXycZZACQbVGFPKwIDAQABo4ICMTCCAi0wDAYDVR0TAQH\/BAIwADBMBgNVHSAERTBDMEEGCSsGAQQBsT4BMjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3NlY3VyZS5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTCBrwYIKwYBBQUHAQEEgaIwgZ8wLQYIKwYBBQUHMAGGIWh0dHA6Ly92YXNzZzE0MS5vY3NwLm9tbmlyb290LmNvbTA2BggrBgEFBQcwAoYqaHR0cHM6Ly9jYWNlcnQuYS5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3J0MDYGCCsGAQUFBzAChipodHRwczovL2NhY2VydC5hLm9tbmlyb290LmNvbS92YXNzZzE0MS5kZXIwbgYDVR0RBGcwZYIRYTI0OC5lLmFrYW1haS5uZXSCDiouYWthbWFpaGQubmV0ghYqLmFrYW1haWhkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCFyouYWthbWFpemVkLXN0YWdpbmcubmV0MA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU3WyAfLq1MhelhEFA8NIEZhMvqZAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL3Zhc3NnMTQxLmNybC5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3JsMB0GA1UdDgQWBBQDtkqcgAxgGIgKZM2uKGKKemzAGDANBgkqhkiG9w0BAQUFAAOCAQEAHGTOw3ZNjCn8dtE8JINXjj53IQ7Wg\/FCuS4hnRSWwVNJ6BYgU0Dy5QG33wEHd0lt6lMQyQAFD7vIIR04nAd4nAqt4ZGRi5X5qOQCZOIVC6l\/E7gDrpXFRUcz+2XdMLxszJa7w7xSd3QDhqud3BZvBEm5n488th5bl+k="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_tot_l4_data_len":1884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1436720908581,"flow_last_seen":1436720908633,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1676,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
00427{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":633272,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvtAAEAGXhDAqABnLiFGiO3sAbtrdUmC0XyYuYAQARI13wAAAQEICgAD7ozOjo11"}
02337{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":633943,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+HkNAADkG6D4uIUaIwKgAZwG77ezRfJi5a3VJgoAQAeYJdgAAAQEICs6OjXUAA+6J8Y7pulnadtR8pnrOL17YZmIG\/8EYYPitHjHTuu4GsnUaDwVqqWF6J+umvfd8Bccsu\/3\/LR60tbSpz5FbDp7j3pT6lbaZJr7lfCcD6biW+hdrheke7dTjQZ\/bvol27eiGhcGGHSkrF9EsC88HzYpSiZPhcnnFMX3x+jTO2TeUUAtxx0nIassABSMwggUfMIIEB6ADAgECAgQHJ6RqMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTQwNDAyMTQzMjQ1WhcNMjEwNDAyMTQzMTM5WjCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHrLTWbDGRsyost1Tm2M7T8SQoWeNeoPTcQAnbb19tPnFZLoWm0Sy1K40P2bxYIte90RY90VhYrFaUWTH1vCpm0IOeKe5xG6a4x+xNP8JcWYeO6K6Uk2NxLlsG+06u\/ZthEJvkWlu2cNizfKTQqtT0T0rFBLVOTy7V0KAb0Y41e3rKoG9d9TyRmM+3GirCEbsYJWpYoBozkUcuhxUu730Q\/ClrDVhGL9TyV2wl71jSIUaL9S6pJFHepsSSrJU9inLn5yQctEMhwtxixVjIdP6mCUqewsmEkal+MdPYseCwgWXALds78UK1S65yiRTaai4EbTf9MdpveKez1veYIXusCAwEAAaOCAbcwggGzMBIGA1UdEwEB\/wQIMAYBAf8CAQIwTAYDVR0gBEUwQzBBBgkrBgEEAbE+ATIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly9zZWN1cmUub21uaXJvb3QuY29tL3JlcG9zaXRvcnkwgboGCCsGAQUFBwEBBIGtMIGqMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdDA5BggrBgEFBQcwAoYtaHR0cHM6Ly9jYWNlcnQub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QuY3J0MDkGCCsGAQUFBzAChi1odHRwczovL2NhY2VydC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdC5kZXIwDgYDVR0PAQH\/BAQDAgHGMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jZHAxLnB1YmxpYy10cnVzdC5jb20vQ1JML09tbmlyb290MjAyNS5jcmwwHQYDVR0OBBYEFN1sgHy6tTIXpYRBQPDSBGYTL6mQMA0GCSqGSIb3DQEBBQUAA4IBAQBYQSL\/TUJVrsgGh0U\/i1nTBzmasqCRgdIMwWdPT3EoWpAcaTqa9pvACPRaIolV32+vRbiiE3kYtarTwv7LcHOFJVvVzG8GkKnYr3aOdAdQgxBNHXkwltnpAh\/jIdbs0jwwLLVTyRKn8sNj7var++B7hf2E1ltXUDj00xkpPhHwZkDkn8G78GzibyQ+pms3IfUnu6cCIrn8Q9rtEw\/ngzZVkXoAHNb4GWw6D0Rzk5XKAdbmX4VHGid+BRI0nUjNlwSEOnX6dhSYXahpa9n27dHGyh8dw2KpxfAxTTNviyY="}
00428{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":634035,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0pvxAAEAGXg\/AqABnLiFGiO3sAbtrdUmC0XyeQ4AQAT813wAAAQEICgAD7ozOjo11"}
02129{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":634645,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"pkt":"QPMIw47hABsv8H60CABFAAUgHkRAADkG6NsuIUaIwKgAZwG77ezRfJ5Da3VJgoAYAeZZWwAAAQEICs6OjXUAA+6JkUtADfHn0Kc7j6cynd6dqXEQ3\/RHTMctqSE0jukLbznxyQAEGTCCBBUwggN+oAMCAQICBAcnju0wDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMjA0MTgxNjM2MThaFw0xODA4MTMxNjM1MTdaMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjBLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGdwEErAVJ7iHfTHI\/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g\/ramBfy03QdZAtRZGJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X\/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJghXAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr\/8no5dKoanTZDcJxo5AgMBAAGjggFHMIIBQzASBgNVHRMBAf8ECDAGAQH\/AgEDMEoGA1UdIARDMEEwPwYEVR0gADA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCAQYwgYkGA1UdIwSBgTB\/oXmkdzB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290ggIBpTBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vY2dpLWJpbi9DUkwvMjAxOC9jZHAuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAJMd\/ouuRuzLqQ+r5e\/KsmgWaNiP+hOpr7PLLedLbo5pKsIrEAqN9q5ztrn7FP1fbbhQtsSK1kB+18PLc9zJXVuvsEG1N+vq3CCRxDRq9KHzlp03hpfhcaTdffpEhJSu1wkEInYPZFE1qSQP+QvbMtrC\/sG5Klx6JxPKsUg6cdBDFgMBAUsMAAFHAwAXQQRJs9Ttlh\/4P8ug1T6ydcys5Ye5naBIakCRbLJHiB1syoO5PP5LCRnbvokcUGGdgxa19O9bm7kmeC9R7Csr13PaAQCaYHLiJaL2lqz\/Qa7u\/DN\/oHzRFTarjtpGqMwFOTs0ydKwjb0UWCpDlpczcnhgoapSdFCe2el5Jl4GXsEcSqMbdG6F7BXWBV8\/BngmQ97YsblqRG3DKOSBh0FKe2WD"}
-01227{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_tot_l4_data_len":4690,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01238{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":385,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":10,"flow_first_seen":1436720908581,"flow_last_seen":1436720908634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4354,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-g-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00428{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":634706,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0pv1AAEAGXg7AqABnLiFGiO3sAbtrdUmC0XyjL4AQAWw13wAAAQEICgAD7ozOjo11"}
00660{"flow_id":24,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":635927,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"QPMIw47hABsv8H60CABFAADfHkVAADkG7RsuIUaIwKgAZwG77ezRfKMva3VJgoAYAeZpsQAAAQEICs6OjXUAA+6Jej2sNRDNQIdNG6VR7td2+0Sd2ApiuLVkgpTcP7yA60mXJoaj7HjfK98r1oit6MVz\/f2Zy5aXFecMMdHZG9mN+bU0+XJuNGn3ufs984iKn55U37SjXhAuRMQUiLliS1sQ+macYpc1gr17pikpO3Bh0w0lB27Q89c+Fu5zYrx3WC7Dfxl29aXxHhoonj2NBKCv2blajkD5FA2z0IluPib7xyvwFgMBAAQOAAAA"}
00428{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":636018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0pv5AAEAGXg3AqABnLiFGiO3sAbtrdUmC0Xyj2oAQAZk13wAAAQEICgAD7ozOjo11"}
02333{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":636842,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+8n1AADkGE94uIUauwKgAZwG7rg7lq\/iwshtof4AQAeYMfQAAAQEICq6JCtwAA+6IFgMBAFgCAABUAwFVop8Mskr3ezetWBxwT6vdhwQ4dx7V4n4N5aYnSKZJoyBdvlouYcTOnj3IZYFG9CgWwd\/\/6RsLmdFe8yJKUEhhi8AUAAAMAAAAAAALAAQDAAECFgMBDwwLAA8IAA8FAAXAMIIFvDCCBKSgAwIBAgIUA7867y+ifJa4yo+5Wc0zLJ1QETgwDQYJKoZIhvcNAQEFBQAwgY0xCzAJBgNVBAYTAk5MMRIwEAYDVQQHEwlBbXN0ZXJkYW0xJTAjBgNVBAoTHFZlcml6b24gRW50ZXJwcmlzZSBTb2x1dGlvbnMxEzARBgNVBAsTCkN5YmVydHJ1c3QxLjAsBgNVBAMTJVZlcml6b24gQWthbWFpIFN1cmVTZXJ2ZXIgQ0EgRzE0LVNIQTEwHhcNMTUwNjE5MTY1MjA3WhcNMTYwNjE5MTY1MjA1WjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTUExEjAQBgNVBAcTCUNhbWJyaWRnZTEhMB8GA1UEChMYQWthbWFpIFRlY2hub2xvZ2llcyBJbmMuMRowGAYDVQQDExFhMjQ4LmUuYWthbWFpLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANmixJDgkMZBNJ3z1ZX62sOBu+TuCRHkpUVtcyoZ+Togno0UTxe4WtOCPNDV86SwP7c6bLV6OurTFImyrBy2CG1bQfKEiKcfOsSnqvAaJcsTeAd7+wQvX3Ne7RnSVOz3m+zpFPPKU0YVVIjkH7yPGMTFNcnMsbZ+i+8hda1V6VIIjEfcSKDHj7a5h8JsRT4gY49RYuQ3mpuPgLnuFwIdORbJimtp\/Osq1ZkXrW0\/2ykTwX1LqzlWjVlDu3+BcX4oipqIOwjsvPDYXuhLCU0nZge5IN4vkIHM3qjIu3fGJsNeyDg14KKwpakUCBnUyF5zIQutwoSkV8nGWQAkG1RhTysCAwEAAaOCAjEwggItMAwGA1UdEwEB\/wQCMAAwTAYDVR0gBEUwQzBBBgkrBgEEAbE+ATIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly9zZWN1cmUub21uaXJvb3QuY29tL3JlcG9zaXRvcnkwga8GCCsGAQUFBwEBBIGiMIGfMC0GCCsGAQUFBzABhiFodHRwOi8vdmFzc2cxNDEub2NzcC5vbW5pcm9vdC5jb20wNgYIKwYBBQUHMAKGKmh0dHBzOi8vY2FjZXJ0LmEub21uaXJvb3QuY29tL3Zhc3NnMTQxLmNydDA2BggrBgEFBQcwAoYqaHR0cHM6Ly9jYWNlcnQuYS5vbW5pcm9vdC5jb20vdmFzc2cxNDEuZGVyMG4GA1UdEQRnMGWCEWEyNDguZS5ha2FtYWkubmV0gg4qLmFrYW1haWhkLm5ldIIWKi5ha2FtYWloZC1zdGFnaW5nLm5ldIIPKi5ha2FtYWl6ZWQubmV0ghcqLmFrYW1haXplZC1zdGFnaW5nLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFN1sgHy6tTIXpYRBQPDSBGYTL6mQMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly92YXNzZzE0MS5jcmwub21uaXJvb3QuY29tL3Zhc3NnMTQxLmNybDAdBgNVHQ4EFgQUA7ZKnIAMYBiICmTNrihiinpswBgwDQYJKoZIhvcNAQEFBQADggEBABxkzsN2TYwp\/HbRPCSDV44+dyEO1oPxQrkuIZ0UlsFTSegWIFNA8uUBt98BB3dJbepTEMkABQ+7yCEdOJwHeJwKreGRkYuV+ajkAmTiFQupfxO4A66VxUVHM\/tl3TA="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_tot_l4_data_len":2076,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1436720908572,"flow_last_seen":1436720908636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1868,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
00428{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":636964,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iD1AAEAGfKjAqABnLiFGrq4OAbuyG2h\/5av+OoAQARI2BQAAAQEICgAD7oyuiQrc"}
02342{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638429,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+8n5AADkGE90uIUauwKgAZwG7rg7lq\/46shtof4AQAeYfLQAAAQEICq6JCtwAA+6IvGzMlrvDvFJ3dAOGq53cFm8ESbmfjzy2HluX6fGO6bpZ2nbUfKZ6zi9e2GZiBv\/BGGD4rR4x07ruBrJ1Gg8Faqlheifrpr33fAXHLLv9\/y0etLW0qc+RWw6e496U+pW2mSa+5XwnA+m4lvoXa4XpHu3U40Gf276Jdu3ohoXBhh0pKxfRLAvPB82KUomT4XJ5xTF98fo0ztk3lFALccdJyGrLAAUjMIIFHzCCBAegAwIBAgIEByekajANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE0MDQwMjE0MzI0NVoXDTIxMDQwMjE0MzEzOVowgY0xCzAJBgNVBAYTAk5MMRIwEAYDVQQHEwlBbXN0ZXJkYW0xJTAjBgNVBAoTHFZlcml6b24gRW50ZXJwcmlzZSBTb2x1dGlvbnMxEzARBgNVBAsTCkN5YmVydHJ1c3QxLjAsBgNVBAMTJVZlcml6b24gQWthbWFpIFN1cmVTZXJ2ZXIgQ0EgRzE0LVNIQTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR6y01mwxkbMqLLdU5tjO0\/EkKFnjXqD03EAJ229fbT5xWS6FptEstSuND9m8WCLXvdEWPdFYWKxWlFkx9bwqZtCDninucRumuMfsTT\/CXFmHjuiulJNjcS5bBvtOrv2bYRCb5FpbtnDYs3yk0KrU9E9KxQS1Tk8u1dCgG9GONXt6yqBvXfU8kZjPtxoqwhG7GCVqWKAaM5FHLocVLu99EPwpaw1YRi\/U8ldsJe9Y0iFGi\/UuqSRR3qbEkqyVPYpy5+ckHLRDIcLcYsVYyHT+pglKnsLJhJGpfjHT2LHgsIFlwC3bO\/FCtUuucokU2mouBG03\/THab3ins9b3mCF7rAgMBAAGjggG3MIIBszASBgNVHRMBAf8ECDAGAQH\/AgECMEwGA1UdIARFMEMwQQYJKwYBBAGxPgEyMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vc2VjdXJlLm9tbmlyb290LmNvbS9yZXBvc2l0b3J5MIG6BggrBgEFBQcBAQSBrTCBqjAyBggrBgEFBQcwAYYmaHR0cDovL29jc3Aub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QwOQYIKwYBBQUHMAKGLWh0dHBzOi8vY2FjZXJ0Lm9tbmlyb290LmNvbS9iYWx0aW1vcmVyb290LmNydDA5BggrBgEFBQcwAoYtaHR0cHM6Ly9jYWNlcnQub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QuZGVyMA4GA1UdDwEB\/wQEAwIBxjAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY2RwMS5wdWJsaWMtdHJ1c3QuY29tL0NSTC9PbW5pcm9vdDIwMjUuY3JsMB0GA1UdDgQWBBTdbIB8urUyF6WEQUDw0gRmEy+pkDANBgkqhkiG9w0BAQUFAAOCAQEAWEEi\/01CVa7IBodFP4tZ0wc5mrKgkYHSDMFnT09xKFqQHGk6mvabwAj0WiKJVd9vr0W4ohN5GLWq08L+y3BzhSVb1cxvBpCp2K92jnQHUIMQTR15MJbZ6QIf4yHW7NI8MCy1U8kSp\/LDY+72q\/vge4X9hNZbV1A49NMZKT4R8GZA5J\/Bu\/Bs4m8kPqZrNyH1J7unAiK5\/EPa7RMP54M2VZF6ABzW+BlsOg9Ec5OVygHW5l+FRxonfgUSNJ1IzZcEhDo="}
00428{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638521,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iD5AAEAGfKfAqABnLiFGrq4OAbuyG2h\/5awDxIAQAT82BQAAAQEICgAD7oyuiQrc"}
02136{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638551,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"pkt":"QPMIw47hABsv8H60CABFAAUg8n9AADkGFHouIUauwKgAZwG7rg7lrAPEshtof4AYAeZfWwAAAQEICq6JCtwAA+6Idfp2FJhdqGlr2fbt0cbKHx3DYqnF8DFNM2+LJpFLQA3x59CnO4+nMp3enalxEN\/0R0zHLakhNI7pC2858ckABBkwggQVMIIDfqADAgECAgQHJ47tMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNMTIwNDE4MTYzNjE4WhcNMTgwODEzMTYzNTE3WjBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowS7IquYPVfoJnKatXnUKeLh6JWAsbDjW44rKZpk36Fd7bAJBW3bKC7OYqJi\/rSI2hLrOOshncBBKwFSe4h30xyPx7q5iLVqCedz6BFAp9HMymKNLeWPC6ZQ0qhQwyjq9aslh4qalhypZ7g\/DNX3+VITL8Ib1XBw8I\/AEsoGy5rh2cozenfW+Oy58WhEQkgT0sDCpK5eYP62pgX8tN0HWQLUWRiYY\/WlY+CQDH1dsgZ684Xq69QDrl6EPl\/\/Fe1pvPk5NnJ1z3dSTfPJkCy5PeXJI1M\/HySYIVwHmSm9xjrs526GOmuXdGMzvWgYMfB4jXa\/\/J6OXSqGp02Q3CcaOQIDAQABo4IBRzCCAUMwEgYDVR0TAQH\/BAgwBgEB\/wIBAzBKBgNVHSAEQzBBMD8GBFUdIAAwNzA1BggrBgEFBQcCARYpaHR0cDovL2N5YmVydHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkwDgYDVR0PAQH\/BAQDAgEGMIGJBgNVHSMEgYEwf6F5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMTgvY2RwLmNybDANBgkqhkiG9w0BAQUFAAOBgQCTHf6Lrkbsy6kPq+XvyrJoFmjYj\/oTqa+zyy3nS26OaSrCKxAKjfauc7a5+xT9X224ULbEitZAftfDy3PcyV1br7BBtTfr6twgkcQ0avSh85adN4aX4XGk3X36RISUrtcJBCJ2D2RRNakkD\/kL2zLawv7BuSpceicTyrFIOnHQQxYDAQFLDAABRwMAF0EEIvgI7KsW\/GUHI5TxPJhtywK72WozvcqGzR\/st5WMLlmckZgYf7Rx4mfJ4M\/3NCUYdLeHOaPAoHxXktgoQ+rkCQEADCC0UTjX\/QSxfr8WWS8Ww\/1PQhFOQBBGJaya+q9ot50MXJa8KAqk1WD41Los5doBEAca4AYpyLpq4w0ooF\/Y3zc\/"}
-01227{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_tot_l4_data_len":4882,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01238{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1436720908572,"flow_last_seen":1436720908638,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4546,"flow_avg_l4_payload_len":454,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-h-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"7df57c06f869fc3ce509521cae2f75ce","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00429{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iD9AAEAGfKbAqABnLiFGrq4OAbuyG2h\/5awIsIAQAWw2BQAAAQEICgAD7o2uiQrc"}
00702{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638643,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"QPMIw47hABsv8H60CABFAAD78oBAADkGGJ4uIUauwKgAZwG7rg7lrAiwshtof4AYAebhPwAAAQEICq6JCtwAA+6IYFSYv4mudxHFz5sxywWWsazXJFrgzvE0JK+52sA0dU9CLiZ3XPU5E6dDL7dHmHEkPuJ4\/Da3Zh4f9Lcgmw7U50W\/D1et\/l4S8edGh2S9NNLemgTFDCn1oQVs3NJP+re0A0XN9fbbCsoMKGyL4kcoXYy+ThQic2K2WQhBsA5O6FVtwQBG1voUB85e4vFzoES4ba43SS+d00unyRJCUtpA+7cx6dCi6nnE2pwcoMHgiBqeh+sNCtpqm5CSYwxPVhYDAQAEDgAAAA=="}
00429{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":638704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0iEBAAEAGfKXAqABnLiFGrq4OAbuyG2h\/5awJd4AQAZk2BQAAAQEICgAD7o2uiQrc"}
00427{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":656038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0kE1AADkGg3hSVRqawKgAZwG7oN0D2rVn4E5yZoAQAeYwFAAAAQEIClR5JS4AA+6K"}
02333{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":660280,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+kE5AADkGfe1SVRqawKgAZwG7oN0D2rVn4E5yZoAQAeZ0uAAAAQEIClR5JTEAA+6KFgMBADwCAAA4AwFVop8Mbf6KIecPM3lg0P\/+nBkucOuiGOinChRDmXi\/zwDAFAAAEAAAAAAACwAEAwABAgAjAAAWAwEPDAsADwgADwUABcAwggW8MIIEpKADAgECAhQDvzrvL6J8lrjKj7lZzTMsnVARODANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTAeFw0xNTA2MTkxNjUyMDdaFw0xNjA2MTkxNjUyMDVaMG0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2FtYnJpZGdlMSEwHwYDVQQKExhBa2FtYWkgVGVjaG5vbG9naWVzIEluYy4xGjAYBgNVBAMTEWEyNDguZS5ha2FtYWkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aLEkOCQxkE0nfPVlfraw4G75O4JEeSlRW1zKhn5OiCejRRPF7ha04I80NXzpLA\/tzpstXo66tMUibKsHLYIbVtB8oSIpx86xKeq8BolyxN4B3v7BC9fc17tGdJU7Peb7OkU88pTRhVUiOQfvI8YxMU1ycyxtn6L7yF1rVXpUgiMR9xIoMePtrmHwmxFPiBjj1Fi5Deam4+Aue4XAh05FsmKa2n86yrVmRetbT\/bKRPBfUurOVaNWUO7f4FxfiiKmog7COy88Nhe6EsJTSdmB7kg3i+QgczeqMi7d8Ymw17IODXgorClqRQIGdTIXnMhC63ChKRXycZZACQbVGFPKwIDAQABo4ICMTCCAi0wDAYDVR0TAQH\/BAIwADBMBgNVHSAERTBDMEEGCSsGAQQBsT4BMjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3NlY3VyZS5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTCBrwYIKwYBBQUHAQEEgaIwgZ8wLQYIKwYBBQUHMAGGIWh0dHA6Ly92YXNzZzE0MS5vY3NwLm9tbmlyb290LmNvbTA2BggrBgEFBQcwAoYqaHR0cHM6Ly9jYWNlcnQuYS5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3J0MDYGCCsGAQUFBzAChipodHRwczovL2NhY2VydC5hLm9tbmlyb290LmNvbS92YXNzZzE0MS5kZXIwbgYDVR0RBGcwZYIRYTI0OC5lLmFrYW1haS5uZXSCDiouYWthbWFpaGQubmV0ghYqLmFrYW1haWhkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCFyouYWthbWFpemVkLXN0YWdpbmcubmV0MA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU3WyAfLq1MhelhEFA8NIEZhMvqZAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL3Zhc3NnMTQxLmNybC5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3JsMB0GA1UdDgQWBBQDtkqcgAxgGIgKZM2uKGKKemzAGDANBgkqhkiG9w0BAQUFAAOCAQEAHGTOw3ZNjCn8dtE8JINXjj53IQ7Wg\/FCuS4hnRSWwVNJ6BYgU0Dy5QG33wEHd0lt6lMQyQAFD7vIIR04nAd4nAqt4ZGRi5X5qOQCZOIVC6l\/E7gDrpXFRUcz+2XdMLxszJa7w7xSd3QDhqud3BZvBEm5n488th5bl+k="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_tot_l4_data_len":1852,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1436720908576,"flow_last_seen":1436720908660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
00427{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":660371,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwhAAEAGbb3AqABnUlUamqDdAbvgTnJmA9q68YAQARIuJQAAAQEICgAD7o9UeSUx"}
02337{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":660890,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+kE9AADkGfexSVRqawKgAZwG7oN0D2rrx4E5yZoAQAeZORQAAAQEIClR5JTEAA+6K8Y7pulnadtR8pnrOL17YZmIG\/8EYYPitHjHTuu4GsnUaDwVqqWF6J+umvfd8Bccsu\/3\/LR60tbSpz5FbDp7j3pT6lbaZJr7lfCcD6biW+hdrheke7dTjQZ\/bvol27eiGhcGGHSkrF9EsC88HzYpSiZPhcnnFMX3x+jTO2TeUUAtxx0nIassABSMwggUfMIIEB6ADAgECAgQHJ6RqMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTQwNDAyMTQzMjQ1WhcNMjEwNDAyMTQzMTM5WjCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHrLTWbDGRsyost1Tm2M7T8SQoWeNeoPTcQAnbb19tPnFZLoWm0Sy1K40P2bxYIte90RY90VhYrFaUWTH1vCpm0IOeKe5xG6a4x+xNP8JcWYeO6K6Uk2NxLlsG+06u\/ZthEJvkWlu2cNizfKTQqtT0T0rFBLVOTy7V0KAb0Y41e3rKoG9d9TyRmM+3GirCEbsYJWpYoBozkUcuhxUu730Q\/ClrDVhGL9TyV2wl71jSIUaL9S6pJFHepsSSrJU9inLn5yQctEMhwtxixVjIdP6mCUqewsmEkal+MdPYseCwgWXALds78UK1S65yiRTaai4EbTf9MdpveKez1veYIXusCAwEAAaOCAbcwggGzMBIGA1UdEwEB\/wQIMAYBAf8CAQIwTAYDVR0gBEUwQzBBBgkrBgEEAbE+ATIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly9zZWN1cmUub21uaXJvb3QuY29tL3JlcG9zaXRvcnkwgboGCCsGAQUFBwEBBIGtMIGqMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdDA5BggrBgEFBQcwAoYtaHR0cHM6Ly9jYWNlcnQub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QuY3J0MDkGCCsGAQUFBzAChi1odHRwczovL2NhY2VydC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdC5kZXIwDgYDVR0PAQH\/BAQDAgHGMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jZHAxLnB1YmxpYy10cnVzdC5jb20vQ1JML09tbmlyb290MjAyNS5jcmwwHQYDVR0OBBYEFN1sgHy6tTIXpYRBQPDSBGYTL6mQMA0GCSqGSIb3DQEBBQUAA4IBAQBYQSL\/TUJVrsgGh0U\/i1nTBzmasqCRgdIMwWdPT3EoWpAcaTqa9pvACPRaIolV32+vRbiiE3kYtarTwv7LcHOFJVvVzG8GkKnYr3aOdAdQgxBNHXkwltnpAh\/jIdbs0jwwLLVTyRKn8sNj7var++B7hf2E1ltXUDj00xkpPhHwZkDkn8G78GzibyQ+pms3IfUnu6cCIrn8Q9rtEw\/ngzZVkXoAHNb4GWw6D0Rzk5XKAdbmX4VHGid+BRI0nUjNlwSEOnX6dhSYXahpa9n27dHGyh8dw2KpxfAxTTNviyY="}
00427{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":660982,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwlAAEAGbbzAqABnUlUamqDdAbvgTnJmA9rAe4AQAT8uJQAAAQEICgAD7o9UeSUx"}
02128{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":661561,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"pkt":"QPMIw47hABsv8H60CABFAAUgkFBAADkGfolSVRqawKgAZwG7oN0D2sB74E5yZoAYAebqkwAAAQEIClR5JTEAA+6KkUtADfHn0Kc7j6cynd6dqXEQ3\/RHTMctqSE0jukLbznxyQAEGTCCBBUwggN+oAMCAQICBAcnju0wDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMjA0MTgxNjM2MThaFw0xODA4MTMxNjM1MTdaMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjBLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGdwEErAVJ7iHfTHI\/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g\/ramBfy03QdZAtRZGJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X\/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJghXAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr\/8no5dKoanTZDcJxo5AgMBAAGjggFHMIIBQzASBgNVHRMBAf8ECDAGAQH\/AgEDMEoGA1UdIARDMEEwPwYEVR0gADA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCAQYwgYkGA1UdIwSBgTB\/oXmkdzB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290ggIBpTBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vY2dpLWJpbi9DUkwvMjAxOC9jZHAuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAJMd\/ouuRuzLqQ+r5e\/KsmgWaNiP+hOpr7PLLedLbo5pKsIrEAqN9q5ztrn7FP1fbbhQtsSK1kB+18PLc9zJXVuvsEG1N+vq3CCRxDRq9KHzlp03hpfhcaTdffpEhJSu1wkEInYPZFE1qSQP+QvbMtrC\/sG5Klx6JxPKsUg6cdBDFgMBAUsMAAFHAwAXQQQIXoSOSFZW8unPAYwUWxMSzEbBSIgHYsapWTXry0xfJIgf0rMt\/ATR2am5iIExw\/cQm0yJ198rvVD118Vo2uG9AQDFPhhg6zhK5qPnbZo1zAs7weWsJSjuXB4ihjLFQ49JMXs24OWZr2aCoDzd8RjwIEZbn8N\/GUW3yyF\/UYuU4GnxQqlwPoFLdXY3okcMkv+41czbgiBWSC8V0VmVEL1v"}
-01227{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_tot_l4_data_len":4658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01238{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":402,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1436720908576,"flow_last_seen":1436720908661,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00428{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":661958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwpAAEAGbbvAqABnUlUamqDdAbvgTnJmA9rFZ4AQAWwuJQAAAQEICgAD7o9UeSUx"}
00661{"flow_id":22,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":662568,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"QPMIw47hABsv8H60CABFAADfkFFAADkGgslSVRqawKgAZwG7oN0D2sVn4E5yZoAYAeZypwAAAQEIClR5JTEAA+6KhsQiwLeeuOF2Z7LxHmzYA3nlcKy7XAtNGWLkeAGLtHOKGL0jDW7S5oGEYJgH3WQ1WFfVEewvE6nCamh5eUjP0YtfQZkD1\/x4jPtnMJXki9fNSh2m3rZn0KJ+6Ak9oK8JiBwt\/XAN2Zk9Wfl3RvszQ0HLTicNdjU7IEuBMTT+Gc8tvjtkZVCVQaMp3f7oKFKuuIuB0MGZe5sRI54HdpoyRuzVFgMBAAQOAAAA"}
00428{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":662660,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0nwtAAEAGbbrAqABnUlUamqDdAbvgTnJmA9rGEoAQAZkuJQAAAQEICgAD7o9UeSUx"}
00427{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":663240,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0MTFAADkG4pRSVRqawKgAZwG7oN5hmBQa4jr4AIAQAebsFwAAAQEIClR5JTEAA+6L"}
02332{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":663820,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MTJAADkG3QlSVRqawKgAZwG7oN5hmBQa4jr4AIAQAeZ97AAAAQEIClR5JTQAA+6LFgMBADwCAAA4AwFVop8Mnoiq1cnvrDWtfxgf4NgXRtQJ6CZUM5obf8x\/SADAFAAAEAAAAAAACwAEAwABAgAjAAAWAwEPDAsADwgADwUABcAwggW8MIIEpKADAgECAhQDvzrvL6J8lrjKj7lZzTMsnVARODANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTAeFw0xNTA2MTkxNjUyMDdaFw0xNjA2MTkxNjUyMDVaMG0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJNQTESMBAGA1UEBxMJQ2FtYnJpZGdlMSEwHwYDVQQKExhBa2FtYWkgVGVjaG5vbG9naWVzIEluYy4xGjAYBgNVBAMTEWEyNDguZS5ha2FtYWkubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2aLEkOCQxkE0nfPVlfraw4G75O4JEeSlRW1zKhn5OiCejRRPF7ha04I80NXzpLA\/tzpstXo66tMUibKsHLYIbVtB8oSIpx86xKeq8BolyxN4B3v7BC9fc17tGdJU7Peb7OkU88pTRhVUiOQfvI8YxMU1ycyxtn6L7yF1rVXpUgiMR9xIoMePtrmHwmxFPiBjj1Fi5Deam4+Aue4XAh05FsmKa2n86yrVmRetbT\/bKRPBfUurOVaNWUO7f4FxfiiKmog7COy88Nhe6EsJTSdmB7kg3i+QgczeqMi7d8Ymw17IODXgorClqRQIGdTIXnMhC63ChKRXycZZACQbVGFPKwIDAQABo4ICMTCCAi0wDAYDVR0TAQH\/BAIwADBMBgNVHSAERTBDMEEGCSsGAQQBsT4BMjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3NlY3VyZS5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTCBrwYIKwYBBQUHAQEEgaIwgZ8wLQYIKwYBBQUHMAGGIWh0dHA6Ly92YXNzZzE0MS5vY3NwLm9tbmlyb290LmNvbTA2BggrBgEFBQcwAoYqaHR0cHM6Ly9jYWNlcnQuYS5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3J0MDYGCCsGAQUFBzAChipodHRwczovL2NhY2VydC5hLm9tbmlyb290LmNvbS92YXNzZzE0MS5kZXIwbgYDVR0RBGcwZYIRYTI0OC5lLmFrYW1haS5uZXSCDiouYWthbWFpaGQubmV0ghYqLmFrYW1haWhkLXN0YWdpbmcubmV0gg8qLmFrYW1haXplZC5uZXSCFyouYWthbWFpemVkLXN0YWdpbmcubmV0MA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU3WyAfLq1MhelhEFA8NIEZhMvqZAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL3Zhc3NnMTQxLmNybC5vbW5pcm9vdC5jb20vdmFzc2cxNDEuY3JsMB0GA1UdDgQWBBQDtkqcgAxgGIgKZM2uKGKKemzAGDANBgkqhkiG9w0BAQUFAAOCAQEAHGTOw3ZNjCn8dtE8JINXjj53IQ7Wg\/FCuS4hnRSWwVNJ6BYgU0Dy5QG33wEHd0lt6lMQyQAFD7vIIR04nAd4nAqt4ZGRi5X5qOQCZOIVC6l\/E7gDrpXFRUcz+2XdMLxszJa7w7xSd3QDhqud3BZvBEm5n488th5bl+k="}
-00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_tot_l4_data_len":1852,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
+00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1436720908577,"flow_last_seen":1436720908663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1644,"flow_avg_l4_payload_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}}
00427{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":663911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZ5AAEAG8yfAqABnUlUamqDeAbviOvgAYZgZpIAQARIuJQAAAQEICgAD7o9UeSU0"}
02337{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":664400,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MTNAADkG3QhSVRqawKgAZwG7oN5hmBmk4jr4AIAQAeYKSQAAAQEIClR5JTQAA+6L8Y7pulnadtR8pnrOL17YZmIG\/8EYYPitHjHTuu4GsnUaDwVqqWF6J+umvfd8Bccsu\/3\/LR60tbSpz5FbDp7j3pT6lbaZJr7lfCcD6biW+hdrheke7dTjQZ\/bvol27eiGhcGGHSkrF9EsC88HzYpSiZPhcnnFMX3x+jTO2TeUUAtxx0nIassABSMwggUfMIIEB6ADAgECAgQHJ6RqMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTQwNDAyMTQzMjQ1WhcNMjEwNDAyMTQzMTM5WjCBjTELMAkGA1UEBhMCTkwxEjAQBgNVBAcTCUFtc3RlcmRhbTElMCMGA1UEChMcVmVyaXpvbiBFbnRlcnByaXNlIFNvbHV0aW9uczETMBEGA1UECxMKQ3liZXJ0cnVzdDEuMCwGA1UEAxMlVmVyaXpvbiBBa2FtYWkgU3VyZVNlcnZlciBDQSBHMTQtU0hBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHrLTWbDGRsyost1Tm2M7T8SQoWeNeoPTcQAnbb19tPnFZLoWm0Sy1K40P2bxYIte90RY90VhYrFaUWTH1vCpm0IOeKe5xG6a4x+xNP8JcWYeO6K6Uk2NxLlsG+06u\/ZthEJvkWlu2cNizfKTQqtT0T0rFBLVOTy7V0KAb0Y41e3rKoG9d9TyRmM+3GirCEbsYJWpYoBozkUcuhxUu730Q\/ClrDVhGL9TyV2wl71jSIUaL9S6pJFHepsSSrJU9inLn5yQctEMhwtxixVjIdP6mCUqewsmEkal+MdPYseCwgWXALds78UK1S65yiRTaai4EbTf9MdpveKez1veYIXusCAwEAAaOCAbcwggGzMBIGA1UdEwEB\/wQIMAYBAf8CAQIwTAYDVR0gBEUwQzBBBgkrBgEEAbE+ATIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly9zZWN1cmUub21uaXJvb3QuY29tL3JlcG9zaXRvcnkwgboGCCsGAQUFBwEBBIGtMIGqMDIGCCsGAQUFBzABhiZodHRwOi8vb2NzcC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdDA5BggrBgEFBQcwAoYtaHR0cHM6Ly9jYWNlcnQub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QuY3J0MDkGCCsGAQUFBzAChi1odHRwczovL2NhY2VydC5vbW5pcm9vdC5jb20vYmFsdGltb3Jlcm9vdC5kZXIwDgYDVR0PAQH\/BAQDAgHGMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jZHAxLnB1YmxpYy10cnVzdC5jb20vQ1JML09tbmlyb290MjAyNS5jcmwwHQYDVR0OBBYEFN1sgHy6tTIXpYRBQPDSBGYTL6mQMA0GCSqGSIb3DQEBBQUAA4IBAQBYQSL\/TUJVrsgGh0U\/i1nTBzmasqCRgdIMwWdPT3EoWpAcaTqa9pvACPRaIolV32+vRbiiE3kYtarTwv7LcHOFJVvVzG8GkKnYr3aOdAdQgxBNHXkwltnpAh\/jIdbs0jwwLLVTyRKn8sNj7var++B7hf2E1ltXUDj00xkpPhHwZkDkn8G78GzibyQ+pms3IfUnu6cCIrn8Q9rtEw\/ngzZVkXoAHNb4GWw6D0Rzk5XKAdbmX4VHGid+BRI0nUjNlwSEOnX6dhSYXahpa9n27dHGyh8dw2KpxfAxTTNviyY="}
00427{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":664461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GZ9AAEAG8ybAqABnUlUamqDeAbviOvgAYZgfLoAQAT8uJQAAAQEICgAD7o9UeSU0"}
02131{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":665864,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1292,"pkt":"QPMIw47hABsv8H60CABFAAUgMTRAADkG3aVSVRqawKgAZwG7oN5hmB8u4jr4AIAYAeYyHwAAAQEIClR5JTQAA+6LkUtADfHn0Kc7j6cynd6dqXEQ3\/RHTMctqSE0jukLbznxyQAEGTCCBBUwggN+oAMCAQICBAcnju0wDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMjA0MTgxNjM2MThaFw0xODA4MTMxNjM1MTdaMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjBLsiq5g9V+gmcpq1edQp4uHolYCxsONbjispmmTfoV3tsAkFbdsoLs5iomL+tIjaEus46yGdwEErAVJ7iHfTHI\/HurmItWoJ53PoEUCn0czKYo0t5Y8LplDSqFDDKOr1qyWHipqWHKlnuD8M1ff5UhMvwhvVcHDwj8ASygbLmuHZyjN6d9b47LnxaERCSBPSwMKkrl5g\/ramBfy03QdZAtRZGJhj9aVj4JAMfV2yBnrzherr1AOuXoQ+X\/8V7Wm8+Tk2cnXPd1JN88mQLLk95ckjUz8fJJghXAeZKb3GOuznboY6a5d0YzO9aBgx8HiNdr\/8no5dKoanTZDcJxo5AgMBAAGjggFHMIIBQzASBgNVHRMBAf8ECDAGAQH\/AgEDMEoGA1UdIARDMEEwPwYEVR0gADA3MDUGCCsGAQUFBwIBFilodHRwOi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeTAOBgNVHQ8BAf8EBAMCAQYwgYkGA1UdIwSBgTB\/oXmkdzB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290ggIBpTBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vd3d3LnB1YmxpYy10cnVzdC5jb20vY2dpLWJpbi9DUkwvMjAxOC9jZHAuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAJMd\/ouuRuzLqQ+r5e\/KsmgWaNiP+hOpr7PLLedLbo5pKsIrEAqN9q5ztrn7FP1fbbhQtsSK1kB+18PLc9zJXVuvsEG1N+vq3CCRxDRq9KHzlp03hpfhcaTdffpEhJSu1wkEInYPZFE1qSQP+QvbMtrC\/sG5Klx6JxPKsUg6cdBDFgMBAUsMAAFHAwAXQQQIXoSOSFZW8unPAYwUWxMSzEbBSIgHYsapWTXry0xfJIgf0rMt\/ATR2am5iIExw\/cQm0yJ198rvVD118Vo2uG9AQCP7394WatLKL6uiulyfsLeeLEvxSI\/pS2Vy6WHBnDIlqipwCWuNQsLQPQMlTF5kNYvdIby7G7EIm\/DXDnA5ZyCJyEa\/47lD15hjT\/svpk\/tZMEOwiTwlauYNyOxfoC"}
-01227{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_tot_l4_data_len":4658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
+01238{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":10,"flow_first_seen":1436720908577,"flow_last_seen":1436720908665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4322,"flow_avg_l4_payload_len":432,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1","client_requested_server_name":"igcdn-photos-a-a.akamaihd.net","server_names":"a248.e.akamai.net,*.akamaihd.net,*.akamaihd-staging.net,*.akamaized.net,*.akamaized-staging.net","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"34d6f0ad0a79e4cfdf145e640cc93f78","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NL, L=Amsterdam, O=Verizon Enterprise Solutions, OU=Cybertrust, CN=Verizon Akamai SureServer CA G14-SHA1","issuerDN":"C=US, ST=MA, L=Cambridge, O=Akamai Technologies Inc., CN=a248.e.akamai.net","fingerprint":"EA:5A:20:95:78:D7:09:60:5C:A1:E4:CA:A5:2B:BD:C1:78:FB:23:23"}}
00428{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":665925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GaBAAEAG8yXAqABnUlUamqDeAbviOvgAYZgkGoAQAWwuJQAAAQEICgAD7o9UeSU0"}
00664{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":665956,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"pkt":"QPMIw47hABsv8H60CABFAADfMTVAADkG4eVSVRqawKgAZwG7oN5hmCQa4jr4AIAYAeZ25wAAAQEIClR5JTQAA+6LVZJZEf6qm6QysDIqa91QGyxXK7TIE5ZXmcrbgWPn7mmMIVywT8rdys42m+KuO7Vo0WEGwp2Lt6uQUUmfrXlamZzgiDEEzGhSHNw7QPJ7zZXXYoEQexwPFCcVcuOmAqSH3ahj6nX5xk6nb0VPAAB9NQ\/wSrA1fzM\/lOZ5bY2UOh6oUhbTM1lpo5cw8MIWAIo\/oZ0B+F4ZqR\/e0MGjFc\/lkrBUFgMBAAQOAAAA"}
00428{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":666017,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0GaFAAEAG8yTAqABnUlUamqDeAbviOvgAYZgkxYAQAZkuJQAAAQEICgAD7o9UeSU0"}
@@ -267,8 +267,8 @@
00511{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720908,"pkt_ts_usec":741762,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"QPMIw47hABsv8H60CABFAABv8oFAADkGGSkuIUauwKgAZwG7rg7lrAl3shtpBYAYAggwvwAAAQEICq6JC0oAA+6UFAMBAAEBFgMBADC6VroIWr\/hqwVJg27ZwPqVZhFQAA2pfaRQJLHVGlJachV2kuh4w5UzFNVZpii0P9I="}
00428{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720910,"pkt_ts_usec":950960,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"QPMIw47hABsv8H60CABFAAA0kOhAAFUGV4sfDV00wKgAZwG7g+MQ46QTobbrH4AQAOvWPQAAAQEICvAgu0UAA+9u"}
00477{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720911,"pkt_ts_usec":139558,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAAAAAAAAAAAAACABFwABYvSEAAEABOqXAqABnwKgAZwMDsMAAAAAARQAAPKDWQABABiwxwKgAZ9g61GqoYQG7BIhPUQAAAACgAjkIbeMAAAIEBbQEAggKAAPvhwAAAAABAwMG"}
-00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1436720942507,"flow_last_seen":0,"flow_tot_l4_data_len":1450,"flow_min_l4_data_len":1450,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":1450,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_first_seen":1436720908464,"flow_last_seen":1436720911139,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"192.168.0.103","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1436720942507,"flow_last_seen":0,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02370{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":507631,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7YVAADkGAKFcejCKwKgAZwBQolpM7hj\/zhvj2IAQAkuefgAAAQEIClRk1HoAA\/vEM\/iaPUALhIFKAs5lHhGDDQh9Ri+cJ7IlO3+U+lz\/AJfyy4DxuV\/4P\/o+vmeH\/hNqoIELoODxfoOAIXO0PMXMPnHoxqeYBwGo8oxahQh6j0xfzNnmEda9CmYCeDSna\/qNrEPvGW50RvR5h7uG+kXcGOBC7BGEPlQE7Yj9VADdS1kT29D7gnk\/qeBFzA3CDCDhz3gqv7gHmWA5mGyOJepR4EJPDEPmPiCsftA0fdwDBLwVjxH\/APKX29LRhXxOnSI4Ih5PTBEwQnYqjD3MPs\/lmZehG\/8AA\/8AT9Hx6L7CfPoFCO57QQY24Pf04EGPxc98QOB6OuYRGOvzGux+sHlCW3CnI9H6gK1Ng5mdNzFbgAyRCbreGctT5jQZEPRP6hHkIS+\/zCBFmIuGjFqI5\/uEmVBMg4hgvEdvaB+4PuYjwpncLG\/tARaSCgOECnAbe4e1GCNFARmxVQDALDyR+IOzv5nsz8T3R9wgRZi+8GdC55PovxL0YHoYoPEbSjg1BB16Ln\/4Ec+hG4XhdQP\/AAj\/AMS6qDzBT7P5oVuK4jP\/AJHo+vQ7xerHEOB\/MJM94fCL+ohnTjGoAOagD3iFagB4f5QswHhzoMy9DME64+YwcJGH3EIGYuyBB\/nEZ7TiCoY8wSKYOu5S3H2g4tgD7wANpxRQzjSFNilH9hDgQM9sJvDWSNGHs+0x8CbLnF1CclwLoBlRBpI3BxPAqGmw4ykVAG2kgAoGHly28ROIeyXA2GoWBRqYf9ufUEBje0FkRrD+IQecxboE3AOv7hC5gHugOOCfdiAGoheJXCdB6Ed+p6M6LnkF\/wDE\/UhuA8wf1fzRQdReggNdvURGX6gnc9o44SIJ4hEESg55h9ABOXCdAKBoAFARRJEzn9QkfZAdHcCZJ+0IfM82YFNwK2Mw9qjfbgB0alLX9QhRGT8SvaFD494T\/MQk8fqbOERdBBwkdmvmWKJzcwHIfLgJbfaBYGFByYLxbUA8zSMwDgeEJIj+oTwQfxK2SqgEvgPeFbIcbVX7KFvlB0KE87hYZQPRwPeH6uPhbjHBiWw7nL\/pnZCDnKByYHCBX5hgfMf3hZBZhDmz8QG7Sft6CPUI8RE4GpvB6ATxO3ovP\/jgJ7wEhHscGHx\/KuIHYBmYYPQqqng7Ew+z+eE4MfX\/AIH\/AIC6cAjiPoYHoIzU95cXVxsDhHD1AhE8T+IY4OoOZmio9RCbH6gBuoGYHNqg6GxAMRoQsrcD5h\/xiG2xCYJgDAIuFMDMWQBiwOT8QxkaQi4CCaSgP+GHg7nfnqF6wY1vXxCXqouAITzC5A3GyRRmF3HmjA9oXEGuJ4Jq1PKGF\/7E95xsZ1BT9jB0SPvOduIB7RHP\/I2Kh0kBNLD6MJz\/AJxbQj\/cwB4GCtzsgKZoQlqFxuEQHvc\/HoBi7iniEcIXcEEJgK9QOtGCOFaheFFdZ+3oP5CQaM\/4fzxGF7M4WoAHGX69x7j9FCP\/AB2jTxue8EBOF7EXZxDcScHjmEuIzgiYdDA4gRRtmHoJ56mwKX8F7wmCMfSKDe0XnQmaYuEnIC1Mc2QAHUVdCAtCh95n5imGNgyjyD5nfMLuXxBSoSDA8yxX\/E2oKG5iGgBLzCfMJ8wOCHsTPCecIsrQDCihrgix+Z7lA8uF2\/cOhJ+kLZAhOzHsR5iHYfYwUTAf3AWIwicr0HmfKhO7a+IxmwhfEE4GEoYUcHmODzCekU8+jhiigMf\/AMP\/AC\/+CLkzo9Jgh9HB5hJiiiPP\/m\/QDF7gHoYUsRjU4ATF9pWVBkA54Qk7j4h1hQB0nyIzIr0gCl4cXcIPGA8E49oZ0qhZBz7QqP8AqAKhDWgfxPgD+8p7uAtmJgK+HmA8sQ2B+ggN5gCPfcBNIz9YSgzZ9hABBp2CMzM="}
00427{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":508241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0JelAAEAGxsfAqABnXHowiqJaAFDOG+PYTO4eiYAQH+pOOgAAAQEICgAD+8dUZNR5"}
02365{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":509218,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7YZAADkGAKBcejCKwKgAZwBQolpM7h6Jzhvj2IAQAkvuxQAAAQEIClRk1HoAA\/vEO6\/U4C+0OWUTJgAb794HkAIhArOYgdkfiI22BCGjBFAjMJ7H5gWBudggbAYMBAg88QCbuhm0hAg9wQYHeJyZzGwFB7zDuEb1CIxUMRuZfliB7np0MYgeoY4J7+qgeYPabQ\/aB4IL9PHo+vR91\/N\/x\/EBC\/8A0ezA+Z8w+PUejh1dzuvQYmm4BAIYI\/EcE+jUD4nkjsnAhNA8wx5OA5aeINz\/AAUBr\/OAOALiPDMHk39If+VARek0ggL5idUhkPX2hAQrDqABo5\/wj6blcUMHps+4h4H9wU9ldOEBaMbWJMBg7F6bLf4ECwWUHgrMEFkEjMCoIwBEzYQLC4LK3AoAyviVQjybhI9r6wlsCgB94VnhTqRmcsioR5j39iByFiDkW+p4l8DUIG3Dyi4mQAZhCyClDE8GHwYPw7gzQ7QkYBnMHUC44nvArqGLzB9YQbQj7EXX6jh\/8eYjwIFiiz8Q2EAOV\/J\/x\/NHF6LrmV6Dxcv0cqD0MXc+CC9nEbBVQOPX2ggjHHvMvqNwABPCOeMwlwkwvyoIxB0cfSIC0DB7xZrUJVmM5BC0yIAV7Yl2YC3A5ZgUA\/KF+xEAWdXLIAuYgd+YS27EPvuMQOQnQJw3GzgZ9R+JmMzlA+JlcA0TD1iDIUoajMm\/tESS4X3XHjoOZyDMKfeEmMwvwcoyHZ\/uUUCTC2rUXHInKoObP2gYKzOtS8IzHhA8F3HuZYIEo5ZHzE3qLhzoY+YAWCiPcGZwkp7ejUc+gga3G1eIfdfedlAT5gj5EE6gdzz6iFTkFQjlEicGXPeeH8X\/AB\/ED\/5XpeIz7wA8TpK\/gPv6VSjOjn1MAi\/3MI+8EfcCE7HBEANXcACPv6wUqjgLgz8RDKgfEwYWFaUo4Fqf7VxCfaXmKxR3zcPJAAMAF9qAAtEUIRw00NEmM0hCDHA7h7DEMhnudgYhPg9oeAYfNLwrg51CVPEQAWcPg7EXLL9MBJSwx9YZNq1KYagWYA+h4H0K2CvpPdEDv8GNXZrxEphqeRmaBf0jG3TP4gIo7h8Qnc7HMEPIQ9MYgoBDKJnhXF36CJa2ICTAm1lHzqHqEuYAMKeeIR3BwBhHkwuRAYAYoDD\/AOBC+IR1Pf8A9f8AA\/h\/p\/8AL9DK4jiQmCE+p9faB5idQkYTPD0B59HC\/aAQO7qV3CYV1ZgDiovRHuVyAfrBFwZNPjFwKif1AWf2J2OENoUB+iZ4gniUx+IHTH6wBkeYwWEmDrCuR+YjiR4wICxwiF5JxELRFQLQCHzHzuBEEnDGTAEqWD+ShAN5cKZpAYRsmSxHSjO2xQ6w+HMTYnzC1FonyIOIR3AYBABDff8AyDZtfEVIYiKJhQDgP8z5DwYCUEHYxPeKKGKB4hDSL3QYgR+UAOxj6StiMylB2zD5KM65g7cfcXxmA8LHvAuoZ5hg8w+6uLzB6JH6GVH6dnXp4ev\/AAP5gIT\/AOFzqcLgd\/8AjtF6GeB6BT3gEe4YP39BC4Sk49RQhRqeIehOPMAz8Inhwtq4LXEJ1aUu\/TzAstcfbxB5v9TsR6HUP3QMI4jOnKgzrELSNTN1A5H7Qk3lxdJcFQrcADz6E8y+DmEIbgGJhOH3BbcIGziEwHPJ+I+E4CPabiALnOh9A4O4qjsRRPELQDgwRZyEPYQruIeB+5TMEqcJo\/MI7Idz6oBxMrQnuUnkCBt\/UBe8Q9RQ1j1p3cA0hfMfiH3CITwf\/NQnmD0KswQ\/+f8Ah\/D9IUFjf\/oTHEIClQz2qBAYII+oVHHD6KGByZqnhBDD49B1AYAdwdz3iimo9Dc4Row\/KI5J\/uOEEGO5YEPBioY1COYTPdCMjxANjAId+EI6EA2AahcCHIIVEDqIt8j7wQrjygpv6whzUCbmYRCBYNQWyVqMbJQ="}
@@ -284,12 +284,12 @@
02346{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514223,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+7Y5AADkGAJhcejCKwKgAZwBQolpM7krZzhvj2IAQAkv0+AAAAQEIClRk1IAAA\/vFrVw9zLLmdVIXBHc1K8ULIbynhcBDMiQxaHQ5jcLl8DgGTTU5qYHxH2O\/0OkySBpmohk4TdOjaADQJINF3Aiaea0K5AGmq1DzObZ2XaTJE5l8qvLckAaBbSQsperkRM4kLDHD5Wc0SJppRoh3OVYQ4hkBEQXYj4L5cNtDB01LqLOIspc5LoH3I6YLAxwktMyiCre+\/HGuvZK6SjFwww6jqGUmIdBXpYNKroQcbmrYA8AyQfEloxnawWQ7b4624bB0Q0eMjCoQGW5AvGmjUYMrIvjvuSOChpDT2NVyAew4bojg5RLo66PjxOrx8si0i0wl+xdMNQ\/J3wrE+DA2fAKD0WRvMo9dHUfaI05WmCtbTTLEX\/QTEtjs1KYjSlcisV3HR8OQobmXpBoAmiOeFZoBiBRKiBOK+Z+3yZEOhVjtCJkFgAOrPJbleGgfwDJkCFGlZcp7aYmVSy2eF4wqBE4jbwxV0UhQ1h8zg8OTLUmPi7XQvWxBDvTRzDxwQPe5MsFiea3FhXb81zUyVJRt29CYq6AUeuC3jqPRqingoHg92cdgoZk3x0zu7SUaBeBWbTdcHl9HmlGpivm+BoT\/ADsBU5xEmfpFJ7MhRdO4yAIXohXBMRdrkUDDdxEwdn4spqDLSWg8rbkbI7lBjm5MfMIXRQxOJAXzijNxa4BEq9DzZ7uM9J9O5p4EcbOFLEkQWFfrfBHKhggnIkqpEY7xFPGkFyJtyVVCAEyhGtFBuXMEGDNK2oAhcccamlfq4LuoBaJ8akc1NQQnGD+Pesq26TVXBbHsG5AobYkQWYtnDPOMoT\/FXr56DEPwHXg2jbsTOfxPVn5vM\/ovmGvHiRx0LKYBiw5wMqZujbY+cKh\/BIhF+yQwGoAnA6JQMjPjGZB4ASRcqaW6jTbtMUCiEPT2Q7Zn9mdDo5qyraCbHGAKrfjA1PvEnCz1+D25eewrKl4v\/bHnY5BIKMBwJxCh4n7B29bLPwT6QuM3gru6ygSTHZiQTkcQjMpZSey4IceOEqOLNOLagNfQ4CmVFxe9KPrZed5gSbkaSHHLRQLwSVwTrLsQ2uC\/G90wHCK21QtdWoLB1HMMrfZs+\/MdwAJbYQb7v9Rc5go8DsIQQ0IaoNSQqHEfEHgpQGuE1P4pA4VsHLlQU7J0TwgNlyzvmsgy9ghuK7OEBG0XuT4souJazsWQsSNKDPLGHPE5jOI7l6LUr5XoqRnOcFhC0FwBgmLibVvNYuMipDtohM3giZ2wTtOHhCBgzRQT1rRHFL0Z4jguFRlLjFFa9Uee7oF8Z8Eo7B45EpQnlWC24qh2tyXhOiptogKpHPn+V8bL6lKsoKTmBcHjWnABR4WEJ4x5hxBBxoEAz3iZ5YYuNOygkDNiluyTsi4dx6KOtM9pUYf9mdwC8VeriYOv4BQI45CT+8vnjs05LwYDCERBcbzQqTHTJlLSU4h5ZfWhkKJATGF8+oaBLjSlhOA+qiEkJkx5sZq2ED+AHKYSwrp6ZvFOOtn6zVw0ghWHSAlh8ZnpQwNpbIBpwYWahgOdrP2M0miFw6AY7UTgfQwQC0jczGhT3oBEEyP9CoFcbJDQ8UmlWpTwPnFriUHLnMhyOQBHRxAI\/ZNcCmpnzGxeeUmEKmQxHgV2C\/xba+V4q8a4bRSi9Xps3xzJzAuZSC27jUEKuQwGx\/44hNsZVJ+60\/VCIlHEWuWUIO\/A1Bsemo0x4EfBB2DuqNS8AerKeVMz7oiOvxuFbClF690+j75InE0Pws+7EjixZIlk\/CR\/Eyt9Z4KEE\/B5Lu6AfRm17YkDhZgXFwbB4E1BRFyFo5YQN5tnHqJsW4XnALuDS0kqX0t205P0FaxAy4N2ILtRPOHnvPeRGTwrCqip8i7BYPQ4gM1E1ANytOYMvog="}
00429{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0JexAAEAGxsTAqABnXHowiqJaAFDOG+PYTO4\/xYAQH+pOOgAAAQEICgAD+8hUZNR+"}
00429{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":514711,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Je1AAEAGxsPAqABnXHowiqJaAFDOG+PYTO5K2YAQH+pOOgAAAQEICgAD+8hUZNR\/"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00779{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":530885,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"ABsv8H60QPMIw47hCABFAAE4n8hAAEAGa\/HAqABnUlUaouLEAFAvtWVoUhBMjIAYFINNAAAAAQEICgAD+8pWC84nR0VUIC9ocGhvdG9zLWFrLXhhZjEvdDUxLjI4ODUtMTUvZTM1LzExNDE3MzQ5XzE2MTA0MjQ0NTI1NTk2MzhfMTU1OTA5NjE1Ml9uLmpwZz9zZT03IEhUVFAvMS4xDQpIb3N0OiBwaG90b3MtZy5hay5pbnN0YWdyYW0uY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBJbnN0YWdyYW0gNy4xLjEgQW5kcm9pZCAoMTkvNC40LjI7IDQ4MGRwaTsgMTA4MHgxOTIwOyBzYW1zdW5nOyBHVC1JOTUwNTsgamZsdGU7IHFjb207IGl0X0lUKQ0KDQo="}
-00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":292,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":292,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1436720942530,"flow_last_seen":0,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xaf1\/t51.2885-15\/e35\/11417349_1610424452559638_1559096152_n.jpg?se=7","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00770{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":580781,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"ABsv8H60QPMIw47hCABFAAEzOUlAAEAG0nXAqABnUlUaouLFAFD1YMTERbSUBYAYD2PW+wAAAQEICgAD+89WC83JR0VUIC9ocGhvdG9zLWFrLXhmYTEvdDUxLjI4ODUtMTUvZTM1LzExMzc5Mjg0XzE2NTE0MTY3OTg0MDgyMTRfMTUyNTY0MTQ2Nl9uLmpwZyBIVFRQLzEuMQ0KSG9zdDogcGhvdG9zLWcuYWsuaW5zdGFncmFtLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogSW5zdGFncmFtIDcuMS4xIEFuZHJvaWQgKDE5LzQuNC4yOyA0ODBkcGk7IDEwODB4MTkyMDsgc2Ftc3VuZzsgR1QtSTk1MDU7IGpmbHRlOyBxY29tOyBpdF9JVCkNCg0K"}
-00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Instagram","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"photos-g.ak.instagram.com","url":"photos-g.ak.instagram.com\/hphotos-ak-xfa1\/t51.2885-15\/e35\/11379284_1651416798408214_1525641466_n.jpg","code":0,"content_type":"","user_agent":"Instagram 7.1.1 Android (19\/4.4.2; 480dpi; 1080x1920; samsung; GT-I9505; jflte; qcom; it_IT)"}}
02347{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592195,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAFAADkG3jJSVRqiwKgAZwBQ4sRSEEyML7VmbIAQAggFiAAAAQEIClYL0tgAA\/vKSFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEp1bCAyMDE1IDIxOjI4OjQ3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTE3NzgwDQpEYXRlOiBTdW4sIDEyIEp1bCAyMDE1IDE3OjA5OjAyIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjA5NjAwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/+0AfFBob3Rvc2hvcCAzLjAAOEJJTQQEAAAAAABfHAIoAFpGQk1EMjMwMDA5NjkwMTAwMDA4NzQ5MDAwMDFlNjAwMDAwZmE3MzAwMDA2M2U0MDAwMGEyMzYwMTAwZTk2MDAxMDAxMmNjMDEwMDdkMTQwMjAwZGE1ZjAyMDAA\/9sAQwAHBwcHBwcMBwcMEQwMDBEXERERERceFxcXFxceJB4eHh4eHiQkJCQkJCQkKysrKysrMjIyMjI4ODg4ODg4ODg4\/9sAQwEJCQkODQ4ZDQ0ZOyghKDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7\/8IAEQgEOAQ4AwEiAAIRAQMRAf\/EABwAAAEFAQEBAAAAAAAAAAAAAAQAAQIDBQYHCP\/EABoBAAMBAQEBAAAAAAAAAAAAAAABAgMEBQb\/2gAMAwEAAhADEAAAAO9N4sXTDu15V0zXWqS6eeKmgreaCCmgg7uEVJBFpoIqbJxUnCLu4QeTiZpSHB3cGdOqZ3QRk7jdJJupIE7IbunTdJ01OMhpJ0O7ON3aSOfwekxeD0uW5b1DncnTsA9NJjtugMD53fqZhIgWgSaAtbEsWQtyzLPTnJhkzlli0uis5Bw7O7irEdfDm7Q3o5VwFjvEUYqlhUYWiOMp6HN4L9xoRfHbOtZDzdIqnt5UkurlUXoRcsXKR16897uavZ1aZJAySBM7AzpAoyQRQgyWmsrLZ1OZUcAMdHNE+Pr4jXWjcf5Yn6n5BjRjQdkY2Ci0j2KtwOa\/UpM3ThJRs3xi0n0mLpwZpOEVJkou7MSd02Z3ZFpOEHkgZ06GTuOLuhNJONJONnSQ6khpJwSdxp0k3SkN0kh3Zxu7STU1Wnghs\/P2jYmxyVZaPV5dg9EEcFEMbREli20VTekwDSyB3KDNbYk3lNtwDNIYAe3by0E+sjys0+hryZgbUO7JtFhyPAtU9x0fnXT5Pe0s8iDQmLcK2RFHXhU6XTyJnQ28l6vzLNitasqL77zvTx19X0ci6zQXnPPdfP7MvnHFT+lsL59dHsm\/89emZV6Rwnnza5jdZxo6r1zovBcxn0zk+Fuz0rN88YOj54WAHVCQZESpRo6asDUEg+pcTzW\/zOv0wrwT2tqjD9I4GWD0GFZpn3V3jttz7jDCvpQgFzWGnoul5+tsu35+PE65+hGeTZlT7uR8ydJvn72\/jvpsaaqz69ctVZ2lpLKT0oqTAk8hxUkhJOCdONJONpJwUoyTdncE6dNSUk25Pb4401KwD+XrjwXoWViQow+4a5bP6vJ0nnR9YKwCs6sKb6awPu58RHXNxxs1uwH0ZoswO2Gbbm0i2IA2jMsDvRdUaULFs2KwzolWtLXv2s7q0nGSLJCq2zNhzG32cRjcZ5mHvkvmnpYZ\/G44avfLzN1IbE7nlky\/T\/MstLZrG1W\/PSfZOu5d\/ArvpDw\/t5uJCKz6NPKChFXSGiq1p59mmZDDhAbKIjC40UhbGFKqLSdOLO4MkkfQh1cJjj+O9GqqPQOf5vU87txCsYGo7vZ879onVefdz8yDmjOv7+Tz\/pFy8v0="}
02355{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592409,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAJAADkG3jFSVRqiwKgAZwBQ4sRSEFIWL7VmbIAQAghpXgAAAQEIClYL0tgAA\/vKkxiut5qB26Ow9Pj8+yfWMCa4DUGy+Ho3+c5jmKfpvReNdKH0EH5lbcbz+eZjXvWt849W37RLwLcqfYn89ApepLzJrn01eX8qj3x\/Byg9vl4hMftksS8eq4V9yQ9dg87nd3j8t6NPn9HZ78M8\/m15\/SI4iV0+Hr5YZdJFWiriRaANGqKgC2yBU5D1y9AGO5LwC+hZAOnTCa0b8GSfSXc3ZK6AUI8M2\/RlL0N3AaXqkYlae70WFvXE\/MysjfHhicTX059\/nyudDYrqom8O\/SwbXeAYWCl2HDbeHOmh0nFvU+hbHnPQ5vucrmudw17ngsyPVk8VHSYNOA4HAkiaZ9LkB4VlFV6oQoQoqHF7YpwjYwQuo3UsJOh\/RGPbfOPDFikaxDY4DU5OkkXmo2bPofj3YqtI3A2tMe8H5Nt8O55y1B5\/7N5\/Hj7N63x3O1z+g38A6wXb+eEc9NDyaVW6IJldX6R5B6ZmuRoJAaDtPubZt\/FrO\/ofNxI07nn+e9Kt8ed1WPUA43vniOOoe+MdtjoYlp8vJuziWF9ZSfTEwvQuT1MrucEnl3NmPfozec2Q8b4rocvm7XZ0ZulcvKtUOGRAQ4+gnWZDVgPNWhEKtHOpze6ZyDRXdX8BKT0GfAkRXbz40uX19WJqIDO0OmFTszkplJub3z+cPQ\/JvQ6z862sGNz1mVnCXPSY4Ty9OzHqpGSzpKihVIIPNmVKcRNOqLCYDILVVeEY398LgV1vOVI9RE0wT4QEQJpSDAaZU3nNoOD251yCtoLfS5daqb9QCMzcp43dzem6ufhS6Oew6aI6IVlfacgTJtbFeleWXZh0ue8o8\/FVehcsDozfPVyqd2beAaLdw7AEWuPBsy\/NtRo7nK6amwzE7wely5\/Li6bHG7EM3mel42aI9A86edPRMPG0Ly9C4IXGVdSXyWneZ42VsFYuj6kTogdbNyRn62pnUvPuruzMr3A+oweXcoviYt9jgW6815zm+k8\/tAB\/OBUuybA1gvm903GUlLnZS6ZF4KFr24FYdVfxNcHoN\/nFir0ejjdiS\/RN6WHm6VtwnvhPbN\/CPbfkffMXtuX3qjh3relJQiEoMQKEpOyKasJqDId1NjV21hXC6QDvdJEJVO1s\/Q\/zN6OTm8v3oOGonI9l57alQUrkXYpZMcsGthFgcg05VXIYrOJRhIhUfQ\/A63I8zG3eKzunHr8oC2NDAbQaOkGxtKX2WhycdMdrn93jLkKuKz3vZ9JmVLTQZa3BEZ0bqBxVlISUosM18C1LstzjfR8zjgcXvgyeor56XydIvT6GCMTACyMtUrgCKhlE19BSC9tDF2gkO5dOOJom5fPt2VnLbnJsVlaDDEPHHuS8fSny7ebZ3qPK2w9TgzU+rEx8ulpAaNFzDbyos643zk7Ou5p5O+X0FYusqEnp3Q6dbPtiuk0uU14ejc98q24cupIjGzSHlDhtF575ZOO+XSVH4SnEqKawNGGtZiJmIRtjEC5UnTQtnUn51xEfWfPtM8B7b2wbSKwHWlcGMSfEWVosImWLXNObHxqcs3YBBYOiCN6LkB4epBLK0KLAqqCHVFoZN\/S\/La3Ded0EcjPZ3z3AN\/GxrIy9iG8YgvWH1PnkuwzLWQPtqlhubqs540iAhZVVsNHpgy+LaCMldVgpipyGjRNCQdSLo8zK5\/dN6RMPzzXjRmF7eCA9vW05aci1898xYkdUwXtNbK2ik7MtyrTKySLWrnk2azz+9hky9fQzRuXXXQYOOm8sLU6Mz+T6DMig+c38yaBw+rLTxauj59VjG6rUoWWXRciQb8rJMP0s6wZdhrOeI1OpspY+oXQgyBjtBm3CyFWZNgavivsvzz15cAGTDTH0Hz\/1jzPKsrUpltBIzz0jO0ZWIpZqARY="}
02331{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":592836,"pkt_caplen":1475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1475,"pkt_l4_len":1441,"pkt":"QPMIw47hABsv8H60CABFAAW1MANAADkG3jlSVRqiwKgAZwBQ4sRSEFegL7VmbIAYAghY7AAAAQEIClYL0tgAA\/vKFZnZQVzAORUAGgshD0XzLWitnF1RZbOyYY2jBkEBNPfpsFJ0MwR2xokUKk0tMRGX0+ULNnYEnYNfWxk6D3Pnej5bi2uly2Ncen4nCl0ap\/OK5M1MDRb7DlaKILxJk6KO5nCIOoyoBpkY9jRFD10QJEggtrzgw9vHZPqSOeaQmWfu3NWXpDBl9HidlS5IM+lPtuAnHOypCaOkFexZHT7LBydbA68EOyVOaEXDt3MTek5gTqq2669g7n1zDNvNkDCrEmtKseNSTYBSGndz5U12mrwxkX2QmVrRYgHVlxXHHdQ8nCZnqOBpPPaGYE10z8zTjp1dODtoPolFm2VzLWuvhh7CQ+d0DQ\/mTmvrb5j68el4rvfO3ErssfSdGGU7RtVUETBMSsTXDoR0ccOsnWCEkM2mmLLqL7UZ5pQoVi3jJsVTQ0bCMg1achKtXHu0hBtqXF4R52reGKB0XOy4DzjTrg+tLyF0yF6zwPpHnHB0jgGw3igbdGFni7wjMtamXc4sDatJIzzaARw9qDaCA0FQqqA2qulhUQzAuvyZBp10EAKnsZHYxTyR4VGKh+05HoUs\/F7\/AJweK6na2O04b2yas0ZRp8nzvTcx189Mds+Xj7lOXnfSi8tZhprEW9BnVOjl4g93BzWlmQqlLnCmnSCpUQanqYOyM2weaDCc+xm5o8o4\/QSPPSZr0WfBmo2sY\/QZyGb6CEHksu85zDWzoOMtzfeQxD2ip12I19Dl9Gl0Hn\/ew6M\/BfLvWvHLxtnll6qQ7xEVUhkyJZxKZBtGkFONtYYU2QTK5XdKGceTmEkYIsW7m6cm8eP6DA28t5gl5I7Ga9Nn3s24yzz+euNieVoyh8262aPG08u1SXU0u1DJHsPmPq3jfD02ECLpy22zCJZD5NFLpeZU2ZyIWk0TlMDb2kigbQcM0ksYIQNgAKIqCqsi4AC3mFcChWA6IhLWZWTCbW3C5LNbZTWWxOyHa97SPz7mjgB5aWjZuLtloZedbrNj9J0QYvRgY0HTYeTanbA3Ti8UvWeHm5W\/zlJ7IS2iyu+DkHTHMbnJmknKhOjUDGTUuwxk+uK8+6CX0xFfQqs\/Q0SUBE2QapzteY+UC7i2Tzt\/QRU+OK3xpevZCWkeN+E\/T\/zTtlnHU3b51RJrRCUGDQ63jNGTr+TzaJefIqeipi1g33c1pCQ76nIUynphX2jhVrAdEnzjdTgOZyoDiihs+xqzSzdoEQCkTG0fWNJ8ch7R5FcZhAsMrIQaH9CcPo5HmdA2cQfs+O2NXQqPOhu1jrHGW79doY63YiuQn0uYjLnB7VUs9mj4iWNXQOACU67BuYHIR+fRaB2OUzBDhbACpMmOjWGrDQqGdIv0jy\/1ea1OaD7HHfIM19WDk59BmUpW449ToANFlKssBtUIiHoUAMmTTMhggmgK1CVMdEQOhbV5uQG46KjkQh9gFz2mm8J9gzk+862TSKfQaIPFIx1unVOKmmkSzumKq9UDq2jKh0RTld0qCKkL48+zPly45Cq8nrwBLrzw0LMk8JWC1oOppiCMHsYBow9AGuQ9P83oy+sw+jM+MPr1Mu3kNb0cieXz3teW7WWMfsEROF5R6D5VsFtZfoZlukaLJNthsm9C8pIw063hdPOrMUmy5MpGInR0ejby+\/j7Okz9IysvoimuGs0sreCx82upM9m8J6bPT6Gx\/FHzrtcciK6OGF9C4Xp4RVZXat0cvURi0lypVV6FgYVpxaMAwi9mK2vaGC594zaKZpUWX3MD9B8\/9Biur1wgMN7hTS4fPVdVU1zUtMW0JDTvc5Fu1MeVPVqpUoYNhwecwW0XRAN7a26FZm2oZPS6pPJ7JGci9+k7hvI2JttnFp11LzrKh6R+efjsTZXZnTs="}
@@ -304,7 +304,7 @@
02340{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596803,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAdAADkG3ixSVRqiwKgAZwBQ4sRSEG2\/L7VmbIAQAgiUAwAAAQEIClYL0tkAA\/vKD1lDNRashXJu1VVIkLdGXWY9ozDcqkVuQXkxVLQtkGdE51b2GZ6tlfg4\/uWTjPiVvrodrz3R0H0mI4OdVdFLOFehvo3j+\/Gnu7s5iztK1BpIVEJpldV1VqmkqvXIRFNUjSuJVF7AN\/J0vGyE1Odc03SUihOKBcvWzcdvlLb5yPSdXk4RBRMaq9+TZ1eXLvDoOowdHePM9PvN3K+GwtvzyFuNzu9F6rTxdcQeh5bRnTsZ5J1Zl3A2JVF8vpeN03ZmCR2RPI2M70c+sv5rNxrsp82PN9Jtc+dpBl2ZMDrM+4dKkpv6TTN8n6k3rjQQ9EqV7UMlZCMIqUIxTmqpIuvGtpFPRZrLwttaHU2zbOnY1BKpZ1OpieryjUSG9TmWeVnyhBVVqkNfXRGCax4NGXbCmyXZfLTTCN0ecaCybxcaRETk6drpem8\/sxNTZyVzTrsvmc6GtFGTVtVS8bM6uNHED+hU6nmWd6mJT7CzN0dSxnWsKNtDIPOAVRnFqFU6ds5xUXM94LU5+gYC7Dl9Jfh7KqyVdk06dpGTOgcPQCw2+RqCB+jpqlFNKE4A8JRFbv4vX9PBv+beieYOBmUuXsdOqnowsiemHRZeZY4N0MIjTLfBzs4k9CUxVt4raKbHCoFhdGbdrBh9Gdxmu42ZZtlRsXBEJyWQlr9ORLj8R7Q8iGYO9labwjVSlBlSdWPaUp3uar5JDzg7U7aJWr7BrdYm1tmkjyvZrPwT8r3eKqu0XWKM0vOaGio6JpVqhUTHojBlDc+vpQWhHLQDzhAeetTFyzq3rsz2Pl1ztCNuCzolS6OcEbXeDBhutm8ezTqpDq16BIn0hjtqA41Pc5ro9ndONnUkNfByq7qGVwlAKoMwWThq3OhG4Tk6OfzTgd8TN\/md+a0JQnGliZ0RTxloYqqK+Pxup53TrCaSY1dlbTQnFGh6p5T7L08WZ5J7F4xFtG+jHpZnYEkwk8XB2SBo2ViTOnKuocWlUC15E6eDY4uzSKgnognPKNgy1y1o0ZMstCKdftBUt8v6d8aWoaq6mKqhdKGIxskZ1p82BWEzFTOx6Vb3s1BrU1B7npVzm2k3PHO7ccOhN7XHWKQEkBmlZtp5xuCEbqbVIloLdttO1NH6oYyWhzulZF8x23ZbHHvxvnOgZlsZ6nw3e5qjJ0c14VNfXOdlka7RM8+TNGAllFtVNwlFVslGscL7sbBVek2VXdBTKM7UBp0g0HriqnjZLt38HTZp0XqK5IHdybhiRLbneLyzo1JdlFPF0iMJwT+fM3oPP9cOkhzA9T1GOjHfPDd3KdPP\/ZuT7mzn\/KvYfJJ0GexZ7UKbDhC2tJPOIop2G0Z1hNmTmE4OOUUkJnZiSYE8XEySFbUk1aqkT9etS\/yfoStrKuYp3tPKNiIyk4oziqE7MiydE6VttUbmcqXh3SGZoxCpo3m9Xm\/b442VXejgJkn88SMMpUXERuagEXiWQhVfLOPzOhTkfdrZszrHXFuV5X6f4VOhXQ1bXF0aO3n4u\/NpTxbZx1Z59lybXCy1GN9rAH0ZBiy1Ip5FWxCTGp6CiDFo6KmWaYMR3kXcbVUVtBKUU0XF3jDcawNHWaXJdHqrOc6nOiucYka8ztHD0ytiVdkaMkpItKKfgPJ+j8sZckJ1YOsK\/NhUmYl8A6PsgN3cC4zf8zg6aXHl5vVyyijTnh+3sjTho9sGPklsZZVdd1auLTiODyQoRsgCUmCKdhpkwnTOCSQMkg+tnez5Ltja6Y7s6JPCQPOt2rYs7TsrGVu6BWRsuY3Ku5dM0uaqi0Nzh2f9b5Zl7DXOTzh+G1LQz9cLZWC0gM3r+9x08aH3w9EVvgkOdDtec7jk2vlFsdMnx\/1PztadadIvip8Uep4W2UrILeqLRlNVTNI="}
02335{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596864,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+MAhAADkG3itSVRqiwKgAZwBQ4sRSEHNJL7VmbIAQAggvnAAAAQEIClYL0tkAA\/vKIyitJPvzo6LabLr0Wrbj20tJs+pmpZk0I6GIJ\/Q1nH5miiyUjSZTTQlGKYLQyorSKHr1z698HfdYed0eMgEiuFT0RePrTbtKMUmdI874j07yXKSK6pE0inV0s2nauo6YW8buxzvN\/XeNyri5dWJD5A7XBYsbTGY8jItaGpzNIdZRxlEV0uWSer5aHd3O\/P49vkF4LGgjZnSbNJBWnQJnYbJ0H1+ov8f3vZCLHlGTGdIGk7CdSdppxQWPCVS9lb0iEO2skVVxFZVXn9uOK45v0vBp4O1yMGPlXMzQ2BdiFHeyO9x00eN7XxLPTG2wT+zAkujYium6gI\/i3oTWo40EDqsNZUncvEVUXvlFaGZvSmEgNnTfKLpBJpRstHCwWtmTmDS626QoC1WzxWuu2cjV9GGzdALaINKIJKMUq7Koq3I18eK1oTYIbOQ9z12VeQ65yk0Yizd5zZK0oSbO4vGSeZ4p734fnOeOcnkHRpTHhi9OOHF6HRD3Jma14DVlqGBHQcMYXdppYVG49nMrbEtYdG5BgeZpiBOFs6GvFHk6LT5cVnSiYRo1ndDoTpw69BzB8gt7PNAFJD+upVy+N9Kad7TO8moylK5g04JydpCTtITqqTJNWzVjVxtWQGhU3c9pc99DwrdxOi9DEDid\/jpQmnl9Gw4mTZm53mTscPVieN9XyXXjoasCNMye4xO25N7YSFiqs+\/Hlg9LWPhWJhl2xIE7yYQZo1gXVyoZEsLeEDRINMkvPVBAJYrISANoHpKqZdBoB32gIZ35xGLH2yohZGlWnjFNXZDO7MPeyorQeVg63udk+hw9y5x8\/osCQcoasOotCNm6ZxUVLyn1bzmJ4+mM1lVXfUOqudzQMq5sgqpAZU00KqdAJxRh6tYFAaj5DtaAtU6SGOta52joqbOaq6AJgE51UGNmWCvDNzx06dRgGlYNQdiuIQfVkoN8X7t8gL2EyHVTbZSmWJk1bMaVK6uqIWKuAowVFIioIfVFABy6s9Ln9DO+o8vZ06RM65PAMzWjuoyOmkq0sf0Tn12eU6TxPKw9vK0uvAncyu9x01NCp+fUfmcacnd42uOKjlKQMEbEOmWbVNk3snEVJFUGEm5VoHqh0r4MzLbc6xom8Ei4YQ6VmTXtwT6omm7rIU307Zj12VbZxi7TUUpZ1MA2mKNslKiEZvpJmjVdhqsbZpl8tQSM41Nzk+lmrq7h5u3iO25uDxx2hOZl2WktIjIk1pjgWsKFiQSGLtxZly0JhmuakZ0Dr0wAdSCeGNu0WY9e2O3lNqU0D1zpaQJNTEMamsqjZqayLDIMmVl0i31hJn1jGTfE++7pxJO9DPNqTqMRSjFqHplVctQ1FqQ1Ae8uGG3VkVtch2noc2LbRq+tybHJdL57jeXYFtUugOfPk2PScHV4OrkPNihurDQ0hdgWz3Wbq8vRRkbQUnnGridbL2PP+z47KZGZsswkBimxtbPHRs5F8QlK+QxEe7WeXoDpAkE3CGzeiyGI4XQEMMhaCp1JnfWj3d0vTfVpFFBA++VKeNDShLO531mzSaVFwx2dEXQ3c8fjrptCcaZGB2fLCC3udNU9ZUpzrWGVKH88IsHKFVKmpTNXRbaFEWtACbR8BZgWgnEdoc9clYUI4r5DwT0VkDp6A48XRWccA1GucqB4kVNCxtrY4llg81tdNYlW4IzNRapfU02b433HaxUq1Ngdo10nHlUEo0UWr3Bz9o6LOxsjfPVzQhuqJtTDXHri7s\/0+aO9mbO85vnfT8hDj13P9tRbUH3XPr0XD9d4jhYuyMZ1YFegYPe8u5GfpZOd7Uh7muD1NvMh8vg0G5TRWSpYVhckRtlBAznFMFuawWYimbk996QtZsms1XXoFpvIZlx0KaKne4O5KBM="}
00429{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720942,"pkt_ts_usec":596895,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0n85AAEAGbO\/AqABnUlUaouLEAFAvtWZsUhBtv4AQFZMuLQAAAQEICgAD+9BWC9LZ"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1436720950909,"flow_last_seen":0,"flow_tot_l4_data_len":1430,"flow_min_l4_data_len":1430,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":1430,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1436720950909,"flow_last_seen":0,"flow_min_l4_payload_len":1398,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1398,"flow_avg_l4_payload_len":1398,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02351{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":909974,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgMlAAFYGaDQfDVY0wKgAZwBQ42ig4vcaLhm0z4AQADsFTwAAAQEIChPCQpUAA\/8J\/RR\/Qw44auNd5sy65M8X7sSNLvesqLPp\/hWIEgj7u\/c3G33+CGWHr5NjTBvseCa33d9vm54JLq\/16uWtfE8LiAl4wMLDP475fV1R18fJlgWHzmvfo5rv8qseyXDb2HUuXqKoKX0JEHYQ4SCsd7x2l6PL5eytk2f\/kmJp\/iODsxx2N\/N4UQwH1r7vqSLq\/y5DElOXzRARZUzbImejgsz5wOzVgeOngfBrQtGX6fL5DmkthCiZgx4mBvjCvzFR0YP1xM0OXv+CShnIqVrP5zMdqJDyzU483pE+34fsEdDMZT4JhGoy\/98gru4qi0lyXyEksrGabld776ByfJIVVp4RivH8YLNUqtpfCVBnMTiA7j\/sfl7slzSCJaM2S8tAkbhjEusFLl75fI1asIxOiRsWcrVhmx\/PbZlpNd4K8\/v2iJLC1YElBY1y9j56WJc0LPwne+0suiyX3kgj3Fb6y+5RCsQCy2EKLdhWRbyLYVKkL4lX1A\/hBl\/EQkdQU6AhwlzHoU9XC8zrf\/sv+pTGiGgMczA3HQL0c6iXziIlynBHwH6WDIGpFhs4sIl7R4Y0SaCPOZA1lnMfjRJoKCOWKLZc4VEiazWUhaMala+ExIJc2XmtrYy\/iRYyo+LY2ytYUtBbJwRglHwtVOPffxRf4sv1nIag0M0miGXxU6GsLdqvokImfUh+1xnyRB2wekFeanQUhm7KU2GNA\/Wut8I6Yh\/BrGK2ISAtFCkh5uw9+EN15dd79TckDZ5M\/1IXL8vqbu\/hTG\/JfucZfR3dz3L3c+OhdygQW8UzKVOFvvFE3uZQnd322DAH7zC3LRHAXbCjqHBmwf2whhpegjLfm6RfL+z+IzmMokA9e2qfVhZ6xYQdwpjxowXA\/a0hFuEIYBqgg2RBxOTW9B0lNexKZj7L7myCIQt5asMs3OULjIFOSJmLxUIk3Q37w4ymEfVUM4Q7YQrd2Q7D7oXQeE3jsBBmSxiRovqahgnBN4hvIeCZZMLY1uvosfkYR3vNLSiHuKZeam\/RFQJomYqTPcrO3yya\/L8n\/bJvfwlRzHWNuu76VGEBOTSmIQrzPwlvzfa91FS9xmltfjK8v2vivjQ79d9wnDovM7E8heMjng\/L76qTSur9Xu++liqI9lESwcV36\/iMv+UhBAvwlNl9yFOXzTHExcfuKxDjy2WcT\/yjID\/XwdhLUHYsgQ9jzrKZiitJYPrb03G\/4eqDHUUFspftslQp6lFXZbtMgT+PtX+iul7L97VDMHXGdwaI8TzZ6\/jXre8vnY2F+CmIZKNEjnJpMB39UHX\/p7\/3FfZpIUwHcB3IlgFw2RAH5dbcIGzC1nhuJYVIQctqJ04wUFMG9bZhr46HZ73BXAQuUhUW68mxXOEcSUvu6IiD4944qVAoG\/m5vfXCzer8TXXbtxGJy\/lJZWKxmuOzEdM\/69tZAld3d7Oi+E\/\/wSXdP1F9r8RHsvFnMaKa\/Gb3fFq120z5cfUI5ObITs4O5x1e\/k2SP4T55SQ1l\/\/E7jbfd3y\/W+K4YanQb4PNdLvnwtOUEVU10v172Jve733E93FYrd8\/r7COigUu\/j7zMkQoWBxC6yXxRL8fBFpX1\/jifjboOb9QR4q79l+S7kBZXF3dpMduttP55\/mpWYFflzvfd\/Hx+Ie9ijit30tVfYliZvDoVqX8Iibo18xmX2SURsTLcDlv6t9hYNRdUnFiX1r9e4\/4uD+iVcRBUU8hc0fHv5tu\/ghpv97F5dOxeZj2CiEjpYqtM2N6y9Ex9X2v34njvtqIprtcVwGtsEjAY8n2yd95fX6LnY6678J3vfovd9+pLl7ZMl\/\/3mgopvtAOiqdmdl8m1KgVxW1IDqxnD5Yq+7jVsvs"}
00428{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":910341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0TetAAEAGtojAqABnHw1WNONoAFAuGbTPoOL3GoAQH8w2dwAAAQEICgAD\/xATwkKT"}
02338{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":911439,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgMpAAFYGaDMfDVY0wKgAZwBQ42ig4vyQLhm0z4AYADulrQAAAQEIChPCQpYAA\/8JIuSEmFKcHvUO79IuA4AtgLK1ooHfe\/xvCx6EanjcjDye5qfYfg99btIFMlfpEyS0+WXx48YQQIBKyWOQayb5WbhMWSz8Ru7MV\/a5RJtywzl84iv9BLl6PdqXz3kxPZm4yY8HdjILE3vdfyWVN0pVFaKK+f+Osc32N80bLx0naY6\/StT9w4Neeouf2Tn\/vkhhHb5a5vAV9Sx5efQ\/Fatqq174n5ea7v9ir3vf4yK3Pnlx3v3fywdfv\/ld3jdWI6CQY9xByO962aeABxBaD0Ff8vq65YOluUkGW\/xG5p7nyyq1NumgVeaWXPx2O3qpBCTyam4Mj9KNa9CLu77T788mzfZZLswHVfevJGWxpG6er55a4je67Jde+KzsbHfq771q7M2+z\/WWJw+2E3Gv8+Ffd+tBC77nzd2bXmu\/clj6qf9o8rFbG7XiKrvvv6XxVyXfvsflY+OxHlh7gk3Z3+CHdjx7fieVi8bxm781fQKvN8eNlagx6Pt3\/NOSAfXLBsZ085Sli5c\/HVLg4fEITYcZuYfT1VtMLoUR\/it2aocyhvwSZMTvD5t065r2N7JUsZycS8vq283r4S3bSl8\/xBhG2Ci5YyWnWnN8pxV7z+JfURJd7rip6XefL+Ju6T2Uxe8n5uUueW8j7FWxyhWWeGt2YWoIb6BgT6P7uCHnx\/HwXcNPzZiXBYPY6liIwioP5BO9O7zdXvrl6Ju71WJu93dF9e+W764JLl\/1aJkh+a8yX4S4lMe7dI+73eX7WiDQUaZve75ZfLkLUJX2tpOX0s4hxEi8nbq2h\/\/mvflq9RBfYRrfTdMUcVv5e78i9rwQyT\/Sl\/1zQY9T8g\/Uty51S6PL8o6JLB8VrQkT8ugJnmu83Eyez2e5Qy1+W7Aw4JHINbEb3Lj395YP7YvjhcMBXfvXJ44Z+Ixmnuj5fXvqryZ8aIvNfJRrTESolEZ4VaoKtE96vFFfwld9u321frxC3vvk10K23e7KuXiuSPeX78kEfFYr7eXpJxFpezOY6TshceqnnmzDJNaHyWEjeK+xtg7siFQxNUarW6raVTT\/fwlt3m1+qIhVuJsRCxFdbFXtQf9\/RdIuTCv1R7IUVly5mtgVW\/5h5d378ta7e\/5QkWm71LXLL\/Y\/yuCATBPFbu75ZM1tF4Xr2urFPeZ1jp6PYqu0ysRtkUSKOnvSvJ9F0HEq\/Rr4RDbTxd+7uU\/Q0X5NSa4riJq7\/YqaIUW4dNr2MWX30vRqr09mqvna6y\/VdiohYPHuWzpM\/5V791hHspd591pkzSvTJiOetcEmlGTx05fm5r+E5WPIYg3+Ld5OiDJCb38Xd9ysF92RKCKwntddXfaT3LP\/4K7yaDr4HbV6D7vh8Ru7u\/ShH0gWZxKK93e\/u7nhshKX\/8u99ZHz6WcFOZh7FbiudjfLamk58fUJd3H2j6sTr\/E4xQhYhPxokXSHH53b6EIn4I8kGvoiAAQAAAAAAACAYAavAAAAAgECXIEAAAAAAAAAAAAAAAACAAWcAAAAZwAAAAUAAQABAAAAAIBgBrAAAAACAQJcAQAAAAAAAAAAAAAAAAIABZwAAABnAAAFoQABAAEAAAAAgGAGsQAAAAIBAlwBAAAAAAAAAAAAAAAAAgAFnAAAAGcAAAs9AAEAAQAAAACA4AayAAAAAgECXEEAAAAAAAAAAAAAAAACAAFNAAAAZwAAENkAAQABARggBwEYIAcAABVgQZrjwgqFiDcfxdYWFjNTGhc\/+kWorCzCP06aQacK5fU3p2bDv4QjGkzRtJEnNbVPk\/10ykQi0ZJ4s6VFQ2Ko59C0bD2u1KUtTyS\/\/DlRe1HhoMlOd6CAkkRYQkwPPOx2Ho6SCe9GzaPNROS+"}
@@ -320,8 +320,8 @@
00429{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0Te9AAEAGtoTAqABnHw1WNONoAFAuGbTPoOMiyoAQH+o2dwAAAQEICgAD\/xATwkKa"}
02320{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916536,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgNFAAFYGaCwfDVY0wKgAZwBQ42ig4yLKLhm0z4AQADtF+gAAAQEIChPCQp0AA\/8Kkm4H9UNUlt5SifkUxFo\/6pSRy9YVQkaVisFWxSviLzGtFeJ17dk9PuzywlM2Zne9TeoTzdVaw3q0W7rpcvd6ZXetVn4upU6GmrcOittPFjiC9IKbgacSEZXmYOU7kCMqmARbBX+D17WwtyFo5rl+10YZRllZIvte0X2S8llzqgD\/e5xq3Gbi4f+uWcihLe7TsKW4iPUEV3u\/ZBd931oIeo2Wu8v0n4J8vRdt3c3EYnMmT3H9Zygo3tOK9zZYk4Rn93fFb2DbsJBtS1pOmN4Ibv9saEBrCm8rAFRZ+OToCvEM4PMbuTAwXDY65AW36rStQJTT6M8xPDAfegP\/a+jGogLisdOMcK8I2y2PxT093jBJFvrPvdmEGEYwljKMBSSQBdZkEnK127CEya+dVrxQ8bQA7ak7HRY6gpvB39ZbsdM92sX2WE4JsV3vfuExvJ7Fgk6m9YnCIut5fnuIKEBXcVxLnkKM4hxz4\/LBig2mlFxcU6ZRUFl22uLrquW5ThMVu75+tCg3i4VfXEsVpiRyxIycVd5Y23P+UKRmDTh54DcqsHksGqbCDxrTuzdZvUErovdI4vvWyF0U0WY21\/68q9l\/9QTeEpMusNDiP94ZhEQKsb+P883eZB6WXflve8viIwRiZMu3l8LBIYFBIkacfTg58SVuxU5riuX3PERaBZLR7GJB4QC8Dxx0MchXUQ687MJHnMvsjuUwyL0gfZVXLJds5gWwzJsyv93QTGBc4U7abYpwfZqK5ciFYVBqc4TFAriPlm9ijOSCcOA\/ze5obU16+URF1VV1y+URFoTQzwYB4wz40QIY1xMVHlt3RsfYZJ7\/JOALBfkZxA1JdZBDlQO8HkrpwiV2fTmvCZFrNDhqPY4sv1Zi7yqB6VqXsRF+WJ5e7v5Zt70cxDAq2Upavg13D1m1VhL91LKCqWoHFYWGaCS7TsJuiWLq+XwkiVLCkVTkgck31T6gbtZjIF\/JfV8vgxICkQICjYUJg2+Cg+KEOUmAAKjAb1MwBg1nr4xm1tFytow6nl\/W4fYNkVEvGly+D0dhkKgygrykMuCppWQdpMrwlVww5y+49BhZL8ZcWcQL8ny4EIuA1ixyEjCwkZ7YyqucP4r4OrFmEj4N1RcxYQ8nGok211iDUeHbHpAb5\/pLE7lxfbhC+7UDdxF2yt4XhHl8Izk5x2SuE4VPpQQbsHZTfi2PpAZHZb3vphwVKN+9eLjvB5fn\/YlX66JxN77dviwh03Td9Uu+8zCfi4Ufesv3qPhHxXarar4LIqtcuZvVHmXwwkxogJGG5GBcvCqekamd+zw92AASyZh\/nDhzpOAeFD8TBpuICl\/bifl8IhUJIEYJgmQb35+UZLKToDQhFjCyQAE6HHHg8dCYNgluYd2jkK61fcoBMTbAQDhXYyHLxBn0EACjiXRueokAwRCwjq96Qi7I5aG7vfXZLH73BLeRMX2tl\/hj\/0n9QwqCJCXMhlpL68RghupvrL93RELw1Neyx+l3y41lgk7Je+JrWsXWs0VTd3d+84niRJNX40boGoRGFy+EzkmFpgu4vbKopvl\/HAhlwpcs5oneCrOVkTEQKu8CGyWaDQ8t\/+lCqAaEPekixHEvhWDAcsux6TD0CzaRmBfxWIz3hpeH6GEHb+DK6c+sAgYTD9upOy9kFFNlOvR70tq3ZOz0TH50li+8WdY2ESfXpNErXnEj9SfuzsiZ90uZXbeM5YJta7uxl\/HCxucKVqNGQqmQD2dp2\/6QLgFN86CFw8mz6fB6MFWBKAggLsHakQ7oAiIKQeggBFzZx9M8odhRbII+zNYPXqJJj7T+ih+LfsUcGobxf6F6gn44Z8aA3fuoKLM8Bkcm8flWzL4o"}
02323{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720950,"pkt_ts_usec":916749,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"QPMIw47hABsv8H60CABFAAWqgNJAAFYGaCsfDVY0wKgAZwBQ42ig4yhALhm0z4AQADuZUQAAAQEIChPCQp0AA\/8Kq91sV03W38Enc6h31Pa8lbRDfr317vl\/swZDIbNFxdSVl84XElLcFNuM8QfXWEGr9odZ\/IhFqXwShgkXCMM0GYYg1eWvir9NqWXPyiN37R7q0URcVvvHfdMJQba6CNwh352ZzGO4LSoKz94wprahpNIBbU\/J+S\/6RIvsKaIDeh5fVU1H9O9nwDPMxlbc2\/gjlpeIDr2uvQSvG5OhmM1K6nT5IlST\/dm+1zGhYZCYXNpjT15fQmUQUJiCTRp9BPQJO7vzt5qHM\/i+7vvShgJi7lwtIEKz9ro0Migp3d4WfFt+U+p79ywhfFYb0zPjhk9dEFqhF\/f1jheftLEwUeWBYHz\/4sgT4Qs8nAYhYgbQ6ztXFUyP45mJvomy3fyoTBt6ePmKF0iVbW9wnDQ1JzcMtS4+WXjsS5cHugFHPF7lgwV3NFdpp73C4kvFGHBypffUXEY4XIb5nHVrQlsSEb3LQDc6CYWQXezQmqY8IBxC1pqnGnKkgBtRbjhYUs45OgFjO5bBBbMh8HJaFBgzQa5huyodJzSQWbcSOmJvcUcFF31y4rd45xcJ3d90uaJpbapcv1KeHgiCi56OjGWGq1hmrrCu+OKDiDhS03AtplWaD2TdxbLdH2XS3liY4KQ6WyluOE93y\/LRdBHGjcHgrPgxWaxflljSCJm99\/TKr0wb2jbR5fkmRRkIQHH4cfSLOggb2il\/COdJXGb5m0CvaLxHTFcAvqewyLu1UJ\/ab8faPCMmK82abWO06WJafqMwPG7OJmJsXbbYleKvCEpnUXMnHpdbx3H19e+SzWlZ5RALLR7KQXbhimUZe\/zmDdJ9+cv8TRDiseKyDk8WAZdYjnYxEB9tJUGMtKzhSb1QJ40FQsA4znDQE4ZU7dA\/L+9fsDYZ7GYJ9O4JJphYNPBjRQMdmPTd1CkWVAx7mjeAAEAFExOmhlH6UmH3LkbqHx4DZsO0Ie0LYD971YxdD2BRqznPSitUwAFrR\/L5p7KWCuAyvjXMtXAdYNhgNKkTOCzrKwZoXrWW9\/ckKXu6b7u8vN3VNnZfECTCXGhgZdppnaA61pQhFvHFs6O4mTuEHgrGiIFG1UoNVfcvCAsFUWgEhSZ4PYDeNlf+7u7v2XxTIpBKF2QxgssFWg5FtjxgIdgmBEHAuL8ARPhe5+ZP2wT85OMAsdwTgo4HDoMWm5xBAAEAGeZAhEu5wPGRZYoPAAPzpCQasO1nRcLApFyGhCyOA4NgmPucsrSmYmCIwAHrM4D\/Juzh7ugTHfzRml9hkCsClzQjy4APXF9zwfg3lhiG\/3soDQGvZM00AaSzf4VD4zg4iklxcNPozSN7o4cSHdzUAF75Xagg3pkeLyha0GQ6zCeKnqlF9ir8WIH7RvmigaMQmJJb\/ClkPmZ2XhVZfBv08NtJHlu+MgnfUfeGnrwx+dcuJPepNjTXqEYlwFLVvd7n4h7z9eMuX39GPbOYtEB5oFj7deJqIm3pKnKY\/Yvuiuoe9qW9+qi\/VlZIUm7OIrN241GRLRpa8SwyygaNHsSdONjxlvYvpDY6y2MZ9veoK6HGzHoDcdk8t4fFefZ+SXZbFKKD3KQQWf+XzpWyMFWpfvHG0IbFbPLejxXyy+yCAkUSihTGAO5jGqF3Uvgjzsmot3tkgUlPGh7FUH1FO5qS4i+x6o\/TOHZsmmUTOXwvlJJCkb6VhTfTEFfMR0PNYYNIQvUM6RIgZwx+yrpFK5nMASBv0nvuh9h0lj4iWSY4hFiAN3ZX1THvtBQIGhDL++DYf7eLR80CcdlHvfHlu3FbuWVTBcOBS9z4N3RMZaywoKGILZDzPA7kolZBImEtSEUgwTrRoVqj\/jGy+EHhK5ty53khTF6ppl4D"}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":644,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1436720952553,"flow_last_seen":0,"flow_tot_l4_data_len":1450,"flow_min_l4_data_len":1450,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":1450,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":644,"source":"instagram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1436720942580,"flow_last_seen":0,"flow_min_l4_payload_len":255,"flow_max_l4_payload_len":255,"flow_tot_l4_payload_len":255,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58053,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1436720952553,"flow_last_seen":0,"flow_min_l4_payload_len":1418,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1418,"flow_avg_l4_payload_len":1418,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02340{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":553865,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXVAADMGTWwCFuwzwKgAZwBQrHcqB5rC6nVWeIAQAeYA6gAAAQEICmBlKDgAA\/+vNN9ULewTHBOFuxeelHDOvSnlSV1MyHTuCPSU99J+Rb8TuXzL6L8kVMT9JeX\/AEeHJMKvc8yfZQDY5nhAsWaIx3cLbY2ubZRDNurbaUASgAZ45AKigq45hruCoLni5pLmg59eiPd\/MiN87txVNMyFgkWsWfkcvPvLq3ncGqOJteWDTNpm8JnDNe\/V0S2KHy+GaSkVk8YYmWOQdL4xuwexnBqduXqVc8IuuI9MY+Zt8cnTPcsfLLIlpNfPzE+aRdsInsLztgb98N0mNzOHWHNTZrWKQPr9F5EE8pK7KRl773oe+7TTr1byuTp17xSTo5toqt17OaKtyATyBsMufY15yTPDfHSZYsAADIDSioIAAAHiqKF1TXzn1tX21U6idxttVoiynCqd8u3uesClb\/XTWQXOtPYUXP50lMJRzX9QM7C64zEeROD4ZaaRjli0mWIjfY1adjPenj65KGzqNXJTVghI+6I9UuSYsusH3FlxFno1c9JW3qbWRHfo32lBRAAGeChkqKC5IoYXnRl6Z3L5dCnLn26mSNOSOlqcea5o+UReR652+3d2\/Dab0zb9PXGqPSSLVDbNYRN6MtmpYbJEJLFdJ2RaURdiZY5h0OrU5h7IeY888nVsXnwm4oxv7JWfA68vLc8ehxYrmuOvDGouaBzaCTVP8+zXrnlnrxCWO9ezKKfpVjom7FpO6KTzNl60JdWhqz19c1yubV3UpRimqVV2W9Iuz4HPYBS04ZbGvOuvLXvjiZYsyxAFADSAAAIAHiqKCLcMvDzel9taKZLs5gp0t2Sh58L9ypUAXrhU0aeiss785JfFQgziXCyntnoKqRxzXlrlhljpCKihlu1P7THj6681RUYywmYQzKyhFbllawrlLFUK21TYahBMm4bB0c\/Q0qorQAApkAqZAqooYd7fNpcf2zJkmmfqN4IOKohvY2dlqWGThFbWF\/iVS78WnnJ2uDHuZI98fVGcac2Zm9mcm1UZY5ht7uDaF69Ec7stO3DjzT4G5waWu1vkbTUs3N04NR5d+uk9NE0xVVXqfWMDHPBz3TyJ2pj1SeiHvpcNbNaNfVk2d++zGVKltAVHjbncFMYehMEedktrQOr+f0lWrmtUm+5kDyFpIAAACABpAAAEADxUAvSVxiQ0ufh6dafDwdvPJvem8y03645umpEvJ0dXO8bOVZrlo6+6HRHb0ou72TKnrj5KPN7\/AOgKGio1hlhcLnqyF3+tvLXsSbkfin2t4tioTO4NYFQ\/cjnql8XXv1hza9+0Ud7jZRwM7yzJxDp5um5UBpRFBRFDJUAyXHIMLhp62c7n0OsJjy0iGfHrFKd3PzhU8hjD\/pFzODc\/Y6udSW9S1xmy97TUsc6rydtdS82Etsi8jjdrKKSuKgmeOTOnu4nJHsh6YHzk6+ZUwTisdkMdqJMzvOrXOshOkK636OrSLZYJJHZcArm2apudeK4tWc27cstemRx+TikdR37SEPju+kLssw2Gc1wOvJ2hIdaYk1zq07Iu2KUuuldIaeHl165wzJM2tQDAAEFA0ACABgAIKiLtm1f2FaZdGxIrg19HJLzj8n4Ypnc+B3T5H9i6KUpcY+86xxUVeVESMl8UPe1Kc82\/VTk3j\/1J5ak58ckqUUUN\/rfyR6eHcXir2n4sx0h9l1nO6iWmGyLxxNiNJu0g3Ybk0hqbHRqCIdPN0XOQitAAKqALljkCrjkGF2Uncud2zD5hCufWAuzR3tSLQmaqnX6OSXbK53hgkuOsgpG7qQpZRqSR+oidlVpZdTrxXdIxxKXxG1ojMpizEzxzZ0OrW7I9gvrG+cnXo1beEccjsojNZyrk6C5qrW4NVKD9vH1VFwxWVxccbqS2Yg5iCSbQN4k01rSK6ZNFZW1N6VuWn84="}
00428{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":553987,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0quZAAEAG4ITAqABnAhbsM6x3AFDqdVZ4KgegTIAQAtavfwAAAQEICgAD\/7RgZSg4"}
02345{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":555971,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXZAADMGTWsCFuwzwKgAZwBQrHcqB6BM6nVWeIAQAeZ8mQAAAQEICmBlKDgAA\/+vtV20fc9mrp1dM1zdmjppSPVtJK34O3VnVq0beVF65xNDXtnFMscw0gMAAAA0IoJBUBRFARUHcs5g82pbGbtawVs6OSKR1bUyvV0dTgqje3NxuXVMt1wlAegfPgme8KPvNkyz2Nzpho206rca8VQBcVDdd9H2q16p8Xe1\/FGG0PnMFm95yjbzbc7y6uXqTNGzWHDjlr1zbmh3aAiPRz9FJQBKIrBUUFyxyAyxUMbqpW7M7s+HSqN8+tay6O9jTtj28wUzIo\/I9c7sc2SRY7SGir2ou5wYpBHamL2VXdh1GOfOiG2KSWK0ZRWURgMc8c2dLwzO6PYryxPPJ14tXbyVLEzu7AiS6csbmt9Otxqax6NG+4uWLSiIMYORwY5GrXsyVyji63ZEef2CRuZlT9tVLFa7rpa4rN2GvKa6elt72n7oBKscxMtLQoy7qN1yh+eGrfONLhtDQAwAAEA0gCRQARQaoCLnm9fzqjnZ3VrTw09XILe19+jPTt59nHFRbU0OOuNydnD0UHny+qEQy39QN7UThl7edlc1nfdBowRUELhmGc+r+yWewvFPtPxXnpDZ1BZmRK8zLPQ38W8W\/X1YhH8M9eufC2d\/AOI79G+kqiNKqKAqKC5YqC5IoY3XSd0Z3Y8akkew1rnv4HkTku3FOmJHHJJtncsjjclx1kPn70JQGkcLY6tNQ0zKJTVjWvXtSZIzLIrSwjEmjQ8c8c2dDq1OqPYLu39fJ1betucGQOPuDRUSXa1cLIpt3N2mddd7Y5VNmsbw2Da2\/vbQiUjZHiNOuRQ2ZSRqRNXXUTanbbp9PbdNN2jY6tLkwRT\/ANjbmOa9UE6Uotjv45c4hUhaamqOkXoyhy4okgDYACCgaABAAIoAADuWUw2fta4zKI7NJxuGVLi29HLne+NvcdlxB1aHHXK2+xtdVSUBfVAg1XrRV5tTjh624ct8i+wPNScORUqMc8Mwy9A0D69VT7xd7V8U53E5jD5vecyw6sYrVuz2BjjtWSJ8nbzbRwtr0xDjG\/RvaURWshFABQXLDMBUUMbnpi4stLLjsnZ8NankEdmWkdab9Muk5DH3nTO4pEwOWG8yo2aQrXLjZXdiuNM0hcyDVu59yGWKyiLXOcZkMeVY7MM2dDs0OqPZPZydXJ159bc5NQmJyqJ1n3Y9HE20x57YdM68dmx\/qZ\/xubZFscff4rR1u4z59Nv1lM66iJZ3x2S6YP1M3XSpWVsVDbdy6xp4Yopxy1ire9NXUDdH5QwofuPrbhV5y8si6MKyVFHiAwABRANQgJRFAEAFRQtucQmaM4mXub5p95Oznuefj688r5I9Io3NRJy4pPrlN+ht2Ku6h\/QXn5ptuulbZCyuVgkTcvo6\/Kxzrz2meGueGWOSOn3F4n9xzTh4w9X+ac6rWdQ67Ljk1S7rhwtJ3i1X+cw4WoLju5KMI5Io4ONbtW2kog1kACqiguWGYCooYz6ATTO7t5HXhw1qebQF2qZdp0cidTv0Xe9srme4048++yBSFg0z42SRtNxxS2IytrHPX1Ij8Vk7Fa5o\/JWGa5s9+xmDrx9qPYDw1O\/L1a89e2KisZlDBefSxSPipRRjkzbpFVvfK43E7weGqLi0clcfofITO4hnvIobM4rryyF2jrvNWRSt60dFarYqu52R3e5aM9G\/a4brng6ZBkiCt702S5fDbSrWoq\/NToyhaKjMRAFBAUANYAkUAEUBFQHbM3h00ta4zJY\/J3bGvNV08O1ZZGZNGYqLS2JzrXKQObG9Rfd54v2gqlsvGjrpY\/dvL3jmUMnMFz0834bMNsda54g8+w\/HfreHt8+XvQ8OvrspC67h\/dIPKIblw4peerNFqYI1OTSaIwPLKqjmzXmxQGlXFQVcVBVxyBVxUM4="}
@@ -332,68 +332,68 @@
00428{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":559694,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qulAAEAG4IHAqABnAhbsM6x3AFDqdVZ4Kgew6oAQA16vfwAAAQEICgAD\/7VgZSg5"}
02369{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":559999,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXlAADMGTWgCFuwzwKgAZwBQrHcqB7Dq6nVWeIAQAeZt5wAAAQEICmBlKDkAA\/+vPiSGlIlBo08GptF8i3X+Kr26favaxYPWeD0mXu0mqZ6nR\/HK1hin9irwau8X5+O6LvHy3\/ydOK6UdJ0lM5G2dR6vCPSZfs1dNTi4snFwk0zTV4HXklp\/Q1RB+Bf5HT7V7V97eqWD0uWX7PXaN\/uj0\/k1HRGQ6eRxawJ+2y\/8DfxaXYvY\/rf1fg9Jl+xtImupONGlBxckzUWyb8if+S0\/Uyjx4NP1EZbNiXnf1Xg9Jl7N\/RTeRKttaKUur7NRFbpid\/4OyvkfppUpRGmuJIhrSjhkPVRfcJp8rbUn0xcj1ErSZ6Z8sq87LfXyifsWRcfFY3QpL\/isr5tPtRrtKPJL0ifMeCelOHciGo48xZD1fiSNWcZabpms\/wBYnpMvdb62V\/7JFje\/9\/DqTrhCySxyU1zEjMTv5nJLJLXXg65ywOSXc7NLUt0a7fUKclhkdf7IzUsfGiDqKPUp\/rJ\/e8\/Twl\/RP08o45P6Y9RtJM9K1b2e7aRrt2iZQ9qIr9fgk6QxZJ4YnQp3kjWV8stVviI4Sfey4rHJKbeRGgv2NTRlN3FH\/h6g\/S6n0fh1I80aepfEvj01+qZ6p8KP3u34Rwj1FODdHR+qltDXlHyQ9RF5Oq8FN5NOVto18ocbi3s94P8AWvg0tSMbUlwa\/p0l16fKK5J4e+l5L5r4pSSyOVx6iWpJ+RPbT9LKWSHpIRyTikqX+8mnj2S04yyicFFcfFp9qPUyrp2kxISPUdjP\/wCaPTJc2S9Mpcx4J6c4dyIarj2sh6pfyNKalKTRr+CCuMvbpr9fgl6VNXF8j6tN88Dh5RPD30\/JJ80J2vglKkSk3kX\/ANZRpaEpvg0vTxh\/3vqY\/wB+yGNnNIer9HVJn4pPlk40\/gRp9qPVyuVEZ3FMRbL+z1cv1SIyuNHpVy99T00Jc0T9NOOORTcX9D1m+40aqSOmzoK2h2++C\/ZbSipKmanpa5gNXwSg1tp+TU7iPvbpWyUnJ3tD\/wCs0PTdf7SwRioqlu2kTkmqQpvCKkxaf2KCW+orXwI0+1HqHc3R6XmC3cvo9VfUkyCyj0uWP2aUFKclJGroKL\/XZPZjIdvv0u9bseCMxxTIRayamTTfgXu1Z2+lbUaUVVPZzSHq\/R1SlgWm3klFJWQXHueK+BEH+iNbiTPTdg5MvnpkxtI9T3WQd2ely9ozttfW+hJfkZrvlEJUpPa9nEh2+\/R71uzT5mjW0+iTQpEZWSjYuHyL26kqQkKLeDT06f7HVzaOmbFpfbFBLeeP9+yGF738EZfp\/wBIbs9LO04FUTr8iFyepTcyHk9NljNGX7uyyTdNnp+NQ1lgXbL2dQmL3aPetrGaPcj1sLSkUzSjL6JvpZakJe2Wn1O2VCIp26iR0ksjVS492oQwt7LLLJZfwOVJr+kWvJoz6ZNn5eLZa60ikep7yHk9PlkqStmm09W1s9RSUkab\/ZGt3IXZLZyLbOk01+rF7tHvW7NPKZJKUKYopYP4s1dLqjayYIyv2SdKy2yrPS6f8mNVgfc\/dPH+\/ZHCKK9ssv4Iy5oWzacX\/wBGs\/2VEptLj7PUv9yHk9Nlmp2s0lWo\/wDrbHWRdNM18o0oqSaZ0Fb6faxe7R70PZy8EklJ0Lt2lJJNNj9QoqkidyfVRH2am0VZBShwh\/2Pufu1MEcL3yy\/gSV2NfRGNySF1X0Dk2PV4tf0azubIYNF1yamr+rNGX729muJkcmrlGh52ezNPtfvUnF2iPqL7iWpeDyNpyaRVRpk4TbpMWhSbbIacaujXhcCK3SNThiiaULkkJSi+C2+WS7\/AHamP9+yOPZZZ1ofwJ80WJkZtS6h91mnpqTaJXfJB8MjKuCep1Jr+xujrd8fYpcTE+TUkm1Ro+S15GxiIL9WL3QVySZL0yw="}
02360{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":560945,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXpAADMGTWcCFuwzwKgAZwBQrHcqB7Z06nVWeIAQAeYq0wAAAQEICmBlKDkAA\/+vxKlF0yE+ODo6XYn+vOz7WRwh4EqlRLO0Satsao0EnkSlHBbeR93unj\/fsjgckOa8HW\/B+zOhnQh5+CKtjiqok2NL+Oz4yUR4GTjVUSXApsTyhkXb4NOVJsuhO9kQ7WL3QdSTNR7Um+TlNo\/LXAnY+1kcLaS\/dksvaJJcsbtnp3VHUm+Bku7duh6iHqjk3kUGz8f2dMUUN8pbyz8Ee4eCQmKTPyXlEnyJXjax8kKp3tJM0sjfDRpwUnyUlg1I\/wAkWQ7X765NTZZJd7OiLjyj8ddrLpVIW0u9ks7RNTyXRB\/rQ5pEpr7HLmz8jeCpM\/GxaaEksE8f79kcLaXjZ5W8s\/BTztJMeC+DzwS45NLDJMTvZW1Z1IpZFmyvJp9zHNHVapLaHa\/eiUk+VtHJ\/Nj4S28MjG0h2sk0uq0SzsjUTb4HFeWRpYEm2fhSyxRSlW8sEcbT\/wB\/\/SONpvlbSfItpZ+BYKY0RGxSpkuTT8jwaWOR0XRd4HwQtnJwxQRgmuTTw\/fFEYUtllH82SfCLPDIvgetBZY31SbHtEkrwyVrJp4PIz+T3lhkHxtP\/f8A9FjbUztJ8sTE+CWfgxyTXCYkLixnlDyQ8jZBcDQxNIkzQXDZJ8mnw2Isl\/YnXC9+mVVi5OklJKTJ618H528Ii9R8s\/C5ctkfTxWRpKbSJZ2Q21IU\/sjjg\/s8H8nvPBp42ngvjbUf7bTX7PaOCWfgvihvihDyNnFl8kOESIYJEmeDxRpcJkskF+z31COPepdPItUg5NHTKSpsWkrcWTSjKkRwLDI42l3slnZEsssi+Ftpv9UPu2eCXaaWNp4\/37HKkSlVE3bseo\/A5Xyx6qqkQfBLPwKXNGWzqayiZdkfsrkhgaEjUXJLJHB\/0aXayWRdz2RqZI498VZCPTZB8DJP9nX9Go\/2I4QsMjjZ97JZLIk8sZDtW2m\/1Q+4uiT4Y3cTT2m+CcsIndLaNNDVt0UafGRv4K8mGyyZwRTFdkFwMt0TslFkVwJGj2seUfy2tLJqSTfBHHvirsg39ilfgVeBrls1O4g+BYIY2fex52iTyxkH+q20u1D7iTwakuKG+CMqtjn4LY1Y+SlvYn8PI\/O02dTowRfJFDK4JMl\/RFEFRpyVNInJpqkctnQ3li00ai5I498TTyQ8lfY+G0ic3fSRfAmR442l3sedkTyJN4EmlQhZsT8jbY\/7OBc4K8iYyyLGzqtCYhfBXB5ZZLl0USI95HauCRIWCvs0kqZLKF3b6mSOPfHBHJDjZ9z\/APRqdyIMSTFdFmol1Wh7IcLdkYKI2i0dQuUNjENbRXJLZcEjwJfE3xQ0KI+6xo48ke4i87ObJJ\/Y1TE0KSeDSwyXgjnfUyLHvXaQdsR11k6k22jV4kmR1IrItZYPytcJHXqPCOb5Hsib5ZCVclkUSTsjjbpRFDQ7ohZN8l0NkpOhPgj8VM61dFllI6UKKTsTrZpNDJ\/ZXBHJp4ZLwQzvPIse9ypEdSmdcvA5T\/kKLaaJwppM09KPkUox4aI5QiXex7I1FyIWBUhysWyPAzwRyamRPb9hKxuhfC58UdNuxSL+iLdsUuCNsaobrbgaTOkUSCpMmRW83yLHvrg087NJ8McUm6NXuRpk+5HVTIyTJd7HsiWRiwRSKFg88iH9DRxQia5PAhkSaNN38NKiS4Ongw9k+DTzZY1ZVj5EzqdikyM2yU0simjqTHFMcBcL33wQzsnyS7mar\/ZGmT7kPJO\/Am27Y95ZY8EVwhLZY35sY2QlZLJxQ+BzOokaT5+HwXezXO0YkVxweNsYMCfI3yRVmlGrGiAtpSdkXav3+GQvyIrmx9zNXuRpmpFXY8olptq0RyPeb5ZZF8EcbeC+LGzq4HJjk6IO3ZPuG62cbYojRCNP4eo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1436720952561,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1436720952561,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00482{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561555,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"ABsv8H60QPMIw47hCABFAABZAuBAAEAGAfDAqABnLiFGn+VCAbsSlgM32Tfr4YAYA4n5fAAAAQEICgAD\/7VWGIoUFQMBACAs4KplPbzXnvu9o5LJf4SK8seDxrub6gsxIshtI3HaOA=="}
00429{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qupAAEAG4IDAqABnAhbsM6x3AFDqdVZ4Kge2dIAQA4uvfwAAAQEICgAD\/7VgZSg5"}
00431{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0qutAAEAG4H\/AqABnAhbsM6x3AFDqdVZ4Kge7\/oAQA7mvfwAAAQEICgAD\/7VgZSg5"}
00428{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":561891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0AuFAAEAGAhTAqABnLiFGn+VCAbsSlgNc2Tfr4YARA4k19gAAAQEICgAD\/7VWGIoU"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563081,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"ABsv8H60QPMIw47hCABFAABH\/7VAAEARadHAqABnCAgICGn0ADUAM87BrqQBAAABAAAAAAAACHBob3Rvcy1iAmFrCWluc3RhZ3JhbQNjb20AAAEAAQ=="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":669,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"photos-b.ak.instagram.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02346{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563508,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXtAADMGTWYCFuwzwKgAZwBQrHcqB7v+6nVWeIAQAeZBOwAAAQEICmBlKDsAA\/+v4ok9muTJBGDwSdIjgfD2q2RNPDJeBZFtLJHHvulZHUsUl5LiUmamnbTIcEk7J+DSk3kfe\/ZPLEJkFaHFo8HLpUdLOln42dHBGFcjim7ZSOC0KSOqjr8fDHJJciTo8iI8PglkWBqxfRNCRD+x\/ZpO4tk\/B\/Laxrkjj3+Gae0cjyybfUkiI5NOhzSyRnFEmm7XscI+WdEBKBGS8DmkJ8WdZ1HWrHIlI08mplD4HjJZEbL5+FSVjL2rgSornZoaGxbSwaHYT8H8t2Rx73KkyMqOv+hSleBuXJJO+SMJfYkSRpwTGqk17J5YhfZYosS\/UoYnTOocmaWTVXK28bR\/sTLXwpLJJoTQ2jqRf0W9mUf97NCXBp0rRN4P5WWW9o497XBHZMk+Waj\/AGQnweSfg05NOiXc90TyxEMFCQsbMXD4LLs0+41FyWN7RGqGlVoXwUUV9CRRQ9m6QmqvZRvgoRBZJVxZf7eyOPf4IrZDyyb5QsbTyiGR9z9ksvaD42R4ESKpjfJZpdxqZKK2hRJcCQvgTEXyXyJifgadiGrK4P7E6LP7IeSXg\/kJl7L3vAmWKQ2SfKExMlki65Lt37JZe0KoUkWjwRXJRKqIokjT7jUyN8CYyA34Fz8NeR8jL5PJHIsktngUW8HSyXKoWKIsnKsFlsti+CeBn\/vZ9rK8kSJPZeyT52t4Ix8i5yfxIHI0xImv1NLuNTJYkMgMXw3wWNHSUihsezIvjaiMUUSVnSzpZ0iRXv1MDX2KX3s+1ngRElsjxvNcvZIjHiymLtIp7uPNk8Gl3E1siRArkoXwVsyyK6uExwa3SJKlZHe6LG6Oo6jqLL97HKJcROI6ouDP1OB15Kicex9Hk\/8AjP0E40WjihukJ2tpSadEIqC5ItN8DaWTqSOpHUhaiYpps6vheB0PBd4LrBDWTVSPJIRK5IjvqYES252fwajpWRd8ksi4HhiXImiyTL2WNmSXOyQlwLB\/EiuKFxtX7E+00sk8jEhkEQXJXHw3wUPngtIfIkhD28EVnea\/URL2JcfBqYEuES5EPtYiO0tkLGzHliLLPB\/EjgujqE23yT7TS7ieShDIEe74vBIaJFio8jEhppci3eGIkNLdYH79TtZHBJn9ku1iEWMrZY2ZLLIri964P4i8Etk+SeDT7iedlZJ0QZB\/sP4b4Hs0PBFUJkmRfJJ37LGSLLLFgfv1MMhgmudpdrIkdpZ28CxvLJE\/sQsH8RPwS28ku00iYsiMiIZH8PA2NcFNCEWPZsT5e8sCH7EMXu1O1kMEsjJdrEQ2e3gWN5ZIngWBYPAnySfBLt4NGLJYNPJIT+xlkRPkfxWNcDFnZMZY2muBPnebojySfBYmVfjZi92pgRLOzXAiOzKHgWN55EX42tUX+oq4J4HhEVSokuDSyTfIhDRF8iykP4UOvA3wZFkZWyJJ1ZHO81giiSOnkUVvL3yFkdFIrwLTdn4yl9lr7Lo6xzR1HUxteUfr9CS+jpRUS1VFIpPB08oocW1RCDT5JxtnSzpY0yKpiXK+JjfIxCyMraI8CztaJOyIyufYxI6WdDPxs\/H\/AGdCJxV8C019HQdB0IcUfjvyfhf2fif2LSkPTkdDOhnQxrkoiiihQ8lHSV4FFFL7KT4spLIqOPspfZ0\/2dA4ssssv2uXFbSoX9iob2vfyIR5IjV78bUQ4LZZZZZJ+RSZYhklyRK2Q8+x52jjddotnRRRBcklyUcFo6kdX9nV\/Y2OR1o618HSdJW1bdJ0rJ0lCR0s6SkUtr2Re17ywJ7IY8kRDQh53Y8iI4Etl2i2YjghknkoaKOlHSjoR+GJ+FfZ+L+z8f8Ae1M6WNHG17WclM6RRKQ5JCalgSJOsGnKyb4L+OWBLZDHkiIez3ZLIiOBDFjahxE="}
00429{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":563630,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0quxAAEAG4H7AqABnAhbsM6x3AFDqdVZ4KgfBiIAQA+avfwAAAQEICgAD\/7VgZSg7"}
02400{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":567293,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"QPMIw47hABsv8H60CABFAAW+RXxAADMGTWUCFuwzwKgAZwBQrHcqB8GI6nVWeIAQAeZuEAAAAQEICmBlKDsAA\/+vRKIrkkudn8NlljEjpRSOCzqLEPaRpkRmmT+R4FshjIiGvbLBLIiAtk+Cy\/YlySzsxIor4L2fvQ9mRXBEkaZP5JYEihDGRE\/cyWdoiRQlwU97GyOSWdmJFHOy+B+29kPZ53mjTJ\/JIWyKGiKK3e8h7RFsseykdIoko8nSOIkyt0P3v3oeNvO8yBL5JC2WzF7HvIltEQvYyt37GUUMe\/8A\/8QAMBEAAgIBAwQCAgMAAQMFAQAAAAECETEDECESIDJBMFEEIhNAYUJSYqEUI1BxgbH\/2gAIAQMBAT8A+L12KTLvKKidK+zp\/wBOl\/aOl\/4dL\/w6X9o6X9o6f9OlfZUT9fo636HJv3\/T4Q3fdVZ\/qJXgWn9iihxVDQlY1\/efGS0WiyyXP7ItHUi0Lkpey\/r+pGNiQkUUTRp5KHD6HH+5cS\/p\/wDguXpouf0Oclk\/kYpt+i\/9P\/po5+kV\/wBqOlf9J0r6\/wDJ0L6\/8nQhw\/350rdCX126hDll1kTTHGyUfv8AuWU36On7YpV7Z1scryj9foqP1\/5KidMfs6V9nT\/o\/wCkptH80U6Zd76hp52aXs6V6Ol\/Y4P2dMvoprKLLRa+e0WU\/o6WV\/pSOPo6mN\/FX3\/R1ZVEhryjkhqRnglFPhj05R502Q\/La4miOpGStM1DTyVsxDJKizqf2dTOotfRx9HH0fr9HH0WikUikUikfr9HH0cfR1M6n9l\/NX2X9f0vyXylvp\/kNcSIyUlcScFLI9OcHcTT1XNcmnnd7Nkxf07LLLOpF96TeCksnV9f1Nd3N9ibTtGn+RfEhc8oSSwPUUHbFK8C2Q0ahFWP4rKf0dL+yl9lROPov6OpnU\/s6n9nU\/s6n9nUxtPKKidP0xprK26fs4WBtv8Arank+6M3F2jT1OtbQXS+CMr7JkCS9j7ullL2zj6Op\/P0sVI6\/sca59f2J+T7mfjYZq6jhTRDVjPGRNojqfe+oQKGq47K+y6x\/Q6WUjq+uxOsDST4\/pV2z8n3M\/G9n5OFtDXceHyQlGfiJtCkmahp7SXA9383S\/ZwdX18D\/o47p+T7mfjez8jC3TrlGhqdap5HEbs092vXypMr7ZwdT\/t475v9mWWWjgSKPx\/Z+RhdmnNxlaItSVk+NlP7LJr2PfJjPZTKX2Wiy\/hsp7X\/Rv6+Cfk+\/8AHeT8jCK7PxNT\/izW9EVY4tCbQmnkfYrKRf0W\/hszgplf6cF\/3J+T7Fv+P7PyMLsSIvpdk5KSTRp7OK9DVd\/HsooplFf6V\/pS+zg4+iy\/\/gJ6MZck9GUd29\/x\/Z+RhbJbN7aUrVEGN7Mcfg\/+\/wC5XyrXjdMTT5RLTjLJLQa8RprO2nHqkkaUeltH5C4Rf126Psj2PBfw8FMRX9Vf6X80\/Jmim5cEfyGuJEZxlhkop8Ml+P8A9JpxcZqyC\/Zn5GF3aPsjsl8kIXyx4I54H\/3EoV86TeCOi3k\/jisii\/SNSFKzSS6Rwi\/RLR+iUWs\/JNfsz8euVvDWlEjrReeNlFJ2j8hNrZb0aSyR2W1jz8EVbEx4IZW3T9Ek18sdNf8AITiuIo\/Z5IwS21nwR1Yxj+zP\/V6f2L8rS+z+XTlxZPTrlfHN\/sz8Zctj2r7MmjfVVl81tLSjInoyWDp+y16JxpJmjhilTrtln4NSDfKZpazb6Z5Hghlb6hnnajna96e0Y2Rj+1CgkNban5MIcE\/y5yxwQk3LlmvldkdSUfFmnqOTpr4p+TPxld7JDLNDzP8AkzXbpUR1mvIjOMsMlpp5RL8f\/pNSLUUmaPsk6lHtk+fgWvzyJxkuBT+yGVvMS4se9lsveMbZGKQvPbU1owXJq\/kynwsb6Xka2VstOTFo\/Z0RjkerFYIT6lfwz8mfjqo2TjUmhlFH48eWyUeTXfC3hrQ="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1436720952611,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1436720952611,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":611482,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="}
00428{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1436720952,"pkt_ts_usec":611635,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_tot_l4_data_len":5091,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_tot_l4_data_len":5091,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_tot_l4_data_len":48248,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":831,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":55,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_tot_l4_data_len":3777,"flow_min_l4_data_len":44,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_tot_l4_data_len":101,"flow_min_l4_data_len":32,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_tot_l4_data_len":101,"flow_min_l4_data_len":32,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_tot_l4_data_len":27883,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":820,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_tot_l4_data_len":27883,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":820,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":55,"flow_max_l4_data_len":271,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_tot_l4_data_len":54689,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":729,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_tot_l4_data_len":444,"flow_min_l4_data_len":111,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_tot_l4_data_len":8694,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_tot_l4_data_len":148458,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":989,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_tot_l4_data_len":148458,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":989,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_tot_l4_data_len":5791,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_tot_l4_data_len":57226,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":1100,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_tot_l4_data_len":2069,"flow_min_l4_data_len":32,"flow_max_l4_data_len":496,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_tot_l4_data_len":5023,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":456,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_tot_l4_data_len":5023,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":456,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_tot_l4_data_len":37018,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":755,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_tot_l4_data_len":37018,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":755,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_tot_l4_data_len":50662,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":625,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_tot_l4_data_len":5636,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":469,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_tot_l4_data_len":5636,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":469,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_tot_l4_data_len":4959,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":495,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_tot_l4_data_len":4959,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":495,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_tot_l4_data_len":43376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":637,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_tot_l4_data_len":43376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":637,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":55,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_tot_l4_data_len":22675,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":907,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_tot_l4_data_len":22675,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":907,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1568796253770,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":14,"flow_first_seen":1436720908576,"flow_last_seen":1436720908733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":14,"flow_first_seen":1436720908577,"flow_last_seen":1436720908737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4627,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.154","src_port":41182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":58,"flow_first_seen":1436720900687,"flow_last_seen":1436720901200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":46392,"flow_avg_l4_payload_len":799,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":57936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1436720908533,"flow_last_seen":1436720908579,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":26540,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1436720900692,"flow_last_seen":1436720900876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":3517,"flow_avg_l4_payload_len":502,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57965,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1436720908531,"flow_last_seen":1436720908567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.185","src_port":57966,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1436720952561,"flow_last_seen":1436720952561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":18,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.159","src_port":58690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1436720901182,"flow_last_seen":1436720908544,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":26795,"flow_avg_l4_payload_len":788,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"77.67.29.17","src_port":33976,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1436720908523,"flow_last_seen":1436720908570,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":51219,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":75,"flow_first_seen":1436720942530,"flow_last_seen":1436720942621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":52289,"flow_avg_l4_payload_len":697,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.162","src_port":58052,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1436720906017,"flow_last_seen":1436720906024,"flow_min_l4_payload_len":103,"flow_max_l4_payload_len":103,"flow_tot_l4_payload_len":412,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":19,"flow_first_seen":1436720908581,"flow_last_seen":1436720908769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":8070,"flow_avg_l4_payload_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.136","src_port":60908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":150,"flow_first_seen":1436720950909,"flow_last_seen":1436720952614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":143658,"flow_avg_l4_payload_len":957,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.86.52","dst_ip":"192.168.0.103","src_port":80,"dst_port":58216,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":17,"flow_first_seen":1436720908572,"flow_last_seen":1436720908746,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5231,"flow_avg_l4_payload_len":307,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.174","src_port":44558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":52,"flow_first_seen":1436720900684,"flow_last_seen":1436720900750,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":55562,"flow_avg_l4_payload_len":1068,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38816,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_first_seen":1436720908521,"flow_last_seen":1436720908542,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"46.33.70.160","src_port":38817,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1436720952563,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":27124,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1436720898354,"flow_last_seen":1436720899158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":1509,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":11,"flow_first_seen":1436720908466,"flow_last_seen":1436720910950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4671,"flow_avg_l4_payload_len":424,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33763,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":49,"flow_first_seen":1436720952553,"flow_last_seen":1436720952593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":35450,"flow_avg_l4_payload_len":723,"midstream":1,"l3_proto":"ip4","src_ip":"2.22.236.51","dst_ip":"192.168.0.103","src_port":80,"dst_port":44151,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":81,"flow_first_seen":1436720900690,"flow_last_seen":1436720908566,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":47902,"flow_avg_l4_payload_len":591,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"82.85.26.186","src_port":44379,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":12,"flow_first_seen":1436720906070,"flow_last_seen":1436720908431,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":5252,"flow_avg_l4_payload_len":437,"midstream":1,"l3_proto":"ip4","src_ip":"31.13.93.52","dst_ip":"192.168.0.103","src_port":443,"dst_port":33934,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1436720908216,"flow_last_seen":1436720908432,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":4639,"flow_avg_l4_payload_len":463,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33935,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":68,"flow_first_seen":1436720898386,"flow_last_seen":1436720908442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":41200,"flow_avg_l4_payload_len":605,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1436720908524,"flow_last_seen":1436720908575,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"8.8.8.8","src_port":33603,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":25,"flow_first_seen":1436720942507,"flow_last_seen":1436720942524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":21875,"flow_avg_l4_payload_len":875,"midstream":1,"l3_proto":"ip4","src_ip":"92.122.48.138","dst_ip":"192.168.0.103","src_port":80,"dst_port":41562,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1568796253770,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":770116,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"}
00439{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":782515,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="}
00427{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":784713,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigak9a8KwoAQCAwKkgAAAQEICg1wcq86Lg6w"}
00728{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":784771,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xiwDYGpkxGGLNYKpCABFAAESAABAAEAGAezAqAIRHw1WNMDLAbuZigak9a8KwoAYCAzr2wAAAQEICg1wcq86Lg6wFgMBANkBAADVAwMjksyrSJEnHCj7+pBcrNa+PodYLpB74VGVqR+HKhs0GiApLypFPPq32Fv9\/MlD5ecljmzHmnbSZyDhqsHB+Vrs\/QAGEwETAhMDAQAAhgArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgnrlXRF005fDXmdLGrmWHWUR+fUpyzgm8LYNWZJbzAl8ADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEA"}
-00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_tot_l4_data_len":370,"flow_min_l4_data_len":32,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1568796253770,"flow_last_seen":1568796253784,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00427{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":797139,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cqAAAFQGvCkfDVY0wKgCEQG7wMv1rwrCmYoHgoAQAHERQAAAAQEICjouDr8NcHKv"}
02311{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":798864,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgcqEAAFQGtrwfDVY0wKgCEQG7wMv1rwrCmYoHgoAQAHED5AAAAQEICjouDsANcHKvFgMDAHoCAAB2AwMcJI2xx4cWokZluv84WsY7ADZVP91TCqw9GGWi+iSsPCApLypFPPq32Fv9\/MlD5ecljmzHmnbSZyDhqsHB+Vrs\/RMBAAAuACsAAvsaADMAJAAdACCIK0PZEKNS2VwSbvcg63nBheMilGcFjfIhswVFA2L8GRQDAwABARcDAwP5\/2wVMoJWhQm4bPGHA53ffXJhK5F8\/MVW7mPPRZjvMBClsA6iUeo4rAIibRJqAoD2vmvduRE+hCwPZPqHorQSUuzd14dVHbhVDsjHVSGXfNihBsVABbO6xWYjmRRN8KbbQHHEC0nmiJz\/IGqL+hUDWz5aJ9tEuKUdkVnzDxjSUYFOOm+3JMgQYGn81KST0UJnerg4cgnxRHjFwM7UcwJL3k0SJfNt0ZPwNM0Ipkp8F2O3j46E91KJCBmAW58usLNwld3S\/ulBlws25s8Ckg3wlXo1K8c3Wf74KSX6ATSfLRXkZR\/aXuOviaCCljTXOmoupATep1CjIDA2\/eoizy25qMZ7PfbjGmjnMs3FQ+r8BxwkwcwzD51hqWW7weUqksWdDH\/MLRCfWLCv8dueuEkDbC1gHqnBnXxrprpy55CElbCJQSKVN71bkytPZCaDiBuFTm\/kZs8nD8W+Cf7tiscIfjTdaZzXU9I+ZHl3jxjWHVuwBMLuS+ip3kTLVhT69c59rSBf8GoQ\/LyVO+uyGJq4IgNwYsQI1uic\/uznubn6EsCteXMTWNDd4MKt9Fgxezjw1wc8nuQbqOE1WflN9+hpeinF72EM1JcOeHYHXW3N0CUSbXhjF+EkrkdSzVvRL2bUuGCbIYqulbmUMv5pZ3oZLsZ69kMpCjbeRBLDoSYFDGjFHAK7P4TFVK7NLk5HvjD6a+pnX0eOM2NFgMJIs+ae2nRm0ERAzifP5gM30Y8jx0qLlHx2O4X424fRsolNa6y+zFTLdVU3jaxaqPTLfe5r5J8\/A92nPtAsoDqw0CqAvWf\/yF25ErfM5xC1tUQvL73Dq7zRp76gLncah8xB9FqApFdSx1A9YeC3+9szU7zbmDyA1QwQuuOF\/jj73OnPIsG++qNt\/J4h6gqzQXYOYiQgtCrWU73L+84inVqEO6NoyOx2zU2ee1l4i364WuiB9yrd+O8LZ5cweIHMy4wFWJIURvMoYPl4LUDQLSnex6c31+l4jzomaH8k21No7lj6iXF0Pvhy3s+A7NgS9hFS4LaKV92zcMP1IdPGwE4EgXNVey2ojcMvRZL0zpJwdrif1gR+\/MMegUyRUVRP\/w+fuOVfT+gBzZiPUCGsXmiucvBBtH7YpxXEyOrtZ+vlAkX16M1YuZXl1zZT+WFUbILtSMxuAPJmCWZf2cDv6Z0oHT+Rpo\/vkLlcZCuRtnFgl7houh3OSJ3A7ETK\/URgzCsygA2UUs3gI3M\/TRjDgL+8B5blLTMPMTubi4I4HmD8CgM7w\/fSHEtRkYhi0TYek+pjbbGEDAg8SCkOl5bN6jtY+8WWc7CV6bAWmqU94g65op3OmGMxgfwahVGDvJsCFwMDBe1vYAU\/g4MB+2umQan36FAVVGK28AZQsq1v6R8BlPNyWrvt2WIEJQQEJPkwYw656ILZxU2gXKy\/0LpEHKBuU4x\/ymeZmHUpxROEaniqfAOoNQDpzv2p5ypIZZgRGJFf4d+nAtZw62LtYjey3B312afq3k1QJ+A1vUvbOZn9IhR6s0oyg6Vl1mm5bmnP8ZFklUxrUhmnbHtKrQFB0+xMd3di6SdrSJC3PkCCMNpJUYl0AawCPx7PIVn1cIyfUEIsSYFzvcRml39Tkq5S13LRPyNQXGbkjQf6\/gFzpIezdDyXcLOMdMI="}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_tot_l4_data_len":1822,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":303,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":750,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1568796253770,"flow_last_seen":1568796253798,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1610,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"7a29c223fb122ec64d10f0a159e07996","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
02316{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":798890,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgcqIAAFQGtrsfDVY0wKgCEQG7wMv1rxAumYoHgoAQAHEdWAAAAQEICjouDsANcHKvg\/yJUZRN7QIOWSkcaxBUddVxwBTIY5nli3udicpNeHrH\/g1unJX2MoGNQ44WF\/UQZVSsIKbD8IXys3eBcExdJ4A4IcLPS905YlmIKGj1j2ZS4D9+CbkMBJQpW1HMC3IwxXmAlS\/l1F1cUoRtLP+3qygq2Q2Vyz7gx+CgMUeD1gZy+PvwsEEdVrTJczdJg2Lx7RFtYFB06Y+aU4x9g2NsIlt7hNgPMY6iIwD5zV4R2GDA\/4oLDfFYgUSEe\/qoshg\/5HDX5+tHB4rNeWT3mxLZZ9ZxDpyV91cZApNUwCjy86R0drLbPPStTpFGsu7o4V0pItMA6P1F31zKsV5GJlPODPEP3HtkWXiCpdPMaXlAi5q47My5Q6qAVR4JCMsKQ\/lj7nKPWT144JMTZdJj1Pxke+zwQoX9tXx6i7CP+i4I7JFo\/Y5zdDKMFGxBUMrvzodoAgilKjFPYoCFhqcMbgRbg1FX3qqphRNK4prF+YqTTfspGJ8ff9T4V2Lb14HQlC7Kyk2PjUH9lzS7bj3fSJEaQutze2IUQ\/2j6zIKgALb4FayW\/oDsi6uLyCwSbzUkal4v4TiUnK58fbZ0ZeWxBtz2WanXNAkyUO4oORXeIG5+aFScAY97tPY0tNvpHHx4U6kM0h7svNpmLqoFfTL0g0YKTOUsY3eD0\/COd0LQ4Py6sbpKqMZDU8lXAF9DdeDGVkApXroF5m9DluSrqsZ3VC\/jhs+LQwKSQ06ye0L4UsV2bnNadRPMmTHphmO++HR4VduY5gBtdq+1DYagaOj9IBPP+ThoioLeeN\/\/R+SuPORcU7lw7G6niSrx6PN9QpO4SqRiYZ2jwWJle2DgIl24LXu\/50fuJ3ftETL\/TSnAXATW600MQVzQHZzm2sByXmSSod+SecJyJ88L0msYymQyXM0z71kXIUKfTkkuF+L9Onsa7+oGs9ete1hGClR1i9PbfRTTgnEB34my+HJX4TL0+fpjIGtnKtAlD2fMtz91p7xGmoAjao0re6KA7Qe7xecWecqTK\/ZaC+7HbRUGN8KbX158ua4QoTAVsLMIvA8\/rmwz1z\/d\/85aamN0AFttfGKvtMYDiA0L+0uphHcpz2nkScjeqeKlgxgwehfEYzcwyeTMpo8hEh1ljd\/td+ADr7PGYPu+epOC4yEmwsYwB4VYVFFXX4AsEv87ZfSiTkiMedX1gt5Lg+Lump62kj3e2xOZbsYVyzsuOhiqeWbDm5XOAL08LbE6jzfKCViP1ysCMWYh7L57HO488ACXxZ\/t11ILxOWufpp8iSTC\/xy0gYxabMNnek4hK\/3hw6i5124NZl0UtrUHU6efAecWAsET+cnFHZpVczqaYKgeIdV195JwA7v93UQdhKr3ztrkPAIksSj6SPc\/ljwMUgjVFaSEisqVwf6YLuNfhjAoE3gz06bMB4uEKch8xxj8FokEefPlHjtZyiqKrCShuDZdY9uJwVWbxUX3pdCFZlNY\/2XN7uarDdPt2wxVYt\/0ZMzA+OuHfyjfUC5XDz0JXJvK9If2SgrGKqNNXcFU3bKnfYmXFMxVepcEuELXo\/6zJ0w4+xeZE2vaZqrO0RaaGNX8pNw5ER6yXPbA92hbub+5DvHD3riziCA0N4NFVdWVYeHKUh4DZa+JivcpYY6lM4NXqtoFcYh1u90Ai0iNBlntN6WlAWHSkF2I5SJIptcH6VMAegReVqvMxajIqXki+NsVQcXAwMBje1mKFpkrKxK\/\/+uM8Zoftaj1I4GwHXtddSYcuPQKtFTt2voIfb7Px5vpqPr3hWErBbf9AHCwwjQHPGGCHbgv85qkmYQVP0eBQalqLiijOf7LkCJcaIWPQvaV0Epv9g="}
00841{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":798897,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"xGGLNYKpxiwDYGpkCABFAAFjcqMAAFQGuvcfDVY0wKgCEQG7wMv1rxWamYoHgoAYAHEoRQAAAQEICjouDsANcHKvRXSJKcKjyPsVwJykOPMeDjybZnSthmDahKSEMsNrt5rmi6rVPF3EFgs9fvNAZYYpbE9NDN1Q5fgZu8DlGpYd010R6hsblTygK0rzqbHNCtkfR7pymdY05zkUrEMAYJDueS7Y\/4HUZSJlAnM35Tg4\/OXnkwjeEtQ6NfnJScU9UYGBD7Brt7RThKDLlINw2qLSEzi1dKLTlDky7BefubXUUsJSuAYu9uFbKGnZr\/\/Va9mYTQkf+3ErYcnqq6y4akqHUbBAVmadYIV4t95SUthzLYswBPtZv7SVjb62vdB6c6ANdao3UncLlPUe4II6e4TNif\/wamux\/IlJeo4KE98vPEfRlSd51er6b4hnmMhWEh5O04xcpiFm2uZQeR\/XQqoinF9aX3KKFxG5FtCv7Mw3"}
00427{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":801531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDLAbuZigeC9a8VmoAQB+r+3QAAAQEICg1wcr86Lg7A"}
@@ -403,43 +403,43 @@
00693{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":815439,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"xGGLNYKpxiwDYGpkCABFAAD1cqQAAFQGu2QfDVY0wKgCEQG7wMv1rxbJmYoHwoAYAHHmCwAAAQEICjouDtENcHLCFwMDALyXCZVZsRVc5YD7osb7G+dT2TOnrp6oODK59iu8MDODlmtQdZEnuJ0n59ahbesAUOJFjNodqwBTOnUZZXsgY\/H+kmgEEI8o5u\/kK+qQDpPHjeMWeKbHaFg4Nr2391apmeNNJYhjbUf47SOnNVsEAOSdxyenXsfoyQcIyl5FWX4ZT6VuG5IY9NORSto5piFSkcKxjKjWJqRzxhmLUncRBc8uH5lX3SJfTWLDfLNOZbXs2Jemup6mWmZLPgR9VQ=="}
01289{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":816162,"pkt_caplen":696,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":696,"pkt_l4_len":662,"pkt":"xGGLNYKpxiwDYGpkCABFAAKqcqUAAFQGua4fDVY0wKgCEQG7wMv1rxeKmYoJtIAYAHW8DgAAAQEICjouDtINcHLCFwMDAnEOs+EoxoLAj+4Jb7hCAolPgK1c6D82AWljmGdNvEXbZ2PyY9Hh2UXUhHLpzoZDsNQPx7jJt0zDPYryql8ck6vnhymqPw910npNiirL9BLegr+lS2wQangi3D6\/KV10f3VXjTqyzAXZiF55sH2aYzTMLW94oSwo44QyrxTJLdgQyfVgEFTwYxmjxed2HlRT\/UbWIEWDrotRHUtqUZYuP08uUt2av8OwQepftw289IGheQLlZ3inR4VQj5N7uQB0cSq9pLzEyMzeFUFdHQNs8e4agxRLKQ+SaAyPQWQv4YwCGVlL6lHqnjqqP0FLgT7za\/B6eA5qpQmOoUc6MPgXpIPV1idtgR3Kmci20Ql2gq0pzQeVKUOvqp3j6Sof4\/J9XNqYHFOEVYhysnbFlpcGlom\/n\/mAhaDhiInrpQLIqiDL5zNvoko82QOx3aKlWPm\/pSTywMa7Du92YlgCyhpQgxqakcbEV8B4UK+qczw8KmhKxUk\/KEbFi\/7ul7kFuZCGEl7gMLQcrSXIOiIq1+VeUEUffgECtU1BDIv9QRdU6pg7gFWDZdYdyEFAyBDsjntX3NVqdf7Pk8RM\/GZaI\/jjxLUANxsB4ATk\/Hu3zk1D86rGaxJHBx3V05y\/vZrsQtfdQRnePHdoZPX2aGcjfYc\/rSjYd+bSJgkQNIXVcwes7QAUt5Cs7tBmw5IpRdncia\/CZyHHgGX7srrxBQEt5K9sjmmW\/ByDadiKp9e6XFuUqL6UypJthH7GHEfTNBNLVBosnyqcZi91FrDcA745FBT6lv\/1I5uNluE1WMneDFXL\/13IL4sSSieJkRn9O8vT2d0vcYng"}
00460{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796253,"pkt_ts_usec":816389,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xGGLNYKpxiwDYGpkCABFAABLcqYAAFQGvAwfDVY0wKgCEQG7wMv1rxoAmYoJtIAQAHUO4AAAAQEICjouDtMNcHLCFwMDABJFi3rAA3KN3VF2IRE99YhtID8="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1568796254514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1568796254514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2070,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":514906,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDNAbsBxqpOAAAAALAC\/\/8NqAAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1568796254515,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1568796254515,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":515573,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDOAbvBtYQbAAAAALAC\/\/9z6gAAAgQFtAEDAwYBAQgKDXB1TAAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1568796254524,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1568796254524,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":524506,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDPAbv9TOkSAAAAALAC\/\/\/TUgAAAgQFtAEDAwYBAQgKDXB1VAAAAAAEAgAA"}
00440{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":526002,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM2mvmccAcaqT6ASbHDxzgAAAgQFeAQCCAoU9Z3GDXB1TAEDAwg="}
00440{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":526651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM6bGFkcwbWEHKASbHAfPgAAAgQFeAQCCArYQyzxDXB1TAEDAwg="}
00428{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":527339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxqpPpr5nHYAQCAyEugAAAQEICg1wdVYU9Z3G"}
00428{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":527802,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYQcmxhZHYAQCAyyKQAAAQEICg1wdVbYQyzx"}
00993{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":528580,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDNAbsBxqpPpr5nHYAYCAy4mgAAAQEICg1wdVcU9Z3GFgMBAZ4BAAGaAwNVNSF4TcFES2A3bmDoQzoKoPRK88lF8GU0rvqEfWOJnSDMB3SW0+oLedhnRZBEjRhfhuHo9hBvfR7yTL5mOscQSAAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAg7SCrt+XZhOafPhg5Ng9ZqV0HRY1FsJgqY47HJ+ANL2gADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPoyACEgfw4JqUsziZWqGwVKYBDzRhcnnFsa29JbVyz1lE1jNn8="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_tot_l4_data_len":567,"flow_min_l4_data_len":32,"flow_max_l4_data_len":451,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2078,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1568796254514,"flow_last_seen":1568796254528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01235{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":529128,"pkt_caplen":663,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":663,"pkt_l4_len":629,"pkt":"xiwDYGpkxGGLNYKpCABFAAKJAABAAEAGAHXAqAIRHw1WNMDNAbsBxqvypr5nHYAYCAwVNAAAAQEICg1wdVcU9Z3GFAMDAAEBFwMDAkrDUEGtzNssmdqTSNjThUpw9Gls3D5hJUvevqfxbpL2EvuYq\/xiBCWVUG44FmqupL3\/bCDe+Rj9sMP0S4s+LQPzEW6A5hhKzX6qMaE2oA2a+cyuw1W+Bw159hfwEaT5JaJhskpw2sZqBuPMouecOua99GDqlpE1OnBarxBfCM0SomVAI6hLrbybrwRUe8xCwbFhC+gcJ9vGsoZCalYYSFG6x1EiFpdz3sP6rMiC\/odi\/\/toF9HGlivcgXFqyi+wt2xIFAo5w2BagrM7YYesUZ6DvhPqN64yKJw+1G\/a05UNE3LulZdscm8atA3bJBUkFQj5GT8SSi8DgkMU5oYwLeQcI+OKsHc8qhpAqeo8BlHo1JdH47AP9VANK+8a8dWoErgKuHfO6nhlve4GhvIQI0dtginqfSN++9g3Ad0oGTbj9rYAYBLYkcJj59HZKjUqWV8P+m6JefwYjP6BGSX5oM5eL4j2YuJTWPJuV9FVHqGKKMjbjgccdOs2nLQR+l+aXFE8SknMyuv1kPi\/ZU1dwbtkc1X4HmfXuoqlylB6wbqd+cRm7M64sTJQ4B2GaVteHHowcVsvnV18Ip7NEoxP4opr3Mj1WOujvLVXplduA1wSVVP+x5aKMrisvqqIPAGFPnxwuL1j43Unto5sm1jK9xZqfUtFET8ygvgIbl2oMszNX3zDR1OF4w7m11oqSdPiwe4BQHPLVrXKxZMgD9\/U2HUIndKFenxAfYIHejPKA6kDWmb2WHrTQqnQLqEdZDORV+V6Su21qULR5TO7"}
00994{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":531233,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDOAbvBtYQcmxhZHYAYCAzKGQAAAQEICg1wdVjYQyzxFgMBAZ4BAAGaAwOyMt4E+HaZDiJZVBg5k8\/oA3Xa304Knp2ME68TY60GtiA+ZFjEC79ZWsyfIhM6TAFNirQ6Wfjdb2VnPIAynKQowgAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgfb7BCArOXiMwbKgWAHmAk0wvUIjhAM0LzhIthYUKAh0ADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPozACEgiwZ0SDMJf0KnFfH6w3CAZJjEaXEjNKUfikqv6iXoWvE="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_tot_l4_data_len":567,"flow_min_l4_data_len":32,"flow_max_l4_data_len":451,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2080,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1568796254515,"flow_last_seen":1568796254531,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01154{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":531371,"pkt_caplen":595,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":595,"pkt_l4_len":561,"pkt":"xiwDYGpkxGGLNYKpCABFAAJFAABAAEAGALnAqAIRHw1WNMDOAbvBtYW\/mxhZHYAYCAw5RgAAAQEICg1wdVjYQyzxFAMDAAEBFwMDAgY9IGVXL7OvWyqJahOvSUCJY8iw4p2I6w\/z9tqJYZ1qXlO8Ua4m0cjVttEEGsPKDnBhRcK\/RalKos02Wn2xrlKYE1kVBerOO6e+pJef251bfBnfTJT1bwC8WKoRJl7kN7nDOtO7so2rzZ\/bcKL0FJXKHriy1XEt\/vnjXVDsu9L9Uc8+ow25VVkb3mBz4yMPtWqKPBiy4xHCI8x0nRp54gC\/14QlNex1yYUz1AivdOTQ8FLkFhLArjpkuy3iyUrKOU6rsMaYWY8A2EmiwZFKe6t1eXUVkBPUTdQ2XLkLKdofF8Efyh7fEeBDGNQ5DUTMUaTcgsYWE9zLKbE8VQKPwSDlp33V8ATrg3wWNvkiXPZCNhc8GC1PSzSINWsFe4Wd0O\/CnGWAdPvCFeMoT9TG\/SG7CyMo\/elguQVkUCtPd58eq0YOTFDEUGlB3mM1aLgfDKP5+kB38uFg7l5jHqSl8qk53E+dY5RysX98A33pPQW+0EzBPkYDrRP\/sxH\/bb\/09vW+LT5D6G7AYAYP8HHiyRmNSUQH+L+jCK4DB9tGXgtn9iaLUMeXUqeq1pvGySfdp\/g1nvnZCTarJPrr\/4uJCyFWnvLYDEoQAZevWP7d9Y0+ARPa7a9d70xkRUctmvrerk5KnemtryInvBJDk8i3u1GPLfDJw\/XSMPhk4o0RKeBLn1JNL2qVHQ=="}
00442{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":536521,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wM\/pQUID\/UzpE6ASbHCRrQAAAgQFeAQCCAoUEKcNDXB1VAEDAwg="}
00428{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":538625,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDPAbv9TOkT6UFCBIAQCAwkmAAAAQEICg1wdV8UEKcN"}
00994{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":539181,"pkt_caplen":485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":485,"pkt_l4_len":451,"pkt":"xiwDYGpkxGGLNYKpCABFAAHXAABAAEAGASfAqAIRHw1WNMDPAbv9TOkT6UFCBIAYCAzILQAAAQEICg1wdWAUEKcNFgMBAZ4BAAGaAwNlUhwheJ1rDpnKdGJYXxWfmrHMAvJ7gaS6dCikYDaQniBlqQjva1tIZWpLGugxipAgopwgiPn9JIzY3sS4pJS4iwAGEwETAhMDAQABSwArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgTGMSfgTb9pv4uxSFqccgvnRx7yS7zib2zW+R1uGk7QkADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAL0AmACSWIXdmmwR1laYI9MTX9Ylv6k3elrG822PBXIhOrmLQkwAAAAAnwMCQs2b3VbV6udwJ8GZokFPTbUvCekbgT+BE2sGbBQUFuwMj\/BU7jg475T8N6D\/+oAuA0+LsqVikNMpi1cAr7ywQ08ClMJVucSZVkvAlpilkoy0GQXRkFz5t6c1Jfa9Pt8cBpvXHFxdvY3OoCRzMPo8ACEgiSy9JdX7OlfqJ\/YCqY0dSnI3XG0iGbXAIYi1fb3W7sU="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_tot_l4_data_len":567,"flow_min_l4_data_len":32,"flow_max_l4_data_len":451,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2084,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1568796254524,"flow_last_seen":1568796254539,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":419,"flow_tot_l4_payload_len":419,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00428{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2085,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":539254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0R3EAAFQG51gfDVY0wKgCEQG7wM2mvmcdAcar8oAQAHGKpAAAAQEIChT1ndMNcHVX"}
01125{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2086,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":539348,"pkt_caplen":579,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":579,"pkt_l4_len":545,"pkt":"xiwDYGpkxGGLNYKpCABFAAI1AABAAEAGAMnAqAIRHw1WNMDPAbv9TOq26UFCBIAYCAw8GQAAAQEICg1wdWAUEKcNFAMDAAEBFwMDAfYvjhL\/+unS7fozXeu+ozxeGqpWneH0HAeI4D12qSAbXRvGRbvMhlA3iIqYmg5W04CTNdoRnvHAcH9UKBkK8nk0eqw6Lhz8z+Z2pVE8YWmDMIUMAV4rml4gpqR5NE9shLAYrDcYLpTh6j8xdJfxBdlwXwAWk210uYkgtuVuGuAnA4rnADq87jctIM9LiVkznCL2RzAY+gpboIwcuxgqu+EVizFiw2WR4uBEpKJKcbtNp0NoyX54JW\/gnMLjBN\/87vIPBv5dTm6TKLVlDp9lxyBnYixGQBNuoVLbmHnwC0aYofRUdyRh+c\/w6AoWx5rLfmHeffFzQrKGxK7sz9aAVpyhUAnh3zhBdKDggPO+6tm7CAajdCATmaQIgAvUVGoK7Uk+mfymr1oiVyk7Evq9zGae3DMM1fE+dXeV3Ab8UTZXFvYsP99GZeLIQ0WY2fjuNegANWdHgNpN0dOaBxX28gM88hX8yr3skN4tehJ6Vqt6SsMgduyRNxC3C8rxm3T5VUSfbxMEX0mW\/PQOOxd3ffNrCbzUUyPABQkACGAJqcVFv\/4jI6ozCl+4+nJN\/lKDnInz6a14ysMia7tXB3moLgsg4RF\/ZiOq9QOivt427n9iwBq6ZFBHPx\/TukI96jX8DH\/wJq1xVlsZxtNA62zSqWFqQlJ2mEEZ"}
00428{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2087,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":539868,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0R3IAAFQG51cfDVY0wKgCEQG7wM2mvmcdAcauR4AQAHaISQAAAQEIChT1ndQNcHVX"}
00729{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":539971,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xGGLNYKpxiwDYGpkCABFAAESR3MAAFQG5ngfDVY0wKgCEQG7wM2mvmcdAcauR4AYAHZjaQAAAQEIChT1ndQNcHVXFgMDAIACAAB8AwPejtbOe4Xg37m4DEvyRkVHFpUNhDGioQLDvBo7fpFtYiDMB3SW0+oLedhnRZBEjRhfhuHo9hBvfR7yTL5mOscQSBMBAAA0ACsAAvsaADMAJAAdACAax976UPmtFl4wDpxDTbBXGbWiduxcdYVeiCoejIhZNQApAAIAABQDAwABARcDAwBONglC3txN22OwlPsEr2kst\/0Chovc6Gy19uO185T8x3+Gy84kfHCbt5Cie4q\/diy0JFpWHozCzEGmMZtUBmW+kKZQr7W5BXY5ABCLm45g"}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_tot_l4_data_len":1514,"flow_min_l4_data_len":32,"flow_max_l4_data_len":629,"flow_avg_l4_data_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2088,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1568796254514,"flow_last_seen":1568796254539,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":597,"flow_tot_l4_payload_len":1238,"flow_avg_l4_payload_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00428{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2089,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":542641,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0W4AAAFQG00kfDVY0wKgCEQG7wM6bGFkdwbWFv4AQAHG4DwAAAQEICthDLQENcHVY"}
00428{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2090,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":542860,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0W4EAAFQG00gfDVY0wKgCEQG7wM6bGFkdwbWH0IAQAHW1+QAAAQEICthDLQINcHVY"}
00429{"flow_id":34,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2091,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":543332,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDNAbsBxq5Hpr5n+4AQCAh\/zAAAAQEICg1wdWQU9Z3U"}
00729{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":543357,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xGGLNYKpxiwDYGpkCABFAAESW4IAAFQG0mkfDVY0wKgCEQG7wM6bGFkdwbWH0IAYAHXP2wAAAQEICthDLQINcHVYFgMDAIACAAB8AwPu7mBOWB+dnzBdodsS\/Qd+mYtLLRJT5CMSYlusvWSqLiA+ZFjEC79ZWsyfIhM6TAFNirQ6Wfjdb2VnPIAynKQowhMBAAA0ACsAAvsaADMAJAAdACAvYV4Cx6ZdIDrw66Si03cK41S2S7y+u2EABlPhdPKSdQApAAIAABQDAwABARcDAwBOUOITJU0EYegn9mmGP+z5WYZY+THVVKk+i9uTdm+ECosqQHQpwVkAA+WdotzC\/c+SDw4CgZKR159NiBmarLoGBwqgLSUsDnq1WneFTQKg"}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_tot_l4_data_len":1446,"flow_min_l4_data_len":32,"flow_max_l4_data_len":561,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2092,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1568796254515,"flow_last_seen":1568796254543,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":529,"flow_tot_l4_payload_len":1170,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00545{"flow_id":34,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2093,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":543900,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"xiwDYGpkxGGLNYKpCABFAACIAABAAEAGAnbAqAIRHw1WNMDNAbsBxq5Hpr5n+4AYCAhkuQAAAQEICg1wdWQU9Z3UFwMDABWoiQF8I3o1t\/hLBtah995KxIPPSW8XAwMANeuF28j7LdRw5BV4DA76aot4lozY1UywTGQ+4KQzeGO3wqBzuCdShfarJjBQO24JPOepiRTj"}
00428{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2094,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":544328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDOAbvBtYfQmxhZ+4AQCAitewAAAQEICg1wdWXYQy0C"}
00548{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2095,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":544807,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"xiwDYGpkxGGLNYKpCABFAACIAABAAEAGAnbAqAIRHw1WNMDOAbvBtYfQmxhZ+4AYCAhlsQAAAQEICg1wdWXYQy0CFwMDABUMrNQ3GUNadmOfoLt\/DYfAX4KLF1oXAwMANamLpAeKjA\/aPZDVQfMhMlY\/3s+OhGIAbzgS+vTspQbL6ew6l\/aeWMkpqiIoOoaqrKn+e30e"}
00430{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2096,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":551390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0ktsAAFQGm+4fDVY0wKgCEQG7wM\/pQUIE\/UzqtoAQAHEqgAAAAQEIChQQpxwNcHVg"}
00430{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2097,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":551458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0ktwAAFQGm+0fDVY0wKgCEQG7wM\/pQUIE\/Uzst4AQAHUoewAAAQEIChQQpxwNcHVg"}
00733{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":551766,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xGGLNYKpxiwDYGpkCABFAAESkt0AAFQGmw4fDVY0wKgCEQG7wM\/pQUIE\/Uzst4AYAHV9iwAAAQEIChQQpxwNcHVgFgMDAIACAAB8AwO2vxlY5R8lsRFEyU+YGfcc9Zs7xC53L7Dp925P\/asA4iBlqQjva1tIZWpLGugxipAgopwgiPn9JIzY3sS4pJS4ixMBAAA0ACsAAvsaADMAJAAdACCp\/1gDFAENGUpwM5Fk3L2hD1pTRKOhnZGwPgn+szV5eQApAAIAABQDAwABARcDAwBOQ+bCv4rPDbN7ez8\/rg6XbNyujZh2PtuXjqnUpcCx71OTSSTGndLIOV05WjtA4XvgONYEldLuUqGwUEIPEUj7gsA\/mG+uC5J35jV44TC3"}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_tot_l4_data_len":1430,"flow_min_l4_data_len":32,"flow_max_l4_data_len":545,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2098,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1568796254524,"flow_last_seen":1568796254551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":1154,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01290{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2099,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":552367,"pkt_caplen":699,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":699,"pkt_l4_len":665,"pkt":"xGGLNYKpxiwDYGpkCABFAAKtkt4AAFQGmXIfDVY0wKgCEQG7wM\/pQULi\/Uzst4AQAHUTXwAAAQEIChQQpx0NcHVgFwMDAnQLH8+P\/E6e9HrxK\/N8Liu3Qk0\/GM9fiqwPY\/iOoSlP0vDXS362YeDvpodpldvLz6E8q06BrRTaXdExfHXj4FBzTxAlp\/2GAePVyyNPx4JEuAW+7b3I1Msag8q8Q1NneeuSjv\/w6s97TU9E8sXMnXh892EibLNlE+UjvFCi6KB8wCfZe1FgdK8l25hRgCDa\/X1PrOUoouxMBOiOFiS+bgRDJtnLCIzqRxzphi0Iy6ehOxQwRrFSFUZndCJywgVLuq8GJM4Zh7Xr9H5yeQWgByXZgvgXhWnpvktGmrIVmWgbgoyYpvkcN8amPbZa8JaNRV0B8emrV1\/nKnn830p4dvSbtsYx7peoQ6XlfYCr6YhXPqmK5dLvN1YjXkkDmXK+IyZakbm06uzIu87BZbtTT5ZEITgUXcmm5C68imaXmasZBfIU2msfDfi3\/5sBHsl4543h7kUaAOyxoBK+1WRoQFHjtdIwpd1I9K9UyHGR2FeYZvAQC+JLHNvd6O2jZCeYMtBzGizktJCB\/W5130WIILOFGnvftkoCh+fdt36VPdE1OGcex42DTzMlpkRkmFkNEMGyNOPv0aAcZcsP+LOtxNFzmZ4kRMfLHjqdAlP\/xHtbdDSyHy1i6Ddqc+DcEgjFY7eRvj8fKUoGhc+dygNuC2yPQK0S4aCCbtBZlVKHv7cqxfgx9GnkC1XchzhTIFhpLfS\/DiR9SbT3NSzOvqV+BGeBsf0R4u3qIxK8qeWjV6pdo2hHcxuGzmmKE6s50B7QVkC+gzEzWXHRkPKhFrtExEx7D\/X+Kyg+cNzQiIngHgiSY1MZrzwICnw5ghnGARLaz8BAE6SD"}
02315{"flow_id":36,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2100,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":552721,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgkt8AAFQGln4fDVY0wKgCEQG7wM\/pQUVb\/Uzst4AQAHWpmQAAAQEIChQQpx0NcHVgFwMDEBF0Gwp4gjZEKa6n8bUQgtekML2zs34xi0oP+wLFrn7OvAhBIVQU\/FA2nfYNTP\/myyIoIq\/tV7KVXyO38Wlr9Wof47SLcwqQbdR3jHLbXzx7CUx0b+Ru94DGcfQKBlH8kNV9RLBfeuECKOtgGB0qPX+RF6qC+kzeSOjyP1QVFQPgollgyB3rzRLo0wr0rzj\/DEUOS3hzKIcCwvb2K0J4DPbW3sfiQdnvSWqsgRDCXOCeNtKRiWDRozTgD949W\/9QxW3QJv2AEXOFR1dTMbazQjfTOtrmk8hjavo6tw9k2h5x04vloNRLeIOHqX7ntGQ5bA7DvtYnGP5F4zRXni5VP9hen9YhlKja85Iy5l4qlMp2nVNcCXYR+AL8oJgp9fDG8v4qciCOIywcTpBvdqH9hYKRCnaToRV9ziWF1EJnYTQJJcXRPSAxm9YpiQJ3H8G2Gu1KAqXWvU7S9yx58+CAkCJiLw718yjd0MI3STDOqFUNbkx7m\/FUO+WJB5sFw1teq88x6coSNsU78M7gQ55kl8vNjb+2bHEFmNrBzc17MJwVPgvEj+NFpz80Pllvp3sVOOqJt51hnhJPpPZc1Y+TXVVYeKXqVrhG+nPg16mHIz5G+pYwK8Eemvl2oZBKM6vnofPS0YLFbmI+C9iXupZnzizV6JqZ4p4evWFu1dm\/+yswBfZUlZSEdKy6JfTne0\/v5ZfbKX8nZohQBSJn3bsqLQcKJOeuwxDImLRQ+nfVXdWeQn7qJUPhJqePfhriJKSqXoompKmrIMtoYfuJjQYB8g+jPyd+LrYweS67I75omq2v5\/EOXzhPY5ryfpMyO25EzfEFsch6I4nHyX\/8Uaow3grMx\/S85r2V5ILkemWcvKoE\/2cLT7RW6zEaJn2fSxI6ipOjjHGr8mrAYLEtl9wMCM0zZXlKssLGNVLrkixbBbVOVP5s4ZwZT1kicy7Jkag438DPzkKSKHZJZV3J50c0u7Tz17xsJpw2MLBnl6ENjwwvHBOuotwPJmqxxCHjsCC994FfwPaDroXEyiJBTeX2sUUZ2ktot7pshnb24YRnhCGEe\/qzpSS58zp8bgACG5ho\/OB89hDWiT68ilT3hF2kxgS8rfyldfc4n9QqMHxBrrQ2bmxTC2kx8theVP7hqk6Jv2CPKt0bX73lKqMmfRGqEjwTvt60ppn6RiO4lZKvR8By8\/f7I6b\/kSTah0ewkEpJlXiOD8QLW3fyKh\/AdAe7ACJEU\/h9XOx1zSTU5X137ACOPDc19XBoWLJxYHKN3SjX7C+tbcOVqzANb3ehStFi5jGMbrXHZj4eYpM8UuJiXE9tg7P3LY5MbaHePh\/7i3nL3y8VJLyYkEVwnyY1F5nUZ77ztO31IrI7opsnW4+ohwDIn4BjlHevyenDQRcbZYr6W4PV8jdLVCAQ2PDLrrc1IT1tKlJd1X6YAaMHahwxJFWeAwg7icYvB5sAdGlh+opijOZjwAJoqgWUG5ZBg5MlF75yp8J\/Q65WnCAlfanlkOwnyjdp6D95OxiZKFoUUHr9kPxy0W1Kj7XXh\/QjYuD8Zb6adU3FzULVvlhkV0mXB4Dck11hO3UzuDznR2IOl8IpX5IJ5T6kFqM10p4c0JP8zt7ru883bLK9DmKR1UOStwMpS10gAMl3xvV5eWJ0NV8aOakJoZcJ53gYaGpNx+fWV\/CGgPX7h5ChT6w\/SLY94XCGVbs8WbQ6yj3cEMUq5CPyv04xB7ob6t4k15Ao7i2My236yKoKqSNGzurk\/Gyq\/Ys0JWJuRoP533bkuL\/ihLkfnfutk2ehWgL3oHtW9NsgU11ImoH515EOwN9PnrOCoRBpXvssXknA++k="}
02318{"flow_id":36,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2101,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":552992,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgkuAAAFQGln0fDVY0wKgCEQG7wM\/pQUrH\/Uzst4AQAHXsKQAAAQEIChQQpx0NcHVgZgSWssYDqw7qFQTNOW7agpWilr9\/HcT6Isx+rWO4oKNDMgOd5XvJDnm+bvC71i3N3NlXRO2\/V2VvgTxTxrvoevQTiiopFw4FPSDTyOCtwVV8mgmfrlpb8F0XA+dXfcFyt7pBqbafZrJTx5TUcpw4IBp65MiKC\/R1Sx6uDVLxurOCxmVY1+jNmMRIpfDj0eOT\/0XnQNHsbtzs5ZMrwvWCoP\/3PNMuqfvPQh9xPQk8leD8aWmKNvPLOyK0Jd\/j9XiuC0Z0pIlhsUUMcjCy9vexk3CG7sKpz4D1COXEkoSMWz3Se\/sxPOpe3ndfm0Q3UfxFM+GfXRP7zOb0lSpvonyPKBiAUQVvEqF8E6IBrmmVR1iesnLq8FeSogbedtiykwqr1GFFCbKB3gwfIW7am\/PR2ivtUsZ4bf1Sn6L49\/mZP\/W5p8HUw8OrNlvTYYDoaqWiugKM5jCJej4uIxsSdrtufetoubhlCOhhwrP6AzqozrOMm+3hR9S5JfgaCb7CEoHte57EUEb19atugc2VXjDy1Y59DcyWVQSWgsyqasVKFlcQ+YofhFveEqpMCyjAGFTuIB1hgai6+sUcf3djaN88l2BPZvC4\/ySFLhPWE6rIOIcoAIHQoEgrdXZjtmoBweg2QFHatbGwvcy\/zOYtzUan4dP4PmTqkThg4xlOoJIjctR0TXG0GqED+3i0FgMNjvVVJKi3kiiyo2k1w1TdtxX1SjCjfdXLlSzKNlaquYHrin051KF9mcxCw2twcFWe24rDsq9JUx01yHPwCX9cUI63GuwbIGi0EIT0\/VbqrRhHtLbwgasNLr+ACBfjL+yibYp161E2enGu157vXmIlIQUlK34ZcHPaPBhCtRkmB5uI5iLlUFzZQI5WXEivwGuikSb+6kYxc3SyuU+GdbX+d6XLgpbBnVgzfLAEDPN8\/iZtDA\/pwIGEfvbcaUniDQcK58+weIsQ\/QBirvGz7qOcvh9zycuXv6134K44tZXjAHkXa7VJAng2aMaJxmJvlvgWArCj3Leu8DTkowKqrzdfkqN1rngPdL3P5aGDjEcDhuscSiYHEczD8sOHwftrVPPBx0njGS\/PfzeqGoZTsY\/txoCnqcsFz1OGB+f\/wh3db3mkWZSRO8FMwwoX7w0hbLUUOsEZL344p\/+9aIH4b0nzoKTN+NZE97EIye+gNzbkXOX9bY\/XV7fREBfaVH6WhI15yrbtvb9\/6KPcYigtUZd7Nt\/+BZN+8Yet7doAyAkhkX0nzmd5AylHvRngkC1WBn4NferY7leGBFpXxkmLW5oml75pkWj1QMG+cdpNiiGUXZ9khWIZATjpx7UX1cWx6vBhVCPN1z7X+hcaHz\/bRbIxa2Yn+XDOPPR5ApBuwcs2sQtJSST6CaEd30yG6Nf5wFpH2QOXYutodMhy2BTIq\/1HoA8VXeR8rVoV+26lb50cKQrhSNcUdgYKYWO\/ExrE\/Qhn+tImoirf3KcojWAYtg8QslZ0JQJhum\/4SdUmDjKLYz08O368BUUAFX1Fv1LG++iiQUZIoZVqw2aGM1h4X1hVpiQ+cFrSE82CzlURLHR54mOoOwKNtAV6wF1PV3birwbJ0z1VKFUqSU7ZjA36U3lJL9JtWq6WYd1w4deUWMMxVz7vGy9I8ER+NdsqE4emRD3CwzkxAXLnfxqFHoTwKoq6mhOiPB1Gz5IMOMB761Mub5eGW3VEnDc3YBgKVhIX3Bg4jU\/7JQema5TtrT1hO2ocoThrqe1Ik6PJ9kAGEcpIma41Xe1BLISGVszycsJjxzAymNk+tJZTQ2gFSrTZNRFwcujeq2Ry+Xzv0fS3km0rtZPmS0XM9gIHY4EM1MkgXUg="}
@@ -457,28 +457,28 @@
01477{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2153,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":723914,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"pkt":"xGGLNYKpxiwDYGpkCABFAAM5R3UAAFQG5E8fDVY0wKgCEQG7wM2mvmitAcaum4AQAHbdIAAAAQEIChT1nosNcHVwFwMDAwCRUCd2jfTU2PwjGGn6P6b9bw9BB1YzSNGi7Y3XWn5MhvrWT7XFkMxQxE5BP2nlZY\/iXg8AFbQVi39U\/jgQtvIsOnta7FUESB+a15ScORvqrqRXJvYDw0JYLyB1iO0WLQeFBeDu6gbTOnOOhEWDfMgv1\/jSPurXQLXCbsrYWKILybc\/2DG6jNlXIQ4On+wRzXOQMQhJ9+MjwAdGUHxQn7dvlEE51n8+h\/ljyonZELMObNrME59mUs4M8hb3rGUmAzXCPa1ziFVUjvdEn3kjkml9D19uKSDVDIVp2bTx6h3xBZoAmE8MhtwwZqn7Ym0zLxCzYAhUhIyFH\/xIO0Hkclzts96sSb0rHpksbQScxEb3+oLVLrPZ7pAJvxDrSds+5q8aJesmRGm1xcRYot9Yd5ovrFKjeSZeWsWNOJyOQRo+jkmqk9pDxAR5XKw5qjWYbvNJ7MfkAJiUYSt69cCTawz+uEif2LMgGH\/HCyH9UiO\/YopH7Uf9StcXkuCcU\/LNxkiUYh5G0izCkFqkvksHwgaWsuNrOu3sAz0Wf\/NZaWTxHtIog0TB6WGXYtgc7GhrFmlrpHyUDr6LfLHvtrnl7YdeMIzMs8W+OzDM\/h9ufTJoKgKMi9oGLLnbZR5fJEXAD0qkc2PyDyM63mWs3pJOWaiA3P9qpHXWtoYuke1HKHFMjdiJThRTdhkZJKn5rHs60hYlr8MsdKbUl2ZJc2l21wwm\/CvkiaDHGzeNotWds5jECtpW3htRUaKcpwYwuOUd8RkiEjKl9y8lMyyRZl2ij7jzKZQK8YdLvypqtV+ZbdmrmvPp+HK+p4gnWrE7yxcdkJJLVwL+Hx5UzyUACo88E6y3RAaOOlN2co0zWGYbR9fb\/9SLXoi3ae7tfavARirCpJLUGPJzDtWWs4L96BqrQAgSIO0KPqyT5SACg0+PW9PsQWKDcc+5on7oCJBtNvYcNUqbTWYV4Hi8ZF9vYbeZcB8ySJ4C7Jnifs+Gi5+e2sKsXdhMKp+3lqrqaqyQSCLcuy4="}
02311{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2154,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":724172,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgR3YAAFQG4ecfDVY0wKgCEQG7wM2mvmuyAcaum4AQAHZBZQAAAQEIChT1nosNcHVwFwMDBe26TdKKuOwPFQEg88uujor58VNqXtphebDoaD6Z6JiicwPPXl4uJsCftqugA1MtCiuMd07DjsPnuA56Ve9oBgp6Y2LQAFLj6zclfMyRDikTjXJNy7lJR0ocjU1BloT23DpDf0ayvRh66iHGawrfuosTsgW7BTSEQrm74wsruE7FkYjviYzXMlmOdiETLhQNT2YhtANRP7pWzEvqSnk1ST9mVJGBqtEojDNsnsDL7EnD4Ym18W8B3o\/kg7TiA9xsbL4Lmsl8NdScMLWuB\/xx2g+EBH4ipEFqlFKuawKycInD2gomQfqOHWMfiPE8dPgXgYcXEoq4jkPLOMYlLnmcL46clMrmdpn0WL62j3M9lb1deZt0pfukTxaRoJHecHR5PYN2HNW+gslEYp9fO9G73gOnbALOoJY0VtWeHMNExMlvUTjafOZDQtGO6YVZKT9CWf4393dulDZK3YdHBllZK5GUkvlqwlbu6go\/Sk3P28HJA7zrreSDH+MjCaAqB0scJJZ++0Kmyl4bDM22qCKW4VnJCcm2C4fopa4aqDUuI5RlwsgiQVy3jDPseIpWs+X6xP8Dq3g7lSpGOcjA5ygt7qbq20ROp7G4mIfNbI6nfshSA3khMasJIipsA9U5b6Z56nXJ6QCY+IrtHdwOUmXMlJgYlYH7trmhlFk+7eNoM4kUdzKbCVPbz0fiZr8DHIYMHZQahfNUnK47H9cblnRnhCFunpQwp+vS4p4s7+RAXuUm+e\/pYkBW+fN3aL8dKrxjJZWrHdtV7vAXgIGcSx7roR2OxqohFPXAgAsNfeaT+W8mDqGRrCn2tcjyEO0yXwe\/LOKXb1gth6BepKYZ85DszWrXYmZWImD7PD4OO\/pvKEUtQxZY7QMK8ib6\/IMT847ICcyG\/SAJhy0+QO9cKHN+RsCNjwClXwLYLv8aacsJ0S2sKSXrp26Szr5rJNafOiFcJZY6phJg++MgQL0kiiPFIVDYGVbg91zDPPB8ebKA6Kk9N9WiulalN\/TwUTB7h8+JziD93Qw92XR\/T6jMHeQh5o98ixH0K5aQBblI+aOKa+mW8Q1m2u6YOk2HCf7hh652eE7mCjjI4PvfcKL8So8gxO6md1oaFjk01R9PT6ZbYXSuV2q725gLMqBgEreez\/NyQHW5YyX9alNseYZBFpWkAB7IYfmxZ4qU8vzOi6mVmsicjO4Z0BjzBagBy5YB1CiMB4\/qnkIUWOECVmJ\/BFz8HhPteo3oeehGEJ2f3zrUW36JRLMaVRgUHxDRIMzPnE2SKTZ1NFX+gm3D8CcoBd8o3Oy0Xd5pKdzAoT\/tpL+dSAoGXgxc19\/KxkJasNfwiWDVaJKk+AEY9oM3ff+nbvH5NW+NgbqmQ9nhOGbwg\/zzcKFWVZ71BiFP4eqclr9aaCeQkbm1Mbu1NZ3R\/+SCO0if57CZAbnMlZkX181hWBJ17sMiN28I+5AimtkDxJv5sl\/TI7Ci\/az9vG+d1EI3Tqw6x6x+ylJ\/rfjA82npRgkt1TNmaLXOFOD6RCAq2Oe\/vcS8pfxiVv+YZBXDtH3dOq2BPV4qRny3mDoJDo8G3rVUFhFzJuYNHJtImBhKW1n9tyDySqqd3R4kSoc0nxrqMx0snOBWpUjzTM91Y8+sL9f315MAUlt6igxSK\/CKGykiKtdHkKR5mwoviDK+XG2d2kqzKO\/RhFo1+EfhIsaL4JkP1Ngrxn0Z5fX73QPPK1KflOlF5RKMdvquu7u8NZCaAzrlYj+7kbl3YYywbHtqsa9GicvR6EFjGsIDMIcLmyFYbY8izQNRBPPjuyesVzYCjhCUZ1GM75y5iy\/eqfXvG6Li9zUGnvkdzAmC7nA="}
02319{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2155,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796254,"pkt_ts_usec":724372,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgR3cAAFQG4eYfDVY0wKgCEQG7wM2mvnEeAcaum4AQAHZeJgAAAQEIChT1nosNcHVw6EusdcfDyZp8leckSeoA1xIb1zN6JCO2zk1rbjLsjUbfZrrWeV5CKAylP+ACNDdxVNRvSd4LwoY1QMqqXUbraupXPcvkluvxkEzNmgdzdU05kdtQdv0a\/HLAXg1QH2SJ5RlxEAde9g6c\/SLXW7VN4yDDDeqlhlWUw4LmYEkRCi5hPcIZf08XAwMF7TPJdieMo7NXEz1Uyoi+gFmSs+cJuB99kwvdy6\/Hn64+uBNDAty0BZGlwc8i8\/v22Riwykc7135XtztFrAt2vihoMU3Ay\/\/rlbyC+1JLs1w6nby8CPJ+h\/qHMX\/6fviiBH\/w+DPNYPZ3aMCCE6Ys9A992Y6ayYJy3by3RkWpSB0KVvQjpwshigopPz9VyjdxLgpvEOYKJp8i4Ak0+5ULWiVJkuCawJPxqJSC0KZ+OEYkOLRTWZVpOAePDrflgFC5Y80YQbfq8b799hY8AVpLpTKrYglQ735boK4mVqH5QrnBvqvW50PNn3Nmr1Cr2mxgWlfMutI6\/TQ+Aivf\/gNAYeWQSwJh6JS2syWWzpAlJEtwBOHLpszhkSDkMrRBfuuG+dl7DdSMGJL8ThYfSeB95Hh6\/BoL34GN8k1l6OloojHxhlBE4EDcbajZZ0Lhk\/NfCGJOkfoLl4so2VCsw1xAf3vOSQ\/o6wtzEMdSOyaazvFnmERKB508LwlJCjJFgG5WZ6dnUfg+Q8RbwyjCOBdd1JSjt5AnDfnZp7P1wPw0xjRpG9PViSY\/A1qEdTD7goUbXdKAF7oMmIlRBC8GeJMRwineuE2sweypc9CI3ejnVTSL6pzM1L92IU+bl2RC2QvtrnQS3Mu7\/4q3Q9\/2rDYT0QzSMDKYgZTZ\/CpFXmY5wJWvezDIw4OR5hf3OUsaXmXDIGHewQHCVu3JXxXn\/wA65+ts+2OXR0RK6zkw1E\/3o1F\/p66+CGysyZnhKVZ2Kj8j1iTIH98DUXeZ57AzOnLBOHXEVY17lYHD2025IMPwfS9rwcv+WwAnkHUI6eI4QUuOXzel88ZPtzrDUsF6fiHLYB2XhY8iTwO9KlhLO2fcXY9NH3qqFUwVtvAINa7uav4awscdzxZtUXFMjfDIkjC5Bsj1TdWRxXriygb4dXivDE2dDJSm0DB8i1L8bnnK1F5L3N\/a0qVm2SQyi5yBVj+pEo6cZWGFFj7\/Ou7LtYk63qCNdjI6YeBdBXSCDi0aHlU0y1Sn5rujw2NHQOb4sbKrz\/+cqC9JjbJ6nr0NzB8htpNp+7qK+mVkbwJP4YH5hsTjVUKYP38b7hbMqcBPppPXYFaZNZ9OXoGyehUYNjJ2i8RaT+ckie9kiqk13eRM0ynaPkr2NJffMZBgpcZe7q3Zo4thnzKBNPeE+GyviKTalXj57wpWzTdrTNZey0vCNvGD9Pqg1IEv5Ht\/cI0VQU2\/kbPOEEVq6QtWkc9Ac0lsQsoc+eVzvFffUHMN2fMetXwsuHL2BTjuGSFg91+4IE5TFwp6Yli7J9X0pMoWB8zNfL8QUwsDWHZC+NLH+k5\/3tYNTJXbFdSV3LzqgiH03bpFG+R8ChwtOxsfLkFH+z+DRqwpCV72SIbyXORZW47q818vEr1b1gs40tatMqqaFAsUJPRVay3Nxvvs1B1gaQe9JnxxYT1cOQHG9QickkXR2RiD\/HxzTi92ZPMje0QwAMdlZcIig3zFYPAAcaIUG2Uuzyl8BCzIx3ED7jqYbhRe97UNv\/5Nj6rpwpgZoliwRQznXzebY6zebFnLhbHpj79SFscxkD\/\/RW8Qwp5BD1zAxAbV1VFsJdmb9\/vGXKQHmvDB9dnb5Dvxnq6+SEifWGnSk35V7TtB0NIoHyckLwfdxxP971c="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1568796265146,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1568796265146,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2216,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":146962,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDQAbvb0IW1AAAAALAC\/\/8u4wAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1568796265147,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1568796265147,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2217,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":147078,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDRAbs6ii8aAAAAALAC\/\/8mxAAAAgQFtAEDAwYBAQgKDXCenAAAAAAEAgAA"}
00441{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2218,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":158802,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNDH6s7\/29CFtqASbHAaPQAAAgQFeAQCCApocroGDXCenAEDAwg="}
00440{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2219,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":159201,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wNGAszpfOoovG6ASbHAHRwAAAgQFeAQCCApsGJ0PDXCenAEDAwg="}
00428{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2220,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":159904,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IW2x+rPAIAQCAytJAAAAQEICg1wnqpocroG"}
00428{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":160373,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDRAbs6ii8bgLM6YIAQCAyaLgAAAQEICg1wnqpsGJ0P"}
00980{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":162664,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"pkt":"xiwDYGpkxGGLNYKpCABFAAHIAABAAEAGATbAqAIRHw1WNMDQAbvb0IW2x+rPAIAYCAyIwgAAAQEICg1wnqtocroGFgMBAY8BAAGLAwPdyPi3QPqLzsTAPn4hA3TSqwNIH2VLRQoVcBAkqqgQZiAVVtgPkL5YKAYDZH3R54j++7adj7J3C5T+\/WxuRVW3nAAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgEap\/WHdrgE\/7MIaVYINPxAabJBwz3YigseE3IZK\/GAYADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAK4AiQCDk7JELb9TNLP0bj9gRMRkOJvPqRKtoboU\/jiXhirj8KoAAAAA0R83NY2xlS21RB+Ky1WN+gPP8p0w8+O2jdwGhxiwtDX77+HilbLh9lPlIOCv+O6DXIIy461AN\/1VgaFznAAOuF6g91qcCRHhPuyIutRIMLcftRUTfgFJZajUo+ztdbr8DWSWACEgpjCChLFmbc5\/ZokbEyiu1hK1B1OCPU\/bxY3bS\/GUuzE="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2222,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1568796265146,"flow_last_seen":1568796265162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01143{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2223,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":162734,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"pkt":"xiwDYGpkxGGLNYKpCABFAAJCAABAAEAGALzAqAIRHw1WNMDQAbvb0IdKx+rPAIAYCAyE1gAAAQEICg1wnqtocroGFAMDAAEBFwMDAgPq5dxiU+XpJOXyTkDHGhxF+P8r+cTDmHS6C7PaSxO9z+v3cTmbSBNiRx5dWKPSeHOZKxg9Q4N3JkRA6iofTHFoLw1F3kCMA+3nQ7C+Z5X1dLhjQ8q9X7K7zwxP3TxeCjpmVhYbfKK88YN40oY14MasZmWgnmKmKRGFu87Q8KxPBBbd8JlkqP0Hx8vwnVFTdH9qh2ysqVCLEZ5B5gPdxaH+2CBDP4O845J+zQpC9MJGTCHkkaVdnSn360eVwI8aB\/9nxBWWo\/r1SG+g9O+vGwuFKbBoCDcBDGnA765iRTN22nnBB+ZiWM98HwEKJg\/mR9GqK+s0bdxfEfcAsSs+60qTqh0dE1hV86SS2RQ\/DHP9Skr0P\/c8ALAGd\/7DedBxhJMwjhO+yiEpH4aR9uF9MZObdbuQPE\/kOnGp8HKoWepztTlmqnwu52NR8dvA1r9xDGnwfTGd4QNoShfDncOL8sY2D9RTihxBwfBtN0bo8DkWgYy++4Gf\/16ge1CmGXy97R9nX7WGI1uOhXZ3pCTLef2UNDY5jRWIZQ0x6IOt8Ub19WcRqsLOzNUrX6Y7HWFgYdf7wgfA3GmsjmBBLdF1zMixD9fbcxC2QIn8uQOaowhRcRb0sMaEIYIK3i+0Rlo93Qhi6ABoF2pO2KDdliqXqqDkvrKu7mNFNBTIq89smWsWYJwuPA=="}
00975{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":162908,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"pkt":"xiwDYGpkxGGLNYKpCABFAAHIAABAAEAGATbAqAIRHw1WNMDRAbs6ii8bgLM6YIAYCAxkcwAAAQEICg1wnqxsGJ0PFgMBAY8BAAGLAwOAqhQQeNECe\/+9\/hWEsCUXoBmc17WJwpN6Dv+uZppp4CCxDRGsDttILxCLJQMyNqEqreyralyMGp7g0Opm0yvFgwAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgDflfr8Yn3nqwAFG2UPszT201MszUPsD3TkZS35zQnVoADQAGAAQEAwgEAAAAJQAjAAAgc2NvbnRlbnQtbXhwMS0xLmNkbmluc3RhZ3JhbS5jb20AEAALAAkIaHR0cC8xLjEALQADAgEAACoAAAApAK4AiQCDk7JELb9TNLP0bj9gRMRkOJvPqRKtoboU\/jiXhirj8KoAAAAA0R83NY2xlS21RB+Ky1WN+gPP8p0w8+O2jdwGhxiwtDX77+HilbLh9lPlIOCv+O6DXIIy461AN\/1VgaFznAAOuF6g91qcCRHhPuyIutRIMLcftRUTfgFJZajUo+ztdbr8DWSXACEgUIntR5IHbn7YSyVV4jLlbmIrJs0jkHe7vUfeBcNmXco="}
-00799{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":32,"flow_max_l4_data_len":436,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2224,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1568796265147,"flow_last_seen":1568796265162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":404,"flow_tot_l4_payload_len":404,"flow_avg_l4_payload_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01149{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":163365,"pkt_caplen":592,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":592,"pkt_l4_len":558,"pkt":"xiwDYGpkxGGLNYKpCABFAAJCAABAAEAGALzAqAIRHw1WNMDRAbs6ijCvgLM6YIAYCAw4cgAAAQEICg1wnqxsGJ0PFAMDAAEBFwMDAgNo3PMGBE3Uy7mxkQeoZAJTCt\/t5mahCav99zTkK60ANTi+qGC30\/CXHNXA43ZPIq7\/C8M0ztacgfWPQTZMeHj28d+rHdUOBleRXFAAr12VCclSZPY11daZ7KPyEgGZ1WfWSKHMsGqUqVO9ISzL9tqh0xQi2oegbTDcvXAEaEeixyc7iE\/5Fbfdm2zGSkEoYdL8VOMoTV5Fq6WPjUf3uU0vQaabxg+nUWJATEYIamAT4GZ3pXch4q0Pzta37XFFiNMjS9UwN+uf\/W0VKBeUeWGMENVCs+41kjAjNqhNA7OfvACTE5Oe+EDw3SyWrtv2H+tuBRZlWOstBndp0uXzEtziTTvaW56JowDlFZSKZhr2YrXphECVIbTUjw1e3xB2U8ZXoCyUpn7KM6E36TKhlSct49iYusL+24jY\/PlEgf33kx8t\/PfC+6\/SSu\/dfiM6b+kqTUwfBrh39j9f4gYAdXaMfaJYEoLOjAFRa9RvR7Vc1i\/9QTr6DBNO5geRmghq+lJPdQsftLL4yiZTtBTj+OyJQ+uaUvyImw8J3xyAmoT8+rJ3HDj74zCanSiyVtZOpN9wGncTMVd6u26hqRxKasSy5t3bDDXyPWVlSvqe6TG0IgEdl7\/lgVcyv9nm82si\/V1YhXj4nvJRWMnZnYXuWFehOLEv3hLdjMFgwTI+1\/aCR\/7VBg=="}
00428{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":175155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0pmQAAFQGiGUfDVY0wKgCEQG7wNDH6s8A29CHSoAQAHGzGgAAAQEICmhyuhYNcJ6r"}
00428{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":175182,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0pmUAAFQGiGQfDVY0wKgCEQG7wNDH6s8A29CJWIAQAHWxCAAAAQEICmhyuhYNcJ6r"}
00428{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":175188,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0soQAAFQGfEUfDVY0wKgCEQG7wNGAszpgOoowr4AQAHGgIwAAAQEICmwYnR8NcJ6s"}
00428{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2229,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":175194,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0soUAAFQGfEQfDVY0wKgCEQG7wNGAszpgOooyvYAQAHWeEAAAAQEICmwYnSANcJ6s"}
00731{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":175583,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xGGLNYKpxiwDYGpkCABFAAESpmYAAFQGh4UfDVY0wKgCEQG7wNDH6s8A29CJWIAYAHVf5AAAAQEICmhyuhcNcJ6rFgMDAIACAAB8AwMlL28rg92sKmQb9oGsNMA+RajkL2IcaAywIjBJDhpxKCAVVtgPkL5YKAYDZH3R54j++7adj7J3C5T+\/WxuRVW3nBMBAAA0ACsAAvsaADMAJAAdACBLc7TMN4ezhX8UBdIZR11Gtyb7BW6N++w7k3CE+t6MWQApAAIAABQDAwABARcDAwBOz14LPIfQi+FO0wtI1TWbwAK14UAyz\/1ipvZhDtW0uIPParyoZ+aSMyX1yyoo+\/e60Nn17Tb\/xDWifGL2enVYALLTd5yia8f4iYqQvWdS"}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":32,"flow_max_l4_data_len":558,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2230,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":8,"flow_first_seen":1568796265146,"flow_last_seen":1568796265175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
00729{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":176036,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"xGGLNYKpxiwDYGpkCABFAAESsoYAAFQGe2UfDVY0wKgCEQG7wNGAszpgOooyvYAYAHX9OgAAAQEICmwYnSANcJ6sFgMDAIACAAB8AwOYxNukl4Ng6qf3UXkEJHyQV7Ck+8Jb66Xy5wDWnotJjyCxDRGsDttILxCLJQMyNqEqreyralyMGp7g0Opm0yvFgxMBAAA0ACsAAvsaADMAJAAdACDdXsZJOtqKLBliZFG+ohtftoYKIDc2G9X38jB8J\/nWaQApAAIAABQDAwABARcDAwBOMaIC9pi0AJ8pG7dNcThNnUDCeU9+95y2p\/z5ZkrLshQhjucbJodbnFZ4Q775Cwq0NpVDkN1aAnRf3MSIxgEXSNG+F3e3xiRxFc7+wi8w"}
-00846{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":32,"flow_max_l4_data_len":558,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
+00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2231,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":8,"flow_first_seen":1568796265147,"flow_last_seen":1568796265176,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":526,"flow_tot_l4_payload_len":1152,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3 (Fizz)","client_requested_server_name":"scontent-mxp1-1.cdninstagram.com","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}
01289{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2232,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":176691,"pkt_caplen":699,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":699,"pkt_l4_len":665,"pkt":"xGGLNYKpxiwDYGpkCABFAAKtpmcAAFQGhekfDVY0wKgCEQG7wNDH6s\/e29CJWIAYAHUXkAAAAQEICmhyuhgNcJ6rFwMDAnRHVTwxdgSUoBCLXE+exalRUAKH\/1oDe+uOubl4Ll1CPcJpA34WK\/baIg\/U4\/4z6yDJgJUh5ZcWsXAMTO0XXhuYsxp2VjDoVg29HrQVmh66BrMiqzZUwzfQrdkV6BD0gGxZLlsxNFGf4+6yqFSS4mWbzMfcEda+x1BvwdBaGufd5xSjgZuxkSnuJC+XTbbR1E6FMJEcQ02Dtt03n57iQGU3qexYkYEb0krSEFbf4y40pvfqaMbb\/FaOwt8BOarQpHfH3ed7J55NKS6rtZcnZb5mmOJa2IvH9b2xVzLyZYGKg9ZDPx2gELwyxpxuaXrVxKE\/Mz3SRV1G3yXBBlTnR1EYozYI9aR6m6+DtkVrnUxHKzAnMBh5sFUTvaq+yMwqZxbkJqEZXKodoUXT15zWQGBapxa1Aj0GtiNUVfKPz\/1kebzdeNb5zbOZPb8YJnNAInnA287o3h71DqAHFQVk5HyFGSOYqBOaMKLHdAF6gWWY83YBljAzjMnz298ftwSl9qPrbX\/XFTBcjKRdVQaPA6X\/KEp20\/J1Hre0s2FJG\/kUGMm876hvXD+Uk0zX05OacBzPzUyD8Ke3fh0J4KByuuNkixVriW0BHtS08Bn9bzvNjkwsQcLZbng4x2r1YouIJZt5GthOSkd62YANTlTz1Scyw\/iE5gpjwGrqaC+HxRo4sZpLH55E7xZIXnKW+GJPTjEYoUIVPK0SxGspKjvyLpigj7yIGCVytsJFTl\/aIC9MvHrBvHU7WSYQy6FBPYQvchbtEsJg6jATlOYEWSgGX0kIGywIA3MW738QuCchxP8vXuwk7WhoZrrW8l4mwtOyxYQhi+KX"}
00429{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2233,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":176854,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAsrAqAIRHw1WNMDQAbvb0IlYx+rP3oAQCAioiAAAAQEICg1wnrlocroX"}
00461{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2234,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":176955,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xGGLNYKpxiwDYGpkCABFAABLpmgAAFQGiEofDVY0wKgCEQG7wNDH6tJX29CJWIAQAHXC3wAAAQEICmhyuhgNcJ6rFwMDABLavfURPg+gJrbDUe9058jhwTw="}
@@ -493,10 +493,10 @@
01481{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2787,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":322176,"pkt_caplen":840,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":840,"pkt_l4_len":806,"pkt":"xGGLNYKpxiwDYGpkCABFAAM6sogAAFQGeTsfDVY0wKgCEQG7wNGAszvwOoozEYAYAHXMHQAAAQEICmwYnbINcJ7HFwMDAwH4IYO\/bnnJPpH2DUUq24IcQv54cTP9ANeHQki28uc11Zu8OsVJG6uckSDRqBAgjrXAsFeNh+Hv6q6qBibXcpxbHPtoMJsq1oRmb215W6vtqN+YTG40\/ynzRKu85d8till4rarc9YXOmpU1KG5EBWACHnEUweSzUmZkGh18FWlI9s8VRe4GjaTavryYOpvi4f\/+l06O7cDmQus+nkfJO4FQRW6BYPehnbLtz9U7ONeMP4fKM48X8FXls0g6mB5ZNfCJv01BDdKkDY6HBVwxmV79Tb\/H5Tdd8KcftJrWYxhDlgNLbhwY0QubVBbrSa0gXnPH11GYGFJHNEKVIReo0\/xndiA7tum04CK0itI5icJi1VvmrIcD7RrGinsZY8eHcqss5hXJ\/UvNwpzQaqfbJVtYkGphDfyR9\/zPKqCqENMBHQwHYWdwCxW4tDOPtahcfEE1FrcCDMLphxX3HLH6wdcLRmIUGlpz9NmV9VS6v+97qt\/Hb9fCN6HYzQnwrcy66pdRLsgWXNLTPNsjso9WcGNNcQ+8dXBT0fZtBgBE+5nJyZcIh0UzQ8AcGGl8kslDuuUPZBxg35luxbTCvrc8e7iau8z6bstz508MpVXRcZwI494X6uiOToSH6GrJSisd5MNSv5KSGbCRlpLCYEucEG5VpxzmIitJ1Jf8EDSVwy\/3J7TX1zjsb1Ue3aZ206N4zZGKiDVdfaGp4\/wHZRYF0nnEaY5uM6EQ4Zzx1JiNd28m5diz3P0+P6A4heeZ42NY37OLTJq\/ZvnsTZgeE4euBKzE30x8SOSrGYQSj2kUev0T3C+NBnFwvL4huBLq4W5I\/uASFVHeBzURQOYXDz4yDBG0aRL+36d6h5qovqzAyE6Kmb+lvblKXtkJFS61xhIkunE1dL3SFrz55nJd7t\/Sz2pszmcydnp5MyXLYST5RDDWk\/c50pB\/Yqr0vT1PV2B0sjQdp\/rNvTxQ\/NzEaC4OoeYQROBYHEFqAasbYpu5I0TTuCbJws4VIbnd8XVToLncEhYo"}
00461{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2788,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":322186,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xGGLNYKpxiwDYGpkCABFAABLsokAAFQGfCkfDVY0wKgCEQG7wNGAsz72OoozEYAQAHXKpwAAAQEICmwYnbINcJ7HFwMDABJgUObMp8Yh43VpzLWrtvs+vcU="}
02312{"flow_id":38,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2789,"source":"instagram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568796265,"pkt_ts_usec":323062,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"xGGLNYKpxiwDYGpkCABFAAWgsooAAFQGdtMfDVY0wKgCEQG7wNGAsz8NOoozEYAQAHW\/AwAAAQEICmwYnbINcJ7HFwMDBe2fuVF69OnvL+7P6xeUZG8KfIdGISriqfPejAtsrrSyGYAC6x0\/+7AbN+P8YnMWW6CDlHjG66lfeP42+RUSTfASQSqypWeLVlORWb79sRKDmwZhV6g5kOE5w7\/pHKNDHR99kVf3FYZzzgk5qxjpsTC2KgyeyXH9LQZoLmBnr4b3YC52p4KGXyCPV\/lCQHXJxEbYhJLN8DmSxOlTvCGvWRT\/Jq61slV+D\/bey\/H\/v5nBoJ5AARuAjzkg44tySQ1XNvUBJcL85Y4qz79nhrLc2l2VSZSdpD2j9YG\/9uxThvE7O9aEZzulHwRgggXtp4B6IO8AhEmtKUHqrz9YvZF3q4MRKwvN3yZObLbXln0IBjXzWzei1AFo8jafHnKRrtUl6jMCnWCt\/WIImUGxXsfT9IFaJfn8TV3ZVc8IH8pqv2cSn\/Cqvisvot04ybKT4A9383Gjtw2FLMcgdV5hW4AwE4\/NE+2eWD4u385bxkHF3lP5h6hyQdy9iVO8vEaHIyIXTJwLh7WP5S1baTvWdpXE8tJD1+tR+Bj6KtV+GMb0U4rAEDwUL5tESThIWX0+HZmRIhjOlLGqUtGKBYg\/H6lIuAYsOIMtOjzBDtc11R9rg2fHFILECq3RMn3zR9RKUAop5WXUwbJaO9HlEMqbSLQA82+RC13J6TDwmD1TUSgjlx84SdbyIiqrLKAOJeOp0igi20nXOqbC0NVT04xp50pHYtcDgZWf\/jRxYk0UctNP7uPo6APIyZRmuI8kT7kscW90h2XxB8Fjg2aGyf4mNWmD\/ZSlOMBCxj9OQEoOBTfkDH9oOjw24gkiUjASuCD5poPvSRUnWr0adFS1BdAmtRpwKpffyziTsyOajQMT1FFSn4LBjxD\/SbxHYyLj8VwwiaV3+HBxL9GqPMsPa9iU5RNggzTWYn+0K3HWpRqnWLR+fjXpzb6fW1jWF2UvOuGaVpb6MeDZv5q3qTne+rXd5kABZG23quMWNl8r45ecmjXG1WRUc45Pive8v3yuoJ6\/bt8Xe28g5WvAY8In4SLj+cmDPkXXSAzvr2tmZ2XVIvY8fPjzKJTLsspkgD4AcdQf9kDka+q\/hHEKKcplBoVe3A5qB5PzZbq2OX2D19RgjIMwShzm85IjuR6bLk9rgYBsxM8xhSgmPrpU\/UZepmoLLfUZwgx6yaV2OUDddq6a9npr2exIHpCocATVOpq2\/QCVRTuFfvGK+OPEHd1U0t46YhFqwW3Py2t45mq+L31nfvqoJvZKlVIjPJdLGuZkzrPPUusdYT+uDtAtjLqBHgAxCE4kqU39GMFCy4YTlHUrQJ8adU2LFOqumui4ry8r83G8oGKQg8IbCGxy5JJiHk6bWZJ8ipgLbJXKDoYgnbQX2kNZOt5HZFoEH+5jIlvpqfvqY3vpJBpyrGNUfeDSmnbLUbjAIZsh0ScSALxOl5loLGZ5TbZDnbKA5Vkak54gIiohpCpy6itmcR6esIfTPw\/SccTY9fB1Pe3OHQ2q5EQehAkVrIkDzp\/ApxHtUgNwCHalLszkTkPxQQl+AXreA\/IULTlygORuxIKXta77VClV7LbrqdAmC+K+8CiwLKrT1KcACuDL\/Jnhfn8L2+foxiDOXHEQBMcKKfaZ4QRBUf7csyvL09SuibgPklafIPLJf5KCLNyy4ir2vyR49icAlNuMA\/4BLAJzY2XCDuYZOIJFDz1Lkt8vbiXkn4XYysnhUnPsj3JtOxlwOaEHFvJDnfv7dMLZ089SnaJueBZZlxi4mbLqMQbWqf08oMhWFPStVsGMNWX2nRmDofAhKsEe8okDpLgY3axsYOEhsrSFlvhHxt1GEvGvqQHw6vLJ8HA="}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_tot_l4_data_len":1263938,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":925,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_tot_l4_data_len":102410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":711,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_tot_l4_data_len":296046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":763,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_tot_l4_data_len":162614,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":707,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_tot_l4_data_len":283527,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":789,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_tot_l4_data_len":162004,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":764,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1366,"flow_first_seen":1568796253770,"flow_last_seen":1568796268061,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1220206,"flow_avg_l4_payload_len":893,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":144,"flow_first_seen":1568796254514,"flow_last_seen":1568796268054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":97782,"flow_avg_l4_payload_len":679,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":388,"flow_first_seen":1568796254515,"flow_last_seen":1568796268054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":283610,"flow_avg_l4_payload_len":730,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test"}
diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out
index 9b587245d..3e0311190 100644
--- a/test/results/ip_fragmented_garbage.pcap.out
+++ b/test/results/ip_fragmented_garbage.pcap.out
@@ -1,5 +1,5 @@
00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":697756,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":697792,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="}
00185{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -625,7 +625,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":312,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244024,"pkt_ts_usec":701616,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkVUUiVZXlUm"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":313,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":1741,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":1770,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjxNTkJIR0ZERVcjQCQlXkg="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":315,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -1251,7 +1251,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":625,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00366{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":5485,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiomXiUkI0Aj"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":626,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":305644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQlXiYqKComXiUkI3JzZGy7owAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":305666,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnVoZ2tmZHNia252Yy8udGc="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":628,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -1877,7 +1877,7 @@
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":938,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":309702,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAikoKiZeJSQj"}
00186{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":939,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":609837,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkAhQCMkJV4mKigpKComXiUNOgAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":609868,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCMkJV4mKigqJl4lJCM="}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":941,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -2503,7 +2503,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1251,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":612419,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjI0VU"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1252,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":912535,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAlIlWV5VJkkqT1B7IjpoZGY4UAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":912559,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAmxrZGE+TDxNTkJIR0ZERVc="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1254,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -3129,7 +3129,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1564,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244025,"pkt_ts_usec":916928,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjIwNTEpKCom"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1565,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":217057,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4lJCNAIyQlXiYqKComXiX0OgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":217098,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjcnNkbHVoZ2tmZHNia24="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1567,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -3755,7 +3755,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1877,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":221133,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjc0ODM5Niko"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1878,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":521464,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiomXiUkI0AhQCMkJV4mKigSPwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":521480,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCMkJV4mKig="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":1880,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -4381,7 +4381,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2190,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":525502,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkRGR0hKSyZe"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2191,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2192,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":825625,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyNFVFIlWV5VJkkqT1DEpQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":825655,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAnsiOmhkZmxrZGE+TDxNTkI="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2193,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -5007,7 +5007,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2503,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244026,"pkt_ts_usec":828950,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjQ2MzE5ODIw"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2504,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":129094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjUxKSgqJl4lJCNAIyQlXiYeLwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":129126,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiooKiZeJSQjcnNkbHVoZ2s="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2506,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -5633,7 +5633,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2816,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":133001,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdSP3NSPzc0"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2817,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2818,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":433145,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjgzOTYpKComXiUkI0AhQCMkIQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":433213,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQlXiYqKCkoKiZeJSQjQCM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2819,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -6259,7 +6259,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3129,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":437080,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGRDIqJkRG"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3130,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3131,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":737251,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdISksmXiUkIyNFVFIlWV76VAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":737294,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlUmSSpPUHsiOmhkZmxrZGE="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3132,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -6885,7 +6885,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3442,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244027,"pkt_ts_usec":741595,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdWCjQyMTQ2"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3443,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":41673,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjMxOTgyMDUxKSgqJl4lJCNCBAAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":41690,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkAjJCVeJiooKiZeJSQjcnM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3445,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -7511,7 +7511,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3755,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":45580,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnRnP0dSP0dS"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3756,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3757,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":345706,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9zUj83NDgzOTYpKComXiX\/oQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":345739,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiQjQCFAIyQlXiYqKCkoKiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":3758,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -8137,7 +8137,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4068,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":349651,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiooS0lKSEdG"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4069,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4070,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":649780,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkQyKiZERkdISksmXiUkIyM4jgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":649809,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkVUUiVZXlUmSSpPUHsiOmg="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4071,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -8763,7 +8763,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4381,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":653442,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkAkJV5IQkdW"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4382,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4383,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":953588,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAgo0MjE0NjMxOTgyMDUxKSh91wAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":953636,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiomXiUkI0AjJCVeJiooKiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4384,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -9389,7 +9389,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4694,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244028,"pkt_ts_usec":956465,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmMvLnRnZnRn"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4695,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4696,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":256594,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAj9HUj9HUj9zUj83NDgzOTbYPAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":256646,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAikoKiZeJSQjQCFAIyQlXiY="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":4697,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -10015,7 +10015,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5007,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":259607,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiZeJSQjJioo"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5008,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5009,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":559709,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAktJSkhHRkQyKiZERkdISkvKWwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":559729,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjI0VUUiVZXlUmSSo="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5010,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -10641,7 +10641,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5320,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":564214,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkdGREVXI0Ak"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5321,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5322,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":864332,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiVeSEJHVgo0MjE0NjMxOThZagAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":864365,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjIwNTEpKComXiUkI0AjJCU="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5323,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -11267,7 +11267,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5633,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244029,"pkt_ts_usec":868690,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmRzYmtudmMv"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5634,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5635,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":168906,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAi50Z2Z0Zz9HUj9HUj9zUj92mAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":168934,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjc0ODM5NikoKiZeJSQjQCE="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5636,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -11893,7 +11893,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5946,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":173286,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiVeJiooKiZe"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5947,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5948,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":473370,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiUkIyYqKEtJSkhHRkQyKiYtwwAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":473391,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkRGR0hKSyZeJSQjI0VUUiU="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":5949,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -12519,7 +12519,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6259,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":476844,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAgAAAAAAAAAA"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6260,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6261,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":777079,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAjQyMTQ2MzE5ODIwNTEpKCpc2AAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":777103,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAiZeJSQjQCMkJV4mKigqJl4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6262,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -13145,7 +13145,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6572,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244030,"pkt_ts_usec":779976,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAi8udGdmdGc\/"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6573,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6574,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":80090,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkdSP0dSP3NSPzc0ODM5NinCaAAA"}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":80118,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAigqJl4lJCNAIUAjJCVeJio="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6575,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -13771,7 +13771,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6885,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":84232,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4lJCMmKihL"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6886,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6887,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":384369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAklKSEdGRDIqJkRGR0hKSybhaQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":384408,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4lJCMjRVRSJVleVSZJKk8="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":6888,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -14397,7 +14397,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7198,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":388716,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAkZERVcjQCQl"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7199,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7200,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":688865,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl5IQkdWCjQyMTQ2MzE5ODLvxgAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":688906,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjA1MSkoKiZeJSQjQCMkJV4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7201,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -15023,7 +15023,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7511,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":693735,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnNia252Yy8u"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7512,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7513,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":993869,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAnRnZnRnP0dSP0dSP3NSPzcd6AAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":993916,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjQ4Mzk2KSgqJl4lJCNAIUA="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7514,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -15649,7 +15649,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7824,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244031,"pkt_ts_usec":998110,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAl4mKigqJl4l"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7825,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7826,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":298278,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiQjJiooS0lKSEdGRDIqJkRIiQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":298314,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZHSEpLJl4lJCMjRVRSJVk="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":7827,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -16275,7 +16275,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8137,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":302589,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAjxNTkJIR0ZE"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8138,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8139,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":602706,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkVXI0AkJV5IQkdWCjQyMTQCqQAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":602745,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAjYzMTk4MjA1MSkoKiZeJSQ="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8140,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -16901,7 +16901,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8450,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":607084,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAnVoZ2tmZHNi"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8451,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8452,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":907272,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAmtudmMvLnRnZnRnP0dSP0cRsQAA"}
00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":907313,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAlI\/c1I\/NzQ4Mzk2KSgqJl4="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8453,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -17527,7 +17527,7 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8763,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244032,"pkt_ts_usec":911219,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAiQjQCMkJV4m"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8764,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8765,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":211391,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAiooKiZeJSQjJiooS0lKSEc0yAAA"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":211444,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":50,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAkZEMiomREZHSEpLJl4lJCM="}
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":8766,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
@@ -18153,62 +18153,62 @@
00188{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9076,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534244033,"pkt_ts_usec":215628,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":42,"pkt_l4_len":0,"pkt":"QgEK8AABQgEK8AAbCABFAAAcAKACcEAGY0kKAAACCoAAAmxrZGE+TDxN"}
00187{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":8}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1534244025609,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16417,"dst_port":16419,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1534244026825,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1534244030473,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9508,"dst_port":8998,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1534244026521,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10790,"dst_port":24101,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534244024697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1534244025001,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1534244031688,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24136,"dst_port":16967,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1534244032602,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17751,"dst_port":9024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1534244027433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":14387,"dst_port":14646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1534244029256,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16199,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1534244031384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18762,"dst_port":18503,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1534244027737,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18248,"dst_port":19019,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1534244028345,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":16243,"dst_port":21055,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1534244032907,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":27502,"dst_port":30307,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1534244026217,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24101,"dst_port":9251,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1534244025305,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9253,"dst_port":24102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1534244032298,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9251,"dst_port":9770,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1534244031993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":29799,"dst_port":26228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1534244025912,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":21029,"dst_port":22878,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1534244033211,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":10792,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1534244028953,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":2612,"dst_port":12849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1534244028041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13105,"dst_port":14648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1534244030777,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13362,"dst_port":12596,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1534244029559,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":19273,"dst_port":19016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1534244029864,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":9566,"dst_port":18498,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1534244030168,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":11892,"dst_port":26470,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1534244028649,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":17458,"dst_port":10790,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1534244027129,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1534244031080,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00143{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test"}
diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out
index 9ce84782c..f90d026b5 100644
--- a/test/results/iphone.pcap.out
+++ b/test/results/iphone.pcap.out
@@ -1,55 +1,55 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01081{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454552,"pkt_ts_usec":576659,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":219847,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCUAAP8RQoAAAAAA\/\/\/\/\/wBEAEMBNI0tAQEGAHhURwkAGwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_tot_l4_data_len":1165,"flow_min_l4_data_len":1165,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":1165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1582454553219,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01944{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":606988,"pkt_caplen":1199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1199,"pkt_l4_len":1165,"pkt":"AQBeAAD7xiwDYGpkCABFAASh9MAAAP8RHubAqAIB4AAA+xTpFOkEjReaAACEAAAAAB4AAAALDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOnA6QABgAEAAAB4AATAqAIBwOkAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAC+AAQAAEZQACcAMAAUAAIAAQMEzAC+AAQAAEZQACcEzAAUAAIAAQMFvAC+AAQAAEZQACcFvAAUAAIAAQMGyAC+AAQAAEZQACcGyAAUAAIAAQMHuAC+AAQAAEZQACcHuAAUAAIAAQMKTAC+AAQAAEZQACcKTAAUAAIAAQMLjAC+AAQAAEZQACcLjAAUAAIAAQMDpAC+AAQAAAHgACMDpAARAAAAIAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_tot_l4_data_len":1165,"flow_min_l4_data_len":1165,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":1165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_tot_l4_data_len":1165,"flow_min_l4_data_len":1165,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":1165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1582454553606,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01977{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":607048,"pkt_caplen":1219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1219,"pkt_l4_len":1165,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBBI0R\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QSNi88AAIQAAAAAHgAAAAsNTHVjYeKAmXMgaU1hYwZfb2Rpc2sEX3RjcAVsb2NhbAAAEIABAAARlAA0M3N5cz13YU1BPUM0OjJDOjAzOjA2OjQ5OkZFLGFkVkY9MHg0LGFkRFQ9MHgzLGFkQ0M9MAlfc2VydmljZXMHX2Rucy1zZARfdWRwwCYADAABAAARlAACwBrAGgAMAAEAABGUAALADA1MdWNh4oCZcyBpTWFjDF9kZXZpY2UtaW5mb8AhABAAAQAAEZQAGg5tb2RlbD1pTWFjMTEsMwpvc3h2ZXJzPTE3CV9rZXJiZXJvcwpMdWNhcy1pTWFjwCYAEAABAAARlAAzMkxLREM6U0hBMS40OTI0ODBDM0VBODI4Mjc3MUEwRDI4OEYxMTFFRjlFNzUxRjk1QTYzDUx1Y2HigJlzIGlNYWMEX3NtYsAhABCAAQAAEZQAAQDAawAMAAEAABGUAALBQcFBAAwAAQAAEZQAAsEzDUx1Y2HigJlzIGlNYWMLX2FmcG92ZXJ0Y3DAIQAQgAEAABGUAAEAwGsADAABAAARlAACwX3BfQAMAAEAABGUAALBbw1MdWNh4oCZcyBpTWFjBF9zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwcDBwAAMAAEAABGUAALBsg1MdWNh4oCZcyBpTWFjCV9zZnRwLXNzaMAhABCAAQAAEZQAAQDAawAMAAEAABGUAALB\/MH8AAwAAQAAEZQAAsHuwAwAIYABAAAAeAAIAAAAAMAAwOnBMwAhgAEAAAB4AAgAAAAAAb3A6cFvACGAAQAAAHgACAAAAAACJMDpwbIAIYABAAAAeAAIAAAAAAAWwOnB7gAhgAEAAAB4AAgAAAAAABbA6Q1MdWNh4oCZcyBpTWFjBF9uZnPAIQAQgAEAABGUAAEAwGsADAABAAARlAACwqHCoQAMAAEAABGUAALCk8KTACGAAQAAAHgACAAAAAAIAcDpDUx1Y2HigJlzIGlNYWMPX2NvbXBhbmlvbi1saW5rwCEAEIABAAARlABYFnJwQkE9NTk6NTE6MDI6MkY6QTQ6RkYKcnBWcj0xNTIuMRFycEhJPTA3MTZkMDU5NDRhZhFycEhOPThiNTMyNDM1OWQ3ZBFycEhBPTI4ZDRiZWQ1MTc4MMBrAAwAAQAAEZQAAsLxwvEADAABAAARlAACwuPC4wAhgAEAAAB4AAgAAAAAwAPA6cDpAAGAAQAAAHgABMCoAgHA6QAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpkwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAwOkAL4ABAAAAeAAIwOkABEAAAAgAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_tot_l4_data_len":1165,"flow_min_l4_data_len":1165,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":1165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_tot_l4_data_len":1194,"flow_min_l4_data_len":1194,"flow_max_l4_data_len":1194,"flow_avg_l4_data_len":1194,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1157,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1157,"flow_avg_l4_payload_len":1157,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01984{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454553,"pkt_ts_usec":607164,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1228,"pkt_l4_len":1194,"pkt":"AQBeAAD72DBiVgAcCABFAAS+xrMAAP8Rg6ip\/uHY4AAA+xTpFOkEqgnaAACEAAAAACAAAAAKDUx1Y2HigJlzIGlNYWMGX29kaXNrBF90Y3AFbG9jYWwAABCAAQAAEZQANDNzeXM9d2FNQT1DNDoyQzowMzowNjo0OTpGRSxhZFZGPTB4NCxhZERUPTB4MyxhZENDPTAJX3NlcnZpY2VzB19kbnMtc2QEX3VkcMAmAAwAAQAAEZQAAsAawBoADAABAAARlAACwAwNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AIQAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xNwlfa2VyYmVyb3MKTHVjYXMtaU1hY8AmABAAAQAAEZQAMzJMS0RDOlNIQTEuNDkyNDgwQzNFQTgyODI3NzFBMEQyODhGMTExRUY5RTc1MUY5NUE2Mw1MdWNh4oCZcyBpTWFjBF9zbWLAIQAQgAEAABGUAAEAwGsADAABAAARlAACwUHBQQAMAAEAABGUAALBMw1MdWNh4oCZcyBpTWFjC19hZnBvdmVydGNwwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsF9wX0ADAABAAARlAACwW8NTHVjYeKAmXMgaU1hYwRfc3NowCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsHAwcAADAABAAARlAACwbINTHVjYeKAmXMgaU1hYwlfc2Z0cC1zc2jAIQAQgAEAABGUAAEAwGsADAABAAARlAACwfzB\/AAMAAEAABGUAALB7sAMACGAAQAAAHgACAAAAADAAMDpwTMAIYABAAAAeAAIAAAAAAG9wOnBbwAhgAEAAAB4AAgAAAAAAiTA6cGyACGAAQAAAHgACAAAAAAAFsDpwe4AIYABAAAAeAAIAAAAAAAWwOkNTHVjYeKAmXMgaU1hYwRfbmZzwCEAEIABAAARlAABAMBrAAwAAQAAEZQAAsKhwqEADAABAAARlAACwpPCkwAhgAEAAAB4AAgAAAAACAHA6Q1MdWNh4oCZcyBpTWFjD19jb21wYW5pb24tbGlua8AhABCAAQAAEZQAWBZycEJBPTU5OjUxOjAyOjJGOkE0OkZGCnJwVnI9MTUyLjERcnBIST0wNzE2ZDA1OTQ0YWYRcnBITj04YjUzMjQzNTlkN2QRcnBIQT0yOGQ0YmVkNTE3ODDAawAMAAEAABGUAALC8cLxAAwAAQAAEZQAAsLjwuMAIYABAAAAeAAIAAAAAMADwOkDMjE2AzIyNQMyNTQDMTY5B2luLWFkZHIEYXJwYQAADIABAAAAeAACwOnA6QABgAEAAAB4AASp\/uHYwAwAL4ABAAARlAAJwAwABQAAgABAwTMAL4ABAAARlAAJwTMABQAAgABAwW8AL4ABAAARlAAJwW8ABQAAgABAwbIAL4ABAAARlAAJwbIABQAAgABAwe4AL4ABAAARlAAJwe4ABQAAgABAwpMAL4ABAAARlAAJwpMABQAAgABAwuMAL4ABAAARlAAJwuMABQAAgABAw5UAL4ABAAAAeAAGw5UAAgAIwOkAL4ABAAAAeAAFwOkAAUAAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/tgwYlYAHA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_tot_l4_data_len":1194,"flow_min_l4_data_len":1194,"flow_max_l4_data_len":1194,"flow_avg_l4_data_len":1194,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1582454553607,"flow_last_seen":0,"flow_min_l4_payload_len":1186,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":1186,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"luca___s_imac._odisk._tcp.local"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454556,"pkt_ts_usec":158287,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABITwkAAEARpUvAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00877{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629595,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD7xiwDYGpkCABFAAGGV\/AAAP8RvtHAqAIB4AAA+xTpFOkBcvWXAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
00911{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629655,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyac0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADgoAEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
00877{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454559,"pkt_ts_usec":629722,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD72DBiVgAcCABFAAGGSisAAP8RA2mp\/uHY4AAA+xTpFOkBciW4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA4KABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454560698,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1582454560698,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454560,"pkt_ts_usec":698945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AQBeAAABxiwDYGpkCABFAAA0yh8AAAERTO\/AqAIB4AAAARTnFOYAIDCVAoAAAAAAAAAAAAAhAAAAAAAAAAAAAAAA"}
00406{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454560,"pkt_ts_usec":698947,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AQBeAAABxiwDYGpkCABFAAAoSfUAAAERzSXAqAIB4AAAARTnFOYAFHD5AIAAAAAAACHAqAEL"}
00807{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454561,"pkt_ts_usec":777161,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCYAAP8RQn8AAAAA\/\/\/\/\/wBEAEMBNI0lAQEGAHhURwkAIwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1582454552576,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1582454556158,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00807{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454570,"pkt_ts_usec":441338,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCcAAP8RQn4AAAAA\/\/\/\/\/wBEAEMBNI0cAQEGAHhURwkALAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00807{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454579,"pkt_ts_usec":343688,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCgAAP8RQn0AAAAA\/\/\/\/\/wBEAEMBNI0TAQEGAHhURwkANQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454582,"pkt_ts_usec":628608,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaybIAAEARKNDAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00451{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454583,"pkt_ts_usec":649066,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD72DBiVgAcCABFAABJrWMAAP8RoW2p\/uHY4AAA+xTpFOkANUGgAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454583,"pkt_ts_usec":649191,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7xiwDYGpkCABFAABJLHMAAAER6YzAqAIB4AAA+xTpFOkANQrOAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00568{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":624880,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACab\/sAAP8Rz4Wp\/uHY7\/\/\/+ux6B2wAhmGgTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454585,"pkt_ts_usec":625038,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACaYI8AAAERpiDAqAIB7\/\/\/+sjTB2wAhk51TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":170857,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIdggAAEARfkzAqAIBwKgC\/+EV4RUANNgcU3BvdFVkcDDcFXQoLlJiTAABAARIlcIDokHeIIm5eNggVkvVDJHA6KPmCng="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00877{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688849,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD7xiwDYGpkCABFAAGG7IsAAP8RKjbAqAIB4AAA+xTpFOkBchCYAAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA3vABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7GLANgamQ="}
00912{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688899,"pkt_caplen":424,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":424,"pkt_l4_len":370,"pkt":"MzMAAAD7xiwDYGpkht1gBTIBAXIR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QFyhM0AAAAAABEAAQAAAAEIX2FpcnBvcnQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQ1fYXBwbGUtbW9iZGV2wBUADAABCDhmYjIwN2RlBF9zdWIOX2FwcGxlLW1vYmRldjLAFQAMAAEPX2FwcGxlLXBhaXJhYmxlwBUADAABC19nb29nbGVjYXN0wBUADAABBl91c2NhbsAVAAwAAQdfdXNjYW5zwBUADAABB19pcHB1c2LAFQAMAAEIX3NjYW5uZXLAFQAMAAEEX2lwcMAVAAwAAQVfaXBwc8AVAAwAAQhfcHJpbnRlcsAVAAwAAQ9fcGRsLWRhdGFzdHJlYW3AFQAMAAEEX3B0cMAVAAwAAQRfcmZiwBUADAABBl9hZGlza8AVAAwAAcAlAAwAAQAADe8AEA1MdWNh4oCZcyBpTWFjwCUAACkFoAAAEZQAEgAEAA4AAMQsAwZJ\/sYsA2BqZA=="}
00878{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454586,"pkt_ts_usec":688975,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"AQBeAAD72DBiVgAcCABFAAGGs4UAAP8Rmg6p\/uHY4AAA+xTpFOkBckC4AAAAAAARAAEAAAABCF9haXJwb3J0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAENX2FwcGxlLW1vYmRldsAVAAwAAQg4ZmIyMDdkZQRfc3ViDl9hcHBsZS1tb2JkZXYywBUADAABD19hcHBsZS1wYWlyYWJsZcAVAAwAAQtfZ29vZ2xlY2FzdMAVAAwAAQZfdXNjYW7AFQAMAAEHX3VzY2Fuc8AVAAwAAQdfaXBwdXNiwBUADAABCF9zY2FubmVywBUADAABBF9pcHDAFQAMAAEFX2lwcHPAFQAMAAEIX3ByaW50ZXLAFQAMAAEPX3BkbC1kYXRhc3RyZWFtwBUADAABBF9wdHDAFQAMAAEEX3JmYsAVAAwAAQZfYWRpc2vAFQAMAAHAJQAMAAEAAA3vABANTHVjYeKAmXMgaU1hY8AlAAApBaAAABGUABIABAAOAADELAMGSf7YMGJWABw="}
00807{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454588,"pkt_ts_usec":306266,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIeCkAAP8RQnwAAAAA\/\/\/\/\/wBEAEMBNI0KAQEGAHhURwkAPgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_tot_l4_data_len":518,"flow_min_l4_data_len":518,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1582454585625,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":51411,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1582454582628,"flow_last_seen":0,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1582454585624,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"239.255.255.250","src_port":60538,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1582454586170,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":553053,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"xGGLNYKp2DBiVgAciI4CAwBfAgCKABAAAAAAAAAAAG++A2+4rA8X2gYxFbqZeXiyOn90e79J6gG73FMwvQ8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"iphone.pcap","alias":"nDPId-test","type":34958}
00479{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":558516,"pkt_caplen":135,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":135,"pkt_l4_len":0,"pkt":"2DBiVgAcxGGLNYKpiI4CAwB1AgEKABAAAAAAAAAAAOWT02eyYZMJTCbPZYTVE1RlWpVpVaVS1ktYpT2U96wiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdssiNbmCpdH7SIBd9jgSABYwFAEAAA+sBAEAAA+sBAEAAA+sAgwA"}
@@ -59,99 +59,99 @@
00451{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454593,"pkt_ts_usec":564157,"pkt_caplen":113,"pkt_type":34958,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":113,"pkt_l4_len":0,"pkt":"2DBiVgAcxGGLNYKpiI4CAwBfAgMKABAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBqniUXzeQOJOsxzjRJJCEAAA="}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":28,"source":"iphone.pcap","alias":"nDPId-test","type":34958}
00807{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":343591,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/xGGLNYKpCABFAAFIJUkAAP8RlVwAAAAA\/\/\/\/\/wBEAEMBNFcnAQEGALeWutEAAAAAAAAAAAAAAAAAAAAAAAAAAMRhizWCqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwcBeQMGD3f8OQIF3D0HAcRhizWCqTMEAHanAAwMTHVjYXMtaVBob25l\/wAAAAAAAAAAAAAAAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00798{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":352217,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXQAAP8RB87AqAIBwKgCEQBDAEQBNJWvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQECNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1582454595352,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354441,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzP\/mKKcxGGLNYKpht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/mKKchwBApQAAAAD+gAAAAAAAAAgjPxeCmKKcDgEq29a5HEA="}
-00471{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":354550,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"pkt":"MzMAAAACxGGLNYKpht1gCzl3AAg6\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAChQAQyAAAAAA="}
-00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454595,"pkt_ts_usec":839359,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
-00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1582454595839,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00519{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":364760,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
-00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1582454596364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00807{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":366527,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/xGGLNYKpCABFAAFIJUoAAP8RlVsAAAAA\/\/\/\/\/wBEAEMBNGQTAQEGALeWutEAAQAAAAAAAAAAAAAAAAAAAAAAAMRhizWCqQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAcRhizWCqTIEwKgCETYEwKgCAQwMTHVjYXMtaVBob25l\/wAAAAAAAAAA"}
00798{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":370709,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xGGLNYKpxiwDYGpkCABFAAFILXUAAP8RB83AqAIBwKgCEQBDAEQBNJKvAgEGALeWutEAAAAAAAAAAMCoAhHAqAIBAAAAAMRhizWCqQAAAAAAAAAAAABMdWNhcy1pTWFjLmxvY2FsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqAIBMwQAAU4gAQT\/\/\/8AAwTAqAIBBgTAqAIB\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00514{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454596,"pkt_ts_usec":847254,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
00519{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454597,"pkt_ts_usec":360810,"pkt_caplen":130,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":130,"pkt_l4_len":68,"pkt":"MzMAAAAWxGGLNYKpht1gAAAAAEwAAf6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAIFJAAAAAwQAAAD\/AgAAAAAAAAAAAAAAAAD7BAAAAP8CAAAAAAAAAAAAAv8d2dAEAAAA\/wIAAAAAAAAAAAAB\/5iinA=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":204952,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xiwDYGpkxGGLNYKpCABFAABMpW8AAP8RkM7AqAIRwKgCAfeVADUAOH2lldMBAAABAAAAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQAB"}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1582454598204,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":205008,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"xiwDYGpkxGGLNYKpCABFAABGS9oAAP8R6mnAqAIRwKgCAfanADUAMj\/EHhQBAAABAAAAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQAB"}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1582454598205,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":209581,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"xiwDYGpkxGGLNYKpCABFAABFIREAAP8RFTTAqAIRwKgCAfGmADUAMT0yjvEBAAABAAAAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAE="}
-00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1582454598209,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":212900,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"xiwDYGpkxGGLNYKpCABFAABEPtIAAP8R93PAqAIRwKgCAdpqADUAMKdbJH8BAAABAAAAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAQ=="}
-00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1582454598212,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":246275,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"xiwDYGpkxGGLNYKpCABFAAA\/VFIAAP8R4fjAqAIRwKgCAcc\/ADUAK6bSYEMBAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAE="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1582454598246,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00674{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247243,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"xGGLNYKpxiwDYGpkCABFAADuMPYAAEARw6bAqAIBwKgCEQA19qcA2lqQHhSBgAABAAkAAAAADXAyNi1mbWZtb2JpbGUGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAcCWZtZm1vYmlsZQJmZQlhcHBsZS1kbnMDbmV0AMA2AAEAAQAAAA8ABBH4uYzANgABAAEAAAAPAAQR+IMIwDYAAQABAAAADwAEEfiDysA2AAEAAQAAAA8ABBH4g8vANgABAAEAAAAPAAQR+LmkwDYAAQABAAAADwAEEfi5Z8A2AAEAAQAAAA8ABBH4g7LANgABAAEAAAAPAAQR+Lkw"}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_tot_l4_data_len":268,"flow_min_l4_data_len":50,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":54,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-fmfmobile.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.140"}}
00690{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":247382,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"xGGLNYKpxiwDYGpkCABFAAD6F4oAAEAR3QbAqAIBwKgCEQA195UA5qzeldOBgAABAAkAAAAAE3AyNi1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAiD2tleXZhbHVlc2VydmljZQJmZQlhcHBsZS1kbnMDbmV0AMA8AAEAAQAAADUABBH4uVfAPAABAAEAAAA1AAQR+LkmwDwAAQABAAAANQAEEfi5J8A8AAEAAQAAADUABBH4uQrAPAABAAEAAAA1AAQR+IOrwDwAAQABAAAANQAEEfi5Z8A8AAEAAQAAADUABBH4uYTAPAABAAEAAAA1AAQR+LmN"}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":56,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p26-keyvalueservice.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.185.87"}}
00642{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":248721,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"xGGLNYKpxiwDYGpkCABFAADVXGwAAEARmEnAqAIBwKgCEQA18aYAwXDXjvGBgAABAAQAAAAACmdzcGUzNS1zc2wCbHMFYXBwbGUDY29tAAABAAHADAAFAAEAAAtxACQKZ3NwZTM1LXNzbAhscy1hcHBsZQNjb20GYWthZG5zA25ldADANQAFAAEAAAFNACIKZ3NwZTM1LXNzbAJscwVhcHBsZQNjb20HZWRnZWtlecBUwGUABQABAAARlgAWBWU2OTg3AmU5CmFrYW1haWVkZ2XAVMCTAAEAAQAAAA8ABF9lGTU="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_tot_l4_data_len":242,"flow_min_l4_data_len":49,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gspe35-ssl.ls.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.25.53"}}
00535{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252214,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xGGLNYKpxiwDYGpkCABFAACEYIUAAEARlIHAqAIBwKgCEQA12moAcAk\/JH+BgAABAAIAAAAACWdzcDg1LXNzbAJscwVhcHBsZQNjb20AAAEAAcAMAAUAAQAADY0AJAlnc3A4NS1zc2wJbHMyLWFwcGxlA2NvbQZha2FkbnMDbmV0AMA0AAEAAQAAAD8ABBGCAi4="}
-00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":48,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454598252,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":57,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsp85-ssl.ls.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.130.2.46"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1582454598252,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":252419,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrHrAqAIREfi5jMWPAbsN6rbUAAAAALDC\/\/8jQQAAAgQFtAEDAwcBAQgKEd\/m0wAAAAAEAgAA"}
00635{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":287759,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyCcAAEARLJTAqAIBwKgCEQA1xz8Au1lGYEOBgAABAAUAAAAAB2NhcHRpdmUFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACoMY2FwdGl2ZS1jaWRyDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADALwAFAAEAAAC8AA4LY2FwdGl2ZS1jZG7APMBlAAUAAQAAAOYAFAdjYXB0aXZlAWcHYWFwbGltZ8AawH8AAQABAAAAEQAEEf1pysB\/AAEAAQAAABEABBH9Nco="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373077,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8dgsAAP8RwELAqAIRwKgCAdihADUAKKMQFxsBAAABAAAAAAAABG1lc3UFYXBwbGUDY29tAAABAAE="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00481{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373420,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABemlUAAP8RfYTAqAIR4AAA+xTpFOkASu+LAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_tot_l4_data_len":74,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1582454598373,"flow_last_seen":0,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00514{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":373553,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKFMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454598377,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1582454598377,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":377826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/2TAqAIRX2UZNcWQAbugppinAAAAALDC\/\/8BIgAAAgQFtAEDAwcBAQgKEd\/nTAAAAAAEAgAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454598385,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1582454598385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":385187,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZE\/AqAIREYICLsWRAbsZOusXAAAAALDC\/\/+bAAAAAgQFtAEDAwcBAQgKEd\/nUwAAAAAEAgAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454598387,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1582454598387,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":387073,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysAAAFAslesxAAAAALDC\/\/8mdwAAAgQFtAEDAwYBAQgKEd\/nTQAAAAAEAgAA"}
00436{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":402840,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+34R+LmMwKgCEQG7xY+mDHMKDeq21aBScSAX2QAAAgQFrAEBCAr26Z7FEd\/m0wEDAwU="}
00423{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":404960,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rbVpgxzC4AQBAuwVwAAAQEIChHf52v26Z7F"}
01123{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":405072,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqn\/AqAIREfi5jMWPAbsN6rbVpgxzC4AYBAuh0wAAAQEIChHf52v26Z7FFgMBAgABAAH8AwN8\/m8PXyQO32u1iV6RcZDnMbTrrPixNIjOuJcPKyu2YCAqbhRZg6XgGUsXaOUau6tuuVwQheEDrsOtyWvnbE4KuAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAAB0AGwAAGHAyNi1mbWZtb2JpbGUuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAqltozl1XctQvleGh0N7IIp3TCS7HFVxwjJhj0\/2bbZgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1582454598252,"flow_last_seen":1582454598405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00436{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGSmlfZRk1wKgCEQG7xZCMPaCSoKaYqKBScSBNPAAAAgQFrAQCCAoi0AShEd\/nTAEDAwc="}
00627{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":412843,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"xGGLNYKpxiwDYGpkCABFAADIRW8AAEARr1PAqAIBwKgCEQA12KEAtAJjFxuBgAABAAUAAAAABG1lc3UFYXBwbGUDY29tAAABAAHADAAFAAEAAAfrAB8IbWVzdS1jZG4FYXBwbGUDY29tBmFrYWRucwNuZXQAwCwABQABAAAMoAAYCG1lc3UtY2RuDG9yaWdpbi1hcHBsZcA7wFcABQABAAAARAARBG1lc3UBZwdhYXBsaW1nwBfAewABAAEAAAAPAAQR\/WnKwHsAAQABAAAADwAEEf01yw=="}
-00657{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":40,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
+00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"mesu.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.253.105.202"}}
00424{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":413932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppiojD2gk4AQBAvpMwAAAQEIChHf524i0ASh"}
01122{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":414051,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/WnAqAIRX2UZNcWQAbugppiojD2gk4AYBAtyOwAAAQEIChHf524i0AShFgMBAgABAAH8AwMW\/vdiXnKGt2kAM475LRdq4DAZD5IWJivMSs32aPZe4CBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABwAGgAAF2dzcGUzNS1zc2wubHMuYXBwbGUuY29tABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBRvQycnSvLFzO5Ac0Wc91U3eqgFfR5Utrll4x2uEjNDgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454598416,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1582454598377,"flow_last_seen":1582454598414,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1582454598416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":416547,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWSAbt\/OqmMAAAAALDC\/\/8OTwAAAgQFtAEDAwcBAQgKEd\/ndwAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454598418,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1582454598418,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":418108,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG\/DfAqAIREf1pysWTAbsyJO8VAAAAALDC\/\/8V2QAAAgQFtAEDAwcBAQgKEd\/neQAAAAAEAgAA"}
00437{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":426588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQBQwACbtSzNLJXrMqBScNC85AAAAgQFrAQCCAodNCSFEd\/nTQEDAwg="}
00436{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":427688,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGslMRggIuwKgCEQG7xZHfrwWiGTrrGKBSqbCWRAAAAgQFrAQCCAq1T9HeEd\/nUwEDAw4="}
00423{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":447691,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0RA0AADUGBmRfZRk1wKgCEQG7xZCMPaCToKaarYAQAOvqKgAAAQEICiLQBMUR3+du"}
02380{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449324,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA4AADUGAMFfZRk1wKgCEQG7xZCMPaCToKaarYAQAOtcCQAAAQEICiLQBMYR3+duFgMDAHoCAAB2AwP7MB3Ylhf8Bjmes916ZWnzOGPYuszhpJ41UUFXi+SNbSBY4JYmlM1Z2ggjvPRVVGQ6cbm25wGpqmGifvQqpkiZFRMCAAAuACsAAgMEADMAJAAdACBmEKt79HIbQLnUjzrNZkYuOEjGdzFKsqw1qRXq4w9bFBQDAwABARcDAwA0ljir8wnOluy8B0zgMbdPObep5nnR7HaAJhstM6+gk2+lrnuD5wrdL8n5GVkdE18ZdpoV9hcDAxLgzvI5agAXt0\/jf07ibdmTKUEeRmMhrEM1GtVlxUupp9cg9SbslBYtKJaa0wT3Q7n3fJj6nRL0n33B44erSqtcAXxWyOSCmmVYqy7bcy9\/ZqcknAf7xOgb2MpPmfOh\/GkVJb\/y9davzmzWFOOdqPyRwMptmxIFSQTNQJlvfRrR72IT5\/HjFhACqUfKOqhuk7Xafo8vBqvrNGahTRTY6c+tI4UTsHFA0vUJvIno+IiQITsXfCnYml4Uv2xQjOUAe2Y\/cW1p0X+BuUDOLo1Wic0DHWyEu+tPxQh2275aPBpPvVdJU0CEGYigY4Y75QfgTlTS0AgYeIasNOwAAO3aswMWtsjrhNLDIbDODYmB1g74zQdD0dftVwJESceAPTQs3Nzd1bgtAwffH7lbOJS\/9KuTO\/0eD22ACK9E0p+39c\/71hVVdICNFReLsV0EM\/HtTV7fwi7XO8AT8H1+e537aWNU7Sljch+JEYCU7XZywmVVHo5qEkXLNc8kvJgxy2blQNJx\/1W1wF7XOpLA4sRVwo5F8jS3Who2VT1tU81QZB7TKQuceQNYlj37gGFlBq1Ihd39RKVQTnYV\/H5Y6wvXLS575JZcHskDBxEJXSYG5QinMRLvvMWO4ibsWryM0f4k8hdtRN6OEisLdLATXj4wSWMVZbsE\/AeaQREXbQQJqQR56YQkcOaBQd1g6i9HZntHr7NNmNdVgudO7Jr5RQ7A4fpA7FarhYETRj4Qs7YqleA55SLFpMO03lOS0J+LuQCzHqPQpcL1vgeAx0KZWohWUy8RyEaLjWeYdY1\/bpOekS3ec984hbODzwNEF9j2PDdf1n+UJyM71VjXFGvIg\/LE5GX9oaJnMAdkZRMgDyhOKmkDNUyiS6bGeXHTny43umPpljzopULeUHJZJXJX\/RGHZOs1pyYcTwgkmWQaN5HxpWqlOuFGDq9VPRRmMYp5Hge\/dou\/6j7hMO84QWfe5wfSGi73Qo9t8cN1gWEbVNG\/fdgqlh6Unzg3B3bDoh+UHhAJQ2ahOXeFS5Xzm5cYASgS1IUOO4wbkFx3at6f48iCDuiWP\/eCXYpjaWKv5kqvKEILikRgUJst589WqfVdS6w\/0hb+9r\/oHxMPex4TSB\/TVchrK2AF\/cS9BZeYPyi5X\/4NF2MXQEKhFtereXVK+4NboxTot3bhQRZd566HxD4vqcHF1fnW4aJKd3jesYhsVMy2SCue+Y5KfRbFFY1k7KeoPUk4IuoWQGIrStG\/lkKor8HmycS\/EBVwVrmZt6Kgq2qdQwVJ9hNmKfhYq2nm734cURIhInk7p4vSYE+9Ksxh7CNMfEXEOx2ejHoWZL0waR1p4OYum+5J6hauPKdjyxJ8hu0cfb8jZm65wenrTUkHsp2iZoDhU+GVXDsHRe3EkmtCmtH0g60El1+jF3SekK\/rE702e4FfvcbNiJkwF9cwP2jaq2wnO\/LmW96JyGE2rpz+L6diJGgkeP81BLya0a9IZ4Z5hQfNZvtj6aE4YAUmvP+Px4mMhNCmF0s4XabUIaUI+8A\/1kEO3givAjhFbj3a\/Zc0mfbdQnlREOG2b45q7n67EmIvPh1TiGPx4rU9J4CS+qcLsJJAQWU1hLc+0dKW8m6T9Z6KdN4CLv7BM8hNVxz0C7T9e1k+mm41yvjp617Y"}
-00824{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00835{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":78,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1582454598377,"flow_last_seen":1582454598449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"gspe35-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02377{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449374,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXURA8AADUGAMBfZRk1wKgCEQG7xZCMPaYzoKaarYAQAOu5FAAAAQEICiLQBMYR3+duyZGX8jvKHfYO4irLOTOuIwVrfsn8cq7ShQ+rERgUhgqi6YmNFlT1tEHLKZr\/xBPk5ivvhQoEjta\/5ln7FGkX0G1hifL2iGMdqH4zeXMd66Gn5w3vrK84Hp36TjUG0PG5j1PqDUpE+nKsrrdiXXTY4Lu6jAtZcIGsD9zvRTsEnWLiyUZO1nDafPfwjNHs7l3dq\/tmFUmfedrLOjVPeE91NaK+EzLweJsfU2IYoeXWWYlvTIFWI8H8Jh+ABLwLzElfiLKr6HoJf26rjCeNVmDi60RMCQCAILyxEAxSRAzecVI9X0wh+0CbyTM0Y0tWBPHM97lKnVLGAY5RjNihQ1S\/S\/+cDoikjNb1EPO59tDCzwRpuxbG8jMuwx2+u4Cdr3i2K6sKwnbJYKqFopcpbPhqvJ3+kHvBTN3a11hQBNCDKj50MJNqciDB0XJt\/yGGeuQAoUjNjYCWgf02z+8ZiJYMi7WbjsP+lo3c0jFHLu3nijBPEocqsCzjg\/8psGV1DZFikyR\/JIh0WiDtkHaPpJstEo7Hl0POAnv0wQDpEoBq+d794F7yW6Hpa3fJ\/kXSMGF5xEsKCqj+tU7esDEN47XEv01WaHmexrR1smom9ctPkTzfbOJbXvZO8ZMYSyEebTvL3mg2\/GzDH4PWS21b5YmHXR2CFfrxSJ6aLzZBRR+jV38LPa1gaNaYDfIBEW4FF4BKS4jycvYyZVPdcaNYSJ8n6ljDUvxY7vDslKir7QfcoG9PCX1Hg4NeXr4kXy2H0lqqt7bTy4LTs6Xb\/SRNHcNQhxvkanyNZWy35O\/bGFco7+K4vsa8jMMZQQypTm9Z5OlQZpPKpBJQMsK\/jklORBG\/vsxrDEimgNk00N6kJ8Jus9MTg1ybR8q+oPkdFk7J\/VqsoCzIT3NdF0ZNqbwoJwSoxFV71EMS53AlpUVslzou8u\/KPAL8\/UDMNxPu6hKu2ahKbLO2sx0v38++eqTI\/eG2KXiUzOqq7E+DLRawF9Kg+0UIMmvF2Zw+xibMbh0xT5ju9GeeFHKUI04y8JDULZXfhU1aA9JQHhxedp8UHVs9Z3ERqhDe6HcFXSn09LjTmicIbxVR9P0IYXU\/N41sUhFDWeCF6tlkKHIdIZSfhRdlvqY2Elvt7hBRL6rlZr4CW9LUytEf8CTZkAwuTUiyYwvZ6tDzwS2+7mv+S0zCYhvbpPgrlTE8f\/8lpgLMEGY5dTD2TCGAkXbRJj3Uc5cu5l\/IJvomHJS+feST9fBjUJCFiz8e6s5HVLmq8FlkyHWuz5xt0mVHXfkX8k6PYQRAzxgfrFxSpRCUi4CHL6k5jx0Tn1JpzNVu2arVC7NCB5CZSLqvCWZ9L83uwTdkXfuuW6Lu6Ji8UQSDQNrKgq538gQnBVbcs46CzmvzuPpjWjXvnrzn0U95nZ+4P6GuTE8qv2jIVSeRG8x7i8\/tl8WuEBYDg8iCApyrnYHv3qfp2iXaBAdk1yen\/z5f9QVm0\/zgqYLWSjsaPg3HqTWk\/bqAVfos8J2lmflut1X4h\/XbAzFwWu4Z39laa9jJvPbH6Z86rnkWEVIfnSDJ99wIv7teVIuhBjRYWBjYHU7BowK5DmcOsw5vttcV7nbRFj1yKK1SAhG1v0wwk\/ZRSgrQz6rAYg2qfhFce1WyPy9ebxR9HZIYx+E+PuV32eQ5UUgDn6PkJWd6i+Wxtngi31RNqpYYfy10xvvBSUuHLq0i6lso1bctbo7nuLzsyOU2NQv5nMTJWYba5BtK3zg1ZWLpTjytpP3W7SsJUZ8zzE4f2rkalNVFjyNZnFonNBNM5oIZbbH9ROxSO6jjTh3j9b48atfzrw+zKL2zmeHhJkxYqgJsedvdgnRVFp5ll5IRC65Iju62h6b8tftHw1Yc6W\/D+ADnIWVKPbT2bJtq5Nql1EmIa8FZ2FKK"}
02082{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":449499,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0RBAAADUGAZ9fZRk1wKgCEQG7xZCMPavToKaarYAYAOvuyQAAAQEICiLQBMYR3+du8Ig3\/fi96m2oAg+EtKElv0O00btkWjeqsgPZBgpVAbZzZI4d88yrnp6ivOCjb6OwMlntww1S14MJHoHwBgJXO2kcXeXRxYDs1g7o1p8uFAtyv2kZaQLFpMctATNWlCpQUlcKXPear5j9IzTHIA3yKy6p\/rdeokyGi\/Ul\/2a1cgg8BCEBOROS\/4xWvQpOCMf+RwLbyPYLlKcLddBDeNyGs\/PVaXJwch0+uYo5ERDqUdtWQ+BzAqrNok3mL\/KEezSa6ktIRR\/80db4rpwUHuuDKMUynNwB9qj5YK7wddEFxSkPwwuN8U0oFOAtQso01MKse2nTGbQCyb73BcbinudCzXWyg4\/a5s0g47MEVtzQysl7tKTFyhwxK7YfF3us6\/4HG80Kpo2O7XT89nlFN44JX+e1JPSfBV1g28xXZfRg1kGd8SoAtVNNc+W09w2WkHo99IEMdFGMjKEkMAUqplMzqnGRazIyE+NPBbLzi4KJGE6qcex42SMidV2T3S8KoKHk8g6uXodbon7P0nQd2mTY8rQFDbd+hlio9S3OeREvo0AAiFnFO5oVb7wt8H8r7biJHyEXuy7Iqb7bIB8bcpjh64QoxWzFye0FxVRBWbxoGMU4KHM+Y+gzAdvUS4kG6ZLR4ELw0+0+FFTP6mvLsMFsoU8eAJnSho0U5Fo7dSBthcSMbnQeleUmRenyh7zMFGZ8QC\/vB0z0L0lQJkAVgqoHTYn0Sssc\/l9oiYt9KartvN6UHyRu5q3INRKqxGgfbg+OMcS1WfqZS3ItQPRdeqy8uwmsHpkKrjBNDGczIUHE+\/oVjGGraXbIA4u3HXkYORj027AtKElOwM6sVBtg2UfthWXzAa6SEI7xYP\/F4RElFK1\/I7KUL+FrxWrBLyTcm9H7gOiACqrDoW7or9Z9jJf35i+U06ndO\/tRO9o124h9ChCm9S5Z+a5af7hWtK\/PMfPAawRoNl1t3ANlvISjcpvdF\/\/XmvqAnx9J8GmSM\/gPHvKQ0FKONCfhxbGOtlfVQ3Rwx7fhiZsjCqiXbCrWTs30\/o8R5saBw7URp2JMAfU7L2lNqvw5+uFpxwEky4yT\/FEy3pjvTumtn2G12rNlVGu0lars5oefezExu8xjKVE4LG7rs0Ov8PY6jHKcxhB7ZRupf4p0C+H0o5cgIZ3kLbxovsYNVBdltRsw55MgiFEGKNWVB666Gz1AoDMxiMSLbd7g0nQ3uVahJ6iXv0F89vAxb+o4\/Di3IKHYQD0c9+PvH562d1rtO0QkuorIvKP+5JBlK69rHoVsKqOwn2DJt\/ZvkyJkTK4U0UhnYh++DKOcewijrt3YZgmd8PK0Ddogb9y3urTzjkUm5k+6qCT+V5JPICJYvE2ogjUfGACoIXaU5xv7wqfrbquqQZEgLP13WENyMjZv7xQtgKuEo22+FufdmxHVfdyWj0NNxNBf6GQZDLmu9YeUKNXHz6aVG+jLgv1\/U5zbIRb6JaQbbHLh7Sr18HawMXNn3BiUjhUAYgMkJuBwFiK3ehD22oEcp\/DfD\/Sn0wL4houeSNuZvPuN3\/IGfQ8p5kU+hv5GridH4tSrq6mjfw\/uutdjPnb1UqCZfHp3P9M20fcnYNVXax7zLXYpyQ=="}
02176{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":450581,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAgU\/RBEAADUGAVNfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpVAAAAQEICiLQBMgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
00437{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":453979,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZNpWNRgMiTvFqBScNC35wAAAgQFrAQCCAoAH8DDEd\/neQEDAwg="}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":459069,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADIGSjwR\/WnKwKgCEQG7xZLy+qnpfzqpjaBScNDegAAAAgQFrAQCCAqK\/qiVEd\/ndwEDAwg="}
02177{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":530624,"pkt_caplen":1357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1357,"pkt_l4_len":1323,"pkt":"xGGLNYKpxiwDYGpkCABFAAU\/RBIAADUGAVRfZRk1wKgCEQG7xZCMPbCToKaarYAYAOtpBAAAAQEICiLQBRgR3+dugmt7KJxMVZWwF945F0lKmEycQpJpUY6bqgQAK0nf+pJkj8E4rQ2x0y69LVDPgTpM9+czdnZBqCtr0boqaxCnCou3ABaxHRDO3QOoQ9srWmvjnio9WOJc0RyydygK0sfNQgeRBBD5TX7AJOFWbWBNBRFb\/rgvGpac1+gfT+sF0qDvHzBTh4qZfWt70wb6kUq+TuTjHNkv2NPrW10foiOkq104Veip5IYLlvX6jJJoW9m7yGqg+HmD84C3eofwA7\/j423hl8zwElvTVgCT8CYQ9GHIJ6J23Mo9iJ0yPb+KmOQ17V1w2iJlgD1hnIzDTR\/9eawqPpUDrAlegXvQ7qyX1QVZ0ccuJgRCoivbXN4sI3nUqLJeAJlVwD33DOkrlN4LKKcGtzjjRKBD9PqOUhK+vucR4AlMcOloNDD8whM3\/7Uvh0Rw\/x\/wQIKA8O8PaubbivYz9ZuQee\/1+N4tl+B24UCFHS97462jIlvL4MMyLJoBmX4bqcsl7JuhnshEZqYRhAxv3E3hImAPiqBb9KTUUIYfSLduJhEkb5B7TROUVUIJnXtE2AEoTa6t9+vi6q2w35Hp2F4oXNQyt+Pg9WmS128At3EEV+7udejZeogSutH84l3\/gU3DHjXQngDFihTAe5lPhecROgnyt5VwMd7O6YmRVfsOj42H\/ZH++1lodHkSGZ\/Ns0idkEjNVeIUJXHatyAGizQCJLChFLJtUpsgx+LqaYSFyasVirotsfxW8fPr8gz6AO6X1xrOIthBzZivHw\/5Sg+6fuYKlg5RzNqe79T9dBIWg+AaXnnTPYtthEfqmlkcYaXftLR08355QpmDcgA5h0VZX1y0\/0z54asjoqxdopyEaM5UU23F2h+Pp8DMPXbIncESNtJCRk3GceU0qa0huwcUA9dR1QqzBt2TL3riXhYuTtVvmRtEon6U807KGkbxbuHtHlhdW3cSI+tTfBz7I+hXABTeTJVO4g8mv1BAmUM6vyDDncjK3Xj8YBPPycJiFQ1cUJ7jLRuEqp\/0kGCIEiBEfdqhMqk5Rlld4JEvLX6jgjxrqCuMUDOlsUA6yL662ZF4Vpvo6uo464ZQOZz7XsmdWiOw+RaFw7qhWQ1reG2Q2j7DyEkGPSbe6onvVnDamhq5+jAVXV0a8G7cckRdj8uMRmwc8l\/ydunQOPjhiJf7Il6ktccZOhkjPvbcy8VHUrWFXxpPjD60h8WX7lXO3L\/D0Tz9LtjWnvUnxEoH+xcDAwEZpPOf8OFnzfkDs2drmUC6EcnKQ3SAKivt4v8R4Q1FPQe4UISNG0FODAwySWon0CwLOpkYx9CT8LZDL7bln38LoKfHARhmHOw13Wi3wHw9AIT\/VGlLKqXWu\/PxlR3mPZEujxY4g\/rVWzWQBMFz66kgYgXI+TuVGbshEvmZSiDhUW6ikCjks8NIoL1xirlrFthKY20YhUaE1n4byzL6AGus2JKRCFoRjPbENPskoqCjsbpRNInibFuyIJ43zFOOhfjsYoE\/IW9NuWAlKBlzZlwr2PizZJB1SK38851iXxDDYjtusoE8VQPuPm8sO706fvdHg7kJ4\/ZNC0bqmVcnsIxJ7YBRIv5znHB7naMauQSrBN5ldew5TnMLuZAXAwMARUhAR5euyYskRoGFBFBTF9Qk097xjzfKwqne\/fGRbtdQ5mNxRFiSfFKQqm5Zaif0061VAnpXWKF26Uos\/8JehejdlVj3gQ=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":542807,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAIN8AAP8RFWvAqAIRwKgCAc50ADUALLvssQ8BAAABAAAAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQAB"}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1582454598542,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":544705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAslesym7UszoAQCBZUCQAAAQEIChHf5+gdNCSF"}
00602{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545135,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"pkt":"xiwDYGpkxGGLNYKpCABFAgC3AABAAEAG+77AqAIREf1pysAAAFAslesym7UszoAYCBZ75QAAAQEIChHf5+kdNCSFR0VUIC9ob3RzcG90LWRldGVjdC5odG1sIEhUVFAvMS4wDQpIb3N0OiBjYXB0aXZlLmFwcGxlLmNvbQ0KQ29ubmVjdGlvbjogY2xvc2UNClVzZXItQWdlbnQ6IENhcHRpdmVOZXR3b3JrU3VwcG9ydC0zOTAuNjAuMSB3aXNwcg0KDQo="}
-00696{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":32,"flow_max_l4_data_len":163,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
+00707{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1582454598387,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Apple","breed":"Safe","category":"ConnectivityCheck"},"http": {"hostname":"captive.apple.com","url":"captive.apple.com\/hotspot-detect.html","code":0,"content_type":"","user_agent":"CaptiveNetworkSupport-390.60.1 wispr"}}
00424{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOusY368Fo4AQBAtqWAAAAQEIChHf5\/C1T9He"}
01123{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545339,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGYlTAqAIREYICLsWRAbsZOusY368Fo4AYBAtvbAAAAQEIChHf5\/C1T9HeFgMBAgABAAH8AwM6mEOdusbq\/ybUNBuomqShrPK58qj3XjuDYY2EHh6A2yDTYkCcwL+VPEDok15qjRZu79\/9di6dUR8br4F4StJmaAA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABsAGQAAFmdzcDg1LXNzbC5scy5hcHBsZS5jb20AFwAAACMAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIN+r0D4xweI5p++PFWedre1z33L6xxisP0vyRpUTwaJfAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1582454598385,"flow_last_seen":1582454598545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2r04AQA\/TbXQAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD2wk4AQA+vWpgAAAQEIChHf5\/Ei0ATG"}
00426{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQA+DRpAAAAQEIChHf5\/Ei0ATI"}
@@ -159,72 +159,72 @@
00426{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":545888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/3DAqAIRX2UZNcWQAbugppqtjD21noAQBADRNAAAAQEIChHf5\/Ei0AUY"}
00425{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546213,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJO8WaVjUYYAQBAtTNAAAAQEIChHf5\/cAH8DD"}
01125{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546273,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWTAbsyJO8WaVjUYYAYBAtPcwAAAQEIChHf5\/cAH8DDFgMBAgABAAH8AwOBTBzeu5w1Vp+4geGIpFJ17FWadQ3l1s5HLAc6L2e5gyD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zswA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIPp0HJk26NqhkuEuWSOpHU2lL9tl\/4KvwEcCcIghS34tAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1582454598418,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00427{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OqmN8vqp6oAQBAt5ywAAAQEIChHf5\/eK\/qiV"}
01126{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":546492,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG+jzAqAIREf1pysWSAbt\/OqmN8vqp6oAYBAvCpQAAAQEIChHf5\/iK\/qiVFgMBAgABAAH8AwOL0zmb\/pU6qAogKIFd\/Y4fHsvdGFAF8ZjXl6m9+L0uvyBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABMAEQAADm1lc3UuYXBwbGUuY29tABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGFNND5R7cze3Z4nraCyXLPxW4F9FRO9m0bNnjdxh\/Y+AC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAzwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00787{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1582454598416,"flow_last_seen":1582454598546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":556458,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0f0MAADEGfEMR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6uuGQAAAQEICvbpn14R3+dr"}
02355{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558094,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0QAADEGdqAR+LmMwKgCEQG7xY+mDHMLDeq42oAQA6v0iwAAAQEICvbpn2AR3+drFgMDAG4CAABqAwM5\/rpwu4XTsZQaX3QVQs01vHFjEUurGLPVnyNHYTxc1SDLsh\/zpULORnljfAzCAx09xii78Mvy2XehUxljdu16MMAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxOPCwATiwATiAAPPjCCDzowgg4ioAMCAQICEAYmxU4Ra06nkoVjMfiS+ZswDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5NDQwMloXDTIxMDEwNzE5NTQwMFowVjEdMBsGA1UEAwwUZm1mbW9iaWxlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQifiE0uVN9JNPaVE\/RwxSRGnMjn5uDQ1GBxydIgahaf+LmEJkXkho7D\/TwA2AuzIlJvLZM8glg+dO7rpqpWLWqOCDMEwggy9MAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCB90GA1UdEQSCB9QwggfQghhwNjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0OC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIUZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwOC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyOS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDUyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTUtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA3MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjktZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNy1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDEzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIxLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjctZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0Mi1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDM3LWZtZm1vYmlsZS5pY2xvdWQuY29tghhw"}
-00857{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00868{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1582454598252,"flow_last_seen":1582454598558,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02350{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":558173,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0UAADEGdp8R+LmMwKgCEQG7xY+mDHirDeq42oAQA6s5ugAAAQEICvbpn2AR3+drNTYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzktZm1mbW9iaWxlLmljbG91ZC5jb22CGHA0NS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQ5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjgtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxMC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAyNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDIwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDk4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNjYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE2LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDQtZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDA5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDMwLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2MC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDQzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAxNC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDAzLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzYtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2NC1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDI4LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMjQtZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDItZm1mbW9iaWxlLmljbG91ZC5jb22CGHAwMS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDYyLWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNDctZm1mbW9iaWxlLmljbG91ZC5jb22CGHAzNS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDY1LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzEtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA2My1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDE5LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwMzMtZm1mbW9iaWxlLmljbG91ZC5jb22CGHA1MS1mbWZtb2JpbGUuaWNsb3VkLmNvbYIYcDU0LWZtZm1vYmlsZS5pY2xvdWQuY29tghhwNTktZm1mbW9iaWxlLmljbG91ZC5jb22CGXAyMDEtZm1mbW9iaWxlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRl"}
00425{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":559758,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgx+S4AQA\/Sh9AAAAQEIChHf6AX26Z9g"}
02369{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568083,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0YAADEGdp4R+LmMwKgCEQG7xY+mDH5LDeq42oAQA6shOQAAAQEICvbpn2oR3+drbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDHv2aknMUATDctH1tf12x8ZPC\/JMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAnEGCisGAQQB1nkCBAIEggJhBIICXQJbAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DnTkQAABAMARzBFAiBpRU8mgJNh7GNdtZlMDRQcbjPi\/4\/\/wZ1ToW0H2gvClQIhAKi+60J30VdgFpxRYKTmdWE8CoK6ZWdTas9ansmYq4tOAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFu7DnTkwAABAMARzBFAiEA2q+VXdLLQ\/joniCshAHmAnmx1V02J8o3bFveRb\/O8MICIBMznQ\/bkaGj37gml43Xzksn81jC6xtX5WXRr+Wrcg+3AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DnTkAAABAMASDBGAiEA8makDlmuV1GM019IeJgi37pxb07QA4fVn0MSstosS+ACIQDSBPmm9pqmEGk6GgJMWDZZO76J5HdvzY9Onihu\/B5Q8wB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbuw508MAAAQDAEgwRgIhAPNzBlh77K6\/TCVzmlBL\/zxWd4Gep8WH6zjqHl\/jrbV2AiEAncwJnBtEoBne9WX9\/03GUFw7xUpAi1lLAYshWh\/OV1gAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW7sOdOUAAAEAwBIMEYCIQCrqKlLf2ZhfAgsqqQ3Uw6M8nHId5iZUoGAJL0wRlDF3AIhANDWapL6dvUwkUd\/IH9zBHKBkUdvawfshpqQD5bP7ZqAMA0GCSqGSIb3DQEBCwUAA4IBAQAUmS79S7V53j1eiL1DYhfB9A2futkpnfFx6fPZxjwGyDSXhRr+NZuwXT+6J+uaNORrzLR0Zcy\/5X0Upu36o7CjABWMTf7aEE4nAq2dnLcRFZsXr3zuCGDT2SOqEA6uyF1nLZtAs9s0YOGP0fsYCTif\/tobr2lLa2wL3YnMmixppdFlMdI74ma1RTXoziDfAWc435upIpKZaEtvjjeGlBCoo+Dg0ZqyuQiWJju1f5jrBl6HL2WkYwZGnSFqGxVmQzMLLqgLd9AdvOGP2E\/WouTxaSHGAPr+2eisbUVvtS7fkprQohy8YHQV9mEkVnFRBXtiep7KPYGCqf8VeZyQl3bRAAREMIIEQDCCAyigAwIBAgIDAjp0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTQwNjE2MTU0MjAyWhcNMjIwNTIwMTU0MjAyWjBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk6EdR0MgFrILa+vD1bTox5jN"}
02375{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":568201,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUf0cAADEGdp0R+LmMwKgCEQG7xY+mDIPrDeq42oAQA6uEUQAAAQEICvbpn2oR3+dr896\/6E3p4zaAB\/xFG2p8RYauVtOkCX9hDWtdflJrfbTIOcT0Zzr3g84Zb4YvfkV+RxxnUsqVBV3iNlGFwNRngDVvFd0+\/R3S\/Y80UNjsdiq+49Pa5P3I6ygClhGXF2Ec6cRZO0LcMtEJHdqm0UOG\/16yvIzPZtsBiwKulEjzOI\/96jKoCOyGl1GUJD5JSZZT6HmhQIHpBbuTlVH84\/18EUv3ngizFUkVB\/nRN6CbSzL2tcTcatH8Cu324MUpoKiLcf4Nkrz+VHAYCm3H7Qz7yS0Gw4yF\/MuGXNY2jhKLCX\/7GRo41fCUMHoPpozzAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU2HqURHyQcJAWnt0XnAFEA4bWKikwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQAWR3NvhaJi4ecqdruJlUIml7xKrKxwUzo\/MYM9PByrmuKxXRx2GqA8DHJXvtOeUODImdZY1wLqzg0pVHzN9cLGkClVo28UqAtCDTqYbQZ4nvBqox0CCqIopI3CgUY+bWfa3j\/+hQ5CKhLetbf7uBunlux3n+zUU5V6\/wf08goUwFFSsdaOUAsamVy8C8m97e34XsFW201+I6QRoSzUGwWa5BtS9nw4mQVLunKNQolgBGYq9P1o12v3mUEo1mwkq+YlUy7Igpnioo8jvjCDsSeL+mh\/AUnoxphrEC6YXorXykuxx8lYmtA225aV7LaB5PLNbxt5h0wQPInkTfpU3KqmFgMDBbIWAAWuAQAFqjCCBaYKAQCgggWfMIIFmwYJKwYBBQUHMAEBBIIFjDCCBYgwgaKiFgQU36Vol+mDVpj5IVylIMwrxtbU3WsYDzIwMjAwMjIzMDExMzQ0WjB3MHUwSTAJBgUrDgMCGgUABBQmhIezjFAVKZfb1NF+N\/8\/LvMVaAQU2HqURHyQcJAWnt0XnAFEA4bWKikCEAYmxU4Ra06nkoVjMfiS+ZuAABgPMjAyMDAyMjMwMTEzNDRaoBEYDzIwMjAwMjIzMTMxMzQ0WqECMAAwDQYJKoZIhvcNAQELBQADggEBAEMltyv8tJx1ZKkVnPUUGZ\/WakD0JOnod6z0CRlhCDJ3gNh+\/qto75ZiBjaJ0sPZoz6BU\/5GqH0pC7qPeA\/fdumSTm8EhT2sG0SUhbN7cb6V44taKboVd2+JpReQ0eT1DSfmpBvz1p8QQgtWA6EfczJP2Lvy9IdtuoULUv6N6AemjldwxgvuWGAFh\/RfHprWNldlKwycyFusGiqrVRTN9usJwJUuY4oLfbiA6ZKY4OqMu05H3m+bxXmidSOUT++QTRzjuAmANZ1No41dFUDe6cC+I53sxkhBH+4C1FX5OUM7QjDs2UPXG9fAfvJ8apLhqemh2FnOwztowCDz0M+amqqgggPLMIIDxzCCA8MwggKroAMCAQICEAyx1Y\/5QDlfRW3T86FXBVwwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJ"}
-03030{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_tot_l4_data_len":6617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
+03041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":10,"flow_first_seen":1582454598252,"flow_last_seen":1582454598568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-fmfmobile.icloud.com","server_names":"p67-fmfmobile.icloud.com,p48-fmfmobile.icloud.com,p53-fmfmobile.icloud.com,p34-fmfmobile.icloud.com,p72-fmfmobile.icloud.com,fmfmobile.icloud.com,p08-fmfmobile.icloud.com,p12-fmfmobile.icloud.com,p02-fmfmobile.icloud.com,p29-fmfmobile.icloud.com,p52-fmfmobile.icloud.com,p26-fmfmobile.icloud.com,p06-fmfmobile.icloud.com,p97-fmfmobile.icloud.com,p41-fmfmobile.icloud.com,p40-fmfmobile.icloud.com,p18-fmfmobile.icloud.com,p55-fmfmobile.icloud.com,p70-fmfmobile.icloud.com,p32-fmfmobile.icloud.com,p69-fmfmobile.icloud.com,p17-fmfmobile.icloud.com,p13-fmfmobile.icloud.com,p38-fmfmobile.icloud.com,p11-fmfmobile.icloud.com,p21-fmfmobile.icloud.com,p27-fmfmobile.icloud.com,p42-fmfmobile.icloud.com,p37-fmfmobile.icloud.com,p56-fmfmobile.icloud.com,p50-fmfmobile.icloud.com,p58-fmfmobile.icloud.com,p39-fmfmobile.icloud.com,p45-fmfmobile.icloud.com,p49-fmfmobile.icloud.com,p68-fmfmobile.icloud.com,p10-fmfmobile.icloud.com,p22-fmfmobile.icloud.com,p07-fmfmobile.icloud.com,p25-fmfmobile.icloud.com,p20-fmfmobile.icloud.com,p71-fmfmobile.icloud.com,p05-fmfmobile.icloud.com,p98-fmfmobile.icloud.com,p66-fmfmobile.icloud.com,p15-fmfmobile.icloud.com,p16-fmfmobile.icloud.com,p44-fmfmobile.icloud.com,p04-fmfmobile.icloud.com,p09-fmfmobile.icloud.com,p23-fmfmobile.icloud.com,p61-fmfmobile.icloud.com,p30-fmfmobile.icloud.com,p46-fmfmobile.icloud.com,p60-fmfmobile.icloud.com,p43-fmfmobile.icloud.com,p57-fmfmobile.icloud.com,p14-fmfmobile.icloud.com,p03-fmfmobile.icloud.com,p36-fmfmobile.icloud.com,p64-fmfmobile.icloud.com,p28-fmfmobile.icloud.com,p24-fmfmobile.icloud.com,p202-fmfmobile.icloud.com,p01-fmfmobile.icloud.com,p62-fmfmobile.icloud.com,p47-fmfmobile.icloud.com,p35-fmfmobile.icloud.com,p65-fmfmobile.icloud.com,p31-fmfmobile.icloud.com,p63-fmfmobile.icloud.com,p19-fmfmobile.icloud.com,p33-fmfmobile.icloud.com,p51-fmfmobile.icloud.com,p54-fmfmobile.icloud.com,p59-fmfmobile.icloud.com,p201-fmfmobile.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=fmfmobile.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:C3:9F:1A:A1:3C:D2:3C:06:96:EC:49:B4:97:A9:D3:DA:05:A3:E2"}}
00426{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":569580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyD64AQBACcNAAAAQEIChHf6A\/26Z9q"}
01724{"flow_id":22,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":579201,"pkt_caplen":1026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1026,"pkt_l4_len":992,"pkt":"xGGLNYKpxiwDYGpkCABFAgP0f0gAADEGeHwR+LmMwKgCEQG7xY+mDImLDeq42oAYA6vOFAAAAQEICvbpn3QR3+drBgNVBAYTAlVTMB4XDTIwMDIyMDIwNDA0MloXDTIwMDQwMjIwNDA0MlowTzErMCkGA1UEAwwiQXBwbGUgSVNUIENBIDIgT0NTUCBSZXNwb25kZXIgTkwwNTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuNASekHmai55a2AA8WP2cLXdQEaNKclmOQfl5zAqJzkgeg899ClP\/K7XAMAqk4tqmlGJ8zb3kWoXsonC0VZAV2pdMjDx+XzWt38f12PXCbn+YTQ3Ia\/UxyJ+dE1VBZbjBzoxFvH7XvS1\/F0aH7ROSrQWX2ZMRQbRXTZtk6IHxr8b+Fn1mGboaeSL+Wax5ZkWQiXlh5sYCIKg0\/J24AfRE+j4KovXIigU4+j1Hmh6PyYmzkVpT9wqRhGDpuUOlCRLf6veVPWCwDswbhfx85+fNWhbNnBxT\/BWIjaLAkH1dcLlwHc4djK+OEvMjqF6K2e3x56cz0z9gdFObdNIHOOBlAgMBAAGjgYcwgYQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTfpWiX6YNWmPkhXKUgzCvG1tTdazAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADHUTDZcgrz+VGTbly9lQDH+jgwaQQ\/udlTuHrl8wLnpIC1zJK2jaUktjcnjd4RIPRTZ4OYinH2q2df7YgU4K7ILpYyCO9xA9d9J4yW1EeP2NvBf1MBNYw0OI41QBvAwkYS\/sV+RUxlrWP0qD8R8LHTNftYYBBEFKFKMvdN\/p8sI6smB8BFx0LJtw+1sSet\/k+BApFY6BrC3LzqKQIatLQ4QfQTOSU8SqXwE0mdnTOyZ8OM4HF8eGliqBxAxPked9fl38Ne0Oa2s5l1RJHgNfCs1\/QIUI2ol1CB1o67ftUMFottwIgS7Vy8CakoO14D4S1xs\/U+fnXKKRtD8Z5T58MoWAwMAdAwAAHADAB0gABPObQPvbCGqVleSexP6W\/7vDllutvbDrf3tkxDNBBYEAwBIMEYCIQDOz6wI1gh3TwOiak8Zz83\/ebwv2DH37QCU9A6wZxBCQgIhAMu6h9hFcJPj5WUCBZ8V3O+QUCH7JFq51R+ZQ2zLIyyqFgMDAAQOAAAA"}
00426{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":580611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrIbAqAIREfi5jMWPAbsN6rjapgyNS4AQA\/iS0QAAAQEIChHf6Br26Z9q"}
00667{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":582484,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"xGGLNYKpxiwDYGpkCABFAADmpdwAAEARTsjAqAIBwKgCEQA1znQA0sdAsQ+BgAABAAkAAAAAB2dhdGV3YXkGaWNsb3VkA2NvbQAAAQABwAwABQABAAARlgAaB2dhdGV3YXkCZmUJYXBwbGUtZG5zA25ldADAMAABAAEAAAAiAAQR+LBLwDAAAQABAAAAIgAEEfixhcAwAAEAAQAAACIABBH4sCjAMAABAAEAAAAiAAQR+LCNwDAAAQABAAAAIgAEEfiwTcAwAAEAAQAAACIABBH4sWXAMAABAAEAAAAiAAQR+LGqwDAAAQABAAAAIgAEEfiwiQ=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":44,"flow_max_l4_data_len":210,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":110,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"gateway.icloud.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.248.176.75"}}
00425{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0nTYAADIGrQ0R\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVURAAAAQEICgAfwUQR3+f3"}
02371{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584601,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTcAADIGp2oR\/WnKwKgCEQG7xZNpWNRhMiTxG4AQAHVBGQAAAQEICgAfwUQR3+f3FgMDAHoCAAB2AwMyKF9DOKuLw5bBJ9NVFrrF6VDCVBOwZ68rYpvChcZWzSD\/YLmMW82uuwbbKEYkARjm9\/sVvKjvTmHajlJ93y\/zsxMBAAAuACsAAgMEADMAJAAdACCkt4j8DfZ7YKSUflqfW1DYudx6NFOgOWG7+Cp946\/oVxQDAwABARcDAwAqLFuqMhmooVCeSjCEhpoKgBvKl13GFVCOJk3aR6rc3XPfPiJvinusQIAKFwMDDhhIAmeGzJRGR1eJTrfqR1feayAaXq7CQmBH\/9e6IXhmUdMGE2QJ5f5vrNzO0E8uifDIBEQqnOGRVQJQALuVlruvkCYzVIbGOUGCxNe8n3Ai4O1YZIUvwvbPKpdY5VU++ysANIaeAY5xSiGbfRCGOZ0eOLhShHmcLyPuHTqYFddSAeq7VBnsu7fSW95\/uJc8wJ7zrLOp2Y7UWY8svtPWi8fO+vWC6X4y3thEneEzOvD624+Nwts2OGdwfJMiaE4j2l8eWA28W+euCESNuVfCrRALJWm6FEKnMmUF6vWNZcBSHZ9sdySmwgJdHKYtQwGs36+207DIMqXJe9zTWYxXE5EQx3HI6GruvFb87uDu+E03XOeGJ2GOyQiVXkfPhpl6lEdQ\/TISF1ErnSOdVdKBxh15KqFtDgpzEuvnEwY3yWumneuI7J+DN1cpYfQVjIhX6j7H7n+kj+Wo4eBiTL5PMwkoSCvOysnHjdG2swL5pr9oLDpHIuHxmCzpfKFr8RXLRnC5Sp1lN5HbKxO5XgxZYdSx1geSz26mdoOjLZiGVAMBbULNf6IJrl0pheFNQ3QPQZ4YsmmBgefhsM58bClY7h8xqQdtMFjOaP39XCTOgDO0bErTDEgjppTFlTaWMssMuRNdg+YTWJFW05BCumcTVvWvnnidekxWswgQvhECYSRUWiLKJm+cSv3bOi9uOzhskf0yIt4tPozdU6AWIBq54xZ+VZCMwO1DMheSSjsr5nZ7qpk9m6QCGV8wIj8rDKQgAbuTveOZJ2nRcvcj8gnhRo4zXz46w\/5GUCF4H+U2AI+sPiNDYC0Joe33tioUQXT9hXZGYohx9afTcX8OlPWSrffSMoWeioeSVenr\/47HU5l2sDA\/IxcpBsd0fwJFhdrNO3FIID0H9pgdYiwshv7baBudMFjb3+VXM9K8gclztO8xu4dcWmlb12ldRENYxjCN6DE0PFkv4SelKFYTFdj\/oIGqDn2XaBCMgoSe3F0wT13WY853OzhSFgFpciOjW6L+Hm7zXtQaM3fLy7QZu021VwJQKDIRH7B2Ra1hp\/uc1e5zQAQ7Bo7nWejNnGcpBECjNhNvB7sRj5zonFANuGdg9v2VfrHuzETjyCVJBbG8HJwKOhvIPzUtZp48o+sSIQTu5S99otz05ItW0MHSK5H4sqk9gKsX5wI8nPFrgjWPo4m6Dx8h7+uCatU22Bd5uo\/IyY5yjv1i42\/7v0FFbDd+LtEsR3B\/uP926VMTvEBsRx+c84cPqKILt+74ZL6Hj4al1EkHitz2uGe7lsVVvAF\/zUxSYNJ67ON68T\/xMoe+Vr9DntrDFqc5hwyHKWGHzZhW3uGMFK5PW7il00PWvcV2eHaNa+PMoOl4OeV5\/vVszZPBFR\/Z4zmHZk1P+b2R03i+ZmAq4PIy40nyybPThNFIvaHnuOLm+JM6tu2KeMgBP6OJ5uashzuhXMVOe9YrZ+PUmV4dUaQu+g3NydXZJ2Bk3lo7ZhS9pDit3G6Zz2g0m0Fa1KANHpfxlGC0Fr9ZhRCIhhIuCdZQwkIow6ge+P61amsPhYnP2UayQkffM1LtJycCJjPdUUhxz+7n98xdNa5qC1njfNjUGFPyyWiSDuAQO4qBOGW64cdrs3dKCRO2iwgKdh46ZPfPldOxqz7NCWCQ9YK\/NJWGacDu"}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1582454598418,"flow_last_seen":1582454598584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02383{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584724,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUnTgAADIGp2kR\/WnKwKgCEQG7xZNpWNoBMiTxG4AQAHVkJQAAAQEICgAfwUQR3+f3Zvji2ODt4UJ2pvF9R4RriUQbCa0l22b\/XtUcbkokh\/gPtSUqtXMb17TUXsUyTZ9pvxUJ\/s0Cz\/oX9qFdH6GZxa7kqTBzisVG+++NBxKSFqYRihc+NgWTaXL79PsMJ\/BjqF2+CBvNCiStfhGfynqVGi5Yp1a1yRNGREskAV4LoT2z+IvnFLgF1KD19HMmSasnZTf+MXtvFo11t1Zkst3ZIB2eg9uuUL87org1p7mKePyLBJj+s8m\/UZuEvCwJbQxkIVUF\/i8GjxLbE9N0R8ZCdweiBC49NtOqKGB2RffFsnTqNKtDrLEU4sUpvY1OQL3jZqJOX1jnLYAMiknG0eW7ZA1B+JXh4KcFHSsJctl5ioXeYkIR3MtyNI\/6wGgFF1g2ftnHKa1agN\/xKvOsfcLTgzJdGoLKhR7Vt76aliSvBOV17JFplmuPGrBq2Yb341a6U3WGV1\/KDArb2bVzBxEB8FOM6vwKk8Lt36nelt69dJVEDbVKfOc9mlbSjHFcwKnrASpOCXG+nrlqwrCF+cP3e8jx+VGyZw+fFSf+ogX9rKIROQGOGu05KjWuPtb9D5NFYjgehQub7xVereeuxgYVZcGofxlgtwpNHdzJAT9J4WHjNRrxqHBp+ncWyQ5qV\/yo3Aj4KP5gx4SLkGV1nykgQ7iLhi66uF\/TG\/NyVuU3+xNYDVaA+YO0jObC5mxUkFZnErbbIs6kdW+GkvhWXdh94Wb7bM8nYkjWCBUXWO2Oy51kuSTLWAjtrtusEyzwh0d+RAfvzIYIcZMq64dN\/TqiavvylXcYalEayAh6HoAJ+5n8ZsbuXfzQqesagNURGGRPYdToh52\/Bh1xqZ+sMftbOvPVmrsQ3POAYITRZ4S+nmIi8OsC3gfBrN8RrZL\/rBpfk9o+K2GBvVNbuWF2\/f8SjXxQMvNkUPpz932OYeEMrKsJviYP\/znQFp+Wucn1s\/pqY+ayQaByKd7Kb+HgXB21Jdgfcaod9m1va41VKDNbVRkuvxpFhSHonAvpQ9NSE4Zmtn6dNQJA+WvzNpWJhcTQSauml9GfTET\/DnnUlZOlFtJTY0q6FCv\/n4cjlCkvnv\/EZ7FsdH9q1KBO9rpVJhVHUzcMittzDiqVsv+C0VZJWxfv9TicUFXi3xN28+NkABnkFlQipuIDkC1wGnPly8\/DC3HLrriwqBciQqmWCkqiXJP4zj3ZwOjpgR\/PGLVWz\/EFCKLMrPXWiSm+iwzX9JuDkdSrnQ+rXC6zVDsk9dL6aBDcC1LWrPzixzU6eFErtZDDrJvP7ZrzmQ52iTHer1XvKvcBaY2dp2NnXLrxJdnR1diDHAJ2C4HvXDigJtIqm209r2EOVWjYSisPXmG00IEV9YnvNm+pH06Yomv\/PSfo4dHFEMyaWuGz3Ll3tepDnj0qRiUTpKxRC9funY9UK6G2bc1KBHfgmQZiA1WmR3zhTt+Nwo0AQaSpYlkSP7rkkvjo7jlMTfEWq+en9DjacxUhXmCnM5OJM+wDGLI2yYB\/Ko9dDfWHd9+0drzkYXhzyaYAprYDrdvSCfFdvTGOfzataFETb1QSk9rdZYjlNLUmuFhfg6TK+13n+spDpZ6vThjAb8R+N28NBh0DWlD3QI\/eC0KVLY+aJPxjyvR84\/1MH9OwsQUNjKgYDKJnQ7qYuo4VgRhquJgIK5e+YBhYGZcwnudxF3QdZNXuctrUxSABrC6TR054DhjM7sgMO5DcHBENCCidE+FjEh5D2xhT5hW2NGOHXhUBTCUCKPd4QSL9bFrm3gRMQcQpNCCgh7+6C6xcYNIeeXwxEylXDC6J+ndltB\/d5dES3LgU6UR1OqS6OXnnt6X1pV6sQ532ZSArjFbeEZTVJj5LB0\/RUUWjB20dL2Ol36W+DzBCta1hag59f1peaPYSI\/NMag7CFMYBebqI"}
01883{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":584725,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRjnTkAADIGqNkR\/WnKwKgCEQG7xZNpWN+hMiTxG4AYAHUySwAAAQEICgAfwUQR3+f3bmhlOV29CE2iIFQAL59yDHBYlu6YrnPAdzt3j5FM2jbDZSDhondXPEizlhrpDXLAjVlwtk0IUbceHsFh5yoOZN9tGBk7OHFmMv0T1+dH8cVA\/ZDPwhUsYrrwAzc0YWp9D5l\/zKTDNRS2mpjlwGAgFnZFnuScCL7D3QDcI7zf+0xLeAKUXdJBVQ\/B1iWjD5PRRCsr8aAzUUhsjZ69we6P9zaykDvasuU+719HEPr89LlHjNSw774Tyn1PKGjc0MujgidrEB4VMPjTLoMpZ0taxIHy+MzJMx2LgsIuar\/X3CUtqIIy565AJ3w8p2uBOko0\/loR6b+whh6ChZgv4lW4ktyiwp02AxjPJLlgl6XHq\/Q8SmKq2smu4OmgKcV8MWLymSeplhXEQLrf1AsRGsY+p+ZhkVfiunEIFHwbM7l77Ex6Z8B2eC+rikR\/mUk800k\/4vHjzPA1N9v3yDlEbnfKZFmZ9OwZGGBXC+hhtqjP2bLRU1QgmC+ItZBF8t6irLEna11UfoOoh+ofgt5F3vgBfEAzuayRaZNLNW372lqrJSIuio3gL0rq67JbIs7AfOkevcsPcTC7lPbR1JfX\/oaMLooYN5yRXN5as3b7SWDuA2PdZu5nw\/Pz0tDQrylmrZa45RegN7pLsrXE08BLMEN9nK3Ok30QQocMptp0lubYznZHbPlAkp5bRF1MibmHOo+LeLl+VIZHOd2vFkfgIGhO1qw3y7ZX0hC5mqHufeH2lQoMVSPQ8zFuNd5ILqwhKanmWuVPqjAPJiv86YqBn9fgjryXBSKXNLgJXjO7+zXshAYnr3qzhpJOwGm7pJxqdRoUsrHcujLU8ceI+bbRk80S0YgKuwqVwRwbz15t9BYrPl05hN\/kDjPli+6PB2Il6SyTl79r3WYEyOhfP8vNqV58\/IWH\/3fRUN2FZ4GbzxzH\/2g78IxGyWWQdAcLFEN2AzuweYVWqNL\/y0RuPez0cpw4E9WblWgU7PjppU+es+CUV\/7SSZf9wSXINWnoI56217hBrnPpxTU6Tr92XM1\/bx\/+PjpXhM9pu0Feuf64wgLDJ9luR15FBQZx7VnApsnqjimvzPIve32Gdx5Lr2hA\/gDjq0GABMHBWTBrTQAK4ivjpTyaldxaorhlr6vEB1BYALQUTd+orqiH54HSUe\/s\/hZijqhKFpVZlwY9fe0cVqYXSfoY1+J6VbPHNwk0+RbIoPCQ4RcDAwBffutJWKojEEfvmCbPI6CBi1igS4wHzeRQHzc9ELPs0jZtGic+XYFLaGyhckeBZW6sK1D0VI7D1mXO7LI3b5+6DKUNdNZj1qUwxqhf5EE\/MxaTnx1zHd6JfNCsm\/vQGvEXAwMANZ6dVG+AQNi1uSt+x8iz5PIcQE0Ed3YHapx\/bfyb4BcsV8etiToC8g2+Im9hshXQVBWAY6OS"}
00426{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":585123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jIAADIGTBER\/WnKwKgCEQBQwACbtSzOLJXrtYAQAHVahwAAAQEICh00JSQR3+fp"}
00426{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjfoYAQA\/RFXAAAAQEIChHf6CAAH8FE"}
00426{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":586858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWTAbsyJPEbaVjj0IAQA+xBNQAAAQEIChHf6CAAH8FE"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454598587,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1582454598587,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587648,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WUAbuGKOrDAAAAALDC\/\/9\/HgAAAgQFtAEDAwcBAQgKEd\/oBAAAAAAEAgAA"}
01357{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":587823,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"pkt":"xGGLNYKpxiwDYGpkCABFAgLs\/jMAADIGSVYR\/WnKwKgCEQBQwACbtSzOLJXrtYAYAHXbEQAAAQEICh00JSYR3+fpSFRUUC8xLjAgMjAwIE9LDQp4LWFtei1pZC0yOiBWdmg5YWxkeGF2b0Qwekd5WDRnMjZqWWo0UkJRWTd4VDI5VEFqT1l3aXRmYjB6VStUVGpiVjdqUm5nakQwZ2gyZXNmbmcyUUZ4cDg9DQp4LWFtei1yZXF1ZXN0LWlkOiA0RTY1MDNFNTU2OUQ0REE0DQpEYXRlOiBTdW4sIDIzIEZlYiAyMDIwIDEwOjM4OjU0IEdNVA0KTGFzdC1Nb2RpZmllZDogRnJpLCAxNyBGZWIgMjAxNyAyMDozNjoyOCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiA2OQ0KU2VydmVyOiBBVFMvOC4wLjYNClZpYTogaHR0cC8xLjEgbmxzcmsxLWVkZ2UtbHgtMDA2LnRzLmFwcGxlLmNvbSAoQXBhY2hlVHJhZmZpY1NlcnZlci84LjAuNiksIGh0dHAvMS4xIG5sc3JrMS1lZGdlLWJ4LTAwOC50cy5hcHBsZS5jb20gKEFwYWNoZVRyYWZmaWNTZXJ2ZXIvOC4wLjYpDQpDRE5VVUlEOiAzZjEyODg0Ny0xYmEwLTQ1YjUtYmE1MC1iOGI2MThjMzM4MmYtODQxNTc0NTYyDQpYLUNhY2hlOiBoaXQtZnJlc2gsIGhpdC1mcmVzaA0KRXRhZzogIjQxYmEwNjBlYjFjMDg5OGUwYTRhMGNjYTM2YThjYTkxIg0KQWdlOiAyNjQNCg0KPEhUTUw+PEhFQUQ+PFRJVExFPlN1Y2Nlc3M8L1RJVExFPjwvSEVBRD48Qk9EWT5TdWNjZXNzPC9CT0RZPjwvSFRNTD4K"}
00426{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/jQAADIGTA8R\/WnKwKgCEQBQwACbtS+GLJXrtYARAHVXywAAAQEICh00JScR3+fp"}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":589226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06hUAADIGyEURggIuwKgCEQG7xZHfrwWjGTrtHYAQAANrugAAAQEICrVP0n8R3+fw"}
00425{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA00AIAADIGekER\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHV62AAAAQEICor+qRgR3+f4"}
02378{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":590958,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AMAADIGdJ4R\/WnKwKgCEQG7xZLy+qnqfzqrkoAQAHWr2gAAAQEICor+qRgR3+f4FgMDAHoCAAB2AwPdkWfjqfkybHi5hafIFCxMuXFhAg42i74xWcGK+Esm+iBBR6wrPbvh3W2j8rwh4NW3lc0cwhULV8gFfvx3+QKTDhMBAAAuACsAAgMEADMAJAAdACCCQ4+XIllfV\/oyk2g\/erLLA4ruA7viRddpmmFPrNDoQxQDAwABARcDAwAqvLZxAURZbFmO6LRUH2d8WwuAMqGLMfkOr5xKx9YzdPly\/lRnWSDn51\/bFwMDDhZN6Xd6JBF4VAKva6f8VaOtzNpWertXOwTz4RPzYuBvrt8tpgt747fCcmPA5j+t793wFhGdnYKExje+MKvI8CfpncwfxID52p2FrL281ID\/f+JEEBoA9MM7lpPMw9Bo0oxjC\/61246W+Qwg+mE78Chy6XeMcKnScbNOGbOzU9ACc8yG+4Z2AsVPhP4em6V2Yt5ekyI1aR+mXE8zRFVqLmi7Tkz34ZrBe\/FbLHYtSOAiaQw+uBKev14+ND6dpvHsSaeiUvan67aE3f38cNQL03wvqLIDqV2WTfkT8h3AbMlKLnjlp2q15Zcd2Qe40fUKiOWIwMICW0JKKLGCyXfn5Y8Ds7MCJp3LS3wXLVn3FVVaGBuu1vB\/yHweUg++cLQC295Knysp950MbdZCbRNai7I7nFgWnQUtGfTMMcn8A1md69Vmfvz4pqB3UAvYLkKM0lKR6HTa2LzRPpI+CmVRT4yZTYWwfgVcBT2KrghjIisWRA5q5wzHvSjEvc2azKS4butT0OvxUGq77db95SS3oVAzOvdBy6rK7c8Q5C9VcvXAaOOdSqaOiv7zotRcXv+0fDMyE5ICsvIZZEj2nvI5Qk32oNAm\/irL4ZQqab3apS1ASdcMceK2k\/7RBTqX45UtjgDGUa33lcCHiBbC2lf9NRE1MA5aNJpm352Jw7iWKFnFykHE49TP9APxCXSCe5W3zJb2laG5jCE5TNq5rfTlCAJLE57e5ccUzGpWcv39IsOSWolJMWubxvv7+9GxBsvuMa4YDirQpdtYB+DbnzvnQ+cnyMKIV8oWOhjEdNr5wF43CKdtEKOkeI3iecgDUUhSfdxSWnxytcF2PGkYIc617xvgQrpfyLXR99OH10fuWf1jK3BkvVNBTiSa\/HNujUSahH2NbLq2d4GwqyhBf6C+7mvrmsr4\/4L9bfj8l0P3uJVjV46Va+dNjIizc2gQForAjmfy3032Bh4lO\/4MIyuwGKoOuycFjnLzGZE1woVyF41xfr+TKrfF7\/hU95kPKB7hYf2\/4yRSrFfiEEorGHRfQmj2JZD6zLuFs2ap5BP1K2RyxUGjL2hlH7kRuSLqqORtZk2q+X1b7Akub7fk1VZYSedu80+6n8XnT4k1lgLE7mZ6dWxCW0xSy\/p4HJlW3AZdiqWugXe6QBmAJEFixxGVWCyC2pHgBQPqMs6qWCxk\/Mrf6\/UMY64DmyTAXT4eIqobD1urftCYJqYmKqpNxJoegGynAsCSzlaetj6\/Btpwaz9MdhS1mqRN\/evH\/AOZB6lawfBkd3OUp31P48uAyuFVnFrzPIrVfVYQY\/ETPLPafGT6PtfARjEVrJuNG+LYNCVupAazT6odke5WzQyJNrReIGpAbGpvT3PoyrPMn0KNSrnuPt25\/HHN\/uizy4OgUANTEY1E5L9+JdaNqdixMGIlHwvJg0RUsVnyj6t3Bd9CmXm0anZlQLRCBdOvIVFRt2uXtmvFuRbKF2J11BbEvPl+k4zw99kzDQXvKd3n65qfee+hC4JsXSMMS33fplhNNBJKF19+P0ViDgm5r8nzJTtrTFNVD6bMVAUujNUDXr6o10oiAuN7z+RP\/O7ANSRrj1YJgbK4V9LN7OvtTwavaMYScgdzPmoIRUX5pWj07S\/ZkL0+sJSYqbw7c7JsfUdwEOI\/BAACrLxZU0YK"}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1582454598416,"flow_last_seen":1582454598590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mesu.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02381{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU0AQAADIGdJ0R\/WnKwKgCEQG7xZLy+q+KfzqrkoAQAHUYLAAAAQEICor+qRgR3+f4QHJmI1Cnwgdi5hQt7BXjTqx0AI8Cq2kXdsBd9yhND8LWMKiSq0VmmbX+8jfkSziqSouCzetN5SJhqPoujPFU3pisWEtWENyzRZzUDEzQ1w0AO9l9QnCZZTazBaLSzU+d\/BgnYEgd9TWpJroigc9bK9p\/vbRyjl5IJCG1ViB3SQ8zu\/NTwrZ52qHnxA2SShMRcT6jUEWYUm4MW+Zs9nfWEiURYKpBX1Ugi1QQDhcyQCmXIJJhveqKinxbsPw6stD32darp7+F85Mi\/FG2fjqrhYFVWIbHJSdp+5\/C\/q4LwqWGJGWLKLZx0EdfOrHU8s\/oJYdzayAIUVFmA22082SMZ3LH2kLTexMWBJ+0zP\/tvKCDwHot\/OOBXTYvHTH2wrdNXPwGTc0gvU+6Tqk+Q135uexNZ1kOU9eq7xQ5JlhRWSpvBwzrzpZkwo\/7XFgDB\/AdnJxrUom2r+Jw3tg8G2WDiFCCUe2qq\/uRGivATOzRTEeyoTwiVbUWnGcEJd\/+p4TPqKxREPd\/xqoaNjFd4Md5qyH3WoM0ydV\/KsCcMTmCSubKz201vYUZWKBDEh4Uico5+MRcQFTyOrMCZF8hhoOfwQaAzwyuDCBfiF9eEGeJpMDgUumLfjRxygC2HK588uNM8VMrol4yKT20cR30gMhL9229bSneN5bGXDiEtcBCrbiz8RDHhcVHyD5B8VfaPqIQ\/kA8pHo\/5rLw7NByJ0Vg7jVor1MQhlhs\/bMPHgnTPeG8IesmgZs3U2oaTSgniLbAMlBcIrmf2oZER2QWMIFqhSTouDETiKar0dfMRCVl1FvVmweb\/ByLx8LvdspM5\/majrxONFj3Bs9p0m08gWEjbFeqTFsLLLn3A83v0VLpswkpQ4nNwVjm3dnH4t9v9Gxf8YeLqr92xS+YUSdxlApJ3QQf5XOxmbUv1cRtCD3dkRNV\/7bfmr18FD6XbifYOhe8FMjB4bwKo3pkMtA7l06nSWzNH1c1sfDsBcy723H4TyjhEipbxgu51KZnRMU3n6mfFLmhRZPM3aOabHlufGn3S+u1l1PPMWx4WrWzIuCPhTif1H6iKVD6hrUPRixHcelbraACOhx1uqgOF9R+vfP1\/BHEH7Y9W\/0uph0S1uShxkR3buFRHePFSX0g4BKO+Wx6Ty9ctg\/5PWY39G+Mf95lrKmYXiITKJ9+IqVWm\/iyzPDwnDnVqqQ1Kj196uTW2\/bYx75cuMpAXDRCB66vsuQKvl0SdlnsIaE0zYQ\/xHEuMuZhmYp5Tzl+kTx1LrtVZ7UGXMzatQSw6VMgUuGHMKqraWF7uNtz7CIvCF3s12UNOHztv9e4GhvtJHrMNICy6t2Tc8hJ7o3jWCd3KEWz1LMi6JfSRfRMYilCoJ0WvZ5ye1egjDaqUk39VhKEDs6FiIVWKYwoLS3kZyOjmj8NO2zbaHmPyFBlJSlfK5M71ZDC6se40lUFldoMCkjz5goixv0grJaTlK5fIl5jUDebArkW2dbAIIPVb38Eis\/S2kdhrlgmGy1vMTagnOlqP6DJlElA8cZaiQZNmGrN0Xm5E+IT9dZpmxpLDHQap+569WrfXvNqP3P+X+Z0AJpNzsKN6O9MzVvm1+kCCVj4udI7dJlDfI5cU7N2OU3ctWPv\/NphdE6uu6z82Q7aNeUTWl3ag7uKZS6lYmYlVpAOQcP5vzR63HQSXFgHDk57PTeTO5xNyQ+pRWcz4tXWtA7\/FX6Wn9TW9+6rW9TNr9mK0QOC7EUhdd6a5Ua7i6kHWMpZSY5FzhHPwd4Jusw44tSWnEGC60yMyojeF35YhKexzzXRSILKjnT3dTgo1JUXmuyNKvZTQQNbuyWPgJVje28gO9KVstdshcDtjLS9dSPDH82HWBK4oXdckMPy+7yDsdcsm4F1yy5sYX0+gxSF0BW5Da0zfp+k"}
01892{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":591563,"pkt_caplen":1137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1137,"pkt_l4_len":1103,"pkt":"xGGLNYKpxiwDYGpkCABFAgRj0AUAADIGdg0R\/WnKwKgCEQG7xZLy+rUqfzqrkoAYAHWR9QAAAQEICor+qRgR3+f4JqEdHue5ivuX3xFR31+9eQx6qvHpEO708glv1H56cewXcjpv+hUvLBg7KDhtwU2nbo0+31kknyWNwqjsZWLBxCaJIy4Cxmn\/CjuRJCBCyRsxsBL\/NweZ2r0Y3qI5z2Dfqh3QjQKYj31cBf\/AY\/2NZd94X+PQZkKk+3YznOJ0eQwe8pRmG5B4x9lbgjrZr29Tt30sFrEbvjSbldY1RYgH+rKr5nNOpoi2Yhl1m+RLYoTH\/eSm1hgBZ5T37hoYFPrc0FRavq4ZQmHGbMWrzzPl2JkyOgLf+urChmnLqPB4MdE4PUA\/e9gvHGDlMju8JSWALc0964HhMObNrmLMTq7\/elCbpjsTg+NmxPZ66U18mgPeeSZGixPU4sNEA1GABI2KJag01TktU2rGxewKnpRSpg7Q3njLdWKBh2IYRiRd+ecvORQIxK5m\/Rr\/TJveu03zZ0KBQjH5iNCf5aR\/LdV6NHeTc2+e8qyPPkV7v4QUyffzGuUf+Y\/Ob45MhP\/2TiKgJJWnRGE1UKdIvAVqEFg3dyLKkx2SF6062tgAf6mvCrfVNI4K2CBH+8JLjwYfzg00Un\/lHD0ovgl2v74hspPG+F6DLOfjrgRnpW6\/tZWvbxnGim8grAduSl2d08spP0TgJyijkd81MOX8uKXfrQgV2kQpk7XNPRDN2ztMC7h\/IGPWnzCaM1FSPfcUSAh3YwV6XjdUhm7qrByCjoeEmdD4KODp7cNhy72KZqj+oN4YMLfZ\/mq9xnMvswNVWdsxbiIqEe8Fhw4FY3ZSAJX2IKyj1k6SLcjKIUCnOKgZXQN5IUgtcwptc30ft9A+Ae2CU6wWBvfspIPEbl9+apyTmEfjOdsqV1JA9XlT3Lq9MxfKTF8aUiHFECwIPu4ctIjeRf7oTbx+k4hMWX05YVmGnImHgxVs9iap8KX\/940LlU4D\/BZIi8Pwrcu0nvruQVWp9aE\/ZQjv+GZ5\/PSFWwvD\/frt5O9JNm0zyMrAdYHQAW71DPYYzstaYsJ1E42vM93oeKuiojoO7uCdQq0chaF4SNZBRyKEjbrhBgp6dplqdCW1Sj\/DUMgFy\/D\/YOboH\/VU6PLr+c9kYpjLKFnf4TDYqdzNmuzi++tdYaO5xtoSPYLj6E5znzTTWv6D4HKnet88VOXx49SBYJTb\/gKCQ8K1aVd3lyph\/iuhySiPCeYYkZQwzielRjV4HVGrD\/PpF5AKsoIXAwMAYRz81U3qiwAn+rx9UWCWO1qjQqlW0\/xp\/WynugxrneryUXe9onWUIRFs70Fm6MXIJCYt5QNgxLhOAyFb99A2Ad27qL9PfMvyCsTeSb2nzveoeE8tl9VTZW90eMgH7tmLkMgXAwMANXJ\/jLnTXKPevW+k0tEB2Z6uY0bhtV8qnV8ylPJY6jjqyxVqzAYJR+KIA\/aOdL0pbPl7\/+zF"}
02362{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592070,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hYAADIGwqIRggIuwKgCEQG7xZHfrwWjGTrtHYAQAANCLgAAAQEICrVP0oER3+fwFgMDAFACAABMAwNZdFzV0QA2PKiuTvgdN9coa1Qdq1L8ifbPWVMLctdgVwDALwAAJP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xABcAABYDAwyCCwAMfgAMewAIMTCCCC0wggcVoAMCAQICEGRKaPARhhkxGSgjco++FUUwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDMxNTIzMTcyOVoXDTIxMDQxMzIzMTcyOVowdzEXMBUGA1UEAwwOKi5scy5hcHBsZS5jb20xJTAjBgNVBAsMHG1hbmFnZW1lbnQ6aWRtcy5ncm91cC41NzY0ODYxEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5OQ26NMG3+wL7VQiRvYmEl0dQH+y7jG30Xq0szwA0HhHUOltteAVEk7uSCV770vGd8H4YroH4zaTHuZZyL\/metoo+fOnZZ8yuBRKAQEmLk0k6cXzi42emR3UOxVIxlABab20cmMjigYECGz1dGXF0EVjhPY1lgnLend8sIR6OL7\/ObnoRYnAwHUkr\/23MJhV\/9WLdWWoaO0o4XWPPqhmI3OqDZf8Abpu\/K7n7yd6VTKQexqxHBqHI6jliuXkwp8rR5j2iTOLocZme0verNUtgPf0J3B7fESJtecqmpQmw\/OkATqNG9TUcsJZ7elwHm\/QpnqO5VHCTWTA6kKoCj1HwIDAQABo4IEyDCCBMQwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBTYepREfJBwkBae3RecAUQDhtYqKTB+BggrBgEFBQcBAQRyMHAwNAYIKwYBBQUHMAKGKGh0dHA6Ly9jZXJ0cy5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5kZXIwOAYIKwYBBQUHMAGGLGh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGVpc3RjYTJnMTIwMBkGA1UdEQQSMBCCDioubHMuYXBwbGUuY29tMIH\/BgNVHSAEgfcwgfQwgfEGCiqGSIb3Y2QFCwQwgeIwgaQGCCsGAQUFBwICMIGXDIGUUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIGFueSBhcHBsaWNhYmxlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSBhbmQvb3IgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA5BggrBgEFBQcCARYtaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmNybDAdBgNVHQ4EFgQUP8a7O4KKBEkwqYE6aCTMDXOI5ZcwDgYDVR0PAQH\/BAQDAgWgMIICbQYKKwYBBAHWeQIEAgSCAl0EggJZAlcAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWmDro+VAAAEAwBHMEUCIQC6qNKm2PO2iVnAY3dXNcjP\/RRQr+eSx577YiUlj0HeEAIgdvb7+Pm+oRrOHFlvXDnzWATgNjKeT7gxKY+JAZJ\/"}
-00838{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":128,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02379{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592079,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU6hcAADIGwqERggIuwKgCEQG7xZHfrwtDGTrtHYAQAAMqkQAAAQEICrVP0oER3+fwZooAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWmDro+XAAAEAwBGMEQCIAP01iSTpljIzjFVfH3bSqLJ8zJf0QbTBoJ4F04sCl2YAiAcz7xSNKrHIcafP6evKtJMETOMl5mRGzgWHb1pdUy11gB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABaYOukHcAAAQDAEcwRQIhAIHJdGljpS8EnOBT8HqnM9pqHuT4kpfw6aRKYr2ifLD3AiAExKL9pYFPcaH1\/\/Qa6UYYTKgFD\/mGj9jVUDZXDlx0FwB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABaYOuj58AAAQDAEcwRQIhAOykdqwFKJ\/evq2GZyLxer94+svbUqdIz6f5TVT6luKuAiB9w3hGSXUPQT3WSF4KHZmO\/m8+3kD5OS44XjX\/+zncOQB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABaYOuj6QAAAQDAEcwRQIgMekPCAB2cdLnDkrErZneT37AagK6SF5591cou98K8PgCIQD\/5YxliNlSpuHP\/WWiT1ZdxnMeGlJtdVHI+wpOJESyYjANBgkqhkiG9w0BAQsFAAOCAQEAjZ0P\/nG5YRxm8RLTijJiE2Qx2JxB4urIMqbhv1VBez\/3VSqn78NlrWxVq66QqAs92I+rR4ndtmBc2L267RvelwfMSJB8Zemk\/\/03uKH2Pj+z8Bd8ROX4JP1Ys\/p63Fk1sh0mfAMAscorYQioE8c5w1qg4+\/33MspRF86C61S4D1XK219g74\/kqmGu87Ca3weX818oLHqs\/2H+xU87sggygFyq2jGxAkyMpbAfpuk2dpc2fkZBmBimbH7tcgb\/MRr7EAhAd+Lmig893bmEunIyDfhCa2uLR78LYvEUinQAlMcHYYYJMD36U6skh+y0nDm54NvrBuMJtPGTTQeZrvgvAAERDCCBEAwggMooAMCAQICAwI6dDANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTE0MDYxNjE1NDIwMloXDTIyMDUyMDE1NDIwMlowYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JOhHUdDIBayC2vrw9W06MeYzfPev+hN6eM2gAf8RRtqfEWGrlbTpAl\/YQ1rXX5Sa320yDnE9Gc694POGW+GL35FfkccZ1LKlQVd4jZRhcDUZ4A1bxXdPv0d0v2PNFDY7HYqvuPT2uT9yOsoApYRlxdhHOnEWTtC3DLRCR3aptFDhv9esryMz2bbAYsCrpRI8ziP\/eoyqAjshpdRlCQ+SUmWU+h5oUCB6QW7k5VR\/OP9fBFL954IsxVJFQf50Tegm0sy9rXE3GrR\/Art9uDFKaCoi3H+DZK8\/lRwGAptx+0M+8ktBsOMhfzLhlzWNo4Siwl\/+xkaONXwlDB6D6aM8wIDAQABo4IBHTCCARkwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFNh6lER8kHCQFp7dF5wBRAOG1iopMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0"}
01406{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":592156,"pkt_caplen":792,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":792,"pkt_l4_len":758,"pkt":"xGGLNYKpxiwDYGpkCABFAgMK6hgAADIGxWoRggIuwKgCEQG7xZHfrxDjGTrtHYAYAAOHLgAAAQEICrVP0oER3+fwZ2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczANBgkqhkiG9w0BAQsFAAOCAQEAFkdzb4WiYuHnKna7iZVCJpe8SqyscFM6PzGDPTwcq5risV0cdhqgPAxyV77TnlDgyJnWWNcC6s4NKVR8zfXCxpApVaNvFKgLQg06mG0GeJ7waqMdAgqiKKSNwoFGPm1n2t4\/\/oUOQioS3rW3+7gbp5bsd5\/s1FOVev8H9PIKFMBRUrHWjlALGplcvAvJve3t+F7BVttNfiOkEaEs1BsFmuQbUvZ8OJkFS7pyjUKJYARmKvT9aNdr95lBKNZsJKvmJVMuyIKZ4qKPI74wg7Eni\/pofwFJ6MaYaxAumF6K18pLscfJWJrQNtuWley2geTyzW8beYdMEDyJ5E36VNyqphYDAwEsDAABKAMAHSAEN1l3z1MIds7QfYyxuK7\/V8Dclcp3hwl2d8VuWSTRbQgEAQA\/SkBXY8ZMu5f7OlqejpFPerw1+zHh6NCnu87LhPTQ9\/RorGa6QeGaStaiATpErMqJFcfDZJ6Enf2nGV4poLGqB0HL7\/2eU2D2J4\/x7RDb9JTkN+7eeK4eBj5C5XTwuRoglCdnwKOMDuL4d0PMW8ktqaVHYXj2muifNjS1W7eyHL2JBCJjPIkbNbLtB6G8J2J9en8DIrIcW3E9sCbYvUSgPiApPO9x2FMxtbbgET+epQHwOBuZ6yU9A7oaI1ORhOeQtsmHeV+hRRdVZ31GwHnw\/R4vx02pzdO20qB8Xmo4us0J\/iclY6k4c75AlHn1uTYmPpAMLFhaPSGi9jZfJQMgFgMDAAQOAAAA"}
-01129{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_tot_l4_data_len":4399,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":549,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
+01140{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":130,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":8,"flow_first_seen":1582454598385,"flow_last_seen":1582454598592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4123,"flow_avg_l4_payload_len":515,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsp85-ssl.ls.apple.com","server_names":"*.ls.apple.com","ja3":"55271a105172d5f225e4704755b9b250","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ls.apple.com, OU=management:idms.group.576486, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"E4:85:25:4C:99:F8:FB:66:49:4B:80:64:5E:63:2A:75:9B:8F:C3:51"}}
00553{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":593624,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrCfAqAIREfi5jMWPAbsN6rjapgyNS4AYBACptgAAAQEIChHf6Cb26Z9qFgMDACUQAAAhIL9y1EDy9eTpmWS0iKCdetkIBrN9k091SGDIaH3oGnlJFAMDAAEBFgMDACgAAAAAAAAAADOHN7wq\/sCzBaRwj8WRi2eooJO8qHv5P+c0wRI9i8de"}
00437{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":621600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZQAd9VghijqxKBScSDqGQAAAgQFrAEBCApbEwd4Ed\/oBAEDAwU="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713167,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkxGGLNYKpCABFAAA8BIgAAP8RMcbAqAIRwKgCAc3KADUAKGCiwekBAAABAAAAAAAAA3d3dwZpY2xvdWQDY29tAAABAAE="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713210,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCUOgAAP8R5V\/AqAIRwKgCAfrLADUALpJfu2MBAAABAAAAAAAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAE="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713214,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkxGGLNYKpCABFAABB1EAAAP8RYgjAqAIRwKgCAdBFADUALQ1OiY4BAAABAAAAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAQ=="}
-00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713413,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7QA4AAP8R9kDAqAIRwKgCAfQ+ADUAJzA9jewBAAABAAAAAAAAA2NsNAVhcHBsZQNjb20AAAEAAQ=="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":138,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713473,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCtyIAAP8RfyXAqAIRwKgCAfeRADUALilRj7EBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713588,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD8ooAAP8RQ7zAqAIRwKgCAdAYADUALxueCAsBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713711,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"xiwDYGpkxGGLNYKpCABFAABCQ9gAAP8R8m\/AqAIRwKgCAdLfADUALndaZloBAAABAAAAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAE="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":713833,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABD04UAAP8RYsHAqAIRwKgCAcLYADUAL8OecEkBAAABAAAAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1582454598713,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714280,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWTAbsyJPEbaVjj0IAYBAAl+AAAAQEIChHf6DQAH8FEFAMDAAEBFwMDADWHsyiYnHR9U1VZ39KYD7Vit6YXikasTmHUUAQVD89cL6mKnwQVFe0\/0ArpPWq2vxLyjznYdg=="}
00964{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":714447,"pkt_caplen":460,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":460,"pkt_l4_len":426,"pkt":"xiwDYGpkxGGLNYKpCABFAgG+AABAAEAG+rfAqAIREf1pysWTAbsyJPFbaVjj0IAYBAA3bwAAAQEIChHf6DgAH8FEFwMDAYVgkPd18XfWsYhba8Leaa1gm9tllqtkmavMsp3W37EAIK5\/LGFO0M52xTC59W8vBVPRQ6aOqDV6E20MR7dmI\/8Wz1pBTjpBzRmrxsx2sjaVZoxTRD+FCeE1+Jx0bguRZ2HLMsMGm77uEfhRs4gGCFLGYOJtA0t8w9iIoTQrmte5QizIjaUxlB9ndiAySdGLRwCaFmhPicPqAT3OPW12QHi9PSX1o2e31uGlbFc118YD\/+9xS0RPO4eQmZqFzUYM+5jQwOqYiexP9p55UOnmAjD4k2GuNYPaCPFs31IpulHvr5m1Kz4j\/2uLN9S3x8XK2RQ5XEHOWalkMK+CkbUfLNqWIJT+dUQTpIbvidFnWLxD5av\/p+Epc8GjJpiRcTzHtyKULgBz6CaFkfPvGiI4tvt\/K9hy61F3LZoXayll\/zzYO1Fpy1qm06tHwnAxX4sfoK1iGkW\/FgzGkaxFUGUBYbNxMEx6GG1JtJkdFbPddso6jO9mL3IJXxGRe2gGpGY52elc32wlww=="}
00425{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716631,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysAAAFAsleu1m7UvhoAQCAtPjQAAAQEIChHf6JMdNCUm"}
@@ -233,11 +233,11 @@
00425{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":716905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu0d368TuYAQA+5ZDQAAAQEIChHf6Jq1T9KB"}
00428{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq1KoAQA\/RrcQAAAQEIChHf6KCK\/qkY"}
00428{"flow_id":28,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":717448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG\/EPAqAIREf1pysWSAbt\/OquS8vq5WYAQA+xnSgAAAQEIChHf6KCK\/qkY"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454598721,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1582454598721,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":721885,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGrK\/AqAIREfi5V8WVAbuoGt7oAAAAALDC\/\/9fVwAAAgQFtAEDAwcBAQgKEd\/opwAAAAAEAgAA"}
00424{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOrEAHfVYYAQBAuCrAAAAQEIChHf6IhbEwd4"}
01126{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":723584,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WUAbuGKOrEAHfVYYAYBAvpygAAAQEIChHf6IhbEwd4FgMBAgABAAH8AwMzFRfGYqEP+F2R9Wbx8vDWDUZY+c8QBvM8\/0aM\/WEb9iAqPOeRwqVGvKjyGH\/94GF\/v\/oQUTEAuuxnTPPcBfvphwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACDRnQWWCbYOcip82sNQrIRN4GlIi3Ilb2X7z1S+9ioubgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1582454598587,"flow_last_seen":1582454598723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00553{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":741873,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGY\/zAqAIREYICLsWRAbsZOu0d368TuYAYBACs0QAAAQEIChHf6LK1T9KBFgMDACUQAAAhIMgVY244BOxiKd2+gdbWzkS7fU3yOL5z306xpubGDQ9tFAMDAAEBFgMDACgAAAAAAAAAAFM42iq4K3c4kd2q4XVvp0HV7UIJJNofTiIO8GDsfdpQ"}
00496{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":743615,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnf0kAADEGfAgR+LmMwKgCEQG7xY+mDI1LDeq5N4AYA6v8uAAAAQEICvbpoBoR3+gmFAMDAAEBFgMDACgAAAAAAAAAAA3b\/qASlfy2I37M+RYMkmQWZE0T6Nz1drAnpgD2lscA"}
00519{"flow_id":28,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":744914,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"xiwDYGpkxGGLNYKpCABFAgB0AABAAEAG\/AHAqAIREf1pysWSAbt\/OquS8vq5WYAYBACILwAAAQEIChHf6LyK\/qkYFAMDAAEBFwMDADXYj6OcZ3754e+7+OU9dS\/mOMB0szbGNwTAiR9oKCscWnhKPEGDnnP7csWGx3lccKumqgrS5w=="}
@@ -246,29 +246,29 @@
00818{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750162,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTnTsAADIGq+cR\/WnKwKgCEQG7xZNpWOTvMiTy5YAYAHo5DgAAAQEICgAfwesR3+g0FwMDARoZg5XzV2Lq7mj5iENSHRiOLkiIAFoq5umDQO7qzim0N3bAMypLvXQRo1r\/N5QhKSnRsHJkM\/3scna6z3OFBMsPsUTmotdBv6D1iV3wCK7vZFrB5tU5Knswt7kok8B3w5SLRfb\/DJYGcjstngikuVZYQ0MVSaUrSfMJck9CNCMue0Is7TuLDqimsYkLWmNxjg44dZpCBnCwDBcP4Aa3eGPyVwpNds2HJ1MIpMNWUNaSU+JpipohhHUAU0YTkB15jBd8\/uAa5NDqfSHZzsKUZLUcThc0WLv5s2XE\/CtZX2QobcEmkMPMrRqAxZDErlYnA8u4gKhrevhFjLoscdgfCiGY1r5tQBZRpI5sLscfE89WKHiplZLXaK0V1j4="}
00886{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":750163,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGCnTwAADIGq7cR\/WnKwKgCEQG7xZNpWOYOMiTy5YAYAHr1DQAAAQEICgAfwesR3+g0FwMDAUnKKE8e2ns1f1p0yy0o+Un10LeAt71v0yfIhKXtXabWiuP7XXOmjrkV\/6hW81IdokPFseiMKELXm3nQDYzd6L6iRvROne2AEE9vZKKecN6\/BW9W3xGATx7fplygap6F0oV175GcwF6Eit9DP0jHfoC7EfUaQ81eRI+En\/lsQ16FTLWHP7tLP3UkLDuKaMwXaLvdl3BnWWbF\/oLjOF9WH8pD+4MaI7Q7zOXqlpDqxUUyXuSQcoF6y69yWkwCt3OoguqJ19046xQ2f2310NUduykPIqkmiPY448CziBiApbcW\/BzjKVR6tt5KtC1NCvBzz0WF\/RbJvg4+FF9JInqd1kV8rk9\/jWxCqlVStbupDtL0dLI\/k9JLkG3ghyEQkQCGuITPx2WQ2AzPUAKxq0F7Fv74qMZxgDU5DSn5Iv6\/yC7CkBen9DxiMsTIJg=="}
00611{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":755439,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"xGGLNYKpxiwDYGpkCABFAAC9YWUAAEARk2jAqAIBwKgCEQA1zcoAqUkOwemBgAABAAQAAAAAA3d3dwZpY2xvdWQDY29tAAABAAHADAAFAAEAAAfiAB8Hd3d3LWNkbgZpY2xvdWQDY29tBmFrYWRucwNuZXQAwCwABQABAAAAjwAZA3d3dwZpY2xvdWQDY29tB2VkZ2VrZXnARsBXAAUAAQAAEZYAFQVlNDQ3OAFhCmFrYW1haWVkZ2XARsB8AAEAAQAAABgABBctSi4="}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"www.icloud.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.45.74.46"}}
00640{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756296,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"xGGLNYKpxiwDYGpkCABFAADSfP0AAEARd7vAqAIBwKgCEQA10EUAvrFqiY6BgAABAAQAAAAACWlwaG9uZS1sZAVhcHBsZQNjb20AAAEAAcAMAAUAAQAACaQAJwlpcGhvbmUtbGQMb3JpZ2luLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAxAAUAAQAAAMcAIQxpcGhvbmUtbGQtYXIFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAFQVlOTMzOAFkCmFrYW1haWVkZ2XAU8CRAAEAAQAAAA8ABFx6\/FI="}
-00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":45,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
+00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"iphone-ld.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.252.82"}}
00519{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":756503,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xGGLNYKpxiwDYGpkCABFAAB5PvQAAEARth3AqAIBwKgCEQA1+ssAZUgsu2OBgAABAAAAAQAACmJhc2VqdW1wZXIFYXBwbGUDY29tAAABAAHAFwAGAAEAAADfACsHbnNlcnZlcsAXCmhvc3RtYXN0ZXLAF3fP6nAAAAOEAAADhAAewwAAADhA"}
-00656{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":46,"flow_max_l4_data_len":101,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":174,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"basejumper.apple.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":757085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0AqYAAC4GBSIR+LBLwKgCEQG7xZQAd9VhhijsyYAQA6uAfwAAAQEIClsTCAAR3+iI"}
00635{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758732,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPyEMAAEARLHjAqAIBwKgCEQA195EAu7eFj7GBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":46,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00635{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":758813,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"xGGLNYKpxiwDYGpkCABFAADPdQkAAEARf7LAqAIBwKgCEQA10t8AuwWPZlqBgAABAAQAAAAAA2JhZwZpdHVuZXMFYXBwbGUDY29tAAABAAHADAAFAAEAABGWACYIaW5pdC1jZG4MaXR1bmVzLWFwcGxlA2NvbQZha2FkbnMDbmV0AMAyAAUAAQAAC+cAGwZpdHVuZXMFYXBwbGUDY29tB2VkZ2VrZXnAU8BkAAUAAQAAEZYAGARlNjczBWRzY2U5CmFrYW1haWVkZ2XAU8CLAAEAAQAAABcABF9lGDU="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":46,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":178,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"bag.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
02358{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759177,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqcAAC4G\/34R+LBLwKgCEQG7xZQAd9VhhijsyYAQA6t2dwAAAQEIClsTCAER3+iIFgMDAGgCAABkAwM1ZBgu0yS9bOcmbk0kGdrgxoQLKwV86Gi2S+QsS9zQLyB3UDw5CeZVXrBBqV2A2Nt5TbK\/3sasXZSQbppEORT6eMAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
-00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1582454598587,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02370{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759412,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqgAAC4G\/30R+LBLwKgCEQG7xZQAd9sBhijsyYAQA6uyvAAAAQEIClsTCAER3+iIMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
00635{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":759486,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQatgAAEARieLAqAIBwKgCEQA1wtgAvFoLcEmBgAABAAQAAAAABGluaXQGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAJGQAmCGluaXQtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAABEeABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAbAARfZRg1"}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":47,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":181,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"init.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
00663{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760578,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjlzEAAEARXXbAqAIBwKgCEQA10BgAz2vgCAuBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMPAAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOnACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXwAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAPAARce00awJMAAQABAAAADwAEXHtNQA=="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":47,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":182,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
00623{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":760726,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"xGGLNYKpxiwDYGpkCABFAADGO68AAEARuRXAqAIBwKgCEQA19D4AssJtjeyBgAABAAQAAAAAA2NsNAVhcHBsZQNjb20AAAEAAcAMAAUAAQAAD1IAJQdjbDQtY2RuDG9yaWdpbi1hcHBsZQNjb20GYWthZG5zA25ldADAKwAFAAEAAABkABgDY2w1BWFwcGxlA2NvbQdlZGdla2V5wEvAXAAFAAEAABGWABoGZTE0ODY4BWRzY2U5CmFrYW1haWVkZ2XAS8CAAAEAAQAAAA8ABGhJPR4="}
-00655{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_tot_l4_data_len":217,"flow_min_l4_data_len":39,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454598766,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":183,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"cl4.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.73.61.30"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1582454598766,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":766077,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGHzLAqAIRXHr8UsWWAbuHn+lSAAAAALDC\/\/\/nwQAAAgQFtAEDAwcBAQgKEd\/ozwAAAAAEAgAA"}
02368{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768102,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUAqkAAC4G\/3wR+LBLwKgCEQG7xZQAd+ChhijsyYAQA6vWZgAAAQEIClsTCAoR3+iIeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
-01222{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_tot_l4_data_len":5113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":8,"flow_first_seen":1582454598587,"flow_last_seen":1582454598768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01126{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":768108,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2AqoAAC4GAxoR+LBLwKgCEQG7xZQAd+ZBhijsyYAYA6tCLwAAAQEIClsTCAoR3+iIMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSCOEGeaVLiC6+b\/0wnT8E8OeNNKWCV6MxdIA2YHO6daQQQDAEcwRQIgCS3Vrr\/Qw8tH3\/yPK71uGx2o79sIcnPAoyR3PpMP6DwCIQCJVV0RI6Vgj\/Nh0o0G2\/Ig8XOKXIzzOuC8cQo+KB8yBxYDAwAEDgAAAA=="}
00774{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":783837,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"xGGLNYKpxiwDYGpkCABFAgE26hkAADIGxz0RggIuwKgCEQG7xZHfrxO5GTrteoAYAAMNsQAAAQEICrVP00IR3+iyFgMDAMoEAADGAAABLADAmdO6ZKgegb4aq5BxQP5CxXrL1DVbM7xBuCLNMro28JKalbikOVIgUrccPEKr5L3fnfftuAOoYOGekEgPY1x2WVd\/SAAynLxhsy6dbfjmLrPGjMq1hAlWGcHSKLZK8J3hMajG9zm+c4ZMZr0lWfnlVyVa+xiMhyzU4al+L6B5lrZqxKr\/+mn89BjJqsN2byVi0mA9RiGlUe2IIeIHIu6TQs9dN4qx10w4eK9hoF5m4AfGPuCS8mZgYn8r6C6eRtBeFAMDAAEBFgMDACgzpCi6VvByC1sgagi8Q7raFpVF+kr0VUMH0mNdudSDbLrqRbx8pZrd"}
00821{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":786331,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFT0AYAADIGeRwR\/WnKwKgCEQG7xZLy+rlZfzqr0oAYAHWIbgAAAQEICor+qd0R3+i8FwMDARriUgIv6GkVu8F2AXfKdy8ox7cIh56uiJz+qprYzDppxDVem5iI+KoYUneGqEEMGK1AvbDY1MA8CDGbAnb4pf\/lomMf\/PHCBZS9gGT+wv5VsWpADGZ9yImUsxPqhIAIJlim\/rJlAfMInG\/MYAB+1v8dEVqt2ECIYPKSpIC12Si7kDJ7uB21lNmmvJFZDAy+k008mOnR2pAY3pDwBL\/5fDXHhx6+AU4Hq5+Jj47N8FW\/UF4N+DPfqCbddpycheXDR2dhENo35F+aWEWpu\/EcKhXVYRglEy\/4cMHNrAFPjES++v685ERZzqjI5E7iOWhBlgZKBaVy1UvkUGwXQLJ6a8+wDOtDILMtJZQhXeepf+G5amptLe2Z94KkfdM="}
@@ -276,28 +276,28 @@
00888{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":791328,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"xGGLNYKpxiwDYGpkCABFAgGC0AgAADIGeOsR\/WnKwKgCEQG7xZLy+ruXfzqtRoAYAHrJzwAAAQEICor+qeIR3+jBFwMDAUlR2yeh\/Mrk2fJX31Kbd00awnMuhz3GB9Ls94xx3JaJGZ+\/A6JPrQrCIXih6p4sOutNIGl1b+JWS38YYp2wPOQmTfAMnfY0babHjP6Hd1dNGmw7bXKD+U4Aht1LnEOeRx7NT5nGK8f8\/4hefRUyf4D7r1Ccvwl\/FMcl\/hZu9Uo\/45MSKf4yIepSIrw25o0TEmJAt9YF8l+C6360U09bwkiIXowoItrqq+Ah0+1mo1CF3k6wVc7GJbB\/8o+z3P\/y+fBtchKpiNPZqbKNETs++5bIsd1ZrC7k\/bdKO3sbWGF11oTpLYymRWKeD73s\/qjxq1XUOz\/fVmEgF7ryb1GDsgQ+QKaCRnwnxZMUACNuUpV892cuBto+OXZrKgqot3hf4pvrFByj3DwU31ULwJ1pK3ms+DLLzYxjVXXCJ78ADQhd9XUZO0t3SwocDg=="}
00439{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":801586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGajZcevxSwKgCEQG7xZaFiMYch5\/pU6BScSAUDwAAAgQFrAQCCAr\/dyjxEd\/ozwEDAwc="}
00437{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":867837,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADEG+7MR+LlXwKgCEQG7xZWfE+IlqBre6aBScSBsSgAAAgQFrAEBCArpLCwFEd\/opwEDAwU="}
-00441{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":885958,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4434AAEABEeTAqAIRwKgCAQMDBHsAAAAARQAAz8hDAABAESx4wKgCAcCoAhEANfeRALsAAA=="}
-00473{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1582454598885,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00432{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886016,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4zMkAAEABKJnAqAIRwKgCAQMDKS0AAAAARQAAz3UJAABAEX+ywKgCAcCoAhEANdLfALsAAA=="}
00426{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfgoYAQA\/R0UwAAAQEIChHf6SpbEwgB"}
00432{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886500,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4CTAAAEAB7DLAqAIRwKgCAQMDOTMAAAAARQAA0GrYAABAEYniwKgCAcCoAhEANcLYALwAAA=="}
00432{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886626,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4spEAAEABQtHAqAIRwKgCAQMDK+AAAAAARQAA45cxAABAEV12wKgCAcCoAhEANdAYAM8AAA=="}
00426{"flow_id":31,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":886998,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKOzJAHfoQ4AQA\/BsqwAAAQEIChHf6StbEwgK"}
00426{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":887136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZFvAqAIREYICLsWRAbsZOu16368Uu4AQA\/1WNgAAAQEIChHf6UK1T9NC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454598888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1582454598888,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888448,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeAaAAAAALDC\/\/9qCgAAAgQFtAEDAwcBAQgKEd\/pSQAAAAAEAgAA"}
00425{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":888916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+lThYjGHYAQBAuvrgAAAQEIChHf6Un\/dyjx"}
01123{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":889102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGHTfAqAIRXHr8UsWWAbuHn+lThYjGHYAYBAsDXwAAAQEIChHf6Ur\/dyjxFgMBAgABAAH8AwPBzadgheRj5PvWKLwSvBgHRWReYUBmRY58bZ7Lfe7D+CBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9QA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABgAFgAAE2lwaG9uZS1sZC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg8pt2q3lQ9HWbBRi6RvIDs4431U3XsDOQIuUc1COGcGsALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1582454598766,"flow_last_seen":1582454598889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00838{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":890665,"pkt_caplen":367,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":367,"pkt_l4_len":333,"pkt":"xiwDYGpkxGGLNYKpCABFAgFhAABAAEAGYyzAqAIREYICLsWRAbsZOu16368Uu4AYBABb2AAAAQEIChHf6US1T9NCFwMDASgAAAAAAAAAAdj\/oh4JFAnecakNJj3aZhGQtlujQ3sfkuGMooEvvIa42NgztrVRsmvSSHptchNMfzB9XtSoRe3JJVMOw84TOq51ohCUx7Khwzf1Dnv5tfEXFJ2KYninJ2dCwf\/Lhp4bUTr3pLe6Tn2kQFJCZPZIKKuUOi0IjIndR2RlxsKUEDyRQvOcLbqVa1PCrETsZn7vnrVAZZi3u8mZv321lz\/v9mNReM+hdk+q8gigOG3yGTSnZuiHsuaq9NMnLDWs4hRxunQnTO6mmCY4m18R78wKjC924tJoRSv7PoH4I\/WahkK7W3Exhv+pPpqWdz2yYtVEHsIQixU2U0n9yOS35zZ\/\/1WnM6cRemep26nGe2LKomIscPZrlSg2UV1ewYuD5d+5wA=="}
00615{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":891090,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"xiwDYGpkxGGLNYKpCABFAgC+AABAAEAGY8\/AqAIREYICLsWRAbsZOu6n368Uu4AYBAC7QAAAAQEIChHf6US1T9NCFwMDAIUAAAAAAAAAAmp2IfLHHbKSxzXQ66EHNzB6Upc+RgXiwFZQtEzg6f0CMeSNbULtPf4GaeCAtFu+V5xUKAozV5S45swR43Y3NNTy\/s98twAqZNCau6i8C+CVNC42RlwSPI1SYdF2\/YQ3RZOSQkneh1zLZZREZxDwDKX0k6ReIlOxElfPjjt3"}
00424{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":892865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGt7pnxPiJoAQBAsEtQAAAQEIChHf6VPpLCwF"}
01124{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":893224,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGqrTAqAIREfi5V8WVAbuoGt7pnxPiJoAYBAtl8wAAAQEIChHf6VPpLCwFFgMBAgABAAH8AwPupC\/\/Idf\/TKV61u4UD47k+sXPhTWRB8OAqYTTHEr2LyB7RNdSKNgM9EL2qrN2iyDWEEsm1843GXQB9crRbp8tlwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACMAIQAAHnAyNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCDleNDTQhj0xF8bnwK051jtivCaSKiZkunSXcl4Va+AgAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAL8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1582454598721,"flow_last_seen":1582454598893,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":925453,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0z7EAADUGmoxcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOuwTQAAAQEICv93KWwR3+lK"}
02388{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926093,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7IAADUGlOlcevxSwKgCEQG7xZaFiMYdh5\/rWIAQAOusqAAAAQEICv93KWwR3+lKFgMDAHoCAAB2AwPVclrs5qQ\/Sx24j5b7zPYzeLlCrcg8\/wYuD5y4WSjHASBuPIm6VXqnNWVU88hOzvhjpRW+5l\/fSYA7KifdMQlc9RMCAAAuACsAAgMEADMAJAAdACDyleVstpAS6tG0\/5z1HrqCZwd8JGTnUVgIrdC22fr1QRQDAwABARcDAwA0wnb1ePwh20l4Tf+pvQSVwpABc7rVlawOWSPd0S3vJvoFt0MQBaCADHcFHjq+h64QjLktVBcDAxKHtp1Vj7FXgxWqnWC8QrzkJbTasHPhAWIz9GeDRX4O8SxWYMgLA6p48Y2nKAoWp1xhz\/5IbLSSuPFbxgK1QMydZbQpl7XG9s7hM6vUOHFxrT1ZFccyH+5eokwBY+ZOcSEhwV86EqDSP1X2sU2l2QMoHEzb\/Qs4nhq\/mfpVluUBZQRNulh6Q4YTErkiBaAlbD3ilie6pMkEmHocEtLglKScSCl0b4O8N9PlNyyU05uxuVB9gMdZykIzX0HNpqAKkeXUj+tJV1rktGfadKiVjON5djWPiTSom1UibDJ5Ma5xkPXJHryCOxj2T3lzAr0O0iny7VP3kVqOexBkp5S+pnNskJfcGotGJLSEj49J5e5T2QKU9\/JpZ\/g\/lijnarGnehUwNRwtyzW5h\/\/UgLo7S7imVgzWKDqETgeXCkfByt5knE43sGW1SHeMIebCjB1MfAYq9Qoj\/Q7OHxAWJPdB1+36VH+z6ofgj7vn2Or3s8ynXk2aaEacv0sy8Diq95myUtLtLCJcTv\/00cbobrzYabFQn7oQVvP76Yg8h1pc7DQiPqWog2\/A0NLjIHNdwlKGO\/uqMVtGE9zBk7huLUinnZqH5fRa0OIf3U+IT0EKyMxb17w\/a3GQUIgW3oa9MVFKSf2D3qc+6Er+ndRecQpcG+31bHEJ7cerriBP+OTmqF8\/ep9tROS3GDbofFpb0zSP3uo1Kbf874LTLCOVhP5gbaMiKMwex0PG\/5b1OuyKHNTJ12cXwI+4Gn9nT0jJ10FyFLnnOHW2d2HaB0q3yixsEgOrXC8obTP68nFYnqV3ffOJYES3kunCJF+e4wpIN3wLx4MY+cVd6daHaDGBsl0vTVdGmMXbF3Q663Px041voKPWNsVtuHo+Ig6QPo8f\/L2w85hl7gYSIzGqg6R1Eky3Qv+Jt+7ysKq9emuzadqliMjRZEJBlYqzf0VXc7C0vBpHZTGGReGYcAWVq6vVv9MCCSFhisUDWs2xrzg52\/zc8lp0hnGopJeuxtnR4mhOF3MU2Zlrg+I8mJKul3LviY3yRZ\/IRffJO0vbBUZ1c+Q4CsI53zp681IjLL+M2kKARNLKKJVlLbE60\/eTG5kVTjeSe3cqeIdiFIs0sWdzeRXu4PRqR8w8KJwUCCqIiz\/ckA7zkYItswHMfu3S9d\/CcW0mQZ6Uw5SbuUakur\/4CnMlN0lLUrlg3XSF\/\/p1BByIHJo49jKA05qZXec9gh8r9BT2VTNrHQEJMBxOZgO5ufwQ2NmXKcW3nG6LmQ3Wb3BgM3NfVDu30WdAf8ojiK0b2z8L4XjVIIO1r5ool6iYZ0I99Z5x6mk\/iOmoA7zYAOa5peEzZHAGOIoa9aFeV5gGBISFFRl5dPLiJlzipW55F\/2liShC1OMMTsrNVKAfhd8Vc7jrssG\/8g6pTRoye4\/juWLCL5zYVn1ygeaTtpXWKvVCAgBq67VzjwnIhN3c8smyVW\/GZn+shbP+cPzxrNgkk0RiyNkbQN8mpltLZg95TF1HjJKLP0o7\/cSQgGdepllKZRZiHP82YtGfQ0x5uZ1xXpYJl6kCr+gyQQk58U4Er4ecUsrTqyg4KSPIf01YOGy6oK1j+sNHa1xnIMUtYabez\/fqunYPykzDcfq\/AZE5+gnrTzZ7+ftOL70m\/pPNmZOpGFni"}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1582454598766,"flow_last_seen":1582454598926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"iphone-ld.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02389{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926120,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUz7MAADUGlOhcevxSwKgCEQG7xZaFiMu9h5\/rWIAQAOsu8wAAAQEICv93KWwR3+lKWCibgR7R1ynDJiZaZPbzkCvNLTkNSlTuJQcaiwgfOAe+jv6giR33JoqhLo8uVjaHcaRyRSgJZAKlq0glMD\/oh5PkZwiVz\/vLCX4N3Si8dZ08eQtrPzXMd6Ow5UWMFUSyXO90m1NcMpPMoQ\/E+O9+avvWxEEwBbSpg7SYxC4\/VxMJ04jb80RqVNZVdD3wdMlDr5S+asT0gpkDJR+VMqU2+KrNLbaqO5oDgRaYydL2VKTQ33WXDYVxhSZyVixMC5XVq+2IyPxIGHnJ\/VdOR5Y8yjVl2pomUPMduS5AuBHX3Px97Ltg37PXCCVnnCxK5i2+EPWcyrf7mmgzcMFJ7FwDd5+jizX6ZLAJ0DTSWLORx1Wq\/2V7TfV\/\/GXKiSgXa\/i\/2wVfh82j2nZs\/UlrSuVFQDu+qVSa5XD3lQc\/kY2P+zIt9tcIiDPVrhU81sYfJJpAVKUcGf9sTqeR0LMvownWHoypAwZmr9WY1GwT31bEKutv6HNihvypSFKdObLD\/QD3ct2IC+qY5lEHV3moyCV\/9s\/Mp26QdKxlbcQpI+hxMO0PYhga5Pn4fYE4kVqHL6yuYVVitxN3csLXCHUzTUYr6ALe5LApCE\/dJNEIcLURmNq9j5rojaPFWqVCit1Lepuxv+8YuXXKwuYPiFazlaPXTYzWY5rs7wQv8xWjwXt8nA9QyG3Yl\/wA88UhE7UK4DrLdGcuBksvIShYT3YVnRqF+D6DKMHRPRt+ihNHswVPEjP6+H7h5HUXxEAfTARFXrt0TuhvacpA2Iz9Lfmhy+U75QdcYi2KvxKLTUtoraTEY7IHgz1IpcSYTEEKYrKWkt7DdxDaWiY66Rnc275\/rg+0HlcPfRLl8Xn1dHxX1KvUp0K4NP7dzDv5ajOc+yM0Kycsx2FFZSXR1UeY5tQZjlVlmI3dmbYMV05ZVTI\/fr\/qcERsG9JnQdJnXL3FAj6W89P363VOiftME\/WeAFx9gC41recEsuDe\/9lndbSL0U\/VWfuXIFUfUkTuyfkcNadzRoklnpql6ygHODT8GvFHK+GrD19mc58yi7y1Mr6bhaGCs+ARdWR53Edc3j2YSGjtsoCWZl3eOuriaRO+SKqxn4yniOGHF0VnW7D+M8GaeTWoe0qkpFpQ4EW4Q5QoINDUX137huBIs5s2c5DoeYriJcwWbeT549L2zsXrBLOvwTzTscHPRNiXaV0oVaLIg2tKSD+b1xxziFjkCvU\/kd27\/EulFrPmnNb\/wxVIqaWAhteUMYdcOYn5scz26qWOPYE871igHAKcax7QvT6DpuNmYyDnE63f5t1zg2Qw9MMh3I73GUQC8ahtgmxM7JpPts\/CsxK9\/emUl2sF8+DRVrfhJXcfHPLwGN+Lcta+LdU0pVB917YGKMMCzTi9h+59PvifiBx+FRHxhNfaLdRrKPDr9jez2lxQNTOFLgB6v88KxfYUIeOD4QAwNLomOdID7DHmLQ13z0t6dVz2NzWGOg6jO\/KESygXS7mRNKbFhbeKhybngJ2MwTpIqPgLY7fWKBg8JDWvJyLJvBfiI1C6OjSXpLAc7+Mx11+DQ9\/4oF5crNWJCr+0MjZn4TAVhZZWIjIJDRK6bardTjBtqIIOAVD4q\/1iEngGOHOd2I7vXF5gkKDLMLczvXnHTvFSneHEtPeq0Ks3JUIvke0CijUvxzl\/1wE58bvo\/SFCwtpZJhyJ\/rbgQ6xiHa8MxZ0JWLyijlIMInhaQMo4caLK0iwDsLuysuWHrOyD1Z9U87Bg9fmig6EPh9fDT6w2FWGIY9IZEVh0aH5vfFLpIXkOYQtHIVopqfNGN8bqFCWb6V57Q63\/ijWAxx8aJYkKFBYO5XufhpHv1QrV9g2OC2sAL9DklopOYjpyaZd3rzbwF\/7KYP\/3Rv4eVgKTbuoEpd\/EJmZwVuOLXtId"}
02082{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926180,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0z7QAADUGlcdcevxSwKgCEQG7xZaFiNFdh5\/rWIAYAOuLogAAAQEICv93KWwR3+lKdFWg2DmVZdxMug6XcPmfjtFxEVFs4eUQric0KdnsvrpMns2mWkWg8s8\/Na4C7zJLgRnsTn+Gl4S5UbpbUI+2Rm2xejqNF44AXSiOp81MslDMgyEL+ZaXSYzsxNRwWja7ES14UacXClShKrYuWbzIdOl\/ma4LfeQbzn3+\/dKhcx6tXq9zpNd43cgqixBeox6d9Y4b\/98cMZJoOljsIC5P48LOWkH4eZArZvxk3LODu0gKi3PGpHPuBGOUgABUkqRCsWkE1P6VJbR7EeT7aHZgDnG6RnrlDWcqPnRQ4fJIm1NLsxLJ4cDrbbUf38QkBwo8HXQaoUdXuwGfuAhhIWdmm\/+OYeWxkKDJ45ARQIcImPKXDdMTtn35dgliIZrtHNeYGDjb+wisr0k\/jq3JMhzx7SvBpICvoxJOMIIfI3ZninPNJuZkuFwlVB0x69D8IW0mDf4Vx0sgHOgQOM7XfkI\/CwVp39DYoMJZ4rrpT7bO7J+PgO+OaM7Y91F74CDdBNbGDfVDSQCK\/QPkBv6oMk2BEzojAjHBqACVJ841RWy8hxfx3R4ikoQvMEmJ3gHpjSawpzrP9jcGOxE4GBsd1NH281r3eNS3e6UYf+oXsSLHgCgKou2B2y7mfVMTxMBi7gGwQ+UPnQjEVN8SW2LOMSOPzYk\/f+eHpZohDLjmgBqtALq3gJ8NITWmNttLUPugE87NQG8+ktt66P6Km83zymLpgsKek1dglbUWZ8qA2u1NUF9A8ybs6WkCMjz31K1tzA2ohNm4Gu5AXgtDA+vav\/NKuqEIPHlr+IUquKPqiet8mTH3TrAzly358d77F0BugrBy62zgDEvgyF7jXUOJpJmXgmhvcJpseqrWszC\/Ws7t\/hcYnotiSxEugdJ\/D\/3w+gdFWoa0Q05LpTvZl6q7a3Vvrohlm1BcZ665Ipafx+xcbL3NnRo6RodFQvr5ZZ\/wcdwR7ays1IpjdKsdBh9MWdtf4PGwPcSn1BocWvUSKX6WU1rIkVyCbmqEgD0DkJXO\/8F8KMdV8xDawM2h7VLfaBH3qcM2F8tMpZ0DJxIMmAfqO4ggqHtysqh7nvjQklla\/jewDCuHOlh9hI9gAkTeyozvBLytUpHQsl8nMQne8ZAyf+69gcP4LEckMnp7vrhmqXUG+AbbD4\/qX8AS\/K+GbNG8KxAIL0LSkR4qbgGO3BxPvEbxceNTWQOtWI4SS34zAgl4jWFwaD6Qi4U0nFr\/M\/Blg8SPe\/QWl0QIDHKxtWPHgC+hIYCFkMNw\/E\/zmr5EvucCQd47gQktNCrG3m0sPuBbxphCRVuHH0K3NMlhtZGmbSCjkQzUmAo4OLO6eWFmurYuKxXrorMJIpzJkQxAw+aDOkiPIIGFrE8g95vm4b96SlM3vtW4Vkup+P\/dj2kJr\/RrNvJcCWbK+IZrZk1ZLuxZDc9H4sEa6f4HLa10BcAz2QaumTut7MYlWERjZ9WabOsfQaK6GLWv9YbY+SErm8x0sHg3ktLkTsn45oAlcNA9JYQC1DAgutQFhbltk4GqwGVnZbvcLNTINnz\/G57t3FCSTl76Ck2kRMfLf9rEZX1xQ+ZrmIaPvQdRNrkgatyIYeG90xWs3JiL8zcldT364BfB7w=="}
02057{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":926730,"pkt_caplen":1268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1268,"pkt_l4_len":1234,"pkt":"xGGLNYKpxiwDYGpkCABFAgTmz7UAADUGldRcevxSwKgCEQG7xZaFiNYdh5\/rWIAYAOu6JQAAAQEICv93KW0R3+lKVHqwts+n2hFbgaGLvVF7Dz+3Na340HD++BzqwHdjKHEc00qy8GOso1qeodNydi8nUw9jQDV9q4iStYYFh6nmCMFsYAdSAggsbOojM3Mw+pVdMQvyN+1AIMeC0amzBaxj2cK+GakvDT1JwSfECqOcNcVEaM52\/GmxkgjcA81d5WsNySsHZhaprUwKBfS64jR3y8UYVBJF60O37+\/V+xD8RSbFZ4MmhrirukYJuQdgNG5FfWtVKASbZH0BoWRxWTuYYMpBPKT5J3IwJSVeSZhVqJKBDC6otuPYbGA6B2gxTX16lQemhEUZw6YO2\/EF91068jkN8D5r1gFpfT3qNor2A8OYLX39bk6S+kTGfcSzyAECjxH+MQjEkaJHruqjr33blJhmpTlMbu4Nx1f7I5FnG1w9ZtKnskAZ+vnTBQduNhwcx3yzsURsL9WDctY+J9egJFAOANhuBEqwlGoYFKEMpFs4R3xPB6C\/SvclY7yg1V2vqofIlX2jNcYTGjUgEm35dW21maN+JlmCskBuYFJx+feV3ZdavODfqSB9Sq\/Zhik9zEvb+\/9U1YTm\/o5WfYKasGmN8xnF+nP13xXWzsVYgZi4kNNvumxcVnNtYGmpMK5mAbSyEx13ExwmbtP1cXp0hamq41zwwCCm8YI3AhxZ+OYNW5yi1ApF56Qc2eA9m0R1hzx2TSqRzXappHqD4QXvppDuM\/jBbY1LbgfhGTrMzln3iTTDTFZK9toJBN5fM4GbCP7W6QHMTKZny7Os28CQAwgdQroBkkP15Z4kwdKpPdWYQv9llyk2NJwSwoVyO3Sj7yEuPadAE7WvIJ60XRvDchBo+KcYVP2A8x\/DHe71VdegDXIHoHiRS+7YTw8GICsZ8xQH5nx70Y5IvmgmqxppD6NF1jU23hF25vz7WBmhNxtVph2MTnsDuUkXfJwNxY\/Ofzueo8rMBgkusSMUA7tZHKWiH85IraTdOZ7hRSIx\/6IYuVdjHOHxVeSY925HhPMW0XEZSklDCDr2kDBOsErReG81V4VBMoyjr6kMuvkqQtJuGXLIinbxijYpd9xNQUq+gIA2TDO44LOsdSWbxhpOtb8DjPMdDUEIaSTf\/WWFY4A21hbDYXvVRDUXAwMBGS+s4Vz8aqJ6WkWr9Q00QyoTkDQGx33KqnorEUnuAWKGExSPFPPh06JU1\/JGuOK83W34s5XwvibY+zBVIuRJL6oBwqNFOe2\/1rZhD\/9eKHTQOOOABMXIhySGezF\/1N+pntxhY7YbPfsJL52msRIIOEb+ad1rdVuN3iqMiCsrsUSOcGVRKNJkYEJkbalw9pf5OLE7+gFpk4tXtDClyPPBxJ5KKg9GcLrFbaUeWjCswNIk8Q3aUFMeEm5rBToiHjPJBo\/O2GzfeFD6U\/2HBkN6LdNRIfGmcgDSihkDpCJgx\/behqFMjYujscLGhiy5hpp5r8LjXOtcmV3EFgewJe4ljPZRUdr\/4kImy0plUKCzzBhSMm0GddiaZ9JBFwMDAEWOySNyypcmWvyg7cYbXRH9K4i5Mx9pKvDcg\/gQK\/mXfPhHBxM7jc3Gt76qFm2cZ9rPm4occu7+DiruCMcKsRtAL3nTDHE="}
@@ -307,38 +307,38 @@
00427{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934663,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGHz7AqAIRXHr8UsWWAbuHn+tYhYjaz4AQA\/aYaQAAAQEIChHf6XD\/dylt"}
00424{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934682,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeAbaSF1XIAQBAsFUQAAAQEIChHf6XCgrSHd"}
01124{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":934804,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG0JzAqAIRaEk9HsWXAbvBeeAbaSF1XIAYBAsuXAAAAQEIChHf6XagrSHdFgMBAgABAAH8AwNtBQ39ZZolUQlIKZvwJ9K7La1xqdRBloywOH0GLRPkhCDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWNsNC5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgkut+xvbl0enT8wHxxvt3I2L9WcgyzsmX6TenEv+j7w0ALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1582454598888,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":972842,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0b4QAADUGrh9oST0ewKgCEQG7xZdpIXVcwXniIIAQAOsGOAAAAQEICqCtIgsR3+l2"}
02379{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974332,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4UAADUGqHxoST0ewKgCEQG7xZdpIXVcwXniIIAQAOtKGQAAAQEICqCtIgwR3+l2FgMDAHoCAAB2AwPMooL+o+XRHDh3LmPZe4GWy6glKR11iZpshv\/b59HzuyDqdWO0c0GWZx4zxXgdQ\/9DtV6\/rjVuXk5WS8q\/E2fRGxMCAAAuACsAAgMEADMAJAAdACBE0iKjE3XawMWAJNCW4b7IWCu3FeOuIVKOTQaOMM6rIRQDAwABARcDAwA0Y5HFUWCr304\/9L75R71DhwBs\/vRA07JU288nPupmA\/Rlc2+scIQK\/FZmUoJdS2BmyD839RcDAxKGthdzXZHBmQ8sHOFJbIBP9rgS+WgHJorSuu5zwZDN4QWckoden81TrWI38HWIzl57IuJ4m9H4nvohoXrNHgd5o8nl0OFnUy10UxyBVIXu9r+cOqdRt13flo\/uTLy+vCXsLEFj0rhxume3NI+GPZLmOEfchkUyEr0EvXWmgwxSQuNB3\/AHKNnnuwxyOa9ftHjxy+aSlXvEYda3P7rcACmjJbrfNOmoOgX\/VZdIoVuyqh15aa\/N4idJndBIIpUYC6SeuqfwBVDPu49ZSwI5cTccl+3LEYe93lEfHkaCRR8m75hmVGHnWY2RygzUbLJv4ypqTbgnHInpGY8+GWawPOY69I\/0hgTm82gkZTed1+uRxPu1yyd9+VJC5AvZQjAVw6E8OcjOiNj4MXtslnZX8Ga8CMdhrzMqdxCMu4oZQLeuogLIPvjJR7GNKWB+tTGwIfT3eLYESQm2I9BA5WBXDLmbPFsRrnQP2nqzkomDOM\/iGBAnTkWxzkn6Qx\/uJFh+xgTeMMSVYOhWWj0rmu5kWwVROPpL9aqXSQkliGl\/UedAP+amRonHJg+8P0UqZG+h4svz2jQZpLINc7jMzKDRUkn6GlYeEZBwFu\/v+E5WRYqYppyx9ACkzL\/+3EOOY+5222CmscCwmDM4phMqyx5KBnf5P+BwB6XQdFP2v5rUA67P7fVfU7DaEFKEgZ0Eo27ux2tnj+ul6EvdJt2xxORfGSvEqJYM7uBNDOti1Lw5jgWoSrIVKqMdZ651\/Aj3PMuwQe1TtSm3EEyaQVtdxWNan3LuHOI1lGN+KlWEjtdatRHlbhQjQN3YzvSTNlBv085UrYPjMrObeb9QUJA4s3+1O7k\/su2VJAUOTsLG9GEtaexuOa\/tIXLetG+c6cbzHIotrQI3HajqQnZObirzA8yYCdq6+nwL7ZKbs1QLM19W3cIpwA8EGID6HewrUhihnMxahkUaypRIprjH9o8pS10VbJzrDceJCKQj2mjB6d8B8F4jjJdPkXEfCQRcO\/QbPdW7wAyuOwobvQ\/aq6V+LJ0NKJI1RxTBwFjT0zhBhEGonqVgSnv37K0EWRU4r3FdcPhPrJmXxeHmrKjnbI8n+77Nas3OIeCuBX6ixuCnVNKbCE7DHoLQIO3H29a63nio5Ri2in7NYQMnAzWEw5GZ+2JmshSsiY7CXZIjKVDvQQfQzcSsWMv\/2n1mu6frX9Yc0p4eUppb6S1DWHY9A3rXhD0gfh5qT+db+93lIZAVBaxvUWSQ0\/rcTkkRbki63qlh16d+Gc+oDwzsbxBBH2M8dUhDkJ4d3RBpPcLoFwoIHtLEwlnlbiDgOoxuHyurCta7otcuQVC9OSBTd+GLqTv6BLY+QboQqRHot+KaSUlr\/cPdpyPQL75RL2ZMPtKxlYjb9z6qqDpMJcFJnvuF2+dgpSdpWAnEoqrnEqp14CRxchlCsDnF0eriLt8Rogu8zoeB0q53wWuIgJvgNLypKN+vwga082jJTpz1pS+sWPKhvabqBrwQlshJzFMOL9gzWPlyugOf\/0gxshHOXrWIQTs4SAS73BY3CrU\/iCGu45WxL0WEs1YEtwm6j11Hp5OYHtWw7tc\/OreSKwRZMFlRu1zoHRF2jilzhf8Zlreethd1FrkasBIUffRp7CtM23rMhL3kHg2I"}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1582454598888,"flow_last_seen":1582454598974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cl4.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02385{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":974476,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUb4YAADUGqHtoST0ewKgCEQG7xZdpIXr8wXniIIAQAOu+OAAAAQEICqCtIgwR3+l2I\/FGECANFGDfmllYaZ\/GlsKlYAN75mA1lbNj8YpBwyr19rIgtLk2IdRg\/VCJsIPnLeQnE41IVlnPN5DzW57mCY+jMGbxDKGvPxVWRzJ3mK9SlzMDtC8lBwTMomMHeCmWQZ7epsXyvlvC\/MSeVJSDT1TlIPzfiuxDV5YBxn+VtAIDGOJ8cXy7szNxDjbUE161l8zBjl\/mIWUobCzZjcKqryxBb4ftavjy0wOhWQKIc3hZDMV355NusDwC2pAExeOlQ1QIsXa3K+1UiBhfSM9blEBa3ZhteWNxs1HiyJDIK0YzFX\/fBxsLgOB8C5i8tHg+lZdRserEQNugioDRz\/BtPo3esiD2G+0x3l0nkepqXhRviP4n\/s5z6w0uYQexjr3fp\/NBjOrocsPHHl\/7ESn3GaL\/8U9Wnw\/X3S3C6S9qCSOtUiqB2FEX9UWOhPInKWmQQwzirjC7021ak5nS3CsdctNp9\/4BjBJMr1jAApdYA9pxl9HW2tzi0jZttjZAGox5ha1wlAGDANxAxGq0Tsh\/3QUSwZsrRdH4WWmW3r0RPNGJQ5wOS8jcPpQ0x\/hEgvoUE4WFoJo95YdQmkBO1a3AqTcIYMnWfVqS2mJQ+9MFI6SMHCB9aWgC2a9HfnC3Gw\/4QXKIzWJeVE8jQbRpxQKUuGnKdc14mSplcw1yNSAYabuLvpA9RbnD5na4gfrvh0rz\/oAJiKTSpSOTTAmB254GakTRCDrX3SGZfwXjawLavtVIHn5ESvF5pFAdXDbsuYfPP+3LNTkwJBwNhrImMZ0B28nwTciFeh\/Kbm4ZxMla2NwXE\/tDSDF7qVQLbrshXntadxWLQBdeFSEYOCJqz1O0ciLX2C4zXnBQj87r1cZVHENyqtM3tPTSIcs4jR6kLc2bmIiUdmjbZmDd8OqWXtdYOVGU\/VvxrII2UmDpIL\/If8oKeH\/fIk46rwcFYxKWbrgj5htUGkWBLAJ7\/e3I\/catAtLwVTcW7Gz8kDvt7NF4t036tzz32YG+GTMaomMrxXRzUK0ZSx\/Q+9fGdRPQQ9r3VF71ElFNVeZi04f\/PLOhOIiqKalVraItkSTOO8PoYjZ7pC+4KHI\/4UfU2CN360vTK1hypQPLklm11OuTrWMzjlkLLUNYI7j8TF\/TyfeYnFNtL6VIEalLA4Du7nZcmGR+wtB44l+n6vm6kXJRQF6e4dYToqFnH8M45AObpX4aY9E0XOngqMUG3J0VWXasNrHlWirFG1u3S5DsDGZrKTvzXgkKHBnmzCDaVRQ3rQHzRSfpVL03j8wIowpHexLpmxBxZ52lUThll4aK43wPburg6lClAK2VHcGGOLrXzUkmT5nA4EX0FWyBwgiMfVK4Sl37BX4\/b4KvT5vAEdoD\/6FNTXuwq7dlOTaFmNunkTADRKeRxM61x92EInz\/itlMn5+4jaJviZSiEswTMvRAmdMibrkrG0rM8iYfNM3xXfbj2IPUpeEpyO3e2wIPZ52TyfAHbwPzhCcw9XfTQAlXJ7hQToOOQ69cEh6s43Y2WJWlFMTTwoPvJ\/WEPLJALN0MR1hMmtOXYjdt2QY6nmEwkemdB2kKeFcEwOQEwekll7HsDskh6dU4sKGmBgsZrTJg795vkJJYvs\/aLieZafSfAGioHjQyFBFAZe0+MTp1xKrcil8uWDyS8jtuyqLEo+u2clQZm2pzJPWyfV9j6rl0jd4rr558jDp5PbL3brbWse4BtaZDDl+YMMUxojs1Ximf7\/N6ztuvYwFec6WZyEW5GeZnu0uq81OhDRngArRRbNpSd+QBQ7M3cMYt22sFh3P1t2iwWhfIihY3cy3YaIpH0yyfp1zsGJATdoQyIw+qTDYdTeRpzbij6BQ2vYBGsmePqHIT3A9IM1Omh1QHj02YqRWt9entO\/UvgbyHq6hUhqOe8kYP"}
02090{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975422,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0b4cAADUGqVpoST0ewKgCEQG7xZdpIYCcwXniIIAYAOsLigAAAQEICqCtIgwR3+l2LI4ujdaqnnl1QHjG+GVIJ04tcZkDpM6mOpXtqIuE+0L676bvkxwraC4QMiVRVVVxh+zqRGjqdKruAubRmhoVaQEYytIy\/q\/PFlncpuSTglmMIjyjQb7EZ\/MdboBVOvUqXY56Rq0Nh\/TDeceAwdNTwSUOsVAidDoSKltiCZwlKQ7NNUql+EgpDEkltPwlhZnxl2D534+11P0rbqnr6g+FBcniShbxspDpvDXsPgLREXJTRdKkV5vJE868GDVGRFQGtUGBNDQyvEGigWTIE10dMaBxeqhCpCt0dtG8di1TAL8FFG1k22fLkUY9rQZK17IKPwL2cvYMoh0z46yOiSL\/Nz0WsP\/97Ot9l7RrHxKgW2vs4yQxJFyiSUSMd0+F7yJhVc9ptfPgB+\/sHR2wKPY2KE0ESxnW2y3quZGTwpvizBZmY+\/eS\/mJ\/ZP\/+50ElQBqZBqkNNVns8ew5qN7JO7YmHguaWgKpRT5qsQi5cbkNJxNv8qPiBAw002roNgRLiag8ixbTkxZYNzklbXjqLiWHpy4ArzyYryJ1xjj7tSObd\/JXfhrU93MpV14eH81VXviKY+K5peJwugODCluebWPdrtbIKul0gUFgTLfPToCNNJJYVMyziwGuBpjChp7KQa0hLJLOSqcq84JtcOrJyTy5HTnOzfMxdXEXpTaoOVRPswFciEXeopOPeOjskCM0\/bd2XbtOZcRQ3B\/4Iow2hQm7khTdXdwfLYyk7rVMONdtrxDOLrOMVGOq7VWHT2zzfW+pBW7twE35d3zYot7WXa58VY9eA6Ul01kyb7xAc02yFkxyMkT\/yzNhZeqc4CSkN\/uNhRhin6lHu2\/mgl4sSTH971gANXfMzvcCHHA3Pl2\/4j2YSu1I4jTme4\/Q5h7iP52anq+j9AeyLfLaQg6ugxcrzJgef5QoZnwxvsoTE\/XQh3Ul371uU21aEphl54w4bGaISCNqg6MzlD4SDEozDvhh7SbT1XchNlggrhgD8pXMQi8q\/EZVh7uI8OTK4PZyJDV9pG\/OE\/JwsxjQRPqmg3eeBVbf0YMe7oJm7si4I\/uY+FIX09i7t8HwldZ9kvCudqrjJoi1A+KlPM\/gKjNpP6vvZ+zKJFtP9v9pIOo1X5sldlmxfMdzdTAxPDR+obqN+z6jt7Z4UMpvBesBFAdM\/UTx6yMZEW4jpbgbNXRjbdCrQr0glnTBS5CeBGOcLLdjeSO11IRv31FecjH42Hb7a4NJ1avbhh8p7Wp+5\/jsZl\/Drn8ihwHxozVxLElPDzWWNc\/gBKR8eoPXapa9Sq0USmwlSvXDf\/OoKYUI6VenzD+rNynvCy11u\/m4pxUr8TPETcafordxTZr1yTSqXWHq4G5Ny1wpVUNCaU\/ZhWnlIDC7mvAcLdoyXAzGdD60oe+9c2svi9ia76eQxQYTBLCJ2z7vcQhLllZRHlyhomGJ55bhk+wq\/NQjpdhe2Cw9BpATaNSlmBToQrtIuQfFMOcatLAs\/3thoKrF23jDv1ZkOg\/70d+eXkMt1f4Souoz7smEUFvRz4Qbhui2MJGABcIVsRj7T0NcGRRYoLVQuc1vO50koNUVkuQBd9pIE6Ti\/QUa3vfbXahjTgXkaIKD5inJ0QmPA=="}
02057{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454598,"pkt_ts_usec":975673,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAgTlb4gAADUGqWhoST0ewKgCEQG7xZdpIYVcwXniIIAYAOvodQAAAQEICqCtIg0R3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00423{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":39138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0NCoAADEGx5ER+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6sCYwAAAQEICuksLLIR3+lT"}
02357{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41842,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCsAADEGwe4R+LlXwKgCEQG7xZWfE+ImqBrg7oAQA6tqcgAAAQEICuksLLMR3+lTFgMDAG4CAABqAwO7poHEiZGdt5nG1\/7SAD+r0GdtucyF0vh+YzewrO4OPSClK3iRT7eLvskrEVxFxtFlnByi1SpNpDW\/fqJcGELTFsAsAAAiAAAAAP8BAAEAAAUAAAALAAIBAAAQAAsACQhodHRwLzEuMRYDAxVfCwAVWwAVWAARDjCCEQowgg\/yoAMCAQICEBKz1lMg7SG22flROvhDB1QwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTIwOTE5MzUwNVoXDTIxMDEwNzE5NDUwMFowXDEjMCEGA1UEAwwaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErG83k1xjqzx2HJwbRJIrhyp7RWAA1e\/vewDf10hGmovZaWZ\/kY5JsBgNkR7\/W2Go\/KjtdzOHXWekyfGK9ZhGEqOCDoswgg6HMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAU2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAChihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsGAQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2EyZzEyNTCCCasGA1UdEQSCCaIwggmegh5wNjIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDk3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNy1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2My1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxOC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjYta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA1NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU4LWtleXZh"}
-00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1582454598721,"flow_last_seen":1582454599041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02349{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":41975,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNCwAADEGwe0R+LlXwKgCEQG7xZWfE+fGqBrg7oAQA6tWTQAAAQEICuksLLMR3+lTbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDEyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxNi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDI5LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3MS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDIyLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDY2LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDEta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAxMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDYxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMzAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDE0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAzMS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQ3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDgta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyMC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUxLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjcta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDAzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMjQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAyNS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMTMta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwNC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDA1LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnAwOS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDU3LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTkta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2NC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM4LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNTQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA3Mi1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIaa2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA2OS1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDQzLWtleXZhbHVl"}
02356{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":53106,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC0AADEGwewR+LlXwKgCEQG7xZWfE+1mqBrg7oAQA6skGQAAAQEICuksLL8R3+lTc2VydmljZS5pY2xvdWQuY29tgh5wNDUta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CH3AyMDIta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA5OC1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDM0LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNDQta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb22CHnA0Ni1rZXl2YWx1ZXNlcnZpY2UuaWNsb3VkLmNvbYIecDUzLWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tgh5wNjAta2V5dmFsdWVzZXJ2aWNlLmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFLxEgmvHm6nsbbjLysXEuJqWCBf7MA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHcAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFu7DGfUAAABAMASDBGAiEAkIFEOLmDgEPKS\/Qpn+gvcGdVxwZh2RtwPBHxJ6l3lZICIQCi00a6jwr6sbV7hj41E+jnKcqu5UEnmfLZhfz5CQ7R0AB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbuwxn04AAAQDAEYwRAIgUv1EqowTKT9So1WqwIOGA3luY+tL3SWKbLJ5cDEAPZsCIAnj0wsfLGUUwOk1JvoG4dMKD20PisAthmJ9mcy1g6p+AHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFu7DGfJAAABAMASDBGAiEAgDmxo+Q8kzODiinmd9PriF+SwytTJ8xotubQ8RpQ2McCIQCaEFQmEG5tYUIjL30LXQcO3J+Y994aQcq3axIYhoDfrwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbuwxnyYAAAQDAEYwRAIgRkoZMZEXrpwXPnsvnJkAevr++WLJ2Sl8f8VTNrC3YfMCIEYJxKprDDTVybe4\/if7LN49Zos0TQoX2deXSrNcLGuAAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFu7DGfSgAABAMARjBEAiA+sgoY+ev+ZPPxMV9CLh6j19CXzFQyTd2yIPppwu59YQIgZzz1mA0KMDkiqnDf86dpXkA7Pd8vP4REv7VQuztY+7UwDQYJKoZIhvcNAQELBQADggEBAKE+nH0I6j5Rp2v08ysAeQf54YYbOLwO1CWWMdpTpZReAYxkU9UYaKnRGHS\/EILXyUXgNTXoUj2Yce4hPDltHwjy7tNZHLe6rmKQfXveN4KZ"}
00551{"flow_id":31,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54356,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WUAbuGKOzJAHfoQ4AYBABCnQAAAQEIChHf6ZBbEwgKFgMDACUQAAAhIL1bD1d4gCPrhXuI+0HyQ836+EFHhzg8hbOYWEtlXXlqFAMDAAEBFgMDACgAAAAAAAAAAJqD4mhUi0lPlD7vEeTtzw5MOqf4EnbHOHobPXgamAhn"}
02369{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54383,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUNC4AADEGwesR+LlXwKgCEQG7xZWfE\/MGqBrg7oAQA6ujXwAAAQEICuksLL8R3+lT3JbzYMyEzdUS4cWlKAF1Va5SsBGwHSECU3X1KUfmmizpejSqEbJ67kcmIrDmdYUD4k93AWtuXEn\/ebhInrwt4zYV1gSPEfAI58yKWHpw4lCtKIhwHiW3WJnFH8fipGLpEvTPrV8w+fdRiulKuFrYa3mI3jZk2rWsShsw6AzJ6GQsK71JsSJig49Kwx+fHJLt59p6XFPbpeHKfRkXPd9aOmNYxmsXjVMqsOh1IKFx3hQABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBTfpWiX6YNWmPkhXKUgzCvG1tTdaxgPMjAyMDAyMjMwMTA3MzBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQErPWUyDtIbbZ+VE6+EMH"}
-03502{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_tot_l4_data_len":6585,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":731,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
-00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+03513{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1582454598721,"flow_last_seen":1582454599054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6277,"flow_avg_l4_payload_len":697,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p26-keyvalueservice.icloud.com","server_names":"p62-keyvalueservice.icloud.com,p41-keyvalueservice.icloud.com,p97-keyvalueservice.icloud.com,p28-keyvalueservice.icloud.com,p32-keyvalueservice.icloud.com,p56-keyvalueservice.icloud.com,p33-keyvalueservice.icloud.com,p37-keyvalueservice.icloud.com,p67-keyvalueservice.icloud.com,p70-keyvalueservice.icloud.com,p63-keyvalueservice.icloud.com,p07-keyvalueservice.icloud.com,p52-keyvalueservice.icloud.com,p18-keyvalueservice.icloud.com,p21-keyvalueservice.icloud.com,p17-keyvalueservice.icloud.com,p36-keyvalueservice.icloud.com,p19-keyvalueservice.icloud.com,p26-keyvalueservice.icloud.com,p55-keyvalueservice.icloud.com,p06-keyvalueservice.icloud.com,p23-keyvalueservice.icloud.com,p65-keyvalueservice.icloud.com,p58-keyvalueservice.icloud.com,p35-keyvalueservice.icloud.com,p42-keyvalueservice.icloud.com,p12-keyvalueservice.icloud.com,p15-keyvalueservice.icloud.com,p16-keyvalueservice.icloud.com,p29-keyvalueservice.icloud.com,p39-keyvalueservice.icloud.com,p71-keyvalueservice.icloud.com,p22-keyvalueservice.icloud.com,p40-keyvalueservice.icloud.com,p11-keyvalueservice.icloud.com,p66-keyvalueservice.icloud.com,p68-keyvalueservice.icloud.com,p201-keyvalueservice.icloud.com,p10-keyvalueservice.icloud.com,p61-keyvalueservice.icloud.com,p30-keyvalueservice.icloud.com,p01-keyvalueservice.icloud.com,p14-keyvalueservice.icloud.com,p50-keyvalueservice.icloud.com,p31-keyvalueservice.icloud.com,p47-keyvalueservice.icloud.com,p48-keyvalueservice.icloud.com,p20-keyvalueservice.icloud.com,p51-keyvalueservice.icloud.com,p27-keyvalueservice.icloud.com,p49-keyvalueservice.icloud.com,p03-keyvalueservice.icloud.com,p24-keyvalueservice.icloud.com,p25-keyvalueservice.icloud.com,p08-keyvalueservice.icloud.com,p13-keyvalueservice.icloud.com,p04-keyvalueservice.icloud.com,p05-keyvalueservice.icloud.com,p02-keyvalueservice.icloud.com,p09-keyvalueservice.icloud.com,p57-keyvalueservice.icloud.com,p59-keyvalueservice.icloud.com,p64-keyvalueservice.icloud.com,p38-keyvalueservice.icloud.com,p54-keyvalueservice.icloud.com,p72-keyvalueservice.icloud.com,keyvalueservice.icloud.com,p69-keyvalueservice.icloud.com,p43-keyvalueservice.icloud.com,p45-keyvalueservice.icloud.com,p202-keyvalueservice.icloud.com,p98-keyvalueservice.icloud.com,p34-keyvalueservice.icloud.com,p44-keyvalueservice.icloud.com,p46-keyvalueservice.icloud.com,p53-keyvalueservice.icloud.com,p60-keyvalueservice.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=keyvalueservice.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D8:84:3B:15:06:49:1C:72:C4:05:C0:F0:82:3B:43:4A:D1:8F:D5:9F"}}
+00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":54579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWxGGLNYKpCABGAAAoAABAAAECQgDAqAIR4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7"}
-00467{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00425{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGAnIAQA\/T3cwAAAQEIChHf6fCgrSIM"}
00424{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGFXIAQA+vyvAAAAQEIChHf6fCgrSIM"}
00426{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":58580,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG0qPAqAIRaEk9HsWXAbvBeeIgaSGKDYAQA\/bt\/wAAAQEIChHf6fCgrSIN"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65380,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7Z5IAAP8RzrzAqAIRwKgCAfLQADUAJ+lbzwoBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1582454599065,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02352{"flow_id":40,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":65540,"pkt_caplen":1488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1488,"pkt_l4_len":1454,"pkt":"xGGLNYKpxiwDYGpkCABFAgXCNC8AADEGwfwR+LlXwKgCEQG7xZWfE\/imqBrg7oAYA6vhjAAAAQEICuksLMsR3+lTVIAAGA8yMDIwMDIyMzAxMDczMFqgERgPMjAyMDAyMjMxMzA3MzBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEApZebgvP4wt2xbRPNgeM6QR3gnlBNoptTaV3Js3+f9y\/NNkepdWzwj\/W+QJi3ARwE65kCC7NPaNkRI9IIJYGetMXuOB3pgHbCn74qb1fPPW4vS8GsyQ1TUAtBzJb\/74uwI7iz\/Pdywa5tHHunCWTyJTdqZljxf\/g8kmZIDqE1V9ZzFLmCU22z1KXs9bw31F\/nDH5\/\/o4Ko0xO3SUA1mzMsNXWVY2RAqfR99KlV25B+KXVmRjJ0czBR5+SPq0GKCxx\/TD4dLcVPilOfYqqvEkKb+EU6Jtjg6Bgk\/rMnJ8xnFi4PcGVOxRzVSoiSxJ2SQ1B1ZJ\/G5iwD0CcR2tPkxPI3aCCA8swggPHMIIDwzCCAqugAwIBAgIQDLHVj\/lAOV9FbdPzoVcFXDANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjIwMjA0MDQyWhcNMjAwNDAyMjA0MDQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBOTDA1MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK40BJ6QeZqLnlrYADxY\/Zwtd1ARo0pyWY5B+XnMConOSB6Dz30KU\/8rtcAwCqTi2qaUYnzNveRaheyicLRVkBXal0yMPH5fNa3fx\/XY9cJuf5hNDchr9THIn50TVUFluMHOjEW8fte9LX8XRoftE5KtBZfZkxFBtFdNm2TogfGvxv4WfWYZuhp5Iv5ZrHlmRZCJeWHmxgIgqDT8nbgB9ET6Pgqi9ciKBTj6PUeaHo\/JibORWlP3CpGEYOm5Q6UJEt\/q95U9YLAOzBuF\/Hzn581aFs2cHFP8FYiNosCQfV1wuXAdzh2Mr44S8yOoXorZ7fHnpzPTP2B0U5t00gc44GUCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFN+laJfpg1aY+SFcpSDMK8bW1N1rMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAMdRMNlyCvP5UZNuXL2VAMf6ODBpBD+52VO4euXzAuekgLXMkraNpSS2NyeN3hEg9FNng5iKcfarZ1\/tiBTgrsguljII73ED130njJbUR4\/Y28F\/UwE1jDQ4jjVAG8DCRhL+xX5FTGWtY\/SoPxHwsdM1+1hgEEQUoUoy903+nywjqyYHwEXHQsm3D7WxJ63+T4ECkVjoGsLcvOopAhq0tDhB9BM5JTxKpfATSZ2dM7Jnw4zgcXx4aWKoHEDE+R531+Xfw17Q5razmXVEkeA18KzX9AhQjaiXUIHWjrt+1QwWi23AiBLtXLwJqSg7XgPhLXGz9T5+dcopG0PxnlPnwyhYDAwByDAAAbgMAHSCQbI7PnYpErN0cAE7Hh6VOF6w1VSHwsD+VJyZQ46dJIwQDAEYwRAIgL8GQ\/LqWv+tCZr2WqWhDqo+3\/ZqRDoO3RINXHqNeCfgCIHhwrR9TpE5nNXgnvLrmXNLJKO9BzNWtWborQ8Q8hRyMFgMDAAQOAAAA"}
00425{"flow_id":40,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxPtZoAQA\/T2IwAAAQEIChHf6gjpLCyz"}
00425{"flow_id":40,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72898,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP4poAQA97q7QAAAQEIChHf6gjpLCy\/"}
00424{"flow_id":40,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":72948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQA9LlXwAAAQEIChHf6gjpLCzL"}
00424{"flow_id":40,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGrLvAqAIREfi5V8WVAbuoGuDunxP+NIAQBADlMQAAAQEIChHf6gjpLCzL"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":73352,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xiwDYGpkxGGLNYKpCABFAAA7y\/EAAP8Ral3AqAIRwKgCAcs\/ADUAJ2vSdCUBAAABAAAAAAAAA2dzYQVhcHBsZQNjb20AAAEAAQ=="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1582454599073,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02057{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":77950,"pkt_caplen":1267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1267,"pkt_l4_len":1233,"pkt":"xGGLNYKpxiwDYGpkCABFAATlb4kAADUGqWloST0ewKgCEQG7xZdpIYVcwXniIIAYAOvoDwAAAQEICqCtInMR3+l2SkTMBPp\/p8lFXhB0RlPC1zHPW\/PIUL4j76iX6n6QYzn8PuDG5PVvh8BwHMI4V1U+oYNViNIjWKAouQrmvIzxzYfBKGCwbC5AC73Kbp56hG2kOc1ij95iGfR0mKwjHDX8hFUPJDiGZOHWgAVzqOChlri1fs7g3ZYZKcH5FfCQWdiFyXgusOVOBCNJdKI9fcBXCKnOqC2v6UqGhPHYpT+XzsdUj5JNdR0ftswO5Of3ReTqEeYwIfTYxcWqM9nLx+KL8DgfIwoaWiq\/OZjCpbZo6zKvUMXsfJSBnYdlnqOLZaxuYbfAMTuBWsAsxgS53fcNN\/Upky2Ni3sh5V+55a\/ahSRzg4olT3dADw8CZqu\/GtianrhdL51xVyYT44wb9pyTb8LZPXSMrr6VXl+Z9Fg5RlYabXQwex+iUfBjrbJBVwgbAm0o6y2mtL\/o03aKC3PEUPlyBOhHPDjTl+vED4ARDYhZxSY55roVOVW7oe7sfWY1m1MuBkGx9CsxmahbUd5lt13K6F5mZmjQt\/if8SoMOQzwVBiJdSjtVcIh\/VPn7KaPiHy2JAhyqW5eSBuDmPPFfSDTFiMqjeVuGcyhDTJbkcghRhbmRbgJV0\/TMZ98Uz4WyhwNh5hlAaNTM3fQPYM635ZRyfNAmz22nQhNpPHFIGqFUOlBkeShcZk5DR2RBMbDapOveTbXMOqogjugLs6klwckMH8JajAiB9JNPmlOqD\/R723da2HMNwv03j2rXLxkmn1k8XYzYjbOXHPbo9jyIHVIc0AvAQvG\/vTi3TuPq+js859l2ThyRIkD2PfLvy8S3LloJ+CXbLN3zvTwjUDaQhGySmuEtbVs14gO47IiDEMtJ6yrLLED1EeLsfSvFia4wpkbkLsUeEscDNfKuQXv8dB2DB4Cf8FYkRhH8uUxDIPG30dqU5yaZgjsoK2d9mq7n+9nhnIw9NMYsKsH9faVDWIYjTN43ys74ys\/9O9\/jKt4TjNEYHSuI1E2MTUigi\/M28POxLZt8WxUMTfeDCN+iPIpZsmBix8UiRT193+Cu58VfYxBgnIDsj3aWnSQF5hhYLxY9vTawIjSGEA11Xoou+EzppnB9KRWorHm4\/BB4WSAsh0TFfClwRcDAwEZhz4T\/o6hJ8+MJ+GbkFndgmAi+5nbHUxRm1n9b26OKzVAilYMEDenug\/R6dFZW1M9q6dDXE3myOcE2UY1HAw4HIt0petPKp64Ks1JlIPuDRs7H1od+iZRRVYQ+kka\/AxlcDbnKuedFi4ejjk2yu4EsdeYsKb1vtYPjXf\/mZ09UGZ178HwJiiQ35ZAfZOuUOpd+DdCmfg8U9O10vvtHGMdbWTT6IeVf\/buZVysgsSyd5IJAbG4fyIu\/9JWIzjgu6srksEbSXBubZEAeN5LXvl98pM5t+F7zIFxDMClFa1UN009lGG0kKxKJnl\/qxLBlbvlfNhlstJEYhAOnyhq4mnrxBgPgX9Z3a8I3lsQeyRTWtMyQx35g77nv+YXAwMARUkF2gTmEJhap77m1u2moMldNHQKhjkSi8LmvtnICA+lg0fSDVQypIKelfheKdBqM7aRtFRKUij8biFHcxoaduQQN+P1NA=="}
00440{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":79456,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAG0pfAqAIRaEk9HsWXAbvBeeIgaSGKDbAQBADVtQAAAQEIChHf6gagrSJzAQEFCmkhhVxpIYoN"}
00495{"flow_id":31,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":87463,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnAqsAAC4GBOgR+LBLwKgCEQG7xZQAd+hDhijtJoAYA6tmbQAAAQEIClsTCUoR3+mQFAMDAAEBFgMDACgAAAAAAAAAAD87ErFixIfSKGvShDbE2CGGHRjTt4qgrDktrKCv\/Wte"}
@@ -346,24 +346,24 @@
00551{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":88616,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGrFzAqAIREfi5V8WVAbuoGuDunxP+NIAYBAD74wAAAQEIChHf6hfpLCzLFgMDACUQAAAhID1HH9ZLXe0svMiqOnBTSWAPUkzpXcDUWC8aOSS6gF9OFAMDAAEBFgMDACgAAAAAAAAAAJ5LgJBalXs2sm1ZwfhdACugHFBQMPLQgUQIaN4IzD12"}
00425{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":89093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WUAbuGKO0mAHfodoAQA\/9qBQAAAQEIChHf6fJbEwlK"}
00510{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105084,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABxJf8AAEARzxrAqAIBwKgCEQA18tAAXXwrzwqBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
-00654{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":39,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
+00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":260,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
00510{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":105212,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"xGGLNYKpxiwDYGpkCABFAABx6W4AAEARC6vAqAIBwKgCEQA1yz8AXf6hdCWBgAABAAIAAAAAA2dzYQVhcHBsZQNjb20AAAEAAcAMAAUAAQAAEZYAGgNnc2EFYXBwbGUDY29tBmFrYWRucwNuZXQAwCsAAQABAAAA4QAEEYmmIw=="}
-00654{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":39,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454599225,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":261,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"gsa.apple.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.137.166.35"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1582454599225,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":225110,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WYAbuypew6AAAAALDC\/\/9PDwAAAgQFtAEDAwcBAQgKEd\/qGwAAAAAEAgAA"}
00433{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":226094,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4qKAAAEABTMLAqAIRwKgCAQMDCZoAAAAARQAAcSX\/AABAEc8awKgCAcCoAhEANfLQAF0AAA=="}
00437{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":259226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC4GB8AR+LBLwKgCEQG7xZj0WnUXsqXsO6BScSAj8wAAAgQFrAEBCApbEwn1Ed\/qGwEDAwU="}
00424{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WYAbuypew79Fp1GIAQBAu8hwAAAQEIChHf6p1bEwn1"}
01126{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":261304,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WYAbuypew79Fp1GIAYBAuhcQAAAQEIChHf6p1bEwn1FgMBAgABAAH8AwOqol5kmYHgPoq84\/\/Da6\/5UhNT\/nZAKlLwtuCLeOmg2yA8i7r3+6nZyxj+LpdSSvhjZQ\/dp+uNkXD86w44FnW6iwA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACADkr8qMij58U130ShRmVJ57YHqBPAcvleuo4UFzSZLegAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1582454599225,"flow_last_seen":1582454599261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":293969,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0rPkAAC4GWs4R+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6u6vgAAAQEIClsTChkR3+qd"}
02359{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295578,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPoAAC4GVSsR+LBLwKgCEQG7xZj0WnUYsqXuQIAQA6tlsAAAAQEIClsTChsR3+qdFgMDAGgCAABkAwPX7gAm84D8OuuqPl9tBROrt5QshMSJP1EHjo5aUTKVaCBSN\/MBybPtgRt\/18Vcw3C1WAtvbt2+1kzoqF+efbFN\/sAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
-00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":270,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1582454599225,"flow_last_seen":1582454599295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":295682,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPsAAC4GVSoR+LBLwKgCEQG7xZj0Wnq4sqXuQIAQA6vs+gAAAQEIClsTChsR3+qdMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":297969,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUrPwAAC4GVSkR+LBLwKgCEQG7xZj0WoBYsqXuQIAQA6sQrAAAAQEIClsTCh0R3+qdeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
-01222{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_tot_l4_data_len":5113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":272,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1582454599225,"flow_last_seen":1582454599297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01122{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":298024,"pkt_caplen":580,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":580,"pkt_l4_len":546,"pkt":"xGGLNYKpxiwDYGpkCABFAgI2rP0AAC4GWMYR+LBLwKgCEQG7xZj0WoX4sqXuQIAYA6smxQAAAQEIClsTCh0R3+qdMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwBzDAAAbwMAHSBXsu+GV+y6l0vzfpkIZ1fKAjMWWfOp8JyVnlMAUByGDQQDAEcwRQIgA4Tzv13CT3BDjyxEQnnKbRx46Ioq7rc\/yzpsH74bthgCIQDoIolgzbEnT8BWjXTqaKdc6geCbEf7Aik9lFGXPL6bNRYDAwAEDgAAAA=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454599396,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1582454599396,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396067,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGwFLAqAIREYmmI8WZAbu9h96xAAAAALDC\/\/9bXgAAAgQFtAEDAwcBAQgKEd\/rCQAAAAAEAgAA"}
00482{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396209,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AQBeAAD7xGGLNYKpCABFAABeopUAAP8RdUTAqAIR4AAA+xTpFOkASvALAAAAAAABAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQAAKQWgAAARlAASAAQADgAA5mGLNYKpxGGLNYKp"}
00515{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":396633,"pkt_caplen":128,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":128,"pkt_l4_len":74,"pkt":"MzMAAAD7xGGLNYKpht1gD8z1AEoR\/\/6AAAAAAAAACCM\/F4KYopz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBKKNMAAAAAAAEAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABAAApBaAAABGUABIABAAOAADmYYs1gqnEYYs1gqk="}
@@ -377,36 +377,36 @@
00440{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":585460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAACsGFVcRiaYjwKgCEQG7xZn\/hRwvvYfesqBS\/\/9NtwAAAgQFrAQCCArKEDlZEd\/rCQEDAws="}
00425{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":602893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h96y\/4UcMIAQBAt3qQAAAQEIChHf7BTKEDlZ"}
01124{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":603102,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGvlfAqAIREYmmI8WZAbu9h96y\/4UcMIAYBAvDAwAAAQEIChHf7BTKEDlZFgMBAgABAAH8AwMQmWdlc9Dfkc1LTp0B8prq1RD11s0EClXeRC7LPUuboSA7ltXQId7DryBOaTjcsMFd7i63qypbauhtrKXc6bkI8wA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABIAEAAADWdzYS5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAALAAkIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgrVr\/fu0h15DcdosIeP8S9EdnaZyYtU\/hcTn61FxtjHIALQACAQEAKwAJCAMEAwMDAgMBAAoACgAIAB0AFwAYABkAFQDTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454599740,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1582454599396,"flow_last_seen":1582454599603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1582454599740,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":740262,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGtbvAqAIREfiwS8WaAbsCzUbDAAAAALDC\/\/+ibQAAAgQFtAEDAwcBAQgKEd\/sCwAAAAAEAgAA"}
00437{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":774111,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAC0GCMAR+LBLwKgCEQG7xZq3FAeKAs1GxKBScSAgIAAAAgQFrAEBCApbEwv6Ed\/sCwEDAwU="}
00424{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUbEtxQHi4AQBAu4qgAAAQEIChHf7JdbEwv6"}
01122{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":776389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGs8DAqAIREfiwS8WaAbsCzUbEtxQHi4AYBAtFmAAAAQEIChHf7JhbEwv6FgMBAgABAAH8AwNJX\/Eg20C+2ys6T03zkHgGLiGZXi9UmQqJ4J0DwpXX4SAQcYer1CdJmG86iQRBRTj9FNUOUTD+JW73wsBQqImhngA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABcAFQAAEmdhdGV3YXkuaWNsb3VkLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACAWHeLk31ojbBM2sakys3+a3F5WQLHPz5v8kP2YwKoSSAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1582454599740,"flow_last_seen":1582454599776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":791465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0JhcAACsG70cRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEF4nwAAAQEICsoQOigR3+wU"}
02368{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":793104,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhgAACsG6aQRiaYjwKgCEQG7xZn\/hRwwvYfgt4AQAEEMFAAAAQEICsoQOikR3+wUFgMDAGwCAABoAwPcCjv1ALSjyPkWpO2bSpR3JwIIun1P4HP8y4L4KzHqpCCcb4EJClNVVOQuGf3cvgcXLsYJLrlO1X\/N4K1tREz008AvAAAgAAAAAP8BAAEAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMM\/gsADPoADPcABDMwggQvMIIDF6ADAgECAghXVVo04aWoWDANBgkqhkiG9w0BAQsFADBtMScwJQYDVQQDDB5BcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0ExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xOTAzMDcwMDU1NDBaFw0yMDA0MDUwMDU1NDBaME8xFjAUBgNVBAMMDWdzYS5hcHBsZS5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLQVbrKBs\/5KaRQQSlJwdHv4J5zCNUZSHwkxPqJS2jgFlEdPbWJkUMdq6kTHjIPQ7CrhZOEZ6w85IcewhdWKAf4UKNmBAC6bayjGCFtErOPn07YEXLckgGvcZjfUB2FG3XFsimFajfpy+QxPRRFTypaXAtBnnuP\/3KymeAJ\/mkIq1R6bZ8N8jgkulRrQQeihRlCI0NcxoR8nKCAeW4\/hORKB4OJosSYoI\/Di9GOl+I361jLip9h1Ol1KNubkNcfOxENWnCYY973BkH3btnITFUgyfZ4fShFWPCM5vrnkORQcST29bfKMrvg93P07Rq0GTHoRHcZmLBeI\/2f3Gl0AfQIDAQABo4HwMIHtMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAULMVtUt0x74zsCIHt39zKQwBFAdAwKAYDVR0RBCEwH4IOZ3Nhcy5hcHBsZS5jb22CDWdzYS5hcHBsZS5jb20wEwYDVR0lBAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2ExLmNybDAdBgNVHQ4EFgQUcLE8wVdqtnyesByhIkinog29yq4wDgYDVR0PAQH\/BAQDAgWgMBAGCiqGSIb3Y2QGGwIEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQBW4\/fFTy28qlnb9tV3+pPlpIpTbx6u+CzXXHpn5\/Eeg70D33kR\/idIDSMQUgxiii+FuDS9MbMQLdJbPyzVOnI7KqZ8ysFmyTAqkDs5GD3hy2q9QbBbRrk6wwI0Xxs\/Fv\/cMhABHKeVoG7Jok+Jiva0CVTyCjFRLHgbyWkEisdlZNmEkmy\/y7bByOMvWRRgcT9iCrlFXFwhVqTODiIk1YUomGZNmRLDl4BQUVDOHXnh3l\/O1G+u5V1INE4WwAxPXoL46ElNpD92ognBauK12m2RJQKWq6qvkogpPd4CZzLhm8yg948mLcrK9Vc6WmCpLMViFmqTa8GL0BNDepmDqAOxAAP8MIID+DCCAuCgAwIBAgIII2l0BK3LgxQwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTE0MDMwODAxNTMwNFoXDTI5MDMwODAxNTMwNFowbTEnMCUGA1UEAwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0"}
-00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00839{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1582454599396,"flow_last_seen":1582454599793,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02373{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794223,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUJhkAACsG6aMRiaYjwKgCEQG7xZn\/hSHQvYfgt4AQAEEgqAAAAQEICsoQOikR3+wUaW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Jhawy4ercRWSjt+qPuGA11O6pGDMfIVy9zB8CU9XDUr\/4V7JS1ATAmSxvTk10dcEUcEY+iL6rt+YGNa\/Tk1DEPoliJ\/TQIV25SKBtlRFc5qL45xIGoZ6w1Hi2pX4pH3bMN5sDsTF9WyY56b6VyAdGXN6Ds1jD7cniC7hmmiCuEBsYxYkZivnsuJUfeeIOaIbgT4C0znYl3dKMgzWCgqzBJvxcm9jqBUebDfoD9tTkNYpXLxqV5tGeAo+JOqaP6HYP\/XbbqhsgrXdmTjsklaUpsVzJtGuCLLGUueOdkuJuFQPbuDZQtsqZYdGFLuWuFe7UeaEE\/cNobaJrHzRIXSrAgMBAAGjgaYwgaMwHQYDVR0OBBYEFCzFbVLdMe+M7AiB7d\/cykMARQHQMA8GA1UdEwEB\/wQFMAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01\/CF4wLgYDVR0fBCcwJTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH\/BAQDAgEGMBAGCiqGSIb3Y2QGAgwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAj8QZ+UEGBol7TcKRJka\/YzGeMoSV9xJqTOS\/YafsbQVtE19lryzslCRry9OPHnOiwW\/Df3SIlERWTuUle2gxmel7Xb\/Bj1GWMxHpUfVZPZZr92sSyyLC4oct94EeoQBW4FhntW2GO36rQzdI6wH46nyJO39\/0ThrNk\/\/Q8EVVZDM+1OXaaKATinYwJ9S\/+B529vnDAO+xg+pTbVw1xw0HAbr4Ybn+xZprQ2GBA+u6X3Cd6G+UJEvczpKoLqI1PONJ4BZ3otxruY0YQrk2lkMyxst2mTU22FbGmF3Db6V+lcLVegoCIGZ4kvJnpCMN6Am9zCExEKC9vrXdTN1GA5mZAAS\/MIIEuzCCA6OgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDYwNDI1MjE0MDM2WhcNMzUwMjA5MjE0MDM2WjBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkkakJH5HbHkdQ6wXtXnmELes2oldMVeyLGYne+Uts9QerIjAC6Bg++FAJ039BqJj50cpmnCRrEdCju+QbKsMflZ56DKRHi1vUFjczy8QPTc4UadHJGXL1XQ7Vf1+b8iUDulWPTV0N8WQ1IxVLFVkds5T39pyez1C6wVhQZ48ItCD3y6wsIG9wtj8BMIy3Q88PnT3zK0koGsj+zrW5DtleHNbLPbU6rfQPDgCSC7EhFi501TwN22IWq6NxkkdTVcGvL0Gz+PvjcM3mo0xFfh9Ma1CWQYnEdGILEINBhzOKgbEwWOxaBDKMaLOPHd5lc\/9nXmW8Sdh2nzMUZaF3lMktAgMBAAGjggF6MIIBdjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH\/BAUwAwEB\/zAdBgNVHQ4EFgQUK9BpR5R2Cf70a40uQKb3R01\/CF4wHwYDVR0jBBgwFoAUK9BpR5R2Cf70"}
01658{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":794234,"pkt_caplen":977,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":977,"pkt_l4_len":943,"pkt":"xGGLNYKpxiwDYGpkCABFAgPDJhoAACsG67MRiaYjwKgCEQG7xZn\/hSdwvYfgt4AYAEFJIAAAAQEICsoQOikR3+wUa40uQKb3R01\/CF4wggERBgNVHSAEggEIMIIBBDCCAQAGCSqGSIb3Y2QFATCB8jAqBggrBgEFBQcCARYeaHR0cHM6Ly93d3cuYXBwbGUuY29tL2FwcGxlY2EvMIHDBggrBgEFBQcCAjCBthqBs1JlbGlhbmNlIG9uIHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMA0GCSqGSIb3DQEBBQUAA4IBAQBcNplMLXi37Yyb3PN3m\/J20ncwT8EfhYOFG5k9RzfyqZtAjizUsZAS2L70c5vu0mQPy3lPNNiiPvl4\/2vIB+x9OYOLUyDTOMSxv5pPCmv\/K\/xZpwUJfBdAVhEedNO3iyM7R6PVbyTi69G3cN8PReEnyvFteO3ntRcXqNx+IjXKJdXZD9Zr1KIkIxH3oayPc4FgxhtbCS+SsvhESPBgOJ4V9T0mZyCKM2r3DYLP3uujL\/lTaltkwGMzd\/c6ByxW69oPIQ7aunMZT7XZNn\/Bh1XZp5m5MkL72NVxnn6hUrcbvZNCJBIqxw8dtk2cXmPIS4AXUKqK1drk\/NAJBzewdXUhFgMDAU0MAAFJAwAXQQSY9aaZgqV3Ao8juLIcLj4gtM5U3s2R3yVtlfmcQVmaoNeCpnMnbWgazbijvv8uga9\/asVCtVbTWhDYyztsY2X5BgEBAB7DbuX0uVlePD0cwlB2V7ola4+vm18g1\/rihkcXGmun2h0iAqxSioPpw6QDVZDWAdaMv+ar6DDdnhMPc6wJUWI2T5cUGYiO1MA1ukOFB4lljTIcaMOuGUbVZ4btDdvb2Yf85Zuw2\/0wnoKoI8xpPvfIDEaj3putoppgk3J49T0jXCmj6GvgX2KyNcWtRWi2CoZItxdxl8L90ZYGjCd976dbvu7xJ7uhirRoo70bWSsuwTNvOZHXj56tWeDzkuz9mpsV878j8RV3RX3VJnwt0+KV\/za1Z\/vzw2XJJ8apWI9MsHvQOYxQySKeKuDHsrl0+0UNIf6XxZ0u1TixcMznQakWAwMABA4AAAA="}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_tot_l4_data_len":4584,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":573,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":327,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":8,"flow_first_seen":1582454599396,"flow_last_seen":1582454599794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4308,"flow_avg_l4_payload_len":538,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gsa.apple.com","server_names":"gsas.apple.com,gsa.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gsa.apple.com, O=Apple Inc., ST=California, C=US","alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D4:EF:5E:AD:7F:D5:13:5B:9F:B2:B9:84:19:75:BB:ED:53:FB:18:D6"}}
00424{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":810214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA03G4AAC0GLFkR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6u24QAAAQEIClsTDB0R3+yY"}
02358{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811781,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3G8AAC0GJrYR+LBLwKgCEQG7xZq3FAeLAs1IyYAQA6vJSQAAAQEIClsTDB8R3+yYFgMDAGgCAABkAwPmeFGGnHgpP7l40Luq0\/4whPVBtZayXTPFxEUIIh8i9yBKruAHr1YWU9gHVpqeNK8Q\/3k8GBHQ+ecvxSY7m6rekcAsAAAcAAAAAP8BAAEAAAUAAAALAAIBAAAQAAUAAwJoMhYDAww4CwAMNAAMMQAH5zCCB+MwggbLoAMCAQICECDrGNnhMGOJ5gckndI1GuowDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UEAxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MTAwODE4NDYxNFoXDTIwMTEwNjE4NTYwMFowVDEbMBkGA1UEAwwSZ2F0ZXdheS5pY2xvdWQuY29tMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA3JTXZEMDNfkBeddGFOfWVcUMoJ8W7d3ST3e3HiTTWw27hpoGkazdY\/uyqetayMkeP9ioDxEA8PxI4fVx9gMvajggVsMIIFaDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhMmcxLmRlcjA4BggrBgEFBQcwAYYsaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhMmcxMjUwgY0GA1UdEQSBhTCBgoIYZ2F0ZXdheS1pbmRpYS5pY2xvdWQuY29tghhnYXRld2F5LWNhcnJ5LmljbG91ZC5jb22CEmdhdGV3YXkuaWNsb3VkLmNvbYIcZ2F0ZXdheS1hdXN0cmFsaWEuaWNsb3VkLmNvbYIaZ2F0ZXdheS1zYW5kYm94LmljbG91ZC5jb20wgf8GA1UdIASB9zCB9DCB8QYKKoZIhvdjZAULBDCB4jCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBjZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDkGCCsGAQUFBwIBFi1odHRwOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYDVR0OBBYEFDcTKYxfoGNbyxqPKQFc6\/l8HBeZMA4GA1UdDwEB\/wQEAwIDiDARBgsqhkiG92NkBhsPAgQCBQAwEQYLKoZIhvdjZAYbCwIEAgUAMBEGCyqGSIb3Y2QGGwcCBAIFADCCAm0GCisGAQQB1nkCBAIEggJdBIICWQJXAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFtrLqfoQAABAMARjBEAiBcyMXSqYu\/NQzPC1eks2fF3nNBwnRpvtSQ93jt9Y6FxAIgQAGZ6hMU0FVYk\/U5Nz\/IH+LWui0mpLb1ikJAbD2uT7kAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAW2sup+hAAAEAwBI"}
-00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1582454599740,"flow_last_seen":1582454599811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02369{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":811904,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HAAAC0GJrUR+LBLwKgCEQG7xZq3FA0rAs1IyYAQA6vpHQAAAQEIClsTDB8R3+yYMEYCIQDdbk0W3xLwRVSqExbk6WYwON+XhEgNjWS3c5gBslGuhAIhAOFAjfHHnYs0x+SaDx9TRoc6tbR7MkI8j7D8tL8bTA0\/AHcAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFtrLqfqwAABAMASDBGAiEAgaJ1MrRM2AKsBkPp1QIT6PfODIXbQVBUCAUpo+tzOrkCIQDddAHm4u\/Gn8li8ESlxL1ZJK3FxqbrgV3vXWLNi8iiHwB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbay6n6EAAAQDAEYwRAIgGHM1p6WBqV+vtqr6hd70KQdFzAWv+ozcuVTGuJp7dk4CIByS3BkfgbrlBXSSNJB0YU2uhFS8HFnPom3vv22lArFYAHUAb1N2rDHwMRnYmQCkURX\/dxUcEdkCwQApBo2yCJo32RMAAAFtrLqfywAABAMARjBEAiBaHWEaQOG2Acj23NJ5zQC63rSKppu35b4qfkAJ8X7kbgIgeEjIujG17P30x0NsVWfo0XlmL6r4EoA536jETLtvxuAwDQYJKoZIhvcNAQELBQADggEBAKGriMkz6sCwrnomv6YJ4jjwMaMNouZTjEijYKaSAYs2pIOE9O+xy3VQrni7VsR+gMkO6ivj8K8d+2za\/y+I2RQZ2TUQ6wWGorFDOoGqBZXtBV6gbGs9KDNThqQv865ePsXG2JT+biTm88weJMm7MYXFPMu6C9JosK0yxl3MDsDk45W8A+EciCdcIiZwl5J8dSnSGGYo5UMSF3qI3eSNp3NkNcxYPZnj4isyXRHrBHr1ekVVCMPF2Jox+AmwwfJRq0tdVhmqUS\/9z0Yc6KqLMm50HEB4+utGT9gDG45BW1xwuucQVqNjb4bcrs8WPZf4X7CL94S2\/\/ZbmTwQh3s0iuoABEQwggRAMIIDKKADAgECAgMCOnQwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xNDA2MTYxNTQyMDJaFw0yMjA1MjAxNTQyMDJaMGIxHDAaBgNVBAMTE0FwcGxlIElTVCBDQSAyIC0gRzExIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKEwpBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCToR1HQyAWsgtr68PVtOjHmM3z3r\/oTenjNoAH\/EUbanxFhq5W06QJf2ENa11+Umt9tMg5xPRnOveDzhlvhi9+RX5HHGdSypUFXeI2UYXA1GeANW8V3T79HdL9jzRQ2Ox2Kr7j09rk\/cjrKAKWEZcXYRzpxFk7Qtwy0Qkd2qbRQ4b\/XrK8jM9m2wGLAq6USPM4j\/3qMqgI7IaXUZQkPklJllPoeaFAgekFu5OVUfzj\/XwRS\/eeCLMVSRUH+dE3oJtLMva1xNxq0fwK7fbgxSmgqItx\/g2SvP5UcBgKbcftDPvJLQbDjIX8y4Zc1jaOEosJf\/sZGjjV8JQweg+mjPMCAwEAAaOCAR0wggEZMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBTYepREfJBwkBae3RecAUQDhtYqKTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5z"}
02367{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814156,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXU3HEAAC0GJrQR+LBLwKgCEQG7xZq3FBLLAs1IyYAQA6sMzwAAAQEIClsTDCER3+yYeW1jZC5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwDQYJKoZIhvcNAQELBQADggEBABZHc2+FomLh5yp2u4mVQiaXvEqsrHBTOj8xgz08HKua4rFdHHYaoDwMcle+055Q4MiZ1ljXAurODSlUfM31wsaQKVWjbxSoC0INOphtBnie8GqjHQIKoiikjcKBRj5tZ9reP\/6FDkIqEt61t\/u4G6eW7Hef7NRTlXr\/B\/TyChTAUVKx1o5QCxqZXLwLyb3t7fhewVbbTX4jpBGhLNQbBZrkG1L2fDiZBUu6co1CiWAEZir0\/WjXa\/eZQSjWbCSr5iVTLsiCmeKijyO+MIOxJ4v6aH8BSejGmGsQLpheitfKS7HHyVia0DbblpXstoHk8s1vG3mHTBA8ieRN+lTcqqYWAwMFshYABa4BAAWqMIIFpgoBAKCCBZ8wggWbBgkrBgEFBQcwAQEEggWMMIIFiDCBoqIWBBRtmHWQn\/fqeBctjWd4mUcrWqqVwBgPMjAyMDAyMjMwMzQ0NDBaMHcwdTBJMAkGBSsOAwIaBQAEFCaEh7OMUBUpl9vU0X43\/z8u8xVoBBTYepREfJBwkBae3RecAUQDhtYqKQIQIOsY2eEwY4nmBySd0jUa6oAAGA8yMDIwMDIyMzAzNDQ0MFqgERgPMjAyMDAyMjMxNTQ0NDBaoQIwADANBgkqhkiG9w0BAQsFAAOCAQEAlz8kzwTNL4DreEokBuMsetKeh0dcofwzjM0d0OSiAy8HKR+etg0hwzjzkMoTWISwWgTi3B1sJGKSMZ19FUMgTZn4yIjxNdwrQNB4cE2DziZgsFITf77+13g64KVP2NaAc+T5V+bRcZJ03et+gkWWJJD3LiVlmJBNfdVp6tiuDAI0Ngsr7cQQ+0qp3EqrUku9Stxo4ldKmdcjeB\/B\/CQsoSSpQbHc7BFb2B5\/0IDczO68caVYUfrelBs9H77nfwtnFA3W+PQ8DlaNrLp+7dLN4WG2ImcEF29Tara8CKkJ0SunfNbHfcwQVfoqYwWu6e+ic24+sVNhYwm7Ezq+\/lDklaCCA8swggPHMIIDwzCCAqugAwIBAgIQQOU9e0o0X00kwGvYo3rGmTANBgkqhkiG9w0BAQsFADBiMRwwGgYDVQQDExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMjAwMjE5MTYyMTQyWhcNMjAwNDAxMTYyMTQyWjBPMSswKQYDVQQDDCJBcHBsZSBJU1QgQ0EgMiBPQ1NQIFJlc3BvbmRlciBSTDA0MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJrC64q6envcCtPKJaAaN4gVTLL0EuZUae9A15l28SjzyHp9U4w5buheyZLZT07XBTvH7vEDQnd8C8sUH\/2EnRwJt5yvAFlAEMx\/uhUizW82DYxuJHOfZdZKclTioPSXZnprOzxrOMshIah\/sjVpDoV2Hk7r0EmCnqStVOjixuPjuzxoTXsJqjPDnqRdVJa1vrg13NnmCHnku7+2sZvcK5UHb9d\/ft03IKYTpKniEEolsv1w3eeCBJBMgSqufUY4nWVfilwKJ5d1HJ\/E62apvXPRhP78ezj7odSWvKPwQ1S8n1deOxKuubQET9d53MjOA5zqmPB+gYsOnXEAunura2kCAwEAAaOBhzCBhDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY"}
-01222{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_tot_l4_data_len":5113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
+01233{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":8,"flow_first_seen":1582454599740,"flow_last_seen":1582454599814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4837,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.icloud.com","server_names":"gateway-india.icloud.com,gateway-carry.icloud.com,gateway.icloud.com,gateway-australia.icloud.com,gateway-sandbox.icloud.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"1e60202b4001a190621caa963fb76697","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"D2:DA:1C:68:0C:91:A7:DB:BA:B2:2D:29:06:DB:57:42:10:3D:3A:FE"}}
01123{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":814177,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"pkt":"xGGLNYKpxiwDYGpkCABFAgI33HIAAC0GKlAR+LBLwKgCEQG7xZq3FBhrAs1IyYAYA6vLUQAAAQEIClsTDCER3+yYMBaAFNh6lER8kHCQFp7dF5wBRAOG1iopMA8GCSsGAQUFBzABBQQCBQAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFG2YdZCf9+p4Fy2NZ3iZRytaqpXAMA4GA1UdDwEB\/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfWaHB3F71r+HUtEusztLw2H0a2YFnXxa1uzWlcknyHvXas70SkE3K1rNPNgydDWa15RJBtUYT9r\/jIYn136onLWnxukPVi8TUKI4CMEwguhpMLrEtIqL4C6BZ+4lBK6xUCuEUeduttOE7gOxhx0n\/QSTvQ9LuNig3jwWEtIC23HoB15mX4gwBZ8tfi9UB7jVmgUgPLlnIxTRdUl1q5\/zCHckXOsWhUg5FYsKlZCVH6\/tIbdNREqUECgGFWyk\/VyvbJtuxaOAbpOC6ieEYIcwhwciiyJrTnUR2rnOOH8r2riaIi0MEZYnjSjV+7lmoMy2Lru4hbwEXuuXlBYgInvKvBYDAwB0DAAAcAMAHSD+x+VytcmV7WNXgbXmLp9haS4GjZxzboO9XW5nXMTLcQQDAEgwRgIhAPvT3IV9AjdpNGefDbSgPSo4QhMddgpu31WPcQgBdC\/cAiEA4VcIve2LvffT8aMppvIxhDUmtFZvpbOwuJdoe\/LlSHgWAwMABA4AAAA="}
00426{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":910901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQSy4AQA\/Sq0AAAAQEIChHf7R5bEwwf"}
00426{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":911303,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUjJtxQaboAQA\/CjLwAAAQEIChHf7R5bEwwh"}
00426{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4UncIAQA\/RoaQAAAQEIChHf7VbKEDop"}
00427{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":925949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGwF7AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AQA+1k4QAAAQEIChHf7VbKEDop"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":929249,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDumIAAP8Re+TAqAIRwKgCAf43ADUALyJV0zQBAAABAAAAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1582454599929,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00664{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":930239,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"xGGLNYKpxiwDYGpkCABFAADjtQsAAEARP5zAqAIBwKgCEQA1\/jcAz3eX0zSBgAABAAUAAAAABHBsYXkGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAMOwAmCHBsYXktY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAOmACIEcGxheQZpdHVuZXMFYXBwbGUDY29tCWVkZ2VzdWl0ZcBUwGUABQABAAAAXgAUBWExODA2BGRzY2IGYWthbWFpwFTAkwABAAEAAAAOAARce00awJMAAQABAAAADgAEXHtNQA=="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":47,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454599934,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":340,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"play.itunes.apple.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.123.77.26"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1582454599934,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":934729,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGzmnAqAIRXHtNGsWbAbupO4D5AAAAALDC\/\/\/ZMQAAAgQFtAEDAwcBAQgKEd\/tTwAAAAAEAgAA"}
00552{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":939978,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"xiwDYGpkxGGLNYKpCABFAgCRAABAAEAGtWjAqAIREfiwS8WaAbsCzUjJtxQaboAYBADmiAAAAQEIChHf7TtbEwwhFgMDACUQAAAhIDKkQIEWZAlx88rOX5tT1olybnRVZCCFh2Ych8RieAgkFAMDAAEBFgMDACgAAAAAAAAAADOXRaCOmlNQDoZtFXOkJKDr47Af0t1lcWwFJ7SeDnj2"}
00437{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454599,"pkt_ts_usec":967985,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGGW5ce00awKgCEQG7xZtUZWomqTuA+qBScSDQrwAAAgQFrAQCCAozMbcgEd\/tTwEDAwc="}
@@ -415,10 +415,10 @@
00425{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGtcfAqAIREfiwS8WaAbsCzUkmtxQaoYAQA\/+hSAAAAQEIChHf7cZbEwzB"}
00423{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGznXAqAIRXHtNGsWbAbupO4D6VGVqJ4AQBAtsOAAAAQEIChHf7eAzMbcg"}
01125{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":80888,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAGzG7AqAIRXHtNGsWbAbupO4D6VGVqJ4AYBAvCNgAAAQEIChHf7eAzMbcgFgMBAgABAAH8AwOVQZ8FnUDf4cuVlN3Dfe\/tO8oLU\/pP+UZ2rTRx02gYWCC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcQA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXBsYXkuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACCvIr1kF5VgJNd\/0ntXVaysO1Tdse1BkZg8MzZDFY0NfAAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1582454599934,"flow_last_seen":1582454600080,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":115292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cJ0AADUGqNhce00awKgCEQG7xZtUZWonqTuC\/4AQAOtswQAAAQEICjMxt7IR3+3g"}
02389{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116695,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ4AADUGozVce00awKgCEQG7xZtUZWonqTuC\/4AQAOu0AQAAAQEICjMxt7MR3+3gFgMDAHoCAAB2AwPt61H6LFcJK86TX1GoH2PrY5tXpRF\/2SwmLfjDobAnLSC8t86tHdWqnxE\/bapLx0rLdTwSMsDVwQ5W18WBw\/RbcRMCAAAuACsAAgMEADMAJAAdACDz5rm0ZHHkdC70mqVixD+6PP+1VpNnjk4S2jr6YWMQWhQDAwABARcDAwAu\/IL2b+uh8v\/WQXLnGLTJF\/1zhJjgI4zH07lbGC7eBHKA5px\/1n1rKaOdZ\/oycxcDAw9hdpml+4bz\/FPRkb\/SbtBwcuz4cXwGWPA1ZaB1Xue15aFDeSq1uaLJCA8nRA64afvuv2HzQacaTFRgiAb+Yk+prC74vIiIILFVz3Dcw4bZ283K\/U8H3mFxQ9kuLXYXeen8TL6rIGsdv1CnXplV5+M4L2NJKP+ZOYpOgWU2czzsYVbqLROPY8WHyRJCiVgpgI2BwhLkwsgUT3G+R\/i9aVe7UU9OXlvxHfpz\/UEuhI82ej\/xl2nJVMqCjr+k+CBUrJ2\/7k2b8CkB\/oObgL6hITgMR62I6D+YWaHbbNZgBDFWGR0lPcAx8TmaEWQiC+zwUP\/bAfg2ciphmehJ+xqcALy\/r2LJ6XBqaQSeNGdNZbGE0kK0pxxNlXS4xECnAUnSjTByNgmD0kxL+6fxTRGjdoIXdw\/eQ0ibGkzgHaAkMe5VkVIk46bdyCzhDKZpBDuF5v+jvxYAeoaUAy2RZvT+cik9evtYRtpklOsUjwDDFFFv7UOszCSHyxBifzyb4HjslR9cPPfTy92zv4Z8fRuDLKENWWDuwsyniTVEcOcNcuJBVVIAK2FI0Z2i2G7zS8YF6y8kuX1UlRsoWpS1Wx0JX4c3I0FMU6cx5GqXpPfBukHyn9yRVGJvwDe5gncxu+tBuC6V7PuU+P8UH\/vwxHpz5pBOwoKIe3uV4pDOZy7ptYeyRNBok6iA1g8A\/qzg2Nms9xPpdPNpY8zqjzJb3rcL3i5NJZsGgxErINlbnURvA4Jv0W7cLXDzAfEXP4EuH8eTLhD5mkATgzvc03nNWkE62B+1P1FlsqaBhBtom1a7Kf1TF+UB3hQZD2DON3kFZ6nHyevuoAGKjS0gnIzStI\/ehnzKZiUdBjCzEoeSr2bY3rzy4HCahJCVIC8ImjZg7OjdZW3273pdEbsAwwg5kcwUHsG9u+VngPhuMSQ0vLgCM9vt5luBPw0sU7XPJKB\/lTIYjylEH5kPE8AymVwnYAZkXzRienK2lyW194jONv0VuGbBgH2+rD519x+3eANtV3b1Z6Sg0KMSALIZCDc0qK90H6kmABzkGlmu3zer9WFypg8lciwzMX\/gsnZN2SGuidVrFmGFUDbaX+7dnRBzUpCIbWTED1qwv7SrZJK\/fpYRpgl\/AeHqgkHIww9\/ujcKqI6U\/XAHTllgvHLnDki3Wj6gpKpFpOb9\/YhP2NBslB0pbUNLTCV6b4AWXvUBT46VySxj27HTjnV+8NQg10tlJW6+yXfV2ysS7\/w5XoYyjpjCPbHjbfncluasqfZkE4AMlYLaPi8vwNmwErCOOq4ChMAfwuALUL9GK9sU6DPQBAU5pxfwUgq1GJs+nL9doBOcThIfcW6Fo1c\/e9h1NUBZU07VSI6prjj7sNiiP06r53dsmscVRTsgjT3wuAZKx4YiW+6zrV2ZRAKWWYzEil74OqBABpIX1rAkWb3rTk1OclVbD+sC\/tDGbWW9uBSsr\/liO1Usp5pFlj40HCf9Y1cKJ7DmpkecUrMSSN1+Q+wq3usWDyhnRVG9sHpw6MvjZ5V\/vCpLkps3I6nUoKIF48iHB+tyPnOb4kn7AAIjUuogwgK8vwHvkI3lEsVIbH\/9F5sNXuXWmAA+gxKrllyCgYK2jacItGh8R9Wrdw\/7\/x5ruAolo\/zhURyg+Ygxg8AY6RyVuakgfoTogkza"}
-00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1582454599934,"flow_last_seen":1582454600116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"play.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02380{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116854,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUcJ8AADUGozRce00awKgCEQG7xZtUZW\/HqTuC\/4AQAOvMTQAAAQEICjMxt7MR3+3gn2nKgfmgF8aBkF3X7KNk6924h1FJsguks39Tk7FoXiTmioe6vz3e8l4G3Hl88yrKTSppvPgnbA4LIgCa\/hHBWlx0ORGxxsTEZgbUtoaAe7ZOLtOwoW90Py56ug379hKo85n8MFyPZBNKq4TcGR9hcO4NbuYxncak7IdoE7Nj6EUghd3aAjAXqH3LTxF76oopL\/JhumvVC3dw7VsHgEJauvJGO5HmNSu9AscFLSPu2qw5pH0qSm1H3dg53pUKsUfRg7y7dgZ8T\/v42On\/n5w3yLHouQ2sMaolF\/w\/p+SnXeNANgRhmY85tpb6B9kr2N3w4NEwBiC6S3MdfK1JF5yNBoobLxFbZFcTbayfGKs3at+GCok3OUkA7sT2s39j2lsr3H04Ik\/sHCq7YdiegEiBu\/eJy88ejAskE1SC6PTIBrH9DUOUhokOOEzz8eN+VeMte2E9Xe0WJn1ypDMXNh+ZYMI5LZFE13QL49M3Q+4+wmXLc+dk5EwAX0Mauvvek5S3GqoL+JBmSMG9TSmU4qlO4GXJwDq3WGToe8zBbnTBIvrv5As8GwuQ99OB4+ooth9+pC80yFhkesFfTlFQwIAsOQOAiCh0kjTLuidTU+fFeBeTLuyx4LEUD50WMmu1n6rgaZY4oWu96J0AFSqLYiJQXrTq31bnIIx7gu1RxyRByg4yjF7NfouMonfJ+470hO8cybUvH\/ormNXFsMrsjZqr76FxX9tA3KvtZJ2CTkYPOnvwThfg82YYhJi35M7dVEeKN0j7uBe1JEFiiAIYFT+Di5z4CaWtpwngWZJFEU3i3zpkdW2WqM5o1oaNUQ3dxcMPBN+8jHvz6MDcGqLoIvHsfIVBmMa5fJywxqhx2UGt7qMR4SUlIlOXiaA16yCvXF97FEDhUjD606Mck0RI0gYMuNOKTuFsuWlvJkgM1QtGtEhBoaFsWu9GFsm0rWYchXp6vY3iVLELUXJa1J9w7u0kznpwFhS50fSWRJVIrCAbtVUXLBwCwzeXA\/psp8mpwXu+1aFDnTulXXNIaKYIkvVuxBMn\/XcpETFJMfdw2RwxJ5SrXPcDYB4KEOBTeODNXA3ztqaFAw5aaaMvODhBx4aog4D7ncqV\/tSGnyt4SpZzGeAqnqTMcjCO8q4kTpdAwlCDOmKDI64u2u9y4R4jasGQgSLknp2qogAojJdaDjC07zGPnV54lVjlbM++gzmCl+64AV0Wapi57pNh5nhKe14UICK4S1\/eVSLi2UVPiRdXqHRAnVUMZwUZY4X2tro0Lmix0wo1CG2pnIzQd95Z1v99CXLjJUMssikjv5v9ArJouToIwVoeBEAIV\/FLIoLw6lKXaTRoUWU8b2t+exqF2oIoQyxUKvxiapQKC1tsfFo+kcDR9phLmtGbDTKK\/GecWARBWWWGpQjjodQ\/4tPWZwXsT9a8OyVUWkie6f7\/2E2WQ\/H+PiRFbFuHric+37Lk6zg2U5K3rFjOnp9g0sMCKRmFKs\/7Unj5v83vjtavl9H1YvUx+J3QefQzHy6LWoGG0ef6LRQRXodUdtpY\/yr36YpgYisXLiVgfJtuSyHDNGAlY4V1FZxawcS3MqO5+V1h3zGcddTgHIc82Cs+iKoHJgi91vel7\/pq1Tk7+uZH94J6dX1UIp5nO9cX6fVeUvOaO75f1iU5K\/Nijr\/EL\/Pzir59OuVP8R0\/uHhcStDoy3qeuRZ\/MOolCXeuhGRpPUGO7foBrnkxKZbYYViI7jBspmI\/TkXyPpiK5NStN88bhfNnsmQ7EEbCUuq8KkNAJHlkcYqA\/CdWAft6geJqvGog3p8feqyhTdoj1vPwv4H2KEQnWi2EfSZ0lShAFK4I4anU1WcuNlWWRYTFJENVgtO3kU8GMj65LfPRJrA9xjAdiOnDNlSY1DZgXSDBQJduK0LuWtBG"}
02081{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116927,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0cKAAADUGpBNce00awKgCEQG7xZtUZXVnqTuC\/4AYAOt63wAAAQEICjMxt7MR3+3gynpz1ygj\/bNUsbM8HfPqWUKmt0Zp5XH0md2fuKkLvqo2GLSpcLsvAkG24g7AGxJOTSmJmSFSG5W7ioQg18v8jpiPxzeYJbEu2AqIf6wyQwtvs6GE3rgEIeIzmdguSBtGAcYs1Qupw1V4UgUdk1wXjSKEdd4GIavkNFStdWoWfbyomomSUUpFbda\/MS3ZMSCxez8uzFRmWToPEolYpfqBEcTQCw4SLh1KcEcQZPfFbYn\/wBOdmWOEAK45X5DK309oe2B2TJfVY6WwyWoXqZZV2DFxTPzKByTS6DQ8j8OKd6On2UUrx\/UYTTMqwQ\/b1A9ihjmtLYJQmcHCPnuaLV+rBmfCHsRKlJBKCujbz+OH+ZNtL4zGeGq8lVPRwPSFSD1PbAjIWoxDo2nYy1pTq8N629cg\/3N921rid0CRofH1AsyGQcMDGxoGlVfcK9fQM0C2f\/KbZ4RomG7bOpKje8ozG7dQ2VbI0AYrjduLgqAX6pR3meIIMaAnlzL3LpTnH8F4q9549jefbBeNnumYxHXoq71vQ7JN+ajAi07ftBNoG6P9P2LNZTAps3c6oW+MIDUnE\/SVpTBmMJQ13QYlGoT8xMAXMwMwMco9rCt1PCgZkFAvMve82Nf4V1GWkJEBH7xyI4SIOQCs7GxcVhSs9AVFOZBHKUwc8jZj7vOpGqa9uOhZP4nNakYP1jCg6iBKeKpPxGIrBQytACXBTEpcNJCvqVt\/XZUFfBk1so1BS58QR0V4Ua7\/kUR4uJJgytp7iD1elajgXgPoLDTrkONgzg2kj9mGSE0J5x3cOwzluzWd\/2gQLXa+O+aOQQPf8avyso35IpT4Odhhch7CNBqFdmKLnDOEHMg25c9nAQJjXu6bwQs71cdyTnYQkRXiIHiWyoHQnbs+a\/Iqo9cvOQhhEZqfqcm2TydTwJGDrTrlSuOMPJPAzxh5ZSyvga4F1q3l0bT8x13C0DBDBEzCy2rhc0wngwm2E+qBf41x2C7o8ThzQEA\/if\/QyXvqk5TYR4dhT5uEIMWtel8iluiX99pS3xfFH+n7LhmlhuRASFlIj61j099Jb1LuJxQy2M0HvfQ7znlAuQKV6nG7OSadwku\/hbYMk\/U4m7qPDPsnwS3lw10GxMqN+rIuEshmRXhyUywZrzz8zKCAJXP87A3r9\/XfS7Vlg3MuX0EshaRFm8VZpoGnxMWUjr\/ucwHO0y4OiIr02A5QPdnCG7fbFXCxtgytlU\/CDvnNejFF5bSvGzUjvIAThBJjFE+aYB6OkJA+NO9fLiPf8Vp6SEfU23ffYm\/XlmIcID2YMNs3gBCuOQ2A1dG5yWLDq\/IG8Rnz9mZ6oTukUKowdGJKnHSbCeP9cOpD8+qxRVhpDEkbDxwQgMMlw\/9Uam4tDY5YHBzS4pM08V6MiQ0Eh0Y2cVK679S0t9T\/sh\/tPvt0FgEgZEeh4089uah+oEx4HiYFl6iLp\/Tu9wGr11xDQoSSgZuyBUjErS6OljQbTOtay+q+pEtdGDXe4tksRL4zBGdmfzkCL4w7EI2bkAo2XJjtZdx9wqL5uGiubBsZYb9qBUCu91OlMeXMkBNmAg9FIKvG531uJwFd6OoSxjfFV2YNmixIn1exKm4\/Oi4XGA=="}
00956{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":116945,"pkt_caplen":456,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":456,"pkt_l4_len":422,"pkt":"xGGLNYKpxiwDYGpkCABFAgG6cKEAADUGp0xce00awKgCEQG7xZtUZXonqTuC\/4AYAOuJSwAAAQEICjMxt7QR3+3gsXa6VjEMA\/qTH4WMxt\/gfS5E4SAH3a5nmEs4Ha4iFwMDARlx8j7b2\/wyynr\/fCjWGnceHIW5qdJ0Ed0eWVgfY8+6dPYr74sh9Ipek19YOtvsg68aayL87264TsJm6tjpx+gyYZRiowvAQrZgj5KLOpg\/RuPvHkFUXg0XQIrUF+j45aAto5QF2a4WUbLlw8x7Alt83CmpLJhSio6qnFlhyYY00HueZ7hfsWKuZgWP0GljSeG5RYgz8INO5FGUU5B\/SInaazsKyaCxgriUrqnE962Gmptr7pcf4z81ByJZPM2uSLhTDwF7pZjjaNysDZc4NDbb0ncYXukqFxGk4olRIShvAoLVawWnSzvt8UfOd2J\/ejmG5Ytt2cVAuNWGbCs3+S0hncmmqHuEBDlAlvfYK5AjVPEPyKufTGua2RcDAwBF4W2JIjBskwTIw1j05siuqREXKUeeWZebQIXIjXhU002OIbsotbsoQ1lgL+24z+OPb1kTq1LMfdj5Z\/u2tJSxlVrJ9UeS"}
@@ -430,20 +430,20 @@
00818{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":176375,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"xGGLNYKpxiwDYGpkCABFAgFTcKMAADUGp7Fce00awKgCEQG7xZtUZXzMqTuDT4AYAOvWbQAAAQEICjMxt+MR3+4RFwMDARphOZHE1qgUIOEb03ZCD+O0FOJclKPZ1SVCxLgyzVyVHzi4TUQEujdDgJNPkR\/GPimn6coUYENMg3ZdzceVssTJAy\/z\/2LbNdsPkMk8Gze3qRvtgOrBKekQhMmE4Y\/qzNNGfcOsK4uEwmaVThLaRKXXUZpdn3UJ++2PMvfaqROQKGmYtP77Z3kXY3QP1iwb\/42fJ5M7rzTJ7RYmEho2Qhc8r2AkkEaShuzx7GHCvnKyTTmUHHMpe9Zq2zY4gGkoW8aXLao81Ku0NC8JO2JLCGSdIUn9g7eBMAjUfoxEWHWWW6I5O\/jkBOUxwhD8Bp69iTvuEpx4QzDXjtAMCpzJrI2YMiY4GrVAvkgMqz8SnsGKNSzd4q8tUL9mlY8="}
00600{"flow_id":48,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":252093,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAgCyAABAAEAGv97AqAIREYmmI8WZAbu9h+C3\/4Uq\/4AYBABd+AAAAQEIChHf7kLKEDopFgMDAEYQAABCQQTZRdeqgH933\/0YQkxoVWk3vpi\/5MvHcUXVGqvztHrVmPzO2NQcXf+XPiq1cZU3+MjmkxYpWsXyROd9tneOJAR6FAMDAAEBFgMDACgAAAAAAAAAAJw1OZiuYS+tEO+Hd6c6lK0ZkgPyE5on+DTSJH1yoCwW"}
00497{"flow_id":48,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":443725,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAgBnJhsAACsG7w4RiaYjwKgCEQG7xZn\/hSr\/vYfhNYAYAEGDPwAAAQEICsoQPLQR3+5CFAMDAAEBFgMDACijXGTc3lLFvZRZu6rFz3PNVLffHlIVt0NF7hnDkSCoTEf3BF4V4KgZ"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":454021,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"xiwDYGpkxGGLNYKpCABFAABDtJ8AAP8RgafAqAIRwKgCAfi9ADUAL+BtI4YBAAABAAAAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1582454600454,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00635{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":494055,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"xGGLNYKpxiwDYGpkCABFAADQcdgAAEARguLAqAIBwKgCEQA1+L0AvB7yI4aBgAABAAQAAAAABHN5bmMGaXR1bmVzBWFwcGxlA2NvbQAAAQABwAwABQABAAAF1gAmCHN5bmMtY2RuDGl0dW5lcy1hcHBsZQNjb20GYWthZG5zA25ldADAMwAFAAEAAAWqABsGaXR1bmVzBWFwcGxlA2NvbQdlZGdla2V5wFTAZQAFAAEAABGWABgEZTY3MwVkc2NlOQpha2FtYWllZGdlwFTAjAABAAEAAAAYAARfZRg1"}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":47,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454600508,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"},"dns": {"query":"sync.itunes.apple.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"95.101.24.53"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1582454600508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":508065,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAGXAqAIRX2UYNcWcAbsi3fgeAAAAALDC\/\/8YLgAAAgQFtAEDAwcBAQgKEd\/vhgAAAAAEAgAA"}
00438{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":541627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADUGS2lfZRg1wKgCEQG7xZzFmLU\/It34H6BScSB2MAAAAgQFrAQCCAqI0z6tEd\/vhgEDAwc="}
00424{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fgfxZi1QIAQBAsSJAAAAQEIChHf76yI0z6t"}
01124{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":545389,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAgI5AABAAEAG\/mnAqAIRX2UYNcWcAbsi3fgfxZi1QIAYBAuKRgAAAQEIChHf76yI0z6tFgMBAgABAAH8AwOiR+2o6dU1g3+Svap+gZcnw25M6wGbHtuAePAdQo0oAiAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbgA0EwETAhMDwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABoAGAAAFXN5bmMuaXR1bmVzLmFwcGxlLmNvbQAXAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAzACYAJAAdACBtkoBkQDrwLLXqjG5TumykfSzBBltHwjkMpbOHvdDHVQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1582454600508,"flow_last_seen":1582454600545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":579000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0r2YAADUGnApfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOsTGQAAAQEICojTPtMR3++s"}
02379{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580592,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2cAADUGlmdfZRg1wKgCEQG7xZzFmLVAIt36JIAQAOvvggAAAQEICojTPtMR3++sFgMDAHoCAAB2AwP8TH04ZCrBb\/gkfljnUmujowdNxER7kOqz1gAUSd1ARyAx8\/DIlhLRtqLIiYUYtk4NlTJqyrl\/fgPygPHG4YkVbhMCAAAuACsAAgMEADMAJAAdACBId\/Nnk2O5Sr4v6R4YPHo4E3mOFhXJdd0yp0DfW6I8TxQDAwABARcDAwAudMmXJPizSb+uU99qMbx5cAmpJSCLpPkIdtgbXgjKl2Es7W8sRKs7LwQENOumdxcDAxZZrS3p7EDxmR\/IXQjmqj4qIg62K04sA4wA8ndndzwoRJJ0ArSgjxsIw7SrLyfZo1bty+qCQYtU778MH9nCUJSxZLfaz4qJKmNOdx18ZEbSouWbYnumd26W36\/fu51gRJ9XS526VmaJUwQCfdv+7r6ZUSJ30RHugEU3fo3GLI5Yhe6sz2jCxaZylLfMjMgBcw6Ew7WqtZOmdo+m\/+V7FKX7YabQSZmpNz\/90iA87SUjBd+o0GPrlKSX+zgpaHBgvjZdqMSfGrDJgVtPEx8aL9b3ILaucW8tnzGY7\/hrsewgFXWKiKQ3YwWDMUX9gCE8GVAIiZSGpQmLJfUS6JLxMw6CyHNB6LZrGEY08Ljij\/qbKe0wdWpWXOJUJsVbpAw8SGs+ngDrozzw2MN1hX8nVhHctc+ZNwYfayeoMlbNyNz2crO70Ija9sijbkIQUM0xKwfwiexnPM5Ze4ksue4SfdSeCKlit4rerhP40Z2mh9xxZwHC8Yl6a\/LU0FBiMiG3X3ehFnXhnrJ4WqLsE5lQfb12V6AZlXSpDwCEHMVi6aZcHdmubp44fy3mTCBuKfI2DxJfXW7Ei6carC5Rn4PvDYucmJAVdinoQZi4BnShp5CkYd5sJuag1Y06B0y5pOiSM3EkRcI+jA1HqPICGHYgP9CqOqmnyaGJsIYwUMCCQlwq5vDvlgEETaqMtEGMpxQUVn7wH6RX8ysxaQ9gYqVrX5Z+fAvQvkyZZGwIoIqDF53PdClKh\/eBs+XtNdUU15aXQCE5wJbqhuXY36zI86AKLzkrTtkC+JkTtc0+b9YVvsLVTAk60yTnjC4yETkXglK5arNKJQQ8wO+yapKFYAy1z6RgktiiKO8HobCTmnrClWvRHGYqDk12Ih2RrtGQH18g\/B80eep9I\/EIOw4299xv6B0wvjiKDkvc3yUFkDfqs4IEW1j6w4f2h6I9mfV0woc6lmmWPACkfh3I1HvUftoBCC\/F4S+NWegAIYAHjhMhd5xS\/b3OWA0B7WYY\/AKwl0oGAIafXNFyIEEU3Tu5nS2FOjs+PZM6Ht+m4fUmSLxQM5SVWZo6Ga2Jm3GvuzbWiqWOiIPSAaFoPbq1PmeFX0qpIcjfiXjMCJZgoTnuD501kfO9FJPgV\/IATXU\/8dUpMk3cQwU7F6Um1gDSdO0UBTbEOXugn6kSlbhkSz9+JamsPAPBuzZYSeyQmZUZ24JlGUqZeqh60BUe4yvtzza49oGKt82zMxLWDI1jiMTrPt7cQ6tvF5ndLmftTJrIZjCbVHQ0bfpxz+Fz2Zd67mu8iPx1NfAZO5LJCXEYLbubq09dweHBNYTjHKm8TQzFs8wdtbhWa1yVdGS3h\/D9XcZvVmPlQ8MTJDdf\/Qe0HPLiG1miktNzT9Nyu3\/xsvWbLeaXVFkA7C9X67tzGDwARaO0\/\/MnABlnUjv3b9d17B0qWElkpNZAvOyzYw9iMrf21U9gYRZFEvFrA9PLZKhlV592v90TLSNkn5+eUdXprHVwBpJugztp2hkedjOPa8AgpPYJQZjkOJ7VFXp6ytPj6uc7wyl6N2NT3Xn06rL3X\/KuiYXW7QR4mTk1VA0KTdlbbr1IBR2zGy5jU134I9FqoaxSm5iu14lQGI8\/oyK3tOofGPmoPZ4GQghrNZ6UB+hh+t\/\/UnAY56vWxG\/p"}
-00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":432,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1582454600508,"flow_last_seen":1582454600580,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sync.itunes.apple.com","ja3":"6fa3244afc6bb6f9fad207b6b52af26b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02382{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580604,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2gAADUGlmZfZRg1wKgCEQG7xZzFmLrgIt36JIAQAOvd6AAAAQEICojTPtMR3++szuNvCfcQ3E+hmHoM+ZjvVSuv9dUCHP7J3aqGCVlC1HDszwxyFUimKhi2dVLHN\/ASBFwzIfhwm1zB1aX2kZp3tcj1jvrRfpYyIPXlx5FBOZjT2vIXeRU1HEk\/YAPthw9ML6DdTUF4HizJFE\/MMNA\/9IAIn42LK4Kl0WLbJtvMDwzvbMJVQkuvcrcXWeJ7Yw5iCadxuum0uoGX+bejEF1ZW70jnFoFbbNn0wkq75wE94FQfdG7ms5TWwRVgV42DAOLxa1XEOZs19UDu6XE5B7iIciObNajWeDkiyDTcsHNAzoqcwxDhGOWX78u0gpU15IkR3JSoTObpxy9OOAUa5HIUDQxcni6rIAvL2HWmGO0o\/095LxReXjnuBRMDxX3tqaU6U\/AvAyDdVtysbOqwps+\/zrR1NxYblB632WXG6tI0Jb8AC6OODtGXnUBMqF4ywfuLHNT8Bc9TORh1bf\/zIeGIUlOBr8bModwBiwZfg6YUIesWlS9BbxPrqcn6JHWZUKeePt74gpDcYFf0WjMPswy2tg54+f4OJyioKC4m5aUEGNMesgcSCHEph5OGJWcX6qPQlk2nvc69V0dP2GmKBLWpU2u0g0cBKUf3zgOXlYba\/cCId+dPX0vZRvzvm3imxZ1N1hLbDKfifoGcdmrKe5wNYXE+avQU64AxmYXlGH1rZi2dkEk4tNWB2n8T4q90SKT7F1bc6qzSI\/LZAT11coQkdUW8Q8I5V2dIXZVjaWGTtSZikLU\/lrLuTpdedsjX7mVxoXHXq9FDY40Jj6IJqI5zGleo0YQ9RbhAtf+7+9oJPl6h59LTk7vrBWTpJAWNmRtoEm2U8Wg+xLXQuvI7IRgE70L5EDNPKuqnmLeoLTiCipyBNdaf3hF67L1jfJUX3g04HCVCfZ4idSNCoOCsUQDFFGQ+LxiGB1QW5dlN9wfJBV6kWaBDw2rox3PgxYk5F0hRY3IIqoqqXv8GJb+n+8lJw4lcEwV8MxkROomgk9irDbnylXWjjrXZw2WsfjgB6wR1GsUrSUmOX6yeeEvOOyQe3O6oM3sWD8XnX\/tCcw9DMYvf22Sa+sEwNfN9LCChdR7Tkni+AZD+qgTH\/nqguEqiCQSgSM4Xgcwe4x3ozbECrhGFvVlKdZp94Jjncwj8kml81k0KaHJEe9g4KINkNA26ft\/RAldqBMjUXY\/gqAO888PUip8tSxDjCvdR9mwmZFLxs19AxCRRqyq6EdaK0FrSKPziuHmcoUS0QOl7oVBNtYbweASveLzzdnib8siOZbFYT\/zVpt3Z91R63oZYsNHLOtpVHDqn\/2tOOmhJz0keUtBRsWolDGKl9hFKLBO03XviQj\/sx3ZOtVsHjxtkOd9hfgATBfecvXVlNo6bPr\/MIr4Z2s7l1KgmKKxV0R\/Vvnra\/ns\/pUh+KMD\/+NdB6epC14G4Nds+fpsr0CLobI8Fx91L9OAedbuXjWUP\/yWpJk5x15uDZa1y3x3ZUjnTxehGTQlX6L\/Xxy50nLdl6zQCojVP81ap6L1402\/MnBNxtFD9wJ9bv4ICprjup8H7gdQx4MjbxAGGBN1yZJDgcAVR7AoiqjZjVlXI3DMjfj9BMJFo289W8QPe1nXbmhRWss\/7d49TaAYoOAM+lVwPatN8NeehRn00GJjdsT6yo4kcSkpkqV1szCzpQCExFnBzkTksYyWLQvvT+yy1okEA3ppOV85tK1cxWVsMPJTc9grcLB+UoWEWL7PbmlGk9+bGxH8l+L5uIJ1nOWzo0eA9CDe6gaYLR89x\/Cy4j62ubjDsUlQxe6\/E4soHuSGrl8JfT\/oQ\/13JAYm5isWKXU62M75JeKsXhkybPPELeOOVcP43fXC9vpTn4hhEAo4E+6kX1V6mpot8OuK+kA9j79tQNwqcplwHGgOZiubNieZ\/dfOBikW"}
02074{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":580954,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAgT0r2kAADUGl0VfZRg1wKgCEQG7xZzFmMCAIt36JIAYAOuRnQAAAQEICojTPtMR3++ss02MmIAnh+RZ0NyPM0J6Hg\/9Z05andIjWZ9U6COvSgcZhLgKTF4ETrGGvMmsf34PYDBdblOEuKcaOQogDklxQg55tuBX+52ItILIft0lkVw0mkAcQwsPhhUz7VgEXN\/cmD+TYB+AEgkShyvLsp9fOSjwDN4EVn1WFTwAzp0qSOYE2VgBIHCn4fsVO8sfXTvZEfZsONoNPiE5DNn1luuV8eQa9iS4jyRbXEoQbzWkH8uUX3bi1wcnQnVOo3pls4V41hpFiNCV+f+b+8SgWcZGJlbnhZgaE4u5y8Scg2tUXOXm4hN4j53vmfl3U6nPmtXfeHej1i7rQaw\/y9khIxnJEnks8aKZNNRnG3CUvpBNCxm48uTv\/joxIlKmjjEw1TjpkN+n\/gBmOzmYD+Y2Hdf4g8Cd7qbRxFJkkxmVD7A2qZ\/vw64yBgG87MWo+rYoN9Q77ho\/eVbFES8nNaNHxBi7A4ZI8280iuiOCS9H1+6d79VI3O9FvLNDsH1C9hq99qgoWj8cHVIOnXXXbP+gbRmLfSmXeWBdwIU1erGMfhKPquha0df1AF\/IouAwgQibzRiq3yyDDO7J7ZU4iBbBVOihCzjJALSGDS0PYvYmAzxFGFJvMtgvwWNHUaYJ+2\/\/zMtYJWpOyZVateXSRcVOQm689vcLB52z\/F4WfZvXpJElWALaandmb0NXYgTApOMHkR+R3aXfLGiBCVW19yG1M3nWxWuVHyBPN8MkZ2aQiHF8estXztS7zV56b\/JryVPkseADzsVa3eKtk51IB3nOBC7t9pbuJdpbnVhzy8+QSWSKECqUhVNh\/kCQcfcd1ZyBWp51wLtfUH889eeNmiNTQihETlunQdWj3cLVjCmSkeI66kzX5CbanbbPYBrcjhch6MHZjoF8WI1Lihn0E5snlvGZy+gv+TtS4rEt6bPlc8DX\/yU6\/jALiW5p66hP361+gEhyOdHKbpcxjRsclGcmquoLNV1mMFq5N6Rljzmg35dFbMbSePjVuIXu7nDB2AcYrBZOEPBWAzWQP0E2BuL8RviC6b2iW5xDn8Oxb4V1bQfpuanwOCuO8CFaM6CKMT+gcm4mi24Y+ExdhEXYRUHgF0o6T8NIyT38W3T6JSv+8AjYh\/EICGCtdet86PUP+8ILPMO9M571oa0CK1DqxDYkLcPJuVb81SPyQhPPYphSXj2b7PWQ3LZflyaU3aLMtvAtPIT62J4Ry3tua8qd4AWLaofQ6h1cxkP9dDVZdz4NJYWX6YjF4xc7HO2eO5O2xHVBtA1sTHXsS5mT78+r1dvNoZDnGNQ84QqK2Ba6BsDpTAYX0GQ0Eoa+ntbWChrHNnKKpTM1PfBwptRb+KNh5ch\/YXB91ZlID3AETwQROYn7vg1VHn65snmKOcB0s9Vefe5mbdtTnmSwb3qwFqelpB4AegKiIvKwf8\/E3y5GuTj0aASu9TcatYfIc9gfxgusa3E\/rA9cI6ER2hSBDDnwWYswE6p4EzIqcEFyKpKEQrEa9+KNdE8t+9D1Z7VGFeuSf2xj9XeeDaP7x6+e+f3JQJEISmOgq6h1xKIkB+6iMmsmAxyhykQxWs+SjCFKx\/WTsRprHXUBVT3C11iqGpMzc4ZSBomHmQ=="}
02380{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":581730,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAgXUr2oAADUGlmRfZRg1wKgCEQG7xZzFmMVAIt36JIAQAOvQhwAAAQEICojTPtYR3++srcLGnObwJWh1KtD5HhIBsggJqFWar6cSoSIwWqAUCmaXGHrihdiGEE8ZXENRE0znJCnkqAMmVRaq0pL6cruev7aHQVZGlu8dzZV\/vKN4Jz1AYs1YgI5A4AB4XLrNHDN8k+mOP\/+G1rxDd9tziZ0YQvQbqHJdMLXpTPo+q1fhD2vpI5Pm4Xftd+Cg7wRXMkPkKZUritmhuTOk5X6PYJZuxn57J2rbuNG6jpnITDJo79qBjfsBCf7pXoUcI\/wffxl4pPkjiYYf71HyG4cIg9WiWH1he83Pae1py4t7IIJgilUJQFX1jRK0np+GsQIMqZcGssLjQkUqW2cbBg7H0A8JHOvk\/hqvDpLjdX0LjyhVZ2IdDf0CHGW\/rcX06TH1BeEkdhFRYvc5Kj2lOMeY8waeWe8OtLkMbXjex5g5bB9Aikot7jZ5R3gZtaDtqM04\/2CUa9Z6xPwOWJ7AeFVgKFQrhA9bjIy26Hrto48+IMunzVyXVnFGSf\/5DfavR6WWkDmBsIYR9I4SNdosuggT9nONeG\/M97xpIiruF0uRcQtRkW4SE6SiuIXWFmjcAaN7QCivKiYfB6fh9nH7OoKJ1SoX+yZL3ii+I4vzIZn\/Btkd6CQDFdmmrwaeWHKhQqjCKzKm2BfjOFjc7AOam09OBJxztdhvQpAIwWqOYMjA8azCWJy6RU9kcAnHGvQxRSwzFnDzbIdqtYRU\/OeSEy5Ztd4KZrvL9noxmkt2wBYuz1blaCbTrGbw9WgOHVGzncvMZB3edtN2N0jPjdPrEx+wx6BkJiY9aIUXFgz0MqYfEq1d7Z6eQWA6mXZj2QYwM0i5q46qyJ80ZC2IHHQGAgeKTB1KJVI7z3TH5bBC5iF26KHUWheopOmVB956LvUkLq0aZCmES0bJfdXQGgqWmGgxEVOAvxw\/bwQUulXvhrS4+SAwUWR+DEqOZvfq+aPYGkxM0SdQVkzhJgefYVP9nrU8FPQd8ykxsrFhNU3lO5WvjK2zaTODgEjuPQbCo8Ud7whhr92bQt5wVq4nppGqVsNPGS0aTH5Ie3KCyfgE9sULHSOStDSgO3ozIkAu1vxYKGVxz35QBv7C3VdKGfdO23r4mh1DnU+fS9N3LQRz9qWSSrl6RGmYMqDEMuKogrkiIK39f5JefcLtdgWc8sMpftz0wCbf2i+tDi2cLg\/mCuVhwddeZj\/SPBa\/z4U++DVs3H5E1QghU5K\/LrZ6Clh82FCY0\/VUq293bkKfJz2ozKPjH6iz9vzkX2v7XjnL\/S2GplxNztI+s9N6Kyd78LQyBjD5cwnWXNZWoWHkro4OydglYIjzz6cqEx\/vpJ71q3wAlqL8ClfGKFG25kvQHr8LW8nDjnsGbbvjEakY8dRo7KHDbC0vTeJMzChpYPz9rH8xRr1FRvD85DfktMk3ySazOH5ThUd8rROoDYREah+MyYW8iT5nLKWisQ6bdKAPkoNJk8QWOC1GPGY2CUVIQhfGmsmMN21PsgDHh2u3k2t\/cPcq1dgY\/AfkXlNhg9ALTaZoFjUgTa9FQ0VQX+5DLucrsQ4uCuZBw2f3+FYkxj978rH4COsV\/d+pp4gwMV6rbFezXVaR\/\/3Lx7PEBCpBe1dehJpGI4CojENI0lAusubM1w\/iM+KdbdRj4e8LL+BpjtdndBGDa+LPYk74YR9ntiBhIN+Z9qsGgNRgMA5Ziau5wCW9tfpns4Td0myWARox4iVsK9i5\/0WapVO0K6\/4pjcNGtMFtJbSD4YrFRiYvOqgpjhuSf6ud0+xpQQuRe3N3z06z4+1HYWPTq+5cm\/QZQQVTqncwJ25\/Qeirr++X6j8DlTWD1ck1aLARV+DSdOu7ILHkALwnvPtyFuQ\/hvuu66\/NvAOF9q8RyIOJ9jVo6zsHHopgv1pC8AQfh3Tl+MKHX3Q8qUS9uoi"}
@@ -453,52 +453,52 @@
00427{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":617961,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGAHHAqAIRX2UYNcWcAbsi3fokxZjNvoAQA\/r3QAAAAQEIChHf7\/SI0z7W"}
00538{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":639449,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAgCEAABAAEAGAB\/AqAIRX2UYNcWcAbsi3fokxZjNvoAYBAD\/dQAAAQEIChHf8AmI0z7WFAMDAAEBFwMDAEVUOOj2tGvaINrHyVOhP0kBTB8LDlsPjRKAV8G0PLMBWW4ePVJCAbmXcCnjrI+JyeomJ1V4BzSnP+GW9fNRzui7ZvfHi3g="}
00491{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"iphone.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1582454600,"pkt_ts_usec":641576,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xiwDYGpkxGGLNYKpCABFAgBiAABAAEAGAEHAqAIRX2UYNcWcAbsi3fp0xZjNvoAYBABgXgAAAQEIChHf8AuI0z7WFwMDAClRVTUdkgd1Ri8nQFNd98VjxkuZgkygicyhmvcNiVIlazT8aPL8dJi3aw=="}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_tot_l4_data_len":13378,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":535,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_tot_l4_data_len":12335,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_tot_l4_data_len":75712,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":983,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_tot_l4_data_len":8941,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_tot_l4_data_len":8893,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":44,"flow_max_l4_data_len":210,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_tot_l4_data_len":268,"flow_min_l4_data_len":50,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_tot_l4_data_len":2156,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":43,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_tot_l4_data_len":4889,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":407,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":46,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":56,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_tot_l4_data_len":1987,"flow_min_l4_data_len":53,"flow_max_l4_data_len":1194,"flow_avg_l4_data_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_tot_l4_data_len":7495,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":535,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00455{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00436{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":47,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":45,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_tot_l4_data_len":616,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_tot_l4_data_len":5910,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":40,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_tot_l4_data_len":6219,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":47,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_tot_l4_data_len":1905,"flow_min_l4_data_len":370,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_tot_l4_data_len":242,"flow_min_l4_data_len":49,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_tot_l4_data_len":10676,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":74,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_tot_l4_data_len":1958,"flow_min_l4_data_len":53,"flow_max_l4_data_len":1165,"flow_avg_l4_data_len":489,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":48,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":46,"flow_max_l4_data_len":101,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":39,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":47,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":46,"flow_max_l4_data_len":187,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":39,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_tot_l4_data_len":6496,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":324,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_tot_l4_data_len":6518,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_tot_l4_data_len":9966,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_tot_l4_data_len":10515,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":375,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_tot_l4_data_len":217,"flow_min_l4_data_len":39,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_tot_l4_data_len":1135,"flow_min_l4_data_len":32,"flow_max_l4_data_len":728,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":8,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":40,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":47,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":25,"flow_first_seen":1582454598252,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12558,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.140","src_port":50575,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":45,"flow_first_seen":1582454598587,"flow_last_seen":1582454600617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10875,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":77,"flow_first_seen":1582454598721,"flow_last_seen":1582454600748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":73228,"flow_avg_l4_payload_len":951,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.185.87","src_port":50581,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":32,"flow_first_seen":1582454599225,"flow_last_seen":1582454600287,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":247,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":30,"flow_first_seen":1582454599740,"flow_last_seen":1582454600279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7913,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.176.75","src_port":50586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1582454598542,"flow_last_seen":1582454598582,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52852,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1582454598205,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63143,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1582454553219,"flow_last_seen":1582454596366,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":2100,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1582454595839,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1582454598246,"flow_last_seen":1582454598287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":51007,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":12,"flow_first_seen":1582454599396,"flow_last_seen":1582454600443,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4485,"flow_avg_l4_payload_len":373,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.137.166.35","src_port":50585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63377,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1582454598204,"flow_last_seen":1582454598247,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63381,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1186,"flow_tot_l4_payload_len":1955,"flow_avg_l4_payload_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.225.216","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":14,"flow_first_seen":1582454598888,"flow_last_seen":1582454599079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"104.73.61.30","src_port":50583,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_first_seen":1582454598885,"flow_last_seen":1582454599226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1582454599054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53272,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1582454595352,"flow_last_seen":1582454596370,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":600,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.17","src_port":67,"dst_port":68,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":18,"flow_first_seen":1582454598385,"flow_last_seen":1582454599058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5314,"flow_avg_l4_payload_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.130.2.46","src_port":50577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454598412,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1582454598766,"flow_last_seen":1582454598934,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5815,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.122.252.82","src_port":50582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1582454600454,"flow_last_seen":1582454600494,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":63677,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1582454553607,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":362,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1881,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00447{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1582454595354,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff98:a29c","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1582454598209,"flow_last_seen":1582454598248,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":61862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":34,"flow_first_seen":1582454599934,"flow_last_seen":1582454600426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9568,"flow_avg_l4_payload_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"92.123.77.26","src_port":50587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1582454560698,"flow_last_seen":1582454560698,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.1","src_port":5351,"dst_port":5350,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1582454598373,"flow_last_seen":1582454599396,"flow_min_l4_payload_len":66,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1582454553606,"flow_last_seen":1582454586688,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":1157,"flow_tot_l4_payload_len":1926,"flow_avg_l4_payload_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1582454598212,"flow_last_seen":1582454598252,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":55914,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598756,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":64203,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1582454599065,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62160,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598759,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":49880,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598758,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":53983,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1582454599073,"flow_last_seen":1582454599105,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":116,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52031,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":20,"flow_first_seen":1582454598416,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5836,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":20,"flow_first_seen":1582454598418,"flow_last_seen":1582454600719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5858,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":50579,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":27,"flow_first_seen":1582454598377,"flow_last_seen":1582454598754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9046,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.25.53","src_port":50576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":28,"flow_first_seen":1582454600508,"flow_last_seen":1582454600678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9599,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"95.101.24.53","src_port":50588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598760,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":62526,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":9,"flow_first_seen":1582454598387,"flow_last_seen":1582454598716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":827,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.253.105.202","src_port":49152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1582454596364,"flow_last_seen":1582454597360,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test"}
diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out
index 8bedf1a5e..288d25309 100644
--- a/test/results/irc.pcap.out
+++ b/test/results/irc.pcap.out
@@ -1,5 +1,5 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1387554241634,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1387554241634,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":634815,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="}
00430{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":665525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":665548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"}
@@ -7,7 +7,7 @@
00419{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"}
00443{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695673,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"AAAMB6wBABNyxPHhCABFAABF\/+NAAEAGJikKtJz5JuVGFLNhH0BpMfDpkRUtNoAYAHMU3gAAAQEICr7CD2IwSCUWTklDSyBtb2xvY2h0ZXN0DQo="}
00504{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695929,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"ABNyxPHhANAr0XYACABFAAByCCFAADIGK78m5UYUCrSc+R9As2GRFS02aTHw6YAYAFuk2AAAAQEICjBIJRa+wg9EOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogTG9va2luZyB1cCB5b3VyIGhvc3RuYW1lLi4uDQo="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
+00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"IRC","breed":"Unsafe","category":"Chat"}}
00419{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":695943,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+RAAEAGJjkKtJz5JuVGFLNhH0BpMfD6kRUtdIAQAHNSyQAAAQEICr7CD2IwSCUW"}
00488{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726130,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"ABNyxPHhANAr0XYACABFAABlCCJAADIGK8sm5UYUCrSc+R9As2GRFS10aTHw+oAYAFuqEAAAAQEICjBIJR2+wg9iOmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogQ2hlY2tpbmcgSWRlbnQNCg=="}
00421{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554241,"pkt_ts_usec":726146,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+VAAEAGJjgKtJz5JuVGFLNhH0BpMfD6kRUtpYAQAHNScwAAAQEICr7CD4AwSCUd"}
@@ -16,5 +16,5 @@
00494{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554250,"pkt_ts_usec":645455,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"ABNyxPHhANAr0XYACABFAABoCCRAADIGK8Ym5UYUCrSc+R9As2GRFS3baTHw+oAYAFsCCQAAAQEICjBILdO+wg+3OmNhcmQuZnJlZW5vZGUubmV0IE5PVElDRSAqIDoqKiogTm8gSWRlbnQgcmVzcG9uc2UNCg=="}
00421{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554250,"pkt_ts_usec":645480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+dAAEAGJjYKtJz5JuVGFLNhH0BpMfD6kRUuD4AQAHMmewAAAQEICr7CMlgwSC3T"}
02358{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"irc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1387554250,"pkt_ts_usec":647295,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABNyxPHhANAr0XYACABFAAXcCCVAADIGJlEm5UYUCrSc+R9As2GRFS4PaTHw+oAQAFsv4QAAAQEICjBILdS+wg+3OmNhcmQuZnJlZW5vZGUubmV0IDAwMSBtb2xvY2h0ZXN0IDpXZWxjb21lIHRvIHRoZSBmcmVlbm9kZSBJbnRlcm5ldCBSZWxheSBDaGF0IE5ldHdvcmsgbW9sb2NodGVzdA0KOmNhcmQuZnJlZW5vZGUubmV0IDAwMiBtb2xvY2h0ZXN0IDpZb3VyIGhvc3QgaXMgY2FyZC5mcmVlbm9kZS5uZXRbMzguMjI5LjcwLjIwLzgwMDBdLCBydW5uaW5nIHZlcnNpb24gaXJjZC1zZXZlbi0xLjEuMw0KOmNhcmQuZnJlZW5vZGUubmV0IDAwMyBtb2xvY2h0ZXN0IDpUaGlzIHNlcnZlciB3YXMgY3JlYXRlZCBTdW4gRGVjIDExIDIwMTEgYXQgMjI6MTY6MTAgVVRDDQo6Y2FyZC5mcmVlbm9kZS5uZXQgMDA0IG1vbG9jaHRlc3QgY2FyZC5mcmVlbm9kZS5uZXQgaXJjZC1zZXZlbi0xLjEuMyBET1FSU1phZ2hpbG9wc3d6IENGSUxNUFFTYmNlZmdpamtsbW5vcHFyc3R2eiBia2xvdmVxamZJDQo6Y2FyZC5mcmVlbm9kZS5uZXQgMDA1IG1vbG9jaHRlc3QgQ0hBTlRZUEVTPSMgRVhDRVBUUyBJTlZFWCBDSEFOTU9ERVM9ZUlicSxrLGZsaixDRkxNUFFTY2dpbW5wcnN0eiBDSEFOTElNSVQ9IzoxMjAgUFJFRklYPShvdilAKyBNQVhMSVNUPWJxZUk6MTAwIE1PREVTPTQgTkVUV09SSz1mcmVlbm9kZSBLTk9DSyBTVEFUVVNNU0c9QCsgQ0FMTEVSSUQ9ZyA6YXJlIHN1cHBvcnRlZCBieSB0aGlzIHNlcnZlcg0KOmNhcmQuZnJlZW5vZGUubmV0IDAwNSBtb2xvY2h0ZXN0IENBU0VNQVBQSU5HPXJmYzE0NTkgQ0hBUlNFVD1hc2NpaSBOSUNLTEVOPTE2IENIQU5ORUxMRU49NTAgVE9QSUNMRU49MzkwIEVUUkFDRSBDUFJJVk1TRyBDTk9USUNFIERFQUY9RCBNT05JVE9SPTEwMCBGTkMgVEFSR01BWD1OQU1FUzoxLExJU1Q6MSxLSUNLOjEsV0hPSVM6MSxQUklWTVNHOjQsTk9USUNFOjQsQUNDRVBUOixNT05JVE9SOiA6YXJlIHN1cHBvcnRlZCBieSB0aGlzIHNlcnZlcg0KOmNhcmQuZnJlZW5vZGUubmV0IDAwNSBtb2xvY2h0ZXN0IEVYVEJBTj0kLGFyeHogV0hPWCBDTElFTlRWRVI9My4wIFNBRkVMSVNUIEVMSVNUPUNUVSA6YXJlIHN1cHBvcnRlZCBieSB0aGlzIHNlcnZlcg0KOmNhcmQuZnJlZW5vZGUubmV0IDI1MSBtb2xvY2h0ZXN0IDpUaGVyZSBhcmUgMjIxIHVzZXJzIGFuZCA5MDE2NSBpbnZpc2libGUgb24gMjggc2VydmVycw0KOmNhcmQuZnJlZW5vZGUubmV0IDI1MiBtb2xvY2h0ZXN0IDMxIDpJUkMgT3BlcmF0b3JzIG9ubGluZQ0KOmNhcmQuZnJlZW5vZGUubmV0IDI1MyBtb2xvY2h0ZXN0IDEgOnVua25vd24gY29ubmVjdGlvbihzKQ0KOmNhcmQuZnJlZW5vZGUubmV0IDI1NCBtb2xvY2h0ZXN0IDU0NzQwIDpjaGFubmVscyBmb3JtZWQNCjpjYXJkLmZyZWVub2RlLm5ldCAyNTUgbW9sb2NodGVzdCA6SSBoYXZlIDIzMjQgY2xpZW50cyBhbmQgOCBzZXJ2ZXJzDQo6Y2FyZC5mcmVlbm9kZS5uZXQgMjY1IG1vbG9jaHRlc3QgMjMyNCA5OTI3IDpDdXJyZW50IGxvY2FsIHVzZXJzIDI="}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_tot_l4_data_len":7959,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test"}
diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
index b709820b4..d374114b4 100644
--- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
+++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
@@ -1,9 +1,9 @@
00500{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00477{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":744830,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00213{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":114,"len":118}
-00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":80,"flow_max_l4_data_len":80,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00515{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":744830,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":80,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":80,"flow_max_l4_data_len":80,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1505724520744,"flow_last_seen":0,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
00511{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724520,"pkt_ts_usec":947456,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
00469{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724521,"pkt_ts_usec":281457,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00213{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":106,"len":110}
@@ -42,5 +42,5 @@
00216{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":1202,"len":1206}
00470{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1505724526,"pkt_ts_usec":501639,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
00214{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","caplen":106,"len":110}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_tot_l4_data_len":6048,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":224,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00152{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test"}
diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out
index 77577c180..3f95ec79b 100644
--- a/test/results/kerberos.pcap.out
+++ b/test/results/kerberos.pcap.out
@@ -1,187 +1,187 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1549337929790,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1549337929790,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00732{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":790448,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00782{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":790962,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+ExRAAIAGfbSsEAgIrBAIyQBYwAVvOdOesp21NlAYAQCkkQAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDBjUgpgMCARmpEBsOaGFwcHljcmFmdC5vcmeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1549337929811,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1549337929811,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00840{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":811952,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnABtAAIAGkISsEAjJrBAICMAGAFganBtaQ2U1slAYAQDaGgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4YERcga5zFfjuo7+oqo0hJ6Udj7efOwOKKYJj6PKpxuETgzDcdt27IvGW9sEQ18QPUV\/drVuLVBwwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOaGFwcHljcmFmdC5vcmejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDmhhcHB5Y3JhZnQub3JnpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETsAWF6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00568{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":812641,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYExlAAIAGflWsEAgIrBAIyQBYwAZDZTtmGpwcmVAYAQDnsgAAX5hri3Z\/opje40K53kwDKo2\/CTegm0pJkWpLVNFlnn\/MakUFXqKHv4CDtH2CbQqvJq\/ecJgxH2EwrzVmUcQk2zqXXjIwbkyszZ9\/Xc6IEgQ4qiI64lPzINS7ueVTbdUXk\/8v52QxoGdMilBjjWTAcQ=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1549337929815,"flow_last_seen":0,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":157,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1549337929815,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00594{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":815091,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxACFAAIAGkTSsEAjJrBAICMAHAFgBsoC8gS4auFAYAQDUqQAAiNeE+tCJIo9Cz1KFHGicigIlxkFIEVkb70vifDKvvi6NwB24GlkehWdocuUvESpeAqtSofWtuKDm2yskVOheE+r4DxaQxRLncJy9zYBP+p7ofQvBukmarkg+oY3ctA8jgj5BSy2yi42NlxJjhcjuX3ByLG+GD20zq41Le0TbPh0TFS5qkRb0Q24="}
00569{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":815994,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbEx9AAIAGfkysEAgIrBAIyQBYwAeBLiBsAbKBRVAYAQBP\/wAA1H56bb56rLTzhI\/so6pGl6jILu03bHY2ZWl4A41JY07Kavo1sQRKhlNPx3vE\/LdSF6BX6NLW1Fm3Tdmvr7ZEbPWOq8FZs9c0RBY7wJbwPUW44FlC0vhqJn1yGB3K1Fxl0gPqAAMzMrhupJQMQzjV4fgdag=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1549337929816,"flow_last_seen":0,"flow_tot_l4_data_len":1451,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1451,"flow_avg_l4_data_len":1451,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1549337929816,"flow_last_seen":0,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02345{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":816676,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/ACZAAIAGjCGsEAjJrBAICMAIAFgkzleN\/pyBM1AYAQCd1QAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1l4LwpNuTjPo\/WSca61wgawIInNQ2vTGqwCxtV1QigPfApKXxUIq16oPsvd5TUFFBoZ3psSaal0IeVBLFx\/BX1XOMXvlpVRB9MsTpZwTQ9ax1GLB6I2i5bbUZpknsnBAKrSXL695P06nXI2pxBPckcoFwJAlSBEmG2XByE8IS7rO1EarXMbJ6Y6aTY3qAJfaaRab4vHhRG2Vuf+5JWuR5w1NLPXeeoD\/rArSk0gCVLkR21SKfZcS\/vqPldqO0np7TLmMBVoYjsl6PiI0+4z2cMBft\/qbxRIxb8y1vWhjoJ64ue7lCoT2cvFOdVWD\/WH\/fANzw0ML9F0vLIXCgI1qi1sWcerxATeYpOyo7DWpsJioH9jxAPx+B6RM+9U5zQIKM9BdT3C3olrkQMfOua6FPtyqIt9kVcakdowBTS4+NidzK5sGlYIRntlAxGR8YU5brzwGdboEMfsAHK11qtTE6t\/tDmgr1+cFgW34p7q9yjtfw3IlMfNtNF6cVYmOh6G5Wnxcfjqbsrpj7Kw6mjBwfKtaYNJG6XthlVKo9I4FpdysFIteChs2N+mQtafp0AWZxKjjDKO8sohbJklYhyoJOto52hds26FAU4LmrIc5fMmADp1PG\/tBDi0BnZ3SimtoeWyM2fnwWhBrH67Gc6TeKPHSeyVFwR1fSnMxZTlzS7KXwLa62U6BZ0WNCBZzIdUTje6\/aUFTq4XeeR0Z7Vh6Z9DZ9om\/9wiQsBPMMalPRPnqfmOZT7HV5yr74UqmbVg1OWh8En3RVYoEzl+U9UxwXXFIR5zUwJrSv4BRCrfouK2f87lMtCFEg\/zEl+Ya6jB+A9XZfPbLOpJ+x1ZsBKiE7MFw9X4cPsiIvoIaHcwmirVOaa9JrhuL72qg0GrV2LWFm+xJt5NjWGhgRHFok1jp2URmHs7J3zvdeb+nbPHLvYUdtkqwb3aoYEr1Xmflw8UpDr6MDbT2en\/\/11z39903bvFGohUv62WN4swCRiY9JjXJUs610D4Xxus5+CL0zgzTQQAxEvC4LL9CQELhrXgdhbQmsotNytXnsgYuKhF4RMS5q5UH8sx1AGsmSntAJ\/W4iO+\/MbV3oU5HdPpcERFm3hfRy\/GBSS75vadxxOcRHZA6iF9\/pQ9BlFHhHcWkaQuZyUL6qH1sbSQyui0sXjtHojjpnPlsTpEM9hpMt6LhooASI6ATNe\/Xw7kB+HTJthDR\/bJnXbftcEdtnk7dLQYL5MfhSH8BDyuI9MMLmdpozP+V7mPT5HhUnsqRSQWCVyfiuDhL0shZpk83f0xNTTmK8fhSYF8Q1BGkgZwwgZmgAwIBEqKBkQSBjpT6WKZ4R5UUi5WTtSgEkEd7jMLa6AoUPu4TwrcLKGcmB9vngXIzOhZvqCgHdzOkHetRjgLUyTIXem1PFxz6mY8TxQcIZDyb19SN3Nd3sKaxs2IYEv7YHwXG6E8LM8hJLH2m\/TyiwnWxB70uZ574gAkF4FD1Zq+qMVWQ8VxsOQkGL92ElZ2TaAS4GGYCEnUwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7NBe6oBTADAgES"}
02370{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":816935,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"pkt":"AAgCHEeupB9ywglqCABFAAXMEyNAAIAGeResEAgIrBAIyQBYwAj+nIEzJM5dJFAYAQC28wAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9ZmgNa1dr3wGd87q5o3XWLsTIWysbTgkwJr+Tn54CyV4AH6vlEgusASRdJcyvN0onPWOO9TStPkihUEobLQ8WG5\/BAe\/pJm76NJeRjK9kGGi8G\/0XbFCYSPepa5PQwmUgAjsgxX98uOoIoeMgpxrDD2I4YnqT0o9T7E4u8XbTiIf+v3cdcN4dCZ+EoTKAM9GSdtpSP62\/Xb+2PxUXMWzXRKdBV4GPRc7M\/f3KRdK529+2pM4yLgF6mfdzw1YttOYiTQBSOIseZU5L5pWWwIAYUeadQLWeGW7MCmuOiezPfzHOKXT\/hMqEB\/2Egds2KA7Hm\/oP01r9IU6p42tCtn+I4EWSm5ZkiMAIXP6SCiOdO2PbdtR\/4GK9kZARZpgtLJG+aGmFpRzNAdcgcLMHN2OlX0J6+piruBM7Ww3kqLpZgruCuGx8K+d\/8FApmAeWnLmXbD3fu1T00fGd6fdKrkgCl98Sy4I0iKgJr019SubVPh\/tLfXvOPHFTskrZiab\/lkJMa\/lcaCHUWtHfBuxSsNJt7gody42oqvvYHikEn7VlQJDi\/u8KzU07HljjjoqhCYV678B3YcCsVdGefRzEoUzSdH\/BYJGW+CkosfzR7MiRBWyvn77tCF67oxZ3T5EhVst6OUOt05ejCBeF0j2P8Sa6RL1vPg6TCt7KX5yXzGdJtuRQYFzwHms4Ux+JYQXrmLh2ixoc55gWooUap7xcPOrj9EtgR7efu2PqGQVuytvq6rdV+3QUFA8AufxbPXK507+RBmLMcLcxZAxOp7SQc\/Ay3c\/ORhr+fWLV6VFfX75zufwBySCOGvrbuFXK0SnMVFwylor3lGY2Czl7Y5QKDcK4+FS+SJKTqaxj0EFxa2D+DbGLwbVt3zt9+tPhI+pr7vL0LtIL0O055Y3MLTTiVoB4FnEuGzQivRnPbXzFFcdCIUDcAh26XtB4LCpmd+fBTcLafa5ZKQ2nsR\/2LH7kpZxim50Hcvtyd5PzGPwKSVk2Q+psnZ0IehfsbwhALTs\/RQSOb7Rq41AGgy7OAH5YvpBKSd7qUDfb1gtLh6EIYhMprEuGvAg42lOnEYktaA8Y0X4PyM72xSTA9ZN+CxfcvwiIlvHf11TL5C5ZRBUy3du\/RJjPcfxsjqIdqVfXMDys4DGOvXOODvANQyMdpD2WSRWTBduQ+1useq7xNugt3rmAScfUohAT\/giN4TexFk96WUfGs376rRqExitzbuece0s6lptdaN+3sKDC1NFILlW4MQPBHpc3ComgefM9jAmeqLxMUur1iJW82d2i1F5BNiRpTZEFf7MD9poIBJjCCASKgAwIBEqKCARkEggEVQDvO7+WVQbXswJT\/WKenjoLOTOUb7xtnQSDSvTALA7cFBjKmG7py2Ll3YHsUrZQaKL2ZgS2bNcKYx\/3+lfvv+kAlvcN39ExBH9j9AGm8H1cRnFwNhRWCETnioXg\/P1Y2p+e3F0h6bOneEdLiePwHJv9FonrRV61HKyJDpzH6E0h5BR7t2eo\/60DJORIRuiguwoofBgNuIj9IIWatzAufVetcbqrWIpOgXa8Tl5itQ\/bI2zF6hwUS3TRThkmm+Lz7J7LBceoySEetzaEsRZtQYN6tENYmlD5+VEJvmJ\/Gk593lHeRAE07ZMXwY1fmEib\/vL\/sBgCUMH7CIYMAL4GjstMrJCbIeZhyoYmoahgOuedSq46aMw=="}
-00603{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_tot_l4_data_len":2915,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1464,"flow_avg_l4_data_len":1457,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1549337929817,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00615{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1549337929817,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00718{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":817554,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"pB9ywglqAAgCHEeuCABFAAELACpAAIAGkNGsEAjJrBAICMAEAb1XsKRSOc8tT1AYAP5XOQAAtEaCpoUNMQEcRu8rXL+flRkpXPhHudnte7juaoAeTLu\/yTOr\/klMHDKYHSz0JIIsigIVsBaMl3PyJLoeb\/thjoYGSwkEC2m4nRdpRXAof0BuI3WnXPinh7MhPVCaTGyJNfqfVu\/1dc4+HXKYy76MWWV4zUtzQAeAZlVdIbuoLUlvFXjFSw5Ryb7lDA5ay5XLMnQY1U2bYUt6MYxBsLvHXZpUwBGPjxstpVTddlgnyYV1MOsJQv5Du0utIGTzTo6LpQrGUrUbi+j64I7Cmr+KeRuwdhEzhGbc+mJlwRYjD6cvIxA="}
00766{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":818281,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsEydAAIAGfbOsEAgIrBAIyQG9wAQ5zy1PV7ClNVAYAQBD3AAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAIAAAAAAAAA\/\/4AAAAAAABZAAAAAAQAAM9KX1xrFqd60K9wkt\/rc1cJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbaDd4i7\/ItyR1a9jC52avEiTOhersM4IXB2s8eeK3O+ftonNzS3toSakh8sE2tBVm3gbqMBKq1zSZzBBR6cu+Hrjxp\/3xoJEFPVC\/4y\/BWmosce7zt2RHazTIcgt7F0qD+5oY0gWkTgMB+VU0Ro="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1549337929981,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1549337929981,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":981761,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"pB9ywglqAAgCHEeuCABFAADBADZAAIAGkQ+sEAjJrBAICMAKAFgVCzarRRAS7FAYAQB2LAAAqoGWMIGToAMCARKigYsEgYi0+C7lIM6lpWfLcf2ezyusajpC0TYc1OX1vmb3DhkyjRtC5TeZRg9Wzt\/ubCTSXWpwv+zrJOhZpUKxM\/PhogQbKSmJJuvTC3n4CxJc9SponZNFKF1Kt9\/yiDsesCZaEKdbgZEf1rZ1aHAiihciexKw\/Qr8RPyDjBEhr0yc0K8+XP7zeT3kqKdm"}
00579{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983015,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AAgCHEeupB9ywglqCABFAACmEzJAAIAGfi6sEAgIrBAIyQBYwApFEBigFQs3RFAYAQCNWQAABoWQU5dMx7s3k7lFXcqa6uoE3YqM179MtGFm5Pp0PzGMSHM6ikhCYuxEbF8vf630PDV4M+ymDkgmnA6LZ83pNOsEhGLNGEwQsGjuja+QpA2dd9fjedDg4z2eYZ9DeqXNfMVtviu+Fd00prhwc+9nnU9I900bDPmSAhZM9lsL"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1549337929983,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1549337929983,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983344,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyADpAAIAGkJqsEAjJrBAICMAJAYUOQjJnSJfL+1AYAQBrWQAA8TZc0LDMp13P2bhHUwE3wC3znhyPA6u84KleikgMfgmc3jalHTIxDwXMnjy\/W4F7\/2WZoUcx2XOew9rGWayLePl5BZIz7shN5PFXYJc\/9PAyv29TC7M2XLiMKexhyeYlRE9uvUtK9DAnR\/ttWEC9zdC56cQON1H8q936tfR+Slz7RKm2uwASDHI8fSFcEQQxtgqaAo4BBsj3qlqLB0lXoxQ8eGOcEVy2\/38vMlSj+c\/3tdAxc+T2J+ChqVKK6Ti6p9NJhgfdb6n6Fkr1nJ\/E0PHo7Ab3tBkqkSpNzV9oaIDc\/AnEKYXHdAsdm\/IAEKeNDZ3xj3dnB41oCyCZcvi9r2HqvrS9bMHFZEs="}
00694{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337929,"pkt_ts_usec":983901,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6EzZAAIAGfdasEAgIrBAIyQGFwAlIl8v7DkIzcVAYAQBePQAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1fPlG7bKWdrh2HD6cpz+MijBmfhDcDSHRgxosMnwcbCi1ZRnrViGBtMC2nQv6mVUDSJapX\/mZgtc4l9ALb+\/jokxskSCIt0GZfBXlBh6SOp7g9nc\/2WT4mG5e+fctttNW4KixsBWTLsk4U0TsD"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1549337930192,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1549337930192,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00733{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":192989,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXAE9AAIAGkKCsEAjJrBAICMAOAFh1zEKiBQpS4FAYAQB22wAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE6HHTSoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00783{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":193305,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+E0ZAAIAGfYKsEAgIrBAIyQBYwA4FClLgdcxDkVAYAQCvKAAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OFqlBQIDDGWApgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1549337930214,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1549337930214,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00840{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":214154,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAFNAAIAGkEysEAjJrBAICMAPAFhOqMfQDl0Bb1AYAQBFdgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4T+8E3pUi7h1ZsZOoIXjjwvAQAgQGpJXHn0jgIAIbXQei+GxBZQViNO7UVdhzj5KUys1PXrvG2C8wEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLam9obnNvbi1wYySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIETocdNKgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00563{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":214775,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYE0tAAIAGfiOsEAgIrBAIyQBYwA8OXQcjTqjJD1AYAQBZNwAAQBgDyB6VZPxID+fu9kcivDlP7463Dy1IfrYrHVzuJLB3P27gpkccW43Mtu3NrktwKAyme0Z0QNo0JvH3ppwCLvPborHS7i5Jp9I5pxLf5LZX6AlmVea2udQa4ufUWkijqzhrShLiqrevOUKPGzj2OQ=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1549337930217,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1549337930217,"flow_last_seen":0,"flow_min_l4_payload_len":153,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":217118,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"pB9ywglqAAgCHEeuCABFAADBAFlAAIAGkOysEAjJrBAICMAQAFhuA\/SQrSTVxVAYAQACWAAAqoGWMIGToAMCARKigYsEgYhFQhzXcnmj64Ly0uBtjkMUoTuM+x\/rpAOTUWDkUHAspBDcB8geScaOnqOyTgnIEt9ORSbyaLGh7aDpqWoX8LkoU9AsGNn4U6LRjikWi59PfjQn46P9BY0tn6JOEZn\/IKW+bzyhJYK72MU5dfE\/Y9v1QP4pOcMGsyTXEkOUPDq6y5KpwHUNPs1e"}
00585{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":217937,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AAgCHEeupB9ywglqCABFAACmE1FAAIAGfg+sEAgIrBAIyQBYwBCtJNt5bgP1KVAYAQC1BwAApQG9zo7oa2HyeKU61c2m29Ax+Ioczo4ZbPhC81jR0pDanr7lBKhJeMuGW\/uva7FyAslnHaJSlZ\/JCHVy9T8T0Ut1tj8cqy\/o\/YC+6XwQJV1\/l63dulAmK8KMVnuSbTDSVBQ5iahKxwLlZ8cbK3LMBirQeX8FcESDlzlIPsVQ"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1549337930219,"flow_last_seen":0,"flow_tot_l4_data_len":395,"flow_min_l4_data_len":395,"flow_max_l4_data_len":395,"flow_avg_l4_data_len":395,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1549337930219,"flow_last_seen":0,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00918{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219494,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"pkt":"pB9ywglqAAgCHEeuCABFAAGfAF1AAIAGkAqsEAjJrBAICMANwANTRo4+sysn9FAYAQASVgAAOJsrJlDNtr7H4lcner+4Ya97utGtvfHqO\/A9pIIBWDCCAVSgAwIBEqKCAUsEggFHE7YBEd08uXxTAz9oATIBnzsu+CIXQ7IKgHphso5XWVrf1UwI0kS3bNe0YDIltyDk2xHWA\/s5Rnf1JAD5LdMYfWfRtly9XMnusGEqHhr+HUrsB70ut1E9AZfE9oDmCRiRKgSi\/yPqeUdMQ3mTdU1fxpZbOqOrcP2UxT7TverwRJibh+asJMQhC1cH82k0XRAktx95xJlXR3QKNE1DR8fsq9gq2Y16fmA9gsztPUDC4IkAL71ItK34puHol45q2g1+vM2umAkKTXGS4uZkIzxH5rv1eNIbWz6GtEw1jeT5kTsqyd\/cgQicx4yHy9VJKmfjweCCyOHHgJ0JONAYKLNrmUspunn\/qiNj30BsQPTsl8DziFoWtJvBGiR7UAPGmzNl3CewZOrjtG26JZPGTaTuBek+GwxKg7cb\/ze4riey9Wnfq0rUqdvf"}
00794{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219495,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"AAgCHEeupB9ywglqCABFAAFEE1VAAIAGfW2sEAgIrBAIycADwA2zKyf0U0aPtVAYAQCiqgAABQAMBxAAAAAcAagAAgAAANAW0BaHIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbZHvDki757uIRa6348vky4CmSXJcuY8x7Y1L3GMPoboaFC4AmaVBuECBYLv9qMZx8MRhhEX3NAubRHjTv4BhutqH0onvuRNc5YNBgbuLmx\/PeM5pC\/bambRC96DP0B9XtGxHF5b6I04IhLGs2Ss="}
00717{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337930,"pkt_ts_usec":219495,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAF5AAIAGkKSsEAjJrBAICMANwANTRo+1syspEFAYAP\/w8AAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJ\/MyGgG2X9jllu+ZB+MxLzLgKVhkidSZOf9UFj0HoVGhQSTvPAIV6ETXdthgzo7fJnzn1QgLAxGW+unJjrxZzV2yGjHgQcBAQE\/\/\/\/\/\/8AAAAAToOoIEtcH3O\/XLUOvcMURw=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1549337931189,"flow_last_seen":0,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":262,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":262,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1549337931189,"flow_last_seen":0,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00741{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":189901,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAHBAAIAGkHysEAjJrBAICMARAYXGiPwnAgHw6FAYAQD72QAAHIAjHF8ymtjcD1VQuy4UgRChAu\/ekRMgcpsydbeCEgGc8O49XcEm2dIOQUYWz5jyNJ04mLjuLVb5JED7bXFEp0Ouk95kXWAsbhG+yaFiTruRiQNLefpIfBd02fAN9rH6kVBTVFVzTavxG5ZN46Q2CRurERdYtT07E7VAGTF+6yWhKn18+hUxFM5IXiI8jM4osfH687+lmO1gN\/3mr3cymHmPLwvBfLQ9P\/qJ62iSz72gALgVKjnTrFQYtji5UhDqTerpDdd7cbCpV4VyQehZ\/3jzwsKcVZtQElZtM7aiTvqbzIsK7RmP3EZFJoQ\/JIQyyhY="}
00692{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":190653,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E2FAAIAGfausEAgIrBAIyQGFwBECAfDoxoj9GVAYAQDO8AAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1TTwhyAF9FVLbWTl8wTaD0aGMw9PDC0vNUorciel2CrkeZRTWRInWV74srNnVapF3vxPYDt7dvyfJVk888MzdKOasNrV1ijuwTfVJ0DIXj985iqAQmj9Mcte2ZOXgI6pFvWB0EEgpCluxB9enG"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1549337931198,"flow_last_seen":0,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1549337931198,"flow_last_seen":0,"flow_min_l4_payload_len":113,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":113,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00564{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":198672,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"pB9ywglqAAgCHEeuCABFAACZAHRAAIAGkPmsEAjJrBAICMASAFgkNdEgXsLgdFAYAQB+8gAAMUMT6Lk9nd3l4g7meOnydVZeUkzRDUCNbnZ+O2nc5UtCJOGQV8MBRj2azOMjgxpQ1tcViooap1+TILjpjhURvLMTREvy8WPkAKcvtuPHKbLtQ3Ir7HNN6Ftdy+KwiOrOLvSrSyEtUhWZxA6KOnwca9s="}
00503{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":199586,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"AAgCHEeupB9ywglqCABFAABsE2VAAIAGfjWsEAgIrBAIyQBYwBJewuYoJDXRkVAYAQBPlQAA7mWAsz4LwR11oOSQ27Ex06YGG2bAP8ttVVXtAwxS755lCHRg4mUkpOjXnBJJ8KdHDkkp7LWBSVTLf+j0wkJ4hFVjx0c="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1549337931210,"flow_last_seen":0,"flow_tot_l4_data_len":1452,"flow_min_l4_data_len":1452,"flow_max_l4_data_len":1452,"flow_avg_l4_data_len":1452,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1549337931210,"flow_last_seen":0,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1432,"flow_tot_l4_payload_len":1432,"flow_avg_l4_payload_len":1432,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02355{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":210214,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"pB9ywglqAAgCHEeuCABFAAXAAHpAAIAGi8ysEAjJrBAICMATAFio5J72SB155lAYAQAvgAAAAAAFlGyCBZAwggWMoQMCAQWiAwIBDKOCBQcwggUDMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjkBvFbBksZRBZsgqvT9rWZWIMz104YLf86+Cksa0ZMsEGJ\/RDcCZOr8kPQRKlwzkm2uQjqkaOemu4sYhWXYr71KrOEs2JUveeWW4HHkLaYXd0a2yOtTAVV1zR76rPVw3Om2DZiy3OdOJiQuRn3tY6sCbzkX\/gKz0r0nI8miItgy4uzP0Z9rEEUiiCUR\/XkOkdTBzoAcDBQBAgQAAohAbDkhBUFBZQ1JBRlQuT1JHoycwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44sbqoEjAQAgESAgERAgEXAgEYAgL\/eQ=="}
02376{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211149,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"AAgCHEeupB9ywglqCABFAAXUE2tAAIAGeMesEAgIrBAIyQBYwBNIHXnmqOSkjlAYAQDmlQAAAAAFqG2CBaQwggWgoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIEOGGCBDQwggQwoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6OCA+wwggPooAMCARKhAwIBAaKCA9oEggPWM37115K3Hp8wZkASHyq+pZzCB52w4ZkoKvxkfuUu0LiaHFeH\/YmBkYuC+Y2vHUb50xj2RvlJ0VUIhZ76+RSlQ21W8ccYNaNUXAdabNdF58x1VLmlxuTxbWyuhApe3nart0yE2ggJlqq+SXunnCj4pybyo3D5UqYJsd2CPwW\/UrYMlNJN1gTQgtBaL+rVhNBO6KW9AYxQ1t3V4\/aN5W98Rm9mtqvqy8JlwwSbsqtA+fkgyuLhaFI64sFXeg2okoVY+WpiV8y69YH3VrH9iOYXgjNBApUv8XW3Inwsdd+FJTBLBvDWG4tGHW9DGxqpa+jzaFQyiDi46S1MFPNG5ax\/fXZRFVyIKm5Uvcg+IVoFoTv79M+o2izKZu3xW5GT3jmX5joC1Jz2cBBvfj31IPUawr97kChTt3baVrRO5jtj4Qe\/Yf9D1ea6AnOL3m9lXfbWlkiRMtogdbiLBmz40fY6y7s2fBoNzUM7PPtzjMCZD+mzFnuxbn6SKFsq1jRXr1gfhz99U\/sj4rpgf0fGzuAji6\/CldJydoJ3ZF35EbOHxlT67B0T5Wdz2DSGMxMFnFTU2y41IZZAFsQkozjJDlJyV\/H3UNEgpsuzFWCdn70SJWivzXQmU387\/5qoLQgDt1DzqhRxVq84eAlKWowli8llAVqtdeTmpgPePJrGuN8afpBvekjwt\/1CNWyg0EdZHQFfl1jlAEsgIyCski92E8xu8mvOhuDWTPYemtkOSb2FcxtoxHDyT\/GouX7ARs1ZykSB8j3R9t9ImA7xedyZ34sFfJFGRcLyx6qpTKqFmVZRuxhX4QxBOD\/ubH8xUJ\/p2KhM0jR1yUcK5cyCfymWcxTybrHYNySjaI0gUlhRAiWvZM8bRaCC8Fvoak+VMcqFAYw\/ve5dkR7KuJ\/TxqmhnlpwuoDkayoCpyiqZLALWWLzMuA+erM0osdjgnLPkazewgaOuGK+L14eoN40NcSEI4LVjIf3MizcDep1bu4x++f34uKnDRQCxEnEkfmry2Kt7UmB9dRWUyMnIhre\/LcHyWzVYKmQzK4jbAZGQz3E7SgAtaF8YpuFzK+wN7Al3\/bnw+mNGEv8UnWesnu6eYSeTafPkSExr0eHjyMGHylq1SYGRDikN47BEUJ9DRohxwo4GIbZJ4SlXZm2o1CyYrdjxESgLw7oBxv5ojM77+mqWLxxRYcXrNOO62jI7OC10ISrQjw9VRI73l6ie75xGP23mwgzTkWksp2AmXFXEibjsoWoxN\/dqkJ1paHMQ4D49jni4b2qEd7LE7wiCkMzEEz1wgpM028xFWhhGKaCASowggEmoAMCARKiggEdBIIBGXjHjK5feQ4HY+O2QW1CcrS7y98xjbx4G5\/F1UdYW0nRFrJ1ea7DBhGVKjGhvpNRa\/suoiAGgMaTxIusGGUQaAV3QBkZHI2P7w3S90dRv87TwzBiyLZFov6Iyju+rGIOEBeNij1u4+ieA37sl1WxkkeY5PDSqYQ0xi5dzSQDh1ZKJZF1swmboJUdCNAO5zs9II914vVd0a+gpHqPPfi\/aa\/2ENYesIfYc445XBAksieN4OCiUuXDZetEyUARPhuFnigdmrFcLiKa7lrUb+XOxw\/TpGzrNeFBj3QXNS06SOOdTL3pwlP77\/SR+78shwDam4sOlgv2UEV2H31TfNEKJs\/OC4Ks1WD8+3srLETa3NVngdje5im6AaSi"}
-00605{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_tot_l4_data_len":2924,"flow_min_l4_data_len":1452,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1462,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_tot_l4_data_len":1084,"flow_min_l4_data_len":1084,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":1084,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_min_l4_payload_len":1064,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1064,"flow_avg_l4_payload_len":1064,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01853{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211741,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"pkt":"pB9ywglqAAgCHEeuCABFAARQAIFAAIAGjTWsEAjJrBAICMAVAFjnnRKZiyMmn1AYAQD\/uwAADkhBUFBZQ1JBRlQuT1JHoicwJaADAgEKoR4wHBsaam9obnNvbi1wYyRASEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQGiggPaBIID1jN+9deStx6fMGZAEh8qvqWcwgedsOGZKCr8ZH7lLtC4mhxXh\/2JgZGLgvmNrx1G+dMY9kb5SdFVCIWe+vkUpUNtVvHHGDWjVFwHWmzXRefMdVS5pcbk8W1sroQKXt52q7dMhNoICZaqvkl7p5wo+Kcm8qNw+VKmCbHdgj8Fv1K2DJTSTdYE0ILQWi\/q1YTQTuilvQGMUNbd1eP2jeVvfEZvZrar6svCZcMEm7KrQPn5IMri4WhSOuLBV3oNqJKFWPlqYlfMuvWB91ax\/YjmF4IzQQKVL\/F1tyJ8LHXfhSUwSwbw1huLRh1vQxsaqWvo82hUMog4uOktTBTzRuWsf312URVciCpuVL3IPiFaBaE7+\/TPqNosymbt8VuRk945l+Y6AtSc9nAQb3499SD1GsK\/e5AoU7d22la0TuY7Y+EHv2H\/Q9XmugJzi95vZV321pZIkTLaIHW4iwZs+NH2Osu7NnwaDc1DOzz7c4zAmQ\/psxZ7sW5+kihbKtY0V69YH4c\/fVP7I+K6YH9Hxs7gI4uvwpXScnaCd2Rd+RGzh8ZU+uwdE+Vnc9g0hjMTBZxU1NsuNSGWQBbEJKM4yQ5Sclfx91DRIKbLsxVgnZ+9EiVor810JlN\/O\/+aqC0IA7dQ86oUcVavOHgJSlqMJYvJZQFarXXk5qYD3jyaxrjfGn6Qb3pI8Lf9QjVsoNBHWR0BX5dY5QBLICMgrJIvdhPMbvJrzobg1kz2HprZDkm9hXMbaMRw8k\/xqLl+wEbNWcpEgfI90fbfSJgO8Xncmd+LBXyRRkXC8seqqUyqhZlWUbsYV+EMQTg\/7mx\/MVCf6dioTNI0dclHCuXMgn8plnMU8m6x2Dcko2iNIFJYUQIlr2TPG0WggvBb6GpPlTHKhQGMP73uXZEeyrif08apoZ5acLqA5GsqAqcoqmSwC1li8zLgPnqzNKLHY4Jyz5Gs3sIGjrhivi9eHqDeNDXEhCOC1YyH9zIs3A3qdW7uMfvn9+Lipw0UAsRJxJH5q8tire1JgfXUVlMjJyIa3vy3B8ls1WCpkMyuI2wGRkM9xO0oALWhfGKbhcyvsDewJd\/258PpjRhL\/FJ1nrJ7unmEnk2nz5EhMa9Hh48jBh8patUmBkQ4pDeOwRFCfQ0aIccKOBiG2SeEpV2ZtqNQsmK3Y8REoC8O6Acb+aIzO+\/pqli8cUWHF6zTjutoyOzgtdCEq0I8PVUSO95eonu+cRj9t5sIM05FpLKdgJlxVxIm47KFqMTf3apCdaWhzEOA+PY54uG9qhHeyxO8IgpDMxBM9cIKTNNvMRVoYRg="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":262,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":262,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1549337931211,"flow_last_seen":0,"flow_min_l4_payload_len":242,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":242,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00742{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":211848,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"pB9ywglqAAgCHEeuCABFAAEaAINAAIAGkGmsEAjJrBAICMAUAYWVZlyUeqXAF1AYAQAMZQAAADzwgZ4odBCJHRYlGGakwQrZbcEXWu9XXnYRAfBS9UWuXk5Gs8yUHN3o80HZG8YpVlAE6+3ZtDtC+pUsrywDAW4RiWhUhsRgT1sEZ7Vtb++mdY4XtnskLm1\/a8GZzwfpptF0EbEM2x6OOlhhC6IhVJD1Y8p9M\/8ToLfUByDVk8u4C3VF8fyeQ0nd00U5YKsyBV8n8IUXdemUN+fgHev0R3Z+H9FwOZZ3xgduPU1Vapfbai\/N6Y9ZMkNd8RzvF1IldwQMemLuz0F0TTbyd784T8orT0ooc+nzAjFSSfg1FeelCx\/Q2\/iHKtSIZWhWBK\/UpxM="}
00597{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":213235,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"AAgCHEeupB9ywglqCABFAACwE3FAAIAGfeWsEAgIrBAIyQBYwBWLIyaf550WwVAYAQCWAgAAAAAAhH6BgTB\/oAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg0OVqlBQIDDJwypgMCAQ2pEBsOSEFQUFlDUkFGVC5PUkeqJzAloAMCAQqhHjAcGxpqb2huc29uLXBjJEBIQVBQWUNSQUZULk9SR6wZBBcwFaEDAgEDog4EDLsAAMAAAAAAAwAAAA=="}
00692{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":213237,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E3RAAIAGfZisEAgIrBAIyQGFwBR6pcAXlWZdhlAYAQAZvwAAMIQAAADMAgEHYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG3yZsLFskNz2Tj8maOz7vLNMVSC3wBerc1xRFPj0GLDPGT9QlZRJav62bndhsIjLkgXNAdSqCa2GR8Luxe5TgJHZoIn44Is8Ku3wpqAc9pR3m8qLfoA6VkyZzzulSM2YJ4KniKJ4c7+rlJkc3DH"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1549337931218,"flow_last_seen":0,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":157,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1549337931218,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00598{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":218156,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxAI5AAIAGkMesEAjJrBAICMAXAFhuRvAsCoQzw1AYAQDQpAAAiAqFUHJzV5J+NXZTIhoIU8GbmBSxYcQbV4PW+ckPMTgFBw0KsYU9otlYXn6Tyj5\/BmOv8b2TCLvhZTzW6Z3PoLeUqFO88\/fWi+AgP8mYvV1NNCnNorn77cmRI2eXkDk7qLKlgMm4cUN+eWFUE7G2Z1e9ZdF2LM4CSirBRuN96IFr6Z0blZRnqpw="}
00570{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":219086,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbE31AAIAGfe6sEAgIrBAIyQBYwBcKhDl3bkbwtVAYAQD\/bQAAzmwvcX+5XppDtJZXr9PwDYLsp98Hk08TTktA1oPPxQHxyFPFFH6C9d30u8d8saioSDapQyKHHyGt004ct60erCJP9bUby12IBGHwYva7Ha2y2bxZxEn3nV+8BQON\/a2dluoxZFHPI4urPpSWS9H8dnzG6Q=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1549337931219,"flow_last_seen":0,"flow_tot_l4_data_len":1451,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1451,"flow_avg_l4_data_len":1451,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1549337931219,"flow_last_seen":0,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1431,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":1431,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02354{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":219686,"pkt_caplen":1485,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1485,"pkt_l4_len":1451,"pkt":"pB9ywglqAAgCHEeuCABFAAW\/AJNAAIAGi7SsEAjJrBAICMAYAFg1TYdzLuLg4VAYAQBQtwAAAAAFk2yCBY8wggWLoQMCAQWiAwIBDKOCBRcwggUTMIIE\/6EDAgEBooIE9gSCBPJuggTuMIIE6qADAgEFoQMCAQ6iBwMFAAAAAACjggQ0YYIEMDCCBCygAwIBBaEQGw5IQVBQWUNSQUZULk9SR6IjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkejggPsMIID6KADAgESoQMCAQKiggPaBIID1hKWdXqL0IxSnZlxRjhHmIFUVS3rvb7i9fEBKrEJ5PVjDXxsAQeDmTL9wweNNg1pCQDRmZ6AE\/m2Y7TGJV\/FdJF\/GLAs\/UE5nC+H+eLE4iuLtnFkH3govXIWXOdlEsqQhROyd4qj2WtH7bxyzZwdtdBzD8HNk\/Zyhfmgmp+oA1+8nXeYYFDFKmqTt9a00HvvmTpJfi0pguIgxY8KmJbF4d1RUkWNuXZ5g7FA43R8i0OyHjh+mwSGoE1gJ\/X8DroluAfskaOHhGVguFx+famY4o8UsY6g4BojHiLERbIlzMsUYRq\/EQf2FuSw8Wc3swODADnnHqoAdpFJG5\/GMQbUUUhsHy5eDXa3\/EPT1ZKqI0bJsr7jOF5G9ytS8thT6E7bOOCcOFN4JNFsCA3bCyRL6jYH2ZedtZMr5yCI40ePAHAaIBbEPTKYDMpCUKxXExG41vrN6dY4CEFLw2Tb4BDinhxjESAIpIw6LOtdRzBrkjiFKjPEj4UBorlhX90DmWgF5dFJbZXz5eOVcZ\/qmOnm8JcuVim8byzO3C2W5go47U+8GNRvk\/iuaoCs18MAuzn4DOtJmgk1eSuxxL9sUZmjkqejNSB6Ny8aYGysoT\/tUR2mS\/10DyxEUb\/M23KvW\/d0nkBg7qCjWXvlLjMDmACl3rd8MXcyqYWqmZcwKWLk5yL3YiZbL90SxemnQHTIY+DWavybHj9SrM5+aINDzqHcDq0aHAhhwNPUOQQH+m0ab759iCYVNaTyITpTWuG6hneFvKoU9d3uSafxpBU5TJfC9PTmhW+\/db+6ouEM0JlNTrwSmfDpaJJPc+gkzn45Pl5k\/7+Abb+s6rWMNfHT+Em3MBbZJYdM0UlQ1xrel8YuJnwOOGyF4x2puehNGP\/\/\/ouwl65KT\/CBdxNVmhdbElBMgwiINySCK0GaA0G8iJuo2p3q21Z3q6PwC\/TBFuSNBvRRaLYdHeXUMMCTZUjjLBHDUqLGGPYiG40kPfZcBzP2U1v\/9gWBK4kWlSfWhwHwDob09dR24nAmYkaTEvrRnFvLOPKhepgPz5FiL+TNVO0x7Q9MEcpXED6nxJ9fgUpL+5AL+5zKjvBqGhTBSFztV5n2jwS9BN5nwKGyQXNwz7M3IugClC01JUeDu8ccEtCesL+sdsbL1EP7jcFCC1EniPRKxntY82esVy8lyQlrXBxmBdMcKVUa21imq65LZV0MJEQvFPcKWd3cpqWETjO2y3rGD5HXk8dwPDck3LvUU56PaEiLP3SNlqGRnDfEXoiRxz6YMXMhdwJMRbqAQJYa71fsqMLgQ4u3s5WkgZwwgZmgAwIBEqKBkQSBjoWrS7jR3\/ZxrmkklAr5M\/UVPgZBz\/I0MBRDSrLAPTWRtuq1ZhbBTvDmh4JfIoeW\/NN+j\/BIs99fVl1IARv5kJzlvsrT0oz2PdU+R8Rl10wOzwJfT7yBOJecNjJCW1XhiL9p6LojffFaim+4jvn\/X89SbhRBqPbpCCF+yHmow+h4iZkD+HM6Jz3YsaIdiuQwDqEEAgIApaIGBAQfAAAApGQwYqAHAwUAYIEAEKIQGw5IQVBQWUNSQUZULk9SR6MjMCGgAwIBAqEaMBgbBmtyYnRndBsOSEFQUFlDUkFGVC5PUkelERgPMjAzNzA5MTMwMjQ4MDVapwYCBE44s3moBTADAgES"}
02370{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":220282,"pkt_caplen":1498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1498,"pkt_l4_len":1464,"pkt":"AAgCHEeupB9ywglqCABFAAXME4FAAIAGeLmsEAgIrBAIyQBYwBgu4uDhNU2NClAYAQBUPQAAAAAFoG2CBZwwggWYoAMCAQWhAwIBDaMQGw5IQVBQWUNSQUZULk9SR6QYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkpYIENGGCBDAwggQsoAMCAQWhEBsOSEFQUFlDUkFGVC5PUkeiIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHo4ID7DCCA+igAwIBEqEDAgECooID2gSCA9aIPBwtNxkshczHziSeGRCcSiSC82vdTNNxZoZEqctTILmi\/cPiWo2kj2ZowTM5BfoTzgngU5zy1dblxSYtNNDo790fqKeln68pSwduOA5ekfZ2omIpLyTKi1Uzi5unXScqqLz0hKSsn\/40+2FcuWZE3ZvPuCmZ8SKPEnuc921KBrNqOj\/0DryAdSyI8er0AkE463j84WxyAtyNQDKDrp2ez6929oR6Rx5hbvL8GdKQY9jCLD2rnICMW89Hj9rOupV1OeH78XxxB7MSKm499oGFFneF9SM8YJwXSSMV673PLXubFj6DMrikD2G0Sl6xic8MhWvEbY+QDRNnfGPZAJvMaahqCk8wVuJCt+fkFop+b4toNRK\/McSX15qS4Oue1FamxPlWb8yeZyA7zxXMdyv\/9YdFl51KW6DMdV\/gNQhWVbNsnpHVbk+dZ3hmZuA13vS+pCaVgYWcY8TsTrrqDHUdvkhYH5y6bQXhaba0hTe8Bpqjtkm6\/RTu4J\/\/NKiUQMb9AOVNXKtDTvIFCVxCzbgDhWofcnihAdfiq3GVUSfoJVIjvbiKN6rurAhxZ5G7eeGZ0k0F7hodA7NNCDg1db\/i3Z0nn0sEe0z7aNhzE0ribx16c5Vcg7SzYKcbmYr2SOlrqyDG2wBIue4c+yHf8w4ERFzFfLLBAoUF6TY9mRoNRbKB\/qSAwbDd52vGpnn87rIVg\/QNGVIwMeb1KKPfdaC4wum+6\/FhZgWd0DbrZEhIXl\/8HN6zG+3ywmGFdeC2DFCmO4dETOrfkL6fl3T\/7ku0etROu1j+k26SXEG6Gge01yPUKju51MrjdtHnDZ1Ss42MB0XlUT6U6S5TlEIP\/8k9d0krm1cn0oRERln+NBIaJS\/B2711LZddv4tje7ItSqfXLacjoI7g80JWdXjf4l7SPcZiNeEbp1dMmXrQFZcbRN17kosEr4Tm2W4friYde8+zbAKqoXvVJXbnxAUwEVAGcV\/iPptIl\/xW9mtB0WPhDmkKXm2SfL9rih8OBbowoKkOmIJqQw8CRJRncVK0szyJok+ajlBHDiJgpcZUT8EmfmEr0qJ0qoMeuCqxs8Kf3IstAtgMR7lMBZda98WMq0J06Prxf9X\/7Sw5XHFF0Ihx2VyWiVN3DmzgADoDdivNlyaD8+Octjfvk+ZwiZGCsRMD1d7AL6HjQzrju4nysDHJIjeaKR52nWtCWAZ87qog1mDH+qjQPdMGkDr1FGrVbBXAZcR0K17tOKTw9bgQg9LvLMWeDMDNCEwvA8GHdr\/fAsBPK3PDKVyht8oNdhjar8xKOZRvwzCOpoIBJjCCASKgAwIBEqKCARkEggEVYp6jTcDi\/gYVd9SDuEsi2VccBape1lXgcuGoeWG1ePxV5NidfJvDEi3F2VmdD04JFUaFb\/GRqNe9F8xWyy86xiJ3eKyJgAfyG7DDQnnFCeKC++4ORaBUkKnIeWwsFqQxh0aL1BrdknGP8u06G6P95r9esj7jUPDXQ1D0+jbs1WpWssKqZMQfUgV0eg9FoEGdVPsUmgNbZN2YPPrxhZ6CEgNOIC\/5aj8NqGMkPPX6xfYF4tbD74dZ3EfC4ry5KcIxNVYXU179as2C\/cihpEMrX8yiZtM91awDzQYUMPKt3\/3WSS96ycQo00pex7Pc1Jh3j49Cr5ckyWXD9SUXbCcOpUpip4\/Jz5Hvsliozjm5inKwUIBTJQ=="}
-00605{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_tot_l4_data_len":2915,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1464,"flow_avg_l4_data_len":1457,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1549337931220,"flow_last_seen":0,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":247,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":247,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00617{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1549337931220,"flow_last_seen":0,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":227,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":220307,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"pB9ywglqAAgCHEeuCABFAAELAJhAAIAGkGOsEAjJrBAICMAWAb2ZMOb++YgxIFAYAP+McAAAQFskZ7b1ZYO5\/CuVOTe3ZqHs3nhqe1KXhnlBtJ\/qDgyo+sduQpC\/WLkmAdUvTJdV+CtGiwLoGf3Uio50ZE6gilnFEbzLLhzMIw4gwhRvlYwapNctw4G2EkpKfWO1MgMQ0yTGVxtfwAuP0ouYkDi\/6FI97AzDGvp\/R2LK19PAI403fVWk1Cbb2O\/YPOGH5a8hHowuR6tT8UugHDdGGl\/fWl8Wk4rCdi\/3gOYAhRVI6o2ZOHpv4GeBlLgJ6L2WL35O3jhh2e2dr0Fkd\/WG3ET2QLw9x3WRfncFn29f8nOqAUQDRH0="}
00767{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337931,"pkt_ts_usec":221192,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsE4VAAIAGfVWsEAgIrBAIyQG9wBb5iDEgmTDn4VAYAP9zWgAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABdAAAAAAQAAPvWvNgjH\/I48OPxOa5H7a4JAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUswX\/mwh6g2ztwHi8\/dTRtvFzo0LVENq7tttT0JwVpKoIxijjsysss5HuCbI3DQGU7C0ILmrl+8phtVtu+2vBMSA9FKWe75R\/a+ST6oEaoDrDjzWfPqdU4xUCgD\/zK6J0O4Dsk+rO8nhy4LUmk="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1549337937690,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1549337937690,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00773{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":690226,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyAM1AAIAGkAesEAjJrBAICMAbAYXq\/lHZFzDO61AYAQB3VwAADK3yhyWG\/w4ePjAcLdmQD9l5KJpA6NxzQuCtaFM+te5CWXRB5sUkdKJyUVp4kqyFJvIav1zvlLEwv\/M6QDvIyPip6cO\/Y7DDZ55OmD6IlKO8Nx5lANmfdaxcK4l74ZAlM45v2cQu8OV3yuWKq5L2jtnHunCltg9I9Mqjq93VmxUc7poK8vfSfY1YgBhAmlp0cXMsoyIbcEQodelj3wLBZ2oxItwV78GGNt7TlfW6joQ5wfkj6ZEyRFJn0CVihbNqYYKxBD44uauIJQKkPsQlzXsxooh9lhiWoZtuh5F2\/1LO7drek9zYg6pqUFpyhpL3WcFxh3R7Uuv9RQ5CYfOoVItdeOxn2w53bU0="}
00694{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":691075,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E5tAAIAGfXGsEAgIrBAIyQGFwBsXMM7r6v5S41AYAQDOWAAAMIQAAADMAgEDYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1JH5VWFTlwrbTZZZgbjZtW4QY+VaIr2rFT9\/AbDkv31Idx3xo24Bwzqv50t5zQXx7Id1H\/iLYt+nRqN0NWzCDJwnAfwcbOTGF30f3qnaqB+vDQ9EhQX38cpSy926C3lIc0Vkhc+VaaHdh510+B"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1549337937700,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1549337937700,"flow_last_seen":0,"flow_min_l4_payload_len":266,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":266,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00776{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":700823,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"pB9ywglqAAgCHEeuCABFAAEyANVAAIAGj\/+sEAjJrBAICMAcAYWCU2zwSN6TcFAYAQDS2QAAEgduSF05n8MFVjy4LWbkIsui7POF\/jI0fgAi3\/kn4+lZJrv4uo1Xj0IHKshBaLfyrICuzZtbBAFYjLvQz7y8gyRTfkwzadmnUFntTq1Eam1s4n2Qhfn1fuSUa5DAR1i941DEujmYu8fTZX3tp1hllqkxXisHcqSEIi8W9weLGXgpYEZYoErMkYejHKEeDmPCwQO6JC7sDmP8cAErQb7Rc88wLF4lFI7xOIE4FiH\/05afA1w9V5d1P2yDaGB6bADs\/c2xi7QKQuP+FixF4gof0ovK0nwq\/y7Hd27V4SQ4qHRNlXJex92QoEPhio00QFq1bLTnuvdcqFYcMu\/6\/tRVEcFKp0ezr7WF5MI="}
00694{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":701643,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E6JAAIAGfWqsEAgIrBAIyQGFwBxI3pNwglNt+lAYAQCvQgAAMIQAAADMAgEKYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG2EupGhqTVA+Kxm5vIdkbfFjlPoe8DmjpF\/p2I3j7EwFjqQzavz5jy+cGzZKn09a9y0dyj\/mpeHcqpjjORB3KYfxKGHrDmiKKSYiCwqx86ee7rLKiQPX2z3RSwNa4fWz8uAjgw+I5CkXYbP6rNu"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1549337937703,"flow_last_seen":0,"flow_tot_l4_data_len":259,"flow_min_l4_data_len":259,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":259,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1549337937703,"flow_last_seen":0,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00734{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":703350,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"pB9ywglqAAgCHEeuCABFAAEXANlAAIAGkBasEAjJrBAICMAdAFjHhcaiuhdcXlAYAQCv5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC0pPSE5TT04tUEMkohAbDkhBUFBZQ1JBRlQuT1JHoyMwIaADAgECoRowGBsGa3JidGd0Gw5IQVBQWUNSQUZULk9SR6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBFIcW1KoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="}
00784{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":703857,"pkt_caplen":332,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":332,"pkt_l4_len":298,"pkt":"AAgCHEeupB9ywglqCABFAAE+E6VAAIAGfSOsEAgIrBAIyQBYwB26F1xex4XHkVAYAQDp0AAAAAABEn6CAQ4wggEKoAMCAQWhAwIBHqQRGA8yMDE5MDIwNTAzMzg1NlqlBQIDBJWNpgMCARmpEBsOSEFQUFlDUkFGVC5PUkeqIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHrIGnBIGkMIGhMH6hAwIBE6J3BHUwczA0oAMCARKhLRsrSEFQUFlDUkFGVC5PUkdob3N0am9obnNvbi1wYy5oYXBweWNyYWZ0Lm9yZzAFoAMCARcwNKADAgEDoS0bK0hBUFBZQ1JBRlQuT1JHaG9zdGpvaG5zb24tcGMuaGFwcHljcmFmdC5vcmcwCaEDAgECogIEADAJoQMCARCiAgQAMAmhAwIBD6ICBAA="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1549337937724,"flow_last_seen":0,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":339,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1549337937724,"flow_last_seen":0,"flow_min_l4_payload_len":319,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":319,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00845{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":724378,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"pB9ywglqAAgCHEeuCABFAAFnAN1AAIAGj8KsEAjJrBAICMAeAFgo\/29go\/Vk0VAYAQAVQgAAAAABO2qCATcwggEzoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4EwWkoanvLUiVA5eu8uG72\/EPy4+eHAiK9HbftleuqZ7DwBR\/wY3Sc5USTXPr6SJXdlLH8zfIE5MwEaEEAgIAgKIJBAcwBaADAQH\/pIHBMIG+oAcDBQBAgQAQoRgwFqADAgEBoQ8wDRsLSk9ITlNPTi1QQySiEBsOSEFQUFlDUkFGVC5PUkejIzAhoAMCAQKhGjAYGwZrcmJ0Z3QbDkhBUFBZQ1JBRlQuT1JHpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEUhxbUqgVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00565{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":724993,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"AAgCHEeupB9ywglqCABFAACYE6pAAIAGfcSsEAgIrBAIyQBYwB6j9WqFKP9wn1AYAQCbeQAAeBxjGZR555TmhlGtfWdB3hqYo6lYswe6vKpNUcrN1M7KGcxMIdPLYhZ04dECjGI6ypolTWuvt884Bi2lq0pIFbZFVKD3x\/BnUesSWAB9L0qg+5NPzwAEggckaZSGKHdd5sXD0ux4MNvoyw986qY1Nw=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1549337937725,"flow_last_seen":0,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":100,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1549337937725,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00525{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":725890,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"pB9ywglqAAgCHEeuCABFAAB4AONAAIAGkKusEAjJrBAICMAfAFi1TK\/3YmHJT1AYAQDj2wAAbj2wbk+derrxO0c0pxRSdruhR6\/j4Ui\/xNsBa8OfbfRkbAwdywbQynHUORFcFH8maukxsoLa+OhvD2a5+zDPKPlneJ\/sg2b\/GuIvr5ZD3Bg="}
00465{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337937,"pkt_ts_usec":726633,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"AAgCHEeupB9ywglqCABFAABQE7BAAIAGfgasEAgIrBAIyQBYwB9iYc8DtUywR1AYAQDGTwAA4zLECSz5GZPNqNSL4T5BMx8WrZoQ8TiJymulR2VkZN3O1rD+5YXABg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1549337940431,"flow_last_seen":0,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":157,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1549337940431,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00598{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":431467,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"pB9ywglqAAgCHEeuCABFAACxAPpAAIAGkFusEAjJrBAICMAiAFjJGNiQqlyd6VAYAQDPPQAAiJisSNul39yNkXIaZ7I9abKKHsFn\/6nUnlpuYlwP2aMvOAIHPA5TwBaAhiWq+tFyYupNZpDDILw6OTtdBUx9AScUIqcHtp8iuHt0kMVzTn\/4u2MWOJ3B5oBzCaRbB4JGSnxRjDJCJirb6nGFgBI0LOLujBAlXiGb5mYfdXtWDkYlEBJfjMNCAaw="}
00573{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":432366,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AAgCHEeupB9ywglqCABFAACbE79AAIAGfaysEAgIrBAIyQBYwCKqXKOdyRjZGVAYAQDDTwAAKYg87lVL35oh62EWNwE864\/2bfnOQr1tnnHZbVGEslhqWgqxgOlP8fU7tCl8Q\/Pa+OiAoCN8WQQSqJd8h73HLCORGVTkV2\/0V8MyUM0yQH1SL9l7PdXJm7IP\/IVn+E9KcR0nyC\/qPtxkWFJAw4YHnIb0GQ=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1549337940432,"flow_last_seen":0,"flow_tot_l4_data_len":379,"flow_min_l4_data_len":379,"flow_max_l4_data_len":379,"flow_avg_l4_data_len":379,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1549337940432,"flow_last_seen":0,"flow_min_l4_payload_len":359,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":359,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00894{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":432879,"pkt_caplen":413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":413,"pkt_l4_len":379,"pkt":"pB9ywglqAAgCHEeuCABFAAGPAP5AAIAGj3msEAjJrBAICMAhwAMZWxyAQJkJXFAYAQAR1wAA1H5mUL0BcI4qPWGkggFYMIIBVKADAgESooIBSwSCAUcbieRVkdOtAnzmcyqLDK9HyZo8H6AcRFkR6nkpd0sYlEbV82Qt31YdF5lIivhvCiptxoXnMPhE44z2QYycXFRvcJlMUVHmYJTlGAPASSmrxcFRtfwGd3CmxLGHH6gdXYYGgEzOmFuOyHJjprxX+WUkbubIb9DuIaCyGfu6WjSvDsJsxl8APFvUDVpwKCBx+yi4Nl7uparYkV7uyBIsOfius8LRX8aNw6uyL8Rg7Kcy+u\/AdDO7DcqqeIW4ECzaDnKuMDvhoDG1L4DC3Gyq10cUmszgrrBDkGwYBF3I07gVPaOITvdzOarlv0eTNHIPNCN07gmcrX\/ElHpPLwV7ZiI5SB1SY8Op3qesfZqAIqjOBGiyQU2+uy5qrSSffZHU9iojHh1BosRxcA7pQ15VJkC0LtUsgQyMbCX0W85YmDAFmZqe2ZivqK8="}
00794{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":433470,"pkt_caplen":338,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":338,"pkt_l4_len":304,"pkt":"AAgCHEeupB9ywglqCABFAAFEE8NAAIAGfP+sEAgIrBAIycADwCFAmQlcGVsd51AYAQDbOQAABQAMBxAAAAAcAagAAgAAANAW0BaIIgAABgA0OTE1NQADAAAAAgACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMFcXG6vjdJgxm12++czDYBAAAAAwADAAAAAAAAAAAAAAAAAAAAAAAAAAAACQYAAAAAAAChgaUwgaKgAwoBAaELBgkqhkiC9xIBAgKigY0EgYpvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8Ebfn2lEYLCMVIVfFxnfrMpLLQ5jje4X2obHkLE1mHLBb3QYmIfBpDW5VyIgGbPY54D9aSU3VouXp90Sdg8ibesBCnHqUH+HJX\/hdQ0brTNgFSTOR\/m3sdIfIuZmQkzV3dPMC5PlxnwhbW8ZWYvQE="}
00716{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337940,"pkt_ts_usec":433720,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEAP9AAIAGkAOsEAjJrBAICMAhwAMZWx3nQJkKeFAYAP\/gGgAABQAOAxAAAADcAIwAAgAAANAW0BYAAAAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAAAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBELB6nut18jCMG03H8TJyLvCf8wWF6F7BqJ4bg85nSMTOiCmzGy+a5tNrq0VYdAt2TCIZ2p1Ys\/DpnWvcPxOp0LCSoajHgQcBAQE\/\/\/\/\/\/8AAAAAVL504MDCo+3fnXZuQhY33A=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1549337951630,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1549337951630,"flow_last_seen":0,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00729{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":630943,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"pB9ywglqAAgCHEeuCABFAAETAQ1AAIAGj+asEAjJrBAICMAjAFj9jJo6lSyMo1AYAQB4vAAAAAAA52qB5DCB4aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBvTCBuqAHAwUAQIEAEKEcMBqgAwIBAaETMBEbD3RoZXJlc2Euam9obnNvbqIMGwpIQVBQWUNSQUZUox8wHaADAgECoRYwFBsGa3JidGd0GwpIQVBQWUNSQUZUpREYDzIwMzcwOTEzMDI0ODA1WqYRGA8yMDM3MDkxMzAyNDgwNVqnBgIEXdv8Z6gVMBMCARICARECARcCARgCAv95AgEDqR0wGzAZoAMCARShEgQQSk9ITlNPTi1QQyAgICAgIA=="}
00733{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":631242,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"pkt":"AAgCHEeupB9ywglqCABFAAEYE9dAAIAGfResEAgIrBAIyQBYwCOVLIyj\/YybJVAYAQAREAAAAAAA7H6B6TCB5qADAgEFoQMCAR6kERgPMjAxOTAyMDUwMzM5MTBapQUCAwNKZqYDAgEZqQwbCkhBUFBZQ1JBRlSqHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSsgYsEgYgwgYUwYqEDAgETolsEWTBXMCagAwIBEqEfGx1IQVBQWUNSQUZULk9SR3RoZXJlc2Euam9obnNvbjAFoAMCARcwJqADAgEDoR8bHUhBUFBZQ1JBRlQuT1JHdGhlcmVzYS5qb2huc29uMAmhAwIBAqICBAAwCaEDAgEQogIEADAJoQMCAQ+iAgQA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1549337951638,"flow_last_seen":0,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":335,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1549337951638,"flow_last_seen":0,"flow_min_l4_payload_len":315,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":315,"flow_avg_l4_payload_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00837{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":638319,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"pB9ywglqAAgCHEeuCABFAAFjARFAAIAGj5KsEAjJrBAICMAkAFi0GLZOsNNMHlAYAQAvMAAAAAABN2qCATMwggEvoQMCAQWiAwIBCqNjMGEwTKEDAgECokUEQzBBoAMCARKiOgQ4Wndh9xw8qUUtso0vc8TuP9R5peLYlUKrIi93QkMXsrfVII\/B8UhLSOwTSHwq5LSHP2vURJP\/YpgwEaEEAgIAgKIJBAcwBaADAQH\/pIG9MIG6oAcDBQBAgQAQoRwwGqADAgEBoRMwERsPdGhlcmVzYS5qb2huc29uogwbCkhBUFBZQ1JBRlSjHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkhBUFBZQ1JBRlSlERgPMjAzNzA5MTMwMjQ4MDVaphEYDzIwMzcwOTEzMDI0ODA1WqcGAgRd2\/xnqBUwEwIBEgIBEQIBFwIBGAIC\/3kCAQOpHTAbMBmgAwIBFKESBBBKT0hOU09OLVBDICAgICAg"}
00632{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":638954,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AAgCHEeupB9ywglqCABFAADKE9xAAIAGfWCsEAgIrBAIyQBYwCSw01HStBi3iVAYAQA+gAAAtgxIRqdE2xpJueUsyACfoBkRIO2d0vdWoZTH7\/Uq\/IekfUoxUBvBS550+iWChkmhJucRdY1OlQL1WMQC8uhxGdFWaESvp\/JzESFsbwdEK2JaAYNNrn2MyR4+4w4oYIB6xP3aoFYA9y5s01X0oEa\/3ePvjWb66V7pwZZYO9bc89yozmxDtVb4zCT8SyPCYGj7ljiOz9w+sICchbsKK+VkdLL4"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1549337951639,"flow_last_seen":0,"flow_tot_l4_data_len":61,"flow_min_l4_data_len":61,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1549337951639,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":639128,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"pB9ywglqAAgCHEeuCABFAABRARdAAIAGkJ6sEAjJrBAICMAlAFiRlp2kV2CH+1AYAQDPTQAAMzcwOTEzMDI0ODA1WqcGAgRd2\/xvqBIwEAIBEgIBEQIBFwIBGAIC\/3k="}
00501{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":639626,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"AAgCHEeupB9ywglqCABFAABqE+JAAIAGfbqsEAgIrBAIyQBYwCVXYI2vkZadzVAYAQBXRgAAQS6YdBRcDlPtUTrjUB8narHoPerU+E0Jfux+IwijhqkO1zkqtUVGrf6H2Py3dE6xzPm7+U9W58\/67z4LH\/YlBX9v"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1549337951709,"flow_last_seen":0,"flow_tot_l4_data_len":237,"flow_min_l4_data_len":237,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1549337951709,"flow_last_seen":0,"flow_min_l4_payload_len":217,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":217,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00708{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":709754,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"pB9ywglqAAgCHEeuCABFAAEBAR5AAIAGj+esEAjJrBAICMAmAFg7QE\/YI2nTKVAYAQALhgAAZxsOaGFwcHljcmFmdC5vcmelERgPMjAzNzA5MTMwMjQ4MDVapwYCBF3PyFqoEjAQAgESAgERAgEXAgEYAgL\/eaqBljCBk6ADAgESooGLBIGIqYCMNPGCrPeLGO9qPK8YFBfjHxUTb+emA\/ivLTUTYudncy22kbyckKCiSeisUe8yJ84rq8HDegGsl0qK5XKbjnVH8LqImnH6XpTRvHWQpRpTszA\/lJoaM6MWsPPKugansbtAh5mO54t+2+bi3wT01iiQl45hp5bjTN1UEkZf+dFCUo8Xssy7aA=="}
00673{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":710662,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"AAgCHEeupB9ywglqCABFAADmE+lAAIAGfTesEAgIrBAIyQBYwCYjadjdO0BQsVAYAQAYcQAA4k0pIk9VQ3WSD8DyjCP6zDplkOu688cj7B+axduw7FbTE6AYUgZjQCgBXNnQmZk8AZkKxd6trQiOV9Q21Ig4\/vSvcG7YJA68j6K63UrdpgCrN\/5os+IHfd01LLYH5NyLiu66hLUPywBQtPqISEBXxfQa4YqqDi7eMFkF+tYnKAJyaEAa5CaoA\/k+JAFpYmNuKBJA\/cZZR\/sXThwZU9vDmuS8WhtIpf+zFLSMTZjUF9FuugxEPjg+p8gxz6TuBQ=="}
00883{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711185,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"pkt":"pB9ywglqAAgCHEeuCABFAAGHASJAAIAGj12sEAjJrBAICMANwANTRpnlsystmVAYAPozQQAAggFcMIIBWKADAgESooIBTwSCAUuWLCgSHanSt2PP\/yVZcMfmf3O+6wkVadfE4eKakG1yO9SrZ+8e61jMQHtNJBdVjgWRd36YzM4hMkoAdzbpBR9NZThyJ11f649dicjSuLS+0TTKNkhTS5aP+2+mnqnnwKgAkNlUMsspI6StbG26XuSZeYdibrcSAfD9kHkFgsnEWSCqBWTMHVipU71tN6CdEXUPMPgdMC27QADlevQgcDqeQ+CaMuhs5GMB5DizisiK3lhDZnU7kt9iBk1lPvPq7LUIN5ZTJDARGYWlkq+iBz0i5CAvlmbQxn1dYqcSfUWlglxgIKwgVgnhQFAi0+OkVeTOKgDN3BKruoEBTil74\/S0evMc1u09Q2h3drzzLM87D5Tf5ZA+AA7wtSOBzz29\/X1AMobB75bUUFQJGjnEPxV7Cn3hUrsQuLV+886ueqKSkLUttIDIOiX8ZR8o"}
00726{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711741,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"AAgCHEeupB9ywglqCABFAAEQE+1AAIAGfQmsEAgIrBAIycADwA2zKy2ZU0abRFAYAQCuMgAABQAPAxAAAADoAKgABgAAANAW0BaHIgAAAAAAAAEAAAAAAAAAMwVxcbq+N0mDGbXb75zMNgEAAAAJBgAAAQAAAKGBpTCBoqADCgEBoQsGCSqGSIL3EgECAqKBjQSBim+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtFkUGSBk\/WNs8P1WQ8Umu5czQ0+5kt3qmyCKwqmWsGmeP2HdAYpVM1NOW3vOxQVk7A3LJVo2UlBLe3M1zmefdmYzJtoJ+Cb3iexzSZ9Yc6KmePBXHlaCcN9nDA7to75z\/ZLHEO5LicF4DB997lA=="}
00716{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337951,"pkt_ts_usec":711983,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"pB9ywglqAAgCHEeuCABFAAEEASNAAIAGj9+sEAjJrBAICMANwANTRptEsysugVAYAQBh\/wAABQAOAxAAAADcAIwABgAAANAW0BaHIgAAAQAAAAEAAQA1QlHjBkvREasEAMBPwtzSBAAAADMFcXG6vjdJgxm12++czDYBAAAACQYAAAEAAAChgYkwgYagAwoBAaJfBF1vWzBZoAMCAQWhAwIBD6JNMEugAwIBEqJEBEJp9mTBcU16IO1kQMogTwb1XWobfceiHBSuURHH8yh2afleWvmaoXkSqprumpVc36Wfdal7quigImkGz2pi9qx8WKijHgQcBAQE\/\/\/\/\/\/8AAAAAXc\/Il1MxPpRTzqxKK9xt6w=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1549337952265,"flow_last_seen":0,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":221,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1549337952265,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00683{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":265412,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"pkt":"pB9ywglqAAgCHEeuCABFAADxATFAAIAGj+SsEAjJrBAICMAoAFgO6N+GhTfTAFAYAQDd\/AAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbrRWKgSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYglkZxyflQKWP\/Ais8K06SJm4BPQtT0hjtYpqxsbw8zJYoGM4sYpjZXyTJirO221HZEfk4Zw9eEBLahQpLvN\/C8eKG6Szv5sdWvrvtDno9G1S6IPzDJUqQoaMmLFbqp3TeM2kcY2MDfHhnn2YOkxOZoLnNXNaT+dUxt2+N2MukPguNeobu829zS"}
00661{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":266196,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAgCHEeupB9ywglqCABFAADbE\/lAAIAGfTKsEAgIrBAIyQBYwCiFN9i0DujgT1AYAQCK\/QAAiBuHmEFFmc+WsyXKuqx9Swihi4V8obVw5s2sIwUfT4tmX1K8bbM9re\/5e5wllRug+\/LlwLPFO11iuIJBpf\/1q6VzsWXZQ3Uhj6pv9Mvwu3XM\/Kg0OKnhbHwHjTwPH8AFLK9Xs6OvjCpemPsc4QD2yHfZIqmzSgyFffWrBEHUQ0oxARyRw\/cKuJ\/iV+cgVuWHP+LCTlyCV2gs4Zw\/xETck8iUuOpN6dDKbNN8Vw5JmilGwYg="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1549337952267,"flow_last_seen":0,"flow_tot_l4_data_len":334,"flow_min_l4_data_len":334,"flow_max_l4_data_len":334,"flow_avg_l4_data_len":334,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1549337952267,"flow_last_seen":0,"flow_min_l4_payload_len":314,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":314,"flow_avg_l4_payload_len":314,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00844{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":267129,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"pkt":"pB9ywglqAAgCHEeuCABFAAFiATVAAIAGj2+sEAjJrBAICMAnAYUlT+9+CA99hlAYAQDCQwAAdUvVLNApPEvRYHXzTe8zaxz\/9SHPb\/8TWpCDGqMEAHclvciM0GOY0+pGIhzH\/f\/6jOacNFpBroqFCWgt6TZwWzHkJCgQPX52B1IK52bZg0ONYZDAO1UzroKY+wbOMCsJF8\/BbP9OSbZKzzlfun2r96DSICH7w7yEUFli3VQeP0ogbe+3tFoHFjb+05dbP\/VPGYwLelBDF4MSfNFsp+OMFLmJGy8zQTsDu6jfRxBXMbl8NmKpljCGrvpbK91ZL6OpbzC0zmaE6i4hHgj8sVok02UOBn0gMsv\/uMFl8gfFKRQNU\/cuTbNe+ET9apWENw\/dcLPR6pjmHtriptNJoQ3zVjS2Tc+IkoIqsOQ3cvktrgQFCtQLWZP3pztmcBjhot2oF4ypo07u7Pn3GnXRKfmep\/RhPO\/A8\/McJI0="}
00695{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":267833,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6E\/1AAIAGfQ+sEAgIrBAIyQGFwCcID32GJU\/wuFAYAQAMIAAAMIQAAADMAgEPYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1aIGsolL+fu1BeIvW0ck8xNtulprbrU8LwWAQ+0HLcHzxYvBiLYdCRYKwhIeaZIrmfEg+Fmg6VMrCzRHOuCMx3gqqLIgnuXXvz9jtqiRlG1LxGN\/8hm6Dc5JLtY2J2bRsWOZJSU4VCKr7ax6LU"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1549337952273,"flow_last_seen":0,"flow_tot_l4_data_len":350,"flow_min_l4_data_len":350,"flow_max_l4_data_len":350,"flow_avg_l4_data_len":350,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1549337952273,"flow_last_seen":0,"flow_min_l4_payload_len":330,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":330,"flow_avg_l4_payload_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00864{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":273984,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":384,"pkt_l4_len":350,"pkt":"pB9ywglqAAgCHEeuCABFAAFyATpAAIAGj1qsEAjJrBAICMApAYWiDvrzQ6ao6FAYAQCdKwAA2XkxbZ8llDCRRskO9gczLnFPBBStfBeg8OgSpqEBOAYdhyM5RDqy\/NVC6gFAjMdVRNF4Ud\/vkuMZvi\/C9TPqJBllB8ilyB5vY\/0m8yd5y16xkjvnwbrb\/W3CqgNY3GxQ0p18n9KBChjcbfQi2adBQLNadPsG91L4HVVYSlDxeVsaDj0AMrkXgx+K3pVveifu4IJvdTmm3dssrOx7ri4BqxH9gyHnnJM+gUu5MIG+gLCwhKX1IYuuZbwXmnO9knNSHi2TJaHys\/IKitqKHwvZMTG4i5pUecWz9NSU996q6A\/\/cM86g4TCvpD7370UyqGGHaccTUUMvb5qsoRczG++plTQXQ5YE69in6j\/JeD8IrT\/3QjjRWw+cBkDPh5zGLRzdI7hQfeBq0OXmrV0OXPvzg6Pl4TznRF\/D32Q4zoFws9t5i+mUoUZd\/0N"}
00692{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":274576,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"AAgCHEeupB9ywglqCABFAAD6FAFAAIAGfQusEAgIrBAIyQGFwClDpqjoog78PVAYAQACfgAAMIQAAADMAgETYYQAAADDCgEABAAEAIeCALihgbUwgbKgAwoBAKELBgkqhkiC9xIBAgKigZ0EgZpggZcGCSqGSIb3EgECAgIAb4GHMIGEoAMCAQWhAwIBD6J4MHagAwIBEqJvBG1lU8qvBSW6OfUooizc58b3UUWb1Dc9+q1BnNlk6M5gNl0OBLUYfNGeTN7jVmkr5YZr3HGFOATkbw9DVEo286mQ0yhq4w+ZVjlShGexAg6l9M9U7cWsZU11Tj+uS9vWEh6ZGrVD7TgBU6qOlGAU"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1549337952280,"flow_last_seen":0,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":221,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1549337952280,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00686{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":280187,"pkt_caplen":255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":255,"pkt_l4_len":221,"pkt":"pB9ywglqAAgCHEeuCABFAADxAURAAIAGj9GsEAjJrBAICMArAFh+ue0Nm8k31FAYAQCDOwAAZ6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyIagSMBACARICARECARcCARgCAv95qoGWMIGToAMCARKigYsEgYjkLV5w61M4dBZf0U0Cc\/K54wTCl69GxhAdEJKI0gkw0Ve5ZSvbl+6jcyFmUgFhA4RyBx9pGsk\/XqrLuUXPEHyz9XOfuzdWYBvPp5yv4UFPIJKI5TMk\/2fkioL\/XfCG7Jr8xEeBwNw3Qk0PtCp3\/DDaU5\/NbtOzNRQiyiFTx75LpVnwmoKHd6R7"}
00654{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":281091,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AAgCHEeupB9ywglqCABFAADbFApAAIAGfSGsEAgIrBAIyQBYwCubyT2Ifrnt1lAYAQDVagAATQg2IahlDr4Do2rw09NPfPwlJMuv1fJJCc5mjToXHNxo9crR1AT1CMr5O+bZxtqN6M9uCaNjeNur9XwIFCnpBuL05RtGDqn2i9hJpKd+E88QIO6v0xwHDv6iGr\/8TVgkK3vs2tcuY57O8+c4l9vRR7jejS5ww2dQZlIjb\/CCYROJuvRqA0LHwqGM0CcXmUposD8ISy568tJuLRICL3GBKJj5gtDiSRwMYGKFzsxgs2+QN48="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282931,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"pB9ywglqAAgCHEeuCABFAABLAUpAAIAGkHGsEAjJrBAICMAsAFiP2F5aCFrVJ1AYAQB5GAAAR6URGA8yMDM3MDkxMzAyNDgwNVqnBgIEXbhyJqgFMAMCARI="}
00475{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282964,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAgCHEeupB9ywglqCABFAABYFBBAAIAGfZ6sEAgIrBAIyQBYwCwIWtrbj9hefVAYAQDaWgAAkAFNdIHXOvUSiNrRZ37a2E9NpclNBTiyKWuPGcwkWc2OKSpCtzAbfs9v1WRIgz2U"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":376,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":376,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1549337952282,"flow_last_seen":0,"flow_min_l4_payload_len":356,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":356,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00897{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":282970,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"pkt":"pB9ywglqAAgCHEeuCABFAAGMAVBAAIAGjyqsEAjJrBAICMAqAb0OVvT1RRDYGlAYAP+BiQAAx2oDxasXfLBTEcjz3tABELHnmrS3ZANlrcp\/hNjXtg\/fwYTBDdsdTzX+XDaW+uv3s2\/LBkJPP0K4Dy0YU3CzKo3pfb0515XvBfsBO7Ma0iP8tOV8txynjcFaEQvYkdi2SQ6bebHRRKNuECPHoWmL3h9GQAZAb4a73kOXQ+HdWdMxxkSNni5ZeogFxLOO9R2cL7EvadD9j700FIRXk1Ysly6p8QSOxUcF2BTlCAMMXraIVwnaJn4OFnBRV1kK62QzrTna4Mma6JSVzK\/6fCHORQn+FIHExUVoG3Vq1BveDwHtG0XGyIXhHabrgc6YQttz\/jzBPNDyI9ROMV3pQ0pZrTLzCjs+95mV\/WzyQTG\/SRF7u\/0NE9yZnVgk7HZw7F9bqd7MfX+aga2J6\/HQLbCChYzLyXsDW8WbBsbXh+XIiTyOIboYMLvBqY271GjiVoIyA7mbRvLsykMc7DElauDSPsA2vtc="}
00765{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1549337952,"pkt_ts_usec":283232,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"AAgCHEeupB9ywglqCABFAAEsFBRAAIAGfMasEAgIrBAIyQG9wCpFENgaDlb2WVAYAP9XsAAAAAABAP5TTUJAAAEAAAAAAAEAHwAJAAAAAAAAAAEAAAAAAAAA\/\/4AAAAAAABhAAAAAAQAAFesIp3Ms9YkV3HyzmcNx+gJAAAASAC4AKGBtTCBsqADCgEAoQsGCSqGSIL3EgECAqKBnQSBmmCBlwYJKoZIhvcSAQICAgBvgYcwgYSgAwIBBaEDAgEPongwdqADAgESom8EbUXiUY0MYNrse7Xdy+nvFD1NZYMmVWsdodfXY9v69kCk+MLVD1Rqj48zpMQyXFgAZRbdNaLq\/lZFH5cVcwmZOZp6PzJLHFRz2Ys9FBPKwjMkCOL5scijYfadSqIU\/eT7q\/ACDBFzzf8MmsOdu9E="}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_tot_l4_data_len":1802,"flow_min_l4_data_len":240,"flow_max_l4_data_len":395,"flow_avg_l4_data_len":300,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_tot_l4_data_len":1802,"flow_min_l4_data_len":240,"flow_max_l4_data_len":395,"flow_avg_l4_data_len":300,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_tot_l4_data_len":923,"flow_min_l4_data_len":240,"flow_max_l4_data_len":379,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_tot_l4_data_len":923,"flow_min_l4_data_len":240,"flow_max_l4_data_len":379,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00599{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00599{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00575{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_tot_l4_data_len":2915,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1464,"flow_avg_l4_data_len":1457,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00575{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":146,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":146,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00599{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00599{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":146,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":146,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":159,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00575{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":88,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":88,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":110,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_tot_l4_data_len":2924,"flow_min_l4_data_len":1452,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1462,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00578{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":156,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":620,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":156,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":620,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_tot_l4_data_len":2915,"flow_min_l4_data_len":1451,"flow_max_l4_data_len":1464,"flow_avg_l4_data_len":1457,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00600{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_tot_l4_data_len":557,"flow_min_l4_data_len":259,"flow_max_l4_data_len":298,"flow_avg_l4_data_len":278,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00600{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":132,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00574{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":60,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":60,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":135,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":146,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00601{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_tot_l4_data_len":515,"flow_min_l4_data_len":255,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_tot_l4_data_len":515,"flow_min_l4_data_len":255,"flow_max_l4_data_len":260,"flow_avg_l4_data_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00601{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":182,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":182,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00573{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":61,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":61,"flow_max_l4_data_len":86,"flow_avg_l4_data_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_tot_l4_data_len":447,"flow_min_l4_data_len":210,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_tot_l4_data_len":447,"flow_min_l4_data_len":210,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":223,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":199,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":199,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00576{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":199,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":199,"flow_max_l4_data_len":221,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00573{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":55,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_tot_l4_data_len":123,"flow_min_l4_data_len":55,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_tot_l4_data_len":492,"flow_min_l4_data_len":230,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_tot_l4_data_len":492,"flow_min_l4_data_len":230,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_tot_l4_data_len":492,"flow_min_l4_data_len":230,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_tot_l4_data_len":492,"flow_min_l4_data_len":230,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_tot_l4_data_len":516,"flow_min_l4_data_len":230,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_tot_l4_data_len":564,"flow_min_l4_data_len":230,"flow_max_l4_data_len":334,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_tot_l4_data_len":564,"flow_min_l4_data_len":230,"flow_max_l4_data_len":334,"flow_avg_l4_data_len":282,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":230,"flow_max_l4_data_len":350,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":230,"flow_max_l4_data_len":350,"flow_avg_l4_data_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":247,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":247,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":247,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_tot_l4_data_len":527,"flow_min_l4_data_len":247,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":280,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":280,"flow_max_l4_data_len":376,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1549337930219,"flow_last_seen":1549337951711,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":1682,"flow_avg_l4_payload_len":280,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49165,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1549337940432,"flow_last_seen":1549337940433,"flow_min_l4_payload_len":220,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":863,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49185,"dst_port":49155,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00611{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00611{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1549337929811,"flow_last_seen":1549337929812,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49158,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00587{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1549337929815,"flow_last_seen":1549337929815,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49159,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1549337929816,"flow_last_seen":1549337929816,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49160,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00587{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1549337929981,"flow_last_seen":1549337929983,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49162,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00611{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1549337930192,"flow_last_seen":1549337930193,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49166,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00611{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1549337930214,"flow_last_seen":1549337930214,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49167,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1549337930217,"flow_last_seen":1549337930217,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":139,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49168,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00586{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1549337931198,"flow_last_seen":1549337931199,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49170,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1549337931210,"flow_last_seen":1549337931211,"flow_min_l4_payload_len":1432,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":2884,"flow_avg_l4_payload_len":1442,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49171,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00590{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_min_l4_payload_len":136,"flow_max_l4_payload_len":1064,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":600,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49173,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1549337931218,"flow_last_seen":1549337931219,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49175,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1549337931219,"flow_last_seen":1549337931220,"flow_min_l4_payload_len":1431,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":2875,"flow_avg_l4_payload_len":1437,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49176,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00612{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1549337937703,"flow_last_seen":1549337937703,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49181,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00612{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1549337937724,"flow_last_seen":1549337937724,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":319,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":215,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49182,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1549337937725,"flow_last_seen":1549337937726,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49183,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1549337940431,"flow_last_seen":1549337940432,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49186,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00613{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1549337951630,"flow_last_seen":1549337951631,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":475,"flow_avg_l4_payload_len":237,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49187,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00613{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"happycraft","username":"theresa.johnson"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1549337951638,"flow_last_seen":1549337951638,"flow_min_l4_payload_len":162,"flow_max_l4_payload_len":315,"flow_tot_l4_payload_len":477,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49188,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1549337951639,"flow_last_seen":1549337951639,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":53,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49189,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1549337951709,"flow_last_seen":1549337951710,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49190,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1549337952265,"flow_last_seen":1549337952266,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49192,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00588{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1549337952280,"flow_last_seen":1549337952281,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49195,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00584{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","ndpi": {"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"","username":""}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952282,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49196,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1549337929983,"flow_last_seen":1549337929983,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49161,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1549337931189,"flow_last_seen":1549337931190,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49169,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1549337931211,"flow_last_seen":1549337931213,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":242,"flow_tot_l4_payload_len":452,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49172,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1549337937690,"flow_last_seen":1549337937691,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49179,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1549337937700,"flow_last_seen":1549337937701,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":266,"flow_tot_l4_payload_len":476,"flow_avg_l4_payload_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49180,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1549337952267,"flow_last_seen":1549337952267,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":314,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":262,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49191,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","ndpi": {"proto":"LDAP","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1549337952273,"flow_last_seen":1549337952274,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":330,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49193,"dst_port":389,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1549337929817,"flow_last_seen":1549337929818,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49156,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"SMBv23","breed":"Acceptable","category":"System"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test"}
diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out
index b3e61eabe..19d43837a 100644
--- a/test/results/long_tls_certificate.pcap.out
+++ b/test/results/long_tls_certificate.pcap.out
@@ -1,22 +1,22 @@
00488{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609756181300,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609756181300,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":300869,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"}
00451{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671657,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":671808,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeEapWwtclAQ\/\/+JLgAA"}
01120{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756181,"pkt_ts_usec":681181,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGqFzAqAE8ag9ke9glAbsIXeEapWwtclAY\/\/+6nwAAFgMBAgABAAH8AwPaLdEq+3GSHdtF+4ttW9KB\/sTfZhziqSrMTPedTeLckgAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABwAGgAAF2JlYWNvbi1hcGkuYWxpeXVuY3MuY29tAAsABAMAAQIACgA6ADgADgANABkAHAALAAwAGwAYAAkACgAaABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACYAJAYBBgIGA+\/vBQEFAgUDBAEEAgQD7u7t7QMBAwIDAwIBAgICAzN0AAAAEAAOAAwCaDIIaHR0cC8xLjEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_tot_l4_data_len":645,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609756181300,"flow_last_seen":1609756181681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00426{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":32584,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAosodAACkGDtpqD2R7wKgBPAG72CWlbC1yCF3jH1AQHIRqpQAAAAAAAAAA"}
02370{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35428,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsohAACkGCS1qD2R7wKgBPAG72CWlbC1yCF3jH1AQHIScHwAAFgMDAGYCAABiAwNJG4xUCuaJD9t\/MpaNduncOH59x5uIxbalW8qat6w+NiCgetLVp\/s33qraCXEgez0aJJBWY\/R9dMTYW1HqAw1BA8ArAAAa\/wEAAQAAAAAAAAsABAMAAQIAEAAFAAMCaDIWAwMZuAsAGbQAGbEAFT4wghU6MIIUIqADAgECAgwc5mSsdn950NYZ2Y4wDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExPDA6BgNVBAMTM0dsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0EgLSBTSEEyNTYgLSBHMjAeFw0yMDExMjUxMDEyMDdaFw0yMTEyMjcxMDA2MDZaMHkxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVKaWFuZzERMA8GA1UEBxMISGFuZ1pob3UxLTArBgNVBAoTJEFsaWJhYmEgKENoaW5hKSBUZWNobm9sb2d5IENvLiwgTHRkLjEVMBMGA1UEAwwMKi5hbGl5dW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX8DOidQanu01bTZp2rxBuXR9dZJJRt7fHTflE7zGP\/bT84MkTATEhxOz3+NFOuva3vxRvYT\/N7t1iqLN\/cYtuqOCEp4wghKaMA4GA1UdDwEB\/wQEAwIDiDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUHMAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5pemF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAyARQwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQICMAkGA1UdEwQCMAAwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc29yZ2FuaXphdGlvbnZhbHNoYTJnMi5jcmwwgg\/OBgNVHREEgg\/FMIIPwYIMKi5hbGl5dW4uY29tghptYW5hZ2VyLmNoYW5uZWwuYWxpeXVuLmNvbYIQKi5hY2UuYWxpeXVuLmNvbYIbKi5hY3MtaW50ZXJuYWwuYWxpeXVuY3MuY29tghAqLmFjcy5hbGl5dW4uY29tghQqLmFpY3Jvd2QuYWxpeXVuLmNvbYIUKi5hbGliYWJhY2xvdWQuY28uaW6CEiouYWxpYmFiYWNsb3VkLmNvbYIVKi5hbGliYWJhY2xvdWQuY29tLmF1ghUqLmFsaWJhYmFjbG91ZC5jb20uaGuCFSouYWxpYmFiYWNsb3VkLmNvbS5teYIVKi5hbGliYWJhY2xvdWQuY29tLnNnghUqLmFsaWJhYmFjbG91ZC5jb20udHeCDCouYWxpY2RuLmNvbYIOKi5hbGljbG91ZC5jb22CFSouYWxpZ3JvdXAuYWxpeXVuLmNvbYIMKi5hbGltZWkuY29tghIqLmFsaW5rLmFsaXl1bi5jb22CFCouYWxpb3MuYWxpeXVuY3MuY29tgg0qLmFsaXBsdXMuY29tghUqLmFsaXRyYW54LmFsaXl1bi5jb22CFiouYWxpeXVuLWlvdC1zaGFyZS5jb22CDiouYWxpeXVuY3MuY29tggoqLmFseW1zLmNugh0qLmFwLW5vcnRoZWFzdC0xLmFsaXl1bmNzLmNvbYIZKi5hcC1zb3V0aC0xLmFsaXl1bmNzLmNvbYIdKi5hcC1zb3V0aGVhc3Qt"}
-00792{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_tot_l4_data_len":2137,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00803{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02360{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35504,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsolAACkGCSxqD2R7wKgBPAG72CWlbDMeCF3jH1AQHISyVgAAMS5hbGl5dW5jcy5jb22CHSouYXAtc291dGhlYXN0LTIuYWxpeXVuY3MuY29tgh0qLmFwLXNvdXRoZWFzdC0zLmFsaXl1bmNzLmNvbYIdKi5hcC1zb3V0aGVhc3QtNS5hbGl5dW5jcy5jb22CECouYXBpLmFsaXl1bi5jb22CECouYXBtLmFsaXl1bi5jb22CECouYXBwLmFsaXl1bi5jb22CDCouYXNtbGluay5jboIUKi5iYW5tYS5hbGl5dW5jcy5jb22CFyouYmFzZS5zaHVqdS5hbGl5dW4uY29tgg8qLmJpLmFsaXl1bi5jb22CECouYml6LmFsaXl1bi5jb22CEyouYnJpZGdlLmFsaXl1bi5jb22CEiouY2NjLmFsaXl1bmNzLmNvbYITKi5jZW50ZXIuYWxpeXVuLmNvbYIWKi5jaXR5YnJhaW4uYWxpeXVuLmNvbYIVKi5jbG91ZGFwcC5hbGl5dW4uY29tgg8qLmNsb3VkZWFnbGUuY26CFiouY2xvdWRnYW1lLmFsaXl1bi5jb22CGSouY24tYmVpamluZy5hbGl5dW5jcy5jb22CGSouY24tY2hlbmdkdS5hbGl5dW5jcy5jb22CGSouY24tZ3VpemhvdS5hbGl5dW5jcy5jb22CGSouY24taGFpZGlhbi5hbGl5dW5jcy5jb22CIiouY24taGFuZ3pob3UtZmluYW5jZS5hbGl5dW5jcy5jb22CGiouY24taGFuZ3pob3UuYWxpeXVuY3MuY29tghoqLmNuLWhvbmdrb25nLmFsaXl1bmNzLmNvbYIbKi5jbi1odWhlaGFvdGUuYWxpeXVuY3MuY29tghkqLmNuLW5pbmd4aWEuYWxpeXVuY3MuY29tgh8qLmNuLW5vcnRoLTItZ292LTEuYWxpeXVuY3MuY29tgiAqLmNuLXFpbmdkYW8tbmVidWxhLmFsaXl1bmNzLmNvbYIZKi5jbi1xaW5nZGFvLmFsaXl1bmNzLmNvbYIkKi5jbi1zaGFuZ2hhaS1maW5hbmNlLTEuYWxpeXVuY3MuY29tghgqLmNuLXNoYW5naGFpLmFsaXl1bi5jb22CGiouY24tc2hhbmdoYWkuYWxpeXVuY3MuY29tgiUqLmNuLXNoZW56aGVuLWNsb3Vkc3RvbmUuYWxpeXVuY3MuY29tgiQqLmNuLXNoZW56aGVuLWZpbmFuY2UtMS5hbGl5dW5jcy5jb22CGiouY24tc2hlbnpoZW4uYWxpeXVuY3MuY29tghkqLmNuLXNpY2h1YW4uYWxpeXVuY3MuY29tgh0qLmNuLXpoYW5namlha291LmFsaXl1bmNzLmNvbYIUKi5jb25uZWN0LmFsaXl1bi5jb22CGiouY29uc29sZS5hbGliYWJhY2xvdWQuY29tghYqLmNvbnNvbGUuYWxpY2xvdWQuY29tghQqLmNvbnNvbGUuYWxpeXVuLmNvbYIPKi5jcy5hbGl5dW4uY29tghcqLmNzY2hhdC1jY3MuYWxpeXVuLmNvbYIRKi5kYXRhLmFsaXl1bi5jb22CFCouZGF0YWFwaS5hbGl5dW4uY29tghQqLmRhdGFxLmFsaXl1bmNzLmNvbYISKi5kYXRhdi5hbGl5dW4uY29tghQqLmRhdGF2LmFsaXl1bmNzLmNvbYIUKi5kZXZsb3BzLmFsaXl1bi5jb22CEyouZGV2b3BzLmFsaXl1bi5jb22CESouZGl0dS5hbGl5dW4uY29tghMqLmRvbWFpbi5hbGl5dW4uY29tghIqLmR5aW90LmFsaXl1bi5jb22CECouZWJzLmFsaXl1bi5jb22CESouZW1hcy5hbGl5dW4uY29tghAqLmVtci5hbGl5dW4uY29tghcqLmVudGVycHJpc2UuYWxpeXVuLmNvbYIQKi5lbnYuYWxpeXVu"}
02360{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35574,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsopAACkGCStqD2R7wKgBPAG72CWlbDjKCF3jH1AQHIQzGQAALmNvbYIYKi5ldC1pbmR1c3RyeS5hbGl5dW4uY29tghsqLmV1LWNlbnRyYWwtMS5hbGl5dW5jcy5jb22CGCouZXUtd2VzdC0xLmFsaXl1bmNzLmNvbYIPKi5mYy5hbGl5dW4uY29tgh0qLmZlZWRiYWNrLmNvbnNvbGUuYWxpeXVuLmNvbYISKi5ndHMteC5hbGl5dW4uY29tghAqLmd0cy5hbGl5dW4uY29tghUqLmhlbHAtY2NzLmFsaXl1bi5jb22CDSouaWFsaWNkbi5jb22CGCouaW4tbXVtYmFpLmFsaXl1bmNzLmNvbYIQKi5pb3QuYWxpeXVuLmNvbYIXKi5qcC1mdWRhby5hbGl5dW5jcy5jb22CFyoubGlua2VkbWFsbC5hbGl5dW4uY29tghQqLmxpbmt3YW4uYWxpeXVuLmNvbYITKi5saXZpbmcuYWxpeXVuLmNvbYISKi5sdWJhbi5hbGl5dW4uY29tgg4qLm0uYWxpeXVuLmNvbYITKi5tYXJrZXQuYWxpeXVuLmNvbYIXKi5tYXhjb21wdXRlLmFsaXl1bi5jb22CGCoubWUtZWFzdC0xLmFsaXl1bmNzLmNvbYISKi5tZWRpYS5hbGl5dW4uY29tghoqLm1pY3JvZGluZ3RhbGsuYWxpeXVuLmNvbYIQKi5taXQuYWxpeXVuLmNvbYITKi5tb2JpbGUuYWxpeXVuLmNvbYIRKi5tc2VhLmFsaXl1bi5jb22CECoubXRzLmFsaXl1bi5jb22CECoubXZwLmFsaXl1bi5jb22CEyoubmVidWxhLmFsaXl1bi5jb22CEioubmxzLmFsaXl1bmNzLmNvbYIRKi5vZHBzLmFsaXl1bi5jb22CECoub25zLmFsaXl1bi5jb22CECoub3NlLmFsaXl1bi5jb22CFSoucGFpLmRhdGEuYWxpeXVuLmNvbYIeKi5wY3MtZ3ctY24tYmVpamluZy5hbGl5dW4uY29tgh8qLnBjcy1ndy1jbi1zaGFuZ2hhaS5hbGl5dW4uY29tgg0qLnBocHdpbmQuY29tgg0qLnBocHdpbmQubmV0ghwqLnByZS1zZy1wdXJjaGFzZS5hbGl5dW4uY29tghMqLnByZXB1Yi5hbGl5dW4uY29tghsqLnByb2R1Y3QuY2VudGVyLmFsaXl1bi5jb22CECoucHRzLmFsaXl1bi5jb22CIiouci1hcHAtY24tYmVpamluZy1kYXRhLmFsaXl1bi5jb22CIyouci1hcHAtY24taGFuZ3pob3UtZGF0YS5hbGl5dW4uY29tgiMqLnItYXBwLWNuLXNoZW56aGVuLWRhdGEuYWxpeXVuLmNvbYIXKi5yLWFwcC1kYXRhLmFsaXl1bi5jb22CECoucmRjLmFsaXl1bi5jb22CECoucmRzLmFsaXl1bi5jb22CESoucmVpZC5hbGl5dW4uY29tghYqLnNjLWNtZGIuYWxpeXVuY3MuY29tghEqLnNjc3AuYWxpeXVuLmNvbYIRKi5zZy5hbGl5dW5jcy5jb22CEiouc2h1anUuYWxpeXVuLmNvbYISKi5zbWFydC5hbGl5dW4uY29tghAqLnNvYy5hbGl5dW4uY29tghIqLnNvYy5hbGl5dW5jcy5jb22CDyouc3BhcmVub2RlLmNvbYILKi5zdXBldC5jb22CCioudGJ1cmwuaW6CECoudGVhbWJpdGlvbi5jb22CECoudGVhbWJpdGlvbi5uZXSCFCoudGVhbWJpdGlvbmFwaXMuY29tghQqLnRpYW5jaGkuYWxpeXVuLmNvbYIUKi50b29sa2l0LmFsaXl1bi5jb22CDyoudHYuYWxpeXVuLmNvbYIaKi50dy1nYW94aW9uZy5hbGl5dW5jcy5jb22CGCoudXMtZWFzdC0xLmFsaXl1bmNzLmNv"}
00420{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWw4ylAQ\/\/970QAA"}
02370{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35697,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUsotAACkGCSpqD2R7wKgBPAG72CWlbD52CF3jH1AQHISgZgAAbYIYKi51cy13ZXN0LTEuYWxpeXVuY3MuY29tghMqLndlYmlkZS5hbGl5dW4uY29tghIqLnl1bnR1LmFsaXl1bi5jb22CEmFjY291bnQud3d3Lm5ldC5jboISYWxpYmFiYWNsb3VkLmNvLmlughBhbGliYWJhY2xvdWQuY29tghNhbGliYWJhY2xvdWQuY29tLmF1ghNhbGliYWJhY2xvdWQuY29tLmhrghNhbGliYWJhY2xvdWQuY29tLm15ghNhbGliYWJhY2xvdWQuY29tLnNnghNhbGliYWJhY2xvdWQuY29tLnR3ggphbGljZG4uY29tggxhbGljbG91ZC5jb22CCmFsaW1laS5jb22CFGFsaXl1bi1pb3Qtc2hhcmUuY29tggxhbGl5dW5jcy5jb22CDWRjLnd3dy5uZXQuY26CDmRtcC53d3cubmV0LmNugg5kbnMud3d3Lm5ldC5jboIQcGFuZGEud3d3Lm5ldC5jboITcGFuZGF2aXAud3d3Lm5ldC5jboILcGhwd2luZC5jb22CC3BocHdpbmQubmV0ggxzY2RucGhpNi5jb22CDXNwYXJlbm9kZS5jb22CCXN1cGV0LmNvbYIIdGJ1cmwuaW6CDnRlYW1iaXRpb24uY29tgg50ZWFtYml0aW9uLm5ldIISdGVhbWJpdGlvbmFwaXMuY29tghJ0aWFuY2hpLWdsb2JhbC5jb22CEHdob2lzLnd3dy5uZXQuY26CCmFsaXl1bi5jb20wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MB0GA1UdDgQWBBS1rMccry6USHZgDo7Wjgdj5z3EHzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABdf7jnGIAAAQDAEYwRAIgb6RcZA8xurHDVBi7zHLW5fKk76P8WvRINl7DZMhJNA0CIC6ZLUg8oBD52LdtCamtIOPfVrJh85neJA9P\/iS5nDLvAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1\/uOfNwAABAMASDBGAiEAkvtjq2hkFY7U9xUn1jC5F5+3yd7QS9qssGn+05rbopkCIQDA7JaNItVj9eImcEl5yUAAEz+onEzzy+WlkDCVmyNMyzANBgkqhkiG9w0BAQsFAAOCAQEAkEFhPNKObcW9LPG0yDs227Vyth35HCLU63SLgeernqxxa1xcRfq8Q3wuR0uG0KVHMCEIOplP+9gs+egMTIKU+5GiKwYRphnJcWZbVAaAe2CnwerfXL+i39lZGil5aDrNQqNOQHvr0GtdbOAseYPgn8fUifvdlA8Up8umCjq\/g\/cb4cAhrrrTGjUmRuZnEO\/EuZlZoNZCrHxSuqUwqwzZb4KUmt3ufIM9qAtcOxD9x3+xjHtyJ+zJpXe6WFCIJwZs1ogu9opZIP1K9AFA\/C7BaXx8A48iuzemFveUdHe0kJG3dQZBdiUGjywqTARxqV3MlgWOMcCjfPSw\/0MJ8xJCOgAEbTCCBGkwggNRoAMCAQICCwQAAAAAAURO8EJHMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTQwMjIwMTAwMDAwWhcNMjQwMjIwMTAwMDAwWjBmMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTE8MDoGA1UEAxMzR2xvYmFsU2lnbiBPcmdhbml6YXRpb24gVmFsaWRh"}
00422{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWxEIlAQ\/\/9weQAA"}
01837{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35821,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"KDc3AG3IEBMx8Tl2CABFAARCsoxAACkGCrtqD2R7wKgBPAG72CWlbEQiCF3jH1AYHIQyjQAAdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127\/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR\/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4\/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBJTCCASEwDgYDVR0PAQH\/BAQDAgEGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMA0GCSqGSIb3DQEBCwUAA4IBAQBGKu5eva4BYDcxEYZxdLZGScgQFv4vYiMXqx+H+ILtyt8OLN9kdY7lGHKnjDqLyayld1D3756k4KCPFFejKl\/sfm0Q5rqNsAiHdg5MstlRuxEC8lzdHL3zVZYP1AbA\/OIjiiRw07vweRqnYXCDiq8GxSDYoWPQbK5PMteufBhFdQUpd99CQGRkhr4qdgkxbx0k9JnQhf7yIQj5xvbx0Fnt1lY8CCgDZ7rw+fGQFkeuZ+a8gEjpQnY0l1VpJA6D1qAttPXzeYpJKHQaQaHC0ySINTBglBe04QQiMT07LxcGsridhitaae+D9UvEqrQq+HyhsYWUjPQMhwz0rED4WUmYFgMDAJQMAACQAwAXQQQHBay7E+l5uDF6vN0dNLfHZ3XFe8J1r8409dB6E5YGVhU9B+hLA4Y34U3QyAAeGWQ1RguC3GcZ8MZf0+Ru71\/JBAMARzBFAiAgyGq4ahdxqLGVDNRsFNBgOBB+olXEjHLxrojVx2ay6wIhAOyZtyRBCq\/VlL8q4e2g98hxlplagBQF4DnrtMUJaXs6FgMDAAQOAAAA"}
-04929{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_tot_l4_data_len":7663,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":638,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","issuerDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}
+04940{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","issuerDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}
00422{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":35862,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGqmHAqAE8ag9ke9glAbsIXeMfpWxIPFAQ\/\/9sXwAA"}
01837{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":43894,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"KDc3AG3IEBMx8Tl2CABFAARCso1AACkGCrpqD2R7wKgBPAG72CWlbEQiCF3jH1AYHIQyjQAAdGlvbiBDQSAtIFNIQTI1NiAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5sPyOTf8xwpZ0gww5TP37ATsKYScpH1SPvAzSFdMijAi5GXAt9yYidT4vw+JxsjFU127\/ys+r741bnSkbZEyLKNtWbwajjlkOT8gy85vnm6JnIY0h4f1c2aRoZHVrR1H3CnNR\/4YASrnrqiOpX2MoKCjoSSaJiGXoNJPc367RzknsFI5sStc7rKd+kFAK5AaXUppxDZIje+H7+4\/Ue5f7co6jkZjHZTCXpGLmJWQmu6Z0cbTcPSh41ICjir9QhiwHERa1uK2OrkmthCk0g7XO6fM7+FrXbn4Dw1ots2Qh5Sk94ZdqSvL41+bPE+SeATv+WUuYCIOEHc+ldK72y8QIDAQABo4IBJTCCASEwDgYDVR0PAQH\/BAQDAgEGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJbeYfG9HBYpUxzAzH07gwBA5hp8MEcGA1UdIARAMD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24ubmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMA0GCSqGSIb3DQEBCwUAA4IBAQBGKu5eva4BYDcxEYZxdLZGScgQFv4vYiMXqx+H+ILtyt8OLN9kdY7lGHKnjDqLyayld1D3756k4KCPFFejKl\/sfm0Q5rqNsAiHdg5MstlRuxEC8lzdHL3zVZYP1AbA\/OIjiiRw07vweRqnYXCDiq8GxSDYoWPQbK5PMteufBhFdQUpd99CQGRkhr4qdgkxbx0k9JnQhf7yIQj5xvbx0Fnt1lY8CCgDZ7rw+fGQFkeuZ+a8gEjpQnY0l1VpJA6D1qAttPXzeYpJKHQaQaHC0ySINTBglBe04QQiMT07LxcGsridhitaae+D9UvEqrQq+HyhsYWUjPQMhwz0rED4WUmYFgMDAJQMAACQAwAXQQQHBay7E+l5uDF6vN0dNLfHZ3XFe8J1r8409dB6E5YGVhU9B+hLA4Y34U3QyAAeGWQ1RguC3GcZ8MZf0+Ru71\/JBAMARzBFAiAgyGq4ahdxqLGVDNRsFNBgOBB+olXEjHLxrojVx2ay6wIhAOyZtyRBCq\/VlL8q4e2g98hxlplagBQF4DnrtMUJaXs6FgMDAAQOAAAA"}
00438{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"long_tls_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609756182,"pkt_ts_usec":43951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqlXAqAE8ag9ke9glAbsIXeMfpWxIPIAQ\/\/9fEAAAAQEFCqVsRCKlbEg8"}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_tot_l4_data_len":13184,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":280,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00140{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test"}
diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out
index cc68ca7a7..61402edbe 100644
--- a/test/results/malformed_dns.pcap.out
+++ b/test/results/malformed_dns.pcap.out
@@ -1,14 +1,14 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_dns.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591551760342,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591551760342,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551760,"pkt_ts_usec":342902,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591551760342,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591551760342,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02609{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551760,"pkt_ts_usec":357435,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_tot_l4_data_len":1432,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1396,"flow_avg_l4_data_len":716,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
+00703{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
02609{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551760,"pkt_ts_usec":372114,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
00437{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551765,"pkt_ts_usec":342879,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="}
-00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1591551760342,"flow_last_seen":1591551765342,"flow_tot_l4_data_len":2864,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1396,"flow_avg_l4_data_len":716,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
+00703{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1591551760342,"flow_last_seen":1591551765342,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":2832,"flow_avg_l4_payload_len":708,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
02609{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551765,"pkt_ts_usec":355529,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1591551760342,"flow_last_seen":1591551765355,"flow_tot_l4_data_len":4260,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1396,"flow_avg_l4_data_len":852,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
+00703{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1591551760342,"flow_last_seen":1591551765355,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4220,"flow_avg_l4_payload_len":844,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}}
02609{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591551765,"pkt_ts_usec":368813,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_tot_l4_data_len":5656,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1396,"flow_avg_l4_data_len":942,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test"}
diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out
index bc9e2b0a5..06124b0ed 100644
--- a/test/results/malformed_icmp.pcap.out
+++ b/test/results/malformed_icmp.pcap.out
@@ -1,6 +1,6 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_icmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00397{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1593066612,"pkt_ts_usec":951269,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17":"Malformed packet"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1593066612951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test"}
diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out
index f3dea393c..764cc6ec6 100644
--- a/test/results/malware.pcap.out
+++ b/test/results/malware.pcap.out
@@ -1,41 +1,41 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571466,"pkt_ts_usec":977364,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569571466977,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571467,"pkt_ts_usec":1085,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"MFLLbJwbCGoKOl4eCABFAABgLqZAADcRSzYBAQEBwKgHBwA1pYIATEdsC6SBgAABAAEAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAHADAABAAEAAAABAARD11zSAAApBawAAAAAAAA="}
-00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":72,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}}
-00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"67.215.92.210"}}
+00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571470,"pkt_ts_usec":672893,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"CGoKOl4eMFLLbJwbCABFAABU4M1AAEABCcTAqAcHkIv33AgApMYAAQABjsKNXQAAAABuRAoAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
-00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569571476,"pkt_ts_usec":362891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":72,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569571476362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569571470672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00849{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579408,"pkt_ts_usec":876326,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="}
-00703{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
+00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569579408876,"flow_last_seen":0,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}}
00466{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579409,"pkt_ts_usec":87861,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"MFLLbJwbCGoKOl4eCABFAABUIjBAADgGuBtD11zSwKgHBwBQvQrrd8wJyb3V8FAYAO11CAAALDXKuXRPxt9F45TTtQ17T177PqBz\/8Tm+6YgbZe0R+XFq38BUlr3UR8MAAA="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569579416636,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569579416636,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":636584,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0xe5AAEAGDH3AqAcHQ9dc0omkAbvdSlrrAAAAAIAC+vBofwAAAgQFtAEBBAIBAwMH"}
00422{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":828379,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MFLLbJwbCGoKOl4eCABFAAA0AABAADgG2mtD11zSwKgHBwG7iaQdaco+3Upa7IASchDpWQAAAgQFtAEBBAIBAwMH"}
00406{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":828406,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"}
01103{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579416,"pkt_ts_usec":830077,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"CGoKOl4eMFLLbJwbCABFAAItxfBAAEAGCoLAqAcHQ9dc0omkAbvdSlrsHWnKP1AYAfZqeAAAFgMBAgABAAH8AwNiGwz6Nx6gZEkQ5mHfc0bz9cG8Q1IQ44DgAeGoVKlHzyC81+PdFDLSNn+Pdda1KG5hVhfTFmh4W9u7vJ1FmUKJWAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQABjwAAABwAGgAAF3d3dy5pbnRlcm5ldGJhZGd1eXMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACCsOS9UcRaQolAvHH2lkEhvl6dNSVE29u8oKtYL+CH9BQAXAEEEoQXtl8vTSjgX92dpSeeQSX7Rmu4m1tT+guDWflQ+qUwx5JY0QUT2kxtvCYRY4\/6+TGd5ECmhJM43gC52CQwAHQArAAkIAwQDAwMCAwEADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEBABwAAkABABUAhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_tot_l4_data_len":621,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":155,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00415{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":18328,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"MFLLbJwbCGoKOl4eCABFAAAoJgFAADgGtHZD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2ZSgAAAAAAAAAA"}
02366{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29746,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgJAADgGrsFD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2JzQAAFgMDAEECAAA9AwOa8CbmIYLLORDT1HMzSXUr5DAbh3ZNL4mtllETBChcZwDALwAAFf8BAAEAAAsABAMAAQIAIwAAAAUAABYDAxBECwAQQAAQPQALnzCCC5swggqDoAMCAQICEA2S4SYiNapCCj9kLK8AtiMwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMB4XDTE4MDQyNjAwMDAwMFoXDTIwMDcyOTAwMDAwMFowbDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFjAUBgNVBAoTDU9wZW5ETlMsIEluYy4xGDAWBgNVBAMTD2FwaS5vcGVuZG5zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFe5RV9FWMejiuAedy83bKi99wc6eVJ9gxWHVD6DIdnVp8uJu7ko4lNWSZSHFA7ddiZBBCoaZ0q2DItmdSWkLGzkVlKrtTmyErtja60BY0ZShOkFIw4L9o4rMYKFDihhYnoFEJoVjoU8NowIlgdVzWiSPijrpLUVEh15+lcIXjOSdpUg4wicB+v9Ja2+ONWEmrQ40RRZIfXJ+sHQa\/E81Ei38tQouzBEuMG12jhf0ZPpeAJ\/AzHsvcJkWY2Ng\/DTELFAM7s8ey4ciWPIb+bg\/i4tG7s\/73JusB4AqcpVXmAIAkUIhHOZRyRa2DBGSaNMZin2Az4qz1PAxkYy+py2msCAwEAAaOCCFYwgghSMB8GA1UdIwQYMBaAFA+AYRyCMWHVLyjnjUY4tCzhxtniMB0GA1UdDgQWBBR7ONynPoW1tvxlGV7XqExiGFHreTCCBJ8GA1UdEQSCBJYwggSSgg9hcGkub3BlbmRucy5jb22CGWJyYW5kZWQtbG9naW4ub3BlbmRucy5jb22CFmNhY2hlY2hlY2sub3BlbmRucy5jb22CFWNvbW11bml0eS5vcGVuZG5zLmNvbYIWZGFzaGJvYXJkMi5vcGVuZG5zLmNvbYIVZGFzaGJvYXJkLm9wZW5kbnMuY29tghpkYXNoYm9hcmQtaXB2NC5vcGVuZG5zLmNvbYIVbXNwLWxvZ2luLm9wZW5kbnMuY29tghRhcGktaXB2NC5vcGVuZG5zLmNvbYIUYXBpLWlwdjYub3BlbmRucy5jb22CFWF1dGh6LmFwaS5vcGVuZG5zLmNvbYISZG9tYWluLm9wZW5kbnMuY29tghRoZWxwLnZwbi5vcGVuZG5zLmNvbYIUaWRlYWJhbmsub3BlbmRucy5jb22CEWxvZ2luLm9wZW5kbnMuY29tghNuZXRnZWFyLm9wZW5kbnMuY29tghpyZXNlbGxlci1sb2dpbi5vcGVuZG5zLmNvbYISaW1hZ2VzLm9wZW5kbnMuY29tghhpbWFnZXMtdXNpbmcub3BlbmRucy5jb22CEXN0b3JlLm9wZW5kbnMuY29tghJzaWdudXAub3BlbmRucy5jb22CEnR3aWxpby5vcGVuZG5zLmNvbYITdXBkYXRlcy5vcGVuZG5zLmNvbYISc2hhcmVkLm9wZW5kbnMuY29tghF0b29scy5vcGVuZG5zLmNvbYIRY2FjaGUub3BlbmRucy5jb22CEGFwaS51bWJyZWxsYS5jb22CGmJyYW5kZWQtbG9naW4udW1icmVsbGEuY29tghdjYWNoZWNoZWNrLnVtYnJlbGxhLmNvbYIWY29tbXVuaXR5LnVtYnJlbGxhLmNvbYIXZGFzaGJvYXJkMi51bWJyZWxsYS5jb22CFmRhc2hib2FyZC51bWJyZWxsYS5jb22CG2Rhc2hib2E="}
-00847{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_tot_l4_data_len":2121,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00406{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29778,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfFAAEAGDIbAqAcHQ9dc0omkAbvdSlzxHWnP81AQAfVocwAA"}
02380{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29821,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgNAADgGrsBD11zSwKgHBwG7iaQdac\/z3Upc8VAQAO0lMgAAcmQtaXB2NC51bWJyZWxsYS5jb22CFm1zcC1sb2dpbi51bWJyZWxsYS5jb22CFWFwaS1pcHY0LnVtYnJlbGxhLmNvbYIVYXBpLWlwdjYudW1icmVsbGEuY29tghZhdXRoei5hcGkudW1icmVsbGEuY29tghNkb21haW4udW1icmVsbGEuY29tghVoZWxwLnZwbi51bWJyZWxsYS5jb22CFWlkZWFiYW5rLnVtYnJlbGxhLmNvbYISbG9naW4udW1icmVsbGEuY29tghRuZXRnZWFyLnVtYnJlbGxhLmNvbYIbcmVzZWxsZXItbG9naW4udW1icmVsbGEuY29tghNpbWFnZXMudW1icmVsbGEuY29tghlpbWFnZXMtdXNpbmcudW1icmVsbGEuY29tghJzdG9yZS51bWJyZWxsYS5jb22CE3NpZ251cC51bWJyZWxsYS5jb22CE3R3aWxpby51bWJyZWxsYS5jb22CFHVwZGF0ZXMudW1icmVsbGEuY29tghNzaGFyZWQudW1icmVsbGEuY29tghJ0b29scy51bWJyZWxsYS5jb22CEmNhY2hlLnVtYnJlbGxhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWMDXchzAAAEAwBGMEQCIFTwPSzquKFW5HUiYU\/zIQQmF\/0KBNbLEXmO85TgdtvgAiBfwZ3J3Dx8uTYNM0iOZnheXqrrgpCH+en\/keS7Yyf9KgB2AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABYwNdyhYAAAQDAEcwRQIhAP63AMWZiylpR0M0FjgAyqMe\/47i75E1\/S\/+0HOB2NjRAiBXMuVKKA3CIs0v+Fcmw5Zz\/6wZB1noI8dI6HMBp3SfqwB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABYwNdyTEAAAQDAEcwRQIhAL5iHDu\/wdgrlFN\/zFT9bEw9r6A790WGiSil4WTCVmMcAiBtjip5jRY9gF2T6URXMwNqAdeBp85T99iwK54Gbt9UawB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABYwNdy7cAAAQDAEcwRQIhAL0UgBpmLeXFVE50bIiMURcQnPF3CoOjw9SBs3\/C8fLjAiBjLnb\/fOEZz9WEQh1+78qFXx6KbWaNsClMaCQYoJPctDANBgkqhkiG9w0BAQsFAAOCAQEAMbeQT2gSGbVn\/wOJr1qt3QTHlj0vxjVefxCUz4xqMfjpsq5tPx29LFoKI8jsKX21paTfpgO0Y\/Xl4Op\/f\/WT4ghx2lE3CeIpkDlXLQATo0I+JWSgTHAArpnlVdWj7o0H8Egd\/GuA965Yv9qNv2FebG4mGH8="}
00406{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":29833,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfJAAEAGDIXAqAcHQ9dc0omkAbvdSlzxHWnVp1AQAe1ocwAA"}
02381{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30048,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MFLLbJwbCGoKOl4eCABFAAXcJgRAADgGrr9D11zSwKgHBwG7iaQdadWn3Upc8VAQAO1JHAAARNk9pfZV7I9ElU6SgJxcRHIV94DjSSsWF9RsD5dj1oIWxXbkhtWnQPBZy1BIcYZnDWsisnzgGQ22qgarCJE\/kOuiC\/5jBgh1Q4zfFZk+fnJNhdRb5ktR\/b2Ak6V+ZhvK6coJ4A7Pg8iMpArwd99hSOWOTf45CCKbOkpX2VPk+Bxw1a7nHUsrEsR\/OXsABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAxOTA5MjcwMTQ5MjFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8="}
-02266{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_tot_l4_data_len":5121,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
+02277{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"f6ce47303dce394049af395fc6d0bc20","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}
00407{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30065,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfNAAEAGDITAqAcHQ9dc0omkAbvdSlzxHWnbW1AQAeRocwAA"}
01340{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30085,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"pkt":"MFLLbJwbCGoKOl4eCABFAALaJgVAADgGscBD11zSwKgHBwG7iaQdadtb3Upc8VAYAO3\/JwAAKOeNRji0LOHG2eICEA2S4SYiNapCCj9kLK8AtiOAABgPMjAxOTA5MjcwMTQ5MjFaoBEYDzIwMTkxMDA0MDEwNDIxWjANBgkqhkiG9w0BAQsFAAOCAQEApK6VzrjK91yb6FSVVm\/UiXJhZYa5yYF3BuSeQy4KOiWGoHzO25yWIoH0FK9P35LE\/t9kBs308fazkHhWtvw0ptjB9WpU9h7Z8SbYGMMxTBrQlgXMmEoRkKC4Dlw9WibeiBgph1pcKmDhGh\/6CX6ihWDeoj97y9FDFgP5\/liK4YTZPFFbCLKVxDvBQBBvISewRGImfBRVHuLBKXdyPdUyZZVLGsmdDYkSxveMjpUUB6xcjhskcYbz\/v76DGJG9K78Y0zEbvabxUXt\/6owRMhGHY1G7DzmxHWKvoJicIr1cR2g2TOEd0M3i6XmKuTs82Pyq5VPdsIZiwBdFj3uG2OAVBYDAwFNDAABSQMAF0EEmXhvub5TWRGO0aD\/UlMVL8UfAIdaGsni5keBBubBLyToK6+HMpJvVJMQ+UAHWSWt7qidLl12hCiIPFACyk8GRQQBAQASEWa9eLfY+l9CyIYf6hqCgMSRiAQNOrOBxQI++JmYwD1J+UaeS7A7TFEqiaUs0V+DOiY4KZl3oR+KNU4rp7L7pK\/1LveAIsG2Tt+cVDnfumD7IiyIMhmt87tDeu53rFJPsxSMdfiATBKbvqstwTOoeYM9uqj3o4MAhKo4RPWoa3WQEeWoHPMk1C1JNhZPWsf7uPfdGJWSHNnbNpVvTnmDGdR1sr8nbiL8kDvwFAu+oyqas204\/SFrslbDoenktC2QTvSxmvwpF40+U+3enpiBCM5feYjRkV8TkMU60uxNEQlKCjWc4LTk245i7xa17NwolfS+w26sCo78oYa1VcqyFgMDAAQOAAAA"}
00407{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":30097,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxfRAAEAGDIPAqAcHQ9dc0omkAbvdSlzxHWneDVAQAd9ocwAA"}
00581{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":39098,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"CGoKOl4eMFLLbJwbCABFAACmxfVAAEAGDATAqAcHQ9dc0omkAbvdSlzxHWneDVAYAfVo8QAAFgMDAEYQAABCQQQXnDccjfVZWhqBUucdKddp1G59dDixN1oUPMNrwd\/5+g0DfHVKaOkM7PBEa\/PQ0DStvwqbgxEQhAx2pf\/kyEJVFAMDAAEBFgMDACgAAAAAAAAAAMBOO2LVRDZ5rUhBnMhKrHETxOl4WnHbkdoDiQqlhuRT"}
00451{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"malware.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569579417,"pkt_ts_usec":39640,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"CGoKOl4eMFLLbJwbCABFAABHxfZAAEAGDGLAqAcHQ9dc0omkAbvdSl1vHWneDVAZAfVokgAAFQMDABoAAAAAAAAAARyktu6aPdJhbsX8oiEa2+1Qow=="}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_tot_l4_data_len":6442,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_tot_l4_data_len":413,"flow_min_l4_data_len":64,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":206,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test"}
diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out
index b62c95daf..46518ba69 100644
--- a/test/results/memcached.cap.out
+++ b/test/results/memcached.cap.out
@@ -1,15 +1,15 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534343745954,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1534343745954,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954071,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954090,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="}
00424{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954104,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"}
00436{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954230,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"AAAAAAAAAAAAAAAACABFAAA7pUBAAEAGl3p\/AAABfwAAAejUK8sskd7RyyZ8e4AYAVb+LwAAAQEICikge+4pIHvuc3RhdHMNCg=="}
00424{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954238,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5VAAEAGNS1\/AAABfwAAASvL6NTLJnx7LJHe2IAQAVb+KAAAAQEICikge+4pIHvu"}
01802{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954346,"pkt_caplen":1094,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1094,"pkt_l4_len":1060,"pkt":"AAAAAAAAAAAAAAAACABFAAQ4B5ZAAEAGMSh\/AAABfwAAASvL6NTLJnx7LJHe2IAYAVYCLQAAAQEICikge+4pIHvuU1RBVCBwaWQgODgzNw0KU1RBVCB1cHRpbWUgMTkzDQpTVEFUIHRpbWUgMTUzNDM0Mzc0NA0KU1RBVCB2ZXJzaW9uIDEuNC4xNQ0KU1RBVCBsaWJldmVudCAyLjAuMjEtc3RhYmxlDQpTVEFUIHBvaW50ZXJfc2l6ZSA2NA0KU1RBVCBydXNhZ2VfdXNlciAwLjAwNTM4Mg0KU1RBVCBydXNhZ2Vfc3lzdGVtIDAuMDA2MjgwDQpTVEFUIGN1cnJfY29ubmVjdGlvbnMgMTANClNUQVQgdG90YWxfY29ubmVjdGlvbnMgMTMNClNUQVQgY29ubmVjdGlvbl9zdHJ1Y3R1cmVzIDExDQpTVEFUIHJlc2VydmVkX2ZkcyAyMA0KU1RBVCBjbWRfZ2V0IDANClNUQVQgY21kX3NldCAwDQpTVEFUIGNtZF9mbHVzaCAwDQpTVEFUIGNtZF90b3VjaCAwDQpTVEFUIGdldF9oaXRzIDANClNUQVQgZ2V0X21pc3NlcyAwDQpTVEFUIGRlbGV0ZV9taXNzZXMgMA0KU1RBVCBkZWxldGVfaGl0cyAwDQpTVEFUIGluY3JfbWlzc2VzIDANClNUQVQgaW5jcl9oaXRzIDANClNUQVQgZGVjcl9taXNzZXMgMA0KU1RBVCBkZWNyX2hpdHMgMA0KU1RBVCBjYXNfbWlzc2VzIDANClNUQVQgY2FzX2hpdHMgMA0KU1RBVCBjYXNfYmFkdmFsIDANClNUQVQgdG91Y2hfaGl0cyAwDQpTVEFUIHRvdWNoX21pc3NlcyAwDQpTVEFUIGF1dGhfY21kcyAwDQpTVEFUIGF1dGhfZXJyb3JzIDANClNUQVQgYnl0ZXNfcmVhZCAyMQ0KU1RBVCBieXRlc193cml0dGVuIDIwNTENClNUQVQgbGltaXRfbWF4Ynl0ZXMgNjcxMDg4NjQNClNUQVQgYWNjZXB0aW5nX2Nvbm5zIDENClNUQVQgbGlzdGVuX2Rpc2FibGVkX251bSAwDQpTVEFUIHRocmVhZHMgNA0KU1RBVCBjb25uX3lpZWxkcyAwDQpTVEFUIGhhc2hfcG93ZXJfbGV2ZWwgMTYNClNUQVQgaGFzaF9ieXRlcyA1MjQyODgNClNUQVQgaGFzaF9pc19leHBhbmRpbmcgMA0KU1RBVCBieXRlcyAwDQpTVEFUIGN1cnJfaXRlbXMgMA0KU1RBVCB0b3RhbF9pdGVtcyAwDQpTVEFUIGV4cGlyZWRfdW5mZXRjaGVkIDANClNUQVQgZXZpY3RlZF91bmZldGNoZWQgMA0KU1RBVCBldmljdGlvbnMgMA0KU1RBVCByZWNsYWltZWQgMA0KRU5EDQo="}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_tot_l4_data_len":1243,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1060,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"proto":"Memcached","breed":"Acceptable","category":"Network"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"proto":"Memcached","breed":"Acceptable","category":"Network"}}
00424{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954387,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pUFAAEAGl4B\/AAABfwAAAejUK8sskd7YyyaAf4AQAWb+KAAAAQEICikge+4pIHvu"}
00424{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954689,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pUJAAEAGl39\/AAABfwAAAejUK8sskd7YyyaAf4ARAWb+KAAAAQEICikge+4pIHvu"}
00425{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5dAAEAGNSt\/AAABfwAAASvL6NTLJoB\/LJHe2YARAVb+KAAAAQEICikge+4pIHvu"}
00426{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1534343745,"pkt_ts_usec":954749,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pUNAAEAGl35\/AAABfwAAAejUK8sskd7ZyyaAgIAQAWb+KAAAAQEICikge+4pIHvu"}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_tot_l4_data_len":1371,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1060,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test"}
diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out
index ea5ae5d44..1489bde3f 100644
--- a/test/results/modbus.pcap.out
+++ b/test/results/modbus.pcap.out
@@ -1,7 +1,7 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1223541953927,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1223541953927,"flow_last_seen":0,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541953,"pkt_ts_usec":927963,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1223541953927,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1223541953927,"flow_last_seen":0,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541953,"pkt_ts_usec":929098,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541953,"pkt_ts_usec":929171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"}
00421{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541953,"pkt_ts_usec":930003,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9tAAIAGYIvAqG6KwKhugwH2CBrhFTrZQdLq3lAY+982twAAANIAAAAFAQMCQcg="}
@@ -16,5 +16,5 @@
00425{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541956,"pkt_ts_usec":932270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jAdAAIAGEF7AqG6DwKhuiggaAfZB0usO4RU7EFAY\/IT\/4wAAANcAAAAGAQMAAQAB"}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541956,"pkt_ts_usec":933391,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"AArkxYMKABzAX0kKCABFAAAzPDRAAIAGYDLAqG6KwKhugwH2CBrhFTsQQdLrGlAY+6P+vAAAANcAAAAFAQMCAAA="}
00425{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"modbus.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1223541956,"pkt_ts_usec":933457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jAhAAIAGEF3AqG6DwKhuiggaAfZB0usa4RU7G1AY\/Hn\/1wAAANgAAAAGAQMAAAAB"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_tot_l4_data_len":3213,"flow_min_l4_data_len":31,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test"}
diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out
index f5de662fa..fa9881d94 100644
--- a/test/results/monero.pcap.out
+++ b/test/results/monero.pcap.out
@@ -1,10 +1,10 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196188350,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196188350,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":350524,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":430828,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":430849,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"}
00558{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":430950,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACWe7xAAEAG1ZLAqAKUXhfHv7b2DQVL2\/bbwdgK9oAYAOVlowAAAQEIChyh8F7nhI20eyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiZXUxLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_tot_l4_data_len":242,"flow_min_l4_data_len":32,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196188350,"flow_last_seen":1514196188430,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":514006,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA0hz5AADEG2JJeF8e\/wKgClA0FtvbB2Ar2S9v3PYAQAOM2lgAAAQEICueEjcgcofBe"}
00509{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":514019,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AByhz9AADEG2FNeF8e\/wKgClA0FtvbB2Ar2S9v3PYAYAON+EwAAAQEICueEjcgcofBeeyJpZCI6MSwicmVzdWx0IjpbIjA0ZDU2N2IyMTIiLCAiMDRkNTY3YjIxMiJdLCAiZXJyb3IiOiBudWxsfQo="}
00423{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":514038,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e71AAEAG1fPAqAKUXhfHv7b2DQVL2\/c9wdgLNIAQAOU2AwAAAQEIChyh8LHnhI3I"}
@@ -16,12 +16,12 @@
00425{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196188,"pkt_ts_usec":713014,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA0h0JAADAG2Y5eF8e\/wKgClA0FtvbB2AvRS9v32IAQAOM0SQAAAQEICueEjfscofEC"}
00844{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196189,"pkt_ts_usec":595336,"pkt_caplen":376,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":376,"pkt_l4_len":342,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AFqh0NAADEG11deF8e\/wKgClA0FtvbB2AvRS9v32IAYAOPe8QAAAQEICueEjtccofECeyJpZCI6bnVsbCwibWV0aG9kIjoibWluaW5nLm5vdGlmeSIsInBhcmFtcyI6WyI4YzZmMmQ0YzZkMmM3MDE0ZmIyNiIsIjA0MDAwMDAwIiwiOWUyZmM3NjhiZDE5Nzc1MjhjOGQ2MDk2ZDQ2Mzc2NzU4MTc5ZTI1YmYzMjkzNDI4YjY1ZjEyMDEwMDAwMDAwMCIsIjM1ZDM0MWE4YjE5YTM4Y2Q1ODRjYjU0OTQxODViNGRiZjFhN2VhYTkxYTlmZjY1NDFlODUxZGU1MGNiYzg4YTIiLCIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiYTljYzQwNWEiLCIwOWQ4MTUxYyIsdHJ1ZV19Cg=="}
00426{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196189,"pkt_ts_usec":637809,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e8FAAEAG1e\/AqAKUXhfHv7b2DQVL2\/fYwdgNB4AQAO0uRQAAAQEIChyh9OrnhI7X"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1514196196437,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1514196196437,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196196,"pkt_ts_usec":437568,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="}
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196196,"pkt_ts_usec":745688,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"}
00407{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196196,"pkt_ts_usec":745729,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"}
00542{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196196,"pkt_ts_usec":745906,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACKlthAAEAGw8LAqAKUdNOnw9JWDQXzKAOUFYJfT1AYAOW00gAAeyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiY24xLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="}
-00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_tot_l4_data_len":210,"flow_min_l4_data_len":20,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00414{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196197,"pkt_ts_usec":53838,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"}
00492{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196197,"pkt_ts_usec":53851,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"cIXCQ0+ifmgbW\/gUCABFAABmOQZAACEGQLl006fDwKgClA0F0lYVgl9P8ygD9lAYAOX7pgAAeyJpZCI6MSwicmVzdWx0IjpbIjMzMzZiODBlOGYiLCAiMzMzNmI4MGU4ZiJdLCAiZXJyb3IiOiBudWxsfQo="}
00406{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196197,"pkt_ts_usec":53925,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltlAAEAGxCPAqAKUdNOnw9JWDQXzKAP2FYJfjVAQAOWDkgAA"}
@@ -33,6 +33,6 @@
00416{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196197,"pkt_ts_usec":709341,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQlAACEGQPR006fDwKgClA0F0lYVgmAq8ygEj1AQAOWCXAAAAAAAAAAA"}
00827{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196198,"pkt_ts_usec":363248,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAFeOQpAACEGP71006fDwKgClA0F0lYVgmAq8ygEj1AYAOXjWAAAeyJpZCI6bnVsbCwibWV0aG9kIjoibWluaW5nLm5vdGlmeSIsInBhcmFtcyI6WyIyOWM0YzUxZTI4OGE4Y2EyYzM2NSIsIjA0MDAwMDAwIiwiOWUyZmM3NjhiZDE5Nzc1MjhjOGQ2MDk2ZDQ2Mzc2NzU4MTc5ZTI1YmYzMjkzNDI4YjY1ZjEyMDEwMDAwMDAwMCIsIjM1ZDM0MWE4YjE5YTM4Y2Q1ODRjYjU0OTQxODViNGRiZjFhN2VhYTkxYTlmZjY1NDFlODUxZGU1MGNiYzg4YTIiLCIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiYTljYzQwNWEiLCIwOWQ4MTUxYyIsdHJ1ZV19Cg=="}
00409{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"monero.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196198,"pkt_ts_usec":405805,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAolt1AAEAGxB\/AqAKUdNOnw9JWDQXzKASPFYJhYFAQAO2BHgAA"}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_tot_l4_data_len":8695,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1464,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_tot_l4_data_len":147111,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":540,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test"}
diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out
index ad75726d0..aa0706adf 100644
--- a/test/results/mpeg.pcap.out
+++ b/test/results/mpeg.pcap.out
@@ -1,13 +1,13 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434379491040,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1434379491040,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":40018,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":117076,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="}
00419{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":117149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"yGyHABajPBXCt3IOCABFAAA02wVAAEAGgpnAqFCgLmWdd9n8AFBP68YpjyI6XYAQECCXiwAAAQEIChUohk0Au5va"}
00622{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":117217,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"yGyHABajPBXCt3IOCABFAADI62NAAEAGcafAqFCgLmWdd9n8AFBP68YpjyI6XYAYECBs0gAAAQEIChUohk0Au5vaR0VUIC8wLm1wMyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogV2dldC8xLjE2LjMgKGRhcndpbjE0LjEuMCkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpIb3N0OiBsdWNhLm50b3Aub3JnDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":32,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
00423{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":158095,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":32,"pkt":"PBXCt3IOyGyHABajCABFAAA0obBAADIGye4uZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHamjgAAAQEICgC7m+0VKIZNJ8A="}
02409{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":158121,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"PBXCt3IOyGyHABajCABFAAXQobFAADIGxFEuZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHbYowAAAQEICgC7m+4VKIZNSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDE1IEp1biAyMDE1IDE0OjQ0OjUwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjcgKFVidW50dSkNCkxhc3QtTW9kaWZpZWQ6IE1vbiwgMTUgSnVuIDIwMTUgMTQ6NDQ6MDkgR01UDQpFVGFnOiAiMjJlMC01MTg4ZjdkOTFkMDU4Ig0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNvbnRlbnQtTGVuZ3RoOiA4OTI4DQpLZWVwLUFsaXZlOiB0aW1lb3V0PTUsIG1heD0xMDANCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogYXVkaW8vbXBlZw0KDQr\/84jEADkEaLwBlKAA8DyLQP2F8D5TAOqk8D0AAPHB\/A6CMAOWB3Hn+B3VAH0BAe2OB4lv\/gfkGB8JQHTRABzAPC\/\/\/A4hsAdeB0GQHNQABwAOy5\/\/wOwnA9oEDzQgOeiADiAd16BwDP\/\/4BacDmMAOKaAHWAdFmB1EoHpAgeJ8B0UX\/\/\/4AcgDvvQN0XAPLgcZUBrRgDHQDanwNcPAU9gbhABqRX\/\/\/\/4DGgDYnQDioIkYGOBGpXJwUsJIIJkRHscAgF\/\/\/\/\/\/4dgNvCxUFBYBQQQCEMDbxSwoggmIAiHhthPEgQccI2xmP\/\/wxkGgA3jEH\/GlhDKhrP+6j2Iniv\/9c7zpKAVXAKBiPzcAUYDc0DZg\/EpiA4pcYAGAMAYJ6D\/84jEL0akakAJmKACdlCAE\/+Fk4YLDgwxQWgLbAM2SAzaAG8oGmDfiAAmwQAAyAIaJEwMcBAwQoCrsCiUBpCDe\/fk4QAcAAw8R+fAw4MG8QCwALPAEAgovCAkGjf8GwWHvhYWDd4yYwRC4yZYAeNAzoIDiMAN46CiAFA4EpAGvJgmE\/\/DLgnAVYYAE+BqgS8L7jKh85bHMChcA0SBiyQEkwEogmwDIBwCDgGaIgRFBqsS7\/\/jmGi1IJvZP4lARYPcHeT4ncmioUS4b\/\/\/\/6r+gyajRJE3NSLvpF04iblwkjA1GgS5EyUFpEKBlkigxf+T5wnPx5E\/ENVASG7MWhxomMiavReUCMBau0eT3Vfs1XUyuMM2UXQSNeZ4MjYCkiP\/84jEJ0X0Klyj2HgB0p4BHEUJQJKQGU9Q6zPCVgd1GToxDGQseoEAEya4z04ECLkMAXILwSUcRYx5n0bivT5fA0yyCUnls2SVAN5Yg31QefHoZwlUYRI0j\/E+BmnijyiUyGjBOgMQgIlwrRmE4YXwDqLCMgJaNEwEW\/EZFeQQtoZyEGSzCxHqG4okPonCZvXOpNELLAeUyHDJLkHsfaRcWQm6AJOKQculEa5bDtQ8n6w5rCWhJNBQpZ2FJTv1Y+cNUfxmOtKYtfOq0\/\/\/\/\/\/\/\/\/\/1\/vGdZ+MbveryM8risZv3Cc67\/hMlJJZ5WPcz+FitW9thtVc6o3XnxWeUJSAHCa9FUozINCr1OHVOCZGh6cFPBqVYYDkbwwGz1pjAWnT\/84jEIjwsHmlA09bfPKwfjK5w45kKi5ci4qxBlhUJexnJ1VFSgzNCXlvQwuDpSsqtPJXM8AuScRBQD\/QWB\/N8jQXRbOY6zLL+SslLITImijVbOcDNIb6HH6upJYiuPMqW1X6N5rJ+NA8SHB6IEegTx7Ky9MdR0bSEA6HommBoAygkO0e2nEiCDwKItJAGwJATDQOC4PIiDcIo68fTBQPZPIQ6Tx3mowYIIudSJJTp5qdljLXbF13vuP\/\/\/\/\/\/\/\/\/v4j7mvjimxXVzMOOHaqmrXDNly65ZLXzChpi6tQNKHYV2aj4mSAa6GLvWBA0y8VMGAVPOIvNHRJF\/YalyqZlmKkl2YLWOpujF7cj4TQT0VGCkEEKYyCaIYsJTScI="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_tot_l4_data_len":1796,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}
02444{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":158441,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"PBXCt3IOyGyHABajCABFAAXQobJAADIGxFAuZZ13wKhQoABQ2fyPIj\/5T+vGvYAQAHZBbwAAAQEICgC7m+4VKIZNXHvS\/\/OIxEQ94+5sANve3Qk2fneqyU2SLZGOMr1QStRuMM16MSwhY7hnuy3pA5kIUdzsQxC4pdi2jJSheFacBc1hSPisQafXSmbT3V9jtOeFEQKeIFGUSMgHioC\/nnz6TN0ofqvTiEbVTahS0pzfULw7FZGmYWVVN55rhoVbM9PGcvbE5MarX48KVueXfzvr3rb69M7i\/fxr\/\/\/\/\/\/\/\/\/\/\/\/4\/znOcf096Zx83s8rTF\/fMePPFjwN+JmeBPRRtMKihwhuqsqpHgELc1uwuO2rzS8LNB4NHKzpLZRpdh968oiq2l0iSxMqoo1O3SKCM\/Os74l0sV87KXc42ZhIQjGxrPU8oS5N4nCEoQkDuMI7VAcqFVbVIjYaoipVsWC6pQhZbYR\/\/OIxF88lBpwANPe3f600tKrTKTfOTSq0ulENfuDC3IA5T2Ux3qk6T7ZtrEd4fLMiDJYCxQWOOaSdXQ62dC3M\/mpIneoHKEkSxLlJsdFIt0X8Gkv6blGjzrotl7RqhZX0SeaGtJ6ZUR4759aLbdtZvrOsY\/\/\/\/\/\/\/\/\/\/\/\/\/x6\/ec4x\/nHtDz4kmYfznUHUlGOubw75vaDXVPre94g\/qNqaqWQm7L0JIuqlAJF4HVIYOGu3EoU7y26F\/mYvvADsNxzIa1kOXcyhJ2pUqnHEVxXx4ByIrRzJGMd0E60ah7KaaKXleomM6VawqtYNJdrSE1ZITa3oa4IcPtjsbxc2+HpFmYX8x10qzZUS4VDIS97vD89k\/He8\/W9jjxXFW4TzxD\/\/OIxH88xB50ANve3ZGF+TCAgoYYa5O6GrUMY508hKEOjsSo9Bpoo7zSWlawbJupHFeUKnOVKMqucVK3FQ\/hsKna37Np67qzM6pb7Zxi+Nwa5vj0\/\/\/\/\/\/\/\/\/\/\/\/9P771b++tfzQrwcZt603Ht9uEW9YOKRr21jcP6tmDH1SJJAkhyZlTCV5HDZnurFB1NSG0CwYqM4SM0eSgUCWiAl7vuk6i4i+k\/CrJ2dLmhJUo8gh0qRVIOYyzGIMr2shA6FIdqEoYgDlUS20ukgsHcyJFw0XyzAc5xp5YLuyqRVPmwu7VGOQvl3MQkDYImQQlYt4nYha8HOS8xEIssOaCUyvVrGpEISaFMcVExzja1IZZfUjCSKFoYdS6YR2j1aNJ4wq\/\/OIxJ8+vAZ0ANPe3QfITMnG9V0YlUs7TxfXjC8Z5nDFUaW5WBhJ84YypUtZ3DThHs14pCia3Be19filt5\/1\/\/\/\/\/\/\/\/\/\/8f\/Ocb+\/i28+WuKb+bbrm0a2n0NQwYtv8fP8lpvB9RwSZPFjlMW1ymCBCaqZpEflPOW8YkAjCcMMjn0OBTCXsBALM84JPJhZTIYu7qSwCLisekD+sJk1HKoW6MhcZ+JVNzsGvs2KBJ6vy3TLztbyiEmkrh2JT8Ino20OvK4Gizls5XXHb0ConMrZ1J3aelFULQFWKUKSsHqKkkREsApRsqNeGyDxvAINEcTffxy+DTL2BsDlOQuRzCGp1DlRk7HNF5MRkbsHJGTlIMiijMU0V64MNrsl3NPvoi\/\/OIxLc7k554AuZev6IMRxUVYuWzU8kn+Hv\/rjf3\/jH\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/3rO\/r\/\/NN\/WJ6Ukkds0WYwQ6xllnNXZkVTEEVJnN00+OBYwvNE8mx3HuGgaYzKgnZgwHNJryZMkRkWDZ6VUsQlYBIlEptx+OMoYtNvPdjNZlU7Zwrx9pDrz\/fl82zFnViXyV545fl9+cfuNww82c5K5NNtaq6dKgkFVnFG9Mdq0zGYtIHqf9x0uwbUk7DzyvIkqqmEGiPiGCbCIB7ANEGXx2Ea40AQAKsVoLeaikhlxTRApTMCIG6JHE4dKhOkYOeO81MScK45bjKFAgJTOkwOa5iiYmoxhdJ1IuF5AppMU1ux1b0aLWVb\/\/\/\/\/0="}
00419{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":158466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"yGyHABajPBXCt3IOCABFAAA0lnBAAEAGxy7AqFCgLmWdd9n8AFBP68a9jyJFlYAQD9OL0AAAAQEIChUohnUAu5vu"}
02404{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":159288,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"PBXCt3IOyGyHABajCABFAAXQobNAADIGxE8uZZ13wKhQoABQ2fyPIkWVT+vGvYAQAHaj4AAAAQEICgC7m+4VKIZNT9ejTqSUmv\/ziMTZOxvyeALmYt+ZS02SrQ2eozUggk6Rm6mdTXgLamdsPlS7GmjIWJMqJDRW9w4MJgeYGVp4kzAgGo2I25GCCAbIQiyVbobeQqATPywcZgao8DMUjw5UvKWOQtNl5hRKgtJtwHNdtTahWI1hhSxhQIzrCXOI0BTlLlRWCdO8lq1hSVd520ZQwxMJWhdbrmEDGEEAYawGHXZYo\/ZhAjKmLOo2ZQA0gI1yUzBsBBUFLAACE1QzI4HCo6LhC\/ICnAbaAeIsAjojQxuDQAtOCwoUuING0O8ZJhmxSJQFyEqT47SkQ01E+l8aZAy8RYig3S4dEJDMnRelMvmRJi+J4UGJxE6oJzMixodLhfYixikTRiXEicSTOlVJq6DtS\/\/\/\/\/\/ziMT\/SVw+aADmpNzvU+u1aC0tNRsipUyoH0TqDJInjFEqTa6lIompsk5ubqMkkGcmS9UVyUShwmKmIzuctSA8P4Eli9zBACMwPIzCAE6YDSkAoLMwQI0USV2RyXIzmfgodKF12CPiYEaVBDNpXKYSgkHgCooZvN3QFqxo4yiVw4z1sRfVy3AWDMYSMsCIAKhLLAqFMaRMmFBgRpLyusmmXTBQhAdI3xWDGQoUOBwdLlnjOnAHQZYDmGDoUu\/NJpp3F2lbnMbdrMNNjRVbg15mUSBNBFByXh\/BEGwwCIfS4EoRDg1iITQBR2kAP4HyIBoQxsNg3MUx5LB7Ho8ZkAQqBakfw8DQIg\/nFR2k0hVjrzBR47zcjOXOtpqi1pXNNf\/ziMTsRDv+cALmlt3z8\/8f\/\/\/\/\/\/\/\/31\/+xvy6Fbb8y5VjN98ctbT2LwfrdxdSS4LIFMRCxkwkxDTxYjhgJeFx0pDAYoNiDdsVK0wt2Y5U5uQ\/jQobdbqCMzfNBpK2MMoEI007cDMUwW7QCkoFAJgA8Zch+3SGScepXLlJhyppQZhAqyXnJARlJBujphgKvGZRpsxngsvZK8iiyRCSrTUOL8sxl4GEFsUtVQy1WdCBE5MJX1d1Y87btt8zFqa3JJI5fBMqkMFS+AZQIIsD0A6PjpFAfhGNATASDcQz4IpCkQdID8dgYhEPghAuB4+wXE0Wj0cHokEUfBqOEkgh6NyY4fw\/kIf3FbQ1WeXmhSVptY9Jz2qOrl6E3tf93\/\/\/\/\/\/ziMTuQ1QObALmlt3\/\/\/\/xHzP0+K4c9rocy+mVMcms7vVYgzZb\/UiQtqJJKl7OE6zESzR2F+DvNWBm7dyqJGOfIY8q1vssKZvXmz7g8iM+XqYaPmYwZtJQtNw1TmCGBoQ2WmZazC6Fw0wsgEg5tGwITwuImOkAYFLndxBOFCsChwsDtyGQ0yMvA1GZkMrIXUFwBRUoD0hbTlK3oExYKaczhBcCgaTZZ1dMYtqEmDgrusPY22Fz44uV+W1gKMP5CnFkr6WYOfeVRRjbvrvaeqTqZEEuVEITBJamyKVRhxykP4ix\/mi\/PVCWoWJDG5UmETxzcsIe\/JcS6ApFwn2FCVlnazmXsTK3cdduUZTzwrQJ+9pHZtViR6QMyZvr1zr6xv\/ziMTzR3w2aADe3t3\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/+t0+Le1c73j3r\/u8P2i+99a1753rOcf2iT\/GrScvHLIk1uNlQHOR3h5DL\/v6+5iB0eCSSd\/5YBCQ4JvMiEUm08CEDM9qTh0YiEn3zMORDgzQFCzTlSEAGYyLhwqxyGqohAwoFBAdqEo7lAuYsGoVTLKDABgxgfGghH1oqS4AFzGw4uk\/SchexS19VAYfclYNpkudtciPjB2BJFLiVOvZJFQaanWtKwSXrbrHduOU8erxeilVmAYrG46Sy8CBgA6QJDjcRUgSy8PCo2GhAmggB7GsuDAEwqeRh2NHWUHjQtOnR0EUdxWHgwRskExQ8VvLTh1U6arHFbOObqI="}
@@ -17,5 +17,5 @@
00422{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":160493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"yGyHABajPBXCt3IOCABFAAA0OtBAAEAGIs\/AqFCgLmWdd9n8AFBP68a9jyJWaYAQD9N6+gAAAQEIChUohncAu5vu"}
02410{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":161455,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"PBXCt3IOyGyHABajCABFAAXQobZAADIGxEwuZZ13wKhQoABQ2fyPIlZpT+vGvYAQAHYVzwAAAQEICgC7m+4VKIZNLxLPeV6nXf99nXeO25UCRqFtev\/ziMRJO5QiBADGFt1lt4y3ehfS44MRlUZk0\/QSGda240tmYffh2bdBF\/+QOm3WNxqGqtFF7kXpF3w5JJLasR8f6G46XDvNgTw\/jrNCWHgdLiQKRuBMPQJpeViHlZLHaQRubj4OAR3lR5pxUgz9nAT02BoeH861yJDJqpqLnDZdsov6SiunTETxNqV1\/f03ubiL4\/ZO5vNO2Oe58\/NT9sbstsTsiYfXbava633U0yc8xUOqgmG0p0vweE5ZxMoqMKQbHRWKP88aib0q4YisEyhW161usTYmzBnkw8DwL4pHUM8SCC4KNzaDsR4+S7jrN1OoxQJdCz8WziOBVsxrRlc4KJTlsPByV8RWrLpDD+YTROcm7GcCQOuOTGDIpUNN4\/\/ziMRtPNQuAAFZeAHREFghNDAT5kYD4hryhTrgzQFe+bDjeG4ikupFGvo7W0PmpGUititkjmZKeQ5UVlgR4VmVTr8qsc8wNNLZRj0\/iN0SLPmFa3rmFDvbN5vL\/G1mtveud+n9vu28at7e9\/PJjyXz96pvW77l1nEX+2c2zfFvvP1Wv1bWq4pW1L51TOd6iZp4sOqka4awxYfMEEMKaetRlRfEDRneTGJYFAjAHNSIq+oUQ5YHmizEozPOUSVbBIOIABeiHzApAVKMQDYuZMIYYac0yIIlHpuZcNPtW5NwGB0HTCjgw4aAsNMUOCCN55S09d7dlLBCMFC4oGjRhyQVMgUKqUtcCSQMFmbFxJxPdxsquwwwYUYXpdgaKig8yP\/ziMSMYDxqQAGZ0AAAM0rGShghoOYAlO9pMTM0oBoFLtkkMRR330cRcZRkN2PMuJAAxZLdCJGgDBK4HGgSRMYQLnEzg2z8WPAqUFUjTI3Qy5+F+RuowNOusoODWJfYiRCyA3bMyZ0xRhiZjAI4SDj8CLBkA03gJ+jRgScMMAzNxAMBTxiAoQZffXXPWIfuWOf3v\/5IAXcwpaXF1LAP79XK3+HmMGEAFDxSldambDGuValHc\/nf\/\/+3rC3UsajFi5DE5LOd\/87uVV7pZD0uj8BP\/DLdG3Za0dWNMTms61Wo6j6uq4bkM\/aQriRX2cpzMnZ5L\/z\/\/\/\/bgwOCP\/\/\/28W9T0UP9CxommOwv4kA9atYSULbikxC4oaI\/RymILguS\/\/ziMQeQzRCbAGPeACiwRsgAFVmDTRpPxbQgAZR2jNPUcZvjhEBAbGkvyomMonApBfSatJASCi4C9Yj+QxwEKQCbMQ\/wgbgb6HhoF7YiYo8TwLUUaLHwc6CPOQgxiFMdZnjwTT0RVVLgmqhbRlF6JnBLsc5JImUoPSfp1HDYti5N8kRdFoXc1z1Oct68YaoK5BOCgfFzLycNFs1ilJmXEykWtPAXxzxj+TekmuDLgt8ZHLpRU3PWlf\/+XCq7gKWLSbWfv\/q+NBdtjZv5\/\/\/\/+Pu\/zLWDFr8Xh6ff7\/rf0nplvs+jTRIO\/\/j69neL7h3+WbO9VtL\/\/\/PU7lgfQCIwLqQcmaKFuPwqj\/IQS4\/pAj4uhfEKb0ePERgQNVJeEcyFP\/ziMQkQVRqaAOPeABmJZS3OFOk3JopmdDW1SGaQVJCBMCWThiAe1CklbCjOIBWAXk7VBhFxoAwGWFYWFhUJhE9SqeEjDjDeIEBoF6GoPspCaCKJEfhC24fQapihl9UxQnOiyTn4ZygIMOAhBzixnsxEOD9HmepBkE+hp2DAjVJSQYlxNl0p47AbIaa6QoeLU1pcyUuhh9nMV6PbbdEi2ktq3OUKNms6uY8rqLErr1\/\/UMVWxdfNcbx\/\/WvzX\/OM6\/\/\/x8b\/3eese00eST2\/z6+2\/6Z9rRVbuL\/86x\/86xn\/P3a38uP\/\/559f\/\/5e1VdFUrLY4uZlzRQIUzHSubqqV1Zp\/pWnKXhf8="}
01235{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mpeg.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1434379491,"pkt_ts_usec":161458,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"pkt":"PBXCt3IOyGyHABajCABFAAKLobdAADIGx5AuZZ13wKhQoABQ2fyPIlwFT+vGvYAYAHY9pgAAAQEICgC7m+4VKIZNQSlxWCwU16Cy6pgGmFF2UpCoOqaxROb\/84jEMUn8QdgB2MAAQDNNj0WmX9nE0jCg1oW6XOMYC+UXazArSkxoOZUxKXtZdVuwJAYxJ0vUkMkUsZxr8pf2Xd1TWplcpd0tq2zSVivzEnelaPJeGH0EqKMOJfJ1MbMTThFAckaYAloVczkNQ9Gn1ZyzmHajtNaXcy6DEvkinWgFdrLaR2n9jMMv7LaBgSEpAM4rpKBKDMSi0RYasWHpl2Xdh2zWhp\/rM1Gpda3SxmM5VaWl5qtTWsdZVsu1YzGbVWlpbP1qamx1lll3dWly\/eOOP5ZY\/\/\/rLLL8ssvx5+X\/+OP5U1NytTZfjz9Y\/rLLLcpjNrdLS2cf\/94444\/WppVS4kxBTUUzLjgyqqqqqqqqqqqqqqqqqqqqqqqqqqr\/84jEAAAAA0gAAAAATEFNRTMuODKqqqqqqqqqqqqqqqpMQU1FMy44Mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_tot_l4_data_len":9991,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":525,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test"}
diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out
index 32f948cbe..c20dc728d 100644
--- a/test/results/mssql_tds.pcap.out
+++ b/test/results/mssql_tds.pcap.out
@@ -1,24 +1,24 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1240877917888,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1240877917888,"flow_last_seen":0,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00683{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1240877917,"pkt_ts_usec":888015,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1240877917888,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1240877917888,"flow_last_seen":0,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00476{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1240877917,"pkt_ts_usec":888358,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00821{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1240877917,"pkt_ts_usec":918653,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="}
00908{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1240877918,"pkt_ts_usec":29044,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"AFBWwAABAAwpiUrKCABFAAGaA29AAIAGchAKAAABCm9vbwWZBFdZIVC0PuQw2IAYQImkmQAAAQEICgABW84EC7DnBAEBZgA1AQCBBAAAAAAACQDvPAAJBNAANARuAGEAbQBlAAAAAAAJAO88AAkE0AA0B3MAdQByAG4AYQBtAGUAAAAAAAkA71AACQTQADQEYwBpAHQAeQAAAAAACAA4AmkAZADRPAB6AHoAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAA8AGIAYgBiACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAYwB4AHgAeAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAACAAAA\/xEAwQABAAAAAAAAAHkAAAAArAAAAAEAAAAAAAAmBAQBAAAA\/gAA4AAAAAAAAAAAAA=="}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_tot_l4_data_len":1002,"flow_min_l4_data_len":66,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1259762400004,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1240877917888,"flow_last_seen":1240877918029,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":874,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1259762400004,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":4437,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1259762400004,"flow_last_seen":0,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":64,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":64,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1259762400004,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00432{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":4540,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"ABj+dhvGERERERESCABFAAA5AAhAAEAGttgKAAABCm9vbwWZCK7\/OU5T\/8pj8lAYEABYKQAABAEAEQE6AQD9AADVAAAAAAA="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00658{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":22561,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"pkt":"ABj+dhvGERERERESCABFAADhAAlAAEAGti8Kb29vCgAAAQ0FBZmoWe0S76GBTlAYEAB74gAAAwkAuQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAADgBwAF8ARwBlAHQAQgBvAGcAdQBzAEQAYQB0AGEAAAALQABTAGUAYQByAGMAaABUAHkAcABlAAAmAQEBFUAATQBhAHgAVwBhAGkAdABUAGkAbQBlAEkAbgBTAGUAYwBvAG4AZABzAAAmBAQAAAAAE0AAUAByAG8AYwBlAHMAcwBOAGUAZwBhAHQAaQB2AGUAQQBjAGsAACYBAQA="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":1102,"flow_max_l4_data_len":1102,"flow_avg_l4_data_len":1102,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01857{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":33701,"pkt_caplen":1136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1136,"pkt_l4_len":1102,"pkt":"ABj+dhvGERERERESCABFAARiAAxAAEAGsqsKb29vCgAAARFcBZmNJzZmudpdulAYEAAslQAAAwkEOgAAAQANAHMAcABfAGUAeABlAGMAdQB0AGUAcwBxAGwAAgAAAOemAwkE0AA0pgNTAEUATABFAEMAVAAgAFQATwBQACAAOAA4ACAAWwBkAGIAbwBdAC4AWwBNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAXQAuAFsASQBEAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEUAbgB0AGkAdAB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBIAGkAcwB0AG8AcgB5AEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBUAHkAcABlAEkARABdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0ALAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACwAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBPAHAAZQByAGEAdABpAG8AbgBUAHkAcABlAEkARABdACAARgBSAE8ATQAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0AIAAgAFcASABFAFIARQAgACgAIAAoACAAKAAgAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEgAYQBuAGQAbABpAG4AZwBTAHQAYQB0AHUAcwBdACAAPQAgAEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAKQApACkAIABPAFIARABFAFIAIABCAFkAIABbAGQAYgBvAF0ALgBbAE0AeQBFAHgAYQBtAHAAbABlAFQAYQBiAGwAZQBdAC4AWwBFAG4AdABpAHQAeQBWAGUAcgBzAGkAbwBuAF0AIABBAFMAQwAsAFsAZABiAG8AXQAuAFsATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAF0ALgBbAEkARABdACAAQQBTAEMAAADnMAAJBNAANDAAQABIAGEAbgBkAGwAaQBuAGcAUwB0AGEAdAB1AHMAMQAgAHQAaQBuAHkAaQBuAHQAEEAASABhAG4AZABsAGkAbgBnAFMAdABhAHQAdQBzADEAACYBAQA="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":1102,"flow_max_l4_data_len":1102,"flow_avg_l4_data_len":1102,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1259762400716,"flow_last_seen":0,"flow_tot_l4_data_len":210,"flow_min_l4_data_len":210,"flow_max_l4_data_len":210,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1259762400716,"flow_last_seen":0,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00668{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":716204,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"AAwp2\/PSAB3lNE84CABFAADmQ4pAAH8GM6kKb29vCgAAARWzBZmoeiv6Zz8h41AY96R0ygAAAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1259762400716,"flow_last_seen":0,"flow_tot_l4_data_len":210,"flow_min_l4_data_len":210,"flow_max_l4_data_len":210,"flow_avg_l4_data_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1259762400716,"flow_last_seen":0,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
00459{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":730846,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"AAAMB6wCAAwp2\/PSCABFAABKJJBAAIAGUj8KAAABCm9vbwWZFbNnPyHjqHosuFAY+DP7pwAABAEAIgAzAQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="}
00758{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762400,"pkt_ts_usec":747372,"pkt_caplen":307,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":307,"pkt_l4_len":273,"pkt":"AAwp2\/PSAB3lNE84CABFAAElQ4tAAH8GM2kKb29vCgAAARWzBZmoeiy4Zz8iBVAY94KXAwAAAwEA\/QAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANP\/\/AADnQB8JBNAANLgAYwByAGUAYQB0AGUAIAB0AGEAYgBsAGUAIABuAGUAdwBzAHkAYgAgACgAYwBvAGwAdQBtAG4AMQAgAGMAaABhAHIAKAAzADAAKQAgAG4AbwB0ACAAbgB1AGwAbAAsACAAYwBvAGwAdQBtAG4AMgAgAGMAaABhAHIAKAAzADAAKQAgAG4AdQBsAGwALABjAG8AbAB1AG0AbgAzACAAYwBoAGEAcgAoADMAMAApACAAbgB1AGwAbAApAA=="}
00489{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762401,"pkt_ts_usec":224921,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"AAAMB6wCAAwp2\/PSCABFAABhJJFAAIAGUicKAAABCm9vbwWZFbNnPyIFqHottVAY9zYDBAAABAEAOQAzAQD\/AQDGAAAAAAAAAAAAeQAAAACsAAAAAQAAAAAAACYEBAEAAAD+AADgAAAAAAAAAAAA"}
@@ -33,9 +33,9 @@
00475{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762405,"pkt_ts_usec":827627,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"AAwp2\/PSAB3lNE84CABFAABVQ\/hAAH8GM8wKb29vCgAAARWzBZmoei9IZz8kfVAY\/ABLvwAAAwEALQAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8MAAAAAAAmBAQDAAAA"}
00975{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762405,"pkt_ts_usec":864112,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"pkt":"AAAMB6wCAAwp2\/PSCABFAAHMJJVAAIAGULgKAAABCm9vbwWZFbNnPyR9qHovdVAY9XacmAAABAEBpAAzAQCBAwAAAAAACACvHgAJBNAANAdjAG8AbAB1AG0AbgAxAAAAAAAJAK8eAAkE0AA0B2MAbwBsAHUAbQBuADIAAAAAAAkArx4ACQTQADQHYwBvAGwAdQBtAG4AMwDRHgBmaXJzdCAgICAgICAgICAgICAgICAgICAgICAgICAeAHNlY29uZCAgICAgICAgICAgICAgICAgICAgICAgIB4AdGhpcmQgICAgICAgICAgICAgICAgICAgICAgICAg0R4AZmlyc3QgICAgICAgICAgICAgICAgICAgICAgICAgHgBzZWNvbmQgICAgICAgICAgICAgICAgICAgICAgICAeAHRoaXJkICAgICAgICAgICAgICAgICAgICAgICAgINEeAGZpcnN0ICAgICAgICAgICAgICAgICAgICAgICAgIB4Ac2Vjb25kICAgICAgICAgICAgICAgICAgICAgICAgHgB0aGlyZCAgICAgICAgICAgICAgICAgICAgICAgICD\/EQDBAAMAAAAAAAAAeQAAAAD+AADgAAAAAAAAAAAA"}
00419{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762406,"pkt_ts_usec":48909,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AAwp2\/PSAB3lNE84CABFAAAoRAdAAH8GM+oKb29vCgAAARWzBZmoei91Zz8mIVAQ+lyw\/AAAAAAAAAAA"}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":1102,"flow_max_l4_data_len":1102,"flow_avg_l4_data_len":1102,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1259762474884,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1259762400022,"flow_last_seen":0,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":3333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1259762400033,"flow_last_seen":0,"flow_min_l4_payload_len":1082,"flow_max_l4_payload_len":1082,"flow_tot_l4_payload_len":1082,"flow_avg_l4_payload_len":1082,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":4444,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1259762474884,"flow_last_seen":0,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02370{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884131,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3m9AAIAGks0Kb29vCgAAARoKBZn0doxX83WfcFAQ\/vLIiAAAAwQfQAAAAQAWAAAAEgAAAAIAJgAAAJ0AAAABAAAADQBwAF8AUwBhAHYAZQBFAHgAYQBtAHAAbABlAAAACkAATABvAG4AZwBQAGEAcgBhAG0AAOf\/\/wkE0AA0BCAAAAAAAAAEIAAAUwB0AHUAZABlAG4AYwBrAGkAZQAgAEsAbwBCAW8AIABQAHIAegBlAHcAbwBkAG4AaQBrAPMAdwAgAFQAdQByAHkAcwB0AHkAYwB6AG4AeQBjAGgAIAB3ACAARwBkAGEARAFzAGsAdQAKAHoAYQBwAHIAYQBzAHoAYQAgAG4AYQA6AAoAWABYAFgAVgAgAE4AbwBjAG4AZQAgAE0AYQByAHMAegBlACAAbgBhACAATwByAGkAZQBuAHQAYQBjAGoAGQEgACIARABhAHIAfAFsAHUAYgAiAAoAMAA0AC8AMAA1ACAAZwByAHUAZABuAGkAYQAgADIAMAAxADAACgAKAFcAcwB0ABkBcAAKAAoATgBvAGMAbgBlACAATQBhAHIAcwB6AGUAIABuAGEAIABPAHIAaQBlAG4AdABhAGMAagAZASAAIgBEAGEAcgB8AWwAdQBiACIAIABzAAUBIAB0AHUAcgB5AHMAdAB5AGMAegBuAAUBIABpAG0AcAByAGUAegAFASAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgACgASQBuAE8AKQAsACAAdwAgAGsAdADzAHIAZQBqACAAdQBjAHoAZQBzAHQAbgBpAGMAeQAgAG0AYQBqAAUBIAB6AGEAIAB6AGEAZABhAG4AaQBlACAAcABvAHQAdwBpAGUAcgBkAHoAaQAHASAAdwAgAG8AawByAGUAWwFsAG8AbgB5AG0AIABsAGkAbQBpAGMAaQBlACAAYwB6AGEAcwB1ACAAcwB3AG8AagAFASAAbwBiAGUAYwBuAG8AWwEHASAAcAByAHoAeQAgAHUAcwB0AGEAdwBpAG8AbgB5AGMAaAAgAHcAIAB0AGUAcgBlAG4AaQBlACAAcAB1AG4AawB0AGEAYwBoACAAawBvAG4AdAByAG8AbABuAHkAYwBoAC4AIABOAGEAIABkAGEAbgBlAGoAIAB0AHIAYQBzAGkAZQAgAHoAdwB5AGMAaQAZAXwBYQAgAHoAZQBzAHAA8wBCASwAIABrAHQA8wByAHkAIAB6AGEAIABwAG8AawBvAG4AYQBuAGkAZQAgAHQAcgBhAHMAeQAgAHUAegB5AHMAawBhAEIBIABuAGEAagBtAG4AaQBlAGoAcwB6AAUBIABsAGkAYwB6AGIAGQEgAHAAdQBuAGsAdADzAHcAIABrAGEAcgBuAHkAYwBoAC4AIABVAGMAegBlAHMAdABuAGkAawDzAHcAIABvAGIAbwB3AGkABQF6AHUAagBlACAAegBtAG8AZAB5AGYAaQBrAG8AdwBhAG4AeQAgAHIAZQBnAHUAbABhAG0AaQBuACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AGMAaAAgAGkAbQBwAHIAZQB6ACAAbgBhACAAbwByAGkAZQBuAHQAYQBjAGoAGQEgAFAAVABUAEsALgAKAAoAVAB5AG0AIAByAGEAegBlAG0AIAB0AG8AdwBhAHIAegB5AHMAegB5AAcBIABuAGEAbQAgAGIAGQFkAHoAaQBlACAAYQBnAGUAbgB0ACAAMAAwADcALAAgAEoAYQBtAGUAcwAgAEIAbwBuAGQALgAgAFoAZABvAGIABQFkAHoBYwBpAGUAIABsAGkAYwBlAG4AYwBqABkBIABuAGEAIAB6AGEAYgBCAQUBZAB6AGUAbgBpAGUAIQAKAAoASgBhAGsAIABjAG8AIAByAG8AawB1ACAAbwBkAGIAGQFkAHoAaQBlACAAcwBpABkBIABrAG8AbgBrAHUAcgBzACAAbgBhACAAbgBhAGoAbAA="}
02368{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884281,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nBAAIAGkswKb29vCgAAARoKBZn0dpIL83WfcFAQ\/vKFNgAAZQBwAHMAegAFASAAbgBhAHoAdwAZASAAegBlAHMAcABvAEIBdQAgAG4AYQB3AGkABQF6AHUAagAFAWMABQEgAGQAbwAgAHQAZQBtAGEAdAB1ACAAcAByAHoAZQB3AG8AZABuAGkAZQBnAG8AIABpAG0AcAByAGUAegB5AC4ACgAKADEALgAgAE8AcgBnAGEAbgBpAHoAYQB0AG8AcgAgAGkAbQBwAHIAZQB6AHkACgAKAFMAdAB1AGQAZQBuAGMAawBpAGUAIABLAG8AQgFvACAAUAByAHoAZQB3AG8AZABuAGkAawDzAHcAIABUAHUAcgB5AHMAdAB5AGMAegBuAHkAYwBoACAAdwAgAEcAZABhAEQBcwBrAHUALAAgAGQAegBpAGEAQgFhAGoABQFjAGUAIABwAHIAegB5ACAATwBkAGQAegBpAGEAbABlACAAUwB0AHUAZABlAG4AYwBrAGkAbQAgAFAAVABUAEsALgAKAEEAZAByAGUAcwA6ACAAdQBsAC4AIABTAGkAZQBkAGwAaQBjAGsAYQAgADQALAAgADgAMAAtADIAMgAyACAARwBkAGEARAFzAGsALAAgAGUALQBtAGEAaQBsADoAIABzAGsAcAB0AEAAcwBrAHAAdAAuAGcAZABhAG4AcwBrAC4AcABsACwAIAB3AHcAdwAuAHMAawBwAHQALgBnAGQAYQBuAHMAawAuAHAAbAAKAAoAMgAuACAAVwBzAHAA8wBCAXAAcgBhAGMAYQAgAGkAIABzAHAAbwBuAHMAbwByAHoAeQAKAAoAIAAgACAAIAAqACAAZgBpAHIAbQBhACAAYwBhAHQAZQByAGkAbgBnAG8AdwBhACAAWQBlAGwAbABvAHcAIABDAGEAdABlAHIAaQBuAGcACgAgACAAIAAgACoAIABTAHQAbwB3AGEAcgB6AHkAcwB6AGUAbgBpAGUAIABOAGEAIABSAHoAZQBjAHoAIABSAGEAdABvAHcAbgBpAGMAdAB3AGEAIABBAGQAaQB1AHQAYQByAGUACgAgACAAIAAgACoAIABwAHIAbwBkAHUAYwBlAG4AdAAgAFsBcABpAHcAbwByAPMAdwAgAGkAIABvAGQAegBpAGUAfAF5ACAAcAB1AGMAaABvAHcAZQBqACAAUgBvAGIAZQByAHQAJwBzACAATwB1AHQAZABvAG8AcgAgAEUAcQB1AGkAcABtAGUAbgB0AAoAIAAgACAAIAAqACAAcwBrAGwAZQBwACAAegAgAG8AZAB6AGkAZQB8AQUBIABpACAAcwBwAHIAegAZAXQAZQBtACAAdAB1AHIAeQBzAHQAeQBjAHoAbgB5AG0AIABUAHIAZQBrAAoAIAAgACAAIAAqACAAVwB5AGQAYQB3AG4AaQBjAHQAdwBvACAARQBrAG8ALQBLAGEAcABpAG8AIABQAGkAbwB0AHIAIABLAGEAcABjAHoAeQBEAXMAawBpAAoAIAAgACAAIAAqACAAUwBrAGwAZQBwACAAZwDzAHIAcwBrAGkAIABFAC0AcABhAG0AaQByAC4AcABsAAoAIAAgACAAIAAqACAAVABlAGEAdAByACAATQBpAGUAagBzAGsAaQAgAHcAIABHAGQAeQBuAGkAIABpAG0ALgAgAFcALgAgAEcAbwBtAGIAcgBvAHcAaQBjAHoAYQAKACAAIAAgACAAKgAgAFcAcwBwAGkAbgBhAGwAbgBpAGEAIABBAGwAZgBhACAAQwBlAG4AdAByAHUAbQAKACAAIAAgACAAKgAgAFAAaQBlAGsAYQByAG4AaQBhAC0AQwB1AGsAaQBlAHIAbgBpAGEAIABLAHIAYQBzAGsAbwB3AHMAawBpAAoACgAKADMALgAgAE4AbwB3AG8AWwFjAGkAIAB3ACAAdABlAGoAIABlAGQAeQBjAGoAaQAKAAoAIAA="}
02369{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884380,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nFAAIAGkssKb29vCgAAARoKBZn0dpe\/83WfcFAQ\/vIuZwAAIAAgACAAKgAgAEwAaQBjAHoAYgBhACAAdAByAGEAcwAgAFQAcgB1AGQAbgB5AGMAaAAgAHoAbwBzAHQAYQBCAWEAIABvAGcAcgBhAG4AaQBjAHoAbwBuAGEAIABkAG8AIABkAHcA8wBjAGgALAAgAGEAIABuAGEAIAB0AHIAYQBzAGkAZQAgAE0AYQBCAW8AIABUAHIAdQBkAG4AZQBqACAAegB3AGkAGQFrAHMAegB5AGwAaQBbAW0AeQAgAGwAaQBtAGkAdAAgAG8AcwDzAGIAIAB3ACAAegBlAHMAcABvAEIBYQBjAGgAIABkAG8AIABwAGkAGQFjAGkAdQAuACAASgBlAGQAbgBvAGMAegBlAFsBbgBpAGUAIABpAG4AZgBvAHIAbQB1AGoAZQBtAHkALAAgAHwBZQAgAHoAdwB5AGMAaQAZAXMAawBpAGUAIABkAHIAdQB8AXkAbgB5ACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAG8AdAByAHoAeQBtAGEAagAFASAAbgBhAGcAcgBvAGQAeQAgAGoAYQBrAG8AIABvAHMAdABhAHQAbgBpAGUALAAgAHAAbwAgAHoAdwB5AGMAaQAZAXoAYwBhAGMAaAAgAHcAcwB6AHkAcwB0AGsAaQBjAGgAIABwAG8AegBvAHMAdABhAEIBeQBjAGgAIAB0AHIAYQBzAC4AIABaAGEAYwBoABkBYwBhAG0AeQAgAGQAbwAgAHUAYwB6AGUAcwB0AG4AaQBjAHQAdwBhACAAbgBhACAAdABlAGoAIAB0AHIAYQBzAGkAZQAgAHIAbwBkAHoAaQBuAHkAIAB6ACAAZAB6AGkAZQAHAW0AaQAuAAoAIAAgACAAIAAqACAAUABvAGQAbgBpAGUAcwBpAG8AbgBhACAAegBvAHMAdABhAEIBYQAgAHcAeQBzAG8AawBvAFsBBwEgAHcAcABpAHMAbwB3AGUAZwBvACAAZABsAGEAIAB6AGUAcwBwAG8AQgHzAHcAIAB6AGEAcABpAHMAdQBqAAUBYwB5AGMAaAAgAHMAaQAZASAAcAByAHoAZQB6ACAASQBuAHQAZQByAG4AZQB0ACAAaQAgAHcAeQBuAG8AcwBpACAAbwBiAGUAYwBuAGkAZQAgADIANQAgAFAATABOAC4ACgAgACAAIAAgACoAIABQAG8AZABuAGkAZQBzAGkAbwBuAGEAIAB6AG8AcwB0AGEAQgFhACAAdABhAGsAfAFlACAAdwB5AHMAbwBrAG8AWwEHASAAdwBwAGkAcwBvAHcAZQBnAG8AIABkAGwAYQAgAHoAZQBzAHAAbwBCAfMAdwAgAHUAaQBzAHoAYwB6AGEAagAFAWMAeQBjAGgAIABvAHAAQgFhAHQAGQEgAHcAIABiAGEAegBpAGUAIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABsAHUAYgAgAHoAYQBwAGkAcwB1AGoABQFjAHkAYwBoACAAcwBpABkBIAB3ACAAZABuAGkAdQAgAGkAbQBwAHIAZQB6AHkAIABpACAAdwB5AG4AbwBzAGkAIABvAGIAZQBjAG4AaQBlACAANAAwACAAUABMAE4ALgAKACAAIAAgACAAKgAgAE0AaQBlAGoAcwBjAGUAIABzAHQAYQByAHQAdQAgAG8AZwBCAW8AcwB6AG8AbgBlACAAegBvAHMAdABhAG4AaQBlACAAdwAgAGQAbgBpAHUAIABpAG0AcAByAGUAegB5ACAAbwAgAGcAbwBkAHoAaQBuAGkAZQAgADAAOQA6ADAAMAAuAAoAIAAgACAAIAAqACAASQBzAHQAbgBpAGUAagBlACAAbQBvAHwBbABpAHcAbwBbAQcBIABzAGsAbwByAHoAeQBzAHQAYQBuAGkAYQAgAHoAIAB0AHIAYQBuAHMAcAA="}
@@ -43,32 +43,32 @@
02369{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884630,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAXc3nNAAIAGkskKb29vCgAAARoKBZn0dqMn83WfcFAQ\/vIv\/wAALgBwAGwALwBkAGEAcgB6AGwAdQBiAC4AIABTAHQAYQByAHQAeQAgAGkAIABtAGUAdAB5ACAAdwBzAHoAeQBzAHQAawBpAGMAaAAgAHQAcgBhAHMAIABtAGEAcgBzAHoAdQAgAGIAGQFkAAUBIAB3ACAAYgBhAHoAaQBlACAAaQBtAHAAcgBlAHoAeQAuACAARABvAGoAYQB6AGQAIABpACAAcABvAHcAcgDzAHQAIABiABkBZAAFASAAbQBvAHwBbABpAHcAZQAgAHQAcgBhAG4AcwBwAG8AcgB0AGUAbQAgAHAAdQBiAGwAaQBjAHoAbgB5AG0ALAAgAHQAcgBhAG4AcwBwAG8AcgB0AGUAbQAgAHUAZABvAHMAdAAZAXAAbgBpAGEAbgB5AG0AIABwAHIAegBlAHoAIABvAHIAZwBhAG4AaQB6AGEAdABvAHIAYQAgAGwAdQBiACAAdwBlACAAdwBCAWEAcwBuAHkAbQAgAHoAYQBrAHIAZQBzAGkAZQAuAAoACgA1AC4AIABLAGEAdABlAGcAbwByAGkAZQAgAHMAdABhAHIAdABvAHcAZQAKAAoAVQBjAHoAZQBzAHQAbgBpAGMAeQAgAGkAbQBwAHIAZQB6AHkAIAB6AGcAQgFhAHMAegBhAGoABQEgAHMAaQAZASAAaQAgAHMAdABhAHIAdAB1AGoABQEgAHcAIAB6AGUAcwBwAG8AQgFhAGMAaAAgAGoAZQBkAG4AbwAsACAAZAB3AHUAIABsAHUAYgAgAGUAdwBlAG4AdAB1AGEAbABuAGkAZQAgAHQAcgB6AHkAbwBzAG8AYgBvAHcAeQBjAGgALgAgAFcAeQBqAAUBdABlAGsAIABzAHQAYQBuAG8AdwBpACAAdAByAGEAcwBhACAATQBhAEIBbwAgAFQAcgB1AGQAbgBhACwAIABuAGEAIABrAHQA8wByAGUAagAgAG0AbwB8AW4AYQAgAHMAdABhAHIAdABvAHcAYQAHASAAdwAgAHoAZQBzAHAAbwBCAWEAYwBoACAAbQBhAGsAcwB5AG0AYQBsAG4AaQBlACAAcABpABkBYwBpAG8AbwBzAG8AYgBvAHcAeQBjAGgALgAgAFAAcgB6AHkAbgBhAGoAbQBuAGkAZQBqACAAagBlAGQAbgBhACAAbwBzAG8AYgBhACAAdwAgAHoAZQBzAHAAbwBsAGUAIABtAHUAcwBpACAAYgB5AAcBIABwAGUAQgFuAG8AbABlAHQAbgBpAGEALgAgAE0AaQBuAHUAdAB5ACAAcwB0AGEAcgB0AG8AdwBlACAAegBlAHMAcABvAEIB8wB3ACAAcwAFASAAcAByAHoAeQBkAHoAaQBlAGwAYQBuAGUAIAB3ACAAZAByAG8AZAB6AGUAIABsAG8AcwBvAHcAYQBuAGkAYQAgAGkAIABvAGcAQgFhAHMAegBhAG4AZQAgAHAAcgB6AGUAZAAgAGkAbQBwAHIAZQB6AAUBLgAgAEQAQgF1AGcAbwBbAWMAaQAgAHQAcgBhAHMAIABwAG8AZABhAG4AbwAgAHcAIABsAGkAbgBpAGkAIABwAHIAbwBzAHQAZQBqACAAcABvAG0AaQAZAWQAegB5ACAAcAB1AG4AawB0AGEAbQBpACwAIAB6ACAAdQB3AHoAZwBsABkBZABuAGkAZQBuAGkAZQBtACAAdAByAHUAZABuAHkAYwBoACAAZABvACAAcAByAHoAZQBiAHkAYwBpAGEAIABwAHIAegBlAHMAegBrAPMAZAAgAHQAZQByAGUAbgBvAHcAeQBjAGgALgAKAAoANQAuADEALgAgAEUAawBzAHQAcgBlAG0AYQBsAG4AYQAgACgARQApACAALQAgACgAbwBrAC4AIAAyADUAIABrAG0AKQAgAC0AIAAiAHsBeQBqAGUAIABzAGkAGQEgAHQAeQA="}
01353{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884680,"pkt_caplen":754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":754,"pkt_l4_len":720,"pkt":"ABI\/\/61OABI\/\/6f2CABFAALk3nRAAIAGlcAKb29vCgAAARoKBZn0dqjb83WfcFAY\/vI90QAAbABrAG8AIABkAHcAYQAgAHIAYQB6AHkAIgAgAC0AIABTAHQAdwBvAHIAegBvAG4AYQAgAHoAIABtAHkAWwFsAAUBIABvACAAZQBrAHMAcABlAHIAdABhAGMAaAAgAG8AcgBpAGUAbgB0AGUAcgBpAG4AZwB1ACwAIABrAHQA8wByAHoAeQAgAHcAeQBiAGkAZQByAGEAagAFAWMAIAB0ABkBIAB0AHIAYQBzABkBIAB3AGkAZQBkAHoABQEgAG4AYQAgAGMAbwAgAHMAaQAZASAAZABlAGMAeQBkAHUAagAFAS4AIABUAHIAYQBzAGEAIABqAGUAcwB0ACAAbgBhAGoAZABCAXUAfAFzAHoAYQAsACAAbQBhACAAbgBhAGoAdwBpABkBawBzAHoAZQAgAHAAcgB6AGUAdwB5AHwBcwB6AGUAbgBpAGEAIABvAHIAYQB6ACAAbgBhAGoAdAByAHUAZABuAGkAZQBqACAAZABvAHMAdAAZAXAAbgBlACAAcAB1AG4AawB0AHkAIAB0AGUAcgBlAG4AbwB3AGUALgAgAEQAbwBkAGEAdABrAG8AdwBvACAAdwAgAHoAZQBzAHQAYQB3AGkAZQA6ACAAcABvAGQAcwB0ABkBcABuAGUAIABwAHUAbgBrAHQAeQAgAHMAdABvAHcAYQByAHoAeQBzAHoAbwBuAGUAIAByAG8AegBzAHQAYQB3AGkAbwBuAGUAIABuAGEAIABrAGEAfAFkAHkAbQAgAGsAcgBvAGsAdQAsACAAYwBoAGEAcwB6AGMAegBvAHcAYQBuAGkAZQAsACAAagBhAHIAbwB3AGEAbgBpAGUALAAgAGIAYQBnAG4AYQAgAGwAdQBiACAAWwFuAGkAZQBnACAAcABvACAAcABhAHMAIAAoAHcAIAB6AGEAbABlAHwBbgBvAA=="}
00869{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762474,"pkt_ts_usec":884730,"pkt_caplen":393,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":393,"pkt_l4_len":359,"pkt":"ABI\/\/61OABI\/\/6f2CABFAAF73nVAAIAGlygKb29vCgAAARoKBZn0dquX83WfcFAY\/vLojgAAAwEBUwAAAgBbAWMAaQAgAG8AZAAgAHcAYQByAHUAbgBrAPMAdwAgAHAAbwBnAG8AZABvAHcAeQBjAGgAKQAuACAAVABhACAAdAByAGEAcwBhACAAbgBpAGUAIAB3AHkAYgBhAGMAegBhACAAYgBCARkBZADzAHcALgAuAC4AIABMAGkAbQBpAHQAIABpAGwAbwBbAWMAaQAgAHoAZQBzAHAAbwBCAfMAdwA6ACAAMgA1AC4ACgAKADUALgAyAC4AIABaAGEAYQB3AGEAbgBzAG8AdwBhAG4AYQAgACgAWgApACAALQAgACgAbwBrAC4AIAAxADQAIABrAG0AKQAgAC0AIAAiAFQAeQBsAGsAbwAgAGQAbABhACAAVAB3AG8AaQBjAGgAIABvAGMAegB1ACIAAAAAAApAAE8AcABlAHIAYQB0AGkAbwBuAAAmBAQBAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_tot_l4_data_len":391,"flow_min_l4_data_len":391,"flow_max_l4_data_len":391,"flow_avg_l4_data_len":391,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00923{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762477,"pkt_ts_usec":536189,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"pkt":"ABI\/\/61OABI\/\/6gdCABFAAGb5atAAIAGj9IKb29vCgAAAR5hBZmoWkXE76JT4VAY\/ohFLgAAAwkBcwAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAEABwAF8AUwBlAHQAQgBvAGcAdQBzAFMAYQBtAHAAbABlAAAAD0AAQgBvAGcAdQBzAEQAZQB0AGEAaQBsAHMASQBEAAAmCAhFIwEAAAAAAA5AAEIAbwBnAHUAcwBTAHQAYQB0AHUAcwBJAEQAACYICAUAAAAAAAAAC0AAUgBlAHMAdQBsAHQAQwBvAGQAZQAA5wIACQTQADT\/\/wpAAFIAZQBzAHUAbAB0AE0AcwBnAADnAgAJBNAANP\/\/CkAARQByAHIAbwByAEMAbwBkAGUAAOcCAAkE0AA0\/\/8JQABFAHIAcgBvAHIATQBzAGcAAOcCAAkE0AA0\/\/8YQABFAHgAYQBtAHAAbABlAEIAbwBnAHUAcwBHAGUAbgBlAHIAYQB0AGUAZABJAEQAAOcCAAkE0AA0\/\/8MQABFAHgAYQBtAHAAbABlAFQAeQBwAGUAACYEBAEAAAA="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_tot_l4_data_len":391,"flow_min_l4_data_len":391,"flow_max_l4_data_len":391,"flow_avg_l4_data_len":391,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1259762482,"pkt_ts_usec":456090,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_tot_l4_data_len":2477,"flow_min_l4_data_len":20,"flow_max_l4_data_len":458,"flow_avg_l4_data_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_tot_l4_data_len":391,"flow_min_l4_data_len":391,"flow_max_l4_data_len":391,"flow_avg_l4_data_len":391,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_tot_l4_data_len":101,"flow_min_l4_data_len":37,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":50,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_tot_l4_data_len":8479,"flow_min_l4_data_len":359,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1211,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_tot_l4_data_len":8479,"flow_min_l4_data_len":359,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1211,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":1259762400716,"flow_last_seen":1259762407935,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":438,"flow_tot_l4_payload_len":2137,"flow_avg_l4_payload_len":125,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":5555,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1259762477536,"flow_last_seen":0,"flow_min_l4_payload_len":371,"flow_max_l4_payload_len":371,"flow_tot_l4_payload_len":371,"flow_avg_l4_payload_len":371,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":7777,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_min_l4_payload_len":17,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1259762482456,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00706{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1278068444,"pkt_ts_usec":584977,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00685{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1278068444,"pkt_ts_usec":614485,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"pkt":"ADAFzckRADAFzck9CABFAADvT85AAIAGJlwKb29vCgAAAStnBZlFt6Pw51OjJ1AY\/N33oQAAAwkAxwAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAAESIzRFVmd4iZqrvM3e7\/AAAfAADnCgAJBAABMgoAQgBvAGcAdQBzAAAAHwAAJgQEAQAAAAAAJggILQAAAAAAAAAAAKUcABwAASNFZ4mrze\/ty6mHZUMhASNFZ4mrze\/ty6mHZQAAJgQEEgAAAA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":288,"flow_max_l4_data_len":288,"flow_avg_l4_data_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00778{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1278068444,"pkt_ts_usec":650715,"pkt_caplen":322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":322,"pkt_l4_len":288,"pkt":"ADAFzckRADAFzck9CABFAAE0T9pAAIAGJgsKb29vCgAAAVbOBZn+D2d0K1+fyFAY+5tcOQAAAwkBDAAAAQAXAHAAcgBvAGMAXwBGAGUAdABjAGgATQB5AEUAeABhAG0AcABsAGUARABhAHQAYQAAAAAAJBAQASNFZ4mrze8BI0VniavN7wAA5wAACQQAATIAAAAA5woACQQAATIKAEIATwBHAFUAUwAAAGgBAQAAAG8ICP7\/\/\/8AAAAAAAAmBAQAAAAAAAAmBAQAAAAAAAAmBAAAACQQAAAAaAEAAAAmAQEAAAClHAAcAAEjRWeJq83vASNFZ4mrze8BI0VniavN7wEjRWcAACYEAAAAJgEBAQAAJgQEAABQAAAAJggILQAAAAAAAAAAACYBAQEAAGgBAQAAAOcCAAkEAAEy\/\/8AASYBAA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":288,"flow_max_l4_data_len":288,"flow_avg_l4_data_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00849{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1278068444,"pkt_ts_usec":666075,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"pkt":"ADAFzckRADAFzck9CABFAAFoT95AAIAGJdMKb29vCgAAAYI1BZl4aO73Gv+xN1AY\/dgFJQAAAwkBQAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAHQBkAGIAbwAuAHAAcgBvAGMAXwBHAGUAdABNAHkAUwBhAG0AcABsAGUARABhAHQAYQBJAHQAZQBtAHMAAAANQABTAGEAbQBwAGwAZQBJAHQAZQBtAEkAZAAAJBAQZhrDThSiU0infucGD\/\/\/BwdAAEQAYQB0AGEASQBkAADnAgAJBBAAAP\/\/DUAARABhAHQAYQBJAHQAZQBtAFQAeQBwAGUAACQQEJtFubyog2RFsdPp4ZhHj04IQABUAGEAYgBsAGUASQBkAADnAgAJBBAAAP\/\/DUAATQBhAHgARgBlAHQAYwBoAFMAaQB6AGUAACYEBGQAAAASQABTAG8AbQBlAE8AdABoAGUAcgBTAGEAbQBwAGwAZQBJAGQAACYEBAAAAAA="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_tot_l4_data_len":288,"flow_min_l4_data_len":288,"flow_max_l4_data_len":288,"flow_avg_l4_data_len":288,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":238,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":238,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_tot_l4_data_len":340,"flow_min_l4_data_len":340,"flow_max_l4_data_len":340,"flow_avg_l4_data_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","ndpi": {"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1278068444614,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":11111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1278068444650,"flow_last_seen":0,"flow_min_l4_payload_len":268,"flow_max_l4_payload_len":268,"flow_tot_l4_payload_len":268,"flow_avg_l4_payload_len":268,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":22222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1278068444584,"flow_last_seen":0,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1278068444666,"flow_last_seen":0,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test"}
diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out
index e05cd9c05..06247bc9c 100644
--- a/test/results/mysql-8.pcap.out
+++ b/test/results/mysql-8.pcap.out
@@ -1,9 +1,9 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mysql-8.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946708780103,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946708780103,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946708780,"pkt_ts_usec":103266,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946708780,"pkt_ts_usec":103549,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946708780,"pkt_ts_usec":103766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"}
00541{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946708780,"pkt_ts_usec":104285,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"REREREREIiIiIiIiCABFCACL1QpAAD8Gh1kKKhLGwKgBaQzqIiISTcRUkgVBJoAYAONr2QAAAQEICgABEV4AA3kqUwAAAAo4LjUuNDQtMCtkZWI4dTEAJgAAADFeaXQqciJNAP\/3CAIAD4AVAAAAAAAAAAAAAEA6PmshXjc2SlA1WABteXNxbF9uYXRpdmVfcGFzc3dvcmQA"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":32,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":32,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"proto":"MySQL","breed":"Acceptable","category":"Database"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test"}
diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out
index 3b6efa1b7..3980c8d16 100644
--- a/test/results/nest_log_sink.pcap.out
+++ b/test/results/nest_log_sink.pcap.out
@@ -1,5 +1,5 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1536712992228,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1536712992228,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536712992,"pkt_ts_usec":228658,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536712992,"pkt_ts_usec":289465,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713052,"pkt_ts_usec":295189,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
@@ -15,12 +15,12 @@
00421{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713233,"pkt_ts_usec":3980,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2gAAP8GYxTAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
00415{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713233,"pkt_ts_usec":69799,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNppAAC0G7eIjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"}
00422{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536713293,"pkt_ts_usec":69829,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2kAAP8GYxPAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":587299,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1536714602587,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00474{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":587655,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUsrpAAEARInzAqPIBwKjyDwA1znEAQGW0CwiBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1536714602612,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1536714602612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":612148,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL4oAAP8GGxPAqPIPI7yauvduK1cIvyQjAAAAAGACEgDGgwAAAgQEgAAA"}
00422{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":681891,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX927RT8zNCL8kJGASbvDKWAAAAgQFjA=="}
00423{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714602,"pkt_ts_usec":684345,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL4sAAP8GGxbAqPIPI7yauvduK1cIvyQk0U\/MzlAQEgA+3gAAAAAAAAAA"}
@@ -29,7 +29,7 @@
01337{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714603,"pkt_ts_usec":395466,"pkt_caplen":733,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":733,"pkt_l4_len":699,"pkt":"GLQwJjRAAJD7JidrCABFAALPlUFAADcGOrkjvJq6wKjyDytX927RT8zOCL8mN1AYcRA2LQAApQIAE+inhmUEAAAAAjC0GDaeJwAAMLQYEAuJBgQAAACAOewBAAAE1eqO6tFgJ8AIXh5psw2DCMq76LkjRD2vYa6z1dUZEOqMUt\/ZJujFBDmnEEUyfvfyYh8z+bHwyirVAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEdAN5aALpwkycqH\/YdOvHUT\/yVpCuhOcfm\/\/PB0PwwAh0AyCvly7jcU\/KMtvN+jWSuMwUvJy7ARWKm5jcDDhhgGOFkeu8NGMrAorHGRgsA7uWf3A=="}
00423{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714603,"pkt_ts_usec":430818,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL40AAP8GGxTAqPIPI7yauvduK1cIvyY30U\/PdVAQD1k8ywAAAAAAAAAA"}
00490{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714604,"pkt_ts_usec":778211,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcL44AAP8GGt\/AqPIPI7yauvduK1cIvyY30U\/PdVAYD1n0VgAAMgAAEwkDAAA2nicAADC0GAQAAAACMLQYEQyJBgQAAABSDhPagk9XmQBuC4ZSQzWHZRVqOg=="}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_tot_l4_data_len":1430,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1536714602612,"flow_last_seen":1536714604778,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00414{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714604,"pkt_ts_usec":886052,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAolUJAADcGPV8jvJq6wKjyDytX927RT891CL8ma1AQcRDa3wAA"}
00515{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714604,"pkt_ts_usec":896253,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuL48AAP8GGszAqPIPI7yauvduK1cIvyZr0U\/PdVAYD1kVPAAARAAQEwAAAAA2nicAADC0GAQAAAACMLQY6iCycpbj9YM8qGb2p6tfYGLfO+vxpb53yieUogkX8401cGq\/HaLsjzCpjScgmg=="}
00415{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714604,"pkt_ts_usec":970342,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAolUNAADcGPV4jvJq6wKjyDytX927RT891CL8msVAQcRDamQAA"}
@@ -38,10 +38,10 @@
00493{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714605,"pkt_ts_usec":50668,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABflUVAADcGPSUjvJq6wKjyDytX927RT8+uCL8oeFAYdUCNTwAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQY6iB\/nMaYKMhAMXFY8tf+nXZnAd+GsL71CIlQg1iAyQ=="}
01033{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714605,"pkt_ts_usec":67899,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvL5EAAP8GGUnAqPIPI7yauvduK1cIvyh40U\/P5VAYDulidwAAxQEQEwIAAAA2nicAADC0GAQAAAACMLQY6iAA89deN58agw11Q9KAWO5TKWF97Op9jU7Fez\/h+kyit712ws7GLqSLnOdEAHl8PktY68PGo+6kAl+CRqHpxOV8\/YdJ5eW0k6bYIMA0gfnjGd7Xeknv2TToFGAzE8lK5Riib\/esK6ZHuPP9cO+6Czubos3cXJnhThAZY4wHUh6JqxqVKkkdemm9SY+xL0WeB9aLuANFzoxe9Tjgcjk\/DbaghMuhbX4jxe8zkKZgoU6mdgskbubNCtoITO4fS4KFPWq\/k7L5a5ifCMzHWEIgcDf2KVzacI4oMGPn6wwNTd5RvTB9uggviK7FpZw4nEgjWpCQHHMg2qJIRVx04YCkiY1mitkVqJnrEYnHYAfeVOJue5LiWSS7MKvyJqXcK0qlpusjl9UYgVZNKiSHL1HwM9nuyF1XsKHr41yfgiY7vTLUB3kbufA9XA6a3\/Lers1qdh6qBadlGYLi73JuUrYUzsC9xmMCsAYtzzQbVugSDihgOuL7j5DUu0lRViYc4WqCloHDEPr+CFuoy84gGJAiKmMc4OB7VrCRjKZI\/RxTGBy+eQCY7Mrb8TrxyNb350Y="}
00480{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":328073,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"AJD7JidrGLQwJjRACABFAABXL7IAAP8RJoHAqPIPwKjyAc5xADUAQyQGbMYBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="}
-00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1536714602587,"flow_last_seen":1536714607328,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":48,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1536714602587,"flow_last_seen":1536714607328,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
00574{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":527675,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACbt7BAAEARHT\/AqPIBwKjyDwA1znEAh2X7bMaBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB4ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAj0MQAEI65S7Q=="}
-00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1536714607530,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1536714607530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":530778,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL7MAAP8GYsXAqPIPI65S7fdvK1cIymiPAAAAAGACEgDJ5gAAAgQEgAAA"}
00424{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":594881,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX92+qr\/jxCMpokGASaQPN\/AAAAgQFtA=="}
00423{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714607,"pkt_ts_usec":597463,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7QAAP8GYsjAqPIPI65S7fdvK1cIymiQqq\/48lAQEgA8vQAAAAAAAAAA"}
@@ -50,7 +50,7 @@
01330{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714608,"pkt_ts_usec":322352,"pkt_caplen":731,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":731,"pkt_l4_len":697,"pkt":"GLQwJjRAAJD7JidrCABFAALNshxAAC0Gb7sjrlLtwKjyDytX92+qr\/jyCMpqo1AYbOAz4gAAowIAEwoDAAADAAAAAjC0GDaeJwAAMLQYEAuMBgQAAACAOesBAAAELxkCOpUk3uy8tjDNAAuhgChFUxfA2vMHDvxRK8RkG2ehEGOpWF1dXBUUn+wXNbBmIJ8tTSs8KarVAAAEAAcANQEwAQgRAGNdWXuZjyQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSAwAAAAIwtBgYJAcCJgglAFojMAo5BAmqnD2bjDiK3yLVcr2LQ\/iPmlWn\/iDHinq\/pRMoxaNQgTnwimtBL+qTiTQqENL2xrPIWxZjJGeRNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIISKnh4YvR26oYNYAwAghAMCqAESxXYxg1DDABHG7LEaIGSLUc\/M2D6faSCjZ4yyUajbt6l0larAowAhxg27mtYz94ldNAgb53O7UEnNbhJ3tZG9saSNIDGBg3A9UAAAQAAQAwAQh0U8TzJXXApCQCBDcDJxMBAAAA7jC0GBgmBIRKFhomBYQI+0k3BicTAwAAAO4wtBgYJAcCJgglAFojMAo5BGE4qnve9lbNUGTNwi8LtUdKfuSMTjD7DNvhKAxIglvrJHimTYHTbv0nAD\/mK7\/RNCUG+rTQMUDDNYMpASkCGDWCKQEkAmAYNYEwAghAMCqAESxXYxg1gDACCEM09xLfX5HPGDUMMAEcEurFeVqNP0pdZ4E34\/y4bmkdTprW+aj+LfeYwjACHQCMH3zVX2A9NrWeI9e9nsIN0x+kcP1z7qyH11oYGBgYGNUAAAQACAAwARx5YESorapP08hibcedkN2eOjDgOBaISDVA9wstMAIdAOPH+3W2IELswI+d+cqdLaBkMHT8uk0uErxNjNcY8LTewGcJqRXUzAk4GDxDwRRx\/7Y="}
00423{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714608,"pkt_ts_usec":437591,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7YAAP8GYsbAqPIPI65S7fdvK1cIymqjqq\/7l1AQD1s6qgAAAAAAAAAA"}
00490{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":684326,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcL7cAAP8GYpHAqPIPI65S7fdvK1cIymqjqq\/7l1AYD1vWbQAAMgAAEwsDAAA2nicAADC0GAMAAAACMLQYEQyMBgQAAACLjUe26FhRK2Su+3Sh50H2S\/Id7A=="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1536714607530,"flow_last_seen":1536714609684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
00415{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":785592,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosh1AAC0Gcl8jrlLtwKjyDytX92+qr\/uXCMpq11AQbODc8AAA"}
00972{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":789236,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"pkt":"AJD7JidrGLQwJjRACABFAAG8L7gAAP8GYTDAqPIPI65S7fdvK1cIymrXqq\/7l1AYD1toiwAAkgEQEwAAAAA2nicAADC0GAMAAAACMLQY+yFvRoNQ2dkGy6I8iUccaFHG\/UCpXikww7SDHb739iQFS9lPpNuK3rDH30szkJGD8W4c39P7LVpHPqLDJ0VO71my2SGrJ5d8z695S9ltRcFl98CKffif2N0gS8J\/JF13LEZtM22rvLbfEmxmrSTtoqwesj19aUYF5Pn+27b3zoZZv\/+QrUdRTipd3293LdeKCD5QTcvMzYtE9EwAcVdh\/SQCFrHQaL7LZtPBemiwC9zxKF2X2GTvac8YQTrFL2Ttd1vjlh+S\/6qn6i9jKPAgWws11mNqIedDdJCDYQD\/z+rOXIST5wPNGi+ONf\/XsB1KOmukrqjutcpnG6Ut6bemYi\/wTw\/vZyUEPVfrWBU2isBfQ+iOAvuHhO6UmLGaCerNE7GZuIVmASakuWScj8RRDxKDS8M1t4b8fmqcJUJRWk650H\/rop0hIUZrkX7758AcVyqKunr4Ad5GfWd5v\/aThq8TuWOZk\/ZThkIHPmzLuaqVQBDMUY\/fO7HGHQ4="}
00416{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":855031,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosh5AAC0Gcl4jrlLtwKjyDytX92+qr\/uXCMpsa1AQcRDXLAAA"}
@@ -58,7 +58,7 @@
00585{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":883943,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiL7kAAP8GYknAqPIPI65S7fdvK1cIymxrqq\/701AYDx9gXwAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQY+yHq8Hj1RzfgRN3XTu0+CiEKTy6+IzsA+mU6qvgBBUGVq3W78i5YloI79fuBd0YFwMzvdhnYb7vbqINLTsbYAHyNdClS55D32zHd4eHou\/xLB34fZkfI+mh+OB7vzJ\/vTPU="}
01275{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":948271,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdsiBAAC0Gb+cjrlLtwKjyDytX92+qr\/vTCMps5VAYcRColAAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQY+yF5gSMY5j0IRomX+JCupCk+ve5lJYBi5D7VXnN7yVh9WHY40fMHjsqX5vrgg7qCzOb3S7+s3MTpPrGcIcVehoh0hNE\/AUh\/l05LIJcfsYEUayujDOVQKSljRpx5pGdv3dngLjYDnAr+L4Ha13T3Du3LWCR0P670Xeu9JdPkJfYH+zEGsJQ+2VbZjZXJX5fdNzKoWqycH7dGyCw2ac1\/iOMgwCNM7ba8sSyJnWE4r1SzIBIR1InIILVl1F4DglLIcY9ku9DTMXpi\/hZ2YRM9SdkPLe2UuM1DK6JKV6VuRBixRswGUn+jIRDzdkahkt7pyJgLKPaJdZ+fjcxWD\/8NIzc08afSf18XAgPDcQkKOKfxxB0i6WLR0QUKBFugdRgIQiKn6rNIHdsMKAzlaqvmI0Ac8LbTXoe6+U56JKHvMdVKTlB\/G6lDcqoYVrw+6WzTUfhzse\/hxqHjCfVIv46PtZr5wJBElba\/NuPvH5MTYXLhPfopbHFO0E+984emZYu\/6gdyMYjERy7ehecQCvEa\/gPNJuvt4D+WU6vh+iboJi245pEDd4P8EcCv81b0FNLNGkdfqX0BDMnofBVXA6wcO85ZdCEuvj+BMPm9S7ttt5zK0K1BuVL8EYaYj9OIrlp8+yxkRFg9etPwjIpPjb4y\/CewBUWAbv9tBaY6xQge\/xgkq+RJG3WYbazKLOC3hmWFDk0b4GwzSW+A2t\/Ri+9DCUggDMHw\/FglQSdpXOk6X5GqSuq9\/1GuBHnpRmsBRnhFrYEq1k2eq6QvJ1VlEobomVL5KDvX\/cKzW1+i8k8="}
00424{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714609,"pkt_ts_usec":962073,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL7oAAP8GYsLAqPIPI65S7fdvK1cIymzlqq\/+SFAQEgAzEgAAAAAAAAAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1536714610253,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1536714610253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":253460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL74AAP8GGt\/AqPIPI7yauvdwK1cI1a0HAAAAAGACEgA9hwAAAgQEgAAA"}
00422{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":314466,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93Bcs3xVCNWtCGASbvAGcQAAAgQFjA=="}
00422{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714610,"pkt_ts_usec":318069,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL78AAP8GGuLAqPIPI7yauvdwK1cI1a0IXLN8VlAQEgB69gAAAAAAAAAA"}
@@ -66,7 +66,7 @@
01131{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714613,"pkt_ts_usec":670783,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"AJD7JidrGLQwJjRACABFAAI6L8MAAP8GGMzAqPIPI7yauvdwK1cI1a0IXLN8VlAYEgD6igAAEAIAEwwDAAA2nicAADC0GAQAAAACMLQYEQqSBgQAAACBAAA5+ABtAAEAWiMlAFojiiIEtkbpjQUSHUoTcWkXUWM9lVbNsoOuvfFUxmbNPsGiW\/wq5UMDWDxf2nPoFbYobKpXR6vLhI5RzviVBwA1ATABCGRioUb7JdsYJAIENwMnEwIAAADuMLQYGCYEvBKUGiYFvF68LTcGJxE2nicAADC0GBgkBwImCCUAWiMwCjkEJgNHeyfLyn8+Y4Q3KJESv6T1UZ7ximwyz0BZXSER6iqTRHr3ZzL\/QcomumvZXRQgQXcoi+vhk5Y1gykBGDWCKQEkAgUYNYQpATYCBAIEARgYNYEwAghG1Bj5qiAzNBg1gDACCE3B2i1iGUvgGDUMMAEdAIXDdHE3JrfWlel2eYaefOia8kf6YmRIxz7Xgq0wAh0Aqggyqhbk0\/a8FDNnwqqs7hWaOpuNhfC6EutljBgYGNUAAA4AAQAlAFojJAEFJAILJQMykCwEEDA1Q0EwMkFDNDQxNDAyOEYwBQgYtDAAACeeNjAGBhi0MCYAACwHCU5FU1QtOUUzNicKNp4nAAAwtBgnC4vxg94wk5+2LAkIMy4xLjRyYzMkDAEpZRiVCAAwARwghzo4rL9IB318LIxg\/LAqaKcA4fCuRscnp+mWMAIcBgUkZfHumFcJND3j932Gu2OJyi6\/7A8Wmb\/nLRg="}
00414{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714613,"pkt_ts_usec":725020,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosHFAADcGIjAjvJq6wKjyDytX93Bcs3xWCNWvGlAQcRAZ1AAA"}
01329{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714613,"pkt_ts_usec":730371,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"GLQwJjRAAJD7JidrCABFAALOsHJAADcGH4kjvJq6wKjyDytX93Bcs3xWCNWvGlAYcRAWxwAApAIAE\/507mEEAAAAAjC0GDaeJwAAMLQYEAuSBgQAAACAOewBAAAE7RjXefZ3jl2B73CKyAyp+gzqVRgqLcUisbaa+bAUHTxA+Y+sJXjb9B8VtxsX4AN2V9hwRU+nHa\/VAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEdAMVvQ5XlZmGV8QhBhrEA8Y7CKqvTkjoh+ef40ggwAhwVsCu21ub6wpZoRKcG76sWQ+LVYuExLwECJdGJGJcwYthZZrcq6RR30WEt7wyo86zw"}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_tot_l4_data_len":1886,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1536714610253,"flow_last_seen":1536714613730,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1738,"flow_avg_l4_payload_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00423{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714613,"pkt_ts_usec":917860,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL8QAAP8GGt3AqPIPI7yauvdwK1cI1a8aXLN+\/FAQD1p45AAAAAAAAAAA"}
00490{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714615,"pkt_ts_usec":108363,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcL8UAAP8GGqjAqPIPI7yauvdwK1cI1a8aXLN+\/FAYD1qDHQAAMgAAEw0DAAA2nicAADC0GAQAAAACMLQYEQySBgQAAABV\/Z6UAgToaUwXoNzLJI2S7W4xGA=="}
00415{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714615,"pkt_ts_usec":208732,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosHNAADcGIi4jvJq6wKjyDytX93Bcs378CNWvTlAQcRAW+gAA"}
@@ -75,17 +75,17 @@
00493{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714615,"pkt_ts_usec":264339,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"GLQwJjRAAJD7JidrCABFAABhsHVAADcGIfMjvJq6wKjyDytX93Bcs378CNWvlFAYcRByXQAANwAQEwAAAAAEAAAAAjC0GDaeJwAAMLQYiiJFUuzMNx8DflOVuOBBLLPLGfrP53rbJB3Obto1XgYJ"}
01036{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714615,"pkt_ts_usec":278043,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvL8cAAP8GGRPAqPIPI7yauvdwK1cI1a+UXLN\/NVAYDyEJxgAAxQEQEwEAAAA2nicAADC0GAQAAAACMLQYiiI+CssXNgbbOI5KRBlPV+ckmqQY3DK8\/LWnnr+HRKdGl+smZnROwwJpA\/10vbLaoApT4ab9eVEX4GDtWp\/O6sMXDpatNrda+Ox0c7122U2yulciv0wBRa1Q3Et904JxeZAKiz9brEeeyimZQnBvgQ0i9aufaup2bP0SHllfcVNot+eteqTXxPzVw7QEm\/X8x\/26iPbtORYjheueLOW2rEKowcxo5t4YmkgDd7FQJy24Q1PzXxE+HhYeXeLrYiUYVbfZdCN8UVk\/RSOLdfqLUnus+Ij6FtDDpwnbcj9QO\/0QjlTxJV04mNR1221RikjMGZX0NYa6NzTyJab\/sXnsv19mzVjim5U+3oDuFF4ym3MgwGRna96YPvBXJyIzPDR3NYrmUobCHurLrdJCf7djF+vcEvAD9CAmdNNSQ2kTPYZQnW3DttK8S2Zmrk7tlKNbXFLblr1t7PnQPzOuwIGjsY9XduMdsIX2QIBIp1pSv0M0Vsy32SGVR+pppogfAMsiQnNZz5d6Vzs\/dPqWkLyhe+1+Z+XUQbJsoEs6o9PX7M+BsyUL6Onfo+lnKXZOHE0="}
00494{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536714615,"pkt_ts_usec":328350,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfsHZAADcGIfQjvJq6wKjyDytX93Bcs381CNWxW1AYdUBgWAAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYiiJJQiz+L96IV3SFOxiBSZcbP\/mbp23+qRRvM0Emeg=="}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_tot_l4_data_len":1722,"flow_min_l4_data_len":20,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_tot_l4_data_len":1722,"flow_min_l4_data_len":20,"flow_max_l4_data_len":82,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_tot_l4_data_len":16279,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":226,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_tot_l4_data_len":3214,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":268,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":804764,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1536716402804,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00474{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":805070,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUcEtAAEARZOvAqPIBwKjyDwA1znEAQGW0d92BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1536716402828,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":407,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1536716402804,"flow_last_seen":1536716402805,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1536716402828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":828004,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsL\/gAAP8GGqXAqPIPI7yauvdxK1cI4Q21AAAAAGACEgDczAAAAgQEgAAA"}
00422{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":889007,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93El8kNOCOENtmASbvAVfwAAAgQFjA=="}
00423{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716402,"pkt_ts_usec":894336,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/kAAP8GGqjAqPIPI7yauvdxK1cI4Q22JfJDT1AQEgCKBAAAAAAAAAAA"}
@@ -94,7 +94,7 @@
01330{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716403,"pkt_ts_usec":590967,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"GLQwJjRAAJD7JidrCABFAALOksVAADcGPTYjvJq6wKjyDytX93El8kNPCOEPyFAYcRCXggAApAIAE+UjKQQEAAAAAjC0GDaeJwAAMLQYEAuVBgQAAACAOewBAAAELdbwukQcqjzzox9ewnDrC9pWd1r+348WJdG7JwXO5v924q\/oZvIrLWdzv8wbbkTYLFLg8PCkl\/7VAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEcFim0koTd9VH24Qi3gwBu+1JGiaYHN0Hss2X7DzACHQDtu7awqIWueyyG\/HSOZ8skGfW6dThFyBg9fjHnGLyBMayeO8OEQW3boWBH0QsRhFZn"}
00424{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716403,"pkt_ts_usec":807631,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoL\/sAAP8GGqbAqPIPI7yauvdxK1cI4Q\/IJfJF9VAQD1qH8gAAAAAAAAAA"}
00490{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716404,"pkt_ts_usec":974579,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcL\/wAAP8GGnHAqPIPI7yauvdxK1cI4Q\/IJfJF9VAYD1rm7wAAMgAAEw8DAAA2nicAADC0GAQAAAACMLQYEQyVBgQAAACt0l0ZnY6SlM7vjCpSkumsf2CXpA=="}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":415,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1536716402828,"flow_last_seen":1536716404974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00414{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716405,"pkt_ts_usec":68469,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoksZAADcGP9sjvJq6wKjyDytX93El8kX1COEP\/FAQcRAmCAAA"}
00515{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716405,"pkt_ts_usec":70831,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuL\/0AAP8GGl7AqPIPI7yauvdxK1cI4Q\/8JfJF9VAYD1pqmgAARAAQEwAAAAA2nicAADC0GAQAAAACMLQY1yrQmv5AqlhV6\/eZEU6Z83DQLEb0IYwGPVyY7GVzIqmwdr20i6uJtbyrLETLSw=="}
00415{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716405,"pkt_ts_usec":125501,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoksdAADcGP9ojvJq6wKjyDytX93El8kX1COEQQlAQcRAlwgAA"}
@@ -103,10 +103,10 @@
00493{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716405,"pkt_ts_usec":190412,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfkslAADcGP6EjvJq6wKjyDytX93El8kYuCOESCVAYdUCWjwAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQY1yrUI1pzYO6El4WvDidxBDCiqep2W0Zbn9KnAb9E6Q=="}
01039{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716405,"pkt_ts_usec":203931,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvL\/8AAP8GGNvAqPIPI7yauvdxK1cI4RIJJfJGZVAYDuoVUQAAxQEQEwIAAAA2nicAADC0GAQAAAACMLQY1yqABAywxCCA8D3PjjoFOb1Ce0gW1cuNNWbRuYysyr1G2YOIKmwfsanQwM2QeneXd5RmeMU0tOCucHcQb7y+XQTA0DJ7MnNP\/O0UR0qAMb5\/v5FUXV+G\/HCzJc18ar\/uvx5yasHK3PlMOeESls718vo62y8zDNEPqWDWEEONI0gJlHP5MGyeYs+xET0zzNaGW2ykoalJUv8h0CIZPYqYbDSxZfmOjlOmCEmbwAjwM8RoKguQdQqJNU+Df969KbeZgmtBFuOjUvYU93LzESNx8gGw4GQl1y7YHw6ifkpKetqgC35kbdVRsJiw4hZHS0iWY6OMUjt9HZPwwAZz2k9CF7dU+nYX+g2He5iPvO7c1uHx7g0+H4XfeFXu9M6z3+SrP4se\/QtOGUnpsL3O81i\/1j38UK0I+SMoCOhWPvK9X8YYVQwUkrz1hC8lypLCGmT4fpu14Vb3+LLffIbsNDgsvuZVzqQ\/mgyA\/SrShvIL9P\/bnjoQzcALIRGtMtxSYplZLTnaGGZ\/Mpb71srs7Bbt2GTgQJN9OcqkHIQJhTnsX\/nlB\/iEn8j0+TDpir+14EI="}
00478{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":3782,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"AJD7JidrGLQwJjRACABFAABXMB8AAP8RJhTAqPIPwKjyAc5xADUAQ16pMiMBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="}
-00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1536716402804,"flow_last_seen":1536716407003,"flow_tot_l4_data_len":179,"flow_min_l4_data_len":48,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":483,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1536716402804,"flow_last_seen":1536716407003,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
00573{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":116756,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACbebVAAEARWzrAqPIBwKjyDwA1znEAh2X7MiOBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB4ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAjtKQAEI65S7Q=="}
-00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1536716407119,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00709{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1536716407119,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":119984,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCAAAP8GYljAqPIPI65S7fdyK1cI7G5zAAAAAGACEgDD3QAAAgQEgAAA"}
00422{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":186187,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93Kf6ho7COxudGASaQOxbwAAAgQFtA=="}
00422{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":188905,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCEAAP8GYlvAqPIPI65S7fdyK1cI7G50n+oaPFAQEgAgMAAAAAAAAAAA"}
@@ -115,7 +115,7 @@
01328{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716407,"pkt_ts_usec":903994,"pkt_caplen":731,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":731,"pkt_l4_len":697,"pkt":"GLQwJjRAAJD7JidrCABFAALNMnBAAC0G72cjrlLtwKjyDytX93Kf6ho8COxwh1AYbOASbQAAowIAExADAAADAAAAAjC0GDaeJwAAMLQYEAuYBgQAAACAOesBAAAEwI77Gs4t7AJyX0AaOxRCiXl+5ccRafKOTShylxtkuktla3QX2f050OgPx3Dp2Wr29hk8pPxdG3bVAAAEAAcANQEwAQgRAGNdWXuZjyQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSAwAAAAIwtBgYJAcCJgglAFojMAo5BAmqnD2bjDiK3yLVcr2LQ\/iPmlWn\/iDHinq\/pRMoxaNQgTnwimtBL+qTiTQqENL2xrPIWxZjJGeRNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIISKnh4YvR26oYNYAwAghAMCqAESxXYxg1DDABHG7LEaIGSLUc\/M2D6faSCjZ4yyUajbt6l0larAowAhxg27mtYz94ldNAgb53O7UEnNbhJ3tZG9saSNIDGBg3A9UAAAQAAQAwAQh0U8TzJXXApCQCBDcDJxMBAAAA7jC0GBgmBIRKFhomBYQI+0k3BicTAwAAAO4wtBgYJAcCJgglAFojMAo5BGE4qnve9lbNUGTNwi8LtUdKfuSMTjD7DNvhKAxIglvrJHimTYHTbv0nAD\/mK7\/RNCUG+rTQMUDDNYMpASkCGDWCKQEkAmAYNYEwAghAMCqAESxXYxg1gDACCEM09xLfX5HPGDUMMAEcEurFeVqNP0pdZ4E34\/y4bmkdTprW+aj+LfeYwjACHQCMH3zVX2A9NrWeI9e9nsIN0x+kcP1z7qyH11oYGBgYGNUAAAQACAAwARwWcS9Yv6Hv443lPnlfVVzRjWEZ2bkD2vo+PkvpMAIdAJwkZf72kBRQoO+o9JB3Ec608mV4lMXj65mTdKwYJoptKOP73tAdI4SBj9d3d4DbZ6c="}
00421{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716408,"pkt_ts_usec":69864,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCMAAP8GYlnAqPIPI65S7fdyK1cI7HCHn+oc4VAQD1seHQAAAAAAAAAA"}
00488{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":280467,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMCQAAP8GYiTAqPIPI65S7fdyK1cI7HCHn+oc4VAYD1th7gAAMgAAExEDAAA2nicAADC0GAMAAAACMLQYEQyYBgQAAAAVbG26Bq9GdhOyEiBxNPZ1OT1plA=="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1536716407119,"flow_last_seen":1536716409280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
00414{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":385595,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoMnFAAC0G8gsjrlLtwKjyDytX93Kf6hzhCOxwu1AQbODAYwAA"}
00967{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":389222,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"pkt":"AJD7JidrGLQwJjRACABFAAG8MCUAAP8GYMPAqPIPI65S7fdyK1cI7HC7n+oc4VAYD1to7AAAkgEQEwAAAAA2nicAADC0GAMAAAACMLQYzy4GzIJNeU2NOmLbKsico\/gTdowUaADFhimxHolLtG\/hS1TVhyqM6UD5w4rVsO92jRtCoQVWAL3BN1XAqoSX7qxIjsLiDez+47F7E8tVj+Idl4NGs2qi0\/Tq96jgh3f6ESKXex6FFMQl5eAyw47M\/kIa\/KtLoDwmvdKnT3WavS8W9vf0FOzrSa6Jcdpv0tgbkVjqigXyPs1u2nGbADbNU4bk5+RHRjQK9x8NxuD366Xj2LevFvQocE7UWyb7GrNer2cftubu62yoJZWnFYsryY+ZcmNgkUWVISSS9j+Prf0SxU5hUMTdac3kKvt8yioN8RBE76j4oMnkuXzFsufeRNX8m+g5QU6Nru5dKmjK4RSUgKGiLDNmTG4odfRi2Z7z1iY6c\/k5DGxw8dSIRmnFAxqNR5Dp2q2J\/HbFbsuohKJPSSSOmG+GpsfswgFISeA4\/mo4W8mu\/ZkVEVZ0eHcQNZXxfZcl2PFUVmlUjm0M35BxuDxkTbevk2JK9iM="}
00415{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":461802,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoMnJAAC0G8gojrlLtwKjyDytX93Kf6hzhCOxyT1AQcRC6nwAA"}
@@ -123,7 +123,7 @@
00584{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":486645,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiMCYAAP8GYdzAqPIPI65S7fdyK1cI7HJPn+odHVAYDx+\/0QAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQYzy6ryDEujkZ2T+O19ZqyWNx5+FQrxlzTPBdpP9gztpQhKCX5iltTclThZpeFGoN8\/JlPFRlM2BsZDWYQZX1pDRaFiJ6oKEh+8AZIhz0AD9Bd2Fw+dpNEUXaUEa9Y3aWUtTg="}
01272{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":549606,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdMnRAAC0G75MjrlLtwKjyDytX93Kf6h0dCOxyyVAYcRDTcQAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQYzy4dy2T3uPHoJ5nDkHN5aOILK\/s0WecYf6P8S5FsG4cRnGvPUqp0bkK7R+RTjACAMHxtDciQOXBsmeSoSCTV1D0wlWNVeBu0ghnZ0IongGwrBGbaef67k11IXiS\/KcMV5aATZIzGi\/uHV6tkHJqfo4Ltfvil\/UngR8KDKi3yz6ZTCF6fqdsJ2yb9VQ1EbUuMA0OjIak+3myS06OAON6R567\/fINVJIzGc7LwDdXbK6bZT+rSnLO\/70HvJ\/4GRYr\/V3yDybJNfmHQ9Mt5EZvO6hmjKg8fghDdikOMV0amqoAijgMNo2RMJdfJP3zTqazQtCMPVftqnGXdQIabgeMEZvbu7gnYSZC3LPXgse0x40+KIcTTlF0Tnk2nG4NWd0SID6H0HYpk7uM+VWZeDhpHohnMGNgYb0+DrV5fzQqtWqWYSlYMKWV2L3Yu5pEU38j8NsYrO2YJ6MApWm\/sZlC6dtsvFHPSPyAp0S83G7IzHir+G5x5\/Zfl0XdNcMrcBLzbhJpN\/bKKcARCJfC+VbX4Z3TrfGOao\/WBoWsaz8M35OhLYwzwjqLDt\/4u1aUzx4gpHpg7eVddmcWFUXaEBTqhfEUccjF48C+kEUT7GxDBXc3ov0aYEbjYLVQDbtO8Ixbn\/kpiezH5l0cGPQGURjvXIBDXz6s76Iy9iJocif9O+L9eRwc9hudufPA9XFt3OoLUbcAL+CoZyrLlxeOULNuLLJLeV2GnHyLdgGmegolNO4bWuNjECt65xxXDr6dWG8OgkT7iWwVgo1rkZA6j7XJWbrmVJzeQwzFngRtmdVI="}
00423{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":559472,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMCcAAP8GYlXAqPIPI65S7fdyK1cI7HLJn+ofklAQEgAWhQAAAAAAAAAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1536716409847,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1536716409847,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":847406,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMCwAAP8GGnHAqPIPI7yauvdzK1cI9889AAAAAGACEgAbLAAAAgQEgAAA"}
00423{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":908176,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93M4S\/jECPfPPmASbvCMDgAAAgQFjA=="}
00422{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716409,"pkt_ts_usec":910872,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC0AAP8GGnTAqPIPI7yauvdzK1cI988+OEv4xVAQEgAAlAAAAAAAAAAA"}
@@ -132,7 +132,7 @@
01336{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716410,"pkt_ts_usec":611476,"pkt_caplen":733,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":733,"pkt_l4_len":699,"pkt":"GLQwJjRAAJD7JidrCABFAALPKDBAADcGp8ojvJq6wKjyDytX93M4S\/jFCPfRUlAYcRClSwAApQIAE9Xg11sEAAAAAjC0GDaeJwAAMLQYEAueBgQAAACAOewBAAAECbrdUdu12b+SYDLX\/zL0xISgI8pSC\/5jIJHhE9mQVqqkqSQsxI2X5XMa1xKFWXdnjToNgMdQK0HVAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEdAN\/WBKON3OvH+sAiPOFCQg845zqoCG2hPyVrt84wAh0A3huP\/H5FOIRRHhmmqtwRXJ8ZVIrkOyBLODeEBxgXWFXujjI0Q256X84LXelzGgS3WA=="}
00422{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716410,"pkt_ts_usec":815005,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMC8AAP8GGnLAqPIPI7yauvdzK1cI99FSOEv7bFAQD1n+fwAAAAAAAAAA"}
00489{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716411,"pkt_ts_usec":997733,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMDAAAP8GGj3AqPIPI7yauvdzK1cI99FSOEv7bFAYD1n58wAAMgAAExMDAAA2nicAADC0GAQAAAACMLQYEQyeBgQAAAAzcom9gnJSb94h3\/jQ09uvI9YfcQ=="}
-00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_tot_l4_data_len":1431,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1536716409847,"flow_last_seen":1536716411997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1263,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00415{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":101039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoKDFAADcGqnAjvJq6wKjyDytX93M4S\/tsCPfRhlAQcRCclAAA"}
00514{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":103934,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuMDEAAP8GGirAqPIPI7yauvdzK1cI99GGOEv7bFAYD1kmgwAARAAQEwAAAAA2nicAADC0GAQAAAACMLQYpi5bMHfrehw79wCLmAJOuqlVC1AEqC\/wWzgJfnIRBAQHVOUpAiGfWUn6f6OE8Q=="}
00416{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":157162,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoKDJAADcGqm8jvJq6wKjyDytX93M4S\/tsCPfRzFAQcRCcTgAA"}
@@ -140,17 +140,17 @@
01031{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":176620,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMDIAAP8GGKjAqPIPI7yauvdzK1cI99HMOEv7pVAYDyASjgAAxQEQEwEAAAA2nicAADC0GAQAAAACMLQYpi4l+cv7HVinscC11HzkcO6SJL1Kunc+2jM8HSk4MhhqiyxkJNo7q3BqeIjVGFi+UX4vs2bcvCEfiTCmqAxNm0XjXXG0MwSal0A6zfADY\/kMD4JEO10WgOFCCN9Mzu1gwtxKif5L4i4+KfGVrkA8MDLFdZUxXp7BLLM3h2UA0+LTJ1kUyF4nUBcCi1clI6byns0k9fC8nLL85qXwNwgNmhqz8+hnvejx0IHRkUSuTflnetxnDVVWgCzgJJoSL2Ncbl5fLW40Aslz4bMyFKf2+hC0WXa6FmeAUlu7SNhekGZxZM3XVMKT+teNF0Y9z+FN2kTRSCRjENDLy2MbH4ypyq4DFdWxktK9BlKCy6CfudRFYefIG\/EpdvPIU35yK6cCFQV3vm1xqauZH23QWuoEhhIpP3kCY5V8V4CXuDt51zDNR96xykYbqsdQGUWoMf+hL4bWUU+Jq93DhYt0QMYSTyhv0eiqIWOrEEFa1\/tbVQtE2s1TI0Pqk4g9fi5pvxwDJo\/TpXBgp0TRnRGozTOxenoPKTN\/e5GWRDeC5pqx4E6tHSqsrfaos2LmvDaINeM="}
00495{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":227528,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfKDRAADcGqjYjvJq6wKjyDytX93M4S\/ulCPfTk1AYdUDbwAAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYpi6RqU1g2fyvZNgqhxRxPNlqKdyGXnoZw6cV\/h9gzA=="}
00832{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536716412,"pkt_ts_usec":242229,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"AJD7JidrGLQwJjRACABFAAFYMDMAAP8GGT7AqPIPI7yauvdzK1cI99OTOEv73FAYDulnJwAALgEQEwIAAAA2nicAADC0GAQAAAACMLQYpi4UtiA0Cx13rIj8\/aDtBknj5TpUe+czqdoVD8n6UA7QL+mB0XoM6ch85gGQb4MEAemR4qgbb63DxAQ8hUZN2BayyDPAqHBcr2nupAGGcc6I1zASH0zHmLIg3VBG6EMWnd54NMvCalt+NfLRa5dbK1h\/3AKhkef87gCx5m\/BtBMiu9OQp+Eb8Fyzbv2KhAKsDSHuOGUXHc9Wz\/SqOzD066CW0Ntsua0pkoZYV6ixdfxlvPDDSSLi0xL\/AZOZnQ2pkHxi5gBkPdea\/EUeI9iEafXIfk1SUsg0bskCpy0X15AyUYt2zASNm0LG+EF7JYTugxVX8xZe1AmlbycXRKBuMfyvlHZ1juCzw5L9YRsejkrvAvQ7MG9VyA=="}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_tot_l4_data_len":6397,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_tot_l4_data_len":16281,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_tot_l4_data_len":2667,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":116,"flow_first_seen":1536714607530,"flow_last_seen":1536716407068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":4069,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63343,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":537,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717427,"pkt_ts_usec":961883,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1536717427961,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00455{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717427,"pkt_ts_usec":984158,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEMFAAAP8RJfbAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
00475{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":84913,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUzkdAAEARBu\/AqPIBwKjyDwA1znEAQGW0Tp6BgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1536717428089,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":613,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1536717427961,"flow_last_seen":1536717428084,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1536717428089,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":89363,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMFEAAP8GGkzAqPIPI7yauvd0K1cJA0ANAAAAAGACEgCqTwAAAgQEgAAA"}
00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":146200,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93SD5IA7CQNADmASbvBIIgAAAgQFjA=="}
00424{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":152738,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFIAAP8GGk\/AqPIPI7yauvd0K1cJA0AOg+SAPFAQEgC8pwAAAAAAAAAA"}
@@ -159,7 +159,7 @@
01333{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717428,"pkt_ts_usec":843719,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"GLQwJjRAAJD7JidrCABFAALOS3JAADcGhIkjvJq6wKjyDytX93SD5IA8CQNCIFAYcRBeKwAApAIAE2ZMqY0EAAAAAjC0GDaeJwAAMLQYEAuhBgQAAACAOewBAAAEQV9aO4xK0Ti5pfosvsMq8qMan5I\/lvw0z2uLTLWHTEEmZP5JxgTdqLVmyLoXPa\/bgZ+9Dfm1hg\/VAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEcG7hosNZ15e3F8srkX2rX3OoCOj0Q8NqMkoEl0jACHQCvDawplV4gO\/pf2Yd7VIkwH5J8lV0JmwN6nsfYGIF4YNGCZYzNH6JJ4VB3AkaCX\/61"}
00422{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717429,"pkt_ts_usec":59119,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMFQAAP8GGk3AqPIPI7yauvd0K1cJA0Igg+SC4lAQD1q6lQAAAAAAAAAA"}
00489{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":226245,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMFUAAP8GGhjAqPIPI7yauvd0K1cJA0Igg+SC4lAYD1rmagAAMgAAExUDAAA2nicAADC0GAQAAAACMLQYEQyhBgQAAABBQJTDCM9602OiOlnVzsSlIAFYfg=="}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":8,"flow_first_seen":1536717428089,"flow_last_seen":1536717430226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00415{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":318726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoS3NAADcGhy4jvJq6wKjyDytX93SD5ILiCQNCVFAQcRBYqwAA"}
00514{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":321126,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuMFYAAP8GGgXAqPIPI7yauvd0K1cJA0JUg+SC4lAYD1rROwAARAAQEwAAAAA2nicAADC0GAQAAAACMLQYHyNbhn9VDoARCCe8rRLztndNaTEIOzGsgKA+4QD+m30GU58L4iJ+h1FBZ0+xig=="}
00416{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":375682,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoS3RAADcGhy0jvJq6wKjyDytX93SD5ILiCQNCmlAQcRBYZQAA"}
@@ -168,10 +168,10 @@
00494{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":439321,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfS3ZAADcGhvQjvJq6wKjyDytX93SD5IMbCQNEYVAYdUBdLgAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYHyNzZpXYNZeZdCUgxD2zUDBPIOVRg85SJ3eyC07atQ=="}
01040{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717430,"pkt_ts_usec":453035,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMFgAAP8GGILAqPIPI7yauvd0K1cJA0Rhg+SDUlAYDuqWvgAAxQEQEwIAAAA2nicAADC0GAQAAAACMLQYHyMcwtLQNZOmw9EOXmPr\/dRZqGP\/ncecLayXy1ipoYtlg+PzlM8YectnZeKXeGjIego5qNZFuYyy1llTK\/YxCfNv2VA9WA3IAF5BK9t4cks\/aNENNnFyAKGNolDBoJM3SCnPUAT1c0ePzBLlWXYfNPioQgHEXdOYx59BaFVkyqAgbG3vWOZqLaCJ\/Tnr8h2SBx9fF2usGo\/lODsM\/VpbwrzaLgWqoMoyF+gI4jWMh42auc1nzFTDN\/+XG4Ayck9\/rrCxRnGeVJs2PXuygHmW9Gakfmmv4AuwBsoS2CzwMycI6JTltG365gP95C+HHJzV5otFdcgEDpE1IGUcp3MDVTj4Vho5w27LvW8H6L\/zwQXba1PvgHyDFCBmqjfvJ7F\/uLvWzxlci9HYS4+g0YCNsokLikF4zCpA3lmioMXH2hk6C3UHYJLHW9z8cZ+rrddw3WQlert2KUbuNvH3BNXjoW\/9dOCD6deluMxqtR7+puUpB\/OqiOWtbQnBpVROt4zUMdeV9ikST8euCwReTFfAKcRjOZXklfnYqQpvi4XsmADmUUTuKcni8hOG+bmO1Ow="}
00481{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717449,"pkt_ts_usec":934587,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"AJD7JidrGLQwJjRACABFAABXMG4AAP8RJcXAqPIPwKjyAc5xADUAQy+AYUwBAAABAAAAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAE="}
-00698{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1536717427961,"flow_last_seen":1536717449934,"flow_tot_l4_data_len":227,"flow_min_l4_data_len":48,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00710{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1536717427961,"flow_last_seen":1536717449934,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
00574{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":88270,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"GLQwJjRAAJD7JidrCABFAACb\/6BAAEAR1U7AqPIBwKjyDwA1znEAh2X7YUyBgAABAAIAAAAAB2N6ZmUxMDUHZnJvbnQwMQVpYWQwMQpwcm9kdWN0aW9uBG5lc3QDY29tAAABAAHADAAFAAEAAAB3ACgRZWMyLTM1LTE3NC04Mi0yMzcJY29tcHV0ZS0xCWFtYXpvbmF3c8AywEcAAQABAAjpFgAEI65S7Q=="}
-00698{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":673,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_tot_l4_data_len":362,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1536717450091,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00710{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":673,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"czfe105.front01.iad01.production.nest.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.174.82.237"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1536717450091,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":91191,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMG8AAP8GYgnAqPIPI65S7fd1K1cJDrE1AAAAAGACEgCA9gAAAgQEgAAA"}
00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":156309,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93XProMNCQ6xNmASaQPV8QAAAgQFtA=="}
00423{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":159277,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHAAAP8GYgzAqPIPI65S7fd1K1cJDrE2z66DDlAQEgBEsgAAAAAAAAAA"}
@@ -180,7 +180,7 @@
01332{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":921163,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"GLQwJjRAAJD7JidrCABFAALOodhAAC0Gf\/4jrlLtwKjyDytX93XProMOCQ6zSFAYbODLIgAApAIAExYDAAADAAAAAjC0GDaeJwAAMLQYEAukBgQAAACAOesBAAAEbziNMpKdbJgGRoHyXyFDRQtipDYGnIgfqtt\/iAE5rQQGlnJ5Tud8n9qoqzSFTGcKQHUsx9ZGKYDVAAAEAAcANQEwAQgRAGNdWXuZjyQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSAwAAAAIwtBgYJAcCJgglAFojMAo5BAmqnD2bjDiK3yLVcr2LQ\/iPmlWn\/iDHinq\/pRMoxaNQgTnwimtBL+qTiTQqENL2xrPIWxZjJGeRNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIISKnh4YvR26oYNYAwAghAMCqAESxXYxg1DDABHG7LEaIGSLUc\/M2D6faSCjZ4yyUajbt6l0larAowAhxg27mtYz94ldNAgb53O7UEnNbhJ3tZG9saSNIDGBg3A9UAAAQAAQAwAQh0U8TzJXXApCQCBDcDJxMBAAAA7jC0GBgmBIRKFhomBYQI+0k3BicTAwAAAO4wtBgYJAcCJgglAFojMAo5BGE4qnve9lbNUGTNwi8LtUdKfuSMTjD7DNvhKAxIglvrJHimTYHTbv0nAD\/mK7\/RNCUG+rTQMUDDNYMpASkCGDWCKQEkAmAYNYEwAghAMCqAESxXYxg1gDACCEM09xLfX5HPGDUMMAEcEurFeVqNP0pdZ4E34\/y4bmkdTprW+aj+LfeYwjACHQCMH3zVX2A9NrWeI9e9nsIN0x+kcP1z7qyH11oYGBgYGNUAAAQACAAwAR0A2G31fq+TOXoyqvgRUKTA+nYWK49Y5M6pPX1i2DACHQDLeQmsDgLPZIqWGixBFHwTSJsfpkvJb4ZnSPpVGEb\/GHZhO10mK29J0xKM8wSIOLew"}
00423{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717450,"pkt_ts_usec":932392,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHIAAP8GYgrAqPIPI65S7fd1K1cJDrNIz66FtFAQD1pCoAAAAAAAAAAA"}
00489{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":328815,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMHMAAP8GYdXAqPIPI65S7fd1K1cJDrNIz66FtFAYD1qYeAAAMgAAExcDAAA2nicAADC0GAMAAAACMLQYEQykBgQAAAAVa3P0RkFW+dlcD7POmwfEvAo6fg=="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1536717450091,"flow_last_seen":1536717452328,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
00415{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":428867,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoodlAAC0GgqMjrlLtwKjyDytX93XProW0CQ6zfFAQbODk5QAA"}
00693{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":433186,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"AJD7JidrGLQwJjRACABFAAD0MHQAAP8GYTzAqPIPI65S7fd1K1cJDrN8z66FtFAYD1rV4AAAygAQEwAAAAA2nicAADC0GAMAAAACMLQY2Cfv7HvXPsKFYm+Fvy7t+9lgnc56QGmd\/eVjBVdTXBr35uaTDhN1mS6RWjNOlkbKoXHmoupkyGTs+2ZnMWXYdTpAVAdN4hr1I\/iQAzMeygyY4VcYD3qbsRxap6xEmiyJiVhJM9iaT2bmzxF8MC3Rhdf89KqsbjYwOsv9Ldxwd3+8H9SUOpByMMa6nDTYGi3XX5vk+ugYcYYkbmwzwKinTum5rmGQR51hVuA1UUWRaBiDe7FQ"}
00416{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":499435,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAoodpAAC0GgqIjrlLtwKjyDytX93XProW0CQ60SFAQcRDf6QAA"}
@@ -188,10 +188,10 @@
00585{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":520876,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiMHUAAP8GYY3AqPIPI65S7fd1K1cJDrRIz66F8FAYDx5oWQAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQY2CeHe3fbvWidKfohKuRa7XDuojHzMgZ2OhqIaxSzulmY1XoAGRd4ENFcqyJqh4aNnK3Zk8\/cV+XMiFuh2rYIlEfPQTViL5\/yMAtxrgtaJegSjYVtcSEEHhb64b0qiEWrpM4="}
01272{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":582887,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdodxAAC0GgCsjrlLtwKjyDytX93XProXwCQ60wlAYcRC4\/AAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQY2CdpgLR76mOJh9OcABZMQZxjd6W+4olkuKICGOoEHYAr7uuNJHp5lmVSQcLnoVMK6Pckncv+NG93Wf7\/UfUStKBidDWVzuoHH+KvDDU\/exXRljKxonJqLcgzfK4KHwxJNq0hmXASfbLaIoekpC8pw\/ZpmgM+ayekgJB+CBAZDzA38Kj3fQEXKdPvKi434t49P11HKag+kNjXJjTiBbhC07ZYHYmfROcH+JGVG+sgYvt0GibOChZF74V\/RvixPDzrVDGmlBzlO9osVBV6D6EUcuUx+xdswEFwFHRCLwD76dncYNAon1ZQRjGBHhjNFX0aL1J7yj85gD6Chnn7Psw808CMGMCl8pYpMpJMMK8ys3tgyl+HtbVElVqeunEW2ya2Y9QoNuNBt1hZkYG0k\/EmOpD7dk6ANgZJOjSXBeloJBYH9rh0mH\/dTZeVQBVZavePeJzrwLN2z12WBU07O0ohB2LeO0Pm0BwjErn4+SkZwg7NWyYY4bZBQ7Nw9OIbUghLGGEUTdewDlIJSEpQCi\/KoH6b2glDONkfdY7DNM7m7h0DU+Oax34IhSt6w9ZNB5t5ocBqoyAXmd+780hynw5Whcwk\/NLvCZIrDT501EBJYcXrQYAvAk3wQJb9NkGyofDKIlNph+RRIR7JJ\/tN\/luzKYeYT3jUAx8+pjaQOfOOQ9uOebNAjCUVr34xlZN5Tdfu4L4BdDbLh3UA+oAWbEak3VBSXfZ+EFCr4RX6Jp4b5G9nWh14E2DYXRY19JnweARqxsVgblB4leYp3YzGMnN5lsK892Gsq\/GT05G0\/dE="}
00424{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536717452,"pkt_ts_usec":593864,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMHYAAP8GYgbAqPIPI65S7fd1K1cJDrTCz66IZVAQEgA7zwAAAAAAAAAA"}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_tot_l4_data_len":5476,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_tot_l4_data_len":10331,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_tot_l4_data_len":362,"flow_min_l4_data_len":48,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1536718052990,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1536718052990,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718052,"pkt_ts_usec":990525,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"}
00422{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":59160,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="}
00422{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":62757,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMIwAAP8GYfDAqPIPI65S7fd2K1cJGivYkMneU1AQEgCtowAAAAAAAAAA"}
@@ -200,7 +200,7 @@
01334{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":776985,"pkt_caplen":731,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":731,"pkt_l4_len":697,"pkt":"GLQwJjRAAJD7JidrCABFAALNsfRAAC0Gb+MjrlLtwKjyDytX93aQyd5TCRot61AYbOBPtgAAowIAExgDAAADAAAAAjC0GDaeJwAAMLQYEAurBgQAAACAOesBAAAE0sW8P6\/LXxXtSVWgOie0jFpFH\/L7tTiMXUvkzpyGDbX+jfCmn11GvLdTiJofb1GRcypu9DeYwXjVAAAEAAcANQEwAQgRAGNdWXuZjyQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSAwAAAAIwtBgYJAcCJgglAFojMAo5BAmqnD2bjDiK3yLVcr2LQ\/iPmlWn\/iDHinq\/pRMoxaNQgTnwimtBL+qTiTQqENL2xrPIWxZjJGeRNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIISKnh4YvR26oYNYAwAghAMCqAESxXYxg1DDABHG7LEaIGSLUc\/M2D6faSCjZ4yyUajbt6l0larAowAhxg27mtYz94ldNAgb53O7UEnNbhJ3tZG9saSNIDGBg3A9UAAAQAAQAwAQh0U8TzJXXApCQCBDcDJxMBAAAA7jC0GBgmBIRKFhomBYQI+0k3BicTAwAAAO4wtBgYJAcCJgglAFojMAo5BGE4qnve9lbNUGTNwi8LtUdKfuSMTjD7DNvhKAxIglvrJHimTYHTbv0nAD\/mK7\/RNCUG+rTQMUDDNYMpASkCGDWCKQEkAmAYNYEwAghAMCqAESxXYxg1gDACCEM09xLfX5HPGDUMMAEcEurFeVqNP0pdZ4E34\/y4bmkdTprW+aj+LfeYwjACHQCMH3zVX2A9NrWeI9e9nsIN0x+kcP1z7qyH11oYGBgYGNUAAAQACAAwARw1T2IcMbxoxOJxWzVUvGZAZjKEZDcm7zKQa67bMAIdAKPrCSVs\/c\/JcdU67zBXeGds8ta1rgpv1q\/OZsgYS8IvNc9SGG7wUPxFuOb9ubzI2y8="}
00423{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718053,"pkt_ts_usec":848053,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMI4AAP8GYe7AqPIPI65S7fd2K1cJGi3rkMng+FAQD1urkAAAAAAAAAAA"}
00491{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":162308,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMI8AAP8GYbnAqPIPI65S7fd2K1cJGi3rkMng+FAYD1sXwwAAMgAAExkDAAA2nicAADC0GAMAAAACMLQYEQyrBgQAAAC91\/p2XARSKlEAE\/UpbfvFYG1sJQ=="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":753,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1536718052990,"flow_last_seen":1536718055162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
00415{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":268280,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosfVAAC0GcocjrlLtwKjyDytX93aQyeD4CRouH1AQbOBN1wAA"}
00694{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":271521,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"AJD7JidrGLQwJjRACABFAAD0MJAAAP8GYSDAqPIPI65S7fd2K1cJGi4fkMng+FAYD1t2dQAAygAQEwAAAAA2nicAADC0GAMAAAACMLQYuSAnzQlRb5c23McyQuVT3uwhB720rf8l+1tf9TgDr\/Y2s1FAD3GCnmlmFk7Uphom+LvFr+8\/KFpvvGBpyXq4djXJ8AonV9JeIhGMS+mA\/J6VfcfUE93UnL1ZrFEYueFIh0USTCKXQLMVCHIhIWKHVHuxDKC8xejFBE6Xz79Wuy3mMMAFWAT5nOHnk4gJHsmpCR1A4vyXmEE0aN6McmjOPcVxuCV7pMMaEWxnIAHs5kbrxLpr"}
00416{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":339269,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAosfZAAC0GcoYjrlLtwKjyDytX93aQyeD4CRou61AQcRBI2wAA"}
@@ -208,13 +208,13 @@
00585{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":364971,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiMJEAAP8GYXHAqPIPI65S7fd2K1cJGi7rkMnhNFAYDx+UvwAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQYuSAYxN7C6\/gO3nX5RyJn6PJ9iRIqn4rDPj7MUvwmK1p8coXxYhvOuHuK39YrcDbHgfSoB9ZDkVTssG3e2d5k\/BxSNjKzvt3DFGIVz+PwYw38jxPyzt2Hi0LvlmNrwVcQGW0="}
01275{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":427492,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdsfhAAC0GcA8jrlLtwKjyDytX93aQyeE0CRovZVAYcRBJ9AAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQYuSDinmqKzVmF\/eXMTOuZcdK+ib75BwO2oRGiiEDaK+3Pnw6Qs3C2noqSiwxhZsWJqdX1dyfTcKsrWwY6rO88+9mzSYz7OLdrdI3Slhl6kFBlRJX1kIcqD9ANTwvp+eTpzPxf3v2eUNECf4c1wvLKvfCJ2DzlvA+9R22EhnwlvZ\/jXuZ4phZepXDYHL\/B3Ss7IGKhJqNLeKkNPk25T3KCgYS54n\/QME\/NXSW1MnR1xtMeue+XPaQa+H\/sQSz+Jftw5+hEy1LhPQrs4pdXJFqRa4dLsnZde2pfv9bCWv+7g4e0jB+2u8pZ8agAkiO4w5ENbZ5RETWjHG+3czkYpXrKJ0sVYYZ0QMi2ckLWdLtdUEbKekl9junNF7tzxieYQO44X4FWADbiNFAL0YXsSu8dJZnutXQtU1DTEumsVdmK8\/YJW\/J1Ra5OniITRIzML7ukbj8J0uachhaLaUkjn5HJHDNQhhapIVEhlCRmOA6uG\/uNuT3SJP7\/5GaOxIzMsS+8HpIlBYra8Eqqtf71DzobHQta6dCKrA3HOPFkSqdxhABE2ev1QwKTvtA4TFr1G0l3s4cWsd\/LI1urCmjHwxJNKWPepNStz+IayuBnhlcYYVQjYFVcm9HCNy046dvNAzpSWuf8rCZg0ZiIkgveI5XtAdGedXl56vAdgQGvLl1ctNPHojREl\/N2ClrxOHSQOHDPpgB\/5Ietx76wgHSTe3iphyBZWgFW4P\/iZ2CTKja71Kgqv6dIFclTSEBenmTt6a+aEnlQUOlUkb0\/KXZkWP1a5v+iBRUsfhAZg\/KIQeI="}
00424{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718055,"pkt_ts_usec":437112,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJIAAP8GYerAqPIPI65S7fd2K1cJGi9lkMnjqVAQEgCkwAAAAAAAAAAA"}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_tot_l4_data_len":4410,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":775,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1536717450091,"flow_last_seen":1536718053058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":959606,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AJD7JidrGLQwJjRACABFAABEMJoAAP8RJazAqPIPwKjyAc5xADUAMPGqwpsBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":779,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1536718202959,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00475{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":959785,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"GLQwJjRAAJD7JidrCABFAABUb5VAAEARZaHAqPIBwKjyDwA1znEAQGW0wpuBgAABAAEAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAcAMAAEAAQAAAHgABCO8mro="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1536718202984,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":780,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"35.188.154.186"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1536718202984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718202,"pkt_ts_usec":984094,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMJsAAP8GGgLAqPIPI7yauvd3K1cJJajVAAAAAGACEgBBYgAAAgQEgAAA"}
00422{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":39605,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93fElurmCSWo1mASbvAz1wAAAgQFjA=="}
00422{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":42198,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJwAAP8GGgXAqPIPI7yauvd3K1cJJajWxJbq51AQEgCoXAAAAAAAAAAA"}
@@ -223,7 +223,7 @@
01336{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":746505,"pkt_caplen":733,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":733,"pkt_l4_len":699,"pkt":"GLQwJjRAAJD7JidrCABFAALPdN9AADcGWxsjvJq6wKjyDytX93fElurnCSWq6FAYcRAtCAAApQIAE5aex7wEAAAAAjC0GDaeJwAAMLQYEAuxBgQAAACAOewBAAAE+rolzy+PcOFALB3XOjE\/1avQJZsiItI5DiyJBVIPcZITtPZ2XrnN0E3MfjNOspBvZsP5MHI\/arLVAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEdAKQ+FOL4Hy\/vAFY0N\/6Fb4IhwL51Reme7+2nNLcwAh0AxpKlk4REdfygt4LErdP64Xw0tzVxuYpvsCsKrhg00tOd8tGpjSpFtyy2jPZ48AQk5g=="}
00423{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718203,"pkt_ts_usec":812275,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMJ4AAP8GGgPAqPIPI7yauvd3K1cJJaroxJbtjlAQD1mmSgAAAAAAAAAA"}
00489{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":132060,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMJ8AAP8GGc7AqPIPI7yauvd3K1cJJaroxJbtjlAYD1k4qAAAMgAAExsDAAA2nicAADC0GAQAAAACMLQYEQyxBgQAAABDvk7v9shaoRVwWNA7hKpxzM+I7w=="}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_tot_l4_data_len":1429,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1536718202984,"flow_last_seen":1536718205132,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00415{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":230507,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAodOBAADcGXcEjvJq6wKjyDytX93fElu2OCSWrHFAQcRBEXwAA"}
00515{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":232926,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuMKAAAP8GGbvAqPIPI7yauvd3K1cJJascxJbtjlAYD1lm9wAARAAQEwAAAAA2nicAADC0GAQAAAACMLQYyShOOcoezN7Yf362RQ73eqRmWfIt67XrBhmJNXUpK3Pc3PMt98c6L1fTQX8u\/w=="}
00416{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":292870,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAodOFAADcGXcAjvJq6wKjyDytX93fElu2OCSWrYlAQcRBEGQAA"}
@@ -231,7 +231,7 @@
01038{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":306592,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMKEAAP8GGDnAqPIPI7yauvd3K1cJJatixJbtx1AYDyCARAAAxQEQEwEAAAA2nicAADC0GAQAAAACMLQYySim\/6WfDHyGhiYdkOdlffoUo+Ifpc1p5N2K5+L8oe31Ch6pwdfuUuAwXADSEGtH0AWRKDzXHJQUXtIfsfhk\/dOO\/P8MfUa7yj+4duxp+HzQRSQnbUKMWWJTc68VzUG6DtxH9F3a7neZ8jZnPvu9v9V1OYIY3\/pSKATwhNAM3o+tNJoWdA8sclQpsC0+nbA+qKxcY5GthBmQHi9wYGQrY1tkU2N7BSpvRLFFZENSy63DS1B+qeHaGLGpOK+KZAi1qFlF0DLrBmvYreuNJRrzWcJQmbaN+WhJrborLuntUQxFr99USFjOoG\/iLho1cuo4ncOqXf+Ihdd0TdjoHYMFa0a\/\/AGIWn0rBCW+ZL0L7xEUMnVdQ6O9MHcKTEAaYb7uqDneE6O6V\/yotDZzUKxTW5U4Vxzxa8N4O266kptCnUs0N+\/JeA25LOJkeHazeWdVfb+L5SvW7Xb9VtbwJIgILLYtSP6OIl2f8UpZvj4YXvA8Ucky4GpNjZOFWBrbL10SmY\/txKHJH7bgZUP7HA+gDvUAe4\/PZOW3M81k8M75cZYOAyQHtjCbTkP5EXMfwXQ="}
00496{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":359195,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABfdONAADcGXYcjvJq6wKjyDytX93fElu3HCSWtKVAYdUBzegAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYySigtyBx\/khTQjemURb\/Qs+w7XQP60GdxNpwF6Jvbg=="}
01038{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718205,"pkt_ts_usec":372654,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMKIAAP8GGDjAqPIPI7yauvd3K1cJJa0pxJbt\/lAYDumVYQAAxQEQEwIAAAA2nicAADC0GAQAAAACMLQYySj2gOCU5OUe+hKIMqISfhEJUZTxcbRhi4Zjm1PMuTVRzBWgvxlv2kfHKDUXJqiAwSDszOCybiev996mpGlBr3j\/r6gkAXuuRTyK3GpQ0CWUcjk39\/UuNA8irC7ymwxtoIQR\/cEFeqZ9O4aMCKICY1hdU\/5p43y20AHxz8j0FZIBv3+wStJEGGAsh4rj0GpPc68V0HumhHqgdtBuLt7rMBKtOPn2\/Gw+M7o2ZPrvmOOmOmzogsyIUXeYyJQyQG2t8CgmTtOPP\/f7L3n8a9ulfVGBKMeiSf5CODdfiOrUGeloOWvjNLTHHsWwkGkEjIMEdNH06bog7hPXHOfxzQMBSxFnlLeaHgxvGX\/4Jo2iAnujkr7sBUWsbdpFQYhUIQ7MYT2sOFCheIiTAtuxz0jw9WCvA\/OnIhfzPXVEKc1zrQH6raizlc401D7XypPqQaAVqtGHQkteOcH2kSWTL8vmESxsXgKLwvkaYdy\/gF3RwED9N\/vMPX9AYIgnJeGGLpe0Xd3nH+TZovEmMCiLrOy95303Un1qCc9z9hOU7WdW9ULp75W6KJaBtsv742zp12g="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1536718206572,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1536718206572,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":572751,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMLcAAP8GYcHAqPIPI65S7fd4K1cJMSXhAAAAAGACEgAMJQAAAgQEgAAA"}
00423{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":638073,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93jm8XvxCTEl4mASaQNQ+QAAAgQFtA=="}
00424{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718206,"pkt_ts_usec":640512,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLgAAP8GYcTAqPIPI65S7fd4K1cJMSXi5vF78lAQEgC\/uQAAAAAAAAAA"}
@@ -240,7 +240,7 @@
01330{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718207,"pkt_ts_usec":366595,"pkt_caplen":730,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":730,"pkt_l4_len":696,"pkt":"GLQwJjRAAJD7JidrCABFAALMfmpAAC0Go24jrlLtwKjyDytX93jm8XvyCTEn9lAYbOBedgAAogIAExwDAAADAAAAAjC0GDaeJwAAMLQYEAu0BgQAAACAOesBAAAEthqMnfUW\/DsSs2ZBrb5xyiDiJGp7OlnGvp5CN1Zk7qIg+9BHv3maqK+Z7juxIrD5FSIgTY9b08vVAAAEAAcANQEwAQgRAGNdWXuZjyQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSAwAAAAIwtBgYJAcCJgglAFojMAo5BAmqnD2bjDiK3yLVcr2LQ\/iPmlWn\/iDHinq\/pRMoxaNQgTnwimtBL+qTiTQqENL2xrPIWxZjJGeRNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIISKnh4YvR26oYNYAwAghAMCqAESxXYxg1DDABHG7LEaIGSLUc\/M2D6faSCjZ4yyUajbt6l0larAowAhxg27mtYz94ldNAgb53O7UEnNbhJ3tZG9saSNIDGBg3A9UAAAQAAQAwAQh0U8TzJXXApCQCBDcDJxMBAAAA7jC0GBgmBIRKFhomBYQI+0k3BicTAwAAAO4wtBgYJAcCJgglAFojMAo5BGE4qnve9lbNUGTNwi8LtUdKfuSMTjD7DNvhKAxIglvrJHimTYHTbv0nAD\/mK7\/RNCUG+rTQMUDDNYMpASkCGDWCKQEkAmAYNYEwAghAMCqAESxXYxg1gDACCEM09xLfX5HPGDUMMAEcEurFeVqNP0pdZ4E34\/y4bmkdTprW+aj+LfeYwjACHQCMH3zVX2A9NrWeI9e9nsIN0x+kcP1z7qyH11oYGBgYGNUAAAQACAAwARwOKIaMj7AHHn28W7z1jBVQ5g8J6wcPUn3xdyV1MAIcTtSVXVMH9m+orRYlA0qN3K+rWiK1Cks0qUhJoRhvSZGUsTdXepfzXubz3x9z0QtdSQ=="}
00423{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718207,"pkt_ts_usec":571431,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMLoAAP8GYcLAqPIPI65S7fd4K1cJMSf25vF+llAQD1y9pQAAAAAAAAAA"}
00489{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":745973,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMLsAAP8GYY3AqPIPI65S7fd4K1cJMSf25vF+llAYD1x4sQAAMgAAEx0DAAA2nicAADC0GAMAAAACMLQYEQy0BgQAAABlWaDYahuGtY52hurUSkcTEusmsg=="}
-00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_tot_l4_data_len":1428,"flow_min_l4_data_len":20,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
+00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1536718206572,"flow_last_seen":1536718208745,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}}
00415{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":848594,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAofmtAAC0GphEjrlLtwKjyDytX93jm8X6WCTEoKlAQbOBf7QAA"}
00968{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":855080,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"pkt":"AJD7JidrGLQwJjRACABFAAG8MLwAAP8GYCzAqPIPI65S7fd4K1cJMSgq5vF+llAYD1z7twAAkgEQEwAAAAA2nicAADC0GAMAAAACMLQY\/SjPGHtbzrmVM3CVhl+AppxaSp4IrDY\/GViBbkMEJhqQi8AE0eg3eSbmcZPne0bFQhcqnByR+n04bi1lhrXkktb2NfS\/5PP5eaYkIBZgm25qW5Fp1Ga\/VMqueGOabuvOeRpP9j+DYO8IGwYUUiVZ\/mwQgWjhAhnZsCm43UT224dGVvQTHKYTceZvqCK9BTKHTZ3l9FsXAjz6X1rM\/edH0f+Flw5iTkPqNuuBlfRgfj1KChJ4EUU40PGFsSsjNeQJRsPIsXg4acNpxv2OYIr1vrlm12zi9UhmPcznwojHO5tN0p++Neoe38ZDERKeC2xQkcqqE1lcieViJKkkqzkIIL+xhBD5GAwIng\/SPG0k1AVubK87SVJYDpHSw9HpudAp8VxQ7xl9oMtQLuGp2\/cetjEH0kX4LW+O4RVqmaS+hWJotP\/MEyr5ufVnhtVjGGAmKTFYw58T4oJGDFW1CAj03lrYcvS4yYYyXbhBUuct5Hh55XYizPwZ3DITyTk="}
00416{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":920795,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAofmxAAC0GphAjrlLtwKjyDytX93jm8X6WCTEpvlAQcRBaKQAA"}
@@ -248,7 +248,7 @@
00585{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718208,"pkt_ts_usec":945900,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"AJD7JidrGLQwJjRACABFAACiML0AAP8GYUXAqPIPI65S7fd4K1cJMSm+5vF+0lAYDyCI4wAAeAAQEwEAAAA2nicAADC0GAMAAAACMLQY\/ShK0JLmziBERUFnGG0cwYT5bCaOFhPKR4uycJ3vJGk8vwstkOwQb+MkapwZeHB+v5UdsgTG+DBzLtOB3L0zWSOlSNeHiCGqolQAqCBhm9+\/qzANLhbJTQB3xKp7uCIvees="}
01271{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":9058,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"GLQwJjRAAJD7JidrCABFAAKdfm5AAC0Go5kjrlLtwKjyDytX93jm8X7SCTEqOFAYcRDrOwAAcwIQEwEAAAADAAAAAjC0GDaeJwAAMLQY\/SjG21LhIa72I6MxufV\/e+zFbjYn88L8VGuYMHImo+YXoCEKyg6eNPc7YLFfCOr7EkERSelfsamWTS8cpNlR9e535EZICJFdTAKOg+iFKvvWn2lh7aCf3lssBRd33BwbB\/LDe\/r6hddy\/LsL7EafeDSLZCOkNRuZHVZTrU7itNxYetrUTLEDENkX5nzBmvGOiCPoqLZYBSNFAK5X1mXN3g7RSAi7jkcwe2roMoBnbzsqKFlpJDYBXTFmRv5xqfVSKoqbJj2BmjjLMujD7tk57ByiU8gMMayXLRlM+QNAHfjYGbrq\/SOiCBe0hVJ7t6oQv3nFBVFdI5tpEAGT1sDRlxdKzvLH3WoHN5Z8q9mO3bE40B7I0uFYzdg8c8ZU5AWoGkscU9eTIREJf\/Z0ESij5+8DxKftH8mOVjV7dVF1b\/LHUAkAezZFXcV7u3sjB73rzGT3C59IxWsbstKMlWXOpOHLNJh64m3\/iItTzAQK\/4qBPdQ6t4QQo+k5BsZtzSr4sR5oZggAQ\/Ylmg7w+QjP6ZR2jFjL9jPYGCB7JmE5EkDqZiDU9nF6kPWvgz4cAmBIk6JEsibjOWig9J9YRd2e2CP0+6ecPeQqmITCbUlz1K7iIXr1hsOFYS2WrpXt1kNCSifLiO\/ua97ANFXwkWpWEpYh72yDpqyOwdPCFq24QsBytqt5Kzl3AkU9YBl3J\/wtEUsDN\/uyS107Nq1NiFSoq23YH9na5iDWP5QEIvGGOgkri2FfatYHj6cijvbN3un7F7jDO3MLYNEQ2JXIv8MrcUtMB9eQRZIXohzlvDY="}
00423{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":19114,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoML4AAP8GYb7AqPIPI65S7fd4K1cJMSo45vGBR1AQEgC2DgAAAAAAAAAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1536718209313,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1536718209313,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":313555,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"AJD7JidrGLQwJjRACABFAAAsMMIAAP8GGdvAqPIPI7yauvd5K1cJPKL3AAAAAGACEgBHJwAAAgQEgAAA"}
00423{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":383517,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAADcG0p0jvJq6wKjyDytX93le92HNCTyi+GASbvAoVQAAAgQFjA=="}
00423{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718209,"pkt_ts_usec":385963,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMQAAP8GGd3AqPIPI7yauvd5K1cJPKL4XvdhzlAQEgCc2gAAAAAAAAAA"}
@@ -257,7 +257,7 @@
01334{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718210,"pkt_ts_usec":106767,"pkt_caplen":732,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":732,"pkt_l4_len":698,"pkt":"GLQwJjRAAJD7JidrCABFAALO1sRAADcG+TYjvJq6wKjyDytX93le92HOCTylDFAYcRDStgAApAIAE494s64EAAAAAjC0GDaeJwAAMLQYEAu6BgQAAACAOewBAAAEpdwFTFueXN+EhaRf\/GikvCTcPcKN3q0C5qwEiFaYj76TJKuVxqf0Y6m+cFvy3FOPDgMIy\/9mW2\/VAAAEAAcANQEwAQgMb9c+DCmBkiQCBDcDJxMDAAAA7jC0GBgmBACuiCMmBf8bcyU3BicSBAAAAAIwtBgYJAcCJgglAFojMAo5BOmClNa2L\/0sqyhn7IYa235P1xw1ad7owBLnP8rLfG3TPA0dBMXfrzKvqAFyJ47sRlQQr3qOkdAiNYMpARg1gikBJAIFGDWEKQE2AgQCBAEYGDWBMAIIT2JdLEIid9IYNYAwAghAMCqAESxXYxg1DDABHQD2qSsI\/n0hou9Llf5n3GEbVWuc4D0QHq+l2F+wMAIcbFFqzYrI2WIn6D35aDg1LAuu7NZYbZZk\/HdXyxgYNwPVAAAEAAEAMAEIdFPE8yV1wKQkAgQ3AycTAQAAAO4wtBgYJgSEShYaJgWECPtJNwYnEwMAAADuMLQYGCQHAiYIJQBaIzAKOQRhOKp73vZWzVBkzcIvC7VHSn7kjE4w+wzb4SgMSIJb6yR4pk2B0279JwA\/5iu\/0TQlBvq00DFAwzWDKQEpAhg1gikBJAJgGDWBMAIIQDAqgBEsV2MYNYAwAghDNPcS31+Rzxg1DDABHBLqxXlajT9KXWeBN+P8uG5pHU6a1vmo\/i33mMIwAh0AjB981V9gPTa1niPXvZ7CDdMfpHD9c+6sh9daGBgYGBjVAAAEAAgAMAEdAK\/uKm5gCnX5GPgtQmtyJtdm4by\/nu5rPV3odvEwAhw0T7c01v9Eq80XdECIdIMSPdhmII3Ei4TNKMJeGA7xedIT\/VYSz+GGny2vIXFJEaAp"}
00423{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718210,"pkt_ts_usec":319313,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"AJD7JidrGLQwJjRACABFAAAoMMYAAP8GGdvAqPIPI7yauvd5K1cJPKUMXvdkdFAQD1qaxgAAAAAAAAAA"}
00490{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":481806,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AJD7JidrGLQwJjRACABFAABcMMcAAP8GGabAqPIPI7yauvd5K1cJPKUMXvdkdFAYD1pFFAAAMgAAEx8DAAA2nicAADC0GAQAAAACMLQYEQy6BgQAAAA9aelf8mf8Tn\/37x8FhSucKJKK0g=="}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_tot_l4_data_len":1430,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1536718209313,"flow_last_seen":1536718211481,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":1262,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","ndpi": {"proto":"NestLogSink.Google","breed":"Tracker\/Ads","category":"Cloud"}}
00415{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":608928,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAo1sVAADcG+9sjvJq6wKjyDytX93le92R0CTylQFAQcRA43AAA"}
00518{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":614870,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"AJD7JidrGLQwJjRACABFAABuMMgAAP8GGZPAqPIPI7yauvd5K1cJPKVAXvdkdFAYD1oY5gAARAAQEwAAAAA2nicAADC0GAQAAAACMLQYciNF2\/rCGXkAU\/GKWBNxFPUOgHv\/N947RBM9x5UH\/ZArfs2InS4vq4FiF0IT5A=="}
00416{"flow_id":17,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":682199,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"GLQwJjRAAJD7JidrCABFAAAo1sZAADcG+9ojvJq6wKjyDytX93le92R0CTylhlAQcRA4lgAA"}
@@ -265,9 +265,9 @@
01035{"flow_id":17,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":696975,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"AJD7JidrGLQwJjRACABFAAHvMMkAAP8GGBHAqPIPI7yauvd5K1cJPKWGXvdkrVAYDyF8UAAAxQEQEwEAAAA2nicAADC0GAQAAAACMLQYciOWbJIyL0k3eBxZzg8L4vQfnvySlQsQgJY99Dz0FEI0DHNJPmOK63mv9oYNUsMTnsU3mqjZ4617gugnx3LGjw6E7PL5jOQrq8up309g3dNSYIlSZYOutV2i28fWQDqs6DC0saEsbqP76Bz4+naIL9zMHVnWP1ZcXsuX3PUVyDfejqu+4FP6a+MFZuP4+s5ELll9fmwdKfhXhz8eEyCyYL1Ls9\/MtPTzZ\/i34OEMZB1L\/cMv0YrC6g92eEyMFOqqSuBoAdmfFc16qSur\/1G8O3404yHUhoRdYAYH3O8tVrea6FpBmWoG9fHhsUGiATBwWW9FrrcqSO5u+ZVGX23JLkbgxk\/9kscVfQqgXES8Lsw4KfhlgZ5\/\/RFUBz68Eu3yMX9pdidI+GAfj2opXdJdw6wI3zgSH1YiJjvyem5MBcRcGIYp\/BEoHuSWrQRG3R1jvWihhmMpfhf4JokNzmNoBgGMrLTYzidDGSTlYhuYOpQ1snkwLHJwL6nupVvbvLaFz6E7AW0ATvtyNE2tlz1hvuPZVXFzNAqwFLD2+UUCaCSSEKBpTFHfkxu7GaMaoFc="}
00494{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":769617,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"GLQwJjRAAJD7JidrCABFAABf1shAADcG+6EjvJq6wKjyDytX93le92StCTynTVAYdUDImQAANQAQEwEAAAAEAAAAAjC0GDaeJwAAMLQYciOHPSLYgRLyu2n+U4RoIvtsCto1Vv3MASsILXTa6g=="}
00835{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"nest_log_sink.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1536718211,"pkt_ts_usec":780553,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"pkt":"AJD7JidrGLQwJjRACABFAAFYMMoAAP8GGKfAqPIPI7yauvd5K1cJPKdNXvdk5FAYDupN2gAALgEQEwIAAAA2nicAADC0GAQAAAACMLQYciM5hBC5P4r9dMMg1bQyUdvnQDIgqzj6HyzLhe2nVHL2cZtCIAOy\/i3fp5bdXZf4nb6Z0Hyl3x8mWoq1TQfd6fNd1ksXs5ZtEBswWLadYtb7uhxyiyWy\/RUVIUyPQGm+k87r6rnmlRFnkNbkyTrA2AHngAgY9DPu1UpHpEWRv32WuifaIKE2k8ZpEXx8o3+g\/Fdos7xpGPY93\/5ENN7Q3HGTDs2Ff2eWLiUVELBS6F4aRSCi+W65fQuCFD\/qXEp+oih2Yf+3nrTQXpk0VxOmJDEapa+bT72vNbJAtA19E4jiA2zE4jQ4c\/offjX\/oaZIWGhcOLoEEr4q602246pqE7a\/wTlQ5vTZGy2Qols46ca4DMVeOQDMbQ=="}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_tot_l4_data_len":4010,"flow_min_l4_data_len":20,"flow_max_l4_data_len":697,"flow_avg_l4_data_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_tot_l4_data_len":10447,"flow_min_l4_data_len":20,"flow_max_l4_data_len":699,"flow_avg_l4_data_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_tot_l4_data_len":2666,"flow_min_l4_data_len":20,"flow_max_l4_data_len":698,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_tot_l4_data_len":5774,"flow_min_l4_data_len":20,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":32,"flow_first_seen":1536718052990,"flow_last_seen":1536718206634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3362,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":886,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test"}
diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out
index 5b8439454..cdb6d7d68 100644
--- a/test/results/netbios.pcap.out
+++ b/test/results/netbios.pcap.out
@@ -1,13 +1,13 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1447772210350,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1447772210350,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772210,"pkt_ts_usec":350540,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1447772210350,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1447772210350,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00467{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772210,"pkt_ts_usec":821814,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvkAAIARuSQKAASDCgAF\/wCJAIkAOr8dp0oBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00467{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772210,"pkt_ts_usec":835836,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvoAAIARuSMKAASDCgAF\/wCJAIkAOr8fp0gBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00467{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772211,"pkt_ts_usec":100541,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYxMAAIARuQoKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1447772211392,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1447772211392,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772211,"pkt_ts_usec":392771,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOKuIAAIAR79UKAAXpCgAF\/wCJAIkAOuD1mh4BEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1447772211392,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1447772211392,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00467{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772211,"pkt_ts_usec":571333,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYxQAAIARuQkKAASDCgAF\/wCJAIkAOr8dp0oBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00467{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772211,"pkt_ts_usec":651553,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYxkAAIARuQQKAASDCgAF\/wCJAIkAOr8cp0sBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00467{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772211,"pkt_ts_usec":765382,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYx4AAIARuP8KAASDCgAF\/wCJAIkAOr8bp0wBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
@@ -21,80 +21,80 @@
00469{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772213,"pkt_ts_usec":264539,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYzwAAIARuOEKAASDCgAF\/wCJAIkAOr8bp0wBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00469{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772213,"pkt_ts_usec":410978,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYz0AAIARuOAKAASDCgAF\/wCJAIkAOr8ap00BEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
00469{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772214,"pkt_ts_usec":160973,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOY2sAAIARuLIKAASDCgAF\/wCJAIkAOr8ap00BEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00672{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772214,"pkt_ts_usec":344593,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGUCABFAADlUKwAAIARylQKAAUJCgAF\/wCKAIoA0VBGEQ7C9AoABQkAigC7AAAgRU9GR0ZDREpDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoATlZSOQAAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00468{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772214,"pkt_ts_usec":403136,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOPwoAAIAR260KAAXpCgAF\/wCJAIkAOuDzmiABEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00468{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772215,"pkt_ts_usec":152486,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOQZcAAIAR2SAKAAXpCgAF\/wCJAIkAOuDzmiABEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00468{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772215,"pkt_ts_usec":902570,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABORE0AAIAR1moKAAXpCgAF\/wCJAIkAOuDzmiABEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1447772216537,"flow_last_seen":0,"flow_tot_l4_data_len":21,"flow_min_l4_data_len":21,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":21,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1447772216537,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00415{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772216,"pkt_ts_usec":537634,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"ABj+bLz3ABzEEHkPCABFAAApQatAAIAGnIkKAAQYCgAEgwCLBXatXRk68Re6KFAQ96kjtgAAAAAAAAAA"}
00415{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772216,"pkt_ts_usec":537735,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABzEEHkPABj+bLz3CABFAAAoY6dAAIAGeo4KAASDCgAEGAV2AIvxF7oorV0ZO1AQ+ycgOAAAAAAAAAAA"}
00468{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772217,"pkt_ts_usec":414671,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOSagAAIAR0Q8KAAXpCgAF\/wCJAIkAOuDxmiIBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00468{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772218,"pkt_ts_usec":163817,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOTFAAAIARzmcKAAXpCgAF\/wCJAIkAOuDxmiIBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00468{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772218,"pkt_ts_usec":913890,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOT7UAAIARywIKAAXpCgAF\/wCJAIkAOuDxmiIBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"netbios.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1447772214344,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.9","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772220,"pkt_ts_usec":427547,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOV8oAAIARwu0KAAXpCgAF\/wCJAIkAOuDvmiQBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00469{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772221,"pkt_ts_usec":177140,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOW4sAAIARvywKAAXpCgAF\/wCJAIkAOuDvmiQBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1447772221776,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1447772221776,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772221,"pkt_ts_usec":776592,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABzEEHkPACFislxDCABFAABOBFAAAH8RHeEKAAFXCgAEGOHsAIkAOqS0IKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1447772221776,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1447772221776,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00630{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772221,"pkt_ts_usec":776690,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"ACFislxDABzEEHkPCABFAADLdA9AAIARbKQKAAQYCgABVwCJ4ewAt5RIIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772221,"pkt_ts_usec":882535,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOIosAAIAR+bAKAARlCgAF\/wCJAIkAOuxhlzUBEAABAAAAAAAAIEVORkZFTUVKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00469{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772221,"pkt_ts_usec":927305,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOXlwAAIARvFsKAAXpCgAF\/wCJAIkAOuDvmiQBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00469{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772223,"pkt_ts_usec":436506,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOY9EAAIARtuYKAAXpCgAF\/wCJAIkAOuDtmiYBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00469{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772224,"pkt_ts_usec":186428,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOZnEAAIARtEYKAAXpCgAF\/wCJAIkAOuDtmiYBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
00469{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772224,"pkt_ts_usec":936545,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt8asCABFAABOZ4oAAIARsy0KAAXpCgAF\/wCJAIkAOuDtmiYBEAABAAAAAAAAIEVQRktFSkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUJNAAAgAAE="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772225,"pkt_ts_usec":411322,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBt3SFCABFAABOYEAAAIARu7sKAASlCgAF\/wCJAIkAOvrLhIYBEAABAAAAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772225,"pkt_ts_usec":411416,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"AOCBt3SFABzEEHkPCABFAABaEmgAAIARC28KAAQYCgAEpQCJAIkARtanhIaFAAAAAAEAAAAAIEVIRkZFT0VPRUJGQ0NBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABBg="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772230,"pkt_ts_usec":221577,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABj+KG95CABFAABOBVEAAIARFw4KAARCCgAF\/wCJAIkAOg\/qh84BEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00466{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00466{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.165","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1447772225411,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.165","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1447772230221,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.66","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"netbios.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1447772221882,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772234,"pkt_ts_usec":353157,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/ABzEEHkPCABFAABOQtEAAIAR2bcKAAQYCgAF\/wCJAIkAOvkLntYBEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772234,"pkt_ts_usec":353315,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"ABzEEHkP7Khr9GB3CABFAABaM4kAAIAR6fEKAAUBCgAEGACJAIkARtMVntaFAAAAAAEAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEABJPgAAYAAAoABQE="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00674{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772235,"pkt_ts_usec":481236,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/ADBIsLGmCABFAADlboAAAIARrCwKAAVdCgAF\/wCKAIoA0eR9EQ7pCQoABV0AigC7AAAgRUNFUEZIRUpFRkNBQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZHRUpFSEVKRU1FQkVPRkVGUEVIRkNFUEZGRkFDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAQk9XSUUAAAAAAAAAAAAAAAYBBxABAA8BVaoA"}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1447772238479,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1447772238479,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772238,"pkt_ts_usec":479125,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABzEEHkPAOCBt8asCABFAABOD1sAAIARDUQKAAXpCgAEGACJAIkAOgf\/mi8AAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1447772238479,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1447772238479,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00633{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772238,"pkt_ts_usec":479218,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"AOCBt8asABzEEHkPCABFAADLWT8AAIARwuIKAAQYCgAF6QCJAIkAt\/eSmi+EAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772238,"pkt_ts_usec":721634,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/EGBLoLzrCABFAABOP6wAAIAR3OYKAAQOCgAF\/wCJAIkAOtzbuxABEAABAAAAAAAAIEVIRkZGQ0ZGQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772239,"pkt_ts_usec":929129,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/AOCBdSQGCABFAABOZPwAAIARtz8KAARlCgAF\/wCJAIkAOvRglzYBEAABAAAAAAAAIEVPRkdGQ0RKQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00466{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1447772239929,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.101","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.1","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1447772238721,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.14","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1447772234353,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"netbios.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1447772235481,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.93","dst_ip":"10.0.5.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772248,"pkt_ts_usec":480903,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABzEEHkPAOCBt8asCABFAABORZkAAIAR1wUKAAXpCgAEGACJAIkAOgf2mjgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
00633{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772248,"pkt_ts_usec":481003,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"AOCBt8asABzEEHkPCABFAADLJDdAAIARt+oKAAQYCgAF6QCJAIkAt\/eJmjiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1447772251795,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1447772251795,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772251,"pkt_ts_usec":795162,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"ABzEEHkPACFislxDCABFAABOJRwAAH8R\/RQKAAFXCgAEGOJBAIkAOqRfIKgAAAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1447772251795,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1447772251795,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00632{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"netbios.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1447772251,"pkt_ts_usec":795278,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"ACFislxDABzEEHkPCABFAADLQERAAIARoG8KAAQYCgABVwCJ4kEAt5PzIKiEAAAAAAEAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAEAAAAAAHcER1VOTkFSICAgICAgICAgAAQAVklHSUxBTlRfR1JPVVAgAIQAR1VOTkFSICAgICAgICAgIAQAVklHSUxBTlRfR1JPVVAgHoQAABzEEHkPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_tot_l4_data_len":3422,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_tot_l4_data_len":482,"flow_min_l4_data_len":58,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_tot_l4_data_len":10498,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":58,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":58,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":20,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":20,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":59,"flow_first_seen":1447772211392,"flow_last_seen":1447772269350,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2950,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1447772238479,"flow_last_seen":1447772248481,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.5.233","dst_ip":"10.0.4.24","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":181,"flow_first_seen":1447772210350,"flow_last_seen":1447772269972,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":9050,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1447772221776,"flow_last_seen":1447772221776,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57836,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test"}
diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out
index cc2f46353..d8076266e 100644
--- a/test/results/netbios_wildcard_dns_query.pcap.out
+++ b/test/results/netbios_wildcard_dns_query.pcap.out
@@ -1,6 +1,6 @@
00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1597866040,"pkt_ts_usec":493657,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="}
-00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1597866040493,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00145{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test"}
diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out
index c9e927b3c..209a56fee 100644
--- a/test/results/netflix.pcap.out
+++ b/test/results/netflix.pcap.out
@@ -1,62 +1,62 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319030,"pkt_ts_usec":789585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1484319032865,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1484319032865,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":865799,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABCVrgAAEARoJrAqAEHwKgBAclXADUALqX1KVYBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1484319032865,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1484319032865,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00442{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":866374,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABC8wcAAEARBEvAqAEHwKgBAclXADUALjTPmmEBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00655{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1484319032865,"flow_last_seen":1484319032866,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00706{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":879319,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UBAAEAR1U7AqAEBwKgBBwA1yVcA8QwWKVaBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAABvAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFrABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAAMgAENr8RM8BNAAEAAQAAADIABDa\/+KzATQABAAEAAAAyAAQ2ummQwE0AAQABAAAAMgAENroXx8BNAAEAAQAAADIABDaVT4rATQABAAEAAAAyAAQ2uopvwE0AAQABAAAAMgAENshkTsBNAAEAAQAAADIABDa6J1c="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":46,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1484319032882,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1484319032865,"flow_last_seen":1484319032879,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"54.191.17.51"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1484319032882,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":882949,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"gCqoTGHM5JjWH70UCABFAABSBKEAAP8RM6HAqAEHwKgBAcuUADUAPjWQ0IgBAAABAAAAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1484319032882,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1484319032882,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00834{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":884052,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UFAAEAR1O3AqAEBwKgBBwA1yVcBUUmUmmGBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABvAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFrABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAACwAQJiABCHAPAAAAAAAANCn+KsBNABwAAQAAAAsAECYgAQhwDwAAAAAAADQq0NvATQAcAAEAAAALABAmIAEIcA8AAAAAAAA0KxQLwE0AHAABAAAACwAQJiABCHAPAAAAAAAANCtvPMBNABwAAQAAAAsAECYgAQhwDwAAAAAAADQpww\/ATQAcAAEAAAALABAmIAEIcA8AAAAAAAA0K1s6wE0AHAABAAAACwAQJiABCHAPAAAAAAAANCqp7MBNABwAAQAAAAsAECYgAQhwDwAAAAAAADQqzFc="}
-00662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
+00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
00638{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":884500,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"5JjWH70UgCqoTGHMCABFAADS4UJAAEAR1X\/AqAEBwKgBBwA1y5QAvmn70IiBgAABAAgAAAAAB2ljaG5hZWEJdXMtd2VzdC0yBnByb2RhYQduZXRmbGl4A2NvbQAAAQABwAwAAQABAAAAAQAENkXM8cAMAAEAAQAAAAEABDQqmRbADAABAAEAAAABAAQ2RDCIwAwAAQABAAAAAQAENkQSPsAMAAEAAQAAAAEABDZGuZ3ADAABAAEAAAABAAQ0IoVtwAwAAQABAAAAAQAENpVZIsAMAAEAAQAAAAEABDaUWeg="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":62,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1484319032888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.us-west-2.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.204.241"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1484319032888,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":888907,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA+AxAAEAGfcXAqAEHNkXM8c9xAbuJGKiDAAAAALAC\/\/+XvgAAAgQFtAEDAwUBAQgKH2S4KwAAAAAEAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1484319032896,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1484319032896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":896759,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABADepAAEAGIy3AqAEHNr8RM896Abu7NDMxAAAAALAC\/\/+WKQAAAgQFtAEDAwUBAQgKH2S4MgAAAAAEAgAA"}
00436{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":934932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z3E0MsEbiRiohKASReqX9AAAAgQFtAQCCAqFp0\/bH2S4KwEDAwg="}
00424{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":937482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mxZAAEAG2sfAqAEHNkXM8c9xAbuJGKiENDLBHIAQEBX8aAAAAQEICh9kuFmFp0\/b"}
00708{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":938079,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEElg9AAEAG3v7AqAEHNkXM8c9xAbuJGKiENDLBHIAYEBXrWQAAAQEICh9kuFqFp0\/bFgMBAMsBAADHAwNYeOk4DbsWWYY8cJvWjkCo5DadBeFv01+sAqDDmGng8gAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAeAAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQABsAGQhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1484319032888,"flow_last_seen":1484319032938,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
00436{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":943560,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z3pSqS+duzQzMqASOJAFFAAAAgQFtAQCCAqtijmlH2S4MgEDAwg="}
00423{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":944993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0cYhAAEAGv5rAqAEHNr8RM896Abu7NDMyUqkvnoAQEBVcLgAAAQEICh9kuGCtijml"}
01119{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":959853,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KnhAAEAGBKbAqAEHNr8RM896Abu7NDMyUqkvnoAYEBUG0wAAAQEICh9kuG6tijmlFgMBAgABAAH8AwPIzq7iU2TICMXjbnaJ8nYAFVnlxMLpFZucgYzvL7X8EAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1484319032984,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1484319032896,"flow_last_seen":1484319032959,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1484319032984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":984566,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAh8JAAEAG+QHAqAEHNCDEJM97AbvHy0puAAAAALAC\/\/\/BrQAAAgQFtAEDAwUBAQgKH2S4hgAAAAAEAgAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1484319032986,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1484319032986,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":986624,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAdf5AAEAGCsbAqAEHNCDEJM98AbvweU0rAAAAALAC\/\/+WPwAAAgQFtAEDAwUBAQgKH2S4iAAAAAAEAgAA"}
00424{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":988935,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0jvtAACkG\/cI2RczxwKgBBwG7z3E0MsEciRipVIAQAEsLVQAAAQEICoWnT+gfZLha"}
02377{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":990546,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcjvxAACkG+Bk2RczxwKgBBwG7z3E0MsEciRipVIAQAEtstgAAAQEICoWnT+kfZLhaFgMDAFkCAABVAwNYeOk49UOizA51CaJIb0UypSa+MlpNfYu87Ajom9T6OyDoZ\/VAZwyL3PpkzrcdS4Qavo\/ajbBSqIu48CVvQo3zH8AvAAAN\/wEAAQAACwAEAwABAhYDAwo1CwAKMQAKLgAFDzCCBQswggPzoAMCAQICEBUE9lSWJBH1oKEWtt+LI6kwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJbG9zIGdhdG9zMRYwFAYDVQQKDA1OZXRmbGl4LCBJbmMuMQwwCgYDVQQLDANPcHMxIzAhBgNVBAMMGmN1c3RvbWVyZXZlbnRzLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NWCfffj1fH2w7Mcey7bCuVjmU9eYoCt0LQXtABL8VbzHb0v4bvuXzERuentrt0KBRrXwGb1LNpWTCuYkQFsuSO+4A2oBicvehQTGBtisx0FbKBTLIsG1vAxiWHWx\/XTpvW3a5IDQ3ve\/mg0iN4F0RJTT7hORBeIfEAtcLaXH1n\/7BbB4evGBxadgu4wyTSlZcC3QyAKuqxcLKOgPPdViofYrGJ2ftzJYann157r\/0yi8mqc3eUn0g\/zUInV4h7\/h5s9Uj2esO0XEfaW0qv9A1L8eDpSXsQ6a\/uVCNNDZNT0nWamrF358P06wTnnFsnzkBLicvjy+KKQP469XywS3wIDAQABo4IBfzCCAXswgYkGA1UdEQSBgTB\/ghNpY2huYWVhLm5ldGZsaXguY29tghJiZWFjb24ubmV0ZmxpeC5jb22CIHByZXNlbnRhdGlvbnRyYWNraW5nLm5ldGZsaXguY29tghZubXRyYWNraW5nLm5ldGZsaXguY29tghpjdXN0b21lcmV2ZW50cy5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQACFfXmfFLSJ3g83aH1lGay1TzWZVJJlcH5vHFDEXU12pMzmZON4XtuDhhFM85qNRHVp6dySN\/2NPneYQEAzEJszsoGpdoNA5+VkmVdkvaW+tPqbjD3DhRFe6FRMiYEvobEuXDMASh3pWeL+lILt4N4el138DFitlCElI7++tgmcN\/F97RxsNmqKLFE1juHjpRhzqx1ySvoyfKNksinLcJxJGh9TBRlC8+HlqzIWD5UwAIQyDpWGAcTm0CSFI62ZR44BA8HC+G2Cy4+heUb5tc6\/0A9WEHQESa7OfzrIaNQpvRwbE6iQMEgEU13QVkkGskdHHDxVn9L6REOhP7lsoXoAAUZMIIFFTCCA\/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0="}
-00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_tot_l4_data_len":1868,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
+00807{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1484319032888,"flow_last_seen":1484319032990,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"spdy\/3.1,spdy\/3,http\/1.1"}}
02376{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":991535,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcjv1AACkG+Bg2RczxwKgBBwG7z3E0MsbEiRipVIAQAEt33wAAAQEICoWnT+kfZLhaAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEoBWe2xDou1PViaKclBP1Ug+NOLCjAaPHzz4+YV2LIxjpcz4u4VnAYYdYYPSHtRsJ+faftfw+yffJZueqjm5ZjAQBAQADSsYIx82mgrDWmf9R0pz9RcvNmgmyVAGP2tIDSkb3tJkCfrpqGTeOoSbuyP\/SPDOYWGhdMvZJqqdSGm913SxGVZ+bYGJP6UbCE1YtG+HnDJmsafnaNo4xvftzFA2JUiQM+wCkUM8="}
-01225{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_tot_l4_data_len":3348,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+01236{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":7,"flow_first_seen":1484319032888,"flow_last_seen":1484319032991,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
00424{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319032,"pkt_ts_usec":993017,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ZbJAAEAGECzAqAEHNkXM8c9xAbuJGKlUNDLMbIAQD9LwSQAAAQEICh9kuI2Fp0\/p"}
00646{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":2585,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5JjWH70UgCqoTGHMCABFIADXjv5AACkG\/Rw2RczxwKgBBwG7z3E0MsxsiRipVIAYAEtuwgAAAQEICoWnT+kfZLhaZtSQ+Iyn3A+dB8uX6LOgnuiEKx3vspW0+2IBuM40ZfJxxMWyZM9gti3tYKq1tW53BocDJStQe9AzJUnyRmG3AiRApFdVtk\/ONUBdbo5nuiTJr9FFCfhb5SCskG1P92VA5W25BhDHOI3RoEYVHkXaXNxiDhUaQC+ke2OFznNU3Iu4UOEM+5+Zd63nJxztIloYV3+3eaXhgcPMWxYDAwAEDgAAAA=="}
00424{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":6480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ExxAAEAGYsLAqAEHNkXM8c9xAbuJGKlUNDLND4AQD\/rvcAAAAQEICh9kuJuFp0\/p"}
00421{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":7001,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0Fi9AACkGMdQ2vxEzwKgBBwG7z3pSqS+euzQ1N4AQAD1p4wAAAQEICq2KObUfZLhu"}
02371{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":8803,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcFjBAACkGLCs2vxEzwKgBBwG7z3pSqS+euzQ1N4AQAD10dAAAAQEICq2KObUfZLhuFgMDAFkCAABVAwNYeOk4myS3qxaAtypdvQdItdnmA5VNdxB0OrhpFmplaiA6FIrcdkTGZNSLE2Hp10gV+4u1gzYzFBRCvukpLrdKh8AvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1484319032896,"flow_last_seen":1484319033008,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00530{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":15917,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"gCqoTGHM5JjWH70UCABFAAB\/wQpAAEAGtIjAqAEHNkXM8c9xAbuJGKlUNDLND4AYEABO9QAAAQEICh9kuKOFp0\/pFgMDAEYQAABCQQRGXfM2PQ1mupDNBFEH8j6WAK2zq8WgkYKYMxwTNcPvlN2we7WlKHt\/s7jgF\/EmIzf4sZcCYC49GI1iSb8wh9D7"}
00432{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":16218,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6VIZAAEAGIVLAqAEHNkXM8c9xAbuJGKmfNDLND4AYEADXBQAAAQEICh9kuKOFp0\/pFAMDAAEB"}
00486{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":16595,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABhX3FAAEAGFkDAqAEHNkXM8c9xAbuJGKmlNDLND4AYEACNxAAAAQEICh9kuKOFp0\/pFgMDACgn42dNpJV+legxgesXmmgFh+L2+LuQoZEeOdDCZEGvW37mfo5zGyng"}
01883{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":17833,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARsFjFAACkGLZo2vxEzwKgBBwG7z3pSqTVGuzQ1N4AYAD23hQAAAQEICq2KObUfZLhuQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEr3RSXEkjHtfIqWMkfAqdU9d2nJiJRZNuTwnWmlfOFK4Bj36CrnORHVgqktgwO17Wp6i3wIytK6HznXXPxu7hXgYBAQAmDndKmU9E5r+pOzA1cE9\/m+Iu48K6MWu1gQAK7QZznU6GLfiUU05z8eOW9j+V4BLBSp4ksWNTOKvkcu0l\/Ud8K535Y0mhi+cGUJZBMcuP6ngN4+4OqIx73QBYHs6xbxDxNRfLr8qrACzX0KuRgjbMjyWDCtA1Ry491BHCCa4a47dMywiLzh8SCwK5NemlOC6whX6Zyv0QMppZ+RBzG5JBxJEZCYaKW5gWUaakX6VTxfzD8hZ9m7AqCRJy+NRD3cNnFEl0oOSRbNUAMgwdrdUTCHHfOi6MHNqie7P9UDKCTwSmh\/E8jt1U7VCOXUN5NEpSdaNKhNIHTO\/GUFTI8LtdFgMDAAQOAAAA"}
-01154{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01165{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1484319032896,"flow_last_seen":1484319033017,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00422{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":22403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA01YhAAEAGW5rAqAEHNr8RM896Abu7NDU3Uqk5foAQD95QKQAAAQEICh9kuKetijm1"}
00434{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":29291,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGl6g0IMQkwKgBBwG7z3ve3c1cx8tKb6ASRepkbwAAAgQFtAQCCAq2m8VuH2S4hgEDAwg="}
00593{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":30423,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACy3ctAAEAGUtnAqAEHNr8RM896Abu7NDU3Uqk5foAYEACA0wAAAQEICh9kuLCtijm1FgMDAEYQAABCQQSlqr0xNpnacE6ELvDZ+JSxgy1oqaUIb9LpTwTuQb3NX8au0ELwSerfbzVcCfcT1W6ukBuohqc8njeNdQflsylXFAMDAAEBFgMDACjJLG94e4Y1Vf+ycBdcegBzLfyAAsaK+DH8iXm2e5h2XIZJhwqCnPkr"}
00434{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":32121,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z3xLWYWT8HlNLKASReoUTgAAAgQFtAQCCAq2m8VvH2S4iAEDAwg="}
00423{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":32720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rMBAAEAG1A\/AqAEHNCDEJM97AbvHy0pv3t3NXYAQEBXI5wAAAQEICh9kuLC2m8Vu"}
00739{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":33170,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"pkt":"gCqoTGHM5JjWH70UCABFAAEc3y1AAEAGoLrAqAEHNCDEJM97AbvHy0pv3t3NXYAYEBXi\/gAAAQEICh9kuLK2m8VuFgMBAOMBAADfAwNYeOk5dpq52Q92jK0dByt7moyBAevty9H6iponk2lhXQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_tot_l4_data_len":380,"flow_min_l4_data_len":32,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1484319032984,"flow_last_seen":1484319033033,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00422{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":38452,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iIJAAEAG+E3AqAEHNCDEJM98AbvweU0sS1mFlIAQEBV4xgAAAQEICh9kuLK2m8Vv"}
00738{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":38729,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"pkt":"gCqoTGHM5JjWH70UCABFAAEcC4pAAEAGdF7AqAEHNCDEJM98AbvweU0sS1mFlIAYEBVXdAAAAQEICh9kuLS2m8VvFgMBAOMBAADfAwNYeOk5CCoWDbSK0ezQ7KNuUeOfkDpWv85W1iHK1VuIfQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAkAAAABsAGQAAFmFwaS1nbG9iYWwubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_tot_l4_data_len":380,"flow_min_l4_data_len":32,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1484319032986,"flow_last_seen":1484319033038,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00425{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":61332,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0jv9AACkG\/b42RczxwKgBBwG7z3E0Ms0PiRippYAQAEv+tAAAAQEICoWnT\/sfZLij"}
00497{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":65980,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnjwBAACkG\/Yo2RczxwKgBBwG7z3E0Ms0PiRip0oAYAEtP4gAAAQEICoWnT\/wfZLijFAMDAAEBFgMDACiFeT4UbktU\/FnZZzeV\/nmTIZwANauoeDfM3VXJTPDJdsacY2okvT1Z"}
00494{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":76471,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnFjJAACkGMZ42vxEzwKgBBwG7z3pSqTl+uzQ1tYAYAD2kIQAAAQEICq2KOcYfZLiwFAMDAAEBFgMDACgz4sNc9LlmbMt2PFkOyQvUQufypjjQ5Y9WfiXcGiqT\/8ELdIluxzbA"}
@@ -65,15 +65,15 @@
00510{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":82910,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"gCqoTGHM5JjWH70UCABFAABzIp1AAEAGDkfAqAEHNr8RM896Abu7NDtdUqk5sYAYEAD+cQAAAQEICh9kuN+tijnGVpk9YNxK4YqQ\/n+0u72boo9tMBbsGvzE8F7EB8NFgAStlBdAlGqGOnP7RnQfi3oGwRm+y4OvSPn28fD3lMD0"}
00422{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":84527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CCZAACkGj4o0IMQkwKgBBwG7z3ve3c1dx8tLV4AQAEvXuQAAAQEICrabxXwfZLiy"}
02365{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":86430,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCCdAACkGieE0IMQkwKgBBwG7z3ve3c1dx8tLV4AQAEtptQAAAQEICrabxX0fZLiyFgMDAFkCAABVAwNYeOk50jr3t7RuUd6NuEmyuTMEM04nFuwm3PpssPiqZSBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJF8AvAAAN\/wEAAQAACwAEAwABAhYDAwpTCwAKTwAKTAAFLTCCBSkwggQRoAMCAQICEEyDi0+FfvCSTifwFgngw9wwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlsb3MgZ2F0b3MxFjAUBgNVBAoMDU5ldGZsaXgsIEluYy4xDDAKBgNVBAsMA09wczEYMBYGA1UEAwwPYXBpLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Z0vVg0+uwRnQgMqpd9ZwS7jp+haqVMWt\/aP2iVEz0YnjzxpK71leEdLOvCa7xXvw6qvgJgviQpWWaZLbuMx4dZ0wdQrWbFtuiNWVROO9UKlOR7zkSpBQBHjL8PDMR8GxjYhY0z9ub1P+ar3lsbL0PqJTXnpC4+5jliGtK7hBDnRBzIyN17GbPKT0EY9qzw2OhysiseSVIpeA2uTMsdjCuCJ8U2+vpz4RKQMVBcZpbGTOowLQya0VARHJxNv8MoepZLmqpbClDmpaWt6xW2h2cjWruIsD\/YQ7jbkhDSwodDubij58Mu5BWLQ+l4PPUsjmGAv3yZxbVcRpS6Wlm4uQIDAQABo4IBqTCCAaUwgbMGA1UdEQSBqzCBqIIVYXBpLWxhdGFtLm5ldGZsaXguY29tghRodG1sdHZ1aS5uZXRmbGl4LmNvbYISYXBpLWV1Lm5ldGZsaXguY29tghJ1aWJvb3QubmV0ZmxpeC5jb22CFmFwaS1nbG9iYWwubmV0ZmxpeC5jb22CFGFwaS11c2VyLm5ldGZsaXguY29tghJhcGktdXMubmV0ZmxpeC5jb22CD2FwaS5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQAdulHmLmvIdudqnSfhfmUEAkyAOEjgZ6H0k6BxmsH9zCQp6kh2Gn+6dw6yfgP+i+rrY5dJH59AnS0VSYm9l6Z2Q+oxBW3bKnGXHyAdm+pn0xnaoyVjvtsX5c1CZkwU+uzR+tLsC8xb0LDX0GTepgBR9Gv6C4+xg9+2VPA+fWZFwOvKONHO7uIp4D+u7Hmp1WMg8XA8cm2R59JkzTy56a2qikZCBk0Iiv6tg1u4MVCfWygHnmBNLR0RYC6LqagZzsJF6hfv7jbweV24LQUbdNELDCtEH0VUYn5jzB7SmHZg8RPHU5ZesfRgzs6ULuupnucw3hatgscIhcAN2cOcz9cQAAUZMIIFFTCCA\/2gAwI="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_tot_l4_data_len":1892,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1484319032984,"flow_last_seen":1484319033086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02377{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":87423,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCChAACkGieA0IMQkwKgBBwG7z3ve3dMFx8tLV4AQAEsFpwAAAQEICrabxX0fZLiyAQICECguJ5F5M5LkKPIhp07JN64wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEiRzPwlTkDM7pzmCEjbxZ0dTNANWnimpFL7rKObrHh\/1avNxewMekmIg0PSl8wJmSRrFqV3XnL5LQlwbdboDfXAQBAQBa38lDoF0AcuNl+zpRqBhMyNtiR9ndmFAWRajh\/wqehraL7uzK74TQ\/eVA+7Y3M6zgKg2ReOysRDIfD6ZaT7Hbqj1ogI5CWZQ="}
-01275{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_tot_l4_data_len":3372,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01286{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":49,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1484319032984,"flow_last_seen":1484319033087,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
00422{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":88928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RaBAAEAGOzDAqAEHNCDEJM97AbvHy0tX3t3YrYAQD9K8rgAAAQEICh9kuOW2m8V9"}
00422{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":98473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QOhAACoGVcg0IMQkwKgBBwG7z3xLWYWU8HlOFIAQAEuHmAAAAQEICrabxX0fZLi0"}
02367{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":98983,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcQOlAACoGUB80IMQkwKgBBwG7z3xLWYWU8HlOFIAQAEtu0gAAAQEICrabxX4fZLi0FgMDAFkCAABVAwNYeOk5MYnybh8eTCpMplOR5UUdI4\/RwQn9xuZp1Z7auCCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEcAvAAAN\/wEAAQAACwAEAwABAhYDAwpTCwAKTwAKTAAFLTCCBSkwggQRoAMCAQICEEyDi0+FfvCSTifwFgngw9wwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlsb3MgZ2F0b3MxFjAUBgNVBAoMDU5ldGZsaXgsIEluYy4xDDAKBgNVBAsMA09wczEYMBYGA1UEAwwPYXBpLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Z0vVg0+uwRnQgMqpd9ZwS7jp+haqVMWt\/aP2iVEz0YnjzxpK71leEdLOvCa7xXvw6qvgJgviQpWWaZLbuMx4dZ0wdQrWbFtuiNWVROO9UKlOR7zkSpBQBHjL8PDMR8GxjYhY0z9ub1P+ar3lsbL0PqJTXnpC4+5jliGtK7hBDnRBzIyN17GbPKT0EY9qzw2OhysiseSVIpeA2uTMsdjCuCJ8U2+vpz4RKQMVBcZpbGTOowLQya0VARHJxNv8MoepZLmqpbClDmpaWt6xW2h2cjWruIsD\/YQ7jbkhDSwodDubij58Mu5BWLQ+l4PPUsjmGAv3yZxbVcRpS6Wlm4uQIDAQABo4IBqTCCAaUwgbMGA1UdEQSBqzCBqIIVYXBpLWxhdGFtLm5ldGZsaXguY29tghRodG1sdHZ1aS5uZXRmbGl4LmNvbYISYXBpLWV1Lm5ldGZsaXguY29tghJ1aWJvb3QubmV0ZmxpeC5jb22CFmFwaS1nbG9iYWwubmV0ZmxpeC5jb22CFGFwaS11c2VyLm5ldGZsaXguY29tghJhcGktdXMubmV0ZmxpeC5jb22CD2FwaS5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQAdulHmLmvIdudqnSfhfmUEAkyAOEjgZ6H0k6BxmsH9zCQp6kh2Gn+6dw6yfgP+i+rrY5dJH59AnS0VSYm9l6Z2Q+oxBW3bKnGXHyAdm+pn0xnaoyVjvtsX5c1CZkwU+uzR+tLsC8xb0LDX0GTepgBR9Gv6C4+xg9+2VPA+fWZFwOvKONHO7uIp4D+u7Hmp1WMg8XA8cm2R59JkzTy56a2qikZCBk0Iiv6tg1u4MVCfWygHnmBNLR0RYC6LqagZzsJF6hfv7jbweV24LQUbdNELDCtEH0VUYn5jzB7SmHZg8RPHU5ZesfRgzs6ULuupnucw3hatgscIhcAN2cOcz9cQAAUZMIIFFTCCA\/2gAwI="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_tot_l4_data_len":1892,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":52,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1484319032986,"flow_last_seen":1484319033098,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1680,"flow_avg_l4_payload_len":280,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02380{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":112752,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcQOpAACoGUB40IMQkwKgBBwG7z3xLWYs88HlOFIAQAEsLYwAAAQEICrabxX4fZLi0AQICECguJ5F5M5LkKPIhp07JN64wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEiRzPwlTkDM7pzmCEjbxZ0dTNANWnimpFL7rKObrHh\/1avNxewMekmIg0PSl8wJmSRrFqV3XnL5LQlwbdboDfXAQBAQAitn9kTw3+unW\/ujQfFSe9Oz2ZOcGfrv8U6ks7FNBylKqrpcFr4PPgKC4Ru\/70UoqDFujO07F2q\/Dkj8tk\/pIgteQluMx2hh4="}
-01275{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_tot_l4_data_len":3372,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01286{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1484319032986,"flow_last_seen":1484319033112,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3128,"flow_avg_l4_payload_len":446,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
00423{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":114247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0k5hAAEAG7TfAqAEHNCDEJM98AbvweU4US1mQ5IAQD9JsdgAAAQEICh9kuP62m8V+"}
00424{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":135620,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0FjNAACkGMdA2vxEzwKgBBwG7z3pSqTmxuzQ7nIAQAElYzwAAAQEICq2KOdQfZLjf"}
00692{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":136173,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"5JjWH70UgCqoTGHMCABFIAD1CClAACkGjsY0IMQkwKgBBwG7z3ve3ditx8tLV4AYAEt0ZQAAAQEICrabxX0fZLiyWQKkNZoSrUszZ4qy7zmILw8VGJ\/NGQgj4Oar7Y1XPyxQfZge5xF8y9306OAC\/RBJ+1kQXkJv0zDJBhz6J9okGy44XOu4xmHehXiTS1Qg3XNbCvmNc0Ey\/akj1K5Oqozmq1kuZm034IjBudqoG27PZVSS4Rj\/hxr89xeOdWbPp6wUr\/ydmIkhPKloKEUikMYMUywCfuRlmmyySytrjAlu4FPNkDMco2\/Hy7l3h83hw5nYG2TWA3FgkRYDAwAEDgAAAA=="}
@@ -91,15 +91,15 @@
00495{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":197359,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnCCtAACkGj1I0IMQkwKgBBwG7z3ve3dlux8tL1YAYAEtrMwAAAQEICrabxZgfZLkgFAMDAAEBFgMDACiZx7iozMcllxX1E3JwBmmUnboKo+I1T\/++gGjtramWR05YssbIHNQG"}
00424{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":199353,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QOxAACoGVcQ0IMQkwKgBBwG7z3xLWZGl8HlOkoAQAEt6fQAAAQEICrabxZkfZLkk"}
00494{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":199774,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnQO1AACoGVZA0IMQkwKgBBwG7z3xLWZGl8HlOkoAYAEuD1wAAAQEICrabxZkfZLkkFAMDAAEBFgMDACjyIC+sdvpS94pBwdWNxLhPGkVOONiqg+nGftLyGpRBV7Na8Z6XYe7o"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1484319033206,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1484319033206,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":206431,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAagpAAEAGFrrAqAEHNCDEJM99AbszkZRgAAAAALAC\/\/8LKQAAAgQFtAEDAwUBAQgKH2S5UQAAAAAEAgAA"}
00435{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":258390,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGlqg0IMQkwKgBBwG7z33SmoRGM5GUYaASReoDCgAAAgQFtAQCCAq2m8WoH2S5UQEDAwg="}
00424{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":259678,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0m4FAAEAG5U7AqAEHNCDEJM99AbszkZRh0pqER4AQEBVneAAAAQEICh9kuYW2m8Wo"}
00710{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":261891,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEEjf5AAEAG8gHAqAEHNCDEJM99AbszkZRh0pqER4AYEBXfdQAAAQEICh9kuYe2m8WoFgMBAMsBAADHAwNYeOk5L\/hvHF8lhL712a\/A3K+7eM0TUzNDC5BydZXwIiBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJFwAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1484319033206,"flow_last_seen":1484319033261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00424{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":311591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QfNAACoGVL00IMQkwKgBBwG7z33SmoRHM5GVMYAQAEt2YwAAAQEICrabxbUfZLmH"}
00625{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":312558,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"5JjWH70UgCqoTGHMCABFIADFQfRAACoGVCs0IMQkwKgBBwG7z33SmoRHM5GVMYAYAEuOnAAAAQEICrabxbUfZLmHFgMDAFkCAABVAwNYeOk5B1WkFxgHC31pvIYeDxaWInHvqR4tWm2ZaAIcFSBWLEL7mQRMMcaBC1F+lWnOx+fqhp3XmUAyc5sg8zTJF8AvAAAN\/wEAAQAACwAEAwABAhQDAwABARYDAwAok9fCDYUPoj52\/7bWkXpubOWKuws2NbqIamQurbKaJlfPfN1Qd4gP1Q=="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1484319033206,"flow_last_seen":1484319033312,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00424{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":313958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XflAAEAGItfAqAEHNCDEJM99AbszkZUx0pqE2IAQEBFl2QAAAQEICh9kubq2m8W1"}
00432{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":315618,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6c+RAAEAGDObAqAEHNCDEJM99AbszkZUx0pqE2IAYEBFNxgAAAQEICh9kubu2m8W1FAMDAAEB"}
00489{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":315983,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABh3lNAAEAGok\/AqAEHNCDEJM99AbszkZU30pqE2IAYEBEFDQAAAQEICh9kubu2m8W1FgMDACgq+RBR8THTcjMRmpcYU6jStsCmqjcV10RMxOYwlzzQAaSL47\/L\/6Qd"}
@@ -109,17 +109,17 @@
00549{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":375986,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"5JjWH70UgCqoTGHMCABFIACMQfdAACoGVGE0IMQkwKgBBwG7z33SmohzM5GWV4AYAE\/SkQAAAQEICrabxcUfZLm9FwMDAFOT18INhQ+iQOqqD1N1tEAl8lM2OzeUnmIoUkoyqfK36v8V68SxCq4q7xmiuD45rfh9ar4RF04LJ+4MXmY8mKYyZiBlFXiyPIQQxvMLH2jJ1bB6Xw=="}
00426{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":377664,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0lnxAAEAG6lPAqAEHNCDEJM99AbszkZZX0pqIc4AQD\/Rg6QAAAQEICh9kufa2m8XF"}
00426{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":377967,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XbdAAEAGIxnAqAEHNCDEJM99AbszkZZX0pqIy4AQD\/FglAAAAQEICh9kufa2m8XF"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1484319033631,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1484319033631,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":631945,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAVMpAAEAGIQjAqAEHNkXM8c9+AbvPvqpAAAAAALAC\/\/9MiwAAAgQFtAEDAwUBAQgKH2S67gAAAAAEAgAA"}
00437{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":678956,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGi7Y2RczxwKgBBwG7z36\/HDHnz76qQaASRepQUQAAAgQFtAQCCAqFp1CVH2S67gEDAwg="}
00425{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":680304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/p1AAEAGd0DAqAEHNkXM8c9+AbvPvqpBvxwx6IAQEBW0wwAAAQEICh9kux6Fp1CV"}
00737{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":681980,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"pkt":"gCqoTGHM5JjWH70UCABFAAEZsrxAAEAGwjzAqAEHNkXM8c9+AbvPvqpBvxwx6IAYEBWxNAAAAQEICh9kux+Fp1CVFgMBAOABAADcAwNYeOk5uUi+rD99Z+Le1911L3kiB9I95LIt9NFo8L\/pTgAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_tot_l4_data_len":377,"flow_min_l4_data_len":32,"flow_max_l4_data_len":261,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1484319033631,"flow_last_seen":1484319033681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00425{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":732036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0YUhAACoGKnY2RczxwKgBBwG7z36\/HDHoz76rJoAQAEvDmgAAAQEICoWnUKIfZLsf"}
02379{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":734598,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcYUlAACoGJM02RczxwKgBBwG7z36\/HDHoz76rJoAQAEtCSAAAAQEICoWnUKMfZLsfFgMDAFkCAABVAwNYeOk5JwKZaCm0T9BkHEGN7BD63up8ZlWasw7vsvdybSD6dgfGNYIoV6eFiCl\/QZwE+qp97TNaaL7oh1jX8\/GrscAvAAAN\/wEAAQAACwAEAwABAhYDAwo1CwAKMQAKLgAFDzCCBQswggPzoAMCAQICEBUE9lSWJBH1oKEWtt+LI6kwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJbG9zIGdhdG9zMRYwFAYDVQQKDA1OZXRmbGl4LCBJbmMuMQwwCgYDVQQLDANPcHMxIzAhBgNVBAMMGmN1c3RvbWVyZXZlbnRzLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NWCfffj1fH2w7Mcey7bCuVjmU9eYoCt0LQXtABL8VbzHb0v4bvuXzERuentrt0KBRrXwGb1LNpWTCuYkQFsuSO+4A2oBicvehQTGBtisx0FbKBTLIsG1vAxiWHWx\/XTpvW3a5IDQ3ve\/mg0iN4F0RJTT7hORBeIfEAtcLaXH1n\/7BbB4evGBxadgu4wyTSlZcC3QyAKuqxcLKOgPPdViofYrGJ2ftzJYann157r\/0yi8mqc3eUn0g\/zUInV4h7\/h5s9Uj2esO0XEfaW0qv9A1L8eDpSXsQ6a\/uVCNNDZNT0nWamrF358P06wTnnFsnzkBLicvjy+KKQP469XywS3wIDAQABo4IBfzCCAXswgYkGA1UdEQSBgTB\/ghNpY2huYWVhLm5ldGZsaXguY29tghJiZWFjb24ubmV0ZmxpeC5jb22CIHByZXNlbnRhdGlvbnRyYWNraW5nLm5ldGZsaXguY29tghZubXRyYWNraW5nLm5ldGZsaXguY29tghpjdXN0b21lcmV2ZW50cy5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQACFfXmfFLSJ3g83aH1lGay1TzWZVJJlcH5vHFDEXU12pMzmZON4XtuDhhFM85qNRHVp6dySN\/2NPneYQEAzEJszsoGpdoNA5+VkmVdkvaW+tPqbjD3DhRFe6FRMiYEvobEuXDMASh3pWeL+lILt4N4el138DFitlCElI7++tgmcN\/F97RxsNmqKLFE1juHjpRhzqx1ySvoyfKNksinLcJxJGh9TBRlC8+HlqzIWD5UwAIQyDpWGAcTm0CSFI62ZR44BA8HC+G2Cy4+heUb5tc6\/0A9WEHQESa7OfzrIaNQpvRwbE6iQMEgEU13QVkkGskdHHDxVn9L6REOhP7lsoXoAAUZMIIFFTCCA\/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_tot_l4_data_len":1889,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1484319033631,"flow_last_seen":1484319033734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02378{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":735587,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcYUpAACoGJMw2RczxwKgBBwG7z36\/HDeQz76rJoAQAEuddQAAAQEICoWnUKMfZLsfAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEoBWe2xDou1PViaKclBP1Ug+NOLCjAaPHzz4+YV2LIxjpcz4u4VnAYYdYYPSHtRsJ+faftfw+yffJZueqjm5ZjAQBAQDWe8igpRX1oyvcW6JH8gL4Ad7Be8qpe\/APNFoNWp2KJtIagVdOK+jEjZ5FBwT7HN1yhbqc3hErqaovVZ7RJboJxsSiG3+uevhIVtR4MQjf2TguJBb4g8+wODdhzjD3tVq9Kw2ijLc="}
-01247{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_tot_l4_data_len":3369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+01258{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1484319033631,"flow_last_seen":1484319033735,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
00424{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":744263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XohAAEAGF1bAqAEHNkXM8c9+AbvPvqsmvxw9OIAQD9KoiAAAAQEICh9ku1mFp1Cj"}
00650{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":746637,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5JjWH70UgCqoTGHMCABFIADXYUtAACoGKdA2RczxwKgBBwG7z36\/HD04z76rJoAYAEvXUAAAAQEICoWnUKMfZLsfPfW2YX2vbjlxOohXB9pjApioj0MFWPkgylbPVopJi2M99iNi5v0RbA\/y7TYrm5QhXEafqimNc8QfQoOWaPTp31BovOhINh8oRPhqWOBpukxsIpfMO5Dqiy7NFbcGEY4HgWnqt0N+ZnxouIdTPZvSSGTqvkhGCC6kuH5gJK8YNUFzx9EAeYeUSBsNa7X1PBlg658Lfh\/1ZoIxYhYDAwAEDgAAAA=="}
00426{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":750254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA066xAAEAGijHAqAEHNkXM8c9+AbvPvqsmvxw924AQD\/qntgAAAQEICh9ku2CFp1Cj"}
@@ -128,21 +128,21 @@
00487{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":761663,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABhrXJAAEAGyD7AqAEHNkXM8c9+AbvPvqt3vxw924AYEADSNQAAAQEICh9ku2qFp1CjFgMDACjKOK+sAtd5PswLjYlj+0P45JUuM6LBLH+Rog3b3ZnBWaXBB46ePIQI"}
00426{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":806978,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0YUxAACoGKnI2RczxwKgBBwG7z36\/HD3bz76rd4AQAEu2+AAAAQEICoWnULUfZLtq"}
00496{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":810394,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnYU1AACoGKj42RczxwKgBBwG7z36\/HD3bz76rpIAYAEuv9AAAAQEICoWnULYfZLtqFAMDAAEBFgMDACi6l1EX3Ko6OWfaT4C9ii2vvBLKcrRK0ddk9SR7FN6ZjdgSgXISGx5h"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1484319033886,"flow_last_seen":0,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":130,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1484319033886,"flow_last_seen":0,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00565{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":886061,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWfwIAAAERiKvAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1484319033886,"flow_last_seen":0,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":130,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1484319033943,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1484319033886,"flow_last_seen":0,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":122,"flow_tot_l4_payload_len":122,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1484319033943,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":943762,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAxzpAAEAGrpfAqAEHNkXM8c9\/Abtb3TwWAAAAALAC\/\/8tbQAAAgQFtAEDAwUBAQgKH2S8FwAAAAAEAgAA"}
00437{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":988686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGjLY2RczxwKgBBwG7z39IJeEpW908F6ASRer4mgAAAgQFtAQCCAqFp1DiH2S8FwEDAwg="}
00426{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":990083,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0N8lAAEAGPhXAqAEHNkXM8c9\/Abtb3TwXSCXhKoAQEBVdDAAAAQEICh9kvEiFp1Di"}
00569{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":993988,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZ8KEAAAERFwnAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
00739{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319033,"pkt_ts_usec":997529,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"pkt":"gCqoTGHM5JjWH70UCABFAAEZ\/SBAAEAGd9jAqAEHNkXM8c9\/Abtb3TwXSCXhKoAYEBWh7QAAAQEICh9kvE+Fp1DiFgMBAOABAADcAwNYeOk6Kk2knMSNhioRrvxRb2utqcQBAlus3bTpE7nGoQAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_tot_l4_data_len":377,"flow_min_l4_data_len":32,"flow_max_l4_data_len":261,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1484319033943,"flow_last_seen":1484319033997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00425{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":46936,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0scVAACkG2vg2RczxwKgBBwG7z39IJeEqW908\/IAQAEtr2wAAAQEICoWnUPEfZLxP"}
02378{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":48780,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcscZAACkG1U82RczxwKgBBwG7z39IJeEqW908\/IAQAEt1eQAAAQEICoWnUPEfZLxPFgMDAFkCAABVAwNYeOk6oFPoU9YBdFvzDdPia0vPwGk54HOidZX3VUv\/ICA+A9Bk1PmW0NKrtXhzLPNvYwZied+SI+QkI6djcPGAqMAvAAAN\/wEAAQAACwAEAwABAhYDAwo1CwAKMQAKLgAFDzCCBQswggPzoAMCAQICEBUE9lSWJBH1oKEWtt+LI6kwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJbG9zIGdhdG9zMRYwFAYDVQQKDA1OZXRmbGl4LCBJbmMuMQwwCgYDVQQLDANPcHMxIzAhBgNVBAMMGmN1c3RvbWVyZXZlbnRzLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NWCfffj1fH2w7Mcey7bCuVjmU9eYoCt0LQXtABL8VbzHb0v4bvuXzERuentrt0KBRrXwGb1LNpWTCuYkQFsuSO+4A2oBicvehQTGBtisx0FbKBTLIsG1vAxiWHWx\/XTpvW3a5IDQ3ve\/mg0iN4F0RJTT7hORBeIfEAtcLaXH1n\/7BbB4evGBxadgu4wyTSlZcC3QyAKuqxcLKOgPPdViofYrGJ2ftzJYann157r\/0yi8mqc3eUn0g\/zUInV4h7\/h5s9Uj2esO0XEfaW0qv9A1L8eDpSXsQ6a\/uVCNNDZNT0nWamrF358P06wTnnFsnzkBLicvjy+KKQP469XywS3wIDAQABo4IBfzCCAXswgYkGA1UdEQSBgTB\/ghNpY2huYWVhLm5ldGZsaXguY29tghJiZWFjb24ubmV0ZmxpeC5jb22CIHByZXNlbnRhdGlvbnRyYWNraW5nLm5ldGZsaXguY29tghZubXRyYWNraW5nLm5ldGZsaXguY29tghpjdXN0b21lcmV2ZW50cy5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQACFfXmfFLSJ3g83aH1lGay1TzWZVJJlcH5vHFDEXU12pMzmZON4XtuDhhFM85qNRHVp6dySN\/2NPneYQEAzEJszsoGpdoNA5+VkmVdkvaW+tPqbjD3DhRFe6FRMiYEvobEuXDMASh3pWeL+lILt4N4el138DFitlCElI7++tgmcN\/F97RxsNmqKLFE1juHjpRhzqx1ySvoyfKNksinLcJxJGh9TBRlC8+HlqzIWD5UwAIQyDpWGAcTm0CSFI62ZR44BA8HC+G2Cy4+heUb5tc6\/0A9WEHQESa7OfzrIaNQpvRwbE6iQMEgEU13QVkkGskdHHDxVn9L6REOhP7lsoXoAAUZMIIFFTCCA\/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_tot_l4_data_len":1889,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1484319033943,"flow_last_seen":1484319034048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02380{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":49759,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcscdAACkG1U42RczxwKgBBwG7z39IJebSW908\/IAQAEuozAAAAQEICoWnUPEfZLxPAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEoBWe2xDou1PViaKclBP1Ug+NOLCjAaPHzz4+YV2LIxjpcz4u4VnAYYdYYPSHtRsJ+faftfw+yffJZueqjm5ZjAQBAQAYI7vyUx0x5Epw2jXLXc8ObO1kcERD6mbq9bAGL5enAPrPw1QZe\/nFOM2+1WseaXlp79iUKsqqEMZoUCyTG0keq0X465hSI9uHz4HW\/3aeGm2AnT\/hOGdYkkqnOrHgYvlhrhRhfoA="}
-01248{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_tot_l4_data_len":3369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+01259{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1484319033943,"flow_last_seen":1484319034049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
00425{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":53331,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0HxFAAEAGVs3AqAEHNkXM8c9\/Abtb3Tz8SCXseoAQD9JQzQAAAQEICh9kvIaFp1Dx"}
00653{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":61899,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"5JjWH70UgCqoTGHMCABFIADXschAACkG2lI2RczxwKgBBwG7z39IJex6W908\/IAYAEsLpwAAAQEICoWnUPEfZLxPmnXETJshDEAvU93gvwU7pPnqa7afklAM\/zHsLlyWP4576BHwZqqmKgw2\/\/QWDPMLCSsX5r8zWJyIQQOv9lKJyJpZjaGWiQqQN\/0aABTiN4CVH1rY9eHcj\/UAtsnzQzCw+JhpdwgGj7Htpnn+7w7G34akyNiv1aUrg7Pr0+MckzcVXdcPXjOas4iPUQwbnbuEua6Q3jwYWaFF1hYDAwAEDgAAAA=="}
00427{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":63235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA08MhAAEAGhRXAqAEHNkXM8c9\/Abtb3Tz8SCXtHYAQD\/pP+AAAAQEICh9kvJCFp1Dx"}
@@ -151,37 +151,37 @@
00488{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":73070,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABh9aRAAEAGgAzAqAEHNkXM8c9\/Abtb3T1NSCXtHYAYEAB4AwAAAQEICh9kvJmFp1DxFgMDACil7XqCoyvwQFuspIPfflkSvCGtd57K5TeCdY4DBpvtbWoTPlxuXmcM"}
00426{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":122359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0sclAACkG2vQ2RczxwKgBBwG7z39IJe0dW909eoAQAEtfDQAAAQEICoWnUQQfZLyZ"}
00496{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":122491,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnscpAACkG2sA2RczxwKgBBwG7z39IJe0dW909eoAYAEtipQAAAQEICoWnUQQfZLyZFAMDAAEBFgMDACh0uCX4sTM68KP8Mcj3yPDXgTDiuRLB7n2zyVaTM14hY69h9UvXcqAA"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319034,"pkt_ts_usec":890998,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"pkt":"AQBef\/\/65JjWH70UCABGAAAgKLUAAAECSnnAqAEH7\/\/\/+pQEAAAWAPoE7\/\/\/+gAAAAAAAAAAAAAAAAAA"}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1484319035004,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1484319035004,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":4050,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"gCqoTGHM5JjWH70UCABFAABT4P4AAP8RV0LAqAEHwKgBAcrtADUAP\/fHGiEBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
-00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1484319035004,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1484319035004,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00639{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":24355,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UNAAEAR1X3AqAEBwKgBBwA1yu0AvyycGiGBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAADoABDRZJ4vADAABAAEAAAA6AAQ0KHEVwAwAAQABAAAAOgAENrvKVcAMAAEAAQAAADoABDQnzgXADAABAAEAAAA6AAQ2lKPwwAwAAQABAAAAOgAENrujrcAMAAEAAQAAADoABDQoEorADAABAAEAAAA6AAQ0KGy7"}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":63,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1484319035079,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.89.39.139"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1484319035079,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":79531,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAYJ9AAEAGvIXAqAEHNFkni8+MAbsc0sO0AAAAALAC\/\/+HyQAAAgQFtAEDAwUBAQgKH2TAbQAAAAAEAgAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1484319035080,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1484319035080,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":80111,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABASDpAAEAG1OrAqAEHNFkni8+NAbuZGBE+AAAAALAC\/\/+99wAAAgQFtAEDAwUBAQgKH2TAbgAAAAAEAgAA"}
00437{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":129030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z4zl6UHQHNLDtaASReq0kAAAAgQFtAQCCAqtiMj8H2TAbQEDAwg="}
00425{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":130402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gZlAAEAGm5fAqAEHNFkni8+MAbsc0sO15elB0YAQEBUZAAAAAQEICh9kwKCtiMj8"}
00437{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":130944,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGNAk0WSeLwKgBBwG7z40HBfk7mRgRP6ASReoSOAAAAgQFtAQCCAqtiMj8H2TAbgEDAwg="}
00427{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":132214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YNFAAEAGvF\/AqAEHNFkni8+NAbuZGBE\/BwX5PIAQEBV2pwAAAQEICh9kwKGtiMj8"}
00710{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":134770,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEEsStAAEAGazXAqAEHNFkni8+MAbsc0sO15elB0YAYEBWGUAAAAQEICh9kwKOtiMj8FgMBAMsBAADHAwNYeOk76erORdznXBXvPSpQVtkmxHNGba3wUCSzaRztoSCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1484319035079,"flow_last_seen":1484319035134,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00712{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":136106,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEEDNVAAEAGD4zAqAEHNFkni8+NAbuZGBE\/BwX5PIAYEBWJrgAAAQEICh9kwKStiMj8FgMBAMsBAADHAwNYeOk7lPRrg34Uu\/Y+HzZqHJ9SINdd1V+d8fl0kU8rKiCumkX9HtWv\/974df5VzRYePKjb1+omhktiqBKmGEtDEQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1484319035080,"flow_last_seen":1484319035136,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":183349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0iNlAACoGqjc0WSeLwKgBBwG7z4zl6UHRHNLEhYAQAEsn6gAAAQEICq2IyQkfZMCj"}
02370{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":185788,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXciNpAACoGpI40WSeLwKgBBwG7z4zl6UHRHNLEhYAQAEuNJAAAAQEICq2IyQofZMCjFgMDAFkCAABVAwNYeOk77vRck+pFzeLQ4EBYH\/bSAIX+AJxCxXv0j9VfoCD2BACvLdUcwoa\/a+fy55QScuVO6IcSLk43HHWgx3hRd8AvAAAN\/wEAAQAACwAEAwABAhYDAwpTCwAKTwAKTAAFLTCCBSkwggQRoAMCAQICEEyDi0+FfvCSTifwFgngw9wwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlsb3MgZ2F0b3MxFjAUBgNVBAoMDU5ldGZsaXgsIEluYy4xDDAKBgNVBAsMA09wczEYMBYGA1UEAwwPYXBpLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Z0vVg0+uwRnQgMqpd9ZwS7jp+haqVMWt\/aP2iVEz0YnjzxpK71leEdLOvCa7xXvw6qvgJgviQpWWaZLbuMx4dZ0wdQrWbFtuiNWVROO9UKlOR7zkSpBQBHjL8PDMR8GxjYhY0z9ub1P+ar3lsbL0PqJTXnpC4+5jliGtK7hBDnRBzIyN17GbPKT0EY9qzw2OhysiseSVIpeA2uTMsdjCuCJ8U2+vpz4RKQMVBcZpbGTOowLQya0VARHJxNv8MoepZLmqpbClDmpaWt6xW2h2cjWruIsD\/YQ7jbkhDSwodDubij58Mu5BWLQ+l4PPUsjmGAv3yZxbVcRpS6Wlm4uQIDAQABo4IBqTCCAaUwgbMGA1UdEQSBqzCBqIIVYXBpLWxhdGFtLm5ldGZsaXguY29tghRodG1sdHZ1aS5uZXRmbGl4LmNvbYISYXBpLWV1Lm5ldGZsaXguY29tghJ1aWJvb3QubmV0ZmxpeC5jb22CFmFwaS1nbG9iYWwubmV0ZmxpeC5jb22CFGFwaS11c2VyLm5ldGZsaXguY29tghJhcGktdXMubmV0ZmxpeC5jb22CD2FwaS5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQAdulHmLmvIdudqnSfhfmUEAkyAOEjgZ6H0k6BxmsH9zCQp6kh2Gn+6dw6yfgP+i+rrY5dJH59AnS0VSYm9l6Z2Q+oxBW3bKnGXHyAdm+pn0xnaoyVjvtsX5c1CZkwU+uzR+tLsC8xb0LDX0GTepgBR9Gv6C4+xg9+2VPA+fWZFwOvKONHO7uIp4D+u7Hmp1WMg8XA8cm2R59JkzTy56a2qikZCBk0Iiv6tg1u4MVCfWygHnmBNLR0RYC6LqagZzsJF6hfv7jbweV24LQUbdNELDCtEH0VUYn5jzB7SmHZg8RPHU5ZesfRgzs6ULuupnucw3hatgscIhcAN2cOcz9cQAAUZMIIFFTCCA\/2gAwI="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_tot_l4_data_len":1868,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1484319035079,"flow_last_seen":1484319035185,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02380{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":186784,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXciNtAACoGpI00WSeLwKgBBwG7z4zl6Ud5HNLEhYAQAEuFJgAAAQEICq2IyQofZMCjAQICECguJ5F5M5LkKPIhp07JN64wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EESFqrUO0j7rFMl9SYfOFc36wkHTK21jgV\/FA4iQv1Mg5CSQdMQZP3Cx5EZx\/jGYCcGmFWTHg3\/vj7Dm5CG6h8wQQBAQA2QFApcoPddWNzg7j0BaBm2wrnfEpr81JDq1qPgkKwdkS7LVcGeZdIiRn+Yso04lc90+CR6Z3YRsfkCc+mmOnIAj+F4s3NDHk="}
-01275{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_tot_l4_data_len":3348,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01286{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1484319035079,"flow_last_seen":1484319035186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
00425{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":188283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0pq1AAEAGdoPAqAEHNFkni8+MAbsc0sSF5elNIYAQD9IM4AAAAQEICh9kwNWtiMkK"}
00425{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":199804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0MDRAACkGA900WSeLwKgBBwG7z40HBfk8mRgSD4AQAEuFjwAAAQEICq2IyQsfZMCk"}
02369{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":200353,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcMDVAACkG\/jM0WSeLwKgBBwG7z40HBfk8mRgSD4AQAEtsJgAAAQEICq2IyQsfZMCkFgMDAFkCAABVAwNYeOk7vF8vAirkY9Eziq72P8mRIMbDgYTMM6wkZ7XIOiAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZucAvAAAN\/wEAAQAACwAEAwABAhYDAwpTCwAKTwAKTAAFLTCCBSkwggQRoAMCAQICEEyDi0+FfvCSTifwFgngw9wwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlsb3MgZ2F0b3MxFjAUBgNVBAoMDU5ldGZsaXgsIEluYy4xDDAKBgNVBAsMA09wczEYMBYGA1UEAwwPYXBpLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Z0vVg0+uwRnQgMqpd9ZwS7jp+haqVMWt\/aP2iVEz0YnjzxpK71leEdLOvCa7xXvw6qvgJgviQpWWaZLbuMx4dZ0wdQrWbFtuiNWVROO9UKlOR7zkSpBQBHjL8PDMR8GxjYhY0z9ub1P+ar3lsbL0PqJTXnpC4+5jliGtK7hBDnRBzIyN17GbPKT0EY9qzw2OhysiseSVIpeA2uTMsdjCuCJ8U2+vpz4RKQMVBcZpbGTOowLQya0VARHJxNv8MoepZLmqpbClDmpaWt6xW2h2cjWruIsD\/YQ7jbkhDSwodDubij58Mu5BWLQ+l4PPUsjmGAv3yZxbVcRpS6Wlm4uQIDAQABo4IBqTCCAaUwgbMGA1UdEQSBqzCBqIIVYXBpLWxhdGFtLm5ldGZsaXguY29tghRodG1sdHZ1aS5uZXRmbGl4LmNvbYISYXBpLWV1Lm5ldGZsaXguY29tghJ1aWJvb3QubmV0ZmxpeC5jb22CFmFwaS1nbG9iYWwubmV0ZmxpeC5jb22CFGFwaS11c2VyLm5ldGZsaXguY29tghJhcGktdXMubmV0ZmxpeC5jb22CD2FwaS5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQAdulHmLmvIdudqnSfhfmUEAkyAOEjgZ6H0k6BxmsH9zCQp6kh2Gn+6dw6yfgP+i+rrY5dJH59AnS0VSYm9l6Z2Q+oxBW3bKnGXHyAdm+pn0xnaoyVjvtsX5c1CZkwU+uzR+tLsC8xb0LDX0GTepgBR9Gv6C4+xg9+2VPA+fWZFwOvKONHO7uIp4D+u7Hmp1WMg8XA8cm2R59JkzTy56a2qikZCBk0Iiv6tg1u4MVCfWygHnmBNLR0RYC6LqagZzsJF6hfv7jbweV24LQUbdNELDCtEH0VUYn5jzB7SmHZg8RPHU5ZesfRgzs6ULuupnucw3hatgscIhcAN2cOcz9cQAAUZMIIFFTCCA\/2gAwI="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_tot_l4_data_len":1868,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1484319035080,"flow_last_seen":1484319035200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02381{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":215028,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcMDZAACkG\/jI0WSeLwKgBBwG7z40HBf7kmRgSD4AQAEvpfwAAAQEICq2IyQsfZMCkAQICECguJ5F5M5LkKPIhp07JN64wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EESFqrUO0j7rFMl9SYfOFc36wkHTK21jgV\/FA4iQv1Mg5CSQdMQZP3Cx5EZx\/jGYCcGmFWTHg3\/vj7Dm5CG6h8wQQBAQCVvSnMrZDKLpqvyRcVAgUKBgB5JiYIhk48LToQKVktZCWAm8bMCenvoNW2F3Hc9fUYJATjkgVrzbyIs+z4ayvEIAXvJ7dOq5Y="}
-01275{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_tot_l4_data_len":3348,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01286{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1484319035080,"flow_last_seen":1484319035215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3104,"flow_avg_l4_payload_len":443,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
00425{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":216633,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0t9hAAEAGZVjAqAEHNFkni8+NAbuZGBIPBwYEjIAQD9JqbAAAAQEICh9kwPCtiMkL"}
00692{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":229757,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"5JjWH70UgCqoTGHMCABFIAD1iNxAACoGqXM0WSeLwKgBBwG7z4zl6U0hHNLEhYAYAEvuqgAAAQEICq2IyQofZMCjpHl4RyQIVLjCE9+5SS7Az0ywQuNw+kAlnFo\/y8e7JW\/QvlkCHK00vYcxf+RdDNW2KR237l7JqlRXjqTmoRt3dOXcFn0rQsGXaPxX2o8ksdV+k3a46A5gwfkE6tUOZ8N04lUrusPBOV29jMwIvliW3kDLXxMaD9Ezv3O4MvjtOJZZcUrIPjvWe1NbVGya+AS8Izn\/OZhdDFkc5nSg9Cr7mG3sOwdjrLfLxKrenm2u\/PBE5F9BNuMdMBYDAwAEDgAAAA=="}
00428{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":231110,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0H0hAAEAG\/ejAqAEHNFkni8+MAbsc0sSF5elN4oAQD\/kLzwAAAQEICh9kwP6tiMkK"}
@@ -197,15 +197,15 @@
00496{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":292272,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABniN5AACoGqf80WSeLwKgBBwG7z4zl6U3iHNLFA4AYAEsiiwAAAQEICq2IySUfZMEKFAMDAAEBFgMDACgcPKaKyM4YHqGE1yRMvxcCa5MlFd2+8SOlHOEEihc6JV3bqeLV8ALo"}
00426{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":298651,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0MDhAACkGA9k0WSeLwKgBBwG7z40HBgVNmRgSjYAQAEt4egAAAQEICq2IySYfZMEP"}
00497{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":299424,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnMDlAACkGA6U0WSeLwKgBBwG7z40HBgVNmRgSjYAYAEsbIwAAAQEICq2IySYfZMEPFAMDAAEBFgMDACjXcdBjHjrlGCc6r1xIjnyS4caTVVboDwxir24skvpSSyvvSwA\/aYaY"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1484319035342,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1484319035342,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":342783,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA3CdAAEAGQP3AqAEHNFkni8+OAbvRf5R9AAAAALAC\/\/8BVgAAAgQFtAEDAwUBAQgKH2TBaAAAAAAEAgAA"}
00438{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":397916,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwG7z47YAyXj0X+UfqASRepXrQAAAgQFtAQCCAqtiMk\/H2TBaAEDAwg="}
00426{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":399304,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0+2BAAEAGIdDAqAEHNFkni8+OAbvRf5R+2AMl5IAQEBW8GgAAAQEICh9kwZ2tiMk\/"}
00710{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":401110,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEE6LNAAEAGM63AqAEHNFkni8+OAbvRf5R+2AMl5IAYEBVXjgAAAQEICh9kwZ6tiMk\/FgMBAMsBAADHAwNYeOk7vNJQcIWTHxOYmxRdvE73iLawThqSAEUf4RBG+yAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1484319035342,"flow_last_seen":1484319035401,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":449002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA07K5AACoGRmI0WSeLwKgBBwG7z47YAyXk0X+VToAQAEvLBgAAAQEICq2IyUwfZMGe"}
00626{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":449894,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"5JjWH70UgCqoTGHMCABFIADF7K9AACoGRdA0WSeLwKgBBwG7z47YAyXk0X+VToAYAEvNewAAAQEICq2IyUwfZMGeFgMDAFkCAABVAwNYeOk7VOwhhyggLAhJQBWvhk928q9X9VIa7uiiqr7qKSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZucAvAAAN\/wEAAQAACwAEAwABAhQDAwABARYDAwAoXcXoBY4K7rZHdaYvqMg+AqvzJCzgfFm2CZObQbNJ5Ejc26h63\/gPSw=="}
-00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":279,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1484319035342,"flow_last_seen":1484319035449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00425{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":451766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0wUpAAEAGW+bAqAEHNFkni8+OAbvRf5VO2AMmdYAQEBG6fwAAAQEICh9kwc6tiMlM"}
00433{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":452064,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6lW5AAEAGh7zAqAEHNFkni8+OAbvRf5VO2AMmdYAYEBGibAAAAQEICh9kwc+tiMlMFAMDAAEB"}
00488{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":452442,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABhncZAAEAGfz3AqAEHNFkni8+OAbvRf5VU2AMmdYAYEBEMGQAAAQEICh9kwdCtiMlMFgMDACiAf4y\/CJrVzrosMHqlvlV0KXoJV02FkcvwiFl0B54Nhk4JLJ6FG+Pk"}
@@ -217,24 +217,24 @@
01247{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":596560,"pkt_caplen":672,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":672,"pkt_l4_len":638,"pkt":"5JjWH70UgCqoTGHMCABFIAKS7LNAACoGQ\/80WSeLwKgBBwG7z47YAywd0X+evoAYAGHrFQAAAQEICq2IyXAfZMHRMo35wC3K3lB3X0UiNTqPXgl2iRfglXBV7sOmXxgvCmchDBkb2+JBSAN9wiY3J3+ujUo8d3KDqAiGeO6zBVq45089AD6x6kknWzF6FC175HGVHruWYVIyVQzu\/CM59pAOKR0BFREnSTsOkBiMZfyvC98CjZvGbBBb8xRt4k6MoGBDJiTt6YmW75aYoKCHqeBYmCkRPpdeOvBzEb8NKrbFsSMl\/bJucy5INzD1b5t1xTf\/16Y\/QeBb2E7QrhYpPm4YYdcGYKzo7pZuIHwlFrwA9Osl646h4W8JPNINFs7hEJWY2LdiX7VlNVT8fVDA+WHWCaQFEUDipS62VMEifjL8iv7BuaO8+dO5H43ofJSPLcV6Pvl13aNor7ui1TwLe8Lu\/MG1X7l3awDxkOkX9t55guBdRmDc\/Ubmq3buWdEwHqk9iSSU1MkRyYtmNP48gAzdq0FBmzjWN55xMC5HZ0j0FSEymrgg83cpMkJRMm9+R1H18jCBdqbpFT6aRubLAuSI5EKvuJ5T6M5lhOfFWYivIu+LPU9df4UHYc2S2SpOmllT4NCpoDheI\/JG2m26ZsZDLD79kZkqe6k2UtdQ26te5w2F1Ul1DeGGTPvim7L6q9LKosMEsbHZTMQ\/RoWkKN357p3KOCruFfYKn+9dfyksPP5bBsgkR2qvQfy6Zkf1OOVHKxt9wHyPb2unAhD9SqCEETq\/1kyIJ5X3fxyfN6PnFfUdn1CHbb1bOdV8khj67NUNNST36zIFFz3PUW65zARqyZ5bbPWCRzlK+J6erwT2G2cCk83w3LopkZ4RdySt"}
00565{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":889509,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACW0KMAAAERNwrAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00569{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319035,"pkt_ts_usec":997063,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZwp8AAAERRQvAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1484319036827,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1484319036827,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":827113,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"gCqoTGHM5JjWH70UCABFAABHX6YAAP8R2KbAqAEHwKgBAeF3ADUAM2aFMVgBAAABAAAAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1484319036827,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1484319036827,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00524{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":847572,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"5JjWH70UgCqoTGHMCABFAAB74URAAEAR1dTAqAEBwKgBBwA14XcAZ3RRMViBgAABAAIAAAAABHNoYTIDc2FuBGFrYW0HbmZseGltZwNuZXQAAAEAAcAMAAUAAQAAACAAGAVlMzA2NwRkc2NnCmFrYW1haWVkZ2XAIsA3AAEAAQAAABIABGhWYbM="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_tot_l4_data_len":154,"flow_min_l4_data_len":51,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1484319036854,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"sha2.san.akam.nflximg.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.86.97.179"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1484319036854,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":854344,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAqeJAAEAGBR3AqAEHaFZhs8+VAbsXO1WDAAAAALAC\/\/+GqQAAAgQFtAEDAwUBAQgKH2THJwAAAAAEAgAA"}
00438{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":865722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwGsuNoVmGzwKgBBwG7z5WR\/xaXFztVhKAScSAP4QAAAgQFtAQCCAoCM2vSH2THJwEDAwU="}
00425{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":868771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UCJAAEAGXunAqAEHaFZhs8+VAbsXO1WEkf8WmIAQEBWfqAAAAQEICh9kxzUCM2vS"}
00733{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":870445,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"pkt":"gCqoTGHM5JjWH70UCABFAAEXqU5AAEAGBNrAqAEHaFZhs8+VAbsXO1WEkf8WmIAYEBU64wAAAQEICh9kxzYCM2vSFgMBAN4BAADaAwNYeOk8NZkQnOsfGkUHC3oH4Rk0tFCgXSVuPClH26lOAAAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAiwAAABYAFAAAEWFydC1zLm5mbHhpbWcubmV0AAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAzN0AAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAUABQEAAAAAABIAAAAXAAA="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_tot_l4_data_len":375,"flow_min_l4_data_len":32,"flow_max_l4_data_len":259,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1484319036854,"flow_last_seen":1484319036870,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00426{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":886851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0fX9AADwGNWxoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6urGQAAAQEICgIza+cfZMc2"}
02375{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":889708,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcfYBAADwGL8NoVmGzwKgBBwG7z5WR\/xaYFztWZ4AQA6sVZQAAAQEICgIza+gfZMc2FgMDAGICAABeAwN5g47+R9s+E\/ccXHXackOfVLxM+JD8ytN57LngDZ5MXSCEx7AFc0atAESV3G9T1TWkiIUeyjAIQRMHOFmJVRwvDMAwAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwuPCwALiwALiAAGaTCCBmUwggVNoAMCAQICEHzGM+uvTCVSGnztsenYTskwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MDYwMDAwMDBaFw0xNzA0MDUyMzU5NTlaMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJTG9zIEdhdG9zMRYwFAYDVQQKDA1OZXRmbGl4LCBJbmMuMSQwIgYDVQQLDBtDb250ZW50IERlbGl2ZXJ5IE9wZXJhdGlvbnMxHzAdBgNVBAMMFnNlY3VyZS5jZG4ubmZseGltZy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOL5eAa9iwu1W4ePjhdlD\/gO5xHqEE0w4N90WW3Kd8FCDnvpAOkVGjRvw5hpuSoirFa0PpaF6efe19YU+\/94rODigwAFlqGN476hwsQEm3r6EjgvIzP+8EAnmt5rMGnghJmeLsVUmfSrP7gIlTznCIa0AtZJCZ0Gj\/\/pLFHo5eGGm35eiYfMA\/kUjtu75xS3Y+EPyGXwL4F6jfSdAgAP3I32NAkFX0eyKJO58XpRjLZI2xd2\/A3n++inSIFvfIl5LhpOySogZ0IGCqpiWAo2bSe1rDU+oHs7E3qOd+zvTRIl66O7SbbwZglCDJztOTLcHxFA5kriIAeUxLvkPbQoI5AgMBAAGjggLFMIICwTB1BgNVHREEbjBsghZzZWN1cmUuY2RuLm5mbHhpbWcubmV0gg0qLm5mbHhleHQuY29tgg8qLm5mbHh2aWRlby5uZXSCECoubmZseHNlYXJjaC5uZXSCESoubnJkLm5mbHhpbWcubmV0gg0qLm5mbHhpbWcubmV0MAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBhBgNVHSAEWjBYMFYGBmeBDAECAjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFT7VwP3gAABAMARjBEAiBT7hkbxWQQ0us\/9fqET+yBRh3qoP1KvY+Tx5akfVeUmgIgfvl3RC+dMVYHRS3GFl18scTh1dILLVXmSrC9I2670sEAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVPtXBAEAAAEAwBGMEQCIFUI+iXpXkkVBZ\/DvbNn7QYNrv4ZxNjtO3x6LBje4Pk="}
-00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_tot_l4_data_len":1887,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":330,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1484319036854,"flow_last_seen":1484319036889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02382{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":890024,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcfYFAADwGL8JoVmGzwKgBBwG7z5WR\/xxAFztWZ4AQA6s+6wAAAQEICgIza+gfZMc2qAIgEdjmRg5RSO48fGFNbe0p2qY5pTSrrwamzGxkSMk5QN0wDQYJKoZIhvcNAQELBQADggEBAGhj5qoVs52lQOb4fZ9uG5RkZGXN6NGP07\/Pouju0t7dBg\/gLGPtZ83fAke8\/o9S+xTozhqgx0n1qZnbv6aH\/BFUY1YvthNyGNVkk7jf1Ij1uE0EiPseeTK8aRr5R\/HkyWJQkmOld3oNAS+inZCnz9pJFRQCeU4a6cFl+Ci74I0sN5M9rWQsC9c8Ei\/wI2WcTFb93rbgjd2\/oIBhq26ybAsvWmGjy27PKu9TjS6cmpbQslxlrbwuqrTiIQWtbp1rqkKbtAxqkkeGmgtJZwPoJ3od77ro2IAHZ+UxpcJg1IfcFqI2Tr1Yq4Ylzfmsnf8kw\/+4xnKWDtMe1X85IP7QeM4ABRkwggUVMIID\/aADAgECAhAoLieReTOS5CjyIadOyTeuMA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFAMIIBPDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wEgYDVR0TAQH\/BAgwBgEB\/wIBADBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwLwYDVR0fBCgwJjAkoCKgIIYeaHR0cDovL3Muc3ltY2IuY29tL3BjYTMtZzMuY3JsMA4GA1UdDwEB\/wQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vcy5zeW1jZC5jb20wDQYJKoZIhvcNAQELBQADggEBAFsXUr7WVnv09zQJS5bKx\/Yh0GmA7+eaGegk4n\/ZL2HdE+taZeThapDLTirpihbnUo32QxtHBQ2Ao6ia\/inTvB0o1aVK1HE8D3XFC3M\/AEhleQ2rah4="}
00425{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":894463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0EvZAAEAGnBXAqAEHaFZhs8+VAbsXO1Znkf8h6IAQD9KTjgAAAQEICh9kx0kCM2vo"}
01132{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":900382,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6fYJAADwGM2NoVmGzwKgBBwG7z5WR\/yHoFztWZ4AYA6v+\/QAAAQEICgIza+gfZMc2JQzAAt5mrL1LBmuaV4oqgX5nm7pSYHPEFfe7wVDJCKW6V0o6GxBzHOF7tpQDS65RsIJAOloknO4NWF2uuil6yjOesoHCL47BJ89A8AShP\/U3wsr8rFNtqVNpT+F2ZAwlgak3A\/I5czTSwXx4GByoaxbn5+CdKa\/Y5Gk5eZVpuXtcXQGc1PfzSEUTZJXXCm5y2kMiJG8+WnDcwJLgLeVX+OQrJ+71\/xuzAYN6FgMDAU0MAAFJAwAXQQQOYmnIer\/U7ctVgXU1Z7TTskG+xjwKHU7CPi9J2o6xtgml9BVpWSqeBT679amN26TbJcR\/wVj9alhIchJg2gvfBAEBAMbwBrE9Iyews0JuhWKQoSuE3WLm1YqntVdChljf\/v+XTsnCKMfMmgELPYM5r72Cp3HA2XXW+9bKhvwmktB82VyvtZFc8x\/RCE6KRO+dd6V3E5A8CZ8fWZgU61NvEybvsRI03HYMobrlm\/jIH8ydqCeTvykLQHxMLxVMkXLmiuMJjZJv6xV8cA62TFO18mR5QPRz+eBGrhbOUqfG5tjLQDuClfLAIrj1Kg6hc6IMzDjPz9dSscxdTFZR4GPGVe4AAbZEVJtrNIfp1HMES5kie2BcuxNBifEl1sxmQnCGePPo2W+Hr848A6GfTyGzUm2O6aMx5Pp\/wPlIqf2EUyIMH88WAwMABA4AAAA="}
-01246{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_tot_l4_data_len":3949,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":438,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}
+01257{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":333,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1484319036854,"flow_last_seen":1484319036900,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3641,"flow_avg_l4_payload_len":404,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"art-s.nflximg.net","server_names":"secure.cdn.nflximg.net,*.nflxext.com,*.nflxvideo.net,*.nflxsearch.net,*.nrd.nflximg.net,*.nflximg.net","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"ef6b224ce027c8e21e5a25d8a58255a3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=Los Gatos, O=Netflix, Inc., OU=Content Delivery Operations, CN=secure.cdn.nflximg.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"0D:EF:D1:E6:29:11:1A:A5:88:B3:2F:04:65:D6:D7:AD:84:A2:52:26"}}
00426{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":901869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA08BhAAEAGvvLAqAEHaFZhs8+VAbsXO1Znkf8j7oAQD++RYQAAAQEICh9kx1MCM2vo"}
00533{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":918783,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"gCqoTGHM5JjWH70UCABFAAB\/lQxAAEAGGbTAqAEHaFZhs8+VAbsXO1Znkf8j7oAYEABdYgAAAQEICh9kx2MCM2voFgMDAEYQAABCQQTUvej9xPWAD5BXDcd9Mm2jsAGMbgejFJsN9p9SRBtz8CmGw\/91ArywvHmIz5\/rwrA9y5wqrVuat\/5bLEDL4w0u"}
00434{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":919168,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6JLxAAEAGiknAqAEHaFZhs8+VAbsXO1aykf8j7oAYEAB44wAAAQEICh9kx2MCM2voFAMDAAEB"}
@@ -243,26 +243,26 @@
00497{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319036,"pkt_ts_usec":935911,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnfYRAADwGNTRoVmGzwKgBBwG7z5WR\/yPuFztW5YAYA6s44wAAAQEICgIzbBgfZMdjFAMDAAEBFgMDACjyM2bDQD2Z0vThgAgGpgbayHThFoX32sxQ35gfbLBsT7pRAXXiHaJl"}
00565{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319037,"pkt_ts_usec":897807,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWcF0AAAERl1DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00567{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319038,"pkt_ts_usec":4746,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZdekAAAERkcHAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00470{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1484319042988,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1484319034890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":516,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1484319030789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1484319042988,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319042,"pkt_ts_usec":988806,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"gCqoTGHM5JjWH70UCABFAABGkh4AAP8Rpi\/AqAEHwKgBAecsADUAMtLh8roBAAABAAAAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQAB"}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1484319042988,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1484319042988,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00538{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":2781,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"5JjWH70UgCqoTGHMCABFAACG4UVAAEAR1cjAqAEBwKgBBwA15ywAct6B8rqBgAABAAMAAAAAB2FydHdvcmsEYWthbQduZmx4aW1nA25ldAAAAQABwAwABQABAAAAUwAUBWExOTA3BGRzY2cGYWthbWFpwCHANgABAAEAAAAHAAS4GcwZwDYAAQABAAAABwAEuBnMCg=="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":50,"flow_max_l4_data_len":114,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1484319043012,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":609,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"artwork.akam.nflximg.net","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.25"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1484319043012,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":12652,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA10xAAEAGHYnAqAEHuBnMGc+cAFC2IFmCAAAAALAC\/\/8TjwAAAgQFtAEDAwUBAQgKH2TelwAAAAAEAgAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1484319043013,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1484319043013,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":13015,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAkrpAAEAGYhvAqAEHuBnMGc+dAFDU44WRAAAAALAC\/\/\/IugAAAgQFtAEDAwUBAQgKH2TemAAAAAAEAgAA"}
00438{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":35100,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz5xwDCo3tiBZg6AScSDeBAAAAgQFtAQCCAr\/\/DsdH2TelwEDAwU="}
00438{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":35720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz53Qk2dE1OOFkqAScSD1lgAAAgQFtAQCCAr\/\/DsiH2TemAEDAwU="}
00426{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":41595,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0zhNAAEAGJs7AqAEHuBnMGc+cAFC2IFmDcAwqOIAQEBVtuwAAAQEICh9k3rb\/\/Dsd"}
00426{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":42140,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0UPZAAEAGo+vAqAEHuBnMGc+dAFDU44WS0JNnRYAQEBWFTgAAAQEICh9k3rb\/\/Dsi"}
00757{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":68353,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"gCqoTGHM5JjWH70UCABFAAEq43RAAEAGEHfAqAEHuBnMGc+cAFC2IFmDcAwqOIAYEBUNzAAAAQEICh9k3rv\/\/DsdR0VUIC9hZjdhNS8zNjI2NDM0MjRlNzc1ZDAzOTNkZGI0NmUxNDVjMjM3NTM2N2FmN2E1LndlYnAgSFRUUC8xLjENCkhvc3Q6IGFydC0yLm5mbHhpbWcubmV0DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUztxPTENCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85LjEuMCAoaVBob25lOyBpT1MgMTAuMjsgU2NhbGUvMi4wMCkNCg0K"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_tot_l4_data_len":394,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1484319043012,"flow_last_seen":1484319043068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/af7a5\/362643424e775d0393ddb46e145c2375367af7a5.webp","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
00758{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":78953,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"gCqoTGHM5JjWH70UCABFAAEp\/qdAAEAG9UTAqAEHuBnMGc+dAFDU44WS0JNnRYAYEBWe1gAAAQEICh9k3rz\/\/DsiR0VUIC81NzU4Yy9iYjYzNmU0NGI4N2VmODU0YzMzMWVkN2I3YjZlMTU3ZTQ5NDU3NThjLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-00724{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1484319043013,"flow_last_seen":1484319043078,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/5758c\/bb636e44b87ef854c331ed7b7b6e157e4945758c.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
00425{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":92808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EWZAADwG51u4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6t46QAAAQEICv\/8O14fZN67"}
02410{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":93398,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcEWdAADwG4bK4GcwZwKgBBwBQz5xwDCo4tiBaeYAQA6udKgAAAQEICv\/8O18fZN67SFRUUC8xLjEgMjAwIE9LDQp4LWFtei1pZC0yOiBEck9aT2g5NUpyeE9lMjRPdUQ5cDVoRjliSkVIZ1NPbk5pZ3RSb05tcWNzcTYzSmRxc0t6eC9BQzBDZjB1Vmlha2I2a2NCc0pQKzA9DQp4LWFtei1yZXF1ZXN0LWlkOiAyMkM3NEYxMUNGN0M5NjFEDQpMYXN0LU1vZGlmaWVkOiBUdWUsIDA0IE9jdCAyMDE2IDE5OjQ4OjI1IEdNVA0KRVRhZzogIjU0NDZhZTI3OWVkMDNjMDJmYmY4OWJmNTBlMDE3YjA0Ig0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBpbWFnZS93ZWJwDQpDb250ZW50LUxlbmd0aDogNTAzNDANClNlcnZlcjogQW1hem9uUzMNClRpbWluZy1BbGxvdy1PcmlnaW46ICoNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MjI4MzM1MjANCkV4cGlyZXM6IFdlZCwgMDQgT2N0IDIwMTcgMjE6Mjk6MjMgR01UDQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjQzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQpSSUZGnMQAAFdFQlBWUDhYCgAAABAAAADTBgADAQBBTFBIuGcAAA03oyiSpIbL+bzh3wxvFEREHvhFDwyE1+BdEAIlxkLAgE8UBm3bCGr40\/5vs38CEf134LaNI2WLd6\/Ss78I5LXBC0HdEgKEtRVdMhzDGyic9M+WF7ZWa0RrBEwNpdyhzgeHhiTAynL37EwW2Wbxp0hgveiyvPBu5yoB7siSqBeBHGBWozOHHLrjiEeMzS5OkZjWo4LMgeiVAuUPkk4Uq3VYwQOkpepzPuRw00VIKOWyOmQaAp+\/ryYZBOEuUDFwyIMkmRAhL9Iv0lQXpeyj6AafQmuTmgmIzJg\/U3S2i7MdvyX7kK9lO8JYMJ1qMgxi0QM2D\/fetW1PJEm2rfeTjMndHAIyq5ombWbGOeeghsqMcDZGSed\/CIruqM6IUJSZ\/Yzof\/rWtrduJNu2foAEZUdm9c1Zv639Nm2LJID7vwQoslqEI8Cy2mFE\/xOLh69++tPPP91v16HrMILCzCk4rqr+f\/\/n\/\/dNabyL\/S\/\/T\/+7r8HYSUICWdx9+r\/\/3\/6lGLEY7M0f\/vPPX+62SeBwht8oQY1tcf723\/+\/\/\/PS4bfr7n\/+g\/66S1ehyxm0wowq2IGl\/uP\/8n\/9yyjx8dHX\/\/X\/8X\/LSyFhQMFJxF\/\/\/\/+P\/+cFk8Gdn\/\/3\/4ffSy0U3ugIAjmeU2RbapRYNLYbvjDRDv0waqkkKZDCzJFUfSVth+F9TsIH3QtGWiFDiXZQzLawDJgXxgEb234YByEVFH6jCqSZthwvpCJrBvwGmeMHkYuh7\/pRjFJDkSLMqpJj01u2JhhwYl63YCAYIKWFrDvbx3SwyBsbAU0wQeql0wJLhsLt40Nst4Uu67YbhJakQJg3UlIU5z5wCe9bP3qlrkbihBTZXwuyHIZl4KS\/u1\/bdVbquu1HIRV+owTFuOuF6T3\/9rdTofDbs+P7h22s6iKvGj1oIaEICvNJkEN7rtyIEQzEX91DC5uRggESY38swgjTYT1smmvDSOOthHBycjxHQpZZh6VCzPHWQag9Ww1Cqld4Icye0uL2LDaE91H6aOcKmjgMtYfCCbEIbDeJ4jCw1Sik+gd+y6SZ5fpx6rbF4dwqjd8SWW4Uh4F2rXGQWv0DrwjzWj5VsQcDjK\/u+EXCJhBMqLG61YmLySD3Pi0raHrB+wjPquxUY6ko7+GPO7c9nGrMLMn2dqQ13knxFheY7L6XqYNFsP7pYS8="}
00426{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":106058,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0XCxAADwGnJW4GcwZwKgBBwBQz53Qk2dF1OOGh4AQA6uQdgAAAQEICv\/8O2kfZN68"}
@@ -285,12 +285,12 @@
02398{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":274573,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcEW9AADwG4aq4GcwZwKgBBwBQz5xwDFd4tiBaeYAQA6tk6AAAAQEICv\/8O18fZN67MlwRZp+5sUOdhLmxakduESaDop19kjCn+nMZB1gUlG5UAZOiz2\/inmPmuBt5rBhgrq9e3BjzR1b4uK8KmJZj8f0SB\/h8LbQjbwQ2rGDFW5wUDI6HIg4w\/2yrhxtMluch9DAdThQ6olQwJvqiHtYOFgW\/3zfPMNmXRcUdwszxVYpuUDCmmmujfAvzx\/30cX0dYXqsLs\/l2sKnI2m2I290EizAvCiWLUx2h2rlYP6tx115gcnrN3XHMB3Bxh8bAXNjkY2WQ1gUziZtCpisz51HmD1rnzYFTN6OaoU5dB+3soD59tvZSvAZm\/iONI1BGxYI19bYKpgTfVWLNcfcEw82SdbAnBpvJ9phQqKdk8PkcCy8AIuCtJ8ETQ+T+ZO8x\/w5j+m1hUF1enb2mMPkT7vvHcxn\/3L94uATUm22I22GsiCf0jucBAwORalsTZh75saRUwkYU7opMu5iQpJ7PMNk+5zvXCwKHkRc9BLm1FicsSeFeWNOmDjXAcaUbPPMizB\/drIOUQmY7m\/XlrkMn7GJdWT51KCGfDvdjUeY7M5V4GD+rShGD5N1NjCN6eB2vBozmFNjcxnWNhaFtV+3V6lgTrRVyTzMnZ1oNnQSaaormjG0cH7BH9e3q1Awnf+P\/D4ifEaq4h1JjqlBHKZJu+t0qGCy+d7sLMy\/vQ1LDYPycrJ2mA6yE9\/uepgTXdkpn2FROHdJWcCg6stOOZg9dx13DQzK+qZszB\/30r1zHGB6bM8H8cDxOaVZR9YIowrj5IS+0wqYU7I8jzuO+Xd30a2GQXU52XeYkCi1Opjs85q7ICwKbxMXLUyWNxUzzJ699\/MBBtU1c7aYv+BxzdtcwXTxLeehj0\/axDqSvN8hDOMUazQCBmVfFSokzL9\/F94GmLxerBgTsrkfn2GyObQrFwoLgvEwsosRBmV25lvMHekwdS4DzKnhkkUp5o5Z6X1YDgqG5Xj53q844XNyFduRdd9pg3mW6v4Kk13WMIcw+9yJAj5IGFOiajrPwWSQnW66MwzK8jhsLSwKOwkw9BIG5elgpZg77kYrdpMwpnRzzmIPc+enm9VwgfHmqjNvhc8qtWhHkvedL\/gE93dNBpOXP\/ePWADeXVhnUDAmzgeeuISpIO7HYd\/AnByKi9gwLAp3FzaFgjmlm+zm2pg7Ow5toWFO9kXZ24SZY+u7mBoB0yI7VPA4Pif5hUkDWX3nC4yTu11XHUxeflGPlsIkOzywTPgYnDsQjI0H7e05w1SQmzislzA3NFXNOGFROA9h1sOgKm7StQlzF+ycAibHS+YkmDvm7b7IE4zL5vBsbfBZqQapBZJ8DhaY5mHCZSthUI6DvQotjkklHB469xhYxt+7NwGD\/bXwEu5YClMgO1prWcBkexs8joUR3PvnEQbF+eRuCbMX3\/NnyWCufypWCWaO2fFuU\/UwLbv8dE0cfFaS8KmOrBHcYNpab\/tMKhgUThy4NrdI4UMVNIHwm3W8u\/X9cXuYwqegcG3dJAyO7RilrkVQ+KuTguyR6PIEk8VZbQiLwg60qyoJg93x5CeYO+Jxyk4KBrtzEfuYu4dH5DA\/fNd8zfBpSapbIMvnoAbTfLNqchil1WPqc\/VC+HiF3y7hnZigv\/77qluYd0KPiU7BnLLWu3XClQbhr66giaErjhUMquyo9lgWbhoNrVAw5mhOt8jB3DEviFSjYLDO2sjGzLm\/+7m8wbSi4t9\/SWN84lYxHWl98AbT9iYqaxjluz\/eOWzU+GCCVvgtO4KitK3Sr3990meY97du20iYdP\/wn7Ye6wXht0+KeTh9KwQM9tmRRVgWwd4rJAy6GBSPNzYmgRiNfa0FPqGfOKJTMDfWWjCPYdbYehfQbYBpcTk3LOT4vCRhE2k+ghvMEvfXbtbDKPkrn2OSKUrbpJDqiuNVwnB0b98UjNrpJuAQmAI="}
02384{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":287331,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcXDRAADwGluW4GcwZwKgBBwBQz53Qk47d1OOGh4AQA6svNQAAAQEICv\/8O3sfZN7HzZAetGy2rqR144fE+e886SjNQU\/u8k5Tm8neSd06SZJM7RUIqMPK8\/2PIGQC+cx9D5Gf6Q76tj4XMYjVUexhYGDZJd6u5u7uvqTU5jdhgEUYM7NrVjwnTysPJwSDA6SkyEc5IPGVV52ps12WRb6YvNirjtdV0Nm5yYeX6HZr3a9vg+p6EuPUiSViZVQOeOPfYteNU2mjBuamXZqWOi3sfm\/OOESZMRvvWc5SeTu6dJMkmiydKEYxQIVfGO\/67OVQfzdW60PmnvXsVLIp4+HlrMfJ5elvDfb19XptbQOZRQawXYCT0KdKsZ6tOhh4eZIIU6SUYWjJTFYozVuJNWnlXep5+pAabe9Co1+Q0MDrqstuuwrOJa14Da7bqyEElHZDPFQZ2qGvWss8N3KPUuHrn1dTc4zzLgWRxffc3k7u7pJMyZosmToIZwCIcAN4Z3vfZ1ap82Tt9lx\/ZfQ2fnwrcNjUq2fxy2tAJtzd2dbQtuwCKoMMioUHBmVahZ0qmZjYFNgjTp4yDKyZmUJ13ld1q+Y1vc5pNIa0fQZ85j3cPqqtK2XfLXy+vp81m7PR2uVHrPX0AVqJGPYp28+M5muxrCr2xSa\/nWbuhv7fnPj+Mv0DeSd3SZNFmaCi0VN1SE7AANkFeER9A6rzLy8twnaa3tdkFHI8u5MVTmbd2\/t2VsdNrS1xgagW5ViKEwupAzqMBwWdlZPNDFCCZ2SGSy6eDuCVvreXqNe2+ac8AqfdANx9ytuYNfd0Z2tFqOtZ6utyhLAcDlTaF19CyXCCpkoa+Y+c3QSwpWI3pZ0dGlcPLquz5jxn7UUnSUWeMYRFJhwdMSEB11EQIjmOJ+Ft9d8rVzEua3W+4ag8vH8u4etgW7mxrduahHQ2rOkoUpCrPClFFR2BHKpoT5WXlczEUWZJRjE9toqLwiTueTpKe\/z8bFqFd+oejj2q3V4lTa05njoHGXodOvmclq6FKjiZ+Pc0AlJdr6GUGYul5w\/Qc4GyrFyZKsJ51O7DXt9\/626TMw3aNcchpwDGKy0ENlBq4ouGwPen4FwFaBj2dP6VLZqZ3Cee54NfpOssa+HVV3TsHhOknrVuQ5qNy7qahIvUqocM\/OweacUGdkmgrB3gotCfbZGMAm3hAsktkr7Y4UZU97Kz93Q2Yld9nbpc9rSFQo6t\/Ooj0ec5LQOZzWI1xQK+hq4egs2nOjWHWkosOUD\/AHKlGMBPELRhCFZDiopmmoM7ABJqs2CPzzkcmo9iY\/pPt6+bl8dj3fQNIJjVsnm3LsWx3qh2nlcj5TgW9Tb3NicrcaTjrUKfNYUGGkzsw5WCyg0SA29XHyhbtfNUnsvcMSlXbTnk69u21jTK3Rb+fy+Xt1zYz3qxMxXLODykOjFFPpVaNiO7zua7hrVgvJhhYsIv9+M0YxrsgNFBSrCgnYbygJWaw2anQsEoVrmT5riVUWn9F9zaiEFhRs08\/aDQ5l47V1WFVzeY4fktXouoYZXtUSyzGQKuXyecJ4PaBCEIEOVmiI4vSePq5ujKhFxEt2ZQjbDK9ytnX6QsI6vXc4fdyQ459etTyx2bKDW07EuW5YWk9gBZ0Lo8k1CE4AeImeDJO3320GFmxMSnN2A8RKtEjQCCKBcjnQsCyC1qU6Wju+X8xWeh7V6zOSg9WF6OBauHBl43Q3AUeW5blsOfqPWW2QAo1apTHAAAY\/K5sWZz1WQ2MckIxBo9bXyMsGrRYMGsHsRWhn0+sxcjdu2deGX2msPjNQxa+PavT5+emCGfpQv1BVMLBt2g1SaW1ydciraOcOupBGkkpfdhRtlAjK5WzdGY2rzjUFROaIabMnhm1damFlKpezNvH8\/o43c\/QJZu46sLRsrJ19i1z3J6NHjefxMyr1XqfRMwpVYEQwUK0hVqmBgZkWaUwMw5FPOLDf0a\/wCZ6ODp1hw="}
02385{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":314477,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcXDVAADwGluS4GcwZwKgBBwBQz53Qk5SF1OOGh4AQA6uIjAAAAQEICv\/8O3sfZN7Hy5qtXQvZNnX8ZtbpYB1es5+r1dTDqm2AYw949WpXT0a2rbnmU9XH5+qXQtZ3ccjYBRhQjenA0KIxVWdvtsTxrjUiKsFntCrSLz+MPS2xUDVo1LNUIcQF+JNqGXj7m1w3LUvqa4JO1cZbpOZB01vN80xeXxa9Ined51sIJAogLBNWGqNPMzcDFJFTmGMGcp07V+i9j8AttVv0Js8RXyxadWb417pNWwS5vZtHTLQ5vSsXc3LLY0KtW1Xk+RDcFWDZJj8nfs6npvkNNj3hhVS5UrW2rwrBD9jpBd082nh5B9qmcubmZ8L\/AEefWiJx2WxqFbPvV1ukhz6bss\/zD6D6YVY0RCtXbOfRfT47yDAoVI9V3vW6mLeOzABVJMMGenVzMPY8+zJxlMgIwaRiSZq3uvm\/KXa9+lGJ60D3bIHhUerHp9Sxs3uc1tTFbdfkXPVPk2BadZzOK5QFVLUo3bxm5OXo3O8wE8izvTOQFuD0c0tbP+q3Z4yjA4KKylMK08GhKXS0hPTLWJVFk1bWXaPWd9\/Ax8i1078p9L26aQplvHLWXN+LcTUrX\/Qust9RyKLe0giHFoxdDpZuZzfpfiAZNKRAxgxCTOIOp654bJ52s8RLNKdrRgS\/jBpH3dGG52nK0tTb5mG1Vjyeq1jHzNY9Gb41vSnUmaJMzsamVPIr0Ld\/HYdgFjPLFjCi5Tk+lYu6dUjDxS0QzptYzYyu2CU1WGe4COJQeACagYZ2TRoWdPKs6f03GsKRrJVVwOZ47k+eBtej+iZGfjJtPasDi9ZnKgRBk4FHuvD2IpuYEIorlmMHpGFyFiN+nSlKQybYrXTc1myrR6HW1Rrfw7Oxk1cjeqUaF2T5ebo6CjQrl0atEGrpV8EmjIWJhaDTO1EIYRGpvBpSb69FKaGPEJqZ9epSGNrFVQjeuVIhDfs5IGyYXz6L5A+fwxhJZESp330C9QZLqzeL52vyOdLd9U6m\/wCbcVayT9NpSvocVAsK0qeLz2vV8yISUplDGE5vNxm7vlMErX8yE4qHSXKvd8bzliy\/QB9I57nN7oewwOMLHPFYpRwta8KnVuX84WfqwMreryJ30dbjJBXKGlAYRIziimZnmvryDIdeGclo4xMeYxzlXieR40ziC8aVc9fU1cezz2gLhE0S2qZ26b6OJUKd+L5LkeL63q9juuhq+WcplVhbO9Zu6JGaBYADChhc31PD86Qs5TKODyeTsHveaqZ761OhMsU+iPf1\/PxWl0\/R55h1NH0\/E5bO2qeVRhcqxx9G7SWmEWdmg0dUubl3pWM\/NvqlEmQ8Bshp2TvJmg\/14DKq6Gazqp0mAqEEMhqMpaFOuZqQnctO+bQyBZuHHtPOwMM9qjcpaO37r0wZ0PPuHp91p9lr38XiuK5+nZPpXC39GzNGVSsOgPA5jX4UJDTlMw2SnJmD6t59QCTd5iaLAJrnRbmRxdwul0ezyMN4PSY93Bp7kucpXjNjq1Zt5OPDZLGjrjpDW3n066sZ2eikxGJJhxi6Zk6jP62y6NQaiUa0QKrlHjFKEWClERdOrIQKD18C+s\/Tp5TMdQnG\/Z1\/RvU8zluT6d9VdIXE5vmuOztveoxka5pXivJVQ1csOJyo8JylI5DOJTm8R7fQ89gQ6LLz52wMNbu\/W5N12WrQr1BdRuciTZy8dalHDLc28epiblxxvlGJjY59jRr4bXTZlCTlMUGZKy9vQFUChjE0Y\/WoeRIAo4jt264c4edalS0rWeCYblvGayiVIVaz4Nq3RYSs2KuXMd2rf6Lnu\/8AcB06N9Ys7PJ0sUiPpUa4jWtO7Ydx0oVaGZzXJEziEIWRDuJyygwvUfO7eJLrePrW5tZo3ujzR5c+m6zD5+4bM6a3m5XY4uAYW1TzM7Uv3MgMp1BUdGIhCsOWJh1xUHmWrRs38h9RQkckZ2gxYH0="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1484319043665,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1484319043665,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":665565,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAaV9AAEAGi3bAqAEHuBnMGc+eAFByPGEHAAAAALAC\/\/9NegAAAgQFtAEDAwUBAQgKH2ThCQAAAAAEAgAA"}
00439{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":688511,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lm4GcwZwKgBBwBQz57u7DQucjxhCKAScSCMigAAAgQFtAQCCAr\/\/D2rH2ThCQEDAwU="}
00427{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":689999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VAZAAEAGoNvAqAEHuBnMGc+eAFByPGEI7uw0L4AQEBUcSAAAAQEICh9k4SH\/\/D2r"}
00758{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":691581,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"gCqoTGHM5JjWH70UCABFAAEpIqVAAEAG0UfAqAEHuBnMGc+eAFByPGEI7uw0L4AYEBW0VgAAAQEICh9k4SL\/\/D2rR0VUIC84N2IzMy9iZWQxMjIzYTAwNDBmZGM5N2JhYzRlOTA2MzMyZTQ2MmM2ZTg3YjMzLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTIubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-00724{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":671,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1484319043665,"flow_last_seen":1484319043691,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-2.nflximg.net","url":"art-2.nflximg.net\/87b33\/bed1223a0040fdc97bac4e906332e462c6e87b33.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
00427{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":731268,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0CfxAADwG7sW4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6snlAAAAQEICv\/8PdMfZOEi"}
02378{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":731823,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCf1AADwG6Ry4GcwZwKgBBwBQz57u7DQvcjxh\/YAQA6sJYAAAAQEICv\/8PdofZOEiSFRUUC8xLjEgMjAwIE9LDQp4LWFtei1pZC0yOiA1cVhUSW9uc2sxWGxtRWIxK25XQkdkRXJ1UFViU2ZZNjFrQVk4YWdCdDREVEw1WC9YZkFEdmp0ODIxa29hdzE0allPK1pxQzJkRlk9DQp4LWFtei1yZXF1ZXN0LWlkOiA0RTY1M0RENzJEMTYzNDhEDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDAzIFNlcCAyMDE2IDA3OjMwOjM5IEdNVA0KRVRhZzogIjE4MTlmMGZlNGZlYjViN2M3NWUwNTZhZTUzNmZiYjdjIg0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogMTU3NzkNClNlcnZlcjogQW1hem9uUzMNClRpbWluZy1BbGxvdy1PcmlnaW46ICoNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MjU0MTkxMzMNCkV4cGlyZXM6IEZyaSwgMDMgTm92IDIwMTcgMTk6NDI6NTYgR01UDQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjQzIEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQr\/2P\/gABBKRklGAAEBAQABAAEAAP\/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRocHCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv\/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv\/AABEIAPwBwAMBIgACEQEDEQH\/xAAcAAABBQEBAQAAAAAAAAAAAAAEAQIDBQYHAAj\/xABKEAACAQMCAwQFCQUFBwMFAQABAgMABBESIQUxQQYTUWEiMnGBkQcUI0JSYqHB0RaSk7HhFRczQ0QkNFRygoPwJUVjNlNVoqPx\/8QAGQEAAwEBAQAAAAAAAAAAAAAAAAECAwQF\/8QAIxEAAgICAgEFAQEAAAAAAAAAAAECEQMhEjFRBBMiQWEycf\/aAAwDAQACEQMRAD8AiK06JMyCnlamto8y+6vXPPGtH5UdwK0E\/F40blhj+FIYvKrTs5DjihfHqxmlYh9xE1pMVb3bc6a4juoDE+N+RPQ1oryyS8t9OPpAMqayrB4JWRhgg4pqVgiGNjZTbjAGxFWJl2BG9DyRi6iDY9NNz5imxMQNNK60MsI5VYaTyPQ0En0ExQgaSenKkRjnrU08feRCVV9IbNRZSKm9zHIdPIHI8N6hhmZVcmCNlI8KNkiWdlDnSNsnwpwto0XQsqsDttWblstAwjtLmFDHaGGVGGpg5IYezpRzwwxxyMrAkrge+iIrPh50gGQMB0POifmdtoZBLz+0KanX0VQCltGIVMd+InIwVMbYI9tWNpaTsrJA8MxO+A2CfYKS54bPHGmGEkWPRI6VJHCYo1kA0MDtipu0NCJH6QYjHlT5iMbEYqRQBGATk9ajlUJud89KRQIcq2TsPGpe874BIth1NNSF7lsHkKsLe3ihg2G9JsZCjMltpC75Ip6NIn+Vg+dGxxBYCQPrcqXSx20jNSwAy8rAAou\/lURLqem3gKs0RtthUgiHVB8KQAllcCKUl7aJ8\/aSr6KeycDVZovmKGt+7QHVbq1HGW1K+lbkew1nIpDLm4s2tjEVkCg5AXFZ+6t7bvCY3cLjbUKsrqaxUnMgQfeYUDJLZyH0LhDt41UFQmVptC41K4PlU8cUsYwRkVPHCjN6Lq3sNFGIqAQc1rZBXSqjRkMo99DJbiKNnUHU2w8vGrOWAk5IpjRkR7A="}
02377{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":774654,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCf5AADwG6Ru4GcwZwKgBBwBQz57u7DnXcjxh\/YAQA6tZVQAAAQEICv\/8PdofZOEiyAapMllYYiozyHjivIMNgDfnVgYg6nHKvCFeZFaKRDA445O\/VwMMOvjRTtrQEesOYqVUGjA50ix+mDjBH407JYIVYE5GPCm9yWb+dHtEHfljypNGNhzo5CA+76+6p7eNo31cvOihCrIC1PSPJxiochItrGOO8jyy4cdfGrGKAxHFBWEfd+m2y\/zqzQltzXHkbvRvBJjwKWvV6sDpPV6vV6gD1RsNt6kprU0TJaA5F9LV1FQSruaLk2zQr8jnpW0TkkZTtZEXgt2xsHI\/CsoYPKt1x2PvbJScbOKzZthXXB6MmU7Q4qPus1by24AqHuABV2Ire5x0qN1JGAKszFk+VMaAcxyosCpxRljHmRj4Cgg1W3DF1I588U5dFEpiq14BGFmnc9EAHxoTR5VZ8JQaJh1JA9tRYFrEYjZI65WQsQyg+qc9areL8M7+E3EO8qj0gBzFFsVTGOQNGWzGZJXGnQDpyDy8qT0Psw8UrIwPIip5I1wJE9RvwPhRvHuGfN5Dcwr9Ex9IDoaq7e4Ayj+o3Py86d2M8cq2xoq3m0kjoRgioZE5r1HXxqJJMHFKykPlhUSEOGPsomGCwkiHfPLEQcZCg1H3pKBlOGX+VEQXUsSI2I5BnPpIDS\/wtHhbxQXCNDcGWIg7lcEHzFSyKJUXSd9VKjrJcs5REVhnSnIH8qdIoQpjcZOaa6HQRFb3cSBUOpD0DA0XCZYl1TQ60Ox25UNHLGzj0WXAwMVe2duZYgIpD6Q0urCspfpaKm4RAA0IwrfhUccJkHpD+taG+4UqQpoz6PPzqsEXdncZ8qSkmiqI+6EcWyjakCEn1elH22kvplHoPsfLzofiFzFwwMZsZGwUczU8t0Xx0eVW0svnTglZmbtLc6j3SIi56jJp0faibTh4Ec+IOKYuJqY0JPKpwhGwFZMdqZ1YEwRgeBJq3te0\/DpkUSymJ+oYbD30nYuJexZUZZFPurK8a7RySyvb2SrFGDgyD1m9ngKu+IcSjh4FcXFvOkgK6VKtnBO1c87\/AHJz1pRSbtg0wgEk5J38T1ohZCqEA7mgBPThcVoCTC1dlbKkg+I2q64ZxNwyw3B1KTgOeY9tZ5ZqnW50ke2kHE3BjGk5HlQ7w6QQBRFg\/wA44dBMNwVx76kkToDiiMjOSKnS0edjThGXBOdqJlQ7eVD94YyR8a1RDQqpgU8pqzjpXhuARypsTnvMedMhoawc4IG\/868o1DJ2PhROkhs8xUEuQxZdjR2KhVBKhafG4Q5YHSPxpiy4j1DbxHhToEkYiRx\/yJSYUWdtJJIylhj7K+Aq3jGFFVNsSgJO7dasIZg1cuRGkHQVXqQHNLWB1Hq9XqQnFAC01qXNRu2BTREnoilO1ASgnJzRcslVtxcBVY5rfGmck2V\/EmzYuvPBB\/GqLerW7lLWMr5ztmqQXJrpSozFmDaeVDEtUlzcEQk+BoA3h8apIQQSabk8jQpvfOmG886qgKtWrQ8HTNoW8WNZhG3racFh\/wDTIm8cn8aMmkWkSd3XoeJR2V2LafaGUAl+qN0NG91tyrLcdkCcSKb7IKyTKo2MwfRr9EgesehHQipYJEQOVJGohiM7ZxzrMcC48qKLG8f6Jto5D9Q+B8qu5lktpWJ3U45cq0WxVRbejcRyRSIWT1TttWJ4tYPw27K790xyhrW2chEbBZNSuwdh0BxikvbWPidk8ZHXZiORqKopGPt7jvFEZPpD1fMeFemQj6QcutAXUUtjctFJlWU7GrPh1xHc5R8ZbYjzoLohjlwamjYgkA+jzFCXcT2dwUbOk7qfEU6KVWGkn2Uk9lqJaQyldyBiimlUxIQM7kEVURsFG7YFEwznQyk7Hl7aqylEs4snnscbVd2GtpVEbFdWNs1m45XJB1Crq2uxAnersQNt+tRLoqi74hcMAIlfUQMHHjQMRjXPefg="}
@@ -302,19 +302,19 @@
02374{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":922830,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCgNAADwG6Ra4GcwZwKgBBwBQz57u7FYfcjxh\/YAQA6vLgAAAAQEICv\/8PdofZOEiECqOW3XzoSYo6SFWL6Dhgv1c1adlLRS2lyEmdwcjbOdsVc29yrW7sPVHI+NZmbQHYruAeYOwo+0mkW1ZHI0MDy6e6g0IUv4kuYBOnfW8RKqrb4H50O0ObaGbWpEjMuleYx40K6MX0bYPI0qlkICvyOcVkzVBXzWCJySpY41HDY2ry3yh9McbeWps499MtbqAiQOhzpI9alC2rBGhSUTA+lqYFSPKj\/DRfpaQ3TNbMJslcADyNNgWIoV1kFQW5VVGchCrasFsgDwoqExCcNrcAjFS2VReWjRFghk0LjmR1qygCowKvn3VVRiF4kZJGLZ9JSuMCraJx3bFVUBVzkmoYg+FgQcHajI5Mms9HdelgHarG3nOASaykgovI32qagIpOtFK9QyGiWvUgbNLSJOf9tpjDxePfYxgiqy37QKLQW13H30B6Z3XzBq3+US2bXZXKg4IaMn8R+dYNtQU5B23rgy4Iyk7Pc9NJSwxCr6NDcYgbvEc+gQNz5Y8aAubOa3AaWJlU+IxnyppkZQTmulXHDZJvk4ijmbVP3Qm1NzBO\/8AKt8cZRXehZsiVfrOY8XklfiMyySmREbTGT0XoB5YxVYRvVvxC3YQW07JjWmknzXb+VVJ2NdMXa0ZSVETdaiYipXOxobqa1RnJi5wPfS97g5O9MbHOoyc1ojJs2nY3ttPwC6SC4kZ+HSN9Ih30Z+svh5iuw3N8ov7WNGyr7HB2ZWBwfiK+ahkkL0NdS4T2heQcKgdjJNbWuZJCeTYIA92fxqJwt6MJx+zR3swlu5QvjufGoInCuVx5gGhe+OovvuetRNdrHqyQK74xpUcbJ5JnaQMxB9KpJJ0ktVRuhyTnlVXJeMR9CpJ8TUMhZlAlJDt51VEBlzxJIwsYOTjGR086qL2W6VsB9KncMN8++jhYSOqsYw2eVIeG3BhYSYMf2BzHso0hFAFaRiWcFifDerC24Jf3AV0Ux75DNtV5w2ysgitFENSjJLc6tWmUKpLY25ZqHLwJszsnDoobpPn8YlGMd4mwJp1\/wAFiu7y27hhEpTSBjbSPCjr3iHDwvdTyqc81B3zQdrMbXiYQlpFXkRvtQSQ8UiisLSztcqCsustpwT76t+HhI4i+oBSdqpu0EL8S4kohdQioBqY4HjQ0NqzKEm4gdIH1NhR2DLviUtrJGXM6JMo9FvHyPlUVpxmSSxDLE0pQ4OjcihY5eB2Ns0rw95MDgGb0ifdVTedo3lcCHKxDoMLn4UEl8OKcRnbEVusfnI2KvuzC3kfFJGvLlCXjIWJR5g5rn69ozHC\/wBGO8Jyp+zWs7A8J4hcXR45eSOsTIViVucmevs\/nWeVpQZUE+WjoWqsn8ok8SdkbhXdVdmTQCd2IPT3VouIX9twuxlu7pwkUYyT1PkPOuD9rO0tx2g4i00hKwr6MUYOyj9a5cONylfg2lKjOyMSxxXoeHXt++i1t5ZmPSNCf5U+B4kkV5RqAOSvjXRR8qtlY2KQcO4NHA4UDAxgfCu2UmukZI5jE+wq44RxWfhd7Fd20hSSM5B8fI+VWnaThHD7S\/Is9Ohhq0j6tZ6WDuxlCcVSkpIZ9FdnePW3aDhi3MJCyDAljzujfpVhc2qzrqGQ45EGuBdle0VxwPiKTxNlTs6Hky+Fd64bxG34rYx3ds+qNx7wfA+dcGXG8crXRvFqSpmee6illaGGeKSRGKvGx0up8MeNBzqxjYqpVgc71P237H\/23D\/aFh9HxOFdiNu9X7JPj4H3Vza17Q8f4QzIzSSIPRZJl1AY6eVb48iaM3jo20MItzM8YIaU5dWOMnxqNbu5hjvLc47qR17th08c1S23bW1lJF9aSQMw9aPcfCjGv7O5OqzuIpSVPM7+8VsnGQJNEN98yfhJmhZmuBc6MDYezH51PHBNaGLv1VTLGGAzvv0qiu7O4Q6tBwc="}
02383{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":948847,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCgRAADwG6RW4GcwZwKgBBwBQz57u7FvHcjxh\/YAQA6sxIQAAAQEICv\/8PdofZOEiwG9TWfEZ0ubZ5QsggwgDD6o\/Os9pmiJOIo8V0rLsCNsUKCPrsFz1q3uZ4bqGd5AQ+pSpOygHOaqryBIZJIWkDKuDqUZ51MjSJMRaRRERy6yeuKliNskmTOdQ2oVIrMWxY3Dh+WCmx\/GllhhEyCC6WddO5KFSD7KjfRqixQWkjJG1yACeeKP+ZW8Dr3c6SLzqk+bxlULkZ8aLs4oBJ\/jKB186TTvso0trG6FmXS0ci4K0G80pL+iQvLFFW1gkc3frOkkajV6J2FF30Ea8NjkR1bXkkjxpE2VVq4BCnOau4WXSCM486zavmYKANWedXEVwYwV6EAnepaKZeQyEpRMcu1UUN3nbcUZFPvjNQ0S0XSPmpVbNVsNxvjNFrJUtENDOLWrXnDpY49Pegao9QyNQ5Vy+XitjPE63lkqTbrrh9HBHivI11pG1CsJ2t7GT3d0b3haKWkOZIi2N\/EVz5cEcjTfZ1+lzrHcZGGtLb59xGC2jB+llVQPaa7RfxwNZfM5HWNZF7tcnHSsn2O7IT8Puvn\/EQqyp\/hRg5x5k1N2o4dxq+4zE1rAZLVEGnDADJO+aMsZKDUezSU45cqV0l9mc7U8OWy4VbxLIjGOR19Eg5BOR7MVhZBh66pxbshMOzs0gJkvQRIUU7ADmB54rl1wjKxyMGqwKUYpS7NXOM0+LsEkND45+2p3NQsa60Ysif1TTOQoiOCS4lWOJGd2OFVRkk1fjsNxNymmW3AYAtljlT1GMb1pFN9GUpJdlfwbgN3xNWnjCJEpxrkOxP51s7GxteFW7CPMsr\/4krfWP5CirfhPzKxitojlYlwemT1PvNeghLyKkh0rmumEUtnLObl\/gM8txJnfCjoDT0hklhzoyB41Y3FukYzENxvjxpIbtH0jIGdsVpZiyFID83GkjJOBTIkWTiJhODjGamMRFwHUgIDlh0oJAEvDL3wDHPup3ZBbyzfMZAwXVATg4+rUNxxeJGwg1sOigmq+8vYkwqK0mfWLnNBXXHAqmKFgiEYJA3NSokhxvJWuO+jiMMbDBJbmfZQV3MVuYkur8nJzpXYKPbVPLcXE2BDHI5zsQDTTw7iV3\/iBY8DILtvSYFv8A2hw2S7JaIZLZMj+kT50+ftSyl4rUJEmMGTG7edUsHBbiSNHlkOpmx3SD0sVc\/s5axQyaogWIAVppfV8dqWySlk4sO8JJLAjfNDia7nb6GKY+GAav4bbhthIuu4txpGdlzvUNx2giSRliIZAdiRzp0Sysfh\/FJcNImjPV23om17OSTf411pH\/AMa5pR2iZZxI8CyqBsCK1\/ZK24l2gl+dTxrb8NQ\/VGDKfAeXiamUoxVsEm9ITs18n1lOUur0SSRKchXOA59nhXRJpYLK1aSRkigiXJPIKBUvoRR9FRB7AAK5D297XtxKY2Nm5FpGdyP8w+Ps8K4vlml+HTSxx\/Sr7a9rpeO3pjhJSziJEaeP3j51iZJMmnzSZJzQrNk13RioqkYN2PXB5717IB2ApAdq9pobAsfnjyvrdiSepNI8wKHwqmW7AHrU43eoYBpJMoOilw+xrfdie1T8IuxHKxa1k2dfDzFc2herK3mKkHOKqcVJUwTo+noZo7iFJYnDxuMqw6is12k7OfOtd5ZkxykYmVR648ceP86x3Yntn8xdbK8cm2c7E\/UPj7K6wrK6B1IZSMgjkRXnSjLFI6E1JHHeJcMzEtpfKCrZMM6jBU+dUV72avLN10qWBAOqPfGa6h2u4W6rHdwoGgR9Uo+x5+yqmHiUTquoDwrTnasVGAju+K2I0CV2TGNL7\/zpo4pICC8ZRh1FbyeKxuHyyj0uYxQb8Jt5V0RSCPB5YBFP3Ckigg4olzAYJMb9c4qFhLnvUDbDbrRlxwIXjztGqxzxnS4HqsfEeFCQ8P4rZSYB0RnYsTlaHNPstR8D4+IzKoY="}
02379{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319043,"pkt_ts_usec":974371,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcCgVAADwG6RS4GcwZwKgBBwBQz57u7GFvcjxh\/YAQA6tYCwAAAQEICv\/8PdofZOEiUoXVg2CgI+FOF\/Je3TzSiNWI30IFB91RTQaEM0ki6idtK86FhUvJpSVUP3ts0r2aJFr87KhVIUhV5kc6Isb0iZD3UJAOcMuxqr+k7rBZGI9HOd8Vc2XDnkgSWRwi9MCm2Ms14g3f96ERV5lAPR+FMMspTY+ieYzQkkXzcsAzMGGxqVIy4UhDgb5oAmWIvMNPxBq6s7YtCVZHLjnvtiqu3wuTobVVmL94oO6UEdcNzpMTJXjjVdS68dc+NIkm+AdqgS+dwzORnpvioWunZjhQM1A0XUMjLgmrCO4GKzsF3ITkjYbVYrIWUMF\/GlQmi5jucYowSK4x1qij70gej+NFJI6kAg1LRDRY5KnepHfQmaEW52wyk16a6TuORzSomiQ3APOsn2i7L8O4sjvGi2t0dxIg9En7y\/pVobsF9jvQ8jZbJfatFBFRk4u0c1k7CcY1lVNs2\/PvcZoq2+Tq4BDX15HGPsxDUfidq3wIO4PLlSM5HrYwfGtVBFPNIo7Tg3D+Cxf7NEO8xhnfdj7\/ANKnjlBOsDONyKIuzFjnk0BJI+MJFsK3ijFu+x002csgKsevlQJYCcuSSOWK880jPk4WvAQpHrkcs3lWiRI6S5RU9NuY5k8qAW60aggJY5xpFEiWLQSIgd+tDTXZzkKigc6tEDRJdPgH1RyGaabSWSUaptHUgdBUEnEJCh0SDA6KKClnldtlkJx060dCZdTQcPQZluC2BuC\/6VXtf2MTAR2wUdWAyaA7m5kGRBv5157O7lIzoU9B1qWyaLF+OxxH6O0LHG2s4oC541dXS6VWNBzwKjXhNzhi0hUdeQqSHhtgp+mvIyeo7ypsVAUc9w0msz6Co5hgKie4d3zJO7jwLGr0Q8Ahjy8qk+KjVQb8U4REQILV5MEZLbCgkr0dDMD3RK+Cj9acY5ZSSkDaeYB8M0avH7MPhbUKgHPFabspbntHdlYrQR28JHezHkPujzpOSSthV9A3ZTsjdcbudd2oj4fG3p+Ln7K\/ma69DDFbQJDCixxoAqqowAKS3t4rWBIYUCRoMKo6Vk+2PaleHwvZWrjv2GHYH1fL21wylLLKkdCSxq2VnbrtXpR+G2cno8pXU8\/IeVcnupC7E86NvbppHZmOSetR8OnXvirAHPiK7YwUI0jncnJ2ysjsby7YiC2lkP3VJo6LsnxZyO8gWLP25BtV\/HdtC4KHGKube8W60gAKeoqJZGuhmYi7Gz\/5t1Go+6pNGJ2StFADzyseuMCtHI2GYCo1YbGsnkkOjjqxxH6q151RfVFNXGeXIUx2Bk25V2IQVG3Ki4pKrkaiY2piLWG4KEEGt32e+UW64RZfNZoVuY19TU+Cvl7K5ur1Mr1EoKSplJ10dbPyqiRSjcLRlIwQZdiPhWKn4g7XUj2zGKFmJSM76B4Z61nkkOedTrMfGoWKC+iuTZfR8UuVO8in3VPHxaZDnIJrPCY+NPEx8aHjh4KUmaS34vJHrLbs7Ek5o2PjRMeh01DzrKJKfGiI5d+dZPFE0UmXzvFcM+Uwrrgjz8aGPDIypw5z0zuPfQ0U3nRaS7c6h40WpsanCEXBWZvPpVnAb2IKonRohtpIxkUKktTJJ51PGi+TJpYdbFgdOfq52pYRNGAMrjNR95vzpwfzpj5Byy43xg1IZsgDOfHNV4k86cH86VhYerounG467UoYchQYfzqRXpMdh0EgiBzyNHxXsCEZJHuqlEm3OvB6VA2aAcViX1WPvFEJxe0xhnP7tZjX50mvzook1P8Aalnj\/HI\/6TQlxxOJ\/RVzp9lUOukL00gLT58gHrMfdULXm+R+NV+ukLVaYixF6V5MfhTJb3UmyknPU1Xl6TV51SkyWFNdsUOV9LpQUsk7DC5weeTSl6YZKtTZJGI364Appjcn0pGIp7PURkquciWxvcKeYc++mmJEO0TEe0U="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319044,"pkt_ts_usec":993872,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"gCqoTGHM5JjWH70UCABFAAAoz5tAAEAGHmfAqAEHNBhXBs7BAbvkIOdlTYzTZlAUEACWDAAAAAAAAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1484319048757,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1484319048757,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":757894,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"gCqoTGHM5JjWH70UCABFAABBS2MAAP8R7O\/AqAEHwKgBAeL2ADUALZ5c\/mQBAAABAAAAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAQ=="}
-00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1484319048757,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1484319048757,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00598{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":776187,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"5JjWH70UgCqoTGHMCABFAACy4UZAAEAR1ZvAqAEBwKgBBwA14vYAnkKZ\/mSBgAABAAUAAAAAB2FwcGJvb3QHbmV0ZmxpeANjb20AAAEAAcAMAAUAAQAAAG0ADgdhcHBib290A2dlb8AUwDEABQABAAABawAbB2FwcGJvb3QJdXMtd2VzdC0yBnByb2RhYcAUwEsAAQABAAAACwAENsm\/hMBLAAEAAQAAAAsABDQr9VrASwABAAEAAAALAAQ0GfQx"}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":45,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1484319048780,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":796,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"appboot.netflix.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.201.191.132"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1484319048780,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":780859,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAtrNAAEAGzAfAqAEHNsm\/hM+fAFA6e8d6AAAAALAC\/\/+ZMQAAAgQFtAEDAwUBAQgKH2T0hAAAAAAEAgAA"}
00438{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":824981,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGmJ82yb+EwKgBBwBQz59tgW\/FOnvHe6ASRep1DwAAAgQFtAQCCApXXrqDH2T0hAEDAwg="}
00426{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":826457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0VQxAAEAGLbvAqAEHNsm\/hM+fAFA6e8d7bYFvxoAQEBXZhAAAAQEICh9k9LFXXrqD"}
00849{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":830359,"pkt_caplen":379,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":379,"pkt_l4_len":345,"pkt":"gCqoTGHM5JjWH70UCABFAAFtxNtAAEAGvLLAqAEHNsm\/hM+fAFA6e8d7bYFvxoAYEBUtNAAAAQEICh9k9LRXXrqDUE9TVCAvYXBwYm9vdC9ORkFQUEwtMDItIEhUVFAvMS4xDQpIb3N0OiBhcHBib290Lm5ldGZsaXguY29tDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogKi8qDQpYLU5ldGZsaXguQVBJQWN0aW9uOiBhcHBib290DQpDb250ZW50LUxlbmd0aDogMjI5OQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="}
-00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_tot_l4_data_len":461,"flow_min_l4_data_len":32,"flow_max_l4_data_len":345,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00709{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1484319048780,"flow_last_seen":1484319048830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":313,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"appboot.netflix.com","url":"appboot.netflix.com\/appboot\/NFAPPL-02-","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
02364{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":841019,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"gCqoTGHM5JjWH70UCABFAAXc5GhAAEAGmLbAqAEHNsm\/hM+fAFA6e8i0bYFvxoAQEBWdRQAAAQEICh9k9LVXXrqDeyJlbnRpdHlhdXRoZGF0YSI6eyJhdXRoZGF0YSI6eyJpZGVudGl0eSI6Ik5GQVBQTC0wMi1JUEhPTkU2PTEtODc1OUZDM0NFMDgzNjA2M0MyMTA3RDZBMDM1QUY3M0QyMzU2NzlBQ0Q2OUNBOTg4N0JGNjQ1NzBFQTJERkQ5OCJ9LCJzY2hlbWUiOiJNR0sifSwiaGVhZGVyZGF0YSI6ImV5SmphWEJvWlhKMFpYaDBJam9pVUVkVlp6Rk1OazE0TldkVlpXeDRhM2QxU2tkRFpUSmxObFY2Y0N0NUswWjNkVU41WVVKbVJHTnllblZZTVdkTldXcENTVEJ2U2xWVFRUVXZOamM0UldGcWJXVTRUelY0U21oQ01ubE9PWGcwTTJaTlQwNVJSRUkxYzAwME9IUlBRbU5KU2xab1dFWktORFl4TlZsclNsZGtlRVZaVFhSblNVcGtVVm9yWmtaMWQxcHpjek5JTTFJeFREYzRjWGcxU2s5d09IZFVORGRZWjFJMFIyb3lWVVJGZUZObVozRk9TalkwVHpKSE9IRktSVFJaYldGUmFGVnZkbTB4VGxremEyTnVPU3QyVnpGT0t6QjZVR1p1V2pCR1kwdEpSbkZSYjBKVmJDdGlWSFJaTms5dE55dDBRV3cxYUd0SE4xaFNVak5oUldsYVltSm5kMmMyUlhVd1JteHBSSHB2U0U5WFlYVmlkRGdyUmtnMlYyb3phWHBDYVc5bVYwRmhTREI0VkRJNGRuSkJXbW8zTlRsM1dHZHhWamhVVDFndmNFRXZObWtyZEZoSWQwOVpPVlZHUW14UVkxVlRaSFZXU3l0VWQzSTNVMGRqVVRkT1owZE1lRVp5YjFoQ1dHbzRibEl6ZVRGbFYzZHhVMlJVTm0xWllWUkJSbEZRVG1GaGVETmpiM0pSVGxoUFl6ZEtNbVV6VTJwdGVrbElhRlJ6YTBacldsSlNZa1p6ZWxCSFRFNWhMMVZZYnpGWWRtdGxjRnBhWTBzNFEyNHpaVzVCYlVGdk5EWjRMM1ZDYWxoUU5qZFFlR3RpVWtjMmJVOVJSMDlIVVdsSlZqSlRWbHBWTDFkS1NEUk1TbXRyZG1Wd2QwUXZhRmc0ZURKaFVFeDBRVkZPVDFBMVFtNUdiR2d4WmpOWVlVbG1OWG95U0VkRFFUTjVOMDVoYUVaNVZFWjZkV3RhU2tSYVZHc3pSME5KV21wamJrVkNkekJXZUZsbFVETjJhVWh3UzBwT1JTdHhiMWhFVFROb2VFMXdNalIwV25kRk0xbHdSSE42WTA5bWRIWlNOMnMxVTFoalVFZFFjV3ROY1c5YVIyVkNkM2hrVkRCWlNXVnlhR0ZFVEhsRFltRnROa3htTkhKTWVrbFdVbFZhU3pWYVpHWjFSbWMwY1d4dE9VRTlQU0lzSW1sMklqb2laWEZvVFZaak5VaFFiV1ZSZFZSUFYxZHJZemwxZHowOUlpd2lhMlY1YVdRaU9pSk9Sa0ZRVUV3dE1ESXRTVkJJVDA1Rk5qMHhMVGczTlRsR1F6TkRSVEE0TXpZd05qTkRNakV3TjBRMlFUQXpOVUZHTnpORU1qTTFOamM1UVVORU5qbERRVGs0T0RkQ1JqWTBOVGN3UlVFeVJFWkVPVGdpTENKemFHRXlOVFlpT2lKQlFUMDlJbjA9Iiwic2lnbmF0dXJlIjoieWZ5ZkVRQjVpTjVkeCttb1YyU0FhWnliK1NLMDdPVDVjazhPNE9VdjlZWT0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pUWpSS056SjFXRzQ1VUhRNVJqUmtRbk5ETUhsWVdWVlVRV3hYUVZwb1ptOURURWRETmpWMmJEaFNhbXhhTVZOUGMycDVhVGwwTmxaNVJsVXlNVUZOTWxOVGRVMVlWVXQ="}
01565{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":841212,"pkt_caplen":917,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":917,"pkt_l4_len":883,"pkt":"gCqoTGHM5JjWH70UCABFAAOH9QpAAEAGimnAqAEHNsm\/hM+fAFA6e85cbYFvxoAYEBVFHgAAAQEICh9k9LVXXrqDalZrRm9iRTk2ZGtwSGJYbHFTeTlDVjJWYVRrbDVTMnh2WkVkUFEyVm1XbkpMSzJZd2VtdHBTakF3VTJoNmJWaG9OalJ6VnpBMFZHaHFkRlZQTlhOUE9HMVNWRVJZYTNsV1N6TlNMemhLUmtOUGJrWk1RbkZ2Vmt0dE5uQkVlak5yWTJ0M09UTm5jRlZtYTBsU05sbzBVMUJCZUc4clJXMVZJaXdpYVhZaU9pSjRkazFvUldwNUswMWhaMGh6TDI1YU5tUnVibk5SUFQwaUxDSnJaWGxwWkNJNklrNUdRVkJRVEMwd01pMUpVRWhQVGtVMlBURXRPRGMxT1VaRE0wTkZNRGd6TmpBMk0wTXlNVEEzUkRaQk1ETTFRVVkzTTBReU16VTJOemxCUTBRMk9VTkJPVGc0TjBKR05qUTFOekJGUVRKRVJrUTVPQ0lzSW5Ob1lUSTFOaUk2SWtGQlBUMGlmUT09Iiwic2lnbmF0dXJlIjoiaVc3NjVLYXoyb29pUnUvNzNWVEZmM0Vha3QvZHlRR3g5M1VoL25kbmc4Yz0ifXsicGF5bG9hZCI6ImV5SmphWEJvWlhKMFpYaDBJam9pWTBSeFRYQjBaM1IyZVhGS2JVSnpZM01yV1dvM2IzUmhlVFZNY1d4b2RIRmtOU3RaTDBkU2FWTktla2RqUVZkNGJTdG5PUzlOVFdVd0wyTXlZVmhPVFVaVVkyMHlLeTlFVjFOSFMyOWFVRzkyTm14aGIzTmlSMnQyWmpOdU1VdEhOemhtVjFWaVpFeHdiMFU5SWl3aWFYWWlPaUpJUkdOYVRWQTVOMGhYYUc1RmQyVnlSMk55VFZablBUMGlMQ0pyWlhscFpDSTZJazVHUVZCUVRDMHdNaTFKVUVoUFRrVTJQVEV0T0RjMU9VWkRNME5GTURnek5qQTJNME15TVRBM1JEWkJNRE0xUVVZM00wUXlNelUyTnpsQlEwUTJPVU5CT1RnNE4wSkdOalExTnpCRlFUSkVSa1E1T0NJc0luTm9ZVEkxTmlJNklrRkJQVDBpZlE9PSIsInNpZ25hdHVyZSI6IlBIQ01yaG92VU9Yd29aQzVKdE1uTWwwOUZJdFo4S3Z5dmNhWHJKcmxvOFU9In0="}
00426{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319048,"pkt_ts_usec":884984,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA01UlAACoGw102yb+EwKgBBwBQz59tgW\/GOnvItIAQAEvoAwAAAQEICldeupIfZPS0"}
@@ -326,12 +326,12 @@
02363{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":32722,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXc1U5AACoGvbA2yb+EwKgBBwBQz59tgXgEOnvRr4AQAGHWQAAAAQEICldeurYfZPS1ck9VNVZWekZJVW5wamFVeERTbmxhVnpWc1pESkdjMlF5YkhWYVJ6a3pTV3B2ZUU1RVp6Qk9SRUV4VGtSUk5FeERTbnBhV0Vwd1dWZDRkV1JYTVdsYVdFbHBUMnBGTVU5VVJYbE5WR3MxVDBSQmVFOVVXWHBPUkVWelNXMVdOR05IYkhsWldGSndZakkwYVU5cVJUQlBSRlV4VFdwbk1rNUVaM05KYms1c1kxaFdiR0p0VG14aWJsWjBXVzFXZVVscWJ6Um1VVDA5SWl3aWMybG5ibUYwZFhKbElqb2lRVkZGUVdkUlFVSkJVMFJ5Ykc5cFRuTjBUM1owU0d0aVdFVXlUaXRFTnlzeFoxZHhjR05OWjNKQmNUVlFSalprTUU5TFRHTnFSMnRhYUdjOUluMHNJbk5qYUdWdFpTSTZJa0ZWVkVoRlRsUkpRMEZVUlVSZlJFZ2lMQ0pyWlhsa1lYUmhJanA3SW5keVlYQmtZWFJoSWpvaVlqRlpibXhzUVdwaVZWVjZiVzFEZEhoaWIwUmpRMmhGTWpVNFVuUndjRTRpTENKd2RXSnNhV05yWlhraU9pSkJRelZKTTJ4eVltOTNUVUZIVTNGbFJ6QllSakp6VkhoQmVXZFpaMmhxVlhKR1ZGbzFaM1U1WVdWTUx6WmxhR1ZwT0dKaVZsSlJOMXByUlhWV1NtTXhOWGRNUmpaaVR6UTJVRzVCTlVaV2VISXJXbWxYUW5Cc1NYbDZiV1psV21OSmRHMXhNa0pxUW1JeU1VTk5kRXR5VmpKRFEyeDZjMFJoVUROa1MwRm9ZM3A1TTFWU01YSXlXalZXUkVvM1pYTjFRakZZVFVKRVZXZG1kVXh3V0haUlkyUjJZM2hGT1dOaWJrTkdJaXdpY0dGeVlXMWxkR1Z5YzJsa0lqb2lNU0o5ZlN3aWRHbHRaWE4wWVcxd0lqb3hORGcwTXpFNU1EUTRmUT09Iiwic2lnbmF0dXJlIjoiY1hjQjJ0OTdyeTlmazJqWWhoY0Y2Q0oraTRXalVXTllpNWxENHdMcEpZUW0rbkRnM3hiTG5Gdi92Q1dXbkdsNjIyZm9wVEoyc3Y0MFl2cGI5UWFNZVBCWk9TS1RVcGZFQ1ZUNzZXdXdQT1pjRGVsYmRBbitCYysxSVBia212WVhOa1ZBM3JKZXhJb0cwbU9ERXVJcFBGcW90elVqOGxIZThuNWRORG1Zc3g5RG5idW52bFZpYS9pcUxvSS8vd3NvSEw5OWwzYnIwUXN1cExSZnJsNXlNRk9JZVR4aGwyNUt5S3BhMFdUOHRORkttcU1GMmQrWWJia1pwSWxxaW1nR1VscitZVHN1OUpKZU9vbytwL2xNb25kb0h5endyZkNzMklBY2dwK0R0dmpBWDcwZTFYS29VZmdBelF3Q3pFZDJTTEd2a3FYVFJVZ3M4TE1qR2NXMHFSaDBqMmJSTmpCNVBDdi85NVoxNXozb1krOUJsRURrakdrL2pDdWdPdVJnVHJUVHZST2RXN1p6bWFVVXhjRmErMVJqRHI5M2pBTDZGM3ZyNk9VaWVzMDA2dHBtcUtvTG1TWEdnMFNJcStrL0FZVU91cHc5ZkxKbW0zejQrZTdOYm55bUJYYTRpaElBajdtd1VMUzUwRHNhS25aSGN6M3gwTEJCdjllUVV4bVNTSS9KaSt2K0NFdmdLdEJEaTJ3czJJcXp4Rm9JcHpvKzU3cjh5dFA4dEFaQlhwMlZEVTZhblFTaFRsZWtKbTZ1am1YOUtuMmZBOFd0SGhsNXlhZHMyQmpqQUN2cGoxcnpRZGJwRWkrbFUyb1F2ZkpBYm5OdlYwYUlZOXhkZVl3WVYwd1FTdFU0d1o0WkQxU2VEbWRUTUNsSXpmR0xpdXdhMVJFU0VjOVphbGc9IiwiZW50aXR5YXV0aGRhdGEiOns="}
00426{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":34072,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XOxAAEAGJdvAqAEHNsm\/hM+fAFA6e9GvbYF9rIAQD9LArQAAAQEICh9k9X5XXrq2"}
02363{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":46603,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXc1U9AACoGva82yb+EwKgBBwBQz59tgX2sOnvRr4AQAGEUCAAAAQEICldeurYfZPS1InNjaGVtZSI6IlJTQSIsImF1dGhkYXRhIjp7ImlkZW50aXR5IjoiQVBQQk9PVCIsInB1YmtleWlkIjoiQVBQQk9PVCJ9fX17InBheWxvYWQiOiJleUpqYVhCb1pYSjBaWGgwSWpvaUt6QmtUbFkwYW5WR2VWUk1SRTk2TkZZeU5FSTNjVmQzYTFoek4ycHpXRXh4ZUV0Wk5uTnNTalIzYzAxbFJ6VllhVXhCTVVzNFkyRjVla2R5Y3pOQlduSm9aR1JyVUc1VEsxaFlWemRyTDBsV1ZtRmFZVlJHYlN0Vkx6aG1kRzExTDB4NlNISTJSbXhzYTJReVNqTkZiVUkxU0ZSMFJIbHdibmRaSzFab2REQlFVMGd2ZUZSRU4ydFZVa1ZpWWxSbWIxaEZaR1pYVmpORVprTkVibXBNZUVKWmEyNUNiREZoVmpsb1prOHpTbmh6SzBveVoxUkZZMkZQU2tSb1NGcDFWVE54Vm5vdlVHVnRVVmRWSzI1WGJUUjJjVXBvVERWa1FqY3dhMHN4WW1KWGEyeDNZazQzVlVsVmVWUjVhbFpUZUZoQmEzZFFPRkpNTlZOTmNVVlFWVXAxYVZsQ2FHZElWamh2TkVWTVkyeDRhek0wYmlzeVozSndhSFpzTlNzeE4zTlBVbnB0YjJsMVZrNTVPSEpWY0dKa1JYWjFaM0ZLYWt4aFZXcDNNVWxhVlZKRVEzQnVZV2R1Tm5kMFVEbFJWV041ZGpFMlNVdzNlVTlwVHpSWGREQkpkMjl4YVZsa00xbFhXVFZhSzBKellteDZVRTFDVTNsWmNWWkNkRlpqZVROU1FqbDVaSEZIVHpWemJqTkJaVFZrTms5Nk5GcFBRa1poTlV0Uk5YcGllV2x1UTA5R2JsTXpTbE40U25wTU16ZDVhWGsxZEVSVlprbHdiQ3RqUjJKSlQxRkJSa0pTUTJkeE9YSlhlbU5tV0ZCcWVuSm5OSGczTkVjclFsSlBSMHBOWlZCWE1tWkdTWFUzWTFsQ1ZVTklWVGhUYjBOaGJqTTBTMnB1Wmt3Mk9GTnplbVZvUTNOSFNFVkdNV0pFTkRBdlZXdFViVWtyVGxKR01HTlFiMUZ6ZUhaV1VFeGxkR3hhTUdKU1ZFc3hWazl6TDFaeGRrWnFWMXBMU0ZWTFpHeGxRV3h0WWxSa1ZUZHFSRTVKVTFsNlpuRkxNbUZaZFZGdGVscEVVWGR2UlVjeVFYRjBNMm8wUjB4cVdIVkdTRWRPZFU4elozTmFRVWRGWlRsMkwwRTVOVW92YVZZME1UUnViM1ptUTNvcloyTnpiMUZ6VmxSQlRYVXlNMHhqWVdNemVrMVZNRWszYVRoNk4wOWFSemgzVGtselRqQXZVMGR3VDBOVVdFZ3dWRGRYUVdkalozb3ZVbEp2Tkd0MlRIbENOSEZzWjNSRVVURTRRbTFpVW5kUmRtRmpWVFpCYm14VVRpdE5hMDFpYVhSdFFrbElSbWx5TlZvcmNDOXBUV1paTkhoSVNGZHhUMjl5UlhCek0wWnVUV3hoU2lzMFYySnBWVGR4ZW1WMVlWSkZlbVpzU21wV2QzbE9XVVJHVVVKSk9IRkRZVzFNWjJkVGJrbHFiRXMwY0hSM1NIcFlVMVl3YkhacVltTnVkelI2TDNoMmEwVktSMWtyVlZCUmFWTm1lR1JVUzBSWmMzVkZZM2xJYlhjM1YzbE1aazVTUmk5S01HTlljVTQxTkRBMFNVRk1lRkpaV0dkVk5ERm1jRU0wYTIwd1NtMVRSWFpQV1hWWlFXMU5VRklyWkM5cFpraExkMHhYYkVkNFZqZFJWelJoTkdGaE5FbDROQ3REYkV4TmRVTllUa3RQVG5CRlMxZE9hbmNyY21vd1lYbGFhMmxKT0VaQkwzRm9jMWxpWlU0MFlXbG9ibWhoVWs5UmQ="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1484319049465,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1484319049465,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":465573,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAjtZAAEAGjk7AqAEHNFkni8+gAFCVL\/AiAAAAALAC\/\/+toQAAAgQFtAEDAwUBAQgKH2T3IAAAAAAEAgAA"}
00439{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":510947,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGMwk0WSeLwKgBBwBQz6CC\/YxQlS\/wI6ASRerkyQAAAgQFtAQCCAqtiNcHH2T3IAEDAwg="}
00426{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":516159,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TN5AAEAG0FLAqAEHNFkni8+gAFCVL\/Ajgv2MUYAQEBVJOgAAAQEICh9k91KtiNcH"}
01297{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":518619,"pkt_caplen":715,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":715,"pkt_l4_len":681,"pkt":"gCqoTGHM5JjWH70UCABFAAK9sclAAEAGaN7AqAEHNFkni8+gAFCVL\/Ajgv2MUYAYEBXtIwAAAQEICh9k91StiNcHUE9TVCAvbXNsL25yZGpzLzIuMS4yIEhUVFAvMS4xDQpIb3N0OiBhcGktZ2xvYmFsLm5ldGZsaXguY29tDQpYLUdpYmJvbi1DYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXB0OiAqLyoNClgtTmV0ZmxpeC5yZXF1ZXN0LmV4cGlyeS50aW1lb3V0OiAxNTAwMA0KWC1BbGxvd0NvbXByZXNzaW9uOiBmYWxzZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KWC1OZXRmbGl4LnJlcXVlc3QuYXR0ZW1wdDogMQ0KQ29udGVudC1MZW5ndGg6IDg0MTYNClgtQ2xpZW50LVJlcXVlc3QtSWQ6IDE4NDQ2MzU2MTMzMDg2MjYxNjEyDQpVc2VyLUFnZW50OiBBcmdvLzkwMCBDRk5ldHdvcmsvODA4LjIuMTYgRGFyd2luLzE2LjMuMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ29va2llOiBtZW1jbGlkPTcwMWFkMzEyLTQ4MDEtNDdlNy1hYzAwLWNiMzdhZTJmNGFmZjsgbmZ2ZGlkPUJRRm1BQUVCRUpYJTJGOEFodHlLbFRicmt0TUhUSWRITkFYbUJNMFpuUEY2NDJwZW5HVEhPaXQzeDlyVTBwTG0wS0s3ZDhtb0J5ZDFROW9Fc2FRT1UwNXkxJTJGT1RRWWRPODZVVDFZVlVOTGpxVUR1WEU2V3MzVTdRJTNEJTNEDQoNCg=="}
-00701{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_tot_l4_data_len":797,"flow_min_l4_data_len":32,"flow_max_l4_data_len":681,"flow_avg_l4_data_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00712{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1484319049465,"flow_last_seen":1484319049518,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":649,"flow_tot_l4_payload_len":649,"flow_avg_l4_payload_len":162,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"api-global.netflix.com","url":"api-global.netflix.com\/msl\/nrdjs\/2.1.2","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
02365{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":529760,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"gCqoTGHM5JjWH70UCABFAAXcGHxAAEAG\/wzAqAEHNFkni8+gAFCVL\/Ksgv2MUYAQEBU48AAAAQEICh9k91StiNcHeyJoZWFkZXJkYXRhIjoiZXlKamFYQm9aWEowWlhoMElqb2labkJwTWprNE1IVlpRbThyZDNkSlNYQnNjMWhMS3paQ1ZFaERhM2RrYTFOU09XbFVUbWx3TVVZMU9XVlRiV3BUYVd4VVRta3ZORlJQYnpSeFFsUk1ZVmh4VlZkUmFFNUtjQ3RaUzA5VVkyVlJVVkJVYVZWbmFVOVRaM1F5YmpjeWNFOVdhRlZhVW5GMWJuVm9TMmRZVHpaSWRqVkJWamR0ZVRZcmFWUnROVUZvU2t4TFZsTmtWMDFYVkd3eGRTOUJjbTR4ZUdSTFZtaHBjSGsxT0hSeVdrRnZlaXRDY3pKSVR6ZFJWVEJvZW0xWk9ERnRjR1JNZUcxYWFUSjZWSGhNYzNWd0wxWlVTRWhNT0hNNGIwNDJjVkpwWW5sWGNuVk9kRkV4Y21adVNsTndlbkp1UzJSck1VdHBLMWxVYmxOMFNqWTVkMEk1VUhBd2RpdHVObmhKZW5wRlMwTlRaRkpHVVdwNE56ZFZVbGRWYTI1VVZGUTBjWFpEY25BMlUwNXFOMGhaTjB0YWVpOTFUV3BKT1ZscU4xSlJZMWx3T0hKMU0xUTRjMDFEY2pCU2EzRm1SVVV2VHpCVU5VWlRPRFpyUTJkcVJXZFNSVlJFV1d0UmMzZE1jSGxCYW5ZdlYxZEtNazl3U0U5eE9HRk5iM3BMZERRd1Rqa3JaMnhyTnpSTU1UbGtkbUpQTXpOdlRFWnNNRUpEU1hadU5ISnhhaXRST1VGb1VtWndaMFZqWldoRFZWTllPV3RVZUZsMlduRmhTMHBzUkdVNFFUSjFUV0UwYjNaNlkwMWxhMEozWlRkc1JIazFNa042ZDBGR1NtWlhlbVl6YWxWUlZVMXllalZFUjJkWWVXRlJhVlp5UjFOaGREVnRSek4xUmtVMksyeHhaVEEwT1ZSUFVqaEZLMGRRV1d4eFptcGFiRTl5Vm0xQk1sTldlVWhLZGpkMVYwVkVNV1lyTTFWa00wNVBXamQzTVZWV2NYTTNaaTlpUTNnNWRuRjVVbGhWV0M4cmMwRjJNMUp1TkRNM2IzZHdlV0phY2pWSFFWZFRNRWhTYUhGemNtSXpURGxSY0VjNFIyNXFSamxOWTBwT1owMU9aVEZvSzNSb1JtcElaRzVZT0hsb1VrNXlVVmhDUWxoRFZXUk1aVnByU1dkR01qUkJia3RDUlc1RWFtazVWRTF6YTBwalpuUldWMWhOYUVWVlprdFZNV0o1ZGk5RFdXTlhVWFpEWVdSNFUzQlJOR1JQY2tkV1NVMUhWME4xWm5SalVrOTJWV1pPZFZRM01taG1SMFZ3UldaVVJrc3JaV3d5VkRoTFVFcHliMWRNYlVoeVVrdE5SM0ZYZGxSV1REaHdabGhrZG1OcGFVSldRMmhOZDNGTWEzRm5PV1UyVjNsWVZWRXJibWs1T1hGc2NHWkZkbWMyYXl0MUsyeDZjRXcxWVVOcFUwZHlaMHgwV0VkNlNXVk9OMWt2V1Vwc01VeFJhMWhYYW5oTlkzRXZNMFkyUlV0eE9GTnFkakJ6UzJkMWVuaG1URkJpWVVkd1FuSmFXV1pKZFZGWmR6RXlVMlJVU1dsNFZHSmtjbEZaWVVsRk9HMVlXRE5rTXk5UFNVcEZSM2xxZVRaeE9FVkdXWHBIS3pkM2NVODVZa1F5YkdkSlNEQnVXV3hEYm01MmIyWnZlamsxYzNBek9WUnRXbnAwZGpsMFRFbzNPVWRTTjNCeWJYTlpZemhRVGpseWJHNTZPRWgzVGpKMGRUZzNhVmhsZDFWbU1qQjBkRVJVU1ZWNFF6WnVTMWRIVEZBcmVrSmxPRUoxVjFVMU1VTjNjbE5DYjBseFp6RnRPVU12WVhkaVZXRmhUVlE1ZGtseFltRlpjR1V3Um5sRlE="}
02364{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":529896,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"gCqoTGHM5JjWH70UCABFAAXcBn1AAEAGEQzAqAEHNFkni8+gAFCVL\/hUgv2MUYAQEBVu5QAAAQEICh9k91StiNcHWGhIUWtOR1NFOUhSVXRqUWs5R01rTXlVM3BISzB4TEwxazNTSHA0TWsxdlVGTlVlV1pzVkc5RVNEQktjMWczZEhGamJVZGpXR3hJVkZsUEt5dHNhMGxsT1RGTWJFMW1MMjlyWjFOQ00wOU1OVGh5Wm14RE1HMXhhalJFUlZSWmVGcHVSRTlrU2xSdFQwSjBibk41UW5nM1YyNXNhRGR2YkU5UE0yTjFhRk5LZW5reFZuRjNZMVY0ZW5Bd2RWY3ZOaXRwWVRoTWNpOHZTVzV3ZFhGak5VeG1MelJMZEZBeFduUllkbEZJVDFoQ0wzTmxkM2xYYVhObWJUZHJaamxwVFdaWE9XaG9NVnAyV1hWdWJtMDVabWN3WlVKd2NEVk5UMUpuVWpFM1MwbDBheXRuV0doQk0xWkhVRzlVZVVWVVVIb3JZMjg1UzBwRVdXTXdlbE5oY1VsSU9ISmFUeTloTm5OT1NtMUtUMGhqWjA4MVYzWTJTRWRIUTBKUEsyODRiSHBtVW10T1oyVXJkekJzZERBdmJWSkVlV29yTkVWR2VGSmlla3g0YnpGalZITjFXRkUwT0RWSWFYY3ZhSHBSYW5oTloxTXdNMlprWjNCdk5WVTVkRXRVV20xdFFYTkdUMUpYY0dZd1RsWjNRVXd6Vm05dFZqYzBSMGhaVWtwTmRsQlpSVkpDVmxwdkwyTkpTamRrWTFnd1VVRlFlWEJPWlZoalQydFVkRmxtWW5nNWQyMVdVekpXYW5ZclowdE1hWElyTm5kT01uVkxWbEJIUjBsTmRuQnJZM2xTYVZORVpYTnRhM04xUmxOMkwweDBiMFZqY0hOalFXWnlRME5xYW5seU9FWkhjRk52VDNOT01GZGFjbGRtTDNOQllUVjBVRTAxVDI1a1owaEplSGNyVlVsQ1dGY3ZiblJhT0hSTmQyVkZNSEI0VW1oU09HRjRMMVppYVhkeVZDdGxiMUV5V0haVGVHZERaWEIwT1dGaU5HTkVUMFpLTml0b2JFdFlNSEkxZURkWEswVjZUWGxSWlcweE9FMUNUV1JDUW5oWGVGVlpSbVU0TVZKRFVHVlpXVzlaZG5kWk5qUlZSMHR4TXpabFJqQnNXSE5EWjFkS2J6UlBLMXBDZDJsRlIwWlZUMEYwVVZWaVEycENTbGgzWXpCVWJVeFNTek42V1hkYVlVSjRVMUJOWlZoU1VEUmhiREZNWWtWWWEzbDFZbEpvUlRkM2RURkNSV0ZJV2tSUGIwdFRMMjR5ZEdWWmExVkRXR1JyYzFOaFlXOVpWekJtZUZKcGJrdHRXVU5hYWtsUFIwUmlSMmRKVTFOaldUZE9SWEZzVjJWa2FTOVdZVXgzTDFod1RHTklRVEZXVEZJNVF6Tm5iVTVVT0ZNNVpsVXJhMGRuYmtjNFpFNXVabGxOYURZNFptSjRTblZLYTB4WU0xRk1TMGRuUldsc1FVcEdNRXdyVDBSNFNtVkpPVXhCUFNJc0ltbDJJam9pTVVkRWQxQlZWbk4zU20xWGN6WnpWRFpoV1hCaFp6MDlJaXdpYTJWNWFXUWlPaUpPUmtGUVVFd3RNREl0U1ZCSVQwNUZOajB4TFRnM05UbEdRek5EUlRBNE16WXdOak5ETWpFd04wUTJRVEF6TlVGR056TkVNak0xTmpjNVFVTkVOamxEUVRrNE9EZENSalkwTlRjd1JVRXlSRVpFT1RoZk9DSXNJbk5vWVRJMU5pSTZJa0ZCUFQwaWZRPT0iLCJtYXN0ZXJ0b2tlbiI6eyJzaWduYXR1cmUiOiJBUUVBZ1FBQkFTRHJsb2lOc3RPdnRIa2JYRTJOK0Q3KzFnV3FwY01nckFxNVBGNmQwT0tMY2pHa1poZz0iLCJ0b2tlbmRhdGEiOiJleUp6WlhOemFXOXVaR0YwWVNJNklrSlI="}
00427{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":578403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0W0dAACoG18k0WSeLwKgBBwBQz6CC\/YxRlS\/yrIAQAEtWaAAAAQEICq2I1xgfZPdU"}
@@ -342,41 +342,41 @@
00429{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":607039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0W0lAACoG18c0WSeLwKgBBwBQz6CC\/YxRlS\/9\/IAQAGJK+gAAAQEICq2I1x8fZPdU"}
02000{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":612670,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"pkt":"gCqoTGHM5JjWH70UCABFAATMQ1NAAEAG1UXAqAEHNFkni8+gAFCVMA70gv2MUYAYEBUUegAAAQEICh9k96utiNcfSmFkVGR0UXpjd2QzbzRLMjlxVFVKWWVtazFieXRrVWtJMVNYRlRMM05CYlRNM09FMUVWUzl2ZUVzMk1XUm5kalE1T0VwTkszWk9UMHR0T1Vaa2NHZHBaMjFOTDAxSmFGVlRielJxVWpoelFqbGhVelZ2ZEV4UlNuSlhNbVp6V0U5UGF6TkJSV0pRWVdaR1pVd3JaMk53VVd4eGNXeFhXVlJNVTBsQ1RuRXpPVk4wVmtGb2RUUXJkVEpWVjFWU04xUlJMMDVRVVdkaFdraHVibTFQU1hkbWNGUk9jWGwwVmxsT1NGSkNaVTA0VEhwTVIyRlVLelV4ZFhveFVERjRTbXRIWjFoRFowSkVjSE5uVkZBeGFEQTFMMGdyUjNGSFNEQXZhVUl2VjJ0NFNVazFPVnBJWVRrcmFuWnZkSGhZY2xOcVNuSjRSek5RU25oV1V6aFNRWGhHV1U1cVpqQnNibkFyVFhScVZtZFRla3hOT0ZKalYxbDJWRlpWWlM5MFpHOXlhbmR6VEZabVVHOURjbkEzVHpVcmVrNDJhV2xIU0VOdmRXNXhlVGQ0Tmk5cldtMVVNRlJJWkhWMmNFZHZUQzh6WjFFMUsxVmFWVEZIUzFKcFkzb3dRbkpKTlVkQ2MwTmtSRUU5SWl3aWFYWWlPaUpYUm5wd01GSkVTMk5RT0ZBeVNYQllTM0ZKUm1GUlBUMGlMQ0pyWlhscFpDSTZJazVHUVZCUVRDMHdNaTFKVUVoUFRrVTJQVEV0T0RjMU9VWkRNME5GTURnek5qQTJNME15TVRBM1JEWkJNRE0xUVVZM00wUXlNelUyTnpsQlEwUTJPVU5CT1RnNE4wSkdOalExTnpCRlFUSkVSa1E1T0Y4NElpd2ljMmhoTWpVMklqb2lRVUU5UFNKOSIsInNpZ25hdHVyZSI6InBHVmRkbHdDelFzbjdFSnN2RVgwd3lJa0NwYmFmeUsyVXA1c1JXVnlLMVE9In17InBheWxvYWQiOiJleUpqYVhCb1pYSjBaWGgwSWpvaVp6VktWMGcwUVhsc2RtOWhNWE1yTDNKbmJERkljelpSVkhCQ1UyNU9XbGd5VERWeGFUWTBPVEIxYUhaaGIyWTBSRUpzV2xVNFMwNW5NbGQwUkhRME1raFphSGc0YjNsa1JUazBNREZWTlZWWVJ6WnRhWEkwVGtSRVpXbDBhVkF2VUZNMFFtTkZhbXh5WVdzOUlpd2lhWFlpT2lKRVQwUmxOWGRUWWxaR2VsSlViRmhIWWxkU05uWm5QVDBpTENKclpYbHBaQ0k2SWs1R1FWQlFUQzB3TWkxSlVFaFBUa1UyUFRFdE9EYzFPVVpETTBORk1EZ3pOakEyTTBNeU1UQTNSRFpCTURNMVFVWTNNMFF5TXpVMk56bEJRMFEyT1VOQk9UZzROMEpHTmpRMU56QkZRVEpFUmtRNU9GODRJaXdpYzJoaE1qVTJJam9pUVVFOVBTSjkiLCJzaWduYXR1cmUiOiJ2Ui9uTXBJTW5SbmU0YklpY1FONUJxQ3B0bzV4SmxRSVc3amxCcTFremw4PSJ9"}
00427{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":638023,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0W0pAACoG18Y0WSeLwKgBBwBQz6CC\/YxRlTADpIAQAG1FAwAAAQEICq2I1ycfZPeQ"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1484319049641,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1484319049641,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":641053,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABCJHQAAP8RE97AqAEHwKgBAcoQADUALkrZBBoBAAABAAAAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAE="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1484319049641,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1484319049645,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":886,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1484319049641,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1484319049645,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":645637,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABCunsAAEARPNfAqAEHwKgBAcx7ADUALmwlX+cBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1484319049645,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":887,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1484319049645,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00491{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":665892,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"5JjWH70UgCqoTGHMCABFAABi4UdAAEAR1erAqAEBwKgBBwA1yhAATkFkBBqBgAABAAIAAAAABGE4MDMEZHNjZwZha2FtYWkDbmV0AAABAAHADAABAAEAAAAMAAS4GcwYwAwAAQABAAAADAAEuBnMKA=="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_tot_l4_data_len":124,"flow_min_l4_data_len":46,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":891,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a803.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.24"}}
00428{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":666587,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0W0tAACoG18U0WSeLwKgBBwBQz6CC\/YxRlTAJTIAQAHk\/RQAAAQEICq2I1ywfZPeV"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1484319049672,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1484319049672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":672494,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAS8NAAEAGqRPAqAEHuBnMGM+hAFBgKjK0AAAAALAC\/\/92\/gAAAgQFtAEDAwUBAQgKH2T36AAAAAAEAgAA"}
00837{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":681348,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UhAAEAR1ObAqAEBwKgBBwA1zHsBUaLnX+eBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAABiAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAFYABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANChyo8BNABwAAQAAABcAECYgAQhwDwAAAAAAADQoMS\/ATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KQT4wE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCk7ncBNABwAAQAAABcAECYgAQhwDwAAAAAAADQnRIjATQAcAAEAAAAXABAmIAEIcA8AAAAAAAA0KBwAwE0AHAABAAAAFwAQJiABCHAPAAAAAAAANCh7ccBNABwAAQAAABcAECYgAQhwDwAAAAAAADQoNhw="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1484319049684,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1484319049684,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":684933,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAHF1AAEAGFLrAqAEHNr8RM8+qAbupwyRaAAAAALAC\/\/92fwAAAgQFtAEDAwUBAQgKH2T39AAAAAAEAgAA"}
00439{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":697401,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Lq4GcwYwKgBBwBQz6GV0BcIYCoytaAScSDlwwAAAgQFtAQCCAr\/\/IQ4H2T36AEDAwU="}
00427{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":700208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bmdAAEAGhnvAqAEHuBnMGM+hAFBgKjK1ldAXCYAQEBV1gAAAAQEICh9k+AH\/\/IQ4"}
00718{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":703194,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"gCqoTGHM5JjWH70UCABFAAEMARZAAEAG8vTAqAEHuBnMGM+hAFBgKjK1ldAXCYAYEBWbUgAAAQEICh9k+AP\/\/IQ4R0VUIC90cGEzLzYxNi8yMDQxNzc5NjE2LmJpZiBIVFRQLzEuMQ0KSG9zdDogdHAuYWthbS5uZmx4aW1nLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tdXMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogQXJnby85MDAgQ0ZOZXR3b3JrLzgwOC4yLjE2IERhcndpbi8xNi4zLjANCg0K"}
-00703{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_tot_l4_data_len":364,"flow_min_l4_data_len":32,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00714{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":902,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1484319049672,"flow_last_seen":1484319049703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":0,"content_type":"","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
00426{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":725869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0k1dAADwGZWu4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6uA6gAAAQEICv\/8hF4fZPgD"}
00437{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":740377,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z6pwpjzKqcMkW6ASOJCp2gAAAgQFtAQCCAqtikoKH2T39AEDAwg="}
00425{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":743556,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ddRAAEAGu07AqAEHNr8RM8+qAbupwyRbcKY8y4AQEBUA7QAAAQEICh9k+CqtikoK"}
01124{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":748048,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI5KeBAAEAGBT7AqAEHNr8RM8+qAbupwyRbcKY8y4AYEBVJ9gAAAQEICh9k+C6tikoKFgMBAgABAAH8AwPYXvBe7OTKRo\/HluRIJZi3JSt\/Gg\/Ui4yLFjBV5BYvDAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":912,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1484319049684,"flow_last_seen":1484319049748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02365{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":753726,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck1hAADwGX8K4GcwYwKgBBwBQz6GV0BcJYCozjYAQA6shgQAAAQEICv\/8hHAfZPgDSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjdlZjU1NjAxNmRhY2U5NzliMmFjOWM3N2M5NmRmYTE2OjE0Mzg3NDY2NzMiDQpMYXN0LU1vZGlmaWVkOiBXZWQsIDA1IEF1ZyAyMDE1IDAzOjUxOjEzIEdNVA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNvbnRlbnQtTGVuZ3RoOiAxMTMxNjEzDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MTk3MTc5NzQNCkV4cGlyZXM6IFR1ZSwgMjkgQXVnIDIwMTcgMjA6MDM6NDMgR01UDQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjQ5IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KYWNjZXNzLWNvbnRyb2wtYWxsb3ctaGVhZGVyczogKg0KYWNjZXNzLWNvbnRyb2wtYWxsb3ctbWV0aG9kczogR0VUDQphY2Nlc3MtY29udHJvbC1hbGxvdy1vcmlnaW46ICoNCg0KiUJJRg0KGgoAAAAACgEAABAnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYCAAAAQAAAGgKAAACAAAA6SQAAAMAAAD5NAAABAAAANhTAAAFAAAAEWIAAAYAAABYcQAABwAAAFuAAAAIAAAAyJIAAAkAAAAloQAACgAAAPmmAAALAAAAdrYAAAwAAAA1xAAADQAAAHLUAAAOAAAAkeAAAA8AAABK9wAAEAAAAEUMAQARAAAAOygBABIAAACuPQEAEwAAAFtUAQAUAAAAj2gBABUAAAA3egEAFgAAAIyMAQAXAAAAnJgBABgAAAALsAEAGQAAAEPMAQAaAAAAy90BABsAAAAd8gEAHAAAABAOAgAdAAAAZSACAB4AAAC2LAIAHwAAABtAAgAgAAAAPFgCACEAAAA8bwIAIgAAAKmRAgAjAAAA960CACQAAACQvwIAJQAAANrdAgAmAAAA5fECACcAAAAoBwMAKAAAABwYAwApAAAAeScDACoAAACLNQMAKwAAAONDAwAsAAAARVwDAC0AAABCZwMALgAAAOlxAwAvAAAAlokDADAAAAAplAMAMQAAAPyhAwAyAAAAr7EDADMAAACywAMANAAAALfNAwA1AAAAEdoDADYAAAAJ5wMANwAAAC\/zAwA4AAAABgUEADkAAAB1GgQAOgAAABQuBAA7AAAAmDsEADwAAABdSAQAPQAAAAtTBAA+AAAAVl4EAD8AAADybAQAQAAAAAZ5BABBAAAAaowEAEIAAABymQQAQwAAAMCmBABEAAAAQLEEAEUAAAAcvgQARgAAADHHBABHAAAAG90EAEgAAAAM7gQASQAAAIAKBQBKAAAAIhgFAEsAAABrJwUATAAAAL01BQBNAAAANUYFAE4AAACyWQUATwAAAJ1pBQBQAAAAGnsFAFEAAACojQUAUgAAAI+oBQBTAAAAxLwFAFQAAADUzAUAVQAAABLbBQBWAAAAMekFAFcAAAAp+AUAWAAAAIgDBgBZAAAAYw4GAFoAAAB8FwYAWwAAABEkBgBcAAAAtTgGAF0AAABqUAYAXgAAAGFiBgBfAAAApm8GAGAAAAD3ewYAYQAAAEiOBgBiAAAA4poGAGMAAACOqwYAZAAAAIW9BgBlAAAA8c0GAGYAAABH5gYAZwAAAPr5BgBoAAAABwwHAGkAAAApGwcAagAAAM4vBwBrAAAAtkoHAGwAAACSVAcAbQAAAMRrBwBuAAAAC3wHAG8AAAD5iwcAcAAAAL6WBwBxAAAALKoHAHIAAACMwwcAcwAAAOjVBwB0AAAA6PQHAHUAAAAyCwg="}
-00773{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_tot_l4_data_len":1876,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25":"HTTP suspicious content"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
+00784{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":913,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1484319049672,"flow_last_seen":1484319049753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1664,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"25":"HTTP suspicious content"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"tp.akam.nflximg.com","url":"tp.akam.nflximg.com\/tpa3\/616\/2041779616.bif","code":200,"content_type":"text\/plain","user_agent":"Argo\/900 CFNetwork\/808.2.16 Darwin\/16.3.0"}}
02381{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":781566,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck1lAADwGX8G4GcwYwKgBBwBQz6GV0ByxYCozjYAQA6uyYQAAAQEICv\/8hHAfZPgDAHYAAADiHggAdwAAANE7CAB4AAAAdU4IAHkAAAClYQgAegAAAO16CAB7AAAAlJQIAHwAAADCqQgAfQAAAJizCAB+AAAA+8gIAH8AAADQ2QgAgAAAAFjmCACBAAAAzvsIAIIAAAC3EgkAgwAAAIsmCQCEAAAAsT4JAIUAAABhTgkAhgAAAARfCQCHAAAAdm4JAIgAAAAYfwkAiQAAAD+RCQCKAAAAgZ4JAIsAAADarQkAjAAAAAW8CQCNAAAAicgJAI4AAADX0wkAjwAAAJDeCQCQAAAAxvMJAJEAAADMBgoAkgAAAHYYCgCTAAAAJC0KAJQAAABGPQoAlQAAAEdTCgCWAAAAYmkKAJcAAADiewoAmAAAAImTCgCZAAAA3KwKAJoAAACWwQoAmwAAAOvVCgCcAAAAjOcKAJ0AAABc6QoAngAAAPz5CgCfAAAAkQoLAKAAAAD7HQsAoQAAAI4sCwCiAAAABDsLAKMAAADgSwsApAAAACVeCwClAAAAYm4LAKYAAADffgsApwAAAL+SCwCoAAAAFKALAKkAAAAarAsAqgAAADSzCwCrAAAASMQLAKwAAAD23AsArQAAANztCwCuAAAAngAMAK8AAADRDgwAsAAAAJ0bDACxAAAA7DEMALIAAAAZPwwAswAAAIBMDAC0AAAAfloMALUAAABCZgwAtgAAACN3DAC3AAAAUogMALgAAAC9lwwAuQAAAFOmDAC6AAAAcrIMALsAAACeuwwAvAAAAF3SDAC9AAAAj+gMAL4AAACU9gwAvwAAAIQGDQDAAAAAfBQNAMEAAAC1IQ0AwgAAACsvDQDDAAAAvjsNAMQAAACaSQ0AxQAAAMtYDQDGAAAAAGwNAMcAAACXeQ0AyAAAAOuGDQDJAAAAZ58NAMoAAACitQ0AywAAANHCDQDMAAAAY9cNAM0AAABz5g0AzgAAAKbwDQDPAAAAwPoNANAAAABEBQ4A0QAAALAPDgDSAAAAqBkOANMAAACAJQ4A1AAAAHIuDgDVAAAAvjwOANYAAABDSw4A1wAAANdVDgDYAAAAOGIOANkAAACSbQ4A2gAAAGR6DgDbAAAAvYUOANwAAADqmw4A3QAAABSkDgDeAAAA1rAOAN8AAACFww4A4AAAANTRDgDhAAAATt8OAOIAAAAS6w4A4wAAAP76DgDkAAAAkRIPAOUAAABvHw8A5gAAAMIwDwDnAAAAYzsPAOgAAABuRg8A6QAAAFpXDwDqAAAAg2cPAOsAAAA+eg8A7AAAAB6MDwDtAAAA350PAO4AAAAUsQ8A7wAAAIrBDwDwAAAA7tIPAPEAAAAj4w8A8gAAAFbvDwDzAAAAWPsPAPQAAACyBhAA9QAAAFAREAD2AAAA6RsQAPcAAACoJhAA+AAAALgxEAD5AAAA+jwQAPoAAABwTxAA+wAAAPBfEAD8AAAA\/GoQAP0AAAApdhAA\/gAAAOKBEAD\/AAAAWo4QAAABAABVnBAAAQEAAJGpEAACAQAADsAQAAMBAAAK3RAABAEAACrtEAAFAQAA1v0QAAYBAAD9EhEABwEAAB8kEQAIAQAAUigRAAkBAABdNBEA\/\/\/\/\/11EEQD\/2P\/gABBKRklGAAEBAQABAAEAAP\/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRocHCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv\/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv\/AABEIAHoA8AMBIgACEQEDEQH\/xAAVAAEBAAAAAAAAAAAAAAAAAAAACP\/EABQQAQAAAAAAAAAAAAAAAAAAAAD\/xAAUAQEAAAAAAAAAAAAAAAAAAAAA\/8QAFBEBAAAAAAA="}
00428{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":783452,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0v6RAAEAGNT7AqAEHuBnMGM+hAFBgKjONldAiWYAQD9JpFQAAAQEICh9k+E\/\/\/IRw"}
00425{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":807153,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0dtFAACoG0DE2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD0OrAAAAQEICq2KShofZPgu"}
02377{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":807663,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcdtJAACoGyog2vxEzwKgBBwG7z6pwpjzLqcMmYIAQAD2P+AAAAQEICq2KShsfZPguFgMDAFkCAABVAwNYeOlJ\/pfJqmAh6GiXrO9d0I7fhKvYxK1v\/zWr5r1bnCBWvUI8NvPsMZcPVtkKL+icpZR3ZueLBvm+0nfU3vw0c8AvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00817{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00828{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":920,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1484319049684,"flow_last_seen":1484319049807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02403{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":838404,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck1pAADwGX8C4GcwYwKgBBwBQz6GV0CJZYCozjYAQA6vKJgAAAQEICv\/8hHAfZPgDAAAAAAAAAAAAAAD\/2gAMAwEAAhEDEQA\/AJ\/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB\/\/9n\/2P\/gABBKRklGAAEBAQABAAEAAP\/bAEMACAYGBwYFCAcHBwkJCAoMFA0MCwsMGRITDxQdGh8eHRocHCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0Mv\/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv\/AABEIAHoA8AMBIgACEQEDEQH\/xAAbAAACAwEBAQAAAAAAAAAAAAAEBQIDBgEAB\/\/EAEEQAAIBAwIDBQUFBgMIAwAAAAECAwAEERIhBRMxIkFRYYEGFDJxkRYjUqGxFULB0eHwM2JyByREU4KSsvEXQ6L\/xAAYAQADAQEAAAAAAAAAAAAAAAAAAQIDBP\/EACERAAICAgMBAQEBAQAAAAAAAAABAhESIQMTMUFRYTJx\/9oADAMBAAIRAxEAPwD7tzhXucK+ffbIfjH1r32yX8Q+tR1MeSPoHOHlXucviK+fD2vBP+J9P\/VdHtdEespz8xR1MMkb\/nr4j617nr4j618\/+1aZ\/wAbH0Ne+1IJ2nXHpR1MeSPoHPXxrnPXxr5+3tQuNrhfyr32mPX3hMedHUwyR9A56+Ne5ynvr5\/9pn06udHiufalsZEyH0o6WGSPoBnTxrnvCZ+L86+f\/ahyR95HXvtNJ+OOjpYZI+ge8p+IfWu+8L418\/HtJKf3ovU14e0cp6GL60dLHkjfGdT1NeM6eIrAr7SSE4HLz\/qqX2jkzuI\/+6jpYZI3fvEfiK4ZkNYT7RyDqif91SHtDMcfc5+RzR0sM0bjnJXuevjWI+0MvT3dtu6ufaFu+Bx6UdLDNG45ynqa5zkxWJ+0R74nFdHtH\/kkHpR0sM0bTmxiotcxDbUfSsZ9o1O5WT6V77RxHuP0p9LDNGzFxG3RzXDIh\/erHfaGI97D\/prw4\/G3SUj0o6WPsRseYg\/eNcMi+NY48fj\/AOe30rn7fj\/55o6ZB2xNjrTxrhkXxrIft6P\/AJ49a9+3kPSZfrR0yDtifP2tJWBMcsOBt8ddj4bdsdRK6B\/myfQUaeORm2ULwfh6sy5Oq4I9QM5HfQ1zxrhk9tkcJt1lQAs6XLkEeGO7r1rXKX4ZuMQdoLhGOIpQO\/tDNR93uv8A6onfx7sUbdXlk1n\/ALtYXkU6kYBuQ6MO\/uzQ8M884YxqIHXGFU7tn501JhiihEudR5kcgAHcmf41bHOBAUkhnLnoQowP4mmDQMbM3Ml4sIPfLFsMd2VP60KktwiEpcQSjpgxnAH1oUrHgkBq7CZyI35Y+DWQPr\/SuyC7kGrmRaRtkPsKa31lcQxHXc8LcafgjnGrfONj178fKlEojMZOnINT2fhceJNelkeoRNlxqGQNLHeqn5ik8p2k3xkDH61baO4s0jEMj9nDCN9W2\/7vdUWv9UiqMrHEQNDwk7gbbCnmJ8WihnmXGvs47y2QP5UVBLbJq97mfGBgxdB8zQA4uDOZJLe1DN2TlC23kCcA1JeKQc0p7mrIzFiwJGfQbUNslRSCJrq3WZ1ilEkY3XBycfzqiS+TViITfFtk93fmqxKjmKeFJOYM8xRGoXfpp7z8zXYJbHWZLm5vIHfqPdNePkdX8KeRLRa17cKF1hiG6ZHdUjfDl6s="}
00429{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":840445,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0wnNAAEAGMm\/AqAEHuBnMGM+hAFBgKjONldAoAYAQEABjBwAAAQEICh9k+If\/\/IRw"}
01887{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":850914,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARsdtNAACoGy\/c2vxEzwKgBBwG7z6pwpkJzqcMmYIAYAD1ffQAAAQEICq2KShsfZPguQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEr3RSXEkjHtfIqWMkfAqdU9d2nJiJRZNuTwnWmlfOFK4Bj36CrnORHVgqktgwO17Wp6i3wIytK6HznXXPxu7hXgYBAQCLDlw3LDhwMlYCFG\/uJbmdBIwqib4KuASxI6T4OoJ0X99+GQOEiIvzLcdxm8BYkym+bbKhAjtbMZO7WXHYs8+aMsBsdzQixvUT2yp3scK6w1T+xI2vF06utI9xtDYjQGS0EOuLmIUotKk38xs1WYwZqOI7CMtFCcOp6FZjGSMixoE5tARDU0EoHekNGv5NkR1+fV5Yn4bdXyAuCCff\/6UFNcCFtcRtfNv2ChGesLDTrdjYuKy3rO0blzNeGyoLxthKio2vGSjX8iqoRH+OJUngCbXOFR7QuuqFE\/\/DIFUoh5jdYpmU5RGBOMaQL8Jl9YWlZE+D4mrFdwhde0Q7NfE+FgMDAAQOAAAA"}
-01156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01167{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":923,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":7,"flow_first_seen":1484319049684,"flow_last_seen":1484319049850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00425{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":852720,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0gRRAAEAGsA7AqAEHNr8RM8+qAbupwyZgcKZGq4AQD970xAAAAQEICh9k+JOtikob"}
00599{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":872958,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACyH1FAAEAGEVTAqAEHNr8RM8+qAbupwyZgcKZGq4AYEAAQowAAAQEICh9k+KWtikobFgMDAEYQAABCQQQfYD25\/KwRR3+my6lnfom2FqKuJaefw3HGqX7VTIHzTcaXwh+XHlvD1RX0FYZWSNcNtgMj2\/JKNd8kl+d5S+7xFAMDAAEBFgMDACgSOyL7fXv2U5F5ul\/OdforavWhvK4szhiVp1Js34unbcZnZAn9MmEJ"}
02387{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":887699,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck1tAADwGX7+4GcwYwKgBBwBQz6GV0CgBYCozjYAQA6vlEgAAAQEICv\/8hHAfZPgDKD\/qxn0qaJwuaGf3S5u5BEA5LQaR9M79aqtbaO4gku7n7m0VSDIQrMMdwX+FGQ1H8I++5DuXcADbA2NeF44ORMCcdzb0ZLw\/hCQkW1007BWy505H\/wChtSWaWzgnUNBzY8E6on\/XwpqVica9DDf3SgOGYIc7lsfnXv2rOd1dxgbnXXrW+t5ZmwhjAUaVfHQefQmhJrtWeWNYg+ttIbs4YZoyBwVXYWOKzdTNJnyc\/wA6t\/bl4uPv5d9\/jPSqIobS5+7igkaVTjlLGQ2rwJzg+lRuoII2KCyljZPjEmpTuO7yFGaFi\/0Jb2hu9RIupF8g1SX2hvsbXMhHyzR8c0dpweKPlkLErayU7yx+vdSLhzBOM2UbYkKyA5jjPTOd9t\/5Us1V0NwarY3HF+Ki0F1iYwZxzDGCv1qk+012Ohh8sxCreJ8TaKJknR2ViV0ou4BpAptJZQR7wv8Al0D+J601L9QpJrSY8+01wRgpbsfxGL+tdHtNPkZjt8dDmPp+dVPwa0TS0sjJJJHrWHOGVfHYH6Vy89nVtAF95iLkK+JH0nBHhTUkxOE19L29pJtj7raEEbYz+maj9o5Cd7G2Hq386XW9nZS3QtJHMcpzly3YG2Rv4n5UHeWqW0iKsuok9AQcCqUkQ1KrCpmmiljhmSItNlI8Rq2T5DNdU3saAakSQEf7uYwGPn55o9eEyNjiUsja40LBJSGyO4AY7NCsRLPzSmHG4wdqyy+HRiyZuC8mmSzYadmkddJB8MULPxCz4ZL9zmeR2yyrIy\/XbrTawiub2V4o3DS6WZOY2wP8qsn9m1vFNtLeWaXEQAZdJBPf4dOnSi60Jp1aF1lxVLiKYm0IZTnMjN2x3ADPWqZuKqCie7ShnPZwzHVjqMZ6nam8kUdjAsN4trrJOltQbUcbYBonhsTR25kkjg1yjslkBwMfl6Uh1\/TPzGWVhNyYoMgHQVI0eI8CaLLAjGc5qm8knkuZLU2VvmTDSyRP2f8AVg\/D8qoilAvTamVpCp\/cAywPTHjUs0g60F8OFzdTSwW50tGFDgMB16GjrjiUlqsdxatJzn1KURt3IOMn5DP0qpIobS4nEccyzTJpYM6gKPEYO369agIOHwKzSRyiRd9S7fTei0w2kWRXV4lkHeJTCBj3c7kZ3O5HXx376Em4lZy6fc+DQSncMGQjB\/6TV5vrOSOSTTJAEViXjbB09Tt30FJfy28csfDyXjzq67BiBn02ptUTdko77hb\/AOLwl0kXqi3LKP517mWbxmUPdQIuyrF96v1OMGgWQ3Ukc1xyzcooGXcsp69R65qU8lpHDoa3mCaSZkjcqjH8QGdgR45qbS0PGXoU93cJFptw80TgHmNtt5+FKX99a3bDAoWOyvkk5+VTiu7YxaLeUyKgykLQANvv17wMmrNUvEFaDkcshRhuymPPZf608qJe\/pZHb8auGRlspTp6HT\/OiJuE8b0rmynEZG\/LRcjyG9Cxe0vHLe3NlJdyLHsiSbFxg7YbHStVwX2wur+Q2t0ltbzptqdTiQ47vPvxSc2vgRUZasysnCL+Mc73a4iIGoZh3BHjgdKIhvLeDXmZodaA6hER3YOe7rWv4tx654faiYS2kmXC6QjZwc+FXHh0UtqDK9rhlBIEWQM+vnU5Wtmq46ejLWnEQp7cNjeKAdWhcHyJG2PSjZuMwWwXXwWxfPwkSs2PnQNrYRcRaSWGW3geF9K\/Eur0PdQ16r27CO4gjkQuCTG+Djvp\/RU6Ln9oQo0xcFjAX8OCoHkDS244rcz3SzJaOksZDBixBX5bii7W\/wB9AtLQuVxidTuPWrBa6rka7O3thGwdWj1Nv5rnaqtGeLfjBrWeRNdzLbx3EIIUgh+yTsB2SCD1oa9M8j6re1RNbEcuIMDk92DWj4p7T8S4nEIGNuJXZkDJEEaQA4zvt37d\/hQ="}
@@ -390,31 +390,31 @@
02393{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319049,"pkt_ts_usec":986923,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"gCqoTGHM5JjWH70UCABFAAXcOWlAAEAG8hHAqAEHNr8RM8+qAbupwyrDcKZHFIAQEADUIwAAAQEICh9k+RKtikpIFwMDCu0SOyL7fXv2VZAXBrsx3qGG4g70TDOxWTWI6ojtSpAz0qd5hyURt+REVMiWGvJNTxpRgs0ARg++pdjmXZ+Civ4t5xv0Q5g0pSBazBZyh+IP59G8qcajgoE19KJ4CY+pyCEJGEovwqZRvhr9aqVb3+zfsZnoHA2JfH4BhM9neKyw\/Fehr3vFmOu8pmvmX4AR95jHSFhD0HhQh80\/mhHGl1XMZZy0KohV70ZRa3pbPe3TwcAqK9jE3MmjDjjAIe4hD7+Cg793gn9n\/RVGAlGpC3KTomJjkGCiFLu7OkRHA2W\/eqISr2CYP7lob5VkSrXySBwqunbfmtaGqGcVnK\/RYJAwMjjiOR\/I+QU9QijP5xvF17B1mbVa8aN9mVjT1kag6E3nEWQHP3q1RDcTgnBwYUHiMZ7CoPkLPuxdVvw74naeeZULu+yupKQaaSCCmPBdpQ+ZOQJQGk87Br7EFJjMftz\/74za1GCReJbvTdlA3Dr+C4Gf4cXkLGEMAZv8N3TRb4VGuk4lBPBeBfzppapqYV2vN5BxBPEygMIWCUcGZ0gCH93RoY9kWHRFuyUDGL9QbN5Hs9bQ\/wVGTZNOogfABk0AHv4+ppoc+N6uxbTAqHDwH2uX+xeLLm6u21xcHjO9yMUnadkxiiJ5CYmqrP6AALkxr\/0cJsj4qfwSETFzH6pJH2jCFpsClGE3QTBl\/Wc\/VCbDQvQy4MNzE6dAFFkY9aThuPTgxzNww+XTFmkscxPpzJppptD5pZnmi5+UWv+x+s9i08kz2mw64ixRiXiOzlFuu2OGj+lZ8sfFRJUMnDG+X\/w3R\/2zcJy3U8w+3zKzP4QANOKNnRXfpbjyzY7u3ytnUAkDWIIyGhKMupvch4bSQW2\/4kqDKIbOVw8MJWxeAQr15Y3HlOnTrLA4EDUpR3Kl5+TJtbZOrzEH9BBy7iTlREbrn5XqZ7lQ95ysdaOijQnpylURUblUR0YbxYmnt5\/o2FxiwhWpM+EHT0CJV\/RreoikYUub+jko1xQpvOk2p5Z+4N3lhd0paql3ycxZ3ILyHhJ8SmPKG33p2uxx0w0tGY7q9wH\/TCX9EgogaUN8adVjF9RCO2H1o674237x4uXkTdPqiUnu6zpRoH2+7FPWiOgEaKGsV9B7bXQOzN6cSrZUPELBIXfieQkn26UMePdxBr4Iy\/NIuU7XVYXuebErq7SyBKbwbbKJhvnGtJM+QYnaQuMEuN8iv8xAA6kdj48SVIWvGuRJD6dtpVIER09mV9pvCiJ+4yH8Qv2xmeZKaU4pSI5RiuTWBXQceS0aI9aN5gyjrnwI+AazRSSkS9Bv0pefH+zDaKiFCuhDXkswZPD6IDsQzT4KQngc5vdg\/nHzeRsHs\/qMkR5A22McqrbzFtMEoLojfr2GYkYTthWaI3lHzAj+7cIJEfYI9FSQPQaueVI+ZHa363apIMcJ\/rxgdJ7Ijg75VHLpPP6tsPhKD0RYrQe9Wz6KZJSJPMCG2jAj06GLS296Ai++Eu\/uuAoLfmmqGLvI4hPOVbx6\/G067g\/sU441SJGkO1pmFpxoCZjhUjAbUZnd8QKKstIILuaDTh9qwid1glKMIcPrS33U0aykFqh8GIvEqPwHyPho1A7C+nDL+SKrvcD7blEblnI7ssqyqiFNqoM1+5YfN5ciKsH2geqB96O0rBrekxWakNvQttL+v+cb5p5r2ySZRxAzS92J0S3SEpdWphztPsuWVdEHKFdGpdwof+sgnEWKxsMsVxz+cavcR8niF\/fFK+pWy6er7lbEF\/R0ErlZcaCVJ0vEa\/kksLcSRkeT6HaRkCJoFPtWHiwWiD5xfH+pHq4PqbRfZFZX20BO79k156jOV\/89F5QjV2pys5pmAfy18mYQXHyr\/AAunlLD4At7gbLd0l23d4Th7vl6weQc3zMbXB51kDE="}
02406{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":11075,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck19AADwGX7u4GcwYwKgBBwBQz6GV0D6hYCozjYAQA6u3lAAAAQEICv\/8hHEfZPgDkQZCoRVSsRYjQzOC0SRTkuHw\/8QAGgEAAwEBAQEAAAAAAAAAAAAAAgMEAQAFBv\/EACYRAAICAQQCAgIDAQAAAAAAAAABAgMRBBIhMRNBMlEFIhRCYXH\/2gAMAwEAAhEDEQA\/AO1bi2Q+xyGX2bWZ+sGnNZk5DfJH\/iGt\/TOa\/hWw+76f4k7J\/S\/FFUkUp8uTGOUUOhTCR5k8VpCkB3P8\/wCTIGbmLYSBzfxCZPBuJ1kj6Zv+0Se\/DeIA749v\/wATESnnpnqUaKpcti7VoW13+TMOgA20ntuNk1+Oqwe6mKWOy9QR8QVku8SS4PbBZodCJnG7TtdGTmEAcg66aGbTLv10Uke0am0T2abcsHYcLFSlSyBP+2dXRdw9kAdl19SJ+a475TjXlB9W3lKg5C79slfsI2Lz2eXdocPhncZFeC5\/2l1+CYs\/BmYcxNdaH7kgfxOWszrkG+XY0Tu4ox7vaO3u2s5ySMr\/ABts+mddRj8PwGb\/ANQC5\/s3JgXFt7HsqjoejHrOZxeIqH3XeVq82912s0X3meRs2z8fOvvk3k8Ns5S1toHu5kLLpQPy6gj0MsW0Nl917T+Ym\/CGr6MSPSd\/0T4pIRqxqSwJGnq0e\/2aU2b4RdJjsa6lP3b1MBZl2LsvIPaEmmD4rG+jNlqb9njOCP3E\/wDmK2Zug0YD5bWeXC2096z+CYNcNnHhdvU7CMUI+x0amvkgT5TvsGAHptFzXzHXc+0oLghTuR8Q30tan7mPjhdFEcLpCFNBYjbQe0rYmHuCVJ99pqlEQdPxHKNz3U+TDw2dJsZooUeQ9AJTqqrC+DU+u8DiV85G\/wCJfxsdOXea4pCJMktU7DZNIrZjNr3p04xlbZVmH4XzeLaDvSCjJI5f6eZ7A67CdKeHVpsdCYJsMHYIT8QXNMcpnMt+o+LJ4b3+Zj\/VfGFO9oPuINse1urKZhsRz91nz7tTLY+HHxQ7X+tOKr4kqb3EL\/rjP\/dRSfiSTiv5LC1YJJBYJ+ZqlFmSdC\/qPN+rsi3x4CN8TP8AWrbBqvA6m9WWGpxmQDlrHwuv+YWz6nl0CMB6sB\/iPjGv2TSuhnEYknJ4vnKDycHw6\/U16yTfxriJbTSlPRKlErZONa7Esi\/JJiTYrjYoDOk610iiqyHtCicRzm6uT8T05GUx7zGOLjH+yFGMSNCk5WxH+Sv6JhWxz3mnvYqPWUDiNrqAZtMTU7rtCdqGRuiTeyP2EPQMlT3CfbSX6MKvkBblHxDpjVBtBqfZYvzoyd0WuiTRkXBtLF5TKKhmXXvMPSOrj6t\/0tB5mMrjhV7v4EfG3KPMtshnhEK2mtvFTofUxY4dmvdoDD0E6UKA3ep1PtGEpsYjkUAesNTRiuSOU+myF\/4FrHqINgp1D2a6fYCdlZw82jvgD3IEXfgiKp5RVr5kk\/4hqQyN1b7ORVEY6KhMZrwlc+HSXU4RYG0TsvhdI1XwLKdu86D8mOjNDHbV9kSvAQDpH8fhtJA1\/EsN+njXXzWZGg9BpApiipvFqPTeOU+OGK3Qn0wmPh1qByrH66APsIOkqNNFJ946C+moTSduESgjxE9DNMgPUQTXWDpoINu0fxMYOMmeIKQo\/tmHYAdQPaD7M+s9FMB4C8aPzImz\/wB4zVdV1zcotMQpF9r6AnSdHw3Bc6bTy46Z+yy6ca12FwuEK2hsNj+20vUYVVCaph6+8NiULUo1I1jobX9wlUalHo8a29yZIyHzNNKsYKPQSNlV8QOpat\/l51d9nKp74nO8RuY66WH4muvIdMsvo5+8ZKa8xCxQmwnXtDCZdVtj69o2kAuHZ\/e0z+Nk9OO1LlhAbAfGYcGwDxwIwX\/uaF+k82MF6fAWYm1Zz1eEVmB8f8wK4y69W\/M2MZPM\/mA6kFGURyrIcHlBBjlV9o\/eok6mlA3\/ANylRgi79+ntMjU="}
02393{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":77615,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXck2JAADwGX7i4GcwYwKgBBwBQz6GV0E+ZYCozjYAQA6tckwAAAQEICv\/8hHEfZPgDE8Z49KjKVu\/2GjjqNHQ7NbW7ZXjMZjXHiEw8QKg+vvWXV5ZYHt1gmdIxGfwOcfiPoaTNOijeCOQHxOoI3DPlRW3RY\/5cewGK7Jkq4i48NVI0CZZeLlN\/pIvDj\/P1ps06N2v9IILPFHCwBYAEDHpSgi88cU42KLHf6M28nMDdfI46UcLbO+IVL\/ZPXmit57BptixmViXK528Dmg0tzbS6tB8M6SgKP4gBUqeflRjtTHJPFbCOM+AuSTwOg8\/KgOlxOl3bTujCM5O4DOOCOa7IvqE8X6djF2IURxXpDBlYpgj69R5U1lznHT0JpW7DxD4e8J58SfoabGVduAoPtXo4f00ef8Q\/qMongaVMMRg9cCg95bRpGVfcfREGePei0kzAMFcKRwAPETWIEK5ZEklmwcFuFX3+dUbJx0CFkQbYF07vIRyhlfZsP9WcZFCbvWNatkm7i0uNiZUpOBn5LITn8jTRPcTpCYoQXJX+LMxG0eo58\/8ANKF5qTRSJb2riYKfA7puyepGeB\/tx0rlJ+h6sQe3t4jdnI4rm3uIdTedTKkqEBVwSApBI8x71zqw3i9t3QKWVwwDHAOOeftTz+0+RjJp8csaRzIsgba2S3i658\/nSRYRNLeRRr1ZgvPvWjG\/GxX2dt7OaRNbdlLUnasu0TBZF2sQ\/JI9QfX2oldXMNu+lpcjfG14rSd4uXyATg\/1dOOnvRye7tLK1gUzo0SIkBTeGDqPQ+XSgVxBba92ptjaXbW8UUDSSMqbA\/O0YI6Z8Q+lZuWx61sYINNTVGEhAC4yq8FiPIsf0H+KMafZrbRLA7SqAMDc\/BOaQdT7Raf2XlEGlyLM6ncwSfIGfLkdR6CssP7V9RMoT4KAqW5Z2PH2peaOcG1aNX7SLM3OqqrSu6xwx7FJ4UknOB74FJd3hhaMqL4iVwR0wQM0c1ntA2tzS3kixxnaqIgbg7WPr54oG0d4e6G6NFUZAC5xnk9ak5K7KRi6oBatHu1W4kclIgFQuQSASfzqvUio0SxWLcExhS3BOM8+1Ua\/K63d04Ynu8lQeQOPSvJrgTaVpySqyyFMhfX34+dVS8Uxr3QPEOOFHFD9Sg7y37tDli3Xyz6UQO6aKQEd2qYwFPvg1SzxbBCpBdXLEDyBAq0W07A1ao0vbLa2igKABHuIHy\/9UL2gKSeKP6ku2CQekeKWJVMmohTlkVsBWPlRx+WxWqOlRyQ7yZLNHz\/IHYAf3rPazRy6SkSxxLMkiuHP4go67fTA6\/IGs4uERCrXG1iP5QAPuaHJOAsCjvFUDxuuAWB4x8q86ELWzfka9DjL8Ab9FNpH3MaBSqNtDN6k45NWzS2MeTbxTqhBDIZd3PzI4oDZwqybWY7lA4Kn\/NEZEnt1LCTvI8Zw6nOPas8+6KQXiFNJfTYtEikuLBXVVzI2TlsZ5+lFbZ9PEeGW4XjI2sMAfUUsWU7\/ALpaPcR\/DfCkAg8eVMVnua1iLAAlB0GPKlytW3+QYotdmqOO0k\/6N0EP9Mwx+Y4\/St2tNdNY2Pcxxyd0mzKtx9+maGqnXgfaiMc9vdvDEYZAI49r+ADJ9R69KOOSS2HJF3oDx9opmjRLzvGRdyL3mSAehAPX9aI6P3Ms1vHbSYRFYDJ5PBPOKovNPtnsHTK5RnbDLjyP+ayabpMcN3BJJEGDltxb8ByOPPjFVvG1aZGpLVHQOxp3210xQKSy5IGM8GmfaCKTuycc0VpciNomJYYZmyAMexpiWZwpLd37cH\/NbsG4I8\/OvqM0yWyOd2WBHmKHX1s7qe+vu7QDpgAkV7LIXfaWIUf0DB+\/NUvBYhCzQ\/xDkd4Tk\/c07iyadGWP4GC3MuZ7tMkA7eOfVjxig9xaz6lbmK3+EthMxYu3jMQAyM4wM8DpnrW2aU3DC3kiCIo8B67qySWqGN9oPdsoUcfj9efIfrU="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1484319050652,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1484319050652,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":652467,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA2xBAAEAGenHAqAEHF\/YLkc+rAFC8XkCtAAAAALAC\/\/9pzAAAAgQFtAEDAwUBAQgKH2T7jgAAAAAEAgAA"}
00440{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":677236,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmYX9guRwKgBBwBQz6susPTdvF5ArqAS\/\/\/2WQAAAgQFtAEDAwkEAggKRVwbeB9k+44="}
00426{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":678757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kSxAAEAGxGHAqAEHF\/YLkc+rAFC8XkCuLrD03oAQEBUU+gAAAQEICh9k+6dFXBt4"}
00907{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":682551,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"pkt":"gCqoTGHM5JjWH70UCABFAAGY\/5JAAEAGVJfAqAEHF\/YLkc+rAFC8XkCuLrD03oAYEBUr\/wAAAQEICh9k+6pFXBt4R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD01eGZZVnRuYTNHZFlYTDcxdU5zNkRaLVg4NFkmcmFuZG9tPTM5MzA3MDgyMjQgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDUNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-00928{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_tot_l4_data_len":504,"flow_min_l4_data_len":32,"flow_max_l4_data_len":388,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00938{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":972,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1484319050652,"flow_last_seen":1484319050682,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.145","url":"23.246.11.145\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=5xfYVtna3GdYXL71uNs6DZ-X84Y&random=3930708224","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
01116{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":719721,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"pkt":"5JjWH70UgCqoTGHMCABFIAI3AABAADsGWGsX9guRwKgBBwBQz6susPTevF5CEoAQCAIpPgAAAQEICkVcG6AfZPuqSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUwIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwOSBNYXIgMjAxNiAxMjoxNDoxNSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yMjIxNjM3NTg4O2gxPTM4MzU3MzQ4NDM7aDI9OTA1OTYwMTAyO2gzPTE4OTE3NzkxNTQ7aDQ9MTIzNDk0MDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE2MzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
02365{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":724549,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMYX9guRwKgBBwBQz6susPbhvF5CEoAQCAIKBAAAAQEICkVcG6AfZPuqAAAAIGZ0eXBtcDQyAAAAAGlzb21pc28yZGFzaGlzbzYAAABsdXVpZE5ldGZsaXhQaWZmU3RybSEBAAAAAAAAAAHvbQsAAAAAAJiWgAAAAAYupEAAAAAAAAAA4x8AAAAAAe4nkAAAAAAAAIA7AABi5AAAAAAAAAODAAA+aP3QyWlgzDIljZh5Z7N\/JK4AAAAYZnJlZQAAAAAAAAAAAAAAAAAAAAAAAABMdXVpZOLpAqV+Q+JBkNohIRjFZDIAAAAAAAAAANKD0PxOZXRmbGl4IE1lZGlhIExpYnJhcnkgVmVyc2lvbiA4MC4wLjM5MC4AAAACk21vb3YAAAB4bXZoZAEAAAAAAAAA0oPRAgAAAADSg9ECAJiWgAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHXdHJhawAAAGh0a2hkAQAABwAAAADSg9ECAAAAANKD0QIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAABZ21kaWEAAAAsbWRoZAEAAAAAAAAA0oPRAgAAAADSg9ECAABdwAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAABzb3VuAAAAAAAAAAAAAAAAQXVkaW8gTWVkaWEgSGFuZGxlcgAAAAD\/bWluZgAAABBzbWhkAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADDc3RibAAAABBzdHRzAAAAAAAAAAAAAAAQY3R0cwAAAAAAAAAAAAAAZ3N0c2QAAAAAAAAAAQAAAFdtcDRhAAAAAAAAAAEAAAAAAAAAAAACABAAAAAAXcAAAAAAADNlc2RzAAAAAAOAgIAiAAAABICAgBRAFQADPgACWzIAAX0sBYCAgAITEAaAgIABAgAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYupEAAAAAAIHRyZXgAAAAAAAAAAQAAAAEAAAAAAAAAAAKgAAAAAD5oc2lkeAEAAAAAAAABAABdwAAAAAAAAAAAAAAAAAAAoTQAAAUwAABiQwAAwACAAAAAAABf1AAAvACAAAAAAABfowAAvACAAAAAAABfygAAvACAAAAAAABfJAAAvACAAAAAAABf8QAAvACAAAAAAABfKwAAvACAAAAAAABeOAAAuACAAAAAAABfAgAAvACAAAAAAABe7wAAvACAAAAAAABf2QAAvACAAAAAAABgewAAvACAAAAAAABeQwAAvACAAAAAAABffAAAvACAAAAAAABftQAAvACAAAAAAABdfwAAuACAAAAAAABf9AAAvACAAAAAAABfZQAAvACAAAAAAABfgwAAvACAAAAAAABgCwAAvACAAAAAAABfdwAAvACAAAAAAABfKwAAvACAAAAAAABf6AAAvACAAAAAAABddAAAuACAAAAAAABfHgAAvACAAAAAAABf7QAAvACAAAAAAABfdwAAvACAAAAAAABfVAAAvACAAAAAAABfeQAAvACAAAAAAABfVAAAvACAAAAAAABfjAAAvACAAAAAAABd6gAAuACAAAAAAABfBQAAvACAAAAAAABgDwAAvACAAAAAAABfFAAAvACAAAAAAABgLgAAvACAAAAAAABhLwAAvACAAAAAAABeRQAAvACAAAAAAABeoAAAvACAAAAAAABeNAAAuACAAAAAAABexwAAvACAAAAAAABfZwAAvACAAAAAAABf9wA="}
00426{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":726322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0wyFAAEAGkmzAqAEHF\/YLkc+rAFC8XkISLrD8iYAQD9gL0wAAAQEICh9k+9RFXBug"}
02371{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":751706,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAFAADsGVMUX9guRwKgBBwBQz6susPyJvF5CEoAQCAIuYAAAAQEICkVcG6AfZPuqALwAgAAAAAAAX\/gAALwAgAAAAAAAX94AALwAgAAAAAAAXwcAALwAgAAAAAAAXz0AALwAgAAAAAAAXTMAALgAgAAAAAAAX\/sAALwAgAAAAAAAYRMAALwAgAAAAAAAXh4AALwAgAAAAAAAX3YAALwAgAAAAAAAX3IAALwAgAAAAAAAX\/sAALwAgAAAAAAAXuoAALwAgAAAAAAAXVIAALgAgAAAAAAAX6cAALwAgAAAAAAAYQUAALwAgAAAAAAAXuQAALwAgAAAAAAAXysAALwAgAAAAAAAX0QAALwAgAAAAAAAXzwAALwAgAAAAAAAX8wAALwAgAAAAAAAXcAAALgAgAAAAAAAX7IAALwAgAAAAAAAXzIAALwAgAAAAAAAX1oAALwAgAAAAAAAX7cAALwAgAAAAAAAX88AALwAgAAAAAAAX58AALwAgAAAAAAAXvQAALwAgAAAAAAAXlEAALgAgAAAAAAAYGMAALwAgAAAAAAAXqsAALwAgAAAAAAAXzYAALwAgAAAAAAAX\/AAALwAgAAAAAAAX20AALwAgAAAAAAAXvkAALwAgAAAAAAAX\/AAALwAgAAAAAAAXZUAALgAgAAAAAAAX4MAALwAgAAAAAAAX8EAALwAgAAAAAAAX0sAALwAgAAAAAAAX5kAALwAgAAAAAAAX2EAALwAgAAAAAAAX6gAALwAgAAAAAAAXxYAALwAgAAAAAAAXWIAALgAgAAAAAAAYAoAALwAgAAAAAAAXyoAALwAgAAAAAAAX4MAALwAgAAAAAAAX5wAALwAgAAAAAAAX1IAALwAgAAAAAAAX7YAALwAgAAAAAAAX28AALwAgAAAAAAAXXkAALgAgAAAAAAAX6wAALwAgAAAAAAAX2wAALwAgAAAAAAAX54AALwAgAAAAAAAYBMAALwAgAAAAAAAX5gAALwAgAAAAAAAXw4AALwAgAAAAAAAYAAAALwAgAAAAAAAXYcAALgAgAAAAAAAX04AALwAgAAAAAAAX9UAALwAgAAAAAAAX9oAALwAgAAAAAAAX1cAALwAgAAAAAAAX0IAALwAgAAAAAAAX+MAALwAgAAAAAAAXsUAALwAgAAAAAAAXfoAALgAgAAAAAAAX30AALwAgAAAAAAAX6oAALwAgAAAAAAAX1gAALwAgAAAAAAAX\/sAALwAgAAAAAAAXwUAALwAgAAAAAAAX14AALwAgAAAAAAAX\/YAALwAgAAAAAAAXQMAALgAgAAAAAAAX3AAALwAgAAAAAAAX38AALwAgAAAAAAAX\/MAALwAgAAAAAAAYCAAALwAgAAAAAAAXykAALwAgAAAAAAAX4kAALwAgAAAAAAAXusAALwAgAAAAAAAXmgAALgAgAAAAAAAX0cAALwAgAAAAAAAXzAAALwAgAAAAAAAX0sAALwAgAAAAAAAYFwAALwAgAAAAAAAXtEAALwAgAAAAAAAYDAAALwAgAAAAAAAXvAAALwAgAAAAAAAXZ0AALgAgAAAAAAAX4MAALwAgAAAAAAAYDAAALwAgAAAAAAAXwcAALwAgAAAAAAAXzsAALwAgAAAAAAAYRMAALwAgAAAAAAAXs4AALwAgAAAAAAAXwgAALwAgAAAAAAAXb4AALgAgAAAAAAAXvsAALwAgAAAAAAAYF4AALwAgAAAAAAAXzEAALwAgAAAAAAAX+cAALwAgAAAAAAAX1cAALwAgAAAAAAAYCEAALwAgAAAAAAAX6gAALwAgAAAAAAAXFMAALgAgAAAAAAAYEgAALwAgAAAAAAAXtYAALwAgAAAAAAAYMcAALwAgAAAAAAAXxsAALwAgAAAAAAAX50AALwAgAAAAAAAXswAALwAgAAAAAAAX6QAALwAgAAAAAAAXbYAALgAgAAAAAAAX0gAALwAgAAAAAAAXzYAALwAgAAAAAAAX5QAALwAgAAAAAA="}
02381{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":792180,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAJAADsGVMQX9guRwKgBBwBQz6susQIxvF5CEoAQCAIAWAAAAQEICkVcG6AfZPuqAF\/OAAC8AIAAAAAAAF+wAAC8AIAAAAAAAF9EAAC8AIAAAAAAAF+bAAC8AIAAAAAAAF2GAAC4AIAAAAAAAF9dAAC8AIAAAAAAAF\/BAAC8AIAAAAAAAF9NAAC8AIAAAAAAAF9QAAC8AIAAAAAAAF+YAAC8AIAAAAAAAGChAAC8AIAAAAAAAGATAAC8AIAAAAAAAFyTAAC4AIAAAAAAAF+IAAC8AIAAAAAAAF8sAAC8AIAAAAAAAF8mAAC8AIAAAAAAAGAfAAC8AIAAAAAAAF8JAAC8AIAAAAAAAF\/cAAC8AIAAAAAAAF+nAAC8AIAAAAAAAF0pAAC4AIAAAAAAAGBLAAC8AIAAAAAAAF7YAAC8AIAAAAAAAF\/GAAC8AIAAAAAAAF8vAAC8AIAAAAAAAGEvAAC8AIAAAAAAAF4PAAC8AIAAAAAAAF+RAAC8AIAAAAAAAF8KAAC4AIAAAAAAAF5rAAC8AIAAAAAAAF9IAAC8AIAAAAAAAF+oAAC8AIAAAAAAAF+cAAC8AIAAAAAAAF9gAAC8AIAAAAAAAF\/zAAC8AIAAAAAAAF8iAAC8AIAAAAAAAF2IAAC4AIAAAAAAAGDXAAC8AIAAAAAAAF5QAAC8AIAAAAAAAGBzAAC8AIAAAAAAAF6sAAC8AIAAAAAAAF9jAAC8AIAAAAAAAGAVAAC8AIAAAAAAAF8SAAC8AIAAAAAAAF2YAAC4AIAAAAAAAF8tAAC8AIAAAAAAAF\/GAAC8AIAAAAAAAF9oAAC8AIAAAAAAAF\/XAAC8AIAAAAAAAF\/LAAC8AIAAAAAAAF+fAAC8AIAAAAAAAF+iAAC8AIAAAAAAAF0hAAC4AIAAAAAAAGBUAAC8AIAAAAAAAF94AAC8AIAAAAAAAF\/BAAC8AIAAAAAAAF4SAAC8AIAAAAAAAGBzAAC8AIAAAAAAAF9eAAC8AIAAAAAAAGAOAAC8AIAAAAAAAF08AAC4AIAAAAAAAF7XAAC8AIAAAAAAAGCmAAC8AIAAAAAAAF73AAC8AIAAAAAAAF8RAAC8AIAAAAAAAF+aAAC8AIAAAAAAAF\/hAAC8AIAAAAAAAF8GAAC8AIAAAAAAAF3vAAC4AIAAAAAAAF9JAAC8AIAAAAAAAF\/jAAC8AIAAAAAAAF9HAAC8AIAAAAAAAF\/tAAC8AIAAAAAAAF9oAAC8AIAAAAAAAF9UAAC8AIAAAAAAAF87AAC8AIAAAAAAAF5UAAC4AIAAAAAAAF+LAAC8AIAAAAAAAF92AAC8AIAAAAAAAF7\/AAC8AIAAAAAAAF9AAAC8AIAAAAAAAF+2AAC8AIAAAAAAAF+gAAC8AIAAAAAAAF94AAC8AIAAAAAAAF3SAAC4AIAAAAAAAF+HAAC8AIAAAAAAAF8GAAC8AIAAAAAAAF9kAAC8AIAAAAAAAGAwAAC8AIAAAAAAAGABAAC8AIAAAAAAAF9iAAC8AIAAAAAAAF9PAAC8AIAAAAAAAF3OAAC4AIAAAAAAAF58AAC8AIAAAAAAAF\/EAAC8AIAAAAAAAF+3AAC8AIAAAAAAAF\/NAAC8AIAAAAAAAF+WAAC8AIAAAAAAAF7dAAC8AIAAAAAAAGAqAAC8AIAAAAAAAF0XAAC4AIAAAAAAAGBZAAC8AIAAAAAAAF6WAAC8AIAAAAAAAF\/dAAC8AIAAAAAAAF\/GAAC8AIAAAAAAAF+YAAC8AIAAAAAAAF+CAAC8AIAAAAAAAGC4AAC8AIAAAAAAAFvxAAC4AIAAAAAAAF98AAC8AIAAAAAAAF\/AAAC8AIAAAAAAAF+lAAC8AIAAAAAAAGAoAAC8AIAAAAAAAF9bAAC8AIAAAAAAAGCPAAC8AIAAAAAAAF6vAAC8AIAAAAAAAF1AAAC4AIAAAAAAAF9bAAC8AIAAAAAAAGAQAAC8AIAAAAAAAF7wAAC8AIAAAAAAAF+KAAC8AIA="}
00428{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":984,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":795688,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0EzFAAEAGQl3AqAEHF\/YLkc+rAFC8XkISLrEH2YAQD9IARwAAAQEICh9k\/BZFXBug"}
-00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00471{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00479{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1484319044993,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02365{"flow_id":31,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":836034,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAANAADsGVMMX9guRwKgBBwBQz6susQfZvF5CEoAQCAJZ7AAAAQEICkVcG6AfZPuqAAAAAABfkwAAvACAAAAAAABgbgAAvACAAAAAAABeTgAAvACAAAAAAABdLQAAuACAAAAAAABgOwAAvACAAAAAAABfegAAvACAAAAAAABfXwAAvACAAAAAAABfnwAAvACAAAAAAABfggAAvACAAAAAAABf5wAAvACAAAAAAABfKwAAvACAAAAAAABdoQAAuACAAAAAAABfPwAAvACAAAAAAABg4gAAvACAAAAAAABepQAAvACAAAAAAABf+AAAvACAAAAAAABfCAAAvACAAAAAAABgPQAAvACAAAAAAABfRwAAvACAAAAAAABcigAAuACAAAAAAABgFwAAvACAAAAAAABfMAAAvACAAAAAAABfmgAAvACAAAAAAABfnAAAvACAAAAAAABfwQAAvACAAAAAAABfeAAAvACAAAAAAABfZAAAvACAAAAAAABdjwAAuACAAAAAAABfmAAAvACAAAAAAABfDAAAvACAAAAAAABf5QAAvACAAAAAAABfRAAAvACAAAAAAABfhQAAvACAAAAAAABf7QAAvACAAAAAAABfQQAAvACAAAAAAABepAAAuACAAAAAAABe4QAAvACAAAAAAABfKwAAvACAAAAAAABfVQAAvACAAAAAAABfpAAAvACAAAAAAABflwAAvACAAAAAAABflwAAvACAAAAAAABgbgAAvACAAAAAAABcegAAuACAAAAAAABfegAAvACAAAAAAABgMAAAvACAAAAAAABe6wAAvACAAAAAAABgPQAAvACAAAAAAABe0gAAvACAAAAAAABfnAAAvACAAAAAAABgBgAAvACAAAAAAABddQAAuACAAAAAAABfaAAAvACAAAAAAABgHAAAvACAAAAAAABe5AAAvACAAAAAAABfLwAAvACAAAAAAABf4AAAvACAAAAAAABfqgAAvACAAAAAAABfGAAAvACAAAAAAABd9QAAuACAAAAAAABfRQAAvACAAAAAAABfowAAvACAAAAAAABf2wAAvACAAAAAAABfaQAAvACAAAAAAABfFAAAvACAAAAAAABgbgAAvACAAAAAAABfNgAAvACAAAAAAABd0QAAuACAAAAAAABfEAAAvACAAAAAAABfxgAAvACAAAAAAABgEQAAvACAAAAAAABfNgAAvACAAAAAAABePAAAvACAAAAAAABfigAAvACAAAAAAABhUAAAvACAAAAAAABduAAAuACAAAAAAABfYAAAvACAAAAAAABf6gAAvACAAAAAAABenQAAvACAAAAAAABfzAAAvACAAAAAAABfWwAAvACAAAAAAABfXwAAvACAAAAAAABfmQAAvACAAAAAAABdxQAAuACAAAAAAABftgAAvACAAAAAAABeigAAvACAAAAAAABf3wAAvACAAAAAAABgiwAAvACAAAAAAABe\/AAAvACAAAAAAABfBgAAvACAAAAAAABfhAAAvACAAAAAAABdSAAAuACAAAAAAABfhwAAvACAAAAAAABgtwAAvACAAAAAAABeuAAAvACAAAAAAABfaAAAvACAAAAAAABfDAAAvACAAAAAAABgtQAAvACAAAAAAABfEAAAvACAAAAAAABd2AAAuACAAAAAAABfDwAAvACAAAAAAABfVgAAvACAAAAAAABgNgAAvACAAAAAAABeugAAvACAAAAAAABg2AAAvACAAAAAAABfYgAAvACAAAAAAABebwAAvACAAAAAAABdnwAAuACAAAAAAABgbwAAvACAAAAAAABfuQAAvACAAAAAAABeMwAAvACAAAAAAABhXQAAvACAAAAAAABe4AAAvACAAAAAAABfPQAAvACAAAAAAABfVAAAvACAAAAAAABeGAAAuACAAAAAAABfEwAAvACAAAAAAABf+wAAvACAAAAAAABfJAAAvACAAAAAAABfMAAAvACAAAAAAABftQA="}
00429{"flow_id":31,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":840515,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0E\/VAAEAGQZnAqAEHF\/YLkc+rAFC8XkISLrENgYAQEAD6SAAAAQEICh9k\/D5FXBug"}
02366{"flow_id":31,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":914288,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAZAADsGVMAX9guRwKgBBwBQz6susRjRvF5CEoAQCAK59AAAAQEICkVcG6AfZPuqAAAAAABfbAAAvACAAAAAAABc6wAAuACAAAAAAABftgAAvACAAAAAAABgRwAAvACAAAAAAABebgAAvACAAAAAAABgJAAAvACAAAAAAABe+AAAvACAAAAAAABfzgAAvACAAAAAAABfCgAAvACAAAAAAABeIwAAuACAAAAAAABfXwAAvACAAAAAAABffAAAvACAAAAAAABf\/AAAvACAAAAAAABeyAAAvACAAAAAAABfggAAvACAAAAAAABftQAAvACAAAAAAABfyQAAvACAAAAAAABdXwAAuACAAAAAAABfgAAAvACAAAAAAABfjwAAvACAAAAAAABfpAAAvACAAAAAAABfOAAAvACAAAAAAABfnwAAvACAAAAAAABf9AAAvACAAAAAAABfIQAAvACAAAAAAABdtAAAuACAAAAAAABfJwAAvACAAAAAAABgKAAAvACAAAAAAABfaQAAvACAAAAAAABfJAAAvACAAAAAAABfxAAAvACAAAAAAABfUQAAvACAAAAAAABgAwAAvACAAAAAAABc+wAAuACAAAAAAABfqAAAvACAAAAAAABfgwAAvACAAAAAAABfawAAvACAAAAAAABflwAAvACAAAAAAABgPQAAvACAAAAAAABfJAAAvACAAAAAAABfTwAAvACAAAAAAABdmQAAuACAAAAAAABhPQAAvACAAAAAAABeiQAAvACAAAAAAABfAAAAvACAAAAAAABfqgAAvACAAAAAAABfxQAAvACAAAAAAABgigAAvACAAAAAAABdzAAAvACAAAAAAABeJgAAuACAAAAAAABfXgAAvACAAAAAAABfWgAAvACAAAAAAABfsAAAvACAAAAAAABfLAAAvACAAAAAAABfggAAvACAAAAAAABgFQAAvACAAAAAAABfNQAAvACAAAAAAABdcQAAuACAAAAAAABfhAAAvACAAAAAAABgTgAAvACAAAAAAABfHQAAvACAAAAAAABfowAAvACAAAAAAABfIQAAvACAAAAAAABffgAAvACAAAAAAABhqwAAvACAAAAAAABbXQAAuACAAAAAAABfmQAAvACAAAAAAABgWAAAvACAAAAAAABffgAAvACAAAAAAABfDwAAvACAAAAAAABgrQAAvACAAAAAAABeOgAAvACAAAAAAABf7QAAvACAAAAAAABdQgAAuACAAAAAAABfagAAvACAAAAAAABfgwAAvACAAAAAAABfawAAvACAAAAAAABgVwAAvACAAAAAAABgHwAAvACAAAAAAABeeQAAvACAAAAAAABhCwAAvACAAAAAAABcpwAAuACAAAAAAABemQAAvACAAAAAAABgGQAAvACAAAAAAABfVgAAvACAAAAAAABfyAAAvACAAAAAAABfWQAAvACAAAAAAABfSgAAvACAAAAAAABhgAAAvACAAAAAAABbVgAAuACAAAAAAABgBgAAvACAAAAAAABfQwAAvACAAAAAAABf\/wAAvACAAAAAAABfbQAAvACAAAAAAABfUAAAvACAAAAAAABfswAAvACAAAAAAABfGAAAvACAAAAAAABfqQAAuACAAAAAAABeKQAAvACAAAAAAABfrAAAvACAAAAAAABemgAAvACAAAAAAABfhgAAvACAAAAAAABflgAAvACAAAAAAABhHQAAvACAAAAAAABfGAAAvACAAAAAAABdGQAAuACAAAAAAABe5gAAvACAAAAAAABgbQAAvACAAAAAAABeigAAvACAAAAAAABg+QAAvACAAAAAAABfAAAAvACAAAAAAABgSAAAvACAAAAAAABeGgAAvACAAAAAAABdmgAAuACAAAAAAABgKAAAvACAAAAAAABevAAAvACAAAAAAABgFQAAvACAAAAAAABe9gAAvACAAAAAAABfnAAAvACAAAAAAABftQAAvACAAAAAAABf8wA="}
02368{"flow_id":31,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319050,"pkt_ts_usec":953096,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAdAADsGVL8X9guRwKgBBwBQz6susR55vF5CEoAQCAK9bwAAAQEICkVcG6AfZPuqALwAgAAAAAAAXP8AALgAgAAAAAAAX3QAALwAgAAAAAAAYLIAALwAgAAAAAAAXlMAALwAgAAAAAAAX6kAALwAgAAAAAAAX9IAALwAgAAAAAAAXyAAALwAgAAAAAAAX7wAALwAgAAAAAAAXeYAALgAgAAAAAAAXxkAALwAgAAAAAAAYZwAALwAgAAAAAAAXjsAALwAgAAAAAAAXrEAALwAgAAAAAAAYXQAALwAgAAAAAAAXkEAALwAgAAAAAAAXv4AALwAgAAAAAAAX0QAALgAgAAAAAAAXeEAALwAgAAAAAAAX6QAALwAgAAAAAAAX1gAALwAgAAAAAAAYKwAALwAgAAAAAAAXtAAALwAgAAAAAAAYB0AALwAgAAAAAAAXpIAALwAgAAAAAAAXlsAALgAgAAAAAAAXvoAALwAgAAAAAAAXzwAALwAgAAAAAAAYHEAALwAgAAAAAAAXysAALwAgAAAAAAAX+sAALwAgAAAAAAAXoQAALwAgAAAAAAAYCoAALwAgAAAAAAAXW8AALgAgAAAAAAAX5gAALwAgAAAAAAAXu8AALwAgAAAAAAAYGYAALwAgAAAAAAAX\/AAALwAgAAAAAAAXpwAALwAgAAAAAAAYEoAALwAgAAAAAAAXqEAALwAgAAAAAAAXVMAALgAgAAAAAAAYAQAALwAgAAAAAAAX+8AALwAgAAAAAAAXsIAALwAgAAAAAAAX80AALwAgAAAAAAAXzMAALwAgAAAAAAAX+oAALwAgAAAAAAAYAQAALwAgAAAAAAAXfcAALgAgAAAAAAAXpwAALwAgAAAAAAAX8MAALwAgAAAAAAAX9gAALwAgAAAAAAAXqwAALwAgAAAAAAAYIAAALwAgAAAAAAAXpUAALwAgAAAAAAAX7oAALwAgAAAAAAAXZgAALgAgAAAAAAAX7gAALwAgAAAAAAAX1wAALwAgAAAAAAAYCIAALwAgAAAAAAAXuQAALwAgAAAAAAAX3QAALwAgAAAAAAAX8IAALwAgAAAAAAAYD0AALwAgAAAAAAAXMYAALgAgAAAAAAAX2QAALwAgAAAAAAAX4UAALwAgAAAAAAAX\/wAALwAgAAAAAAAX5QAALwAgAAAAAAAXvgAALwAgAAAAAAAX30AALwAgAAAAAAAYREAALwAgAAAAAAAXBIAALgAgAAAAAAAX60AALwAgAAAAAAAX0gAALwAgAAAAAAAX5YAALwAgAAAAAAAX8UAALwAgAAAAAAAYNoAALwAgAAAAAAAXgsAALwAgAAAAAAAX88AALwAgAAAAAAAXsEAALgAgAAAAAAAXnIAALwAgAAAAAAAX2kAALwAgAAAAAAAX7QAALwAgAAAAAAAX9gAALwAgAAAAAAAYEIAALwAgAAAAAAAXpYAALwAgAAAAAAAX2IAALwAgAAAAAAAXSAAALgAgAAAAAAAX6kAALwAgAAAAAAAYGEAALwAgAAAAAAAXt8AALwAgAAAAAAAX\/oAALwAgAAAAAAAX8sAALwAgAAAAAAAX4UAALwAgAAAAAAAXxIAALwAgAAAAAAAXcIAALgAgAAAAAAAXwAAALwAgAAAAAAAYBoAALwAgAAAAAAAXvQAALwAgAAAAAAAX\/oAALwAgAAAAAAAYCIAALwAgAAAAAAAXlcAALwAgAAAAAAAYCkAALwAgAAAAAAAXRIAALgAgAAAAAAAX+EAALwAgAAAAAAAXykAALwAgAAAAAAAX90AALwAgAAAAAAAX50AALwAgAAAAAAAYOQAALwAgAAAAAAAXqEAALwAgAAAAAAAXtEAALwAgAAAAAAAXeMAALgAgAAAAAAAX2QAALwAgAAAAAAAX1sAALwAgAAAAAAAX8sAALwAgAAAAAAAXuYAALwAgAAAAAAAYCkAALwAgAAAAAAAX4MAALwAgAAAAAAAX8IAALwAgAAAAAA="}
02364{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319051,"pkt_ts_usec":32911,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAFAADsGVMUX9guRwKgBBwBQz6susS9xvF5CEoAQCALxLAAAAQEICkVcG8EfZPvUALwAgAAAAAAAX4oAALwAgAAAAAAAX1UAALwAgAAAAAAAXzUAALwAgAAAAAAAYBYAALwAgAAAAAAAXz8AALwAgAAAAAAAYBYAALwAgAAAAAAAXSoAALgAgAAAAAAAXyUAALwAgAAAAAAAXzoAALwAgAAAAAAAX78AALwAgAAAAAAAX5UAALwAgAAAAAAAX2oAALwAgAAAAAAAX4wAALwAgAAAAAAAYCsAALwAgAAAAAAAXMwAALgAgAAAAAAAYDYAALwAgAAAAAAAXvcAALwAgAAAAAAAYPUAALwAgAAAAAAAXiIAALwAgAAAAAAAYWkAALwAgAAAAAAAXY8AALwAgAAAAAAAYYgAALwAgAAAAAAAW9oAALgAgAAAAAAAYOoAALwAgAAAAAAAXkUAALwAgAAAAAAAXzwAALwAgAAAAAAAX2gAALwAgAAAAAAAYM4AALwAgAAAAAAAX00AALwAgAAAAAAAXvEAALwAgAAAAAAAXZMAALgAgAAAAAAAX3wAALwAgAAAAAAAX20AALwAgAAAAAAAXy4AALwAgAAAAAAAYGwAALwAgAAAAAAAXwkAALwAgAAAAAAAYL8AALwAgAAAAAAAXnAAALwAgAAAAAAAXSsAALgAgAAAAAAAX3kAALwAgAAAAAAAX3UAALwAgAAAAAAAX6AAALwAgAAAAAAAX44AALwAgAAAAAAAX5YAALwAgAAAAAAAX1oAALwAgAAAAAAAX9sAALwAgAAAAAAAXVgAALgAgAAAAAAAX9MAALwAgAAAAAAAX4MAALwAgAAAAAAAX4UAALwAgAAAAAAAX4cAALwAgAAAAAAAX8gAALwAgAAAAAAAX0kAALwAgAAAAAAAX10AALwAgAAAAAAAXYoAALgAgAAAAAAAX+cAALwAgAAAAAAAXykAALwAgAAAAAAAX8gAALwAgAAAAAAAX3cAALwAgAAAAAAAX9IAALwAgAAAAAAAXysAALwAgAAAAAAAX8oAALwAgAAAAAAAXQwAALgAgAAAAAAAX4wAALwAgAAAAAAAX5gAALwAgAAAAAAAX+QAALwAgAAAAAAAX3IAALwAgAAAAAAAX1QAALwAgAAAAAAAX8AAALwAgAAAAAAAXyMAALwAgAAAAAAAXhIAALgAgAAAAAAAXwsAALwAgAAAAAAAX+IAALwAgAAAAAAAXz0AALwAgAAAAAAAX9IAALwAgAAAAAAAYVMAALwAgAAAAAAAXoUAALwAgAAAAAAAXrwAALwAgAAAAAAAXTQAALgAgAAAAAAAYLsAALwAgAAAAAAAX18AALwAgAAAAAAAXvYAALwAgAAAAAAAXqMAALwAgAAAAAAAYS8AALwAgAAAAAAAXmAAALwAgAAAAAAAX0wAALwAgAAAAAAAXcEAALgAgAAAAAAAYUEAALwAgAAAAAAAXggAALwAgAAAAAAAX1QAALwAgAAAAAAAX7IAALwAgAAAAAAAX1sAALwAgAAAAAAAYHcAALwAgAAAAAAAXqgAALwAgAAAAAAAXbYAALgAgAAAAAAAX14AALwAgAAAAAAAX4QAALwAgAAAAAAAX+cAALwAgAAAAAAAX6YAALwAgAAAAAAAXwAAALwAgAAAAAAAX6MAALwAgAAAAAAAYLkAALwAgAAAAAAAXSoAALgAgAAAAAAAXqEAALwAgAAAAAAAX44AALwAgAAAAAAAX7QAALwAgAAAAAAAX1kAALwAgAAAAAAAYR0AALwAgAAAAAAAYKUAALwAgAAAAAAAXZYAALwAgAAAAAAAXWMAALgAgAAAAAAAXyoAALwAgAAAAAAAYEkAALwAgAAAAAAAXqwAALwAgAAAAAAAYBIAALwAgAAAAAAAYGoAALwAgAAAAAAAXjwAALwAgAAAAAAAYEsAALwAgAAAAAAAXNgAALgAgAAAAAAAX\/MAALwAgAAAAAA="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1484319052216,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1484319052216,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":216458,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAN3hAAEAGHxDAqAEHF\/YKi8+sAFBgdy0VAAAAALAC\/\/\/UZQAAAgQFtAEDAwUBAQgKH2UBeQAAAAAEAgAA"}
00440{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":235250,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGW2wX9gqLwKgBBwBQz6xlmlqWYHctFqAS\/\/8JBgAAAgQFtAEDAwkEAggKQI7bkB9lAXk="}
00427{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":237833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JFZAAEAGMj7AqAEHF\/YKi8+sAFBgdy0WZZpal4AQEBUnrAAAAQEICh9lAYxAjtuQ"}
00907{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":242977,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"pkt":"gCqoTGHM5JjWH70UCABFAAGYZXBAAEAG77\/AqAEHF\/YKi8+sAFBgdy0WZZpal4AYEBXLwAAAAQEICh9lAZFAjtuQR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tZGpHWEljYkZCTnp5ZnVncUVXY3JndENweVkmcmFuZG9tPTM0MDczNjA3NzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMC4xMzkNCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-00929{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_tot_l4_data_len":504,"flow_min_l4_data_len":32,"flow_max_l4_data_len":388,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00939{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1484319052216,"flow_last_seen":1484319052242,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.10.139","url":"23.246.10.139\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-djGXIcbFBNzyfugqEWcrgtCpyY&random=3407360776","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
01117{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":270991,"pkt_caplen":582,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":582,"pkt_l4_len":548,"pkt":"5JjWH70UgCqoTGHMCABFIAI4AABAADsGWXAX9gqLwKgBBwBQz6xlmlqXYHcueoAQCAJ9jgAAAQEICkCO27MfZQGRSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjUyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMTo1NjoxMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNjkxOTM1MzA7aDE9MzQ4NzI0MzI0ODtoMj0zNzE0MjA4Mzg0O2gzPTY2MDIzMTMzO2g0PTE4NTY2Mzk4ODk7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNjQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
02366{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":272034,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVcwX9gqLwKgBBwBQz6xlmlybYHcueoAQCAIctwAAAQEICkCO27QfZQGRAAAAIGZ0eXBtcDQyAAAAAGlzb21pc28yZGFzaGlzbzYAAABsdXVpZE5ldGZsaXhQaWZmU3RybSEBAAAAAAAAAAHvbQsAAAAAAJiWgAAAAAYupEAAAAAAAAAA4x8AAAAAAe4nkAAAAAAAAIA7AABi5AAAAAAAAAODAAA+aP3QyWlgzDIljZh5Z7N\/JK4AAAAYZnJlZQAAAAAAAAAAAAAAAAAAAAAAAABMdXVpZOLpAqV+Q+JBkNohIRjFZDIAAAAAAAAAANKD0PxOZXRmbGl4IE1lZGlhIExpYnJhcnkgVmVyc2lvbiA4MC4wLjM5MC4AAAACk21vb3YAAAB4bXZoZAEAAAAAAAAA0oPRAgAAAADSg9ECAJiWgAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHXdHJhawAAAGh0a2hkAQAABwAAAADSg9ECAAAAANKD0QIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAABZ21kaWEAAAAsbWRoZAEAAAAAAAAA0oPRAgAAAADSg9ECAABdwAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAABzb3VuAAAAAAAAAAAAAAAAQXVkaW8gTWVkaWEgSGFuZGxlcgAAAAD\/bWluZgAAABBzbWhkAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADDc3RibAAAABBzdHRzAAAAAAAAAAAAAAAQY3R0cwAAAAAAAAAAAAAAZ3N0c2QAAAAAAAAAAQAAAFdtcDRhAAAAAAAAAAEAAAAAAAAAAAACABAAAAAAXcAAAAAAADNlc2RzAAAAAAOAgIAiAAAABICAgBRAFQADPgACWzIAAX0sBYCAgAITEAaAgIABAgAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYupEAAAAAAIHRyZXgAAAAAAAAAAQAAAAEAAAAAAAAAAAKgAAAAAD5oc2lkeAEAAAAAAAABAABdwAAAAAAAAAAAAAAAAAAAoTQAAAUwAABiQwAAwACAAAAAAABf1AAAvACAAAAAAABfowAAvACAAAAAAABfygAAvACAAAAAAABfJAAAvACAAAAAAABf8QAAvACAAAAAAABfKwAAvACAAAAAAABeOAAAuACAAAAAAABfAgAAvACAAAAAAABe7wAAvACAAAAAAABf2QAAvACAAAAAAABgewAAvACAAAAAAABeQwAAvACAAAAAAABffAAAvACAAAAAAABftQAAvACAAAAAAABdfwAAuACAAAAAAABf9AAAvACAAAAAAABfZQAAvACAAAAAAABfgwAAvACAAAAAAABgCwAAvACAAAAAAABfdwAAvACAAAAAAABfKwAAvACAAAAAAABf6AAAvACAAAAAAABddAAAuACAAAAAAABfHgAAvACAAAAAAABf7QAAvACAAAAAAABfdwAAvACAAAAAAABfVAAAvACAAAAAAABfeQAAvACAAAAAAABfVAAAvACAAAAAAABfjAAAvACAAAAAAABd6gAAuACAAAAAAABfBQAAvACAAAAAAABgDwAAvACAAAAAAABfFAAAvACAAAAAAABgLgAAvACAAAAAAABhLwAAvACAAAAAAABeRQAAvACAAAAAAABeoAAAvACAAAAAAABeNAAAuACAAAAAAABexwAAvACAAAAAAABfZwAAvACAAAAAAABf9wA="}
02372{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":277473,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAFAADsGVcsX9gqLwKgBBwBQz6xlmmJDYHcueoAQCAJBEwAAAQEICkCO27QfZQGRALwAgAAAAAAAX\/gAALwAgAAAAAAAX94AALwAgAAAAAAAXwcAALwAgAAAAAAAXz0AALwAgAAAAAAAXTMAALgAgAAAAAAAX\/sAALwAgAAAAAAAYRMAALwAgAAAAAAAXh4AALwAgAAAAAAAX3YAALwAgAAAAAAAX3IAALwAgAAAAAAAX\/sAALwAgAAAAAAAXuoAALwAgAAAAAAAXVIAALgAgAAAAAAAX6cAALwAgAAAAAAAYQUAALwAgAAAAAAAXuQAALwAgAAAAAAAXysAALwAgAAAAAAAX0QAALwAgAAAAAAAXzwAALwAgAAAAAAAX8wAALwAgAAAAAAAXcAAALgAgAAAAAAAX7IAALwAgAAAAAAAXzIAALwAgAAAAAAAX1oAALwAgAAAAAAAX7cAALwAgAAAAAAAX88AALwAgAAAAAAAX58AALwAgAAAAAAAXvQAALwAgAAAAAAAXlEAALgAgAAAAAAAYGMAALwAgAAAAAAAXqsAALwAgAAAAAAAXzYAALwAgAAAAAAAX\/AAALwAgAAAAAAAX20AALwAgAAAAAAAXvkAALwAgAAAAAAAX\/AAALwAgAAAAAAAXZUAALgAgAAAAAAAX4MAALwAgAAAAAAAX8EAALwAgAAAAAAAX0sAALwAgAAAAAAAX5kAALwAgAAAAAAAX2EAALwAgAAAAAAAX6gAALwAgAAAAAAAXxYAALwAgAAAAAAAXWIAALgAgAAAAAAAYAoAALwAgAAAAAAAXyoAALwAgAAAAAAAX4MAALwAgAAAAAAAX5wAALwAgAAAAAAAX1IAALwAgAAAAAAAX7YAALwAgAAAAAAAX28AALwAgAAAAAAAXXkAALgAgAAAAAAAX6wAALwAgAAAAAAAX2wAALwAgAAAAAAAX54AALwAgAAAAAAAYBMAALwAgAAAAAAAX5gAALwAgAAAAAAAXw4AALwAgAAAAAAAYAAAALwAgAAAAAAAXYcAALgAgAAAAAAAX04AALwAgAAAAAAAX9UAALwAgAAAAAAAX9oAALwAgAAAAAAAX1cAALwAgAAAAAAAX0IAALwAgAAAAAAAX+MAALwAgAAAAAAAXsUAALwAgAAAAAAAXfoAALgAgAAAAAAAX30AALwAgAAAAAAAX6oAALwAgAAAAAAAX1gAALwAgAAAAAAAX\/sAALwAgAAAAAAAXwUAALwAgAAAAAAAX14AALwAgAAAAAAAX\/YAALwAgAAAAAAAXQMAALgAgAAAAAAAX3AAALwAgAAAAAAAX38AALwAgAAAAAAAX\/MAALwAgAAAAAAAYCAAALwAgAAAAAAAXykAALwAgAAAAAAAX4kAALwAgAAAAAAAXusAALwAgAAAAAAAXmgAALgAgAAAAAAAX0cAALwAgAAAAAAAXzAAALwAgAAAAAAAX0sAALwAgAAAAAAAYFwAALwAgAAAAAAAXtEAALwAgAAAAAAAYDAAALwAgAAAAAAAXvAAALwAgAAAAAAAXZ0AALgAgAAAAAAAX4MAALwAgAAAAAAAYDAAALwAgAAAAAAAXwcAALwAgAAAAAAAXzsAALwAgAAAAAAAYRMAALwAgAAAAAAAXs4AALwAgAAAAAAAXwgAALwAgAAAAAAAXb4AALgAgAAAAAAAXvsAALwAgAAAAAAAYF4AALwAgAAAAAAAXzEAALwAgAAAAAAAX+cAALwAgAAAAAAAX1cAALwAgAAAAAAAYCEAALwAgAAAAAAAX6gAALwAgAAAAAAAXFMAALgAgAAAAAAAYEgAALwAgAAAAAAAXtYAALwAgAAAAAAAYMcAALwAgAAAAAAAXxsAALwAgAAAAAAAX50AALwAgAAAAAAAXswAALwAgAAAAAAAX6QAALwAgAAAAAAAXbYAALgAgAAAAAAAX0gAALwAgAAAAAAAXzYAALwAgAAAAAAAX5QAALwAgAAAAAA="}
@@ -428,12 +428,12 @@
02369{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":494518,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAdAADsGVcUX9gqLwKgBBwBQz6xlmoQzYHcueoAQCALQIgAAAQEICkCO27QfZQGRALwAgAAAAAAAXP8AALgAgAAAAAAAX3QAALwAgAAAAAAAYLIAALwAgAAAAAAAXlMAALwAgAAAAAAAX6kAALwAgAAAAAAAX9IAALwAgAAAAAAAXyAAALwAgAAAAAAAX7wAALwAgAAAAAAAXeYAALgAgAAAAAAAXxkAALwAgAAAAAAAYZwAALwAgAAAAAAAXjsAALwAgAAAAAAAXrEAALwAgAAAAAAAYXQAALwAgAAAAAAAXkEAALwAgAAAAAAAXv4AALwAgAAAAAAAX0QAALgAgAAAAAAAXeEAALwAgAAAAAAAX6QAALwAgAAAAAAAX1gAALwAgAAAAAAAYKwAALwAgAAAAAAAXtAAALwAgAAAAAAAYB0AALwAgAAAAAAAXpIAALwAgAAAAAAAXlsAALgAgAAAAAAAXvoAALwAgAAAAAAAXzwAALwAgAAAAAAAYHEAALwAgAAAAAAAXysAALwAgAAAAAAAX+sAALwAgAAAAAAAXoQAALwAgAAAAAAAYCoAALwAgAAAAAAAXW8AALgAgAAAAAAAX5gAALwAgAAAAAAAXu8AALwAgAAAAAAAYGYAALwAgAAAAAAAX\/AAALwAgAAAAAAAXpwAALwAgAAAAAAAYEoAALwAgAAAAAAAXqEAALwAgAAAAAAAXVMAALgAgAAAAAAAYAQAALwAgAAAAAAAX+8AALwAgAAAAAAAXsIAALwAgAAAAAAAX80AALwAgAAAAAAAXzMAALwAgAAAAAAAX+oAALwAgAAAAAAAYAQAALwAgAAAAAAAXfcAALgAgAAAAAAAXpwAALwAgAAAAAAAX8MAALwAgAAAAAAAX9gAALwAgAAAAAAAXqwAALwAgAAAAAAAYIAAALwAgAAAAAAAXpUAALwAgAAAAAAAX7oAALwAgAAAAAAAXZgAALgAgAAAAAAAX7gAALwAgAAAAAAAX1wAALwAgAAAAAAAYCIAALwAgAAAAAAAXuQAALwAgAAAAAAAX3QAALwAgAAAAAAAX8IAALwAgAAAAAAAYD0AALwAgAAAAAAAXMYAALgAgAAAAAAAX2QAALwAgAAAAAAAX4UAALwAgAAAAAAAX\/wAALwAgAAAAAAAX5QAALwAgAAAAAAAXvgAALwAgAAAAAAAX30AALwAgAAAAAAAYREAALwAgAAAAAAAXBIAALgAgAAAAAAAX60AALwAgAAAAAAAX0gAALwAgAAAAAAAX5YAALwAgAAAAAAAX8UAALwAgAAAAAAAYNoAALwAgAAAAAAAXgsAALwAgAAAAAAAX88AALwAgAAAAAAAXsEAALgAgAAAAAAAXnIAALwAgAAAAAAAX2kAALwAgAAAAAAAX7QAALwAgAAAAAAAX9gAALwAgAAAAAAAYEIAALwAgAAAAAAAXpYAALwAgAAAAAAAX2IAALwAgAAAAAAAXSAAALgAgAAAAAAAX6kAALwAgAAAAAAAYGEAALwAgAAAAAAAXt8AALwAgAAAAAAAX\/oAALwAgAAAAAAAX8sAALwAgAAAAAAAX4UAALwAgAAAAAAAXxIAALwAgAAAAAAAXcIAALgAgAAAAAAAXwAAALwAgAAAAAAAYBoAALwAgAAAAAAAXvQAALwAgAAAAAAAX\/oAALwAgAAAAAAAYCIAALwAgAAAAAAAXlcAALwAgAAAAAAAYCkAALwAgAAAAAAAXRIAALgAgAAAAAAAX+EAALwAgAAAAAAAXykAALwAgAAAAAAAX90AALwAgAAAAAAAX50AALwAgAAAAAAAYOQAALwAgAAAAAAAXqEAALwAgAAAAAAAXtEAALwAgAAAAAAAXeMAALgAgAAAAAAAX2QAALwAgAAAAAAAX1sAALwAgAAAAAAAX8sAALwAgAAAAAAAXuYAALwAgAAAAAAAYCkAALwAgAAAAAAAX4MAALwAgAAAAAAAX8IAALwAgAAAAAA="}
00566{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319052,"pkt_ts_usec":912334,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWRnEAAAERwTzAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00569{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319053,"pkt_ts_usec":19146,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZBpYAAAERARXAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1484319054101,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1484319054101,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":101585,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA9bFAAEAGZ9XAqAEHF\/YDjM+zAFBtwXYMAAAAALAC\/\/99\/AAAAgQFtAEDAwUBAQgKH2UImQAAAAAEAgAA"}
00441{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":132376,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz7OFwt93bcF2DaAS\/\/\/aJAAAAgQFtAEDAwkEAggKhKDK7B9lCJk="}
00427{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":134077,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0mQ1AAEAGxIXAqAEHF\/YDjM+zAFBtwXYNhcLfeIAQEBX4vQAAAQEICh9lCLmEoMrs"}
00902{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":139605,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"pkt":"gCqoTGHM5JjWH70UCABFAAGW+VhAAEAGYtjAqAEHF\/YDjM+zAFBtwXYNhcLfeIAYEBWMVgAAAQEICh9lCL6EoMrsR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMLXAtVmVJWjZXS1JxLVg2TE12YUxxZ3hXQkN1RmJoMDlNcHJlT1JVVU9PNVR4MTY4M0hQbkxZNkJQak5fOW1sRHVZaWhHWm9YdTl1MG96SDhSRmlvQk5fSkROaVJzY2lkanZvU2RXbWx5WmdQTmFuc1cwbGtCcjRYODFIdmxvT2k4QlNfZXhWU1BoTXlKUVRCNWJnJnY9MyZlPTE0ODQzNDc4NTAmdD0tOHU0dmxjUHVGcWNPTG5MeWI5RER0Sy1iQjQmcmFuZG9tPTM1NzUwOTY1NyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_tot_l4_data_len":502,"flow_min_l4_data_len":32,"flow_max_l4_data_len":386,"flow_avg_l4_data_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00935{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1103,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1484319054101,"flow_last_seen":1484319054139,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":354,"flow_tot_l4_payload_len":354,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/range\/0-65535?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4&random=357509657","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
01121{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":176709,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"pkt":"5JjWH70UgCqoTGHMCABFIAI7AABAADgGY2wX9gOMwKgBBwBQz7OFwt94bcF3b4AQCAIFOAAAAQEICoSgyxgfZQi+SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogV2VkLCAwMiBEZWMgMjAxNSAxMzowNDo1NCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMzQ4NjUzMDQ1O2gxPTI5MjU4ODY1MDk7aDI9MzMxMjc0NzM0OTtoMz0zNTU2NzU4MDYwO2g0PTI0NjkwOTU0ODI7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxNzE7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCg0K"}
02367{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":178896,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADgGX8sX9gOMwKgBBwBQz7OFwuF\/bcF3b4AQCALtvQAAAQEICoSgyxofZQi+AAAAIGZ0eXBtcDQyAAAAAGlzb21pc28yZGFzaGlzbzYAAABsdXVpZE5ldGZsaXhQaWZmU3RybSEBAAAAAAAAAAHvbQsAAAAAAJiWgAAAAAYupEAAAAAAAAAA4x8AAAAAAe4nkAAAAAAAAIA7AABi5AAAAAAAAAODAAA+aP3QyWlgzDIljZh5Z7N\/JK4AAAAYZnJlZQAAAAAAAAAAAAAAAAAAAAAAAABMdXVpZOLpAqV+Q+JBkNohIRjFZDIAAAAAAAAAANKD0PxOZXRmbGl4IE1lZGlhIExpYnJhcnkgVmVyc2lvbiA4MC4wLjM5MC4AAAACk21vb3YAAAB4bXZoZAEAAAAAAAAA0oPRAgAAAADSg9ECAJiWgAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHXdHJhawAAAGh0a2hkAQAABwAAAADSg9ECAAAAANKD0QIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAABZ21kaWEAAAAsbWRoZAEAAAAAAAAA0oPRAgAAAADSg9ECAABdwAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAABzb3VuAAAAAAAAAAAAAAAAQXVkaW8gTWVkaWEgSGFuZGxlcgAAAAD\/bWluZgAAABBzbWhkAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADDc3RibAAAABBzdHRzAAAAAAAAAAAAAAAQY3R0cwAAAAAAAAAAAAAAZ3N0c2QAAAAAAAAAAQAAAFdtcDRhAAAAAAAAAAEAAAAAAAAAAAACABAAAAAAXcAAAAAAADNlc2RzAAAAAAOAgIAiAAAABICAgBRAFQADPgACWzIAAX0sBYCAgAITEAaAgIABAgAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYupEAAAAAAIHRyZXgAAAAAAAAAAQAAAAEAAAAAAAAAAAKgAAAAAD5oc2lkeAEAAAAAAAABAABdwAAAAAAAAAAAAAAAAAAAoTQAAAUwAABiQwAAwACAAAAAAABf1AAAvACAAAAAAABfowAAvACAAAAAAABfygAAvACAAAAAAABfJAAAvACAAAAAAABf8QAAvACAAAAAAABfKwAAvACAAAAAAABeOAAAuACAAAAAAABfAgAAvACAAAAAAABe7wAAvACAAAAAAABf2QAAvACAAAAAAABgewAAvACAAAAAAABeQwAAvACAAAAAAABffAAAvACAAAAAAABftQAAvACAAAAAAABdfwAAuACAAAAAAABf9AAAvACAAAAAAABfZQAAvACAAAAAAABfgwAAvACAAAAAAABgCwAAvACAAAAAAABfdwAAvACAAAAAAABfKwAAvACAAAAAAABf6AAAvACAAAAAAABddAAAuACAAAAAAABfHgAAvACAAAAAAABf7QAAvACAAAAAAABfdwAAvACAAAAAAABfVAAAvACAAAAAAABfeQAAvACAAAAAAABfVAAAvACAAAAAAABfjAAAvACAAAAAAABd6gAAuACAAAAAAABfBQAAvACAAAAAAABgDwAAvACAAAAAAABfFAAAvACAAAAAAABgLgAAvACAAAAAAABhLwAAvACAAAAAAABeRQAAvACAAAAAAABeoAAAvACAAAAAAABeNAAAuACAAAAAAABexwAAvACAAAAAAABfZwAAvACAAAAAAABf9wA="}
00427{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1106,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":180712,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0QRlAAEAGHHrAqAEHF\/YDjM+zAFBtwXdvhcLnJ4AQD9jvkAAAAQEICh9lCOaEoMsY"}
@@ -445,44 +445,44 @@
02368{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":222320,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAARAADgGX8cX9gOMwKgBBwBQz7OFwvgfbcF3b4AQCAJYIgAAAQEICoSgyxofZQi+ALwAgAAAAAAAX4AAALwAgAAAAAAAYDAAALwAgAAAAAAAXV8AALgAgAAAAAAAXvUAALwAgAAAAAAAX4UAALwAgAAAAAAAYDQAALwAgAAAAAAAX3kAALwAgAAAAAAAXoEAALwAgAAAAAAAYEAAALwAgAAAAAAAXzIAALwAgAAAAAAAXhQAALgAgAAAAAAAX2QAALwAgAAAAAAAXx0AALwAgAAAAAAAX68AALwAgAAAAAAAXvEAALwAgAAAAAAAX+4AALwAgAAAAAAAX4gAALwAgAAAAAAAX6wAALwAgAAAAAAAXUAAALgAgAAAAAAAX5cAALwAgAAAAAAAX0UAALwAgAAAAAAAYEAAALwAgAAAAAAAX+UAALwAgAAAAAAAX+0AALwAgAAAAAAAXwYAALwAgAAAAAAAX8gAALwAgAAAAAAAXNEAALgAgAAAAAAAX7AAALwAgAAAAAAAX1AAALwAgAAAAAAAXy4AALwAgAAAAAAAX7UAALwAgAAAAAAAX3UAALwAgAAAAAAAX2IAALwAgAAAAAAAX\/QAALwAgAAAAAAAXXcAALgAgAAAAAAAYBcAALwAgAAAAAAAXroAALwAgAAAAAAAX9cAALwAgAAAAAAAX0gAALwAgAAAAAAAX7cAALwAgAAAAAAAX3gAALwAgAAAAAAAYEAAALwAgAAAAAAAXIwAALgAgAAAAAAAX6EAALwAgAAAAAAAYP0AALwAgAAAAAAAXn4AALwAgAAAAAAAXykAALwAgAAAAAAAX9IAALwAgAAAAAAAYNMAALwAgAAAAAAAXtgAALwAgAAAAAAAXXsAALgAgAAAAAAAX0cAALwAgAAAAAAAX2MAALwAgAAAAAAAXyMAALwAgAAAAAAAX4QAALwAgAAAAAAAX\/QAALwAgAAAAAAAXzkAALwAgAAAAAAAYAQAALwAgAAAAAAAXSsAALgAgAAAAAAAX1oAALwAgAAAAAAAYA4AALwAgAAAAAAAXyUAALwAgAAAAAAAYJUAALwAgAAAAAAAX1kAALwAgAAAAAAAXqEAALwAgAAAAAAAX+8AALwAgAAAAAAAXQ4AALgAgAAAAAAAX8YAALwAgAAAAAAAYPkAALwAgAAAAAAAXmwAALwAgAAAAAAAXvIAALwAgAAAAAAAYFcAALwAgAAAAAAAXqoAALwAgAAAAAAAX7YAALwAgAAAAAAAXtAAALgAgAAAAAAAXpMAALwAgAAAAAAAX6AAALwAgAAAAAAAXzwAALwAgAAAAAAAX9AAALwAgAAAAAAAYAAAALwAgAAAAAAAXzIAALwAgAAAAAAAX4gAALwAgAAAAAAAXOAAALgAgAAAAAAAX\/kAALwAgAAAAAAAX8gAALwAgAAAAAAAXxIAALwAgAAAAAAAX8MAALwAgAAAAAAAX9YAALwAgAAAAAAAXwMAALwAgAAAAAAAYA8AALwAgAAAAAAAXSMAALgAgAAAAAAAX7AAALwAgAAAAAAAX3AAALwAgAAAAAAAX88AALwAgAAAAAAAXysAALwAgAAAAAAAYHAAALwAgAAAAAAAXlIAALwAgAAAAAAAX5kAALwAgAAAAAAAXfEAALgAgAAAAAAAXx0AALwAgAAAAAAAYDgAALwAgAAAAAAAX7cAALwAgAAAAAAAXrIAALwAgAAAAAAAX60AALwAgAAAAAAAX8UAALwAgAAAAAAAX8UAALwAgAAAAAAAXZIAALgAgAAAAAAAXtEAALwAgAAAAAAAYG0AALwAgAAAAAAAXuYAALwAgAAAAAAAYAsAALwAgAAAAAAAX4oAALwAgAAAAAAAXusAALwAgAAAAAAAYIMAALwAgAAAAAAAXY0AALgAgAAAAAAAXnIAALwAgAAAAAAAX9QAALwAgAAAAAAAYDQAALwAgAAAAAAAXugAALwAgAAAAAAAX0YAALwAgAAAAAA="}
02380{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":235033,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAVAADgGX8YX9gOMwKgBBwBQz7OFwv3HbcF3b4AQCAIxGQAAAQEICoSgyxofZQi+AGAHAAC8AIAAAAAAAF85AAC8AIAAAAAAAF2aAAC4AIAAAAAAAF+qAAC8AIAAAAAAAF+hAAC8AIAAAAAAAF73AAC8AIAAAAAAAF+IAAC8AIAAAAAAAGB7AAC8AIAAAAAAAF72AAC8AIAAAAAAAF8xAAC8AIAAAAAAAF2tAAC4AIAAAAAAAGBbAAC8AIAAAAAAAF8fAAC8AIAAAAAAAGB1AAC8AIAAAAAAAF5nAAC8AIAAAAAAAF90AAC8AIAAAAAAAF+CAAC8AIAAAAAAAGAPAAC8AIAAAAAAAFzzAAC4AIAAAAAAAF9dAAC8AIAAAAAAAGBjAAC8AIAAAAAAAF7jAAC8AIAAAAAAAGAsAAC8AIAAAAAAAF+dAAC8AIAAAAAAAF6yAAC8AIAAAAAAAF\/GAAC8AIAAAAAAAF2UAAC4AIAAAAAAAGFsAAC8AIAAAAAAAF1MAAC8AIAAAAAAAGBiAAC8AIAAAAAAAF9OAAC8AIAAAAAAAF\/CAAC8AIAAAAAAAF84AAC8AIAAAAAAAGAJAAC8AIAAAAAAAF2YAAC4AIAAAAAAAF83AAC8AIAAAAAAAF7mAAC8AIAAAAAAAF7\/AAC8AIAAAAAAAGEAAAC8AIAAAAAAAF6MAAC8AIAAAAAAAF\/tAAC8AIAAAAAAAGAtAAC8AIAAAAAAAFz\/AAC4AIAAAAAAAF\/LAAC8AIAAAAAAAGAkAAC8AIAAAAAAAF6BAAC8AIAAAAAAAGBcAAC8AIAAAAAAAF7iAAC8AIAAAAAAAGBgAAC8AIAAAAAAAF5yAAC8AIAAAAAAAF0+AAC4AIAAAAAAAGAtAAC8AIAAAAAAAF7oAAC8AIAAAAAAAF+SAAC8AIAAAAAAAF+FAAC8AIAAAAAAAF+JAAC8AIAAAAAAAF9+AAC8AIAAAAAAAF\/xAAC8AIAAAAAAAF6GAAC4AIAAAAAAAF+7AAC8AIAAAAAAAF4aAAC8AIAAAAAAAGCVAAC8AIAAAAAAAF5pAAC8AIAAAAAAAF\/5AAC8AIAAAAAAAF87AAC8AIAAAAAAAGCSAAC8AIAAAAAAAFyXAAC4AIAAAAAAAF+2AAC8AIAAAAAAAF+IAAC8AIAAAAAAAF+YAAC8AIAAAAAAAF+DAAC8AIAAAAAAAGAIAAC8AIAAAAAAAF7tAAC8AIAAAAAAAGBIAAC8AIAAAAAAAFx\/AAC4AIAAAAAAAGAEAAC8AIAAAAAAAF8+AAC8AIAAAAAAAF9wAAC8AIAAAAAAAGApAAC8AIAAAAAAAF9TAAC8AIAAAAAAAGBUAAC8AIAAAAAAAF6+AAC8AIAAAAAAAF2sAAC4AIAAAAAAAF9\/AAC8AIAAAAAAAF9fAAC8AIAAAAAAAGBJAAC8AIAAAAAAAF6TAAC8AIAAAAAAAF+YAAC8AIAAAAAAAF\/SAAC8AIAAAAAAAF7xAAC8AIAAAAAAAF5rAAC4AIAAAAAAAF6uAAC8AIAAAAAAAF\/3AAC8AIAAAAAAAF9pAAC8AIAAAAAAAF9WAAC8AIAAAAAAAGGKAAC8AIAAAAAAAF4AAAC8AIAAAAAAAGCFAAC8AIAAAAAAAFyjAAC4AIAAAAAAAF9+AAC8AIAAAAAAAF9rAAC8AIAAAAAAAF+CAAC8AIAAAAAAAGC6AAC8AIAAAAAAAF4dAAC8AIAAAAAAAF+MAAC8AIAAAAAAAF95AAC8AIAAAAAAAF2DAAC4AIAAAAAAAGBAAAC8AIAAAAAAAF7TAAC8AIAAAAAAAF9qAAC8AIAAAAAAAGALAAC8AIAAAAAAAGC3AAC8AIAAAAAAAF8\/AAC8AIAAAAAAAF4OAAC8AIAAAAAAAF2OAAC4AIAAAAAAAGCKAAC8AIAAAAAAAF8YAAC8AIAAAAAAAGAcAAC8AIAAAAAAAF8FAAC8AIAAAAAAAF\/SAAC8AIAAAAAAAF\/DAAC8AIA="}
00428{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319054,"pkt_ts_usec":237694,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ouxAAEAGuqbAqAEHF\/YDjM+zAFBtwXdvhcMDb4AQD9LTFgAAAQEICh9lCRyEoMsa"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1484319056204,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1484319056204,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":204111,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAfy9AAEAG1l7AqAEHF\/YLhc+0AFDwxwoWAAAAALAC\/\/9XEAAAAgQFtAEDAwUBAQgKH2UQewAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1484319056210,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1484319056210,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":210218,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAc11AAEAG4jDAqAEHF\/YLhc+1AFCjZhjfAAAAALAC\/\/+VoQAAAgQFtAEDAwUBAQgKH2UQgQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1484319056214,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1484319056214,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":214323,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAlQtAAEAGwHrAqAEHF\/YLjc+2AFBDrGT6AAAAALAC\/\/+pMwAAAgQFtAEDAwUBAQgKH2UQhQAAAAAEAgAA"}
00440{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":215779,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7RnATKV8McKF6AS\/\/8JWwAAAgQFtAEDAwkEAggKNWmPpR9lEHs="}
00427{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":219771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0oIhAAEAGtRHAqAEHF\/YLhc+0AFDwxwoXZwEyloAQEBUoBwAAAQEICh9lEIg1aY+l"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1484319056221,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1484319056221,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":221799,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAtyBAAEAGnmXAqAEHF\/YLjc+3AFC7qylgAAAAALAC\/\/9syQAAAgQFtAEDAwUBAQgKH2UQiQAAAAAEAgAA"}
00910{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":222173,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"gCqoTGHM5JjWH70UCABFAAGaDOxAAEAGR0jAqAEHF\/YLhc+0AFDwxwoXZwEyloAYEBXItgAAAQEICh9lEIo1aY+lR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKcGVRTEJXakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpmRWVmODBLMDJ5bklqTExvaS1IWkIxdVExMCZyYW5kb209MjQ3MzMzNjUxMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjEzMw0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1484319056232,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00941{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1484319056204,"flow_last_seen":1484319056222,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10&random=2473336513","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1484319056232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":232857,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA7BpAAEAGaWvAqAEHF\/YLjc+4AFBql8CVAAAAALAC\/\/8mpAAAAgQFtAEDAwUBAQgKH2UQjAAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1484319056233,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1484319056233,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":233255,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABALEhAAEAGKT7AqAEHF\/YLjc+5AFBMFfUEAAAAALAC\/\/8QsgAAAgQFtAEDAwUBAQgKH2UQkAAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1484319056233,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1484319056233,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":233602,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABACXBAAEAGTBbAqAEHF\/YLjc+6AFDVkM0AAAAAALAC\/\/+vNgAAAgQFtAEDAwUBAQgKH2UQkwAAAAAEAgAA"}
00442{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":234132,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz7VYH\/mqo2YY4KAS\/\/\/lFwAAAgQFtAEDAwkEAggKL5BAHx9lEIE="}
00441{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":234316,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7YrOmTYQ6xk+6AS\/\/\/4+gAAAgQFtAEDAwkEAggKJ9gJPh9lEIU="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1484319056234,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1484319056234,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":234960,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABATZFAAEAGB\/XAqAEHF\/YLjc+7AFDfu3VVAAAAALAC\/\/\/8sgAAAgQFtAEDAwUBAQgKH2UQlgAAAAAEAgAA"}
00428{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":235335,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA09NVAAEAGYMTAqAEHF\/YLhc+1AFCjZhjgWB\/5q4AQEBUDvAAAAQEICh9lEJYvkEAf"}
00427{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":236474,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0j6xAAEAGxeXAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAQEBUXoQAAAQEICh9lEJgn2Ak+"}
00441{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":237886,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7dWBL6lu6spYaAS\/\/\/t4QAAAgQFtAEDAwkEAggKuIfCpR9lEIk="}
00427{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":241221,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Xt9AAEAG9rLAqAEHF\/YLjc+3AFC7qylhVgS+poAQEBUMigAAAQEICh9lEJq4h8Kl"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1484319056241,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1484319056241,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":241489,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAWzRAAEAG+lHAqAEHF\/YLjc+8AFAt4\/K3AAAAALAC\/\/8xJAAAAgQFtAEDAwUBAQgKH2UQmgAAAAAEAgAA"}
00910{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":241806,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"gCqoTGHM5JjWH70UCABFAAGaBJdAAEAGT5XAqAEHF\/YLjc+2AFBDrGT7Kzpk2YAYEBUtTQAAAQEICh9lEJsn2Ak+R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKcG1RSVJla0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhydm5sSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PW1RZk9mOTAtUlkyR2QyaWkyMEtKcENjWVFWayZyYW5kb209MTM0NTY0NjIyOSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00941{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1484319056214,"flow_last_seen":1484319056241,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJpmQIRekGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThrvnlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=mQfOf90-RY2Gd2ii20KJpCcYQVk&random=1345646229","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00907{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":253583,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"gCqoTGHM5JjWH70UCABFAAGZsodAAEAGoa3AqAEHF\/YLhc+1AFCjZhjgWB\/5q4AYEBXhqgAAAQEICh9lEJsvkEAfR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMW91VmFKWjJiTEJDaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX25nSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVNpeEtRbUxMSk52U2hqLXBmTUwtMmg0UWFxUSZyYW5kb209NzI3NjY2MTA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00930{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_tot_l4_data_len":505,"flow_min_l4_data_len":32,"flow_max_l4_data_len":389,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1484319056264,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1484319056210,"flow_last_seen":1484319056253,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/range\/0-65535?o=AQEfKq2oMrLRiWL1ouVaJZ2bLBChGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_ngHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=SixKQmLLJNvShj-pfML-2h4QaqQ&random=727666104","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1484319056264,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":264215,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAgCRAAEAG1WHAqAEHF\/YLjc+9AFCAerrsAAAAALAC\/\/8WUwAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1484319056264,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1484319056264,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":264541,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA6tRAAEAGarHAqAEHF\/YLjc++AFBtOQm6AAAAALAC\/\/\/axQAAAgQFtAEDAwUBAQgKH2UQngAAAAAEAgAA"}
00906{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":264843,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"gCqoTGHM5JjWH70UCABFAAGZg0NAAEAG0OnAqAEHF\/YLjc+3AFC7qylhVgS+poAYEBUzwQAAAQEICh9lEJ64h8KlR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSjJUTGh1aUdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUDdsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PURoMjc4dTJVcEFwT0NHVWo1UnhWOGF6TldYOCZyYW5kb209MzIzNzY1OTUwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00930{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_tot_l4_data_len":505,"flow_min_l4_data_len":32,"flow_max_l4_data_len":389,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1253,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1484319056221,"flow_last_seen":1484319056264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8&random=323765950","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
01121{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":276003,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWHQX9guFwKgBBwBQz7RnATKW8McLfYAQCAIfuQAAAQEICjVpj8IfZRCKSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xMDQzNTI1NDU2O2gxPTM4NjQ4OTgwMTg7aDI9MjgzOTU3NTcwNDtoMz0yMjk3OTE3MjM0O2g0PTEzMDQzMDA3NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3MjthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
00441{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1255,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":276405,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7vga1YT37t1VqAS\/\/\/ATQAAAgQFtAEDAwkEAggKs1tjeh9lEJY="}
00441{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1256,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":276713,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7h\/u26MapfAlqAS\/\/8KPAAAAgQFtAEDAwkEAggKFFAqwB9lEIw="}
@@ -496,13 +496,13 @@
00428{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":279100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0AZpAAEAGU\/jAqAEHF\/YLjc+5AFBMFfUFz2h9PYAQEBUYcgAAAQEICh9lEL40r6Zm"}
00428{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":279299,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fi9AAEAG12rAqAEHF\/YLhc+0AFDwxwt9ZwE6RIAQD9ge3AAAAQEICh9lEL81aY\/C"}
00910{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":281344,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"gCqoTGHM5JjWH70UCABFAAGaF7lAAEAGPHPAqAEHF\/YLjc+7AFDfu3VW4GtWFIAYEBXHgQAAAQEICh9lEMGzW2N6R0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSmlYTEJ1Z0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUpxVGcwTmlBTkluNC1hUnduM3VLdFdkb1E3TSZyYW5kb209MTE0ODk3MDExNSBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00941{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1266,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1484319056234,"flow_last_seen":1484319056281,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJiXLBugGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPflHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JqTg0NiANIn4-aRwn3uKtWdoQ7M&random=1148970115","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00906{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":292083,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"gCqoTGHM5JjWH70UCABFAAGZMGVAAEAGI8jAqAEHF\/YLjc+6AFDVkM0Bidafe4AYEBWjdwAAAQEICh9lEMFNgQ3sR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSm1VTFJhakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwZmJsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PXplenJESkRRdmdPMlRpWUMxZFQzaW1INFFDOCZyYW5kb209MTY5NDY3MzA0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00930{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_tot_l4_data_len":505,"flow_min_l4_data_len":32,"flow_max_l4_data_len":389,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00940{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056292,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":357,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJmULRajGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpfblHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=zezrDJDQvgO2TiYC1dT3imH4QC8&random=169467304","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00910{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":292112,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"gCqoTGHM5JjWH70UCABFAAGa65tAAEAGaJDAqAEHF\/YLjc+4AFBql8CWf7tujYAYEBXPLgAAAQEICh9lEMQUUCrAR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKSnFUSVJxaEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX3ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PVRuUDU5SkIxd2I1VVRPQ3IwbS1LUVUya0dQbyZyYW5kb209NDEzNDczMTQwMCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00941{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1268,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1484319056232,"flow_last_seen":1484319056292,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo&random=4134731400","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00911{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":302728,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"pkt":"gCqoTGHM5JjWH70UCABFAAGcdGpAAEAG37\/AqAEHF\/YLjc+5AFBMFfUFz2h9PYAYEBXR6AAAAQEICh9lEMQ0r6ZmR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFJcHlUSUJHakdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwX2JpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9OFo3OHZMMmk5T3ppaENBM00xTGluTVljTVk0JnJhbmRvbT0yMzg2NDc1ODM2IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_tot_l4_data_len":508,"flow_min_l4_data_len":32,"flow_max_l4_data_len":392,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00943{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1269,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1484319056233,"flow_last_seen":1484319056302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQIpyTIBGjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_biCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=8Z78vL2i9OzihCA3M1LinMYcMY4&random=2386475836","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00440{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":303302,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz7wVYmHmLePyuKAS\/\/9RBgAAAgQFtAEDAwkEAggKED1piB9lEJo="}
01121{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":303461,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7YrOmTZQ6xmYYAQCAKWwQAAAQEICifYCWMfZRCbSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNSBGZWIgMjAxNiAxMDo0OTozNCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0xNDM0ODQ5OTY5O2gxPTE2NzkwMzAyNTk7aDI9ODg3ODQzMjA4O2gzPTQwODQyNzcyNzc7aDQ9MzEyNzQ2MDg0NDsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3NDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
02366{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":303598,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz7YrOmbfQ6xmYYAQCALBcQAAAQEICifYCWMfZRCbAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAARSzwEAAAAAACYloAAAAAGLpHBTQAAAAAAAOd+AAAAABFJ8jsAAAAAAACErQAAYtEAAAAAAAAIDQAAPlxA09pL3VdPKtfkBTJbv6A1AAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAASnV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADSka6sTmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4wLgAAAAcbbW9vdgAAAHhtdmhkAQAAAAAAAADSka6xAAAAANKRrrEAmJaAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAr5wc3NoAAAAAJoE8HmYQEKGq5LmW+CIX5UAAAKengIAAAEAAQCUAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AQQBBAEEAQQBBAE4AYwBEAG4AUQBFAEEAQQBBAEEAQQBBAEEAQQBBAEEAQQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBsAGgAVABwAFkANwBaADIAZABuADgAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABDAFUAUwBUAE8ATQBBAFQAVABSAEkAQgBVAFQARQBTAD4APABMAGkAdAB0AGwAZQBFAG4AZABpAGEAbgBLAEkARAA+AHQAcgB1AGUAPAAvAEwAaQB0AHQAbABlAEUAbgBkAGkAYQBuAEsASQBEAD4APAAvAEMAVQBTAFQATwBNAEEAVABUAFIASQBCAFUAVABFAFMAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AAAAADRwc3NoAAAAAO3vi6l51krOo8gn3NUdIe0AAAAUCAESEAAAAAAD1wGdAAAAAAAAAAAAAABMcHNzaAAAAAApcB\/kPMdKNIxbrpDHQ5pHAAAALAAAAAQAAAAAA9cBne6+iM7gGgVTeMUcH+S5rk6G\/Iuw0mu4l83ANGhLQQEiAAADIXRyYWsAAABodGtoZAEAAAcAAAAA0pGusQAAAADSka6xAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAACAAAAAYAAAAAAACxlZHRzAAAAJGVsc3QBAAAAAAAAAQAAAAYukcFNAAAAAAAGXTsAAQAAAAAChW1kaWEAAAAsbWRoZAEAAAAAAAAA0pGusQAAAADSka6xAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWU="}
@@ -511,7 +511,7 @@
00428{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":313756,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0DEJAAEAGSVDAqAEHF\/YLjc+8AFAt4\/K4FWJh54AQEBVvgQAAAQEICh9lENgQPWmI"}
00427{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":314030,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA01TNAAEAGgF7AqAEHF\/YLjc+2AFBDrGZhKzpsh4AQD9gOZQAAAQEICh9lENgn2Alj"}
00911{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":314229,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"pkt":"gCqoTGHM5JjWH70UCABFAAGcJw9AAEAGLRvAqAEHF\/YLjc+8AFAt4\/K4FWJh54AYEBUJcgAAAQEICh9lENoQPWmIR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKNXlUTEJDa0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwXzNtQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9cjVqdG5uRWNSOGhEQ2tQSW1mRWlXcVdBaktrJnJhbmRvbT0xODQ2MjM0NTI0IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBkZWZsYXRlLCBnemlwDQpVc2VyLUFnZW50OiBuZXRmbGl4LWlvcy1hcHANCg0K"}
-00933{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_tot_l4_data_len":508,"flow_min_l4_data_len":32,"flow_max_l4_data_len":392,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00943{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1277,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1484319056241,"flow_last_seen":1484319056314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":360,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJ5yTLBCkGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_3mCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=r5jtnnEcR8hDCkPImfEiWqWAjKk&random=1846234524","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00427{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":324875,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0ertAAEAG2t7AqAEHF\/YLhc+1AFCjZhpFWCABWYAQD9j6ZQAAAQEICh9lEOAvkEBV"}
00440{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":326114,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz72N4Tx+gHq67aAS\/\/8YZwAAAgQFtAEDAwkEAggKc9HQqh9lEJ4="}
00441{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1280,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":326288,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz749DprObTkJu6AS\/\/9Z3AAAAgQFtAEDAwkEAggKxO\/1DB9lEJ4="}
@@ -520,9 +520,9 @@
00428{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":327623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Fj1AAEAGP1XAqAEHF\/YLjc++AFBtOQm7PQ6az4AQEBV4RwAAAQEICh9lEOzE7\/UM"}
02366{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":330473,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz7dWBMCsu6sqxoAQCALdVAAAAQEICriHwtkfZRCeAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAAEE53LAAAAAACYloAAAAAGLpHBTQAAAAAAAOd8AAAAAAQSVAQAAAAAAACEqwAAYtEAAAAAAAAICwAAPlxK3GBt7cZvUcoK8KbNhsl\/AAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAASnV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADSka1\/TmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4wLgAAAAcZbW9vdgAAAHhtdmhkAQAAAAAAAADSka2EAAAAANKRrYQAmJaAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAr5wc3NoAAAAAJoE8HmYQEKGq5LmW+CIX5UAAAKengIAAAEAAQCUAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AQQBBAEEAQQBBAE4AYwBEAG4AUQBFAEEAQQBBAEEAQQBBAEEAQQBBAEEAQQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBsAGgAVABwAFkANwBaADIAZABuADgAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABDAFUAUwBUAE8ATQBBAFQAVABSAEkAQgBVAFQARQBTAD4APABMAGkAdAB0AGwAZQBFAG4AZABpAGEAbgBLAEkARAA+AHQAcgB1AGUAPAAvAEwAaQB0AHQAbABlAEUAbgBkAGkAYQBuAEsASQBEAD4APAAvAEMAVQBTAFQATwBNAEEAVABUAFIASQBCAFUAVABFAFMAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AAAAAExwc3NoAAAAAClwH+Q8x0o0jFuukMdDmkcAAAAsAAAABAAAAAAD1wGd7r6IzuAaBVN4xRwf5LmuTob8i7DSa7iXzcA0aEtBASIAAAA0cHNzaAAAAADt74upedZKzqPIJ9zVHSHtAAAAFAgBEhAAAAAAA9cBnQAAAAAAAAAAAAADH3RyYWsAAABodGtoZAEAAAcAAAAA0pGthAAAAADSka2EAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAABQAAAAPAAAAAAACxlZHRzAAAAJGVsc3QBAAAAAAAAAQAAAAYukcFNAAAAAAAGXTsAAQAAAAACg21kaWEAAAAsbWRoZAEAAAAAAAAA0pGthAAAAADSka2EAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWU="}
00910{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":336202,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"pkt":"gCqoTGHM5JjWH70UCABFAAGbxNdAAEAGj1PAqAEHF\/YLjc+9AFCAerrtjeE8f4AYEBVqrAAAAQEICh9lEO5z0dCqR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFMSjJUSUJlcEdMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhwUGJpQ0ZyVWpIV3FoNWlwUUN0emY0T1ZXUSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9dFRYdTNjNkZuSnRmaTZ6MElKcDNodzhlRHY4JnJhbmRvbT0xMjk0NTQwNzYgSFRUUC8xLjENCkhvc3Q6IDIzLjI0Ni4xMS4xNDENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGRlZmxhdGUsIGd6aXANClVzZXItQWdlbnQ6IG5ldGZsaXgtaW9zLWFwcA0KDQo="}
-00932{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_tot_l4_data_len":507,"flow_min_l4_data_len":32,"flow_max_l4_data_len":391,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00942{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056336,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":359,"flow_tot_l4_payload_len":359,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQLJ2TIBepGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpPbiCFrUjHWqh5ipQCtzf4OVWQ&v=3&e=1484347850&t=tTXu3c6FnJtfi6z0IJp3hw8eDv8&random=129454076","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00911{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":347066,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"gCqoTGHM5JjWH70UCABFAAGazfdAAEAGhjTAqAEHF\/YLjc++AFBtOQm7PQ6az4AYEBVtUQAAAQEICh9lEPDE7\/UMR0VUIC9yYW5nZS8wLTY1NTM1P289QVFFZktxMm9NckxSaVdMMnB1TlFKWjJWS2hxZ0dMalNzZXUyM1YySFg2a0lpVTlKcGJDYUJ4eGFJb3oyMXFRTkt1RFVhT0lad2RUbHgyM0RNVnhhYmJDd212RWx1aXBEVzJ0dkZNbGhNUnR3ZGhoVmxidjlLR0ZhYml1NUtIMFNseDBWak9LX3d6VGhvX2ZsSGhXQTRrVzlnYXlZRVd0ak5OS2Umdj0zJmU9MTQ4NDM0Nzg1MCZ0PUxRN0x5WFNuWmFYS0VIQUhhUlJIay1TN2RLRSZyYW5kb209NDIwOTgxMDYzMyBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjExLjE0MQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZGVmbGF0ZSwgZ3ppcA0KVXNlci1BZ2VudDogbmV0ZmxpeC1pb3MtYXBwDQoNCg=="}
-00931{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":32,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
+00941{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1484319056264,"flow_last_seen":1484319056347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":358,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/range\/0-65535?o=AQEfKq2oMrLRiWL2puNQJZ2VKhqgGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzTho_flHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=LQ7LyXSnZaXKEHAHaRRHk-S7dKE&random=4209810633","code":0,"content_type":"","user_agent":"netflix-ios-app"}}
00427{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":347079,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0kxxAAEAGwnXAqAEHF\/YLjc+3AFC7qyrGVgTGVIAQD9gDJgAAAQEICh9lEPW4h8LY"}
01121{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":358487,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"5JjWH70UgCqoTGHMCABFIAI6AABAADsGWGwX9guNwKgBBwBQz7vga1YU37t2vIAQCAIEZwAAAQEICrNbY8AfZRDBSFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDEzIEphbiAyMDE3IDE0OjUwOjU2IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA2NTUzNg0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMTowMTozMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yODYxMDQyNzU7aDE9MjM5MzA0NTg0MTtoMj00MDM0NTM4MzEwO2gzPTE2NTY5NTYxMjI7aDQ9MjQ5OTU3MjMyOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE3OTthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KDQo="}
02364{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319056,"pkt_ts_usec":358559,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz7vga1ga37t2vIAQCAIUmAAAAQEICrNbY8EfZRDBAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAAF2qmWAAAAAACYloAAAAAGLpHBTQAAAAAAAOd9AAAAAAXZX84AAAAAAACErAAAYtEAAAAAAAAIDAAAPlwgjAAes9s20dQ7LcTGRwWqAAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAASnV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADSka2WTmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4wLgAAAAcabW9vdgAAAHhtdmhkAQAAAAAAAADSka2cAAAAANKRrZwAmJaAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAExwc3NoAAAAAClwH+Q8x0o0jFuukMdDmkcAAAAsAAAABAAAAAAD1wGd7r6IzuAaBVN4xRwf5LmuTob8i7DSa7iXzcA0aEtBASIAAAK+cHNzaAAAAACaBPB5mEBChquS5lvgiF+VAAACnp4CAAABAAEAlAI8AFcAUgBNAEgARQBBAEQARQBSACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8ARABSAE0ALwAyADAAMAA3AC8AMAAzAC8AUABsAGEAeQBSAGUAYQBkAHkASABlAGEAZABlAHIAIgAgAHYAZQByAHMAaQBvAG4APQAiADQALgAwAC4AMAAuADAAIgA+ADwARABBAFQAQQA+ADwAUABSAE8AVABFAEMAVABJAE4ARgBPAD4APABLAEUAWQBMAEUATgA+ADEANgA8AC8ASwBFAFkATABFAE4APgA8AEEATABHAEkARAA+AEEARQBTAEMAVABSADwALwBBAEwARwBJAEQAPgA8AC8AUABSAE8AVABFAEMAVABJAE4ARgBPAD4APABLAEkARAA+AEEAQQBBAEEAQQBOAGMARABuAFEARQBBAEEAQQBBAEEAQQBBAEEAQQBBAEEAPQA9ADwALwBLAEkARAA+ADwAQwBIAEUAQwBLAFMAVQBNAD4AbABoAFQAcABZADcAWgAyAGQAbgA4AD0APAAvAEMASABFAEMASwBTAFUATQA+ADwAQwBVAFMAVABPAE0AQQBUAFQAUgBJAEIAVQBUAEUAUwA+ADwATABpAHQAdABsAGUARQBuAGQAaQBhAG4ASwBJAEQAPgB0AHIAdQBlADwALwBMAGkAdAB0AGwAZQBFAG4AZABpAGEAbgBLAEkARAA+ADwALwBDAFUAUwBUAE8ATQBBAFQAVABSAEkAQgBVAFQARQBTAD4APAAvAEQAQQBUAEEAPgA8AC8AVwBSAE0ASABFAEEARABFAFIAPgAAAAA0cHNzaAAAAADt74upedZKzqPIJ9zVHSHtAAAAFAgBEhAAAAAAA9cBnQAAAAAAAAAAAAADIHRyYWsAAABodGtoZAEAAAcAAAAA0pGtnAAAAADSka2cAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAABQAAAAPAAAAAAACxlZHRzAAAAJGVsc3QBAAAAAAAAAQAAAAYukcFNAAAAAAAGXTsAAQAAAAAChG1kaWEAAAAsbWRoZAEAAAAAAAAA0pGtnAAAAADSka2cAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWU="}
@@ -632,47 +632,47 @@
00445{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319059,"pkt_ts_usec":471993,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABA\/RlAAEAGWGzAqAEHF\/YLjc+7AFDfu3a84GuQqrAQD9JK3gAAAQEICh9lHJizW3ALAQEFCuBroaLga6dK"}
00456{"flow_id":40,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319059,"pkt_ts_usec":632219,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"gCqoTGHM5JjWH70UCABFAABIB+5AAEAGTZDAqAEHF\/YLjc+6AFDVkM5midbUadAQD6YTiwAAAQEICh9lHTBNgRscAQEFEonWzsGJ1s7lidbrCYnW8LE="}
00445{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319059,"pkt_ts_usec":689426,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAWJRAAEAG\/PHAqAEHF\/YLjc+6AFDVkM5midbaEbAQD9LeygAAAQEICh9lHWZNgRs3AQEFConW6wmJ1vCx"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1484319064590,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1484319064590,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":590230,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAVptAAEAGBuzAqAEHF\/YDjM+\/AFBrAzOSAAAAALAC\/\/+cMAAAAgQFtAEDAwUBAQgKH2UvkQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1484319064593,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1484319064593,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":593980,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAVrtAAEAG\/srAqAEHF\/YLjc\/AAFDz13keAAAAALAC\/\/\/FywAAAgQFtAEDAwUBAQgKH2UvkwAAAAAEAgAA"}
00440{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1911,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":620050,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz8BQi7Oi89d5H6AS\/\/+uwwAAAgQFtAEDAwkEAggKYvDA2R9lL5M="}
00442{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1912,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":620707,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADgGZWsX9gOMwKgBBwBQz78\/hnHMawMzk6AS\/\/+duQAAAgQFtAEDAwkEAggKbx\/u9B9lL5E="}
00428{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":621471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0SOFAAEAGDLHAqAEHF\/YLjc\/AAFDz13kfUIuzo4AQEBXNXwAAAQEICh9lL7Bi8MDZ"}
00428{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":621745,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0y1dAAEAGkjvAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAQEBW8UwAAAQEICh9lL7BvH+70"}
01113{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":624064,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"pkt":"gCqoTGHM5JjWH70UCABFAAIx\/M5AAEAGVsbAqAEHF\/YLjc\/AAFDz13kfUIuzo4AYEBXADAAAAQEICh9lL7Ji8MDZR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKcVRJUnFoR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfdmxIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9VG5QNTlKQjF3YjVVVE9DcjBtLUtRVTJrR1BvIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00957{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_tot_l4_data_len":657,"flow_min_l4_data_len":32,"flow_max_l4_data_len":541,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+00968{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1916,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1484319064593,"flow_last_seen":1484319064624,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJqTIRqhGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_vlHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=TnP59JB1wb5UTOCr0m-KQU2kGPo","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
01108{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":634961,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"gCqoTGHM5JjWH70UCABFAAIt069AAEAGh+rAqAEHF\/YDjM+\/AFBrAzOTP4ZxzYAYEBUSvwAAAQEICh9lL7NvH+70R0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wtcC1WZUlaNldLUnEtWDZMTXZhTHFneFdCQ3VGYmgwOU1wcmVPUlVVT081VHgxNjgzSFBuTFk2QlBqTl85bWxEdVlpaEdab1h1OXUwb3pIOFJGaW9CTl9KRE5pUnNjaWRqdm9TZFdtbHlaZ1BOYW5zVzBsa0JyNFg4MUh2bG9PaThCU19leFZTUGhNeUpRVEI1Ymcmdj0zJmU9MTQ4NDM0Nzg1MCZ0PS04dTR2bGNQdUZxY09Mbkx5YjlERHRLLWJCNCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtODk4DQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogQXBwbGVDb3JlTWVkaWEvMS4wLjAuMTRDOTIgKGlQaG9uZTsgVTsgQ1BVIE9TIDEwXzIgbGlrZSBNYWMgT1MgWDsgZW5fdXMpDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGlkZW50aXR5DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00952{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_tot_l4_data_len":653,"flow_min_l4_data_len":32,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":163,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+00963{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1917,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1484319064590,"flow_last_seen":1484319064634,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":505,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.3.140","url":"23.246.3.140\/?o=AQEfKq2oMrLRiWL-p-VeIZ6WKRq-X6LMvaLqgxWBCuFbh09MpreORUUOO5Tx1683HPnLY6BPjN_9mlDuYihGZoXu9u0ozH8RFioBN_JDNiRscidjvoSdWmlyZgPNansW0lkBr4X81HvloOi8BS_exVSPhMyJQTB5bg&v=3&e=1484347850&t=-8u4vlcPuFqcOLnLyb9DDtK-bB4","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
01189{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":666580,"pkt_caplen":635,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":635,"pkt_l4_len":601,"pkt":"5JjWH70UgCqoTGHMCABFIAJtAABAADsGWDkX9guNwKgBBwBQz8BQi7Oj89d7HIAQCAKAjwAAAQEICmLwwQkfZS+ySFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1ODozOCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0zODc0NDA1MjkxO2gxPTE2OTUxOTc4MzY7aDI9MzkxNzk2ODQ1MztoMz0xNjgzNjM2NjM2O2g0PTEyNTE5MTU3NTQ7DQpYLVNlc3Npb24tSW5mbzogYWRkcj03My4yMDMuMTA3LjIzO3BvcnQ9NTMxODQ7YXJncD02LnNOYzBEWFNmOFRIRTNmNHk4VnVObGtUSExzRW5RMUNLY2tDN3VzdzJ2YkENCkNvbnRlbnQtUmFuZ2U6IGJ5dGVzIDAtMjA1OC81MTgzODA5MA0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1484319064669,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1484319064669,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1921,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":669455,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAhwJAAEAGqhTAqAEHNr8RM8\/JAbsptVYdAAAAALAC\/\/+MwgAAAgQFtAEDAwUBAQgKH2Uv3QAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1484319064671,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1484319064671,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1922,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":671268,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAbOBAAEAGxDbAqAEHNr8RM8\/SAbtTxg2UAAAAALAC\/\/+rMAAAAgQFtAEDAwUBAQgKH2Uv3gAAAAAEAgAA"}
02364{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1923,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":671943,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz8BQi7Xc89d7HIAQCAJTKgAAAQEICmLwwQkfZS+yAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAADFvwoAAAAAACYloAAAAAGLpHBTQAAAAAAAOd8AAAAAAMVsmEAAAAAAACEqwAAYtEAAAAAAAAICwAAPlww7LvEbW3roAPsiM8lAvH1AAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAASnV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADSka2DTmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4wLgAAAAcZbW9vdgAAAHhtdmhkAQAAAAAAAADSka2JAAAAANKRrYkAmJaAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAr5wc3NoAAAAAJoE8HmYQEKGq5LmW+CIX5UAAAKengIAAAEAAQCUAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AQQBBAEEAQQBBAE4AYwBEAG4AUQBFAEEAQQBBAEEAQQBBAEEAQQBBAEEAQQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBsAGgAVABwAFkANwBaADIAZABuADgAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABDAFUAUwBUAE8ATQBBAFQAVABSAEkAQgBVAFQARQBTAD4APABMAGkAdAB0AGwAZQBFAG4AZABpAGEAbgBLAEkARAA+AHQAcgB1AGUAPAAvAEwAaQB0AHQAbABlAEUAbgBkAGkAYQBuAEsASQBEAD4APAAvAEMAVQBTAFQATwBNAEEAVABUAFIASQBCAFUAVABFAFMAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AAAAAExwc3NoAAAAAClwH+Q8x0o0jFuukMdDmkcAAAAsAAAABAAAAAAD1wGd7r6IzuAaBVN4xRwf5LmuTob8i7DSa7iXzcA0aEtBASIAAAA0cHNzaAAAAADt74upedZKzqPIJ9zVHSHtAAAAFAgBEhAAAAAAA9cBnQAAAAAAAAAAAAADH3RyYWsAAABodGtoZAEAAAcAAAAA0pGtiQAAAADSka2JAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAABQAAAAPAAAAAAACxlZHRzAAAAJGVsc3QBAAAAAAAAAQAAAAYukcFNAAAAAAAGXTsAAQAAAAACg21kaWEAAAAsbWRoZAEAAAAAAAAA0pGtiQAAAADSka2JAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWU="}
00428{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1924,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":673475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0qPNAAEAGrJ7AqAEHF\/YLjc\/AAFDz13scUIu7hIAQD9bDXwAAAQEICh9lL+Fi8MEJ"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1484319064683,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1484319064683,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":683828,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"gCqoTGHM5JjWH70UCABFAABFcJ0AAP8Rx7HAqAEHwKgBAe4iADUAMSObED0BAAABAAAAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAE="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1484319064683,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1925,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1484319064683,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01186{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":684712,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":632,"pkt_l4_len":598,"pkt":"5JjWH70UgCqoTGHMCABFIAJqAABAADgGYz0X9gOMwKgBBwBQz78\/hnHNawM1jIAQCALNywAAAQEICm8f7y8fZS+zSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogODk5DQpMYXN0LU1vZGlmaWVkOiBXZWQsIDAyIERlYyAyMDE1IDEzOjA0OjU0IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFgtVENQLUluZm8sWC1TZXNzaW9uLUluZm8NClgtVENQLUluZm86IGgwPTE4NzYyODM3MjU7aDE9NDA2NDkwMzk0NDtoMj00MDQyNzE1Mjg1O2gzPTU1ODU2Mjg0MztoND0zODg1NTExNTIyOw0KWC1TZXNzaW9uLUluZm86IGFkZHI9NzMuMjAzLjEwNy4yMztwb3J0PTUzMTgzO2FyZ3A9Ni5zTmMwRFhTZjhUSEUzZjR5OFZ1TmxrVEhMc0VuUTFDS2NrQzd1c3cydmJBDQpDb250ZW50LVJhbmdlOiBieXRlcyAwLTg5OC8zMjQ2ODMzNQ0KDQo="}
01632{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":690004,"pkt_caplen":965,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":965,"pkt_l4_len":931,"pkt":"5JjWH70UgCqoTGHMCABFIAO3AABAADgGYfAX9gOMwKgBBwBQz78\/hnQDawM1jIAYCAJbiAAAAQEICm8f7y8fZS+zAAAAIGZ0eXBtcDQyAAAAAGlzb21pc28yZGFzaGlzbzYAAABsdXVpZE5ldGZsaXhQaWZmU3RybSEBAAAAAAAAAAHvbQsAAAAAAJiWgAAAAAYupEAAAAAAAAAA4x8AAAAAAe4nkAAAAAAAAIA7AABi5AAAAAAAAAODAAA+aP3QyWlgzDIljZh5Z7N\/JK4AAAAYZnJlZQAAAAAAAAAAAAAAAAAAAAAAAABMdXVpZOLpAqV+Q+JBkNohIRjFZDIAAAAAAAAAANKD0PxOZXRmbGl4IE1lZGlhIExpYnJhcnkgVmVyc2lvbiA4MC4wLjM5MC4AAAACk21vb3YAAAB4bXZoZAEAAAAAAAAA0oPRAgAAAADSg9ECAJiWgAAAAAAAAAAAAAEAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAHXdHJhawAAAGh0a2hkAQAABwAAAADSg9ECAAAAANKD0QIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAABZ21kaWEAAAAsbWRoZAEAAAAAAAAA0oPRAgAAAADSg9ECAABdwAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAABzb3VuAAAAAAAAAAAAAAAAQXVkaW8gTWVkaWEgSGFuZGxlcgAAAAD\/bWluZgAAABBzbWhkAAAAAAAAAAAAAAAkZGluZgAAABxkcmVmAAAAAAAAAAEAAAAMdXJsIAAAAAEAAADDc3RibAAAABBzdHRzAAAAAAAAAAAAAAAQY3R0cwAAAAAAAAAAAAAAZ3N0c2QAAAAAAAAAAQAAAFdtcDRhAAAAAAAAAAEAAAAAAAAAAAACABAAAAAAXcAAAAAAADNlc2RzAAAAAAOAgIAiAAAABICAgBRAFQADPgACWzIAAX0sBYCAgAITEAaAgIABAgAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYupEAAAAAAIHRyZXgAAAAAAAAAAQAAAAEAAAAAAAAAAAKgAAA="}
00429{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":691370,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Q4hAAEAGGgvAqAEHF\/YDjM+\/AFBrAzWMP4Z3hoAQD+e0UwAAAQEICh9lL\/FvH+8v"}
01117{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":697512,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"pkt":"gCqoTGHM5JjWH70UCABFAAI0e3JAAEAG4CDAqAEHF\/YDjM+\/AFBrAzWMP4Z3hoAYEAC+hwAAAQEICh9lL\/ZvH+8vR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wtcC1WZUlaNldLUnEtWDZMTXZhTHFneFdCQ3VGYmgwOU1wcmVPUlVVT081VHgxNjgzSFBuTFk2QlBqTl85bWxEdVlpaEdab1h1OXUwb3pIOFJGaW9CTl9KRE5pUnNjaWRqdm9TZFdtbHlaZ1BOYW5zVzBsa0JyNFg4MUh2bG9PaThCU19leFZTUGhNeUpRVEI1Ymcmdj0zJmU9MTQ4NDM0Nzg1MCZ0PS04dTR2bGNQdUZxY09Mbkx5YjlERHRLLWJCNCBIVFRQLzEuMQ0KSG9zdDogMjMuMjQ2LjMuMTQwDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTU4MTQzLTE4MTE5MA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
00674{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":699948,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"5JjWH70UgCqoTGHMCABFAADq4UlAAEAR1WDAqAEBwKgBBwA17iIA1plWED2BgAABAAkAAAAAB2ljaG5hZWEDZ2VvB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAMABkHaWNobmFlYQdsYXRlbmN5BnByb2RhYcAYwDUAAQABAAAAFgAENCUk\/MA1AAEAAQAAABYABDQrZhTANQABAAEAAAAWAAQ0Iv+pwDUAAQABAAAAFgAENBhu0sA1AAEAAQAAABYABDQK7rvANQABAAEAAAAWAAQ2RB9SwDUAAQABAAAAFgAENCdXJMA1AAEAAQAAABYABDQobnM="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":49,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1930,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ichnaea.geo.netflix.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.37.36.252"}}
01250{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":701577,"pkt_caplen":677,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":677,"pkt_l4_len":643,"pkt":"5JjWH70UgCqoTGHMCABFIAKXAAFAADsGWA4X9guNwKgBBwBQz8BQi7uE89d7HIAYCALq\/wAAAQEICmLwwQkfZS+yZGlhIEhhbmRsZXIAAAACG21pbmYAAAAUdm1oZAAAAAEAAAAAAAAAAAAAACRkaW5mAAAAHGRyZWYAAAAAAAAAAQAAAAx1cmwgAAAAAQAAAdtzdGJsAAAAEHN0dHMAAAAAAAAAAAAAABBjdHRzAAAAAAAAAAAAAAF\/c3RzZAAAAAAAAAABAAABb2VuY3YAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAABQADwAEgAAABIAAAAAAAAAAEKQVZDIENvZGluZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAA3YXZjQwFNQB7\/4QAgZ01AHuiAoP2HCAAAH0gABdwHAQAbdgAJJ9JRgDxYtEgBAARo6+yyAAAAEHBhc3AAAAAEAAAAAwAAACJ1dWlkTmV0ZmxpeEZyYW1lUmF0ZQAAAAAAAF3AA+kAAABgc2luZgAAAAxmcm1hYXZjMQAAABRzY2htAAAAAHBpZmYAAQABAAAAOHNjaGkAAAAwdXVpZIl0285750xRhPlxSPmIJVQAAAAAAAABCAAAAAAD1wGdAAAAAAAAAAAAAABQc2luZgAAAAxmcm1hYXZjMQAAABRzY2htAAAAAGNlbmMAAQAAAAAAKHNjaGkAAAAgdGVuYwAAAAAAAAEIAAAAAAPXAZ0AAAAAAAAAAAAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYukcFNAAAAIHRyZXgAAAAAAAAAAgAAAAEAAAAAAAAAAAGhAAA="}
00429{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":702977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0bVFAAEAG6EDAqAEHF\/YLjc\/AAFDz13scUIu954AQD+zAzAAAAQEICh9lL\/ti8MEJ"}
01121{"flow_id":46,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":711443,"pkt_caplen":581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":581,"pkt_l4_len":547,"pkt":"gCqoTGHM5JjWH70UCABFAAI3FpFAAEAGPP7AqAEHF\/YLjc\/AAFDz13scUIu954AYEAALvAAAAQEICh9lMAJi8MEJR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKcVRJUnFoR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfdmxIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9VG5QNTlKQjF3YjVVVE9DcjBtLUtRVTJrR1BvIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTU5MjYwLTI1Nzk1Mg0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1484319064711,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1484319064711,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":711690,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAfOpAAEAGov3AqAEHNCUk\/M\/TAbvE99WSAAAAALAC\/\/9grAAAAgQFtAEDAwUBAQgKH2UwAgAAAAAEAgAA"}
00438{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":722112,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGRvs2vxEzwKgBBwG7z9JcNkhzU8YNlaASOJDYrwAAAgQFtAQCCAqtilitH2Uv3gEDAwg="}
00439{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":722814,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGR\/s2vxEzwKgBBwG7z8mqa43KKbVWHqASOJAmtQAAAgQFtAQCCAqtilitH2Uv3QEDAwg="}
00427{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":723412,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA06mxAAEAGRrbAqAEHNr8RM8\/SAbtTxg2VXDZIdIAQEBUvyAAAAQEICh9lMA6tilit"}
00427{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":724096,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0RtdAAEAG6kvAqAEHNr8RM8\/JAbsptVYeqmuNy4AQEBV9zAAAAQEICh9lMA6tilit"}
01125{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":728551,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI52vZAAEAGVCfAqAEHNr8RM8\/JAbsptVYeqmuNy4AYEBU\/AQAAAQEICh9lMBGtilitFgMBAgABAAH8AwOssLX4r6P7GP1cyM+\/QL5jcos5eemrJxEB7qfdYiVRRQAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1942,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1484319064669,"flow_last_seen":1484319064728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01124{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":729673,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI526xAAEAGU3HAqAEHNr8RM8\/SAbtTxg2VXDZIdIAYEBX36QAAAQEICh9lMBOtilitFgMBAgABAAH8AwM\/Ud3IJ+zS9aVmySryI5irQf+M2+tqC0+UPSJWqvpDqAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1943,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1484319064671,"flow_last_seen":1484319064729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01202{"flow_id":46,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":739999,"pkt_caplen":643,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":643,"pkt_l4_len":609,"pkt":"5JjWH70UgCqoTGHMCABFIAJ1AABAADsGWDEX9guNwKgBBwBQz8BQi73n89d9H4AQCAKi0gAAAQEICmLwwVAfZTACSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTowNCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTk4NjkzDQpMYXN0LU1vZGlmaWVkOiBNb24sIDE0IERlYyAyMDE1IDEwOjU4OjM4IEdNVA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUNClByYWdtYTogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtRXhwb3NlLUhlYWRlcnM6IFgtVENQLUluZm8sWC1TZXNzaW9uLUluZm8NClgtVENQLUluZm86IGgwPTI1NzU2ODI2OTI7aDE9MzM0ODMzNTU3MDtoMj0xNjQwMjg3NTIyO2gzPTM0NjY5MTAwNjY7aDQ9MjkwMjc2OTY5MTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzE4NDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgNTkyNjAtMjU3OTUyLzUxODM4MDkwDQoNCg=="}
02365{"flow_id":46,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":745396,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz8BQi8Ao89d9H4AQCAK2EwAAAQEICmLwwVEfZTACAAAHgW1vb2YAAAAQbWZoZAAAAAAAAAABAAAHaXRyYWYAAAAUdGZoZAACACAAAAACAaEAAAAAABR0ZmR0AQAAAAAAAAAAAAAAAAAAQXNhaXoAAAAAAAAAADAiFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYAAAAYc2FpbwEAAAAAAAABAAAAAAAAAxkAAAJYdHJ1bgAACwUAAAAwAAAHiQJgAAAABl07AAADLwAGXTsABl08AAAAGAAGXTsABl07AAAAHAAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsABl07AAAAHQAGXTsABl08AAAAHQAGXTsABl07AAAAHQAGXTsAAARMdXVpZKI5T1Jam08UokRsQnxkjfQAAAACAAAAMAnAMvWrHNgAAAQABQAAAAgABQAAAt4ABQAAAAYABQAAAC8JwDL1qxzYAQACAAUAAAAGAAUAAAAICcAy9asc2AIAAgAFAAAABgAFAAAADAnAMvWrHNgDAAIABQAAAAYABQAAAA0JwDL1qxzYBAACAAUAAAAGAAUAAAANCcAy9asc2AUAAgAFAAAABgAFAAAADQnAMvWrHNgGAAIABQAAAAYABQAAAA0JwDL1qxzYBwACAAUAAAAGAAUAAAANCcAy9asc2AgAAgAFAAAABgAFAAAADQnAMvWrHNgJAAIABQAAAAYABQAAAA0JwDL1qxzYCgACAAUAAAAGAAUAAAANCcAy9asc2AsAAgAFAAAABgAFAAAADQnAMvWrHNgMAAIABQAAAAYABQAAAA0JwDL1qxzYDQACAAUAAAAGAAUAAAANCcAy9asc2A4AAgAFAAAABgAFAAAADQnAMvWrHNgPAAIABQAAAAYABQAAAA0JwDL1qxzYEAACAAUAAAAGAAUAAAANCcAy9asc2BEAAgAFAAAABgAFAAAADQnAMvWrHNgSAAIABQAAAAYABQAAAA0JwDL1qxzYEwACAAUAAAAGAAUAAAANCcAy9asc2BQAAgAFAAAABgAFAAAADQnAMvWrHNgVAAIABQAAAAYABQAAAA0JwDL1qxzYFgACAAUAAAAGAAUAAAANCcAy9asc2BcAAgAFAAAABgAFAAAADQnAMvWrHNgYAAIABQAAAAYABQAAAA0JwDL1qxzYGQACAAUAAAAGAAUAAAANCcAy9asc2BoAAgAFAAAABgAFAAAADQnAMvWrHNgbAAIABQAAAAYABQAAAA0JwDL1qxzYHAACAAUAAAAGAAUAAAANCcAy9as="}
00429{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":751283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0l0ZAAEAGvkvAqAEHF\/YLjc\/AAFDz130fUIvF0IAQD9K2hQAAAQEICh9lMCli8MFQ"}
@@ -684,30 +684,30 @@
00426{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1954,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":783171,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0EM5AACoGNjU2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD09hgAAAQEICq2KWL0fZTAT"}
02378{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1956,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":783796,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAAFAADsGVMkX9guNwKgBBwBQz8BQi8XQ89d9H4AQCAK3VQAAAQEICmLwwVEfZTACHNgdAAIABQAAAAYABQAAAA0JwDL1qxzYHgACAAUAAAAGAAUAAAANCcAy9asc2B8AAgAFAAAABgAFAAAADQnAMvWrHNggAAIABQAAAAYABQAAAA0JwDL1qxzYIQACAAUAAAAGAAUAAAANCcAy9asc2CIAAgAFAAAABgAFAAAADQnAMvWrHNgjAAIABQAAAAYABQAAAA0JwDL1qxzYJAACAAUAAAAGAAUAAAANCcAy9asc2CUAAgAFAAAABgAFAAAADQnAMvWrHNgmAAIABQAAAAYABQAAAA0JwDL1qxzYJwACAAUAAAAGAAUAAAANCcAy9asc2CgAAgAFAAAABgAFAAAADQnAMvWrHNgpAAIABQAAAAYABQAAAA0JwDL1qxzYKgACAAUAAAAGAAUAAAANCcAy9asc2CsAAgAFAAAABgAFAAAADQnAMvWrHNgsAAIABQAAAAYABQAAAA0JwDL1qxzYLQACAAUAAAAGAAUAAAANCcAy9asc2C4AAgAFAAAABgAFAAAADQnAMvWrHNgvAAIABQAAAAYABQAAAA0AAAA8c2R0cAAAAAAmFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYAAAiEbWRhdAAAAAkGUH2KYPhI1L8AAALfBqtavO3adWxQFAMWWyUJtSy8avU2uEyzca+OtZ4jY886CcNk1CvHNuY1ghLw3O9x9vQoLOnXiMZ4Fh4RiO51CkCIYxu+JXGLA3lYJ8WL93bm33QUbNoff8Ik+4g4ldWZva56hExmoU6OE+Mse\/vzHArh7JXPe23DuwIVnrZ117OPU\/tE0DA5i4\/e5kFW6G3bLQQ6iKhxWUbmq8UyHGPUaf0q+zNchPAg8DJDRfDNlsQjqVD8Ubg\/AdZG0ERV8fF9H2KxZKwhmSDe+Uep41QL8oku8dCgJ8gwFJjXauwPUC2163PfKenDFdjOf5zVJOWBlLdLJH7+DaePrOyGx1xfk5Aw6eVGCSjXRzCq2KeQSgGsZZaJkXwXFqfb0N2V5oyVO26taBh71t6YrFyEQScFSDAuGb09k0hCW9RPGTRA9oT1z+O0fsZcii\/SZ1JjOksEu2gVY\/Y98dJYbrS1+qeAY0Cfj2v9oO1WJkEQ1GoHL05Dlqrc5BMDnls7l\/cAeYR\/O2LCfQWo2+ZCzs0iDH4zIqWrTEj\/4K+X2F464KHves8EucoPsebbQzXmwyuu5AMrzX2QMr+UKfgZ0LXXh2if3YtvBV9jT2SwUPiqQSociiD3rgAve2Xq7VtOnIn+vfKSAC7nECFNMwZfRPjHp1PMZqbThnBVPSLFAKJGLfDkZ53xzjfRryX0bh2JyElnx1yesv5F0GnEhRrwm29leKOMhMs1z\/d5YmosodAzvbz8GZJsMGBtfO9G6FlgQLYC1e12rWPvtomDfISvZsz2x+XkISbnjdchoyIhp53Lm3GQWXEHxkxoxpV\/1ONeL3svK2RKiYCzQvfDqwUPO1qF2A+nE7Cbg0wcnFERxoJfvhwfnE9ZU6HCi7w9RRaqWLrygvoVg95nnM3sJ72CN0QrO4HXAPoXC1bi0QkKNDDCZovHz2CZTtae3bMbsxT5ExyjdLGiSgOCHWd5AKUZGhBcDWj\/AAAABwZwIvZfPCwAAAAwZRjdcKqUwAH5ZQrtvO1\/MnsrXpyNLEof7m6kq9h00IM7YUcM8pZnuxFyMNoqWTknAAAABwZrxPnZYh8AAAAJQaF0uQOt746WAAAABwYkKs3093kAAAANQSfBH6PAVQZqU601rAAAAAcGJfY6elvPAAAADkHlhhzh3YSS+DBfxPKTAAAABwaI4yKAy1YAAAAOQebLW5VBbXG8Maxq6EQAAAAHBqyuATvCjQAAAA5B1V05B7+BpkpUG18p0AAAAAcGbChEKY7DAAA="}
00740{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":785302,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":295,"pkt_l4_len":261,"pkt":"gCqoTGHM5JjWH70UCABFAAEZfjdAAEAGoNfAqAEHNCUk\/M\/TAbvE99WTX4M6HoAYEBXgSwAAAQEICh9lMEiFpSALFgMBAOABAADcAwNYeOlYxBLS5gM2ky3bQNFyoxLviT91lQxxEizDalFYdwAAJgD\/wCzAK8AkwCPACsAJwDDAL8AowCfAFMATAJ0AnAA9ADwANQAvAQAAjQAAABgAFgAAE2ljaG5hZWEubmV0ZmxpeC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDM3QAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEABQAFAQAAAAAAEgAAABcAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_tot_l4_data_len":377,"flow_min_l4_data_len":32,"flow_max_l4_data_len":261,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1957,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1484319064711,"flow_last_seen":1484319064785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":229,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00429{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":790976,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0JklAAEAGL0nAqAEHF\/YLjc\/AAFDz130fUIvLeIAQEACwjAAAAQEICh9lMEti8MFR"}
00426{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":796538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA01XFAACkGcpE2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD2LiwAAAQEICq2KWL4fZTAR"}
02378{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":796989,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXc1XJAACkGbOg2vxEzwKgBBwG7z8mqa43LKbVYI4AQAD3mwgAAAQEICq2KWL4fZTARFgMDAFkCAABVAwNYeOlYXUx9tEAn\/69kC4b9mi1cW0+vEUQg6DiZzAg\/6yAmL+DzbHULNfloEbqKSe1qhpuImN1PyGFs0gpO0aWuDcAvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1961,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1484319064669,"flow_last_seen":1484319064796,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02380{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":823890,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcEM9AACoGMIw2vxEzwKgBBwG7z9JcNkh0U8YPmoAQAD298AAAAQEICq2KWL0fZTATFgMDAFkCAABVAwNYeOlYVbF+TA+8tQuXMpB\/8PQ\/eIG53zhc7ID0Rc1d1SAosXEZ2m1HPiLExFY3ECEmLhYtlxEjU3GaXO\/BRfR0\/sAvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1484319064671,"flow_last_seen":1484319064823,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00426{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":836708,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0GgVAACoGG880JST8wKgBBwG7z9NfgzoexPfWeIAQAEtfkAAAAQEICoWlIB4fZTBI"}
01892{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":850606,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARs1XNAACkGblc2vxEzwKgBBwG7z8mqa5NzKbVYI4AYAD3r0QAAAQEICq2KWL4fZTARQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEr3RSXEkjHtfIqWMkfAqdU9d2nJiJRZNuTwnWmlfOFK4Bj36CrnORHVgqktgwO17Wp6i3wIytK6HznXXPxu7hXgYBAQBCiE7yDHFNKaeTd\/wP7mCaSACIt++F\/XsEnDefaVDNhjs21iPaC7+DnNkBbI9Tz+NMVOZ5+c2rNRkD+lufyXHE\/agvQj0NT\/PnEbkZjROcMXalZY0J3+VoD7IqiSCZTThc+sumKJE4SGNx92H\/\/0nheo2m6pk9OD9LrDl9T5sGESlXZPp9kHC3PdDJJl3vJyvaYlpNhXtE5EUeyjryDB7yjYF81zJo4D6++gnbq6kYvoYyR3WW7wz\/CgfUXUmQEK63h87BpNZI53vkDxxpT8DwApxQMcUlpH8eweEY\/H1\/vyoITQSbKGArxp7sxw48k4YtcLZFsodAUgdSO+dYWpy5FgMDAAQOAAAA"}
-01157{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01168{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1964,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":7,"flow_first_seen":1484319064669,"flow_last_seen":1484319064850,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00427{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":852082,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA09oRAAEAGOp7AqAEHNr8RM8\/JAbsptVgjqmuXq4AQD95xkQAAAQEICh9lMIqtili+"}
00600{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1966,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":863684,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACyY5NAAEAGzRHAqAEHNr8RM8\/JAbsptVgjqmuXq4AYEADbtQAAAQEICh9lMJStili+FgMDAEYQAABCQQRZ2I0MMIOevuB7hJikJpOhgdL8qMi+SfYcTpx3cQMCKaM\/nrM9+e92pdxjq3DiWm8p6TaW50E\/UL2hBqmRGIOaFAMDAAEBFgMDACj4cL4jc0rQ2mfgZeNkgI3iYqK0epYchOu0fU7WHG8H9cz+8iWenQNH"}
02394{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1967,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":873084,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAANAADgGX8gX9gOMwKgBBwBQz78\/hoq+awM3jIAQCALr0gAAAQEICm8f72cfZS\/2qoloa0YiEdCsE4cAHiEbi\/iv\/D3\/8dcGJYkHYUFAWG4mCoUIRBELpVlBcjCOOzpdN9URQwCMt2QEwRqd80TtSwsrZgh6atW5M\/Sikg0shISjjc0BpOq1bySTi3GhHZIEUVud3MyonYAoS3dZZIRJP3f\/+TFs33oHShwDJhXULx5z\/RfpYzZiPpCRYLH6nvENWeUapxAgDanEN96y6S1SAEiuZzdGsOkwWBKIou6AsRaaxwMxWVJyIwr+T29S5sdfKqZzRcFF0AhixX13cXW0bzULFpAjCorf0\/RS2Flrv2Y6laE8S0augdzfa2ikaKEnZzxaVfpS3GnxS2s5BC722VEJ1MFcEAA4MAhCVeL7VJTncmR1H9HTsxRjUmLkEwERugoi7cxqCpIIpUMJglGCmmndWaaTbVXlgoAIPXajr2Zq6kalU3A4k1yOIC0sb7Vy8wqY4JZqqqdbmmImwUNKGkzjW0VzqBgBSXE5Cc4a8NoPWzH9casQqH0f39lXKVottTI6FcUeEJoFkrFLmBGuSYJjmIPCIoHW0vs6NNoyjBaZzutzTGb134zmNxVq270qqEa3We7d68oZ0PDpb3yebs2iKiDDsWLt+GAOq4vYLvVBHdWhMCmXtq5XZKEWTQFAlsXenXgXxdLaVrXEvhru1REEqIfQSEZJEwsI0snRGFg3K0Qv4bSgmvWoCE8IqN4Jv2IngQgqqKRslYoxLLKInDgB\/SEbjl7D\/Pz\/8hboQg7CxiDI0EKBwvFI7NOq7zq0LrQxooMvBaY5chu1wFK8EcyFjcyZjepxyCGRCfhNnHL0O9O7JAhUg\/1buoK7IFng0UyuWo6wKAFt5PqxXgLXL2WzuEeAwALjdrrq5rv\/MCxWXx2\/yD3emxECpl8ji4wrRixIYBonOBNdeHbe10UkTBMBisQ7gpmR14I3TyZwuGVJ+jI3AuYNT+erR1stWKzThMRKM7i7iUqjndMm4rC1QgLo4JiQ8FBdq5t7DQExacskZZYYV3b6bUSUX\/ekSERCUnKLaC62QolFdEqghZQAgkJkLo458lCYSAFUfbmGorE6EMoxQQkcoWWFXl6q96ppQAWJNJsCaK8gRkuLeS4IwWWtvJ9Qcev3UiHMNU146hyMQgl2t7WBmJFp9PpF2ewi7v6A+MvnG1J9D5E1eCsTEK5GHoZihBOthj770WjOG\/WyLvZlngSziEF4Z97\/wrUh\/2rpkV2PTwM\/f\/qh6rYoH0JbFT9z4L7x7+3X1DFx4BWOodBMqqLZ99XCECLtICwh3ZrJF1iCSFCeRC2bFqljLhPCwysxgq3xaQrOgstEqUNyELWWKgO9BCpdIJXuXVIrbU28E37ETwIQVVE2kEARNWEpCnDgA9whG4haz\/z9\/\/I2+C0GSsdxoIhCYdN1wK2XxdbxqX644y5V0gUGAlRVWMlYUEpjsfbgaFVmsGtmAPn\/668\/slcZbgW7BEUjfTyBFSAcHLGZXx3aIQoMkrkjZoAbKXA3N3\/YPj8ptHrerUmUxhuZeZziENktXfyuL94xrNNaW7Py+6TvsYUrsFIJQScT82uueloE3EqDQiQDhRYAIL6PZcrHUIKxOkNbEMmanG4jqv6vg+i23qXEYpXKZFytljnqdhsym4QhpzXKFinfGnyE7TOSVHt6jsxFieJ36\/2SCPGeoITgjpHtSjRalEHde8AjNFIpC1o49f03wulAwp3Sq8FCyhe6N1SoCgpH29iUJQsOhMFxINRioIvdJe0mrx26tptLQC8MvQ62IwTc2PhFfjo45wczPiwKKKwOPNEPVykrdfRTcnQuCn2nOCh2Q841T9kBAF3CDs5bYEmynlY7zbwM97qBVEVXz3zVsCEbot3yjT+oN1UEmXGTBkaN43OUyUSwsHEzoYDQ7vt+a6yqMoU4uZbiIDM35x82\/ky25IEFirw="}
02378{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":885811,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcGgZAACoGFiY0JST8wKgBBwG7z9NfgzoexPfWeIAQAEv6QQAAAQEICoWlIB4fZTBIFgMDAFkCAABVAwNYeOlYxc32aqe88XB0zSkgORAKpYwfY1nYrV5t0Yw06yDCt4dmFGxLfzFOEwUakWsLyoSPhzh0ksgZ4QXrqdFQXsAvAAAN\/wEAAQAACwAEAwABAhYDAwo1CwAKMQAKLgAFDzCCBQswggPzoAMCAQICEBUE9lSWJBH1oKEWtt+LI6kwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJbG9zIGdhdG9zMRYwFAYDVQQKDA1OZXRmbGl4LCBJbmMuMQwwCgYDVQQLDANPcHMxIzAhBgNVBAMMGmN1c3RvbWVyZXZlbnRzLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NWCfffj1fH2w7Mcey7bCuVjmU9eYoCt0LQXtABL8VbzHb0v4bvuXzERuentrt0KBRrXwGb1LNpWTCuYkQFsuSO+4A2oBicvehQTGBtisx0FbKBTLIsG1vAxiWHWx\/XTpvW3a5IDQ3ve\/mg0iN4F0RJTT7hORBeIfEAtcLaXH1n\/7BbB4evGBxadgu4wyTSlZcC3QyAKuqxcLKOgPPdViofYrGJ2ftzJYann157r\/0yi8mqc3eUn0g\/zUInV4h7\/h5s9Uj2esO0XEfaW0qv9A1L8eDpSXsQ6a\/uVCNNDZNT0nWamrF358P06wTnnFsnzkBLicvjy+KKQP469XywS3wIDAQABo4IBfzCCAXswgYkGA1UdEQSBgTB\/ghNpY2huYWVhLm5ldGZsaXguY29tghJiZWFjb24ubmV0ZmxpeC5jb22CIHByZXNlbnRhdGlvbnRyYWNraW5nLm5ldGZsaXguY29tghZubXRyYWNraW5nLm5ldGZsaXguY29tghpjdXN0b21lcmV2ZW50cy5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQACFfXmfFLSJ3g83aH1lGay1TzWZVJJlcH5vHFDEXU12pMzmZON4XtuDhhFM85qNRHVp6dySN\/2NPneYQEAzEJszsoGpdoNA5+VkmVdkvaW+tPqbjD3DhRFe6FRMiYEvobEuXDMASh3pWeL+lILt4N4el138DFitlCElI7++tgmcN\/F97RxsNmqKLFE1juHjpRhzqx1ySvoyfKNksinLcJxJGh9TBRlC8+HlqzIWD5UwAIQyDpWGAcTm0CSFI62ZR44BA8HC+G2Cy4+heUb5tc6\/0A9WEHQESa7OfzrIaNQpvRwbE6iQMEgEU13QVkkGskdHHDxVn9L6REOhP7lsoXoAAUZMIIFFTCCA\/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_tot_l4_data_len":1889,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1968,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1484319064711,"flow_last_seen":1484319064885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1677,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
01884{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":898548,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARsENBAACoGMfs2vxEzwKgBBwG7z9JcNk4cU8YPmoAYAD2BWAAAAQEICq2KWL0fZTATQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEr3RSXEkjHtfIqWMkfAqdU9d2nJiJRZNuTwnWmlfOFK4Bj36CrnORHVgqktgwO17Wp6i3wIytK6HznXXPxu7hXgYBAQBukt2wp\/PvCNgjYKO7nstsKG4JToLUZCUgFskj2ztbu8Q6lUhTJugvlkQNErILWuN4OOGzJ9UB42s+sQhCnz8oGjLqiXDqPy2gE8N5+clEUx7aTDq3wfaopu8xDbG0JvnxGeMAhG+JZufHaN+HUA5aR85sbRyXK8vinoRdZgzqPqEgxI4wDHRyIws7zd3D+yZhSBjDhhps9oQs6ZrMfzDbtzrHa7rt4E4Wi5YN3WERNdC3vmDe64PoP6c8lJJxFojjvlNVhvvNQ7qxNnyPM2Y4MaEHEShXUDL3uJcCdxQKTZxB+S+rOPvARE2J1JwwhXrntsMAg1FLVpnwtt2NDvAgFgMDAAQOAAAA"}
-01157{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01168{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1969,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":7,"flow_first_seen":1484319064671,"flow_last_seen":1484319064898,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00427{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":900068,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0xtZAAEAGakzAqAEHNr8RM8\/SAbtTxg+aXDZSVIAQD94jYQAAAQEICh9lMLetili9"}
00601{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":911881,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACy7ZZAAEAGQw7AqAEHNr8RM8\/SAbtTxg+aXDZSVIAYEADVhwAAAQEICh9lMMGtili9FgMDAEYQAABCQQTfCEMwYSUMo8Uy6B5K50NJWMGvGAAQ0EIlegJzbTKhFbxlsfhf5HUDCKLK3QGBvdXrKr91nA32OkZqkuvlFHF6FAMDAAEBFgMDACgkRg\/TLOi\/NQH2P05EpRdVxq9ff1iwTtmeyWu\/4CAsiItUOINazg5W"}
00501{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":923149,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABn1XRAACkGcls2vxEzwKgBBwG7z8mqa5erKbVYoYAYAD2BhQAAAQEICq2KWN0fZTCUFAMDAAEBFgMDACj\/sh\/lwwobLg4jG6KP4IW8PBSF7BNm\/qrpAYHuyAYXvrrcXhJSn\/wc"}
00430{"flow_id":47,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1975,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":926401,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0rDNAAEAGhO\/AqAEHNr8RM8\/JAbsptVihqmuX3oAQD\/5wXAAAAQEICh9lMM+tiljd"}
01782{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1976,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":927930,"pkt_caplen":1058,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1058,"pkt_l4_len":1024,"pkt":"gCqoTGHM5JjWH70UCABFAAQUUFhAAEAG3OrAqAEHNr8RM8\/JAbsptVihqmuX3oAYEAB5\/gAAAQEICh9lMNCtiljdFwMDA9v4cL4jc0rQ2zoQmeCcqZZ2VC++xeJg3m4R7yMv5n\/zbHfFaIsLFGhNwfjH0Ip1Pav7MmpvCkeD1oxKlrOlfQN\/q+g\/fPFRjb+VKcfuclTHcWxRrs0rF6yEIMCOdkGNliUagk4HPBSyTvAVdLUYz6607R+oBFfJL4DIHKWA1xcpa0TiHK4Uv4ltRWbzrp5BzxemwmZO4TfovgqiwfcEqIp7IblJKt2XmmaJOOzvvIafHXCK5inkWxofOmpUm7njAgGWe\/jKxiLNlRGCMrm6YWp8bIFRovBox0W+HVP5z\/E4LQNlcUJ4dVIozuJU02lGDWDzIjK23o3421jrx0kqbLqvRBxumYEnPgVzPKVyXD2urdGLmPXGeNICK2zfgocfti\/a4s7l9dVoPqbVe\/sIUNwStAKF0T8sMJxhTUKKr7ASw7nzBAtMrTmihfX+g75UyVbNXVddaVeazxCBw\/CZncMAAihaJ6+uePlX3bau+HktmvoVtXtL+dEOkugyrR6LX2fQUIaXrRebgN73Y\/p1UtHww95DbKnZ\/qe0lfLU27Ycxr9t3nQW2HfdK\/Qu1yj6oe9xLLQbBKm3N5NWihaOCapdShpJ3kPaMbRUOiojFrPCuiVAVIVkerEwUOdyVC1Vy1LwLGsQO5yb7IZSJ6s11tHqGzr4xLkLfDDgbS215cBFoKUeO7uBTkzkat\/wg3KEALIA0I9RikIs6pqDrnqbEvl48L21A+iCtqLpKID\/3OqQsyWvC54pFEQxus8G9MGS6RWuhfw31vyN0MNNWip8WsBHrLMSi3f7R9JoW1WKPHe9pp+1QXDKsncApmAJnwhVHUtpVSHMjjGVCq+udM\/NHHOkVj3SvccTl92y+bGXbkMwLl98kMSjvdAUUn5+ewNgDgpZv6HqS2I5IlSMSTxcoMAn5FKfuaoba1Yf+JOlLc+\/2rbAK1Z4xovyjEKTO285pgeMzH1W8F9poS55Cq9zSykCjnjYncWV\/Guh92f9cfIYjtnx0eDxmWWYsSFW2\/JBk2SOrigFYUYRMFItUzWb8Le7EtQiAmfo2ZNcb43MXFVSbF\/5Ut\/Emkf9II5ZJJDU5U61vK74BvTz2bytqwGZGUn\/rjvbDmgYyzxShstr5PbLTH6OcBCRTyxXBA1ZZmlu0y5G6mi8SaulAyLD3S5ChQ\/rVfMhnRfakJNjr4wrS0HUh6mnpZ05viGyegfb+m3PAVd+wDjP1gjBohcVKllb8RaWdN627tH25mNsPZjEvZcXtKsQrLXexhsxa0XmIHiUyvV6FqULD\/XSR\/PUJmXXGfASqupIqKlawg6w6fw="}
02382{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":950196,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcGgdAACoGFiU0JST8wKgBBwG7z9Nfgz\/GxPfWeIAQAEuoUAAAAQEICoWlIB4fZTBIAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEtKQb5kZrHc8HXCFU1gEUTuaMgOCIymfrjOs6OYrf+Py1It3F2GkHx6bSJGT8kH2j0vUz5qKgS+hkJ0XRWlim0AQBAQAM6HZeeWCZWR6nk7pla2FlBXPiJZGBj6tQwfA6Tq2Z2xICK1s3TJmx01s3x9kJLiyo1YpwENiKKGE\/myeVJTK6s5Z6yiK\/tuk\/8EgC0TG+DnwjxGXMEC6skguDiCseteDvC8F2AK0="}
-01248{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_tot_l4_data_len":3369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
+01259{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1977,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":7,"flow_first_seen":1484319064711,"flow_last_seen":1484319064950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3125,"flow_avg_l4_payload_len":446,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ichnaea.netflix.com","server_names":"ichnaea.netflix.com,beacon.netflix.com,presentationtracking.netflix.com,nmtracking.netflix.com,customerevents.netflix.com","ja3":"c07cb55f88702033a8f52c046d23e0b2","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=customerevents.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"50:D6:DB:AF:1D:A3:83:52:E6:0E:15:8F:98:78:EE:2F:23:FD:E2:3F"}}
00428{"flow_id":50,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1978,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":953220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0NEFAAEAG67LAqAEHNCUk\/M\/TAbvE99Z4X4NFboAQD9JEGQAAAQEICh9lMOiFpSAe"}
00497{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1979,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":977968,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnENFAACoGNf82vxEzwKgBBwG7z9JcNlJUU8YQGIAYAD3qcQAAAQEICq2KWOsfZTDBFAMDAAEBFgMDACg+2BRXYHRs8uWQw0M0x7seJbudejY5BhKqTsd5HgOSeEvSGfvmpXBl"}
00505{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1980,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319064,"pkt_ts_usec":978926,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"5JjWH70UgCqoTGHMCABFIABq1XVAACkGclc2vxEzwKgBBwG7z8mqa5feKbVcgYAYAEXZ2AAAAQEICq2KWO0fZTDQFwMDADH\/sh\/lwwobLw85UC1Uksp7fuu0we\/RHQwNNnFAHfUkNGl7FVoDfYEgXfgyQ\/1yEsPp"}
@@ -730,12 +730,12 @@
00498{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319065,"pkt_ts_usec":370346,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnGgtAACoGG5Y0JST8wKgBBwG7z9Nfg0YRxPfW9oAYAEsqVAAAAQEICoWlIKEfZTI9FAMDAAEBFgMDACh8GKfIir0iVKMA+db38l9hNfigrlqmqm7mpB+AEQbiCR7an7FocU\/A"}
00567{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2286,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319067,"pkt_ts_usec":905072,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWNg4AAAER0Z\/AqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00570{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2293,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319068,"pkt_ts_usec":12841,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZE+4AAAER87zAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1484319070636,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1484319070636,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":636683,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAs25AAEAGoh\/AqAEHF\/YLhc\/aAFBx1HGxAAAAALAC\/\/84uwAAAgQFtAEDAwUBAQgKH2VGAgAAAAAEAgAA"}
00441{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":655089,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWnIX9guFwKgBBwBQz9pdV1SucdRxsqAS\/\/+\/OwAAAgQFtAEDAwkEAggKgYtW3h9lRgI="}
00429{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2499,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":656558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0S\/NAAEAGCafAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AQEBXd4QAAAQEICh9lRhWBi1be"}
01112{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":660268,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"pkt":"gCqoTGHM5JjWH70UCABFAAIxzrJAAEAGhOrAqAEHF\/YLhc\/aAFBx1HGyXVdUr4AYEBUYkAAAAQEICh9lRhiBi1beR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wxb3VWYUpwZVFMQldqR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBfN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9SmZFZWY4MEswMnluSWpMTG9pLUhaQjF1UTEwIEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTMzDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjAxNg0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00957{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_tot_l4_data_len":657,"flow_min_l4_data_len":32,"flow_max_l4_data_len":541,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+00968{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2501,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1484319070636,"flow_last_seen":1484319070660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.133","url":"23.246.11.133\/?o=AQEfKq2oMrLRiWL1ouVaJpeQLBWjGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThp_7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=JfEef80K02ynIjLLoi-HZB1uQ10","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
01189{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2502,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":683948,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWEIX9guFwKgBBwBQz9pdV1SvcdRzr4AQCALHHwAAAQEICoGLVvsfZUYYSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MToxMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjAxNw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBBdWcgMjAxNSAwODo0OTozMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD03MjkyMTg0NzU7aDE9MzQ4NTc3ODU3MDtoMj00MTk0MzEzOTQzO2gzPTExOTYyNjI1MTY7aDQ9Mzc5NzQ1MzgwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxMDthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDE2LzM1MzY4MzQ3DQoNCg=="}
02365{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2504,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":702021,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVNIX9guFwKgBBwBQz9pdV1bncdRzr4AQCAKFkAAAAQEICoGLVwgfZUYYAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAACG603AAAAAACYloAAAAAGLpHBTQAAAAAAAOdSAAAAAAIaY5wAAAAAAACEgQAAYtEAAAAAAAAH4QAAPlzCV4J8uLa0xEn6jJO15EcvAAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAATHV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADR5zFBTmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4zNTAuAAAABu1tb292AAAAeG12aGQBAAAAAAAAANHnMUYAAAAA0ecxRgCYloAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAACvnBzc2gAAAAAmgTweZhAQoarkuZb4IhflQAAAp6eAgAAAQABAJQCPABXAFIATQBIAEUAQQBEAEUAUgAgAHgAbQBsAG4AcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AbQBpAGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAEQAUgBNAC8AMgAwADAANwAvADAAMwAvAFAAbABhAHkAUgBlAGEAZAB5AEgAZQBhAGQAZQByACIAIAB2AGUAcgBzAGkAbwBuAD0AIgA0AC4AMAAuADAALgAwACIAPgA8AEQAQQBUAEEAPgA8AFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBFAFkATABFAE4APgAxADYAPAAvAEsARQBZAEwARQBOAD4APABBAEwARwBJAEQAPgBBAEUAUwBDAFQAUgA8AC8AQQBMAEcASQBEAD4APAAvAFAAUgBPAFQARQBDAFQASQBOAEYATwA+ADwASwBJAEQAPgBBAEEAQQBBAEEATgBjAEQAbgBRAEUAQQBBAEEAQQBBAEEAQQBBAEEAQQBBAD0APQA8AC8ASwBJAEQAPgA8AEMASABFAEMASwBTAFUATQA+AGwAaABUAHAAWQA3AFoAMgBkAG4AOAA9ADwALwBDAEgARQBDAEsAUwBVAE0APgA8AEMAVQBTAFQATwBNAEEAVABUAFIASQBCAFUAVABFAFMAPgA8AEwAaQB0AHQAbABlAEUAbgBkAGkAYQBuAEsASQBEAD4AdAByAHUAZQA8AC8ATABpAHQAdABsAGUARQBuAGQAaQBhAG4ASwBJAEQAPgA8AC8AQwBVAFMAVABPAE0AQQBUAFQAUgBJAEIAVQBUAEUAUwA+ADwALwBEAEEAVABBAD4APAAvAFcAUgBNAEgARQBBAEQARQBSAD4AAAAATHBzc2gAAAAAKXAf5DzHSjSMW66Qx0OaRwAAACwAAAAEAAAAAAPXAZ3uvojO4BoFU3jFHB\/kua5OhvyLsNJruJfNwDRoS0EBIgAAADRwc3NoAAAAAO3vi6l51krOo8gn3NUdIe0AAAAUCAESEAAAAAAD1wGdAAAAAAAAAAAAAALzdHJhawAAAGh0a2hkAQAABwAAAADR5zFGAAAAANHnMUYAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAQAAAAAHgAAABaAAAAAACg21kaWEAAAAsbWRoZAEAAAAAAAAA0ecxRgAAAADR5zFGAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWVkaWEgSGFuZGxlcgAAAAIbbWluZgAAABR2bWhkAAAAAQAAAAAAAAAAAAA="}
00428{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":706021,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0k8NAAEAGwdbAqAEHF\/YLhc\/aAFBx1HOvXVdcj4AQD9bT+gAAAQEICh9lRkGBi1b7"}
@@ -749,12 +749,12 @@
00429{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2518,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319070,"pkt_ts_usec":825326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0uQZAAEAGnJPAqAEHF\/YLhc\/aAFBx1HWyXVdsWYAQEADBLAAAAQEICh9lRrWBi1de"}
00567{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3402,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319082,"pkt_ts_usec":902713,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWtkcAAAERUWbAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00569{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3415,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319083,"pkt_ts_usec":7977,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZYRMAAAERppfAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1484319091296,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1484319091296,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4214,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":296070,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAakNAAEAG60LAqAEHF\/YLjc\/hAFDAgDYQAAAAALAC\/\/\/YUQAAAgQFtAEDAwUBAQgKH2WTUQAAAAAEAgAA"}
00441{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4216,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":309083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADsGWmoX9guNwKgBBwBQz+FsswOfwIA2EaAS\/\/85DQAAAgQFtAEDAwkEAggK\/T5Cox9lk1E="}
00429{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4217,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":310850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA00UpAAEAGhEfAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAQEBVXuAAAAQEICh9lk1\/9PkKj"}
01112{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":314892,"pkt_caplen":575,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":575,"pkt_l4_len":541,"pkt":"gCqoTGHM5JjWH70UCABFAAIxbbBAAEAG5eTAqAEHF\/YLjc\/hAFDAgDYRbLMDoIAYEBVzYQAAAQEICh9lk2L9PkKjR0VUIC8\/bz1BUUVmS3Eyb01yTFJpV0wycHVOUUpKMlRMaHVpR0xqU3NldTIzVjJIWDZrSWlVOUpwYkNhQnh4YUlvejIxcVFOS3VEVWFPSVp3ZFRseDIzRE1WeGFiYkN3bXZFbHVpcERXMnR2Rk1saE1SdHdkaGhWbGJ2OUtHRmFiaXU1S0gwU2x4MFZqT0tfd3pUaHBQN2xIaFdBNGtXOWdheVlFV3RqTk5LZSZ2PTMmZT0xNDg0MzQ3ODUwJnQ9RGgyNzh1MlVwQXBPQ0dVajVSeFY4YXpOV1g4IEhUVFAvMS4xDQpIb3N0OiAyMy4yNDYuMTEuMTQxDQpYLVBsYXliYWNrLVNlc3Npb24tSWQ6IDQzRERBRkI5LUZFMkYtNEM2RS05QjkxLUFCMERDNDY0ODdBMQ0KUmFuZ2U6IGJ5dGVzPTAtMjA1OA0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IEFwcGxlQ29yZU1lZGlhLzEuMC4wLjE0QzkyIChpUGhvbmU7IFU7IENQVSBPUyAxMF8yIGxpa2UgTWFjIE9TIFg7IGVuX3VzKQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KQWNjZXB0LUVuY29kaW5nOiBpZGVudGl0eQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo="}
-00957{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_tot_l4_data_len":657,"flow_min_l4_data_len":32,"flow_max_l4_data_len":541,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
+00968{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4218,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1484319091296,"flow_last_seen":1484319091314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":509,"flow_tot_l4_payload_len":509,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"23.246.11.141","url":"23.246.11.141\/?o=AQEfKq2oMrLRiWL2puNQJJ2TLhuiGLjSseu23V2HX6kIiU9JpbCaBxxaIoz21qQNKuDUaOIZwdTlx23DMVxabbCwmvEluipDW2tvFMlhMRtwdhhVlbv9KGFabiu5KH0Slx0VjOK_wzThpP7lHhWA4kW9gayYEWtjNNKe&v=3&e=1484347850&t=Dh278u2UpApOCGUj5RxV8azNWX8","code":0,"content_type":"","user_agent":"AppleCoreMedia\/1.0.0.14C92 (iPhone; U; CPU OS 10_2 like Mac OS X; en_us)"}}
01189{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4219,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":339356,"pkt_caplen":634,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":634,"pkt_l4_len":600,"pkt":"5JjWH70UgCqoTGHMCABFIAJsAABAADsGWDoX9guNwKgBBwBQz+FsswOgwIA4DoAQCAJKIQAAAQEICv0+QsAfZZNiSFRUUC8xLjEgMjA2IFBhcnRpYWwgQ29udGVudA0KU2VydmVyOiBuZ2lueA0KRGF0ZTogRnJpLCAxMyBKYW4gMjAxNyAxNDo1MTozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjA1OQ0KTGFzdC1Nb2RpZmllZDogTW9uLCAxNCBEZWMgMjAxNSAxMDo1OTo1NyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLXN0b3JlDQpQcmFnbWE6IG5vLWNhY2hlDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkFjY2Vzcy1Db250cm9sLUV4cG9zZS1IZWFkZXJzOiBYLVRDUC1JbmZvLFgtU2Vzc2lvbi1JbmZvDQpYLVRDUC1JbmZvOiBoMD0yOTgzMTEwNzE7aDE9MzMxNjkzMDExMDtoMj0zNjA3NzYxMjI1O2gzPTE1NTc1ODQyMzk7aDQ9MTcxNjMzNjAwOTsNClgtU2Vzc2lvbi1JbmZvOiBhZGRyPTczLjIwMy4xMDcuMjM7cG9ydD01MzIxNzthcmdwPTYuc05jMERYU2Y4VEhFM2Y0eThWdU5sa1RITHNFblExQ0tja0M3dXN3MnZiQQ0KQ29udGVudC1SYW5nZTogYnl0ZXMgMC0yMDU4LzY4Mzk0NTQxDQoNCg=="}
02366{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4220,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":340195,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAABAADsGVMoX9guNwKgBBwBQz+FsswXYwIA4DoAQCAIn0AAAAQEICv0+QsEfZZNiAAAAJGZ0eXBpc28yAAAAAGlzb21pc28yZGFzaGlzbzZwaWZmAAAAbHV1aWROZXRmbGl4UGlmZlN0cm0hAQAAAAAAAAAEE53LAAAAAACYloAAAAAGLpHBTQAAAAAAAOd8AAAAAAQSVAQAAAAAAACEqwAAYtEAAAAAAAAICwAAPlxK3GBt7cZvUcoK8KbNhsl\/AAAAGGZyZWUAAAAAAAAAAAAAAAAAAAAAAAAASnV1aWTi6QKlfkPiQZDaISEYxWQyAAAAAAAAAADSka1\/TmV0ZmxpeCBNZWRpYSBMaWJyYXJ5IFZlcnNpb24gODAuMC4wLgAAAAcZbW9vdgAAAHhtdmhkAQAAAAAAAADSka2EAAAAANKRrYQAmJaAAAAAAAAAAAAAAQAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAr5wc3NoAAAAAJoE8HmYQEKGq5LmW+CIX5UAAAKengIAAAEAAQCUAjwAVwBSAE0ASABFAEEARABFAFIAIAB4AG0AbABuAHMAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwBEAFIATQAvADIAMAAwADcALwAwADMALwBQAGwAYQB5AFIAZQBhAGQAeQBIAGUAYQBkAGUAcgAiACAAdgBlAHIAcwBpAG8AbgA9ACIANAAuADAALgAwAC4AMAAiAD4APABEAEEAVABBAD4APABQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsARQBZAEwARQBOAD4AMQA2ADwALwBLAEUAWQBMAEUATgA+ADwAQQBMAEcASQBEAD4AQQBFAFMAQwBUAFIAPAAvAEEATABHAEkARAA+ADwALwBQAFIATwBUAEUAQwBUAEkATgBGAE8APgA8AEsASQBEAD4AQQBBAEEAQQBBAE4AYwBEAG4AUQBFAEEAQQBBAEEAQQBBAEEAQQBBAEEAQQA9AD0APAAvAEsASQBEAD4APABDAEgARQBDAEsAUwBVAE0APgBsAGgAVABwAFkANwBaADIAZABuADgAPQA8AC8AQwBIAEUAQwBLAFMAVQBNAD4APABDAFUAUwBUAE8ATQBBAFQAVABSAEkAQgBVAFQARQBTAD4APABMAGkAdAB0AGwAZQBFAG4AZABpAGEAbgBLAEkARAA+AHQAcgB1AGUAPAAvAEwAaQB0AHQAbABlAEUAbgBkAGkAYQBuAEsASQBEAD4APAAvAEMAVQBTAFQATwBNAEEAVABUAFIASQBCAFUAVABFAFMAPgA8AC8ARABBAFQAQQA+ADwALwBXAFIATQBIAEUAQQBEAEUAUgA+AAAAAExwc3NoAAAAAClwH+Q8x0o0jFuukMdDmkcAAAAsAAAABAAAAAAD1wGd7r6IzuAaBVN4xRwf5LmuTob8i7DSa7iXzcA0aEtBASIAAAA0cHNzaAAAAADt74upedZKzqPIJ9zVHSHtAAAAFAgBEhAAAAAAA9cBnQAAAAAAAAAAAAADH3RyYWsAAABodGtoZAEAAAcAAAAA0pGthAAAAADSka2EAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAABQAAAAPAAAAAAACxlZHRzAAAAJGVsc3QBAAAAAAAAAQAAAAYukcFNAAAAAAAGXTsAAQAAAAACg21kaWEAAAAsbWRoZAEAAAAAAAAA0pGthAAAAADSka2EAJiWgAAAAAAAAAAAVcQAAAAAADRoZGxyAAAAAAAAAAB2aWRlAAAAAAAAAAAAAAAAVmlkZW8gTWU="}
01249{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4221,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319091,"pkt_ts_usec":343847,"pkt_caplen":677,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":677,"pkt_l4_len":643,"pkt":"5JjWH70UgCqoTGHMCABFIAKXAAFAADsGWA4X9guNwKgBBwBQz+FsswuAwIA4DoAYCAIx3AAAAQEICv0+QsEfZZNiZGlhIEhhbmRsZXIAAAACG21pbmYAAAAUdm1oZAAAAAEAAAAAAAAAAAAAACRkaW5mAAAAHGRyZWYAAAAAAAAAAQAAAAx1cmwgAAAAAQAAAdtzdGJsAAAAEHN0dHMAAAAAAAAAAAAAABBjdHRzAAAAAAAAAAAAAAF\/c3RzZAAAAAAAAAABAAABb2VuY3YAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAABQADwAEgAAABIAAAAAAAAAAEKQVZDIENvZGluZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAA3YXZjQwFNQB7\/4QAgZ01AHuiAoP2HCAAAH0gABdwHAwAJJ4AMNUlGAPFi0SABAARo6+yyAAAAEHBhc3AAAAAEAAAAAwAAACJ1dWlkTmV0ZmxpeEZyYW1lUmF0ZQAAAAAAAF3AA+kAAABgc2luZgAAAAxmcm1hYXZjMQAAABRzY2htAAAAAHBpZmYAAQABAAAAOHNjaGkAAAAwdXVpZIl0285750xRhPlxSPmIJVQAAAAAAAABCAAAAAAD1wGdAAAAAAAAAAAAAABQc2luZgAAAAxmcm1hYXZjMQAAABRzY2htAAAAAGNlbmMAAQAAAAAAKHNjaGkAAAAgdGVuYwAAAAAAAAEIAAAAAAPXAZ0AAAAAAAAAAAAAABBzdHNjAAAAAAAAAAAAAAAUc3RzegAAAAAAAAAAAAAAAAAAABBzdGNvAAAAAAAAAAAAAAA8bXZleAAAABRtZWhkAQAAAAAAAAYukcFNAAAAIHRyZXgAAAAAAAAAAgAAAAEAAAAAAAAAAAGhAAA="}
@@ -769,26 +769,26 @@
00567{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4749,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319097,"pkt_ts_usec":907137,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWoVQAAAERZlnAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
00570{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4762,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319098,"pkt_ts_usec":14382,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/65JjWH70UCABFAACZtvoAAAERULDAqAEH7\/\/\/+tIQB2wAhUYzTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
00567{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6252,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319112,"pkt_ts_usec":903898,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"AQBef\/\/65JjWH70UCABFAACWW90AAAERq9DAqAEH7\/\/\/+tIQB2wAggqVTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMg0KU1Q6IHVybjptZHgtbmV0ZmxpeC1jb206c2VydmljZTp0YXJnZXQ6MA0KDQo="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1484319114365,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1484319114365,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":365279,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABCZ6UAAEARj63AqAEHwKgBAcmmADUALqajKFkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAE="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1484319114365,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6397,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1484319114365,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00446{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":365513,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqoTGHM5JjWH70UCABFAABCN7AAAEARv6LAqAEHwKgBAcmmADUALiWYqUkBAAABAAAAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAE="}
-00659{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6398,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1484319114365,"flow_last_seen":1484319114365,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00709{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":384308,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"5JjWH70UgCqoTGHMCABFAAEF4UpAAEAR1UTAqAEBwKgBBwA1yaYA8aaTKFmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAABAAHADAAFAAEAAAAhAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEXABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AAQABAAAALwAENCAW1sBNAAEAAQAAAC8ABDQiMaPATQABAAEAAAAvAAQ0GyTuwE0AAQABAAAALwAENCJwJsBNAAEAAQAAAC8ABDQi04bATQABAAEAAAAvAAQ0GRpcwE0AAQABAAAALwAENCDSq8BNAAEAAQAAAC8ABDQi5lM="}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":46,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6401,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_first_seen":1484319114365,"flow_last_seen":1484319114384,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.32.22.214"}}
00837{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6403,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":400480,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"pkt":"5JjWH70UgCqoTGHMCABFAAFl4UtAAEAR1OPAqAEBwKgBBwA1yaYBUaZKqUmBgAABAAoAAAAAA2lvcwRuY2NwB25ldGZsaXgDY29tAAAcAAHADAAFAAEAAAAdAA8DaW9zBG5jY3ADZ2VvwBXAMgAFAAEAAAEZABwDaW9zBG5jY3AJdXMtd2VzdC0yBnByb2RhYcAVwE0AHAABAAAALQAQJiABCHAPAAAAAAAANpUfRMBNABwAAQAAAC0AECYgAQhwDwAAAAAAADaVT4rATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2uidXwE0AHAABAAAALQAQJiABCHAPAAAAAAAANroXx8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADZE0xXATQAcAAEAAAAtABAmIAEIcA8AAAAAAAA2ummQwE0AHAABAAAALQAQJiABCHAPAAAAAAAANkTCZ8BNABwAAQAAAC0AECYgAQhwDwAAAAAAADa6im8="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6403,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1484319114406,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6403,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"ios.nccp.netflix.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"38.32.1.8"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1484319114406,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6406,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":406347,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAaktAAEAGw8fAqAEHNCAW1s\/2Abt+TgYJAAAAALAC\/\/\/LHgAAAgQFtAEDAwUBAQgKH2XpygAAAAAEAgAA"}
00439{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6412,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":455348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG7z\/ZJSmsOfk4GCqASOJAVRAAAAgQFtAQCCAq2sSMxH2XpygEDAwg="}
00427{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6414,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":457327,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA03p5AAEAGT4DAqAEHNCAW1s\/2Abt+TgYKSUprD4AQEBVsWgAAAQEICh9l6fy2sSMx"}
01124{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":464321,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI5Y7ZAAEAGyGPAqAEHNCAW1s\/2Abt+TgYKSUprD4AYEBXEQwAAAQEICh9l6gK2sSMxFgMBAgABAAH8AwPYD50dwaa6SBFM+FER3hNsABrlY\/SCFZdiIuSkbU7v5QAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6416,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1484319114406,"flow_last_seen":1484319114464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00428{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6422,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":523056,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDFAACkG\/M00IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD16GQAAAQEICraxIz8fZeoC"}
02378{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":523585,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcSDJAACkG9yQ0IBbWwKgBBwG7z\/ZJSmsPfk4ID4AQAD0IYwAAAQEICraxI0AfZeoCFgMDAFkCAABVAwNYeOmK8SBk3KHuvbRKgwo5E45ZSaJnCxP8mfMaFbW56SD\/36FYeM6O+SyroEDtwTIirHDv4XlZMEkpI4yJ686a6MAvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6423,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1484319114406,"flow_last_seen":1484319114523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01890{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":556754,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARsSDNAACkG+JM0IBbWwKgBBwG7z\/ZJSnC3fk4ID4AYAD2o6wAAAQEICraxI0AfZeoCQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEGryB8m7f8C\/ezYDjVMC5\/bYUlL3UMXWF51ZdioOsu1C8eeg9z3YrwNQhm0E0NE1Vc2dSBCCy9Npo3cZ0\/HFXoAYBAQAn3e06PRmGFCjXxR40PpWkvwW1MF+tohXkQaam9A2m27AmFjS1ux37QZ9jfKG3m\/w\/LGVJHLGcGyfr+fJWRQJ+NadvmsAAMbQufRwNNp8YUL0dRkWmG+HBYJ6a8HOHFLBq513VDByQqVinIGOU13CVzQ+LqDXJpPMKKagHVIbxxzcYH\/23vK84JLehHYBOZs1mPmj1Wv3CjjZezptbAQKinKI0hf9MgrA8NmO3ZbzRp4JQPEjZQvQ6IgQCzuWeL0lwYAa2fEM6cNdNXgX1FKGEIfoctZsL2eEHMtAzzMktMQYh2h+lSh0mmkF3twFX2XNjcEczhEizqqPgiIohSHYAFgMDAAQOAAAA"}
-01157{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01168{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6425,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":7,"flow_first_seen":1484319114406,"flow_last_seen":1484319114556,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00427{"flow_id":54,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6426,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":558598,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0hPlAAEAGqSXAqAEHNCAW1s\/2Abt+TggPSUp074AQD95gPAAAAQEICh9l6l22sSNA"}
00603{"flow_id":54,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6430,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":603786,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACydzNAAEAGtm3AqAEHNCAW1s\/2Abt+TggPSUp074AYEABIXQAAAQEICh9l6oe2sSNAFgMDAEYQAABCQQTxDC6Wn6YYEgXIFG6\/SmM39\/GE1TgVz4\/+C3OUePE6pg0RC6ZIHk+Ou6JnsuzO6lgkFZ\/KZ50cfVCGW9ilGsT3FAMDAAEBFgMDACjICEaq1m6jlGDcF6br9XQbdvu0pxOS73tybhOwmQInGcqBWBx\/Ce26"}
00499{"flow_id":54,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6438,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":826935,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnSDVAACkG\/JY0IBbWwKgBBwG7z\/ZJSnTvfk4IjYAYAD3H6wAAAQEICraxI44fZeqHFAMDAAEBFgMDACibeyDQe+srS4CZnBNqAJnCGqyZO1sem6ZY8a4UvQoBOFtV9j66ObmX"}
@@ -797,28 +797,28 @@
00429{"flow_id":54,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6447,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":886036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0SDdAACkG\/Mc0IBbWwKgBBwG7z\/ZJSnUifk4MboAQAEVp5AAAAQEICraxI5ofZeti"}
00503{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6448,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":886578,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"5JjWH70UgCqoTGHMCABFIABqSDhAACkG\/JA0IBbWwKgBBwG7z\/ZJSnUifk4MboAYAEXD6AAAAQEICraxI5ofZetiFwMDADGbeyDQe+srTFqCvv0jkSPlgmWK67SbF7J62b5JBAvZSwzB91li0XFBZ6u4EQj5F+Pt"}
00429{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6449,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319114,"pkt_ts_usec":888245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0YSZAAEAGzPjAqAEHNCAW1s\/2Abt+TgxuSUp1WIAQD\/5ZvgAAAQEICh9l65m2sSOa"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1484319117511,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1484319117511,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00472{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":511945,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"gCqoTGHM5JjWH70UCABFAABT2RsAAP8RXyXAqAEHwKgBAct\/ADUAP5\/hcXUBAAABAAAAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAQ=="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1484319117511,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6721,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1484319117511,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00641{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":538934,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"5JjWH70UgCqoTGHMCABFAADT4UxAAEAR1XTAqAEBwKgBBwA1y38Av8eGcXWBgAABAAgAAAAACmFwaS1nbG9iYWwHbGF0ZW5jeQZwcm9kYWEHbmV0ZmxpeANjb20AAAEAAcAMAAEAAQAAACsABDQpHgXADAABAAEAAAArAAQ0KVZPwAwAAQABAAAAKwAENCnkd8AMAAEAAQAAACsABDQpn7bADAABAAEAAAArAAQ0J+8jwAwAAQABAAAAKwAENCc7i8AMAAEAAQAAACsABDQo+f3ADAABAAEAAAArAAQ0KRH0"}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":63,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1484319117605,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6726,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.NetFlix","breed":"Fun","category":"Video"},"dns": {"query":"api-global.latency.prodaa.netflix.com","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.41.30.5"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1484319117605,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6744,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":605859,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABArFRAAEAGeobAqAEHNCkeBc\/3Abv7qhZTAAAAALAC\/\/8qUQAAAgQFtAEDAwUBAQgKH2X1uAAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1484319117651,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1484319117651,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6755,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":651396,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAO7RAAEAG8l7AqAEHNCAW1tAAAbtmeMEgAAAAALAC\/\/8btwAAAgQFtAEDAwUBAQgKH2X15gAAAAAEAgAA"}
00440{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6758,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":664151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG7z\/fOmYqt+6oWVKASOJB9NwAAAgQFtAQCCAqh\/Yo1H2X1uAEDAwg="}
00428{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6761,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":667082,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0nQxAAEAGidrAqAEHNCkeBc\/3Abv7qhZUzpmKroAQEBXUQwAAAQEICh9l9fSh\/Yo1"}
01125{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":668880,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI59gxAAEAGLtXAqAEHNCkeBc\/3Abv7qhZUzpmKroAYEBUUlAAAAQEICh9l9feh\/Yo1FgMBAgABAAH8AwNYeOmNAe5Q0hcaTI2Ej50ifhjlODvil\/8YZ4JhR3RxkSAlPalSNkR1ua99akikzzyiXtlC5nVNfalnaleVK1UZuQAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAAGNAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMzdAAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQAFAAUBAAAAAAASAAAAFwAAABUA+QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6764,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1484319117605,"flow_last_seen":1484319117668,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00438{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6772,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":703150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGRPc0IBbWwKgBBwG70ABfA575ZnjBIaASOJAZDQAAAgQFtAQCCAq2sSZcH2X15gEDAwg="}
00426{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6773,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":704525,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0fsVAAEAGr1nAqAEHNCAW1tAAAbtmeMEhXwOe+oAQEBVwIwAAAQEICh9l9hi2sSZc"}
01123{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":713351,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"gCqoTGHM5JjWH70UCABFAAI5taBAAEAGdnnAqAEHNCAW1tAAAbtmeMEhXwOe+oAYEBXylgAAAQEICh9l9hq2sSZcFgMBAgABAAH8AwN8q\/ZLhsSOm12ptnIT0OvNxxjn3f9+RlJ5hY7lfSkXAAAAtsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBHAB8AMwAIABQAEwBLACAAWABMAEAANwA3AAwAKABUAEgAPAAwACQD\/AQABHQAAABkAFwAAFGlvcy5uY2NwLm5ldGZsaXguY29tAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUAqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6774,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1484319117651,"flow_last_seen":1484319117713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6775,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":734717,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOhAACkGPN80KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD3iAQAAAQEICqH9ikcfZfX3"}
02372{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":737656,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAOlAACkGNzY0KR4FwKgBBwG7z\/fOmYqu+6oYWYAQAD0zKwAAAQEICqH9ikgfZfX3FgMDAFkCAABVAwNYeOmNdGOVmQo66HGj3YmHMScZhCM9z81cHZ8udlMiIiDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpMAvAAAN\/wEAAQAACwAEAwABAhYDAwpTCwAKTwAKTAAFLTCCBSkwggQRoAMCAQICEEyDi0+FfvCSTifwFgngw9wwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNjA0MTIwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlsb3MgZ2F0b3MxFjAUBgNVBAoMDU5ldGZsaXgsIEluYy4xDDAKBgNVBAsMA09wczEYMBYGA1UEAwwPYXBpLm5ldGZsaXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Z0vVg0+uwRnQgMqpd9ZwS7jp+haqVMWt\/aP2iVEz0YnjzxpK71leEdLOvCa7xXvw6qvgJgviQpWWaZLbuMx4dZ0wdQrWbFtuiNWVROO9UKlOR7zkSpBQBHjL8PDMR8GxjYhY0z9ub1P+ar3lsbL0PqJTXnpC4+5jliGtK7hBDnRBzIyN17GbPKT0EY9qzw2OhysiseSVIpeA2uTMsdjCuCJ8U2+vpz4RKQMVBcZpbGTOowLQya0VARHJxNv8MoepZLmqpbClDmpaWt6xW2h2cjWruIsD\/YQ7jbkhDSwodDubij58Mu5BWLQ+l4PPUsjmGAv3yZxbVcRpS6Wlm4uQIDAQABo4IBqTCCAaUwgbMGA1UdEQSBqzCBqIIVYXBpLWxhdGFtLm5ldGZsaXguY29tghRodG1sdHZ1aS5uZXRmbGl4LmNvbYISYXBpLWV1Lm5ldGZsaXguY29tghJ1aWJvb3QubmV0ZmxpeC5jb22CFmFwaS1nbG9iYWwubmV0ZmxpeC5jb22CFGFwaS11c2VyLm5ldGZsaXguY29tghJhcGktdXMubmV0ZmxpeC5jb22CD2FwaS5uZXRmbGl4LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMB8GA1UdIwQYMBaAFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMA0GCSqGSIb3DQEBCwUAA4IBAQAdulHmLmvIdudqnSfhfmUEAkyAOEjgZ6H0k6BxmsH9zCQp6kh2Gn+6dw6yfgP+i+rrY5dJH59AnS0VSYm9l6Z2Q+oxBW3bKnGXHyAdm+pn0xnaoyVjvtsX5c1CZkwU+uzR+tLsC8xb0LDX0GTepgBR9Gv6C4+xg9+2VPA+fWZFwOvKONHO7uIp4D+u7Hmp1WMg8XA8cm2R59JkzTy56a2qikZCBk0Iiv6tg1u4MVCfWygHnmBNLR0RYC6LqagZzsJF6hfv7jbweV24LQUbdNELDCtEH0VUYn5jzB7SmHZg8RPHU5ZesfRgzs6ULuupnucw3hatgscIhcAN2cOcz9cQAAUZMIIFFTCCA\/2gAwI="}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6776,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1484319117605,"flow_last_seen":1484319117737,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02384{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":738672,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcAOpAACkGNzU0KR4FwKgBBwG7z\/fOmZBW+6oYWYAQAD1qhgAAAQEICqH9ikgfZfX3AQICECguJ5F5M5LkKPIhp07JN64wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAUAwggE8MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zASBgNVHRMBAf8ECDAGAQH\/AgEAMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vcy5zeW1jYi5jb20vcGNhMy1nMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9zLnN5bWNkLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAWxdSvtZWe\/T3NAlLlsrH9iHQaYDv55oZ6CTif9kvYd0T61pl5OFqkMtOKumKFudSjfZDG0cFDYCjqJr+KdO8HSjVpUrUcTwPdcULcz8ASGV5DatqHiUMwALeZqy9SwZrmleKKoF+Z5u6UmBzxBX3u8FQyQiluldKOhsQcxzhe7aUA0uuUbCCQDpaJJzuDVhdrropesoznrKBwi+OwSfPQPAEoT\/1N8LK\/KxTbalTaU\/hdmQMJYGpNwPyOXM00sF8eBgcqGsW5+fgnSmv2ORpOXmVabl7XF0BnNT380hFE2SV1wpuctpDIiRvPlpw3MCS4C3lV\/jkKyfu9f8bswGDehYDAwFNDAABSQMAF0EEavDjk+pGlWQUqGM3NWAA2G5qU7B6CFPB6uLrjBm\/25GqMgyixXoLIc2rV2Ew89YPaeX2SJ82dSdnjc9HLrNAAQQBAQCrke27aAul3r8\/uCX+ZFbmMKYGnQYLTpcpjuveX1ZJ8u2xETbUWl21Xh3LZ4ZIU7\/I3DXX\/\/ezc2teamknVcii+yPzWIxLn9Y="}
-01276{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_tot_l4_data_len":3657,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
+01287{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6777,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":7,"flow_first_seen":1484319117605,"flow_last_seen":1484319117738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3413,"flow_avg_l4_payload_len":487,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","server_names":"api-latam.netflix.com,htmltvui.netflix.com,api-eu.netflix.com,uiboot.netflix.com,api-global.netflix.com,api-user.netflix.com,api-us.netflix.com,api.netflix.com","ja3":"d8bfad189bd26664e04570c104ee8418","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=US, ST=California, L=los gatos, O=Netflix, Inc., OU=Ops, CN=api.netflix.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"FC:5B:F6:86:AE:E5:22:0D:60:0C:C3:DF:8F:02:80:3F:A3:60:0E:3C"}}
00429{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6778,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":740145,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0iO9AAEAGnffAqAEHNCkeBc\/3Abv7qhhZzpmV\/oAQD9LG2QAAAQEICh9l9jmh\/YpI"}
00695{"flow_id":56,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6780,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":750242,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"pkt":"5JjWH70UgCqoTGHMCABFIAD1AOtAACkGPBs0KR4FwKgBBwG7z\/fOmZX++6oYWYAYAD082gAAAQEICqH9ikgfZfX343n8ekW5WtFwiuat3MPIymSR3y0qy\/vs6KzyxHxT0M7HJ2eVg8TbWuZ\/k73CDiepUJIty7M2cpeckPEf3PEDQ6A+b6yfWGSApeKADzVqo\/gONNdP8gk0zeC4os5mpmSKO0AEUQeqggAiQL3tFBY0FmMmxj4VAv\/Z53+JJCGr6LZhCWve8g4F3MV+FBkKyUMtZbO8VNzPAgbyIVIvpr59ETKzVG9n0ZpkeiLZfC\/gWHOpbnvD9L16IRYDAwAEDgAAAA=="}
00431{"flow_id":56,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6784,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":752470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0\/MtAAEAGKhvAqAEHNCkeBc\/3Abv7qhhZzpmWv4AQD\/nF5gAAAQEICh9l9kSh\/YpI"}
@@ -827,16 +827,16 @@
00493{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6787,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":765766,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABhlNpAAEAGkd\/AqAEHNCkeBc\/3Abv7qhiqzpmWv4AYEABO7wAAAQEICh9l9k+h\/YpIFgMDACgIsqaAt27YcArYI7wohih2+41gRIX\/5tR4vz3Bvttt4yVnrxvUHkkK"}
00426{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6788,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":767728,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0uJNAACkGjGs0IBbWwKgBBwG70ABfA576ZnjDJoAQAD194wAAAQEICraxJm0fZfYa"}
02377{"flow_id":57,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":770085,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcuJRAACkGhsI0IBbWwKgBBwG70ABfA576ZnjDJoAQAD1YQQAAAQEICraxJm0fZfYaFgMDAFkCAABVAwNYeOmNTx\/sDODUD7+PMlMChiVbuPABeetp9qed6D9ItSB83esKcDEiKu0ZMjH71CC6Tr03jfDxmHM5gUcShjg1xMAvAAAN\/wEAAQAACwAEAwABAhYDAwgiCwAIHgAIGwAEIDCCBBwwggMEoAMCAQICAhObMA0GCSqGSIb3DQEBCwUAMIGZMS0wKwYDVQQDEyRQcmltYXJ5IENlcnRpZmljYXRlIEF1dGhvcml0eSAoMjAwOSkxEzARBgNVBAgTCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtOZXRmbGl4IEluYzEcMBoGA1UECxMTRWxlY3Ryb25pYyBEZWxpdmVyeTESMBAGA1UEBxMJTG9zIEdhdG9zMB4XDTAxMDExNzIwMzIwOVoXDTE4MDMyNDIwMzIwOVowgYAxGzAZBgNVBAMMEioubmNjcC5uZXRmbGl4LmNvbTEWMBQGA1UECgwNTmV0ZmxpeCwgSW5jLjETMBEGA1UECwwKT3BlcmF0aW9uczELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCUxvcyBHYXRvczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKCMPKDrRKNlpQYmDci6pMXZdSSUbKrQRkPDz7HhtKtPPugiuJduNExZc6Kdb12vBV\/O+SiPHaVK7mpFvbFGQlMb6qQfwVOi\/aD6FF0wubaBBRmV5soLn6Uml8hcRcy1GwhcE0PciETMHgCKsYz6GRuA022Eqzo18xrMBx0ZwPuRDaRc+aOcYlh2D8wJdLQNpKdgRiYnOzqzb1V73+PIcLBKBaRmuSAMY7T6QAsBvotFYlMY32uWd0vZw9isFDSJCV8w2CSLAAeSkvUEJt3zKqKD5d5h8lWhsfYUg78EDVQMWb3iyTQ+UHy3b4IHtGaB+ybeHo7UkyS4NKYViXGQ4bECAwEAAaOBhDCBgTALBgNVHQ8EBAMCBaAwHwYDVR0jBBgwFoAUgzutabNbHNPaO8lPBXMZwiqK8P8wHQYDVR0OBBYEFH8tt\/b+DoJ\/qUOipuTAuxoaEiJTMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdEQQWMBSCEioubmNjcC5uZXRmbGl4LmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAkveZR7qD\/7\/8qJ4CSsfWHq+Cw0DsuYB9YjDmpMA3gU+yzX9cXxMn8tY3AApgaSjK94LEU1T7O\/bsKsL0uCJuFhSfW4W3+AlTe3UhEOMeILOZwgcMhUPQXGI28idMvibE1zQjX96OSlU9uDL6s8itcycsRGgSP0e+Umi1cijldISAIfgK+QzQIa\/k6kuJZ2i1hk4M6e8JqkqoYRso7uoX2ECQVKzVgRgm0z79wLxOrKXQf5L2Js7s03GHwdt04kQTtyYRh6NEGBmzjgdicV4sXy4g3wbAPPR1+itz5sKT\/vAAteT\/4Ik8+RSfZGNefG8eQxjBkJKvoKV1GyHiH3YYrgAD9TCCA\/EwggLZoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwgZkxLTArBgNVBAMTJFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ICgyMDA5KTETMBEGA1UECBMKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwHhcNMDEwMTAxMTIzMDAwWhcNMjkwMTAxMTIzMDAwWjCBmTEtMCsGA1UEAxMkUHJpbWFyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKDIwMDkpMRMwEQYDVQQIEwo="}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6789,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1484319117651,"flow_last_seen":1484319117770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01889{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":771052,"pkt_caplen":1146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1146,"pkt_l4_len":1112,"pkt":"5JjWH70UgCqoTGHMCABFIARsuJVAACkGiDE0IBbWwKgBBwG70ABfA6SiZnjDJoAYAD3W4QAAAQEICraxJm0fZfYaQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC05ldGZsaXggSW5jMRwwGgYDVQQLExNFbGVjdHJvbmljIERlbGl2ZXJ5MRIwEAYDVQQHEwlMb3MgR2F0b3MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClPiFZwHhqw9wmYrruaK5lM2jxb7OnG1xOPDkmSt9ostlHBuuEIpSAegeSu5IfyCw3LHZ5HEtbube7+v\/KvRUK5l\/8E0dgm2kIkuwXCInrxOb8Vue1EwYiVMbipMtTVxaqzqdYnzqFFOOaTfiiHdtDWwp3jjKl188E9wc5el6k667OBUw7VTGI1M30wgKX7rU1qB+D91fdnRNVb90uSyhuGgXw1LaZpqNyQ9UU0bMQcwmLcmoY3NWdMMN4j0Fw11owmtXswG41YKRxcm9yJjbyyDmry1mVF9Ri9GMcR5I+VveQudxyLML\/0PMTT+qCooHPhnMm\/zY9AEn0tmAkD70jAgMBAAGjQjBAMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgGGMB0GA1UdDgQWBBSDO61ps1sc09o7yU8FcxnCKorw\/zANBgkqhkiG9w0BAQUFAAOCAQEAPX7Vj0zBi5fWHkB\/U5GnVLqaRStn52gTsUPoxmVjareLMMkMSrAGtP8CHGMLLrjOh9GFMjrsJM6Q+mLzAhMhpmvZPRAM4kzXdAYTLRWD4dxyYCkG2sjDdGTYdO7AfokcOnu5kypA0bdWe8KcZVFjpw8f+ACSkxjkgL+lk0kWZf+uiCojU3Wt9O\/Z8+xm1PIbBOEfirH+o8gWESD86CiOqZH9cFmSjXziHHxIo4mgCTt9Jse8h8gkDJE2wQTeq3ttX1P5eyrHphoXtwy2Wtx77US+s5J0di17tOPKnQFd35Ew\/l0PWFqar2MQ46R\/UU15UR68hb86jgCQplA8NeBZoBYDAwFNDAABSQMAF0EEGryB8m7f8C\/ezYDjVMC5\/bYUlL3UMXWF51ZdioOsu1C8eeg9z3YrwNQhm0E0NE1Vc2dSBCCy9Npo3cZ0\/HFXoAYBAQALpT\/TcXR0cyQ2jeBcJtVSKF4flRrDO4XagnDKaHjqsAzRaYic0a5xBgdfAXxnt5YgTh6Ogq3FgS7OJEHONngoUlOTQDqdlKNVQpslt6r29Uf8sHNQk64IEnsyWpoFwO2fJTg7OvnkV938u1NMYoknbrpmQ8yXpBgERPOszr7roWDZUGNwi\/P4ZY9MyPNj79138byllqjSN+ekcFWX+fXq8HQHw7P3ClLVNZIfMmq4MRhKLvENvlYqsAw49RpSaIP\/JnvDI4zY98GAWdKC5TZ7+Ls127OoewXbBYLZUzzwnbKE6CUjzt1qJPqzDRanLaZkoHG1d8dIX7vfOLQ0ht3xFgMDAAQOAAAA"}
-01157{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_tot_l4_data_len":3289,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
+01168{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6790,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":7,"flow_first_seen":1484319117651,"flow_last_seen":1484319117771,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":3045,"flow_avg_l4_payload_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ios.nccp.netflix.com","server_names":"*.nccp.netflix.com","ja3":"dc67ac8aaf8d7f69ecd6598135448f24","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=Primary Certificate Authority (2009), ST=California, C=US, O=Netflix Inc, OU=Electronic Delivery, L=Los Gatos","issuerDN":"CN=*.nccp.netflix.com, O=Netflix, Inc., OU=Operations, C=US, ST=California, L=Los Gatos","fingerprint":"97:F6:63:95:8F:F2:5E:E0:80:12:5A:FD:BF:B2:EB:FE:A2:FE:72:33"}}
00426{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6791,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":772465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BPhAAEAGKSfAqAEHNCAW1tAAAbtmeMMmXwOo2oAQD95kJQAAAQEICh9l9le2sSZt"}
00600{"flow_id":57,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6792,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":782417,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"gCqoTGHM5JjWH70UCABFAACyVqJAAEAG1v7AqAEHNCAW1tAAAbtmeMMmXwOo2oAYEADVWQAAAQEICh9l9mC2sSZtFgMDAEYQAABCQQRW4SqRtHvW1q1mzZsrrs8mojReDLgwFeEIY2OsHixN1K3kho70V7T\/gGZ6kYzMwEv\/41qGKiPo7lD+1AdA36\/9FAMDAAEBFgMDACghZeBhnC3o6ffq0vTU96qYNuzh4mxVd8mDQQq7zCSZeBD5nscZMxzQ"}
00429{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6793,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":815949,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0AOxAACkGPNs0KR4FwKgBBwG7z\/fOmZa\/+6oY14AQAD3VBgAAAQEICqH9ilsfZfZP"}
00502{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6794,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":816730,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnAO1AACkGPKc0KR4FwKgBBwG7z\/fOmZa\/+6oY14AYAD083gAAAQEICqH9ilwfZfZPFAMDAAEBFgMDACh\/LK6JN0ZD3RkfXIV1XQ7JAljOZpZWgJP4B550eF\/r\/45wBqUx9ZkK"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1484319117826,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1484319117826,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6799,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":826887,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAF8hAAEAGDxPAqAEHNCkeBdABAbshc+whAAAAALAC\/\/8t3QAAAgQFtAEDAwUBAQgKH2X2iwAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1484319117827,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1484319117827,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6800,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":827967,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABADR1AAEAGGb7AqAEHNCkeBdACAbuRqNIFAAAAALAC\/\/\/XwQAAAgQFtAEDAwUBAQgKH2X2jAAAAAAEAgAA"}
00498{"flow_id":57,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6801,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":836849,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"5JjWH70UgCqoTGHMCABFIABnuJZAACkGjDU0IBbWwKgBBwG70ABfA6jaZnjDpIAYAD0jDAAAAQEICraxJn4fZfZgFAMDAAEBFgMDACjMteRz8wyXXElR61k+p9UqwquA\/gjmDYad1auQslmuyUovR8ECQcMU"}
00428{"flow_id":57,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6802,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":838601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0z45AAEAGXpDAqAEHNCAW1tAAAbtmeMOkXwOpDYAQD\/5jBAAAAQEICh9l9pa2sSZ+"}
@@ -844,17 +844,17 @@
00439{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6809,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":879588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACoGPL80KR4FwKgBBwG70AFaPMiyIXPsIqASOJC25AAAAgQFtAQCCAqh\/YpsH2X2iwEDAwg="}
00427{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6810,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":881117,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0BiRAAEAGIMPAqAEHNCkeBdABAbshc+wiWjzIs4AQEBUN+QAAAQEICh9l9r+h\/Yps"}
00714{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":885772,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEEKuFAAEAG+zXAqAEHNCkeBdABAbshc+wiWjzIs4AYEBUAlAAAAQEICh9l9sOh\/YpsFgMBAMsBAADHAwNYeOmNxGxgi8I9EIqk5oJkWnJI9VweKmO\/JyQkao7GaCDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6811,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1484319117826,"flow_last_seen":1484319117885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00439{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6812,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":886937,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAACkGPb80KR4FwKgBBwG70ALhlhIJkajSBqASOJCQFwAAAgQFtAQCCAqh\/YptH2X2jAEDAwg="}
00427{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6813,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":890575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0Pr9AAEAG6CfAqAEHNCkeBdACAbuRqNIG4ZYSCoAQEBXnJgAAAQEICh9l9sWh\/Ypt"}
00713{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":892631,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":274,"pkt_l4_len":240,"pkt":"gCqoTGHM5JjWH70UCABFAAEEuTxAAEAGbNrAqAEHNCkeBdACAbuRqNIG4ZYSCoAYEBUMGAAAAQEICh9l9seh\/YptFgMBAMsBAADHAwNYeOmNE5tkHrD0G2XjxlOstOMmL3TKkSrM+b+7cNSu7CDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpAAmAP\/ALMArwCTAI8AKwAnAMMAvwCjAJ8AUwBMAnQCcAD0APAA1AC8BAABYAAAAGwAZAAAWYXBpLWdsb2JhbC5uZXRmbGl4LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6814,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1484319117827,"flow_last_seen":1484319117892,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":208,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00501{"flow_id":57,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6815,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":902068,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"5JjWH70UgCqoTGHMCABFIABquJdAACkGjDE0IBbWwKgBBwG70ABfA6kNZnjHhIAYAEXPmAAAAQEICraxJo4fZfaXFwMDADHMteRz8wyXXaXd2RcnujIQezZltisNkVOhrLlxwzYR31jYvekblxAEodQ9mpyApjCs"}
00428{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6816,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":903397,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0s05AAEAGetDAqAEHNCAW1tAAAbtmeMeEXwOpQ4AQD\/5eoQAAAQEICh9l9tO2sSaO"}
02400{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6817,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":906153,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"gCqoTGHM5JjWH70UCABFAAXcXEdAAEAGzC\/AqAEHNCAW1tAAAbtmeMeEXwOpQ4AQEAAiygAAAQEICh9l9tO2sSaOFwMDCqEhZeBhnC3o6wmVYP\/JcMRXs4Y2Mw0qfzuqIUVAeVDr3hQeKInRYJmV+eaRiKA3Xn7BdrkjvFkDvd6LpF2RPZQzSu38+Cl0Ghr17xUz4kQ8mpHKZg\/ZCAjmYOK1AlCJtveNeE7sRaH9Dp09Wqi\/5+OkwIwhmF6v2+oz3V4RwoCWOYaD\/vvrB81fX0iNENnLzALF5nvHgb7ObzbshkADnwwlU11CqefuoieYTmrs5XQ\/ihtFF0JocZ67IF6EWbsMQNB8hR+uQrhXYDeS9YNuD+iI1ZxcMi71ZjCfnbP+QEQT3Zij8svxkrYAdRYiZ3Y6PE5skSIEgD78Juhd9VLiMEU1\/43TLawjuDkXNtYyGShez5jHAD3pq459Mp\/m1pxpMQ4qYne52LPjMxV91AvE3SrSUZhAXUCC5F8vn9PQ+L59QM3iHOrb0nDnNTp5GpNBuFS5\/kTloaW91kxYJUXh6zqwikglOZwNhx1G\/3Y010IbIW+tknMKE7cSiwtHhczXh\/YlISJrwiSIFNbHK44yFpCk27Fb17giZIXqRB8t7282KV2+F4ZU62pSae9fMup+lgkrvmI\/R3vkHa2XThtksLzhVH5JreoMSdMSLvVdi2vU2WTsjNk6DmMutXfQbnpYZMGYaN6GIk7A7VLEVTqbsvBP90dg0fC7PW2FivP5DOHjmhP2AoLl07fhpFvxLEb4d8uZ3VfKWapwXB2WF+kHChbSmlJwty9kRjLzu5QRdIX6ETIhfv4JkyEBJoZv3otWDr8HsG0I9ifuvhHGrlWNhRC5TkeL3apYXRkLtRJG12aC9CZLu34\/OvCfx\/5l5oX+RwOjWGDOXXQKeNig7jt8BvWA1E7hJk4yAztKjJ2T9GWnTVlepocvF3HXYILgKcJuRFY7LgIm8\/Ta8+j9F4skk\/tfEYxWd0eyfUrZYyGy17jGZqcdeQCY8N0pil0e8B6QvUEFRMH2adji\/9jULc9\/u2DAy65zoESP+hnZoH2577wTWH3z6qRVns2BBGb61WaE0gXnymPO277VCOK47bP3iPsM\/nVvWQ3gW7FwRpCHJoeDwvliP9NbuD4L1v7WNe1j62zj\/DzSnAHvPXgmIC3EBYL4A0IAPFyoqb4hipglSOfO39B6xw\/cpuGgQZKrFidJNn6d+roSuKL\/KLU+ezpqvK\/RPp2jdait6rQCyfrMlKXwCixOK1A+FiwULYk2z9oqJxIxmvPAJ4SHNgn4ryg7CpSRnixoeRThgNWWB36++vWRjTYc8YQne3w9xJPDJ+ZCLbyPSu1J3cNv6toiJuA6GDxB\/9ZLrzwIxTTXZf7gpciU6ZpQ9ERiU0sSpPEcDZ1rMnBcdZP08LMcBJGnXZOZBo9z6JQfbIQ4sSqsCMpwYsMkL0C6qC9Th94j57XgVATTtswwrM2qUn90lau51fFNQerubMkKpjj8TSqgD+hkD9V\/qJnB3z7\/IY6Yk2\/0yRERrXLSdorX65x8fMztPyJ1k+t\/rMyscxigEC15Yu2Y25LOCUTz2vPVLxtn5kuSwukBYLrFkF32i4SIZcIARD0bJ40\/wHhj42SzhwaXj4yzBusj4bRoZdreiasdlAZejA3He5p3I95wI5V98W8F1CqlfjhnhabDJzl+UCF9SYVWTPvdbG9NvNarXhutfHA014+De5yDqS3DxoOjmaWNSIz+pbfx8vg\/lNCPMS2q8LqipX9\/Ap+2Nqg1OsozLQHA\/Pn\/L0yNjmkI\/yHb55iBPlWled3cEVEE8KjhaKg1rfILhYSaqB7AGbi34gxs8Ac4GS6S4Dw\/N+CbJI4pFlabTxoMUMD7uQujZzPLRFSIO92QcYUorTKumacXYYkYTFOVOH8U4oR+7wlZ+TMKa1S7nOzsQmdBMoPh7slld0ejO2KmcitKvvVorLV7I3yoNu2C1F0Z+jn27Sk="}
00426{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6820,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":929656,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0QsRAACoG+gI0KR4FwKgBBwG70AFaPMizIXPs8oAQAD0c8QAAAQEICqH9ingfZfbD"}
00631{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":930548,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"5JjWH70UgCqoTGHMCABFIADFQsVAACoG+XA0KR4FwKgBBwG70AFaPMizIXPs8oAYAD1rVwAAAQEICqH9ingfZfbDFgMDAFkCAABVAwNYeOmNPVuURpMb\/fx8yaJA6qP5XzLudCxl+lHk4pO37SDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpMAvAAAN\/wEAAQAACwAEAwABAhQDAwABARYDAwAoISr6QGNuUwXE3zvP\/hpWdpKQ911Va7M\/7zfUPVeWOAkJZLvZ3ismWQ=="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6821,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1484319117826,"flow_last_seen":1484319117930,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00427{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6822,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":931759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0TJBAAEAG2lbAqAEHNCkeBdABAbshc+zyWjzJRIAQEBEMYQAAAQEICh9l9u6h\/Yp4"}
00435{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6823,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":932904,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6kUJAAEAGlZ7AqAEHNCkeBdABAbshc+zyWjzJRIAYEBH0TQAAAQEICh9l9u+h\/Yp4FAMDAAEB"}
00490{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6824,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":933306,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABhhOJAAEAGodfAqAEHNCkeBdABAbshc+z4WjzJRIAYEBFPtAAAAQEICh9l9vCh\/Yp4FgMDACg7GVRz9q7bCs61NasJlVJx2Ycx\/rNf9nrAzt4Php4mYrbW23IFchHS"}
@@ -862,7 +862,7 @@
01107{"flow_id":58,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6826,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":936208,"pkt_caplen":564,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":564,"pkt_l4_len":530,"pkt":"gCqoTGHM5JjWH70UCABFAAImzqhAAEAGVkzAqAEHNCkeBdABAbshc\/LNWjzJRIAYEBFI0QAAAQEICh9l9vGh\/Yp4avN+Z1XWUB+3WAOpuJpqzqtKWRJL4zu4ISXdtKypnYqGCP9n7j4ktK+SZOBLa8BT+0OLSi3bhOIFUDhsf64F7wrvNjuSjasNuttYLpHXi7h8KPA\/S1XW7g9J31fOhAPuuw6ZxsVINm0JLJgZhv41EHV2fdJzzSO45gPSROGfpL5zzyiyhAN9r0Y3i5TUTynIcFs6vriuz3tQGEEngaCdKvk\/WoE\/OHZLufvXNL8XmLRa+SWBE80Rn26GLv\/OfkbN7cyNG2rusRhwriJZlkTsKUfujhv0saiPRWjC4gO8kXBziLWDY1u7rjlF1fkFDrAFS5qZOR6NwqhAE0e757ac22CdoVCfe4HF9zCdMSd5j\/PdDI5ltZghGMv\/JAYcxw0MCYn9Xo6kor4zjEV9Xes6rZiOvOyZZoOfub02Akjo0D8b8UC4Jn8YgKcbZ1iUGN1wuXV\/xZ5eoebXRTYP4yeB5E5iGFP8Pv\/lhp27RuDLmLlFr1JCHXht05qFgJO8VzeMfWvhm9MDWShtVxCp9\/3j21TeHr43I2d5FmGGawJKlUf70vOtagJOm1d\/exeq7QOgpIVpGE34Qr7um5I1jP6rU0nmBFFgab87bGt46R\/Y41i7pAMalVEPQB95ipZppRXmBDFSzdHZL3sIkq1EwRre++6e"}
00426{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6827,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":941532,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0mHNAACkGpVM0KR4FwKgBBwG70ALhlhIKkajS1oAQAD32HgAAAQEICqH9insfZfbH"}
00631{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":942410,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"5JjWH70UgCqoTGHMCABFIADFmHRAACkGpME0KR4FwKgBBwG70ALhlhIKkajS1oAYAD0r6wAAAQEICqH9insfZfbHFgMDAFkCAABVAwNYeOmNhBa97m16IKYUAyxArJDuRqKzC3VOnigM0fPRMyDcQ+\/FQ45c2bdXzP\/d5vWiRznU+6UwyhdZu7Y2G7JjpMAvAAAN\/wEAAQAACwAEAwABAhQDAwABARYDAwAoFiOeGccWPFfw7qlBE4VkatjS4l\/f33xVU7KB3IBXXk\/K\/lILTfxcQg=="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_tot_l4_data_len":565,"flow_min_l4_data_len":32,"flow_max_l4_data_len":240,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6828,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":6,"flow_first_seen":1484319117827,"flow_last_seen":1484319117942,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api-global.netflix.com","ja3":"7e72698146290dd68239f788a452e7d8","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00427{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6829,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":943681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA06TtAAEAGPavAqAEHNCkeBdACAbuRqNLW4ZYSm4AQEBHliAAAAQEICh9l9vih\/Yp7"}
00435{"flow_id":59,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6830,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":944590,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"gCqoTGHM5JjWH70UCABFAAA6NeNAAEAG8P3AqAEHNCkeBdACAbuRqNLW4ZYSm4AYEBHNdQAAAQEICh9l9vmh\/Yp7FAMDAAEB"}
00490{"flow_id":59,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6831,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319117,"pkt_ts_usec":944926,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"gCqoTGHM5JjWH70UCABFAABh7KhAAEAGOhHAqAEHNCkeBdACAbuRqNLc4ZYSm4AYEBH7iQAAAQEICh9l9vmh\/Yp7FgMDACjN6QiHlhoi28ptuJ4MF1wIKwWiAPgvNuNc+XNWkQHy\/nrK5+WNoARc"}
@@ -876,23 +876,23 @@
01606{"flow_id":59,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6854,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":40132,"pkt_caplen":935,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":935,"pkt_l4_len":901,"pkt":"5JjWH70UgCqoTGHMCABFIAOZmHhAACkGoek0KR4FwKgBBwG70ALhlhaDkajadIAYAFOSmAAAAQEICqH9ipMfZfb7FwMDA2AWI54ZxxY8WXHVuD3CYDUOvTy\/nB2lrxqGUHt1xRKXofJ4dHxhTH3AYIEjqa7mhfRpxAQlqD70CCvw2X8JVnSZdkqhnImkB9CwLKJtaTVDaxhBnqKtMyJp7xMhyiZQ3as3ftRgGsi4u4iWz1lAqBFIMUrqO8ai5j0zs\/IKAyUhincv4di2SgtoZ9+JKvp63wZgGj+gcVwsWiv1BwUsoO6e3fw0beoESTCvfPhfBZYFM5T\/55kwFBA7ksUDiBF5WsrRo1+EP6hWI6m5zEsSkS+kPAMHLPeP0NetGfe\/PeCPWiFMzYkbfbthtQW4coDKYkCduf8+Lq92eaoyV6lC0IZ3V5sVoknMmomKwHzpbBwXi11DnTnKrs35KTYGL\/ouKIzxEBKUAQthopag\/zq30FE9a2yolzAqpDvhbeisFuDnsw076TJWuxfdBblNy4FWW6qX0auZPtB1YUf8OajmbFNede8dCSkHV\/3wJd0JzZA5GxAm3DgFOwpJHjHUKQGsy+M0cnbb6jC0YqDup6pzdZOl0vx411wTYHQsk13Nx2gG7jtfLUIqbm1yCK2asDWZRxOr712tukCjm1rbcswdlGsqnPEnaaTTUyOIUj5BJ4eL1J9BmiZvBToJajNT2nSbYBirdDh9rbbpIwvKNMTxR3JUnw27ThIfkRT82pPfDmycUws\/KrhCxHKEEOhojCITVc6l0cehEI8K95usx8Ujn\/hsUWs00G5Q7jTSpeK59z7tSniB8rquw1ChpN\/rax58\/CdFdHjDrI5klU9O88T3JY8\/f0VWvItFNwDgax\/S2Eyjt5S\/28fFM4Rw6rILaBrvy6UKCxmng1SrFTbPNBp1q1D14am+csAyvD7fx7q1qmEWIdYFkFNqQbT01L0tpWEpLdJGubohOMgaFoXtuqrY9EYDpVIKEpj6a3we126NztazmTfJlgg0pg0KMrzl8XMv5qzNZsRtY4GxWe2oTpLel+XFYbaWArhA4YnXakJHeaekfgjznYwrsJSx7gSk1F7uXv\/tp8CYcUcWbFg8e07mUYpN0icdA0H3hUF\/0qFs5elMUUg\/PotlB3Ho47GBV7Qv4kWQxEG+g8CEtDHpWtC3i7CkFoGbZZ82MhmwMt7hRq3CH7aExiDnG3MUDrTBEfEH0tE="}
02392{"flow_id":58,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6857,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":74100,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcQshAACoG9FY0KR4FwKgBBwG70AFaPMlEIXP0v4AQAFQogAAAAQEICqH9ipwfZfbxFwMDBkQhKvpAY25TBgZdKy4HtUkKIJZfR+1REZF0s\/99eM3z7Oi7GiYct543IhFyT2iB3\/9MkdJzG772utwHqG9qn3fcpHQh1OiQWtWXC7L1qmTrfsdrAdfgJTQU5BRcj4RsJlokZOjU8pIpQhsSBnvoYh7IUjOazIkkIaenQ775sQLtotOC58Qq4kG8cZFTUiDem1mB1sFYI\/SE1+tqYOZ3Rv9d8N4lMV9nqC+hIEt6y\/h5Eb7jZ\/MUJrcWI2Vn3dm\/DDhri63YDpnotSopFZV6GOKg7df62xHIky6jv4aaHsqyP8wklhXeh+4TFa4s+jUP69s2vHrEI2W+OtZyvMFA9XIk33rSwuoPQxGCwrrFwN+9WyW2JNV\/lqaIDBdUGRPQP60qo611BDlC2TdGgKcN1eDXHjPwqSKDDUnBsMd15sOode0EdKBE1JtzcM5YRPw0Pb8U7Oklxy0SeAsEr+FPNXpeBSHMXlgHA+hg6QorbJhpelqFdWZ9C4csl3MTSwTfn4aShuDzDuy5AEunaZTs+lRmaVRd3dAFYuh6zhgSMjkD14RKBtGK8RcexmPeJpb9b5TxkcCO087j4+oESSmJBvQkxlyAUp7YBEcxqsvmQJIPEOE0yT2vYOerZGXws1nU6Vk49111tsrZnORJT02ghAPZc1v7pznlHDXz\/7\/q2byt\/PQKXBBRjOgGTbSyjTbn6PYpjlMXbu1Y8N6EPi9AUAXOz84L1UU9rs4TUcdcLBEYZpYp4+ssP8WllyGc0N6FL9N93QeR4L0snwhzp4+YVHcVeQy9\/TAeVMd8D49pXHqvrkX4QaM3+\/4oWaHqe3XZjFC8x4Aj\/Luq5UKnBQc00hIP7pC1S\/ezLzRtIw+ZDMGFD7Lp+FlTWBHhxJTgbJPDF6iiXRLVnNJygeSOIDNqP2CcSe4mc2ieud0n7y6zg3NaK6tOshNT\/dNfvhVLcR6YyfI3rDxGdeP0MzYUVObQEEgsNNvurBvIwUpvnj7\/witC2M5BuGTqNIInFWM64LNpPC1cCtqxyzlPKp0Kv1p4I3Hz7TTPn4mNcncSLwI85cKx2GPz8qnGp7Me+w3eLgQ272qZxpSDsg52oQJmpQGe2f37QANboJq+jwBhYbsY+3neALfjET3ehTbgC0NjOpljoTVcbnfZ7PPjzJD6lugz67QyMmCgT9G94D4Bw5hFWmetd97Bp6s181UfT85K6AcM0omyDyiAZs7aFo2mK8eubHlIk1bGHLeD1mkU39dEqbFxjUgf8unSSPuKGrFrHFQKyWeThmXXRp+J+nglCnoK+zEKcUmJuzVvh2r+mZS2usaeXOIEEHpN7MSDuqeEa8lC\/Xv9Wk8JVCZYF\/jfIMmC3sACpCTrqqdSqIzHMkbYvYffoy2locY9vRgZPlqgxB7J667HpoD9uKIV3ezU6cVYTD4mRQvPJdp15DsO44LpgdSBDCdE9CeIO5CgfZXLtKTvIEJE2cOipotAxceaiZ6JOaUe6iERZB\/cDoMWFXulmHtPvLi\/5aWXR8iKhYCkA2oZkKVQT1UbrhPmDs1RDZsTyewMcoa53WG77f1sjqhLqOMOOpCQ6sAtc1fMJ7xph0K4f0KCu1Okma2iGCJOfLUYlQ6auXql92\/ddHYIDHC2ctjHdiSIyRzIpMRIecAYWVzb0wwZ9RVikrbxNAoy50dr19pNNx+qt4q83uXnUdx2h8ABsIbIUJ1yfGI2JtpdtKrqh+dTrj1tzp2CdeStmxsDss6oiJzfJ\/LZM4SQ1j\/n7MxEnaLuV8kjjMJlBlkLZ6CqJItJ+3G215fhsml\/moDC7pCZW3RVgnv4afH0adx5Rr5Nr9qh3SZ4tCg215Z\/UU8qAXQ8xEBbaXKnHDw8eyvqHkeT3nfrDrAUBw\/mmf9krJ5qz3ELlo4gofc\/jRRGk+45l4u\/WKw="}
00649{"flow_id":58,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6858,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":74240,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"5JjWH70UgCqoTGHMCABFIADVQslAACoG+Vw0KR4FwKgBBwG70AFaPM7sIXP0v4AYAFTtzQAAAQEICqH9ipwfZfbxljv39Mzb4bnJTd\/omBto9\/0x8H8PFYoXhsgpeTnwsmjBOLpkzfVs0Am2t+FCN4qnJz6IZZL\/q7JFM3a6\/s2WyVk3bhNKawBVcAtgdwD4gjJ2Q5zJBQs5pfPUhhmw7qTZQ6Hz3WuSlR91nc73xiUd6dKAVUwrmWtMJzzwlHZZDcTGyRm0EyyxHYxBYnsNQXmnUeBdgBSf5GdlxfrDhf9tyzc="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1484319118629,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1484319118629,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":629811,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"gCqoTGHM5JjWH70UCABFAABDkmsAAP8RpeXAqAEHwKgBAd8FADUALzVHkfABAAABAAAAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQAB"}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1484319118629,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6888,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1484319118629,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00492{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":652959,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"5JjWH70UgCqoTGHMCABFAABj4U1AAEAR1ePAqAEBwKgBBwA13wUATx78kfCBgAABAAIAAAAABWExOTA3BGRzY2cGYWthbWFpA25ldAAAAQABwAwAAQABAAAADAAEuBnMCsAMAAEAAQAAAAwABLgZzBk="}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":47,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1484319118657,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6895,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"a1907.dscg.akamai.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.25.204.10"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1484319118657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6898,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":657433,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAL91AAEAGxQfAqAEHuBnMCtADAFAmSxL9AAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1484319118658,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1484319118658,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6899,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":658049,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqoTGHM5JjWH70UCABFAABAEThAAEAG46zAqAEHuBnMCtAEAFDFgkYhAAAAALAC\/\/\/8GgAAAgQFtAEDAwUBAQgKH2X5sAAAAAAEAgAA"}
00441{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6901,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":672865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0APyPQT8JksS\/qAScSAMhgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
00429{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6902,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":674195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0XA9AAEAGmOHAqAEHuBnMCtADAFAmSxL+8j0E\/YAQEBWcSwAAAQEICh9l+cD\/\/WqN"}
00440{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6903,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":674728,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"5JjWH70UgCqoTGHMCABFIAA8AABAADwG+Mi4GcwKwKgBBwBQ0ASr4P0LxYJGIqAScSCIdgAAAgQFtAQCCAr\/\/WqNH2X5sAEDAwU="}
00428{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6905,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":675789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqoTGHM5JjWH70UCABFAAA0us1AAEAGOiPAqAEHuBnMCtAEAFDFgkYiq+D9DIAQEBUYOwAAAQEICh9l+cH\/\/WqN"}
00760{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":676250,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"gCqoTGHM5JjWH70UCABFAAEppeRAAEAGThfAqAEHuBnMCtADAFAmSxL+8j0E\/YAYEBUliAAAAQEICh9l+cH\/\/WqNR0VUIC80ZTM2ZC82Mjg5ODg5MDIwZDZjYzZkZmIzMDM4YzM1NTY0YTQxZTFjYTRlMzZkLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6906,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1484319118657,"flow_last_seen":1484319118676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/4e36d\/6289889020d6cc6dfb3038c35564a41e1ca4e36d.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
00759{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":687774,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"gCqoTGHM5JjWH70UCABFAAEp1+JAAEAGHBnAqAEHuBnMCtAEAFDFgkYiq+D9DIAYEBXuKgAAAQEICh9l+cj\/\/WqNR0VUIC84YjFmYS9lYWExYjc4Y2Q3MmNhNGRiZGNhYjUyNzY5MWQyZmNhYjM3YzhiMWZhLmpwZyBIVFRQLzEuMQ0KSG9zdDogYXJ0LTEubmZseGltZy5uZXQNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTO3E9MQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBBcmdvLzkuMS4wIChpUGhvbmU7IGlPUyAxMC4yOyBTY2FsZS8yLjAwKQ0KDQo="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_tot_l4_data_len":393,"flow_min_l4_data_len":32,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6908,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1484319118658,"flow_last_seen":1484319118687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.NetFlix","breed":"Fun","category":"Video"},"http": {"hostname":"art-1.nflximg.net","url":"art-1.nflximg.net\/8b1fa\/eaa1b78cd72ca4dbdcab527691d2fcab37c8b1fa.jpg","code":0,"content_type":"","user_agent":"Argo\/9.1.0 (iPhone; iOS 10.2; Scale\/2.00)"}}
00427{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6909,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":700093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"5JjWH70UgCqoTGHMCABFIAA0blRAADwGiny4GcwKwKgBBwBQ0APyPQT9JksT84AQA6unowAAAQEICv\/9aqkfZfnB"}
02399{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6910,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":701050,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcblVAADwGhNO4GcwKwKgBBwBQ0APyPQT9JksT84AQA6syAQAAAQEICv\/9aqofZfnBSFRUUC8xLjEgMjAwIE9LDQp4LWFtei1pZC0yOiBMU2pOWitNMVdoNm1wa0x6Smt1U1dDVis3S2xRR093ckFsR3UxWHVyczZPTEdjMXIyK3l3em44U0cvK3VTbnlqaEhTaWVsQjdVSTQ9DQp4LWFtei1yZXF1ZXN0LWlkOiAwMTY0ODc5NUY2RUMxMDU2DQpMYXN0LU1vZGlmaWVkOiBTYXQsIDAzIFNlcCAyMDE2IDA4OjMwOjQ0IEdNVA0KRVRhZzogIjA1YWMzZGYwNzgyZDBmY2I1ZTk2YjViMTQ2MGQyZDM0Ig0KeC1hbXotc2VydmVyLXNpZGUtZW5jcnlwdGlvbjogQUVTMjU2DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDb250ZW50LUxlbmd0aDogNzM5MA0KU2VydmVyOiBBbWF6b25TMw0KVGltaW5nLUFsbG93LU9yaWdpbjogKg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0yNTQxOTA0MA0KRXhwaXJlczogRnJpLCAwMyBOb3YgMjAxNyAxOTo0MjozOCBHTVQNCkRhdGU6IEZyaSwgMTMgSmFuIDIwMTcgMTQ6NTE6NTggR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+AAEEpGSUYAAQEBAAEAAQAA\/9sAQwAIBgYHBgUIBwcHCQkICgwUDQwLCwwZEhMPFB0aHx4dGhwcICQuJyAiLCMcHCg3KSwwMTQ0NB8nOT04MjwuMzQy\/9sAQwEJCQkMCwwYDQ0YMiEcITIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy\/8AAEQgA\/AHAAwEiAAIRAQMRAf\/EABwAAAIDAQEBAQAAAAAAAAAAAAECAAMEBQcGCP\/EAD8QAAICAQIEBAQDBQYEBwAAAAABAgMRBBIFITFBBhNRYQcicYEUMpEjQqGxwRUzUnKC0RckU5JUYmOTorLh\/8QAGwEAAwEBAQEBAAAAAAAAAAAAAAECAwQFBgf\/xAAlEQEBAQEAAwEAAgEEAwAAAAAAARECAxIhMQRBUQUTFDIiM2H\/2gAMAwEAAhEDEQA\/AHn8J+HPpSkZrPhHon0g19z2\/wDBeyD+BXojfXL9eCWfCDT\/ALrmvuZbPhB\/hssX3P0N+Aj6In9nQfZBsP6\/Ntvwj1C\/LdP7oxW\/CniMfy25+sT9O\/2XU+yA+EUPqkHtBtfla34Z8Yh+Xa\/sYbfAHG6+lCl9D9avgumfVIR8C0b6xiGw\/bp+P7fCHGquujm\/oY7OCcSp\/Po7l\/pP2PLgHD+8I\/oZ7eAcKSeaq\/0QbB71+OJ0W1\/3lU4f5otFeD9OeKuEcHr0Vjenp6PnhH5z4vXTXxK6Onx5alyx0BXPWudgmAtpdRd8QUOCYEdvsHzF6D0ZTBSBvj6hVkPUqUvp0h0hYyi+kkXRiXEVIxLIxDGJZGJcSCiWxiRRLIxGQKI20dRHUQNWojKI6iNtGRFEO0s2h2gSvaHaWbQ7RhVtDtLNodoBVtJtLdpNoBVtJtJfdVp699stq7e5xtVxa2x4p\/Zx9e7JvUhzm38dWy2ulZsnGP1Zit4tRDlWpWP9Ecac5Tluk3J+rYpnfJWs8c\/t0Z8ZtbeyuKXvzK\/7W1OekP0MWAE+1V6cunDjM0\/nqi17PBuo4jp7uW7ZL0kfPECd2FfHH1mF6h2nzul19uml13R9Gz6HTXw1VSsh916GvPUrPrmwXEVovcRXEpKhxFcS5xF2gSraDBbtBtAiJDOOQpDJAbNKIuDTKBS44YB7N\/xtq\/8ABXfqgf8AG+PbQ2\/qjxfJMnE39Y9lfxv9OH2f9yEl8cLO3D5f96PHcgyGDI9el8Y="}
02396{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6911,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":702105,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcblZAADwGhNK4GcwKwKgBBwBQ0APyPQqlJksT84AQA6sS\/AAAAQEICv\/9aqofZfnB\/U9uH\/8AzKZfG\/XP8ugj\/wC4eStgbHhZHqk\/jbxR\/l0Va\/1syW\/Gfjk\/yaemP3bPNGwNhgx97d8W\/Eli+WdMPpFs5Wp+I\/ia\/Odft\/yxR8q2Z7bOq7BkN0uIeJuLa5OOo191ifVbsI4cpyby2xmIx4cK22IOwBioUgcEwB6BA4DgBpS6u+dffK9GVhwVPhX\/AOt1Wsg3ia2+5shZXLG2aeTjIaLcXyLndZ3if07yiWKJj0Op8yKhN5kjoxiay6yswFEdRGUR1EYIohUS1RGUACraMolm0O0YVbQqBcoBUAJSoh2F2wm0ApcTma7isNO3XTic+77IHF+IuuT09MsS\/fku3scFkdd58i+ef7o3XWXz32Tcn7lYSYMq1KQbHMGBHoEwNgGBDQwgYGwTAhpcGjS6u3SWboPl3j2ZTggx+vrtNqK9XSrK3y7p9mWOJ8xw7VvSalNvFcuUl\/U+rWJRTTyn0Zvx1rDqZVDiDaXuIriWlQ4g2l7iDaAUbQpFu0m0ArceRTOJq2lU4iDCQbAMHn+zu9AAMAel6kYGhgYHqfUjFHaA0PSxTY8RMsi+5\/N9jOxxNKxcDMAyK0BjYBgZlwTA2CYA9Lgg2A7QGlwFJ+gyiWQg89A0le0Kjl4NEa8Pp1GlDZjlyY5YLsJTmNsWuzPpIx5HI0mldsk8HdhXhI24ZdEUR1EsUPYdQNEEURto6iMogavaFQLVAdQAlSgFQLlAdVgGfYZtfetJpJ28t3SK9WdLyzi+IK3KFEMctzbF1cmnzNuPlbG5ycpPLby2Jg1XVxUsR7FLhg59b5irAMDtEwBEwRIfaRR6C0y4BgsxkmPQQJgGCzHQVrmIEJgZojWBguD6Pgmt86j8PN\/PDo\/VHzuC3S2eTqa7PRlc3LpdTY+z2g2llWJ1RknnK6j7DpYM7iDYaNhNgEz7AbS9wFcQNTgqnE0uJXKIBzXHHUDR09Rpf2u5LkzNbppZW1dTx55I+s8v+m+TmW\/uMbQrR0v7MscM7ln6GO6mdMsTX3K57lcXm\/heXxz265+KMAYzQDSOK8kwBocVoqM7GO9fOyhmi388iloqM7FbANgGCkFwTA2CYAFwTA+0mBgmBlEI6QBIwNEK+4aqsmlV4Rn1WvPKrYaNLp43T8qf5WxcGzQ43xXfKDm\/T6nx0KdLCmKjGOC+NZdsHUTukxx1VGstjS32La4ZaNsKfYVuNfF4vdg8h+gVS\/Q6Xk8uhFSifdvf42OcqX6DKrBvdIrrKnTHyeH1ZY1FiqLowLFApzs3lHE8SQ2aWp93Nr+B9NsOD4pSWjoz\/wBR\/wAifJ\/1q+P+0fGyXMrccl0uouMnK6WeUAKJq2iTh3XUPYejO0QZoij1HqScsjLqPXWnmUuiHaiukVgm1U4tmqEuaBjmXOG36dhWuX1DSxVgDXMfuCXcaVeMhwHuFIon3HC15vDaJ9cwRpdeBeC0Ovg+mT6uGf1Nsqm+iN+b8T3xk1k2E2GyOmm+xYtE31ZbJzXArlE670cUuhkupwAc9oTaXyjzBtANKp8ytv0ZI6dPPI1Qjsyn3ZJLCeD55+p\/qtUrYcvW0qcJLHPsdFaiWZQklgx2\/MmOfKnrxzrm89fj55rADRdHFkl7lB2c3XxX8jxf7fd5LgDGAXHJYxWr9pL6lTRo1EcWZ9UUNDjLqK2gYGaJgtnS4NGnqi1ul9inBpqT2Je4ulcT6tshDZlrkZbKtrwua9TZPG1YWX7k2xnBJc8dyJcadcyudjA8FzLLa9siVRzI134xz7jZVHEUWPIIR5FnJLoY10KJbuxdopyp1Nc7E1Hcssik0m2l9DXXNaiqNVqS55WImnLPp31HJZGA1EG6oNx2vC5ehfGs7XIWqHzI3whyEq07bTfI2xqccZI7d\/8AC\/aq2ciKBpUFgmwzj0euWZwKpw5G2USmceRpy4M="}
@@ -915,63 +915,63 @@
02381{"flow_id":62,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6937,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":927052,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcl8dAADwGW2G4GcwKwKgBBwBQ0ASr4SSkxYJHF4AQA6uy3AAAAQEICv\/9arQfZfnIRD8Y6nTwviEMXmzebCwSMfPI2CMf3Hg0FyXQStBdtJAwStTHG+WLln8NWr6jqdc8vkdvrIB7fhVRsa47nnc73KpYNsrSfpOCtb4CBuaLHqFu6nhmbveh0lHyXfZXRs1EjLOM91hcx5koEiu6vBlBoOduvkHFLN2u25sczL2naeDSsjjkj+mSlkadS6z4h+yTZZ78zbCd2u1dJsjo2mxn1tcPqD3yS2QfybXU8XcLzS5s58WTyizeAmPlnLx2YYT\/AO9N9yu9Oz+062jg98rivj8Ca3Ebr4HAXRl1TXtNU3HJWr37sRRpfNonD\/F5WWZzgCQcO5C06Ijw52H9WQs01g7aUm9vqWY5enxuXhSQPRMPLO1fZI2XXSTrW+75eerezsdDlt+pYMF0BA\/daOnwB2q855wPuuLpnSMfcbqcGk2uhotXqpXb2+GHA3dcH2U0dT1X\/EMQO6lpo4WgyN0rA4Nydy8r0\/TPOvjjcxweXVtIyuxpdL1PqHUofCnHzUrw1ri7v+Quvp+kdQf8ZN0\/UJHu1e8B0jQPTBBGFMJJNM51ztdpepdK1UEet0ohEo3Mvml9q6c7d03TO9Ym\/wCy8R8U\/CfV9ZqdJJDqJeoFgIJeGtLM+y9zoIHabp+nhf8AUyNod96XXHt2eTlu5KvS7qVZQQq5Eq5nmKMlgBccC+FbS8\/8YdSZ03o7nPeW+Idtt5Qk2r6h1j5Vr9s5llbktY0BrR7nsvBdf+NNbrW\/KRSNjibhz4nG3flcDXde1usHhsf4UIwGMxf39Vyy2Qi9pAS5aejDh+aukmc3Lrce5HJVJ8xyThIz7eSR9ggPDrDXgn3wsd67yREkNJwCPZVuk9P5UZC7dVZTY0ucA4lRdJi39lItxnCsotb5RQHcqh8pzdFJaEQ2+VDYKNuH4Ud99kt1WiGCO3FfsmHCqJKWD2ykMH1VStDJNosEr1XQfjTqHSXMYZTNAOWPzheOtSa8h3NLUysYzwmXavv3SPijSdVha4Ascawu22WN1U4flfnrpnVZum6gPjeCCfMx+QV9U+HPiWHXaUyMt5j\/ANSIm3N9x6ha7XvHmywuL2wLTwQUwOVmhmh1ETZYbLXZFK5jjuAN\/lZSJopNBwFAlJL2RyinhKkIQMBOkrRaGzpFIKVoCkqTQgVITSQFI4KaXZVCRypJIFnlCZFGkIhUhNCBCkUhNAsITQgPyknSSAQnSECQnSKQJFUnSKRCRyikUij3SpOk6VRGkUpIr3UCr1QnSKzwgXdH7JkIpFJCdIpEKu6E6RSo56FKvulSpfIQhMeybCTpAT4QKkUmPdFZQFIT5CSA4RSdcIrCBdkJnhCISdYRSEUJIooz3QNACPwnRQKkJjIRSBITq0ICkk6wnSCNJp0kiAgFFIpMIoSpSpCbEaymU6R+ECQn2KKvhAIpFfdCBJoQgAlSlSKUCpCdZQgXKAE00CISpNCARX7oPKaBITpCBcpoRSKEITRCQmhAqQmjsgSE0IFSE+eE6RSpCOE0CQn+EIEhMBFICkk\/siq5QCOyaKQRTpOkIEhPCECRWUyEDhAkcpo745RCyAmhOvVRSQik1UJCdIpFFZXlPjrRNl6fBqCMRuIJ9ivWcFYOu6L+odE1enH1OYS37jKlawurt8m0vT36uOSSEMEcZovcaF+i5HU5ZtBMYZWlpq\/x6rdoOuQ6CKbQ64PELpNx2fyP4XK+K+sw9a6iyTTs2wsYGNBwTS8kucz1fD6e8Lh+3PjnYdSXvG4XZHquq2WNnU9PIWAiTbWeF52J1PIPddSV9aXSTDlpon7FdcvL1eiy3M5+v+zpdb023xWbaLXfwsHTZGtIp1bwWn2K39U1kWoDmtsl4Gfdefid4MxabAJu\/RTGdtPJl52970xp1uhMDpPPFgfZXQ9Ll0b3yMO4vFGwuF0rXnRObMCHEHY="}
02388{"flow_id":62,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6939,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319118,"pkt_ts_usec":950724,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"5JjWH70UgCqoTGHMCABFIAXcl8hAADwGW2C4GcwKwKgBBwBQ0ASr4SpMxYJHF4AQA6twsgAAAQEICv\/9arQfZfnIuB7hex0+u0+rg8SJwN9ryF5spcbuPVx5SzTganp0r3h07iXAUCTwFkfp4mDzfp\/lei1DC8ZJAXnutTw6XTFjMyyYFZKuNta1jjNuZ0lwf1nxskRhxA72RQC9NB0eKPQOjlY0vkFuv1K5vwl0wv1Xjv4Av\/svV6u2Aq597pOPHWO6+YdR0TtHqHxGy2\/KUaGbezwnHzt7leg63D8zdfU04XlXB8L8ggtPIXfG7mq8\/Jj03cjoFrmkBzQQtUXhmrYsDOo0wB7WuJ7g0pf1KvphH3LkuNZmcjpvYxuQBayzysiaS40sj+pTSDaKHsBlVx6TUaqQEg16u5STXkuW\/wCmE\/WPkdtYKHotEGne1heRTj3W3S9NZEAas+pWrwc1SmWX0uOF33ed1OmLTlp5VLGucA0j2XqpdA2VlurlZT0oxyWcrE5G7huuHEAx92b9Ao6qj5rF+ncLqS6UQ6q3\/SMlc\/VNEmpcQ2y7iu61Mt3s7Y8mXHhcfhme01wqSLPqutHonStcH20geX7+6wOhcxxG3Pp6LrK8OktFnVBvAcCFt0DPC1bonCieLWSGJ7ZWvGKNrswFpfJ4\/wDqvADHOHv2Quvh7P4P0rZPiLR7i0Fm6Sq7gYX1IxsJvY3d61leI\/4e9Idp4dXrJSXB0hZGXDkDk\/8ARe5W54ePku8iKSaFXIu6aFyuu9f0XQtE6bUSef8ATGOXH0RdNXUOpaXpenM+qlbGwd3Gr+y+RfF\/xU74hlbAwBmljNj1J9Vy+u9f1fXdU6XUP8pPljvDQuQZGDFF3vdKW\/T08fF80PkjZneL9AFWdYC2tpI+6qfISThoHoAqyXH0H3Cw7f2Sc4SX5ar1VZFBuf8A1TsEZyljdVWfuqnwkC7klXBwFYNqcMTQ3c4FSe4VdKba0qkdYWcm\/wDorZHDsMKsuBIvsiIgX3SIzwT9lI01H5\/hVLvSN3Q7JccKRAOKNhRO4ClUT3AgeWkqF7go7gcFG7acDCCwHuQtmg18+h1DJ9PK9kgOC0\/\/AHhc8Eu7hWA0B7Ky6S6s0+yfDHxL48TZXOa6wPFY3lp9fsvbb2SRtcxwvkL87dK6nP07UiWF3GCDwfYr7H8NdVi1kETg\/fu5s5afRb8x5c8bjXq94TBBKQaTyR+yntAWWCATTpMKLpBOlKkUENI0ilOkqQRRSlQ7IpBEopSpHbhBGkJopEJFJoRSRXunwilUI8oTpCGiRSdIpAkqUqx6o\/dAklI8opQKkKVIooI0nSYCdVlNrpCkUpopDSNIpSr1RSGkaRSlVIrCGkaRSlynhNrpBFKSOybTSOeydJoRSpKlNIqJ2KkUmD6otU7FSKQmg5yKTpFLbJIpOk0EavlP7popQCEFHKBcEpp9rSpUGD2RSdIUCAu7RSfdFIEj7YTrCAgRQnSK9kBSKwaTpCBBCaECQmhAUj3TpFIEj7p0ikC5RSdZTpDSIFopSr0QgVdkqTTpAkUmhFJCaEAhCaISEIpFFo4TRSBUhNCgVJ0ghCoEYKKRSAwhACaBITQoEhNNUKsIpPuikCpCYRSgSE0FAfZFITpUJATrKKUCR7FNMD1QRrCadJ7U2aqCAFPajaU2vTUaRSntPontU2dNV0ilZtRtTZ01XSdKzaltTZ01CkUplpRt9k2aQpACntRtV2aqFIpT2lFKGkKTpSpFK7TSACdKVIUUgE6sVSOFIeqD4V8f9H\/pXxBPtbUMv91hHFHlcvp3w67qOjZOJwJJHlscYFkkBfXvj7oJ6x0N00Lb1Om87fUt7hfE4uoa7p29umnfEMnHY91yzls\/i9nBnjJ3jnyQuZqHRuFFrtv2pbrE0Bj4a0kLnu3GQvuy42SfVTLnC3MPIyFbLZp6+DlnFlbZ2sv\/AFXRPc13h3dGgrpNHLPIxrGlz3cNGSU9Ppm6lhLcvGSFs6dNLoNbHqE="}
01334{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6945,"source":"netflix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1484319119,"pkt_ts_usec":102211,"pkt_caplen":733,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":733,"pkt_l4_len":699,"pkt":"5JjWH70UgCqoTGHMCABFIALPblxAADwGh9m4GcwKwKgBBwBQ0APyPSFFJksT84AYA6upbgAAAQEICv\/9bDgfZfp3IFWjPMIowIVXy5JfcpHvebMeiKxVpzPgoYUIAwUKFMZHQyYgyGmrUyyLKEyyLGitUJGquRhizRXMqJdOmzodGi3D6nFqnzRuqs5lQn0mlv6czs6XU4xzPk9PfjHM62n1HLqXKmx794I1v4zwzSm\/mplKp\/bmv4M+jPJfhpx1afis+HWzxXqlmGeimv8AdfyPWdyOLzc526fF1\/4iQG5A3GWL9oLYpGwZHiL0gGTJBotQBANjSjFI2AZBIrzhjyZX1ZUI07I11ysnJRhFOUm+yXVn5c8VcZnxzxFruIyeVbY9i9ILlFfoke6\/Ebir4T4M1soT226jGnh\/q6\/wyfm+2eWzbxzJoUWSM02WWSKJMsFyR9MsGQZ9SaFVnqUyLbHyKX0yJUKwN4XQDFbEsWLkjfIDfISk7AQA9EBowAyTIjQj6kRAAEATIgPYgOxBgyCKEAvQyEQyEzrPY82SfuKR9WQTaIEBBlTZChV0CgI6YyYgew0nTHiytdBkUmr4y5FsJGdMsi+Y4it1czVXYc6DZorbKhOrVbjudCjUY7nErkzZVJ8ipSfS8P4jZpNVTqKpYsqmpxfunk\/R3C+JVcU4ZptbS04XVqax2fdfqflqqbz1PcPhTq7bvDN1U5ZjTqHGHsmk\/wCZHl53nSnyvQdwclOWHLObF6tyTJXkmWGDVmQZEyTIYRmxWwNi5HgM2DcLkA8AtkxgVdRmMPHvjXxP9twzhkXyjGWon9X8q\/kzxy2XU+7+LGosu8e66E5ZjVCuuC9FtT\/m2ef2M6J8kJVNlEnzHm2Ut8xUGyLJgyLJvJJpZySM7fIttb2ooYlSAxWFg7CXAfQVsjAgVBQG8hYvqI0IDsHogCdwZCugBBCEICsQASBCxEEAUMn\/2Q=="}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_tot_l4_data_len":202128,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":878,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":47,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":50,"flow_max_l4_data_len":114,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_tot_l4_data_len":7366,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_tot_l4_data_len":13654,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_tot_l4_data_len":55747,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":785,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_tot_l4_data_len":17226,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_tot_l4_data_len":15587,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":577,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_tot_l4_data_len":31776,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":775,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_tot_l4_data_len":5698,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":203,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_tot_l4_data_len":68910,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_tot_l4_data_len":2325,"flow_min_l4_data_len":20,"flow_max_l4_data_len":955,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_tot_l4_data_len":2104,"flow_min_l4_data_len":130,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_tot_l4_data_len":44863,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":712,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_tot_l4_data_len":124319,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":986,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_tot_l4_data_len":12545,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":597,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_tot_l4_data_len":724246,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_tot_l4_data_len":9868,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":318,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_tot_l4_data_len":9491,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_tot_l4_data_len":33577,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":818,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_tot_l4_data_len":40845,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":996,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_tot_l4_data_len":154,"flow_min_l4_data_len":51,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_tot_l4_data_len":12115,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_tot_l4_data_len":41580,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":602,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_tot_l4_data_len":7339,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":293,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_tot_l4_data_len":670,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_tot_l4_data_len":28029,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_tot_l4_data_len":24118,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":463,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_tot_l4_data_len":4736,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1416,"flow_avg_l4_data_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_tot_l4_data_len":124,"flow_min_l4_data_len":46,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":63,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":45,"flow_max_l4_data_len":158,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":63,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":62,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":46,"flow_max_l4_data_len":337,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_tot_l4_data_len":43203,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":815,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_tot_l4_data_len":45204,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_tot_l4_data_len":45137,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":820,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_tot_l4_data_len":23332,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":466,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_tot_l4_data_len":30439,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":621,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_tot_l4_data_len":23512,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":435,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_tot_l4_data_len":28811,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":543,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_tot_l4_data_len":26547,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_tot_l4_data_len":27363,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":497,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_tot_l4_data_len":26295,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":505,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_tot_l4_data_len":38100,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_tot_l4_data_len":26450,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_tot_l4_data_len":23416,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":433,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_tot_l4_data_len":30824,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":531,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_tot_l4_data_len":1198312,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":916,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_tot_l4_data_len":151306,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":850,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_tot_l4_data_len":732491,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":929,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_tot_l4_data_len":1794659,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":958,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_tot_l4_data_len":8015,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":216,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_tot_l4_data_len":11560,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_tot_l4_data_len":11638,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_tot_l4_data_len":26410,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":586,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":49,"flow_max_l4_data_len":214,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":230,"flow_first_seen":1484319036854,"flow_last_seen":1484319110632,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":194464,"flow_avg_l4_payload_len":845,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"104.86.97.179","src_port":53141,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1484319118629,"flow_last_seen":1484319118652,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57093,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1484319042988,"flow_last_seen":1484319043002,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":59180,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":25,"flow_first_seen":1484319032896,"flow_last_seen":1484319033215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6570,"flow_avg_l4_payload_len":262,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":31,"flow_first_seen":1484319049684,"flow_last_seen":1484319050696,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":12666,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53162,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":71,"flow_first_seen":1484319064669,"flow_last_seen":1484319117874,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":53403,"flow_avg_l4_payload_len":752,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":38,"flow_first_seen":1484319064671,"flow_last_seen":1484319065592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":16026,"flow_avg_l4_payload_len":421,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.191.17.51","src_port":53202,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":27,"flow_first_seen":1484319049465,"flow_last_seen":1484319081182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":14703,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53152,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":41,"flow_first_seen":1484319048780,"flow_last_seen":1484319080085,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":30432,"flow_avg_l4_payload_len":742,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.201.191.132","src_port":53151,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":28,"flow_first_seen":1484319032984,"flow_last_seen":1484319063913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4806,"flow_avg_l4_payload_len":171,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53115,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":148,"flow_first_seen":1484319032986,"flow_last_seen":1484319080084,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":64178,"flow_avg_l4_payload_len":433,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":20,"flow_first_seen":1484319033206,"flow_last_seen":1484319063914,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":923,"flow_tot_l4_payload_len":1689,"flow_avg_l4_payload_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.196.36","src_port":53117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1484319033886,"flow_last_seen":1484319113019,"flow_min_l4_payload_len":122,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"239.255.255.250","src_port":53776,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":63,"flow_first_seen":1484319043012,"flow_last_seen":1484319085476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":42483,"flow_avg_l4_payload_len":674,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53148,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":126,"flow_first_seen":1484319043013,"flow_last_seen":1484319077933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":119751,"flow_avg_l4_payload_len":950,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53149,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":1484319043665,"flow_last_seen":1484319075730,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":11829,"flow_avg_l4_payload_len":563,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.25","src_port":53150,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":637,"flow_first_seen":1484319049672,"flow_last_seen":1484319109285,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":702214,"flow_avg_l4_payload_len":1102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.24","src_port":53153,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":31,"flow_first_seen":1484319114406,"flow_last_seen":1484319117555,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8880,"flow_avg_l4_payload_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":22,"flow_first_seen":1484319117651,"flow_last_seen":1484319117994,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":8767,"flow_avg_l4_payload_len":398,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.32.22.214","src_port":53248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":41,"flow_first_seen":1484319118657,"flow_last_seen":1484319120726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32245,"flow_avg_l4_payload_len":786,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53251,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":41,"flow_first_seen":1484319118658,"flow_last_seen":1484319120053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39341,"flow_avg_l4_payload_len":959,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"184.25.204.10","src_port":53252,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1484319032865,"flow_last_seen":1484319032884,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1484319036827,"flow_last_seen":1484319036847,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":57719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":40,"flow_first_seen":1484319035079,"flow_last_seen":1484319073564,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10839,"flow_avg_l4_payload_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":69,"flow_first_seen":1484319035080,"flow_last_seen":1484319073578,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":39376,"flow_avg_l4_payload_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53133,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":25,"flow_first_seen":1484319035342,"flow_last_seen":1484319066108,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6543,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.89.39.139","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1484319114365,"flow_last_seen":1484319114400,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51622,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":48,"flow_first_seen":1484319117605,"flow_last_seen":1484319119338,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26449,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":52,"flow_first_seen":1484319117826,"flow_last_seen":1484319118687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22434,"flow_avg_l4_payload_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53249,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":17,"flow_first_seen":1484319117827,"flow_last_seen":1484319118041,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1384,"flow_tot_l4_payload_len":4172,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.41.30.5","src_port":53250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1484319049641,"flow_last_seen":1484319049665,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51728,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1484319035004,"flow_last_seen":1484319035024,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51949,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1484319048757,"flow_last_seen":1484319048776,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":58102,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1484319117511,"flow_last_seen":1484319117538,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1484319032882,"flow_last_seen":1484319032884,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52116,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1484319049645,"flow_last_seen":1484319049681,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":52347,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":53,"flow_first_seen":1484319050652,"flow_last_seen":1484319052229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":41415,"flow_avg_l4_payload_len":781,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.145","src_port":53163,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":58,"flow_first_seen":1484319052216,"flow_last_seen":1484319054100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43240,"flow_avg_l4_payload_len":745,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.10.139","src_port":53164,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":55,"flow_first_seen":1484319054101,"flow_last_seen":1484319056189,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":43241,"flow_avg_l4_payload_len":786,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53171,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":50,"flow_first_seen":1484319056204,"flow_last_seen":1484319063297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21464,"flow_avg_l4_payload_len":429,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53172,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":49,"flow_first_seen":1484319056210,"flow_last_seen":1484319062135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28763,"flow_avg_l4_payload_len":587,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":54,"flow_first_seen":1484319056214,"flow_last_seen":1484319063597,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21524,"flow_avg_l4_payload_len":398,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":53,"flow_first_seen":1484319056221,"flow_last_seen":1484319063369,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":26939,"flow_avg_l4_payload_len":508,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53175,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":57,"flow_first_seen":1484319056232,"flow_last_seen":1484319064277,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":428,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53176,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":55,"flow_first_seen":1484319056233,"flow_last_seen":1484319063283,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":25507,"flow_avg_l4_payload_len":463,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53177,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":52,"flow_first_seen":1484319056233,"flow_last_seen":1484319063789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24419,"flow_avg_l4_payload_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53178,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":60,"flow_first_seen":1484319056234,"flow_last_seen":1484319063566,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":35980,"flow_avg_l4_payload_len":599,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53179,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":55,"flow_first_seen":1484319056241,"flow_last_seen":1484319062003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24422,"flow_avg_l4_payload_len":444,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53180,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":54,"flow_first_seen":1484319056264,"flow_last_seen":1484319064524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":21416,"flow_avg_l4_payload_len":396,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53181,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":58,"flow_first_seen":1484319056264,"flow_last_seen":1484319063421,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":28764,"flow_avg_l4_payload_len":495,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53182,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1307,"flow_first_seen":1484319064590,"flow_last_seen":1484319117695,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1155976,"flow_avg_l4_payload_len":884,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.3.140","src_port":53183,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":178,"flow_first_seen":1484319064593,"flow_last_seen":1484319070693,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":145506,"flow_avg_l4_payload_len":817,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53184,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":788,"flow_first_seen":1484319070636,"flow_last_seen":1484319117609,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":707039,"flow_avg_l4_payload_len":897,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.133","src_port":53210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1872,"flow_first_seen":1484319091296,"flow_last_seen":1484319117694,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1734535,"flow_avg_l4_payload_len":926,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"23.246.11.141","src_port":53217,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":37,"flow_first_seen":1484319032888,"flow_last_seen":1484319063911,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6835,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53105,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":34,"flow_first_seen":1484319033631,"flow_last_seen":1484319064012,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10476,"flow_avg_l4_payload_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test"}
diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out
index ead26a4e2..c82165b47 100644
--- a/test/results/netflow-fritz.pcap.out
+++ b/test/results/netflow-fritz.pcap.out
@@ -1,6 +1,6 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflow-fritz.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00647{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1498072707,"pkt_ts_usec":863157,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_tot_l4_data_len":188,"flow_min_l4_data_len":188,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1498072707863,"flow_last_seen":0,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test"}
diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out
index 68183ffae..fa3ae1acf 100644
--- a/test/results/netflowv9.pcap.out
+++ b/test/results/netflowv9.pcap.out
@@ -1,7 +1,7 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflowv9.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568213026961,"flow_last_seen":0,"flow_tot_l4_data_len":1384,"flow_min_l4_data_len":1384,"flow_max_l4_data_len":1384,"flow_avg_l4_data_len":1384,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568213026961,"flow_last_seen":0,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02256{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":961189,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568213026961,"flow_last_seen":0,"flow_tot_l4_data_len":1384,"flow_min_l4_data_len":1384,"flow_max_l4_data_len":1384,"flow_avg_l4_data_len":1384,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568213026961,"flow_last_seen":0,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"proto":"NetFlow","breed":"Acceptable","category":"Network"}}
02184{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":961271,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBdAAEARgtnAqAKGwKgC3r31CAkFNLI1AAkAECROCO5dZ6gMFm+miQAAAAEBAwTEAAoEJE2HcCRNh3AAAAAAAAAAKAAAAAAAAAABBoOf7vm5sBu2oskXJAIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2RayRNkWsAAAAAAAAAKAAAAAAAAAABBo0oBklcdiVS2B5jWQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10SSRNdEkAAAAAAAAAKAAAAAAAAAABBor2SWJcdiVKtb25AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10KiRNdCoAAAAAAAAAKAAAAAAAAAABBoOfXsy5sBu2oskPGwIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NbCRNjWwAAAAAAAAAKAAAAAAAAAABBor1CjVZ+KxV434I\/gIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTiRNh2kAAAAAAAAArQAAAAAAAAACBhH8TA+K9gIpwNYUZxgAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HWyRNh1sAAAAAAAAAnQAAAAAAAAACBor2AikR\/EwPFGfA1hgAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAACAAAAAAAAAAAAAAAAAAoEJE1ycCRNcnAAAAAAAAAAKAAAAAAAAAABBor0oRm5sBu2oskF8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qhiRNaoYAAAAAAAAAKAAAAAAAAAABBo1Umhq5r10JuVyC6gIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KayRNin8AAAAAAAAAcwAAAAAAAAACBlCeJjiK9gKwnKIUZxgAkwAAMhAAAIUmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KeiRNinoAAAAAAAAASwAAAAAAAAABBor2ArBQniY4FGecohgAkwAAhSYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1v8SRNb\/EAAAAAAAAAKAAAAAAAAAABBor0mjxcdiVS2B5xQQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2M1CRNjNQAAAAAAAAAKAAAAAAAAAABBo0otfJcdiVS2B5oFAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1yviRNcr4AAAAAAAAAKAAAAAAAAAABBor0xzO5sBu2oskgMwIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+PiRNfj4AAAAAAAAAKAAAAAAAAAABBor2SCBcdiVS2B5xvwIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAECAFQACgQkTYXUJE2F1AAAAAAAAAFBAAAAAAAAAAERjVQJ2c37xw4ANYZdAJMAAEB9AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="}
02257{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":961377,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBhAAEARgqTAqAKGwKgC3r31CAkFaPcdAAkAECROCO5dZ6gMFm+migAAAAEBAwQkAAoEJE18UiRNfFIAAAAAAAAAKAAAAAAAAAABBor1GIyKxVabf\/8hYQIAkwAANu0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE188iRNfPIAAAAAAAAALAAAAAAAAAABBor1b6tTbs2s6Q\/qYQIAkwAAFQgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b5CRNjsgAAAAAAAAD+QAAAAAAAAAKBtg6zy6Bu8nv4FQBux4AkwAAMhAAADtBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b7CRNjscAAAAAAAAH0wAAAAAAAAAIBoG7ye\/YOs8uAbvgVBoAkwAAO0EAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE13qiRNd6oAAAAAAAAAKAAAAAAAAAABBoG7U8O55eBgf\/8hYQIAkwAAodwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2RLCRNkSwAAAAAAAAAKAAAAAAAAAABBoOfCHdcdiVS2B5lPQIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2C\/iRNhM0AAAAAAAAG0wAAAAAAAAAIBiOxkHGNVP4E02gBuxoAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DFCRNhM0AAAAAAAATxgAAAAAAAAAJBo1U\/gQjsZBxAbvTaBoAkwAAQH0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11DSRNdQ0AAAAAAAAALAAAAAAAAAABBor2Qvpdrl9qcVMffAIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2BfSRNgX0AAAAAAAAAKAAAAAAAAAABBo1UDOe5B+tq\/5UAUAIAkwAAISwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+qyRNfqsAAAAAAAAALAAAAAAAAAABBor1Lmtlbfp7vHIBvQIAkwAAXaEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AYyRNgGMAAAAAAAAAKAAAAAAAAAABBo1UHwVcdiVS2B5nAgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1t3iRNbd4AAAAAAAAAKAAAAAAAAAABBoOfiSJcdiVKtb1noAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNg0AkTYNAAAAAAAAAApoAAAAAAAAAARGDn7MEo6zlqFf+E8QAkwAAMkwAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAQcA1AAKBiRNI9AkTYY5AAAAAAAAALUAAAAAAAAAAwYgAUygIAMBAAAAAAAAAAEzKgX1AAAQAQEAAAAAuT+RAcrSAbsRAGwAADIQAAA4TYR4rBWdQthn2RiP2gAAAAAAAAAAAAAAAAAAAAAAAAoGJE0j2SRNhkIAAAAAAAABGwAAAAAAAAAEBioF9QAAEAEBAAAAALk\/kQEgAUygIAMBAAAAAAAAAAEzAbvK0hkAbAAAOE0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAA="}
02184{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":961481,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBlAAEARgtfAqAKGwKgC3r31CAkFNPSKAAkAECROCO5dZ6gMFm+miwAAAAEBAwR0AAoEJE2MQyRNjEMAAAAAAAAAKAAAAAAAAAABBoG7GHW5sBu2oskQ8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2N2iRNjdoAAAAAAAAAKAAAAAAAAAABBo1U+k3KfY5lynQNPQIAkwAAJVUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE18SSRNfEkAAAAAAAAAKAAAAAAAAAABBoOfK0xgJbzk0x8idgIAkwAAQZMAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE138SRNd\/EAAAAAAAAAKAAAAAAAAAABBo0ow7ZcdiVKtb35CAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2GQyRNhkMAAAAAAAAAKAAAAAAAAAABBor0wQFcdiVKtb3HUgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DfiRNg34AAAAAAAAAKAAAAAAAAAABBor2FrZcdiVS2B5qjAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE18PyRNfD8AAAAAAAAAKAAAAAAAAAABBo1Up0FcdiVS2B5r1QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE17iyRNe4sAAAAAAAAAPAAAAAAAAAABBg3sBqCBu1q758J2XwIAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NhiRNjYYAAAAAAAAAKAAAAAAAAAABBor1iT+zPH\/q+PWRXwIAkwAEAA8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2S4iRNkuIAAAAAAAAAKAAAAAAAAAABBo1UPAVcdiVKtb3HQAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zyiRNf34AAAAAAAAAaAAAAAAAAAACBoG7N9cYhuyhXSkMOAIAkwAAemYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10QyRNicMAAAAAAAAOTQAAAAAAAAAOBkWtkIyNVA4cyLQBuxsAkwAAMhAAAGgrhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10VCRNiaAAAAAAAAAWCAAAAAAAAAAOBo1UDhxFrZCMAbvItBsAkwAAaCsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19oiRNfaIAAAAAAAAAKAAAAAAAAAABBo0otGR9QF7TkZskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBAgCkAAoEJE1+RiRNfkYAAAAAAAACnwAAAAAAAAABEY0or7OjrOWoV\/4TxACTAAAyTAAAMhDYZ9kYj9qEeKwVnUIAAAAAACAAAAAAAAAAAAAAAAAACgQkTYvDJE2LwwAAAAAAAABBAAAAAAAAAAERjVTKyMf3HnvTFQA1AJMAAE\/5AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -11,5 +11,5 @@
02179{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":961900,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVELB1AAEARgtfAqAKGwKgC3r31CAkFMPm\/AAkAECROCO5dZ6gMFm+mjwAAAAEBAwUUAAoEJE2QqyRNkKsAAAAAAAAAKAAAAAAAAAABBoG7XKJcdiVS2B5atgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1tKCRNbSgAAAAAAAAAKAAAAAAAAAABBor2ZebBHQ88f\/8RXAIAkwAAAAAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2PaiRNj2oAAAAAAAAAKAAAAAAAAAABBor1AQE0bQwWAbvoNBQAkwAAH4sAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MByRNjAcAAAAAAAAAKAAAAAAAAAABBor0fre5sBtatrgNPgIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HpCRNh6QAAAAAAAAAKAAAAAAAAAABBoOf7oKnchtzx+MBvQIAkwAAP5QAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2OFiRNjhYAAAAAAAAAKAAAAAAAAAABBoG7RUy5sBv6wucQ0QIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1t7yRNbe8AAAAAAAAALAAAAAAAAAABBor0kdXfxf7Zyq8AFwIAkwAAEpgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1\/WyRNf1sAAAAAAAAAKAAAAAAAAAABBor08Jm4aYtEli4VswIAkwAAGxsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HASRNhwEAAAAAAAAAKAAAAAAAAAABBo0oygkfuNHO6mAnDwIAkwAAAAAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1sBSRNbDoAAAAAAAAC7wAAAAAAAAAGBryk7iSBu\/5VrbQAUBsAkwAAMhAAAwYBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1sFiRNbDoAAAAAAAAD7wAAAAAAAAADBoG7\/lW8pO4kAFCttBsAkwADBgEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15riRNea4AAAAAAAAAKAAAAAAAAAABBor022hzlYpsEe0AFwIAkwAAECYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE181yRNfNcAAAAAAAAAKAAAAAAAAAABBo1UJo17vucYdW4AFwIAkwAAEuUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2B1iRNgdYAAAAAAAAAKAAAAAAAAAABBoG7SSgr4Wwfpe8BvQIAkwACBGYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1qdiRNa+wAAAAAAAAChwAAAAAAAAACBor2Et2DvCi9yWgjKBgAkwAAAqgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qdiRNa+cAAAAAAAAChwAAAAAAAAACBoO8KL2K9hLdIyjJaBgAkwAAMhAAAAKohHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAA"}
02215{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":962005,"pkt_caplen":1390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1390,"pkt_l4_len":1356,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVgLB5AAEARgrrAqAKGwKgC3r31CAkFTKWaAAkAECROCO5dZ6gMFm+mkAAAAAEBAwTEAAoEJE2B\/iRNgf4AAAAAAAAAKAAAAAAAAAABBo1U6kBcd6AhqNceJAIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2L+SRNi\/kAAAAAAAAAKAAAAAAAAAABBo0ojNxcdiVKtb2zcAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2ScCRNknAAAAAAAAAAKAAAAAAAAAABBor0RW65sBu2oskjoAIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2ArSRNgK0AAAAAAAAAKAAAAAAAAAABBor0Q2hSwtKCbeaRXwIAkwAAwS8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HRyRNh0cAAAAAAAAAKAAAAAAAAAABBo0o87S5sBu2oskYwAIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE104yRNdOMAAAAAAAAAKAAAAAAAAAABBor2wB25sBu2oskgaQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19TiRNfU4AAAAAAAAAKAAAAAAAAAABBoG7gQm5sBu2oskNYgIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HJCRNhyQAAAAAAAAAKAAAAAAAAAABBo1UlCZcdiVS2B5RDAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1s0SRNgMkAAAAAAAAGpgAAAAAAAAAMBo1U+KKNYlEqXToNPdoAkwAA3tMAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1s0iRNgMoAAAAAAAAHsQAAAAAAAAAIBo1iUSqNVPiiDT1dOh4AkwAAMhAAAN7ThHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0TaSRNkqcAAAAAAAB3nwAAAAAAAAApBmgQnPOBu0rBqxABuxoAkwAAMhAAADQXhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0TciRNkqYAAAAAAAAUrAAAAAAAAAAXBoG7SsFoEJzzAburEBoAkwAANBcAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2ELCRNhCwAAAAAAAAAKAAAAAAAAAABBo0ozbtcdiVKtb0yhgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2EKiRNhCoAAAAAAAAAKQAAAAAAAAABBpdlcPaK9gJp9WIBuxAAkwAAMhAAANNhhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2EMyRNhDMAAAAAAAAANAAAAAAAAAABBor2AmmXZXD2Abv1YhAAkwAA02EAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAEGAGwACgYkTWgTJE2FWQAAAAAAAAIEAAAAAAAAAAIRKgIJCAQWSACFWHuzCSH+HiABTKAAAAEIAAAAAAAAABbKpgGFAGwAABquAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="}
02251{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568213026,"pkt_ts_usec":962107,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV4LB9AAEARgqHAqAKGwKgC3r31CAkFZN5EAAkAECROCO5dZ6gMFm+mkQAAAAEBAwR0AAoEJE2RsyRNkbMAAAAAAAAAKAAAAAAAAAABBor2nvZcdiVS2B5mSgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2CECRNghAAAAAAAAAAKAAAAAAAAAABBor2OXclMedoxbwTrgIAkwADMZMAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0kxiRNhT0AAAAAAAAAeAAAAAAAAAADBo0oJv55orZfIKsAFwIAkwAAEp4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15tyRNebcAAAAAAAAAKAAAAAAAAAABBor2DuK5sBu2oskHfwIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2PliRNj5YAAAAAAAAAKAAAAAAAAAABBoOfFgrZPRSt14MAFgIAkwADDMsAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1q9CRNavQAAAAAAAAAKAAAAAAAAAABBoOfvGdcdiVS2B5piAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE158iRNefIAAAAAAAAAKAAAAAAAAAABBo1UAydcd6AhqNceJQIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1\/6SRNf+kAAAAAAAAAKAAAAAAAAAABBo0o31BQUkB\/4JoGfwIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2B1CRNgm8AAAAAAAAEPQAAAAAAAAAHBlCeFGiK9gJ+voIBuxoAkwAAMhAAAIUmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2B4yRNgksAAAAAAAAS1AAAAAAAAAAHBor2An5QnhRoAbu+ghoAkwAAhSYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2OwyRNjsMAAAAAAAAAKAAAAAAAAAABBo1UqqB9QF7Tg04kWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0FlCRNfq0AAAAAAAANngAAAAAAAAAWBg1riAmK9gJw5gwBuxsAkwAAMhAAAB+EhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0FqSRNfqkAAAAAAAA3dAAAAAAAAAAWBor2AnANa4gJAbvmDBsAkwAAH4QAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE149yRNePcAAAAAAAAAKAAAAAAAAAABBor01gdcdiVS2B5s7wIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBBwDUAAoGJE13nyRNd94AAAAAAAAEDwAAAAAAAAAGBiABTKAAAPI\/qZ7QTVkjzpUqABRQQAwMBwAAAAAAAAC8rw4UbBsAbAAAMhAAADtBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAACgYkTXevJE138gAAAAAAAAIDAAAAAAAAAAUGKgAUUEAMDAcAAAAAAAAAvCABTKAAAPI\/qZ7QTVkjzpUUbK8OGgBsAAA7QQAAMhDYZ9kYj9qEeKwVnUIAAAAAAAAAAAAAAAAAAAAAAA=="}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_tot_l4_data_len":13548,"flow_min_l4_data_len":1328,"flow_max_l4_data_len":1384,"flow_avg_l4_data_len":1354,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test"}
diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out
index 11b68c839..24b405d9a 100644
--- a/test/results/nintendo.pcap.out
+++ b/test/results/nintendo.pcap.out
@@ -1,14 +1,14 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nintendo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1500731320644,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1500731320644,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":644357,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1500731320644,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1500731320644,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
00474{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":732276,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"fLuKifuEAA6OGXEMCABFAABY97kAADIRdZVbCPMjwKgMcsEYy5cARD+fMquYZAJwBDs0OpYMdoXMEb7z5ADj1gGyYiTWHIsmvR+Tfti6\/9NW0mVVtdYcxe3DWV6ogDbeCRSMhnlF"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1500731320764,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1500731320764,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":764440,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AA6OGXEMfLuKifuECABFAABYEUIAAEARHhzAqAxyhgP4GcuX3nsARKmOMquYZAL7A4GWfECoPkHlkau7Ijb2F2MvtOU+dosmvR+Tfti6\/9NW0mVVtday4XIk1NfCl4ZHAO\/1Fxpd"}
-00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1500731320764,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1500731320774,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1500731320764,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1500731320774,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":774476,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AA6OGXEMfLuKifuECABFAABYEUMAAEARMBfAqAxybRX\/C8uXxEsARC8cMquYZAJGA3KWhoRABV3FWfmtjLEwkvqReL4g94smvR+Tfti6\/9NW0mVVtdahZ4Yi8EkEbE+Cf5dTG6Dk"}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1500731320774,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1500731320774,"flow_last_seen":0,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
00477{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":842825,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"fLuKifuEAA6OGXEMCABFAABYEicAADMRKjeGA\/gZwKgMct57y5cARE+8MquYZAIZA8hA\/JaGDMK+3tfYvFe22fqmgHrRaYsmvR+Tfti6\/9NW0mVVtdaFuHgj\/oXYMvE1kVZddtPK"}
00474{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":881557,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"fLuKifuEAA6OGXEMCABFAABYK0gAADIRJBJtFf8LwKgMcsRLy5cARH7BMquYZAKvA36Er5aJDtEHqQojRhZUoJvCATzcAYsmvR+Tfti6\/9NW0mVVtdYSzDno2v3JjwLx3wkvum1y"}
00605{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731320,"pkt_ts_usec":971905,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"fLuKifuEAA6OGXEMCABFAAC497sAADIRdTNbCPMjwKgMcsEYy5cApCSHMquYZAJwBDw1LZb\/EXOjSMMnhE7iZD46YMnDknY2Toj8H3hexFk8t\/NxtrnGBe7\/azeV+ylrxOZLEJSeqtaVZpj8qkFUmEqDrAokbYC5tpC2hu85m1Gapy+z4MYRc6NIwyeETuJkPjpgycOS4O1pGafPZccfGHcxxjvnUp7EdqfBF4phVhM5G67auDF2qW+tEyxBQPI1F2LvuWv4"}
@@ -50,13 +50,13 @@
00479{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731321,"pkt_ts_usec":954534,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AA6OGXEMfLuKifuECABFAABYEVkAAEARMAHAqAxybRX\/C8uXxEsARCp7MquYZAJGA3ibI4jb99YLsDqmAjLNDVgTSc+TorrFKfWjv7VMYooAoxzH649q\/XpdvwI\/Wm38uYpG\/NiF"}
00478{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731321,"pkt_ts_usec":984421,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"fLuKifuEAA6OGXEMCABFAABYK18AADIRI\/ttFf8LwKgMcsRLy5cARLMdMquYZAKvA4SI\/5rY9+HnUE29nZOnpfhh\/CFkqbrFKfWjv7VMYooAoxzH649prouk4LCXYyTtWp6JKaNP"}
00477{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731321,"pkt_ts_usec":994236,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AA6OGXEMfLuKifuECABFAABYEVoAAEARMADAqAxybRX\/C8uXxEsARJu\/MquYZAIAAACbS4kBXQllo6hzjt0bSmP+9ilqAe0j+EuRfq6yqnRYv5qxyj7NPAM7uYC7PsR3nZfysaf6"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1500731322454,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1500731322454,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731322,"pkt_ts_usec":454625,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZdAAOUGcTo2uwq5wKgMcgG7vMgz\/J5Zi2972IAYALkcKwAAAQEICgQM20EAGkXPFwMDAF\/eldsI13HzPlUjJzvSUWyEIzWGgbOyhWxdkIHfN3lgjdjjc7JiXYu\/ooQ\/gzWIbwSHhgUl7CbzYWzRlB2Fe4u0GxVFMrAIoxb4XR3ehSS5gi8Kq9fYRepj92tegMbl5w=="}
00495{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731322,"pkt_ts_usec":460902,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AA6OGXEMfLuKifuECABFAABnEVxAAEAGGqfAqAxyNrsKubzIAbuLb3vYM\/yevYAYBAhG+gAAAQEICgAaYTYEDNtBFwMDAC4AAAAAAAAAKH6viddQUv6VCP9kwNVv1cM5qFQr1yPk5rVuTEPwOaETSFnM6WhQ"}
00425{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731322,"pkt_ts_usec":761757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZhAAOUGcZ02uwq5wKgMcgG7vMgz\/J69i298C4AQALmNxAAAAQEICgQM25wAGmE2"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1500731323269,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1500731323269,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731323,"pkt_ts_usec":269434,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEV8AAEARLjHAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1500731323269,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"Nintendo.Amazon","breed":"Acceptable","category":"Game"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1500731323269,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"Nintendo.Amazon","breed":"Acceptable","category":"Game"}}
00502{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731323,"pkt_ts_usec":270842,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEWAAAEARLjDAqAxyI55KPcuXgjcAVAoAMquYZAIAAACgRQAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjfL9\/FaWie4QujpeJZMzmHA=="}
00502{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731323,"pkt_ts_usec":270871,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEWEAAEARLi\/AqAxyI55KPcuXgjcAVCUqMquYZAIAAACgRgAAPD+rAYcrvhgZcqXY4tF4R087lVXf\/uabOP7DTtPl\/Z68o2TwyTMiy\/1PT8Q0PYJjeofEEG4mAZPKsmIYZ3XQPw=="}
00519{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731325,"pkt_ts_usec":969577,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AA6OGXEMfLuKifuECABFAAB3EWxAAEAGGofAqAxyNrsKubzIAbuLb3wLM\/yevYAYBAjCGAAAAQEICgAabugEDNucFwMDAD4AAAAAAAAAKQBLCxbftfuQ6RdPW1NPLnDfWKlfYxHKvtpNvQeweHjnBTZbyCTP7uHKIkCEMYM2kYliMuygZg=="}
@@ -65,29 +65,29 @@
00492{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":243666,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"fLuKifuEAA6OGXEMCABFAABjFZtAAOUGcWs2uwq5wKgMcgG7vMgz\/J73i298ToAYALmmxwAAAQEICgQM3wQAGm7oFwMDACreldsI13HzQBqKmagIsIg4+BSbtvWrERw7Cx24NMg6fIn\/vYkSB8K040M="}
00426{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":245994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EW1AAEAGGsnAqAxyNrsKubzIAbuLb3xOM\/yfJoAQBAZ3nQAAAQEICgAab\/4EDN8C"}
00495{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":264540,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AA6OGXEMfLuKifuECABFAABnEW5AAEAGGpXAqAxyNrsKubzIAbuLb3xOM\/yfJoAYBAi9AAAAAQEICgAacA8EDN8CFwMDAC4AAAAAAAAAKpy5SflBIBu0s2Gi6ZAq+orGZgz7Ja9OqwSZiiV3OPowvNxPY9Kb"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":696,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":696,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01353{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":270619,"pkt_caplen":730,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":730,"pkt_l4_len":696,"pkt":"AA6OGXEMfLuKifuECABFAALMEW8AAEARl9zAqAxyNArNscuXhicCuLNGMquYZAEAAACsAAAACAICgAAAAAAAZU1IgACGJwAAAAAPAfz\/AmL\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9BYy53b12QoycQBbgF0+MGumCDqya3DRDi\/FgfUDp8jmtF0eLtdJawWMd0Uh7gRi0nJAedvr+L4LDG+1PkKHdQjXkwcc63uSwXLbhZGs5rZ8pLuCki3H7JLOG5CI96WiAzLSOgOT5MmMOkBR9lHnUbly8I57OvnsPjzu2ZoGj750rOuJoq4PDp+HTtcuUkR\/yuCERU5DE5fS3WD79Od2EljENI\/Aj0rbyEoWaVKXUGbMeIN\/PHtUKEKwxkiH\/DZpj\/dOZVZle2A+wpaUtVb5Kkq8m0M0sj8U0Nr8\/f9iy5nCcQHobd29hf9qcfXx\/tCnteI0cP0tyykizOxpnlPK2I0STXsPD0wxOnU\/OOfu8Wm3V94s2PEbCeAbRx8PvXHbjtAm8AnmQMBMeFM6TQwwpijOYTfaXxrgmiFU\/AHPdepp0ILcWD5QSKt4MWDsJ\/eC61SjGvCVRvXn2JW5KB\/4JQcfZHw4S\/auTmIFCllOyidDXFohQ4NU8A9vt0e5qrI\/cou3U09qQhgu6ncsvX+jQusCyJhx1EpdaFLaOseb4xo0IjeHtTg5uKzMiP+l3dg6BJfcICpsS0fKy4Lvcxzq4iHlV\/CkZw5k\/5qPEe1WClYIIYAQ1QuHKqZOMgl0qEP1biit38pQoNuI5A\/WZ4yptUyrSpaVacwxp5yZkU47ddcg7lId\/wkwQjzVN9BmlVIcEupSyiP64T8RypU57m5OsmKDUV8cUXr\/nGnwi\/96TbsG+A6i29VkTJzG6j04DbRd\/2rnSbi4lJUC2\/\/AUQQJGvBPVxZ\/JcWHrRv6UUWsmJyg=="}
00567{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":298903,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZxAAOUGcTU2uwq5wKgMcgG7vMgz\/J8mi298ToAYALn8TgAAAQEICgQM3xwAGm7oFwMDAF\/eldsI13HzQY+jjeZOG1C3fjYOGMEiqu6JsZOF5\/uiXK7AM2l769TTf154q2v9zbCFNCC6ALlbxvM8pv2XV8yyN4WK8eEyQGzfQDuMxNSh1+Sz2yYJMcSF9ukaE370Xw=="}
00567{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":299048,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"fLuKifuEAA6OGXEMCABFAACYFZ1AAOUGcTQ2uwq5wKgMcgG7vMgz\/J+Ki298ToAYALk+VQAAAQEICgQM3xwAGm7oFwMDAF\/eldsI13HzQqAkxUI0xWa6ij6Lpqhc06Pw1+lVbmXZYyKnR37zc7pvIr0pn1DVXpNbupTsD9YOF1tU5U\/oMCUQTYRsQBKpg3f29mFDNobSkLRQiC8x2ocUYzYJyki+uA=="}
00426{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":300283,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXBAAEAGGsbAqAxyNrsKubzIAbuLb3yBM\/yf7oAQBAR2UwAAAQEICgAacDUEDN8c"}
00427{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":509924,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZ5AAOUGcZc2uwq5wKgMcgG7vMgz\/J\/ui298gYAQALl5jgAAAQEICgQM31IAGnAP"}
00498{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":514460,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AA6OGXEMfLuKifuECABFAABnEXFAAEAGGpLAqAxyNrsKubzIAbuLb3yBM\/yf7oAYBAhFFAAAAQEICgAacQkEDN9SFwMDAC4AAAAAAAAAK0d\/G8p0ni2twbzFitrGOytEAUmtCDahFriKpsYeQObBc0l7VsX\/"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1500731326599,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1500731326599,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":599476,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AA6OGXEMfLuKifuECABFAABgEXIAAEARz1fAqAxywKgMAUm6ADUATBSXAEkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1500731326599,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1500731326599,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00716{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":628959,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"fLuKifuEAA6OGXEMCABFAAELMF9AAEARb7\/AqAwBwKgMcgA1SboA95AtAEmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAeAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAAPAAENsAb2cBQAAEAAQAAADwABDbAG8TAUAABAAEAAAA8AAQ2wBsnwFAAAQABAAAAPAAENsAbUcBQAAEAAQAAADwABDbAG0rAUAABAAEAAAA8AAQ2wBuuwFAAAQABAAAAPAAENsAbaMBQAAEAAQAAADwABDbAGwg="}
-00748{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":76,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1500731326644,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":90,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.217"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1500731326644,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":644516,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OGXEMfLuKifuECABFAAA8EXNAAEAGCZbAqAxyNsAb2aItAbvSLGpEAAAAAKACgABWsQAAAgQFUAEDAwYEAggKABpxjAAAAAA="}
00436{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":676754,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZgg2wBvZwKgMcgG7oi3AHA3T0ixqRaAScSCE4wAAAgQFrAQCCAqn0Wp9ABpxjAEDAwg="}
00424{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":680974,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXRAAEAGCZ3AqAxyNsAb2aItAbvSLGpFwBwN1IAQAg4imAAAAQEICgAaca+n0Wp9"}
00713{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":686105,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AA6OGXEMfLuKifuECABFAAEIEXVAAEAGCMjAqAxyNsAb2aItAbvSLGpFwBwN1IAYAg7fBQAAAQEICgAacbOn0Wp9FgMBAM8BAADLAwPpevzeArLIKOrS51pZ0JeD5YrYSKYz0y0ak5UBe34eswAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1500731326644,"flow_last_seen":1500731326686,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":720507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0Z1VAAPUG\/ro2wBvZwKgMcgG7oi3AHA3U0ixrGYAQAHYjVAAAAQEICqfRaoEAGnGz"}
02239{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":729816,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"fLuKifuEAA6OGXEMCABFAAV4Z1ZAAPUG+XU2wBvZwKgMcgG7oi3AHA3U0ixrGYAQAHaN8wAAAQEICqfRaoIAGnGzFgMDAD0CAAA5AwMRDTWfNYj4EYpJO8QbwmRz9oBFjevY\/udMdZeBDiYOHwDALwAAEQAAAAD\/AQABAAALAAQDAAECFgMDCiMLAAofAAocAAVhMIIFXTCCBEWgAwIBAgIQDLc1747+ClgENzVweZfUazANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNTA4MTIwMDAwMDBaFw0xODA4MTUxMjAwMDBaMGwxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIEwVLeW90bzESMBAGA1UEBxMJTWluYW1pLWt1MRswGQYDVQQKExJOaW50ZW5kbyBDby4sIEx0ZC4xHDAaBgNVBAMMEyouYmFhcy5uaW50ZW5kby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvHjYnPMnI2ujzXQAv\/sZxCk+hQZpiH3YoETjk178sWENTpRVgts\/jLXVmbHrGT698SwHvquQeXNwWukIrOvm4DAUPCajA\/n4RTGKZuf25A7FJg4QwmPGkNBT5ZnZYSKZ772lzG8kPmd0J24gWhHsMNI0dGJ6erGXqXyKCNvV9YzAQR6s25oxroIexQOJX8an2kNoKqU\/tH4oiV6cwV13ckquhdw5vWG8arhUtkAPx4BGUNGdlWycRarCBNjoBZJa\/doJww7Oy3hYAO1ZzIUNn2LOCagw+nvuonYEMURa3Yu1Lb7wKO7GGgesAIj3vHSHW5YgsE1p6HxpmLHypxKdpAgMBAAGjggH1MIIB8TAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUGvBqzm9IwlKorGDLeRMLmrRo35wwMQYDVR0RBCowKIITKi5iYWFzLm5pbnRlbmRvLmNvbYIRYmFhcy5uaW50ZW5kby5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCJth37waS4Si9TQGlnGGn1WoNGtRxjm1QsN0jByiblqEr1PJvHe8vw0GiV\/FkL6BgTU30mhllRJMjXyh7qD6zKzvx3821ERVhWVr3GW6Ldzug1ARTxDCpdgt4B87Jlaw7KQTtJOhBp0SPrUlW8z4JtpunQ5u8gjPeEjAJtfkl5tnZJoR6sZl0W2oPnYLRon1vKEQ=="}
-00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_tot_l4_data_len":1768,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":96,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1500731326644,"flow_last_seen":1500731326729,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02247{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":731294,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"fLuKifuEAA6OGXEMCABFAAV4Z1dAAPUG+XQ2wBvZwKgMcgG7oi3AHBMY0ixrGYAQAHaU2QAAAQEICqfRaoIAGnGzwWVN09\/JHkCExegWcqI2X92ZdX4kd4jK9pLC6LVSz7jb4M7TG+rK49YI5tz+s5wIo89iOCp8YIohDwbQ96O4l6gvBuqUMxXSVwQrx3Pv7L2IHcrGK8yWgWnVLBXqgxVvDzIhziar2VoBwrae5tUABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRRaP+QrwIHdTzM2WVkYqISuFlyOzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAGIqViQPmbd9c\/B1o6kqPg9ZRL41rRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwFNDAABSQMAF0EEe1Mts9sikAnUSVV+N+UnAw=="}
-01166{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_tot_l4_data_len":3148,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":449,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
+01177{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":97,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1500731326644,"flow_last_seen":1500731326731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
00856{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":731334,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"fLuKifuEAA6OGXEMCABFAAFxZ1hAAPUG\/Xo2wBvZwKgMcgG7oi3AHBhc0ixrGYAYAHZCSwAAAQEICqfRaoIAGnGzvjpED3d+ifl8LPLvHMjwxz4I9wOz3Zmh0ZP\/FJuC78ZWJ9gmBbgzMmf3CYpGxV2HBgEBADeMi9\/3AnRg2KaRXT3XiTtU2Ad\/bbZdFEWsdu3ZDKLNm6PhwKAms+disUUupfCl78O8MgGaLjw8rZL7mqFqYFeON2ga0WR7GF9TwsZGS1YmQqg22Qiyk3hBRt3MkvW3cmOKHMd3KtQ29AB+jGFcHbaF994Unkf1cz1Dn0jX5C0mWJuHJ16BfWG5asCgt7NRhbBM2bbkf7GdfL0j4wxIOsjbgcjvtQ+F3V5kZqLijKowzNCR17QbifBtOx\/J128AeaSC7qb4gdxhl9WaDerxrTEqsp43n6tJLJF2wc4c6FpxLihvm2lEFxFHNAPOvhjRHqAiQcsTt5eqeZTUHafxHv0WAwMABA4AAAA="}
00424{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":736251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EXZAAEAGCZvAqAxyNsAb2aItAbvSLGsZwBwYXIAQAeQXKgAAAQEICgAacean0WqC"}
00428{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":765256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0FZ9AAOUGcZY2uwq5wKgMcgG7vMgz\/J\/ui298tIAQALl4IQAAAQEICgQM35IAGnEJ"}
@@ -97,18 +97,18 @@
02260{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":881408,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"AA6OGXEMfLuKifuECABFAAV4EXlAAEAGBFTAqAxyNsAb2aItAbvSLGuXwBwZzIAQAg7TewAAAQEICgAacnqn0WqRFwMDBv4AAAAAAAAAAe6rTQc0juZcZ0jtojx+0MvS2OYaa2NL3cvluTvb0qeLv2zU8zsF\/3KNlf8ThpuercbdkBzre0OrH9D0+\/3y8vllIWjokBjHwdciWYYRdYHsR7VKT7MGIOvP5P0MJLfdPrp5HyqDtqAKED3ewVTk+sWoolh1FdFAcmbksyoXbdvyIxaE3y3ubqP5195zDIUFwyPeqNWrMigpbsfghxt1hSmCL6kgRcZfT66vUmTFjs+7ceOUnxngQuqr7ORM3Z3OIz\/nDRHJ6cVrprbTVXiuLRqHY3YqjC37925xb26oBwRheiz3nEMcNUSGQNn4GXLbP9QjDvebT1IKUSLrZeNJ7GmCaKfrHZBuYVI6NzoRhHBvUcvm4ozdWJjjpAcISH0u8V87+9PVzY+CNTfI8QCM+VS9K74qrvR\/hO\/sXVk4obuNEhDypbRkcx+3\/HZSfDPEeMk7AZ98N5eajo7sdVLvM3\/rm8CsyXxbNvWtH1ekXSZT26T4XfBhD0IZsicnKE+7aY5UES2gD\/dCoqpRplubGIreRzRNO4Q1SMWbpzDGr9acbZ6a3d2yLtUIgheGV+IU\/MiUEvozNRk\/spWL+IoXcetz0SHGb6i6eTxD9R\/nu8FfSOcfE2q9Xr5GWihnwer6xAp+JrU4AT5+UrGrTcE\/d3b3YeOgTNqXN\/n3U8xMxxWD9g4AA++fvK+q7RMwxa3zA27R2rOLa2a+Jli7BqqzIKfGYIywbmBcLhuWoUyAhMmO0GkUsU96eC1QTt2k+pwi\/1V\/RxG6EW2KYnbPw3URdSMJWDXv4D45CZiTjBofgL9XA8dD9+XJGMDlu0G5qjtiaAC2uEROtkqoG3e1dGVIB2L6r67LLHnJ8cIPxber5qgDMJZSiGNrZV6uzmwDKfcbHUP3RTtmCLbwBsUEKZC2q0pTh3PdUSqPXVzUPDYaLF6WDem\/erwlAXbHiy7+FDqNF+OJpu6\/YWnHSxrcuw3xCdn5117Cnq2TWpMYsF5QPsDeKMpPVCks5LF28rhmwUrGUbthXH9+BeKcShrDgoOEF+y4zVVhAie77ryYGFmtUnOZ1n44NZAj0HzxekzfOC6G3DTHuxlET0uPwlue92+7MgaKPSzwInEKdVWQzG7F6XnOztzpaOlI9\/W4ZIkjAODtm3TqfS0wiIh+NEwTYBy70n1qDlBTI41YdGUIr\/OUhGAUBj2SolE6+IJIkI7CtaBjUNRjkrMfhR3xfPKbM3NmAuYR0Cliw2PaeakZJ0OMy5OhBH6KQNA2XQMcywaOUtjTjs72ucANcTEIHbc9jxetPmbnVYyfnWmXDF3dz0hgal44\/fibl3NlzjJPKkCAzvlhIoR4ri5YjYQz0D0ktgLD4M1sdGaxtZ70DO9bb1gusvKNtmmarADLsVjpa0dc15FnXCuTgoeDJfWeuKG0R392fdVqMyL0Zpg3pjMMx\/IW3joTsv0U4QVmAuSmjNQqYW2\/+tJ+hEQL4Z\/2wXioJ7xFDVf3ljyMB2RGGqGXzaV5+cKeSXQjK26IOFxnykgXN49siHCCHZk4MeEnImZTCo0P33R+hEkSGTOGal\/p9cZqbpGkPu+Y9Zq4V5mkwv4qNhdJrXkBl3yg6auLt2plb\/\/KLeakUBFGkUKb9qqszS4bcPrgHhn4wx61+Itz1F6LpESPFphgbbUEANHEslD610HxrESs7fyVSNfLpYboB0axghIAPGyjFtAWNnfU9EdWw8YSToMK8vABhcLDO681\/\/yru8yzwtzx4cUw7JZnozhFXPapxDfsJszG5g=="}
01032{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":881490,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"pkt":"AA6OGXEMfLuKifuECABFAAHzEXpAAEAGB9jAqAxyNsAb2aItAbvSLHDbwBwZzIAYAg66NwAAAQEICgAacnqn0WqRPC00Ujz0lBxWiSnn6mLr+UVv8JGPrto1uiAFITnL29UDtC3ncXkziv8UMOhs9HMjg1jU7rks3rXJwEXKvYHI6zuvWzvTigQVa6hZWpFm3ej6OCXNI7spwy\/FBTU6L1vbTr4+rHM+Vp6XqKJWFCvb53tx7vGMzaKpxMnpJO0Ul1vIzE+ToYliP7FGYk+JgTxRVvlBJj7EZTsPR7MN5B4oLpx+4qhzPH1NwEpO64+6pfkOiPKxzwGAtQ10pnM5RNcSvl459guCCWPAebXfqoZCMM1rp7vbrgWvp5qg59QnGq5jYoUYZ2JO44DO09OHhGC6nua7nK891BOm6oipHG8frTgGECzzHxFqCySbMhe8j5gSNAnD2B4KaMBCp+K\/BUxV+bN+1bjSjqrfAMypumVzW\/GmRtKFqWsjzrLcGP1jphK94ecuRjS8TOLAl6DBGU\/lMSsenPf3OIq\/53qRcYfpVxfWzf\/jmsvGysC5LOMYfHKnW4qtLu7HuTQXz3mDWFqgprboTwQAf4u0CO9Uo8k16ZLqncFTpqfemFeK5Jl+bKitZtgHmCIlYZRmsSGb8aAiB4C\/W4uaqJPpHuDAoTfK"}
00427{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731326,"pkt_ts_usec":915115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0Z1pAAPUG\/rU2wBvZwKgMcgG7oi3AHBnM0ixymoAQAIsO6wAAAQEICqfRapUAGnJ6"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1500731329336,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1500731329336,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731329,"pkt_ts_usec":336127,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AA6OGXEMfLuKifuECABFAAAoEX5AAEAGM1vAqAxyNpLySi0OAbv6FA+Od8xLzVAQEsCrFwAA"}
00409{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731329,"pkt_ts_usec":520313,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"fLuKifuEAA6OGXEMCABFAAAo9shAACwGYhA2kvJKwKgMcgG7LQ53zEvN+hQPj1AQn2AedgAA"}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":696,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":696,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":696,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":696,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1500731340826,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":115,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":115,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1500731326270,"flow_last_seen":0,"flow_min_l4_payload_len":688,"flow_max_l4_payload_len":688,"flow_tot_l4_payload_len":688,"flow_avg_l4_payload_len":688,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":52119,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1500731340826,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":826449,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYIAAEARLkrAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="}
00418{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":826602,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYMAAEARLknAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="}
00418{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":826753,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYQAAEARLkjAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="}
00418{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":826892,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYUAAEARLkfAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="}
00418{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":827037,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYYAAEARLkbAqAxyI55KPdprgjYAGGgmAAAAAAAAAAAAAAAAAAAAAA=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1500731340831,"flow_last_seen":0,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1500731340831,"flow_last_seen":0,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":831670,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYcAAEARLkXAqAxyI55KPdprJykAGMLOAAAAZQAAAAAAAAAAAAAAAA=="}
00418{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":832021,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYgAAEARLkTAqAxyI55KPdprJykAGMLOAAAAZQAAAAAAAAAAAAAAAA=="}
00418{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":836461,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AA6OGXEMfLuKifuECABFAAAsEYkAAEARLkPAqAxyI55KPdprJykAGMLOAAAAZQAAAAAAAAAAAAAAAA=="}
@@ -119,43 +119,43 @@
00418{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":889561,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"fLuKifuEAA6OGXEMCABFAAAs0whAADURN8Mjnko9wKgMcicp2msAGPuAAAAAZQAA2muXNqgQrBMBhw=="}
00418{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":889659,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"fLuKifuEAA6OGXEMCABFAAAs0wlAADURN8Ijnko9wKgMcicp2msAGPuAAAAAZQAA2muXNqgQrBMBhw=="}
00419{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":889684,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"fLuKifuEAA6OGXEMCABFAAAs0wpAADURN8Ejnko9wKgMcicp2msAGPuAAAAAZQAA2muXNqgQrBMBhw=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1500731340941,"flow_last_seen":0,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1500731340941,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":941838,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AA6OGXEMfLuKifuECABFAABcEYwAAEARLhDAqAxyI55KPdprgjcASL\/4MquYZAEBAADlTwAACP0AEAAAAAAAZU1IBAAAAwAAAABOQVRUZXN0SWRfRHVtbXkAdr5X4NIRIiw3Gy5kQ0UkeA=="}
00486{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":942177,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AA6OGXEMfLuKifuECABFAABcEY0AAEARLg\/AqAxyI55KPdprgjcASL\/4MquYZAEBAADlTwAACP0AEAAAAAAAZU1IBAAAAwAAAABOQVRUZXN0SWRfRHVtbXkAdr5X4NIRIiw3Gy5kQ0UkeA=="}
00485{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":946396,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AA6OGXEMfLuKifuECABFAABcEY4AAEARLg7AqAxyI55KPdprgjcASL\/4MquYZAEBAADlTwAACP0AEAAAAAAAZU1IBAAAAwAAAABOQVRUZXN0SWRfRHVtbXkAdr5X4NIRIiw3Gy5kQ0UkeA=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1500731340951,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1500731340951,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":951426,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"AA6OGXEMfLuKifuECABFAABOEY8AAEARz0zAqAxywKgMASfIADUAOkdJMLcBAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1500731340951,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":140,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1500731340951,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":951573,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"fLuKifuEAA6OGXEMCABFAABON9pAAEARaQHAqAwBwKgMcgA1J8gAOsbIMLeBgAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1500731340951,"flow_last_seen":1500731340951,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00462{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":956365,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"AA6OGXEMfLuKifuECABFAABOEZAAAEARz0vAqAxywKgMASfIADUAOpTc4z4BAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAE="}
-00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00484{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":956495,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"fLuKifuEAA6OGXEMCABFAABeN9tAAEARaPDAqAwBwKgMcgA1J8gASlG34z6BgAABAAEAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAHADAABAAEAAAC1AAQ0Cs2x"}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_tot_l4_data_len":248,"flow_min_l4_data_len":58,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":143,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1500731340951,"flow_last_seen":1500731340956,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
00462{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":961569,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"AA6OGXEMfLuKifuECABFAABOEZEAAEARz0rAqAxywKgMASfIADUAOtIHpfgBAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1500731340951,"flow_last_seen":1500731340961,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":58,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":144,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1500731340951,"flow_last_seen":1500731340961,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
00463{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":961674,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"fLuKifuEAA6OGXEMCABFAABON9xAAEARaP\/AqAwBwKgMcgA1J8gAOlGHpfiBgAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAAcAAE="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1500731340951,"flow_last_seen":1500731340961,"flow_tot_l4_data_len":364,"flow_min_l4_data_len":58,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1500731340951,"flow_last_seen":1500731340961,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"g2df33d01-lp1.p.srv.nintendo.net","num_queries":1,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":1,"rsp_addr":"52.10.205.177"}}
00462{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":966394,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"AA6OGXEMfLuKifuECABFAABOEZIAAEARz0nAqAxywKgMASfIADUAOq1Lys8BAAABAAAAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAE="}
00484{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":966499,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"fLuKifuEAA6OGXEMCABFAABeN91AAEARaO7AqAwBwKgMcgA1J8gASmomys+BgAABAAEAAAAADWcyZGYzM2QwMS1scDEBcANzcnYIbmludGVuZG8DbmV0AAABAAHADAABAAEAAAC1AAQ0Cs2x"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":264,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00760{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731340,"pkt_ts_usec":981415,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":298,"pkt_l4_len":264,"pkt":"AA6OGXEMfLuKifuECABFAAEcEZMAAEARmWjAqAxyNArNsdprhicBCL5GMquYZAEAAADlcwAACAAA0AAAAAAAZU1IgACGJwAAAAAPAPz\/AL\/\/\/\/\/\/\/\/\/\/\/\/\/\/DNhnHrgUDeqh96EJudpqr7HTWmwuyiNXAoN8EJ3L9Q9lPi1doyYlmiR\/kIBcOYNG3f6ClDHLwoaKdMh+FYL2YCHItfujH2Z4qGo8CMfrSTput8A2wWQpgkAxBIJe0WvlOjtOpz1+6kpnOg7dok0TGK81\/aeKZUUCJvuan8vMhErLm0XKEN1cWoDxH\/OLKVz5pN4b+BSPCYy59gluv93Pq8HtsFMIvC\/lWp43XhLEF2IUu226gZ0swWlxHUEiaoKOkMwyqhQOw2nawlxv1+4u7w=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1500731341194,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1500731341194,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00488{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":194858,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"AA6OGXEMfLuKifuECABFAABgEZUAAEARzzTAqAxywKgMAcdbADUATDXVYWkBAAABAAAAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAE="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1500731341194,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1500731341194,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00718{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":194969,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"fLuKifuEAA6OGXEMCABFAAELN\/tAAEARaCPAqAwBwKgMcgA1x1sA9yl7YWmBgAABAAkAAAAAIGUwZDY3YzUwOWZiMjAzODU4ZWJjYjJmZTNmODhjMmFhBGJhYXMIbmludGVuZG8DY29tAAABAAHADAAFAAEAAAAPAB8OZDNmdGhwdnY3Znp4MDAKY2xvdWRmcm9udANuZXQAwFAAAQABAAAALQAENsAbCMBQAAEAAQAAAC0ABDbAG2jAUAABAAEAAAAtAAQ2wBuuwFAAAQABAAAALQAENsAbSsBQAAEAAQAAAC0ABDbAG1HAUAABAAEAAAAtAAQ2wBsnwFAAAQABAAAALQAENsAbxMBQAAEAAQAAAC0ABDbAG9k="}
-00748{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":76,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1500731341201,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":152,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS.Nintendo","breed":"Fun","category":"Game"},"dns": {"query":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.192.27.8"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1500731341201,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":201471,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OGXEMfLuKifuECABFAAA8EZZAAEAGCkTAqAxyNsAbCHphAbtX9RrxAAAAAKACgAAP+wAAAgQFUAEDAwYEAggKABqqagAAAAA="}
00439{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":241134,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fLuKifuEAA6OGXEMCABFAAA8AABAAPUGZtk2wBsIwKgMcgG7emF9lpyBV\/Ua8qAScSBo2gAAAgQFrAQCCAqoOPNAABqqagEDAwg="}
00426{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":242243,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZdAAEAGCkvAqAxyNsAbCHphAbtX9RryfZacgoAQAg4GiQAAAQEICgAaqpOoOPNA"}
00716{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":246098,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"AA6OGXEMfLuKifuECABFAAEIEZhAAEAGCXbAqAxyNsAbCHphAbtX9RryfZacgoAYAg5SDAAAAQEICgAaqpeoOPNAFgMBAM8BAADLAwNvKK+fQ4F0D04V95LMArBCLWBC88S5\/t3m1SoEKefZLwAANMArwC\/MqcyowArACcATwCPAJ8AUAJ7MqgAzADIAZwA5ADgAawAWABMAnAAvADwANQA9AAoBAABuAAAANwA1AAAyZTBkNjdjNTA5ZmIyMDM4NThlYmNiMmZlM2Y4OGMyYWEuYmFhcy5uaW50ZW5kby5jb23\/AQABAAAKAAgABgAXABgAGQALAAIBAAANABgAFgQBBQEGAQIBBAMFAwYDAgMFAgQCAgI="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_tot_l4_data_len":356,"flow_min_l4_data_len":32,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1500731341201,"flow_last_seen":1500731341246,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00427{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":283400,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0b8ZAAPUG9xo2wBsIwKgMcgG7emF9lpyCV\/UbxoAQAHYHRQAAAQEICqg480QAGqqX"}
02242{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":285479,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"fLuKifuEAA6OGXEMCABFAAV4b8dAAPUG8dU2wBsIwKgMcgG7emF9lpyCV\/UbxoAQAHbY8QAAAQEICqg480UAGqqXFgMDAD0CAAA5AwPGsxfaTPmNDIPpai2fPswQ2J\/UcKw+2HDRhcyzY86OawDALwAAEQAAAAD\/AQABAAALAAQDAAECFgMDCiMLAAofAAocAAVhMIIFXTCCBEWgAwIBAgIQDLc1747+ClgENzVweZfUazANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNTA4MTIwMDAwMDBaFw0xODA4MTUxMjAwMDBaMGwxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIEwVLeW90bzESMBAGA1UEBxMJTWluYW1pLWt1MRswGQYDVQQKExJOaW50ZW5kbyBDby4sIEx0ZC4xHDAaBgNVBAMMEyouYmFhcy5uaW50ZW5kby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvHjYnPMnI2ujzXQAv\/sZxCk+hQZpiH3YoETjk178sWENTpRVgts\/jLXVmbHrGT698SwHvquQeXNwWukIrOvm4DAUPCajA\/n4RTGKZuf25A7FJg4QwmPGkNBT5ZnZYSKZ772lzG8kPmd0J24gWhHsMNI0dGJ6erGXqXyKCNvV9YzAQR6s25oxroIexQOJX8an2kNoKqU\/tH4oiV6cwV13ckquhdw5vWG8arhUtkAPx4BGUNGdlWycRarCBNjoBZJa\/doJww7Oy3hYAO1ZzIUNn2LOCagw+nvuonYEMURa3Yu1Lb7wKO7GGgesAIj3vHSHW5YgsE1p6HxpmLHypxKdpAgMBAAGjggH1MIIB8TAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUGvBqzm9IwlKorGDLeRMLmrRo35wwMQYDVR0RBCowKIITKi5iYWFzLm5pbnRlbmRvLmNvbYIRYmFhcy5uaW50ZW5kby5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCJth37waS4Si9TQGlnGGn1WoNGtRxjm1QsN0jByiblqEr1PJvHe8vw0GiV\/FkL6BgTU30mhllRJMjXyh7qD6zKzvx3821ERVhWVr3GW6Ldzug1ARTxDCpdgt4B87Jlaw7KQTtJOhBp0SPrUlW8z4JtpunQ5u8gjPeEjAJtfkl5tnZJoR6sZl0W2oPnYLRon1vKEQ=="}
-00850{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_tot_l4_data_len":1768,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":158,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02250{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":285901,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"fLuKifuEAA6OGXEMCABFAAV4b8hAAPUG8dQ2wBsIwKgMcgG7emF9lqHGV\/UbxoAQAHaJ5gAAAQEICqg480UAGqqXwWVN09\/JHkCExegWcqI2X92ZdX4kd4jK9pLC6LVSz7jb4M7TG+rK49YI5tz+s5wIo89iOCp8YIohDwbQ96O4l6gvBuqUMxXSVwQrx3Pv7L2IHcrGK8yWgWnVLBXqgxVvDzIhziar2VoBwrae5tUABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRRaP+QrwIHdTzM2WVkYqISuFlyOzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAGIqViQPmbd9c\/B1o6kqPg9ZRL41rRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwFNDAABSQMAF0EEJKHe3+YY8FHx45IAULvdOw=="}
-01166{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_tot_l4_data_len":3148,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":449,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
+01177{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":159,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":7,"flow_first_seen":1500731341201,"flow_last_seen":1500731341285,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":2908,"flow_avg_l4_payload_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Nintendo","breed":"Fun","category":"Game"},"tls": {"version":"TLSv1.2","client_requested_server_name":"e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com","server_names":"*.baas.nintendo.com,baas.nintendo.com","ja3":"200a99534ce50d35cf40cc3cce4c69b5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=JP, ST=Kyoto, L=Minami-ku, O=Nintendo Co., Ltd., CN=*.baas.nintendo.com","fingerprint":"8A:0A:1D:D3:A8:96:7A:55:C5:75:B2:2B:3E:45:15:54:0A:B0:FC:94"}}
00860{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":285943,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"fLuKifuEAA6OGXEMCABFAAFxb8lAAPUG9do2wBsIwKgMcgG7emF9lqcKV\/UbxoAYAHaL6AAAAQEICqg480UAGqqXTNL71iuHyPf\/kLADGDfZjypETISFLIbqgaqpA2DlRwBfvXKFYW\/3mkDDvNMxe9FSBgEBAA5NluTeZyZbhNVs1x5m6fkEN6Ih1b+cv2UeXMEbrbtPQmbLCNeWWIg+VRnMyzqwuLugpmjEEPKppardgBoInUlvw1hfp9Dg6H\/Iw8o6tXLZ5QuWNIzfs7CnYWTQQLLzsq03cWMRubcrUjgQF6DAS1IfjqEQPmb0ef2+wr8u4V2Bu0ETvnmxVw+j4XuZeBNHKHhbzJ31XNP25qgfWMXwKbfcXiL578YS2CTZ29uD3pEjd7yTOuyUKjfZjpUZN5SvtKehtIOQ\/sne2vQ5q4oSzFEituK0k0RzxGTGDlKo\/bYlJNmXtf4bLWbN7W57g\/Rmpj5U43t+0bIkc+lWVXSUyVkWAwMABA4AAAA="}
00426{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":287113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMfLuKifuECABFAAA0EZlAAEAGCknAqAxyNsAbCHphAbtX9RvGfZanCoAQAeT7JAAAAQEICgAaqsCoOPNF"}
00599{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":379810,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AA6OGXEMfLuKifuECABFAACyEZxAAEAGCcjAqAxyNsAbCHphAbtX9RvGfZaoR4AYAg5cDgAAAQEICgAaqxqoOPNFFgMDAEYQAABCQQRdwwnZFu4MmOlLH9Hktc1Qg3T0HR0rTnwEJSxtd4UfCeWE9NamkOBWmWpd2lC1Mu0thZYfqrRVn6bZlvyy3QjHFAMDAAEBFgMDACgAAAAAAAAAAA4KxbpnYpcIwstCINxar2\/0j23j5Pi2QcHWHqM1Dzp6"}
@@ -164,22 +164,22 @@
01040{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":426352,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"AA6OGXEMfLuKifuECABFAAH0EZ5AAEAGCITAqAxyNsAbCHphAbtX9SGIfZaoeoAYAg7\/tQAAAQEICgAaq0qoOPNSwXKqRbwKgwyhmDRzT1utvBut3H0Aec8mMwBBsZIUVrvRzalnOKIgc5aGXoSF9K7nwvqXaWVGbLRUCaIHHgmNEcKLWbyMJ+hDhbPAzbNjZAhDBxZ2zRcK\/xEmtHoUMNENfj+KiV580xZH7EUZT0bLkKz6bJh2OLz7\/NuD0lOXjayberI7RXM5DidS7a7KELkBfhVXyyXiZbdAGIeeuEYyb2U2w1XEuv4jYvlLNXgNfx8milyLnkYxsRCHhnfOZXe1p5XSSo1lJ7Mr93N\/t9DnKDjzUVxkB95uEeSDWFh+3Gu1bIteNcY\/OJAoD\/4WrUgCwJtDN4zQx6xUA9hrWyNXt+YrLVsidKvv5IeqSYFvF6e1xpz8QPWPBHIsyk2RS4e9iJ8HKsHZlFKFi7UqQm0NmygA+OQsnXAod4kDT4klULhngS6mCqi\/1\/AIVxQgmNF6trH5rzfg3ymdLliThxhiDh6\/klKuELnczwIERpEZm84lRijxCWLJ3dEh+mG5Tv8Lcu1LH3KHBHOwZV0pHHJ16a1mEDRQGc29xeAxK30LRNsgCjIOUOE+2oA8NoKWHZqEl8\/2hE0elFEskJeDYy4vlA=="}
00428{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":464411,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fLuKifuEAA6OGXEMCABFAAA0b8tAAPUG9xU2wBsIwKgMcgG7emF9lqh6V\/UjSIAQAIvy7wAAAQEICqg481cAGqtK"}
01972{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731341,"pkt_ts_usec":662738,"pkt_caplen":1200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1200,"pkt_l4_len":1166,"pkt":"fLuKifuEAA6OGXEMCABFAASib8xAAPUG8qY2wBsIwKgMcgG7emF9lqh6V\/UjSIAYAItQiwAAAQEICqg482oAGqtKFwMDBGnVsJiTFQHcR+UKbYU\/bYCM\/cv9QkfmwPmrdGCe3n7QYfatT4jRfkbhcFvQnvfBgwpFSorybj+mzTB8IYF\/qxdljaBGo3Tle0JK+2dE3vQR798L\/m0CS6m35jyC5Hv16Q5dhmutuilz1kRUenh7lSEf8TH\/Mow+3axt9KuHgl1rYNF7Hq5ApIY2lt7CDJ31wF8217hZHtvJepjsXNnb6y7hWJR8eSIOBM7pIG1\/CiCYa7p5mSgKhDdpW0OAFiWTLRFHxokv19GOLCqc300jq4hAIN9o9PZmcj+SkUXG6YeAFkQbanqF0s0icI5NTLIPiAFifqxwhJdQ\/rSP6M2Nbjy+XJJCsGUJSFJNl8dvYMEKSIiSyvQTFkwAkUglAHiH\/YQm0wEQp2ULiThraDcLpvLPbTIU41FLbHYHK+OmrTtN0EI2rWSXkRWunESLWLJfchvIfhSS4KqgmrRzjGceqSNlIzfSa17JxjW\/EjcZCKh0AlOr0tCk7OMkRgn3lFFm\/JJ85vZ7bpqgtfZNBJ7KrvnwbdZMOzUsF5308qg9vB2WnffuO5FoIvE\/ZN7FoIOqv5rXwQDvsLSZKwUzsG0TEDD3jpa60NNIMHmJUsYjMj5uwPy\/gGdD2PqKJEi3te1pxzyYh\/acM1dtpR\/b7LZX4BaxKeziiMbXJvkt2yKfqk27H7VBCs2za73F3bJ8NTxjrsq79aV8AkCuib2LBLJpRru7JGqSgDn+i0niZk+pG4Ybvpn45oT\/4i7K28pAoXOu7La+kYNGUl7CBI44VOERpdVP5Z9XpSno+SKKPQXWKS8ubojxm4ZI2Ljy6fSLovkwycGiICNFEMnoO3T9CtI3sI6pVet0eCK0ZoQtxUNrDRE+XyBkHexvAfe8weHH+F0VEgN\/i\/0CJxh2OoqK4V8uHMZP742CDgdyutMGSDQme+TZdQnVeD65eMCwNSqZuW\/LZMZc+tAUZDJ4pf9l9+2+vWlT7slIjKKz2FEu9D2sb0+iBMLkZjl7dOBFlEzQK8CdhhuKCZzZabkPVeb2r44feNCyisz43u0tJuLk\/qBELp0+v5v\/DX7fPWWhBsChcDv1kWx9qsW48EZNXkyRWl9uPOnqK3+EACgbOyNinL0Pt2WUrKsaEkgluQ70jCnO\/0TTBDbMvXy0pES7TF4+cdQsT\/k7zG6lWimnk0PEvCWkNJmNXX+rldvlLNH6NjnLaaUyyL0DO9Rs6TE75jFpuWarwb095Ns4PZuOSWdCR8PzKAOsseP28i68BTRHFrFX7+bR\/q3zlDD2aLWV9Y8YsLd\/qogmX3pmnKozljyvbf5q76m9OSicquJUiVBWXjYUKg5L2j15K+iYXVPHmy7dMYRS0wg8sEbhS9e96rz1Tni2MDZVmuxzz+T6FRa6mLB1UflOrmR64mBqFNqBo6i\/SAYdNSFtLoRCZhnpjrH5rhnHU3ivZxSQzIB99TFWCK3CPrh3vXt8eM4KEiTaqFoyZ+ictXqiu0dpaduim\/vJ"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1500731342849,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1500731342849,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":849734,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEaUAAAQRdQ7AqAxyuXapQdpra4AAVCIdMquYZAIAAADswAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4rX5hDUY6wfFQBAZE4XnJazusJzbVQnhevgQppjVzdvQ=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1500731342849,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1500731342849,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
00502{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":850014,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEaYAAAQRdQ3AqAxyuXapQdpra4AAVAI0MquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6gjif1bWs4geU7XixG1qL9vpm\/9BWOrfz2cCbEeSTC5w=="}
00503{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":850411,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEacAAAQRdQzAqAxyuXapQdpra4AAVKPSMquYZAIAAADswQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6PDZdQtmr\/jnYvUCnbuXCGD7lHXmsq3069ZX\/zt70P0A=="}
-00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1500731342860,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1500731342860,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":860163,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAWRkAAAAARQAAaBGlAAABEXgOwKgMcrl2qUHaa2uAAFRVpg=="}
-00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1500731342860,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1500731342860,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":860327,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAeQIAAAAARQAAaBGmAAABEXgNwKgMcrl2qUHaa2uAAFQ1vQ=="}
00434{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731342,"pkt_ts_usec":860362,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsA12MAAAAARQAAaBGnAAABEXgMwKgMcrl2qUHaa2uAAFTXWw=="}
00500{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":60422,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEakAAAQRdQrAqAxyuXapQdpra4AAVHapMquYZAIAAADtlAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4Hc0ryUhsZTl7hgk81YTyPwkwwi1eAZXwUjozo1ieJWw=="}
00500{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":60665,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEaoAAAQRdQnAqAxyuXapQdpra4AAVOw0MquYZAIAAADtlAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4v43Lf+EKImUrhG2nv8WvwCeRPn7wxZdni63dPOdtWwg=="}
00500{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":61096,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEasAAAQRdQjAqAxyuXapQdpra4AAVIGbMquYZAIAAADtlAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6P92OaheHCo+iD5a31NND0BACVpyIT8NMwwnLbRUNQ6g=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1500731343061,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1500731343061,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":61460,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEawAAAQR9ebAqAxyXe2D69pr2wIAVCbFMquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4hx\/onxePqCY4SU3xjlxtsTZQnwdACOZdpevYKG6n8bw=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1500731343061,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1500731343061,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
00501{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":62186,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEa0AAAQR9eXAqAxyXe2D69pr2wIAVEC8MquYZAIAAADtlwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6trKJ4rbcL8S1NPouV27EIOISc3sHWS\/Ay6NZ9dnLpeA=="}
00500{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":64914,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEa4AAAQR9eTAqAxyXe2D69pr2wIAVHIfMquYZAIAAADtmAAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+4QxoxAISmRWzt9Cf2ANrWvuCF9xJxAb2QUBmXaTP0ETQ=="}
00433{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":69973,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsABI0AAAAARQAAaBGpAAABEXgKwKgMcrl2qUHaa2uAAFSqMg=="}
@@ -194,9 +194,9 @@
00502{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":265664,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbIAAAQR9eDAqAxyXe2D69pr2wIAVHHgMquYZAIAAADuYQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5D1RHR1Efs+fOh1A0yv+IMwTJUhr2kL16RwpCbys\/zyQ=="}
00504{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":265900,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbMAAAQR9d\/AqAxyXe2D69pr2wIAVKH3MquYZAIAAADuYQAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+7AkO1\/I\/EwZfSCtaxr8daeTvyd7B0s5uVMaeFPr4bpng=="}
00501{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":266263,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbQAAAQR9d7AqAxyXe2D69pr2wIAVH68MquYZAIAAADuYgAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6wUv0E6O6beQCdgKAe8WJf0bONaD7cVAGLvmFd+FO+gg=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1500731343266,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1500731343266,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00502{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":266581,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbUAAAQR5+7AqAxyUT2eitpryjkAVFv5MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5+fKxnOL+boQLScYxPZys77lNbziI76pb\/g4qlyspVqA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1500731343266,"flow_last_seen":0,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1500731343266,"flow_last_seen":0,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","ndpi": {"proto":"Nintendo","breed":"Fun","category":"Game"}}
00502{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":266876,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbYAAAQR5+3AqAxyUT2eitpryjkAVGj9MquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+7xrfou4fqWjlJQi1c1lm8udR6QM9F6Tte6liKDWkKe\/w=="}
00501{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":267275,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbcAAAQR5+zAqAxyUT2eitpryjkAVC1TMquYZAIAAADuYwAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+5Run8isLISlhuFklysgYAwVdq0TTDfSVfOsDm2ryNz2g=="}
00435{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":273274,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAoa8AAAAARQAAaBGvAAABEXgEwKgMcrl2qUHaa2uAAFQNEA=="}
@@ -205,9 +205,9 @@
00435{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274073,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAmdMAAAAARQAAaBGyAAABEfjgwKgMcl3tg+vaa9sCAFSlaQ=="}
00435{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274102,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAabwAAAAARQAAaBGzAAABEfjfwKgMcl3tg+vaa9sCAFTVgA=="}
00435{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274132,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBoj+XBrhkwKgMcgsAjPcAAAAARQAAaBG0AAABEfjewKgMcl3tg+vaa9sCAFSyRQ=="}
-00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1500731343274,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1500731343274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274328,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAwIMAAAAARQAAaBG1AAABEeruwKgMclE9noraa8o5AFSPgg=="}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1500731343274,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1500731343274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00434{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274498,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsAs38AAAAARQAAaBG2AAABEertwKgMclE9noraa8o5AFSchg=="}
00434{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":274660,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"fLuKifuEAA6OGXEMCABFAAA4AAAAAPwBokGXBrhiwKgMcgsA7ykAAAAARQAAaBG3AAABEerswKgMclE9noraa8o5AFRg3A=="}
00503{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":577295,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEbsAAAQRdPjAqAxyuXapQdpra4AAVKbhMquYZAIAAADvmgAAiVxWTHQXYLkMmEhv3TFhCo9D90XwqWXbgOlZDx\/Hd+6kbg82UwP7WhoJdFXAPrW7l7kjB4\/DcRED9PA54OD4fw=="}
@@ -243,30 +243,30 @@
00502{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":915131,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEdMAAEARq9DAqAxyUT2eitpryjkAVAuZMquYZAIAAADw67bGKdUJvCWWmpPUMVRbVSL\/ms6fyAPfdbX8V8Af6wGuIohN10vP0qGmIALU3oiGmRStZydUMdiUu614eU0zknGtnw=="}
00504{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":976502,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEdcAAEARq8zAqAxyUT2eitpryjkAVJ\/GMquYZAIAAADxKbcEiVxWTHQXYLkMmEhv3TFhCu1eRL0sUh1f7FBB1\/G+YP0VNDfxB721Ce35pyWVGkhESdXdbwDAoVBGzMqD\/f7vOg=="}
00503{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"nintendo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1500731343,"pkt_ts_usec":976639,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"AA6OGXEMfLuKifuECABFAABoEdgAAEARq8vAqAxyUT2eitpryjkAVNzKMquYZAIAAADxKbcEiVxWTHQXYLkMmEhv3TFhCu1eRL0sUh1f7FBB1\/G+YP3LwBCwXe5s\/c9OgLdxBm6BM5UFqxh65snYF+XPEFQpmw=="}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":76,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_tot_l4_data_len":496,"flow_min_l4_data_len":58,"flow_max_l4_data_len":74,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_tot_l4_data_len":6651,"flow_min_l4_data_len":32,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":123,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_tot_l4_data_len":6651,"flow_min_l4_data_len":32,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":123,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_tot_l4_data_len":46304,"flow_min_l4_data_len":68,"flow_max_l4_data_len":852,"flow_avg_l4_data_len":289,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":76,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":24,"flow_max_l4_data_len":24,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":264,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":264,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_tot_l4_data_len":48020,"flow_min_l4_data_len":68,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":305,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":84,"flow_max_l4_data_len":84,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_tot_l4_data_len":7049,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_tot_l4_data_len":7019,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1380,"flow_avg_l4_data_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_tot_l4_data_len":172476,"flow_min_l4_data_len":68,"flow_max_l4_data_len":852,"flow_avg_l4_data_len":385,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_tot_l4_data_len":4764,"flow_min_l4_data_len":68,"flow_max_l4_data_len":820,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_tot_l4_data_len":1504,"flow_min_l4_data_len":68,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_tot_l4_data_len":1452,"flow_min_l4_data_len":68,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_tot_l4_data_len":756,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1500731340831,"flow_last_seen":1500731340889,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":10025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1500731341194,"flow_last_seen":1500731341194,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":51035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1500731340951,"flow_last_seen":1500731340966,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":66,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":10184,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1500731329336,"flow_last_seen":1500731329520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.146.242.74","src_port":11534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":54,"flow_first_seen":1500731322454,"flow_last_seen":1500731343995,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":917,"flow_tot_l4_payload_len":4923,"flow_avg_l4_payload_len":91,"midstream":1,"l3_proto":"ip4","src_ip":"54.187.10.185","dst_ip":"192.168.12.114","src_port":443,"dst_port":48328,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":160,"flow_first_seen":1500731343266,"flow_last_seen":1500731348756,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":45024,"flow_avg_l4_payload_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"81.61.158.138","src_port":55915,"dst_port":51769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1500731326599,"flow_last_seen":1500731326628,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":153,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"192.168.12.1","src_port":18874,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_first_seen":1500731340826,"flow_last_seen":1500731340827,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33334,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1500731340941,"flow_last_seen":1500731340946,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":55915,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","ndpi": {"proto":"Amazon","breed":"Acceptable","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1500731340981,"flow_last_seen":0,"flow_min_l4_payload_len":256,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"52.10.205.177","src_port":55915,"dst_port":34343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":157,"flow_first_seen":1500731343061,"flow_last_seen":1500731348745,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":1212,"flow_tot_l4_payload_len":46764,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"93.237.131.235","src_port":55915,"dst_port":56066,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1500731323269,"flow_last_seen":1500731323270,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"35.158.74.61","src_port":52119,"dst_port":33335,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":21,"flow_first_seen":1500731326644,"flow_last_seen":1500731327201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.217","src_port":41517,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":20,"flow_first_seen":1500731341201,"flow_last_seen":1500731341710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1348,"flow_tot_l4_payload_len":6363,"flow_avg_l4_payload_len":318,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"54.192.27.8","src_port":31329,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":447,"flow_first_seen":1500731342849,"flow_last_seen":1500731348749,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":844,"flow_tot_l4_payload_len":168900,"flow_avg_l4_payload_len":377,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"185.118.169.65","src_port":55915,"dst_port":27520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1500731320644,"flow_last_seen":1500731325506,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":812,"flow_tot_l4_payload_len":4452,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":16,"flow_first_seen":1500731320774,"flow_last_seen":1500731322059,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"109.21.255.11","src_port":52119,"dst_port":50251,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00470{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test"}
diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out
index bf1968b68..844f063b3 100644
--- a/test/results/no_sni.pcap.out
+++ b/test/results/no_sni.pcap.out
@@ -1,9 +1,9 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"no_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1604822444474,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1604822444474,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":474923,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"}
00440{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":475424,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"}
00406{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":475512,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+ciDAbvkc0gONh\/971AREABQ2gAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1604822444486,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1604822444486,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":486731,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+cmWAbsdU0ZpAAAAALAC\/\/\/IBQAAAgQFtAEDAwYBAQgKKlLxbAAAAAAEAgAA"}
00414{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":593192,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoz19AADkGTkdoEPn5wKgBdwG7yIM2H\/3v5HNIDlAQAERglwAAAAAAAAAA"}
00414{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":594798,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoz2BAADkGTkZoEPn5wKgBdwG7yIM2H\/3v5HNIDlARAERglgAAAAAAAAAA"}
@@ -12,12 +12,12 @@
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":624675,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGHZtoEPn5wKgBdwG7yZbnV+zfHVNGaoAS\/\/9HygAAAgQFeAEBBAIBAwMK"}
00406{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":624753,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0Zq51fs4FAQEAB4YwAA"}
01236{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":629426,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"pkt":"EBMxuRBeeDHBvV4kCABFAAKQAABAAEAGFD\/AqAF3aBD5+cmWAbsdU0Zq51fs4FAYEACqFQAAFgMBAmMBAAJfAwM4QGbYN4X20uSmpCi+qLH24nxablHacDaB7g46zEyvJCCS0jgQR8zClHgewuqoUAH32VWvHW5IuO5vXWulcb1skAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQAB8gAAAB8AHQAAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIHmVJzDe7D6qJNs1W0qD8RIXzzYXXPM\/3vnHoxYUiJkqABcAQQTWxNAmZdh04nOlC2Wggbf1TQ5Pxz25m+va297qXK9jD3ovCZ5UT7sdbxNYgxx9TZMDsDXvKRSDpVE90jpfHkDFACoAAAArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAKQDrAMYAwDOWKpJVdqJ22Z6lGoaHhJKmtmYwswNzWnU5DNuC8HGbdiXoFAZXxZG56tM93v7A4wn4E03RF1w530ZLeasMMIMsYEC4asY+xpMYZn2lZDq8jUcVaGkQ1uyuuJKtxOTpieuSHwZbHKadjDUlTR7uiwEOMjeGRMdOORxuffgTWS\/WKkZmXbE85P+ToRCh8lvZip4mWqQ0NEC5HrF38UgI1faKYf2KszBanKyjpCdEBVxPT1o2z7xi9N1pX8fd5IJJ3Dhki3gAISCp9COAa94cIbcD4ODGkygxHHNgI8KCuth8lpXGNGBiug=="}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_tot_l4_data_len":732,"flow_min_l4_data_len":20,"flow_max_l4_data_len":636,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"5dd472f5a4060141b8cfd05eecf10d11","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1604822444486,"flow_last_seen":1604822444629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":616,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"5dd472f5a4060141b8cfd05eecf10d11","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00414{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":629706,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"EBMxuRBeeDHBvV4kCABFAAAuAABAAEAGFqHAqAF3aBD5+cmWAbsdU0jS51fs4FAYEABd6QAAFAMDAAEB"}
00647{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":629799,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMxuRBeeDHBvV4kCABFAADSAABAAEAGFf3AqAF3aBD5+cmWAbsdU0jY51fs4FAYEACjfwAAFwMDAKW4k2EWcWuc6xL3buCNlVs5ZLZz6Z4Of8vW\/Q3EhCGwprLV2IWTE\/rCr6y\/6WWQf7EsmFisp2W5sIg2Ja\/AdtGmdrmDYN\/dTEF0Ao\/T059mWW6gmzlGAzI++2c8A\/65sCD9UX9YZhdiK9773tvHv\/5XG\/DZJ9HN6hdZyxOazZunT8x9BvEroY\/LUwlfJLcnB0BdL4Gf5SHC06tsrntHkmTkJhKpwgQ="}
00414{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":804936,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoPGhAADkG4T5oEPn5wKgBdwG7yZbnV+zgHVNI0lAQAEKFuQAAAAAAAAAA"}
01334{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":807971,"pkt_caplen":736,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":736,"pkt_l4_len":702,"pkt":"eDHBvV4kEBMxuRBeCABFAALSPGlAADkG3pNoEPn5wKgBdwG7yZbnV+zgHVNI0lAYAEJUoAAAFgMDAIACAAB8AwP0YW7203r+Mm6u9JuQcKUrHPm7Ob25qh5y5y0+bI755CCS0jgQR8zClHgewuqoUAH32VWvHW5IuO5vXWulcb1skBMBAAA0ACkAAgAAADMAJAAdACCF5jDS3VDb1X1PUhsMwtkQHZjuhfco\/pqKiHwCKcAbbAArAAIDBBQDAwABARcDAwBIioYN\/KO5cBS51lMZ6wA1JGbPI\/NgW+2QyEq5HcY7dXZQ0i5A0e95kfPS7KS+h\/gWPPhCAfBT\/E6035TpylC7fbJlIZhexFu1FwMDAc100YCNWyKi5AEeWT++1AwsTA5HFW+IBkrOk4Sv2Lyj4HgeOtvKmDHNZ8zLZCnM3cXwO2teIQwTddn+2ZPI5jqCLJz36xkXDO\/6mf6BYRuXNsp5pFY\/ierT34M2lqLNOCHl0Km0eZJMPbJothcsYtc1anhepVw1Sy\/ULyWmYGackQZHh5xP7O1bq0I+P5OUvaCKC2yFVRkB7ufEFqRZKdo+uYO921\/CGu+dWl\/J+wKyEWLXtCfyKLCiyt8W018wBBkhIOM0s54TqFSJko1lKtgtFNtEbx9U\/yXQowwskoK7Ic5GFJ\/\/cOPmtKkIncc0N1jTq74XFfh+B6MKApU1kr8m6AaBOFKgCGasjXa3G6KEP+GjFbfceOoEc7uPfvtLITbm65QWBfKLrNm9q6pioIqc1n1Gq6IHLthhX8SZ7qKK4s9BRel+KIndvcfMP8OYc+47ybWAuw4JdBsVnby5JdkVKfZKdED9HqzQNo+ixNJhXeYq78cKM+jKKpMYrWmBd1IkqbGpB+GnRISWxfQpi164PTfIyt6DMniqmxH4ZnDIzItwl5hZ0hUtC0DTR7TiX+HExsOIiZuJJO4gmmdtHSeL6EGeC9NsAsbxYMI91Q=="}
-00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_tot_l4_data_len":1670,"flow_min_l4_data_len":20,"flow_max_l4_data_len":702,"flow_avg_l4_data_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"5dd472f5a4060141b8cfd05eecf10d11","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00830{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1604822444486,"flow_last_seen":1604822444807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":1474,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"5dd472f5a4060141b8cfd05eecf10d11","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00407{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":808041,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGFqfAqAF3aBD5+cmWAbsdU0mC51fvilAQD\/VyrAAA"}
00494{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":808127,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"eDHBvV4kEBMxuRBeCABFAABmPGpAADkG4P5oEPn5wKgBdwG7yZbnV++KHVNI0lAYAEIA3gAAFwMDADn2aYj+B\/dXPxUno4kNcPEtkFzqj3LyZFhFk9xNRtVgYgSHAakE2pabNM6LB2JauqyxaikRdlEnoUA="}
00416{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":808131,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoPGtAADkG4TtoEPn5wKgBdwG7yZbnV+\/IHVNI2FAQAEKCywAAAAAAAAAA"}
@@ -25,15 +25,15 @@
00523{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":810516,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMxuRBeeDHBvV4kCABFAAB8AABAAEAGFlPAqAF3aBD5+cmWAbsdU0mC51fvyFAYD\/fHUQAAFwMDABVqsaEaWbGiD2hE9eNcKIuJuz+m8k0XAwMANcLgJIApZ4awhY0t9Na9EJgjOzFaDNzQBmzZ8s2kSdoPolqS90HDQsAnKyxNMOmP1r9hxlkm"}
00416{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":814526,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoPGxAADkG4TpoEPn5wKgBdwG7yZbnV+\/IHVNJglAQAEOCIAAAAAAAAAAA"}
00452{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":815943,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"eDHBvV4kEBMxuRBeCABFAABHPG1AADkG4RpoEPn5wKgBdwG7yZbnV+\/IHVNJglAYAENyQAAAFwMDABqjFXpPjKZYFjKJigkOmBTtUDrQaTxYIYlVHA=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1604822444913,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1604822444913,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822444,"pkt_ts_usec":913120,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGlCjAqAF3aBB8YMmcAbs\/DuN6AAAAALAC\/\/+FPgAAAgQFtAEDAwYBAQgKKlLy+gAAAAAEAgAA"}
00424{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":34293,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADkGmzRoEHxgwKgBdwG7yZyEa\/jPPw7je4AS\/\/9djQAAAgQFeAEBBAIBAwMK"}
00406{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":34393,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DuN7hGv40FAQEACOJgAA"}
01691{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":39824,"pkt_caplen":1001,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1001,"pkt_l4_len":967,"pkt":"EBMxuRBeeDHBvV4kCABFAAPbAABAAEAGkI3AqAF3aBB8YMmcAbs\/DuN7hGv40FAYEADx5QAAFgMBA64BAAOqAwOKZdoIJJLXVGZA4tLet+CaUHoCgYsVNfGcUO5E5Yyw\/iDkSSMrT+G4DHKylGZE+9t1xT9Bwk1il4gkdGKmixfHxQAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQADPQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACDGOo4vonTOM2GYlWlh+M28Bv4rBtCSolJUMSM6byGyQgAXAEEEsB47X5x8IY\/5MH1UqXpFAzbgAcO0IeN+cLY8gPqZEdzm0gMalJCJbmIbZn57y5aw8W4ViyGLcMicP949QRl9egArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQH\/zgFuEwEAHQAgPGWhhHXhSBIvBL4hXbOZcIM+rNQD2DcGROPY4ll\/rXoAINowFgSFokV0+8oDzPiOBNFVqPuEsCkk5QU+JZFVeXqbASQVT3cyI9DPD+8Kd3Ww2Vi2d0E4DueGAORAkX1nZsCd92axwR+an6cI7N5dHl3UWilB1dYjPA\/Cb+kdo\/rtnIL2uvuu1ZO84mgnhL6aaGeyGgbrvNPbA3g3+pnNDT4RerDjfoe6\/qjpiEkt\/Cxegk8zCUdDD7xu0Ze3gFLPNBw+NMoVVk69a4J2D0HN5dwh\/g8OZb9iLxYQWYC6JERpN1lgtG78xLVcvV7ggnnVMs5uIwGEnfiUjF5hH5552rRr3aNqybi0n1REe12jTc0CaJnSAjssolOGEIF7Eaz0cCSNxSIxNWYS+ViM9d+mFqlG4AnoxOS3kAdhb0o3XzgfHmqOXT\/Qig2tFDnf48VJlSDMHfMizonuSCJtbeL2gpig1kFTmUpSABwAAkABACkA6wDGAMDNhC2AFFGfXEp15it59dLTTVcyyn8S81OKgZyxn+d71MvWDP\/H\/yZ0CKRnioxg4kYE8g9KY6NDndAUJAO9irc5kVyEUHYiCa1\/b7\/PO7UXyHtWF05jOnlW5epvkBcUEoz1cKj1FoHg8jVn4OXxB+hMeVp6O5W\/MXtAJMwvSY1RBUIJUwEcBDbTUg50wHii6KzVTxBq1wBqLSaTaWlzZDkiUB263uSuAwEWUj4P6lD3GW+slylGFmC4b7jJ6LG5XizAQoRaACEg2Q4sqc9BVWDARn8I0Hf4LU0dkZ+vNaoeVKdqU0RHzqY="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_tot_l4_data_len":1063,"flow_min_l4_data_len":20,"flow_max_l4_data_len":967,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"398991c398d60bfa0e3f00f8782dafc9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1604822444913,"flow_last_seen":1604822445039,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":947,"flow_avg_l4_payload_len":236,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"398991c398d60bfa0e3f00f8782dafc9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00415{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":134722,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo0tZAADkGyGloEHxgwKgBdwG7yZyEa\/jQPw7nLlAQAEKaMQAAAAAAAAAA"}
00726{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":135087,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"pkt":"eDHBvV4kEBMxuRBeCABFAAEQ0tdAADkGx4BoEHxgwKgBdwG7yZyEa\/jQPw7nLlAYAEJOTwAAFgMDAIACAAB8AwMPxMHsKBsXvES1IjShtU3FIaPaV3fodKFl182Oe4PZoSDkSSMrT+G4DHKylGZE+9t1xT9Bwk1il4gkdGKmixfHxRMBAAA0ACkAAgAAADMAJAAdACC\/+Us5ZodNdZF2v1icha31caTzrjEo6ocsJu9v6PULSQArAAIDBBQDAwABARcDAwBYTWADwDiPz5haIq\/4ANExQS4rUN8wl\/YZd0kl4RFnF8cEcaXp9PlBN\/35wR8WUVU8aP07eeMzDnxs0HLL7+7teEMfhQPIt4cLWgXltUI2LeR8t5GUBjBrhA=="}
-00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_tot_l4_data_len":1335,"flow_min_l4_data_len":20,"flow_max_l4_data_len":967,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"398991c398d60bfa0e3f00f8782dafc9","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":47,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1604822444913,"flow_last_seen":1604822445135,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":947,"flow_tot_l4_payload_len":1179,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"398991c398d60bfa0e3f00f8782dafc9","ja3s":"2b0648ab686ee45e0e7c35fcfb0eea7e","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00408{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":135156,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/DucuhGv5uFAQD\/yJjwAA"}
00498{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":136113,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMxuRBeeDHBvV4kCABFAABoAABAAEAGlADAqAF3aBB8YMmcAbs\/DucuhGv5uFAYEABdSQAAFAMDAAEBFwMDADXp5plQAx+zPTYbgfadISqs3V5dZWGPL9F5D\/MmxOtwb9vpa1mthxbGN5C5qk3DeuGuWzrOHQ=="}
00641{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":140863,"pkt_caplen":224,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":224,"pkt_l4_len":190,"pkt":"EBMxuRBeeDHBvV4kCABFAADSAABAAEAGk5bAqAF3aBB8YMmcAbs\/DuduhGv5uFAYEACXEwAAFwMDAKW0Ld72I4gnpFKbYksb5ZnY3X86o5vc4TAnm6Lnvl28lBTOl\/1ciEJE0tzuICFQLYqLiQAGAvp4JxS8UJbI\/Y8Gf\/7CUY718mdQscYFW3gY3DzMteK+i+683zwJiKyze880SzM9VH3mbqPGbsI6lE3ao5xq8Eld4x669Eu3xp0r7+T29AquWsMi0oz0pA8FQvxoqQ6mNLHE1TJJx9kvHZbBLxdz1ZY="}
@@ -43,24 +43,24 @@
00409{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":212757,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGlEDAqAF3aBB8YMmcAbs\/Dut3hGv7uFAQD\/iDSgAA"}
00416{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":212870,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo0tpAADkGyGVoEHxgwKgBdwG7yZyEa\/u4Pw7oGFAQAESWXQAAAAAAAAAA"}
00452{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822445,"pkt_ts_usec":213297,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"eDHBvV4kEBMxuRBeCABFAABH0ttAADkGyEVoEHxgwKgBdwG7yZyEa\/u4Pw7oGFAYAER7YQAAFwMDABpGxdUrLYCuTorkmz+QUVhSrRE535QMtYaa2g=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1604822447227,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1604822447227,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":227531,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcmzAbtjbUROAAAAALAC\/\/+t4gAAAgQFtAEDAwYBAQgKKlL7RgAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1604822447249,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1604822447249,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":249969,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGSmLAqAF3aBHGJcm0AbsYxEgFAAAAALAC\/\/\/0wAAAAgQFtAEDAwYBAQgKKlL7WQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":287011,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm1AbvwpFrxAAAAALAC\/\/+HSQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":287254,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm2AbtLPosXAAAAALAC\/\/\/8iAAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1604822447287,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":287617,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm3AbsAL2HpAAAAALAC\/\/9wxQAAAgQFtAEDAwYBAQgKKlL7eQAAAAAEAgAA"}
00426{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":311202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybNKGfaqY21ET4AS\/\/\/K9AAAAgQFeAEBBAIBAwMK"}
00407{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":311306,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbURPShn2q1AQEAD7jQAA"}
01104{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":321601,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcmzAbtjbURPShn2q1AYEABxjAAAFgMBAgABAAH8AwOOdaINkrkni1lkg0EYhB7CXywxYLUEQaB94XZ7swcviyDoXf8Mnld+CWLGSYqiJkQGZZHCItfbHLw5GpALvsX0fwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEIAQAAAPTk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1jZi5oZWxwLmV2ZXJ5MWRucy5uZXQAFwAA\/wEAAQAACgAOAAwAHQAXABgAGQEAAQEACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAADMAawBpAB0AIOfwyLIVH0Su0me3OGwu5ql9kHcNhOKA2\/oA4t1UmEYWABcAQQQbVWVY2y3r6Noo9p6qd3fGD31lfhwkBleOSQVZR94Q2uMqa3NtF3kY1er0qJelDJ3SvS5bjVDkBqwPJYfE80afACsABQQDBAMDAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAQAcAAJAAQAVAGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1604822447227,"flow_last_seen":1604822447321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00425{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":325440,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADcGU25oEcYlwKgBdwG7ybQgqbhsGMRIBoAS\/\/95lAAAAgQFeAEBBAIBAwMK"}
00407{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":325515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEgGIKm4bVAQEACqLQAA"}
01104{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":330671,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMxuRBeeDHBvV4kCABFAAItAABAAEAGSHXAqAF3aBHGJcm0AbsYxEgGIKm4bVAYEACqNQAAFgMBAgABAAH8AwMTMNwzO21ZEZnBJ8YoE109\/i6YNzxxygde+NFPk4Vg0yBtnXms51StvlcYPwUtQJ3a2Aae1RGCTFOxqXrJXOFBFAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQABjwAAAEMAQQAAPjk1MWM1NThhLTVlMDctNDdjYS1hMGMwLTIyNWRhMWIzMzE2My5pcy1kb2guaGVscC5ldmVyeTFkbnMubmV0ABcAAP8BAAEAAAoADgAMAB0AFwAYABkBAAEBAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAzAGsAaQAdACAAGB+Ylz9tQWb3UZnj0MzC1iRLGQar+XyEWlMZnweIGQAXAEEEqEtOLMcAlryMSCaEMrbAEwrL0bH8mkD8soGNzp04CSJANtzqXJe3j\/dKAkxSvfkPUgnR4yBBz+PZw0ry7VkmCQArAAUEAwQDAwANABgAFgQDBQMGAwgECAUIBgQBBQEGAQIDAgEALQACAQEAHAACQAEAFQBkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":822,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1604822447249,"flow_last_seen":1604822447330,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00425{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":368937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybVDiAdt8KRa8oAS\/\/+aXQAAAgQFeAEBBAIBAwMK"}
00408{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":369036,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpFryQ4gHblAQEADK9gAA"}
00425{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":370587,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybbraGnySz6LGIAS\/\/8FNwAAAgQFeAEBBAIBAwMK"}
@@ -68,14 +68,14 @@
00426{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":373226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kEBMxuRBeCABFAAA0AABAADQG0+RoFkiqwKgBdwG7ybcBQwC0AC9h6oAS\/\/\/M1wAAAgQFeAEBBAIBAwMK"}
00408{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":373287,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2HqAUMAtVAQEAD9cAAA"}
01378{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":374307,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm1AbvwpFryQ4gHblAYEAByzwAAFgMBAsMBAAK\/AwOo7n9Ps15wBazvRSwP0XknzspI1stxfxt\/UzR\/iTVJEyAC8G++cc8\/RPDfJFBfMKnQnmiwhlHCQVzbLmLhap\/o+wAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgTLq0AqwNou6MGsB1+SYEgJSmTUTOD\/TxJYrSVvP1oDoAFwBBBKeqi+5mZF4FqrZM+Nc98bOF1LLJjzR7iMhqwT8EHpJcTJIoY3Ocwhydzi6GkM5amaGkSUUhnwcxZgCBpYGYspkAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIFOmheJL4xy5gpY\/yJcKeKS\/9XQSn93DrBI1rxRCLVANACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkut4Z8rAnlJ\/BQOlO633VmiJBVo0HHpTYKwow\/UrgM4eV1qOMwieMsrNSqM1l6bwtgDOlVaEPC0GRn4aCQtU1XP2X4FcQcEBgB0TQYfr+VqTH9px\/hRvQKbytE9L34VP2TUenG1F8iF0heywb5ZSJNRlrHCwIxo1Q1cFXgSmt+bxqFdr2xk3KCZcGELX4JsHF1xtxipkI9hU2eSqna\/RV\/6OZjs+0xDobkL7dH+C4x8IS+6ZbU9dcdpF1KnVLSsBAwCn4gdmjyqOcJkFmyD9MzJR7Kox31au\/1ccnVPYgJWTBHIf96KJnmFelvEa3Tqt25pUSu5EXfJqkJM4E5MPphlNhuXtutSQatEVfktgwClJtegRW83L4awezF4ogcf6f2s73jwAcAAJAAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":20,"flow_max_l4_data_len":732,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":829,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447374,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01377{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":380742,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm3AbsAL2HqAUMAtVAYEAAkOwAAFgMBAsMBAAK\/AwNVI7InNdA1ot5OdKof1kA6BpGq39LpfrSaqLEJ4t4pyCCv0oSr4LDlh2WzJ9HwxgZARteBYDIbmU3nj0BJKwky+gAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg7QAbQ7koWJMYoOecI197XFg+d23v8PjWib7icO3n\/FwAFwBBBA8OlHTHMCeAOzQUay5DCVe2ET8f6buSW4LVGxdHe8jrqvhXpCb+NoAKMsX\/aFrJFFo51N2cc4w\/Fh30MOpOulUAKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIEjhe5bsavzQ67r6YZd7oG78oUtyH0sMqVomsLYebm5wACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkGl0dzIxH3UbiFXD\/ti+ZnNhfaZg98I\/A6UThXpUgVWxUYvURDuH8NPk4Yq3Wst5v1HkmMCj4IVcnOzpyhEPOCiWeUPZXAZ4C3Zu0CMcpfFQbdWpVdpuIwE+\/Jo9nfuvAdM6x2QV3DWfmZjs5LPCegAhmYb1Z9kADX+9l3va5NlStNZ2VFMQja7+fVl0pkiRHXepdGBP3rxz5pEAqsK2x3S0wdezniiFt5uiKguifcr2z7DsmYE1kM\/9e9xwV\/H4+Yk7MFcFkSsTPg5EZY2llGE2vj8EVxsCSYDBvziAk02Bjbvs5qsudzlQiboR7Y1bxovyogiImbMIdV17\/v5\/g9VPZmxrlZKp6AB2jx3X\/4Z3P+WoYFKr4VUuHGSa2WCRn\/aBSJAAcAAJAAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":20,"flow_max_l4_data_len":732,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":840,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01375{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":386869,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"pkt":"EBMxuRBeeDHBvV4kCABFAALwAABAAEAGxSjAqAF3aBZIqsm2AbtLPosY62hp81AYEADBvgAAFgMBAsMBAAK\/AwNRUOqW8fcFAIVJ2wDVWV7C3Kd3FLHiQcf08yw4FN3iXSCr++V7bGNoaO02ERHmP51fO+JZbR4AQQj87xtTZ0QmgwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAnACdAC8ANQAKAQACUgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg1\/nF9GBjzoBJP3vChsI3TG08\/GK1TsqGFkFsvA4YsTYAFwBBBM6shgU+jIrVFTkZ9XOduv8uISc+1jmvtR4\/i\/iVQ5mkzXP3UH4e2gztWXshEhxsgD9Q5DnmNDoCVwQBrWyhBo4AKwAFBAMEAwMADQAYABYEAwUDBgMIBAgFCAYEAQUBBgECAwIBAC0AAgEB\/84BbhMBAB0AIIL8GVgWuqJ31PIAS9EwGQtG8rU0tCk\/N7q9r130NnNwACDaMBYEhaJFdPvKA8z4jgTRVaj7hLApJOUFPiWRVXl6mwEkS8IkWC2D2bmZ1aalyMpfcETszLdbZEvlB692JDGmKS2g777tYyoryGh1b\/cgxb2Dw0XmCzUpt799pNsl5lfgsSb\/zWK7FUTYSo2B\/3jOPhS7A9xCnyXTSYLUKwD33PzWwKbZHq+itqMzgYfes2eqKe1zHFL9BWGSPB\/yCuItpWVRqR\/vBTR8RtAcUd7v1jo1gB8dmhG7Jx6xY5Eufjxl6HfZY3+g7L+DeH+NKvI3qqQ+O8gr2YFAyaInp+4djrXbPsVdnGNailJditx+fCJhojUSCluxDsiDydGVbRxMt9OyK2BuCFCC7gNcCbFUB04DHqlhZREnseT0GjaFHQJqQMbN02cS6Eo6rN7cQDGYg6nBwThwqMwQ555qhDUtBoETTMl5QQAcAAJAAQ=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":20,"flow_max_l4_data_len":732,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":841,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1604822447287,"flow_last_seen":1604822447386,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":712,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00415{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":410183,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo1yZAADcGfFNoEcYlwKgBdwG7ybNKGfarY21GVFAQAEIJRwAAAAAAAAAA"}
02395{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":412088,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kEBMxuRBeCABFAAXc1ydAADcGdp5oEcYlwKgBdwG7ybNKGfarY21GVFAQAEIg5QAAFgMDAHoCAAB2AwMcavd69epyTMjnT6sQ2ZO5Z55GN\/7ybaCLUCO025nwrSDoXf8Mnld+CWLGSYqiJkQGZZHCItfbHLw5GpALvsX0fxMBAAAuADMAJAAdACCqN+wxChHZ1AJ7q8L2BAyopj8kVlNq2EFLrbeuXbdKMwArAAIDBBQDAwABARcDAwnjgsvgNH4JSFuu+G0POXfez4alu3oxPYMgzuLzcho0KMzqDAG14PubVn+Ci2br8U5ojvu\/qWDP6S79bF1PNBt\/PNA6UF8Jyc49FFyQ8AAu+mQPpjW2MOfFuxsEeDJ9txB7MQTCNgKLGyVU7HIBWGfx8xHNFdqwDL4QPN9HjFy2pj8ePvInv0q1Z2DxQrOQRMXb4wCaZHKv3FMFd6Zq0DGgvoqNbkAS8sqEa1xrgmD6jGwCKxYcj2ZYCaMRQoMMu\/w8LaCLw5bkcdEipUEPPaEvpPrWEJc2nyN1MstzOMU40rWVtMVUnii\/G0xJ00Nvz+E57yqo\/b9ZqMbQw\/beVo1bRgYYwrGmhmG8TU4uCPnnyQb2RUrI+DQVVA\/Q3hUM+\/I+MQae94+4QA0NFVbJ3ic9DzSD5iIrp+Rl5JsUQoR4RAM1X6lh3\/2BE4BSIkYFWTc\/+LT0\/e04TL4j\/WNDB1TOl2zf1xfvMLPzsnvlSD3+ifBcGEeXrMY9l3lXKnbhZ1wbSyVnvYNJ2shf0SHXV7AMhv6ch4ipE6saqFjja4gqvA+ineIOcitGazZK\/wtitnpzQ6eK1OxVESnIkBK+mK\/Nn0JzPIwaePlpKojrx\/DZAMx\/x1PL2mmd8H0ZLONdGzJYP4f\/Q6l608+2h75Os2JQDN2jbqxVaSKB6oQ8cXdFXTVFbwLo1Adz55CzcsVjZ6k0eMrr3DUm0ZPUku2v+cwVlNNoeGhSf3K3Y2IM7Lx80CL4TQ9DNwHsQMk6AK5n2k+fe0XJYRFk3Y+llZzZBZs7wlkvwvvSccaw9SGozAtAfTU0\/TbjjRTamV2NF+5CI0wTLH+QjQ5IlqM1lMO6qBMKh3tLrEN4+EzCYZ3TdI\/BQCNlz0khvUaNzysg3FveoCkZHRXOmlqMcYfrBA1baCMBleGltBIAw42D6wYRH06S2IWemPRAk3Za+8c5Sn9AmdVTLJ+ZEBBxVzdPeExbPwTpWbokj3H1Yjg3qFdYWu5NckxhLkkCypKLt1x67QcdRctvOHusbzR\/Z3f9aRh4h1ufRPzp\/KOBAkP3S3+3MTdHf9CKk+xpAmogxtqt5FnhkR9fJY3XG7lvzNxewARWbYnAOmEHCuglFoStcdXaiMilTeEDHBeozmJ58LHCMIL843gFTTBVvyByLQWvkVpH6mmltxUpcTolHH+EiHJ\/2QFL\/QWtM69E4bxi+tUk1jIa7KbyRvo1\/6tDjM1\/cRrzwxEXfEL9LGvE+qivXDcIWFZw75t6EBk4sgxqcqCrF1h6eXQpoyfIYDVSAsna4DrTt3amocmSsO1NyrAVJQPpjkqRLPIkyV9DS0\/9YjYlky9PvgztcaZAG+1KEsUc9uN76gmbrtoeqOebjl721PT3m3IIIMxPl0yDq75\/a2n\/evsznSfVqYj4RsBIvvqUPfs4wKs+VdIFBbdcXiRHdxYNnlBL8nkg1wur02r+Rcu3P40D84KYFkxYYtU8kBb36eueKV9rMmlZYpq4Gklo0qqp9zP6dXcEps0s5w\/OWnn49CqGI4qOj4swMIYMZ2j9sDDuA+z07o7TddcCtEm64zI3ryy8W4FKIbYtmtrxE9aiXs1jqtZQJb+mq4lxQ0GQXxEhROQAfvKo9HPV7iANrsJKkMCg4xexRgM\/pa93OyXJSHyei8fphJVAkcOy6ORtTa8Iz0f46PxHefPob\/uX4CPmio5sY0NagJyKVuK7Fq3ei\/7vp4+RnfoaC+dH8ggPd48pu8YApsOhS7CyvZ\/6Al0="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_tot_l4_data_len":2133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":843,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1604822447227,"flow_last_seen":1604822447412,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-cf.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02047{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":413124,"pkt_caplen":1263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1263,"pkt_l4_len":1229,"pkt":"eDHBvV4kEBMxuRBeCABFAATh1yhAADcGd5hoEcYlwKgBdwG7ybNKGfxfY21GVFAYAEKBnwAAk0GbczxAuFwCGHEF2m8LAFd6H1QUpVF5KE5756z6T\/vc\/0GTNplZsPqln5lIPGTdMJDg2VwgAX+f4q0VVW5ccYJV5LKvRwknJyLwFE\/QX5TmQnLgS4Ho5Mo+aalS6\/OVlPMaoSZRJxbNXGfd5Mio+23YRlgFOnj8QmEjRKpGbm+pXZDhNbL5fBxLuWHecpW9QONhfI3xkA8SK6MSAyCF6TXF2vXSJ0438WYDRoxXpTsngXQpToFGSGU49srD95NyEB7Y5FYp7ibrijkKw6IlARWWt5baFyAwleR3Qtn5mSFgXizLRK4X58rDEOChAEN\/mdiuGU2uTGVc4TTrNyIeQ0W4rK5N1fc9R9vr4RZDh00pox2q5cVIHMlgz2fHTrr8ri10HnJyZ7UzoSCpZuDtbtpT6jwpA7SqORKTFZzSW7tOlTXIhWPSsHxil2ADoyb1Vmr8BPVb2OGfh9SS\/coYGo9AXRqhoZny1wA26Ai48Nnbe+SWxBPb8xGeDhQFK4VP+HCXstOXCu1VV8hq4dSiYP+PDCpTF+7ztrDOpVlMEmvW2jyopysizCtwZxTl38mBz1URUot4\/ZJWMziTwvkA+a0qcr4M8s02l1Hoipp7Q1FXz3pWFBaMd+acx75ihE8RwdYuFj+wn0wEJeRigRrG7oGBu2jZKGK5XU+lGSQE3sMzlPeNGJU\/DL7cnahjNDbR\/XgLMBSa+dNCSSOVgBx1\/G8KS7cF2o9G7I8XF1VAsRMaEMW9lsd9IlL8TyANEDZSh3PO9GwVvlMd+PBVUgShPcYEXFIA\/5cgzLaoVaM1yeo06psVqGyKopJaaXMTIQro0Hqb72I01whXEzfc0rmckE390R5tSD5fz6d8wkVFIuUGnuRPBSuTYfhwirjRyFfW4BTseaHZQz63YG0Z3N8w\/jHOA\/8Y8+rJW6ES8B+iJWG+fpFsIs1EwQ\/i6uFf6d0+FqlXW63skMKrUh12JQYyqmEJC+PvQ11SlxBjBTdYxTvCL9GUzN1sIvePX7ZD5wH7mDWkMFcTpRKzPQIRLJCYsZGIuBveGLl7YSAzmGaMxeLY41XgdI5R\/wPlvfnuzQ1Aip9WfM5GWrUOAj2ki1\/QKVUPJH4rJvpMZkkmNe2A6gPqU8kLHZlwCGCkUG8xrXFtr58T45BJEj2EZb\/3lC1zcDeyCs6lwFuCERKcIuDxo6iKf1YvfhaoqmjOzfkFhoeR8s+xXZVYsZ4dZ85WZfIk4uCJDOOOFeHKW7mS4PTafW2qyof6jBzg7uErPGSALJciqvap030PvRqypDTETb65DVFQmGc8Xi6u1cgOZKzcNkBov2no0MuwkXNzrkIUVwy3NDOXmXX\/k1sM6Ej6jdFFgTJRU8vOIxsKIfpsddCQs0IS3OLbNy\/p2FP3eOemIPBXICPNHV4z8ap5ZaQKe5Z8GW\/M6J2MxDd\/8Q0feRF+hV5NcFNx1hZG\/Vn4mnNfG66EPxDGllBvoQY4e4DtaKZ3Y4Nxvv37SkWGldifwFXquaxr0nFPJ+1VLci1lV7TVr77eHqLWxjn+tyDEolHHrJg9zvy3bm4GlKCdLsVzvpyqVzaSCN4Fg4B8wbvIFne1McnxUCEJK1jLhw0"}
00407{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":413200,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcmzAbtjbUZUShoBGFAQD9jvQwAA"}
00498{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":419237,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMxuRBeeDHBvV4kCABFAABoAABAAEAGSjrAqAF3aBHGJcmzAbtjbUZUShoBGFAYEABl3AAAFAMDAAEBFwMDADUZqwsLW1MkWOtGmKUtw8ZXCceoyCV0DTl4iQE73N2jzB8KcE69+NyCK\/3rgG9EB0B1hfuvyw=="}
@@ -83,7 +83,7 @@
00865{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":419947,"pkt_caplen":385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":385,"pkt_l4_len":351,"pkt":"EBMxuRBeeDHBvV4kCABFAAFzAABAAEAGSS\/AqAF3aBHGJcmzAbtjbUc+ShoBGFAYEABewwAAFwMDAUapqISxyd1BytUtruRAjlvHAWEzunghyACYcGXutUMynx51\/LnfQy5cFNJI5xItTfkbGIJlelhOZsCTGZ1ecP67b1I5kexz\/3JgHs\/IMi7b+DDtfXNa6GS1CMIJtpf9OFCdneIK\/UOricuj+KTpPyWvNEJEJymaujLFM62NilxmeicRY1RtDMMUcVzHi\/I+6SX4WfDA0TcQIHGG12nOz3mHvYDumXT3Dp5IFtilkR0CLLYYfsLVVEMzAQD5sezmQ3wvbjcvuN2yS0ZHW54wb1BOopTL+x1hPGO2phGIGnwQ4e0Vnyi0i51lZjHdBdN5GUpGmNd+\/2jC6eZ58u0mznNA+WFzCA+RPn+m2AH58rktqRcOGZOHJkjW8Yzl\/cvlkD49VM8Nq2LaXJHOJzE\/vTtuEkqilIzbJYao8HG2\/YjRRGtT5fZEhg=="}
00415{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":437859,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo2NFAADcGeqhoEcYlwKgBdwG7ybQgqbhtGMRKC1AQAEK35gAAAAAAAAAA"}
02385{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":447323,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kEBMxuRBeCABFAAXc2NJAADcGdPNoEcYlwKgBdwG7ybQgqbhtGMRKC1AQAEI5TwAAFgMDAHoCAAB2AwN+twpEuBVBrLJlbS7VN0KVhH8xDmdMoENCh8FDMf9VfSBtnXms51StvlcYPwUtQJ3a2Aae1RGCTFOxqXrJXOFBFBMBAAAuADMAJAAdACDq6FTxJNpkez\/Ya9YUkqOVbU6SuHI9Pnugtii\/AsPfVAArAAIDBBQDAwABARcDAwni9b2Q+awCZLhpvq6rx0GBoqGR3hcbfiwVCVXoR7vOc7EQih2E7Gn+P0+y03zVWWWtTzs+EleCa0kqAAjlVKwVDXSMGxRFY1DiifKwL6cwqd+r8BEyw6J40QdGFir5oY0\/2+Z92HybGi7SYNCcLYT9QXUZ48wvM0HPB8VGZqqAYJGS+Ayeo3Gnn+BkkJ85G+otxzotOaKKLxfpKuAyR72prCBaP4e6vs3GO2wcv0HUFluExF3vkikUaYk0BLKIYKe0HwJe9AJQBqmjIhg0IX0M9hh9+27MNkwRinQUkFOstQyGtAmL5UAyINuGWFWdYpijxLXm4xlFD6kNWpZOT8qWmyP07VuP\/B4sSdhaMr3\/cMTTa4++fUfBMwgixReIgF7twT1aX9bPOh6oQiMTMafhG2MDDsavT2ybMYOrQI4maBQ5GJPSaNutg7o7zdYMVgp5WpS14Yk\/jlQjf6hVcnfT5ndI8HUoKm+7o9lZi0CSoqQ6pBphGuzYlkT0+BJgDItbccwYMIpIAh24FEvCEibPdqCERy2hyHXCOEVhFyzx6RI+uUCcruc7d5lgI4GEsfE8cXkW8ELlzIqcbtChRimY+R\/Xt37L9cjdu7CW0KXqtOgBsFfzLWBW\/N3qJEsbp3V\/WeTvxV9fV0KDpFZsDR8PUAztfYyxMP9cno8iDwO2kFMOYcyDjn7igj1l120sD8tIRna946zzGjnRb7v9qxDUhpk+6y2AQRl\/a4WLo6iu1ZaKwxsa\/A6rMebceQRn9quTtEwRvxU+UN1zm71n4oaqoUhfNNp3Kt4dhupCaarybs8m\/sNWTQppIvxpJptWAawUrGPqCttzsEpDF0clBMy\/RZmAJQXX3LPt2pkIso3ZLic4dgzJol269WK58oWKNBXqIvVBqVZD1U6gd6ObTUD3GnZQLVrj85gloQ975ywMo8DXWuzoIaj+SzYB+SVrYps7IpHEV1sb3kO48CpSrHrWZ1eEA8SOkmNDO9if23bqY\/xsO5l2nd1AWTCjzv7n\/1gCjCfwkGNosweBvOrsE626qDGGdy527VxJ5+6TJUwg2xbDCpFUG0T0t+7PlI7BZQmuq5U+gia5McTvv36kvi5FVPVQnQ0+UaxM1BJME9QcpRMogGVXZSKsnVu657nBtqhSsSbqVWWLuIA80c+D+ijvxFW2v6MgFU6SVWyfm2SefK0waSZ6\/WHderdsxFzlSxKpqnNNxHdA9I9WXsAfpACp+EAxlDq86N+iWS05ntTWZGLMApucPBXosrfWy7S+FURs0hCvH8iahssuTq0cI8b1S\/5FulOzpBKcgdzsIgNaV77OKrnAPLIoRKphF+JGKEHBzWNGeb+VZGbmzysGcZyFjcg+Ha99lJ3j0qApEkzjH2wTjVuHeqPJC3Va3PrT8XmRQaGK8kfPEk7CbAFWQevHVi1wAq2Ob2F9fGca5UiMqPg5nTg997CmWuQ6zm443iwiTDXV+s+h\/vZa1iMrhsyOBFFpCZ\/qxSTcb4u9Ll++occs3p07m9mAgDVy2\/fbJEwnkmTf7RrA3smPGrjkopVc0yBnuAezpNSYWUXnN4z\/pxbXlYmpWAQaanC0haKXKpVlzGV2ybBABN3wjqVHOfmrD3A9U038GrWUFXr5P7e7hvqDdhUtR4mUBz7\/VRegW5s8RH1z1EGIhuhk1SVVqk50spv7n3smOmhmiR3GA7mGskcvlctTRGQ8jbkwNYpKd1HF\/rfnSYe4FM8LKl35MH7o\/C47hOIUgojPzOY="}
-00862{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_tot_l4_data_len":2133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":882,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1604822447249,"flow_last_seen":1604822447447,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"951c558a-5e07-47ca-a0c0-225da1b33163.is-doh.help.every1dns.net","ja3":"1fd36067223570569bbf156fece40978","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02046{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":447877,"pkt_caplen":1262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1262,"pkt_l4_len":1228,"pkt":"eDHBvV4kEBMxuRBeCABFAATg2NNAADcGde5oEcYlwKgBdwG7ybQgqb4hGMRKC1AYAEJ0OgAAWzl5kO9BIXBvC41eaDfdG\/GykLbuGlHEboftcLbdOxDqiBq5aOI3Ijy+fRG6TOTuNC9FBclXUCZmf\/xPuJl4EpijMT\/qyEjxeKvDK9YNaZqIQWs\/XskKqeVzJzh6PhzzQIpu2Tg0dAz6Kel+shW4DDqhItRgsqZ+YAneBWU35XpB5bA5jDMoIUUVvHuK5Sr+7hOXPlt+G\/ATnSyOgdiaRUSvOlGRSipMs4r4dpPvwlSCPzzgSSEQfRssZl+szudeu8i1gzIpRI\/5kPZtjq3+YX4vX3REU1t92UNUB23GUdu0tgIGnMQWYOyJZCwztDYwOPJewFefNpIeDeFZl811+88K7Nee3rX5LZ7Yg2gyl8mpEyCyzCjWqpPB+dVLrUN04DCkhHrfiSkMVQvAew0XtLNsk7e+Pv+PRze21KZ1QQGP9PhD6EID+NAOrSZP+lT9+AGiUNvhp6tLYJoq3z01aHM637giPloxE9RipOMp3mnGHh6tNqwnxccHptW5rp8gbkx1CEAk0ak4em7tZ8sA67HzckjGeFXu1Qo\/S2T88PnmCU5z8HRYxo593y1JWCp7q+TKHtk3ose93EypXg+nAMJmiayn9jvFPsucCyRpcsqHlmC2I9tKi0fVq00RQ5bLUV6mad1AWOQ5Vy\/7OTpemVfg2YMODhcDFZEK6CHz9HqU+YnT\/vanI\/OfrTWkcoPpb8zte8wxLGE205j4CyPQQixzTPHOOvo6qBfzdzWxKbRn+eGH\/hICJ3BEGD8Sj+EBOrP3ElWDqidjrpPxim1eZvQuTbzzZyUHn2Y58nE8\/VCzQOC766Wy7KYRSj1zQ39Y14LmiK8PFA3yd5yA0XzavbjpeXghZNbX52zg9XkmXYSPT11nrXRwsJiaW52LSAzxZQXCH69TayX5Z5AkgeWJHMnzQANtdDxP1TDmknOzhKfMTG37A8Hjov20Gg\/+lZK5F\/NBAOO2usabZduNYvT7vKb6jENxja9QcZEiYaOtrfPkH86LMGS6Je\/YeoOG0RqarIBzyxMRqdJ+POOwigEXUr64cAQBlOBUUi4yKt03uvf5uUhs3+Y7Ovp5dA5A08KlEddDIif5akZWDdyI5FaxhfTww\/reuytyr1hqbsJSfkKDMngUxLeNwQAbvo6y9YNcgg1V1vZ5Kz4XZuRSgLkUxanDF8PYsGxEOXU1Xjq5dNfsn4nDLJZzAR0coBOtbrxoTgMupFDgo13Di4VbKAyJMTn17RUNlMFnn4Wi8DwihLArqtaCGXzH3JabdbNRqJ7fRyM2tKFj71t6J1YEch9UdBYPGb7DJpiUe6+Ib5XEHvKnalLheZ2CgZFpFtJbDZkl\/H6wZwhtRFcU\/OhSSEcHdKt+3KM6hKJB9tw6eFyGluFqSahGsP7cEEXV4MRjS6WwV5xkpt5HtYMGftka22mO1zI3rw9A+4J78FoDnfO3vMB2kVtSnJIxM42x8db\/XJJ6mSKsttWCRp\/5vBTV1XkJf2eRwjq4uf0IpBctAi44G1gKb9b7FKbdcedOsCXYG4VpWIGlg1z4vsp564HVr9huvv2cOBEBcXOesyhiNq8GEksf20XcC+yUVcw4elFS8mlM6\/3cUMvyP0g="}
00407{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":447990,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGSnrAqAF3aBHGJcm0AbsYxEoLIKnC2VAQD9ad5gAA"}
00500{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":457175,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"EBMxuRBeeDHBvV4kCABFAABoAABAAEAGSjrAqAF3aBHGJcm0AbsYxEoLIKnC2VAYEAD\/PgAAFAMDAAEBFwMDADVYttBPRczgJAloPBpUJv43CLzx2C6zt4Xiqf2J\/YhsPWHk0Thg\/pVwROSjKdfU9vq9bsa9uA=="}
@@ -91,17 +91,17 @@
00866{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":457980,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"pkt":"EBMxuRBeeDHBvV4kCABFAAF0AABAAEAGSS7AqAF3aBHGJcm0AbsYxEr1IKnC2VAYEADRNwAAFwMDAUcZHk+iKBCZCSLsvsnISUjbyW3jl0DUTUK7cPphaI2BaeXdvVzdSzVbGD9Izghvp+mXUOXgj\/bs+j6oCtHr0RfRuD0zHFq\/na+wv3yQK9PtaDRKy3uJylRZFkLDJ9\/rHlSEVh84KjOjJIUivpHK6xEazQZEWcUcipppIOHn8LeyV5L\/MSfa+u11zumMNM0CoX4LGwPmrzoGjtlezWcohyGa4vel1EkIqhXlFWTADjIj5nhWkXCH4oIRNfMygXxoN2PrYN8HtYG1rpeGgBD0+zWrvr6TzWLydEa0pg7PAbSRES9m\/9IsqURXu+ng4NaTxNu1NIEtslNHj55pm3JIb\/lygEji3k7++9o01\/CnQjVeD\/\/OcSe\/gClkpB0ZS23CD5RLC7XGhNzFLwvu3t4e\/Nq7L1PotzQcg1jg6Alu6ZCPsMZw+vcuPnI="}
00415{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":498308,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoH25AADQGtIJoFkiqwKgBdwG7ybVDiAdu8KRdulAQAELX7AAAAAAAAAAA"}
02389{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":500011,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kEBMxuRBeCABFAAXcH29AADQGrs1oFkiqwKgBdwG7ybVDiAdu8KRdulAQAEKvuQAAFgMDAHoCAAB2AwOfUG9UnY6OKS\/r+y\/oX89OOM3yixeyQXCggB1Eg6g2ECAC8G++cc8\/RPDfJFBfMKnQnmiwhlHCQVzbLmLhap\/o+xMBAAAuADMAJAAdACBZuoVug1CQDJcZpuhsAMMNX74Ws9J51n02lEDr1IEVSAArAAIDBBQDAwABARcDAwpd8oOT5SAk4TfaLks5a9vdeMKaJmjqcEO0nZZJ5ytiSoI7txfMubRz1GYbVWgyzFmBxh0nzkEzisNAJaZamQ5tymuq4XMrKsaxeaEWiky9yRh2MWVxuKWTAsvnh8AvS02YxArdYErDpiZqKbwZijpkFFiSUrD5Z789B1soMWgkA73+InikpZrFkPxRMsQ\/1M9Vi40JJm9hXCL90BkqQ87IkRbNG+89jrg1vvgg\/DVZjPLinWe6BCyIOQ5LLNMjg3d0gk7LI\/J+cyazKqZSgq4DuO+sx9aDwGsZh1o3PN87fhPZapFQNcBfMo4NLz6O2azxnvM6us+waP7W0ArM1M3WsJ8a5hUjhAKyAxznsLZJyXABYckSxhXOOMNaq9vva62ZFIDAPppVHvama1dLK\/Pi+aF3HF9Snx9w3Y3pAD+GXA7gIILtIafSNvdf0iudtkXtJKTNkwdMymAZzCwlLVLRPdfE\/Ph+poF7kwswNv7e2th4CeDGcfvCSL1gj6\/i6Ms4TY2vOS8o8m6SLwxOEi0mxDtQt3HrFiVGGeQ9TdbD4R+6cbJpY+M+6e89\/ESLhfK\/OF4xNmdij3GqR3Gpqlrz0BY\/5dXKgCzCiNhTiqvfAk3tfj8DzpVgJRpa952b8b9+2FJDMb5eJS4d5ToZOAx8WnKeCLdnXJwVrTTySF8hI4rl4Ar1RZleLGp+dM8xOS1loObSlB8XVWaQhmt4J1ZTdpsnCnwpTXEo\/y6TZzJWIjn\/q4fqijVNh9J4h7bfi99JyZ2jGcRIiDuUWXu4dZxwHrc4uW+9XQOHgHer+x7TBIrQ5NXatbll+n4c8dPV74GNieTdq6OwcuyWjUDFhogW6mAD0gSVLidKeO38SfKZH9JVQLGt4TCEL9xxMLQ1HHi9iH7y14gg8QzBI1Xz3r3aOLNQDA744ylSQlRhpF5c89JY\/6yuVghb2PYMbiEHFzQPCsp4YqzIudalf66Wvu7zQEE2byjJdVcTTglm+U\/+g6EVfpoQdDplfYKD+NgxpHroTKcJPiGDQwYZjMHkz\/plfEZ3Vaq0GBdhkUkeF2YvXAz3N7nin+lmfhpNJtALViaoSVYjHUyCzSZ+RDotB7pt2n+qEOXGnJ2wNe5Gh2C4kak6srxghAv0SekQVYvJJkRKvwiZ5Gu87YhcVOXIGewzJHIUDis9D4zeht8rcIPMGSl1oRHhj5lT9vJaJ6CE+RjgV1FKOMEvTfHi+z3poN9tBb5cPXbg0poteugEtx3jLYWgNLEw4\/kcLJfG2EVcWJtcTpDwdIqW2RPyl400YsaF1EnohkwSK8rMERtNeSZfo3Onf7w9suMVDTDc9xWC1E\/2FzK9pKajKGba2Rxo4lvKX4wgRU64P1NPBf8y+V3PbzC7d3vza9QsDqNqllo1jjHeqIxs65yrh0xg15VwpRye8G8cHqepRRH73Bcm\/3AnxATG8nNx8Rq\/U2NgbNyZkeWy1WUINRZDYpauuzQe0vQPcCil3tsff0VQURRjVWIrRvtPhCqvLoC\/C5\/BUn0sYWqJnejsed552GN9xHhZokbJONcztD3BK\/EUo+eD4KpFDEOL3G8sxtHk1aVW4CdMlHPMsRxBStp9HjDoyATkSBSgbzdC4omMk75zF021TNDSf4h7r1u4T\/5SKd1+RKQmH52djYAQZoYkqC1Q3MF5I+WxxMkqZ5LD9EXw\/oEVaMheRCEuppSA\/htlEBkzREBQ5B6tuSWdaBCSvjf5Xw5zvYdBRkap4+zgUFlkKWY="}
-00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_tot_l4_data_len":2328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":944,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02214{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":500684,"pkt_caplen":1385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1385,"pkt_l4_len":1351,"pkt":"eDHBvV4kEBMxuRBeCABFAAVbH3BAADQGr01oFkiqwKgBdwG7ybVDiA0i8KRdulAYAEIRuQAAZRTYKi26RWXUWDYycC8KoD6J1\/U+TR8nmUbmCANL6XXXw7bxDSvAWzUNtzSbBrb3094dDU8jpJOuL+67gSO35r9Garacxn40f8E8upz6YY3p5esVjD4oBvZu\/c5jgk2Xg7xsc4\/1rdLUjlSPwFMnuNnb9dFyDs4JsSErHuPFRb7\/9uQJ9lRy9rq5LTxLSPjZaDqiiO5mUvZF3Q1B7OjBFMZI1kPsMiiEsT9VIQpE2vJWS0vj\/Ffx7X+7uWY16+SsEfEnuv9vzeZl+EWpj\/xL98DSfcVHzW+euQbgrP2ZVc+K7IznbqiQ\/SD4DUJNwOpgU72wnmtCCPbocl756rbtlJKGpPUWX0WyiX4pkzMXd4BoPLiDBRRcsNWQ8\/1xgklfbH8ynonUZ2gJSnY\/5nPp69bH+aD+LL9j89JVAUHdfX8uCNndYH9zHE6uiQohHCb5y1985prHbgn9YygIBv0HAJNeuqn+VwqK5mP6u8u5XJ0102+77ZRCbTcHEtIDqoKGUS+kLo3IONsQPNtnYZ4YteK4mUYhMO74\/fPzZa9qQIWrEsbg87pUrL7s3YQ78JHCxDgPEzeohGSelzG+D\/wK0f7sZoEWfYHg1NbaazwS+OyLsPZmpTwL+lvWLzcSZHt6I8w2aO2yUIKmmL+TKEJuwqVLW6DaOWpL5v0TUBHcdE2NuWivl3DeWwkliaIPF2Mecb7ByhJnz3fsmZAfsF+QkO06StrEnuOy++32PzHfvpBE7ksq5TQElGYiBurgCtfhFP10Ps7MRkROczZ63G1kFIeOFNAvXx1Iz9UKHNNzMok6eFrADapcw8RxdzhearqUptbu2ijdw9Rqxo51QtTMNw4KrpiNqapHwKiH5fwEBXEjfwDNUCXsZEhgmnNYB6VfWOZqx7XO1pC2Joe9Wk9cZgknXjmw3Nh4M4I+tnzmqHqOf+bKn9upN4MTdXhVwtJA1M4EHoACwp8EhlW6juyfEO5oDX4eYQb1quLbdETkBEAhz\/T4nhgLaeeiIL\/mCWdukyLRZsnQYaCdpLDs7pQ5evApN4+GwWIsRg8OKpeLme9zvLEwcRpyp2ul71WvIKgaJkz85jT3wTF8GpT9h6Mzp6Xp+8Vrglb+mC4gjQIDypVHoIVEZPyRl+6xbcvj5p29Nxl\/jaqu0KlAm2pM5sPI2kFNm4YVI5nUFnzJ+PgkMsfdcVL0uIrj8DwoxQX9rMjt2pBbMVa1AmMdq5a8wXTdRLqI5YF02\/F+4c6aRDV9wK6DjY\/0RoKwvrq2J3\/AOdS2\/q3mkp\/5xm48\/zUyNM0+ejSkVyPCrU0Iy6wkb\/KtdwJ4AsCCJRnKgWoIEOctoj40X8+ghLxMeUHIgcCACbbYNuMy\/6ftfbr83SxK8D7jU0Vjtallwhz7n5sYX1p6H1B1oXSPWQUHc7Z1iJxBvZqluiIACnFtuYoaDQloh6KMiXSVkmk+hKgCimqfC+wBDY9zVnTmOCpfYlCl6NsfOFq4Ptu95B1IWFhjAzEgxxJmywzW\/Y9pDMY\/qDAXQ6SMoa3zqH6RCc7+dvYrwuKkY2ezvVpODOBKmmfodDB5CgnIp4rWpGuggTUmE2FaN43ev44fH7G2mdqmnsEVXPpjZrsnKRPTRqXsAMDRZ+Cwj3o4tM+rhjg5rJKszM2pfTFhPkXO3B+8AckpMyf5Z0BIfMs1Ojwy3kEBDmVVp8ZCUCCBjyXCImbwhmhJX\/SAqgoos+oualrOeiSc54PRDzncNkykTzSBEysjrKMhjqiABGLrvFGfbE0="}
00408{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":500750,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm1AbvwpF26Q4gSVVAQD9S9cwAA"}
00415{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":502334,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAofoRAADQGVWxoFkiqwKgBdwG7ybcBQwC1AC9kslAQAEIKZwAAAAAAAAAA"}
02395{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":506495,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kEBMxuRBeCABFAAXcfoVAADQGT7doFkiqwKgBdwG7ybcBQwC1AC9kslAQAEJC+wAAFgMDAHoCAAB2AwMfXcVCNaz\/fAs2rU5ZzD5J04BLepz+MroJMKH3tKN2tyCv0oSr4LDlh2WzJ9HwxgZARteBYDIbmU3nj0BJKwky+hMBAAAuADMAJAAdACCskIRMV85w+ZPJ1vL0JbaE4ZYP76++8Ac43Puacwa1VwArAAIDBBQDAwABARcDAwpcbwLSbTBspd92QY8m8WlLX6rn5jEhK7FGWhwcAbaGUZ3qcpuvlSGrzYR\/To1N+7urkKnx44fQlZR+mcnXql2mACUZLJWuUfITzVaQE+riICcrOjiRffFMdPwUQpytFIuGd4DLqUrANeWyi8TRfd73QVuU11JnLj4mSzy0qfz0i7VK+ldeKczfL1+lRZEApyY85v8NsmqQVZgT2A+G904fys5XfZ6girsfDRruvRsK69WV\/5SEfYyg9hRqoib+XYAcsonJ5FhRl7LDlqjaHF43KfDyqU4H1NJ4BaJ7\/rF9binRf\/ZmTx0S0XA1IRFefIPD6xuf6lnabGdO26J5C35pm3C2Hz1RRrJnL3Z6tQv+8OgWz8t\/4JdWAlEcmzpD4kj1FYaxx4CJqYfvuCvyKfJ6cX\/HIq\/CW3TEHUIznaihpfwCBZFYmwYI+y8djJsVWOtCxkujtnad9r\/1aZigVpufZpk\/FalrXp7+mdL8DyGJEw3fVvoVk1Ox71sboy1p9V5f7wZrNB\/PBJvu42dbmdzR720bSb42pukuP3t9FzI9iwwQno1SmbQQISqqcXwlKHVaDmOi8OFj9iicpAITWbrGo4jyE7ldxnCXpuOXI4nBlwJN\/B75tZf2hv8mwdSEpTzPutlT35s+7SQrZnjEhFNiMIopzwoDKMqdVVIh0\/IRj1Vrg1cC2caYmwU0UY+sCdTPBIEVXn6jHeNcS3tlJ\/valrzohW5TnBbMuw7l9o1bn38e1NDdBLwfsoWfsihPdM+T5O1cZJOYN2i64cjDtQiC\/1g1u7eeGx8OJwNpFx9Pz+pPx2eLNqSjqAttYQkkx31mXysPjIaf7I7NbzFn9J0D9EGCgcomrXvIfIx\/uOelPiZojV2CFosd4KbvoYGZFZy4bid7AEkIUbYx+ulvEkuGQdiuJPfi0muuBjOf5nsS9SzHqEFC53BPvtcO8ax5MTP2APmqNv9EYBNKXlaE2z0IhQc7Sxyeqo1E871rXQC0Q51GpX+\/Mh55w5gUGG2WuROO\/WIt2bu8zx\/cBwzG+4\/lLbOIfrcllHOq1MkEdfldTuGZX5qpHXBQM8VtrV\/ORSODt8vbZW12CeNDlbmogWxKvXyMfDCKMxr2qUTlPjwa1On1MmKdzNqPnJDKwo2ZWboIudihf5DNdrIhX2fKXR2rd1h+hUXYtwrdUbFpeHWq\/Yd4pRqtk5\/+oj78UcO7xbfmDP\/2ZOAq1fiTYjWrRGqekGxGDuq6v1NwRM7ywqNSoinCEWqQ0ZWLFN3va2\/iz\/y+eouXzEbGNv8XZea4aBOP74dXxbmQSeiPIS8lhSN4ZN5GwHywlIShRYIExAs8YKjuQ1XciszqwRzkFpMie\/HVqis7S9YQL7qoQmOKXPysOnMjZRtVku6mPNb6kPrT2D52ZO18Bi27GKWSdMlKkdXxTSj8GIEL5JjHNC2LyQVq8+trR1ON1i1hA553erKICGq59BsN6yTNfUmADm2jwYJoskq+ZF\/kgrg\/HEqSbQofgGgXoguUEDnHzlvAiLtNtSeXANvBdhUDwPChf9lTjMYkMsQ16z9X5OZpV9n8\/ZzLeQvgI018qV0TMsnz\/DhLmpm1G5oIktBtHMyi80vI\/GiSevWflDYIdahNwQgdlLkXZjSQpYGEDy7pFXWo2u66fn8o8Wi9bFhkzDDSW4jTt2Ym7J5OsxVEySEYREazj0tJHTiOQB53sa95QYL+Dqk+7jeBYkZWtQHByUO\/JE\/+Skr+dPf8+YFT4dSXGy8="}
-00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_tot_l4_data_len":2328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":948,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447506,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02216{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":507385,"pkt_caplen":1384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1384,"pkt_l4_len":1350,"pkt":"eDHBvV4kEBMxuRBeCABFAAVafoZAADQGUDhoFkiqwKgBdwG7ybcBQwZpAC9kslAYAELvfgAAu2FTAFEKX74Ye1T7NrDbkSJkx5dq\/qk3FRI2briTHDsRZH800dalqhGHLpFEGIOLL\/U0ROBh9xY8KL2qAd2AXfdPQZorFk0wte6hl8K+BMde179\/iGf2EiuOvIhkFkCS1g2v3pVK6ZLrJG94tXNXRj4pCp3j73bwco2zBTvYGLM9QwNGNRQlSKe1vxw+HNVv8ONVAVuzu3qY1rHAZVFxWOWpytSI5rwyUKqHRRoED2maDLoezhkGjPvzET\/\/p+cQEg7VvujrXYZJQ0ap+7avrMwj\/C0wo4k0gmSJ\/PKem51T9rVii0vfC0LKsFQvS2mXZHxRk3PmorF8Q9IiHjKh7rqI7vrAibOXp8RtV6mNOg83T5SHUcNaoUESsvtlScZlio\/9AQlnA6B5UAMkuMhqrELSgjtd8UAxvwxLlZCpfZMij+Bdj7pphUJmUXYGVoGOL\/nwR10ouxcmQrXhv3yUtEfvRksiGbvQ7ob+j8YO1Xj65cK2xw6pTXOu0AwLq\/g+9PmflgMpNOfG1FVT3daJBGddMkOS3y1ug249dLrjovOmFj4CnkRjAo5RdBgZESzEHiPhGlp82aEnzAGQ3tcfLr0q8r+jpToIooIVpTWhW4OUzqbTLcqZzA66nPzl9nswNq7m+qEOyjyriwiIO1NTT0QlmrIx81EtFNiIBTKG1WXcMVDn9L9bD5a4FizAm+6Bnl\/PUDLkzVHoTSq\/mVdC\/RVA3RbQ4n3MM7LhkvEZ76IiBEHk9yBuU\/8d56kphGD2AV55EgLfk9F8wTxydKsOoY0WKAj2+yupKaDaHMDeKU0WtMg68tZefaM0bwmx1FqXqVFLnSo61PWW8P8TZn3ktv12MHdpimqxamQ8AqsjtTpRooVJDZgv+vzdkmDN6tbZFYo5BETpHGSB7pcG4ealL3VZ8zlXcvMLX04uqvd6LRb++dsdiEysAzlEWgaZM\/q2Yml7pktkjX9lksV6mopO3xPMGEjirL9Qo8RXjDq+2Z+3enwqaUF0q7RzMIIiXuB1JNd38S1BG+gmtNkLnfyqF6ik7Vb2qjWH9HciujZiPsVEj2GYinTuttZYYjcZxvUCKLCcTie9IdUrju0ucATPLam4WhBtYZKVqZ+etgbmt9Vh2mZXHLOHYzaG8zRemgJv1zg3a33kdMOd16AxUsXdnDCIphS+e5akrtMfbvoqcogN8SL\/W8h7olA0MSE8pTf3rVzva2scpFOMuKXAf4fwRFuG6ajTGcGyS61AUV2IMYdWNhN5fWKVwIM1U0TnuWL3wr22SP9APaMDAcf0p30spFRLAs1mfETmVwx69qOJlssiXOuBdVX0p0LTIX0EDPhGN\/Lg1JHw\/owZdZUxW4WW7aHT1hjIa\/zeY983cqEBOELxxBou+hflTDgKy0IiF3oP319hA47jyDKuNEqjOHyu\/KhjAhY33pJB994wIsD0Jaf4M19Pm9oklSAVzWbPdtW1qSIRRfF2I0sog1BBRDo1AXW\/+5HE1bPyOr2roYoqEDxn1aVdL4ZakP\/TDunCjY+rp3a4XF5J+3oUpD7GcmhMW9E\/00EV\/+ZSR9zqGwWvsjUUlLIWU3S76ZodRArU+YqOJeuMHjg\/rRvoJQf5zSBnjkF6C3bZ4qxzl0cn6WRdjn3sg7zCPczzMslNdd5Xig1VdoARk9OkwH0bzR2pVItWWYRJ4BL1wSYvJ\/j2Vgnsj+59u19FVDPBP9j03jPNWNVukLJam0h5z1gnOc\/HSekHBQevoQEJQ5+onw8NiM2XDNHqPA=="}
00408{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":507455,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm3AbsAL2SyAUMLm1AQD9Tv7gAA"}
00415{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":513175,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAoowNAADQGMO1oFkiqwKgBdwG7ybbraGnzSz6N4FAQAEJCxgAAAAAAAAAA"}
02385{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":515088,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kEBMxuRBeCABFAAXcowRAADQGKzhoFkiqwKgBdwG7ybbraGnzSz6N4FAQAEKAJQAAFgMDAHoCAAB2AwOFGKbgIn4J54EaOx9mqrLeDuaPQa428hp2gLt2etmJeiCr++V7bGNoaO02ERHmP51fO+JZbR4AQQj87xtTZ0QmgxMBAAAuADMAJAAdACD4KgmcywHwbSV8dryUN8lEQI4adX8Omy5zxLb0hIl8UQArAAIDBBQDAwABARcDAwpcgYnREDwmkgdGIkbe\/B+Q7xWJ\/P66CVkR5k\/RXENELTG0fjv09sCnBPALcCLK2FIbU+jhiTFCneiT6rhR3QfdjvX7OXHMM4aiORaEnTRLbQr9zkuY8NqnIFyP+u9yH8xh6BJfNLOykb+ACBcMgm5pNs7xtHorqq9bjEU62Wus0vzk3blpEtr3ACmoHG0q9t9VgTEp5S\/WOqdd1onAwOqg65kYBGuCKG00zLuYMooMF23RYQIbX5+e5eRb3Afm4MxW9JK91CTDCLlsZXa+UO3deCpv+rCMszEaW3LT4i7gX1EjDhuxh9DT7gOPBcjm3gFCE\/WAQliYTRKAhEnjtqQxyiisszRxZeFOGRGldp7vSDjBKpxSC2t9+jm7AAdgHo3wqrraQrAzEXhL0te51oYNumxSNQWOZOLQeknAmzDae\/q1IrGFfDgcNcwwCfPd8x42igm6X1jPDeIpU+5xz1JuzAUkKXqhY3qaU2bRq0efvukjvDYM17ElS8b8Y9ZkH+yoYxZ04k7xHaC8JHFA5G9Ll9VXYWWfFYJq2bz8xLWshDsToW73BX58EBMOtJl5k7BjTRPKw7945Y8d\/GqBVJ8rgPI3iEd61gdx\/CWMWJ5F\/l78OBjq5bAzjLcXFaRfJG9tJolSfld6phJa+MEpSAQT2jCnpRdU3+LN\/86muvuY+yv+LnRKdSr9edHDb7PPVzaEanBWKx6++KV1jnL4C51kHhEPeA5545CgYgdAdhzhg56s00fpb01+59noNSI\/LnrWYuFeKCawt+eApp3n++gDRJhOmaN7fivy\/NE4XN+h9YP8m7jw\/hodTYAMavJlkzZMDbo964A6Otkqjf8oB1v6pQg1KlbrHhGC\/9+h3wPC8FzfRjvADuThOwHspPOvYwLTzYplenkZo8gjwEKEDFabWyII77xnZZhjwL5HbNARqwufQSkpg8ZS6PXAuakORvZB1t1DIwmtX5M0L9agWdpHnJuWg\/V+KtPeJDkG9bALon06fuEcW+DwgQEuVDUuz6H4RrvzE0GC8nqSCFgsalMewnSp95fnq3DBkmBADTF0FvZ01ujtWZZ7UUxc8W6xPwaZ506U621W3uJ5mEUX5p0CLJZu5PGzDFCqy849D3kxPZBRU\/2rMjf3DMwqM8B3c+eq8bINLp0ihgoxm6owti1vnbzobAtinwewca89rdUnDVV5pbPzB3Pb7xbzZQ3h6V1U3bArRRBgO4DxFWUWliYHirE8nQouuednt4GqJ0ZYNG+ISHW8dQ4Lfa5jfNQNZ7bAP4PnYSRm+h2dA4sb5JXXNvQ9h1z3p1xHZFEICasXoVWuHXxnW7AHFsCRDf+fDir3OqksD+HU7fd0hDZpS\/VJvqWrEEcCeEWjHNacvSmZ0x35aKFEJ3+\/ywOCVF552xhyj1+gNaU\/0vdEwN0VBUj2xSzuh\/eMmK0+J7ZIEd11j8mgJJL2uK+SSPwk06BUPkIx+33fzAMZSX2Y8kz5con0dU+6amSg5DaSBvTGKw3IPPdbS+S6jmWuKXiHYiVdwKuBtUj06VMNb6mm1CKpwK71Nb74c1KzSnubLJh3w3YW+2Nbch7ZBubjunye9MAWNhFBnWGH0VCLuLM0TLjJVQ+mTY6jc9dTlZXPl3RQGlKPelxtcVRphd5jG9ZYQnW71HOFIo+YSHvrTmfr42tsC\/bavFBxCol\/MgnDZC\/nQqUImwBfE8Wt\/0XrxLZZMyAacXYkmtn3vzJU2lQYvlQJqGk7ZfoMBCjbnKml95Y="}
-00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_tot_l4_data_len":2328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":952,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1604822447287,"flow_last_seen":1604822447515,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2172,"flow_avg_l4_payload_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"","ja3":"16fcce72c01e54fab4ddabce048c0f5b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02222{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":516237,"pkt_caplen":1384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1384,"pkt_l4_len":1350,"pkt":"eDHBvV4kEBMxuRBeCABFAAVaowVAADQGK7loFkiqwKgBdwG7ybbraG+nSz6N4FAYAELfagAA0CLFJHYTH+3f+CoA++wF4BQlNoGke5nMoMWwzUFtBrIkvlwrmgn70bYLSdvcAnqhq3GWNfDrZzt0gjfzOX4fmG7MkZeoDlgKxNg4\/OkdGBJ7CHl2vetDWz7rxFGiPDQ+UhKyBdHpKVBD\/\/\/uGLOE9E2dIPQtf9O5feXFhoOFc\/N6+PAdux2IENxqT\/9N2jVKy2Pk8OidZD9zdueElmMmBCL35i8Xd7X\/Uy8DNfhLK0L\/DPvsIjhvhyLH4ohC0Hi9OY1O\/h2HYrg99W5iFmEyuEIa8mqksjzaA5FAPRMh73c\/z4QFpCJThKRpyQTwFx1P6brLqTWapweMZYEOv+37XH6cw0Z28gvgDExalHPW54xK4lek2USx8Q2dTEOkDlVm493ETLUwBLqQ36rYz2bm1GDmeQ2tiI7eDwIR9rkTTqDV+h5wqFSX6KaOt3HYqdvWf2cQhrqxwfVC+XFAAI4o89QW5iD9BeqQKgdMdwXpMHEtz94uQ1GWEEVMsCoStH8eUi\/uzGlArMrG\/b\/WCA6DPFfHJBel0Z3ScTEPN\/dObagJZa4fM3JU3aknWfFpKG\/9WXMtpv79wrllImc0MkysOqu66Ogi5pw24RNznTluqR7im99OELaOQUvxZQi54pr+gJ2FkIRjK3to68L2fklyYUM2qVuEiV80MBAY0p83kMzLdy8240p\/xuSyQ0Aa+t5C8dH0W8j4R8NYuiTsrnJCh3ecMOepBOX74+17e2xAxGn6eIWlbbF2QuMEzF5Q2Fuy70FgmdnzTl6ewUNEC309bkVVluNUIVfBpobiO0VW66p9efkeQKazjAs1i3HcclPODBrKxzOPCqiA5S5srWlsDuZH2h68qDbYLHbyQApP83dC6\/OMKzQKD3GgsxlUAyan80mxgqPk52btKEeEF24CNzsaR6mPX9pG4g1jOTlSFtu7O7D5IpP1KPDYElihDqRHArOkPTIliTxj29zcPYRnIeQbwNEB+VWRnbWa0hcuZ9CuAYarksYlGgAO7Y+mvvg6QTU1epW+mRQb\/UugFRSBHS5QTzW6oPcDFnue3jOJb6PSlZbbBXDIM\/N12tJI2tMtLP\/fT8KppKGtPGI1XRyeNakAmrnNwuFjJrTpCL\/EN5CgKS+fO4DN9qvNq9968NsHO5d2qQW267VuoGqJ\/5PbywEOcksPSC+\/XuPzXpK4CZyw1qkTlmDm\/bAfbzRoQwqn7hN81+WyC71cVSPQJzKDSDbCWAo\/B3bRRTuv+gTFY4tLSunubhM0y8xWWTuMa1OkZYL8\/pN0G3TxdaReJve6rt15hqBDAi1BLkdUlv5mjP5TrJUJp67kTiAZHKBf5m4poYPWMIVwZOsoBVtQyodnQogiR3seaZcnsRCiGAA3Rmdxji9wLe+389bZioO\/z\/5tjtDJqUd+qyne\/cug9PjC2Zv6QVfFBBcLu0\/ogFF7ilAQXlDV4An2ZLEKTBVnKeaR1afDs3yDV\/jR4VSRoIdRY3t15j0afZT30fiV1s0Bjw+mVMbRshuFgxpXoA6z9lbbZU4GoKtqVbBZ60WjCpK2ZkWyz1+MgzT3+zkW3YnHn5KlGsbhT48k95bdDLYAul\/mB5dGc3ODFz6rrVHYfPZVufwTr6QMGrbTqvnW17H+T9QaRsXCXT2JIup+GrBRT0RerBg9uW5QAM5wnF8VppDgrbbVJeHfJq0D7DZ73Adcce4cGxLu2pC1+6UOqbC37lZslbeQpVy\/mbX1i18vMTK7ZKMOr5f+7yz0LEUTOQn45UPb6A=="}
00408{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":516305,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPo3g62h02VAQD9QoTgAA"}
00416{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":526571,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eDHBvV4kEBMxuRBeCABFAAAo1ylAADcGfFBoEcYlwKgBdwG7ybNKGgEYY21GlFAQAEL+mQAAAAAAAAAA"}
@@ -133,13 +133,13 @@
00411{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":734379,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPo7b62h22VAQD\/glLwAA"}
00442{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":735095,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGx9jAqAF3aBZIqsm2AbtLPo7b62h22VAYEAAZDAAAFwMDABNCZtDGQgvXBCNH\/tUJ7EBq2y2E"}
00410{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"no_sni.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1604822447,"pkt_ts_usec":735154,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMxuRBeeDHBvV4kCABFAAAoAABAAEAGx\/DAqAF3aBZIqsm2AbtLPo7z62h22VAREAAlDgAA"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_tot_l4_data_len":8114,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":231,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_tot_l4_data_len":4796,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_tot_l4_data_len":4796,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":20,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":29,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_tot_l4_data_len":203,"flow_min_l4_data_len":20,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":29,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_tot_l4_data_len":22542,"flow_min_l4_data_len":20,"flow_max_l4_data_len":702,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_tot_l4_data_len":502495,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":640,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_tot_l4_data_len":5192,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":225,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_tot_l4_data_len":5192,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":225,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":35,"flow_first_seen":1604822447287,"flow_last_seen":1604822447869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7366,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51637,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447844,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51638,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":22,"flow_first_seen":1604822447287,"flow_last_seen":1604822447839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4320,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.22.72.170","src_port":51639,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1604822444474,"flow_last_seen":1604822444595,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":268,"flow_first_seen":1604822444486,"flow_last_seen":1604822448523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":682,"flow_tot_l4_payload_len":17062,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test"}
diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out
index 14d67f4f7..912e237a2 100644
--- a/test/results/ookla.pcap.out
+++ b/test/results/ookla.pcap.out
@@ -1,10 +1,10 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ookla.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1491069108756,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1491069108756,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":756336,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":793565,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="}
00421{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":793727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA0s5FAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAQECztvQAAAQEICg3eB8R\/4XDq"}
00880{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":794394,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"pkt":"gCqojWksxCwDBkn+CABFAAGKwIdAAEAGAADAqAEHLiz9u8gHAFAHQx4BUVDStoAYECzvEwAAAQEICg3eB8R\/4XDqR0VUIC9jcm9zc2RvbWFpbi54bWwgSFRUUC8xLjENCkhvc3Q6IG1hc3Nhcm9zYS0xLnNwZWVkdGVzdC53ZWxjb21laXRhbGlhLml0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6ICovKg0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTJfMykgQXBwbGVXZWJLaXQvNjAyLjQuOCAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vMTAuMC4zIFNhZmFyaS82MDIuNC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpSZWZlcmVyOiBodHRwOi8vd3d3LnNwZWVkdGVzdC5uZXQvaXQvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCg0K"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_tot_l4_data_len":490,"flow_min_l4_data_len":32,"flow_max_l4_data_len":374,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1491069108756,"flow_last_seen":1491069108794,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":342,"flow_tot_l4_payload_len":342,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Ookla","breed":"Safe","category":"Network"},"http": {}}
00421{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":878410,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+gCqojWksCABFAAA0okFAADMGt+suLP27wKgBBwBQyAdRUNK2B0MfV4AQAeZtzAAAAQEICn\/hcPcN3gfE"}
01036{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":883236,"pkt_caplen":523,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":523,"pkt_l4_len":489,"pkt":"xCwDBkn+gCqojWksCABFAAH9okJAADMGtiEuLP27wKgBBwBQyAdRUNK2B0MfV4AYAeaLBgAAAQEICn\/hcPcN3gfESFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDAxIEFwciAyMDE3IDE3OjUxOjA4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi4yLjIyIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDAxIFNlcCAyMDA3IDE3OjM2OjAyIEdNVA0KRVRhZzogIjYzNjdhLWExLTQzOTE2NWY4ZDQ0ODAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1MZW5ndGg6IDE2MQ0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9MTAwDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiPz4KPGNyb3NzLWRvbWFpbi1wb2xpY3k+CiAgPGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKi5vb2tsYS5jb20iIC8+CiAgPGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKi5zcGVlZHRlc3QubmV0IiAvPgo8L2Nyb3NzLWRvbWFpbi1wb2xpY3k+Cg=="}
00421{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":883340,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA0AntAAEAGAADAqAEHLiz9u8gHAFAHQx9XUVDUf4AQEB3tvQAAAQEICg3eCBF\/4XD3"}
@@ -16,12 +16,12 @@
00423{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069108,"pkt_ts_usec":976867,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA0UV9AAEAGAADAqAEHLiz9u8gHAFAHQyIvUVDXVYAQEAftvQAAAQEICg3eCGx\/4XEY"}
00913{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069109,"pkt_ts_usec":6445,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"pkt":"gCqojWksxCwDBkn+CABFAAGgU7VAAEAGAADAqAEHLiz9u8gHAFAHQyIvUVDXVYAYEAfvKQAAAQEICg3eCIp\/4XEYR0VUIC9zcGVlZHRlc3QvbGF0ZW5jeS50eHQ\/eD0xNDkxMDY5MTA5MDA0IEhUVFAvMS4xDQpIb3N0OiBtYXNzYXJvc2EtMS5zcGVlZHRlc3Qud2VsY29tZWl0YWxpYS5pdA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChNYWNpbnRvc2g7IEludGVsIE1hYyBPUyBYIDEwXzEyXzMpIEFwcGxlV2ViS2l0LzYwMi40LjggKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzEwLjAuMyBTYWZhcmkvNjAyLjQuOA0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cw0KUmVmZXJlcjogaHR0cDovL3d3dy5zcGVlZHRlc3QubmV0L2l0Lw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQoNCg=="}
00909{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069109,"pkt_ts_usec":44871,"pkt_caplen":429,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":429,"pkt_l4_len":395,"pkt":"xCwDBkn+gCqojWksCABFAAGfokVAADMGtnwuLP27wKgBBwBQyAdRUNdVB0Mjm4AYAkvs+gAAAQEICn\/hcSkN3giKSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDAxIEFwciAyMDE3IDE3OjUxOjA4IEdNVA0KU2VydmVyOiBBcGFjaGUvMi4yLjIyIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI4IEp1bCAyMDA2IDE1OjMxOjIyIEdNVA0KRVRhZzogIjYwNjMzLWEtNDE5YTYwMTJmODY4MCINCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtTGVuZ3RoOiAyOA0KS2VlcC1BbGl2ZTogdGltZW91dD01LCBtYXg9OTcNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbg0KDQofiwgAAAAAAAADK0ktLrEtARJcAJw9W3UKAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491069115107,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491069115107,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":107460,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"gCqojWksxCwDBkn+CABFAABAzJ5AAEAGAADAqAEHLiz9u8gPH5CtI6zKAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4f9gAAAAAEAgAA"}
00434{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":144245,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBx+QyA8qkdUorSOsy6ASOJC7tQAAAgQFrAQCCAp\/4XceDd4f9gEDAwU="}
00422{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":144357,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA0VElAAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAQECztvQAAAQEICg3eIBp\/4Xce"}
00426{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":172347,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"gCqojWksxCwDBkn+CABFAAA3225AAEAGAADAqAEHLiz9u8gPH5CtI6zLKpHVKYAYECztwAAAAQEICg3eIDZ\/4XceSEkK"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_tot_l4_data_len":151,"flow_min_l4_data_len":32,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"Ookla","breed":"Safe","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"proto":"Ookla","breed":"Safe","category":"Network"}}
00422{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xCwDBkn+gCqojWksCABFAAA0og9AADMGuB0uLP27wKgBBx+QyA8qkdUprSOszoAQAcUg8AAAAQEICn\/hdy4N3iA2"}
00473{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208334,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"xCwDBkn+gCqojWksCABFAABWohBAADMGt\/ouLP27wKgBBx+QyA8qkdUprSOszoAYAcVNWwAAAQEICn\/hdy4N3iA2SEVMTE8gMi40IDIwMTYtMTAtMDYuMTMyNC45OTZhYjkxCg=="}
00422{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":208406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA02dFAAEAGAADAqAEHLiz9u8gPH5CtI6zOKpHVS4AQECrtvQAAAQEICg3eIFp\/4Xcu"}
@@ -33,6 +33,6 @@
00423{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":342981,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"gCqojWksxCwDBkn+CABFAAA05IBAAEAGAADAqAEHLiz9u8gPH5CtI6z0KpHVcYAQECntvQAAAQEICg3eIN5\/4XdP"}
00451{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":440646,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"gCqojWksxCwDBkn+CABFAABHO+BAAEAGAADAqAEHLiz9u8gPH5CtI6z0KpHVcYAYECnt0AAAAQEICg3eIT5\/4XdPUElORyAxNDkxMDY5MTE1NDQwCg=="}
00451{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"ookla.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491069115,"pkt_ts_usec":476067,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"xCwDBkn+gCqojWksCABFAABHohNAADMGuAYuLP27wKgBBx+QyA8qkdVxrSOtB4AYAcUjAwAAAQEICn\/hd3EN3iE+UE9ORyAxNDkxMDY5MDc1MjIyCg=="}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_tot_l4_data_len":4513181,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":890,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_tot_l4_data_len":3640,"flow_min_l4_data_len":32,"flow_max_l4_data_len":489,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test"}
diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out
index 3622d66a7..0f1c206dd 100644
--- a/test/results/openvpn.pcap.out
+++ b/test/results/openvpn.pcap.out
@@ -1,12 +1,12 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"openvpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1467904946700,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1467904946700,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904946,"pkt_ts_usec":700231,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="}
00434{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904946,"pkt_ts_usec":755145,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904946,"pkt_ts_usec":755184,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"}
00485{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":700508,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"hCYVLjtSAA6OGXEMCABFAABgANdAAEAGYYzAqAFNLmXn2ursAbu+lXufbMVVl4AYOQicxwAAAQEICgANe68ANCgCACo4krivSnd\/x0J4ECTCdtmhqMIyGHmgImSzzLyAdwAAAAFXfnOzAAAAAAA="}
00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":752893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMhCYVLjtSCABFoAA0fZtAADQG8FMuZefawKgBTQG76uxsxVWXvpV7y4AQOJDXpgAAAQEICgA0KPsADXuv"}
00503{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":753377,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"AA6OGXEMhCYVLjtSCABFoABsfZxAADQG8BouZefawKgBTQG76uxsxVWXvpV7y4AYOJArBwAAAQEICgA0KPsADXuvADZA2RbEhgyx2M+jc8\/WYxWfwCU7Upc7GJ9\/bLnfiwAAAAFXfnN9AQAAAACSuK9Kd3\/HQgAAAAA="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":32,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00422{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":753403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANhAAEAGYbfAqAFNLmXn2ursAbu+lXvLbMVVz4AQOQjW8QAAAQEICgANe7QANCj7"}
00497{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":753584,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"hCYVLjtSAA6OGXEMCABFAABoANlAAEAGYYLAqAFNLmXn2ursAbu+lXvLbMVVz4AYOQiyyQAAAQEICgANe7QANCj7ADIokrivSnd\/x0Iouku0o2HkwsWPIfcrIPU7eEbRwgAAAAJXfnOzAQAAAADZFsSGDLHYzw=="}
00423{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":829783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OGXEMhCYVLjtSCABFoAA0fZ1AADQG8FEuZefawKgBTQG76uxsxVXPvpV7\/4AQOJDXIQAAAQEICgA0KQ8ADXu0"}
@@ -16,11 +16,11 @@
00619{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":873629,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AA6OGXEMhCYVLjtSCABFoADEfaBAADQG774uZefawKgBTQG76uxsxVZrvpV9MIAYOqj7QQAAAQEICgA0KRoADXu8AI4g2RbEhgyx2M9Mrzm02EMu2g85pVucEDsbpSzLdgAAAANXfnN9AAAAAAIGCSqGSIb3DQEBCwUAMBUxEzARBgNVBAMMCk9wZW5WUE4gQ0EwHhcNMTYwNjMwMDAyMTUwWhcNMjYwNzA1MDAyMTUwWjAZMRcwFQYDVQQDDA5PcGVuVlBOIFNlcnZlcjCCASIw"}
00499{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":873722,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"hCYVLjtSAA6OGXEMCABFAABoANtAAEAGYYDAqAFNLmXn2ursAbu+lX0wbMVW+4AYPTjldwAAAQEICgANe8AANCkaADIokrivSnd\/x0IgsSQoBwGaI6j9a4KhIGAHMQGGnAAAAARXfnOzAQAAAAHZFsSGDLHYzw=="}
00621{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467904947,"pkt_ts_usec":873768,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AA6OGXEMhCYVLjtSCABFoADEfaFAADQG770uZefawKgBTQG76uxsxVb7vpV9MIAYOqhk7QAAAQEICgA0KRoADXu8AI4g2RbEhgyx2M9AUI6Wwxd1JlWPcOIud6mUdCcDfgAAAARXfnN9AAAAAAMNBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59FXmiVGxqnFY02\/6j5Iuqep8iuESkrmw26aLH7qVdJtZT5NihgUqSE1V9mjILMaOWRApR1iiQo1\/QCpZk5AEA7upxWSjy88"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_tot_l4_data_len":12150,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":127,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470218591746,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1470218591746,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218591,"pkt_ts_usec":746723,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"}
00466{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218591,"pkt_ts_usec":941902,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":50,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00462{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218591,"pkt_ts_usec":942539,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="}
00801{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218591,"pkt_ts_usec":943377,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"mAyC0zx8AAjKQoXqCABFAAFL3udAAEARTEHAqCsMizuXiaIjNXABN2YDILAsz\/G18BdPpXrCc4HfKvVooXdu\/RWr9x4wrZ0AAAADV6HBXwAAAAABFgMBAQABAAD8AwNE5fcPgzd79Sso6M19xG8bQl07yo41gslSLfJlFeywdgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
00605{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218592,"pkt_ts_usec":119150,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="}
@@ -34,12 +34,12 @@
00594{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218592,"pkt_ts_usec":219190,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"pkt":"AAjKQoXqmAyC0zx8CABFAACqYLZAADIR2ROLO5eJwKgrDDVwoiMAlpjJIPd\/wu\/b4j9XC3dhieGw0RzWky5v4Wjy6\/qrTDYAAAAGV6HBXwAAAAAFXs16Z1Oqb5\/NXvcN\/JPmFRsB9Qn433GGYzVrij\/603Hf3x8+jZjnDWISqi+KCm7yOhv+vC+HduaYS8lkNp0MRD+iOTf9JQGGMbbarVk+UP2lQsnNAgMBAAGjIDAeMAkGA1UdEw=="}
00463{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218592,"pkt_ts_usec":219463,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3v9AAEARTSbAqCsMizuXiaIjNXAAOpGlKLAsz\/G18BdPwZjddyqbnUWZWrEYkLmgwYzKQXgAAAAIV6HBXwEAAAAF93\/C79viP1c="}
00590{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1470218592,"pkt_ts_usec":248791,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"pkt":"AAjKQoXqmAyC0zx8CABFAACqYLhAADIR2RGLO5eJwKgrDDVwoiMAloyrIPd\/wu\/b4j9XkYG+PPKdRTEE9+qNgRx0WwLTdmQAAAAHV6HBXwAAAAAGBAIwADARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQELBQADggEBAEjL2n1a+cPIZy3KPNF1msl4ic8D7NZJrAa651IOzRpe23PdDgRUoD05pD38Ly6xZEM0MWrlQHd1WQ=="}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_tot_l4_data_len":10737,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1180,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1472334890224,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1472334890224,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334890,"pkt_ts_usec":224928,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"}
00449{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":420816,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"}
00464{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":467380,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"MFLLbJwbmAyC0zx8CABFAABSgmRAADERuLeLO5eJwKgrEjVwNXAAPoh1QDWQheTdAi5E5ZNzw1yvtD56Ix7qRbnOSoCURYgAAAABV8IMLQEAAAAAZg7imqSQsFkAAAAA"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_tot_l4_data_len":162,"flow_min_l4_data_len":50,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00461{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":467532,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"mAyC0zx8MFLLbJwbCABFAABOfN1AAEARr0LAqCsSizuXiTVwNXAAOg7LKGYO4pqkkLBZccsCgHbPMustlcqr4N4\/rNnPtukAAAADV8IMKgEAAAAANZCF5N0CLkQ="}
00802{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":467660,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"pkt":"mAyC0zx8MFLLbJwbCABFAAFLfN5AAEARrkTAqCsSizuXiTVwNXABNw\/IIGYO4pqkkLBZmyjlNBaAxD3dZ4KkKKFzUtIqpCkAAAAEV8IMKgAAAAABFgMBAQABAAD8AwPWitxhdgXJqtNghCcqHLNlospc\/gDFPYmAVgJE80nHTgAAgsAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAEUARABDAELAMcAtwCnAJcAOwATAEsAIABYAEwAQAA3ADcADAP8BAABRAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"}
00460{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":670483,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"MFLLbJwbmAyC0zx8CABFAABOgnVAADERuKqLO5eJwKgrEjVwNXAAOufqKDWQheTdAi5ERcnhMU0OXaVp8mkudfeRDM6N9ckAAAACV8IMLQEAAAAAZg7imqSQsFk="}
@@ -52,5 +52,5 @@
00593{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":690212,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"pkt":"MFLLbJwbmAyC0zx8CABFAACqgopAADERuDmLO5eJwKgrEjVwNXAAlrYaIDWQheTdAi5EsaMKlfbbtjLx3yiNPYco3f3t8tMAAAAGV8IMLQAAAAAEESnvtXTC2KmNMf52XQZMT\/ynVaoEa3I9\/AWZx+ZRVMtKTUukC\/HqCjZv+fi\/R5zCagjkN1yj2rlntWK9LJFrUykFCoazdmXISBIDNtA95B\/+ZHNhgqNRrWy2MUDB4ZUseXMEug=="}
00461{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":690288,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"mAyC0zx8MFLLbJwbCABFAABOfQRAAEARrxvAqCsSizuXiTVwNXAAOg7LKGYO4pqkkLBZaAa3k0FcKmOJijbq3ehJRczebO8AAAAIV8IMKgEAAAAENZCF5N0CLkQ="}
00591{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"openvpn.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1472334892,"pkt_ts_usec":875376,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"pkt":"MFLLbJwbmAyC0zx8CABFAACqgqFAADERuCKLO5eJwKgrEjVwNXAAloHZIDWQheTdAi5EGn+8Hpjn1EX+kGpde81XFbgwab0AAAAHV8IMLQAAAAAFXs16Z1Oqb5\/NXvcN\/JPmFRsB9Qn433GGYzVrij\/603Hf3x8+jZjnDWISqi+KCm7yOhv+vC+HduaYS8lkNp0MRD+iOTf9JQGGMbbarVk+UP2lQsnNAgMBAAGjIDAeMAkGA1UdEw=="}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_tot_l4_data_len":24092,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1253,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test"}
diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out
index 1298c9e96..4c9fe782d 100644
--- a/test/results/os_detected.pcapng.out
+++ b/test/results/os_detected.pcapng.out
@@ -1,6 +1,6 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"os_detected.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1611427514,"pkt_ts_usec":609727,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="}
-00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1611427514609,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test"}
diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out
index b036ed162..1d7aab7a7 100644
--- a/test/results/pinterest.pcap.out
+++ b/test/results/pinterest.pcap.out
@@ -1,19 +1,19 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pinterest.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605289710318,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605289710318,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289710,"pkt_ts_usec":318889,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="}
00455{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289710,"pkt_ts_usec":576735,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="}
-00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605289712203,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605289712203,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289712,"pkt_ts_usec":203025,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAqhwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBwAAAAAAACAKn6wBu\/7xm0eeabeVgBAB9aoLAAABAQgKp4B90cK4Zak="}
00455{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289712,"pkt_ts_usec":420176,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgHAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbufrJ5pt5X+8ZtIgBAL8Z94AAABAQgKwrka9Kd\/yRw="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605289713743,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605289713743,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":743557,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QUAAAAAoAL9IIXGAAACBAWgBAIICs+qMG0AAAAAAQMDBw=="}
00468{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":761186,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd77q\/EGoBJXgJPPAAACBAV4AQMDAwQCCArCuSBXz6owbQ=="}
00455{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":761240,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBAB+xfPAAABAQgKz6owf8K5IFc="}
01149{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":761745,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8QaawxnfgBgB+19tAAABAQgKz6owf8K5IFcWAwECAAEAAfwDA+yBHiy\/5fPide6+4FFrI73bVeU7S3c4gpiD+hriI6L+IHtI+nAWpe15bCFvu1LqSVoZzmB4SUt58o7HnBHfl4P4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LnBpbnRlcmVzdC5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgB5nuO72EAGlBT6bd2ulaiLhiervUWjwUnsjM+bCJUwQALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgAC6uoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1605289713743,"flow_last_seen":1605289713761,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00457{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":801155,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd\/7q\/MLgBALMAxuAAABAQgKwrkgfs+qMH8="}
01868{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":802900,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDGd\/7q\/MLgBgLMDmeAAABAQgKwrkggc+qMH8WAwMAUgIAAE4DA4dhXa8VsCC2kHSCyYuGRwWxK0ZS0RX4US\/3xqW7vB62AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56"}
-00887{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1605289713743,"flow_last_seen":1605289713802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01859{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":802901,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDHff7q\/MLgBgLMDBrAAABAQgKwrkggc+qMH+CDHBpbnRlcmVzdC5ueoIMcGludGVyZXN0LmVjggxwaW50ZXJlc3QuaHWCDHBpbnRlcmVzdC5jYYIMcGludGVyZXN0Lmlkgg4qLnBpbnRlcmVzdC5ubIIMcGludGVyZXN0Lm5sgg4qLnBpbnRlcmVzdC50d4IMcGludGVyZXN0LnR3gg4qLnBpbnRlcmVzdC50aIIMcGludGVyZXN0LnRogg4qLnBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3Qudm6CDioucGludGVyZXN0Lmh1ggxwaW50ZXJlc3Qudm6CDioucGludGVyZXN0LnVrggxwaW50ZXJlc3QudWuCDioucGludGVyZXN0LnJ1ggxwaW50ZXJlc3QucnWCDioucGludGVyZXN0Lml0ggxwaW50ZXJlc3QuaXSCDHBpbnRlcmVzdC5mcoIMcGludGVyZXN0LmNsgg4qLnBpbnRlcmVzdC5mcoIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0LmNhgg1waW50ZXJlc3QuY29tggZwaW4uaXSCDioucGludGVyZXN0LnNlgg4qLnBpbnRlcmVzdC5wdIIOKi5waW50ZXJlc3QubXiCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5pZYIVcGludGVyZXN0LmVuZ2luZWVyaW5ngg4qLnBpbnRlcmVzdC5ka4IOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmNogg4qLnBpbnRlcmVzdC5hdIITKi5waW50ZXJlc3RtYWlsLmNvbYIXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCECoucGludGVyZXN0LmluZm+CDnBpbnRlcmVzdC5pbmZvggpwaW5pbWcuY29tghFwaW50ZXJlc3RtYWlsLmNvbYIMcGludGVyZXN0LmRlggxwaW50ZXJlc3QuZGuCDHBpbnRlcmVzdC5pZYIMcGludGVyZXN0LmpwggxwaW50ZXJlc3Qua3KCDHBpbnRlcmVzdC5teIIMcGludGVyZXN0LnB0ggxwaW50ZXJlc3Quc2WCDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNogg9waW50ZXJlc3QuY28uYXSCEioucGludGVyZXN0LmNvbS51eYIPcGludGVyZXN0LmNvLmtygg9waW50ZXJlc3QuY28udWuCEioucGludGVyZXN0LmNvbS5hdYIQcGludGVyZXN0LmNvbS5hdYIQcGludGVyZXN0LmNvbS5teIIRKi5waW50ZXJlc3QuY28ubnqCD3BpbnRlcmVzdC5jby5ueoIQcGludGVyZXN0LmNvbS5wZYIQcGludGVyZXN0LmNvbS51eYIRKi5waW50ZXJlc3QuY28uaW6C"}
01864{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":802903,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDIg\/7q\/MLgBgLMDGqAAABAQgKwrkggc+qMH8QcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFzVeUsqgAABAMARjBEAiBFoq\/xobECVZhZtUc7btC5hoxWOSVrWyon0phReuJy2gIgZksLD3C3g5hs1uN\/fxJ3QdxWeMMC9CJJpCnRKnMCkEoAdQBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXNV5SzaAAAEAwBGMEQCIC4Ov3Wwcsdt6rpQua1N0NI2qcuhMuVxh7v+Q8LLaCfhAiAD5yJvjyGpUx+ANEDut9mpunmM1M1jNcZc4UDYCQKZPTANBgkqhkiG9w0BAQsFAAOCAQEAEaIVgCQWe7xTMHTnJi67o5Gk+JG6z2t79luhUhem28vSmRSty+B9mLbDXrK7kbGA53eU7cBTkq39mkoUUJnGH0E3QSZkxUg5YvcicFqgwA9YzkW8"}
00456{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":802927,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8wuawx33gBAB9RFlAAABAQgKz6owqMK5IIE="}
@@ -21,29 +21,29 @@
00458{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":802981,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8wuawyYngBAB6wk\/AAABAQgKz6owqMK5IIE="}
01873{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":803137,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDJif7q\/MLgBgLMFOTAAABAQgKwrkggc+qMH8RYWUd2c800IAKJo4Txj3P2JtoqwdyrB0hZvT17H8\/7lIaNSgYEuf3cVWj1JVtBczj0N+dl9SuQ+PALGfIEi2rWMnFFqorRIqKo\/rW5MSkpqIYcRPRSLtpmcCi32uScHq5OK\/pJHx2VnlOuDPK8jT3xwLpio+LbmPRMQTu2OHtsd0HGrbVjRfp8UNL4coHhW6ivbHBE\/qM4fLC8XCmegSVnraL9IZ+2M2vxy39AAS1MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C\/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq\/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK\/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j\/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV\/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC\/zA\/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4E"}
01885{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":803139,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDKj\/7q\/MLgBgLMPD7AAABAQgKwrkggc+qMH8WBBRRaP+QrwIHdTzM2WVkYqISuFlyOzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAGIqViQPmbd9c\/B1o6kqPg9ZRL41rRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFFFo\/5CvAgd1PMzZZWRiohK4WXI7GA8yMDIwMTEwNzExNDQ1MlowczBxMEkwCQYFKw4DAhoFAAQUzyb1GPrJfo+Ms0LgHC9qEJ6OXwoEFFFo\/5CvAgd1PMzZZWRiohK4WXI7AhAEIQzFo4YzQYum6ENydBKbgAAYDzIwMjAxMTA3MTE0NDUyWqARGA8yMDIwMTExNDEwNTk1MlowDQYJKoZIhvcNAQELBQADggEBAIiYG59vb3kC7aO7aUEKdJQp5xDBWD2CQ3r7LrQsBmdscpkS2v4t1r5Rd+gr6XVjFoKpz0kuuyvjJStW5YPBHEfS2hEJOYYZRHUc2VBTkFJGDGOA9WKBGjNMQYPIgba\/Dc1iZEydmNt8\/VStnPCdVnOPkihDIvNtCmXfYttuv9t0MMTAWBAxSfkCah3R\/ExehzwNmNUIixAtuvRm6XF1wnXkJor+q+HykKEuGe8fWf8DA6FwhWVUGlP1XSXu7+4\/WusWvGLw8IQXAomxxJXe9DAUISDYdh9PiRIDmtaF95Uvwvsf2i6pIT71AzWlU05wEjbVcv6LhhXAY3M5Lw1S8EQWAwMBLAwAASgDAB0gtc6g1Jjg3v2Cf7SocgQF1OQx3Pv8ssoSFABhpudMOU8IBAEAp\/Fg\/wQfyutPudvwG52abGrZGX6k+F9DglOslTH68GY2q6NkouQQO1l1jKgJNra\/xmqLHH4JMVYhV38BXIc\/vnz7e7wUCVOMeTMdS5g\/x6OsN+t0cT5SQziLEe\/aw\/4WSQMhWOInZJfPyzOZ94f39ul8oLxN2ZuuiunweVes9\/wrWjv3ifaLZDsWwGu3zZ1XONKkZvv9E7ppFvVi+TmIPbOfiSzDTIx3orP1Ma07MM81j1vawiZA"}
-02667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_tot_l4_data_len":6189,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":476,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":13,"flow_first_seen":1605289713743,"flow_last_seen":1605289713803,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":442,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.pinterest.fr","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00570{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":803139,"pkt_caplen":168,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":168,"pkt_l4_len":114,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAHIGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuB7prDLlf7q\/MLgBgLMHfdAAABAQgKwrkggc+qMH+ts+r2v7JijkNxvoGUGYZYD4lpPjHgIv0QRDoD2VjtCnKERIj7+k8+MGErBYWC\/RXs42rT+XWp0V6FzUfyvY41E46YF7Klda1dFgMDAAQOAAAA"}
00458{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289713,"pkt_ts_usec":803156,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD\/cFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUge4Bu\/ur8wuawyo\/gBAB9QUcAAABAQgKz6owqcK5IIE="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142423,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R0AAAAAoAL9IJUzAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142533,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMAAAAAAoAL9INluAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142600,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoQAAAAAoAL9IDStAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142665,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGkAAAAAoAL9INWDAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142728,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2UAAAAAoAL9IGEKAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605289714142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":142790,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsQAAAAAoAL9IJVNAAACBAWgBAIICtZiIAMAAAAAAQMDBw=="}
00467{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":171633,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2OUKdUeoBJXgLJJAAACBAV4AQMDAwQCCArCuSHy1mIgAw=="}
00454{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":171727,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBAB+zY+AAABAQgK1mIgIMK5IfI="}
01149{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":172188,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1R70la9kgBgB+45nAAABAQgK1mIgIcK5IfIWAwECAAEAAfwDA8cIoCYavuvJ3cclYGmTzcO5vcPxdaWmTmcHbVFGmXkWIAQE24FGTaHp\/I8\/xYwpdYoJEv3RN4\/3JwS5BNqVh3JRACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACDSU2T4PnFCVulVq04gCrqMt7ropfQriFF56F3nM1YPWAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714172,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":180048,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe34hzBqoBJXgFKZAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
00455{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":180086,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBAB+9aEAAABAQgK1mIgKcK5Ifs="}
01147{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":180489,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gC2HAAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMGqaA6nugBgB+6ckAAABAQgK1mIgKcK5IfsWAwECAAEAAfwDA3otstUONYxJRqel+gxt59VketaZiqmW7lVOabrnGXmhICqghU9krTVUXocj19UIfg+9UNudtwL7W30g9XqDFIVFACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACAhW4o44F4ndRfnSItF1Arhn7vovTMKfZIOdsBS0bZaIwAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAI6OgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714180,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181434,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXbDRQaFoBJXgAyCAAACBAV4AQMDAwQCCArCuSH61mIgAw=="}
00467{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181435,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMV4SazBoBJXgEidAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
00467{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181435,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAoyXzbFoBJXgIWfAAACBAV4AQMDAwQCCArCuSH71mIgAw=="}
@@ -53,20 +53,20 @@
00454{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181475,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBAB+wmKAAABAQgK1mIgKsK5Ifs="}
00454{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181483,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBAB+9UUAAABAQgK1mIgKsK5Ifs="}
01146{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":181782,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDFiUAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFBoWjvEV3gBgB+wk+AAABAQgK1mIgKsK5IfoWAwECAAEAAfwDA8fZsDKFAYPeeYF9BoVFeH6xWP7zl+Qbpemo8n8iOkAJIO+2XqB5SswaLECoDV+oBWri05ofip0ijOA3Db6nod5MACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACDQ8L+t6qDH4DBUOVwSU+oBURitYqBDp2YLq+UXdAtSdwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAALq6gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714181,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":182061,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAzjWAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrMEZEzjGgBgB++OVAAABAQgK1mIgKsK5IfsWAwECAAEAAfwDA92mJPo2aL01mOdVhpY2BeYgOuE8GqohhTbswcdXCK82ICwgtJPAcd3QemZipmKndqHXDNRTDLrVR4Gjwi9JNFNLACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBzyp4wXupLNzvb8sABuM2lxM\/IuPo3b96Pd8Zx+nF3SgAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAJaWgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":182319,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfNsVQqoALgBgB+9eLAAABAQgK1mIgK8K5IfsWAwECAAEAAfwDAzRBzSt6OfaWQuGfefwEMKTHqbevEWh0CtAfd3bhvh5GIAWkfBE0ckrIGB0\/YhPYbfnnDbuNbUef6uRX74GQi5ybACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACD9g60FSOGoRydwCiPj9EEgHFxpxy17H17r2OahSqgiPgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAJKSgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":182602,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAI0zAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDE2bprOc6gBgB+wr6AAABAQgK1mIgK8K5IfsWAwECAAEAAfwDA9ume65XMp2HeShH2kftPGfOVTrng6jVc48Y4obdoCMSICqZyhTW3xviLmKFiyEIbl\/Ph6q3MEMRNQtGI6WLlCCWACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAEQAPAAAMcy5waW5pbWcuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACCGaJJ6CznJgq2rWAQeyxX31Vt1ETNV3hVi2p78QO1VKwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAKqqgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1605289714142,"flow_last_seen":1605289714182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":202238,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2SUKdcjgBALMCrlAAABAQgKwrkiENZiICE="}
02321{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204384,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVr2SUKdcjgBgLMFN6AAABAQgKwrkiEtZiICEWAwMAUgIAAE4DAx1SUutH4nkF2V50cIzJP5wybxxXZwGe87jKs8CNQr2XAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02314{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204385,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVtNCUKdcjgBgLMNPZAAABAQgKwrkiEtZiICGCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02329{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204386,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVujyUKdcjgBgLMCGXAAABAQgKwrkiEtZiICEwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
02022{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204387,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWcPSVv6iUKdcjgBgLMD8TAAABAQgKwrkiEtZiICF3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIDhDuKfQD5VZcFqzy8YvX98HoCds2hyYuY6UiN3VmZFFCAQBACkQnneMUBfI4aYhm5KTWKiProhqlO\/LM1WMIu6QOSIaOwppzfjJvKPqDRWeNXdUQFYXreNFe1GAefL2GQpZ6oesnUciNgHaX\/1SVmjsge3oZFap4YP+9kgevN4dUpBbPWQ2b3krk9cQh2+BU7nCrKDX9nvjdWX5t9Nkcq1vPfHtefOf1srFkR27OdWy5XEmi7naE5ihqHS5xw1xLzP5thX\/yg7Qa4PvFsMJz0PPg6iA7Qh+N9eJCnzyl7Rq9AqH7sS1nTmTcINICoI6\/z8PddSDEM7Yr+C+RtrXjFbbj5aGv3O5WzEG\/5fN2WWFyQl7ip8MFLoDnyS7cwHiUEU0J04WAwMABA4AAAA="}
-02661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_tot_l4_data_len":6143,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":682,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605289714142,"flow_last_seen":1605289714204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":648,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00456{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204411,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1yP0lbTQgBAB9S6SAAABAQgK1mIgQcK5IhI="}
00456{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204455,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1yP0lbo8gBAB8CkrAAABAQgK1mIgQcK5IhI="}
00456{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":204464,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBvDPACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnABu5Qp1yP0lb+ogBAB6SPGAAABAQgK1mIgQcK5IhI="}
@@ -82,26 +82,26 @@
00455{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":212431,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAoQZACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfOMpQqoALgBEB+wdlAAABAQgK1mIgScK5Ifs="}
00456{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229510,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMZ4Sa7GgBALMMEtAAABAQgKwrkiG9ZiICo="}
02323{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229512,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDqe74hzJvgBgLMKiBAAABAQgKwrkiG9ZiICkWAwMAUgIAAE4DAzPFjhCNURctCGu9O+QrRUKiBA\/bj2U1VkYDJf\/1h2o3AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":2145,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":127,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02314{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229513,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDr1r4hzJvgBgLMHQhAAABAQgKwrkiG9ZiICmCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02329{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229513,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDtMb4hzJvgBgLMMHeAAABAQgKwrkiG9ZiICkwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
00456{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229514,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAsyXzjKgBALMP4uAAABAQgKwrkiG9ZiICs="}
02024{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229515,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDujL4hzJvgBgLMJ34AAABAQgKwrkiG9ZiICl3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIDfNGFoXDdzwyt0WlBogLOaolJfSjJyg09PGvVp7Df5aCAQBAMFwmWr0EJO3qE5lTcPCty+JA1t5Z9VW8mJQcgrOvjIzgQ081VUDfIHeaU8nOjMAu3MGqfeaKsMRQ4BlxYqnIBqOcGEFkoz35odWttJb3YjcDABmFVzd9aAVGPgU\/IEoHkZUTbH0rqQ874gbCwUR0YWFdxWGDBbMi\/3r7ZwwvM6wGqqiHG7fCTfMNZI9433Y4FpuuPnRjXT7t\/UllRfFqmydRKpWz1lXMiQHo2IcmGfPH9gQx\/p6GtkrOWILjIu1Fq6YTCcwwCRO7P6c9QOqvRG6vBtC\/7DLM2conzp5\/21TRgGdTq3P8CXgPpGUqH47OwzHXF6U0b4vJ1439Gtfs1AWAwMABA4AAAA="}
-02662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":6175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":617,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":131,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00456{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229515,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zqKAxVrgBALMMm5AAABAQgKwrkiG9ZiICs="}
00441{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229583,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCEQNABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnYBu\/iHMm8AAAAAUAQAAC7RAAA="}
02321{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229787,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8RXfDRQiKgBgLMKu4AAABAQgKwrkiG9ZiICoWAwMAUgIAAE4DAyzh2flHTI9UMsDC1FVGnXiMBfhQdrKyMusxrqJrbM8wAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":2145,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":134,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02321{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229788,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqgAsyXzjKgBgLMIITAAABAQgKwrkiHdZiICsWAwMAUgIAAE4DAxaBEV71RnzbmG6wvikn6Zh6RUXudcxWAZWEWYrdTbnSAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":2145,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02314{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229789,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqhXcyXzjKgBgLMKcjAAABAQgKwrkiHdZiICuCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02329{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229790,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqiuMyXzjKgBgLMPTgAAABAQgKwrkiHdZiICswADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
02029{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229790,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWelCqkE8yXzjKgBgLMMgtAAABAQgKwrkiHdZiICt3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIHizQb9n034\/YLMYk7RVdrhGVmD\/PEx1O+p53\/RTtchDCAQBACquDSi99+LNBB7STaM\/Uzc\/ASDU0ZaBIFKqZJzxr91mGn+hYwO\/dXP5CBJfwnT34new26eATMutBPB\/VQomfUXvM01bhtWMaEOOIzUSjAm4xxOXw3Q90Lh2y4RUSck6eF0CTOf26WcKjmn\/K1WIE84JhEK4VcrY476hAY2e+cDofa8HocpLNmweQOnzc8Ko3s5eN8fy+2HZJNxrEQE2cUeRMK0CYLf7tHUYmK\/djCEpWPS\/9gzKiGOD35K3KUnFFAZmalV2hyIqwjfuo0wOCO9riePyKblR5PrOU+GxbD6eBnKylA0WoqCHG\/3AvKvxvdjM6DReXBJ49RVVz7xKxVgWAwMABA4AAAA="}
-02662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":6175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":617,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":138,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00439{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229820,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBmcdABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFCIoAAAAAUAQAAI36AAA="}
00440{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229846,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCkWGABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnoBuzJfOMoAAAAAUAQAAO6aAAA="}
02323{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229995,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTOMZ4Sa7GgBgLMFxoAAABAQgKwrkiHdZiICoWAwMAUgIAAE4DA4+lo7WaBkSPEIhuYvlME1qRimMyCtmB\/JqWrr\/uGluCAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_tot_l4_data_len":2145,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":141,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02314{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229996,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8SuPDRQiKgBgLMC4IAAABAQgKwrkiG9ZiICqCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02314{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229997,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTPjJ4Sa7GgBgLMGoiAAABAQgKwrkiHdZiICqCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02331{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":229998,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8UE\/DRQiKgBgLMHvFAAABAQgKwrkiG9ZiICowADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
@@ -110,24 +110,24 @@
00440{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230062,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBmcdABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFCIoAAAAAUAQAAI36AAA="}
02330{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230363,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTQ554Sa7GgBgLMLffAAABAQgKwrkiHdZiICowADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
02024{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230365,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdKO8VbvDRQiKgBgLMFz0AAABAQgKwrkiG9ZiICp3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIM6xY4EUf+N68doyKzciTinkENyLRRVXR3AK7RGRs6hcCAQBAK6v2S5UrRUrpqqGS8yz+K8TInrcc22icuiXRtrNHBK7kkw0IfB99x7fvKX2FEkHJ31Jb1k+WSs57YUpyWiIAqE\/X+mYagDcAO13sXX2\/xmgguL82rveFxQV5AWSjbcyBifnm1MeUWy7bF3N\/BPWf3MH4HtLJEKjaH0vKLbHQtzW39X7vKVPbFE8B4191SQUKrxz8\/aQmkBEX3Qi2OpQLPSB0zLn5mnU2NVIQjOyqngHqU3emPxTjjt2Oxx20lVYe8rlsZBqxgtFIjxYnEFeS5qYyi9Tt+VNdKz\/00sm5NkKrNc43bVZObqdp448\/O9rWgaUsbIHhcr5RpzPCctd7lUWAwMABA4AAAA="}
-02662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_tot_l4_data_len":6235,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":479,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":149,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":13,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":449,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
02023{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230365,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWchkTSQp4Sa7GgBgLMO1EAAABAQgKwrkiHdZiICp3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIBLi37iYvi5OTWYsWD08HRp6kdLC7GxkkOSMnrrfIo4XCAQBAJE8yujmfQ\/Six40NhA+mIBBuFRwZVp79fXDY4XMSDCGfGPklM+BLgYb4vpuBbRC5x9\/A4pYg9avMQSypWzNTGH6rjXbTYwKi3iWYJ0Fpus9v\/2kJjRvQQkg4L\/vF6soD2oDVd2nAnmE9Ph0ZQvqEdI18wbroMFvgSStQBFQ9f7otRgpbhF0zoR3RsPXGbIwrCqicWV4DkUW8doN1+caM3qMNAfPxF\/5KGgy7lYKpceKhc0A3xN2aIvmucOJaxois5JUjHLwQHjZUfSrAKVPNva2S8Iouv7D1QaAy78tiRxEv+2PlzJioeVBKTovMNiFqKco2BEkZL0M0rvZVlc18+gWAwMABA4AAAA="}
-02662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_tot_l4_data_len":6195,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":563,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":150,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":11,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
02321{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230366,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms5zqKAxVrgBgLMMyJAAABAQgKwrkiHdZiICsWAwMAUgIAAE4DA7Q2KSgtYMYaL8rZLqH6WArth+i9EdO62kCph9I2L6cqAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_tot_l4_data_len":2145,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02314{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230367,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms7KaKAxVrgBgLMHKuAAABAQgKwrkiHdZiICuCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
02329{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230368,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms8hKKAxVrgBgLMMBrAAABAQgKwrkiHdZiICswADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
02023{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230369,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms936KAxVrgBgLMPqCAAABAQgKwrkiHdZiICt3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIP3Bp+xbTlg44tL1u7WyGX5UGOsfbLYaZH3AGmNX1rsvCAQBAGJzP2SmxcyjMMo\/6yP1w57rYTK7VdsPUHCdhg0NNxlzgnz\/TKkisYlYbn9XfkuZ80iiMXVr5bfNwkVj+wuPAzF+GRaJQVlIOW91JKWgReChVeZPbgRPK0SovKU0eUpi8kKV4qM1SSKMsNypC6PeOwvnQon1VqejbCbDw3TE5dpyPFVVDcntyL+tTdqjbq6k5K\/9rlywGF7pxiLvS4b0VSiR+RedqhHsRsGHx0LLezKdYLAVf\/nOWvpStAQupC+2Be2rFKaKobFKce3Aeb0gVxhOiF9blHAJopuqK60RzhbXOW58ZgdapJZpWFJfNDY5\/W4sVcIYUBWg9a39EXHDQoEWAwMABA4AAAA="}
-02662{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_tot_l4_data_len":6175,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":617,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":154,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1605289714142,"flow_last_seen":1605289714230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":583,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"s.pinimg.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00440{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230390,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDob5ABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrsYAAAAAUAQAADK8AAA="}
00440{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230409,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBmcdABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnQBu8NFCIoAAAAAUAQAAI36AAA="}
00440{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230418,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDob5ABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElnIBu3hJrsYAAAAAUAQAADK8AAA="}
00440{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":230437,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCZxWABQGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElngBu4oDFWsAAAAAUAQAALpXAAA="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605289714250,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605289714250,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":250965,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA+BkACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYQBu4mXWd7qkQRvgBAJlouHAAABAQgKz6oyaMK4cmQ="}
-00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605289714250,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605289714250,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":250997,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCIReACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC5WYBu2PBi7kDA7Y3gBAB9bhLAAABAQgKDEf\/5cK4cls="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605289714251,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605289714251,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":251006,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQO3ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RPih0IBu\/o5BzSfc9\/MgBAB9chlAAABAQgK4ziLg8K4a4Y="}
00458{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":258036,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWeOms\/ASKAxVsgBALMLSrAAABAQgKwrkiQNZiIEk="}
00457{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":258038,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWdpoDvrj4hzJwgBALMLYaAAABAQgKwrkiQNZiIEk="}
@@ -147,17 +147,17 @@
00458{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":281312,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBhOqRBG+Jl1nfgBAm9NLhAAABAQgKwrkiYM+oHbQ="}
00457{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":288930,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvlZgMDtjdjwYu6gBAMIRHEAAABAQgKwrkiZwxF7DU="}
00458{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":288932,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZE+IqAcsBIEmLB5kd7IUo3\/YpAbuHQp9z38z6OQc1gBALjSOBAAABAQgKwrkiaOM2b+4="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605289714558,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605289714558,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":558209,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACgGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX0AAAAAoAL9IDgIAAACBAWgBAIICpXXZO8AAAAAAQMDBw=="}
00469{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":581709,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="}
00457{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":581729,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="}
01152{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":581951,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/AiUGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBgB++f0AAABAQgKlddlBsK5I4wWAwECAAEAAfwDA7PLbVBgOtGRFhhfXAbYAkw+iamYdzT9SXPsS7L7okIYINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGQAXAAAUc2Vzc2lvbnMuYnVnc25hZy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIEvxzjt0\/5GP3sZor6cdXi69M2D9HpE5Nb1aEh4mkXoQAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAlpaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00817{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605289714590,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00828{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605289714558,"flow_last_seen":1605289714581,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605289714590,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":590794,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="}
00457{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":613987,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBALMHNnAAABAQgKwrkjrJXXZQY="}
02098{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":615889,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBgLMNQLAAABAQgKwrkjrpXXZQYWAwMAegIAAHYDAz4m36L21HEVFn2OybV1+eIgDEh\/74B9IPHwhRqp1V1NINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2EwEAAC4AMwAkAB0AIP5UDhaqS6qke0JOJReA5RNV+g+1wBnVJ\/E+3Yofcr99ACsAAgMEFAMDAAEBFwMDErutqzcoRWknAk+vWN7VUrxoWx2w3JQzL7a2F0QhpztncKZvWb1hE4Als0hz4OKaCwnKtbMGMae0T0CKn5RB5TSw9zoMpdTe67cyOAxgL1rK\/tFyYMsB7Jn1mY5LPySDjka3rLszLOi7BATcvb4OWsCPwxHxezNscV1CIakGVyvOCr7j66joWuSECF\/5hiB9760RvTf8DNkKuEdM0sQh7\/T49kHo7lz+emzvg2KWL5Tj7RVHJJcXRW5T9qypAwAaVPP0wdLc4Wi41pZbCT6cEzxzAur1+TiEFzSFS9ribndUXLXh59VW+BBpyXJRdfLsc1N7wFuaSFkKOYvhJWllBT7fnbozOHJRnqcpSHL0P12OfRfc8Val4RLb5VHIsKp+yfciuP1tyBxbTev\/AWvz\/6idudXoA4HRPMu\/E34IQOND6OgzyBL2FbrAWZaOuf1tf4IM1nQOFfiXFJqYZkBsUYH09IpIQRxFwlZH6cPE89ddq7VqUyczwKAejUyCGzhef9sqy\/rYDdBiF1M4hriU2Y6\/Y5VC6VFzzLQWfMHKsCCzyM16roI772YbSFAdhu7AqsYtWFnr1Tau\/VJr8WPTf2tcBjbGgl5KRJDTE+NUXqxWvUylOxpxEI7H+F8ooORo6VYzipmTmokedjaJFNCZu9EisOqqj\/OwHBddMrgTKtfwpGL6\/EOQRNeGdOpBHCLL8cXkhqT4Impa65N2eJttr6QCSIFgNcJ6ceNEPppeiihDS\/VqiDHIoyA+P57XDyjyYF8fGNuhXZgyzwB0lARnaNrA2NPy9QOENbeRUqYiGMN0ak8GjaRYkwTOx8wBJo9Pm7fM3rAc\/ZvnsDyDwmLNdI7dzLvZR8Ek\/521DR22Kuh12LLdSMRJ8p5BIs8mmV\/mcdUAwVrK3uPw88y+rQnxgJYmyhph1K5pPl5BSA\/D37BiV6v9tvdM6eZnv58RSqDJqaa6iIlaLS44zpmYfCJPselTWqlcyBfT9Ag+NR4Vxb9VJLHEEmOd7jhcoHruEI76ZIbYvLlzNOStWXdur35cbtscGYU7FPS3mggnJbjT6G\/azBDl6prkDTGEHMHgDnLSsjX6erKBMXamvkMQuGNUQdPBu6XK9wLeS5YJrxdNGgpVekKJCHUm6rsPc2dwXvgxy2BnDFn\/AkHudC1yZ4PeJboiOM+MMAu1379dpZU78QbHN96NAKPi4jGqPVjjQFwihDUgfhsL+SuMmwwJ\/Fmh1iKEQrhI4rhiIv3twA3ny+44Bgu+aOBjZscVcCPLyGPM+nBNwT6MzEJggEVtBnbhf3krgbT5Hzy055Rz6tQb45jmCq\/mnvgvq+I27w5S1f1f6qOIqoGDpu3RT4uD2lr5022Yhxi88MAlFx2aKDT2wvUpGABfm4AKJDbrdtewhFXTaNWUKO40GWpEC3OcsHAADQ=="}
-00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00869{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":505,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605289714558,"flow_last_seen":1605289714615,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sessions.bugsnag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02094{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":615890,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmu0knJzuDgBgLMCfKAAABAQgKwrkjrpXXZQYIvVcirpfb6X93o2ZZLD9x1KaYVLxHF18zhQXMLlYkyWLSPdP6wvIW3+uEWJKGSOdS1AxM\/CpRM0TzmRMD0oEfEA3DKJgnuQAV6+BoY1ipEIeTOX5MeCV\/tdWkH0x3zp4wPwFgVzOlNP71WAoRCpj+IUnt\/XM0zkZuG9L1ACSL9gNLGc1MDo6SWehD6LOicByoadZyBFySzh6AX4LfEGgRcKsb1HTzPyTtEILnNeVxu1LAvMioDqrJ0l9ZWbZaAu8ZfBj1QSnDKjEWz4kl8xYa2o9xjD3cce\/zLWjUi7ofcWGOP+B63mXeamzKCXy3kAX6Q214Uu5OQ96r4rfjPcX2Re4QKe1Ah91nq6vaP4zywGX2Z4LkBEfI8cimfHZvmjw5Bbpk9IgfJEhxOE3eDKSRgOV5L3hQmeArgmB42oEcdFzag0BjWFSiGIi1NRHWSwnUoQy9A0EgLAkIwSriOQjLe4lAHcg1MlTJ9x8oaCrSQawMt1ZpwyYEcd67Zf3zJbeZHGfan7hY\/fyewzNHR1mp7e4\/gGISNsJkRnQvqK5ZrL+qVIaKorHsHO\/ph1gZU5EiECCU7qubG27zp4+yIgLmk6cQO8zs39xhaLOuOtJIuc1Jb6G\/H3gGD4KeBcfy5puqcY1o9eQIEVUdwWDWFizrsqW7GMvdd6IxDIKujUMWgqJ517qZMkZ7ADN6HUt\/E9ecOjGoBruYEuKrfJmrb8bD2rFTSkDT8bLch7Kq3BJ\/7BmUI1hE1knvKm+K+J47L7GuLISTvNzcCK+Ob7mivUVB+WfzHE0zpvTPGRFR+OvI9y1g+rbbCSmEmJ5ep1DucujGK8M8kED8rByRqlOXIfvsQX365R9i+rCWJPZne6jOICiepGzZX0vaToJbXioUllITzZRSKWpnlyKgwvi+Ktz9cSZO+rwXtZ8PRt4lNICmHHuXEMnMpIpASiRz40KUfcSm5QH+qtF4DOuwmh7EZlCL9QWsoEafySuIQqQzCiSIkQd6LpXUSXeH8JOX4Zctet29CWKs\/+djLLeMrPWD3q1147hUsqX1Rq6aC4+CEfN5v1YEZCoLpYnEzf6RDAaNqnvuRWD+WuEBNiRJjK3qcFEFbvJElcacxVrOGV73ag3o2URFhynMSw8i215Q+a35x20yV3BR8P0S9XYB22JwKdMuWWTai\/0IO1Dx+sysXKtJ8r77llgw0k+Es+W341dgx3Bn90QXobO8H0OXubQWWBk6ubWM6LB2bo+FRnJry\/IixxAcgdg6tWlIiAbiywABI5hspLS32OhWP\/4iR0D+UIJgCO6BbWYJUwrGBbLgu6sShUYR3B0xyIAEa\/tjsNmxnCoMdCAlwEQ5YgUQUNsRaGezEsKMtQiYi99nkO2Gynyj0xxiONVK3\/GhxZmnTAxIsuksJKcgmpyCBbTJT5tBX3k13y7rN2SIjtWQtD0QFXU8WlM0+AT5kJwcyeyopnKfPJir\/0qvcgyx93Yily1PJ5EFLoqAW4dMD28OYMl3cvhJLNMmDa6jTCrff51PcWNDppPThagDq5KMsCTApZih2epGputwQEQ\/xfSw1mpBnqqrW0nsxx6iV3YyDT\/MFvntoQgfNqb5wSZeXw=="}
02100{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":615890,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmwAEnJzuDgBgLMEOoAAABAQgKwrkjrpXXZQYWXGY+ww+UE84B6m+V+O9UWFlbYlLdrxeQvk6jiAQTrKYEGGOo2L7izWZDxZRrFE6COtPLzlEqRhsf+Q7w5CLavIOE6i8ewkKjnPXOtUpfdTOinPA3qrbqJw0HghDYLVoAuctw\/IOAhMRiaHer5ynkwVO0Vr2sYkdb3nRsn4wEW78xb+yyW2YbTN5lHFQM\/FhUNrpC6zLTdk+ja9z9SemLQA4Ni5vqblBs2uY3reKferSXb0IWVFlLJHocUISMEtwvxYLgYNffszumiES4VMIMfwaoUb7pQ4fvCTXgac\/C8p7AevGD\/vRieDqg4yPcUbcWCftMmJ1VTctoF0nS9\/uSEakA4izafgQccLllYYEYFQ0GHxPyUaV7b+RwybFo8thOXZKeb7xxowM4mGDfLqMslbi7XoqymlSVyPJcN3Vzkspl6nMtMbJxiEuFGtuEH4HE5bH6EnLpHyfybNbYnRK4eVMiUhWpx0Ybx\/Jb4Y9ZB9W0YerA0rhWuBHMJlpLVnB5vx+wGMtW4YQkOS\/6uBBagj0\/VpKDBeo8o3wXUoDRTIjYnqHEAm+5iO2WEg6ZC9Tttd2VWmQfqP7RK5+TQcTGJH4DeuZUYFomq1h\/W\/eQv4fjVqb5X05S4y3x4P8tyX+Ei6hP6ycK9pq6o8fuR08a1hvm5sgv+g9GaYGSLy8ayTZDuE4sGDOY5GJRM6YaDGMYyI+swC1ki1kLAoEpEvbMmDUOsM3VNfbs+U26IAcdXjOydys\/Z9r7jXNLEVV+IPS6VYieRgto1v+MJDfoPjAwmXL\/M0OMbjfGGXHT9tjRcx\/JDhRK5m57LOh2fG+X\/nbTAR+mFSOm9fbr+c+WaPjkQSqJH1b8qVdpiW1Y2N8x9HaUd4GWfSRa\/HBEipC9fTxCFaBqcl3vAhI+3LlYyqVEbJYqWwm6JfAakZdjOcVL7Dxjo7qS\/OuOsP4JeJqFT\/Dx1e\/XMsmrXo8Rya7iCMzzU7IWquYcPcZ0V5VDjKiNgs5u9fKCJyp71IwS9UKyJAPltlMDrWkMW2TDHLKe\/BGDArQZRw\/xLTdggFMrfOLzBT5uj62JSUihZuveGW2FmY1tiDQk2ZimmM4DHEwqoonh9\/u1o7h9aZNwelqZf8Zbl26xf8GVY5TZwISwWxyF+kvFB5jc6jxsrD29qV3ftpXlq\/aDyOcwSQ0XvjJZkKGNIXvLZHJmvTOTDHlNDosf+WJW0OxfvG3TkS+CPxMsyiTSgZqBKwScAl+Oj2U4C9hdvWEz1ZcQmxGtoGjFCQprDRmmyrOrj0HkvMQt\/BYCpev4IuleWJBT47x8AQ5DHTMGObN4vXcEmKiuD+FRmAsL78DajXXElzCFlM0szhEwyC+5XFTlgl4oaWcniMJ0vvVoa8h2PDGdquducvj6LPlO+2NSOpSZ7HbHH8oEGotdXR7TcqXc6fnXRGdV5d8zyepWvRhk3HwXXK8aXjDsKaEtvYjXvux7M6Bi6+VSClevVlLewdUziejioesBSVxE7AHFi1gXYqc4do1ljoJr\/WSFs8Epe3f67uNxHCEHyIzznkMgXdRe9QSpQKOhwYL7r+p6eJ4TIx+t\/ROCxfHreMXwHEO+41uXjvuFhQ=="}
00457{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":615917,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnO4NGJrtJgBAB9XfGAAABAQgKlddlKMK5I64="}
@@ -170,12 +170,12 @@
00469{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":616815,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="}
00457{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":616828,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="}
01155{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":617005,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBgB+6l5AAABAQgKyRVPIMK5I7AWAwECAAEAAfwDA\/Gk\/9Vg1\/Yj6dUUpOb5DX8WmaenXohw9y+Qd4DnqktzIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIJML4p8NHh5Io\/9KcRl6BBOqQlWgp4uJ9mxBuu8Y\/4wPAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAlpaAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1605289714590,"flow_last_seen":1605289714617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00457{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":651291,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBALMIYoAAABAQgKwrkj0skVTyA="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605289714658,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605289714658,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":658043,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="}
02101{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":660765,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBgLMFKNAAABAQgKwrkj2MkVTyAWAwMAegIAAHYDA4BlmyEukpe5A5ozWtPNWktMr12J8W6ZbNw2r+6q7a7NIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiEwEAAC4AMwAkAB0AIP+XuzXtVkEhtn4vesD6oh9j\/QCzXRXlJarAKs+CmDcMACsAAgMEFAMDAAEBFwMDCb+EIcPcgYSDl9Mt6kOif3Tx1t+T4stQnMJsbCSnoAM2uOlLPnC+8DI5J9wtMnpIBkt5nlZccCMOh8zNP6Ekf8d2QVc4oe6Es2GoH0Gusg9us\/pzYfuuHHawSoW4FSyYKhl2GwuJR7XUCw+UswXTBKfJuQukesZ\/Si\/OKzSpN3Kzkajnxjyqg2KmeGcLC01YhUjHeC8g1bKmLG6LTc0dXyXCEyY3P+29htwgD2Tpbe0BlDf5NLfhDEzdgRFRU6zwlg7o8puy\/C32wnVHjc0Ye3jvB0GAUr3mFdCdN3MxuZRAan52yBs5UmxMPatHQZrqmteqFZJTxpv3aWmqcloaKYYfelu5n\/CHh4SmIUbMnFVea10DBMvW5yoj07C4yK9ihNHHTJL\/wVQTLbfzQPy12kONyQqCHRJYjtOnrmAwk54fcJmVwSykExXqrcHh4PRiMvjeyHERvzzC2Q\/+oIKpRIgsyOnEAZGneXgi2huEiK179OOq7hMN6WQLxoWGWUINnosxqO7boqmSrgb7Fl6J5aXAP3ojuPg8wvIisXC72mf2irMepRHCdc2QeRdhwVJifblvjgoNxCGBDTsgvVEfnTKjVYdKv6PLqV42r54zl93\/CZ50\/RNT2bq\/W\/3YIDHs0f8op3YwX8HMLh1DsA++JfDHKSqB\/CU8gnZLH8fPGEsTQzT0\/nHckCl\/B0nljVoU\/tTbu5wkgxjPPYBrpiglUP2v9O\/6eShNPcjhAEOZjfb7x5TBAOvPVctY0iMfPYGSkrdSDjJ0qe0SRKdH088tLYUpc2ywu3KmiF1klElrU5GLubdD5xE6kb94bRtPz8oYlu5xH6nCw7HZVxOV1uzp4UieuLUU1XIOySwaueCbfy\/K2khJLEgtU0ah8rE\/31TEWuPipiD35AyZstZaQ1dxy48zqb9UAQfCps2rvCXsmbautipV30YYS0JytrNGAFS5pnof6gt\/PYbunS7dC42NE7PywH+TUgl9Z+RZLd7jEevih+X2+Cryc+gLqSh0aZRBhwpixgPAyO7FObFvC9puLeIGrpL9VKtk46YNaNC0pJRkWy28LTjaXJPZEh4nx\/+gzMgiyGXOjI0Bl1eD8bnh73vX5UnhP9AJH6BqJ\/FlMI9aoYltzWuA0nmuy0OS5qt+d6Dm1cV5nXO5pCHmUXhKcjpidZVpPJjovGn6ajx\/sr\/FCOBHVdcmGjoxGLdtQSTlixAOVDmjX4cxuUFODVGONnq7KS4qrNKFRXStveQeQfDkNqA3zwYuoCBIDUidWEHuPSIqB0XePloWIFqoz5nuwghlzNDtPvXsDfzAGv\/5IaYyzdw0WnUREWp4Wn2ODE9IVg98sDrnT5OirBf7RFZmnEy98\/W8WiuCHlDnf4LfQWfBQQxdSOBJDotBe9vL762lu0bKZWTMC+gpY16PpGIGCA=="}
-00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00885{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1605289714590,"flow_last_seen":1605289714660,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02097{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":660765,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+fR7+6kZwgBgLMOrZAAABAQgKwrkj2MkVTyDaJxII2vuR+5v7lvHLCQUln2HabYhku3B4YoNU5Py7pD6OvHjar29MikxcVDvwD9NusBRz\/QtiaXuUdasxuF9TDuCosbd1QXqKXK7z6RGr48EqaZFGhUPxxo2cTjg5nEhtD6ebIGFHfDUoRCcKhfNkgj+zPxVOoRcK6KXI92ocji9i2DMLkmFgh0EK61UJPlEnyesc1I7skdEyxZA+oCi\/\/eg+9vMXDT0wwGewKM2B5B60Piu+zCDfSzShWqspxClEWiMAGmaI76461pY8xr40ctkhFaoWfWDKKQmwnmvk0gINPYwN100JLLFys5aKlcIdBmdYoWQD6WwU7Ic4U4Cj27SrEFQ7t4hVk1qvuXvWT72oGR83qqGtHxd0H2W1HS7MqRh+qm1szBBTNm1oVyKhXqU5ROcS6wN276WxXCmLBvCnq9mgJR1LQmSN2yeH8M0RnqmwMkKIL5beU+oDd+YsPE+E03NUxsuX2HTZiTlpNSErSXRejxdRHTvc1ak+CedRJx37UE9W3oZmMEOdk8wE6XP6Y0N2vOSVdwjXY2tgcpb0JD1KhltaigKl12MQC\/657ZO9mS0eznr0Q0akut4sODwRzcV5+yPJnpB5uw8jnYddPABVW\/P1Dop85x4aWMHqUxo1wvT9KzRLtszWYvlileZyaX1v591hYfB6dqcpI\/IRZY5tSLb+6jvbmPlCq6LUmKJFSXPeWi1VMJIpCtkLn9iSe7ehds37taFBTXPkyF2YnbVb42m9may+moLdl9MuLcgKYE6LZ\/8ycQMPqXkDRKKp3iJUA+S1OuDBkBKYIfxsOhxvyWZRNm30Cia8BdEnbKNJjnh8\/nqGh9zSMsAZxEruElqTwhHT3ZPXkm9YI0HSPDR3JRaEHdlX9qUnFwIjyCxUNNc\/f2hyQk\/sM75pd3YlDqkFbB510FD+l3LuvWym2DP9uNtgm6YeaAm60UgHRG+hp8s0AHHaFk57cNwy3Ao3Rj07+n\/I9NZJyuyIO6QdgNH1iOj2eIinq3UOI8Z0elPmyaODDE0o0EBQyM\/PwcnY5LJMMttxhDFp5VkFsubl+Eq+KnugjgUakSLQ5ZuH\/ap37eTn7HQFdF7lMTH1FiGc7ajmkwF\/WZZTApn+iCN9Al87ubRFLbnOwCp7cYqdx2Uji7xrT5Er\/Q0c2Ng5zPIgWmY+HDUYmZB1Zz+z1k\/hxoFJ5mXQstYut4V+H8wNOQmriC3cfOEuXDOcNAhr4itKgViZ5nop2ZZd1iqKf8InlD6k5koY+fJv\/mWIIjxYRg\/6GYFcxhB+kazDe5vm1oxzQlANcasEfvSFt62rYBx4+b7Ye6CvGlFJLCMSgwPJDPGtHrJtVhvsc4oEUDEcJXoCa76SkclaH+o2ynX5JEzEni4jYdisFsuSt2WvS2R2ZyqQuqWeit4BWX9cuCmWqJq3CehQKcjU+LlMkatTEMtbSlTtK9rK6I78UWpMuvcZLUBb4j\/SGdC7mRyQ6uPZhIHSz\/5vFDyrcFh3ikw\/K6Mzlw6SLP2PSuk6W929+S2cgAYDpgyxKkkW2ftQ6kJ3nQwH+xdAr3o2lsyYON\/R8nDWHVY5qlBXtMHP+s80TOUkKqoPAxv6Tw=="}
00457{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":660793,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRnCcvn0egBAB9Yp5AAABAQgKyRVPTMK5I9g="}
00457{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":660796,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRnCcvoHWgBAB8oXEAAABAQgKyRVPTMK5I9g="}
@@ -187,11 +187,11 @@
00471{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":697878,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="}
00456{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":697936,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="}
01152{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":698324,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCBesAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBgB++hnAAABAQgKz6o0KMK5JAEWAwECAAEAAfwDA9jVKfntEh25nXj1BFZE6ZFc6lyzI+CshbYOPn0Jce38IK9kDSD6\/4FSA\/aOBvpuajY1lLZq5tukFPFFFO\/eMmwPACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGwAZAAAWYWNjb3VudHMucGludGVyZXN0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgyukN47oVi6AebwU11bCozo+bX5ZAWB5eRNnx4Nhm1GIALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1605289714658,"flow_last_seen":1605289714698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00459{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":699992,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+gq\/+6kawgBALOHs4AAABAQgKwrkkAskVT08="}
00458{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":737758,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBALMAWbAAABAQgKwrkkKc+qNCg="}
01868{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739608,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBgLMILxAAABAQgKwrkkK8+qNCgWAwMAUgIAAE4DAyKgk9ZkpLVBQFdhk85OisfIe7ggv2JbA\/iMndx8BfUWAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56"}
-00895{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00906{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":575,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1605289714658,"flow_last_seen":1605289714739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01860{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739609,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx5ehqQ0uCgBgLMCmZAAABAQgKwrkkK8+qNCiCDHBpbnRlcmVzdC5ueoIMcGludGVyZXN0LmVjggxwaW50ZXJlc3QuaHWCDHBpbnRlcmVzdC5jYYIMcGludGVyZXN0Lmlkgg4qLnBpbnRlcmVzdC5ubIIMcGludGVyZXN0Lm5sgg4qLnBpbnRlcmVzdC50d4IMcGludGVyZXN0LnR3gg4qLnBpbnRlcmVzdC50aIIMcGludGVyZXN0LnRogg4qLnBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3Qudm6CDioucGludGVyZXN0Lmh1ggxwaW50ZXJlc3Qudm6CDioucGludGVyZXN0LnVrggxwaW50ZXJlc3QudWuCDioucGludGVyZXN0LnJ1ggxwaW50ZXJlc3QucnWCDioucGludGVyZXN0Lml0ggxwaW50ZXJlc3QuaXSCDHBpbnRlcmVzdC5mcoIMcGludGVyZXN0LmNsgg4qLnBpbnRlcmVzdC5mcoIOKi5waW50ZXJlc3QuanCCDioucGludGVyZXN0LmNhgg1waW50ZXJlc3QuY29tggZwaW4uaXSCDioucGludGVyZXN0LnNlgg4qLnBpbnRlcmVzdC5wdIIOKi5waW50ZXJlc3QubXiCDioucGludGVyZXN0Lmtygg4qLnBpbnRlcmVzdC5pZYIVcGludGVyZXN0LmVuZ2luZWVyaW5ngg4qLnBpbnRlcmVzdC5ka4IOKi5waW50ZXJlc3QuZGWCDioucGludGVyZXN0LmNogg4qLnBpbnRlcmVzdC5hdIITKi5waW50ZXJlc3RtYWlsLmNvbYIXKi5waW50ZXJlc3QuZW5naW5lZXJpbmeCECoucGludGVyZXN0LmluZm+CDnBpbnRlcmVzdC5pbmZvggpwaW5pbWcuY29tghFwaW50ZXJlc3RtYWlsLmNvbYIMcGludGVyZXN0LmRlggxwaW50ZXJlc3QuZGuCDHBpbnRlcmVzdC5pZYIMcGludGVyZXN0LmpwggxwaW50ZXJlc3Qua3KCDHBpbnRlcmVzdC5teIIMcGludGVyZXN0LnB0ggxwaW50ZXJlc3Quc2WCDHBpbnRlcmVzdC5hdIIMcGludGVyZXN0LmNogg9waW50ZXJlc3QuY28uYXSCEioucGludGVyZXN0LmNvbS51eYIPcGludGVyZXN0LmNvLmtygg9waW50ZXJlc3QuY28udWuCEioucGludGVyZXN0LmNvbS5hdYIQcGludGVyZXN0LmNvbS5hdYIQcGludGVyZXN0LmNvbS5teIIRKi5waW50ZXJlc3QuY28ubnqCD3BpbnRlcmVzdC5jby5ueoIQcGludGVyZXN0LmNvbS5wZYIQcGludGVyZXN0LmNvbS51eYIRKi5waW50ZXJlc3QuY28uaW6C"}
00456{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739620,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDS4ILMeXogBAB9QqTAAABAQgKz6o0UcK5JCs="}
00456{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739655,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDS4ILMeoAgBAB8wZ9AAABAQgKz6o0UcK5JCs="}
@@ -200,44 +200,44 @@
00457{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739673,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDS4ILMe4YgBAB7QJrAAABAQgKz6o0UcK5JCs="}
00458{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":739677,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDS4ILMfIwgBAB5\/5YAAABAQgKz6o0UcK5JCs="}
01882{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":740234,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx8jBqQ0uCgBgLMKEvAAABAQgKwrkkK8+qNCgWBBRRaP+QrwIHdTzM2WVkYqISuFlyOzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAGIqViQPmbd9c\/B1o6kqPg9ZRL41rRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFFFo\/5CvAgd1PMzZZWRiohK4WXI7GA8yMDIwMTEwNzExNDQ1MlowczBxMEkwCQYFKw4DAhoFAAQUzyb1GPrJfo+Ms0LgHC9qEJ6OXwoEFFFo\/5CvAgd1PMzZZWRiohK4WXI7AhAEIQzFo4YzQYum6ENydBKbgAAYDzIwMjAxMTA3MTE0NDUyWqARGA8yMDIwMTExNDEwNTk1MlowDQYJKoZIhvcNAQELBQADggEBAIiYG59vb3kC7aO7aUEKdJQp5xDBWD2CQ3r7LrQsBmdscpkS2v4t1r5Rd+gr6XVjFoKpz0kuuyvjJStW5YPBHEfS2hEJOYYZRHUc2VBTkFJGDGOA9WKBGjNMQYPIgba\/Dc1iZEydmNt8\/VStnPCdVnOPkihDIvNtCmXfYttuv9t0MMTAWBAxSfkCah3R\/ExehzwNmNUIixAtuvRm6XF1wnXkJor+q+HykKEuGe8fWf8DA6FwhWVUGlP1XSXu7+4\/WusWvGLw8IQXAomxxJXe9DAUISDYdh9PiRIDmtaF95Uvwvsf2i6pIT71AzWlU05wEjbVcv6LhhXAY3M5Lw1S8EQWAwMBLAwAASgDAB0gM78sTCaEd0MW5I\/+jwnVHNTNMQ7dVHgExitMuVMR+RUIBAEANmEaebTqgORaeyIdp\/gvyUU6NOLRhBchKGs5FD9+6m1ZWGi0K9isMFrjUWDr1F\/DpODYTPC0kIiF\/w8H2IVpwsZnPizp25frkDufzqSDZqgBRgZ6PWbciwSu6JnqJmLk9Jzf7elqkihKHHyPso7FQlKhlfPhpEzHGAHlJszsKDMSDtwSOccgI4E37tinYc0sSflZeoQ\/V3xTZRayQuxnXiXyDCdxcYkih9mIi4xyI91fJFae2sab"}
-02675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_tot_l4_data_len":6221,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":444,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1605289714658,"flow_last_seen":1605289714740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":411,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00571{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":740234,"pkt_caplen":168,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":168,"pkt_l4_len":114,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAHIGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx9khqQ0uCgBgLMDH+AAABAQgKwrkkK8+qNCg42GRMGPNWiLgl1y4rLngGB86u8oYTAZggfOxwErNBea0dRl6DIzGKiYPD2g\/W+dBrdSgRKgi2GNeFYpM9VMP6pf8KCHxpIEzUFgMDAAQOAAAA"}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605289714782,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605289714782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":782619,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="}
00469{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":832909,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="}
00456{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":832956,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="}
01152{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":833176,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBgB+9wiAAABAQgKdGBlEcK5JIcWAwECAAEAAfwDA\/Ezw4mbUrI42jPHW\/R2JVq8HiENkzAbEci0fYqAxMkBIKC\/V9JydIygOtZAUS0JoPRGfzSMLpt5E5aZDM7pIRYPACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGAAWAAATaW1hZ2VzLnVuc3BsYXNoLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgXafHcjSuu0lDRwVYnybRA+hptEDEqNkxm07M0aaWohAALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACGhoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":694,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1605289714782,"flow_last_seen":1605289714833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00457{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":864628,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFvOS7yogBALMJWfAAABAQgKwrkkp3RgZRE="}
02323{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":867730,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFvOS7yogBgLMCuuAAABAQgKwrkkqnRgZREWAwMAUgIAAE4DA40D0vTKo3Gtf8Sl8\/7gEjd1f7jfE9iCOYZaqCHczuSwAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMScwsAEm8AEmwADdcwgg3TMIIMu6ADAgECAgwf9NYl3WftjETRuPswDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0yMDExMTIxNjM5MTRaFw0yMTA3MDcxNzE1NTFaMHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xHjAcBgNVBAMTFWltZ2l4Mi5tYXAuZmFzdGx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCuwr6+ioGfW1o+5R1DbyMEkt3X\/imomeIi5zCCq02vfbsLt90UaBnmWHYepVeY\/o2Oo0+2t165S3TMyY2LWzogCMgthR18cV1268vmgXN5AWzdmWUZFUCMdcZ+84JOq0GR8rEypw0YoUJRacpIsZlw7QdO6PQ1LvyMVdGMoVSvLEV8yFxKHO6WQOQ0Nn3iyNbBTke0qeeDhtDT0oZ73sSJy1nQS2kBNDmKCLXVTpfo8Fd1xb1kOx3dW\/AR+\/f8DVNabCVcahC76DABIpVr5Bnc965Ud1Q3EEcibj14YnNMPBEAnw0duR6GKSK9n3nsHeFtl39m2TCaUFvv9MnzJ30CAwEAAaOCCoMwggp\/MA4GA1UdDwEB\/wQEAwIFoDCBigYIKwYBBQUHAQEEfjB8MEIGCCsGAQUFBzAChjZodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9jbG91ZHNzbHNoYTJnMy5jcnQwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9jbG91ZHNzbHNoYTJnMzBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADCCCBQGA1UdEQSCCAswgggHghVpbWdpeDIubWFwLmZhc3RseS5uZXSCDiouY2FtcC1maXJlLmpwgg4qLmNhcndvdy5jby51a4ILKi5jYXJ3b3cuZGWCCyouY2Fyd293LmVzghUqLmNhdGNoYW5kcmVsZWFzZS5jb22CGSouZG9yb3RoZWUtc2NodW1hY2hlci5jb22CDSouZm9vdHdheS5jb22CDiouaW1nLWlreXUuY29tghIqLmltZ2l4LmRyaXpseS5jb22CECouaW5zdGFtb3Rvci5jb22CDyoubWljcm9kaW5jLmNvbYIQKi5tc2FzdGFnaW5nLmNvbYIMKi5wZWRkbGUuY29tggoqLnJlbWF4LmNhgg0qLnVzdHVkaW8uY29tgg8qLnZhcGluZzM2MC5jb22CCyoud2ViZXIuY29tghthcnRpY2xlLWltYWdlLWl4Lm5pa2tlaS5jb22CGmFzc2V0cy5lYmVyaGFyZHQtdHJhdmVsLmRlghNhc3NldHMudmVyaXNob3AuY29tghNhc3NldHMudmVyaXNob3AueHl6ghFjZG4uYWlyc3RyZWFtLmNvbYIUY2RuLmVsZQ=="}
-00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1605289714782,"flow_last_seen":1605289714867,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02315{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":867730,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyPcfOS7yogBgLMCHvAAABAQgKwrkkqnRgZRFtZW50dGhyZWUuY29tghBjZG4uaGFzaG5vZGUuY29tgh5jZG4ubmF0dXJhbGhlYWx0aHljb25jZXB0cy5jb22CDWNkbi5wYXJlbnQuZXWCEWNkbi5waG9uZWhvdXNlLmVzghFjZG4uc2hpcGx1cy5jby5pbIIOaS5kcm9wLWNkbi5jb22CDmkudXB3b3J0aHkuY29tghhpbWFnZS52b2x1bnRlZXJ3b3JsZC5jb22CF2ltYWdlcHJveHkudGhlbWF2ZW4ubmV0ghdpbWFnZXMtZGV2LnRha2VzaGFwZS5pb4IXaW1hZ2VzLjEwMWNvb2tib29rcy5jb22CEGltYWdlcy5iZWFuby5jb22CHGltYWdlcy5idXNpbmVzc29mZmFzaGlvbi5jb22CEmltYWdlcy5jb25nc3Rhci5kZYIWaW1hZ2VzLmRpZXNkYXMuZGlnaXRhbIIRaW1hZ2VzLmZhbmRvci5jb22CGmltYWdlcy5ncmVldGluZ3Npc2xhbmQuY29tghdpbWFnZXMubWFsYWVjdWlhLmNvbS5icoIQaW1hZ2VzLm9tYXplLmNvbYIaaW1hZ2VzLnJvdWxvdHRlc2dhZ25vbi5jb22CE2ltYWdlcy50YWtlc2hhcGUuaW+CFmltYWdlcy50aGV3YW5kZXJmdWwuY2+CE2ltYWdlcy51bnNwbGFzaC5jb22CF2ltYWdlcy52aWN0b3JpYXBsdW0uY29tghVpbWFnZXMudnJhaWFuZG9yby5jb22CE2ltZy0xLmhvbWVseS5jb20uYXWCGWltZy1zdGFjay5pbWFnZXJlZmxvdy5jb22CDmltZy5iYWRzaG9wLnNlghZpbWcuYmVybmllYW5kcGh5bHMuY29tghZpbWcuYmlvb3B0aWNzd29ybGQuY29tghtpbWcuYnJvYWRiYW5kdGVjaHJlcG9ydC5jb22CE2ltZy5icm9hZHdheWJveC5jb22CEGltZy5ieWdnaGVtbWEuc2WCEWltZy5ieWdnaGplbW1lLm5vgg9pbWcuYnlnZ3Nob3Auc2WCFmltZy5jYWJsaW5naW5zdGFsbC5jb22CF2ltZy5kZW50YWxlY29ub21pY3MuY29tghNpbWcuZGVudGlzdHJ5aXEuY29tgh1pbWcuZXZhbHVhdGlvbmVuZ2luZWVyaW5nLmNvbYIPaW1nLmdvbHZzaG9wLnNlghJpbWcuZ3J1ZGFkby5jb20uYnKCGWltZy5pbmR1c3RyaWFsLWxhc2Vycy5jb22CDWltZy5pbmR1dXguZGWCHWltZy5pbnRlbGxpZ2VudC1hZXJvc3BhY2UuY29tgg1pbWcuaW50dXJuLmNvghdpbWcubGFzZXJmb2N1c3dvcmxkLmNvbYIUaW1nLmxlZHNtYWdhemluZS5jb22CF2ltZy5saWdodHdhdmVvbmxpbmUuY29tghlpbWcubWlsaXRhcnlhZXJvc3BhY2UuY29tghRpbWcubXljaGFubmVscy52aWRlb4IPaW1nLm9mZmljZXIuY29tghRpbWcub2Zmc2hvcmUtbWFnLmNvbYILaW1nLm9nai5jb22CHGltZy5wZXJpb2ltcGxhbnRhZHZpc29yeS5jb22CIWltZy5wbGFzdGljc21hY2hpbmVyeW1hZ2F6aW5lLmNvbYINaW1nLnByZXZ1LmNvbYIOaW1nLnJkaG1hZy5jb22CEmltZy5zcGVlZGN1cnZlLmNvbYIUaW1nLnN0cmF0ZWdpZXMtdS5jb22CF2ltZy51dGlsaXR5cHJvZHVjdHMuY29tghZpbWcudmlzaW9uLXN5c3RlbXMuY29tghJpbWcud2F0ZXJ3bw=="}
00456{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":867737,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LvKissj3HgBAB9ZlJAAABAQgKdGBlM8K5JKo="}
00456{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":867750,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LvKisskMzgBAB8JPiAAABAQgKdGBlM8K5JKo="}
02332{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":868405,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyQzPOS7yogBgLMKJeAAABAQgKwrkkqnRgZRFybGQuY29tghBpbWcud29ya2Jvb2suY29tgg5pbWcueGxoZW1tYS5zZYIUaW1nMS5ub3dwdXJjaGFzZS5jb22CDGl3LmluZHV1eC5kZYIObS4yMnNsaWRlcy5jb22CEm1lZGlhLnNhaWxyYWNlLmNvbYIWbWVkaWEudXNleW91cmxvY2FsLmNvbYIVcGljdHVyZXMuaGlkZWF3YXlzLmRrghJyYXZlbi5jb250cmFkby5jb22CF3Jlc291cmNlcy5pbnR1aXRpdmUuY29tghtzdGF0aWMuZG9vcnN1cGVyc3RvcmUuY28udWswHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFKkrh+HOJEc7G7\/PhTcCVZ0NlFjmMB0GA1UdDgQWBBThKzBwzCaCn9CjFGCcGqMzOJ8DFDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AO7Ale6NcmQPkuPDuRvHEqNpagl7S2oaFDjmR7LL7cX5AAABdb1TW9cAAAQDAEcwRQIhAK9ZWA4GeAVNwqHKtAMMfA5XcIPnQ6DkkBnyOhSaHnTzAiAXb91VYrRbOd+AYY8jj7g1TI95A35KaBuhiVhtt7w0tAB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABdb1TW9gAAAQDAEcwRQIhAIDfiZPlA1O3I5envFrjkV+SLKJepyisR6mLhymS2hR6AiBc3vnGpxXhab4emRREPb0kiQQBI3jmL01MvTRuwvJpXjANBgkqhkiG9w0BAQsFAAOCAQEAFQdfly\/sKobCfI\/WSTkNaBtSBusmXpyD5v\/mMy\/a3KF0snw\/pFEnjAjL\/aTMT6GfbukIEc3cbqQGaTW55IUxAKnBRO0g39IKPzmtQjnWOfuimkf4G2r8USRBZFFbVJ2hh7bUH6416WzZXYTyRlOGaJvlomB8BFLKBimLLeu8eY6qL6i6w3OGzIDOVUgnaTA3dsB7QN55Pn90UZ9STol5umlCD6d4mLHRo5\/\/+tTg6S0Ro7qLS5kXj9v0TGjf\/8xzXftcU2QZw2UNlXmmSV81SczZ6ElIyzKNVgwovcxD96JIEk7joWwLFZfWbXc4\/2j4eHglS7u9Ysk1MegL2CW5pAAEjzCCBIswggNzoAMCAQICDkbwjNvPLFRm7zMB3V80MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTUwODE5MDAwMDAwWhcNMjUwODE5MDAwMDAwWjBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEtMCsGA1UEAxMkR2xvYmFsU2lnbiBDbG91ZFNTTCBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8B14TKY5dmuhHyN6CNfRpVbTKIlcNeQBIWAybX0imVNksulxEKgtnklMe3xhSDNE1E9Z6yXTWibM4Zcs3stqt93oGHR9Tz7mvzT1ZTKyR6AG5CQyKyN9mAXnDG4xWGi4m5XJQhvJJmZz5S\/x4trsB\/KFPoYm2wQfJkr2kpj5bJOwv0+EAtI9HcLL\/CWSzruvTXehY3aEw7OAcRx09N3xQimYDklpydpXIPRb3Z47sVEW0W9KTvixgkPor4r3ONc2lpvjufJB2t+ocBTlYKJ4Hhccqhsvmdrq+cz2Yfy+Fwn9PYqOw=="}
00457{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":868409,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LvKisskifgBAB7Y54AAABAQgKdGBlNMK5JKo="}
02331{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":869584,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyySJ\/OS7yogBgLMHFUAAABAQgKwrkkqnRgZRGH79rCR9q\/rOsnZHtMU+s04S+bIE1UEmt9KL0CAwEAAaOCAVMwggFPMA4GA1UdDwEB\/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQUqSuH4c4kRzsbv8+FNwJVnQ2UWOYwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP\/8\/UswPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9yb290LmNybDBWBgNVHSAETzBNMAsGCSsGAQQBoDIBFDA+BgZngQwBAgIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAKIdaYoKjsQUgyoqEk05J5BO8I2s0pZiRzZektH6xZO1NwdlKdL0U1BryfT+NPXduB36\/NwUrFaUJ5xCqgRNt+1Y2ZnSSeYgL9Ond7gqiRrvp8+GLdZT6QuTnE6r2UXupISF\/zTkDsC7pc5flYmFcKrBXezPK9PZg98DyoGnAjK3d2EQJU7ZdPPZeYK1JnC0UryPM9eKrhnQ\/JKtL7o8oEhYR179IFaVIMFyHatmmaTVeDdIG5+yTDdnev1C0tNWntMdjsQMaJa2R1EQ93vrFQlk9fnwYxYtPd8jQjqTY8yrr09XBsf+FFVizicRGeH0Qu0iMGs1GkoFgKRl38zLb9AWAwMGDxYABgsBAAYHMIIGAwoBAKCCBfwwggX4BgkrBgEFBQcwAQEEggXpMIIF5TCBnqIWBBQnN6sZ+rEF+sP3dIHQ5lzluT6oixgPMjAyMDExMTIxNjM5MjNaMHMwcTBFMAkGBSsOAwIaBQAEFBLq30bMCIA4c2C2WmkWAcwMteniBBSpK4fhziRHOxu\/z4U3AlWdDZRY5gIMH\/TWJd1n7YxE0bj7gAAYDzIwMjAxMTEyMTYzOTIzWqARGA8yMDIwMTExNjE2MzkyM1qhAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBcj7HTzup8DQQY8EiPrUt7SfWfExYmEtg8+QWmbEoQx+9yovU7TcOzaJy3X+DSV+nwcq5NsrP\/GvNk5MBzjVOf\/cdYklye6NH2J7j6hUMHa9yKo7RuWGgHw5AHP455eFdnCKfn+Ow60pEK6h3ZULAmFKVmSYnNipbnoxEJOiMK4z6uEzKmcNUZOBONs2jHm6Q9JPqkT5XJXiqe4j5yHnFw+9\/S3S4Zxsj0zdriIJVrXTuM+KShdLw6RflILSS0xBkpdBiX1xFMVjr0JG6U9sI77vXTvFWG24HBbOLDkJTOtBzhe9Y84g4ls7DvXs1Ay8ajarOF9lRhTETZrMyygP9noIIELDCCBCgwggQkMIIDDKADAgECAgwQF9wx7V3hFNRFqzswDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0yMDEwMjYwNjQ4MjJaFw0yMTAxMjYwNjQ4MjJaMH8xCzAJBgNVBAYTAlNHMRswGQYDVQQKExJHbG9iYWxTaWduIFB0ZSBMdGQxFTATBgNVBAUTDDIwMTkwNTE3MDA0NjE8MDoGA1UEAxMzR2xvYg=="}
-03097{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_tot_l4_data_len":6469,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":539,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}
+03108{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":876,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":12,"flow_first_seen":1605289714782,"flow_last_seen":1605289714869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6069,"flow_avg_l4_payload_len":505,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"images.unsplash.com","server_names":"imgix2.map.fastly.net,*.camp-fire.jp,*.carwow.co.uk,*.carwow.de,*.carwow.es,*.catchandrelease.com,*.dorothee-schumacher.com,*.footway.com,*.img-ikyu.com,*.imgix.drizly.com,*.instamotor.com,*.microdinc.com,*.msastaging.com,*.peddle.com,*.remax.ca,*.ustudio.com,*.vaping360.com,*.weber.com,article-image-ix.nikkei.com,assets.eberhardt-travel.de,assets.verishop.com,assets.verishop.xyz,cdn.airstream.com,cdn.elementthree.com,cdn.hashnode.com,cdn.naturalhealthyconcepts.com,cdn.parent.eu,cdn.phonehouse.es,cdn.shiplus.co.il,i.drop-cdn.com,i.upworthy.com,image.volunteerworld.com,imageproxy.themaven.net,images-dev.takeshape.io,images.101cookbooks.com,images.beano.com,images.businessoffashion.com,images.congstar.de,images.diesdas.digital,images.fandor.com,images.greetingsisland.com,images.malaecuia.com.br,images.omaze.com,images.roulottesgagnon.com,images.takeshape.io,images.thewanderful.co,images.unsplash.com,images.victoriaplum.com,images.vraiandoro.com,img-1.homely.com.au,img-stack.imagereflow.com,img.badshop.se,img.bernieandphyls.com,img.bioopticsworld.com,img.broadbandtechreport.com,img.broadwaybox.com,img.bygghemma.se,img.bygghjemme.no,img.byggshop.se,img.cablinginstall.com,img.dentaleconomics.com,img.dentistryiq.com,img.evaluationengineering.com,img.golvshop.se,img.grudado.com.br,img.industrial-lasers.com,img.induux.de,img.intelligent-aerospace.com,img.inturn.co,img.laserfocusworld.com,img.ledsmagazine.com,img.lightwaveonline.com,img.militaryaerospace.com,img.mychannels.video,img.officer.com,img.offshore-mag.com,img.ogj.com,img.perioimplantadvisory.com,img.plasticsmachinerymagazine.com,img.prevu.com,img.rdhmag.com,img.speedcurve.com,img.strategies-u.com,img.utilityproducts.com,img.vision-systems.com,img.waterworld.com,img.workbook.com,img.xlhemma.se,img1.nowpurchase.com,iw.induux.de,m.22slides.com,media.sailrace.com,media.useyourlocal.com,pictures.hideaways.dk,raven.contrado.com,resources.intuitive.com,static.doorsuperstore.co.uk","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=imgix2.map.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1F:BC:A1:79:48:96:70:32:B8:08:C1:38:D4:20:12:BE:D9:6F:14:B6"}}
01994{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":869585,"pkt_caplen":1219,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1219,"pkt_l4_len":1165,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABI0GPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyTgvOS7yogBgLMPFgAAABAQgKwrkkqnRgZRFhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMyBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqsozu9fkpn7\/6s9Cmu985JFgLKciPNzTDBR1Cuxfm9sVtQfvGUvJhw\/66IzOmsNT6BgfPnVoPEO8JURVBo2uKgoITrl37NCU8iu2mUgQ5DuZWT9rQNuus1S1cwEBkzIk\/1tLFninJjubpYbzrNtsDAQ2\/EVGfwU8gB7WoeGzhTCC\/7TWVTrRdr4\/A0UWbStH2uPrO2SMIcJPl5AanON\/kjCiirRWI4Yd697beejNWLSoKAvhF110W\/P+BWZnhEOe9ybf5pytqfE15qgfc3MrpIxJp1qYcmCrItkDqHjbPMil40ncSioOE4IteBpXiMZAj0MTEKoOTKLVy1HZ\/sd28CAwEAAaOBxzCBxDAfBgNVHSMEGDAWgBSpK4fhziRHOxu\/z4U3AlWdDZRY5jBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBQnN6sZ+rEF+sP3dIHQ5lzluT6oizAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFit0xDesc68QNxD9heINJr5g4Yfm90pSyhjh0gTU46wpvORNzLRJCNdu7zzm\/0VTrf2KbrCNwzivjLTPZ2\/TBOHJB3kz47G42QbHHGGZInVgKJqUMI6aIG8IKgBSYcoSPDf4JMZNiN2q2yyPR3q92l8H0ETDSnz7PuW7IXwnWs6lpdJg82O0YLvDKaHgWePox20TV9NU+1M6roMGpN052hnfgMddF6AWPmQepq\/GSMqVaVNTEzctkdtT+ly6jv70c1hNUA1+1SrX9S9dO8WMTVXvSvNJ40VVtFR+YvHVmZQIej1jG9gNCk8GMMkZI5GJf3tvXb70artwY4pBiUj7mkWAwMBLAwAASgDAB0gFFUKdnXf6H\/bQKbBOVsVLf+EpejItdUw+Rb86its7QAIBAEAC0m9xsXnt+vZRRuBvJsq0lJq2I5svfbv44H+1CXX52wRKhf7pe9xjeWghbUEJCE0ZchWeyKgxxU78\/MlXUKbMA8EjXdbd3sZ+gKkwBKvaW+o3P3kYee6s4nzelB5cv9Iul2l\/Cu2+9zEfHiWltd6vhjyuoBbIbeGbXgX7nnFp9iQdld2c4\/QE0kAarXrmALYepinSLggY2Gxj+ANFqGeLPAKHkwbFX3JQnQGlZUb+nJNFtg60A9eSp26elWUvNLECpsox1S+tFQI5ojDxinI6qaA4uVcgn\/+u2ilpohXDC4JIi6O+0QNOd8g0UK7bOpJ5xLPxsttLdvO0whYpyC1zxYDAwAEDgAAAA=="}
00457{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":869591,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LvKissk4LgBAB9YkDAAABAQgKdGBlNcK5JKo="}
00457{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289714,"pkt_ts_usec":869602,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LvKisslJ4gBAB8YSaAAABAQgKdGBlNcK5JKo="}
-00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605289715133,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605289715133,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":133578,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfcAAAAAoAL9IJHxAAACBAWgBAIICjiITggAAAAAAQMDBw=="}
00470{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":210396,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="}
00457{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2781,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":210445,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="}
01149{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":212290,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBgB+6OKAAABAQgKOIhOV8K5JdgWAwECAAEAAfwDAyko5RIhdw7iSMvL+JxYqZMyWbwdT4mua+Aq4PLn7o6AIHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAFAASAAAPd3d3LmdzdGF0aWMuY29tABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACCRstqE9fnS4cN2o44Xylwq4VObB7JF4wgnATR+54QtdwAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605289715221,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2792,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1605289715133,"flow_last_seen":1605289715212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605289715221,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2896,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":221747,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="}
00459{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3283,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":257682,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBALMCzUAAABAQgKwrkmIDiITlc="}
00470{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3385,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":273354,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="}
00457{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3387,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":273482,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="}
01151{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":274121,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBgB+5ZOAAABAQgKcHSetcK5JicWAwECAAEAAfwDA\/Wo9zH9kIsC3p0+x0Ogp3CBXjA+aSeyGzEE6vb9ZTk9IJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACB2WXZxKMS9tF781JcLrIeE0V3s7s7Xei6L\/wVkpPzjGAAtAAIBAQArAAsK+voDBAMDAwIDAQAbAAMCAALq6gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605289715274,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3394,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1605289715221,"flow_last_seen":1605289715274,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605289715274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3395,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":274358,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="}
02101{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":287643,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBgLMOvzAAABAQgKwrkmKDiITlcWAwMAegIAAHYDA2ZkFL9Vziij868SAqxb7S80ZJVwgmiW6W5w2unuytv8IHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnEwEAAC4AMwAkAB0AILKYZg9SAvoS4s5C5CcrVIvT1SuQltVH4MWcqTKAvvdWACsAAgMEFAMDAAEBFwMDCfS25\/866G\/7XaZ4XHh\/djGxq\/IGxsC5TLJrmVKlrth4JC5vEn\/1pde5T7LEH1IIpGvtyQevttot4H907FdSIOAMtMVtlh0y84L98pL61F8rnBIhHPMgIYZziKcFrp\/gqYgnq2SoFrb\/VAGumm1mP7\/yefW7XKslU20Nh+IqbfCQp0a8z+QZzLlzi60Ra2kHHCeNxnhAfRhRGwWdU94WQ64GRdx4\/Mtd4thrBnG2FTzICyNG\/JlkKhNz8\/TQvxG4hwdz0jHqpnJCXZZGAIExnjZEVSKW+vgvDa6VmSN1ojQJviThR92Pf6QD3LMV9+Mh4TQzXd8grQY+tolmPry9bUUC3y+0I6aYVAnY+WnN9a2AjLmOg3euMR31hmpzzWM3+ESN26HiMLxFC2jlCB3tdRS2Jbcewf1UCLzQN5ymV6EmpaWyC5OcD1+M4j3YpXZAb7m6mgNHCMAV+AFT+SsLGUXF1OndqmZvaseZzocS6LVUYMPjEFdWezrBYps7uZaDAMpFQks2v9bobnVqzcVJVMmzjfNCj7neR91xF1pkt8qVQThs4k94SzBbj8co7qH4A8INXvyXXGjnFfd+uTMtzWnoHPUfRHIi4XHyPx5o7nJ7kQFWEuH79LjhQdyNEw7bIe\/uqHu5nAPbjmwlPG\/YpnQQOLq1j6AHn9E7EqAGj2oK1T2nKYypAfe0GcwSqPjjXYCPEJUa1vRGzle4rsG1ZaQ3bvqgQEWVnYBVJVckWfhHkndsLMqIqlrRjCKyCiU+Rb36fVVCBc08w3dtCRKgI0Oz2I1l9C0DsXGjDvSlJ9tXnxK8\/BkO74ctzVulUiUS9gQ\/dObtKeynNpxblFWeyajDxLUQrFHr0Ix6vXQMiWOsFdb0uDd3pheIr2j48tND04WrIqll9hDJ+D+RtiREeq2Xpbq\/G4SjEMzOjOLEckQ2graRgblqeYQnaezWm0RPfXmGK74zYL27odlW1yFgJsCGm84csEYGFsJKX3xBhtMZuF\/\/629jCjFymWzp6\/9YfLdQ8ZKpt4WqnBpnK5jxpgSgnHv19wmRjL+p0UtXxa18GO5ZhrYsPWBkY0sL73KvEgnpHSqahoRav\/kreIDFcbrEFZX4Cq83imqJI5eMQJlMtC4lGC2tN01+nOIJqr5LIqEGBt1vdrwyLhuEdEI7xHGwqlIh\/IgGx1UrXwVn8yDr0eepd33SLdEDJFO1i5ym+JERLNZqRsQmV+f30JWRSevV5hfqB\/9tcacdETAJ4z9RmviLHVGDMkl9RDq6SJt9ZID\/GCOMn4m99P0CeVhUbQ6HkYKhhaLq8Ee2RxhaYHcOOQiHRPn9fsK9pk6HiK+H4yZxyQ605cdXbahgy\/0wlqKmgMBlsL9GkmwW4vBVyAcNjarOTAMvekd6KzALFfpWzqgTrlp+H26V1l+33JPqBQ=="}
-00876{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00887{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3513,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1605289715133,"flow_last_seen":1605289715287,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02093{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3514,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":287643,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpHhfhz5v9gBgLMKlnAAABAQgKwrkmKDiITleraVZejVPF72U6NA3TWhkaFHXFswhiKvNAK6jSjaBm4dZ+hG1H06hRtFBeekWhokNmX9y3\/GM5ooJuxJCmt\/6gqgSiTbIlSc0O5gdvfLBI2TGTC5WO6QFeZEcm9u33rPtfen1Ffb4KzYIT2Bi06KuiPrgE+CNWsqnUrfMFljiryLMi1me+2RpTL1wITFSPke1pQe+sn1nXoo2dkaj76JQJXujMjOH+nLY39ho0Vla7puLCX+dGRfDvQXLmWoDjowjtWNN3jnQAxrftX+updqnYhk6CyvvLn8+VDzXEGZlKD6WUUUiD8rTFZaHBG7C9tqqGu0CCdzohZKLmQFCcv+FwSPhHtLXbSRzH8mTjdCJ65Omr0em1yVFCScbkgwZRz86fJqhk1qBGdFjaFGWpCmw5m+6xzXaVx3357t4RUbuf6mFAst9zM6wCdAp8F8VdX7teCHGVkRaGmrH94E5h1RkCOrkkj6EQJHyoFcSWJ4bNK6lm2uooy5BGJYDCcTYFERlctLr6MEa2TEBahg7K\/yeDzkfp4KLdgtFwLl846KWg2XRnwjFuRDtdeV4gS6uuNCK+pgH7cxZrob7Jtj4qdHJLJbj5LtCs6BNWA9btE8MHyeNBc+\/H4qoCZNgaJeFsItBVIN\/g5HWJsONY3cJbw\/Y1uKJSsEm6sLDy7tMR5tIkq3g9wTl0LGY31SjHEBoTQg8oLGxds92xgiyRwLyrNFk4LuEtX5+m+EbXbgVusBMZED\/u0eNx1Dr7dyjj5m2RJpEK0S3chxMbpp52PheTq5F+Dk6eQ9V4frkhuEqpSUPeXk1W9Y3vyqtJsv+r05vnEPSX3YD70BwYSPWREkZGilhle+MGNYm78W\/u3zBi6pO+yzl2nJSzbGcO274hpEvlvVfN7TudLtdQO9xMJlK2YayHsyhmpX5rQ5G59QhH2JJWDEPAeZ1jaFUc5a+sYSe28+5Pw+oW2EJ+1p9sKDxoPmbs8zeWagrZVfOREZw3qH7uuwt8apfslkKZrix8oYETwFsunLNU6hU3xheiGTIdtZXYyxKwqmT+IYQEu1urRms877jKv9ngKXVET17zuNbxPH6RAtoHOzP\/6LGNlgXDWuW5sKDzVm3ex2hKCcKiYH5mCZ8HzL8OJp4jyZpHNjSmJHO8QpBNfpz0QudewmyGnTcSpRSoahWarBkNg2T81KvS\/S0ryyDicuT9TIaRHvvjZVsS2d06obWVf0gNGTbjGbPYMsewfzTlXhpwyivLSvZCXsgX5QQAsrDZ9CivPVsyWUDE163QcKx9dkSGOrofbrWpbltEu2zFdgYxqjE6I60bQG1EV5e4shanr+2qoEDVDWK\/8EQElXSo6Cta1D6G1TBzpRZF0js+oT4B\/EVyPas01yK5GUawje7Slw5c\/wEAIgj4lKAbxz1CRAWXw4R90BqemvnOghBR2sFy6lW6cRfivz9AEZx+g1arDRbRK\/xdKPwE9QwkAH\/yo7C2axl+dVgT9OKqYxz9Jtpne0M8shIJ\/\/lsV5CXX4IaQUe2cK5HZYYGDF7u5ePTAckzURJNlyEnrl6OZ6o+mT9kv+Ue+3wipuyhHrOSGungTMwAarVPktkO577+fSPUDg=="}
00831{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3515,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":287643,"pkt_caplen":356,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":356,"pkt_l4_len":302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAS4GPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpIs\/hz5v9gBgLMFpYAAABAQgKwrkmKDiITleJJNP\/oxaYBt8C5jsvVNIfMpB25\/w+YzUKrapMlVZbDQwylrG2pBgCPCghfHhset3jvV+DDf6jJebPmFOHFE\/8EC\/fWupIcvqWllrHdAro7EdltndKYcT6WpToaUtPicAvDtbU0GrelvJAloWstPRofb0n+NGjNz8lr3eQddIKsFCMe5qY3QggpcCAt\/uKZahD7z4TOINNqtrr2f6gkD0Wm+CVS89JDmp5A8PdLq6hb\/bvOGFfC1NncmeBX1A3jf\/aNDp88ZY\/ZQJYJ3ftYThrSEdRZcs0SdL3ckWZ04R2n8cX88+AZE2KG7QwmzCr2g\/I3dqOqsPXIZPnUV481NuR7onLj2QLCpUlELGnFV8="}
00458{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3517,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":287651,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPm\/2BKR4XgBAB8jEHAAABAQgKOIhOosK5Jig="}
@@ -250,9 +250,9 @@
00458{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3660,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":301345,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBALMBIOAAABAQgKwrkmW3B0nrU="}
00458{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3662,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":301435,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="}
01154{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":301671,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBgB+0gHAAABAQgKuEzcJcK5JlkWAwECAAEAAfwDA5gekqpKhlC2ipL2zI8L5\/kv3e0nxnbXEmgavka1LHWVIBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGQAXAAAUY29ubmVjdC5mYWNlYm9vay5uZXQAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIGc+3YDJXOpck3uyogqFw1bonkkYAWZ3xkO5tRdYSBRhAC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAurqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00860{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3667,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1605289715274,"flow_last_seen":1605289715301,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02103{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":321807,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBgLMNhcAAABAQgKwrkmYXB0nrUWAwMAegIAAHYDA4sZiB459qWF\/PHwfNqbJKTkMFgLqA7ZYyeATNloHO5aIJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYEwEAAC4AMwAkAB0AIDvPbOxW0+HAD\/cpkETnJFbuMP\/D\/41mS6DiCYn0OA8yACsAAgMEFAMDAAEBFwMDCdYi4qbW+gcv6snP1uLW9DrXNnZg6SNprBV\/05woDwBmNfZu5vFj\/aZ0Y4KFsvewaw4slvHR6E+eDAdS8qp\/55B9D0SoIR8xXW4mHMDLM4qNUngqUtjc07iIzKUqgMnMSyiJr+f6b0on5MmxUIY7OBYN3C\/TbVxRi92LjS2FQ1Pyf2DbLB7VBCbqMwuU5kWr\/ZDj1H12FEK3LRlAQk3THoRIV43ZkREPe6wKUZBkpu5rNQkOGLpJ6BAuC\/05O6pJNlglLbr41CzTmwiQ2fJyij8dnG8e\/8FbTboFul6RNUpf935uA45i20d92t8vQv6rEpkg2ACLy+XE9Q3scUa56WwU3DHZ+maCEvzeoshPlfRzwg\/pLv9vw01VufAIXJji8FnwgXeAQMhE7cxmaMnlClIYtXqnSyirVT1kIoPnEW0WvhgoPxo3BOJsfphiKGaIAIQeW1VUwicVGOMrCB9QSFdFLjKl3ClvsUgZWMApPDcKgAI4S5LzOlZ0eVHYOnxGVGXTai5z11hlz9iGN1YZq+dX51RPhMUkfz1CZ7i689CzsM7Q+mVeXUwuSVqLOKuR\/0GZ8fmqq5UFBLMc0hOBlNfCtD8wyBp8IpQnA\/kmfl4v2r7McbXtexTg4KvS5+pJimkT9ckFZXnkrl2o4LOftS+HA57\/AZUY2FM67fcGfGeqjhh6Qr1dHjsc\/qNbJh3DUDmzPyHomjDg6nbWKPvp44L8ujIyI7T3an5nko2O27MrJ50NjoRARpwgMzh2pr5lS1pnD\/Tfdnt33OtlqIekIvqwD+dpsyJKE5b\/un37uhn6MX8L7v\/68vG9iZMkplMikgZaqtIgzNinT62vF7Nl1aYlhzLnPrDWoalbo\/lDrvkSp8Rz1eGVnT5W60J\/mi\/Q+ShUsujTInpEnQQcKpZT8fM6RTdYGXiwk1ydsWwV4jeT0TtxQzBVZwhh1WS5Ieb65BHXxSjebu5holN8ALKSHIwAY1Xk\/NhwcxpV79+gi8OsZQdeBkxl8AON+KgPLob+fdos5KXGXJ+pgOYEKy0yLkwAMN+tBB9b7n24qRx1CKPkvkoFswF2fpB55CJzDoMJLS+RizHV10Hhtqz4cxez\/CfuEkLTcyNHmCtG5hYJCaq2NwhGkwLpPiZv2bB8UukRX33r5NEQ1MVzXeG0g\/tT+8XrZGImqjPbcMrAr1\/UFgEpQ9V4kixxkewc7tx+CF80EHHJBEwIGeOx22fTIsOkuZGUoWyQ\/UXWZheXAdB+pEFZdy8Flysnzt3AUnt7VFKslDFRSC7NRJGQ35PNjMxsBvJWCcrSigXvlRjMieQw5ht+wcLgNnEeQMFTiDbKoC3yiBLeCnrfgWbuiGBp+YQZSy6SR37BDvSrGdCmq2v0fPfbeLARgv2CV1ckAIKMfyACJgLPxRUJf7nv2dJK2FHjsg=="}
-00876{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00887{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3797,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1605289715221,"flow_last_seen":1605289715321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02103{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3798,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":321807,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqCeC29A1CgBgLMFbAAAABAQgKwrkmYXB0nrWjaxF8dS857pH18TWm5736I9D8eZ0kC7mPrFWhV8LaFulAltnTW6EYWp13eY7cqWBamEO7G8ZB54j\/OgzCLKaP\/hA0NZRvQcqsVWnesA8xOb9NTdzDlcYx8zRTo8lEpzGQhoz8pjWz3Sv6hRYvY+IApOYPJKMjJiit8rsq8LhatLc\/kDXu+kEq\/ihXAsew3b4elj3uFwxb4kx0l6ChkGqdsqHoFQF9igG2LWuuS51nrA6akWkTtP31jTEtB86xG+bx9bPIOxPlFRCrgKWqgay6LsyuxoE6CxrZOrEUfOMt57IHa5CAcRaKz1EtZPYWAal0ae\/7oJ4DzHE929gZlvmb5OXUWEhogP0q8S1k2yQ+fJz8OQAoTlByd0Cqchc7A8urgoF6xoGSJu4OhsjDI6pVsEH0sexx0nF7ckV6UDV9AO+U3E8+CWPkqhTx75XhfzZx\/y2lAo9BO\/E0glWnY\/Nv87\/1bi8+B28YVouztfuW9LKF\/lqKvxLuMG+HuzfCTiZQGUU1U9pOK4c0nyQxSr7O+1I1rWDgNgPAfnsFtN4bgtqG0K0jpGBo4R2\/EVtVDAgevK0miVDmUEZDdevfBajtMV\/upUHO\/C2XaLmrep4lHUeZMzTXRPTzT3DWZMM+SjHyxVknqQ5204ApTtzlV3gaPnQhSTKy1vtJTcHBSm+6pedZRttRVjQfd1yE6veVB6ypew8kyaoWYOZwktygqBM6An0ygBzkln5LRSSle1kupzwO6I9gGZSwyxeDHUkKCH33v3SRck7d42NA3AIyfB0H\/vTdqRZ8PhqC+7NtFtd+anbaZvwoboRxKwS5kLeH8WkaXuh0jQyjMIXOysReT8rRmkoKagAnj2FYMefsJMYg9vhwZjwHg7dtueO+NqMI6q5nm+w7iuAFpCfu5R1jTmkKrLrmMDdGzYplb8UbQSw762f5j9vQL+OTveNVmp6NPoANw8MduYk+faz+GPhtiRZZ0\/FdPxAz0+Jho\/4Un3dTrL8idqSOfXLeGojhE\/2ZAf1rpFozQx0eZZcqqp4tfYtmcnuB38s+29tF6U7qKwbnHEohAytq6\/\/34zWTGphJ+FczabMyNYO0HiB+cl13u\/WtwMqVW6uakCm+d8e89oBp0D0ftj8s2ivnoOxPGuiAK5isD2VVVr\/bh+PQYr5lTxWIu29KAzH9je4jgDjwdfnddKOA7s5KdmLbIiDdFdkMDj91gtB9l6L3gP\/cdWu4cex8dRkP2XAN2\/FbcRgIf5H\/9ojqwjO3hTMc2D03ARv0JtlAhEmALe5q1497stJHXhQ0fbPgl30Q0JSVGqdjTLGYKkTg\/vwGLJ4HhKiVcD6Z5Y2IvvdVQFEwHbAXOS9wfWpPpVEDK31bSkLqfXrMcTbbrOHE6LrDnOx8eSRfOubZD3WMn5mCcMw+VaS2A+sN+yxMV7b42YaUa3nxEgiNHZ+RV2QRS0jTZ2tDl9gOIJFOck1MfXL4zRDlpvMzx83tGwQGgvlsLe+\/M80oF8+B+b7AkouuwVQdeV17ttfHy+YC6P8BWwXEo4Uj10Ax5VrurTNl3vrFl+9dGytuF780We34L62P58cxgMQbU3XHVc4uLP2U\/csSL+8Ogw=="}
00784{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3800,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":321808,"pkt_caplen":326,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":326,"pkt_l4_len":272,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAARAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqDpi29A1CgBgLMKBtAAABAQgKwrkmYXB0nrUaotaQZmueURjb4mxm8bgKUsgOQIE+Gyt1YyxZtP4QfBPISh+JSmaI0cZjuTBPiwDs5Gfj5t\/hDdWIVTgfO9oPD\/qG3WKYbvDtPPp+KshnNvU4o5IuzUrun+JykDfleimcuawHuP0QeCZYmYwyMn\/LvnbIZZ5VTJLrRxZ1QklQEnTghz8Lx0oqCNqXfql4LByW+gl8WdDtbSss9Dmb2ZhESyeVBvhaMhknQ0Tv72Qgvuj5IxQL37IWx2RNDfMXPJ1azajuskGNEi5gNRev3sCqxSompohVWsHolBVAQeo1uPcMDqzE0P6BrslQWgylZ04="}
00457{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3801,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":321820,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0DULWKgnggBAB9RZcAAABAQgKcHSe5MK5JmE="}
@@ -263,7 +263,7 @@
00814{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3816,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":325511,"pkt_caplen":347,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":347,"pkt_l4_len":293,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqASUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Dd7WKg+IgBgB9YqEAAABAQgKcHSe6MK5JmEXAwMBALQj+Mj8F6TQf+yKp\/YXJo4mJONRlausStG6p1mUjBW5ABgkEIpbrscCgruxfEGAcGXg9xxVK4FhFT9pD7LhFQ\/UM+u5G4JYeGTWtT7REsguTlvjmevM+yINiwXXX4jip+kjeyVl8iaUksaMug1+zoFZ7QuWQOymo4jDbGuJANuxO\/1EXs78rLl2mzc0LY37oELOhYB4NN6xxZqbKGdD4V9ACFjhBb7DnLERiUs8QOhUIu\/TLqzIIWco835uYAgnPI6SB7gxcnjeQ1A2JcQdCZsKOiuycQlguFgjr9XrmALIViL\/caiy+m2gb5gd44u0rFFQpiFIKXtvrjNZwUu5ccI="}
00458{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3818,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":333683,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBALMKNIAAABAQgKwrkmebhM3CU="}
02338{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":333684,"pkt_caplen":1466,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1466,"pkt_l4_len":1412,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYQGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBgLMNqoAAABAQgKwrkme7hM3CUWAwMAegIAAHYDA5OWhtC+MdVWmLqMzi8189h7qhqc0a+UHKGSNRYO1w37IBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/EwEAAC4AKwACAwQAMwAkAB0AICxQa0OWS3y6oirInzfY4V5QFfypcJoXA3vl15pCikd+FAMDAAEBFwMDA\/lGCXyHbTzKAtf7IJ25FPsHwb0S6k7Yxl2I\/8\/nbBINk5ZFRBeUMPecveL\/PfYZ7Uy\/Xgef3rz5pGdcBHnhXVEVfC0BovxWe52BOW4hax11k\/94ovEe2HM\/3pGeg2qtd97rjONadyHVu+oK+gqGd7Ls0Ad8CNxl9iTFzRovHxbkqK95YSSCVrKkp9lYZiBQXfYSJi3ltv6bhD6w3iuwZneVPWf89bc1TZdD5+NylNZtutc2i7YY27bPKqYXjrthJRPxNam\/Ln11HYGY5dO65Ge+TCOA8aP3kaq+xfqiHaua14pk\/hKW52dEc8CuqWvIUi5vV1BGB0IkR3ltwXsKJCrhiUVz66A9DisfVgl0bpIa99pwyY9qISlL5h0wJoZRbniQhuLwGYe7XUsazhwKI96eCQZknMCSzmDb6uTf5nnA2jNhhGu\/wQrYWU5N\/RkT1op0QZuybXyDmw0xFSbuYdwxtd7QYySxZiS1CXVjsR4iJr\/h2JxoK0ZU2WJq5EHy7nNGht4AWI4+wxU1SrTMUpr4N05XcoT\/H3GqP+c\/Wx0eNa1JZQ+QKQURvCIw1DC+l5hhfuaiwAIYu\/vUoKlqg5Cy5jzOb1UpLGy4\/WhtQw\/yrllaH7kxUKfrHb9Bw5jf+RLG\/nOJG4Q\/5+U3CCoC5yk0SZN7Zs\/FeRIFobffQXkOAnHc5HDXO8kcbwMYnibn\/YANRwQoqOzXIKbn4hWd8in8Tobj5XJaraWj5Mrr2YYOeZ0qgVQm6FJUtEGpddhoELPHdYRuwCMrcQPHtdmFPAa2PNYHytvndyK\/Ig\/MQxLYz1BxPEM9pn35WuYtm1NVBLRnMWdm9NFHCPN46kElzo6gPcXmiDlyoPIYuwTTg1DKyfgyBsziaUjI24kR+KloOSjOSfrzlhFKO8DTUeNKnuIqPuXmT9jXso4HtF9Q0WmVFX0FmedwTSy9RrM++1OxJfN5RGJt2Sq9bWle3ayO0PZJQ6kHzpJj1JHL9DnggTr16kOvb2yjk0AVXiG1n6XmbAmJofLylERWpgF6FHv5jCYfXdX4P2Tw6IaK+JLKmcjZjxsf9XWQ4QNFgVEingnNYxO8Y769QViBDHPhIMbiOcCSkdYtMhA2OLdFMX0rbj8zVjFc0XJ1q\/hR7zzV0wRLmxiSU9YfLhphhIH6vC1PP6zHqyJKH7Ed5n81vu4sv\/Zx37SRibEBd1CgTh70axDu04rz0n1hTtg6ehUhhZ3Yjx2K3tGVCb6KoOeXUxowIgCDwGNWONwI8pQGH7FqHPfIGU2ba1qTyN3r4vuzfRJGLcAe8zmaVouoEaK3yvLD8kdD3bday134fBl9j8SMaTsArhXVQs4dsO8d+IkXAwMEZyH1EQotn7eLC3+9XAm+I\/8vq6eBBl7a07xEDzc5kqi2qh94EfIX0iUByEa5HDVeU\/1nffyDpL\/xmipughkC5VB6HmkM7GlL6jRexThJCRr6+4wI5LPImHmE5v27hgC+NctpoaslwX09977Z+NN0TR06IKZ2Up3XPtNV0k+aJy1mom4m\/JDiTkJ7qJ1bdaiQwXncQ4oDZC9p4moFweBPp\/ZoF9E7NXVTZjMoqSStzFPzS1yxZgLUq2qJ\/42dK6VCj5qxNquHIqSdS2rk30KfTtDIkb\/rDoMTSB+em70="}
-00890{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_tot_l4_data_len":2105,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1412,"flow_avg_l4_data_len":350,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3820,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1605289715274,"flow_last_seen":1605289715333,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"connect.facebook.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01687{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3822,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":333684,"pkt_caplen":993,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":993,"pkt_l4_len":939,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAA6sGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtD5Nyub6MgBgLMNOzAAABAQgKwrkme7hM3CU3pfipV5aZmolb26Dt3CM+sDykT15HD\/M2QVhfwmX\/GX8GGrlWTMKthcqI9MkptOMD\/YM4\/kWJ3q7LiBUvAqYWGF2dODRCHFysfQ6MeBnZZD4Aw3rjTVbeaB2N6gP04XVkx4Mw7gxqGPaBe6TYLHhsOSxWjeTOO+G29YiOeW9HPsqJ8p5+yaDvtkxI\/Qu9uWNzQrUz9q4kpsDCvMpdCQbJNvyXqQYn0SHbCDU4dh1O7+2qTOMJsOyhAv9w2mxmwkA4LqAK3RjPVNwM4p2wPt8hBLXEpivoA9g4ogUsPHS3dyj\/VseLiuRVR1OvYktRrnMsZ8+OglGu+UDeAcUeluRIjgWdysPgrwj9Vq+Ad++OsGL3UmxvVVHQlqDEZv3GdsnbPe7crH2TBWYKBRsRY5QUUzgPfkckdE5dfo1Z28PWa41mcJTji0auvt81Xtu5bbTtAb4d7+buUh3uHzSEjZzkVTD0ac7ZsfGabklirU4fj0d3O8Pw27N\/a+q\/hmS611m2S2KJHa4FS9Epy9GeS4tSyOhCAANb\/bn3Dsy93xlmbJVbHYcfZgCL6PDFfExF3F70cQM5vymQVP\/xqJuWUu16xKdZNHJ\/VU9czwuANos3SecKvqO4vnLmw2DN+KDwS+ekypdCl9w4k53jBBfCJkuOaqqbYtgTqatVS\/cnXanTQNmGqs4ECHmTHZG5Xp2DEPl9EEJNOVXjAwduq5IuJblkdTJwnNsT3aqUZLEUFW2z1hDaRl1MMKatsmhMWntb5M175RwgnntMSkf0CdjEyS0NFm8R\/AJNzsoLgUO\/cP9GFpR9VT1LOIw1RGChxTLAtiSCRGSFSGqJFrI5P+s491g5WGm3idC5w3pZE\/dDnUaP9jR8SVC5XTOUy6ZeGmN9HyIHg6cs8uPaN\/hIF9AaqAzuy0yG0N0hqJJZvY\/bWgYXARFAmwtCKZXmotIISocJKtjJ53jJSUVpLaE6gXNNb0kn6Wjj3WIvfpJT3cUR3Aqdj9cCSDwLJpzhZYRsluY\/Q6cNO0eTHqTKUt6UhsujvEvfjmSX0DNOdYN6P7HspGGo1dhzru3lLL6JZb5FLDnuY1LimbfWfpbmQVrFxrHbAdPz0mVzBt5hm0zy64zGklZgYdXKNUGKF6UGhYraI+ybJnwQ1XWHYUGgi9S0XNHXMhpxusi28tItj4NuDG9vSDBUcVDJN3j2kV6gJo0l"}
00458{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3824,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":333713,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vowSbQ+TgBAB9ab9AAABAQgKuEzcRcK5Jns="}
00458{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3825,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":333730,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vowSbRMegBAB8qN1AAABAQgKuEzcRcK5Jns="}
@@ -275,24 +275,24 @@
00812{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4319,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":402857,"pkt_caplen":344,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":344,"pkt_l4_len":290,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuASIGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vygSbRMegBgB9bDoAAABAQgKuEzcisK5JnsXAwMA\/WHez4HjgzpR+e0AT0snmcB7El9raCPaLqEeDVY\/F5+bjnp+tssVmfY+NdrywuJT6vqyQEOix0E20kX2zKcc1U6COVb1CMoPn9qghUiex9CkxJV2w+6njOoTbdZrprDciPLl8z7GKmz63bfuM75dNvy3taXwDRc24yb5\/C82hfmuxHz4AXjYS\/CH9\/wQWJQE2sRcSzhzHwlcyy0wTZGY18TNfU9bj\/2XOEl6TJdw8uYl00Tos12x+h7zqVgyiQVb1rxQRKaoPlfNBCQ9RTki2fKbYjOFNz2ZHlZRtJVugfJKHveMcHFxp6peomxXyQTfa6ktIRmTllroRFk9gWs="}
00459{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4783,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":426864,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtEx5yub7MgBALOJnIAAABAQgKwrkmnrhM3Ek="}
00459{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4786,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":426866,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtEx5yub8ogBALRJlgAAABAQgKwrkmnrhM3Ek="}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605289715782,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605289715782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6497,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":782853,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="}
00470{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6878,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":833903,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="}
00459{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6886,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":833970,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="}
01153{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":834672,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBgB+\/QzAAABAQgKZx9sAMK5KF8WAwECAAEAAfwDA15ScC6cz0Mm40ZOuOfJU9tsVGcffyVHK66YSdKRGbaAIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgpYv7qRG6do7VtNy5242ZZbX6mD8VP8lQEUUuZeSYdj0ALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605289715966,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00859{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6914,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605289715782,"flow_last_seen":1605289715834,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605289715966,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7909,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289715,"pkt_ts_usec":966342,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="}
00457{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8856,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":18193,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBALMFGYAAABAQgKwrkok2cfbAA="}
02335{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":18194,"pkt_caplen":1466,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1466,"pkt_l4_len":1412,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYQGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBgLMGmwAAABAQgKwrkolWcfbAAWAwMAegIAAHYDA\/Zv82lNuRbM8syUiuhC397Q6lYK25T3wLvnkXjAbaHKIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKEwEAAC4AKwACAwQAMwAkAB0AIKgVOsZfFfg0E\/C\/x7u35Pu8x2v5i3X+EqqCp03gZzMlFAMDAAEBFwMDA\/klD8sfu4\/LnegWlGovjl9lUv0bXkf8RpK699850o2szbS6NfXtMocHWTa8Th+s20BfY9zCxmomNr\/cPm+SRf7GMy4M+yclTSrjc\/CcSUZ69Z0c18WYpmioLCQSoPxBoA8efdvNAtPDEP7tDaO6331ZFZE2wi6cXH4w2jcPT6kAzhd8gBPkA5vl2Bxb1Dc9HoP2c0MniTc6IdBSKMh5lnYt94XwlrpR29u3z1Vj+9dQ6B2hBjsV4p\/TksY5WsNEAz\/s8oFVeLBMVlwEZcoZw+uYhnc3bgLIQxdcRRoNaYiIoaVWnAJh2tfDuVXVhK275sUmgTedibemP7xP4S74LrrGgGyBPSY3JKDEZEVp4XxMLcfGBMYtJmW\/CoyV4tBduLaYVdcXGrLdwFspdaMift3krDm3hVV\/if+8hOgY1NvTyL0SnplBIIjBt3uhRnLwTOXelnZj4DgQFls9BEJP7DonMnuiWLPp3KgkKOLezFxfpcmDvZeq1KrIlzkK8na\/weh8QiMYGqqvur\/7eATXhb8lwqmX0HXpGMASgKzdyF+nlxh69YgJLHQO8BBsv+sTHX8TQ768IceP5vyAJXn6mTGHDwgboH50bLQx4Wc10\/t94NPTjHjqeKHGUIdBJZ2z\/jxQQl3sbEGHj8FtrlfK1qvO4k1eJaRsKcffr5zVzt77hCS5aMKr3xs3CZ5fNq9nu9QG4Xy6eqw1zdydCCQklBwHCZspTeklffPg333zPHaDLUZ1\/5VqOS8F3bOY3udbukkOtDgokPfSYiEpmKayHVd8NR7w2vhR1\/zi7CrxzWsmp5GJseuJlnVxFo5EU8eXyuN2Zk8qhIN7pZHogf1tCnDiHHd90WsWiBnvliUEUoYz9vMnhUGjPFdU\/5PFUoyu1sMZHgU+RSOuYbvxcynlbFcyqwYdI8U8hXutBB\/aRzjXh4BHG\/39+SBBOqCTjy3bBbqjvSJLYd1TZk8VbvW8aZG+2KjJmD8rm8KgtAI9yJGCU0o0WB1dcp5ATG5ZuBT11k8aCS0mez1ikBixnpPsxbNP1g7vkxyr\/tVwxmmSshK8HvZqVe\/bnC+RlZERrqSkRKyN56YyEOTAI1pIA1SM4A9DUqNCcWhskAmc9ChePid8pHQUJ13y1hkfL1YVY7GO5eh3o\/5CixYOLy\/Bl1HyCrt1qCS8aBZoxZ5d07Iv4S9VbPoB6sRZYAp31h3lElpB0IoUe3YP5evJ\/cbYAcsfk8HjPj5y71mZnIFYzHgyVQKNz+pLi1A6ZkDGFGNwUVELZGIqZhV7dPWsUO6yDyO+N4VPeSHlGJMzy7Vk0cwiR5k3J2WSKk3lMnYZXBiPAg2r3nRhOBhpkAdW3noXAwMEaFn7xQrUi7hyqafiLHadc9fOekqSQ0y+iTrrj8cxNRPJTLuhdEMfKw5UwHNKvsczF2H2KJ+4LNzk6OLgErfB\/lxfvQ3bisZ3VdbyXR1\/geRQYx4Y3icfUrdeC0Urg+mv5wR\/N2tI4asM8lUpBZOlS1q05VBoLyqkl2NciUwS5HvvF3z+aXjSmo08zWsZRsSg5QK0Sp3HG9JslD78QA\/b8lldD6HSGefreO2\/CDBcUsC01jbQFP4kfS32K1\/OmLRDRZ6S9Hxurb+c1Typqs2tw56W4XA0o8Ps3vtGr9E="}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_tot_l4_data_len":2105,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1412,"flow_avg_l4_data_len":350,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8857,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605289715782,"flow_last_seen":1605289716018,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1380,"flow_tot_l4_payload_len":1897,"flow_avg_l4_payload_len":316,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.facebook.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01695{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8858,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":18194,"pkt_caplen":994,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":994,"pkt_l4_len":940,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAA6wGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp\/adkW7dwgBgLMNygAAABAQgKwrkolWcfbADDVeQ\/k3Qst\/RsaWEuHKPFLNvjqq\/Hv9LHzQjH+Rd6ZG4RKRzEy4vqn5joNNFQlNiVDa9b+mlsNOwpZtc6939ZD2VtXwG\/FwSv4EhAG2KOX5xPi8WELe3kmVEkZNohga9t0oegpdywfuSu2bPHYiFyXTescq6KHzT7iPIutkYxYBdKRxsgONnyjb\/wtvKTndDNVVeqJNk6r9W3IiJIEgn5LdROz81zgQLgfpzZnziaHHXUGZtD8GG1i2sG01wdcIe096eLMizqVjzY4e6Y1nKY7rraRV7YqPosi9CJCHpN0R4NA0et7DVrQHDpVHuAWsr4WK98nrv+ZGGmEbMQZNkrXQT\/4L4Gb86pOMC\/paC2K6VC1R\/uhe6Dez2CDNyr\/i9+9jSLsK9i53Ws6crPWahTQmIPjBKaXmE1IjNxAxpiGFyUVyHH3Y8ZRZo\/thiFljXQKRis7JoRF6YAGs+XjeWECN4oFhPrBQq452H2XdFRzon3IohJ2d0ragabNxHThSNmgakBdO6cFV4ICOSUbWGz0rZtNRNEON\/pSMmgk3n+c9dUCPpKtC0gTFzmwyjDXzb2Wn0qQNeiJXPJAeUulC4mAyzOgEfvHd2UI9OJsgH5Z7NQWybH1xBUxjREpHuCS5Xi20OHJ8dwt5l6AcjcQUgXxoEo4IHT8SbQzLKYE9P18OVTKItOhhAYs0n3GMvYI8UOnUyTlyzZ5C29ULuZSd2xHmEHrP25vl8ULDxQcuSLLWtCdmQjUKANReuTdiGl5knlIOJbOt\/ldE8QBp6DmqE4xcZ+26121pUDRq+NbzVr\/XmEF\/JjVm0\/MEHfdLlsiKmbNDFT5pOgP+nTEG0j7xQThvDtHWqzE7krS6CgjbD8OQFzcC6JuY+ObbRw2u3WOyMCRw74AsbPM2Ta8vQwOpHWSeMNaQ\/mu+OVLvUdEbU+hZqbCaD6JKrvXCLKXnAJbjydA\/ky\/QMJZyuxWZdcmb6OeAfp+pos+xm1EW791dlZuYGKzQ3bYMQ3CNjc0G1FQV2aL3oZbsWAaabaL\/KDyYhMSKlWFxc\/pcm63b+afaYphtjtkwBMqNWyys3Lc9P43ZDVEyoYgQ7o6MfvWv3Z1PWXjJjp77ec3VFdy5hzLk+i\/\/DzGzq+oHyhLMwy3HWiqvYode50VvmSVOJwIyAnn9OqhyiVitUr5LFVy3v3g0Brj5YCl8FWMmpuRzYN4A=="}
00457{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8862,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":18343,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2Rbt3AAKf2ngBAB9VS1AAABAQgKZx9suMK5KJU="}
00457{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8863,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":18409,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2Rbt3AAKgEzgBAB8lEsAAABAQgKZx9suMK5KJU="}
00469{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8901,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":21823,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="}
00458{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8902,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":21899,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="}
01151{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":24503,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBgB+960AAABAQgKqS9KF8K5KQkWAwECAAEAAfwDAz7PSjjgfHJf+nCfn3DPMxydUwVUjvYQFiNHK08caRmgIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAJAAiAAAfY29udGVudC1hdXRvZmlsbC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgphW3bcEnLefm+sIpksFu2OouFtq8r6bigf0SizCebCQALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACCgoAAQAAFQC9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00857{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00868{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8903,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1605289715966,"flow_last_seen":1605289716024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00544{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8905,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":25947,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAGAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2Rbt3AAKgEzgBgB9eN7AAABAQgKZx9sv8K5KJUUAwMAAQEXAwMANaH9kE70EVJtV1DDSBkEQx3iDCkWHzmcOn6XCYT5TkWq2Y02DcjUNtb2n0tU2GKt8EIZui0G"}
00585{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8906,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":34506,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAHwGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2Rbt7AAKgEzgBgB9QrTAAABAQgKZx9syMK5KJUXAwMAV4668ZbiYffDBt++pTTpcgIdJqL5yB9rmBga9TuRIpkPti6ML50lrXGs6k2M+FsTO55gA5WdB3fLulP7A3+ty2OkaWTeJgp9kcoViDG2WV5NRFgtHSMPug=="}
00962{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8909,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":38376,"pkt_caplen":456,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":456,"pkt_l4_len":402,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAZIGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbuAwAKgEzgBgB9WV4AAABAQgKZx9szMK5KJUXAwMBbVLhA881WLV0udNBaKUcp\/Bf8F7uD2l2ScQ8o40j3H5ruDKrtyQ0zt2UWNq\/RZnzSCz6FZXLPGjsrYIIizp\/Jg\/xMWafdRreGbQHvB7UPRJA9MrWNlYHTKP4XlTnCuG4SQi7IeTc+CTbG6fYRRlTgKZTXPurq+iDar6wqLjYv0znqh3GthYIT6arq8jUSLI69FMi4ThEGdImRQXXFu2AxdOS1JnUvTMrmqP\/xHBYLA2XqhGT2itwjYlhb10rNKBv61mvRvHfTeX8z\/gsH0b1NFKa\/8DANv9t6MahgA3Z35CY8s9ReN9UpeJoYNQ1pftNIyBNXdVMMinY2ZcR7Eo9BywS5XHQ\/ajP+2jfsHSB2TCb748CzTvwnlzGEsZZbpXzMHB8holYKh0A5fkXHpdp+5k9CxCLIYSVtLl4CKUlN\/vAUcwijWdsdav49Upr1SO6sLdzYYIoi1YKonKpcSeO9QQytkFXJ1Jvcsa1EOY0"}
@@ -301,7 +301,7 @@
00458{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8918,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":66903,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAqATNkW7gMgBALREZqAAABAQgKwrkpWWcfbMg="}
00458{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8931,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":77506,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAqATNkW7l+gBALckTEAAABAQgKwrkpW2cfbMw="}
02101{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":84706,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HUBv4e4kgBgLMKVvAAABAQgKwrkpYakvShcWAwMAegIAAHYDA1jh7xCoTyadSFUj26cQkOgzytBbi2Isa1DRm+sW9Q3PIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7EwEAAC4AMwAkAB0AIAp5l5jvQ3NMGiZznRuVxhV35YX4k92J9I0sambEOydfACsAAgMEFAMDAAEBFwMDCttwljQi6GMqImLVcNfc+3JdVN1A86OnoLPZbEt6YVxteNjlRD1NCO82F0p41xwX0F4\/uUJk6aphIzJmXehIFsxmzu2r1T6QWkEm\/rwGNGddIx35Ol\/SXn7yU28dRt8EGWBEZhV2TEt82mTDu7F+fWK0mWeBRQmxQEDXPWhufLbSFb9bBa7p6+5cGAxpskeS+PE06a6qgp2cf00AxMyHKU6fMr50x2FVD1Yxhdd0EtaXWySr5Nc1+UlCJh+0IeeQUf6kF+3G07rJgpImPKt\/XJcghKONkb\/1nkTmu6jqKDy+ix1gcrbq1+6H34Sz1XgZqgaUcrxKsiohxt\/x6rtw6h7e1+C15DSfseiK26K+yHEU+ZyRi6nkWhfH+6Ve2V+fPtitnORJ4SsViy4FczjTEo3zFR5hHFJ0h6L\/7fi8dPOs2qxL\/CaQFeVnZUiJ9ieAHyrpQibkYP5u\/Hv7hcKQlXYxWEaDnMsTgZeI8+FkZ28KFYojCvTfUiAmC2mNcHOZHevCrWfyXO1LulNbDAe5eip3g0B4NFMA2UxgcFDYVP8vQGjkUOtw5jKF\/NM4kJJoqwN+VEZBCdKbu4eJO38mGPnIfM7VYCuHnU\/oJ0omrP8zLymDZS96FzUarJv+fih4SXwwlE5pmmh7xzguIdJintsCEhx4HO\/YJEimsP8b0gAGU4eORZMVs5WnYNM\/HA+96mUHobDihYUGsnmh8o4F2mbw+wN04KUe2v\/bCLjmUNcX5rBbojkkqVLskJmh4U7QAjyEUQwj75f5ffucHm0kV\/Fsq5Luikxt7IzqVpMovigS9buDJVE2la3LNEgMuxzx0UWoBb1e\/1x9nrN1bQxUE0XhSnQYj8CIT2Jh4WPFus6VvX19WOxa0EIBBTO4oa+sj2nOQoYzz01EbevNYSHw4KnsPJ10UKC0sUZ96NhBZxXgM+DOspWf6XCY2KYS7j8dYmUzNpr2cAdSZaYJvt5uf0\/\/GT83zwh46Q50cLI81bpl9ym1\/BZO2FC3ylf+ySUaemW\/0CgmYDqU\/U4WEe7pLYDfb7GgbiyK8SG+MVzqJs3dLrSmZPJ5pV1pZRx\/uHyON\/SLZ+9CAd6KkfHrNkLFtsvQJ8BMBUCu4Lgtnrb+fOe6BssecrdcnEAvUccqMg96NBPMMtXScR5t1o+iUTnTpVHH9ssc\/xdCypZijQZiNaLTh3EstGdhLMMvWE6t97u3FT8d0o5Bc25FiunyCBVyBQNVckUuKdIB21ROoUm1hC8ScpGHa5h3+K6GxpObffdagSfkB82A7AE8h6a6CLmfLN\/Mi4HXguB+u0f3FvJ2WBjXS6WCssVvvq5bQZduiweEnGS0ZXBNcEtqwXSz13LcZdD\/ZawiPTjPEK1GwiobeilqzJTfSSDielTHl0STYp5uSuLgMFf1aiM11Dm8IRvs3Q=="}
-00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00909{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8994,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1605289715966,"flow_last_seen":1605289716084,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"content-autofill.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02099{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8995,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":84721,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79Ifhv4e4kgBgLMCeFAAABAQgKwrkpYakvShd+vprtRhGvjegpUhnYQiW5Q\/KcFIriV6IjWjuEjms51Z57AfPU3abtnpvRmk2l+Z8JVfuAuEWWRXauRiDD6v8P4TSK+lFM66ag6xil5lW5ybWs+bJ2sWfDC5wcOc5huVfTl40pbIIlt2HqQ+kFZf9OBl0gauZpgfY3\/snFYkUoLUTxEv4LxJOftXHAJtVCVyucnF4B0hjDm3jtnj9NI5ylk1pOtGBjz4R8OSl8DuhWeGeo07GOM0QC\/x4yWyOdg5j1+rYszFlJMos8OhC1I\/+6duxw5AFQgjhrUJRvF5D1znZQM3jfCEISRMjqGIAYs2fZOVcSigVs19foTrayErh4W\/wbPnaqpyZvNVqKhX7dAKe45nzudDsg9RyGMtS0VETNGdrQeWUtD\/yH6EyUqTtrD8whBp07jX0hv1x2hp1ACS7b6TfQ5zO8dzjrY6ApGi0hSr4HeMui8p6dBa3eC1cAO28UrnTEU0FRqyAk8aylzTK91zqtc0gCPDtiI0eiIjjkxKbi3eeoWHggU6BFBStFQt2nFBrgDtDA52hCWq5hV9ho5ia+TJPdgimEnMVV1T2IVmi\/3fFKKrjmyId2fOVufUTvh14r1i1y2SuuB5\/mGAq1N01+dSI7gT\/j285J6UyDnCIsJ4cvslJF1NwxxiqXuB5+5W6bvlCXKnlpBERtDdIGrLTG2WROzWqEVMYlLjht8TthDhPhYeOmMALz5xDMbkmhoqywMk2US7Sn4sZuKfh7WZwKlKfdElenTXkjK\/e6A75Lkms4pE26ZoC8NFuPJmhRA3b3bysBcsQ68kznsV7TrU\/QkFPkZYmQv7KrWM7eo23BNlGLvz\/G\/eeZ+4iTJohFTluUmHDP2gTSPfyu1RooFOhT\/oUw2WZRT1g4XLd9NvsKBZ0ZEcW1aTBx87b6EEfpxwiCNkmbk+I\/mVndazWm95nm5eSeL4aIyDKCKA21Vdwc1kOEZMqNMVYvyTZUp0eTMObHYn5p\/EOcZxrnWjtZgYE6z\/mGc+xVBstIVUuQjz8NMy2+JOFOnBG9mMJZRioq8P2j7TMdebkY0bVWdZGwFaeTWXO3eC8FuX3q+owdph1f33W5m4g\/H7AEI+DF2PANpCkn\/GQZkeUd34Dr9CJWxqVPQZkmetdQ7nufU+0ZQDLpYwTZyMT0WfQHP7PD9AHwYP6ZJxE+VU9fDwIN78laP\/OPVDYVYvrCDZ+EmGFj48opI7As1KUdIxSq64GHGLqkQcILtOEkl\/Ctyk7Dql35nmNyjFFJDSvenlG5d7SSfjgBW8Qv1SRTFFO2epRVnLbnZd\/U0xVNh1F4o4n5xtggn9dVixDHnhJrg4QosI47CjbxjK2EYeJjJURSXDU1s4WhseUUcVBH12XIU\/4nQ6R9+IETTN74rESuLYN2DEWSopmY9L9tSWMCv\/4nXhmQ+9htstYIJ9+B7m+alOBTjsakL4gDlxKkCzxfDm9IG69aYGY2nDdoXwngo9iGOt9f1a0LcHidDuZSTykEHTJ3TBKY3awPaCsxVwSXbaTCBOuq2lyi+LE32LS6p9+gGKijLe7A98bewwjKaXWdLu3SFTRt3DiGhJC6QFJPBB2bDw8eLwNhL8i8mA=="}
00458{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8996,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":84734,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7iQO\/SH4gBAB9V5OAAABAQgKqS9KU8K5KWE="}
00458{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8997,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":84750,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7iQO\/SawgBAB7FmfAAABAQgKqS9KU8K5KWE="}
@@ -311,7 +311,7 @@
00590{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9143,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":96907,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7mQO\/SilgBgB9QjYAAABAQgKqS9KX8K5KWEXAwMAV4wi95mHQO3oqT5eaTeMDqyxuf1D6Qqc\/Rqvy1OYHBiLxtW+Ge\/zIgGYwV17hKcj\/Fdznb8gKqUOEHhEyXT9IbjARyD4aDFB9T\/Yw+hLh4b4LSEV6vWKjQ=="}
00964{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9146,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":97513,"pkt_caplen":458,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":458,"pkt_l4_len":404,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AZQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7sAO\/SilgBgB9bbdAAABAQgKqS9KYMK5KWEXAwMBb+MZ0k31w+ZPx1pEvBvi\/m1je73oMS233FKUr+3UVW1TdbU4PdVYM57FNcetHZO89SIk2nzZHavyveZP3N3Q0pwPEjJwsaOJB5WJP0Gxks4\/wcrOTDZhPhZMrqhVxOpp+IjuroWTwHpi3u85pf8XiIxpgWw57cvV+hsieU9w75BmtabzcUVXA4lGmOtetNUzvQc\/DM53DBoZ8EKBV60lQAwWdRVQZ\/m617J6gHDqQyOdnjewq8yuTf31DyziELMi9XJY8dHnJwlyS0k4hh0hIcOZrXgP+\/T15XuB2YsGOIxPxftq0BdM5K0eOhGTJIjKVaAyvWHDOvX7zh4B1lwYH3jSp5VDUUy31FoL1gxk0eIpP5JIFswJlJ+QdQVkZdP5YSahpwgxiq89PbZJd1m1fZhgN2oQjvTaMtOGjtzfvja6H+QS5gM6Me4MgzenSXNLZ7S\/zYih08cTkN2QmjG6Od4r8u7e7DRWFrK6rEn7fig="}
00459{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9155,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":127887,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79KKVv4e5kgBALOE3gAAABAQgKwrkplakvSl0="}
-00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605289716168,"flow_last_seen":0,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":190,"flow_max_l4_data_len":190,"flow_avg_l4_data_len":190,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605289716168,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00679{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9522,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":168715,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="}
00628{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9523,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":168917,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="}
00459{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9663,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":192184,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="}
@@ -327,15 +327,15 @@
00460{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9733,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":197725,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanQ+\/4gcTgBAFVLWvAAABAQgKZPSVjcK5Kdk="}
02100{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9735,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":197739,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/iBxPZWp0PgBgLj+DOAAABAQgKwrkp2WT0lXAXAwMEs1qdxWANqYldh84zdMbqWXk98TT1o6ZNodyNYkvY+VFt04hS4zBfkI2Lqi0QF6Va1uUtj74etsL0VR7NU4yjSPF0YghWZoOmvydjvp9tM600tzhmSznkpTYYLS5KaxDjATOvu1n4lMsMLgIAP2L1eHfnpQDozGQbZrGjTq2RQSXqUl5vQwSTfj01+5\/fjREuUkHnytrRGTJt2XdygJoNhrJknwheWLsKbrlmG7ah5rVt+MKHUMmnCvdkoLLKs3RgozCCPxm6YxGXafpJBOAbWDGzIpw9mWptNg7T5\/LCAcj7PhHVE0ntjGPRTd4ZOBgLID0GQv3XUFaPMWQ\/7c9buxzT7dp\/39Rhl1xgGhjGVI3l2XYHHzxtvj1OcIS\/qtjQCU\/Lo+BJOoK1RitTlSOAyfExFnHk7wn5HPu6Eug9G2MzgwoqxSNHLTE9Y\/YV2nyhNskSXQWwWexYbZDuvSSv6LjrCPB1EYNV+VKE52DHxx2fxBWzSTA8yDkw\/OzDr2tBvybf54UpWBfJhvZ9SLl5uH8C2OQWRjdtju0dPeNvPcxIwtasCsOvhmhg5QxseOrrhseZo+nrEhIz06K1mO\/5fJEYrH3dYshNrK5r3xCyZcmr2LZe+zMuhj+3Z2Uzyo4gp1mhzvQAVMoR5gx7k6Fp4DpBg\/jgpSE6HxLKtTnNVCvDBnvViC6FWFGruSoIxr\/cbrzqnL+IyMntW3sXJf6crzBAVbZQus7soXODCOihonEqxWPpnoMyl5SVaoOcSnLtW\/YGXePormdwouZJyKTH+XyrXKB7bfyNf\/mQqNqO3GvJA9G+Sc7zJ4u2o0KN\/RN36LNMfVjIuqmPRmhX7gpcBYTYhXj3scOOkkynzAdviCFCuteSUHDM1rIawvsqJDiw6+Fy1fTxiuiVF75dZmg7c1NV0i5vOdgPMl\/lXEmbmkrWs6Xnkn+p+Zh5ZD3OH+SUlMmUG\/yVExpOw+aR04j6xTRu1W+TuXSEzJNVhhMzUNzuUDa9TNV7MuxsUpGGkNh2APTb8fH3AXmMZNfKzhiBNQ92rj2EnkQm+9oeD\/nfTxeN\/ugzjXkEz7wukOhCZ1lh2GAhqgyKzFyWbRXzbJXpW3ovzBDe0LM4OsUPwm1d9qArLGh1QNTfXOOSA5fngQKsj6LPsYMTLyu2zNc44aDoVoUQA5GzV65807oI25XT0KfSBNIu8RGbvlvDmw5G61jwAjrbaovxGuLZjkMdsi4bBsz750fNwfeWt4SabvRO4tSkWJCE5Yr\/iq2hiQyHDq7G+gf9w4H6tTedqwbUzegLDhV2VOhnHFhzLmMQWI8AriQUKKSfe16I58fRDs20uO3xJ6CakdVm3rRfwbB8QFCLPUbWEWQxPxDCJeC99fuVCSqwoEuBPB0us4zOj71aR63kawLmJb1dMA6ic8vzL18LvojyDuRi6GrF3LwFY9ecT6P\/h\/QgLgdP2ZssOBOy64HRR6s1Y1cFVvWmbeNzyE7KJuVLQH8TQRZNpwQBYSfaBEgCqEnPO+e0NQBoYEsim6Np6n7GAc+LFwlI5KynnDOZw14s\/oDxOo2oCr7GNu9BCKv0smX3bHGkhJVmXBQr7jzGQSVjwg=="}
02103{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9737,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289716,"pkt_ts_usec":197739,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/iC8vZWp0PgBgLj5kqAAABAQgKwrkp2WT0lXAXAwMEsx4aKrm07NhfEdRjo5cUOmgc3JMweTR6xE1lGKkfOVAF0ZyK1MrRFCWA7S+E1pWVhDzG9MZI7VKjAuCLwAa+KDcyxNKQ1AgH+evKvAGYv+2fqYVlwxJcrpTzTyXvmxBIRgq1McwOSWDhNVWqq5RfdfdXrDkjs+cUQvRsxSriGbPyjzyTfFUBgvKu5p0ZDhe95RMXKLDY7CNeuS8U0DdjQsP+jNS8HdNwn8Pcp\/ocVW7JF0yBJ7RL22inZ6bBYDL7wDFhBjp+LCeNLir9TB10TTZ0lb3p2qiK6gWTNOzJQU04GPgYEQ2YmKvzZXsoBO9PimCWgV9aZ342OsR+vppyiTVI+f+Lmr+QAcDqg61DISqw8iTDnjs6iU3edq6T\/UoZwssJeOxAXuZv7EoCf7J6+iF7TT0fwW1bgsKAc8cGAAsNjRf3Q7l711MXLBHMXx6Oyc0Q3Emaz8DGO4SR+A4T6AuSBo53dJlGyB54RKq6kdrFeVQxq6PkzU3kdhFGRZdoBoinJkrD\/MCgOodZsmj8VpoNih1W2Veyzv73i107VmHTcs6tKeGWSABaTAadKgj3QpGYQx9M4yQPycsDbPKQj0cuJfgj3JBCazY73h+5zheM6ItLFzaH53aESQT4HUF1k7gMi45lYk8REbopF9LTO4ZD30oT32Ja7SIJplnZPIZaeQRvZCZjvDp3tO966VFfSbgMAgMfvxCCZUWfJ0hLNmC4k7Uqd977piXRuQyb1aTDRDp\/wevM9exb4l96mWawAYo7BiEmkqhyhUmxgTgSY1hXmuVK793dbqxItPnvvipW85\/1lCY2fUzUEo1ATYmIVH\/Dc3\/H+AbBCY5OUpbTq4jeL59jjOBxI5R6nqkXwWqb\/NuCSo8jnzghBzsP3P\/iKxLw0QFWN5SXjwrI28Ywgb\/GCZerGdtHRbfpMg7bO7lUbm+PgUAk\/91aCe+tgyfkTfvpW8Av8dmQ8f8kPecroG5RtHxe\/B37rqG7OntX49IJyji6iJyZr3f9iNErSMo33tYAkEMlH3Iuy+2KIoZi5kHbr3lQI9xAygR2QH4GQxGp3QJcXzTF\/OsnA8XFIIpRQ6yDtaxh2nNK+ve1VZ8VLIOJjYym3Qrao95sYWZmhDzxsj7etPN3dNGkFUjikV5o7tJrCG3UE0UlgBI5z10c5bWpV1+Y6ar7ndHq3VhgHd4\/MZIjGNhdxHFMHESfp\/FWeyB5OvOAwP5SnRwHC94ua+KazdeoOZsUKHrZTO7h\/idmoQH2uTO6zRwVov0QC\/17SyPIlmqVFMp4Xf\/HYpDOt7elybzwyGLTjQgjnpQI\/9a9KQt+CD3kY50X3XBb7vQpD\/pwGJi0u93C+kPYb8c7SpY5AV6EspWyOXrPluD8vpRwWlzeeObi\/dojNBVMDHlPmWP\/ECgsYHKo9eLYuz0QWA9HP4d74JsaRbAHI1spabm9x2U1ONF8dIBQ7x+PGuIy9+Gy1d38HdYmDmdDieZtTqng\/4QahIxX8xxPV\/LxEqAr289Nd1BMQh5Yq1XyP0j8JMZoClugwHGxufh9ZttBu8IZ3ChRl8ctn1D1e5IJrGGplB4ULXL\/6U6zbrBjDhKuqrOxTA=="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605289717548,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605289717548,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14612,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":548570,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="}
00472{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14613,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":572004,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="}
00460{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14614,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":572182,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="}
01152{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":572787,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBgB+0DvAAABAQgKMYb1\/cK5LzoWAwECAAEAAfwDA800cC9OVh30oKukmv7TjuGOfIQsAXjOcIds0bgi09HFIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACHp6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApenoAAQAAHQAg3SQzsRLwlL1ZHWLzcJyUxb7R5EthsHkv9Gz6Dx5HIhsALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACysoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00851{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14615,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1605289717548,"flow_last_seen":1605289717572,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00459{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14616,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":599829,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBALMPCFAAABAQgKwrkvVjGG9f0="}
02101{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":605090,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBgLMF\/dAAABAQgKwrkvXDGG9f0WAwMAegIAAHYDA\/I4MxKv7esPzoTPboG3UkXi0nV9UkrFfhPuR+P2gBOmIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHEwEAAC4AMwAkAB0AINC6VJlJ3GLxoEjuLhUim09KnNJd7FcNknsdbAL9odUyACsAAgMEFAMDAAEBFwMDCeBSqWL\/CwU8c4uQYK2YL4I2CNJ+NMvCk2fKesWxjcuS2yvyx9w0T25emPWikMs+bALI4AhDR+z8A487df7VzSIZSLm1kYKKjYw+i3Dhr2SK9ddH4Cc43EgMP7K++Dqsis37\/iqwJpZ4IZCAu+0RmoBhgoSZU2zUUWvqLztLR41sdlBhTg\/ICBefNBdknr7DpOxBHgxXg+fwuDRoqJJGPp6pH\/JUyEEdAq1ljBtEFSWHGcuTEnPqv3AXI\/3T\/lNfHzNJ0fCWF6MnHa8Qb+4Ns1gMSFOwQEZ1o629WCXGELEUyGhK0cmY6m9UXlYIvJNjrdMOGx2hNMLfyQDaXrE1NKd2F0RlLzi0wDvbSERfael3xChw6UNpG+P+cuOONephlfgZ8DZ205Gb2FBigoQ2zCFLmBixdA1v4Il\/5ay+WjTQgS51Wkh1ABKMwpvG0eCz30gMvb1A96TB9Z6f4fm4NQKIgvu+4j0LGicaAva7n47T3rEMr6ASs8+pKZ65OBmRxgWNvidsDphoBBHLtPKffRixHBP1+9E\/Pu78s8llfDzrDZPlcqd2pDU194KigVSWBRWwGR7FAmEiyifCzG3fqlsmDYdvpZ0PqTx3IQ59TT4ZWf8gs6za+\/Pj13dbO2H73jJCTyTEbdnQSu6NL+d10gSczMahpfgL8UDRhagWV3AtmNbtF8Qfw1PDuCDyQ0vx2HXfy5Y7rlH8G44OKNndExFtKeBtdcNu2V2qpuw8lhtaXDK5Q96M0QPrp0P\/UsHR4VsF0JaPx90b9fm+yA7r9DSQG\/cNQnGiMxExOww\/qTQXBLT+KCQ5JDK9\/fwPeZ\/k7+UDQSZ67pgdqVdIxbExUX\/M77JHH6H2G2UGB9Yy6rpOC1sAmJDauDmhZWR5pe42XdNveTMLetXLeJfnNOWdiGWcqTpvHADsH1qG9vyknyZi\/6xHKD97Tkb3n1+lXkH0OLAZmqTotPZqLfEZOtmhg804zchBFWB6Dy1e0v5OTADZs8z6dM1SMwK23EttV2209CkyCDwwP8McM3ifyaB3XaxOhNaPUseg6eB9Dxxcfzb7oVO0VVhxCw8X5JPIxi8vldqbk+C0CCImNNlznzbU5zmRa84PI\/lzQnFu6vObUYN7FS5Hf5TNoyArK3L2dQy7Ua5K\/lbc+5+2RpSBLQHotd5UPSKf2CH9KfK\/I7b0BwhGjTokREFE\/Cik8C958ftT7Kk9xwj0bcWJthBpNW8KsxE3P2ACMqXvGJ6SEusjvOmmT+1B4YTWx7vxz1pb6Z7eimemzYxppwzfFoNSESNzBXqjMiWFv3cDfE09g7U0tOECnAp\/ydNfsoS0ZxEI+gXFIZFMO8HQjzFl5xVQKr6PCkn8oNmJVHKuEnhXFu3U1Uw8DrIdiKDg\/MzwY4FX+284sizn63dFLIV7BCVKEDHttQ=="}
-00881{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14617,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1605289717548,"flow_last_seen":1605289717605,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"accounts.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02099{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14618,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":605092,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR9FHuz2pEgBgLMNV7AAABAQgKwrkvXDGG9f2KGEnWFX\/fb5ERNscdU+CA8ZwYa1UuXrEFIwM8wmiHsWcEPYeoimiCYJNKr\/OwZ19JOQQ\/A8cu2kTcAo43fKLUNKUKXYXjXEaHWTpBvhchXb9WhjoJxUUP4+tR1kT1VHE4lWXjIHQtzswVwV6++5klLrjcOMRnT7H2sr8r7GItC4HpkBFd6EHxY4SKZy9kaYPgiyyPWkKzq4z\/ObdLl8VaV0a8ChbGmgILW4HXwly6Qu3u8SggY2n0r1Zt2VlxnzCbIIY1wQpADQBMOpfAMKjmpOg2Th7ndHNf8qj8mNJsq8Xbm0XJG+QbHfNfyro4r0DHtTrHXa5eOeV7tnxnBhAaRy4clhDmqceds8hrgnM3qaU1dZx1lJnherBjWYhkCNPojRyCxR\/N8Jkm7uYEHdLNIeJjoWZRAfPCTnrLsy6JMlSmHsNhDQvDbbGrZbafApVWXXFchAUY4rr03l9nXo0L6XwwXBSKlK81Z5MXNHe512xDpc7Gte7whuEUOCSlb\/JWcXxX7qHn1OGLWcJP+gMxF2HTh59\/TbOC\/exOy0lpP66YlYIryjBePG2q7eIYBDJNOTDZkKd+1YSe0QqbQxgAtU9mDa79\/AIgoyI4Y\/+8y1IHeIedGlV4GGD9SFjmOOrr3gyIAb0dt9NG8ejD6PLuYcn+5obgFSBZcXvfgZEon3gEqfzlNlDqD5ZlCGwog+8bpyajFN1CugPYQDdep5hH1oSgvnT7hxvWpXwldijwTlwM+th6imXQIMQp1MO9iXZVoJu84loL0DbQOiQ1jqmO34yuYrecqr6DmyH97W5g\/Y9Y+H2eY4af2bBiYvaG81xCwjvynaJYtvNDPF5I1tCt5qea22J8ZLA3RsIlBYpDkA4dgErTwSUEg5xBKrb6sUTRtOxKitfhvfbDhcibeWLOIGoOi6aw2oY\/cfpjpA4fkHZdI4kJJOPPfZ\/\/DU+sOsLwH0+V+s46kVVB5gh0PH4BnAjIOupKeofDO23Rrtx75ZuqCJDLwKCdA4kQmzXL9lOZkEJNlCduZuxU9To30NgZRtHw9SxE1QSB54QFQLURAzA3UsAk8o2VjwLurmfmQZRvom0yT0s9QUPo2THFcAmd0oHHQCh6+TdsERhDORXnEp4TggVLBMguvJ1h5hVMsw\/635lsJQ2QdsgqtbhNbsgCIb5frOwouMEttpCHIqS+rVUWuYdUwHfjqleiraCHHzjPV4ixYGw2YR\/Z2\/8NozR8bfcY8hioD4q0X\/\/42NYqOhaUoSDXPz7ZlSSeA+6vP7NQFtql2mfo5DHqcTqIZPtNO+WA3NHRzsP1P7bG3wbWtt1y44zHDRLPwjLHsvff12wY4jc\/mE6w2sjA+my8quOI7bZdMxpZdlyChknfsjrYQvAfg40mw6\/ftGsfwvKwLouJ6Xe81LZEll2lswt95FyCWwa3e1DKbYQdrfIEkkYKLvxiJ9B5GHXNxqCS7IJqgW2XXgLlleADLo838jlWB6tdh0jNu\/qFdPuxsZfccCdH7aErcgW0OfY2aZa+WMhVaopoekBQ1c6DYxYG8cuoFf8lokwizw7cS0I0b1P4TBqQoaQQ8E1Gixt5CxbCYp+UFbrLYvZQfzoTaQ=="}
00802{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14619,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":605092,"pkt_caplen":336,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":336,"pkt_l4_len":282,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAARoGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR+Qnuz2pEgBgLMAQBAAABAQgKwrkvXDGG9f3rIB3eEKckLMvhY+GHUrI4sgmYD2Q+RodpdU+tNu9cwZYPRbhe4Bo2\/\/GYoNVg3ly1baRJdl2Vvs9Doq42cHc\/8hoDo\/7SFtuF7sah5e6xixjx4DdyEg2gb\/7sy8LyQwSnZC9\/butLHfcwqTwmcWUHhMjxyHdMu7lIzUwhmNSfjPmPcgZHRLvcDK4rguu3vJK2USqOFct5VVXw4ID+DDTCPoZggX8SWMHiS+IiDB\/GcIAUvpxP1Ven4f5IAweDqYWFGkaxgsrAMoR98Z+LHy+3wiD1v5JiB4oXAZjIeshEUJfzycqdK\/reau+RJkE9Wem2bZIt4qmIkZb4"}
00458{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14620,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":605122,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PakSL0fRRgBAB9fThAAABAQgKMYb2HsK5L1w="}
@@ -345,67 +345,67 @@
00588{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14624,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":608539,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaoSL0foDgBgB9UcHAAABAQgKMYb2IcK5L1wXAwMAV1WIaxghzxNYBkinkrknNbKyqJQUkpxk8lmnVdxr3E4WPSq3kbgrnUA8kdcN4iUgJ65YPDDZTmsAOAuLiPA0PjBQnII8W2p\/JHT2ER73JU\/mYR22sxy4FA=="}
00807{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14625,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":608698,"pkt_caplen":341,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":341,"pkt_l4_len":287,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAR8GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PauCL0foDgBgB9fDhAAABAQgKMYb2IcK5L1wXAwMA+iPXjhZgajtg6cR4ETNhplUt2+GyGWg1BhCAKH1zP2l\/ig81VnxAABGuRHflraOatzn50zVQcLJTAajeJ6jjQdgcm+cqP4EQN3UvhPM9tZ\/TXAHZwXJL0e\/zSbsjtAFjx3OS9QjJq7l1Egg1FDsqOzu+Rf1DF+UXwPpsbze3Wqe6wNdslSGWjK+lbgQ7JcmLxJKMj\/B6djIMPCo1GVw4NL9EL6eBLXfQybYV3h6x61WOJkXLxv1ssahTxgsua420mJ3K3BczgLcWcgh1WjAsLGC9JditEI2nj1USFubnFD91QRGUF\/DEICuynGGgLV02MPpg9EdKjkbaRNY="}
00461{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14626,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289717,"pkt_ts_usec":648060,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR+gPuz2qEgBALOOV\/AAABAQgKwrkvhjGG9iE="}
-00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605289718346,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605289718346,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14833,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":346936,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14834,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":347032,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAqmhACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyRABu5dQgwPxqZaUgBAHqUTfAAABAQgKOIhalcK4e5A="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14835,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":347050,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA2s5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1CQBu69kJZnLb6S2gBAFvhEdAAABAQgKcHSqtcK4e5A="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605289718347,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14836,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":347065,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAtTRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACAK3yoBu80FVZetwjn1gBAB9Q24AAABAQgKVxL7HMK4e4A="}
00459{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14837,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":372054,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbvebDafCFNTGykFgBALfUzsAAABAQgKwrkyWnReVSQ="}
00459{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14838,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":378827,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvfKq3COfXNBVWYgBALvWWfAAABAQgKwrkyYVcQ4ow="}
00459{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14839,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":378828,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJEPGplpSXUIMEgBALh6bdAAABAQgKwrkyYTiGPeg="}
00459{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14840,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289718,"pkt_ts_usec":378828,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUJMtvpLavZCWagBAL1W6tAAABAQgKwrkyYnBykDw="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605289720502,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605289720502,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14887,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289720,"pkt_ts_usec":502835,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDE+lACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgIBuwZ3AS1n9K5wgBAD7qJGAAABAQgK1mI428K4iuQ="}
00459{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14888,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289720,"pkt_ts_usec":592524,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWAmf0rnAGdwEugBAMdPzqAAABAQgKwrk63tZgJbc="}
-00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605289722442,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605289722442,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14889,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289722,"pkt_ts_usec":442860,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCa8jACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt0YBu4XaMRXguiMogBAB9ZuaAAABAQgKldeDu8K4iwE="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605289722610,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605289722610,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14890,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289722,"pkt_ts_usec":610839,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDvD\/ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElgYBu\/ADYY+SLdnAgBBf+pZ\/AAABAQgK1mJBF8K4kuY="}
00459{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14891,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289722,"pkt_ts_usec":621701,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3RuC6IyiF2jEWgBAM4PFAAAABAQgKwrlC85XVazg="}
00459{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14892,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289722,"pkt_ts_usec":642415,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWBpIt2cDwA2GQgBAQS035AAABAQgKwrlDCNZgKSs="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605289726574,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605289726574,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14986,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289726,"pkt_ts_usec":574867,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD7DqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyPYBuy7xct5PemhygBASWTvxAAABAQgKOIh6ucK4opo="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605289726582,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605289726582,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14987,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289726,"pkt_ts_usec":582828,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBy5HACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKukIBu0Ah3sUn+OyVgBAB9Rf+AAABAQgKqS9zVcK4oqI="}
00459{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14988,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289726,"pkt_ts_usec":621964,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvI9k96aHIu8XLfgBAL06eYAAABAQgKwrlSlDiGZZ4="}
00459{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14989,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289726,"pkt_ts_usec":637788,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6Qif47JVAId7GgBALvHMdAAABAQgKwrlSpKktXm0="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605289728586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605289728586,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14990,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289728,"pkt_ts_usec":586958,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDHlsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADvvoBu4vV8Grv31OMgBACdmBfAAABAQgK5dFc6cK4oqI="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605289728586,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605289728586,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14991,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289728,"pkt_ts_usec":586992,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCU2wACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnnABu1oBJQ4\/rrWNgBAQLrKDAAABAQgKyRWFssK4oqI="}
00460{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14992,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289728,"pkt_ts_usec":804207,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu++u\/fU4yL1fBrgBALkLtnAAABAQgKwrla3eXPQIw="}
00459{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14993,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289728,"pkt_ts_usec":804556,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbuecD+utY1aASUPgBAZXAuxAAABAQgKwrla48kTaxY="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605289732959,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605289732959,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15567,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289732,"pkt_ts_usec":959160,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7gAAAAAoAL9IOnRAAACBAWgBAIICtZiaYQAAAAAAQMDBw=="}
-00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605289732972,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605289732972,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15691,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289732,"pkt_ts_usec":972740,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HIoAAAAAoAL9IMybAAACBAWgBAIIClhuYDIAAAAAAQMDBw=="}
00469{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15845,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":5669,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhojTae5oBJXgL46AAACBAV4AQMDAwQCCArCuWtz1mJphA=="}
00456{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15850,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":5713,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBAB+0IeAAABAQgK1mJpssK5a3M="}
01151{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":6105,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNp7lBC2IbgBgB+9rPAAABAQgK1mJps8K5a3MWAwECAAEAAfwDA+FylCmx+RqDY+2Dyo1rIa8zFwFxgekrVpZ57dzQTQpcIGR5x9GwiLhejRSyDSJCULhaEPuWcuSSd\/4qtnhsMGhMACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGQAXAAAUYXNzZXRzLnBpbnRlcmVzdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIL6rS5lo+mbnIbk9M9oSvrL6u11X7ZgUutxoF0rBS5t\/AC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15854,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1605289732959,"flow_last_seen":1605289733006,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00471{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15960,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":19634,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="}
00458{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15964,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":19649,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="}
01152{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":19850,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBgB+1dmAAABAQgKWG5gYcK5a4MWAwECAAEAAfwDA\/e7AWI4IOqe24e3Dy8GtjgX\/HGd3ql+YvtlwSVKxHHMIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAHQAbAAAYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACB3ZVhMGdknHjr8mYsq4A0iDM3P9MVWSPmKERKJV0rOKQAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00856{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15967,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1605289732972,"flow_last_seen":1605289733019,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00458{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16175,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":55452,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBALMDa6AAABAQgKwrlrnNZiabM="}
02324{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":59043,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBgLMGlkAAABAQgKwrlrn9ZiabMWAwMAUgIAAE4DAyUVKksAv4\/lvuhMg6nHjBTV1ux41E306sErrlEDriFwAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRUAsAEUwAEUkADI4wggyKMIILcqADAgECAhAEIQzFo4YzQYum6ENydBKbMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDcxNjAwMDAwMFoXDTIxMDgwNDEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoTD1BpbnRlcmVzdCwgSW5jLjEYMBYGA1UEAwwPKi5waW50ZXJlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAympd0SK2ykpSjuxd34nlkvFt79NjfrXrAqDT6H12U3P3i5RnawC2sGpT\/6L8igmc\/3X18Sc5REbcl7J4nDi75dUMNjYCoDdmCdIylz1v26Y6l3nJdLoUK0cINwgIFCmAGRr7DkrCmqhyvOhxNvzAbzuylSkTgWtjPSRAjjN\/2bAkPY93298nb5tvOK190URc4dJHb\/5bPTOiylnGIQsqMvnw6scjIuGkVLK3DAPguvS5TJIlmKKXqtBe0m9S16b7mph7Txl1AdyMc2IUs6GwZe6AkN5YaDCarW+ZpawPrz0IIXFUfUFL4rsqojOND\/O6fhGo8uaOKRrRqD41672WawIDAQABo4IJIDCCCRwwHwYDVR0jBBgwFoAUUWj\/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFA2E0pErXPYSSEiu6j6AldQTTOO9MIIGSgYDVR0RBIIGQTCCBj2CDyoucGludGVyZXN0LmNvbYIMcGludGVyZXN0Lmlugg4qLnBpbnRlcmVzdC5jb4IMcGludGVyZXN0LmNvgg4qLnBpbnRlcmVzdC5wZYIMcGludGVyZXN0LnBlgg4qLnBpbnRlcmVzdC5iZYIMcGludGVyZXN0LmJlgg4qLnBpbnRlcmVzdC5pboIOKi5waW50ZXJlc3QucGiCDioucGludGVyZXN0LmVjggxwaW50ZXJlc3QucGiCDioucGludGVyZXN0LmNsggwqLnBpbmltZy5jb22CDioucGludGVyZXN0LmVzggxwaW50ZXJlc3QuZXOCDioucGludGVyZXN0Lm56ggxwaW50ZXJlc3QubnqCDHBpbnRlcmVzdC5lY4IMcGludGVyZXN0Lmh1ggxwaW50ZXJlc3QuY2GCDHBpbnRlcmVzdC5pZIIOKi5waW50ZXJlc3QubmyCDHBpbnRlcmVzdC5ubIIOKi5waW50ZXJlc3QudHeCDHBpbnRlcmVzdC50d4IOKi5waW50ZXJlc3QudGiCDHBpbnRlcmVzdC50aIIOKi5waW50ZXJlc3QuaWSCDioucGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC5odYIMcGludGVyZXN0LnZugg4qLnBpbnRlcmVzdC51a4IMcGludGVyZXN0LnVrgg4qLnBpbnRlcmVzdC5ydYIMcGludGVyZXN0LnJ1gg4qLnBpbnRlcmVzdC5pdIIMcGludGVyZXN0Lml0ggxwaW50ZXJlc3QuZnKCDHBpbnRlcmVzdC5jbA=="}
-00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00904{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16214,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1605289732959,"flow_last_seen":1605289733059,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02316{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16215,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":59043,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELZ4cjTam+gBgLMN+tAAABAQgKwrlrn9ZiabOCDioucGludGVyZXN0LmZygg4qLnBpbnRlcmVzdC5qcIIOKi5waW50ZXJlc3QuY2GCDXBpbnRlcmVzdC5jb22CBnBpbi5pdIIOKi5waW50ZXJlc3Quc2WCDioucGludGVyZXN0LnB0gg4qLnBpbnRlcmVzdC5teIIOKi5waW50ZXJlc3Qua3KCDioucGludGVyZXN0LmllghVwaW50ZXJlc3QuZW5naW5lZXJpbmeCDioucGludGVyZXN0LmRrgg4qLnBpbnRlcmVzdC5kZYIOKi5waW50ZXJlc3QuY2iCDioucGludGVyZXN0LmF0ghMqLnBpbnRlcmVzdG1haWwuY29tghcqLnBpbnRlcmVzdC5lbmdpbmVlcmluZ4IQKi5waW50ZXJlc3QuaW5mb4IOcGludGVyZXN0LmluZm+CCnBpbmltZy5jb22CEXBpbnRlcmVzdG1haWwuY29tggxwaW50ZXJlc3QuZGWCDHBpbnRlcmVzdC5ka4IMcGludGVyZXN0LmllggxwaW50ZXJlc3QuanCCDHBpbnRlcmVzdC5rcoIMcGludGVyZXN0Lm14ggxwaW50ZXJlc3QucHSCDHBpbnRlcmVzdC5zZYIMcGludGVyZXN0LmF0ggxwaW50ZXJlc3QuY2iCD3BpbnRlcmVzdC5jby5hdIISKi5waW50ZXJlc3QuY29tLnV5gg9waW50ZXJlc3QuY28ua3KCD3BpbnRlcmVzdC5jby51a4ISKi5waW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLmF1ghBwaW50ZXJlc3QuY29tLm14ghEqLnBpbnRlcmVzdC5jby5ueoIPcGludGVyZXN0LmNvLm56ghBwaW50ZXJlc3QuY29tLnBlghBwaW50ZXJlc3QuY29tLnV5ghEqLnBpbnRlcmVzdC5jby5pboIQcGludGVyZXN0LmNvbS5weYISKi5waW50ZXJlc3QuY29tLnB5ghBwaW50ZXJlc3QuY29tLmJvghIqLnBpbnRlcmVzdC5jb20uYm+CEHBpbnRlcmVzdC5jb20uZWOCEioucGludGVyZXN0LmNvbS5lY4IPcGludGVyZXN0LmNvLmlughIqLnBpbnRlcmVzdC5jb20ucGWCEioucGludGVyZXN0LmNvbS5teIIQcGludGVyZXN0LmNvbS52boISKi5waW50ZXJlc3QuY29tLnZughEqLnBpbnRlcmVzdC5jby51a4IRKi5waW50ZXJlc3QuY28ua3KCESoucGludGVyZXN0LmNvLmF0ghcqLnRlc3RpbmcucGludGVyZXN0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAg=="}
00457{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16218,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":59050,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqb5BC2eHgBAB9TpSAAABAQgK1mJp58K5a58="}
00457{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16219,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":59060,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqb5BC2zzgBAB8DTrAAABAQgK1mJp58K5a58="}
02332{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16229,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":60310,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELbPMjTam+gBgLMC1rAAABAQgKwrlrn9ZiabMwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABc1XlLKoAAAQDAEYwRAIgRaKv8aGxAlWYWbVHO27QuYaMVjkla1sqJ9KYUXrictoCIGZLCw9wt4OYbNbjf38Sd0HcVnjDAvQiSaQp0SpzApBKAHUAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzVeUs2gAABAMARjBEAiAuDr91sHLHbeq6ULmtTdDSNqnLoTLlcYe7\/kPCy2gn4QIgA+cib48hqVMfgDRA7rfZqbp5jNTNYzXGXOFA2AkCmT0wDQYJKoZIhvcNAQELBQADggEBABGiFYAkFnu8UzB05yYuu6ORpPiRus9re\/ZboVIXptvL0pkUrcvgfZi2w16yu5GxgOd3lO3AU5Kt\/ZpKFFCZxh9BN0EmZMVIOWL3InBaoMAPWM5FvBFhZR3ZzzTQgAomjhPGPc\/Ym2irB3KsHSFm9PXsfz\/uUho1KBgS5\/dxVaPUlW0FzOPQ352X1K5D48AsZ8gSLatYycUWqitEioqj+tbkxKSmohhxE9FIu2mZwKLfa5Jwerk4r+kkfHZWeU64M8ryNPfHAumKj4tuY9ExBO7Y4e2x3QcattWNF+nxQ0vhygeFbqK9scET+ozh8sLxcKZ6BJWetov0hn7Yza\/HLf0ABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovLw=="}
02027{"flow_id":35,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":60311,"pkt_caplen":1244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1244,"pkt_l4_len":1190,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABKYGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELcl8jTam+gBgLMCwPAAABAQgKwrlrn9ZiabN3d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMDcxMTQ0NTJaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQBCEMxaOGM0GLpuhDcnQSm4AAGA8yMDIwMTEwNzExNDQ1MlqgERgPMjAyMDExMTQxMDU5NTJaMA0GCSqGSIb3DQEBCwUAA4IBAQCImBufb295Au2ju2lBCnSUKecQwVg9gkN6+y60LAZnbHKZEtr+Lda+UXfoK+l1YxaCqc9JLrsr4yUrVuWDwRxH0toRCTmGGUR1HNlQU5BSRgxjgPVigRozTEGDyIG2vw3NYmRMnZjbfP1UrZzwnVZzj5IoQyLzbQpl32Lbbr\/bdDDEwFgQMUn5Amod0fxMXoc8DZjVCIsQLbr0ZulxdcJ15CaK\/qvh8pChLhnvH1n\/AwOhcIVlVBpT9V0l7u\/uP1rrFrxi8PCEFwKJscSV3vQwFCEg2HYfT4kSA5rWhfeVL8L7H9ouqSE+9QM1pVNOcBI21XL+i4YVwGNzOS8NUvBEFgMDASwMAAEoAwAdIBvo4IXnMESClBPBkpeIDsmAf6cIcsXcbDqb0qa7UDR4CAQBAIgt2m8ZIO8W\/A+1pUtKFDcCxG3GZoIT370SqWb3YXDiBIN4XzhNFN6u6GgyWB\/n6yWtk2gZfYIXuc7jqb5pwViO93A7ELj1dhOnR\/Iw4qUfkhNqwDnllUbqEsKYa+brudlTRn9\/Ruepu3ZoUcts7cn3tdHwScP1TfuKHUHpJXKBjrEFsjJu+7rg+weLnHUMrNIk5tNBIprZJS4d+lzX2nWkzp35AKYoh7R5PUV2GdmYfnIcw+nEZTf2O43LhBAEtbv1pxOwXdQBGK6N5HpQn\/dhZO8eSgEwsh778H\/M0H7I0X3sfByTw7cznGWVGtM3lYJr5c9KEX\/Li+mY6olzzTQWAwMABA4AAAA="}
-02673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_tot_l4_data_len":6207,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":564,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
+02684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16230,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":11,"flow_first_seen":1605289732959,"flow_last_seen":1605289733060,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":530,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Pinterest","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"assets.pinterest.com","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}
00458{"flow_id":35,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16234,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":60332,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqb5BC3JfgBAB9S94AAABAQgK1mJp6cK5a58="}
00458{"flow_id":35,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16235,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":60335,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4ACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqb5BC3blgBAB8Sr2AAABAQgK1mJp6cK5a58="}
00586{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16265,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":62693,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AH0GQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqb5BC3blgBgB9RELAAABAQgK1mJp68K5a58WAwMAJRAAACEgaNang8FK8LSdyojqq4y5YGlQGQm\/5cxwIraPyaVriXQUAwMAAQEWAwMAKAAAAAAAAAAAdgfoh8okYLu+jzSq3JT4o3gSx7unHK4nzromGNrNgo0="}
00595{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16270,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":62959,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"qtsDr8lk5EKm5WPyht1gBE+4AIMGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAACElpIBuyNNqhtBC3blgBgB9embAAABAQgK1mJp68K5a58XAwMAXgAAAAAAAAABzSSRAhr6zN1XdBsxJuzM7OCTixqzxoOHEHgN1hvKuwiWkto2bbBMsRVIJPJEirmTRf8QBvD3g\/IQ2xHTw+hZ42+KacKOLmz\/pKM3kboYI7GDQImdOec="}
00459{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16374,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":131664,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBALMFy2AAABAQgKwrlrtVhuYGE="}
02096{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":177092,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBgLMN5WAAABAQgKwrlrvFhuYGEWAwMAegIAAHYDA5UI5gdLDNgpmwW5UBY3UuiT\/QjoPVLbYUAHAv78mNonIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4EwEAAC4AMwAkAB0AIBT8QXKcIfkxjiZrCMDl6nCPA9NCkgfIY9xLgT5ZUOwWACsAAgMEFAMDAAEBFwMDCsM5h0X\/nzMSCczNC0PiI3dPpqy72Uwh4UDMsCOwS9qqsPsDc3bD4zYkh1A+tFz3btUKdYkQupOAXRYbM2xF1LdOcDRF8JsDZlYIaXIJ8E5bFlJsnWCVejVFmKaXuIGER6LA0qt\/v2GPd5ezeyKXym45SsBlvb9kZfRyCN9udG2PU7YVPkY9TTPVHAE+auw18z7ZJkg3M\/DGXOqrikqt35TcEJM1vs+b2pS25DMZnpHeZqdEDqM5tT0pDLlP4TmfQJaU4AeeaL\/mifRtGmvCPibRTj\/Y4RrpYHx4XkZrFPTv6F53q4cc0AY4wh3HYJZqlqaPXsUvt4GwrLcx5CviR+jG8CmMkb9Mu5lGLsFQSXe4ednK+pKiEcWV9CgvQ+vrzOEGjUVwGVliIY8ZOsetkLIsdxSP+V6VL8DYK8nLpzuroP43bn1p0\/5BZtL216kpYY4Ev+eMHjhzRnsuzFjjOwVJ+TjwWHTxgjVcA5erfUHnZtb4tUPrnREt9fqLnQaqNk7+QoeOPwbZGGJUSrWqSG3w8ZTzou18WqXV3TOimt1BvxDB4SgOhKp2QPAQc2U120KMbsabc\/rXgGhdQ5dJkJiX6gShBZJdM4FTy8flUwBvInApxSjjycelOFsL7sjGFE5cCdMXVkF6AFSzZR\/flPGbsnjqMGUTL5tpfcpCxFEWLzLNPbEHsj1Y++EbilRlpakaU91RDAsBIUMHQZQmP0MF54kZcSaB+dLFxkfRR9jsBpKQZ+igCaQqgCsz++vQD2Rwtu1DFHT\/8q428YNeTI4T9EvFDyQj+EzO81UwHx6IWMmfHPh+G\/CZm4elpThmyrg5aE93WNFD11rc9yMJVECVGnAsq2KC7CfHDr6\/e2bea9CbRMdJBE6lWNaF51GXtlY5XIM6chYN5r2+xaNEnN8KxHMlYUHcX9XyQutL36LZIHPK\/vlWpyK5vAheoERQVyxUzINYHwLFvBbwOk8pqq0A3+bTmGt5ApdSayB+77gILcs5aX9QMR2FI77rMLRTAmEbBLE5ZNj5nO4O9Ro1\/XYQY4eH1xnbSdqEyLrS9mwitfpQmja38K+XotKgR8wnVlxAZh9WbhTJVCqovFAyyF1E2ADeoIT5vAWCmOoXgcPJySw5F+nybAI6Pw71t6WSrVMWvE3nZYyQgMYihC3XWaOzO47SC+\/\/YX1gwU3jBdrZjTX06hVQm+IXx8QlmUY0D\/1Q9QxxOKHHqEKcI97uhB4hvMZhiFNB\/F0aRhDMRVEWmlOjD+ejhTh17+KlRRK5WHbX9VxTQUtp2WAHNqgTWAK5wMMO+Z4VlZqCb\/Sp+icWdNBFpRLFMpnEwc9pVUTysgHDAH7heARAFp52s5CbRVB8OTQ7SCZYzIeO8Wbvz06UH57mD0x749JggTjRyRT++qI9CtyWxrgDrcRn10GHbQ=="}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16506,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1605289732972,"flow_last_seen":1605289733177,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google-analytics.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02104{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16507,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":177092,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG\/IwLvB6QgBgLMNoPAAABAQgKwrlrvFhuYGGcsACqGJ+Bdrd9CR5QBkLLBQDGPp\/4+peHMZ\/P7TH1K9JxIqL8JU8sxSUjrZsCyWxXGYladV+zA7FFQJx+QcqRoo\/vL3Vyi5h3BY\/xv5C+nshrtBA0fjWf5JhdZsTf+xoRwOWc5rzcqpoP3cKShvvN+eLSoAk8jI3de5\/fmjTNwqoO98dimz6fUNxAWmeFbSRhFwA2+nZVZIOv7\/APHyTx6W5ebbIyWMUdjsDB2Xd1BAjTyrqGbtMgX658KvDPZFPmLT78funYY7jRUwdSEDV65I7oSM2See3RCfx3Ph3v3jhvoUgVZ5Uzh3IClXbXiZGCxfGuk3iXU6puJ\/EaQWcrGHKgtH8rVLsYwGM7em4gF1mqELdm9pazZUkqzdJRD2W9D2m4kLK3mxThQtBlgicDiIwQKZMp3YqA\/9p6AoPZEJmWETLAQCeva3yND9lNiHnaXsb2IkjlweFjmk6dKzdH17zUfsbz2jb0HaqBnyzl1\/lR56PRG2qOzOBsCt34VLvZj2GtPzHFXZhrxLsKJdOLqOsUJu7b5MUzQsz+JeX5Lxlcz1\/xBuPevjzPF4rNXpXp92MRqqa\/X1DlPgwrS\/+LiLUfYr02sIq3KqJwd3aHfqgP6CaU0FZrysxjcoE4FJwxYN0pBGXLcdswo2I6rmOZUGcWi6X2fjQZglnmkwzRkwwqkWcFZeVxRNRTwCpKrfSZEsbeLmqDIihsL89YChpXvCJ0dJCJmG21yUJi7d1MLBUCDCMyhLRGdozXrLGQAFudDrKxG+h1WC9hQTmoTQY1wN\/r6IFcYi4iWBIMTGiNNuzz22kiouH6Kbh+2v3ReJagEX52xQif\/tBiECi97tMiUSIEHe5WCatTM2uzqXYIPJ4YaH9glgEXdUJ4sxinbgRy9eUONOk5+bWmeRrNDyh5eBaOrSRyD+Ts3blb76CvZGMVGBOJ824WnDIA0BPHH8LQT051pZWKVykT0yD7ZebrAErscH+RGkzuKe36izLiDli2X9cF08SFsRSZscY4BDP21jGPO2m3x+kkKZ\/8AOOWmxEI0uT9hgOtaOraBAqaH+VI2DfOmM8HTKKJNeOFJZXwnOL8g79wFCAUzqtk1TNCdB0bdqY4YeSILQY9JwcwUbrp2U5cK83a\/VO+be6OyZEf3QPdUVZ9ozjHjqbXbQH8qfs198z+xuXxxTkQ\/fFXvYoOg+7zm+V7SMxjJR\/S2FI14pCflRZJqaPvHqLBNedYK4jUxPRNWo0cvwcidX59yrlCVyRFcBppTvQtmtK6VgQAKppR\/SRLGyy7i+0Fw6rd1z71xsY5ojYjt0tMKZh4Kgz\/4kiZ2KsVcmCUy4LV0rpGXG7aAKFVqeTZqOcK1zKc7L9IcyudFA+FISPK\/PnK6lN6lZzNX53uPWwg4lvn8DfS+4xWZzzM180b7KIYJ6lytRxtmBgmC2WzQ\/i+dBTYzeQHzjaMky\/wqFzxW9\/cOLLnpI3T7GC5SF9OT7L0E6bJfJQhvA76e3hCkj+TiPh7WgHQwXNDYkNlmjLSYZLqdx0fQoV9fhO\/kn15e9Lpt5tb248UOnD6PniHSf+F09b\/9SP63jJOyv1N73tB+NapERQZHn4tXkUKBQ=="}
01108{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16508,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":177094,"pkt_caplen":563,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":563,"pkt_l4_len":509,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAf0GPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgHAUQLvB6QgBgLMLamAAABAQgKwrlrvFhuYGG\/A9I2mfDeFj3h4eNmPL0BEwBQ+nxge90jZWoGVSDgvg7lM1kQmdokZZi6iCShIfusyw1BxhMvV9HIkt4B0RIrcjC0\/JzaAl2pIQvcPr1b5H4m06myheBjuOqwQHdRQdPgG10VRJGhZL5bANYp\/mTpa2U\/Fm3W3DHsZ45iQVd6u6j\/HA7ZyFDzOqp2LSTe2l9Hp2KDRW5rGJ8ncOcqEe+O3mAJ6Ha+7ISVEtStIWOP7z+lbFm9QUhQxLnZ\/7lss6Zddz+Iwa4jGPGZpm+mlMU96AhLhT3rWPISkOUpY+ThVQJ5WTwxTu5lUNH2n1dwTrnuuVIORiS8clcCSkXGETpbBbMDUPGvkYGEcsxmzbAbQJsmXV22L3QC1925Rl0qydU98gUuCHTwpY+xMuAn3ZImCRBu6cZO\/Rxj7zLz5YfulV8xh4w5I9Y0IN+ObaZv6pVOO5ydL46sWHEYDCrEo+kg2M2zaSuS8BmYozb7HFVQuTLM5mTpNBDfS0+5mTD6lsctCRmnJwfSpQpQJrxKklO+faAbyVd3NaqxLzPMkQGuv46w+glNWBcRFfdRa7mbr2HobKGiscLlYajHDDHzGAoM3NXzZ3owXVM\/+MdpSPWb29vmKZ2uI3lA\/nE\/KL8="}
00460{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16510,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":177119,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HpBoBvyMgBAB9WCUAAABAQgKWG5g\/8K5a7w="}
@@ -415,77 +415,77 @@
00591{"flow_id":36,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16519,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":180338,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HtBoBwMhgBgB9YHrAAABAQgKWG5hAsK5a7wXAwMAV9Z0f\/aTIkJ\/8J9g6vFBI7bMcWLX+ScKw5ipxNKorRXzbm2lIJhhiKr1X0WW94xQUQ41grlgvgHY9RYV50x4Jd\/0HE1zd0yOV\/vwg+YZc9nl4K2npl2Cvw=="}
00820{"flow_id":36,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16549,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":183302,"pkt_caplen":351,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":351,"pkt_l4_len":297,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ASkGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HyxoBwMhgBgB9YFKAAABAQgKWG5hBcK5a7wXAwMBBE6c5eFodxV47c0sCu2TMFuLlXpjC3JpEKOiKXyV9XL3nd\/hGeW5lWO+C2cchhQxGq0n3DqgdNC1VPVVabt\/T2PxuK4JN+5pxPggU8ZMtAdU4SkkKMXk0I7gHOTbovaOvzpdtrD10TJfA1HT0nh5LU0wnCBSWO7WUh+XjMR57g7DvriR1GGimqCWehg93jLkGOViVXX8IEgCjWujKvYxn2Y9upJ9HsKLuLTeBI+Y5pwUDMRwI+bVFqhRrg3DnE\/iqcU\/FdD2\/N1McpvsGtpNOLuQRy1j7ghA3XTz36WxjuwGCEM4bOPBNhaqEN1MBRznFDQn7l1rRb2lxgUMey8pOU5t4vZc"}
00461{"flow_id":36,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16714,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":214754,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgHAyELvB7QgBALOE\/hAAABAQgKwrlsVVhuYQE="}
-00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605289733399,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605289733399,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17592,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":399863,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgkAAAAAoAL9IKzvAAACBAWgBAIICsW6TI0AAAAAAQMDBw=="}
00472{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17595,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":420828,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoioAcZYKoBJXgB0AAAACBAV4AQMDAwQCCArCuW0jxbpMjQ=="}
00458{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17596,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":420877,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBAB+6D8AAABAQgKxbpMosK5bSM="}
01150{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":421383,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxlgpjo6IrgBgB+675AAABAQgKxbpMo8K5bSMWAwECAAEAAfwDA7uZ92OCVBC1xHN5t0YDziRYjgNrfeva8SX+HQQ5ROpDIGM8p3TwGS60madRKYlLsuurfXOUOAhO6IRjgC5z9cQPACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGgAYAAAVanMtYWdlbnQubmV3cmVsaWMuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACDbqzY6q3LDK4eXjQESdTDrPCFqSpzdCjXjZG6IpYhacgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17597,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1605289733399,"flow_last_seen":1605289733421,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00460{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17599,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":457928,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoisAcZgPgBALMJWdAAABAQgKwrltR8W6TKM="}
01872{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":466833,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjoisAcZgPgBgLMK0VAAABAQgKwrltScW6TKMWAwMAUgIAAE4DA6S3cICMPT\/LNUFxi202HyoLHffP3c85cBW4hj+Z4kwOAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMRDwsAEQsAEQgADHMwggxvMIILV6ADAgECAgxFxaKT0\/Q2N6QtMHMwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0yMDEwMjMxMTAzMjVaFw0yMTA1MDcyMDI3NDlaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxGYXN0bHksIEluYy4xJDAiBgNVBAMMG2Y0LnNoYXJlZC5nbG9iYWwuZmFzdGx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+4JYeaTR45GyRgIKpEGpg3YcVM6xbm9k8NQ4ua3msLRgz9bSdOIf4rCA7CSP44obIa2KErxXNeJdqcwhYMRo2jAUvKoRaRLTVoTJjJLCDzm9rpCWu4c\/8JVH3JbHiGeHh2sbCg6i+szJnRjMrUgupW3cp3be9vl\/7W84aac\/JNAHwMnNL5lgx1E+s\/VEmbPaN95oCPnU37nEc5FdB8yPiB0bw0agEoecACN9d0t+LDySbXTPD6zPIvnXGYS9DcX2h5pgP\/1rx62FXRPb7rAAmUk6\/cNPvOIS4lwr+GqFCJZJ2bndhKnmqfUOL1f3zWy1oSFTC0StfMO8zIBnloUI0CAwEAAaOCCRkwggkVMA4GA1UdDwEB\/wQEAwIFoDCBigYIKwYBBQUHAQEEfjB8MEIGCCsGAQUFBzAChjZodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9jbG91ZHNzbHNoYTJnMy5jcnQwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9jbG91ZHNzbHNoYTJnMzBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADCCBqgGA1UdEQSCBp8wggabghtmNC5zaGFyZWQuZ2xvYmFsLmZhc3RseS5uZXSCCyouNTAwcHguY29tggsqLjUwMHB4Lm5ldIILKi41MDBweC5vcmeCFyouYWNjZXB0YW5jZS5oYWJp"}
-00877{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17600,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1605289733399,"flow_last_seen":1605289733466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01862{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17601,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":466834,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjpkMAcZgPgBgLMGR7AAABAQgKwrltScW6TKN0YXQuc2iCEiouYXBpLnN3aWZ0eXBlLmNvbYILKi5hcnQxOS5jb22CCyouYnJhdmUuY29tggkqLmNoZWYuY2+CCSouY2hlZi5pb4INKi5jb29rcGFkLmNvbYIPKi5ldmJzdGF0aWMuY29tghAqLmV2ZW50YnJpdGUuY29tghUqLmV4cGVyaWVuY2Vwb2ludC5jb22CESouZnMucGFzdGJvb2suY29tghEqLmZzLnF1cGxvYWRzLmNvbYILKi5mdGNkbi5uZXSCCSouZnViby50doINKi5nZXRjaGVmLmNvbYIRKi5naXRoYXNoLmZ1Ym8udHaCDCouaGFiaXRhdC5zaIILKi5pbnNwZWMuaW+CCyouaXNzdXUuY29tggkqLmlzdS5wdWKCFyouamltZG8tZGV2LXN0YWdpbmcuY29tghoqLmppbWRvLXN0YWJsZS1zdGFnaW5nLmNvbYILKi5sdWx1cy5jb22CFCoubWFuc2lvbi1tYXJrZXQuY29tgg0qLm1hcmZlZWwuY29tggwqLm1hc3NyZWwuaW+CCioubWVldHUucHOCDCoubWVldHVwLmNvbYISKi5tZWV0dXBzdGF0aWMuY29tgg4qLm5ld3JlbGljLmNvbYINKi5vcHNjb2RlLmNvbYIQKi5wZXJpbWV0ZXJ4Lm5ldIIaKi5wcm9kdWN0aW9uLmNkbi5hcnQxOS5jb22CEyouc3RhZ2luZy5hcnQxOS5jb22CFyouc3RhZ2luZy5jZG4uYXJ0MTkuY29tgg4qLnN3aWZ0eXBlLmNvbYIMKi50aXNzdXUuY29tghYqLnZpZGVvLmZyYW5rbHlpbmMuY29tgg0qLndpa2lob3cuY29tgg4qLndvcmxkbm93LmNvbYIJNTAwcHguY29tggk1MDBweC5uZXSCCTUwMHB4Lm9yZ4IMYTEuYXdpbjEuY29tghVhY2NlcHRhbmNlLmhhYml0YXQuc2iCEGFwaS5zd2lmdHlwZS5jb22CEGFwcC5iaXJjaGJveC5jb22CGGFwcC5zdGFnaW5nLmJpcmNoYm94LmNvbYIXYXBwLnN0YWdpbmcuYmlyY2hib3guZXOCCWFydDE5LmNvbYIJYnJhdmUuY29tghNjZG4tZi5hZHNtb2xvY28uY29tgg1jZG4uZXZidWMuY29tghBjZG4ucG9seWZpbGxzLmlvggdjaGVmLmNvggdjaGVmLmlvghVjb250ZW50LmdhbWVmdWVsLmluZm+CCWV2YnVjLmNvbYITZXhwZXJpZW5jZXBvaW50LmNvbYIQZmFzdC5hcHBjdWVzLmNvbYIPZmFzdC53aXN0aWEuY29tgg9mYXN0Lndpc3RpYS5uZXSCDmZhc3Qud2lzdGlhLnN0ggdmdWJvLnR2"}
00458{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17602,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":466859,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxmA9jo6ZDgBAB9ZqRAAABAQgKxbpM0MK5bUk="}
00458{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17603,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":466898,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxmA9jo6pbgBAB85Z7AAABAQgKxbpM0MK5bUk="}
01867{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17604,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468838,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjqlsAcZgPgBgLMKPDAAABAQgKwrltScW6TKOCC2dldGNoZWYuY29tgg9naXRoYXNoLmZ1Ym8udHaCCmhhYml0YXQuc2iCDmhiYnR2LjZwbGF5LmZyghFob3VzdG9udGV4YW5zLmNvbYIQaW5zaWdodC5hdHBpLmNvbYIJaW5zcGVjLmlvghVqaW1kby1kZXYtc3RhZ2luZy5jb22CGGppbWRvLXN0YWJsZS1zdGFnaW5nLmNvbYITbGluay5zZy5ib29raW5nLmNvbYISbWFuc2lvbi1tYXJrZXQuY29tghFtZWRpYS5idW5pdGVkLmNvbYIIbWVldHUucHOCCm1lZXR1cC5jb22CEG1lZXR1cHN0YXRpYy5jb22CF29uYWlyaGxzLm1hbGltYXJjZG4ubmV0ggtvcHNjb2RlLmNvbYIOcGVyaW1ldGVyeC5uZXSCG3BvbHlmaWxsLndlYnNlcnZpY2VzLmZ0LmNvbYIPcWEucG9seWZpbGxzLmlvggtyYWlkZXJzLmNvbYIQcy5zZy5ib29raW5nLmNvbYIRcy5zd2lmdHlwZWNkbi5jb22CE3N0YXRpYy5iaXJjaGJveC5jb22CDHN3aWZ0eXBlLmNvbYIQdml2ZXJlcGl1c2FuaS5pdIILd2lraWhvdy5jb22CCndpc3RpYS5jb22CDXd3dy5kd2luMi5jb22CFXd3dy5ob3VzdG9udGV4YW5zLmNvbYIPd3d3LnJhaWRlcnMuY29tghB3d3cud2FkYS1hbWEub3JnMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSpK4fhziRHOxu\/z4U3AlWdDZRY5jAdBgNVHQ4EFgQU0jcfnd8EK81lnYZ9cz3N3vRpV90wggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXVVILeWAAAEAwBIMEYCIQChhMvWfMfynyp4Bbr+4rxEVdVbpxEjNJpO7dfk+0jP1AIhAIOCfYeAG2NIRgr0Hsb7TJfTDK2ZGNrxT8wAl5D7n7IlAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1VSC6UAAABAMASDBGAiEA4zaXXaLOI5+L9T3ZcE0bV7qahN7hG6av+65XE+625mcCIQDAUfxSPQn69N\/i6yAiZ3FkILhpMdK3z6DsHAoG7GYIpzANBgkqhkiG9w0BAQsFAAOCAQEAopDgw41hPl1nTt5aObFDv\/iSMPLzFGQWYuHUT554uwkkSgCVmWdhMlaVbTaiTbjEx5Ou\/3WdOlOBbWUpUJVkOnnjV9yhiJB6P9bAJCiLMvXFYgAjuZU6LIyvgx+nnxDgMCJmgxHQagXLrHpDnymc"}
01876{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17605,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468840,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjrnMAcZgPgBgLMFgHAAABAQgKwrltScW6TKOd9PhAK2tdznyFLEeQZmf95xBlDlcghlLw3wTKaKqy0d\/fQPmCrco\/PgSPxFMm1GqCbKrVOWoLXMFWKJPbNszgQdWk+KNTh9Bjz6kuDpG\/gieDDvLlQLWsZL9x6zKdWFys\/0sXqrQGh49ubz4iYHmkIxua+TIhmppNdZPCaMPcx4FZK5GFNN+2zpJ5vbGUyHqmAASPMIIEizCCA3OgAwIBAgIORvCM288sVGbvMwHdXzQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNTA4MTkwMDAwMDBaFw0yNTA4MTkwMDAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS0wKwYDVQQDEyRHbG9iYWxTaWduIENsb3VkU1NMIENBIC0gU0hBMjU2IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjwHXhMpjl2a6EfI3oI19GlVtMoiVw15AEhYDJtfSKZU2Sy6XEQqC2eSUx7fGFIM0TUT1nrJdNaJszhlyzey2q33egYdH1PPua\/NPVlMrJHoAbkJDIrI32YBecMbjFYaLiblclCG8kmZnPlL\/Hi2uwH8oU+hibbBB8mSvaSmPlsk7C\/T4QC0j0dwsv8JZLOu69Nd6FjdoTDs4BxHHT03fFCKZgOSWnJ2lcg9FvdnjuxURbRb0pO+LGCQ+ivivc41zaWm+O58kHa36hwFOVgongeFxyqGy+Z2ur5zPZh\/L4XCf09io7h+\/awkfav6zrJ2R7TFPrNOEvmyBNVBJrfSi9AgMBAAGjggFTMIIBTzAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFKkrh+HOJEc7G7\/PhTcCVZ0NlFjmMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC5jcmwwVgYDVR0gBE8wTTALBgkrBgEEAaAyARQwPgYGZ4EMAQICMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3"}
01873{"flow_id":37,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468841,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjsosAcZgPgBgLMFjYAAABAQgKwrltScW6TKMNAQELBQADggEBAKIdaYoKjsQUgyoqEk05J5BO8I2s0pZiRzZektH6xZO1NwdlKdL0U1BryfT+NPXduB36\/NwUrFaUJ5xCqgRNt+1Y2ZnSSeYgL9Ond7gqiRrvp8+GLdZT6QuTnE6r2UXupISF\/zTkDsC7pc5flYmFcKrBXezPK9PZg98DyoGnAjK3d2EQJU7ZdPPZeYK1JnC0UryPM9eKrhnQ\/JKtL7o8oEhYR179IFaVIMFyHatmmaTVeDdIG5+yTDdnev1C0tNWntMdjsQMaJa2R1EQ93vrFQlk9fnwYxYtPd8jQjqTY8yrr09XBsf+FFVizicRGeH0Qu0iMGs1GkoFgKRl38zLb9AWAwMGDxYABgsBAAYHMIIGAwoBAKCCBfwwggX4BgkrBgEFBQcwAQEEggXpMIIF5TCBnqIWBBQnN6sZ+rEF+sP3dIHQ5lzluT6oixgPMjAyMDExMTEwMDA3MDJaMHMwcTBFMAkGBSsOAwIaBQAEFBLq30bMCIA4c2C2WmkWAcwMteniBBSpK4fhziRHOxu\/z4U3AlWdDZRY5gIMRcWik9P0NjekLTBzgAAYDzIwMjAxMTExMDAwNzAyWqARGA8yMDIwMTExNTAwMDcwMlqhAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQACvM7doTFvMiUjx5TizkeeqQLvGfWJq7tTztQuAKWB0txlI0s1blrKdkuRGwB9sJ0L6QjRZ7k\/WKyA9XfPA7fmQsgxxdGTdLtaxhjbCy9eNlalFeuZKdfpTF4+edjYlEH994CXdlecf+mDR\/tj+GmNuRT1\/fsRRIgn+pl4FdMQ8fZNLdYZ1s7XaX9NZjdlNRViuTII7\/A\/Zqn2cyzxhc\/1zcEMIr0z6FA4v2COl8J2+8fXYZO2PWSjfqpMIYGgSykMRAC0pLef3bwABzSiyaY4e1PFAx4lnkc7ei8IVqfF90vksLZz1TeWs8C0z3qOOfjScFpZVQCOSB4QTmIToyVeoIIELDCCBCgwggQkMIIDDKADAgECAgwQF9wx7V3hFNRFqzswDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0yMDEwMjYwNjQ4MjJaFw0yMTAxMjYwNjQ4MjJaMH8xCzAJBgNVBAYTAlNHMRswGQYDVQQKExJHbG9iYWxTaWduIFB0ZSBMdGQxFTATBgNVBAUTDDIwMTkwNTE3MDA0NjE8MDoGA1UEAxMzR2xvYmFsU2lnbiBDbG91ZFNTTCBDQSAtIFNIQTI1NiAtIEczIE9DU1AgUmVzcG9u"}
-02741{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_tot_l4_data_len":6157,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":513,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}
+02752{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17606,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":12,"flow_first_seen":1605289733399,"flow_last_seen":1605289733468,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":5757,"flow_avg_l4_payload_len":479,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"js-agent.newrelic.com","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}
01876{"flow_id":37,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17607,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468842,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdlem4qAcsBIEmLB5kd7IUo3\/YpAbucsmOjtqMAcZgPgBgLMNtJAAABAQgKwrltScW6TKNkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqrKM7vX5KZ+\/+rPQprvfOSRYCynIjzc0wwUdQrsX5vbFbUH7xlLyYcP+uiMzprDU+gYHz51aDxDvCVEVQaNrioKCE65d+zQlPIrtplIEOQ7mVk\/a0DbrrNUtXMBAZMyJP9bSxZ4pyY7m6WG86zbbAwENvxFRn8FPIAe1qHhs4Uwgv+01lU60Xa+PwNFFm0rR9rj6ztkjCHCT5eQGpzjf5Iwooq0ViOGHeve23nozVi0qCgL4RdddFvz\/gVmZ4RDnvcm3+acranxNeaoH3NzK6SMSadamHJgqyLZA6h42zzIpeNJ3EoqDhOCLXgaV4jGQI9DExCqDkyi1ctR2f7HdvAgMBAAGjgccwgcQwHwYDVR0jBBgwFoAUqSuH4c4kRzsbv8+FNwJVnQ2UWOYwTAYDVR0gBEUwQzBBBgkrBgEEAaAyAV8wNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wDwYJKwYBBQUHMAEFBAIFADATBgNVHSUEDDAKBggrBgEFBQcDCTAdBgNVHQ4EFgQUJzerGfqxBfrD93SB0OZc5bk+qIswDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBYrdMQ3rHOvEDcQ\/YXiDSa+YOGH5vdKUsoY4dIE1OOsKbzkTcy0SQjXbu885v9FU639im6wjcM4r4y0z2dv0wThyQd5M+OxuNkGxxxhmSJ1YCialDCOmiBvCCoAUmHKEjw3+CTGTYjdqtssj0d6vdpfB9BEw0p8+z7luyF8J1rOpaXSYPNjtGC7wymh4Fnj6MdtE1fTVPtTOq6DBqTdOdoZ34DHXRegFj5kHqavxkjKlWlTUxM3LZHbU\/pcuo7+9HNYTVANftUq1\/UvXTvFjE1V70rzSeNFVbRUfmLx1ZmUCHo9YxvYDQpPBjDJGSORiX97b12+9Gq7cGOKQYlI+5pFgMDASwMAAEoAwAdIFr5lFggT4Gtqcf05p5j9TWlaPancoWOGslEZykcLaQ2CAQBAETQlqljPZX7dWO7khUxXHv2TUyQIn8IYE1JUm1vb\/hyjC40eW2xd4IabhxPxJUwVVfW6bFw7RefZ62QMZ0pEi6sqAMvEG\/DzJgOpszQRYkluTfh80t+IgfgGc2RP3ZQ8NIM0gLwAmHXxnBomUkv\/\/y\/05xqj51n0NmALxf9Cmg5UiGY90UDAPfDoVMDoqTt1I3J6bu0ZH\/wrSe2f6jdXKjWZ+PCZz+8TaVTlQi2l0q3pjzz5zSn7oK5NTVyq5jMRQy8y8RO+bClxOinaPbCR6v24JJWHzySDSmApU263+jK"}
00459{"flow_id":37,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17608,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468857,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxmA9jo65zgBAB9ZJfAAABAQgKxbpM0sK5bUk="}
00459{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17609,"source":"pinterest.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605289733,"pkt_ts_usec":468886,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBe6sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXpunLIBuwBxmA9jo7KLgBAB845JAAABAQgKxbpM0sK5bUk="}
-00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_tot_l4_data_len":9192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":224,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_tot_l4_data_len":53771,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2482,"flow_avg_l4_data_len":426,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_tot_l4_data_len":26817,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":439,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_tot_l4_data_len":20483,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":426,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_tot_l4_data_len":313269,"flow_min_l4_data_len":32,"flow_max_l4_data_len":31440,"flow_avg_l4_data_len":1398,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00556{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_tot_l4_data_len":33785,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":675,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_tot_l4_data_len":33785,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":675,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_tot_l4_data_len":69305,"flow_min_l4_data_len":32,"flow_max_l4_data_len":12452,"flow_avg_l4_data_len":976,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_tot_l4_data_len":20547303,"flow_min_l4_data_len":32,"flow_max_l4_data_len":65268,"flow_avg_l4_data_len":1608,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_tot_l4_data_len":6339,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":372,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_tot_l4_data_len":6359,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":353,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_tot_l4_data_len":6299,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_tot_l4_data_len":6299,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_tot_l4_data_len":6299,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_tot_l4_data_len":28658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":551,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_tot_l4_data_len":8134,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_tot_l4_data_len":1807508,"flow_min_l4_data_len":32,"flow_max_l4_data_len":16688,"flow_avg_l4_data_len":2237,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_tot_l4_data_len":136730,"flow_min_l4_data_len":32,"flow_max_l4_data_len":16944,"flow_avg_l4_data_len":1178,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_tot_l4_data_len":155615,"flow_min_l4_data_len":32,"flow_max_l4_data_len":12452,"flow_avg_l4_data_len":910,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_tot_l4_data_len":3761459,"flow_min_l4_data_len":32,"flow_max_l4_data_len":13656,"flow_avg_l4_data_len":1341,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_tot_l4_data_len":8379,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":253,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_tot_l4_data_len":42420,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":396,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00556{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1605289712203,"flow_last_seen":1605289712420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":41,"flow_first_seen":1605289714558,"flow_last_seen":1605289715083,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7864,"flow_avg_l4_payload_len":191,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":126,"flow_first_seen":1605289717548,"flow_last_seen":1605289731068,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2450,"flow_tot_l4_payload_len":49723,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":61,"flow_first_seen":1605289732972,"flow_last_seen":1605289733399,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":24849,"flow_avg_l4_payload_len":407,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":48,"flow_first_seen":1605289733399,"flow_last_seen":1605289733529,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":18931,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605289726574,"flow_last_seen":1605289726621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":224,"flow_first_seen":1605289715133,"flow_last_seen":1605289716126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31408,"flow_tot_l4_payload_len":306085,"flow_avg_l4_payload_len":1366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605289720502,"flow_last_seen":1605289720592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605289722610,"flow_last_seen":1605289722642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00567{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":50,"flow_first_seen":1605289716168,"flow_last_seen":1605289716373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":32185,"flow_avg_l4_payload_len":643,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605289726582,"flow_last_seen":1605289726637,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00555{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":71,"flow_first_seen":1605289715274,"flow_last_seen":1605289715612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":67017,"flow_avg_l4_payload_len":943,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605289718346,"flow_last_seen":1605289718372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12778,"flow_first_seen":1605289714142,"flow_last_seen":1605289717307,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65236,"flow_tot_l4_payload_len":20138391,"flow_avg_l4_payload_len":1576,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":17,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":343,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":18,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":324,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38516,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38518,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714258,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":15,"flow_first_seen":1605289714142,"flow_last_seen":1605289714259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5839,"flow_avg_l4_payload_len":389,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":52,"flow_first_seen":1605289732959,"flow_last_seen":1605289733342,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":26978,"flow_avg_l4_payload_len":518,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":55,"flow_first_seen":1605289715966,"flow_last_seen":1605289733391,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6358,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":808,"flow_first_seen":1605289714782,"flow_last_seen":1605289715303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16656,"flow_tot_l4_payload_len":1781636,"flow_avg_l4_payload_len":2204,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1605289714251,"flow_last_seen":1605289714288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":116,"flow_first_seen":1605289715221,"flow_last_seen":1605289715740,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":16912,"flow_tot_l4_payload_len":133002,"flow_avg_l4_payload_len":1146,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714281,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605289710318,"flow_last_seen":1605289710576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1605289714250,"flow_last_seen":1605289714288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":171,"flow_first_seen":1605289715782,"flow_last_seen":1605289724655,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12420,"flow_tot_l4_payload_len":150127,"flow_avg_l4_payload_len":877,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2804,"flow_first_seen":1605289713743,"flow_last_seen":1605289734948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13624,"flow_tot_l4_payload_len":3671715,"flow_avg_l4_payload_len":1309,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":33,"flow_first_seen":1605289714658,"flow_last_seen":1605289714873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":7307,"flow_avg_l4_payload_len":221,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":107,"flow_first_seen":1605289714590,"flow_last_seen":1605289716476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":38980,"flow_avg_l4_payload_len":364,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605289728586,"flow_last_seen":1605289728804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00132{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test"}
diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out
index c686f97cc..9042cd559 100644
--- a/test/results/pps.pcap.out
+++ b/test/results/pps.pcap.out
@@ -1,9 +1,9 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1467353136432,"flow_last_seen":0,"flow_tot_l4_data_len":1073,"flow_min_l4_data_len":1073,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":1073,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1467353136432,"flow_last_seen":0,"flow_min_l4_payload_len":1065,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":1065,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01837{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":432546,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"}
00442{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":432852,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="}
00442{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":433183,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1467353136433,"flow_last_seen":0,"flow_tot_l4_data_len":1073,"flow_min_l4_data_len":1073,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":1073,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1467353136433,"flow_last_seen":0,"flow_min_l4_payload_len":1065,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":1065,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01833{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":433806,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFAARFhzQAAHkR\/N92qw84wKhzCBWoWQkEMTBPOYRsSkpoOBAq7YtsWlpeHx21oCksw14HBAQEBCRZWVlZWVlZXWtIvRNzg+x4YJ6OEO8cltiLcOU8BOz\/urBW00craORvrtlivb6CNrRY6wslKl6quTFUFt7AGM+ySHcXQprs3YevxHx6dpyzN96qU\/NFfvSPJ1ibhEJZe\/DXaBAfekeRdaL1fVAdRwbo7mxW7o4yfI0kSrHcBJRK2rWpByUbz9zgyQRsecEcOdHhOIYrZXQhK3SDuIm9YHE92BDpyAk7TfQQRHDeuywqforN1BP4P8FtkNVti2Xmvz8udcrQ1H222Ai9FusLIM1l9mysgCoDgJ1KF3cRXhXI62aj831QAHL0arn64h2zt7ZgvDMkX2NI\/K2VZdDlCgVBJBkLQeUh\/MDBjKJGZZpCa3KVRqx4Xa9cAAAr2ggAAXQA8xUAAAAArwEhG1UQCoaDuFDsNEsMBMbCQJkQKjde12VVgJV5VJd4Lm6GAB0eT0UYDtBOpOtmqAu5SPssoZ3Tj0FsZmlIf2qQ6gEQkUpWg0ijhfMEiKeWKFLsGKuWFKKy4iAVX9zHo2p1yWHbzuEg3qtM\/Slt+6TJFX6VbTFI7lCvar9pm1041VDD2fmEcWb0ecxtHzLsL6jNObK4b6whqGMkcVm+ugFkifwxmdM+\/5RHFH1ZLdPb8xIAqKSee8XCmhk89E89r5UvUCbPrum2P\/j4y9Xw7P\/LW+YNW0ULDcRzT+11ZxKSsnKxmlswxGa49KMz+JpxwZMoSVmRi1tJZmRFxZGKSAueQpLEoXraMSkymtkEpaYnAL1YqLwVt1pJkW5XqID0a9NrV6lV0pmtlZYS6VKjhZQsIcqV9jdbENRQWEl55sPgn+fp6Wp8dWw9xWyctiIyaA+4bxDfpBXH5JL8kl10iL\/9+BD7H76gL\/9+BD7H76gODgDgAAABfwkADTQA8yAAAAAAJwEAAFAAAA0rIZ6oEsRPAJc\/r8gyT0cT6r\/cP2xKqSLFcmo\/7OrISYex9iq0bggDegyk0DHD6Js6veSSBf62sLe9PP3UrkhPUy9leR6yu0HDVXQWiw3h5U\/EcRq4dkh\/q2xCzSiHU0S7gqfrf0+7nc2x4giV2biJOURh8yEn4Ko\/lK9tZDsbGlYPi5J71CHPlkHRPEJddzRYBuPqxaeocr1FuE7HYJbP8o8P4K8tqTjgGVUHE5ElUIuOgB6lVv92Duxmid7zlOPu6UHIm06u4RQ+E6akDFaC+D1Uo7Iy2vfjxKUifIwG37oy\/LSFQpI8ExyEn5t8IhLZvc8HqtnsG+buShS1LgHgY+r1usa0nTh+HmwA7lN9uXnAa36QLLMoyfrn+MMZCGI3J2z\/+N4\/2yYDsBQqR7uuDMwe7eYvWvGwY4OUU7+G7dTt61MoeUMnQgllJEyWPXNjZfenM0IAAAAA"}
00440{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":434160,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzcAAIARAeHAqHMIdqsPOFkJFagALVmD2oCeu7uZyeHbHHqdq6urqq6n\/qGioqKiYh8fHx8fHx8b+wT7\/w=="}
00440{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":434393,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzcAAIARAeHAqHMIdqsPOFkJFagALVmD2oCeu7uZyeHbHHqdq6urqq6n\/qGioqKiYh8fHx8fHx8b+wT7\/w=="}
@@ -14,20 +14,20 @@
00441{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":438319,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzgAAIARgDTAqHMIAa0F4lkJWGwALRil2oCeu7uZyeHbHHqdq6urqq6n\/nh9fX19ucTExMTExMTAIN8g\/w=="}
00441{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":438321,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzkAAIARgDPAqHMIAa0F4lkJWGwALRB42oCeu7uZyeHbHHqdq6urqq6n\/nl8fHx8tMnJycnJycnNLdIt\/w=="}
00442{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":438882,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzoAAIARgDLAqHMIAa0F4lkJWGwALQz32oCeu7uZyeHbHHqdq6urqq6n\/nZzc3Nzv8LCwsLCwsLGBvkG\/w=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439181,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzsAAIARFPjAqHMIcioAnlkJHiQALSPV2oCeu7uZyeHbHHqdq6urqq6n\/pKXl5eXRzo6Ojo6Ojo+\/gH+\/w=="}
00442{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439320,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzwAAIARAdzAqHMIdqsPOFkJFagALR1S2oCeu7uZyeHbHHqdq6urqq6n\/p6dnZ2dSTQ0NDQ0NDQw8A\/w\/w=="}
00442{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439494,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzoAAIARgDLAqHMIAa0F4lkJWGwALQz32oCeu7uZyeHbHHqdq6urqq6n\/nZzc3Nzv8LCwsLCwsLGBvkG\/w=="}
01844{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439495,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnuQAAHkRY4QBrQXiwKhzCFhsWQkEMR2gZYQwFhY0ZEx2sdcwBgYCQ0EtdfTXOAaEgYGBgRFsbGxsbGxsaNNVQwFXnXvYZx6KQ6vRz0urvYx0JKBxNFIf7nVDceYYp58JzGcXjE781d\/I2AA\/BP8qUMtLWFSHLa9yT5HLBD0EDB1OjvlnCMAO6iREAWVJE9iiF8ySzksl8kxHAntluFaluV\/d7DbPKOoIAk40a\/Wo4SXWiKZDPN5kLYDMey7fWkDfwk\/eTfMzCjJ3csb\/QM17bxem4R72mucKb+n2o2CPBqrEY5cHmCFg2wv6e3HI7hXagwcPPs1UJgl6p5xWg7Tci8lk+xOpxPjissXXi2WGM9geJAwlv811TBT\/BprzIJ67s1qM2V++T4XpiaWTfJcYHXrxj6UMuLZjGamAfR88WTuNlw1oEnG3cWyzNp1hWnLcQcpp9IFaIOjK95Hxj36MrHtegRSQvD1H6TYqecYZP4NvgVZPUDfrjfqMf8AGzgDaOy8teBWlqkWd7HCOSUEN4qkseFu2ax05dqX7XqSy8\/QeEscejdlBVXlezGwdifsCp8mXxuaMPBPK\/UaYgewZ3cpq171m\/X6Tul7o+FNz5cAQbl6b2odCe6CU\/DBx7J6WHn\/bHMeFJkck1SRVU8xI99+Hlwqyetfwk+y5eNv\/J2\/0rfiWYW8tRYD\/LUB7Flr\/8xihE0EAc\/HPA7yeUm4Ykkwx9n2VTMW0jOktt\/T81eB8Xx5ZCqxK654I5PpFy9vdGRwYpG16GhrfEo8ZbGhtjGSVGTpRLb\/v2mKNj0Ed9u4yi7mpr\/Of3kUXdFO0BU+pTD8mGgtlkE3BfEUvurW7NSukA5hPdb+fFV88g9GbozUAaUILWSFd\/JOG2MZFbrVATw1BfOyAZcken0aBaXnzeXlEQmFD7ZYiNSNEqGKAT5j0FTEr6Y5Jm\/sYZ6unfX3kHxLQkXCwE\/QMaHwjvJy9dILJ8nrfjI8a9209+xB+HQFf37VWoVgLjG4yMnA9Q4rvEGUyT2gD54fytBTW5zwnnzwF2G\/8YSg75mnZJvkT1d4+5o+0OrSPHAM+e9ocu\/PrUP0s6UO\/ix0wLJ9j8hoSdHFQm8bcP31jJ31u365FeEiaKHecCud8jrFkYbTLctwATAktAVO1hOROy\/DLfxYsiDY1W6f\/bHom9rnQvkmftiBpUUNDSWApCJJPNlY22iudCO+9pmqHWjfEssLX9Dqzr7OlYJ5RXuGyZ7+YqGbIwe\/zO84a\/WcWzyskL0JXKBWIUHMSCOTeRfAJm68LJS0yR1s53q+QWyHi1y7A7rO41q8UNMBqhdA9wlRWU4PaydHcREMi1O+Pb5b+omkqrISTmz0YZaGBTDljdCiN4airKtvGv3tuWn3UieWt8iJmcwnmGOHqTIooKYLfJyh9yunImLRJFuACMkO7YpOdJYEAAAAA"}
00442{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439495,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzsAAIARFPjAqHMIcioAnlkJHiQALSPV2oCeu7uZyeHbHHqdq6urqq6n\/pKXl5eXRzo6Ojo6Ojo+\/gH+\/w=="}
00442{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439496,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzwAAIARAdzAqHMIdqsPOFkJFagALR1S2oCeu7uZyeHbHHqdq6urqq6n\/p6dnZ2dSTQ0NDQ0NDQw8A\/w\/w=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439640,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfz0AAIARHuzAqHMI3sWKDFkJGywALewn2oCeu7uZyeHbHHqdq6urqq6n\/szNzc3NFWhoaGhoaGhsrFOM\/w=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439813,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfz4AAIARtZ3AqHMIysYHWVkJPqcALR44JYBhRERmNh4k44ViVFRUVVFYARgYGBgYxLm5ubm5ubm9vb1dAA=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1467353136439,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":439974,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfz8AAIAR4f7AqHMIb\/k1xFkJfrsALR1E2oCeu7tQQPUjL7WiHx8fHhoTShYWFhYWfjIyMjIyMjI2Nso1\/w=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1467353136440,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1467353136440,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":440165,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf0AAAIARQDrAqHMI2+RrnFkJBOIALQK82oCeu7tQQPUjL7WiHx8fHhoTSt7f39\/fs\/\/\/\/\/\/\/\/\/\/7O8Q7\/w=="}
00445{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":440360,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf0EAAIARgCvAqHMIAa0F4lkJWGwALbP52oCeu7uZyeHbHHqdq6urqq6n\/ndycnJyku\/v7+\/v7+\/rK9Qr\/w=="}
00441{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":440579,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBfz0AAIARHuzAqHMI3sWKDFkJGywALewn2oCeu7uZyeHbHHqdq6urqq6n\/szNzc3NFWhoaGhoaGhsrFOM\/w=="}
@@ -60,7 +60,7 @@
00441{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":470387,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf08AAIARQCvAqHMI2+RrnFkJBOIALWFb2oCeu7tQQPUjL7WiHx8fHhoTSt\/e3t7eruLi4uLi4uLmJtkm\/w=="}
01843{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":482612,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFAARFhzcAAHkR\/Nx2qw84wKhzCBWoWQkEMbH\/2ISNq6uJ2fHLDGqNu7u\/\/vxUQcjNIr\/j4ODg4NyhoaGhoaGhpbfhzfA9CIzKvNEiYeV4uTGhG2E5m5QnsCOprbl\/Lsp9im2UHvMW+nr0uBvnESRwl+krl6pMksIQ5AytcWSDXm2YXk66Pz33lgjKqH63YZrOMH2mnVlPAEYVVvHroE4\/+kb1SJ+iO06ubLJNtS6LYO6zel444\/fQk0ZpNcfZc+SX36Wf+7BFvEjRgsu20d3c4P51Qf0KhFh4f\/vOstTzT6ZQrm+Xw8El8KLKGLsZO7ZBclUHz1+i0pFz7HaBe40FuTsmWyIrUIe9UE46EynzxTCwZEubMv68zvjkpitSMWK2+ng2A9giXceXuaSKP05tZi8pLHNJriuIQW12oO17a2QvKEvDqN+uY\/ubo1vaefUWB1hOA1k0hieuVt3KgzsBgKNrsEmtt0h1ey7W\/s7SGnpmvTPJb0DJ6\/H\/tTBQmss7+KIgxt4b5RcWSnRIzgxXatj7c9ImGyU3hVLaHJJvh1RPA6BoDTlcovRAempYJIPjaiIH2mjxq\/Md7Mb7j8rtLVlcCPO1g9rxBZfEkwr8MuxjpjBRYEgia3iLu1OgQPjL860Mt\/UOM8bbxkwEbuYiwHBkeZLHLdvxLIGrg\/I7HqtE6Py+7IHgv5HwwC5toMYgvlalnDCrKsTgZnSGOSQZhQdG8tcFUGbbOhtvokG2TazDN+IS9aXUUV1rh+8hMyxTAUZYspZblkB+UZyK5d\/LAPvzSHdlAr75p4wxH1UJnxZtkyZppn4KsCDboRcO9s\/VXKjA1NVRkPi2njlL6VvaH8QYKXUMrBPRga7XETmcuQ1d7177spcJ08wJwEUA7ZAE9IJyi5NCsvZrmGfbi\/3ez7\/sIxPPH8gmnDomhjvRHn1BTufeYeGTIgvQXjW+vwH2zQJXS1LrAX3V7SLmcPVG1Y41OoZdPEYn7xyycAIQCxCIG6NTf3kmxRNedYmZCfZSmWAdV3TlX+Tn+vnAZnon+ZjLjsHyWvgDywBqPMcdgHoud7syu31kVz8hS5oA4xO\/o0RXMBwxiLNb\/C5u1Bq+NjqaTEaZQ889KPv9Fle7H0XBxN8QPd9K+YEVN0Ni+VfCOYlJZngDWyX1czZHiXf1aJEZRTqm1q+fdrTP9k4dmG5k1c+nccqhhe5iVk+EmrSD1qAUUKgPFcwBmFhnQij9RywiqD9x5AzsmG6cWxJjrtItsJbVuENP5IJtj2WYJA8jLWrG0\/RRSQnSKrD5i67b0BsnTSpDfVQHoX\/VNaPYCu94QnNjkOg\/hAXXn+JLtc8RvYQNAvGVSXggBFmQlvMla\/ZfwP+kS4bRfp8D8N8hPsdh7Ahl9UvLSEYMFHafgtt2\/L3MS6xQ6JjMY2Sd+bU40RwOlhInzn\/3+tkfUzFL1sgAAAAA"}
00443{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":483091,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf1oAAIARAb7AqHMIdqsPOFkJFagALUG22oCeu7uZyeHbHHqdq6urqq6n\/p2enp6e3qCgoKCgoKCkZJtk\/w=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1467353136483,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1467353136483,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":483217,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABxCjnAxTF4M6gNlCABFAABJGboAAG4RkSi35LYswKhzCDZZWQkANUuZLYBpf39e0v7fca+OwsfHOTl\/IikLCQkWAAkJKytvb9HBysr2yjYJCAYGBiUA"}
00443{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":483217,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf1oAAIARAb7AqHMIdqsPOFkJFagALUG22oCeu7uZyeHbHHqdq6urqq6n\/p2enp6e3qCgoKCgoKCkZJtk\/w=="}
00449{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":483414,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"TF4M6gNlABxCjnAxCABFAABHf1sAAIARGYnAqHMIt+S2LFkJNlkAMzZRK4B+aGhJxenIZriZ1dfXqamg+fjwxMU1UFBQXFw8PHdzc3Nzc\/PMztbWAA=="}
@@ -72,7 +72,7 @@
01834{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":502118,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFKARFVcMAAGURgIvb5GucwKhzCATiWQkEMaUgy4SeuLhTQ\/YgLLahHBwYWVuQ5kkBty+goaGhoe2hoaGhoaGhpVtCDzcSFnRRQvOg2Cxt9NzQBAxveNk9pvrdff9azkfiMGP\/A3khjBffNjPR0BTt\/ejnHt+AtW9psN7TYASCH3fRXOFHakDxaXLu2AftrQYVLIozp33LEaV8ueI0edSknR\/BlFVLRXTRfZzRAZdXIHXxhKrUNatXZHckq1BQTgPIS0MbEDAJVHTbj6Ut27ugClZdjQMGSsINOasCPfkEBiXAULWvSTn5pRCpWWVuGU+jhCaul\/hDu6843OW6lEPrQkrZR+J6tv+Cj42S09V8WOJXm\/kUAsmkJtJMFRAB98Txt+Y\/2hxSNKcIcYTjdlgu9bAgcZQf2E3G5eGNf6aZ1RV9DM8tg2Bqqesbnqe3tWJJskWl4vAa8j7dr2ImN1+3LAG5bweOB9hBcF4V1eAzZ8HJnfKug70BGAYUEILMc1GrWdfqukQz0nHi7i2T0ciCYQbwI0tZ2xA0Axk3TWr86cHcsNXUUWrO7sshol+HeGx1j0dogz2mTf6ffVa+5Xcxt39KpZbKdNbqAYYKCuWTEmn5JGPFUB4kza21tIyFdRkuQXnCmsBDOrcY8lwyiqipAvCHUgcUQdqeXHE8UT9CHb42z4KZucJw40qeoVIGbrcUloJFx93ZzVq5TlSYDmjpAlSPUshc8eN\/v2YTlKNqkrrnmZGIcIBoF\/nWtR+t+vZdcsnOusYUlvDvaFeewPc0oHDgGXRpOv577Yl\/L49UAxqe0oYq3z0SoK0i6wN1krHCXx73evOSnwejQ7UTwZbUNz\/6bkjgZ65RCue6dUqhnelh9KzX3s9yeYvln35tx1aAuHXHBvkxTi6gPdhP56m1ya\/lmVZZGfMoL5n+j7Y8VUI3xbFdhcaBAEdAsBvFIFb9B48Mo+2zbymNPaI\/bf20djVYgxHOh850hb382H6h7cEKo7ugxmmNSZezUBeE81Sxc12dEzSH4OK3NcFS9OMdJZO8bqnkxxwXy8cM2dzX5Ya8YGHT+Wgu5Ptgf\/9jpIgOoOCKzrGz8FUfBAyqYRrLoWNq3aBiSmgrYapYwVVMXnnn8F+0\/0vjQjsFuTW\/0mD3nVyI8M5nbsOUIQWA9q2QDohwow4CHRLfuN0UP6CvbZ7oqxK41aPQSlWpkitRQKap3tKRTiIZqHbp7H7DHFADRUZyIsVmIYDh84sLy35q\/tjrqxuGd2FqAer3XsfE3i+Zrouwd7+0RYT5Akpaj6d\/9lGfLTGBXkZWqJF6lNarDZGSCqSRGJMzb88PW+DZlxlnoASoJfi0xCjvq6vAi68U\/b8PqUssurn7rGxnlryxgGmYfB10IjhKIHAFa6KRS\/T23jKI4skgmIg1zszMSAmayDZnHUF0UeZunPlx3uDZwJIAAAAA"}
00441{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":503195,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf2MAAIARQBfAqHMI2+RrnFkJBOIALV9e2oCeu7tQQPUjL7WiHx8fHhoTStzd3d3dqeXl5eXl5eXhId4h\/w=="}
00441{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":503493,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf2MAAIARQBfAqHMI2+RrnFkJBOIALV9e2oCeu7tQQPUjL7WiHx8fHhoTStzd3d3dqeXl5eXl5eXhId4h\/w=="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":53,"flow_first_seen":1467353136432,"flow_last_seen":1467353136508,"flow_tot_l4_data_len":20889,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":394,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":53,"flow_first_seen":1467353136432,"flow_last_seen":1467353136508,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":20465,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00442{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":548544,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf30AAIARHqzAqHMI3sWKDFkJGywALRrY2oCeu7uZyeHbHHqdq6urqq6n\/srLy8vLD3FxcXFxcXF19Qp1\/w=="}
00442{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":548611,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf30AAIARHqzAqHMI3sWKDFkJGywALRrY2oCeu7uZyeHbHHqdq6urqq6n\/srLy8vLD3FxcXFxcXF19Qp1\/w=="}
00442{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":549208,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf34AAIARP\/zAqHMI2+RrnFkJBOIALZy92oCeu7tQQPUjL7WiHx8fHhoTSt3c3NzcpOjo6Ojo6OjsbJNs\/w=="}
@@ -85,7 +85,7 @@
00442{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":572591,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf5EAAIARP+nAqHMI2+RrnFkJBOIALbL42oCeu7tQQPUjL7WiHx8fHhoTStLT09PTr+Pj4+Pj4+PnZ5hn\/w=="}
01829{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":613744,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFKARFVeIAAGURgGzb5GucwKhzCATiWQkEMSNu4YS0kpJ5adwKBpyLNjYyc3G6zGMrnQWUlZWVlc2BgYGBgYGBhQva8PMhqsuyUZDSGAHHEjuRtqJ10CTKCqLCyeSnMxwDmQ+XX2nbwqoTM+uj0Zkqef4L8+N1XodDcvMDsNE70U72wS38RQ1tjvAg8nATqAU\/diRtVReQa7FQD8i27vY1qlFmt7Jrb+nKBnLkcjFtbYlDyT9bZiQ8PzhG6OvimDHwAMR4OHSexIJQqATNmBRPtzqzQTiwu2k6f+bajQJEODJdBFe13l0GxMm0mQU44EWBLt\/6YiMMrOo5ldz9sb71K\/rRR9T0m2P01lCV4sgsARaDIceYTEsibRumLWebNXj8rNoPzKsk1jI+EpP3ZIyH1UPeR7SewTtbxbjJo11UJ1V8oeohPnLqStk88BQdOApdCI6Vz9YLKreasURvMVHcnHBK0rKxyQvUNiF8zphduz4IBLz9Kylr9VGp28PuJ+5lHabzXQSyhPHXwHKTq6LUgtNr2sKR3pLHU6DyUkxHa490hLvprAECe8th8Ksed\/31vZFciPKGhgwr9cATXdRzJOJruJ0ZqlnYW2ZOrwrksaibbEPGlGL9B9Mz9YylHHX+m9FUioq7yy9RB5H\/n6jRaFWQ0L6sQ1lNnuiFrA2sX8J33LXvALY9ajZ4qOcvtdDiFR6lJmvwWAHyreTC45t0A2bs94YYBrlOlttfIQBKFU0J5nORyV24K5Plfa5ciHO6B+QUZy6IvOFuPU3WvpoHymHTgleQKY8owjWfi7Ok+WXp11uChSqviMLW2oUgzJisfTKSLnIrL2S5zZfx3mQ5l1oWszT8OANxmiWujjOJzx+Jx15oUbPEz8vJJ3Bb7nov1xTTY9\/qtHUjuMNqH48rJMcENARWH01+bWk\/d122heDKPAhI0gQamW05R3A+cWOQYzTYOIjPPyCwMTbn9aJoC8qMTU6vw2Nf+XEWKEGiiofM5x1NRtGq8xyCB5lwSUJdPhueVTqveSJ2DtapDZHGpmUOm37JXjJFFIPKacTrUgV7oqC8l0gcRmJpbIVUmuObbBRErG3HsuejKQ8scGeAvWfIqO1pVKgSk3NEWS+EHgzx75B2Ptmw2sKqnFVaasXeD9lFf9tSbgDRK5yL5Pd0jNf\/2wqUOz\/3D1nzcfzmwynm2bc1ZPZjmECq9C9HwhMFxjfLrkll0KNJQfOT9UgFdReFoj\/6evwr0W+ygHKCThmmg2lDPEx6wucyocwN\/OlkW5b9v6PvvV9KUgI75oYUg7KJ1yr\/Jq3x5iwEP5+OcxK37suI9ixclNiHJgsZhNyiT4uW4m5469KW1CSKfIT3mIc4yV\/eEJggO\/H5qoXYdOnBY9rWYNTLSQ1A1ro3hDHoYsNHoTKJR+eo9yZh+0aoIxzIrboWhY+0nKfZ9MCT+iMAAAAA"}
00442{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":614160,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf6gAAIARP9LAqHMI2+RrnFkJBOIALWOr2oCeu7tQQPUjL7WiHx8fHhoTStPS0tLSUh4eHh4eHh4ammWa\/w=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1467353136616,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1467353136616,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00404{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":616772,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"}
00404{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":617070,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"TF4M6gNlABxCjnAxCABFAAAof6tAAIAGbhvAqHMIymwO7MUeAFC+iLxRSK1JylAQQRKO+AAA"}
01842{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":640432,"pkt_caplen":1109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1109,"pkt_l4_len":1075,"pkt":"ABxCjnAxTF4M6gNlCABFKARHPvMAAGwRBbvKxgdZwKhzCD6nWQkEM7bwtIThx8fltZ2nYAbh19fDgoHFsbOz05H7ys7Ozs7OUjMzMzMzMzM3d32QGgSgl3utg\/Lr9hRf++0ikCQTv4qzjqE0Vwx53Ozi5DZHrUJ0D9ld80WV2ev0tZtZRKXgAoVPxGV\/sVzgH4xC6HL79R7mq5iPtdzW66QMOgYGr3SE8p+G4rKdTYea586Ro7AY6bM28Jh0I5r5TVTI2fUcSzHV34y5S7zxuN9s2gdR+G2nAQ9di580b0fnOVMCMbQS0YymBcyPOk\/TMuDcu3jPoKDTMgO9S0s0IYLNh3NTzcMZuYatUE10g0vqD2WlKxR1edSPZQFM4WX\/I8oWPKSn5CmnWCJgNchgz7RCWXFcarMT+ited1xm8MkWOvZ2PeUCHfQ1MuOuLpD7j5mhw07uokSIlTUFQAnPCELFA5Psd1zbcuid+es8QtEP8h5Pg5ROnoUYgwG\/AmXnw02rh0T218tbI40AgvHe3fXoohnR3eOl8fPl6Tin6Gi3A066NBegsFeRPVSX+gHnt5FK1bZ00Z5WDtXOvCRcLb\/+iWvY\/Ph9J25OZG\/H6f9hZv6bNXwaaIuHTCkt2zE30xNgGrL5fP\/qsPXo4QVw4df\/AHUUWn7DNhotAyglmhZHHHx2D76uvfRLfpDX45nAOTU0aQzIlAkbjeL9MiunISwrfsUiGGi77jizTx7AZjJwIN9X0xB729dePDFW3iOjEJKi6wwqiXtgjp0Qn4ycT8aj3higqkAdmCf6viBeUxA4Ey0XJs8LeWlBWrWLGrAVX\/syUvSc0Qnt7hgTis34opRC9MgH7uPb+CPcACWQ4PyqMfFoB93v48Hj+r9dC9ONTO9C\/ktt3YfWgupPKQW8qdqTDsSYNY4LtVldBymEKQFgcafM+ACwgYLH3rkh38VWSezZwGc\/KyCgGlonrmjhRAudSNJrjk2I5hAwMjl3+Su91K1EqYBwzJUW5Alu89DYvHVV54Y1uiDfno+vg9g2pOTv9qD\/obGNrCOfIKiGoGknOiYUYI9eRr\/Qs1peKBmW\/7D5fFEEUzXzGE\/77OK829Wr420Sgnl\/\/9UHV4dxNEpg7Umuc4f16HFagvn7eaQRFd2LphIs7VvTz82qi7A\/OZJVG8fQa21CCaNp\/VwpaOYvMyyVi6a19f21I+oFHfTzAOIIV1wwifq0aAqUb5BxGVtvBKoejKKSwLl6F5F2DDKztCmxmzs\/WdQTTScN896khxt4jB6c6Mtj512hCjnKbeZFmlvfg6SdAKpUxQ3Gx6Yz3l9WLMoFQ3S6GdtYorTUz4zvLoxi+9EUFhpvg1ZrQIfeIXH93JJ0H9uwkye148Sa+dodTKDlcRbxOKd9fiM3Owhw5\/cz2k47y3guqZHbBfAcDjAReQ92\/933ihS1JB7je3wazbY+fsqer0ZQzO0QaggAAAA="}
@@ -96,36 +96,36 @@
00443{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":650995,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf8MAAIARHmbAqHMI3sWKDFkJGywALXoO3oCav7+dzeXfGH6Zr6+vrqqj+s3MzMzMBHt7e3t7e3t\/f4B\/+w=="}
00443{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":651112,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"TF4M6gNlABxCjnAxCABFAABBf8MAAIARHmbAqHMI3sWKDFkJGywALXoO3oCav7+dzeXfGH6Zr6+vrqqj+s3MzMzMBHt7e3t7e3t\/f4B\/+w=="}
01838{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":660483,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"pkt":"ABxCjnAxTF4M6gNlCABFKARFPvUAAGwRBbvKxgdZwKhzCD6nWQkEMcjs8YSkgoKg8NjiJUOkkpKGx8WB9emVHHN1dXV1dfWXl5eXl5eXk1vyd38WC0CHU2H3chZPalJQhIfCShBEGfhv0AOszk8xz4cb2U3O8vqyLE3NLsepCateu4swBJuqKrZKa86XJl7dtNfCDb8DEWMC6G2yZzeCe0zKtRCrYS\/aj9iUCJ\/R1DllVxTRKMY0XhhsD4S1R+LXTG8RMGmgPAUv9QuOJ4TekiiQqKfdz5TVY5XNlyy4h\/3ZHsoiWw9BkyrvdRXIWwAbsxWSO6\/zc8w3VBtQaep5j7WbomO3xft\/1Hk7BOH+502dy10QTqZc9WZbtp7RoobD0Mi24+qOnubQz148P1KkM5xDEfcIv2\/C6AW0pC0\/q0QwIuIz+yslZuA9QboX3PSW3x6NVgLnEed9lwqFDp4Of7ayqklDmjR4j47waRAnwaNCH7730mzfQ4fcUdtjy5ppCeRRqHfZ8nn39d8sscz8vZgSnNn43KZFIm8Pt72srNqOn32Qf6LS9CfY7sYltbfgN\/fGHeVg07oejOJOsRz7OMVg1gN\/fBA2rTpwG7VbE4s4DnTZGQGgzkV5qP1cXLHnTJJNc+q2wQqRqOYMG\/Ajzdx1DFNcNys4JXd7jh8YngOs5MpBMutBtdUao7aeeV44oz8W\/4XWF1Q2Nu+wSnnomRpQZnNvb1zzeS6AiRzDaLts7pv5l6VZqKZwCFkuV9o22FJBIj9FSKoxySnt0F+R1+L364c02AyHj9HmcctLPRKXETJlgZXS\/Xx5EQ2P6w7rs3BSY3bOKabZsmw42Dwt0+hsnPBBTnjXOPQgQuSJas3eMY8yS1akrqmaQx2DnYdRHTEoxs4SPkwRSXmgEX2\/\/Wqotu9wp\/uRhCeZunADMCXQ+6GJEgwL+aIXOtFVSJozo8BwdPQrp3tKzyGGD\/WU+jHNmt2qLOVCuXOieTLQk2YcdBR3YFqEvDO4RaGEvpJcsDV4cRlr6Ghierw3TmAXDtEeJ86TK+gNqBQFtwohJ6C0UsXI11+bAdiqqu8VmIjjq5NJQoXLCmm1ZoQxuNqrm+Xzcs47hmhhCnPeEew3MdSCgvtvax4\/jk3SaCJG1nCEymMb\/ALyRTCnPEGOWY0MURztieFtg7tiBeatgiVWPGEbDSrN6KNU7DSIXSB2zmBF3mpX0e6FMrj2Ty+VGWmWIeZunbDeu+Sk4dDYI\/iIZYx0a38alKwrFqri09KuScskILRXz3d2PLCzLgf+FiOaDVsn2fEL2Rvc6mydotTioBQt8yJz0ImtvZLz4Rgp\/E0Syf731kngdJ2i5gFt0etMSLj8DsXBRygN\/TZlo\/xzx\/Y3hnYC5JdBHDEpAkqenw8MN7qdDMc70lcyj9u7rGYlUwPPEHE77tHSE9VCDKkIxHUC1RCxStc\/k35h6oBc3JYgAAAA"}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":587,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1467353136439,"flow_last_seen":1467353136732,"flow_tot_l4_data_len":96799,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":587,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1467353136439,"flow_last_seen":1467353136732,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":94759,"flow_avg_l4_payload_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":757007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlKDc3Alz6CABFAAA0AHFAAEAGMi3AqAUPROn9hf5lAFBsGPTh5ZgTx4AREAFu8AAAAQEICiYbPvkrIgZe"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":116,"flow_max_l4_data_len":116,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":108,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00537{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833095,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"TF4M6gNlABxCjnAxCABFAACIADsAAIARBNXAqHMI2j0nZ1kJRXwAdM6LbABEsXEiUCg6x2bnNgAAAQADAAAAwKhzCAlZCtIsqwEGdAZ0b\/pmQpw8UwQ938xDXiteKyTtmkXcENwQJOknUZ5InkhvdWVRsieyJz3jqlgDTwNPynAfWaJVkHF5+IVd1THVMQGvgGhBFEEU"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833300,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0ADwAAIARiZ7AqHMI0iyrAVkJdAYAIJjSFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":767,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833392,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD0AAIARMI\/AqHMIb\/pmQlkJBFMAIK93FYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD4AAIAR\/KfAqHMIPd\/MQ1kJK14AIFSGFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00537{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833580,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"TF4M6gNlABxCjnAxCABFAACIADsAAIARBNXAqHMI2j0nZ1kJRXwAdM6LbABEsXEiUCg6x2bnNgAAAQADAAAAwKhzCAlZCtIsqwEGdAZ0b\/pmQpw8UwQ938xDXiteKyTtmkXcENwQJOknUZ5InkhvdWVRsieyJz3jqlgDTwNPynAfWaJVkHF5+IVd1THVMQGvgGhBFEEU"}
00421{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833581,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0ADwAAIARiZ7AqHMI0iyrAVkJdAYAIJjSFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00423{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD0AAIARMI\/AqHMIb\/pmQlkJBFMAIK93FYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00423{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD4AAIAR\/KfAqHMIPd\/MQ1kJK14AIFSGFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD8AAIARR5fAqHMIJO2aRVkJENwAILn4FYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":774,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1467353136833,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":833940,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEAAAIARuo7AqHMIJOknUVkJSJ4AIPUuFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":775,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834031,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEEAAIARMgHAqHMIb3VlUVkJJ7IAII2OFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834125,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEIAAIARHovAqHMIPeOqWFkJTwMAIFLIFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834211,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEMAAIARHPzAqHMIynAfWVkJcZAAIC6tFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":778,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":778,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834293,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEQAAIARB2\/AqHMIefiFXVkJMdUAIFjcFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":779,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834375,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEUAAIARhKzAqHMIAa+AaFkJFEEAIPOuFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEYAAIARZzDAqHMI3hrBd1kJG90AIM6XFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00421{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834565,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AD8AAIARR5fAqHMIJO2aRVkJENwAILn4FYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00421{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834570,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEAAAIARuo7AqHMIJOknUVkJSJ4AIPUuFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
@@ -135,17 +135,17 @@
00422{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEQAAIARB2\/AqHMIefiFXVkJMdUAIFjcFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00421{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEUAAIARhKzAqHMIAa+AaFkJFEEAIPOuFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00421{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834572,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEYAAIARZzDAqHMI3hrBd1kJG90AIM6XFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1467353136834,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":834770,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEcAAIARBe\/AqHMIciWOrVkJBDIAIIUCFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835008,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEgAAIAR3efAqHMI3hpKvlkJBA0AIF0hFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835111,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEkAAIARVC\/AqHMIc50+81kJcU4AIGYoFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835239,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEoAAIARS57AqHMI0izo81kJUjQAIHyyFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835334,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEsAAIARfKDAqHMIAamIdFkJRh8AIK3KFYBREhIwYEhytdM0AgICAwMKU5M7SEAN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1467353136835,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEwAAIARA\/rAqHMIcimQmVkJKPwAIFJIFYBREhIwYEhytdM0AgICAwMKU5M7SEAN"}
00422{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEcAAIARBe\/AqHMIciWOrVkJBDIAIIUCFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
00421{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":835528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AEgAAIAR3efAqHMI3hpKvlkJBA0AIF0hFYBREBAyYkpwt9E2AAAAAQEIUZE5SkIN"}
@@ -156,110 +156,110 @@
00594{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":836297,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE0AAIARfCLAqHMIAamIdFkJRh8AnAFgWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="}
00594{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":836509,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE0AAIARfCLAqHMIAamIdFkJRh8AnAFgWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="}
00594{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":836552,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE4AAIARA3zAqHMIcimQmVkJKPwAnKXdWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1467353136836,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1467353136836,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":836991,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"TF4M6gNlABxCjnAxCABFAABQAE8AAIARqA3AqHMItz2nUlkJRXwAPIb+NABEsXHrELXWDJoXvQAAAQACAAAAwKhzCAlZA9IvDBPKg8qD0i8MFMqDyoNyL1uBMFgwWA=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFAAAIARKHbAqHMI0i8ME1kJg8oAIH8VFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837248,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFEAAIARKHTAqHMI0i8MFFkJg8oAIH8UFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFIAAIAROQbAqHMIci9bgVkJWDAAILtBFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
00594{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837502,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"TF4M6gNlABxCjnAxCABFAACwAE4AAIARA3zAqHMIcimQmVkJKPwAnKXdWYAdDAwuflZsq80qHB0d4ujhuC\/oo6FIkiga8TBMVS4Tp83Nzc3NwMDDw8PDwsLC+Pj4+NjY2JiMjJDSXCwdWxzAmgFq3X\/9zU6MtBnZcQIKHhw9Oj4+NDQ0NDQ0ERAK8vLy8vDw8PDw8PPzJfVMtrYO1WWhbcXFCaFsiYlF7c3lANbQu6q159DFAFA7BwEAAAAAAA=="}
00461{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837503,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"TF4M6gNlABxCjnAxCABFAABQAE8AAIARqA3AqHMItz2nUlkJRXwAPIb+NABEsXHrELXWDJoXvQAAAQACAAAAwKhzCAlZA9IvDBPKg8qD0i8MFMqDyoNyL1uBMFgwWA=="}
00422{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFAAAIARKHbAqHMI0i8ME1kJg8oAIH8VFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
00422{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837503,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFEAAIARKHTAqHMI0i8MFFkJg8oAIH8UFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
00422{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"TF4M6gNlABxCjnAxCABFAAA0AFIAAIAROQbAqHMIci9bgVkJWDAAILtBFYBREBD7616IhB4JtLS0tbW85SWN\/vYN"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":814,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":814,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837566,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1467353136837,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00511{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":837852,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1467353136838,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1467353136838,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838051,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1467353136838,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1467353136838,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00512{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838171,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFYAAIARp8zAqHMItz2naFkJRXwAYEeGWABVcnEAAAAAyMXU\/wcAAAAAAAAAFADpSP+bPHc9KoW3YGEXtKMAAAAAAAAAAAYIAAANKAIBAAAACAAYAMCocwgJWRcAACUKAAAAAAAlActw35cdAAAAAA=="}
00452{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838372,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"TF4M6gNlABxCjnAxCABFAABJAFMAAIARkAbAqHMI3IKaF1kJjGUANbV3LYBpf3+UhDHn63Fm29raJCQtdHV9SUi43d3d0dGxsfr+\/v5V\/5XV18\/Pz6cA"}
00511{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838373,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFQAAIARBODAqHMI2j0nV1kJRXwAYC8EWABVcnEAAAAAx2bnNgcAAAAAAAAAFJfHSwLp2roy68F8GXs9tGoAAAAAGAAAAAYAAAANKAICAAAAAwAYAMCocwgJWRcAAAsKAAAAAAAlAfAI8dQdAAAAAA=="}
00512{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838373,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFUAAIARCQHAqHMId7yFtlkJRXwAYCbMWABVcnEAAAAA4pCy\/AcAAAAAAAAAFAQbslmKl2DoSDdZBZ9sSucAAAAAAAAAAAYIAAANKAICAAAADQAYAMCocwgJWRcAABIKAAAAAAAlAcgIZPMJAAAAAA=="}
00512{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353136,"pkt_ts_usec":838374,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"TF4M6gNlABxCjnAxCABFAAB0AFYAAIARp8zAqHMItz2naFkJRXwAYEeGWABVcnEAAAAAyMXU\/wcAAAAAAAAAFADpSP+bPHc9KoW3YGEXtKMAAAAAAAAAAAYIAAANKAIBAAAACAAYAMCocwgJWRcAACUKAAAAAAAlActw35cdAAAAAA=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1467353138757,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1467353138757,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353138,"pkt_ts_usec":757317,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUA1lAAIAGkOvAqHMIZePIC8UfAFBKp6EFWDmKmFAQ\/\/B9QgAAR0VUIC90cmFjazI\/YT0xJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxMzgmYz1hZTg3Y2IzY2ZkZjQ5NGFhNDhkYzYwODkwOWY2OTI1MCZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTg4NzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTI3NTU4JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPWFlYTU2YTgwOGZjOTJlZjM2MDUxOTEyMTk0OGUwZjI3JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU5MTI0JnZlPTEmdz0yLDMgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFRSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"}
-01259{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1467353138757,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01271{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":994,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1467353138757,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=1&as=1;2,3;4,5&b=1467353138&c=ae87cb3cfdf494aa48dc608909f69250&cv=5.2.15.2240&d=5000000858874&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000927558&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=aea56a808fc92ef360519121948e0f27&sv=4.10.004&u=1&up=&v=5000000859124&ve=1&w=2,3","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00662{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353138,"pkt_ts_usec":757540,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"TF4M6gNlABxCjnAxCABFAADjA1pAAIAGlRvAqHMIZePIC8UfAFBKp6XxWDmKmFAY\/\/B4OwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
00744{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353138,"pkt_ts_usec":794624,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkTcBAAC8Gm3Rl48gLwKhzCABQxR9YOYqYSqemrFAYSdTGUAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1467353138931,"flow_last_seen":0,"flow_tot_l4_data_len":673,"flow_min_l4_data_len":673,"flow_max_l4_data_len":673,"flow_avg_l4_data_len":673,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1467353138931,"flow_last_seen":0,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01281{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353138,"pkt_ts_usec":931591,"pkt_caplen":707,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":707,"pkt_l4_len":673,"pkt":"TF4M6gNlABxCjnAxCABFAAK1A3VAAIAG1W7AqHMIe31wMcUgAFAUdsqc+xrYh1AYQTe7PAAAR0VUIC9jbGs\/NTNlMjVlMzNlMDY0YzY1N2MwNmI1NThlNWMzYzMzZmQgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1467353138931,"flow_last_seen":0,"flow_tot_l4_data_len":673,"flow_min_l4_data_len":673,"flow_max_l4_data_len":673,"flow_avg_l4_data_len":673,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+00854{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1467353138931,"flow_last_seen":0,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":653,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":653,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/clk?53e25e33e064c657c06b558e5c3c33fd","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
01327{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":50485,"pkt_caplen":744,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":744,"pkt_l4_len":710,"pkt":"ABxCjnAxTF4M6gNlCABFAALaH2hAAC0GDFd7fXAxwKhzCABQxSD7GtiHFHbNKVAYADhuxwAASFRUUC8xLjEgMzAyIEZvdW5kDQpMb2NhdGlvbjogaHR0cHM6Ly95b3V0dS5iZS85b3ZjSndDN0FFYw0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLSUQ9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IFBhdGg9LzsgRG9tYWluPWhtLmJhaWR1LmNvbTsgRXhwaXJlcz1GcmksIDAxIEp1bCAyMDE2IDA2OjM1OjM4IEdNVA0KU2V0LUNvb2tpZTogSF9NS1RfQ0xLTE9HPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBQYXRoPS87IERvbWFpbj1obS5iYWlkdS5jb207IEV4cGlyZXM9RnJpLCAwMSBKdWwgMjAxNiAwNjozNTozOCBHTVQNClAzUDogQ1A9IkNVUmEgQURNYSBERVZhIFBTQW8gUFNEbyBPVVIgQlVTIFVOSSBQVVIgSU5UIERFTSBTVEEgUFJFIENPTSBOQVYgT1RDIE5PSSBEU1AgQ09SIg0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM4IEdNVA0KU2VydmVyOiBhcGFjaGUNCg0K"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1467353139305,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1467353139305,"flow_last_seen":0,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00712{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":305921,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"TF4M6gNlABxCjnAxCABFAAEKA4dAAIAGQVvAqHMIy0K2GMUiAFDWCs3i1IWCxVAYAQQdEwAAR0VUIC9vY3NwL01Fa3dSekJGTUVNd1FUQUpCZ1VyRGdNQ0dnVUFCQlR5NEdyNWhZb2RqWENiU1JramVxbTFHaWglMkJaQVFVU3QwR0ZodTg5bWkxZHZXQnRydGlHcnBhZ1M4Q0NFWXJGWGtxMnVneiBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1pY3Jvc29mdC1DcnlwdG9BUEkvNi4xDQpIb3N0OiBjbGllbnRzMS5nb29nbGUuY29tDQoNCg=="}
-00760{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1467353139305,"flow_last_seen":0,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":246,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":246,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
+00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1467353139305,"flow_last_seen":0,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":226,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"clients1.google.com","url":"clients1.google.com\/ocsp\/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih%2BZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCEYrFXkq2ugz","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
01423{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":309485,"pkt_caplen":813,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":813,"pkt_l4_len":779,"pkt":"ABxCjnAxTF4M6gNlCABFAAMfaWMAAD0GXGrLQrYYwKhzCABQxSLUhYLF1grOxFAYAO2vKAAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jc3AtcmVzcG9uc2UNCkRhdGU6IFR1ZSwgMjggSnVuIDIwMTYgMTc6MzQ6NDkgR01UDQpFeHBpcmVzOiBTYXQsIDAyIEp1bCAyMDE2IDE3OjM0OjQ5IEdNVA0KU2VydmVyOiBvY3NwX3Jlc3BvbmRlcg0KQ29udGVudC1MZW5ndGg6IDQ2Mw0KWC1YU1MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jaw0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpBZ2U6IDIxNzg0OQ0KQ2FjaGUtQ29udHJvbDogcHVibGljLCBtYXgtYWdlPTM0NTYwMA0KDQowggHLCgEAoIIBxDCCAcAGCSsGAQUFBzABAQSCAbEwggGtMIGWohYEFErdBhYbvPZotXb1gba7Yhq6WoEvGA8yMDE2MDYyODA3MDAxN1owazBpMEEwCQYFKw4DAhoFAAQU8uBq+YWKHY1wm0kZI3qptRoofmQEFErdBhYbvPZotXb1gba7Yhq6WoEvAghGKxV5KtroM4AAGA8yMDE2MDYyODA3MDAxN1qgERgPMjAxNjA3MDUwNzAwMTdaMA0GCSqGSIb3DQEBCwUAA4IBAQBKs877cfA5B2KGhwFSvIyUBYVxkUFjApJpIKog7zezUT4uRPAvbjktL\/Ds15nk8Y2Znhsf4SdVmf8GlloCQ6IXimfBklwRGn8\/72t77ZQLcabmXBFNBqyfqmRrW1O7lFh1alLxLnbN6PNKIPNv7dkTJVq4NRpJC1H3sykeA3XbH5EEaxhdvWFd1bsvybTiEgn7Bn5bpdXlExvoxRYuc7MLXQAUHRWSGKZpv+UniRokZRHgZy2GbGkQE8sf0PVCXrNjm4qsIXnQvqrF2J2xxFQ5x1wzU7J9l9Av+bPvuQI2mdLqvQskYq3tOxhJ6prFG9fcqt4lJS5E11mkG9tPXiAq"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1467353139505,"flow_last_seen":0,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":595,"flow_max_l4_data_len":595,"flow_avg_l4_data_len":595,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1467353139505,"flow_last_seen":0,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01177{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":505242,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":629,"pkt_l4_len":595,"pkt":"TF4M6gNlABxCjnAxCABFAAJnA5RAAIAG6ATAqHMIymwO28UjAFBUZatTb7o85VAYAQQGIwAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRzdGFydCZzdGFydHRtPTEwOTcmcmVzZXQ9MSZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMTkmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01021{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1467353139505,"flow_last_seen":0,"flow_tot_l4_data_len":595,"flow_min_l4_data_len":595,"flow_max_l4_data_len":595,"flow_avg_l4_data_len":595,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01033{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1467353139505,"flow_last_seen":0,"flow_min_l4_payload_len":575,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":575,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adstart&starttm=1097&reset=1&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353119&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00605{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":595550,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uuZAADMGf2DKbA7bwKhzCABQxSNvujzlVGWtklAYADcmHAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1467353139627,"flow_last_seen":0,"flow_tot_l4_data_len":539,"flow_min_l4_data_len":539,"flow_max_l4_data_len":539,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1467353139627,"flow_last_seen":0,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01101{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":627198,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"pkt":"TF4M6gNlABxCjnAxCABFAAIvA51AAIAG6DPAqHMIymwO28UlAFD7uSUWcC90rlAYAQQTNwAAR0VUIC9jb3JlP3Q9NSZhPTImcmE9MSZwZj0yMDEmcD0xMSZwMT0xMTQmcDI9MzAwMCZzZGt0cD0xJmMxPTMxJnI9NDc5NTMxMDAwJmFpZD0xODA5MzIzMDEmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9V2luZG93cyUyMDcmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxMzkmaXNsb2NhbD0wJmFzPTAzMTFjNWEwZDU1OTYwNjNkYjU5NDRiZDc2YjZjYmZmJnZlPWIxZjkwZjhkYTZmZTAyNThkMTM2MTZhODA3MGNiOTk3JnBlPSZ2ZnJtPSZjaGw9JmhjZG52PTEwLjAuMC4yOTMmdHBjZD0wJmlzZHJtPTEmaHQ9MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00965{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1467353139627,"flow_last_seen":0,"flow_tot_l4_data_len":539,"flow_min_l4_data_len":539,"flow_max_l4_data_len":539,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1467353139662,"flow_last_seen":0,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":390,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":390,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00977{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1003,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1467353139627,"flow_last_seen":0,"flow_min_l4_payload_len":519,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":519,"flow_avg_l4_payload_len":519,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=2&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353139&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1467353139662,"flow_last_seen":0,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00905{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":662190,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"pkt":"TF4M6gNlABxCjnAxCABFAAGaA59AAIAG6LXAqHMIymwO7MUmAFBtzkRVA7NFyFAYAQQzoQAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmYT0zNCZjdD1vbmNsaWNrJnR5cGU9cGMmYXM9JmNsdD1wY19wbGF5X3BsYXllcl9jbGljayZtdj01LjIuMTUuMjI0MCZwdT0mcm49MEZFMTcyRUM0NEM0NEI4NkFFRURFNTRBQTAwNTQxQzQ1NzQwNiZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9Mi4wLjEwMi4zMDE0NyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1467353139662,"flow_last_seen":0,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":390,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":390,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1004,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1467353139662,"flow_last_seen":0,"flow_min_l4_payload_len":370,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":370,"flow_avg_l4_payload_len":370,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&a=34&ct=onclick&type=pc&as=&clt=pc_play_player_click&mv=5.2.15.2240&pu=&rn=0FE172EC44C44B86AEEDE54AA00541C457406&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=2.0.102.30147","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
00598{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":771496,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0y0pAADMGbvDKbA7swKhzCABQxSYDs0XIbc5Fx1AYAB\/3XQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
00606{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":779501,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC58h9AADMGSCfKbA7bwKhzCABQxSVwL3Su+7knHVAYADbM\/QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1467353139819,"flow_last_seen":0,"flow_tot_l4_data_len":918,"flow_min_l4_data_len":918,"flow_max_l4_data_len":918,"flow_avg_l4_data_len":918,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1467353139819,"flow_last_seen":0,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01609{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":819305,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"pkt":"TF4M6gNlABxCjnAxCABFAAOqA7FAAIAG5pPAqHMIymwO7MUnAFCB65R9kZemalAYQTdERQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTg4NzR8fDUwMDAwMDA5Mjc1NTh8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD05MiZyaT0mcz0xNDY3MzUzMTM4MDQzJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01168{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1467353139819,"flow_last_seen":0,"flow_tot_l4_data_len":918,"flow_min_l4_data_len":918,"flow_max_l4_data_len":918,"flow_avg_l4_data_len":918,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01180{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1007,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1467353139819,"flow_last_seen":0,"flow_min_l4_payload_len":898,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":898,"flow_avg_l4_payload_len":898,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=1||71000001||5000000858874||5000000927558||roll&as=&av=4.10.004&b=180932301&c=31&ct=&d=2175&di=&dp=&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=&oi=&p=t&pp=&rc=-1&rd=92&ri=&s=1467353138043&sh=&sq=&sw=&t=s&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00606{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353139,"pkt_ts_usec":866496,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWZAADMGENDKbA7swKhzCABQxSeRl6ZqgeuX\/1AYACHEyQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1467353140628,"flow_last_seen":0,"flow_tot_l4_data_len":1066,"flow_min_l4_data_len":1066,"flow_max_l4_data_len":1066,"flow_avg_l4_data_len":1066,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1467353140628,"flow_last_seen":0,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01808{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":628897,"pkt_caplen":1100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1100,"pkt_l4_len":1066,"pkt":"TF4M6gNlABxCjnAxCABFAAQ+A+YAAIAGJdrAqHMIymwO3cUqAFDSWIZQbAIVvVAYKACmwAAAR0VUIC9iP2MxPTYmczE9MSZtYWNpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZjaGFubmVsaWQ9MDAwJm51PSZlPTEzNTI1Mjgmc2U9MTI1MzgxMSZyPTUwMDQ5NDYwMCZhZHVpZD1kMDdkZmQzMGYwZWU0ZTQ4YmJjYWYxMjA4Yzc1ODQ3MSZjdG09MTM3NTIxMSZwbGF5c291cmNlPTAwMTAwNDAwMCZ2aWQ9NTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEmYWxidW1pZD01MDA0OTQ2MDAmcmE9MiZ0ZD0yMjY1MiZzdWNjZXNzaW9uPTQmdHlwZT0xJnZmcm09My0wMDEwMDQwMDAtY19jb3JnaS0wJmJ1Y2tldD1jX2NvcmdpX21haW4mcmF0cD0xJnBsYXltb2RlPTEmaHU9LTEmaHQ9MCZhcD0wJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZ2ZT0xMzUyNTI4JnBmPTIwMSZwPTExJnAxPTExNCZwMj0xMDExJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9JnY9Mi4wLjEwMi4zMDE0NyZkZT1hMGVlNzdhNTYzODg5N2JlYmZkODU1NWIzMjcwYmVmNiZtdj01LjIuMTUuMjI0MCZrdj0xMC4wLjAuMjkzJnNvdXJjZTE9bWluaXBsYXllciZzb3VyY2UyPW1pbmlwbGF5ZXImc291cmNlMz0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUlZTUlOTklYTgmc291cmNlND0lZTUlYjAlOGYlZTYlOTIlYWQlZTYlOTQlYmUmcGxheV9zb3VyY2U9MSZvcHQ9MCZjbHQ9aG9tZWRsJnNjZW5lPTEmcm49MDAwMDAwMDE0NjczNTMxNDAgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMDsgQ0lCQTsgQWxleGEgVG9vbGJhcjsgWnVuZSA0LjcpDQpIb3N0OiBtc2cuaXFpeWkuY29tDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29va2llOiB0YnZlcj1hbHhpLTkuMzk7IGFpZD1kbWVrYzFhUEMzMDA4cA0KDQo="}
-01505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1467353140628,"flow_last_seen":0,"flow_tot_l4_data_len":1066,"flow_min_l4_data_len":1066,"flow_max_l4_data_len":1066,"flow_avg_l4_data_len":1066,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1467353140655,"flow_last_seen":0,"flow_tot_l4_data_len":907,"flow_min_l4_data_len":907,"flow_max_l4_data_len":907,"flow_avg_l4_data_len":907,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1009,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1467353140628,"flow_last_seen":0,"flow_min_l4_payload_len":1046,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1046,"flow_avg_l4_payload_len":1046,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?c1=6&s1=1&macid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&channelid=000&nu=&e=1352528&se=1253811&r=500494600&aduid=d07dfd30f0ee4e48bbcaf1208c758471&ctm=1375211&playsource=001004000&vid=562e26caed5695900212eb3259070f8a&albumid=500494600&ra=2&td=22652&succession=4&type=1&vfrm=3-001004000-c_corgi-0&bucket=c_corgi_main&ratp=1&playmode=1&hu=-1&ht=0&ap=0&t=201&ct=clt__pl_play&ve=1352528&pf=201&p=11&p1=114&p2=1011&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&v=2.0.102.30147&de=a0ee77a5638897bebfd8555b3270bef6&mv=5.2.15.2240&kv=10.0.0.293&source1=miniplayer&source2=miniplayer&source3=%e5%b0%8f%e6%92%ad%e6%94%be%e5%99%a8&source4=%e5%b0%8f%e6%92%ad%e6%94%be&play_source=1&opt=0&clt=homedl&scene=1&rn=00000001467353140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; CIBA; Alexa Toolbar; Zune 4.7)"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1467353140655,"flow_last_seen":0,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01593{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":655019,"pkt_caplen":941,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":941,"pkt_l4_len":907,"pkt":"TF4M6gNlABxCjnAxCABFAAOfA+lAAIAG5mbAqHMIymwO7MUrAFDgGmOz15qFMlAYQTe3tgAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjoxfDImYXY9NC4xMC4wMDQmYj0yMDQwNzY3MDEmYz02JmN0PTUwMDAwMDA5MjY3OTUmZD0xNTgmZGk9JmRwPTcxMDAwMDAxJmU9NTEyYWI3N2RlN2Y2N2Q0OWYyNGQzNTExNzc4MjIwZDAmZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPTUwMDAwMDA4NTYzNDQmb2k9JnA9YSZwcD0mcmM9JnJkPSZyaT0mcz0xNDY3MzUzMTM5MDU3JnNoPSZzcT0mc3c9JnQ9c3AmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NTAwNDk0NjAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01157{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1467353140655,"flow_last_seen":0,"flow_tot_l4_data_len":907,"flow_min_l4_data_len":907,"flow_max_l4_data_len":907,"flow_avg_l4_data_len":907,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01169{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1010,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1467353140655,"flow_last_seen":0,"flow_min_l4_payload_len":887,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":887,"flow_avg_l4_payload_len":887,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:2:1|2&av=4.10.004&b=204076701&c=6&ct=5000000926795&d=158&di=&dp=71000001&e=512ab77de7f67d49f24d3511778220d0&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000856344&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353139057&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=500494600&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00597{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":677489,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0b19AADMGyurKbA7dwKhzCABQxSpsAhW90liKZlAYABAfBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1467353140709,"flow_last_seen":0,"flow_tot_l4_data_len":910,"flow_min_l4_data_len":910,"flow_max_l4_data_len":910,"flow_avg_l4_data_len":910,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1467353140709,"flow_last_seen":0,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01598{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":709487,"pkt_caplen":944,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":944,"pkt_l4_len":910,"pkt":"TF4M6gNlABxCjnAxCABFAAOiA\/BAAIAG5m3AqHMIymwO28UpAFCvhj83b730NFAYAQRULwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0xMTcmdG0zMT0wJnRtMzI9NDcmdG0zMz03OCZ0bTM0PTEmdG00PTEzNyZ0bTQxPTAmdG00Mj0xNiZ0bTQzPTEyNSZ0bTQ0PTImdG01PTE2NSZ0bTUxPTAmdG01Mj0wJnRtNTM9MCZ0bTU0PTEwJnRtNj0mdG02Mj0wJnRtNjM9MCZ0bTc9MCZ0bTcxPTAmdG03Mj0wJnRtNzM9MCZ0bTg9MCZ0bTgxPTAmdG04Mj0wJnRtODM9MCZ0bTk9OTE2JnRtOTI9MTYmdG05Mz02MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZyYT0yJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01336{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1467353140709,"flow_last_seen":0,"flow_tot_l4_data_len":910,"flow_min_l4_data_len":910,"flow_max_l4_data_len":910,"flow_avg_l4_data_len":910,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01348{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1467353140709,"flow_last_seen":0,"flow_min_l4_payload_len":890,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":890,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=117&tm31=0&tm32=47&tm33=78&tm34=1&tm4=137&tm41=0&tm42=16&tm43=125&tm44=2&tm5=165&tm51=0&tm52=0&tm53=0&tm54=10&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=916&tm92=16&tm93=62&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=2&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00605{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":720033,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5F1lAADMGIt3KbA7swKhzCABQxSvXmoUy4BpnKlAYACB7oAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1467353140755,"flow_last_seen":0,"flow_tot_l4_data_len":622,"flow_min_l4_data_len":622,"flow_max_l4_data_len":622,"flow_avg_l4_data_len":622,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1467353140755,"flow_last_seen":0,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01216{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":755684,"pkt_caplen":656,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":656,"pkt_l4_len":622,"pkt":"TF4M6gNlABxCjnAxCABFAAKCA\/NAAIAGOsjAqHMIZeMgJ8UsAFDdytkdPM+rpVAY\/\/BCUgAAR0VUIC92aS81MDA0OTQ2MDAvNTYyZTI2Y2FlZDU2OTU5MDAyMTJlYjMyNTkwNzBmOGEvP3NyYz0xXzExXzExNCBIVFRQLzEuMQ0KSG9zdDogY2FjaGUudmlkZW8uaXFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="}
-00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1467353140755,"flow_last_seen":0,"flow_tot_l4_data_len":622,"flow_min_l4_data_len":622,"flow_max_l4_data_len":622,"flow_avg_l4_data_len":622,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}}
+00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1014,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1467353140755,"flow_last_seen":0,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":602,"flow_tot_l4_payload_len":602,"flow_avg_l4_payload_len":602,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"cache.video.iqiyi.com","url":"cache.video.iqiyi.com\/vi\/500494600\/562e26caed5695900212eb3259070f8a\/?src=1_11_114","code":0,"content_type":"","user_agent":""}}
01781{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":794121,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhBAADEGzgRl4yAnwKhzCABQxSw8z6ul3crbd1AQPSRKcgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjM5IEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkFjY2Vzcy1Db250cm9sLUFsbG93LUNyZWRlbnRpYWxzOiB0cnVlDQoNCmQ0OQ0KeyJjblByZW1UaW1lIjowLCJlZGl0b3JJbmZvIjoiIiwidmlkZW9RaXB1SWQiOjUwMDQ5NDYwMCwicmV3YXJkQWxsb3dlZCI6MCwibnVybCI6IiIsInN1cElkIjowLCJvbmxpbmVTdGF0dXMiOjEsImR0eXBlIjozLCJwdnUiOiIiLCJpc3N1ZVRpbWUiOjIwMTYwNjI1LCJ3cml0ZXIiOiIiLCJpc1RvcENoYXJ0IjowLCJxaXlpUGxheVN0cmF0ZWd5Ijoi5q+P5ZGo5LqU5ZGo5YWtMjA6MDAiLCJ1cCI6IjIwMTYtMDYtMjkgMTk6NDc6MDIiLCJpcExpbWl0IjowLCJ1biI6IiIsImV4Y2x1c2l2ZSI6MSwidm4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwicHR1cmwiOiIiLCJzdGFydFRpbWUiOi0xLCJzdCI6MjAwLCJ0eSI6MjAxNjA2MjUsInNtIjowLCJzaG93Q2hhbm5lbElkIjo2LCJwb3Z1IjoiIiwicHJvZHVjZXJzIjoiIiwiZXRtIjoiIiwic3VwTmFtZSI6IiIsInR2RW5hbWUiOiIiLCJzYyI6MCwiY2MiOjAsIm1kb3duIjowLCJwYW5vIjp7InR5cGUiOjF9LCJtYWluQWN0b3JSb2xlcyI6W10sInN1YktleSI6IjIwNDA3NjcwMSIsImFwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwiZXMiOjEsInByb2R1Y2VyIjoiIiwiZW5kVGltZSI6LTEsImF1IjoiaHR0cDpcL1wvd3d3LmlxaXlpLmNvbVwvdl8xOXJybGpmM2hnLmh0bWwiLCJjaXJjbGUiOnsidHlwZSI6MiwiaWQiOjIwNQ=="}
01781{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":794124,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhFAADEGzgNl4yAnwKhzCABQxSw8z6+l3crbd1AQPSTsVQAANDczOTQ3fSwiaXNEaXNwbGF5Q2lyY2xlIjoxLCJwYXlNYXJrIjowLCJwbGMiOnsiNCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxMCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCI1Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjExIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjEyIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjciOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTgiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTMiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTQiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiOCI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNiI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIxNSI6eyJjb2EiOjEsImRvd25BbGQiOjF9LCIzIjp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjE3Ijp7ImNvYSI6MSwiZG93bkFsZCI6MX0sIjIiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjEiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMTkiOnsiY29hIjoxLCJkb3duQWxkIjoxfSwiMjAiOnsiY29hIjoxLCJkb3duQWxkIjoxfX0sIm50dmQiOjAsInR2Rm9jdXNlIjoi6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiY1R5cGUiOjcsInFpeWlQcm9kdWNlZCI6MSwidm90ZXMiOltdLCJhbGJ1bVFpcHVJZCI6NTAwNDk0NjAwLCJjYXRlZ29yeUtleXdvcmRzIjoi57u86Im6LDUwMDQ5NDYwMCwwLGh0dHA6XC9cL2xpc3QuaXFpeWkuY29tXC93d3dcLzZcLy0tLS0tLS0tLS0tLS0tLS0tLS5odG1sIOWGheWcsCwxNTEsMSxodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8xNTEtLS0tLS0tLS0tLS0tLS0tLS0uaHRtbCDlhbblroMsMTYxLDIsaHR0cDpcL1wvbGlzdC5pcWl5aS5jb21cL3d3d1wvNlwvLTE2MS0tLS0tLS0tLS0tLS0tLS0tLmh0bWwg5q2M6IieLDIxMjEsMixodHRwOlwvXC9saXN0LmlxaXlpLmNvbVwvd3d3XC82XC8tMjEyMS0tLS0tLS0tLS0tLQ=="}
01786{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":794125,"pkt_caplen":1078,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1078,"pkt_l4_len":1044,"pkt":"ABxCjnAxTF4M6gNlCABFAAQovhJAADEGzgJl4yAnwKhzCABQxSw8z7Ol3crbd1AQPSQ64AAALS0tLS0uaHRtbCIsImlkbCI6MSwic3RtIjoiIiwiYXN1YnQiOiLkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiZm9sbG93ZXJDb3VudCI6MCwiY29hIjowLCJrZXl3b3JkIjoi5Y2B5LiJ5Lq\/5YiG6LSd5LmL5LiA5rS+5pa56KiAIiwiYXV0aG9ycyI6IiIsInNpZCI6MjA0MDc2NzAxLCJudmlkIjoiIiwidWlkIjo0NjMzNzI2NzkwLCJhaWQiOjUwMDQ5NDYwMCwiZCI6IiIsInZpZCI6IjU2MmUyNmNhZWQ1Njk1OTAwMjEyZWIzMjU5MDcwZjhhIiwiZHRzIjoiMjAxNjA2MjkxOTQ3MDIiLCJlIjoiIiwiYW4iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwic3RsIjp7ImQiOiJodHRwOlwvXC9tZXRhLnZpZGVvLnFpeWkuY29tIiwic3RsIjpbXX0sImluZm8iOiLjgIrkuIDmtL7mlrnoqIDjgItDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwiaXMzRCI6MCwiaXMiOjEsInRwbCI6W10sImZscHBzIjpbXSwiZmwiOltdLCJxdElkIjoxMzYxNjkxNSwiYXIiOiLlhoXlnLAiLCJzIjoi5Y2B5LiJ5Lq\/5YiG6LSd5LmL5LiA5rS+5pa56KiAIiwiYSI6IiIsInBwc3VwbG9hZGlkIjowLCJ0dmlkIjo1MDA0OTQ2MDAsImFjdG9ycyI6W10sInVzZXJWaWRlb2NvdW50IjowLCJtYSI6IiIsInJld2FyZE1lc3NhZ2UiOiIiLCJ2VHlwZSI6MSwiYyI6NiwidnUiOiJodHRwOlwvXC93d3cuaXFpeWkuY29tXC92XzE5cnJsamYzaGcuaHRtbCIsInZwaWMiOiJodHRwOlwvXC9waWM1LnFpeWlwaWMuY29tXC9pbWFnZVwvMjAxNjA2MjVcL2Q3XC81OVwvdl8xMTA1ODM2NjZfbV82MDEuanBnIiwicHJldmlld0ltYWdlVXJsIjoiIiwidHZTZWFzb24iOjAsInBwc0luZm8iOnsibmFtZSI6IjE2MDYyNS3oirHnta7vvJrkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLLeWNgeS4ieS6v+WIhui0neS5i+S4gOa0vuaWueiogCIsInNob3J0VGl0bGUiOiIxNjA2MjUt6Iqx57Wu7w=="}
01223{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":794126,"pkt_caplen":663,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":663,"pkt_l4_len":629,"pkt":"ABxCjnAxTF4M6gNlCABFAAKJvhNAADEGz6Bl4yAnwKhzCABQxSw8z7el3crbd1AYPSR27QAAvJrkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLLeWNgeS4ieS6v+WIhui0neS5i+S4gOa0vuaWueiogCJ9LCJhbGJ1bUFsaWFzIjoi5Liq5oCn55S35a2p57uE5ZCIQy1CbG9ja+mVv+aymeivneOAiuiAgeihl+eahOWRs+OAiyIsImFsbG93RWRpdFZWSXFpeWkiOjAsImFjdG9yUm9sZXMiOltdLCJ0YWdzIjpbXSwiaXNQb3B1cCI6MSwicGQiOjEsInBsZyI6MTU4LCJsZyI6Miwic3ViVHlwZSI6MiwidXBPcmRlciI6MSwic2hvcnRUaXRsZSI6IkMtQmxvY2vjgIrogIHooZfnmoTlkbPjgIsiLCJwcmVzZW50b3IiOltdLCJwdWJUaW1lIjoiMTQ2Njg1MzYyMTAwMCIsImlmcyI6MSwiYm9zc1N0YXR1cyI6MCwidGciOiLlhoXlnLAg5YW25a6DIOatjOiIniIsImNvbW1lbnRBbGxvd2VkIjoxLCJwbGF0Zm9ybXMiOlsiUEhPTkUiLCJQQUQiLCJQQyIsIlBDX0FQUCIsIlRWIiwiUEhPTkVfV0VCX0lRSVlJIiwiUEFEX1dFQl9JUUlZSSJdLCJpc1ZpcCI6IiIsInN1cFR5cGUiOiIiLCJjcGEiOjEsInN1YnQiOiLkuKrmgKfnlLflrannu4TlkIhDLUJsb2Nr6ZW\/5rKZ6K+d44CK6ICB6KGX55qE5ZGz44CLIiwidHZQaGFzZSI6MH0NCjANCg0K"}
00605{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353140,"pkt_ts_usec":888501,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5fz1AADMGuwnKbA7bwKhzCABQxSlvvfQ0r4ZCsVAYADyHfQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1467353141138,"flow_last_seen":0,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":580,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":580,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1467353141138,"flow_last_seen":0,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01158{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353141,"pkt_ts_usec":138031,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"TF4M6gNlABxCjnAxCABFAAJYBBhAAIAG54\/AqHMIymwO28UtAFDtOXdacCs02FAYAQQdugAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNDAmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01006{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1467353141138,"flow_last_seen":0,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":580,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":580,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01018{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1020,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1467353141138,"flow_last_seen":0,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353140&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00605{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353141,"pkt_ts_usec":308906,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5uEFAADMGggXKbA7bwKhzCABQxS1wKzTY7Tl5ilAYADfR4AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
01602{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353142,"pkt_ts_usec":534251,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkBEBAAIAG5grAqHMIymwO7MUnAFCB65f\/kZem+1AYQRL+yQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDIwNDQmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
00606{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353142,"pkt_ts_usec":600485,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5KWdAADMGEM\/KbA7swKhzCABQxSeRl6b7geube1AYACTHuAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353144,"pkt_ts_usec":633895,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"pkt":"ABxCjnAxTF4M6gNlCABFAAFNZb1AADAG6WZ1T1GHwKhzCABQxQsUvd5l87WhOFAYAA4qLgAASFRUUC8xLjEgMzAyIEZvdW5kDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjMzIEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClNldC1Db29raWU6IFY9NjY5Mzg1MTYxNTg4NTA0OTAxMTsgRG9tYWluPW1sdDAxLmNvbTsgRXhwaXJlcz1TYXQsIDAxLUp1bC0yMDE3IDA2OjA1OjM3IEdNVDsgUGF0aD0vDQpMb2NhdGlvbjogaHR0cDovL2NtYy50YW54LmNvbS9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MQ0KDQo="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1467353144819,"flow_last_seen":0,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":410,"flow_max_l4_data_len":410,"flow_avg_l4_data_len":410,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1024,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1467353144819,"flow_last_seen":0,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00929{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353144,"pkt_ts_usec":819974,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"pkt":"TF4M6gNlABxCjnAxCABFAAGuBX9AAIAGQAzAqHMIjM3zQMUyAFBCtQhgUXsfllAYQTeurQAAR0VUIC9hbmRjP2FuZGNfdWlkPTY2OTM4NTE2MTU4ODUwNDkwMTEmYW5kY192ZXI9MSBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9pbWFnZTEud2Vic2NhY2hlLmNvbS92b2RndWlkZS9pbWFnZXMvdGFvYmFvYWQvdGFvYmFvL3Rhb2Jhby5odG1sDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KQ29va2llOiBjbmE9L2NBSER3UTFtMndDQVhhakNGbzBCbmxmOyBjbmF1aT0xOTgzMTU5NDkzDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpIb3N0OiBjbWMudGFueC5jb20NCg0K"}
-00716{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1467353144819,"flow_last_seen":0,"flow_tot_l4_data_len":410,"flow_min_l4_data_len":410,"flow_max_l4_data_len":410,"flow_avg_l4_data_len":410,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1025,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1467353144819,"flow_last_seen":0,"flow_min_l4_payload_len":390,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":390,"flow_avg_l4_payload_len":390,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cmc.tanx.com","url":"cmc.tanx.com\/andc?andc_uid=6693851615885049011&andc_ver=1","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
00725{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353144,"pkt_ts_usec":913514,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"pkt":"ABxCjnAxTF4M6gNlCABFAAENPiNAACwGXAmMzfNAwKhzCABQxTJRex+WQrUJ5lAYFg2SoAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBjbG9zZQ0KU2VydmVyOiBUZW5naW5lDQpUaW1pbmctQWxsb3ctT3JpZ2luOiAqDQoNCjMxDQpHSUY4OWEBAAEAkQAAAAAA\/\/\/\/\/\/\/\/AAAAIfkEAQAAAgAsAAAAAAEAAQAAAgJUAQA7DQowDQoNCg=="}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00472{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":313,"flow_max_l4_data_len":313,"flow_avg_l4_data_len":313,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1467353147705,"flow_last_seen":0,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":383,"flow_max_l4_data_len":383,"flow_avg_l4_data_len":383,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00480{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1467353136757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65125,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1467353144633,"flow_last_seen":0,"flow_min_l4_payload_len":293,"flow_max_l4_payload_len":293,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":293,"midstream":1,"l3_proto":"ip4","src_ip":"117.79.81.135","dst_ip":"192.168.115.8","src_port":80,"dst_port":50443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1467353147705,"flow_last_seen":0,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00893{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353147,"pkt_ts_usec":705460,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"pkt":"TF4M6gNlABxCjnAxCABFAAGTCAFAAIAG5GvAqHMIymwO28UzAFD2bwdscQOwMVAYAQQLYgAAR0VUIC9jb3JlP3Q9MTUwMzI5MSZ0eXBlPXZzJnV1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mYXJlYT1PVkVSU0VBfFRXX0hpTmV0JmZyb209QlNfSGlnaCZ0bz1CU19TdGFuZGFyZCZwbGF5ZXJfc3dpdGNoX2JzX3RpbWU9NDE3MTQmYXZlcmFnZV9kb3dubG9hZF9zcGVlZF89MTU4NTE1LjIwMDAwMCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1467353147705,"flow_last_seen":0,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":383,"flow_max_l4_data_len":383,"flow_avg_l4_data_len":383,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1467353147705,"flow_last_seen":0,"flow_min_l4_payload_len":363,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":363,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1503291&type=vs&uuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&area=OVERSEA|TW_HiNet&from=BS_High&to=BS_Standard&player_switch_bs_time=41714&average_download_speed_=158515.200000","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00605{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353147,"pkt_ts_usec":794494,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FnZAADMGI9HKbA7bwKhzCABQxTNxA7Ax9m8I11AYADa2JwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1467353147927,"flow_last_seen":0,"flow_tot_l4_data_len":588,"flow_min_l4_data_len":588,"flow_max_l4_data_len":588,"flow_avg_l4_data_len":588,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1467353147927,"flow_last_seen":0,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01169{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353147,"pkt_ts_usec":927208,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"pkt":"TF4M6gNlABxCjnAxCABFAAJgCC5AAIAG43HAqHMIymwO28U0AFClUF0ecJA2DlAYAQSk3gAAR0VUIC9jb3JlP3Q9NSZhPTQmaXNmaW5pc2g9MiZ0bT03JnJhPTImdHJhPTEmcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT02JnI9NTAwNDk0NjAwJmFpZD01MDI5NTk5MDAmdT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZwdT0mb3M9d2luZG93cyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE0NyZpc2xvY2FsPTAmYXM9ZDE5ZjY0MDQ3YjY0MWNkNmZmMDk2YjA0ZmIyYTMwYjUmdmU9M2NjMGM4ZmEzNzI2MjVlNjQxNDMxNDQ4MTZmM2U5NjgmcGU9Yzk1ZDk5MmUyOTg1NmRjODRmMmU5OTA3YTJlNGIyODImdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-01014{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1467353147927,"flow_last_seen":0,"flow_tot_l4_data_len":588,"flow_min_l4_data_len":588,"flow_max_l4_data_len":588,"flow_avg_l4_data_len":588,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01026{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1467353147927,"flow_last_seen":0,"flow_min_l4_payload_len":568,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":568,"flow_avg_l4_payload_len":568,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=5&a=4&isfinish=2&tm=7&ra=2&tra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353147&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00604{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353148,"pkt_ts_usec":16498,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kRtAADMGqSvKbA7bwKhzCABQxTRwkDYOpVBfVlAYADcrXAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1467353150114,"flow_last_seen":0,"flow_tot_l4_data_len":913,"flow_min_l4_data_len":913,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":913,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1467353150114,"flow_last_seen":0,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01602{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353150,"pkt_ts_usec":114018,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"pkt":"TF4M6gNlABxCjnAxCABFAAOlCc1AAIAG4HzAqHMIymwO7MU1AFBQgbYWJ\/60ElAYQTeIsAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNDkwNDUmc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01163{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1467353150114,"flow_last_seen":0,"flow_tot_l4_data_len":913,"flow_min_l4_data_len":913,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":913,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01175{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1467353150114,"flow_last_seen":0,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353149045&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00606{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353150,"pkt_ts_usec":272483,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5A3BAADMGNsbKbA7swKhzCABQxTUn\/rQSUIG5k1AYACEwggAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjQ5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1467353151975,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1467353151975,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00645{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353151,"pkt_ts_usec":975342,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"pkt":"TF4M6gNlABxCjnAxCABFAADZC01AAIAGRNfAqHMITeooYMU2AFCms6ewkbp6GVAYAQQ6hQAAUE9TVCAvYmMyIEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtZW5jDQpVc2VyLUFnZW50OiB7RDY5OTA1NEQtMTY5OS00N0QyLTlCMkItRTk2RjQzOEMxMTYwfQ0KQ29udGVudC1MZW5ndGg6IDU2NzANCkhvc3Q6IGJjdS5mZi5hdmFzdC5jb20NCg0K"}
-00703{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1467353151975,"flow_last_seen":0,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":197,"flow_max_l4_data_len":197,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}}
+00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1467353151975,"flow_last_seen":0,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":177,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11":"HTTP Suspicious User-Agent"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bcu.ff.avast.com","url":"bcu.ff.avast.com\/bc2","code":0,"content_type":"","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}"}}
02121{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1034,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353151,"pkt_ts_usec":975617,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC05AAIAGQJvAqHMITeooYMU2AFCms6hhkbp6GVAQAQSchQAAfQmTpyjixsOwP21FM2w\/ULoWwCiRrGBztIvpkusTbkEbT7JRm749XrUdCj1kKEvBT\/wTVkKLufbjw1lE2fa\/UtfZqs8TT1sk5wEGF4kYfIBf8IaB+OB99fNQgj9Vf1WdVn6TWCfKWR8\/tOS1RKXEgVzfK9erxE3KK+nwydrin0EcycTdDVWiVtuMe6+NSVWZ\/hX990m9djhmhk3Y\/4CbzK44FcPuMMFEvf5FVV6Oh2IVmfsf\/HyiZyDsblCwMFxZeIENUdwKFZahHZX4t2m+0Z8nqx5GXJvlYlyBEV3d0wnwacDVs7VGlTeQSPCThjPgIK8C3+Vm\/SkQMbSbjQQCR56leCZ3zx0zWA16oy\/HwboJXydgKpLLIsIb296bgz9PD0n73r5JevLp9zMQqDnUQH7bGAIZpCoRWg6yOqztL9wx8O8w7fULoBoHntXDNfSIf8aFHnKtztY0xF\/96mqnymFN1wqAbHV11hLYYhYABZBRKOYh4GvMJKN2EaePTJX1g69akJ5Coj\/WAxsj0dEvDR\/vazeiKPax6X0XCpj5u6F0enF2pgEO1DTDpJi4uqvsm4AG7RZTr9WzwZ511fH70pdVZhvHAHeLJEQhK3oT2d6qVMypkVqz3M6P1FXtaWt6+1gJ1EA+POfXctGwSFaJ2WZGwODsWtngLfTDrHYAa++DuvVvAXrC2fFJrQkArXUNzp3jB4yvJRX9IfGTljC134RtjqrqbfWIsHFlGJEvMl6y8wFPjh0U9nAnPPQHSvBi4P8rwzQhP8lZJWbdcGMeiQgoqjzlwL1JkK4Z+B\/r9S3cXUR8rrHDij9ETvqsfuOaaaj2os8zFQDB8g7oYE5htEg8jLGOrgDB+UxAsTk63FA\/Jq1qLQHIt5T87bux2F3Z6\/NtrKJ6XYTsiyX+gxtG9H+42iLcG1kZ\/aUAi1jpTBvtNKfvz8CwqOqNqLU20IAIOBemooRjwRmnBDY3f6aUMeS+wFWlvE\/51CwA1+ifJ60PDvUC79ewXAaFTKMKjf0aaHbyL5CorfEgQAN7IeqBZ06UIaZ6vzz7AgQaAmx6+Ba5qOjoaqoz\/AZLRtOM5g9J99\/JqcSZWau6dqbzwSi9lHTkFpydYtcaUiasMFbnGv1qCDetlZciKtaHoyXbLcLDtNVUeS+HOrUzQyYK2h4whXgFAMDp8Qgu77GMRNBVQqzQrQHNXcQsTRb6ToCJRD0mhPHF56bxN+TcgS8+LJg2hXeTQJGeN4XVvZl+\/NwXCMoOTGaegW++r9Spf9MH6Q7pxuozLc8xjGZ4BotpQroHGQdbg1euShz6cj4v+w35bhHqsX2WqI17RldQkIoRivoqIWQBzpBtvyVToKzr4w1pfcU7KlWiZF6wXXPmeAndVoYy0RAdjUny0dy7q\/aodxD7\/IpKex\/VPNqhV606AtQnAV2BIj+BMksKx18fv+MTvBJVqBMbMlNv\/dfX4KuK9dxD\/j5nlJb1fFCWJ+mUJw+9FKSt1DG2gs0a3nU5wTbq1xdLsklg3Akuz9T9GOR2bt29bGI8qPpXY4FyhIeC9WH4\/TgMEDv9wfb4n6lndgz9I\/9vnUXWZxcDVa2twnV4LY8xc0KQum7e2YlcthsPm+N4Sl\/nQbs4298fPcsHdqZxtg1t+yz4aZA3Jpe+9\/ltbgGRFyN2OyRh7w7lbrWs"}
02113{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1035,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":282239,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"}
02127{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":282364,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5RAAIAGQFXAqHMITeooYMU2AFCms7I5kbp6GVAQAQQuRwAAeEM6QGWgWgzfQV5\/vWdojEMvg4GUzvKOhkjGL4rxZzlsMJ9eU0nUm83kqjEJKn1MlKcLQlcJheTJx8cYhjW20LeiBlIjWjWDh1aBlu1nRCa8Xf3KTTfADfH72kpJ3O4VY6Cpk3tv2qx8yCYFwl09Y9Qvx5syArysC2Gv6PHQmP6H4nRQLlpv8YHAArSjEj1Z0gVp3MURnw\/Kx6i9vqb9Rq+yc59ZCkxqFNBmK5RznxdlxTo47o1mJRoNgZ6n\/M+u5SWPKdcyfshs0hkUJG24N5Qom4NekWV\/\/0\/Fu\/NnqU6VJE1VOzQ7e2m3qkVXf710QxWD08LLJc60Td80f\/lMjUtQBAEYd4uof3xezKneq6VYw+mL5haRbbYtjWYEQMlbgoTWcorYwOFX7m\/3+D8PsJa3mLgHQUyMMhY+2aEylf\/HWY0jCea1SuEKZe8Pq9UrC\/dVAVrLbZiCWGgBRCXgGaIH0f8h4lnaanajQ8tuXMXnlVh1C70GJmsOVApN\/m\/RfQcBBsbCGhZeKTbeWM4RuX0BdFbCNSPqM2X496G7pTbswYsePpqfS2G7GL0CZjtwEMxDsQEG10d92i1q8jSfPhI41ksA\/YGgoOiMKjUFpx7Dq2aDJCSoJQyFzLgJrONdg817ogqzjC\/8zV5vKiMdzEVouPtp+1NCRh8OFykkiPEy0Egfv3WlhyZq1I+H6WHpmtpJeEcbUk+ljAdmA+cpZcfk1J+PaMw2xd8mfUWVJDMzMJ+pPeywiZJiwEqqLWDtnxR23SASTz8rGZs0zrQ6AFI5R07jLe95mmUjS9eTbZigXru\/oR+x27\/8JCrJ+bzwOfjh8coczIm1OrSCskPL8RMd7pFVaXGYdTncLmJPswEJ0XKOKneXAfHGvQLYA8fv\/49A49R4iM0sSBkOE+OiIoeJJDs5ih2VA\/FQQW6ActefxKEw1urmVcyo9U5UzQ7IIBuiwdwHwvAiuFMOOZSUEO1f9OxhzVdxJI6X2L\/cX1WlrVgXOOQ9ugzW0u03io7ceC\/6e8S4A4FWzE+fz8dBtZyD1wiexXpngY8EQa4h82P9OqqXKp\/1nqgRu1LruYH44WoNSY\/Ua2ci3TxfZ1KBOCiZ4vJcoX4+nYrfo6UEBILIyTjKIx8yD7rEZ4\/Bqv3\/nSCC7TKu4f4u1OTfLOQ6xxoX5lPReEN\/PDa0tppnUzcPPi\/G6sOHGeYg\/wFZUUX1p+q5ybbSS4531MFPFsRScn43\/\/PtOVWGIWbgh397JWco5fxwutc1\/cqyZXrE4cFq7xtSZ7Zi6jF\/vYdQ5+\/\/iRSzqVqRvSRVkyIX2uaHJNsQhIdMV8Pe7BoMsBQ8FyEmeWtOHpzNGXW5f4CHemv8AIBq692k1sspSZ5vEkDR9cLjywjsqgazIMhMjCs0U5ThJ13fR59uuKAMShJCLJxBSuQfZ3c7bY1WmA+8x1xcka9XwoA\/fACkRaRRSTl0Z7ajY4rfE1yMY+BV3UbhHQ2XeJqZ+9JhfHkQb0irOlyybQIIlipzYrejjmMKGvULD5Xq7ZBFdh+0h6vvkf73ufLZIXft5KE6YlV903lpPSBkntutnd45GoklluR0m4uMm++0iQdzvokSNml1b7kQDdbahTdmi6pfA3ZvcNdPnJ2gSP72ceqduUDDawPzQqDnV0gq7cfHfh89ZzCEEBZ5"}
@@ -267,31 +267,31 @@
02113{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":282631,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5NAAIAGQFbAqHMITeooYMU2AFCms61Nkbp6GVAQAQTfHQAAbLkOCKU4wj\/evx8imwONGRNDCRNcxEbrXP8hhP5gS61xcdF\/9QCewJiAs88\/dsvrtuhb3rfKKfW889MM5i42wXGEV9fB6Oxnr9wNq+2BhBuurBIHxqXRfAAEoidfx5NjtSMkojiYfAgpgjXDepNqnYPmOEFYHjyOyZguAfDLSM7WCkcWflClhfDaN8J2wfLC\/MPix0DO7IQYMANuOzdnO3SsyyWTTBGHWAEilJLD4tHtNv5RXPXVzcDFv\/ZarQ8dpVXt06BE7M0zlIZna\/IAgdCvI6q5WBZEc\/DK1bc+szeRLHeTn9hb3LwIm5n4j6dH8WghVh4s\/faOqc4OH+pUVO\/YE9fpSsBUVYngldbrHRI5VyRGxL9aOSsPtS4AFeevGJhVzhN4cUWAnUrThdi80PfSu8tNoh7a5szE8bOfyFSl1J5U7dmSuzwsTd1O2VTTA6KkfW80J9853vrsBHj4FYhAgrfCc+AwKx842BJ5tAqCj0sllv5X87h05vAIn5jnPfuPTQZHDGSZF2ChAwxTMJDdvR6z9YqImCWEyGrlX5kVoRgmxMOXn9xgYST7BNbiKdlZJF63+s1OXqQANdKPZK9Tj+vw5aEt8npdIxi659XlE7GbPxGSGQAHioYprIcBMeXfKSeoFXi6v3GiDBYEY44c+YWn+u5dOrxPQy5gu98V\/bpgMgXufFfUvDeO83MuZBryxxpxRtKyO19btTWCUF4PY4vFOsUlEu5wupC5QJDHjSI5JBPnNgSjAFFlHl+H48KJmALxOWkXAjw7wfJ7i0t\/VAJjqzl7KEymLhTMovEkDd8M5KH4L7bM1Pk5SNL44CnPTt0uJC5bu5Y0nC5WeJ5o8FAU+zDySeyFlAKIjVubfBhsfH6iYELuT6bM366CZ2JChIMXy77eZ2ogebEDmfXuAZrshdW456rcGFtnXh7J5hHvVDP3AMs6IVf8LUWSqi6N9+RmH\/KbTYzdQuJb03F7\/k5dx4g2yWo3fs+Lr5JRUf5t\/vLHgHitgjVHiyfZxFryJ2gxO3j2J3Cy8+3iOyUtI4v3PFchrsaNap7PQFpuFhS4kHaW1nfHocLobHPOFLIJLaEq2Z3VJqsMiOWSIoeotU+nrZScO9ejGxvSfkni9AXlOWPv1zuo9rLJelhCyIJrC4Xn+WkzpkY6zFTV6\/5UunGX0Tb8Vczy7McXvGLjkrbiGj3QMStuCAUNlJpEVT8k65UrM5LwbEH4KAV5kUEs1eVMQu3tNilgdCCEWCCXyXIXhc7F8aNPdAP\/PS1DvzRFz2xUmcIICmQZ5HsVmrPOAorHnvum6saL0SZ4Xpsb2NtRcCkYo5ulH5R5LBdjwVak1WRQmaIpJTSuFDlTHmcUlO91XLgWqht8m4JPcT8KVxMhaep7\/D8rK0OPB4\/bZz3AmwRRkEn1w2WxcrplYcrA9llu+UUdElcjgIQb+8Ut3dZ78QhR6hg0LSfopHZZKMjm7H8PGYnnckV7+UPzMYjSuw2xH6Scc5NP4qyN1pRNyJqbAsYjU9DQoRSV4QpLKW1o4cygA24ZnSsb0t8q6Ugh54j1Rk4AcTFxkKhm0GqVFfy3vqOZrj5LFm1yDiouv3X+Ev+I8njUSG1\/7yVhpxE8Ojwp45UwRLFQxvD31ZdmkgP4Weywok7EK11JBAomj+s4\/jGCJXIASa\/M"}
02127{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":282632,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUC5RAAIAGQFXAqHMITeooYMU2AFCms7I5kbp6GVAQAQQuRwAAeEM6QGWgWgzfQV5\/vWdojEMvg4GUzvKOhkjGL4rxZzlsMJ9eU0nUm83kqjEJKn1MlKcLQlcJheTJx8cYhjW20LeiBlIjWjWDh1aBlu1nRCa8Xf3KTTfADfH72kpJ3O4VY6Cpk3tv2qx8yCYFwl09Y9Qvx5syArysC2Gv6PHQmP6H4nRQLlpv8YHAArSjEj1Z0gVp3MURnw\/Kx6i9vqb9Rq+yc59ZCkxqFNBmK5RznxdlxTo47o1mJRoNgZ6n\/M+u5SWPKdcyfshs0hkUJG24N5Qom4NekWV\/\/0\/Fu\/NnqU6VJE1VOzQ7e2m3qkVXf710QxWD08LLJc60Td80f\/lMjUtQBAEYd4uof3xezKneq6VYw+mL5haRbbYtjWYEQMlbgoTWcorYwOFX7m\/3+D8PsJa3mLgHQUyMMhY+2aEylf\/HWY0jCea1SuEKZe8Pq9UrC\/dVAVrLbZiCWGgBRCXgGaIH0f8h4lnaanajQ8tuXMXnlVh1C70GJmsOVApN\/m\/RfQcBBsbCGhZeKTbeWM4RuX0BdFbCNSPqM2X496G7pTbswYsePpqfS2G7GL0CZjtwEMxDsQEG10d92i1q8jSfPhI41ksA\/YGgoOiMKjUFpx7Dq2aDJCSoJQyFzLgJrONdg817ogqzjC\/8zV5vKiMdzEVouPtp+1NCRh8OFykkiPEy0Egfv3WlhyZq1I+H6WHpmtpJeEcbUk+ljAdmA+cpZcfk1J+PaMw2xd8mfUWVJDMzMJ+pPeywiZJiwEqqLWDtnxR23SASTz8rGZs0zrQ6AFI5R07jLe95mmUjS9eTbZigXru\/oR+x27\/8JCrJ+bzwOfjh8coczIm1OrSCskPL8RMd7pFVaXGYdTncLmJPswEJ0XKOKneXAfHGvQLYA8fv\/49A49R4iM0sSBkOE+OiIoeJJDs5ih2VA\/FQQW6ActefxKEw1urmVcyo9U5UzQ7IIBuiwdwHwvAiuFMOOZSUEO1f9OxhzVdxJI6X2L\/cX1WlrVgXOOQ9ugzW0u03io7ceC\/6e8S4A4FWzE+fz8dBtZyD1wiexXpngY8EQa4h82P9OqqXKp\/1nqgRu1LruYH44WoNSY\/Ua2ci3TxfZ1KBOCiZ4vJcoX4+nYrfo6UEBILIyTjKIx8yD7rEZ4\/Bqv3\/nSCC7TKu4f4u1OTfLOQ6xxoX5lPReEN\/PDa0tppnUzcPPi\/G6sOHGeYg\/wFZUUX1p+q5ybbSS4531MFPFsRScn43\/\/PtOVWGIWbgh397JWco5fxwutc1\/cqyZXrE4cFq7xtSZ7Zi6jF\/vYdQ5+\/\/iRSzqVqRvSRVkyIX2uaHJNsQhIdMV8Pe7BoMsBQ8FyEmeWtOHpzNGXW5f4CHemv8AIBq692k1sspSZ5vEkDR9cLjywjsqgazIMhMjCs0U5ThJ13fR59uuKAMShJCLJxBSuQfZ3c7bY1WmA+8x1xcka9XwoA\/fACkRaRRSTl0Z7ajY4rfE1yMY+BV3UbhHQ2XeJqZ+9JhfHkQb0irOlyybQIIlipzYrejjmMKGvULD5Xq7ZBFdh+0h6vvkf73ufLZIXft5KE6YlV903lpPSBkntutnd45GoklluR0m4uMm++0iQdzvokSNml1b7kQDdbahTdmi6pfA3ZvcNdPnJ2gSP72ceqduUDDawPzQqDnV0gq7cfHfh89ZzCEEBZ5"}
01266{"flow_id":54,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":590330,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"pkt":"TF4M6gNlABxCjnAxCABFAAKeC9pAAIAGQoXAqHMITeooYMU2AFCms7wRkbp6GVAYAQTyKQAA7eVpFrD2Zu2EI78FtkBM3jEoDQCIa14mJVy1dG8nFitBKFNDxTt031KmXckMdxStHEGnAZEDTRy81CV87wwWQpkPnufZzKu7AQ4P7SvwNw7yzYLi4iLldEyhBj45V5eOWlvP0z3AMXP074IqJFywSjCySyiFcI4PRDElNg+TZp5bE384fWOV2qStbKI2Wb+egzlLt1M7CqR\/WL\/5jWmY6cx1BU1dodciv9csLG5vBaimf3jEuAdoHR1Xa0axvDgwa1wPm2+xEAOEPPLQLuJN7+IhNIYUgHrVQ73E8f9iSbKMwWuoQjn9PwypiG7qe7yo7sbieqoE\/eYYYrT1Jw2hvbYFBQCwCmsfMf1XNrNzjQ+RndXQSApR++c\/LzZfOKMKNl11psoG\/DFcghcqFD2u08rpBOK\/VR4jv\/fiY6QGDjo8f0aJH+LNOmQ0uGlj\/LzUp\/VRtb5IUwyT9qqA+ELR0UJMHhU8Fcm8s\/l2bwcF59DS3FLWQyYm52yYRUFx6fsMlB6c4OVvc\/\/gFsBBwtcyD0hKgchZbgG5KGiQ13hHM6DLQ3n3so7vtyty8PAZFIG8JVJNiUT9yk\/KEJt8W4Sad80+OTK3gAJli4TOrPLmLs\/kkUwb319MfVRjWqvL54bGoCS1CL9TPc7dH8XEQSGUHFq7Gbm\/B1nSWjXwQMZyiDT0De48VIRd88pZE2ULceUGkAX9mjwMJ+jCy48ysq1SN9jYApJsR4kozmtYWldAHeqy7jNyoN9epQXhjW\/AuoSCi2D\/50BvY+61yuzlBhp1ViXwqooA0sA04V53f6ZK2ZoaDSGaSKEDEmtr8dDYbImtQBSasNKR"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1467353152692,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1467353152692,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":692906,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1467353152692,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1467353152692,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
02115{"flow_id":54,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":945958,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUNKlAADYGYUBN6ihgwKhzCABQxTaRunoZprO+h1AQAAIjzAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjUyIEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiAyMjM2DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCn1Umady4sbDsD9tRTNsP1C6FsAokaxgc7SL6ZLrE25BG0+yUZu+PVy1H\/J9K0cErRrc\/\/HdTmUobC22C7Oh+QeUvPOvQiF1QcpqN16lRlvZBKeo06G9VcHf\/MYvbG5tm2JC\/BBCnwkxZOS97njKz7SSmXsma6Np2UXwnpag8\/cGFMPG2xUoyylb5zLKzCgM95pdkLxNu3Eza4JI0\/iOlM7QWm2jyDPNTbT+AtqtaAC7x9aTRsJFkI8XzVZ48AAWSSq5PkpdPVuk1zPMre486j3fGY9CEQrCxhx81SYOzbcDyS\/9taiHjo91MJ6DtpdB+UnIbdqCNeZqBzW6lYYMCR+oh0E4YMUVOFwPfPYsxc2\/B1gjZhqXvFChTfPDp5E0TUrSJhE2iZBhLzB+dPVy3wsNmHBJbYFOCi854HfIrwqdA72jFLWqL409Dd6IlQPW1Q6Y1DAu4IqLY+s4xJliR40kKWjT+0tqGst\/jlLcTlzjUyb5J+NKxC6obBSnhlOM\/42sXpKeHbYz0hAbKfbQLQFjmwxZhDH4pfE4Yheb5aenMWBwaKgUCM8qjcuT4PrptsrAS51bDcqL15z6cLvameyyAXNDgyNerGgUYm85RIWH+33r0MZz7e6TsphluEAOWd8aWowma36kji+H\/hBxhJM9HoDQoFyFsnHTmIZSRSRxs+jQDFr2HP5PgdclHMJ6eLziIX+epCYbtCLmzuRV3gKYH8L\/mTiU8PETTw\/FJiRdvPkiQL8MFvRgMX\/7TkbwaJyeCSkxW0KaPnoJsAEMNIoVLr0V5s6rcYmnCq829uBurSKPLf3FguVhOD+EyR33hkzz4bDPLkgXy\/tPmB2eN8c8dfjy899+pJtcXrdDKM9QPjHrTysJtNb4j6Ta9YgMq4CtAv68bEKd6dd7r9hTSvgI2qRzjVlcXNOmCIgA6k9GqX3xt5KRuvjig93RXHPWa1RWw\/zwDrpmyUkeURzbiDH2oMYiqbBG9sMwVZ+rjWqzTxruDObPkAoRj0\/oDIbVBGVx6i\/bi6niM04OMCf0lXlHj3Onf6hj\/gISSBYpdf4StInu4UysKccQRD8a6oJBKrSZgvjO3B3tmyroq8F45N49mzLGxHSQRB8k43UW8EyjNVk4+IPCMFf8v2Ex9hjb7bT7bH0VlW+1ZkBybIbFVKJMdQnJo6lYC3aezxeGWAj1gKdTmx2VQHk\/41yY+DNGjoWg+LTVpFacjONdIG+TJJlh3hSc3DKPhrPmBpDHXELHVxo\/1o5hqaCDoiCGXIAa6smDdVp9XNkBN2PIHSHmY0IHDtpb+kBBoiNgbKBPuiZBjaUpybC8PUMOQtyTQtyhKHowD43Hcd1DIyb7ro9BHT+sUHUP5W0L7Vs0tGhCxRyNb4FPVYMR2LCi5vu2+TI9qaHVXXgc0nOU9AC\/TWupzVoY4Hhc2XEtUKgXEPagTLJJAPFDDHIOKbmZ"}
01959{"flow_id":54,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353152,"pkt_ts_usec":945959,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1193,"pkt_l4_len":1159,"pkt":"ABxCjnAxTF4M6gNlCABFAASbNKpAADYGYbhN6ihgwKhzCABQxTaRun8FprO+h1AYAALnBwAAhp2txKODSqNuJpfNrXNGgSfm2FpD\/QzazKmVzcysULIgXZtkkpABG6IcK8UWfZCW+RDieCCGsC0xab65Bzr\/J4HEhK5Vrrp8Bk03\/biW3ST+KQZRiVaRBsErmXJGHHOQlRVHQFq2HyISjfgt1YbIUfJafNu8MkADv0aibs\/ZbAusCz7LqetEQKNepwr\/d1+RtrShPTNRh1QvNzQoJqkB0mf9rmvbXT+kFbINpo19RvBm1cWefA1Cu325pXyFCLHEIkuLHT7YIqsL37ae1fKSNiSZvO\/3CdXu9UjZj8WRX71\/ctpEhkvS2o3pG4fZVXuPodYz9px7iVdPGjwWgvluadyiN5IXH4tm2iJJDdt32CXKYNGduX4Wcy9C04bAJ1jswV+QUn0CcDkotc2fhVGLLbvyg\/jT0cNa0KPSAFQeWztVQRZfz6tB5ilJIGVf2ywO9MaR2zHvYU7Q8+fMns+GO9FdZPcAttmvYYG6Brf4AS\/AWcqQuSC98SArYGS83MD0WLNiw05gzcmKBMWIIHWU9rqhdPhCPg1gfvaok7HaHQryUA\/vzlGdpxScGAOk4aP003omXyMnQcLOLE1afcBgKFPMO035Zd8jfzJ\/hqVVmdaJtPDw0bOeUKYd3u\/Rx\/DunqdVpPCZSZitybo4CTnWPKMGr0mA+WWOfGTjhrxC5E478knyE7019EGLdGxRG4xRKepPnYgXZbzJdJzUF4Lga5bGoiz\/zxotL10X4IkRoUxKP2n+sq5H8O2ZzJVozYxS4kKORbgYJcbL2bmZdiZmpAbJpT2eQyMR77nbAgm2fR\/6BnuPE6ehwLfrLLlvFQNLzbbXlhPHgDpA42kZBoTXKMSGdjKxwXwh02hw7LYi918QVyymXacr4eqrRgrJC3EsWt7nQdycZBUKvxF6hIS4fdprfFVjr6YCQ0X1GgkwHq8zhlELD2uPjwf2WOrhfY6IiRa9te9cXSvbggQ71l4JMERcoE6+8+cwtCMIXQE8I53+Z\/47VQQMTqEgIzRbrC9X7PLzbVb8BfC08inAupGlegbauLxrxwOCeztyHOjXathrMDylK5xxetZFwQ66yooo3\/MUxCVcXzoIj0YZvhP6m+Cx3zJvAajEW4v\/mnoEKhbVaveSkyfp6OTdzLyB0AlXKlZXkqgU7Gpz9ArcYjAUoTpLjfEdg\/3xNwH1igONzHPxX94zEpg3OLH\/KasJRQmp9tykoJmhBhtmkcOIjP1eIPQbta9I5GhOIGBi+iIHm6KOtFBSVVL2kgZgU5ipzGefjTQpb2di46wIuYMV\/Jbi0id37i+JQAHPUuzPqELHAont1WaA\/\/Zto+GFnCXIqQpGpV9u19koxBgSy4tgktmKuAYpOqujaxzE+qEATpNuDPB7zsHLdYxTlp1wfn\/MhK2ECfx6wt\/uowpmk2Fvf1FHTdHaExsyfuKSaG\/Fo3xi2Uh6Xv4yX+2nD1vI1xIBVykRyWAZmPNEMY7RwsqGbX5S2hgBZMpsLqkDI+uzb2I7f9RzLdo="}
00578{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353155,"pkt_ts_usec":693528,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_tot_l4_data_len":649,"flow_min_l4_data_len":649,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":649,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01249{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353155,"pkt_ts_usec":790340,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01075{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_tot_l4_data_len":649,"flow_min_l4_data_len":649,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":649,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1467353156641,"flow_last_seen":0,"flow_tot_l4_data_len":277,"flow_min_l4_data_len":277,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01087{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1045,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=15&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353155&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1467353156641,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00753{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353156,"pkt_ts_usec":641491,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"TF4M6gNlABxCjnAxCABFAAEpDsFAAIAGbi7AqHMI3xpqFMU4AFDYI3WbArNbVVAYAQSIDAAAR0VUIC8yMDE2MDYyNS9hNS9iZi80MTNmOTFhZDEwMWU3ODBhNmI2M2Y4MjZlMjhiOTkyMC54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1ldGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOjUwMDQ5NDYwMF8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1467353156641,"flow_last_seen":0,"flow_tot_l4_data_len":277,"flow_min_l4_data_len":277,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00718{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1467353156641,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"meta.video.qiyi.com","url":"meta.video.qiyi.com\/20160625\/a5\/bf\/413f91ad101e780a6b63f826e28b9920.xml","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
02113{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353156,"pkt_ts_usec":699175,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUU\/f1AADgGwwbfGmoUwKhzCABQxTgCs1tV2CN2nFAQAB+1jgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNTo1NiBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC94bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpMYXN0LU1vZGlmaWVkOiBTYXQsIDI1IEp1biAyMDE2IDA2OjA4OjM2IEdNVA0KRXhwaXJlczogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjo1MCBHTVQNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzAwDQpYLUNhY2hlOiBmcm9tIDEwLjEyMS4zNC4xNDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogRVhQSVJFRCBmcm9tIDIyMy4yNi4xMDYuMjANCg0KNWZlDQofiwgAAAAAAAADhZnrbhs5DIX\/9ykCP8BEFC+SAHf6KIuxM26NzaWtnezl6fewDtIUXdIpUNvjY4n6SJHizPbT3w\/3Ny\/r99Px6fHjhqayufk0f9gejvfraT3PH262h\/uXm8flYf24KTtalr7wbmfrfuyoDO1dZLfXhdbdbj9BusFPbrZf1uPnL+eZrWxvX9\/75b+Od+cvswmuXt76xfPxYT2dl4ev+6fH8\/Hx+en5NNP29v8uu\/yHZcd\/17kXbaXK9vbtin999\/x9OWMtM2mf2Nr29u2Kf\/1yvFuf\/jgvn+cyCv64+v8\/\/6i9vSfYWehwOKyE1ztrl8\/LXq1KWUo9HIYZXv1fv\/yMS7m8oyGt76nv1QfBl2p97WM51P1FWfhue\/vTGrdteb47vtp2GeSHha9yvCwHDMUDQ626qFw0uE5g8PO3PtKf6z+H73DZaf32vD7u15M75d3lHx9fyV\/eg8xy\/7zeHO\/g5s1cJowL+\/za7wK6JqibmaZR4xF4M3MqkM2sqUA3c0sFtpnHBEbhKhqMpAmeCxUdCk4VAwpNFQSa1HIJeNLIJSBac2MJTGtuLYFqvWIuuFabWuI7AtnacwnYcsklgMs1l4AuSyqpoMu5uRV0OTe3gq7k5lbQldzcCroikyUBVUFXLJeAriCyPXMG26+CroxJEx9V0NUyWRL+FXS1pqMw6KrkEtBVyyWgi1ycmcugayWXgK5RuiIGXeOpeHkJ0DHomkxI+rEEdM1yCehazyWga2OSxBYB3Ua5BHRbTeNFQLdJumgB3aaTJiEloNtaLvGMi6jLRgHdTrkEdDvnEtDtV8wF3Q5zkx2goNvhgGQ3KugOOCCTgO7gXAK6Q3MJ6I6WS0B3XDEXdKlcsRd4qdSpZ2sCXyoy4egTbgIFYCqWhpWBMJWea4CYCKeJZB8YGBPVXAPIRHmYGygTXbEZmImu2Oyc6xWbnXO9YrNzrldsds6otxmf5pxRcFONc0bFTTXOGSU31Thn1NxU45xRdFONc0bVzU6RzTnzSFN6c84ozek5zjmjNqca54zinGm6c0Z1bkmG685ZcJrINM4ZxTfVOGeldJ9256yca5yzaq5xztp+07y2WK+9gDdRX59OR++dLu2Cd0vve4JaK7qpoLCCS2Wy8Htn0uHJGipAhNHRUTwH"}
01311{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353156,"pkt_ts_usec":700500,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"pkt":"ABxCjnAxTF4M6gNlCABFAALD\/f5AADgGxVbfGmoUwKhzCABQxTgCs2BB2CN2nFAYAB9NTQAAeAj6KkVzGFgBGjLKoHgWsNDOg9EyBWMg4qw3sngWxFvTJslqEW1dOtsIZ\/G2YAiauUTisVZE0efGwzjXWg05LdZ4rAky0eBYc4m1ISOZy2PN0IHWZC6PtYYzQuJG8j0ND\/TECQTGtXRrmc2gXLGqInHIeH+AZh3hH4eENwhVsfKSjAPO1cTSYzk4VwRGT0LHe4TarWqyLm8S6mgVURj6q4IzFzPKNODMJE042ZbgzNQZongucObqtx3iTeOdAgtOFElsMDiz4j7IiGOewZkNmDWZyzNFp1ZHvEUZnLk3hGq8dm8XeCg2YczZ+wUeo3ON9wWDs+AA03qiAWdBguyZBpyFEaoU8\/GeQWCxJqlYwFm0ElwW+tS7BtGB8In5eNsgxoYYisfxnNwQiUliF8\/KHRWxxZwFnLGTCyWxIc55GI5LybrAWQsivsW+EHBWpMMucU7w7kGRWyyJeW8flHELMtOAswKQchyrCs6qvbWEs4Kz2mjW4n2q4IzsMyyJDQVn3LPtqKOhTxWcdXQc7RMNOFtBRUl84T0EvFVRbcO5vIcwFIPOsU8NnJExccMztsd7CARqqdlc4IxwNkRibA84m1Rl7rEGnA1No1kcPwbOptwRi\/E44GyK5JL0auaczVRLvE\/NOTdmsdhm7yG8mHJSC5pz7grS8T5tznl40Y3X3pwzVoX9E669gXMrSszJXODcCF1fS8YBZ9yrRE6I97v3EKimuN8fx2ED54ZUh6iPbQbnJlpQLEON9xDNzxJJTvAeopn2mnDu4Nya74w45js4t45NmNQ47yFa70xJ7u3OefiZN1kXOHesvIxf4\/Dy8OXXvmF7+\/b4wXuLdx\/fPY3AD+9f8Jzp8vDGHzT9Byu2GoeKGgAADQowDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1467353156959,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1467353156959,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00677{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353156,"pkt_ts_usec":959663,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":253,"pkt_l4_len":219,"pkt":"TF4M6gNlABxCjnAxCABFAADvDvNAAIAGMe3AqHMId7wNvMU5AFAa+1ILYx41VVAYAQTDtAAAR0VUIC9rIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBwZGF0YS52aWRlby5xaXlpLmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1467353156959,"flow_last_seen":0,"flow_tot_l4_data_len":219,"flow_min_l4_data_len":219,"flow_max_l4_data_len":219,"flow_avg_l4_data_len":219,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1467353156959,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/k","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00913{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353156,"pkt_ts_usec":998876,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"pkt":"ABxCjnAxTF4M6gNlCABFAAGgqmFAADQG4c13vA28wKhzCABQxTljHjVVGvtS0lAYAB+FPAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtTGVuZ3RoOiAyMDQNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsidCI6IjE0NjczNTMxNTYiLCJtIjoiZWMyZmQ2Njc4YTM1N2MyMDhkNTE4NmIzYzM0MjI0NmJlZTQ0YzUwY2U3MDgzOTNlIiwidSI6ImVjMmZkNjY3OGEzNTdjMjBmNTVhODJlZDYwZjYzZjk2Y2QyMDlhMWQ4OGI3ODQyNSIsImkiOiIyMjAuMTgxLjEwOS4zMyIsImsiOiJlYzJmZDY2NzhhMzU3YzIwNjI1MTY2M2U4NGQ3MDFkOTlkYjQyZTUxY2I5MWM1MzkifQ=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1467353157063,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1467353157063,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00812{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":63732,"pkt_caplen":357,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":357,"pkt_l4_len":323,"pkt":"TF4M6gNlABxCjnAxCABFAAFXDwhAAIAGMXDAqHMId7wNvMU6AFAWZyP1RIzmWFAYAQR4owAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2PyZ0bj0xMzc3MTkgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IHBkYXRhLnZpZGVvLnFpeWkuY29tDQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDpfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1467353157063,"flow_last_seen":0,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":323,"flow_max_l4_data_len":323,"flow_avg_l4_data_len":323,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1467353157063,"flow_last_seen":0,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":303,"flow_avg_l4_payload_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?&tn=137719","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00979{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":103507,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"pkt":"ABxCjnAxTF4M6gNlCABFAAHRefhAADQGEgZ3vA28wKhzCABQxTpEjOZYFmclJFAYAB\/Y6wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjUyDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJiZ0bj0xMzc3MTkmdXVpZD03NmEzMDg1YS01Nzc2MDg0NC1kZSIsImUiOiIwIn0="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1467353157138,"flow_last_seen":0,"flow_tot_l4_data_len":392,"flow_min_l4_data_len":392,"flow_max_l4_data_len":392,"flow_avg_l4_data_len":392,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1467353157138,"flow_last_seen":0,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00905{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":138270,"pkt_caplen":426,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":426,"pkt_l4_len":392,"pkt":"TF4M6gNlABxCjnAxCABFAAGcDxlAAIAGbTXAqHMI3xpqQsU7AFAuAjEcSma44VAYAQTWMgAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSYmdG49MTM3NzE5JnV1aWQ9NzZhMzA4NWEtNTc3NjA4NDQtZGUgSFRUUC8xLjENClJhbmdlOiBieXRlcz0wLTQwOTU5DQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiAyMjMuMjYuMTA2LjY2DQpBY2NlcHQ6ICovKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpxeWlkOmFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDo1MDA0OTQ2MDBfMjAxMg0KcXlwbGF0Zm9ybTowLTINCg0K"}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1467353157138,"flow_last_seen":0,"flow_tot_l4_data_len":392,"flow_min_l4_data_len":392,"flow_max_l4_data_len":392,"flow_avg_l4_data_len":392,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1467353157138,"flow_last_seen":0,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":372,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":372,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&&tn=137719&uuid=76a3085a-57760844-de","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
02135{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":142996,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui5AADgGBqjfGmpCwKhzCABQxTtKZsK5LgIykFAQAB\/uTwAAXABAYzwo9cKPXABAY3wo9cKPXABAY7wo9cKPXAAACQAACKIJAAAyAAAAAAAAABcAAAAAAWQAH\/\/hAB1nZAAfrFYkCgL\/lmoCAgKAAAADAIAAABlHjBjFQAEABWjomvLAAAAAPQgAAAkAAAAAAAAArwATkFblpUgAAAAAFAkAbwgAAAAAAAAAFwEAAFAAAG7\/ZYiCABX\/95xkfm3FH8zfxiVyZItj2+QvcPG\/css\/ZW+K7oKmOXqvyof6+MpsbuBrR3NlYBBVWVRq3WcvPz43KJn6OOq7wUatnW33K69XETXFsUoSgXdN7o0kq4w+hJrrFVm3jhsmgXWVk6qs6hebWuZRXfCylsvlyYQvoo8ujkxwf\/jOPhyl6i\/pTDKbDQZOrGmk9iGos+6hcPjtrVmq5rC28bSpDQb\/l3J+48zXTAIJQ0eBYWXFdgZPT7ei\/1f\/9\/tmNrD8GxGJp2OeeHzKlWg0+2iCixox6opp5+CbF3ew+UCOGdg3U\/5oVyFXyPX7+O0Is6zwfWwGCWJoC6\/zQa49qCQPS9W27Dn4e7vsWHcsLdg3UHzR4Z1JuDFBW7ue0EA3sC0gP\/mqqJuTdXptxBOJRjQ63vSnOV7PtDcJs4A7oWz2JzmEh+VbAw2U5760xCgZf0h+IR4GdMhaD57XDY8NdoZSDUzKAjvVKzHkc\/gdXpR0l6TIGuQcP2n5BFznR2iYeCE\/miwzmIeVW7avmSkaYobdmdMxT40yLpSDo7E8P+71xqJEqUUh6vFl9rz126Cgazh0LClcgaFaNKcZScAJKPrVP1o7kkOIcKwxW2CdOD77SH4zyVYWD9ULtNPIZ77Kl\/LYJQ8L2R419x+V6vNClYH7FDNYQst\/D12fjQ\/m+4yqq8ANYgNFZAXKlC8uKiIfcH\/TAErY7s8c2cJx1lhY3xTKhpLrPcsLU9UsA+Oip34KoUwvW3F5sUP0n2c\/KNlUH5ayGqegy5bryGeYm\/zuaor3RjqVC+afHCqaNQNUM+bdihsi6\/dYDdiuHkznFARXAj+HmRzPclqFdQs0umlOh+4nrXrTgUTsq6Mijt5YgP1vOKM5AtjEldVCDmGr1tU5uzTP\/wOgMtD4fsuENAnY849iMY16mjQC8PBzOazume30AYsAvNe5umLe2Jg9g1q77PVd7s5Hu\/6sIJWIf7my9bXHqgu1vXqQE6ohulSfKXSbeWRxV1zDne\/VQKrMqsiN5thBJ6eGrmP690VCEON3vIc3K8eMxOBEG1sH2gt0\/QY+qtme7NqWlgnah6YGN282gbUWFJTA8lul4VGFodu6rBHcO4b\/OZ2Vgodz1eVa7Rvhlz0zeO\/YLtQjl7fwTfVY1piKLJlsXBuH5KXSLNolBVVHCVrAQmkekZvhiLsm\/G4SGTer+1uPrS5m3ZHSe234ovyt+yHtfZCEP\/\/gOVJ5LO7C7uAyroC7rFx6lIcBOyO9mnt4Fi0rv6nmI9Iuf1\/XjKYeJJ3hPNphBZXvUwpvdJUyrMP\/WSQf4xrhUZbkn+wcvgAg5Hq\/N\/ilxIaAfekOtHVgU5VwnYm0lrbpwZtnYoLYol2itsi\/Tiny8B2OHcGdfUzCAOCON\/0+\/ipakxXBeRa7CLgs5mjI+rNnEby8whMLuruKRetpD4LDPViHWG\/OwHoZ14S6hpwBDqQ07xh3U7DjW9xs4GqS"}
02120{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":142999,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUui9AADgGBqffGmpCwKhzCABQxTtKZselLgIykFAQAB\/aLgAAopnkFb6w\/Gf9wcd\/TnuexQBjLwWa0uCe9TPr4qE3jsphraOf\/lM4Hhi9NJILTNUPpkUh0lJVsTBg0+IryxSW3IwYySV6wkzB0\/tYDwbO6SOx\/W5mmrffIH5hc9hR+iJYkdxSMJyhs5tL+JX3Z4urkWLC21HQmnbWWhKwwr3IOESy8lC4QLT5bzgZZwV6aylc3BKRGmkWqvo3gveBLOrAMA4JoqHhbMBYA7GEB3n5XVRePARG35OUMCE\/8TDQo0+dLC24GKANopCzYZkvfPVaY0dRDrv50emXg1Cs9WSfVu50aDF7YYVdx5mx545GrUAMEsqIjDQ\/4DCox7xS+Ws\/dwFhUTJ0P8Dx\/xK2lp12JPYf\/zG6tdTYMt3AacBTBvLHFFde\/reBoQaTbZB\/vJdywKaKtIzwqCOs4Q9YPbL8+Pq1VE1FdEBeuONtnWPx9wNuAvH6U\/JENWXsD\/bsjom76483YU\/XZIQUgj30cOEgQwuDamiBln+90aAngeN2nOL6ntmgjdG66Xp5PKfwQlwuGdvacgApEFyIvnfxUhm77eXRcDexRzOKtayXJEIXZt52rm2WbDXx+l2L+n6mDI5HPlSGKuvP84rwmMwhT7yEvzQKbivh5sn9I8EjZx6KaukURUZTKe54jHmLC3Jmf2BKkUKfD+otim\/knbUQxDjsPRmRG1Nf5oF86K6KEl\/nFEI9A5kcjFcko+VuDqw9SWzSXgKad5EYc4r+hlUwt3uzj59viQUjCCWYguaIGZ8C5ZjdSExE6IsY1BXoMFqHoRzfJaDg6uSsFAjJS92cQgN0nWwTaQFWx1m2slB35iQ1wft22PbPDl49icFcTFpAz2oY5Pp3lfvj5IUJyUTHt3u8v74exA53o9ooOtbqs2j42om\/zaB3iyhBCsOikAKzbr0K6CxGSwBAWdloUe96BLdalzPNcqhIK0c0YJvH4tBdmDh+5ufseEBw7BGI2ipV6yVNpFO0kDqCajN7YsN05JDg13dAXzY2SAQ5QfKni3cz7N9WhYMt7COKUvI+C0iwIaEB32bniucRrN4HsPO11eCbWDnltN\/+kP2qhoa5r1DcSUAZq6JPm51\/USDg6qO4x\/Vapf6ZVCWehE+KdgGpX4qBTKeA+bV7qois7qvnsCmBXUWPo21DtRYTVMizQCWWQqH0CGGSEtoZ24ZE8Em+sX59yNgKKKnBzY4rxhy1pF8qyBkoHpDm9lBx3JEleYOnrbk5vilJTiHsG0C7im31hM5hXvKl2rEhKIpc+QgsAwc8xEkz7398lWjZRYNmVmvhEG3GTaIjL7zuDYVBFnz\/Ep+CquTSroYI\/KVwc+2ze3Q+yBDcODi+bFdRr\/qJ\/RfL4FgeDb9sduAkPb3xQiixfjLzyzTazf6dzG3+S06aSi8zpu2nZ2pA6Ukh\/FodlR311cw8YfsxYuiSFyYqZDzpce1Qm0XZXnys8qlDnUmjILug1tlJBa1UzH74juRDwgD0Fnwh1MLjNAsmUIrgA0GSsiEjUBU047yfXV\/qzyvQus+1BXKIiklyV0Xin7L0ua0Yj38t6gGn+ytwXAmSh71WYg7o3suhEh2DpzfHKZ9IBKf8gIvOvhTvSepAfXGEaca4phlMY6YIuwsde9HzRk9q6m3wLv6MKf1l9nyMKAHgaDMdK68E7LAU50IjtX2yCF8K"}
02119{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":143000,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUujBAADgGBqbfGmpCwKhzCABQxTtKZsyRLgIykFAQAB8dwwAA\/2jHnnAjB8q5GMjAl4zO7LmXSDUbnUXu\/QeEOdeU7w8IKLe6izdpw3j2Z95byEoxuUmCU0tLcTJb40tSZEepvDg+V3baz1GA\/qTEB8Y+vI6PYjCGhmkGu76k3VSeTvrwOLGQdqIwOHc\/D6Z3L0KX975LbwqygQMFNaOJPuDns+HxqpIHN3yv7xW3JFD6iZuOSyeE1HuKufQv6Do42XCNBrQs2xmwqo7Gr+2+y1wDDosSssblbmp4+GmdUL5C2CHhwiizQjAS1CeOFLYIfHK2ih\/mNG58BzPCQV0\/x01qNfHcmYvymf1oZp+\/4qbYCRe9PVn\/1pHt8wSQpKANb3ScynaRa0MmMtG4ZEr6Vjidorc2Jr6St\/ouYncqc20iW9BTq1gyL2K\/xWgRwUFJU0RAWNJk+NWNcrlNPGYVkJRlJFFxLM7Q4CesgbiDw0QUWzsg1WBJavOSLGlthM7yCYh+d8ZgBLJdUlQ7KXlbHMjUxZcuz86ekXzACdfxN5DYZpY6CIi8\/OzJXF5AgTQoOd5puraHpr18IaZgXmA2RqTKfj64kDI6T7W7bjHfT9+hkLO48g7mbNvhXDWfuvRgY9m98Q1x0yazez6cTT3fFKqDNBtWUD1JyjqZR67ZGiVu8syyAqypnHnpFiLhMMUyO3WhIwia6hpbbEWvZH\/sFNkwGDG3OmslBRugeSXPjj3UzwqoQRsQdIGz3Qng5gn6b4B54YaBcds6Fg4WsGo\/3EnbiNaTDRN13Y+IojlPcVK0ElIepyIWwC7ZP67hmgSIqGpBF7tfpkr2Ci2QMf63jbxD\/qay+z84U5Phsx\/yp6bsRjKHaCepenNhajntBUN28HMhNRzxc2E1thxrf7rC8AjlRaSOqNLP79VJzt+zhV0hnQXgvzGhmaqEHgsoQJvTtJVQi\/jEjTWBV\/uUmBLTGI8ITpb1nBrEzSAEJW5H6a458VxtnyGH884Y1xyojGEVOAF3cHAPWhpDLTOImiyvUVg2PsiKMsofjYG7fsxoiSLV8Gxir0hZ\/LVXeNfrB44JjRg6secf0QQjXDseoT2bXHOcbCi88gv48SotwgOtT2c\/QWQidxHev0YXqq7Kpua4HhnUbFXmHQah9ZoXBZNvHL7pHrRwLJVZz4cHZD4\/Ttzcnovids9AXICddXhSUChqf5Ij\/8QHDpOSUoCBpe5b6b\/ON6WRqx7JRFj5SqiPx4PEBArHAQfBXeyWxj0sIy0G30Su2TQygwugx+A55sUfpOrfDx0ySMmOmUfjIHE5X53rLmT1OfqY9QVCiwzY2SgSbrI6w9eFbie32jMw3wlRUJ0vnLeq8daPhXPy27CQycBLkhZDx4jyq4WxsHprtdOC4L\/oQpTNkg71SAEwv\/vRjvhAAESZEsSwLeJrUZjGPCCmdrpikCyp1GqWXPr6g2LLjYh55g58h3idnnmlKZlcnMzKJOMRxfVIpebHgluXMdZVngpDLB6xwtZecNZWPGg1Qqz98Nt+tJXGy102YvFu148fL\/wAZl7XUYASJyTj1KUGp5270h0+k+ceGHg3fDHLv4Mjzu5okoWLo3YnDYJLp0RwelQ68nkSmBYfzSeMJZIo5NQ9V2VzkO+yUwpI0peX26TQheZJQ07lPJotNG\/mlKCwkqHBv6D2CppXEFxm2NXWCoRW99M4SIRfWIT2f\/5Z"}
@@ -306,32 +306,32 @@
02121{"flow_id":60,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":149524,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUujtAADgGBpvfGmpCwKhzCABQxTtKZwK1LgIykFAQAB\/7cQAAWoM3RfFe7\/6nJJLoAyAPlkOUUKQgnCJGKTTT9eItOdGfuVLXa6lpi5p26R3VdHV8CrxhNmEGq\/qvGEgGxrvliVchyJ09Avg8a0KJmfXEvdXq95RuJ7A\/CX4LBSj6L96UENB8nkhnIQwuVsOR05\/0\/ylDkFdInlFBmnIzB4i4sSG1Q8NnhNeNxAnefOmnf8EZR1l1kY4lruW16kFVzEZHlhUeH3w55mczcYyE\/+8GucLXJXm+juoFAg3WMDcRJhCP0crq3hANgkgNhmrB\/fMWrjtm+zditBt\/YSewZP1Ex1FhjpEZJThEJH89zv3C+sDh1JELXbYbP\/3HO+jRi9RZvcuB7DU6IPYhQ+qvscUXJsrRGy5TovaLMq3d9Z3pE6dklZ11FoJgGHByfWAeyiCmC9mkeCJcjEiTYUgid4tend\/GI\/yMKr0rtooNXvfNgrV7QOH3rd2NbXtqlugVzAk\/h\/tuzszMJ+z8mfg5KNFb6F9mlsXlftM8oYfYAVzASAPQVnaCuqWA0GpZDpDIwOLsSDel50OyUpfvYoQOLIY6iutGj5IjIH4\/rNLqmIwmFXOXeYtvbWMjMZJc7c+OXeSCzGgLIFms9hxich8sdJskJaE3sGRK+KZjD8psqDVmrA4BWK6TdLAdgGd6JMEd\/8XvQnlrfmyMibdkPbJ5RsOQk0Dd5Hjd30xSkPXupSQL10DGY9zCdABLXUrCYNbunhREy8LrnWJ9DPV5gScId8YvPr\/REZnem2MXkNk1ByLuCoHTaPK1GzNQTddD4A+NqEvEtKqPeVFx0qmmvt4DPe+rbLcda3MBV2ih9qbcN9w1jzYPpunTaqiF9eA8zBYZaIK8kf1g8\/OHc6S065vaMpZthu7HcblcIkvmegzM8vZcqwc\/DieINGxDShWRtJuwi31HrVEqhbOXPgNedfij5BfGWgu\/F\/8+ZSgVhF570NuBgnr7IMGZkiGbBKFAEhd6hB7\/w0FO4oDgxZ0GdM1+SAW+vX+Nj0C+HgzqPbd9LzbhCKMmktUjE6AFpql3T00LRvOfFuqE70iOZj+qW6Vc2sEAvtJp\/qnfRGewG9EdZHmiIRQ9Xmc1FBfoM7gSQ7W1xFg3WCGVudOnLDlS5yWTwD62bBDvbYbfnTRC2GRtsLsefcuhIgeV7if+Y0\/c8jBSXLW+4N4iFuosOJlMsXhCS2zIecDJ44YNpoqqMInswi98rCBF6Qth8VWQsQYAH+CZtdDexlMpjOCaPM5OOhnd3SseZ01uVP0wjXUb5gNmnuIOteAJgLA02tf+VnjhYWlhvY1TVeHfIu6QLWQrHvhpz9JLoUh\/pwPpUvoppeUvjctwOVuV+NwMOpX9HWXhAKQov41w7ggk+NaTatfLoFc777BC2lmWRrjmhx9moxhUGPw8lqw5O8QWehphoLv6w96t+Q3bZktKHo1HMpbbnm624Z5l9BmnqtqzbuW4hHtIU32mVGSuKMDfquzMFZP1I+xci\/V\/3O2kqvTWQAWT5j1dzvCP\/5V5rd0m1e1Fr2531Tq72C7XF+XuamqIjh5Y0i72Opai2wE3N6PoYwVd08Kz8B79Bpv4mxIffzaAGymt1CdXnI+3iVzpHibFS6T29PusRPo8Iwu98gAqlywZMAFKJS7rzyX8N4CoZlRN1h6dcgr1i7oKiYPcKkg6cCITKnnO"}
02118{"flow_id":60,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":150493,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUujxAADgGBprfGmpCwKhzCABQxTtKZwehLgIykFAQAB9xFQAApoCLD1US9HB5G1z0SEyO7i4evF0s4C+RDeRjJpWFve9JpKCIHIZoDO3KjDLhGdG9R82amhc7JF6zXFImaarGVpwxehT149FzUxYjoVGOHU0JJwEpjpLhHu2Yf4Lk\/6WEkdChb3RxmbgnTvZMwBWOBH+KZ\/i1POORjDzNw3qZ\/M0WVymRiqYD8TymNMPiudz2lUSjWVXxqgavvWCM7CI5x4gfH6NVDJUySpu8Mfq7XrIDz7CFFJedZKpTJUWVqw020vsjB7PI3dVJZFiFyN3okv2PkjApd6RsrSAbOCHIOrNAF6k1vzDwvZHfzK+1u7G6pXKyPehJfBahZg3k78KHyHVgp+L4rzc6dk4Jim06r8CbVD7BEWRBGHKL7WHO7XP5\/w32LqNL\/tE7aMmGOIzE1gjJ77m\/uBcy4wKONNWTzMLomTDSNeUq1wpPl6QVkEYfbB6k+DoeFv0ErRjajaX7\/96QWXSxeTY4wzJqgQzLNcAzWLsro3erJm\/4qiKkBm2tmGuH\/h8mPnybo49FsJwZhKyIlF4qxzg7M\/CQmcMv5xItzwhATfv0q6EoRTjQm9U4QbnVd7Cs+Hbm5JHjiWv86XANjf9snZpXelDTYafVqNbCzHtgFJKJxECIRbRGnWE8hE9nqtne83N39JFJkbShFr\/sJywujxvBKYtz+fo3SVvQctBfiCaOTmeA+WfV2vMNO7PjPDE\/qfGk1L4LG3lCcZ3SPiaZ05Gk4noMbtD+R+xXQ9F7uBO5ZE3VZ9EUzB2jfGth3ta16o66z0tnadICRciFsQ\/dwBPDxuqW8+xiyqDM2CnoLh5qWpMY7PiizGnV7TqwGLfN\/3\/mz9bxlAsxI5JI1OhHkdHgATE1hnJjOribsuZ3DO90nbpqjaibAo+2g48ewzTozPSSJ2oJYqbCS6HG6qfgCNvcF7xmXKqZqX3Il20Sm4MM5wvYHFwSjPwEsdZsnlhqj1T8sgWVqY9eKSCpHR5hwzHkCkKx7p9H9F6xNQqMt4Y3ZAx5x9ftnCvNmPhHfC\/I9W2RUG9MEo2KqHMYi0srHuf1aXh+TDezDh\/VCEJXPVppW6vRUxhVMT2JyXQsaN8viAfxcvXZNP7D1XXMDLqVPwvvbJZju5DfbISgI994r6nHJYD7XGHt2Q+qs3HZnFHgjEPWYZKdE7JyGJigIO3iGGit\/U+FTEbeCrBBwk91Tnfio6FNvxK9ZTBphbKQzLW\/6qG+dJKGNvOIdtCWdW+czXbkRMyA3G2hnC5NukHvL8X0UKFEihu3n4+4uYl0LgIgx7ntGZvoIvPkzlKYCe4ed6TgiWg0I8XQZPFSCHjk3LF\/70830gAAAwNoRekkDVI7WSNTBR77Ojq\/IJ0JtSqf0ehab11e53piSOTUROP2DLos339VvIDeHCry7I\/GS3EqZrMLyz8VFU0dtnEhDPg8uSKHDsVMcaE9Tm8bkEX00H8jfOnSffJOaNYqmg1TPajV39XAk6gWG6kv+m\/jKsxVhlzJaYZBDIERzExojuGSH2KaZqs52pEWCvSohxFxMkLYXQkx1H2keVxmsXqIi4nrcvTcloSER1twteRlNmCb9\/lVQqWJaJSoigCi5E4YwYvOg2QX2rvmEgxOa3CJrdy9qqN8WaVjo00OFPcz3CKLLE4eFY4\/WJXsDmlE2cw4YEcYt+Bknj85"}
02120{"flow_id":60,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":150495,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUuj1AADgGBpnfGmpCwKhzCABQxTtKZwyNLgIykFAQAB+naQAAYU84k7x7ndUTNRYwxzzC+8AwF+DC2A9Z\/HWG9YnLUmuxXOeFSnSKV9PNy\/vuudcnT+5mgJxvcQVIDWx17UKgL9\/ED75DX8R56XqPJUv8WOoxFk3CIGU3JD7pllvjFTUrKYwmZmYibcB0BeG+h+zFJ8pSgomuDFmOmEmLD2piCh10AdeAPUgrcq61VM+j9JrjS92oaJ6Dbp8xhdxs2cQrSV3YNGUWa7+RXtP3rjE3Tp46NYSZuHpY2rCArlskC8pfZNbEJbAg7lfWT5ZLDrHXYiepq59Wqr58QSiWsyIH2yKICz1FdguQdNAr3JIEFKLLlV5v4oXHlWuwyeSmr3sVFeWr7toMS+hwbbv0J2AzSnUq+atYLOY+anYH9NdlpXY3TdkKJZ4daQwjArmz7Jsh6AJ7zjJxVZ6lv+36Nud1EUewwUMYHO3GjfX9KCN+CAQJRI1oSjwkZiKcj4KNSgxJpy0\/6oOkeHNJ+LwJlgWzMfSFCG3nGfJJlAFC1DZiGfuAIghMz6Z\/\/cEcEhyzEu76QXKlqlP\/\/xsoZ\/9nMItBD6DsM5kRZQKVIvczDCCoAzby9fVo3uhw7liCu0bW62wOhtUpK8frj5gEeHTr00lR2gk8\/pldg3an9YpexK4O09C7E1N9DA4FE6xgQCE3tmzwVvz015DtjA1I5ZBNy1j3YMAuLk4exIyEGfeQaLN3BiCg1ueAZU74q5b2FARENEFzHONHke6E+SSZnR5l4JHP4jNjCFTVBUinLS5YlU3cqn0G9XkoUKQoBYH2id0lg8HbJNOXwS4jguR9P72chRy7bEjgcQwMo+8o6jXHD5DsTrDYRaHVzLjDtR9cEyB5geg4czbsSZU\/+FRx+yTSvxJWcic+1EuH7CNpT1voYrL55UaM+eLdPzz9G1uPgAtkAWuUt5\/3P8J\/KZodJzZSc+HisCSi0674GM2U5DIa\/hJLSi5qVuv8CZyBHNDBTMM5xGFhw\/rWX1ALDKjX2o+QKrXk9oJdzGh4+0ZWd233npUeRtyZ1Y2PspWOBdGaObqAT84bfFBPk9MDIy41kqmjpxUgl\/AV34kT\/4PpRlCw+kSojMC9c5I\/AkOLS8BmsJAHfNs+5SVWAWSfg123K8RGHIiLW8MpVs\/hZiglehLddK4qlTUKsZuhvFbGvy9463zGfodOjxqRWKv2pUH\/e4JofIhj\/58LG2n0Tj5a3+naBBPG0Z3CxDHa+UevoxY47Mtm31KFo+Ju75jCZmTK+vLKSxIp3DhXByBo6SBb5wqH7pH1XiB4E5pk9kROpjWnPZokVK5BL3MKu9k4zPx6PYY8gYFX0cVpPsRExtgCfaGVSFijYhrkPKRVi3XdhQap0x082cmQcZhNH+3gAUyF0zS\/ra4xAZPL8cIy4xMakcPrjcdv5c9bfZYz5ZCIEvBqEefyLesgjhMia35KUf0D35QDNapwfhqSKdrhFZuQyMIfyB6VY\/F1bWCXN\/NMO+tWIR+ri69IlSkmUpuhFsNY83+O51CdYbz45dERgKHUFK8DLLeeJ\/7G1Kl4C6CHsrMXS4dgfVF8848ibDed\/kVrUl38MtmIaY86EtWuX5gJ3KD0MCHT8RZKU3ZpYMoMCgRzgPJbxnxtpsQdesjngxo2ldjR90vXRAgr0iU6polMy4NGLWtM2aiWpRntd\/q7OA2YYTue"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1467353157433,"flow_last_seen":0,"flow_tot_l4_data_len":355,"flow_min_l4_data_len":355,"flow_max_l4_data_len":355,"flow_avg_l4_data_len":355,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1467353157433,"flow_last_seen":0,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00858{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":433680,"pkt_caplen":389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":389,"pkt_l4_len":355,"pkt":"TF4M6gNlABxCjnAxCABFAAF3D2lAAIAGOZbAqHMIb84NA8U8AFD\/xaF06zAEllAYAQRGTAAAR0VUIC8yZWZjOGNkNWZiZTBmNGVlNDk4ZmIxYzJmYzFkZThiNi92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P3F5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiBIVFRQLzEuMQ0KSG9zdDogcGRhdGEudmlkZW8ucWl5aS5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLWNuDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBIQ0ROQ2xpZW50X1dJTlBDO2xpYmN1cmwvNy4yNi4wIE9wZW5TU0wvMS4wLjFnIHpsaWIvMS4yLjU7UUsvMTAuMC4wLjI5Mw0KDQo="}
-00851{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1467353157433,"flow_last_seen":0,"flow_tot_l4_data_len":355,"flow_min_l4_data_len":355,"flow_max_l4_data_len":355,"flow_avg_l4_data_len":355,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1467353157468,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00863{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1467353157433,"flow_last_seen":0,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":335,"flow_avg_l4_payload_len":335,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"pdata.video.qiyi.com","url":"pdata.video.qiyi.com\/2efc8cd5fbe0f4ee498fb1c2fc1de8b6\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1467353157468,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01601{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":468345,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkD3JAAIAG2tjAqHMIymwO7MU9AFA84A6MMfAazlAYQTez3QAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNTcwNDYmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01162{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1467353157468,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01174{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1467353157468,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353157046&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
01032{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":475501,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDRAADMGDUtvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_tot_l4_data_len":423,"flow_min_l4_data_len":423,"flow_max_l4_data_len":423,"flow_avg_l4_data_len":423,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00950{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":509654,"pkt_caplen":457,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":457,"pkt_l4_len":423,"pkt":"TF4M6gNlABxCjnAxCABFAAG7D3xAAIAGbLPAqHMI3xpqQsU+AFB482xgj\/e7VVAYAQRcuQAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2P2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQpSYW5nZTogYnl0ZXM9MzQyNDI1Ni04MDU3MDIzDQoNCg=="}
-00922{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_tot_l4_data_len":423,"flow_min_l4_data_len":423,"flow_max_l4_data_len":423,"flow_avg_l4_data_len":423,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
+00934{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1083,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4v?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
00605{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":533198,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5zsFAADMGa3TKbA7swKhzCABQxT0x8BrOPOASCFAYACB8+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU3IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_tot_l4_data_len":423,"flow_min_l4_data_len":423,"flow_max_l4_data_len":423,"flow_avg_l4_data_len":423,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_tot_l4_data_len":649,"flow_min_l4_data_len":649,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":649,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1467353157509,"flow_last_seen":0,"flow_min_l4_payload_len":403,"flow_max_l4_payload_len":403,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":403,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1467353155790,"flow_last_seen":0,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01032{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353157,"pkt_ts_usec":718565,"pkt_caplen":517,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":483,"pkt":"ABxCjnAxTF4M6gNlCABFAAH3iDVAADMGDUpvzg0DwKhzCABQxTzrMASW\/8Wiw1AYAB\/SLQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOS40DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LUxlbmd0aDogMjkwDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQp7InQiOiJPVkVSU0VBfFRXX0hpTmV0LTExOC4xNjMuOC45MCIsInoiOiJ0YWliZWlfb3RoZXIiLCJoIjoiLTcyIiwibCI6Imh0dHA6Ly8yMjMuMjYuMTA2LjY2L3ZpZGVvcy92MC8yMDE2MDYyNS9hNS9iZi84ZGU5YmI5NDY5NzJhODg1ODlkMTY2Nzg2MjI5MjEzMC5mNHY\/a2V5PTA3ZWVmMTgyMWUyMzc5ZDMxMzZmZmUxNjA4MjE4NWJhMiZzcmM9aXFpeWkuY29tJnF5aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcXlwaWQ9MjAxMiZ1dWlkPTc2YTMwODVhLTU3NzYwODQ0LThiIiwiZSI6IjAifQ=="}
00578{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353158,"pkt_ts_usec":696520,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHIAAAER1v7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1467353159222,"flow_last_seen":0,"flow_tot_l4_data_len":289,"flow_min_l4_data_len":289,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1467353159222,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00769{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353159,"pkt_ts_usec":222383,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"pkt":"TF4M6gNlKDc3Alz6CABFAAE1+vRAAEAGNqjAqAUPROn9hf5nAFAhJnFt6cGPtIAYEBWfeAAAAQEICiYbloUrIzeaR0VUIC9jb21NYWdpY2FuQXBpL2luZGV4LnBocC9Ub29sQm94L3ZlcnNpb24gSFRUUC8xLjENCkhvc3Q6IGFwaS5tYWdpY2Fuc29mdC5jb20NCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLXR3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1hZ2ljYW4gKHVua25vd24gdmVyc2lvbikgQ0ZOZXR3b3JrLzcyMC41LjcgRGFyd2luLzE0LjUuMCAoeDg2XzY0KQ0KDQo="}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1467353159222,"flow_last_seen":0,"flow_tot_l4_data_len":289,"flow_min_l4_data_len":289,"flow_max_l4_data_len":289,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1087,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1467353159222,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/index.php\/ToolBox\/version","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
00859{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353159,"pkt_ts_usec":428529,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4t91AADUGhHxE6f2FwKgFDwBQ\/mfpwY+0ISZyboAYABs\/NQAAAQEICisjOHomG5aFSFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6MjUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1467353159731,"flow_last_seen":0,"flow_tot_l4_data_len":396,"flow_min_l4_data_len":396,"flow_max_l4_data_len":396,"flow_avg_l4_data_len":396,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1467353159731,"flow_last_seen":0,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":376,"flow_avg_l4_payload_len":376,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00913{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353159,"pkt_ts_usec":731502,"pkt_caplen":430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":430,"pkt_l4_len":396,"pkt":"TF4M6gNlABxCjnAxCABFAAGgFhZAAIAGZjTAqHMI3xpqQsU+AFB4823zkD5tZ1AYAQS6ZwAAR0VUIC92aWRlb3MvdjAvMjAxNjA2MjUvYTUvYmYvOGRlOWJiOTQ2OTcyYTg4NTg5ZDE2Njc4NjIyOTIxMzAuZjR2Y3JjP2tleT0wN2VlZjE4MjFlMjM3OWQzMTM2ZmZlMTYwODIxODViYTImc3JjPWlxaXlpLmNvbSZxeWlkPWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnF5cGlkPTIwMTImdXVpZD03NmEzMDg1YS01Nzc2MDg0NC04YiBIVFRQLzEuMQ0KSG9zdDogMjIzLjI2LjEwNi42Ng0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtY24NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IEhDRE5DbGllbnRfV0lOUEM7bGliY3VybC83LjI2LjAgT3BlblNTTC8xLjAuMWcgemxpYi8xLjIuNTtRSy8xMC4wLjAuMjkzDQoNCg=="}
-00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1467353159731,"flow_last_seen":0,"flow_tot_l4_data_len":396,"flow_min_l4_data_len":396,"flow_max_l4_data_len":396,"flow_avg_l4_data_len":396,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
+00937{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1089,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1467353159731,"flow_last_seen":0,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":376,"flow_avg_l4_payload_len":376,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"223.26.106.66","url":"223.26.106.66\/videos\/v0\/20160625\/a5\/bf\/8de9bb946972a88589d1667862292130.f4vcrc?key=07eef1821e2379d3136ffe16082185ba2&src=iqiyi.com&qyid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&qypid=2012&uuid=76a3085a-57760844-8b","code":0,"content_type":"","user_agent":"HCDNClient_WINPC;libcurl\/7.26.0 OpenSSL\/1.0.1g zlib\/1.2.5;QK\/10.0.0.293"}}
00929{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353159,"pkt_ts_usec":746513,"pkt_caplen":443,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":443,"pkt_l4_len":409,"pkt":"ABxCjnAxTF4M6gNlCABFAAGtzXdAADgG9sXfGmpCwKhzCABQxT6QPm1nePNva1AYACEkXQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA1OjU5IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiA3Mg0KTGFzdC1Nb2RpZmllZDogU2F0LCAyNSBKdW4gMjAxNiAyMDo0Nzo0OCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkVUYWc6ICI1NzZlZWRmNC00OCINCkV4cGlyZXM6IFNhdCwgMDEgSnVsIDIwMTcgMDY6MDU6NTkgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQoBAAAAjem7lGlyqIWJ0WZ4YikhMAAAAADA8HoAAAAAAJ0fBgCdHwYAAAAgAABAAACfagIAEAAAABkBmvdUqrt6QK4cKbQBDrk="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1467353160157,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1467353160157,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353160,"pkt_ts_usec":157492,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAAClHaUAAAER5dDAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1467353160157,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1091,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1467353160157,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00578{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353161,"pkt_ts_usec":735509,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHMAAAER1v3AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00582{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353163,"pkt_ts_usec":154498,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6bEAIlAI6CABFAACljZ0AAAERddjAqAUw7\/\/\/+vm6B2wAkVW0TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00658{"flow_id":54,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353164,"pkt_ts_usec":710381,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"TF4M6gNlABxCjnAxCABFAADgGWBAAIAGNr3AqHMITeooYMU2AFCms76HkbqDeFAYAQQ1xQAAUE9TVCAvcHJvdGVjdG9ycyBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LWVuYw0KVXNlci1BZ2VudDoge0Q2OTkwNTRELTE2OTktNDdEMi05QjJCLUU5NkY0MzhDMTE2MH0NCkNvbnRlbnQtTGVuZ3RoOiAxODc4DQpIb3N0OiBiY3UuZmYuYXZhc3QuY29tDQoNCg=="}
@@ -340,85 +340,85 @@
00578{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353164,"pkt_ts_usec":734846,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLHoAAAER1vbAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
02110{"flow_id":54,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":19442,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUNK5AADYGYTtN6ihgwKhzCABQxTaRuoN4prPGlVAQAAIz+QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkNvbnRlbnQtTGVuZ3RoOiAxMTY1OA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQp9tKi6HoyB17A9ZgYHZT4XkxjHMZq9K0eZv9vajXQrNHlusESdtzot5XVzGW5tIOpFrpywuw9UNW0pu1TWgf4ZlLX2r3s9ckfIOf0xxXUvvSK9rdWmvQukszqkdwlUapwYKf9\/Gpx+V03wsuVwwY2emY4KWXaoeN1C\/ZKVvuL0CBPD3pQAQK4rprN3uJJBX5KwPf3uCp5pOGeDRPnxlcKg9k1hqcU64Ealo2W55xN3ieCbqEqgI+cVfYgkcL1ReDhNxE5a8W8SgsA50aztK5X1r0KlTBAMycZUJhpTYa\/3RfY99rC1i8jVfGj\/4pWDXa5o0SjrgCnpKBU8tI6OEl43vL51cVLvWhRUDGuoKtnFrAFEerpN6Okw1W7oyISBPkRI03wdIYL3Fy0LaGP8N6gLEIp+X2vWJz4OJeJru5YKhxGnvQHidE7rbiWii50f0dwlntwyLebWh3ricqqtakSMESF1js1NaxTLdplaukdm3lIG5iurS8Qurn4Qstud8ZLb0TOciEqrMcFMHTnQplcmf4AFSoYsxK37KXgplf60ozFbJgaRAQjUJYTc+uby7uLmz1G5RBzd3Qf\/lAzHtprkthJCUJQgQ+d5CXU4S0KOietw\/I\/RfrGAuquacapDO0ieO1yFAm1k97cyhvccd82BOx7IHdIT5+MW8NyqQEtavcPa9AxxgT2+T6DdKALOZ0iZ\/CUrkrAvUIkdx8iSNObppFa2srlM8Ym4bTUZnkQRaLLnBweJHQfpYDJe6hNOp7mKkCyDdh8twVsre9l0Y1fIHzmof4HFvmuAqhniMeH0TLVeTGq4pNiGOVxGvYFj64F\/9+Xx7CgJAMH1K\/h3BKbhNgPqz5C6A8v1RkKzcWfcSShf1m8rAMGwk67Uu77jHObr8Gm\/ono69MiLLvyMDVzNUYjiba4qVRXUpx3MfelIFbACoe7BwLm\/4u2OuyDWizh0LqKvmz73H6YKNj5opE1Ym5+xOaGtROvQbQrI4egW5C0P4g31wttBCoUwyk+60Bt+RP85h9ap+yQ\/aS83+Zp5T5IgpXOoKP0VD3xqNH3gFqeP7+hq5z7SBgs96Y7pAFTwg8D4quMYzfVrq\/3VJbzdbIZl5uM21FINfbZpRLEYiBUjC5zojT4znMr0f7J5h4j2yWAdcdJkwGxIFgDZtCDLGyQKwer4H3gj1ppM0RRAuNC9bP9GwB1wLad5gI5TMCre8sqThvw38tCeWx87kyCWNY1VxkxW47y1w3DT2xYLygJAMvuxacaPucRZ+SjtaaHH\/BM2ygOLZEMOkX5ZuhoLGkiwT6BIHa9kPgDxC\/95ENWwboGjrWZITX+fhBj\/kyQhaE3UkS7HL1ePs+frR3h3yUhMbK9\/SbRcKeZyEbw3gDHfChHTErvrw7e87a8nXJCH3y5YCtUgyq9WpRMLxm4zVIUiKNFxLVSwPBmu6xGhC1unEw8kRH+V"}
02123{"flow_id":54,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1099,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":19443,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUNK9AADYGYTpN6ihgwKhzCABQxTaRuohkprPGlVAQAAIjQwAApeDMo5L42kLlEmWe2\/B3R4UjtfEwEqUUvKjfIbiCww\/edTn2MqC2cAX0C1PFBCjO2P8QoR90wad9amSf7kRq8kSQh4f0WfqvGxcQIeXL56yLrjEGc658gVmGSNMpJxdmwOIaGhMZ5kMkY\/W9dd2VslqwCgqY5GNNUO4YWVGjkx81pmhNsDOnHCWRT8BE1Qc53qjt7CpYAMMTJXkyeR7MQ5Q78vInzVF7pTiIGL6iDkqmcY2Gx30UcuoAGvMy6kzemEU4mFtR7lPHKqKy\/LKX8mjbpoT11Cnhtq1OhtTw2R37IiGGXNABgvH4lQPHsDjMzu\/2SJPeDeoHIA5KftboMDbTwTPNB0fRMc\/VfmPWQKB9mnLc3uw4UCN6FMHWhycD5fEy6dEcThVjMoyj4cUtznjm79Ov7qmTGoqtxFkQYApxQU5YW5SZL4lfamJ3Bod2QrbY0ogtjQc+cLG\/qaze40u\/Dxq0W8zJtyyx6QSntlthqy2S3qIRvb0wem03m\/vU7ReBNJUOZpLEaH\/friK7\/6LT5VSKK05EEzrioNW0tywcrVkCzMIdg\/NHwhcRsQ6TnM5NHT5jexjRqG0PDDmRbkw\/t6hSjBGeT29hAMfJB4PAmeXw+TaN8VyIP7CSsZev68vvHrXCyBbe9MnvPmZUq0f7DfZT9Y5F3l1OoYSwIYElepsH3R3tUqYbx2EiTDyJUi70Se\/BEn62xDuRyhTx\/RrIzqRn2c4cWGZ4VrkmJbl4Hw1et9X0I7P4i8IrV\/dxYsZmwVb9RHzZn8XvpgVUAoYLqvA92wUgCIXs2BJeo38IluEzw3Hu04XHhX7HLBxLTIG1+7FdhsJhT7I6RkfN1Xud2jEz78IoOtpLWcvZBrJvQ1ckxD2fl4Gr2Q1i4x4NSz+X8EXYiwIGVr1QMs\/X5TLDcXxIT8ORJ1AguUpfEgivI4QSSFM90ZB2gXInngvJgNpH28CoMTx7FbsON3gwbNcpM7aZ9NfeVvBKaDQiHBXh3FTcNVoTTV6hK3gbaaQzUOu68XBj2zzSs+Mz8bGXnmwJj6O\/dqY3hHhxcAL4vwnqdCYB8TmET1D9fNNL69SWHea+HcIsXksjbYdMGr8JtNTlr4Z+Dia0xF+P64xjNjoc0HH6nZ5z9ejgzMzD25oIQ3s\/MIekEsdUePIc1zgsQLEmT4yrKJr\/hh9a05ALkctX8VTXA3n8Rl\/MjiXKeyAxsZOy1lMf4H\/p8N2GY9mSKUOWKbevV\/wtb28KQ\/IzYfeRr9BMfC05oOZQCz24wqpcm5thbCROLILVWIqeS9G12ugTXYYzowso8maT2KwC\/BiT75glseOkVqPhksvxocUVZelbPs\/eO8tDEN\/0FJnPh6ZZbXPBhXcAxuWYUQyQbgzzR7XKtQj5PZPnEVEOh6vL1Vy4Yqrlw5Q7IspDfRN5HQ2ykDVMam7Tvmh70qg2I6xqRX\/TSiiy92gFze0oI3wXAcN4ILrHZRr5XICPlTFDDPIqP0PyVQC1Pwr6iU9WDUqAbXCi1tsYy4unja6Zqe2lchsuyA6q1zgZOU238tgb0nw5HmbTL\/WSUVPG4HVxZbssBz1uXnLAuSAf8mzmCVSejVMEThEtBCx\/mx7mMCxudJlH1o8FLNzQBE+qfOHTYphojjFvx8\/kTSmBbThBA2nFxU61iHPv9imobnSe"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1467353165300,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1467353165300,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01602{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":300743,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGfJAAIAG0FjAqHMIymwO7MU\/AFBSz4AccUHHfVAYQTf+XQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6MjM6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTI3NTU4JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1ODg3NCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDcmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01162{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1467353165300,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01174{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1108,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1467353165300,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:23:23|45&av=4.10.004&b=180932301&c=31&ct=5000000927558&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000858874&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353165047&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00605{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":410193,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NehAADMGBE7KbA7swKhzCABQxT9xQcd9Us+DmFAYACAMewAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA0IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1467353165456,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1467353165456,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02095{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":456243,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUGh1AAIAGeifAqHMIZePIC8VAAFBgEsEemWlGj1AQ\/\/DZSAAAR0VUIC90cmFjazI\/YT0wJmFzPTE7MiwzOzQsNSZiPTE0NjczNTMxNjUmYz05NjY1NDJjODJhNTY5NGQwZTk0M2Q1MGQ1ZmNmNWE1NSZjdj01LjIuMTUuMjI0MCZkPTUwMDAwMDA4NTQ5MzQmZHI9MjE3NSZmPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jmc9MF9hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZoPSZpPXFjXzEwMDAwMV8xMDAxNDAmaXY9MCZqPTMxJms9MTgwOTMyMzAxJmtwPTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4Jm49NDc5NTMxMDAwJm89MSZwPTEwMDAwMDAwMDAzODEmcT01MDAwMDAwOTIzNDQ3JnI9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImcnQ9MTQ2NzM1MzExMyZzPThlZGI2OTRjOGM4Y2NhOTIzZDNlYWU2NjIyZjlhZWU2JnN2PTQuMTAuMDA0JnU9MSZ1cD0mdj01MDAwMDAwODU0ODU4JnZlPTEmdz00LDUgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25K"}
-01260{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1467353165456,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01272{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1110,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1467353165456,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/track2?a=0&as=1;2,3;4,5&b=1467353165&c=966542c82a5694d0e943d50d5fcf5a55&cv=5.2.15.2240&d=5000000854934&dr=2175&f=4e3ae415a584748ac9aa31628f39d1e8&g=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&h=&i=qc_100001_100140&iv=0&j=31&k=180932301&kp=4e3ae415a584748ac9aa31628f39d1e8&n=479531000&o=1&p=1000000000381&q=5000000923447&r=c4889e64ad9d9eeb9ff438910850c442&rt=1467353113&s=8edb694c8c8cca923d3eae6622f9aee6&sv=4.10.004&u=1&up=&v=5000000854858&ve=1&w=4,5","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00663{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":456392,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"TF4M6gNlABxCjnAxCABFAADjGh5AAIAGflfAqHMIZePIC8VAAFBgEsYKmWlGj1AY\/\/BFbwAAc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
00746{"flow_id":68,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":492216,"pkt_caplen":306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":306,"pkt_l4_len":272,"pkt":"ABxCjnAxTF4M6gNlCABFAAEkdU5AAC8Gc+Zl48gLwKhzCABQxUCZaUaPYBLGxVAYP\/ygXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAyDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCm9r"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1467353165563,"flow_last_seen":0,"flow_tot_l4_data_len":970,"flow_min_l4_data_len":970,"flow_max_l4_data_len":970,"flow_avg_l4_data_len":970,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1467353165563,"flow_last_seen":0,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01679{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":563016,"pkt_caplen":1004,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1004,"pkt_l4_len":970,"pkt":"TF4M6gNlABxCjnAxCABFAAPeGjdAAIAGvYPAqHMIe31wMcVBAFAj7VXd5qVx9VAYQTcqlQAAR0VUIC9ta3QuZ2lmP2FpPTg0NTI4OTE5MDBjOTAzYWU3YTg3NjQ0NzkyM2E1YWVjJmV0PTAgSFRUUC8xLjENCkFjY2VwdC1MYW5ndWFnZTogemgtQ04NClJlZmVyZXI6IGh0dHA6Ly93d3cuaXFpeWkuY29tL2NvbW1vbi9mbGFzaHBsYXllci8yMDE0MDkyNC9NYWluUGxheWVyXzVfMl8zX2MzXzJfMV82LnN3Zg0KcXlpZDogYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOiBfMjAxMg0KcXlwbGF0Zm9ybTogMC0yDQp4LWZsYXNoLXZlcnNpb246IDEyLDAsMCw3MA0KQWNjZXB0OiAqLyoNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzQuMCAoY29tcGF0aWJsZTsgTVNJRSA4LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC80LjA7IFNMQ0MyOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuNS4zMDcyOTsgLk5FVCBDTFIgMy4wLjMwNzI5OyBNZWRpYSBDZW50ZXIgUEMgNi4wKS9RWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBjbGljay5obS5iYWlkdS5jb20NCkNvb2tpZTogSE1BQ0NPVU5UPTg4Q0M2OUIwNEM5RDYyOUE7IEhfTUtUX0NMS0lEPTAwMDAwMDAxNTlkYTE2Yjg1Nzc2MDgzMjVhMDhhMzc2MDAwMDAwMjAzNTMzNjUzMjM1NjUzMzMzNjUzMDM2MzQ2MzM2MzUzNzYzMzAzNjYyMzUzNTM4NjUzNTYzMzM2MzMzMzM2NjY0MDAwMDAwMDg3OTZmNzU3NDc1MmU2MjY1OyBIX01LVF9DTEtMT0c9MDAwMDAwMDE1OWRhMTZiODU3NzYwODMyNWEwOGEzNzYwMDAwMDAyMDM1MzM2NTMyMzU2NTMzMzM2NTMwMzYzNDYzMzYzNTM3NjMzMDM2NjIzNTM1Mzg2NTM1NjMzMzYzMzMzMzY2NjQwMDAwMDAwODc5NmY3NTc0NzUyZTYyNjU7IEJBSURVSUQ9MjEwMkRDNzUxRUQwREYzNkUzRDZDRjZDMjEwRkFCNzk6Rkc9MQ0KDQo="}
-00855{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1467353165563,"flow_last_seen":0,"flow_tot_l4_data_len":970,"flow_min_l4_data_len":970,"flow_max_l4_data_len":970,"flow_avg_l4_data_len":970,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+00867{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1113,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1467353165563,"flow_last_seen":0,"flow_min_l4_payload_len":950,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":950,"flow_avg_l4_payload_len":950,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"click.hm.baidu.com","url":"click.hm.baidu.com\/mkt.gif?ai=8452891900c903ae7a876447923a5aec&et=0","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00661{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":612050,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABxCjnAxTF4M6gNlCABFAADj3khAAC0GT217fXAxwKhzCABQxUHmpXH1I+1Zk1AYAIIWkgAASFRUUC8xLjEgMjA0IE5vIENvbnRlbnQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvZ2lmDQpDYWNoZS1Db250cm9sOiBwcml2YXRlLCBtYXgtYWdlPTAsIG5vLWNhY2hlDQpQcmFnbWE6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjowNSBHTVQNClNlcnZlcjogYXBhY2hlDQoNCg=="}
01602{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":616418,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkGkVAAIAG0AXAqHMIymwO7MU\/AFBSz4OYcUHIDlAYQRL3fAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNjUwNDkmc2g9JnNxPSZzdz0mdD1zdCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
00414{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":659884,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABxCjnAxTF4M6gNlCABFAAAo3kpAAC0GUCZ7fXAxwKhzCABQxUHmpXKwI+1ZlFARAILziAAAAAAAAAAA"}
00605{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":726907,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NelAADMGBE3KbA7swKhzCABQxT9xQcgOUs+HFFAYACQHagAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
01610{"flow_id":67,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":733979,"pkt_caplen":952,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":952,"pkt_l4_len":918,"pkt":"TF4M6gNlABxCjnAxCABFAAOqGl9AAIAGz+XAqHMIymwO7MU\/AFBSz4cUcUHIn1AYQO6GIwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9MXx8NzEwMDAwMDF8fDUwMDAwMDA4NTQ5MzR8fDUwMDAwMDA5MjM0NDd8fHJvbGwmYXM9JmF2PTQuMTAuMDA0JmI9MTgwOTMyMzAxJmM9MzEmY3Q9JmQ9MjE3NSZkaT0mZHA9JmU9YzQ4ODllNjRhZDlkOWVlYjlmZjQzODkxMDg1MGM0NDImZWM9JmVtPSZmaT0mZz0wJmw9TVRFNExqRTJNeTQ0TGprdyZtaz0mbnc9Jm9kPSZvaT0mcD10JnBwPSZyYz0tMSZyZD04NSZyaT0mcz0xNDY3MzUzMTY1MDUwJnNoPSZzcT0mc3c9JnQ9cyZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
00605{"flow_id":67,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353165,"pkt_ts_usec":845483,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5NepAADMGBEzKbA7swKhzCABQxT9xQcifUs+KllAYACcDVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00518{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353166,"pkt_ts_usec":729597,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"AQBef\/\/69AnYH69kCABFAAB0AABAAAERw5fAqAU\/7\/\/\/+pnXB2wAYBOHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnNzZHA6YWxsDQpNWDozDQoNCg=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00563{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353166,"pkt_ts_usec":729600,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"AQBef\/\/69AnYH69kCABFAACXAABAAAERw3TAqAU\/7\/\/\/+u4wB2wAg73KTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KTWFuOnNzZHA6ZGlzY292ZXINCnN0OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVJlbmRlcmVyOjENCk1YOjMNCg0K"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1467353167288,"flow_last_seen":0,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":660,"flow_max_l4_data_len":660,"flow_avg_l4_data_len":660,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1121,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1467353167288,"flow_last_seen":0,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01269{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353167,"pkt_ts_usec":288111,"pkt_caplen":694,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":694,"pkt_l4_len":660,"pkt":"TF4M6gNlABxCjnAxCABFAAKoG9BAAIAGqFHAqHMIJG7cD8VCAFB9qW\/gOgaPJFAY\/\/DRFwAAR0VUIC90bXBzdGF0cy5naWY\/dHlwZT1yZWNjdHBsYXkyMDEyMTIyNiZ1c3JhY3Q9c2hvdyZwcHVpZD0tMSZ1aWQ9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mZXZlbnRfaWQ9NGIwODY4OTIwYjBmODI4NTMyMGE5ZTAwZWUwMzY5ZTUmY2lkPTMxJmJrdD1wcHNfY196ZWJyYV9tYWluX2RlZmF1bHQmYXJlYT1wcHNfY196ZWJyYSZwbGF0Zm9ybT0yMDEyJmFsYnVtbGlzdD00NzA2OTQ1MDAsNDcxNTkxMzAwLDQ2NTY0MTAwMCw0NzI4ODcxMDAsNDcxNzg4MTAwLDQ3Mzc0NjMwMCw0NzE5NDgzMDAsNDczNjk0NjAwLDQ3MjE4OTUwMCZhaWQ9NDc5NTMxMDAwJnNvdXJjZT0wLDEsMSwxLDEsMSwxLDEsMSZfPTE0NjczNTMxNjcwODcgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLnZpZGVvLnFpeWkuY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQoNCg=="}
-01046{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1467353167288,"flow_last_seen":0,"flow_tot_l4_data_len":660,"flow_min_l4_data_len":660,"flow_max_l4_data_len":660,"flow_avg_l4_data_len":660,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+01058{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1122,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1467353167288,"flow_last_seen":0,"flow_min_l4_payload_len":640,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":640,"flow_avg_l4_payload_len":640,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?type=recctplay20121226&usract=show&ppuid=-1&uid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&event_id=4b0868920b0f8285320a9e00ee0369e5&cid=31&bkt=pps_c_zebra_main_default&area=pps_c_zebra&platform=2012&albumlist=470694500,471591300,465641000,472887100,471788100,473746300,471948300,473694600,472189500&aid=479531000&source=0,1,1,1,1,1,1,1,1&_=1467353167087","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
00605{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353167,"pkt_ts_usec":373818,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5WoJAAC4GvY4kbtwPwKhzCABQxUI6Bo8kfalyYFAYPAD9ZAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjA2IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1124,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1124,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_tot_l4_data_len":131,"flow_min_l4_data_len":131,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1124,"source":"pps.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":39383,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1124,"source":"pps.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1467353166729,"flow_last_seen":0,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.63","dst_ip":"239.255.255.250","src_port":60976,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353167,"pkt_ts_usec":734702,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLIIAAAER1u7AqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1467353170523,"flow_last_seen":0,"flow_tot_l4_data_len":1063,"flow_min_l4_data_len":1063,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":1063,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1467353170523,"flow_last_seen":0,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01804{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353170,"pkt_ts_usec":523889,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"pkt":"TF4M6gNlABxCjnAxCABFAAQ7HjFAAIAGHsHAqHMIb84WTMVDAFDdQoxSQH15t1AYQTfZKwAAR0VUIC9iP3Q9NSZwZj0yMDEmcD0xMSZwMT0xMTQmcm49MTQ2NzM1MzE2NzIyMSZhPTM0JmNsdD10dmcyMDE1X2JhaWtlQl9jb21tZW50X3Nob3cmdHlwZT1wYyZyZWY9bm9yZWYmdXJsPWh0dHAlM0EvL3ZvZGd1aWRlLnBwcy5pcWl5aS5jb20vcGFnZS5waHAlM0Z2ZXJzaW9uJTNENS4yLjE1LjIyNDAlMjNjbGFzcyUzRDIwMDAwMzcxOSUyNTI0JTI1MjQlMjUyNCUyNTI0MTgwOTMyMzAxJTI2ZW50aXR5aWQlM0Q0Nzk1MzEwMDAlMjZiYWlrZWlkJTNEMjAzMjI5NDkwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4gSFRUUC8xLjENCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vdm9kZ3VpZGUucHBzLmlxaXlpLmNvbS9wYWdlLnBocD92ZXJzaW9uPTUuMi4xNS4yMjQwDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLVRXDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFRyaWRlbnQvNS4wKQ0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29va2llOiBwcHNfY2xpZW50X3ZlcjI9NS4yLjE1LjIyNDA7IFQwMDQwND00ZTNhZTQxNWE1ODQ3NDhhYzlhYTMxNjI4ZjM5ZDFlODsgX3Bwc19pdmk9Vms0OU1UWXdOVEExTGFXL3BQbWhSejgvUDZUYXBFZW11RDgvcE0rd1pqOHRwTFd4M3pnd3Bsby9wR2FvY1NaV1VEMHhKbFpEUFQ4L1B6OCtwTFd4M3pnd3Bsby9wR2FvY1NaV1NqMHRNU1pXVXoxV0psWkVQU1pXVkZ0QlhUMHlNVGMxSmxaTlBTWldWajAxTGpJdU1UVXVNakkwTUNaV1ZUMW9kSFJ3T2k4dmQzZDNMbWx4YVhscExtTnZiUzkyWHpFNWNuSnNkblY0YkdjdWFIUnRiQT09OyBRQzAwNj11NTQ5dnB6MTBsOWZrYXR1bTRhbHc0YnA7IFFDMDA4PTE0NjY2NDU4MTYuMTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE7IEhtX2x2dF81M2I3Mzc0YTYzYzM3NDgzZTVkZDk3ZDc4ZDliYjM2ZT0xNDY2NjQ1ODE3OyBRQzAwNT1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KDQo="}
-00980{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1467353170523,"flow_last_seen":0,"flow_tot_l4_data_len":1063,"flow_min_l4_data_len":1063,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":1063,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
+00992{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1125,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1467353170523,"flow_last_seen":0,"flow_min_l4_payload_len":1043,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1043,"flow_avg_l4_payload_len":1043,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=5&pf=201&p=11&p1=114&rn=1467353167221&a=34&clt=tvg2015_baikeB_comment_show&type=pc&ref=noref&url=http%3A\/\/vodguide.pps.iqiyi.com\/page.php%3Fversion%3D5.2.15.2240%23class%3D200003719%2524%2524%2524%2524180932301%26entityid%3D479531000%26baikeid%3D203229490&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident\/5.0)"}}
00606{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353171,"pkt_ts_usec":307497,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FgtAADMGd2lvzhZMwKhzCABQxUNAfXm33UKQZVAYACEI\/gAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEwIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1467353172446,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1467353172446,"flow_last_seen":0,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00725{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353172,"pkt_ts_usec":446185,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"pkt":"TF4M6gNlABxCjnAxCABFAAETH7ZAAIAGCbLAqHMIFymFo8VEAFBenvyU0fNBYlAYAQQxqAAAR0VUIC9wY2EzLWc1LmNybCBIVFRQLzEuMQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDI0IE1hciAyMDE2IDE3OjQwOjA1IEdNVA0KSWYtTm9uZS1NYXRjaDogIjE3MjE5NjllNzMyYmNmZGRhNGQ4NWMxNjM5MGViYTcwOjE0NTg4NDI1OTciDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzYuMQ0KSG9zdDogczEuc3ltY2IuY29tDQoNCg=="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1467353172446,"flow_last_seen":0,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":255,"flow_max_l4_data_len":255,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1127,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1467353172446,"flow_last_seen":0,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"s1.symcb.com","url":"s1.symcb.com\/pca3-g5.crl","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/6.1"}}
01464{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353172,"pkt_ts_usec":450172,"pkt_caplen":839,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":839,"pkt_l4_len":805,"pkt":"ABxCjnAxTF4M6gNlCABFAAM59KBAADkGeaEXKYWjwKhzCABQxUTR80FiXp79f1AYA7JdXgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KRVRhZzogIjM2ZGFiMGNkZDA1ODVlZmNmMjhlYjY3NzRhZWVlOTJhOjE0NjY3OTc4MTQiDQpMYXN0LU1vZGlmaWVkOiBGcmksIDI0IEp1biAyMDE2IDE5OjUwOjE0IEdNVA0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoxMSBHTVQNCkNvbnRlbnQtTGVuZ3RoOiA1MzMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vcGtpeC1jcmwNCg0KMIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDYyMzAwMDAwMFoXDTE2MDkzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBAEI97eVcH1DiB1\/0Bno6J+K8HusVe3cUvr5+fyScH1zXRcf7c5djWYgN+SuML4v70NdV\/FuJwb2d1nTAPxF1qboQaHggi98zdzXj8RwrHgS5mm8yRgjh5Xn7nIaC171csZuQguJ7tmZuJ7r76UMkne0JyJ14wsSf90xX+g\/a\/dFyP90Y6ni5xSPgpc8d3Zgw\/EfU0UQm\/T+f09jhD1\/1X6BOBM7pQUZMpb0wu+RThkQxkoU7zdqSaSWoF1RKiDChBGCnoysqx+p1d9U16eVsZvZ0VQEVpSaXicfzrXu+tMxjeZnFuPSglD2NZ6ZxRQtvm2pR35dtCeWkmxI8I6zBG3M="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1467353172912,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1467353172912,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01602{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353172,"pkt_ts_usec":912736,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkIBFAAIAGyjnAqHMIymwO7MVFAFDpA4X9\/kkVyVAYQTfM+gAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxNzIwNTEmc2g9JnNxPSZzdz0mdD0xcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01162{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1467353172912,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01174{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1467353172912,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353172051&sh=&sq=&sw=&t=1q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00604{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353173,"pkt_ts_usec":18400,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5BZNAADMGNKPKbA7swKhzCABQxUX+SRXJ6QOJeVAYACCXCgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjEyIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1467353179045,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1467353179045,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353179,"pkt_ts_usec":45522,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6EAAAER3+LAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1467353179045,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1467353179045,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
01602{"flow_id":75,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353180,"pkt_ts_usec":202498,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJdtAAIAGxG7AqHMIymwO7MVFAFDpA4l5\/kkWWlAYQRLiXwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1467353180357,"flow_last_seen":0,"flow_tot_l4_data_len":913,"flow_min_l4_data_len":913,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":913,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1467353180357,"flow_last_seen":0,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01601{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353180,"pkt_ts_usec":357764,"pkt_caplen":947,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":947,"pkt_l4_len":913,"pkt":"TF4M6gNlABxCjnAxCABFAAOlJglAAIAGxEDAqHMIymwO7MVGAFChhpBHZLD+y1AYQTfUEAAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODAwNTImc2g9JnNxPSZzdz0mdD1taWQmdT0wX2Fhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnY9NDc5NTMxMDAwJnZ2PTUuMi4xNS4yMjQwJng9Jnk9cWNfMTAwMDAxXzEwMDE0MCBIVFRQLzEuMQ0KQWNjZXB0LUxhbmd1YWdlOiB6aC1DTg0KUmVmZXJlcjogaHR0cDovL3d3dy5pcWl5aS5jb20vY29tbW9uL2ZsYXNocGxheWVyLzIwMTQwOTI0L01haW5QbGF5ZXJfNV8yXzNfYzNfMl8xXzYuc3dmDQpxeWlkOiBhYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6IF8yMDEyDQpxeXBsYXRmb3JtOiAwLTINCngtZmxhc2gtdmVyc2lvbjogMTIsMCwwLDcwDQpBY2NlcHQ6ICovKg0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDguMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzQuMDsgU0xDQzI7IC5ORVQgQ0xSIDIuMC41MDcyNzsgLk5FVCBDTFIgMy41LjMwNzI5OyAuTkVUIENMUiAzLjAuMzA3Mjk7IE1lZGlhIENlbnRlciBQQyA2LjApL1FZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KDQo="}
-01163{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1467353180357,"flow_last_seen":0,"flow_tot_l4_data_len":913,"flow_min_l4_data_len":913,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":913,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01175{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1467353180357,"flow_last_seen":0,"flow_min_l4_payload_len":893,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":893,"flow_avg_l4_payload_len":893,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353180052&sh=&sq=&sw=&t=mid&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
00605{"flow_id":77,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353180,"pkt_ts_usec":443128,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC501VAADMGZuDKbA7swKhzCABQxUZksP7LoYaTxFAYACF90QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjE5IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1467353180830,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1467353180830,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353180,"pkt_ts_usec":830424,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUgAAAQRyyvAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1467353180830,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1467353181295,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1135,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1467353180830,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1467353181295,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00782{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353181,"pkt_ts_usec":295295,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"pkt":"TF4M6gNlKDc3Alz6CABFAAE99F1AAEAGPTfAqAUPROn9hf5oAFDPYUlYxJOK\/oAYEBX74gAAAQEICiYb7H8rI43TR0VUIC9jb21NYWdpY2FuQXBpL2NvbXBvc2l0ZS9hcHAucGhwL0dsb2JhbC9JbmRleC9pcCBIVFRQLzEuMQ0KSG9zdDogYXBpLm1hZ2ljYW5zb2Z0LmNvbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogemgtdHcNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTWFnaWNhbiAodW5rbm93biB2ZXJzaW9uKSBDRk5ldHdvcmsvNzIwLjUuNyBEYXJ3aW4vMTQuNS4wICh4ODZfNjQpDQoNCg=="}
-00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1467353181295,"flow_last_seen":0,"flow_tot_l4_data_len":297,"flow_min_l4_data_len":297,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":297,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
+00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1136,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1467353181295,"flow_last_seen":0,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":265,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.magicansoft.com","url":"api.magicansoft.com\/comMagicanApi\/composite\/app.php\/Global\/Index\/ip","code":0,"content_type":"","user_agent":"Magican (unknown version) CFNetwork\/720.5.7 Darwin\/14.5.0 (x86_64)"}}
00859{"flow_id":79,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353181,"pkt_ts_usec":515378,"pkt_caplen":390,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":390,"pkt_l4_len":356,"pkt":"KDc3Alz6TF4M6gNlCABFAAF4BFJAADUGOAhE6f2FwKgFDwBQ\/mjEk4r+z2FKYYAYABs0tgAAAQEICisjjrEmG+x\/SFRUUC8xLjEgNTAyIEJhZCBHYXRld2F5DQpTZXJ2ZXI6IE1TZXJ2ZXIgMS4yLjINCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDU6NDY6NDcgR01UDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KQ29udGVudC1MZW5ndGg6IDE2Ng0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KDQo8aHRtbD4NCjxoZWFkPjx0aXRsZT41MDIgQmFkIEdhdGV3YXk8L3RpdGxlPjwvaGVhZD4NCjxib2R5IGJnY29sb3I9IndoaXRlIj4NCjxjZW50ZXI+PGgxPjUwMiBCYWQgR2F0ZXdheTwvaDE+PC9jZW50ZXI+DQo8aHI+PGNlbnRlcj5uZ2lueDwvY2VudGVyPg0KPC9ib2R5Pg0KPC9odG1sPg0K"}
00577{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353182,"pkt_ts_usec":46716,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6IAAAER3+HAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00582{"flow_id":78,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353183,"pkt_ts_usec":830773,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUkAAAQRyyrAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00577{"flow_id":76,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353185,"pkt_ts_usec":47598,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6MAAAER3+DAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1467353185940,"flow_last_seen":0,"flow_tot_l4_data_len":649,"flow_min_l4_data_len":649,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":649,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1467353185940,"flow_last_seen":0,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01249{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353185,"pkt_ts_usec":940061,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"pkt":"TF4M6gNlABxCjnAxCABFAAKdKslAAIAGwJnAqHMIymwO28VHAFCsEt6EcxJBblAYAQR7YQAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0zMCZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxODUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-01075{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1467353185940,"flow_last_seen":0,"flow_tot_l4_data_len":649,"flow_min_l4_data_len":649,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":649,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01087{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1141,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1467353185940,"flow_last_seen":0,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=2&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&tm=30&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=6&r=500494600&aid=502959900&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=windows&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353185&islocal=0&as=d19f64047b641cd6ff096b04fb2a30b5&ve=3cc0c8fa372625e64143144816f3e968&pe=c95d992e29856dc84f2e9907a2e4b282&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00604{"flow_id":80,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353186,"pkt_ts_usec":2895,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5ehdAADMGwC\/KbA7bwKhzCABQxUdzEkFurBLg+VAYADiXAQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
00582{"flow_id":78,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353186,"pkt_ts_usec":830866,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUoAAAQRyynAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353187,"pkt_ts_usec":172929,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAgsAAAERAYPAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1144,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00578{"flow_id":76,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353188,"pkt_ts_usec":55799,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6QAAAER39\/AqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1467353189325,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1467353187172,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1467353189325,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00601{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":325739,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LaNAAIAGT77AqHMI3xpqE8VJAFB9cer6SbS1WFAYQTc4sgAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkZXIuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IERvd25sb2FkZXINCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1467353189325,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1146,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1467353189325,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloader.ini","code":0,"content_type":"","user_agent":"Downloader"}}
01093{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":328640,"pkt_caplen":566,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":566,"pkt_l4_len":532,"pkt":"ABxCjnAxTF4M6gNlCABFAAIolNRAADgGLx3fGmoTwKhzCABQxUlJtLVYfXHrilAYAB9+agAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTcwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM1OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQphcHA9ZWd1aSxla3JuLG5vZDMya3VpLG5vZDMya3JuDQpjb3VudD0xDQpjMD1Eb3dubG9hZEhlbHBlcg0KW0Rvd25sb2FkZXJdDQpEb3dubG9hZEhlbHBlcj1odHRwOi8vc3RhdGljLnFpeWkuY29tL2V4dC9jb21tb24vcWlzdTIvRG93bmxvYWRIZWxwZXIuZGxsO1N0YXJ0O1FJWUk="}
00609{"flow_id":82,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":360764,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"TF4M6gNlABxCjnAxCABFAAC8LbBAAIAGT63AqHMI3xpqE8VJAFB9ceuKSbS3WFAYQLejygAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL0Rvd25sb2FkSGVscGVyLmRsbCBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZGVyDQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01601{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":363217,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkLbJAAIAGvJjAqHMIymwO7MVIAFBYgFOZMQ8QiVAYQTddVQAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxODcwNTMmc2g9JnNxPSZzdz0mdD0zcSZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01162{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+01174{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353187053&sh=&sq=&sw=&t=3q&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
02096{"flow_id":82,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":364405,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlNdAADgGLC7fGmoTwKhzCABQxUlJtLdYfXHsHlAQACHF9wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMzA1NjAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjI1OjI5IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAB3Rt9MMyexHzMnsR8zJ7Ef8CjuHzUnsR\/wKOwfJCexHzMnsB87JbEfFOHMHyQnsR8U4dwfnyexHxTh3x9JJ7EfFOHDHzYnsR8U4csfMiexHxThzR8yJ7EfFOHJHzInsR9SaWNoMyexHwAAAAAAAAAAUEUAAEwBBQCOOcNVAAAAAAAAAADgAAIhCwEIAAAAAwAAgAEAAAAAAMqTAQAAEAAAABADAAAAABAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAwAQAABAAAHRkBQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAkLsDAEsAAACAoQMA3AAAAAAgBAA0OwAAAAAAAAAAAAAAkAQAwBkAAABgBACwKgAAUBUDABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4agMAQAAAAAAAAAAAAAAAABADALgEAAD4oAMAQAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAI\/yAgAAEAAAAAADAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADbqwAAABADAACwAAAAEAMAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAA+F4AAADAAwAAMAAAAMADAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAADQ7AAAAIAQAAEAAAADwAwAAAAAAAAAAAAAAAABAAABALnJlbG9jAABWVQAAAGAEAABgAAAAMAQAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02092{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":364407,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlNhAADgGLC3fGmoTwKhzCABQxUlJtLxEfXHsHlAQACH4xQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02092{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":364461,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlNlAADgGLCzfGmoTwKhzCABQxUlJtMEwfXHsHlAQACHz2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -431,67 +431,67 @@
02119{"flow_id":82,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":365506,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlOBAADgGLCXfGmoTwKhzCABQxUlJtOOkfXHsHlAQACEyBgAASAwr1oPECAvKfQhWi8\/oKgkAAIsPVVONRgFQUejPWQEAg8QQhfZ8GYsHO3D4fxKJcPSLF2bHBHIAAF5dX1vCCABoVwAHgOiiCAAAzMxq\/2gZ+wIQZKEAAAAAUFFWV6EwzQMQM8RQjUQkEGSjAAAAAIt8JCTHRCQYAAAAAMdEJAwAAAAAiweLSPCFyXQLixGLQhD\/0IXAdQ7oLKYAAIsQi8iLQhD\/0DPJhcAPlcGFyXUKaAVAAIDoMggAAIsQi8iLQgz\/0It0JCCDwBCJBotMJCjHRCQYAAAAAIsBi1D0iw+LefRSUFdRVsdEJCABAAAA6NgBAACDxBSLxotMJBBkiQ0AAAAAWV9eg8QQw8xq\/2jZ+gIQZKEAAAAAUFFVVlehMM0DEDPEUI1EJBRkowAAAACLbCQox0QkHAAAAADHRCQQAAAAAItFAItI8IXJdAuLEYtCEP\/QhcB1DuhqpQAAixCLyItCEP\/QM8mFwA+VwYXJdQpoBUAAgOhwBwAAixCLyItCDP\/Qi3QkJIPAEIkGi3wkLIX\/x0QkHAAAAADHRCQQAQAAAHUEM8DrFIvHjVACZosIg8ACZoXJdfUrwtH4i00Ai1H0UFdSUVbo\/gAAAIPEFIvGi0wkFGSJDQAAAABZX15dg8QQw8zMzMzMzItMJAiFyXUKaAVAAIDo7gYAAItEJASLAGaLEGY7EXUmZoXSdBVmi1ACZjtRAnUXg8AEg8EEZoXSdd4zwDPJhcAPlMGKwcMbwIPY\/zPJhcAPlMGKwcPMzMzMzMzMzMzMzFaL8YN+GBByDItGBFDoe2sAAIPEBDPAx0YYDwAAAIlGFIhGBF7DzMzMzMzMzMzMzIsBi0jwhcl0C4sRi0IQ\/9CFwHUO6DOkAACLEIvIi0IQ\/+DDzMzMzMzMzMzMzMzMzItEJASLAFaL8YtI9FFQi87ouwIAAIvGXsIEAMzMzMzMi0QkFFWLbCQIVot0JBRXjTwGi0UAi1D4g+gQuQEAAAArSAwr1wvKfQhXi83oPwYAAItEJBRTi10AA\/ZWUFZT6AFYAQCLRCQ0i0wkMAPAUFFQA\/NW6OxXAQCDxCCF\/1t8GItFADt4+H8QiXj0i1UAZscEegAAX15dw2hXAAeA6J0FAADMzMzMzMzMzMzMzMzMgHwkBABWV4t8JBCL8XQng34YEHIhhf+NRgRTixh2DVdTahBQ6IxXAQCDxBBT6EtqAACDxARbiX4Ux0YYDwAAAMZEPgQAX17CCADMzMzMzMxWi\/CLRCQIhcB1BokGXsIIAFNVV1D\/FXASAxCL6IPFAY0crQAAAACNfgSLy+gvAgAAiwaLTCQUi1QkGGoAagBTUFVRagBS\/xWUEgMQi9j32xvbQ3Rc\/xWYEgMQg\/h6dUiLRCQUi0wkGGoAagBqAGoAVVBqAFH\/FZQSAxCL2IvL6NwBAACLFotEJBSLTCQYagBqAFNSVVBqAFH\/FZQSAxCL2PfbG9uDwwGF23QF6N8CAABfXVtewggAzMzMzMzMzMxTi1wkCIXbVovwdQeJHl5bwggAVVdT\/xW0EgMQi+iDxQGNfgSLzegFAgAAiwaLTCQYVVBVU2oAUf8ViBIDEIvY99sb20N0VP8VmBIDEIP4enVAi1QkFItEJBhqAGoAVVJqAFD\/FYgSAxCL2IvL6L4BAACLDotUJBSLRCQYU1FV"}
02123{"flow_id":82,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":369604,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlOFAADgGLCTfGmoTwKhzCABQxUlJtOiQfXHsHlAQACGUmwAAUmoAUP8ViBIDEIvY99sb24PDAYXbdAXoNQIAAF9dXlvCCADMzMzMzMzMzMzMzMzMzFaLdCQIhfZ1DTPAUFboTgAAAF7CBACLxleNeAKNZCQAZosQg8ACZoXSdfUrx1\/R+FBW6CkAAABewgQAzMzMzMyDeRgQi0QkBIlBFHIKi0kExgQBAMIEAMZEAQQAwgQAzFNVVot0JBCL6YtFAItY9ItMJBQr8LoBAAAAK1D8i0D4V408CyvH0f4L0H0IV4vN6IwDAAA784tNAHcHjRRxiVQkFItEJBiLVCQUA8BQUlCNBFlQ6D1VAQCDxBCF\/3wbi0UAO3j4fxOJePSLTQBmxwR5AABfXl1bwggAaFcAB4Do7AIAAMzMzMzMzMzMzMzMzIX2dQpoVwAHgOjSAgAAhcl9CmhXAAeA6MQCAACF\/3UKaFcAB4DotgIAAIsGO8d0PIH5gAAAAH4aagFRUOj+SwEAg8QMhcB1N2gOAAeA6I4CAABQ6PlIAQCDxASJPoM+AHUhaA4AB4DodAIAAIH5gAAAAH7nagFR6FpNAQCDxAiJBuvaw8zMzMzMzMzMzMzMzIX2dQpoVwAHgOhCAgAAhcl9CmhXAAeA6DQCAACF\/3UKaFcAB4DoJgIAAIsGO8d0PIH5gAAAAH4aagJRUOhuSwEAg8QMhcB1N2gOAAeA6P4BAABQ6GlIAQCDxASJPoM+AHUhaA4AB4Do5AEAAIH5gAAAAH7nagJR6MpMAQCDxAiJBuvaw8zMzMzMzMzMzMzMzMIEAMzMzMzMzMzMzMzMzMz\/FZgSAxCFwH4KJf\/\/AAANAAAHgFDolgEAAMzMzMzMzFeL+YtMJBCFyXUKaAVAAIDoewEAAFOLXCQMhdtWi3QkFHUOhfZ0CmhXAAeA6F8BAACLAYsQagJW\/9KFwHUF6D0AAACDwBCF9okHfNs7cPh\/1olw9IsPjQQ2UFNmxwQIAACLF1BS6EtTAQCDxBBeW4vHX8IMAMzMzMzMzMzMzMzMaA4AB4DoBgEAAMzMzMzMzItEJASFwHwVixE7Qvh\/DolC9IsJZscEQQAAwgQAaFcAB4Do2QAAAMzMzMzMzMzMzI1BDIPK\/\/APwRBKhdJ\/DIsBixBRi8iLQgT\/0MPMzMzMVovxi0wkCIXJdQpoBUAAgOibAAAAiwGLUAz\/0oPAEIkGi8ZewgQAzMzMzMzMzMzMUVNVVosxi170g+4QiUwkDIsOiwGLUBBX\/9KLEItsJBhqAovIiwJV\/9CL+IX\/dQXoPP\/\/\/zvdfQKL641ELQJQjU4QUVCNbxBV6FhSAQCDxBCJXwSNVgyDyP\/wD8ECSIXAfwqLDosRi0IEVv\/Qi0wkEF9eiSldW1nCBADMzMzMzMyLRCQEPQ4AB4B1BehRpgAAUOjQpAAAzMzMzMzMzMzMzFaL8YsGi1D4g+gQuQEAAAArSAyLRCQIK9ALyn0IUIvO6AsAAACLBl7CBADMzMzMzIsBi1QkBIPoEFaLcAQ78n4Ci9aDeAwBXn4JiVQkBOkN\/\/\/\/i0AIO8J9Hz0ABAAAfgcFAAQAAOsCA8A7wn0Ci8KJRCQE6QcAAADCBADMzMzMi1QkBFaL8YsGi0jwg+gQOVAIfRWF0n4RV4s5agJSUItHCP\/QhcBfdQXoIv7\/\/4PAEIkGXsIEAMzMzMzMzMzMzFaLdCQIhfZ1DTPA"}
02144{"flow_id":82,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":369605,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUlOJAADgGLCPfGmoTwKhzCABQxUlJtO18fXHsHlAQACFsLQAAUFboLgAAAF7CBACLxleNeAKNZCQAZosQg8ACZoXSdfUrx1\/R+FBW6AkAAABewgQAzMzMzMxTi1wkDIXbVYvpdQrojwAAAF1bwggAVot0JBCF9nUKaFcAB4Dot\/7\/\/4tFAItQ+LkBAAAAK0j8K\/Ar09H+C8pXi3j0fQhTi83o4\/7\/\/4tFADv3jTwbV3cNjQxwUVdQ6B1RAQDrDItUJBhSV1DolFABAIPEEIXbfBuLRQA7WPh\/E4lY9ItFAGbHBAcAAF9eXVvCCABoVwAHgOhD\/v\/\/zMzMVovxiw6DefQAjUHwV4s4dE6DeAwAjVAMfSGDefgAfQpoVwAHgOgW\/v\/\/x0H0AAAAAIsGX2bHAAAAXsODyf\/wD8EKSYXJfwqLCIsRUItCBP\/QixeLQgyLz\/\/Qg8AQiQZfXsPMzMzMzMzMzMzMzMzMzItMJAiNRCQMUFGLTCQM6J30\/\/\/DzMzMzMzMzMzMzMzMav9oyPsCEGShAAAAAFBRVlehMM0DEDPEUI1EJBBkowAAAACL+Yl8JAzoXpsAADPJhcAPlcGFyXUKaAVAAIDobf3\/\/4sQi8iLQgz\/0IPAEIkHi1QkIIXSx0QkGAAAAAB0IPfCAAD\/\/3UcD7fyVugRpQAAhcB0MlZQi8\/osQAAAOsnM8DrGovCjXACjZsAAAAAZosIg8ACZoXJdfUrxtH4UFKLz+go\/v\/\/i8eLTCQQZIkNAAAAAFlfXoPEEMIEAMzMV4v5i0wkCDLAhcl0IvfBAAD\/\/3UaVg+38VbopKQAAIXAdAlWUIvP6EQAAACwAV5fwgQAzMzMzMzMzMzMzMzMzFZXi3wkDFeL8eh1pAAAhcB1BV9ewgQAV1CLzugQAAAAX17CBADMzMzMzMzMzMzMzFNWi3QkEIvGwegEV4t8JBCDwAGL2Q+3yGoGUVf\/FXQSAxCFwHQRVlBX6OIAAACL8IPEDIX2dQhfXjPAW8IIAIsDD7c+g+gQugEAAAArUAyLQAgrxwvQfQhXi8vocPz\/\/w+3BoP4\/1WLK41WAnUXi8KNcAJmiwiDwAJmhcl19SvG0fiDwAGNDABRUo00P1ZV6BFOAQBQ6OYAAACDxBSF\/118HYsDO3j4fxaJePSLE19mxwQWAABeuAEAAABbwggAaFcAB4Dot\/v\/\/8zMzMzMzMxWi3QkDIvGwegEV4t8JAyDwAEPt8hqBlFX\/xV0EgMQhcB1A19ew1ZQV+gSAAAAg8QMX17DzMzMzMzMzMzMzMzMU4tcJAhXi3wkEFdT\/xWAEgMQhcB1A19bw1ZQ\/xWEEgMQi\/CF9nQtV1P\/FZASAxCLTCQYA8aD4Q92Fo2bAAAAADvwcxCD6QEPtxaNdFYCdfA78HIGXl8zwFvDZosGZvfYG8Ajxl5fW8PMzMzMzMzMzItEJASD+FB3Ew+2iBQ5ABD\/JI0EOQAQ6UWhAADpdKEAAMOL\/wE5ABD3OAAQ\/DgAEPw4ABAAAwMDAwMDAwMDAwMBAwMDAwMDAwMDAgMDAwMDAwMDAwMDAgMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwDMzMzMzMzMzMzMzItEJARQ6FNfAABZwgQAzMyLRCQEVleL+YsIizeNQfCD7hA7xnRUg34MAFONXgx8NosQOxZ1MFVQ6FMAAACL6IPEBIPI\/\/AP"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1467353189784,"flow_last_seen":0,"flow_tot_l4_data_len":439,"flow_min_l4_data_len":439,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1467353189784,"flow_last_seen":0,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00975{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":784236,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHLI6UAAAER3rTAqAUm7\/\/\/+gdsB2wBt3SETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1467353189784,"flow_last_seen":0,"flow_tot_l4_data_len":439,"flow_min_l4_data_len":439,"flow_max_l4_data_len":439,"flow_avg_l4_data_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1467353189820,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1393,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1467353189784,"flow_last_seen":0,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":431,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1467353189820,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":820488,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDksAAAER9TXAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1467353189820,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1394,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1467353189820,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00986{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":831497,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHUI6YAAAER3qrAqAUm7\/\/\/+gdsB2wBwIVJTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
00582{"flow_id":78,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":836485,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNUsAAAQRyyjAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
01043{"flow_id":84,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":909489,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"pkt":"AQBef\/\/6cBiLE+IdCABFAAH\/I6cAAAER3n7AqAUm7\/\/\/+gdsB2wB6x3GTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
01064{"flow_id":84,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353189,"pkt_ts_usec":995240,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"pkt":"AQBef\/\/6cBiLE+IdCABFAAINI6gAAAER3m\/AqAUm7\/\/\/+gdsB2wB+UWSTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOkNvbm5lY3Rpb25NYW5hZ2VyOjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1467353190040,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1467353190040,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00621{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":40967,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"TF4M6gNlABxCjnAxCABFAADGLkBAAIAGTxPAqHMI3xpqE8VLAFDaxGl\/7FKS9VAYQTcFigAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL2Rvd25sb2FkaGVscGVyLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBEb3dubG9hZEhlbHBlcl9ydW54eA0KSG9zdDogc3RhdGljLnFpeWkuY29tDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KDQo="}
-00676{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1467353190040,"flow_last_seen":0,"flow_tot_l4_data_len":178,"flow_min_l4_data_len":178,"flow_max_l4_data_len":178,"flow_avg_l4_data_len":178,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}
+00688{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1399,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1467353190040,"flow_last_seen":0,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/downloadhelper.ini","code":0,"content_type":"","user_agent":"DownloadHelper_runxx"}}
01759{"flow_id":86,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":44867,"pkt_caplen":1063,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1063,"pkt_l4_len":1029,"pkt":"ABxCjnAxTF4M6gNlCABFAAQZtrxAADgGC0TfGmoTwKhzCABQxUvsUpL12sRqHVAYAB9YnAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjoyOSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjY3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjMwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW0NvbnRyb2xdDQpjb3VudD02DQpjMD1DaGVja0NsaWVudA0KYzE9UVlBZ2VudA0KYzI9bWFzZmxhZw0KYzM9bWFzYXV0bw0KYzQ9bWFzYmxvZw0KYzU9Q29va2llQ2xlYXINCltEb3dubG9hZGVyXQ0KQ2hlY2tDbGllbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9DaGVja0NsaWVudC56aXA7U3RhcnQ7OTdEQzFBMTJCQzMyMkNERjRCQjE5MjNDNEVGMTRFMUINClFZQWdlbnQ9aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9RWUFnZW50LnppcDtTdGFydEFnZW50OzRDRDQxOTkyNjI5ODBBRjY5RDA3OThEREFBNDJGM0M5DQptYXNmbGFnPWh0dHA6Ly9tYmRhcHAuaXFpeWkuY29tL2ovb3QvbWFzZmxhZy56aXA7U3RhcnQ7RTNGRDlCMjEzMEFCQTIxNTc1QjRGNDk2RDg5Q0FGOTINCm1hc2F1dG89aHR0cDovL21iZGFwcC5pcWl5aS5jb20vai9vdC9tYXNhdXRvLnppcDtTdGFydDtEMTQ3M0E5Mjg2MjBENjZGMzM0QjI4RUYxRjk0QjA3OA0KbWFzYmxvZz1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L21hc2Jsb2cuemlwO1N0YXJ0O0JGRENCNTM1QzNFRUIwMkZEREI5NjFEMDVBNTIzQjI2DQpDb29raWVDbGVhcj1odHRwOi8vbWJkYXBwLmlxaXlpLmNvbS9qL290L0Nvb2tpZUNsZWFyLnppcDtTdGFydDtGMzlBRDlFOTgzREJCMzA5MkYxQzNDNDIwRjJBNDgyQQ=="}
01057{"flow_id":84,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":62486,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"pkt":"AQBef\/\/6cBiLE+IdCABFAAILI6kAAAER3nDAqAUm7\/\/\/+gdsB2wB92DxTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00605{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":110976,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5kJVAADMGqbHKbA7bwKhzCABQxUpzStvEq5YvP1AYADaqqAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1402,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
01083{"flow_id":84,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":132488,"pkt_caplen":553,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":553,"pkt_l4_len":519,"pkt":"AQBef\/\/6cBiLE+IdCABFAAIbI6oAAAER3l\/AqAUm7\/\/\/+gdsB2wCB3XmTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjptaWNyb3NvZnQuY29tOnNlcnZpY2U6WF9NU19NZWRpYVJlY2VpdmVyUmVnaXN0cmFyOjENCk5UUzpzc2RwOmFsaXZlDQpMb2NhdGlvbjpodHRwOi8vMTkyLjE2OC41LjM4OjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNClVTTjp1dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNDo6dXJuOm1pY3Jvc29mdC5jb206c2VydmljZTpYX01TX01lZGlhUmVjZWl2ZXJSZWdpc3RyYXI6MQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLzYuMiBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOjAwMjg1YmMzYzNiYTIwNzAwN2UxYzNiNzYyMWM4NDc2DQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1467353190168,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1467353190168,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00605{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":168494,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPRAADMGJVPKbA7bwKhzCABQxHdtLPipvNGQx1AYAMQhYwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1467353190168,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1467353190178,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1467353190168,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1467353190178,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":178778,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAlEAAAERAT3AqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1467353190178,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1467353190178,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00605{"flow_id":88,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":235492,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5FPVAADMGJVLKbA7bwKhzCABQxHdtLPk6vNGSM1AYANYfVAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjI5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1467353190634,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1467353190634,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00602{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":634365,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"TF4M6gNlABxCjnAxCABFAAC4LnBAAIAGTvHAqHMI3xpqE8VMAFCjClS\/APxWfFAYQTf8ogAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL1FZQWdlbnQuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IFFZQWdlbnRfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1467353190634,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1467353190634,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/QYAgent.ini","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
00898{"flow_id":90,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":638521,"pkt_caplen":420,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":420,"pkt_l4_len":386,"pkt":"ABxCjnAxTF4M6gNlCABFAAGWcOxAADgGU5ffGmoTwKhzCABQxUwA\/FZ8owpVT1AYAB8JQAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMjUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MzA6MDcgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjE5DQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbUVlBZ2VudF0NCnY9MA0KcD0xMDANCmU9"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1467353190892,"flow_last_seen":0,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":129,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":129,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1467353190892,"flow_last_seen":0,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":892847,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"pkt":"TF4M6gNlABxCjnAxCABFAACVLoRAAIAGUpzAqHMIaibba8VNAFAdei0\/k1iI9FAYQTd0xwAAR0VUIC9jaXR5anNvbiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUVlBZ2VudF9ydW54eA0KSG9zdDogaXBsb2NhdGlvbi5nZW8ucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1467353190892,"flow_last_seen":0,"flow_tot_l4_data_len":129,"flow_min_l4_data_len":129,"flow_max_l4_data_len":129,"flow_avg_l4_data_len":129,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1409,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1467353190892,"flow_last_seen":0,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"iplocation.geo.qiyi.com","url":"iplocation.geo.qiyi.com\/cityjson","code":0,"content_type":"","user_agent":"QYAgent_runxx"}}
01001{"flow_id":91,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":978488,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"pkt":"ABxCjnAxTF4M6gNlCABFAAHjK+5AADIGoeRqJttrwKhzCABQxU2TWIj0HXotrFAYAOXEmAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMCBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sO2NoYXJzZXQ9dXRmLTgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGNoYXJzZXQ9dXRmLTgNCg0KZjINCnZhciByZXR1cm5JcENpdHkgPXsiY29kZSI6IkEwMDAwMCIsICJkYXRhIjogeyJpcCI6IjExOC4xNjMuOC45MCIsICJpc3AiOiLkuK3ljY7nlLXkv6EiLCAiY291bnRyeSI6IuS4reWbveWkp+mZhiIsICJwcm92aW5jZSI6IuWPsOa5viIsICJjaXR5IjoiTm9uZSIsICJpc3BfaWQiOjY5LCAiY291bnRyeV9pZCI6NDgsICJwcm92aW5jZV9pZCI6MjI4LCAiY2l0eV9pZCI6MjI4MDAwLCAibG9jYXRpb25faWQiOjY5MjI4MDAwfX0KDQo="}
00414{"flow_id":91,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353190,"pkt_ts_usec":978489,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"ABxCjnAxTF4M6gNlCABFAAAtK+9AADIGo5lqJttrwKhzCABQxU2TWIqvHXotrFAYAOXCuQAAMA0KDQoA"}
00577{"flow_id":76,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":56486,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI6sAAAER39jAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1467353191500,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1467353191500,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00601{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":500926,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9BAAIAGTZDAqHMI3xpqFMZOAFCUEYDiYZCIJlAYQTcJ9QAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2ZsYWcuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2ZsYWdfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1467353191500,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1413,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1467353191500,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masflag.ini","code":0,"content_type":"","user_agent":"masflag_runxx"}}
00998{"flow_id":92,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":505501,"pkt_caplen":493,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":493,"pkt_l4_len":459,"pkt":"ABxCjnAxTF4M6gNlCABFAAHfpuJAADgGHVffGmoUwKhzCABQxk5hkIgmlBGBclAYAB+\/UwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogOTgNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkV4cGlyZXM6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MTI6MTAgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTM2MDANCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KWC1DYWNoZTogSElUIGZyb20gMTAuMTIxLjMzLjk3DQpYLUNhY2hlOiBISVQgZnJvbSAyMjMuMjYuMTA2LjIwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpbbWFzZmxhZ10NCnY9Mg0KcD00MA0KZT2xsb6pL8nPuqMNCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1467353191521,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1467353191521,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00601{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":521215,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L9RAAIAGTYzAqHMI3xpqFMZPAFCekgJEnvl6klAYQTcvHQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2F1dG8uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1467353191521,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1415,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1467353191521,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masauto.ini","code":0,"content_type":"","user_agent":"masauto_runxx"}}
01044{"flow_id":93,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":524481,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"pkt":"ABxCjnAxTF4M6gNlCABFAAIAVHFAADgGb6ffGmoUwKhzCABQxk+e+XqSnpIC1FAYAB\/e1QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjUwOjIzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2F1dG9dDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1467353191538,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1467353191538,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00692{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":538427,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"TF4M6gNlABxCjnAxCABFAAD6L9ZAAIAGlfnAqHMIJG7cD8ZNAFCivUMktEgQ8FAY\/\/DARAAAR0VUIC90bXBzdGF0cy5naWY\/bWV0aG9kPXFpdWJpdGVyJm9zPXdpbmRvd3MtNi4xLjc2MDFfc3AxJnV1aWQ9MzUwQzNGMUFDNzVENDBiYzkwRDYwMkRBNEU2N0E3MkQmc29mdHZlcnNpb249MS4wLjAuMSZzb3VyY2U9cHBzJnRhc2t0eXBlPWdldHRhc2tpbmZvIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRSVlpQW5nZW50DQpIb3N0OiBtc2cudmlkZW8ucWl5aS5jb20NCg0K"}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1467353191538,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1467353191538,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.video.qiyi.com","url":"msg.video.qiyi.com\/tmpstats.gif?method=qiubiter&os=windows-6.1.7601_sp1&uuid=350C3F1AC75D40bc90D602DA4E67A72D&softversion=1.0.0.1&source=pps&tasktype=gettaskinfo","code":0,"content_type":"","user_agent":"QIYiAngent"}}
00605{"flow_id":93,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":556046,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"TF4M6gNlABxCjnAxCABFAAC5L9hAAIAGTYfAqHMI3xpqFMZPAFCekgLUnvl8alAYQMHSJwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
01042{"flow_id":93,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":560090,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"pkt":"ABxCjnAxTF4M6gNlCABFAAIBVHRAADgGb6PfGmoUwKhzCABQxk+e+XxqnpIDZVAYACGRVQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA3OjA0OjE1IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc3JlY29tXQ0Kdj0xDQpwPTANCmU9sbG+qS\/Jz7qjL7nj1t0vye7b2g0Kcz29rcvVL9Xjva0vyb22qy+608TPDQphcHA9ZmlkZGxlcix3aXJlc2hhcmssSHR0cFdhdGNoLEh0dHBXYXRjaCBTdHVkaW8sSHR0cEFuYWx5emVyDQo="}
00605{"flow_id":93,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":575569,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"TF4M6gNlABxCjnAxCABFAAC7L99AAIAGTX7AqHMI3xpqFMZPAFCekgNlnvl+Q1AYQEpbxAAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc3JlY29tdG4uaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2F1dG9fcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
01047{"flow_id":93,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":579482,"pkt_caplen":529,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":529,"pkt_l4_len":495,"pkt":"ABxCjnAxTF4M6gNlCABFAAIDVHdAADgGb57fGmoUwKhzCABQxk+e+X5DnpID+FAYACMYbQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMzDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjM3OjUwIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc3JlY29tdG5dDQp2PTINCnA9NQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
00609{"flow_id":93,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":603072,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"pkt":"TF4M6gNlABxCjnAxCABFAAC8L+dAAIAGTXXAqHMI3xpqFMZPAFCekgP4nvmAHlAYQTeOdQAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hczM2MHNjb3JlLmluaSBIVFRQLzEuMQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBtYXNhdXRvX3J1bnh4DQpIb3N0OiBzdGF0aWMucWl5aS5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1467353191604,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1467353191604,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00601{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":604276,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"TF4M6gNlABxCjnAxCABFAAC4L+lAAIAGTXjAqHMI3xpqE8ZQAFAEnujgm7SOJVAYQTfnOwAAR0VUIC9leHQvY29tbW9uL3Fpc3UyL21hc2Jsb2cuaW5pIEhUVFAvMS4xDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClVzZXItQWdlbnQ6IG1hc2Jsb2dfcnVueHgNCkhvc3Q6IHN0YXRpYy5xaXlpLmNvbQ0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCg0K"}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1467353191604,"flow_last_seen":0,"flow_tot_l4_data_len":164,"flow_min_l4_data_len":164,"flow_max_l4_data_len":164,"flow_avg_l4_data_len":164,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1423,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1467353191604,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"static.qiyi.com","url":"static.qiyi.com\/ext\/common\/qisu2\/masblog.ini","code":0,"content_type":"","user_agent":"masblog_runxx"}}
00606{"flow_id":94,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":606497,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5GMJAAC4G\/04kbtwPwKhzCABQxk20SBDwor1D9lAYPLgN5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
01046{"flow_id":93,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":606497,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"pkt":"ABxCjnAxTF4M6gNlCABFAAIEVHpAADgGb5rfGmoUwKhzCABQxk+e+YAenpIEjFAYACVr7AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTM0DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjQ2IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45OA0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4yMA0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hczM2MHNjb3JlXQ0Kdj0xDQpwPTANCmU9sbG+qS\/Jz7qjL7nj1t0vye7b2g0Kcz29rcvVL9Xjva0vyb22qy+608TPDQphcHA9ZmlkZGxlcix3aXJlc2hhcmssSHR0cFdhdGNoLEh0dHBXYXRjaCBTdHVkaW8sSHR0cEFuYWx5emVyDQo="}
01043{"flow_id":95,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":608484,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"pkt":"ABxCjnAxTF4M6gNlCABFAAIApFFAADgGH8jfGmoTwKhzCABQxlCbtI4lBJ7pcFAYAB996wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozMSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogMTMwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBGcmksIDAxIEp1bCAyMDE2IDA2OjE3OjQzIEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zNjAwDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNClgtQ2FjaGU6IEhJVCBmcm9tIDEwLjEyMS4zMy45Nw0KWC1DYWNoZTogSElUIGZyb20gMjIzLjI2LjEwNi4xOQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCg0KW21hc2Jsb2ddDQp2PTENCnA9MQ0KZT2xsb6pL8nPuqMvuePW3S\/J7tvaDQpzPb2ty9Uv1eO9rS\/JvbarL7rTxM8NCmFwcD1maWRkbGVyLHdpcmVzaGFyayxIdHRwV2F0Y2gsSHR0cFdhdGNoIFN0dWRpbyxIdHRwQW5hbHl6ZXINCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1467353191688,"flow_last_seen":0,"flow_tot_l4_data_len":570,"flow_min_l4_data_len":570,"flow_max_l4_data_len":570,"flow_avg_l4_data_len":570,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1467353191688,"flow_last_seen":0,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01148{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":688041,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"pkt":"TF4M6gNlABxCjnAxCABFAAJOL\/RAAIAGZxbAqHMIZePIC8ZRAFCkQ4vBOJoXClAY\/\/Dn4QAAR0VUIC9jY3MgSFRUUC8xLjENClVzZXItQWdlbnQ6IENvb2tpZUNsZWFyX3J1bnh4DQpIb3N0OiBhcGkuY3VwaWQuaXFpeWkuY29tDQpDb29raWU6IHBwc19jbGllbnRfdmVyMj01LjIuMTUuMjI0MDsgVDAwNDA0PTRlM2FlNDE1YTU4NDc0OGFjOWFhMzE2MjhmMzlkMWU4OyBfcHBzX2l2aT1WazQ5TVRZd05UQTFMYVcvcFBtaFJ6OC9QNlRhcEVlbXVEOC9wTSt3Wmo4dHBMV3gzemd3cGxvL3BHYW9jU1pXVUQweEpsWkRQVDgvUHo4K3BMV3gzemd3cGxvL3BHYW9jU1pXU2owdE1TWldVejFXSmxaRVBTWldWRnRCWFQweU1UYzFKbFpOUFNaV1ZqMDFMakl1TVRVdU1qSTBNQ1pXVlQxb2RIUndPaTh2ZDNkM0xtbHhhWGxwTG1OdmJTOTJYekU1Y25Kc2RuVjRiR2N1YUhSdGJBPT07IFFDMDA2PXU1NDl2cHoxMGw5ZmthdHVtNGFsdzRicDsgUUMwMDg9MTQ2NjY0NTgxNi4xNDY2NjQ1ODE2LjE0NjY2NDU4MTYuMTsgSG1fbHZ0XzUzYjczNzRhNjNjMzc0ODNlNWRkOTdkNzhkOWJiMzZlPTE0NjY2NDU4MTc7IFFDMDA1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQoNCg=="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1467353191688,"flow_last_seen":0,"flow_tot_l4_data_len":570,"flow_min_l4_data_len":570,"flow_max_l4_data_len":570,"flow_avg_l4_data_len":570,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1427,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1467353191688,"flow_last_seen":0,"flow_min_l4_payload_len":550,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":550,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api.cupid.iqiyi.com","url":"api.cupid.iqiyi.com\/ccs","code":0,"content_type":"","user_agent":"CookieClear_runxx"}}
00725{"flow_id":96,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353191,"pkt_ts_usec":722567,"pkt_caplen":291,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":291,"pkt_l4_len":257,"pkt":"ABxCjnAxTF4M6gNlCABFAAEVyyVAAC8GHh5l48gLwKhzCABQxlE4mhcKpEON51AYPCgsNwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjMxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiAxMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCnsiciI6ZmFsc2V9"}
00975{"flow_id":84,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353192,"pkt_ts_usec":785509,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHLI6wAAAER3q3AqAUm7\/\/\/+gdsB2wBt3SETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xOTIuMTY4LjUuMzg6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJmNjg4ZWNlLWMwYjEtNDEwNC1iOWU1LWNiY2VlNTAzZTZiNA0KVVNOOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0Ojp1cG5wOnJvb3RkZXZpY2UNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
00578{"flow_id":85,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353192,"pkt_ts_usec":820786,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDkwAAAER9TTAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
@@ -507,38 +507,38 @@
00578{"flow_id":85,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":822852,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDk8AAAER9THAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00987{"flow_id":84,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":833413,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"pkt":"AQBef\/\/6cBiLE+IdCABFAAHUI7QAAAER3pzAqAUm7\/\/\/+gdsB2wBwIVJTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQNCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy82LjIgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzowMDI4NWJjM2MzYmEyMDcwMDdlMWMzYjc2MjFjODQ3Ng0KDQo="}
00582{"flow_id":78,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":837489,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6uKxv2MGbCABFAAClNU0AAAQRyybAqAUy7\/\/\/+s0xB2wAkYI7TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1hbjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1467353195852,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1467353195852,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01601{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":852766,"pkt_caplen":946,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":946,"pkt_l4_len":912,"pkt":"TF4M6gNlABxCjnAxCABFAAOkMjBAAIAGuBrAqHMIymwO7MZTAFDqT5aSVlCsgFAYQTeESwAAR0VUIC9jcDIuZ2lmP2E9NGUzYWU0MTVhNTg0NzQ4YWM5YWEzMTYyOGYzOWQxZTgmYWk9JmFzPTE6NDU6MjN8NDUmYXY9NC4xMC4wMDQmYj0xODA5MzIzMDEmYz0zMSZjdD01MDAwMDAwOTIzNDQ3JmQ9MjE3NSZkaT0mZHA9NzEwMDAwMDEmZT1jNDg4OWU2NGFkOWQ5ZWViOWZmNDM4OTEwODUwYzQ0MiZlYz0mZW09JmZpPSZnPTAmbD1NVEU0TGpFMk15NDRMamt3Jm1rPSZudz0mb2Q9NTAwMDAwMDg1NDkzNCZvaT0mcD1hJnBwPSZyYz0mcmQ9JnJpPSZzPTE0NjczNTMxOTUwNTQmc2g9JnNxPSZzdz0mdD1zcCZ1PTBfYWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj00Nzk1MzEwMDAmdnY9NS4yLjE1LjIyNDAmeD0meT1xY18xMDAwMDFfMTAwMTQwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IHpoLUNODQpSZWZlcmVyOiBodHRwOi8vd3d3LmlxaXlpLmNvbS9jb21tb24vZmxhc2hwbGF5ZXIvMjAxNDA5MjQvTWFpblBsYXllcl81XzJfM19jM18yXzFfNi5zd2YNCnF5aWQ6IGFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuDQpxeXBpZDogXzIwMTINCnF5cGxhdGZvcm06IDAtMg0KeC1mbGFzaC12ZXJzaW9uOiAxMiwwLDAsNzANCkFjY2VwdDogKi8qDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgOC4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNC4wOyBTTENDMjsgLk5FVCBDTFIgMi4wLjUwNzI3OyAuTkVUIENMUiAzLjUuMzA3Mjk7IC5ORVQgQ0xSIDMuMC4zMDcyOTsgTWVkaWEgQ2VudGVyIFBDIDYuMCkvUVktUGxheWVyLVdpbmRvd3MvMi4wLjEwMg0KSG9zdDogbXNnLjcxLmFtDQoNCg=="}
-01162{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1467353195852,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1467353195855,"flow_last_seen":0,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":365,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01174{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1467353195852,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/cp2.gif?a=4e3ae415a584748ac9aa31628f39d1e8&ai=&as=1:45:23|45&av=4.10.004&b=180932301&c=31&ct=5000000923447&d=2175&di=&dp=71000001&e=c4889e64ad9d9eeb9ff438910850c442&ec=&em=&fi=&g=0&l=MTE4LjE2My44Ljkw&mk=&nw=&od=5000000854934&oi=&p=a&pp=&rc=&rd=&ri=&s=1467353195054&sh=&sq=&sw=&t=sp&u=0_aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=479531000&vv=5.2.15.2240&x=&y=qc_100001_100140","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)\/QY-Player-Windows\/2.0.102"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1467353195855,"flow_last_seen":0,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00871{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":855557,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMjFAAIAGqNHAqHMIe31vRsZUAFDL+rP6wuI4bVAY\/\/CsBQAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1467353195855,"flow_last_seen":0,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":365,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1444,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1467353195855,"flow_last_seen":0,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
01044{"flow_id":84,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":910492,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"pkt":"AQBef\/\/6cBiLE+IdCABFAAH\/I7UAAAER3nDAqAUm7\/\/\/+gdsB2wB6x3GTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzE5Mi4xNjguNS4zODoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmY2ODhlY2UtYzBiMS00MTA0LWI5ZTUtY2JjZWU1MDNlNmI0DQpVU046dXVpZDoyZjY4OGVjZS1jMGIxLTQxMDQtYjllNS1jYmNlZTUwM2U2YjQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MvNi4yIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6MDAyODViYzNjM2JhMjA3MDA3ZTFjM2I3NjIxYzg0NzYNCg0K"}
00605{"flow_id":97,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":956508,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5xWxAADMGdMnKbA7swKhzCABQxlNWUKyA6k+aDlAYACCSWwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiBpbWFnZS9naWYNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
00707{"flow_id":98,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353195,"pkt_ts_usec":998488,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"ABxCjnAxTF4M6gNlCABFAAEFPIVAAC8G7\/l7fW9GwKhzCABQxlTC4jhty\/q1U1AYPLjA5wAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzUgR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1467353196104,"flow_last_seen":0,"flow_tot_l4_data_len":885,"flow_min_l4_data_len":885,"flow_max_l4_data_len":885,"flow_avg_l4_data_len":885,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1467353196104,"flow_last_seen":0,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01565{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":104228,"pkt_caplen":919,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":919,"pkt_l4_len":885,"pkt":"TF4M6gNlABxCjnAxCABFAAOJMkZAAIAGuC7AqHMIymwO3cZVAFB2diePbxSNNlAYAQSFkwAAR0VUIC9jb3JlP3Q9MSZyZXNldD0wJnZmcm10cD0xJnRtMT0mdG0yPTAmdG0yMT0wJnRtMjI9MCZ0bTIzPTAmdG0yND0wJnRtMz0yMDkmdG0zMT05NCZ0bTMyPTMxJnRtMzM9NzgmdG0zND0xJnRtND0xNzYmdG00MT00NyZ0bTQyPTE2JnRtNDM9NzgmdG00ND03JnRtNT0zMjgmdG01MT0wJnRtNTI9MCZ0bTUzPTAmdG01ND02MyZ0bTY9JnRtNjI9MCZ0bTYzPTAmdG03PTAmdG03MT0wJnRtNzI9MCZ0bTczPTAmdG04PTAmdG04MT0wJnRtODI9MCZ0bTgzPTAmdG05PTk2MiZ0bTkyPTE1JnRtOTM9Mjk3JmNoaXBpZD1JbnRlbCUyOFIlMjklMjBDb3JlJTI4VE0lMjklMjBpNSUyRDI1NTdNJTIwQ1BVJTIwJTQwJTIwMSUyRTcwR0h6JnJhPTEmaXNoY2RuPTImcGY9MjAxJnA9MTEmcDE9MTE0JnAyPTMwMDAmc2RrdHA9MSZjMT0zMSZyPTQ3OTUzMTAwMCZhaWQ9MTgwOTMyMzAxJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPVdpbmRvd3MlMjA3JnY9NSUyRTIlMkUxNSUyRTIyNDAma3J2PTIlMkUwJTJFMTAyJmR0PSZodT0tMSZybj0xNDY3MzUzMTk1JmlzbG9jYWw9MCZhcz0wMzExYzVhMGQ1NTk2MDYzZGI1OTQ0YmQ3NmI2Y2JmZiZ2ZT1iMWY5MGY4ZGE2ZmUwMjU4ZDEzNjE2YTgwNzBjYjk5NyZwZT0mdmZybT0mY2hsPSZoY2Rudj0xMC4wLjAuMjkzJnRwY2Q9MCZpc2RybT0xJmh0PTAgSFRUUC8xLjENClVzZXItQWdlbnQ6IFFZLVBsYXllci1XaW5kb3dzLzIuMC4xMDINCkhvc3Q6IG1zZy43MS5hbQ0KQWNjZXB0OiAqLyoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KcXlpZDphYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbg0KcXlwaWQ6XzIwMTINCnF5cGxhdGZvcm06MC0yDQoNCg=="}
-01311{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1467353196104,"flow_last_seen":0,"flow_tot_l4_data_len":885,"flow_min_l4_data_len":885,"flow_max_l4_data_len":885,"flow_avg_l4_data_len":885,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+01323{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1450,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1467353196104,"flow_last_seen":0,"flow_min_l4_payload_len":865,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":865,"flow_avg_l4_payload_len":865,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=1&reset=0&vfrmtp=1&tm1=&tm2=0&tm21=0&tm22=0&tm23=0&tm24=0&tm3=209&tm31=94&tm32=31&tm33=78&tm34=1&tm4=176&tm41=47&tm42=16&tm43=78&tm44=7&tm5=328&tm51=0&tm52=0&tm53=0&tm54=63&tm6=&tm62=0&tm63=0&tm7=0&tm71=0&tm72=0&tm73=0&tm8=0&tm81=0&tm82=0&tm83=0&tm9=962&tm92=15&tm93=297&chipid=Intel%28R%29%20Core%28TM%29%20i5%2D2557M%20CPU%20%40%201%2E70GHz&ra=1&ishcdn=2&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
00578{"flow_id":89,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":193494,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAqQAAAERAOrAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00606{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":204492,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC53kZAADMGW\/7KbA7dwKhzCABQxlVvFI02dnYq8FAYAA859QAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":365,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00873{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":348641,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"TF4M6gNlABxCjnAxCABFAAGBMltAAIAGqKfAqHMIe31vRsZXAFCyDhiCAe\/eKVAY\/\/B8ngAAR0VUIC9hcGlzL3VyYy9zZXRyYz9ja3VpZD1hYW9lZmR0cWdmZGVweGMydG52M3BpdWNnY2I0ZW9mbiZ0dklkPTQ3OTUzMTAwMCZ2aWRlb1BsYXlUaW1lPS0xJmFkZHRpbWU9MTQ2NzM1MzE5NSZ0ZXJtaW5hbElkPTEyJnZUeXBlPTAmY29tPTImcHBzVHZpZFR5cGU9MiZhZ2VudF90eXBlPTMwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRaXlpIExpc3QgQ2xpZW50IFBDIDUuMi4xNS4yMjQwDQpIb3N0OiBubC5yY2QuaXFpeWkuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":365,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1467353196393,"flow_last_seen":0,"flow_tot_l4_data_len":553,"flow_min_l4_data_len":553,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":553,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1454,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"nl.rcd.iqiyi.com","url":"nl.rcd.iqiyi.com\/apis\/urc\/setrc?ckuid=aaoefdtqgfdepxc2tnv3piucgcb4eofn&tvId=479531000&videoPlayTime=-1&addtime=1467353195&terminalId=12&vType=0&com=2&ppsTvidType=2&agent_type=30","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1467353196393,"flow_last_seen":0,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01124{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":393319,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"pkt":"TF4M6gNlABxCjnAxCABFAAI9Ml9AAIAGuWPAqHMIymwO28ZWAFBrRx\/mc\/0Jh1AYAQRafgAAR0VUIC9jb3JlP3Q9MTEmY3Q9YWRlbmQmcmVzZXQ9MCZyYT0xJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9MzEmcj00Nzk1MzEwMDAmYWlkPTE4MDkzMjMwMSZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnB1PSZvcz1XaW5kb3dzJTIwNyZ2PTUlMkUyJTJFMTUlMkUyMjQwJmtydj0yJTJFMCUyRTEwMiZkdD0maHU9LTEmcm49MTQ2NzM1MzE5NSZpc2xvY2FsPTAmYXM9MDMxMWM1YTBkNTU5NjA2M2RiNTk0NGJkNzZiNmNiZmYmdmU9YjFmOTBmOGRhNmZlMDI1OGQxMzYxNmE4MDcwY2I5OTcmcGU9JnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
-00980{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1467353196393,"flow_last_seen":0,"flow_tot_l4_data_len":553,"flow_min_l4_data_len":553,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":553,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1467353196441,"flow_last_seen":0,"flow_tot_l4_data_len":360,"flow_min_l4_data_len":360,"flow_max_l4_data_len":360,"flow_avg_l4_data_len":360,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00992{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1455,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1467353196393,"flow_last_seen":0,"flow_min_l4_payload_len":533,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":533,"flow_avg_l4_payload_len":533,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.71.am","url":"msg.71.am\/core?t=11&ct=adend&reset=0&ra=1&pf=201&p=11&p1=114&p2=3000&sdktp=1&c1=31&r=479531000&aid=180932301&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&pu=&os=Windows%207&v=5%2E2%2E15%2E2240&krv=2%2E0%2E102&dt=&hu=-1&rn=1467353195&islocal=0&as=0311c5a0d5596063db5944bd76b6cbff&ve=b1f90f8da6fe0258d13616a8070cb997&pe=&vfrm=&chl=&hcdnv=10.0.0.293&tpcd=0&isdrm=1&ht=0","code":0,"content_type":"","user_agent":"QY-Player-Windows\/2.0.102"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1467353196441,"flow_last_seen":0,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00866{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":441555,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"pkt":"TF4M6gNlABxCjnAxCABFAAF8MmRAAIAGDUzAqHMIb84WTcZYAFAHr7sEMj+LIFAYAQTIFgAAR0VUIC9iP3Q9MTEmcGY9MjAxJnA9MTEmcDE9MTE0JnMxPTAmY3Q9MTQwODE5X2Fkc3luJmFkc3luPTEmYnJpbmZvPUlFX0lFOV85LjAuODExMi4xNjQyMV8xJm9zPVdpbmRvd3MlMjA3JnJuPTE5MjUyJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdj01LjIuMTUuMjI0MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1467353196441,"flow_last_seen":0,"flow_tot_l4_data_len":360,"flow_min_l4_data_len":360,"flow_max_l4_data_len":360,"flow_avg_l4_data_len":360,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1467353196441,"flow_last_seen":0,"flow_min_l4_payload_len":340,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":340,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?t=11&pf=201&p=11&p1=114&s1=0&ct=140819_adsyn&adsyn=1&brinfo=IE_IE9_9.0.8112.16421_1&os=Windows%207&rn=19252&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&v=5.2.15.2240","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
00607{"flow_id":101,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":523719,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"ABxCjnAxTF4M6gNlCABFAAC5bd1AADMGzGnKbA7bwKhzCABQxlZz\/QmHa0ch+1AYADbMuQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNC43DQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM1IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCg=="}
00599{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":535461,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABxCjnAxTF4M6gNlCABFAAC07BRAADMGoWNvzhZNwKhzCABQxlgyP4sgB6+8WFAYAB\/IEQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1467353196740,"flow_last_seen":0,"flow_tot_l4_data_len":1152,"flow_min_l4_data_len":1152,"flow_max_l4_data_len":1152,"flow_avg_l4_data_len":1152,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1467353196740,"flow_last_seen":0,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01925{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":740386,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1186,"pkt_l4_len":1152,"pkt":"TF4M6gNlABxCjnAxCABFAASUMuBAAIAGCbjAqHMIb84WTcZZAFAJ9c2nhBlkGlAYAQR8TQAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MTEmY3Q9cGNfX2FkX3BsYXkmYWxidW1faWQ9MTgwOTMyMzAxJmMxPTQ3OTUzMTAwMCZjbHQ9aG9tZWRsJmNuPTE2MDUwNS0lRTYlQUQlQTMlRTclODklODclRUYlQkMlOUElRTklODMlOTElRTYlODElQkElRTYlQUMlQTclRTUlQjclQjQlRTQlQkElOEMlRTYlQUMlQTElRTUlQkQlOTIlRTYlOUQlQTUlRTUlOEYlOEQlRTklODAlODYlRTglQTIlQUQtJUU0JUJCJThBJUU2JTk5JTlBODAlRTUlOTAlOEUlRTglODQlQjElRTUlOEYlQTMlRTclQTclODAmY3B1dXNlPTMyLjgmZGU9MzJlNjU0ZmE1N2JlOTBlYzYzOGM0NmRkZmRkNjY3NTcmZGxsdj1hcHB2JTNENS4wLjAuMTAwMyU3Q29sdiUzRDUuMC4wLjExMDEmZXQ9MCZmdD0yMTc1Jmh0PTAmaHU9LTEma3Y9MTAuMC4wLjI5MyZsYW5nPSZtZW1waHk9NjUmbWVtdmlyPTEyMCZtdD0wJm12PTUuMi4xNS4yMjQwJnAyPTEwMTEmcGU9JnBvcHQ9MCZwdD0wJnB0eXBlPTEmcHU9JnI9NDc5NTMxMDAwJnJfaWQ9NDc5NTMxMDAwJnJhPTEmcm49MjA1MjYmc2Nobl9pZD0yMDAwMDM3MTklMjQlMjQlMjQlMjQxODA5MzIzMDEmc2Nobl9uYW1lPSVFNyVCQiVCQyVFOCU4OSVCQSVFNSVBOCVCMSVFNCVCOSU5MCUyNCUyNCUyNCUyNCVFNCVCQiU4QSVFNiU5OSU5QTgwJUU1JTkwJThFJUU4JTg0JUIxJUU1JThGJUEzJUU3JUE3JTgwJnNwdD0xNDY3MzUzMTk2JnN0YWdlPTImc3RpbWU9MCZ0dmlkPTQ3OTUzMTAwMCZ1PWFhb2VmZHRxZ2ZkZXB4YzJ0bnYzcGl1Y2djYjRlb2ZuJnVwbG9hZF9pZD0mdXJsPWh0dHAlM0ElMkYlMkZ3d3cuaXFpeWkuY29tJTJGdl8xOXJybHZ1eGxnLmh0bWwmdj0yLjAuMTAyLjMwMTQ3JnZlPTMzMzgyNWNkZjQ4NmNjOTRiNmQyOTU2ZjRkZTZkNGNiJnZpZD0yYjk0NzI5ZTNhOTIwYjIxMTk4ODZjNWM2NzdhZTlkYiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6IG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
-01600{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1467353196740,"flow_last_seen":0,"flow_tot_l4_data_len":1152,"flow_min_l4_data_len":1152,"flow_max_l4_data_len":1152,"flow_avg_l4_data_len":1152,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+01612{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1459,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1467353196740,"flow_last_seen":0,"flow_min_l4_payload_len":1132,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1132,"flow_avg_l4_payload_len":1132,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=11&ct=pc__ad_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=32.8&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&kv=10.0.0.293&lang=&memphy=65&memvir=120&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=0&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=20526&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353196&stage=2&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
00598{"flow_id":103,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":835349,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0DHtAADMGgP1vzhZNwKhzCABQxlmEGWQaCfXSE1AYACGFOQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM2IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1467353196856,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1467353196856,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00743{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":856069,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"pkt":"TF4M6gNlABxCjnAxCABFAAEhMu5AAIAGSgnAqHMI3xpqFMZaAFCbMnrue8hN51AYAQSXSQAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMS5qcGc\/bm89MSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1467353196856,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1467353196856,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_1.jpg?no=1","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
02112{"flow_id":104,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":917508,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjVAADgGss\/fGmoUwKhzCABQxlp7yE3nmzJ751AQAB9cGQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozNiBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY2MTIxMQ0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTUgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDENClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAHAQAAEDAwMCAwUEBAoDCgcAIwECAwQFBhEAEiEHMRMiQQgUUWFxFSMygUKRobEJFiQzUmJywdHwJYLhFzRDc5KywsTS1CY1U2Oiw\/EYNkR0g4aTlKSz01RWZGZ1doSjtBknRUZVhZWWxdW14jdXZf\/EAB0BAAIDAQEBAQEAAAAAAAAAAAUGAwQHAgEIAAn\/xABKEQACAQMDAQUEBwYFAwQBAQkBAgMABBEFEiExBhMiQVEUYXGRIzKBobHB0QcVJELh8DM0UmJyFiXxJjU2Q4KSF0RTc6LCY7LS\/9oADAMBAAIRAxEAPwDytAyeNWtFoU6vyTFgRlSXcbsJ9B8fl+eqxHqdN32eupf+5vW5UmPVHaHUHUpMapNHCmlDdxnBxnP7NTSEouRRHT4I7mdYpW2g0MdQukl49JKsmm3fb0+gS3BuZ97aKUPpwDubWPK4MKHKVEc6GfB+71qP21vapV7RkmgxSmNKRQ8iNNSkh8JU22lxLigdq962\/E4T5c4BOs+RYyXt+9GvEJIzXtxb9zIY85++q2mvKhvb0f6yf6Q1fvM+8sb2vwajqp2x9KEaMLI6f1e5vG9xjq92\/SfdVsZCvmo9z8k5+mpopSG2jmvYSyHaelDtuyUwH0vLXs82ngvqqxcNDk0eP4PljJZU\/wCH5nMjBx9B66X\/AFL6K3H04lNe+x25cNxhuQ3JiKK0bVDI3DgpPxyPz0GUyqzaa9vjp93WrCfER6D4jRLayjnijVvclPAKOG4EOlTUKQvwv6qv0vppy2vUkLpxXv3o2+XSltd5ittlC0KkPf8ACSZPJ47AZ9NGTdbjURtq"}
02119{"flow_id":104,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":917511,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjZAADgGss7fGmoUwKhzCABQxlp7yFLTmzJ751AQAB+1AQAAFHWnfu3ebsPmflqKi8LbOppt0aSln8a0oQnzOKX6fXTzo\/s7tX30MrdPrafdJ9wOpqEVa0+eCttATGWR8cDKh8HCNIf2Y7kse++qsW3Z9ZRJmISqRHhlv7ua8gbtu88KwMqCRndtPwwr0FYe3t6IW8WfGaEajdpKO6T7a8f7q6eXHYM73S46PKpTyVFtK32z4SyP6Dn4VD6HUejUGdXqrT6VTI\/vdSmvtxYrHiJaC1rVtGVnhKfUlR4AJ16QVv3OsV+5oM2OzU4HhtpejSW0raWT2G05\/CnHPx0obh9myNSbjod09Pap\/FmsUupt1BtqSFvxFhIVlBSDuGc4POMZxg6\/XEcyITHyaXYrUM4B6Gst3D0dv22KjesSo2u6f4mtIdrsiFKafZjNrwULQrI8Tck7ylIyACVAaiTOjt7U2gUet1O2pFNpVZYVKp8lx5twPNBIWVHYo+Gdp3bV4OAT6a0xfk3q\/SqN1XjzmEVOHe7qXEyae+XGKY3w2pLbYTkbmQG1KIB8iTyd2lNevUKq1roxZ9hNOOsfYa1eNIShLQeSlstNIGw5O1CnASr8W7nOlh7u7jOGFMEOl2hfEkoApQO9P60p+VHRCeW9Ec2SG0srUtlWCdqwE+U4B4Vj8OhesUp+lSlx5aPCeR+JH6Q5wQfgc8YOmdXrjbcYne5Ux2lTJLiXHJbVVkuLOM\/i3K8xIJGVZ+Whhi7ZNK97Rs94XJTtcddcO4\/iJyfiSrOdXLa6mdvGK5v7Kygi320m41QWoypc57\/iT+8apK8zsqsv\/jDpm2pcKnrVl09bSdkbwvvd310AXb\/41P8AxaP3aMQybnNCnTFuDTCmX\/AehhjDIbSAPKnVJGrkeoyvd4EUynsZ2oT6D4nPH5n5aB6xc36KEI3fQaNvZ9v2pWncEydBmyKVU3Ep92qEfylsjdxnHGd37OdCJbRljMvU0q6Zo8N7cql0+1T5129VKLc\/Syqil3Xa9Qt6Y4kqZEyPtQ+njzNODyuDBTkpJxuGdLxuRMrLm2NCed3f0Ua2H7T3WGX7SU6g\/bURj3OhpKYcnGJKkqabS6HFA7Vblo8TAAx2ydKmO5DpLKWocZKNv6WdWraPwBzwa8vLeGwmMKDcR6HNLKkWS6k+LPgSD8vTRRGTIZ2tQ6a6P7RGNXc64okVKlPvo+m7QlVup7Dfkjqb\/I6u7iPOh+55T9XirgVKTSfPK4\/qJc1El3vLmJU2xD\/1lk6Cn788Zwq2hav62Tr4Xw5t8qUj\/V1x3j\/y8VaEMnklWFQg1yY2l9X3TKzhPwOO\/wCrOulNLqCW9q5pS38E5xrn\/HR+bQfdURl+9Ik+MiUCQkp27S3t7ZJwd2dc7URUalWIrlTZe+yVFXiOKSdnrjJHzx664DsR1oitrcEgAYqJ4K4v4Xx+rXwlFKfM\/wDs0YdYLVi2\/R6VPpjS\/DlZS67HytltSOVZVk4J3JIB+fOlYZC9vm8356mTGM1O9q8bbSc1bSFNq3bXV7tdLCXHlbfHA4yVHOAB+v8AdqvebmNspfcQUtr7HXFp7wVbtxV6HUrHCHb1qxDGAw39KNZfTyrU1Q94TGRmImaFLfH8yr8Kvz+HfUumWDVqp44YfiL8BxDToEgJCFKKgkHPx2q5Hw510nqOxJTJT\/Fqmp8SP7sOM+HyrCx\/X8xyeO6vUjFt"}
02115{"flow_id":104,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":917514,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDjdAADgGss3fGmoUwKhzCABQxlp7yFe\/mzJ751AQAB+OMwAAb3Vv+L8NDSbYoc1SX\/HLk1jxSpWzYQoZ7HvxjnQgy3fpTVFFYbS2arHLFqkeP46vD8PG7du9A34hOO\/4cH9nfVUhPh7NqwtJGQpOcEfq0cSut4l0lcL+JduNKUywz7yiL5\/u\/wBLPxV3POqGlXwunqneBCaQ3LCUeEhRCUJG7hIx\/W0StHuCcSCht2lsFzEeaisK251awcuK264IuR2dbsej+EA2ztPi5ySRn0+f19NWFGi9+3bTVArEUBNJ2iNypFQbahtOuyCfKhlJUon5Dvpq9NY1Pol4Q5VxxhcrkZxMh2gRVbvFAVkpddCtree3BUeeQNLdy6pCIqo1OQKZFIwtDP43B\/XX3Ojj2f8AqYenFfmSmKo7Q57gT7tUWjgtqG7gn0zu\/ZpQOoDTwe58R+6rVjaJe3AinbYpog9qG2pVmdT55PT+b07psw+JDpExJWx4e1OfCcxtcHmBJSTgn6aRitqlK2\/h1qD23Paq\/wDcjZNvxFJiyUUMFMaclP3+xTTaXErWDtXvWjfgDy5wCedZdRofNfPdgb+lcT2gtJDGpz9uabVr+zZctxUaJUfeYkNqW0h9pCmJclRbUMpUTHYcSnIIOFEH4jXTWvZxu+nObIqIVZexhMaFICJS\/kiM7seWf7KDqjsKW7cVcYi1aVIlRWGEoaQ7IXhCUrR5U88AIzgDTXuONPtO1XHaJU6iwW2StyGJKnIzpE+otedleUqGyOyMY9M9ydMUFlaXEQKqc0tS3FxFLtDj5UgYdEny6uKdHgyHqkHC2IbbKlO7hnKdgBORzx8udWltUWrXVXm4tKhql1CY6Q3GjNbvFUok7QgDHP8ARA+GNXtcqtSvC6n7mq8wx6rICApFIaw6oobSgEBOAkqCQSc9yeOdWlp1e8bGqUaqWZQ6jQZcZW5qoNRlrlZ\/40pwnjPCAn89QwabJG+Shx8KJNN4c+dDyrEq1TmS4ECmyHZ0JLj0unstlx2OlA3OKOATsSEkqz+HB3fHUS1bQqdzSn2KXBenuMtKfeDLZX4bY\/EtXHCEjuo\/nqfV591tVWdWp5nxJcsuGTJUpSVueJu3gnIOFZUCD3zp39N\/Ze6iyLeqtx2zcVviG3Haak+6Vlbbj7L6eUgBHnTj8Qzzj11dFrHHMO9Ur8ajaU7ODQe90FrrttyJsIJlUeI7J3VflqK+W0pOG1uBPKgAUIUAVcYyeNJeS2gKUlv4\/i1vun2L1wkdLZ\/TCK1SJNDTUWo3guSErKpSvN5VuI\/CQU+ZPlGDg5CtImreyR1WqFYmUT7FYflUpj3pxj7VaSlhtalYUkLI\/GpC+AMkj5jNq\/tIpUyhHFVbe4Y5D1nRNPdeV5f+UeBr9agrVKLCVITwTvXnaB8T3OjKbWqxUXKNV5lGbXAiMMsM+DCDLDyGuPMUABajjCl5Kjzk5113fddJuy559XFHYtsyllaYlJCvdWQf0EtrOQB\/aP00AfTtkRYZDfCikEitIFfp510z+lVdg4VKVDRmIidzIH8yr8Kvz+HfVhROn1bqEqQ4j7NnpbU1GfQqSlONxITgkcZ2dx+emRQ6zGuOkzJNDtqkyBDpyBUJkkBKIzi\/FKA2nlRJCeVDHJVn0OpFS6nz+ndES87b9vVZsTQk+8surUSYzajkKWQQfFPwwU59cCglpewjvRRnvdLdu6yc0ppX"}
@@ -554,20 +554,20 @@
02122{"flow_id":104,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1474,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":973725,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDkFAADgGssPfGmoUwKhzCABQxlp7yIj3mzJ751AQAB9phQAABcHZQCAMjJIx5j+ekbWtatI7lbNm8VW+zOmS7ZLsjAPSsUUJxhlxC5i3ExUnzBv8avkOcZPxOtK9MLYg37TQ74rtDpaPu\/coitq3R\/Xd\/Fn44I1nKkWrPuyRBptMW01KkSUjdIO1G3Cs5OD8BgAHOtUdFrVm0Omv0aelt2ZEkONnwjlOR2UDj949OdIXaGaUTCHJ24zitN0uGNo2kA5p62xRulVFt9CINq2\/FejN4lTF0\/ev1G4u98+uRg6Rl3Uul0m8HmqI+mVS3QHWHkqK8jJykk4OUnI7fDTGh0aRT5yIdUTKkQZEV5oIVNXvYWrkPha1bspIyAM8nASRoRr9ut0xqjKTvW5IBUkeKt07CBjKlndwe4J9SNVux90ba\/7ryaqHaqHvNNZm6ilZ11uf+L1iCmNK2yqussDnkMp5Wfz8o\/M6zrETt\/raL+sV4Iu6\/ZYaVmFTx7jHwe4STvUP7Stx+mhiAwXFHWiz5upyfSlXSbX2KzAPU8mrimN7lfh1NrDxbbbiJV38yh8vTXdTI4bSVK4SkZKtV7XiT5zj\/wDTPHyHpowkfdptHU1GTvcsegogt6P4m3TKoUEJSjQrbFN7eX9miS7roRYlnS6mUp94A8KKk+rpzjj5cn8tHgRaQbmNLV2WuJhCnJNJz2grx+2K63QIq\/5HTP53afKt8\/iz\/ZHl+R3aWbMfCVa7EIXKdcecUpbizuUtX6RJ76tIkXv5dIniuZjK3nWh28a2UKwp5VVRppjQ33mUhLzbalErTkcA9sjP7fTWmrO9hy9aD0kuKfMrdFk0y8bfhmK3FD63mXPeY0hpa0eFzhKVoO0nG44zjWTq55KG8GsFIARuSQT3\/S\/z9NbR6Se2zTryTZ3T33Cql2Q5CojLsxuOuOlR2NI3J3ZwMfiHOeeDxoF+2fU9RSS3ttNXc4Xn7fjTRaRR7GaTp+nNZ4tu23KJ0B9oG25Tjb0uhVmkOKW1nYpTMiVGWpOecEvDvzzoV6ZAJ6JdYl\/GNS2\/1zUn\/oaJrKuF25qB7SA8FxBqtLFT8N4+dBTWYq+fmErVn89C3T5zwugfVcf05FHb\/wDuz6v+jrMbcttQuOdhz8jUJHMoH+tT\/wD61PtdtcfpVZjQ2BM66ahKWHVbEERYsQpKj6D75zn0512x6bTXlpi+OmpLXgvyIaClpr4JaCsFW31JAzn6HXdLQiP056dR0gJIoVUqX+u\/Pei\/81hOpVnU0bU+Xbux27g\/5Otl7EWCzqxbp\/QVRvHIBbPr+Jruc6dSIaI0mo06S\/S3Ffyes0o8788JCseUn+ioE57DnVNe6XnnEsCvVushPCmanHdZWn5HctQ4+PGj2nXrW7FkvyKFWZlLcLQLgiuFKXP5z8SM4PZPBB0F3TcVTuuQ5MqdUempc\/GOEgc9ilIx+oDRnV9NFtPvLceVD7Rrh5MvjH9\/31qDY7zFLqiVxnQ080gnxQM+GeQpWD3RjyqByCCd3BOrKz6tcNr3HU6bbdR+yPtVJZkU6S207DkMKcDoRsdJTsyhJ9TxoElIk0WS1JgPqQ8yollxPfjuD+vUqiXgyiuMz34i2UJx4rEUIUk\/0ilLgITn4cj92lmeeyuWEU64K0YMco3NGc1piT19vumRIL9EolOt6TTZDj8hy2XS5BUVoLeDAfK22uFKSVMhvKVEZxpO9LJd"}
02145{"flow_id":104,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1475,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353196,"pkt_ts_usec":974209,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUDkJAADgGssLfGmoUwKhzCABQxlp7yI3jmzJ751AQAB\/erwAAWtiZNplOcixVy4rlTEyPHDknCU48DJ7DI7YPf56vehfU+ht9Y01OvJVS6BKC23FLQZakhSVAqdGPvNwyDhOBxhOBjXVUqvJ6f0VNQtmoNtTpFBJW\/HfS8colo7oP82fDWryKHYBWOQdVLq1sUg9ogB8P9aE95OZGtZF6gYPl\/Yql633fc0AGgVibIm0yY2lShJittrSUufibISn1T3Oe50nRWJDkJFOU+77mhzxUslwlCVngqCe2SABkD0Hw05Or90VKv02txKjKL8ONWJZjteGEhCW2gG8bR6F8d\/z0i1eus01OZmm3KeDTHp6lYQGAyKniNJbiCT4LgjlWwPbTsJHOM9s\/nroEg\/pabnTe\/hMt\/wCwJqGdrCTtaUkbXkc5yORn1OR8\/idRKpYVv1JTikLdoz39JseIyDnHKSdw\/X+3jR3\/AKca5s1urJ93HI6Gohf93K0cy499KtTn+tripWra4LSqFuLV7y2HI+cJkM+ZtXyzgYPyIB+WqbSVPBLbsUlXBoujhxuU19rgr11z10n8Wq69RXVPu5Gw5SXHU+bAzpzUL2D75plo0+6nbgojtPqUVmY2ywJK5AS4ElOUBrkjeOxPb5aQ7shblP8AA+IxrVFse2vAVatPt2RSatKZgsNxB4jcdbRS2hKR5d4OBjg8HIB+Wm\/tPc6rBBGdJTc59w\/M0Itlj8QlNZU6gUl+l3BJpj60LkQJjkN1bXKSptxSFEcDglJ741VU5wxLqd\/998ft1dXtUDV7mqdR2qT73OdlbV8qG9xSufn5ucar2o\/jXk8n\/wClM\/nu0ciMpjQzcMQM\/GujjbgUQNK3Ued\/xZ1AjJ\/8GaB27q\/+WK1yS4tmPJQr9JONcIjn\/g\/Rk\/0FK\/56tEN3NVyuBV9XGR4I\/tDVJSG1Nznyn+r+86vax9421n4\/uGo9uRfeFSvkE\/36tnpUScIaF74c2yGHUpypKk+X4kHt+evSDpJ01odldJ3YLPRtm4JS\/CZlSqlAQ7KmOqTlxzKmipQzuI2kpx68a85b6SYrwdT\/ADjakuD4ZCsj92tW2t1tRKbZr0ir+61iBDXDbgIYWpxZBXt8NzG3adwySQRhWO+kjWY3dht6U06Pswd3Wkl1ioMS0+sNw0ul0ZmkUhBbdjx4yTsYKkbnGc9jtUc\/LsOMDS\/lRS5KcV8\/79HvUKv1asV5CKkwhhKd8prY2U+MXFYUskk7sbAgYwBsPrnQi1\/PSfz\/AOdpysVKacik55oNd4W4bb0qiqSdqin5jUeP\/wCMJf0T+4asKqyfE\/1hqFGTumSz8k\/u1Of8aof5K4TUhT1N2\/h8Yf36uJTIVlP9HVJI\/wDyf\/xw\/dq+e83m17b\/AF3+yon4AoPnMn3o6iSlbZqU\/wBnRNJghSkq0OTm\/wDTG3+iR+7VWcFST76sId1WqnMKRqPVGS4o6\/Xf5wflrtlq2Z+mrzHMUlcjg1ZRk7t301pP\/wBwRvNNn0u5\/t2i\/Z8+KzLaZbEh18JcCduUBvuNwzgnsfhrNsRXdPxGNbCovtpQItn02iTKbVJjcOOzGCVtsKaIQlKQNpV6be+c5weDxrLe0M+pwQL+7E3OT6D86uR93k76yE\/SXLbv+oUuS4lcinS5EN1bX4VKbUttRGQOCUkjjVlKcC6Sz8v8dU9xVgVS\/KtVkpWPfp0iXhfKh4ji"}
00577{"flow_id":76,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":65490,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI7kAAAER38rAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1467353197131,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1467353197131,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00580{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":131515,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6dNArkea6CABFAAChc\/sAAAERIa3AqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1467353197131,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1601,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1467353197131,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00564{"flow_id":105,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":240206,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"AQBef\/\/6dNArkea6CABFAACXc\/0AAAERIbXAqHMB7\/\/\/+scBB2wAg2oBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk1hbjoic3NkcDpkaXNjb3ZlciINCk1YOjMNCg0K"}
00568{"flow_id":105,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":271489,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/6dNArkea6CABFAACZc\/4AAAERIbLAqHMB7\/\/\/+scBB2wAhQmdTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhUmVuZGVyZXI6MQ0KTWFuOiJzc2RwOmRpc2NvdmVyIg0KTVg6Mw0KDQo="}
00580{"flow_id":105,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":303387,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6dNArkea6CABFAAChc\/8AAAERIanAqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1467353197951,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1467353197951,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":951316,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"TF4M6gNlABxCjnAxCABFAAUUM2tAAIAGCK3AqHMIb84WTcZbAFDJCjAgTd\/tYVAQAQRxYwAAR0VUIC9iP3BmPTIwMSZwPTExJnAxPTExNCZhcD0wJnNvdXJjZTE9bGlzdCZzb3VyY2UyPW9ubGluZV9sJnQ9MjAxJmN0PWNsdF9fcGxfcGxheSZhbGJ1bV9pZD0xODA5MzIzMDEmYzE9NDc5NTMxMDAwJmNsdD1ob21lZGwmY249MTYwNTA1LSVFNiVBRCVBMyVFNyU4OSU4NyVFRiVCQyU5QSVFOSU4MyU5MSVFNiU4MSVCQSVFNiVBQyVBNyVFNSVCNyVCNCVFNCVCQSU4QyVFNiVBQyVBMSVFNSVCRCU5MiVFNiU5RCVBNSVFNSU4RiU4RCVFOSU4MCU4NiVFOCVBMiVBRC0lRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZjcHV1c2U9MTQuMSZkZT0zMmU2NTRmYTU3YmU5MGVjNjM4YzQ2ZGRmZGQ2Njc1NyZkbGx2PWFwcHYlM0Q1LjAuMC4xMDAzJTdDb2x2JTNENS4wLjAuMTEwMSZldD0wJmZ0PTIxNzUmaHQ9MCZodT0tMSZpc2RtPTAmaXNsb2NhbD0wJmt2PTEwLjAuMC4yOTMmbGFuZz0mbWVtcGh5PTY3Jm1lbXZpcj0xMjEmbXQ9MCZtdj01LjIuMTUuMjI0MCZwMj0xMDExJnBlPSZwb3B0PTAmcHQ9MiZwdHlwZT0xJnB1PSZyPTQ3OTUzMTAwMCZyX2lkPTQ3OTUzMTAwMCZyYT0xJnJuPTIzOTg3JnNjaG5faWQ9MjAwMDAzNzE5JTI0JTI0JTI0JTI0MTgwOTMyMzAxJnNjaG5fbmFtZT0lRTclQkIlQkMlRTglODklQkElRTUlQTglQjElRTQlQjklOTAlMjQlMjQlMjQlMjQlRTQlQkIlOEElRTYlOTklOUE4MCVFNSU5MCU4RSVFOCU4NCVCMSVFNSU4RiVBMyVFNyVBNyU4MCZzcHQ9MTQ2NzM1MzE5NyZzdGltZT0wJnR2aWQ9NDc5NTMxMDAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mdXBsb2FkX2lkPSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5pcWl5aS5jb20lMkZ2XzE5cnJsdnV4bGcuaHRtbCZ2PTIuMC4xMDIuMzAxNDcmdmU9MzMzODI1Y2RmNDg2Y2M5NGI2ZDI5NTZmNGRlNmQ0Y2ImdmlkPTJiOTQ3MjllM2E5MjBiMjExOTg4NmM1YzY3N2FlOWRiJm1zZz1NWHcwZkFkUUFGSURVZ0ZSU0FCNmR3TmtCUUptZlhWM2RubGhZbmxJQlhUVnh5NGFPTDBBZEM2UVdSYURTS0IxY29kZGkxT3J0aUF6TmYzSDhwZUN2MUwlMkZSMiUyQjZUWUZEVXptSXA5b29TJTJGc3FRME50aEpLVDNBSHRDSkg2SmFLSGQxS2RwTDZwRVJ5bTBKM0FOUWxWUzluQWx3bGw2ciUyQjNMVzlpbXVHd2ZoNCUzRCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogbXNnLmlxaXlpLmNvbQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpQcmFnbWE6"}
-01798{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1467353197951,"flow_last_seen":0,"flow_tot_l4_data_len":1280,"flow_min_l4_data_len":1280,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1280,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+01810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1995,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1467353197951,"flow_last_seen":0,"flow_min_l4_payload_len":1260,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1260,"flow_avg_l4_payload_len":1260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"msg.iqiyi.com","url":"msg.iqiyi.com\/b?pf=201&p=11&p1=114&ap=0&source1=list&source2=online_l&t=201&ct=clt__pl_play&album_id=180932301&c1=479531000&clt=homedl&cn=160505-%E6%AD%A3%E7%89%87%EF%BC%9A%E9%83%91%E6%81%BA%E6%AC%A7%E5%B7%B4%E4%BA%8C%E6%AC%A1%E5%BD%92%E6%9D%A5%E5%8F%8D%E9%80%86%E8%A2%AD-%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&cpuuse=14.1&de=32e654fa57be90ec638c46ddfdd66757&dllv=appv%3D5.0.0.1003%7Colv%3D5.0.0.1101&et=0&ft=2175&ht=0&hu=-1&isdm=0&islocal=0&kv=10.0.0.293&lang=&memphy=67&memvir=121&mt=0&mv=5.2.15.2240&p2=1011&pe=&popt=0&pt=2&ptype=1&pu=&r=479531000&r_id=479531000&ra=1&rn=23987&schn_id=200003719%24%24%24%24180932301&schn_name=%E7%BB%BC%E8%89%BA%E5%A8%B1%E4%B9%90%24%24%24%24%E4%BB%8A%E6%99%9A80%E5%90%8E%E8%84%B1%E5%8F%A3%E7%A7%80&spt=1467353197&stime=0&tvid=479531000&u=aaoefdtqgfdepxc2tnv3piucgcb4eofn&upload_id=&url=http%3A%2F%2Fwww.iqiyi.com%2Fv_19rrlvuxlg.html&v=2.0.102.30147&ve=333825cdf486cc94b6d2956f4de6d4cb&vid=2b94729e3a920b2119886c5c677ae9db&msg=MXw0fAdQAFIDUgFRSAB6dwNkBQJmfXV3dnlhYnlIBXTVxy4aOL0AdC6QWRaDSKB1coddi1OrtiAzNf3H8peCv1L%2FR2%2B6TYFDUzmIp9ooS%2FsqQ0NthJKT3AHtCJH6JaKHd1KdpL6pERym0J3ANQlVS9nAlwll6r%2B3LW9imuGwfh4%3D","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
00506{"flow_id":106,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1996,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353197,"pkt_ts_usec":951570,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"TF4M6gNlABxCjnAxCABFAABuM2xAAIAGDVLAqHMIb84WTcZbAFDJCjUMTd\/tYVAYAQQaAAAAIG5vLWNhY2hlDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkFjY2VwdDogKi8qDQoNCg=="}
00597{"flow_id":106,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1997,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":52905,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABxCjnAxTF4M6gNlCABFAAC0gHZAADMGDQJvzhZNwKhzCABQxltN3+1hyQo1UlAYACMO1AAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuOC4wDQpEYXRlOiBGcmksIDAxIEp1bCAyMDE2IDA2OjA2OjM3IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAwDQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1467353198532,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1467353198532,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00744{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":532645,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"pkt":"TF4M6gNlABxCjnAxCABFAAEhM5pAAIAGSV3AqHMI3xpqFMZcAFDCryK2CgBK\/VAYAQQ7tAAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMi5qcGc\/bm89MiBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1467353198532,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1998,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1467353198532,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_2.jpg?no=2","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
02124{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":595498,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJVAADgGwG\/fGmoUwKhzCABQxlwKAEr9wq8jr1AQAB\/+YwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFFXUw0KRGF0ZTogRnJpLCAwMSBKdWwgMjAxNiAwNjowNjozOCBHTVQNCkNvbnRlbnQtVHlwZTogaW1hZ2UvanBlZw0KQ29udGVudC1MZW5ndGg6IDY4MDQ1Mw0KQ29ubmVjdGlvbjogY2xvc2UNCkV4cGlyZXM6IEZyaSwgMDUgTWF5IDIwMTcgMTc6MzU6NTYgR01UDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTMxNTM2MDAwDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNSBNYXkgMjAxNiAxNjoyMzo1NSBHTVQNClgtQ2FjaGU6IGZyb20gMTI3LjAuMC4xDQpBZ2U6IDQ4ODM0NDINClZpYTogaHR0cC8xLjEgUVRTIChRVFMgW2NIcyBmIF0pDQpYLUNhY2hlOiBmcm9tIDEwLjIyMS4zMi4yMTYNClgtQ2FjaGU6IE1JU1MgZnJvbSAyMjMuMjYuMTA2LjIwDQoNCv\/Y\/+AAEEpGSUYAAQEAAAEAAQAA\/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU\/9sAQwEDBAQFBAUJBQUJFA0LDRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU\/\/4AC3FpeWkxLjAuM\/\/AABEIA4QGQAMBIgACEQEDEQH\/xAAeAAACAwADAQEBAAAAAAAAAAAGBwQFCAIDCQABCv\/EAG8QAAEDAwMCBAMEBAgGDQUCHwECAwQFBhEAEiEHMQgTIkEUUWEVMnGBI0KRoQkWJFJyscHRJTNigsPwFyY0Q3OSssLE0tTh8TVThqKz0xg2RGODhIWTo6S0J1RkdHWURnYZN0VVVmVmlZbF4tUp\/8QAHQEAAgMBAQEBAQAAAAAAAAAABQYDBAcCAQgACf\/EAEcRAAIBAwMBBgMGAwcEAQMCBwECAwAEEQUSITEGEyJBUWEUcYEjMpGhsdEVweEHJDNCUmLwFiVy8SY0Q1NzNYKyosJjg9L\/2gAMAwEAAhEDEQA\/APMptJVH130SjzK1ODEJhT7nfaPYfU\/36sLbZpa5kcVlcxmmZPnLp7aFPYwcbQogZzjufnpudML6tTppWVy7NuK4oNWd+7OqUFmN5GAcbVNvOHnPOQB9dazqvexW8bxLlgK902GK6uRDM20HzpX9Quk14dJ6+mm3hbs635Lw8xn4xrah5PHqbX91wcpyUk9+dVO39FrVXio8T1teJOo0iFdEycw1Qk4p82j0xuVIUFNoS8h5S32knctsODaDjdjSXTR+mhR\/8EV3\/wCdb0Q\/9O132ZlLRu0gOSfSoNQiW2mMQOflzSwqSfu64U5Pq0xp1E6YHG+6LuT\/AOjUX\/t+umJROmSVei6rsV+Nsxv+36hlUfxbf5VSDjZ0oKmp\/Qq120RP8lV+OjiVR+nKm1brouhH\/ozGP\/T9fU2j9O0x1eXdVzrTnv8AxYj8f\/R+j\/fKmqCTB+6fKoi+UxQFTU+pz8TqJKZP2n+f9+mRBo\/Tncry7suVfJ\/\/AAYYH\/T9R36H02+L3Ku250q+"}
02133{"flow_id":107,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":595505,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJZAADgGwG7fGmoUwKhzCABQxlwKAE\/pwq8jr1AQAB8TPwAAQtiP\/X8fofczLJZRL\/v\/AJ10rgMaH2Gf0Z1VVRnTPjUywEtnbclzqH\/4txv+36rp9H6bKz5tz3WP6Nsxj\/0\/TXrE0cmn7QD09DVaNjvoBpjfp1znU2VIcOxhxTO3cpxDZUEjnvgfQ9\/kdMGm0bpqlI2XLdrn\/o5FH\/T9HQ6yUG2uklRsGHVriXDly3XBJfo0UFplaUZbSBKJGVpWo+rH6Q8ZJ0lao8w0NVtwc5GeOMfOiVqYmnxKcCg6odBbrtWm0V+ox2Gm6o0XGFCU2spISpRQ4kEqaWEDdtWEn8+Nc5fQi6E7EFMNCluIaAMtGQpRwnPJ4ORydHnUzrNSes\/2KupyKzGZp0NDO+PSY6nZDqRtLrizKHcfvJ1Uzn6DNoUaGmnXP5aWkJakx7dYSp1KVbgorEkhWT3Iz31Qgve0ENiqumF8sjyo+kejk5Lkmq1fhC6hU9DqlM0xzccFLc9ClcKAPGP8odtLOv2vPs6vzKPUUoTMiq2u+UrekH6Ht+zTeVVqHU0T0NWpcm6WzjezbzSVoHqTvQQ7nPqwT+3Vr0XtGkXqK5FtuDc9TktNIVML8unxEoQd4QEl1RGSQc89wNRaRfTWzCa7P2a+f1qneLaFMW2S1Z3nt418lHoT+Gtf0\/wxVG94D1sU62a09IhOtMeWu5qQlYdU0h0cc7glDyCvafzJ1lao0ldLnTYT6C29FecYcRuC9qkKKVDI4OCDyANaFpeo2mrXEq27ZIFBGR41BcYodQCY6tSKJSJlZnCPBjqfe+8Up9h+P9+rC3GqUufH+2lzG6Zk+caelCnsYONoUQO+O5+em50yvu0umdZVMs64rip1Wd5TOqMNmP5GAcbVNuuHnPO4AfXSjqxlggSSJcsBRTTYYrq5EMzbQfOlb1E6TXh0kryKbeFuz7flPArZ+MaKUPp49Ta\/uuD1J5ST351UJb9OtW+KrxO2z4lKjR4d0TZzTVCTtp02jU5qTIUFtoS8l5a32knctsLG1JxuxnSURR+mpSn\/AA\/d6f8A5QxD\/wBN1x2ZlLJIzqck+lQ6hCLeXuwQcenNLCop241wgJ3uaZU2i9MDjfct3J\/9HIh\/6frpi0bpilz0XPdh\/G2ov\/b9cygfxbd5VSD+DFA0xH6PUijJ\/krn46NplG6cKbO66LpH4WzGP\/T9cqZSOnaWHPKue6Fc\/wD7Mxh\/0\/R8TKmqB8H7p8jUJbKYoCpbf6RzPz\/t1Ekt\/wCESPqNMaDRunO9zy7nuhfz\/wBrMf8A7frpfofTb4w7rqugOZ7fxZjH9\/x+hlzMr2US\/wC\/+ddK\/iPFDjDPp1VVNs86aLFM6fBO1Nx3Qf8A0cjf9v1XzaN02P8Ajbmuwf0bai\/9v026vPFLp+1c9PQ1DGWDcil9SmztPOu6bTZMhYUhhxTIG5TiW1KCRz3wD\/qNHtOpHTNI\/RXDdzv\/AKOxU\/8ATjo5HWShW10lqVgw6ncTkOXLecTJk0mNlthaEZbAEknJWlajzj1n3J0l6o8x0RVtwc5GeOMfOiFr3bT4mOBQhUOgl1WpTaK\/UY0dpuqtFxgolNrUkhKlFDiAoqaVtGcLA\/brnK6FXQnCFIhoUtxLQCpSM7lHCQRk98jv20ddTes1M60fYqqm9WIrNOhts741LjqdkOgbS64syR3H7yc6qZ0mhzKDFi\/ZdylkMIQ1"}
02126{"flow_id":107,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2001,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":595506,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAJdAADgGwG3fGmoUwKhzCABQxlwKAFTVwq8jr1AQAB8\/CgAAIjUFhKnUpVu3bhIO4n5\/XQ2C+7QQ2CrLHhfIkeVMSRaO3VyTVerwg9Q6e06tbNMXkkbW56FK4ODx79wePbS0r1rT7Nr8yjVFKUzIq\/Ld8pW9OfoexGm8qsUKqMzm2LSuQqlM7cs2+0lTYG5O9GHDzleM\/PGrXotaVGvZNbi27TboqkpptBmebNgQ0oSrelO0unGThXv3A1xpGoT2zCa8x3a+f1qpepad3i3yWrO04YUNfIQdg1sGn+GWpXtCetam2rWn34LzTHluXTSEL81TSXRwEncEoeQVbTx8ydZUnUtdKqE2C62UPRnlsLQVBe1SVFKhkDBxg860LStRtNXuJVt2yQKAujxgFxihp4ZCQDqzoNGl1l8sQmVSHsZKU+31P013UdqlLqUT7acmM0vnz1wW0reAwcbErKQTnHcjTg6XXxa3TWqqmWdcdwwqo7ymoVGAzF8jAVjapt908lXO4Acd9J13JLZs0kCbmx0orp0MV1cLDM21T50ruonSe8ek9dRTbwt2db8p0b2fi2tqH08eptf3XE8p5ST351UIbOtV+KvxPWz4lKlRodzz5sdmggJp8+j0tqXIUFNoS8l5S5DSfUtsODaDjdjOkmmi9Nsem5Lt\/O3Iv\/btcdmpS6yPIuCT6VBqEQtpTEDnHpzSzqDfqTrqhJ\/TaY06i9NCr1XTdSP\/AEZjH\/p+o8aidNkuei7LoP8A6MR\/+36r3AH8T3e9UxJ4aCZ6fSNTac3\/ACE6L5tE6c7Ruuu5kf8AozH\/AO36lQaP0\/TF2puq5Cn+d\/Flj\/t2j1pKItSkf1X0qPf4KX1MTucc\/HUOW3\/Lz+I0yIND6cpU5tu25D\/6Ms\/9u10yqD04+K3Ku65N383+LLP\/AG7Q+5lD2Ea\/7v510sniNDkZn9HqpqbfqOmcxTbAbTtTc9yn\/wBGo4\/6fqBPovTped91XSn\/ANGY\/wD2\/TXrE0UmnBVB6DyNQxsd5JoAp7PpTrul0uVIcBbZcWzjcpxDZUEjnk4H0P7Do5g0jp23nZc90L\/9HI3\/AG\/TAjdY6DbnSCo2DErFwuQ5ct1xMl6jRwWmFpRltKRKJGVpWo+rHrPuTpN1RpRo6rbjnjPHlV62MTTfanAoOqHQC67Sp9FfqLEdpuqtKcY2SmllJCVLKHEg5aUEjOFgH8+Nc5PQi6EbUKRDQ4txLQCpaMhROE5598jvo56pdcKL1rVRlVGVWojdPiIZKmKPHU7IdHpLi1mWM5H07k6rJcm359DixPgLnDSGkIbkxraYSt1KVbt28SjuJ9zz30KtL7XIbFVKAL6kUwpHpJ+8xJqD\/wC9D6hU0uOus0txOSNrc9ClZBx2xk9x2+ulfdFrTrPuKbSKilAmRF7HQ0rekH6H3\/HThNYoNXMyOxatyKcmM7Qpu3WkqRjcnen9MefXyfnj3OrXo9ZlGvIVqLbcK6KnMaaQZhefp8RCEneEhJdcIyfVnnuBqTTb+4gi33RHdqetVLuO02f3fJas6Sk\/ou+voyDs1sSleGKo3vTX7Up1t1x5+C80x5a7hpCVl1TSXQMZO4JQ62VbScdsnWTpdLcpU+dCfSWnor62HEFYXtKFFKhkcHGO408adqdrqt2y27ZKrzQFo3jXxDFfW63myLmPzeht\/tU4f+bqpYo064a3JjwGFSHStSsJ4AGT3P8AedX9"}
@@ -584,24 +584,24 @@
02103{"flow_id":107,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2012,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":682063,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFAAUUAKJAADgGwGLfGmoUwKhzCABQxlwKAIr5wq8jr1AQAB8xRgAAxPJk2ln\/AIikI\/0Wr+gNm2bPjW9JdSupvRpMtbSHcfCtlOS060pAIcKkoOd33ce3c5aW1pp1yDCmC4I\/MVylu93G7u2FTn+n1rq8NfSml9Yus1u2tW5T0KkSSt2W5HUlDnloQVFKVK4SVYA3EHGSeTrc11eB3o4LBfnwLfuKjOTI++HLi1oznG1HAQpTJRhacqG5IPYKwffWWvABGlzvFFbkKLF+JTJhT2H1kpAYaMZWXSD94AhPHvnjXovTun1zzaI5RV1umT5EENsfZeQ4pAUgqZQ4jH6PcE+lSinnarI0F7cahq2nyj+FZ34HT0PrzQtWiD4lbArHnSDwV9NbV6JzOofVpdXqLCapNhLeoszyo8REeSuOFcIJO9xtfqUpIHpGM5yM9WugnSmxOrlh+Qa43YdcUtEuO7L3Pg+WS35b3l5G5RSCkgkexwrh2yortx\/wdlbmOsSWnJLFbq7gfUf0SxWZGUHHG7kfsUfloT\/hDbdfpNl2c7s8pNOqQgMuIX6v9zFzPAHueDnRDQGu5CiF8F+D88VQeRmlJ3cZNZY63dKaXJ64LtHpZSKrMjONNhiJLfD75XzvUVYSEj7p9XbPfVdfvhh6hdIaWuqXTSo9OioUhtaROZccBWTtylJJ75\/ZpqeB+9LfpPVa4KXcjzTdVuOnpg0qpTHORJDqVBrzFHCS6BhKlHG5KB76vfGP0a6mdNxMnG4ajcvTibKSlwPDDtLkKVvTHlIOSk84S4DtX8wTjXRgmttVWNm3NkAk1cWVgRHWc+mFPs+o9R6FHv5+TGtBx1f2i7CcDbyU+Wsp2KIIGVBHse+NbXqPh18KtE6cUe6ZNYuqNCqyd0QP1LY2sc91mP8AsOMEnAPfHn5Um\/0afTrcPWi0pkbwM9PZD7i1wY1KpcuOCsqCDII3DH6vKfzz89ENYjkXUtkbbdwHSvJSdqnPnQn0n8O3Sdvow1f15yK84zUqg7HhKYmiOykecpDTXDCypakjeVEpHqAA9zWXr4cOnVoeINuhOyarUbSfoj9QLceckuxZDaMlPn+UPMQk4P3EnuM8ZL56b9MKRePhY6aUqrvVGLTzT49TdeaktMNB0z3EtgF30qUsgJwPVyOTkav+pnSGTVuvVnwpDSWxMtav4iod4SG0thbYVkHOVLycg\/XSjcyzrBt39DXlvL\/ecMaDad4dna9arbVDsOzIVLZSfLRVX3FVB5vbhLjigjckq+8cr9xwDrPds9E7durrnSbaq1EqVv0SnRVv3GlE7zMqStYStp0oOxte5lPO7HqOflqKdbdqUWm0liK04048pJS83UZjS1pK+ULdSlYUNvG1aucJyOOb2F0lVROidwXTSqbIq1y1eLPdiJ8wueZHYadU2wpY53EKWoJI5HHJ1QsL66YsjuSp9aZdUlCwghQDWbLV6DdK73vu4avTWq5SemFtMNszg7UG1ypMo7lKIWUZbbAUhJAQpWSNvckQbjs7w+XL1F6dUSyoVdmxp8sIrTblVCipKm1KS22rblO1QTlRH878dfngq6l0huo1mwrmkx48W6VlUefMbCm3JKk7Sw6SfQl70jeDwrg98hlU7wkVDo94sOm02m73bPqdTfRFdkJ3uQJDcZ5wxH0qHJwnKVH76QT3B03TCZYzFO5AwNvoaVtxWQ5OOKpbQ6C9J5HV3qFR3req"}
00578{"flow_id":85,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353198,"pkt_ts_usec":862502,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlAAAAER9TDAqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00578{"flow_id":89,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2312,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353199,"pkt_ts_usec":193666,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6jHNut5ODCABFAAChArUAAAERANnAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_tot_l4_data_len":912,"flow_min_l4_data_len":912,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":912,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_tot_l4_data_len":365,"flow_min_l4_data_len":365,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":365,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1467353189363,"flow_last_seen":0,"flow_min_l4_payload_len":892,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":892,"flow_avg_l4_payload_len":892,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1467353190110,"flow_last_seen":0,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2397,"source":"pps.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1467353196348,"flow_last_seen":0,"flow_min_l4_payload_len":345,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":345,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50775,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00706{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353199,"pkt_ts_usec":417673,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"ABxCjnAxTF4M6gNlCABFAAEF4D5AADEGSkB7fW9GwKhzCABQxlcB794psg4Z21AYPLiOgAAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFRlbmdpbmUNCkRhdGU6IEZyaSwgMDEgSnVsIDIwMTYgMDY6MDY6MzggR01UDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW47Y2hhcnNldD1VVEYtOA0KQ29udGVudC1MZW5ndGg6IDI5DQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctQ3JlZGVudGlhbHM6IHRydWUNCg0KeyJkYXRhIjp0cnVlLCJjb2RlIjoiQTAwMDAwIn0="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2456,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00577{"flow_id":76,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":65484,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI7oAAAER38nAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":105,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":142502,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6dNArkea6CABFAAChdIcAAAERISHAqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00743{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":271229,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"pkt":"TF4M6gNlABxCjnAxCABFAAEhNFdAAIAGSKDAqHMI3xpqFMZdAFCAFVM2Sak8SVAYAQQb1wAAR0VUIC9wcmVpbWFnZS8yMDE2MDUwNi9mMC8xZi92XzExMDM1OTk5OF9tXzYxMV8xNjBfOTBfMy5qcGc\/bm89MyBIVFRQLzEuMQ0KVXNlci1BZ2VudDogUWl5aSBMaXN0IENsaWVudCBQQyA1LjIuMTUuMjI0MA0KSG9zdDogcHJlaW1hZ2UxLnFpeWlwaWMuY29tDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQWNjZXB0OiAqLyoNCg0K"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2545,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"preimage1.qiyipic.com","url":"preimage1.qiyipic.com\/preimage\/20160506\/f0\/1f\/v_110359998_m_611_160_90_3.jpg?no=3","code":0,"content_type":"","user_agent":"Qiyi List Client PC 5.2.15.2240"}}
00563{"flow_id":105,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2546,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":314511,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"pkt":"AQBef\/\/6dNArkea6CABFAACXdIkAAAERISnAqHMB7\/\/\/+scBB2wAg2oBTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCk1hbjoic3NkcDpkaXNjb3ZlciINCk1YOjMNCg0K"}
00567{"flow_id":105,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2547,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":346483,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/6dNArkea6CABFAACZdIoAAAERISbAqHMB7\/\/\/+scBB2wAhQmdTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhUmVuZGVyZXI6MQ0KTWFuOiJzc2RwOmRpc2NvdmVyIg0KTVg6Mw0KDQo="}
00579{"flow_id":105,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2548,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353200,"pkt_ts_usec":376519,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6dNArkea6CABFAAChdIsAAAERIR3AqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":85,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2549,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353201,"pkt_ts_usec":861524,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6SNIkYwreCABFAAChDlEAAAER9S\/AqAUp7\/\/\/+sTGB2wAjdbrTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1467353202192,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1467353202192,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00619{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353202,"pkt_ts_usec":192448,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"ABxCjnAxTF4M6gNlCABFKADCuCpAADIG5SVN6ikjwKhzCABQwBY\/zyZ9xn1A6VAYAAIAJQAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KUHJhZ21hOiBuby1jYWNoZQ0KQ2FjaGUtY29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQoNCg=="}
-00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1467353202192,"flow_last_seen":0,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":174,"flow_max_l4_data_len":174,"flow_avg_l4_data_len":174,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {}}
+00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2550,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1467353202192,"flow_last_seen":0,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":154,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":154,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {}}
02116{"flow_id":110,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353202,"pkt_ts_usec":192450,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCtAADIG4NJN6ikjwKhzCABQwBY\/zycXxn1A6VAQAAL1DgAAMjINCgMgCKAEEgH\/MhgIBBDmzNlDGIAKIJuhw6jaKiibocOo2ioNCjllMw0KCuATQVNVIVZQU3oDMAYWRgAAAIAJAACTCQAAeNolVXk01V0bfe51iZApMpZ5zjznco0JmeKSIVNeQzKWkDi4Ggwp6UWG1xCxylQRmd6EyCykZKZ0QwiR4vt933fWOuv8cdbZZ5\/9PPvsM3aGIkkMAEZWqjKV8P\/xCJtSB\/NfKOBwomAIFoTLeF+yLcHOykHRDpzBBXxpwIr2Eh5YEZ6EJCLl8EBQxQO\/OhBpYJqkQwMkvZMEQQA3f4Kc7yWvi\/jwS+HAHykF2jRQpasDRv9DcaOBVd0wDIWCO8DvhxfF8YuBBJwikABIjuCE3RKUjAuHSOCNFAIREAUxUMADmUQDQIgCRPgvVUt9JRlWbNXtK5OpsKHJ8J4LK+EyngYrIxUZVhyAmg4FaJkIoGZU33trc5hjTzGJTtUKB9Mx+T3dfmPXIoQ26EABICX6SsW7hX2KlFgnEwnwoJmVWZtN5T3KOpChrYrh213iQtqdReQAD1v9dk08JJYJFluOWyXS+Qf73GcByDko2exVaBzzKIPoSxuJ8RHb72m1UeUvkD\/v216FhyZVmZihHr7WtrYrgarCACFHcqOl7rTojtTlpFlxAKROdfbFzNGM6rxNqVIdOAHcm\/os5hLXL+tKfHtGi\/HbMZpYdZhMeKP9e3jCaJoGjosfkQ4ZHy19+LLw84guwJwa\/9Ktlu8KY6999xP+Bvj4dedshtyDydKvvvvtpgAl+bo9Df8UGtubKMnkHACwN1E2f0AHkBWdSfPUPXvgqln2dD492SUvokzyVkXQIUBlzVcPHCnc7RZ\/tc8u9KmS7DE4xX62EnoAvc5NZI7V3LhTODiXlfWPiUHKvIWIfwP\/LqADGZnMJDNldpH+uBjbrQapZK+fuOPzW+aAnhW3HhZM585sijetOXliLoa9gCkh9INHCiDXhzXcg\/vpxYIPjRXXRxNKvaI6lu226l8Aivkzy1Ny9ARfXWBlelnoZGwRfmfLmmgZCuiCsz3fuI3zBPjtp6Y5lCjP3ys3qsjmcAREVeoX6HcvcPN3UBngDBwvrmf8LWboGH0E0E1SidB66fcT7RcuptRH0x5\/e5snTfjJ4EFA9CrukkQG\/FZos0p8y8x54czaQvEPHMEPAZX7h0tZs\/DkN\/ReyGJTEQpxaNV6fq6+3gxQd2+SVJO7aPbhn8hRvPDN9bpqNOJ7Zgc7I3K66njSmiFz+dSVFIc2\/1k3fB1jp3XQGqBzSntyXs0dPjnRN5uEu40PrYonyiv7LxhgDJ581+h9hajeR9umb6y\/G1bO8f76fQrKANF5s2vWH3Y1ZL49Vi2gxO84af44zk3gWjsg6clhTdn0aCuv5o1+fJ7HejOvlq9wH7kIM8ZPYWKs58nIykrZmgKpkmDDFgj469W6KSD1DorOyspuG9lyxTo4uS39nIpy1TktrmBA\/sRvhvNBg5FmYRnatdE5Od0m5gLOZ70ogIxyF43qD947ySc4pJOCU6qq7JceMxy26QVEyeI0\/lNvcrsugiCyJrtE\/dIvwhSyroxZcyUhkdxI+4ffajndOqztX68qz1fum6uW2EtV17fJf9FTeneF2Mqb71b7Sm6WLVC5O5MxtNRFe86f6Z1f1L29jwXXUVhj"}
02126{"flow_id":110,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353202,"pkt_ts_usec":192451,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"pkt":"ABxCjnAxTF4M6gNlCABFKAUUuCxAADIG4NFN6ikjwKhzCABQwBY\/zywDxn1A6VAQAALrNgAALT11Li5gWvs4BXi1xLjmvfKMj0peVQo7lKJXGpIXNwaIVVnV50PDXh\/nhoec299vHndpLUua\/bqpCOjp7McAoWKOkJJNwfqArWbPME9b6btDGVgV0uzbgys3HrUPZGuULZqVvC9cfPh7y1VrCRATr2jIquLGEs7NUuTFUS2\/94Q2D+b6OEydZRO9cPMEkga3a+5FSfXnzkWP45N4tdwDAY3rKF71DNh9qyHNw3zq0kfntg59U62XHN6AJpW5oqhpNP\/KXicl+wTn90pd\/Ux5pxaNuaTtiVisjsDdqJGttkpWFmkIvcN4O3H7Nh+g88QCys9WSrOYR9T1WklqZUIXO2KozevHqrDRk3FhsvxtYk4AY5OTxXPHL2qjoy\/5\/LCO7z9Q0I1UDJ6H3s55a0u\/YyMnFnPMluUDID6DqRJHSb6OUS7lT\/EU7rwQMeL0oaEabUBfFS+XanJaGDL1BZSIyNomFf0DPsUe3djOS8nPpXOhOL\/zzo0NjXvFjylWLV5uSrIEQBYM8WUnB+X2Q2Wcez+wiFByuVMleIMfXAFk2nK\/2ntwKLyC0FBADi6XZL3qNrjHMTQHSC+dvnacGjv84sTgyPra7k8ik3DBtc1vCpiDd8xq36vyCP\/Ys2QYll2fN6Xbf+94Si8B0K0uar09Ty6DviDBYXt5\/8XpJtEJWzUaGUBbbCEtHIzhk3G2p2itRnzSyt10DUes\/e9jLtGO\/lchukfEfGu5+Y3TxFhX7Hv333wv7QEFPFBprU3t6V4dIS250PFtx3UWkJ\/KX1vB3GhaMaxBrDbzvjhV2WKQ\/Nnv8ZBY9VdRfkCLJV\/HblSMFcUwHxo4IG2hrHP6TmVmYZ8nIHO7sPEv51L3RYhnBGODsvT6Nl8\/uUNtzAC0mRAznmk7IsUW9cl71zuY0pjDL21g4bID6MrMuZm1Md9NHvU392TiT0doM\/mcbpr5kwNIJ4xpVq6TbrnGRECU65QT+3b\/mxQ15tdSgLRxavOq35PnNQqYK5ZOBDF9u2L\/jTZsE\/v5\/BjNF7aLpx8Nx9Ddl+8avs92OeLW3xatFRgatYsqSPdDSCWt\/7DKoHeOQNGej+4sPaab2IT40o+lWkNrHHFVKhXd8C8SlbnU3Y75R26q+3sGFS+RyE6QyJ\/9EgUPSerMv2RjAJ0haqzfaWTRZ1ZgTOEuLBSeWyw\/5ab4eQDQi0DSVpRkK9n7z6c0f+4O2vunGdSrnv5FBBQxLbrd8yHz3RejyafRygtcHHU3GotYO\/8AGow33n2mzZuLfvvluwSNjTr7s9+t1mvnBDTAJ\/w70fY1Tmwt8AmO+R4XaV\/P8kj5BSwxsIQ6s44lL2edfFiPzVM2v9TOk+F5lYNtoawNgI43Hns0wnw00qQhKTaOTYk+\/7rXY0Dy57cX2LbiFl0dMrMNwkSmzc5OOQEillNkcjpMP\/us+nfs+bmsUceWf2FdKzv2OlHy5srMsxLZZ64aGceMbX4ACl2x0Ow5nsH0a2jCfohcp78SJIn9dHE3evNd2nn4FwNTdYtr8pjqtj6OYulAm5wuv5my4xx1pmVWIbK7w519BlDX6tBN7SDWo4cCZLo7HGPFpXlKMdV6PWa68yPUlNYrLHFOnDpF5xk8sJqNdF2omWAwtrP65WUrU3KZ8D62RRrQfwB0KLK2eRd5P3m9hXVnQ6Nq"}
00578{"flow_id":89,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2553,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353202,"pkt_ts_usec":194334,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6jHNut5ODCABFAAChAzQAAAERAFrAqAUc7\/\/\/+up3B2wAjbFHTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
@@ -609,137 +609,137 @@
00815{"flow_id":110,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353202,"pkt_ts_usec":428117,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"pkt":"TF4M6gNlABxCjnAxCABFAAFWNPFAAIAGGfPAqHMITeopI8AWAFDGfUDpP88xLlAYAfC3\/AAAR0VUIC9SL0EzZ0tJRGxqWTJJM09Ea3lNMk5pTVRSbE1UQmlOelJtWkdRM09URTRPRGRoTkRabEVnUUNNQVlXR0tBRUlnSF9LZ2NJQkJEbXpObERLZ2NJQXhDcm5fdEJNZ29JQkJEbXpObERHSUFLT00yUmhGaENJQ3NCNTkzdkt4UTZjVnpBZ0NMX2I5WFdsc0ZRVng3NTRaZ0NIdjFYYVZwMVNJQ0NtQWc9IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NClByYWdtYTogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkhvc3Q6IHN1LmZmLmF2YXN0LmNvbQ0KDQo="}
00577{"flow_id":76,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353203,"pkt_ts_usec":65844,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6cBiLE+IdCABFAAChI7sAAAER38jAqAUm7\/\/\/+uYRB2wAjbWjTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00579{"flow_id":105,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1467353203,"pkt_ts_usec":157237,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6dNArkea6CABFAAChdKwAAAERIPzAqHMB7\/\/\/+scBB2wAjWbYTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_tot_l4_data_len":25110,"flow_min_l4_data_len":197,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1091,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_tot_l4_data_len":645,"flow_min_l4_data_len":289,"flow_max_l4_data_len":356,"flow_avg_l4_data_len":322,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_tot_l4_data_len":653,"flow_min_l4_data_len":297,"flow_max_l4_data_len":356,"flow_avg_l4_data_len":326,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_tot_l4_data_len":1025,"flow_min_l4_data_len":246,"flow_max_l4_data_len":779,"flow_avg_l4_data_len":512,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_tot_l4_data_len":2244,"flow_min_l4_data_len":277,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":748,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_tot_l4_data_len":33380,"flow_min_l4_data_len":392,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1236,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1467353159731,"flow_last_seen":1467353159746,"flow_tot_l4_data_len":805,"flow_min_l4_data_len":396,"flow_max_l4_data_len":409,"flow_avg_l4_data_len":402,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_tot_l4_data_len":311669,"flow_min_l4_data_len":164,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1266,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_tot_l4_data_len":1207,"flow_min_l4_data_len":178,"flow_max_l4_data_len":1029,"flow_avg_l4_data_len":603,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_tot_l4_data_len":550,"flow_min_l4_data_len":164,"flow_max_l4_data_len":386,"flow_avg_l4_data_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_tot_l4_data_len":1759,"flow_min_l4_data_len":207,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":586,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_tot_l4_data_len":4383,"flow_min_l4_data_len":622,"flow_max_l4_data_len":1044,"flow_avg_l4_data_len":876,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_tot_l4_data_len":1759,"flow_min_l4_data_len":207,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":586,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_tot_l4_data_len":623,"flow_min_l4_data_len":164,"flow_max_l4_data_len":459,"flow_avg_l4_data_len":311,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_tot_l4_data_len":2640,"flow_min_l4_data_len":164,"flow_max_l4_data_len":496,"flow_avg_l4_data_len":330,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":164,"flow_max_l4_data_len":492,"flow_avg_l4_data_len":328,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_tot_l4_data_len":674975,"flow_min_l4_data_len":146,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1275,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_tot_l4_data_len":691957,"flow_min_l4_data_len":269,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":1276,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_tot_l4_data_len":269,"flow_min_l4_data_len":269,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":165,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_tot_l4_data_len":96799,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":5,"flow_first_seen":1467353190178,"flow_last_seen":1467353202194,"flow_tot_l4_data_len":705,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_tot_l4_data_len":615,"flow_min_l4_data_len":219,"flow_max_l4_data_len":396,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_tot_l4_data_len":768,"flow_min_l4_data_len":323,"flow_max_l4_data_len":445,"flow_avg_l4_data_len":384,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_tot_l4_data_len":827,"flow_min_l4_data_len":257,"flow_max_l4_data_len":570,"flow_avg_l4_data_len":413,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_tot_l4_data_len":11052,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1091,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_tot_l4_data_len":11052,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1091,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_tot_l4_data_len":35385,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_tot_l4_data_len":35385,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":350,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_tot_l4_data_len":760,"flow_min_l4_data_len":165,"flow_max_l4_data_len":595,"flow_avg_l4_data_len":380,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_tot_l4_data_len":704,"flow_min_l4_data_len":165,"flow_max_l4_data_len":539,"flow_avg_l4_data_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_tot_l4_data_len":550,"flow_min_l4_data_len":160,"flow_max_l4_data_len":390,"flow_avg_l4_data_len":275,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_tot_l4_data_len":2160,"flow_min_l4_data_len":165,"flow_max_l4_data_len":918,"flow_avg_l4_data_len":540,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_tot_l4_data_len":1075,"flow_min_l4_data_len":165,"flow_max_l4_data_len":910,"flow_avg_l4_data_len":537,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_tot_l4_data_len":1226,"flow_min_l4_data_len":160,"flow_max_l4_data_len":1066,"flow_avg_l4_data_len":613,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_tot_l4_data_len":1072,"flow_min_l4_data_len":165,"flow_max_l4_data_len":907,"flow_avg_l4_data_len":536,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_tot_l4_data_len":745,"flow_min_l4_data_len":165,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":372,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_tot_l4_data_len":548,"flow_min_l4_data_len":165,"flow_max_l4_data_len":383,"flow_avg_l4_data_len":274,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_tot_l4_data_len":753,"flow_min_l4_data_len":165,"flow_max_l4_data_len":588,"flow_avg_l4_data_len":376,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_tot_l4_data_len":1078,"flow_min_l4_data_len":165,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_tot_l4_data_len":1077,"flow_min_l4_data_len":165,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":538,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_tot_l4_data_len":3237,"flow_min_l4_data_len":165,"flow_max_l4_data_len":918,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_tot_l4_data_len":1990,"flow_min_l4_data_len":165,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":663,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_tot_l4_data_len":1078,"flow_min_l4_data_len":165,"flow_max_l4_data_len":913,"flow_avg_l4_data_len":539,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_tot_l4_data_len":814,"flow_min_l4_data_len":165,"flow_max_l4_data_len":649,"flow_avg_l4_data_len":407,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_tot_l4_data_len":3139,"flow_min_l4_data_len":83,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":627,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_tot_l4_data_len":13333,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_tot_l4_data_len":13333,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1073,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_tot_l4_data_len":1383,"flow_min_l4_data_len":673,"flow_max_l4_data_len":710,"flow_avg_l4_data_len":691,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_tot_l4_data_len":1197,"flow_min_l4_data_len":20,"flow_max_l4_data_len":970,"flow_avg_l4_data_len":399,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_tot_l4_data_len":659,"flow_min_l4_data_len":249,"flow_max_l4_data_len":410,"flow_avg_l4_data_len":329,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_tot_l4_data_len":1077,"flow_min_l4_data_len":165,"flow_max_l4_data_len":912,"flow_avg_l4_data_len":538,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_tot_l4_data_len":1050,"flow_min_l4_data_len":165,"flow_max_l4_data_len":885,"flow_avg_l4_data_len":525,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_tot_l4_data_len":718,"flow_min_l4_data_len":165,"flow_max_l4_data_len":553,"flow_avg_l4_data_len":359,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":32,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_tot_l4_data_len":825,"flow_min_l4_data_len":165,"flow_max_l4_data_len":660,"flow_avg_l4_data_len":412,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_tot_l4_data_len":1321,"flow_min_l4_data_len":355,"flow_max_l4_data_len":483,"flow_avg_l4_data_len":440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_tot_l4_data_len":1228,"flow_min_l4_data_len":165,"flow_max_l4_data_len":1063,"flow_avg_l4_data_len":614,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":25,"flow_max_l4_data_len":463,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_tot_l4_data_len":606,"flow_min_l4_data_len":241,"flow_max_l4_data_len":365,"flow_avg_l4_data_len":303,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":241,"flow_max_l4_data_len":241,"flow_avg_l4_data_len":241,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_tot_l4_data_len":155,"flow_min_l4_data_len":51,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_tot_l4_data_len":155,"flow_min_l4_data_len":51,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_tot_l4_data_len":705,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":96,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":116,"flow_max_l4_data_len":116,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_tot_l4_data_len":232,"flow_min_l4_data_len":116,"flow_max_l4_data_len":116,"flow_avg_l4_data_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_tot_l4_data_len":395,"flow_min_l4_data_len":165,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_tot_l4_data_len":520,"flow_min_l4_data_len":160,"flow_max_l4_data_len":360,"flow_avg_l4_data_len":260,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_tot_l4_data_len":1312,"flow_min_l4_data_len":160,"flow_max_l4_data_len":1152,"flow_avg_l4_data_len":656,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_tot_l4_data_len":1530,"flow_min_l4_data_len":90,"flow_max_l4_data_len":1280,"flow_avg_l4_data_len":510,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_tot_l4_data_len":1269,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_tot_l4_data_len":1233,"flow_min_l4_data_len":131,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":400,"flow_first_seen":1467353136432,"flow_last_seen":1467353136981,"flow_tot_l4_data_len":151646,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1075,"flow_avg_l4_data_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_tot_l4_data_len":3311,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1075,"flow_avg_l4_data_len":662,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_tot_l4_data_len":3311,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1075,"flow_avg_l4_data_len":662,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_tot_l4_data_len":1060,"flow_min_l4_data_len":255,"flow_max_l4_data_len":805,"flow_avg_l4_data_len":530,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_tot_l4_data_len":8715,"flow_min_l4_data_len":439,"flow_max_l4_data_len":519,"flow_avg_l4_data_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":23,"flow_first_seen":1467353151975,"flow_last_seen":1467353165019,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":24650,"flow_avg_l4_payload_len":1071,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_first_seen":1467353159222,"flow_last_seen":1467353159428,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":581,"flow_avg_l4_payload_len":290,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65127,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_first_seen":1467353181295,"flow_last_seen":1467353181515,"flow_min_l4_payload_len":265,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":589,"flow_avg_l4_payload_len":294,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.5.15","dst_ip":"68.233.253.133","src_port":65128,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.74.190","src_port":22793,"dst_port":1037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1467353136835,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.232.243","src_port":22793,"dst_port":21044,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136836,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.169.136.116","src_port":22793,"dst_port":17951,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1467353139305,"flow_last_seen":1467353139309,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":759,"flow_tot_l4_payload_len":985,"flow_avg_l4_payload_len":492,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"203.66.182.24","src_port":50466,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"220.130.154.23","src_port":22793,"dst_port":35941,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1467353152692,"flow_last_seen":1467353167734,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":798,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_first_seen":1467353156641,"flow_last_seen":1467353156700,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":2184,"flow_avg_l4_payload_len":728,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50488,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":27,"flow_first_seen":1467353157138,"flow_last_seen":1467353157157,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":32840,"flow_avg_l4_payload_len":1216,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50491,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1467353159731,"flow_last_seen":1467353159746,"flow_min_l4_payload_len":376,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.66","src_port":50494,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":246,"flow_first_seen":1467353189325,"flow_last_seen":1467353189439,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":306749,"flow_avg_l4_payload_len":1246,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50505,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_first_seen":1467353190040,"flow_last_seen":1467353190044,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":1009,"flow_tot_l4_payload_len":1167,"flow_avg_l4_payload_len":583,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50507,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":2,"flow_first_seen":1467353190634,"flow_last_seen":1467353190638,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":366,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.47.91.129","src_port":22793,"dst_port":22576,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1467353138757,"flow_last_seen":1467353138794,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50463,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_first_seen":1467353140755,"flow_last_seen":1467353140794,"flow_min_l4_payload_len":602,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":4283,"flow_avg_l4_payload_len":856,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.32.39","src_port":50476,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1467353165456,"flow_last_seen":1467353165492,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":566,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50496,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_first_seen":1467353160157,"flow_last_seen":1467353163154,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.48","dst_ip":"239.255.255.250","src_port":63930,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1467353136439,"flow_last_seen":1467353136440,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.249.53.196","src_port":22793,"dst_port":32443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":2,"flow_first_seen":1467353191500,"flow_last_seen":1467353191505,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":439,"flow_tot_l4_payload_len":583,"flow_avg_l4_payload_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50766,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":8,"flow_first_seen":1467353191521,"flow_last_seen":1467353191606,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":476,"flow_tot_l4_payload_len":2480,"flow_avg_l4_payload_len":310,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50767,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_first_seen":1467353191604,"flow_last_seen":1467353191608,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.19","src_port":50768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":529,"flow_first_seen":1467353196856,"flow_last_seen":1467353197680,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":664395,"flow_avg_l4_payload_len":1255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50778,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":542,"flow_first_seen":1467353198532,"flow_last_seen":1467353199507,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":681117,"flow_avg_l4_payload_len":1256,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50780,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1467353200271,"flow_last_seen":0,"flow_min_l4_payload_len":249,"flow_max_l4_payload_len":249,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":249,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"223.26.106.20","src_port":50781,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":2,"flow_first_seen":1467353190168,"flow_last_seen":1467353190235,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":145,"midstream":1,"l3_proto":"ip4","src_ip":"202.108.14.219","dst_ip":"192.168.115.8","src_port":80,"dst_port":50295,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":255,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":94759,"flow_avg_l4_payload_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.42.0.158","src_port":22793,"dst_port":7716,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":5,"flow_first_seen":1467353190178,"flow_last_seen":1467353202194,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.28","dst_ip":"239.255.255.250","src_port":60023,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.44.171.1","src_port":22793,"dst_port":29702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1467353156959,"flow_last_seen":1467353156998,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":376,"flow_tot_l4_payload_len":575,"flow_avg_l4_payload_len":287,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50489,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_first_seen":1467353157063,"flow_last_seen":1467353157103,"flow_min_l4_payload_len":303,"flow_max_l4_payload_len":425,"flow_tot_l4_payload_len":728,"flow_avg_l4_payload_len":364,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.13.188","src_port":50490,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_first_seen":1467353191688,"flow_last_seen":1467353191722,"flow_min_l4_payload_len":237,"flow_max_l4_payload_len":550,"flow_tot_l4_payload_len":787,"flow_avg_l4_payload_len":393,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"101.227.200.11","src_port":50769,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1083,"flow_tot_l4_payload_len":10732,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":40,"flow_first_seen":1467353136439,"flow_last_seen":1467353136982,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1083,"flow_tot_l4_payload_len":10732,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.197.138.12","src_port":22793,"dst_port":6956,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":34577,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":101,"flow_first_seen":1467353136433,"flow_last_seen":1467353136982,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":34577,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"118.171.15.56","dst_ip":"192.168.115.8","src_port":5544,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1467353136616,"flow_last_seen":1467353136617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50462,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1467353139505,"flow_last_seen":1467353139595,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":575,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":360,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50467,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1467353139627,"flow_last_seen":1467353139779,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50469,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1467353139662,"flow_last_seen":1467353139771,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":370,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50470,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1467353139819,"flow_last_seen":1467353142600,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":2080,"flow_avg_l4_payload_len":520,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50471,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1467353140709,"flow_last_seen":1467353140888,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":890,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":517,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1467353140628,"flow_last_seen":1467353140677,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1046,"flow_tot_l4_payload_len":1186,"flow_avg_l4_payload_len":593,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50474,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1467353140655,"flow_last_seen":1467353140720,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":887,"flow_tot_l4_payload_len":1032,"flow_avg_l4_payload_len":516,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50475,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1467353141138,"flow_last_seen":1467353141308,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":705,"flow_avg_l4_payload_len":352,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50477,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1467353147705,"flow_last_seen":1467353147794,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":508,"flow_avg_l4_payload_len":254,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50483,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_first_seen":1467353147927,"flow_last_seen":1467353148016,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":568,"flow_tot_l4_payload_len":713,"flow_avg_l4_payload_len":356,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50484,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1467353150114,"flow_last_seen":1467353150272,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50485,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_first_seen":1467353157468,"flow_last_seen":1467353157533,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50493,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":6,"flow_first_seen":1467353165300,"flow_last_seen":1467353165845,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":898,"flow_tot_l4_payload_len":3117,"flow_avg_l4_payload_len":519,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50495,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":3,"flow_first_seen":1467353172912,"flow_last_seen":1467353180202,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1930,"flow_avg_l4_payload_len":643,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1467353180357,"flow_last_seen":1467353180443,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":893,"flow_tot_l4_payload_len":1038,"flow_avg_l4_payload_len":519,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":2,"flow_first_seen":1467353185940,"flow_last_seen":1467353186002,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":774,"flow_avg_l4_payload_len":387,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_first_seen":1467353202192,"flow_last_seen":1467353202428,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":3039,"flow_avg_l4_payload_len":607,"midstream":1,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136835,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.37.142.173","src_port":22793,"dst_port":1074,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":12973,"flow_avg_l4_payload_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":45,"flow_first_seen":1467353136440,"flow_last_seen":1467353136952,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":12973,"flow_avg_l4_payload_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"219.228.107.156","src_port":22793,"dst_port":1250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.233.39.81","src_port":22793,"dst_port":18590,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1467353138931,"flow_last_seen":1467353139050,"flow_min_l4_payload_len":653,"flow_max_l4_payload_len":690,"flow_tot_l4_payload_len":1343,"flow_avg_l4_payload_len":671,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50464,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"119.188.133.182","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_first_seen":1467353165563,"flow_last_seen":1467353165659,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":950,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":379,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.112.49","src_port":50497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1467353144819,"flow_last_seen":1467353144913,"flow_min_l4_payload_len":229,"flow_max_l4_payload_len":390,"flow_tot_l4_payload_len":619,"flow_avg_l4_payload_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"140.205.243.64","src_port":50482,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.227.170.88","src_port":22793,"dst_port":20227,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"121.248.133.93","src_port":22793,"dst_port":12757,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_first_seen":1467353195852,"flow_last_seen":1467353195956,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":892,"flow_tot_l4_payload_len":1037,"flow_avg_l4_payload_len":518,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.236","src_port":50771,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.112.31.89","src_port":22793,"dst_port":29072,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_first_seen":1467353196104,"flow_last_seen":1467353196204,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":865,"flow_tot_l4_payload_len":1010,"flow_avg_l4_payload_len":505,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.221","src_port":50773,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":2,"flow_first_seen":1467353196393,"flow_last_seen":1467353196523,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":533,"flow_tot_l4_payload_len":678,"flow_avg_l4_payload_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50774,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1467353136835,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"114.41.144.153","src_port":22793,"dst_port":10492,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"61.223.204.67","src_port":22793,"dst_port":11102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":1467353167288,"flow_last_seen":1467353167373,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":640,"flow_tot_l4_payload_len":785,"flow_avg_l4_payload_len":392,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50498,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1467353157433,"flow_last_seen":1467353157718,"flow_min_l4_payload_len":335,"flow_max_l4_payload_len":463,"flow_tot_l4_payload_len":1261,"flow_avg_l4_payload_len":420,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.13.3","src_port":50492,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_first_seen":1467353170523,"flow_last_seen":1467353171307,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":1043,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":594,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.76","src_port":50499,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":3,"flow_first_seen":1467353190892,"flow_last_seen":1467353190978,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":443,"flow_tot_l4_payload_len":557,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.38.219.107","src_port":50509,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_first_seen":1467353195855,"flow_last_seen":1467353195998,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":345,"flow_tot_l4_payload_len":566,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"123.125.111.70","src_port":50772,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1467353199417,"flow_last_seen":0,"flow_min_l4_payload_len":221,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":221,"midstream":1,"l3_proto":"ip4","src_ip":"123.125.111.70","dst_ip":"192.168.115.8","src_port":80,"dst_port":50775,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1467353136483,"flow_last_seen":1467353136483,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"183.228.182.44","dst_ip":"192.168.115.8","src_port":13913,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":5,"flow_first_seen":1467353189820,"flow_last_seen":1467353201861,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":665,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.41","dst_ip":"239.255.255.250","src_port":50374,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1467353136838,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.104","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1467353136836,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.61.167.82","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"1.175.128.104","src_port":22793,"dst_port":5185,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136838,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.87","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136833,"flow_min_l4_payload_len":108,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"218.61.39.103","src_port":22793,"dst_port":17788,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":6,"flow_first_seen":1467353180830,"flow_last_seen":1467353195837,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":52529,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.20","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1467353136837,"flow_last_seen":1467353136837,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"210.47.12.19","src_port":22793,"dst_port":33738,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":2,"flow_first_seen":1467353191538,"flow_last_seen":1467353191606,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.110.220.15","src_port":50765,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_first_seen":1467353196441,"flow_last_seen":1467353196535,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":340,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":240,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50776,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_first_seen":1467353196740,"flow_last_seen":1467353196835,"flow_min_l4_payload_len":140,"flow_max_l4_payload_len":1132,"flow_tot_l4_payload_len":1272,"flow_avg_l4_payload_len":636,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50777,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":3,"flow_first_seen":1467353197951,"flow_last_seen":1467353198052,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1260,"flow_tot_l4_payload_len":1470,"flow_avg_l4_payload_len":490,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.206.22.77","src_port":50779,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":9,"flow_first_seen":1467353179045,"flow_last_seen":1467353203065,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1197,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":58897,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1467353136834,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.117.101.81","src_port":22793,"dst_port":10162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":9,"flow_first_seen":1467353197131,"flow_last_seen":1467353203157,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":1161,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.1","dst_ip":"239.255.255.250","src_port":50945,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":400,"flow_first_seen":1467353136432,"flow_last_seen":1467353136981,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":148446,"flow_avg_l4_payload_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1467353136439,"flow_last_seen":1467353136660,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1067,"flow_tot_l4_payload_len":3271,"flow_avg_l4_payload_len":654,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.198.7.89","src_port":22793,"dst_port":16039,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":1467353172446,"flow_last_seen":1467353172450,"flow_min_l4_payload_len":235,"flow_max_l4_payload_len":785,"flow_tot_l4_payload_len":1020,"flow_avg_l4_payload_len":510,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"23.41.133.163","src_port":50500,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test"}
diff --git a/test/results/ps_vue.pcap.out b/test/results/ps_vue.pcap.out
index 209cc779a..0cfc69806 100644
--- a/test/results/ps_vue.pcap.out
+++ b/test/results/ps_vue.pcap.out
@@ -1,5 +1,5 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ps_vue.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568831054386,"flow_last_seen":0,"flow_tot_l4_data_len":1338,"flow_min_l4_data_len":1338,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1338,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568831054386,"flow_last_seen":0,"flow_min_l4_payload_len":1318,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":1318,"flow_avg_l4_payload_len":1318,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":386409,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"pkt":"QJkivOG5AKC8brI7CABFaAVOJd8AADQGjbAI\/AKLwKgBhABQ5z6u3wY0Ay5J4VAQgjL2BgAAKErv4VCv5XHq3VugakpTkhrL+kb9dEp7ZqV8OhbiblbF4ucSVzx\/MP1oilcz0crd02QqcE8+devTItKmafCbWnAwE\/9DOgi7ce43g2BD\/nJGwrypV0n\/lpKlZCPvunYTTeqjhwGKc6502l87Xs+zfJVWBneqtMKdkFu9Luvy+dyqO7rHnCabtAWrpEy0TRcv6LTWKIFUotAIaLkmY7WgSmFIZ62TK8CnvaxwDwzYvJ5ZjQiFN8X5DxilG\/df4sIjuAdwJhNDFhHUfzAE+UueG\/lVfoML5Xk9w+TPsk3F5uGAaPkC86EBn82kkWRI6MGF8SyydVvt5HnewuoCF8DHruY5qPlbl5yLGmUCy6LuKc8s6KM27nygc3Bte7e7XAKflW8Wcvmd0+7YASMoWJ\/SESHwJfo+tjoKQJDCuUg0eYkktG8s\/htBFaRrrEIIIogo1I1rceufguXuUufTPlgB4e4clivmC\/NVWuNR4Wlwc23B3RImV9O2fDK8pRwdsflldfN+2wrlemyOmIEW44MXIVRj4Jx0AiJHgrkz1UzanBUfeGRbpCbnANXha\/D+RxGqI9Y56kLfgbJA9toJuDdEp381WrPm4dk\/35T1ydquleaKrCQ4GUMJvemfq4+2BDWl9ZtzetW\/B52p73A\/IWp9\/JZFCoDaxRJxW2x+nAmeXg4dqTNcnSkj6r0ZKGpEmQibRROebc4N\/OonXc34WkAxZUnA1lC9DEfcItjHPS5bD37cnbpH0gQpDyjOpktkp2UlMdh3PUqigdjHcpUokGd4mAs+\/YFOJPQYT3L5Unc7NDJXghAQbx2nr+oAPx57SB2pRpLcQeD0J57sEpedBQn4XuPnJzaT3OIKdVjZBmwQsn6OHZjEK0I+7BC1eT+jxrPCCQKfpdarqx0mvDgQYWl9uo48EyOvlFkhXjzwZ\/g0nNk9VvOJk9J0L3HSGeXT5\/gmBR6HQc0jiTIlo7hsvOPQ3KzYvH0dkO6gGhTpZwbviYuyiUwG5\/Cp\/e2WVNyZPfnGcN5Yq8w9HkqxHdyOS\/V+K2Nr+z\/t9oTBcSlldci4yuZPSv54jSSzyl3XBHOkOKXk2uUGuEDrbGYDWDjiFbdv1FyP59FHXvE3S1kPDwZrclBqLVjCjaLRSpmxaO1vC1mUHsA9VdUzyhj6QCrLBTQmgQihfCEu5hhGU+ion9NQlLrK9oTWfzfxnTcAEZ5yGWkanmygLm+9oYrRVZ1F4Jvwb0tE+fDeLs7wGIQyOmoBn+nQCxSGP5d2AHoe92SDjy1zgLy7so5DxG+8kuTVKra\/VLGpeSv2BMHOhHwp+IbvaRN9HIXUwkF9r83JbUly94XxqcakWod6a1mV\/LGqgeo3kxq1FxWfhMN8rjVKFZGzFJ6mX2\/YZXsaSJZjewY6Cu2UYcvpY\/FkSF0lYeAQdYHKmAcZsWkEdMu300Gbvn2i0tmmx+0Pfx0fG70baFTfErZgkBhLstjRnhKlAAv8h\/BrE0FKt0hIVWumNRn+jd40MiH0FOkDtxG4SoZU5omb184ogJwSJ1DwMEnXaquhJ3BQtsRwGkEeGNf7HTidpttGUz8zz4MqSXh\/sHhtofPp0atPWf22qfpEefudIXIpM5OWo9PlSNER5a99KtuZQYrTPKfXeWMWl2r\/veNAfvGyupDsDnRcFsQsCPz\/BLfBLXAKixhxb3aK2FeGHnQ0jNhJL+CcLA+EE3AEmb4MU+e4t50YO+Eu7L+xkGD57kzrugTcmBgrRjBcEA=="}
02211{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":386505,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"pkt":"QJkivOG5AKC8brI7CABFaAVOJeAAADQGja8I\/AKLwKgBhABQ5z6u3wtaAy5J4VAQgjIehwAAVmjXm6oo5VKTUUlxb0W3E81vB9ZxFtPKR4EIgDSzsMZRuBrZPVK+DJqL7elqQHFVnXmO54z2TD4Dj28sHaJvK3ncn6xerjIN7sy9I36\/eZVwP5Cn0qrC8AIkY36VwGWTyBzL7+xIagZlNa3RdzULDJLPoM7D0T0YcEi6MyZXBujPuViaYGsfAbwbgn5b6DYRWR+vA4m5e\/vJZrAW\/bO4lnM1BJsWdGV\/8pd\/FUa\/3fjHFNsT+sPBcZz6Pr9JhudnxHr0rYuSfPsMmCecU46VRczeyiL7GPuOWst16kiLytaPfmw3b1JemKUaLWf0Rhd7tiVMf+y\/xU92Yy8WKPlolDC+\/eoXKonvA6y22W6UVrQQj\/bE6aLoNFWCbKIU5dr\/\/8\/3LL2uDEkYeNu6isLGfN0uRj3j0syq\/3uWBBmJ1HnVgrOeWkVzjv7lh7mcjbm2aVY\/UEDPaGHqh8zm9yJsZvX01bLzllIV9mMdL8yprJYLmavuYMfBWKaAN3U9UQGvKECDlN4z2HO+J4xPvhH9iLqWBk0QkGYyEvJHvbEmgGYw0eiixXhbN61PL3vQszMz94fqlK5pwlcB6VB6WX6b6uBWQe8dUh+NRho\/TQ37e5+A+Gh2Dw+2aiXdKyItQFRaQIXpZvNp5UAOLjzRBJsDz6gL+L0e0Ft\/W+qfc0TfuOzULkgJCEdw2MvcfrnjeNyRqupEjBZ7VEG\/2PUqnoLlpBKavWueOqgdsWHlTk\/70r\/COI\/Gl1\/3TznIXWoErnC6X3PL+X68zzTEJ7Hnq5x2c95lQPmzFya\/bpfdWqx4WzM8awJD5g2lvQc+eqSPoA05rpB8AcIXF9rTPSGtqGjaYy0Btc8vA7gQG8\/5Wu3iN5SY9Ao2+ToNukNfVF5IcKGIL8V+ArUNIPL9bQ9Z7Vg922vlIcv9TsMg929w5q7QEWv\/1TB6gF7LEvo\/bZQBZwabLgVwUBRYTPcY4IYiNuRlgk6wEb3fGZdMxf5Cn8MdzbzHfSl7f2ifhduyGTvWdkVFSSaJMMTDFRh3Qsazze15JppJmOciPxTmUO6Doee7Zo9IwS5y\/MEFNqTe11Hq1tQB1sV8cRFS5yPS+g4NdOqnGEYVPT0YGGGhbjvrV+h7NQE6hzPLeHiqcpcB\/4x2WRwnNJLU4NV0l7Miq8XZJdl++t2uQwMhig32aEu66660GGqxvLiNfVTxzHnAW58k8RPs5R1Xd3elrqRaZXuypABSN8g0qP8atp9wdXFmAJcctJZBbgKspLsXP7kteWGM05W4GK0LoHcsLFvSHoJ\/wNGLjta9O+jdr1rpfvwHG9SoCfh8jrG9nN0fDkh6IU+sCQTC9vES4Pu3Vth\/t2elcn0yJFisar8rl0RF3rg9qx79lgeRTQxnydxILQw446KDk\/GPez\/zajHb\/6\/pWMcrOQhb0qIFF9cJ\/FhPavhImumyOd7eg9JvHdlByzw+wVWZgjo5gi664xi0E0lvkPN0BuMXnAOfvlyGr0h\/+zwKPH8AL7teqATUH+w6vUQtF+pCPMRfDUp7eadX7iztaCTNtt6VzyVkR\/y2PkT3DZQQJ9R\/dRTOnKuedYFQQIpAyGs2fI5PDSqa2Dx8h4p6rb304eiIRR76+o0\/0pJOOaus6W4DFqvp0xHo+nK7hqgIi+XLyhUT47YdAs7H16OeAnlSXD1GmM\/0zTAkev4sFFwerrPSec73af72KjqmDVr4SSOTm5yIv28qFzzqKQ7fiETThx19Awk29yOa1w=="}
02202{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":386562,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"pkt":"QJkivOG5AKC8brI7CABFaAVOJeEAADQGja4I\/AKLwKgBhABQ5z6u3xCAAy5J4VAQgjKcYAAApx5MJr0fxze9y0pULUQ3EpijmIO+LFmwk08ms9LFr+EIqxe5Lf9M5UhXqaso6cyoNEmrND1U3BPo21jOpkhx66xfdzjz0bSUE7eD78TLqRL5f5HB87zMKWOCKqPR0HTP8Xdlym+iZHt0xnmWSRO\/l2e7pTGF924aaAG11QsBAnAeV9a6b3DukPVuf4Beivrqpk9NPeSY4rykpa9mN3hvIx3Cdw3r5lO8kAEYBz3DOXVzXcFr52ZGORWsMHtIXnTnQT+E86kDxM70lJjOnaUsU5wDCkEYv\/snv1ajyI8obZu7r3pfhaULlIFUfojhkXhJgwTDbCNjJhiJnmvy6K1P3AsiQIZ13uNPbjM0BfEMrC8FcDmphQaB6j2tX8FV2w5uvxI2vdZFxdMWPKN4ku5UCDSVpk8WRtSfvMLOROCXTaBczRUDRDd6iQJB9liSa\/kbKb1UwHtjIuwse5162eeMS3NEqUopFEHIU4ZYwpTqV7+6TUVUaxZO6fE8Dw0x3pvh7epJITiRQ3eQyOvD0YP5IK82b67+mzxe\/6Gx\/dXHP\/V1ObFQsjd7Ihqz1NparAz3wE909sWkWBQZ\/joTBvcgvlA4lTEISOQAj01BkMXD4t0NfUhycvVPzp0DHBwYyy4sI0CCEjQI6CRYfO2KYoHsz3GqMeycgj9fjtJceX+t3IJwgxL+aXpZZi16YJ8B6xIHS2\/wBRxPpphRN7BUQPHtOzXYWooviZG5yTWj69wdIp2lA4zsQ4wXFio+RqRaR42XZABiNMQ73AZZ0tN7h81XfOUfF4pGqFXexKJlpqri\/9Iwb61HMCNKEL8mWMdvCyawLFt+keYz+REWTpqHNhr528+WUScuZ9X+j7uzG0gbDxeYvKEFP0+Yg6IMpXHpThzsFQKRz3y\/h+9fwzAQbA2Td+zAgzy22dz09vIPZ0QXf\/93Zv5y4jyiVDLZ+nNo21wv6A2byeqbLCHfMtMlZd8f32ryLofflbUcnnVQE2gJicK\/PDAMPT57VwXmcJbkvtf8K7ZcSe1TBNJznjZ2IcXRPvfZ5lU+WAN3HGtcTu1fFHDLApn4cYn5v7\/OFMUudlO+kwAz6YYUP\/xKnMxM0aw2NmipGe60RO8mQRgiNA3UjgUttdn3TkoUAeWt3POhMkq78nBtgdYoyCPswFscsMPOibkZ+YVxcQYlfS6xgKQllJVJyh4XV\/1SgmDt4Zk2aQ6ziksT4Gt1NXz\/4VNbaIw1Wkx+AuKodZIWi4RYsqLH\/d5MkQyYP795QYgLMaeEeBMMIW3vIDD62sjwEMTZ0eYSJL7ZKTFXwOJyk9ru\/Z4L\/21loJX+I35J7akZTYxAoHO1\/txR8NWcZmyDO3V\/e24Y02BRNiy\/DCSilhBbmMq0Qj1l2nHrZMtJtl4hfcR4D3zYVx\/x5RinF4P5l4xVTrzQoW04eq87iU7aLPCLBnC1BhyQIWPBjqB7fFtdNgVr3XxFQifRRKDIf72Hxc4L747vw83SBK\/pg\/aeLFGt1d26emQllvylYMur1PBBGkKcDvPXhZ1I6UdqislrUbMczCSHyprNZJ5KgaZWI2UhiZDCh0RnOa7+kiKGsUmp6\/QrQY3B9HOFrGfAEYdO\/\/HxKOgi2VB4l0j63E9WM5LyfNAsmp9D\/xllKt+0Y2y7\/IkMbsKhoxV9hjY2L7uiWvUDZecC58zWZyX9dnZtSBAGbGCFtaIFc4+wysAgDoDp5fH2Gz3ExqGwiiQ1iqFEmVsGQYKbZjWioEglmg=="}
@@ -15,44 +15,44 @@
02208{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":426949,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"pkt":"QJkivOG5AKC8brI7CABFaAVOJkYAADQGjUkI\/AKLwKgBhABQ5z6u3z72Ay5J4VAQgjK+sAAAISsDXJnJbbuQd46999uI9\/9nG\/Ek\/L5WTPI5OOT3apJUyD85SgzkqrKzMEeFtwcmlIrBH6gBVpTe7jr\/J7ooHyGqpE63nOW7DYSpdolL\/0Gb5DRBw+n\/pXeLwlF+A5oSbHCdTvYkgiy+x5cgdjTDyZg+49CB0Ali5D9sdkcx\/94yU09SoYgP9u52OoeBJe3iahIfdY7mm9iAAT2dD6Ut\/ViwZZlayCyIPh\/Rstfidqj2kY6POAXRzcPLmf7O4UhGWhpTlWDlEyqlBCns2DF2\/UVgRrZgbjdLmbuYVhyZg4XADV+6eAQoWqlYN9\/rqIozihsMF9anoJMmDO9mI168WZ2OVsOWtQfYdGE6NP+5vQCgLq7zx\/l76ZunGmooAYYGvU2RmPiYJKZLBz3tJkSIn2ZuVPePX7KTyz6si2d6G\/ttxvs092ZLcsPDJD0olfAzI5Z0iTD62jv+DIxMbomEuWdkPikwgj\/QPnnnQCAtD0b9c82CUYtksXsneWvVO1h\/VQppaw9JXzJDRU8vOgzVQQkwW5i\/2rn27sjDyScgIzWQ7i9yngrNDUAEPsZ6j2ZkMZ6TDH6XvKqL6ZRluC4DMoTlnYQdcmbKNgjZiQD0HW\/ko6KRDOgRuNkh+kheQJ\/WmyB8i7IndzSkCjPDlRlmB8QswKiTY+7P7kwKRCPn4grPUQRSw8DsoUkbUM1r8B0zPGjg2s8GkdZXygyVlVEKioRh1d8Yflhcs3E4zo+YazQBxix1gl\/M1Ba2IT\/YTi\/zTGIFYczckdi5J3nak88RtspliB+UAmEKvY9J2D6xlqHBCfRBf1MFaA+NgldlPJW+4SEOCk31sBNWZ0+\/jfGtfXq6qwONqsMxNyC1ftuM7enCvXR6nomZHER6Bo5P8Krs5z8D0TqsyfTR+xVUSoYrKmkRWcnV3XU8IzqlW6X7pi7NZakQ4SOCsqP3emFEFQiC4t66z7HUP\/a\/\/ssZTTUQ2nur7RoFzKAPasjCxqHpGUShaLczRclZZCCPu8kXVM7xe0hVCSJtzl6s9PHleB\/ftU1+6ue0mJLUWQeXTsgcIuT705C1cpUPND6hkRRXaQat4mfIrGZPpqLBjfoYBQFr\/E5CoJZLCKw5S0eNKqfVunDGLjZvXCwe7CtK1XWwE1ysU0ZvN4qQG50r0pFFfKWh989KLnsxgvpFhwdoY2fSG4tAo19KJn8sD7Jh1\/YSYzS4IG2lmjw7H98gXe351CnRj1OW0FbrOVi5Ftow601KlkhiKkoxB5rvSrwecZJpNoDmb8254d\/tkS36VoFZVoYDRcV7HspHFjrrJTHFmkai+wTLa+CIveh1CIqyA8EyTlNFsFBJ8MdhugGFaEJJOW9iCRTIiVk7FRJIMEXrd7aJGK+h6SAtLx6hkVfoltNYLtMIDJvQs6\/VT8HUsfIz8C0MpBMNYKrXsC37b3wzsMgECNIW93s2EXvQu7Gy8eB5f6znj0Zmj2wVnagorTZ3rJuM\/4y5X5J4x34wLo7xONLotBrvnCEcFPcbfdZ6sBHMsNhMttDOLGuyo1bAaERsK87A+8ndQREwqCU44emZzOsAjqFrxAsZzlErbKOvH4sy+Qb6Lg3fRwhGJ45UYssWUKUZjE8CKwz3l2ae17PgCz4OVGSG0dsGQMhwCWE+d03kAjMxhZD8Tg8IOdj\/szXac8mYtU\/i4q2qcwZaiX3JNHmcGCzVRTqgRx\/+7UK5JRJwXGCM6VRIRlROwzx8aQqCo8X4kWZ8RAS1sA=="}
00432{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":427047,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"QJkivOG5AKC8brI7CABFaAA4JkcAADQGkl4I\/AKLwKgBhABQ5z6u30QcAy5J4VAQgjJN+QAAs0edR6lCBoXgo4HYg6cD0Q=="}
02201{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831054,"pkt_ts_usec":445716,"pkt_caplen":1372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1372,"pkt_l4_len":1338,"pkt":"QJkivOG5AKC8brI7CABFaAVOJmMAADQGjSwI\/AKLwKgBhABQ5z6u30QsAy5J4VAQgjKYvAAA3GwADCC8FjXXffY2jQTmI29Dzp5HTjRwJ+XbOGy9i2SdOTZvXVQbJqpFcGtRtfyiprgb+P7z8WpLXm++uWkKfvEX4ngCBz9LwSh+VOsTGezUGBLtHe6PkS\/ImapJqEqIRbIeCtpvBXnn51nPpigWsNQp63+0jelE0jcvWWPZjgO9QmU8USA8Efhj\/6ASch\/oVpHDkp\/pR4uSe3CYIQs3H+FZX\/PgQr6yTjpF3Dh8ZLt\/OgbpHf5XmRSYvAYNPnw2o46spKoexen06\/eIYLyDCFu18eQaOcrzMaFOl0dxP3edfIxLQduqfDMXiey4QhxNGk7kY2O8KT74GpBMxP7osY1mPpqKsCdA8WFt44X\/ZElL6Q0FwNivhpl\/Z3xUlhECPikVLmWFwfFoyw2EMOJp4upn+SHG5\/vgop70iNHUCJymypg8\/SO1WvFQ1tMfwoj3lKjUVBehRhXCPk2lFUAY\/8TxpHerkonTJK4TBuEFqkSA6PFH4cE47p0m3goI3zE4xIESvq4mUSTfIl4ukglHXjey1bAnQ\/+wMNwhJfBVqEVK2fM2bN1qIsy+Ti54e3bl7uwUviLGuQXzfBYQJQD7wRNeOnEGplZ\/ICC+j0X+94I3vsyZxmhRGM8Sj9AI+k+AY3N9uV4058qRWJH5htMbCJMMGFox8SCVy11Uo1O1R6a6f0hSGXjj8pv\/cG8kKXWZwSv+s3lPTmns0nAIvbyTZ0PTr4PLYHCkjRaU5E69U0uIFDEuXCxNC9A4tbgTP2r1tC0mDqI4hLt\/mclJZ70guV\/nhhGb9q8Y47\/VABnLLQ8KiLAvvNJzgFmddyeXgwGwPHZjtJz\/7YduTmJ9qATzv8d4uLPtILlrLUKLscyqvbY6Sja5dpWtdRZArjhmRPgvlqKpuDbXZILQBxDj6W+1wjYwR09VnR8fpmhibyC8gThzJq9WRqtw2do794sTJDz+3IoihXdLXnHSOGBYH77Is3EnXdKatR9oOgt1pMV5nzV7aIVMWTRGHqbIdVWZOf5yx2rmrFQLIau4dwK2MH03Ohpu7V+8oFa2mfuLZOj8cYbw7gk2ejceB6OoXUIOBHeE8mV5hGXO0DJcdqZPobiB1N4pR9GpgYb7M+4oPsuAvfr08uVBKn7BVSMUxjLJuOLnuIPsvxeR0Nvzr7zuQqdSRfl3iLdlgAsHsPYI1CKbvLj+HCI9zWzBl7HRn+MlL4SmWo5XaoX\/dvk+wgQJqo3O\/6FrsXg6etnNt\/PdRsIllIouLw4VIoznUxvbXRUKhoxUsmWtfDT154pPz10pBgdtbmDqctWWty6xZDkBhLlm4lScb+u7GnUBIIJknOyviL1hfvcqX7UQdxik3B4Fbk1OIE6sZo8eE7d9p7NWk4OJRCwTbcdbcRYONxEIPEc6RSvW2+ggWSvN3rcpwQ\/xTlvfvP796DZ5lSvP9g7O33Vmj3cfTVBTvv6h6arNNw6iPk\/8MhE6qIIwtLsQf6vKwYuqCAfI6fySkdBgwvmDWniNQujBvl01XjtjJHzFCn\/+urFR9tUTrctlgZebeqFh5TXWZniM7ffylqGgswGHkeHNSNTHNWhVuIwRS65AiNTKjFllPqBjZb4+t\/ZqB5zWE6n8zlep4xRZ+4VPKwX1T0fe6g3s9EATF7jJQ56NBC1fLVWXhA7VbVz71RZEPgUWCjHjjr90HAoHFEBouPfpIOvWapKkshe2yCuPGowiBt4N5kvoqHq\/rRu1scD4ZZ0UtlyrK9tiIEh8eg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1568831055576,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1568831055576,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831055,"pkt_ts_usec":576330,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"QJkivOG5AKC8brI7CABFSABHBlJAAO8GIHbRZtENwKgBhAG7\/li+HZhYblTGsFAQfqWgYQAAFQMDABr4Hh7jQY7SKbwko9LFlX\/KNQ3S+SkGYTwZEw=="}
00408{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831055,"pkt_ts_usec":576487,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFSAAowh4AAO8GpMjRZtENwKgBhAG7\/li+HZh3blTGsFARfqVA3wAA"}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831056144,"flow_tot_l4_data_len":318190,"flow_min_l4_data_len":22,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1247,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831056144,"flow_tot_l4_data_len":318190,"flow_min_l4_data_len":22,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1247,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1568831058486,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":257,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831056144,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":313090,"flow_avg_l4_payload_len":1227,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
+00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831056144,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":313090,"flow_avg_l4_payload_len":1227,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","ndpi": {"proto":"HTTP.PS_VUE","breed":"Acceptable","category":"Video"},"http": {}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1568831058486,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831058,"pkt_ts_usec":486751,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFSAAownEAAO4GO2gNIf9gwKgBhAG71yS9fOmKSelcQFAQgjI44wAA"}
01143{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831058,"pkt_ts_usec":517621,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"QJkivOG5AKC8brI7CABFSAJDMqlAAO4GiRUNIf9gwKgBhAG71yS9fOmKSelcQFAYgjJcLAAAFwMDAhYGD4WalIgakHtn\/fJz48T14ncNZ7uSeqw6LgIobuwV5qyoAlzB0Xxl15X65lAPuY2vG\/aw6HXS1Wg0Vb4zdM90xSByqDLDjzGO4MzMfltcjjaGY8iweN5C3LkGLTSU+B6EJv9u1cfYzcLxWCcSUS9Nc7f0W9VEO4rPXP7O+PPru8ETON305TCkhb+6tM6mVd7oWXRNYC2NPhCbFxPcXWpOCn4IyzzfKjVZXIXefkR+XtEnQOplMTeOnFi0QchuJ0si68kEbiQ5z80Vak1dkhJ9+m9n\/i5qI890vKW4cFqAnxOPqXddt9Yx\/bfMl6PYL9m82kzd+iSXQsS8igpw6j+CxghfbNThB42FJ+LNwNblvFh6z9K5rlGsbgfM2wrPBvh17aOviSW4fW\/44tKcwEv8Aupxwy5TZNOiCxYSYCxgkpQ6BwKFtA01I8PGgRsk\/0L2IrvFZ7CfrsuIi\/RD9hyYgVz6uAD5cNemO3OP\/J4FDEDUaN3eM\/bIOJq+\/zD4XosIVk1xWR8n5KORcgDdSul\/mXO33x0nAm2oeowwONKfSArAZMqugxyn6PCjdFXJypJZuXU8mVOMvP+XhxYgqR1dGLO1yzoBeqms5Zb4kM6P7J9gslvEweE2hqt6Cn49JPAI8ecmr\/c1UbJMC1VTQAuxkCj6NFt8kf8H1NTofF2kZ8nJOW\/0tZgZNpLRGY+OlxaYy1ugOZY="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831062,"pkt_ts_usec":289363,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"QJkivOG5AKC8brI7CABFCABImQxAACkGLjAi2aVmwKgBhAG7+FlRo0j5C6Rn21AYgjJ23AAAFwMDABtaN0V5Aa+aB6dvvTVw7le63zELX9T\/544IGeY="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":923,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1568831063571,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":923,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1568831063571,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":571713,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFCAAowxcAAO8Gza4\/jDlJwKgBhAG771P3p6tQM3A6VVAQgjLw0wAA"}
00408{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":575450,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFAAAowxgAAO8GpBbRZtENwKgBhAG7\/li+HZh4blTGsVAQfqRA3wAA"}
01337{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":589984,"pkt_caplen":737,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":737,"pkt_l4_len":703,"pkt":"QJkivOG5AKC8brI7CABFCALTjCZAAO8GwfQ\/jDlJwKgBhAG771P3p6tQM3A6VVAYgjLoygAAFwMDAqbQ+95Xvia3wK6UWebemp4er0ZBcKqFiFaKthh\/rILUUSgGBGrL7UK5qkSp5rQMmKvJaUCL4cR8ZQiIeraaShAhEEprxyoLFEvJHLmm3PwfrLapkebggQH8l247Vxv9peHoDj9PyoLH+BNxtShF5NSq57MzROwaWqSKp+ajaw\/CQ9IiEqNb0dRX+heFXoRK0wfbEh1LaX7hcxSG6QsJs+E5y9RHvcexwNVP0b5HrRx1sHIeIizvftM7Obo2RBoIjX3+wZfDWxqs2ZlF86l+EkJ5Swr6lHdl70KOs1G6JHlv6WH26axKBNdk03ZVAnEbJYPY\/LsfGdL6g+VXG7WQIgMv2ewF0PvE+vVDUFl0RAZ\/1tLcDW7ACT3ksX0LoeHNenBOhZdHqnf9UOziD+Q8zvRnZsqngkzD79qyeMi\/tzZSjltxbVSqkmhzEU9v1Y4BPqMGX0\/t0QAAV\/fprog45tuROab2+eBsC5W+ztNYarbon9rhkpVeoLrqdJhKQbZu\/c9lD89TohT8z3xUcsxzG7N3uUKJnCFMZEaDh46TyHN97xjtK5WpD4wQGnG0hBwwfSJCrIZ+A97Y\/cKfaMMm3rd9+qPHtU9mckB3Gm\/zIiD5yAAOlmp3TAmYbjhBVWzT18gBC+xJgp6sK3g9ErtoNAE4z9KCR6dyaFmm+vyKFQOhPPAuGz3qwp0JPlsMKUNUTpMyrP5r9vz+rqFUTI+UboZa3It1qCmsiunIqJZvwfwNrLaKXkxVBYy+vP2hXL8wM+L6Xe6uVxBuXOCt7cxNH1N3d\/wIcfpixl\/RuDXp39JNsKCBYByXoyBbsGJVG7\/LZ+6v1vHSKeV81o7IFGvt97IZrQYbdcUI5pk1Qvk6dAxViurUUxja5\/aS4mnkbaCn09PwETAx1nI="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1568831063828,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":926,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1568831063828,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":828823,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"QJkivOG5AKC8brI7CABFCABHowhAADEGc8AXOVl7wKgBhAG72WDabivvm96\/y1AYgjJsJQAAFQMDABqR742fBpyPZjtEfbqDeBewXB+uHjYt8SUS1Q=="}
00408{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":828946,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFCAAowxsAADEGk8wXOVl7wKgBhAG72WDabiwOm96\/y1ARgjK9fQAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":928,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1568831063948,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":928,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1568831063948,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":948577,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"QJkivOG5AKC8brI7CABFCABHpH1AADEGcksXOVl7wKgBhAG79ObaKuoS0SNuMlAYgjIMvwAAFQMDABp\/k9+fmQYVGf3Hut7mHezJW979dzhuHOFbOg=="}
00407{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831063,"pkt_ts_usec":948783,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFCAAowx0AADEGk8oXOVl7wKgBhAG79ObaKuox0SNuMlARgjIAbAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1568831064128,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":930,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1568831064128,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831064,"pkt_ts_usec":128464,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"QJkivOG5AKC8brI7CABFCABH4exAADEGNNwXOVl7wKgBhAG7y\/nZ6b0aK\/hlyVAYgjIsbgAAFQMDABqvyMBTvXIi2chxG9Ya8G+SxcFk923Cg7zTOg=="}
00409{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831064,"pkt_ts_usec":128577,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFCAAowx8AADEGk8gXOVl7wKgBhAG7y\/nZ6b05K\/hlyVARgjIEJwAA"}
-00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1011,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1011,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1011,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1011,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1568831062289,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"34.217.165.102","dst_ip":"192.168.1.132","src_port":443,"dst_port":63577,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831068,"pkt_ts_usec":497909,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"QJkivOG5AKC8brI7CABFSAAow6oAAO4GOi8NIf9gwKgBhAG71yS9fOulSelfaVAQgjIznwAA"}
01141{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"ps_vue.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568831068,"pkt_ts_usec":662597,"pkt_caplen":593,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":593,"pkt_l4_len":559,"pkt":"QJkivOG5AKC8brI7CABFSAJDMqtAAO4GiRMNIf9gwKgBhAG71yS9fOulSelfaVAYgjJp1AAAFwMDAhYGD4WalIgakbxjV3BNVNYcp3yOwJ52gynPGm8mjwAUtT7dYij2hh\/dSwSb7tUScv9p7RPVmT\/SgNSmyy04QnF4qJffmxksL\/sOF76QRXC7971BbNTRYsimK+PkLfgqlhqEv4b6m4ovXhAiRk+Zm80idUbTEZnIUUbuyHgjN293FAOaYO8b7wKQeCXC7ENqPVfxGkNpoupL47IyfwRFcGmWFY8cVMOkwq6KM3DEEEerxs+LVxCCzqaE7S3aNN8M2Cck\/\/QDmZ3sJhTXoaqiP3XD9fiNHSx9rK242Rx\/+wCdgsHUqIWndG4AB5DKgoSKOv8VktQE7lCS4ksD6btUmT2pl1H9XKngtKyHFCMmW1l3TGQ72\/Eu8k1mfsO7iWnevk3n6P4xl2ROn52nNFKQtN7zTnN\/aPCwKZHxkr1SUBj3zkM8L5Aq2R4hEzXX5YALMrcTUEuKTm+xwxt8GHNnQjfMR35eeBwTjPIpZmR\/2BS98CCxmueWRw2UOGOzoQ6OguTnkTVYR9JRpcw+5F86nBOPgcFzjjql5YmusFERtylZw0s193luLs8Sg6RAtVTXJKTQ\/b0wztU3ClKdYIWuVzKKspQhGwgNev2KkCLwex3rMg1bZywuk7as7hvo3ITY6I99wT02VvbfhOm6OcX6ptt99Jg+mx7P0+s92qhzZrY1Him5b57g1UYPWtq234exl29j9rZbRBg="}
-00506{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_tot_l4_data_len":1158,"flow_min_l4_data_len":20,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_tot_l4_data_len":1158,"flow_min_l4_data_len":20,"flow_max_l4_data_len":559,"flow_avg_l4_data_len":289,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831070533,"flow_tot_l4_data_len":318190,"flow_min_l4_data_len":22,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1247,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_tot_l4_data_len":723,"flow_min_l4_data_len":20,"flow_max_l4_data_len":703,"flow_avg_l4_data_len":361,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_tot_l4_data_len":723,"flow_min_l4_data_len":20,"flow_max_l4_data_len":703,"flow_avg_l4_data_len":361,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_tot_l4_data_len":71,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_tot_l4_data_len":91,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_tot_l4_data_len":91,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1568831063948,"flow_last_seen":1568831063948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":62694,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1078,"flow_avg_l4_payload_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1568831058486,"flow_last_seen":1568831068662,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":539,"flow_tot_l4_payload_len":1078,"flow_avg_l4_payload_len":269,"midstream":1,"l3_proto":"ip4","src_ip":"13.33.255.96","dst_ip":"192.168.1.132","src_port":443,"dst_port":55076,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":255,"flow_first_seen":1568831054386,"flow_last_seen":1568831070533,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1318,"flow_tot_l4_payload_len":313090,"flow_avg_l4_payload_len":1227,"midstream":1,"l3_proto":"ip4","src_ip":"8.252.2.139","dst_ip":"192.168.1.132","src_port":80,"dst_port":59198,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1568831063828,"flow_last_seen":1568831063828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":55648,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":341,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1568831063571,"flow_last_seen":1568831063589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":341,"midstream":1,"l3_proto":"ip4","src_ip":"63.140.57.73","dst_ip":"192.168.1.132","src_port":443,"dst_port":61267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1568831064128,"flow_last_seen":1568831064128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.89.123","dst_ip":"192.168.1.132","src_port":443,"dst_port":52217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1568831055576,"flow_last_seen":1568831063575,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"209.102.209.13","dst_ip":"192.168.1.132","src_port":443,"dst_port":65112,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1740,"source":"ps_vue.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out
index 4ade368ad..661ef8d2a 100644
--- a/test/results/quic-23.pcap.out
+++ b/test/results/quic-23.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-23.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568282515655,"flow_last_seen":0,"flow_tot_l4_data_len":1288,"flow_min_l4_data_len":1288,"flow_max_l4_data_len":1288,"flow_avg_l4_data_len":1288,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568282515655,"flow_last_seen":0,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02160{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":655367,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568282515655,"flow_last_seen":0,"flow_tot_l4_data_len":1288,"flow_min_l4_data_len":1288,"flow_max_l4_data_len":1288,"flow_avg_l4_data_len":1288,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1568282515655,"flow_last_seen":0,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}}
02156{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":692122,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="}
01723{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":692143,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"}
00553{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":693812,"pkt_caplen":159,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":159,"pkt_l4_len":105,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AGkRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwBp0e\/G\/wAAFwhFc8YEuuNHtAjcZWkdxzWqcwBAF6fDAMMAJhGASeFDmt2B3PV5oRmlcgvC6v8AABcIRXPGBLrjR7QI3GVpHcc1qnNAF9ROAvn0lqrzo1vnuX+cMCbpFjsj7q4P"}
@@ -16,5 +16,5 @@
00630{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":728438,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNAJ4RKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowCeTupg3GVpHcc1qnMC97qQLALpHRH9g5VkkV84+ZGr\/B23m4txM5qcs\/TUYt+7VjrD8sG3eTIYvK2yUPG0u3+m3aXmzQ8t1rb4GVFKW3GipGc+9f+cQIsrMoj1qdhUI54DW1qjhlWeXHFwz\/mNBQ8bkkA\/ugvgtTABvTfxcwa+XCMT3qmgbQsNKvFnYayUHn+tLvv7O+BCzWE="}
00584{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":728444,"pkt_caplen":180,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":180,"pkt_l4_len":126,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNAH4RKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowB+Mb5s3GVpHcc1qnPVz8xc9o6RIS2AjHhtHQE2r1rHEdUzCcoOwGvvKVzABDAx0KvRZaIBIpxSb4lmHh3Al38WGs5GCTly3xPKPXS8D4CyH8Q4bP5dENC5CuAagi15\/TVcxc7eCqv5gMEP8L9V\/st9GkbNC7L5KHzN"}
00468{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-23.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1568282515,"pkt_ts_usec":729605,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5ACgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwAoDs1PRXPGBLrjR7TqLABTK+TsP5wNYWccDpmpF\/I4\/Gqybg=="}
-00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_tot_l4_data_len":6111,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1288,"flow_avg_l4_data_len":305,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out
index 3373ef86d..56fbd3df9 100644
--- a/test/results/quic-24.pcap.out
+++ b/test/results/quic-24.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-24.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574209133040,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574209133040,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02088{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":40250,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574209133040,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1574209133040,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
00573{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":41078,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"}
02092{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":41861,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="}
00563{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":46090,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"zivom94WClnTQ78JCABFAACaQSRAAEAR5RoKCQACCgkAAQG7odwAhhSswv8AABgR9cNSVpuO+PfYTEePbwr8vNYS4JjP5xnPhXULMwsGez9pmn\/bAEBR7JWFbqBk4i5AJ7l7qSlE+tX2yrubmhFzRlx21yBiPVDLnRsXzX9MvNztVp29bxmR1P08S3NdkCTmJvy4iWq\/7WRG5bc9bbtXoIExxVobW\/gF"}
@@ -16,5 +16,5 @@
00449{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":73671,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ClnTQ78Jzivom94WCABFAABG05RAAEARUv4KCQABCgkAAqHcAbsAMhRYUOCYz+cZz4V1CzMLBns\/aZp\/2z7zc0vp3+LcUiaJlNWy50Jlz5CiYB1w"}
00448{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209133,"pkt_ts_usec":73692,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"zivom94WClnTQ78JCABFAABFQStAAEAR5WgKCQACCgkAAQG7odwAMRRXRvXDUlabjvj32ExHj28K\/LzW6q1Ilbkulx8QpPDfCg0ahlH9hGpsv1U="}
00449{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1574209163,"pkt_ts_usec":81103,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"ClnTQ78Jzivom94WCABFAABE3IZAAEARSg4KCQABCgkAAqHcAbsAMBRWReCYz+cZz4V1CzMLBns\/aZp\/25sTROHCqKYw+n6Ol0QxqpRmDt2U2w=="}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_tot_l4_data_len":7490,"flow_min_l4_data_len":47,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out
index 4283edc22..9a3c804f3 100644
--- a/test/results/quic-27.pcap.out
+++ b/test/results/quic-27.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-27.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388075915,"flow_last_seen":0,"flow_tot_l4_data_len":1338,"flow_min_l4_data_len":1338,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1338,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388075915,"flow_last_seen":0,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02233{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388075,"pkt_ts_usec":915836,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"}
-00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388075915,"flow_last_seen":0,"flow_tot_l4_data_len":1338,"flow_min_l4_data_len":1338,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":1338,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388075915,"flow_last_seen":0,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
02230{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388075,"pkt_ts_usec":921678,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"}
02226{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388075,"pkt_ts_usec":957479,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"}
02219{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388076,"pkt_ts_usec":28071,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6ViHv\/wAAGwAIe6d1Co879VZFIRhTciPGRElj\/q2UJV8WLuy+v+X6eYq5nfLS\/1g27PmgUSjybm5KzQzU1ILEhmniPOAZEvqheEyUNT3LDVYKkiUNtyVizLS+ix05UKwF9ULcCkrPIH2L1yPWwyFY4cNmCg5gqYtxA3Cd8FBtd7huXtciiCUG3GeekKTzDtj3mZ+8a9Kr7COQN+1+KOPGR1jsFDY8WBXFdrZD5ySECX4kUsUr19bjb\/U5cZvpbI9cdcp5bwfzrC2mH6vd4a7R7sGpYQC\/LmTmcUYGX34JRALcKFzBObhoO2vaDi7novDaIcCjAgVKgIi2QDsp0UHLCVfN6EaAaXbvuQGWGiPLw9zau68I+RrJ6y0kJVxIbdnl\/EUZWmki\/uzG7tgnHXtuPP4eyAbjSMJ0hjsteGZnRo8ugg1QBkP3BhHBIDcYpS7Rg5p+Q87bHy7pRrvmcYBKovHJI1C9UPa2SFGuec7pa\/6HIeRhWWTMUnz\/ZwqGW8sEZEBwfq8qOUwgi\/B\/AddMPb0L8G7SIQ6+A8kHT0aXnCw79xDImZQvGx+xV4Q8IQAkfmLfJgljliS\/pFSe7vKQTDUfFC487WlTMSbh8p4v14NGz4\/+IbJnlPne+z3aiBWY4W5BT+eNpvI1FrAsB6dTWYb1WMRGu+babBDC7DyDPqG37z1zhaan\/jgx4fju6203mIVVCgDDa4YMwuMWuzKcp++h85i7nfzPqf7Wk8JcZqDZQ7\/7XjA0cDDeckdiS7HK2HclGO5lmUAmfBv6xhN3kqSBMN6IqsmjPmE60BN1fOygdU+Te\/f2Zs3Hxj7prJm6c8So+FZaiXzdcjyeQIKQ7Qv7uvRxvkajwom8lMmtPepS8E1yN2bhced3EHv6plGn43Vp+3XSbgOKY9S2AogFV857hcfhi+38yUYhyudlbkP279FCQJSOQonnRS8vvcxIp1D3jJKLwM7lBzaN71oIr+jZYmimJVYS+TZyf2NTpdZEOqUdfyfjGsgBeO+zxCodqOAYfcQN6t\/ocUaCgoHwIrFh0DNA8BNDZ3BGwDpWjDGxjT2MDsyXTPzdJOrwupelUXdrY5ldlO0BOU4mi86dMKwmn3N98YIh7Xk16l5iWGVTV4G7BiDgSJjCmtvL4gIyWDqlNk4rKdN30XBAMceNyzUL3I+J9QvbqKGfekV6XugZlAoULV4ad+umJRK2vmBuKK0I6o4wTokYu28rX8sUaoMhaobdOad13wg48RmxbjTjdVBAPfX1KeyZee+F+tEvJH5c76CbSftxDPZQcvK0IFFWHU3fXRowm7y0cXr5ihgo+viz0RYExACCOzUg7yyTUEr1K5pmd+JJe\/u6dmlpru9YEnDkl0FaQ69KgHJy4lAr1a6N7vOW5UVyYYpXufTEaXlc\/8T1+66MUdctqR87rt+GkJYJBgPUPk4vo26994MdlTljOZGjiPv2mj5\/nUWzoMXcG2WfI4Qc6qCD4Pv1VD6RdmOwoJjV\/su+wg4zNBn5R6iJ+ATQnf2WSumgGNmoSRr4mJgiWWxiEWYUww8aIC7q0BmFcfSOGzsQu+p4VSWP6YjS77bvflLoX3O75q7WJVNOS+lJu43OyzHz5fgIDeXGokHeXy9NpCGJdtgA3NQbjooA3dcAcQ4tGZv6kkVjgPSkmu0AJzjNvJuEpULFm5FZxpfYNwEra0h8ooobuNRKlg4azk0ZN39GAv2Rb82ENGYGAK8P6\/LrlPwKtRzuXRWUzO0rErD\/GlE5wROht4c6ajGM"}
@@ -16,5 +16,5 @@
00464{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388076,"pkt_ts_usec":69315,"pkt_caplen":95,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":95,"pkt_l4_len":41,"pkt":"AAAAAAAAAAgA1Oceht1gA0UkACkRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwApFwNce6d1Co879VabwAwUTyXQnR3t5SGvwZQ4CIrfkFTg1nE="}
00456{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388076,"pkt_ts_usec":81560,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAAACIROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QAixvJT4nwLs2JbuGwUn2PwacyNosM6UeSAkNAE1w=="}
02221{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-27.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388084,"pkt_ts_usec":237837,"pkt_caplen":1388,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1388,"pkt_l4_len":1334,"pkt":"AAAAAAAAAAgA1Oceht1gDrouBTYRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU2Dg1ae6d1Co879Va2ZZM8syPbsXCspbQN41glVHJVHAlKR4QayFu+64ooEGBAvsbCn8jPDFYncNADtTPv3asuZvQwLMtyR+hCJX\/nHLi6fraIVO8AAG0gdKiCM2xwF4t4DtsgF3WvC+kxionBGo0UshXoxep08Js3Xnpp8rhTL9O63UTuXknIs5TJ4VmNG4WOKJ2nNbb7DSGnE23WI02O3mt\/zI2zGLQrRa2u7\/Cf7QSnMawLIvFuubdQtbFVr3ZbH3\/VJxC0Uo8fqS+f+nUycibOzF03uqAjpE0+7jsdzR\/s0FaLYiEqzhPTVOdTvZHW0+uDaIi0L1XXiaL44H4ftqvR4ZkLqYs87tX8cGlVVb44oxQGUy2+qH1dY8LMiupdzpMCIQZkN96FbuXnJImigQaWL18KPPCU26rDz8x0z\/QbCxvNVh785gzW3sWZg4Vhd6Ys4g0QRB6WHqpU7D4Lim7aA0lRkVbs9Tm3smCV78GqlLKcuv\/LATc0CwL58E3puILDQn5COR9CbSxiT6hDKeHU7oySJ28SV3RUNIhwcYvJcj\/hz3w1rtiiTnVFkM1vzFQv5QLWZXZtFXK4OG0eXndCUFGc3Z5bqHStx28ewBEXbON+8U8loy9G7zZXXzMDdGp5F5wTsARLAKIGIVRNYoIyaozwMB6PpgXEHoKypd2e3UZZl6NBgCs9vUWAuVv6agH6u2dqIJKzgZUVv3C5jLPcm\/49skYrQBOVnTF\/VAgGfscx0aef5fvSGQMV1q5VlZZID8NZtA3EIMn3Ze5dGghaPfpEk58u7A9qXqLQaQxDJX9z2RgHP1YVvdITOwLj\/zBchuC92Tlw\/YkgxjjzjLZQc2Vb9NrOCJPVqJD2JRLptVYJWP43tlAKWxgZLoupXKKJ5e31jI6rVcRPLRu7kj4HC21B+hmVQbgVgZwKrYS91C9moo6ZCgV0Eg5bt8IT+Kqdnr8OoLz\/iPp+geQ2g\/Br1S3Ur1BFTff+VF4okLnpVbHwTyUlKI\/L7kauYykEC5xx5slsr1gD09C\/jI6ZmnMUV9DOwoM8Y7PEyV4K5MbJgbrkVv8i57qPHfcPVmzWgzfYXVsVEbAAcUEky4K\/eVzQ4efxFhzShdWM3hmvFmUJLmNczh431lTzD81m96N1fbOuSlQ45OT1Qyk1I25rqvAG0ookjSvHOKLBnG2+FaNx184FvguqIG0X0YSHOAVWVSRfK5emxBc1AHXiWutXhJ9PIMqqzmGDGUSqdh4m75bkEcKFVwTfjCPwVdcLx+P0uy6AVdZpTXt2Letk+D9MCCIYxfL\/84U7LhHZrEEG\/1LVU3Mn5KKTnOxYOE23i1CzJmAYiJF29J7OpQmaoG2\/tm8DJSYjxOgO0sjt19ggtozhkEHpounRlS7uU5\/\/nitU0qwp+gR5N1cRHHs06M3yRIAb49528nfAjgI8RNOPf6q2ATBVhV9LlPFxzhXRBUdqjesUgw5lGCzrXxP+1G\/yIQ9ZBV6RfRq+diwUk4ouIlXMEOPQDuifMm\/xmzt+u8bTYff8H79e1dD8cvE7ze6FNOtt67qe4+xNsln5jTrtIwas8Tm9H4uljGH3m0owyWvlAetbIFEq8NJyojv0Dj4R16WWUkAz\/O3h6C8rNIx99Zh3unIrOKEFfXOkDOrq6TLHbLznRoVlozOhvcdcwQ93IOtqHykPxljYVIhhzEfwh41fV3jbRQaRL5Rd7lKAIMYGpCdCw\/XhLSaACgfZHeiU+VHVxLMMtJ1aPGsKMZdeO7w="}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_tot_l4_data_len":11807,"flow_min_l4_data_len":33,"flow_max_l4_data_len":1338,"flow_avg_l4_data_len":590,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out
index 33e883c8f..95014e966 100644
--- a/test/results/quic-28.pcap.out
+++ b/test/results/quic-28.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-28.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591267474847,"flow_last_seen":0,"flow_tot_l4_data_len":1208,"flow_min_l4_data_len":1208,"flow_max_l4_data_len":1208,"flow_avg_l4_data_len":1208,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591267474847,"flow_last_seen":0,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02022{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":847575,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"}
-00693{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591267474847,"flow_last_seen":0,"flow_tot_l4_data_len":1208,"flow_min_l4_data_len":1208,"flow_max_l4_data_len":1208,"flow_avg_l4_data_len":1208,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
+00705{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1591267474847,"flow_last_seen":0,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}}
00456{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":861209,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="}
02022{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":861366,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"}
00490{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":875141,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"bmImQfCg7jdRvai\/CABFAABj8Y9AADkR0eVoGgvwCgkAAgG76soAT+eKyv8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAFv5HsDxxmd5VEpKl2hES\/adSPHMDBUM="}
@@ -16,5 +16,5 @@
00453{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":879037,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"7jdRvai\/bmImQfCgCABFAABHbslAAEARTcgKCQACaBoL8OrKAbsAM35ZW9Kz5ailcaIQtAa5gzqaXWC7OfUwXJ6VLRyKaTyz6VcnmNQFy8EoKn8anQ=="}
00565{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":879047,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"7jdRvai\/bmImQfCgCABFAACabspAAEARTXQKCQACaBoL8OrKAbsAhn6sVdKz5ailcaIQtAa5gzqaXWC7OfUwfNrDJ9FUz7BbKMSk23g0f9C997D0tLAXYe+EfonSiyzkaksBoT3HwiNCgBof9\/w8PmqbAoJLS8yu42Ztsv5uMepcczJWBDOO+j9p9c5c2hfgENNoN6RdSpUcfcK291dLJxXOj1kWkm7z"}
00492{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-28.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1591267474,"pkt_ts_usec":892309,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"bmImQfCg7jdRvai\/CABFAABi8ZpAADkR0dtoGgvwCgkAAgG76soATqcp7\/8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAWLgmItzxBSvZiKyQnISBjChlAVjqW7Q=="}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_tot_l4_data_len":238191,"flow_min_l4_data_len":50,"flow_max_l4_data_len":1208,"flow_avg_l4_data_len":941,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out
index 63cfd9ea5..757e94eff 100644
--- a/test/results/quic-29.pcap.out
+++ b/test/results/quic-29.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-29.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592171671664,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592171671664,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02089{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":664832,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592171671664,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592171671664,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}}
00553{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":665593,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"}
02094{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":666257,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="}
00564{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":669893,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"7jdRvai\/bmImQfCgCABFAACamvxAAEARi0IKCQACCgkAAQG7juwAhhSsyf8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSuOhEpZ26G1apwTYmb8yCval\/AEBRPcuzOLEauCutm8Cg9Aw7MEJCqo0x9rzS4t7RXw9ZHJwjm4cjcaToOiMOaFfu+VVWYB5tVycdZGiAgFBsUfDxzpzoGAp5IeyX8RBhrIPQ+UnY"}
@@ -16,5 +16,5 @@
00445{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":697531,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"7jdRvai\/bmImQfCgCABFAABDmwNAAEARi5IKCQACCgkAAQG7juwALxRVW0OUTtoYvrflSLONN1vzwqO8qoI0h6uPmj71ohDazgvrBpeEXxty"}
00450{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":697674,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"7jdRvai\/bmImQfCgCABFAABEmwRAAEARi5AKCQACCgkAAQG7juwAMBRWXUOUTtoYvrflSLONN1vzwqO8Bw2tbG272BFwPsChAYR5CNKZBI\/ZEg=="}
00451{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592171671,"pkt_ts_usec":699048,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"bmImQfCg7jdRvai\/CABFAABG8aVAAEARNO0KCQABCgkAAo7sAbsAMhRYRLjoRKWduhtWqcE2Jm\/Mgr2pfyylxXskvsjmut\/j6WYYiwt6b+RVGzFH"}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_tot_l4_data_len":8876,"flow_min_l4_data_len":47,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":591,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out
index 5ef1c57ff..bc4428ca3 100644
--- a/test/results/quic-33.pcapng.out
+++ b/test/results/quic-33.pcapng.out
@@ -1,7 +1,7 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-33.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1607938456563,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1607938456563,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02098{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":563491,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="}
-00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1607938456563,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1607938456563,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02097{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":566304,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="}
01432{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":566431,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="}
02391{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":566452,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="}
@@ -16,5 +16,5 @@
01018{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":568629,"pkt_caplen":501,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":501,"pkt_l4_len":447,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAb8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gG\/AdI5owe9l5MR3aHaomNbo4wvz7hzOwX9pjNA4xG\/TQWWUW54pduqsedHvQxA5YGyeA+tqxYhFe2PybFzq50trBHfJppt7k8jEhdLWET1hKeQbaL4CGQZkk02gA2kObT1W4kh71yZ6H\/UhIL0qocGjuITvczTNvn8dRSWn4d3XDqFVV4MCpTZswXkaMMpQVgbh65\/B7zzGGjEbshtWV68fYH+fxeF2BmVLoOQyGjocnGDvhjDIiKTps3sAt8nfWOMChw0h08or2Btd69qbFvBb011E55FZ5IkwNCZllm\/H5QPwvDGydavWDiYc63lxHla0wnMPjNgsva3CDRk6EVzD9LGyLMYt5zQY8pbZjR54CyzvSLH1gc6pPm1RnNQJ1EVncilvVdxU1r019RFZPdjuV986n0eqe+7DqG1sJIf\/dsBshUgYi8dcB1tMSCxjlC370TVyBqP2TIzEASkxcjKeMajOy93XOip+qSK1cH7ClMER564mOuQwiZ84pcJE+WhYgPZQTY+TgJoEBvg\/8r8hmlYb+wFuFIGVvtPBTFKMYl+konANYR6vCKqgR2lEsYHCYd0Qax\/8c3T"}
00675{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":569050,"pkt_caplen":245,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":245,"pkt_l4_len":191,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAL8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwC\/ANJRO1cXCNib3PtKqOt8xfy0EEzcOeXpnJcVJZnXfJTiHG506zQ\/okpaI7L1NrRKeH6vXfGArfQkrjS6nu6vN6zNx\/r11pwwpzVuq0ivx5WaY4QTDIKqcrJdMdK9tA5EuZmZ6jD+Wqq12VM1slAj+PbuvLGrsGfC8j2IFoNLQsmBSije\/PdyloR5Opduno6mb+eE3SMzn6H+sqZEDlLiHmhPW4+0yBfbKenzE2barFjKhUz7qNOqP\/M="}
00499{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-33.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1607938456,"pkt_ts_usec":569159,"pkt_caplen":117,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":117,"pkt_l4_len":63,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAD8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gA\/AFIRowe9l5MR3aF28MLH\/69bW3jeVbEpPKzZTDZSAWWOpkR3naiJgy2c4GBD8Ud7hIzlSuhZTuEf"}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_tot_l4_data_len":1287154,"flow_min_l4_data_len":39,"flow_max_l4_data_len":1448,"flow_avg_l4_data_len":1297,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test"}
diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out
index cf11d6e90..5df9f4850 100644
--- a/test/results/quic-mvfst-22.pcap.out
+++ b/test/results/quic-mvfst-22.pcap.out
@@ -1,7 +1,7 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":24710,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":24710,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02053{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":24,"pkt_ts_usec":710880,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="}
-00711{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":24710,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":24710,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05,h1q-fb","ja3":"a3795d067fbf6f44c8657f9e9cbae493","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
02096{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":24,"pkt_ts_usec":717506,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="}
02093{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":24,"pkt_ts_usec":717680,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="}
00654{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":24,"pkt_ts_usec":717704,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"CAAnANMtUlQAEjUCCABFAADdAAkAAEAR+OMfDVYICgACDwG7ixEAyZUL7\/rOsAEACEhjA85S+SrVQLDZmqvdE4MW8rOoM9w1rs1Ve9xUoq2hsNz4FSoH+8IX1y4OMQxrypqkjJmRSoxWAG4K1BtToT05DqZDXPA37W+oiuzYsAIvdZTBfcaW6sfsKLCaOVSC5AxtXemXyvLz4KBgZJ2jBsRg2KsMK\/6hkk97+qIGO71thTOTR2Uxubh0E8pSeU\/BRpDPuhyvo23drRHiiQm7fVAfdcFggcOmmrpSxhmnVdz7bvCj8OeBJ0wnOg=="}
@@ -16,5 +16,5 @@
01890{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":26,"pkt_ts_usec":834454,"pkt_caplen":1142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1142,"pkt_l4_len":1108,"pkt":"UlQAEjUCCAAnANMtCABFAARoAABAAEARtWEKAAIPHw1WCIsRAbsEVB7dQkhjA85S+SrVOmTjyQAGgYMcFSCiIDRU3Yr5wOPFMVlAvU\/K6Wr3CXIaP0cXJ+R8tyJjtHKDEnswAxAW9ujcq6Un+BHUeMIlwUqlMt5dnLJY+ztEuuB40p4o4ZnUfe6R6fCTPQaU6UvlP1G5kwywoeswCziaxdjEEinDz\/gGCUGgBa7OgPoIHh6WGy5Jq\/yDSyxbdZbsf93LRVNy2Ggnit21Fhz0YWqDflukpWp1VnXfeLl4lXjV02bP7ffk5+8Qer2NplZ\/RVb4mAEPIdbfimOcQt6DlOWTFLVZVVdDvOheTVxWz1imIrBNNG1tryn2CNO85cQ525pmOTiepaa3cI4lrQNyUG5EQUT0tdBKht0+gJ2doQDSTrSFw3G+fBTWu0AWfMbnlGO9ypwCCuiUw1jfZLDbF9HPpG2lZBIZRkPRm4X8cLfNx+W\/U2nH1gl9Hg4q2r8J9V6c+Om9R+VCzUsr97BQm2ggblRl2857xTAuPptrFZxjJDYCft54Ldm3Ft+4YARQAl66kGCiI1pxL4N0eBPekc8roAiJpuzCWnRCHwGHWp\/uIJADdNVBDTB1mF\/woWpToTvW3NGTual\/vx70hQTs+QgiIF+osyx5APHU7iMhvot0\/vtEmxGMfELPII+2iBZzyhQhlLJ\/vlW2WhoHSwDxq6Cc1beESGlgYzPm\/dvpDFQ99qYDtLvjUFPeGmdOJsrXoBNOp97t7sEws8yqoFLW5vGkj4ZY6ddO+emVWc3YWtYy1Sg65XHoYQ6LxIvMz5WYebk\/Tofl++nLu4AlvAM4EjKn81lPtSh1Hru9SeNVeRhrIydmlseJoigLjo6dRaZcDOrw1fhX59LC4XA10BF2nd2mYCIN1YVeo\/DGoHd2Du\/MT1KFK1fNAXQ1yR1OW0kmA9WGVFYfLULxqUt9VybRd07gqIa05SMdWOH8auNI4v6+lsOdgY8\/k5DCyPza11DSYOMhIObvQ7We2rRSoznPcGyZD1daIDUlTui6EXJ8zlsdH\/ww8qCAnbgJs3mlOdduLSCypkMGVumajfhmsokvKSu4I5YkfCNQtzI6wIw9tIjDs7joPeghDuql2at4r3RCkmvOnpmYc8aphv1doppEuE+PYP\/cm6nRhVrI3qf2MDy\/pGfMqBIdiQHdOaMNR8OFXMS492GBNpfVKyI+kNDCmKG47Ihh+AC95Mx0thgN82ZrtR1eWjnhQci\/9Nt0u9itothJJyJ86GXt16KvNuy\/n\/\/8TMgJA9C4lX\/V4wuV5fK5IQE9s2SCVLvza1tiSReT5H738YXcNuYnolbB\/Mn+YnSg3lUo3fZZfL+z6DYneOLeMG3FawMuDMX6q9fVgM4iGXDfwm2nr+GouAmzP\/WvaINwdvnYiGLLZllvrckbSEbqd6f\/ocg4T6nzfpvkTZ81oob2N94wjwyDFAvLYfGDiiGgsimERPCXE6qIkuQtsvMXPlz3psc="}
00431{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":26,"pkt_ts_usec":840689,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"CAAnANMtUlQAEjUCCABFAAA4ADIAAEAR+V8fDVYICgACDwG7ixEAJG\/EX4TLOAKrs2dYIXyaoMAVOW1pFSg0o2kLbbCIew=="}
00435{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":26,"pkt_ts_usec":865094,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"UlQAEjUCCAAnANMtCABFAAA8AABAAEARuY0KAAIPHw1WCIsRAbsAKPiYQ0hjA85S+SrV7ZXz\/rdFh3Bql8c0WhU1o790KTEFQHs="}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_tot_l4_data_len":271643,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":554,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out
index f1139a5ed..31f2f1a1b 100644
--- a/test/results/quic-mvfst-27.pcapng.out
+++ b/test/results/quic-mvfst-27.pcapng.out
@@ -1,7 +1,7 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":41432,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":41432,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02139{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":432902,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"}
-00709{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":41432,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":41432,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"graph.facebook.com","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
02165{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":464206,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="}
02165{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":464217,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="}
02167{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":464239,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="}
@@ -16,5 +16,5 @@
00800{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":489979,"pkt_caplen":341,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":341,"pkt_l4_len":255,"pkt":"CAAnANMtUlQAEjUCCABFAAETAJEAAEARLYBFq\/oPCgACDwG7jHUA\/ze5TUhfRxauwQKQESXXOvvEIjR2c8gFVxEbYpp577YkVedjPbjQSiPNnc6HsQTkrUp8ZSlihItxMehqvAhublRP4zs7BJh\/g2kUttS5VL9h4Hb+AEJkIxmCidmdB2uCbNTjCjcdIX1vHMmtuzBKPsBXv26XyXN9RJL7GpiZdtfRYlT+Zw925d9XFS6vfjgVugKjGmFyhwBUQ\/jF9LrfgnMAAit6ItpALlCngKESJqrSw1xGqFsB1YVaBKcHjoITDK5fSUvpRzvQSsllaul2GEdUx\/3Wi67MB1O65clVL2SBHCW2QChDPVnTnoR+6n4CAsaT1QWNmSLGnBloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAMDh5wg="}
00511{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":41,"pkt_ts_usec":500982,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":42,"pkt":"UlQAEjUCCAAnANMtCABFAAA+AABAAEAR7uUKAAIPRav6D4x1AbsAKuTESGUZSqSBwJ2mMk6Nt0Gm4aLYR2aPxthlM0NC0+1eF\/tZTRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAALvDf+M="}
01870{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":50,"pkt_ts_usec":309237,"pkt_caplen":1133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1133,"pkt_l4_len":1047,"pkt":"UlQAEjUCCAAnANMtCABFAAQrAABAAEAR6vgKAAIPRav6D4x1AbsEF2uFUWUZSqSBwJ2mMcfPOUKudx8IIdHFM+KYJWQvGFhfEc+0DxpgsTk44tZtXhYT2vNYWnzuIL1izcfXlPisguidPmO2DqtN7xgWikzAgQY8F03zNKDzWAGNqzF+LwWD+XTBieSsyeSBANPhvyxGVuE04HB+E00Q7ceTw8dR+xfDxfHvwU9UmfDZocpLYx377vu\/M6kJ\/X8XH5pcrTmMfFBo6MSZ7Bc7jrGDWNg3je6LONHE93LfSwNV1LIiMYJJybwFgfl4G8+uIwH4zKgX4UzCKwFaitESJ3\/P0woXSIe4VhcvPOZCqKbd5EXS7ylCxgNR0CAaLPbHtRyowOgRxiJeeoHGEq5zwK9u5Ee0sARBdMz4uFPT3KAMyOerg36WU1qYHYfP9k6jgIXTaEDFLgtpmuh3GDDch3UKt8xAuikoUDhknxmxc6aUubsklPpCltOmm9Woi9N7qceDtuzlf0WZpEYZC5QliXkSyp70lnKWjAuMPEDhtundmLlompnxrMRidleKKdTtuo1l5nX\/ECbozZoAv4MuQCX9YWYSMjv0u0uUT1c6uvEu0d51yOL+s9AV8pKlvk3MLKn0WgC2YLCcjG9WYhSMJ58b+84ZaBBUZ3Og5qPYcRKEdHAAa0N3rFC78EoJApuBItaIZj1OUUcwcBvGTJ752ruh2TWzG4VnIM1vofvYSAkxeeeIf+Ua5J6Ak2MKIA79HqfkvUrxlhcca7VEuSVvoTOWM5i\/I8cMfw6y2avOBJdbCtWDM7pY60Rwt5B5GdifarEN4OcqipbPZLDax0HccOkJJaC2pgFYW5brOiYImYlxggdctEaB1k0DPifMZQ+zGgB7Cb0H\/zZsPJkegDkB+kVN1iB1n6nJBAEUjI3qTLmAy68krMF61lsL0LwNoBtIJnEklxridi3Hae6kz2w0pbSJMDpPqGcAMCgz9XgWU\/lbULK1TU5ov+2bFyy+yI+Cf9B7yUUfDLkMOgEVwdra9DpaNhRAK8y7ctoft25rY7LGurcOG4hJgLAWwg0TenWVvjqlWP8G4JwMRLUK6GmeXsem6rYz8wAml+y77EXDfzohoNACzJoBo5k\/NxeSRif9VK9vJmx8uvrFfptb\/TY2HPHPvXYBhKLbdDnKaGfbOL6KeOo0pQhT3NUo5NasuPbGn9valN\/JkvdIRb1qZdXPZDXvNJNCgdwe+CjjA9ks9mo1Oq5oROlL4NzopfnJ6UzUYHRuFegfbmZnG81daq+iJEfAicFte2S4AB3XHpsAdypFr\/7g3vbSHXA1dE3\/ZmxinbKy9yb2dR2\/YwaQL2ZeNv4j3ghJeBU6mtAUufHJX\/pK3RTdcW\/lPWIACQf4z6pCDcEKG0ol83FYIOJxgk3y9h66neuY3f\/zIBloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAADw7OGY="}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_tot_l4_data_len":9679,"flow_min_l4_data_len":29,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":483,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test"}
diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out
index 950460277..4601c2081 100644
--- a/test/results/quic-mvfst-exp.pcap.out
+++ b/test/results/quic-mvfst-exp.pcap.out
@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00535{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1600365863681,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1600365863681,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02107{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":681233,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="}
-00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1600365863681,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
+00788{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1600365863681,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}
02096{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":701938,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="}
02102{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":701971,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="}
02098{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":701971,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTY3BDg+s6wDgAIQAXJhFchLk9Evyyob5bYFNRx94bIG8Pq3hC5er0qmaO\/vmymM8o\/cApqIrJy2g30SejxFFp4qLrHRBshhLdfXAgbewyxghqNYdqo4k4fpzcK0xKawv3CgvxOHcjXBqnCGSVcOt5upMpAgkw54ZxaWqJXqyhFuwUnmywtzo46yC6KvzQQc9tfL1B9K3oU+MT0vl22vWb+0Lf+ZPccL0Zt1Vo7c7S+L6sEFDGA+z74v400bOtFD5pPoySzO82f2RI+aD0cO71iR8QdY1NDbmd4X7Moe\/yOsMq005\/rpHUk2+xJ2FPzq8yHfLobQcqchii0EMfDk1rPsS89JSeCNY+vs0QJr7nQooTrHMjcFcBWoVkNz4ZMShcT+41geU9drLAJFokpeyDmOzN01RApZm2IhjjYCjQouWgT\/RoPALA70snIVGTxUaI8effEdV\/esvRgO0wPS3ufzmveSbRNR1KcV3V6t4SuvG2+qOGFSPTdVrzd7HwpgVkYmpC9kmjvG8DKo22x7ZojgSkioA0bYQ3x\/KLQBexVHIB4Fzaf4jo+Lvjudx7sa5tts2dktvsRG3D+O4zxLAMtTsnECcINoJkxhsYW9jjkGEoUHGbtEErWBfZfnh8zXYheEpRjjsN2JBNbpwEir2p3EFFNuMzs+J+nsSyty4dS\/NSH4115DAW4aZcQSwLfK4aN+vZKGwIXYj1E4VOhcmeni9823p5qJQhVsRpFzsv3nflFBO\/2jt2Ejyv0rmMMyF5E9UNOP58UMq+sLQ+NnFaJNiaL7FPFtdEziXyVmwzDrEseD3Xtqj5WXao2ssrb9ELRX3v2h0LqYPqr38ho12KiIjeOF89DmimQh\/R84lVnYxOM45NO1EI2fjHnuvSSpL++OZVJ3Pdv3A6wgrpI+DlboZ3MxMau3oF11F74N2YkE4kQ+yG51LL46zd8RHea7sUx7RrEcm2QsOvwgrrU\/Z3y\/quTgZ9MyMsxzAE5Z2ywzGQJ+tVm99R+d0LrBTiXATdH0bTOf+ppS6xyk\/7sY9nVoFyAXPE7MDiKYXlY2h1SMzUHpL8AmcR3wAnQ1a2QDFvWLtLKW\/btEjTf2b7ByngLAfA8CkwmSsL24kpXymT\/ZhRFFnqnXNK9CXSLgl53RVBDcmmqQgxqUnZfIldLBt46O0LHX2Q+Q92YDI4WDBqGsgXXpY\/4py77CpzvWsdICv+Cv6g0K52IxIthchxDT18F1aoGuaKPfIYvjZakAYa1kpKN8XUWEQ7w+enUpmmYfpZ0xOh9vG6o0hjQVu8X2GXtJb4GVQQKUT63WyKMfspY++Flxrxr5vkDm1GmVTyDQiHqlpI270U5lH9CYOYQz2cKc5fxJWES2\/\/WZtNqYINm4e4GZUsTXenMiwdd918MZCq4CFYETnbAUx0P0X1v+Rxh6KAau2EE4GKnCJgPdrvzKpOHtaC0U8wdRmYn9lK0BTXw3++M2TAKJ7kPt1R4W4mdVG9PQQGlwVWPyWPj5pWt2DnNBHNUXj0FX3zRrt\/7+DrzSqWNFKrYcEaRLurEvc9I9wibxxwcGNF\/IAT\/PHR810uEvT7csMZR4O5za7JiCcKZYtoTcWmUJTM+hP1+5SQaIyACBf1xadt+PZzeKqrxvwpLFA=="}
@@ -16,5 +16,5 @@
00799{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":761598,"pkt_caplen":331,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":331,"pkt_l4_len":277,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAARUROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wEVuTVIscMlcwCs1m1BUJrKtWnOgHqeDT\/l0P5tRe3mjlswsJWk7ZHBihFcDAJ4WBNoI2+1WSXiaGMiJPk6HNHhBMYac7zhUP1ea20\/XBC14rICg3JIceCztDYghuz4mkH6hPCy74wirZ1q+hfFTFWvpnozzlb\/xWXtR3XR8AA1dsX7n\/IBTtRBREWCwQd9xUw+\/2Kq6q9SHXC5f2Q9LmSMloOP8OfRHPG1tM5ATfAMZ6as6sQAxJBHV6Sgw3VpDcZOvVbqLPjejZDyBIUmIYDXBfY4zr4VtffDWsY0pq4CUvECflTPEMh2+G\/GzrTBnEUu+nE2NB5b44N87WjMW2g2fVs6iTn6F\/zmTI4RgaZqOg=="}
00474{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":761926,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIACgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwAo+r9RQAXJhFchLk8G3cLHlf2GuudTHhv6RGa4bNp9y2px9g=="}
00873{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1600365863,"pkt_ts_usec":769593,"pkt_caplen":387,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":387,"pkt_l4_len":333,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAAU0ROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wFNFVJOFV85r8TQp35z5Bmda\/4gy7xWTjcVk2PcyPeU7PEmDCCTibj8O5j2MvMx2t3Zehez\/Q3Fwkabqn9Gng6dHvuSrFzjTxmqbSrnm7HGyMZr14EARqqO3OBgQ9D7x6Cd8yQGx8hKBp36sWTXi3SZe5uNWzEWfSikvV6swcWlrw6nwXAvPX0Qqt\/w\/tDUQOWHkhJSWnzd7P74FlBdSqel46D1qWYZCbGLGiFV5T+xKzKbeFSteb8rShQFzCUYMT4dAAlP3Qu+J+6zcctNPFU0NHL9g29CiqeomGbPIDP1Gb28EN6h31bpk3Fll3IccI66k\/NpcqQv+o5E9MaEPy88n8cbnHVu0H4esytSKdg+tfpPJckbnlS\/DK\/erDDhRMsmLxBIKilQS\/lNJ2qyfsfNQviVS0sIFl\/F9Yyet8+l9Rf5Iah4Jd09"}
-00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_tot_l4_data_len":24689,"flow_min_l4_data_len":39,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":822,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out
index f5115230c..5e3ed32ef 100644
--- a/test/results/quic.pcap.out
+++ b/test/results/quic.pcap.out
@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431155536815,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431155536815,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02200{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155536,"pkt_ts_usec":815947,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00615{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431155536815,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}}
+00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431155536815,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}}
00988{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155536,"pkt_ts_usec":861947,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="}
02220{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155536,"pkt_ts_usec":876004,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"}
00439{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155536,"pkt_ts_usec":876734,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ZHACjT05eJKcD6iOCABFAABBHZJAAEARrmTAqAFt2DrUZeHpAbsALSjiDLLeXfFPVUXrA67v5IKthu5daKgPQycb1I+P+X02zD7nMJ4gZg=="}
@@ -16,39 +16,39 @@
00447{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155537,"pkt_ts_usec":818989,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"ZHACjT05eJKcD6iOCABFAABEHbhAAEARrjvAqAFt2DrUZeHpAbsAMIpKDLLeXfFPVUXrB2XGEJP9\/x\/dpEjZgXF6tI5h66OYJF9zHNLajuLPdA=="}
00597{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155540,"pkt_ts_usec":938130,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ZHACjT05eJKcD6iOCABFAAC0H3JAAEARrBHAqAFt2DrUZeHpAbsAoJcMDLLeXfFPVUXrCNk+Wkv72vmVDQX\/353NmdXyBHMZ21qEUqbHryHEid2LGNVuOmekL2sN6JZrGf36BcrcJn0q1HnCFMUN3zw20FtxwuXwoNBveurL2CVkYF03BrbRGDzdPyC2uozYyq8Zx5YwRHRC+ySWptvLT5idyQYD9gRq4q0aXz2ILQFnFJXzLB1KhCuwZrvy1lvv73c="}
00567{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431155540,"pkt_ts_usec":990903,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"eJKcD6iOZHACjT05CABFAACcAs0AADYREs\/YOtRlwKgBbQG74ekAiGyrAAegr6Vh4hkXr2y4tmkJNW72u1rlC4LxAa0sEmGx+ZotLWpiDoBRM0zOZOsBdVEqWonUuM9y3q1ycMpXk0d5e4of\/qLauGHWK23H+XQ8+ruz2y3H59egPCzssO+TR6\/ImbemzZRiC+VcGigbOgvuVLoTvuS1DW9IBfDe1mxkZ4o="}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_tot_l4_data_len":240832,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1461850699450,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1461850699450,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02197{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850699,"pkt_ts_usec":450756,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1461850699450,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1461850699450,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
02197{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850699,"pkt_ts_usec":600955,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"OGO7P47K7LHXhMJyCABFAAViIotAAEAR\/vkKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwKbXvfkbQpZgkUtS3wAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02197{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850699,"pkt_ts_usec":901030,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"OGO7P47K7LHXhMJyCABFAAViIsFAAEAR\/sMKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwNQcq6EZWnphcq9nqEAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02197{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850700,"pkt_ts_usec":501096,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"OGO7P47K7LHXhMJyCABFAAViI1JAAEAR\/jIKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwSJFGwp3LQh28QKtVwAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02197{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850701,"pkt_ts_usec":701181,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"OGO7P47K7LHXhMJyCABFAAViI7NAAEAR\/dEKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwVe6cdVWYyeyFNdPaUAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00490{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1461850703,"pkt_ts_usec":450276,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"OGO7P47K7LHXhMJyCABFAABiJGxAAEARAhkKAAAECgAAA5zGF+kAThRmCfresOVX5pKgUTAzMwaAhw\/mLm+8ph8qV+4BQAAA\/\/8ABgAFAhkAAAAbAE5vIHJlY2VudCBuZXR3b3JrIGFjdGl2aXR5Lg=="}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_tot_l4_data_len":6868,"flow_min_l4_data_len":78,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1144,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463060980301,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463060980301,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02206{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":301154,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00623{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463060980301,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1463060980313,"flow_last_seen":0,"flow_tot_l4_data_len":128,"flow_min_l4_data_len":128,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463060980301,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1463060980313,"flow_last_seen":0,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00555{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":313862,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"8IQvSpdgeJKcD6iOCABFAACUtgVAAEARBWbAqAFprNkQA54NAbsAgHEsDKM2rKXAEd7wIt3qCq5m3TavpAsTDbAsFGxmQjrMNGgPLp5\/67eBvHP3BJ3FiMAS4anKHt6qD2LZa9lkPD+xi9VHkCY0QuwL2qSbKNzU+YmHNEsRyVDptUSV5HeCE\/peVLnXWfr\/zBYlTVvhdUjE1rsevsCPj6RN"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463060980336,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463060980336,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":336240,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAVieqhAAEARTajAqAFp2DrS7oaGAbsFThSMDaSWOQdzcSypUTAyNQHV5wqJLuvacsEa2ggBoAEABENITE8XAAAAUEFEAFEBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb205fPBATCqFxnBl7Xv68Z9fD9Nmah0fi4FMd4fkZ11E\/CzEloDogZdL\/nncpFiRZ2yDvER3hyJLRuKPu2yNKulWJLAj1kd1TL1O1ht+4DYSFzHaxW1I0SXh61LEyPn0ZJNHzIO4+v+uSwxJi411oZGLUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0IqnIQgaTDzQq3tVtNNLVAtwTevP964BOlEvwfGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSzHyexPo2T9WCZD4U6m8alAAAAAFg1MDkAABAAHgAAAGluEpDbken\/KU7Y\/ELsDAQ\/jJay9FDlf0UZ5YuPrPZyAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrcNABADyUl7\/h6mDtG4NsOVvVuJ1PZcqwDa87DQJ80CEFy8NfQNViwNoS56F6e843IHdgyXgGBymFoVuWTPeBJJ3oxBn7RKC7ZZ3lBjoLLbk9XTVRW+SbaYvzMJPMbCMtrqm0FX1EDkyftTNYRo2oN8jHq308RLDWGOdHHpxuN7oxivKsZVduus4FvpUAikTROVWqLCaDklpl4qgg4HMAiksVv2oDrqCwAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463060980336,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463060980349,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00632{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463060980336,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463060980349,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02203{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":349794,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAViOWpAAEARi2bAqAFp2DrWbr09AbsFTixPDZgh\/ntZ+3x4UTAyNQEexu19QA91RUfxOasBoAEABENITE8XAAAAUEFEAD0BAABTTkkASAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb20wbVd\/xJG3uBvID0WAK+ohpx7cyOJ2dtebsPJwjywjfFuGDbC64HOW7daWVAssjrQthDJVGy+I6s+aKoR7mAYJDhdEEUKOBhWT8KdUZ+QsCFwZeIYkra13fPULR+kjxZwRpLY7sCam2MMIw19PW15Bf2xgAD\/plCBqG73f91yMrvU7pcyTjshGUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0h3jC79n8KmTTqLGBqNDsO\/+yFOWZXiuGsfLkAWQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjS7Vl7XCOzOLURPKzlhG40eAAAAAFg1MDkAABAAHgAAAFNDC7W8XmRlWw2IWugDdRStg\/GKmfFye59SXxQJoGstAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrbhIBAFhkMdLsvVn8dBclelTniFgmv7sivZhjmekneMr+6hkdFDGQb\/mkcgr5pmlxB2Adl4UO+Q5ZRPsivx7E2pdvMReaoISz1dlKFlGYuAatdBRMcJaEN+iNYNqPa0KmC4oIMq310RgCpJw2LDB3pVyVeASJBnCusnfTUVrGDsYCI0tVvwmaJscLHqtT1URTpBOCGDqnTS9VwZ\/TQa7YakZ29aLWPRkUAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00616{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463060980349,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463060980356,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463060980349,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463060980356,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02196{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":356958,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAViY+ZAAEARbXXAqAFp2DrJ45xeAbsFTrsoDSo6NO9En0amUTAyNQHxQPc0oXq52GqfzEUBoAEUBUNITE8PAAAAUEFEACcEAABTTkkAOAQAAFZFUgA8BAAAQ0NTAEwEAABNU1BDUAQAAFVBSURwBAAAVENJRHQEAABQRE1EeAQAAFNSQkZ8BAAASUNTTIAEAABTQ0xThAQAAENPUFSIBAAASVJUVIwEAABDRkNXkAQAAFNGQ1eUBAAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLWZvbnRzLmdzdGF0aWMuY29tUTAyNXsm6efkXHH\/AeiBYJKSGuhkAAAAQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQAAAAAWDUwOQAAEAAeAAAAAQAAAEZJWEQ2AwEAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463060980356,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463060980356,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"fonts.gstatic.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
01441{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":358580,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"pkt":"8IQvSpdgeJKcD6iOCABFAAMieqxAAEART+TAqAFp2DrS7oaGAbsDDnUSDaSWOQdzcSypUTAyNQKic+J8GjVsfJMsdsljddNYUoaFl0z7yC+b\/wr4VU+uLim9cSDoCfQ+BQHWf7axGI\/0otFRZnw6Kt8qBdaHMLIkdKcN8wdByZN\/oxJ5hHJiGBr5fiEEYQesGjd7ktKww8RLAeoDPzO5xHVx6UhHPdcfqLCO0OUirBVeLWv0B2O9yzbQVc1VH+bmliqhUEJvrnRG4cr78AW8g3wScWC4rwYpeJVk\/IAAQQ57Dki1DMwjrpTDHht\/5ZKfx0L6ARDMsMT4o5zF\/akZnbDa0ujEPexxAMZmDGeFTAQkCIMwA\/gA3J1r7aP1KpIssFW81KVjJ5iXRD5YwhMXjujhZlTD7FpkokyBosoiaYQ9OlBELgrsv\/9qDO2wxdYuRfMHHiN5v5dCIbRSeNjSHrD5k38mY1aUywqkMP+2CUbD2epWgY5pAU9yj7pwB44jlPLOPZlRDlPzYteeLN3w3AP\/lAuGaox0e\/nN6hJNNlHNcIQxZHPP2S1Nn2pwslhn\/VZ\/sLfiYbgNEJ7jii0Xgsq+CMf0fQRIuCSQdHqU2jrdN+ANDhT5dE3khD4eoPHs8vCv4BKfMl7gejkwwAW2mHRMOqa7T9bOfmL\/xQjsgJk39nF1RjCMAK12Xi+dtOGE9IgQxbz9zSmgmL2yfIbOnXdI+bTM22zfHQn6FUtzcayZDzqJ6V1SbCofsr53iOUBUvhiUNinYAVziLfoiiMvfHEE5p0lanDdKZb0YpgPqdNQd16jKwJjqhYbmKL4sSrdZfI7oqtHDzJwMafbASoNSGD3Uv4mKwYKsjq2Gt5i5gDh3DTXlk8HfNKd3wJG6rjWcXbXKzMhv54KIsq1aZ1I4i1ag8lQ0v10wAGcat1qElIOAsfiTGWepgC8HR8kDowOKSvfud74VVvyn31uOyJudA\/cCGuSQ\/d7qs9IBWEXiAAAuMK7hXoYMc\/2wJckDypsBIy3x5hskbJa1d0Ahy9jqEdMlnrF69g47VNiGR6icm7nProfol9M2gJRYOL9DgN\/"}
02222{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":361060,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFAAViEvYAADMR8Kas2RAEwKgBaQG7smUFTookAAGQybRh4NjU1uL582WDWYRD2dtjLe0ntuD1Rv2\/b2fKGeJD6xTTVAUMsP2lDwoVXXJwitAjM1Ss3TeNIyNiPaVEHvBHWgnmTCyfAFo80jSe0xJw6Ybz6w3BHKed9Mf4LC34oG\/VIDlHTxzV6KkXcvqfJ+U14RSVhKW3KAUcxQl5Qnl+FE6bIGsShbMSV6P+UWlpqynVxRJTYzRSpGWAchBBRlF7EhFWsrYnblyXrD3VTjEqg879fRXYm2D6G+l3V3l4hCc8odvANTzc501Sej7x6oDCtVRndJ56LpiERNpHUkSjmM00+Wy1dbMT\/Vm99GrTmWmQ58Bhd7+x\/sycdH8p6kPEaBRymR3LuujKz\/Gp3cYG3YCBKEJqKQbhAu5X3FQ9PXBc+M62o93W9PU8b6NIWgn7PPkt\/looi8HdoxE9N0Q1KeX\/DgvtM+nwxVmrskJK6Thzut4c\/pKoeIdgzgc3\/jHyNkNEOaEuYipEhpS0\/Q+tOI16w+YZPxlDlM2uXgEDMcZKpZ3i643hutLioOhndNrgTa+7hlc5d+9fBUPIG4kEo\/3qe\/1sIW96DdumLgeq7hN8q9ipK\/OYJXgatYkOUytQ0BidBbi0s1rXKIV0\/20SDyn2cTxo7WHBdcfDH2uOAi\/TCrRfDAaRNQYOzMWy\/oZuiEP4GWby88PrtsqP7zlBhlOROw4HDIjA48YJ3izoMulzCHWEfBSraR6GRvLlvTobSdvt\/z+UVvoGEaNUxGfD3NV\/ys6k8iURbaIUpy8FqGPXqO5y1+eef+JbMhHxVscn06dBggRMWGOOEqj0iilT1RKBH9sFsvyyAlIRcyu73\/dSHY+X7jFjSREVA2KvZo6yurWHJdfQmRknszSHCEHvhyALYDYo7SRCnZFDn5E9W3gfJx9JMvRGkKHXuxSF3xLvoY5nZEGBaR+XmmVlyrTJABRhDpbAmZ5n4r9hBYxhQHxcHxiGFFAZf8z0g25Mt1TpS14HKgYd19UYag4E9v9SK0NipYTC9fTFM1QGWJgR0BKWBdAxjVtOeAxGYzbRhH6dsuYtciI4zHHsc2k8CUrpT7INwMysA9v0qD2r5uYmQ8cWNQI093fnUkc1ZiLc0jIwKw1r5S6aXpzTXj770vHeucOObKGH\/cu1fclnWip+hpVKiVNyqyTuHufVLPShgYbyGVCuWpZPLDtm2Jgl78SGXcMPJqMT\/eMThOsXIuSLcIkh41PVNQKxF5sBj\/BOj5ESvnmDK6QkupJ4WgD36Qg55pRhbyhTXn3wlt2Wr\/yvzjY+U2Y7nfQG6dNeCf\/ZR4o941mW0nR93XyOa+USW4ElVSAKkaXcwrIvcK8SdED4dYTXRprenIgGMn8eEVkFhh5c+SVUq+XERE8IzY1QaFHpJZP8fwhzTmsejKR4iNGy5hDCfipCmLS34n3Ti+BCtXRamD+5SfxUJJlOaGuDx1ZxsJ+DRIsQP+0kLMojxKXXv8fxv+kjUQYTnOJebQGi1vj1CqRIxf5a70YpuiubpyNGMG3LRDDgT1bz3u8MXCO6UUeWAw7iQ0bpGgmPr47zuIVkRhe2cIWsbNBRCq+DfTxqyI5xdGH+ZdSvdGdcCnw7eeyZKURtoMVPU9ujTUcxOz5LcEN\/TxALvQe7jb0VWnhZrurBM\/tZX7uY\/NVzfAVeTgxdzrV78G5uYYEagOMAWzfqvOVOd0DJVYOhYStQVf878CnlBQP9yq8zVHiaudHd7jYBpAflemve6zr2sCq3IlfpR3vKBjLqbY7vKTWflGz9T6iOy4tB+9SN2sXj4A2cmfb4"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463060980364,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463060980364,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02201{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":364728,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJrhAAEARqpjAqAFp2DrJ7tp+AbsFTrs0DdvEpLUMteNnUTAyNQF\/L3UOAoUxuEbp+7YBoAEABENITE8XAAAAUEFEAFcBAABTTkkAYgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnl0aW1nLmNvbbTKJy3aOx+44evN5g4\/bhdbtR7MQzwZCntatSQ+G8ewpnq2IX6bmQGJ6u0gPE\/alKxhVCh5gNqzZa48ANz\/fzn8t\/OZMVjaOBqhnSl8gs5MAKWKvx2rs4aeJgBO0M1ar5HmEtqD1e+f9L6rfh+tUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0S2TVLqHgVarrziXF9vRgZfRbyyeop0hCtvyBkGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSnz1A5VQjBXngqx54WDpGpAAAAAFg1MDkAABAAHgAAAAEtDDoRyfLDyY7FDWPOtGGCrqeP59Ev12tUbO63fzUkAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrhREBANWx00HuRXMG0vkL7viDDbkIpOBViFNO6g+NNdysNjd851pEDUZpbHOuJYtW0iX4hBg5fY5j3AROZ3LGqn4GtUunxLSKIjTGQCqElPyRHXp8aZanMkwEPAt6EM7grDPd5Xwii1XuJA6M67q0oAq4SWvvMG1sUGL2sjhrCJT2dHXvhq+Y03p2EXtsBsu4SwWblRpFN82TNjK4JK6xcJx5X0VS7I5kAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00616{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463060980364,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00628{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463060980364,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.ytimg.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
00502{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":377579,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"eJKcD6iO8IQvSpdgCABFAABtTPkAADMRu5ms2RADwKgBaQG7ng0AWd\/uADd2O2oBZL+pVdP7tzva+fHvZhkEEtFfk705wPfWHPtzaQLZxSHnInASbTD2097V+S960VCK+SG68+SzP6VbXn8\/e\/F4Y7OlxWw39RE6om32"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463060980378,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463060980378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02201{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":378719,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJXJAAEARouvAqAFp2DrS4dI5AbsFTmmUDQ+yIGZd4AviUTAyNQGAeAVQdnPN3KBdghsAoAEABENITE8XAAAAUEFEAFMBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb23Qhl3t4O7jCNI4\/86cd6fedmETl+HX+i21qzSEiNb4OJfB1Z4x91CByMieITzxdi32+v4DBxDEfj4iCcg46VL\/PH8fxOKMEzAFEjMjm3TRFNLXbtT6qGv6iFQOxYDkzP0ABTP7FYiXHH9noNffRk12UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn02TPR2k9zoZDH1PYmCZf2Zt1J713FQWCpFni4GGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQlEdwQCcHdE7bz3Yek8lX\/AAAAAFg1MDkAABAAHgAAAHebYWUW7CksegbNUHmoS00JCUhXrcp5peVS86L6lokeAQAAAEMyNTVGSVhEYnkO9pznNwziYxqCfXGFX0ALe5CprnnrLQMBAMirDAfWX8CjXhckfelJ8XlBmAh34iT31gIDz8lnlm4Q\/bpdZ31E6\/Xb4Zw1dQ4d56j0Eolero2q9ipFB5AjgjU5le2N8ZGkm7r3g24DXoIf95dR23D5dPhHt4gzaLbSHu3jXT7dZ4nC9v+kOJu9q4K2bd+Xl47r9Vjbe0PzK8JTkSpeZDmRHU3bz95Toi6T6fqfvQJWfNqRdNdObQaDdl8+eoJfAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00618{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463060980378,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
+00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463060980378,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}
00442{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":388256,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHBJAAEARn6vAqAFprNkQBLJlAbsALZ9GDEPl1BjSnP0KAohkBW4mjqf+lWrwMPohYA0CsIfpCV\/yUKbgEg=="}
00442{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":404996,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBthxAAEARBaLAqAFprNkQA54NAbsALeHSDKM2rKXAEd7wI3gnMNVg\/Bju+TzyuAKq97AJFlbG89vA9kIRtA=="}
02216{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":407046,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi+XIAADIRHN7YOtLuwKgBaQG7hoYFTgeIDKSWOQdzcSypAcCvMwGYTq6shxzW1ACAAVJFSgAGAAAAU1RLAHIAAABTTk8AqgAAAFBST0bxAAAAU0NGR4QBAABSUkVKiAEAAENSVP9UBQAA1qWbZaKGGMNu4n0IFd5qvoUTzfScMrQM62F5Klyoy\/gr13Knz1tigfd0ZqNrTwQKxsh0E3PeOsScdXLYKjs8qyiEuOy1a7C4zg63fuUtHJYgH7qkJ5NPVCX92UrREjVCY9dWARG+L7cbZT7AgaahFE1+Dc9xqUra0W3ZNGbmcka6SHMYwJHMeW3B7eVH3uELXrdKJ+QLpbj4b09tDQ\/XNJTmasaKcqcHQQkwRQIgPMYj0Pf7PCP2uxgZgQXPwKb2tHTcOJUmmbK8MQNIgfsCIQDeu6cth5DDb1874iP6IpBL709rtt3G3ayeVYw33VYBN1NDRkcHAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAUFVCUz8AAABLRVhTQwAAAE9CSVRLAAAARVhQWVMAAABBRVNHQ0MyMO4xNazIxw51CPh92NozyjFDSElEIAAArqfGpWlX\/ID+ijs5XuaY5l76DioG\/jdi0YAeXXF\/CmtDMjU1eOLS2hoopbZAEzdXAAAAAA0AAAABAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQpo6mgbqB6gLlBYqE\/JODrSszjftYydWvQWHrJl8LaGcoCDtX+zF57w+1k7kVtnVpynvVDocqpnI0GGrun+excBbbk\/WtwdM1pruv4DC9rbrjjuzUh5nbWX\/pvc8t5nyiovfjwmtmI4UJXPKZTu5BF9\/Zcy1\/ucu1+fj1my\/1QiLLjwa6eC40ny7X1+yaMeXv6+AnN8+Hscy0b3aWiM\/4f24pi0LZ9UUc95\/XzHjyptDwc\/Gl7CxFnY+ZRZOXZM9a4Our\/25u"}
@@ -69,17 +69,17 @@
00447{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":457563,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABEY\/ZAAEARcoPAqAFp2DrJ45xeAbsAML5wDCo6NO9En0amA1Q7\/sWx3BcMDqA8bo4ViNBU0n79W7TT2LrcIn1lUQ=="}
00442{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":460380,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHB5AAEARn5\/AqAFprNkQBLJlAbsALTJ2DEPl1BjSnP0KAzjJULyfLco0lkyo8NxPEjOmoNDcdH7jUMYuMg=="}
02213{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463060980,"pkt_ts_usec":460459,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_tot_l4_data_len":5525,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":920,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":45,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":45,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_tot_l4_data_len":2761,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":920,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_tot_l4_data_len":6307,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":901,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_tot_l4_data_len":4164,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":832,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_tot_l4_data_len":2716,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_tot_l4_data_len":5432,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463075953299,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1463060980356,"flow_last_seen":1463060980457,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5477,"flow_avg_l4_payload_len":912,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1463060980313,"flow_last_seen":1463060980404,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1463060980349,"flow_last_seen":1463060980446,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2737,"flow_avg_l4_payload_len":912,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1463060980336,"flow_last_seen":1463060980436,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6251,"flow_avg_l4_payload_len":893,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1463060980301,"flow_last_seen":1463060980460,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4124,"flow_avg_l4_payload_len":824,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463075953299,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02200{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":299562,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00622{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463075953299,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}}
+00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463075953299,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}}
00860{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":300127,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"pkt":"6HTmLPTkABlmWmaMCABFAAF1aTxAAEARYx3AqAFt2DrSzomkAbsBYbFkDby767UFbXetUTAzMAIyT2zFCwKRbjpW5pKGcwa\/zOYtI4ibM\/DXTo+3hM8QHjQop2VE57N\/4px1Dr2rh1Of6fuprsXKXOLDTQHDMOztLE0ibzNUs5cviwMINA8HUKs1w\/8wSCAJg+c5E0s64vzHKdQ5N4AY1I+whZj+YXv7QX9bQtyBCP0WJRsK41puLJyY\/5rYf1WXDzsnCxRRei33WDvMsb+MNKppe2kXK4Q1DqzsKviobjh+ZnTmMaJFKxfjljXwNv0dsW2Nhjh9NEpVNdRUHHe+L\/umz5nJPSc8m3xsZrs27PfAfYs3O4DQT7zrN+rUD1tvAlM6ojpuYBXQUKIqFg6jkPkLtz0lnT5ofUC3bxq1J8gFqtExK3aj\/kH0as9Y1tYZiRMdgBmqLNq1Ru6unJsdETbKAQha1+Pgo4qtxiVVhohC7TEjAQj3UwwRrwKowX6bUvpY"}
02210{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":334920,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxkAADQR+VPYOtLOwKgBbQG7iaQFTgWwDLy767UFbXetARhGCjp5JYP2NRSCDQGAAVJFSgAHAAAAU1RLADwAAABTTk8AdAAAAFBST0a7AAAAU0NGR04BAABSUkVKUgEAAENTQ1RGAgAAQ1JU\/xIGAAAt19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hTBFAiBs6kS1HuLjC8x7gQEfBCOAowmjvDZU885lgtcWaGEy0QIhAPm+1mJq5QK6WHRPaEUwOfyND\/8ufeGnt66391Aj9lqnU0NGRwcAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABQVUJTPwAAAEtFWFNDAAAAT0JJVEsAAABFWFBZUwAAAEFFU0dDQzIwWGClOjtYNIHfmiHJ0bGFX0NISUQgAACup8alaVf8gP6KOzle5pjmXvoOKgb+N2LRgB5dcX8Ka0MyNTUSxc3dEjis6kATN1cAAAAADQAAAADyAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFUe1HMJwAABAMASDBGAiEAqHfzHEY9KN1QjXeaiZlcHt6ybhyDsnLIoo6e82Zg73ACIQCveMl0OwuTrVY5LqDcb5TIihLD6ZAJQlUDU68E5\/BK6AB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHtRyfMAAAQDAEgwRgIhAMWc6riI2T4lmoQuPyvTrFTQuoCnh6VaWJBNwHgCZloKAiEAiHJhhSnJcrUXaDEZQLClSBLKToA3CEOVFu+IPvrOhh4BAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQ"}
02206{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":334963,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxoAADQR+VLYOtLOwKgBbQG7iaQFTn+aDLy767UFbXetAjcEx0PBrMP0Mk6hSQCkAS0FJQGmjqaBuoHqAuUFioT8k4OtKzON+1jJ1a9BYesmXwtoZygIO1f7MXnvD7WTuRW2dWnKe9UOhyqmcjQYau6f57FwFtuT9a3B0zWmu6\/gML2tuuOO7NSHmdtZf+m9zy3mfKKi9+PCa2YjhQlc8plO7kEX39lzLX+5y7X5+PWbL\/VCIsuPBrp4LjSfLtfX7Jox5e\/r4Cc3z4exzLRvdpaIz\/h\/bimLQtn1RRz3n9fMePKm0PBz8aXsLEWdj5lFk5dkz1rg66v\/bm7SZ4uw2wqzBVIbeU\/6rO+YXbjq4OEa1TIXBpPNElHFLxc4XGYuW5q1X+7Ls7qnT43ZtD\/5mu3V+ll5brrjxuk3J31gMTd4kny\/\/2W8wqGSvKd39b5MWp26xxgAOnpZFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -94,5 +94,5 @@
02226{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":428061,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ABlmWmaM6HTmLPTkCABFAAViG1QAADQR+RjYOtLOwKgBbQG7iaQFTg9DAAdNVYQf+iC\/\/853DRLv9axgfYBjztrhLSg1s8tnb+0mxaeHezcc8sEddrmKsZSRYWcrYF9VCqiHXDNKY7dY1PB7CJYNS5aD\/r21wISS9hMPwdB21G0Hcu+EwnECvwvM\/0xR9AM4oKNl\/3Fe9H0H4yUBO+KpL02GhxngHzlMTv97MiyJNHcU5XwZRgKsobi246ls5nyH3OCZxd\/WriGpW2D6YWBfhEru0wVQ+nFW5usrHs+808xWtp9abq2fIE8jKQM9AUn07ujtqFyYYp7H6GsqZ2djyBzhplSARzFL7u8xxm+xJ35T+W5\/3hR97w6FY+61zAgwk\/S\/3EuUyCgVQFfmkHLxa6ffAEzwOTYE6NluPvfUV0vaIfE520EylO59UTrD6SOhmFdEOPU0sTo3an5mnvGPF0OObkkn6zPg8lGg\/Xk9uTv6kXKi18HEk3FdChYdgWoLPdR8RpexHHhk\/KYCZeLsFkh8eQabTnrsLoxUB0M1cdHt3S0K4onDVqG4JaGdOeCx8ckepZs+FRor1WlvquFD\/IYEYz9n1WLSGD1C8PAGI1w9AtK8khS5UtdPZPtePvZ3UhiZviplzXovmyqN7iGfs+7OBMKQ+v+fJgg31saWnMURKaB3mzV7wylK2vPSxK7Iq7AUQ3FLWKc\/D34uZL3FdKdeQAxj+fmF2IXJNSY4TxrLZm1Pz8Ot9ccSpLzARv7TWoXwWYw+V9iO1HONycd4WPSVV6pvGAzZELYGSsJLiQJCMrMCGhXkFA6skX5RdZyRfJde+raE8ky162\/k+onPLGYaZSA5H+DU8coiAQ+7SS+pMoZbHIXREskFi3GgirDbcEc3S51yo7dGJwmt1DxJcpvtMIPYhsv+9iK5hN30QQhogta+eeJMk0oDeG\/zTwwAgZB0i04J\/LAbx9IqWhahgOgjWQTAVzkAZ4qFtnNgLQhQFsU\/EoOVwH\/CQOHRF9NWLW3zLjLAB2Q6cru\/cATFHBFbG7lpIxZaHXMRhMgRTPMPqUdk6ZSthg+ZtlB8VOTykzthfFzwa9eNEbOQF5LdqraJbWq9yQhYRvvt3Fqrys39jzAHeCuynF2lRcI1vJjQWoeaQN\/2e0KkJEunqTGdkXfw+mgJdEvWZYi8+p4iGujkl9OViO0hLMmbX1IiYinomNW6RcuMWUkHc\/N6Gkf9x47XwRy5bF7i3AysneHT0NXiKScMqzQVzAZMmJMfcGL5JbR\/H\/Wm1ZrLc1AAVot4upxeIGzzckokXpU9TRMFJWZIijs+urWA9aAgjBWTCh3THScrEgL6pJVhU3VYARS3mfGP5HLAc6C33xhvYf9m15dTcFn+nCmsQf+oYlReM4o+dZi16U1hDDlnYctSQnRdyuomM5Cv5lG+9ZIEGCbCpmUpC36bVLhK1dOOl1z43aDZL02uWMtOdwTlTXw8zTgKle1Qpq7MRETMxTvFWWO5UGb7dMrK0+6uK6z9GCWNsPBv1QI3UOSckN88QmdpxB5Zm0OgrNSBQ\/QfUKjp1aUPiJdx1CUOaMb4EvAQgUVnc+b6f0pS5eyfiwmzd\/fCfIEdPACHCrZVZR7MOe0wcQUTnsUk12JTBMut+jzUQ8PAsH56VvuhvVc+CzBC\/a7HaXhb153HKPnZGVYvtheUnb51Phx1AOdOTUy6mbYJTr8ztC8UUfebEUiRJf7mveK8IP2PLTb1k\/fi6C2QvpDL\/c602MwBIC8TEJ3tTJ763IFx3cn4NRzl2mbKI24Fubuvhc2UMlR9hQPX4rX0esWexvKpDui+X3OzHWrlV5pGYL5pD\/tM"}
02228{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":428507,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ABlmWmaM6HTmLPTkCABFAAViG1UAADQR+RfYOtLOwKgBbQG7iaQFTqXWAAj5CaSOKUnUAmbVYxJjCiYKf27SpOrRU\/gvItHJBLhsGyh4WeXfwYt5YzSMbZNmml899qQN3A4wKwdsahus5C1yoXENkWtilCnVV1NqJAqiaiZKq8NvECrLoLhms8NiYEYK58xEerw3FMM\/\/B5RUtrf7J6OWB6VVOjwTu6DRXQXubQdhEIZR1WSDoZq0CSvZP1\/\/qxYoOcwnpFW7FU1pA5jtaVZ11kUW3DKUikzmXrTX+WkOaunhYNZffb\/5FxdZ+fwjYac69cXVIn02n+v69YUgdUkH0j7MDzgPK23MjPCQOwZTU+OASdqebPcVZYNFhYzD0K7Hs8HmkfPBnbpYgcxebN9x2A34ItdlBOiluxkftOpWlGk8ReyA7ziEDZ\/YHMiVE9iCI0k\/Q+v5WOAznVQS6A\/JWDLqV+cbZInQSh90ZSLUCkbjoycP65jRWsJOUPceBG3urCE47BKEOhDxqDE3H\/b+W+vZIem18eZOSuhWCRqb5DINDkLKE0lndwbYQxviab\/Cj8DCDdnw9alf053R8C2gR13TUJkazv7E5d2KJBwGlyhLse2tugKyHrw6VnWSCLdmLqt0viDh+YB2F0HXj1CeO1nSSCwaJyrwevh+JMhr28U4GZuq\/8iOyCT32qzGATTob0blSixKNU0nrsG\/edv7ffcTSflocJCCoGDIPz5k\/SvGRZr2+wiLlOODRBoy+Hp\/ZoR0zRh3yZNqocZlkDIUTBKznO5qQE5ST89RU+D9ITBzSFrjm0vj762yqIYQn7atyujrlIguI69oV7Uc6Yk350ppgZezdDQW6ZtU0dlUnsQnioVaxPeehgPzqL73Erfq9hevik1cXRfPmRlZ5pO1Uw4ylyXLqBwN6FTuhy3MlBp6n\/uhx+oAHZ4OKTas4oRg+Hw0eqVSVAp7\/31bth7tMA\/d\/QvSAq+SGeu\/ZG8PJfRr\/JAqIBREhfI7VSdydJ\/Z8i5liX3t3RBpoNk4MnqDqqqN3fEq7DG2oT6\/HH2wCLRl+a6gq1ey+VHx4cA77wpcJJa18slC8C6\/YCKR3WSTuahSzjf0ZxyWpoeo7O6oRO+Cf57SxWUyMRunJe5haUE5DRgyRVgDq2A0is4tTVlm\/kJfuyqmGi5p1nqgG4qZEBGwfhr0y5gpp3Lx1VLOMafrWWWhBqBpNd8pBfh3SRrpJOttXDmB5hqTwMLYFH2ZLTlx3d8IpZ2D4ldgsY6R1koCzsXCTalO+Pzz4uWCC4Zgch2qTWN\/OFSWw0up88D1VEWTiWMRCVc2kK93LkjpiwYYtmTKan6lA2pfFrIbq54rA63o9eAcfmJNpm5SHUiiJ78V4tPR+3\/h7u1nPyawsC3CxXYhI80NKw0S1ifJ3ROu9Uht4TB0mSZIC37xbVJMRc5V7yHr7jMm7HC2uupUP1EvqAJK4hH0WsmillshZ+c+wEwn3C6AoDqkGE7zn+N+irKocjnIy+AKnwAzm5gaUvZQOAvBOpmTUIIS9nUO++9vi09y0u\/cjZnJdoUdZLnEnwVJbXzl4\/5Pb90Xl4nkZG4lnlw4iWwugzfcKv2gmQrcj7fgBoWmUFb7\/Al1Gqv8kDW4YFYljNOnSb2zx4pIFrtDsnSHDjAGCcpqBJfAF0pU1prbVA1xeAIziexP+bu2yxJQUbJ5c91WDE8sAsHyx0U6W0KaPB37KCcOeRdPh5DyE0TXWkBvFFdLL8bPo1DuyiGwAN58Tf6RNwW84tYPmvorpDe4A6SYnvb0FQMw9xhbrYe85U0F28h\/Xu9WAQdT9YFiGPEpyXb5ViEL1AiSGEH"}
01956{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463075953,"pkt_ts_usec":428518,"pkt_caplen":1188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1188,"pkt_l4_len":1154,"pkt":"ABlmWmaM6HTmLPTkCABFAASWG1YAADQR+eLYOtLOwKgBbQG7iaQEgrfkAAnf4DCMrsUbO\/ngChm3BUxvj6ihF711mBPSXPVFdDhpSOtcrbvY1KsY0f4vCqIi1MXzoSbEcl8CFyGdECH08WWlYgy6GmXJ+IpdKgMRIunQ0WNk82BxUlyvqQQzyafpjH4+5Y814Kb4YgqBF\/zJ7AWokLdMqZd2sh5fS4lv7RgAT+IwyMSp23pRzGxvNPTD\/VBqoMIIcR0xsXYQ7cIRDkEghEXLz\/miWktIBLJB+76uq2WcJL1iRBTB7BrhW3xzrub2U\/qksP\/rNCTPyoRaGvkcD6kS+cZjUHuSBrbBFfY\/kFvtiyzOt+1dUS2H5WvK\/e9cdd4hZTdVW8z0+NuWpQ650nDVcLNHwpcvT8Y7kFGRH1aJWlNwYnCjjhjFGL4WJ0nGves2K55q9L1NWMo60zkIPt2gSkDN7ic5vrsZJo2pbLNjLoHl26mIrU9iwWWlSyPBJw0zLkVPJRtg6rCHPZRO8DI39uhPGktSe6PgYTZq3cvhG3I+WHymsGbmr3SWPKy2nJ5Icb5lItEcNjwBHM8VuWWpEFkLmCY1DSf0YTyNPXH0ray\/Zb9BueH0uIEmJpW9lIgxkUn8Fne\/+5B8hXt+Fn3ULzd4BLoKH5WoQuZW4dB0BAizlUCv7XkBpKL1jJ\/Xa0ynkC0\/GM+6y6rPY\/N2RBKBls946wbH1MamdLsvuDy0J+CIMnAU1VbKQfcuzVTDU6PyCd5vjc6L39DK9LfYRwahFhdDInWWn6Z1liwAY0utnhWQfYKSQJW3tgH6I3sxruO6UxMDcvLVAywZuAtwP5usEfc9neWEWSGAS94nId1TSYp\/UnV2jfx6M+\/eMtUpc3UoXcMVDvYRCMagfHcjPYbOvaBXufrlERvzBra4C62\/8Z8sz6eWaljp7aAzDuKzSv31lgrX9j0JQF5yFUGWET+shJydWdq9Y9lg4eDmqzM1DwA7N9pEuyM\/BI9BypXeQmpVKTaerJ\/uedM64ldi40vJlWQi\/6fsYMZjeCnF7d2WXDVfBiu\/EtHx5p7cDiKTY6u3IcWJP+WvWIfbyrSDxy8ul9ZxbCK2KP2dJslbz5i10BRktzGiNojUoZji5U6mCs9XEQk6Veq09SpgVmPX1kSE+3SW8D\/uGNOm1fmyOP\/xKDgMBCTeFDgZZgVZV1oq\/p2X0qeAs+5fQFsMMtl6tY4Bt5P3ohcc0Oxg8FEqUHyM6zRnP15PIOpxxlN\/\/s4SZSt\/aMq\/IPg2lPmc9CpcJMS0L8LVIyaDXcScO1DvsyEALATmTDycfe2+tthjTeQnxlEsN5sjob5ccENZo1PjR6HhP2LlJJ2bD4T5tGRBb1rdnIqtT8v8ksY+Yc0uO63TLrkRWlws+y6ccPBHNJzsgcal11JK8nMhJeJlFRIt2rf3Hapg5hwia\/UuQUfF+4cWZc9DvUL3MSuO2Ox\/iCroKvXeyNPw3CVhgyihJPqrOqtB4BuzMAouyKKIjCC2KhyXI+JgP1S2E9CCp7Lj\/eDne2tDHDryZxZ1lwQJntiYx7Y32qZi\/GVd"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_tot_l4_data_len":56087,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":812,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out
index 2b2ca96b0..7007e9e2d 100644
--- a/test/results/quic046.pcap.out
+++ b/test/results/quic046.pcap.out
@@ -1,7 +1,7 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic046.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584456191933,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584456191933,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":933380,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00631{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584456191933,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}}
+00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584456191933,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}}
01113{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":934367,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="}
00509{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":934926,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="}
00611{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":935486,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"ILABHGh4AJqdnpsZCABFAAC7VxJAAIAROfrAqAHs2DrOVsWbAbsApysy01EwNDZQtKT59fQu3TkAAAAEGoZh\/DwxLtrSzyqJ854Roncx5Gs7D0zANVDYJDSq9ZjYOSmqwn64xE\/98TQx5UDzJnhlqKbtmmx9GdNWBnvHPQrhtlm4nc0GLmpl3475rXaAwmI8156+n7Ch4C0\/lA4\/34ra3CYyszqi2R+muQnBfwOAYH3\/4zLKmFK11tcYmY3Yy+jQ\/7Jp25HEdC4A"}
@@ -16,5 +16,5 @@
00705{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":963272,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"AJqdnpsZILABHGh4CABFAAD\/AABAADgR2MjYOs5WwKgB7AG7xZsA6x+iQAIyyA8Hh0m4bZdW42gZxuJGjnC1NVNo019gw246djPBq+O1rkBSBlV47fUDNFoD1rcyW3VA2Jwm277ag1xX1aphBr+2VmvzfrZi9Yd+oW\/hpNmzYiTyxMPLBgyrS\/yUtwO0olISYQ3Sx83\/a9UJNp3n\/w7f0omy2ENTYMfvjgjmxj1FxS7UFmbk4Jkp0afE47UqGDLnxprAweKcbd+cUyhHjjW6AZzubY3H+Q7MaCWDLYH+udDVK8w\/6Qe7I354uH4J9P2N5gzVfj9wWBS3t03Jdj222Z4OFIbKRyC2I0UMcnA="}
02220{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":963488,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AJqdnpsZILABHGh4CABFAAViAABAADgR1GXYOs5WwKgB7AG7xZsFThSKQAOAvpIujfPXuO6ftDZHkO5ObWeGwv0kTM6g8c7RkS2uYesm\/OjqEbEv0CKOemYtHR1IMbYP2KjBycm+ijMHOjJJ7TD4puUehBYTakXtyQfn6UtdEifZii6b8ZPJbDW61mdPkdZxiEwcMLckycECj8cXpMGXlvn823MkBsBSoSaCM0Ub5HMUt2Im6rRfnaCagG0MWgQMpnukekS1sbgAEfQR1yxXsi0u+crvlOolnskNB3\/TxhAHwKlsZwToSAqYaF+OKaYa+iepBKRbwLpWWtx5fqAhAsHaCqh6zdPj7IwomXiHEfan35QBcv\/Cp6qOy\/frv44XLFlj+VQ5VDOswJynuQJSdcdPB8VuHwHZO9E3CNR8aA1QAezHKPUjK66Qy5vNg0fXB1EKqkTOK1zpkqxoGkBRQsCTwJOzQ5N+p2yN\/C8jifIEGCnaw5NP6VGYJiVqVpkvs1egcYLmRBQALOa1yuq1SgxLiiWlGQlHjlCSigWqLVjWV\/7XKgRQSsgCri5iC+n5U+3EcoDGPljd+KhvQwbCOpgQXFU0cuIDfWihxZdtZzE2itJbtTYhElGbcm8MBXm0VNpLDIV2ZFQ+i0ivj9npkURS7n4S2bjuFcLwGSASB9hMBKTp9cbH8cZ4l5jC4rPi1\/GklCyoDxvRdcQsykCQ4lzXNKcfDZ6vfe2vtGkXKt79HCLwHLVPZFr0HxPHiegqwPrcdVfLmgYPxdVf4icMjQFbGc43APhS7CxD62LW872xeAmh4zZ4I4CsDVg5do+uFVVX4lYdYyPp2GPPqNoXv5zhbGhPLB4OABvAklJPRjn1X723w8Z+d6YRPhqrJ0Rxo3\/4+bwddphm2UzjUzPFdXTPEoh3B2vt8oIZA8ga5OX\/a9ALkmVN1Q+FNqR2hIZvmwXuW8BK01cmyJ\/FXcN4xui4yoEBQSDyt\/duV00mg1PPI\/\/CA65KtMk93NhM6HXrHPYJmMwWNcI\/r8vBiuGfwnQG0onTTaaaafq6Q16uBUyGCQYKtnNdtRoj8xRuTPaZC4W7T2FVI9KL2qwxwApiwa8NKXRTDDjwX0G4IV3BNRcDyEigfUjsNUWQpDJO5O0pJoAoLMGCCPM3W5rxl6MIGvt66c741Of+Gwqxjs7U\/mtmlC4k0F1rmXIwJbXtf4GLek3NlgnaQUZPb7x18Nly3StzkT6NSBXaeZzoUpkFE5vWQlOZAAjdaheNdB72CvU\/AloN+YABH5O+s2Uy9tl+nnK1JwZPGy96s96aqNWly8IaZwTKNPNAVtL4cr28yWXuMXB1WxOVBmBXCmJ4MDl7FWT5u6di+yhZ33CMrT36wCB26ugS4pXk7Ugc8kqsco2nQMEBQrRwdE37Dh+tBRvywey5maPGm+784Z31dQx6NUaZh2sB5p4LSXaCco2LpcrstisVNCHDPjzE2T9cEv4Yu8tm5CsImP63gI9Fdt43N7jRhkiCJkHsyqSzbB\/VKBmz5RsQGD1aqbjFuYGr7iqG0peKGN42a\/n9fh8tZkiahlTVcrusp\/NEteOoK6v8JWd+65Pc4FWyZGsvBCo4aMppCCivRQi7EVAle7OM1K12HXsRmHZuJ9aG6PGKf3+gpf3KjvPEH86Yp\/K8AcTYwkg7bYxM74DpUiHhoqhUgvymOHKLZs8BLGV8hKr5slu2v9Ih4kJWN+cN17lmkB7PzGtQHW9DlBflV1o0ra1bvJotgm+86KmnDnmJfKQ1xVWR3T+pthoW1CvcpRYFOWLRizFaheTvvvtT1H26jL7F705S\/BWr3\/HP74Iiwy2oBSc+HfHp"}
02223{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic046.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584456191,"pkt_ts_usec":963728,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AJqdnpsZILABHGh4CABFAAViAABAADgR1GXYOs5WwKgB7AG7xZsFThrOQARe3aLxBgB4IuP2cKS3ZFA39NpBP+15OEWf22Jpc8sHpTbJTKat717iP6h1RXfrq6jSurGYM6rZ7io\/\/Yx2k8FZDOmxqv7n60K76Dlk8Eovb+EHUwR9ornDEzEqFnI5ERPefTYFAQRy61YzgS9eu9G4a0tk92z7y\/MSWyIknfp9RdJRXDbNgwwQyJ+PVjEIfn5Sxcb8ukhNxzmsR9eMMNt+vjjnOVfCxTa9miq+KyK5+uhPp6KAdBkh97rk2dLJmMR3wpsn+vOgshKNwAIWHyCAKyhutl22MDVNmz52XXCtpv2TwpdlNmQQqptuzyivHEMGjKdxBszewCZStU0cNSKw5gv3NSuZxbbEa+SpY9pqRoeBiNCDYfftTxLUbCwKaT\/dV1ISgXzwjt\/tZua13Bad1q6A1AczQpDK8bNBAEzb0rCZq1LASrcH7KSx0lCxDahh4yLD\/WkK0Oo3N5bHbrF6wsHgOazbPhqijCCTmoFublIfQ2sy1cnuDvlrLageTlV0DOxX4VpqwLLO0Mwn\/4ZfONp1aFjEU\/aZv2E\/XsWQLitO+unHUuEN2QBoytB1VGJ+7JkqB0qwL0Znh4ui98Fvi7zhY7LhxwQVK39IqHRiymIc8RqRtVyZqiQ9tSnRuwfXndZXNjZLI7N7oFk742er0XT+cPAuYyoutcRCI9d6gUi97RbLn9JfOM5qseC9SL83ojZ3+Z3O+E8Jd9AXS8VTVpqbfjKISIeR5H24B4JrPuJpFW2y5KJJZn+EIfA1ciNjQ4FD3HFQjqUgNrRptJaCZBlZdUNffjcIkFMYY2NTp1pO1RsiTdHr+WjIo8yDB6KSysbGRZtWGamQ7\/lb80Jq64+GG\/EXMfLm40xLfwBppU0dy0FTMTLIBFxQm7kTz2CgeyH+C2LwbwDauaEOMZ5Zyu2a4b9jJGqhg+5OfoLYodmJLf46Iw8nVdUEjQdNCacNVTg4ViIt6\/MFiTaTSlmKig4\/jei21qGXUUBhjDQZuD8JD9OcR7IDdWQDKYK\/0Af71hhRw6IF8+NrtA3svD0x3G9NsOG\/Dpx3cmC0m0b0iXGJl9GssoxP6ytRRRl9yoXeGPc6CPZJW9fxHx1mA8KsC9QKIeyd8ggumO\/HvblXMnx6lyKsqeqSVZeDqKHLmvu\/fkJlPzoFp1oFmMydJb6g1jJ2zxHdfVHHf5hID1KxAGIVduds40luxpRtvL5vBNhCbmmtCIApNhUocMLbjSFl1mdAphYRVCzJPvkCcrPecC1RAludqvAINCoBoTq4piorsrSBbEQR10GJv2H4VKLIwhgK82gaQKjlIfT4r69kPHuVL639lG27WhOadqrqk0ZDQSSEWiqAGpb260jFS2ddY0oAkQKVU9na+RBb4cvBYNFJIjISsLi3YpF8r5c8gGC\/X5cZ8eAW4+fg\/VR2DrgiJorieJ5X3ZQnuXkxL2r+bImsG+gTbsIXHiH4tbrfRJTsbWsVW9Pt9YPWn+GDgEBxXoWaIUnbS1dCXqn3+Ibok7QqZwO4oBBCJZCTJzf4OeWN6hoFkAY7b8udICS2h2QPr81wCHodt\/ohnh0NOmSEpqdb5Uh8bZaGl3xpuj1fGVuLNhyyw7\/iU+N1mVtOflAgeXbMcsb39K9w2HTcPnp2U06Zvoxg187JQmElF1R5aqPhoQ8e\/xxFcfzvbF3llslbMPtHWAF+Ngakk\/3G9RQIfSkMHEmoGt6V\/OozmvD+un1fo3v6SPA8UQHGfBQkLKzCkvAs\/+fRosNUPK8AgFvNblLO6rBqsYglJXM56rKEcBdOXYXx"}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_tot_l4_data_len":87897,"flow_min_l4_data_len":28,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":878,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out
index 45bffe751..5d504fb0e 100644
--- a/test/results/quic_0RTT.pcap.out
+++ b/test/results/quic_0RTT.pcap.out
@@ -1,7 +1,7 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603888789791,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603888789791,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02093{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603888789,"pkt_ts_usec":791229,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="}
-00699{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603888789791,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
+00711{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603888789791,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}
02093{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603888789,"pkt_ts_usec":792113,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_tot_l4_data_len":2480,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out
index ed79ff812..b2bfacc7e 100644
--- a/test/results/quic_interop_V.pcapng.out
+++ b/test/results/quic_interop_V.pcapng.out
@@ -1,285 +1,285 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_interop_V.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02115{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":507204,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":507215,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA0WRAAEARMO3AqAGAR8opqZMLAbsE7E3SzgoKCgoINqH1Vk80LhQAAETSZtRDhHpK7xsUlJpSgtMoVla6Pas+BpVtN5Gjcd3BxSuPRtpK\/YBMJ9l2k8o2HThiUM\/fvgYuD2Kcrxorh\/jnb6Z8yLwnCqMFI6f5++2wq3UD\/j8Rm4jH0vTA53TCV8faPBmIbc\/\/f3Tz+R2DOXZgP62iVOiBptLL3IqVZOU4IOLE0\/JVkynYUJQnG0YsW4UK0qnbcWTyRdgTGBkMmMCcy0t6nX6Tgq0WiglTiACb2fNGAUM5xWmIp7l56ox3rxd5eSC\/ouvINjM5kG8P8v2tSujZgl86FeLWEME+DY5WH6KcXkEbr69+FbbuNXvDK2f590+AqasG+fI7zBfNWo1Ipsj7l1HkYvsUvIcw26BBQurqx8+tF7QthbMubN0aD8OhoOBolJfSbDzAs85Id6ivSBG9R0jYEyc3k1vljfz+fMsTaJHmT507adZ2GD7mZXjlqTo2tY0lxTmDq8TYIRmW5S0g5AxeLYESawu5tcDeQ1F0ZZz\/81pFA\/O6Xsz+LW+nkuPcxb3FhZQ8rGk11Nxnt5bl3qx9dkKg50nnHBStrKL99IkvRWEio2XD6zIDHeUPmuj6vbPMoqWbJ1BWc1QOP8zvT\/5Lum0urlm+3xs84QGqHVu2D75cOuwNNgNZCk5Ju4VXwD1CjjYHIrh0EPYz\/YpjMoCs1JdYRQApUEYvXPrOftFHyRWo2ChQb33MFXFQcv8wO2\/5aJKqYdcVeht\/\/qNdSsRFnrxK6h2aWdAQ4Z7JbsFvA\/hTb+VL5L9GCSqVojyjcvz6pXj+7VmERo1L+Pa9BRifjy0iLNfjP5wofltooS4BlzdCB4aUHHGlTH+J7RtfENSes5C1MkGk3bXd4a77aCZrF2RKt65BuGoTHxCIa46j\/b1GLm8VZzlNV59q4blAc5XL98HTRWrj7Lyc79Dh8jXnEXwPmDWmW9CsA4Ch4D72guVA+3h1lyEU8sU8aFmgHNkr\/q70G96HCmPexSIjjNAelbGlp4sZrLx47ftxlllSk4gO\/H46nyfjKhEcW56k2uyhm8V4HNNWN4MpbIc\/Yfvdrngx7qWGlmiM3iNJAh16I3SuDM9QVUwv5ATd2ADCULw+erv80Ft9CMpIikvknhfJ1tVT8peEKIqu9ABaR5GMoofySzXczjefzyNV1DG6SeWJ52+UthtjpveV9nHmvLuYXnvGea6FWcjL6o6DFccw\/MPYc1ZnxJKIVJl7s7PzYYTQJo6uzu7RffuRaN3XTJ5SsTndQcokexpIO49TaPuPvP71185NglDXOKS+OmNgUpybmlmuhSa5FYUv3bbW69PHc\/kF0xzXBLf5+J+46p3Nttr2OqPoeJohEZHRVI\/6AiZJhhgwvTHdeaUhk2xf9gKSkmNoHccjkKGyBBA6zyzqAsmTBzP1bnAJvuFd4p4mvR9AAMpTZsVCt4+YpaevXhHBN80S0SJnJ8GYSPTlTDk5S5LCl8ACcrSmYkJfN2QxrZnjAo\/7X0BI4v65EBgE0aBU2rS5E3V+L7+ROQByi56sXJjXQwyagtcG5I2ud7++g9fSmh383\/sJtnw8\/3hGH5RGGOTtYIFZs7aGYDtNUkdsTHzAAG0WjFBvyjkoOpP88ObPBQn3FH06fbbow+5Nw0s\/GK8dgRoDVdGM2xounw=="}
-00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":507837,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gChbjBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrk\/QBuwTYWzDMCgoKCgiUaZcozIAAbQAARL5emZhgck3iuC3JUSB8iNm2XjGzLpnCsBWAY4Ojdy\/\/5MzHp06LTPIVKnl9FZGbcpBpkxyhd1DLZI+eYqtiEG5aKS74esaWBq8RL8\/CjhVxYArCrDSr+0hp9B1y+nWDHqDWr7MDZcNsju+tb0UHpoKlBgrUvyDGQhAsZRf7r39yd2xxEzbvuwQuuQ3ed9XQC5ng8bRhq403ZCE\/MYrs6MMmD1D8+1P9lcgzES1uneCIpx1HJrBTKP7nMlE81Z1P78Gu9qUmPawKzam5r0zOt6L0vp6aYOWsVv\/E0pz5vx1omUeD8AvBUEEvL\/DEN6PQFWuaU56poUyWE4zmT1fCmpfkQl2t9VM5S0DSjV9+bnc9oeMC84JGWazOmN+3mpmXoZcYRh07YBY2MZ4VnmznfQ80K1ED3kKFM39nycCSACELzlTXDOkJ\/ktY0JyGo358ZvTutgq61KEs8NzcRLv8hDrgsQWV4XjOrAL105eXrA5f784uvCuN2fslFwCeDS0drYeuYLl2X3IPLV7kaNRc+OWAxuENUrLcJjOCAml9vIubSnbhMgY8q\/R\/4iocbJeAZaxcxLWoaBL5Dy6c5RqwmcmQUw2FcUSfarB7m6DGemQRBI6m8IfxS6ULrn9t0ZaJXLuVmX9Bm2oeGECfAf31JRuwVJ9fv26n\/XDb55k0fcO\/t2QAqH5VfQ\/XE6N19TPKrMa5fdi51foR6Wyl8S6hOCeKDO2C9D5n0K\/H4Ph5+pkEEtQs72MottYSPihw0iY\/Fu1RfLXjTA4gqlduvFyO1c3LDQtaJKHg0vklnpsW\/ahvB9sqw1bthHTeyy2PAYGFyd5\/vPsWwu1prQnziZfvuZBv4r85RGoHlFs8OJLDxJP5Unl+UHM1ip66ezVc52fyagwU2p\/dNxSLNLq9ZZZxOqPXoRe4DIj2O5EE+tg2DBKVlqsKlvnpY2O8nYNOUYb06eUwLY7eUmyF5kAFPXCNi2RVkA+F1RffYC4TGxAF6olxMiRrcrs3c\/DtIuA3v9xxQcuNbfPZJrt6p2lhDsnJl0cXW7yahBQ3t8Vob3Fxn8maWSGCm5H4l+b5QiCXjD6aPLMIVSGOxlZuOuMShDlqCqLDm2rrFG\/Ex+58dfI4GZg27KkFrt8yKQU5xP3cDpmgWO8cz42odj5\/XN7ZJEwitO8kjLFt+mYDrVsscfg2UJe74+Xm4LAVvyTj\/b5G5HD1FrTlV0Rk9tUeirRMew509ZVXjW6YJYWL6zO9lgxLgoaV8Gd+v8yh8ZKPFv9a4RV\/5RBt4U2FAY94eskZ2SwKXWETml5yVCj4zuhjsEmm1HcHzPbvj3x0zXEiI2GG4l\/vpR4uTmkPxSOziP4F5ZFOBoaoWk92Q4T6koGjbXJnLz8U3PiyS0Qz4nAzJ2kSKRwz7zoxMiMJyM86M7+1Qefwixc4jngX8nk9EZniCllUXuWjwKpDQHahASkxBg+qPeRKYIoZbqfouV14QIMHyAa5JM7alvljGBrRgRAZXmcDpn2gAJImko\/gdF0i\/5wYy3K4UZeND0xxE7m532JLVgzS2+HslCBkUca8fdagWqHn+Gho8KaUeJhRfYw0ZgBrosRDMSIh0QMCIiGRjGE5z\/aohA=="}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00539{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1603816434507,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00551{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02095{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":509409,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAK6QBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZtmZoK1IAWW54LXRx4BZnrJKuFoltIkcOXZOYajcaVAMSefQYGNrVyxL8AzXWJ9vEQ=="}
-00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02101{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":512961,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAtF1AAEARybfAqAGAA3nyNreiAbsE7OwqxgoKCgoIdQnXg0rBLY8AAETSdSNeqCjc+r6H8HOL2nfX9Nl4bt2\/tch\/k3WGu45v6swQRKEZjB5cL5PwQRNSezjETWlwl9x31DElYvPiaTjwEzV3uzPoPSD3RDsDoNIOdJfzM8eeT+YF8HtZxPxl8JfMcAWEYacVzCIRBiKkRKZDpR5dR0ouRtlV3GGe7kt0DtTyh+sL3vELhV2kHz6ly30R\/jiT47NHUtkHKuInrvyxjGqVvAYH34n7tXCBQ6D+AfZH11fptBBQ7utMKjJQetgZnmiyn4jfUks45DQLptmzmM7vacgVM1UXfvDRMiXWFLlgc2aMseReas3HNr0PU1Ye1gi1puLSN2a9gpcRb+O0YMFs0jlKm38N1LBqGTBpyiDu8QECyVyUyl5oER0iWXuG3TbvkN2QQTnAKlJqm0eLVl\/NYu3z\/fNWg32CWUDT2152nd1+esKzcxvEOyGhXuUWhYZ2f900yvrQLHcBQy2bY\/c28n\/CX4U8pxI6NyIasmjHd4xMKoES4DMmjTKarxqquM7dXQbXZLB8En20kKfdQRYHHg+reqWqS2rb8XL4IMSIg8+UsaueMDmzrfUZd\/56R7cXjRlq+VUmt81q5nNnKCMBQ\/7rvr4qOGOZ2CHm9V+uADTNbhvve0l68irgd7nnxQpElTgIyjHyFhvd8KPoLd2HsWPDEewjah\/d5eFL2o2JGexda6drG5JkIeHDe6OWKoobO2FfYrFha9u0nzvL0Czf21A7G+Hktz+GtzDop6GmMw9wX0x7PAWZ9MWVDxJhZqMOzlDofB1A88ZWDukm1Hm6PVA8JMNdUp3UJt5LtDBJLLAEOUN0BNEg9pXHjjKOVZeJN8ZQvkURagzOCo3aTho10tRkW\/\/buLsCCgS9oRh18BVjsveR+UkY4XmNAimeDQhBeVIZNQAbv63kh8fikt2GCen13aqn\/akV6vyA3xP9zH8BrXE0pnxbTdVJRyKZmPMfH+2L5gdn4Inm\/u2BD5yUOdsZkjyDYog2dorLJX+t+PSQ9uXuCwdbDKjjZw9L8++g9YMCmG+DuNoxchSfm4TcUkVs0SgbA\/r\/65YZBCmO6TdtJWtU8H5XFhYFiz1Q78xobCBsvaSvzLLye5aeCDzi6qFTLk0yIv3EAu91rP\/6ul6HmTBVTtG3x8oOLW5WVDEqHHQcQF2G5KsSqr4MhwRqiW0iF9\/6ruIt5OM0L8g5QVUhLrV+wAUx9TrMv+LPDrsvG+Dx5k4p3UodhKDHRb\/7ijQM2ozG8RHNrTry6RrGZAsgdT3BTj1sf\/spjmdgzIF2pwahJa8xi9tbBXrUI1dyXG3+uu21VtbunHyZrZPu9Lqmex5yNEoIMYh8ALvFMBlRu18WIDIANDkgo6akaO98LoftutjwPgqclkRUkaNJO1Z4mpP+D3JcJ7AwJfHttUsGFLMXeHC0rS3Jx8xlGehlDG8Gjx6MbqsW4FVSy5EnAw4UdsWYMoAQZhCtB79ozmulqNFitQkW9QOF9WX6McnEdk8YyUFeo+qc1Fhx\/ki2cnpObQM3wblVzck3qttvXup8w\/1\/pw0ra8kGRFKBe8QDkHMzVAmkeyW7Mq2NBPRoMSnnA3XB4x1u8DQAzActQ0v3Mr5WeVLSgCf9kg2BakZtD12MZbxnzu5AN97akX7cpg=="}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1603816434518,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1603816434518,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02098{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":518986,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAXvJBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdvkMBuwTYCBnBCgoKCgiEPL7zH8M0IgAARL6eKfaWNoqFUZMIorsrR+PI0mjVI6LMaQTDmquE5419Uqg0GPvALnuSvRL73ivCKJwok1RPqjtpoqHTz45vYlbMW0kHssfjLAjOAUVEArsuhMOirtE412w2RU3RQOLAwrvAO4t8cjd0tkO3FdpXC1+6xCs\/9xwo3urZvY7tv+pPD0m9iy\/nLknxJjrg3PYY9NvAu4T1Yktb5QjJpDpv3IzaFim4vDdRfhCCfZLoy9vkSpiUxLSsp\/4K4guLZKTInOo7dc7L0u0RBuQrBPDDqK4FVSYOh3qSMuIrLfcW45Du9zFvbaiFI1Z3W2Zo1htxNdAgXrRsYiaF2UOsu3EWo22nmt3QVCTvxN40wXQBY474YpdLOSzJ8YT2z1lcFu0wBMnv5wKXxH924c65Vd8jn5+Ysdu9cokS2TeRsJwGH6f8UJWWqASwvtTblbNaAA1rpPkaZ6SKb5\/2SCA8NKsLTMfd9lXR\/TPIRkDa\/UKbcYJHJmruB8l71Ug149yMVHLyQ8PV4VkmIVimW0BwUZuqJHajnymZIECYtitexCiylm89U6E7Qol819M+CywoEZr0V1MUihq4vQCqT5IBPFtDKGbeUpuwEn9i1Sgfq7jW1ZF1lUJIXXxoY0W43gHceg0ibsXFS2Cu4BfCo2ARjzNDy5YP1fNhA\/sgI1UdsrpLLPnxOQD5MfwhgvGMBjmhjcscvgGoJNS3Mx4JzKbLqHshaWSTm\/LyTt9E6jEOyn\/elJ+Uz6TroidfobWRhT8DXti09Tw4xFpYjmFZS+sjqusErMX8BBmq9NavLEXrEkHMrSv7giTu2WivWYnhggGPBzPi9d7guvk48fb3nlBrDj9TyQ7mUjwRAlCv17XyLwk7KOYmtZZXJ3321lkp3bmJyRSPXB\/cv7ueIG6B+ug3kzrxt89xujNCeWtGdEmI4jIC4JS9GS8VFpY7y1HNYDb2ndNpNf5J7iwIXFXOR2gvyMqscy9rfPY85w\/ZzY6vHurlVpM9w3a5PREuXPDz6VgOdr20pgeNU8H73abMQojEillRJA93bqllSySvQYTvxdmLNI3kPK75CNOjeEksYsdF7tGWuteetV2CpVGc4fAfn7pKXvGC3QvR5rVa7kBRQpXGu246udb5IgCJQW4SWv9D41hRqVUqIhpV+jfVmbkfVSLTLo2RzlmBj7+a2aFtIWbpD7ANiOaRAl7rP5vSHQitoEDWhRQ+6AbGkwcuA7VjuhPuIHlBFBS73grpagTsbteLREgIXGdJVrSiF6wKPaotOPfLYFzLFzvsgAarE+d+Elzh343xLNOiKrK7GDHu3e49eOp9NamSo58Re3QCUDS3FIkTeME1ExL615hIro9N+tcv+\/TrXYarHmxDV0fGJC7I0oBmuLRb11ikCjaYc6FY98talPqVaf+74l6lZuX0twbSRQ9goQdc51kkKoNwIaEylg7FfWyw5YsxdYuXULPPqj5K3zNn8+VwtSMMfxRV+4q2DeFNLKi7SNoJlVxKbF9\/5E6m0hlFWybv1hE9ouYojrE6vOOYfXs3ptJPhGZaJArOV3rdeUnWT8I\/a\/Z7lnYxa5s8i\/zgpZP8zMFkDMjgYLge9GAnCTc\/tmQghNwZWih\/TQ=="}
-00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1603816434518,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1603816434519,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1603816434518,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1603816434519,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":519345,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBLPeBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAAB67oBuwTYAdrFCgoKCgjhAy9VFSPmbQAARL7A303oZAFgGrTdGfei\/mHvqz29qgHXvt1vCJg2pc8FQKC36WDnBuPNUSWLIPLEGFVHDdTlHgEU8JaXOv5IcEJ6NZixRK+p1qGiKw+JPZoJHLOP3KMbB5ngi1RcHFIqjWkGqrO6Il1aIL5lyoE01q8y31quARUppPZlbh9u8WyKOZncFcG5VSpCu3UE+cTCqpGjHOnXC\/1HVlcF0rPYeaHUMOcvFeS7y7V49OnzF7ttNLuTcyzNKgrnqbXVeEFjqLCnQqFji\/PE8S791D2YivE\/b7eIwJzHPMOZxla3AUW1ggsh\/8zQVMk7TQ77ZAmxg7c56Ykrcym6mqal+6TN6kIdyk1r8ujmnBp2XTNKpRpO15gBPf\/xmmYsn0LfjAGybSTVfzGe+r9+hhk9FRKWlvSa0mUhD5xcSPxL855ekaVs8es5YbbQJzvgyO0E6jlhqBvBuXAFk7V5bJfYUhuvK7+FV\/vqBa5Dyr1Y4aVAg8uqmcbLqzdH2nG4UUlIo5QS\/5YbcbMVH8iRLcVUqSgPI65pQT1eOh5NtpZaGNEaXfSjJtIcZtks1c9UmuF5RZk5R8RQDxMBmTUIHRWRrWAtXGorI1rYK3OSEHdlNwZLgl\/WhBsg8pHYuSYaJpYetojCp9wSrshudt2xxyszjnmuhkGDIm7Y\/wjwl1afYHDK3hktBEZRnZVWPJaRHBs4awP9h7+ogQbF1JHMgqJ8UHjilyfki+6fs4+HR4\/6MD0nR2lO00THBaPUZEBIBanL39bTcfHJv9V2bghWT79XrP3UcYoKelpB\/ItWidO0yq9fm+CHlz9Et4Ou\/1QyXDWEp+CTMyrOG3vgDdsY85\/lqem3Pk\/TK14Hvru6JNyjBX1qQfwbZ88ltbaToG0yqFOgs2W5Arx9\/dI4Ztfqsjc+585hIsoYnSoLWOXcSri0SP6dHTiXrSLkzfw516ezxXVHyVqjVj05mTnGg6pkVppsXFLKXFlWA1e1ekM\/7pIK3mEFd1m5zAsBvdRI8t0eAjdE\/YqRjTOBuVa2i4QrjzAhkilSHIU4wsKR0bJYrKvlvC6aSvyiIhDJ8TTHnME5NeWT+7GBlVwsE5DxirVv\/piW3kABvaCjRWG\/FT17E9VSZ46Bt\/YDK2K++WfWexMUmiclj\/iNE0u\/2Uu2FqhLdisuC4yPh1npFfTyVb5gd0sFzCfXeCse35OuC0BYyIPm6NlvuaZqtz3phwQTaixo2zFFiJEmFvvuAA7ELwFzzKc41TRB1+kry45l3KOpElwYbMgfd36GZXpWYtuP6E52jGg5RtuhyBlrf788aBNf8sLkyM9xE9KcxBb5QVeJTjT+LcWZdWa+v3KGsrLCPyrX+kiGauCjQ+hs82UiUqVf9Rz3JFbGEwZgYlj7I14qfs\/YcVCcwnxGzpddMNKdr0ra2x1StoIrJ0raVEvvwlSDr+tCYZpUpOYxl90g6gsdiN7MJw2E9wvBWEpyPijuZ0KwxzCd0EAOuXWQRRPgW+xa5IDUzZpOTbVEZnGiINxr7hy0M4cxGp7iAIcmRBu08GCRc89HtXVlh4Lj0ClSbZKBKbo7me+xDowYARa7U5sl5\/iHaXVCKJtSB5\/MjfywY1OM6Rrb\/rUovA=="}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1603816434519,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1603816434523,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1603816434519,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1603816434523,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02108{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":523543,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUASTxAAEARQtzAqAGAKHC\/PLXwEVEE7Eu5ywoKCgoIUh1YuhDqcyAAAETShcZ7U61m3r3pKDSZMAlRkEkMX8IBatc2KSsG3VEj0lAsPYd+5xEo7F0R6rRII91EQq3kY6fRBVYjgUzkelUep6PIw4v1uOUHWVWj9\/CBoCuFmh0QBFTlwFV3ajZYJtEVj\/UMbkT8ggH6NbKSJV7\/7XCOY6sOXc7KO1y3bpcq5D78RQTF3QAnMEYSTjEkBHANDD5W9AIyB1dmHqwExvOJV7YrCF0Wz7pCUTi8XP9KFNvgkhOSPVQjF1KeCLRKAL3ZHtPolipZhKCqRtuCyeyoz\/WKMUWuH2pOJ\/WCN+fIaYqYSu2\/Uw9h6SGQoS6DN0anGtpDnUD0GFob1uYgJfvGsEIlEF4ovhbxwTVp7mrf8Jn1RwQU6cEaGVAGxcwFRF59HEd7DfQ2HqiN6ygOPpQYa4cx7qpW5pucG8spbD1\/cWsvhbhGqD8WXrUrT5FX8eR51cu5\/rSEZZ0hJlrQrcyu1Jo+wtEU248WCYzmcFDU3KkwLTXrWInL3I4\/3lLpKWAzyz04l7KeGoqcwCeKKQ6p1uyWxpMWebh\/pAeZzwZIk8uY57nKlrPOmivZENHW9oA7\/VrJHghXWWSPNWv94zdJtPbS4kaRkkyKA6YWscg88+FeMvb1pCnByg\/FBd8Mkh8FAhvUPdRBKBqvfa6hdS6kOEBzLUDEht1P\/hkx2oxe0tO1cCFKrfKPAgjP7fDs+HjYwYUjQcQs0Lrfeiezhk68WlVN7f3ydw4AyGklyENZMzjbp2KCDTQJw+bwFV8oeqGfVQRe12vWjCN19ZIAet6\/7N00iAsSHL0OYmwIy5kEm9ia7W54BjwDLqYTIVS2lLjOBW8eRTghxgSgQxvjGDeszyBcMdQvXcIFvNEPXDZvspUbePIw91S9T7A3jCp65i7X4r+fn3M7N5F7j58fappJzU95USbFKUMdxds5siewsczbT\/MrC2OkG0+JuLsutjVwruC3oxgf0F68j+vl1Wm0rJIMkpipHqVvhcHhV+OWaqezJa4AMHRf7fdSrYwPxKtdQTJG3\/g7anjqxa6WSX99h5LjVhbxHDD361DVddXanfGMVBhF7hsyy9ONqBFaE0X3vq+HEhBWkG9LtGG68wwwE5NwZds\/5HESH+ia5Ow\/sbVAD5094mw+zs9a70KyvM0z2kZ8P5B1wNaZ7JZ67KSZOdP\/DCz7bP9r0i+DKzjU4mo1fhcDYTbnyYL09iH+yrFC4uLIRq1vlDgFJ2X2xDITqMN6kx\/ZziHpUw0+tusqXNSXNMQMFKUZKnReB3GpZaA4xILTO73fVG7kLqQ2j9Pfhgr0XjkpujIdWgbDJPwVi0egmLmvkiBx2oWjN0pYUqFfvKMLMSROetLN33mIJ7WaM6DIBHm0ZoNLBntXqK2QERM+5VXgRG\/zKfBTkTfngbP7Dw38e4JcE1olS6CghzCOQzrj\/EPi9cO\/THKUsaoFe7VwubEl6zVajKWO\/ftqXQDEtcPyWqS1x9VkXgf+5HCH6y4ZfXz8j0oj\/gEliPbSFZd61V\/W+k+69wJ4Ve8CztvjyEeitwZuhoIUutC7Co\/agYewJuOHM9M9SEui8BMgVWEjqOMxUGgxy\/aNH+S0wwqZxbtmcgxtt\/+dU8H1VYtjo5PU7ihOGqkqbFa6tDbR7MCwkw=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1603816434523,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1603816434524,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1603816434523,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1603816434524,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02102{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":524039,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgmJAAEARCbbAqAGAKHC\/PLT+AbsE7KwIwQoKCgoIe34skUb\/aLsAAETSb8uSUd6EB7gNq4gf6KDxkhY+y87q3CLci6x1EsNvv80WGJPIpKwhzC8+vg4NXuO4unafv2NMJkJjRI6OL98YRtdvYGXB+F3JwCowCuwGqw6jTxikMXRPpRCAgRKO5X\/KxcEwJRdTBT2rlOzU+hO0yWkEtT4rCwTG1V9X6PEAkb8zWYSIsTTFWdbuo8+Hsr3EHPqfyeXbsSzOoMiqiG28CC1UB7fjZJ0W3T0asAlOYWGl8MIKuqHYSMDCaz5\/KR7GxLTjjCeuvA71YVTfkU0Gf1f4xW0HKl3ycj89fZPIImHw1dOmlLMZdNJPHN3oMEV1WzgH15lz2HPaXv7a5Th+I9CCo7LropS0BbFADYctmnMsqGggv3K7uKbyNnulVBXm7b\/tIGeDPKbxhMVyVFX\/OFstaFoYOfWt41Qv0Uz+5xguURoeuY7TUkuJQ2TlXG1IxX6EbnM98toW72ernv2vm8GcA06P94MCodt6GnFnJdalXwd3Z0Zgu8r3434Yhg444uk2HEryaQG3hHsq9RRP13JfK3yZ+q3HWXP97pXxl06amatIARReotx2af2MAxWD4J\/9LErkYyTqlEr6EnBC+7r1cV9IP3w6nfwYEb0VMSsQMzOKiqBofCNQtvNgMmkH5GMWZlDP0T3k9d+0l3FMevNqVwb+iznRosmDKbOnAOsNl2nNjXZYQXWhQqAThjmx79k1nVXVH\/HuAezLxegqma45cG67rPyGRqN3q1h5El6PYgtdZyE5yz+oVR6XOIkyz168X\/Rv7t73N+i0n+IFHPvHuQ+EK3e1BGUIifpyEElK5RsbL4HGjtaWcevK45MDQ3axvbDUEW\/w2lJrfPlXa\/XZ94sTcZvgd9dy1K9MAJdUT1E0ufvAhjda4LLkNYkdVZjhePaG\/OIP0+\/2yjL6i\/866d9NM8o49WaX\/O9Pd296qB4TZaRNaKuBx+CTsP+biUuW\/9YibPEOQBdFkjBprbbH1nXMOpEF6QqyTSSWy1mOqWI7NTc8ioxMC\/07KPAh6S5NvmgDw9rb7lm4u9afeFEO\/2Y2F04NKOOTYQjedcDqmY1izosf6wgBTRlHezP6uNhrQcmJzYaSn3Fg99mguDGzeymhTX46iCjpPSI\/wUScS13iOhxccWK+52NCIsSS1ArhMq7x5GIHJngmyLap8JYRZLzZek50uDc+cvlWv5aWpLq4oeFbzb2UpThvb0S8TbvXwHNE0GcN9NQ47Cz0xMuSlHF7VEKoW\/ldk\/T1mzEivHu6X4HhGg8NuDcJj6aZIVaJae1NxSt5gLl8MTFDp8u0m2DXTpjwFCV3AX\/hN8OLAAu3WZ+A6sHLc1Laby2OYoClrb6PAbfK8O93b7DnY1GdxskJ1zN2DGmXMfzpZYEvO6KwGvo9tWt5MopqXQ2LZWUoyLrLoGDkaMoRzTKI\/QFULy6GKZQuGdZK8BHoqiDwJoTG\/iTyF1KYSQbibwt0sOyty8uw9tMbzTSnr+UrS3c6KjbJG3GNT+Hel2hrgKBCTL1FLUatdsWvxb3xr1uQGvayWgC4e8BQxZ9J4DVcI4Jl9RFSGru0ncBQHVlkznYPLGR5hwEuTrIrbhESI0fIBtr8gRxzc5NuTahe+uchbMgzGi7qkmDsOQtGYpMw30QbIQ=="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1603816434524,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1603816434528,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1603816434524,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1603816434528,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02094{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":528228,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA5QJAAEAR53bAqAGAyu7cXJXeEVEE7LxswgoKCgoIN5KvB9nft6kAAETSHGVijjeaIj19wFPg1eU29TK6pHOMAuBm7PlkQXCoUAkcIsjKIox6Tem8bVN8W3P7l09wyVGafUKmNhonG2+PLUPwJedoIYbfaArvK\/RuwZUPJBHiPqclPj8GB4blfNLZCSxE7O80ZWg6IzmaH0ZyK96aL8u3DeLpkwvE+ZiYmPNHLkxCubDvJZKErdDSCNct\/8C0DNjLgLDA2edu7gd5la5GmHjIWyqKCsVDNCJZblHcVBL1VdA06pyamhaIutlHrJtt4MwRHnHaWsi4xtJmIF21kHBkIHdSNDwPpZdZQOo6t6Itpq1ZTpS7VN39q1L5s9axaQwh1msQpQnvxEMKRTjphoLon2C14B0FHuQO+nIydxdhsWr7CdUuXtsSSSuwWO4Ld68XCiQx9y1eBiBAB+GD2Wu\/lb9XwLxv5IssYnU4s6tBvuesFaIcboSu0qDauY6CaPlOVzIvtAJYMstwHjBjgOUg1VLVbW4e8RABqYyrAFgk1Y\/+PtHf\/PYsvCZhOCB5kqbImiRw3h1pD67YavEoB32fyii0nqrXhuOx80OsYd19rZfvwepXx7rsTO7Azrv1gfJUNVyN3GZFPVbu+9bah0bZVb2faEbPsXvHVJ7ADhVuYKBowG3\/vToH88gOsc5MmMiA7BPkeocUuJbep7qVkWVyD6A4XDSMgQOf4snKf3NMnwoOZ5+\/oEP35GdTw+gaNQtPml2DoGyADmvPE2GySCNdXh6kRDEzP1eIDWJ6cblFsWZLk3HJxSVWVK4L5nGv7G236HRvH7cao3OofLUezX5EJcTnlNBjPkG2QPEEcNrUyzgTzeskCKdHWBppAIz5V7d5Rm9KbgwRKyHgP52XfTCa9HE6G\/aWYw8rvnpb3BVO7AuVUTIl+JadVGBMO6HP9MQda7QUWFv6MTUs4VpAGaDAJWfobOxRrmQWeu9NDR0bYEXNNAf7RSIcYCgEjVOU9A87EHcp5jWmc9mASoXlXUjhMutb4712Z6btK9v5ePztTnZNKvllfQgWfQ0YcDu+IovA\/LzcmwpJeiamvlR4aeRi4IENGOnyfwZ+m2LklN5Vs3C\/uAPp9drDmngkL4hb+R4z1IEA0ohBJXoQ+GkgXZ77qbe6ISLXHCPXiKNO4b82HpsRurSda+ao+RM0sD0EiMBh\/TCkxcIcAIltsz8QoSaYF1MGi8GOXIhmTX1jWZrLAHyJmPKC9EuNW9neoG9EJZ+dIX5mFx0oGGaw2sdFPwhkPFTtqOk5AWokoPIwvT5vd4Sa519tHm6athzsvpY\/qhpMhYMBhIn+Ia+ZLRy9h52056DhP7uVx2GyT9ovjnsPolXuMkxrgw2OIdEvaKHwHSLmDh1euVdBDmyBUwspPiAOjuWMEDE13npg368409PBTQTw048QeZ\/V36AB8RGBYvtIGfzBKjh7cAm8l7WE9s5UvaZQy873oVec7lmimiZyEb5LyxRSzZWjXpzMqWJZuYCs9SpKSXnfZSSdiAHAKhypk11NUGFwk3vS\/I5fWfsFxUM+Rlf7z6obYtc9UnzwhZEp+DuRwFp0SSRdY9xJC2al7618o0Fetdd+n5VB8cJhD79oCRxpjuJClhZScv8yRHXQ2tWyL8V5prewYS8GgYGe0z2ZOFSP2ZvQeX70ng=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1603816434528,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00456{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1603816434528,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01147{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":530418,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFwAJA69kAACYB7ksDefI2wKgBgAMDt3gAAAAARQAFALRdQAAhEei3wKgBgAN58ja3ogG7BOzsKsYKCgoKCHUJ14NKwS2PAABE0nUjXqgo3Pq+h\/Bzi9p31\/TZeG7dv7XIf5N1hruOb+rMEEShGYweXC+T8EETUns4xE1pcJfcd9QxJWLz4mk48BM1d7sz6D0g90Q7A6DSDnSX8zPHnk\/mBfB7WcT8ZfCXzHAFhGGnFcwiEQYipESmQ6UeXUdKLkbZVdxhnu5LdA7U8ofrC97xC4VdpB8+pct9Ef44k+OzR1LZByriJ678sYxqlbwGB9+J+7VwgUOg\/gH2R9dX6bQQUO7rTCoyUHrYGZ5osp+I31JLOOQ0C6bZs5jO72nIFTNVF37w0TIl1hS5YHNmjLHkXmrNxza9D1NWHtYItabi0jdmvYKXEW\/jtGDBbNI5Spt\/DdSwahkwacog7vEBAslclMpeaBEdIll7ht0275DdkEE5wCpSaptHi1ZfzWLt8\/3zVoN9gllA09tedp3dfnrCs3MbxDshoV7lFoWGdn\/dNMr60Cx3AUMtm2P3NvJ\/wl+FPKcSOjciGrJox3eMTCqBEuAzJo0ymq8aqrjO3V0G12SwfBJ9tJCn3UEWBx4Pq3qlqktq2\/Fy+CDEiIPPlLGrnjA5s631GXf+eke3F40ZavlVJrfNauZzZygjAUP+676+Kjhjmdgh5vVfrgA0zW4b73tJevIq4He558UKRJU4CMox8hYb3fCj6C3dh7FjwxE="}
-00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1603816434535,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1603816434535,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02110{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":535255,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAJBbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYhUTOCgoKCggKh53oSKcUIwAARL7ptyuGj3sWoCfzmGYT9c5knffzFTiJ5lVJXbpctUGbKL5ySK19+FWpax4\/nAYQUfvCM\/bhsgFtS9G+ZFtPXpli7k9OwELHwQ20mBGQWbjmI7hP6morZpTeRWxaKack+BC0iQiX9\/LIrfrGdoT1oDoUDperL3\/EWfbsAzs51Fr37OKsXNxMOnNCWganJYQDoS1NHvgUii8j2RT7vFE3V9d23tm2baG7XTpJE\/KumpBsVLcT3VzQxufgdMiVwmhOfmQTPXaJDGA\/jRTiFeXg7nXwXEtAxzBQgrLuBhQxPykcUp0c2\/phwIU04regmPrsDteoZwKZzuohFTkgaiJgBEO37GhILvwwBeV77OMpz83mtpaFJrhJUhOB5vM0\/RgcMPtcx4bSZUJUYD6nBLhQJ\/GvQEu7UlOsfkiIrZE+ZKc7Xlk9faNEXsEX+cAq53XDHpAkkbtjxhoLLEgwqg9w2+pJHK905szCqPYz1ey662LeHpygS8mmmH\/gOERXnPY24ktfjRbIPk+3jjlRJg9AEQHddCfLs\/0YynFjxEK6SkUDk3GOa0sGfGsU7zt7rbEh4JS4h\/\/R08A7nHPChHXr\/7ZgHR966vNTPtSXBteBzHwou8p5yVwauN1gN5GaWb31oFnrNAxiwuz4e2fwfa69YtXI4XWHFBvj4iNrdRBF9sHDZoob5bniwmHivCxgMW4+Jtbnaqfrv4Sp3dq00y6\/ur4ZEHV5m4FIMmbgmAyq9vvgmIFyJKBMGegGOoZYhISRV4ufDNEsgtjnm1Ha96l8R2gH9UD5FvAjfB\/ZwRBGmgFyc1RY+15Vl0HTZ4Rr+yCWwF2I4UFS+jzuwD+H6WEkNUgBjeLztMlKSo7QMs7PpOgFdZAlYejckZA1WodUw\/1bgj\/U6KGLbos4yPh+0rFNO0QtSRdW2TgBAAQucKeIvxgOUjTBEAP34nCw3lpKpedULlo5yFoLMltnNpkze\/b+9gBG8\/1mSO3ivzeDC3y6mANlLBm2iJns641SQdnTkf3L8X6YeBJsMYcaaiKYOyuuOiyeZy0YQZa4g5mFBz1gCqnQwBTBq6z8JWs1a\/iBlFkdzl55MjJD1jFCxVWdLyjInYMNmKxijI+ky9lNUsSaDzc5mgZpk3C0ZBbV058wqQx49fSF44m14OWseuaF+VY+qapJWKKL5t18OkWciu9MrAdQ4l66KAXEOIsGmkn8zlOyO4gaBESlpwfIO6YAp9wh9uTR9L+wkJgDcSe\/JWX30SUzbiRxqTmU9\/OJu2YJTPKi8wBs0qops1o6F9bQ4myo5lBZyqDquGfUWvrEXAbX82yldqPSTFnXWZt1UdImRyp1aGJVLjK7WjTb+ZSUcMVvxEHERZUt6VlUBe9SscDBCFdepioRLv56MnqrV+s4p\/g3CZ2sX0A9nX\/xgQxdccpjrif7tgBq+g7rjwIDWgS4NTZeETjOCtp53wYAhZZ32G\/hgRuBjIwqGUhTXHOoeOasvV+WD6Qh9WG\/ZAOn3eXObqDuYhD21bQbu7H9CTSFHgZo5\/P4wYz2WlEjbWMiQ9K7B5MQdxXUQYTDHm1OtDv1m9inaq9E9Mp1YP37ABzmfZ+XPVEzLA7x\/VqZvQgYfBYQAA=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1603816434535,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1603816434542,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1603816434535,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1603816434542,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02100{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":542463,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAsZBAAEARzITAqAGAA3nyNu1wEVEE7LiZwwoKCgoI7mu7hqnhXwQAAETSneZc0FuQOOHT\/teiEyKQKqzHkPCOdcJLNU5VOm5QOz0aoCJBEfqd1iT7e6uyMoRT8wMX7assdH+rfwhkbtE0fDQ53avKQe54W1J5UEYikBP8CP81hlJVbphH435fnVTq7nYhJQx3T1Y6AQ2\/Im2so+HMSUWdbbnrP5LSk6E7PUTbsjJ7Z4IK2AyVHeK5bSLg80JZ1Sph0HZzQaEbqIMyi\/M6v3qgHFPF1JKKXsbwx36aShFPp5YRv\/soCC3iJDKx\/TOoopux88iYZkKX6xmVToWLTybIql7tHDaiQwlFHhBfrjhT6cVIuDMNZVXE8b8dgJrnGR4ypA9uhBp9z\/Snjb7kplkcAw9Yd0vXwuJxwvJbKYWpGBSBjpqgJK2NnsY91gg5TfSt3JN+70Jk3br16yCjz7tX60zGh5oP2DwLrrYetR3R0GFUOxDMh6G7aF3I80uIHLzKM5L7Cyq+eH+E4Oik6IopSkw7bwloBrghPMa9hxFBVEXX58oWV2xJT38EqSdgZFBF5dbInQYsnbTRjhDYyaiyt8vlg88mj5YsiwANcazCph4gIDWa4gyKspP8BKvUtXz02RGy3HX6Vo5Vamtwn+2PjOM+Q+DQVEQnn5msYlkn7ZY5ovQgEgbBX+huA6I5hUWWsPR3M2Kzn\/TPASjM5rwK0KxSpO5g\/gQQfc1S7J7YuDP8zIp427rx9HJYduWfVC4rgRUnB6I166YLVcOlExTMzRX5aOez8BEzIES9YduVGcZhm9AP3doiK0e16CBoljKKN4NSkTnRww5pIG7SP9IPdlyMMhv\/F65HJ9\/Qdzi\/8AR0RRXgbK4KSLJ1ZazP98Eo4okuRh2hJvsVfDsF82aUOJ+5IPV21tikqeD52JJgCcbnY1xvwCMuI9Ev5Q1BzfBglIWFmd3vD8LInWrtA2LQjCeOq98mFJn6QDvRQu5wKPIA\/ZgOKwVAUTiw4oj9THEfNPce2Rwgs9BQNDAwTNfNzVG4Uo8HZPdnnHL7R4K8hI28\/uWO7cqQHN0rdSoqUztCrLRvMc8S2B6IG\/FwTC+hPTm4cIQtFOJMoo2kOuyujyZ1LEIJszajyM3US0Z7vDZ\/NVv7NhCjNliBh1qCCQmrc2ZARdMzfQTwRZSk4Qp8dafvvYQ1LF9kATiR56vOstwif8mcEeSGpGjxHRxxaPCnx1FqTSBlji1+\/mVUMSnwTjTbZ8+IlF5bvzWmxCP6SmcY3uiWmUe8ABNCdQ6oFUGX7MujoMfHqznJ22xd4jRp9Th8CAdO6AtXd2qNEMNXvt+leql1vYAShneyVo44syrCJhZftvKw0lIESx6N8bEm9qmNGkSLU3jwsr4qMQ4GeNejADIeIEW8ilf6RTOWWH8Ge9WQmD0aziJpeLMRGeBecvHxLqJRfNb4UoC\/aiW\/ii+JMaepnbYUiRD4TObTS04rz7zN9ijDMemj465LaVNq0Le86L1W7PC8e6cQH0cTJum0Jqv\/LLqUQa9dj8VqTQbmKBPwwLy4YSngRqKOkKFIREtmChIase\/5QfE6hq1lhcHS9+TUiZhdPLF2dtk3KG4eRvLu8IjED0rc3A3SIXUgqoM1eHsOUNqbWaqmodcwXD4BHHuC3EdxDzolau+txc2+xwm+NH4ee2DBykjljA=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1603816434542,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1603816434542,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00471{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":548684,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gAW9\/ACMR7CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9AbuT9AAjezDGAAAAAAAIlGmXKMyAAG3\/AAAd\/wAAHP8AABs="}
00465{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":551349,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"PKn0qB\/spJGxgjQ5ht1gCVbMAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AbvrugAfxC\/CAAAAAAAI4QMvVRUj5m0KGio6\/wAAHQ=="}
00486{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":566800,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5ht1gC985ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9Abu+QwArPVvlAAAAAAAIhDy+8x\/DNCJFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02101{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":569071,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCjENBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABx\/ERUQTYsYfACgoKCggwbWAZ48sZPQAARL5w5HpjTfB6HE2JQjNEB1YmIe76YRB4wkvrzI8Py+EIKqBcyOOLSUBuzT912JXZ\/2dY3gtcHrCUweZkn\/T5Hj7RPGvPZqKFDdtBnWxfnsXvr8VhF5wnML7O4OsWP5nPvl6UO93+O4xio85bG8BLk14nxVMaEegFPQw41vQotLY1zGwG27cqyluUTVS52eHYVV4j83Dk9aui6JZsd4LVyJRUX2\/aUckCDuajGznu7FC2CzoKmlR9VSfkua99+L62GemAPTQ91VNnpbP5stk\/eROyYCQjK0Rz1x4lCPUHi2bIL+APn\/wkXXipr29g8XanJpO+FGEylpXWsJrrg0SI3jR39YuKgH\/KrVFhaTiB2Suy3PaKmi\/RzU8ypvxDJGoEdKNt7WXrvIvEzAROWanRVHPIqtyzoyATCv6emaC6YOFoMEpZbjomg2doT6BJk+EvC+YAEUaf8b3SEIGnXU8yeMJTcxsinB0KKzvXhxRAp7xoQkgseCm99W1kW+XHhN1QN\/TaCtfCfSVrUo2xGKhv3ymR2Vaw4omOsXp6J7Sjc0mbrS90K7ilwCM+Wfg0YoSkSDUSXY1AQnPTNjr2FMqanb49do1WhubRfE\/Ck0eHMZWPpGaO\/mph4jfOtDGM6OgXvUUlp5ROucFlBzCmVKkIyc2H8apiOM+07MDibQplJ4Az2+90761IvBgwfhlEPgdX1KDSHaJG4rPehCnx1Pp+yquyrKEzA5js4oFilyAy0vgDYNnz8kRaeeuCwuFEJgvXo8qRWj3noFvI+zM05NzQAJ+bmWMPgrG27iBYNGIvoGvmATqr8JgYwP4vU+hSyzxuJhQCf9Z1Yvi3GDN3YdoljnhaMO1Savux67rztE8c\/C8yDYwfMl4Hk9h2CnmhjXRv\/3esiIjaH9dPCD88ewNCiifrhvE9uNwL83wO4sr5zyTtZLeOfofME+dgPVQ7bgkbsRZetMQrrAt+izEoATXGeuXSCXJvZamlYZRQA9Y1hkw06gQpABA8+7BxNLKVRwU4R\/6Vyg6EQNzzD\/YA5VOGJvjRexKDRdxqrmlRTQq5hfIyAJHy\/HvrSIrmlbTwI7l2tlyS+TSdUxPcmU7n6Qs72zr3JKtijpeZTjiOvn5gH3Wz3LwmTGnGrpdVcS5m3nAy4dlf71QOIEEceuZ1zTiItSS1w+qpRUZsN7KqSmVbH5OnT58ueYRcxpx7o59KZHrxOOtppX89XTCUe1\/U6RKWIbGwK5B8t\/KtZN8LmG0kgcpcavl50oHuWDKuSGhWn78YjrWPPggvwb2mtAvV2xgf+KzFIUqCZ4tP72EyCyT8fsNUCySwHshLWySXBxdWfBkmiQPmX6KQcUxW7vUusJWyjH+HlW1ebLdsvC6JTIU9jvt6ymyaMyI\/rm50GWHDSBGar9xKv8vS9NCFORMVJp5Z83e9YH5EXVTDOpimXhA8N2hI9UWL\/X+c8xQkqXD5T0yYXpVHt7NhIvTwpfhjbEcUyf+BaoxMbBWX09ubEe4WSF3SBA7Dg+tiSOpxP11Hn04MactOeduGtV3YGVM9qWIdA3KpmTnOn7t96V09pndKxqCgN1gD4va9ZR8fB8j+u3uruPi0w2uDTcAmxYeEKNSLqA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02107{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":569249,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAabBAAEARba\/AqAGAg58YxobPAbsE7IX8wwoKCgoIJv2XczUh4RIAAETSRoJYBYOeas73v5N6JeGR+D4vrTXWLHahs6zbYN2PSmfpsY6grm3D0Rg\/JjEbEbWdaTF+lx2JzZ6OUYarkFy+115N6m1b7gQSj030Q3\/SM1TNZj\/nSEEyPzf0GDxqQj4+nZP7WMShjiYRdKzXBQdLzKvZT8hwnZ4oB99gppgeNELMhqdd1SySqMlsoa6maZtwfk3WBUm6ygdONT8WTBN7k1sBIrC8taS2In6WoqpYjWgCgSqLDUPElTi6Wlu3qxPK0L89RJAyo7d95jjEyHvPN8tIah5cWcQDYEYe4huV1Wk4ReHtQlciAzAXks6By4Kk0EH6V\/vjIC8b6b+cCLYGgbSpy+UnT\/8ZA\/UQuk7xfmOopsc1Y98fvndGTrq5RKwehvcBoo5Mn7MwglvspnL5JNC3Wm1g6bxDaeVst7hRZBFiDlhiYaQ0Ab6hTr1EJaOuADWqvlem+VI3ScFJxVtLzW45MMzPqLsgDN0nwzvC5MgRoNBFenkwFuOGJL3cuoRXUyC3LM81pQYUYluofbI7QpbP2iRSlWRlGLd+f8zLs+KcyeL5yNSmFslj7bzWf\/JF6mVv58XYK55HQs40V9rrlz7Nj\/WpjPtqqYZhJzg0gyU\/lbPd8kQLgVED59ItVwC3fIrmrMfcRnaanuGrvWgwIdywVEgwonSypaCKhJxenk3liQiSK4PIyLjElDxx0+CyQwtFMw0J6Rd2Mh0rRN9Qg6bbB+l+1HBn2AZjjpQRkF3k+wmrwQ3tlFWbURiRza9xq8onWimWZ4E80sO2DhLrdh5rcVJQeQt4rdLXRJq+nwgrsVxBbz2\/q8\/SLYx1O2bZBHh\/9BOOD1ryspmCVDPmvYwFGBraeD2+NW89wNvReyoP3HK0rCJ\/kri1cIGHbCcj++dh0yrqPt7Tf\/h83mJX2ClPu+4JxyyaiUh6X8GxTD5uMA+60fYmu+ll1hlhETX4lTtQ\/kXioQnJXjK9uS5\/mUX\/uGF7bLIle1fQUQwXMiKDhED8bldaUYDhxS5xaoXVFHYCkZD1G0bx4wNv8Yb\/Z6CBWe+ohQSURy647CyvtGSWeEchDWk746VaGkX3lxlsbKJKHBhqx7ONQcIFzj1Uy1jMc0AJU7zrl2kD8zQXmaNY4cUoA+GXy043sC2xwegQudxFTao\/gdfkQ\/q1NCe\/ml37Rl6EO3X3l9xGK4gSgGFs8v4x6Cb5DrR4JVJ5cHHSfWZa9UBPO1JdiEg8\/VX\/TMt1fQN+ReU4W02BaESJr6JTbZ2z47SHhCBYG6zwySaG7Lw65ubXXruEdd1pYjzU7fMm7oTz8Lh\/jPP1IP0yMSfVCRBlQiy9xU4NDYENzi1wl4tIvdERDQbkkbp0nWFv+lt+bkws2Q1vZy+gP3OrU8l5zDk0wZvYK1K+G1iWmyU8uDxuww\/HPy3G9m9DbYJTtzjTkrnXSnww3izdOvRZeolPfe0Z6lcnGUQ1\/j4+H4gBCwQLWrpcyqpCaXzS0ah6Mc6s8FdIMqnxX4rU8rBpXWoJ14XtBm3Uyy1wVEeRuIc4t8D3Za5OjHN5cGk13mZGhzHFhggCcpbM8VxO4s5FnO5gkpIVe3rp914hsLEJPh7ThKO5jLy2z2hTqHf5sMr6xpDc+5DzcXLzyMz+du5WiB2vEQ=="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1603816434569,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":582773,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAoSJAAEARNaLAqAGAM55pYsqvAbsE7MzswgoKCgoIEaz1Ap+9VxAAAETSW+W4muYv+Ex5TDdhGEEgn\/uAu0qlojP\/J9hIDPqzwz+JlTXFPtSI+aiI+wxPcULAye6UrinGUUzBJN9cIkelzrXiONFE9BjSvgDnaRECpumembikZ2HAk2TZWGNiHThAH4BNmcORyySVZrHBrWfpgdT2X+HBd1V9EwlFlpGOWc1WMXNhMkNYXVupHdH7xVbTBo5OLCElubCjSPLQcYjGtGeLSII96GmgvBOPIrvVPJlrK82HF20a9nNNukdp4BPXnL8I2t+rb0dK\/ghu8TRSa3A+cCR\/8rWbZqaii1OpbuZnQ1EcUrceIDrLKjGsVgpT38KpctLTQ\/LEEVi9cgfwkd28yGJ\/sRbZDa9nN\/DCQk\/CQdVd36eB9jrAYsgu00NdXaK8a13Lde68fZxyZAQpIVnvcfH2Id0GXqqN8JhGEanp74gRCpI27i8iPAmsd3UMjsAW4\/kdVXe3S7CJE2WY0tiD\/+JDxJcFk5llcTgkntKqmYbhPxvEadncEKOIQWKyGQzjDvwSwmig63\/L5G76ukNd5cXQMQN9y+ZTvw7kwrdSXrlmPNlCnkDTwHvC5AJ3k2x4xqqQ\/iNrJ0ZPKJa+ZbSaagf+oOqskwf4MMNjZMwfufWkri43N+eDbtXKbCXPhtUVj407PdHTmzDQCEhc\/2YUIpKa27K6uS7hywCslRzTmpBr7JTDvB08\/wQc36h91hA\/Pk+QFTxQ3jSb17rPzZignHJ8+ktxWDlqgmNhirOBTFHrKKKxFfj7Zd\/VdS2hwqNZRHNiT\/rt9McdxnGuTtU3Je9EyeeJmZRmMe\/caGlDh5g04pl8F7+Oo1btWtTbgaTib8s1bb7OqyePGSaVywbgEE2DT8hSkw\/0V9rX3HxqWWKlm3Q6KLMIO4x9UT+hK9EjaTbVO3sb7ntSBtUvWM69geB7FjBtVEq\/e9xSbiiqRGEZN8fX\/2BZdK\/e7OiNqVv+75BROBKhr8CroCTuIcvBAJsteqOP53Z29BgiPdg5qdLysu2zuT3+eDoL1SSxZ3XRR5bynYqVXOHT9L+i9E\/4kNKasvWdlomwsUZBUHLlgPk6bGw4Ne65krgmZRjBxl36YGLw6+sfkjJoh7npwlPGVTMi0to4OLfQHhGF0beq1Uwve8Fq1vubD4YPVoyRUfwB7pZiGZlefHURnSMLZuwlS26beylIwMqP26dsDx7\/clmOwL44sg6\/0wzyXIpZINxypwBzbjs9d0tlnjJXwUYRy9QmD0slTxEyxrjpBtheiCMc4Cn\/6vmy83GYsYqAPaHjYm5Lm9bkw2mDchmuHIE33cyYUc9fwTe495DLrhWVEzAWbCKPviregmjAsH4m0iA+u4W5k31m1AmJpuBDrgjPUcXL4i82zhjeL+h12K6gteHYqwX7EOPhQ+bRm3SKhW2iyandNBDGKMy2kYZB+kl96lTKXHy42WcNsjGKMfUP9vZVhz0rZo8wSdI7knLcO6jiMKqrsnoCOre5s3EnkzOjTGJOpVTbDAlyOIrVY0\/12bwxq500zdJS7Tqi8Od4Mv0jxABBtbfjE3S4PoXY6OYUNPBVH\/C3Jt3XbMm8PyemuOM8gg2u\/LJT60w1swKGZ4faRilJPXx5ej4jCKtVtArI1E1I5haUgoGSnYETrYiEWQ=="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1603816434584,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1603816434584,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":584609,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXS5AAEARruTAqAGAEr1U9anTEVEE7CkgygoKCgoI3rE9GgKLpyEAAETS2D6FRkK87MNUIcKb45nDQXK7RIhN5jovTQDmFSK2M6QiVZpJOUYoJlkltsOnfd\/1F6U4IQkpFe+m1uV4F6oBz4RBkNPAAuUUBMdDtca4r1A9a73h9DF0dBCYcXkZBvDtL9wCuog66vADNiZMmDEEKyoT8ED6s88IFRXJtbENfR6cs0sHtB4WxRNwLE2yoS5jEYyQtDPhxoDW6y1RUStChGv8HnP3XMM2t\/jLHE+oLZ20Uei8+UFfPk0e8A5VrXwIo9k4jCJsPG1mMTDbv0YDgoPfvTmJTVTIw4QonxYS\/rk7SadZEeONmPaR6TtoWts1FnzUvtWOpV+5Dad83KsfG90X\/CIt\/vwYmyVKvj4VgDM6Pr4H+Uc\/bvz0KjdGW3xm9YMUTlsbI5ol2Pfvu52tXEEWdRjKK8g6DND8ZlC7aMVgSCICn0NKoRloC6NcE8Rw5LJBhOhPXDDbCt20z0FHuqxH9Vx85YXc89Y9JZS\/xEo6rLepUNAZyK4VZC62QFOzsGL6Lx8wSrVduZKsiJBZ4c3ThpGGJ+vaMWABr4\/cWq95Q7ZzLSuvRsXOk+j1He6DsUvm3J+RmjmrwYFgt\/M4CICjBS0Fm10ECgKhrWwd3J2E54DK4DKQ3EUyd3bjdTDHFVk2++CCDGOxGq+7NMa3RFtYVeMobAS4ZjFwkv3BS0m0bobUjHhoVD1GCqa6cx2A4+lBUsOhUXvuodo95jKqOaTXUqsvEaXzN3L7b43PXMpLAq+LaQ7Vzd1FgcpeaZ20BnyGL81mPGhvhcnQeusPeZeeqS6zV1B7OHOYc65wKxzUbYn1EC28EGygmnjZWc0jy2pYGDmTX7nQGQSjnYxGUcUGQPhaCfOeI1ggQvzjjmgpCyBH7XX3wXAV\/IVyilSo0omRqkl\/bMhBxO5UlcQB3HAXvh7\/CW9oHeT1wKQ3fB\/HEa9yU72ZB7d6KVeVKjZq17j4ybQ\/1ggtHYGp2pcGrXZzRwYjOkAZ0Opiy89watoyLGRmGLgTFsDl3McdaMNDx+9v81zsdMOm7BtAMYT6tRwsjrRofdkZ0fVa+YwJIBwtAhT8ajDn7UeBBPGRi94tJDcKF6j4s8my9KviboSu2mxdTOGQO7LtRIaKMRxlUFMtCi42onUa0qPaP+\/X0ttI9DVmM3lXTbZz7zAPwnKTDbrTvlsXFf+fb69MdPyK+0ZKLVzYuN6Rage1Taxjdnuj4OAM\/zUBa3m3soYXUIDBjkGYI3RorjKOgin\/VL4DsoJChrJPR888h8Xk\/IbBDawgJWzXLfoKqwSjYoA5BJLar1\/dem1\/5+HxdBDknyqV+PU2P2vYp8hNcb6mnUzN837UGUuA4NsueZUnc6zYaSL6DRRgrjjKhF6Tz\/MDuOVmRVnM76clbdBfnFUZ6P1n46WbYwkc\/I8+JIV6\/IqS+DjXGRm3N0QevTA6r\/68gEOcX6irDxw4FjiTMIU+OFUnGh6WsbCgi8K5SeV1kRKBmc\/TSum+LmX9s3PKC6cu25aK8beNwOxmv\/gY54CIgRosYlyDeYbWJdPZtKjt0TZLq4wV7HN+8OtqvsSQLBG9tsFDIGXLerkJmoKCBPMmTv62Jjm9BtEc0eZuVqDPUnoU+YqxHdkhj9bAhq0W1dwrlRBuS8N9Rw=="}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1603816434584,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1603816434585,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1603816434584,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1603816434585,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":585935,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgstAAEARnBLAqAGAhfLO9L\/\/EVEE7M7UxwoKCgoIFbSGVwPjC1AAAETSjkROzIIp8CK\/caOuFZYAfK1aOEqO4JwTw9D7z+uUbIBTx\/XH4yTcUJ1GJ5nL+Agpz8kkGqy7oh35jkjpRQSyzT2NyzB2NTBiZzOgYyNio+jROASCrTsvFc3Z7POk+A3z6nh\/zFa0LHBvwlp+McgWNFYpnLkD+S13ugMu2uizXqCPOTgA3G6sIsESNefWZzgDU6TE0Fie6rZUHLpsGk6\/rXINEPxgL\/9wq34N4qUhpvbCKjEq66pMlprpty+OzFobGyzV+ZfKcjfk9heS8\/Ktv46aaw96hlXnUfPZHMbA+CWsmthusRBP+K8uIWlnTbdNz9Rfn\/rIR1WmSXPxGkt7FVroGfbPWNtXVz4++NucTI\/gHddPWrZHVTxmD4eDZ+gEpCk9qXs4vIQRkuhhDT7KtsO5OQlx0LGSyxQmka20y1oOk5gC3euqSWQvmM8esR3UL4VI1v9ztMr8LjMn0OiMu95CEowBICOANwFprI0fObMHGsulwe5nvslar15BxrnmzEPNZiHa\/I2lrJGnez3fp4uBPMNgkQPccWwS7tSftVUqukoIkaMMDDugrSYQ99AP2nblRffqf3JA4AsmJuPW0X7qs\/Byp3V6ceyok7YXbgcjlYcvQaIYY\/lxFpek3Nn6KNssLG1fs0ok3z4gezAdPzCDxhvWVe5HYAr1IFeRj3nq\/RPsEA6C4W+4l7Yb2Q+t\/rGxDvAreWu6lw7r0fJV+s3RVQJy+tEW28PRfLsTsQmCiDcS3zHb84scMnkwv5bvftQiTHPxbXfuzIT64fpwltpQEBi3fJ3wBTXCGnFFnw7Nsf4\/JCCbl8lJDqInzgCs+\/Y\/bv7BFYE5WwvyQhhVAkY54ihB2e1U2DYdn7Zqiluxkz6gTqo9t0goC9XZwhqTLhcNfKD0XB23eFaY3KoEPWuPes1Ne6OhOBQfjbGBHAapLo8KpRyV6yba5+B3oKegQAyfeyrNROon4pshqrtlR67NkthaTNhbaMWzCPQYQ69NKAHv4GZAavtCgzoyw0xfFk74LvRxAfWd5OtjPWFSoU9lQ+1mdU\/bOKC6O4VAOilWKe6QbrEStrVui1p\/aQNyqAYvjHwGeocuQw5Apru2zL4CCg9jzkD4KS\/jN+UCk46yLdkn5Ubz2Y\/4Tqj5walihAnanr74XvviJcs00s6SbGZQRIQnGnA5QboJY2HvdZJa5px5WoWlaAtRNSjKOb8VqvcsOTB2gm51ybY2P8hwH3e8MTnT6NSTQUYxd9MKuGbtBlaY4If+PpqrBCmLTLCDHV17kk1VWuNwxmBudJ5goE4YQONWMQUK3S3Ul6LG6ZXlHy88HhO5x8L0R8jS+WOFGP6zSoYvhB8OXq99sB9qjRABZmtgMm6tlllhZ6+KyV6yl0udz2oNhS2Hk09RxStU8\/YuG1qMWFdf1q4PbwgPZ\/SEU8YEQ\/gK\/b3lzjqtkntdDToIJ29938u4+Oea0Z6Ovn9IPTGyjlhkBTrCdjCsinWeEj2Cr6kqLjEOPd09mljIQf3aovLDbm2AUoZWafgLqoeW0JnEY2b\/2gwE5NpGc2iu38L1nWR8EcAN\/w88hux95l3UfaGjHKlj3FFO34BXqnrmch2I8X4qZ\/Xqx0WznIwTUj71m8E95Pb58bFksDsyDw=="}
-00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1603816434585,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1603816434585,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":586380,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gDM4pBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrnAkRUQTYkaDFCgoKCghrDAA38OgwkgAARL4V7fWqJD97ugGiMo3hEbsI2+6\/SpwaiwHfJYhBwe8nlBeC2wTuSe5rZV7amDM9N\/ui5SRbMnMa4jgRbgv6T7FxocLh78\/\/47xNpYbQ5OnVlvNw6YvcG6V3D9lglGS7SGlN5I9EKjcJ6eJNC\/yHA+fna1KNRS6W4dCmPZfMeeRKhPbnKLP\/zD\/hQ9u8WpY9sQzK7DxdC06QgW5OFPLciatcrURwr8u743b7gflxyjWj2XMTb8+OZThPj0RJwH3mLn1aP+ys3uq61x1VUHQw18JbP+jOhfjr5+O\/DOmynEaj9yDtlT8pCQmkvZjKW+qGdVHgPAjMhELPJZM+CKVtQWm40oviKQmQrLioe2xR08VjBsCQ33vDOtlEGlAArjadOrMBFc2+XUcBiGRd32aXmUR89tCzI1B+GouNtIblHFiotduRGiNABGg+3Qc29eltQIl3PdSG\/mv6xeCbqRlmFNb1hZDT0EPrntyPIWcXzd7I6R9yH\/OcuERuArM+R4UUu7HVGq3VOIpyJl\/8vVA0PxAitJPE3y7Z8KBR5Uk9ypmv2LBTFbQqleqxK9NsAkl7SzAMl4vTV6UfLWkE4v+lvbSNEQ+7\/h05HZdmM+ow0IuI\/BgPpOsDVtV1aa5VzDkkk9VWQdMUFySvpiE3OHVn9TUuuM9z5aYjx1qv5iZjNaxwGxQ2y+LC+sSOXYRfbtK34ZuCzCSfwzTrrGUTngeMOBfoZ0Xj\/ocEK17WUvslg9MAtjR1Gt3CBgVFOL0OMDBH4AMY+AhGxe0SgGsm9XvIgfhBa9vjDgpW2bJ0dEWPHP5qrAgfuKrrDizOESiLnlVMmMFXOgizTrGewuj0m\/x9ORClQAI0lFK+zVYRJsDUDjl8s8kMpL4rhzj3idhtdVWCdH8wFTr8WuyJ56hOdItfnc01ZNE8WReW4m6xZikAeggNMeWiKtQq+jfhT6qhFmDdif53uwIz3lMDO2crL14B2fVYDgPMUN05glordSj1PZRZS0OPJgjhG1Hs262PpADEzmqa1d8PWOn7489KV\/wKRhTXTO8HK3lkd68JU4rMEIXRiF4qH\/eZSGMgWSgdLEk9Ag7IV4F4aQpdDeOkRKGB\/bEnoIBfiBauwiLbdlgdD\/c47VmgQoRcvQk5GsUx0U0+wFCL\/ZkzcmI3DYCHTfNkG2aEAA+xvCWzWICgkMC5+W19MUzCoMuKizeg1ma9CdQgrL4sjg3iELKoYVCphaaL\/n3OYJYWvTTKTbT6OOq7SWtEDlUmidq13+s7Sl3Yj+afjtbetPkC\/8CAhhTxZQSPMQ1Ni1uSCgMYa8Y4VkddiZbjqAaSZzKfWrctUQrKqIadtSGNHtMQqjpEIWiMo8o\/UgBofbs5Kg3B8jC+JxO7Ld\/FGGhuabdGKUSF\/ZtUgLnPcGEW5kKFktT1D6fxQMfKzarearkPRdC9eF2UogCyGsrOxI\/GFB3vpOggGgWFiIo78PmOU0twqHHZC0t0srjfWKBrf\/fzPkN55ufN73EVurA0pU1TeEWhtid5II3hk9ekWAYMe+fHTtyW461m2tjhK9mczMG6wWszN2qKL3rLagh+IX9s8CJGYkrmfOhgpW1AdBPHq6OvvD7s1\/95DBb3hQ=="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":586718,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAlC2BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLI9zOedaqcKmUUuU5hMhqfCCW6Ds62KH8dV8j+mD8L1skbcaPGiQBq8L77krzCDv+w=="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1603816434587,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1603816434587,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02114{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":587784,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA73RAAEARuC\/AqAGAwb4KYucjEVEE7DgFzwoKCgoIOPxKwZ+D2JAAAETS91nHeEtqNVprqBpjlBuMS4qDhd3kUN8qDrM+F\/ekloYAYgcZUMLt8kdbAj4yNgXM150XEsSqUaY2u+NNo8mFZEwXy2OnYTv\/L1pA2ooV9c\/qfb6IQtVvpkYCa79kPBP0tyFMp4w86ypVGLJRFE2wcR8W+ufL4zQbFmHQUN4s8EKBgftF0IZ9d+hGzrCohfVKAmj2TbAATwLc5qROqnCXSPAAIwsgXC6FvxeRe5C81GzRnEFcVKohNWvuH+YgU\/EQzJ8x0h2o1KXN+x2kz8nNm4RV\/bBgatrr3rE9I9H9H7X4vNkwSkPN1LE\/7YLaXxFkeX+BvfHM9pLsCwVYI43jNMZK\/82M5vqAJwLAoGNaMNRy1bvSqZ2Qnqs8doUi12HdtkWRB7hy4DLBCO6i\/WKQJjLKdpFeD7phx\/6P3mBKcjDeMOT9LGfsfpWDEggtVg0K+PNic2DC+MGaabHUIfDeFXxZwVJQjnBWnr7uiJ1+uGYObevmoi83q\/oHGzH2zJ45l2SHUS8N5EDtYU7jRJ0C0k352go\/BLzWhvpxttBJ0HkbJN+Lf8iGQ7\/HNrO0sSvxhBlXfXloOUmwXwy4ZOiFy754b5M3BhRivvL68fxBqtVY1N2wA1osEboLNfPnmjiBhXxUugq2mfHLbsnTaxih+guwrlRqVVQng52RQJYpjyC\/IQpqxIgm\/p+tg8gZMclfhCysFzs0Sx7c51U8U\/eV6RVzg4J9aZi1F6t1E9qqrDD9rTgXDBFK+53U4dmwwrA3ilycimT\/hbzORA3BufMgHAOtz3cpn\/t7KLfrocmCHydxweYPjYv8od0eN7GuRZC\/Dkkx5pLEApXJKbDycSs4W77Wi8NgAqHOpGnI10QBHXyfFP+YPX\/MbUtvkqyBKvQeesidGlYsUe0gYlnKX1yYRVG\/iKS0PMJZC3FHvFiL6obiVGRuwwpTV3d7lkotBNp2jqZCw1NLWglC1fuu1coZsHS72tmzKvcBFgtdmqwenN1JrK8F5rdOVfBQ8yE66XD3W8yAjlz\/Qvq\/DIB7QOU2zYdRo\/xweEsuV1v5VGk+8J0AJw0wbBWw2a7KJD1o3bx\/fl3Fi0jbHAOf1Fon8qpBSfuKwo0q4+YMAnbX13uRf4o0syD1YOszGCYMMZmBO0q\/PYK7xkQl3CoFVjP6bHq4sVQrk6j7MBPS838Z1ManSJBz3k+oiO\/sknlDJhNUIHfSq8TgRjn5JEi1pn2KhrqsPoB73ZpXqkfBB7bu8rzkBoJrWwjjZeFkHJOfD8ToexbXz43k\/IjggUNPy2WSLw1q33LeO+gOH5GXB9\/QgYQ697NrQKVyKlRVZXeNUwnQS4zycuS8PuKHeqfdW9Z+9PEo4DpPFRu+B7BfvVgxbF3wCCeyZwvtKZFkAMhl54zHOUC4V5hgvug19KxTuTtQDyeR7SJbTf3aDyi+uN2eX72\/wUD5r\/K2ChPZ9Gse97JUpH8JYVHPwSDEUEO85gNWGwO2wDrwXcE1X7p+U2f6nsA1R+bUBz04uvKlIU4Sa3pHvuKQRjh6XPQ2ThEX3UW558Xx7NikbDf\/f1LNSL9NCOFEeMnTLHFDcVVOXK5I01l4ewmR2fHvlVQvWH\/bOr5xDcwdY+kNlEO6n\/7tlWOai8jsYPqutA=="}
-00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1603816434587,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1603816434590,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1603816434587,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1603816434590,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":590003,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCk\/uBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABizsRUQTY3hvBCgoKCgg1RfSbShWYtQAARL7tTf7Q3DPhiEmC4nM7FyCePUSXuhX\/xJUKDzdA3Dndh7i7AZ7IYGRP1Yj0EuU9mm9YXASeUAKarL7NfQFkziaDEWFlefwq8ZzHKOgKpSqZeoocfYxvZJ8CSRvYoWz\/L6jmv6jaQeOLENERntb1qDtsRo5+v992QGLT9TUEMVkwT2FvUb5KMSqTvrwWgkM2hgSTV4EyBe1D3gc0yLlWmSFz3jz3ijFR560nQwOMUo4q8F8wUAgTdOAVJvBGKThzf\/CoAwD57myBv4uKJMnypuTatEvPlB46uv\/yty2eheod7+0rebXxYj4Uc+UqPb9wT8PhoyG868QW5UmJx34aYK7eN3JuR15+ImKbVmoE6EL83PSKYkHyQopRIotBEKQDm+GsSi14PMbpT\/MRFwhAVJ+sQdlkceub2KUXDJHao+eBA5w8vGU2OKSHGw6MFHU+N+USgIVLGu8C0b2WNKFbDS9r1lqcSYhWRSXCnwTaP8cP1GWArgqHq4NJrJMJXD+xs1H+vApBkOM\/ZeUAGUAtTfkrI5gOusV9oUnq2ItgMvR76a8xKxY\/SiVzw7ucrWK5N2tQ5JkPI\/NGcIpsYWE01h06TOMdCUToNwiJfkP0MPn3vMz2JyLbhE71KWygYVxZlHissMIrLNj2hzs1t4mgi8Dfs0l9RtozbB15+zjCqfBYkvDNCXVfu0MO1trH5LQH40Myn9bZeAAzq9F2i07k2zD6tl2iozB832XjSA\/tFg7fJub\/mksvHDenolmTIZGI4wO5Z3NTh426m1Xr55i+p\/4y\/Q9IBI2x3X4SBvQZun3kWH6dWj67baJqzcocTD7LnXnDRN2eJnB0+m+Xkg+SR2CQD8FNHBCSnN7Yu9TN7g85clS9FrvmkHqNboNkc2KyQf9kCWlFhRrzo5YX6fx357\/JlHGWmF2cH2EDuHHJfgxwA9G7HuV2intBnLuQm+sJuJfIh6mRTKTYdC1aBxO+FJkXatzCzuj936XOJG7cJwInBtGXzIe7oIez0hn4nIWhuMBVQhhszVOH9hqsvsKAdbnYUdNA1USW6D7R\/xmghiopDfGtjIWLxZREthLkrTZvJPOso30GmJwYCSy+9OZoV2Nj47lGe912feEm235ruyUlWsQTuKpfyC8J7r+SbB5tplBhKbatYRidI3hpJ2q8lvOUBcxy5jvAvjqVG768S0brsL7G6C2TqvMZt\/zTMuDkIHPjWiNDebCJ\/p2a5kYJOC4jhcbwjh\/tz0WznkGbQNVpLag1ovorvXAKpAYOP3LJnhQhOOuZLuZrJxyhVrae9z9d1NLFL8OUzD\/ZclBspPNm3p1e1A75CP6tZBmrEoDhbY1SV4p4vv10\/MMVCqO2nZs0ov\/lFT0sC7weM0SiUoUILcoLsraaHxz2srKVBtLbHRHf5VErVRNyjOmGUC3wJs6R34sc\/8zeM+d6HZcDlUk9ii7+g55y3G7oiGyj1ls\/gUdh7+ZhHGeX9MFF\/5EajWroXTez4lAWvOzswVIh9B6VOueE+IAtyKSx63VOgxYY7yYRidJ+wxQsHNXarhpUCSPeTmkyBv4qdWIHzyXgiUcAahzyxWMUHmvyy0MueTnQQdoRS92QfxncoT12pzPDDw=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1603816434590,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1603816434595,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1603816434590,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1603816434595,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":595118,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTYvvrACgoKCgj9UoceU8iiQAAARL7az3aryiG\/WW4QSFw5q8b+\/qI9una68JfIBN5RDAlSWxI5aN9NrGnm63U\/Z5hZqT855BEAbzFsnSq9T5UoQJSQWJO+OxKLmuziQZO7srez1fkkDupTN1wkkdnmywDXZcMkFQ4tXNVtGsfMIyPoMOjkuNgYuL+TrFwg96COI8IOfhzUGRFJf8K8t+t3YLfMWc5IM3WJ\/phaCjLWvabCUhYVrFgZVTenSIvn8FoTPxqo1m1xa4G3n8d3o2zFUc4XDalUQSYfIsGCZ\/3VGNAlkjuVi1uuzvCOp0qJEHMlsJ6OjaNJzjSj1b5X311lbaXLxEgAACVJ7mOpBMH2eUKlimPQIRjgO8DFiVT1VtetHEHo7XxD9z9DaojFHhQILu9Ndy7QJYx+8OxPwi0k7EQtFKIeO3QhbI3teT8NwQXlJnQv\/J7yzTNnMCu3L9LWIn6C92d5qUB+1utWZXR28cNynLbRjuRNINQIzfTFmS9iOpbZglrT\/GnsqhcaOJm2t9XrSu4yCE5z0c4wHo6GnMAN05DOXBY0yYPljkh7vr4aKEDxXsaCMcwmcWxYnUlFep8Gex3JVoSlUGz95+zuvHb46+MC+XDiipznc431Qn7rrxOB6lgYcTG7kLf\/ZmPHxmDGAINfIYtZO7xiSc5JWwhUA4ikdzTJaE0uo\/HCIsdSFQFJJlEXfiQ6f+9Lg4o4oHt\/v4TQTOThiS8hA3g+cEIozsYToLOF02tEqrwi5BbfszIjeKKW+XlfuQgTXnd+fgE5dAu5Oc7BakCjmnGBb3Uz3ugNj5DTo6+ojP6UY2IU771P\/fqTADAKhT3onheWYJvxAkrQZHLnIxcgu5DA\/5Es1ztGUo\/es0BosHYusWos2FbBdJpxb+gu5rvMEmPCkuCIpZpBZLLug0rWMitGXgJfX9MWvPAjBWdKWTbvcBzKFwh5+\/1ocEXw0VaT+NsU2weQMCO1YYpPIlc+42jUQfCx0zKYejhkxNEoAo38Q29iwZcFALT5rf0jYyMQpMUMcNFQQqqzbrcaHvvgWQzH+lUkFSqbhBqtX5WCPuLWxkDb\/9GhQLNx0Q1IujSYwA1SIvLeb9bsrMAWKENc82M+Wwn3RcXpJ4cDa0hrN+3NcY\/5t1ve6RDek\/0oY6QGGW1JE\/CmiO8t+4Q02FuHroDarDyPM4tHJeLOT2NE6bUo4WRjaSNVu5ng0Eq9X3XBmx0Ikdv91XlzFM87UC5R3r52ZTZNTnO+xLkNyA4Cub32cJnhUFmGLoaAmiMCxezGxr9YUy9YTVqutoTlfA5jfzAmMWcvfXhM8IAoJ7O2szD5hCSuJ8MX3ML7TFR9jrMTogwqPbeDECUgOiFmruVR0+GuDJb2riqtAhc7PvwbnCVPAYbBoyaoy31mi2TG71Wi\/w4IaZaos63DgLgXPzRaSbjG1c2zVPlGYLiTfXzEyhvOk3Mv8aR0DqJ\/gqVm0SvfiOZnBGk5gzICSopKt52HHnW1EwSPCiNSbMh18YFppr0G1bbAe15xP1\/\/Pk0jzR\/wXBG5JS37im5z+jqUQpnV5dcnvgYoRjpgGuTxRGXLjRfoOGzSlFstUpRTF+iEOL+rt3XO56SlECJkrsnzQoo2ccoM5Hgg7A=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1603816434595,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1603816434595,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":599720,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBgPLBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPy3ARUgTYU5HKCgoKCgjzn\/uzo5TjaQAARL4oIwXE1bV3X2RQF+ON3RTsnJX4an3jVlQ7KRPGPw\/cd1gZtN4yjes7ivlyOcq2vm957CNTb4Z32AWph+bIp0qE95znKWOclgtBgRpaMvlLDlaUbTJ1Kjqhg7PudTMGHo8kc8ERMms7zx2J4fSxALfbKS3w04Pkl3fNYWkwJZG9jA2z+7UujsQZ2YxzLHhbiMSZctmG+MqTnAcyQxUOVqOLFrLaBhAxisgQ5MezG68hwcDBiS0ypz8ByM9sY1JtZ4VMrD6ux21WiJ\/gTvOv91V5Grp5XnTWdbnNLG7GrfS3jGjTn2Un\/r3WCKJ0WajhNLHmPUR9BFLSVFG5JiyNgIWA0\/HgJTXD99jRhJkBHyvLeL3j9ePlCvGQ9KCY7A+MdgP5+hrP1QLH82VspHtB2VvSSvMREFxd8jKlKrGybrolBflILJX4GGJlg2hWcC+HeiZGufy5yPCOCbIVpSVQOMyBBe\/Ph0aL\/4q+E+2qJVdBHso12q7ZRf3KyV6KD\/C8p1m5HJ5lk4kmjjCsWakG5crp0wLCKMw1zK5GEWknO8UExqKvojXXFzU2Be74eZgjrj394KHSeeH524syPc8swoO75W7hTdsrJB\/rbuBB+sKBiDCauvTcD0r\/ZL2kwgN2l\/QahiKQcXG7cPXaL3PMAV+\/0HhLKSqjypOevG9iWlPhJOE9CkOrIJqW9G8TK1GKGdKLlPqAZLZ9m71TcFKjQ2zo2h9JsVhhsxqsVTUojf9bVe63KowZvJiNw7kbG5Dx9zv3qk76Scw0pW+2ZZHPjdRZTjmKSA5Y+PYOoxxOicDP9ZVOp+8YwJbnh4YepP36tZkoI4e5hYmgEwZOjt6Yo4GxIrGzuNcUfaa96FJIqS3n0i7MAiXzBsvTUSDnlPJz08s7uoWN3Db9JOSBxZX5qHn+WlZCt6oEKkU8FdQI+7reYK7AI5cK+7Fg6zvWA0dR4F7VGaHhGDIqy3gLf7KmEEyWYRoePUORLvgVC8XTilGAf6Bjlqx9PRGxm0Ja\/4HplWikLpRAYamguRrJONKI6nEhSn9lO27tMAcOTn8Tf6RTu95+ny6hbgPd\/mMKokSGNF7UUtZjCk6cbVH3J7cHgGQXOTjQysmlrFxV2bF8LUmKKxWDOYfmVKmHvf7ramU2h+1zK66w6qsQI2OFBYV6F\/QBKPRxAQlchq5r5kgySGLxmw3m6+Sf6hz7sbVIbyNA36ENRVuZXdVSayaI5VXU677nJtG12s5uEZtWJqnu3YVN\/KK+kE1AeI06S1byEfRfdS5qQoFDC+c6GGJFo5dVEZxLnoVZC3EhBh7dWvLthE6jKMd3CbXVgnSRl9JPjiWwsbn7FBHeycKSDuew5OQ1HtZpeRUJUk5nMgSUOUI0YZ50IJIEFtw5YNao7Ddw10e\/\/nmynctyewik6Tvc8zLrSWaSqgViA6i2PaP6Pv2MZCMyK\/X3XqMdRGKXZs\/jr8\/dMBZX3F\/DYmeMdlamiU1RcDJHP8r+9yBXO9yUXOhN7Pnl31zJ6vG4vR0yXekz\/kuQnX3VMYt3WopVdGtyLE43Smp\/Tz11cx6MymTg0YsqpJ+vSsiBwEm1Kebt\/+JMBAhlGhj5jM9y3tuD9xf5ApCnIw=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02110{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":599728,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8YxAAEAREMXAqAGAR8opqZMdEVEE7ChGywoKCgoIqaWx\/UJ+JLQAAETSRegWnRcPLKk7uYLS8VZ6A+zIwJb1mPqvy2MKL3Tt2jbz4sn5hDNSysWyy0Q1vrUZJyUEmOGV1jj\/0B2GZUMMnU+bx4P64TDztfWRCEsX9xqURkrteqGz6ltOPoTMK6uGDuQl8788DuRU6AkQ1v9y\/IX5DuObM3NrRxVsTfrPVsxKWrlvhhc8+bzP4RcGvyJ\/YYHHHWv8RiMZV8ZiNqzD\/Tz+RFWP04TpQ4H0wJGgAkCU7iYd4ab1bDvSCbzjD468MBlMvdV6E9+6rcgmFKBMzQQdE+3VD+cPof5Frq5N6HQby2yYtJudG6NrUX73fAa2KQZnzYR4AbsJmaaX8pjzhRDzDU9lkoPYf4Oc4\/nC0DEA60ezuIdY6ti8wvtU78brnoSIwXQNufJ3MzKMZWZJpg9zM9qPOZYsquFKurbo78k5\/rJeEvIak8OZ1yOE2HfW77PYo2g+KEWaP\/fvQAQmwoeHxVcoRheC4X\/2hnLsZC4VDGWTctTohPZkhIIguZevQcdGStgdNPOoe23oCG+cigtTE2XZqR98GoabuEhLVpX8IFbc399f2Ed3R9zv0BqRW7l9W+VGBCK8l7hYQJcjAGrqb6UxP9n5twWwwy63e4tac05Mv3YxsBf\/gpWY1CeGoH4A3AOIfnYfHjCBkCKDei184tAdAwJXAV8xwNIvdB1dw3Mc68J\/Pfqo1EfLZjZfaNqOe3f8viMQO4rriT8gdNtZ0CgbJJiTTs0v3CCooFyBSmtQOJYSnaqzYT+uTl0hY8Pv7OC+YTEfEJsGmbz3bNDq8LTl15HzHDF6\/S0tKU8O8InGVtk\/4xlinam6Cr3IODbyJ4bhBkIKy8MFcG+qdHGW4VYXvs5ZK3HFwh9xB\/co3gy3WkEyPgUxAVTluIvDqC8K6I1mGrN5z9mmI7+cQWr+bnYAVDEJN4rmkUxjOxyuiiOc+eUaT617fUn1I8bpVOZvNmAr\/m0w4TmV040UAJX8kNuv73I76cuzAXTqPGp1OIlB8p\/rUaLeRtwOv26NjRPMlDjdM\/2\/Ilg8tpUGW7j\/eqU5QmqHo\/Tiz3kNBpIfGMBMuOWA\/+PbBvi4AgIZ5msvRnQ6tvRm+GWBEDzs\/IRYnKTailefoHxjXB0DNFDc4zDa+tiGPQt7PmYE5fk8D2cP4OlLJtPGya0qenuuBZpE+9egccg6vsbROrFnslZRL6+0pFRqbKJZSvkqUbHUrlE\/JfB\/RdVa6sOFQkyGbFLPZtdG76DZnk7EFNB+78rrmYjzs6QdbL0HyurZ1UeWbBWI2fQCt4n30u475\/uIDFvQNfHznThYw1T3lHUvAqHOyJ\/ccQ7CPkJlpFBs41COx+7rd4GKmxiD62jg+b4QoriC8bYd6M7zXH9NxgT2wgi7+ApxeYKupXdFHK42Vnp2KF58erKh\/QyLOmaga5TR43mFPJ1U4Glvlilv1YLFtMnz+s5m3xpG9nXQX\/uLnoR+QzZ7ZpahZpcCH3jpOUBrBQLDS3SRPYGHiIfQ3MTxt\/K2HL9xf8n7chjG+XDpVfD+Ow4ZDOisoboLR0pMTJoCSzc7NiqX5QJC8lHEJcQJ84dLF0V8eZdiDwD0a\/E3DacaQJIW+8v0unPtOxdaQoXsSVsGNysZHm0clQcBwxWaX8rC0w=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1603816434599,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00465{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":601225,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"PKn0qB\/spJGxgjQ5ht1gCaFmAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVHH8QAfHOHYAAAAAAAIMG1gGePLGT0KGio6\/wAAHQ=="}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1603816434601,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1603816434601,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":601769,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAQM5AAEARcbfAqAGAjOM0XJOYAbsE7P6myAoKCgoI8EYvtCcjifcAAETSFB6sl\/lkLZ53JqQdlE2I446feeWqsyvCToqdH\/63WgFZXzAd5XJaz2hSlpGEY3otY+eR2fXJeeeLgKjgc1xdXndquYfP60ARoUpa1CNURQDv3dVUcZH4ZRr7gXB5ZoVF7\/jeJ12Vn6muRxM8UUAONwgdRKDgiL0UJP4xo5\/U0EJMBAoIApMkTic7rgG2Bh+mE0INS4tt2YDtZQWRkNwxdusXBvMW5Xh6sJWHpZCpVde45Vj8XrkpX2zzc2M+YhMwcBgNKHixMOLCc1OsZDjp+pVjqtaNwuJrMIuOI6usSTI66JX+7JfjdPq7itf0ZF7lYG6PNEEU+xPizRn2KxsuDnIqtilwE+LUxpsYFKfGcG5ezqqO6yKGneF+EwF1DUUwFWNzaP0yDVP0V7O256HNYYY9PS+2D1mPJ5Qh2m7ZEHCUVkRSNQ2ShIsxlvawRDyCp6kGwT\/WLvCLzHx+eyBaO007Tt\/wxiyopmu\/PGttRCmy1mbey1xkep6SVHg2hljMI2kKhPkHRByGHf4LjQ5nMnAXf0Tq9kl8M9jkU3GAPVgFzvq3cQiBPTdYAx\/xzWiHb6MZotlQJrKtj8r5btIK5VkYbo4NO\/HZLmSzj+v2qCIKxc1Kk9zuPTC3cbP50XiuLwGkNCPCfW+6OO5M9kmhEpBXsPSz70fHx0\/0D2eDDtF18PM3Frvb1Fy16GhVoNeVMEwWNkS3FwumWjt1NyRbw4LvKt\/Rmj6KQiUZvu7MbT1ndIcWoPm+a9vrINvQyHbJftHfdf2llfXEA9XL2i2KvpzX8iugx8h\/EwmNNUg0F+x1PWifXySR9l8Caxeyeh8E9jH293IxSPPA935LAymnnfgPtyfd1UPNS9YuR73IJfEhrnUAjx6P8XPDbcP+xgeY76YS+U3MH7XP1Q4EtbU2P0qKkUuklKbSr5dA\/KAEw+eLuqUjqAIZj+rndafIhO\/LsQfPYOW7bdEx4iMsGisRcOkkgcehuB399WIzJNDaiUudf5GjJuMlrlW6TLhJ\/g11dD2dIjh8WIkp4Qn0ZkpnSlcQsZ6BaomyP1UZMobw7Gb2Mj8fiVHGtut5pXwWsRBQRFeBEEDjwKjkFEFJa+NTqaiorO29xYtpR57ookqNhP\/dfrYv88CXL7XheZvTVIEYcH\/93v+Cx7XpZlqq9qM40K8mUb2GtWK8vMCP6sNaXS5hLGz84Ddirh9wD6+wfnjrttIpQkYIn\/n0QN2b1TKqZ4lV4cVP\/FewN5U4p+laZISTDvXTwJ40b2O71mGyXFIkSolo8eu55u2aHixwNCDhO56mWWHK4Sjf79khIgUIR39vcpUSQ6FVfGU5puW13EEw+81VUTMmbCdmBMwZ08nDTbGTXvAz8fOGdlwm11FF6ZM3uLiRXp1gGZjK30iogDlgUho8fiLM4+4Funma+wzaEJShb\/ISV4iTPJc+5A6A\/ef2opV+jxdSnTVcIVgMqB\/J2pk14MFTuYdq1mbrGXTX4\/KzcWcwz8+SNndOIz9Wc7K5XCuPKwn0ey2jndDMY01z6moJcN3uM0nJF8eHMcSe6+CbejSVpzM5ThvLdtFQ+ViAhGrDwX9+mUtbkulWDQiHIxtnNa+G+LGQ1ouuwgszH64VBoxich6WLV\/F59MlHS\/lRQ=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1603816434601,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1603816434602,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1603816434601,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1603816434602,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02118{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":602877,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCm9\/BNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmd7jcRUQTYoyXJCgoKCggXpMPD7IbgFwAARL6WX\/ntaXcB2j6uyN\/eyiy9Z65LFFuHMHqjLQFwZXwPmrbwF1D9AvrfhiGZgRDKOtshDVcv\/5o63Mt5lp96z15M3u52GksY8IeFOYZFLzRLSypCHdSUAudS4QYS9yvJF11P6aEq9v5\/cYDKzMAnbW\/\/2YzVVKyxaNwCoqy+9J2FpElrzMoylxHY8jGmzsLZt+Cq4S6W5A\/yie2rgPdsV\/\/kadibCJuYe2QgLqw+NgOvs3ZCW318tssCX9NeufGXtdg+E7g9jwjM+K4Ord93OwDnRF2aTJmHo2tCEGjCWFEkbK0aHLxzz+KabEo0\/LETVbiLPpKC44rKQXGCZ7Lmqskpi4aWMEcEh2AyNzzT6UX+VTMz2bzdgqFYxEdMOkTF8mZvPnsAyl5GsftpRvrRDq4JM2HS2xjqKNf8\/rk9IDD2z1lCuhYklz6u8Xh8AV2CVmPjku7CduxRqf8iWhU3IZh\/tB0Zovqp1ibQbIYt4zrU3MxUs0Ann688P+rb7y+ZsnFu\/fk+h6xbT\/viYivE\/uJYhISmd0y\/Ibw7oVkhUvcwYGe6BlxHbu9DCl0q2k0qM2EbRuJ7WjnFFIsOxPhC8cKRdPoM0zznMb98kz5ysAdYKg+SkdeKd+4pa4gn+PgKnZ1v9QHbHVyu18amv\/ydgTDP9BOE5otsm9Ste64D+uoB3LV0jr7gSVBlTP43OHoBDZrEnIZWNb0IXAfnfRqK5U1mX9jYgyrjMmaabtaW5SNCjpVcHvLrXXfdvgnhoksaNA8gqrNxl8kTwyqsCW0T9SKJrw9GgmLUZOOEXkBCdtDC8Rwy2m5YGCQMlqBCp9fcD7R7OWZl9re2KtmbZcx5XuRoJK+Ee\/RcP8U39Qot\/kENeJ0xwBwp0WES98qMbpvwX+NXwrulmff5OZz7s0aOup6\/XRoJevNt6uaC\/AmTv08qFISr1ifH4eiMCq2kmxW2ahH9hEVWZR3Jxv9iJSCKrtvEkXwyQlIE2Ox6SYeipj2kQe7zZek+5dXGQsbScMIja5ekSaVy1D8rj1LjvpGiPeJY1UasRXnpVF59+PQLwsfANope5yQlCx+YVECOLk0\/GMBEoIlKIoZLqVJG\/C0u7wyX+2E6ZdHmRDFkH6mFBgjUTGXKtzBCjRac0BnMVz9YKLNQsd+\/rrsH5pxJ9YO0MuiSwIPs+xpIdo\/IEERboBN3aoJgydQ37ceY80ila+nQ3U9dSxR06jfC77UBEfVmdzlkuL\/DhQFWPNRfInKTTvG3yav2KKHl1x8TO6Ii\/6UZ\/zxT\/dSPlF2U3u1lI3XWOna6XPE0cHG4jVhbs8Y9WhQwEhQEXLQePEz9F2uVXMGjij63Ico7971IAKm6HyBzRv2Z2ImKjQZ0Rn1bzFvrV1KmJeslV3i9\/gn2wrszpq9ZZiQligWna9g2XDzA9fJDQnnBdg+QtaCieo2h4UjfZlagVCzJE5jJiKvMJjSG+vhOBRM\/pLtSq8qtMvvY3qHtTPn5\/9+fdA0SINWbW8xs11auU+NEYm5CyZ4WhnBvSSN8gec+a6gg9j80lhWWSEnL5q+wUaDeIovDUJ\/pMAff2X2gN+lfmO\/YkWJGLKHp\/WpzMbzWOkNBwTL8XEECXXPg9Q=="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1603816434602,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1603816434602,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02112{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":606208,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbNAAEAR5fDAqAGAwb4KYsH6AbsE7KsqzQoKCgoIc5O0PcfI+J8AAETS5F5\/qillFB34ZBYonPftxqjX8kBkyIk23lkZ2qSswRv0KEUWFyy4088Os3ZnRrOQrOwaYeXZhHaUBeXrptUSJZkTrnEJcyoWV9p6dEfGmv7bCjVxnlCwVoAAaJG8GHsjcbwBPQJPZ6oZM5lf6cBUHAqYHNw6rDSUKD3xvkDAy0tLs96F9A7S0NsDa6ZvGzs91gfUUlnKUaJulVEVfMWbhAjpxgUG+FXt9Oo9sL+OPkMVV\/7Vt0yoW1XaITbIq8KI8LwQAzQXNX+v7kBeFwKwuJRDs2d2j85QUWSVVg6OehxN0oTkJ\/iEWaH7HwRGKNP3wBEMihP+3wB41yI1iprDNfCK26psAUg8WkevVXjHCw\/1R8rXTAqTx4QwA+k906j11b35dxI9YbrIjP9IU\/OcLYQFjdfqfddeEH8L8+SaTdDj+FCEgqbdUYwvn3ShJJ8oqSXEByw1fDw6a6R8YQY\/NcWHQmWlwZV\/s8V6pCK5XJBFoyooYlTtK5HT3AzggQdsGSXTc5vPgI9QOgVcbjbdWp2Amvc9V\/q1oTUYUqgUbgO29365V32Dune0xvsiGBLhkxW\/xB2VR3VD8bIGBOkyav0B7u323dLTivvutQgLSxIpoC002ajbvnwVNbm1ZcAbWyBNcs3+OXM\/vE9S84TFCziB6d7oYbaE4yI6WoMFbiyLE0HiXUYenUnbBg82zVNaZ30wtH7\/mEwwYXBlHw79PgUwLtAbNWwFraM3BZwEm3JyH67VIsyLo7T55Cx3r9oakgfDnsS6P4bT5c4dkQ6l8BLSFIYKSUtqpqBbExMHSrqaMXKXu8BL\/5ieVLJhNsi\/slQ9w5NDtQoTTbDkDU1uXliwiII\/d1kCgsYupKOqyL1yOQzPZKCInlHZsUbMdJ7y8bMnF2vGBX4GG5L01jtQDpBD38uCXLmnzO+9c3yuX3Qh5zcfT34vJRSeWP4va7S\/nOP4nZYATnqlIGSv\/xJzfLmDB79k6IefwfU2xRise5mIw2N37hs+9xRHmkwSbEY658tuxL8Xb1MtKxUQDPq8BcSvLe9eQOWinR94+9pJhj3IXfg8WmTW3\/5K+B\/rN2gnFxD27OZ+9NCOJP8NZ6N\/BTFtZSfdJJpZYHIN8TnZLxRlID54H\/GDdCUsJNUfhoKrsuqdCGDfNktOUx0MVrR62a0uRztIF8liJfUeO\/\/KAKR5QW14obLuVSayoUimbOEHLMJCVQc8\/yVQYizs3KLKMpIRLych5r0TNMP6kwhIq3oRLx1tuGXR5Ce8Ty5Ru0TOGnc5fQ50Lqs6GkZSf0wsPD2nX6txa8FkQa+B66L7AJOYLxiX+7eCvInUvChFc+0Sb+WrPE+4s+jAEcZnUDM2coA7EAkqHnQ9J+lIjWQPxMKhSjx58dKOyLuMftDrpApD9cIaKdSgopyq44a5UIqEi1D2XHwo6tGidN7YNyIAutBBxF5IsroY6pOfcfi2fwuYnSzbutfHvCf8YirR\/BAaLMu3aNHHB\/ZKPVZpI\/gucAgFFvFH\/M+\/qty4rxYviGGCAa3\/53kY+NHOxljIVMDVyWE9T\/sqE0XTooS\/SgQ38mqYWA+WDPfMqjhyITNqp6FmsU\/gt0JrpoezFzEe61zJNnCelVJXtRUHkhDcxRW2fFs7Rw=="}
-00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":606554,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUATrtAAEARiKTAqAGAg58YxqJzEVEE7I\/AwQoKCgoICpCmEqV\/5+UAAETSrUzMAXsH+lNXSQbnFrAyl7ceSEtrPkuYxRTLDdaFiiLmduk9Xs2lXgYzbsBek6Ac79LMu0h2S0VMLhMIoynub2oycJvB5K8wYKEeSkLlTvDrT+4\/PAaXju5wh72tiJmArJiM37yh+0ZsoHgCUSqF0WzYygVii9e2gqRAE3tVIHQjG+5jZMLcaJ2yFfHfBMxd\/O6jX\/qLUotOaY1vFKrUIY90\/U9Dbi4MsFuL6Z4A02fTqtuX4r21R2SazEf5RJES7hcKSmvCokMZmOKlyLilXCKYcenmZhN8UNa3xfFEIcmY5JwTnC3sMsOo\/rBS\/9H1GO4ZE3+cPgE5zkXgqeuWBcFKNYDy7D\/WFSz1wdWlgFLSW2hrnDFcjH74QFpHFNYSLfoZVnrmXaJWdYqR3\/GrunzyfQ5NLPD0xfrMvW+mfxDdvmFWlM5+TRdKLnFtqU5+MG9orjbkU4chKQtFPiEcFOtk8NTHDHAGDTwbYffqe87exnYOpkIf3ZSAN+Xc6uclNDmRl6vRFeIZ7wnFa\/vovEOpHWQnRJdHbza2NFUFRaTbJ66fHDPe80KPiiYdWaTjiZGLbnVxj5cnNPjgcS9riI0x\/vjDtGbui32zd2k19XAk8XSvXovnq\/N1aEblwY4nUP5VKVuQkxHivQFDAXb94K1J5M36udsQd6LdTQRFPp1uq8xtKCFuK6p8iHZhrHLCcSPXYOeddA4eGHDK9as2MSP81cihu\/T7DLy1YjlKcHYzDa3yx1xCoO5FKkG6fm9bswGYlU\/+baDbYfTkQsLCEaPlRnxA9WTERJJ+MSFDRHu\/PlPFJ7insUQmyVmaD3hw4umIBuOag4GPXKlW2orVcqPhx98PvrVSXrWoJ9fVfyaRdjVGS9oRlA6aO0YTRViOTKSEUuyp112T1TQFZCnuDnAkxVoRPmo9aTNWuTZ9TG1q3dK8ixFuLxOAzdvDCKb+Mw\/ATbe3lk+yLwq8IFMq6jKdrgufqcgEK\/DE45uK6DkeDtg2Nfk41dXE6E2W06tsmVdvKzE9ZnBhUhe2ejOTPCQOMOhKKxW1gu5IyfCpHbjJN2vfvhyPN0OnZybFzDxqcGmwjQ+YG+BTWqim17tKyUSWvtfljnxHMSsPqRy6Y6NfBCNp1aUpwRPLdmmujG8IVPEXIU\/kof9d0KApSsa1g5\/lxQVV6EBiKhgM1boWQ5RBl6ra1rwDg1yBBAJS3flCp5HcSZz1flGcqFaVEsVrUVz+AEXY9ruE1orPMbY+wl+lHasmZLW74cTNm+UINmjH3A+DsXhcmXvfEm5hNNThZ\/NnJpbpD4NH5H02TzCShSKgJ69RlVFghhhWba9V1v0pJT8dy2Wkw9Ko6Pt9n7LOTgLjbmfTwItWhZTZuppOfwln5Ay+ujYsECxELS1meSTPXMgPFm5ZqFNUQ4ewBWDBiyF0UuaCFEJLCwQMzr3L1MCmNTV6WeniY70fageRh2KTa3ox9TKmffiA5zTBLt8Z7BCR5or8UDQn5nVW9FpnezChyvtJGlUcukrf1\/2Yv6T6Ix+RUzOFNkHL\/DYqhcyt5IZvOgg9EpYeiSpp\/jf5smjFh0ytesmJY86N5x+rphh2jl\/Hh13FoM1EltzV1MqIusbwoLTLdDb5Z6FDqYBCG0rctA=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00457{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1603816434609,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00751{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1603816434609,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01149{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":609154,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA990AAC0BNLcznmliwKgBgAMKP5oAAAAARQAFAKEiQAAwEUWiwKgBgDOeaWLKrwG7BOynncIKCgoKCBGs9QKfvVcQAABE0lvluJrmL\/hMeUw3YRhBIJ\/7gLtKpaIz\/yfYSAz6s8M\/iZU1xT7UiPmoiPsMT3FCwMnulK4pxlFMwSTfXCJHpc614jjRRPQY0r4A52kRAqbpnpm4pGdhwJNk2VhjYh04QB+ATZnDkcsklWaxwa1n6YHU9l\/hwXdVfRMJRZaRjlnNVjFzYTJDWF1bqR3R+8VW0waOTiwhJbmwo0jy0HGIxrRni0iCPehpoLwTjyK71TyZayvNhxdtGvZzTbpHaeAT15y\/CNrfq29HSv4IbvE0UmtwPnAkf\/K1m2amootTqW7mZ0NRHFK3HiA6yyoxrFYKU9\/CqXLS00PyxBFYvXIH8JHdvMhif7EW2Q2vZzfwwkJPwkHVXd+ngfY6wGLILtNDXV2ivGtdy3XuvH2ccmQEKSFZ73Hx9iHdBl6qjfCYRhGp6e+IEQqSNu4vIjwJrHd1DI7AFuP5HVV3t0uwiRNlmNLYg\/\/iQ8SXBZOZZXE4JJ7SqpmG4T8bxGnZ3BCjiEFishkM4w78EsJooOt\/y+Ru+rpDXeXF0DEDfcvmU78O5MK3Ul65ZjzZQp5A08B7wuQCd5NseMaqkP4jaydGTyiWvmW0mmoH\/qDqrJMH+DDDY2TMH7n1pK4uNzfng27Vymwlz4bVFY+NOz3R05sw0AhIXP9mFCKSmts="}
-00489{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1603816434609,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1603816434609,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00472{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":622862,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gDsWjACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVGcCQAjCvHgAAAAAAAIawwAN\/DoMJL\/AAAd\/wAAHP8AABs="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02100{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":628754,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAStBAAEARganAqAGAyu7cXJgVAbsE7FzZxgoKCgoISaS\/HP4FIE0AAETS8b\/jD+OLMZ5ZfmIPp7wLwtSW\/3e3V56tG1ccXR3vL4iMRvcTifVjxLwR1VEj5kxXicua4ELuOiBh14YJiINigpT2w+4dKhfV++T2HAdDXb9HRo8Wp5\/Q2I0xH7P0GEZjVSlxh\/KVM7Q8JSVkblMvtsmlTbMHoKyKgv5ZVuhR9rKzyWjc0bDTpihNkKGhI2W23K8YpCOo163pvnpUs8vCjpMKx6Y+XLOjz86VHxZ\/dSIUgwZkfU3hXvxraGDqsOM6nk2BsxRj6ED+eksutrG0VvP5Wbl\/nwohJ3snk4n+kCBY8+CDoT5Q6xIqcKNeqA91veY6WDNW65NdLK9tq0Kt6NyRCQ0iHC1fm8oqxzK49Xy9Yr2klZXjGA6Wb9UmYx6KSJdvg6i+UYQf+hP3vTAcVrvclwQjn1Ttts6+sIXx63DdYoKsDizIkqnYCVuj0roAtIdLG95OmHxjKHrmpsQyLltGhTZMsYJQRCx5M8PpL+vjXo6pu+GHq\/GNM20vpbcH4SfliMSbdeHv4qviRxdJ9R8w9OkBT6XZozO3wWdBmA6PqET53j\/ug0iSc1MIiO+\/q4LSySrTDiP2OBzfwZT7hTAaYz1DN1CxY6wbbPEjnyqCdpqZ1PaOkaWb8OYt7bm6J9VMzWbMZaVbajU0njanBfI51vKbom0V4qvMvcrqXEEunVPVtjgIskNplvDAftVJ2vZJjRMGUEv2c4SLniMT\/gRm2OeeaPXHe1brAnbRvP5KwVwSyHq8W08M66VBt+caimizIdJuqJqF1FGzRpHgQJNETaOqosq4CaLQrU1BEEg3UbRSYSWKj7OLTgEqG1JOZb\/nz1GI+TfOOMiy+107aqM+S\/i3Tju69xYk1X3WP1Ozrd6Wj6AC50FxHQQFSXlNPa5e\/vjVo4rFyU+uJE9u8JoYphh7MyJDB1VngH+kgiqxcBa2QBM5E51d4uR1hQLe+c6gd3MDh43gdsQryQiQifYdGhNRWZZaw2p8fRtUP4Uwyq\/B0bHFpZ4t6PuvIBU1+212nGGZUAL7j3HFR48RnO1qbO+GAhey5N9lWYMlU5tavGiXfOhlX6cAsUEQ2Q6TLV\/ZCB5CQG5QDTtdPH0QZSPPPDEVyy6HE2QB0rH4vjru2j5voDUPBjLlpBQ\/NL5R+mTgOnDFh7tGqQnBHhyDGFO\/50NeIGNTAc07+9N1IfFyQChGLc3grwS1SkOgfURlQLF+0ioikEL5irbMrmWTd851GONI9exui+8KOT8c959NcGrcyY1CIpxJc6JPQNgq4cGI4ljycOhrXFfcY+tJlEO3E0yGYN4gMAGSars7BkXFZLPWbZY+Sb4jXpDImxv+f95nzmTySeAQGcAaOitCLcJ318ljtkj4SzzBlngK7\/jHpA1EPvZ2SJKmWjryUfQf4JJVEzK0DHUTA6qLYV+785FtwR53Rvcfx8ZKasxHIdWmDmMQfSDcjCfFkiPKXadftOSR0e\/XsF34XRoyBUx5eKGVWThXeNxNkMdpKbVofP1BRG3kl02O63aebe4V6uZI5YzyQUh4Dl097fgC5KIZDSXh1zEWqkg2eojIxOsLE8glsZ++gAFLU+Q749QmZTjBy2vyjMlxdSRKWMC6H66lOKBGFFFOZV6nr8Cmiz6E4iT7yg=="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02101{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":628763,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCIsNBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdzC8RUgTYW27FCgoKCgiOjC+QJeVzXQAARL7JSt9fXYbHm89vAcaC3zVPl3CRJrP6TUqyl19zIq90T7T2NXCDcXHJobasDcuXuTxPvCCLEvFASvzCuAXXUk3HWjKo77c+LloXAI84Zwqo8KPwvyzsluIwpPaCQQSGiuEyjDniWlSc55j3zHtvxBYI+7qs\/+m2E9Qo9cHvaYLyJZyEsYiKOdymD9qvtzbmDAszHuIEjcfE2JjV4l3DJqKhapzLQbS9PctxujyF1VUI2ACV8ytLLBKZMFRXoJlO+bWzOXqbJSZ6o5mClNhR1vsaR6skwjkGqVgCBLklKilA+9\/6l4ZG3WIaUFiUoM7SgIxwWF8oyiKV7zmkaclu4f5\/3yzgGms+jvNfvtwGzb3Fgy2XF4aZ5O5HDcLbhvsSrvGKNU1KYKAXZ4nH8RB1\/jFqFn4mCqeFIiG1sLtiDLSix9f1+6LcFT10dfWo8qUHWrWQKOTbIY9nDBXTCntoa14qK3CE8mecM2VJ7ggYOHeAYHiK\/KSjuFeEFZdZUdhlNNgz9SYFL52F6XzgaZRwl5PM1sfRI+PVfN3H8HWyDW3URl12iKPr73MNCK5qktammCheXnaJBQPkIp2os8caGwd0tnC6YXcJ6lRUUduYnFyZK+vu28T7Dz\/LrOOfuQtWldYrGOIU6j6+ccDKu9WWuVGuX87kKb6hFa\/0Hcn3qf5Lj8lhGc0veQe668VrdjsW9Dbg+kfK24zU3dHzbLq\/XM+CIHEV0Yi\/cWiNNyuRa7ulzdTCAyRs9gYlEY9PmbmMmVnZTQWIYxLrJJXunKhqYDK1mFGTl5IvfBZY7XkX4mf2dHPjv4NDEk1QrCa1hHmGBMvl396\/dwaT6SqqWUBPCDC6vSElGrAMRRGJq9LvfuTt+lbz304CY2d8TLKimJoo6M2hj9FCUJij7LzuvBHoekrCNTyCpGkXK+6f28WuMzCkJmtH+2+vwCZ0cKmQ7CrGhhaebnvQZwlEFUK4HQuJy5pSXRkTWfe3guDQnvG2+9SrouXEZwHBxw4mhOlu4pZjXEqExMqWvswlRLClP4rnliDXpHH40rXKEVBoT8v\/j3qP19acEvtZNPaR+ixqYrvXUyjrT2RlXNw57\/diViUriBwdc6BZan7TmLF2I9JRDJyDmqg737XOiOdNXmktfhguZlHvtu8BzXOxe9QBMRua9UDc+uCEMwFmlIsRXS+UZdgutMlJZ1Lbmq8+H9dnSORxZcpeFndW83URbDqnqh3rTxU46PizBvjU3UUHxGcviHiAab4O\/xs7Wgwm5afjOM4HWTr2GZZohe06rmbLxZYWQRT95qnnPQz6O3YXVkngtM49zsYfYtwWc\/15r8OVdncTVWq9tmcsY+IComKrHlZhTs92vAihW5Z6kvjaWc9ntG7+kh9ebleS75pVIAPP3qfgdh\/HVMZQrPcJuQH8Y\/E2UgruG3vXoC9MYlyYHSvs\/p0NoudzrUECbg4P227GFsxLEbPUVjR8LlC7rVNTvhNIZWwC\/QrTxuvgRdHhiNNC8M2PCOHRg+GtiTF2\/CGbeBUpGmKvLPodeqZZylHTZhjgU1MkqVoyyY00fBkWduQkCMwlkuamhmTtYdY4kHKiR0ij2DmQLnLbFkclRCdK5g1smA=="}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00794{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quant.eggert.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02103{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":628781,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBiRvBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTABx2ARUQTYzffDCgoKCggnNhDgZJaMQwAARL5IzeYAwPvJhqXqSzYyuvoAe\/H9DvMh4rH9IopmFLLCj+PhBdGZ40ll7ADayrGRVomiqXfQeeqE4lI0JVucWTRV10wN\/2X8338TTB6+1v0VW\/8KTorpg06AYkrrASXu2b1BsrKpwLL271kd\/dx+mnQSA2BQKuHrVBCwcaBHI0r8YyjQ1srYGqRDA+zKcgWvk4OEb2anzxkS+TxZp3BCgoJSxTVTaR5r447ESHGMmgukiZT5KEHWyWxF9d02oG1WB5o1fyWZF5XPYIfDooBiT1AvbGvAvfKT01RDHMenDf9O5UT9ob9+XRCiw125P6PnFWGEuoX7atzAW9zVIg++DcOuD6bQBa6hwrgrZiQuNBd8kuQqMdvHefesXx4K8g4hi0yN8Q2JiBx10ybm+sDchOmA+ZGI3KJA9MxZ0Sp73D0+bCJe480Wpk3E7r2Z4INozKeBGUIjWkyo7qFkmuan\/71DIvrB9t\/xagwgNTTJ3tPFFcZxULz8+MN\/EAmmnIbFUMJkGpaxaZkxUwzdBzzVfWgWxOxaXp6E\/Sp0HvH7wVBpKbhjbMf7v+XMfDLFzWRXSgKS3UI3Pb2wyqIDyMku47b+QW5Q8ogC6pRm7vw2ChoPyXCwYbBnsPUrSwZulaXZ21SytHaEU9+EZo8BWLIhbxHDWCqgcwiQOrN2ld6qsp3S\/Vk9wosbHKzGjZ8Fq0IulMECZI2u3F39UfOXkQRBydLXb8SJP0YbtSDYwJVwphKDdTuYShkSh02mqvLr++kOOrUBElEDb2FTjuj4gpf7X+VxQEKj1eV44pEqEnAkpTwMxZvrlvupezB2DaPuSdgJ2oTp\/O7zZVUZF0m\/4ldGEeQhWTjIV6CkEIKpRvwcA+UXJ\/KFZ8RG5C3FjLxgW6qDeZaa51INZ1jnCY0wbHYbjsu1o4BqZImbBcIYiSFGPgjyz05R3AU2gPyjMwQtepARpLhB2m2nPYRAMfmllWHd3xwrKK3Glp060Yi1hFmvIsxBYN\/HFmXph\/R7xAQ\/NCCsyb233XTR61h+5mjyr3kBdhvRp4FWAfrGEcdmYH09lxw8fsoI2fyGmlrIiLbF3Ib+dz+bKp06GWcTagDImEuKvHXDoqew6XT8CRp81NMwgYp2C0sRRT0X375VlYNNoST080OfYYTMWSZLZIXQh8aObm1WMLPdvWnM+yeTd\/mCvRRGkSoRfYLC7RPv4Px+NqngI+PBo1onxLjP+L4PKyIXY5M1Wb\/ntYVcCVD6Mu2L9o7pVgw2OSUjjv0o88lqeZ+5ZeeRR6GyrHda3BrAmnkZ+qpQgDgKYZH0YS\/dr3\/dP2b05Ar17LfJufSjGiJu4ojISm\/iPkcpJzhCB0Ulyrv0Qi0cZ\/5EJ37Gp3EGx9wtbixPCiSDCeFvjur1Q9TswIkIMcYKjzlTF8c4ari4VRXM+F7\/DFMpQowUPXMsTOknhf+QiC8PtIgajvJPz0z4ts8GtDrZNFWP1dmxLaXIf8adUNIotOd08gg+Fo+EaXwzTPqlyv8pnBs9YKcfmrjrW8mdx7psWvRm4G1XHb9iD7+F8FJK6uKYd40yFQLCG28wXMkr8rTqhU71QNHZ421qXPLwoECcRhsDGlUiQgzViqn2CQ=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1603816434629,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1603816434628,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1603816434629,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01146{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":629806,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgVoAADQBpNWDnxjGwKgBgAMDhTkAAAAARQAFAE67QAA0EZSkwKgBgIOfGMaicxFRBOyPwMEKCgoKCAqQphKlf+flAABE0q1MzAF7B\/pTV0kG5xawMpe3HkhLaz5LmMUUyw3WhYoi5nbpPV7NpV4GM27AXpOgHO\/SzLtIdktFTC4TCKMp7m9qMnCbweSvMGChHkpC5U7w60\/uPzwGl47ucIe9rYiZgKyYjN+8oftGbKB4AlEqhdFs2MoFYovXtoKkQBN7VSB0IxvuY2TC3GidshXx3wTMXfzuo1\/6i1KLTmmNbxSq1CGPdP1PQ24uDLBbi+meANNn06rbl+K9tUdkmsxH+USREu4XCkprwqJDGZjipci4pVwimHHp5mYTfFDWt8XxRCHJmOScE5wt7DLDqP6wUv\/R9RjuGRN\/nD4BOc5F4KnrlgXBSjWA8uw\/1hUs9cHVpYBS0ltoa5wxXIx++EBaRxTWEi36GVZ65l2iVnWKkd\/xq7p88n0OTSzw9MX6zL1vpn8Q3b5hVpTOfk0XSi5xbalOfjBvaK425FOHISkLRT4hHBTrZPDUxwxwBg08G2H36nvO3sZ2DqZCH92UgDfl3OrnJTQ5kZer0RXiGe8JxWv76LxDqR1kJ0SXR282tjRVBUWk2yeunxwz3vNCj4omHVmk44mRi251cY+XJzT44HEva4iNMf74w7Rm7ot9s3dpNfVwJPF0r16L56vzdWhG5cGOJ1D+VSlbkJMR4r0BQwF2\/eCtSeTN+rk="}
-00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1603816434629,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1603816434629,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":640692,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXZdAAEAReS3AqAGAM55pYrDCEVEE7CF4zAoKCgoI\/WffY03wSeUAAETSMHofJsIVRtpuQGVddBW97CfvMNh6FstJkOMpUt\/yyfMol2NH\/cmw9076\/GVp8Jiw6RRO55nAlaDXRKDx+fRRFB3MWLmB\/9BdlA7rKSF+bxrlmvb7IG3rx2evLnOEA295WB7h7yye\/Yb8SM1ckobonKrZZ3VSIcOyeDvx1To8yKU8S+qgO5UB6V6j3ZR4z8tia9hoRBaJuuWjnRXPIzRC\/Y4Ty4G0TTfbVLamm4ej+5tVGNr3TS7pN2Xzt9lr5OogvAmipVfcrFQmzNA\/+bixOvtJICDh3fR9sII+Aa6F3m95yiDF8HdhXx8TxWV640MZkTOca5MbcwS+YPz+INAIjF0s2owurg4clHkrQ\/h1vY9wfL8cau+doFTFKxQWkVu3t2i\/+mAsWEv1COMBJgtwWY\/1oMYnha9PWceb7bjtXvQ0AFrjBC2iUpE8uKG2lpMj3vw++EDHs4D8UOswAsYKSR3QKTNy5\/n9F2K6wbOe4lbPp1tEUC9i4BjrP65N5Jjd4whCLlWExxdcuUiqmeRWX1rLfPxynJrkw7vqaREC00sCdzi7Lh2rgh1ZgrEUMSznXgMtkuiWXjnmdl6yNUvpIov2oxF5IIqE7+inmRUO\/4bFKluz0rJxSvweOGUOG06qc89\/fVfEYvQVfSGie\/2jaZPAoa73lw60ChYZL5W8YQTUE+iYwCEs\/LrU43Io05inp4fW99XL+dqJLeBaKkadyRCr+ZlWnxdK3SIVAKssrqk8c+dwBP8Ga9TvI0fwtqyE9zLeGdLLth+UrgzbKZkjPtZvumQptE3y8vzXm3rNGckk+s+tH5kfuTErhMMgcEqqghapUSbghSKFnvd8KXrp5I5dImNV23VsAFnZphiNdSMrAO\/5tN9cHTB5kZFEzKzu5mIwtp39YSpIVho1618W4woojYayBTAYGdCFJnsdHAOWZ0YNc9fXqn3t7pH0RfvXqhkQ14VLJ65JuJqy\/Qz9StzBGBZch\/xsRQnL8tGwRc9QlrXGc3QWq7muqAOCyzpHoMChq2oTRE\/8HPgudmPNkrAf\/ScwBASioyMRhmPXbQOnz8kpZqhiLFLzbv+SqaBxgR+bgVYn1+3zxEWz0OQ7t81FdQLiQ\/r7o1w\/5GTxaT2UQy4+HSu3XgrEmc70xQDowI3TS6l1xbMtq6G0wpiqDxghwCsLBT2Jp0llaTYvV20z5T8ax80YSjv99Judp7QAD+5ZWDqxTHKL7rG3JmR6R8uIhzq4m21IYTygNOeNDTZrVPa3NY1BluNOiJM0ojQMwAtKPXhJSECktSWYBn4OIxP0YP6tXleYVmyb\/7bsrgrloCmarQYyCzGzZUopQB5p32ofLV7NTKVj48TfiOfWu7G7+u2kMk6czrGQwjYr399xRe06yg2sy+HVyEgd6XGMtNrXxL3I24LS63NRpc2fVvxrjZFP5bKendh2XIq59I5JF37M+rn6izwnuj0OrSHOnrx4VNLacB+DNwcXJTwF6fVCp5WfoIclvXXgD5bQwPAiNcduRQACIAJ6RQmeAmxrOjgDcNXfvMKHilUpISNlFeHOjhQMA+MiaVzNspXJLCod8B953YO\/H92LBu4hBpcVIl5YP489aYAYtVAU\/QpiEmGNr0vZKsef4Zb9RxDNgQgxIA=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1603816434641,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1603816434641,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02110{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":641678,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7VAAEAR9yjAqAGAhfLO9KXYAbsE7ImgzgoKCgoI+QsGqtFYjA8AAETSVUSb8KmUst+PHHzqT2SeL\/P07nKCp3USUYX2DxY7ve1fmgM+d6G2XMZ3HCv4lyQmqoBHOLElyJxOdKbHXGRlPb8Uw+yalWHgIS2xYoZgj5sMn8MqFHMsZqNCggoXKshRMixX78IzGLR2\/lKiD1A4mWU8YHeWKPR7TnPFWL0DkYoQdkBU3xXWNJeqWETA9YozB6efhg2cH2ogJnonWpHROpBEB6lu\/jcG\/MvvNGSQjaR7z3v7jq8Mw3XxsqjwZfgpi304y1BIMudGRSpwPxm1jggsFOOXDIKWUaaGiA8X1EtpSPbruNIaK\/L8nYCzR9\/1l92Fw0JngzKyN6xNFLLYtOKoV1Pwa0efysfY2dAAzQNo7LPVtGghy0jghB\/MURPiryuRJr7wLMN4\/xkziyibDmu9JuazbAVT5UQo01\/BC8SQIa5x6yjASIJd2bcftTT20FM1jxDiA3ArSF1FxI0DGP+Jup6uykp66yBe41NxzaF3JQhi3TYG05c9pWzR4rpiqKPbw8ISxSbEYLfqoBX7ZUxcl+Qs7EKjfeI5rSefpJ79UTAq2IOiRgmJMMPilU+j\/185uZ3gWFqXxY4lgvGRDb5sAaglqlZSnbVW0el8W0GPbw+\/aZQWJkNyosBG0ozqSDnxIVCgg0DqM7BVwbstGqm3b9mynQaPfUAvtCmsTRJuCzcgqkIiUtIZwgZHsP4Be4bN3A3Q2DeS1HWXmwRv5KaOe44h9q+4TtSXNmmmmTGGXWu2YAX7Lgvd0URyUOZt4f1KhTFK\/k8sK43+MB6mD4td8sjJsQiy0V30FZY3CtSNXK7u4R6vEWsgJPI55D4UDnEYK2uN8lk+fDHWtQbSlQqu0U4znKSeK2EAX9xBVuEJeh5HeX4+cNWyIRDmAoYsQmQgmHBoD6pedxp9SXnK9s\/7uoVpaKxNV9ZM\/iWMB\/uKFhDd1+o1EWWjwuWds0vy+ZbywiOwrY6ffiSgerdtWkuaQf7H9QdZ0UjwbnJvPjya7DyyPtvP8PWp\/N1D867R\/QvkR8ZIaOdSzOuUYBF\/bpCqsIrnKeR9VUtP9FyxkgG\/D6+0uEUl1c779cxCQck2S\/t2diwFSth\/DmYwuknya3f6okawJcF12dISBsiADyiScw4IixWhDn\/\/uIv78yc9e+mYJhjZyPxGXEyGiSruZ8bPrtfTna0\/r1NWY3ZypYWBjkDiSvD3Zfa1+eJsREXjUDRwmFnIeE1AgD9eHr4oXUc9yJ0M0cy1rxfrdBrPiv\/e9MTJXnRIvBev2VujEE1pdbaj\/uNoH8Iud1E4wh4YfsafTjdd+pK20QBXt1fVDPye\/nA\/auW82P\/6KerEyR8YFb1Q5decEBub3RIeRj1Zngb5dOSVgZS4YCk2C7bsuJFE8JSiO5eFBdWQrY9tTmedksZFAA6HhJPngNaUeVLzpnQktjQ5caPa6W7\/wHdT3eGdJpDXMcegGharvIfBkRc9tQPIVXwcqIbyrB3nyDdj71w60xBtjcgnuLW+j+IpTtj+MDyKaFGpdmJ95nu62ZA4gWFibO+sNt5rW4Ayr9RTU1vnb545kUJfXX39XayUfvMOvDTraKzQ3G7U4a0GC+KFmI9u9t3VltkEq5ickl9h+mNSdzqETNFgrEr943KdW+amAA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1603816434641,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1603816434641,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
02100{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":642398,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gBmesBNg6MCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9AQRbQQAAAABgAK6QBNgRMCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZg=="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02103{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":643533,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVf9AAEARrFLAqAGAR8opqcRxEVIE7K+PxgoKCgoIvbmHXcmpQ\/MAAETS3vbU8Sj6l2wQUfqZRc1xY7UZLfv8ZezreoQxaXMMFQplcHI2WGivL79HCn+gIsF8oZtTfotO31JT7vkJlhmOnm3lffZWDOZVO38TNr5VVART1r1V9c6QtCPl2rOLEXod3QmseC2zkUY1D5vxPNLpAyblFgLtoVLKMFRlexYKVyLMEaY69TsXwdxzuRMmPQ8UL6uRNnJiBB3upwv58iisAqq\/mRUYsFRLcP1OPYHQb5CZdE1Q\/A+91wfQFJGWqFUY9F+EFUVCV4bxdetx31E8OGGq+18vcHmg7G0LGgeINT+xkb92oyBcQkbST\/RWAy9hTbi4JTuezLjGIBdZzSMVzF4I6bcizx7siMmVUTnl3UmC\/rxQUcKk8XFu2YJs9y2Os4+WhVjMwJbIx\/bkcUSXo\/NnUnrT4jCwxD6nX7oTObYUuq8Cnz5uWFN6MRwb1OvukfRscRjrcumAQBklq8PagQJe6Oyy9xDjeo0pQi33fo\/c8Y2ccYq0oba\/ZjGmaTjWjw4fyRgR2xdNJWEfSX9rXqOdXmuGVEnT1hq2hHX+bWhy2QkCI7BHn0dcsep8lx89ym717WWE\/Xbpk0tFl\/pCnOGrBuniD5HFSZDdjSGLJoEXvoHbpOgi\/IJCVo50+AcmmA1BKQpFl8EapwyTEeKmc\/teOj7E7tI\/aOzLNeX8EUS3z24mYkZTFOR32Oujeu3clt1f1qtieJ4Tya9ptPHxYnje1QnGDP7dwz5gh676z5hDQGO4+4bo6ul6N0iIcXDo+Yt7zeunYaItRqPosZXZf2RDRVFhaPMyZpD37kbwM3I2xJNOsJXPxB4VObi0enWqgsSeRLY928BMaf67KliYniVAoxk2r104WSZUE7jxtTguYe4EME09Q5d6rrjnTfQPYIelchCLjz7IISF0G4QSth+iInqIg43sXwXNGEiA5n2ll+d4YEisZf5kJw7z7z4H8LHdJs0yPLtOkDemSyBDayKCguo3SC6thZsf4fL8MHcNaDnsBOQ3qsjckq3DPrhBaaQQ\/PnOQb0Pep8XXsjDPf1z6oYyQ5OmCTSiiICzO3jhCvp6VkuawZ63dTmMdwG07DNkuUzrCU1s3uXcU3hD432hU+A1bUo4tC\/eVs7\/Cg1UBIH4KQAD55x1zc1rsEiqb1C7faMv3OYy2TY2rHCzIrLKBxU59Q7kRtUbmutTo74p7kwrrlSTJCO1YNPtU6XBWtj7wzz81NndAWB6N0QAk8std4i2V6WuY2cGSRu66EYGTh\/8K91k4tTDBWpfGf4TNDSp5t5T0dGpvXA5zPG8DWjbXuVi7ELoqM51NEc8d7+IK2OCAdmYpX1PsoZL0Lbaw475Ho+KFWuruhhhwa7wzva4K3thZxpZy0eBP044yQ0lANRgJ3bThJg8RPAeJgPvuqFcX20la91uDGheq8GjpqmA35Zc3CODLtZQpRoUd6coXnW9stWjWC7LAp2e921jv6NfJLWpnOIL3\/YvqFROrdJzbLYKnKNfCTryzQPuJNK60hRlQe0ccZ844JLUpRAYdtGzZkFKHhFRXy6oBkYx1M3HW\/UE2PcwS\/IjPcNZbTy+fdv2atp2T3sGZ4LPZca6tbu49as0q5fcEgS\/u25\/J8syzbevr8VL71PTWp8v54ud1Q=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"71.202.41.169","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02103{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":643783,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gDhbcBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABwHYRUgTYy97JCgoKCgizoUNUPmNvHgAARL7kE1\/vTL\/NMlU9dFfohroNb3lFa0sajkl+NYJsmpdZxseLTol2hdZqlkF1hqB0ifjTUijhcAiX+sblrKEYN3cCa28xTnru44DNDzMC4mlv4HrZOqLLNO\/UlY1sQ8NKCbNtoSq21p7clWer16m4TAw7H\/F9E3AX\/MdNlxeqaKJvymPkTEmiXkH2WePQ14zEX\/OsIv\/9nKZprtTphxJOpWh9iC60eXUS92cRfpPE4t2QsqYFBWlVb+13SoAgtAjkrTvvSLYg\/D9UbwBgPzj7R4p4Cd+bbadGFWvc8wcjuV9E+a+X5gFeHhOOh92iUHSpTT\/SzNsRBUS9i7htX+D9DZZfG6yrrqJwDVKCG3skrDDAnAOEIj5wc9E6ktIWj727nJPaG4F\/yFeB9mvF4BGMSF2t1HX1v3Uf8fd+2\/CrVkIpM1QnAbm2kykvcJlPK0VaRsZgQsar09\/xE1coUXATF0tDX6QEFU7xe84fN1PUk1FXFUXQjOBwq0tYTTcPCN4qGKSXtiP22FkC3\/OV2TW+6RsyY4afHoIc55iP9uTyiDz8GgsOMMcDAt86zjUpsGFleM3dlpIjA5SRInS88gDuKFXQazWcKMDZGgZ5OzzGPWiaCCElrFoU6Z0C9Z3M3gT5NV2VJc1gEss3QWIiObA5nJk+9Egjbcm3dvzdusN6QEHoBwehHTuwg2LVAOrhrdwgJHwD24nAbkGvZS6207+R+dDWgjErFMPgJjQk90HJrSxW3PVzyhqFF8r1HhvahtRcrGLHjwGBKNWw\/mrkVazrYWToNHELFQGA97zWhxG8ZSHR+27fKaBvWg5SNzSWU2wqAon3FV4zTetTXEb9zkLHsi2S8+hrVzPvDpUzxu5LCvszrotwPRcXWgIMpfFuHdDkZxnUc45aPM4oNaKzuB\/0K41UWRnLrJN6\/+98eIMaltlc4V06CpAS5gYRWr9oVtc+QkkWRldnz37SdoLKl8j4QpdxDKnGiBhtH2t7EGBZvilk2\/E0n1dYaPhlbDUz8OHPLZKVRSX+2OC6kXAYMmbeaPeYmlTGxdw7MpypCb0e78htplM7XmCygTm7xO55EtSdHoQEqVVTNOIIkzaRk0or7ix1b+Ac9bulavsll9eLerk9aXIedIpmtLAhpid4yPMzOfK14JMJmXBfXb5Bmo\/4e2X5MhFs1h6MDiN0sF8lsZJljJ9S5QgvPFUHTbEgZwtOqgzvOm6MsHiV4dCQU3zeds93rktywyH+Qpw1nOVbV0RHa72zd0Io5tIKuEbGJ4DvYBtvaNEL2GzNcfpg1SNHmTLW9FsceE8YJg9q1N4VFcd0DPFy5W443yNter3ub6Z+8DDshzGfLalC9+Gxtga2a8QCpuk8EpMk+hYjiHRQMcz0FVALld4YdzH4Q7aHFNufiFtsQORs2elcXiDr+suYZd\/KbghskPHXcWBEvZ87I+FVy0zTnkd6sN9nVlJxmggfsaoPYeNUdCjf4aj8XSdzugsx\/gjaDcmur3C2vSPf7TTH0vuXm+WJUiYbW8mepVZGo\/Ab4kEw9z6H9LiIvVjV2bJog+FgNpi+bCuPZrXaL1QVg16ASOkMyJEOBJ\/ApwZq1c+0SVVETGYjpibsmHYU2g=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1603816434648,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1603816434643,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h3.stammw.eu","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1603816434648,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":648476,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVWdAAEARtqvAqAGAEr1U9YhXAbsE7B\/jxQoKCgoI8ujrluq3MPgAAETSSw3nndZy2B\/JR\/aFheBm1Am1dhHdGKFX4rQi398jOJ+Jn+ueiHb2+ayhrixzGiiTN9ufhk4Lx76CWjuYMe1esceEF2U0qEsZzm5HKOUSMwSJ5RaG7eBb\/NGtId7Q6oJPV32C4GXJOjD2zUmbaepzk+oaGFaN7rBeaveWtYLwkm3MCtZ9ixGvt1GVcZjsd3UxnGM0OVZjCX0r80DcWyuTZ+venG\/PF8dpMDihqsZpbR3kCGTkK2uMnVKt5rsbq8Q3DZ4G5gYRlETl0tKNNk\/HmutyUjflzkkuvzr4zZfbMn0fPfDD0j7mcNxEYvvd0jng9gG7f2g5c2cWdEOeL32TJuGaUD4LxEgTmtQ74vLlqJ2jtPbB5cHftJfgjUFjPeNm\/TPJhWl+3\/2FaFh7UtvKIQZYWOKggBRpbC9DfYZGBlcBdT4cVCcoYVYvdnofibyJj7qvtk9aBhQ8X8haBJHnwUiu9Fh6LP38l6DOudy0wo3ZglGsYmVQyJ13TOTkHezaV+ftjH2Ic2\/kdq8i3gBc5XmSKkmTiDbR3CJC6bVKLX4YKbycr7PwvmeAgaIww6YUv5UVh+vhnxqslyCYJ54KMPJqDqUt8WhJ8Cyji43HCRRNG5kipptq8jUrAU8gnwzNfotH5yFDF+SAJ3QrzY\/5UXiv\/luWN+jwEASOuxa49aAiqVUa6A2J9z+IULgzW9aUufnh8e6ojNPCROl0NOCqRnl5cZCiCryKj\/+UTBEx39zm8tG1rMtKw8QCLVg0thBdHS0CguNqIcZrFjoob99Ht9nweYVHyIifEGHrneZFx6IaFg2N2+vqZttN1BPnlJwB5SkjsSGnctAq0WWDJg53X0egLh7DxbpeFvo\/PmlH\/qw8mjFt+NYPN0Ckt589t68fWjAbTRqz6xR6iPzgtt26G5g9GSc+owtcPOoKDSY+FtfvQEy2FDAKor8oRuyToRIFoS3GHrsVAzOLHHMrzcmpnrq0hajchpZRX9\/japhKPdmJTqsBb+ql5oZkXtBdENW3VUtixBzrUWiVbOkyqYBTjYwbASaX1s4B0v9Dw3fdaQktg0huYIDe3RIztuWGLVXFqL3kiPstObyRA8wmGdfn5WqodpZ8U9Vfz6QFfvCBcYE1\/TFuOxsVuCGHj1fKdzqDxFgpT\/6zI3IgHHNl0RstA3RkolWL6H0I5f1KqOUjo7bKGh\/fgABUsvMtkL2jljWloerb\/OyZ8cMJbX4NbVoNGdWP6RjJXhmtbLlmGjr\/nG9lw0JPerfXWXztQQ84uR0ZUAsCJbt6PCEcektnL94QlE49op9jLT5v5WzhOshdDsHI9kPLgiBlXhxtuB\/4fh64dFKwIV\/bkeadS+6vx09Jc7DjJDplds16bxuhHniXD1+VLQYqMNvLfkmfXTcvt+DCDI5+MtT64WEYlvBN\/oRfvKNXOlpG0nbSIxax56Y8i7ywQwgVXRD\/tgIY5hSIvokl8C2Vtnw0ocpu1kRHmBam5VO2gvUlslhf1v2Z1lhZ3ZHKYC+go+hJTIN8eMiQlcB94ueuvx1ZXgPZAWpEgcGBa59R7aGipRkAIOU7VFYiFm+JgHn0wlJi1ePUMn2SyyfRo+5s5CeNkA7rfixGxD37LoDcJtDM1uCusOgWzzaoPX\/WMg=="}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1603816434648,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1603816434648,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00486{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":650048,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5ht1gDoRdACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVHuNwArYcCQAAAAAAAIF6TDw+yG4BdFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
-00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1603816434652,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1603816434652,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02104{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":652977,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVD8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWsxwRUQTYTRjACgoKCgjaL32MZj\/FsgAARL5kzfCcIzgmsxjP0G4DqL4uwGMN6uFXlzXIqULUmbWkTZimqkIWYk5J+U1Tm2aqd1MjW9rzMqELFmlAhlXckjXGsH+Agbi5yNw7OuSd0A2jkDOUIsWCSOJHKlMr0ObsMh5yal2tl2VuEVfSE0qsFV7WLAeEJZABZmjJDxwfk918siEfP+aSaQvEgBBkJ84hGcxa0pyg3zr9AdvoDzmITNfcVD\/SbxorVKGQTTyoV2KjJ4ODNMmCAzaGCyDD6BHN+TqaVnIG75iUky\/i00OWO2itqTOK5MK0gg\/F4dmZXxYm544SXt3mEIMn\/KiT58TB8AnvvoMM+zDcLjD2voYO7w6nQ7vjIZtfT9m3XWOP8J9F0bvPBS9+vGZTprqiR2e6PBnSg0KmchSjlKU1RP+jKuqXA5YZOjOGqV6O\/fewKbV40io0i1J+NIHqJBZhd5bjjAjtEL0\/jGHCJT8+kHWQVRnVxvJTULFHfSoFaOv0\/FAPPgQmAsV\/e7ePRse7PiP7AO9qzUpNTBIaRi7R7yEx60bIoFeYOSNhxPoca1fCTIiqpbf\/Lysq6HvKKUzNT0W7O4lfkb\/ZC1VhUlt7Od+qJCiRwXxU9D\/42IwUin8sjlUvg+KRX5ulSQOPGOYufZ92sil2AWQyHIIFULLz407V9+RW+9E6Q7FjwFkZOFtY3aV1T\/8FTKaaOHGLazcJjKUaGZC8AA2F6I9PGcFFC9RAXizVtqzUQ+iviDhJ+goUzdUB1agAa\/MIn7DGkbkQVOtD+1M6CKkE7hHdmiQ9n16NW3fCjz4YqlEqNM80RgogewW7AOxtVLzwj56n0cG2wRWB+HawQfkQIDtIJqSHPWB9OkV6tfXkJfbT2wlbh\/rfKSskLrk1sbYzY1PIDNmPjLRCZBVWmCYLPffYkG+b4MwNHB\/vAIrvElJ1puJF7jpzzegk3uRCXIKeAvnSIueoT+dVtLnf0DjT1SjmwFUtovRpxxTHtgK78PEBaNK+CFnXBiyxXF88QJhaPeav6oIj92LBjRUaBtpFYrGT7ukwX0CZJH6ss8DKRBYG8o1LXxAiSMdCM85xU\/D1l5JAQtiGzlNDH3qXy62dPdPRzmBTdsEvCTu1SJ4aTQ5HqZkZ8mdXkv1vSCrhXtjNjyM9ISkMXQl7Fv4snypY5dWEXtwWFf\/DXWrXLzy8bkZnUz7iRb5Ma6ol5Xky3YnWYit6Oy8bYeuXHVcQl7yxHmQFX9vlhcsmh3du6Au3WEc7fVr5+pChwI9eXXokYUBC373Pa\/y2+Tfslyg9\/dYBdfu3HiD4BKHBgCptEzxjJJoRocgeQEgIyTxnLazyy7tsTNsUIYjWNFhWoL2xJFntqowob7P44+WFAm6ZkZovEYYNmSKqBxSG9wAPXekCbXtH\/b+TOIK9+1XfTT1IrbkxQYHWASoekr6WZeU4jYlWrrn8X8ujjTBW3jswDbT7J2Z+rUudTp2RtVzFLtpsMRieCSQBEact92jCCupbg43ThfRz5r1sA\/97BYUtprJqYvONm9iufuMRRuGLpd5h9EBpE9lEEKcLT0QIsIjALGWNfhWnZdIJLXqAQgypProR3AsmTwuLfn7lEfngyfzJ6wUdezbTEtlDAdR3wg=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1603816434652,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1603816434656,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1603816434652,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1603816434656,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":656025,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgNAAEARiNrAqAGAhfLO9LMfEVIE7Eh3wgoKCgoIJ05Q063kdsUAAETSbLaK1YIdjfFKFulEh8Y2sf\/rINJYpnSz+n\/2QdD9ZhLptcSvy2R2VY8k3My6fIvL6mAk+uMpn4smDS1KptYa2flod7AFdpBN3VvGtMn8LYTKEkOwUsRO7TdqEPawLRWOABxPUqjQjdCeFgLJNdZk5RA07LTgVWI2Yu12LDx4casOusyaOV0FFb2psXZWvD\/rRGJTjSUwimMA87gUlPjAdz\/gfYKA8J81JCdeNyPB5kQpQZK9Ag3U\/SNi8mmglOJkOcsW2kP9tVz80xUx+vHEMYcRJEAektIaWVqW\/qsi2o67TUfHR2EXa8XSNf6EPfTjaOmRYh3mFcNDcJgd2kz2KAnh3V0gkKSqu2uEJA5\/mg\/TnJn0\/l1UAulF72+p5R9Pa32JoZ5rRGN1BakDzPrffOR0TvFE3y\/+FghM6Dz\/8uzCybhNc7sfFp+p4ZUoUBdN3i5d0NPyFY2gHyQomOn9rjU73nYYIseeZ+nhRO7YbCjkbUB\/yYwkJmFOh0TvqwzYznQgk7lfr\/md+bsxGFCUVM4aVxtYqCyilzNHjx2\/0uQ9PwLviLCGbf\/DMQiUcVNp3cYBqz7DJUy+OlRTk8hlbBxWecwj0pbXbnMQduOagYXqgiomaGUVKDGlda0JCfvvNO757eKuRy0mLdjIpqHD1NEufFqbaSMZUn9grkimQ69ppIErnAUuDQMJRIyzqNcJHugVGEq5oP7QdlfZ7lr3jOBT7HkZcNEd8AV47qJgoKU5q4NGc0J71Pw2YVYd1scb3A1vWRIVsIkczT7yuDAKiAClVSuNQLnIvJw4l6s7CUlk6S8uK69+4Ltr75BolBxMCVoHkM5b\/orqVfR0OqNi+hCYxsYJghq7xN9bXvYCpq2kqvymjFiL1hosZ8LqBqlbZ+KRpjwV61KCcoVqNasJru7kBOCt\/mWTssvQAORaUq8Mlwn9y2PykyJGeVKaSASOiRacPdV4HuhCOQcDfRB9yNMfMAnpvVeDH6VS7MdAdMQe93Qrtp1QeP8VO2rTCCN91AOit2V+QXCvc+BbYXTvvH3JkKThYqcH8rRbxqdDTPq\/wWim7\/0lqkWBCggizFSqTrUIDXVpjQPuUhy\/WRzxkYSIc7u5fZ6sIq5eN5m9fXx2vD43Yq+l1Ghb4xvwIneJ5NUn2eFk1R6ttVwWQjusN7oyMgG5gj6hjohBbMiM6VLvBdJqqabe+fqfPuIkbGqi\/pSgVmd7J7gTSQs7\/paaiImg8sm4Mq97uvoFIBYp8yYjmKJB82W7bOZiqV49vTn0RrZTlVVPlHFQX2WpjZTpwwz0jIKKplJsVkyi1FG+BOFx+GyxlIihWz4PLKtSgOENeMXtz0\/b7SoSYOWhsCG2\/\/f948c1r4PeUvRu7XqduuojNmHxpahHKwAwVmNhkRHsAbP5zW9qP6XfWnsVWmx0bN7aP5npP3hrOKyfrsV\/5FkNliWd9jR5UNuOo4OtgXCghNfW4LyOPBq4jsogY2TorxYEYK\/ICauhkE1t2zAYwcvA9jNm0x1R4D\/Sm+97z\/rPAGHRZcrG9A3EB6U09uwydYieU6kZpUiZJOYWACk9HUxtfhKSNARDjWcNCzM7bpArmDYB3hnejZrmrPbFxj58+oKmg6IVgKVFjNIQGjV1OHopPg=="}
-00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1603816434656,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1603816434656,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"h2o.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02114{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":657595,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCNHwBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYQzDKCgoKCgjBjvWe+MPFRAAARL4g348kA8mQBcAOi\/Ea5lVgGbx\/7eo9z03nW8pQoHBEiVFxap\/J7yF0T4ETOiXRrEVFzfKu4cp9\/aIHD8VuqdmnRI7ZUzH6nHP6t6XgWjPLu9gwncGiNpy\/62Nk4XPzeji4OQEhiV2wvPwilhPjz1Iw8tA6gxIE\/FJ4VwrM+jhjDDGeJX9BSVBF51kNOZwIfVwErkoa\/qCvtHlDAlGsd67naWgwRHPQ1nkSJwo+9sQMQloIehnYy66qr7McaNefwAbFS5vujjFD0bYEmGDHKA\/F\/y+3qGlJupB5YPSp8wB7Am1v5JD+D\/bG5B5luaL\/5MF\/tQnBG2dxtea8LZG5G\/eV6LyP9L4ooo4IJyvTlEaQ\/ZOeKwlHxchtWnc9B1fL75AWTflk927t027mF4gEUpMwkx4RQMESzJeKbiKyR6Kju8+GylIujiTUOWwe8Pt6FKBiAZLgvlK4YR6upjyxAj1yifEMXI9ck\/VO\/Ck0PU3TrRtvDl\/wfNsVtESwzsMNhYfkwDEb9HKwo5a2\/kMDB2oZkX2VNVeOAH0n3s8tB9WLVe8oKkFTUmog+0QRsMIpnLCWQ75LQKoJv6O1XJQVMkvkriwokuRy8CCP4EpIlVSvXuFArfX\/fbTPCluQ1NH50zOP6ysMQboAYq5P1UCN4zcLGWZaVbF9oa1jAJ6PadCu1EtWpxyNeTUpAe5jtCvh1Ek99dEg6bQ+j6gvn\/Yz8AhHWVisS\/4VPgx2sHYS2FDc4ug9W6gsAFExY3uSitd7XjxK\/bL1oNU+b0jZOhnX4xE5mnhbxzHNAKXSXB2aWDY3+BQWmASrCC3UyA8\/hE91TFVnfAmnegiopiURKjvi8DWlsXJi98UivPepk1KIUkyuwYljhDbFg+Ju8PdCQIp1RdqDT1rPQsla4QcsyF\/NLkn03\/oiCiTPViBgeLpx5IDNsz\/E5PKe7HtjsCqTGdF3JcVQGRMcs6XuK6eeXR39paD1+Ap5R7y4jtTYGF3ERVJnfLPi0OImMpLV78BBWUIiuk57yx\/ByVw1Vi231q0R5hJu+2UkRPleoRsn22QwOy5Wyt6YCa9Njzu+jmkM5SaTLiDskQIXBb6CNyIxDTqisRatDtzI4tGgpDJJrJLyZRRjwm4IUGl4MEcnCWz9P+nJkKiW91BFFECvItcE6tRgENAP6B07ROBWB4xJBDVhnX0WgQS8bETOrbEby5WFiD92Zha2iJfBanxLrhkMlyxfJQvY++OklEMvIXt3v8l2q3dZWFOn4kyWKCN09iij0w0AEDsYLWJZuX4Wd4BeQXUc0TQSuDLkBeoncn1cOIA9nbBX5JYvyr8xLwXYv1YbXFHRI\/Z6kEVdG+BSe850euHBVqJOat4IdCKJnu6NuFXRzdJnMp9gCv2PvmYfbsW9v5iJpCEm0G5joiY+1mWnVbfZAO5JyrBGv3ibTwQYFw\/SIY85UIif3wl0VVblUQH81ysGAOBc9Qkl\/ZLs9Nmdqg326DSTscTecRmY2x8\/F6T2e\/IU6BMaPO19yi\/FICyG9IeO7SjydAWQ627DK5c9b4kcDrf56O+pK9aBvIiTOBgdfw7wCNgDwIOMnK6gKccj4qLA25Wlz7z4n6yBivDMYJeK5g=="}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1603816434659,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1603816434659,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":659010,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gA8OgBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmtREBuwTYsN\/CCgoKCgj6DPHJWWs8sAAARL55hiYulShwyIvWIzeLs9lbgr6rmw2K6C37PVfcJZDvZCsi+yJ6TesBrbkUmHPBfXK2VSsq+4q1cI5h2aHxdCKt9ff4StlBulmgH+Bx3V5qJpzO+chyDdznTZrYqtjC6v8ZBmqg6a0NWZctg5sOGc0dmWqWQt\/s1k80Opf4xkQymFAPA9Pl4JS9+iEpGVBaepowwgfscg0eVp\/g4KhRhi2KxzLJD4JVToYgB90k\/XMf5w3IY1+ur6LCGNOvp5CgM1wSVcjlTXRfF2sQ8Nt5yAOXsMdlE2VREtX+yKxHSfWv2qqrbcbq6RVZYdc+ds1nkWyZ\/6jdHbCssoBrfhArvTqJ3nXGeMUG+bKJ8FrC+4G2Lxo3r7Ru71nKnVeUZu9UYw31AJEBbUWJ15R3KR8bSsgXVEA1WA99CJtgXyQXqZETvNqqmNWotKljKjV7OgVyrLmK286tZpqcji\/W3bv\/Ubygl\/yKnAKUAdc0UtIijMu1BloVA+m4PWftVJgbHf3aNTI+rX\/vVy3nXb0QxfA9y88X4009Gs60l0v0MkyueqKT84n5UNIPGZG6kKOK4w37tFYHam4lcYFhUTipTGlChqgi7Rf4rTS7tAG+8PbEvTqHal3HPtJlWvTM+HbREgYOOX+JhiQqeFaskCeQtAFZK2PQl21O\/xEnuuZnwPjd1JkjtwZsem8bzkoeN4610EXK0Ys8ust+NXwAs0bP\/var5LJYH9Np4yVLvPxPvG8XuijcEgZh9Ws\/PfZ9C625UJ6lCdqn5BKdsrwhiY3rVJi0Gb3BXOKIhsyD2r8TfRwv9Zq4BaDAYzj42tlUE3f\/S15wR2pPt+JBRpoPkMMI+gDAQhJn8p8DcnyFkIppSWC9eOywndfHU5\/yUdNXRQwe9qMMJPyoMAFljWxrTTkdBf9XHdyCG0LJ82SE2TMNyUEKoTvtO+s6V45sw4+vLlhHFWzUFy2TDAYLwJNFtU2MgtRT5uCj687n1bMGAYODqCavE72METWdUVuP7KQCk+xmcSAjbR9cQdf0Ld5yf6144baG7pSmrNRAZds9af9ka\/SYB65ZE7zkDGunpr82jyDWS2FNTrKtaVTKmR3FhTiIDLlKPp8T3xukB7\/896wGVPowkyKdVGwn1U7d4smdlgzTqpu88QlyVTsqovLhf+Cl3l01W8nhlUKi7h\/7LgxdSIr\/1gHh5vnSqEyBwm2o1SGij1+TJ05CbhlsZnpgh9DpccxP1I\/Cy1W\/csGNz5P7WukiqEENPTqn7PXD\/3lj2VFKnZ10TEaU4eoOK5Egn7iJWSlbXxC1+uwb2ktJYlIcBWdWgcsSv\/EVRcpOxuacQcBKDfkoJTamdzkoxAEalFWSJMb9d\/CRNa9R8Rgar09wnJqe04d9jL9dUW6cDWYyJSw+MWOP260ZOljLVpA2a1QumvmmIyr8a7jSho4tML+Kc5q0tio8WmChgQRA3uSkUpNwnyEx9DCg96kTZlDeJwu7RwrkaoKlX0GjuohysCaFrtrDI24bZNO8w24oU9Fm+r6MEXXwEQxB0LwQxQFPxdBr0HMioBlCcF10uOji69LTOSZkYvb9+AYrA2jB9gSAJO3UPpzSFaCEJqf9FZw\/TgbQTNNBsw=="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1603816434659,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1603816434661,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1603816434659,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1603816434661,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02110{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":661281,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqp9AAEAR4XjAqAGAKHC\/PNIfEVIE7KqIyQoKCgoIcBuNCNTaAX0AAETSsdkQHvJcN7bcF1ORvnbsKUKjlPXY0qQr5k5uOcDOcZrEKpvgL9RbsKleW8ZMaZNBIcnwq2KO7Ra5INHkVKJRC0TkUHMwFXdKdeaESLl2Sccd706kHiSPpX2Lbm+12fv10onPbU6DngslVSwo5iC2jlneokoStHZ4sxg1C5Je9i6sU3G77ZkPXvlXk0NdQQdexNFkb5jV\/JGW0vFPxDe\/qF9kedjCbIxx+p372PhnBv7iEwZ5Yhty+\/qNKY4yyyzUUwAkAmsK2pn5dzcchowy2PxUUm7hjeS7h+ta9tYiPjGP4k1V5zZKY7Q1iEzKbQmeKLLMluT7Ze6EQ\/94FkLhmXXWckZ88YK2QIDTY12s2\/+YoUrmy0fuxliVJc4e7t5KZxll\/xsK3NXnecJzT\/C9JRu8GZI0MGntc6sD+SVMUDoRX5MmL6JI3Lgrth1lbQy1hnltXa2ICmJpXg4UGGlDL1Pjydtfs82r+A5HZhHO8I+yeL60lJGO\/pmXurcvVllxGtQGjKy0Qx8L\/+0\/h97ODK4A9BOM8c5uVRJZi+ae5YWCQBxdqswC\/na2\/hdsvvl7+jK\/hb5lcLu18N2HToRBmI2OttnAnni74F8psk6eNPlA1WXh4QFnhdp7k1TRWG82dah5Np6uhn0FWu8spp+GpOz1PstbpUlg7HUDKDRocRvdo+XzWoapXRLt2rZBMpFM5+qBvFVKX6Ap5vpKqXx1vyTZc7a1PZSOkBPGsuBfMn\/e6CFzZ\/7SKPFuN1FEHhp6qVSfqkNu+E65oEYHbyp1GfsjmuOEnOWm9QuYUWXPMO\/ZpslsQLq28PkTI45zSR3jBaqY+U4cAU8hHI7Y40pZi0OVHAUG3Cp6mgeeNysES80m0WoJn1e6vRigeA1nc\/I4X7I+sPdNk2rBF6nEfBWEHw7MllB3iWKvvfivqsRWGfnLPVIWWdgqIoeFXHZ0RtFAK+dhBCktFzDp\/q6hAfIktX3z+sj5E4pGLpkcvClK3JUCXIBwpBXNz\/Kc9u134cEFWcWfbtjt65orTzu8PxGQYP+2jYE6lnk\/tcEolSkAelGkBK\/fE95QONEIEfiGb2tudRlXWTXRf\/FFFuldF0FdSJr50n\/Ih08O2ebAjk8ljjBC4Vr56KppkjdyyoUri8YzcV36sbFJqSwNQqsETWwcWH3GRqKMaQ+n+GVJUfR2mVE\/e4E852F32tsINiUu9KMW+toNgqOQfW3axNf6JaPFYtyy7MrNLsqhd2DTcip3+w6pKInaMiPiiKc8Fs2riJwto+W7a3bpQaoELeNUhEukCZCq\/FzN9PqVxk6EFWsqUSSSGklINGSbIS8sc+UAhevcQz0048wkjFBmEZFqu5A\/ObrRfWUEjpP8hKYzq9fOtRsoabYuH0GT29NVVZ6mp6+ZCCS2cAvfDT18d5ydh7ws+klcqRStiKM5PnIuDiY9ahp4jcvj\/XCvOWH28khmORKIgTIM5tVtnApY5TcVPqz7Uqmg2PcjSYyRBrJch\/eSfjOrA\/cCMqhxLApIy5m9eIL4iY+YzrKwVPTBJ1t2v4mujsR71BWWVXgie2CQjixGfOz6PTiXloHY0ohyCpxw0Cg0ysy1PcwnMPh+3oGN+0IKbU7LLyLHzUsIyN44wigmXzAl6Q=="}
-00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1603816434661,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1603816434664,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1603816434661,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"f5quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1603816434664,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02113{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":664905,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA4mFAAEARxULAqAGAwb4KYuh7EVIE7MZSwQoKCgoIhDOd38iF14kAAETS+DrcKxcR6weCAMpXP0WCjIu9ZBcpWi0OIwLjGToed\/giv9qrtDo9ivnhToDBOwIFut7lx8oGofCTHgF7Bu0VwbCafc3NxbT0fVzbuULC9eYaVRWQHPCUD3HNkinLSEKLzkqEotl3g646wEpRi\/ugoezcuEqO2y6FIB5R6lgny7Nkkc+zMDGl\/vVsq9D4yR\/HW1d+8htwfQLJRpA9hzqrxRXBKybzFVVjhg+KSz67S75CNguDyG4FD4d5JXshyl\/M4INjh32wAMrYFGa8t+2d68fOM2TsdLASGnjmnLNA7\/Pf8UMA6n7BdmW2IJneYpplOs2JDLXzJklKXNuJdllZWQX88VAVkIZdlhRUIxXv\/f7UmxqAgBcsb65UxpALzeD9UOYFX7eXnFX3CBNctLx4OV4vy5qTojgYXWndnvZWDyo9r1nMBp8D6VlFL3WOfCfGoqwqeHusn5C43hBSHrku\/bXz9iJXIhkW2exazvoHN691IPr0B73C3NnmhicLFxNH7FU7WO\/4IL+6sD9DZXTIjSg6oTpPZcbUD6nL7y5Da7hPow3PhI\/sdvRXmbzab8jO1EGiZZHwGfa4q6m9yRM\/TXA5uhhLvU2EfXT91420relOj408ZVI6EUSGceNLMighOPfPAfp0WOhbMCbd98H61M55hJNktUMuazO1d0gcsWhNN7ihq3R6vEE9ycG3wWK4AZXs7o9pNpiOjFyi\/1mC6Ku8u1sBA1oNJJOJnGURm0YtMoufHAuKV2LJVu2OeQAP\/A2\/w5vSvzrQLOGEBdMHP3rIjZlGA4ez8O3T8wl88X4DTz9tphYgqFCKVqs8At9jd7jId653CvC+xEYdEiNG9bQtgVNzXeRz5DgAY\/Rramv\/s0Mz9eqNUZ5kDg4J0SUVs70edYwUxeTQM\/DGMsrfTyMpxJinyaJ+lIbkswjz4fLDe6hTAtCperVOSIVU7PFEEJNopz\/TdPDhB\/\/OU+mjuGnm9dVJqiOBsKq6hwakuMJMeEbqZ4oR6\/2tTEOQMV7c3m8hAgBlfCT+et0oHj0In1XsO41lgeBhcmsxfgpL0+MgrRWpX3hNlmOw2YFL7IPahaVoqqwt+hlD2GAaUYWeZHKQIID8JZod24qH7\/lYJ76jofC+JdWXEJ7R4KLVHjma\/RdasqECMSrg4m7keaHTZDKrBR35ahliIHV+sND3+6E5IN\/2QdoUlOi4\/UYlyycPYl2QrEjCc4E8TPnrA7HhR8cbOqvr2NJUiO3vmvNIk9u905r1d+yKr0KSvjEMW4aoGs1cnkqp7BFwfwUFTFXE57dIo29rq+a60tDyag9gqUpuo7QsXjOi2fVAkTyRGrjCd9eSs5MDoGygOvvn\/yw4ZAA3XpTxroAMLQ9Sj\/92T0qxoDCFA5OG7E8A7GbyiO5B2nEiMAOZpw+5PZXL4BrU03Z37oc83D+zHRg9XCBGkB3eyfyP2\/ya8kSOgnWI5DRzDtrL+axTWaV4naIX3w78wYegwyfuMaorTISN4Ye+UzmrsF4ld5d7Pp68ZmvyPCebtO\/KSElf\/sucwWTuBzbcyui8aFCG0Vq9OlG0\/qaPlP1qL9A8E8F37BOHLRzvh\/sbn8ks0BPPWFNRGNxMVhkFaWjx9NYOtOhnexATQq7v4e\/jeA=="}
-00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1603816434664,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1603816434664,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quicker.edm.uhasselt.be","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":670390,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gANDQBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdwnwRUgTYPWHACgoKCggiwZ0u09kvJQAARL77XjijFoQtvpL+zAbPeN0VMZAH77o2Zf3Z\/VxyA9MhcBb1aoo2HyDxw4AGg1rpwYEvZC1KOFbHEvRCy\/7Qr78EUwCK7jfp3PwwAQqSqWeygMwdmPiD9xsvVeM\/Lg3sKV5Yt9sS6nVuVMVaAANebK6ODqzmbz6o3JQ8SCforD0NMCEzwS4zB3SuPu96Zlh707dBA4O8O9hnahrfzpYrma3GTkWvQNZm+MZwybX+ZiPVsaHNWO4eC2QTnSZ5AQr9jvuvVHtv4xtMgtNapGHmqllBavgaXk+UI6hfTQM2FE1B5tGaz6wpXpW9q4R\/XybVurW6TyGaQAE6Rv1VcNFUQkd3osuzBpTRgRd9uQPLk9nYNE1PNSuiR91fTDaJoLkRppS+gpYwkOZenhVm6gOiHF4bfs5ERt4YlwEn2Dp0u5C5nrVVxtfjnYJ5IwT7hUHyh6h9suifUimgbbxzIaysmGlD4k2fx9pmDLHsUHTce4UJVqFY73JtMr6k+yW4T+WXDKoYMXAeEnYYUrI05RCVc4XXpAwD9xw2VGUTFNaUBIeHo7WcMaqEEgdPOnluAhzJsgCW+N8o0F4I+kCQseYCSboaFjLBLNq0zPRus1FaJ\/zpb0BAxHAiXlVn\/igRt26xRMAbTnTk5GPW7C6QEex76kpaaQ7HDdZHqKpOAkSMflF7jIP40HYHAQatrIYPmDQgSWfN880GBmzH9sYEwnjgxWDiL0+toa5E6wd7EQeR8y5+\/Dc5Uzh6tsLpKuR7N9HU++dqYI\/gOtoO809QFWpju+r6P3XwUeBL1ZT0bLR4yPGw3dekRK+qnie3Kqo5b7bYJauiDOWg\/Y4N7gkZK+lB7oklk5ykDxrBCjJgZkBXy3ps5MBGX6YeIhFLnieceXGOD5JF1MA85KdmciDwctd24umJ8IcaHVflsn7+7ZNAlehJDPmcAPO2TlEPY4\/yHOBUFJG7kAZebLJ+uJFdZdWkSaRi1YFo0sxbTkoNNpO6Hu+zAAN0IAy5sYg\/mLzAclK2KdqEZerl\/B5NatrR\/cF5OTxG9p02zemz7BknqKEgbaBN+IFnswhrUXlOTz5kf7R\/m8wKuhLc\/igh6Ij3ng6sR8vbemM2AfCHREP8MbsPro6xc5aF3dAmmWkn13MUXrpl0LTzZdwzZdq7FodGh9dDjxRcZYM1N8++Se9XsHKEp6uPV\/JaA3s2p5q4ZevQE2LX20v4OvqdVF0MMSV+4OZz6eMTL82DKbZc3CST1ORXADs6BAjz6it9rKE2XOBrS5gDnpCiRLCFudHLSBlymJbI0g2CwumFP5vBO4Zn9qFD7JxrpYjBkMOpt21xD\/BtOBNga1EAbpK91wtD+ubtYSnpbhN0OrJGtHIFjpiwh6Xlp1yrbCWvXV5CMDi7VuMCY6X2f\/duWafjiHD8aUvnVKBJpAoeqDFPimiegbb28SnwJ5uYauvYPhvY3ErcbIeR0f\/m1a1DdBjB1WQmp0Fu4clnTkNaqlT5MCeG\/48z1ijZB7ZQmAcaHRGOM2gO6JTlbbBnQAYR\/DVuXyM\/B5q+uHxWP5bTLYV9915QZrJqVKV0Gf0oQ8wUAFGHwVAmWeVHB64hlXfKeooZTyi+7AZWKi3\/lA=="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02102{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":670583,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBxOBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYLLrDCgoKCgiO5tu+VRPaUgAARL67x5+yoY3pY0MJItv\/fgrN1Aqjc+LGtbVLhqvz564YTYsK8b+1F2va9jRV8nEV+5OOHqmqaHlOCYYabeXxngu7jBV+i2zDD5mXOeNwP0vYEvtnoouvzEl7eLb5EE0+MuDiJt84m7jpfeD9j3nru+ZcUw2gN2lqFsUahOHFHxiiMRzquZrGDqevIu7WfSfXXUaDgMbSDA6CvWRjCP72DFgLsQ\/11QQP633nQ0SLKipyJqDr4JvqJmirsRRFK4Y2O1d4rwaWvjBQJbZEvrKGBhUisRe4vJCgt83q62hhhVwI+BmOHGZwcH1NeIw9OfXzIkzF9MfEbO7hX8+HXuUKtpvyJorRIV9+dNth0bRPExaC9oZ6eQgb4KnoyGQunWwMuV7XDIWVGPpUovXJ6L3rc7vDqV0O33okP\/XwzTuMfNCRModoaAMilI37jOSGD70L7Ukxtnkod00xzN\/rRqaOySSScNetQaqN\/b8SumEm0AclR2UEqVCZ\/oFDQW3dlFzOPiolM3TYJHmvPtQ07FoMBnxweA07DzM\/nlIehmUnkDIdfazZlo2WaXyT4kUCXiWSLkyBIKG6OPjGqxQRCjx7pyzScO\/zoIapRT5uA7FxkYfHjnUDRA4N+uhKsfgAHpDGOcVNfY46rti9HRBS+MLjtON8leaOxJHim+wQ0EeQlwbDu7H0Zej1LnLoFqMDWvyz+oUpsvxNgc\/S6MeDK9+JJrebwrhDc+tkmOK548PY4XvYXrqaTGIAivVpHbXZ3zU4Se3IsLa2rpf9EZv0u9D4VcFJRqv2B5CpAl42JhgNb9SlY4QjX\/zYb6IVVivP8oR+boam1SbalhEukEzoSf5vlgVVBVsupKLEgg8QJ4aPvxMTspsMlgkwzLYOK4L5ecOdzbax+0i5aGOmAs30VE0cR4zt2Dxp0GDF2dDg\/9qdw\/BFFFjufPPrjL58CEC5anG+0PnjLNiz99f9A5oIivUVqwWvAEBh3kOUatfc99UXPxAS5VMTgfEOgcxECNa+3dG45igyiOYw0SklHmGfzdommYyu2F0JXKQZKPR4P7uTdH4l9rTKALyu5hrveJCLxlBPzHhp5XxWlFHpXE7yqKl6JoqWNO9m4KnOkD1SiE0BK4iBcHTagyf\/j7KuNtCJQUEjQ59\/x7ZF1iPKFPPyQ+DFZfS4ZMMJAdRuce7PfZ2jZfkuletLSo94qexc6EAps2f0\/fcQwBTkA1Pa7cpknrlPE6nDQwDmYjfxjl2FPTHYb04B\/4LG+OuYH1R8tH+E5cKey0fYaMhnlyRtm7l4zhxXh88eVjpaZDsIoW7JAZhBUfEztlZ0AOc8r\/vP+qFhB8f0D7eEfpR8bO8\/EgtwQtTbuBaw0z2uWUEDIaafMNhsQ1f4mmfFO2liKZH6G6GRfv99KKrH35jUxqsjJeBwQM\/EJ113jCKlIApAONDGVtmrUbUM7eAMD4vuRho9kE\/w49GkWM1RjqkESV8QnS5lO0lusZRdgG0jcilTPBNKWvJtuU+BOtxOeZOoU0KAQk0iRVOjpxTJNLkEFDMqLOTl4GP6l1DPyRiUIbC9dxVJliklcqIHHcx9Son3\/0eV4Dlc9XMJzUFYLYDpip1il7dd3MOMzw=="}
-00790{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00802{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02115{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":670588,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCJAAEARDmPAqAGAjOM0XK5LEVEE7HYoyAoKCgoIlk3\/sw8\/b8wAAETStyAajltT68+ELYCklsRAAPKAhQKMXFJKXjIBWFRGvhiDbyM2RmA52mTO4kP\/LrjWRFOsZXPJwPYxhAgmyxVp2EaKhvInx5Lw6HoctLCI997uZ1ErbFrvVx2kMNsPbvf0c3KMKg04dEw3CGmIj1nwwAV3TplnDlLA8nGhigvTtzDcOYuThyFe7PNCKGoMhnIJglojVVIsBdMJYdSb90I\/+fQVaZ\/MIgmBIoSGWUE5ZAGntmDgtp0dgmx\/\/p7O+2ApCOoZi2+ZG1i32q4n752EIFh9R1W9\/09HXsuHjyhRiyoUZgqfvLkrSOvdv2ZApV3VMcrOD182D\/IFqwmSJhEKqa3Gz0XQ7x1AhDvKB\/98pdfLJuGPyAwXeMf3RbsjoJ7UbwIjIEtg2aJPV4zFaASkuBedOA0xRnIgegCv4bmWgElYnQC3X2r85hddZMtDhxN4hidUWYN\/uvDzyKGj38LAsQE2LOY\/U4yjUes\/A4X3Db4RMeoGGuaTPx8vHEhWcAZIkak3bdmdfUCKhTRw1Sobn\/0WZO3JeU\/O3LN6aaFNpd44oi+fv1YoqhJLtxNGYHj6lTz\/xWvwh\/5OpWupvnaRJw140wePCUI03nAaDAbvdgZhJxJUM9Ez2imcu\/DPUQxAcI87gwO9rHzyEFTZvBE2fYXUdWQ\/lBLvDIIIlbqrIBwZN4Rm1K7rJEsqaSGAetVKqYqrotg3G0Xv61dakHj\/9j5SGgi\/fc4wYQ4pRjWW7gItXzVqCglacLb3JoibdGgtA9WYGsZizewIUhH3c6imISZ6jCjLrzmXYytkHa2NT60DFmqp\/vbUzMpbFIHZoMMMlZrZErLgQqwcQrIy3BrvnbjZx8ZBklzbGPAwWqCy+HTuUfRLftp\/kFiVk1D\/72KMbyr6s7Bkxhgo4bI7zvMOHUidZ2hdC7UGsUUF\/x5smJeYW4wNdHD5iv58qpr6HaH2Rdza4ULK\/pyl75oX9CDKuX6jrGDlbgHOykS1bvJCTRfYwBjtGXraF58jEQVZJJ6HImPxPLTVvhi1weX0G57pwdQK\/6eBVH95xHZHTJaU4Kw3RS3xIWdjP6LitM0DZwW6TtS3P2G33o2Wkp7Fc9Y1dXTKUMs0nCmH9d7CCnjVWLYi1dhtz+Tta6lf48tU\/Qqf+zHItaHY7LtapxEIIsNEmVNQuXDZMbBZtU9UWcCYPTIXOZsOuWi+KlnlEVjhzxN\/kL7Rx56YZNVto9cOmH\/bByewHjhP8N44u7cip7U0HR+jmMmuxSSFw8RHPveSA9s0JovEVcJmQ19M5ynV7yxMWdfjeOMYtsTVM0tONAfzs92B1HE+34bwQSIOaG8X7No01hV+V\/yj+dryeODPmr1LKIAJ\/MbgypzFmTw29gDvyUBXq+ZwqdS3iCKSfowPes0BSJPSzSUi4Z4dIaBSLQpt9PNBOgH0m+JbP5PlkMRT2nmJjGR3PzvdWiWmCFTAb5JDoyjuyFHdi3lWKONx+lFmzZJwxs+UMErRJBVTz8V6tf9wiTJCTFmYGF4UgB\/CTJx3DI6wbo9X53d0S0QTy3dGXJZO\/H8qOsGI8aNw1qzLXLU6KpohKtMy7TWM8yk8onvWWarA524pLpTHLJknBb\/q73gznwGfXGsA9dvY+vw8XuLELA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1603816434670,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02098{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":674356,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc6RAAEARGHTAqAGAKHC\/PLXwEVEE7EM\/ywoKCgoIUh1YuhDqcyAAAETSyJu8rPDcY2Zmg9uhZvVGBSUtVHXbCogcrtjHkIZvyHG+oeQ7FMn5l9+yu4riTWt9G4+IRLvodWF\/OJuoo6CqqAN5qJoCM2wclVmCRhZ0yQpnR39UyeNNZNj55s0biH2qmAqdK7slUkz7cGbucaEPgYcjaZ1qoQwZ3r+tJVP2\/OosjKKgI3ssy6b8rBby+2gKA6tqrWlo4j913jt0V5Myxk6\/qG4m7XLGNhI+nqBnhUE9EJwSRwQbLcrG1YPxrCPYFKhaONrMEZrfUQUokRl+FtZYxnK7kRHiDzvfmlVCIPnCHsK+5SDQIbVAkCmMUWxjZ3bcH0rMAJZjsUd13Mp827NwaPY1eDE4xURESo0uH3LaTB+cGxcmZiI1vjnmW5fkVYKNgRSg0LQtDAGzCxaf9M30heOBY4ij6gT6HUWwVg+\/JFFdRax7wIj+qnGHaTs+tirGGEnbomoy1juUgYZn3ol7W9gFpvOFFGfsT9glqttgJXgMLwaC66I5aigEznfj7F8whFTNHLDojz+A60t6JiMTNVJkEgkdgm3rvpiMCW15t6bApORRa5kVOHruRwVYI10UY7IsHOtU6782GbDZSpGr8ntN8sySw6dOku3uT76aTNaaNtW\/2\/SmZ6WiPXDUGFDezYRwnESar9Jps0+5gYGAogq9ycMTf2y0dC4uoffSPWz1EdfmGrYbBIJCM9xuPdTrwpA6ThIjDDFV\/a6MJaOn5xQl6aMEUqPMHj458lJHEgyVojPxewoZCn1jkXsVl3BshvNc40UloZP\/zq2QIIDXt8Fodu3I71j4TQet+ImZTuvbDliPLbMm\/UuGwX7wyxtGWarNp2rii5+q0UaxBVtO8\/oJYF0+p44Z\/6vIrPBqNKbPEzkHUHiQQ9awnKGtngmRd0EnWA1J1Y87Abt4Qy51cs2KvlQ8aNSkmdJNosK8Lplp4c9AiloRm+Wlx6dF2sPcBXzpXCJ1Zlb\/eS7cm+1Of3sizAGLukg4XoSb8ue\/DVtfTnqnMgdaKnjOTE4lwUDNk1dzsHxmIBEdGAbUpr+sz2h7ZiHbtdfQRMC8R65ogyaeDK4C1lsoJ7uCJnAWZYyCp2BgnCpvONxxWtaYB6uz0UzVRleBEeiLenAlMfVHpx4w4aBWlyfvuTuObpJLNHDWzAbZSgjHkN3ZYnwTzsuPAriOrYPf6ATtgw+ny2XHg\/qI3joZ2eO+lgJd87BsLnTQUd07WAQILuYO6jQ9vvkRRzosU72uqVr9x1lpfayG4CEyt0LUHBSmhuPmLena56\/to8FPfnyS9lNyeUIAaI4Fe4R3\/cEHg8NHDOKfjqOhNoajIZ8hm564A0lQ7hQTdBfGSgEwYSiDVP6eZcG+q0lw0017Nrj5WZoVrDtJB2VmZc8vjaptwWTVWvSIds8zNI205cr+tldoXLWshLEkoE0W0QepIpcvJTYL76KEZPhOvEWN08HQuMtxYugoC0qCkSsgCEXMCRpKiTlmRwjkQSmHvPZvjNte3BsWsO0fzr7S19GB7OyjGnnDBaF02DOLob0KkURE8IUAwhzi50lzUy41R1QjTFR94lQA9n5SPLtvlqTYWDXlIlyHzlvKnztl7SJtU\/J2mGtnwVygn3oE2zBGLJfYgi3ZH3hoCHuyTU70yw=="}
00486{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":677060,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5ht1gBwV2ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVLMLwArOxiAAAAAAAAIjowvkCXlc11FR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="}
-00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02100{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":677860,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gDEm8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8FyutSUmLAlYtemRojNwXfa2nJlp8muaoRnKD2oN1ySI11a6rSv0gyOvlVRJ5egXWtg=="}
-00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1603816434678,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1603816434678,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02098{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":678156,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAjrXBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPlfoRUQTYrGTHCgoKCghDKzGtBgOvzAAARL61MEV7YMQkWdmZghiuiQz1o5QNdpzYuutf\/wdJhEZL1cudV76JEdjtP0Y3OyHIvIbsmMmNX4mYnmIsf1njial3e905frw0uHyw4\/f+5H0ef2WAdacdKOP40DoDeuCFxQz4bIKDgm8hBJ7vkD1IMm7AaEpvUQhSLgN8f+x+sA9RH+TmObL9fghOs+eNxWf96HoP4pMWR3XqHFfSqIk5FX3TNVvr+riiEz6IuctzVwm\/zqWSmC9dmXci8Fui7Q8OxkH6gLCU+aYM9wrrVZJ9j5ya5VCMnDAttNuuPdq5z4cDdXloIyyGypYPGlULxwG65oqg8RxhEo29up9ffJVpEaQX8UGyxOt3ZFGPweILYH6rNyUpje\/uB9d\/2Tqi9fZfaLpagN9mrVHJYMlLvkjpSaeasCrG6FDs+Nh7j2i5xAxuAkQ0xK7QS1Hlggg20h5t9cMg6O780ayQOD4SQCU+0AR1BtVV6iTy8Q0dm9tIpKWeNO7CSURoIrvTXKHBx5OXHuDteNJNabHxEW6\/e\/OGRw8IMWO65lgJPUK\/p\/99LM38gOa9gV2dzOdfDcRMvpSWbp3E44GpcUzlsSO+wF7JBY6P9esQ3iafS\/xZ5rdGYm06lyYTCDffm6X4KxkSuGJfTJKvPfMGPtO7M1PMG\/4y9kmbFwotO70O3qzn76AeIsqparz4gqE2VEl8QpfdxQliRyqZUZsoWB5UziEcGYDOQAbZw0c82QzSgLib58kPXBug4vmPNM71D9PmG+ZxduAFDFdu7EkUfNSxMfR6hOQumdYRVQ+J+QuJvYZ4r8AlRlJcX6HQpLdQXTOStQMDY7ErsX3+lkhbFCkOUvVD1zPSZ3X9i\/Jl3XL5dbrTO0oYnJiNAJHokvd9x91UJlo5E9+m85+BWm+iMzm3+6bNRAaSQKQrjdjennHLWo7GXNi4AtuurC53Pep+V5GsYHEa33KdpNHgca7X0HexhNHc2ElVJlmKiO9osCGww9ceX9y1pVU1v4UF5cspUvQ5RkcxirKgmOqDN1dbnXmgpQwLWcEgtJk0m+iyn9xNTJhEsJCf4M2GThouE0XLF3rBbGR8AaMV8IgL1g4CrqnSeTXeC0TiPef5r0N5Ew0ni6DodVZqUqNOv+QdCVcZaIWofYvBzMdvqE6zhO4AzOTz4GAPej5UV34aUDRCl13vR0NWFf5GvaZquOIg2EYE\/YyJl2nILl86w\/YT7aCfJJltdrHwSxGGAm2JodfqLx42fCKG98UlucLIjp39SZj8UGSr\/xymfE+UQrmVP\/eIDKUfQ\/F9RzSEtE4Gywjiw+VYseozSQwwkW8vYlep8AwdQshSEv4BOVgTV1jTbJ7jHDu3x3W7Ka2SYTSb3Yt+KkdDWxpTmyTJioeUboa1C8BSpZMyhJwlf1bmECMTVdLKtJOVuXslMtlUCVIAqqT9OTre4ouFYJNjliLNU9F808vVjFTZqlwwQjwIeKMK9tlRJNZxnWX+u5Tmaz0QgLbCP6pKnk6GGff9hBXEoVtopyfSJnogk4UBU3qLzTqqNWTse2gikbJRX2feLSYh9ICdhs0jcaXO512YMcM3tN6524plEU+japLcwChj4baYrOQTz7NVY1HU6hrUlA=="}
-00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1603816434678,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00803{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1603816434678,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"test.privateoctopus.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02110{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":679393,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUArn9AAEARHfrAqAGAyu7cXJXeEVEE7GpTygoKCgoIN5KvB9nft6kAAETSd859O5gTcUYdl0d8aIlRj3zx4AjuKGa4ASMymO7vXZjT6sVM6pCw7HvmCO7cFlITvmBGM4kZgYz2DWfjjS2UhT8z6S+u4ZuqQnP6sPmHL0WtgrbFimoDsZXEWh5x4WsY15wAJFswtYDmxQkwEBAjgyKuyRv6VywYakyk9BNgIHVKy7BfjK1rPoWZ5w5I2hl2yWFdZ1\/dE9wNP5q3XxjhqAOQa4bzoBKefCRP60vRescDr5A1q9Gh9rEI1UxmIZexsLIorUS6jw27c7X3IRHEFYnp7damMbgudCUNTZ0D5\/x2EYQKzoV23CePPHf7CWo9eYf6XRWEJIBGs5xS8ziNV5+H6hYANEPNNnvMqWmg1CtTp6rU+5R3i7\/FA2u3qMYhl9YXtwck1Tx2THWWJnPTlV31JToDh9hcEx6ePHf\/HDVkBKTcysw+7WUh4g1S4U\/E6GwOzJUSl1j4FyQSA72MFR1nukBmK5l3E7lnPPMHE0UwlBbgRRjJIWWWMjukOyYVX7HOM8mWhaZJs8eEj1aINh\/eg4bAf1JY\/ufLTloR31S7y6OReDYCA\/J8a\/ZHMCpyo\/cgCYZnXroSqO5eUMiOd6mWZMV3WlojmNGGqUwidDXDOOAZnauH05acuiWNjN1drZ9uLl7kCD3klbBaB69xmhwOXqhlY+ov6Mo3v8dkwR3EXQE3Cj\/lQ4KJ2OrXiOlAmz\/GweVF9wuMVbg+hyvL7DdfTfw2qYLKgSNqwlGvO5T2f1lglyHLXCucOL7n\/zNjX0\/xlVOCxhUkQhgX\/XGJbbA7qxh9UXxvdZ3egx7Bshhqr1n6BUMoFOpjvUuGdgO0OjUEdRk5Gyk2HkFljHDaGm4ht4bH9hDtZ6HYm7nqyUay+Gd+WMBexYGDLQ2kaYG8GnHD4PrlcFbEvk3ju9rGX1R2QtLYbACEJdNJ\/zEc2GzZDjRz1o1gvI2iG\/x96iCGyzUz1N\/+nAKV+q5s2K22NkRxb1jIgd\/41FenkfbgFmpz0CA\/DQCyiLHlX2lw10drz3XG0f8LJfTp2vzPq\/+gH2c2gRSj2YcaBCyDTY5AKtyDkOEZKSL3C2C8JmYr4iJS8RMpB0jL35JgLPvSFgcoNymNWAjCjfeRN9n7RfdzVEX72bqAPdPKtdKHRkZOWGqcrp9n5GGjnQWG\/Jwx6RR+qXT6KecYDU2tCsKg\/XBFBnLfBCe2RP1K2zPx4D0wUdqR6tPZpisKmvW9Y3UI2tmUo9tLMaYgnRgRJ8M4\/14reEvtbK2a7xa1D+9b4yQoAoVStwjeuCruASzB76vQ7Oikq\/y28NWNAE6l7JAxtLpbUGRtWL7EwfR3329LDfnglJf6znmUiNxo5AmhhQH2+XGsnwv7e2QwJKwUtxfbSP6qjjAq\/IHu8Ph2sxgzDmxzqJS6NBD5\/rREJkwIRDPsPQN1aQTeYN2N94Pv5crstjdG+7f9DC85NWJZAJRxBLehoQTlbi\/SnUmr9i8puHfTCKc8NDOGVlMiWSfVcSKswlSyz9AjvXr\/Y+TehMUjsxQeL0lUqcIXfqPcJlum33ICV492562h19036aZai6yQ0yHgw3hE7aGMjyObE+Uh9o51GqJfXzYJ\/J3E7ReivOwkmjMio6pMVZIlFMAmLX7M2ggGLe5cHg=="}
00465{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":680178,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"pkt":"PKn0qB\/spJGxgjQ5ht1gAQBvAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVLAdgAfFkT+AAAAAAAIs6FDVD5jbx4KGio6\/wAAHQ=="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1603816434680,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1603816434680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":680209,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MiABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQQtsQAAAABgAlC2BNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLA=="}
-00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1603816434680,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1603816434680,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00470{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":682914,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gCzKCACMROyYGRwAAEAAAAAAAAGgWCCYgAQsHCsnVrqTT\/kdpHoB9Abu1EQAj2NGpAAAAAAAI+gzxyVlrPLD\/AAAd\/wAAHP8AABs="}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1603816434684,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1603816434684,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":684954,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNhAAEARQ6HAqAGAyu7cXIm\/EVIE7DIpzgoKCgoIV4qr8UTBK3QAAETSh\/17BQebdhKt5N8exOyNj+uiOYMPWvj6jDz\/XRUXpazLTuGIaL+gAsTmd0\/ny+0FgJZmR3W9tTl2uiHStd0rHjDhZZpjA+Vv70KyXaIxYALOy77NR4C4EhjQ7Woy4Z1XktOMuzY1G1wK+\/m8WHSuXiS0ZJH0FyTMGjp1ybnyu6MTC\/32FsQ4+KBXvfT1hZaE3FEFqOfGH728c4f7jwV39sXMvsF\/koxt7XF+OaEoT44gruD3j1M3Pn+2KBK+MAfr0VIJTB\/qx0CUwI+AOjfOrOEwPlBTKV\/RpKd6AM0mgPkKYfiJQlRit614p6k0X9lbx\/f6ahWLCq72n2YzUVWYWdT5J7gjttfn3tAoB7zUzS53IQUv1B2zhYj8uYWCPv5E8X1+\/TvDaDXt2s1yt3mYps645wMsjGX9jfYnekRT\/suzL4Jvq5T+oMyQFpalloUrRQHYgV03PgJRooTK2iTJSDezMo3Sabn4X3VQSLr6CnIqGTTH4TZdTS1EPTMj1g2xj\/dIUvvG\/pFUdjLNu0inX1PgBZ1cWwdYMDOvaetqYINrUUAYfMt0S6ZnZpx8OdfUPc+mujDPZthVujZlugXTs5\/Mi1arhb7RDdu56QF0HkACvwfN4y6hPV9GkFI7UUzwkjbNgS+SVTyZpwJf1vfOY3NxgRH+ySFpHqqy7QQrR1g1b3fzph2N6Zo2yzEoxr3cQcaq6oirf5SKGC3qVOfI2XVtorskDTjDPZugOVkY\/anHMfrVansEFGxUEN\/DC\/sCrdnQCX2T0SNbs6Z3vWghQ\/Ttglq6nwriBypoi1GkgpMWRpNQC1+tftj6Y6qDc8PUt47spNcYJ0VauEV18MYpeZpOQrwmNsvWkYDeiXS3LX6E8xtGwpF4W5EfDLclRZBbPNPUZexMZprIpblVxLNvXkp38hv3mKP9juEW+w1x9u0\/FE+PXNXqQt+cpccucng\/siXW8dIomIy+1Vr2PrUvdyaaKk0C6UQxd5P55nB9LiOhbpyhKVQTsv\/+44XghuC1pJ3FXt2NjQe+CUcHyg\/CStdVZ77sBr3jEHJD5WyRhPOE0PHrKjEkwO61egIk2dYxhBIp8OCkst22lv5y0ZwcT34lkkTv5u3Z+PpFSID1U+kLTu+5h8UIdmdChB8Ic1cG4AQYLHLWNXQ2dMqc9hc5mVaWGdqVsXAgEZ8PmUGN1\/+K9d7hwED1E+zAtc4tOBuE\/zS269MNpdYACOTcy9RHUvjlSspQylJjubyYwnj40H3orsiMgpv6tA2AxST8dUKpvzYljGrSAdakZ46qVrbuEBiCGMTCs+\/UNgvM2e6Fe+6gqDCfOY\/zXSUtlduoc3jid15XCt88k2M9Kq40sh6m+8eKjtvlwD7XYwfSnLxwxhEyeUkGT+13FX++6oG59AfysFjC5iJYSscA+YXyA0hYuJ9OTtOQZg32pXfl5BmrmRqnRAIwBXmzbGgXzEsXtx+lmlWCK421d8ePwyDwI8wnHfI\/90mFIe34gGT+WMlq4ZgFubtwTSjzidVFs7GoczF7Lrr2uW4jA9qjpqY0sj9p\/VVph1PRzTPVNMdHm+sMkD3+hhI82joYjOeoRxcWEO0C7MjWGcq92hfnKcQSy875okSAGULGntKS3GeTR0gVMj+6KA=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1603816434684,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1603816434684,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"mew.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02109{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":685476,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gD105BNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYZ0HNCgoKCggKh53oSKcUIwAARL7gnbCt\/i9esljBwsmPvsojrH1nHZVBY0xSwfKH3XUIijCNgd7Dz8vI4xY\/GVgHV60CIRICp6Kjnr0zMRCxb3nrCucJOyP18UJ2XfpoAWpzvs2pUT\/u95vGBd8XvGhGtYoLqIrMkwYTUuZWsLPdt9\/gzvA15FlJOa7ugVzGXmi7RWK2tRS2hGORcD238yWdl10gYN8ZAvJb8s0UeahNz4nqOB1o1ewm+JfW47bFEqheid7sAMQL3N59\/ISUhkQ8vC1I4dVehQTYmG2zs3sj46oOz5lAFlK26vOv5VRV5IPztRMlciR7V6Adse5xtWtlpuIXzn5\/UDxzj9dah7+yAdZOHeT0zLvwsIoGcoPRxB0MH96VRzKARwz+S7KKOKG8cm2If62RiaOWfmxkaI06NFuh2TWyOGI\/smeYiBlrsSEsSPLBOsy9YKqIRy2SnU5fpV0QIrpOULNF15tvg64kCSUJEHN7hq8wuLHUYVeVMfUb150XuMPRFaeDc+hRLxIgkKsegq\/1GMLnU3cw+YqqtGx9Y3AG3jCsYvczhQt97g+bEAD3lWpSQqlnbIPVaRxSBb\/m++vYk0m7W88TjbXZd39\/H0cIlTvJ\/Z0SYJpuIBWlYvloAhW8wQNQxVyWnDT8EGTCZMIdSLrubgSgxklIcQghvYxGjlenv1U\/xWA4GVcvaRa3KIrmqe9Suq7Jbom9YtFec\/KcUQuypqb9vLHQd\/Slh\/IgOY2LIPbfGrFqtZ5IZSSAFLezKKTHeEUDMMIvjY6nNjfQvhye7w\/iK57ylN1XmmiCsHB2UUISWzLgrbBn+zFoD8q39CqH1PUlQIwDNgZ6s2PfqPEu+x2StileWyY9B4yefqdiNXFJ7u0v6qBj8LUR9\/ZHKs9wt4Es5WiMRZRGcohtyH5Q2qGSEuh57YGdY2plV0kqxOJJg8WuHGwG80hM4Tuuqa2qTyvzRzxBzkkv7jnWbsOt8w6eogTolB5Yq2lNlcox1ozX09J\/4y2Mgjm9fxydUta2PLhNKNF24FGjs9TlXrGvWStOf+FVD0GqXkj4kfvlc5hUlqiu\/hxYQyz7qNm\/6LH0VCx9ePdDf6W4APXGgkkBgu34ndfqUtg0Sa2fWK+OElqxxZw1+Hjyk43LjolIsRbpcWkcSLKwQP4O5jLw4EENRtGoAdziVGhmLWY7AyDGDqDXD+zk0FkOZMfIjeyouDPo8iAsGYm9Ha0mLEq8OysomYrCzakDZNst43uj50cSwd\/VS+ATJsBvZ7N7sRLvBamrC1umCD7i4s16sQmoEu\/PSvNXlSeypCfAg2hJAeLhcz4\/B0WcrTcIC8sTScPAH3uwzv2dtb+6AkA7ey192Tem0ngjhVi9gaWtU5sFQIbMZEgPIufNBRz0zG92jR202hKnv2tVs8fpah1QPJuf+kSUD28xqWVBySjEINK1zyjumcct4vfD2Rv2hsFuDdEnRtRcJ\/VHoB5zsNZ72V1mw1n3OOM3pVkY4\/rmTj\/xZxixYjGJ4hQmi3ZfkZHdBqMDfT25BKOJoR4wohoVf2vU49x7VJnCxuwjZ+PxxTyZPpwTwZZg9+9l1NkFrr1xb3oTJlb1ej2KIFSLLbYLLG40yc\/N4lOiLv0z\/w=="}
-00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1603816434685,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1603816434685,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":685491,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCmkdBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB0gARUgTYZd\/PCgoKCgjoF2NeZfCaVwAARL7J5XVlyOrShWgSY1170HREhMEudzqX7b4Uhkojh\/MAMJlRFRdXrnf0lcWEClMJfDhoWlt0RFozrof+Pnw6B4\/ZyoD0RVgGp53poT7G9iC\/absqyVIsEHLsIVC5iZKsIfFtdWkKkdpnRNCGnT3VGY+lFXxBZPJt0vOu0Y2zKMRZ1lC610Klnd+ZJcx\/qSoPqRUIsoETASUmzbWQ7TdG1oxWQGH3wcVc\/v0ICxVUtoMYgJeXx8betPxfyREuBm4E4FoTyJhXcui3XIN3o0Due9ptbZ7SBfuGpb8TN46lwteVUqUUJ5Xe9lf39a3FP9dO2Xqnjw\/WZZomS7Iw1nD9mfjLCEsYGSPz8KBf1FK8U9BWWKadaREsfFGSsUnk3AD67edvUllQXvSDtlbzAUvFF3HIenC2Cy9ysj2h2ptZLfbFln02ZGCulECgFzFtpNDys561LCsH00nvAhS+\/pbJhKpkIQwt944Www\/ODMtfhA6WoAEpgpG06f42PQF9unibmel+Q1UkCV\/Sju8NlC7DCa5v5QN61TvjaWLK+67RDNsHdrusmUnxS0Qw6MgCr1XJXgSd8aQkDA+Nthb+EBlxmaEXwuybb2XuVgqC4V6G6xFD3Gim1RJcrCQKLBGVfueSLYvhKVwT8SeP4SR+OZfWoWq9fjTaViFhYYCsic+3myY3YSADfawnGFA+SyhJdTjrJj9L1vETLMfU6LQ4fjJs\/8YN6WcxBXdSBCin3bSBe2urzqaduq+kb17UjxDbg4QJxXnAa7r5qUQIYXTqC81D8LDrVnVZEVBGUFKebfrcgAxOMID2c3r9c9lUOsj+C6sMlckNXJelOsGIB83E1w9dml1EmevOJyz+MzHSmFAJVMeyfthe7Acpa\/6iTFxUC2VqHJlZjwCn4\/6wRzHC9TG9Zo5VPWRd+g6TJGNweOX8P\/9ZlB9RFiPwzvHlNFT6b3Mb3QxWLg6Ttmg0E+ML1rtxKM7\/yRgs5vxr\/diUa1PzRXjEZ+f5zpp2kE91jKJH4+73tgEQMYk7Eyd89yRmygltVrH\/fU3Ue7GrFhffvVmLvE35MSx0aH6IGdc\/U1oMjWOy0EoTkWjTh0p859\/pRscc2n0uSgJ0X+9D\/EbzkVIZ39Oi5k4wHfsZGD8WTv3IQhB4KGqrNsOYfHpEFOYsQdn9gLcQXwn4iTTbKaZ9rDik21mQSKdUJWkKqJOll6AYoarRO+2QwNgtxGGc9KoDCliYHauCpZ+lGYjtpy5eB2tibMJTLE0Gnrzi6TXFgGqp4wUvIqEqIQ7kO3WFekwujCNCYafCZWYtZ66P1CWPtvc+cRSrUO6Bx299H6EewArx3M8oD1TU7RZVYNta1PmN9bWQg7109Ib8Pk3crjfxcU0dAj+led14LXpRrlgp\/QeJZZuc3wsMwiTDPy3TJcx5+ZXKykG0+Rze8up6KNJ0TOkliR5SFYCrvJk8ixSq\/yqeCqIEYozf9Q0bKCLl8\/Buyu+IUOQ+uNeuzWzi4apJbhNBlCaMuCrdvdjkQpiOWPf9EVqBWcYwBbWS1gM7Y0WFCSCyXc2PxB78fF4bL4IfjxhdAkZdz0MrFIiD9A7sCWzJyDkoQoFSPdTAM2SY\/PtnrUK9nA=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1603816434685,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1603816434685,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
01149{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":686051,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="}
00469{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":688708,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="}
02106{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":693386,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":699019,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAFhRAAEAR9f7AqAGAEr1U9dUqEVIE7BnSwAoKCgoIQzGFVS1wWEYAAETSpZ4u7UFA8Ku9qqY5kvFyNpSxiT1VV17cPvqBwMv7ghXKw28SABJKpVUQZhos8gZxtncfEnCPtRM8w32S0cMZDs5YJHMDp+qFqUFXljAhASDeFUYMjqqmqK2xXAN3z8w3vQiOdFiUtKcYWIVDP\/7fu1wx3cHjtnddQmoALaCYC2KIbsUH1tUKq7vT\/+BVt77LwCKryVjemBqkvXXluDjghTk40ivSQ8jJyGleEHicaKXla1GVH498NloK14kN7wg0ok7tb2sKhAfFsmt0dyCnuo0IC82\/BgTcTshonNbNn8yhRQBgaJANTlBk2qWY0ux\/DsdHPsovpEqFcqjpqtsKjJ\/5p6SGXORi9dQLphct9xf1v+6F1wTFVWPe3eHdsSOyp\/BwELawr\/f5+1egKWq7+4mbOVH+FCDZRkNVIFyH23guM2L5ae29avq\/lWL8pVDtTjf8abgfWtxqcSisE4YkAeGaq1eE5OG55ZyClHKNDn4L9XZjjbN9CQ1GCe\/OFVXpMI2PfEiWcGmIKeNgYRq4gzlAZODLuPV4QBEq7ZKp+5NVSaLqgSfrcH6xV4wE+0j7r5VEhvr2u6n\/\/bPNSsyoQaXU5+q7Q0w0lQEj77lMwQmrPw8Gljv7480G9NdUwkd\/\/p5S1RtQdUh\/qH46a+7aNhOrRHoFY0Uu4OeMbqyUyS5uevO+F6ddSemZlHL7dBD608g5QoisaEMsylH8q+6GxQ3RHsnKKd6RLtVMJcIb3s7eslhdiZbkyC8WugF1Uqbss8ag8jYafm2G3uWVNTOT2Al+MzrSr8taRs+g5iy1aJrDEMOzdQltsGCgG+PytPM2beF4Lq0IbrxQNCgE5IJ8\/Y9zeDmnJ4YuPZxOPAfYb360+E01gUjgcPnkzGMH3BDGaQWI5R9EypmAunCrFBomcVpqmknXQt3kkvX2OcNmQNIJtzXRbps8SEeNZRyPGf\/u+Vt+vdAKZlK9BUH2ROm9VEktt\/tTi8rHZSmWXH5uaAhoAcd2e3heLdg8ch4sYkqsJ1RM4Bd84Sjoz2WT\/JoF5Jn56aKdYJgDXqR10AhI9yS7PKXqAOUJVXWVnPWUzccZcD251mjyMn\/3GgjEsaksW4aLFNi7f\/QSOqeUIKFWMvnizPSh25WGY5rgFsH51tkf6hz04KlSxRXrJr0LIOYpZWWk4Z9QNd1K7akZKN59RDZMEAAGot\/SFcMVuXXKWbOlkRF3PR6IvnUq9PUtkadRAtAQNhw2A0EhGpp4ig24HdCqTnTlX+RSyn91Y962otVZtd4BhAeT6BQzG7\/NfJ9QU0qM31UlaB1H0R3mj33T6fLRu\/gftOixAPS4oO8hH1yfhcS8101GVhNDngCpOFPDr4rVR5IXS0BzEmSymuwkNKBp\/eXteAUsH19jQgtpJlB\/27Cf644Gbzfhi6gaDA1HPNpmXHxNHTWNp3TatC1i7mgiF\/z3wnwpcgZfu7NgfWsvkOlTH1JrhvlpguHwOE8X6csJxnEP2vFDhgFZ6S\/l6TWUOJpertvpldvGLMawH9EAcvDIDM+HIUbHJDdTMzgDd9oEnVJHFpIlh0JUOzKA7NaFr5ofLRvRbxomK6JpYR2wIpU\/OYM3aMfHBOnsu4q\/k76iU5zYtsHGX5zTrd9syVHbfA=="}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fb.mvfst.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00439{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":705146,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PkpAAOIRsJYocL88wKgBgBFRtfAAI3\/u0QAAAAAACFIdWLoQ6nMg\/wAAIP8AAB06SjrK"}
-00534{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1603816434707,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1603816434707,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02111{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":707537,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gB7v\/BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYXLjHCgoKCgi+3m+0woW7wAAARL68vqjG4rI\/AvdsCirEkqkyqlwlEk0N+rawpRZGeCeIU2ZO32fsIEz3GXMviYe+v0IBqeytpgNCeytK9t+KOjotJ7QVqpveJICd7IlMjO1HSAYVU5lRgXMoT+y5Fi2RUxr4qo\/CS3kZAFjeRFuCIjbZwm3OtOHC+vVlVA\/Vw\/zluUbCb4Z9OC05o\/XWJAPFWPOrEt8\/bTpMWLzNYr6bh2AAai1D3O2xoHVdm8ri3GSO8bUq2pxMjIn3ptNmbrkSU87wQZXGqhVeWh1ZsC0DBFqUluwXb0pMgCqpEO80Nhq5+u4y4i3hGodT0H1FKzVcs3ew3eq9vaguwDBdaKE4exJJv6RCncKSyg4heYydolHckhPW\/oY2HqheA4pFoO8ZtX95wKBFjVm9bJpYTJJY\/z31z+aUhWVmurEfLmnYxlCSy12hLAruC+gNCD8kQ\/MW4jyBAG6d7BTS1znq6T231\/W7l3AXMCvXfMcFqFuj+gmi\/S9kywNWZ1fPa34hHlg7mTIWR7jlUo6tzEfq2oqDEs+5yTslMb5FZJK8ldyYKgyBcGRm4I\/ToW88j5u17EMJLsfUqwGMs8bmd2UsI3BzwJywAmNYdLVpOCfPHEMiC8WRAAlJ3Q+5SLhd9OVFXGtu7O6XRhOsbmI08WdrJBm5J9ucdgzWkbl3i\/2eDZiYxTYiiBKrxh1bpbDEXg0VTkBcE5jASPmJB6nxZm61WNxz7BBfHP5VadrI26UgUPsDMVwEUXD\/xbFcS2J1PJleFnNI2j+1DmMCTg5N9ExM1u3\/T+Y0uyk6l54KxtzqSgjBsg\/XhFcM\/ODubgSuXCIsXFgZYQWzYGSVjfGtlg9HMWTHqZ2juNRwZqE5L2Y1hMws3fsY1ili8zQQG6pzQd9m5PP\/4DGWVRfKxQ1ZOXjzlNFvAo1T8tuTM\/f+7uMOnSwbTJyF4JRbDwJLDbu2BiW4DyD++iUHI1TX2h0xwwlOfDtDU\/XKqzZV94CRnghKvgLSuVmReTC4nhbhAh1QzzHb4eVcBbud+vGs+t+FDW0s9Oe\/hnHEEnZnUGinZBTzGSWQRNGZp3cg0jUT4QPjdPy8XyC\/POLdeCDrPUB9mDaW3W7rOPVTXvP4IQV+x5zM0ESasNezQs+QGprgL1EDIBS8hvpGgXPlFZ33Fo7w2YppnMED08hMlvAS6uJ4t8YNFbTXcL5HnggJFHBH27Bm3yvE8hbfH6SwVufZ8xM+Tw3qfg4V3lxg8P8AwO4P99Fk6O5149Oq6tAEtMX+WnBYLaxWrBiKCCuc5plEPAU9\/ZoPaf8l47lpmb56KdTriyN73TanAKwfbP6jIuj4uNIxQka2RGbqyo\/uLCe+FVRjf9R6E7hPl6i9FsmDl51lDdfvDGWrftns8EcWHuJT1pCO7UIHJob2JLCsxavgPAwXAF3a5o1+uVFCKwWrw3snRqgYx5CEEXaScXy50PTK\/knIkowD2tWEjgiJ8xxxjFamG8tuawm7Urqq2+BqDf1V3I5W+o4QxOSaFEJ\/SP7Wg3EEs5WP\/+ds9hapCjPQlUIlkyNKi8R+ri6pcpgmc2WXtbdLyKWIrR+mhOTL4VpBkPN\/EhoXvYOWO65B7Ac2ZRH43fZmgo68Sg=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1603816434707,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1603816434707,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00448{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":709551,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA7AABAABwRNNgSvVT1wKgBgBFRqdMAJz2HgAAAAAAACN6xPRoCi6ch+s6wAvrOsAH\/AAAd\/wAAGw=="}
02111{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":719606,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAschAAEARJZfAqAGAg58YxobPAbsE7L65wQoKCgoIJv2XczUh4RIAAETSm4e+jGeUlE\/B12fljD+RqcpH47cYVTGlgRrNPB1pt4i\/tbOCC9Ip3Az5ZlXd\/FK3y+qA0RLTj+Hs3M0j8vRCArTbVM4C5NgRxsbhmviOgStjfj9\/bYsZv\/EjOBw1tJ7JBggMh5UbD2IApoVeQbXiGPK49HtmmZ2e8vNh\/DENBlDkfNiA\/Ze5qo3h724av1SIVZrOuvswt3oWie0bK5Roue+xJHmSYlIdNZfnzXpwBh7c35jaMUWDvYBeZmckm7kJc\/YlpNj25UQZsKAQzZSxGyFkwPWE1VZIIf2sR\/CiM5RFNmS8PgkHq67u5CQ3Sonb6Zl53+rO66OPeJhUkGQNaSql8mMy7iu+inJtNa+Jv8r+Mk+hsReHOd3O8emp6fJ1y9UM73fh5DirDtvnZZ3V6jRJ2r4Rygc+0kMBn4CyZ+getScc\/+R2siF\/4EkcSN\/DfCIEwaf5cBdqU7sUr9jhm8ebduyUf8MMp0mo8YLH5Ld6gayewdIiX7e5MgOtKMtgw+6gQh+Bv2MsHuSZkTMTDQf6U2V6WVpP0Y9J+TKxzWfaCPfnLyfJhAvO09EXRL4v5CauDRrgK66O64n5FFSoPkt\/cTCu2ZrnJUnl73ZUh5IMHcF5qrpyNgwYRdzmLOBKKUcbZsDmgTWWmVQic025bFbbeJANUemP9rPrhK8vpdcFoj5tc09KJOg24DVw0N\/8s0k41J4q5XkRqvAq3Jh031h89LKhx6BQhfHBc1CWUzEmpurvpV2Ys4EtVyEOa76yxKI9JcwQIwxvIQGEJ9wsNhbJGOcCGN65fV293I4+Q6O6oqi3DRDkz7R3WSxRmE3ALQUURzNbLPzkf5OpbRxMjRgBCXiLLxDLAMGYwM3F2kI+ZHH4x55d95IB1d\/psHRZShyVEYlzUKCnwu29d26MEawfpZVAaMzVRo7xXV35ZRY1D8\/9qSuz0fyLsjjlwkVcHKzvWu8cUA31sZxhNy8BdqKz2pVYPgrewKlXoKgRl99L31koA071JJjVhvzH\/gU32UecgmYeQp250l9S+wco1ff4R4UyUmOfphDkNe9Tg\/fRpjxgKleIR8kU42W8ME9YzuK+U6l+SwzLtodLt+wCvEs\/5vVCJoajkAEX1WivqyUrV84SFPKxXwpiL7TWr5xgs9A6ntAG+LEQ4Fzm\/5n84NssQOABVYGxSC+XA8kEi5T+j7oP5Z\/shgDlJzIXGmWwZLuGT\/FxXFjW5dDx3DqqqjLeUaGgzxk\/EyBCH1h+zMLqNGXZu5UCHMlMD0h27AhID+7gDIkyKn3TFzqvA52QgVRJ5KzL9Mb0vBqkit66U3SK0k0xi\/SfXE85fTw0NQH2x4wd\/v387iGFuVPBH6D0J7PwX5flRLQgBtOy5jnJbhc6rzs0BouQP8a1FymWYQx9YUWzK8DXbNzSVWzXnmMxjgztNz1o7b+kh5m6wUcvmLd6ZGQW6FIkZrd0dtEs\/RrJ1+OEeg0MfVSwR9Ik1PmVJoBjjnSVS\/EB5t+GQt0btx30I4eSEVuRu2nS\/9zrg3dvua9zEzH6y3wCr08vFuCZT1u8r3v5iOQmHyKv5pfKvsINf\/+Z3UqZAAlmAb7gj\/svvnlt+IBIlM\/2nf4NpSTCux5l816mDS9Bl2mt29n21gH0vw=="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02112{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":721106,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAzsFAAEARXhTAqAGAilu8k5wnAbsE7JrHxQoKCgoIhyfaf9ET5OIAAETSThHzecvOQHDw4M1KEvEdEUCr7CAD3OCoyACaSfQrzochTChRx6wrvVz+n+iOMS1T7uOrLABH\/lkEcgzaWAuVRzM5GGhP0QAKdeAxNm0AsijqoG67hGFscKpx5Av3K9sq9rDX7Y\/VGCtKE++QbiaTUGCfsHrykmsrI7QPeSxlf3ybNOigAkts1eOpMwz25k+b9PnMwdGgxKqc+p7n+EcjPFQejHtIcCrVrKASMN5dFF0N\/aceKWgkpv55cG51Qbpmor1iK5rkX+Jp2MWmVKxJJKA6VEfDmOs8+rh9\/bYDHg0cT0TQf4Zr2hLCg6RgKQkQcpxpjnqjjVnWbgl6v1vpjXEkfqOp6LQ7SyRj3OKJU+CC+q8T3ZrAxjtbgQTH6BSqNj5efXKABdLu2ZE9S1a376exw1gxC4aD7EfQxqzjGirRnUARwvI2VMbxxc2dHnrZzXTVUrVa81Vp5nVMETLO1bny7V5SddubE07uIzwFndMmsYTjkTJwD5XPAMks1RFaNVtVW04V3zer0QaCSFmPpOrKA2ENZYUXRl+1Ms5r0ujaH\/BvGzVlt7DDNrWHHosR4VC\/ma1LSnbA+WH2DeEaYdOBu9k38i9r4ijFtLZ3F8QT0b+bWuRxlbf8JzOO6XJygAjh4eIcY9Ifn6Ag7e30VziB3U79j2fB4F\/Mt+Uv+l2lFBFVyIRYWLQl09QlzkOdaohOuoVGT+vunC1+0eAqFF3oxCobr0gBT9\/9LcLUFdypCpP4\/SwPWvfF+zqYocBjePElav4+tGCKrt\/mkRyKvh\/nYulR4dFSm9pIzgjYoT78ZAE2lNPXyk6\/wkm6W4x\/Hk6rPPDi5szKTPrrB0V1qBTNahyFnb9FvHoXB4fK89PmOZMp\/yecWo4kP\/4lCl\/0sXffd\/0V5mQwriutI7UUKJmZLeDjdWC8J0aU6CLm\/SAEqxf88fV5pVMs0AYkAPp\/9j6IANm3UDJnqgRh8cV1\/31bcLPsjWchpJZggmMYkHI2wDN3Sl9zv+cjKCe7+jCl4jW8L\/ekF6HvMfC0eZ4nbal4FyAx8lo4Ue7X8ccf91\/AaqxYlfnlLzjGSpAQtt5baUgZHgnmszaHCnFbo2HHjdmmeu9Y473RvYemO3l50MKmLZG8lmdXQYv688u9bT4irxXqmbHi\/KHwUDOgFg0j8s0Y\/EmH\/pUgZCvgDFCtWtE6OW\/Hyq+5Cq\/HLgwB+IqdME7iVh3EnO3YfKXA50YgeqN5yY5ZNK6jO6v4bbk7\/wLtWdLdrB98VjrtJxA3EfSPn3vx7DFBmIWTYqLE+TpavUx0HxH19PjHereWaV9o6Cgs6+3PWf4tHc03d1rwK6f0xuBoogN97dsTvTJpqwpURumirQKVo3x+5CvP7oOU957Rt\/07vk0ZfIXTZECv+R5Y+R5gZfgoFzxzcENMe3qIbQZk8PFnchoS4GL\/8Y3H5Zb9Ei56qun9YxSW1Biasm72GWT1NwX2gR1bQjPxGosYAY\/6xPeLmkDAtOOTQ4g1vxcLLP8ZY+VaGsUNC8YbA40ig6LjBd1CD5E8RiAqEa9E2sD4lNd4+rToxZT0gmByW82p\/TzmPxSzryYrUGNjoU4d233l88kz7+WQyjC7tX8oBOiRLI2cu8Cgzkq+Qerk7O1ahg=="}
-00754{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02104{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":721167,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApPtAAEARh9rAqAGAilu8k8YREVIE7C6GxwoKCgoI6izyia7+eS8AAETSt+QbRbxl9Fm+cZhPehbbyuY4X98qiUiG97DtvQxOnW4mI8Cl3JV0HG80thoAdqQu1a\/K85y1Ygj5RP4637KMtJIeTQw7yPPnXHP0zU4RjZ62TRhNYZ6eNVI8rDTqX1U17UTGdzCJDQ6P3bwSFn\/hecgMOHAgJBSmXtzvmrL3MX129OuthefAiwdrij8dlZ+1POyInLQ1s4zElf1Qtel5JDZstCNGEQMu3Yksb7Fp8N8QxRhMiYahy\/rNZuX1sDo+S8Kt0f4nxECcA68o5O3j7RZ0UkQbCk7TY7P0k6hNhGbG8k6dzns2FDeBH2AWR18Xa6EbgQ+OE51BsT69F5Mw6Qv4zVxrj3nvm+j8ViswJ2lGHUVv\/wERdeEUkom6scesBC8GBF5oO+ERsonLbBlk0k64qeF0Mq16CQ2Tk4A1XJsEkeKkk13FfpgZ4xmju7ZvBKg6vyEj2GwP\/prZKaMYyek4cy3+1jkURWmaCVIJ30zt\/SxehiygkHDUiHnhD4bbKnxoZnxLWYNZlzO2olSPOXGBVUKEmol6Z1tK9f9JtrTB1m6tWsGbvwGSZA1y816T1+9q3kC45+v+o6ZmsHQTQIKTABYPnt8Wtf0hV33bQFBnhVsk2Gxdzjdom1ZLnDG+UAt4D1lf5cwBPUEisJIkPJBWS+rRvxC4DSNxciNVRjBHHot+7iiljC6QJOc8tv9ovBuMSSgCyDMe9n6HZtnwKuFrJijK9sqICpmLcJkRKxtUrOmfIadJlbAhdaPlAaOtL\/gMLjBp5boNC8pc8oLdF5gMKu0u6JrSWcFM7DMe\/SsSxMHlXi6oim5b0Bp8EthbxMMoLevrzbay70814zyI4WTOGY9vs32q1YnE4xZtSITnSbueYtYs5y6gAD+78I0tPBp\/bsV8QK5jclDqhGJvB+AVr\/WiMRT4OB9wSBwZXgYvAqWVfPSOkoHm3S6eJCcDs9F2x+hzEigXYsc84EvM4A1FCIAV7dO57go8nEQBW53ScAoMrWnMLYP0jkSI6suyGhiNp+h\/hClT+r\/Op92bWLS0pmZuvcNoTh4NLNKHapDtFwkQScIFRJ5B3b8fbGgludLcc2EtUA94Vc8QXVeNTIe0oP4s79m2XlQxy5y6O6OOkdY\/eUiYY9ApibduptWlMeUaNEA943We+rSbYXAEwOAraCMgbo\/PxzNUEPSqGnFDmTG9n+KnmYQi\/Alvs3QfYLLJt92WPsYBjHomiJjYWrbbdpMsFSvM2JeGnLfPMCegUq7+rsZIXjLTFB9Be+d9JUJ623MReNEYoMx8+sr6dCv2Gspxsl42k\/5L+7+ZDtFPo3XT6sEDxDYJvaEBjW39mG5b7C2beKtDSKu9M+wzWHdHw90KV7KS6\/DYWbLEkLOhVtsHdqM\/8MkUyr0noHt59IlTRvNBTWfpVdPC4nFiuDekpKBrvN+3EkNvSU3PCcM3kbQrdBSuFh0g28\/mzkqSAv0ZX5bxXIyBY6lC2UEqGMZo8UOe\/BO8r+hCIJMGZ7nG2fzy\/+YOPtJrO9Mb4J6yQmY0rqVI+EvjNDPprLHMCYe5Q5VOAznPM\/b5ELOgKrzgym72uZNPWn3W6OK4K\/yCjCGoXsltbqumaaP0\/hRyLF6fCMMUuvnes1g8uU+5d9gQLw=="}
-00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1603816434721,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00502{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":722567,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"pkt":"PKn0qB\/spJGxgjQ5ht1gDhB1ADcRMiYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVHHYAA38EDMAAAAAAAIJzYQ4GSWjENRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="}
00508{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":725950,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"pkt":"PKn0qB\/spJGxgjQ5ht1gBLlEADsRMSYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVLLcAA7grWbAAAAAAAI85\/7s6OU42n\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMMoKiqo="}
-00526{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02101{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":729337,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gD9VeBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTYcSTECgoKCghziEmCXfFrHwAARL4b9YC0jUsti7Mc5rxL4bMvXbxsMAL4olVYvjN5PRilW7n4ljBBgiUUpEp6wkwiK5RNAL1DfWrRUra5EMQLYa7yT41ymm1v6KJQRwEqyPeHRFsdBUytKI1rPpS2iH3d+FCzh5\/N6Z35TAJ9TEkCWIk+Ml+SIXBhvhzUmKrkh5gS1558X7aUVr0+OVPR\/OBAJI6M04pwjG\/TaX02ASBnVhuctq1ZReIF0Qlkld94+mqjWxQYB1h\/dpYajowgC\/v5jRQEyHEsjdqTOCfqW28oG8epcCImwCaKkDGkjO6jIwTlSxF6latNrZSmdZRrSDZoCq8uakGSkhQeQD2tbSdbJP3NIbv48WygGXsPWffl9u2ujdRJm\/mhRyLkJCjx5sa5rgRArGikWOTIFjBiZskkStgxHsaKre0OnrY1wLFpG4jthscTHZBq1DL09xjZXEQJ2ar4Dtzgafat7TI9Hfak0NczSvcPxpb3sdfCJrdFt1LLq8mrHti29tt00qMRqTnKUeIkHYHh7EQQ9oqrrtJifM5cuHsdjGPMVxm9ZUD0068DuR7m1j4gZFuCYXIep1D1iLrNXyk77C1SoyXKdL1MFZ598bVXG059RuwlXJhTx+IppuQLvyCWcvMiIipe3POlLLXybFowBGtm+37kvSW6bP+6Bxu21k5BVUZfDmEKQyiqLWLjwhxn3jDb4fTI\/tsSGhcc\/41ZbDNffoTAgxCap8FDnwN9k1QY743o2ZLez7kXEqmuCSqROQE0HUjKczuKGz33rl5rbKMOlfIb\/lA8U1oeAS0Sj3wgBhRgs1SQYzWkBHGDyVcO7BJnrphu3U5D+htX5HpNK\/0e0TAN25zjT+K8nEX\/3DxvwlbRk5wJn+AyZ6JzbbsH\/1G362DzBVBwHYtagkCvON+t57Hc8iE0aTENenXMtwoN6f1B1wYZduiqdYZPniBsQbp7yIJXGHSGCsbl9vCCVYSK6B4mOBmSs59Zd9Zrb7yQCHCnL46xUUYWuW9XHIcs0q\/XTN95d+nDWCaFZa+65E1OkZ2fioJ1I0J\/kglR5x\/pGBhYlVfLXHAZVrrS3NBUMxiwiuXE9YBgC9AX1K\/KCo5PwZac3eUtWl9Wvsqatscy6Zn2neT5yibaTDkcAz+i\/SD6bPG3oO+HswnP0fQu\/hQQV52AAn588lzkI6wOW1Nf2SkEsrPhNqIqbOT+45N1cYw4dXaKydqgziAJcH6frtCv\/BERLWdW5ewDhAVbqZlXbOJGS3oeEiYxUgAGq5frf4Jy9sSj6pAt8NpKzgi1DQyQw+BwQnHXZRD\/HBVXw3jtQ1qbfGSm14e62NKcGoZWqPZ0CTo3qMtWuIR5HUMC7Ai6bto6NZQHe4oCIJdkAxQy1eEp0C4LTqq2dwEQGt8jSA+u5zN3lFYX3qO0vvZJcB6Zk0gu35QWPxA2cbDcDeaDguvChaUcmmEJupLYmfRogah2a2iBSw05H7VN+qBky0gky1JC8ev3mlnS6NoFiCW1OUv+s0O3xZXA3kkBnLnMiQ5jYF91oGnVVU63IlOma6Ux58+jDHxiAI7Pk+X2pAFVXwS81L08kdqsBZcYLq9UHGw9rxSOOIc+iP4xlUuEXJrJ2xk2YuBRoQ=="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00530{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"cloudflare-quic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02107{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":729343,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCGnqBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0dDpGwpl3Ci5EerREPl9RIKJcKdoNqRq0LiqreYf6EOoxrVqsnRGXi8dK3qw4eUScQ=="}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"http3-test.litespeedtech.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":736042,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gDJNoBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMOCvG195MdsDa2WfPCN+fs1Twy5bRnpAdq\/aOqOWkb9sVtpRcByoK+nPaUgcYcmBQw=="}
-00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.rocks","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02100{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":738509,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8ydAAEARtHzAqAGAwb4KYucjEVEE7P8dwwoKCgoIOPxKwZ+D2JAAAETSb9UlQE89ABeQeI\/QpsT81kvbf+yGJkDFJiGPzWvy81KCH2cJiDSPisJ1QnX5xtmzBkvUHRp2FuQGYa\/pilZqNP70VReX07WlD\/pZQJVCbigdcxMaEYZASHVRfutuRBKJAqHBAwLkNLD3Z3I0ZaHCqcS9KYzw98tkCokzq6mDpHzHtf6ExbYo4N0cIacCNvdP+KsCtrUQL5WlJ9CyKBD242cIc5CKdLYQTld3qevU3UaqfhVdl5eNkntpOfIkomDk06sEpzJqxU7qHCvJeRN5m5L79zL+gTeIyE9Asm2jjoxtsNgfImDjEtUQxGhWbcpzrh3DpfCal+\/Lh3\/9pzSQhk5oc7WisaXX4PMLYNl+D\/m52ZU0UFUhE0+l9n3VSr0dkOaUEe35MHeuokXZgwXZNMBFC5igXXlE8UTLsi0ue8JTTCNLCTt+A2z1dpM8DEqH3biH+qPKj7JaqT0dHO+FKOdg2AM+f4RwN8QCF26RT62FuMBNmyc7aD4PDQPxUCYmRi0UGMYomOoMy8hZ\/jdhA0wX+8Om3VVga0TGy7NSDrerhKL7+YEsof035rdtPH0Y3j599QoVaO64ZA3v+T3u\/PfqnGSNilFgI9flDp09Oakd9oM2lrpaAWLKUI\/yiWEn06khwuxYpdaA+jHlJRUxbcAtBcEA7Cj1DsLuovsIWklWe2vDb5Co0vAUw5gsM+5gFIyui6IYAnMYEgYAo0c5k8aJzc1BMlQVQ3DaV0O66JJgt45uH5jizP8oxu2Wh52E9LT2KVQJhcHClILWv+P8RGxhrIU6t17U1LVUVBWrmKV60at1NW+rS5XSlF37anegq12p4\/NuoM\/YA2qu2AGPkJxiKmaQkbUvxD27zSetz4qW8RHM7iubRGqfzIBqjSpWnrxid4CaaVVEodx37MBRM60oKdEd8diMaexoLpCHpXy9\/9K2ILLllW9BNa9VJqdBFl\/PG2+3KXrSPTzMih\/0LgFxzrGSKn0cLTERd6NQOkq4kYFwu05o3XKSFMJCrrKttzDQOD0Xxkg+EwHHOHzZmUPRCHUL9xhPxEJdnU1P\/3DLDZMnviROzqkxPMEGYvrPbBWkCovwDH0\/6kXKJUwTNn4cbIQkW\/t2p9CS7lBLRdj+DcuKY4rzac0WcEfT58KRBSZN+EEOJ8ox4ywybHsEVQIhRgiC6M8tZ0Xtu+jwmRkD7RXtD4ivQRzZZrdRaM7+tfWpzYQViq1cUl0HobKvf8BQLMQNaUHuCe2x0spprn6wrhwmhtFLZM\/3JUQaheNThydzrhRsBxsueLLPS2wSHRf5YbXUOfqKT8x1ZUxl1Cu9Q2MBtIfuiHdJowbL58DK14UHd5YMvnZi5fDRxVUztKDIVYQMqMKH8yV9xD3VGPyIiH8IGHHs5mHayhzBKpOTDNSJvoWCwUSiT09RuRXMK392nYlXWcB1GHTIFJkC8XToE5ImQ07hzYbIBq2ramFYEZ541ak4WuKuC31\/KEs2j8jC9NQ9YUqFgEBERIZrXwnuyNqHXFfcqkiJHQ96OMVEUoO+dD1RwDoPZlAiSL6Y0xKWblqIJeilsDd4MRdVKt2kHPj3frisO3sEnc1o4dW8rgPCUUWuyR+3XiwvLjWNq9104NxX8nzAm\/FnVOMJuAoC5Q=="}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02111{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":743648,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAbxtAAEARaETAqAGAg58Yxr4EEVIE7BzKwgoKCgoIBzLrVZ9ibJ4AAETSpSIYhDhoiEFvP1qBCfMoU\/4qjpQbb9U7jdmFrc8viSpjQA7eDSIQICGT\/pnAELg3vnpeBC5hTrSAg5y0v3Nvj85YCDRYDUNtZg\/gqc9lMinrr2qy\/+tACJsh9TULiMkhVXBS\/DnqCBfVla2xKSlWGVYDfxfjWPLOnhjK4tuRvdsBg38QhZovgQwbE74gpeM+C0l1yFZQr\/3HZtCstNCtOu3UtW84W17PI7FfcdTn2s7KMsKWIseHKaKkB14DaKKUlr8b+M0Keb3aJipD33LW0ttcYvVI7edW5O9HmyMTEHHmLBoOENtgq1qxmaA8dcVwULmdz7v7A89bnJ9YPWVoQT\/AY3vPa9CPc7aXzzjpQHzXvLmR1Cp8lyfevJQBBugOzD1EFG+6ORqgxwy\/t3AMVq6UiTAqOHk10YiYfoOWp0mc0l792MEYihPH4U0Q4J\/xWCQfYBLc2RwO5JS8\/rBGN\/OkQMwq3X5t9nFOjPPZBRc\/+vV3l78KFWTME722BMgiyt1PB0IMcr\/wY9oB71n3944uqDUTQxh283ZrXbfA6w8v7iNeB1nvtIkfZTo5\/9dY9NpiV9qF4AHCmIy\/ojTRgA9UIdX8hEx5O0FmtvynQ+mLeozICBFeXAnpoY8U5dl0a8wlaBpakWQutMPrk\/nAriiy1jFsR5LnosEI4Yz6\/MFOg7bYZIyHPK\/xf+9zlkY7T4qEj6ycOajZ1TYCeHMIlwhBWcOIPbgRWdOWETBlCd6sWgfOMwJCAXcjFu88KLuQ+pCjd31kktdw1RVYXCTbQod3cSDHFSoD6z7zQZ32UQ\/kR6M7QstvWKuGXKrevWSqUPnQ7HrYNQDFIBkklqFkxbVZcSnT4UUB7KQmwYtQUc3FO7o6Sx9BRuD68Yg\/gcvk3BApsJtzmbS7xsNHmaRwAqrqaj4+m2ULPGLQS80yS6mffzxUsj35+UHRRyp7PYmh1cC9qTzCEsRA7CjRwHLjqXJ\/bFB2ydqN23sLpT9nS4qU4QS\/HV6Wwrx0WtQFBbsfAW3fUZkAAZCl13hpQUwFlYp1jVMEWAMYBq5YiQtqre2ANV2GA425sm0cmnAEoAPOvqCelpE6WxYBAjJ6Ob9xQn5fw5KtiH1vTt2jIzGqg7h7x+eEG7EtskR3WXy2ULpj8avtEHxoIAYNFuma3Kw1Q5I+yp3gZXvCg80hvQ5yvTMTRFEFLv7e3AI9MWK1ez\/Gs92MjqKDjcFapzN8J0ncdbpf7VMM\/SAAAyn39VVA2B0eImPwbFAkVPm6q7XMvwTw43gkYyH+tIZCaiByTp2fz7f13zt5uWkHJ\/xdDxZ0QWMsgr23LTh8uX0dAi+gTSxGMdGZ+JMlIsaX0oCPfGb0HHLtAsXQYqZ0ZWPw28mWBYTpruOoNFb3DlX+6qExjK8WSy1ooe5+wJKkueb4Xmv\/UjHpZRrauceITr70pDmM\/h\/qmPnCS6hmsP17czX\/4rm35DUjFnD5mDlo+Qvw14FGc0FaI4S4lHwDgjoDtx1uxn3T6ZBIvh7IG+k1Jkwrdejn5+rYQQ7D+n0F6ra8Kary+Yp6IxTLgWMA39l4flYecvLvLbyaihe+bxuZ\/sXW44m\/I+rkIqDYksSpmtNCQoAiuTEaO8+G9TYcOPSiueZiWcspgw=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00751{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"pandora.cm.in.tum.de","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02114{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":743654,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAP7ZAAEAR7R\/AqAGAilu8k6XkEVEE7HdHzAoKCgoIR0aH1pvahxkAAETSPnSjK947ByD+BwPD1aG8hiXIT+yh1\/\/dJPToYueaTYmcm5W39inFapwMfwXtPNuHyuKzvQi4tEhoFP7o5cr7L\/YLfOvRTXCcf\/nBs2i0GOysW2g+q+ySQiTJnXYhgdgzrVd+5t3w\/PQw6fy9t\/m\/yds5zVgFZvkcK9+PBnMGkX69jNHZy\/lqJ01nDFjal9f8GD69jzEKMTGYvMSJQA7RNeC\/KD8eOpHjj9WBygsq6CUYIr8fo6US3BfgPq9gd0A0tmwg39CMW8XvWjfxQE42A0qdKexPHBHbO44RrgN1lYWHsF9KHFf0oG1zpJP\/biAOd06E+L4G8kH7VJLNs7ScFYpQk1sjfWbopJV2NDDRk5n\/u159T7mAS9TPir6Mkav0xo3zJWRpgX5F8BCPA+wy2ILkS4PSS1v0MrOJCoimlv1DqJ5OlW084DnCjwz8IJMv\/SKXa7+4NnVr\/\/ESvUHOac9wGGR1zXP9FI\/x3cL3p4u9H6RWhCPW4QyjHaemmC\/gfB\/0E+a4D2sYjszc275uEiiMk9YkT5MYHrBeYLCaU7Q8DxDwccUne3cpoJ4lHHcYLSLAlSL\/\/KY7h+VxvR+zoxuGflSDjAs1poqdo\/IUube0PEi4UTgbHuGAtXxbtiHSdrpAoua4+6szPVBhRGKex4yMRpVhbH8S+dN3Pyg3B24A0\/OVSzrM5pnJd27z5j0Gd+CA6I3BX8Yp+2hPRnK41jUW3bVktO7edHptm5sFjlFYICv0SOarAbQ6n2DmwLm92sqQh3QS9Lmm4WOx2XCagFIPZIDiZeLTTkq+aszsag6ixBzFj1pcSsByUB\/GhjosZxT0Gj4yUoAQIHzUTJg7J3nKc68zoJAksRF0IX4lzCTP2m7zWWuJzrV47gUbv+qb40KFRAbhbw5Dyw8fAJ3D9TlnxYIcqnqk4LMimkerR+VyVCXS\/6WHTRMPm4MtIHNddK1\/U\/48s6JsJR68VJBGumfircAqWj50LwIeATognNP1DIA70mG9JvdMDmO2oTwy6ySJN4Y3y06X7q3Z8NCtiC\/iI2uhGloDLFxuymBLemWj0VpyeCZG0yIpqIc1HEmv6XKNmjw7z8uZ8Y5Cfh3l0rF5wkKZKiS1xmPWaos69hnGAavOUwNzlyVD3k8VynbijwHzavIsoRY3BLDI4EUCUOPCvrOJTxW67HBmCCikO43iO+akkrn7xaV4Xo\/zs2kx7KWcSSCAiFYi2fQxAO4dtBo2lzxCU5sDKZWyE2j\/3FtfwJAdNdp2IztD++HqzRoQ387gULsMy0sNutEk1+pbY\/0fe+lCMT8UDYTOJkXwNxjYJql09DmDSST+acm9N1pvUw5rNb4b3q6LcSzpLxBR68KiN6n1WdGdEBNNLh4GVDxkIJvPtKALCuwiML8mF7tHe9HaxwxTrg\/pGssCVS5xDRj73Jovu\/IOG05VG5UNPKU18Acro3NlKckFYERDjRmsoE81UwYtkwm7N7d2F1WbVoupTw027C7AT7qM8FKZYTL16DfcvuloswPjS71+3GJDR59F44OqreAhoGhdcp+Xh8QSIYeTsyxnGWk0kqW4A4ueD9T9D7LMkceoPCCE+H9fBRiJlRLBVUKyk4ZJsKg4xzaX\/xksDV8yz35z5z93CJ\/IWw=="}
-00812{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"QUIC.Microsoft","breed":"Safe","category":"Cloud"},"quic": {"client_requested_server_name":"quic.westus.cloudapp.azure.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02106{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":745946,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTY3a\/ICgoKCgj9UoceU8iiQAAARL6ASJxduLYM4xsAvBTFbnnnMgyZmTRslgR5MTLzlGRvRpNyp8S8YSqhWi2EmIsbwpUo7wbHPWhyFPr99JEnZIlhcjYPyxEGseCwFKnV2A0\/LB+svcKwvaZro6Z2b6a5Qb2NXM0oceBQSsPvPMg08kktxPj6SOee45akgVhY4DzKTwOEuk83sHBjlwEQifFccsbM9rqqjEuAyt6JNZnZPoxNz1G+S71LAyfhU0K8u707IjCNbt043hVKiDAAP5Ls\/kOK5\/P5wqDCSLczv4J+lN2F6A33FYO\/MH2HOQiHb42Npm0EKTL+3SUNLPF87XHIdatFGKqcZkjBNCnSSbcZX2rEd6EUtj2nyhPr+r+nFeDhikrv+PxIFsc4VtD7WW0xDr26dPr5aSb061H45m8ZE0qNRBQR5tFZnbTGbyvde2q0Qpki81IBl6UJt1pUmavS5bxq5HrjSyr+NuMKr1axIeHUWwVKneV0bHR+2mJcQo9V+yDL+oVm6ynfkdvz+nfkBGIwjGTvIVMQdFq8yx2LVqO\/qhKk6WPhCoWu9SDfjAy3GRJgBH2n4\/AbuSFWy2FX3xB+FF8PVmqqU3lrXAwclcYyJxho6IWefEErywTT+xmJJToC+y\/V9RX\/POWQWAr70juowrxsRoO0Y3cHtF1mRnK77ko\/Z2bo+32+o7WcpTcj05oFRjeFzF\/bQhzfov7nC9AvF49NZTgKdU080+rsO\/a47JDDU9xRZIAdg7wur3suP\/23X5uAgAdvy9UfsMqaYaHuALSqzHmgmG+LU\/6oOzEiGUuM8xxO480fAsxJEYsa6aGv2IZSIrscvxw7PTjaAwUenIyoO3VqZ+CINAlZcJTfYDfC9Hoc9OdcdGsqCYKUW2wEzwexc9d2EUKPuBdQN2dXat5aWucUNWLDcCZgqT4lbJEnTA2hr0ad5eSaqS6BfcqZWuOLYKUHB67L8Lmnq2zuNtqKmvXXpYPuIvpGFWs7G7GD6CQFOGRklyTm3tEhq+17muIZPvSti1DEepk\/jf609KGeKiujNRiayZCXOCYOzkT28aBRRNckMsvT0LKNcigIKfjCDjIrh9aBkhLcgwpdGyl0y0h5hzDf\/4VXIhtMY0ORmfK1bAFgAlZBgLLfAp9\/vELXdZmlDRSB768DANFA4iwCGp8+E5loZtSnwVUJwBA4KRJzszszKovh\/eLZuleX\/lWlVGnatUN4nwRXaA1HElTOEdLlw6fZcHl\/Bdp4mHTJ8y+9+pA69KKpbmTruDVoXYkxoxHu9SNP1A3\/1SU74fa+4vsnpiYx3onvBAsr5gEzR0pL43F78fgO+m6gor7Et7VdeE4b0ZBmKRybKRoGjfTeCumdBa1nXpC30UmUVAo+zHRyQ1fZ2xkGMwXeR8l2HdsJlr15wXYvnfd6lL7qDoJjy440fHRTo9Bsr\/clAcx+A\/nz+C5jTYcda4m99NqYRLQUmM0ojNMm3OJF4cbzbp6ia5SamPyogQ1msqIhDfkv9Q2tHko55jTHfOK86Fc81Rz9PlrSPeKqSQiDiYO0Ad6xLICN\/o4TcHWtv1wNgnzDEw5LNMuaUGnl4D4FXXeGTZ793MSG1gIEgmaX3GvG52P40BhE04PqAmddEQ=="}
00473{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":749121,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gCsonACMRMSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9EVGzHAAjCaG2AAAAAAAI2i99jGY\/xbL\/AAAd\/wAAHP8AABs="}
02111{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":750560,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8Y1AAEAREMTAqAGAR8opqZMdEVEE7OQ\/wwoKCgoIqaWx\/UJ+JLQAAETSC8vS9NYx\/piHxwl8s8tPMp6kRvO2UBaRMuZHcUr7jludPMV53ZjKHSEyJP+9E8\/YwfQgCjydB0456RwGo1\/cbqx+RH1Q8+a1Bo1DdJBYSWHzgdWM0CbI8YB14t04OHAilhwb5MlDY0NSInVq7T8MAzGcexUB7xgxT3QdMV0ajcdAA4QbbUxGpL\/JsbBCdpMKcKPK2DVQFnN0kkOHn9OlQg4o9cA4XLljFnTIscrDUPaU8cEzYClT6gYQP2jfUUOYkMZZULYk5bpXO7ax5xa50czA2ls0cdXBQf7YUbq+XEnU8cGtnVcx69nAz\/CACNjhFN4oROsXXKDcRVVrHQlIHQT9PZ1APNWYKwMR9C2+9u8dIrhct2cOe+7nRU5qzDx+30cas94Oc2UBgVvL4WrIGpSaoUpJWOS0GeDoGOZ\/NWWg33pgJHnq+fY7ZzZHaHkXZjK77y1bAHB5Tr17hCnN5b0yRFsFoYe9i3Wjp9k8hE3VZmn0SbrwA2HbX31Rwes9jjmIw\/os2DIcecacn2FrvDVlDqA+PQeIAXs\/2y71axQ4RLDic1gPyOF1NF3TOt80pLqz6lBzfCDO3rQH87n\/FiG2UQCjXUWyj00vQBE0K4S49nrAnDyF86E+RmqfHyjAEU7mfiLFjvU+SSLwbi\/fJZjzvnUDZSqjvi6f0IiNao51VPDI0VABW13IqPcImOawEl8JX5u0SQuxZjMaB+gkN47AMk5gGVpUcxeJ7Z9XwIs0K0lZDbqGWCXMCdIud52cUv5Q7a4BkzKCwhQfbEBvI2t+x0ewDQFUYQ17Lne1\/93MxOPU47Wf8TBSnv+VQbWOxLdCg2nECwvv8CsEtJFeZWh\/ha1cf4fZct1vISvq8GJAxKd76jGaP\/45zQLjR4HASo2rVXFn0L\/ETUkSvIfvqvSOkP0YtSO\/ZLn52LtlBuvcA71G0tQ37DmpzKxqMVV6sHgX3+zStA9c6eE7Wp\/gkgIS2yyC89rXKte79UGlVKqDYHmP54LWQ33xn\/ghDB5Udev516Q4LJ\/LYK1naDjh4zdtyWDOyHtV6dDjzohTwANBgk7tTb8qpeFDkvo\/5XKUnTRyFT6z1vDtwXisGZ3PyPwdthxyiwl227D+CWkoTh6C7df5\/ykCgFfvvCvgoQH8u8rshHs55PKOGBg5Hqs5deERSp3QXO5XGtS3KFrfrVEg6HdcbkCxSBW6ksxlYLzTFTTuuN3qPrqUBpBL+bmMKRSiOP1Qzjapvnxaf9gMa1yPSmZaOdEDbYJpPK7oha37il+Yc\/Ki35zS\/SKKrO9P2OR76tBQ1tVYddL33Ezyaaiyq3JlG\/nwWmfV5D2y+Js0\/lW0oPF+SLaGcNUfweLLinRJd+WusXgPVh9RJ+wX\/ykCIdqWlM284dJEMxAAj6BoI4wNZMRXYMh7U0nrCrpYSTFx7EaqFBm7HBPZbeFEUO8nxhWclcKvpJfe5Sf5yDohJz\/1ozHUKuzC9D3+QBJjDqURTWaAew7pm4H1KncN+qU8PnTQKXvs8sV4kCe3iQ+i0\/nVCMUjviEYY1\/hUg1AA4cxVLMRpwljkJ+SrVfWXClIk9dlebLFDCqTEzVG8u0wwo9BmMF63RqgLA7RedBbfzfYGr0pGXf\/l2NvPGQXqdbLDg=="}
-00538{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02106{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":750923,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAfkDBNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZIvtThVaEaIsqv89pcU+EoZuJG6wojlAyR0dhaUyj7ezXTuA25fYN0yKiGFN29BfWA=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.tech","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02107{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":750941,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUANsZAAEARy4vAqAGAR8opqZMLAbsE7Ok\/zAoKCgoINqH1Vk80LhQAAETSoI4wdjcpvn01GyYGcs8WSPSlKPT4hY9r7ZqPT9FILv6mf0g+Sw+ruXz256wKfDlVUbQnhrO+J2WPPYXirISnHdW5UejVo+0GNbGGC7pxqEcspy5a\/AJGn9AlGBaUXuFdjU97Kn6GHsNBd6bdZ3+SRnRxnNzx3oqxje3M74CutehdUh9SD+lH8Ub\/n5kiikOxdihmi26CPsVygaeEpmQ\/ctjlgUeWzXeW6BI5VBRC\/SBTjQ1Jm5WM7UYSJc7206JIZFbkts5ijN4IYXYCa6dQPxtIUWKXQ3dvfDY7hKCYqYb0oQk8vNpd+VxLZ+X2tKF+cUI8Vxl+uQ1cyS7KRBFhSWWakuw6JqnPtneYuh2X0FsZcDWbR4iGUWVWgDg9Qw5cfvrP12Y\/yiLSLAGuKBuRr+bvLEH8tSrJRasEnvugWyA7qLDfZYZJnvH+JBBq7\/aECFTncu7StDcd8mUbn9I9AidCbV\/bMYXQlnSnKDQulxvXQ4dbJwT\/tlwiGidqTTeBgir9P1P3PCQxKDec98Req33hD33Pl1kOhW47JhAzt2PSVpD5yGFmdTiUtav0ZVZ4bVttJ50pPh0rwKfk06rey\/iamM+sc2+SMdjSdewqGqL+SInrOte3Zwu6gGMBTDH1Dyn1E0nmn0Tb\/Q1gEjU93vGLNsvKan5nMFqYWW2NNsruGSJ+9aJA9OOwdQMWK3sGUohqhR5oMULjwJwWB4Co1NNGczoGoTZkPBosjx1u8umd4oTn1Z2YEOsfq\/MS16\/Yc6JAedu\/au3dMTV8zUcm9uBg2LvP4HCYefsbA+hZ3OpRlBsm8QE5VwJdjLl9s5rMN33d4LYFMCKrf6QdIGj5c4fUlmgpdRq+dBGaSuAfzg0ku6d1UCGoNDQKc7loJPuEMWGVQQa3mEV9T3wFWWD6qST\/etOV4D\/sj1plYn1+smnFQBuQZSbZweVdNYukikzA14A8nweXxSHltQyCOoXoXsTnOodIRecC5axLme+KFXLONSqcF7oL989dNvADyfgfXeWjM56pSGw8v1frDP2WvRz\/9O2VASdSPymmk7eOvVaojgAkCWc585MWwdlDf2Bq\/0Eu3MuR5eBJAaTZqNMwminLUZSdyoyjLlJm2rZrJBLuK2gyXgKALsphtbmnZoJqw6TqoTKjr8UYtnFpWqENJDhQ5+ORa2Hcbq\/Dt4PwTSt+rPvIoSh7Jaterb+RkztGN0uVdPoKTy77oy3I5gH\/ftpi+zlnKzZWJcJk7cxUnYiLi2m\/syIsVA+rAGJ4eeYI0XnnqQO4AvGYQTCUgtaiahKO7UOHl88kFcJG4D8pQg2wwb5607JGDUPMhSYXsNIwTaOjnaJDy919gMoDn26JaGel3R8iazejn1O\/DzxXDINb0MonstAugqKgKVKjzgLZ\/csTsyHaMRIb0aSATuia50Le8I3Ve5TbTrO\/bIUVjBtgTrRKF9beL0OL2aHMhnVOyvZCYm2Rfh+hzhENK+ndpIFgdC09Qc1PCFaAc\/iWtEnOkRAICRVP\/n2wewDV4ofdczPB2YLwTo\/A4bp3k9J39KVcL+jkeKQH9hK9CryMQU2J\/VOD96l9ePlxO+jxkFCQ59EYKnbqkDYSz689nm86kaU5Ehu7UNB2XjaenWSjg+6wrw=="}
02110{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":752617,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU1dAAEARXy7AqAGAjOM0XJOYAbsE7NI+zwoKCgoI8EYvtCcjifcAAETSbBDdIICaEFzEG1iH2xrezIkmzc81Se7Om4pMqi+fkG1ee5cmCW03EDIZCCsKAvFcaFK0xOPuVpbYZPxd25c0VKDC2\/IuslwjOlp8bug5TVX8ayHsiTo+lsvxl1UQybYSPktQa6tD8aJ1SYoje\/TUY\/5v\/R2x3Qgs8EMkrwm3yX346YWdgmSm1p7ceKPEy+zG5LRvC9shuVP1fHGwJ+1fA5BlvICvwLYIOkfS5qSoKKUy0u4Zz9f3Dl8wvOnZhXCK6i8j4NlIpdZHu5RJiAsAZ4LK1nC+Hkny64Ae6XYMfX+bXXmhr20i5ZKonuPmoXhEkpwdnfR7Q+F6EhXJUuuaYdMH\/IWPcTw7L1PQOQRTBPiChmKnH9chbLTQGT2spRUw6ZUEwVFq4In3Weuzal0iqS\/0+Qhc+H5LZTfRP3k77cm2bTwA3v9yZps\/N8GHeBgerU\/GibGyvQfEIGnBs4SP6XvADxPaOf9Do6K3NWxPainQ6ROxxs18RzpwAqfNwr4czNzHmge9hVsXC2jkjt+a3iuT2VTvtgYP\/gg3wHLLEejB8ULg0YDhFTSwR5yZE+PblWTw\/h1zub\/pMrOiBxxazdMQ6Cnlz1xT+HwIG9hofXF2+e7REuF5bc+tHJIAxGxRRDEZiMKISCqpeRlWCWzB2x1mmKE\/KOsosvWRujnwCM1KnVuycB6dQCV8X5XgqFkoCYNSzpxTxn5s75i07w6T3iQzjZ7RhS6EVLmvqncx43bMihbC16QzKChHTteVef548eeTYH\/HqbZPAD8YiWnymAmXsIshT9ZrxL58BUWA8AOTB75ExBEpSWvCr6cdH9tmHTnFX+iAHfgQ+SXuDcA8Yh6Ch37H7iJkjIlyFlV0xYK80\/8rLLX9Fi16hMEw4MsMSJoCvgH1JkfA2nunYMhjsU2UTxS5kbVKkx14WrqJvIAkV1s24F3JhhnfrjqaA\/+WQCy6FO4gWrpnAldrYzL2M62GkNRWliggV7ygB87oMNLaAmKZ5PPWr4N7Ua\/KkdB4nYZv97Cgzy\/7FwISfaGW02358adB++VWymI6DWtw2+GpWB3k0kCTmUYA6ScuXne\/RAGeAonjWWbVkNYIk9hKz39J2Uz8YIvzxBUfOGU8GZZmVIYhs+LqHfeGeKbbCDVrdghS8AtfkpMJaXaNuqlKxMd0+QmH708rOIK59+ExcbrFRuuFCV+Y2kBwCFjNISkM\/hxKEL3li6mt6HDE6ObfY03fEoJ8sHxvuyXUyqUrbYA+\/+769MwVZnJvR3BgYsDQ7yyssPJx61jOW9\/\/ZJaUpoeTMs+LvTpOaO3aOGoys7HzhFtjxPpaMeuy6J8rvRGlDmpFIbJDQSikU42BVwHFgIiJEdtXmpWvL6UjR9gEnH7F4leVc6kZRbkH8JQU7saam7b+aLACqy8QGiFKLZZ79Su9BVo3hXx4V\/a9UOG0fwWICYP2rWjoSlMM1D8LD3JyXD\/xHI05oU4AlfqIPRE\/pZQIZghaIHZV\/ga\/hvwGvtrr60MW42GcZ7safTYI3OMKFIcoVKABl6HRXDdV5P2Rt+B44fCqh8Rx5j1GHzSW\/rGFP+xPOA0hzb72SyDr1nPrWA2ufiZWLD7rTJqxk+zP0NWdN1W8Ig7keNnXWv4QL9x\/\/g=="}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1603816434756,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1603816434756,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02114{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":756670,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAOvlAAEARQxzAqAGAA3nyNtCaEVIE7JFKxgoKCgoILW5Ke\/Z2fngAAETSF+9lWl21JTgtfVHZ5XMFAV5iwNh8QJikNlPYLLcL257g14TEszj6j7gT+sZNJ3RW6GlkGKI0cLTiGhA4DZXSY2CRRkQV8aus3zX9x+wV2RPvN+4eYITQBIblhzLx6SrfCRaIuMd\/dIvuprgHzspSsGPsDVaFWE5RHWm8PvIf\/7WDS2AteLmXnCclnhwiNiESFMU\/JfLfx1BGNZvT2HLZlWqxE\/QH\/8leGOFh4OQdOMgDcrWH2aq0ZIEKOcT+22+SBNS+RXSivQkzWAWGACCn3yDlD4LrYX0EufA2pWqvz0bhI1bD1bMjQNQXTpb0IRYB\/IP9pUSfcl09eg\/8nkbY+WxJsi7\/OumDvzxFqxy1vKTBHoCkKcZU6KzCeDnpcN4UpeF\/P9Su7Hbnq6Oiu4kYT7w5TEYJlfr6hPZSINzK1N08yrm8sF5N1X+BgIp1nZKHO3z9qBo5uTSd7eUgib\/5hEBZVUjZfzcENhMxZ3iQWwxtVBdr1MPVUb\/fAHf\/LyB43r9qDPa9CjQlM9LQ10V7PuMS1mZ\/FoYoEt5+Lt+cJHI5bVFxc5jzohk+GAitdRUtpfiTuEwM1BTukQDiBma4oP3e14IOsjoG1G6JReouNpkBgpuToJ+jAbUrib7kmXzQdUA7kbNqdY9YbE3amA8AbTm+9U8XVMYkeWFdsFBWMWYdsARDe\/wNxFennwMBsN1VI\/Sf2kdpBwmikma9+VOfFyk1+k2sHTPIlSkVm3zjzWfLNM1PgYnwDxsauAlC6hmm0JtKmTtkv+Pn\/\/bRNz47TPwG\/lMWs1GWc\/Duiv2CyU27DrRqkZl9eIkxpCPq+lhf64B8FwAcAY126ezwgYeSIj\/2BPVLzj6uWaHdPFiHkcYmsVRVcNxcn7SbmC6vMu39440UH8ewpx4045LjoYhYGYD9wbNo\/kPCLdYB5lMNkMJTlPPmNe98ODz2WRVDN9gK0zjD8fscveFE1Bpk8Tltq8z87BasUF4e83PNj3KD2dMD7X3GtxvbnR3cIGT3a57NON24InRM\/nwZHwL2bk877r1hTuhvugTQiJQZIW+R7Cd76AgAWAnog5NJv6qFjoKKfxT4AV2tDLzRyjkMMrHebIWYVqs1aklZ5d7wxUYLamAar0CN+WpRkYSzgamBAcwe7BSMa1vimlqjo\/6IlbVmFAty4ZoLhk1JPUo0OTDJGfg7G5ACascLpelBjrrhC8q2UQKF8audmNUZRXmNP+namQx8VwfIgH5YHylOs57ZtHfGy6hvAJo\/Tqvp\/umN87FBHWfLNRT8fGjmReoFRPTt1LBgsiQauA98uLlL\/MhK3zSkvFJb8TpBWg0yrTs+EkEfcIYy\/54O1JGnSBS8+4f\/1DKIa1jmhY4F7hcK\/Y\/Zi33FgbmmvzZ+cspy2SIEhxePsUH3DOdZcJPxMiL9n2teu3XWpEwymkPM3I7Kauv6WrFEPbeyTEqbxV\/7RpTQ21VJA+vSCdBrxnvlGaubOeoQaS4+J\/ugEvRReICuHUPNCmQAnXPbJmcvvOj5p4u5B1t7PBGR3R1kOZNNBIvoThwX9CAlMfPhMMsjct7r8pVUeMkYfmNf8DVqscAvJ5\/vInV2if80iUDSzxy3mS373dztl6IVts0qx7XYaK5V4uL6xfDViQ=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1603816434756,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1603816434756,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"ietf.akaquic.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02111{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":756710,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbRAAEAR5e\/AqAGAwb4KYsH6AbsE7NgwygoKCgoIc5O0PcfI+J8AAETSgTdR0pp7ROFzny7v80GZO+tdgWE1YYvBBVpTfYCLLZ9LR2R\/NMsrhl9CtsbdCKSqQlM9jeDSd7avtFbwkZgUMsGjQSFGIrauocKoeR\/IYUv\/3yqId1gln9QOjFOA7Vx3pZz\/40HjTDz++wnocf0Q7LKFbnIVVlAkyHprEOHxkx31yKlE1OrKPFXX64LJtMBzJGNe1ikJ4DBZc3CxM4VAmWh6jZ6Xziu1T48Y9Jp1rXJLZkDZluz9DNypT19E9aFE2QAE2YffnA08t2CC0Dav\/nelE7OXLvT3\/abxcTvv6lkWQ7Ws\/OGhflJV6pbd8DOAJlm41dw48U7866L\/ZVnZQGhC+qy29Rf0f9z7LTwYqeUnFBlTnrWIJUDejmyBK0xmX71p+M4ZDQYk6ksEN7ys9IhEK+0Ik4NF3m6iw+Y3srEwTIzK7SMuEUaqxHAnsnY0cY7xUBPiPgfPBbiLOeDS23803rHtAW6t+pcVbYzcUhLC5i4Fhsy5HB7swuOTaDalPrb1ks0Osqlmdnwi+VtFXIfWY5hiA\/takn+M6zgv2Z5TIeGz5PwD\/mNhYevqBSzxfqtF6pqWG4u\/KRjbRiKsndJKZWqgEurVo18heo2c6BuDo0f63l9uVIrESW645Q3fwcjj5n0WWKE8\/gOmB1q+Qfeb5YwzG2mkb0uuRf1dVhHaEpflcJ4\/TP64ezBPm2PEqdUJ98ani+HAdCRefhilKHlZCp8FaM0g6fLSIWNKgyXd08cPKg3kQr1QKPyCDeevRCjLROEYKMQBfMcVsYelRUae3sfcDjOm3duGl9ZwBYRTuhqBGmO8BgPbJTCOUP3SnFPjNHZReb65nPAq5CmaErExRB3aqj2X70FK4POxZDcdB2SCLeNQjD0gAdoPMDjy6TU8QbOW6emahG\/pm2XLGB82paRNLQ1UrajFFljlEad6px4jnFkmQswkS1ZCAcPuyjYtBQOoVyU6Jn8IET5bSZAQYtSzhJcRSsotN89chVt8BOmx9WoAiAY6LsHVmGCH8fyiVJ8R96liGv\/mCcZB6Oi41IwhqNraSx\/YHNb8PDeqgVZnzU7HOxgMto9BkhGXVAa\/MDhpy7ONbZFtXLugZH\/GeA4uKx4T\/QjSGOy8\/I8tKHhy1ciKQVx\/4efbfMnze1\/7wiD29p7nKFEe8jhCs0tUTtvbs5svZDkGpMLh\/X4M8hVxSKoXJ4GInFSKgl6TdVamGbNzyLxWmQUTAYnTn24BPh82ABwBHi8IX8bKxOnTE9ArtO1ncpBuGK6utDYd+flGgrwW8Kx3EAqCtI+xt3hxI1lVVBS5mqinEpT4rI7UFt6bivyn3w8QLN2BAypCK2nDcT4jrgs2l16Qbqcq5B1aHCyILvPoswAdCLirW7pESSTDoJJLaY3+F0tLUXrHW1QCvM\/i6MkbViFrAX1Wv2DuS4QGedw\/jPkFjn0PVCpFH1LNlSl\/mq7ojJPIzqm4YoISxxdl92D1MuRAOkcGfHDjHzu2gXU4R2SOjkBJKT78Z0m14Jd3agw7f8zNErlWf3mQN\/cPgefBr3GQB\/5hkj9h7mtqO0XsqbQtHpUzt2Y\/IzySgy2h3inpKHrAmHMy7nBwaqDcL8noSXoChoeTFZAF+yuWHR0EPcyX\/dJQEW5Avw=="}
-00542{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1603816434764,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1603816434764,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":764038,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVbOBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdz5QRUQTYJfbICgoKCghA0fDpGJ\/Z4QAARL42MmGE7LT7K7Ql+V7EQ3yWatv5MRpdEw0GoTR5NQSX65ds5UbmlVEnPiT6ugJBO3avrGIdm9NfC0YolC+M7h3Dd+R8rmFmbMufRy7tEXwOSANvtASfChD2QtW7IUdoUpURW\/ybH6H3HL74XAiUZ9DaKTFRCIGfbZdMWt8ZGjlM+G0uKJJyI4UiXMqUmldhkusW7Dkb3B5PhdsU4l\/\/nXb1ocHMF5ZO15qTuXpuDw3KLbi7Dk3CU80ZSrgIQRr4QnZY7DqaQqaTgqwsAdQp1wPEsQudwtV3+rldfGptoheCDmbpY8ruZrzgIcViEvjU5I9Ku4MmOSDc008VMVo6UbKXAY8wBkNppH+gKT0zKsJbuYos09RElJKJM+JRSvAd13BS3pf5yKPRjvg+VG7dJIXDCpCzd5HB88akDiSNSvnw\/1jpXEBSCG8CQobh6IKIU7erWpgWufuC2MUeTsj93wERw28DYyL4pZ0SgYLM8R+IuAUGggiToLnDY0lhnQxvWPEyOUmn4NJbPGX\/ycsndCFcb9Jll9Txp36+98fi41gKI+rpvius3\/7rHwBBIC53Dc9XI1Li53E\/tYF3PSb\/g4tqh7YqeuJqy592nH72H7zhGojy0gwXJQ\/hWtpj34Umy89wdwne1tmBbDTsm\/OVEe2Hv8wX1eUxdtqxfSQcfE5EjCaX8x5TsLMsFiA+gnimL9YXpXbCar82EARe4s\/1NGbcVosoctM9nH774rkUWziya9xnPI59V8iborTptEZmzs9opsMwWCSG3SUoMF+XgWmJrobGMEBNgQ6NuDdRKVGnCOz5ViUV8HOdhxWdLar9arspdIIQioDF1eMysE8I5ZwvEkpGFpxtL8pSwMYHtvi38MARaK84JW5F4Q+Z9NKUbjEnyJk4DLBXQDZCAccejGxLIlAEw9mV\/SQqwWMDKPfcgeBYaGkjuKCt9IwYkKfJdCAHGlWbthDy9UAYdzWaLgrHKDwv7KjG08gxv3P2Ay64L+MkxpWRZB3zlpP7475UXQoo5J2b\/TCDguBRfBA\/zwH0ywx+bAC1xX58ocUBgtutOfF0Vqf9ZXqQdWJ\/tYbtk2qPb\/vUKDkYspG2+VZV3S4mHyGQEdK+3+Br++sSHMrwkXpKY231omxX2tF0BL0Bxb\/XFoQnF0zVMDi6yl7EdOkVYJKzpCkpByrrFblgbC6aH5tGZmLBBsnQ9oNmcYgP6L4\/rCjc9wp9OI6Dpp\/kCf0+0QdRr65NauWVYS3fzTceAW7h1rV7piIkaCm\/ktLnQ0CjV4yXbM4EAQ\/1J3s6F5an9AUjsSqU7bHdat7EQLbygAV3b2dabdxj5om9WQRt0joYLuxTvD8zwyOedLxW1wTxiQF1SimJGbjZ\/VbtHbirvwE3YrWoKzszq610qQdSeVcciVMkJn8\/frGZPOF+kV+ihka4sCmdlV4EIQk1LeOGrlYlQ6fpIafv8Fxge7YrHQDBRMDZfuEMvNEoQTdfeyjVZwZQIQqYpN1426QLcvTfeGNyVfnI\/BbfhWbK8vegWPhhtQELUYrkCHe43wuMJDkpCyHET\/GRFZPr3UO+sKZLIuMEzbgtFP8BywWzvtpZIPTbuoW\/fNEsBA9hvwy1MQ=="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1603816434764,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1603816434765,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1603816434764,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.ogre.com","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1603816434765,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02116{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":765563,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU3xAAEARXwnAqAGAjOM0XOJGEVIE7OZyxwoKCgoIVNEfWrpr6t8AAETShzjiz2D78m1qpQ+wdRdnpG0LI97NN9w\/zKLTNwbycXDRt9x16mx5gVIiYU9my7Ewd3ZQMG74RKzp5yqjf1swV34ZhT\/6a6RECEeuXIhfq5HIaUvnylxvuq5Ar2tLEHKFSp+lL3+2mCGKG\/aNYIIMA9OUhG2opUeuB2l5mNW6BfknYi6bDFHQDD1kdTaXvzq60RpfCfERji\/a12lQL6ybflc1AUHJdy355ohjy1PIdK24siM83Pzy3WhuqqXhu48NlkiWBwzRIc3QwNG05XWtibPZpt+rnEgQ+dX5n3b+VdVkbT1SCRuZXy4KNB1O35Lr9kd9\/8w+iJRgvFGDJ1gPEsh0qR0CocMn8hmur7qxG29GbjVMp7R1NSj2eAOtmvYpLRwpEXgHuZyaQ1wjCTKff2\/madFWTA4XUYv4fZGglZSmwIF\/drNbz5S3P\/iWcoMFEHkI4sVFj9ZYFd4B3L8Ih2KOMfq0bJT\/WfJrXj4M4zI4ZrVBE7HjqFO+Xl4tQchegf9m36aJmP9rCIyTgms9JLdAWw4p9HwzAtYzEsN7etsiFMbBGYxWytAD85x3V9BiLZ0tRaEDbZVSI3dKqLBjOACNgGbIysz\/M5PX6bbnVEJL+rpXP4dfmzf\/vyIoXSLGK\/35Ot0RpvgHsUdk1M1JiJ\/w0LW\/ca8oRdqHyGl\/0OHcNoRXWU9uCpfJhoCR17fY7d\/8uGaioJukkywUyDy4lEoJon8wuutdoFaZ2G1NQYMqLk2L9BSwK6uXlh\/KFqoktCfkCzS\/xf+XdyqvzCmUAccDyVcTW2Lvm6Iydjjcz17WgP2sboaA9M+jrUXfYeNBGU+gooCH\/ra1qqj6hZV+ycQaUnNe1GLXG68adoCLMAH3j+oxneUkPOBiO5E\/EF5WMPYRqDPOKxnvKYyV0lEoyBg27SjzbmIsvSP3tH7+YEc5r+OkK5iuBgQnkGchz2TXPmjupTCg7Xojg+c2Vl21XIeYUg5zp5dqk+Dg1R9d\/NVFrsh0doLMsqN8QHWUOatOJlm\/\/hWn7+iCSCBW1hRFoljw2OaG0E\/WHGtKJCH2ZhTW\/OlsWDZ1I6a9AalNu2a3QLqufVsas9PvBAL98YjcgSJ2vBIk\/BVRBpG1Q\/rHLLGdBQB\/\/fZj9y5wySLqEy0sx93+y3Y1YIBdxSNqeVQx\/fJpwJre6YpAYG9B9bZ\/BhXdwe1PHHhhhh+Tc0H6ljXzAZf5EDPA4QtQAjr8TpYSQuwb\/souaXFbGTPfik1Mu8mHXJ7chWN7BzwY6WVcDvctTf5wcun\/ot9mUzugsNNaZfRJbJao7Y6eGCUXHAEDWUWwm6eFYQim4\/i3o6CdH9tbSa5KMv36T6nVCkpY+qDyBJdXUmrtiozwIoULbVWC7vKc4k21qmL36sDhhn10y6PN4bIg1\/diWwWYCyWvERVVVw+kY2BYCLC6p8eQ4ktUYbvTDjH7p17NqO7ef3HSSFWp67hCGKfd+ge3gy9+0Ke6znAKoZn3gft7e4Qngv6MCc\/8gqKo6NfPX0NUiWvPO5U1BDl2yWaNt0QFBBfKLxj+uxMZfebHky9N1aDOeVaIQ9eYOanbE2+OeMk1d8+h4d5hGTbyyYZ3xpCnfIP7rR2Q8OBY5Js9LjU+ch2BSmUmNfrrjQ=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1603816434765,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1603816434765,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.examp1e.net","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02113{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":765578,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUALHVAAEARX6PAqAGAKHC\/PLT+AbsE7IqdzwoKCgoIe34skUb\/aLsAAETSJwiqldCG5d2DtH8UDlA+BP\/n+Hka9N9gLDvV00Jk\/OgePJAsiH3HrqXWf6W0XTXk7Pu2p+CFv9C0iF2fTa1ifkWOzj7YZz+hGLr31Ia3KbnzB86fFFCNPLMCgtr6arstfjJ4xI\/CQupOIVcMsg4IO6vzq1hO5uX8ALX13N2Nd4Yxx9Z3IbnXFpgI6JLk1uKVCyweJMlz+LOrhN3PHNyVHIt6alONhgWpEqUlKgTnNS9lCZd9JNENA+veQK+6gvIe2KJWpJlHdMZNI+3fjJnabXQaUxPQIMc0ZI8dZFlz3L059EqhvD2lc8\/naUxdGHznqVZzO\/gUeKnLROfZL6yJDTZiKzf+md1VYLBmBSCdsuQZ7oHBg0w7SSzXTvhRTic8g6kHUcynm9My8rvP3N1cyhHeHYoVTI3hh1p6dM2epSa1QGAI6JHSwnUF1\/QgJ\/yLYnzwcGUMmDxb6+\/Vcoz11hXvHqUfteaUIZrZlPS0IAcPwJ9uUM82Vts2gh0ZtKy1HVF7COtP\/YC8n3yaj2Z4XCxABH1JI1+Gr7s05Sbt7Ydmm0MEi7M4Z7H69xe5sGopICwlQr6BDij0IG\/Q72anBTWx1VNl8l1hae+l8TMmxGeMu9i4blZH4yTZVGbr4Ufrnumx\/iFAYgWQeu6awy9bpeZT5O+xG+rCa2YUWvEwAHwQqGOTLiHRhLqf8bOiysObXTA3QmobJfgdxg\/kMNWj8xUdfAzQUKJYelBbMXT4qn\/A\/bgLMic4ksrxyPSpiS1e9XYY4TcxnGgHk5yxCxuwpm4+S16PEBC8SsJHkLxhM+Pyqg8ZbbK5FBImfMzUEZil15pbURRUjvlZtdskfSyAHSxSF8X4o0JXfUlol+bcOL6ItmB+wzIiN2Q+yijFIXK6d9190X\/aYna6Y1mhBOG0n2BfyedI+P25jlTZHPzLP\/m0eGz0ffpvLil2huLTMVVoPDTaIcLulULXUi1mSE5WxlWTpZdPkeFyxhOecT8BN8ugPHSRdq1YlgSaIwZavu\/XO8PCMiEMZUs7LNob+kHoiN1Yitx+SOUzM3Rfm4SCIMQokalKEYORgNek9yKJq9ysRafffBGVrxSm9fUQ2\/hXog43g3kKJn1+L45W1cDgEOnlzcbSC7mXNgzNI\/9oSvf+verPiM6qHPGSAL45mMH3aGyYMFRQjcVYI49Hhcw\/awYPgb\/M54nczqpco1saP+lU6ffHEwQVDtkjV\/GpfILnkEXC+cQL7juo\/ky491nkMGs1EkNmbbJTwPGVUqPiFcdi\/GoRziaE35KsbCh2pXltXGH77CIkJ8z4h3pP\/kBhLJUXL8fmE9AqMsqW5zCCDLfMDqTPSGLNgu12FdfjnQIvupRRH4Ge0\/B5Zgz1NMHbBts+RgS0Xaxftf2jPR3SxbRu77DVdYw9vVWXM\/R9b26Kxk+mp4fmYKTS6dblfvsoHkgHRfoRp\/1E4eszlorBw59xoTpzT7xgKofVDBGY48JKd52rimDD8\/5N908wmgggGjc\/EEPQbILqIqgEVu+rqihenG\/3x1vbCDXllpynW3aJnILkUHNWbpfDPatq0AQGgN8Op2ovkZNf\/lP0t4iCiUxmNrrEYAIJpsoCwFTBFOv6YhOZgAb9RxW9d3SCROp5nmqJ9Q=="}
02108{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":765599,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApalAAEAReTTAqAGAhfLO9L\/\/EVEE7ON5xgoKCgoIFbSGVwPjC1AAAETSB6nk7BQZ0n6OtRMgfqRMKv0mmF2ZCcJpOh5y0A\/toFlOz1fz5pBGD1YqR4r423K3bLjZPtU8zEdGrInkcNVS7Z9ZXa9KjSFkO6ZkCM+bgjrlPSYegWgr+lf8Seik\/OAa+9m4F+SKC3n3FYnChgcugjttcabtxcQG9UUmURCrO7eKZHimNrioYr36+LduCnNt9LNd\/zB6gPQej59n1H2PIibmagW\/fM66aVsVaR7zVHUCiH\/Qk70XwReQUNqQdtSK1o3x5foHfXLA3D5kXGSVsWki0olqZxxN4FQAu5\/vbJypl6cmZI9OG9mEaVsP3cQN5V6DcyMwwFq92zydNBh3eUgEPN9OuCoA1RCaRF2MY0ZRrUi4a0NGDiLUCV+G4SlLziz9xOJyHgGzjLPAE4BCeRh\/v6+wEZ8mgKyLD1EAVDV3zN30JJ6M0Me3hNHEEbe3VogRVZ0JV6CPYSKozfqmRIa1OO7TLbpqRx6m0yU\/HDbQvXQVvGPqTESIeDN9OWt+hRw0H3fhD\/0jWSUXeT5zzK0QccSYs9OMt6xct2EsrhYBO1aPATDoyaZAvzwTNWt8Eo\/XQktNf5jtBBlktbQBo67n4yyIo5rxgyPWJpQuRO297O7Mat4F1YWbTtTthkWIST5XlLQDR9sjWJQZoLrrVPuOGNaGgLiWbJpKZkPAmpkeoL2fbBEubmo\/7AK73pscjnUsQfmTU2Lhlzk7lE5KZzfdO6Ojycq4INOAlTRsxjE9Zej3obzZ+qt62gpD1eMqQQ4pmr3v0LhMGBrSM5EJ3Lmee9+dMb\/4XFUcIqSZvmCu1M+oA1IifmzxY0YneJ0hq33tjmK17Y6LsqmZvgvIsEtHUfp0429tqiTnJ7jEj9nv1Qws03vEaDx+VL91DFUBUZJsS2cGo6zH4U5+3ALd1d9yNs8qALm9NC2sFDyPeFu+wcrail+CekPau3rfVm\/\/BKg6uu98kDdJCbd1K4G6Sqm\/PNtzcVB3Yj4nmpQutpeBoYu\/N\/9zeylcHDDY+njAE8iIJji89hsMpr06VVSWYUsxYktuKVqxiBHUsyn1Qm+B+LGljetv1Jxr8cQu2ysaGbDgZRBSueKSbvXGNWhWLq7YBfLNgLfLQd6u0Si9aGjm8Is9C7byUaZ2JPKY6uJyDHXlNjc8po\/+0JxVFx+TI9y4r8FR94PIlv+t0snjZMMmWVUUkN9jPEM8reQ6rFbrOw2FyLxYpr7e6DBlYpr1rXi3y2AXbHOBjn\/yzFASJZWgEwjT9kc8\/kszRPabFnemr71tJxRnqsT7Z8rLpEDPHd34XFyRMJy5FhlpGRF5xBBWEPcYiNM4ACXS2zaqVvc4Ob6UONNiC5nq2MkrUel7u0fH3y+QFu5zcqtdETTA0rau+rX839r2M0xAous9B\/DzSAmhABN55MwenMuZXqKqO87\/SWuW3bCHCwmA4YTm0Y3MW31xmUfWCARViMQoMKL4e47lsZJmCw0S76EdXYT\/tkaU\/XJ34K+CTAC9yoTmJCAO9jIFpf2oBzdts69jtTj6Cw9qgKbQnkEP\/wuWHtVAcedrnVjSQu7O6Hr86jboN5XBirNkD\/k3Zb0R5f1hF1X5cR6OxDuouIjIFrBbnyzMLcWJq+pJzxbnTW8A+JnK8lKA7Q=="}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1603816434766,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1603816434766,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
02118{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":766398,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gCcrWBNg6NCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9AQTxKAAAAABgCq04BNgRNSABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlag=="}
-00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1603816434766,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1603816434766,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
01153{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":766415,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgWgAADQBpMeDnxjGwKgBgAMD5agAAAAARQAFAG8bQAA0EXREwKgBgIOfGMa+BBFSBOwcysIKCgoKCAcy61WfYmyeAABE0qUiGIQ4aIhBbz9agQnzKFP+Ko6UG2\/VO43Zha3PL4kqY0AO3g0iECAhk\/6ZwBC4N756XgQuYU60gIOctL9zb4\/OWAg0WA1DbWYP4KnPZTIp669qsv\/rQAibIfU1C4jJIVVwUvw56ggX1ZWtsSkpVhlWA38X41jyzp4YyuLbkb3bAYN\/EIWaL4EMGxO+IKXjPgtJdchWUK\/9x2bQrLTQrTrt1LVvOFtezyOxX3HU59rOyjLCliLHhymipAdeA2iilJa\/G\/jNCnm92iYqQ99y1tLbXGL1SO3nVuTvR5sjExBx5iwaDhDbYKtasZmgPHXFcFC5nc+7+wPPW5yfWD1laEE\/wGN7z2vQj3O2l8846UB817y5kdQqfJcn3ryUAQboDsw9RBRvujkaoMcMv7dwDFaulIkwKjh5NdGImH6DlqdJnNJe\/djBGIoTx+FNEOCf8VgkH2AS3NkcDuSUvP6wRjfzpEDMKt1+bfZxTozz2QUXP\/r1d5e\/ChVkzBO9tgTIIsrdTwdCDHK\/8GPaAe9Z9\/eOLqg1E0MYdvN2a123wOsPL+4jXgdZ77SJH2U6Of\/XWPTaYlfaheABwpiMv6I00YAPVCHV\/IRMeTtBZrb8p0Ppi3qMyAgRXlwJ6aGPFOXZdGvMJWgaWpFkLrTD65P5wK4ostYxbEc="}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1603816434772,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1603816434772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
02101{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":772881,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQS44gAAAABgDEm8BNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8Fw=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1603816434772,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1603816434772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02105{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":776956,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAYA1AAEARdrfAqAGAM55pYqrXEVIE7DzAzAoKCgoI2nqja59HDyMAAETSIwUh\/jjSyce1pBuktMAn\/9fQVpvzsj8X4f6zzIa5zUMyPshEJVxx\/HgJpy2DounAtWqOn7MykfNk1iAT6IFLl5JJDlHVUgHekilaBHXQFm7iNuBD05oF1B0F7q8Qrx84dCVbjPq2TzzI4E8Jn0w6eGKEzj3zAOYyN\/jtcSwUMH\/tdAvJ2KZeRWAZwgBZ+NHFpdpJskxMoq8BiazR6NmdCcDVWJJafWv\/J6n2MwHgdrbXoHD7z9vBv7OTw1ZsmRTWOginovLBtLwEow12QHwK+3EKlGb67Dikjj6Hsiva+EHGjyXXT3NafDD2Mdy+tEkICJVPMdfQgSiLKciRXmF+eiaKhn6t+ZZDXwMIx1tObSDzE+o6+VwUniuIqDp4P1P\/ToVtD+B8x7Pd8fdBpJ4GLav9M4cI3Wrt3ZFYV3\/N8JUWUnnIryRD+gsn8U6xZxSihwbPDnANbZkkqUwtRBWNdvrID63JeJlKECXOhipg3RPgW+AtU7DD8FGCQwK077KHK\/4iE0FRnsfBWs4NiPYWSuDiKbOCzUPifBciRr8tMI1kDMDYdqhOf\/t2cQwVRdaNiCXpVyvtWa68KE7YuTZbjpI5Zm9LOCld3hJ01MiZ7LFRGruZgu66Qt6cNK570mj580eh0jpjgWEGkDr8jkE8qlxmZ\/+JhXsVQeSLOCJpxCPnoKcC\/AgENxJJFj5QqhvZ4\/+S85TLqOVPU75k58aRkk+ToNWPiawuoh+7ZmQNuVNQVgcCtQEXQJu346G7rcjTAKMH3PDGS8OBxREkqOUKIE\/fJzE5mkwFxduFK\/B7NuaeUP\/viNgVQPK+xx+1Ngb7A4VcDPdAPTWKWgbWpoEudTGTXV58El7GU8KydW+XNFItpFzmhNuEFbckU8GM1h8hyV6YxNQ+Ywvmqeqx+Qpa2gsPfebPvZhoavla3sgCdU8L3Fi\/gojIsV72icFiRHpi7wgSeg+dYFEA+ApHg9oKhJJhp8\/wWsOTm76uoFhEbKbRL2YPAgB\/Ql+puWC+1\/d1JEz2eZaAp5Zo4yW5zTvhxVsa5hrrLnPK2t90EkaeWT3kM4NBLrAUyq7fPgZ5preHWxkcCRzxymqgt+6Xj2oWVLVyaqWrzsHWrurGOxbP60QM5pMHY613Q+LrLNvTCsh4ZQzv0k2FKQRVr9u07bMlGLVO5kHK8AlGOnI97GL1hRF\/kBPlbHravjlbftLM0ZE+ofUKm3FCAyqpSNR5f+azjzb6QBklYN+zHv4anLf2bRojetf7WIpCzUtOun8gE3beg5nRdzOcNC5G1ZAhS4QZYrCUyLzy6dQnaI5ti\/HjmSldcvKZM0X8HEANm0ee5l4G\/rQp3samcnQbFsOFm5GfplnfCVyDu6SZLaWZt28o+RfSwBU5HTnFtZyilWnthqnChfP+hUfiDQ1asKcjklc33MY5RFlJ6ek8gI0+BRbnKE7zMoxaJ8oo9BJU12dwyF3tndCM1wJjl2MBm5rkAUb1j4xIIVUrcA0Os8Qp7MwNsapkh+lLuE3uc7vgFLS327NgSo9rR6EA2jIx++BL4omb8CcMSEd5E0h8ER2PPQ2Ijvdcaa4AGZMCHiMkSxGpTa9jY4devoI6nqBsHtnxRjt+CQUUD3xf\/+arnnuqKk3gOjeyEQ=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.seemann.io","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
00503{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":779296,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"pkt":"PKn0qB\/spJGxgjQ5ht1gC0dvADcRMSYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVLSAAA3EH3TAAAAAAAI6BdjXmXwmldRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="}
02112{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":779850,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA7X9AAEAR3vnAqAGAyu7cXJgVAbsE7F0\/xwoKCgoISaS\/HP4FIE0AAETSs+MVmuG4wpmNcPXwiwbgkyhiThvn0LHBRqHfn+gXOdfthzxlp0ltI03pZKw9vyqEYoBiUoMOALn8iwjEM1bBG0sKOHNmuafb9yKJq5CpXdfVW9fnnip2p1tWnGQZccSpOc1uq0bHiGjb10mg3cqpILSGktAMKwPjSF47KMJxZp\/l9ao1+O97nqhSrQZgHoEMImlI7ZCND\/wyqspL+eu6NAWz3rU9vba3BnFw354DNfuXu8HOGbC3Guvt9ytqxi0Yz5DSI1kvCcdc1n7wT0BoaLVFB\/yV1s2y5v5nH3DzJd2ACj9o\/zmaZyMpvWCTRg29elBjIR6fiI98dZm7sRE0VcNIEEqTNqSeoXcWt5unTNHBRYj7lwzoPoXK2TUjG515g9q9fHLJbLWr6\/hB+vEJG6S7dsFN6dIXdTpgqWHu81xJ1m9hfY7AkYBIllm4leEOWu1SRr5c\/AEsknAD+6XbQas8XXqJRRnDaBD1csMJtZvxoVWNSuOHBfOUyiZ4hDYxHjMLTLGygYFsDHCP93SCma0J1PrsKV4mBTWbhdzxAD3aoMxgjoxla8DQxuClSD4NOC96GJ+rdubJmMLxnEpF5JDa1IKuYrUXV3w\/4wQZqtP7g6zDf2GhddDBCDNr7yc+hg+5ilxcgcb2MVoLkgX1OkizCx2RSfRb0eK8thsruCLFSby4jO8bsuNj\/DwRHrD9ALa9P\/tMKNqD\/QB3PCX6uMJrfyT324LeetrVxPvOBvrQpiJegaN9JcarJLQiUBPGBrK+q6yGhmqia+H4CTzm98FspAgFJ3pIDJit2uCN0awhg2fUthbI0kXrjD+YpQbOi0QPuM2dRjqPXjXqrT+X2FbVUvVA37Xe2HlgHJQb01jyc3xry22J8\/uMKksqV4OfH9xACygHSWKGL7403rhhUIh\/1OKDuete+v6YGMI6HZHwxepcu1MBc8\/3NDyIJT7pGaR74MXwks5nUPSMbWXdz5gpe86RgRisPos\/HQNeweIwtPmU7vDULxHYQYbZJm932INOf+U0JuYM9\/0yyF82eovZ0gS\/AOY09vwKYKSps2BcZpcxKZJ6olMmG8Bd8RL\/TLXZh8OzsalyvubiZwDWuVVt1AZfvz8bSBiibxOi0oZJkb4Skel7UVJq4ZUt\/AwshUTtNvBmdhQCuqFbi+vqgJQibSCoN9R4ZSyuDwh4LgKfjp+jo8uQyFbtI8t7MPDA2gEjE9qSW351YU9i5A\/s6I\/H0QY4qaYHU6kmhNbmIKATtEXjZl9SsVnMQ++X3XZU09ZdvRROedhNjBpUePUF2+I+GgpQe9uXNKuTX5eintxBFe\/K9\/CrJuH447MCSJbL3kP6Bf4Qg2eo6fEs5dY6Gxdja3GF51OjnRG43ifui\/tVzaMUi324TS\/XRgkk6p17f60JC6V4Gg40mbPu0O21JxeTFWtWMYV6jinEN5pHS5s61dr9fU3vtxIOEN\/xMZjMROyRyCA55e\/0gx+GVjszIFs+UXq\/SyGgMEveU6gGW5EAZ3dCbJv6R+xa9kprk+rkDzgIuFc+I5Eg81JJd+kRHZiTfuhJaM8VwpyTDR71\/6\/lU7nCHcQiW3bXtU47eJyWza+vS4JMmYpHRxlNVbyyHp66eitmqcsnzcAlPI7xtrqCvg=="}
00453{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":782784,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA\/AABAABwRNNQSvVT1wKgBgAG7iFcAK9mxgAAAAAAACPLo65bqtzD4+s6wDvrOsAH6zrAC\/wAAHf8AABs="}
-00543{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1603816434784,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00555{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1603816434784,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02107{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":784280,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gCAvlBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrrj0RUgTYFNnOCgoKCgghNSPe1nPIHwAARL5EcEFiriZrD+ET8JYIbR9oI0xm+rhrvJqfLILgs8D3Ue0qQNbVhIpNUU0tlgUCj3R+EB0BmYAvw6bLa5fuluEc0rN9r82heJLvapv7VUF9l51pFcem49jTWjYnj2oS6+waPQZXW+lgdvo6kQGqK89XfdzR1PgUM0aNtvz7T3DIGxshf8Bt0Mg12xV8BKvDf+WpUoRZwtsOWK2raSvEzJiBDtp9+7hN2cxP9JSjYr8Ymo+djN+4mxQxt78BMIwseR0wrK25i\/FCRyQZdy2RkGo1CRXgmyDAvyZwFE4TbrzLF307bQj1syPR3dOu7kPw5RNRQT+t3L+8NYL3mVwzg8kMaSuoFMxCZQvln3VAPeh3OJLvvw5+EMXFzx9zqWLfnKXdAHEumvxqEmlR\/1Fx5dKWAiLy4VEiB68pm8cbRcxMeWpZLJsU99vTYR1NQ7ym2LdsdYmsLFkMBHZj6r8XWpZpYhelGHgVf6dBgfvJoDoveKLzHHW7IQW0Q3CRZrurV397BZfMCs6JGA+7vvWU+gtIQ6+afCAD2BGOodmj\/NZoYjSTSz7UleFuiy\/Vh89Rle0L+paWGt8DSK3GtOoMd1TE8\/cyKXC0DuFP7OI\/tvNCsVqyrqekypnTROZiw\/hHDf4fjDoJUlr9W1Nwoksz+NUOe+agaP03VJPXO6c8eR1g16+4NUIoRiQvQ0PsA7\/u1\/P3EtbO6kdIsAPEzJh9T\/vDsjetpZCO9B\/5U78SmuNIpzUeyMa0pZ3WKYxs\/S8iP30dyOyRmNpGcQ2OhBlF2DpsSjXyEdMu816faZPTNRUFFFKzjtvsO4TkLkupS4QKX8ZqjlbPKIDbq7pJvPq1yQvdi8dyUb+GRdEu83F1kTyqMVj3VhOrCFJc0NwPk0QIQVaRiHCaQM\/M\/CAEON1vbjPSs5TR\/CU4ctB4lWQERooxF86Jf+vt4BRo+E+RBZpGyY9TSyW8BYhtJJUh4WEUdOJYaaV9TsJb\/JsQlajq3H+ad6FKE+sN0lRn0vyD+XLhK8WIG31ajHwqBioHhepDDhLwoYsiq3DO2TeKvxXp\/qbpXpHbmWZzrHqrW57rxAic64eJNK8nbylzcqNgf8E5i4dPbpF2trFKH9Xo28gQRRftLrNFAzIkDO4sN7G\/s0Kd5rqq+U4C+5hUgd+K5TPBViJ0+ZA5X+DO59wdV3YWk6fe3rpcJwZqkWMTHB+M4lLppO\/yNE76E8Kr\/Uqw7z2y9O2Hv+NvCttG9qY2iyEqocZxBUTD+UcJwLZ5GMkOh04nY5cKAEPxYCG+ZT+E6zrOvBnQQZqy8s3d7C7XsImaGAvBZu0AsMYvrJw6+l+x2h42qzLWSCCzqB8YHNMAoyjY5EEPiHDB4aqsw+AvUgp3kmejvZBqsLkmz4XspOgx4+v9KHKqq4bc+dtdIyTgZmNbhwtVFRrJwGMGlIJO3dYTW+eFWTrmyY\/kU+ejjmIORkV0nipRgOem0UmubxMEgQZJeGXrQKTimh1Z9tS70mAbbB\/uGZjC6Urq2uLNfRgZdNhSsyCMoYQw8molzzh2Na0ZIW7YN2Gu\/\/Rf\/n13siixEZmXrzTIF7wcraimRKQ6DvgjgbL2hCWeF8mCngEFXTnoVA=="}
-00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1603816434784,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1603816434784,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}}
02115{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":792692,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7ZAAEAR9yfAqAGAhfLO9KXYAbsE7LC9xgoKCgoI+QsGqtFYjA8AAETSGVf3NpHzKNMNdfh\/V\/noLzrrCJTWCW2izc6gcn2txyrZ3vTYFw9oti5N5Zd0a4DdA1cWLhNby0WoxjcoN3uUL31I6AuWTRtQmld72DVp1nFbW14vxWrhBIu4agIQU6NycrkwLEV1tOoKdYlrthTNMwD3M+k5+y\/jdMVtkD0R0YQR7BZOnM3kTX1bH0f\/eldh4oH8S4GerrQ\/hVn\/PHliyMbE95mBKeNH\/XBKjPaVH4SE5iyuZ4o0cAJX6zKU4lajsV6QVuEgsemLtfWCChsdFvaI+RSAzByJ2Y7eGCh7v+Gh4DXflSFSrZUSBAmTZoA0Zou6ukZtsJNjsWY68k6WygqpiwhMQJreLyjeXVzk7oyGDwHO\/hAvmg6xY5GXfBPf0ls2P2OW7n3w7L66S3D+as25Ka5fB\/1n04+oJmaw3ADdYqeBwRa3iSrQ7F7kK3NaNAJNRq2zS4fr\/b+ubURvNfR5staBQwIu\/o7Zb5+LwmaF9rZXHBu2Tz+8wv0lj8mhBUzLNtcfw27CNl1txh1+lvdEzBQ0+1QdwfOwk\/hlq7\/lf8GrfqmLhlEPTaPG7AFa3IPuxLh84mmZwaTAXQbxug33HwUz22AWbGI9PCbve31PjWm1LgNNd+7+kMpoKF52auR5lPAUr8zA5LwEBGR1mQkQ7NprWlORnGh5UWqvkJJHwL2k2IRTag51mGTH5MB1+cfSjVWNAtd\/8JuYCSBC+KNhtmuCXomT7rLvgXGj6o1sphXx4atNA9Dn9q1FcbinWgv+WKWZhnHGGP6dn+mrWu\/7bvpjXjrtDgIw7CyPxH34BjhKbxZ7QcB83XEhpxelpCRa6WUEloOBWGYIeMG0gZJIKjNZe0ll5C9J5n2Eq3sqg9KP3L2k8K+5dmEqspUGb1NUPPi+n6\/iFHU1fhMvh64hs66vVu1aXgLA9dFfJPSu+8U4SVAQ9LQIkLt1yLRcKmzv7K8F\/1wJz\/\/VA0FnXA\/S3tZfKvHD4A\/\/6XZ0e0JKAMn5kSF7uTeS5e5gdjg52fvbQjQd6m1d25cld76mtRwuKWprxy2fwcaEL3Y3Vh5fKfWjC4aclIK\/BmtRNjMNgHLI8jT0sKKwQDoyu6Dl2oMw70Jg67MXwUeukQTS75rXVHrbzUA2pmGH7aReYW35h4TyF+C9spNA\/zEJJt\/SQ8ZE+FX35GC6kc6V2qla+i+Pq5C7DccKCdXqXuLKAqiNDsgQzxhbb58C67FdYeSem4xijEQ544+5VsmSgDw5Bm+f8kn5ITiUXjSnERiDrW8LMlRKSAtIBNf8TTQIdO73pxNtEY6ZK+aCZSZfuGLY5fcX7OoNql4qaH5tgUcAKTmfbm2Rny2woTB6j6YC1lH0CTq+8yvsMUtLcbQZpIVgD2w91k\/DHu\/rqh55qa43XObRLAN1Cas7QHa1faPFa7Kyh\/Dx\/uu2xJFLfWHVfeKsvw4nX\/4k2v0Isffs\/nVZE\/mcAdyEmoN0MJ38PQMKNvx6iNUa45euWiJAQh0n\/9FPVkaW3p\/pu55m0RYAv15pyglEYDeOzb9cgqoBOBFbL5F17NfFlR1TUtETcnCdxPpozDGGzr8327bzSnjwgFfcwdPtJKYxjWOqhjxgehtiPwt9WJP1lnTBRJMRI29aK4qFwi9tCw=="}
02103{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":794660,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVgBAAEARrFHAqAGAR8opqcRxEVIE7DJpzAoKCgoIvbmHXcmpQ\/MAAETSE2e30YHkAX2XVfEpCGfOjyF840fDKozk89FYV10qOipSbcKfBwadYKaP2PDi2A7GqANLJXLXd1Ra2Q\/d2lyOKDnoc8x8gM9WzcPPQTUPx43cTsdSrSCDxUnpnuaj6yGd2N3XRIkY0gYWRPuFX7h\/fh1NFO2iAOlIL6UUnbjkaQBPj5+DK9Tkt1jAUKuz5C\/VX5NyeiPZztoZxmFEUkRFMohO0yR1d9jvsEZjpJxu1T2xxVadymVUvn+nPUj7gyxMFoi5gdzyUkI6qww5VGYT9o89cKQc7vz3RQ1j5HNSltr8teBgazRyqIezFwRxXQZzC0mfyCRRks8zmpYilpgAUrd6iKSrwI8xpH1mLLYEiIEokh7Nku+MJsQdaeXhqFHBdzmvpP2d5lWx83GgFuE+Dkn\/A4rNg8OLbx8Hd749+SlXxx2p\/3FSVDsm0u8FwDQ0TGJxo01kEWYz07BfKbG+vmnmpdKMZ0c+mcf5\/mMTkSlmCtsSWEbhtyGBpHj6Gp3P\/PHHW6qpxotr0bYpBtsptMaDfY0LOv36qEIsdtyoyFrcuYBfxE2rbRJIu0Oe5vS9+mDEauvlYu+hTOBWRYf3GYbB3IuMocvdH3ge3fFDDBDMar6Z4AzQD3wB4++BlRSMJ4Op1PtaLNuhvgHr+zWIE03DBlRJ+VplDnanX09JNXhTwH3H+AjPz1EvGjgEK6+YfNJQaFV7U9mDD9Ruthi3HVvk8\/fOat3XDJUwyHcciWPLz4ceNf3L7rSem0SlSz\/9sPlFDV+6MnWDTjz2MgYr10nBv91OfLa6dUBNOUc77cMVlTY946uEOebqDqBU6HTwpDrQQPOhfekx\/cwyHgX1SPiQ2jm0cco9gMyY\/biNH5Ae0kYwjthPOjVJSM3sD8k6twZNkrRaDgELJdCga8uI83ZLsJc3njlrx+9GoCKhJeSUcJrXmCVv5wqbYrzBtzlNPONszxo+vENua67+NrZXgrgkQf3D5vueityfehPXawW3uctYARfHo8es3+9km4o77SaJb+CNNegl3uhaafpl6DgQ+IXvsGebd9bGzfvvtGEjqvC8yYEyCoMopVY8b6KF028XUOHjcIIrxB9oRWGWX1t6qcAtpr5\/re1at\/9am5lVA7Gd9Xl3d+sVGUgFor51U\/E91\/+E5M5Qa008RYdjk8bxHdEi5qflOIKkQWLgH2ptDuy4K34mY60YaJX9MzZJHqAGBiOJyz2vC72RgiQqDDvCwlaJzHF+wCxLSno3fJNj+SzLPPJvdkMYQcGDVNBzW9gLntYHCPYZmwYktaxLJE5kbFfSUHtFwGEgRhMzIViDRf0rfOdiTfn8q1XUwHnBs2i86bgzg+ASxD5k9QGSx0i6DQMqkcfTxkRGAof6BOxVRYc9567BYEdhO\/\/6PdEmvCY3IgYkogHWhz0bGjMlwbJhFZn0\/rOkfEZRLdzHN3yIdh4NhKhCdUPWLn5T0v7ILIVw+5EDKoGAZZ6+44v3WJA9M5YTPJa8YeOn2nx3N3YEQRsjiBBWJmbxBrqvM2C\/FaZgvmTqe758ClWLW0UAseHM27RoZnUVhDYxYjRpjAi\/X3AjK7Y7RKIDkLHbl2y5Bqku+ZBD8\/fxJnSy0Fo82DtOYzY3K0yqjhL16Ji16juysw=="}
00473{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":802819,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gDen3ACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVLCfAAjD9qPAAAAAAAIIsGdLtPZLyX\/AAAd\/wAAGxoqOko="}
-00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1603816434806,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1603816434806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01147{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":806510,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA3rwAADIBPo3K7txcwKgBgAMDrQAAAAAARQAFAOUCQAAtEfp2wKgBgMru3FyV3hFRBOy8bMIKCgoKCDeSrwfZ37epAABE0hxlYo43miI9fcBT4NXlNvUyuqRzjALgZuz5ZEFwqFAJHCLIyiKMek3pvG1TfFtz+5dPcMlRmn1CpjYaJxtvjy1D8CXnaCGG32gK7yv0bsGVDyQR4j6nJT4\/BgeG5XzS2QksROzvNGVoOiM5mh9Gcivemi\/Ltw3i6ZMLxPmYmJjzRy5MQrmw7yWShK3Q0gjXLf\/AtAzYy4CwwNnnbu4HeZWuRph4yFsqigrFQzQiWW5R3FQS9VXQNOqcmpoWiLrZR6ybbeDMER5x2lrIuMbSZiBdtZBwZCB3UjQ8D6WXWUDqOreiLaatWU6Uu1Td\/atS+bPWsWkMIdZrEKUJ78RDCkU46YaC6J9gteAdBR7kDvpyMncXYbFq+wnVLl7bEkkrsFjuC3evFwokMfctXgYgQAfhg9lrv5W\/V8C8b+SLLGJ1OLOrQb7nrBWiHG6ErtKg2rmOgmj5TlcyL7QCWDLLcB4wY4DlINVS1W1uHvEQAamMqwBYJNWP\/j7R3\/z2LLwmYTggeZKmyJokcN4daQ+u2GrxKAd9n8ootJ6q14bjsfNDrGHdfa2X78HqV8e67EzuwM679YHyVDVcjdxmRT1W7vvW2odG2VW9n2hGz7F7x1SewA4VbmCgaMBt\/706B\/PIDrHOTJjIgOwT5HqHFLiW3qe6lZFlcg8="}
-00491{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1603816434806,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1603816434806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
01156{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":806535,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9\/UAAC0BNJ8znmliwKgBgAMK13gAAAAARQAFAGANQAAwEYa3wKgBgDOeaWKq1xFSBOwXccwKCgoKCNp6o2ufRw8jAABE0iMFIf440snHtaQbpLTAJ\/\/X0Fab87I\/F+H+s8yGuc1DMj7IRCVccfx4Cactg6LpwLVqjp+zMpHzZNYgE+iBS5eSSQ5R1VIB3pIpWgR10BZu4jbgQ9OaBdQdBe6vEK8fOHQlW4z6tk88yOBPCZ9MOnhihM498wDmMjf47XEsFDB\/7XQLydimXkVgGcIAWfjRxaXaSbJMTKKvAYms0ejZnQnA1ViSWn1r\/yep9jMB4Ha216Bw+8\/bwb+zk8NWbJkU1joIp6LywbS8BKMNdkB8CvtxCpRm+uw4pI4+h7Ir2vhBxo8l109zWnww9jHcvrRJCAiVTzHX0IEoiynIkV5hfnomioZ+rfmWQ18DCMdbTm0g8xPqOvlcFJ4riKg6eD9T\/06FbQ\/gfMez3fH3QaSeBi2r\/TOHCN1q7d2RWFd\/zfCVFlJ5yK8kQ\/oLJ\/FOsWcUoocGzw5wDW2ZJKlMLUQVjXb6yA+tyXiZShAlzoYqYN0T4FvgLVOww\/BRgkMCtO+yhyv+IhNBUZ7HwVrODYj2Fkrg4imzgs1D4nwXIka\/LTCNZAzA2HaoTn\/7dnEMFUXWjYgl6Vcr7VmuvChO2Lk2W46SOWZvSzgpXd4SdNTImeyxURq7mYLuukLenDSue9Jo+fNHodI6Y4FhBpA6\/I5BPKpcZmf\/iYU="}
02108{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":806673,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgRAAEARiNnAqAGAhfLO9LMfEVIE7M5rxAoKCgoIJ05Q063kdsUAAETSbVS8wmTCayioaeEDJ0E7Ag7cjypWJklnY03J30b1mdxIVOpIcCjzHgeNDAUeVGYchax6RLhjbFwwP3C\/qxh1OO8O83qldI1OYg6x3GPEV9dhbYkGdVcPi3mfVEvzh3eS8WnvbGq3a4H9q5E9mDKl7buMufgYFu2sl2hZ01ag0mTo116H4e6bMaTreq2mI8kmjdhWNv55TN2Tbo0qvafHS0QviZ2QSLwEnQh4J+FGfyqh3grvQtfWOnpdR8XEyF6DDe7LL\/KlLa4NwBuxumU\/mO\/SIZ8t8LmkA6HXglfpy4tEgA4X4H4bW8fdrEeEGZwPR7eDrKq9RqBC5oKz7o\/7sHblT4DHTu2jye83jOCQIrWBGQDr5qMowkCj2D+qE7I8qnehPTO3H56afZrW0y49JxTPEZjoHsKNr9nvjAleyeYuaG86WZoQwGHWl1q\/do2IozVSEZwB4ZhhqabxXQE\/bLsaV5zpA9VarwnHFfuqnigS8SW0VNHxqwF42AsxDhJ1ZhApy7feoO0PJvvB2oMY1tQHPKfitH7JeAITAfnhaBY2YdONDcZk5oBrPbcpcIaGvU\/fGwgBQ3eir6s7iNWqBonZzNxwiJDZOCaLqzesvSlVLwJWfVmI2gbBdEGORyuW8xbxQbWWWdwZ2ECu1W5iPFYWZNmDQ5+p+xP+v2p\/q9Zri2SEgtxNFAlFqBgYJSEcW+nfhelld\/8X+b4MFcnpWATco0d+cUaZqJ4oe\/SV5lTkb+r+kBl4Fi8vLnITjPgbX+wBQtuHCeIhIpPSGbKfX0e3KDUQANebIeZRTrYcajrn1fFRlg2x0mgRQZE3eh9zOE\/6NevPmRKd3whKrB4OrWwNw\/SlNsbpFrYxTvS9sFHtHn\/Uuh9Itnw6lb7ILr8jkDVyk4MOLQUBCbcYUCUwkQa6hAPdxDGJGAORwPlVdN1voToAmZpSEQkdedqob3cIiQWZE5mZWy5zSP4b+LhOHf9ORwzuNzfdlhFMGkZsYkTm4i9Glf9wL0Xp7g4iBWo1g\/ERgUa+jz9aU\/5pM9Q2WKNxTb0oWtxniWBS8Lxmsp0IiDMHvpKQ3FN7FMkHusFent8sdfLu8GN0db\/htJ0tYyNHKrn+\/ukQfcuGZu1CZ8pcapnxZCaWzdysytGbuUF0sN2\/rXvBKbrUoGOi\/yQYHoSWzZe4tWPuiFsnEL3ZfeQW8rimwLD7SocitIb0a8vtHdDj\/GmOBVkGDMBGCNjj8XxF6Z2FQBo+4oYwGZuGhSsfMXRlNNFIfFsIHDW9OAdCunv3+x5JsDNF8ukUbcH9anX6B8hHXxQel+qabQ+aJWYsgcN\/hIaoFyjxqHkiZZ0o818BWeuCXCM0HKhfsQvXHf4ucJSBS8pc2EzJ5EUcQ\/dllBKRQbIrXCSSmkQFN4Gab363GSeUDA3rD\/GBoK5b27D4o8WAAnT3izN4JAXB+H9hgMX9A0cMJMRRasU585OfR07ntlSr7v2dExw66EL\/j1gd3QFNGbnOWToZJQicIfGV\/RtMUnXQYizsWgjoqWOPbw2wWrCqJhhbkxH+WHFJq0Mlwe32rpddmRI7+CtcRWBotdeJJ3xxfL7AYrxPw3cctN1iTAucOHdUCyCwYu\/wN2z2Li9nrj7J9G4sQVWMiuNy4Q=="}
02103{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":812388,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqqBAAEAR4XfAqAGAKHC\/PNIfEVIE7NGPyAoKCgoIcBuNCNTaAX0AAETSdrPs58Nd4whderbUQKKE9lqbT2Q5dWXTzCU30Nuk49rwMOYzrP9hqurmfQzCfogq7GSDP2MPa19fV3S+tzaflHzUKhrCPd4WQ1zA7H6cNQz\/lRUSpnQOWA0uQAhhAk+IZiglMuTPFh7AnCe7BzheAkGio7m9ekHUnqgl2NpmpwBBQY2oKhqJXzck7whQvip39IREDqyYyokoeQbGf08lhmJrRyewd07SbXyZCbXrujwWAH9r0NguWbmeWQiWcLTQKzzy4g6sxprDxKvBtQqoDYhvf3TyqAO0JNQb6gL5PnsCQpPHeNU738v6N2EJwaCYld1aJc1nCH2E7UBhR1ArdPBQvdD2ti3qSdfkpRxzBao2iX1sHBqDyALe5QD\/8T0uZDT7mlUSPcUSCQVDdwUfo1H5Gw1rANt1KrnL+D7EeJEt30JdQogzd+25oyRRh\/N33koVbRPkvhHtyEiSOAqUcF2k5Cww7VSNAXDrSWJ3nfwrxyNNGcTk1vbfU9FQjS7xTsCs1DcL3tIwTh\/F\/WqE0Qefzo3L9DVZUBF95w+x+NrXTVfTMFyerU2W9IiTbdFPifHfNydqoB4UA6KdAkF420byZMA9uYn1eronWwg6zZLfNiMThXS7INZHCSmquoQM48twpJMiC8QLa2BKxvBs5MAXCaES3COreo36bEsm9T7MBNPrIFP83x9oS3Dwv962KtUHkL2c7dl+XXAGkrol0zp9I4duf7jIdkEwKt6bINytvQ7NOpnpqMe2V\/od99AzLNPugOYXhVlxSXXrKEIlIoBOH\/vFhTYqHBMHhKDUlY83Lqn6rlae+5ldEt\/PYxQqh9RlSvlTKizFbfa1Pqv6mluoxnZYLP\/Q1ytoMX++Rq54VSapX63zxer6E2Fc0D7Z6VXClsXzgGzvHubNlFS8CT4jYJOejwFK\/O29QfOBILbMoFfrRtMOMvJfvtl8oUyriiHZ+EYZfkq6QJnQfCI7a6a+eQggExHpUAScmRSiTG+IYeca3pfV6WTNGjJdxkNLPzA1Z5SNnLP6zTKrtTQschUTrKbBMGzeDxKanuLhkyCaGkNHJ+E9jo1kVSKyouGn1Xz0RovKIuTZdoKvIiFgJRBRTx8b8VxdFjPJBtQkuwYKYuNAT\/hv6yiy\/pQHRSFz+yZmlAIEJ6DuwyjItKkBePqNsaDsx8Am8smaYhsjEC8vmWFe5WEi20pG0HiVg5O5kSIY5y\/ziwUKkKhqlYGirFSKeTAYJVJpGBDrmIOk\/QXL5fYdpveFiq0l+piS3JuL7TGHxf5NvUDjc8PuuHAyslhM7YLSZqEKmlqBzNKi4Z+4Im8\/q3Qs2A9hPYC\/n9KxnKOeVVg7MxmNr3suDiWJ08nJtK7eU\/3Dvj\/ONoqM5exqmHYkJmeB\/i3BYkfgX807asMnZtideGvH\/mPNTuLBycK5oBic1paBSf3T6UKDwFomFMK4zRvQ2RTDSsREhwoKBAz9DUi22uSOarNzx4IBJQAnBsKlI7YkUFuQf2bHXLeTlc3sjH22aTbkcpuNQVPhD3jsXLo+uLTFSabB0ejUHrkQJu7N55kc5Hjl\/l+it9+skmXrEhRgrnh+Crc2M75SVQkMGW4nqifvwIUFkprpgBKS3scwqrMQ4XMu9+qfHYRTYA=="}
02098{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":815809,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAv\/VAAEAR567AqAGAwb4KYuh7EVIE7CoKxAoKCgoIhDOd38iF14kAAETSuj\/6PpYLanmhufRbzBfIfJWqpHveuI64\/eSlK93oC4y6GPXD69PeaFagOPTyFkLIpcEu43y7OCQ1Z35Isk5hak2XHZkMptd7KrQ0EFnJR20xJ\/8s4Hh47hOyrjz0Tb8KAyxJMBwDu01llmEO1Z0EcUEdsorSKLQ\/VLYtmHdEq54kYxwJK6cbambFBrjQfMNHN\/UVp0rFqJczDmgAC1L2e2MT22BlqqRvoo0urlHqeJYQ0fzf9Ma12psTRriGSLqomnfjAnDrYcUuJXKUNEdXIMo0IvCKK8Z2qE53aAwCfpEoAKMk5gq0fRGK85o3RF+aZZt44gpgPnPnQ3e3amJGJyTfNiB0r1\/n8TxhrJAQSkdTnqq4YW8ifhktYPIg4kTB2ijlN5mXKs6fM7HXB7edk1jJ2vRSPS\/Sd1iJC6K7IVGG+b05Hvoqeh26GxYLnmUShKxodNsm5bqP4KQTECZRHJGO5bC3iH2e9AmHFRtcJuV0TEnymRBdJso15Mw5WSKs6MiqZOUVTNhH\/pBSIvkiB59cpoQ2kryiNnrZYHeBm0GW1xHBJINLpHgWU+YOcS01DrnAzJKiAR++TsJqZLlDgEWdgltoevZ9gIp62LQq23k1aN8sOGWxJHB6SR2oFKCim70PXdVeVV2H14toHpbqvnGJ5OQ5TAo9F8H1kILTASoi7zMbCXU+ihgxAsvPHQ0ma57WHD5eEfq+qwnIiOkWrwxRNyE378pWGBYwI8oYScRtd2e51pW5YbrsHNUZOF1BRwr4kRNdeYmvBnBCWqp1oBtltIzrn\/Gfcg3DcXmKdv+wNqmSl5ckBYOsYJvjs7+A0lZkaQsFSCJS6cHnp21uzZtbuJMxnGuFlucbDvkJrbZFiIDRi1zfBizG5xYGqI2LuZiKga47IwNdNLC8VwTruNg1oItufwg14MMC+X8kARERXQPJMtpnlcPMl3ZXZ+eP3TlPgYKElfm8xvSbmiMo\/gyHVDPysxCqGIaONg8hr1XRFRbXCrsQZqBHdR1BEHr2erluZx33TA9nEW4ljFgCY54FmKcPcThHKkex0pfCGVG0rDwn5CMiYlKCqMkq82agukv3RtcLDwavHHxrRJ4GFUlIajj9luP5Su+tOXWCKfvD7RL2peHKYq0oE1i9rkQ3J+6rPx1pfTLMCYUSGyR2ULLEVyAXotaIxy15QIlAlmWMZrgC+hXiaIxq+hUyINFVkc4FAkBBRAU3EDU5yTv1VQUZR++HeJPUvDn0Ly7STUB7C9GMGsanejmwI9FYR1azwvEiMPzo62YRjgMbM2H450bCbY\/ihQkhW6vCoJACsZGMust90L1tttL0aGDUuM2ekxmmP2SR2XGKJhksWGNk4Qk8NcSbtQGw4rBlTHKDoA+TNa0noiVD30cGIgXZvR4LzxoKJTHmmdOUfJnlbktOUO+L10wT6chVbloEO7Gl6LmuuY63cBoGIu\/9oxZ1fVnf\/qtqp4c5WdmDqlzryd3pEbe\/IAUHs50fQBLfKzcvYMcdoYWKI2XujLzx99HtpnCDcHHfIGi2GBE7lCFUhpHVx\/3REbGwPNIrR5hVqLd9oAN0IWu46FpJq5LdwUTeovYvLw5NA\/DiXOdXc+4fQx+cmbBq4bCo5iPDOTurjVG+AT6KDA=="}
-00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01154{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":818859,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAOvYAABwBN+0SvVT1wKgBgAMDupoAAAAARQAFABYUQAAeERf\/wKgBgBK9VPXVKhFSBOwZ0sAKCgoKCEMxhVUtcFhGAABE0qWeLu1BQPCrvaqmOZLxcjaUsYk9VVde3D76gcDL+4IVysNvEgASSqVVEGYaLPIGcbZ3HxJwj7UTPMN9ktHDGQ7OWCRzA6fqhalBV5YwIQEg3hVGDI6qpqitsVwDd8\/MN70IjnRYlLSnGFiFQz\/+37tcMd3B47Z3XUJqAC2gmAtiiG7FB9bVCqu70\/\/gVbe+y8Aiq8lY3pgapL115bg44IU5ONIr0kPIychpXhB4nGil5WtRlR+PfDZaCteJDe8INKJO7W9rCoQHxbJrdHcgp7qNCAvNvwYE3E7IaJzWzZ\/MoUUAYGiQDU5QZNqlmNLsfw7HRz7KL6RKhXKo6arbCoyf+aekhlzkYvXUC6YXLfcX9b\/uhdcExVVj3t3h3bEjsqfwcBC2sK\/3+ftXoClqu\/uJmzlR\/hQg2UZDVSBch9t4LjNi+WntvWr6v5Vi\/KVQ7U43\/Gm4H1rcanEorBOGJAHhmqtXhOThueWcgpRyjQ5+C\/V2Y42zfQkNRgnvzhVV6TCNj3xIlnBpiCnjYGEauIM5QGTgy7j1eEARKu2SqfuTVUmi6oEn63B+sVeMBPtI+6+VRIb69rup\/\/2zzUrMqEGl1Ofqu0NMNJUBI++5TMEJqz8PBpY7++PNBvTXVMJHf\/6eUtUbUHVIf6h+Omvu2jYTq0R6BWM="}
-00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
02112{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":820874,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCNAAEARDmLAqAGAjOM0XK5LEVEE7GREwQoKCgoIlk3\/sw8\/b8wAAETS7HTMpNcxINQW3ZN+iCGS1z1IAElwdp\/JkpB1113BzMoCCRTe4FQcqzRNlPfFUuL337y9c\/m0xOQ2BSNabPaJGHp30QAKNdTWLRiE0u0lhDN37WkJ3a18g080qiPj3NOKBzBb6Q2R2eP+Tu5VAgK0JBnSSQxscnBGZYx8erjfdk\/KfB+k80tJ23vgNCBrw5\/QJHyIKFr6T5gcmaoduB6MP68CbMsVTh+UudjvNuCb47BBuKD37H0qZ3vrzszhEdCnaBPaTgDC+BRg\/7zjd8y+\/IMXoc4lcJ6yCEUNd5PMsCArc8JfRjxmtTjKsNnWLKbOCz7De91KYHmwGYzaF+m0hYb600XnI1+GfBH+Yt7Rmih6ZJFb61s4n\/p947s86kVOIDjkRzXFc5rj\/5TsZlNwMgHK1trFOYKfIQD\/nGNPAy3b1yszE1t6bon4A+5+sfdvgO3Pb0vQv7a2RjiEoNWsOgLHHYRaOns5wLvhGDh7p2oiwYoA0dOQULiPA3oPFIYn3l5BexqjNtcP9rDwal7aPEC5NULq7Zmi8SqPrNQKrHxduW\/ejURdhLL6oGYtylwTjf6fFdLzV74euKvQMJtzqOmUVsGs7ytHwIW0zUSVdcXZXNdfHTIBhQmt1LEXywwM9sEku5ONFT5vw3iqnJaeuQ3Z9RVWM6JVZBIIyhtRHSHLMWoMYyVHbzNHU6KHtgRqx4XiFpODAS4ZKLu+YaxH\/jgJPdH9GCKqWFOo09L\/MFa9JOyzZTBHgPL9\/n6dV\/AjYlz2WHUbgl4B47TvtoGesKFiqCifWwa9T\/QAs6VqSsxDxakmj9BwRcyJY9Fh+S0GJgfOD3vdFv7r+qe3nnZPXIMdHvVuagTE0AYBONNrKgYdX4Ky4qhLEEd5cE9ERtsD2WvjOGP2X1nIyl6Z5fwtC4lFzD4HiYxcWYOwEoRb4XOLMLjHU1VRqf56Q7VOoNVljrqpfUTD3\/kymwOaOw9lLI9P78KYSDd0ItN84RFi9m1ZATEA4B8xDEQ0xgm7gZL75Bj+DcL6tIj3M5q5t+D3grLTkPWXTTA36Ac5nJ553GrmMeyNqRY+oz7\/jmpae2pHhn5y5a\/JNHh99ySrjiURwgTDidnXFv\/avhfUTEIKYf9vmF1mBR2BjGIWblU\/xSsHPpQooMBCE1pv+edhptbedN01raww3dKDhm8PKg0\/39zcyjrIDUoGuCyt7fcWYxL1rSfHDWFvTo3rOPuLREGMhWKH0rTw1rfsvP7pj9wRWFuq+5bjg1YEYzOa+4ow\/G36iMyOEYXSETkFxk1k9PKRQcdv+hmZ7Yysh6jGqSQYubSckYOn7rzqjXzTbZJ4cVerQWc6vzgu\/f8kKoOJaHeHCNS3S8Ih7LoFy\/3HhVH9BOwbPs1b8AjTnrabB9wJd2L4xt25UkVcDS6dONKmrmw3h\/i2PdMTiY3wE4W1wVKTbunysVPKp2ppBpsra6Hdm1iIJV6HfCSSXwO8AyqeAGhx5QFqNqN2LYiejuoyXFW2FmijSjtLOK+Ec8dkYkpgamnxA4iCyf\/yyvNIxQuF3Qi\/hZNj\/3Ane7tlBEi6cG9xsu3lWfzaAh0Qz\/MZBLCWHCiMGpcbinSxoJxeieJR4hwsH6aIGBBARlcM87JIeY9evAugxQ=="}
02110{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":821128,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gDnzNBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYf3DECgoKCgiO5tu+VRPaUgAARL4uI1WmPGK3DVcwUtE9UzI\/fGSOKvWUIfYmoO3D6w75gyG6cAgBjzUk1WiaTNGr26SzX\/zj3x5ZOIMX2zmIddjoIJovY\/VksJrC3pfUCteiUGgedji71vrrn0fRMQEFiIkPaa+o8LGRwzZKy8VL3G9cV5Q0+xLvukUHxPfTXr+qeeoAkO2JrC0axiSb2dt+XmaJ0v8nr3ud+va3668mZsfa5EeFafHaj8m49xF7nuzVpSiWax1aZSZzIz6eskzoc+1ob4msOELhchJT5jSTUaY4j8tszC8K1inc5HuVJQLo8TDvFonmdmM0XKQKaWAqfBpL0CUAHrxZaa7bFxHWCI+KCUFVNkIiEsJLT7NG1KiOxkI4gvAPMqLHQoSqFHaylCrhyi1kFotT2StbIZXec2UmPZu2coK0kaliS7gU+LJp4Q8aOd\/VQfT+XwTsJ91oSb1hOc3RVgo0quwGh5ZyNdKZAdfV8mq\/WMkDj4BcFPubTYXGgusxS\/MyTqzT1EFGuLIWfyAbYZyodoA4VbTOGXJwfjifkHUQ+UF72jq+Pt7WCCIYrTBJQnTBEUt2MXfl7vDq69U1d9nIXWmxmxitkWebhf3a424eVpSg7vx40Hu84MnwnUTI47yC+ao94ZGXsWQUy81CB15Bxl9YeNY2dJgyiP+5AD9Mhxzqup58xGvvgfzwiN+8b9hNWQCIXG3bcsVJVlFTJ+jyJ9stfjENb7psSrJSchNgxcdmCDy8kzTYUD7r2Kyu23la\/A94iZaAc3a3efSo5IpoqV3d1rp5ZAXMrr7FuDpbBbwpjWOv21FHy9XJpndYMkbIqf\/7foTiABMd4OD5ZERwg0xFUm2\/h9OWCHJH83WAL\/V5NLmuNQVhvxqDt4v9kRbwpq1I6YlY65WMno6Jktn5XADL\/7yB9qcTbstxiHDTP9HA52vwZywCZsUeMNyVpwbs6++IutqZF2u1m5rA1TU892YkmC4kF\/6hNawh4kh9uCP\/dmrEgG3fl\/J1TK58qG0QytYAfCJ0cQ5JLCxfl\/NL8mZSVRO1SYiuLHK3ygtYTMGI6vHbmzBIw7efY9+H20\/n9OdFhPZypP\/u3dYpp4p\/C2O0s6ViK29wOFT+K2UH57w75L7qCQIQY8Jmg4QscecIv0AWmnfsG6wos8x03+j\/JR8bgGEsH1SV8kBWJgmpv\/L4R9h36Dkk7I7wbtNl01psL0lyiPNL+Ovmtqzx+\/3Q62hpJ76z0PUEL8rN8W\/mbea\/y56YejegoW0NiHWhNlluWfwxxnN42q0YVuXvbq45KHAswsaiAvSLHS1\/Hfet1IEJQbT92EAZjtTIJs1ukk6S8C7JBdY2mP1nien9nfYAxxwA\/H5mWvSq0j8RX\/AxShyK\/7L5A8yyjy03hGEmr9rECJ4SlYdMS5IlK68iFiJ4CMvIJ+6AyWXezGevi+5ey4ofkQCxFpY1W0uO7lu7+1aV90Ifn3KxnAwNm6+ry4yHqk6IaT4+FTyUTD70bZ5KtnE5J0z9NnVQAnXfMQNLWwACkQ3k4t1jyk2PI9+I4B+PL+e\/IT7Vzp7naSY2nO4exFruJXfEn4uVZmLymCx9K0eX21XvezrLYl21gesFXXXoMBP7pIhtLQ=="}
00473{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":822027,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gCEs0ACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVKuPQAj8mT+AAAAAAAIITUj3tZzyB\/\/AAAd\/wAAHP8AABs="}
00508{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":822056,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"pkt":"PKn0qB\/spJGxgjQ5ht1gAGSQADsRMCYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVGV+gA7uJfFAAAAAAAIQysxrQYDr8z\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMDpa+to="}
-00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
02109{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":822065,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gAFucBNg6MyYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9AQQ1AwAAAABgCGnqBNgRMiABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0Q=="}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
02110{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":831237,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gDK7JBNg6MyABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AQRVHgAAAABgDJNoBNgRMiABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMA=="}
02107{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":836177,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNlAAEARQ6DAqAGAyu7cXIm\/EVIE7N5MyAoKCgoIV4qr8UTBK3QAAETSZYQqq5\/hhyGtCz3Zmoi9jrKsnf3wjCZq1mxPTTEfXwdslpFlNBBYDqBuOo+QKDkWn4ZFD\/5qQ8sD8A+lBYGJV+nw5hbll6er2441gO5dAvGVUTjoFTcs61bhJdzOUrux599yFBfTAFDZKYhyBebkHPNDrNvPvVpxfBpxhEGHEq59jbH7Kx56FJtjtSZa9HQG\/OGEFc4JVYBfZDPBXIhzLUdX2JND3qWMQuwP2Xy5LdfjKHYwwsqNQgrtYOT1t6v+Zvqju\/oAictN1dRCuNXP91Pwy5MQysbtofZHqB7e2yb+jFxm4ZMqy+00qpKT7ne5IWIOVRZxjqMikenSsN73RG+rLd\/uLSPXcSlufRT\/qpMuPbNQ6s7DEcokvc85KmowVE9PiWIPrZuSb0oRHuoTyejJTscJK3si7Et7GQNCLhwsIS2k6fsRMPFVceoIZZfXs2PzKq3\/O9EH2D79eeGzP8A5iwmMT7Aab8l3\/6R8LVM6+3PQfPi4jLK+XHWMQbg41\/J9uEQZI5HuTWWQzwcn9UAcG0g4gwcOPmZDzviupQ5tg+\/9eADTReJpa4xS3oYZdywwA3VZsNHvhQf4dL7aplXzKSWQO9B68xf5V1q4gM+CvIJUrE82UCwH8VaOoe1AoHNWtyDW0Ap5d2vSy04x+4EyhLNBj26v3fhqsQcn6Z6a4KwdLKikQaoiVxarNgN+CFr1yDWsPRCqJMe40bhwuS4sWkiGWh8Cv9gLXeNDdRPqaqgBh82GLE7iFA\/U5vdRjLNfTPPFimOZbexduSJLGwwVJejCCwbDdk7Vba1zDnWr6vIMpidFE15bqu1CaUX4wOlMw+UlJ\/Rck\/7v\/g8MgCArdyT52lbEFkxfiUbz9r7dzxe9yAYfnvExfNJocGmNo8cp9UGEZb+Z+fpXkVwNrnTpe82QFjYekWIeghnThVtpzRW6HVEFowML2gXzrgBYWnXVabb+z8NJa9KhgDfRxGY6Qmo7vTY41l2P1aqPcxNOTuIr8rCBIdn5egFmlP6+j3I3zePWc7fsh+HpzbSu2qNxOPfDHrqGgaMf65DyMBQwQD\/2tXTWsn7Vrz+vyWwxpeVt4t+pbwKmIHhkkdrbIJF9mTZzSgQFhOrxmOkT\/t3tmzM4BHRcRs6UQmLnryAbmkEWPDFwWiKG5ro9OVh\/yjexJN4pRIEK9lXHUYCFUgWFM5ofQyZB+jTZyWZLMauwYFWJOs0N1nGD9gUKucMB7p6NqaNEaiwlEG2gf0v2FH9hCslV4oko7fHx3ROpToSYQVimVoCtR9PaGonSHaeqACfo9ua\/Zgtv4cLK6ZiV6DBCf0hDnXZRBh+AaUTWPTe3zcHlDnUHvaFFceiOwKcHKvhC9KWiF3Ddru0uKWSUsFip88BcKpuEabKb0ahOEuMl5XsFJ1\/uDvSVIy33izzMs6n7C\/k4CysougNKX7DiugyzF6BQFi\/VUl9waPfDhomR8hH1euFy1YjY4M2JXUuQh5HV1TzlO4okmnDSo4ios5+eDuKBV4YUuJtBgKFC+X0w\/PUhCXpFy4X3vOqtG4h5S8jL30h+8K84dZjAHTEkJGOvPZIghuHCBB\/bpEvq6Mbt2MCtL\/lIRUUPwjkSauaRIiWSBq1YTOD6X9dULjF3V\/Ewiw=="}
02110{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":845425,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"PKn0qB\/spJGxgjQ5ht1gCSIhBNg6MSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9AQTZbQAAAABgAfkDBNgRMiABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZA=="}
00440{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":848243,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3DrxAAOER4SQocL88wKgBgBFS0h8AI+oo4AAAAAAACHAbjQjU2gF9\/wAAIP8AAB2a+srq"}
00439{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":855041,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PlRAAOIRsIwocL88wKgBgBFRtfAAIx4f8gAAAAAACFIdWLoQ6nMg\/wAAIP8AAB26Oooa"}
-00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1603816434855,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1603816434855,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":855086,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABTzwsAAEABAQrAqAGAKHC\/PAMDpwYAAAAARQAANz5UQADiEbCMKHC\/PMCoAYARUbXwACMeH\/IAAAAAAAhSHVi6EOpzIP8AACD\/AAAdujqKGg=="}
-00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1603816434855,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1603816434855,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
02108{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":858145,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAxFJBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYu\/LHCgoKCgi+3m+0woW7wAAARL7GquBTGstjJfkM0HNCxgIAREBilxluQhOJlSo3RAJ3sT9YPO\/sQIsdu3\/IepBfUNrpFqupXs61nKnqxJbpzxm4pP4Uet+yqKBfL+M5sZl9PAH7Jj\/GqWj5hATKgnFlarPfqBSj9ebDuM9wxcuFyTqW04DSxk68M1O0uEKdC3hX6Nasxll7WkuCJBNdHdhbRwkrTxC93fxA7Bo+1ttTS+SluGuitxn3q\/f1rhqU3Rtof6iLtaCMP0POUaELPjXeochFM+KP8w+TYjbP1UR+98l3xiMRsa7Boz\/Qn6\/B9lV05gqwE+V+ndrFgiC6SU2W1mGV5dAwfiTvH0i+sGYWDheOhTxFh6v8dwHFK7yfV+qBRnmZIuILrC0ZVc8DVJxRZ00C\/VbecBGOpvKklKxAhnnr4FaiLAx4of\/xkA7t65SFTPGeySaODDta0iajRz3Okg02VlMpJCp4MYtxYVLkYQJvT4qBY\/Q3SYLhujBzrXGbyPfARPZmwKI+Y09++2g8fVjcnUT7cUy2MYcUv3gS8YX693nsVG9GuYuD1Tpc8V\/QW\/ws803NpuGE0fKAOcl7K0x276q2yxhP4KOxhUYk5nzfMGdKYR8tOed7SIHx6I89XxqDLNj\/yeFLjKcS4vphg1MO3ZXRhQu5dGqvsBgmNLF0BLZQE2exAkHM5YlM2d+2Cf5jNJkQmQN96lH4hYOcq+3cMuM0nA85Rh1rVe7urpKa+zhkSNys+oQxwrcKrhB1E8ov6Ir8fjnl9I+CB2E1uCIrXxRxtwOS4nAygc4OHQ9E8aOsj2\/w2X7PRaEwVsM1LrOKeZdUF3LQvTK2DdFbDcrW178BHsEuvh0b\/WIkKQOYUw7iOzrs1SVYgZoQ968zdkRsGSxVafnB0RpYxFcTvGFDKuA6adIdu87Np0MEASWmobXOe+0750NQu\/52K496y+JfUKhL9v1vUZoJcxA4fRjfC7Bh08mLSoPcW2iuYUY5Qfwalz27W5Ykaj0l4a4+FKTTpRfNlIedHfrTqbsQ6rbIQr8tJ+81mqHbG9Zyr8zA2muAME8q9aJsgu+U1HLzCGfWgvZFEV2EknFvEylSdE1r8PywLZ7inFg9hamDgdP5uitPIq1K8RDkjORQoXcwTc3g4iux2RI7AaBEJ4aQ64IImqf2vmsA7Hm9gV4zbJ5GdvI+BL7kLlAKNgqCno4ViE2PY+dAn7DOvAESo8acbeQESQp7Rk3XM18OTLnXB+4WbgD8q7fXA+ECTUMkpHSzm+lB\/4uh\/yExcfDM5gQRfvC\/spXzxuIqVWl2moJyhaC686aJ4KP\/t4qLF+0UIdSblurMexwFEcHDduM5IRHawmbrUFCfEQ+n4o\/SryqiP6om0IN1nAFm1ylhTzYdhrqGwZGRimjSXQBGvHoRTYsAlUs8s7gIQ9BZOAZT5zXBTy9plxFRn0xuOTisgPDNearpDgC37gTQLBm56fc\/xKHrVFHO5kMHOj6NVCppn2SoJ6\/fLiZL3tw3F0wrYIRE9J7EJb3sJ1aGsgL3pCgWOt7Qvk25++jdWqnsAR14C4ICoJzYNOJ6kjejpAxjuQX8JcLxcnqs2SWXAF1o2jEryGZfGoV3+v\/u2H1\/3a+NF9jJ5g=="}
00487{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":861232,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5ht1gCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArGxDIAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="}
00432{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":871131,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAvPS1AACoRkCmM4zRcwKgBgAG7k5gAGycshAAAAAAACPBGL7QnI4n3\/wAAHQ=="}
02103{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":871914,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAzhNAAEARXsLAqAGAilu8k5wnAbsE7JRfygoKCgoIhyfaf9ET5OIAAETSg4WekmDxY2WacCDM\/8eSx4ohG7YmTqwoeqODd2k5\/ILufSGNrRI59baCGL2fY9VPKP7h0uMNJHJGKpO4ABpLTKAv+Z33spm0vA7YejMhSXdQl7EAUbpGiGuAZ57sHNrBhtAiwJWKxwgGW26Q5vpcclekUqC\/wirPIgP+uVc+gpFpVzodQ0mgS6Skiicz3C65YRdVsyeohhc\/hRx1N5R2WgtJwqYi7B9bC77rYSOOkIhuXu8+IjTS4I0Dr4bNnM51WkGtEVZCY7Et\/ed40YMGF2IHx28glc9AisadTuTlV07XsXpxsX3fhYg1aec1iWs3HTjMad4f0E1Zu+7pY+ahfu\/Wh+y+RfZfQleosj6ONj0IkAYCkzX3Rxl5VmxUKVr9ynMRCIlfYWRo+FqEbOevDq4EkFzuTXYbNcvp7Az3xjOYUEfujI4MZdggpi8E2XqC48gi2t+anKqQxDzCx7VxhfxHWgpaFTQxQI7wdH\/R+hT\/OKzuqSyzCRmcSwU1Rn1+7QhJjjZB1FgSkD7P4rsou7VKPQDjtYaB9yyB1pKyxcjy4yUUQlf3AfnGzjtHeCDwr+dUQrAvuJFnAla5aCGDX8VOwbI0ojPptc6gdxmRBuEMYv7TukJSp8aYMywfaWsXbmDZrTINpccC0G2W+h2GzYFrTs3ibFPCNWaQtI3iZlbKbzl\/r47XhyJeEp9GgLmws00k64F024VKlgTyQrt9EKtQdpNY1NYDcJC8HmHb5iIGNTGJfH5KoClL7\/5UqIHBrgt1IeEyHLtzvFc1IV1ZndGJdnV5gjRpPzHjlEEYVUMN0Lcj0hAoAjnVc26fO8B5SyiBFi5BLjhP6BSf0uycqSWGYgHEftMaGSaAGXFNfliTfhheRnRNr8ZcJRZC64uSeXpAxKt3iTezri8U1+9QoWk2vOV6a9Jfbu3FMqbyHODByFKZFe+5ttw2JN8tqSnoylsVP1TseoSukTAuXSu+HguvE7\/l3MALE8fijWl4s5FdSL\/xumZPM8Ck7EA8VDHrG2Kij6UyUdM6AOfuIWF5mPAX1iRNdwtlHlZ\/DtQpng0chTNUhsAn+Mnq7qZDfgWKRhECtJDy4T0\/57hSynFcJmZ\/vPHs4Zy7q56TCSl4d+VsSTq1LloCDkg6RP3haFWDP2PI+kPq78FxutQKFuxO\/+6HmI4lqB6eHDBTGzWev+TbbqdWf1kCDvOjPiHPplrZIrVT5gPoKbdCLGe9+Z\/WJxgK1ztYBQJX3gDt7YKUvpcsYSJx5hYd4Pbg2XONdMHKGjexyQFAYrLpPeSAPK2g3JyTv2O64+PvIxbr7vfmUS40XDh8+GdEMxgHL1LT3dN\/uwyxzujvk0PCLIEJsftuWYGEyysxAnfbq7tZrZDWJYZ1zqeYAQI3o1rSOMo19dCJr\/SeKwchtWtgui+6Z8kbP7ZNRIG9iMwtawjynuX0lg40grnK9wtrZT20mGLDluxUnqPR2Ya0j\/qCzLLLaOjIoFL1q4\/lCOor6WBrq8elNBk5iO8rb8fbtt9\/4JlFfyiewr6uXyYM1s5uXjwsT99d6Mnyi8M4baSFvZRbOnODfpnmSldFBlRuyKc2szbSo72txr5Di3bGL+iHn57yTlzA7t9ATe5rhpN1ZWp3VSQtUgCBvg=="}
02109{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":872134,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUADmtAAEARHmvAqAGAilu8k8YREVIE7GONwwoKCgoI6izyia7+eS8AAETScngLDfjXghSPC7duRyPSpMPtWTC79JyAZxwqmEqWqNWSWMWmFLuPk9oGy4fXd7z72qbb6jr\/EnCk7FnO+s0bsZLiKHOXEuo+GcHU09BMhh4EmyYptHzG7DOoB4Sd2pWmRmb6c9LBdLdwsHtKxHNmiIQUSRVQnMpRIyvlXPkU6nTo0YyD\/obheYKmgDy1ho1VnrfGdLYlBkag4kT1oQOZTG9+mhnitUZIe+ozJd6u0tG26mFLL7knsp+9U+VKV9u52HL7lKR0WVnuEDzB17SU0m8zVCCj9MVQEwWJDJ1ux5GCWS2b7c2yTWTCI91LI\/F35sKv3v7MMqotgEZSXVL1ivK3Z7smJw\/iK\/6ar1mNuQ8MU2\/NGym7yTMhGXF3fAemLV6M1uneC0vNdHOzhv57+O3AqJM4a+EmbtV50\/nZf6pz5UrZqJNCidEyOWTmbDofN7OsAm57hVxn\/XC2pMyCv0Fepyh5ttXmq553qHRn18wDd9L34CT94LDsMgwG596ZdFIyj6QkaL856tTsbqddyC2ZfTgtQx26khp7MsxYFfmpqSsQEb9KfuBSj36w72RjbgJ3fQdOxDR4RT1xowkoq22dS+QAqBm2Dd4sxulGWnoaFudK8gHlNrfGbx26N+mX2Jc6Vj6LdBstcz6yeDVENg71A\/001oOmlP030uQ0TbnFgFgn7aIoRBlufPSv9pH2zDZye53YeXWEA5DAfqkc7bVQEI3rdq+ZY7s7I+lKzzpRtlu91rxGuV3SjGxOYGMpnXlxHNAlbR7A4VWtwOcrA441SbQglMfrYOGB7Z9NRqaxnhUPMxk9a1KiiqDKfgv0MaBFZbuOEe6YnTPuzUrKOLEjHLZ9bmcQPTy\/YvkARzbBa7q1QvsLvxmOP3B7rMN8LAIkEH2T0OBsBB1zpChBKBGaNSd8s0TFrmv7R\/CGXfagfdnI1cqbuj+1zfB+FSuDHrBjF2DvCaC2RJGPjCC\/j62r+cVJGkTaEiaBpCEO8wA4AgsW3MwqN4OZ37IbcFWIvaa\/+y231gZP23yO3JaNsGEWCjoT17ai\/DMdj1TjeE2wDVLXHqg98LyQxR\/bbk4IteWmjG\/icS8Ms3Dcjq+cXno8lfK8TGt3KwqGaJy2k2+a5BzEOWFJ3no139Z2S8uMrh7YsuMh7ZXOYa5uhRAMHeXxNatyG+m5uNGNjzGCPt+Rv3E4zj6ciqzRBqbfW+nI7kIwig7MXmsC5Uq4tHNHUzqIbNTRHqTT\/fL91YJNTCvAhTXl2lWp2zIo06rwsOkXPxZN3ZJ4euFWeIRw30e3rU6jfp5hC9IXqxoEENAOZrUKfs87Q6CP4XKZ5R3b5oqBn+IY\/IgIdgD\/h30af7RVQ0X68A3Ti5ZOuvE\/IHYJfhHtVJnWbp+WFpDUQJlqHQSr5PMilCpyyA97MG2jSOMqg01p+uvHy41LIl8XoR68Ul3b\/G0m8Fi\/Bv6uYSzPnOYlaV8NURgLyTy64hty+AbEaF\/1PlCPtpYtCK8kyKKtacBy0dgQv77gc5W04RLVjcP6WSVklW0uY5G8OeXUttQRf1ykDZb5LWWVPUT0XhuLqFMa\/YHZFdhBosbW\/FXyXEN1Exl9+9\/jp\/U2oUJAVhJcQ\/Yu62+7rMjwU0KMA4YEW3x+SA=="}
02104{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":880489,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gAgKbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTY5TrBCgoKCghziEmCXfFrHwAARL5LtYR3ejPf\/p3z4CC05PowI2I8\/yhShfm5nPX+w2RMm09Epp7xl+kBRRhqGjOWMvDuvKtjnCZP4h43yInAnyoQy6CqAqM2X0CJjYqFRLzhwJbIqw2DVbxOowFB4MPGm0ZSauJhv35hdaMdrkpEWiZjZxAcIt9QXdAe3ei5ci4QFJrTlck2vWOijZIoEgmR7v8f3b2ShmI6CdJBBEhbx7x+xdhmvF7QyLqpOKHrLTEfG+pOv4\/x0hdm8B4rKN9lYhLlGSoGddMbooBzzRUA7p16+7rbjImGPkS1MotpttG8+odH6+SDLBY+X3GstYZ1FO\/bzamHEZxYZMgP1ghrma\/s7dEMtCivJ8V9DDtANnntchI6kgniK9bzzOeDCsdM9ITRIlN2z\/Af3okU9roB71yq\/9DX\/TdkJvaU2WO+UeMMmr8r9mAF+UKfPefAvtmM4XpTI7S0sOggW9+ylbRk868BabyiGaalY7v6ElyxYQX5Lm+7f22jDAR\/1Rxw+pqMGJoYSAUT0vcKEq7ImLo5wdD1HbPPsQSmOUj6sUs4CO\/fnKY8anJpGjgDy0aXUYk8jHpkks0Ogglg+nRuCH++j5UW1f7ZAEpNa9vxdlT60Esd66TkVHOw+4sOrTBkOSin7f9JufqnL0\/oha9fVnFNoEifDQokis3kLSU3qOhha5NehjGyqXC4mPnsRXhV1FSJLx2VGefOAKopFDtlBUj77lmzpE4bT3pVw7XDcnU98fJgVGUI0JycRmnYXeBdfKKKe\/C3yD3TJtdWJpUxFWlLU5JBLw1DK7Jaeoa2CHR+Mm+Uos1NDX1p\/Tae7YJ3QTohWBSmBEM8sQU24dwTVN4u9NduhdNUw4abqXZHWWatpGkhOGi+ztCmJQyFuKmz76ia0aYCpdIQEteOm4a+0nCcqQW98i\/PWMOzXN5N4iJBlj7Z1kEIRjKqOh15d3MSiivlm0kY3uvwpzNG6z\/mG64H\/Ch0ZjLDFL0Lh7Mq4u7sR0TzJNJGk7sVaiEPpK8iv5ewweeTFC5Rl0GpKG2cTtrRDh3Jlv0fDheeAqwjrpXOD7ekCHhXvPoBEqPIW59s0aKn33+\/B+x4kneJZP\/w76GqJhpArO5oYmd2nyPv2SM++J5j4el8Gz8DMsGeqEBtxHDWRjkM1rYAvTzN5xb8x5DuFADLFqHlRDraOgEM0xdsEf3hQUK7mhuUCaQGZBsNRdHnNvZL2CgICOnYLx\/yP6eBn+tj4fdyypHuoUxCV0l91OyAz1zzMppQmM\/MZw4IjgKddLGGzkfD9eH5L2StADzoe\/+tl+Vy4q2cConEMFDs6PaRjEIki+cwlbYxOX5IGAOH+nU45b+AhHH3CTnzqcfB1hVJ27u+6GOUu8zMsLgjDTrc3Bi318\/NgqlATYv79utqKeVxozT3TLQMpSZijN7B8+4KqJeZKEmn2cSaCzlZY7LsE5mGMSEER6hyX0D9p3bjlWs1ZL9V6nrrfHoSzPveONxywVsTghmtxCvne0EGPCkAlJjIUsDS0C0WhRU05kFBDzqpkLuoJAtfN6wRz1A7m00svwCrcx6jydEIcQPaUg5llHIZhpOg+oB895RjVpCjMpMpvctTtfDIJJw1H3cf+g=="}
-00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1603816434886,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1603816434886,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
01151{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":886049,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYQkAAC0BE6WF8s70wKgBgAMDPAcAAAAARQAFAILLQAApEbMSwKgBgIXyzvS\/\/xFRBOzO1McKCgoKCBW0hlcD4wtQAABE0o5ETsyCKfAiv3GjrhWWAHytWjhKjuCcE8PQ+8\/rlGyAU8f1x+Mk3FCdRieZy\/gIKc\/JJBqsu6Id+Y5I6UUEss09jcswdjUwYmczoGMjYqPo0TgEgq07LxXN2ezzpPgN8+p4f8xWtCxwb8JafjHIFjRWKZy5A\/ktd7oDLtros16gjzk4ANxurCLBEjXn1mc4A1OkxNBYnuq2VBy6bBpOv61yDRD8YC\/\/cKt+DeKlIab2wioxKuuqTJaa6bcvjsxaGxss1fmXynI35PYXkvPyrb+OmmsPeoZV51Hz2RzGwPglrJrYbrEQT\/ivLiFpZ023Tc\/UX5\/6yEdVpklz8RpLexVa6Bn2z1jbV1c+PvjbnEyP4B3XT1q2R1U8Zg+Hg2foBKQpPal7OLyEEZLoYQ0+yrbDuTkJcdCxkssUJpGttMtaDpOYAt3rqklkL5jPHrEd1C+FSNb\/c7TK\/C4zJ9DojLveQhKMASAjgDcBaayNHzmzBxrLpcHuZ77JWq9eQca55sxDzWYh2vyNpayRp3s936eLgTzDYJED3HFsEu7Un7VVKrpKCJGjDAw7oK0mEPfQD9p25UX36n9yQOALJibj1tF+6rPwcqd1enHsqJO2F24HI5WHL0GiGGP5cRaXpNzZ+ijbLCxtX7NKJN8+IHswHT8wg8Yb1lU="}
-00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1603816434886,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1603816434886,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00440{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":890937,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3dApAADIRazjK7txcwKgBgAG7mBUAI5npkwAAAAAACEmkvxz+BSBNGio6Sv8AACD\/AAAd"}
02103{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":894238,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwXZAAEARa1\/AqAGAilu8k6XkEVEE7KGrwQoKCgoIR0aH1pvahxkAAETSKZaHE9N9GtJMYvv9ifpVeuysckzKOAoBynmJqbZIyXXd6Q0OaiDA1+eXkNpoukJH66d1qZWl2up+oJkJlE2iNPjRL4rTXi4tGFWkOc7OU1ijBfm7sZPOTclysKOTLlG\/wLwmM+4bmiv8t1VJI8ny49KjxXkbGme9dgA0bkSUFasSUnlJAUa50AK97fShfQXzqeK5Dg+WXkJ5xuGOQHrunpIaEPTkH8dZAQC0kgGeFDv4HG0pqkwbzV+IYkH7SmFammklwji5+p3TbOylB01wJbffLThybxWnDqogivkmpQmkVpMhBwMu\/9xKEoVlmIM6B4v9QOFFHqhSd9Fs3q++BMu\/YhweSpnGUx72yfkjBJM\/IRzi1GX4pw11eJz1\/3qBdeWldk+sRUQcox4In2qe+wuxVw2osgoNlI9YvrG4D8P\/zIyWUtdNaLtHhPMgDgiAC91NDmgmJENXcA\/RXPQYvhOdBOfaMfqQoVoSR7Q4FTIccfFsCF+5xHFnMAndfXwOCyIdbeaeIVCpMSQ3bCvvDIsU716Wq\/5J449XPD5T8+ox9fqnlN0Jxyqab0XJ72k9txuNkHNYBZFINRTioCXl6izgIEtcruHCYZt+ILtV2gUUjuR8FtecwJtSSrY5wTZrfp6mz9U9VqFe6kCmkDBYZVE9CTSh5jPIMshdFPvlPyb9jOL5Oce8EEmxF50G+MImURL0E5jw4S6VFP1JWS9s3SOl2ok90TOvvWFQkYQVIGjzaMpXtyBqGjbtpCnFbad8ojifR\/YqGipZKY7YjkWGjouJV\/EDirr0Js9ZOS2bLt0d5OKTRnFRrYMUX7KY8zvzFslodkxSsLJ9F5kbgxZelMuuAZS\/WjzvvYQWm+fu6fqiOFgxzt4cf5I3rtZr1vhb\/mlhSZdfx+5dh2+Bw05\/c+ZhZcGWQVWlIJoLVTK8wVhhxCprdVxcD8azYdyGHI2yjdhdg8y5T1SHS+wMUv3TrTEkgaPMJSS\/bG830bq4zk9YF1gPTLVzdsj3uGV0Cb2GuAxyajIFBjWG43Q+tx8KNtdSeW621EE8H3LtU5Co2FzEFLWry1aFgbJB2zQ2iUthr7o+cxvl+I9ObWsbtyiFbbosM9ubsa940D830mP6uzArtiDHR\/\/tFLOFL88JLiryCWee0dBawNwyN0l3KoWaf0+xrkvJmDrQtP2edAcztmf7vS5YtS7p+DLQu7CH9K63Utaw3a3fUEMW7mKw5KR+OTvLaDXf+fl5pRlYNEqDRWXH4I909g6Vz4OrKab3fRk6tpbyc6YOZkWMRgcj4QWKv9Jjdy\/GO0VWic\/I9O\/C9pHvyAImGRQQ3Dlm9KvoTkJ8oWVAyBE0qeiaF6eLmq95FTaIvn+MgWKZGoMFAxQpObBG41iLXc68P\/q28rKfRP2cjjT0E2a5yH6RR4ZhTZalehf32S79m5P3+jb7+Xyy8XIUQjKRHLykyRjpXm2fvzGkfd\/uvjbx1WH97nbN6TLHvxcWmIC9p8hr1ew6jGo88bbJUcg867GJeVKG4nDMxlqcviS+1Hf8Ar25WRbo1aTF5rpBjU67mAtQodxvng7drgHRjfXYl0zhU6OqWR+vayEfq8beOLohWXa2bFgOH+TtDLfzLUWOS7634STReD98JKgMwA=="}
00473{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816434,"pkt_ts_usec":897001,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5ht1gCwDeACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVHPlAAjX2HlAAAAAAAIQNHw6Rif2eH\/AAAd\/wAAGxoqOko="}
@@ -300,9 +300,9 @@
00486{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":11222,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"pkt":"PKn0qB\/spJGxgjQ5ht1gCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArPxCkAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="}
00553{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":11267,"pkt_caplen":145,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":145,"pkt_l4_len":91,"pkt":"pJGxgjQ5PKn0qB\/sht1gCTD0AFs6QCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUAQQRVgAAAABgCRGvACsRNCQAiQIAAAAA8DyR\/\/5ppFQgAQsHCsnVrqTT\/kdpHoB9EVHblQArPxCkAAAAAAAI\/VKHHlPIokDaehpK\/wAAHf8AAB7\/AAAf\/wAAIA=="}
00431{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":20471,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAvPUdAACoRkA+M4zRcwKgBgAG7k5gAG+grwwAAAAAACPBGL7QnI4n3\/wAAHQ=="}
-00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1603816435020,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1603816435020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":20512,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABLWwEAAEABm4nAqAGAjOM0XAMDgJEAAAAARQAALz1HQAAqEZAPjOM0XMCoAYABu5OYABvoK8MAAAAAAAjwRi+0JyOJ9\/8AAB0="}
-00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1603816435020,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1603816435020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
02111{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":20771,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAaXxAAEARbePAqAGAg58YxobPAbsE7CCRywoKCgoIJv2XczUh4RIAAETSbCxdVvXUX9XjSdEekuKYBaaXvtdleeAoC7w0t1zysEAi8tmmk\/irguMUfevsR+4Ix3ykT3XI5ywdd9iZ2jEEpXdKcBNTILwVo9RsE2t9EwWhoq5\/2T\/d0RKrFr8WtXqw8R81Lc9NfiQcl+03MG9MvRdcSultVc\/J1\/ZsUKnUEchEiSxzxC+Bh9AJTZqdlAjdxHnzTMm8xi3GQm6bMwAMTxvoRcjoGFuP\/jsOpyTpax0np5jI5wvAneUYSZi\/TgHF\/m8zKEHvyg7GMb3qHu7n\/RSycakCUo6vcofHTkxeQVCCRngbPUJ9tSzw1NtS2gM31yeDwbXURmAo9cCWFob2vDSUwjpS5E4Bzmlgq4msvVlsTMrZEpAhNoUHdjHy4QjtukGArqr5ysTKErAC4Awr5rI3yHlLGqm+45AjHIVXYBIC02L4V+2\/NakDwhKYWvsC8fxBwr7XFo9wng0iEMUuvvwpf3rRyeyquDhJCKiPgZqbE4vibuLP3YjbRmkwnzwoxp4JbGmV6sCYODAB+6uR9yWT2DvYh2Rb\/rOtm0wd1MTHRHgjq65\/Q9ZAV73R3b3X9eYSSjZWx+KotHN704t02EkkPjksNKXNye16bccDD5IXgwJUTDiyc6d0LRseUDRuGQDw0kuZ+ll0kG2i4WlqtUdTnp8918DucjmW2VDKzNjeIA39VHQWqziQ1ddqPEX2hN++O4sXWiPb63hxUkBl\/1utZAUStyF7eS3pGlLVhZF\/znUUZa3M+0DGGywvSBI2oj4pSimzVz7N20pvszlriqxtYYleocY\/YE3jUUemgCpo75mWgtJOBRyLbyK9A6hraxh7Olf0MRas13AcLep+ICMnSJfWbjp\/GkdnPkR\/C5xIcrNwENdzdFsACnHqaoD2O6863JhZYdMEnWVSkYIq+Qo3evifk+os89mbDYj7FZGfwtqfdt3rABEss73A7ji44N9TcuujgLAvCHsKuJvwI7zuwPeUe9hxI\/RPeoFnolmIFjlDPLJQoIkxVdnaINbjrLTY2LfZda6\/LCv8sM\/bd\/AmWDDDh73GxJl1z703OS5uL1l7MQlkB\/g4ilEAjMQXXXHecuH\/deyjep8GWLhkSiTJ4HHr+05f4SIdPiicarLt9LEk2eLRpP+UFPHooao1g8mjZx0KcuHnQr0iaMhZmOeSp7JakH1ow9hqHE6Ef3Xm3Pc4cZx4QtZl7vmWkwcxpbDzsE83GDarD6V2tKvmXQhxD9\/w2J7v63jI+9Lb+ZNkqXvr7OsDvbbvf2VuKSQhAY47DGEam5DlA7ysmY73v2mnyh5eWPe3e\/N+mJaLUlQ6UUxA2gOWmJj17O3Q2\/OSuoxzzA\/RzjfOOrzblYj\/gviQOtnjWavb6c7C2hqIBHAiEqk9l7GIM9LKnUeZw2+IvAmVQbKf1z8qvly8H0RJkDAyVeMEDY4Oueq1xKRIhCACrJcwvC8lIz\/kBgPhANKqur60SDXAg6fF5Jr+WTWixT3BBTygw1VtL5D2yCH07\/ZeeZ6+sIIJRb0PchDdQH+b86Sz3C6rgJrYhidtZTL8xu0okPJOirpfLuxNgzMoFYlSLzK2q+LfyeGhBlFnlOErJr7Z3kyibZ8CPOcYiSJxmJmJS2Sz\/7dQIIdrxSXIOJ44rg=="}
02109{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":39083,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8yhAAEARtHvAqAGAwb4KYucjEVEE7IO1ygoKCgoIOPxKwZ+D2JAAAETSAJFoZu6ZFSpwLFV6hiZTR47jUS41WdtYAT8QoVp4QUvp4\/U+CeuL12NJ9cdpFoxjFRLXb9wuezWVsTtDBnS4K6pdWVx3JISdo3Hg9vv92iLBGx7WrsJk8BaLLe6\/TF070AyV1Am4wkvBptaERGAsXat9fICiw6sSNnyvyu93exRK\/WX8w2qBN3X80dpruqcJopZrcUilx+uGC2JbRmdaNpZMRkMnsHk4XDu1V7Wg8y9sWoBeIG9441s8diFExDZt4WiDaMPjLPVeMxlkIETAYSa\/9fznHkXpMruAiRTnEZLJVO4VW2kJyC2T\/rtwUwXKm2UlX0OPximAmDLyHjrHU8u9SBXihZ3\/TK3gPkBbeh1Hd2bE9vCs17C65A0yF\/nlMxY2kBJ27VhHqt7N\/7N0+8Zn60DhBQJfbHcigdpd\/vWcXEf75OaIxJhEv94WeTIUReIWIO6n\/ocDVDDnGMy0kcgICeEWpf2U+P4wPrdJqHVgSMWQTvUYq\/lMbnu92dPqw23rR+qTU39KP57+Jvj4U+YGx2M2lzuspjMBvLKyfyrInDkezDxmwzkhz+y5qWW1O3Wbz1WWRDMMAy4GEDYMb1V\/xm61xcdQ62aMVFlALOuOpP0XG1C3j+dpuiXJ9kBfmUu3LcFycS3OjZBWxIQUSY3XFSFAcWcfwra48dy4adZPOj\/MUhkOLAVo9b9a+u8QJGm2zUtGf0kOx38ovk3lYOgaRipnJJ8vIMpATkHsxVRic9I0ZXJm+7AksCq8+kySEpW30YMDc6Jvho49GTnYB1iPF2TX90GuBzh1scv+c9uZhwrrkogtGQ3Qt5xiXI60JrZl4XgyA0FplaIOMYo5wvqra+HlEE12scYeFIAQSc3ZxvupvTqfsQH6z\/DgfiLpTnpXwLa1Pz\/9ARjFmrUfeQvWaao9eaNGSFn3UIEcAn1xIrUyX1hYZ6EKNi6qxeZf9ctMY0c+JumI\/GtULEmSigyQc8+WbI8IUqAVlJ2zJ0nbUbm6LKMofaMEpMiO8YpYpQjDW5dFxxPU2uBU1vcH7lahoVNuemf8xMu7DZqCSU92E3Y5PlWTglaqh\/jgo9RVX0QrYcdEpKAmTVtZsIDnLJ+3SggsqfbnkzPPt8WEGWQmNz01mr7bumpTElcwOlViD4GPvM4CQvp2ezVbZ6eP\/zVVPtU\/bCxT6kinVV9rNAyyZRxreGD\/x5Mc6bN5F9hHR5xGF4p0n\/5lmjx4gt3BJ\/w++a2bLQnj4xjEl\/3Fozvh2FpsmnYILiPnM6i4CU55SR\/IYGdfUTOO1doGd6X\/97bGc9vuZ+WA0B1iVa+7QOAcxpH\/5Rk+Nn3By3H\/i1Q1+XPqqFgEyws790btPgdFBw4xqEtGo\/lV6YpV1k1K+m76nKndTDHLzG2YJI2ovBFLisi0H3M8d9I75aHm5e60aRxcLNmvpI6uSvNIwZrSbQPpvAFwrELol+TYcfoxxSv1QMUvnyivF5plThE0Fdi9HbNhQAResG9lukYZa7mrNE6qt3aZie11IkkPcja0jFnDOa5N6UjV08KKgq1ZzH8REIr0BMV\/+jPNhrM1jSTHSEUa9qVjYZLfgSxYOqQC1o5BgNouaXjKG3zuONi0oZHIlg6j5CLLwKe06jZw22kviYW5hw=="}
00439{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":41611,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3dB9AADIRayPK7txcwKgBgAG7mBUAI3bptgAAAAAACEmkvxz+BSBNGio6Sv8AACD\/AAAd"}
@@ -310,9 +310,9 @@
00431{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":44537,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAvPUpAACoRkAyM4zRcwKgBgBFS4kYAG1aelgAAAAAACFTRH1q6a+rf\/wAAHA=="}
02098{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":51338,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAz4xAAEARMsXAqAGAR8opqZMLAbsE7N+ZywoKCgoINqH1Vk80LhQAAETSdqS36solf0Ab89L7mqA3Knug2T7B6DNFvbmqzYYg7z8pTTq0Acup1slaLWQfLYK6ZHGXLXoy9HCapsVbyKs+4a1Ck5zAaPGtgxmdvlM5jE9K8xDI+on5isunAh7mHsuADTtBlKqnX\/EdGgDTjwUBKX46Tt9DO9QZhGB3nGqV\/4+z\/cIiBacZdrs1gyf5IWqMQ3oDHqXJMeDX\/++QivGdBpDuXXizfMmRavNz8fW7QWvk6g9YaCWouxFjTNs9qBheHmJegvBMQMISMd+bAf7u9XAQBW1fBTXZGlT1mAB4LgPrF27DGaddpSouN0qjNSZD03\/hGYU\/2RRvg84jVp0fHK8tqy2THjuWOEa+iQ9\/qlgsJzi5h6Vh1ME\/X9i+2L5Bp8ojkt426bcWcAMxXpthJW2tG5udZ2L7Udjw9zGWa95H29sfm\/538Vtplx74Y\/AibU0ZtGAE1TEsR0vTJTOg3\/0hUC80O6GjBxCFlGcVchV4DXXhg96S8ATeFevkfJuFHnEbdUcFwPQqLR+jUU27ymEJyXaeSdDSySAbUk0nV+leFF3RmsQ62UW86Q9WYjHGZrKenYBvDzgAtd27Vn07hkik6vRUH0PMss0AdBwjyT7afqzqv5WXWRCif\/XewgmwX36ksD2rOPy3kOHOCjdzVZaGpjoEOOK86cfkHLtihgkVDTNY3zeOt7lDQ2EtxRpV76bigIBOAEg5e3BqotdiIrkbhHIRCxozC6w9pIrkvSvHjksIBtO8HemVJYKBGzhKaWimQMO4siHxOUq2QXQ4U1OBspI4ydIgdYoDaDTCZynOSfpEwiChaMhdDLcLsu5ngDxCDmEEajrY3PusoHFvRpNBdSjyfiE\/UWagHyysadBim+eKPfgmHyilmyKNRJ5aw025iSrl0Q1599BxNOxEPmI1kYw39ecbDRrL5lFQSMpn8HiwrtrnkWg3IXWHhsCBoG0vRIl20WV3gO+FHJ6++i8vHoXUGQnpdOdAuss5MvZE2M9d0jMzQNvvBq+MmkRPz5UnGp00Q89A1ufKVFGJoAOpmfYIvxgFYxNH6W0j2Vm+oTEKDU3aR8AQg07jvkeuTahluUPzCrGmFw14ItB\/Kl8Z0JaWbwm2VrGsxteZrA3roR0x\/kxU6N0akKmKYfmm9pyIFFCwiVhssB8IQ62gL1rrZIXAwyNKALuAGIC\/d5RetkG9nNKJya+s2qmBbXlY5Pf01aVBKM9Jyd+XaF4Lk7jO8nN5LZEWUdBlGCjFxjADKipmMRIZLESfFVJegQUNhQ\/8036Zyn4M5+OX+0fBMJyjkeibCTM3Pw+KV8sBL\/xuuTbUP1SqKfXdHQap9Ww8mYIgQHmeltn+Zjt7oGPaAKjXZ4VkGPWJu0I8T0zYj2M7kI9yFDmw8mEyIiLzu7VzoP92FnEDtP9rkp2oBOYrDuhUTxi35o780+zMlWh2IZTdSb2LghZV4iYsKZOta0R2SUvWLZJL5hCHm7jxBhaOn7bLJGCkuqmGfdLSYUStyx4S0ViJ87T6ox3TfRgepJG1F9HKRehFBbTsgre67w1IU2IbBXiBVnuV0pUBNjh+EMYJy2P809zlBsTvn5cjDYEFw2SwcAk+rbi37vohWbrHT6ygZDeA\/bKoYH8le3bSC1n35Q=="}
00467{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":54325,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"PKn0qB\/spJGxgjQ5CABFAABHK1FAAGER5T2KW7yTwKgBgAG7nCcAM2GZmQAAAAAACIcn2n\/RE+TiKroKmv8AAB\/\/AAAe\/wAAHf8AABz\/AAAbq80AAA=="}
-00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_tot_l4_data_len":79,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":54346,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"pJGxgjQ5PKn0qB\/sCABFwABjzKMAAEABpB\/AqAGAilu8kwMDBlkAAAAARQAARytRQABhEeU9ilu8k8CoAYABu5wnADNhmZkAAAAAAAiHJ9p\/0RPk4iq6Cpr\/AAAf\/wAAHv8AAB3\/AAAc\/wAAG6vNAAA="}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_tot_l4_data_len":79,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
02107{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":56923,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc4dAAEARNB3AqAGAwb4KYsH6AbsE7A4LwwoKCgoIc5O0PcfI+J8AAETSnZB+xnJM99G6Q\/d9C\/zr5HEpnMUU7Uzl9o7F2pHUvXWF+eaOuaXbUguGfkZr+UO4fDDpGMWJcW2gnjW72fFjlNMGDKKI9\/ZP9ZA1glgIGegXlGJSdli+Pp3huWgJxIGmZ490OQ994a7wYqGxVMGut5Y1hSQaO3gco7MbMkOvEf\/zmFMM5C+p0r6Mf56a6dXkQNko+KNVhEVyOb1xVZLV8dOQDUIMTC0htSAUobZKs97CfcDzDPPUpx\/PcpO+eLw\/ajHv2FWwYkxKsrJQ1ocjJHyrqe+hxWKy4kyL4UPz7JErk34CodfXB\/p3nDb46frKA1pzroowhV8mlBCwqe83yGT4cOuFapq9NTo6aVTsNZbTHBg4UwZwYnBBRLn83L5L+of4ilKPQ8HEBrXaasZYpxIovfK6Yfwbi0sN2bNXkEmVuN5wCUMVl8fGu5jBcUI7KRLLEjf53\/\/xq3mMzcawuEO3q6EL3aFaNvIIno6WCJjX1lEXbaM4PRCpAUrWfCMHiUCH\/Io+Reu15cxq0AT0qV74OXhW86vje6EMtCVAa+31o8p+ZQVtJ1AMaK5vgnH5LHeUyVh0qKz5d8yObZUd7eC+njbvfeZ5t1e0oNK1crwEMQTVFpsYtTOgdfdB\/JnxT4xT\/8i2sOxpM+28SzbigiYX1q+WR9EwkpjG9p1wCKCl8jVBD81w2dy9joY7xNP89qHwRdynXs6e5MwTopsl4SXhAX8B8bOF7D9Trj4rSlbRxnkP2D5V199qnEcDDEBWR1cRsDjxYrcxMwfq\/NQzaomVM3ViVIcsT8wMglmbEBBibmKpkRhde7fpAhsJTZzjVLn9sNkWn3gNA5gnbI2\/41Yh7uvaQFr2kvoweDYwO+IHudabhPWRAoNxB\/X0D1KbbI4e71mqpjmuN+HYs0UMRCTfyULKGQxS34qZIBhyOSawbPZEw+dEeqnEucUhsBAyJDz2iwOsZWWwahG1kOoU718TPlTkQpKyAhW83lMggSLcqimihHKzzRPeE0cvIkOWKQOhpd+3aHaW1vhops4TflBneiQU8bQjDFsr\/Yh6rHawrbxFhTwoDaKDgt1dTJLtWfMm4nDBjLOHUR8Hyun\/mJ2x7kp6pN+DLiU6h7JouKk6bFh75K8LTHFjX\/UgLXrwixIXOexQMztXJDdoT7yIeAfzHpKlUwOahfD6P92QgkmJXXOa9AyjbZezdHabm+yR9Yys6maB\/OvBV\/jlaaagSgXExVBNQNha4UMQKGNN65dVay1IJFQGMpvaQdAqM41pX96CvdgDGDs\/rrP4Xk0ClJ\/iZ1ZbRfLc7gjLfSgcv9W+so2+4pUA4sqnUYgoN7tf5qZbnqFf6L2zHRx0BMeAbtAAq\/CqlXvXwaohL24I41eQ4xhnQcPP28J6E5HLQOnmpc3LsiG3g6TqW8lO0WBALmzZ2CQFEdbgvbvwIjVgLNckIpFG59LvtmPBsLhhgFF0UC1ThTD+ZF6iqyMB8np7zis8SE9aE96yPG8HMIN6d7vYLJO0TDU\/+d2Wf\/dzagvinlS1HdXnDZu4tfk7UuCAwp3RUlUa5NN00siR8iyopK9U++zwaWfLfS0Xb\/oKkEejTM0UU4HKWmdoIuZ6NQCdx0YvJPt6Dt\/vX4NGMTUgxkvrww=="}
01144{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":65947,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAYSwAAC0BE4KF8s70wKgBgAMDwBYAAAAARQAFAKWpQAApEZA0wKgBgIXyzvS\/\/xFRBOzjecYKCgoKCBW0hlcD4wtQAABE0gep5OwUGdJ+jrUTIH6kTCr9JphdmQnCaToectAP7aBZTs9X8+aQRg9WKkeK+Ntyt2y42T7VPMxHRqyJ5HDVUu2fWV2vSo0hZDumZAjPm4I65T0mHoFoK\/pX\/EnopPzgGvvZuBfkigt59xWJwoYHLoI7bXGm7cXEBvVFJlEQqzu3imR4pja4qGK9+vi3bgpzbfSzXf8weoD0Ho+fZ9R9jyIm5moFv3zOumlbFWke81R1Aoh\/0JO9F8EXkFDakHbUitaN8eX6B31ywNw+ZFxklbFpItKJamccTeBUALuf72ycqZenJmSPThvZhGlbD93EDeVeg3MjMMBavds8nTQYd3lIBDzfTrgqANUQmkRdjGNGUa1IuGtDRg4i1AlfhuEpS84s\/cTich4Bs4yzwBOAQnkYf7+vsBGfJoCsiw9RAFQ1d8zd9CSejNDHt4TRxBG3t1aIEVWdCVegj2EiqM36pkSGtTju0y26akceptMlPxw20L10Fbxj6kxEiHgzfTlrfoUcNB934Q\/9I1klF3k+c8ytEHHEmLPTjLesXLdhLK4WATtWjwEw6MmmQL88EzVrfBKP10JLTX+Y7QQZZLW0AaOu5+MsiKOa8YMj1iaULkTtvezuzGreBdWFm07U7YZFiEk+V5S0A0fbI1iUGaC661T7jhjWhoA="}
02105{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816435,"pkt_ts_usec":66507,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8\/FAAEARmCbAqAGAKHC\/PLT+AbsE7HrXzQoKCgoIe34skUb\/aLsAAETSUIiosGlnvHa9VGYZsanz+OcH+cwMI1OyqJpSTiwVQp+pa+cvLnk1xD7FfTSPB2faQWqeHBrGeNaD3gkVu0FBsDhFoTBRjosivdt5dwn45DbUuP5JDC0BNFXM4yPV7yi7BqWs75UJ+Q7KyBO4BN7k1hEQmMIccZKtnYEzl+0N8Xp30iV3ueG3t9oN35SwoeGAUiNlBZHm8HoNHKcd8ut9W5RlyOJBamRYSa+q\/NenUQjXReci8aoFL8lhUGZQUYZrJf40QjfqdgVyMGPLjRBrHF+0Kvj8Fm2WKormrrbrBvavmVB8KzYAvISrb5k4niPPXbr3IsCny3Jr5TywG14X7pbloF7xlHn\/Rl4pScJYl7yD+\/2UQCUKTE97RHXFKlk6CJ+nHmYtG+a5BHvkiTFYeJeuic2aD+p4RF69LgDDmYGr2alCr\/w24WxxX8loeDDJWAWkJuEwcdx11+cKHyubf48rrsCtck0nq2DuituNd90Apvp8HcHP40cSwTQN\/oojKXG3CNUg38I7O0p8fR6kmHVpwSXRBVL0oekKhNPM5kYqERxvtkmx9GvOTyVLelfPP64EfIaKbUydK1ATXQ+7nmw5BrUB8VjOTfNgfwt2t66YWBfxrsUwU+DdwpTOT5+WRwEmkgU5G6fJpszv3yoilIwni6iEXCyfPCOpyihvbPC0BPK3XpBX6Y8d8RcPMrafwvoLwiPNRxCgXzGdR0\/hyon\/WNaIDGHLEGOrU1gr0hal\/jrbIQreO5G7yo7h15uz3ZIF\/sS9FlwwWTXKi36FAXJeBVg0QXYzFdRWnhUmhCFt7Mta\/VFMiJ+ZbhxURK5com6xbD5RfTL\/9RibE\/biWcJaCFDGyq5YEp2+VDCUMaOqSMigscCSJFFFObsnLGD3FAZeckMvLZ8fc2KUlz+kDKt\/ikaQLfAHvyztHNNztILLKn623l4lhOxXFST1xyri+YLWT3uxRFtcYcjCHEF99vD6CDTIXLzEiCijLxDl+65ahUBaQNOOZSAxFNMjbHRi9XO5Snu7ls1g8XNQUuEZFzBMHxdHpED2paFJn2A5S+pqp7ml3xnwi68Nb7CGYIrg3aesFoLzWHqIQqheFs6syggOhlIJUeLrwYAdsLPWy3b9mt9i6Qmsc5Kz6859tpYkmkfs\/baXdjmFWtnuU7iEuEqgGVX9fti1jXghXS0mcuLs+bG2EJJqNZJFfP1U0VL7GdUrm7hCh1QJ39U2fX4iIBCOPwmTDo5NcoMJg9F5iPivGwtz4\/Ih2Fb1G6MAlrmLeistW0eZusOEY57jXWxR2VOcSF\/Zxl+LhyX2\/sO4ltfnzWQzMTLTOudIzAAsMehM\/pT\/Hu1UL6tKispaPB81EZzAFEkUlji88WHGktqXIfDU6NtboaEs0tF4b56t532tn4DkgEI9M61NMhSqPtRc\/PweuB8UtB0uV6HsE38TaKMm+9Chaz4071J0iufrEozD1o2SGjMaIP6GebSpHQGBGZPi4Jn7GFZn4aYqresPzqhYKV5ZMH6l8yx\/habmjJAMSlTLPPCog4a8qeRAicout4RVWft8\/2HKbxAt9\/b4W2QeswYpDEA2skmYp+ixPjWtoTGESKdglj3uRL2tFj8ehd+tOD4epIaWNe+3wtW0JIQvow=="}
@@ -389,24 +389,24 @@
02103{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":490896,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAz5FAAEARMsDAqAGAR8opqZMLAbsE7HzKyAoKCgoINqH1Vk80LhQAAETS9tSNgaoQSg0v9azRURKKicpVJX+Le0\/3nDXxS6TnY1r9Q4xN41jo9qg1kHCl7Ndnsm1mCOgo5e2aOKneKpGYTG3SL4bEA4U6aTheWdg4dElBQmJqOkQhgGfW5E0hV0y3y\/cx6FCgbwbpjpjEZWNfzdgcfrrv8zI8I9LxFpnbgQsZ1+GaV5k0LDXdUlyKWVsEZJ0sIilcn0hR6U8NTOtMC7udSRf1qN+9RpW5YWgKU1aMgLvOtEeejTaaMjsDHTmkL0sRADnzuhtBfxlvmGpYh0ukjHnnwpHb9jeNR2VQMBqPXwrbB6a8nx3mthwJp8aC50duzoEp7YYnBvBCoqsZOiyCK7mDXR+SyJFrRijgW+xKZmopA2Isrq0nh52OJAC6q7Y4E9vvSMqG\/mpAuQhSgtpyIH3ursoucAlOetrh8E74L1wsVeusLsx\/alocxIEPUDp82Ry5b4tLsHcAiI4hZVPiniYtYc7impNzBRRH1JffEaCaTVxefH6a0md7TKDnCSm8xDodT+a4+6hFOk8W7MkDNINfzrlfFqlaKk1X2jqsHlYPF8ek5ODRFG59EQ68uALdS9EZ+QAK6OzKcXqNBNJJVcOXn1xOvtx4K9AD7AUUimz9koifAOUkFE2y+RP\/xqIkbvZp5WmESEp0pUDhWjwBqNJlRUR\/jQQmMMHGV9sTkEXSgzfTtgnIZtywKYq\/NpLiqslsA7KDZAVZ0hW3aVHucZgBaXpaaGXHx4DxXulHLs4xD+ws2zOnE3vRbbn50VukUgWBWcUKy3Gp9xn7Sh8C1oERupHaBkkoPi+l\/Y+ENIWFRRvQyI+HkzMAk5on6LkK3LrY40FiCyeGambtpYba7H2aHeVtzDC18FOPqybnJ3qTmfZQEJJs9pBlrSSXFigAClnJCPQR\/M3Ncsd945mfNS0Kn1frFjkX7MJYhe2UU90VyEYsS2ryuAnveLz8ncIgS5F91tVSe2zzxi\/VEBNJ\/+giiB942GRpbNYA+C7n6h4\/MBbfSxE84QfWLFs+FoeDAfxvMA1HUVBq3Jk9EAlJItckgF2SJPJugjDI9IZRgW1yqi5EHhSq6V7ySjTRsp0JC0cPoG93qRmEIx49Uztp1exQZBdY6ow25SklmHkTT1GQnRMeqaDE2GqpgF5OJmwxNTHOd0K8d3Nmjkknsfj\/FfSxdKJExzmwErzZK3aGhH2ZWW2WaLWFWkJRfyWmu\/RDhYO7jYjVYM\/8Vi5ht7u+dm\/uC8ZR8uruNfr+D6gV09vCx5N4aKhVLkUr4\/My8\/Nx7o6RDhbzWsNcy4VV2iGoQSLJnZypiHUxxhtIh6HPbKSIbz+Abq9TabA6pQh1+IR02Alnpp7LHYVzhtK7gReHKscjhnc7QIRWLvO+sGXXKn8GJd8Jzwo7fAQ5+uvoSAfte20lC\/+HumfvKYMHvBIBrw2RN1F9\/m83jqz05wCdQivuGPVNQrF+beK\/3uJ7S92xXBYxMZNkRKQnm7edQA3h+mT58Rr2oq4ECL0lcmJfN69D0R\/eGmOsWDYut27fJEAvz1i4amTBwMHJdMtklBGmenU585sgwEDreFjde2+Y1MFgbLIICJSv\/QlwBt40Acb7KKZTEAAxUqjROKtPB1CVPIRuhRDFlIexPOYs9dDMGQ=="}
02109{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":507486,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUARrBAAEARkK\/AqAGAg58YxobPAbsE7I8BwQoKCgoIJv2XczUh4RIAAETSHUAUWqqWxW7DDjoIymhcMyRNRgxih39\/JLsNsYGu34eI+jxN4ifU+yFaWHA6H9pEYD2ONTkN5XiJbbGeuv7t1HcBQ8bhBHovIeuyOUD\/R\/zppQxGL1KndB3Cgix030msSYfnxXKgkhsYkNM2vSqGU0FdtF81kiB6zHOiz1Xwcsnjtz2F5eFeoftcYZ6X8NiGb\/IY\/DIYuZ\/5LvN0b8LJNpOT5W0gDW0G0Qb6Ze6pbF2xrGCWyirplko\/7Pat4eL1coTzX6lWK++VVZvioYh6vbACq\/C84Hn61Up3rxsdrDbPR0oM20nAvHq8tkNrYmaHarPJuzKY6\/UA1y5s42ICnXg4auSD33skBWx83tpquE9i9QDiAy2+npj2IqOag27FjkXsidJIjf+i78gOIteQZ2szM14QoKYRqBttiDsuKKL8NbC5WeeBGbrRfCLnxTG1aE6mShF94CvQlRom\/P\/VMUIeF7BuH32OYZ06PMpQslB0s\/Xq1Lv51jnvKk7dLDQ6z3SKXe1x31EbQAuGLiqEbTmmjPYmRNYU+1FKkEf1MX67FR9fVRPzlqG0yMsv8eAIEyK1T5AR7K+svH\/PWlEj2Nj17aoGoLnzL4Nd5i5WuOPSTEVPz8G8h9lgc6TL0U0oNkHXdmasSBp4pb\/zabFsBuoD8U6Lzo3\/pHzJZDShsNNVm2w3gpxWfCLJI1lRne2Dez0tP7vR2RixAOYHETtTffG8KwoMHOmJXvn8VAsOcVjX3qtGDMV2BbiSiWuCBKiM6U02qaZsTbi8YZf4EEwoFcb8Tccnfwn96DZo9w44KkwUOkxukLKSO8oUXKAngweFkpm1rcpqksm\/BYmUewuujom2Ad0G4WNke2\/uVqtQn2tz04kh9ioryzwBlsuov4jI7y3KG2FsgStC32iElHxIt5ybO21odayIr\/fqy\/c6nFMBdgNKl5pgzhrXwBZAGZPujiW3HV+PpUDphw8gzvzzHK6lPSIZu5GYS1MIWKNh7L4XTt9\/YR8FHhUTX55dIChNgk8d1ylPTNEa07cgeX21VvoyMZormn+BRChuecixErE53m5nQ2RmJZHxuATBb6IHd1ZddedyWr4W5PXF6K+hsGYfQbcCN5jBq7QWW8tXtTpH++3u3L1Bsnez9pD98w+eCaoAgyGV7xLBZ\/XWhT69HfBNaVNGbABpHLrKxMF3r20TYv9PiE1mCIJsRG4slUm33+CL6hAEAe4wNABmh+CAx7\/ybW\/GH1CWuazeQIOwNoSTrgJVZiFmP0x3tyhOX6tqwAiwzqwFKiXWA3R7MbTwzdnzP8llq9gWZq2+DPRqjyGp22uvY4z8hqC4pnj5U4qZDvBbFaKsFja+dDnWrhowDssdzlKKdP1xE9VvJjHRjUKq2HkXZTVEhLkt2\/XYIVMMkuOjT5pMB1bfFk0Jzc05YvtyKe9jUNOOpGHVhW2HEZNRLqq0I5SScKXWEQxr0nPXfEJPvtFobfOM08wh9dvN3jYxYA2zcn115cDcLFhe1D8mMs1J8+TNdji7M3BYD1H5tLDLCx6W3sUM3lyjfBIIsGihQYzISp6\/1HLdcgLLZr0+Ac\/xf5FRQSxKKldb6+4vb9sUY1U53fikGMsrAl+alvKAl\/tXDVTCDy8byzJ+rbCu1A=="}
02112{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":507501,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8\/ZAAEARmCHAqAGAKHC\/PLT+AbsE7LxOxgoKCgoIe34skUb\/aLsAAETSTfZe1YCKEJjdYpOKLsGdPoX+HW9yvptTZ1ZZiQmbbCxJcXbMpqOXmH+p26TdAkrpHmQgbaXwFs9ew3BtdVg0JoNcI8+\/Hmx5XXcBclL\/TXR9M0s4EulC2s3DtB4Zsek2TgNYm5W8qiceoJgqaWNQOkMcvp+dyjsrvVNZaEDRGtBoxnxN67VUFyhdpjmVcfA9u0\/d\/\/+sAiy4wKKO6Dyy\/1NcRjxIiW6cCulfix7\/aIQIYOJSjSgXiOkmRI1TqsSVIjFev8IZTncAobguDbH3QJi4ww2AuDn0QrAfiGyUgNUPlb8EG4bTtnxVpCH1utw8yUq1qyTgDMbYViL\/b\/jTQu+B3o0WrGMPbY7+eDRnUDctOlHrqyCoofg8oe0EjxHe8yPqXMZmW\/4nqNEru981nmsyTPAs\/f+3Ssoy\/oVRpoWK6PiZpO3dQlgg+bBBcogEyT2BBhM77jjMGtOTeg4bi4kmsTd0IR6JKNe5KwtE\/fYJ1ghnGsrMaQ1DXeB7Y\/Fi0MBVW4DmL6b5F6CtmMKhJYfL99WDDtKr4fa8F1ysgP7KfL55giqq50DzvzFOsIZwO\/tGha2GB7\/qDd0sTu+rRbyBMXaFu1wG3eWxIotibuTNP3xQeUo6BjUm5eJnHRb0pu9YNfw5V2qKvIezqRGkijXGG3eLKN7QZNchY2VCB5R6TlVgh1IC4P4uPgt88CIDpRgQ+OFsQTjh9wstwfbDP7s7rhVRfKDlMbVxZ9NUb0sVU5HWbBJkbqgwrYNXw8+It0oc5fODufX1QczX57js8dkiYOYeyjzeIRrQHuEbsK11AJZgvimp2SMH65iDVMroI57er+ktcxhYSPePMwK+DmXsf\/t\/Ut2RCQGB3EBFQHP2\/5ZDW3JX6oPqnJfdRHz1XGyYFY76kf43e75DDjpbxoRLjebVum6rVb8NLVvK\/05XBYl7U1sVk1AMIoxOSggprQwnvlNtMZm30BcLH84rWHWtdItiHeXvP2\/bjoE3ibOh47Blr4S9gnJLL8wa6SKBAaSPsCIM+7WiKmsbWpXv+CdhNen8GGvM3uxmZjQJEs8o65UBWBB9DwljY5u++9FEnU1f0zHQw4ZzEFXS6087ZqTlf3pXsPphB2uMG8heL8MWUKOmIaPY3tA1mdUYS8UTRkhbhBFP6+nl60DrqBl1hWY\/WI98MFsf6\/oSrk7CZwlLLqu91U6LK\/1OYxWFrNKGCBpmxGwj2HApVQMjTa8x7OaWVF6BcEbvD5ukR5sm1OqZ0k3R6PdT4qStQnhFovk9qb8atclBGjQGuhUXbsZ3xyJ9N\/eAsVOD+xeNbTmlv4wJ9DP47a1Llx7ASMV5+2Ci\/dkN9iabVjUQgbiusx9IWi5YvAr9hShA1WAAw5UJyvQ6TlRwGrilN5cQxNa365wfVkHs1ck7Z6i8eenPjASPhZrAOUnG0DG+hh\/pOZDNYifnJuHZHGIDKgw9R1qzFGLlia2YaLwlvVsJZC7wP8hHj2m3nfGlLFoGys+hz1pLE+UTBFP1fX\/GFcqZTSRX9whxy0MXQxri8Oe2s0NW484HxbUb\/FWoLFmAwgIpSgh500HFEWYfJfezN2RItXMACMrYEQ1wWZsgLEKMRDrH2F221eCn8AvIyxsbN1cgdGTHd9GMnA=="}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_tot_l4_data_len":79,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_tot_l4_data_len":556,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_tot_l4_data_len":1240,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_tot_l4_data_len":1260,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1603816434640,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1603816434822,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2604:a880:800:a1::1279:3001","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1603816434530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1603816434736,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1603816434586,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1603816434776,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1603816434512,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1603816434582,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1603816434606,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1603816434677,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00464{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1603816435054,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1603816434699,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1603816434642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1603816434509,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1603816434729,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1603816434818,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1603816434750,"flow_last_seen":0,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1603816434743,"flow_last_seen":0,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02104{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":508084,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAv\/tAAEAR56jAqAGAwb4KYuh7EVIE7GNRywoKCgoIhDOd38iF14kAAETS9AZBQHYuUx5qZffeyGPKlqkio3Zn5MC+fEWKlmSjqISv4v0IXbZ7ob9dVHMwlojhJriy92A2VB50qGRty0du5xikIq8zm+r5Xj6lVgLSWO2wHPWBYSgJ56Ytbld9W1nQryFK\/Y6GbVyzlGcCH71lmKgEqhjJZbgDJauK1gjgMSetYy0T70lDweu\/hiUUN2yqs67Rb3kxOPLXongGalRk5RcAVevidBCIlKy1cj49F5TmZIqD0mp9cRU\/\/coAoVNGYW6JCpjKFqN8+UmNmUImWD16ttPFKI5VtLYCb7N+ZQlhf4bIMtut1tdOM1VOuQRZ2IGvJvtJtl2Iv0U\/R+xG\/xKzpXPICAHDmrLaCfl4egyQuKYt1bhS4nVOHWKDZBjYNXOc7joH7rUqBhseYowbNkVlAPqVhcptvjLPJs5YQ7Bu+BUA22667cKPv4E\/Xsqv\/apwPluFVmIiOCZwXCV+N0WpOQpSjPIMVnbuqonOnxFwzNcREBJiymKEgqLUO2xcRqyoaDuMNzuPi1oqseYvxo46VCjigOl16EflBPDC6s3+m1mE79qb8tkG87XHf2ejFE8l4YDoSKqJ3rAxbtD+yVpIjEcRkXmyA\/xo3qf5MJERtxhMRa4r56f8p+HDihuhI3cha4BfEouOa+36kLvDAK1wSUWTnqS02LRTqcu0BWoOeo6ootG9vhpbQotHh3Y6SrloFtgBjDDOGTlBBOU1PddWVX39yJlocXfXR\/NJbn2f22At325tVa3A9zEoXzBXDcyaaT9tM4ZuvdKg2flGVMyLvti7CEuQ3GW007\/cM5HADep0omyPF+D8+mwMJXvAvgnh9qeBmhZ0nyfYQUDeoDn7bmyTq6YT+bb8xZTj19qLtjAk2jiEx3S3\/Vv6BtWm3wJ55UlP4SAUln+ebUfd1oFo9QKC28jWAOF1\/o4+wj8qZbRgfVhxNYhLk1kHl44aB5jssg7Wpy9an5vvJetJCYip97qEqpu3hYZtaQzr8CGSGimVDgrzW0gLAkf5OwcwwrTlplo6KsitOIvVlTitrgtfMxiT8RM1PWYVrtxrP7tG0Gp8tLxIv46L4MQQaH1q\/lve9368MkWyNldYgWIme7n60N0HuMY5zPYX3dCCS5ShOSyx\/NpRXNxCmPsWvaM85IKIZMC9Pz5FE1EyFD51\/rMDWr6cEnn589Ohq2VYAhj49uqdktt7Arf9vC+S+kkvZNwtXpmLDzDd5sNQeLrSQ+WVshOX7W+1vNkjh5ctV4zCJh+pca6ueosODr7EUdg5kpWohUEYDOGFYKIJtsDhqQgz+ll8RWtlD7opkWVJqmonmFih4hU5z0nJZVpqByOkXVLYdmfH8p61YEuWd85dry0zeIfSOOH84kPyD3Swv6kV8qVs5GYKuWQBGesVtevpwAJgnKuB\/LFpl3aN8t\/Ygm\/pJ+6ou11s6yeH5R+8ku3aMHHRjp+6dHDvXHma1r+09tMfzWLNItPKHdlEDIWI+SrBQPeSnAxRViS9vDF+ORnkDxUU1vHlwUccy7iqlmY\/aEPTgzTvupB60PTjuOSp1CLzp8nVXYnfDwIUQQNOtPQOEyn27xMShhg+ovfuXlWhqV3heey4AxsQ\/ILV\/0CcdIALzfz9LssFxrmK5BlG6yh02g=="}
02111{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":513189,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAGspAAEARY0vAqAGAA3nyNu1wEVEE7EUqzgoKCgoI7mu7hqnhXwQAAETS4WHgvaazmKAnubSxpKDIbCP9qDq5AsGllAhiMLT2b+CIgpBknGby7+7uHzXGjAF9\/6F4gqLmZ5IVivnq6pPaWjQJL7upCbfOVId2kAL6xOPinAVeKIDav51kf9xEUbtZN4c3FKNYbSYE7tL26hoepxbrGkIqY0CA9y6xl8rOIRDHBqf7yQagLuhW26GzqSBZjEvUFPTDVaaFVI1yF+Pv1cbyDNef5Zx8+zqQZb3bqkJ\/fnX2NR5AfAn1Dk6A\/kKa2bNJiqXo97DnusyR+wPvvOf5Se7B07dQGfGAp1Eq\/PjgzjUWP8p7fiWdVCNQeaXX5EmbVRaqNX6UtYq3zap6N1c\/5lInbBGnFl\/cTrDzUP1R0v6JwRWE9aB25I1EWVT1BJAkZ7D7S+mdRVvs5oB1ZiHtS6lCkWuFHpPV0UucG+Jv9aotw+EGZqgW9eyUZUv0UW1M+Uqzne\/TDILsclfiyPnltGr+k5VtN\/vOt22\/v2ZqW3pVqBesYCZAk1+4u4u737liRd1NjbWyZpLaHr8Pvx4\/9RM9Xae+vcWRyS6gFsAVZf0ZMFWpNX6i1rQDyZGNTeRzVDGSz5v\/ceFfycHxT8tThbokMTYoswx5x8aH1VTxmbGn77LnlpJ2Z3s66UXk8ZnpxyCMn8QBO1ewHCwHrEzX\/55XfiUDoxZbWJC6WQGQThd+euwxFyNmqcpI6YvhVfRKFhfTs9E17W+I7lMuB55Tt4kWAwt0I4I770n5TlDsFrh6qustTAfPP4GVVF7s\/KtWPTalkLePjoyCgnBDnWe2TRc4egLLvUa79PcOO8EaRtM6pKKNkY0hfL461hzbyc5+YpFXKpV27sOtIZWD\/W9sYhIB5qzB5poMXswOXJeKt\/UsqFqD3A0NGyD3VCcnPPYqIEp4mCUk8hJLkBiHhs0wmfquBxdxNZNUCCNwhmR\/PevDol8\/S3l6THsMATgPY6mBmBaY5HUhqyuLm3o4nzVnEFkI1CtQKH4kbSycWzovc72ub\/+ywQ8N0g7KBzAvhKLv7IVJIc\/SBTf29p60cSWQhqcdM\/JkrYAOno+IBYO5RfuPH2Tv4NRxq2Rx9qdgBAPs\/ED2YpqWlOSWzDdj8X2zbKphXURYkLaHZc+wU0M3FXFmykPChlq+qeZQr3IYFI\/h5mOstXX6wMuE+GinPPJSInva+QKTf840SMiwrvdtCnUVo5lbtcTe4BSDODTT5VmsU1HIH0Ckjv+XvY0qbRMawI1kSr\/55r4MIWJ\/9JnTx3VoZq3Qu1GAaGIXmDtyLlDnN9H9clJSk5oqgI1\/8PK48ZWQtgYPyF1CixK8HvjlqZF5ayC4xJqoLtKHR4WEdQIk54+PO3UYmTlQubqgjMcvMZYySrzr26eiEcV\/o5YlSZfgMVo1PM1QRzXfzMJienne5TFqvKKjcvbjaeDlJPsiaQnn5zMC+RJ9IX1eH\/z0jW0ne8l0ZaBJBSvEK0Pi1dAv62mmo2zgiIjSwUtq7ZMtprRP33KbJl732YSzKtp8ntiSKKMUFHCcr3noE3gz\/PUuac6\/R36+zDvnNHrjxnCLR5wQXRD9hVahcxYJY7dInilALXlwvc3fjkwiww94m1BXQky1JcdXlQdMxtu3MOwx407\/+hJo9jJvI6cQVIEhkQ=="}
02109{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":524248,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"pJGxgjQ5PKn0qB\/sht1gBrqBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYgLnACgoKCgiO5tu+VRPaUgAARL4iLn5z3Oq6OtUJ9Z4FtH93aTJPi4zlbm\/F8S3DAMXzYyYWD7DsDfbO7ns+QXTVKmy6iEeb+YqVFSsr5rTh4VOFRsViR3aUhdYodv+4XOUCOMpbcgMc5GSjQ\/tn51BRzDB5ZTOr0t88XXwZ5T3UfAN+eGzP7dp+KpPhaFjLlN+LVCy1GPW7G4Q5y3LBTdCHwkq6OQwQw3p351ZQ8ER2Bk6xZeGc5mD1b03ITM9a9ScwgnwTK3SdXeNM7dbBNDDaH\/M2gQ6WJjg7TJRhQQXz1jXScC\/2rz5qJd\/RxCVtUWiX\/sKLc3RE+yNhg0Qqny9QO14QMUsXkMpDGcX6WaeQ6QuIAEGPD9m4qdW2EBrYXp9tYNMMiOFG+uof4qv7hs6WqDodtrr87q2RhgrthkxA+n\/YPJn44w+imPcnoQyhj1ZYnuP8sMqiYBL1tRTva1xvoQ3OxIWYkJQ8DI\/UaZPYjLJ0HTKV9Rt+zHtW4Q4aW9mtl8sKFIzwcd\/qOG9YcGaVSneeqvkHbIt+bkx4CCUEYMhxCPqnqyg2NWV9Dm0iuG9JJhVu+n\/YvuSrvITlU82N30jwHM0pFFHwje4cIwXn984pbygM3YWW9wTULnf9idoYFHus6NmORwxevEyH+daFl7xJMf2U0sCZlLly5j4SaXNpejVz4Q4ft5VFFQiebcnLYbo8JXDfCCe6s\/2gkNMqwqhOru8AUVsZ2FvALKqvwPawQVKd4mV\/QqRslIPmPSZpeLyAERI9FW+NLMyciu19w1XaJcT64iGSZrkXzWzEUYE5\/c4wz1jCYlu7l\/cUaCfl\/xfE3vDPaLMvtxkTvHR5OYrPHa9c7pj5P1KBcr4PYxs7UB1ZshQb+SK896aAsURiU0ES1THwOCMaSqLHJguIDImw18Mlnaf2Iplo413vEuQhA\/dnNITgxvg6WkPOKnG\/4mKfYg80Q+wwhAiaZgkQy4wxbR9VYBmprWYSsw6FzOEOuFtVm9i1xafh66uxxNTpeUUfgkct+Rp\/g6\/7k95ND6DvYsM4Ge88PGEtSfOZLAMuiKNTSIYsE5pgD+Fph\/fHiKiokoOjx4k2UcCoPuPZibEit9g6cFCTeQuxV52MUidYAe7AoJ3WFxXPjxzFyaSDwX6zqJVbAHl8bfYumj4asqTe7W0TBe1n67EnVN90REOjbj8\/dhIVElRvCP+nImSOrjv8i\/yGOxg00VjYFE4hWvO4a9h\/gmxEhNHNGZmUJUDiiqwUQz7vGEoxJuyyhBX6QoU4HA3s9fgd0r6BNXTczUJpNH0SBpMnTS4ZNtclpJ5ptzQ0xAZbC3wFsQvPD+lBYlfY9MwZN9jzc4T7FCsYCm1QDBcvsow9H\/OLw86PcFbfbR0pQPAql4EX1avFr7\/wA5JRhvIySeTSvWMRSawHpcxAXJh4fcU5ANiwd8F\/FxcIPyBMiT37b1IOxYigOEG8mHpNTMOCTYZbwC+mxRXnft4gjm+Dv3ZpQONNk740DpMWhzVqGN4wFelgUAAVdO07z67aDIX95h976dT2kl13+jZpgXf4LoHG3bIhIK2vCMdH4j6yWdr38NEjXLE2ni2v2auOn\/VtdmsjwOgpTqVtiqNQstid6mXtrQZNG+Xjyw=="}
@@ -417,63 +417,63 @@
02109{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":586338,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUADnFAAEARHmXAqAGAilu8k8YREVIE7GMazgoKCgoI6izyia7+eS8AAETSgFW7e0\/uMPvhR6zCP3CS8CPFEFg4ppw18x6ueoWG5FrKoHw90GfbCxCGD7Gkk8i6CtlRzTxjZK0M7PlaiodqseOggSafsO+vBV2+Q5\/q4YbLN7RQmGP\/Ip9BgoTDiUZouJlw7ldJ5VamwuyjpoWClsxMH+9An+Ex9TSSb1xTsag5Hg9TfMZ2fXq02UYd81f2HH2EI\/4rYsqXq1o1Z7FAPFLJKhh8zdyLbIGhTUsQrzQ1\/Lqg8c4JBW4zZmiQpgI7PYKkB9cD4KtHgQh674GV8IQ\/6ctUjI0aM2hw2yBBCaTxBy663rWHmTCZujMdrTEjzBlA4wyjXZtZf3VUoXmvApYNOh45AfCMztB5OcUkhHcPZ0MyW0uI9coN5OVZnp7q4awnk0Hl0f9vaeOjTTTB1Ku\/iYy8W9tkqYVZWKnK2QjxaM+6uPUF2H9acpiUjlkbIe0LUf5\/cWiEY9thVo4mPhfL1QsBIHQD8CMD7CYdhVI\/P9gm94Bj6tCcXBUzZZI1aAUAPh19N\/mvpm\/s8MAfg2mKHPufXsVsWGVryWkYjFTPalnNui3Yz5TbgpEsggMonKTx+tSk92n18t8AW0\/tE67Lz+odes2fOQS4K3qWCNSE+spPrS9US3VPjUd3CpPQl9Y3qtVCUFHa9vjVGDmB1Id0U6qkPvXxTnz+eLppBLn\/nAs1\/OcphS7o1upRRhF1KT+4VUjtXqBye14E+w2REJqC5HeuvgD6\/vX8mk3VdiXx5B70SzpQ0kt4qCzEuEvjY9h2n66zTGO6SoZdRVD9Aw8anuA7yKBEQ90cZV5ogORV9x+5fX9lKCx0RLLX44eV6p+ksiKRw5ViZxq0F2I5zTakXeVoCQsn93fuv\/Pdqdd9bITebo\/y8sLs54an6L8\/qBKDVfye1C1tYBVea0W7i7r3lfV82SoDP2YKNcwmABBtBctQ9\/QyO8Nl8dDohITUAFqtaYv1N9P2LGXY0OuMMB52bXF5q0DbZv8aQJouaEDUoqY5fDQytmpLCq\/7q+7o7d7McemVz3OsV6f86q1AWJuhqi0mPGmjN4y1fegmFDkxFODpvqCmINA2rL4Hy0fFXm8ZxSAZEoYvuz+9mNNACVAIYLN8dsNjRuG0+RQtfgaz0agVZf\/xYIhmJkR6GTI9vTQD7d1cxQkJ4Y5dnvinPqvZJo+CtQqkAuc2eZiJcX0xrWWdwkkGJoW5sjaTKQL3L3G0IliUyR0UIB2YpKj3RX\/TQ0INLaxh\/hEKHeR7UfORqa5+C7wOFXUwHVx3TK\/kZxJuStJhs78Jce6wmRX\/eEHKZjusraUFLp6VLNjEfm9L+x7lkoa98OwzH9ubuSTGwRCDByp2JFD\/HbfhDq3rq5FHtaWm27PdXxSyFDTd6KKqjbv4IVDNXRgb2DoRgk66QmrwTp4UwkIwUPopqzDtkwhwfF0B8zvuUoYVxUW0Inw2xbbDZHndq7V2hhWZNduPSuXd3Rr2W\/pnHOqrWtU9CQvCqqWtv7tU3JSn9QbikwIFSWMfOrkjM16FcQkMs+qSeyPxcn7hm10ZK9nRBk266FmDmUbt9NpvG9Re4fp95jKRIb3DZA1vLEwKhjaIFK0HixTq9kNNR53TZbpCLJCvkQ2oQcl2bxJeYqkJ\/xWeYWOoDw=="}
02106{"flow_id":62,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":721505,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAdDxAAEARuJnAqAGAilu8k6XkEVEE7HMqwAoKCgoIR0aH1pvahxkAAETSTdXFi7jlgLLQECxgwj9\/VK8STUUoPwMJiUtYWXzEtPxhWr8uWN83Y2bc8CbExnoiko71x2PTP7m5G3AxSsK4uEBL\/W6crUT7xL4JZPryuks1TLp72G2yZf9TXL8PM+4xc\/WoJ3E7p5g6340BPV+eApbWwdTwwNffMeRf4mYkYKtEqbJYRfULvUhLYCVy4iEZ5IYOhAQ8BkD2IydZ443kD8zkPbMKb60wfFXW3pvwxjLPceraKJQhNl8wPs8BtX1x3JLB93FPFZko0CGyj6WHkxiMvIfpcVY7uA3SwlqdV2RLgAQOp905aRfe5dxgz8b4M0V97O8QR820RrHyAIuSW8XhhyrgN2DhviJECMNjqY1+8rts2TkUkGk6V3cHl3QSTQwnewD8G1zxLFP4RfYqZIu8xU1ihG2ICGBWM3sB6v5ZLT3jv9i9qyoNuDsUz6JCIfnV58Afrs0eBBe7alyBVvC55XSLBTPIJVU0hKk\/bKu7Hb+sP\/GSko6seKMYyWlQm8zXA9ee67zE79Wtzq4S9EOshHD0OAzEDbq7EWYPuOHS29A9nW+LQcrxRJtYy9uEXWtZoVkM6bYxMbrl27Y0ZaLLptjfFes4ZjcqRXMATLP0YDrydzzP9USZMN95xGIguMfhcnSowpkIQMgJrnErHJVRU5wWUvXxa3r6t8jCqWZCQbXBQrAjDt81j\/JkFSIJRjdLrwB5kc9bHB3KKFePJi6dkxllWi1NFmQF0qVF3IaNSI\/3nUm8AQbTXQq38SDrJB\/6AM\/\/vRknYJ+tEtW0yd35Xz1bLoxrz43hpvbryKFYpkdZSEaqsmNvBRi81uWBSgYxwrXxzJlxiRN3bhzVoHiacQqcYbR8+iPnRsYt5F\/co1zRSFL84V8z0u9Axr92anRVMGJLM\/u5YRE+K0\/2qJ1+uVKq\/00jsUbl10BqLJlr\/mrtBiiG+PhyJ\/CQwOJFrMtkYeWq060UkzxaxNShyTJdr5ruTq0+LX76uhQYgHiE4RJ0suwY2JY0ZP1IOoRZo32I7DaXOTU418wRb8iMa+NgdlJvp3aisg5t8OseXj3KikYJ3180ZP8hB5EtBplM4bMBwTyLdqzJH\/ygP1iaeUeKTYUVyhF5Gmoo1JfFZ\/ofGFGKabgLLL2OlmDQd\/lXLW6CJ6kJ8ZgjGVUkdi+N\/IyKoeBw5qM3\/KDZ5srV2KUIU8u8oGnDCWOMC2hzevbQIB5pIjNrVmUt\/kAaQWN35jpaD0bWg5qzsoG+ZrBRwDeLL5kEf3OT8C8lRObAoBt6foWw7KJqMLxKvZb0UG3exPqZzrNROhL6GIiYUZDHKOK\/53YOYXvG0aMNb8CyudWQLwqOw1zp7cStmASFRSg0UWtQWnJXhXBuahHaMNmwersiYxnGICIOzITqz8lfI31cYXmhKdAStpeFyxZ6m1NqeEi0aIuncr8cqjiF6xdUZFTkxejDJm1\/OdvZbr4qYkE1F7QPf38ZDfWCvHzqBdzor367IBpLih1KzlRFTXgpku8F4Nhls+lBdB6+F7PwEK+wcTcsCMWq6zIslvtDAp0f0DCHTPbbPT9Nfv3KjtFBrLqUA2eIQ0up\/AkE+sqVcgJ3CT0ZlMdQVc4ZhRIq1DMMY7kPvxsb7MOk9awKGJKvtgyarw=="}
02094{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1603816444,"pkt_ts_usec":721572,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA3m5AAEARn6bAqAGAA3nyNtCaEVIE7GipzgoKCgoILW5Ke\/Z2fngAAETS+sjByQZxBLRcTBIu0zyt2RPWCPyioLbBO+qx7sftFDPVcyiwX8EqdOI3V1u4kR0HbAUHwybUqImHoArTCxJf4RocGwZ8iFczOjAL1\/fFYdO9+ag1U6wul77ev7KOInklY5Cx82FvQhbS7RW1QMKJbJM30Jrt71DlY+2NBP13aYv3u8zl32Rvpd6AGEHroniVHX1hFcEDDI0JZEogd3WW5HUQ6mw8UsbnnIoGAPBi9ka9CGRB9uZbDLVLe5Enms4pCFraImrjGfkGI514ddiKxmFbxvywkrH2mXyAWgLxRUNW7edPwImfqO0u9YrwYJgcbmicckQi8Uul6oeQblaSq9m0Y6dnqvdLtiYEVpfcfrMTqS2KAHOve+ZTykaFCUuR9b9SZ2KtHRFVlEHaG4+AgvTamdtbEq\/sceEOqhAi5PtVM6MEidZDkKsAa1mP4fhcVGq7oCxb8+NISkxnIuFF2pEiEoHwQYCmnolznNq83lP1F3Su0ENCcS+rQToT6ssNegcaTAfM2P8VOiEcB1R0CVqMluEW77pIN3EBzU7x+Tx6HRwSbxBzCGrb17WcaAsuaDYoHEA\/hzbsaTzP4CSzhYA3qsZRdvEf3ZztBCRHNASvr+dvVDJEWhioQ9bBbw44LGAkTSA4yy6MsmdLixewO6aYFRUF6U8xmPgB8\/DRqWZ9NMFhsxP+rjONJUdyCdLcb1FIOTmcncKqV+njREAfssVmrq23A4Et5slfuDAiLDhw9VZrpED5bDNupU4tK4KuRngMqrU0ZRlkhPu67vUtFwSfij2Mmlm5mbwwhGb0QzXbSK\/HlU51wMnHbbctfLeefucOCsudTcmQL6grTL1sYukU0hJ0yBfSllSe7SFVQ8eZsZatPbWaeLKYmU6J3yFLmpyhl8kkO4E9UzSr5kkxqRdQyf7\/V87QXF\/nJXvEJJH\/77siEfjtzMh+zRb0ucFaz3Zmt27dH2UcovobWSQmDYyhLgWImB3KqVZijf5oFG4mad6PNGbRRK7DdZTd1U4UdPPQDfQnyzi\/WZt+Oe4yZpt+PxKNHTqXUQ9VCGd7YP4wyCZpbVslKOmFN8K65DwUNlObKoviErZKxIlhrL3gMQiAJtej7zn4VDvK30rbDXBZYgLsyEd+HlgeExko+2n918oOuGjOMejVIqDTMHdCISl9clXq3RP9zfOtndiaMYdQgIhw0Ea35lyLqVcaeFChxvOoafkW90by7ckqYjNcURa80MPAMY9gCvSRKpC4h8RHk+4vEBwc6TVJ9N0aR2LkhSjRJfWrtGhZOxtqHVI6g564VUlR09hb4HN0Aj3uOSEa2TH34rXNHx1QcTkv3E+w3zTQZQ5U7\/kAaVUSBrBlYdzWPsu3fVdoqLFHuIWHNCTDMveKh1yNaqZLIQFnUkbP3uZIZBP8EkHRhLmXQOYYycw+vUowSqOu+aozuVZxh\/o9fdSp9WGVbQOgeUnOVJTuuvfEyvBJaqlw5cuiH9H3MxChS3IVk9t3BV+FQ39QKJKB15PGjLlV9f3HA9guLKogZMRwpxfYIVgsrrrkTkxXxYZ1Kchw\/j196SY87xLtMFv361N+eYuuuxjzs9BmPIDIPo2uieYOcuItqN6gzHH4TU6P2p91Dcyv+nL7u6ZwCvNSJA=="}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_tot_l4_data_len":2590,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_tot_l4_data_len":1112,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_tot_l4_data_len":2480,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_tot_l4_data_len":2520,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_tot_l4_data_len":1299,"flow_min_l4_data_len":39,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":649,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_tot_l4_data_len":2590,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_tot_l4_data_len":1295,"flow_min_l4_data_len":55,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_tot_l4_data_len":2662,"flow_min_l4_data_len":91,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":665,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_tot_l4_data_len":2622,"flow_min_l4_data_len":51,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":655,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00551{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_tot_l4_data_len":1283,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_tot_l4_data_len":2590,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_tot_l4_data_len":2566,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_tot_l4_data_len":1222,"flow_min_l4_data_len":55,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":305,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_tot_l4_data_len":1271,"flow_min_l4_data_len":31,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00468{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_tot_l4_data_len":165,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_tot_l4_data_len":1295,"flow_min_l4_data_len":55,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_tot_l4_data_len":2590,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":647,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_tot_l4_data_len":1283,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_tot_l4_data_len":2520,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_tot_l4_data_len":1283,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_tot_l4_data_len":9920,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_tot_l4_data_len":1299,"flow_min_l4_data_len":59,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":649,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00553{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_tot_l4_data_len":1275,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_tot_l4_data_len":2480,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_tot_l4_data_len":2480,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_tot_l4_data_len":9920,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_tot_l4_data_len":2520,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_tot_l4_data_len":2566,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_tot_l4_data_len":1668,"flow_min_l4_data_len":556,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":556,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_tot_l4_data_len":1271,"flow_min_l4_data_len":31,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_tot_l4_data_len":2520,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_tot_l4_data_len":1238,"flow_min_l4_data_len":63,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_tot_l4_data_len":1299,"flow_min_l4_data_len":59,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":649,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_tot_l4_data_len":1271,"flow_min_l4_data_len":31,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_tot_l4_data_len":9920,"flow_min_l4_data_len":1240,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":1240,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_tot_l4_data_len":10080,"flow_min_l4_data_len":1260,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":1260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":27,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_tot_l4_data_len":1303,"flow_min_l4_data_len":43,"flow_max_l4_data_len":1260,"flow_avg_l4_data_len":651,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":8,"flow_first_seen":1603816434587,"flow_last_seen":1603816444528,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1603816434523,"flow_last_seen":1603816434855,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1603816434629,"flow_last_seen":1603816434766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434657,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1603816434670,"flow_last_seen":1603816434802,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1603816434542,"flow_last_seen":1603816444513,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434794,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1603816434569,"flow_last_seen":1603816444507,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_first_seen":1603816434855,"flow_last_seen":1603816434997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1603816434584,"flow_last_seen":1603816434709,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":8,"flow_first_seen":1603816434664,"flow_last_seen":1603816444508,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1603816434628,"flow_last_seen":1603816435041,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434722,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1603816434601,"flow_last_seen":1603816435020,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1603816434659,"flow_last_seen":1603816434682,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_first_seen":1603816434766,"flow_last_seen":1603816435089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1603816434586,"flow_last_seen":1603816434622,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1603816434721,"flow_last_seen":1603816435054,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2590,"flow_avg_l4_payload_len":647,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1603816434507,"flow_last_seen":1603816434548,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1603816434590,"flow_last_seen":1603816434688,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1603816434628,"flow_last_seen":1603816434677,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1603816434684,"flow_last_seen":1603816435089,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00561{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1603816434652,"flow_last_seen":1603816434749,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1603816434707,"flow_last_seen":1603816435089,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1603816434641,"flow_last_seen":1603816435089,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1603816434886,"flow_last_seen":1603816435111,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"133.242.206.244","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":8,"flow_first_seen":1603816434606,"flow_last_seen":1603816444569,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1603816434519,"flow_last_seen":1603816434551,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1603816434743,"flow_last_seen":1603816444721,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":8,"flow_first_seen":1603816434721,"flow_last_seen":1603816444586,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":8,"flow_first_seen":1603816434756,"flow_last_seen":1603816444721,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1603816434670,"flow_last_seen":1603816435086,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_first_seen":1603816435020,"flow_last_seen":1603816435194,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1603816434685,"flow_last_seen":1603816434779,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1279,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1603816434784,"flow_last_seen":1603816434822,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1603816434661,"flow_last_seen":1603816434997,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2558,"flow_avg_l4_payload_len":639,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1603816434602,"flow_last_seen":1603816434650,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1603816434585,"flow_last_seen":1603816434765,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00562{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1603816434518,"flow_last_seen":1603816434566,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1267,"flow_avg_l4_payload_len":633,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1603816434535,"flow_last_seen":1603816444528,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434725,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_first_seen":1603816434764,"flow_last_seen":1603816434897,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1259,"flow_avg_l4_payload_len":629,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1603816434772,"flow_last_seen":1603816434831,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1603816434680,"flow_last_seen":1603816434845,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00568{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":8,"flow_first_seen":1603816434670,"flow_last_seen":1603816444524,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1603816434528,"flow_last_seen":1603816434679,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1603816434595,"flow_last_seen":1603816435011,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2534,"flow_avg_l4_payload_len":633,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_first_seen":1603816434609,"flow_last_seen":1603816434806,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1603816434569,"flow_last_seen":1603816434601,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1603816434599,"flow_last_seen":1603816434750,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2504,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_first_seen":1603816434806,"flow_last_seen":1603816435089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"202.238.220.92","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00566{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1603816434678,"flow_last_seen":1603816434822,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1283,"flow_avg_l4_payload_len":641,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1603816434524,"flow_last_seen":1603816444507,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1603816434643,"flow_last_seen":1603816434680,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1255,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1603816434656,"flow_last_seen":1603816435111,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":8,"flow_first_seen":1603816434729,"flow_last_seen":1603816444586,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":9856,"flow_avg_l4_payload_len":1232,"midstream":0,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test"}
diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out
index 3c69eb6d0..ee2316cbc 100644
--- a/test/results/quic_q39.pcap.out
+++ b/test/results/quic_q39.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q39.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1509098995610,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1509098995610,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02201{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509098995,"pkt_ts_usec":610775,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1509098995610,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1509098995610,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}}
01938{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509098995,"pkt_ts_usec":619706,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="}
00442{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509098995,"pkt_ts_usec":647453,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="}
02225{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509098995,"pkt_ts_usec":737234,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAPJ7rSEb7OSWDCABFAAViAABAADgRtGEVnbfjqtgQ0QG7ltwFTuA6BB7VA3w2dE7ZqQu\/HA9+aSHkQAacyJMtou\/Ld+GIcjTwAhOnbZl1DccdsXKM9X+aGBaaEp2k+gMriAxw7XUSiNYtQZBUSBNLFOTdb1hYpN8c7IZOsaDblarfxUPQxJ0gnkUeqkr4fuRbUc3rNSCo1QMBgMypO2NvSL5l22mGXYSmNX3toGT7ULzZsB61Qo3VdWUFY0IjS2GhkCgN+m+wvx9GGU9V5L0IHzmROUCwSwmxHH1ErMsKb5C0SPh8Moiuuma+1VPhe\/4G2icjKqB05ASgsiwkrwe4SR8d3GFtuFbHeuQE6CX\/fbhRn85iCZ81UU0O0DtLEzTpnpEMp\/HcwAW3wA0AsKtudDGHnSOUULPkFVRBhVhpeLqS2Li0YMUrWjkhCHDN9UoHpPxrqdDBOs6cnSVYtFl87oKhCwSDMwSNx1tbGBLcoib6tTeCM4ikOzQpKXL\/lxnGVpm2twrSoh9tDYCOMzC8iEwjRh8w8znhREm8bviBNUYoIfHaNCNbITO03cVWyavFVXmYqlGo+ZASq8dcX96Cx1fYD2dNrv4jvEfzhZHi9j3aqseDNoE+cm3+PWctSwnMNfg\/cAZ6+izl22P83dYaovKhaYXtYVtRaEh1uryXKQuvrbxgzqoMuHHkrg7QEJUZ5gmgRTEecPSWIb8SUwZxdqcpLdU2L\/gN+0XORpCHTJoVoXg6Lvf7E\/f\/bT1pGfsk0tHNVABNBD6SIl1dnyG5O14yJfWoVmTI2+G7UprA72A7KqcWm\/Y9PRilKUqk0W23OKWXwmQihG5TnwqOI1ASAfZdL\/efwkHmsUuwXwuaJv3FGekCSnevBUaUlKAb3RLPfFDu91ImNXm9aoyBuraDr8zBZ9bqaHnt+JcnWMwjFSOpYRdAjWYbEr13AgYr52pgu\/XfErhcDNHbPXjSUwKIzgcTnM8QTMujWWFjUns5aLY\/Mv0qOvbYcFGwXDlw8OQM5Q9vAraMzp0pOrSxRQJyeSoZ66v\/2PjjGS0ghqZ5wQB3xtFoLAlr2HDEgPgkAvO2RItTesAv\/vsh7iK4WvlZWfptfy9Gni9zKT+BCJpVckSsMJNJa9QOIqDZGcD7WdvqPZ\/+gs8I2oZlbXo5frTZi1mSER\/Qjm4utM3efHWXJNIk2goUh46mzxek43peBjGUnwswHlZbLnqUTKXJel3ddyov8qXphMbEnQYip6mhFYg367RZ8YRU4EKrwLm6Xcw9FNoa6Z5lJKJijsH5vSnEkZ0v8YX0MjTBReOeuoFmSr+AJVjpSlg\/7643dClWP4cXx3jdn+gn82y3LOeYLD2p8lV3aWTEv0GVmHGW+Hm9xJDl2bHgxIBcRhyDRGQFOC\/Z7+ehu0MP0\/0K5CKWxMw6rUTxM3JDgsEv2bV8wJzw544w3P4lqj\/UGLv3pSXxIfWP\/1WvqksJ+oY1kY5SVPXHla+pr7Q4eBAjdUPT41ziSFsQn5NBuGGWEuFCF\/QbEKcOu1F8TZ\/1M4MdpRIdqR8tFYEo+Vg9m6TwjRMK66fE6Mb60JRytY107EKpRJxBagZcwKIXCY2mZAsGOuehm5fQ1M5eVsO+apeXG3c9KMIURyf9ctvuQNWeWR2FIFfoH98C+ht+\/SSxjmFeV\/+d0QtrQ1HpAJKWfFcOZ2e+SesZS6k9AGyJLmN0367Nn6pJG6hN5CQDPLk+C3kOYs46LBkhHg0plOlFrwwdKcByjY68Z2VuRM7vrTmQWs6\/Tsdq8ti5cqSfOmHnALup6x5Ipr3zDykeMyuckk03bWXQ7Vwm7LKwDjsFd1vGiyvmKkwy"}
@@ -16,5 +16,5 @@
02225{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509099002,"pkt_ts_usec":658145,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipy9AAD8RBjKq2BDRFZ2345bcAbsFTok4DOca1dd1bE1NB7n\/rpIFgHtUM96xZF0GVfYPWRwkZ4yP60AZq1GHb2QAF7rjwFpSfz1mj\/EjuaEhYizFTmGKt+91IIo4G5AVRNyMWWITa1+O6mILjEhpLETYoIoWTFfErxi2z6NsrSzzpd29SL7Cnquc0W3z8omOIMtlB0rvgX04jKKgT32hlpVFK0sazG\/3WEgWEKoZ57DQCO9WERU\/GNcYGxhFH3Un2mFD\/WyTLohtkpFjtTYf3a8s4X4qlPJFPuwcThJ\/BoazlhaMbmCj+8T4mSqhW5EDv1D\/gzwF9YBx+uyYmBx2XKJUO5wojo+1jz8ll9Y7agZ2dvomnEdhK\/glxh+M2DwHeo8bv6DM7gMG0SHAEwQ4ME2mQA0FvxGP6EZH9OJ+6ss6deSKDzsUoYgF0lQQBVV4Jc8zUjRcZ170PK7jkTgizBbHElUuDjecZU7FjrlIsNMeWAplvUulCYEawFc6k3ABAsIbzi2Qw6A884B3kzhbjGSJECuncxhjYuJnXzI7sDwP2ghXTkyA+kimHL5766qGwFqeaMTMqBUhvtN+aiIsYLfvcrKn1QslWdEgXuXUnDQzgd4PpHXGpcFnFgm2tBb9tIGrObkeSxVvqtHcE6xhLAhvXcVrNTJWwnXp80idCzE0nlrameiH9BxweegI7AleU29QRp2e+9ygPdL3\/IVTRuar+bVlU3MAPUmzp7EfXKncnxansGPswBE68l1kx0uQH+LzrJATDUZnodrnSBYjKHAQGs9Rfb6Wlz4VuBtSq6Rla0sx\/nIvVUQ6m0HRxvF46NDFVwajCWChs+dJMLKi3TetsbUwbtLawOTlEDenA5144T4lt64q3dtzd4VVnhFthY3qCpdCxEtQMoWRYA9gCSA7rCFLiPmQmy4HAQ7rsXkw3C9629mSxM9HCbIcf9jymgYoKbTwUNPyXh4FAB8p4lSxWSZIjrWNrnZ73Nhy7P2m3DYcpW6XJa152Hayr3pbOJW5Kj0j2ug1elYfi\/NLpbHbFyJlUNYGXsMMbmjfygwucIQ2ynpgpyNvxt8XAS\/sI4l1GIIG6MtxOucYEDtavEWjWGpgSiKedS1fvTxBvADquDHg\/ux20iYHbks\/\/p2WGriTQoeWEv1kSlSdT\/gEfbgS5IR8S4E2ncu9qlexOuGA1EpTRkQ9SgSVOMDxtOmDMI6Fex1Bi0vp08RpTSvDbzW1l1QiNivixatyGJl1FF46DjtY7q4OYHlGhwQXf2gA2HJeqUWZ3XFjxpJAwQ8xoKY9nelCdYBsBgAgbZM\/zMO09cj+Vzcn8Wg54UkmIc22VNoKzGB89lH1\/51gA4UN+wZrdYSvaLjPWWmrlheua2aQUk4xdVlxjE\/Yh74tM3BWCMDegflbfLLX4MdA\/nbOGKabWYCbniNuCsgmimf3+guIhzVspib6f+yR6\/6LleVb8gfNcwO4NS6CruaVil7mo0qoqrGaNXKBeP7dUnP11VGpvOBvS\/eu3BHQIqbkNr4T\/2rAM66eOELs0\/cvK3Ag4Luxy\/jMEXDVXr1Xuz0jl3CImg4gEBjlT1ur51Crko6QVANt0b7VSyiv3x2dk+pAwN8fdbvhXHHdUMj43SdWJqiTKaPqk1WAutn1S4DZ9oUMHTZVRVApAuwSTj6Ieo\/KdMnO9SoiZPva9AhsU2bDvsjxCOOdD+yYAmOJTqwkbQzSwVLbgL2uMGtTM458RyKe1i5GuOa6L+JyeOfebUifLHADasrdy6Nl2+Linzu7yIK0AyA67FdYEoOL4Uju2WRndCx8UAIvXrOeAAXyCZl1"}
00441{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509099002,"pkt_ts_usec":669430,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAAAPJ7rSEb7OSWDCABFAABAAABAADgRuYMVnbfjqtgQ0QG7ltwALBnVAAdiKdDVFsewFUV9tQMV4S7VXC08w2rtkQj+4PK61Zm2gXhH"}
02233{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_q39.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1509099002,"pkt_ts_usec":669496,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipzBAAD8RBjGq2BDRFZ2345bcAbsFTnGmDOca1dd1bE1NCEDGSCS6CpN1gn+hs3\/OBWtuqhvbB1BmM0CLGfGZXhrE1a0YMUWLncsB3JYlR0zQR58euNUaKo10\/scQGQnEFufSBkgnU2frk0WlzryDYm2sz+IorYl62WCRmKOufrjmnfRuxa+QmKZ5OSOn95peSYyEUegRkVwv5J8IRpZfBNlSpkW3GlKkUGpPzOvZQCQNU6ierzq8OyOsKYBXRYE8LTgbRzx5bvR0ElNCUGQHcerGgiqoibt8RR0OVvZ7XuQlXrh1LVMkCBleV3FI6CoRE3mvFkZD71LGK251GpID\/BzrZBprJLKWSkM4L\/MCUnhQ3dDueCThk8qkjpfnkm4t4oacIr1CcwiGfIVgFCWdiQpJYFqK5EtjXrCILEaJSYSlqirijr8Irw1pKxlb7KRyNi627qiQeMULDWWvkd7cNYL+RvcKDpuFItNgZ16cKJpOvy3B+w8YcNlTt3QbB4JaY4vtTD9ql0+oBKH5Cl2sQc1wtWaDwNo85WLijHkHfKn4kResl2rjWTzlPF9CsN6tMqaeeqKqbvEZAE0be4eblaB3RtHdiQ1IPhOnv71XkHArzB5ggHUzn4ZWQ5qKViJtNMgAvDcChWV5opIzw\/zFWMaaAHrrX80tyo0\/Cn1vwu9GKmBk1kOk0qxags\/Yby0BCWH3R6qxpjI2ePbaCAN\/CZ4mrcnjtd8\/8yEoOC1F\/NZQureeglyyr5WPZdl+I9+0icXcSSWIGbnMbCW2Gqnan\/PEF6yEFRbrIuK9rz+CKpCp3xWhcprXViDQXiPQTcVafXFF9iSjEaxr93GF3Tx77dmBjDyl+bkysejCHxgldhZJfVsQ9yXJZvHA\/vikr+dthXsOJISwApyvvOagJZNt4iwhFcTnr3sjxdBSc58qHCffPSg3CAqNi0\/FqcTa4IsqpRiRnoTkCfu1XF8SHBOu7AyT1c\/fubqE3LU7GukFqoj+SLNTW4cgl\/o1dy3bjrE8ZZNBfW\/2mhLblx4\/5gxbCsFWA+z4Ga9oLn33ws8j\/IOK\/9gRz5POJi17pLerOmQiJc\/rZN0mRVutFQUbBeBhU38zQ8++WcLY3uzB1tJli\/EQIwvmz1C5pTLqS79DJArMmvPMlmyRgjcAp\/qBAh94PXYN4Y3cbFc0kIWhDsG3MAoVKL6ptZyFg+OppJBQcRfYOFYvlhnRbWycb4pB8wzuKEGvNdKGe05WPkznr7nlJzkYSAhKlQ4JdYyvdT5aCd4p12shaypPbEKAyC+txXhm320YtM\/kAXnq3I6jNeWnWsWifcOCbYKKzlI\/lI9mAa34CHbC1wSujlIRBZBulJ5XFBpVcepctnc7fE1yTq3bKuOqNaZm\/j6\/RqnjSGf6hIiFirXwp\/K9IlWEsg98he6FmjSKQnZ2IU1LNlO6bsvarQQax\/krnwLzJbNKti8k2DS0AeKAQRaRXgW8eSm4qkRH9oHbEhAyQBSL7AeBg+U1oU9uMxPyIKGpSkkldySR3pkomSIF\/ixuiMmKDtUm+xzWoqga6ZTHMJMTFRrfGt5I7AXVA9Fq2\/OoDiaB49rmJu4CWOz7PjQrr8ww0Y\/2kF15xDM\/BZlFUfWXw9EAoNElGskiYB6oy+PBTj0dX1z7a+Vg5V4TuACnZrya0PKssqXYUMLtr9uO2YtKvqZk1T2hpa1h5XnLhRl255ZKEiFFAejFgu5WiQy8+db6bZMAtB84rYRAAbfvdvy2q+YpkjjAbhIQI1coBJ8yKsirsK2i2F49g\/nEOs7XxmMidu0K0orhrVjAa8mJjs3qw1aXW\/E1"}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_tot_l4_data_len":22131,"flow_min_l4_data_len":24,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out
index eb0755cb2..f648aed07 100644
--- a/test/results/quic_q43.pcap.out
+++ b/test/results/quic_q43.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q43.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388060203,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388060203,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02201{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388060,"pkt_ts_usec":203207,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388060203,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388060203,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}}
00432{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388060,"pkt_ts_usec":251652,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_tot_l4_data_len":1396,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":698,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out
index 60b6f7139..225382079 100644
--- a/test/results/quic_q46.pcap.out
+++ b/test/results/quic_q46.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1559632338055,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1559632338055,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02205{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":55044,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1559632338055,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1559632338055,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}}
00439{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":83803,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"}
02216{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":308554,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"}
02228{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":308554,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTrzqQArMTUQF+qfZl\/j6GDEC\/I+tHha\/dgY9YrBnIQRh7ycTzuKlQRveBbgIPaLRsi0ExNkrNV7kEMqhWFB8DVw3+iXp7Q0SPR4wk2prQv0Z9EAI0pujRDgT83qm1mSoLM4iQy0bz0Gm96wSsATMKmUKyFyFBnpTsLUf9Xvid5CkSvVYq5IyCOuKfH87rCz5QTkBH6YTC+QDCSrAGsbffYz9bMQO0R4i01YSA9\/I4aHEs98s23RNpdZor+Q4Oguj04Ui1Bg8f3CMHs0B1wKZWu7IF605ju+my8Ex28FSM3yemKCvdolaLftpnKyeHoId\/QpIb8iwutFlbt0BwhTCDewVFpV7BQBJRHSzzcqF3KHmxfGeJEz8HgPupbuU58vn9Kst3qPAnRfWPM9Y\/xuqQrVroUhIzD2KcGL44idNWqzV9MuP5s0aD\/0n00A8OknoaT1Z0nD6uS7MwoMEp3hjaZrYh1FVS6ZqzuhHdMfQUCymEejFbSmXbd58wxV444MjFUEdTCH9C5nplkg2PrEbadm\/t1\/rEMeg\/JOLjOqZeL3RVNZnVu+64GiTXTooYqjnh40z9xHOOmQOZyfle2iCVO8R\/ivXtUThQIVkJxvD+lByIAMuKs19fjh7OTQuW6brcmUpLLxNTED3sSOJ1MHHkPoWBfdRuMlOs0Ryz0ZCwxjKB2QykP3nGHn+U9cQJjEEK5qvkEMPYypV1+HtjqlPnl6iu5Sd3xNKaZ9FcaL83oG6RIF4zjJ6ihumZijejW+\/cRyoX2\/M6YpKMTtn1WRn9rhtQry3eVZPeQNVSd7XZL0VdvQ5vu1ggAQn5TQ5togK+G+4pXqF5jfiQ6DBFgLpBhWv\/UFK7aVWxuJrDA5S4u1lGTu45kd+19qZi53LcaXhMl0qJBJJF3oCyKeyoTTUDuHU27jmLWrpsAktKlqGf+4TuB3lSO\/EPFyrp8KLENcsfa5\/l+B8TZFRRUwAQv7YeB+SquPT+XySpsyvSWPmJ1OkgDGN40H8aBclc9K0qdDBg5M2dE8QYwGrrNKoCeKgtW9TnOyhkw6iCeSMxUnEz7I72YmaU3B4Qdh4i1suSJJS\/Is5YBD0LYW9RGca2psLfKVVQ3pVzCNm+8iuLUD\/+N5dsKBm97UDJJu9QZbvh\/17ADMdqmqjGV7a\/KL1diOzof+kNEM6D63PNaEqTcdTJU679aUQuDA36PwnjOfPQ326RaECpj7agr5AR7cT1hl7xR6U2rhzkl0Kz5J\/fIaAVikO2T1YDzpEa6ViQoL96Re5TbD3QjIjfR4Gp0AjyScTnvjlkaS0KPbZ3dZO0yuuI8K2w5rv+O9wTz\/j3JIVxILrgv+nrmo9uCpzcwBNXvDg5SBwN8NZxMqNH+W5G7d95IPrVS2zW\/4pG\/B+zxKwHjBFjH1xLbTp7hfN1GljHGDpVEQpGi4OAY8li971mNtDTBydQJmQ7gQlhjFgMlfgoeRtSHU+o01scTey2+WUdu3zYtDsTDdxFIAdmHZbOrHyzRES5q\/KmutL7eczEoW1LzE4ioLwIH\/g4j5+nlj4cThgEcmecZB7Bt1chmjIYfJVOi0zwKH0\/NJvwsPzAtyn1PIZKiwEc\/CbD40rT48BToIWSWBLXxWuohMPnE3FrkoivOd4Gpa\/0yzU1wMDSMH+mbgsZhX5zYEoGglp3CbY5FVv9cUPm5sCy1UpjiUb\/pbUisccf6scx\/oiXxAimL5KCP061NTFY85qjPvir2+lXCW2MH9mnIP3P3l0xfA0+tgQ+tN730D7+w1UgNyI6x8+Gr2OtccMTyA1EwS8"}
@@ -16,5 +16,5 @@
02229{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":335209,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTvNwQC77GGg\/G2KJWbGGOgUszpAlF3KPEXfOEsYhxF3SWYHIa9DXYq6sfNQ6RxYrT02zGOqoohi5Wm+dCKA9SM7roCOGggUqH7XqpFsLEKnlgEDt1h5hG4sBrBMxs9WAOI0cOKmOIYWDytPX0s0jKJZ19nxGdtsmtIrnUIFw3Tu4LaXg8rF0YbrY5\/dYn02VniGV7YUUV3NecAgKcpToXj6AsqssLIUfUX7K918mtk6VOfBPijWiySKk6P8caGBy5s3akpkaLPpn3otCOlyCA4i5wKKQezmUL9Ey04BxX4oFCX+AzwpYogYWgECiZIo8wliQbQIEsMuV7P0Ayt29tDtCySzGzv32dpM3v3G3vZ1St0QRDf\/EBdXuVnmOaZUcOWjAG9YtwYpBQJqgFcDhnoCBMpKZkxcdiXMs4MUK5P2Z1PLnJX2oDBpC0WNrmACZGcJ0jlQEdtmVvVO\/+rVOKoFNkQiKK3L6pFMpzgGVv77HAWNX\/SD70yXQpmxIOuVYhj9Z5uD12RV7HOY+4SIBkknyyf35TMs\/\/PSTsQwTnAEVuTX\/TjhPrvkp7993JtGFiZ+nHu8CeK19n19nKFzEdy126USIXNbSAvNdbvFTbcuNXNdBqdgfIcsFrYEFZHy0Hc7LZ\/UjNCWuSBLjbsEvmj+eiYJjH19IOnHVU3v3Ci2YWd2BwMGqWiJfWyi6kUe52kFkDVMzboOuRpAgZMFEBP4d247loXK2Zf+RUXFfm7g0NxbgzU1CLn9G7USd2BVCXbfVve3a0gcTlCdHLZv\/\/Qj2hVA5AzMV\/mQSebhKKFRf7o+ozWkmXMt2Vbl5\/FrIteryQiZOtzobzVLuqomZt4k\/ilGWjGkYirOC1CJ2O5vJ8w5UH1mjsBWWwVUJe4gm42\/eFDmbxjEEpQAvjHQvnljeNV5HZBy1fFmRRE6strIrNogXoH9wqQXGQUR59di1YOzemzEoPs0c6o1S38U+vY77Ynkg\/Ljo41J3zNrf0Tff6DXwftU1e4cGZzoyLQfvhNCC9IoeU\/JcuYbuSP3wSUGC8NtV5MpUxY2ZZhpwLHngNcrRCFxPA\/mGDAMe0WzFTcrLmhLDOnaKrTXf6Sn0ULe3O45yMJ4bQh8Vyb53iP9DwQ8bN\/HgqDhaoumPzxIDCgwI8wTIAIfqPOHEWdNHMNFtBtxf1kNgS\/ef+cM65gFeh5IPIJ7dwTJF8CcqWkkZBBtPsMUvlxx5dbPk+8lQNQKtI8LVvvq+O7tgjK\/LIroc\/D94JFBBwI1lgbr+AX7OJszqSE\/jFakJA04DkaFGZazrVJg4AvpvtAEqrqebVHn1Eqs8oJxtgPZo1YZbkASpne3a3cnlu+6YBAGFR3eMV9nftmsgm4cfbpfGusOBdJac95Dce2cz+CwuAt4xR5ZvUuTolNRbruMFdtV\/KVojXxQtHNsLEDShE6aVLX1EDQl2aIWHCzKiyiMWgW2WZLeurdZqMNnXC4OvY1iNFHhbfsb3AoNpll7MM13zG7AmbyeG57M0k3YPuv0lxU1kxEP7RJDQFZa9i15aTsLIOsqJ0s2\/NPB2OS\/UPdz2gmssi0\/5Oqk+i+nvgiIwCJ03LZZ8DGHDzpdcczbO9qHsoOe7xrnqFcPZ+XaoLnbS1addQIib80\/tjGr1PkGqKlmlw\/3FQ0xUPuoWY55dEwSjzBykcd7iG93IJWEynOgk4AzHuDStVPsnhgt6Rch4DszaA9GtdvUllxevuKkhUWBI1+UHGLkt2WVYaWkgoW\/Ui2j3mz9lX0v38mwEEDdD6FMrYgTYO27z4nFYEm6y"}
02229{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":336220,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTtgRQC0JTGzsSSfYHzP1PXWgALe4t807BCb1pJ8OtHMred3ifs8lCxeen+k1HTK67t89Xh4IyU23v3zzGs\/vt\/l1KGzBejYwn3+KPgeJHTRiT2p8R7eWw80f3J0Av2vF1D5oHm4UWxXptodklomg9qq\/8jr2USOiFYQzo3adzMeinycSNmf17oLVHN65ksNW2MCSAdWUzouy+6knG3Q3RlUFGalVRJPLzsCLgA5me1zDTsBrC6+9OydLmIH\/\/GcllqACjP0ynheBL8Qqki\/SpyYnhRUGx6qf5Q3B7Auv+M9BKaUnG0WGpOVrXyv6exClL5nir0aXgIBVub3hoMIjlojZ8nnY+k2\/yx8jMdxDZjMiMH2LTL7kWuzZu2AHucyXCk7O65Wa4qztLYwnvu+KPkyyj3KyFKj3MkFO8WXfPRMVPFnUv6GWyzXRs4o5x\/y9IGW71H4C0+dutoeFmkCjnj9\/+1zubdqJ1aM3zdNK\/zUGMjwv33OMsbtLJgB5moNpFFfo1iBNS+Ys04x7R7slgWGF\/Lq+ZRnacAXWIbECyAxZUZwGNGvH0wIsJGX+5asIO+fzKNkhZanHeZm+XstrNaq2cl7UEy21PZHfIZNocs5P0aTp\/ynxPP\/hEl\/REEYrlgYCNyMZUCkglxeKl4MSJnMZCjiOlF6ay\/h6\/KpUa\/57z+604bmmNGorxk6\/e\/7a4UKpIwoOiUm+5AioA8Wi27msHfzUBiFsYVZLGVHyCxDtVz2Bj7y4nYohP2nkLWPVzCyUExgBB3CaMxi2Lou\/oDZ\/JJIPtu4\/F3sD1+cDyd2urf9Q82E0bQVddlXFr0erQYI9LuNI99bh4xjcXor8gNYDtMtDGxTuerTXXAlkVBbuVr2Fu7Cq7tpn2Yhm2nBbWh0JHSWTU4oc\/3z3hLxYtx9dqNICPf5n2woKdabnPgwPZBWJmn8Hj8lCpMk1j9qvYZ9HwsY4OGVKBl6E4se8\/kZZfnf6hozqLYdTA6OCsOHGqct1Ygc4ZKHRcnp0fyqFGXnM5WV5Mq64qKX+2Sk5jqrcd62OqfvAItRDyqc0VngUWmbsZWNd1ukwCBOsZYK+ER2kZljep2IdkvDHh8EttBGiZWwjS2xskQwzPyQFUIcEylowaqHnbG1leuX6G2Bih907hkuthTe4r9cfFIL33856R7Q31tuy8ZCFERUUzpJ5jKauZVv2Rzr2N03rc6giYsQ8MZYu2pKmfDIi31jlEY7cNKwl0Lh\/kvlM\/RAeuknFCDVDW8SlliC0UMyXISImeCsetAFr1ASL\/iYy+Rh\/aF0R6yzmRAZuTBW1zsOo3vLeQ4Lawe8yOOqcQdL4L9313Afkgz6kLIQ0V2GgV\/MM2r7Gi2iyX8UIrCA+KfofYyCoR7qdwR7YRFsXSYqmZiNAKD4TAsryPdbxIO5z05OmZx8YHcBy2S7qTFo2tT4K2kmL8DH7G0w9uqUeidJgQQgzNp0b5sB9M6VcC6YsKj8id9OBnfNlPsNHJt4UynPZUlnwpAlNgEuPaJ0fhjBxw4w+ruaRVv0ZxvStphtTiuR67VSybpixYhkJW8wfWklb6vRz1faeZps6i7LigZspWX93Xxi1URT0T+9rPhnbWiBzF7SoiEZWbfPTGDnJCuQmg4Q\/sRDWfebexQmJTgCmkMx3YaILcGvdnfZGsPj9bjh8Wh+c1yqEwfHZOT4vcUs2+0KJV6gMNs7vmNVaTtilGUm+n45TEjckEJm6Tg56MEsR2FNkNsVfM5aIxY9uOZFdgU+Oq3efzGBTLFZXdmZMtsx+acYNQlQZkA3J"}
02232{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_q46.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1559632338,"pkt_ts_usec":349062,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTvUmQDg1EsYe0Hw4IIPzfn8wfNQhwOn0an7tljSwOZL4zdhRBNyMoFMRXJWnT+JKgN4pD7+fWIL9i6DEJpDVoGv2Uyc4T98H8kDMlfM0Sh396kz9TxS6vHpzFRW0yVGhF1G1nZtl1xaVLcWveCedsquOHu81jW0KUPC3OoDp\/vKHQNGwirYR\/c2IfZ1n+Wgk2\/O5aff6LwgdCVhHe2qATBRrzTPV5+H0Yu9lzgjnKSLkjHWnmjpmMeSIqGkcf2eregarfZEY2xwaO\/nw\/WOXa7BfkHVKowB+nXXN7PNH3M9daCFDBW\/+VkpKhrCPdYP1t\/7E0UUqE0Yz+okqAkQjHzDyin94wgqnC3Wc\/dk\/5Qz19ilZRNzwK3pUXuPnSXCxzVgq88OPEsQ8pd63tOVj9LTagAmzkowopTI3NSBPFvLyss1AF9ywgLX\/LD2qE6DW6d+RhJ9dVonXLT5F6jPPkIu53iASUeZdvvk6aEeYpRVa097cV1XhheEEVhY7zNvTZpuYwuXokrR9TywT7+bmctPhCDvCJeAmXforkEv7U6w\/FYMbeorFMhloXX90EBwcIydyfhujAE9J1cFvFPvqUSF60S9yJ4ZJ8Ww98mnC2a7L1ezLjZcu3ZEnx5pqj7euzmW58dKwHNoGgrNJfNkryBfwXnZ3j55DDi68cXNIYf5Q1U2m4DzXZ\/ZzI\/YMYS6ayMDBOHPk8GqPmZfz7Z2ZZCAzck0fSzAcTz\/7eO8exGoQmraKj6BojVn1DsiqqpXi42NW5lTsYZdKOt8R08ZmwJkNm4upspaZgf0Fo\/Vr0j08sUjClYml0PQJPcMO8zb+nI4vhMF8nKybaZS9ejfMtgIuZuwqIlsGDSkn1h17\/dyiHg\/+N7YyjJbCBpp+srcxF59j1g1K5ac3HQMTS5XK3YUlWqk\/MS761E04dEyULtNCsXFvhz3qLEUM7ewLwe7VP7RHMk48mPcwYDtDI7BmoJGAQoIeObu6QUxjhKJlcpK9eCi+n+gqZJ2BQlMclF2xlgk0PvfNEKlsLlpbBPPtGuWfgMx3QxcGI9AgwygYjc3duP5soQrqak0aLYc\/9rp4DN\/4SbYQXygarZ3OQ08Ye7+JcJ84ykWDaA2s+mqBSWrOKarhbGH9TLSNj9RmuJLQ6e1siFVefkspM\/p5wVxegy+Tz4xhyoni7lOcF1PalxKJ6fDQGpRtSuP5KutRpSlGMla2CU4uErznmUC1RtEnon+OJoF2uIYRc3XTL5fWaIEldzBOS1KoV\/cETBkh3I5NYO+7ByOK8p6xXsWfTu2xXHaVtqJAeR7hr2v72QgPzvMDDO0Fd1zRBBPpEpLyRmtUYhSqPyb6zsMJOq1tqZn0dqBFbieqdA4EWoDsib6EoL6uXnHJJU\/3RYe\/\/kfmvNVIjoB\/Jq+mwlevm8YR+cP55qBHlh\/TeE2podzm6KHrNTyhnB+A4PXc2M4DhCdxhzvI4lyf5qctN0bFMx1D+srUAYtiabuLguT0sEwQUOImlr8oJOTLk\/1xXcGSq7\/Z9sR5K1Ogqu6caz5SHyFBMquy39RGYIpkYmRnJx+nTPNjV42v+uaEoQb7EjEnRSjpQozX1m6w\/Pk1cMQPKCtgOoQCiNT6Fy\/LAbjrARSIzAjEftlwNihrRen1igci8e84GbTrVMzc4lV1k0SZRckwFQwYvgXSLrH6NHBlH1osX7rTIwtvEYUB+2TUjSV2KHNqlKQqkW3g2WfmWzfNiABYo3Epcb2MEA+Erelxn2pv3qxh7\/w6h\/ZwfQ66atOb235o5f3HEPG+QzBvLrsa"}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_tot_l4_data_len":20561,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1028,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out
index 870d80ab8..47155f096 100644
--- a/test/results/quic_q46_b.pcap.out
+++ b/test/results/quic_q46_b.pcap.out
@@ -1,7 +1,7 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46_b.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561708873328,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561708873328,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02272{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708873,"pkt_ts_usec":328442,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561708873328,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561708873328,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}}
00507{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708873,"pkt_ts_usec":357490,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02297{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708873,"pkt_ts_usec":447906,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00505{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708873,"pkt_ts_usec":447906,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":39,"pkt":"AAAAAAAAAAIAGNwmCABFAAA7AABAADgRW7Ru54YjrBtF2AG7sdoAJ2svQANZ0BQdTteTPGKYB0T\/Suu7ddNWywm\/bYiMAK8NlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -16,5 +16,5 @@
00489{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708874,"pkt_ts_usec":215506,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":28,"pkt":"AAAAAAAAAAIAGNwmCABFAAAwAABAADkRWr9u54YjrBtF2AG7sdoAHNKWQAciM2TV1kQiE1qM1Kw6R5Tr1LcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00902{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708874,"pkt_ts_usec":385304,"pkt_caplen":412,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":412,"pkt_l4_len":330,"pkt":"AAAAAAAAAAIAGNwmCABFAAFeAABAADkRWZFu54YjrBtF2AG7sdoBSqgFQAiaRoBhm4qKJVTpkA3mDdIBfkdOkRvPi+OiQ2f6ebmI1YwBlsY02KFPc0pkrRO0ovTlT0Lcre6Tsq1rGTZntLXdoAc5wlMtHMQO9b0N47QPiGMudRCFZvQ7xo4\/Oqb3JkD75KqXjqoA\/dl+h9qdDqMp0Uq8fkl0Ttwpc8qUhpNe2xry9oglOOPazua4Wvo3lLHIvuzNtIlrBCh\/HJSZNYATUyofFp6qNulSMmakhMBq9G\/XApD\/AN5xqFUCGBrmAvJrztu9HLfavKHt3gexWo5NtTQrLCfNJez4pKYUotcM\/44wDEwwDyQZkIi2pkOyDhlqkIYgFnhZDvk4n+fQoH\/44Z3yc7giiqCxjERspi+JlpXHZUasYidNtuB5\/yIfpccbo0mgNeTKaktZ7VbQcDEhl1jOUJRTUX2eKXFmYosmPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00485{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_q46_b.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561708874,"pkt_ts_usec":385304,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":24,"pkt":"AAAAAAAAAAIAGNwmCABFAAAsAABAADkRWsNu54YjrBtF2AG7sdoAGCfVQAmmRyNJwJ7Eza+L+zYDjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_tot_l4_data_len":5380,"flow_min_l4_data_len":24,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out
index e8bf9792f..ef7d0bfef 100644
--- a/test/results/quic_q50.pcap.out
+++ b/test/results/quic_q50.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388088469,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388088469,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02220{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":469619,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388088469,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1592388088469,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}}
00450{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":511729,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"}
02224{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":591640,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"}
02228{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":591706,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuYYx1EwNTAACN9KCJ5O\/156AEU0Os6NcND6sMIhR6wlQxJqDPKTFInXtiCVq7Oak\/Y82V0XywIxz2Whx8Wb2xUiZNk47rWK6oUgAo94MwN6KceEvFuaQASNHR6dakuMekdgMvKyWSoy7n6Kx6gcRhAvSIyiyivq7Xt5HstbWGNobzw5kW16it7xCvkjNeguznt0iKfYhVjHujng\/mIn7KT3rF0NdWtPKuRStas2FlOjD1KkMS9uq7qrUmpT72kEMNvQdgQQWc1+qu\/V9YVOZimYCxvO7Wt6gPNNMXe28X0qUb\/R88QoC9tLiwD8VmQcCZWnnwHftQT6t9mj6SOPLTxi3J6Qy\/azKCA+3g0XWUroXTAyqyxvYOnCkadn3eydA79hvFfw7hRWoftcfjYhFjSSDB+LG0NyE\/I5iYus6u9DedOhynlL8vB6tzr\/+1AR1X132TBRWmEZsyQ8fcEc631CffhAaA5uGUHlkoJHYaU3kWEHVpwR760NENnHg1MfTZ7ZUhVfph1lE1r5XNITcJrjlJRyZJBxNU\/IEEI8MujV265G21AcaVMc6szhK1Wx874zM+OeIwciAaHgXMYrNj7WthHd5PBtM8MF8SaNdoGYpcgsddH0GoZ\/3tq+2Q8GGxuJpOzfa7XVC9vJio2Lw3JZIvYv\/iXFhHxbjvAG6XePfv91jtV\/kZc0hXFCusoaLXfFJihI7q2H2FISpAQQjo5VEWT5vu3FajoiER6SQe23SIsEmgwipJFln\/ukd3HPHxZ1ul5RU9Is\/C1aceCEldcNKaN4VeYKoTWyjCpZFVZ64+HAtBk3D0GgUGD7T+h8BXpTq2yhqs7mM8jmOatp0xZo74R30wT0FPlVt2\/yhC68rDIjWIKyB36XIie2e3N1Xg+Rh14NvxElS3hevnImODZ6pAtqV3lpijp9PYtcTNZZa3GHwCxtjyxLKyjBt2PmeukOn3Z+1TzG6lAu72OuSA8F7Ipdp5l6SSFMGx5IdZ\/MoWGwImeADjm\/clLuj9hTf5G\/5R\/ywjTXtJUbbj9aynNQOMVZaJZ910woNruWRoBiqi0nI12HJIY2+WrYcjbAxySUwBouZ1gItm05egY4c98BytQ8TgT4l751mRafsIpIXzjdSoVg+yujlBxrLT0Pf3rdxZkIsfCnfW9j5TP3lqyw5u++O+cs7pDfPEEZ+ic1O+bSI\/Hy9wEZWf8jFhxDN7sOlIyYbXUleuvu8g4bpmRks4Jeg6SP67NjLTg\/Y8HwIsuf7EmrJVcQwMp6TCzthaROgfcAF5zF0F82CE71TICU5u9o1CBjiGKKuZtbbkV9Yue1RZbgp6ebsRkTBGsOnDf4SAZ3Ky6SdFm2TnUzcSdQ27ckpzIRvE6KaAPHZ\/Yf7varSH7\/v0fO8TvowM7\/1UwrIVHhejk0hlCXN1oRocyWJ1els7XFynG53RKgHQgTt0jEpWtqMOF1vfKXQy9Ta+FJvvGTrPQNW+\/28FJOSPCxZCqAvZM+8lJkqCZdh6lCet5KlK5IGz\/iR9WRBe\/96dCxsyck4A4u7INRs4Pr19tq0wHFmvgwhgJwYWr+DSNR573UiQZLAabtKJydHVcpmdxUE4aA4j2mtuMf3nWgmVwYD8Rc1oJthfCKlIBu0GXZYIyFxH63RL2xGpT1ye8Y32QC\/SymMtquCU6WSC58R+5BrLSghz9Iilf0uRYrSAy4nfJy8rwI10f9qZGmFH89aOtamU8Q+MnheA2OG\/dOcdAp9q81plhWrkT1601cQ7LPkz37vAFF6jkUbyboxo\/Fktak\/07yc8Vi"}
@@ -16,5 +16,5 @@
02234{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":913965,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADkRR+K4l8Ht+JCBkwG7mSMFTq8FT9jSXX46bsp6\/CFoHX9sKJ4iXw4MmUZhc7\/\/7rnexr6NMKz4YF0arXlArXpSG4APmg\/yMELwPuNeLu07O4hbj7F5GCg4A6JT\/grCHnGll\/AhHzsLlwZayeu+RwNfUJVAaCcOM0EO70V4NLhIkkQ2i0VzTc5gvF7ySz3yhRh6mOzGryfARLNU9mlr5+0I5y3P4RTU7cwfBh811cBfeOQZfJCnTTykMpLApNw+kC1ppJb98F9HglJq6ZPqd69aXIZGT0Hxq+H5yIBAhbRjRt7Z1N55zbQ21Onn2R9Yvsm01hL1CSR7O67LjJPwPpN\/HoS6n1QYxjHUNDXK0K5gAuvW2x\/0Ey\/rQhZ0\/eQvdIHukwyN2BZ7zp3j\/qyHFzSCE3JgphS73cGQaRpMpq1zp89mUyOlQ7NEsu6b57pQnso34Z7KVw3hzW8a1Pth3Cg\/9wtyLVDezlhMiCBIPmuffGY8iG5uvhIskB7LONiOZbIFcZDTOi16v2QEZxF56qEesp4Qk3dXNc\/67XbXwuo8TPvZ34TLsWGiQXb2vd5wrQfb7JH01BpqHKillo5ZSCpq0Snm1NG2gq0TAu2NznEpMIUje2\/NVTh5mwVqa\/GOkmG\/ssfzKblXlJNoONYmHNCzbUMtuNlPAYSvSwmV33O\/Fk0gBYb2XXFxeyDn2wNCPJbCqYbh2bn5sF8BLcGxixC7cYct1+GNUvGvVK3ExOt35RRH\/zU2MX4BAvbYolaH+h16nHGL4Pk+vPTJhpq7fG\/Ay\/Uo7txX5V1dwR217\/GfcLS3lbgpPyqqnfOCVUE0gVUMCLEf+IbBGya1V62Wm608cpZbQvzlVn6waaWNCGCMnit7\/jxezBM5o5Omshk5vU+xdLniOycY3w9x1jfemXGqElpx\/a9NLMRaQH1DODgUNk+bkPDnMfq2p5\/CZIw3RgLu+wz5pIqc1DD9b9LMfKSfB9xGSdUAM+DBDLp\/Zfa8C6SKnCYFnT5cbPAxyfrVhl2kABZ1f0j85JrACJ59NouI6Om4mTQhCJfp1aSfvDzoSLW+GSQ7COKzgIeb78PeIx+qcToTKqYygEL9yHQB4dqqtAS8twAz\/kZKPpJ8Olvq3wBsqC+7Vagqd7+0KGEiwAybUBKxijpRmF6GW6\/8s6BlkXeXw5oezXeoPjXKcsWB7KHcpKKTu9rDnvNj4mnk47+MYGpCTIC9+E3K5MDC7CJtI8brsEFpLt69ywaKV5Ks153WIEbzKoMyiXF9QatxtUoOXlMfOtKa+qXgEHNjKUM+Ii5JbA00nk2Hc0chdeSFn9aA6D1KAStpWze1EoCKSlNzOF7SJSQBJ7kgCx1x67h6OwiXm3DZ4bFZiG24s5hFymda2oyeLFnC23LAijjidhwkxLJSSvYJl8oQThDVdqEH3qVl092ruq6Fz7cZFdsqeLUz4av2buWseTheaB1cDtkMH9ewK2LGW3UFaJ5JUWAFalu7TIk9dJsAehJeH0+bGhq2swXLZzaZtrtcsKBjQ4kc713YvhJEN9BjAWEtboJMuiaFd7\/CN\/agop04c55IZNd6l4vQUNuoJ1MMRGNnXtWKPjuzaK47DLzwa8GUervyqUfYrdoP2IBGydoTjv8CJIv4KMfL9IseQ4smLO8RceotDdZzhRV0kZZnL8VRb4jy6gw6UMKByvltd0c1F+SNbcGc1KhzZxYGTTtctbu+QHZi\/FaExo2rYcmeSCYiTSy7kBn7M\/3iRB\/l5d16faMPG6raOdf+21mY\/a+rUH3KutEK\/RHreWYdUUTyp69+kl5kev\/MylRiG5qz"}
02228{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":913972,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADkRR+K4l8Ht+JCBkwG7mSMFTq6xWrGdPOm+c5gD6m5ItYvOmOVBv+3kPujTmHeRYj\/mdO7Mj4frKpdRKYuXfjoePbvETcXIbiNr+ASWV0jqRE\/S32QQ\/7f5xQOWSdiQNC83OWsvB84SDkD1T1\/IwY9kHh9AOxQZjQGEBhLUHY1PbhzBl7\/jxPpCAximq\/4Q9pExGC+RHdgEqLcylg8CHhWmjA4jogo6WbLMzi705WcsLAUSBeLbIlXkMU2Og8OQU\/DR0XmKlPeomt0lInUGN7aStDfuq5+cJ7JvPtg1WV4AdkHicU44hB2+VWLjsjFq2h7S58SegoxikLUtJJy9D0zmVdHgR7I8LDEKnv8szSUqyXsvuWDhjo8YBc3zzW+BjEAc02UxFwu5qKc\/KOQmUoRn\/dQdCXCNhpWH+XHE6Dci1M9b5rseiifk5l\/khH1BVF7xMTtCCpjx8c1fi3ixa3vk4mSkCaddj3sL+NLMknmJiZm41xQ87nbt+mRBu20VK1ahZlzicfmUzZGPkp0V4N0Vnd41S5O+YjtHVLtaNrx595mnJDee460MKCMmhg4RXc8o00FcsGZ0E2bezia8gGVfW9szUR8ZkWC\/0kWqXtGzQjXXfvAgH4tP1iBuBu0pM2W3tbcCXchVYsujAI4TFRSb1NcND\/21Lr2z4SVGQreTl\/bl+1yQHYPDLK6+Vua4dESvvK27QhJCydMxBxkbW+EIFUI+\/S+dg7vBNOVgrp8KkRq9LIBPDLX\/IDbkLMscAaT8nET2KwN5oYNwg38lyOqw3QYz81pb3Uf8jUvk+jQ7bhxXuBrmyEIHd8izAEERXa98nreHzU2Z6I8E1vaWU6NWFksGuxdWJ7t6Zepp4GBojg8RoI7TlaumEZfOsRIwVKIve1ciRYJdFM1BXPTUzEfC9Nw6aN1hfbLcQjEnmeEnE11aKeuRS1BEj2ANbqScJOTzmdtsARjwICvQ6ky+LN16CL0WceQQH8VbNlp90rRuCIKCobPPGtY7H9KIs4oMRbMv9Waq7OUfJBxSrQFn1g016tIANY5A2GaSFo9ysN9N9cQkCPnxekYiENTVSOYpZ2o8JTHIUf+c8Y7KLcqvCTAos+kgmZiXfgVZC21xQkjy\/dRPP5YcPhiSS8QfeohJG5PDYyoz7GMhgP4w1w2BamtTiy+1uehor8mujlevgrF0yb\/TPznl0ieXo6Y1ej+bdvnglDhwpjh6MiwpZKmKEAZgMbQGWfWo3mcplIRIS8z7i98aidzY\/6nSRbKzc3JnCllRQJcBa0rjGgUk7tvVVD1ffW3XEvJRpRc6WcUYbA1uqdZfDLAsNj4F3lP68UyDV3WKm4eoFhD4ss2CBzF5ibGwprrQgXl98B7fC0PALVlB5QKDAd0UZmAqX0JlK4F7GI34TbFYU\/0j5mRG9cdPVxXSM7NeWTO\/3FdQOQM4TYSfVn34vI\/6aMUgh8UIyWzaBjZ2CI93AvGieVK556sjnLcgDl9GnBA\/CHHDaBuKI4W+pj7gvZf\/REClD4kVXqidO7XTsOW7Qd2QAgcCUbFC\/gHPu+qkbo7RIjR4WMAY5r8kmQgy1cNq\/ganfWHUhAF8iKBcXCCTz\/j9cssyFB33yZxLqJAGwxcIvqrqK6AS6TLPq2zplY64jll8RoNejOJZLRzyItHA0iOdU\/\/ousA1co0ivA9m9+o\/NRCS8aCZtQTZ5T6qqdQhXb23qA9pJqlk0niTMf5SUhtik1Ts7PR93zNkMZLSzZ7InfIwKZEhKQqh4LjzcT9wWkl3a0YsMmnOO4BtK7YJ1gehYG5OuitwoQFyBSK22GzhuHIq"}
02214{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_q50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1592388088,"pkt_ts_usec":914059,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADkRR+K4l8Ht+JCBkwG7mSMFTr2UUxzWygZ9b3y06pi5ZYapHKY9BS8JU4g+mqRe2XZzTFm1pB5lfWD4XEQ7CJcjsxAxChd687DeKIyjyk8x3oKzISjX83CNRZ2vbT2MvVwtLGc0i1Pr2qw4lwUu3R+NukpnxEbkPw9S1L7aOa13Rma+gGROdnyg9svhMRF3QeBC7q0Jw4mZZs67C1I6Z26MbVM1LtlhVSp2M+rbXkNQye9P56NVO7HbEem2REGM5seHBGqn8VsW3GQjCsq2Lw6qQsGbiveQKXQ73zLxygzHcIokoYZTVRIj03xYRdzNKuo8hsweI8l4S7bqKbi+KCUAORr+9861zE2rjtIfrxPwyyYtMJS7aW285y5lzCY+y89px829pAI1NkK\/kdvLUSN0VEEb2xjpSd6k+wDeZtwhwvFMidXuywGxts9dBAdoYmNmsmOYDf2R6sEubPt5YdNg\/f9Qn+sKLmPdsT8MaT7jFhr0oikXVwDyx5RuSOhYKGYGa0TRPeI7TpWdjdu7Y1i9FNnfvDwM+pH1ppCnuxTiCegw2TMDM\/WGdxWlPzVQlKgef9bzDw1AbXurxxJUKTX9dfFDdbOVymxfUjb8AhWJq+D\/BUO9zpjJQ8gRlSFER4XBjT1z3Di5PZLqQYf2ba6ZPAZqvzDTbo5ZphRqWDBoaL6q+HhUlbOuS1zivy2kjcBzUFNCTj1EF1ZAHptW7qyiV4IIaRNjnpVyANDHxJ538a9SsEUZ71NyHEDff5qpuqEU51rmcZidjzJAL7AonqRT9T99WRSO+3+j4xG1ix9OhyMQsRCawrqs18KiMKpdXsy6SitTNJ5o\/FHZ53LmB4Qv10K2++vw7bLc4RwBgxI0vwJ3IW9xBymycm2RB4f5IeyvChCTttLoPF1dKGgHtVdqRfhrBT\/mOc4o8Emw0tFAz1ocvvx66xgq5VTKEdNsVQGssbLdigAipR22vNeHoB1Virf6gtstKFEQDAPcAzTJHa+LIczW3Y440fT45gCocVqjLQzpS5o8Hhfilo5Mlhx2MYXAkwzpwItCGR2I1DPHnfWGnRHUG4HE+JMuUmXOVRLvDb8WOGnyBzqFmSEWyFRtM2SFFmNVEs+QQe9MeJ7g5C4opxJAGvUgmPx9COj0xXRdhTJza9fGKdobpt3EpUOTPSd73VZg4po3aMwWxb5Jeo+FLm9eQwPX2FVxQf92EGQPA6MFlmCxJfGW8TAl5FCSgcjNNHVf2p9XXKvqWBffw6645FBEcnis0IRrnJ+vXQ32hg59+txLkKX+KSLOlt3PdoMYLBY+cXTFFFU8Va62mRPJ9v1gr5G09m1CPVyR8YugWtOCg78BBgwmV1RYYvJJ5msim0hzmV3RqlNUXjaJWOec4o6TY1EgFbPMV2qiC8J9n9yXV5YvI05g4IOlqR7S2iqZhqYULtEWR6ovIpNXnrZJpy2Yn\/zYXiZVZE023vTTnBDx95EA\/cI++FVV2wG2YR1sAc79D\/s1fSQWrDliG530wWJyVzvDWWaJdBia3evaJRW9JJCGGMr56q1SVQoUWgvS6eELCd9V8VJ8DagVQV+8H9sg54sHlzHBxIwDHfK7ROpezRnokDq\/bjW5ztu7Oy23WFbid9S0ThBecI\/8EO9dB1cBlHAkkL0IJ\/Zvli6tNzEeuTP2+1ak8ROcgatBAKEuuflz9JINeyMH7RyfTIP97\/S5ek7gGEfVidR2nCnTnx2F\/kKhg8Gktkb7QYhaPMw9DSXpeKWciUACqjiiTBlMTb1TtFFfwFRneqpdQT\/5mpXBhWm3GpWN2LqM+inieYBwNLFo39t6"}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_tot_l4_data_len":19754,"flow_min_l4_data_len":33,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":987,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out
index 8f840ce41..2d2b58b1c 100644
--- a/test/results/quic_t50.pcap.out
+++ b/test/results/quic_t50.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598618820564,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598618820564,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02225{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":564956,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598618820564,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598618820564,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}}
02233{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":569890,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"}
02229{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":678251,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"}
02222{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":678307,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTsI14VQwNTAACFVfMtNfKdhjRTV+TZdrbCv33x6iH690PyehJilsagoNTR5bonnLL0dBgoMc3YX6O7TqPoYEmBQhBo9qpBXyGoeAWGhcJFKsYDc7\/u4ZX2hLTAloQ+a\/pdH22A8suHezIhbLeb5134q2RA5HFoZzTMTZSBCIhgTstv9PXQCwumfychHJYHs0Ft6yq7RAocqUEq1\/LWFpsGhK1ImBcJ8BnDM5dxDKgRMGlmxspqHoB9\/LPeslqcwLzWl9OQB\/VcpU8C8sGBntQaRgPwf94pa0UqHMz\/2obpKwKjbwwgbEskSQbqBuFooA5L9rz6S2jrVdw6PE85FWIxp4KWk1jQusgYQi5jN8GLyCPIvXHA53qb7OcsTkg4Ww7b64NWwW9ifQuXd+Gqe+UisPjifLIntlpGXlYNIY7BnAWTPSpwUdXy6Qtqrk8X\/ruvgOsv6aDjOLl4Ge8zEim8Amf5sqpEA8LJyB8Sv5O66dtJK+I50u7YFLUA7h\/tgVP1iPhpJTEnCH16DKyMXZFkbh9DilxI7c0pOAZLYJr48QuJox4RoLFZ9lMTvsKjVku\/fWAMDXEQvaFNwvlBvlnQb9JbaVASSjOzlsBofk50BdO9mypm2dSeER4kNd6Y3YDYqrbu2dewaFT5S3EXYNt0lT5NZS8OaF9O08WAiSZmR5vmuAfuLO1zLgGQ1Euwq86NKKfd7X3h+4ViguppZQrMcNF2YojGrt5MMBgpSYR9Hb3pj7xTb0uSkVCu72ZrfL98amuFAUy7Fx+treVOyYo3k4jCPb2dH2G7olLbbzBoDbI3iNF6Ekqomn+sjkEDznbOBqf5f+SFEITZLVshGDkaECMNIlb08WSbhHUCFxGcOQ3UPyKpjOEVlwdNr04Te9hF0D8k4p+KIgi1A+waaYVHLFETZeT8YPT8ZDHf6kMrYR4r7+vw1sGIhuXD7dlP3xV7QBWhPLWn09Zzf+Fjtn\/rGO7M7jIytdlLNCA7WWcqkE38zytO4rGXwn4Db\/WD3qNvU2vCguVZQJh7TYQjHrvQ1m\/kei6U2kUJxRU9pZY4RgTao34mbxevGfXtL4ZcIwdhIqpGsExlSBqASylYBW8VtVsRikCdpzuCR29+fKrJ5GQKsbKq67MSom7g1SPuKRUVpcCxxtEonsShqkNxNzZ\/KxLmT8v5MWSqqjE373M3Qtz+UlarcxgwlqXMcKkepFzis88I4xRmO9NUhDQaOshdj35UPLk\/InvvlEsTluejP7p5FAbc8LG6s0arB0tweHuxaedQ3ZSCoivRmpoiifHNeSVAt5G5yOhX3uHflkqbYAvXXJvJz\/9ghC6SZTst4VCRHHiBQrVKQogZkzh\/ykPsgutAYqQ0MMye7j5zhBayUaElfmpZhnfHZOgPfYCxTTc\/RtMexJr3LPcYh5ge32zWBwHlWorfSgmJcAhbebG7\/n9y6h\/ty\/9E6FoWOluyMMDQ7gv2jL3WXLU+cqEBJmMDsz\/0XHB8yjYAMFXAREmTS0tJ32G3QTeLJYyzJ7BvLKslWQtK1WmiJD+z\/wfOk5auh4iSdzg1KQ669g2tPVS4uwbx16g0jlqJL3MH78oeMHfTePuvb550Dwg8s3yCO8hnNoYt3ZDALl0JQkpBdmXoMEdlyv12lpf7U0iRGf\/4pr0CE0SG8rDso+ecL+ggGjpdwPWgfQ8nk+lOeLsTXddVYv03OgnFqwhUvd21zzUyTUY4mKGWFoQ1WIUFHdZw7rjCzG6mB\/mAXdXyriXrRQk3wIAGulMvV8xiE03NCdGQQ5kPv7nYJRK7sO"}
@@ -13,5 +13,5 @@
00431{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":814997,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AAAAAAAAAAEA4e3RCABFAAA2AABAADUROZOm8LzRKJp\/yAG7wqwAIp3EV0N37QF7+ve9GD8kIKkK\/eEyjXLMkZGC0Rg="}
01232{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":815062,"pkt_caplen":658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":658,"pkt_l4_len":624,"pkt":"AAAAAAAAAAEA4e3RCABFAAKEAABAADURN0Wm8LzRKJp\/yAG7wqwCcCVcUXB99WnSuoKachwEOfIRLcH5SoDBLWkZfevrUACnN7x5PTsGjNLlnz8FcsGwdsTw4sDFj8QOEUC+YYCdwI54IJoqGf912S1b1FdDgLvDRmL\/pSi0amJssVMPIjUAMel4Wt0WNkA8mDqDvNPfps3JcCGaeNj\/3yjSa4+t57I8cKV0WXPkpC+phqw2FaZ8OOku61ZS4JU0N\/\/JW4H98K3fnPlqACKrvvSryguBtj7+gm2ah3Q4CNa6JgLfFR86iCy4mtz5Qj71Sk1BsYNVaHXhKdiN9YQINgOeGR11izBn5mrjEbCUi4bTDsgdECcTfckpxC0clgOJq0b0OHxVz8Md9\/\/2fQGqic145ckjz5\/PsMRQ5eciEoF2gSsiCSf5hdimON45Hscfjv47O6FtFnsCpiZlLtgfMHBZU8BBZyxClfh+wTJHrokox5nYwQ9lCP\/smsZCZYV79Y1uselq3t4x0Gmh1ONAZyLenGn0N9uFGO3AniEbMTO\/KRV0HiIhlPcJYQ0I2vm28RBVfvT7Cd0TqRFOwxUCe2n2KBLd6f3jOoCsU6l6IoUDGvjPoKqpsjkOPYRsy\/x0VNRjsTSbbqkMwvzFUu5LTEz4YjqmUS4N8Axgpeq4HHhu8CAhQms\/ToHRf95qsuR8cJCOz8mG2ojiJ5vZ9+Ox1TLpjpyqIsxzVJ8GQAhsr0liZUeALg6A5HwDsClfNYDcTsH95Wt8224fow2h4tBP7Tn5fnepdjI21608U9ge+hMCZafezkCNTq89vMWqtX5wGsIOnGmc+uB0hScqDEMBTtNzsa2W2wrzlB8tsy+Tlvdydg=="}
00440{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598618820,"pkt_ts_usec":984161,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAAAAAAAAAQAMt+PCABFAAA9UXFAAH8Rnhoomn\/IpvC80cKsAbsAKbCuQFVfMtNfKdhjvCDG5lHY2Vep\/b8otkMpD\/Eek8ZQl9VQ"}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_tot_l4_data_len":8012,"flow_min_l4_data_len":34,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test"}
diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out
index 4e83bf3fa..c0fa59f12 100644
--- a/test/results/quic_t51.pcap.out
+++ b/test/results/quic_t51.pcap.out
@@ -1,7 +1,7 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t51.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598620434413,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598620434413,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02219{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620434,"pkt_ts_usec":413428,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598620434413,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}}
+00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1598620434413,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}}
02225{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620434,"pkt_ts_usec":419300,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"}
02226{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620434,"pkt_ts_usec":482713,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"}
02232{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620434,"pkt_ts_usec":530068,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"}
@@ -16,5 +16,5 @@
01703{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620444,"pkt_ts_usec":741690,"pkt_caplen":1003,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1003,"pkt_l4_len":969,"pkt":"AAAAAAAAAAgAH83gCABFAAPdcT9AAH8R2wK744iY0\/eTWtg8AbsDyTLtSv+UFbWwBYYN6efgT9I73SyBwONu481j8\/zASvL+fjCvoR+DcLF\/rAd5QmwWVSD2eyQAFcX6IS6cbXnvHs6nn6J4E9sg0Y7bqGGiAKCBjgoPJPLr8Hf9Z2kD+LsCIMnY7\/gdbSrq4PXzclVr\/jfxzdV3CGE1qoMAMUTfCfjUfHcGb9BZe+dDzKedokSqOQS\/\/z1J6XdaEvwBX0HOgZq5iv6UkaKR6Ry5KuLe2v1krmKzrU72UMF4tHKx6fmHV7RpdezqWVOx4NNJ9XhYGfrYbrCyC\/oNFWzdN5shFLzqXyeFHpUA2nQUNeUi84qFqf+xzDZSDC1RugmjtDtUtiCoQt+bhH0vtnxLtL2k6LwLEKWe2SeS7fsch9ehFKg+Bx7FCf8JFIJg5htDaWJdutmg\/+6kInLorffPRXNQmoIs\/BSaKmr2Gp8v6\/8MxG5KCcwstmJvrjT2xQkIt2Ft3s0S2VSESvrCtFBBOlQZqN7nSBYIAaQ6gvmaLFLcAq+c+QSCCaLs9Cb9lBWmjV\/6VgEiCFbScR+KbCeoBpmpAs1MYEcF1Poo7zFGkZPa7k+cY7ju7YJORt7zMN6EgTsCUtgQQ42FEwOPUzlWWfw4q00kfsDmSUz2ub4AwPGiz6AzDzq\/8IKlnog6yjUpB0LipQiYTMDxyVFSV1KbOJYBC6LqIv5qEycbIlgwCGhyyW+pXXGfxcRnZxVNHK6rHjFfpkzYD0Gz5lEa52Tgplz04DrSHqAcfvpAlA6cCTGCK4VIVA7LHhL7cUu1UqKdNKPwGxtNzHaOErnVjLQB1AkPPjEWW2aJ5tN0TksLyBc+x1QoBKnFlaRHOx98oDiQFdjeh9Quj9OaOQ35DHcWp0EeroeqFtJhYR6fsc5vFKCPge5CQS1VHBOjSnH0Upji1SoligWI\/P\/q919hiaOTgdtmIGoKWkxgucd\/\/6msRaSHQXE5WFr+DESsmittJ3gC\/6M1aRWs5cVag4wnNinz+MEhs\/y90V38kKN8iCPltwiAIV9lmTvkWc3jmY43MHawefBUS2zDcUNDnA32lXUntW\/JSiQSxqwCUzhY59CDs16HJJ2zhWaye42HAcIu\/go2UuXWDDrQSVzP40+kRKKLQZt9HTNCbdiy5CLIFl9QkcvzGRUF2eo4ylCABg6iLJ7SJ537DedAeBDNDGPFftSQWNhjQ7tYaPB9GmJYsST29YvJiYz7S7GmW21+OVn9EirdOPOoNFHZl6yKBlfYD3sUcGnhd1uncf+8eU9ExbIBjXwe5Et6egrdJQ=="}
00430{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620444,"pkt_ts_usec":772415,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"AAAAAAAAAAIA\/tPQCABFAAA1AABAADkRlerT95Nau+OImAG72DwAIUhtTWVlkzIZ1l5MiO32g9qa7cckVPUetSXxvA=="}
01265{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quic_t51.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1598620445,"pkt_ts_usec":18622,"pkt_caplen":682,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":682,"pkt_l4_len":648,"pkt":"AAAAAAAAAAIA\/tPQCABFAAKcAABAADkRk4PT95Nau+OImAG72DwCiLkRRUQ\/6vkZVV\/ROzhbKeoRReCXAsU2A9sjDcWKUpUKE20+JfmKTS5epz37+ogCTB3O0gMCMzVDnFdaJcS6+BN05F\/4JuxKu4G1tpzczS9sm8YNK\/yKXdRv4mVvdoxmRlg3UOh2\/HXmM4zkHZRGDq5gvf1YtAZn9UT7LsL3ba43Q8SnB+rUVySuu7l1RHkrEWg8uyOET5mlnXLlWR9Grc3kARdxeBr1\/WcmPSnvrZSLx1Yubftvk4neBnd4+d5h0uJVaP+xEQf1a8mwYApxdilAfGbuHGI1b3p\/3kL4nnq3IJOuSSNOnomgt9UYIYG6JkTs88ZO0WDXcKQgHSWiD3S5b55ck0VFoMVGi6XvxaS5dDL7irZqR+xUbIGJU+5KmsKgfA7I8vhbhlBInT22prpicg+aHmV2Mfe\/D32ni\/2JKthXhSWWTVnEZBANDcgGYP\/4NUgVhBiqDrAFYNnh4TpROEqCcVxLVLryNrzUeH7QkEbcjWfjgc1iq2O3xKKvNnDVO7PiKnn323eZoAEB9oWFA9G1nVAQC23JJC+CnKPFPChKEXym9Dh4Orny9OuAnT2rnxyfNcQUzTUgHDT2V7VEjBNfPreDUCXxeu5gdY1osBS40zZnHQbiRnLlaoi5GCT3tnzL3T1LFfAUmB7xQ9GiiYxgRwyuSbp3f6GcUujaHRbjguLy26pc3INccugl0f1At7jIrf9EqyuaS7XaakX31gYDzEUt04O8Omx3QUnvBZgydp7VVVYOZXv\/1GYhCscRuXdM5GQHqnPBMCwk9Y4VH2nkD7iDBE4uvSjbXU9u9lIbiPNzYqPtOVbqx\/o\/Bmq+eYkSeas+WHpkMkc3YMCicg=="}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_tot_l4_data_len":551890,"flow_min_l4_data_len":33,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":859,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test"}
diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out
index 165e89328..2e95f1e41 100644
--- a/test/results/quickplay.pcap.out
+++ b/test/results/quickplay.pcap.out
@@ -1,67 +1,67 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1429000030398,"flow_last_seen":0,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":332,"flow_max_l4_data_len":332,"flow_avg_l4_data_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1429000030398,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00831{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000030,"pkt_ts_usec":398627,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1429000030398,"flow_last_seen":0,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":332,"flow_max_l4_data_len":332,"flow_avg_l4_data_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00861{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1429000030398,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
02195{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000030,"pkt_ts_usec":498602,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVSmuUAArQbSWHgcIykKNqn6AFDF7PrHCIFBw4oPUBgIIgJuAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1429000030766,"flow_last_seen":0,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":332,"flow_max_l4_data_len":332,"flow_avg_l4_data_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1429000030766,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00832{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000030,"pkt_ts_usec":766760,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWA50EAAPwaxUgo2qfp4HCMpxe0AUOei8\/4RmPGFUBgAc1zOAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1429000030766,"flow_last_seen":0,"flow_tot_l4_data_len":332,"flow_min_l4_data_len":332,"flow_max_l4_data_len":332,"flow_avg_l4_data_len":332,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00861{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1429000030766,"flow_last_seen":0,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
02195{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000030,"pkt_ts_usec":832282,"pkt_caplen":1380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1380,"pkt_l4_len":1344,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBVReB0AArQYbC3gcIykKNqn6AFDF7RGY8YXnovU2UBgIIvGQAABIVFRQLzEuMSAyMDAgT0sNClNlcnZlcjogQXBhY2hlLUNveW90ZS8xLjENCkxhc3QtTW9kaWZpZWQ6IFR1ZSwgMTQgQXByIDIwMTUgMDc6MTg6NTQgR01UDQpFVGFnOiAiWW1JNE1EQXdNREF3TURBd01EQXdNRk52YkhJPSINCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXJlcXVlc3RlZC13aXRoDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBQT1NULCBHRVQsIE9QVElPTlMsIERFTEVURQ0KWC1DbmVjdGlvbjogY2xvc2UNCkNhY2hlLUNvbnRyb2w6IHB1YmxpYywgbWF4LWFnZT0xMzg2DQpFeHBpcmVzOiBUdWUsIDE0IEFwciAyMDE1IDA4OjUwOjE2IEdNVA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMCBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjtjaGFyc2V0PVVURi04DQpDb250ZW50LUxlbmd0aDogNzg1DQoNCh+LCAAAAAAAAADkV89v0zAYve+vsHrgNFDbgUDcyrpuYoyhtfSCOHxNvqZmjh35x0ap+r9jp2mXNIlbzRwQXCr1+17ynv3s+Hl1QgjpLBBilJ33ZOX+uorSoI2ylY4yUYRKdU63rQwS\/GzSWf5Ar1Ie019oi2+6u6oWGtgFwxS5dq87q3a+2Idcueeq67zXSYHyO1TCyAjLkmS95so0diqvvg53CsvgyTJzD3Qi0JgIuayAmIiA5W3kSaUDWssJJK4VowbKVKXNIcUm1hhVJGmmqeB528TkvIn4HpePQsZu5N+eyq7j3vhU+V5+CDnMGA6lyIbikd8gz\/3R0mBVwhwM07dyY2j3Vbf+jkvkEkeU6RwyB6awDvoEPDHWHg\/up0YeYzywk0VnRudOrtYFYr1zeg4R5uaXbUuchtr4V5V\/xVS5qRxEblIH8YNdR8Y+eFoDbj3ZIMkL4gNHwnBt0f1KZ316pBhOU8hN9sjwYMLYz0WK8dJD3QoI4x2KyLhtDNJH7kcFKpCQgo+7pR\/GemnfPl6IR+VhdhjSBgqjvxJSCunhbgWE8V7TWI0gpczntgPZrdaKC5NwA1JTYAOp1TgT9tejpMASB7aKWvFhiu4QGNXLydSjpMCQRlAgvUiBR76vXzsijHkc0REdgd3XyrceLOzliJJ2YJiKyUJSxtC3GzyQMO4pSIp6ecHtaWgTAXcfOY+OAk4O4beielVRLRmAFYfy8QfnXrLZU3nBE0bVwqOr+6zJSmTPw\/pBMGYDkIj\/OO+PzHcmf4QMOCrf7ngerU6Yb0lCAkw02RDGeu89Fq6FRPClj27rijsplYpQbtM95TbKxttkXs6u9Th+Ix4oVjNzYCLPQBZXiEML\/xiiithq5ibtu690K7C7RtM9ibujqD7447J7UzpvxtTC+T6Mm\/R2Pjazsl391\/3tp2+3xOrWTaa1HPMfeTeZkjHKv9K+3tuzw+65QOa1TmUY2Zz07zlXG3mzaS233eddiY+yrf+u\/D3dDK0zF2LzCntfXv8GAAD\/\/wIMAEf8Fz+FEQAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1429000031075,"flow_last_seen":0,"flow_tot_l4_data_len":322,"flow_min_l4_data_len":322,"flow_max_l4_data_len":322,"flow_avg_l4_data_len":322,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1429000031075,"flow_last_seen":0,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00818{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000031,"pkt_ts_usec":75232,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":358,"pkt_l4_len":322,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAVYEaUAAPwYE2wo2qfp4HAUSgSgAUG4ezi+GqNXzUBgAc8tUAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9ob21lP2FwaUtleT1xd2VydHkmZGV2aWNlPWFuZHJvaWRtb2JpbGUmbG9jYWxlPWVuZyZuZXR3b3JrPVdJRkkmcGFnZU51bWJlcj0xJnBhZ2VTaXplPTUwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiBhcGktc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1429000031075,"flow_last_seen":0,"flow_tot_l4_data_len":322,"flow_min_l4_data_len":322,"flow_max_l4_data_len":322,"flow_avg_l4_data_len":322,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00849{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1429000031075,"flow_last_seen":0,"flow_min_l4_payload_len":302,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":302,"flow_avg_l4_payload_len":302,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/home?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
00495{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000031,"pkt_ts_usec":382971,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":109,"pkt_l4_len":73,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAF1lCkAArQY3FngcBRIKNqn6AFCBKIapX\/duHs9dUBgIImd7AAD+6U1rdHX+8GWHmWHKf1z0+O1Nfp++87\/dVNV0wP\/9v\/+n\/\/6\/AAAA\/\/8CDAD1QSSgppQFAA=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1429000031698,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1429000031698,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00664{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000031,"pkt_ts_usec":698279,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOOYfEAAPwb2VQo2qfqt\/EoWzD0AUOQgUs9KX9ElUBgAc0k5AABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1429000031698,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1429000031698,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
00792{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000032,"pkt_ts_usec":158423,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNiNkAArAa\/H638ShYKNqn6AFDMPUpf0SXkIFOKUBgIIjgwAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogK2R4S1lRRnpNRHhKdjZkUXFVLyt4Yzd1VXVxaHpOK3BWYXpxSzdCUmswUW1oSWIxVEp3YXZ4SDRpUUV1TUVFSDVZdU80TU11R3ErWHlyOGUveHZqV2c9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxMiBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1429000037314,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1429000037314,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00664{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000037,"pkt_ts_usec":314978,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":243,"pkt_l4_len":207,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAONYlEAAPwY2Pgo2qfqt\/EoWzEAAUKq8lHZkd0MeUBg5CHxNAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC40OyBNSSAzVyBNSVVJL1Y2LjQuMi4wLktYRE1JQ0IpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1429000037314,"flow_last_seen":0,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":207,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":207,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1429000037600,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1429000037314,"flow_last_seen":0,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1429000037600,"flow_last_seen":0,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00664{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000037,"pkt_ts_usec":600378,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":241,"pkt_l4_len":205,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAOEBz0AAPwbyFAo2qfp4HBrngf0AUJlyzTdc8IHSUBgAc3meAABHRVQgL2dlbmVyYXRlXzIwNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogY2xpZW50czMuZ29vZ2xlLmNvbQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="}
-00713{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1429000037600,"flow_last_seen":0,"flow_tot_l4_data_len":205,"flow_min_l4_data_len":205,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":205,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1429000037600,"flow_last_seen":0,"flow_min_l4_payload_len":185,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":185,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"clients3.google.com","url":"clients3.google.com\/generate_204","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
00525{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000037,"pkt_ts_usec":659613,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":137,"pkt_l4_len":101,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHlLmEAArQY6l3gcGucKNqn6AFCB\/VzwgdKZcs3wUBgIIqKRAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNClNlcnZlcjogR0ZFLzIuMA0KDQo="}
00794{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000037,"pkt_ts_usec":771704,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUMgAkAArQYAVK38ShYKNqn6AFDMQGR3Qx6qvJUxUBj\/\/2USAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogSENQcUMxYW5HZGxXZUVqMEIwU3F1MHVIQzU2N3BTRzJERlZvSXdHYmRXNFovN1dydjVhM0ZQZEY5V1FIMDUrNFREZVFXV3FiZjA4djA4c1RURE81VWc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoxNyBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
00829{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000039,"pkt_ts_usec":509711,"pkt_caplen":365,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":365,"pkt_l4_len":329,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAV1DA0AAPwaoIgo2qfp4HCMpxewAUEHDig\/6xw2tUBgAhzcPAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3ZpZXMvNjI0MT9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
02028{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000039,"pkt_ts_usec":635657,"pkt_caplen":1247,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1247,"pkt_l4_len":1211,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBM+mvEAArQbS2ngcIykKNqn6AFDF7PrHEyVBw4tEUBgIQyc3AAA5k4rFlCrdYwiPuAJFEwekM3yc3Alim1hlFe+JRrhWUADufFTMN+B+kLv5aTZpkyHGdP\/zFU0RvT+gG0C1SrWa3UWawiXwn2e00tLPa8mrdG+FO\/\/z0fnlJHLKaeikDi8\/ebychARtzR9Dq5yPrfJTcLXMgoNO28C4jih+EkhgI2HKrDNRQPZ4yDlRo\/tVXmWzciad4XBqhnKi7V8PpU0JFTdC32zM6Unu3nCUCj0q6celK7M7IyNE38hkEzdZ5FO0wm02iy+wgfafM\/T1PFSa++tGR0oQnC79Rk0s3HL9ckcTxUOqMcLv2y+kZLVeq51WjusV+skCxX8jaRYpqlE9aVQqp89QfIbKw4dSIUcSv97324t8vMVJyekjuSWUjqu1dRq+GPFYuVuz7B6rlcpBbn+ZCbfpo\/SyE2sjxxWU2fWU9do+alsuaQ59H\/rPs+n78ElT+PtQX6su78MkW7Heh0OSqB7z1Ds5YpX7ktT3PiySdLrKpv8nhwtpBFXvIi7rPed2Da8MXtdrR5o6rxfkiA1l49LEuejj4SFKMeZNs2+RpdA6Tfh8evCfWHrTSKF1RHeVItLfv1mBNswT56sTeyjZ6nxFbab9Akq+AkBVD+3hD44Law7nfBjUKo165egoQkcCBQ9RpBr7lRr+HV6BwuBCjtFcqEH79mu\/eXl9+3WwOjDodpr93+86g87Xy5vr3tWgNqgMbvp3\/UHt6OzkeBTZwcnpUb16Vjv49K1zuTc5P2vXm83WxUnnon7SaB53W0j9rUa7c1qvthonrcrZUbNVP2p0O2fd01qj1bjoAFavXDRbx51mrVrdzk+RQYcN1y4LUO04Vw6oLfrBnYcClJ3jaQvK36GdC5OR5m6\/epQ7SG0dquwTolZZI4yROB1ZuyoZjNYLbg6TlpujRr7aTKVv1+g8q+pZTEqndlCtn9RPj44bnbNcB1As02hdnLw0GXttEiYD+ZksSoZTm3\/5WFIw4kZORR8NJpn2MLvwW\/bd4Dwx4V66dO2fU4Oxl3POea2yl7wGnP9SO01n+F\/XxvFff6md7aUDNAHRXdFaJsSyKQfdCBhgQmhi6pXD2CWJ4D4NwUdoaYQxza2puHyb2D5x7PRy8BzsoZ136evUi9oVChMi77nnrXdOjALMbtzbGpPwS+9QT0PGBsBufC+0F9NjH3\/xESxlXozaUQIarIp4b9jfjeslqPcm6IMKOiZ6K9iAeRvmdhvuL4F2Y3+llcL0qdfnnSz7Isyu3DF3F3UtGwG78b1GVosotYVFjVkxajcJPlMxwzypiq4agZDnNuJ2EwETmcOM3DTO9uhJqCgCV1hGYEi0Eb+jRLGlB8AiOTYiduN8JzgN0\/3vBbxXGPYiaEf2OuCYKouYb0Tsxrnnya7scqRzWxSJgO13JdsM3E2K13wv8da8v3NDT7odermlN8ygOCms4Oxn+N2Esp4cydFP3fIT2AYZNowQaWP41l+svLVtxqZawLX1bsXq31FRO\/iJRzwU9u1vqBsXJcQ+H3OlX3LDblynhWX5M0YV\/orGNxNxHzJLq2+NR1q75VfYDx8e\/gcAAP\/\/AgwAv12nFNYeAAA="}
00977{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000039,"pkt_ts_usec":809180,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":476,"pkt_l4_len":440,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAcw50kAAPwaw5Ao2qfp4HCMpxe0AUOei9TYRmPaxUBgAh2m5AABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9tb3JlTGlrZVRoaXM\/YXBpS2V5PXF3ZXJ0eSZjb250ZW50UmF0aW5nPTIwJmRldmljZT1hbmRyb2lkbW9iaWxlJmdlbnJlPSUyOFRocmlsbGVyK0FjdGlvbkFkdmVudHVyZSslMjkmbGFuZ3VhZ2U9JTI4ZW5nKyUyOSZsb2NhbGU9ZW5nJm5ldHdvcms9V0lGSSZwYWdlTnVtYmVyPTEmcGFnZVNpemU9NTAmcmVzb3VyY2VJZD02MjQxJnJlc291cmNlVHlwZT1tb3ZpZSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
02317{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000040,"pkt_ts_usec":59760,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBeEUAArQYatXgcIykKNqn6AFDF7RGZGM7novbaUBAIQ1ThAABk2CBKNJOKigwjxQ0gHnqAoghTiXzMwQTIWIoVQZIAuSxqjFc9jw9UKKbf5EXln41E52\/R2386aldE2maSNcbNpl6q60u4b0zSrvrsyuQyn47D+xbLG3\/oIBLevIjV4dL5RzSaMn1vWM9mybKiIBrV38dD49xfx3CdMLmnk+jmXaJjyfCc5cNFchxPJqeq67tE1zerCbJ9IqqPSEPQaOd\/n6+mK38gKmEUvVb+3++KVqflozYtQsnAcswWJQMso5R+QVQqoCXaUmgVRgE6BTBsKZ2JgQGYIUSwNRxKxDU32GQGSYsUJN6H1yjWRkpG4IGm5sKGNJuN3winTwbtjKavz7E1fXVt+faNpZcuEEBV4+6j7aY81i72huP7vPnsKncTDe++KAGHHuV3day2rf268pDhr+l+EXcDSs8\/RSum+Hqr6joacPfyJh8nl4vvpBj3CH\/d+iY00b3zrk4xDYH3ITYT34CBNwggupkKDI9Y\/8Rj3qPuzUbpNY4y8CSVKVSqPL5pY42yUFtDqbaKEsaYlTKjGIEU+g85VkBYZIxQDFuNlJGExGoVztChRo7HjXNV0s7Da1Ztj3XPh+2KdlvNsop3cFPwuLaIe2d7LUIDabcIkBRJt0WW+a2LWmz3oKXsrev0Js933iV6nUd2m\/RmTV3tGrq82qPrxpU+clwufyyoLoJK6dVVEauZad9N5q7JA6OvKSIywhfJ+bsktPyL1k\/wfV0l\/SA5FOmh7efFbZ5c5oU3ShHrgR7pjyqf3F2tbwgfgitwmQcplcfwl6QEgTXWIHoe\/h53jekM2qLjI9zO4HHQVjllTCBnXyJgrAQEGQJcGGhBlgIP\/BikBgkDUsAZDXp4UDGDhcSYAmSBRCRLKbYSZvFEiWBGD5QlflEHZcjz66RTe9Cbzd\/iHnxn7K4+wvZTba9LtLao+\/YUZFP465oltq5GkUiAx\/lVU\/gY7Pe0qXw1V95M6llyNi89kMcy7aIKlJW8Gjb1dSQgP8mbT26RBD6RixQRn5fFpyJP9B\/FVaQ6gG6IuZuR90gmeTWPhONt74nkIR3cr+fTqf9bLEWn\/eRatuUqyXy0LoJ4CHD+yn6xB9C17PYKvF+ctzr9wbkddM4HXeMxvTN4HLlNjjsl7JvErfKATgWR1ABLCYLahGZ9ShCdCUw0opRmjKZcQ2KwpUgGrNc6tUwLLuNJ3JIDBXjt3F0iy\/myM\/T22P582K6wvtUsa4i+qWxgbRH3TmX6V4i29sfetk+T93ksQG+3E1XXZfI+VqQ5\/PvclQE\/zoanrvocq9X4vyZV3\/PWtQy03dtlsiRWruRfpHgXugcHpcxZeIIjkR4WeZlc1KPdudTbZOxdVS0C0cw\/Zz8QfRXRU5CtJerT54iujbkYyPYHM+gZMXgctB0JDKbZVxKYtET7WJ8oaQW1HHIiSKoZVUgzD\/OWQWiZVWkQtuOSQAMEE1ZzbAGi2sTq5MgQhocJ52HrWIe862m1lJnrFlP3hjrA7w\/fFd7fNNtahn9TU961xd17h5WvPbxleCSigpfKi1g4f5w3i+S8HEUTy10G7Sf5zJuqWOSnQHDzVn4UafqgKVwHdvqs8CAfC9vf11N396WG6ee2+7R7L5fXrqdubvxjaxsXV4z\/4Q2p78bL3hTlQQryP0uSUwhJ+lqSXIvu6eB0qXM46LZ6pvfYLWY5eOtkOfmi3w9ZKiymFhvBLLecKooQsNpqSgGAzFiqMoA5NtwCTDg0BlCqsQEcp0RFrAY6UOy1eVBf3h5sH4\/fFV1fHr4WNW\/S01pfsH9TtvWD3kddxwM8XVd54KHNZ97weasXCS\/M5Mot2X\/eq59F6k\/6oBB27K+hLq+LKpKIgCmLfJqc1g=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1429000041481,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1429000041481,"flow_last_seen":0,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00656{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000041,"pkt_ts_usec":481085,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":237,"pkt_l4_len":201,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAN24s0AAQAZp+Qo2qfofDUQxrvkAUHO25ZtSV776UBgBtoUeAABHRVQgL21vYmlsZS9zdGF0dXMucGhwIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBEYWx2aWsvMS42LjAgKExpbnV4OyBVOyBBbmRyb2lkIDQuNC4yOyBHVC1JOTUwNSBCdWlsZC9LT1Q0OUgpDQpIb3N0OiB3d3cuZmFjZWJvb2suY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0K"}
-00708{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1429000041481,"flow_last_seen":0,"flow_tot_l4_data_len":201,"flow_min_l4_data_len":201,"flow_max_l4_data_len":201,"flow_avg_l4_data_len":201,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}}
+00720{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1429000041481,"flow_last_seen":0,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":181,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.facebook.com","url":"www.facebook.com\/mobile\/status.php","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; GT-I9505 Build\/KOT49H)"}}
00792{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000041,"pkt_ts_usec":819556,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":339,"pkt_l4_len":303,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAUNnpEAArQZNhh8NRDEKNqn6AFCu+VJXvvpztuZQUBgIIrdJAABIVFRQLzEuMSAyMDQgTm8gQ29udGVudA0KQ2FjaGUtQ29udHJvbDogcHJpdmF0ZSwgbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUNCkVkZ2UtY29udHJvbDogY2FjaGUtbWF4YWdlPTI4ZA0KWC1GQi1EZWJ1ZzogajRyR1VwRDFrR0J2VWIvajBNRVhMMnlyRzg0NlVLcDBDV2hLNFFWcTB4K0hLUDR5UVIxR09sVWtXUFkvRGJKNnNKU1pTSWdIdGF1L04xQjF2cTNteXc9PQ0KRGF0ZTogVHVlLCAxNCBBcHIgMjAxNSAwODoyNzoyMSBHTVQNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1429000048159,"flow_last_seen":0,"flow_tot_l4_data_len":507,"flow_min_l4_data_len":507,"flow_max_l4_data_len":507,"flow_avg_l4_data_len":507,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1429000048159,"flow_last_seen":0,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01066{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000048,"pkt_ts_usec":159796,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGUAAPwYfWgo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
-01049{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1429000048159,"flow_last_seen":0,"flow_tot_l4_data_len":507,"flow_min_l4_data_len":507,"flow_max_l4_data_len":507,"flow_avg_l4_data_len":507,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01061{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1429000048159,"flow_last_seen":0,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":487,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":487,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"play-singtelhawk.quickplay.com","url":"play-singtelhawk.quickplay.com\/vstb\/playlist_5_6241_357.m3u8?action=145&appId=5006&carrierId=23&appVersion=1.0&contentId=6241&contentTypeId=3&deviceName=androidmobile&encodingId=357&drmId=4&drmVersion=1.5&delivery=5&prefLanguage=eng&webvtt=true&userid=09154974536&vstbtype=streaming","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
01066{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000048,"pkt_ts_usec":647467,"pkt_caplen":543,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":543,"pkt_l4_len":507,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAg\/pGkAAPwYfWQo2qfp4HAUprOAAUG\/tOAJjh+GeUBg5CMy9AABHRVQgL3ZzdGIvcGxheWxpc3RfNV82MjQxXzM1Ny5tM3U4P2FjdGlvbj0xNDUmYXBwSWQ9NTAwNiZjYXJyaWVySWQ9MjMmYXBwVmVyc2lvbj0xLjAmY29udGVudElkPTYyNDEmY29udGVudFR5cGVJZD0zJmRldmljZU5hbWU9YW5kcm9pZG1vYmlsZSZlbmNvZGluZ0lkPTM1NyZkcm1JZD00JmRybVZlcnNpb249MS41JmRlbGl2ZXJ5PTUmcHJlZkxhbmd1YWdlPWVuZyZ3ZWJ2dHQ9dHJ1ZSZ1c2VyaWQ9MDkxNTQ5NzQ1MzYmdnN0YnR5cGU9c3RyZWFtaW5nIEhUVFAvMS4xDQpIb3N0OiBwbGF5LXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
01983{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000048,"pkt_ts_usec":795905,"pkt_caplen":1225,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1225,"pkt_l4_len":1189,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBLkvDEAArAZpoXgcBSkKNqn6AFCs4GOH5p5v7TnpUBj\/\/xfxAABfMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfU1RWMjBSMTkyLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9NDQ1MmM4NzAxMzM0YjUwMzg1ZGQxMjA0N2RjZjY2NmIKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD0zNTgwOTMKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWMjUwUjI0MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFYyNTBSMjQwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTVjNmMyY2MzYjk1Y2FiMzhkN2Y2NzgxMWQzOWZkZmEKI0VYVC1YLVNUUkVBTS1JTkY6UFJPR1JBTS1JRD0xLEJBTkRXSURUSD00NTMyNjEKaHR0cDovL3ZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1kNzg4ZWRhZWY4ZDI0ZWQ0M2YyZTFiM2YwMWE2ZmI0NgojRVhULVgtU1RSRUFNLUlORjpQUk9HUkFNLUlEPTEsQkFORFdJRFRIPTY4OTU1MwpodHRwOi8vdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20vc2VnL3ZvbDEvcy9XYXJuZXIvcXBtZXp6aGF3a2RpZ2l0YWxjb250YWdpb24yMDU0MDMzZmVhdHVyZWVuZ2xpc2gyMGx0cnQyMzk3NmZwczc4MzQxOTIvMjAxNS0wMi0wMi9TVFY1MTBSMzYwL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjUxMFIzNjAtaW5kZXgubTN1OD9lPTE0Mjg5OTk2OTkmaD1hMWI3ZDFmNTY3NzYxMDNkNTU4OTU2YWQwYWY2YTU2Mw=="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1429000049060,"flow_last_seen":0,"flow_tot_l4_data_len":547,"flow_min_l4_data_len":547,"flow_max_l4_data_len":547,"flow_avg_l4_data_len":547,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1429000049060,"flow_last_seen":0,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01119{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000049,"pkt_ts_usec":60584,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":583,"pkt_l4_len":547,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjfkbUAAPwYF3wo2qfp4HCMoyycAUPhJNRwVgNsjUBgBybAbAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi1pbmRleC5tM3U4P2U9MTQyODk5OTY5OSZoPTgzZGEwNzg3NTkwYTdhNDUwMTYzYmJkN2E2Zjk3NGNhIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01063{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1429000049060,"flow_last_seen":0,"flow_tot_l4_data_len":547,"flow_min_l4_data_len":547,"flow_max_l4_data_len":547,"flow_avg_l4_data_len":547,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01075{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1429000049060,"flow_last_seen":0,"flow_min_l4_payload_len":527,"flow_max_l4_payload_len":527,"flow_tot_l4_payload_len":527,"flow_avg_l4_payload_len":527,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-index.m3u8?e=1428999699&h=83da0787590a7a450163bbd7a6f974ca","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
01008{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000049,"pkt_ts_usec":272192,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTkfkAAPwYGIQo2qfp4HCMoyycAUPhJNysVgOaYUBgDEEglAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1429000050062,"flow_last_seen":0,"flow_tot_l4_data_len":560,"flow_min_l4_data_len":560,"flow_max_l4_data_len":560,"flow_avg_l4_data_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1429000050062,"flow_last_seen":0,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01141{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000050,"pkt_ts_usec":62079,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZkAAPwZ8rwo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1429000050062,"flow_last_seen":0,"flow_tot_l4_data_len":560,"flow_min_l4_data_len":560,"flow_max_l4_data_len":560,"flow_avg_l4_data_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1429000050062,"flow_last_seen":0,"flow_min_l4_payload_len":540,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":540,"flow_avg_l4_payload_len":540,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmsnssync","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
01896{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000051,"pkt_ts_usec":331885,"pkt_caplen":1152,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1152,"pkt_l4_len":1116,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHAsp0AArAZOUHgcIygKNqn6AFDLJxWDzlj4STjnUBgIQ33VAAByqbIRKSnXO3n7wDbsfUk8e6VuWplgy2s+dhRInKblJDspkbYpMraIC2G\/R+GUD+2cHzU1WK917CgXy1UuWGNRG3nVdbmkpW6gXyTrK\/GWE44kpRkGnzPXCIHXPX744dGFJMegxO0qTCK1Fo6i3uEpacGLcKMMoyNpcaQHAYLI622xbJ8B36qbIZZWruxvDu7KIDG5e3mPu31z9S2QcHaVE4BE1tKVMaRT4CoWi1PkV85kYTw7+lXQj9CaQqhbKReGPL\/tcLMkyzZwE6IHJUK26PQvKyhEuU6GAQ+r9LcupqVlcd+NUyod+WhKMRAmSJil\/BRUsIdoudcrCIqRJzR5jVUoqyj\/ptMT5SVgA5N26bnxszCob1V6PGoSqrFbXGqUSFChkbSJKFRTCvxPDJYyRcjsMaoU12chr9o101HtsZqTm8Y5QbIAN7B8AVumqqy0fH9lTC67oIzCP4XCUFPOzmsTGixU55n8PiHFsO9k6FHgmL2Qpx9XZ7LZZq6kKLQZ6YEj4wSZ17X4PtdheB86DsQcq8hTQKwZ50xFXAuqOJAfjJ3Fwvpkhy0irBq+moIpZIUyDIXip19wI5TntRdQ6klOXxoMR4h+rkQF9NIWAZsF4N+T7NhEDH0IhJ+7C8yW\/XKrXV2QuHcZeah99tklt\/1RoCV3tlE3iI+9KsShs\/QYEoI2GuydlkjMnZTY8FZqf7NGoRzmtcyCTcSq7ihdZ8emY8+Em76YXV5DqpjEXAEAd6Ihi3wXtxe47OSDIzuYkFbw07vSe8r5pw+O8CvCFNmM+\/R5XtTzDC6jpCkjK2Ks4K8eO1sR7xVxwgkYKLOtWeJvnPFsHRpwPxtVG35fKrArPruPuT5oZOx\/pQJT9cFmcAl3RKKARXXxajyJ2qH50U92ABd9K3dq1HyFHG2aoh8ZR\/WT1vs31Bm0M7ATJhQL2l2m4hoGBonCWxZz758eNTp\/kC\/zRYgzH6m74xpGj038MxNX4to5jr+JtrVTP6loTNL8hf21+Z1vRJ8TKNwrI0CwNIptRF429nB7n+Pl6NrVJTHjMQt5IoQZRVlFDepGzD3fSDZZ4GjFo43mYzPMjWk0+FMIfnOvn6Gn8nXWwKtX1oF2fKKInSceON8GTZBwiFeJbBUg69aGCibPn5BkMxekscJXDNFdCB2xNetElbFYP+YoyUHk8ZsDR\/PLX1ywopxm9Q\/Py6arJrU3L+8wIopRGPUBVivuDfLh0pGSoWdpGKSTKIBICVrgSbSPdIgZjbfO0v4LLFX+kYV8QKziGFA\/WUp+nU5eMYE6UsEvLHeSktqvq0aUc+dVpxaKqVHlN+ect0oR9LY9MKkAeQsdVq1CuWDxS+xrJyD\/Uu+pp1IZey306exBm3ut4YWy7OXTRL0TOwdk6mtjCmzQzJRmtiRCxM7bjXgmi1lSWiwmYs4+DuYZWGKvtZHnnKOVsVmU8qj1T9ly"}
01142{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000051,"pkt_ts_usec":366980,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":596,"pkt_l4_len":560,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAkSlZ0AAPwZ8rgo2qfrLzZeg1mMAUMsBdKl7s0qnUBgAbhITAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1zbnNzeW5jIEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMjc1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGtleHRzaG9ydC53ZWl4aW4ucXEuY29tDQpVc2VyLUFnZW50OiBNaWNyb01lc3NlbmdlciBDbGllbnQNCg0KjV8mAQBBVSvQfd8CEAIXSGRsPmwM34SDANYBswPsAcTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYedk0uwBKYCKwk1caV589saz0xALfFf\/iYFlFx1AxUdy484YNnqVDF8K+kVH3f2c9yoInZasFWfv137RkUwmCH+br0dsm2pY5PlW8IbHQGBJKkdj6f6t1lujHjoakqif1dkWjRkTjcDfsFtBglw4jP18zIVy+uqXK+1IUwvsPz80+hSVjN5hP25Llmt\/ESe34eB\/LJMU4AkN\/2f0FWCACM2tXWSzYfJGQOBiLS2DO0iM0="}
01008{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000051,"pkt_ts_usec":518927,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeTlCkAAPwYFlQo2qfp4HCMoyycAUPhJOOcVg9KgUBgv1yyXAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDAyLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
00540{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000052,"pkt_ts_usec":145575,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":145,"pkt_l4_len":109,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAIFK0UAArQZq68vNl6AKNqn6AFDWY3uzUB\/LAXbFUBgIIl2QAADLSVkFxdhO01jGkqqir\/4Pe\/qItPtTf6ajYud7yQvoMcf18CvkFV3iH59UBVcusMzzLrB7pfuUH4Sme9ekIxa0n3Xkcqj9Zb8GTsGgT4pSgGI1jIGtnmYZvw=="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1429000052217,"flow_last_seen":0,"flow_tot_l4_data_len":464,"flow_min_l4_data_len":464,"flow_max_l4_data_len":464,"flow_avg_l4_data_len":464,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1429000052217,"flow_last_seen":0,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01009{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000052,"pkt_ts_usec":217627,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjSUAAPwaHVgo2qfp4HCMoyykAUHABsefLT2i4UBgBySAFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIwLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
-01013{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1429000052217,"flow_last_seen":0,"flow_tot_l4_data_len":464,"flow_min_l4_data_len":464,"flow_max_l4_data_len":464,"flow_avg_l4_data_len":464,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1429000052348,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+01025{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1429000052217,"flow_last_seen":0,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":444,"flow_tot_l4_payload_len":444,"flow_avg_l4_payload_len":444,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV80R192\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV80R192-0020.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1429000052348,"flow_last_seen":0,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00849{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000052,"pkt_ts_usec":348029,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":380,"pkt_l4_len":344,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWw6SUAAPwb+3wo2qfrLzYFlpwkAUDA+6IKRcovGUBgAblluAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vbW1iYXRjaGVtb2ppZG93bmxvYWQgSFRUUC8xLjENCkFjY2VwdDogKi8qDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogY2xvc2UNCkNvbnRlbnQtTGVuZ3RoOiA0OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCoZfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwC5BQICxN0BAmqbBe97kd9DUUv3xZ4Sxtk="}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1429000052348,"flow_last_seen":0,"flow_tot_l4_data_len":344,"flow_min_l4_data_len":344,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":344,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1429000052350,"flow_last_seen":0,"flow_tot_l4_data_len":425,"flow_min_l4_data_len":425,"flow_max_l4_data_len":425,"flow_avg_l4_data_len":425,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1429000052348,"flow_last_seen":0,"flow_min_l4_payload_len":324,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":324,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/mmbatchemojidownload","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1429000052350,"flow_last_seen":0,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00959{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000052,"pkt_ts_usec":350287,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":461,"pkt_l4_len":425,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAb2qTEAAPwZ4UAo2qfrLzZeg1mUAUE+SeI3XHwqaUBgAbsqdAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vZ2V0Y29udGFjdGxhYmVsbGlzdCBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDEzMA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNColfJgEAQVUr0H3fAhACF0hkbD5sDN+EgwD\/BNABUsTdAQKE1XHhkgwTYJ\/4C3eKbQVsdC1Dk55XBGM8iLIuJNxQ2mKDGCiEu7hKfZxRSGMz97qFq2jItoGcPUyJfVpIIUYeQoz6VrtJH00pu+gvbU58lmESj2o4D7TnERbmXXALCqM="}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1429000052350,"flow_last_seen":0,"flow_tot_l4_data_len":425,"flow_min_l4_data_len":425,"flow_max_l4_data_len":425,"flow_avg_l4_data_len":425,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1429000052350,"flow_last_seen":0,"flow_min_l4_payload_len":405,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":405,"flow_avg_l4_payload_len":405,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/getcontactlabellist","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
00689{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000052,"pkt_ts_usec":688483,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPWIBEAArAZEf8vNgWUKNqn6AFCnCZFyi8YwPunGUBgIIppgAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwC5BQwMAADES8+zVe2SBL6tUVxA2Vh6"}
00690{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000053,"pkt_ts_usec":611792,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYEAArQar6MvNl6AKNqn6AFDWZdcfCppPknoiUBgIIrzYAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
02320{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000054,"pkt_ts_usec":555518,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBrnEAArQYNK3gcIygKNqn6AFDLKctRyGZwAbOjUBAIIjnpAAC6eiaRjUv\/RPkOH82F5WosK669TTY41gIXUb5TM31DDCidAN9BA2XuM3HL8T4H8RaooiwzYVX\/NyYQvgJwozgBs+HWQERJo3j\/tFsg+NsbehQ2yqZ0ni5IF772nmOTUjjTqhvSyTYKL8LPX7\/SbJuUeesyVlCo1rcZrFyvobivL2QselZVKbZT9oXnVrTBXz9SgWOBGQjqM+6MYkHQqsKJwKvUzEiyfqsG7Y5ib\/HG3Cr61CWCOUzckjCo4x7\/2FXuS4bbTxyKoEXBeNcTCujBm4BW7TCl6yaZq2WXxGG4hvRF0Be\/m5kDX7D2ritov06P2eBHlozi8poVm+8iR+ps7ttJSDR9cRtIoZ6CzGQuMlpslQH3eGbKiA+TieQa5VKgPmn67A5ZHz6oVTfujJs8WKbjDDZ9Q0iRvNel4W1E1K\/\/zSVXoGcUMXf+jhnQwZpcpi1EdAnR+40BHozU+RTudhZL4Gple7Zf9xhKfQFyWOsUn76k3fkX1zxQlXwkMtX73RmtTyaB3L2pN7AlVM\/\/nWHu7EuLuT9DL9C5g0C9ndUmqL7NBsK0kAZZ78eDPfrNcCw\/ZFw2bNcbUFc\/DZYsLjg+otfm91LhV9Jp43mlKbIVnnDPmIDKMqjiCMwbTaSaZixrFny1uf5O00Y6dqEgtz9Pli4PyDpRhyoCvJu+i4H+d88Uaw2rkO46JoXyB7A5p5OjjhlkqrGyi1CwU0deobjNdyyDdV8jJ\/Pi9n3PsmZZgmuJXbUr3Wj33YeDG\/0Oj+2II0vRU4R2CMhv6eJcxCNdiNxlxN6WMj7SN4Xwx9cQTGloH0v9P+ZbhisAixQQx+c7VnS53a6eMHAGjtfp5Vfl\/a+fbz\/SS6+0wsbw43YigcJZdKwu\/J+7R2Vsvwwp\/\/0VJXCclXCvQKK9ZgSyMjcZXFFdVBYQ9ynX2PKUJbCiQo0ZSacbctiB0eo38ldIKG1HQXiG+IvrS8x51f+MHkxe\/Qz6gFVONzxqGI2AuPK799Gz1u48EzIlwqf+hfJ5+80+67LPm7OKnX\/+Hglw20t2bXScSU\/7a\/No7LXMZaiPPFjItOLkydDIZdblKbD9VzRcriDGIikYRE2vOO7ef0bABx9ekxq7Y6qOz8wz2bfi82kKdO6ZKos8mJ6Z5zMskbhz5TARjuFwb\/y0CNvNRI3ZzaCcWvcSerQm6YI5Qkh9hi+UFoCigmvOa40ltrSAgZJLwEzoigbbL\/Fux90aNws71lhYIk5rLapLHllGTYci4NeZq+lysN0NJeGSVgJjhywSjEcv98KS01SOoGP+L8hkrHHDndozayAIZx7KNatPdBhHierZx9hk7YaR2QyAaOf\/KGZ26mtXJD+fZ9qzzRf7VPOJIXRan6Mvh2X5ksvc+d2E+xpW4ZS3heqwr3GFyseSzu+SItPTkyOePTh5SBKlnurq4GBXzKzTiVp1gCObUjjb361kLXFDG8pv8RFHz9T71D1Nc2wSTzFugnvV1UNFiSfCUv5Hf3vreasQSxEc5M2HufON7Ls2Sq1av0HxiKW3cr3g1hTf6isQpBvLi2kzfVTuUfjZ4NfuituEBPk76dM0NGhwCE37DhDWyEA0CskC\/3LGpzpkwJVXZJneb4tZ6ZUUp9Tq8jwnKJrc9Xm0\/K+NOqhD9cfXeA0wPmIBqb\/50HOtK0ivaxJQrriFNfYzXGvwDWExqj3032B+UnoRZ9sdl+HDci1tJl2ZYTWQ\/jnW4QU+eyZsftpA1fidaKNXFUm98r6LCSgwEpKQko1ga3+vGDjVtQbFJqqZZSUhMiGE7JxSiWQR6m1VFOyrIP\/NGSlhQwEVU0AVlSc0flRUDOO1ef3Q8CCp+aj8TUh3wwIIfQUflA=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1429000054595,"flow_last_seen":0,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":580,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":580,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1429000054595,"flow_last_seen":0,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01170{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000054,"pkt_ts_usec":595190,"pkt_caplen":616,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":616,"pkt_l4_len":580,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAljROkAAPwZnAgo2qfrLzYFlpwoAUAw7AlWKyQifUBgAbo2ZAABQT1NUIGh0dHA6Ly9oa2V4dHNob3J0LndlaXhpbi5xcS5jb20vY2dpLWJpbi9taWNyb21zZy1iaW4vYW5kcm9pZGdjbXJlZyBIVFRQLzEuMQ0KQWNjZXB0OiAqLyoNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1MZW5ndGg6IDI5MQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0NCkhvc3Q6IGhrZXh0c2hvcnQud2VpeGluLnFxLmNvbQ0KVXNlci1BZ2VudDogTWljcm9NZXNzZW5nZXIgQ2xpZW50DQoNCo1fJgEAQVUr0H3fAhACF0hkbD5sDN+EgwDvBPUC9wHE3QEChNVx4ZIME2Cf+At3im0FbHQtQ5OeVwRjPIiyLiTcUNpigxgohLu4Sn2cUUhjM\/e6hatoyLaBnD1MiX1aSCFGHqc7sd1LbQ4Ji50\/nmut+cRtfu64v\/XpBgMs3P9k27B87PKWuZeRn0c7PoUNWA2a8JliIiEG\/iNlGYYh7Jh9YEWG\/gDJeOxQbfTuL3jKYttVpQbSW5W7M23rsRNXzMxlPjm7V+eiXogw4ZTrI0SYQBetGJTy4I9tf1xmHMyE6HsFYIlHFXzsGgJQf7uh78Qo0Kz+t0syWOECVQvp3s423G3nllPk9jmdcOLrj5HgsV0zUjYpYNBzzWvoRGUwiRoLkw=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1429000054595,"flow_last_seen":0,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":580,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":580,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1429000054595,"flow_last_seen":0,"flow_min_l4_payload_len":560,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":560,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkextshort.weixin.qq.com","url":"hkextshort.weixin.qq.comhttp:\/\/hkextshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/androidgcmreg","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
01010{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000054,"pkt_ts_usec":688452,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":500,"pkt_l4_len":464,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeRjvEAAPwaG4wo2qfp4HCMoyykAUHABs6PLUc5cUBgk\/ZRuAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWODBSMTkyL3FwbWV6ei1IYXdrX0RpZ2l0YWxfQ09OVEFHSU9OXzIwNTQwMzNfRkVBVFVSRV9FTkdMSVNIXzJfMF9MVFJUXzIzOTc2ZnBzXzc4MzQxOTIubTJ0X1NUVjgwUjE5Mi0wMDIxLnRzIEhUVFAvMS4xDQpIb3N0OiB2b2Qtc2luZ3RlbGhhd2sucXVpY2twbGF5LmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDQuNC40OyBNSSAzVyBCdWlsZC9LVFU4NFApIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIFZlcnNpb24vNC4wIENocm9tZS8zMy4wLjAuMCBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KDQo="}
00691{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000054,"pkt_ts_usec":967566,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUEEkAArQbHccvNgWUKNqn6AFCnCorJCJ8MOwSFUBgII8UCAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDvBAYGAAAXudj2eCNNjv4Uv\/n42\/lx"}
00690{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000055,"pkt_ts_usec":158240,"pkt_caplen":261,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":261,"pkt_l4_len":225,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPUJYkAArAas5svNl6AKNqn6AFDWZdcfCppPknoiUBkIIrzXAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ3DQoNCn5fAAAAAFUr0H3fAhACF0hkbD5sDN+EgwD\/BAgIAACTADJ0e1hwz8xBqPPud44t"}
@@ -77,37 +77,37 @@
01014{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000065,"pkt_ts_usec":288824,"pkt_caplen":504,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":504,"pkt_l4_len":468,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAehl2UAAPwaEwgo2qfp4HCMoyykAUHABvxDLXp4TUBhgH+GsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvVFZYVjMyMFIyNDAvcXBtZXp6LUhhd2tfRGlnaXRhbF9DT05UQUdJT05fMjA1NDAzM19GRUFUVVJFX0VOR0xJU0hfMl8wX0xUUlRfMjM5NzZmcHNfNzgzNDE5Mi5tMnRfVFZYVjMyMFIyNDAtMDAyMy50cyBIVFRQLzEuMQ0KSG9zdDogdm9kLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
02056{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000067,"pkt_ts_usec":456183,"pkt_caplen":1268,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1268,"pkt_l4_len":1232,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBORvoEAArQYJ43gcIygKNqn6AFDLKctmcwtwAcDQUBgIHbLGAAAzrZwe2jLl5myBZes+LkW6E8ZkkwElpSl2uVG8PTz4MnutAvmbcP2G9EPTEMQhRXdJfTPFHPw6SAEAYgzuN1i2hkD4mMciG0q871nue6dsblhSyA4M5Mq4es2z2uqkUqnQXKJpEnGHDdhB6ZL6N\/5ioC2od5tDXti10hDqPmnnc\/USwmTN9KCKYAv+pa6YBUq6WVapRBQ6IYZLNrjtv8N8gT95Etz+SEzucaoM\/3GPNys5sog\/bDQhV42Mf4j4HEpkMvH+viQF1+iz0Dp4kveCXsoHBQx3gkSRxyrf25XjCS3NlxQMxh8b+BF2aHM75ezSsKv7h8hrf4pnAOrUTmQK2X\/sZM86ied9Q\/rJ4X39I5HcFoP07dTtGXZkCMIP2JbUwSh\/+76i+SsrjppIfgz7AMitMHijzG4dqBEClfO2s5gpPMIaaxW0UdUFer6qYZ6XF1mf2lLP0tAcYhwHA63A0DVZYWwgB4NjE0TIIDRXoF7Yv682y+MXgKcqsOJVbvu7VmQOl+VKydKAf3RBDcNvaXLMU66HmAoIrDgYul\/irpKmvwBBGQJv1Qe36VmEO72c\/z0orWp7FRA1mnUiG2wXTax9zHijUvYSJPdZ6jgc3cd0KnoPjPmjKnq3J4DMVJS2OUBeehDnnCgCLjInDB9hdtw7Gt\/nrp3uSETiMQ\/4ZJSQ3SWSzNsYupjFH4BNlbwwCQQzlIwQk44AF4nOLzHzPHzCbIcXOlSL3nqwHONqwBf35AX8uj04Ao53WrLUqwrXRgI1WL2vgXBZNrXpnjgqJKyMOAML2GQYUChXvskjDSFOFrxSAbDYPezdqIqHbZcss5YMW2k3X10YufK2elLRaoBZWAMclFc9GlDHtIhirVSE6NhQZd8nUlCDJIPR\/kavyphXH2FA7qmsZwUUNoEoWtfaF10W332XReBRsB4bQ9c3N6YPAjoNPyT4h47aI\/qSgbXka4y9acntGnph3+Sj14X5oWAZvMvT1g6IVPGqA3RjB4IpketiFoZk3ga5oXOonHCTX90UOHIZQXUDezzZy34Q8I2wPcqSOCgSgXimmlhymg4MQQhY1AWsw+bmYl15Kv5rbWA7YLW7vVRQe7srLTCekjF1GXVmSkMEp30pXqPZGZhd4kP4g6XSV+vNAIxCGAHkoz4yeGuCfMFt26xA7OMaJ3Jt7qC9HlUZiTBNYeMTGS4RWTpA5bmP80YakrH6S\/siyTOZWVbIUH3zyKebeFkeRggxuRlPzSGUOHYMZuwvJcZg0nG62mNPQkPa\/b4v018MpzMpVjFX8wtiEo\/Nb43c\/9nLcOFRbSWWPBlfgqYQ+PWRAjRSuxDNSULblQmLN3Qsksm2cbYMc0rFhBotjY7Go6wkzDaVz9AS4IbtQDLoOnQtZw1OfRUyvei4DnjPkTMfVfmeaC\/HlxkDfLPcP5nVl\/QLHE++3QNAr1P6HCBGPV1yfY2NH19o75HJFrRWEPSAxir4QL9ExlMNMrM3gxwIh9retemEuz0KWmzu9hK3Ezix0x1jJ+6iNmkMz3jOY14CIhUI5yzL2czzCjpgnOsxmyZFLBhca5GUtI0ioW8wiPdCD5iQkAvD+XHUJAJQroy9Ovl9OuWmOU0="}
01124{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000067,"pkt_ts_usec":642279,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":585,"pkt_l4_len":549,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAjlm7UAAPwaDXQo2qfp4HCMoyykAUHABwNDLZnfHUBhgH\/apAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLWluZGV4Lm0zdTg\/ZT0xNDI4OTk5Njk5Jmg9YTFiN2QxZjU2Nzc2MTAzZDU1ODk1NmFkMGFmNmE1NjMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChMaW51eDsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgQnVpbGQvS1RVODRQKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvMzMuMC4wLjAgTW9iaWxlIFNhZmFyaS81MzcuMzYNCg0K"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1429000110390,"flow_last_seen":0,"flow_tot_l4_data_len":645,"flow_min_l4_data_len":645,"flow_max_l4_data_len":645,"flow_avg_l4_data_len":645,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1429000110390,"flow_last_seen":0,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01255{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000110,"pkt_ts_usec":390234,"pkt_caplen":681,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":681,"pkt_l4_len":645,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAApm620AAPwZqrgo2qfrLzZPXi1YAUBkYU+pems3wUBgAbqLPAABQT1NUIGh0dHA6Ly9oa21pbm9yc2hvcnQud2VpeGluLnFxLmNvbS9jZ2ktYmluL21pY3JvbXNnLWJpbi9ydGt2cmVwb3J0IEhUVFAvMS4xDQpBY2NlcHQ6ICovKg0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LUxlbmd0aDogMzU1DQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KSG9zdDogaGttaW5vcnNob3J0LndlaXhpbi5xcS5jb20NClVzZXItQWdlbnQ6IE1pY3JvTWVzc2VuZ2VyIENsaWVudA0KDQqNXyYBAEFVK9B93wIQAhdIZGw+bAzfhIMAzAXaBLgCxN0BAsPj4k0n0ICdjYK52ViOWnOC4Vzgxi7+iegOsMW+oW6QdEAHg+UlyxaSBb9\/s0oeR4gum6gk+uWhqjv3Tkoz3jpOxZ3uqg5IoeAevVK78mE+75Mm5QEXaL\/24wa8I4nsiJTVEr54yg9WsIjA1I\/cd65YM57jS4+t1kJ\/xpqwwPsMfqK2G34N85Xo0uWP1F2PyLEjHiJZyK4xRu\/XYVzahdDn1vQRPtqQ3i2o6ggKNGN3kBkFa6C2GO0zTqwt7XUYqb0ppGq3KKIyPCtrTg5YICuEsfTDMTLer3J067M5VD93Ij+RkxqqGFN9+gvu+C\/smM0OksnEYsvtVnkr65ZF5Pk4qVPYHRDIlRcRHe0XzckIkJitYHFr8VSN2R6GxFfZK0YtMPQdmLxH6qLecheL3Cuuz7XcYpBc6JGpDIih+q4v"}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1429000110390,"flow_last_seen":0,"flow_tot_l4_data_len":645,"flow_min_l4_data_len":645,"flow_max_l4_data_len":645,"flow_avg_l4_data_len":645,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
+00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1429000110390,"flow_last_seen":0,"flow_min_l4_payload_len":625,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":625,"flow_avg_l4_payload_len":625,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.QQ","breed":"Fun","category":"Chat"},"http": {"hostname":"hkminorshort.weixin.qq.com","url":"hkminorshort.weixin.qq.comhttp:\/\/hkminorshort.weixin.qq.com\/cgi-bin\/micromsg-bin\/rtkvreport","code":0,"content_type":"","user_agent":"MicroMessenger Client"}}
00694{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000110,"pkt_ts_usec":528479,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":262,"pkt_l4_len":226,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAPYrhEAArQaNjMvNk9cKNqn6AFCLVl6azfAZGFZbUBgIKKjyAABIVFRQLzEuMSAyMDAgT0sNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9bWljcm9tc2dyZXNwLmRhdA0KQ29udGVudC1MZW5ndGg6IDQ4DQoNCoJfAAAAAFUr0H3fAhACF0hkbD5sDN+EgwDMBQYGAIBAF7nY9ngjTY7+FL\/5+Nv5cQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1429000117728,"flow_last_seen":0,"flow_tot_l4_data_len":602,"flow_min_l4_data_len":602,"flow_max_l4_data_len":602,"flow_avg_l4_data_len":602,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1429000117728,"flow_last_seen":0,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01193{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000117,"pkt_ts_usec":728278,"pkt_caplen":638,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":638,"pkt_l4_len":602,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAm69YkAAPwYFAwo2qfo2s4xB3D0AUJYYUVzgorreUBgAc7mmAABHRVQgL3Bhc3MvdjIvc2FmZS91c2VyL2NvcmVJbmZvP3NpZ25hdHVyZT11JTJGNzNkRVhCSGJlamV2MElTTnduR3l5ZmVUdyUzRCZ1c2VySWQ9TXo1WHI1VVhLdXc4M2h4ZDZZbXMydyUzRCUzRCBIVFRQLzEuMQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvb2tpZTogY1VzZXJJZD1SbmVTNDhuLWRZX1ZlMllKU3NWLXF0RUxvOG87IHNlcnZpY2VUb2tlbj1qYWl5azdjUlQ0WDI0RWp3eENnQUxHOEFJdk9pWmNWTFU1cCsyaW9HSzVaK1MrWDFLbkJwOHBGUDJIV3FhVFJEWHU1eUY3YjZqaDdYdDQxZTZZOXYyUVRGN2tnbUhrSjBhSXJ0Sm9iOTBaZ2lBMy8rYlZQWXBrcVM3ajhUREorNEo3Rkt3VzFsZDZCWSswakU4SncxbGYrTVE0OEVUQmlOc01FbEthUGh2MEREOVZvUlMxNXRVM2dSMHlmVEcxWHMNClVzZXItQWdlbnQ6IERhbHZpay8xLjYuMCAoTGludXg7IFU7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIE1JVUkvVjYuNC4yLjAuS1hETUlDQikNCkhvc3Q6IGFwaS5hY2NvdW50LnhpYW9taS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="}
-00815{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1429000117728,"flow_last_seen":0,"flow_tot_l4_data_len":602,"flow_min_l4_data_len":602,"flow_max_l4_data_len":602,"flow_avg_l4_data_len":602,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1429000117728,"flow_last_seen":0,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":582,"flow_tot_l4_payload_len":582,"flow_avg_l4_payload_len":582,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Amazon","breed":"Acceptable","category":"Web"},"http": {"hostname":"api.account.xiaomi.com","url":"api.account.xiaomi.com\/pass\/v2\/safe\/user\/coreInfo?signature=u%2F73dEXBHbejev0ISNwnGyyfeTw%3D&userId=Mz5Xr5UXKuw83hxd6Yms2w%3D%3D","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}
01462{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000118,"pkt_ts_usec":45538,"pkt_caplen":831,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":831,"pkt_l4_len":795,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAy+57kAArQaZmTazjEEKNqn6AFDcPeCiut6WGFOiUBgIJVI5AABIVFRQLzEuMSAyMDAgT0sNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpDb250ZW50LUVuY29kaW5nOiBnemlwDQpEYXRlOiBUdWUsIDE0IEFwciAyMDE1IDA4OjI4OjM3IEdNVA0KU2VydmVyOiBUZW5naW5lLzIuMC4xDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247Y2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDU1Ng0KDQofiwgAAAAAAAADBMHXokMwAADQD+pDVCuuR7VCzdrerESNxijK199zgLVnYggNE5ULioIZGP6CKSQ+J1Ue9LQPP\/PeL9xYw3Gkgs8aCeFd\/zZqCdqbSs4SDagv3Q8gbXJOLHNZZfmdTsJ6vPDYpe+\/rdailf+Vy4WCt5JCSfPLvLm\/VjBPjj45GMX6eUks60t+xxt21vhZm+cZaqa7DoZ7yob2ejBdIHAVjR1TTdJhFubG5KBya8nY0zzMWLsuzvCvt9glIynGQHg+BLRZzPC8ZTGPUyOvUh05tiZ\/balrrwKQt2cEeJstEBP0D5BLZnKvY160w+\/OrxB+sjFauMt5dnHUcI3t7SoTqChgxCrhMkNhG6YVl2LK8pgjuYhqcDRox+KgQzOA\/hLmGzg3uirtssbFIVC5Aro3ACcGCwISGwb1VxWHonPvyWHNDlG81Bqq3QQetunNZnl6oz4rq\/ZHNPTVG61wMgLdvvo4GWhjgZ\/bnblrSFNGd7Mdr5MexXVx6SfeJVyvwBelPETxWHKKoRDa8ZjUvT0cEJOB7G\/G7e4ZZ\/83OAc7CIIAAEA\/iIulwzriBqhJkUE6bpVlTg1QY+rX1\/uCF5JNOyMtykH7DdhqEwaXY8s7mPz38wS8mngvjnR+4AS+bZOCqFuqMeaMn6SzJIMOPFhSp7GcsxUbtqiwMa7\/yvtnpf2t24H4WaAC+sVExSgCQaWyVTSeVY6vezz8ABeIl3WAAgAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1429000153937,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1429000153937,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01014{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000153,"pkt_ts_usec":937720,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeag6kAAPwZJswo2qfp4HCMoyzEAUC00WpDdwOXGUBgBycCpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01016{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1429000153937,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01028{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1429000153937,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0048.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
02314{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000156,"pkt_ts_usec":273474,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaB3UUAArQYBdngcIygKNqn6AFDLMd3LpTQtNFxOUBAIItXfAAChEIrgrleYAhFa3F3938BggSrcIn+nqVX5sByKXTUtTZ+S0IwO\/hIwf0BB2uc3Bf5jC1QfzUHjRvDUIOnnsb5a0uxxhiIVAqWnEYC45w18yjCMLPuOKVZeOYgfCQVjYsxLAKkdXaRkmMu4Zoel0HztrVYR1cnta\/vSYGQ0WkMhgl3KFYUm\/X4qjjWEdowcfDAWr\/FWJBR4jsXSxR8EQOd7RYpfWOl0YqAXrcURgivoA\/Vazm9dSSQ6DzW0D1TNTghMrqCseZaLLp2diY5etWqcT5Lxxdnl2ino6PEahKmf04RjOZq83lwn5PEPti9QeNcfMNctSiHj28O5VeDtauVKLipzStAYJu6O1tMaMLByrHeLYYc5MbsLRR9vao6KZRnJE1AEzpmLa\/+YrNJZcLrW3joqQ2AvZzJNsHv1pr7090xMkT87olqCX5Yd5dgxMvv2CbBfzbv7iN0239xxLePmefbZXxmf1ljpyZUWt+YUi19f0cGaafC5roKKnRsDLjalFhQzNZMDN1+qROgcpPpFrfcPRzSCRX2oM3IXqFNyhnIqEBeoqjt\/rN0OghieSXA+J4\/fnibDY2oBF\/qPi7PmT7+EZQfp4dOU7LXGxwfkHyb\/+nSUhuDDHBPkRtLg+XO3xXfDG63CCzgP9j+ew7ylJL7s8zjEAnk0iP7KsAXK1fFcvUkB5LITD3qa1hjsRXNIyWIaxMkwR8GhlPLtf0hpPiS0Um8a1yduUSn4xM5n3AHwQrDyknL7fxErOcmIBqXcP2oyyyTV+m9b64iHrtRxBINGeYaff6lhmqnRqCvGC1F52Og\/seNDfW8RWv4yBXzQwblMI7xviVAgMjEyKmjtOXwyzWj0J+YuHjA3wXbbyRFf\/zujxfqXq0HOg5HobG69sZOgCtlNOxGxs6uNG3Nyl1bm6YuhORfGFVH4dDhxB4pM4mawqKQgNd3ZivrDKzWiLphhw89pFSEPmrYR+dSw4\/6dNuOLRnG16Am5LUzsom4k95ky9x\/PVPzeU+5ie6mhYpgOrbjeFpz+rg+m9C+NB8SEBd6muVe4B37GCYUkUck7iEmhbPSKsrUqKYVveBJ0WJIstk9mKFzxlfKH3J2\/bjYqxEQYbmgG6oJ5ralnDKawN31PTuvOshsQceM7W53\/H7rfpivL6lr\/kjGpOhEd9Dxxlf9p+4v7nxfQAiorCo+Ipnx1Vx4\/M8DFoeolmxcpnpC1\/t87cEimWGKlQKNWBmqgBX3lF+jG0RumppZSWz\/aQfU6VQwCojXD7XsZoKlt0fqkAcQPgNbx4gtOwebSddbvGBn7uPBEFCe1qtOY1P6e8nyGK8y1LANkR3tsNsXJFvHkj5HBf+Fth6gbnan75B2fOeWrkdUU90lajYKwLL1LL5gxqWv1nPgRm5gG0V\/LUY3dCEIra5BI+d3CAtAPKtdluT\/JXWML4j3eAT74+s9ouu5yox25rXWvrCvhcuf5BYDjdzBBmrYB\/t4fb52bttXAQuL80qQnY5Oj1X5f+Um3rpgjwFtGj7n30bbQASEZTdFPUOe8kJs7mBkrIY6yotsjZG+hKNfMJZdhU8ZShuzC8djNjp9NuCLli+\/ugxOOk4+twmaL+UUbEqGDcxcAEBa5EyOAV7RfqezgWcaQ3dbJjWXdNWxetLCdQ7XanJt3eAkt933KoymlC4XmU95LAhWF33+FFwL3BYas4y5X8wDDUnULI8QtkzKEN2oLGgIewtkuDrW4wpL3EZsIKv86JV8UzFxUMaP2MiczrH7WqOOsj1ytSR\/mRWDeXJftrtXq0qR46GntPeDZXJQKpY9CB2cQr+2LnDbM8iBOGE8HrF8a0W0JfepPoC6ozHQ5CxM0HE7L3V4aaQ=="}
01014{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000156,"pkt_ts_usec":459448,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaip0AAPwZH9go2qfp4HCMoyzEAUC00XE7dy64AUBhgH5dQAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNDkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
01458{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000159,"pkt_ts_usec":329352,"pkt_caplen":822,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":822,"pkt_l4_len":786,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAyZ5rEAArAYClXgcIygKNqn6AFDLMd3YhLgtNF4MUBgIQ\/OyAADrwzX3RAicnUrik1zDx4PqjdwOmF3fe8pzxTI4oN3yFpMedtYxelwQ2rhsnEO6G\/cmlY1IJNm+dhF6bSA0DSydTzLfvgeIuFZXygwrH6gaXr3bLYeSyYjaCUjWjmQTt7V+t\/gKIDQ7qopT\/9MJLyH+KwU2kj6lGewqsyjKL2j5Quk4rIxkJFWbgA834c500rsR9UD02ykgxsrbPdY8neRLyWauu2MwdO8Be1DZjdaACskFpdJNZR72s2dmRfWv3zmQNDywLdy21xUi6VV5yyLDgFQBtBCXRV+cQVGxrWazEswNsOJm5YNkt7Julo0fagWzzfA6k\/UxfxEYcq2TxGzfSbcM1WAuTAlHKowbQoKWjTwGEc2bWIFmXE5q8JrHhpukUvKEnyPDmn\/EVfOSXk9pOu1LB9Z9OYZmi6y7tgB9EBz5Hxig1qph7haaqDsKdW4PxWR0VWnAjHI09PH7\/zZlo9FDGZoA+\/SUvcNGTG4xFbCoGdUVimgMQK7pTJ5Jlf+NZ2rrp\/xRZXpGeytFF1JKGu6T6\/t07HLyU5FKV+heWPuYKSc0\/F9MjzFgwPRSVBhFEnAC\/WS7fVzhr9qnYUWW2DlxWquOmitR6vtaHNaiPFn+YxtHGPG7\/93xpqqGHAO5k\/JlbrRpUzvT4SAJhoKdaOAHp8m4MN2ufQ3rIJqNONA5BlU4ZX+YUQI9CVaX4mikHnJVz0ekLAIre31tIlLe5zK0iJgb0WauPILeFUHfG\/hDtxzaYUBCdt\/hcRGKLkM7kOxnvCtJyHcI0rs0EKUtkKRvt1YG8GKC7we8kgHb3wKzQpqiwjdRZofEVpf4s39L+wSufN2yERClxc\/zZ5xM\/anf45FN326q10slGD1JayBMSJ8eMRTWd2jteav9aPEQic5zOuESF716eR6sI\/RimZhAJZBj7ByW9GcWmBoQQJsN64WYhuY907IORbVtU3zFysJ35lxofZxQ+WSTQF3sp9jroQuO1XT+yDkm8sBF8f4oY6ZuQjFjIM4yz\/Js"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_tot_l4_data_len":875,"flow_min_l4_data_len":225,"flow_max_l4_data_len":425,"flow_avg_l4_data_len":291,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_first_seen":1429000052350,"flow_last_seen":1429000055158,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":815,"flow_avg_l4_payload_len":271,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54885,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01015{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000179,"pkt_ts_usec":906897,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeakoEAAPwZF\/Qo2qfp4HCMoyzEAUC00Xgzd2Ie2UBhgH8TOAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTAudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
02041{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000184,"pkt_ts_usec":62018,"pkt_caplen":1244,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1244,"pkt_l4_len":1208,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBMx7y0AArQb9z3gcIygKNqn6AFDLMd3kFIQtNF\/KUBgIZfe1AAAKmspwst1EK\/a\/3ZxQzXHl7yh1DiWBqCCmNHzFDKA\/Z6M+cT5ag5YQXZ2v4DkK8yClPH8ijf8wkecUVDm1zJ0n88zqSUK6LGj5fmLXNRq6sWVWjGzrfHjz7pN9Vk\/hn3li4sRvsuz92I9mvQq8SVIzpqgJtoIfcsIUhAsvQZ4YNZQaWRHwrrYOXPHS\/kCc0k2h0OnU6+qUCcoH7CFJvi1X61Uy+5HK6tM8ja5aepYh2pyS\/5GUZZoe0gQ9CixA5y+rX2xs3DsUFIxXm3TwyZy+y52XsUXmHskcknnn73o6m23A\/0lI3sxC8lDigfDSlbGkMEZX\/DFAkSObp16aRn\/xHYg7u2djAQhC1dS04fUdFCwUUpISzpnpJwwofvgfmYAtJ79ASbu0uJLsO6q0T1Hy9OD6YNrKFbzevGgjdusWX\/VSdyBEBoRCElMwpr6voqppWPZ07b6gol63gPDD0uRxASOHjauj+4AUpB8T1EK50kMNbjlNUHSu4XmYsAyuJ2Vfzdhyl6\/D8wAW6mRYz8wrjRwP2myjQIkqhYv58ZxuQZQijR03ihjRglRnlsreP3al2NgQXRyCNK0MMKoFvEmQVIn9XB4wCAcOLAUGiTmjnwveXI0qMXc35EiW7tE4f41AoBWcm0wi7W2qiEu\/otuqhf3WDzmZdcTcYjsvjEwCrUsohr01NhrnX37M4quc+xg\/z3rXCaLyo8ggnAlXcmEtHjHgWhDlXsUrvbBTUPM418pWCzvD8iar1Crn8HgT1x7BzfY8o6kU707V3G3ne31zM8\/\/22zSeDn8R7xil1qR8V1+dLS7anyZ8jIUUYtsAY\/ZkneAlMo8fKVIJTvbSwjUMvPaCekldLBx\/4GAFLwtqXj7wjWItH\/b2VrmSP9ikk6A5YVoDIlEU7+PhpyCF1RIbFCYnsYAjHl9\/tnZVEUnvMN5rpfTVfqEFWpNOXCVjhy9nJKKLOCPAk3KsPFKGqzXzTjWjVSAVBZoJxvXZa69TEgBMwT0EU8z7RSok\/fOVijIytwR\/esAXhE028tvEMgzyMxVwYKf6r6\/OS6mN2YaDZegoiR\/VRFXG0A72sf+UPA\/GIB2MEO0kWKzSv+RgmwRyl63heUP0hfStBXqS\/xQEiRWgmSNG+lhPKBpBYD8FK9tgv1TndOgaiOsPbyoFx\/0I3SfGthy+OWMDshSnNC40NwbFATYYE5om0rX4UfXPD0vu\/AY\/rxnhoSqEIZlhUupoLAMLEh2ZsEwKZpQRyK5+N720qv6SJjB5NNuMRJDQ5h\/PcK3gzL3csMOAr5oybNwEiluk9edOXHm4G9p6uS8p+Z0UFp9xIK6MwxfDl1\/WI+EPKyQCDTyLqHhlTsvcE3R6j0YSmB5SnoEeCIyhZuHnakCWuhCZgrKTSNuiRTaSnY9tm+\/gQPQqYQjlCln+kz8oIWUF+Gle0YFvHe66kqW6xA4d1XtKpvkvjFyqLLZrDNJy8QIBfYyUjN1\/n8TTKuHXZkPY\/ieBWDpo\/3WIzgI0vTeTFo5IDXfwyn1bEjJennAYG1j18OE7tyQPJny9lnCUlcjn8wyi3wd0\/+bER\/dvY2fuHI="}
01014{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000184,"pkt_ts_usec":253516,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeamE0AAPwZEigo2qfp4HCMoyzEAUC00X8rd5BkoUBhgHzCTAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTEudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
01014{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000207,"pkt_ts_usec":676611,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeantUAAPwZC6Ao2qfp4HCMoyzEAUC00YYjd8N2TUBhgH2ldAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1429000207973,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1429000207973,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01015{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000207,"pkt_ts_usec":973761,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYfhkAAPwbLFwo2qfp4HCMoyzIAUDz1EP7kfsOCUBgByRv\/AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTIudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01016{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1429000207973,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01028{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1429000207973,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0052.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
00513{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000210,"pkt_ts_usec":14166,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":128,"pkt_l4_len":92,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAHCiFUAArQbb4XgcIygKNqn6AFDLMuSI3uA89RK8UBgIIiZoAAA7o06lOUMR9b0tN4NqWqjYHmUkbAcezqY5k1Ckm0MtYSmllf\/mEyyNorAHBlAKlc3tlqWmVMYy6YLe45g7yxi7BP1GlteorxU="}
01014{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000210,"pkt_ts_usec":215002,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYhUEAAPwbJTQo2qfp4HCMoyzIAUDz1ErzkiN8oUBhgH586AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTMudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
02313{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000212,"pkt_ts_usec":441046,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaCj7UAArQbU2XgcIygKNqn6AFDLMuSS2RA89RR6UBAIQ8oUAACq6wJSeY+ZR5vju7O7rGBuV3KqrfY+7\/qz27hg43LL4t8jgCCnZw4pmytbEHqztw6jYUe9nIqn1oEAWIlynYKZ2BPWnBAlCw9eCl+vC5o8GmmDsUyng510X\/fIFupDs8Fmcg8\/juNDqgvNoagXIeToDnCa6rjzbGiD0ZVp132jHFTuXDG5JkA4fIKxEzusy7kHkYn\/RuYcJF4DWYfiLWDxXQtNfYzSUt206IGdQEieMjLgNEmWTECjFaqbtXsdxYL6np8NIkS591y\/RyCOIVfo1hgDmEJoe\/2pyZafFOOBRIJOo2Xo85BCL\/RWe0+lQ2Z1n2EP81GMFIkAaRjV6F\/lrTbo0MIg1z3B1eZ2RpFltSNVlSv1xu10YLIyyXNUO5LjacIkDLXvDaVjuAk0NoANaQlPttlNVDGJADy6b4CY\/uikMitdroe0ycWy7q3dpKEALLNru1f8Uj3\/5cAFy3FO0j1J4EnTnDRwwDmlAc8Qse8VjmZeM\/73+UJeiUUOQqeHbS\/hN3SekKiXI9DVJ4JqfJjXwHlm4+Ke9kTRw6uD\/+bLMWTuzK5Phy1QY29LC\/SHglraYy2b6vPsIihmPe7aoXbc1Yq1F8eF0eiosH2RLK4FfN8pop6KegDadjTahXdniiaYV5ajTUkHqDXoJ9VtJo2rRnQgQu8vTwoO0jZKgDkDsazasu3dbOcFDD7pXwBEkIlqaW5jNQ9CBjmvdr9mmJ5qMFYexoQT\/FfAL8iViDa+LK6EQZYvsAH1EskR9jGkumiCB2DqmHBsWkgAuT+UpXdOvRxfKKWO3Qi4DkGp+VlqkgCfIshLamWcHV2um+nrE7v9KgRW6hJkGRsRLZE+NFSMMCfJYqfTR9W3yQX6jGnc9mDyhEG26Fbbqf5qQ3uurwJx0dQCyhqeLlQn3i2ASTSEswUgMc1gxD1m5QZK9Ieqoxj6r8mUY\/MBb4QRZNVidm+Zt+iAf0SFZMJjTxKCim3CESEH38xkY5atB+BY073iVmECfW+tg\/NXqNE6qJZhW6tL0vJNy+bf4pJjC2MEZgL7NDWBjH7sBvs\/3SRsDzLPfUY+2Kh3xFSqFLQTVX1pZIokrpcRW6tqJSoO6rzmFqMCqQlbo+Rs6wQOd4taeWkIpWATUEmAaIUz7cmVYB6WJeG9QXqPhuLwn7tWE0eY6NSZUWMjEtem+9hja+X+8nSLobKIiczlsn2pNYKvtvU\/zsGsn3Stv7egpPp9CK26+uJN8wTHMDB6lOX1cokZOCO8N8RgG5RsYPun9FXAEzk8MEmh10A\/RBD7ZqouhGmpifsYX4WbaBCvq3vmds+EAlasmvLSOq5TckinqqCwDbqdc18A4vCtvjJVDjHlNahoczaVDMtX+JVED275p23d9sbSzc7W8hIRN7SxL8IEo9oMvle8RWiOCTspbTKToNmfLU7ZCMXHSznQWZa1RAeqzxF8fSEg65ipsAWvA5uQqieSO4+nJgy00pvgizYg2c8Vx8M8oMQLfMVbWHxzGN\/ixcuLmSuoSUhGXSZtnUwMU1gK66mkhTmeNFf5QBgA\/ZyHYiTRL00QPYwxxpT7M5HyzUNi4PIan6MZRqwCaXH2TM7O6IKGB7+b8fN8eZfNAUG2zu98UozvLwr\/zhn+GIntD8VwbuwCISig9\/fii0jrFsYufFWWGdtC4RETqfcHEj4Tii5mJehxSGW5ezYeTgVd+03RwpjigngSLjdE2KAzy3p48hABBrrd9wkV4E7WRSR2+l9hRynNz5OMSzV+EWSY+jryxYHjVFF+V6QYISHqLWC4z+e5ShVgJIShPJLHoCkwj9n4oNBgKzXap5SqVY20EVq2b9jA1o0EPk3+CBdtLsLxTktPKMeRLw=="}
01014{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000212,"pkt_ts_usec":618842,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYid0AAPwbIJgo2qfp4HCMoyzIAUDz1FHrkkt+iUBhgH5v4AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTQudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
02313{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000216,"pkt_ts_usec":645453,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaCmOkAArQbSjHgcIygKNqn6AFDLMuSfZFI89RY4UBAIZTGDAAAFXea3fKZUpdH3giNSW37PFRooGJMkJo2SgtfXAFuohAb2ckEbnACbz04LlUkR87pO3R16eFU59IKbz04UxW2\/6TCFlbfbxeZq31B\/t8aqtvMUvSnwZLmwnzrXmxbCbLD3RRDiYmG94Xa3OT0oe7KDZk8j46ZnsfNwIATbYOr4j7UEwhzY4mUb0fMcmIFlcZ+bMMe10S648pcw4BWb4EICvjRlRGB5sMDpfNrWcD4HUy784PLWK4RFvK1N\/fDDuJsvg36IM0d8emjCdVno3palYI9IzrPnrkIik5+6ye\/kpZ2S0ozFLJxlpphgIeMgJqmZn1M8S7YVATeeE+OceCFzdVECLUlMK2+aSkCZje5OOyOysn\/s5O\/yZqYN73tSGAxe4B\/gnXX0xbL0mK8fKrcEKrqwzsnyDFGFmA5fxJ3l7suLAGNL67EkArWH3akK0Joo5Zp9BzQAFwOkkzNAHwhH2cBVLuGr9mIZb2m8S\/yEY4YBuz4PdkDuvp6Tn1eaHV6JSc9nnrKPeXJlrDtPCIt91SzGOOPggQYJZqi1P78DG2QkjBXN97bTYI9zRA4FUa+8MlaCXPffb5yDIV9n9m6Qb54HKVKV2Z8HJCkIRg3iKAE2g7Tygjf1\/57GzIN+tMycgDT4yaMFqSe3Z3KU6wgH9cFrNETvwTNl6YCAhXFR5j0b+YhD2Hg3wgxM3HecIXy0L3K+qfezkwVcpOCEgmYcwmMmUx8+04V\/uV\/qZNWuM+LG9XINwE060VuNkEWN1jYXfinDqKkhxBmYCcuj+bEFLEwrMM+woZ9D6ik3B7g4ZpagEax4XLu+k466mymfyGzBKCLbqU9hckpatA++PRoOGUqZmIVFwki0VLbZPe\/4KTTal3uRchiLiYh77Keha20QW9\/5iMU8rgqSYvb07tFYgHf+iLF2hDCQAcOfquJdzxYzPozv\/bBwOA8wEzYdyaM1p9rLo\/XQh5xGx\/VUZ6DcOvMq76GXMj66AmAotlha+UhHJzh7h7Otw1slm0T6PiGT3I091whveIzpdYlvZsYkPpXnaInD1H12pmZtqLx8NHk+gxEZXPi3Oq2QNzw+p5fbCithjHqsQbz0g4DrtYwFmfA8ZlzsKivLY7NDPBuWCgxn7a8byxUrzElWDE07dpV7hENxfQjShGYeSTzbot5kxtIcoTHi8vQrdumimPmHSA3DDmo4mtEaS15N2X7TImR3HyoxbnOW2kEbaqeUmWlT18neBTHSlPtrImLC5tJKwN8Zp5ILXI9far9zbRmKHt0RzhtME8CRPXk5zzx7QSmnOlaDksLqTR1S5jnNnWn6yp7Un1o1fRo6kGay+VCksyDT9Pq00nRc+sxzd5s++JmfmCBijtIUHwAluTmio9NHTud1NNJ21XDiJpHPh7nMUgq0xQH6SwcwswVGUY\/Bopvz1aHXNJDiZtZzwxu4vl09iU5Ltwlil8+X58Md4PvRQPb71exXa\/DfeCHEZGhL2WQnRRGF9ICcenPOQs+iyFxq1PiF91tOuhSc13xLGWeStoj9mx2eGZWQyM9NcealXWl6M\/KTC6pd1r+J6y7tueL\/fx0wZQW2fluT24agsj77yeyfl3F0vZBaN5uvMJxe+PSy8i1+j1QNO77N1m7N\/k2x18oiS\/A\/a6tik6Y6oXC2VEIjxFooeGIAoSJt98zThYFklokAkPqMrIWuZBiA2FUu1W7ns+OF\/6k+Dd4uvE2WQL58YvlKTBWx+Pc73xfTTGD59ORfMqqM2BRKSdRD6+SuVBdjfxKgrF6tsa08zYb0Y3RaF1YKBK93FBmw45lOFTBhMHRffGpADFVRiiMIl2g18t9WfBkyJLorGrlsYJG5nc7APH0DgAxHcg=="}
01014{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000236,"pkt_ts_usec":577521,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYkEkAAPwbGiwo2qfp4HCMoyzIAUDz1Fjjkn2oIUBhgHw7IAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1429000237766,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1429000237766,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01015{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000237,"pkt_ts_usec":766730,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYTSEAAPwbXVQo2qfp4HCMoyzMAUBi\/CFv73vENUBgByQDsAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTUudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01016{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1429000237766,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01028{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1429000237766,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0055.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
01229{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000239,"pkt_ts_usec":838538,"pkt_caplen":652,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":652,"pkt_l4_len":616,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAnwr2EAArAZRE3gcIygKNqn6AFDLM\/vq+JsYvwoZUBgIInF9AABzYj3YcVRlOp3c+LTFyFpK8hJq+9ow2Mvt7DtOuHGzxpnR+3r13CHw+E3iWLlq+exgWJJWm8EH8pTbwRe+x8\/D4xNXRBwksI9Csb4QsiJPsfT2+RDiLS02aidPx7uSbhK8jMvrBH5tHxdpa1MFSWCqjYPTrHUzNzOA9TY5FgYYDDMkEDm7gO5123w4n1MAhsXStfcoQ3nSRMywWBjQbHZWkL++gHWx\/\/bzYnpJ21s22WZTz+idJIBFeazv4DxMARlrjHvFswfnI5PHnRRlJ35I7r1qBSMNM3mL3d8eBq5Li+cUyPU9itxuknh7PGxS38quOs1TDTVg7FntfS3WF5atx9VBXKTp0aVWtu3ILXC6hNWU\/3GWggrR0a3pT3Hg6QnXTm4c911OZjeTJVo9BcqKuNrC54rvRTCDA32\/HDU6hjsWUORfbA\/u7H1kGeJSFG\/fOMyzkamr7WzvqgnibwnuBc0xZxB9tpVk0llxH2XWzC3EK3M6+lvnjFarcNCJ93EYtE6CK75PtO2Yi7ZSrr3mOwYlgtK8Yp0yb7vwqI\/2DSjngCc+Sn1445B4mHIXhp7fd7CP2bpJi3Gy6qjSlxiy6iOAVea4ViBsitRQkSJFsgN9tKobyQWEjA0Iq\/LCYaZ8fynI94mgU9gbtQkXI5Y7NPc0FmJseEdZ62w2m6qgfXo6nPxb2wkFc\/k2DVuvOgbbk\/FGlh+lWIZwut4KOX\/pap\/MEzShFHEPoHfax3dVeu1dix8C0CE3+qvmRiSOV8\/NDfdKpdkErPHZ3dWKhtrNlCDmPw=="}
01014{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000240,"pkt_ts_usec":20544,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYVGUAAPwbVhAo2qfp4HCMoyzMAUBi\/Chn76vrvUBhgH5XpAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNTYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
01420{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000242,"pkt_ts_usec":10168,"pkt_caplen":796,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":796,"pkt_l4_len":760,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAwwttkAArQZNpXgcIygKNqn6AFDLM\/v1G8UYvwvXUBgIQ9CpAAD4IlIGBU0XurRQzjj+KnUUeOwnyDErh1HAzSeE87pfdgilOK0SMdpPvqMGq7LX71PvulxfUPEPRotLYrJ4wN4T3Ykbu\/dMMLY\/vpf7MKbf3uPqHaDnTLYi9506CujRVm05wszKEWb3oNWKtZPF+gOwTzKlM9Bqkt6MOlh2Gam3\/lMH8xtSZPVEYJa98z1WU8aBCaKJtXnCAtj0WuastkvcCsucYJpQ4vObiO1epS2JJM0b7KFWgVbGXaua921w\/EGFqoaL6OK5CgwaRd3kPgjkBv+xLcrvVYoGDf1taGaa53Uj6O0vAYA2b40M0D14Etu4PzXF5pTBl+hLQ8E8yyrIteYmI9kxe4zhB9bGws1BN8gONKVAfjzuhhtk7ML49ClhVanBAXHA+vOEfihAM\/FsDqcUT0L+8nAlohrnNoRC6rb2SsCU4x4ksOQV6dvT8w8SvPjU0Yp42ZMzb\/dQuqnJl3Fc2mHN8PqQ9LxyAZndhJ3j\/euoBSNnXmORJ46RkMpyWWdEbDZ+aKQqOeikillieuV5itcEyIeSY7NScKOILT2LKim89irmHZJIaRXD+t29gH2479NVvL5hYPA5UMnBGUXkWrY47SyfnQQlPwpoIqasYL3j\/2FnPrTB6wzeMVuNZCJ6V0rJ32Wv0wvDHceTcbIon4RpJXne8\/gR4Hk6F0LoA2dN8o8D37cO5GcgqSotU+HORtJ7AyJ\/TuTVkHsitlFRzDxINkD290KE+0rvhp7NZrOSBdNKtywFo\/5JbTfcRvf+Rr22dY6QFhwfjtBGRfsBYKdOltZiJrO34DS5UK3BhYic1tjBIcjTyPkdJYJjLQZlucXruiE3QuETLUP+QkXZj9lhjYxxzrLH2A0qQpmAI0YnNU8Mm+ptr15eC1SCWRQt2azOtkhdMvKsRY4Rcpt\/KgKGqyNCrU+823F6xVj9YPYBDPyXZck+1Sb+E44om\/eq18Mej1hewCzJCmbJwOs\/kQ=="}
@@ -122,39 +122,39 @@
01907{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000293,"pkt_ts_usec":206061,"pkt_caplen":1154,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1154,"pkt_l4_len":1118,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBHI2zEAArQZDKXgcIygKNqn6AFDLM\/wmTHsYvxLPUBgIPj6tAADI17HXNitnK\/IeE1aXOTpD+xkVAY+XvXYLZ+9qSFqEus6xD7ZNHMlS8qnaWJ9qxLOxdnDvJ9Cs4nNuq+d5xawPzrAQiYYQIjpk0XO+gRIvrG7fAhzv73WKXYaSirh4mLFTJOuK5bTspwddVgmqTbN8ung2wBUZACBOXwVAq9gUENTl0iyNuLHmzHwR\/bw2SaOBqSX7SPGiqZuOmtKcWR6aFqCSe8BhY0uBFdjR28JPz8shZE74GGdo8YKZuxHKQjlBMbCggrs1U2W0RMpbbiLAz2fMZvtcR\/SQfTa8tYa6clCrq8v8aWGvKCt4yGtiHQGoKEupYVGhISIl\/jxvEW6uUfGuUIeF6jq2Js4KUFEqUndLK38ZldKD6aywYbbmahE+dAXrWBc6ixVK7Ajtoy0OAdTMV4LAbZycwgGJ5oclz6yMzj7zC+XICJocJylsTSGdez9VX6JLClDu3v5lsO+RIkAVzKpGtlexqLqn5o\/XeuqGLiLP2CqTKjw6k6RMGt67kv1L+yl3Fnfpbz9J6rVE4DfGiq6IVb22TtMmaJyYg3aPtwVQ6vfObOehP89p5FiK8t4y1zMHGeAzGS2H58kIaIcCkfqvCLHQxuwAwZlQTFvplLT9\/dI3oozM9K3cmm7\/O5RSumJwyvdq5QJKWlgYpdziBZ5qTwQ8uCw\/kdgVdFYihe5dk2DEQ75P8gjkhPXSGpDhyOlIB1EYdvTTmFMrHquHm2BqP\/0NazIMYI+rhccvOn7d\/OQDuuaamtiOnLn5vDa0AOfdp3fUzuYPqLZdWCrpMMqlvvXwZZo+fQiHdBLAfjxKEBAP4+GI78Qc5tYvdo9DZCf3qTX3l4MdW7Hpc\/pDGvMdNN1NUKqKlaWD0aCUCDzgCXVAuLmARPKSwDZFfYumA79MKdPEFrehyBjltB353vwRWwlc+VJ2Ji7L2tvphFdi5ACyKPUJE7LVDH+kpUMTkawJV4YE0nVS258WAYibYSPwAzwsNmeq7VwYomgaJTXV80uaaEuaIieJeguLGdaejfIxxGUI\/1hyEih8d\/XckdNotwXHbR8uhlz0H8H\/MttDmk35LDnYZJSquziJ7DkVlK9hdG\/k+L9Opc2qCxd7cGbe7\/6dilocfzLzWoVTUUtTuH6zUP+gLzrBl+NyNWpl4YRE6azJ48qRnWxwuu7CMPThxmK9NcglQq9qE84gjvW7GE8ChJzFSEFXJcUmBkLOBRXA6c1gcTET70P5hCCTkcacuo1wdWxGrV9bLN22AV86Y9kni4C8y35ttEJfUESkuKxKAV46sS5bkhzLLK3+oRQGKbP0L3ALGwFyVsuYtp2EExVl1jrpIJGZ8X\/mERCGBSMddfQxvVE+5Z0YE3wj\/bgHUtlO8Lgp57YqcknNZOWSY0Jki1uTIXrb\/RzJjvHDpB1LMtRGDIdhMwQQrE66iW\/FOcyWWYdgDexnKhuL0H+NRt4ufKE="}
01017{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000293,"pkt_ts_usec":445380,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYc4UAAPwbNvAo2qfp4HCMoyzMAUBi\/Es\/8JlDFUBhgHzwhAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjEudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
02288{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000295,"pkt_ts_usec":369391,"pkt_caplen":1432,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1432,"pkt_l4_len":1396,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBYg4wUAArQZAHngcIygKNqn6AFDLM\/ww9AsYvxSNUBgIMb+1AAA6BRMG+gGwadlGwnkwz5IoCoUgFZP3Tr5SHNCi6T0cM7Bz\/k5JMv31FN6oaGAD8ak3mZEoP4XYkeP8j9aBK9R1hewQnfGaU9dB0sSIJDsEaiwe45936V5VCYRVzlJc6h5w2KC7DnaKqMKMCqSu1N0wkF7koMJOBNXqKZOhGzo+6IvGsjRN2ctAlGIU8ZEB+OoDpdB2ETHlnQn9y+sx2PGlXMOF4tW4T2mKoEcGpXilufTVm8fwWTUIRxw7EMehCPoO8uQCUri8PKbAONurlXFpMBIKSa640tfVlmfekHgJVBHFgBz3RuD2y5A4lK1n3LaNwCVog7oL3\/Cv3RzjJoM9EZhqr4GFm1uNj1iNlTzqI3WGc7vNjboMYRu\/ngFPrUDq8O0J0N1WqjEKnAF5nBYnLwo85pvgHpUFgFugNAQJJbGb1YMTmYc38AYtTKESHgHAdNKb3cpN3oovXR2VUgPwLSKEfKtKTYkXadGzVf1BWTax1h3EskJ2XAz2JRPcvzQyraSl2u5v9jGFeWo7QjZ3QHqFI+3EacIwmWrE+xHMQ1Ty1gGWcCNW8sk9eNqf9qh+lvjl9p4l8+TLhaTpDQlOSXD18fudhJFwUtiTa\/cGz\/AJxp\/cftpFA7GzVW9KD\/q72PClbmkIwPwJT9meR+s82sqv+4WGQ5cpvyskwUY5zizclBZuo6QMUkoDw4joLRvVbWOC2uPXYvbyPGWLlJ2vbtlIehCPQbjsfkhzZjPmnusWbRgaXz1a27ImNl4ABTGAZEA2m9Qzl62E\/7GlLyiEnyS0DyVcIjFs3b3cgUFxMyLTF1XwPlgBTDXkhEQztSoFNJkOmiiFppTZuPJcYZZ7uuMmR\/cM7gb1bXACVhlMFczLK2GmMmUV\/ZCPxArkeW7YLlePxXXEu0buW7nR31HWIy1qhuOzfeON56zgkHCX6f3OzGq5xwgdSEw7KFl\/Y9mDxtJL9PcTxLkJKIlBuPByh25BySIQRUgGyCJvCVNPmq9gMKL3fC6OnVLYPufXgUrAqNKqXZ49OSNr3sN31KGRxmHk0rFKtUDuHSh\/s1\/ajCKip5tsjxJ9SZ9Rn\/PJyPeMeXfNDpDdfl3EF69RzNtBRrJmaQqPjVXWBGLtkDqcZAy\/\/kbgDSWP\/o1vsgwldKrjio1xwSxU7Oub4HimUPgoQU927557bhNXDBUb\/0QZ4iIS+BpAzW5urNR2s9CtmlanA9hw86N81P8WenhNiiEWIDUfSizNauq8ZW+\/SaMOBettwRDh\/0OWMp8y9IrtiDIV4uzcXwbgreoxggmlEzHniLjb0XndHzR+qTXIfbprW+78\/1xYk0xsduPtSS0FApbuxmkF7uop8Bcn1syZqc8Te5W4ztUji1HvdDxHHgaG92O2soCw00pVCc\/oBLR5Nuk64dXc1TC\/O7\/7T89l\/kFwPKHY1gcSKWJTLaWI8P6AQw2uxqTbgs5l6KJrlbimMbpag6xrxAe8Kq\/u78ESEv4wYcEJbPV9A5tvXZmoAr7UYwxICYiMUoi6bEu\/90JcE9+UCDe5kRz18XgvzVfYFm4djQtdwstaFuz7Yal+iSgevzthwT85hBbUDRVLPoWyae+DYzhNmY8NTG4zP7Kgf6Z+Odb2ujBLLRDXPX7JSSJpbHZ5amyRVImW32lAsykoB9O1+PrLmjsj+ODZwmIeNSlztxAzJUrx83MlVYHzIQvTyd2g8uOFV+nCauKF29ExXOelzp8YQs0yOi+h9r3e3aBACzJT1BFIdKCzmLBYKAEm9sbACWLEzwkx3\/vLlAMdS35I9JsGiwEU14ZfoBjdx6Hr6bhP\/ejLYK3ZRToUD3VNAg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1429000347103,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1429000347103,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01014{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000347,"pkt_ts_usec":103644,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaYDkAAPwZSjwo2qfp4HCMoyzUAUMz93a23S9rhUBgBydEWAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjYudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01016{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1429000347103,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01028{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1429000347103,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0066.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
02035{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000350,"pkt_ts_usec":324744,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1248,"pkt_l4_len":1212,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBNBb\/EAArQYdm3gcIygKNqn6AFDLNbdZW8fM\/d9rUBgIIqcYAAD+T5O3IPZmBv71L8WfkixgJr\/jAt3\/6kLgAlGb+bz0ykowoo+NPkYJoM9UpoIVOvy80c0V1g1txC7AgybX1gMQCPuO2tL7\/YFSRxMejmWc4iVxTJSsqhfOA46142Bs1WbBta5O\/SisV8I6pVbO3GCxSbhFLwGr\/WZMUvJFa03S2huv7nozg+bdD4ixlKAFqDdBblAS5LqKSvj+fOg7qedCUtEMdl2BX1M92lt5m6MQhdflPtDytEcZ0QkUCdMH9OHvhlDAvSTeyAtHyfYMIr7y2wFDjfyFOM32EeqMcgEsS0MQwjTKiEkzEJ8uGfrxRfO5oVpc6VJ+xU5oxB5UzhG8pmTwc93Y2+GfYxPPy6ggTaHy\/d8I7FePvcMuO0KR+65nFfpCrRJnDXWI0WHUQIZcOwglbU1AfE\/G0U1NohfpkoAAnwPGa2AwV3oZoMhAulbVmnnznep4SXoywe87c2ocX2ggVFcYGvjslls5jM+9Mb9jAiJUQob+ptDy09gH34DekuerUkd5kD0BHNFL1qJxKuT2KFfpVgoJcv7HmFi278ssvmuhcKYTndrOnym+1tTrX4yHchzxBIO6GaHA8tKeIbQel4TL1v3Z16t\/5xrJ+Q3\/dZxmuZuNaR\/mbOEVBLzpZG7JjcrFSlppStGfqcXspmqu2LVEQvyEoz7nD3cdIKrnhCpQD85sNyvZh8JPCYo865M5+VSfDtodRJdJU1Nl6DW0MAcLqRvHQY9JW8lvPNvqOY2adRWmAKu7tqvblHXcRcfi1rVtS37DAzU+CITvUZ7K30LaIGtCPuD1JyxuUKBexT3QohOr8Lhst8RR1CzAUG3EjerjlJS4KtFHtNg7GoK88LreN47H4SdxDkAmboeyFID9kUTvhDEEqXlfFOEyBf9Hwqltx9X6rJI\/aCSw0l3eGOtTl3BrAC\/PZaQloz6cS6y\/rAG\/nTUo2JYn9FxvYyn46cJ+Dvj0skCnbuZGkNTSODQ8OYRf91rdXgsLkXz7SvGaVdHhOR9kAXFpWZO7NlKFm7iCcjRGcikx0R+JzsCdgGKw769t40JLLZ2Q7I1fg8xfNUu24vDeA30lrnpOU4r2\/wzGdHdMyj3aW37T\/Pa6QQtQ1KDPtl9xaYHV7eAXl7B\/PrlRzNCxrvA6rIktFl32wWbaV4UONT7uV+4MsIL+HjkWP1O8dgLKVVeYmic1ZUfE8n13QHUcKgu1wZjEhZIqzgLo+waSjiNdfhALL5AB0EpMQXn5\/7OVD3m88BGmhRFUOC2MbYjnNMzH8wAwic5A3Qvz2AIrONrzFcniz\/ItQB42w6KG1uQ+E3nY7gSAkYQOrbzozKOWRZnp2uAnHe4PHe\/OVrr8C50\/kt0TKX5CZ2FJOOqCL0f72chb\/rBb5J0abgAXFRf0RhFz8NBfmLRVAS8iJvF+ExsNR3UUz7Uik5Fcuqlhq\/2+nOX6Vo3ZiRGJ8ebb8KS1vBD76QQNsXfNVIC2g\/pLfmhdq8Adxob5YnXButMrysl7iAokGOqWwh8nWfQCWcnR9MCedQ9mTBrHLXrhSeAVZOjGNYrbH8nHmLOBBy1qB3E4YD0wwrTIH9U0Sgt1"}
01014{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000350,"pkt_ts_usec":578345,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeaaEUAAPwZQjAo2qfp4HCMoyzUAUMz932u3WWBvUBhgH+pmAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjcudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
01014{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000374,"pkt_ts_usec":116949,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeabz0AAPwZOzgo2qfp4HCMoyzUAUMz94Sm3ZOkRUBhgH177AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1429000375190,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1429000375190,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
01014{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000375,"pkt_ts_usec":190710,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYAQEAAPwbqXQo2qfp4HCMoyzYAUPnxUPbwb7kUUBgByReCAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjgudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-01016{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1429000375190,"flow_last_seen":0,"flow_tot_l4_data_len":466,"flow_min_l4_data_len":466,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":466,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
+01028{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1429000375190,"flow_last_seen":0,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":446,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"vod-singtelhawk.quickplay.com","url":"vod-singtelhawk.quickplay.com\/seg\/vol1\/s\/Warner\/qpmezzhawkdigitalcontagion2054033featureenglish20ltrt23976fps7834192\/2015-02-02\/STV510R360\/qpmezz-Hawk_Digital_CONTAGION_2054033_FEATURE_ENGLISH_2_0_LTRT_23976fps_7834192.m2t_STV510R360-0068.ts","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 4.4.4; MI 3W Build\/KTU84P) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/33.0.0.0 Mobile Safari\/537.36"}}
01202{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000378,"pkt_ts_usec":528906,"pkt_caplen":632,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":632,"pkt_l4_len":596,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAmhMQkAArAYwvXgcIygKNqn6AFDLNvB8o6L58VK0UBgIIuBYAAD6gvJK3aB9Wdi2WzDeNoMColML2KCtNfUY2CwzdFLplFssslM2yXsBjnaIJOEoejcQpeFF355YUwtgWhdMMI2rg7t6Y06MNF1+oUMraF1z7dOGYZiWEw55N0R\/C4GUApqp4yWGJ\/CM91mr7EMXR6GJMnCnweJmOE9\/g4efV5ECHsiWKrismHwHX5cBOn2yA4HpOUGRsqAyJSxdx43skOx+vp23ro8\/JrEVnLzlB\/lGV2fdWo3w6VLreno\/QTmqd4pUmkkPPriJdaoBuDGz2cVi7p0befEK6oJ\/9C0fIAdMUQBOBN698TN\/3U5eWrczQSMLB8LJ0s1VPNsG+Uk7iZbLm2h44wxC+hzTD6Om+31wmxRZkWLFty4nGoqINn64kMxZ8jk+gAnxToClxMmrRX+tVkrmxooeDNg8O2BoKHSVu0QB4ZTXmBGAzxtP6AAAUY4sOQns2cIzqTR+SY+i5krcNUfqmctlUK2HS0mekAkRZ9Fb5CIveTsXhz6bTGoR+ZwaRiShSLUWZmInPoFtYMo3SK7u+PM7bDKFUbsQjbVXKacOgHhzN29\/N7\/9u6t2jU0DoTZfnm8RO0mzmGxReSHeGiwBid9gvCA11\/mk5FbSERauRsVxeiUkx2WKBttn3weSeMdFTFGBLzM8bDgXW729KN0+91NW+r+XNzcfLAhYR8kvwcN\/mM+lqT\/pSe\/P8rPDJ\/eOsiJDbHhm2\/4+8udWjPDnsNjkEwnYrvxC7JJAG7cy2LCX7EmJxNJ1SyoFMAc="}
01014{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000378,"pkt_ts_usec":725714,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYCSkAAPwboUwo2qfp4HCMoyzYAUPnxUrTwfKXiUBhgH8mSAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNjkudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
00597{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000381,"pkt_ts_usec":878729,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":188,"pkt_l4_len":152,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcAKxOfUAArAYwPngcIygKNqn6AFDLNvCIzKD58VRyUBgIQ+UQAADfzhMvY9knKLd3WdSlIwNSJ\/8y7+r7Sq123HOTqh2Hu+B8Di9cxcoWasDMrFDi0OP08Ux+dwWtodjPOApM8Zs+\/K\/hxXllXzFA0zt79voFKS3ykKSL1NmG3zGp6PnWizqTiSO0nGR4jVws2JlqVc+MwpdC3d4p1hEFwemHjINstt0TzS8="}
01013{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000382,"pkt_ts_usec":78314,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYDokAAPwbm+wo2qfp4HCMoyzYAUPnxVHLwiM0kUBhgH6mFAABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNzAudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
02326{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000385,"pkt_ts_usec":174414,"pkt_caplen":1456,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":1456,"pkt_l4_len":1420,"pkt":"AAACEgAAAAAAAAAAAAAIAEUcBaBQlkAArQYoMXgcIygKNqn6AFDLNvCUGhz58VYwUBAIZTnsAABnRs4ZlOOP714M9RGLXYP8pqiw8+LX0Jnf9n8rzoN3t1Q6Anit0rAiwpT2qE8jjjI8pg8VA5pC3hYVFkkyKqhIoFfd\/5LMtHfP\/v8rxgia7\/KgL8R+MCm7uGr7\/4CN77BKYWUGKaCizZqWHIk4X03BlMCV1Qmm17k0zzlbG\/zRsi4Wjcz1YkHpnum8WbjmzcvHyWCXwyOVbHmhsYS1danRExcaS5+p6zyb1SenPaWh6aK69In+jl0aQQRLHWU7ghc2ccCgP7amz5dmRMVsdWH4IeEBZ3MuKofJC\/mezp1rMkXsVbLMP4D1B6xvg1h0h4dIsfdoVg8iLrk0lROZ2MtZCJXTAwhu4a8\/r3\/W7+dJYYd9SpjTHYrIVhDxCJwcCxFtwrOc4LXMtwRO0EGCRRIMvoaeijTiGZ6kl+i9Nl7Ub5sNxnVJVGaYvfwopa2EkXPSLWYo\/Jdr3sMg3rvm4yFT6rhH+H3jbP3nF+x1lDRUdK3hTlliO1fn4Sb0PPw4H0ajIwuO5Fj\/MI9IqElCcJMjgVXv3GGrOYYL5ysmvIYmhVAEAsCXNxCWvni61tUxw3zNZu2PQBgGlIsgnPUzd+Bso9utBmC5EGW699885bv74xCLYIr2spow14qcxjHLmOQBJGriwI8ZR1t3aKSUZf+EXGpVviuhg6hOSjjJx9PkA+73JUtttY6T\/YkDqvyldf5kj96XMU2pnW2uepMK6P6Q6H+wlu6bRhHbqokpyBm0LiJH1TTxjZ6l56oOXL1OOWFdcYY36ABXasWbS1aEfkqy3XEwGUY8BZKdtBdC7rwmV1zx\/+vQYKtLWibWC0Eea9DsWNnAt+jMwuU5mAaYtuMuY3oyKQ6HyecX6Kakn\/fMlBJD9TAZsX9oxdzGdg6J62W1fOMg\/AJA8vL3JGqQUR2eVCRLzT0yxaFCNWmrDZ0LfNSBN2T9x65j0AlC\/FzX4vSNHhe9kAtH0OOtMMUfR1aCWUWD3Uoyd\/KSbDQ1yU1KK7aYzYk3mrt0376kkFkSjHZt9lClBNtbmDOsUTP2H0PSPHv9cxWp1ildChKqNMrCziNJmhmLV1rzQeoPvmyP+Lb0hfhG0BwBDQlepG6WnJBfhnuqcvCuiD0cQUkJRLM9KCB+IW6CsxzlXVD2XZhpyoSiRr8G3uu3cArcmLRrI+5twgt6Mfoo4ARQ\/MrTKSdXQV1R4vTYMi72ptT2ml9jANI7jF7z7NbzFlBkorW5HJiEWJ7gNRHBTnNSLIIVM6L4mpQpPE3QthTRA\/lhZxlxGyoF604ZW0t5trkcSKSPeXWbTwecLttyOq\/M75HIuHv6r2+HzsWLRh9ogClqiJrYtsRJhuyND8Ojwzk4rAuDgao1hvppFPVLZtknizkwvgV2PZuAdJ28pDq5sy8XC\/Nzcr4gAsGQ\/bRvl2Cxb8\/hOygDZ2xB\/zGim2Y7rpIRkJwIWyAhxUZwwc4Guhbrg\/4C\/TJs5IpPh\/LyQ6EWRhd\/5z1o9HX9h4zNpVRYBSzAMoWnEjrt\/dYI\/ftXOrI8dqPN6t8eFepUmQxIgdvyiPO5ppmYsNpjEOxxokjRVA1wLJc08Z6i42sRfg1L1h5qM7RI50dCsSCBaWM++bTH\/IgQ7pSSmhaRdN7CuJKFPc2QjIWUSwSO1+Mzcn4dJ6YqS02VwQxQle\/PczLOujgPGCezMd1KyQPd\/XATki3p\/Iq2GYugDJHIDFqs52\/uCOXpAnWxx0fzn8Y5QQi9wxFNowEsjJkvLTQEFz7ZROuPX8w8kxvK5+\/4vISdbVnQm5gXsLoUtCUWCI\/X\/xxUw8jraTkf7g2ViKIgdvpn1jJicBYldcwtztkeikHiyIZEblpuvZN1WubyN88WAYtLnw=="}
01014{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1429000385,"pkt_ts_usec":363074,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":502,"pkt_l4_len":466,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAeYFAUAAPwblnAo2qfp4HCMoyzYAUPnxVjDwlCGiUBhgH1I+AABHRVQgL3NlZy92b2wxL3MvV2FybmVyL3FwbWV6emhhd2tkaWdpdGFsY29udGFnaW9uMjA1NDAzM2ZlYXR1cmVlbmdsaXNoMjBsdHJ0MjM5NzZmcHM3ODM0MTkyLzIwMTUtMDItMDIvU1RWNTEwUjM2MC9xcG1lenotSGF3a19EaWdpdGFsX0NPTlRBR0lPTl8yMDU0MDMzX0ZFQVRVUkVfRU5HTElTSF8yXzBfTFRSVF8yMzk3NmZwc183ODM0MTkyLm0ydF9TVFY1MTBSMzYwLTAwNzEudHMgSFRUUC8xLjENCkhvc3Q6IHZvZC1zaW5ndGVsaGF3ay5xdWlja3BsYXkuY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgNC40LjQ7IE1JIDNXIEJ1aWxkL0tUVTg0UCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzMzLjAuMC4wIE1vYmlsZSBTYWZhcmkvNTM3LjM2DQoNCg=="}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_tot_l4_data_len":3216,"flow_min_l4_data_len":329,"flow_max_l4_data_len":1344,"flow_avg_l4_data_len":804,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_tot_l4_data_len":3536,"flow_min_l4_data_len":332,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":884,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_tot_l4_data_len":504,"flow_min_l4_data_len":201,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":252,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_tot_l4_data_len":1229,"flow_min_l4_data_len":109,"flow_max_l4_data_len":560,"flow_avg_l4_data_len":409,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_tot_l4_data_len":569,"flow_min_l4_data_len":225,"flow_max_l4_data_len":344,"flow_avg_l4_data_len":284,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_tot_l4_data_len":805,"flow_min_l4_data_len":225,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":402,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_tot_l4_data_len":395,"flow_min_l4_data_len":73,"flow_max_l4_data_len":322,"flow_avg_l4_data_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":101,"flow_max_l4_data_len":205,"flow_avg_l4_data_len":153,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_tot_l4_data_len":1397,"flow_min_l4_data_len":602,"flow_max_l4_data_len":795,"flow_avg_l4_data_len":698,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_tot_l4_data_len":2591,"flow_min_l4_data_len":464,"flow_max_l4_data_len":1116,"flow_avg_l4_data_len":647,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_tot_l4_data_len":43562,"flow_min_l4_data_len":40,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":670,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_tot_l4_data_len":5744,"flow_min_l4_data_len":466,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":718,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_tot_l4_data_len":4796,"flow_min_l4_data_len":92,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":685,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_tot_l4_data_len":18706,"flow_min_l4_data_len":466,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":748,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_tot_l4_data_len":2610,"flow_min_l4_data_len":466,"flow_max_l4_data_len":1212,"flow_avg_l4_data_len":652,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_tot_l4_data_len":4032,"flow_min_l4_data_len":152,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":576,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":207,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":207,"flow_max_l4_data_len":303,"flow_avg_l4_data_len":255,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_tot_l4_data_len":871,"flow_min_l4_data_len":226,"flow_max_l4_data_len":645,"flow_avg_l4_data_len":435,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_tot_l4_data_len":2203,"flow_min_l4_data_len":507,"flow_max_l4_data_len":1189,"flow_avg_l4_data_len":734,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1429000030398,"flow_last_seen":1429000039635,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":1324,"flow_tot_l4_payload_len":3136,"flow_avg_l4_payload_len":784,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1429000030766,"flow_last_seen":1429000040059,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3456,"flow_avg_l4_payload_len":864,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50669,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1429000041481,"flow_last_seen":1429000041819,"flow_min_l4_payload_len":181,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":232,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"31.13.68.49","src_port":44793,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1429000050062,"flow_last_seen":1429000052145,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1169,"flow_avg_l4_payload_len":389,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.151.160","src_port":54883,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1429000052348,"flow_last_seen":1429000052688,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":529,"flow_avg_l4_payload_len":264,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42761,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1429000054595,"flow_last_seen":1429000054967,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":560,"flow_tot_l4_payload_len":765,"flow_avg_l4_payload_len":382,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.129.101","src_port":42762,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1429000031075,"flow_last_seen":1429000031382,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":302,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":177,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.18","src_port":33064,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1429000037600,"flow_last_seen":1429000037659,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":266,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.26.231","src_port":33277,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1429000117728,"flow_last_seen":1429000118045,"flow_min_l4_payload_len":582,"flow_max_l4_payload_len":775,"flow_tot_l4_payload_len":1357,"flow_avg_l4_payload_len":678,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"54.179.140.65","src_port":56381,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1429000049060,"flow_last_seen":1429000051518,"flow_min_l4_payload_len":444,"flow_max_l4_payload_len":1096,"flow_tot_l4_payload_len":2511,"flow_avg_l4_payload_len":627,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52007,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":65,"flow_first_seen":1429000052217,"flow_last_seen":1429000153720,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":42262,"flow_avg_l4_payload_len":650,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52009,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1429000153937,"flow_last_seen":1429000207676,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5584,"flow_avg_l4_payload_len":698,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52017,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1429000207973,"flow_last_seen":1429000236577,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":4656,"flow_avg_l4_payload_len":665,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52018,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":25,"flow_first_seen":1429000237766,"flow_last_seen":1429000347404,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":18206,"flow_avg_l4_payload_len":728,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52019,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1429000347103,"flow_last_seen":1429000374116,"flow_min_l4_payload_len":446,"flow_max_l4_payload_len":1192,"flow_tot_l4_payload_len":2530,"flow_avg_l4_payload_len":632,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52021,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1429000375190,"flow_last_seen":1429000385363,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":3892,"flow_avg_l4_payload_len":556,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.40","src_port":52022,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1429000031698,"flow_last_seen":1429000032158,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52285,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test"}
diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out
index 12999f5a0..fc7072e5f 100644
--- a/test/results/reasm_crash_anon.pcapng.out
+++ b/test/results/reasm_crash_anon.pcapng.out
@@ -1,5 +1,5 @@
00486{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1410865705717,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1410865705717,"flow_last_seen":0,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":717955,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00455{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":717964,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00541{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":719465,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
@@ -33,6 +33,6 @@
00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410867060,"pkt_ts_usec":242182,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="}
00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32}
-00522{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_tot_l4_data_len":12867,"flow_min_l4_data_len":24,"flow_max_l4_data_len":757,"flow_avg_l4_data_len":64,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_tot_l4_data_len":12867,"flow_min_l4_data_len":24,"flow_max_l4_data_len":757,"flow_avg_l4_data_len":64,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
+00532{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00519{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15}
00139{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test"}
diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out
index 844a00360..50fe5be27 100644
--- a/test/results/reasm_segv_anon.pcapng.out
+++ b/test/results/reasm_segv_anon.pcapng.out
@@ -1,9 +1,9 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00453{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1550422828,"pkt_ts_usec":553466,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00198{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","caplen":106,"len":110}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1550422828553,"flow_last_seen":0,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1550422828553,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1550422828,"pkt_ts_usec":553466,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1550422828553,"flow_last_seen":0,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":72,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1550422828553,"flow_last_seen":0,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"proto":"GTP","breed":"Acceptable","category":"Network"}}
00453{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1550422828,"pkt_ts_usec":949487,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00198{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","caplen":106,"len":110}
00491{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1550422828,"pkt_ts_usec":949487,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
@@ -72,5 +72,5 @@
00199{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","caplen":122,"len":126}
00474{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1550422844,"pkt_ts_usec":222036,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00199{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than packet size","thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","caplen":122,"len":126}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_tot_l4_data_len":75152,"flow_min_l4_data_len":56,"flow_max_l4_data_len":1456,"flow_avg_l4_data_len":916,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test"}
diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out
index 3d8501790..46000cdda 100644
--- a/test/results/reddit.pcap.out
+++ b/test/results/reddit.pcap.out
@@ -1,28 +1,28 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reddit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605291684451,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605291684451,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":451133,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="}
-00509{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605291684451,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605291684451,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":451247,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YUAAAAAoAL9INBoAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605291684452,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605291684452,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":452132,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjUAAAAAoAL9IMZSAAACBAWgBAIICql037gAAAAAAQMDBw=="}
00463{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":476073,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="}
00450{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":476117,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="}
01143{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":476610,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBgB+\/TpAAABAQgK1N1gIMLXMmwWAwECAAEAAfwDA4uuqSGlaYkrooqTrn+tpuwEFqHXve+KWS5sY0YZYzAtIB8Dy2r0TMEQAKyWvv37U3EEFg7M1cxOcqNinyfcEA7jACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACDpJ8gfLr7uFkPlmEjT3rwuxn7WZmrRa2l21mCLRvatFwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAJqagABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605291684481,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00857{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605291684481,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":481568,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="}
00463{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":485305,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="}
00464{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":485306,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mKYoi42oBJXgKSSAAACBAV4AQMDAwQCCArC1zJ1qXTfuA=="}
00451{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":485349,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="}
00451{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":485374,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="}
01145{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":485819,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDERGAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBgB+3VxAAABAQgK1N1gKcLXMnUWAwECAAEAAfwDA+FyaTy3gljlCrKoC8pkvabZPAdbXS\/HjqlTeopJ7igJIFs4TU2zCegfACNAAt1BZk2uYfR4cn7k081CAzn0Xsa\/ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACABIk96yyznUcaf6vVUimDnbh1HbGdPIENeRJowyIpZTAAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00858{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1605291684451,"flow_last_seen":1605291684485,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01146{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":486237,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBgB+0SGAAABAQgKqXTf2sLXMnUWAwECAAEAAfwDA8+KHdxMQ3baGhOy0m36F3JqRDzX4jcR6LxsIf9LR8+BIMkeD4Y9wR0SFsOkbLBc6vr02gpR5VUEznO\/yKsj0dCaACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIBic8D9Jh7IHJYeU9O\/BIKhKDWJdCz1fe1mvtpZ3RbQCAC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00823{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1605291684452,"flow_last_seen":1605291684486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00465{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551717,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="}
00452{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551719,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwiCEoHnLgBALMBF6AAABAQgKwtcyidTdYCA="}
02093{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551719,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwiCEoHnLgBgLMPJmAAABAQgKwtcykNTdYCAWAwMAegIAAHYDA4WK2WJO0ZR7EnO6BPviJl448BcwInpgzqlBAjSKQ\/knIB8Dy2r0TMEQAKyWvv37U3EEFg7M1cxOcqNinyfcEA7jEwEAAC4AMwAkAB0AIJB1I4RE9Xo4xU\/dhnKJ2RgL6fMdu7bKA2RZzKRl2bAYACsAAgMEFAMDAAEBFwMDCtrIVj2+84oKuMgDKTWDOxMPZHDYQ2DCgByI\/GiSLNR+VoYBiTvQUfeHMXNgGBDT69JdLTjOiSb5vMMC7lfsvyGm0WdC729y\/4m4v3I+gSYJCykvbYQDvrFjPP8jncQ7ylw3FTSGspv1xm4+n4p\/Y\/2kGW9Sqq7CfnfZhPRVsqhdzwzD9n0PwYuFiFc6g2edgU2hjjiWqQUkhZQ34uDAF1uH38CpIUv0C67HwFZRi0+6cRVjYfuxHVZ4SAL0LCEWB6vRRNG\/kRpmUzoa9TLWxUFSa81tHiiA7wGpyFkQtvfbWAT14Jfq67fe9UAXrYYyD5LEweHuJkwMmQLmCETM5Ig7O87n6ZIinpH9FEaSllBqoUEcfiENxo9UUepuJf5L\/Fmo0TygNptti3WPgZK+bm8HtAkXq6HjLoobPXqyPlCxDipAZL4Fh3no6wcmXEAT1n7XrJAB6ekU4Rvs6q2tMAb13JL8HmRl0+x2n5PketghnXv8aHBkmhTcVkyigBDAMqOuxS+Ljmjh7YWXW3XKXMvgl5g5846V\/xz8DM08ezT52nlYJV4hgspTinAJmITCOS5GpPcOnE3PrD2pQE+SZ\/UIiS\/XLW3bOwAg3cgZb8CMHoFIuUX3EF65KuAOL426wu3al5JLiiFSuex\/uu8KBQGqpoU1z1PwPKMsAtUhBVZ08FHhdWu16fItDZ523+9NBXasiBX\/GWRdKobB6CHhmJl4UacbbiVuPWyHqmgqz6pJyGRXbENoVOAyXuHEbmuM7CbJW6QQ99vOHpE32224XdNfl9mVgvDlO79zpBk5DGmdglitCaFLO11ek7BzVVoQIaxIDdOZDVpnqmPD6mpf8tZJZgVqbSKv6GROZ5veozd\/MMpmUGJhsax8mKUDbvUIEG3hXiLt9AC\/ANXqoq7bO8okbSueM3B8LP3u6kEIrJ+pXMU1rTKFC+ySoV\/zYgfp+tVkkb\/FKQvSrCoXhLB3PCq\/Vfakk5FDwaFd3FEIzNwvtGq+olysw6X3+p+rkkYa86oND2+7mInJAxIlL6Ut0kZzf96r8irmBzg1PeSu0JLAmQPJwgIuXoG9iHPZiGK3bxuY6Y8Llyp6AUsnlSkt9URG3OQ79H8XqV\/o4g2kWsN7utQelYyP3QQ5fIuPs0BthoFWcWuJCKiL7pkgxN3ZTwhoo1uwtWZlbVisU1xuG+fOXiB99Z5oStZ+eXM7vSxP9pK9n4O8Y3x\/rD1H81rtBnOwC02Dfa\/eCusZ9wrhW9bNCjqUUGBQKNLAaBqIDaNOWhIc6dMAPy11IqLlFY9jM4u7fRZ+KV+NBNVu1FaJ2LojwqXZOduTFLvjdsE11F\/5k0x418UrpSTl0md6Zshr+TGNPZ8ncjzH\/ZRxiqIX1t2TLRYZExr4qZNKDDohCT5GBVOGjX1KjhaewxNQPHSLPg=="}
-00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02098{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551720,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkxtiEoHnLgBgLMDriAAABAQgKwtcykNTdYCBwuUtMSqhG+Hmj3Dws6\/NCbC5OQax8\/umkeqjZ3QbwTVqI\/LUci6hw1wKN5rwyOLgjewXrSEEwRdj6WohImWZAniLKTa2sQExQrEpaPg2gWJxAh1MTzKEnDKPBjAV++GBWlGozMUTxDx5koQ2X9L7ymcUdazb36TemeoP6PuW60EmUteW0lniOX\/c2H+WdR2UVEO1RhpBI1jX05dQjSqIBSBr5JtQyV1Nn4B9Xde4NTKY5s6FTjmMpwGiKonQe4l7zsp1edivASLr8QIvtn5dAsJpIT+hCFc6ey3dvQu+2ii69\/+5HXUedLQmoEMqVi8u2LPqOZ5qFwbGhBrFx0CoN2O\/D+6XscKtD2LJnjanbWJJRSw43YxkdiDwT0DnsOe90m5DGGXuS7aBs60G4f\/7ithvH4S774CJF8Mmit0hpK44PJwi7HUmzH6EtJ5PuBlcCEktSuebYg+cB84ferLk9ZDHe\/rCsRt7U99kWFM6rk\/gYeWzWrO+0rFM9m+6r6u9N5B0b35URfdBnJ23aZh0F1EgFbGAFX65boVxfR+aL743pqvwbauTVRCgyfFgPRZ7TXH6q2cQTOPgsrUN6vMw\/Nh8qESeYQBx1O9WzN1WLxI5IiyadVLdepxLS1\/ly1XSfeD81yfFmsHA3U8KrbXRtSqVEct0Tqn4FyplZy7MmIFPKduKCZOMqIRike1IVhW4H+KTaJuPGatWfalJnLwRAtlx8w+fj8I+zbgbYSTehNj61WDFND4Cbjf5sRtMMxcGbltiYDCUnIdqYnu6EBaT5UDow30jSYvrexmpMQGuUn\/+Mnx47bP38D7dNOhTzguhE7CfRWcrahyRPTCPxo9QIhOUN266eHrGla4SktGFLBpT\/8ySH2YP9gTSZRnj8eLHi3pytyLy9iMGVd4D5OmoyBWfpqzk3h5aX1eklwGZq9L5GUlUTBBCb3hNGXxVy4I0w\/sUfoF9gmPw3jZ8IWSl9XnccXFkmy2f\/N8e2wTFiM5Ps8gIdLE1vidNX808BSlSeW2rypL6dkulzg+padsz0YuBIkqqK8wuo479mGteK2hbpKai2W31mGZGXJO5mw0nw5NrrUvADWqZMZj8Q1UIsQzE2dT3QcoPInZRrf8ofnFByC7\/s3hC17vMOxU+VOMlp+rCparXc3qIvjp79hq++1jNInrQqCGJ9LhZqWn3enjSzf3MVdbLvlUTWoJ\/JillypvLZKumgxUrdPzErm3WrYmNYx\/P+vHCre\/SgQB698AyOvoIDSl4c7oPRR3BCvDXqFVGfbzByB0onkww9NdrANor\/fKVvW1xUPdg+7hWS5\/Gze7qdZuLO\/k71+diUGtU1TFgajek5\/25LfdakDe0Ggpmvh0vXmz0oFJjt+W+bb\/ZOvLZVrTiqsCg6uLymG9xkxkcFIUvGxNu5Y+oPHfQ\/z983WC5YIs\/N3KVF14hV18i68xquF9QQOE+XM0TuHuGYH5x4UGRF7v+PtAq+ULt6rEKACpdW88og6mJF\/HYdkNI7dfxVA5hPDSjbRlh4gL+dTCxLz3a5UZBmffFi5mE5eduDdLdQ2OMp11Ka00T14cf5\/dh21Uvyi5JBOktcEaxavglclFUmjg=="}
01132{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551721,"pkt_caplen":586,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":586,"pkt_l4_len":532,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhQGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWky5CEoHnLgBgLMF\/CAAABAQgKwtcykNTdYCARp9Y1GkdrUAhVhcIw0EqIoQmCp6NJaNRfX73OnhFB2Jr7TAAtyqqxuLgc2arJFSQXxRmoSHfVkBjgDoEeWr6oJywHLeY2paZ+JwV0cOXGhZlfh92iIeQzRolyKzpZXgcwWNU6Yqfn\/UWEJq7kiTCu4Vh+0IhdwT5LOo718RMZj4xIKmcFKxTsnYmy1FBFRU2jC91Tif3G+CjNK0MFk8wVerUZkAWcFpngd1SaH1I3K2BPcwDQbwNSVXH890orGlUAUGb284YXic14pz4txZAy9L6n8Pq0Xfc4PSYN7wQUJDI1yLRfqERnT2mZCsQTzVdqRSgjOV0pnIaDds\/8jwTZuMneHy4Kd2\/9shu\/jYYSMLlNeygV0za3weB7oGmDk5vqv2EAnBPuJqfoTttsdHuTdOmRHRvvj1rvJMgVvomNBhmDhGKTT\/pj+wgBM00TLlhS17mFrqB7vck6x3+uuDabSxRBByyT9VCdVfUS3aO7zW4z52W\/2W7rU+a8ND\/VOkeObzZ+ylBrB+I0LUNN8huSB0\/dP5o4BPrCYsty5PlLxNbFD42FXVWqKKXQl4Bji7XU2UmAQyZTKAzTAcvB+S0SzIS781NoG1bOW8etMbVwpTBy6pDm2xgU2MncgCslvuK+4kxTQl+pKYcSKhL2SrCZfToE5w=="}
00452{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551721,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9HimtuLgBALMF88AAABAQgKwtcyodTdYCk="}
@@ -32,13 +32,13 @@
00452{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551851,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4SgecvlpM2EgBAB7w8FAAABAQgK1N1ga8LXMpA="}
00453{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551898,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mOYojA7gBALMB0aAAABAQgKwtcyo6l039o="}
01860{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551899,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mOYojA7gBgLMAYfAAABAQgKwtcyqKl039oWAwMAUgIAAE4DA5cXHYHmYi5ZIU5p\/EBIxaUgqTosV7dgrwyjOTcYllxRAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK0QsACs0ACsoABiwwggYoMIIFEKADAgECAhANHffE8Agd\/Q1A66O6NFNxMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEVMBMGA1UEAwwMKi5yZWRkaXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+maVKOkGuIpLUWBcrOoi0zOK7ui1z2eaWzzMtForAMdGnBV+IZaQtyQ5++Gfv1TbOrAOKUntMp6luNeClruZSCzltfkOpk9eHJ9XWEUPrpFFCLbBVu91sl0EYvdWsplUlEgilO1zdDXr0UiyU0ptz14arWfA79ESEjl3EMIcCgfAumn5d9uOQEkbOWAogF0Ed53rsoVVQoW+HVFVqdUlQ0boiQBdec9lKKDB8DbAEfdCC45zVjGzA8Hhw4fmx1l4AlDqP2tLE2qNm2GhXjctrmexVjFG2t4nyihXllf92wvsEEGRZ8X9pxVJTd\/tfteIXPbe+u5DIE1ApPYcpfCBwIDAQABo4IC6DCCAuQwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFHHgUNHngFL7IxRlnUOnjTGqVmkmMCMGA1UdEQQcMBqCCnJlZGRpdC5jb22CDCoucmVkZGl0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj"}
-00879{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01871{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551900,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL2nuYojA7gBgLMFaKAAABAQgKwtcyqKl039plcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSzGvAAAEAwBHMEUCIA4cEDk5PHlewpHzj26HOiQYpOqP2omD5+Ok3XvOGjvLAiEAscSe5jGq7+A1eA9CosURVXiFG10O2uG7a3d0exugn8YAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSzHWAAAEAwBIMEYCIQCxbG96NckU2JDBIgJPBbdq8isaryVs6CFbEIVpmICYFgIhAK4\/cwv3QOvL6\/r1eBSuNjH8ea1wkWPPafYHa\/T2zS4cMA0GCSqGSIb3DQEBCwUAA4IBAQDJdKHctElcuqyCkmp8mpTUGkGnB3LVzx6AlsMpQm1P2E\/FO7nlknf9cCDmw9zsWs4Vwy0WyWm2VITQHFibHvPRL9Dqdq57g8bbFomQLOayWwM4ymsEk1sOwkg9GmGUttJoxtFhWMTaKNgiwa1KzMnOenD0aOCisNjqYwuAwjXNR4prj\/NaGsDOdAIquq\/5ysyZ9ZTflWiVnQbilOt4e\/blGzRhaSd4gTYdYkgV\/84UmKwjSekYiL2ioVV1mVoDRtSfMV9CdwjyekkC849Oi21tKfCnsyl+9Ipp3oESKGdNZ5966KOZhQo0yght\/ROeeRQR8c5vS0fKeKnkHGBz240cAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza\/P96"}
01865{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551901,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL3pOYojA7gBgLMM8PAAABAQgKwtcyqKl039qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMDgwMjAyNTFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQDR33xPAIHf0NQOujujRTcYAAGA8yMDIwMTEwODAyMDI1MVqgERgPMjAyMDExMTUwMTE3NTFaMA0GCSqGSIb3DQEBCwUAA4IBAQBY+1SnH0u3ho+Y8niHMzRj8wWXBoT45DsNzWXZsZidgbnEjA4\/L6gnKwvitI4d+SX6Al6xofYE"}
-01147{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_tot_l4_data_len":3933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":491,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+01158{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1605291684452,"flow_last_seen":1605291684551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
01152{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551902,"pkt_caplen":601,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":601,"pkt_l4_len":547,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAiMGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL4quYojA7gBgLMFN7AAABAQgKwtcyqKl039qMeNOajMtxBxZ+LVRuvUxmRODoEmjzZpUwTQHXVXdAaqEqvizNUSG+LT4vLrN7\/K4TwkEU6rRjdvl7TGJTrtCTMr2vchF3+WWRcRrbCxS19I7FpLOu0+uRp0eAJTMGW1sjp2Tl1N1sPVLUR76tvsG1UZjWq6EozImj5ue5\/NjN5pIuabHxZABwArW3iblcTRJthPe\/eXEt+vWXP7bK6pfiHfdKhr+WbtteQ+gSEhA1KkKMKnmBC2LheG29uhxtvvQ3X+xQV+7F9j4WAwMBLAwAASgDAB0gUTna1j4lwYhBFGWWa3rD\/TO\/Qx+PVAN4dBArFbBVRXoIBAEALKSfhTE2bN7816BFOLtPArPedh19RaOBDyr3wDzf1smx+1mQPHNSN0D3MM9JwGT1qQiHaIZZbMTp75jHhm4G4FLrPteYlQAKJdRJYqWyRv3jsnXyDlsX8LL0fdoPwctVZI0OyKyhoHU7FCI26Cq22Te6wDY22ejjl9awmnY0KF+pE5vJg5g7j8I6i8ho5YnVfJJ1tF1Gk+gnoOsNUFiY27\/h2sEtRRc1Q0JYp\/oS0773pL6HNIpk\/irLss34OZ5ss0rOdXmaAzqAz43ymAUR4dZAo3xlrkx4JcYMFyWfCuyJazPitBLY1HHtUwvVP55N2s15xeiqd8MohRr4fochUhYDAwAEDgAAAA=="}
02094{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551902,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9HimtuLgBgLMAXzAAABAQgKwtcyqdTdYCkWAwMAegIAAHYDAyxqQCyJ+\/p9v0sM70GdFaOaA8i+QB+JpxEaL6zCVpBKIFs4TU2zCegfACNAAt1BZk2uYfR4cn7k081CAzn0Xsa\/EwEAAC4AMwAkAB0AIBYmxOm\/pN4Cm7\/ObCGR\/lswQqVl90+9TVIwu8O5aiQgACsAAgMEFAMDAAEBFwMDCtudTTt5WWpl+4ijjJgv20GlbsMfX+lCDDrP6YV8fCHm0ONTkUMeEqZJDXqI1naLsZQBnLrGuEGaIFOk853uZeOzG0Ca3zjOsj+vWFop68psOZEJApD2\/DvhOPxFhzGnpqjPubT1H+7m57nKQ4IctTxJo\/tPG70UFIPodqVCdiZuGXFVz4zD7mNXs3TfnxOOfOYqvUeXjncdKc315bOCViyJCdTlJz\/1a9DylcbzCZRH6UR87vY0CXjZIeg4hUcZEtJblnY6B9pgurj3zbTAzqKq9p23EB0dBZXIXmsUt9\/NjVzao45gvSmmRg1Qd2UOkuiHcWQS8ZUtX1qot7Wg0pwedVV1Sc5sSfT1qbzj7Ve2opjgQHjUCi3F6vlmb7uGdbgJ3aEj4lV69VjvsLSbQtuNkLDFdlL1n15XcyAp0vaQX1xa34pvvt+tKTuNnFMCUIMBN1NMWq+MlR+NgkCNk4locp8Y9IatedWbHWAtpRQ51YahzmdbFVZ7alpGIe1kyN4tGpAO2qwGszRSkhNSZ9Rt1VRSrlVWkqCse4PcqdGejE6eik5DHL5D7av1bjCIIdZD5bQH1Mq07s6B99mcvxcdS6mBCD1HQv93O6oJM3gdavwknMr5zoRKMj8LHJ8BfZrb7mZfSeuqjo+WYV\/Glo33uInHlBxxyGt+WV08V1NrDHN654MV5ahK1BXYdgi4IZMY\/ng8CPl79Ap\/Ix7w5mcxw5dj6cPnpdOwbeSCOyvTnN5+deonvkUBcDq\/HgBOt9dNZkQ+GsgMkMBB\/7JaTWrFYG9SJ9ihEuZEFDD414BV1x42himjhKK9ApA7OjhaZlfnjX+vs+NpvYA3AVFny+rlvYKpt8I37b5cuvdJ5sbtvKsdRzYoR2uX+E4xfn0FjfhxcLJsYxZRPcrQc388Km41v8rtTQO\/UURrRRIzvNA1r9cPfksh9aFtmMB3JcG451tb1JiUmzY+D818mZ35G3QOYLCq6k0lS3X+IbxlpmiopNwBPWa6kIF7zEBwfunqGrb8h8waLfz15Wqv8daSc6Ikqrt3Id609WGS88VxSls322AXHOxELyiu+ZCxCwW0pwsC\/zab0tfdz0a5wyo+P9BCLAB\/xtvH\/CDcaRoqw54Bgpk8aI\/i1I22o\/wUWAtuzDWjY9lhXEPXoaAH58XB1TZyrwe4hZ5xxchIXExCIjo3QHZUN+iSq5JWEn13NH3ebbZxg9fQMycOGMgmuzIJQA1hbaQwTEMY\/daldRnEz1Gl00yS90G40it3uHQs0I\/2aJltesvwSPWxuNGlupHRwAlQ293daGvFDd0vMIVpegje7PMNSaEZh6M28BIkRS5QG2Vg2Sy0rbRQdva4\/CoKDtRQlTJh\/nfeXOotzjLDP1BpTSRhLxZbmuEtlVR4zSNccqxed1Tv1fvR7j7JsvG8rQ=="}
-00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1605291684451,"flow_last_seen":1605291684551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"safebrowsing.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02102{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551903,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUHInimtuLgBgLMP8XAAABAQgKwtcyqdTdYCmDoP62bcLLuA9jzCFA1FiNXVBO5u1qV1mRXZIQr6EFYs9Wiu1EouFhjMSNmfFN3PuvxsyARWZ0+vRcBCXqcC3nVgxVzfzZwvbnsBsbIhY74aO91ydALgk++mTkxcbx+S+yhU9WtXBlamQcc74+rqwP9LLjTvQoOeQPhEQ0UIvKQgz5+RvbhR3Je37qiHqpbXF5mc\/wSzeQJy109TACDbryuxld7HCP2d0cHz\/3lNp5j4+pAwirVp48aQKy8c9C0a5wMGx0UDYbnTpFOFqV8BGS3\/szTdivdmDH23XxCapNuRlZLz5gWftFqMKHZS4xNcTdm2W0zvRSj\/ekslvXyJA4YBotb5U9eV5RCmuqg50gD20m5LiAAevCnMyUcoYBko8toAOx4zZF9y+qOBgpFUPpc5DsW9SrKXGt6\/zjHfWEiJbOrNjQGsWg8o0BancXKhQM7J2lnq2s2YADmted9hLRvvK2dQvtIMMY3OQqU00Kh\/PzzTQnkdrD7PgmyYPuV4+Od+3\/cdkDRoaA0Fa29wTx\/6kohDuDTHiM9OKNdT5yEOBkJ4rpSpJjC5bVyuCPeaE\/jtoxPnMBPiUuIhuEYlB\/OpMk+td31HHhdA7Jx878d\/UdvH2Nneo93AgOtD5hAhdO0Mg1\/Zce8w\/9Mmfo7ST6Lt9lYtu24aneeou9D5Ztj+5ihfSmfnBd7PEZ5mMhaaHBTWR8GnKdjJdPKcZfdA431ocim35S62pCRzHM1YDxJZwcfb6NBrBcUd\/0hATFv\/vckj\/qWixJtvenBZCvhT8TI0bzuYJoLD7\/QkyGJNaTfRLBoG6Jwj07U0YP57stYSEj4B1Cde\/uIWsNxtzKxpijoO\/vCPwjefININSmV\/\/E2xF9vMSbQqz+A9tiW8KZ3iccmonsvVzU2gMju1qftj8\/O7c6Nx9e0vS7LXhl\/VnQ++6TAzO\/YkHDM7TDlTUyk859b+azgY2U7AOtiZ3P4qsjLgqu9HggXhlzowK6COZMGCl5e8cr9c9DJJoKv4k3P2IYpaw6uEcXbqDojaObPh1y\/cFl+MA9QpXAUZoKFDb+xOMJOY9Ox1pdkZB38+J8tpgcXED07TenIDm7BTKLNkKSo2T2PK6ChbUUJm4n8MM8mgL4BUwqg5ULsiHj1kUbhH1kR24gZOOfdHMiW2t2ru2Q17Oroo25MfKQwZrcIsPzAEuIcQYkpwkrl5GIuARGla10OhO49ZFJm45vpTCAm5uwpx4yCHDb+TtuY5IQrTI2rNOMFmJofohxVShcFKhsWRWvNOfjzogaqJEkN3eXvDwS0x1GH8tUCOc6kl81\/em7C64GTKVU2NH9Lg9143C\/MzMFP1Jb66rAOoJssb0ZGXyTpVYnDzbz\/TEByO\/2EMuVkPP272o8A8t2Houhndcsv6+rYXIjLeArjSua+hAvtec0cKfAbi7QZ80iRFCPbg0XeDEr1NwJryoKravwaLFZrfwTyFik46nJCpBN5RSGaZ\/fJSyIGK2ssujYPwArANArwfy9hvnqQZARpm3JA4uF3yUnxEEwa4dysEZb\/JRNlPq7858L4lj5rGXUTWUVJC3iU\/sLqjz68uZsMlsSEcZ4PnSlRDSk+bQCkw=="}
01136{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551904,"pkt_caplen":587,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":587,"pkt_l4_len":533,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhUGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUIUHimtuLgBgLMBXnAAABAQgKwtcyqdTdYCnRUSyaXq+o1Mz\/Na5UOuD0rOmyUGf7wnkHbymXVp\/d8d3Mw0AejjunEvbXo9vJmIj1l9NGmuTl31icW\/h0ktkPwt2IxJYT0hhUB5lXYirLj\/A44IxLCgoiXReuGd7GuLULAYrkUe2eI3A8SNESnaPkHxyJqed6ssBsC74ZKLTFvfJkpNtTyTyk1jNi4uQrxgxNnH\/Ok6elqDr0iXf1EjYPDP6wK6dhguLJgiYwT7zTTfGOkVLeNPuJ7t0qWhVg7asWffkr63bEx\/VOh0QJ7ZVJpq+36hhxV+MzRoqz3kGI0sy7mmd2yMmKyLH9+H0Tuvgf73MdrzUKX2OmDsrr9af6nwVxFlgG\/5PTYCtkVrtrNQwICPXc8fNV9EzTcFOu0i9Emt4Z6HUm7hgbikLi1yamdHN+WTUTDX2YJ1lgDdaVYX\/j\/oQRoCLNAtmXPmItCAc6ct8j2GmFHANterOQdyjJrlU\/Eg1p2W\/nq\/YVvClol7NxmrJpzRKbKA74lQvYnSNV0FCVzaa13poxEeSaw\/ZkzumAKlXuxQXLtPG8FndFvIViLfD1r7usoVqkna0txXX3QgUHdQ4XoeZD5Xfr8mm465wixwDj1JuTHWYHKY4wxB5BUssqEKAQ1qW5zrj2duWhCDU2IE6YzQ74h1rWe+xfqsZ4z+A="}
00452{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551915,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiMDv7y9p7gBAB9SH3AAABAQgKqXTgG8LXMqg="}
@@ -49,7 +49,7 @@
00452{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551956,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka24uCVCFBgBAB8l7AAAABAQgK1N1ga8LXMqk="}
00452{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":551964,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka24uCVCM2gBAB71zOAAABAQgK1N1ga8LXMqk="}
01145{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":552325,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBgB+0E5AAABAQgKqXTgHMLXMooWAwECAAEAAfwDAw2h35lTVBAJkyl1sZ6N6s5zh+HfO9Ai8hcQ4PFn0odDIC9Ixzbj0OvUbX513zU9YxMQBwvxWo3A0lte+Tbf\/2RZACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIGqjGCo4hhSEqfk8mIsYygfLmwI2pMth38dwgmqFwWMRAC0AAgEBACsACwqamgMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00823{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1605291684481,"flow_last_seen":1605291684552,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00538{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":560628,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZAGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4SgecvlpM2EgBgB9UkkAAABAQgK1N1gdMLXMpAUAwMAAQEXAwMANcqXWVSmzEyECPE8WpHXySUT8FrR0ganY2UOLc0YplHZnp5O+ckAO073diJltWHpbAIjMJ0I"}
00539{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":562938,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gDERGAGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka24uCVCM2gBgB9cE1AAABAQgK1N1gdsLXMqkUAwMAAQEXAwMANf\/NSaUukGHnTscXkQgZCZuAMgmA1XRF5gtJMX2dCABEH+DW4SffxztoT8vHs4Yz6EIwoYiC"}
00580{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":565144,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiMDv7y+SugBgB9TMxAAABAQgKqXTgKcLXMqgWAwMAJRAAACEgb44jejT1SBb\/bvRTAPQylKfYT1DbYwYMDvmmfnJPbAUUAwMAAQEWAwMAKAAAAAAAAAAAL7fQQfxjOogXK9MM2ISbQ5Kw2RaljMRvG38yXhUWUus="}
@@ -62,53 +62,53 @@
00453{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":589657,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUIzbimtvLgBALOFMGAAABAQgKwtcy3dTdYHY="}
00453{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":589658,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUIzbimtvMgBALOFMCAAABAQgKwtcy3dTdYHk="}
01860{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":592780,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0ucRew0agBgLMJgkAAABAQgKwtcy36l04BwWAwMAUgIAAE4DA53x3nWSjMa1g47mirx7vPuqX52\/rKihQPtzIOJD+aCaAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK0QsACs0ACsoABiwwggYoMIIFEKADAgECAhANHffE8Agd\/Q1A66O6NFNxMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEVMBMGA1UEAwwMKi5yZWRkaXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+maVKOkGuIpLUWBcrOoi0zOK7ui1z2eaWzzMtForAMdGnBV+IZaQtyQ5++Gfv1TbOrAOKUntMp6luNeClruZSCzltfkOpk9eHJ9XWEUPrpFFCLbBVu91sl0EYvdWsplUlEgilO1zdDXr0UiyU0ptz14arWfA79ESEjl3EMIcCgfAumn5d9uOQEkbOWAogF0Ed53rsoVVQoW+HVFVqdUlQ0boiQBdec9lKKDB8DbAEfdCC45zVjGzA8Hhw4fmx1l4AlDqP2tLE2qNm2GhXjctrmexVjFG2t4nyihXllf92wvsEEGRZ8X9pxVJTd\/tfteIXPbe+u5DIE1ApPYcpfCBwIDAQABo4IC6DCCAuQwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFHHgUNHngFL7IxRlnUOnjTGqVmkmMCMGA1UdEQQcMBqCCnJlZGRpdC5jb22CDCoucmVkZGl0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj"}
-00879{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00890{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1605291684481,"flow_last_seen":1605291684592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01871{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":592781,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo1v8Rew0agBgLMIq3AAABAQgKwtcy36l04BxlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSzGvAAAEAwBHMEUCIA4cEDk5PHlewpHzj26HOiQYpOqP2omD5+Ok3XvOGjvLAiEAscSe5jGq7+A1eA9CosURVXiFG10O2uG7a3d0exugn8YAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSzHWAAAEAwBIMEYCIQCxbG96NckU2JDBIgJPBbdq8isaryVs6CFbEIVpmICYFgIhAK4\/cwv3QOvL6\/r1eBSuNjH8ea1wkWPPafYHa\/T2zS4cMA0GCSqGSIb3DQEBCwUAA4IBAQDJdKHctElcuqyCkmp8mpTUGkGnB3LVzx6AlsMpQm1P2E\/FO7nlknf9cCDmw9zsWs4Vwy0WyWm2VITQHFibHvPRL9Dqdq57g8bbFomQLOayWwM4ymsEk1sOwkg9GmGUttJoxtFhWMTaKNgiwa1KzMnOenD0aOCisNjqYwuAwjXNR4prj\/NaGsDOdAIquq\/5ysyZ9ZTflWiVnQbilOt4e\/blGzRhaSd4gTYdYkgV\/84UmKwjSekYiL2ioVV1mVoDRtSfMV9CdwjyekkC849Oi21tKfCnsyl+9Ipp3oESKGdNZ5966KOZhQo0yght\/ROeeRQR8c5vS0fKeKnkHGBz240cAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza\/P96"}
00452{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":592908,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7DRp06Nb\/gBAB9VY9AAABAQgKqXTgRMLXMt8="}
00451{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":592921,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7DRp06NsXgBAB7VItAAABAQgKqXTgRMLXMt8="}
01866{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":593083,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo2xcRew0agBgLMAM9AAABAQgKwtcy36l04Byu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMDgwMjAyNTFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQDR33xPAIHf0NQOujujRTcYAAGA8yMDIwMTEwODAyMDI1MVqgERgPMjAyMDExMTUwMTE3NTFaMA0GCSqGSIb3DQEBCwUAA4IBAQBY+1SnH0u3ho+Y8niHMzRj8wWXBoT45DsNzWXZsZidgbnEjA4\/L6gnKwvitI4d+SX6Al6xofYE"}
-01148{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":10,"flow_first_seen":1605291684481,"flow_last_seen":1605291684593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
01153{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":593086,"pkt_caplen":601,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":601,"pkt_l4_len":547,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAiMGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo3y8Rew0agBgLMEp3AAABAQgKwtcy36l04ByMeNOajMtxBxZ+LVRuvUxmRODoEmjzZpUwTQHXVXdAaqEqvizNUSG+LT4vLrN7\/K4TwkEU6rRjdvl7TGJTrtCTMr2vchF3+WWRcRrbCxS19I7FpLOu0+uRp0eAJTMGW1sjp2Tl1N1sPVLUR76tvsG1UZjWq6EozImj5ue5\/NjN5pIuabHxZABwArW3iblcTRJthPe\/eXEt+vWXP7bK6pfiHfdKhr+WbtteQ+gSEhA1KkKMKnmBC2LheG29uhxtvvQ3X+xQV+7F9j4WAwMBLAwAASgDAB0g6VrN\/S322rgYZ5yHqLO3+y7qv6+tbXE1eDijdVsDmi0IBAEAaTTRefij3djMnO7xsayTw9QxDTguuqktQM1w1SQOpPtuuIiGWRGD0TsI8Mah2oqxYld7ORzslPmYlUNsc3vufXw7YBmDG0VIx6qBAcNZNK9WspF+9IsVLonjyjHDbMY4giUHwDanubqtRmAXYbzn4ycsNcxsNMFLXWr8Gjanu81C4Ptt6UU1LBqbaEBkheeQYzM9+zTahkvzmfeApRGkxcs6npQjvKiW\/Kay8+Z2hHmK+aD1NebHozbpudcTtJquatolSbn2PMihTI0n\/XFUK1ZtJOYVcAu9sPh\/Zhfrs3F1d3VSktlEeYsh5mXdA\/4gcFjg9NhrdJnW+luLHAodvBYDAwAEDgAAAA=="}
00452{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":593105,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7DRp06N8vgBAB5U4cAAABAQgKqXTgRcLXMt8="}
00452{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":593136,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7DRp06OEygBAB4UwdAAABAQgKqXTgRcLXMt8="}
00581{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":595476,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7DRp06OEygBgB9U4+AAABAQgKqXTgR8LXMt8WAwMAJRAAACEgLCeuk0qqi\/GOnYAOAtlcQKOyjvGtBdId5ZCzGhWhjkkUAwMAAQEWAwMAKAAAAAAAAAAASNVaMONVPNQkwi1QNatfiTayCgn\/ib7d+PoSyIjqcPA="}
00455{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291684,"pkt_ts_usec":654505,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo4TIRew13gBALPEI\/AAABAQgKwtczA6l04Ec="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35717,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35769,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy4AAAAAoAL9IGaWAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35788,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQoAAAAAoAL9IOFQAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35808,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUsAAAAAoAL9IMleAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35833,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YysAAAAAoAL9ICkLAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605291686035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":35852,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVasAAAAAoAL9IGuvAAACBAWgBAIICql05ecAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":60608,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NYAAAAAoAL9IMKJAAACBAWgBAIICql05gAAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":60634,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXMAAAAAoAL9IIyvAAACBAWgBAIICql05gAAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":60652,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx4AAAAAoAL9IOUhAAACBAWgBAIICql05gAAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605291686060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":60669,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg34wAAAAAoAL9IKbfAAACBAWgBAIICql05gAAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":64532,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2EAAAAAoAL9IFHtAAACBAWgBAIICql05gQAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":64563,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiEAAAAAoAL9IB7eAAACBAWgBAIICql05gQAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":64586,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXsAAAAAoAL9ID\/VAAACBAWgBAIICql05gQAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605291686064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":64604,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowUAAAAAoAL9IHbXAAACBAWgBAIICql05gQAAAAAAQMDBw=="}
00465{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65673,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtDxMC8voBJXgHBaAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="}
00465{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65673,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqHg8cyAoBJXgMyZAAACBAV4AQMDAwQCCArC1ziiqXTl5w=="}
00453{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65686,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBAB+\/RNAAABAQgKqXTmBcLXOKI="}
00451{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65695,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBAB+1CNAAABAQgKqXTmBcLXOKI="}
01151{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65815,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwLy+VrQrRgBgB+3OgAAABAQgKqXTmBcLXOKIWAwECAAEAAfwDAwyYN5j\/xCCsFbpKYtVHaXLKE\/uA+b8YhQZ6Wm2LZTmgIPoHYB\/uf+OrSqApvu9853Fa+\/5VUFSQ+FaXEGdGe73hACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AIJ5MVY1Z5Rq\/dBprPM2ILEA\/hIQM9DFSL5dx91jq4B4yAC0AAgEBACsACwqamgMEAwMDAgMBABsAAwIAApqaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01144{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":65926,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzICEjDKigBgB+2RhAAABAQgKqXTmBcLXOKIWAwECAAEAAfwDAyTHZx4qb3bBrOacHhZtS+1GUX5Pd7PUT1gIoicQvfi1IPzlLoIP7lMDiOGt7of6RT3QLPZeDP+s3ApsOtToHZNxACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIBifHQCYA46ivQXso3MK0LYgDzXz15M9qgqtnACz0NtiAC0AAgEBACsACwo6OgMEAwMDAgMBABsAAwIAAqqqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00465{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71075,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHT6uGMsoBJXgOg4AAACBAV4AQMDAwQCCArC1zipqXTl5w=="}
00465{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71076,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhBwR01MoBJXgDmIAAACBAV4AQMDAwQCCArC1zipqXTl5w=="}
00465{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71076,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX7sl7kLoBJXgNeBAAACBAV4AQMDAwQCCArC1zioqXTl5w=="}
@@ -116,18 +116,18 @@
00451{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71097,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBAB+711AAABAQgKqXTmC8LXOKk="}
00452{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71101,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAChDACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBAB+1tvAAABAQgKqXTmC8LXOKg="}
01147{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71202,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4YyyemEx1gBgB+7O0AAABAQgKqXTmC8LXOKkWAwECAAEAAfwDA5rJlA5wvxlyOOzY1QWQs9Y+MbP6uFJB6UOK+IyAcMcIIJKnHsVYD7m0a+U9PO+XZpcJeMZFPX7U2Eztmo3CPcbbACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgqKgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKSoqAAEAAB0AILIzZXuFCF2kUhuJMuKGx3A2g6Ss5IpeuXXloYIbe\/ZEAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01145{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71324,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCVbzAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHTUwUASYRgBgB+wWrAAABAQgKqXTmC8LXOKkWAwECAAEAAfwDA6nlTOwnjqrnVl5yuI1Ks79C74XWx+O2oOTAbeO2aN9OICg1U8dRUVXILSwRLrRyGqyt0yhPDVWC9XfpxF3PvsB6ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIB8c9P8A8qz0IF+PTdkCJlCO3fTtMZ9aL3pAQTd4K\/8UAC0AAgEBACsACwqqqgMEAwMDAgMBABsAAwIAAqqqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01146{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":71421,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAChDAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuQuOjCV\/gBgB+wgeAAABAQgKqXTmC8LXOKgWAwECAAEAAfwDA7XecZSyIi1V1EshjdefUR6Jur4mAK6n2qRyNLgxIyayIElAt3tGSzVAaM4UMvIvnmVZMDtcC3g\/fPa8ngjS2vVAACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIOYGrt0vj7XR6tD8KT6zhU9cFgDxLIaPkqiBK4j7VzFAAC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":72675,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/LFklWsoBJXgCIUAAACBAV4AQMDAwQCCArC1ziqqXTl5w=="}
00452{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":72685,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBAB+6YAAAABAQgKqXTmDMLXOKo="}
01146{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":72857,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAreKAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSVayn4kvzgBgB+0RHAAABAQgKqXTmDMLXOKoWAwECAAEAAfwDA1o9ioyYN6mmAmxKnXHh593sz3K9KCITZ6Fn+lYGqaRBIGFgq3bkszM7iVgGCyOZdKniRwtNXhNBGl\/550R+hhXrACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGQAXAAAUd3d3LnJlZGRpdHN0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAiamgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKZqaAAEAAB0AIFrTKhIHrZdOy+j7+NARCA+xQZ+BmI+K5IoXoFjQledEAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAioqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605291686084,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1605291686035,"flow_last_seen":1605291686072,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605291686084,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":84924,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHMAAAAAoAL9IHHJAAACBAWgBAIICql05hgAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605291686084,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605291686084,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":84954,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbEAAAAAoAL9ICltAAACBAWgBAIICql05hgAAAAAAQMDBw=="}
00466{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99352,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0EwGjpsfoBJXgFyoAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="}
00466{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99352,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4V8rX10oBJXgNWtAAACBAV4AQMDAwQCCArC1zjFqXTmAA=="}
@@ -136,11 +136,11 @@
00452{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99405,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBAB+1mYAAABAQgKqXTmJ8LXOMU="}
00452{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99409,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBAB+4AOAAABAQgKqXTmJ8LXOMU="}
01147{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99570,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOmx9iS9BNgBgB+2+iAAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDA8uUta0uBx4Fxq7jwol0GcBOBDpnX4U9m55TrPceI0IhIFEtV76qL2jHwvf4X\/jOVntcfpZQsMeLDB6NEKcAWMfNACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgANjZNFFf1+t\/rj1DUoPqjjHILkO3yWwudfC9Y9G11hAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01146{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99717,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytfXQZm0eGgBgB++qsAAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDA+xBE5HWK3vXD3rQB76Je12jBHDOAvJ1OsDdCdf7250MIK2rFy9r6akksLAlYpDl9Umc9HulF24sDo6Oaq\/unKMqACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgwSO5D18N3UJlGFo2ngAMFZnAZF8yiV+4DoIzUIX6JGkALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgAC6uoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01145{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":99811,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1NeMsOPUgBgB+3R1AAABAQgKqXTmJ8LXOMUWAwECAAEAAfwDAyz3FJWIGb+4j0TH4HbH5fysl2zEg7l3CNO6pgT+aRLDIJFY0aSgsZzUYIlmL6tHUwGBKm0vldxr3gkmVsdcJYKLACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAm9uRJ+FA0NAboWl4pN7nfbQJC5lBDzsCBcMRgVbPlIALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACKioAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686099,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100609,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IeJd6tioBJXgCN0AAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
00467{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100610,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6UAYN+NoBJXgFfrAAACBAV4AQMDAwQCCArC1zjGqXTmAA=="}
00467{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100610,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcUBxWYioBJXgB9GAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
@@ -150,26 +150,26 @@
00467{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100692,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8YZci18oBJXgKFLAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
00453{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100697,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBAB+yU5AAABAQgKqXTmKMLXOMY="}
01145{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100785,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3q2LoDvCIgBgB+xTvAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDA+4rEWoD2S7prdk0mAkbCbz9OAUfkZBI4IF9dVBNcGrjII4pXVZ09KrfaYtjFSFfkXaLG3KyMXbQwptYN7z2pKjvACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACBezRVw29zCPI1rNVsRPhgUYKPeoX8z4m7fd2omUSmBZAAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01149{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100889,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg341lbJOmgBgB+8IAAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDAz44wxNKK\/NmCENy19IstQwUOYfLIsCmy1HTB+ZnxXBWIOpRUF6jXLeEhErlOcKJeYoVVkgrMryC\/u3A+OY8YDqrACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAGwAZAAAWc3R5bGVzLnJlZGRpdG1lZGlhLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgthdDCBUKTQpaJJwGm6HndDmBR9mA0N\/zcVcubLV2InoALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACSkoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1605291686060,"flow_last_seen":1605291686100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01150{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":100989,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFZiJj8EXGgBgB+w\/dAAABAQgKqXTmKMLXOMYWAwECAAEAAfwDA\/xnn\/TajPOsIWf7ZuWna3vaZajQKdMOe\/1ScZVbv3E0ICjbo+VqdfAny10cV6Naq5nwKIICz3wRpv5Bq28N+oa9ACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACDVsGI25kl8JkmazH9JA6mvPzRMtadK+W7sW\/fRvpFrTAAtAAIBAQArAAsKSkoDBAMDAwIDAQAbAAMCAAJ6egABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":464,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01151{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":101082,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyLXx84MvHgBgB+x\/BAAABAQgKqXTmKcLXOMYWAwECAAEAAfwDAz6SDTaBPPoxlu\/6nyTmclibqATJEMVKR2GfYD\/wXr0NIAENzqDXq8Wo2Bu1hnYnue89pYme7\/8\/HVUKT7+0fWNUACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACCGO8UoFeFs5DFn8Mr4+C1HHCBuj\/ATUm2KisMDLC1sOgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAJKSgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686101,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":102919,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/hs46MGoBJXgG5nAAACBAV4AQMDAwQCCArC1zjGqXTmBA=="}
00454{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":102932,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBAB+\/JSAAABAQgKqXTmKsLXOMY="}
01148{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":103163,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjowYOlaP5gBgB+6pXAAABAQgKqXTmK8LXOMYWAwECAAEAAfwDAzpoH5eGEGzTFt5HMarkQS85RnurgVO\/aBYt9fo57YL+IKTuih3DEW77d6v3Ju+D+D5ks\/z7dDlOpig4k7rr1nYZACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFAASAAAPcHJldmlldy5yZWRkLml0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACBQT3pU4XvIA\/VlN6TB5fHnSiCNPOTwhb7yYNoEZjwQNQAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAJqagABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1605291686064,"flow_last_seen":1605291686103,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":103676,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtHxMDE0gBALMOjtAAABAQgKwtc4yKl05gU="}
01861{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":105978,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtCtHxMDE0gBgLMPNvAAABAQgKwtc4y6l05gUWAwMAUgIAAE4DA9ehcoimQeEeEMjvAe4McgOYyKOWeQYca+m76bdxj4MDAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":470,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1605291686035,"flow_last_seen":1605291686105,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":105978,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqLg8c6FgBALMEUrAAABAQgKwtc4yql05gU="}
01875{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":105979,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtDunxMDE0gBgLMIbLAAABAQgKwtc4y6l05gVpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
00453{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":105992,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwMTSVrQ7pgBAB9e3lAAABAQgKqXTmLcLXOMs="}
00453{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":106037,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwMTSVrRMBgBAB7enVAAABAQgKqXTmLcLXOMs="}
01867{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":106051,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtEwHxMDE0gBgLML\/pAAABAQgKwtc4y6l05gX82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":475,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686106,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01161{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":106051,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JWtFxnxMDE0gBgLMFYNAAABAQgKwtc4y6l05gU0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSDHWq\/C0\/TD2ag3R1CBC5+dCnGhO93whWqM8TXWzHC1DwgEAQBWpTBswB+zDIcvtXb0kpMH1NqR0aUvMK3BJBNiQYdr34ubbqu+b5pb\/sg7wz\/r9WT3QYcyn6OkaFr8IM8Va2fML\/E7Moc20L2MQGvRMNAmVjVVrdUOSf0x9mGj4SDIlb1IuLf\/ljDDrlPTO69khpGkrJRUjir+8yyhJUzlOm4YOmZfMQbd0vcnmWEExtWxZ+u0RnbkxlYCpVI1xRAhFoujHcL6vY4jDTaDL7b9XVY5Ld6IXPsYx2ItxtDUn9pzk6rjX\/RJTOkajLDQ5iIgjubIJlbBHjVcu5Ljjq7EwCF6ZxgQXV+qyvG5YhgVEU80EAPjezSzzx7vn1g4TdzutE0JFgMDAAQOAAAA"}
00454{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":106054,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwMTSVrRcZgBAB5eXFAAABAQgKqXTmLcLXOMs="}
00454{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":106057,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwMTSVrRkhgBAB4ePBAAABAQgKqXTmLcLXOMs="}
@@ -181,79 +181,79 @@
00454{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":109028,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB\/ybACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTGemEx1gBEB+2n7AAABAQgKqXTmMMLXOKk="}
00453{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":109044,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAreKACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7Gn4kvzgBEB+6PWAAABAQgKqXTmMMLXOKo="}
01862{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":110087,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMMqLg8c6FgBgLMF9SAAABAQgKwtc4zql05gUWAwMAUgIAAE4DA0MLGNd7+xW2yuEIisVqm\/w5FeQFIKxeMJzg5Pj+fuZ1AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":490,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01875{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":110087,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMNrrg8c6FgBgLMOMHAAABAQgKwtc4zql05gVpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
01865{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":110088,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMOtLg8c6FgBgLMBwmAAABAQgKwtc4zql05gX82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01159{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01170{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605291686035,"flow_last_seen":1605291686110,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01158{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":110088,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMPurg8c6FgBgLML1yAAABAQgKwtc4zql05gU0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSAW8jyvFAi1RAltYebQcJ+vM3PRT7jAEqASNBxB0LmwZggEAQBTyr2YsARU97ZlfefrYfyUerhJwjKjf26WYPheQNJzQOt\/5ozgbram4cbZRr6RQnJ3x8XErthrUsLF9X1zoxFIIjStMOkWQCmG9ei7hf1lEADaZwV0B+MSJTlsrDLc0szTJmMN9ZocjOJL8xRZdLIFMam+Nrv+6gUFSkxyYNqt5KEz0G7IXOtEVM9WKFKRf0BczqSNQ\/htmCPqI66LZYJe8bk7DfZ+nAU0AEnK1hXy5FQdGkKPxncJ0uBntj\/hhzmiQFqsUGEi7BnByXGr2hNfS1dCq7SNDg40daATZAYPcOZAMtHaj1VCkaeb\/ea1jIdEAyOKcoLrjYlQ+fzmTWwlFgMDAAQOAAAA"}
00437{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":110103,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gC3zdABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzoUAAAAAUAQAAMvJAAA="}
00454{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":117442,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhFwR09RgBALMLIOAAABAQgKwtc41ql05gs="}
00455{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":117442,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHX6uGUxgBALMGC\/AAABAQgKwtc41ql05gs="}
00455{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":117535,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX\/sl7sQgBALMFAHAAABAQgKwtc41ql05gs="}
01862{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":127575,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBJhFwR09RgBgLMDkrAAABAQgKwtc42Kl05gsWAwMAUgIAAE4DA4yhuxJ8cIU0x\/UfQJqgjG9j52fjJQKhYXSxkWb+I0O2AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686127,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00436{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":127595,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDDz0ABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EAAAAAUAQAALuiAAA="}
01876{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128442,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBKilwR09RgBgLME\/tAAABAQgKwtc42Kl05gtpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
01861{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128443,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YTHX6uGUxgBgLMFL5AAABAQgKwtc42Kl05gsWAwMAUgIAAE4DA3OBPsdq6kbapXMJejTAiHQndyFmO6BUnPHV6E6qG+bKAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":501,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01866{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128443,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBLkFwR09RgBgLMIkLAAABAQgKwtc42Kl05gv82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_tot_l4_data_len":3985,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":398,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01875{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128443,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YUI36uGUxgBgLMP6dAAABAQgKwtc42Kl05gtpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
00437{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128450,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDDz0ABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EAAAAAUAQAALuiAAA="}
00437{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128460,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCLKYABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTEAAAAAUAQAABtPAAA="}
00437{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128462,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDDz0ABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EAAAAAUAQAALuiAAA="}
01159{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128566,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+BQBMllwR09RgBgLMDYoAAABAQgKwtc42Kl05gs0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSCWDCY8Zh\/4c5QIux2ngbaHM49eTZRNqHHO1FDC4WPqOwgEAQCeJO80DEkaslpwwhrS5u+fRWKNnEolFXbXnpUcgCAxed+B4Z7Lpy4AX8zUo5TtAbthrY2Lbu03Y77JGrROZipwiNkcISlxq3ejt3MZG5gswLTmkmRyDIu8HFyTUhl8OYynep4icTTFbAzwIWRqj2dcrFfBXaCN8+8194VAcf7qm6LtaPYOoZi5dd64Et+f1MAkJin4AmTqVaC2wmAFNSgbm6ne1IbRkeaaLEY2N6syakRwgpXxHlwdmZqnqkrmRP3YKKZxV\/jdtDoRbJHudVTVeqxIT4QMgCxk\/ZKpUjKzI\/byMbgEl4u8wpMcPy2o9fO4RTkkHPB9v\/1ypMT2JX3cFgMDAAQOAAAA"}
01866{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128567,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YVKX6uGUxgBgLMDe8AAABAQgKwtc42Kl05gv82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_tot_l4_data_len":3985,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":398,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":508,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01156{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128567,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YWL36uGUxgBgLMD7pAAABAQgKwtc42Kl05gs0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSA8k8WTc7YZXI8b5Occ6kESfKYFCvA4RTdfbt5uMDMWVggEAQCJKnraANP7uCkCTKLdwMwlc25IQdeFOudTHTu8jbEZiEhku9ugfVPwIqqlcN9qEHG0wF2PTanmYAuHY2Zl+02erv9a7dl+eiSiz\/iE2b0oR4PkjFwvTHJvcYL4z9SpsFZfA1Ysh9F9vRgM0Wba9HYDlS8ek60t9uaLD7WBFnfVUQK4aLsS8cIjdfV9jya3CrsZnSxWylzIfjZjjTlu1HRqWdpTUlfr9iNaNFC9aLr8ylOGX2jxz\/oeBZ20EnNDYRFBo1Ju6C9sZqngwl6erVo9tIaAYYya+rfrEWNjQkcZDO0DOpPuL9QwY31h5pFVWjSSaYaEO23AkTGAiSWteIVaFgMDAAQOAAAA"}
01864{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128567,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MJX\/sl7sQgBgLMHD3AAABAQgKwtc42Kl05gsWAwMAUgIAAE4DA38EDp\/K4XxG\/E1+f9jCsO+wjOQIeNaVpFlPMzkLjUm0AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01875{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128567,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MKZfsl7sQgBgLMO3lAAABAQgKwtc42Kl05gtpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
00437{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128573,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDDz0ABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PgBu3BHT1EAAAAAUAQAALuiAAA="}
00438{"flow_id":9,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128577,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCLKYABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTEAAAAAUAQAABtPAAA="}
00438{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128580,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCLKYABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PoBu\/q4ZTEAAAAAUAQAABtPAAA="}
00436{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":128585,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBOdWABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuxAAAAAAUAQAANOUAAA="}
01867{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129580,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MLa\/sl7sQgBgLMCcEAAABAQgKwtc42Kl05gv82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01160{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_tot_l4_data_len":3985,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":398,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":516,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01159{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129581,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9o6MMcfsl7sQgBgLMIDoAAABAQgKwtc42Kl05gs0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSC2k7KwcAPsv4fSQ0bc08RiDffNZuoU8t2FrnZlHXVTfQgEAQBpiqGB2Hqu1po6M6HhvzqFp1RVncGzEUi7lwiYcHf8Bs+Gu6A3Wug\/vVauHE905tCWsK1Y7tBpZ118XLT04I0VFCmj38I8tthuxEFn2kJB6OiIqREluj9nhcn0JNaHlxKEA3ZxsJXLGfppgMULPox9OIspGBpeJKWR3CTRvXvvsdh\/xzUec1zSDwQjTEZ2uYUGS\/vpoVpNBm\/B5d1rVpx9WxPiISd8WyUvK1LihqzEj4wf9SPOc9cSFSOscMhkOBSBqoTYexP5KmXd5hciUa0RxJtE6TKMOC0hESh9weV+lFlg8XL8NJFxQVUbVRMHNrO\/NXnCEWW32P9OMkvF5CaCFgMDAAQOAAAA"}
00467{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129581,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzEPbiYGyoBJXgE4hAAACBAV4AQMDAwQCCArC1zjcqXTmGA=="}
00467{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129581,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0mUbYB0oBJXgO0tAAACBAV4AQMDAwQCCArC1zjbqXTmGA=="}
00457{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129581,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/PFklexgBALMJqUAAABAQgKwtc43Kl05gw="}
01866{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129581,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiS\/PFklexgBgLMARsAAABAQgKwtc43ql05gwWAwMAUgIAAE4DA\/AQIQbrU20HyJyN7PsW9O\/kvAJjS9MziTQJmepzrB6+AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK1gsACtIACs8ABjEwggYtMIIFFaADAgECAhAKKFSCcBAsMFQOJUmxyqxYMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEdMBsGA1UEAxMUd3d3LnJlZGRpdHN0YXRpYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6joCtz\/XpIsmJDC1IQp8NmK79cp42u8wGU1+lRLzNGCN3Oih+bKGJg97Ah7p9AbLaWK0tgyBtFZgkMmY7Jo\/G212kqsCOVM9Th2+rA37LRUL0hA1hYOr7ZloEcI3QHvDG3fMi0MJnQEJUwcYp0LD0lHN+nraQIuBRPUCvjIw59jCEP62Zn9JwJpJGvofXIIJTS1EowlPz0+3NaMoHDR7OifayHdEBn2Cno669wEo1cOfeSogRHUJJgRRUIZuKl4av4KEC0nBDWQlUz2ybLpzENnVqWwK1YiWNlZbF1dwm7oBP9Rvj5VUjzV4rIfFfREPsh+BA\/UlEB0RX0AUqnSkLAgMBAAGjggLlMIIC4TAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUU1Nk92iGK6OQNjntaEa8GWH6n3IwHwYDVR0RBBgwFoIUd3d3LnJlZGRpdHN0YXRpYy5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k"}
-00887{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00898{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1605291686035,"flow_last_seen":1605291686129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00437{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129588,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBOdWABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuxAAAAAAUAQAANOUAAA="}
00437{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129595,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBOdWABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuxAAAAAAUAQAANOUAAA="}
00453{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129607,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBAB+9IFAAABAQgKqXTmRcLXONw="}
00453{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129611,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBAB+3ESAAABAQgKqXTmRcLXONs="}
00437{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129618,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDKneABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7EAAAAAUAQAAF3zAAA="}
01147{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":129954,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJgbK5D8xEgBgB+3f+AAABAQgKqXTmRcLXONwWAwECAAEAAfwDA9erSYCt3PYYZEktL7MJcpGlYIX2xYNgs1\/AtKvB7xt0IOR+LE0dhUbDAJPbNSHJ7ZIObTOEyDbEgQFzR3Tqo8K3ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA5IMr2gd92bNdZoVSKNUS0n14cDWaYPOFRO\/ISsXyZWAAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAI6OgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01151{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":130302,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5RtgHT3WjdKgBgB+\/3uAAABAQgKqXTmRsLXONsWAwECAAEAAfwDA4GdOggSfHPw+AY29Rg\/SPpX1EvYgag3sKMDz0p3DP7TIO0fmepycQbGXW2mLDxW3tcA\/yME9vaj7LwCLtdTp4PsACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAGgAYAAAVZW1vamkucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAIGhoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkaGgABAAAdACDCTo9dia+yCi8f0GaLNc2V6H3a5\/JGRsJBcmD\/97c\/aQAtAAIBAQArAAsKOjoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":528,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1605291686084,"flow_last_seen":1605291686130,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01877{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137678,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiUAvFklexgBgLMDhzAAABAQgKwtc43ql05gxpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF0K20\/5wAABAMASDBGAiEAiy\/NpMsrxX4NPRiywukHBK6R\/pCgL3Vhc1up6+AidW0CIQDz9D8NezZsRrUc3wGg77Eyt8LmuPddkuJr1o+DsjsE6AB3AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdCttQAYAAAQDAEgwRgIhAItPzNRHIdXjIN4FIrjwKOH7FmgzXk547It0N2wg9K\/BAiEA4os1meO9nrLOvLsGmqrYNP\/KyTyMuVKX\/y7NtZPGke4wDQYJKoZIhvcNAQELBQADggEBAAQVtGBz45msis0C3DHIp\/65v0dS9461RynUNplCMH8lsyrZKai0Fiufg0G9GshjOnGAAqFD8DJ2bkxjCcUGPHtFDJqO6e9RuuvI9Y\/QSvEgcDwVd\/MABXS\/myghO9BBFgZTmewnqMRHxumedWBfgAR4YaiZWf96gntktsPZJ6sm7ROWW\/94KaJIoz43f+t8BjXPShOi6L1GQgluEnlDn8iUU1XI76oOQy4pAsBh1iaSynNG\/7oIzd+Ysvilt7Z82q3hn9bxs8ozplRROd6nxTuyqaf1UELV\/J87lhWruxIKut8v3FHagkNKhv79j\/yRjpPMUDvQfygUrVdU9k6zvewABJgwggSUMIIDfKADAgECAhAB\/aPrbsp1yIhDi3JLz7yRMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTEzMDMwODEyMDAwMFoXDTIzMDMwODEyMDAwMFowTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3K5YkE3BxDAVkDVbbjyCFfUsXL3j2\/9xQ\/pkJYDU7hiiTfBm0ApzbhGYNhdkrzed\/fpBhK\/Hr4z+GnNNzzOXkKKWh1ODK7mmdUgtHVY3e9oxMhrXrKsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO"}
00455{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137679,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4Z8rX95gBALME5BAAABAQgKwtc44ql05ic="}
00438{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137695,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDKneABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7EAAAAAUAQAAF3zAAA="}
01868{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137882,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiVCPFklexgBgLMHGRAAABAQgKwtc43ql05gz82vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43NZRgPDF1uXUTSdkq5vHPnH7SJe4M23JEwfulqIbGBX2XExA7bPC7P9xweNH\/9S5ALQ3Qtogyepuiu4UBq59olmYiKgbby308skUXybPLI1+7TfAqdU5uYK\/GQzqNK8AIWj4rXPiyTLaOCULVdOaHfBohu0uQTTvfKVQHb86+dPBCAzm7R6KWCXkuHetLW71Ut20dI+rSS6dO5M0KB94zpTqx73TyW0c3lwy8xYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFA+AYRyCMWHVLyjnjUY4tCzhxtniGA8yMDIwMTExMjIxMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUEF+meoAInbUnnzXOgwtDiJ6jxw0EFA+AYRyCMWHVLyjnjUY4tCzhxtniAhAKKFSCcBAsMFQOJUmxyqxYgAAYDzIwMjAxMTEyMjEyMDU0WqARGA8yMDIwMTExOTIwMzU1NFowDQYJKoZIhvcNAQELBQADggEBABeB6JqTyRqpznuNqjuGqK1A1QRem\/bt7r3xHqNn7pAlcMLfp0mKD4Z\/4wWMOz\/68m3Y"}
-01161{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_tot_l4_data_len":4005,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":364,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
+01172{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":535,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":11,"flow_first_seen":1605291686035,"flow_last_seen":1605291686137,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":332,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.redditstatic.com","server_names":"www.redditstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=www.redditstatic.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"24:BA:A2:05:04:98:6C:4E:72:57:0C:2C:45:25:9D:1F:8E:C3:CC:A8"}}
01168{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137883,"pkt_caplen":606,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":606,"pkt_l4_len":552,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAigGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/KfiWDvFklexgBgLMNq4AAABAQgKwtc43ql05gw0oxSJU7Q1xjHlIjL9scjBhPuAEq0GCjMtFYiE7RJduMg4k0Ct9ZVwlb\/tOfyduWomz4zyeZVSJcuz082cUMYPrFas2XrpIIwdEdRaYS92wFLz1XeFYdwh7zq\/N7Upjur0hrtQfEue4+5ZqhbVR01oJNp4anHrUePIzlEnIT\/kcFsvAfnzhY8sCe6\/eHPlYmFh5NUqF382WuxmyYl4R2jC00MjKyceQCe+GA7mY6N19PTuAOUiLxpJNmIq9pmPNVdOG9Iimp3HvGkitHGB3xYDAwEsDAABKAMAHSCKSs4l89bXUCOiAIzy0t\/XLXv+FnPQAIHZbzK6\/b2zPQgEAQBWPvvUKCJhPPl9UaqgkQGRrEPnInqn3AgcWKBdJ\/beNUnh8YiG3BBPpig7fWXGt3faQYJkoxICObedZ\/\/cQR843TMJ\/tFxHeh++mhywQmo7IpKjyH\/cP4tkncFJahFlCiQctlFwQ79rSY9MXmiFUFSBu2Wpus46YvEsiEjcq65kwD7H64LAMJAlLAK\/qICDJYwTqmpVm7OhyWGMqHUmqT4O1IaWg4\/Hvxuqm\/zhHGzTDzqcxuGre\/5e1Yavz6ai+Vs+j6Mdk2hnEzA0diG0ay0njYI+YGULPP2\/6vLFzXax3XhVsBLNckbJzge9vIBu2l3NVdiid+USCvy+MnfiZrnFgMDAAQOAAAA"}
00455{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137883,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0E0Gjp0kgBALMNU7AAABAQgKwtc44ql05ic="}
01864{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137884,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL0E0Gjp0kgBgLMB3uAAABAQgKwtc45Kl05icWAwMAUgIAAE4DA6PKkAOmgePJD3e065+GZ6+AazQPNuz11NjOSLqnlrLGAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":541,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686137,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00438{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137896,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDKneABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7EAAAAAUAQAAF3zAAA="}
00438{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137902,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gDKneABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PwBu8WSV7EAAAAAUAQAAF3zAAA="}
00453{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137915,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOnSRiS9RlgBAB9do2AAABAQgKqXTmTcLXOOQ="}
01872{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137925,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL1GUGjp0kgBgLMGBkAAABAQgKwtc45Kl05id0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
00453{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":137929,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOnSRiS9h9gBAB9dYeAAABAQgKqXTmTcLXOOQ="}
01870{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138254,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL2H0Gjp0kgBgLMKqZAAABAQgKwtc45Kl05icUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01173{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01184{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
01180{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138254,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJL3JUGjp0kgBgLMB\/CAAABAQgKwtc45Kl05icFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0g2EuIU\/XbawcHgLfvZuLv1m5brKGFi7yCiyqSn6eDbH4IBAEApCSRsYY0lS3Kr7djDjGdvGkfP8wRQ5WOkQkMo+SE2prYmzYDu9So3XUPElnVChozncYm78Nh\/Y2EnV2JWDfbXOioDfCfJTX7XPpiNOUZA+B8beZv0CPJuWpElHlMc3bRxGOEQwxuGUwwlDnrhxQe7bxp64LbLaEbCApsIJSGbHVfj85ym9HSf2oYADD95Jzhx1ZrFJGrYKZzKmq\/9VzI0ySNpy9TWGvXC9JU2YssSVMI\/G3G2a4hotGmzTqnCMmvoES0N2353AR3UosglbcyilG5g\/tceZlLixe6jD9e\/BWvaheqMPxbwCyTfpmyrtyjIxGwdzI\/0H1\/8zDgiyfxPxYDAwAEDgAAAA=="}
00454{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138263,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOnSRiS9yVgBAB9dIFAAABAQgKqXTmTsLXOOQ="}
00455{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138267,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOnSRiS96ngBAB9c\/zAAABAQgKqXTmTsLXOOQ="}
01865{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138281,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbR4Z8rX95gBgLMMlUAAABAQgKwtc45Kl05icWAwMAUgIAAE4DA3yKKE4Ko1ARMIYyZQiftoYOAIiiFA4+frkxcTlfE\/FWAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":571,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01872{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138281,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbS558rX95gBgLMNlpAAABAQgKwtc45Kl05id0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
01869{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138281,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbT7Z8rX95gBgLMCOfAAABAQgKwtc45Kl05icUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01172{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_tot_l4_data_len":3933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":491,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01183{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1605291686060,"flow_last_seen":1605291686138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
01176{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138282,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdABmbU858rX95gBgLMPqJAAABAQgKwtc45Kl05icFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0gWnciI\/Pwd7KP0P5JdwR+FobLRQu42VfkCCF0ixVvFwMIBAEAa2v7rfPVRaFf2ZxZmhRswjx\/dryKLKWKMEhXiyPKVQrC3VCvRkYOrkUmxE3v4DJxXJC\/QepaT5SPKzSfQhWQC+QvgdnHF2yBzs6ed7avhyUO1uhu72G8oOtsBZ0UoXul8DxKB3AlX9r0L6BO\/Dm6TF+H841qo0nr\/BSMTghdRuQ2ObzQIGCnHBpXKBdwB+gpK44YCaTdAzem37uhbyENqjXuQKOvx59yyXQyZ6TqV9SgH5gNL01FWSFMktn4DjTSogvdNHCTfGJVI2TsupojMeV+cVOV9GYknV\/ypsS1B0Nf+qeczILow09JOvF83bN2RAeF6J5tcY6opZarKyEaThYDAwAEDgAAAA=="}
00454{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138287,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytf3kZm0uegBAB9VM7AAABAQgKqXTmTsLXOOQ="}
00454{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138291,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytf3kZm0+2gBAB808lAAABAQgKqXTmTsLXOOQ="}
@@ -262,15 +262,15 @@
00456{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":138302,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49TvcdbcgBALMHS1AAABAQgKwtc45Kl05ic="}
00581{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":140483,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOnSRiS96ngBgB9TenAAABAQgKqXTmUMLXOOQWAwMAJRAAACEgGhiw9b94f8rz2dJx6nh+9ommAOkvNbCFYxJJRPRrDQMUAwMAAQEWAwMAKAAAAAAAAAAADDiXoMO+wQIDk0GccYULTEY6bkLD8890nYXEqstmLnY="}
01866{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141552,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw49TvcdbcgBgLMNOjAAABAQgKwtc45ql05icWAwMAUgIAAE4DA6D09cUbbtpN\/rYtQqSaB642VSIv4mbf073hhoP2bPB0AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":680,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141552,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6YAYOGSgBALMNB1AAABAQgKwtc466l05ig="}
00453{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141570,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1tyMsOfsgBAB9XmsAAABAQgKqXTmUcLXOOY="}
00581{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141660,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gDoxGAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QABu3ytf3kZm1XggBgB9e6bAAABAQgKqXTmUcLXOOQWAwMAJRAAACEgXn0+nl7ibnbnv3X+XE5SsOnr6yCBoTQjDG1qP+zsESMUAwMAAQEWAwMAKAAAAAAAAAAAu1t2RzBpuHFGdpAbDAc+HC8CD+XJPWLxyiIYqaKyz2I="}
01866{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141731,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsk6YAYOGSgBgLME08AAABAQgKwtc47al05igWAwMAUgIAAE4DA\/LZ1dICAL\/DuHg5XGFebFAUdACOqZC4DZcRtcJTYnHVAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":686,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01874{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141731,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw5+zvcdbcgBgLMP\/dAAABAQgKwtc45ql05id0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
01870{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141731,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw7ATvcdbcgBgLMEoTAAABAQgKwtc45ql05icUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01172{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01183{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":9,"flow_first_seen":1605291686060,"flow_last_seen":1605291686141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
01179{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141731,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc\/oyw8BzvcdbcgBgLMJmVAAABAQgKwtc45ql05icFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0gyVoEjPJRkXElTZgGEluVeDwFphVd5HqKZAeb0AsQxSIIBAEAdIDer7xYy3ZxK8vfq5pA4OCbSZSwY1TgoeSjNdYL0ILjBQsggdxFh1C5vYMChSK2Ox0EUGscSz8XnclIprC0FoWvaRQnCCFUSo5mZBrYFxhuLXsElNeZJ\/SXhk5SWCLT8\/oN9pz6VvNXau1EnEOSrD+1BIcFV0BtOFR\/T41iR3oaP0qImfAN7hx+\/QJ7p1KwLkxZOvmk\/m9DI45ld1gOvB+hHsMQtEoruZjkrXV+XpsMf+XcEVzjg5kowy0VcZhFo7J44j31VtxGt0+m\/q\/FBNIYUQTrldmFYm7k3sn90YJKRsWD4UWVQ4c9KlQFuvoWgZp3yW6GTYkM9bpff5oEMhYDAwAEDgAAAA=="}
00453{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141735,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCVnRACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg4ZJlbJe+gBAB9dVtAAABAQgKqXTmUcLXOO0="}
00454{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141741,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1tyMsOwEgBAB83WWAAABAQgKqXTmUcLXOOY="}
@@ -278,12 +278,12 @@
00454{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141746,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBKPwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3P4Bu+9x1tyMsPIugBAB5294AAABAQgKqXTmUcLXOOY="}
00455{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141909,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IiJd61ngBALMJwEAAABAQgKwtc46al05ig="}
01861{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141910,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO8IiJd61ngBgLMBS9AAABAQgKwtc466l05igWAwMAUgIAAE4DAypgLRNIVzyG8FEROLZF\/TyuLaxgMAxLFtuPuUnXX8+tAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMKxgsACsIACr8ABiEwggYdMIIFBaADAgECAhAEgViJFaGeLQYINHLA9fqAMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjESMBAGA1UEAwwJKi5yZWRkLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqajbv6yxoBUUP7z4hqGEBqUxkIuxIANvgy2sKGAl3jE9LNe9bbgB7FzCPhrmyFURkVvYbXfU9co9q2RsG\/ZLID9oD7cnc4wYj8f5M0Wj7sE4dcOBfT1mL+rKP75s+BKfKTkPZTCKgxJREHiw9NQlhB9n7EhNiUvWmZIAm5zbikqjIrLNp5RC9MOYKZw5cvDcfEExtW47V0qsenFicT1Vp4offkEkRTUZQHa8ZDesXcX4X8FcQ4SffgFPYEu5soxUH5p1gEVUzzt1qKIQ3VpkM9Z1uyEjunxQhHxNgkslvXaUfxNo4vt8AtlnyIrqudEvXm1BoqY1Q95KpDrm7iWCQIDAQABo4IC4DCCAtwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFF5jqSI83X0TAAcKFOfiu1j5R516MB0GA1UdEQQWMBSCB3JlZGQuaXSCCSoucmVkZC5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBG"}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":696,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00453{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141939,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3rWfoDvSggBAB86D+AAABAQgKqXTmUcLXOOs="}
01875{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141954,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO9KCJd61ngBgLMGouAAABAQgKwtc466l05igGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSmdiAAAEAwBHMEUCIQD\/04ygSe1MYzrJpdTwrQK9Sjx\/tAOekyn8ZwUHe438MQIgQeoxYr6dp9e0Vi2BfTgg\/tx7yoUBr46n4mPgngP1Cg8AdQBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSmd+AAAEAwBGMEQCIDQ+4afNmJ6Lq7tcDFhWE5ZRcYt+T8eRVv9HNhRXleMaAiAfvoxXCpDvg3ksn\/DbvlHRhWsdVwta6mdmCm+pp0EQLDANBgkqhkiG9w0BAQsFAAOCAQEAAG3CaPVDekrOfzw6f0I5v2tWlY1xVwLUq3mWKiYqkY13PT0BCSJhi4Wr05nryv4hM2tTgWfXEYy5thizGRFQU2k2\/UwaR1tWB7k6icplfD0Ga+hHuMA1ioLo\/9dpR90j3inuZOlew5NI2+DUxJoSXlo3H8MbyO5DP\/ctl49WhW+y0JaR0mw+Wsni\/W0+ctk2wp4ac\/lpLbD1iXAOjwpg\/HHz0VF8T8dgjOGW64yvr1ftmXr2UumO7tbZmf00WJprBjlf4hclLVDLtjreq8DhsjB3cf\/gLzGIz0xtBET1KwumlL4Vmay44nBXCrqr3Ucoup6L8umjZP\/gUQ4QuW1ijwAEmDCCBJQwggN8oAMCAQICEAH9o+tuynXIiEOLckvPvJEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMTMwMzA4MTIwMDAwWhcNMjMwMzA4MTIwMDAwWjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek"}
00453{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":141956,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3rWfoDvi4gBAB65zuAAABAQgKqXTmUcLXOOs="}
01872{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":142640,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO+LiJd61ngBgLMKiAAAABAQgKwtc466l05ijXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls\/3HB40f\/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLzFgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIBuTCCAbUwgZ6iFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIYDzIwMjAxMTEyMTIyMDU2WjBzMHEwSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEASBWIkVoZ4tBgg0csD1+oCAABgPMjAyMDExMTIxMjIwNTZaoBEYDzIwMjAxMTE5MTEzNTU2WjANBgkqhkiG9w0BAQsFAAOCAQEAbwsD5QK4DQ9xfMkiwjwxyTNXlhdZjg2N8vB\/PaYfH1XoDJdlWGVbnA8TWdbHQAFf+6hb2yCXT2PrEc5rtmuJ6qsC"}
-01142{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01153{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":700,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":10,"flow_first_seen":1605291686064,"flow_last_seen":1605291686142,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
01141{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":142640,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBugO\/NCJd61ngBgLMOZMAAABAQgKwtc466l05ihkRhvz1enisus+n+JtTFh5SwLPqnsNQGg3iOJYoXp+wF91pGTE\/3x+aQOXjrcYJPujSbXof\/sNWsX0Ch+B\/eKgUux4+l+H6D2B4ET1JbSLEEOr9ZWpS3RJvElVNKQUtc6UiHPg\/2caAWll+fY5HO0LlKfS0\/+z66ZGktG+DgAoy7TfLapyN4\/YD\/XHQTfVf+ymrIBkogrdwK2UAhWm9rWt7ALq5xFuJyf0ZlOeEe+6ePGSg5v4hVg3I0eT4d0tFgMDASwMAAEoAwAdIDGDUtF9tVVvnmKrIfqd5B7KDz4yaX9vh9T4NoKj+gQKCAQBAC+SYFht96+xUi8+8CumApjobGOq48sRIcldr713SU9MvuX+TFGZqcTFh4s2mC2ieSkcd74Hl4GWE5M1VKz2VrttiblH3LgfXQeGMdD+AkvLco4ivgRHAz8wOgXHp21zGm3K1M6WVIEPapkuIwwQk\/zhfdzmBiRzZuY8Szcpv0SxA+ijbSV3DpOMwn74QrvUAxKraJ1m5P6XtGIhFt3gkJW0ZrDD2zf1d7BaCoDZ8AJ4jeuuciBa5Ej\/DzlzNmiQSBhrTaXkY+HcZcW0IK6YLeNhquDgZ285FdzH1tHDZO4epINcm6vLMIZy32cAjWs2NZUcEVHFJdNbYpIPujfcc18WAwMABA4AAAA="}
00454{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":142645,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3rWfoDvzQgBAB45jdAAABAQgKqXTmUsLXOOs="}
00454{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":142650,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3rWfoDv7IgBAB4JboAAABAQgKqXTmUsLXOOs="}
@@ -295,18 +295,18 @@
00455{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144251,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcYBxWgngBALMJfQAAABAQgKwtc476l05ig="}
01872{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144252,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsl74AYOGSgBgLMFueAAABAQgKwtc47al05ih0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
01870{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144252,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsm9YAYOGSgBgLMKXTAAABAQgKwtc47al05igUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01173{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01184{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":713,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":10,"flow_first_seen":1605291686060,"flow_last_seen":1605291686144,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"styles.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
00455{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144252,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8cZci+BgBALMBnUAAABAQgKwtc48Kl05ik="}
00438{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144271,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCPRTABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg4ZIAAAAAUAQAAJk8AAA="}
01177{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144351,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBGVsn+4AYOGSgBgLMB82AAABAQgKwtc47al05igFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0gG2cOJgoEaixVukJFuagwQP1Slxp2pmozF56MYk\/waEIIBAEAxD4SJToiMcYIr5B0\/+sb0wfrs+x2lHtMV12QgO7sOQdEGDIDCYyBWOFUPQutn88\/lvd8NzFxEk7Gx5Vt6P5ROxT1NSKv0FCLFMr4T\/+xaq98Yne3wtlRpwrKYdTxXc5vRO9\/NciX5jSwPMQIX0VlmhEbICMhjZHHrvtGHhd3to9Pxceen905+pBfwNZIfoh4S9qGDT8cgCiS0ZUGhF0UpsywcC9kFFVL5eDTopw46xpDM7z5kMHT\/bfMxNk48gbgJ2WKpmN8aEqu+Izc5jj96Mpy1L26ZOqOVCR+Pk2qOmrCeAHGLz9Iuj2X0o+K8aVPhgNqwk9IMXTabXd30cmNrxYDAwAEDgAAAA=="}
01861{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144351,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwRcYBxWgngBgLMLuoAAABAQgKwtc48al05igWAwMAUgIAAE4DA3lpLaMar1lk2Fn\/0J90eAWbE3xkWhxb4PYNzGeki0QPAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMKxgsACsIACr8ABiEwggYdMIIFBaADAgECAhAEgViJFaGeLQYINHLA9fqAMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjESMBAGA1UEAwwJKi5yZWRkLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqajbv6yxoBUUP7z4hqGEBqUxkIuxIANvgy2sKGAl3jE9LNe9bbgB7FzCPhrmyFURkVvYbXfU9co9q2RsG\/ZLID9oD7cnc4wYj8f5M0Wj7sE4dcOBfT1mL+rKP75s+BKfKTkPZTCKgxJREHiw9NQlhB9n7EhNiUvWmZIAm5zbikqjIrLNp5RC9MOYKZw5cvDcfEExtW47V0qsenFicT1Vp4offkEkRTUZQHa8ZDesXcX4X8FcQ4SffgFPYEu5soxUH5p1gEVUzzt1qKIQ3VpkM9Z1uyEjunxQhHxNgkslvXaUfxNo4vt8AtlnyIrqudEvXm1BoqY1Q95KpDrm7iWCQIDAQABo4IC4DCCAtwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFF5jqSI83X0TAAcKFOfiu1j5R516MB0GA1UdEQQWMBSCB3JlZGQuaXSCCSoucmVkZC5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBG"}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":717,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1605291686064,"flow_last_seen":1605291686144,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00438{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144355,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCPRTABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QQBuwBg4ZIAAAAAUAQAAJk8AAA="}
00453{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144359,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFaCdj8EnegBAB9ZzFAAABAQgKqXTmVMLXOPE="}
00583{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":144994,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3rWfoDv7IgBgB9TMgAAABAQgKqXTmVMLXOOsWAwMAJRAAACEgDKhK+fnPfakLEiUGnf24VB8EgC9O2IJ8IfqQjcJ8lQ8UAwMAAQEWAwMAKAAAAAAAAAAAoJxM\/eZ8gECxhU1BRAHdej9eS7fhJ9tLYYhb89Z\/n7s="}
01875{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":145060,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwSd4BxWgngBgLMGX6AAABAQgKwtc48al05igGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSmdiAAAEAwBHMEUCIQD\/04ygSe1MYzrJpdTwrQK9Sjx\/tAOekyn8ZwUHe438MQIgQeoxYr6dp9e0Vi2BfTgg\/tx7yoUBr46n4mPgngP1Cg8AdQBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSmd+AAAEAwBGMEQCIDQ+4afNmJ6Lq7tcDFhWE5ZRcYt+T8eRVv9HNhRXleMaAiAfvoxXCpDvg3ksn\/DbvlHRhWsdVwta6mdmCm+pp0EQLDANBgkqhkiG9w0BAQsFAAOCAQEAAG3CaPVDekrOfzw6f0I5v2tWlY1xVwLUq3mWKiYqkY13PT0BCSJhi4Wr05nryv4hM2tTgWfXEYy5thizGRFQU2k2\/UwaR1tWB7k6icplfD0Ga+hHuMA1ioLo\/9dpR90j3inuZOlew5NI2+DUxJoSXlo3H8MbyO5DP\/ctl49WhW+y0JaR0mw+Wsni\/W0+ctk2wp4ac\/lpLbD1iXAOjwpg\/HHz0VF8T8dgjOGW64yvr1ftmXr2UumO7tbZmf00WJprBjlf4hclLVDLtjreq8DhsjB3cf\/gLzGIz0xtBET1KwumlL4Vmay44nBXCrqr3Ucoup6L8umjZP\/gUQ4QuW1ijwAEmDCCBJQwggN8oAMCAQICEAH9o+tuynXIiEOLckvPvJEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMTMwMzA4MTIwMDAwWhcNMjMwMzA4MTIwMDAwWjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek"}
01871{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":145060,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwTfYBxWgngBgLMKRMAAABAQgKwtc48al05ijXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls\/3HB40f\/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLzFgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIBuTCCAbUwgZ6iFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIYDzIwMjAxMTEyMTIyMDU2WjBzMHEwSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEASBWIkVoZ4tBgg0csD1+oCAABgPMjAyMDExMTIxMjIwNTZaoBEYDzIwMjAxMTE5MTEzNTU2WjANBgkqhkiG9w0BAQsFAAOCAQEAbwsD5QK4DQ9xfMkiwjwxyTNXlhdZjg2N8vB\/PaYfH1XoDJdlWGVbnA8TWdbHQAFf+6hb2yCXT2PrEc5rtmuJ6qsC"}
-01141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":722,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686145,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
01149{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":145061,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCGPwUg4BxWgngBgLMEJvAAABAQgKwtc48al05ihkRhvz1enisus+n+JtTFh5SwLPqnsNQGg3iOJYoXp+wF91pGTE\/3x+aQOXjrcYJPujSbXof\/sNWsX0Ch+B\/eKgUux4+l+H6D2B4ET1JbSLEEOr9ZWpS3RJvElVNKQUtc6UiHPg\/2caAWll+fY5HO0LlKfS0\/+z66ZGktG+DgAoy7TfLapyN4\/YD\/XHQTfVf+ymrIBkogrdwK2UAhWm9rWt7ALq5xFuJyf0ZlOeEe+6ePGSg5v4hVg3I0eT4d0tFgMDASwMAAEoAwAdIH6HSIafHL\/hCiHVUj0ZveFvGwftrPla+scSPr4F6z84CAQBAIv42e0zoakGKUyHohYuuQhX9SVc3AuqK9nx+k4SYNfS0IMjXA4sIj0aOJLTe8dSRH46trFYU8A8Cac07hfQhJJEq4uFIK4QY5bc65Ckj6GnmZ6RqD2F9\/Z+VUx507Vme76NEhRBwoa2iRSo+voVyn3yv79nptRjypTO9u\/4ly\/qsm\/qkYTn8ohi9Ah13ToHiouGsy6H\/PlvGvnMCcv2uVaDt9lrIoSLlvku+it45jH\/5Va72yxrtmQ+T5RvsCTixkp6J47O77YzM7BvB\/tsQQ47asYjTYnwH1kNC20M\/tLnHZMWxAnvLf\/T\/TTCKJS0NZtigvarARY+FutOYpwU3i4WAwMABA4AAAA="}
00456{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":145061,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/ls46ULgBALMObsAAABAQgKwtc48al05is="}
00454{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":145064,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAj4aACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QgBuwHFaCdj8E32gBAB9ZitAAABAQgKqXTmVMLXOPE="}
@@ -318,10 +318,10 @@
00453{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146132,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQMdACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyL4F84MvHgBEB+yLbAAABAQgKqXTmVsLXOPA="}
00454{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146162,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZ0wACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjpQsOlaP5gBEB++\/1AAABAQgKqXTmVsLXOPE="}
01860{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146916,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgy8cZci+BgBgLMJxnAAABAQgKwtc486l05ikWAwMAUgIAAE4DA8Bxx8GKtZNXir5aQh5Gy84mJOBs1iBENVNIIXageBt3AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMKxgsACsIACr8ABiEwggYdMIIFBaADAgECAhAEgViJFaGeLQYINHLA9fqAMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjESMBAGA1UEAwwJKi5yZWRkLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqajbv6yxoBUUP7z4hqGEBqUxkIuxIANvgy2sKGAl3jE9LNe9bbgB7FzCPhrmyFURkVvYbXfU9co9q2RsG\/ZLID9oD7cnc4wYj8f5M0Wj7sE4dcOBfT1mL+rKP75s+BKfKTkPZTCKgxJREHiw9NQlhB9n7EhNiUvWmZIAm5zbikqjIrLNp5RC9MOYKZw5cvDcfEExtW47V0qsenFicT1Vp4offkEkRTUZQHa8ZDesXcX4X8FcQ4SffgFPYEu5soxUH5p1gEVUzzt1qKIQ3VpkM9Z1uyEjunxQhHxNgkslvXaUfxNo4vt8AtlnyIrqudEvXm1BoqY1Q95KpDrm7iWCQIDAQABo4IC4DCCAtwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFF5jqSI83X0TAAcKFOfiu1j5R516MB0GA1UdEQQWMBSCB3JlZGQuaXSCCSoucmVkZC5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBG"}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":736,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01875{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146918,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzgz98Zci+BgBgLMOf8AAABAQgKwtc486l05ikGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSmdiAAAEAwBHMEUCIQD\/04ygSe1MYzrJpdTwrQK9Sjx\/tAOekyn8ZwUHe438MQIgQeoxYr6dp9e0Vi2BfTgg\/tx7yoUBr46n4mPgngP1Cg8AdQBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSmd+AAAEAwBGMEQCIDQ+4afNmJ6Lq7tcDFhWE5ZRcYt+T8eRVv9HNhRXleMaAiAfvoxXCpDvg3ksn\/DbvlHRhWsdVwta6mdmCm+pp0EQLDANBgkqhkiG9w0BAQsFAAOCAQEAAG3CaPVDekrOfzw6f0I5v2tWlY1xVwLUq3mWKiYqkY13PT0BCSJhi4Wr05nryv4hM2tTgWfXEYy5thizGRFQU2k2\/UwaR1tWB7k6icplfD0Ga+hHuMA1ioLo\/9dpR90j3inuZOlew5NI2+DUxJoSXlo3H8MbyO5DP\/ctl49WhW+y0JaR0mw+Wsni\/W0+ctk2wp4ac\/lpLbD1iXAOjwpg\/HHz0VF8T8dgjOGW64yvr1ftmXr2UumO7tbZmf00WJprBjlf4hclLVDLtjreq8DhsjB3cf\/gLzGIz0xtBET1KwumlL4Vmay44nBXCrqr3Ucoup6L8umjZP\/gUQ4QuW1ijwAEmDCCBJQwggN8oAMCAQICEAH9o+tuynXIiEOLckvPvJEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMTMwMzA4MTIwMDAwWhcNMjMwMzA4MTIwMDAwWjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek"}
01872{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146919,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzg0\/cZci+BgBgLMCZPAAABAQgKwtc486l05inXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls\/3HB40f\/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLzFgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIBuTCCAbUwgZ6iFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIYDzIwMjAxMTEyMTIyMDU2WjBzMHEwSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEASBWIkVoZ4tBgg0csD1+oCAABgPMjAyMDExMTIxMjIwNTZaoBEYDzIwMjAxMTE5MTEzNTU2WjANBgkqhkiG9w0BAQsFAAOCAQEAbwsD5QK4DQ9xfMkiwjwxyTNXlhdZjg2N8vB\/PaYfH1XoDJdlWGVbnA8TWdbHQAFf+6hb2yCXT2PrEc5rtmuJ6qsC"}
-01141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":738,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
01144{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146920,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdCnzg2A8Zci+BgBgLMOmtAAABAQgKwtc486l05ilkRhvz1enisus+n+JtTFh5SwLPqnsNQGg3iOJYoXp+wF91pGTE\/3x+aQOXjrcYJPujSbXof\/sNWsX0Ch+B\/eKgUux4+l+H6D2B4ET1JbSLEEOr9ZWpS3RJvElVNKQUtc6UiHPg\/2caAWll+fY5HO0LlKfS0\/+z66ZGktG+DgAoy7TfLapyN4\/YD\/XHQTfVf+ymrIBkogrdwK2UAhWm9rWt7ALq5xFuJyf0ZlOeEe+6ePGSg5v4hVg3I0eT4d0tFgMDASwMAAEoAwAdIMAYTFYSc9yI6h+RWAOHQL2DNiFuo2zRv1bspQjPAXZ9CAQBADRdqxNAaD1p+EwkU7MgWUtg1aoS5MGeIWcavi56bFpkwGjofuR2tpWGpqB\/SNm7qokuFTNTZtDk3qGzpBw79O6ABUi4GNenNsZoSnIRrypN2VRFyZFDcg91LeIar0RrmwJuvYolcz3K+0XWaqxFRFkUvMDs3+m4aHp8+F9cg632xAU7jXXBVj9B4nDkO3jidxzwkjpxq2yY32nvqHLvvugg0oZ3Re7arE\/R0OqnlFvh5N4iB\/FVf3dZ4F13YLLXmFH9u09USniF+SGcq3M2LFQkx12YHmdCaNE\/GFfFaITTN7Jy1HeLHIb\/2B1qwhlNFtTvVqEkzIE\/XrZurIOWMs0WAwMABA4AAAA="}
00438{"flow_id":17,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":146974,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gAi8TABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyL4EAAAAAUAQAADI2AAA="}
00455{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":147568,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc+p6YWsX6uGUygBALMFIrAAABAQgKwtc49Kl05jA="}
@@ -332,11 +332,11 @@
00437{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":147586,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gBOdWABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PYBu+yXuxEAAAAAUAQAANOTAAA="}
00437{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":147588,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gC3zdABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzoYAAAAAUAQAAMvIAAA="}
01862{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148836,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vo\/ls46ULgBgLMJ4IAAABAQgKwtc49Kl05isWAwMAUgIAAE4DA3LV+7rRezLkKqyC7L9\/cEwHhlnEuCDIWqUrb5kwUceFAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMKxgsACsIACr8ABiEwggYdMIIFBaADAgECAhAEgViJFaGeLQYINHLA9fqAMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjESMBAGA1UEAwwJKi5yZWRkLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqajbv6yxoBUUP7z4hqGEBqUxkIuxIANvgy2sKGAl3jE9LNe9bbgB7FzCPhrmyFURkVvYbXfU9co9q2RsG\/ZLID9oD7cnc4wYj8f5M0Wj7sE4dcOBfT1mL+rKP75s+BKfKTkPZTCKgxJREHiw9NQlhB9n7EhNiUvWmZIAm5zbikqjIrLNp5RC9MOYKZw5cvDcfEExtW47V0qsenFicT1Vp4offkEkRTUZQHa8ZDesXcX4X8FcQ4SffgFPYEu5soxUH5p1gEVUzzt1qKIQ3VpkM9Z1uyEjunxQhHxNgkslvXaUfxNo4vt8AtlnyIrqudEvXm1BoqY1Q95KpDrm7iWCQIDAQABo4IC4DCCAtwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFF5jqSI83X0TAAcKFOfiu1j5R516MB0GA1UdEQQWMBSCB3JlZGQuaXSCCSoucmVkZC5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBG"}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_tot_l4_data_len":1805,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":257,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":751,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":7,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":223,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01875{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148836,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6VqBFs46ULgBgLMLUVAAABAQgKwtc49Kl05isGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSmdiAAAEAwBHMEUCIQD\/04ygSe1MYzrJpdTwrQK9Sjx\/tAOekyn8ZwUHe438MQIgQeoxYr6dp9e0Vi2BfTgg\/tx7yoUBr46n4mPgngP1Cg8AdQBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSmd+AAAEAwBGMEQCIDQ+4afNmJ6Lq7tcDFhWE5ZRcYt+T8eRVv9HNhRXleMaAiAfvoxXCpDvg3ksn\/DbvlHRhWsdVwta6mdmCm+pp0EQLDANBgkqhkiG9w0BAQsFAAOCAQEAAG3CaPVDekrOfzw6f0I5v2tWlY1xVwLUq3mWKiYqkY13PT0BCSJhi4Wr05nryv4hM2tTgWfXEYy5thizGRFQU2k2\/UwaR1tWB7k6icplfD0Ga+hHuMA1ioLo\/9dpR90j3inuZOlew5NI2+DUxJoSXlo3H8MbyO5DP\/ctl49WhW+y0JaR0mw+Wsni\/W0+ctk2wp4ac\/lpLbD1iXAOjwpg\/HHz0VF8T8dgjOGW64yvr1ftmXr2UumO7tbZmf00WJprBjlf4hclLVDLtjreq8DhsjB3cf\/gLzGIz0xtBET1KwumlL4Vmay44nBXCrqr3Ucoup6L8umjZP\/gUQ4QuW1ijwAEmDCCBJQwggN8oAMCAQICEAH9o+tuynXIiEOLckvPvJEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMTMwMzA4MTIwMDAwWhcNMjMwMzA4MTIwMDAwWjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek"}
00455{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148836,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8oSMQPLg8c6GgBELMDaEAAABAQgKwtc49Kl05jA="}
01871{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148836,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6VrCls46ULgBgLMPNnAAABAQgKwtc49Kl05ivXvi\/TC2rSsd9f\/ld0Uzs1gN2ujkSYs58O09rg1\/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGXkujNVA075ME\/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0\/RR3w6RbKFfCs\/mC\/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzhxtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEBCwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq\/sELfeNqzqPlt\/yGFUzZgTHbO7Djc1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls\/3HB40f\/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLzFgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIBuTCCAbUwgZ6iFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIYDzIwMjAxMTEyMTIyMDU2WjBzMHEwSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEASBWIkVoZ4tBgg0csD1+oCAABgPMjAyMDExMTIxMjIwNTZaoBEYDzIwMjAxMTE5MTEzNTU2WjANBgkqhkiG9w0BAQsFAAOCAQEAbwsD5QK4DQ9xfMkiwjwxyTNXlhdZjg2N8vB\/PaYfH1XoDJdlWGVbnA8TWdbHQAFf+6hb2yCXT2PrEc5rtmuJ6qsC"}
-01141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
+01152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":754,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":9,"flow_first_seen":1605291686064,"flow_last_seen":1605291686148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"preview.redd.it","server_names":"redd.it,*.redd.it","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redd.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3D:15:31:F3:94:55:33:92:88:5C:61:40:B0:FD:ED:27:6D:29:3A:12"}}
01144{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148837,"pkt_caplen":590,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":590,"pkt_l4_len":536,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6VsEFs46ULgBgLMGUfAAABAQgKwtc49Kl05itkRhvz1enisus+n+JtTFh5SwLPqnsNQGg3iOJYoXp+wF91pGTE\/3x+aQOXjrcYJPujSbXof\/sNWsX0Ch+B\/eKgUux4+l+H6D2B4ET1JbSLEEOr9ZWpS3RJvElVNKQUtc6UiHPg\/2caAWll+fY5HO0LlKfS0\/+z66ZGktG+DgAoy7TfLapyN4\/YD\/XHQTfVf+ymrIBkogrdwK2UAhWm9rWt7ALq5xFuJyf0ZlOeEe+6ePGSg5v4hVg3I0eT4d0tFgMDASwMAAEoAwAdIKjIfdNB+Xj\/xUSylt58OAv3rIjdUPkIhQAKY9xqDo4yCAQBAE+tQV47PDWyW\/jPbVae0n926H+33P2dhwyJMYdEtd3vXUusGY1Sf4\/fwnOPpAmVyiTQmhlgyOzBntrsQI2jHfVbMwpgwyfcThx95sEwKki0ToIwd2wl2GnhphTQ\/lNIy9+hA4QbkmtVW9EOdHXBVDo+4Gh07K91JF64MWKqikri5f82ieaxHm+xMwv+dY2CsWtcgeuV4pmfkotqFwOkyrd45TA77Z1NQaA3L9nzQ7KACm0Texz9IfpLQGJypgpz3YBo7rPAxod2zOyccGyhTwYh7X34qDo60\/rykpF2jklkFP63v1zxdn8NVHCRQoTcEasL\/2jJbhbN7dlmp6tVLC4WAwMABA4AAAA="}
00438{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148847,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCsXSABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjpQsAAAAAUAQAAGk4AAA="}
00437{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":148850,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gC3zdABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzoYAAAAAUAQAAMvIAAA="}
@@ -344,13 +344,13 @@
00455{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":180561,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzETbiYO3gBALMMaaAAABAQgKwtc5Dal05kU="}
00455{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":180589,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0qUbYJ5gBALMGWmAAABAQgKwtc5DKl05kY="}
01869{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182404,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkPzETbiYO3gBgLMIxUAAABAQgKwtc5D6l05kUWAwMAUgIAAE4DAxsH5Gr\/GOMCsJtej1E0tk+78j\/7\/hT\/7PU4cddWmy9\/AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":807,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01872{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182405,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP0FzbiYO3gBgLMFHDAAABAQgKwtc5D6l05kV0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
01869{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182405,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP1HTbiYO3gBgLMJv4AAABAQgKwtc5D6l05kUUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_tot_l4_data_len":3933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":491,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01182{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
01174{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182405,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP2IzbiYO3gBgLMFblAAABAQgKwtc5D6l05kUFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0gpkvzO7LE4mLRxx2qvbNHsN6DIry+9q7M1xht9KqAK1wIBAEAjV5A+ZTadw1D1BfGDpdEIXnnYEn8\/taQoN1jAeXF\/ctQSn1XQT7MGH23f4T0Z4a2nZJZkkVG+NAwIq5YnEgi3qzqw9C0GJAm1KkAGfwrHv7RQ+FZ4bwvr73214k7WpA5GgurIgGGtCVhq1RuPYSuNTnDH+rR8jZt9PAqdSVq3z6TkididCYUEJ5kz4qevFHl13vjv7VTRVnQRfmO0l+uXsS4x+b13WjDpyOeMq5tuen1+1AGRTHQVC3ZQ4711VntYYXtFuXLSmcI3k+6wSWkJ2\/VTZR1NilntFxlYKwvsSTFcrhLukbIL0WHL2N3\/3u3LCZ1fXL1jfbYq4pDcZzj+RYDAwAEDgAAAA=="}
01866{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182406,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaN0qUbYJ5gBgLMJ\/jAAABAQgKwtc5Dql05kYWAwMAUgIAAE4DA\/lpjGNgx9lR5qm05T8DENqDgfpkH1sNIMZIVXuNKF1BAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK4AsACtwACtkABjswggY3MIIFH6ADAgECAhAFIKnDRQdHRLlD27uwkl6dMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA3MjcwMDAwMDBaFw0yMTAxMjMxMjAwMDBaMGwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEaMBgGA1UEAwwRKi5yZWRkaXRtZWRpYS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUojedwLTSEzrq4UnD96Vw+K+bJzRlpdlGvp1emryD5RL1HNtyibc7bG5WSKWQj4rEXUPCrd7J9KEcoktu\/T\/zKnwBbK1YjqeYT7crnAcYwaOzJK+2WaVgkNLH46oD9ybxNIQiHXSZQ7Ot1nzKMSML5qvJDWE93Oca5W4JzWXBeHxjaWh1pvFML\/h9KONNL2F6v8fl2QkupSKhrdBMUYrUJQ7T7Xayr9QDWUwAYkELYvTZAHxC2NJEKB\/W8Txb\/aVDvxW0ugRtMT23SQiJB3o2exzRkgcVXSsUUyBNZi0HwERQ8wVGtvniGjIdCo1za+WiS39m7ranLPgJ4gJ0ghVtAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUM5hgnYdqs+t4ZIcAf5Oj81X67dYwLQYDVR0RBCYwJIIRKi5yZWRkaXRtZWRpYS5jb22CD3JlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0"}
-00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00899{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":811,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1605291686084,"flow_last_seen":1605291686182,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182418,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJg7e5D9BcgBAB9cuGAAABAQgKqXTmesLXOQ8="}
00454{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182428,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJg7e5D9R0gBAB88dwAAABAQgKqXTmesLXOQ8="}
00454{"flow_id":20,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182431,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJg7e5D9iMgBAB7cNeAAABAQgKqXTmesLXOQ8="}
@@ -358,7 +358,7 @@
00453{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":182436,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5Rtgnn3WjtigBAB82qVAAABAQgKqXTmesLXOQ4="}
01872{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":183889,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaO2KUbYJ5gBgLMPDOAAABAQgKwtc5Dql05kZ0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXOQZCKCAAAEAwBHMEUCIAherbIi6ZyHzb3QX5+4\/MlQsJrfbT9XT60YNwXvs\/FkAiEAwb6FWwmkC64YkR7Z3GfczyoO1X+DuWs1z\/cJf1mGmRAAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXOQZCKuAAAEAwBIMEYCIQCNJnMx30MdQpcsqt\/W+zrckQM+XjK6x44S461Ih+FOwgIhAKbBLZjqonCb3DAhfmp8tsmJH+X3MizzOAQP3yn5uVQ5MA0GCSqGSIb3DQEBCwUAA4IBAQBCDMeIm2uPoixPwoutZHrrGFzfNJEXLQk54PkRo2woDSpR3o0sLrpMXiyWx6H0MMNDjCQCbMH2ymQA6oTDSulICMxnonBHGBAiFWQ4yFy2iFOaonss\/jw9Dn15iyoLKitvtvJLO9YtEqX7BhpUXB+aGzE35RE3PNE7a9BSnYdTRBdwcbTm4\/GUaX3HC2LiAXQA2DAltxNjiE72Zxrfz9Ebt1FNjsFnx0Ah1ZbnA1MIHFvgmyPuvrAyEw9PR6UdJmEHtOv18OslcdpyIt5b11k6XZhXnFrHzfU77INW6\/\/S6hVNtvk1bBdMuvkLXzN88BKcp9k9\/9vFc9yzgrbsBbZxAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRq"}
01869{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":183890,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaP3qUbYJ5gBgLMDsEAAABAQgKwtc5Dql05kYUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMTIxMzIwNTZaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQBSCpw0UHR0S5Q9u7sJJenYAAGA8yMDIwMTExMjEzMjA1NlqgERgPMjAyMDExMTkxMjM1NTZaMA0GCSqGSIb3DQEBCwUAA4IBAQAe0tW7eHxJsBmpUJLOLbayxqVf49zXEZ5\/cB0RRa6yG3CNXesl4JDY"}
-01171{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
+01182{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":818,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":9,"flow_first_seen":1605291686084,"flow_last_seen":1605291686183,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emoji.redditmedia.com","server_names":"*.redditmedia.com,redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"96:A3:77:56:81:79:10:5C:E8:7F:F0:33:D2:7E:1C:45:08:2C:25:85"}}
01177{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":183891,"pkt_caplen":616,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":616,"pkt_l4_len":562,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAjIGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDvdaQ5KUbYJ5gBgLMI0LAAABAQgKwtc5Dql05kYFzSsmCedJGCcRINBMxj2OkjLRrR5+xcD9lb4unAKC5WTmKH6ycrO9ix\/L32MGep\/ZFvIJCQSouE7mlgSAcTFI4BXte\/pGsHMAjui+1qfzuJeDRU1HhuOmlCbhFJ6m4gFzgwhyGd9L+hpBg5KgMKhXfS7jrubusel2UJKbGh734tJ39CE6k1PRqEwMkj67np+DYccuihF63nxZALE8swo0riZoaCe5AiIY7ITMITCBbxCZuPAGOPmEMbEPmOm6Pvj+\/bWyqGz8umNh91i6hsUU6dKjsm4mWYsWAwMBLAwAASgDAB0gyfeeWSUNsZVAUmfekCPkHg6kCxTVpdgQFDytizSEoDAIBAEAvzJzb0\/IZa2lmohZUBaur\/4YJPMvh1aAiuH2flU3wy8wjfoyG80x5ClsODx4GDmgB4ZCS9R4MmuWewmVUXHKgBTOGe4cvtqnhL3fmelhwhEDLy7j\/27CKwiLVwpoPmZiStX2p4JrjqF13s7ujE24jiYagEz4DgObSAThuybLLG4hr+weBenDbxM6koRQkBmOLDMe9hJv0sACiTmzdfR5Ql6pVHdfEMWfJyAxSOGAkGuO2dT56\/q46jYRwJSRUbzw9ydOQV8dSPlR\/KifGo4\/6WzimyPNWvR2ydeqBnXGNO9UDgYbe4K8gfIbXZgdHBCMY9WQ7h2wdcQVULCQa6xLtRYDAwAEDgAAAA=="}
00454{"flow_id":19,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":183903,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5Rtgnn3Wj96gBAB9WZ6AAABAQgKqXTme8LXOQ4="}
00454{"flow_id":19,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":183921,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBTHMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3Q4Bu5Rtgnn3WkOSgBAB82JkAAABAQgKqXTme8LXOQ4="}
@@ -377,46 +377,46 @@
00456{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":203769,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdDA6Vsjls46UMgBELMNhHAAABAQgKwtc5Kal05lY="}
00438{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":203774,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gAi8TABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QoBuxlyL4IAAAAAUAQAADI1AAA="}
00438{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":203778,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gCsXSABQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QwBu2zjpQwAAAAAUAQAAGk3AAA="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605291686301,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605291686301,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":301196,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML0AAAAAoAL9IDDZAAACBAWgBAIICql05vEAAAAAAQMDBw=="}
00468{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":327034,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWUkNzC+oBJXgILuAAACBAV4AQMDAwQCCArC1zmoqXTm8Q=="}
00454{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":327076,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBAB+wbmAAABAQgKqXTnC8LXOag="}
01147{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":327471,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3ML5BwRVmgBgB+6IBAAABAQgKqXTnC8LXOagWAwECAAEAAfwDA3fQE2bFMSg9V0ArEx1DsWJIv73oxXvB9GJfjd2ybJfQIFrXxaRDJ9lBszDg6UwzwOQonUBDW8zTTtfnwcTvyt2MACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHQAbAAAYYi50aHVtYnMucmVkZGl0bWVkaWEuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACBQ4ydRyS\/5f7HpSvaHkgvC0msLXL39ObHQFVtCoyAcOQAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAKamgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1211,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1605291686301,"flow_last_seen":1605291686327,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":393401,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWYkNzLDgBALMPtvAAABAQgKwtc55Kl05ws="}
01865{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":419456,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBFWYkNzLDgBgLMO57AAABAQgKwtc55ql05wsWAwMAUgIAAE4DA2w2h4OnI5oqTmXU5WBqOgdwOPvgJebj0XNMae9Ppb25AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK9QsACvEACu4ABlAwggZMMIIFNKADAgECAhALxRVguuP1otqG87N37ptnMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDAyMTgwMDAwMDBaFw0yMTA1MTQxMjAwMDBaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEhMB8GA1UEAwwYKi50aHVtYnMucmVkZGl0bWVkaWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m0tBPQBt7iNZ9yVM43JERqwrF\/7kkYx1k6FWIH3ERmFHj8lZDO2vnookRF1j+3gp2OWzg92awKOEw8ynv7OhC\/Q5ckvxRPMvNQykUR3dYJEzqFj6rVX+hgdBGcpvA2JYS6luoyXAfWrQhQFT1g16+2RjINDueb7iAIJsPJRzPCfTTbrfGcRKK8ruBZH0EoCxgUm0sBGwogRiZ1j\/WylqkCyWbwdS3kXLbokhtsK7bgg+OCKQjLVg4Gawug\/eb5u8K5JUy+ck86Oa9v3xh3x9M8m8xRtsLH7k4wM5UectnuPET63DLhhwFSJ64Hy6vNbeV\/xglSptawNgIIF4BtCAQIDAQABo4IDADCCAvwwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFry81+a+cNcHveCjTY9tHerLfKDMDsGA1UdEQQ0MDKCGCoudGh1bWJzLnJlZGRpdG1lZGlhLmNvbYIWdGh1bWJzLnJlZGRpdG1lZGlhLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcB"}
-00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1398,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1605291686301,"flow_last_seen":1605291686419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":419467,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MsNBwRl+gBAB9QA1AAABAQgKqXTnZ8LXOeY="}
01871{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420291,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBGX4kNzLDgBgLMDfDAAABAQgKwtc55ql05wsBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXBYgRWDAAAEAwBIMEYCIQDHzXaR4B0YH3rB5zl\/ytcz+FJl7Zxtbv4nzWj2+mrP8AIhANvwvwlyQT+Rynl+pzhafPdcFaqKQ5X6Jb+svwfabBU2AHYAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFwWIEV5AAABAMARzBFAiB2TSqQUr6lBIFkWx4+6OGH4t4V5eNSLU3D4JXHzW\/bRQIhAP3l6PWmcmA2KGd5868mmIFUWuFVb3TgdVUEuKBtt2ySMA0GCSqGSIb3DQEBCwUAA4IBAQC5SMPLH\/yIoBGVmm8p1R\/rE3qqeu5LbPRbNxkauLpqgtV3F+0A7ZV+7WzF\/1A0p9Mw8jRs6gXlsm4Cl1bSypmJg1kQbUDu9phPcEeZC5\/okPI4mVW0f5HYzQTGzGX1+tDxuJDd0mlT3MGnZXdMugW0KM7VnqDGQBwakSYYe11bCU1u4Ltrd7L2d17O8+Ze4yDZxEblULm6iUwSPn0ySS2A+z5gy4gXweLEraMpLPuoyawau3zrWrkw91\/dZJxW4LKLoCCx5BQhuPkOMtdX\/eUVDxVpQe\/xx0f\/Hta44nNFzu4QShGmGydWhIw9oB6hnEizc6e9A0VNhRtRnseBY68kAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yr"}
01869{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420291,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBHZYkNzLDgBgLMBeVAAABAQgKwtc55ql05wsG9KpdS7dHRt0qk8OQLnmAgO8TBGoUO7Wbkr7CB2VO\/Nr8\/3qu3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMDcyMzU2NTFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQC8UVYLrj9aLahvOzd+6bZ4AAGA8yMDIwMTEwNzIzNTY1MVqgERgPMjAyMDExMTQyMzExNTFaMA0GCSqGSIb3DQEBCwUAA4IBAQARl21TQUHOKoKU2eR5v9c8iWfM"}
-01196{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}
+01207{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1605291686301,"flow_last_seen":1605291686420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"b.thumbs.redditmedia.com","server_names":"*.thumbs.redditmedia.com,thumbs.redditmedia.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.thumbs.redditmedia.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"FF:F4:6C:CF:D6:FD:64:3E:50:17:A2:DE:B0:F2:B6:9B:76:59:C6:75"}}
01207{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420291,"pkt_caplen":637,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":637,"pkt_l4_len":583,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAkcGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBIa4kNzLDgBgLMAl7AAABAQgKwtc55ql05wvaGEZDsqhEi2FHJHtxQVW0QkrUJGfvWHr5XJfBH6rrSjsWXGZnu5pVfstvBsQO3nLOBKzu6VCzldeyV2qNTtXdRdLDXYsTOlmKak+Z+7kO2wht0ZVC5tCzYAH1Y0YQaw8kQAI\/8sbbTEJzszSt\/9rfx28FKWGHfMAC1GfnFe\/kH4inuB4BAAcVZr8RdRC43UgPKphpm68b3ockr+0rssMPQVTVy31I6BrbyfktR3W+t3yzpfbxNzqRTj4DgVl\/YTIgZQh0y\/jhdvq\/lHz728Ho0MTZ+5GwC7U1EEZD1Hs2iXyw1htTD557HGZp9vkWAwMBLAwAASgDAB0gKaq+2n+kteNcaXnVQhWaWL9D3KlXWIZWq\/jEVqrL3DYIBAEAAlVCWeVf5PaZOAw+7mM1uRXe9F\/6yg8z8lTsLZg3q6pKEYD5hYnSP1iSzOveYHs5OlfQW3WItwmXM03H2VX3NnKlGF7GOMgxvRa0a2MynifvZEyeJCon0J2cxLSvXMjDMCTPPzT\/kE8sD04EN72u8Oejvre1NmIt70w7+DQ2iV8vJU8M03dVXc5pbjuFyHWom0Ctj8yv1RkOJx\/KRtBhp3+qUs1kCYjlxYrW0u\/nbd3bfAkGGarWAGZ+9qRj6B02Q4LLjVnKWkXkxwvcJo+N+v67tfOQDoet2uqejnMfzY68ucS42oDnI8XN8O8WLJS8IeYZn+b0ZIWdkaon6TgoZBYDAwAEDgAAAA=="}
00455{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420296,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MsNBwR2WgBAB9fwbAAABAQgKqXTnaMLXOeY="}
00456{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420303,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MsNBwSGugBAB8\/gFAAABAQgKqXTnaMLXOeY="}
00456{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":420307,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MsNBwSPVgBAB7\/XiAAABAQgKqXTnaMLXOeY="}
00583{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":421886,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MsNBwSPVgBgB9Z1MAAABAQgKqXTnacLXOeYWAwMAJRAAACEgWYU3PfgsQKYihFO3uoMJdTmDwQVceFgYyiRr8prQm0MUAwMAAQEWAwMAKAAAAAAAAAAA0FgT\/SKenNyDYhzxq42tumFsAOJ4h5zHyIcni8qFEN4="}
00590{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":422007,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XAIMGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3MyBBwSPVgBgB9bbXAAABAQgKqXTnacLXOeYXAwMAXgAAAAAAAAABUHjyoTMKS98mcOvWf3UpTo1d4pwHgu1OJbBtPp584YrH51mfdENeft+iSY7mt4F2ROOjr+Z8p0dhvBTbwFC9CZTY4BZgbNz0YaORcr22c3h+rYSnehg="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605291686985,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605291686985,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1925,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":985114,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD88AAAAAoAL9IJsfAAACBAWgBAIIClRf4AwAAAAAAQMDBw=="}
-00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605291686985,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605291686985,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1926,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":985710,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hEAAAAAoAL9ICE+AAACBAWgBAIICkv6YkkAAAAAAQMDBw=="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605291686996,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605291686996,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1927,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291686,"pkt_ts_usec":996891,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjEAAAAAoAL9ILJdAAACBAWgBAIICnOjJUYAAAAAAQMDBw=="}
00468{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1928,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":16591,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="}
00454{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1929,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":16621,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="}
01151{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":16854,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBgB+0cnAAABAQgKVF\/gK8LXPFkWAwECAAEAAfwDA2TZVj7uQEkCD0qaduyi4bmVPP7zAKvO9+7Wlc8AMGeTIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHgAcAAAZd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbQAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgYKiZy5yb0i6Knp9i3yjCivd+Ief6i7v0\/AghN6n2uzkALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00859{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1930,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687016,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1931,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24247,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="}
00468{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1932,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24248,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="}
00454{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1933,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24307,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="}
00454{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1934,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24329,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBAB+4WXAAABAQgKS\/picMLXPGE="}
01149{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24606,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBgB+\/A6AAABAQgKc6MlYsLXPGEWAwECAAEAAfwDA+eYPrfbBZwgBAyXsXNv1wHXo8qtfbtTLhb8K0WcNKMYICPAGuufUOrjlYhZGNPMkbG+4utdfOiWk6+0nf\/wCDAKACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAEQAPAAAMYy5hYXhhZHMuY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDX5C\/1o+HW81YAOCcijSyF5B3qZmeI0oMefLtlAIvWHQAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1935,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1605291686996,"flow_last_seen":1605291687024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":24727,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBgB+4vHAAABAQgKS\/picMLXPGEWAwECAAEAAfwDA5a9I0DX\/RoLLAwCTlolT1w7O+Tvbm6bAwmHB\/Gzvv4KIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGgAYAAAVYy5hbWF6b24tYWRzeXN0ZW0uY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACC3JhULSj7xGhtoU9gOb9OIs2MhB9H2Fq8bhGiDmIiZGgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00829{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1936,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1605291686985,"flow_last_seen":1605291687024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1937,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":53426,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBALMPumAAABAQgKwtc8f1Rf4Cs="}
02101{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":60476,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBgLMJ3WAAABAQgKwtc8hVRf4CsWAwMAegIAAHYDAxziP7O5ibKEKza93z7DAlpXchP7XauobF7dSYpGZVqWIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/EwEAAC4AMwAkAB0AIGbERe3TJUwS4LQIS4WZ5cJp6RVqqA1Bhv3R\/yc1d\/1EACsAAgMEFAMDAAEBFwMDCrO8sDzT\/eJ+k3K+EdIDOeUTTfIsdDfNvb\/aPqMAq+CNQGn2FEIE9SQdRBm8MHqkXQccZ4q93ixsRhP0Nl8xsYSe8xqCpmnE7X1v8Ic84784+Aj3McArDAvrfp7c5pTDmHn\/JftzJsVUByWMieGt7gbU2ReJVSQtHa2Ar1LNAr\/DUE2WvJ3D69C7l\/alsFhpBA4J\/Gh9csI8HQLL7Ewte5yTS87roZgLpwmrMStFBGkUVqYfXXuc24Ir1XDgBkCxVMy6+YFSJB0C\/Y6MoqBfdT6LEIw1\/6SECR4DOIiJXfkIMbiyv0eMwe5OQ\/wdb9iujwM6uhQdkWXIuuwdPmFjs3ywezx1hTV2RT1qHU7u29RcTaEPWjS3xWUjhS\/NNlLont9KQ8NJFmBdMqQHtryO5yis+UyAOvrRB4mRYYmDWRwzwuMQj2Az17D64S+gwSYWA7guyz29cFmsd3Hecmu227cqjBz1CKaYT5lSJxDjaMvDsIsRHPWSrVtiiqC\/KcnzApGp74Lr8TRZ8cpzZ5pPZOtbdNob46ykKJlWTYCCLqgCZ3KLZ6yk7i1UhujI6RzYEL+1kD+EmCU096eQ\/sWuNex00j5R+\/eOcC727T0BTdUxA3oleEvaMqbj7G3s6BTI+y5jDjiQi8214P23UBOb5SiecCIE9J3qCUcVR6EoIzbOB9286uX9GywYdHEE0BzaQgEgF940aJ1ALpbpUnoLI3aiFPKyyk9pR3bLHAuEdkchJle1luiK5Uapn32N3uCUPt+3Izwc3ehVK3k0tJcEMKgO6z0e9ZQu7rOYpD7PiiL2ZPwwBAr98GU6zSBid2DS1XHjFL2XXfX7Vam\/8w594lzWSrmj9\/\/exWhooNv7rLSjqRvBfmINow36\/OC6qm3GaL9NXkgJOrd38gc0OHKahae\/crUdv4gjHLVjrn05JeB7BpU2uFvRzR6DWHtNam+171yDXOCzbfQ75I\/X9n3q93Yor4c1RLefOOH0KuZAO5921QqM6HMbXKAZuJyNzFtUNeEC7J82XOQkNuhYOaRmGl86bWx6rjucRU7d9ozOk9PDscADo4ATcBC3sGCnhVmR8UwuW84euaGetBqbwscoU6MPtpn1qqCjv5nqfw1t0R9mJJMNV0L\/PBhOnseAu29M79AgjCwjX5QxGdIPAdAag4M1xiby1oPedaPJPhcx6e7xOMzXGOBHKi+z\/E1Y9g0VRnhKm4V\/p8qRSYj0G4\/8+Jw8dzaNLk+bL4M9TXjj6hR5QJ2luhf81AnyYvTLgD856EgtKjRaYfxYbs\/8Cke0DPrli3RtOjV+uNpmrwgI3a4tu00dsMktAU4n0JAGov1JGJZyqhcVeSEWvYRMZIboTDGOM1j6Fp7C2gys0zPUaWQbvvJvRJ0lZE48+GPfC+35CkJ2Wg3g28rOM3Ovldt6ZA=="}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1938,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687060,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagservices.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02100{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":60476,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm72e3bhHVgBgLMNPRAAABAQgKwtc8hVRf4Cvq0SnpIqttiGxbTIu0DMKbtGr47cCLt7wHwxKZoEEQNGxTDxQE1R72lDm3TtywySFwb\/B5kyXsEpUfPJPr6ZXL2IW09QNFBEglVs5\/2NlqhDbPki0ncgImgdpQi2IVRCy5XI6iXWjOzsjiSziWYne9Ykc47LE\/QREFpcyq6AqrmOqNG3d6OeavtDwBIZvcUNUNHNjKLle375UxARN2DqoDCtGxL1u3vXynJyyGVyWOINyfufd4pAlyfN5yEobYleIulT8qjwYM5t1bz7XG2lMptmnKrABre\/xdOHx1CsZ7GIh8\/70pXD4rMUPlhgE2ZKVZ0GKVd2gQkfij\/ht2EriALX2ddjNaiR7oIN2akAIxpBCmeOsBAubp5xAVVDp8DJzwLSODB2+IwE3ieaKX+pNP90ihZkJrcEfp2lJDvDycETV6ziqpwp4ff2PioNaUfpsS0fMy2PQYe4GsXP1lzQKOW1RFGwdJ2oVwTxTzqMYJA\/RsrM9wOnJRFByQXBW5p9tArBqRWQIlvc65bLTz1InaYs9Uf1vxg5YAR09bg0qVYSBDWVRbKXvuPXR2iPaPq1Ca4Hwpr2S7xtXmK+FG5RA7\/grQAcAjuWdU\/W\/H3PRXIL6fZJ\/Lia+DISdb+XHz16UKLZvmkBBoI84aqO060++NQUFGIgBhBaFLUHFj7sPKNUj1yWri8dYP6FXeybA4R17ixiq+FUZwZ51ZYyWSDLmvynH9YruHBHF3nI0Cf8NctrTRaEAhtbsW4hSO2Vf3DWjrUapd7hAseJvPTA+NoJruiL2NhaIMKw\/F4trITx0tJeGJKNGS\/L+4OsQGBmUXKl8YGhjWuvHVIILe9P2u727at21uDkrfBsCaMW06NmpoJAWxh1liUTlf1AMmhRpVr5NDTaTDG2iiycXo+x7KZ3t\/dZw8uBtaPReosHD4K03lyG2Ir5ffLI0i\/q9uHOnuWvrWwEOuv7GDKldhNOxkMJU66UlzQswjHnqXhFZFMAXL0qrwboARBvj8li9+ll1qnL+jSiZFKOmMMk0cKYasxaNrWKZstn82fdrZXj8ggJad\/jSY\/VFo08UM6d\/78Nb0+deuvh1XrqdPr2ffCzPsB1S7pWN72tSy9vaFja5Add0Ff\/J9i6oC\/4LrduLAnUUkdf7W+kBbE1xahj8YH9UdOMTU+UWuCbS5\/0XpA+sPNbCCcYr9J2o6qp0YFskUiuap5bpVgg1sv7eJ+taFnmx0M31hrEurEq5Uov7eHrp3cVCwW76Ty+b2ZiFktECNTHF1YWXOKhBr9Mq6r8Ie3Bxqi8th9DFKjE3nm6TxqPkyHqW+QpareQ7\/XmukiAednle2TSTeMr2sRjZjnU3z5lUG5EzmZjjcYI7MD\/wRtePO1MclPqEPbfO8mE7l8WMJ9f96RBbc36F7xtFAbDAV1Mruh1TZ8WQ4cQb2YXvDmQji\/IbjbAZNq+1sRiT\/lfS9gk1AYyrxDeeDyhO6vMrPCqVJqK2lFZxuMS3X2Oo5LPpQft\/IasFI9U+\/vGKe2FPQ8oQuOjabcWDo9lwVUeDw9KrBRGi6rv9\/OLigdBAVZI63lQPOYFwfm+8gKB2TVMqEo+VO6p0XNU2OALJgLg=="}
00455{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1940,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":60490,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duEdXT5u9ngBAB9f\/3AAABAQgKVF\/gV8LXPIU="}
00454{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":60506,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duEdXT5vQfgBAB8vtCAAABAQgKVF\/gV8LXPIU="}
@@ -428,7 +428,7 @@
00585{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":63678,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duEhXT5vXsgBgB9VtEAAABAQgKVF\/gWsLXPIUXAwMAVwBjIcDX7pZI2m9db6MAcuVvvIUC6ceyzuDWbbSXzRXAJkDVHB\/afLzUyVw\/gIuKH5PFyS0EExG8UKNv6+okw9ygDdaEYPzsXJvHkMFubJ43QtG\/NRaDTg=="}
00811{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":63813,"pkt_caplen":347,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":347,"pkt_l4_len":293,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ASUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duEnHT5vXsgBgB9XNgAAABAQgKVF\/gWsLXPIUXAwMBAErss9Ro1+6WKxQzbA1HvyO2qoAbQOglRe1CBh53dLgZCtV2ACUKhSnmyjVFRGbGXtBLE13Z2ZxluMzCOQstrDXbOCBfqA0oTe1kfP\/WjFcuHFHLwYDsJFwgABy0sIKc4wxRxixnnmuuyFzv9HosyYI9HJnZAwF\/8Vmi7Y\/jxpltC0ja2Fl12v\/8L5yPrBqISakOJCGosJstvni06OGZRb80kreytDKVbkCzkGRpSwPQPOqxHSBPhcLJGoiujnQB8sBhOisw6m2TPkQKx3AkxF0o9kn2igiSV3VLDdvY2GpMPPJdfkZ0kJRkPQBP2ho98yuoN\/87UYuLIJC8A5iJj84="}
02338{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75726,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4V5AeQXgBgLMAIEAAABAQgKwtc8jUv6YnAWAwMAegIAAHYDAxlPUXb9YZCeSa2lSHpdRumxNgzSKA+ggZ2lQZhm2V8wIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtEwEAAC4AKwACAwQAMwAkAB0AIMQOXmNr3ukoZyPpDTvzhq63qgZEGO1MOCgqxcZ2irQnFAMDAAEBFwMDACTb5Qu1gBZa3L\/hIXZyXkOAecj25dqqLLCdYWY45d9oOj3th94XAwMU4JS4Z4HJVTufAM71+HqGgq8J7Laxo3jZYh4R+vG+XL1x7HTCSF5hvJLJ1785iqkzTfeG\/U1qftakv++1nr3cqzzifbhJE4HCr18kCACC32vSlwK+Sjmi1Jq2oKWKJv7itHnT6i50knVzNfHXX0IbF74Lj3Gs3jwqov9y45x5xIs\/zE8zy9EjubEMBTgGkOlL854mvxVJiwscBEsceZU32pGV59s\/W4q7vuKoOrVV2epo9I7ANykDXn+Ixd4sHyt1ifFWtw8imhBOlLZspOBXsX+abUc+jgXbT\/puuxhUePXAbVWE9Y8w8zsduktrKtVBARuUr\/qYA3gnhTYtDAZDiPxTI\/7YlqtRGkLIBX4e\/+dJASCPy3oBC0\/JIkM6yzmDWjFUUAdK7CG4+7NwxCN20NBCscsRsoqfWXIxL6+pqiAasy5u+LO6MfSLfFskKb3kkNE8hJ6XVgAf3p1rjmnT8EmTPFOHfu\/x78kQS3BVRGKGZhz5bfJqCZMfDJ3Im3KL4gyDwZxELFcD51iUIwXAHJXcE2N1uGYVAA7YvpFDVvMrSPn6XNMmQPI5J2o1v8qUinRjbljpnRCLpxovPDjyi0QigtoTmS5CxdpwE4sQaEW5gOjbbVO4oI6e3UPx9IBfLXoRQlGccYMx0CCBpECPKJyMzbNh4NTAceLG+ZWdEVlz9UFeHfi0gQVaRptkDcd\/owYqbG43qqkVnF592x1WChuD6JqSUIZM7ZMpyMX6vL\/Jv\/iPyNNqCfGSZk5J296LnTjUt\/A3s5HMpfsHITzq3AXPapZ+WOnqRG0iKKzGIV8GGfqMUc0uI2YhYufApWDVr7P4mVlQQmFdUVUPd+deOypxEf11OpCI9kTFDryOdxkacSAhcZY6WsXIXXOL\/DjpvmMDD+RJrFJfC3oOO5paNpz5SqpsLZJ5BJ9byS+95Jo3x+JZKDvK9\/qdZicuocwsSoLAidznyPPFQHH4EUtHcJLcdgnNxYZM30P6+pBwazHFAWheyUFCSgevEapFQMWs9\/kriUzlktXMjjo+MGXYNEtF5fGhiwWu9ZSWS8HTTHgW0JdNEf4D8lCPi6U9gTAHy9SoN4TsF0ttr6ciIKKYlCGrTjqrN1DWHBdKxAAMP9TFGGC2URUqBV8Grd0JMHug7x8PYgIURamq030PESYKY28qLHKVFyCWDjLcX92qxadO\/0R0R5JbA9wL0lCnswhyEV8quwGExNjJX5cnpDJGrnQvMiqSUpTd2OgHYWBdGRwyVHSUX8mE82z+QO4zu5OwipCDeenHo9Yi5QoUVCQ2vHK1DXrQDm5gq1XEeBPjbCjFsOQ0QdHOMQK9jB5qZyh6B7JpsfX1k7zM6QpRqjsVP0XoPRfJM\/rff8dPUz\/o7UAHi95WgYKXfhovpVgGU6\/EGqFT5rtn4U0KF9mOcrvYDQQikycAWcG8PHrJSYQyQ2jARBRApI1Mt2n4LOths7nFF3Vxgzl8Q3LEfTiINOXN\/mca4b3\/On7ZIADMcow6cDIZ98XNIDG\/XiW7sMTm5KjaYFUe98hvbLpWLidw9CIUkePEgPUJLaqHAS2sMRJnnNWfxjcblQCUx8fMImFsS3PEuI6\/ug52XJnBiQ=="}
-00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00881{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1949,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1605291686985,"flow_last_seen":1605291687075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02340{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1950,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75727,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPsPF5AeQXgBgLMAmeAAABAQgKwtc8jUv6YnBoEnVTuCCFUDq3Gq2KIzu\/mEx5A+cKKGYDCvCCf77hR22MQYK1wSNhLsFBSed7wA0x3BYtdexGMG0kXIM4FVu32G\/\/DfFJK8gx9QaExXbWgHbC3olISpnxkjtgHwpCUDcHOfaIBNioN7bHZdcaugtOqxDEovbcPm2M8jTO5dsA9qbGK90lD1NFQuFYLkIklcBqKvSOn78By88Tbnm2Sn2PGsDSUS4jtXOZ5pVC8UUeA8FAsEgAlrl4jcPoOq1L+j0oIMPqZjt0CRParKNNXQOlg1A+MUgmjQvj\/6QBS9rR7NE3NFTV8oJk7X+vOj9KB29AwttAqAs1LCJbBq7tpoZND82L6IwepXP9RX8BBZii6ugXJLcfXUUWSTardu6NhI3vcw+8f3imAMZG0ynf2RGKtk\/ipdHq8fBT1DovFvrSvYR1jEyafhr8rZTHQR0+ZfvIjxCCreeZTURmKMxa7+xjNLa83XV7ubDhZ9ZKO\/E460v3j6vj5PiPH7t+6LCd8qz1P\/4u7uRu5HhmvzMAghjgnRdf8sjXa4+GdNfHpi1pbN45I3V6ULeAU84mDh676GwiFD0yCq9ZpsJ4wJqBakuEVyHrA6lpNRcwdE1PchcNxtWnR62NgesKoA\/UP8WBby1k6L8ae5HLUWTNIvIMyMgUOMDZaLvsCmNZNU0xP6IR97Yg2\/Zl9K5imjuqIiHeUyht3h2LS7CFutkZViO7oAhnu9IQSBWIvaOpMCU4b8Em6zVNJEouqYegRVK4Df7jHEn0TPug4G9Po67iAATfN7R+O+WA+xevY9ODR6YjxreK4MAdMIHgLAjipn17AsCHjKfr\/LbJOxgV5Bts7ZtTo1ORRDNpU7u0WPdt15cUWFyOQ1Y+aKm2WLmBnyorS92KWrMEkpw6cH3YUdUiJ2OrrMcH3TsFV9h6\/3\/gBfIbSDaZQlZ0yTmsXpE0QIDG3TTALbTk8JTeVelR04v+GvYnNgAAbMP1n7OdDLbeVEIgUA64RpHojO\/XGEX9verS2XOEp4x5GsX6IoYadcAPqeTW4WMYy8R1WZmOmQflBW473fh20GaNojLGUgF6yGaRGwD9mQHceL8tiL5yaZGbK1W+UEpsuVFAlgoFRBQrE5lA1D+UslFK9gsDNyqWS36s6dqrLgVVnFzRnGa9lWPvP\/4eSwHnN7dwcqwTnRtFVlgTHVXZ0pCnwY1bYXdeCpQwvxR6cmP2\/vuySYmCP9pq788pDL4ZGx7xtmz8l\/Z6Vx7c3GtPIWKo\/4orGPVKagy2q4MOwYOY3USuwakjlIHksDgG5vXIqqowHc1EcS8K7Uby5p3Uj\/xLEMg\/9jHSW3GRNzSKQliPLT7z2pMkVO0pZbmCibcpZk9V0AeX1wIkaEnE4oEGqJJLSowYrRVLcSoK0l+DNSeaZIWVBDzssh\/w\/GiIclDk3mleYHpQqOuHViaAWci1e\/KJjRvFvWwAR4GEfQVBqhinu1zfToNsnZGwYPB5xMpBDmei\/jkAJJxF7qlo0nvPlxo1tT4Y4ehD0SbjSg36j19alRO+\/zw3pfkK9SkcrI25p1EOBT2KD0g4QfzyaPgnPrrtDfhnDBPxGXzOnwRZHFqM+oQilvpNg8ksgTtCQaHXFBUdM5PfaXh\/TENWbmksi7lHaPs54fh3EIeAONsz593r0F\/mdr9BROKau07jgwH0cj6qGixkFkVkBqtdZLDsp+Ro\/UGT0WhAj95GoaG0OQK329HBnbR0bMvIt0Ax8XuqgdYMzAVG5lgW3KKag+d16C5aRF6zGYExvfwTYot1gaVdG5NmX2XOoLl+yl+3mnZm7geLOjzblMvtXcpQAOwf6EoITuXyhCB3r4629g=="}
02347{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75727,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPtl15AeQXgBgLMA5LAAABAQgKwtc8jUv6YnD\/9qw03ddxyHrk6ti0y3jZPRaGzMusM07M8rTkzBPMJQTn59EHYBWUnQgJvy9fZ3skrVWjJ6JGia5SXJDAZoiaJN3z4yOTGbosk4jaHTPKP\/6XwDIepQMVZ0EBZCmCr+RjApyPJk8lIuVz16\/VGnO\/VvS4eVGRuWne5IEJOIVZNajdDZavA6xxaPinQGInucYZnIi1Qpr1eK0ta6qYmoCg3f1fqe7wbaXvYR9xrK\/SuH0lCNJqS5MCjSpv7tuD3YgbGmCCmAoDnoqziDtjrLwb7qnsA9uoxksh+DdUaOqjdbEU\/WX6atc4Cz89a35ATmSSDcEsKuU29TMojnycVKYTPhtpg0ghxF9LmemAFkUzKE8AJNeT5sNXe4eDlzk4+wr5g1qUsnlCEZ4xNEPH4MCzTShCIFKjqGzet4n6GKZFBBXKING6cZjBvFjVeI8EP8lsyr2Ap235BCpJo4Vhhyb3OyCb8RVBGS9vY823ye3A\/7Tg5w05GDSCFkMJgpraW4DojQV\/Kcj4xbiKHQ\/Q0UWedP+jxeL09LKD5CWV308IUib2ziSpl9j7q3UBhwt5TNlzxczYevJDIyPyO\/Bsu1pka55bhh3lUNVM8kG+Ac\/UjD4hh6RpbU6KLYJZW4f2bjE\/JdMueDQ6BMBPZQLfi2rwdJCgec5OcNJhJIfZ34E0svHHiRxyFnbEHEyWE6amOYCaV95IuaNzZn6UphLnY1zkJbR\/FyFKN\/eiEmOnuznJWPcYFv0gtsWAjkYXNS4244RyalZWP76tXmLeyMLItJmhT8WMERe9VeoYZC9P9Mh3q2TifjUCb4pNu38zZNffIgcW8wJI\/Oj0n+2Fsn2TCxz9srJ\/TBSRXGaC\/MUbQRmyaBdC8mkz7vA7Txpc3KzSWDQ5\/oTacJiafKyD4To2JWHYyPOpM8a97byI2fSp3tymgbYpBqebdAvQFCdhzToyc\/GNwLsJtQEQMZOPgsWErjL\/\/UEIsCTrbZ80IXD46CuSKNcUS88PfuTMxBKJ3C7keqeSJDdWop\/d4qDs5QNKXgmzQluQLYoNu6y5fj4WmZzE+bM2a2rAvRMPU34dCa5ycr5R6Ow0sKhAX8q+GEUAk8LK+NJ9auh6vZtONQVwLVbnpW1LPGf0wj8VlS44sBX2ujpWqLu9nF1XhZfczCWugI0wbOJPKBHRlJUaiW40Hf7uCIXvGIk3nu0wsHxP0hcY0byiX7Ag+Ft8Nw\/uSlMgZiY3SjlVZd6zLcuz5mrtOlRw9D\/FiS4kXyTaIX89wEX+R8rflGR4CTZmMAqjlszXwP+yjj6XiVFUZnyufe7VFa\/yY0iroY\/MlBKj8oxaK4cuDTAPid9YG1gk3DNS4\/pz7GNWfIRmurwSiNGfXZMY4y7nr2FAsRuqdX37BesENYDHZGw79WoplAMK8P07XHM0Q4fGfHsF1oW91aw4IgNemrjs\/FC0UmsLjVi+MHWJC0ImmRPHJhd0OPNtJI9XJFUy6pzCwip\/UNHcA5ioXebhi6emVfo0zRN7TAyU4HSdR9cEqPySyi821Rrp0OaBPnxKuRe2OY2o4Vw+zvgQgYwwuhEqxL3JEz\/dEuCX8Sg1wz6xd7ZHR1EApfEbtzY3Mb9k6XahIEUEJiPr50TX\/z\/jpoV+UcQWHTU+pPoyLy3twdoF0UaPY2Jq7gcig4hHsFE\/v7dvA9AUyAF7BWMXBAnBlxf07+CghAkyz2TMsj1C0jT9cH82i8pmJJi+8yjBNXkuqa60WGGADzgMn3U+tgguvWFvvxOLxK1wocK\/xo7lN0nJg1gp27M3dfWdbyVdWAs9DqYu6iv2H7Yb7vY9n5UMj48un1LBU1ISN4eQteX+HQ=="}
02335{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75727,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPu8l5AeQXgBgLMFgTAAABAQgKwtc8j0v6YnAAqceY6Z1JYf+57vltEVKPm7pudPR9MLHxuxiyvDJufazk1999vuFTgfD\/\/9p6LLQMotjxvMCYRpXbRX\/MuxZw+1t0Ap9PNZtRwdBVvHyvNutKbLMFuL3q\/sAGthZkTEoPrzQqsDPnrCIdghlURWRg7JqGTEpP0wnhVQ\/42VJNsX310grhkKeY6m+ndZmIFZwDxQJKabtUHqpiVbAFzItih7v3\/edYY7A6z3BPuaxtQ6xJ\/0PmKryueirbQHlOoDN662UX8PLvyVfW\/dcV54t+13Z4GcLjiTNFBnX23s5G9OPsFh2mepdVJHINlLGcA+43TyaQWG9qeu9sFh641hOcYLQHwDte79qAOA3Pf0qjNTGMsahbMmKCeDg0itSCh\/1g+1UM9KgWajujcXe+Yq8LT7uab3fzPGmEmqAiw18i+ZMpnM3aYt3GlcLp3wwGKbFcsPCu4cwkriPZgC0ViHqcXO4OtkDY816ArJybMLOxG5V5kebxDT2DpclgZJMNTUfbjbGqLLnPgZKAFbwRHDIZLnTK5eYJG6gSEe10TaN8TRCoHuLdN0iF8vPlvcN096c3le6O8LYL\/A1P9iQ7Vli3BQ2LPTjJ\/DBQAm23hTm3ClPTKWTj7pWFrbIXzOZ8KEarFCBfnt81fZArtY2r8D2HRoWMgExQ0qTM7OWjfJ3q8Jh0a4A4nE1Myid\/Ap3wry+T1y5Yq8I8DYKi2Ud5GGvQoTBKukQ9wbFGSsFQ8SnJmB+B4x9GHFpbRFKLdaOCzJsYI0JV1R3UVFWw9X7dBIFBgWnQpsCGsf1WESreu5StOXfxqT9EDeM4GEdz46tl8Ra5PJ90GUR9Zpa40J3bNM9e9a1EhIionHMRtUPNXeepOLZSxtJgjb03n1FRGs4c0+nmqMwzHsjqrokRMlYBEOUJdb\/LNqXQ5VEzleirnhqnxFYDAU0eo5XzLjXkiHfMh6zofQVimjTDZmeHT+8OHQO0oi7FqgauDd4PTdFMl8aUIp9jf0UzPUfw6tHztr1QFGmJAFXqxKbvtJ+GnyVTrNBOB3jPAiJi92AUuPyQDazQ5pWfk9bEQlcpu9l6QvnyKYgqOJp0Tgf\/EpJ1+F5j4GZqI5s6jBh+YNF9bQk9BhcdnEML1863HYulFs7xt6vIWLkjdUFgcYsvunma5ZSA4wl6xbpiyAR5ZaycViTyydAUhgKmUvxZvrqUhEssI110eEdOpH0egPlXDIOVHRSkkXDLdy7BKrZXYKdbMxn52Uib6cBNEt41byPniHGxu33Q\/K1b7DMk2U8iSH1CCK4PnXRAl5O8Egm21bTIJtEex2mOT1joVnCK4DxRFb66aChX1Si6VHGkPlEJuf4j0h9oDwcpK3EEgylLahh0wtYAZI4jx43MrXTTvxm+lDsFpnlnrOVs\/vjetJJNsBA3sqgHeKMXYq9AmTgCPNPdlt41WQximh1h39nWPc0q\/m31fFMc02F7LoMA9we5Ny2YJFsrhz2dOD6r2W5HTDlaciBY0rRgRN4CW3W6u1xUBaRNYy7V2M91oJ4D8HO10tVDjPo9cAGfAlXn0IXxdXnjofM7hVJ4+FUNJwoCZAsJiUD7\/drsDbKGvYaW\/pO4u2EN9JZgO6mugyye2dei4+ku\/nx59d3Hkniill9vyssYelAwnHu3bedCw4Shad+t83glCntahuD0CinIVvG2vm6T4Lif\/YI1ll0rwgwt5O9aiJw9Dq\/qaTBTGSAyhiPhu6K6ZztCKOs5JDE0WPh1dqSPC9StU5TsScoN0QjLMGms8dAt9hVasAnNxQl9cQnxegsr2veqAgUXAwMBGVjUAnmZhHaiGCTjqIVMuEChaV0FlbNhWw=="}
@@ -439,7 +439,7 @@
00455{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75771,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB5Bcaj8E1gBAB4W2bAAABAQgKS\/pio8LXPI8="}
00455{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":75773,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB5Bcaj8JwgBAB32xiAAABAQgKS\/pio8LXPI8="}
02352{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":96859,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VNtBZw3gBgLMEx3AAABAQgKwtc8qXOjJWIWAwMAegIAAHYDA0MYgONCCa9mxoNBznoU39cX\/gxys5kZRv7vJwiQPsUkICPAGuufUOrjlYhZGNPMkbG+4utdfOiWk6+0nf\/wCDAKEwIAAC4AKwACAwQAMwAkAB0AIKBTVpN+kxkLS9j6fxcjMwhK52xbFhf5ShOPEQvLencxFAMDAAEBFwMDAC7ba00wdiAFW3zRbKQ610nDp\/H5\/e1iubnovtuVZnayICzBtwiWpVJLGxX9mrznFwMDClmbAJ+7xdRw4zYAFPgjs4IT5ZAmMPO2eQ4fDaeMgTb3cFYv1gPrU0LQAe+\/O0Ho7x\/kfqLTJnlA+QEJS1Aty31h+X1zDzduTL5NqW7xQqiHF9+yb++crRygCK0mHunurwtP5B+U4JJVTq0ytq\/\/S24JBmdEeAN\/iIQn\/fu9PCPEi9\/mxBbAEIr1USOK+VI4Q74WM6M3ob\/qZHm+HmQo90egw11H7\/YNl5hTaS\/ju2\/dYt6evloNyqQHtw6doKY\/SMMBFx3BlEtWVNFsrA1iYky9QH554OsBcYnu4k+rLnOPOfz2\/RQf8y5CIshDrK8O\/RYmgpnwbqvmGfHviOitU2HrOI8Lr4CQ\/EeYAmeEsY30J5HyLypjkZA+OEnNHNsNILRS38jszS3c3D4Aq5KRV6TcZlann0otar+uLm8MbSik4t9WmgoD3\/\/AnwiSke45mwXifFJRh1iWAOBbmEekqCWEXulVKvHGQP\/9r+GG7mPxYLNnBz\/N9HJi+WGIAo9xsuN8NopinKZqNVVJ3mSFWfNlGKDBD4GQ4MzGKu2V+7EdhXKUqEKzTlY7GnZQ9iBy25HmMglt2fDaMIdpDLcin56\/2NcwOlFSI2iywz4rbi75ZhkqOjZZ2WSDCSyoJLsC4QUS\/UscnMqM9kMQJcPfLkeD43oliuY5nebcy1QSQe0oLE9PCw+fEjpWhyW1EIZwt\/h0CjiMghKadZ6KOzvYJWM04tW+tokUSlgAKyfp6B+JwUGLJDBqaOdAax2FAFjUNzWA+D8f8GavIpjJNz8ImQKh4rNtfeKXwL3Ewm5sYkmULqda+vBmLS2cGpajJV9PMcxFLw37mKOisVJSwuih9Op9Ud8o6TgXHJjz50lLzFBIOynIQnjViNenCiPJj1u5rbN6pkxX2rDgTIMuM9VtLfgGcG4gkaoPRzLixDbtkovlxjJ3ho2U0n0elDIOD5\/+FdSKGPf\/uRxHbrfzTP\/MrvTBknTCbgU8Eo9NqLr8\/Ev5aVKMLQL1rH4vdXNGnHwsTPuykCfEYg0Yn\/oPuk9dyH7aOirAaEWrB1kz1w8I97L0\/qL8QXz\/VYMfPkadeXVVjWFaR7QXCJr2JkFHVikxmoUBueEUGP1iWFVvDyd2gSSbqKDmkKF2CG6RvNAdu6OkSeS0k4v9O38G1IcZaCqQkRZc6ZJorNeJ259IOyIYgeSTpRgvZdkE4ROC350zVV06u4\/KNCSf+BwLod7c2MDw7t1cp0RjMXHOfrZyhK1PE1+5of7oC+X7ONp3KZksn8es+cHA8BmgJHWVz50jH2R+mVX5y4t0djhA2qgeIXTeIwfuDzQrfM+shv81y\/ck0nWBkzbrgMptblfRjyxQ58ay81VMmBbcnq+ZaCZL0Wf9VQLHaE5z14T\/2AP1TbHVAd9UPRvHToMFecgfpdO\/EmYrH2s+EslaK20q7oQOTYs5YZUNdos+GQ+kKkl4upuoRkuxCLdfoLJAfsrhqWsOnNFPVywPdrWMbxhWegTyqmTPHkavZUB4JLXBngpKyhvQUwKL1\/bFFqpZMHccmshw9BeiLzFlHOaql+6PFwpIl4YdLUEHWh4PxJlURWWvUVhuxRdUnA=="}
-00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00860{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1962,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1605291686996,"flow_last_seen":1605291687096,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"c.aaxads.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02338{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1963,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":96860,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAngAr9tBZw3gBgLMLsyAAABAQgKwtc8qXOjJWJ9vuEw\/ThTFafwMs0DrqDhjt\/i96kE2+0HTP3V8xo5ptFiod4XDlQt8wanBjOh1S2A6UmA+GAuCiinErBOGpc5DkbOdCFV4ps8r9PFLUCePhtKuX7JsZrw8fVmfB5AkvCVZYBblre48pvBbPFjgRB2X6XBSoYw9t1IcFRJo7clAFlcGtXpdfqrFT\/iJud6u+VH1tqjxtBBiN5Q1JGtFJFpRI4o2j7uZp74uaLSqmlm182uCqhGk2puPfMTWYa+vzyx9tFQRxhSvVB50WaW9c216Qp5LUfPiQ+lKdUdtOD4MZLGDQrs9iHDd98VbRPN4f\/J7FtFKYHzLfEBLBTArNKXO57M8WrqNCAZcfFrhUiXyg9wptAZtr9TNC2O9rGl+DJuUs5NIKA7wzQpT+CWOF2QZ2NrHdFFMcUFjV8riiDLRcV+Ei7rnrGWSkNrJA+o\/KQKX2mvWTGGcXyUFTbkQjdgt794b\/3JMmtR\/fK65SBKwveo011Iz5Igx0LYddUxNvawT3RVITNGMTRWB7gvEnqv5eCI5QeZkDCNOOzfNfaMVL0p8g2XuqzdzWkdS6kA3vk\/bDP8PWhjX39g4+wPOa8ZLgYCrSPPJ5JwSYlAPJbOoLnHZgd0mselHZG2aNxPcQQC1uc76fAzy+\/P3dw8HUl2YxLiRYGC13yXo7HQOFyNBP7NGYsiQmKWPGuEs8994C\/Sr1\/A59jl40C33HSW06u7esdSjbVxOm9S+SvWijad0MxmrwSOakosC9QzVZldifXwaT\/A2yuzzNpwP6YdZ5Zg4iLi9bGzYrH4FqqdxrPWdai7mAuFazdPrvRhJRaUHHlyWOyUrn583ZZNVUXJO9IxlDTfmvZlYeaatW\/7ILb6N8lUkLBdgyW0+NPJvFQwb2Jp5W3LLhiRKLV79K0X3V0eyz\/1wQuwWdesHDNr2ieMyDQTs5Mjlp2MGxa1Tvhq0EUtb427A6krKrlBe5QvySn\/uItxSkwS0yyWselmTV5e0DymOy0zYm7Q2qL38inrdHHVxShu8t4QS++AvJIbBTMEbQr3AjD2Mpt\/KQgbZbaarjyluiYDru\/B2JkOzl2ha5xg3jV01xMUTWZB8\/ADblVo2CFOHyCf6SM7j8qjrJOJB75egtyKJNU64nuxW2cVHoAhMARmsE4AHltYf3KwjOi4ptCvu3GA8hw75LM10IyIwJKbG9qKpPAAqJxyU\/jsUj66kk+OxPWwd2PFXG0qeGoiT65zXXUS1g+8wfY9vHVo7SE6vgT99i8oPFT7ApTJtgr7X+vzPgbaW+s\/Cnxvrkt4cXI0wVNDnjcm7m83juvCHAcFdAMAoDplkkXYth9pcsUsdD1BCGMC+FUkZct300JVtYsbGFZP5ekmtmD9Y6oYoA9kS4abbkhPFGmwvrqNRJVma5Z1SlSQJBbHNSaSgWxPtVHScynQ6blJGs0jaKDHBSrVX\/cId5wijWTnUTFwXwEKwkLaYwMAezGv6T7R9wHgXdtKHFRGUgQpAWLUCXxAez4bPiY7qIkDd+ryUnsSICyCsGdyJGzS8jfOSa6DpnnW\/AQZr5gY26T9cWWeSB1jf+rlAickGvJc3xMgPTKyUORYDHjkNtNo8CQ8Pwq9zLtl1WzP7i069YXfEft0TIv3b2Tt2FPeUQs6aXasRf3738A1kzbNKy1CRq2IyUbV51CWfTVw+nGlHgYDwVG02r4Mh0tgreiAIhqbIF5KJia88jZNT7bjA5JI1kBWBfmvsAoemVFnBgKwaWdajdwQ1UUzEVVseEw\/0cD0FscT7pWAiRcD+\/w1c\/bT1N09RTv9MsZAAsl8iKFgZKdQ4eqcI8sxd6hhaoTQ0f8i0muhBw=="}
00779{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1964,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":96860,"pkt_caplen":324,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":324,"pkt_l4_len":270,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAQ4GPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAngCCttBZw3gBgLMBi9AAABAQgKwtc8qXOjJWLVoULR7Q9V2rIPKiUxoXF35KjSgvcWeMi+kPpQEQL3c3SVw9jyx66\/tE0W2vKsddsGR13DkTjb+96PaqotZhcDAwBhjHl7i5HNjqksylN1eNcm5CLUY\/RIzP3IduDQpA\/Gi7c+a6oXIZKXtBMdUqSG0cqtChn1bs6UKk9l6ZElcu1VrsS2bEkuoQN8DFZUhkOsADcvJAqRbEqV8jfgvbOh4cSTYRcDAwBF3orx51IqRkoCntzkBk\/RIR6nynfZe2EWZiT89CxGE7FN7axExT0Toj3NWz1a8Zau\/OsMziC5kYMpq5cyfMy1FteKvERr"}
00454{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1965,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":96875,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FnDcJ4AK\/gBAB9c2oAAABAQgKc6MlqsLXPKk="}
@@ -450,21 +450,21 @@
00584{"flow_id":24,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1971,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":99567,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fAHwGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FnIcJ4AkZgBgB9fylAAABAQgKc6MlrcLXPKkXAwMAV\/z+RxkDlJXvgJNE2QhL+h5zglcobEvykxlM2AKYZ1uN5JO5pwiygkhPt1HcMkVQ4O1yuZIvKq\/6AA1RewBjfYBqXii4ludFjv0O\/IMDmsQbRZqJwFtiOw=="}
00834{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1972,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":99697,"pkt_caplen":364,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":364,"pkt_l4_len":310,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fATYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FnOMJ4AkZgBgB9T2pAAABAQgKc6MlrcLXPKkXAwMBEel4+2s26Q\/\/+VvqkI2wNh1vDtUyVrJe1S2V8IXhhSKyES07bw5YW+WDEWHhUs+h3LkoPS4AlKY2do5hp3rzAARAqv5+t1ykm3xgDzVh3cRIDZoL1OdifHKhz6PJzxZsq4EE6ZKWId9JwohEbKkSl8QtpvPET6gzn1rPY+ONP8e1W8xQ49JnxqyzqD6JTv1UkNGZmQnFz1tZNZceTwCHV+E4k3QZV6+lk6JSTdUmtBaK9HcuJezt2oBrsjqnytxmKjyy\/TtPkrVTmQmWamPhh\/IMQ+Kkeycct+uiMQ1LoeqV\/KxEH4emAjvSUkzAdPcMT5nLzFy4gAIs51Tmhmbu7RRXJdI3qFS+vYeEI9GbLFFxgg=="}
00457{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2033,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":128102,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAngCRltBZyHgBALOr2VAAABAQgKwtc8ynOjJa0="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605291687485,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605291687485,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":485783,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ4AAAAAoAL9IP2VAAACBAWgBAIICruOxrcAAAAAAQMDBw=="}
00468{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2341,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":512994,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRnoyfz12foBJXgAjWAAACBAV4AQMDAwQCCArC1z5Fu47Gtw=="}
00456{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2342,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":513017,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBAB+4zMAAABAQgKu47G0sLXPkU="}
01150{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":513279,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PXZ\/60Z6NgBgB+yruAAABAQgKu47G08LXPkUWAwECAAEAAfwDA8gKXcgEK+eLAD0eAVBdxP494QtA9Q6J19dpsrnIF6s\/IJFjz4OkKAOopoyn1vDuvI+kyb3ehZCReTI9qtpTfphWACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAIwAhAAAec2VjdXJlcHViYWRzLmcuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACCM+kww4XBsO9uZgHbtPEkxRf\/Li4AsKAzJSNegqbyUJAAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAJqagABAAAVAL4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605291687514,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00852{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1605291687485,"flow_last_seen":1605291687513,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605291687514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2344,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":514756,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5MAAAAAoAL9IOSoAAACBAWgBAIICiRA7pIAAAAAAQMDBw=="}
00456{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2350,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":545133,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRno2fz1+kgBALMIFtAAABAQgKwtc+abuOxtM="}
00468{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":545133,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx0ItjeUoBJXgPGUAAACBAV4AQMDAwQCCArC1z5pJEDukg=="}
00454{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":545171,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBAB+3WHAAABAQgKJEDuscLXPmk="}
01148{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":545503,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2N5RscSsegBgB+1xOAAABAQgKJEDuscLXPmkWAwECAAEAAfwDA6sAiYRVVUdNeU6qgV+6RMsMCIZAzjq+68NrjIRzdTDzIH6Nje53IGXhSc03yuiyvZsWos5mhh1w53jt4PUlCtOeACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUcGxhdGZvcm0udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIAjq9VoWgWPxpcjAD3ywxiF\/9WPMGppuo1idcmIeMRgoAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAgoKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1605291687514,"flow_last_seen":1605291687545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02351{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":552593,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRno2fz1+kgBgLMJ\/wAAABAQgKwtc+cbuOxtMWAwMAegIAAHYDA4Q0971tD42BDRCXxrYNmfzE5rvpRxqd8xm667gcIHKWIJFjz4OkKAOopoyn1vDuvI+kyb3ehZCReTI9qtpTfphWEwEAAC4AMwAkAB0AICxsO6jn1UeoH\/z3pcQ\/Ea+9PZYgR9JnTANSP8\/4EKhYACsAAgMEFAMDAAEBFwMDCrSD59bD\/ytbouyCH9KSOmw2ZHEhH6iwO4PphPlpiIWJ\/WwC++GTP5QZwlRULUiS3MwC0pCMIRESk5yQKKTcGHjmE8P\/+h40xZ0mTU1c\/MzjG28jyBo8GyN6n5tyDlnlNPMO+LbV4cuJWVVZID7SExmVRcZM86PpFoKIl\/+X0GTIA8lwOzGRt0wWfTpN7m1VJ6jE6vszsPVPwZPwKZYK7gGAeoEdD4eUJZy7HVZAV6fUpwl5niVK0\/Dd3uBLeUA0sq9jFTza1UwzClg3aP9opjkx9nJVL2C7mlu4aC2P3OzBsxa6+RO2MXDoXjFVlgh9rdtjDX5wyxZ8snopH4ETywGlWNdlePJSY28EMFZ8gKzekh\/cbqw8NV8vdEA49pT\/OzI55CY4boDCCWtxmsCosFa5trXBU1EJ5a7SbcdRf4Vr1l76OpTzS7WzdFA6KN\/S8CmsUUIKA4hIh9xtq+C08paInD\/ZJAvcrifEVgbhPtBcNB5Xp7kYFdCa7AO24ErtuxpzldGmxBNZlf1kTkNPqBWhUt3ktU8AZfILO1XSO9RbzaPty2sdqhisI2hh6hkBlI1Mq9A7npIZcfL7xXOPkgGWy9\/ASSyu6HCvhjFaQ7XYOGLuSsmhMvN8Ilk7HZRvXQMET80bP+RLqNpVwkWJlgFFZSNv1\/lCL3At8qQNKhQ7JFbAfpMkp5MtM5AlJkq4TTKeZVSZr\/nUmlXU+A+Sa6BSqI6QOeUPGu5Umm4mf30Wr+382CLjqQ3HZhjqx\/yG\/Kw\/KkZuNtY8RCtLXMUEUOT\/XBrfOQuc512EnvmRQnpsN1WnLVMbaQJIKC0ZTM22L4gfa3eZoHtVVRjD0\/N\/bowAKohWf1G7b6wznOk1HZQx8Sc0oxB7ulPTbODjQiRCF\/UXSBuzrUJGaZduMSE\/gqsH\/MBY9UbCOP3wNzkBlRgn5zZdc7RDRdPlCjT5eYVZNLaOQjUSl+puh\/eHA0ahYUtQsFB28VfdVS5KaB66tyNP4GHfb+zeIDqtYI70ZHBfQPHDbIIvylICxQPCwtbXJ+cT5Mz4V7abr1i7g4WgiHcM0cPzOI9AKx5+QDdJYGDFeRPOTvnVMMdeLnomQmp5zsS+Om0Li+\/OiS+NfRRWHFAlH75ey3gxHoSyDYBvY\/Ybgmu2+A64SRFAQNNmc7YCiChAgo5GrO1YXse7zliPoHEo2lbiv9qm5j8YXUb7oQ987so4ifVkwaB81+qBkESeAOuv1VEV1PX5t9mlTgAlWduZwxKbU1yy6dPX+gqzdLR5oeyWOb+DW6h5XgD87MruFnnQL17s43AWYn2snqgYSZoqpjL47UU9GmXIPaMn2PGIfHG5RocrtKj6lePDemdgpS\/k0SMoRPcsY6\/B26\/Wb78dJv7qjY\/\/L7dFF+9Qv0BHy7AnplzUpNLy\/CvKFb0T+erEtQBNzSnXbh9ZCu9zfDw2S3VRfirZ4bEjwdtUkZqDLAMA8N7AH7lOjm+pIZKHrSh431FB4o4mBSO4PvXUUcfzBR\/I2lJYpPkZ8OWbZ2ku55D1zboVc4rkHBuzmQ0qLl7FcuUOr1eZePgp\/g2LwzYZxypw+gh3IhvYZQrwMQmJxmCQjxfZ9vCijFTwRcOUDGyFuEA8PdHLADqs3ipI6r2zVwDtDXgaD8vw11KC3cVJ7BbXWg=="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2356,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1605291687485,"flow_last_seen":1605291687552,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"securepubads.g.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2357,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":552611,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDGJhACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACs2RLCx1IBu5\/PX6T60aP5gBAB8YURAAABAQgKu47G+sLXPnE="}
02344{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2358,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":553134,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRo\/mfz1+kgBgLMKQ8AAABAQgKwtc+cbuOxtO6MvXMzu03ZWsKybUfb6UYyBk1V33eePkvGWn+QtR722KNYYC1p1vtYLkTlouVpBLlp1ngmYn8E\/MwHrpEeYncZk\/Z87CwZACHdBSSLosaXqWoD+J+gOhfiwmzIn5MXHHvCTcr\/Mmb54+cThQtlU88vZKA+BKDnQHSsq3ZSy8OeNDJeHXevty1EBIfxsXHNegUyT1whCvdrSiEXm8IORaTguxnBiblzOXDmOEAhi\/SF40Udu+aLXtd+mipeRk8EVaNOKW0AG5iC2OioOTFZOTBUHRT3ePNcZk+\/QznP4ruiB33xhTT5iTefumZE6mloXgquFPY6NY91fbraM7z1IJBuMBats2hQmEV+\/x5dXAX2yz6tLjtru4Enlw\/cmFGmgCpC3T+13PEIJMqE++S\/OdQly6kI+qGQ95ueiFqPfzuxhec7TtUzSQ70z+SwqwWyNs\/0n2g2xA7huFOfDpTetCgezl2GpfGOAwrNbJjSb4Wj7H5AlhCSMQuAuR\/g1YHqRFdToYg\/ZjSgx+0ovVXjl9o4GJf72LMqveC\/ZvcTsnmDkk5HBvmHCwoHeSKm+g0BsdrO66dWqmVCGwuh3RkslWRgc99a8OASUKIcb5hC9IZSxzppbsCmTvlhSCiPaTU9uLsaaz02pUTIhjiosh2XQPppzi9vLPdpcaMWdVJ7Cvm0nvhjvf3h6q4A6ZN06NfyqWonTPXLsE7i\/ypKerYh23sfKPn1f38UOhkzo3qVSg9eUPVjbMl8kCMC33FqbFXg3pUs4UAFU6QU355GHEZ54KZycodyjDyEWl2ziP6xLWjUAT7p128tayHvKt33Hjus+XJTkCi\/fIEsJCjz+fVxFOuoIxLfWL6Dq3ol1bYPQzotCJNa+BRfcMGpru+cALtgRTHSmwGWMk4Sr8U35O8DIqryZ\/pXPMenafdsvPOODWRtJCLK4QhSMZW\/i9bAAhiza8pHaH5y3onOYU7253QbBktIPZNSD45o56LUHNG0\/KeOpHotlGA76f1EmULjY0Q3Zh+\/IVKxo6FfB0VBTua++gj49\/84SE22AF3SXiZmYhbyIMUnCPnFwF8a1cB6oV6dP9CpEJ5418pbUIpF6A9Ab+XnWiqv8P21gu7nH2FZKOcFf07v10reWrapaJMBoC6F83PQ+LartovWuNzQJ96z\/NrFPwFbXasrCGKN6eEM90iOzKDA93j2vmrzsAx2CPMpQjTqB4ZKbFbdMqukg4JAl4p0byQPPOUqf7AS7uIuTqdi3eiUKIarfOcJTMbW1xk2nTC3lRPGqcCM1ORZ+2E0wC\/h7Msh7WYTn0NUJ9BBnpf0g\/dlgykw6eP7VQxp0QqnWorKDXy3JtrIGm0TCJjoFROKrnncc+RCRymeRF8rKg\/TtqtO68Ml39KT4bEFXZM8BqnOmz1it5u8jk9G5eSVD8zcUVk5xdpUIGLgTf7PvHh5ZCdJ1s7KpwWd1p7E2nM3cfKkFCIXHXM3N\/HGYHyFZtSRDoZUDpbPFrFLVtP7pGEqqgc4GxqKqAryJ4+rPd2KSLbGnxuIx633jX\/CMr53OnPh+\/1sjrydaRxTiIUzSRc3AAYrc7muUXJqIj2KejGQMnCOY\/cw97Y1fr6\/99GaTbuK03ETAwd6UPKUy\/9SPlomafsHOoSwdURAslQAh8XMWA7GSDTGZVGlp0OrhFkmTqrSeP9cpOcRi9ou6q7B0srEi5rEgDJM1LdpY9JuRTYgvR+BzGFPrzPRPBzlLgDH73G4YV3nu6FXoeiwT7lOAzOmUolCcWIajuC5sdarhS4WZgNRU9okrRn9TxKJ+nIRfeHJy7SUXtS5mk41NLV+t9gdyb1839q7ePPwy3Wlg=="}
00598{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2359,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":553134,"pkt_caplen":188,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":188,"pkt_l4_len":134,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIYGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRqWWfz1+kgBgLMHClAAABAQgKwtc+cbuOxtNkZemhbgwASoxlCtW1abhK3B\/tL3dWopbbjUQhTzBLCR4uVXy80v8Wf5q6EgkF+XnIGPIVZVc0cBICLuUJqZmJLhXpFJEmb3RvVqvx9df+iFHA3ksavgxAW3\/7kL6+vaMI+iBfh\/I="}
@@ -476,26 +476,26 @@
00458{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":592582,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAKzZEsIqAcsBIEmLB5kd7IUo3\/YpAbvHUvrRqcufz1\/kgBALOHWOAAABAQgKwtc+mbuOxvw="}
00456{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2367,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":592583,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx4ItjmZgBALMGodAAABAQgKwtc+mSRA7rE="}
01864{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606576,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxKx4ItjmZgBgLMJPgAAABAQgKwtc+nCRA7rEWAwMAUgIAAE4DAy0SYJ0cNtmq4zTUYaNT\/mQ5U8ekMLR66w7D2W4X9iRfAMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMLRgsAC0IACz8ABoQwggaAMIIFaKADAgECAhAMZGtpwlVfef9DY7RNNRTyMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDgxMzAwMDAwMFoXDTIxMDgxODEyMDAwMFowgYwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMRkwFwYDVQQLExBUd2l0dGVyIFNlY3VyaXR5MR0wGwYDVQQDExRwbGF0Zm9ybS50d2l0dGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANzlMFAoEQs6qK+3mkgsN2i1yT8Dq08psB4TudfWH01DK64ZD1yDm10Js8kX0+es6UZbtZM6zR42t8rG9D2OC4LNGHiJuSY6Bg8Ha2PGDv13OK4WpmgUaKYyBdo8P0clpd4qdumgiXHvVJad90KHt4YqLHN0q5sVe7WqBAj2gTP++ONwLvUuOvXmaHIshWHG\/bSf3zaeUTlc5KEkHfIhNY2kbUsk7bVN9mCnSK3PRQ7FH3XTe9hVtgprw7lomfKGYkEutBBW3KqdS3y9qlMO8sCbCowdExYQfL0NGJ\/MY6Fb1yotRPLo60ojkafjPmcIl7wzIcEG82JhpPOHNaiZiwkCAwEAAaOCAvcwggLzMB8GA1UdIwQYMBaAFFFo\/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBTa7mu\/WkkF5w1CwtEDLHZcZpl1+zAfBgNVHREEGDAWghRwbGF0Zm9ybS50d2l0dGVyLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6"}
-00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00900{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2382,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2386,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606628,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OZlscS82gBAB9W8AAAABAQgKJEDu7sLXPpw="}
01866{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2388,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606671,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxLzYItjmZgBgLMFrcAAABAQgKwtc+nCRA7rEvL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEGBgorBgEEAdZ5AgQCBIH3BIH0APIAdwD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXPouBXfAAAEAwBIMEYCIQCfFsQHvkAYhHikadTJNQlbuNU0neDCtWhiOG4qZOKzDgIhAI3eEHKPjP0rRpYkM2053nvGOAeHHBY4pGw8Q7TbonEdAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFz6LgV7QAABAMASDBGAiEAxrds3GBqlfIjGU8lhvoNKK8+n7jB6xQi1qcFABu5DSYCIQDLRMe6Ln03r3zt0gMFMoPLGfs6P90ckEOMy7Qj2pGC0zANBgkqhkiG9w0BAQsFAAOCAQEAWaP9VDBxpgWutoTx3VrRJGgQN3lw1gjknie3l4DdGpftoort4DwlzFqdSR2R5oLDR427y2Doi0unucMlpjZcx1WLcuyWm4XOblpvK9XV3XLamjhbss1IRMhVqw8pBLgOTFCykUTbbcq7vCFDWl0j9wHMU4IsYFY67nFa4JYrY6jUecIoa\/IQ+g8r\/3Kfiw2kYkwBxnG2Wbeskx\/Xb6ZZavSXC9lG\/2QBgAyFEpHK4VYAiyInv9vzPPlAW1tX5eeMciOxYg7ctfeDBbB6tsvKeNPFd6z67APd4fu20a7rF\/owTJZCig1dQdEQzHW+X5JOXuF74vcjM\/v1vMDqs++9OwAEtTCCBLEwggOZoAMCAQICEATh56TcXPLzbcArQrhdFZ8wDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIxMjAwMDBaFw0yODEwMjIxMjAwMDBaMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC"}
01875{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606672,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxM04ItjmZgBgLMLePAAABAQgKwtc+nCRA7rEBDwAwggEKAoIBAQC24C\/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq\/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK\/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j\/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV\/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC\/zA\/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk\/gNHE+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly\/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zuxICaEnL6VpPX\/78whQYwvwt\/Tv9XBZ0k7YXDK\/umdaisLRbvfXknsuvCnQsH6qqF0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp\/BIAV0AecPUeybQWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBRRaP+QrwIHdTzM2WVkYqISuFlyOxgPMjAyMDExMTIwMDU2NTdaMHMwcTBJMAkGBSsOAwIaBQAEFM8m9Rj6yX6PjLNC4BwvahCejl8KBBRRaP+QrwIHdTzM2WVkYqISuFlyOwIQDGRracJVX3n\/Q2O0"}
-01214{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_tot_l4_data_len":3965,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}
+01225{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2390,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":9,"flow_first_seen":1605291687514,"flow_last_seen":1605291687606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":406,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"platform.twitter.com","server_names":"platform.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=Twitter Security, CN=platform.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"2B:30:10:3B:07:2F:F2:EB:3D:08:E3:BB:45:61:F7:A3:9F:4C:A7:92"}}
01310{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2391,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606672,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAApgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGxxN2YItjmZgBgLMK4EAAABAQgKwtc+nCRA7rFNNRTygAAYDzIwMjAxMTEyMDA1NjU3WqARGA8yMDIwMTExOTAwMTE1N1owDQYJKoZIhvcNAQELBQADggEBAEptM2naSy1zjwn57k1Q5MY7t7frIxTBGG8nQeTr902WIwmcuxu1Vzx2fVxFYksTxNu7nSZadgLEjol6AS4obuG8CMkBg6fhE7P6qOyLkpOWx7jMg4vKcwqwu6x3q8q+bBUq5Sl9I8V0LCj6cik7oJKYbXYNz6uX0TI24B8H0a6BnT+oTafd2h7xAWFt9vYRAGb3wKYGdNbcoHF63AwEzlGk5JpgMrv7HWe3SoecwNacu+aCpeCMWOQgp0RkMIa8KB29+8lBOZN5neCquT49xdhVDdWDow7MENMrtkSNCF5Kd8KiYLjQEWN4dr0EZBvSLfulapQmwWlcEzjUJg8xYM4WAwMBLAwAASgDAB0gVG36299h7SaR9Og5ch1X\/NzW1OrtO\/gJay1NoPkqRS4IBAEATAIdgZ7Rg0ceq5qvaaZm1orKlRq7UQ4EksNV6pb8g3YqIRxB7iz1rqhhicLrJZ+8iB8qIHSxQyD4C1V+NkzedoS4p8eKfrcxwCKNpHQmVu9+GOt9Rsl6v5sTSiIBkp7dZzJKMyagOOdr9gMNjPXSrKrXZll5OfjoNc2RsaA\/TvH4zbtiH7qxK8p0W\/OKcAPzwTWE0j5LxNgg6I0PIS+j5s1bZTluoZsgQgvUMHkgAyZM9USf81P1KDOyPItHxpQOWynQchiwSHYfvIF\/q4Y6GQzbXkCdHFgCx3Nx78+izL4Ydr\/kiI3rdFtQAj6Jj389MhJET+GiN8AuIWry4ftzshYDAwAEDgAAAA=="}
00455{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2392,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606677,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OZlscTNOgBAB82rqAAABAQgKJEDu7sLXPpw="}
00455{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2394,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606687,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OZlscTdmgBAB7WbYAAABAQgKJEDu7sLXPpw="}
00455{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2395,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":606689,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OZlscTnegBAB6WRkAAABAQgKJEDu7sLXPpw="}
00582{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2403,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":609975,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OZlscTnegBgB9QTdAAABAQgKJEDu8cLXPpwWAwMAJRAAACEgwJfCy8hYegf8vK1gEd771FfULAnWR2VKZ360NviDzVQUAwMAAQEWAwMAKAAAAAAAAAAAEwtwOfUQVmc1mHUWH7ov8ZceZBEvh4p0wiGKwlhnIvo="}
00593{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2407,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":610090,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAIMGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2OfZscTnegBgB9TOvAAABAQgKJEDu8sLXPpwXAwMAXgAAAAAAAAABjw9BEk2YJbGDeK86aZew3Mf7D\/Z5M1FLMpMQ8HdpJQ50oLyOWImN6mqth6m\/RP\/40Ks638qoxbNS0Zu2LZ7kKA4tnQgaNqn6+tnLpBt0GmlBEff7vHo="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605291687642,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605291687642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":642048,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxgAAAAAoAL9IGTNAAACBAWgBAIICsL4XLwAAAAAAQMDBw=="}
00467{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":676357,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="}
00454{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":676396,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="}
01146{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":678071,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBgB+7zOAAABAQgKwvhc4MLXPuoWAwECAAEAAfwDA2DQ5OxREVO95xl1cBrII9zoe+SeXEyLTL2RY3d38wEfIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAHQAbAAAYd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACC7Hzx8NSeckRnAno888LeBaZNAd1ZxsSahddbprKYQMwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2546,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1605291687642,"flow_last_seen":1605291687678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":714410,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBALMN9QAAABAQgKwtc\/EsL4XOA="}
02096{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":721930,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBgLMF3EAAABAQgKwtc\/GsL4XOAWAwMAegIAAHYDA\/uZrX8h7IXawYrQ5wq389KsjGrAZZxygtjHu2ETGvNqIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+EwEAAC4AMwAkAB0AILpVX8x4ygKiHNxcRJVxoY9tp\/Mj4c5TuAiBG\/OYn5oNACsAAgMEFAMDAAEBFwMDCsS0rkF2GAmTyZck1Ppv8aMyalfo9ib0EEMCzz1Q\/kqQ4aJlc\/Vf48jPZRR3ksOezlCPYMNTcQGgHVEN2edvC0GPeDUVJ5k1YTazs9lsfNBQ2K7sFeoaGS8sLjpYme867NCIflvW1EOUX306GCAJZQbFt0dRpAVr9I7lDRz9Z\/75XUjAcuY2L9VkIn5B2ndhluZ5xuqs8GFxp57QP+OV4oST3ArNg1uExRHcBoIdbbBynusxveIeOnRwlV09HqgJGKiBvSWQynxv7DviobRppO8aH8cc\/JoSITJREU5YKB0HEp64EgQzNYnZPyebo0Gl2knvrn1G9d79ZFnJlnzC\/uOAMjec5RY+LgMBvb20GZYaj2+zW76INxKuDv5MjHSpW8OwrzKSARXNVUJxofdnfhIbgqQeYupH4\/Ezh7N5VFEgdGmx3dEVvbZPYhBgUfxAbedQK37U4onqkQ4+03pbJt3wNSgJa46vdIfbxGbWpLKHvHIAbOPbeDCBDhYmQ1uSP1CVqz3QHnb2A7UTW6nkojlHNP3U4ZNdwTeRfu5oo5oX6Io2qcgFuc7QBdtShIKyDNJzWvVo3xXTm0v1yEtrbF+zSy1mSYUwZvIl1UjRCzuCqnHCT4kA1WNL8+2LCish1UxufclmZKFACs+zIOyrc9l0BF5aT2+enAC03FQVmbJ+QJGXSbyAsfH1An7rQ7x4gZ+kdbh3RCUfXoY7WtXrp9J4UhiUtfpe0N\/gIYBsSDv3D\/Z31\/PEQWl7uvVXBh3bjEqL5Xl+pJr9QCsz7jYKaDkdruwm\/duVN4F34knp1NQ989pgA\/294cAc+e\/WTZVDIdsEYIDrm8J3NADidPhKacYVdEyFerx2TqHMdGJfcFLQpLRQSACeO2DtFtBlKctfD7hMC4erSyNEj14+2OTc39Pv3xNGYVAXGkm8MKi5sYDSYSF\/A1vkT19jYc5bMDWSIfHTaOgHH6XQ7z1hpK1caPI14ufEANnDAiurcD1NqZO6bizMfqGUz45lyXrm7Z1bGcMDGewxpB0ux\/SXwNGHVhxVlaJ6rSk5pqjE5hDuGEqvxmNk+eycQ6M7t+fmw9RB1cronnDEnq5rL9J6F9GGJtIKzDtBgBSq5M10i74GZPT30lBBH9IiXq1WdOttLVufaBrFnpIEXcv5tYBNJKnF5mtt7skXuThNkyEEQzHV0g24NZgFNDKk9a\/z+z4YPuXJCN4NrkZTfyEqSDcVJbCAsv9aQWRw0\/waz64cT4QVPA4aobMQMeKO4IJpGG31ImJg\/qt9I0lIMLzuDFS4EAPrBMHPzDFS+cyYmTOfjNdnE6qWKVNNw04wuWOLgQCsZjh8ZZndWRiBxouz\/nOCBn8+13z4xdhywBzSPb+kLRBRMCF0GkO729DyP\/NGl595IpO7qpNFBHQGoQA4lTpqj3DpwA=="}
-00867{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2554,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1605291687642,"flow_last_seen":1605291687721,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.googletagmanager.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02092{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":721931,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfv5qDx70egBgLMJgYAAABAQgKwtc\/GsL4XOCc7rEqge8b9Fial0blx\/r167APa0ayVrftB7nWz5sUhEhMoZjc5gwV3ZbT5+wtEv222QUnTLzlbfEJspD1tUM5arAbc4tWqoFMYwVCZnZgrrXRBQkGMLXkK52Ifq8N6ugkO9hBFzl+W9DoKs0sGp4d+ZkgYmsD+PwB2banYEhENTdUqYIW3KsrD6FyOspQHt0N1lbWi8S\/leSvasgKMyvMpcIM3\/OCCYCTnGQa4DCaPa+nKsq30H8jU7DTsQAkNRSbN8koTKr95ZwmffCDdKbu1PUMLo1EryN8KnFPvZ2XZfWE9I70td1pH5HZMcSIhrKdGyF06mVZL5rhcQt+9MJM59SsTwpR65uPHip7ap411SReIurhQLIDP74OXEdOc05BoIsYz6JmzxF5zb+U8uLWq+2hQrH2jW7YQhReyMCZV04m2Jof1SiDdxr+0Z5j\/9aB1aRM9I8drjDskGjvKyrraoN9cx0uHUGpuEfOA2LzVTMzrcwzLDkYOyhPnIfut34kGD4ElUjFPPUTM+QebQfsbaZOM22h3qb6MI9EW4Jq17lic+W09erKV4+RWU\/TuH9wYyswdf1BM02EbTGv5ShHR482rx6XpGHwGoVSymTwHiMJ6MmbzBXvR49yCiFLA31H5sXf6aUW7gUdC09kwbbTtkS++zVfgmev342S03DLgAB7ZXbFd16DQqZzzkroMeH46cN5CkaGvT54JZ\/EhXCAIwv\/epbr3VsFxN\/B+Hk8GvqQ\/7\/NohuCNuWkGQfC5M+BpxB2BNyCIwWOXI9tkF2waIFa5FvBzPN4dFDtpdC9l6bVmbQdXkQVbmKwwO0byo9RZrLZsMwqV+wEMjOLcKKmj\/4ljUJsCh7lBTBJWOEgRdT25ItHCyU0B1Iu6AUvzw21Is+MDG6cIZUTkNgnFiG2Mo3FY3iAjt5DYY5VJTq1\/pWNSejcnrpj+yr+kVcctUzRL6F9UTXKxpG6lfhHYDuT4YSngMaDipiOFrOmZI4R5L+AjCnVLQyuHL7AjYl0O6HPgQXZD6r29X5chZow+k75960baDqg0GiIb1m9nyisviZZNzXIA2fCEwYz8RDuKWZOPffXA+gI6miGY2OWU\/rotrqGV9uY9LfcpnMoMCfxdfhVEYOe7Yun02QpQYQ3jA8PzK+A0wY4RVM7Dq1pu8j142atU+FqXOcdKD7zoTZ0TCCkFfyeTgkw80tDCQdOPAiXjgMpuzn7GBg8c4Db5pgW\/WM0iLI7j8+iXAHZFKfOzk7jxAyAWMA8G1bnZBGvE6PV3jc+M\/COdHzIr33jzXVlxdH8QwuqwbRQMAmzzmaLGASuQAPNeGDeXpDA50gbXsBif1Q8VNkikNZpqdgLtuQhOvECC64kkKjtMuUIG8tVKedxdvxuGYIW9tokcjG6pLqiyt\/ZsWESas6aEGU1IbYsqp\/Mh8ocj0Ky8IAtLU85yKFV2Ui+aykOyHy3Knbg1DNGfb4ivtV0Q6arlA6Djq7yo9LDN2vYwBZdha0PbRbj2IjYZmtp51SntXxt4NOG4ewfxcPS4OKgka86JM0RW3pfBlhNLYRbHu6kUixYNF2i\/4VPDgH8alV+3LohwjMVFH7iGUW3rIwaBw=="}
01104{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":721931,"pkt_caplen":564,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":564,"pkt_l4_len":510,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAf4GPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfxFKDx70egBgLMKsWAAABAQgKwtc\/GsL4XODhzW8vQhdfwRxgP1ImZFIqvfCA+BJW1zMSOVH4V3QXUjjPZua6dVEn6o3Psa7mYVeXF6w+qrgtQTtJ8mXrDJTIWaqbdSvaVdhS6XfDZE2maOl20uWdYDVvC3ETtLRmQQJzin\/4K0+ZikeNY3aV\/9yYOnB7ZDE9r2oPu1rrCo0tRdaUPkk2TfRaUUqBF72pZ2Pdnd3sFWp7LlkYcG\/i2WPBn25muKIj7QN20INFXRidRlNbuTu\/qdXUTxYVs+EUEDc2ON1kWZO5fQgGChdOYywN1cryMG3xitJZXDjuBV3vxc7WywSQm8MQ809BepaPgJiDM\/FdvubOfKhsRTfKhY\/8pvWx8SbFiil9EhkaF2aGX85oSXfRUI2OScO0tZKg72Mf4bReGswLALXMxCFU1KvL49fKy45kGGqFiHFuzhndh2ApOBUuxXksWxWtwV1qZK3pJih3amkodrtjgfDKghczB4cc8ZhUxu6XcayZm0FhKynMoc41bMTOG5Gop7Ng9d9qNoizP+JtHfk3rrGydx0+STU\/7\/Bb\/wqLAFsomhhxTpZCoagekh7W5HqQurQRdad5DS+hoMjd5uOwO02qOQP0lhrDlleLhaBcc735w5HuxJSL9YBsqp8y29AblBF6"}
00454{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2557,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":721941,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHvR7nH7+agBAB9eOfAAABAQgKwvhdDMLXPxo="}
@@ -505,21 +505,21 @@
00584{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2561,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":725128,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHvV7nH8YwgBgB9SQoAAABAQgKwvhdEMLXPxoXAwMAVzmHwSAiWI\/k3CJkJeFEnnTcskuW6crrkLQFEBiS0vl+XR65kcLDbLlGxXq3eodCHKGxcH9g9IbJ+rTMvn76iM92Yab+rZhFJh3wRl\/MCI63sBOMO1tThw=="}
00814{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":725460,"pkt_caplen":349,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":349,"pkt_l4_len":295,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AScGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHvbrnH8YwgBgB9YzRAAABAQgKwvhdEMLXPxoXAwMBAizDx2A1A0vbHRpYsfJI5RLkH3Jzhy5MjXSfFOaNEDo4gIQv2afYdeTg0OoFqkrBqH2JgG\/3iCLCyAV0bizD84zlHn\/YzHdrnbRfFiAOqKwPmCJMuFCJ47FDdugVdNO5OYUwOgyMcRGRuwUlEOi9EZzNdnFOvKsQcj5pk02n6S1ZaskxVuWki00kzw0Zm\/n+56YxFaX6Y5JKH2AHrLmn8880RzJTHvGKVLI7jDzHn4kpYyB9TJdIrDoyKdAs2QmImGiwQGR9g3ZYnyDIjP8dFicLDwD5aDkbL9WTCoq7S7qHDwIUvee\/K79qfVH+0wgciRNqSXH4C6lURIbSWdTKkwXREQ=="}
00457{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2571,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":759189,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfxjCDx71egBALONNeAAABAQgKwtc\/P8L4XQ8="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605291687761,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605291687761,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":761761,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="}
00468{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2609,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":790624,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="}
00454{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2610,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":790646,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="}
01147{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":790793,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBgB+28mAAABAQgKW8SpBsLXP2AWAwECAAEAAfwDA36LmdTGhSoOn80oilyfPNGRp5C4BlBBz5Xd3jcwfMKTIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAFgAUAAARd3d3LmFheGRldGVjdC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIH6hi26DByeZiCnUzyO1ln0CmgKVhjsp0romzaxtOzIVAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAApqaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00813{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605291687800,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1605291687761,"flow_last_seen":1605291687790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605291687800,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2616,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":800179,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8MAAAAAoAL9IICJAAACBAWgBAIICk1+jVUAAAAAAQMDBw=="}
00457{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2626,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":820314,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUk0Stu9gBALMMj9AAABAQgKwtc\/flvEqQY="}
00469{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2645,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":829410,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkT\/jDfEoBJXgChEAAACBAV4AQMDAwQCCArC1z+HTX6NVQ=="}
00455{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":829478,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBAB+6w4AAABAQgKTX6NcsLXP4c="}
01150{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":829706,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MN8SdXV5FgBgB+6QUAAABAQgKTX6NcsLXP4cWAwECAAEAAfwDAzHyJHiw4CvySm\/wmMZSj93xjRQIb\/7lSao6BEVVselnIDSsTTPKNSgpPqgoZjsi0To1XtuBv2kZEOLdyhUMYBkRACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAHAAaAAAXc3luZGljYXRpb24udHdpdHRlci5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AINkx20sEA6mpd6uYYzNH4dLwnJuropRMU+claKQ8nqNoAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAxQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2647,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1605291687800,"flow_last_seen":1605291687829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02337{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":852902,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUk0Stu9gBgLMOWBAAABAQgKwtc\/nlvEqQYWAwMAegIAAHYDA986N90EPY0pqv1uo704Oc7mDSIMAuof+2zXEsC9vjOtIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2EwIAAC4AKwACAwQAMwAkAB0AIEfVGQEfjWG0TCcA8PWASSiXGqUaFxrcUf0h1+vwXiAKFAMDAAEBFwMDADSHjXx66PAlT7YZdb4Edet48yvNoM0j6Cb2hpfeIGPYWQJCgsVspml\/1p3iFmybFSMVs2h2FwMDCmEhUhqhV+2yz0cSbkQH9lav7bT82kgBbWAw1IYOOT9B3JxWFWmXD7uEuPjPcdmhslXypV4rmKGSQy06IdRrUi+wsd+JJNR7bCFaCoiTtJCU1vtx+6tWf1SFJh8gMiN8Z0h+K5ZuYc9nVzTuO36F4tydcCBkt93LtK2lW2nIPgmGvMVq7wzox368u8qVGrmKNLun\/5VQI2v1JJ8OWMHYEMDaQ5SPuaIoyebA0fSrb4ySYZ8p6iQHvbX9jKM5dD\/8mxVW9X7fa8Hr8O0TKvymknDqlsWIDA8oM4wlpTT7aOQ+JdozUrASqV6M9GVWIpQFshAkgZ9yal2PLsP53JZmkHf3i1bO7l3dU0SODPcisKAH1aKfoqk5tuLox\/XiHvBOBzi9ZT6u1P\/dsfon0a+QfFedH3NCkZUyPzjkoretjUVGXZ362zN9X6TDT2zTkoF3DkJN62JdkU6+S21UdnbtHedmDr02FXyahzjO2\/y1xggtUwO4iUukN5Xb2hNUxI4Q0qayndGowMyr0CPJpC\/8QQLc4\/p1h09fosbxbnLPXSFJRqDpA\/VSuVQvhsn47sJ2tFr9XaSfOtWQDieEsdzTagfMkmJWl6gSwNvVAyJS\/SbcGY\/T366GKLpbsEzcIqxn1umDHFdeIuFYwMHTxJWT0tefr6zlqCe+ngeRoJtgUydMN3K9J252bIEg2ufM0VEdvlq9VF1TpSSAFSiMvM\/ptHIk3AsyNSbs8eC0F1EsiRQ6ZzlP+ofSEXD3lB4wioQ4bRWVLVqIQfHsZKm9knD9BRUnG6QagZhIuk+obzg1cjqvl8O5J6htqt6iS4QM5FX2YqzidycYBCBhX4DN0GOuxvqs7V4U2tgEgKubyqGUKstfW6hXL88PHupDuyehtbuHkwmuw02E2OsdvfHPL46lNQOC7Zq8742UYfo9fmX0owuiDEV3poG8JFG0LFgIhBTm4GGh7Oguj52K2fH3IK421Bmw3JYTJuTUK8Hc7ws6tMddeOqAJi5MgVcLuiV5Tj\/53PeRMrJdzy76F60HBidjsseom3SrvHnMQPXNfdk60b+fN\/Ll\/9+FQjN+2AaOMJpindaTt9FGzo55itFdo5rUW2FcZNf7XxDcriYmAzpvplUiLUllOkRUXg7DFVPLw08Fyp\/+TdCKeTzX0Nb+jwZb8hfguJJqyDMq1VlpSD03XF\/NFbLJ3pF1+MwrPeiFNekNKaewi5ljgkMFym\/oj3e+h14PvKPqR4ZrhZx+dDoHWI6zpHlWXfg9QkUs2Dpaid8MXPNRWS+xyNz0CpW8Sf78ifbVeQ1xCAhYR0hbCJerZ\/3Rx280wUlr9dL4qu\/4wwIsBxkk2ivD7f7KEkMvblJ8x+BpPXJLUSOmV3JHLqIOIXU\/U9yrKaS680U4bwEnouZ7ulUmWb2kdUgOOd7oIBkdiv8heVUWYKirzTpaVNJmivPSsKv6ffjOXtermLJsu6jXg4gDCHkoVeEsRUcpim+o9irST+Wb6JAGBVhDDotAhNlhrZGK0Mzcq8Vj5aSHv9geS8OhTYMGZJMgjvvOLgiEkE71dsvB7E5Ms2NN\/sF52COj0C04NGu8wFrzrQ=="}
-00854{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00865{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2651,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1605291687761,"flow_last_seen":1605291687852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.aaxdetect.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02345{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":852903,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzWrU0Stu9gBgLMErUAAABAQgKwtc\/nlvEqQaVsDJvEjoBJZ8O74LVWbPu52shuHoezZiRNYe8v39p9xgkogVO4HhVmcEfJD4xOuDwKoi6\/EAzKnglKcpuYeYRtmawDn9nsJvWhsaMdLbxN2A4rDDF5ER0uoUY2AFQXXlSqNd+pmcosCBVtBCgSJtppyKbrcxz8lTWpT+WobfriCBaBBsBNmAJfGWkSNN9YN6BxpkRvQyk2MXjQc+o6vPgFRNlCdUlc68I8kocK0WpGnn58HPyARSXdgz7qY1cevziWTH+f1knzj\/29KF96knWhHecihloApDsJ\/oKuN740ei\/c2Pop0OxOODVbksImLfPiOtq15H9nJzbz9gjcBc1Dtj8xbYZmrZwrsevo3YoDtyBIkJvbsaTy57ERjoD\/2ltjfFps9lvNCIv5\/3EjC3Ax5UQNyBwHGVcqjC01sFOeTR9RshGzbGIrQ0rsBnH\/MEYAo94cWUwBHDosfyI5J1H8QK7L0meHo1L\/87Bl9ACSyADTV3yWEUl0o3ysovhowCVoSS3mWqbpeT6OEUZ9oX6+zp3Ur7CV5bsMLRQ6YufarpGmAdDMatzVqOyIVEKqVx44SqfGhuKjvySq3+3w30A7n\/ZIQT\/3jMk39RexlFHLDZQgRvOzXGqUZPSUcbIbyxv9W7hDf\/EdLatJCU\/I03EYlSj1MoK6qa2VGkxs6Z7GaLQJPMLVlNPwxO1Q1NNt1H++fNG2MbfW1FXWbgJIVJKkwLiIE\/xmnXj8e7nPHBFCq9AKj1GJ88Yj1FcCLYKQShz7QFOjL5PvcpDJzsV5e+YKudjd\/L8IsEM11RldDLJFbJHO1gj6WE9OnVbbhAKdcskAN\/exybNLb8gQ+8fnE7WkZ\/si1TRRxfD5Ny0wCA2sbe7Vp6YovmAx9Ph6LoGjI5Yl8+pY2g9herEVY2DUIz4gj\/1kBCR\/xjA+qVvmHyVdgR1PnSd2uRYAC8cb5\/\/JsHC9N5vZj3BWvcGR1Wx8bNITbCbHRiJdY4oO7fPFsxvh2ImIRlxu3JxR8gBWhMR+QfW8J7Nu2htf5mf63F1hiyjl8BpRqIK31HttYtZIZkVs4e1BXp1cXMR8QN+9QIkmhGN2nauT4dHrTn5eQlMQgO03lRPS1XqnCZB1F1qddp\/VfjHQt76Zg59RV6jjygJLOOPhdA2UOpISUPDZoIv0fPsvIyS+TJ\/DbEM4x9h9zFRBgQxWiYiH7w9V6nNms+1qwZVDHuF0bCFFrpC48x6xfGKzhItFNjMS5CIZM\/gp\/x1pf8fi6LqcQ\/lNrDNBA9GAX5Jnr1qpMDffId9EcufAd7yaKee+ebgavic9hF2xucU9CV+h7RjxWUAGTYu2968JjYZifgUJ83nuNZfKn0JN4SdsRBIN7vedMU05xIOwDvns5KsYF9BNJJMeE4unIqk1e6e3kXzI4oSaxiTXgMSn2LzpUw4+qvRwhm4ZLcTfqL5ha5UWPaoraJrxn+mZQPLon8jsLNaWC8wGsf\/4sFsyl0NPUKj0ot7lIVOrXS5POltVBiP13\/0iS7b3Ey2Cfu21oH4u2MQqYTgsv7sBAWsGlflbZcSyGWxCH36uM+qg5Gb2v3tskRM3K9Dpx23U3Xwxnrfe0LMviBy9uuIFrmNAnDSUkyqsP9IqGg1r4lXgor6HePy8lK9Ede4juRB3QKGr5qCX1WPW4097ddFsR2oe8VNZvChXJMgneNiXlHPW5d1blW0DH8xh1LA\/JN2i1yYVdsMorqUwpTKqsU9JjZNfioMNYg24x91zxIUL4DjMj0j1kbibhQ5Yfq7d1\/arT+OTeYmqZl0D2sjow0Xgxe4DmYKHL7m47jKM5MJoiBIGIz5ReV\/eSPj4r4o5+x3Lw=="}
00454{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2653,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":852932,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK271Sc1q1gBAB9cxuAAABAQgKW8SpRMLXP54="}
00454{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2654,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":852982,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK271Sc2AhgBAB8McHAAABAQgKW8SpRMLXP54="}
@@ -530,33 +530,33 @@
00458{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":858949,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkX\/jDnJgBALMKDhAAABAQgKwtc\/pE1+jXI="}
00458{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2856,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":893353,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzYR00StwNgBALOrxOAAABAQgKwtc\/vVvEqUg="}
00458{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2857,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":893354,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzYR00St3VgBALc7pKAAABAQgKwtc\/wFvEqUg="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605291687896,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605291687896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2861,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":896532,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetUAAAAAoAL9ICsYAAACBAWgBAIIClOdBf4AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605291687931,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605291687931,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2916,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":931808,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0vYAAAAAoAL9ILpIAAACBAWgBAIICnCSuGYAAAAAAQMDBw=="}
00470{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2917,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":932773,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPN32HrWoBJXgPVcAAACBAV4AQMDAwQCCArC1z\/tU50F\/g=="}
00454{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2918,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":932816,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBAB+3lKAAABAQgKU50GIsLXP+0="}
01148{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":933001,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD27HAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYetYTvsT0gBgB+23VAAABAQgKU50GIsLXP+0WAwECAAEAAfwDAxJYusyWMNRYvoQ+T4tcugZ+135RcPMs1\/0JBeRbWLApILhMdGMSectfNYNoyEPWiVIYjZ7g96RKtpDC\/RD8oUA2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAEQAPAAAMaWQucmxjZG4uY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACC0arZ4rxNjn4Xd+ejLnNmuK7Q67NTZpqnUAPkLrcpuSgAtAAIBAQArAAsKWloDBAMDAwIDAQAbAAMCAALa2gABAAAVANAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605291687933,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2919,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1605291687896,"flow_last_seen":1605291687933,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605291687933,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2920,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":933355,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6EoAAAAAoAL9IFfFAAACBAWgBAIICteKYnsAAAAAAQMDBw=="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605291687934,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605291687934,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":934638,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJAAAAAAoAL9ICibAAACBAWgBAIIClHJL\/gAAAAAAQMDBw=="}
00467{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2996,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":966627,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="}
00454{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2997,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":966647,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="}
01148{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":966872,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBgB+zFNAAABAQgKcJK4icLXQBAWAwECAAEAAfwDA3WeIBLYdziEEn7QNz0OGHsUEusI6KY9\/RKF89EV1ileIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFAASAAAPd3d3LnlvdXR1YmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBnIwLwO9uU6L4jUM5auBmPbrs7aOwSFobkFewcQ7OAAwAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2998,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1605291687931,"flow_last_seen":1605291687966,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2999,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":974700,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="}
00456{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3000,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":974700,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBALMG3oAAABAQgKwtdAFVOdBiI="}
00454{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":974730,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="}
01148{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":974969,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsAiUGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBgB+zY3AAABAQgK14pipMLXQBAWAwECAAEAAfwDA3sf7LZhCKu3FcQtfQQXpjU\/yJNKxK1Wu7mS7O\/nW0esIK9NcmR4uxEXTx0wl0DqrASosxQJ8d8M7I15cNDqZSjgACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGgAYAAAVc2VjdXJlLnF1YW50c2VydmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBi6uz3bgjuw2Flzm3cT5QZ5PbRQ8kZgg4sjV4aUfzKPgAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3004,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1605291687933,"flow_last_seen":1605291687974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":975138,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5ddGO8iRoBJXgMJGAAACBAV4AQMDAwQCCArC10AVUckv+A=="}
00454{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3009,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":975186,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBAB+0YvAAABAQgKUckwIcLXQBU="}
01147{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":975399,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yJEjS+XYgBgB+6HOAAABAQgKUckwIcLXQBUWAwECAAEAAfwDAyyfGNXrQuJaooVOSAZWYwrICVdKySe7AfwbUmNJLrj6IPGtMcg+xk+\/4O6dPXPeOmaj7v3Le548CiQfbZu3tkOqACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACCtpKM+O77uTAjQEIT6uCXqvuLVOHqvZMFLfC1DKm+WSgAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAAIaGgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3014,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1605291687934,"flow_last_seen":1605291687975,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02342{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":976086,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBgLMNTlAAABAQgKwtdAF1OdBiIWAwMAegIAAHYDAynJH2tuEpcG94stdUTlGr3HrkE2PBU2hv4tgg4zTPFMILhMdGMSectfNYNoyEPWiVIYjZ7g96RKtpDC\/RD8oUA2EwEAAC4AMwAkAB0AIOgBPIAY0IrL2CnI4O+u0SKjRCZGLt5xeH5g3aqE5RgiACsAAgMEFAMDAAEBFwMDErXXWNunSswOPrBsSCNZtgNTGl5+Ovo1KO+3j29bCZuDfDXj6Bori3Qx\/WBrPaSjJgmAMgPt7RvclJ2r7IMeNfQLT6sLaHkCR4V5HahL0OjPAH18xPex7w6wH41SWcemkWi8HHapgBdaNU8P4BMHX9WA+RnuVbgx\/4lx5UzWowvlSAiEmgLG2ZRWO6lfSzy3DwWwzi\/Rt6pUYI1OD8CcfodAbN0oghD4+NzB4yD9L9b59864iErWvmTCeVreV7FhcIJKGtqI7PJq9a1LRY+ZnxR50VjLhq6xahqe0WiiJpQAdSQbhcVujgz8utygNQRzxtPVE7B7GjPG8w1MhDj1blfivATdoIsd54rxzdBnOYCVZkdgTGeuKNeq0no3Hklr+hPTGfkvGM0QGoTvzlkXfmjGQRtPreqHFBcJ6oyTfub17A8DkUA272j75rX4yiy9pvmK7VD7q4eb2n7CxWVXkD7zlhG2tPhZVs3SjAw3snAHDzAg+DtvqSOGJyrKKfmEMEDgA9JvmQCqO\/2qKc9SO810pO1jw2zgcIJTMBUdQzDo4FPRs06ShDPXxNtIW5\/i5Eu5iw\/ED1R5tDrskF6CKXE5\/\/Y7qjeexRkDvW1LPQTSMU89g58KZsjphaRjN1hm7uw+tIpm+p+mv5uIOApCfXl30gkxiseYOKzw09tQERfiTl9E3DtBD6uOxeuwCVjnV2RrodHjqmUiuS37Am9CyZHr26Jx4JHVJ\/MSo0KpYbZxdTSOWolpP3EUKwMX7\/mJuW2MHyu4K1OygF46m9bGEpVFTChCdD1MPomzfiHQOapDujX4lIsYLmorvA\/M2IsWi2QkIhhaYiXEPJ4qxLCN1K6J8IIiE7p+OePhhnO27iZNTE5Y\/HndYB3AgsOdLYhoYgsS395Y54kMv\/6aSPI1IvD7Ka2dafd6rmSekNRHO1P5baAU8yRHbas3l8ITnDaDYH1+axWbkHd4A6sQ9rpXf8JBoAlwmuVFqH2I1+o9\/m6CGMJyt0am1K6jNbmiauFSft54N+q7gnBCgXtJsvp2C1NDAOBmsuVbf2erR\/pNViXMb82GJ\/+j9XOk4hNWSDFKW\/kX1UfJ4PYuXQ3rhvHaLwfaHzgjgjC7+m8ucT6I\/irr\/cWq7pBmT5GXwtCrff6LSgeP4aNve9t+Ca8GvucQrzWxcIk\/2aPuVk1\/NI\/qh8ECIJovA6ruxMhCDj4eUnPpmGmMzSM5l2TdZHSe7xs6GU9MEzqWWpFrWqXhiuefZwbs\/lghtYPISuLlcH9NOoRcnhvbIJdepV2t0WD9W6jmfsnWrBApb5MfBoo3huUI8SAPLX2fvzrH5fxSc++2x4h082bv4JELHkrlkndRj2ButAKUEY\/uz91yRTuB06GFfAzXu0j7Oy45jzktWW1bvn9wclh4ThiguvTpIzPexHgp\/+9AvyjYUtfnpvv6LR1MMH++ituT\/hNyK4Naoqv5RB3j8IgWJdVIWYZiNYQj+ugre757IQVbfqVa7hAZwcJq9166CrEsmShCUqZ41Ek\/y0eRCzy4JwAB9l96iTKRAs0EyYe0Lpa7dDV4xuol1ZcwT7v+G3yE5JSox0gyKzB7VJ5TINIh5ymQA5pmfAFqAAZXs62cGwbdWyEgbztk+GJfzrGsyN1ScznDhdBzJLSB6QGJTmti2g=="}
-00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00860{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3016,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1605291687896,"flow_last_seen":1605291687976,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"id.rlcdn.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02343{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3017,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":976086,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+ymB32HzbgBgLME2RAAABAQgKwtdAF1OdBiLrhJHxIzz8bX6M8bIf6qJc6UJshY1TYieT5Pjt+djpV2EpJytoYFsjiM80Xe+GxCdkss4uxmnoCGeAHtTeF5tF6s42a2L0ub2gtOmFgxiTekt9dT34puFhicJ6pYRUow9pdk+J\/AXaVfT3rbwFcJ0gv1aXfAXHq9vw80e86IurcahNeACAx2TZ6KuPjII9sI2bHNF7eW63mN2FGfeVudEKNBANY5Fp\/M0SDaA5OfF8k2gJ6ulUIAj9YkwW1Wz2hPjFK8fSaI+vusVd4CZLUQbm3NjQS7bObMCobAbZrYDpZX8rjY+PV+WtHoviNeqEPfSVluYJ3iKhoc165MOs3Bh4GrNlkv8kdDBsYx+lL0yYtDks+U7SY0SX90UBQZfQuKRnF\/Fr6dKecRYg+ULYw0IESoB3Rmq7sDf+au2GNrXjbWrJGc+kwAKgFPcUdkh2lJ68j93TKan6ra53KILGHhx8\/qHWPL1zYMdk0tnfc5LH6Lfs2jL\/+P0TJ0h\/0nECAqCOmPYXSU1Fdsuifvi6jFemxRfDfyrbLHOcg6mxKbE4a4EgNTGMbDKY8JbC5+dmtR5K0w6Zshi51CJXyovGYdaPW+H0a1T5tBPwxCLH5B5vfeaGdvyDIRX8gR7XkBnKJzwEHSsEl4LAaikWYmP+FSqQvsjThniwLS8HyNwjqjkQsdTvsyVLX2S2qvJHZYkOVegiIu1ruZd3FsqY+cpDCRzvhOhocLP0RZ1mFq+VLGox3VtsrMh9ptP9m9Nj9ysxtRpnXoJe2oSQppowwC1g8Onjx7wt6T\/0iXgx9BW6oY4Oyj83BzMAtSg1W2EueWcDFoDv72+UOwNwnmtDcZF\/qycdJZe\/ZrAs9Spn5cCJ0h7bbcjHmGwOZApF79Dm2VEy5Qip7PFUks4RBecWLZ3ybcD41VL0fm78FgvebNskPXeDbZvVQMwsEWg7\/pzk3zO6rUIZJc+NkGQ2PBRtWpv\/ggVq7mQcQ0nQrFQPhI9EICxIcsy5Hj7pO8+6QXLziPVzskuqKSD+popqloIXX+LR3iQGZH1mLT62jUk+sEtYjq2oaW4Qc4UyCRAMDOezzDCnEz2So4C8zz5rJrKlnTAtGtVPjIjN+89di7GUqBLeTB15WPYMoIvoHbcFn9knmHCpBM6jowf6kuHOeFbaIuoY\/s2kRMyUx7j5rEW8RaG\/BJ\/qb4A0wVFe1vjNO9elEcZMLcocngK77dsDe+e+hUaGwKikmEgi8LRhOEvlZqUIYRvH5GhUNK7AbZJ0qXve3PQN79TSpkF6I4t1\/R+z8\/+NJxUi2bKoku1wKxNgdIGg48jV2F4PJOq0VhZ3hmTbZj9IT\/q\/bUy+7Ba8Kfz0RbCSSJC2SHTAT\/nGb00vyhgeItWtpNoRGF70zaQr0sUP7C\/LpN\/1x1NRE2ZupGP8RjvbhMwn0NjHFmlOnValCfnn4I2WRJVaI4C4jZcKGnpcffsSlOoTTYmJQ3KTUm06Xm8kZvHqrQzGWoxzoLCcMsm7eGKT\/An35s+XIpEZYIEeiELKjOFWWp19ivBOIRuuMh7s\/Gdc5Q1P\/OgRu\/MZByfNdU9s+Sj7pv6hJ8GVPR8PRRIAksaY5+fZu3YKjvWF0Evn24oHhqHssbBagB6V5om70QOgIgktsMrPZBtOFexqe0bpeJBHFLvsMc9hYuNKtB1WI+BUh+tOg81lu2iUO4Si5dFoEU8bZkHjL8rcGQSseyZ08uvGAW3tuB\/GDcpigO+gry4kyd5uShJXLWKjzApPq9CBcsOddMmp50P\/0xbJcLEDsz0KFlQZjSyxSx1Ld+pMK\/3TN\/aR7sDZryGs4EA9I4MRauCFTXTqM8vPtmGSng=="}
00454{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3018,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":976141,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYfNsTvspggBAB9XGJAAABAQgKU50GTsLXQBc="}
00455{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3019,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291687,"pkt_ts_usec":976175,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD27HACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAieM+UmsoBu3fYfNsTvs\/MgBAB62wnAAABAQgKU50GTsLXQBc="}
@@ -569,14 +569,14 @@
00454{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3088,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":19659,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBALMNnKAAABAQgKwtdAO3CSuIk="}
00455{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3092,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":20339,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBALMKljAAABAQgKwtdAPNeKYqQ="}
02093{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":24605,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBgLMEzAAAABAQgKwtdAQXCSuIkWAwMAegIAAHYDAwnRmDDNhxnsKxmhhNRTKeiASIrBLjMThBaHO6UPTeWdIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqEwEAAC4AMwAkAB0AIDnDAJ4kTWw48kphe1+zg7srsErJXQAp9BrAdJQcltkTACsAAgMEFAMDAAEBFwMDDmZGu8+HQCyN\/vbwHHXXGTXttJwstrV5X2CkGPbnD1k0BnamCgPKEyS+Mnw4AqkZjaS46TQdHSQRQHFkrzwJd7PjkkFLp\/mj214Hl\/4kezJlSJcIPwAQ0Ts8kydR5D4e3EICklklH9\/bnpPHE6cocyV11Si5946mbW5PiaRJubX7cOMKvCQ8eUomT0AU6hseqbtsraxlN90VVte1CQfLVk7Yby2dN2TCV9jI9vTDMX9xhhY7iUOqZyonViqbSakDk4q1b0NUAC9u9Uqrmoor0Gh7Wrwo9u1\/DaUyXQTmE7FUJiJd2bUfWtGKnEsR60Sf9kyWEF0jjdFjRxyf5n0jQUtUaS6MwVYC8O1H0j6bLaOdTZaQPz5a\/Yz16vjl+6yh6yh6XMgoCDTPHPc\/bm9mjth0eFUO3SyfoHxOIhMjurljMmM0xdrsWl0EzIANDqjkWN1G\/2wmWFvfCk\/Zu2zPFy9LWODOwUttGxpm9TPqr4mwnTEIk9CiBqYRIxFwu9UvaUeWvWAJcTScOvsRmiKSuppGizHIWL+J1k1R9yNU88x1FVClcURYAWB5UIRJvPaObjJLUEmeNWHdljsP68JPnMIK3+sIe826k6zkJ3barDULBs6miGk5X1wPeUWGNvyTfwMYpnYt4vY2Ejh9A\/iN9k0p90r6sxoW\/i82LhteFhpixH9Wt32X6cmwbtBEh+8q6vqw+fIfCLK3MZkkkEUl3OgY7sZp\/ZQE+8IxmK9vg8xvbXzSpP\/tR5KVbQhNapSmCJrhORolAfr3VJ46u5reu+WXVAgM3u81E9ZAhGiXfU9EQfZSYXJ+2kvWFzaf3Fj0PUH3iGLYJdbHAlsUws6st2B\/bBBR1iRDzrDd+3k7GNiIJdLTs9x8S6sDF\/cslBb\/tuZsBaoovu1kY9Foreu0gLn+uK9JL18mwojwaXkAu\/9rUC7VeWhHhYp57bo5iEEYj9FFsLW\/C+SOPkKBv5HNXmczUllGV80QzYYScHAoLYoVpmmMOxLBZzIHi8tb2T1bnGBABb38gd+pTi2PiJf7tZL07gPAT46qBTkZlHjjuy7oipkYnwQA87QQJaiUVQNbdANPaXlm1nVHbKKHN18ykq9bh2nkY8sx97Jkzg0maYIG3G0dqIu8XadmI0n8QAC0X86sDRDOpHR90+r2ttYkGjcl8eHii0tPW67jTHdowKDKVK\/JbjKRdbAbAp+qzIPf5E4Rx2fiQ0GMZMPeDbIkpd5qbhgYZ9asuC5AwjwxHS\/nyoJsee6GEye6RFkKV+4d6zf7HnauKGrpuesRsHImPuC4OfF3mowCa60oXpFf20BpLLkHkw1NqEfHqAbpIXZm6VhULrObx8XNfvCbMMoZy9QIHiYdlE0O37wjEhGuDWpXsl+yRnLpRGPRuqdkH78M6H0c2UD+nhu8oov+wTfo2w=="}
-00867{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3105,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1605291687931,"flow_last_seen":1605291688024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.youtube.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00453{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":24643,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF1Py1Vks9gBAB9d4NAAABAQgKcJK4w8LXQEE="}
02089{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3109,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25071,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWSz3RRdT8gBgLMM6kAAABAQgKwtdAQXCSuImOULj3I0iZmY5olFbRlkomvFfZSFjutvpamPW3o47M\/9hLY2yKACVEHWCq\/skznirRpVAtpZPCOvCmGKTmsTMcNi\/6t+zHdtHWR53en8V6iN0CcBYcfRwB1E2IaM7G2Yjz+kf8087NiAdI4wEN2tUWgA3zfFaKovTYur8au3NYv\/rdRqmLv3uG3WdtwgTEJaDvmRmZXLVAKETGp7WVGI6tzCBPJqlg8CFK5HF2lRWVTdayfobqiJQ+tVY20j5h6OrhYbS1nKdvlb84NjvqpLma4U6rJUGfjbYUCRL3QszKBCR92FeP\/TR5yNUBCfeFaEijXVcv8g3eInqrIhsStzwJiamGDOCPx3Grd7TC6ytnbLeNFphu\/XOvLK3aLR8tVRzt39t8DySwt6aw1y9Fv62xhNNFuRGTZ54X66pi06LFiuVejaWxlXUGoVijQDfNOzFHUUzCzTMR+88OHcPfIfnnrvsY5DETG6EPKxYzvh4pBOfHbBNwueJp+S5IImwJA4BylerPMUDb7gGc1jcE54YpJ9ogddYDpA7VkaJFUYjQZSSXcWV3SpxzciF0zifyeicF88eJrBDdktdPocHsiDXO+4vUMRtQuy8s556XeHE+cFx1RQd3LxsphdLUdSt+KewJPySQKjJijFpzyJ1A7Ck9tWes1lTirX43rQLX+x0LHoPuVBHO6OF4\/hsuSISzrY1knWTXuzUIDU5Pz+dz6ezA1MO1brWMdFS0CIBHnwH0KD3+JRUfXItLfvHH\/qEhWfcZLsx6xGDnvUURExo64JcPVtMMLxuTIDWp9qfLe\/OGaEMIwJGS9lNzclTn5N4NbBrzDIYXOCdWGH37LP9NfLnVPuAdotWX\/hS+QQCmwCXY5ZcHtLobOMxsEnJ3x2mGwrzBVaT+A6WSrnT9sIZqR2JYVIjOeIEx6cRTbJAIP41h8SXtlYEi2bgeJ8u0AJY7yV1zElF6T8eHJUSWwWqxuVtDonU6MAzNrN5s7tC29hG2Je\/dqGlwrmqyvUDxa+IiwP668wSHrTDRUS6KNu3GCvlhi2+VSHNtvosuACFxD+3sJ73+i6dhXtuZJu7VslPyVCD7B8z2qcTxROgUJdkidyZS13Ea81CqtWvVmNBzuYWzVCkJ2Jfl\/qTAgZx+Qu02vz6xoPoxe4HpkUBHTQI+uzhMFQIqRdyDjqLreOkZJMlW1EKgQ8YIN3sJGqCD5zpjkj+mCTRLFT65epEEnyb6WEjdDd3dN6R9lcRzu2JkkqJTbQFIKPUSJXCy9hgscnaUanpqB\/vxuhxYzH59ML747GjG1IsexalOZ0GQWiBheKgt\/kGLfbNzV9QxR7To+CnRAyxwGMIl+01Lv4zZl4CAeVMsc7FrHgpdbw5Sr05mwBMYxxSgb30Hldh8F7AeCIX5vSQYNEQNQ7QzfKex462IibwTBNhi5y4jp95ptNBMxmI97wL0ylkQplCYR+q\/1jEQwuCH7K91WxbhfuaPmznto8dEt0lhpi2B6sDsDjTcU\/4E+np0GKcvR\/WcmXkaEcr4xXXX4oL9cVWlbMig60V1jwJLAu3g5+n5bAQryiRDnVfktSUlHX9NXrrFDise1K79A0SQoFFjnOWb2A=="}
02087{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3110,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25071,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWT\/XRRdT8gBgLMD9lAAABAQgKwtdAQXCSuIm+ZN4ZODQLk1MacIPx8GfVvaKdJQT78HHE38eBNoR3EREsErNUy92PsKyFXtBERPtQbpNYsTcxdESCJxwmaEt12GSmMZu\/L59lOVRzusjxCRuoNuG4igecd6uRJaCQTmE24rMdwUCsKRVmX98N44QLkBB9fuyxCVATxGGMamN4owjiPI52K4M9X52LRVizjBw8QBTVnhNyu4OmRWbvT\/hLEyNRpSv4uy47LZTd5TZ85RcFmXb654M83I39\/8jSQd9uwRxNfcMMoV0LKxsNZWETWPhhPSPBWC9cF+DITqc5Qm1R\/CuWMeCBlBBfNo9XKGec+Ooyhh7ccNCvF3Hd5n1EYUBIj+kF0LqvzVjZmZAUadHsuNjBH9QLtndpxzgC1iCN7++Kts2XIknD8BX5Uofa4XSgd4QLjZhwvIeOA3yFGzyEsGqLDooxJceQNRtdva0RO7vAydCpkqYVLqwVWZX8hB3dALQcOwMChw2ZmvkMRZwQ2bxgbkLkDzt0xCsLyOXD8kXYcT7tPmVwbC5OTodbgBE+sfAj\/Uo0b2IMHFo7lq77\/98Apj4mYdqFF8zQfbCfcAEsvnCtuf9ZoYyAZkeHh\/hzm+FM32n24D5IohxgNlaD3fPNhyFJXbqbCeWZCij\/KK0z6r2Y0O4wLItdFyGVjXvhvV6hTKeKQf\/+n09VfxVXOhgnhs202ARBy\/7sdw49h21ZDSqwf5fgaUuz6VHTpxrTnX2dVfKb0MZy1IiEiOsrrM0HqGQEp683iMfmvcdISokzn2lb6hgUy8Bgl3U5kTTwc0RS2Un2YMtMSixKf5iofS5jOQv5nRlmr8ZSx9ajmWQlEZBJlsjFK2YNFnXOk2kSMSzkeVy0CRZAvo7utWWX6VhEDkPXipEerfqr1gWhpUuawV57lLICFDJNnu2psRp++ElchnX6eQic6TT0ws6Sc+zaDzPy4sbTUw7H+7t5dmZcaKlSRtCXQG1r2OPwjCOBSNTLBgSfkSlwtw++PvWTbBzsEjNVfQkSXYsiv8xmCapIVrlCsPnBpgn5KzsnA4Ox2evjCfIrv1fCIo3Q3UszTB5G8CdI8WCyDPiqvnF4QOhTvslXe5AM9QqVTK+phteIbzDl5Ora41ACNFGEr6IoToYzN+w+gjc\/\/p4wm1xXM8U5\/rmflL0kWVweW69eKbnN5lozAmCxaZ7DaJyTN0YwVbb0CVVwCtfphLU0M8JMG5++7hGrAUonRjf2QcpvRLS9a+eT5K6MNNZqH+lc5UkQl6l2smME0jbB+YtvZXskclTt++wdDbSGtyu+ThhGm5hzy+4UgpnoMLqi9AU3SuKMS2mCoguSFhCRJsdvjoxHq67JPzoUESMnbCP616xLSGf+\/YvmZRMJzxAEOUdt57po1gn+YwTluw0KK2wKcBhquTIw6vQA7gxOyueKZulWMbeTKmIkVyEY130KunREse4oQB+WHJwi6qenvAdaCbEfms4VuKVg5hhl4tOY5GZwD3XmppdecuuPpqK9n4cN7eOlzBNfR1A73cUD4K5jGaK4V0LWvhY7TnauOHOipG2epB77Go1y63O+8YygtDFXZKud7eDDOKE+weLrAsXXrdickuhsxWlubg=="}
00732{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3111,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25071,"pkt_caplen":286,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":286,"pkt_l4_len":232,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAOgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWVK3RRdT8gBgLMHKWAAABAQgKwtdAQXCSuIk7nST5MB4W7LqQDI+ruRgSqNFixg8+tuf7fxTSvdZP4F373dDQYdr\/dUBy5M5Y0r0J8\/NwDNIhNkSh1xz99T3T0hzeqb64Mi2tF5f4IJ2UrY624nPzFZdWoQHg1PneTNulsX1j8klkyC\/XNhtZp7ADwBkTqNyP\/TSAIoqgLNnjg0M\/vextssIJRGXu1Z+IjHqLqiURPYAzXVbgI2UP3l9v2PWV6dKDhD3n3bwUYUisMilKaOv0U8MsCpwnsBZd17KZz00NU\/J4qA=="}
00455{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3112,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25071,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBALMDrJAAABAQgKwtdAQVHJMCE="}
02346{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25072,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBgLMK7LAAABAQgKwtdAQ1HJMCEWAwMAegIAAHYDA4ey1jkEt7YmB8nH60jENVrHYkqgPbRe3A0UtxQ7hz\/cIPGtMcg+xk+\/4O6dPXPeOmaj7v3Le548CiQfbZu3tkOqEwIAAC4AKwACAwQAMwAkAB0AIN4I3QIpXry2qzTRclbZ8qvkwH48kh7YN2As6DiaoIVNFAMDAAEBFwMDADQxTVbgLmzwMepkyQoa7JrgR2RKHupcsPfrfn3q6tpYesAeEZBfEsXMt9\/OuINyhsxePIN5FwMDChn1OIeh26NpFMp4hUfngYrBAGzjbB0sQFJawp8GdAeZPw0I1B7dco1hgR7+z4PhbzZgqvwmhfvcK\/FTfS1zYfSvYgnlAaOWErSr4qiLxy5UTGHNrvsUTGQvg8901DZoqr2f8+c3bkfb42biQRFTNnadK5PWLb\/bp0GK917N1jgtUM+YgNX5WoRAeAnm3mbEQWKCPnBQaWo6GSzUe1NkseqXe9i23pCW5jhScezi951LRSPtvC8L78\/EPc5uVIhS6j\/ZRLRqtc3GgMg4WrfBSz+Mx\/GTH0XkPF760IUX7+Hg5wHmPBOJvHn6mtBV+uC4HfSKuIUazU9DGNINSbffV6goiG1VtWAiqmxJhmZUdvgOLqW5SvmihgCRW6pOfSHYneIEjqEs990RVU8Wcr7VNGM26F46Q1YjgZaqgsWQpehcVlZCAibXFP9iI3TygqhzwoNUVc3vhZZiDxoz8Dux50gpywUsggRpXePmj2wB0CQoZ5Ou3wnd15UfbjPzDxX3fuvmt7xCQWFmexWPjH6x5exwvzv2Huxyg8srjcFz829rWX6CpKW3hUfuRun2gFA7se5OsAMmWXWm\/0fHvEckeU7Ev6qPU606ut0R8e+u8iAl380\/WBZpsIYZyblBnlBfPcgMjw7RtdmtWASR9CbTeLrixhSOffzYm3UtwjCpYdr5SKw\/ebZ2fLVzVdUNw947ytZWe\/He\/RLGz1U6wf\/DvceaNr02uofMm4D8E0kay+1YXHotS1BCSikNFs2VTqIAcLWtTaufW98F8IBPCplp3\/fY0EQMbum8F5ZkNtKmBOlCbQoH8JiK0xkv\/2tAHUZpvicWZHN1FeOV+MkevCPoC\/FGdc2cO7uQEzjtnjvi\/LmsE+wsqBCs+jjI74Y5s8kM2aRt\/ihx2LOVz\/WP3pCkwgjTHJVspdEXce9g4U+nIYT3sGkm7RlmvciwIK4GSO6\/mF6SMDJyBcfE7LIRxq1bda0mnNzwaErXt4e+91nkvMOmW4imPLahe+1bjHb5pW1p8b\/1TRUnwsGUoOLj3fbyHRGX\/qx8C4a2eqYmCvbNveauXsWUbbbRH656o0VOeTZJH3rSBCMcUUbHrxIlxEg7DEjlRqG8+\/ZM0xzowrII1quI8lcsTwyWWf99W7MmpFJT\/\/ibY0+60s87RRfCrYwTAs0kcpRN6Z1A2zaJV2OzNyeb1O9YfNYXNBHRT6Sg6D+fP8PljBdUJIlwig7DPtiIqcOS+EjgzXkMkvq6zfDhCTRI\/hjSciHl\/l9t1fpSvcpYermRbh6bUq2c8mgKhTo7\/heUnN1pu3SKX74T2qkV\/FPFG+bEfTVY4sLbUG4pOVeBe5bL5Sgisp8ViKjV+jL80Bxg9dqnvxbL1dgAO2UL7NiBjYs+eSWqSGpI5yJD7kfQGSIlAFU8BnecnFCIWymDQ683P9j5AowalKq48J5+TUIyx4z1mjsZlWJd3lTHLAKUVWHw98OXKJl\/PnnHclqrqk7+\/Jr1ZlApd9qJRA5+kvzY36C6LFgMhtXmZ89zH+k4h5n26IKZXsCe6Yr60GxGQRmN\/KXBJQbdSBo+IlotTlg41kh+E0FvrDyBNA=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3113,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1605291687934,"flow_last_seen":1605291688025,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02331{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3114,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25072,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL60RGO8qWgBgLMDGBAAABAQgKwtdAQ1HJMCF4jQqeULuXRCCpURAPXmADQAsNyQ12YUIiJuSPtoiphd8sYN9fnDHOuV1EVzLqHqnQU7SKD2FoHIauLtFIOTBEpfYGArNsyafM3447h9GKPd+Y4VCFzSnxAJmVQtLUb5VD465hmWw5N\/2mE6gzhbt7K3xwvsKgNdP3UsdUSXkFReZupTkXmM4uxKkQfe2KnsKXew+mJV2U\/IrGSswVXDSjxJjNnII4Lex86a8DyrDJQKwsWSt6frGztzQVzkjICO8BCK5KSHhiAjwQnjMJbq\/L5kdJ9teFHJHu0gH75+kLN2cazeIOYKO4ZJZyO+\/V3yOVFWgQQ9k7Cgb+oj0ifvx\/QWb7Arv4hndjJTFd6YR59VaFaHRjfjg\/eVh0eO1Ck0fnmoNvA90Zk5+2VE8VESB6KHGgK7QcrxL7K9NUwXAaFf5UaY0gzHzntYXIQdA4+9JrQezmmRhDp4JQTIDVdeol4ilvG7HIEJuphPXBz1dnXPExBENGJFDfpp9AJvBScogMFGxgZYNlNMtdNJ9CQhqWgFYsUwIhY0EC5ds2B5UkwGuEQsu\/x+\/FwD2jAboDPjgbTzRwCjj6C26BlAqcpRS9QTKSPNCalZZYK247ZTxSh0EnkBjQbIHbzFZcohhUBSdL3YrIgG2HyIxgodV7WtjrPAD4MfjoSPJFyDIrrtsAGG8fL0atJPJUQ8V0oc5poWFIplIwKzPTQiVk83piVk2tJVksYHnzNqvH0k+d7wb38p9PxmTUfrtqy\/K3skTa2bhJ3ElTwUpvkuvQpjx693Uy+jE4e3jRGIjfWjeF2rpqpuTfbUw5fho7TDImGvuG5n+KQppXhDZoIXK+F7BmrtgttGvaJWZFM2a1+UV92oKCfkpNSeLmWhKrhq3WxvXc1sI2JMe5rxaGcJTkdMU5efdHqeOFZiOVFMoFg59I3E3sFOiKoinvMa4KZvXevnOR7hrRLT50GQTYKqwuUQOhpfuKB7DYVHxASgGfGOwALsn5G9n4SavfdrrnZrNTT0oTAY08heWmmFamKoiSMboJBsg\/Y6ylZKCXEMtvfVLPayqLDQhHvZN3EcShZjFUrj2VeGUDVKNVojBdWpSZ8cX7G6gYKhYAsQVhj4gFv3MAS1gUYCnTRUcQXiKNKnNdhGLI08CmM4cZzeI5Smw9muUnUz0VrcjdqZ7MJeMPFwMmfOovWyuG5WTjqe6yywr2My63d3OV2zhHPy6o8uLYH2e07Vqc0AZtnGWVgXzCDFE9Gzp37fLuWHZxiL8CUR79oy0XirpPHdyNtuNf9WBA\/nXr70c\/pwNySPO1l9ZokQd6gRJaKK6bHhVuvGATljh09U6p7oMnsfbEN2I8l22PmR\/eirBh37K60sE8IX\/R5yNObDv+FXeJarB4AHSgGY1oOUg5t0sFGDYdd1+Jgh1w1A9LRPkAURiZ4XFskRkcAR8uSggNfEO4cN1NGR94IcQ2j4AV3hy8aBYZSf\/utAOXXs9zEPXVsWcvDFixLn0cXWzejQJbnIpClpba180q3nmGQDgTuuwYRpZ3ScsH+TA7CqyaWnCJlp+UGfg+bRaHrG3WravXAgMQu63nGOWoETyUUruvuslFinpeSeG+sw2m2dn0slfc8LalqM8sABdrsFwnYXdv8e07aYk3b7SQP0H4z+NoIfSDecHtK9+coGEx8oe583va9hClWd\/PDcpVMTGAKc5sxLockZxThSUiA8PJQ3WsqukuycepSuw2Mw0vJVrIQyb7Pk5\/wtVlV\/m3iUYAhcGxJVV8it+msj06Ny2Z3eZ4GEM2xSDiR24dwlJhk4QvIRwZLU8xnrbZn6gI+bjcZjP7NVrlzt3DPw75j752EQ=="}
00699{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3115,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25072,"pkt_caplen":266,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":266,"pkt_l4_len":212,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAANQGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL8LBGO8qWgBgLMBR4AAABAQgKwtdAQ1HJMCHo3L5OFwMDAGFnpa9efBK27FTOo2bcWqyKvjzPykx9aWoPWSfIj5rQLBHGICzQSuv6HR54YvalrJ5FE0uJKXw7SSb+IQPVJVWqa8tDMIsKBYjWTRHtSKBCzGhuH4vGmGfJEX0feYTzpPPdFwMDAEWyfdrJIh8ybuZI2kcrCpSYZYxLIxjhtCWTtQ9cYKVgr5jLNmGlKHgxaWJWEFx\/Qfp2s966SbOGX61NEnen+TUQptYsRI4="}
00455{"flow_id":31,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3117,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":25078,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF1Py1Vk\/1gBAB9dlUAAABAQgKcJK4xMLXQEE="}
@@ -590,10 +590,10 @@
00583{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3126,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":30718,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF1Ty1VlV1gBgB9TghAAABAQgKcJK4ycLXQEEXAwMAV6IwUuKlNwcFIN5JinvDvs5wyYI8Vf1K2pqctiTv7HAw\/ZgkIfR30nMw1yo5oIiRZ5cSlU3\/5hcXggQjPTFnIT4k0QV+w1JWfdVv4ECphPEuFwmUmGkSIg=="}
01162{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3127,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":31009,"pkt_caplen":608,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":608,"pkt_l4_len":554,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAioGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yuYjS\/FkgBgB9Vr0AAABAQgKUckwWMLXQEMXAwMCBdw9YPyptpUaPrvKXAia3WKdhxG3zwg0P6dw+SNWe27ET0dYGzK\/Zsa5BrcHi55wY5dT0gjkBtUm7iIAV1V+HpoK2kohrkXArOPR4DNPL\/5g72AXP4CIKcbUP9WcowBKdCydsWHWbIc\/O6Iix6COL1rk43PiNLDQbKcxCcoxsphBa1Vlyy7kdSITfFHXywmm4c3Ri82Lgp7hjo\/0vmKKg9baKer6SPkyK19MDfQ0bBpCLC0MJX2v0SrfgAjFHbVZiEaqW2HfPGefLKZIsnXLTIBmUUXF3cb5Li18lPTdEklYN2n0B0ND8LRXY3CCFtHC4ZGivJqoddRd3AeBYFqMiELgjnMrIxMZW6bRgiTBxe0nlEiNGb8c\/NzxA1br2krw+J8+V8mrggC9JD3lVhVcD14Nq8UkVH712hTB39AyhBm2yip+lmGnN4snUsquG2kOlzNHVS6rP7sMP9LnPkMTRFXNhSSFef+\/eDypsaHUpt3seXDOtxr4DaoZO92xLslr7TiW1hfmJMeE\/RpQYph2P2m6B+66jlvhwitJDbRdSRjf0OBOUYfjaUkQs7huNsu3QRqowkwXIXSfSTdTVBvTITlvdJsiIEN766V0CoTBHwyvaad37U02GfI80thwzympZpkNraCBW5GAVVdg4PtEkHQ9BdhimDr\/2fzBLLHcNXRNPuinI84="}
02320{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36417,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBgLMAkxAAABAQgKwtdAUNeKYqQWAwMASgIAAEYDA5hs1RS1r3hoIUTUe\/Np5sVzJ5mEFtISYKb1UBid74JvAMAvAAAeAAAAAP8BAAEAAAsABAMAAQIAIwAAABAABQADAmgyFgMDC3ULAAtxAAtuAAazMIIGrzCCBZegAwIBAgIQBCsCdIn4IMOaHu0hIfUKPzANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0yMDEwMDIwMDAwMDBaFw0yMTEwMDcxMjAwMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMR4wHAYDVQQKExVRdWFudGNhc3QgQ29ycG9yYXRpb24xGTAXBgNVBAMMECoucXVhbnRzZXJ2ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqGTX0jadssR6ED2H16VJWjPQW\/BuyH86LOqrNUs0NlHM4ihfiYKKZ4ilqRvk5sJ+zAaEKOXD4\/RAOH4myfslDAKTSE\/uofcoHIT6uKju1rHsbXqDabgczg6GBGngeiCWWzb6n7XsnJCyGFkcb3mgIwPn9TQjQsVDQp3vDoWsiN\/7CoNM7K3OYUQqucNMYXoHHOS2dEamKHkw0G9CpMUCWCTnDuS5CAIP3PUicCumqL+zQwt78nBZ\/2WWYYNQ3IQNzG6BBtgNXlAOo5IDzx9wgMSuS3O6xlcfM4r3Ez7kguCwyHqAs3kBmn190hgjvVH0eZQDw1FbKe5NM0KOiSY29AgMBAAGjggM+MIIDOjAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFlyOzAdBgNVHQ4EFgQUNKGiZtz+BH59Z4aFJhevAt2WhcMwaQYDVR0RBGIwYIIQKi5xdWFudHNlcnZlLmNvbYIQKi5xdWFudGNvdW50LmNvbYINKi5hcGV4dGFnLmNvbYIOcXVhbnRzZXJ2ZS5jb22CDnF1YW50Y291bnQuY29tggthcGV4dGFnLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNi5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF06xohQwAABAMARzBFAiEAj1FrlzEObHNQMKLAmw9ccGe8TtS9c\/m7pBtKaqouMh8CIHx9UWPVHw=="}
-00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00902{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3144,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02329{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3146,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36418,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiGQLSRupQgBgLMJAQAAABAQgKwtdAUNeKYqSXoUznqkrCvk+vUtKwuFIbQl2c\/xdthAAanwB1AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdOsaIZIAAAQDAEYwRAIgR+LGQ5\/IKptAkacUTdQjYEkY2fMRgqAmGMmKZ68Yg8kCIAxH1k4k+NKk5WfwPZi4bO3veBMGYEaWbK7XxDTUoK8AMA0GCSqGSIb3DQEBCwUAA4IBAQCURI1m6SutZfQnPTN5e51IwijO0RaZu6TVEwVA3QXiQ3EvQq83IE3EVUUZ0JOTih6\/XltmTldMx5Kl09DAosyhZlXHvSBo6GYI6YgsLet9in5+O8Bmli7lYi+b386Myt4JDLHXNVpPS4V0R2dG+6U89UeaOr6FdlZx91l4y+ABCyuh4+pAsEOHYNl2TkIoTkKgP2ssrSH5vXiFGx1u+\/\/3KY7NplpCzG3tji5VPEUm8ci++JZ5ZEKUTPDp4l4u82tzwXqOV51gsbttjgwwxnooscx6tX7CTTMolmGlFrNJDNvk+i8dKeZoClvZzU+0+PXorhusNa6Jt2eNZJ\/B6j1PAAS1MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C\/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq\/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK\/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j\/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV\/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC\/zA\/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwdaOpKjw=="}
01253{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36418,"pkt_caplen":674,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":674,"pkt_l4_len":620,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAmwGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiHm7SRupQgBgLMFgmAAABAQgKwtdAUNeKYqSD1lEvjWtEFp6sY\/XSbmyEmYuqgXGEW+00TrC3eZIpzC2AavCOIOF5pP4DRxPq9YbKWXF99ASWa9NZWD3+0zElXBg4hKPmn4L9jFuYMU7NeJ4a\/YXLSaryJ4uZcvw+qtVBC9rVNqG\/HG5HSX9e2Uh8A9n9i0mgmCZCQOvWkhGkZApXVMT1HdYCXmus7sSAmhJy+laT1\/+\/MIUGML8Lf07\/VwWdJO2Fwyv7pnWorC0W7315J7Lrwp0LB+qqhdMBoyAoQVlDKNKB46r27Hs7d7ZAYoAFQUUB7xcGPt7AM5tn02EucofkafwSAFdAHnD1Hsm0FgMDAU0MAAFJAwAXQQRWwxTgaeRotOzUSO2eAfqy5HUGrmNY2RYMnvpcJJ++cK1s2I1my006FcHTO+ujePmXMGbvGXq6ehQgSUjLLS+MBgEBACYa5aPMv00vc4Ec5NbmYkHFx+1avPxnitx2KJFAq4OskMuo\/1w95dX0iciNqcs7JgWVWWNXkLGLRZy3tegjpzaoEWzbma2x8ytGogewM4zGnOSo8w3qPlrIbKQtf7xk\/ZXcmO4NoAmctaNI9c78f15gnnGBCZFzrRTiAPTU\/Zug03cWtjbWDsbbWD4CVFnCuLE0mbgt5HSgZW8ZoCD2WzFzMeb2Pz3Q+k4Ob6hPmN71f\/rkDio930mdP3jSXuOcKZEy0Sy90G9vPQNAGG30fzx25ncB6YGjlz1L1R2e\/74qjJSjQPsKg0BYNNjdW+qZjxaUlE3eccbeSDkDEHnIzTUWAwMABA4AAAA="}
-01268{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_tot_l4_data_len":4153,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":519,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}
+01279{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3147,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1605291687933,"flow_last_seen":1605291688036,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3881,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"secure.quantserve.com","server_names":"*.quantserve.com,*.quantcount.com,*.apextag.com,quantserve.com,quantcount.com,apextag.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Quantcast Corporation, CN=*.quantserve.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:30:B1:4A:CE:62:AF:55:B1:89:FF:0C:CB:69:E3:80:CB:B0:91:90"}}
00453{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3151,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36432,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6lC2IhkCgBAB9azgAAABAQgK14pi4sLXQFA="}
00454{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3153,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36448,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6lC2Ih5ugBAB8Kd5AAABAQgK14pi4sLXQFA="}
00454{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3154,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":36451,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6lC2IiC6gBAB7KUxAAABAQgK14pi4sLXQFA="}
@@ -601,11 +601,11 @@
00589{"flow_id":32,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3164,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":40696,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsAIMGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6s62IiC6gBgB9ZCCAAABAQgK14pi5sLXQFAXAwMAXgAAAAAAAAABhTe2kqaTLlAAr1bUYq0xjWqOf93ObH7BnPvCaaDcXr7U21czVub80rrckE2NlQCoHD7g9B+xs8G9tNwpWj4ElxeKVkwXL8dqAWqp8Dluss2bvuLPnXQ="}
00807{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3165,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":40821,"pkt_caplen":344,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":344,"pkt_l4_len":290,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsASIGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6zG2IiC6gBgB9Sw8AAABAQgK14pi5sLXQFAXAwMA\/QAAAAAAAAAC9pMun1ZqAdTi1F1kreffo29Ey700P\/1LxMn1WNIVaNH360u7qDLCs\/IdEMxFqj6MX5gwsKWlJpCdeeb1mXwtDV43E67V7Hvk0e7+IeYzBlROgwWrNJnpq70HiOHdVMaUa+yyKyfdo6W2KeMEedpBecer6+JlP2GKN58yOO0v0\/1nrhSb\/FJkQdAEqYJc1NSpkT8E9wRtf+gNDwG00+IGUrl\/FfIaitfxPWUn+flW35wuLjHv5lngue8VUBVFqhFj61eBdi3zXrykyFq1Iqyo6fUrWlPwkDT0pXBFhMCB91j0RhGkwQR5JLSluMEyKzXvzAiPQxk="}
02329{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46248,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dXkX\/jDnJgBgLMClnAAABAQgKwtdAVk1+jXIWAwMARgIAAEIDA0EGNUiKAt7pqpIYVTSg1b142DjcfagHPa7RoVjNDPdfAMAvAAAa\/wEAAQAACwAEAwABAgAjAAAAEAAFAAMCaDIWAwMLxAsAC8AAC70ABwIwggb+MIIF5qADAgECAhAB36AC8MVTwy8rWtYjdFbqMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xLzAtBgNVBAMTJkRpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgU2VydmVyIENBMB4XDTIwMDEwMjAwMDAwMFoXDTIwMTIyNDEyMDAwMFowgYMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRYwFAYDVQQKEw1Ud2l0dGVyLCBJbmMuMQ0wCwYDVQQLEwRsb24zMSAwHgYDVQQDExdzeW5kaWNhdGlvbi50d2l0dGVyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0IUzWz0oNefou8gqWlT3VJSbRw59LAqWypMlSm7sz\/cGf70j5ZWejClXalDh9uGhcHH7SNg5KYz7YvKjkVlpNrNB05CzHCnbKfloFkvQ\/nSlD9VBLwN3AUBmoCdiFadGDuE8I14q5WblC6VX\/YCjOnzW7e9e7Vo5hjXm8\/n9cw8\/kzeVbz2AXnMYPGQXhl0WOHU8Mob7evmGAN5FT7KIL\/762d3Td0vuBghvBgZy\/PGyQtvW9ZQA5idrqUS90lp20rt9tQ\/nWx1\/+wEvLFB8+TcRzcy4Ax1\/yjAjKinx4bT7hz6jRQAcFCe3pkjT9ECsUsyppiNLtQuRAOZjGmqZECAwEAAaOCA34wggN6MB8GA1UdIwQYMBaAFFFo\/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBSt95I9bhf2K5GhxeCqT9RTr2H+RzCBpwYDVR0RBIGfMIGcghdzeW5kaWNhdGlvbi50d2l0dGVyLmNvbYIVc3luZGljYXRpb24udHdpbWcuY29tghlzeW5kaWNhdGlvbi1vLnR3aXR0ZXIuY29tghdzeW5kaWNhdGlvbi1vLnR3aW1nLmNvbYIbY2RuLnN5bmRpY2F0aW9uLnR3aXR0ZXIuY29tghljZG4uc3luZGljYXRpb24udHdpbWcuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItaGEtc2VydmVyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCBgwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCkuQmQtBhYFIe7E6LMZ3AKPA=="}
-00892{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00903{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3171,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3172,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46258,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MOcmdXWOxgBAB9aMlAAABAQgKTX6OS8LXQFY="}
02332{"flow_id":29,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3173,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46580,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dY7H\/jDnJgBgLMCzRAAABAQgKwtdAVk1+jXI1mAT5G9+443fNDsgN3BAAAAFvZ6LfvgAABAMARzBFAiAxS\/Ot29MbR8KxFZ6tFIaKWQ3GfxloKz0mVv+99pnewgIhANqeu6PwtqohlWI\/juU9JkKhikE\/4tbpA0UzFdvmQ40AAHYAXqdz+d9WwOe1Nkh90EngMnqRmgyEoRIShBh1loFxRVgAAAFvZ6LfYwAABAMARzBFAiEAmzWmUaUveZS9vwd8C\/Ftw6fcpGDWCLCe60QIoRSl7p8CIC5IiUOl5UgXcj\/T4hTwQYRBPbXLozt1IQRv7auArWWuMA0GCSqGSIb3DQEBCwUAA4IBAQA2vw6MeTQ6UPft3tYgfQyv3k4GLQRdhQopc7oc8K0dXJ0ENCM1LkWW1BOFwFBC7H0ZiHy6lw35hkel\/rnjrCj12nNfydXl\/duWlFa44ty2jzetlMyc20M4EiiOK77zM+Gb5Atwl3ZeYDh0dTW+DE\/DgPZl9rwVvAVBcPGpCQRXXTpXMkTlqNVlDfW2g1yXrreZb1SVsJFawaO1Y94B7lOric3Vd8XZpFzYzeRu+Ptzp0kPMYGWOxnKFkgXJzxeJrJF3YEgsDl+MAy05RncH2IvFzr24hiq9bDbFRBtk6p0R3ELhBF2kI3vjm7ksJLRVJhpmBLFjjgpTsWyrFG3Q5eDAAS1MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC24C\/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMICKq\/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK\/IHe1NnF9Xt4ZQaJn1itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j\/018QsIJzJa9buLnqS9UdAn4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0Xsh5ENWV\/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcftbZvySC\/zA\/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUUWj\/kK8CB3U8zNllZA=="}
01357{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46580,"pkt_caplen":749,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":749,"pkt_l4_len":695,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAArcGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1daR3\/jDnJgBgLMJgiAAABAQgKwtdAVk1+jXJiohK4WXI7MB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBCwUAA4IBAQAYipWJA+Zt31z8HWjqSo+D1lEvjWtEFp6sY\/XSbmyEmYuqgXGEW+00TrC3eZIpzC2AavCOIOF5pP4DRxPq9YbKWXF99ASWa9NZWD3+0zElXBg4hKPmn4L9jFuYMU7NeJ4a\/YXLSaryJ4uZcvw+qtVBC9rVNqG\/HG5HSX9e2Uh8A9n9i0mgmCZCQOvWkhGkZApXVMT1HdYCXmus7sSAmhJy+laT1\/+\/MIUGML8Lf07\/VwWdJO2Fwyv7pnWorC0W7315J7Lrwp0LB+qqhdMBoyAoQVlDKNKB46r27Hs7d7ZAYoAFQUUB7xcGPt7AM5tn02EucofkafwSAFdAHnD1Hsm0FgMDAU0MAAFJAwAXQQRRP\/JUvszQqSvK5Bq1SnvhUJwShBlKDToo2XDMr5TpLF25MlojqIpYf8LIM5XJ\/rGSPtUuy2MbzJNrFJq31ugEBgEBAEJHQ8P+yVYw\/j6kQvMigeTykLEYqjZXCvwwxyXYKBq94i9fIVZeHp\/VHAs9yYLdkimQef6uMIVx5Ptv4k8oNwV77sNhatu5+\/+bkZCE6HYhaLS3OXFzVqP734hF+LUVz9032GptR4XHJRXecgTCOYx\/wfPc1yP6q9LMarkdDtgjoTtC89srf0rWZBgwsvf7uZ6QmTSmLbzvWkgFoZsdTq8vBQ7eZwZ40JHRl6S5av+QSqHPM0Z5kFxqm1Mhz9I7XBbT8x0zUS1h\/80UQLMOIQtiCUhKS2ioH2XAjDaHC2+tfpBNnP0aS6bY5fKipjuuhVk5rXVouqmeZ55o9NfLS\/sWAwMABA4AAAA="}
-01337{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_tot_l4_data_len":4260,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":473,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}
+01348{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3174,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":9,"flow_first_seen":1605291687800,"flow_last_seen":1605291688046,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":3956,"flow_avg_l4_payload_len":439,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"syndication.twitter.com","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}
00455{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3177,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46584,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MOcmdXWkdgBAB9Z25AAABAQgKTX6OS8LXQFY="}
00455{"flow_id":29,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3178,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":46591,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MOcmdXWu0gBAB85skAAABAQgKTX6OS8LXQFY="}
00628{"flow_id":29,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3189,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":48406,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":212,"pkt_l4_len":158,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAJ4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MOcmdXWu0gBgB9aVbAAABAQgKTX6OTcLXQFYWAwMARhAAAEJBBLxNGdavmW2r6LuhyaTtmynR54HIf1IbZbNGrqxJliXAuxyzExWIiumFL6ux6cBe6ohWZ6ComRXkrIQtAX1uevUUAwMAAQEWAwMAKAAAAAAAAAAAk6ZleW3+AoD\/yTrCsbJF5nmHROOCbTsZe7zF\/mKXSAM="}
@@ -615,33 +615,33 @@
01163{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3235,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":130841,"pkt_caplen":608,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":608,"pkt_l4_len":554,"pkt":"qtsDr8lk5EKm5WPyht1gA0MZAioGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAXNobxrOgBu0Y7yuYjS\/FkgBgB9VqQAAABAQgKUckwvMLXQEMXAwMCBdw9YPyptpUaPrvKXAia3WKdhxG3zwg0P6dw+SNWe27ET0dYGzK\/Zsa5BrcHi55wY5dT0gjkBtUm7iIAV1V+HpoK2kohrkXArOPR4DNPL\/5g72AXP4CIKcbUP9WcowBKdCydsWHWbIc\/O6Iix6COL1rk43PiNLDQbKcxCcoxsphBa1Vlyy7kdSITfFHXywmm4c3Ri82Lgp7hjo\/0vmKKg9baKer6SPkyK19MDfQ0bBpCLC0MJX2v0SrfgAjFHbVZiEaqW2HfPGefLKZIsnXLTIBmUUXF3cb5Li18lPTdEklYN2n0B0ND8LRXY3CCFtHC4ZGivJqoddRd3AeBYFqMiELgjnMrIxMZW6bRgiTBxe0nlEiNGb8c\/NzxA1br2krw+J8+V8mrggC9JD3lVhVcD14Nq8UkVH712hTB39AyhBm2yip+lmGnN4snUsquG2kOlzNHVS6rP7sMP9LnPkMTRFXNhSSFef+\/eDypsaHUpt3seXDOtxr4DaoZO92xLslr7TiW1hfmJMeE\/RpQYph2P2m6B+66jlvhwitJDbRdSRjf0OBOUYfjaUkQs7huNsu3QRqowkwXIXSfSTdTVBvTITlvdJsiIEN766V0CoTBHwyvaad37U02GfI80thwzympZpkNraCBW5GAVVdg4PtEkHQ9BdhimDr\/2fzBLLHcNXRNPuinI84="}
00808{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3237,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":134870,"pkt_caplen":344,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":344,"pkt_l4_len":290,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsASIGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6zG2IiC6gBgB9SveAAABAQgK14pjRMLXQFAXAwMA\/QAAAAAAAAAC9pMun1ZqAdTi1F1kreffo29Ey700P\/1LxMn1WNIVaNH360u7qDLCs\/IdEMxFqj6MX5gwsKWlJpCdeeb1mXwtDV43E67V7Hvk0e7+IeYzBlROgwWrNJnpq70HiOHdVMaUa+yyKyfdo6W2KeMEedpBecer6+JlP2GKN58yOO0v0\/1nrhSb\/FJkQdAEqYJc1NSpkT8E9wRtf+gNDwG00+IGUrl\/FfIaitfxPWUn+flW35wuLjHv5lngue8VUBVFqhFj61eBdi3zXrykyFq1Iqyo6fUrWlPwkDT0pXBFhMCB91j0RhGkwQR5JLSluMEyKzXvzAiPQxk="}
00457{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3258,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":195660,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL8WRGO8rmgBALOi35AAABAQgKwtdA9VHJMFc="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605291688324,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605291688324,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3346,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":324076,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjQAAAAAoAL9INe7AAACBAWgBAIICn8mSwwAAAAAAQMDBw=="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605291688336,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605291688336,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3358,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":336354,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzgAAAAAoAL9IOr4AAACBAWgBAIICn8mSxgAAAAAAQMDBw=="}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605291688344,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605291688344,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3372,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":344280,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACgGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmAAAAAAoAL9ICpwAAACBAWgBAIICgi3lpgAAAAAAQMDBw=="}
00468{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3437,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":365155,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k25KV6Y1oBJXgLbhAAACBAV4AQMDAwQCCArC10GYfyZLDA=="}
00454{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3438,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":365176,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBAB+zrKAAABAQgKfyZLNcLXQZg="}
01148{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":365341,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXpjUut5NvgBgB+7buAAABAQgKfyZLNcLXQZgWAwECAAEAAfwDA4SpSUX6niItAQ8Maifw8WwrZv9VwJth3ahSGxyzgKqiIJ+TN+GJohJ\/sCFH1vMdRLlZ2ieR3T3a5tv50MEc6iCkACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZN6egAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACD\/3R8L0Iz+Y65v46jR4P68ZYP7Yr6kSULFXg4YFIANVgAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00829{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3439,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1605291688324,"flow_last_seen":1605291688365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3440,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":370931,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxA2CKc5oBJXgKoEAAACBAV4AQMDAwQCCArC10GjfyZLGA=="}
00454{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3444,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":370943,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBAB+y30AAABAQgKfyZLOsLXQaM="}
01148{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":371089,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIpzlTJI8RgBgB+970AAABAQgKfyZLO8LXQaMWAwECAAEAAfwDAwgp1anJVpvxZgRnK\/Ii+gtEvGbJCYcqFRsrqueQf6vRIJCDNh4n+qlo6kd0ODvy\/AwDjBO0nZ+gYy2KZgyiYgg0ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAFwAVAAASYWQuZG91YmxlY2xpY2submV0ABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACCaFYCIYTRmnTxfH8RhAM0mES96Hrj9vGr3nYL6Ox9VMwAtAAIBAQArAAsKGhoDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00829{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00840{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1605291688336,"flow_last_seen":1605291688371,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3449,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":371819,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="}
00454{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3451,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":371834,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="}
01153{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":372055,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3453,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1605291688344,"flow_last_seen":1605291688372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3505,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":397011,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="}
00456{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3516,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408044,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="}
02346{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408044,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBgLMCSiAAABAQgKwtdBwX8mSzUWAwMAegIAAHYDA+v8tGquaRc9Lv\/hFuPq8iFYOQIBbxzqAyuY7Zc5kLz\/IJ+TN+GJohJ\/sCFH1vMdRLlZ2ieR3T3a5tv50MEc6iCkEwEAAC4AMwAkAB0AIA8xgsrVa5gWqF9iRDsp0biSTIqha8CiSv1l6\/cl4OBeACsAAgMEFAMDAAEBFwMDCrKmwS8nc0JrhLfUXXRtsb5uk9Yo52gu+gsslOrxWYq\/jztGZKeEqWKgac0YaRHrXtDeq2SWNGdlcuBL0cHUxdPsb0qG79Ch7YrQRiZUkIbyWX\/koVns12mM+q2wq8XAdMf6CzrG4zKlPh3lf7EsKkTN+27jV+QbH+Grgf8KrtLCOtGpmJXK6CfUfuHnfJ7JUaNODpfbzMtqFizMLzFtLvkpLIK+rcnaWZmifdaFqC9N7gVeRvELLG1YqyHkEin0DmVGN9Msn+0gfuHwjmRqMsZ\/m5ZqDkNv9a9ROGkedysmTKgxsAVDTEeJbzQ7xw9uTt+oij+hRS91OYul\/LZraB7fXdFi7xs4NvUlfQCNQRpwe5t\/9rHk2Ju4EOJv8B6tBB0bdPNoGtLJoq+YFQwPtZ1lRT4lAOlDnz59tAzA9uUD12Ah5nIj24hn2rS4bc82ZIMaOpaLEmw2GOa0oNx9nG0iNtm1ETdR7VfILeEf2KsV7uLAAxxo8wEy5V9GsR+N68B5b8GH9i6263ol82VLdbNc8U9DQKe7EysNpBh5pRvVYob396fmW6+UogCoA9F9Dia3RSbTeQQG+Tpn\/3AIc+2Dp9F6qzzMlL7TJO01MMzt6bmD63vi4t\/Y4ulRmLGC9181W\/Qp19\/efpBPkcwz08VnEFRxHiiE4Y\/jZRvkCvv2gk2+U8Tqm3W153ZCMagdFGhQJzYlcTUfi+ZLIfVqdsjcdcUKGGsIrpdWL\/eBCXwVmlyuIqrtLU2WxsldfFRgxKP6JO7jEGanLn0Krw1EwqgMFVeP1WE3B86dZ8HM+2QhG5i8020xv0A5DEhzvOkwE3ZXUM\/AzLZTUjgMtw2han7nU5i6vpQECMX\/RuN7wh9t5Ty9QAYJ7CkZBgQvBbP\/rJsuJp\/IXUYwN8GyBeLXDUfFAVEIjU9EXV\/EyEf2u+7Lm50dg+5O7w29g5E03PXLiah+HBY0aUOCe91U+SPWZuhVzEQ7jpstGY3QO+Ih0n+0ZePLrfNSJ+VkV7uA0jdvV7umHcF8ysFuHozJbHa1OmEsMz96i9TRM6BoZi0fdKRwKv3VRrzSMsGNS+YNGFUO+m\/e5k+KcOvIBi\/jmkkomj3wEu2giuwrl56xsBc4NyUnUpNzWjT71BN0JmCDqT8xitJDi5MnsG8VQBmMtYeVfWnXTfmqReGrwRrWWZrD\/neFoEaSBGXP+YgX5XuGyxT7tk9NOAUbIM7mnd2Ph70qX4jN+uPqJQPa1+y9tt3eJqK51l6oOq3UDH7UQe72F7Bv9MMA6s0PV0BT4LhrJHMNCZPf+l+nQ82689577mwV0Jf2OyY4peT0EFNg9MDr86Ua9\/3\/2XJux6hwIHs0sx8hvEqhdpBHlhl8qxJionM\/pP0Mf2gPIDsUIqSEORWoT4UAfXSW66toXqqhQPEiS09SPhZ0XwhGLZW3l0iWu4aXgz1Ss9oCNTInb\/U\/xxOIRi3NfaaYnCs\/7UR6p+MjOOHrW1FSLCiluNEriP4nXzBKuHbIg3CzCyJh5M45F3Yu9DHg1CuvCHF317tgoobZbLFBR0sZjGTX64+8FGPnhI5fnc6hR4yY+U5r+\/BF1zy9QH0Sed21\/KfIRFlW9NKQBVzyZDDdzLFSug1lg5nSagu9+rGr87rM\/Yh8eRLGszxYmIHElkKw9Q=="}
-00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00881{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3517,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1605291688324,"flow_last_seen":1605291688408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3518,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408071,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXqDout5jbgBAB8TMPAAABAQgKfyZLYMLXQcE="}
02342{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3519,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408513,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63mNtKV6g6gBgLMJhgAAABAQgKwtdBwX8mSzWirApCSz3sQI42Fj6NwAKOQFWwx4xH24hxUU7e1RSdP5ldgb3b95LkJDeHNpmZNSN\/RYDqJf1t+5nY1lIQtbG6EnNR5bRfJ8i5yTt6hPdAhD0dqp5wfRTXVOp9dUACNLiNinly42GzrWwkTqltlKelvSTQVhrtdIiQ38spOtz+Uw9KU3Ir5ijSYU+Gn8Za5nQCP+nxVY+iA1uL0gr57MTARIGt5P+Sxd9C+8LLlGSSjoIYR+i\/r\/MGN5GUZvXdLA\/wCVrkAi7+fLOJAJBrC35JyEWBfU4ScXogECvLHNu5xOKdgGVQEnYGMDoRfTRqzgoqHdKLofFTlzrGUSJky9FO3Rw4SyD9cLP1Bgbpe4SKF\/zmJjfg3d58M\/NVB2OYKqPuppvSWPdyiBYVvQKTKm7kZHUy2TB0jBK2ZfssDt7us0KeB4Clrxuz32GnSwqSZrFQgs1X22AUzOuTEltWVJwLE2Ek8RxQxRR6CgGk9iRwutMb9IIQQjDAyv6rvrcJhoQOBR8LuAnmxA1R0llEeKCiqwnnhegPNrZcDr6pFQa1ftB8miU28gZbtvvPfgSNgPPZlmdjcv7Go7VsoKfRMj1NPbGYtZd1pGe22VHZrBbb\/EnM4NDgZU7X2wAXmnvpE3nmr1yOLdyNESUNxyyfOnWk3y6t6IxTQg4kZTlxSyUdNzCKhq7Ll+NK59W\/oAjDutyYMdH4YxAkwOAVdtK0fHp6rzLijwvSezDF1ZkWvD2eptJofHUUxJbYWkMRa6A52EwNdRNH8yasup6HJJdyGrzP\/UYu4QY3e7oAEipBeTPGZCmrfY9FgiT9W1\/Fjpa2Gt7BqENznE0H2fOoOvtyU5mcZd0zasKkJPvaZ1x\/+kMEcZGpX31AzVzhTj4ZB9yvUg4pEiOKNTYPO0jOexv5\/CPKxWvCMUW0ur6QaSJCaeTWOdw52+jJi5rOz2j04XnZlro9UZDcv7U59Ib0jsox1y0XZFX1yomIjMoWrDPKWNtJZ1kVg7Yasc39yAgo9ZCwEjzIKYw7aazuX2C4pHHviVD0uNPJ59dGx6xH2zU5wylDuW3UJXbYCjy\/ujmhy2lsOb+0+WK71ubbTckelE38cy1sSmc2XI1zZ1CnRU61I7mh7uFcYHsIuMkO0x7gfwz9AMS4\/R1OeDGuSXCov5jFWhHL4jXXV0Y6lAgIUfWijaIIYDtQp129qW55eoEqrkdFqaNYyPJYIB6wW6HgydBYXcggVoh+ojOjc8jUK+8UfowtOp8o5bXGQbybmrhVjaykhslKYCz6rsF2ZAAxjQ6bK3OJRcgF+y0OIL3HlXVQY\/O7WGhNBlj4VCDrKCY9VqO09YtL2Im+mK2qYrKLIkxR2S+BboyeuP28QS+QtKAwXKX\/JYxiAeK49\/DU7se3YQzmtSzi3T3NMcE73IMj6bAAaZFY4Z2KD\/lO+3VeH\/GnuUhE+Usd7lP5d+FMjLHOfbdnwO7EZtt3xZyJCG0EdA0IEF1iZCOJr3jnBiee0shhBOgRvFCX5Di2ePGLoRRk\/4oDD8KpxmEcSXWBDXRbefKafUk+GYkX\/jLilxiizE8cB9W04tSA+nXA\/Wf+vPQwHeAdU\/ZTAfPYsNUQ1dgDPrp\/eVDaEiw9K345b\/eM4ZIf\/Lp7H733MHlrS2fvSf5H2VmZ7Lzm8ccGZPJ7HjUAI6baow+5NTEzZpYo8JzCWXZMssAggcRg0eh5\/W3GnHcfY8XXByZGiWGcNzDuZlC3AY+F5ZQiVTeQI5jUlOEL1f\/+sLAiXrby1ptzpNASaigLSqm884hj3rfnwMt3Em6ol8KzIYe1hundMYfNbAPpieN0cXNkf54oD0lUFdbmwAA0xQ=="}
00596{"flow_id":34,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3520,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408514,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIQGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63nkdKV6g6gBgLMFT\/AAABAQgKwtdBwX8mSzWZAQtKOmC1Cmerdjiwl25zxvQlLKTxyRIsfRSd59vSCP1FHBqpjeScKIz0NcYEkjRQ7qA8y6PGIoYEoZ4T7RwBEOdmiEu9wwZaGN0bxBSDJZ\/N\/2bdOdfViyR0g\/bbUOqTfL5\/"}
02342{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408514,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBgLMBQ5AAABAQgKwtdBxn8mSzsWAwMAegIAAHYDA4OvVEE8P8LeBhM9sxYB7JO33u841one47T4FjONL3E7IJCDNh4n+qlo6kd0ODvy\/AwDjBO0nZ+gYy2KZgyiYgg0EwEAAC4AMwAkAB0AIGlLEoqHSJOtf0NQaf58sba84Rk29Czu8zFA6RCb0SgHACsAAgMEFAMDAAEBFwMDCrNpssVxv5bEMF6N0DvU13HZFusYYefzxcQSvf6yfnUhBgmdDW9hrhPPT2nUbgoAoNP2KUnTa7Eu+zkSDXr+\/8rW7sLWiEB110AqG2ZyKA4audA79UGs5fRFb5GyFTBt2uxcMpYS+RzRKO0hgIJHDc+NhZ0NhuOqWT3K0OzSpBxq+xq7UKVK9U1tnZCyLu\/XTk8xx9Bf1FSoEJHPDXVfOlXNdl1CXnb\/baRsWd7zLPj1h4f5QFWeXNqz0qRnO+4ABMJY4DYc7XQFdhSI0tmnOra1XMIMPBVaoiBwRaLkX2CEojLoq+7Jd\/XmC0yRS6ysd\/5K8UK2mah\/mzExS7266A2tN\/BdOchaoKCtTqUAy9QBFHidUyAEykhnPmmv9XazKodZ3D5Umh5JluHiOZ29sjOh\/mHEyDT9Evfst3uHVCiUvjdkQEJ0wgW+2j\/SY8MhP5bMgYT4keK4DETi5xpMZKtyN2wSUZ4ZHiCl8\/+hExmMQCaja1BGLtWCJUmPEsNX6um\/wFyfPNRY192cV9aCo3trSu0spUJwTeF0iVTanT\/9cqlj5iyJndfyz6F5sMhMrmU9rOxzmF2FqOvoYloOUuLdEQFI38F6JKYcnikVB4tQ3uQSB9SjQIo2xTJGbnEQecMH9vvcAGAY1uIrRloh4Oizv3gHFPIoSGbdl29S2oZhKT3FSbYA4TGtULxkk0Ss0GIL1jw2o5jgRY\/VRdW4n43ANilnA7LloaFhUMvjfB5J0lsnVgDE1IpbBqBs7JtyG2sYN6+lbrj+suNaqDe4UD6f4Ue6ewwl9GYNeXw5mNX502l4gWiicxnzQemyw3BALd1l28yO5f2End4P7DRyLinFnrdJTOe7lmipXz1y8wC34D399b29znf0PoSSHTpvOATbEFiNvrRDskEkGIGTuSFSJmliQDiSScVsqv1+XnUr9jMN9Lkjpoz4rDj8Sbn7EvaJS9fpBpj2btbGNwcMYZEj5voMlIIdCOwU944ysgEM\/1skaNQS1tkUNh\/u0MVsZjLf\/RBBXDFevy5afuDxyKzfom9ziNW4QzGaYXv\/wgYkR4vSvAqoslJp\/foH0jO9Rj+txz0UXxh\/CjW7i0OHKflEx4lZXqH1qVvhnAeCoCbhQRhxcaXdzl3zI1KecpBErUPA87UEXGOX3Ah5usBkun6pj115ffqMJFvwWOAjiOflplJDmocMR5xYQCDIBhPxDBts7wmCr8i9luh\/Hpu6qI9C8xZcu7gA7Tdrv+lLdU1uoN6qOTj\/Veo6+KCrLTcPThYsTsobiHQW4ex+hc9g33P21h6ERqwY9Ts5oALhTHUwwLarJ5\/n4lkQDzVWyXcrqU\/Ri9Aj+7pM3tYzify\/LLjiDOCXfR7DNvwa4SU+LBxn4k4Vtn2CcSsV+Oq1H5QpHKcork61+w0mYcdMNbd9yOcLTOyQhAif9sessY92daMDU7oNhyypr+aR18H5frX2iuyeb1iMO9bRlnfawA21aD8AukqYCRiIi5elxjfRgyi3\/nPT1We1oYGFUN0wLBJqOd9rRQkxzDrniNseELyEaEyz5e9+Dsf\/vt7M8LrSaJCnIEkMzTWLznw+MXEc1oTj8Jj8lDLzOwEOS4yxQyOkQZqzeD8Vfm3j6XYEm6Ks71a4zt7Myv2h6IWvx+aH22\/SyNfj3Q=="}
-00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00881{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3521,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1605291688336,"flow_last_seen":1605291688408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ad.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02357{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3522,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408514,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMklH02CKk+gBgLMJidAAABAQgKwtdBxn8mSzubt+A7eUnAKISP8nJYU3iS3hDr2o2WsV4hnMNiRHCxxo796342BLTCKmI5ot2fMtZvSeM\/Pjnol2gJEVIgbWf9Sgw4fIyTWNR9M9KWfNFgSlL\/fQUStiPMs4wmCoonos2Nm6WBA2FcyNSI\/u\/5V34q2ceSNijdqAfD0QnpUZj93+j+QBAfSnpFp6MZwtA1bzexO3LGd7D6OH\/DDSOg4UtmXllnmhB2Gteqq6qhEVhG\/rZ5sQt7ArAKYstCz\/nvZtjT7zZ0+idrPuJBx8\/vxj0MSDpoJShpGPF3u56Yqbq\/0Q8lzOW14xzNj6EaEpmmY5K+bA9aNSL0ndRymupnMUH+5ebOwfVs8E\/5r1Mdx+YuSa\/7ODDRnd7i5t\/KnOtmhIfRTnlRWN9LfiqMuWLLf0COjJNPXNzaeIIU77hIYcOuulfrwjcMB\/bQqZUKQnMy1+sSLDRToDihTai8oRME6baNPLfLWu6ssCvcZ+lFZ4UpkrLQFKD76j9KIMjjl7kpQgRIOxRVW+cJnIFByiVjR6M46vMbmB2Ri3TtLLfekcd\/7Hxaniwt9xtbhl0s1OrkQFQw\/Zv45yPUeP3hR5i\/SZ+PFr75nTSXz1Nnq8C9v+Dg3YPc44e01drs6m3Es83LWUUfIM1M7arKPkGysaOI+Afj9XtgLMrtFBq4v3T6J+Z86A+pr6tmXpkRaJ706Zi\/CiR8AXPtDAtmL5+7A6+J+3U\/yJzRgAi5kTOXwvnAdnHl91o7QiXMdF7x5o7q\/NcYcRPu1l\/HI5UIjb3\/WAaRytg6y\/3qfyq2KH3Egx4eLRALXhmOGFq8CtAr4kv+2CqSC2CqC\/uVudLrLRrIAV0WzYgkw3NMCqnu5rORX81ifzhr76FHPl9AhSw2cP\/cn1tXjZYZll6KQDgjgSmP0JH6kDQDeQUnRPSz3PYrilhYZsVpFxTqn9Adn8RF93ACbja7v0mTQOtbP0tFC4WG1Uicqi2gThl4Bda22dgL3pSZJ8R6iwI9+G+OXZNxAK7XlB+F0\/xynawgmRRCbcW1LNoa5Jo3vN2q5gxkyhtu5W6AsRpVLnvDYb674PgYX2AA\/vbw1lwW\/mV58hqEWDSIFGe90E3SeGgDrHiFzWtLT9pkJkImPw0RyYxsO0dlIowTt1Qp+a4v2t5vTlP0JCyugoMe+nnlinAEv6LDwOJBO9b9xAGo\/pH2KRq1dhmNvvlM64oWl1Bcwufft15eVarDd7kNjU1uIoCC98v5UVYbkgyBbzsncHiS6L8dYjOx1pyacjPOAKMaQIbUgrIrYZwGaquGGx7Gl72P8nIV+1hr\/d\/YpfaO\/mgjhnWtcaBFEEATwtRlJzw0qGkIdbhZduOfkOTsuEHXBVzd8B\/HXQcNo74XxhbnQouK5lkoBz4QoWRVGPxVXleJU2Ju16V2khW8Wjxl7\/jfeIYrZUp8MoZ\/EKk2xKlEYz0uJuzasXIhWri8zq\/IkYbfN\/8TXkUISibbxafwkOQzdiJQNiWj6M0y3g+f7po3IimQDI\/c\/J0yzgE8qDpjt62KTSaSvxqrUZPHVle+Ak5NdA0mpQ07voHqIJ56EDLLjc0b7uioVGqoyr0UwcK75gU4bY\/5sz0i5l1UsXyE\/xhp1BW3DXNF5Khf5ZdLLls8sJKh\/Nriey9lUyLDAPH\/v3i3HiVzIMUuUHb4oraROExZEEs+6nKIiKZ238KRWP4rjUaAUHbLDH1icvrh8kloKtrNG\/3AG95tfcVl9M239dTnFB8XQzcduxkqnjBHvLIWcFmkB89yQDJRoKztwa73vUr54VvrSgOLHFcur7S195tghyTX+dKi4pAB6pQYwfJ2QFL8jnSHh0ik7TzCwQ=="}
00600{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3523,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408515,"pkt_caplen":187,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":187,"pkt_l4_len":133,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIUGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkmek2CKk+gBgLMMEcAAABAQgKwtdBxn8mSzsMG9Zlx4pyIl38xUkHT\/o5UVMEf43EGtYcv4lIY8Fi\/LqFSKJSyE+GNZxkT6Tc6bS7uFIbM4czCsUnkH8iWm\/Xyol32BKfQrmSx0DiX\/IhEgWjA+1bVw1qkCgBI6O9YkwF8K\/R1A=="}
00456{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3524,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408515,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="}
@@ -652,7 +652,7 @@
00455{"flow_id":35,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3529,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":408584,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gC0OFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx54BuzYIqT5TJJpOgBAB8CB0AAABAQgKfyZLYMLXQcY="}
00544{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3537,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":411378,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gDP1bAGAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtHmx5wBu0pXqDout56rgBgB9UYlAAABAQgKfyZLY8LXQcEUAwMAAQEXAwMANc0QwgdYcEjWX\/4wHLuVBW6Cm1u7ajv39dhbN3eeeT8qB9my\/v2hL1Ym\/5KqxPzMl2FBNbNK"}
02095{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":411963,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBgLMIpdAAABAQgKwtdBzQi3lrMWAwMAegIAAHYDAwdEGs6PM28aRDUfr85y8ItLhGm8dhncfa\/H0PEJLScZIMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3EwEAAC4AKwACAwQAMwAkAB0AILH+8bGwSzpBayU0qSzhs5ys7+k5yseALgfpJWvQB0MQFAMDAAEBFwMDACTT6\/9EsgUA1wRffADr8r3K8DQ0ufcad5WYKh\/j8R3zs8o588MXAwMUInOs6kgZLavQW0fHSkHlq3XxM6aXqwK9FqchVmgJNhblsEhMjuvQ8SgZRccshYmKh\/0P6dkwX5vAxifPv6IBarj3DvOgcBbi+n7G4GhYLAu6SqvMQiX3c5xmgQ6E02\/+OJiAsB6f0HSSma5bKllBc764knXeT29Am\/\/GqvH7dx51OPxO9j7gGFpkwXR3vVci7R2IboPfQKb92sLyEYFUmChFWHCqABVjehuYQd4n0tVNgPwzhskiS+cWzE6uCkXOpMeIcyxYA+F9bq25eN5x+XUC8vmSZeVWL5KmR9HOd5FspWhng4ck+bHvvjkJzNMjxWmY53TUSv7AH6DveLt4fGIml+x1MqiQOAH5JvVTShn583WbAk8VHYAMPQm4Dnkv1dNDbneA1gttm4vU0P\/9Mbwhl130k0BpxUC78YCKY1wVMVuHASeKCjw0SiVEyQwlYyUWRIBG4wwTF00XNJg9Wfz1lPdBrOVvbKZHJg8uw3q9gyBpwV3kCKLWaCJ3E0TVezRY5Rp9GEM5XkmyJARAoguX8S3GGqeI8GewSZRZ+mS7noPUs4mAmKlrz\/WsOgF501Cij+bOxbaEuN3hTxeM4XhUYXmEOguoIAO3kXc24MFuBTGAE+ZSP9bhpRXVkJvXjT2fDnejFaM61SiwCOzbArwflI3JFae0u82Nq4yrgIFVEhrOskRYuFgmNS+dBr631aY3N2t+hra76v7Mhzv84A6zmugofrskzRvtQkfW8GnBTYWdVUScNQWSTb4NTqoADHvBaAsRryDKliEDk1bhYMVZYpw\/F6BVjWxme1prLEQqmkwcS5b4m0ILUyFof+bZYRqDRy2Kvr2U\/IVBrrHCzMNBIuHjFCFEbICxgi7mlblkR43pbdCheWo6sN05w6iuSfanPIqIMtGHVi9Hg2sVA0P\/1CCSQ5XM5IFRU7cpDq3Jy8Y\/m8+n9jTWKITJGCgTmn9dE6OewV6UXeNviT415cZ3tpUnFW0EO1VXQo92+64NRKr+WFZ4PI8zdzm88XUiGpdzOux7G3zL1JeOURc3MFR3\/8qgZxAEof0kPgHrk9gh21dZwu2GuhSpDi\/F41v+R+27ER5D8Ci47AiO7GBxlcqX+DKgBH9Dey2U48b4p3xOuvZ+HrxPUtfzsn3FzPY1cwpAOQAUqILjOxDolhgvn3MewSp+LmRu\/u3v\/17CkbTRz0OWPk\/W0Z7KKr0Mrdo5gKML7AyOva5o9IN2nO329dJJoB+vWpO0jg5rAevuqCjXId3QWCUahOgZMYl9weCb2FiMB5+3vGdypjKDJIxC6CIRuk4kQWo1RoyUpMa6ZNRMFsd5xUoU+FlbTv+CPUxQZevVDCX0RVg\/rbo+L3zQZ6RyyB9r7w=="}
-00875{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1605291688344,"flow_last_seen":1605291688411,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"rules.quantcount.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02106{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3539,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":411964,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTgIyJtEBmgBgLMJ3vAAABAQgKwtdBzQi3lrOdVxkWw0mlqOEAzi3echM3PtTw5UkYNYI\/Is1CZ2GsDZ58P4JAw6esPax49k2PXMDBp8u6Ki2SjEhGA9Fuf2vg55EF5LWHyTUZoFSkZBXukruYU0JWwn5lIerBFAqjjo6EU4\/6UqnwMlIE0ui67LeRqf3rg3y1IL4AF6\/sR6UNGfjZ8qtqhrj9kwCDBeM52jGrPLnmczetKXG961aCRTptBIKTha4AoLpPt0gLNC6p6feag1cqfK25Uz6YgdDYG7x97amg4ELVOxRT9TZiHPjglWnHlpHbMqhLmej8DDGeP1kPpzJ0yKjNgrDR\/nl2YajzdhTb4W0Z6aLiMutoXbm1du2AvbQpOkpRXQ7oO92YQth\/2k8rRu8osOUYNR008fnczvlFzgsMthfvU\/mpdyCZnAdcAFRhG7j4idVvYxse2PsGhNh0X212ydb39Buf3SjhD\/QUnB0v67nae46nm1EhUXxQByFa5\/J2BBcyZC3mcunjoAQREOKYYYMdPsp57L\/9bprgTDmiXOSqe803ZNO3rSbrqd+L3rZoqMyVrSyDQYHj5wJFryJlIH6dF4zBHDOS0Qc19Fq39MpU50JRBN+hnIeF7kOUi3nY2RgJKyR5iJ\/OH3RgEvSFzIgGxwpk0Fstpc02l1RSZCMOg5FAbK3sAE\/jhUr7FX6FYxliaCTPw+u3PhflzWFa\/XZjfQ8jbCN0Ge\/IrKENLbzU\/6207qbkU5VVxoI8VM2\/HxjSTXzcWe2kzyZm1BiNAcpfTbuBstxZK8Re+33PUjNITszYr1IPyVPcoTxysgFQrUSCtqZrRNshAy\/+TYty8ouOMmvjvqA0611GL9FQ8\/I+AtuEZNRblkXxvsQbMqDZthYIdJQFZykG5dYk02KUpa2Fycn\/noYybpVad0uPTaCHqhCRVRbYbKUDD2gdycZinZkL6Dr4kh+DcvIPsfbdwrwTO+7AAU5QRWwckg4W3fm7BGHySUpTrxMEWRp\/j8JKtya6HpIccg2oVOog3mKsbQDP\/+eKKxiwtJFxP7YtJRLWaVzeT4UE7Hqzykhu8UTUqGAdJALjhbwcKgrE07P2YbAHf7u8JtS6OAgnn7ycWLopRY2Pbg7+PkT\/CIUNiSZLEre7DCoJfFTIsE4pu0WRkF8OJsuHGUell5uJ23CHAvhkODosjLWJqmEISc8S4U+fkrdM0z\/lrLanz8aF7\/uzavK+E762AnlLozH7LYdnp\/StOQqjgIGpvd6qwugLKAlS0ehDXZ69ZGO+TCVzaI2Kw\/bz0gi50NzdPucIhjjRJ8\/x89nl5qZHJSlIupxjDedxcZSocF+W989pc5gYwB3i9opvsIm6zLR+LdkhVLfZaqE1WrGE8G0QDLqhZoApBY8ah4eMRMKh3\/YsZNSBIEX1c5WTjJh6rjkwM4HdkesbXxK+rmLweCSdcZMYFbA9dcdNqgyX2jxu5KtpGzdbmQV49g9wv+deJFNU\/FR8VZLGVclHulVCuweP7Sm\/zZP2GASA7RjY50FYr\/4lVckAe+OCtLWaPcWFbtVaLQRRfJU4iO3dMucGIfCy908nBh35\/oC5mRRW\/BFoTNejwSIy6JncH8tNWEoUC4g7ZvATLeJhXA=="}
00455{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3540,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":411986,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0QGbs04CMgBAB9d\/2AAABAQgKCLeW28LXQc0="}
00454{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3541,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":412008,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0QGbs04VEgBAB8ttBAAABAQgKCLeW28LXQc0="}
@@ -669,18 +669,18 @@
00457{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3624,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":442737,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63nqtKV6h6gBALOCOMAAABAQgKwtdB6n8mS2M="}
00457{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3631,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":452942,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkmk42CKk+gBALMBcMAAABAQgKwtdB7n8mS2A="}
00459{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3632,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":452943,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkmk42CKl\/gBALOBa\/AAABAQgKwtdB7n8mS2Q="}
-00523{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605291688611,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605291688611,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3906,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":611238,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z44AAAAAoAL9IIe6AAACBAWgBAIICvY2BR4AAAAAAQMDBw=="}
00467{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3908,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":654248,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="}
00456{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3910,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":654303,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="}
01150{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":654612,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBgB+9l4AAABAQgK9jYFScLXQr4WAwECAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAgkrvLnn5W3A5xznxU8nIj0ij8otKT8iVeuL\/XwL97plwALQACAQEAKwALClpaAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00854{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00865{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3911,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1605291688611,"flow_last_seen":1605291688654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3996,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":695528,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBALMDnoAAABAQgKwtdC5\/Y2BUk="}
00590{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":705717,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIMGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBgLMHVeAAABAQgKwtdC6fY2BUkWAwMAWAIAAFQDA88hrXTlmmERvh2MAh5luJHCohEWeruMXgeeCeLIqDOcICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxEwIAAAwAKwACAwQAMwACABcUAwMAAQE="}
-00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_tot_l4_data_len":824,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00904{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3999,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1605291688611,"flow_last_seen":1605291688705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Twitter","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4002,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":705748,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3aZSUttIogBAB+0KFAAABAQgK9jYFfMLXQuk="}
01158{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4008,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":706148,"pkt_caplen":609,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":609,"pkt_l4_len":555,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AisGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3aZSUttIogBgB+0VNAAABAQgK9jYFfcLXQukUAwMAAQEWAwMCAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMARwBFABcAQQQoq6JKIUvCtQW2WM1f4kzEM2qRGZR3XMSMFgQvtdw8atTqTTNmLv+cYw\/FXvi413mjUEBKzwg+syy8Gu7YXHbVAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAtraAAEAABUApwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1605291688712,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1605291688712,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4030,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":712501,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="}
00456{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4079,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":744114,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20ijxd2ufgBALcjbcAAABAQgKwtdDD\/Y2BX0="}
02105{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4122,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":747623,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20ijxd2ufgBgLcmxNAAABAQgKwtdDE\/Y2BX0WAwMAmwIAAJcDA4Smi5wpRb2U+V55pJp5rECJEi0xYzwIXhvYQjnOEu+8ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxEwIAAE8AKwACAwQAMwBFABcAQQQrkHnz9R4MakgLpWBnmofMJDyF18KBrTvwf2k\/CkR++lHCHWy7ijMlobcNpN9JehpxF3O08oI689FxKaqzO14xFwMDACBm+Kit0TmnM7XT1Wl\/PBHb62W3BppK3U5DuhmWqmhfZhcDAw1HHccfGKOLIMhw5dsCjEMVCQZTffnt9K2YzlGPfmNud+ii46i2HV\/KC3hn2r4VQUBEfulqbtuv0en8f0mjWoRaH\/mP0WrJKeJeJg78kr\/tVmiTnpnXPsU7kDp2+\/2QqHP4P5uSQg\/6AHneQqg0OEyHCRP8NbtEu7QmxMbwVTjeycTXSvqBJ\/m1ZeyHjm\/e7nRU+wPlu0NjtGnPex98zeZPu+fPqqs2YaKPaVwE3RJR4xcUxduqhsXYq6MwengN35KRRUoJTC2vhIg\/jhT0fZcmNK\/do9Ns8FrussL+YCCxBNmnfjgCE+8Pe\/H\/2sUL8F1fuXKf\/YrQxDrdJxz3rd2veI8fXzITkl2BUx6OK+iWXzV6PoGSjyeqBJKnmkp3DS76jyiHXiGGCxqFq3\/JdNHWpqrEUD1lC69mLODnchRHTHdXDFOswYhKqvFYEc1xTQc0oYp9vdg1uuJKQgpSnzwtY6K642Aqi5tQB4OWNGoixjv6nSyY3Gx+4dyot3Q1h4MBrSRrMJeiipTwxF0x0x2FiGzPLNCtc3CVaOsZRXk7RknVOWNkZ2gIsVasW19xMPb1czCnGXhkG+KBixEFdyUigYe5xOpXWPvGWcSDHVVPVQ+ihvi201JFaz6d0JpzzZ2amCpZSQRZU\/VVMbIi6DxAJ1OMKIzVsFB9eDpI5qgWcut1bfFY\/IPNTRl9v6DcZzLqGYIe\/JYoj4ozYWYfDujvHWxYBtT537Id\/NXNea9OPYOp6pVEcExr3KRrP0Tq71G+IYMkt8sayTcFAE67R2W3UKJsME\/r+v5md8qweZc\/31LYCCpAbHOqcJ3Adx9cKl\/AdAkQRfP7R68ljFa+yHnKp8dnBQqjmjG0C7PDw0SsT31pTacJ5seH7Tgas6SPz1gKsaiioGcaYFwcF2szE0cTjJ2Ws3QjfXoE3INDDabgZ2EiLaCsdGkKuS+PT7OZUb+V\/ARZvoJYbZqu5KZ\/foArvaUJ4Ed\/3616S3ZgUUFMCX0tFl\/qGqFuZL6SgDccPqf9EkR12d9y9gx0vMxpwTlZfmz98UJvD63kLIR2qr61OKPoFw8cVHdX9bJDeRf0r7NsOS3RRbCt6gArPqQZdqErSmKt\/ho3d8UCPgDWY1GQdv0Tx3hE25RPz1VyctBMBY+ZJ5b8SJgJueVIoPyH4ayGkMf7PsUEGOZocf1x+oRcFels4tYfYQbqoMmclAJu+LJht4vVmZEY+8MWplQFMIH0RxSI5BxwlQLYe3I\/bvr2cSY0bwpC4\/rNahdQUYp\/ftp0uglXcJcpmGyRpRSYhglCm0VIbXQNg9CFA2n01P2jPePqwKHJP4ViJAMxCt5qcA=="}
@@ -689,19 +689,19 @@
02107{"flow_id":37,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4138,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":748095,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS225jxd2ufgBgLcq\/5AAABAQgKwtdDE\/Y2BX2WGEPb\/CLO1NRSYhSBNTf1JUYLuU6LzlfxwCa5H2JgfD2RC\/mjbuq2i0xNroUNoijtmGqaI\/PtSqJ86R\/YRWhfrxvCmVGUseMxuaaXIL1fYjun3KTGqeACoQ8XgQRq+jd0ZNRnPxwzs7jOpNwvlCRWB1oBzmZS2onzVZE+voV67Xz8ae21tkOWrj7+gS6\/xGpLq+lXwCjo3JYddumwAC8nKeWk5U1fP7qzj0vhPjEpUMkudXc0N3EpQw8JR5yYZc3VhljJmdhXyptFDywrjdQwFeRuCguRiOhQXbb0u\/dUrWHyKNDJGwro1eIlIRGCMBqgfDrDfZ2FAqh6iCCXNrbgi3eq3vCLHZHWYqM4tjPC9EDojlfcnU2phTAkdeot2Ml3\/\/M81Z4IVQWKkU+jzHyDtIq4LSn3h3rytDrGSBr3hNMO2iKQk+dirD46LWSPhUVsqpdf3D+wDguT3a+CqUz2yAik+BydrP2+cNzyTKQ1Y6TJihrtS5i\/7ctaaSz3jEZQs+VPVmRq1\/bVfePbHx6O948aBK6S2pcBeaG9i4wIKLJrsYh4gGNuKw0w8ZMcQLQBv22AfMisFN\/u\/pbv0lBRhMcFknA28p7oHkUp5bH8GFTl2GNRtEHcxe1VaEaTNU56EgWyDaZvs5qJ6WWyONrUQrZcuWxB9aotnWfFMmeTLfVJtogm7kIRl3uukS9JRXKEAynaMJpgQelYtUgJQ8lkGOowx8TPqi1oa96QVAAePw9Z8OmG3X2wKnHLaqycccQcSibrAs6We0hqjyIeusJorj7WCnpOMhQPgHDbV8fdnUQta8oHx\/ZF188tKwVF3YRCobeF2gRlzoPZlZKcMfIYPwZ\/cU2DWEYvUZVqxaF+UmnaAhKK\/poml9AF4Of4o+FcBqDCaYmKGBRkfFf58wD8CaEgoVW40UwphNmkcHyEdyzX5SdfarqCQSDfwku5rfx8qMQlIseAd5fzf5z65DXMYS5r7NKaTg5ohzeK2dMtAfTnLkfOSeI9TRoDm\/1Q+BQWVVkEcKTf9D1n0hitUU2q9EqQgQzzLFmtfixti8ivjY1Tby4wl2xPM8xURfbtrui7at7PrCWhLqdVBvxE2LjLZssf9ZBLTwA51oaOHhWFvI\/Lw6a+lssvhtX0vCsG2U7vOHpp9cF4kz3oqC9kQW5Kqqok5dkqShrr2ysewPy1Zgg6qP1MKVP15\/+iOep\/3MzXLIS\/NAuCVI+5oYJ4+qf8\/RXNIqZmwCpLtayYlxB\/SMNJE4wSPnJop5WQhTGC5l43miwGqyBoj1aTocDq9wOhMnHrLLfxhZA+OH1VD\/vg\/7hR+sBz7t3DABvn3uwogawv5\/TPb0kU+Htdq3cRL56QNPbyh7WxKA0xaZy1AdYyFZQJA3WSa8MhD29ELmTHUcU5nGVITLaFCWQQwLlbX+0Dkcutu+7Ok6h5\/hLzw\/+fK\/N1MrzJdHQ+cZQUxsFGlq\/TVJmbnNUjEaAJL+F4PDiPyqoC0tiapHif\/8jYLMeRGCob8Lj9Xp2t2RaOh81+uSPhN7Ez9qPc\/1ClIHJ40lsZOkJaCGeyYdMrZJQkU4n4km0XAwMBGTUGy1tAhw6oXRpOQPRDT2SvTQ=="}
00457{"flow_id":37,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4140,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":748105,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3a5+UttuYgBAB9Ta7AAABAQgK9jYFp8LXQxM="}
00457{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4141,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":748109,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3a5+UtuBQgBAB8jIGAAABAQgK9jYFp8LXQxM="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1605291688749,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1605291688749,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4145,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":749044,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7IAAAAAoAL9ICgwAAACBAWgBAIICm3\/yPIAAAAAAQMDBw=="}
00467{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4156,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":754068,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="}
00454{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4158,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":754101,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="}
01151{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":754330,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBgB+7qNAAABAQgKhYsnu8LXQxcWAwECAAEAAfwDAyXaTUGeswmyVM8\/Dl2Qf5fitrGFmVKyru8OELloUAwbIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGwAZAAAWc3RhdGljLmRvdWJsZWNsaWNrLm5ldAAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkJbXOIyvxcmniIJLU3Qom4gz6w8\/FjW9fJVELvdvcGIALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACWloAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00850{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4161,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1605291688712,"flow_last_seen":1605291688754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00469{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4267,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":786435,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="}
00455{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4268,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":786460,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="}
01149{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":786633,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBgB+9LpAAABAQgKbf\/JGMLXQz8WAwECAAEAAfwDAxslW\/nV6n4TSU+WU427vUmpkTBTAfJMCiXCjsW6jsM1IDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AIOcwVI1IhWdfqyJF52U0JaQN9BKpJPL3krZ3EsrflGwKAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAvr6AAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4269,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1605291688749,"flow_last_seen":1605291688786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4296,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":794873,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBALME23AAABAQgKwtdDSoWLJ7s="}
02100{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":813598,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBgLMLXcAAABAQgKwtdDUYWLJ7sWAwMAegIAAHYDA2+BoMoxpZlcsL7F1ycglotxIsh5yIGMJgNPiiFngHzrIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvEwEAAC4AMwAkAB0AIAUWTr1\/Qdiq0pKiqD0aB6SYA+0nVOzmkqcn9kOJvXlCACsAAgMEFAMDAAEBFwMDCrJcsj1MIsiTsXx0lbR1BmqcCxYIE8p35MmZDPd\/BKaoA4yoOOimcGniavf1+z\/cKV\/Cs8lTrMZ6eU6lwqWhPXchk6pe4OBLOsJEaE0fnYdAS7\/h8BWbGFrWGX2mhjNHSyjFaytzoC9oGXi7upsr\/szuA9iAzzz340P80GfaBoQ1A0Q8DhRGgwAe8nR6l\/hUCHutNXAGK\/Kba5goPGQrb2BV9x0sivVa5lZXLeKK8Ksk4ebG6SI99PtRxBxY9sx7tGipY3Q19re5nMgxhow3zDE4WMv3v7sy56uj1EX2GjmmnKl\/42fphJ7KsGxSBLLfrKYPA9xG1rIkF4S3bWY3VBL2Ks0b+JVRuJmmwCSeDK2d61gSFLIVL\/g9JGQKuMJVph7d7k\/BLgkwDrSDm5TuqW5rUoOyd7wwHf3qz38JezHnB432gQySJoEQV5vcTHPKgUZ7dmWCZ2QXPUuvEyZrAMhY5zYtIK11IrRkqywLpq3MunuLeYzmzSwpQ8ZM\/rTARoEU2bqN+b3pWiWJy7b3m+D\/+3kKXip0YOBcpTsW5NHkWHg5+H+ovuH4yXOEkbfBreualUQDEBUvbZRBGzqP\/KcShdYj9JQDnG54iwfrzDCKDZ4tmc7AiebIm2+SdPYE32Pk623iz0Se4H9UTXaNSd5xrV8caRkPEMQmbLxR9ef8mpio+z6UXjt1zeNbppBCo4rQ1o4UfL\/B2ZjiBysRuxX1ueqIm+ACGWd4JF5gtswB3irPFTCOjtYQDuKUHhbvzLixorrDtL2si7XWZ49+8kT8621b+xGfWPMYEP7uOrOfN91Cx\/sTasM0XMiB03ojlqvazJaaqR+o2ImebJU5ddiL8u4bGikRuUulsro2Jx0rm+FqUJC0Bmpz7nSOQCzGwRKV1FHsyVw\/s3kFmpTTxTZMFKaDyr+qpPMNfK8mxhQg2r4+xCoHOpFYGn3W86uEqSEtRUrvJazZO51ZDsdTOfG817GZvtpt+zpIkkkMl9Oznptve0ygiyBIoSJDB3itFuz0THNX2bpn1K7B5PV0nUv36n+KLCaoZ6y7u1rRyqNATm9mUXDOGHg+0hOXrgl6pNKHKcH+FgoTOcz5\/O6oRMaDOJIZMgGsXLBEN\/2VSI06BMXdJ\/KXoy\/j2+0Bvs\/rMLjMxU0EkqX7kYnQ8qavpgcpCD0Y3SpWVmn\/sDPM0vOcb05gkpp8QRuvMjdTcyUrmjDAWErw1s6sKe0I4FDBDESzKjLxRzW7FOlQ71H3s91eAJBrKVIgyvZGFNwp\/x8Efvdl1X6XC2wdO9hmwEEkrigxdD9pgCRy4ZiqtBs6JrVALzrJb+0jsNRIW4gTc7CHG6DoSkQO2p+ODmUdYNmXGLrTBNuygd0gXW5awWj5b6quH+aDnQxl\/Z9dobpDMps5ScaLB2MSKEZ5R1qPXorlAA=="}
-00880{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4414,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1605291688712,"flow_last_seen":1605291688813,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"static.doubleclick.net","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02093{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4415,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":813599,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyB2FUIR8KgBgLMGw0AAABAQgKwtdDUYWLJ7tS7xliDvzGK\/6qb90zeMw03pkrulg\/a34QNbfDvt7uaLutfz8L0tvfaJBauaC8HB0LP17vXhum5iKhD281Dckeio4YuvRNHLWxhEsCZKtu1SsKUGLg2qpcz\/z4V1xmxRRkAYXw7siGDrFMxVggTDWh3RiV\/0w2NogKcVzTmVFJeOr1hRTpZkSACkh2BdTy6daMPwrSIWuVOexL7QfPcDJHfcaqho\/XlCCd7G77LLxeBTQDcK0ZbrFKI+TKoDvwMweJq+1yREX94QFdC85wM5AJcEnwZVcgC9ooqlA\/Wj0Q6i0dgZtYtCWqmXGAFWJSxQGQDCMGpdzG2PFdBixJ9n8aXY2UliygPLyhcgpTdO0ZKJxIvl5tmYjNpZuQiAhhY1lN7e8OJ4clRS2PnUUKVhUmj9NFl4d8A27NgRBwzNo+sQETvFnyT\/s22NDu\/g605cWStCFyU0Xv4Uh4Vz3qUfEgIyUBoLByDDw72FL7ffb7HyRnQNDGb4IMMlrXO4f9fGiA3vqUQX7WUN1DpFQBgkYXptlccaN82IMNAwpTRoM5s+dykvAZG6eTHsZd+Zvef9POZEHckKqP0hQwHt0+55OVLBEFhn2IbMIHSg6W7HNmgGGyv\/C4XawGrLHmYQXAsvzRWtkYQ9A8C1pEJGrdfSniyiFefReiQSjMQjid19c4hmJzmQwRDvqs5MZB8CNn\/XkhiUvJsElCjMEe3JMKZR8QJ0JtT1eHvACRmqQdELraTyOTGwLLmca1BNbsFTAmsGWpE005LLcvGEJEL9DMDu+X+l0QJHofcWEmjGqejSeotGXebVaE9t9djwHJxJcL7GwuVcdGgNWuacDxKvXrTM07EBZj5LWkk90YwR4mDlU1HKhggybz0oyJabceZAblAPb\/3\/LNlm09JJfU\/L9y0rlzbtVZ36n5Y45xlVSiM9ebdy8EvlEVdhgAwPTX+rPHMtWwyYkphHjJP1YCDG01aQLRZDOG6RUkDvSyR46jof1dfGkv7o2l+ExooALclITPW968iKG1kTdQU7ods4NzFPvUmG5kTCCVyBFT\/CNihZ+pEg+UM4csny\/qVTenKap00E5FD6rbtG1DCRb5hZRGC0FCNbmsJO5ArkXl2hwGkaAALPCYgBvi5vg9O8g7GO+828txoqN6PVaKfPAkMkHqbVO7h8vh2V3cwQTOUugEJn+RIyRgNs90h9\/xvu6XutcfDZZ+yq0NPdR2ft7Y3Pybq0ntM63xuWknv5PF34kEU6fjFME\/cJu1nBxzme6OiNixkNMcVYJe1+kw3Q36LyXVBcSGQiTJJUYSwclhTCrkSZ22IpI7ee9r8BqbCGXjXrrOr0Mm6hwDV6X0u8ihyfAvgb3QlkyAY6Nkpn7tOXhiNu8rhvodeanG0I+RdCffmJfr4iZDdRoqJHqXQ0n1H2tYuid86AYu9XHPWFb2BiXOX05HmUFndeXFwlS2AESl92Up\/cEE5ZpCfmQcoal8x5\/AzIfVhTbKQevO8LJi+8smWadagvNz1NnoX41I5yYkTcB4bIQERpJMlVyebQHn9CLWirr9PIKGrnahVkLYhhRCN20jfKgtM80ONHZD9e0WaWdevm\/zCiBacnLTtg=="}
01078{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4416,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":813599,"pkt_caplen":546,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":546,"pkt_l4_len":492,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAewGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyDBlUIR8KgBgLMG5PAAABAQgKwtdDUYWLJ7sAWdSA9dP6l2hGNH1MScc+LBfToGcOsV4XAAaR7p7paqFbidCYEBprMy2tW\/eM1TAUSj\/+KZgcBOC4woJCh9RbxK\/sR3Qx+Z09th\/+PGt5Tz4GMzFuuEgmk4nnUuKdhERwiNqPe+J2r+fiqiXRInJDfjwwZlZ+x0LYsT4SsPfvT8ig7Vd8dlhkUXzfEWgs3ParQ0ZRzL30sEn\/mlCdNvjGW+gzzULVpDW5QW2Phd5lIX2HhCvkga+pdoiNryQtMtdyJ8XoSsSOZZtMsDKFUJQSov35Dk1W9abDJyOjIvea6sx1CXM0wXTd++ht8hdQGSo318njBm8YlQJReos58jWIMEuiEIZ8mWmov+du0OvSZcb98wkoJZGy4Zybu\/rOLa3ABSFkj1Vb3rH0Vg23EE58yIoYScZZWy4PHxZdQvSsAKBlBzlcbazWe45kPVgoLxoFu8pErPNpSVpClJOT\/jIKFqIfLJHpscEIPQd\/ucKrmi4sXieG7SK18qYUVqHuah+tNWegI348jnfNfzI2FIogMgeJW5Ln7PA5EZylscaV6op6JffT7Qc+MEDK84BqVVKyRPyf6Tg4CCfytahhmQlG5NA886ohE7a2oCvG"}
00454{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4418,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":813611,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHwoxsgdhgBAB9VH4AAABAQgKhYsn9sLXQ1E="}
@@ -710,17 +710,17 @@
00543{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4428,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":815709,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHwoxsg3lgBgB9QvCAAABAQgKhYsn+MLXQ1EUAwMAAQEXAwMANWxcOGJPb\/bnuwx+2gjxE3DRB+OYnyfDx1WN1ZWWBg8XqFZU3GGEx3VN8\/AD0LZF2XY0KMAe"}
00584{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4429,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":815816,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhH0oxsg3lgBgB9b7CAAABAQgKhYsn+MLXQ1EXAwMAV7DTKicdyIW9oddQezvsVCqOnBsYYNXBUX\/VeTmD0ji7eQF7bJ\/RBzIyz06PRPexQ6SFB18LSfT2xP7JpoMR9WY9qSF5V6lAi73Si+8b8DV8mVSE7oChjg=="}
00815{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4430,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":815910,"pkt_caplen":350,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":350,"pkt_l4_len":296,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ASgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhH6Yxsg3lgBgB9dztAAABAQgKhYsn+MLXQ1EXAwMBAwHGgS8JktvfhJS8HTbLgj6uoqDjdEf18UnkHBBik+lUriT5jTSaDF8DTTSaPFnnQE\/THCeaZwSWe2Qx5gktzbknDzgl0qSZvL43hTnvc6sKMpbI4hoqcvs1mtK6XA9ZTPZD\/qcqEY\/ovDS3gRdB84oNtU0XUs7CLp4pcnDoBjlyU\/UvpAtKVLeacATqoil3q0W2mi13oMQfs9ljUx4gBCLPxau2brTAO4vE6RmkIiawY1S29m9LWhjIgfeu1beb4kX2rd+jr9Gv0KKGJVjV5S4N\/SSfpikfvX0EKrxDX28Qz3HfasQcEZgQU2TQ3cT+WURQcEaaY0Jo4dPdHGjmgnxMadQ="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1605291688830,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1605291688830,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4492,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":830061,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1605291688831,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1605291688831,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4499,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":831210,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+wAAAAAoAL9IM9TAAACBAWgBAIICkSadMcAAAAAAQMDBw=="}
00456{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4508,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":833881,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXTjQD24gBALMF3PAAABAQgKwtdDam3\/yRg="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1605291688843,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1605291688843,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4537,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":843899,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1605291688843,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1605291688843,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4538,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":843948,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="}
02101{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":848925,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXTjQD24gBgLMO07AAABAQgKwtdDcW3\/yRgWAwMAegIAAHYDA9hl96NcXpyz2ISlFxxvyE5\/hkAR+BcsBnhxw1qXKgxCIDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqEwEAAC4AMwAkAB0AIO6mOXa9ieI7g7AiE4RgUaifMNA\/iGPHbvUnXohFrQN3ACsAAgMEFAMDAAEBFwMDCb\/9SXEBCPgNdvwhK\/4ZpCtcyaxgXmkJ0GF3xY7B38gEmOMfWYQCKvhiZqmt\/QfSEQKsSTm0Os6xPMLBHcH5TgF2fy5Zl3qASi1iyf+fBrJdrB+fkdin2J04aiGjd3XgTrWUNfkLZdQgzgItYY\/Ws\/ealoOISn7pxVzgs6\/XNXPXiVhaZN2Ne4z4VQDCKHDwLDsvLTE1wUlr6puadbWBmPVKXuCGQwehVLuaCYnYCRGULZkGxrl4AnCxz1qaqshqCiUgucX+Mr26F0kJ+Ux884AIOXPYb5ncZEsI7kK4bytDHiSI1XkPFazSYKGz16eU8oWpP5M+lJfcRLJKz2EVPTeheSgMYQZqk\/rsH7gf4CvbAfIw4I\/RkTYgaGjq9WnRMb3WM8\/xovsDNeElM2cWz4ihvfZp4n8nrtNyFjlIPoVLeOKHEOv4PJZdP49rga3Vh\/NI04Pn7a6pTLhVQFd24mHJp\/DhI4EG8amwpRhwjQNg3eWKUIWKxAcvSLgKJr5k\/2a+Z94ijlhxbpaY+v7faJeWMVfCQcH3FcFC+SZmRQ5m+KMpTHllqKl0DT0f+bpD2ypOlUj\/gj+oymZa+QwzsNwil3IRC9B9Bw8YYY2al08fLOM1dv71PmO\/K3Can2qRn8Y9HqIGicWEApdQrQYs8aGY+YvJ81BnbhJnhDaLMG0RIBtRNYBUNDw\/08wpB0o00jrj3PKLYZ9fIitUIu7gkebZaNVd4s0xAcqcH\/kK9PNLne2lLlRXHA778aAbJ83j418Fef2oQbxlmsho9bszQkVaA4t9\/K9R4RkT2KToOdWWWOqkMLqqckzRlD9\/Yi+IvwrgzK78X\/aKx3Mjgm61C3TBm0ijCn2o3EBXqUNAS71RbHEvihEmeHuVhYWsI22LC7wk5eNHGzqXCxyE7fnBzbAJWxnvTprcFiL9B1sAoOl6xRLpbJ34vhK6mkH\/hnpHcRYEG26h+BMrpqBw58I7LL5ZQHc04Arjy07INsxj+7zD4gePA5kAunH1nabbgIpia\/Yublz3Ptp6CL02DHAWZEkK7zfVuASkLeXxTkiEmBDyYJkojlr2GRmULlD3O7+NtYTmDYL7pm9bxRdp2VpYeril5PBLyUOeb8NWdfGuqPVxYCloqn6Mf49R2iQe66xv3udU\/+Pt1k5mqBwaTEURAMQrjwaSknkHWdZuqSvv9\/URiU0a1JmRpC2CCKXVTXSmqJP2BcjA4MuKlPE6ChBk+Q888EBadeZMIkb5gI2oXnfzdB59KcUVuM2evyEy23yhECd+A\/Ble3VOsfybdaZXjOqpw6r5v4FxKTDrd+k91erOqMF4DhUnAOpudCewLCwcHAN\/Dc3SdK3HSgEPuYhloPd3wudQvJWMqGndh7npvpP6ApKRO+VKFHSNeG+9D7xdK0fEpiCzLqjLhpvns1vwkw=="}
-00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4539,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1605291688749,"flow_last_seen":1605291688848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"www.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02099{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4540,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":848925,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYZizjQD24gBgLMCkDAAABAQgKwtdDcW3\/yRiO6\/aBss8cUlhED\/+o3JywZ9c+gqMVci4g\/Vj6dlMbUEptOJYAkxQPI6UIVWqvXVty9bpNa5DF8OtCO\/zFlMsbSTQHw81AOf6kFGRRO+w5GMXQHRjJMw+MxyAwb9Aa71uIUUKRAD09tJJteKTv1UvUtAqTXs\/qJAICor5Wm7SJ4Bo65i\/AZg3SEDZdUpAtSVA0xk+I+WyYnKtW9miYtZ+DgJwYGzvvR8Xta3UmTlULrLzAS7533lsMTmKBIR2ltErqCIxhjlBGdgAXkaKQ0o6qEu4hJ79VaIxqskvGJmmHmWQG+qzOA\/TXzdQqHFNnuV9pLZgJT0PHBW644pdCAChDJ\/+mikHuSKFpv5NMRbjfVxdnioW3M7vDxwcyddAx8pcOBeFQkoCqosNW1qPhP86p3NHVPKLTNcZQjIyWUlWHh6vMhWkYdtE5OuVJSwNISaqn2h5G+5j18UWUnp+\/0f+a\/zFEntTuUYWHm88Czv6r0lxAvPdrDKQz2Mp9dW+HNgd8EwSY6GXLJ4+gv8CXW69LQqBdzGPK38kVfxG4PsbI5BLOMw9IAvlijjtfOiKF5hppC6nOLd\/Mexzx42+DSgu+7XlrG1ew0xA4E5W28zWUPWwB6ZegZFf8Zk1rkq5rvtHfITXBP6LIzcY1z5ihvRtjacXreOQ+e7xN2hQ06RicIpqqcr65uoA+B42tkefidkpNKq7+zmFw+aq2qKMocUdfz71IE4YyL8qBagNRvTnh2YDNJ1JfaVsb7bx2fwKPg\/lEMY6zdagBfwQc2BsoGY40CxGGAVi5kUM0D9NSHeBD3g8kDtwFmdlDb\/Kr\/w4YLljSY8F4s0qYYmASEEoj7Xf5nmMmS18+Kki7juoczFP9kL+8TiPeWAh\/DpQhGVJc5tVQiCLtIkP0zIQJ2UHNhF1\/eLf8l3Osrmtf6+5vr7lwSjW8wdpOekWo5F\/vMRcgWi4TLO3mVNzkCw\/m6+stBokLyZaDAsng0ZFE74o21pal2tiyl5lJBu+JSo7V9dTVvYnHpSsok\/IeNyv1Zor0EE3rg93XyL8R2CRhWYDvs3gtqcXbIUlnVFzanoVOMd87JpOBmeVNDiKUBDad8ghkgw3DpBCExP5JSBis5rN+rNT5BjzHSKsWY34uu2XM\/MoYV6TrRr8F\/oR1NgvqqdoRCQ0ywLLfvSD2vo+qyQQArc5BBtLnGlHdyYRn6otCTov0qBecviSe16m93AtsOTC8HvIErWFW6sVEMZvXgzsXTob8\/u5ldSeDUBzk9rH0ugyRh2DRnG9MbF98m\/mQ+s3ZA49sXyOOoV0hUQMVCEysZfr98exSHUlg+5XxRfcpEhKBLEpQ07hWb4KgESPnNTNUNvhfMK4MWoLbvMYbFwO9j8owDsvk8v4Jq64H+bwD6V1F6j+XEU+zBCc3TqPWnG8UPCyF4xK2TkIqP6cxRK6D3fnyUo0La7jNfConlxudHtrWD9Y0fEDqlAi4bCz1CZVeMqpspZIiIDG2NQmQAR8ZHXU4GBT7CV2pwQaKLK9roKNPF29\/upEaW87tPoihq3Fe8GeOLnUTJSmCs1Z2Uwczs+r\/9DUb1GIZULURhUR090QH2fXOuyTmwiepEQ=="}
00455{"flow_id":39,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4542,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":848953,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAPbiBGGYsgBAB9WINAAABAQgKbf\/JVsLXQ3E="}
00455{"flow_id":39,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4543,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":848977,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAPbiBGGrkgBAB8l1YAAABAQgKbf\/JVsLXQ3E="}
@@ -736,22 +736,22 @@
00457{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4820,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":889272,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="}
00456{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4821,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":889299,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="}
01154{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":889651,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBgB+wBCAAABAQgKN\/P3psLXQ6cWAwECAAEAAfwDAznRqrI3BjpH0fMAjhWc3pmJOvHC\/\/j965\/A5lDlxh6gIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AILgo0nok9EKnwiVyB76v1YPllAYprQfO501YUPqbQH86AC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4826,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01151{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":889830,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBgB+\/TaAAABAQgKN\/P3psLXQ6YWAwECAAEAAfwDAy7heESofJEzNLpKC6m4EcWF3nwglvjLt2LPUv7yUvYtICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AINLvbr+LEAbtuJUEM5hwiBTekJnwVlsSGnoYC4BLgTo4AC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAhoaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4827,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1605291688843,"flow_last_seen":1605291688889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4856,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":893806,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="}
00454{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4858,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":893841,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="}
01151{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":894065,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBgB+5EWAAABAQgK7uBN0cLXQ5kWAwECAAEAAfwDAw\/cwYtpk8EY2nFSet6HfhMTIva07YBjsHCyF\/EXCY4lIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEgAQAAANeXQzLmdncGh0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgNH1NsmWXDLZE3tZCuT77ObLFazHLQDqNeh9VcGafUUsALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgACWloAAQAAFQDPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00824{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4861,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1605291688830,"flow_last_seen":1605291688894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4865,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":894545,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="}
00454{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4867,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":894570,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="}
01147{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":895701,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBgB+10nAAABAQgKRJp1B8LXQ5oWAwECAAEAAfwDA7oV79R4wHgRAL7AbVXE9v058PsBigjvSIOLh78hsprPIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEAAOAAALaS55dGltZy5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIDrwMaG6jpMb0YufYlUyECjXCvQ2CIEExX7BF92xG1MCAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAvr6AAEAABUA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00822{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4885,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1605291688831,"flow_last_seen":1605291688895,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5519,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":954910,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBALMF7QAAABAQgKwtdDyDfz96Y="}
00456{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5581,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":962330,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBALMK\/YAAABAQgKwtdDzO7gTdE="}
00455{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5584,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":962332,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBALMP2JAAABAQgKwtdDzUSadQc="}
02092{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963049,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBgLMDVNAAABAQgKwtdD0u7gTdEWAwMAegIAAHYDA90ZPUMr7r0om8G5tVihFIvrCiKzBhOCI9859mw3YafXIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KEwEAAC4AMwAkAB0AIChtV2a6ATPKAA3e8X56CFq10gf8AfOeKvHWI6pc16QmACsAAgMEFAMDAAEBFwMDE+MLegOYCpvURbhKJmT4nVVP4XOKbeWcexFB7tdQNSafHaHvuRDGLHqw0rg8qrvnM+LkZmWhGJW+vesACeqMjhb0QCCPVyA3sQHAQJKOzBQuqEvC+aQzdC820nUf8ZkrBM7KHLG4HL9fOpXGnAxcpmlnFaixjhs1C1QHeSStQ9nWDH6s4o9Xe7SFNKOfr8W8fvKu9OQmrJ44OTzVCioKPx2Kb\/U83r3ZgcuppcifvLbWIqxef3jZ9iHNX+XwP8WGbkUCKSpQ7NcLzZ1g946EizOxYz\/WpxjSzHfYn5\/O+CObAR6eoxglvOdi9CiLy6S0r4SzaaOfOceIqWr122xNKypX0LlYh9VhKZRbM95mRlufA7uQ7zxsY3jw5Q0ls4OrjoG55AjuC\/293vRnM2UX37wtPU0KtggloJUHDBmWlcCn7sVpPlCdo8gGEhRLvHArmobW\/jDlAL6e7FfaeQi4EWvQ+cTNDne7YjBwoTtd0il0ouGXTFIDI4nkVOYtdRtY5Y5PmeqFStsk8T\/QLWVmMTfQI5dyHPEpjbDgQtY3IusHhyRjJG+sC4nWn8fLWFSV2MtrBYIdQDC+0jPeQL72b41PCr6Y7GMcGVcQM8jdQT2AybH6ggM1Zy4dClU8TAXwKqC+mzHkq+yFYHxUCWCVPnHpt12Brc1yc2W9sTHzOgAU5ipHHX0cIaTyR1rHiqvFexIC1j8RvjD1+1yTQAHcQ32fNZcviBgZs2dr18n9nmeIixA97Cch29cUpYqBmJkB5lkuNTi2bWhBDO90SeQ4D8X\/iMYYEuMqRh9fwUuPJILFGibDinLC+ttRcPDf0zSs8j24gxO9wN7j0hAgeNyav6n66Z5vKfATiFEgyjm+MpMCryJBAsBVUO8PZ6oHMMRLVoaOn1HKexhqqNsqCfbQYMrwAfNeb8Slgs2pvPLAFxgpWCbMMB+IU2HKHH+iK3Odbn3eTnayHuXcjoBJcNa0xbGZ3q3F8jpZ6D9twRkv6cjiLeUcslmXwqc08LPvhd4\/nAMl+Y0bz9D6nVqd8zkp5tTTSzzpsWrME6zO4tUSnbB0vtniu2CwKCuM82pl51v07k2v\/\/NH6\/km\/vVNrYNWh3fOdv51DJkDyPoKBuZiUj+QP9E7jNw8NlCwvYgKt9ccpM5vIhO8SmJnNmd5ll7poQrzDXKbI5N0lWJGfCJ3oTjc9qH3g03r+x7Wk105cEQ2kesvjM9DeSy4nXD1L\/OKFAAW\/S1hHLl7jtRnL\/NmuOBlCi372YoQCEvizMrhH1fgfAHoFGyBHk3fGHup8MA\/5uGeLacmQBZLjBodeecTo0ZqlMpl\/WktJ37xubzS6qNLqFzVFXl7XnGyqsfxUqtFoZ5l5YnSlKDspBXQf55fiomevvcLlp5NMOe9l2YZXbXSRa1j0hfE97jl9yAxhMNLGg=="}
-00865{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00876{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5588,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1605291688830,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"yt3.ggpht.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02102{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5590,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963050,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQguIiqsGWgBgLMFKrAAABAQgKwtdD0u7gTdGJDtVHw4EQ3BpYfl2U4PvtKY8GTr3JsVY6DeC+ssrdDjq2pRMAypjpWCd7MyA7hfa9JdWnTME2vbGAoGru6VPlkdN3Mk95Ohv\/iPl\/HETlSv9RBdvCPouschfOCDFCHA6enI4wRjq0pFfYYQWxgRtdvTr9DZb3CKY5X2RHegCOq5d6\/LT6zZEEH70Ix9dc0BVewu9\/90vK8jlkxzHDogatul7aYRE47LkgNMNZvPPZW9\/gIBuFoEwuuFtlZ4e3ohvOQkiCwJm4yn8A0goLWAzHCehGRMYZEomHtXF6hzn\/7pwDB9n0a9CtqmSMRBdpQhcICNc6rsNvT1HCrZM\/jdkBBXf3wyZxYdi2IRUVSEtesC19e+tiwWn97ixpqodwspJtYqJIC7+x3VZbl9WDVm2\/0Zk29Sh6AMHC2X2KeD9VjfyRZgdl2YVV8fHSsL9gZNk1BKXPkFCkHnhlbabw7V8Lm2EhKfNloqZgqVd8Cfz8xi7mTKpdO52mNE8e85ifK\/rcTe0bv8k2w0hRIREi56kAzBDVnqrA1V3\/e\/QbWmrvj4QTkTMcBgwcb2vD1xN19zP6jHm5ZFho5b3S0HsSrP\/Av6HvTAEyK9OvoY3Ffy5kgRxsFIrfpG3Gg3XE2P+8it\/p4ncDuXfQ8l2TzD2OO6rSA6DBVsS9CdBPYpHnksIboZmp+e3TcAheIqtub+ZMuP5GUiTijW+0yZCc59fpAHuBKWCCqOptRjIevnS9b5Z+ycx\/zkVXJTIlrxntElf7+3K8z2f7YNut9+gSa\/Y66tT20lu1vyFtI3rzb68z27DqF4oq46tX++qKB3CrPszwE2Hw91wTAADpGB\/xWS5vjzWc8\/kMq77ceAtgBYeQ2+\/HhpjcZHUrWrHbedIMgtn9tqzzcM4XHwxwjBnxeaceEAzIysWgncv8b2uonzZcp37TBb+1w\/eRCHHIWl2ns5ejLa61tmex0TbuLfIT9ufi\/6vymA\/uOEWG5XWYnzSLV\/XjFt6KjrcUQdLvLfI8H3wsLIWOWjxYgDN0Chg4hccezGj0UzTtPB\/XH86dPTUChHuACPHT35pmvcA2tXUklPfjhvu+2PEPtfYpHGs7mXh8i94hLgksNOA5EBMuAJz9EQc5O6HYWb5QE\/JbFbIbuM\/xf18z8hd9yqDfsoZX6yFUXDlXbKQbhSdSdxFD+4TvKvVhRqBrE0vT8gpypNiyZplLvteuvKuf3VziBxr\/podGznZjq98LAYSdCOzBLhP5XenHxFrP++QRROp\/O8JVZC1NxZ9prWjp+KwW9lQCvAczngYnJcEPJEjK4bMjlmJbdgr30xJhyAvTRbySOLtj25tEqYiR43Xx1Qilm0YKEeCinM0f1pkG4DCD6yVOQcItQHBpQEF38mmmtnw53Kx+YuMHBnrsagDXTOrfFAnnHDIrusEAgLJZ4GTcLIJ3\/RXUWs0XMxlPmX+p+JdjLAOkhwDI+uCEee5rrcLhrVXDJXnGDsAHbTUzFlTB7w+hpXXOTz0VKCQnKKWSA9G0OXRjFOLpBxUgyNE4A6KiGkgKuZAewkq\/UqLhCo+GafjuwYOZ+7amRkyPsHg0fWyC2I9i2sLyuqR3N7Um5M9Sjw=="}
02095{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5592,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963051,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQh5oiqsGWgBgLMJNlAAABAQgKwtdD0u7gTdGwXV+aOtl2GPpDv0nPfBb6YA0YK6Yv54wIkkydyewIQrVKHAwAfO0l5KgzNkUoJZz8HPTDYmwxS5ok9GDorzE2lzojea4saMQQt3JFxc+2kNpIH4LwndnSZDDRQf251wLd1FbEeMNYZn3Cnt39KZlottZkw+WUCpyCW7Hfk0yBiof8qGKg29CCRNv0mIMuriLHV\/290UDAokyJmd59ElmuwMYrKKt37hIHCyXsiMvfmNHzR\/mBqyKm8WfbTdFo8eaMmTRtNhfmNGgkoJ1oHOBkfxlQPfcU\/78r7htezX60dPpHvGoXBYL+VxyccQryu78LRytd7B6GfRM55pYm7zsbYjpaMiUjaYpcau4dNEbPIYaNqp8EBRkZqVb5CnWovh4lz4WmgY79r4cjeYZ\/EtmaBHKNrizL5NNfaeyfEr8aClOW223CjuVe0mjHYEDlA959T\/L7wIVsAaKmHBHOrhp2t\/YH2MVjuO2wa2FYX2o6VXsxiZbkkVGdFQgTXOEkEGyUykOKE887Ouk0T\/dA+FhbbcTx6EQwPPa83IR3obQXVSe3ZEh5BT42QdsfNqI4qHVZuVeX2nO21+829pfmH8IxbaVjRZ6mBBRtyH+Mhp5EFbB317Gmxto08GSA+FHlQvRtdI0uPaXvDPhZJ8eqEoGOxcdHUp7L5UWB08JNWorPFKUVlm8+Rrr9hEjpHTI6lENe2aGUOtTTZbLwU5RSU5Tz\/H1N7+8f3lixq4bq62+\/uZKeiEaA0ODWZ+thtiuI+GMXn8WAZNimidFLlWu7iI3T0RSF7FRmWm7iTqBbTihSM5jIwLzBX0Jax4tIm4ffBYvU2ie2vmty\/8HEfPrAtWopdWoZdCM31v9lUODQ4kd16ioK\/bTxYMDWkbl\/mX9psUYoy6ltaUNSdquMrgnTW4uLXOXYSNnm\/dwSkZQRP7xk6Lz+2pgvL5x3OKjCm\/OD2ggo0UY8xsxXronPby6gP0qRD\/nDrAkLLdlLrdhGufauQ4Qf9jBATtayPF6lRbVVsSzpWGrWqkfuC0g5ebc3Ecga6+oU4ZAFYgGdFc0jkZOapx9NssbSer7lYHx+dpxASWamQoWApJgmFPd4SaVoEFi0+IcCi9pLIjDk\/qtR\/KvXVnYmNsxHcvFM7OPbsb6aohjpqHr3Vi67vZdgI8BbOJYQ7xRb3hw3mHl5CXs8ryW2pov0M9N02wQ040pZ2kULDo+hz06yJAna8E3OvmrBA6O9yz1Tlr0LBwsIEt3d12LRZfI5bphqUHTFKSx\/tAQZ8MOMbW44xvRr8ifxS5JYAbeseizbFrs\/6aLbTVriqxvv7jQInJznVJgkaz5NfvOEJCMUd1iJ\/TTgs5IIlRTRVZCXbfiMkj1VQ5XbeztRpSAuGDAnPdPJyxRHE3kd+I9F34Ru2U2zcaH5Nx\/A0pKsbMAKQD8ropWgu8GPXJZqbMH+u1amXqVtsUKBrhElLE7BxvRwYvqMUYqtBaLTtdZ0SRU9RNvXRulsaoSctuVVDfHRGKbOEs+zBKkSMWoGmOSkTCEE\/3RWEuUfR4VfKO5CcyHcEq6jyKnF8dkDvQqk9dspSJ3wNJozIbru2Fa5FE6RwICPxjhckZzzng=="}
02094{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5594,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963052,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQjFIiqsGWgBgLMBjdAAABAQgKwtdD0u7gTdFm9u5uyV7QHTDRMAzD4z1tWwp8A2VLWNA8i0vqsDrA6MUn1O+174OihoGNtdBBewAVIngQ7AYrM0tkni8sbepKY12MoNgJ+toscINyymympFjJlqAbEU5CBZrI7Q+yRR\/g\/maHizN2FZwi7JFepvI5GAVjtUxnifBdpzk3UU7bTpb3aChavPCmmtQrMhyBLpO8b4gEt6hQPxpW+msVf7aUU7T2P1qq2w4EW7MGyhSOX3zj6etRnl08xddlMlevW377\/LDIgmu6yssx2yARACcqBTU5jvhyL2XVktISirhSu9+XCOPxM3Uh\/549n7axuCrNYAzlk5OfaXYzNd6QWZMijFCW1p7PX7ZWJ54m3NJnXJ4qBgB++vsOyJUIwTfu1EDVXcvayb15tnOpbRlFQ+5OkIdcIKINv4sGzXG7Q+WzwlAVM0rZhBqcMXVfShy9J+MrFq0tZiQRD2LLhQLLyee\/4w0K2BFIlNXjydltP02A6arZnDhhQhkDQiOY1HXVEIb1mvBFcK\/nPkfLSpgYXQ8110kZLH8mrkJr\/yaC4qCp4SOBCSx2f7ut8nc62l7nR2TPvEUzolT\/GdB5QuBLMjkLDeescdjxiwvGLr6g5H91tDnUpBH1idJtTMGCJIRdeZWvupCjTZDkchALykXK8XJEiPdrdme8H44PUKkgjpvkcLhkH2\/wqi+iowktjr+JzfYc35tVb1hOnJ9pOJB2wadmL4x7l+6zMLbWUC90H7+8xgQ1Wce9FskARJAYbqPwLr5VBmAEVTAuur87386QV4LPTmv45C51j++f\/4ySCoDAKOsrDup7FwTPqP9sLbZiu3YFgOGhpr+SgSlDF6AtbAaRwFfNOrEfNi4RiGoCikdVOs26fMCUcRtgnfCc7BpZojpD14sH1qkwN8mPD+lRZZv19ZJORos9on1ITjw1x+gXuY+YGmlNSk1LYTJkmT8bLzn6BMbB7Zoju9nYTa18ctYNlrifZC6MS\/HJu1ZxvKSUcmPCCuAiUlaaMRGZvbXURQBLQe0BgruzUlnAooZEquo2bCQrDRPEjV3Fqv7abQ20yK1mA+8rVWlRCjzcAFvxqB6zhRMB2j8JDviTVwDbuRhxz+h\/1cqJnD+R+MlVTUsYRKdMM3JsM\/JUuTgwDAUSKtfLz1j6zCefyIMOX1HY8\/NTspL3LOgzRNmcVCJqBb\/aJON3QTZEj9NRnMCKBKxFIC+3zUj9mt+X\/7H8xtUYbyJzAGEbyuKm9RswhZxemieeYvgUubiBZ9aSeRlRoRdAGZGzEbKg4mR3meHdGFuIMPiLSi4t3oS4ERR7fd8EJQ\/xeQ\/UiPTDz5WnS151plLFLXzFuMvjY8YZ2wbPWw45VjXzpGOoXIztsGGjh7gbJ2qX1bhv\/\/HQ7\/tVV3ov3N3TunN57OJn1PBCGcDjnV4+VFX9piYnyIuDiObokyGxK1c2tBnUgpvL67u0OFPHvHhdHk4NFIUIimbYGJzSPiH5UVtm4SoR8hDAq59kJe+nYO5tFIBRdEVy7AbpD21HhH62XqZ996v3TsD6n3Wffr3WqTDB0B13dyfN8uZAfJKCwruxt77RI5ec+FDuuX5KPLhwZHl0NzeIdDxQ4Q=="}
@@ -761,12 +761,12 @@
00455{"flow_id":40,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5602,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963085,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqwZZF0JEKgBAB5KX4AAABAQgK7uBOF8LXQ9I="}
00991{"flow_id":40,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5604,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963101,"pkt_caplen":483,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":483,"pkt_l4_len":429,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAa0GPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQkQoiqsGWgBgLMDULAAABAQgKwtdD0u7gTdFZII1M2RSeVmjgX1YISMW6G93g3+DoPB2Ur4jQid9BUp\/5IMsUfc0Fv1Kz8aSnh7x39P+N2yTYwyjxuKXgCN9JJ19DebL+LCOwKLfrfjRUrAkwpnnzg14xHRZ3fFkQNasmUrlMF8wbmox4THb5GTGV1ej1XgnjDdxoAN2SgFWOfX4jRfArYrcB8n\/UWaDDuoV8uM3WYMDgaV1t9ZMaTAVwnhGyuUl93RYYfLroDCPUTaDpDKRNIELA0YwNW2Ugtcs6hAiNfCd3GO73AF7p+N+HoQq7YVx6\/ynojXKAvssyMjUgUIOnUrzXwUBGnuxquU0E8txdippx\/CLa8wihKBJMI4CKUJLLoOFmw+NUqwhagnZW7gMQCfuoEkAyW2UFFNTMl3OvsMT4NyICwBijM4z26RujhqYBj4dgY0chWRrlC+2PhhigehfN6C2mLgnzfrsI32fTeHXijnxvfbL7N0a5whZQNz5uxs1xfQSqVVP7La8iPUPoc7Eu7b1OZ1VEbSf7iIa7QkMJMnFitbZp"}
02103{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963101,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBgLMBuHAAABAQgKwtdD1ESadQcWAwMAegIAAHYDA0v8FX+DnOzldZwH02NGtcuGZmxQHwJgS5BBCnicRIUeIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qEwEAAC4AMwAkAB0AIMqHp1zEPwXs\/Ws7kkKeUgVXXDYtN41zUV8TJ8OtvqxyACsAAgMEFAMDAAEBFwMDC42qSjnRRbxddd4MBfJz\/CI9YCEQ9H59hwSnSPF8XYr5TrmD9cmvsM0QpkLtP3Q\/umVBmn276LDLu0eV5XIEoUThimL\/RLg9vbR8rwY8rPWubT6C\/omkk8IY5D62JcBDBHekEW9aksE0LZYtw5sjtyfvBVW1CPPxBYrNZxUW6s\/1Z1qkrh\/SPjqKpwvE2p68NWjcMU2+UyedSOyigYWcYdhCLYp7\/bJadlVKJavTwWOsonIAOtPhVe15OT81cs3ApMT\/EGFhQL1CiurqHdflEeDmm3267oAJG\/4NIlGIpa6xTMdBP49ZIdGysV56f\/s9UgQnnqr8nc6leqi3DxUZoQ\/oJW2pTAWPbyWkhrHMkXaFXIq0CsbSyfg\/ivKDA87kn91dIDYcIOLSjCvS3xI7Jj9dbjsPqEaOLk4++yr2WuCHOzR\/tkg4KaYfI0K+g3ovBb8guDWbjkkjVojKJt7cNVfNrr3OB6xbrwhis\/QGRvq7lgDldho7cn3Pqxd3SU+VhCvm2IdRQAbl\/tmgVtLX19+7C+em9uRoW886sLTBCjitLTVdC8kD4TM+57xYSlywrS253X8dBk6qQgIJeanghKJflHQ4S17Z4cEH9YNviAqumpFDRQbIVPjpoMfE3x1\/Mf1FtYvPnAIR7kJa3fSkAWq2G44RIpB9XIqEUEVYoO5WBBAc9qQCgMrzYkKG3Xtxkrkw0cJ1kWDjhLi8kxJuHjvudXIqjW6WdLKvVNXHr5z7apV1yYFfN1yLS\/Mfpe0VU9xcm6dkWm8qzpy5D82XaeScN+bpOnJQY1cpE7wCrTAa+kNXtSQMXVIHk91+PWpVP3XhS\/BAL31ZEmY+VFUHkA6xrK\/Qdob7RbpU6TFaLBsnJ8DXQYUHKgjdq3udRt7ZlcG5H\/KsXi9r19ZymVY+hoE7lJY6hqfpdeEUc1xTzjROIalRniy6bdBW6N4X7uk6uHUYUiiguIFTTHz+hn8brGPJBwsNvAfAjSr04mWrs7MndfO1zAvmB6\/Z55wGa7KhbQQwMuqg7QP7kYWRYdts2vfaZcXk1pyMcpk8NFFa\/3hapi3joKKcf6zYLs\/NbpyxYFUZaVOpvTpCyR+vMOQv+wRgGtJ7Go\/J77IvNvM26KdDxgYhMbRoi3rwTUyjGAitp76R6VlX4eVMz2+eh52QTj7368N7JfMfqIB8w6zjG9trAP7IvYv0T1O6t9LwvGzvANTSiLIaEmyFw3Te9OPxxO9zQgZsEjyNGycOs\/MCYXZeCNF+nsTh\/WTccD28\/jc8Zl7LGRvoz4qx3gLzxq8fBVDgGNZgyn+w3AdQU5H9iyaS4UBiVY6OU0zaGp1A+7AWyTUxA3+NRZ7+mHkH\/8B7l9tN3OyrG7tOuXzGUQlchXBMTJBoxier2PfdhHebovPct\/JUnrnJ7dJTqkGL4KZrGQ=="}
-00863{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5606,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1605291688831,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTube","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.3","client_requested_server_name":"i.ytimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5607,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963102,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBALMGx9AAABAQgKwtdDyDfz96Y="}
02099{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5608,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963102,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRwl9My73ygBgLMJkxAAABAQgKwtdD1ESadQdSxaTFHtMYr5BhF6K9L4543ScO2OaA7Nxk1pvQYOEvlsymKEpJjVdpYbU4cLXWw6rbDSjoxo+Hm0cxGI0B0SmHbClmJuz5Djm2Gm6MWP+7v92yYfksuPG9qQzzU5qKKzjnDdv9x83eaz73ibp\/fGaotDZt6t9li4uZtB9l5hY7yhKPei7fpwk\/4cyBR\/9OtLlabHhXXGw0RjnnF6\/ZaC+ZzotswSIx72jEbWx1jUYZfE+\/5cGbFXoZOtqN9oNIsWE+uRo8DYywaAkkl9Nl2+sGNrZBA6xtXiifngnzyyciLZ0MUpTvsZK0x1ymHWD3Cy\/3PfAFs3dt5mVsh3cYCIdzb0Uzk4RYKZ9eIwrp2id+YM2Af1r2qXw1JBL+TitxQtOvlEeWV4mt6LaAp7aEWVRVgTD3Xen2\/NqYASEcoEzLP8UMsucIXX62pgj70BOAqwGdvRKPutD5sm+Fz\/085H9gjzL2TPi6hj+0QLZ0nq+wsXf7fXfqyFxj8HJz0bL6KJmiC\/VkaSAk8d2lKrfATJTJa8\/lQb7guqP24\/p6JjEz3ofl1nN6yA+UQLRvCGgKu0dQZ7WTzpLTOoltseZbUJQ6emOncJiBA67eMlv4yK3rzihT8muLyZGg4wlOXj9nvlcBDBgsWdNieIecBbxaK7AolfpKvQZT2CJU+TLzniyGtifw0oq1QoYQZfpnkcitlK2\/C\/RIDYRn46Yh9FE\/iv4Ni7TR+czMhcvKX0Nn9xMgxGZYJZR7aOgvqywDdDvIhXFNcXPA7xweizHgboQwyttrwa+EPDqCktga9JvTGGqClJURZlbmNDXbFtw0U3UAyIyBaeZqLzE3HCxbE0XhrlyPmqaYeOtiAxtCDbDIzVIHHH3n\/UnCezcP313XG+kMSdVY2tRZr2JBwoPOyxIl0B9txWSsenypgyurtpowEe\/\/yAtpKOHdHXHI2N683sIlB6eQJw7kDxuDqr0UwRrvvQLiKSNvgik9lFnUwYBGuHG\/6M8K6iV2RRvzpCR4ShRjdPBoTubJno648SXkBudoE31HT9JwzO0YmKnit7iqc83zfs4qrZVxLd2y2J2EPFFjCrAOaBYYMdV7tNtGnIB732Q9cbOk37nlM56pjbQ3TDbGAcCsEmW+8dZIsAoxAEzmgGZEZwquYsEM7qtUezGtSO7XA7rhYmCAKRbfMM8xXbwVxXhhdGc60VyXoFb3A9nx+WMjVDzsxAX9isW\/2hotIYaL1vKZfxMces\/Hxe5cI6ghy6OhhdsRdWpw8Czu4m1T3GNMX\/MEkUIwaJKsOxF9YMvNttv9V7OdIB5t\/ub09xdwaLG62NwdlIQqtvpPwJ1VJJo8Aq2RQ9vE5mIDT6WjFxUNd8iy5EGCiFXipGDJuYAJJFyMELvUa5GntrVHIqvLhizvzxsWbt8XeC04ORD9VnmnELY\/3q17WxmGhhpiItsQXlNewzOcJIbTPfeHmzdbo5x5aDjiZT0PM5DHnvKAc5BgvKMp1ED2VR1rkriugL7FG3dUEMP3PKH4vtDOzLs5YGTXnu\/FfPtSS7h0lNXPqX\/OVbOubjWVKxymy8MiYS3\/TXNsBGkBSGwZ3YpaDSuTYIQlzLpW1FkC+g=="}
01375{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5610,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963103,"pkt_caplen":765,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":765,"pkt_l4_len":711,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAscGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRxxdMy73ygBgLMEIyAAABAQgKwtdD1ESadQcZHHwFtm\/00a67Xaxe8sC42DcWT7JHFrsxcupGcs2bBk4tP1NcetWNIbS6kX6Yk6Yn7Pc8GJF5XoL07ox+lbVoD4r06nQb8+9Wy9+8cGz3S2l6TSC46Np73Ya8ZIZjtgDBV9ypfQWLL0gB9R\/UtWTmQsueauMdrMgPoqxNaDxtOtDWZ209hQskz8rQG0gbAdLRAmNwgzhdElKyLZH\/buQalNrLl+tdVn0j90zPGVo5msGCtGiijmd3C+BVJybFF\/QBZ4tJ0NjT\/cHjzNZcUnTn4sbg6sokS6WFhW4BEtAVVxDiRkcA3CHCcF0KkaOdV3Yar8yhsULdb1XfJjUGoG1h+cK\/9WxMhQ2KVhfWy+qSg1Z5bdcBgD6YKFAXtxoUZF9F3Ou25SJlb7iiuOXHeGx6KNHq65NKrGeYIpUsPAZrlRHj0CZvot1deS\/cAXr40ZFdVicdkV3dQONNThzAfSp45LDSWlavxLsJxbUsY+t9ig0xcbqklx+3nLbXAShXwPGQk+hCoYm0axsrGMpysIv52halabSHf7mMoSoQaF\/SsKzgKUnypU1rtg\/gzZIhQrPr1rfdzUnWCJ\/EOWG3ExUWUUIGi7JrPw6ny9D4OzD1+mSpnFEVI1\/WtDxLJgXJ+7qTPVFf7WmSvCRCkIurA6JmfMfT1JjnyplXpLnx6nmBKWmc3mD4rhKNo4+GxiXc6QahhOypns7iRr0qjYNkjTQ7uqQPl0Z4FwoOzEXYzx1bav7c3AE7FCCLi+Lrk6qp\/MAi7ei9KPZr6qh8WSxCVWJGh5N6z0GEZ63wymyUsYvfr++rTBCCW1la+F1r892stpNL2dK6w0gcsqwsXIHO4+cxTFjV+WyNdFziX8ig66Uq24AIoJQU4a1reVpdbp\/zFPbka3hv2Gt3"}
02093{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963103,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBgLMFWyAAABAQgKwtdDzjfz96YWAwMAegIAAHYDA50GuVwxZlSmfLeljrsEaGj3kArkeK0EAn4SMxxc7K0PIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32EwEAAC4AMwAkAB0AIJdGG6hXXcv7dt5D5ui68p1eatv0G8uZdg74LPPbCRw\/ACsAAgMEFAMDAAEBFwMDCfPZpOnl2HjLA\/9xFHuMXS0+FnOSwgR7LN+A+2q053TgsWd1cSWngKEs8TnZEYOSSzBOwrZMkBW6NgLDW+Kv9Vc85X85tAEyn4h+32aMS1vHiXoKvqWOKFqSMlcwqJIfBQ72KDHD4iPxhBPAO8A4qC2I\/OdA4fCtAGfRpEE5jzIiTOCKppRvX4kMthcqnb26JHGtTevgIcJ+KukOdlRr5jvHYHKQg0qYgKFopAjjfWwnzStWVo6QuCJciMgy6FfUnyYDpJcRcYAtrwKVEaFgEJWkfU5CKon8pVvRI1n4g1v419r1CecQb33nptbNakw4TG8EQAu1gXEvAfLo+ZuOaO0TkV3BV2cEBRqczjERA+dR+T\/dagBf3YYb4b3zWZRdHcj7gAmTJqlfGUJs+f7SshgCMsOpd2f64wjZaSaTxItECwetN3Eh1iiU\/RA69jWR6TEkqHOxnfsJSfC7PSsukBTEez6BxVLym3zqKu6WFZ+JBYv6bG40JYN5Cxki7+lm1WPMQ4y30evApY6DVO\/AtcZQ\/2FKhV9UuzW+bTJSNI\/N+fvT108j9VL2cJ9Ru+QloJiCllfXn4bYSSq9g2TvEAaX62tvqlK+Z0xEEf\/xRniu7eJoQYTOIMh1GZeXnMdcqxW1p\/goVQBCBBlyLsZRy5GmZyIIQUJJ+jwNYrldSZS7u3C3pU\/M874UD3SXvkzQmc0VrgZ0WVgcZkazx+513h3D9F\/KtaZRY9+is2WeZ9zmVU50VIR1RpslGH\/tSP5ydqtZRQPJxnpTl\/+rNud87IFjoukCR7codR3P0Qu3giT60xKtzvLWQ3posCrW1RaeGM1hbFjJet6BFPby4eE6fhTK47W4kMitzS9HiIxcLbpGXzXLT0HzqHu1tyIFfvQYN1JoBVXi7zqSjl2mEZluOo3lzUzMOEpOqFS+W9R6h2GPaCt4Z49ebGZcqhXY3QXvCGQ8Uo9ZIO2HIkGjfZhfKrpO1FC059AnZna8Mp5V65GO1wBSXoW7v9XC5l+KsuSiX2r4umtrQ\/4HSP5U58IllHNDLkM3rXMVMOlxD12vrx\/RX9D7zYZh3\/2HuWv5byxO5TjbuaWEtrKxAhQns8QJXgqf0CjzMhqJ8ORRAqeAM+2R0dJzOJorrVycnxOJscZfoFtnhDk9YPBqeQ1JozE7qKAB5EJ3YsMSqbY++jYNimXtpf+IRSUg2\/Byuqpa+As3PdfN6PQgHw4lLBP0krLCWttvZ5KbWoMF+2G314FqCgqIiP3Bp9DDNa+I9Oc6FHUEGyf4Vbn4bRLXvrCswOq7+f2mE07WH6YaX3nPWmaTSa7N8uS0GjNJJE3qZhyvxn0yJ\/TOfuZVCUjbyfbf1Pcs2giwz0mI7204DKo8gEkWm9PFGOIoBib0bOJlh1K5V1Rl29jnadeDzCBTspeiug12Sw=="}
-00875{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5611,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5612,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963108,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqwZZF0JKXgBAB4aRuAAABAQgK7uBOF8LXQ9I="}
00454{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5614,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963115,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLvfIr0cJfgBAB9QHCAAABAQgKRJp1S8LXQ9Q="}
00455{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5615,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963121,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLvfIr0ccXgBAB8v0MAAABAQgKRJp1S8LXQ9Q="}
@@ -775,7 +775,7 @@
02098{"flow_id":42,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5619,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963145,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp18Qaf1aoAgBgLMJUaAAABAQgKwtdDzjfz96b6juxWYtm6mQuMZGF8d\/hFg3V74L0vPGDS5p4n0L5qG69COWeW3iBxWoXQzsdg4veBkzmXcGcV87Y9WCimKhc78oFZhO9YI8m+BRcUHH8\/Qh8RsZuTT\/IU5R76KhK97JczogUXlc5HqHRcvGDVavtdrg0YiwD6vy7cyx\/RWEetvThxJaENmjZUCCdkxSfeptObbjpfD++7OyeNrAmzikQEW9nG\/y+RwxIjpQBcLpulL4WcgXliDfmkWQRplMCcGUZKyvY47nQAjDJbmvkk4ZyxOrXhFVrUO+zFIkCSY0QA0HeQY+Kz24w+rWylo6m4woPeDfbrptNykl24xMRrBz\/8lSyeiCIWwjKqm11QeAHNNs2yLtsEa+LPVSiiqr\/4rvTbn2oUgyXNPmbI8gdclYR\/SwoWnMWbSMKszPbK2qCUcKj+Nb3lC0VF4fG7KPvUtsqcKsvTPcCAgIfW+AsD8L057mDx5yDZUpzAjUQT5DhyqWt+vAohV7CRMU0IpdKCHXszzuqIjgYsFvGum\/xv29apNjLgxg6ro8ORbl7fZNZ2N7OYM19pBQROuvHS7MMe\/IiM5eMJdsdq70daWmxbDCb5JMAc9+nALLiKzqhNcOB4MxFcEiC1fYqPpM7l3yp12LFVK+13x7yxFeeyszAkm32Z4MgbtBSzKLnLOFaU1dzAu1ViG5pKNgWwaY0gLtYtquNl701WR\/jqNPVma8K0tS\/7BruInquj3CbXDCB2juYPYkwSBCN1C6bO19ZF1bh1OPL60owJIXJf1eEMIH1gqKIe9MiNe1x3AEQEq2GLwb3gPL9NpArh\/1k8xaGNUkZJngleRm3qNCdz9GmZWzSTncPMoTqW4kRdxEJuqxV6yfbwR27zp6olajfi9c79qxYJKCqnrfDwUk1E5LtrCRAdpmMeO+IXajXcNypjeOHfJSdY4sVH4N3NqIFm4f\/RazTRk+Bqg7bYrdivsiisIsB0D1NhzfokzDbMNVjN5taQwjCzYfDecOT8sTZwrtBFytTaDVjDC0N0riasNCyta0cQRW9GfsArMyFNQDGS+qgV19ctlKBCFPzQauDfZFP\/ne9DJuxk23Zh\/XU+7U88K7ERQEWCvrJ\/6vo2+cJKLwrAtgkGbad3S201Z9Ns+ngxfItdd31SgUgTISYGjMIcoyf7IeB\/pD1j5MVW2OP8hC3h2rBUgPx5y8z90zyyJacKLP1RJNLbuYcMory9DENkNhymMuyfH\/wWO\/H5JbLvB1vYK2c5ePMz5m6RStY40ueA0aGRqE\/G9sBJUtcVFMIkHc4B2VvxB0ZQCZgjSiy5pwzy0QrqjbboMSeh4uy5uyoo5d36T00GWgssnmlza0dKSHkuGKdPdWuPt6IPguOIDr\/pAEHXTfHJhC1OnRe1pJmSnWghOKGFZtnUR+3ghzQMMvRCgR65cwlUhXr+\/qhDS87BuEWPj2hoNdW9iWhKnaC3Q2SWVfWmuPKLESt5VYQkGQfzggkPyCIwk2UO9sa9RONMHuHJNXR58HFDGev\/wO23sfGgsYd2O+xiHK5IBtGwMAokecyK\/TELOLokEJrwZaAM205GHtUG9NilTlq5RTrAXbyMB8dLcrtqvX0tPw=="}
00822{"flow_id":42,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5620,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963145,"pkt_caplen":355,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":355,"pkt_l4_len":301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAS0GPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp19b6f1aoAgBgLMOzfAAABAQgKwtdDzjfz96bUsmxC081h5ZSDjxYRC0\/vv\/aVDshIdoJf6XkBZrgfA6CGMnWzHlpEnzbc7BqGk5ohBApcWitDvQJDlTjw5de+3Ihck2QENwDH1A1C99dPldt6z7bfhbLeNoAzjfAlcbEjEU7iHZTnGBK5E+u\/EHaxbynFMAXGohBOqzClJuJu+19rl8E\/YfUYDUX70sFkkMI6fVz9PgMVWLSyLEUNE43pLwnYGuSRqgOUJrL5ANkwcYvoklc3cngTRBKFb0tdKeqkLIFS9nnmzg+7jNZYc3US45+pndZTpBJ48U7HT3zpoSkQMHOarKLNSo9G0FVAClrU6ugD3cl0E+6zThNByss7DaYi9sm4ghjKTZUUTQ=="}
02100{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963145,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBgLMJr7AAABAQgKwtdDzjfz96YWAwMAegIAAHYDA9Xx\/CglIgupwLXOi1kaLdqKlqzDVEq4I8qDgv5\/aILBICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQEwEAAC4AMwAkAB0AIB0wxfl0l0reCCYaTsetknwKMBE12qV2j5DVjFAHKdgLACsAAgMEFAMDAAEBFwMDCfNXBxlFM\/4hZrplrnKV86xxS4H1jgUKKByDZD1pOgXeSFB7VAqUUxTo909d3ySTp\/YuXhMjCWbyLZl1be44dT45t1yuSl0cHetyorWyJpfkJHbzuyyZsODZm51PBklBCHfJY23d97enyBncDyi2yxruJQJ37prxsqafiI5ho7vlNctkxB0EPp3iU1asRIc8EBVbddI7viyCXSBeyNAg9MbqyIQAysg8aVPBug\/uVXXV4R+Bd\/fOsLUELLI3aaj7K4Z90g66g0XS4Uyyu4MtMOdqe+czpgF\/ouaApb\/8iVdv5Vr\/78a23NFFCgEbc0k8dqbXG9ZCFQA0xul7Rab1LWLGpGYSad2WwqHCgF+f+7aua020QP3C0fZzrZsLYrRIIlFwmMu4g0HaW5XsjeGHVJwysJUQ+EGQD+XJVNkjOnxyt1OlPtM11NaJ1sarjQr5rrSwVMC6J3bD2RsLAlv+QcemXqy1MrSIBgnH42PELeRtwJoiq9EGz2UgcotKpWVH9h\/kZ4h0i\/14nJsOJHVQtx3zsEzJXMwLYp\/LrtQZ+TnsoAgaJMmVrwHSJl6ZFINaaRrnzcwoiwvO9ShhzC40hm1Ju3vreRgujb\/TnoB21kZwW29ys7zNdZGAKelsC2WC7tx8WAygVbrahwnr+KyIlFzQdX9iF8YnSSJnwMiiLuhU0zMJ7s2Q6gCGUYNQ2CywMZEk3yXdr0AkcE+w3WN3gruRbG0joecxQPodlsoFDWvNNhCULNslj+nN+7DNp8hkT7znXFzI\/F\/0Y9o3mSL0hEIjEvCJl75Pjx0t1wj0SLFavmqOOoJZpCm1hswbwg8O1Bc\/DdJqYTdcmUyU74rvcBq9EOGIzhXEqtOqQ+7GzS4q2VCd+uOIf\/H1k5P2v9awJVnJM6hAsR+w7+sY\/PYGYzkSmBd132ERXYWTp+u+uO83bm2cNbdIF+Uzj6RNZmcbGl7El\/zVDBRrFeuzXRlb+GJMlacg+4kcfYVdf\/icSC\/eEBIoxBMefmaQ4IvgTO7IyijUgkfefAxfp4SSwnl1GJaGLaoHGcTxZZJPxNrD0UbQAMyemhsmEyFC4yyW4\/8dTBTQaKFG2aIaLwiD6E390j6acH0sV8d4Hin5EncFtlShMjlISQpTZOUsCHDPVLmqYgDSe2Y5NJjgfxp+1qqqT7rSzIRkrhhoodQm7wwV8F2lM7kv4vjxj1lmJ\/Ius0l5U4go+Na+o2rMgIreSXEQrBJDwQQ1LCF+gj1wU6\/m2sMn4M6oYmrtfOEAM13H5MQgiNFyv7r8hky5dKtoBlC\/UBuq54F6omwArpUGr5QpLCyG1CUSKJ6UAfV7dHJl+Vx8930LuXk2+mA71vfXpoBrPj3FKytazqvB7uoQR1cnEOV\/aqvKnaRNbtZLLSoAIkJJD1wSP7NVXLtCPHhZOFHkZw=="}
-00875{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5621,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1605291688843,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.gstatic.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02100{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5622,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963146,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8laP1bpSPcgBgLMKhgAAABAQgKwtdDzjfz96buRS+F7fp8hxn1hGstedehWvrxbbnf5sFtMlZkIjGFHRnRdTh48tSHR9xzjhE9LK0pwSu\/dYtdAcLdmNNYnIfGRIydRlAqXG013W8bOqYtXFkhvvTH0AMDSEyEJ2iKwuqoKWqgzyPqdMZGdOm4CHO8gFTbJdW+TL9bv9kHixd1jMetnEdXSg\/EzybhLtPsZgEYBoI3W0Y\/+p+Ga38oo0xS\/AAyjhQKjlmhRzm0slHPti3ef3\/uVXjr92Uu9u1+lq6BrM5bvmhNrddZ3eV24j\/lUS+3S50QXCvQPe55Nr1egbwNJSlW2bsdLA8iaZWoY7PQFVSeqhQleZVb+SCgUSUMWJOAI8mWpOLwtWN3AQ50IsdPERYXOGTBvGQEZb3qwyFO94a5I3TEVWTdwKTomJxi7opPDD50up5H4VpBJf7WGFzyv9i88zoiADzusvktGfA1kcmOFwQmkOVPRilrA84LKkqI1mCnEgHJcXP0um9QVCGyXokf8S2mntzVVSah3\/Oiume7yU7DUi16bjtG3+hacWBGMO2+Ni\/N0gFkx8RKWKCOe+Pw4h1nz\/ZsTqg1jlGy1COC0iQODZMHbrFHUVf1TTyPpWY0GV\/jtizrpoM+CQRp5fbNTMdjeM9QwzZxOen7OYcrRQohprWRosyPbPUlPHvyaUT9XBvcmVKbHhpJ7\/ENeC7X4o9PznO+kwLhMxiuIDVzw5GbYl+JYxUuZodRJAKsnKUh15nXhT7uYOmR6EvMBkgH\/JmH7iRMKedBnfKQhNU3U9X0pH9RE7TJ+Pb5AR417AYuHI2a1OycsJ9VJsXVMIUzhE2WVFmmei7p3buMhei2FBZdrnNpH01gjdDcDg8TVswpEIxA4wpI+Z1xqpYGXa10OrUg+O0OstqI7Z8WBeHrSyh\/sxexVKv0QUgCFTh5QGCPVIGPPfuqtyGnmSxY4ZCwrA72A4ZYfcaLxeZfiNw6An2C2iKBW4EvhEZjVPWy7RovF7LolzSpY0T2YJnDOE8ju6hU0odNvq2h90Hy3E7N4cU4LbJH2M\/BkuCKBIP3oGBI4EnZpJJzqN2O8nwPetDTPjPt5nGEtT\/10pJp+3R9T8RW\/Z1SZhLp9mWZaEnOAS+5FxQJJzMWRbSCBZm+WsoHJ4PTGiG1wUc7zMrF\/LYaJYaOCzBy8o3jERgtb9n\/HIC5t6PQBZvbub1VrbRzmkRkAxJXCP6opcoVDJrALCwDIyHoyq3DPd8phdLNNv54NWwuDqOH2lGbPcsBNjDqEClKD\/g4yXnG9lYHjd0obo+m7ldwBHEuJCxxsrXp3vftYJXYBqF4PZFwyl4r9kj1pMychW\/OSSngzSnew9vZxEeL9dN5r7XDlLICd9LY4URxfmozeeoNQkZ7dWkUX+mhVOP9OsszMfIndovXrqKuDdQrxx9iD+JEXCBTc6rTHua7TEQgNabv4ZSAPBxPGfwwImC\/g5SxfFIlT7\/QS\/92elaiB7qRW4StlS6RSZI\/+UnUMulk63ksJt+\/\/AkNu\/3buShBQqXc50E7ZavxrQrx68ZtLrenPRUaQKteFvxWyj0MvLty4S3W1Z9obYhi+pysFjrn7+1qDoM4q37W8C7GHoFwPoQfLA=="}
00821{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5623,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963146,"pkt_caplen":355,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":355,"pkt_l4_len":301,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAS0GPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lbbVbpSPcgBgLMCGjAAABAQgKwtdDzjfz96bPIEph5izz7ezvMZGFIrlXa6WBEFpLgQuikWGA5oQiJy+ofZfIezYUrEiSgkfiwC93def9fqnLfsL3nibiaPMaGj3P4lu2Ktst2eV899ca5jeu6XXaXgQo54RX4\/Qm7djxnj97n3fxSaIDTzrfA9eYtN+x2bZUZfyl4VbV1ZO8sMitpAtpVifZDuu+wj4MuteCH\/AiJ2Rbq4BUyn202RgkMsZw0IaXT\/2PGc3dduytbXCerx5uPUdp5l4lf9dhteRKTWkDkvAFgTeKK7LVvcT3RaTwnEv+opN0tRdVWTRuipaK7yQ0S3Wd1AVCtzeZqIyh2Vce2sWyV7YBLOaBpD2MTQJgJrwvxbU3LOuUdg=="}
00457{"flow_id":42,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5625,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291688,"pkt_ts_usec":963152,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/VqgD6dfW+gBAB8l5OAAABAQgKN\/P38MLXQ84="}
@@ -795,53 +795,53 @@
00455{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5645,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":4303,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lbsJbpSQcgBALOGENAAABAQgKwtdEHDfz9\/0="}
00455{"flow_id":43,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5650,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":4726,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lbsJbpSQdgBALOGEMAAABAQgKwtdEHDfz9\/0="}
00454{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5651,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":4726,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRyb5My74ygBALOPCMAAABAQgKwtdEHESadVY="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1605291689408,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1605291689408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7094,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":408040,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="}
00468{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7110,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":433785,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="}
00454{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7111,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":433808,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBAB+4U5AAABAQgKqXTzLcLXRcs="}
01147{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":434011,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYd2fOnCgBgB++8gAAABAQgKqXTzLcLXRcsWAwECAAEAAfwDA6RBXFL39VgIijsWwJFOltTc3vBqkkKxNvmogVMM7+5TILt5Vv+iuY3iWQRNNnRaBO\/M2VarJ+AOmhROa9hHR21oACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASZ2F0ZXdheS5yZWRkaXQuY29tABcAAP8BAAEAAAoACgAImpoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmamgABAAAdACALvUrkozxMntRnju+5MswRTyImrHAw8nJkdOYI+WcPaQAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00841{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1605291689408,"flow_last_seen":1605291689434,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8668,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":577974,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cITj6OMgBALMHnhAAABAQgKwtdF6al08y0="}
01863{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":577976,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cITj6OMgBgLMOTMAAABAQgKwtdF66l08y0WAwMAUgIAAE4DAzbEcDzipdFJow9Sjt3Ol1\/99I+f0oISr0qo+zF3ck85AMAvAAAm\/wEAAQAAAAAAAAsABAMAAQIAIwAAAAUAAAAQAAUAAwJoMgAXAAAWAwMK0QsACs0ACsoABiwwggYoMIIFEKADAgECAhANHffE8Agd\/Q1A66O6NFNxMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTAeFw0yMDA4MjYwMDAwMDBaFw0yMTAyMjIxMjAwMDBaMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtSZWRkaXQgSW5jLjEVMBMGA1UEAwwMKi5yZWRkaXQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+maVKOkGuIpLUWBcrOoi0zOK7ui1z2eaWzzMtForAMdGnBV+IZaQtyQ5++Gfv1TbOrAOKUntMp6luNeClruZSCzltfkOpk9eHJ9XWEUPrpFFCLbBVu91sl0EYvdWsplUlEgilO1zdDXr0UiyU0ptz14arWfA79ESEjl3EMIcCgfAumn5d9uOQEkbOWAogF0Ed53rsoVVQoW+HVFVqdUlQ0boiQBdec9lKKDB8DbAEfdCC45zVjGzA8Hhw4fmx1l4AlDqP2tLE2qNm2GhXjctrmexVjFG2t4nyihXllf92wvsEEGRZ8X9pxVJTd\/tfteIXPbe+u5DIE1ApPYcpfCBwIDAQABo4IC6DCCAuQwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFHHgUNHngFL7IxRlnUOnjTGqVmkmMCMGA1UdEQQcMBqCCnJlZGRpdC5jb22CDCoucmVkZGl0LmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj"}
-00886{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_tot_l4_data_len":1773,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00897{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8671,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1605291689408,"flow_last_seen":1605291689577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":1565,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01874{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8673,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":577976,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ87doTj6OMgBgLMLNUAAABAQgKwtdF66l08y1lcnQuY29tMEYGCCsGAQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2VydmVyQ0EuY3J0MAwGA1UdEwEB\/wQCMAAwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXQrSzGvAAAEAwBHMEUCIA4cEDk5PHlewpHzj26HOiQYpOqP2omD5+Ok3XvOGjvLAiEAscSe5jGq7+A1eA9CosURVXiFG10O2uG7a3d0exugn8YAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAXQrSzHWAAAEAwBIMEYCIQCxbG96NckU2JDBIgJPBbdq8isaryVs6CFbEIVpmICYFgIhAK4\/cwv3QOvL6\/r1eBSuNjH8ea1wkWPPafYHa\/T2zS4cMA0GCSqGSIb3DQEBCwUAA4IBAQDJdKHctElcuqyCkmp8mpTUGkGnB3LVzx6AlsMpQm1P2E\/FO7nlknf9cCDmw9zsWs4Vwy0WyWm2VITQHFibHvPRL9Dqdq57g8bbFomQLOayWwM4ymsEk1sOwkg9GmGUttJoxtFhWMTaKNgiwa1KzMnOenD0aOCisNjqYwuAwjXNR4prj\/NaGsDOdAIquq\/5ysyZ9ZTflWiVnQbilOt4e\/blGzRhaSd4gTYdYkgV\/84UmKwjSekYiL2ioVV1mVoDRtSfMV9CdwjyekkC849Oi21tKfCnsyl+9Ipp3oESKGdNZ5966KOZhQo0yght\/ROeeRQR8c5vS0fKeKnkHGBz240cAASYMIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIgU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANyuWJBNwcQwFZA1W248ghX1LFy949v\/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83nf36QYSvx6+M\/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bdKpPDkC55gIDvEwRqFDu1m5K+wgdlTvza\/P96"}
00454{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8676,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578008,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo4x2fO3agBAB9X5yAAABAQgKqXTzvcLXRes="}
00454{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8677,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578012,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo4x2fPHygBAB83pcAAABAQgKqXTzvcLXRes="}
01869{"flow_id":44,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578047,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ88fITj6OMgBgLMCvaAAABAQgKwtdF66l08y2u3Fx+VTEM6DkHpNe+L9MLatKx31\/+V3RTOzWA3a6ORJiznw7T2uDX9Gspq0SnS1iEbZJLgcPac4sSl0iQBEV1Gt03MZeS6M1UDTvkwT85Xi6481x+EI6GQQCNRWZHsKFlzqCqKQlO85fr6C6rD3KnMA76x\/T9FHfDpFsoV8Kz+YL9t0VYmwIDAQABo4IBWjCCAVYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wewYDVR0fBHQwcjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUD4BhHIIxYdUvKOeNRji0LOHG2eIwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQELBQADggEBACM+30vSMUKltn5CXBpEzGnRaLRdS+AEIWxL4m3MseCXj6ZTCc2qKmXlOU8eg6VuXJiiJCbm+6Htk8cuAsZNSr+wQt942rOo+W3\/IYVTNmBMds7sONzWUYDwxdbl1E0nZKubxz5x+0iXuDNtyRMH7paiGxgV9lxMQO2zwuz\/ccHjR\/\/UuQC0N0LaIMnqboruFAaufaJZmIioG28t9PLJFF8mzyyNfu03wKnVObmCvxkM6jSvACFo+K1z4sky2jglC1XTmh3waIbtLkE073ylUB2\/OvnTwQgM5u0eilgl5Lh3rS1u9VLdtHSPq0kunTuTNCgfeM6U6se908ltHN5cMvMWAwMB3xYAAdsBAAHXMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQPgGEcgjFh1S8o541GOLQs4cbZ4hgPMjAyMDExMDgwMjAyNTFaMHMwcTBJMAkGBSsOAwIaBQAEFBBfpnqACJ21J581zoMLQ4ieo8cNBBQPgGEcgjFh1S8o541GOLQs4cbZ4gIQDR33xPAIHf0NQOujujRTcYAAGA8yMDIwMTEwODAyMDI1MVqgERgPMjAyMDExMTUwMTE3NTFaMA0GCSqGSIb3DQEBCwUAA4IBAQBY+1SnH0u3ho+Y8niHMzRj8wWXBoT45DsNzWXZsZidgbnEjA4\/L6gnKwvitI4d+SX6Al6xofYE"}
-01155{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_tot_l4_data_len":3997,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":399,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
+01166{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8678,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":10,"flow_first_seen":1605291689408,"flow_last_seen":1605291689578,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Reddit","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gateway.reddit.com","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}
01159{"flow_id":44,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8683,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578048,"pkt_caplen":601,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":601,"pkt_l4_len":547,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAiMGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ89goTj6OMgBgLMDSEAAABAQgKwtdF66l08y2MeNOajMtxBxZ+LVRuvUxmRODoEmjzZpUwTQHXVXdAaqEqvizNUSG+LT4vLrN7\/K4TwkEU6rRjdvl7TGJTrtCTMr2vchF3+WWRcRrbCxS19I7FpLOu0+uRp0eAJTMGW1sjp2Tl1N1sPVLUR76tvsG1UZjWq6EozImj5ue5\/NjN5pIuabHxZABwArW3iblcTRJthPe\/eXEt+vWXP7bK6pfiHfdKhr+WbtteQ+gSEhA1KkKMKnmBC2LheG29uhxtvvQ3X+xQV+7F9j4WAwMBLAwAASgDAB0gdfzHLPAZHR0tU6idUbWdeWhmleDcvOQ0xlxqvsq1k2cIBAEAJVNQrCbU7askIJmKVQKey4LKSvPWJWm\/qUrBrweaBqbT7Cr5gZvqHBU\/mFv6fQKK95vzS\/E2+F5TR45FkOs1KCwmj3aTK2P2FTjidKcmDyq29+w5JgJiMB0yE2H7MbX6DgZdfqDOhhIdoFp2UVKrWt+0QfGy\/c1R1nUH8Fn6SQtT7zH4S6DAFwDfvv\/ZnJFypcwOeTHdJ8ikpUvRXdcvAdnov2uzmB0\/d3D2RE3KK9vq2IGE5+vQOBbeKbiXK4ptDdJwHa7f0CgP7qUEzENKosP5odm\/0vXhP3XtBElzujVdYenGhLYA6UGZz0BIJ02\/t7g3aStdyZX6SGNWhNKk8xYDAwAEDgAAAA=="}
00455{"flow_id":44,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8686,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578053,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo4x2fPYKgBAB7XZKAAABAQgKqXTzvcLXRes="}
00455{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8688,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":578060,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo4x2fPgNgBAB6XRLAAABAQgKqXTzvcLXRes="}
00583{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8757,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":580568,"pkt_caplen":179,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":179,"pkt_l4_len":125,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAH0GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo4x2fPgNgBgB9ecwAAABAQgKqXTzwMLXResWAwMAJRAAACEgXdr5tAznIsP0ZYcFVU0Vp9mW5dinaB\/IC0Txi4uVK0MUAwMAAQEWAwMAKAAAAAAAAAAAYObURD76P7BRqmy0nANK1AwCnpZf9yXzOJlnIkFwHnE="}
00591{"flow_id":44,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8759,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291689,"pkt_ts_usec":581165,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFAIMGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPo+l2fPgNgBgB9WkEAAABAQgKqXTzwcLXResXAwMAXgAAAAAAAAABu4ekuHoVU7jS8MR7sSH27XAbRL1e69fImX+DRf\/j0WZSraMLPQfRpqZpC6EyneH36Ab4Rdmg5rWFB23meVfCGPLJ5PocjEgqrduJb0R75yBt8s5nrqQ="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1605291690373,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1605291690373,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9080,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":373466,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2UAAAAAoAL9IFr7AAACBAWgBAIIClRf7UgAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1605291690384,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1605291690384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9081,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":384370,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDEAAAAAoAL9IAqWAAACBAWgBAIICgxmJysAAAAAAQMDBw=="}
00468{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9082,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":396189,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="}
00455{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9083,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":396234,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="}
01152{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":396643,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBgB+zbbAAABAQgKVF\/tX8LXSY0WAwECAAEAAfwDA64SJmrzxm107yvjOKaI1Pu1cjYSBc\/95exz0rjqcLhjILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGAAWAAATYWRzZXJ2aWNlLmdvb2dsZS5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAg3\/\/2kWIRuw+qhxFZZt2KiDOELUjK40mC0jcHETc2SkcALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgAC2toAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9084,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1605291690373,"flow_last_seen":1605291690396,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9086,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":402898,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="}
00455{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9087,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":402927,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="}
01150{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":403285,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBgB+\/ThAAABAQgKDGYnPsLXSZQWAwECAAEAAfwDA4n27fFOQ6rPQPzYRqsTa+ksdP+rX8jQfVLwbnF3RpAXIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUYWRzZXJ2aWNlLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIA4zyVNHsOh16GCQNKxzMVItdEoHGWpyv6xL6OCprXNaAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1605291690405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00848{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9088,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1605291690384,"flow_last_seen":1605291690403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1605291690405,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9089,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":405354,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1605291690421,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1605291690421,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9090,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":421002,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYMAAAAAoAL9IIEIAAACBAWgBAIICl8E6ogAAAAAAQMDBw=="}
00455{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9091,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":433317,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl8+kr1rgBALMLNSAAABAQgKwtdJs1Rf7V8="}
00456{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9092,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":440083,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOqbsp43gBALMOOjAAABAQgKwtdJtwxmJz4="}
00470{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9093,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":440084,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx++bDteXoBJXgLoLAAACBAV4AQMDAwQCCArC10m3ApQ\/AQ=="}
00456{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9094,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":440123,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="}
01150{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":440589,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBgB+yZ+AAABAQgKApQ\/JMLXSbcWAwECAAEAAfwDAzHDxH8OuokaXnmRWM2CrbjAfCHYM2BC4ANSO6awxT1HIBoNB1TgmMo5CTve1OPkdOp8A4hHU4yRFabWOk7A1qHlACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAHwAdAAAaYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIEwwmHcuEXQApsPC5EO8tn5U4uHYbi4IBrp\/HgLH72EYAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAgoKAAEAABUAwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9095,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1605291690405,"flow_last_seen":1605291690440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02102{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":448852,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl8+kr1rgBgLMByOAAABAQgKwtdJulRf7V8WAwMAegIAAHYDA0r6gcYIu098JiVNcf+9DKSZcT2Q4AlO2\/mrgJsvkLHYILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqEwEAAC4AMwAkAB0AIDqBN6Hp79eKhjl1g89WffEA2vKdE6XDrAUovNBrfAMiACsAAgMEFAMDAAEBFwMDCcFRWqCm1+iB8eRWeD\/ZnA+EmsGTkuRdryVBcYXun\/eFvJ+tgQu4AEaHJL\/xhOlTrOHIU37yIGg94ncDKxGFb3824onlLJjEYus8Vv9M46LaHsHbs9XlAcVDSC5LClhJ7dbxVJqIrC8649lLtxw20Zfb85BgY4pg6YXWXX\/bCPGtnj+ko4niQo2C76uoj6b4A6sE1Xa2X\/se1ycku0uJMeLcAgjYkQiMY45V37EgDCuWpSzH5mTbr5ZxCyVa5u31jqOQXgzop9BKJSyFeu\/P12YOEkG4+7BM3+Q1QXICnGwUGjsuvS\/rAamiiG+KT75MPpXFk0zdbOO5h7kELAvMMfg\/u0eIvnwzF53ChvPNPTD3Bws+k\/9JxEMe4u+e9ZdeQpfdRXVQx9plvoWV+VXZM0V+yxOoDJo+4AEdNnl8dPkwLWrNMZwvUiqqwTkcvMEoeT2LbeJQ+MVQAPM7Lh15ofFhjCoVa8CLEE0L9aKPkmwTei35kKUgz6N3auHjYvy51Xv\/a1lJKWOYsbMHV2\/mBfkOStZYYAFKW1znc+dmUdUaSkPNYMl96eCD5BDpDVSMH4\/aw3EuTtFzxn9TWo\/wKdm7SqlBFSf7VsP8XLdWcHtTql\/aTr1HOm+tonWgSfVlZSLKWZdHMnmLjbiRln90R5OQO5D03VrXLVBAmoyqKWzazGzttVPHLgX+n9C3sJklCZ\/T2ec\/ZElPNuKuAZ8PVkvTg+PvIYhe8pOMqmOoV\/pMT8a1QpMi\/eVL0l4Sfl1VRlKJoGldV8MbCMFRSzhrAKqW4NbME5sYeHyuiuOlO9RVqIYxdvlej2oa3Rd15Cp7\/Rbql14Ebda2w9GcVFvbuTd0yb1PRTteHLd1bl0WYhqwbeTzoEfTZjjo8ksmxIbBineJYENMUc3qd2kKVZd1+5Gy3i5ZpYXlemOfFbmoGOqiJEgXGBYgQZu1mK2x83XlHUzGd0Gu2ZrNeA+FBFDv3H8BaEzpoJkhnIQhVfT6HFHnqWmbuLIO3lXcWWLvU3xoEsDPvf4jmhah5IqrPAE+1R6k\/17ac0LZnehQ9HMb\/vJFAxeBbLjiBtZExXPJJYFNZ2rohcRsTwYG\/jFdqQXudEpnPSizRtRnqY5J7IgZmX4V3SIHFAok9PqN9CIGOnuFaWD9vqfVn70cYPT8omFoAqSCflxMadUFJ11GHY2kSQKrmJ\/kOB1LCRLP7t1gZbX2NX0tkhoioCWC2yl2slRbnOAIjFxwAw5gtnsla5NReSxMw0XxI9EqpCO2Zz86Xxi\/QCb48QCqBMEgXYTQCK4BIG6Csy6lCbPZ3wCdT9oFvVJED8KcJlnFQx5JyhI7jkgJVQTZi\/vz54ZyGjqNygg680RQRAg5zBOiLNBRLfbsW9tHxUdujWdNL\/7aJIyITEvL\/yHSl5esuuzJZd6KHubL0w=="}
-00877{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00888{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9096,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1605291690373,"flow_last_seen":1605291690448,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.fr","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9097,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":448875,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6SvWtbO2MXgBAB8redAAABAQgKVF\/tk8LXSbo="}
00467{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9098,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449108,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="}
02107{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449109,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOqbsp43gBgLMP6lAAABAQgKwtdJvQxmJz4WAwMAegIAAHYDAy7\/17WiiRblDSpQfOoKBCNx8tklS2ncQgRI6\/e2r4UiIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYEwEAAC4AMwAkAB0AIGMeaissDij6D2XU1E\/g\/Y7F93upHQhVfHmiX\/zfZWV4ACsAAgMEFAMDAAEBFwMDDmdH6bvfNg6cMAFfiF+P9BuvYpKX16zf3EVvI\/Dy3I20gYyAYQ2SS4m+Cv+x713p2duvTI1Vwzh4v4\/ZSD8C3AOJlula4CW6RNYnXzu5kdvjoWB1YCZXT1eeu0+uJwIeBcokQp\/\/puxkxDooaln3NTvgtVQN9JBoCulqvpxm47Vc4bPHRSeC+PI3asSAcc5C4SWQYKdVYYPSvHNh1X1GGAgysIJiLpD08G91kisgkxFY0TodcFGChpHfLWdLYUpF\/PSjpkEfw+XvgdIUNyneyrfi2hmO2nfS7JaVALdxHuhbsJ9YjdMXYV9RjL6BSIh0N5QMrkFEEFmEqcL\/tfaP3LxYKTv3Q72XLhjBeRZi2DXvkEIBpiXGE2RQA5EkD8ZdrD4lDZVjRzE+OQrQ9Rvn5z6kWftR3SrPnAZEc+\/z6S294b\/kACtvrnXntvpaDUJsoQvIWhmeuK6xdmkaiYMpiOAqm7izHf5BfPJAa0+NF9Qe4CTGMgPymvMzpNeNVZ\/qITRJP33dMzgS0UOzm8SanXYiOTf3QaYMKjG\/ZqIfRcIESqvtaAqtpg3w9ME1B1VLXioFgBR8vVXyhMmhKFRkR0sMtvwC\/acn5Y3Xp\/oEpRdO1Kp7QWSXsvAUqDJPzNmKH96ttC08vxMlJcd\/HYzFAKDcR+mqFXoXxwLMkEGp7aMdx2\/yVxJLeqyA1jWh636WuM3S1kP5BHtuFBpRPChocCfM2MrkGgzi3Qrt8m4THAJOahciYqyWC6rYE1JsLUj\/U\/GkteLcThYToH01mUFEaQFuJj5UMcyxykDU18sMpsKYMLGZO\/8U\/cOHzdGf9Z7Yo0ZUQfdN4CBuXe5v2jPRiGdoeTGlhbIo0q1Bq8HG5EjHw\/624zkSvQ1L0Rhy6PV2mtObnRwGcyj5zD7u5Ogo7A87+7GlX\/s81J7oDAwqros0AHnFRdyJrvlGS\/EnrrZreXljifO5kb+YGeZ\/A1oUtK2JLB9WW3Mk6x4uZl0sRt99FA2R8zjwXshGGtZJef2uSY8DKL5CmU+jdCPgH4C4eRriJbgWYkbqYMtZ86HCwiMGaZi72Kw0gZXtYHXIQvjSOinEo7HndOiHkkQGEC8Y6jYWwIRGDiMe9fBE7SUgVcg6ntyXVKpXJGkbz2KuwJ\/2TA4yXNWNJb+qyMFQXkZny5NOfvb59bMVF8p9UbZA5PxztXLC5gI2tF7jIaWhTw9fC6Fcn3rjp2+yOWbjUnBORY1\/P9kn1CxZLZavucJDPz9VMHCOO\/\/p4YuDltkyHcnSp3+0FJ+fSJ71kuyIxiE3uko0XhThsVS+t3mQjEcLmbHPzSw0HF76FQLkmxx\/W7A3BYMpgx8royJuYvqbSlEVQGTcr080kiCVZHBCzPW4h5h8dDhkbOwbhoaRdM4W9B6f0PK2SK2wiUfZM9H4AkFsRg=="}
-00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00889{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9099,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1605291690384,"flow_last_seen":1605291690449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"adservice.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02101{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9100,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449110,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5PaKbsp43gBgLMFrLAAABAQgKwtdJvQxmJz7HNBR9AMmspH551sSIoU+FjxN+S+BvT3i8aoaru9hk77bmhzwPHz\/yctJfEfXDsXE2sR\/cr00Lfah+FriDEzT3kwZo2DemOP0J1zjysVAnwrwaUUvOtr+5LnXvW2j8nKoyK5adkKR2Pe5azOaZXVjfZE2hR9y851wHKggUAFJydWti9jJn\/7ByZhDHh2mS8+QPnxkJxr5zg3O+Utd9mtLa\/Mivm\/d6yhjRh+y0BlC2\/7R9em7\/VGeo9x8dAomg8j3XWxnSmMyO\/\/cR5Y0gPEiiq+q5NcdmplLPlqd9LVwyNxTHWkirjz3FlfeBFd2F4eQ2ALGre39J0B8+kWNVXXyfrf7alwI\/qrYg21UwONAIZQB+kEwOjpSiIVkGDJPAc6ZYhJBQeY99+C5E8NU6\/Z16STEP1KJ8u1r7XE7\/mhzoSC+1s2LHPSA0lIXKiNGFg7RGZWtNyTM63cdiQ7X2prvfg9phRcVmzPiyHx37g0gNpwtjz4u\/djXh3+WyGbDvJ+eRL9QcRZsYSkcBMCprkPhc8GDtjOWNX9BRCf9U2gsehsBcJJ7+Fm2vTXvE6qbrFr5CE0+DhbWXihl9bZ9yS3yjp3CAk6yEqofmw9Y6YTZpK+YpyvYWO9jcM8oky5GrWqbx7k5KjjVW7FTXggbyOVIyCDGYgjXC017an\/7f5RHeBiQGm3sRgHBIRPl0QA1TRdrsZCTzhVXtIAsb1Q97wtQTWIJ2\/kEBbd+HTseXodxCHGMzvMWEAW8bJbRzui4U0y+a4hV3QAYgyLdRwvr1KwlaTrxq5TtpK4PBIQ4dObSIu6VsEla6PRKSkIFGR8vnZLOQWIWqbRIrS0figijxwU80Hb6jJpT3eV56OJ+oho8CaQ\/dbeA9\/dELpYdcPGWko02w+oOQrea6HMIr6Kt7W6pXQ+EJ7\/fojXp3i5pvBKiSkb1LSagQOV++mSzjPmaXVnYNUVQAYKpNBUFwzrRCivWKtyJIyzWqTgPOiD9gbLjxiFAWCQJ5jec5ToHv5Q8RQ0O6HWiGwjpPKm41oII66Jnb3XKUaGGsTfumn4X3qGsyj\/dBV9ULZBVqMqC1HUVF1wHnNIBFT0aaqFul09ojqn7dSvYPxKsKnEgTdspXKvUFkKrRSvqguoIyhJNx33PWge6EbpKUk\/VwHZnnCbSRqeqTMiYb4cUO+FqEQiYB5I2JK9JexFh620OTwQRt3vul3zwevM3W56ojxEwLjO6BN7PNPwBrf+M6T\/ygfDSV73EedWEo8\/3meCUCDl8izxslBR5Y2+ANVQyAGCR8TGx91x\/wZQ4O04n1v4bmsBdp5SJqP1K9tRXaNqxhNTYrKhn7rhOPrOShXCOIhoEGg\/658wARYHPPW8tJ7M1ZVBA2lxrQktW1u65dmmvFvR54OzO3D6GUp9CmP3PdwuouuSmtkLXerGXe6ja9Sz8R80TpAlJEgzggpfpHdjaep7GfFcYdQ4rSagYMLaddLKwnn3vyAZmv9+L4\/e2y9Tw5Wv69PZkQMlQeQ+xA3eI6+ac6dfbX26gRdjhvULcVs2sZy5EbbLp\/icaIj08Ydf5K0F+gYuyOM5Nmx9KgNGCIy8vbnh\/yoF7Y8W5UiRfG9g=="}
02103{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9101,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449111,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Yxc+kr1rgBgLMI\/+AAABAQgKwtdJulRf7V+sW6T5EprOWe81YNFl6OWXXLXWlz4pye2aVy9hb3z3TXBBOd0F009VYbl6aogCrvO67ej\/2odmnNT3AhGzbJbgf4TU81B4W3XSbFsi2Lkr0yBCGxWZpgFBZ7UxicSsiIHN7E\/pGk2cQCFlq5QyeocfQtXdRsAlGE+Wh\/ZJDWOH8daegj2q6957MbQdCvMbLT7IzVnyWmP6+8jZEtwKxzEr\/sZl5AMkmDWi68LxXHiOFhTyshVQPJUcvdtM4tNk1JX2OllZgYLLLoYNqSwTsfB6sy6wTeaQrsEb6jjh6J3\/M8TX+dRgIJH0xozd8oRcrXUUPAQs5QTE2daCYBWDGGKLX+mL\/GBy7OAshcQII5Yv0sDA1OPfJUFlh0wFD\/Pn6Lh41SETrxxY6\/6lEBQWtgVzNQtGV0ubqS3Vwl1Ag5rstSHKlC1VBv1W44oyG5g4kcH2n4Et4xAoBWXb7EiPA5p2GVPDFLUyLMMJLn8ba94uHjKnovPFYZm2075xPBTPh3njWJvkdadU7IQ9ssDFcyFNkX1Ri\/yF3tsBhz3h62JjWwgAUIQu3T9rc3\/4psn65r+BWTmUeSF973till\/uXVODD2JsItiN1BaFSSfdchV6JpHu2JhGWOqEEhkdkMzSP4MO6b18NfLGSeu9XH0y8bIj0z0CaFpyyi098RdJYcgsFK8LVaXK2h9ZJn6sxcxq7lzz1X7+FTVt7x2ftlNOGJASdcmDTcGMzbPZ+FGXQUrH8HI9ym2bcmKLSoFykZIHy5ju9Yc8xLuGbzfo77ACfjvaoK9qW1mGBB\/RCTuUYFg0DuygG88hdtIR0OUdHPJBRls97PJBZEnP9RFaJ3LkDQTShVqIngwUjF2GXtdlf0dvjHcVlvrsOEF\/5o34QUnqKshihkp1x7iLePpb6r9WJcs6UzNv2+0TKQAAjV78rHhI3oCnNq6DEotVg8zL0qXbSL\/gPAzKgNEjWAjnxh+NlcqUWl3m18uuV\/1rUcpmjarRZ1Xfksgv\/NQLl3CS+P01yU8io0FWFaeoXSX\/zzZD7Lm9fUwFhXbtTgDUk+084aLDJy6Ns6K1LMrdMIMAmZLws0p7RTxRe1LNoPxjhKCzhgZnbp8X\/sZDhwv9nVPiVTmqia0VsRKn7sdTXhrS\/wPXIQtxGLj005XZY5VO6t3pEloOYFWpRbXxRDKYH8aNt3g4nvsI3pHfOunqYti8sn30T4KcoIDHBcJYk3fu9to3zc41QMN4W2QcF\/Ly84ZxlH7\/9yDOO9Fx9xeSGiC8aQ6syUOOAff7insK4PnT361vWydFXw+\/rXIRXorJJFFNSd73fiBfa1DHnGxS1nD50emLuHV2yfxMFmY2K29+Rx1e\/6YyRBio\/xgmRlIMt2cHD1l+Ktbrg1iO3qyV9EyjMv5dWFt8t5DoSRva3vSgDCZSoFso9uVK6qLjzWSruKrRGLMrGxyZsBn5VxaQDICc5JxDWO1B4K9i2oKmPtAk0hsOHq1XM2Fug\/GZ3ma8iullFiHskSu\/AFLIUe\/64cRtyaR\/PwttobuzlXlejgWELPskQNOMztRsh8RQdlinlYBtIWovfW\/zAxUHqg7M4PcTihwKm8JJSho0FZb+Xw=="}
02096{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9102,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449112,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5Qlqbsp43gBgLMJ8bAAABAQgKwtdJvQxmJz4nGFi8TEMAnPTO60YnrZAXuC456qLcdD2Xg8Q9cJVhqhHOsr+SzLyb9pUyEoTpRzizObK9sZUfRJmS4jK\/Ohp7UE\/fBMJqQvcoQBTXpHtrMWpZOw2+kMo\/0Fl6JEF8gt02wJWXXTMGRhJbbjGCS+s5f8k0jlxcrfShUFdJfh11kruB\/o+FZ1LTKoEpd24q+BTC+zI7r9Ebe+kBKKh7VCS41ISki53HN9xWvBBXWUsaG3uvFCuhPvzXkyEwCPggJx68Hw9cRaZz0RPIsHX+xYe\/PIY1Yc63p3VZEHM1N7Dyyr2jkFlo8raqPN3bKMCfUGJuV6SLFVaOeR8w1NRMICiBDEXI624b3LQKSkWPLPek5TReRDuuRMvj+sflsEDvxGk0qpPSHa7kC9xXXujP6A3F1ypKCYq5hpnnFbYccdyynETyX\/oG6YYfBWuBus2hzPTLYUEddmUF42Uu1kLw62lmh\/2ovWBVRkmWuat\/0irnfhPXhADCszjgXaARgrqnDRyYh8Z4ImOM+pWhEoL3jK6+dYPKhay61vJHv4BqTd5CL7ikVvtUrP\/RMHfFh\/lE52Lx4F4B260LlVSeqLH2ljB1bRK6Ef7sLCZKAL1ANm+aXjX9AmVWMM75T5rgpN1N03Ma7rl+viHteMDpFkHKQcRoMV35Kt7a0KwE32OnOx\/xGk06XmAsEq6P1dGBBPRasRPs66Fgtw8JKqRYJmXdD7thgCEEypTQEv1Kn0IC6Pq1ef00hhAd2YErh95AxvxstXlr\/RwM+iOTDaOjD8lk1+vh\/J8NlHuZ77nej7Dvgr\/CU2XKTkD54\/mXRzEdyuOM1LmSTCamSuAhJ73mSRRvAVJiG6jglk3lTh4Twcr2oEpYH7NEXhjvb6I6PQTQL2AslM3EfKBjNpnrFfL+Sit5MnlmnfK3qLC4sT09doASJjA0euDiNDb7KQlJCReZjJwDFbQnsMiyYUguSQkMsly+FHWEdM3woLrzKA6rAoWF+IJq7Is9JzLzdQVR2yaNOkhLnTkIQU982r9aGLDTMhpOcnGctUmhbKrS96NKDkbFMpAwKwoot2HoslcLDCpGpvkqXxBCmU\/S2n2bdEeXCV7oeDMejnH1pLFXU2fY8xqKQE2ONN6BEzHVVJFvZB6lhjYlhb3QTk2dRhw0RxTjXjyCUf+80J0gm0kWQlkp5U2FXiWAoF7r8Ooh+GwuA6Zx4v7Ocry315ZzeXOKBn2RHn+lLjSKfmX7gj6qftAEif3ZiDpD4DY81Ct9UP6bxAqaSx1RTg5eggAKqV0R8NcJnInvzoALSSh\/BULTAf0l\/IlX7X3DOXMlPApiIzcoGfGSYbALpnEjUV5fiYcoky7KGn2h7ZgPbk4TlePZR7LPLkdDqiqHq5B8w9KbpdjQyf\/V3eYKKjiw0qP3L+tlYkHAvcmDs0KnxIDhfBubDP0RsO\/xCOnxGFNA5RveoeZAb7V7svpNlnQ\/4g+aHKdeUzmyHngcFdYm5Dogw8BN7yVEZDxkK0jxQLszLt\/qghtGAVtHnUrGmqfE5pr+mhft55JZFqxBGSENp33GeLqrIzJqp6aAem6fpBPT9m0Z+B0o6yHvfueBuEW13+42+zDFlA=="}
@@ -855,7 +855,7 @@
00456{"flow_id":45,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9110,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449191,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6SvWtbO2iqgBAB9bIGAAABAQgKVF\/tlMLXSbo="}
00456{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9111,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449198,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynjf\/+UfbgBAB6t3EAAABAQgKDGYnbMLXSb0="}
01148{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":449801,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00914{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00925{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9112,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1605291690421,"flow_last_seen":1605291690449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00542{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9113,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":455992,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6SvWtbO2iqgBgB9TUeAAABAQgKVF\/tmsLXSboUAwMAAQEXAwMANd4NjEUeIX74ArFsjp+bUZypXFq6lPI8rim6QYxU2JflDdSJkL4uoUd0SO3Tzk5FC5enP3u6"}
00542{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9114,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":457870,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynjf\/+UfbgBgB9ThEAAABAQgKDGYndMLXSb0UAwMAAQEXAwMANcxNdd7n6D1SmPZcrLqPmYCKaa74qo41V7hB0y4VKzGdmGo6hjvJ1yYndqthGOKxBj6SlG4s"}
00587{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9115,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":458127,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6SvatbO2iqgBgB9UhjAAABAQgKVF\/tncLXSboXAwMAV+MBBQym7s2H\/DCrgROb2ZwrQ\/FB21xLJaDmMmBrKCOTrbKZm8OcMm2NY3jGeiNNfuEdz0KZrzuIEJzAfjmeAzV5sqaYsfYtFcZ\/Pih+9\/gndd6PGV693w=="}
@@ -865,7 +865,7 @@
00458{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9120,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":482348,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="}
00455{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9121,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":482349,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="}
02094{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":483975,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBgLMBkAAAABAQgKwtdJ5V8E6qUWAwMAegIAAHYDAzEUuDJS7zIr\/0LubxO1lBnJ2G3idbUUbMleLJrwrHy1IP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLEwEAAC4AMwAkAB0AIDifY5d8Trlhqr5UiPFrtRLEqu90dsXP7HZX20ezXrtxACsAAgMEFAMDAAEBFwMDCrQwraQFgYmKW3xQb9k0np6JMuthLmPrI+BCqrtLnvLPA+TGlj93\/YnhE12v8kKRfHo03l0EyIztxxukXe1FiIUMgX6Ge+hVHX4SkiZlxJR+b7PwB94lT274sqDmJGVmwOOBOiKIxBuuD5CrrWCMFBYsI+Z7XVJUMzYRgm7\/eN7jdO\/LlOWZiNSDOSBjLP9WkZnV2f1x1gNSbMlGF0St15mt9nwVb0lOP9d5mVxA9IdpE611UQERvUUG5dAVKrcvWrkWu8Kle7poURToXcSFVctTzJcaxyI+27y+xChNHX1ML16iZW+r\/JD+Ts\/+d\/WPKpJ1E9YM802iJKc0kfXrS1piCevII1JK0GThaeTx7R5yMEsoGe6FkWOTzH\/wcDiUdMEHehjq4e2KA2Jr68BZxQI2ygUtlHwsrQTgQn3m9YCs0fuEKBmRrJQeRW+bP\/mJq+VYd63cISVhXP8zBucOgSdYw\/J0El81FhESB8m6bemN5Z9BbZxChpN437DrI8yFAZlZwY8ffukQ+taeSlRAcumS6hHa8WvBVfwCwSF1EwZ0VBKtOx9jCwLmpCra9xEYDqnFJfgDvGhXYYZQDOgw2b8rdjjBfuSB96gyjzEqCqKvJQhv+N5IP7oQKy3QfYDcnfwgdmJY2csadICDsy1cNkCN3L6WPia4wiO2sgZgpykYbxc3qejETcFerTp4kQoSksYvUCMrv8UCRlCFsqc\/9PxGzCuU6nqgtGIrh+6PHNU79MBWLZd3jbLPVkALVBDLIGQYKqCz7t+aRUMFGocBseU5pxOkdyZ2oHqP\/e+MC2FrmkdhQEJcSpiePEHbCs3tYQb2xJKJHSYFSMbNGGccDQKgYhSoIG9dLR1joha5FCOXQ9F6WSuozbTeCOLMODPLOJdlb78Bm83hXDnGqd+2Kpn9UTrIHfxHurbDntfBsTzci4lLfcq9Uw8oWIXPlfqa6ih\/eEVAQvfI1JnqP9\/XyjQcfQrHrsn+\/ocNJLAQqcSfLWJN4jsGgevavwEa4yXAzibgzDSoBs5qYUUgzL1DIh+7UmBvvvCggKcZBQPC\/9jaMf4Q8mI4fwwib043UAQmnApOqZKSz89iJJYH7yW0MBTBZZmMCtw0IyAQkcu\/2k7xUD7rniu1jwenew1vs9mJI8moeuSQ0EJjCwSiM5Hf9Nl22L1DNDqI88ab\/Hi\/l4\/zIGnpbycNbrg3afpUXS9JLGsg8Np33U+57fI8CCl0T4ltmeSHHgkkcJo4mMrT4Nl9Vtel+QaNXcEsWExGWVzQWgl6AVdGDOX48khFNav+3pLaE0S0aq4Hw3zNQKXly9Ns41Hu6CqB5lAWxVBFBHlg3keMKGQtjJ9HXkhMhnkqvQ4Ca9Lk0SuOqlb22OV9Bz2l9uNaGdGrK7\/WE4u0vos4YOwKQYYfbJtmoa7tHOL7FA=="}
-00955{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00966{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9134,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1605291690421,"flow_last_seen":1605291690483,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.co","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9137,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":484022,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTD4n7zrn8gBAB8uYSAAABAQgKXwTqx8LXSeU="}
02100{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9138,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":484046,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOufyc0w+JgBgLMH7BAAABAQgKwtdJ5V8E6qW0dvdPeoIW6Mlzn4fCdup5LuKkFUzO1IUXBD+jcfmJlqqzkb8XR9Id+PzDgPlIw9jB\/0W5zEPZmQNSue6yDQJErphWHa9rHqlcgW5yLmL0Zb5t57oEkSuCE15UyzCPxXN0BAgf5E3tJYNz99ni6zBfqCqM0em0x1HZZ7rrtpRGNPMKp8ztl8Q4Ol3QtVlUpQn+NOJjAF7C136NznQao8EBpOO2D1PHWSjgfz7Ia0+RUx+42BvtUsCM8VSlQD6w4W0IVBtI8JOk7kjSEjWDy65OwYHMU9HCbl5sIU3VEbu9R0ox2xfTm8YIfn2dT7T\/sWue+GEYXw4PmlKNeUzHzQoMa\/n06vKSYsD+6+xwS\/GaatyT6k8Aah+dkmdolHudU6BT+cyYWgoskeNvs\/BbmXm02lCoU9YSBe2THEhatOL1qAopykttrz5bYPf\/jeSIf+2CLWakwFIzHRYV0E2L+waWHmZTa3TSVn3gPkPwWzwLZM1YWSL6jsOEIRTDdSJkFSrM+3OOwP8nyjBsZSx9nGY8XrAYd1kOF+yV9Ww8v\/24f16y6bkPe74Lb9ROpKctqBD5i7RYLtEOgpPbqF8RQ\/\/62DuObMgndnHFl6wlk3dBEJhXh5oJKVI3OVTnH6o2UoYbueNksyp\/P1fN9r+qEcfj\/iXAFNtV6X4kPat+587rzk20r8DN01dfYi1zf4lyhEqPDdBgy2sGY2B61RyHLN4Lqnmfl1T2VvJmqDq9AAn\/LKnXkwuoV7mOSBvgHXtqgTT\/QLC08flK5q\/TVM3Ozi6Xgek2hSiKMaXfR1YOVhgAUDyYA4ajnpacflIbpk4Xi64hAjQX+fp5nlKBAiudMTpwoliKL\/y9ZRalcF+W9mv7bB26Av+r4JUoe2TDU0TiQtNPHvvZU4t\/UFM8JPeG9cvxfYOvCtXxe8gstNI\/ahOCEYVs2HgeTnzIjhPzOrN31hM8pJ\/h4Pxu3m9H3LR5JkgxjsLeO3MQPfEv6oKNPlDKqj5Jpv3tNN92oZ+BUCiDVA1Bc504xqkYF3pE5bGCIya+igCx14IFrF+KCLrIo90ug5t5F2kqU7GXe41kZxZe18FckbwXYg+vwzmb7LAD81JUCXhsItRyFsqH\/XbzrJoABXJqrbqQGIwkw1jFFaq4xbjAFI8UYOrF53WF4bPKGCMVBbyhqxK+ft70Xb2BcC8jdYjtNnIyBncHwc2IiRk3JNuSyLKm8yfIQ2zmLxlnB\/M3ChJd+zZqAD5\/caIO+rJqrMU7cNuHTj\/bDj075se2P324qnHohEErjqA\/JIM7Ve00sF3CVQHBstEGfiHrlDe4\/8NS5K1BnNUb+qhlxHJQsS9qOGmkw+oh3kCzAnpXeabXo1GMDhoF3SiKaEM9QF4IWKuQNKEphBib3ocidoTPJf6Cl\/3eiRgqCwxWLj6chRjOy2GiSBXAYhpzMrX\/Blt8qN5JIRnn+wiZTwkoCSK3rarcpilPq9D2jccLbRnbeRhm4k+2Qcp7kd6SEVakh\/PokbyTJ0yUKDVC0sDjbA+C6KCqJE3lPo4T+lxF+efwb1VBmN2BZpT75plnStSCSSS1i+U+DnyrIAlLTrg1jSCDaz9uU6e6OoqdLQ=="}
00454{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9139,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":484052,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTD4n7zr60gBAB6eFjAAABAQgKXwTqx8LXSeU="}
@@ -875,42 +875,42 @@
00583{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9144,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":489533,"pkt_caplen":178,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":178,"pkt_l4_len":124,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AHwGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTD8n7zsCCgBgB9YxQAAABAQgKXwTqzcLXSeUXAwMAV3v7\/U+JPp9qd1ALpOBGiCL5krLY40yH2E6QQ+EaRpOYbsIvkzSHg6H653NWchAmLo3jH8F3YR8JVmYQeHzBTQMnj3YkDygNZxvE9PfOFpYwwkd7P6Exxw=="}
00934{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9145,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":489757,"pkt_caplen":436,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":436,"pkt_l4_len":382,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AX4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTECX7zsCCgBgB9YgGAAABAQgKXwTqzcLXSeUXAwMBWbaoEJq5VBVRBtDA580Gq81faBok9W86uazzDxI7S+Fbz28WMgvqUkFU6D+6dVs0OQ2zYiyUuuSgxUzN3JBvyMgnEWTnsaSIB5KJVjkt7FWbnsD75aUq6vN6YUhrxnmZMmaj\/e7ahAeKAX19w\/0bVwGib\/7w0uf0nvaIOl9p0xTwMq87WgLHVN4TOXhbXa4YAHzdVsKkL+IVtBHAsCp3OYE2xEEEmAa4rnlrHT2Mq23xxjQL\/1T79ecqj7lkgO\/xCB5R1xu1+V5GZ\/zLUiLR267esFBS2BpgOrIXlKXeLmP4VEi\/TUHxKQ1c3m4gg0Mvtcfgzg04Zp+batxXpBwCiDOTP6cZQ0JNZyaMbuRnJluIwRDQSE9AWw0cCkkChvKbSmTltG+WyO42MRwzVdEN2t49MmbZeOFobUbuJ53NN3fs4MjkdtPJh1QDb7mz3ypD2pZXlbaFAXf\/Wg=="}
02292{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":501383,"pkt_caplen":1446,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1446,"pkt_l4_len":1392,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABXAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBgLMIPFAAABAQgKwtdJ9wKUPyQWAwMAUAIAAEwDA+yYFdzW9eST+R6ukW7w9JqRWIuF\/\/vXe+\/b95tk5Yh0AMAvAAAk\/wEAAQAACwAEAwABAgAjAAAABQAAABAACwAJCGh0dHAvMS4xFgMDE0YLABNCABM\/AAXXMIIF0zCCBLugAwIBAgIQDeiPuDY50sQOtIPmNSQSdTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIgQ0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0yMDA2MTUwMDAwMDBaFw0yMTA2MTUxMjAwMDBaMCUxIzAhBgNVBAMTGmFheC1ldS5hbWF6b24tYWRzeXN0ZW0uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCleb8Q8KytAwlr9ngnFkavcx4avpb7VotrcU6abTQNlAsCFCbcmokXmc1R8Mc9w+LaLzf31Z4dsrHsAi7eiANL\/yuxwpeMQUXC\/RvIYrAMXzOFLS9dQMEQdEN5SnPar6mLnb\/lQ2t\/EVvauG+WxcmtKpP+xCHrafO0uJeCVtin\/OOW3uEXGinxAWORHocW5d5VJ5YtexSqUXUNx8W9HJfRGNWev4WA4\/AHGxADmxN62MMzIAoHdQlftA7dZdunAD7jDxcbsXUNKW+aE9nq1vB4rln8GoXLR+o1NQRZzzK84WvUgo+9OBuUT3+1ng\/BffFCCI+qxRfQY5X+ZUM30DwIDAQABo4IC3DCCAtgwHwYDVR0jBBgwFoAUWaRmBlKge5WSPKOUByeWdFv5PdAwHQYDVR0OBBYEFO9QrAQo+YKhUJCPaB05\/MffvAqkMHwGA1UdEQR1MHOCGmFheC1ldS5hbWF6b24tYWRzeXN0ZW0uY29tghdhYXguYW1hem9uLWFkc3lzdGVtLmNvbYIbYWF4LWNwbS5hbWF6b24tYWRzeXN0ZW0uY29tgh9hYXgtZHRiLXdlYi5hbWF6b24tYWRzeXN0ZW0uY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3JsMCAGA1UdIAQZMBcwCwYJYIZIAYb9bAECMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLnNjYTFiLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcwAoYqaHR0cDovL2NydC5zY2ExYi5hbWF6b250cnVzdC5jb20vc2NhMWIuY3J0MAwGA1UdEwEB\/wQCMAAwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXK4+hzLAAAEAwBGMEQCIGFKTza+viDDYq9XbPKMQmX55DEfJN+l8ftdYZzW56moAiBYDH1CyVSQ+sIYNqTB7va0UuokLThNe8us0ipAMA8juwB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABcrj6HMoAAAQDAEcwRQIgZOsIHbo0YiikgUk6LjtiIIEmMUkdw6IpbWY8tTXeIO0CIQCsKa5L8gY2i1UFeO+JAkbuYZInqHszCbxw4uIRPRkP2DANBgkqhkiG9w0BAQsFAAOCAQEAm0B9GXm8ET3n8ec5IH8SHE6yrpnY"}
-00891{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_tot_l4_data_len":2085,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1392,"flow_avg_l4_data_len":347,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00902{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9160,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1605291690405,"flow_last_seen":1605291690501,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1877,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02288{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9161,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":501384,"pkt_caplen":1446,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1446,"pkt_l4_len":1392,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABXAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zzUCbDtmcgBgLMPWhAAABAQgKwtdJ9wKUPyQEwRWgO9opO\/Q\/cDeH3yj9MAzRv7b\/Ql8YVnsv8e0kBHobhksE5dbQPPQyilk9rqXVv4V1HuwoS7mKURarJkpsCtFVipZ9mZVkH5aU37LJ09Qq9X+TIRP4WqTqZTvju0xSwbxuMVZmk4f2f\/x0UKNdv04rPTDQ71sEWsohvAfJxqFTXTA07J5c6bBR5mbuzvMIhAhA3is5PDyYblWvIR5tee+OChPh0aeoBbDMGobwrU2P1XXeCwK1O\/BYp6s16bggwdSG3Yz7GRjkEY6UjZMjM1v+4gekZYv+DL2IJnM0Vg2hjyWgnWLzuoxzAARNMIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENBIDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZcMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVmB5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw0IjKOtEXc\/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IGKuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeWdFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUHAQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRydXN0LmNvbS9yb290Y2ExLmNlcjA\/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI159Gt\/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30\/AbwuZe0GaFEQ8ugcYQgSn+IGBI8\/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZSyLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR\/AASWMIIEkjCCA3qgAwIBAgITBn+U"}
00456{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9162,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":501403,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO2Zz\/881AgBAB9TYuAAABAQgKApQ\/YcLXSfc="}
00456{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9163,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":501434,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO2Zz\/89KQgBAB8TDiAAABAQgKApQ\/YcLXSfc="}
02287{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9164,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502228,"pkt_caplen":1446,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1446,"pkt_l4_len":1392,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABXAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/z0pCbDtmcgBgLMK7ZAAABAQgKwtdJ9wKUPyRKKifN8\/rCrisB+QjuucTGMA0GCSqGSIb3DQEBCwUAMIGYMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZpZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTUwNTI1MTIwMDAwWhcNMzcxMjMxMDEwMDAwWjA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsniAccp41eNxr0eAUHR9btjXiHb0mWj3WCFg+XSEAS+sAi2G06BDek6ypNA2ugG+jdtIyAcXNkz07ogjxz7rN\/W1GfhJaLDe17l2OB1hnqT+gjal5UpW5EXh+f20Fvp02pybNTkv+rAgUAZsetCAsqb5r+xHGY9QOAfcooc5WPi61an5SGcwlu6UeF5viaNRwDCGZqFFZrpU66PDkflI3P\/R6DAtfS10cDXXiCT3nsRZbrtzhxfyMkYouEP6tx2qyrTynyQOLUv3cVxeaf\/qlQLLOIquUDhv2\/stYhvFxx5U4XfgZ8gPnIcj1j9AIH8ggMSATD47JCaOBK5smsiqDQIDAQABo4IBMTCCAS0wDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMB8GA1UdIwQYMBaAFJxfAN+qAdcwKziIorhtSpzyEZGDMHgGCCsGAQUFBwEBBGwwajAuBggrBgEFBQcwAYYiaHR0cDovL29jc3Aucm9vdGcyLmFtYXpvbnRydXN0LmNvbTA4BggrBgEFBQcwAoYsaHR0cDovL2NydC5yb290ZzIuYW1hem9udHJ1c3QuY29tL3Jvb3RnMi5jZXIwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5yb290ZzIuYW1hem9udHJ1c3QuY29tL3Jvb3RnMi5jcmwwEQYDVR0gBAowCDAGBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4IBAQBiN0JcvBC1Poss6QybbEXiBwB6+cVYC7kIjD7tsyU8tW9Q5M01aqeTNJYyIalIRKuc7T20qnNt5H8WgIlszygDGINHeaMQfjBbrDuwYOB31Aim4R18XsC7+Zp7Ip2nAAl+rEYXg9ycJleZMDlilo\/t2t6qxcwbPspDaGxXFrzVDiAu\/v\/Cal0uoEptFFiHlOY5MV98c8uQiGqEEZYnpu3ZgUamfqNyAApSPoOIB2N3iWkXDzmF0qsIRU3QUTr9XV03ZEx+MLJVJEKdNrBdnBeBYfHK+RACJKvrDXSRjXtFKVA5iLKmiTUlHhRqRyMxL1ya+q2aDmJRpCqpxPk0nSEYAAR5MIIEdTCCA12gAwIBAgIJAKcOSkw0grd\/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJVUzEQMA4GA1UE"}
00457{"flow_id":47,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9165,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502241,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO2Zz\/89fggBAB7SuVAAABAQgKApQ\/YsLXSfc="}
02293{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502750,"pkt_caplen":1446,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1446,"pkt_l4_len":1392,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABXAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/z1+CbDtmcgBgLMHeTAAABAQgKwtdJ9wKUPyQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz\/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX\/2h\/klQ4bnaRtSmpDhcePYLQ1Ob\/bISdm28xpWriu2dBTrz\/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ\/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaOB8DCB7TAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBhjAdBgNVHQ4EFgQUnF8A36oB1zArOIiiuG1KnPIRkYMwHwYDVR0jBBgwFoAUv1+30c7dH4b0W1Ws3NcQwg6piOcwTwYIKwYBBQUHAQEEQzBBMBwGCCsGAQUFBzABhhBodHRwOi8vby5zczIudXMvMCEGCCsGAQUFBzAChhVodHRwOi8veC5zczIudXMveC5jZXIwJgYDVR0fBB8wHTAboBmgF4YVaHR0cDovL3Muc3MyLnVzL3IuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsFAAOCAQEAIx3jilfKfekXeUzxHlX9zFNuPkcP38ZV8rIENu2AH1PEXTQoa77HVfxn6ss\/f5CyM80bWBCCAvj4L\/UTYNQFzvGBCMHdp3WXTxi5bd73k5EIun5ALO3B6rt2njMGdx0NCH9T3Rtkq4In8WnVTV6u9KHDdadYRC3yPHCYrLpptpV3fw8xXiz8oIc6R2nweV\/0FFSklV4ReBJgJ86fwnf\/I1N3Xbr\/6lnn28+vkpbvJJo1EHqckcYOfZn2Pxnf9XJU4RWpB1l7g79SLkaMsgBkdhxI09h56G5WzK4sA5DXGTiZ5MoJGVv\/B5awqH80Sd9WqfewX+0z7YxHtzADXfQDjBYDAwHfFgAB2wEAAdcwggHTCgEAoIIBzDCCAcgGCSsGAQUFBzABAQSCAbkwggG1MIGeohYEFFmkZgZSoHuVkjyjlAcnlnRb+T3QGA8yMDIwMTExMzAzMjA1NFowczBxMEkwCQYFKw4DAhoFAAQUM\/Wqxh1m5wVdAxc6TR8+GHE4hQ0EFFmkZgZSoHuVkjyjlAcnlnRb+T3QAhAN6I+4NjnSxA60g+Y1JBJ1gAAYDzIwMjAxMTEzMDMyMDU0WqARGA8yMDIwMTEyMDAyMzU1NFowDQYJKoZIhvcNAQELBQADggEBAJ6Y2cSPZStqz0xDzR7cR6Zl3XaWQN47BaUbGgNTcOZ4BOCZDyKgCL5Mn+McBPfZcolMp\/DH6fseyXRzKXVMYRLImDVy\/76YDX6V+9r5sgkkkky4uuwBPXCyEiufvUrqTlPiA951Kjrt2XwsYe7LI7qGhZoeL85MdlANSDi8JPYYOn5ZgS3Y1rFHYGP6W+XmhdgrjBGKqrA0uo1kGXdYODDcAdCUyZ0YndrfWv8gGFaJNqOz3hScQKhFNJLg"}
-01195{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_tot_l4_data_len":6357,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1392,"flow_avg_l4_data_len":529,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","issuerDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}
+01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9166,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":12,"flow_first_seen":1605291690405,"flow_last_seen":1605291690502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5957,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"aax-eu.amazon-adsystem.com","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","issuerDN":"CN=aax-eu.amazon-adsystem.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}
01025{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9167,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502751,"pkt_caplen":501,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":501,"pkt_l4_len":447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAb8GPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/z3TCbDtmcgBgLMAeXAAABAQgKwtdJ9wKUPyS\/2LcYDec2q4NKrOgfB4Q\/ddCu2Jdojv\/K85Y8IxC+jdwzN8m2xPuSubH3PVE\/dCFfYlZEK1rWobDe3pu+SQGTKUAx6xYDAwFNDAABSQMAF0EEBqYXgjgZ3Lmivf1SOV1AnRPEVe9mUpH1rHfpUx7le75UsaxZrCetsG6Rm6IqpGRIVWkZrAEd7K+J\/efAO5w9IwYBAQAtJkxJcQFbKBnSWBIsCuSyeosCnCkFFXLBU68X\/LZpphchMQS1bcgty4syYD5YOoU2SUHUNiiAk0ZyeW8dDr+BsaSLAcBh5bvd8MNL+JJn6VJlRQmalJvmm2YlgoSu2fanbZnOCu4SH\/YrXhdzko7aLKtlnCHCTslyZRcdoPGzHeeKyfycSDojhiFgQocjAGxoCH5r9tjb+Xu3rdCiyK+D\/lB2NBpfxYx1PMlrnn2l39VD\/xCAesWSgNb1NYegGfOVkWo1hV\/ru4+pzN87GKSGAcA\/wfYLq3tUMnX0fuiw8CK8mjXqmK71iw\/MaceCnnzNaxDkenzDPb1bFyMOFo5RFgMDAAQOAAAA"}
00457{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9168,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502763,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO2Zz\/890wgBAB9SY9AAABAQgKApQ\/YsLXSfc="}
00457{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9169,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":502787,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO2Zz\/897PgBAB9SSeAAABAQgKApQ\/YsLXSfc="}
00457{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9173,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":511700,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOwIKc0w\/JgBALONXkAAABAQgKwtdKAV8E6s0="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9279,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926655,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9280,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926734,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReQAAAAAoAL9IG1mAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9281,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926769,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s24AAAAAoAL9IHV1AAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9282,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926802,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOkAAAAAoAL9INfoAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9283,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926830,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFQAAAAAoAL9IB2IAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9284,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926867,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygYAAAAAoAL9IOOcAAACBAWgBAIICqpUDK0AAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9285,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926912,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtsAAAAAoAL9IO7kAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9286,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926944,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns154AAAAAoAL9IJ6VAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9287,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926978,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUEAAAAAoAL9IA5NAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1605291690926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9288,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":926998,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyUAAAAAoAL9ILYPAAACBAWgBAIICriVOzQAAAAAAQMDBw=="}
00468{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9293,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":952219,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="}
00455{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9294,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":952238,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="}
01147{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":953297,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBgB+1vDAAABAQgKGsMWusLXS7YWAwECAAEAAfwDA96WEVYjbITPXvxDhOji6nCQdC0KhgTdN6+o+9OqeXt9IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACC0+5SyJ2jt8tT3w+Is8x7czlNEdFH4IL1ppCYO49RWZwAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAKKigABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9298,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690953,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9300,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954541,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
00454{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9301,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954562,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="}
00467{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9302,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954643,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
@@ -918,40 +918,40 @@
00454{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9304,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954649,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="}
00454{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9305,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954655,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="}
01149{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954747,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBgB+8dGAAABAQgKGsMWu8LXS70WAwECAAEAAfwDA3+7YXN8uULghjn9Yx4k2QYB36376hmbrRggZ0eXr\/9+IP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIOjoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACk6OgABAAAdACBER8lo38zcpkmaCPLiXoa6+JDbprOR\/VESBxZzwiOrBgAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9306,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01147{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":954937,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBgB+yg+AAABAQgKGsMWu8LXS70WAwECAAEAAfwDAwV9PSLZiieFTsrwb5ePEiAq+zIrQhR0EBkPYuTZcw2xIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACCDMYORaya1YaUyb39J38cNu+oTtZdlNYXEhdiyzjyDBAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAALKygABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9307,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955129,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBgB+8QTAAABAQgKGsMWvMLXS70WAwECAAEAAfwDA9NQXnr9EPQV5HU7sHg21zD\/k9mVMQCLGTscCRIJvvLdIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACBaC+dtrwuc9yhJo5wqXEwHFEsHVbwYnP6Z3gN8xzV+DwAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAJqagABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9308,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00467{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9309,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955375,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="}
00455{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9310,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955404,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="}
00467{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9311,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955522,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="}
00454{"flow_id":54,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9312,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955530,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="}
01146{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955637,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gClWEAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBgB+4TBAAABAQgKGsMWvMLXS70WAwECAAEAAfwDAyJmBycAvyCH8SnNB2CBC3yfxoIM+Ymce0POg8ZwpXtBIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3ACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACA6eb9HkRnUV512a5EvGRTLrw7IdAlKbphWjXQpKHePSAAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9313,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01151{"flow_id":54,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":955751,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBgB+7ghAAABAQgKqlQMysLXS70WAwECAAEAAfwDA0MhDCfgcZQW\/qt2QzKimm0T\/Isca8JmVqeJQDbrvBrqINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUZm9udHMuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIKLIRrB\/9d\/081INPFyx1jcz47jhpMuBOz2amAM9LokCAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAAsrKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00854{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9314,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9315,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956447,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
00467{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9316,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956447,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
00454{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9317,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956458,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="}
00454{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9318,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956464,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="}
01149{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956563,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBgB+weLAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA\/KqVcb+jqsuy+pc9KilYVgZAEzQ86cjwq67GKq7nQtaIOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApCgoAAQAAHQAgQy2WiyCHDU6V4a0QbWLV7\/15JREGysw3jo2qrGJjK34ALQACAQEAKwALCqqqAwQDAwMCAwEAGwADAgACCgoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9319,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":956668,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBgB+7CTAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA4K6LYgb9peQAaC+yGKSfQ44ncZ84XdNSq8PqNFo+UyoIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgMcGXgSTPtAvtHwaBrppAs1ogUhPlYdie8\/zN2rMve0cALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgACiooAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9320,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690956,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00468{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9321,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957467,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="}
00467{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9322,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957467,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="}
00454{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9323,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957477,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="}
00454{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9324,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957484,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="}
01150{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957577,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBgB+\/1RAAABAQgKuJU7U8LXS78WAwECAAEAAfwDA65NQ9z+8vgCXkINXWcIT6WxgXSerIkD30OtzZ9Uf8RRIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAZPl\/EpHfkyE8GocRMfQRm6hqCG5SYQknfR1D0l4PTwALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACKioAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9325,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01148{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":957682,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gB5miAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBgB+673AAABAQgKuJU7U8LXS74WAwECAAEAAfwDA+YyRlzceVtjHpKgho8tByOApAEJPG4M0zvRjAEsHgJBIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACKqqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApqqoAAQAAHQAgklNVX2zbnVcJGiMo7ZekGZnIRwL3wUnQ0+pmG+dpG2cALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACmpoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9326,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1605291690926,"flow_last_seen":1605291690957,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9329,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":983708,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBALMKz6AAABAQgKwtdL2hrDFro="}
00455{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9342,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":987243,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBALMEDkAAABAQgKwtdL3RrDFrs="}
00455{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9343,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":989609,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBALMKHqAAABAQgKwtdL3hrDFrs="}
02092{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":990862,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBgLMNLzAAABAQgKwtdL4BrDFroWAwMAegIAAHYDA36OILDTPGPpThReB3qawdzc+8ModY5sz6dKgAy5UTz7IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjEwEAAC4AMwAkAB0AIKb7TxZlLfXhHxUcpFoHIR+tf8HFJ46mwItrHXJGk604ACsAAgMEFAMDAAEBFwMDHFrW1gBFr+UU\/Gyk71woNE6PnZpc+DzGDmCn9YDCgQj6c\/ucg+bTZrteQFWKBAiAZliV2QbMCrB54l7dza4Cx7\/L7The++JNe1GwdsCw2aQE0Y2A5LCwwQDYd0oIyePfcpL4hs191txSWPssF1q3j++i0mR5CCPSEYT8EE6Evi6ST3gc9KyNYuXrUJf1OGJpBZRuyAUedyp3ZqH\/8xcsDDjTif3U3vfK4fk1IpmQcwTP\/ItmSkN01Y3sBgZZOTmZHtxJ6mFQ5WB41EVRDT1tM+hXYgGHVvC\/hDI8duczVG6PbtSe0MG0uAeE8a74L5psd7N\/x48Y3qdDH05tOlNgBJNT9HPOT4KopAH5LqaDOflG+5NsZKqcMrgtgo8ZCVQbSSSj4ZRPw5dl94ORMafRG\/+8rNew1gaD30iaBr003OVwMY\/DGdJ7Cv4avYCZzjDCDenrG964w1s9dTkUrRdflAOSm9F5jMyPSFY0DxJLbqt8Rqhi4iQVLEYqk66+KvCi88aQrOjt6qbe01oGZMHI5czVuq0L3A86nE5KVdjN1Ch9lbkoHV2aTNOkrGzRO5u7m0kCLkJ598yBxq9fb4bjPaQg1rLkN3kVRnThjpZ1xopWatpTjyWdMmnP2VrgX\/9EpSqGVYvii7zd89rZDs3UQRsRuu7aPoF4wt4Y\/Ybvda2wxjVCivnsXghmah+3pkAZMs3hGXOcrLmatPDASeA5LrmbNlZnZ1Zj2R9R3DO3G4mN5YRHwpPTar8GqtfU2Xo1lXbt4YQTVWRp4IKN0OqkMdkbgWro3LWwdWS4P4FB9GhwRC1cVffKPdaZl3dmVgkQS\/H5seOGdZSSk\/NUw7wYXdzRmEru8uoubkA8RMkZ0vjJT4Z1FSNWKcOLVQXdcafYa2yRfBcnS4Ps+xx8+47aaKKkL1iR1Ckkc3evSt755sQmkDYEqrqPO6cAVAW4wcWUv4gnmf7Sbr7xjTWb9KILBkayyg+qbXI6H+iicAf0gIHJ6HZt7yIeGjxIpEXNE7ZaoPgN6CUPkRb7JCSsXgnV9zzhQkXrxvugVydEgH+YX2zpcvaV6uxBIOrjbBAPRTbTqAe5QBI6Qp1cI0JUQCiq502x7OJ3BxP9W3jy00H\/5IVTEYf7\/n07p\/ijgkT0sx33aHMHskNv5FWC77f7niC8OfVL+Cue+Se3WaBASwC3bnl1F+74N9QWrJMoEwqy0H1Hfe5Fs+gAz1CsC765SqOVxIEtACfxo8LmxZTzdq0HtZo8tKFepVhOZonRc1hZ5b77iZq9E0JNp2LTyUwEiGLX6lhhFEUGFCK6rAR2h1J157aLGvA8oJQCUS8CRGWaW2XIi4cRWFK4ZRGM7uKLQxi\/n7uxf7Ju72YMCl1VibfYg4aE7z\/Lby7d\/Xbiz3Cmbn2T7i3eF1lLX05Y3jBSqexkVg=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9344,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690990,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02100{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9345,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":990863,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGeghj3l9PagBgLMEM+AAABAQgKwtdL4BrDFrrsGZvVkoIc0Er\/8RjipRfjZvDF0h3tF3mpCYlLlJrDYEwePzIc6hyJN8+HVIc1dprw+b6adnmLa3tAQN213AycU8DBT9IOuUT2wNz3MKxPfUOVWUhd1zjAdp\/K\/jlzSpAmu8ywtQ1YR7+\/oqFgwoht5PennPYM8bMO9xgSYvrU0IDvDwj2BpnPEMuSijQufVIU8+Yg8wFLDKjYf1AEqdhNrUmPEnPv2z5nVHsnK1l32Yz+rJ5f80q0DJJF0BAptctM2uU4sdGV\/lNrOIggivc4uf75AITWbNUSdpzODSAGLhfjB4ElKItij89h2srmQ6duT071vcvvPniOu4nxMr8JpYvhUYrPsEmyMdVAYxRDjPsWrv0dWIhRK7pmIXQ85s\/Lez5nGkA+pkIfFU2lUP3LDLjYW+iACW0vN5W50Nb4d5SoD4HyJJPhc8vhnT1ZDSHuvRg2WkMXCghrU78ZmhVkSTEbpNLLAsY5\/gKYld8H7B23iVMAPq3EKBl6Rb+Ig8S+rYwIJj2JSMtvvCFhl2KK56rVWduMFfB4oE89vj+kpMmQxN2yVAcQqF1NVUbqMLZ+6sD0AuGc9S6PmykJjTJa3O2RP1V4Vptf8jyV7rOPRQLt5a57yUHX7UTNeoBSX1TfqfGvwbq2zE3vrm0WUXn46+zpyuVX5\/CAki3Kd38I0D\/Lkn04GS\/Bu7LjKknhwBjANgnUd4Fde5\/9u1tbY7FyhIsFhIebEkk80JFB3k1k0frr7htOJ1O7UP5CflmQapVm153uJGbXzIlQKZ6HVomFe9w0+Mmu5HzHijjWvo0pw85xQ2q4h+V78Ff3bbfcKdJ\/o6QFU9S3ObXoPK4cqoDzLmDnKqxdSzsn8k2xrq7wzSs9vMXluZA2CvabaNV7FURawEU1MDm5qBGzX6xxwQLMY2Oki3mR9S6S\/iYrnnoQ0S2j5h1lRpxsTG3VMsQHFgLSgdwwgaUzGxq+smzxuavrnXcKUatyE4x5tmmX+E16R+hflMUNPI2OtJzSqTcTOxdoqCWL+pLSCe\/Qf8\/uzNjzGHMsSJF+ShihWP+T7Jx\/WtejT0FMgPRhirrIJChFReWbq9moOT9Mx7hl0sFqfP9qD22NO3Z6eRN9ucZ\/mpylDC3xcPZFpuDxpVspiGV+sFjWlasvju29a7qzKUEL\/E3\/4q261zk9qlSEKkklUto3tH0guV1kN\/cGbcSywhRHnRNRDdxBuXWw05M8xMaqlnffd+A8yLxXYCa5iZ1ismXVxiocoDi3J3+1WNezQfX5T0WhAWJvxfmXNlTTBeiVkON4m44lT55HG4ENeUJDSiRa9aLi0\/ikGuru3XS3Rx747iNBWNYowGWwJn\/ln6VZr0yllTQIhORGTuiBU7dtKkkftsGoh+9nS\/RtIZy2uVVIG9B6FmPXvAXpboHeEhmEDbS\/dVHvoxTR1r79x9XFAzepMeUDsvinNyqK421s2ClSoSY2VHBIGyax4AIhMoHDU\/FeYRUEL894+whHU00wMhuXyJxYTnkN8vVHze0Rj4n0FCZE4YWot0Fow2Kdos\/6hkdpXb999pRERuIfSln+TOjXUeMHhfbCVu+stWl\/sBMukFZ9eQ+rous4uQ=="}
00455{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9346,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":990883,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX09qRnoIYgBAB9bFSAAABAQgKGsMW38LXS+A="}
00455{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9347,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":990919,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX09qRnobQgBAB8qydAAABAQgKGsMW38LXS+A="}
@@ -963,11 +963,11 @@
00456{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9353,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":991006,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX09qRnouIgBAB66fsAAABAQgKGsMW38LXS+A="}
00455{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9355,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":991527,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBALMI8TAAABAQgKwtdL4RrDFrw="}
00455{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9356,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":992341,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBALMOuCAAABAQgKwtdL4RrDFrw="}
-00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1605291690992,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1605291690992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9357,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":992851,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="}
00455{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9358,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":993446,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBALMBc4AAABAQgKwtdL4qpUDMo="}
02095{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":994995,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBgLMErkAAABAQgKwtdL4xrDFrsWAwMAegIAAHYDAzNQ8sFN7Swy92+j0SqvksdFVpszUS4x7IjfFFRtMRxCIP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIEwEAAC4AMwAkAB0AIILIseW9UiKImaBUa09x5GXPjEZBKjNk15MCl2rU7p0WACsAAgMEFAMDAAEBFwMDHFlooLpn+B1GHVvYojPABpa5lnZzJhYy4vUa5MyYtB6cdW5k9AxXBULT0zXHUB+MHIvqk97hJRNJOY6H7wCVZ3lQmcQqRsRNEx7a9XjBDwpQb3BJGRVMjCB9qcIOrA\/Ry23MMg11pgj7uLtjUfbh\/3r2yh1DBiCMVdhXs1uIe6\/EAAu3HimlVSNxJXJn00Eu9gW56FMujQLHTonIx2o7OO7\/9CdALsDmpAKYzJtMbIFNfkWD422HWCVLAaxhBMXWJIeQv4VLgX0v3UYpipglYScrdqHhAJaZCYeGC5KUMoBtqG7V6df4QgGq5oIbJX4NLTfPJQlVDOP1A9YMMLNS8BGbAU9lxuDtYu5UuZQ1pBH0a1tncf29xuDJ9hGfZO0yeqVY8hB0JbSTKDRJpDbeyUwRKE++nS59+mFzw32rtnEDLm7YGjjGeucigHMXyvTxLOiUomoQwUew2CwvgFBX6DIa3na16QQP9WDg0zxYg8ZXkF\/yYd1MhFxMC5jFft\/2weLPNwU23EGQfDoyy6s3jJl5XB9ji5jUFStyxGqiNcSwlv9NDLkANKc6lGxuapnSDAKXf1zJs2U+S\/7+MNhO56envP2D7xbD2me6GHq1GbDORxtMUTnGCz\/qkbmEzknJS2\/lV+i6+KNI\/CdXiXR04N+CUpWbejoV05xo6XkzByGEhCYZQAcTRC76+80mw4X3q5wJBtOU100e1xO6F0ZpPKp60aIHlsEuyQI8xJqznhYhCFIeGenjBKRkzjByDI0s73Ad3+9q3sdlRQ1vCQSPm5YBxtpOuRIH18F5sNg0TPHmola1G4FcHX0DBn2HgUpt5iR2YlpPhZqAfTODSnVWogQiMM\/nw3DZx9OLyeY65S97YDvhrK09\/8H2rC794qQGaDtYNXV9uA0hJf1ZyJ0TmVuKUr\/69Dn1VHlzu9ySoDQi94pUEDWYDW3+jhT4qdW9YeZfgYL90\/6ZYArCQzjFKBl4ndf8PVc9qeb1Kpc5AEkqPpp8+dqVStpa\/0ZC9+0pzfBy7jrgQPKp+T+zHS7fZhjn06MseZC1fHL4ayGU9zZLsCiPHXiQPOm5OQm7YFJoDhlIBSNM1GhrImoE45PL6WIHBiq\/S6kVj8ODPTSb7rUimo1gOkzbzQ2qFnfzjvuDZciv4WlDeMwGQ4uwfCMWa5\/n1kt\/kn+zFUsu7XRl5\/yaTs9BHom1aJhtO5Bxp2YoLrm0L+PgPGT3CUoFcpE\/XT1go3iAesuBb0zYb7GhKcDTz9JUh5WWGv1yeW0F6CYpI4m8+Uw7lrY0m6WXpRUaIybV+7NSgR9ts5UQ8SmRxGUqvvthAJoTJfII5ALMqicSk1OBZmgZlKawLMgLpGEWle\/CVuJ8tEDnR95YvaWl5iZVPCcm6Myj8Z1xzHKhcE0Gfzd9eqt0QwmXorkgVD70oQ=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9359,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690994,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02095{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9360,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":994996,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwm4zCUkfqgBgLMNynAAABAQgKwtdL4xrDFrsH3YO3s0p3FIIRWNIUrXkvx7DSLsO54XWvzc1yymGFRy6KrK\/3z94RAzzAGAPFqYHEqvsWqmC7RcZ1bqn5VNd3Auz7iBUvmgPiGLn9oI7uNuy7PQE6zhkaSBy82kpMPByjEtbruDlT+vXMIzSh0v7FkotVFwgJE31nMNk3yJOR8APMEhC1EbX7Jdj+C592foPLBa5yhVdHwqwAN0fqRn9Ht2nvldLTWWQtlhEXfrcsBWiRaGPdaVU3bUw\/Q+gC60k3WORC7Pyo5KgfokDkmSrgNWs+f6vKV9gZYo0+Kfx0R1AL4eC6ZJPLGUYZv7FeyMSu4uXy2Dh9ic0nGH6msRr6BaeEIdfCbskC+cZWjWPQRWqjft7rO98zO0GNAxWFk1Wslv8\/q75askBPRF108qzFoue4Y4BU2TcFKb7CauOpiW6K4KKqmg+w7oeZu1M1c5\/4q96g+O9bfqfpRFhngym8VALzQOyUXyCw8cq4WTdoig8nnhexl2FZPMnDbBxTV8slcQjtjZX8RmW1DvVWV3riPQPmyjn8dMgndIy\/u4hoRd+srmZWVhQ+nfU8ZYojl\/fwDljXPl8Y52sqW6KsjS5JMDykBJQDupHizfpCXY62pGIXZUdOj4Gy8a5O62p\/2uXpIsLsNe6TtJLMK3uPpEnmoJtB\/Ncemz93W3l5adrvNMKFvQohgs+I3NbzQEbvdSXvGB8tBJj94xNRR\/uqBy2rlRz4k98VmkOJCQYiQXhLo4NQyz4YF6RCZQyxeWuF\/ezFqk1KBjwrYoeScVHRSSPH1o5nUxgnZmNjy8aJxxrhmhqUDkbO9yBViBI9zT7XhR6HUIgZK\/ABriq0od76LbROOLEDN81DlYV9ELymlJhplDE+jUq5bpiz7+2knYEDMYxHOdfWGYOj+5JBaJfZGYIS2\/9vd1W8Q+95LqF1Gol9HC\/yjMAd5+2bQN+iVkXNrbDzb9GvkTDyqsm93S66SzJlE7rZ9OYmbCAS59dumAmdSlDS6ETKshNIMXcgfN7NhxAEDL1EASwMpJikxU2OcjWvuVsrL39IwZuGkiyVqwaG6ef1IEnofGjYh3GfDQwRIKnj5CQeItG6SD+gotUkQJwdmzjNMK90gT2zznJuhRWw757ur70XRB\/Zv0c9CRdxuALQulhRx6sQC3+o6sKh6nlFHwLbV+G7ip07+ERfM0ek2xwwhsqpwLQLVtdjbHeOyEZ1hO9+bP7Vz2WSQxfStcbogwCIZ0JhtW5bMbNsWUgFmUgZaVUJz8z2\/GOVv97bKG3W1jnvnxSY5NYIjI+W6OvLCIf19OFn0InkPQY8Je\/z+hONbuUh7D9qtePaafie0XpYoEa2fV+wGpaLpumSQ83V6zoJdM6s6VSpazGadRLp8ezSvWpYEEC0NobRItWX52S2nOygvCZaGtxQuRmdTEo7GK0h+\/RxoDd41fIPwLI7eFDwgTQCw2b5vLSSTeOX4C50Sx3j6nWLZRM\/MX0wfN9jUZPZfOoUsM3xHCJszzAey0z5\/XyeToZ9CsiIqzn\/2m\/5SKUQqjyC8EoV+O8mYTDsm+FWOvpVE484TQ\/BQ5QKZYXYzLRlZOu0ItupXKFXq4+3SsscJYCNFw=="}
02091{"flow_id":50,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9361,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":994997,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwoETCUkfqgBgLMI4aAAABAQgKwtdL4xrDFrsZkewCciLBIdcZXwfbrXWzMwTCfGn0xKi5sCbqOHgtY350mZK9hWN+xg5a9wNUzuBQTlC98dge1jGOtzKMx2rIO4wrx2XUeMTizBbO9YyXZbM4S3Yuuj8HYXPPW7LMgd7p873lD+dp0f0XQUsDxAikEeADfQzSJZ7SpwwM3sl9\/RMNUKVGBvtWDyjBSspbko3wm1uyFPMTfX6xhybH\/SG0CDxbmCpoZ3K8YVFvXCd2sMppR4ckUt9sUBdzNbsvbSlbt4cEEokSPAHAloSupbH8oMT\/OWE1BKkgbjXjrSRKLHjOy6kgPI2KuUEl+AxCRCiobx7iv+gBLN8mG2xcyVGRPwQz78EwueCAB158U5J1UPWR1ZICLlqccX5lOYfrY34kj5CfuaLEa8RU3ihdYWXsbatzjVRCDCURhADx9jFVWZ1Dutw8jJKsjKzPKxX90x3M7EIds0JwAiZF2zedRKkFP16G0ce+96V9DcsAwmiIJ1XpcjJeO5wqFwjppeYTIUTJp9j6arN\/tHjuo+0a1fgYPwM7NLXDZMK304uEWLSlF\/rXSxsGph4hN+UipQ65396vsqutoLnBdp\/CB0dF4UH04jykuJBWL5JZKNdMufOIlGAKBpjB9TpaylK8EwNEJegXVK23Wiu54XyI0UPJrTE6inCCqzxY4hQ84VkpWcraaC4DWPWYsDwdWFOn+spU7fBEItQBxMmMCEie9WZcl0X8rb+cpyQxlTu5Jtfr03mrVYnedMe2l4Dcl0x5fdlayGjPPJkU4xooUROIwuve0u9VlkiV9aLAcJ2wBmg9MeCPlv1HE+m+KSd0xDSkaLaGNpWRpuDzKS4\/pI9OziUa4lSyyMxy0mLet4I998KZfdISioclpCxQpAqBFAnpPfJUaY+A\/0quKYGA1aRuuRNEMCEXTLEYjlVeh\/UeDgPQwNUYDHhZqnC5RE7kGJDPr4heezJj9AaozCfU9nSGikrZUM7FyKGYrwXiqPsLuede2FsrWcp5OV6\/izfStpIuJzDLB5b6jffbiUhKIR8kUUy7x1OTROvputI+J3UIwNYYkU6ZdxWVbGcZtFxJL\/+znXpqrldVaGW2QQ7Uho0gvvWQXhe72vjaw4opIZKHaYxU6G\/NV1vGxtIXOjwfVkQREOT3lApFL44GmK0Dcm7SPwYKEXOBJ8dskroRoMpwVt9KOVPdfP\/AKaQisZnCxzji9+OXd5Mxzb6DVrnbv7eAtEWK2nAiyklVyKl7lnOjtAUj\/JXtetdzBanTml2SmVf2Cx6MH0aV6Yn8qikyXM4Vh1j2tKQiEjKP7llRJb0yn9sJe9pMDvQJdxPeS+4SVlKvay0Y15tWMXfZfReMV1dl5z3y2l0CumP2xCrKlEJnzRh3fDP15PE18osPmfb1F7hHYUO017L79UWcRojI+9G2Gu\/R7yXY7LcdkOvNdu\/fVDI+BZdy5EZJ95kkyVxnD19qthkahL99n8AJmP8A16lCxChNc7nETfgWegi7gxJfUfzi8BFBwnwYugzzTTFLxLHe8kz77KBwiBJx\/l4b77nTLGJ67dnZRZ3wziWr+32nIq7mShJi\/9kYcXaX+n+C6D4s9J9aBkNdY38lLfqQYw=="}
02105{"flow_id":50,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9362,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":994997,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwpPzCUkfqgBgLMEnHAAABAQgKwtdL4xrDFrtOpLD4rMsiBhrOiJiDguS65pXPCC\/z4btEAeg47GxYXDgkKrqSshwsbq3VCSxm9fTTDC0lYyBF0ojB4hJU\/Yn9esQlkRXKvRlkiI7o2aBGEwLnJUiY6CyQ044gx\/Sj3GtgXsX1MkpvHKfgtge5HIsSYZ8Z+K1CzRwhTYXRmDp1EF9l8Vz\/jH0kmGDQvkW94kSsN9Yp5b4LBWzmxlnjD1AS\/kqr7JBp\/v62m97B\/YCn8nSRMlUweVQG6cGrw3+i2VcXfAc\/UabEffNUadYKjDkiyF4VPhelmUaai3Uy76TPNcI1nB4wedBkeIQkdud\/9mSNG+At5pr5PzHYsbbVu2o48E0Vq1LdJpLACPDsNyNtP7VdHmNygfX5xLLOOpjH\/A+ZQZw1FYrDLKOoZFAFqj8hlcPN0ssMyLFMAvOaT5DS6+uXocE23au8owHVjw\/Zk8SXRv1rwA+15XNaG0eemNDOQdJoHDFnmUS7QSPf5SFQw2YM9v3QQSPaOqJ6FTY9t1tEV4OpXdMmUGMj9k7XiMX9Ll7B2sMe5g63OmfG8\/SzeW6HvVUVlKuZUAz9h2mgc0lXnroueu\/aMv7EVpsdBVFxrsKCSrQsVoSIhELfK05SUGDNKyb\/satqBU\/mO+x+qLcQLwtiYjaWbOKXA9g5+jNLZ8XO2C92XKSJeIAjQDwvwP7a5PHxACWMWXBmnEXz06d7AxrZSlytkOG8srb2D3rFuvd5w6iVd8QQn72GQ0iGeDUbCJ1R7\/orsfm+jDQQsWOcLYXWPe7lDGwWw+yPhgE09OKvxNGIyzlpqv+n2vBUrxB6A9T+RNx9MSA\/wm9W1X6RtBpUbyeHNPX1NV7Ly4R45cOmkSY0lo6aoDdvA3QrpN0NMkH1XvEJgm5kIlV8Llkgrj+2iFxaP7Ugbb2etVI4lb2qreLC4\/CDmlexhZCUrrRakyxA83whEOGPtMU0UzVPS3Nryrt1o2UzeJtkPCpECpg4rMovhPlgFPORLtyY65i+\/7+V\/YyLoQbA6DijSqkSjlg+DS0ZJYPO7q5p+HK3yktyHZoFN1rC0EX\/Sc2pmRCQ8txSga6lxue6BriZHIWlsn0+APvKVrFgEw5jdSt7b60RhXfs2ehnTe\/+FzoaLN+6rVYxxLDMMwIHL2fLTx5Cv6k0ybYSy4GUQXzUAte4MimY+KICFk08MppSdo2FASCOK4l\/yw5GqX13OahvgSRhzdQn5eTNqFV06Ge9NcHD3TW3V\/xBBiIqMs5L6IfntzHPFXeMGqfVWFy78t9VhtiBxUrRATuA+l5Ehk7EOLBlw27ckqshaBhn0pAriqMnQG65Sd\/kgEy4MrFCVlK\/hfcF0XQ9hIdb\/WOh8FfL7XXdesDKI+5mrkJNv+igkJEnve3jFRHbd3o9N3xEcmDiF4smlQ83zgUyZToSIWhNbQOOkoqufGCbLagcFT9fdWeNxKqPNf2o\/DAzJ269\/0+sdhdsPTKn8u2pgKKwIgxp\/4nIBC2F5dEQd5s0GXzdNXhlG8i6PxSfFcMMe1W+C2FJv5JoBr6FsYDtplwf8y3wO7ikRhpdMxzP6eSVY2nsCL\/Gs3ZJKQgs69ABm4Po7ZEcqSThrK\/fhLSSmg=="}
@@ -978,7 +978,7 @@
00455{"flow_id":50,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9367,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":995059,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSR+qlcKm0gBAB5DciAAABAQgKGsMW48LXS+M="}
00455{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9368,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":995066,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSR+qlcK5sgBAB2zJzAAABAQgKGsMW48LXS+M="}
02094{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":996121,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBgLMAKdAAABAQgKwtdL5BrDFrsWAwMAegIAAHYDA29WLRzWiQ0ImioVNDIYO41iJLk7j27Qk9oDZGuDXIlXIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmEwEAAC4AMwAkAB0AIBdS\/romPanFmyuVT0s9zT7IkQA156BPQbAJaxQqVspBACsAAgMEFAMDAAEBFwMDHFj41leHg97A+p0lMYtUEildFAyR59PZJCRMoM3jgJazAyiA9xG\/VsxYlxCHNYBE2vFtwW20BFF03RqA788OnPrh3GTHzP3lAz3jWERc0dk3Ir1+inYap1X0OG05m3uRgiefxhv\/o+eS+1ZvbD8+U2ZHzRQraGJvRUeAn5HYbvLS3DcM1xk2Hq75irnMXJwVUp9DwPJKRSwzFGphXhohkVQCz5veWQu1Wv\/wnmKYPK3y6eqMNChqoEoagQHtkrKnujt+oZgRI2Edxwb9cnM1oEveM4ipiH4pYLXQX\/fpZVySTX2pg7Gjd1Q0iVy0wL\/443rFarx4L2MSlypjxK5nf4KDU2WuZfx4BGeuYvt6BEggiyQri\/nRXFxu\/Oi0tMN95+ZY3olDW2o6vCCi99uNsJAPNao9dE7xShfObb2Zt+87uuq05NaDjvUgDxkKk6JGkcXaNXPe1BXekI1\/8gHAfp25jLYzXWKNGOaGNZuhSU5K3cpBRTfQmIQaWU7Ddua5L7vwPCrjqAHmdMdUOcANWASzRrASfazYrJL\/ujmEz6619MO73\/XU2c6CVUxC5JB56fRl2wih9FKuypRpkCad7L7CHzXUPbTJn\/NCsu0id0vQaXzrtPVAtd+nS+SzQGoN4oNb3ywaX6c2kuoq0WaUDlm81qtVBxYRxmDBbpYZ4MrFswGr7VcWKpe90UgOnnwffffk0YQoA5J7VJBUU6u64Kd+msVurM+2kzZEygB\/4opHfFI+\/JCqOtV425SyIwugnLQEeOJrcwsGqOpUUQRQ8LJSbpDcuS4lebK7lsoi56tTbDBO4Y5Tx0pher3B7nDuJsCk5pViL6RZIcdWQyKzyuj3S9a6IzvBssxWSii+d2mQApS4qNSScmenEWqXgQZvoZD40vge5FB\/4VFII1SKB3+ehB8APS35DZ9vY\/v0XPzDN4s4+mpkexEiU6ApdRMcL6omDp93i5swHeA7+lldeguJEn7WkaTJcarHPNnsDy8QictBN\/l06ShAmWRuFP497xJ4ieOHk\/Rnb2q2c1HOPv1kMsA4jGkWyKGBGYIc3hX8JqUNkdt4ds3m+CgNVHQnzxYuOlOKIfvVQcbVdY9bAGX1zMh+dOHMIY09d25xgelwetQ9MUipcWtpgF3GEKyg5exxyyn8HY8YQPerdj71oxHkB2UmfgdNGs63GAhXeTBHVxl9irmXsd6jcitxJ4P8DBGpTk9SsA0eVszW8QTztfcOoBDtYCEY4A+uioN9tQwsSRG1eVhQ3GM0j+0Cx7boGhxlvXb6SzxDw8SG691+RJh1RcdpFa3aMjeOiKdtHfTVHsMDVsz5DujuyVlyC5+q950emAm5b3d8pXuFvEIDnE2DZ++qEZxDFd9JJ0AkZ7Wm\/lw+RUa0nA5\/DXlGpiRG9MltPLU8cCOjB4fqwcYJpA=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9373,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690996,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02099{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9374,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":996122,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1vI9Mt7V0gBgLMHw5AAABAQgKwtdL5BrDFru02bKKzP269g45n6SfAu5WUd+HzY7xpvelvtKDGKNNWkaaPie5regE+InitlDLkJ\/GuXwcotvRCguM2VtVvOR\/ikvtZUd4X8AuBuCHSllLQj+63THebyqDlPJtmXHwtjtorpjN6UncprtXmf6l3gFu0qWjyiijJuaunlh4pYC\/KNN5jWVKgoAVKTtX0fc++aoEmrMxxPRGsvZoLTRSgxtm\/00MqGyrv9WI\/O5lepsKSUP\/zPl8Qfn5M0sXR6xmKjK+YNcEmFMXCKpKRhJZOIna00lySRicemDbbTnjRCee31pV0LZvGS0rq\/zUxpJ+a2GzkHn3jJkA+nG5m1l0LtgofQI2OaXiKWw1j9\/P8ON\/A34ivuiI+fZJoiRhrRE3F2ZuENaH93aNMT7S6LhoUgjUE0iJSLsD5HVHwcs2khlOHwaIF4AZVtSzYuRVPRONrLrpZtCpPuHIdsjdOdNtBrMtHKMVG7BsE3++JKaN3Bwhx2o+eEhTDLWbxSrxYWqJS1Em1pumrpy4xpr5CwN0LobH\/sAoggqDH7lYQVQrF2xkAQ0vVoaMEg6TFj3ABzz2pTvKaPcS3PwEPEZ+D4gIzi8QFcjHaqVYejVi5bH0kWpcfF0oEdNTn65\/pZQ1egoxR2Lf0BceZT\/xbfTl0Mtt2cHBV0PumEAAyVSwUksZLBpQ4ElYbO6WDHTcKZz+O5k8neRZVpjOXO7dU9zVOhZ\/PkPCpAU741cLxEH7oxjyGWCOzt3TOjli2mO1sARVBW\/3tyE6\/ygETP2IvMCYKIaMWQmjHFYEayzrqHlJ0hthRnPr9xd2ZfIgI+p65xqkYF9OU2lxRX1yFdy6V06slFKoKmELNOjTSQUfChupjrAWH3uP+qEGBN6hb8zz61XTcp57tfgGClVIikwXLFTEZLsGtbamW5MRiobl658VvOeSTlkf251NQF\/W8yE\/GicX4U4X63BGYghbuSLoh6RNZha8t17fNT9QU5n4yt+1zaAjVcn3L+06tA5tcb\/SJAayzyIm72EWIoIxQqU1snAO5A\/nOFXUdvl6A3c6TiFlQXNNMYLp5PCRCLVEnF3oQbk2psqC8yKf92pGZ730C06hkakH33ijDPfaWyAl1nl4afISC2kMmfxk6xG+5yTn4QYNO4x3isdFSY9wskTjKD14sq0nH3xnKMT5qYKG34B4YwUXWtOAMMV+7x9wv4OF4\/z2ocbDumEPcVgbXR3yKakL4jGCNqIy4+JqFU4VZmz4CNhlaCnEZAo0QkwlNFabLk9f0PEHITSgJYTTBFMVln8jBAP2gqmZFoC+hQFkRBImL72hH5Uyc62+u3eGgRIkHwkP0gy+f0E4in06\/2cJDP4F0EZsWEa10OH\/urEtvI0ga4VxSRc2nG+rhBcVcLZAYU2E523yKuNiJyhU0xutjVJ1c3Yg\/uAicK+LvsbJSqoQ4l1cOP52\/i81rcMW0rBuxAndxf98y+SDa8hR14HQgf8rTG88JCA6PYf7diCGypQ4ISvz8tLsCV9q7UY\/ls9XGO0M4M3\/9yfOLe8c0SQukcWDFH1xaLqoHrblNeiusgNVwGf8MYnEatdiMuLi2aIbBZU3IQ4XoupqNEpl8hXWHA=="}
02097{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9375,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":996123,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1wUdMt7V0gBgLMDI3AAABAQgKwtdL5BrDFrv5h1FHMS\/qjIy3fd7QX9exjVXpg3ZcMiWu9U859tgLxOuf5BF4j3uHLV+LcoVafXS0PvcitWYuG\/sljnG3eSDVRPYoP\/GkRYxnUDgNSuEZ80xoycoti9iJuQXSxaIgfnHJkexCfjFSelI9awnZbqMjVs2fsikIyhxBBWPFjjwZgpKHGnH0y0jEIX3fXazlyQcvraXoDB4\/0Ow4ZmcstEgZIxhYy0fvRE7I1i443a9ONjr+Vckm6i44sCaYrgMI147Nm9MHAsqnITKDrCttXyxaXudQ0h0SYO5IOzVL0BG+HaETchVcfBG+FJ6tOH4RUMB2KrBsPKxufHOq87P88pd0g9K0oeQuxAxEuBAobsRPRq0733vJQlgXX48y5zru6wa0of1Y1DEJGlVCAZzn4shL5h15fwL+jPoxC3J1fymGyX+5A04E67MQvC3bPZGfBOYoco7L\/9KSXBKBihbMYnZTthObCfntBTzJvIeoINttMnHjH+cqqkZWZiJXv6T4lm9eF5Y6z1FGs7o0mZWqPMRPIWhhupMg6Ln\/zGfjyLPcZeZGCWC\/+\/9dtFKfHBLsu86EQSbYNSrfPElXYi6J+9Trcd3U\/+S6ZcxElLCUghBJ+1Gj5kAbyVRnI5olJA\/O3fiN\/ItoRC+l\/eBU8jBqHezd46aoegR8ivO8dQ\/I3sI+sqazBx4wZoK5LLT+Tg4WyDel9bB0AYT04WRjyFZovD5P3URM7oku9E4axAnRFBpw1gPidNMvCSoTIuyyt7cBvEPVWz\/Oi5UoqIrQ44NP5FapAkvZG63UADSEOyz+Co5YQ2rwHEwT4IJbIGlS+MtDJglzIdKWphggE10B3vQEABOA81GDgXm9Nh1u8GduxjRL1QbhGZ3jF4bNYIwHjYzhkwQlGRBMcVUG9PN\/9zjdSUT2ZanCbPKHZJk3ZMxVaQ58mTedo+jGMP\/5OJL90rnblaXDAS4BBlIiwzcRdkGRm1fWKRq166vVXE6DOTi9SoyKlDlTxbiBi0xqQRpuMNNnVe0zyybJhPTm3rEdpy0YtPLeFL3kVn7GnInNxkWrZ8HAy+NMqDtKqazUlRVJmTXCd\/dR2mmcRHadKOttsVyy9jCm+XJuwPEy2nUZ1vlo+KL\/8IIRFaNSmoUST66+jZMfjhocApwgHwUpHMk3rrn11bNuH4wothOSIYNW\/mnGSp8y+95bUx3JCpN7Tf1W2IcgEhwgUSXPj+i1AQFSFXz+mWGUtsk1XWvdXgj455hiIzmljL8j3O4GgqusxuNxI2a66iFy1avTfJy6LJKszpooKTCUe\/SzO\/xFz3hviGJ9MmKdam1Pa8BJ1B08oE2szmc0fqw6DSuFvagFqjQjiYTk5zZk9ZDVTp39oQxq4mTnts3U2E+R57o8F9X+zeS\/AyiiasJ3y1aW333\/tzK2VuW4ZH2Go4AOs79g1hdhaodj5rjArtHmdIZ3G9Hf\/LAmm5lQO38Aod44dvv2z4fQiYDT1K7Rft2pSgajtwZNVa4oQ6u1JG7Jof6XeRMs5PRDORBls0d0z2ocgxRIXjJ36PS0jraqDlHIVpwZuAkN9hHjuQxKXSOD6f5uk5hFUssX+Uhr97vxbc6ZqZJw8w=="}
02096{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9376,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":996124,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1xf9Mt7V0gBgLMILhAAABAQgKwtdL5BrDFrvxcFqJWPUb20ALSF6rba3vUoBHXdT7qfuiEu2NQpWO8R\/PO\/q+wXVCzhx1cOneMlgmOFJ4jxss3kZSDBOWz1+ewx9f4visYq8unYGO0UIHu095Sgkfm1UHvNXwSqSEMlZ975rW8zsf+5GboczaZ66A\/Pyga+hIYrZnlDSilUnRYGdacTnK+E1n6btDfWTK\/+3bYcBMVhYM3Lo74L866LPo7RgQke7a3JVvZPtY68xIXzfol0r8UtJLezZ5lnhd4fw3tlfie8U4kO41g8PxCwztLQ4jLNi6uLwFUhytLLULXL73uPjGr869eFr8tG5+kj7+S7OdrI1wCHw+b1+UTrtStGHCZDHcyr4dZeEDDVJL0fJSy5xhYewKcowhCgQl+ZnWvrfpYO4FCzkFEUgyIjFfnMfPk+uydtmb9WiEg3y3eAlEOI2A3pHEo2cEH6xqlknNaJ+rrumsazLozI4I1Nd0q8G8m\/WhaCWxT+TrDxUkL5P4Rivcja2pk8HCFmHMPUBunlMP4WNuyKm2wVp4z1qVfogMMvbqxobc8m3ubZcc9Itiz\/iNAeqVCvPsSm5FblXCbVJB3+HX1UQyuxm0E5pGPTQR\/95SsqsjBCq5IN1iMvT3AldBQZJQs2XrGwV+bVBl3lS5fLt+8YiDdrYUxVkA0kZLVjOmIbs9dnEX2RpH6fs8FxNXEBErOeFlqx2PVDP\/GVqJC6P52wAJQhbvUbI5UF9V1BmbAu8SBZJASxTuT9+7nLYWMJllf4mUxqqE7iW7XJzKn\/UJZHq8DlXIYTHCfNPgX7l3MVilYXoaNt0db81xbXpqzBnmCuJ8NHQ1y3S83lV3jBBKwidyKtFvCmUsISzBqkHW4mu6CUkXpDyuENOkgVQvV487o\/n5pVj0D8mh3pVQyxwbSv6IDcxCizoXpZo4l2IvW5LOip4NuvRqUxA4\/6Sx0DiwRlbA0lEpvtAiwTWa4qSpAETF1BnRqdQwn9irKEzAckPZrL\/ihpryHAlYd\/66HLRPsDZfT6TkunXqZ5K3O+5BdFjv6OpKsOVpkznwLol7xxuP\/xHzzHRWdyeJvAKXeMDHjLx+jeN9SwLIOpP0nWIvYx0NEx7XMafsiaVOhlEhRwO4MEf\/T2TZ0fDWEuRNuEcwlhbyzuRCHzjVk4Ozly6vcTbMPdHYXTCs679XZhuJYh9jEBdHm2jX8esKFZLnjGY30vGZbqBhEnx9bw8EJXyrsyZSQYFfJMrOTyQXpjuld1mskl0iWxjJWffyY8n4kov2MqL9bHZW4UeljeTkKAfpLQlMZYmScmV\/yWUzfoEmUl2\/Pi1IdYFme68yVajyOfR3Hjo4H1563oF+6oRZHva2B\/tESvpSc916ZVstm1YGLMQue8VdcxLDlnSEkhZWH6ZeMAWdUvSv1d\/N5+z\/JRa0gc2iqsux4ZY3mic2C\/qbeomoQISOq4tJ9ceLmZaCVrvpQS8we5EIjz8wBySMP48AUArjTNgjR3Ny6pwTRBn739xXpbGESUPp3cfmmslBkXutF6QYtj7J1FDHkxGWir7ETlV0PCcv+YKv\/wsx\/pDnXt7rTp8rBJmO4Nd8GM0amX0vrjbvKCJNQRs2U97IWyG6Yw=="}
@@ -992,7 +992,7 @@
00455{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9388,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":996826,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBALMFZsAAABAQgKwtdL5biVO1I="}
00455{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9390,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998160,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBALMF5GAAABAQgKwtdL5riVO1M="}
02098{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998161,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBgLMKxXAAABAQgKwtdL5hrDFrwWAwMAegIAAHYDA5knAga9JsVthANvMMOq2D2+SX2rmS0yGAGyoniOt0ThIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaEwEAAC4AMwAkAB0AILxJHt\/nUlpqnkxFEv08JNNXN3OGTCenOutCUqlYgwMpACsAAgMEFAMDAAEBFwMDHFlVo28LZFpnB3dTdWjKtLAfLwyX7tiiIKH9Kc5hPNWnWbEb9w9xDAFwVZMfovECzqOccXQWfvlUUZAt4NjvLwF0L5X1NKT2yEHGgzn8h5uXNfaaGH28icL2dMGaqDC4P4NzMcE3pjFYv\/JT73Bx4yqdgYPx55CyXTHHNEiiL2LMXamE6a2oXVogN04FSta5RfsrxGSxOlqOzV\/hgilUWWe\/ZgEGX2V1Cg3Nf+wznEihqmmjJ\/4pp4Z2wbfGgVRzFfH8aL8hPSjm+H0f8jyH2n8py\/Y0rjWzkn0BqoX\/PsZA59yikX3z+SkfaoMHyB7YEO+S3+G3rw\/xP+HisCc8aYYy6lNWejbizW6rtB+\/e9JWkR4hJhTIKLV0pR4ubKba\/OTepLSk0Qfyl7TPNg+rLgIQBnb\/8J7UT4EVi8B7y6Km1nqED8KKyhyA9Ik05ywfhj2iskfO76MdSwtaztK0PAYNZTA+K68slmKGb\/3g55sF6njuCuhY\/3Ql5w8d8hDwLpt9G7w505ZOfCNCxxmv7mySNjWu9huk2SVvdoU6MYs9OX5ZNH5NN2OTUWygWg0oKq8gg1C5lMSbmkE1r0upPfNl7oRgEAip5gh1CCmM0EtoT0y8a\/pfVAL4vmGsXOzDmFA78xy75\/5ko\/pmbKbWmw+GLKbu74ek9j37Yn5YyvsJMTcGErl9u0P5o3SwKhQZfQeuwPQvY\/xLwSQ0+L3AhQ5LnR\/Ejjczhw6ZEP6VNRl5uBafMYG092S2P8nNEVJOTTyVQWTqPkAEyAcyLror+0MVOF1bI3NM6GesiOXgXxDpV0M2F03YdMJgHe8tmW2F53jfvpsgpQcCGlQRADpIcZyQOcf9\/AH++O09WU9YH2YxqkDfLK4rNdy+dElYwRKTpb+e8nK\/8w+Ho0PbexMzBGr2QdSmrjZ33CObiZN+1l6rzcpqUHW+vA82+jajr4pWrmOkNBO1vKg8svqpNfjxUVcYTiQhKIm5pvAbNWsfe9\/+J\/BSI9vjZM0sjNLkMKPNMXJ7he8h4C4sg21Sp4d57FA+kOkyc9GnjgSfeNOOnWmIyFp0jsGiqlfqeai8RGhnB1I0QsxjSqIYpHAkNStBgugPyGsdxjx08fTaPbIHhZ0OPww5UGKnW06oBbNa+peps2gli257vU+f55L138VCmJHRgMTadyqANFR\/NNnhLN3hQToaNkNiaNbLG0qO1nTaGgbvKp27phMBC9oYdiZmlKdwAiUnwhTx4c0OZqpGtKeJxb43JG9lksBV\/64AZo9uYxIwGD2vBHqejuODmCECOxwjItFNz+mXV0oDwO7yProByaYi5VPXxAQ7prXlGrbdeRYPIZnvwEoJt90ow7FRHznUsxInIDf7zuI4tiuU6Q+g5cdjjgdY6u9J22xCcBdsoLEcx3r9m+L5CQvdK6Vbsg=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9391,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690998,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9392,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998162,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBALMIaIAAABAQgKwtdL5riVO1M="}
00454{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9393,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998182,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzu+05qhkgBAB9ZNmAAABAQgKGsMW58LXS+Y="}
02099{"flow_id":52,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9394,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998224,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmqGTQxs7vgBgLMPxkAAABAQgKwtdL5hrDFryTrDBY6gPF1EelSeGIirLvZTbSya5epi0+tPTO0vQdKrdUdTL+fMP+z+VaWmlFZ0J5c0VgzhtmHm8kKcw4iuCYzvtYG7A3eRredKrqJcRLJDY2O7+hv3\/XCrvuQSBBTggO00x1hh93T3ItTHSEJXu4QJsiawnts9mGZu3SD+8MdPG8J62Kvy\/lI9Wp39ZZieMgLD0WNUv\/30p1PhJMtRUDsGjNLFAwfmneqaPA48T34Rc4wZpGngQWfhgKE8ZahF2tiXaypuboWHMsdfLvg7LZ4OF4Y1S6Inj8bATHQQUEwDZJ1OUFvhissiPNhdfyFYTMo52n3i8sWPiTNGNFhQ08CiII4EC8Ed+qI0USRBXY5pA8YnB20LN5AXQx9sa\/k+YrJUlWUsgVbtfxQEbyAh1NsNfWUUWjYkTu5R7MRqF9dotp7f7y3MhVYXVdQ9qReNA5gbG\/r+LxkOQXWBn4OPqh1cyLh+OUUjrPn1hi5Xw2SgFexr5RFtlSsPk\/1IbPclorqKFKRVR186Z77mGCXsaHfigJ\/YaR7WcPEY41h6a7F1C15af+cRKbjHyDbOT\/nN43gBlTTh8+wbk450MmNEcoKKpxEvYE9Irbj8bfi7shacDHtspNyE4zme+SlD6G80x1GjTpTsGbqFj98DLfl5edqFfzON5zxJjbLbZEsy5XQhwiGOqrVa8RtpEm5oxSLuWhyvx1WqMWCTT6kW6bBDQClAQ\/OvWJfv0bzzKcj\/Et7nrZ2i+0akAOgW6JPcf1wzzZSvneE+nVRxjGzvkz6zkbbmJOsYezdpIXUWHHpFD8l\/4jpPMilpBD5d6IrtvmvHzM4o\/ejn9S0H1bvCMA3Iw9A6LRvtRG\/ZhV70JfWlXOR1pmrGkjxrhqBGNxEiDujEYaPn3cDHX5Kx4nFR3fEem0GzNPQj31gXEHU49MXCsPGcwtANXseZVr5FXlfzfEs7+ynRYbFnN\/AAnMYE+1964C\/dEO7Igi\/PuZZafzZeGeRlF3K9Lm6ixkoi5j6UQh2LSW5hBcu0p8eKmA0AfXznCq\/5NX1j+OBOq1BIz6GUF\/h72114Gb1tFhkoVqLaX08ZTaryWZK8+Z1AwYzqrVWXPnt4p0kiN2xMOlYb1VI6Q2J8PC5uXCakAspX0a++j8P1GqcFALlpBKHIvbtEXjE4FPIsBzGcue\/+yCsCyZv8LQw+atzG\/YURQskQYrs+ZWSW3IZzPCKnEDJI3wr5ennR\/HygGb3qzaqAYTe8iWDe9ZTui+tJN8GrliDamWsbeLGKvva6RPNb7MCbQJSfUhR2BaZXHfUfeYsW5d5nBS12y7ffBz38GcvcAVcLPt7rhqRnuCD\/QMBYTwBlX7CM9ZoJfZkD9iHKNGw87VD929I1rgm4Dnm69gupUACoiL0JofzTJxX2l9vbAg7SDNy0N7jc5hdLsA6kAJ2tVN987Nqo+v2XQxVjtBNbuQMJ\/w9gV0TQrG3IZ2KUBYmUGdmFeVAVQUFndNM5Bsh4t318Bu09yc4nTnctMbLeXyuG8Vhk\/Se4qULvm0RGACPIz\/NeZ38F+Q4E6OZ0RhIp4yewx+zbivrS9LrBuIwQUOdPHdTSZNw9Cr7muu1x9\/ow=="}
@@ -1004,7 +1004,7 @@
00455{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9400,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998804,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzu+05raMgBAB5IVPAAABAQgKGsMW58LXS+Y="}
00455{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9401,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":998826,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzu+05rtEgBAB3oCdAAABAQgKGsMW58LXS+Y="}
02106{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999060,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBgLMB6aAAABAQgKwtdL5xrDFrwWAwMAegIAAHYDA+ARVh7FcdtqvWoBiPd+K7ittrX8N3HtxZQXwGNr2UuWIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3EwEAAC4AMwAkAB0AIBFD0PEzuhSvDjWIeNdvCaOz9aATVVekU8szwANs\/ZFdACsAAgMEFAMDAAEBFwMDHFqt7bW\/d95j4IrQytuBDnlsqdPKVFRu7CvIGXn+qGcMIFmVhbwojfXuK2\/7GWwr4cG6Vc7L7Nh19IM2WhasyKBS2RsuTrCyGeVsvo35duGHxeurAXB\/w\/blJzjk\/ByNZCD7BkIXgu5VNPzjAWxDAquA8CDTTi6VOEaQQ7W\/7lCaLTEaAsW11Skz+J5\/Ygjlms1w4EYm7h1viu2R5HWUHgIEz\/nI5Q\/P8LeJ9RGq0mej2My3\/NuWhmJWP1hojDkBUiaSwhKwzKFkZdVnr+jwjJ5GHRgAjUtmt9aIpqWo31A\/TBtIwlaAtFnb01zovqBnw\/QYH3imUfG9YTVIVvh7IaYX7fZFja\/wuvf5KDwQ7EydjWXe\/gxEZaVBxurmJ6EC9+ilJI2+uu2Z2xJewzHnAhAEzlaBfuTfoJh\/+SEqVfLNqZ\/4emw7OOMatsHTTvGG3Stu\/itU99\/iACSi9aPv9HkAVrWtKZSBRdtt5UN6yPamoJOBepZM2oxbenK3KYf8qdMZXIOKfQXkr2d8C5zJqS1h4eMaoHygZHEvqPl4hnfP8DgO3Gl3h6JbmVF6rGRa9jzOw8vq\/TIui4P7g0OSQeuRjekn3yzzowUty2vJ3ByN0GDOrOcHXPOSpQcRoAE0r1SHgbk3weeh7wpdkuVG6Wf3eWqWZPxTGnC0hI+02\/1MVp+RadB+2FlgiSW24m1oBrN40NAdq06xM\/u6xuRdv8oLq1wRo3PgwVjm5i+\/18ct2y8XSLaJn5padKa2tqFodk6xUvnfaQFFRKNZd6nQRnKyUFAhMDGYYKPtDwUGPEZoKmLRzEeRCg3sYd2\/6ndLTv4xiIjRnWaVlUjzEYoL48TUkMSN+G18UqMYX4p1ANIr6CR7QDlONTGIE\/0ljSTN586+xIlwGG8hKJlLXmxFBWB+ZOeBvGil9GeqGPrsGzSTE9wr24sVtiSiW53lv4kwIccQDG8JrUFfg8ntf8j0HC\/nqyEWDTm4phHWq19Xn+oc51UT5SXsVEWmb32qHnbDmbLwsAuHmEmcYLkaiPSwIl1sIcAXyx17Xr8nrbTF00e4vLwkgZ\/vjPZiJBZJoWqHj07QjAxVUMt3cWX1sSARk9U01JwlkqoA7Xgg\/ZWmc9WZm7OkjlX5Y04l\/EuPy1g0C\/CUCPp0NwIlR6CyYmpRzZOH4GtWSBwLOKjsAsE9YnhSHhLRqBtrkvXuuGNTVkQ9n3ulFmxVKIESJTiKCBX9EVgt+yT1BrZnvzKgmo\/X4nZugFQKvR+5uQtWAC3tqFOK4i\/x8IJ5wA7yI+h94SZDHStjb6DgaQrkn7h53crGb4sGJaoom+YIY0ug\/aBdsWwY8p0my7nv8R+dR6skhVcV11YPCUPPo6QEh3oEQ2dveyqve73M3kfAkSz4zaQEYfHkTIBstR1Wnr3UCzj+lfq+Eg=="}
-00861{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9406,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cdn.ampproject.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02093{"flow_id":53,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9407,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999061,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa7qAzuyZagBgLMPtyAAABAQgKwtdL5xrDFryJs1hLl+FjCZHVOzC+ast\/GWIHK6\/JDRSzZHUqmD9Mee5UkgVvlA\/6c6zaNcs8ONWGopVAn6GEbZw6zqzTVAxJmgyq9WX7opPCGX4ps38BiduDpZ5GYFuI2+QvQf43Xt5A1DemUOY4\/mqfJFdi5BIFeMebJr9slZfgo4Ef7xQb1si24PKhB1A+x8FGdZrTmoABFutFDFmJQuIuUBguS2Cakvamsq7BOSO\/ILLUm67Gz4Zte6zd7XQd3OlPpSzB7vHszSQdvoSiVjTTS1PAzXZ\/pM1tanRABoYhfFSx9E\/J+1Qg\/mKOgX9BZ3SZHAfiq58A15TSZwKPvxIjv95ZbJdNe4h2+jc4sLwBvpE4k0LsIcTimCn\/5P\/sY2He6hLz\/CCAcMCBv0pT3fmS7\/50Ix4vCVCraOpasvGiswo8yxRiyxpfbOg1237USvartB1bk3l6EP7Mj9TSbAERREqbxOsQ4KNVsrGs8ffnegAYfPjrjFaHJ\/fmRnTb7D1cfJDJOiujCxUUCfMmWjAs5o9CitaJRT+AkBPoALQJ0HVxA30MfkYJXcoZ+GiO3sZcZ52yPAEu+TjCVykQwlmGJU7kNkrxizZf05ti3cV7y4mJpe+aJyGDcSNbrHo+nicGoP9lCb827tVZIfpazXkKFqn8hxG51NfzbrElX8PbIcsVKcncpUH3IpCnEp\/XqDzxQk80mKIuOzbZqNJEZz8rrJJKFhk+Dj1eaOKOoKYdeVdMBD0rHjzgqVwbLVPEOlXLYPsvBqPrSZUmU9ZiYJ6v6F2toAYHcr4+ETGRiBLQJCMXh2zRbnYgLHqPG+uoq\/tx5zMfQ0Un7a89KkTslUfYbuwqoSQ5EYJbu7K4kCrOSFRuq0765VJtmTSVhFms9rJEkPLQjnLA7hvKmTpHILi6QzNMu12e3kzvzYND+blp9Y5GJoKooYSseGSwOhF7pdqRhO5NZY4o18eTRzylqepBLBiZuuhfyODpwngf1udqy3JzDS+HEgypwwbzU1RbkRWd5\/QFWFjPqGXSkRDO9KDTtKOXbju3EM0SF4NFPcEc03MbJf4TFcH13NPVb6iZYcBIUgxrmyRqhZeV5XWclX2qaiEoBdY\/CJ8wqTeslzLXVuooJ5D0d2\/NWozEqaKe+hND\/K9Oc+09hB482lL3gpFB2B2qnge1ERm0CILomVcehIiFtTX9K9pwBIUaXUL8WHFxPAoTx+MzjHcVWU7iub+hX2K5GkqwTZZwzRnccjch5DMlT+Dn7Be2LqobE58Dlmm2WHDcTDFK5mecN+OCyZ1IalR\/bapULzPvwc22mzPZ8qqDCE5OfUxM4B7NGbihDkUyR5XqumYfx+fAb4LJ4lwjoJMNUuImiouYNYju82V+GbYe4dsgx7LeLq74Y42nLqGTp6uD2+aBijLrW3DBc0ODW4blmss9mY0ofTtYGaSMce2jNTdD3izI0Qgff589hfImrFqW3x0kHrb0CLRPcX4k6ibEBMVirrheUQw4NwzM2EXN9c+1snRUdnh5JmW0GVpNqHAHA+SxwjQQ20c+Sc6QzCGKhNZjzzLr4nlY1kLHH1vQckB4RuVlhArfGmM3cwFwt1pfmkheyjB8rB0QPw=="}
00455{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9408,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999074,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JlpX2u6ggBAB9e\/TAAABAQgKGsMW6MLXS+c="}
00454{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9409,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999093,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JlpX2vNYgBAB8useAAABAQgKGsMW6MLXS+c="}
@@ -1015,24 +1015,24 @@
02098{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9414,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999501,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa\/MgzuyZagBgLMLyXAAABAQgKwtdL5xrDFrwEUr9duJ\/J58A1ZnIkdxVFZZNqMzKdg9od0bihDsN4CN7J5O+YcpMcg0a\/lGvlYuCmBfiUiN\/+F1yAm4DboKvtqIihX68qxU1Nxn6VfM37tVa5QfyDVDKTSIEPXDeQLNSGM\/HYwxBATZS8tkiLFhndaHhKQZAWTYP8GdY2li3Qpm+NOC38DE7vEGKznA9SRzoSZlV6TVUEnX6fiwTBTFEVI9a3lMKnvJLb2ddzEjXDwCK\/IHT3TRk3fhsRjsEvwvBZIWzyf0+hVwtmATT2MoocaCs1lEHmXe9XRguSrW3mmf6L5U2U+mXtoC9msW4U2ykcU7nYAB1b7lSs7EhPmBd2ku7inSk5rBco\/ooGkI0HbLeU5n1hcKgkMVz\/9zW\/IjaiGXgPDisHQTb099ron\/266gd0NR5RcvgB9Wbuq3wH4VcvxFfXbGppxN\/u\/TULryNfy6q6gPesyCNXqNX1cYIWJ+hNzpoGKovvuAIF0u8McOoaPJ2onSpIsz01yg\/lZz7tH\/A2uptd6Zeje2BCwpkhg+OH5Jx06Bmke3LlS7ckYO4qO3T5Q2h2pArjerh9FqbfrAtJaIsPObWC7EgkREdAfLZ+FrpqXCBrtoYhMn1IFeIjcdDJrzSyWcX05kP1lqsaeOpa8A3NOqAcxMxUWktVNH+AYJRLpGow8G2Hb3xLPwvPiSNhy2F79XSMKG3eIsSt8W+fSdJUTZ0pUi45QFpEqmGK5M4byFyII96hEpAEfPtxSWJFcxW9RGGZ3BLQg0EqHd\/jlOAhYt\/pC1kyJZl3rZxfnNAFWZFJ03SMhrGuioXVRH8eICkCZ6zwKemltoudbsUVuatJpQVsTuF2FeABKnqLDWJoLCfGVm\/kKZ096BXmNbXhKPxOW5Jrz1aw9ynvHBW7w1\/3kamctzDGNgz688b+fy48sY2dqg9Hx2bAs5FqnafTdwKUPHtw7K2OwzaH6TKbBSxVM4B2lqKl73aWZoG+Sa3yZHJ\/x\/RL5+XN8oiE9hiC+fmlfQ0UbRsFtvPRNy40csBvDuS1xivXJmoleu\/U6YadOcgQd4l+bp1FPIE7VEQ+T8aK8sEybM338qYgfdHmSjOEUM6UlXw2S05PEwt6WArRUsgY0CWzlznQff3EzAF24LcLTOH6Czv8mUcol1dyv83xo9zVZSIOPsHRbxZOODtjTFgc7fU1TaYUqxobEwdzfjoUWpj9NDuAnTKseG0Q6y2t3X9zX0pjPKczEJZ+Z4Vfl8AK4nj0TxvhUWZv4uscilVuKVCxjat1WqDWU5Ln7Lh0ExRez2rD8l\/UE9LHXAPA2ActKnfUk2KkwUYAkxLap1zq\/39YRdPz8ootLBYAtu8g0NwFYHLGBrfY\/2pRuh619cD2k+rKbfES6PC5GEC1+lL2JKOrXcyxDq6sJ72oA441OnImGWRsO1dg9kRh83u3vc7AOUzBpuco6a8KEjhyK3JSi82ZGS3rGEbB2GwIOCZHLZCl6XY15FMdjvRo6pm9W+3he7rB8trSi0IfYKXT1m1R8yoYo4sae5twNvckF+yXEQmOMI6V5ajeIsACl2oURLLGwRu9xvChi0KQGZXFGn3UtuF4ScYBjYIepqkpm4MTtQ=="}
02105{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9415,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999502,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfbAYAzuyZagBgLMAQ5AAABAQgKwtdL5xrDFrw3PNrXBy0HVMsCoS60RhMuQ4RkZQrz+xq\/5DwNR7GIYVoOK\/HaY5gajrj5DaA8s25sJVy9NnTj4bvb1Ls52Uh0eDAN1K9lqs86WjhDgOXPP7pYpLUnwouNqDOoCzOfwB\/0CEs7Jj8rCQGD55cJ4pnQe5xOz+IN2agTeWKfBR\/irupeadB1sv7xZOf0\/of92Iq9Cbo+rbOdebe1XWXEthb0AHZ7V8NyUUXhEJOFExI7SoW41JCw8DaqfBavPn0XT3frXWSGZfF\/JxK45wHGmXPZrgbGzR3mTH2jwnhivkdkAiFaqyd6rAiJq6XlQc\/3+a1vhJM2V6MfIAqWgCaud8lOn6pSWsb4qwwei\/cUt7cnDg3QU+MyLXuSUiX9M0\/4AY17k626cNEMnI\/Nd7gMs1VxxwORtzMy\/J\/h7xHkQYR9S9KQdSZbaiMqcdAhsFOCHRdk8gOvelrfsqbLFPBBMXnkO5JDM5sKpGfJJ++8LECWJ14ERxqawzFx0y0lNrO1n3rlM4o2HnXxWyA0keGhFyjkMJwPyg\/GBT6as5OWQo3D+xgyfGkxYD6gLZ\/c6g2CU0+NgbaIgR68xlvcF+lUkoA9Xq8nII2UiJtsyU7VxIPVWIiYC6RcDiHloXp4uyiALTwj8Nwm3EfugO5DVJtCkMdz5YPC1ZUFuynUT8iyT4QEmWDcTCJN+jhdzzrZe1DEAXvPFsOEKrxt4dbwNyWBmU\/cjlpG\/KdtIMWYycGUvQCV9oduRx6odqTXNxgs6OwGwAAusJ9JwmG0g+0V28LMLvfs1GLhJUIHS23vTAhR\/DH6o\/K8+dVLQEd7sCVRWrxlQdFmD6PU80L\/ysv0w30Q3y2IR0b1TYNUoeq4fUz4azad4obf5PkDjAnzsjkWFfPHnLeRKHTJU7LZYi5LAc3kV8nw+tuG\/KrOt6Hy7kTDS1Kvb9DPH1WRJeCSripZtaYXXCvn5jcYlgRup5TU2vi\/5SzGYL\/n\/KH0GD7jjUGA77Ogfpuym\/LFrjtA+BPSiCmybtEIdd9OYsoGshuerO1XbjUR4blqQLcu2hWKBAZGibA4loV1on5baCMNfctUvvm0GHUtF\/NDoDLUo9G3YIA9gv+WVcgCNMBHxLlDlP9KoV9H4z2LI\/iiGeRcPUEWP7iYbPt2Be3zocN0Vlz1vmYZ5X57HfBo0lSE+zZEt4urV47n23hGjpO4XOG4DrwIW6mBXRzNlrjn3XmwemfkZ2RQkwty33fYAF2fEgJjgUV4DvQh\/Az53oTGYCEhlD802Q0ybWisWi5fL8P\/noJZK5DMXdn2GWk2SWGqbklNkOEYdgg7Bmq6TS4PkJWWKuH8G98WinqQm\/JvEFnXgGUrk8adIruMP8YAhXmtge9zOl6cAI0bgSEVw9GB7SjojjdkMfs1qMGCTmbHZ3TLNSZRplTjv\/8Qz289WOyLQ0CTyltKUdAktvW9TovHGBMM609ouMwTYDcW+pPRCYcKc+Ibsv13NaZpIcYClt9J+cJbbyJl2xkhIZK7NshgqAAS+43UbejoJOS1ZJabDHG8gkqo2F31cYfYviDH4PYcOv7gKEpVdU4rhPJ\/dn3z48aKwe79bpP8QrBfZ5hy2YOKHw=="}
02101{"flow_id":54,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999503,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBgLMAZRAAABAQgKwtdL6KpUDMoWAwMAegIAAHYDA5668DIbA5Y\/AUZot8WsOnuQRi\/qiEcT7RJ8eTC1Q3hhINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGEwEAAC4AMwAkAB0AIL2rmpEEDxzBt8jFRwCMdA3dZV5GyhZbqZ5h4qBAXUkNACsAAgMEFAMDAAEBFwMDCtpjQeywr1IV3ve29xbCJJNmPfK+wBA\/33qiyg5mv1O+JmMFRKiBuMPCTTjj4ETXZQr586bxN6XKODlfu1IVsBBoT7ei+AhfrGrjN7BA+Gu7ueMWgmhigeh2eRI6fOOEvK4b\/WL8ShoaQK1aGmUX2sEZI7ikpjamAwJ6jp4tocdAx3kRfhKcxPNuuohrFpVjvMgf9ikIx8PJ\/X+5fWfn\/CXQ42YcMLYR6xz7wY4lOxkCcMf47CekZbfv1r63J2PevAoGdej\/NLtDdSKq008ijQGGeka\/zZmrvlrVQnFyZmOm+IAHnOGp6qTy0LPO4e3A9owvdfsSWw8P34mJ23eHz9gslJ4PEUI12X6QQrZnTSABzNth5XtJeNTzZO0jk0cliMh7TTXXeY+ekRbEyXk4e+UcJk53\/eWxnatGrvAJ3UZzwWQVDs9xfgTxzjJe8KMjrugrlJXBALKO0ZtyKmOAVGdJwufR\/jmomeO6ZXawsuSviO0hoIfqpOx+bR+RIlrnihvP7T5O8ss0ToGA\/5dj2TpoJidLKgB7vdcOOSxZ9ZOyATCQgstyuFJU8+QPPOlvWC0NUUztDoEi8\/Ck5EEWeJuHWvjKz9y\/m4TYt5icaiMPrnhpSt1LFkbBwhxNgDQ\/FiwJTttT+ginbCjaK4vQyU5O4nH5tG\/n\/hj+LitpvXsYDj5lBC3K1UbT4YvxZ6LXkszSgFun4X5oCTIb4Wuib2z+507fDZdfMWFA0LklqMYZdmexBFP\/sQQdf1NrJdYOcx95hN6bLLHxWAYdvg4vYDHntySlwxRjxjzNukIr8FLdDznfQ+jFP3jpKW2cAP0SV1y08rmTeqY6GsqQkyxmcg7+X+fSN5rKvoxYhShy9P\/IlqSl07\/2Kb7K2BHzd+iumP+J6MwJ015uIMCVzPwdF6S2gXS0+mfOYTBOGe+RSA38djzMGpMx\/AeRfu9HZobri4kfohcPk5oUn75w5ejA+d7UtFuzk\/aDNyJN+WVA7ay54dVMhCiBwTLSypCAKrc7qfzv5OY1\/GNZFBpLra5Di0epmQgtz+dl\/DW1z4UzJzitxc\/hI+1gGCujUF0Yz7x2UPD7pWyBNXViSBM18MfarYFOrd16e+R5M8\/TX4rLGE0bANBQDDKGArr6x281MErvjhzSyCQ78knE97QSCqx\/DBorEADiqC2BEppTNkVT6K8E2BT13h8Ny8EK54sV4jKQjlpSVdH7C46UsYAv40IIoxyLk5cJu9lPXojIq+J3B161u6waJKdrbVgkI6RFnkrCmrG7kJQ4EPBaalqRTWXa3NNaUcJsTMBKpKCnvu3bnHpNdBTRytR4yko36+6gdZbs4dUksYcXCfm6D\/wRbHD7KtHr\/JInwbiFXlCMZFKGHdc0YTWDoqvIfeRsnmgXsuA25R7ceV6vfwJUPdff9Rqfpw=="}
-00884{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9417,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291690999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"fonts.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00454{"flow_id":54,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9421,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999552,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKzAwBx98SgBAB9RuJAAABAQgKqlQM9sLXS+g="}
02099{"flow_id":54,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9422,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999578,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH3xJkCswMgBgLMJ1pAAABAQgKwtdL6KpUDMpAFeHdssfdxb9MImKe6uM\/Z+81ffR4UINiyhAWzkqEms3ugRpI3WNYxD5oYKG942wqE8ZJGV9wEzMg0U64IbWDFKQ0e8y2HEzZCQCoTxGu4e73m0Rr82hKHso8GUbSc3CtYxuvwju1GftthiyLgg8E\/TDqPIqTYBJN1vuEvaXc2Czw0qomxPi0uV8f5h1w\/ZGSXNg9\/4raYZIrh0iVdyJExYS76rzKgs8pbQz\/cLa5qJszkgx+VyVN2f04pNxG8CqJME5\/Af1cGgJi8SzQOKbh+MbgRm9rhWEsJeq4rKL9Z0BDGEXdQ7gyDXBym1wRBBEJvZ8MXyD6Up2Obsa5awKiYqv8wnIWBH3rgx22kFj5FFeS3n4\/1JsDxKRMQUwxa9bXQ7cONCf5LnlKRCBvzsB9AuQ8HgIXLCucWcDrmct+vlrW0uCHgvlkSSpA6raRQ0WQVPhDeZfPulpWaRBfAyI\/VI6zcWuLNcBLsfT8PPuMiWJ7rriYGcU0o88+CWlheas9oIvTP+j6uQWRfhJymFFKyPk7H0Mu6zFJvRoVyiAkYPRPQRvV3Ik5MJpI25UNNXAPbgV8lKeb1D5mBv3IEMEsVYh\/xYs3NzHcMflyD1LH88V8kcYRQrBNjE7vvP8KBxzBaIUwL3WPCp9tvrDlifh7AhzKGRKxBUNrCTlxLsMrtjzeZV06DX5JapdB0Z\/RQVF2hCXi08JtHrP7V1iR1KQfIf4zfU27TuYiBTx2g8d3bB77qQ9KAN0YKAtGeOVDnlormxj+B958gF87DV0dUWm0Ii7VHKL\/Q6Y2r6fdK30CA+KkztsSyJ248A3O05kZhEiMIoQyG4s3wlWHhE+E4UQQsOim2kAvMBAtLCAnTXTT\/STsFumohVCxeaYTwdfpBK4FB3azRdPaG7FWnE4UCzHC9o8PGmAE30jbUXWbYi+j9r6lk2NDenpkiQDg4bBgKnAcSHVWFksUmXIwmJYazR4hvq1cLp7lzwi\/P3Tllc+2BRjD6D5AF0d+Zg82OBCWXyGUWrE25DMlhy493mf22th+jmPHPPlZ7xi09dLYgp6ztJuhx+oqiRu2sFisIrJdWRPT3bDNqJBXX+36nbYGKbHdLQ1ZXQL9iXc+jLsEYnCJj00CBbC+UDVK8HwAOwSiBk77rTRyc5os3\/e58lRGoVa9QKX1ohnD99KP8pvYIlUUy68gyFow2s144n1HSQHOc5UoV5r9EnsvZK7YfY+wS+qEuvcHl2zDdB77eotQ6wanED67SQEJi6UtIXthEXxGdICrIyU72KWN3yE5E9a\/Y1sBXgpcR\/2xNCau2eGEsn+OMXJYKc3vRHrD53fBL7k5Wan8JVh8kf\/JbWbyGqV4s5wcU\/2zdtWSLzD+q5gzfMSycVzDosKt067Qkm4w4rSOCA6d43Uu\/fMudT\/dt3rU28FrbrfUU8U1OHXKWduD3P2yKE2JGIYaLh+k2K8LzsmQburh+gsgc5hgxa1mMXvTlkikd7vmbOMhQL\/c+YUX\/74SwOZ7Y90VYgaiLY\/cp\/ntCq2y1elj8j0e1szVVch60guzsiaQWXFIKk\/wudatWN0aFfKk0AgYSFmG+2VB37\/WZiOxfZBPN7krbQ=="}
00454{"flow_id":54,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9423,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291690,"pkt_ts_usec":999585,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKzAwBx+PKgBAB7BbaAAABAQgKqlQM9sLXS+g="}
01139{"flow_id":54,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9424,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":166,"pkt_caplen":586,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":586,"pkt_l4_len":532,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAhQGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH48pkCswMgBgLMEOQAAABAQgKwtdL6KpUDMoq2n26049nT9BVJeyVBPh1jwWY07QErD1k2HjxT+JAavNdgexUzc\/8ZIaho9+9+vBjzLCk4OaXDc+grOA1EkXRSYzZnzlmC301NAf+NKB6GijDKI\/rHTY4Pg+Oicbwi3JTZM\/agbREGXXPLdLM1+nBxeeuqEOa84gwWL1btBUaojsmHwvkduNqR3jH0NeL0Pa1HV4YIJexl2BTQsCUdIt4IvZVYo\/xuzTKxQwwuSoN8SfXSwbZUpJezg6jAyFYULtQFsDfWnRM7wKuwjkYL48COFSCdrmKpJKVedutC3hWlonBsUx7ScYN+avQlkG7+Iz0iwPGjxKmoldc3rPlPeOPeA2piKPn+aWO+mGGLviIHAJnsYtGbAo4zzYmb0iCA5EQH2boqNfu\/gLHtxZugepkwiC\/K\/TdaUfxrAKdNCn89jMqq69ZFPnqK6Xo2qHjryaW2k3H1NMee9UtWbb6ascN+cDLRp5c\/at\/N4+i919IgJVpysAkAIYGbZhT0xGE132lA5LlrzhNH\/HQTFxxppLalEZ7\/RHe\/6VA5GfkJv7NucDZ\/XPFK5oIdVUHhet1+cxSUDdsP2YDqrvWl24lIG5J4sji7iC6Je5DBTFipx6hNBWogpB5pQZrI6kWoz6I0s0ryHq8bJle\/4sU9cFINc7\/a8TTOA=="}
00452{"flow_id":54,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9425,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":180,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKzAwBx+W+gBAB6RToAAABAQgKqlQM98LXS+g="}
02097{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2443,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8sr4sDhgBgLMMljAAABAQgKwtdL6riVO1IWAwMAegIAAHYDAxZyfG5rVMemZ5O375248QNVemF9wkhPYNealPRQE8++IOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJEwEAAC4AMwAkAB0AIP0uRykvioCfoBc\/d6u\/rUyWi0wLphXLbH3KJL9R1394ACsAAgMEFAMDAAEBFwMDCdXX+yEL6TVpWj9kaDVKbWV\/4gsX0uqDcrxfiR9d4dfY\/Vw3U3YXcmhxugL7yEsLQo\/TDOf2t89TCMI2D0cy+nO6zAtLvuRlRHPEA9dNo31p9VwL\/wY3Ux+LiVnAwl9+lGQATl7wQAE3YKFnRufM9mEe5ZYiaqxQGIXqWUhPo\/jcYQfVfEh9H2ztlSOid8DaX2oph92JQarTJOxYmfoTyQdwQUlYCRom1JiG+fFUx1t2wXKVPXOtOPW3M01HdIogP6CWP0W0t9QUVOacuDyhnJkdKXqS9jCWRb6r5++JqNLsbBiaD2VcNmmFTT2fR0tBmN4QtfAkq4dDD09gTEEN3URSPNJNr7XcObf8PCWCfmZ5npwgdVMyPpn7D16floyW62A8owuETzRK4PgCwyJ2ILR1Ts94ot\/05xNvBcSH9U7SCpJBr4aGDDOLxDg3oEmUp7jGJ6I00sQBHBg18RnqDJGDuQix\/wxZDcW8qcQnQdAxPIb2LB3IPWWit3fuV1qLcVFKRsmjdE7iYSTOtt11cpJFtF7Ddh+pKP5DohQJHHxxchwKk76XNzArrh6IgHMkOrC84GeTt2Gceod+Kp\/BDU\/9HQ1gq\/0DILl9xNtFfMr2cX7GLpdaCz6OTXp0w6GB\/r61imYNjjTABaphjH0fvWUu9zs5RMfMr1Ol68BNguDiEN2IUOQzNH4WCuIDaytgcadZREzToeWHt0tZXd8WJAYCup4ltp2PnqfeZoRZpCk3bYe05+bnnjHX8qTGBc63fA\/\/8a24Eg9oVeQ\/\/gRqhpvg84tN4naPsNdraDPoM0HIfHSkPVDIPm7jDeZZ7Fqm3Ixu0yhtLSARkzPwWlrVwIDXZmCoaPuzNjs99Ts19TN0Ag6qdatYy7g7RHiAhUn3oTfYZxnZQN63fwOtmhpIKIe0O4dkHYs8m5If68v9\/+YYntCWdB6LhwesUFklaie0uLiHO4sQOA6cQ\/mhtdViusvoSL56YXooJNr1k\/uHEFPBsF95xE\/\/jRWPTReXkFb7xvTDowvVUn4mr5my4yo2fYqXCQzAuKhR9LMuJcTPVZqDdr1gdRDmHOHT82h399FDJe+2I+zEXBbTro65L4xL9fTo2Oe6pxhOPHn9SrwFFCjtHi\/YluIW+m4V+OEfH6Ml648EgVP91YdNbPn2yi+Wb1H+MPgEcePPri8Jpda\/TlkLqqGs1OvSd4RuKeW39RQH2uZHTqpQNOJghjO74wpgRorWKPmq\/gkv03JOsh1sSVa3s771hh3mpRnw811Ma0BT+TICaLSIVWMJJk5NnFaZvR+A4qxhMufmDSG1RKPronkUrWkxiKkssokBWWb5dh7oCYdbFExUp+zbJaYyIETnu46xRj5B6m5vY1+NVIwBjiRcgDhmx89r3qzt0+7yPDe0fOHjBG6UuXypgFvrsPpHwg=="}
-00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9427,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02102{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9428,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2444,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/EIMr4sDhgBgLMF70AAABAQgKwtdL6riVO1IBlL6e4\/r3ZYeOU9N08+h\/sKC1U+d\/qCBLoaUdNp0u\/NOsfTek\/G8KeC4nrneaCWG7Q+TFZfVqN04zb8l\/M3ZKNozqpAHlzXWRPgonwtDPri0e02JeJFHwmpsY4j9iwAqnva0dNk5rB0SgjvW+ofPfrNhjPUWYXvSvYF0VuuKgmDqhJAxrw\/lpLrYznULWxMmppcYhOAo2J1CNFpSgWJQH8K5CuMfu9eGlNVa1e+vJ9EdWAd84qFzIl9DeW\/6m\/qcrrkshhqMdCRTlpvf75gP7a0C2p6OPVkkUwK8d\/noNiNuJiedR7jxQum4FYZXPHOFot9nmMWxETsh\/kf4rUPO3j0DaFhpvxYY7xZynMe+1LB0jCAJ4Z2\/aMj+uOmWbtFwp1f8OGXEB0EcopvX90g0Ky1qtRHJlfS85F+ooWNnw5VlMwrYRzCXPZdQPlTR3Gy\/GcMQpwOfaeEm+RdlTNC2V9LRmbzYwEjdKOFRE8V9mPW4aEqxTDuv1m5x77tNCB9w3wnJzeSQzHGUEdaoDS7zcDS4DClvsmUy5LLlI7LIuudIVT2VpZL7EhqpAR4uPd7M8L6snHmJqe3Dg4vSA\/RuLKNPAGH6+BKXrPCBVMir8dSP6b5O1Qx2vH64R6JgiL1yxqM0kpbFbyeFj22cXZz1kImFRTuq\/Uz3ylEsBgjwxRNGkLiUe\/iDPVa1c2XEVjHq0Rq8Yyud0AYWQUnwYFRb\/dzHCtDuq5UDo\/kfXaMegnZlrkkKOOOGjv3UeYS\/zjRusRtn5UYjEuUmT9yaSfundVTeApeBaVHEgKpbkuQOsXlh5rQdX3oGz6qRLZQeNZgsZsU1qDt963N3+9BFYn3DZzhYbK6UZvb4pppFhQ4fNEZuSHxKMLN1UXf47H7TrD8Z65eDMdnNbam9oHab8VfoYmKHW1opuZlky1q0mpX8hhvX69ZrV4lWt+KOsH6riib0DQ37x4By6UlBU4L1SqXkJSA7qfySxA96rA1RzvISLPS1QJIrPfoHeGeuSmsT903kE1QujTWH2GrQRuOYiLnKDo+ffnKzml8tI6y4dLXXGrku4oQGzjS3wX6Bks94Xibp4zshFgtMAqY+fcD+EJLisWm21kZPpjHR\/b3IvzqQa7wVGdlfDHSnGEAK27OgxOrJT6AyEZSoLm+klPssuEHecNs3fv+NDvxpCzt3r8R04JcTL3jVf\/u\/McZ3SeC0TcYVryUN0mzJD1SvKjvog9naNazhATES7DloWfq+oFofDYKnAD8BrynfUOPzsdv1W1K9iTXl8QatR84NFaTQtZWCVWkl8jgikpL5HCNgN1dvqkf\/g2lCmcXFCzTeoBciDsdwK5DJBBMMBemZ2u1g2h2X7Ep2Er8nOuupJ0u1FSn5Ibs1En+KhRBOlEsCo9U2YQncUijyQY9eF7wo2diV4iwkZ54gb23t2j\/UQF\/mrFnlVFLjE8LH1hdj8qAI7n13cxLvar6+ObDD+KlEQ5OYyFeZB7X9HvotWRa4lmV4SEJvCKvw8hrqCmQ2yixEnnGctCbrRqSgZ\/dgXsXtnej0nD+x\/Dx86\/M1ZEcnEtgz\/HhUgrVAd+ToV\/YyqpvLqsXJpKf59CkMKxY4MFg=="}
00781{"flow_id":55,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9429,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2445,"pkt_caplen":325,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":325,"pkt_l4_len":271,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAQ8GPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/FTsr4sDhgBgLMF2vAAABAQgKwtdL6riVO1KFCUBjSZHSTS7FYDB69m5ne2IcPwkugv9ufCPNKlhnkKiGdCY0\/TjFV1mwZRTbi4FN5your0dzLXXaobS6QQiMKB6ZssDxSPbQUpqNTwD1ghfndMUOxdvzSRWHuJbgIOOOkBTfOwzw9zuAsyGt7orYshsE9funI9KJ8SpHbhaHaXeu6wo0hnlzXEqZLrZfSDaYlwaqEY2GU4FY0aAzE+zp5T4VrDN96JJZyvwW\/g1Dyz1iICtiDTHEnmffmKalxvdpWwFpA\/CcKy33yW99Eoq4k\/QpOU1dWZ88FCRMl82WbQ2bjAxERDK6oX32whVlDQ=="}
00452{"flow_id":55,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9430,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2460,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyviwOFMvxCDgBAB9apjAAABAQgKuJU7gMLXS+o="}
00453{"flow_id":55,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9431,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2480,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyviwOFMvxU7gBAB8qWuAAABAQgKuJU7gMLXS+o="}
00453{"flow_id":55,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9432,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":2490,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyviwOFMvxYqgBAB8aTAAAABAQgKuJU7gMLXS+o="}
02096{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3085,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBgLMJFhAAABAQgKwtdL7LiVO1IWAwMAegIAAHYDA4\/I9ZyggDUPQruB7TmYxu86jMY+5exao1z\/0tuuFazRIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThEwEAAC4AMwAkAB0AIO3llPl0N39J8s6uxbIQfiJNFA\/nZ6+iG3RCsOZBdVQkACsAAgMEFAMDAAEBFwMDCdaQh466zaLCPVF6JnNgRjmX4s7NH1xOUZkB09iKYpSw0PsOwBMhNaGw6y\/a++GuH38++vlB0EV4xM9AjjW\/YTz7T\/qvH6hl7rYXaANIQWlNWjr3U6zY97W4xfAFwnvkgbCoWvdhJcmtLMjIbQ4770hNmnq6Jolg1g85eRgSFsRROTOhql4kK8vbPIlne6d1lH3zlmERosSHIktblKTn7w7eg\/kcGQxQEt44otxJx\/Fp0wWAHR1dndV1gxPJcBfSZSK+vqxIHmg9BYfoMlnUEWZkS6L2Gkv3q74w1OaDSRtzhQED+rOAo+6GYE+5n8uC9nav8Xx9NMhUIJ+zGIGIHda3Lziadb5lG1EW4Xmu5oiNY1VyYahkLxlcmEvKI9PcbWJRviw4A2+c6QRrq6kNMxxHDsd2\/YhEIO9yML4IK7DT+LyU7GHaA8CKA5WBn8OrlFbbxViWU\/TXZj9p8r\/BW+qBl5mPBHuAwXHW3ICa2uNILAx0KYZiFJksA0xSJij3FW94+tJR+1n+iruHKziE4ESLimZYntXkzt2P4bC2ZibvAxwObURcwyCDRhBGtN2gLKh+Hdby6C40KfQsEuCMCpIRNYRwbYijIYbEbD6rwr5D1lXIsF8DBEElI4\/\/f7HCNqiZrDjjQpHyAYBx3+MNXsjt9uUEiuZ9ugSM5kV\/BhVaaLaLn2TnRJR8SrxzOBMNeiZgt+2X0Vf5Sa3AndVROGSGZnmW1ggizXWEtMzwIPgkgmN\/X3FTwRIrYTPT6T4MKOq7kZRwMGWzlJh73z16IAPr68fUOTMSJ7D5thYIbK7bm64a+u85xpY7YGqsiQRSR+0KxqPow8Geoiu2DQzHo+66sjspBH79+HfBAz+eAsOcZDuJIUAdZwCq43M4lG3O0HUA43D6K4t8i3cZDBg3aOZmfos6b3Egnx6m7WXATXh+zq\/WNoQ9pt+5AmoQCo2Jdg3ZKVZEMXGI8NPlZGv\/Q9QehV4gJccwBMLkZ\/OsZlXYjLd2kobnfgW7k\/9jzUdivW31GMIa7M0kOQjPzVBXq7zvlcL0VmPOm9+9BptoHoccOLZHShUfw2nTCZonaHnGbw9aaiOJ9lCAFsJvBOXrYnf3IAlzeIW55b0f5lwI9S1iOhQkT\/LsLjblwIlZr9O4cIbS5dJM6Onuyq5CLbk\/JMcTZxJpA0cZuhK3anPd6P4Tj+1\/aNK6htGST91CdDie2IAZ1KtvbHn4IzsXfUTC3N8d+gjjyrDqPpXsLcoThRyfuMA71qNemQZyql1y5niLiLIu3Jw\/Ik8KgqezJvM0UJI4pYNxFPsXEeYwD7w3FrjNdeJ2RIyUOd\/RiMyL9AV37THE6j3PjxWq0cWEcEhsSkqvq3tAGAfznFYXE3Fcelf4tmCRuFP9tPgdo4zzPCggvCqN\/waLFzJIsSrKxjTduQ=="}
-00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9434,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02086{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9435,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3086,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfVvtjbNmkgBgLMHb5AAABAQgKwtdL7LiVO1K4OIwPpoULkgqNX2ZISP6NqcXKYiebCh9Wx0IUMWFutSzm7XcJ8x9pW9cISKPUY+6sEKJxOnN8meQCL8z78UcVeVQAFOkcysNDRFjMtHw7RrJULpuobSlMPoefxatrOeq0kGYicskxUGAitiVaLIXOrUTPfKPZ6C15cW9UzqXYLEJzxzx06NqOvhLxnf2haihXb2WVxc+KzIS2BdShwS\/6oT8kORwULX4FdHERvfM1395My4xYWSm9YyXLWtToc+CLsC7Hxv9dKVs+uOerzlw0VjcAZ2f9WENn\/Rv7OvN8MOMvPdGjib3d0FMKFdTtTmhna+A1UW1TqvF1rlbocaFNrpV9dvGP2HurirOwiQY\/7H7qTXg16K7Tu4ff2MKZz9BF676uN9M4Axe2ofFLPEsmtpQ7sng1sbIk28bhbJXvKx3VfRYHJK4zBqcIRKYYeP3LKV2e455FNV9opcy57oxiuVR1sVOqaKn7F9qDGKJUB4uKCV4w0iRcmtZ4h5aSBJCf81asUoTvBy5EGdPtHNpxHD+qQxFH5VrMPflGZcyWVLuductTejfUsEcbQXcmv7roDfb50X2ij6dpRuZf2\/SmaKGa\/E\/m5rBCehuAQmnxkFq6L3KDMsqOSKfOGZeVSY6LR3aixjGw3c+yYgOL+phG970SVBuCdEZtZTYxkzIuWR90IJHGArzWAuDrR\/N6McuxsDkfpup\/n8qKMSQRUrlfgTDWqvTmGPgBD+pJdZ2kyxbXtyvEccfZeL6kVzNcCpyUVj3poKIHozQihoM6EQQEoFaDuL81CkHBlTZJNQJLF8ghZCNazs8tCC8J\/PsKPUoB7U8nruxcwSoob+zeBGtd6Tw8\/mwb5nWJ5HKI+c5ppakIsqTvjCH8Wh\/qbeY4rTzBiM6NCdvMYkeYHRjwAQwfeVlFLj0So1NHpDyXe2PL9d4\/o0v6dN+7z8YwyaWLm4jahBX8qhQzZFs0vBdGRT4qccWKceod5Ls6kHOUMcIaz3YRcxgvFlYo2wBp1f7C9ao8EE9zR5goSia1cd3YBUxGf5QexEXziFYrRkkcb26KRyO22hbs+How+5sPJSTHEF7HVE5ju\/hk4p6VuM6+KcIoizlbgpvRiBnJcLa1+\/zbrSz\/MxDp+YjB8aqnbbqr97u8F3RkcjsSCBjOhtPTZ+4EoSrciHSB0KTk28TbWS+QizHQtSNUmATJ5LP6yVqtFfw52A7hNNbb8Gvm20GXzeRmCKjhP5BGZrfMSzje8aun5zCQqDJzHKZK93Ikb8Jg2XSjAS+v2mzwEkANDmXmnvju5ScimtVS35lk6JBwYFgtOxNIb4h9bqlTmZ4Tq1UeSES64qWIk7RV2OaAfzNVoAuTzbJ79Q1DVDUGI0fQE7McqJS92xnnNbrsAdfwtxSVIL9e9AivP5HFTzuhTgbwiHAKrKsfgD+CwMwUY7MpHo0chQNcpV2Z2ZIVxG85izeWaPIQzNcxXvwK2ekNQApd7xzFqKBya3dnWfSJ2InKKfsOxkb+8lRzueGfJ0oeooipJUunosNdEqkdlTHTKyrxhG2XQcP2MJN+7OhmzBZCTDIdKZz1asWoRXgCn+SQx2DPKOHaNBx5sgWHOg=="}
02102{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3087,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBgLMI3FAAABAQgKwtdL7LiVO1MWAwMAegIAAHYDA8Zmp1hvq6rKOKD6KScByZyqpDH+uBSJxa4pv8JLy4ROIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XEwEAAC4AMwAkAB0AII00Ya4Cc34Pg\/4W+n\/Hjs6oJ2XuzZXAQVatlBsUdSgsACsAAgMEFAMDAAEBFwMDCdVrx1sWYWEVD2\/ulNL4cWAa0ogk8R7Hvmv86VBYv60pckyl52tCov2mcSEJ4dR3HS48f+b+8ec8sG0nMA832Rr00THuSN4PTAj4+\/BsaTxsCqdMXIySIB3zJLS5HqjkA\/Ed3vHKTrq05yvNa6fnC+97alS2sqm+nfT4BJGt7yFdc5iEedIcSJ\/As67kTfqlvBwAFnwpIWf\/YPyoop1UWrZvjLLTPTuev3hujSYzYZWyFv1aj\/hkb7gSWftPfBntohWHWF\/ua\/d24lXPG4nZ2b4Wv8woI5hwco6gpMLofPs9A0afX+2qgPX1DaaRRDwA2QgH8R6hM0YEBNRYYlcX4UYl76nLY2A7WQhYbC7qG\/OvYsd9g4+yv29rfcVMNmpM7W+XWDFzdoJwpPp7CoU928nTRrJMmrktJAzLCwlHqnY\/EjfBi7g1FWMqYOQ1HiVzhgNRzTPCh+YnuguRJ7vaXQ7o6gb45EbLfQ1mX5qzTAc6RmJLfMWpeMfcT6pEKkFNQR3EtmuTrpYSRYBSxFCfeRu8a7guyZSoWFrfQzRVmfVTefqWGVFeFgfsxnOjs\/wKKm6zBMkaPfrcOo9EiK+bP+yzv4fwNeL\/CuiTBzBP5jrW0nTpjvNWPhGR\/wDbjwBZN\/EHIr67WFHiUGx9oQpIPFveuGXvSRZjGXP\/wiaCTtzZCP64YoCX4yhkrMp2nsTorDx7ZnAL12rBcVqP51dG5pWcl1+WOLlPpbmYz6w6M+erMtvujm+lMi6U43BVB+q7FmVlUMO9fF7vn5CdWs0\/wARW121DFY+qmHRhhqv2Y1OM0CHo0jFmyN+pKMmkofdP1U2UxcK1L41wLW1+hPE73tcuLGqUEXR4A1y9jzf7scoX97PI0DTfomZDbOpPP3stYwSnY3xm5bIE9XU4N1Eb\/xl6\/gbPxwJWBvFg+rcmrzwyJAmx6vVMsbJG1e4yxK904Wgorq4Y+8nbMM1Ux\/bzb+LaKDPwNowBYpMKJobrH+THpL7UvVUf8qd6t4AUBWZ+aHfohgs\/lnIY5eE5Uz0oDTOMKlmDYfNAxIavEEohywt\/K7\/f8Hg6D8sdyGtum43oY07LSjW\/BpfIwTvuVAlb0nfmAOS3oURo5NOl4zD9YjkGB9h7p8Or5ScL78egTHOJfdRatVY+6al5pbTmJYmy4Foaf3Ibma7zKRShH1eU9HR4PiI0V56FtT7LF+wlgd+R3Ccej3kZz5gHVB2vnOpqZrZV9ERUrra\/UQMJ\/3TlDzeoR1qZB41UeE7JTCvFfMoLZHRtUPXWqtRrs6fKBvFs+pItBz9pHaEelk1wNBZhly8vT249UL4W7gBs+kspyOITxbL+4nHZcx7fkTZZKcHMCIOBrEg7nyQxMutFk0CT1wtUEHgUfBHLs6\/zZKK\/ZHKkgSlDr\/nwPkCyDjQbXZnnjg=="}
-00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9436,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00782{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9437,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3087,"pkt_caplen":326,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":326,"pkt_l4_len":272,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAARAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfW7NjbNmkgBgLMNynAAABAQgKwtdL7LiVO1JU1jc6XrD2wXmbYDR2pMF84bOcpSbK9hhJqfIkBXNuFr3F04boTslSEt8bzc1owuQGIkaX41lcijADD4RKEYOmBIJUA5VXzaRzaQgYVANMhu1T6ORX1FfISMaRJexWjHTaeJeyt8n94xUPEtkpRl9p4XhRDteYG\/L5Sva5Z\/iYVt9Ty6\/77VR9wVqBBca\/M3RePv+XQQUkKG1mlSqbqfLfK0+TsArGgMP2U0SLkSoaMaEsGibISRlcDreZVcFDjcbQYD83Dt9ILPFvEHtHoaQa5UY7DjHaFxkC2zpaAlCbLd0mV\/\/B7pbmmOrKDn6hncY="}
02101{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9438,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3088,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0OxucYaA0rgBgLMEEfAAABAQgKwtdL7LiVO1NtY1D1X0w3EwV9DeHtEyRAjnnpeRYR6VnpPpy6bGhffKet0UB5XuPpCh4E5CYs5MyMe80qjRMiLwPcRLL72HQYLvPi4g0yMPQ173Zi0eOpGySu0quu7Pdl\/\/l7BhxedkxJHgfILlOSQY+EaFznI\/m14o9CXv\/ZYRml9ylzZ81TzKyo3Bpl7ii4EqzzVR2wgK7pcgt+ARNgRh87Xf6r5wNDTsFzBrCmCeWiDHJYN1pquNNhdYpUrjDslIiTqOvQYteJtdHNBn0hNlmP3JNdfCBbWrzuYtfnKPvhq1RuL6ZLNHolWHlUE0zcB3zNpiwaj7id82OOGXzXwnKduZkV30cK+atVN+CQ1niy1sdHx2\/0nbX5lw1umByZtr36p0pLvogAi54JjSL2qD9zDb3Yj5End5+sgIit3SF2iYJv7xAZMmNv4CwUZbF2WS9FDlsKf3M89Gm9RonfvNzp52E2KWCV\/X6JqSmC1n9SPWMRTbTGg7eQLam+w2Xjh1eBrg\/7d9JhAS8PBEYupiAbzKSPe1VFo2liYbHoaeZ54ZdjZBqUcB+SVfYSaj6pNowRGjHyB6B2IQQ3NVqLrGvN14riSiNAEIoPcRqTRo1o39aB\/QvSIl2vvokXv2CZMQD\/bokMEs5GH0c0nJ51NdZtFjWG8HBBIovK3\/OgzBiV\/YQ0GLG5DdQ8AuesCxA70uymJVQRw6k4ylf3MzulJ5BO1GzJpOflQb\/McDYY4WLPJ2bDsB1iFhhXDNKKSLsmIfnghfGJXUwVN7OcVDN9FnA\/\/Mu\/jw7stjfc1OSpnelm2M6G0c99UKQ9AtLsnpKCsr2JtyZNy1550OEBdKrPj8OZANXxXgF7XpYzBLTwZ\/SsvpJcrL5UeOxB2RbQcFmqJ4\/3i2lxcof857FL8duig6S4TY1CeKfCNGLLoQ4YlIqdfgqtButvPbOSdfWXHHAWeWAnluRULXoegWdlQ95x3HWbVOzJ7hK6S8oESDTFcSCMA0K4PfShD4+w3qFjRZ03YgzastoQXJpQYK221eFfVlWVQkKnbF9V8tpPRl0PDjyE382C4yu4sng0qn4xa2j4UvHGLcRtNeqH81wd6dLwhhRuxrSuvodrMYJ7ZTJC+BrM8LEZeM03139mtDpdyfXc3iu3gjrwipZFj\/JktAmTkjNJomWIm\/ASRolt7P4M9P3AUBQ9LqpF71\/TY0Tc86SJCsPcUUH8dg2cLfaRAWfUs4\/jFcITpI6s7a8aoBKPwk8bRd5TGaXry7\/AH1mYfslXdzTTj3oRKiUyLcxn68GVEEayDoubyEocL7tHA5Rc1xjUK1lnlyRW\/Icopujzx3anx9xJk51nW2KS+KSr\/ljcY2zdLSQg6rvYz20\/++0Yz\/nm3mftcLdPzePgbmHGba6kv6J6ItS\/x2vLJG6TY\/lvathFJKzMPCHoRfvtLefBS0S8L1nd5JS4+11i3xSi\/H1AUEttfdboZ3pdmJ1ah4GljYtUvYl+iAkAoiv+FoQgnka+7Q6KIR6EdAUMlQNs9c567QR0sjacs9JJZkWUJ5CUXUL\/mh2GLkzLuaTu1iUyDfIwzmLZTu2+QXTRILobFoJpz7RbfPT0EF59hS1GGtxjzw=="}
00780{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9439,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3089,"pkt_caplen":325,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":325,"pkt_l4_len":271,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAQ8GPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Oy58YaA0rgBgLME4vAAABAQgKwtdL7LiVO1NLYki1QRHzVravWZjwvZBOm5hOjQZh1BXxAtNFyVwsGyhbWHb9b4OK4R1BqfuFaXguGa\/NKYRnUqzYL+eeBO4mesNP1VjUQahgnfZgnt2WAnXPGV4TYVyXvsOcH\/7lESvmaNKdD4CjyxLy4xgeaDVtpm4W6hUus+eNJ2miCfrnqn9vXytBSeG+fnuD3TjmbYS1kGVyE8QDiDfkSE\/6\/4HAXkcOvhweDqJ7OrrkNq73Jhjf67WSuGD+G3u9kHhzgXvUUQc7MK5uX47BnTNfzEgIlXiloWPiOYPFuMsKbA0ul8VWOKpgwmaLq4v7Mb5dVw=="}
@@ -1043,7 +1043,7 @@
00453{"flow_id":58,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9444,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3147,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoDSt9DsufgBAB8oYiAAABAQgKuJU7gcLXS+w="}
00453{"flow_id":58,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9445,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":3154,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoDSt9DsyOgBAB8YU0AAABAQgKuJU7gcLXS+w="}
02098{"flow_id":57,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":4686,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBgLMOqgAAABAQgKwtdL7biVO1MWAwMAegIAAHYDA\/a8DpTYPSezFb5havGljC\/5aprFAlrOTd6O7ryW0DCMIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYEwEAAC4AMwAkAB0AIGuBjg5RGEf+IPH6PPxiTvI9p2h0b0eETQ3V7+5livcmACsAAgMEFAMDAAEBFwMDCdRHHksaT57xkKNkygMzp4N5Se75429JHIwlYtMEM\/yj4QmxlY2tsbxslEXrVPn66Z\/hRhDsrIS4hfMim9m+B8nS2XXBMJufhiDn+P5wNoEHXeK4AkiUu92nKQGfA5Wq4jnrzLDlIdonqSI5erGFSswpSIxBGtLDXIGdxORPeXbeTEWCf7\/Hr2yD6o0FwgdqPGLMFYhYCvBN\/NrFbDByr5wMox67eS\/n6mGncoUmChe4cliSjhPrWJZDBPucR6x9hoMG7HJjHse7chV4t\/cD4ZWwm8n07SfFET\/bycKw+lREwUCF6hGcto6QcHYPnYVQugBpC3stGXo6n7a\/co3pvFxQMT6jwNa4xo+W7Ace0KF4tAr5kb7p\/4lQkbN51wtv\/7S0H8NmXohHAcMBmDS6cSS+dl9HVmSL+yQL5Gp22TtXgIAchNqieFhIYcO5Est2gDaWDAQqlOee9Ff+Cn5lmDjETam4B+AOXDWsDTcXJdxi5UzwbuZmB7\/pBqQnxHzwFy9mMDcnPs40hi2rXM9pASgUOO0IZnjItYkQNm0RlfcNqiVxPxCMSw85UijAYBzkCZbJt0yyk3NGSw\/gEXuGtnTY\/7fxPZ2B4QAJWucXPE970KbKKFm7ldkxY9ziw3nt8\/MTQug6A4b7Xi0fLK3sSoCh5iwvMC871r+VNBvon98q+RUXUgAFc7UBwSp1bUgBSnxJYfsmB4tObpaK6fm55wnajRqoD8b8K89VyrXWQMBYELNKcA6TDdLHndj5y2qY\/lsk+9Fn9h94dRO0x8KdGx9XgxeVAOQ8pnlQMHTCGuSaOov5o\/w7ycUcorwAlJqPlHTNwv7y6seIesH4JtAnQpM789D\/nKDnm5E+TEBW3iqfitdLPfgTEem7c+RwUJVEj\/Ho1fgmuTLGjBlGgkzmHiGY74yQLjUiU58TlgWr3kwWyVldycwUTQE9Hd0rlfkFK1x\/vD3KAiKpbCZYRY5emNdauEy\/X9SWpOnTFFolr9geBhLPs1vHwaCQsSwwIt5aMOgR8k6UosYgS4YXXtYiMb1ONMIF2VHpeOwJgLlzYzrem2NhmdJD6wb9m+I9DS5yOD0XL4RC07hg5km\/9140ZIjIdAIIasLHe\/dQ0887xEre5R7MDqfqnfoSTLPg5rUZbtf+xWnAnGjUTwDjcS8lwtmBwMRWrbJDUF7EaTQsxQOkX+bRwWeiYPgSsLLkf\/5cnYaqKutH6ClWabbIpSpOT78MCIHzT2rPw1HYBgG3u0SckpI96t3N5gDGHfw6xeJkreeO4pQW0KBjInxHCq3TfmnS8wP67yo061oUnkD6gYwNvXTnucRoMuHE7GCLsYGhMzJwllszCdrxHVeC1KQPxQieccc9U96y8DoOGaM9MLpPhuWTSQ8zE1u1pe5L+3TE4UP\/XVinHy7DnI2J4JPKnw=="}
-00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00894{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9446,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":6,"flow_first_seen":1605291690926,"flow_last_seen":1605291691004,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"tpc.googlesyndication.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02090{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9447,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":4687,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCzDKeEC9HgBgLMCvqAAABAQgKwtdL7biVO1NneABvzk6stRrQUoB1AGfllNjIKRtp\/gxp\/62wegmbsqzgg8mYOjOLgdJ+czCSMLAthanMvLIqSP4Mao8y934osNe3FVYge0lU+RVAWgevu8Pcv+ngvzUSNy9mjCmpk9iiIUcrXnD65vmjlHlz2bJKx2fw08Y3CaTyX6B+BSRZapbly2\/kfpc6J8F6hah0fDLkFAO9sGDbgH4izcUf10NaeEUZ+UeKDhWpkMDukTe+fY7xRto9rpzLoJlLkzMqSHkFu4sajPbzDfwHKOh4w4qiPi8GHe0cw8etizeNV7vbkH4zzXFpiMfLezICEv2bnUdexRkSn1YlEscC+J2byF6oLV1lTmiTH2fmNu1TNL2tW5eFz8Ce0gom96O2eyo4+jUA1qyQug3oZhMKe6bEMiSIPd2bPYJuBXsL9OzZc878rRV39U22WBpR0Ek0aaicfIPlXdhi8HGHsMMSsb3x66KXNoilO8jDyXdg4T7YaLB6Gj2U5QsiPgObHBcfhd9j2ONIi8jZ0GQjimiE+8CjBNDDKuESfmGfsSG4Hq0UCqaRdIZzfqUvWtPe+Pgfd2BqepYzTAJKVklI\/LLAHyFtbZ5VxSrJ5yRv+oDQkxjYvJHv5sprxTlHI7BElU\/T59wX\/Jl5PS53Mkwf6m41dXF5LZw2qvz6p3Vp+fvhfzZz9OWs7Xbt0Qd3Io7KB+WS3B5lr23Koz9fEKu8n4KaNKItpjEVZXlQqPxYI0XJScTMWRVVigStAuAFYNDR5pkM\/WbhZw2MA5fzcpEJ5c0JsQmAco+haaEFiDiuGs6tO97xvFdbhlOr2qxsChnP\/2mzGVdtWl7sp0w\/pzzoIavtSp+457qa0azX5khNvOh\/pD\/Ta44w9C3MhDhfLwKyuFPR\/pVJXGwVowSFMRsP\/Fi6HlGOejZ3H\/79xzgumMKvFUimlep+VWMAh9HAHFWggjJK2F2SSdAKavKiZf7qYtvPHMmaE1mcvx6HFicA2YXxvkZOPb0CO1f1QIYhU8WUcZ8naw7ew2cjoEd8dOYNCQQu2Mm5cVog67mTUVKWKFFmEzRLZjb8ecjo7wxl8eBGxknQIdUo7lmpOPrIGaJUZicRJqLe20xCfbeRXmltU2XW7fflQW0Hor0qPf9MWer19XGiyUmP8eeizD3WhbFmXNofSEfBip9jCRWnA+aHe8SM4VPKhuYcNb1ySxDnGBFQCirLo5DIaVIE\/0Rj7TwI8GPYCBVhDAEchLxxrKVOxna8N5p3bMldpwEaRnx\/ZAXSwt6EMaJazNyKUbxQAfZ4\/Sy9IAeGsI7Z3zYi4arEnJESIlFrYtw8pVkc73T2dOK5K4Kv6exlJskR5v1OLUem8ROaO6k6LB9LxCmHPoihYydOK539lqUKAaLiMxEGOfNsDdyMLyUnTJNUQz8xt5WuA+57V4I3W8HXTuGoRwKD8BRx6g2Zm9b8L8JGVt\/e6OzL1fHBUzfyAscK1A1eQ1gnXNz+CHLM7JO4dvoa4X86eyP6mooIKvYwwlVqc+N93cg+B0sQRTlNgwkG3U5vJWeWo8YJoeyqWZsz9Y\/4MLIcyaOQqgsPi10c25Y1zSArYVbSpG2Ocze0CSo6DuvEOMdYoA=="}
00778{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9448,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":4688,"pkt_caplen":324,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":324,"pkt_l4_len":270,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAQ4GPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhC0OqeEC9HgBgLMI0oAAABAQgKwtdL7biVO1MsfuU\/h\/0EgEpFattDsbIEbY3flbv1Gxud6QKPVnyQvC45AO1yoL55TVPOXciCPrwu+Ouerjym+4Mu7U7poDJn3JrNUV2GB7xpQLT7NPwLS2XfQ+wkNdcCtPKIxgklIUMtbM64S4hq4grtGtzGUyb09qOSRnki\/d3KFnDy5T31A6Uq5Ne\/M3MkDYvZCUiBtq8UlKoj1U5aHhS3pGLBeEB\/jDdsju6RrIGpBifBRBmDds\/WTENGGCAUwfTmmycKnpcY5XOSBsq1FJwZ4x9tsCK2OXIQeJzHpm6DAcYYmvE9TwTyVjpVPzakA3UT94+V"}
00452{"flow_id":57,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9449,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":4701,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QL0f4QswygBAB9WKTAAABAQgKuJU7gsLXS+0="}
@@ -1071,84 +1071,84 @@
01241{"flow_id":58,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9553,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":54527,"pkt_caplen":666,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":666,"pkt_l4_len":612,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAmQGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0OzI4YaA1rgBgLOOvoAAABAQgKwtdMH7iVO5UXAwMCAZAcfi0uwAAwFivFc4YhCppadXBIuIK7T\/8f1HDeuB+5qzO1DGNLL5zuOujdx\/TprXEB1eJeH6+wpCfhguFEJioc6w8leGFw\/JJK7FQHFE+otEwIMWGekXm7Z9uRtCzwzyBf7QNDDHNLJ5V15v+PlM\/KEQkm2Z9ZpQsAMvvs9Ls3KZ3e2yPXGBsc4lOGsGSzCp0DRxU48RWxrBBY14xRcKl48Km+nisNbc5XUUctzvY271fQdK3QD5rQt5NfsKq6EZadXhJq\/iXRmNj67BDq7Cw7Uu0Ecp6YexUjWgAenUZGyOA3NR290x08LsGaT3MavV1Xo0HIxLqg1Yv9t9BwTEy+\/DC3Lw9oLftquAFE9Pzc489smBInZLcv+\/wXSm2Q0quM78q3t8VleKi6u9RkqnCixEg6Gb95WgNyQGTUUzXPfbG2A+qKo5Fbz2vhbSWV1uUmFhiek4xvmoMRCQKLBlzZPjgYVjsPjXocCGJQ8wTw8\/bWP6fcdIQ0HpPj+hg8xoV3k\/Vu9ZMzywY85vXbYVrMGM81nC15OV8eeV\/gAA9rBkzmvfe1V4aZl1dysolmigs6XhwFExY84G5+vEeisamMNbrVd058uWzllhirMTa57sthS7odBP2klIj+SJRb4hJTry6ZCb9N9Zs7BX+Ta68XUL8zHMTH0ahlsSujzf9DABcDAwA5E8idCfDkKhlap\/NHKo7P3Iix98blFdwqTBsnUrodT0PB1ZUP8n9wDfI4KMISNb772WRXooelPd3R"}
00455{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9555,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":61013,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhC0dieEC9HgBALMFN6AAABAQgKwtdMJbiVO4I="}
00455{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9557,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291691,"pkt_ts_usec":61016,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhC0dieEC+IgBALOFMcAAABAQgKwtdMJbiVO5c="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1605291696948,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1605291696948,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11226,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291696,"pkt_ts_usec":948991,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="}
00469{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11227,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291696,"pkt_ts_usec":965238,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="}
00455{"flow_id":60,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11228,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291696,"pkt_ts_usec":965302,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBAB+3eDAAABAQgKUiG5tMLXYzc="}
01152{"flow_id":60,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291696,"pkt_ts_usec":965939,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBUfTisWgBgB+wO1AAABAQgKUiG5tMLXYzcWAwECAAEAAfwDAwHqoerYjfOaFlsdXktRRD3igdgx3qxQ0CcSKew4vtFlIIbnh\/g\/aalJEnrSSRBrTzEV6+fgBkXEzuoX27iz\/grEACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAGAAWAAATZDkuZmxhc2h0YWxraW5nLmNvbQAXAAD\/AQABAAAKAAoACMrKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApysoAAQAAHQAgPbO2qWewDD8TkBGwdmJPtUCWKvxNvYBt\/Ur80maJ31sALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00816{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00827{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11229,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_first_seen":1605291696948,"flow_last_seen":1605291696965,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":60,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11230,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":12854,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBALMGwaAAABAQgKwtdjZlIhubQ="}
02330{"flow_id":60,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33621,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBgLMP5sAAABAQgKwtdjeVIhubQWAwMAWQIAAFUDA4nalEUe\/i3PlP8MtHnHshFwjy7LA54oW6LIgCj\/nKWTIMGehQMoFBhvSm1NPSTm6gzz4e6FdiJV5KVle0i\/UzkYwC8AAA3\/AQABAAALAAQDAAECFgMDE\/YLABPyABPvAAaKMIIGhjCCBW6gAwIBAgIIS5nocKKwsRYwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjAwODA2MTAzMDI4WhcNMjEwOTE3MTE0MTU2WjA9MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxGDAWBgNVBAMTD3RhZy5kZXZpY2U5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzfdDJcV\/9lshwyJ6w2q7YIsHiOF0wXm8r4ts5IJ0rrYJvwXqOhCgkik3YLzEZ3Z1kLLQDNp6GAWPklsbjVj1ESiWDcQPtCYbV091M6kYQ90l185MDPDri4AVmvMj65utVymPOkpJBp3AI4Rwfob2lom8ExGvnzUKzLIIUCR8kgPZLQbjsBmcFlmhiF1cOemy2mY+zPQyPx+R3+0ZXnZ4m4PS65rNMR8Ow3X4Ai4DBs8oyG72UBunfnevFhWzGieCkVEJLj5\/P3g2eeHiTV9xz9gUzjC29jlBNi5jHLpFtP\/YSfC92fdz1fXXFYjWr3ZRPK8EOEsZ3sSK45eSUGLKcCAwEAAaOCAxAwggMMMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMjE4OC5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjBzBgNVHREEbDBqgg90YWcuZGV2aWNlOS5jb22CE3d3dy50YWcuZGV2aWNlOS5jb22CDWZwLnplbmFwcy5jb22CHnRoZS5zY2llbmNlYmVoaW5kZWNvbW1lcmNlLmNvbYITZDkuZmxhc2h0YWxraW5nLmNvbTAdBgNVHQ4EFgQU9MV04ILbzDyVlwgiNzG8P\/\/79aEwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAXPDUnt0AAAEAwBHMEUCIDf1NAS8rmNUuddvxCcVUmBg\/MdwKG\/FsJbzlfrmukFrAiEAsXMs6b7hEO7E+I7yrtsiVXqwbsLj9eCWzbLyypOp\/1IAdw=="}
-00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11233,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":6,"flow_first_seen":1605291696948,"flow_last_seen":1605291697033,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02327{"flow_id":60,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11234,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33623,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OMIJ4xyoagBgLMPm0AAABAQgKwtdjeVIhubQAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFzw1J8xgAABAMASDBGAiEA752vHhkTjVwt56k1hXMqwTg+06DnW30jrEAiG0HUgSUCIQCYY3uSx34pHrQaHKaOOzERrwiH3oYLUYiwKPxzq0xpGzANBgkqhkiG9w0BAQsFAAOCAQEADq7xLgVRR8P0o2et\/sGg7DD5McDzRdnTbwBMXeW0ovBJH5ieCPlAYSdnB8z7lQtvNwRQ78312bnCn6RTF38NcsWdd+PNp7jGnwCEERL2vX9Vwt2XMzERaPqKyk9A5MXDsgLSQT8p+Dq45bsCQ0KhNlSyBZRQGyeLkIiV07v0g0Zh40pMKsdcEnpn\/Gnf98PaLZojXryTBP5dse10kQszHTa9wZRzPkBUduJ2FORZaawhbyFzaAIiQWBmkX3JF\/8E3rPx\/F6wkcOgIkOtTZPNCTco00vhFGy5NJ7Nfo4UMBVZCqPNNtb8rkpWTCXCCPJHYvoVe2vcbc7CNtfjroHDbwAE1DCCBNAwggO4oAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueDLENSvdr3Uk2LrMGS4gQhswwTZYheOL\/8+Zc+PzmLmPFIc2hZFS1WreGtjg2KQzg9pbJnIGhSLTMxFM+qI3J6jryv+gGGdeVfEzy70PzA8XUf8mha8wzeWQVGOEUtU+Ci+0Iy+8DA4HvOwJvhmR2Nt3nEmR484R1PRRh2049wA6kWsvbxx2apvANvbzTA6eU9fTEf4He9bwsSdYDuxskOR2KQzTuqz1idPrSWKpcb01dCmrnQFZFeItURV1C0qOj74uL3pMgoClGTEFjpQ8Uqu53kzrwwgB3\/o3wQ5wmkCbGNS+nfBG8h0h8i5kxhQVDVLaU68O9NJLh\/cwdJS+wIDAQABo4IBGjCCARYwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEDCvSeOzDSDMKIz1\/tss\/C0LIDOMB8GA1UdIwQYMBaAFDqahQcQZyi27\/a9BUFuIMGU2g\/eMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LWcyLmNybDBGBgNVHSAEPzA9MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEACH5skxDIOLiWqQ=="}
02247{"flow_id":60,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11235,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33624,"pkt_caplen":1406,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1406,"pkt_l4_len":1352,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABUgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9ONe54xyoagBgLMElbAAABAQgKwtdjeVIhubSQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2RH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXnoQPvVdws1o="}
00454{"flow_id":60,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11236,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33649,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKhofTjCCgBAB9W+SAAABAQgKUiG5+MLXY3k="}
00455{"flow_id":60,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11237,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33677,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKhofTjXugBAB8GorAAABAQgKUiG5+MLXY3k="}
00455{"flow_id":60,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11238,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":33689,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKhofTjsWgBAB5mUNAAABAQgKUiG5+MLXY3k="}
02330{"flow_id":60,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":34463,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OOxZ4xyoagBgLMLKgAAABAQgKwtdje1IhubTpH6CGU7vvfP9pC+BIw7eTC8gKVMSsXRRnN2zKpS8xCDeqbm+MvJviV10kga+Xl5yErWysN0xm82GRESDkvjCfeqQpCbDhNF9kdxhAUd+MMKavAAQEMIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d\/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9\/AlQiVBDYsoHUwHU9S3\/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i\/ojgC95\/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta\/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4\/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h\/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1\/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0\/ZM\/iZx4mERdEr\/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX\/bvZ8WAwMBTQwAAUkDABdBBPsFY9pNvX5TtOPGsdk0hQPimXVO1fDXg3y+4Qd02kZZ40mokItWMy7I15bFq21bT\/3COnOUMPou6Uj5xvknpKsGAQEAMrOj5sSvcFdF0U19ZTVROOOIDYtnm+9xE1WJQS24eWeidJew6MUniEdOO9fBLW478k5QK8WG16jIRnve5HQ9JKB6z59Qd18UKZIoo3qVOhufw1q5wtBEP0FP9R4875RMavMB1L2cA4C4jwqgk4yXT0gl3zoMSTMrH5ndrG0UJpWnLHKdsdsYDy3etcr1mBwJ1OQbvH90ER54whVNScImkpnkqX3vr5dM1ujT8HZrXy7fdK2qyHvnih6uoc0urDn+nQ=="}
-01285{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_tot_l4_data_len":6401,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":533,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}
+01296{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11239,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":12,"flow_first_seen":1605291696948,"flow_last_seen":1605291697034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6001,"flow_avg_l4_payload_len":500,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"d9.flashtalking.com","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=tag.device9.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}
00556{"flow_id":60,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11240,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":34464,"pkt_caplen":158,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":158,"pkt_l4_len":104,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAGgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OQIJ4xyoagBgLMG3YAAABAQgKwtdje1IhubSBt0obLL+WIiPG6AQ56SzS1GkUMIPNBkq1N9IMlEKIOpEbi45nD5zJkYriLO4a7hmSKY4Uz5bfrMdnA+ZKZmoWAwMABA4AAAA="}
00455{"flow_id":60,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11241,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":34480,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKhofTkCCgBAB3F+oAAABAQgKUiG5+cLXY3s="}
00455{"flow_id":60,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11242,"source":"reddit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605291697,"pkt_ts_usec":34499,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKhofTkDKgBAB3F9gAAABAQgKUiG5+cLXY3s="}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":12230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":313,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_tot_l4_data_len":7714,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":233,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_tot_l4_data_len":621328,"flow_min_l4_data_len":32,"flow_max_l4_data_len":6320,"flow_avg_l4_data_len":794,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_tot_l4_data_len":39821,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2502,"flow_avg_l4_data_len":468,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_tot_l4_data_len":4437,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_tot_l4_data_len":4415,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":232,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_tot_l4_data_len":4436,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_tot_l4_data_len":100,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_tot_l4_data_len":7503,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_tot_l4_data_len":509140,"flow_min_l4_data_len":32,"flow_max_l4_data_len":6277,"flow_avg_l4_data_len":601,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_tot_l4_data_len":72894,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2448,"flow_avg_l4_data_len":639,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_tot_l4_data_len":5087,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_tot_l4_data_len":4446,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":234,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_tot_l4_data_len":4641,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":309,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_tot_l4_data_len":1968519,"flow_min_l4_data_len":32,"flow_max_l4_data_len":11560,"flow_avg_l4_data_len":1365,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_tot_l4_data_len":4681,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_tot_l4_data_len":4701,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":261,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_tot_l4_data_len":4681,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_tot_l4_data_len":4701,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":261,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_tot_l4_data_len":5289,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_tot_l4_data_len":5289,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_tot_l4_data_len":103287,"flow_min_l4_data_len":32,"flow_max_l4_data_len":10512,"flow_avg_l4_data_len":776,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_tot_l4_data_len":4703,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_tot_l4_data_len":5898915,"flow_min_l4_data_len":32,"flow_max_l4_data_len":9464,"flow_avg_l4_data_len":1076,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_tot_l4_data_len":5263,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":228,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_tot_l4_data_len":4625,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_tot_l4_data_len":4625,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_tot_l4_data_len":5289,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_tot_l4_data_len":11120,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":300,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_tot_l4_data_len":9215,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_tot_l4_data_len":44526,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":397,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_tot_l4_data_len":9793,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":217,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_tot_l4_data_len":8092,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_tot_l4_data_len":97928,"flow_min_l4_data_len":32,"flow_max_l4_data_len":5584,"flow_avg_l4_data_len":829,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_tot_l4_data_len":9892,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":219,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_tot_l4_data_len":10193,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1392,"flow_avg_l4_data_len":377,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00543{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_tot_l4_data_len":8763,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_tot_l4_data_len":38231,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2448,"flow_avg_l4_data_len":554,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_tot_l4_data_len":21093,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":297,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_tot_l4_data_len":126179,"flow_min_l4_data_len":32,"flow_max_l4_data_len":5584,"flow_avg_l4_data_len":864,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_tot_l4_data_len":7396,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":176,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_tot_l4_data_len":8369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_tot_l4_data_len":4638,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":244,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_tot_l4_data_len":129359,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3656,"flow_avg_l4_data_len":743,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_tot_l4_data_len":10044,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":189,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_tot_l4_data_len":4678,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":246,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_tot_l4_data_len":5688,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":270,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_tot_l4_data_len":16169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":367,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_tot_l4_data_len":7497,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":214,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_tot_l4_data_len":43592,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2808,"flow_avg_l4_data_len":597,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_tot_l4_data_len":6013,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":193,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_tot_l4_data_len":768921,"flow_min_l4_data_len":32,"flow_max_l4_data_len":7280,"flow_avg_l4_data_len":1208,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_tot_l4_data_len":7711,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":248,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_tot_l4_data_len":114469,"flow_min_l4_data_len":32,"flow_max_l4_data_len":10904,"flow_avg_l4_data_len":1100,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_tot_l4_data_len":9432,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_tot_l4_data_len":9431,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_tot_l4_data_len":9412,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_tot_l4_data_len":9413,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_tot_l4_data_len":50634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2365,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_tot_l4_data_len":6692,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":215,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":39,"flow_first_seen":1605291688749,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":10966,"flow_avg_l4_payload_len":281,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":33,"flow_first_seen":1605291690384,"flow_last_seen":1605291690520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6642,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":782,"flow_first_seen":1605291687514,"flow_last_seen":1605291688963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6288,"flow_tot_l4_payload_len":596288,"flow_avg_l4_payload_len":762,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":85,"flow_first_seen":1605291690926,"flow_last_seen":1605291691284,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2470,"flow_tot_l4_payload_len":37085,"flow_avg_l4_payload_len":436,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":19,"flow_first_seen":1605291690926,"flow_last_seen":1605291691064,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":200,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":20,"flow_first_seen":1605291690926,"flow_last_seen":1605291691062,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3816,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00534{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_first_seen":1605291690992,"flow_last_seen":1605291691029,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":27,"flow_first_seen":1605291687934,"flow_last_seen":1605291688340,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6623,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":847,"flow_first_seen":1605291684452,"flow_last_seen":1605291698703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6245,"flow_tot_l4_payload_len":482020,"flow_avg_l4_payload_len":569,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":114,"flow_first_seen":1605291688843,"flow_last_seen":1605291691232,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":69230,"flow_avg_l4_payload_len":607,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":1605291684481,"flow_last_seen":1605291684654,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":19,"flow_first_seen":1605291688843,"flow_last_seen":1605291689005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":15,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1442,"flow_first_seen":1605291686035,"flow_last_seen":1605291696381,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11528,"flow_tot_l4_payload_len":1922359,"flow_avg_l4_payload_len":1333,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56566,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686148,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1605291686035,"flow_last_seen":1605291686149,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":18,"flow_first_seen":1605291686035,"flow_last_seen":1605291686156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4181,"flow_avg_l4_payload_len":232,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56572,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56574,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":23,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56576,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":133,"flow_first_seen":1605291686060,"flow_last_seen":1605291697854,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10480,"flow_tot_l4_payload_len":99015,"flow_avg_l4_payload_len":744,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":17,"flow_first_seen":1605291686060,"flow_last_seen":1605291686196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4191,"flow_avg_l4_payload_len":246,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5480,"flow_first_seen":1605291686064,"flow_last_seen":1605291695840,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9432,"flow_tot_l4_payload_len":5723539,"flow_avg_l4_payload_len":1044,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":23,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4547,"flow_avg_l4_payload_len":197,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56584,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56586,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1605291686064,"flow_last_seen":1605291686203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4165,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":23,"flow_first_seen":1605291686084,"flow_last_seen":1605291686232,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":198,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":37,"flow_first_seen":1605291686084,"flow_last_seen":1605291686283,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":9920,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":35,"flow_first_seen":1605291690421,"flow_last_seen":1605291690571,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8079,"flow_avg_l4_payload_len":230,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":112,"flow_first_seen":1605291686301,"flow_last_seen":1605291696305,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":40926,"flow_avg_l4_payload_len":365,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":45,"flow_first_seen":1605291689408,"flow_last_seen":1605291689979,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":8337,"flow_avg_l4_payload_len":185,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00556{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":27,"flow_first_seen":1605291688344,"flow_last_seen":1605291688502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7212,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":118,"flow_first_seen":1605291686996,"flow_last_seen":1605291688354,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":94136,"flow_avg_l4_payload_len":797,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":45,"flow_first_seen":1605291687800,"flow_last_seen":1605291692129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":8436,"flow_avg_l4_payload_len":187,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":27,"flow_first_seen":1605291690405,"flow_last_seen":1605291690626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":9313,"flow_avg_l4_payload_len":344,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":36,"flow_first_seen":1605291688611,"flow_last_seen":1605291688858,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":7595,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":69,"flow_first_seen":1605291687642,"flow_last_seen":1605291687853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2416,"flow_tot_l4_payload_len":36007,"flow_avg_l4_payload_len":521,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":71,"flow_first_seen":1605291688830,"flow_last_seen":1605291698440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":18805,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":146,"flow_first_seen":1605291687485,"flow_last_seen":1605291690985,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5552,"flow_tot_l4_payload_len":121491,"flow_avg_l4_payload_len":832,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":42,"flow_first_seen":1605291688324,"flow_last_seen":1605291688572,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6036,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":23,"flow_first_seen":1605291696948,"flow_last_seen":1605291697249,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7617,"flow_avg_l4_payload_len":331,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":19,"flow_first_seen":1605291688336,"flow_last_seen":1605291688453,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4038,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":174,"flow_first_seen":1605291688831,"flow_last_seen":1605291698470,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3624,"flow_tot_l4_payload_len":123775,"flow_avg_l4_payload_len":711,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":53,"flow_first_seen":1605291684451,"flow_last_seen":1605291698602,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8332,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":19,"flow_first_seen":1605291684451,"flow_last_seen":1605291684592,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":4078,"flow_avg_l4_payload_len":214,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":21,"flow_first_seen":1605291687761,"flow_last_seen":1605291687902,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5000,"flow_avg_l4_payload_len":238,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":44,"flow_first_seen":1605291687933,"flow_last_seen":1605291688585,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":14745,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":35,"flow_first_seen":1605291690926,"flow_last_seen":1605291691119,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":6361,"flow_avg_l4_payload_len":181,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":73,"flow_first_seen":1605291686985,"flow_last_seen":1605291690314,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2776,"flow_tot_l4_payload_len":41240,"flow_avg_l4_payload_len":564,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":31,"flow_first_seen":1605291688712,"flow_last_seen":1605291688927,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5005,"flow_avg_l4_payload_len":161,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":636,"flow_first_seen":1605291687931,"flow_last_seen":1605291698785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":7248,"flow_tot_l4_payload_len":748553,"flow_avg_l4_payload_len":1176,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":31,"flow_first_seen":1605291687896,"flow_last_seen":1605291688326,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":6703,"flow_avg_l4_payload_len":216,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":104,"flow_first_seen":1605291690926,"flow_last_seen":1605291691154,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":10872,"flow_tot_l4_payload_len":111125,"flow_avg_l4_payload_len":1068,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":305,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":28,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8555,"flow_avg_l4_payload_len":305,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691043,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8556,"flow_avg_l4_payload_len":316,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test"}
diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out
index 3ebb6ba61..46a192b6b 100644
--- a/test/results/rx.pcap.out
+++ b/test/results/rx.pcap.out
@@ -1,25 +1,25 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460647264018,"flow_last_seen":0,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":300,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460647264018,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00781{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647264,"pkt_ts_usec":18403,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460647264018,"flow_last_seen":0,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":300,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1460647264018,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647264,"pkt_ts_usec":26287,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"}
00476{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647264,"pkt_ts_usec":26325,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd5\/IAAEARpF6DctuowKfOfKJXG1oASRKnVw+1YFw\/yYgAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1460647283326,"flow_last_seen":0,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":300,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1460647283326,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00780{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647283,"pkt_ts_usec":326954,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"pkt":"PIqwbTfwAAjK968mCABFAAFA6DUAAEARoziDctuowKfOfJW7G1oBLLHjVw+1c1wtPyQAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1460647283326,"flow_last_seen":0,"flow_tot_l4_data_len":300,"flow_min_l4_data_len":300,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1460647283326,"flow_last_seen":0,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
00433{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647283,"pkt_ts_usec":340393,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAjK968mPIqwbTfwCABFAABATVwAADoRRRLAp858g3LbqBtalbsALJAKVw+1c1wtPyQAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"}
00475{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647283,"pkt_ts_usec":340531,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd6DcAAEARpBmDctuowKfOfJW7G1oASammVw+1c1wtPyQAAAABAAAAAAAAAAICIQAAAAAASQAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1460647299605,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1460647299605,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":605656,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"PIqwbTfwAAjK968mCABFAABM9uIAAEARlX+DctuowKfOfBtZG1sAOL9z1w+zMFwiT6wAAAABAAAAAQAAAAEBBQAAAAAANAAAAg8AAAAJcm9vdC5jZWxsAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1460647299605,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1460647299605,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
01853{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":669561,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"pkt":"AAjK968mPIqwbTfwCABFAARQURUAADoRPUnAp858g3LbqBtbG1kEPOsl1w+zMFwiT6wAAAABAAAAAQAAAAEBBAAAAAAANAAAAHIAAABvAAAAbwAAAHQAAAAuAAAAYwAAAGUAAABsAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHcAbjJ4AABDBwAAH8H\/\/\/+jAAAAJQAAAAEAAAABAAAAAAAAAH\/\/\/\/+qAAAAdwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwAAAA8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAEgAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAyAAAAROcGeMAAAAAAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00475{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":669639,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd9usAAEARlWWDctuowKfOfBtZG1sASZXi1w+zMFwiT6wAAAABAAAAAAAAAAICIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
00523{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":669661,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"PIqwbTfwAAjK968mCABFAAB49uwAAEARlUmDctuowKfOfBtZG1sAZAqx1w+zMFwiT6wAAAACAAAAAQAAAAMBBQAAAAAANAAAAhUAAAAEAAAAAAAAAAAAAAAAAG4yeAAAQwcAAB\/B\/\/\/\/owAAACUAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHc="}
00515{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":704559,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"AAjK968mPIqwbTfwCABFAAB0USMAADoRQRfAp858g3LbqBtbG1kAYH0p1w+zMFwiT6wAAAACAAAAAQAAAAIBBAAAAAAANABuMngAAEMHAAAfwf\/\/\/6MAAAAlAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AAAADwAAAAEAAAABwKfO8Q=="}
00476{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":704698,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd9vEAAEARlV+DctuowKfOfBtZG1sASZXf1w+zMFwiT6wAAAACAAAAAAAAAAQCIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1460647299704,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1460647299704,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":704750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PIqwbTfwAAjK968mCABFAAA8LUMAAEARXrqDctuowKfO8RtZG1gAKKMX1w+zMFwiT7AAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1460647299704,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1460647299704,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
00476{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":782295,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AAjK968mPIqwbTfwCABFAABeF80AADoReg7Ap87xg3LbqBtYG1kASo9g1w+zMFwiT7AAAAABAAAAAAAAAAECIgAAAAAAAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"}
00476{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":782351,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABdLVQAAEARXoiDctuowKfO8RtZG1gASaag1w+zMFwiT7AAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="}
00432{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":839343,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAjK968mPIqwbTfwCABFAAA8F9AAADoRei3Ap87xg3LbqBtYG1kAKJ5Np\/AZ\/luoHUgAAAABAAAAAQAAAAEBBQAAAAAAAQABAAI="}
@@ -33,9 +33,9 @@
00525{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":944979,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"PIqwbTfwAAjK968mCABFAAB49wkAAEARlSyDctuowKfOfBtZG1sAZIbt1w+zMFwiT6wAAAADAAAAAQAAAAUBBQAAAAAANAAAAhUAAAAEAAAAAAAAAAAAAAAAAIQN5gAA+50AABAS\/\/\/\/mP\/\/\/4QAAAABAAAAAQAAAAAAAAB\/\/\/\/\/qgAAAHc="}
00518{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":986824,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"AAjK968mPIqwbTfwCABFAAB0UV4AADoRQNzAp858g3LbqBtbG1kAYPnb1w+zMFwiT6wAAAADAAAAAQAAAAMBBAAAAAAANACEDeYAAPudAAAQEv\/\/\/5j\/\/\/+EAAAAAQAAAAEAAAAAAAAAf\/\/\/\/6oAAAB3AAAADwAAAAEAAAABwKfOfA=="}
00476{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":986934,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd9w4AAEARlUKDctuowKfOfBtZG1sASZXc1w+zMFwiT6wAAAADAAAAAAAAAAYCIQAAAAAANAAAAAAAAAACAAAAAQAAAAAIAAAAAAAAFjwAAAWkAAAAIAAAAAQ="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1460647299986,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1460647299986,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647299,"pkt_ts_usec":986990,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PIqwbTfwAAjK968mCABFAAA89w8AAEARlWKDctuowKfOfBtZG1gAKKOI1w+zMFwiT7QAAAABAAAAAQAAAAEBBQAAAAAAAQABAAQ="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1460647299986,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1460647299986,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","ndpi": {"proto":"RX","breed":"Acceptable","category":"RPC"}}
00475{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":17623,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"AAjK968mPIqwbTfwCABFAABeUWIAADoRQO7Ap858g3LbqBtYG1kASjJ01w+zMFwiT7QAAAABAAAAAAAAAAECIgAAXV0AAQAAAAAAAAABAAAAAQAAAAAGAQEAAAAAAAWkAAAFpAAAABAAAAAB"}
00475{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":17672,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"PIqwbTfwAAjK968mCABFAABd9xIAAEARlT6DctuowKfOfBtZG1gASacR1w+zMFwiT7QAAAABAAAAAAAAAAICIQAAAAAAAQAAAAAAAAABAAAAAAAAAAEHAAAAAAAAFjwAAAWkAAAAEAAAAAQ="}
00430{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":35276,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAjK968mPIqwbTfwCABFAAA8UWMAADoRQQ\/Ap858g3LbqBtYG1kAKDk4na9LKFupW+gAAAABAAAAAQAAAAEBBQAAAAAAAQABAAI="}
@@ -60,9 +60,9 @@
00448{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":305310,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAjK968mPIqwbTfwCABFAABIUYoAADoRQNzAp858g3LbqBtYG1kANGRrpznrEIIX+MQAAAAAAAAAAAAAAAEGAAACAAAAAQAAAAIPbFORAAAAAAAAAAA="}
00922{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":305347,"pkt_caplen":435,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":435,"pkt_l4_len":401,"pkt":"PIqwbTfwAAjK968mCABFAAGl9z4AAEARk8qDctuowKfOfBtZG1gBkZ0QpznrEIIX+MQAAAAAAAAAAAAAAAIHAQACAAAAAQAAAAIAAAAAbN8VeUBVvisWQ9S6x95dol\/TUOn9bl0f90I3hGv3uVWDizOZmldnlgAAAQAAAAE1YYIBMTCCAS2gAwIBBaELGwlVWi5TTlMuSVSiGzAZoAMCAQChEjAQGwNhZnMbCXV6LnNucy5pdKOB+zCB+KADAgEBoQMCAQKigesEgejNCW5m+7aBGuNoiVjkIJzx2tfXcLBv38bKqTxnfkKpelrtA2NteZ8teA2NY\/JcS7qvCbZJ5UfKfc0XKBLSX738gQiqTXl3VrPW6tJlGduoYTSlbLyRRjJPbpfA8K1\/szhWNGSiFLmMKWb9D3hNBBWPTEvqEyYAaHPUgal5Rc1F+EXgRSJeXlbJkNTV4kp3P8IMhfBmmyZrdnmNbYh2kOEX\/XLBBA7VWh1HbE3nAPhiu\/cR5WVZnVZ83fKFION8RnxUZiNj5tJwTg5Xm0rlK0JDrC0ZWhW0UJRkXyn0UNTnL\/w5O\/ofVSgO"}
00432{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"rx.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1460647300,"pkt_ts_usec":308261,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AAjK968mPIqwbTfwCABFAAA8UYsAADoRQOfAp858g3LbqBtYG1kAKDkyna9LKFupW+gAAAADAAAAAQAAAAUBBQAAAAAAAQABAAI="}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_tot_l4_data_len":417,"flow_min_l4_data_len":44,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_tot_l4_data_len":2462,"flow_min_l4_data_len":36,"flow_max_l4_data_len":476,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_tot_l4_data_len":9690,"flow_min_l4_data_len":36,"flow_max_l4_data_len":748,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_tot_l4_data_len":9001,"flow_min_l4_data_len":48,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":333,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_tot_l4_data_len":417,"flow_min_l4_data_len":44,"flow_max_l4_data_len":300,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1460647264018,"flow_last_seen":1460647264026,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":20,"flow_first_seen":1460647299986,"flow_last_seen":1460647320158,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":468,"flow_tot_l4_payload_len":2302,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00123{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test"}
diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out
index 7980f08ab..cb1ded062 100644
--- a/test/results/s7comm.pcap.out
+++ b/test/results/s7comm.pcap.out
@@ -1,7 +1,7 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":880679,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":884414,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="}
00441{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":884562,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="}
00441{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":887528,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"kOa6hF5BABsbI+s7CABFAABDAM8AAB4GGGTAqAEowKgBCgBmEFkAAvsmkETd0VAYEAAeAAAAAwAAGwLwgDIDAAACAAAIAAAAAPAAAAEAAQDw"}
@@ -16,5 +16,5 @@
00708{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910535,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"kOa6hF5BABsbI+s7CABFAAEFANIAAB4GF5\/AqAEowKgBCgBmEFkAAvvjkETeSVAYEADS7gAAAwAA3QLwgDIHAAAFAAAMAMAAARIIEoQBAQAAAAD\/CQC8ABMAAAAkAAUAAQABAAMAAAARAAAAAwAAAAABYAAAAAAAAAAAAAAAAAAAAAAAAgABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwACAAIAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAATKgAAAAAABAACAIAAAAACAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAABQACAAAFAAACAAAAAAAAAAAAAAAAAAAAAAUAAAAAIAAAAAA="}
00419{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910642,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLVNAAIAGAADAqAEKwKgBKBBZAGaQRN5JAAL8wFAY+UCDpAAAAwAABwLwAA=="}
00451{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910913,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABsbI+s7kOa6hF5BCABFAABJLVRAAIAGAADAqAEKwKgBKBBZAGaQRN5QAAL8wFAY+UCDvgAAAwAAIQLwgDIHAAAGAAAIAAgAARIEEUQBAP8JAAQBMQAE"}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_tot_l4_data_len":3390,"flow_min_l4_data_len":27,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":61,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test"}
diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out
new file mode 100644
index 000000000..7f8d187b3
--- /dev/null
+++ b/test/results/safari.pcap.out
@@ -0,0 +1,137 @@
+00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620898024056,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00438{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":56646,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"}
+00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":84984,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="}
+00420{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":85084,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aT+9DGPz3YAQECxliAAAAQEICjMwxXQ6Vqpv"}
+00741{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":85660,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEfAABAAEAGqzzAqAGykjA6EtfeAbt7aT+9DGPz3YAYECzi2QAAAQEICjMwxXQ6VqpvFgMBAOYBAADiAwP7e0LMuchcA2pz2N1av9UFuo\/JaGJbVW+oYg1yPADkCgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACR\/wEAAQAAAAATABEAAA53d3cuaWl0LmNuci5pdAAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620898024056,"flow_last_seen":1620898024085,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":113654,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03eJAADQG2kSSMDoSwKgBsgG7194MY\/Pde2lAqIAQAfxysAAAAQEICjpWqowzMMV0"}
+02360{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":120639,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU3eNAADQG1KOSMDoSwKgBsgG7194MY\/Pde2lAqIAQAfwBCgAAAQEICjpWqpEzMMV0FgMDAHACAABsAwOM4YMM1VITX3qgVNYXXs6z08CqyDQpEUFET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAk\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEAFwAAFgMDC8sLAAvHAAvEAAa\/MIIGuzCCBaOgAwIBAgIQB9wL9mjgc3TVW2Kkapy60jANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xOTEyMTAwMDAwMDBaFw0yMjAxMDUxMjAwMDBaMIGAMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFTGF6aW8xDTALBgNVBAcTBFJvbWExKzApBgNVBAoTIkNvbnNpZ2xpbyBOYXppb25hbGUgZGVsbGUgUmljZXJjaGUxDDAKBgNVBAsTA0lJVDEXMBUGA1UEAxMOd3d3LmlpdC5jbnIuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZlzbvmWRC\/N39zrle66Mr2+Xw9uz+qV\/sjWmZqrnwhZzOZlZE4J6seHFNBcYbGHtIIOuio8pbbhTX9iebS9cLK+dqE+SHXAnIsAE3IZDNZlmrfI4UgCGByRHLgUtkPYMP5hrucr3XgGSboROYfi+zqZRLx24KJADZSc+sPhba2p4xS\/eHnDHp\/kG5qQ22v1eKoZ8SmsJ3n8LinYO1iLtnZASJJFNtvCXRWuypjCDwuHO43NPlE0EeDg9K3FlKgaPLrfJVDdD94ke+tbyMGc2o5nTlK7pLsHxA89V0jGlzYuYlWa7EHLgYx1kPB5isnDY5e1cIEw9oSKCV6MIC4bDAgMBAAGjggNKMIIDRjAfBgNVHSMEGDAWgBRn\/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUl0y7ZbzBa16mDWuKgPQtxHrO4fQwGQYDVR0RBBIwEIIOd3d3LmlpdC5jbnIuaXQwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbvAkAoIAAAQDAEcwRQIgMpn6UZ8mvD6g5xyf+F5fym9DnkQ17M5TdZCVLIuv64QCIQCMNrRSjBrC9mO1Y+JamzuT68HFlXxk40L11UXVXyyDnQB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbvAkAwUAAAQDAEcwRQIge8c+DIGvYslEgvTaHFTNFTLWQa81AUWDjTUpv6ElCucCIQDvvXQXAtESMeC4"}
+00813{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+02361{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":120708,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU3eRAADQG1KKSMDoSwKgBsgG7194MY\/l9e2lAqIAYAfwzqgAAAQEICjpWqpEzMMV0sj8MR3f6AEvG4eSJYwdyZH+WlzMkaQB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbvAkAskAAAQDAEgwRgIhALgtrjRjLkR\/rAB5MBfgnlxpJdJt6orlXKGboRVTnCbtAiEAyLtEPTpk9WH5iPTLxkjZlpu9Pc64UCDjnXR+sPpDarAwDQYJKoZIhvcNAQENBQADggEBAJOAbpI1rRHs9Vy+P+VdE3UnvD+Jio4nEgE5RwbnAfNL\/DFeFOYeJPIsqbJgYdMVUVM+OpwUu1RJywIL0G6GM\/5cJt4ZhsAxSIVh24WiV7IvIewgPMn9QHngQK11QGNe0\/ql6m0JbDzZ07XZ5dersGc2crdH3jJbMOqQ0uWDIBDVQtx5+tWqfL9oSvAf0\/huPiJs2FMUWY2RGCX70zPWFZ7k8ciUy\/mtlZNYF2sFPmWDdoixexTZmY9INLT+JrBSb8Knhonc3RXjj078yiZhKG8zo3X6QeHtEVsmrjqm773cjUt4X9v8657NnF4IYs+tzCHkIK9+OxEneEGpGeV9yIQABP8wggT7MIID46ADAgECAhAIcLzFrz\/blZqRy2ru7+RlMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xNDExMTgxMjAwMDBaFw0yNDExMTgxMjAwMDBaMGQxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xsYW5kMRIwEAYDVQQHEwlBbXN0ZXJkYW0xDzANBgNVBAoTBlRFUkVOQTEYMBYGA1UEAxMPVEVSRU5BIFNTTCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXYPD9lDKTtsbdFHrd4QvyPCeKhKdzXxI1vgTB5B58IxAL2IN0V13bkCEIAej+1kIwRFp6A5O4FNz2M\/wkn\/Ip6IsNKWuVyKdB+SKiryEsi3aFS1WEGBQGgGGk+FKfu1TTwPTz9AlhvOqMxeNf9kmPV13XRUBaA2EQQSJFVj75R3LnfxFXbu06RZRSGfqL7RJ+0K6Ks4yj+H0drxj7kLH0Tn4K3zlcIWTeyEozqS1M\/Gfea9yxpAT7NUsfOPbw0e475Jo1bkB7yNp84dsFtXVtHEHPyYZdHNRi+RlL9FhUn4bVKHHAJWAScWq3Iu9HHkYbUgoPomaWoK8aufbbfPJQIDAQABo4IBpjCCAaIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFGf9iCAUJ5jHCdIlGbvpURFjdVBiMB8GA1UdIwQYMBaAFEXroq\/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBCwUA"}
+01206{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":120722,"pkt_caplen":641,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":641,"pkt_l4_len":607,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJz3eVAADQG2AKSMDoSwKgBsgG7194MY\/8de2lAqIAYAfy9pAAAAQEICjpWqpEzMMV0A4IBAQCpKDV6xHvW2icerJjPJzZPETJ0dOZA3R3N8mh3Na+zjF3GBL8V9CNni7lvlwTrRp3CzcnRpK6BLsm6seiA0BzJOcFWdllsnH3jqfDT0TTYPElZixqYzr\/G8tgwNf\/pb12grzruZlOuqoxpyL6ap6B72IJLMxPIB\/N31\/NkzZ5j+UInU64QM4lyNxXxvvceNaLOwy3y17LmC8dpwOUfX3xpm37OJhozRMO6dwU7ul0\/QYn6FjvuBG5brFZL74xw8kp7V70Zbos2B1QmLYYJlB9fN6vwIz+PLF+WnkdxqETeqbmFL7U0YKVfCaCaQx3Uvy1E1o3a\/XXLXxagDmHCcD02FgMDASwMAAEoAwAdIPB7qAaMm\/fsmo0CxrNApFRHHE6Cx8pT3J4Wb9w8CoFxCAQBAKAnI8cci76G3M3b9IApmZWRFO\/jSEMbClqXAxJdlC\/wZzoAkRwqgi24ko9YlEmXbZXvLJ82Cz7RPpPCfd2PouOKLY2hZMGgx\/jrz\/THxh7OHgeAdjUbACp2llJkvvcr+J5OKZF5Hvo3vLy9i7FXBy5uvd8IEot66EtTvn7G3xQRjEfJON9bfMjlCJqu1HmbwmvckJKej+c9+sz\/GN4eLD2R9MfqGwrfJDSpHT732cyPSRsDFk3bIt4OIvZPYkpMV0ZWC4qUniaKPjZW4yYqBkzLGs+wh418zQrBns3opFsRJWtBNx+lcIwRq\/dw4JdrMyF5JNu1hQ88rVt3GREQaFEWAwMABA4AAAA="}
+01101{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1620898024056,"flow_last_seen":1620898024120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","issuerDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
+00422{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":120765,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aUCoDGP\/HYAQD9JZcwAAAQEICjMwxZY6VqqR"}
+00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":120768,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aUCoDGQBXIAQD8BXRgAAAQEICjMwxZY6VqqR"}
+00551{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":173485,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAGq8rAqAGykjA6EtfeAbt7aUCoDGQBXIAYEABqiAAAAQEICjMwxco6VqqRFgMDACUQAAAhIF\/HGF7PLd4oa71PeqwdWbCmQkUFuM33SPqp0HH5CXBRFAMDAAEBFgMDACgAAAAAAAAAAJxY9EaQE4JdnXv+WuQRKkNUeMmrschODu1BSbJlK0sm"}
+00423{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":202674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03eZAADQG2kCSMDoSwKgBsgG7194MZAFce2lBBYAQAfxkKAAAAQEICjpWquIzMMXK"}
+00493{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":202703,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABn3edAADQG2gySMDoSwKgBsgG7194MZAFce2lBBYAYAfyJOQAAAQEICjpWquMzMMXKFAMDAAEBFgMDACg12fDxJeCXd6876Qr824b+5wGGYw3X4QP8U94ipuFSGwKBSJuzV30V"}
+00424{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":202789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfeAbt7aUEFDGQBj4AQD\/5V1QAAAQEICjMwxec6Vqrj"}
+00909{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898024,"pkt_ts_usec":203737,"pkt_caplen":425,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":425,"pkt_l4_len":391,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGbAABAAEAGqsDAqAGykjA6EtfeAbt7aUEFDGQBj4AYEAAdWQAAAQEICjMwxec6VqrjFwMDAWIAAAAAAAAAAROyg1R+yOb2MBL1OKscA1qMMo35N9e1mN7THFeq+iY0MoXpecY9jzfnSEvb4xqS6G7Q8p18UeCXH1c6pkb2pB1614qkProLIyUusNmtIvRtR4AMx7ECrIFgiB8HkS9gVODiVTBetp5APxUVwznc5ZcdvI1LxLBKAgYvr3HrSZYcAtUdKPD75oSTrul+JBP4AKyNCC+WJXKU\/ERpkDSkDLakR3AZlo8tI2iWAHmf83mb6yKGX1WPnUmRwUvq\/lH1Bd\/eI0Xw9cYMR5pInUK3WqxFPJZ6CAwXWXgJka7FbBRg7aWGfZn2+RXdCOethlCols54FWd2wx7iDWYokz3ABxPbSDYddb0R5yvndHF0SL93mtuXwaLkazlwEG9hMf1cArQDSIKfy4SRojjmZ0RnYA6t9BS0LeMT09jkcQARjhBj8QNE8beNrQu7EAeMHd9Am+9rpXEqabOxfzY="}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1620898025216,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":216193,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfhAbvK+gqhAAAAALAC\/\/\/8IwAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1620898025216,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":216511,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfiAbtAr8myAAAAALAC\/\/\/HXAAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1620898025216,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":216866,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfjAbsjVMkKAAAAALAC\/\/\/lXgAAAgQFtAEDAwUBAQgKMzDJ0wAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1620898025217,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00440{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":217296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfkAbuNFQaeAAAAALAC\/\/8+CAAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1620898025217,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":217638,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtflAbtmxM47AAAAALAC\/\/+cugAAAgQFtAEDAwUBAQgKMzDJ1AAAAAAEAgAA"}
+00435{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":246476,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Mw2y0GI1TJC6AS\/oiwoAAAAgQFrAQCCAo6Vq73MzDJ0wEDAwc="}
+00422{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":246531,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfjAbsjVMkLMNstB4AQECzNqAAAAQEICjMwyew6Vq73"}
+00435{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":246600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+H+SkNFyvoKoqAS\/ojjtwAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="}
+00423{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":246635,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfhAbvK+gqi\/kpDRoAQECwAwAAAAQEICjMwyew6Vq72"}
+00435{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":247725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+RZmQEsjRUGn6AS\/ogMZAAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="}
+00422{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":247770,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQafWZkBLYAQECwpbAAAAQEICjMwye06Vq75"}
+00436{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":247854,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+LVp22MQK\/Js6AS\/oitTAAAAgQFrAQCCAo6Vq72MzDJ0wEDAwc="}
+00422{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":247891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8mz1adtjYAQECzKUwAAAQEICjMwye06Vq72"}
+00711{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":248893,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfjAbsjVMkLMNstB4AYECyAIQAAAQEICjMwye46Vq73FgMBAM4BAADKAwNUREp3oPgfdwoKuIfn8T9IL3Q0lPOwn0i2RpA9kzJQCSBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025248,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00712{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":249060,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfhAbvK+gqi\/kpDRoAYECziaAAAAQEICjMwye46Vq72FgMBAM4BAADKAwN38WmzCQkn0KMr+Wzhl2Z5FrdZ11JNHPlkCTeGcw9T7iBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00711{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":249194,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfkAbuNFQafWZkBLYAYECyqrQAAAQEICjMwye86Vq75FgMBAM4BAADKAwO+AguydpOZseLQauZrJ0wQG6s9IakcGprgwqjW9VQmkCBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025249,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00711{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":249268,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtfiAbtAr8mz1adtjYAYECzT3QAAAQEICjMwye86Vq72FgMBAM4BAADKAwOpBynag4bHvb6E4B1bggTJAjWsrCTwDwH9f+CYMFFKESBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1620898025216,"flow_last_seen":1620898025249,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00435{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":251232,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71+Xyf4O0ZsTOPKAS\/ohPpwAAAgQFrAQCCAo6Vq75MzDJ1AEDAwc="}
+00422{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":251282,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM488n+DtYAQECxsqwAAAQEICjMwyfE6Vq75"}
+00712{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":252477,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAGq1TAqAGykjA6EtflAbtmxM488n+DtYAYECwZ2QAAAQEICjMwyfI6Vq75FgMBAM4BAADKAwMSRGkwxSrWh1AXeLtRv1F1xX\/qrFSNWIQgoRNChvQaeiBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWgAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAFn\/AQABAAAAABMAEQAADnd3dy5paXQuY25yLml0ABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00755{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1620898025217,"flow_last_seen":1620898025252,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00422{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":277000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bLhAADQGS2+SMDoSwKgBsgG71+Mw2y0HI1TJ3oAQAfza5QAAAQEICjpWrxUzMMnu"}
+00616{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":277002,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"KDc3AG3IEBMx8Tl2CABFAADBbLlAADQGSuGSMDoSwKgBsgG71+Mw2y0HI1TJ3oAYAfze1gAAAQEICjpWrxYzMMnuFgMDAFUCAABRAwPsrRSAynyDJAMgWxwx0z9xgcetJjhVdGJET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAJ\/wEAAQAAFwAAFAMDAAEBFgMDAChufmaJqWsKGMAM92ps\/ZOTSCEzeeJK8CkyjSWLMnefd1s1o61XugGk"}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025277,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00422{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":277052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfjAbsjVMneMNstlIAQECfMFQAAAQEICjMwygU6Vq8W"}
+00423{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":277349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0IZdAADQGlpCSMDoSwKgBsgG71+H+SkNGyvoLdYAQAfwN\/AAAAQEICjpWrxUzMMnu"}
+00422{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":279016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0711AADQGyMmSMDoSwKgBsgG71+RZmQEtjRUHcoAQAfw2qAAAAQEICjpWrxgzMMnv"}
+00616{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":279039,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"KDc3AG3IEBMx8Tl2CABFAADBIZhAADQGlgKSMDoSwKgBsgG71+H+SkNGyvoLdYAYAfxJGAAAAQEICjpWrxYzMMnuFgMDAFUCAABRAwNl5y0xVnj3wGcEpMGjxl4vdQ+sMpwN28NET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAJ\/wEAAQAAFwAAFAMDAAEBFgMDACj36wExvsy3LBAP\/YiXMB3TpS6T7LRiyqsZHiSk7oRYhrILfhny28Xe"}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00424{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":279125,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfhAbvK+gt1\/kpD04AQECf\/KQAAAQEICjMwygc6Vq8W"}
+00616{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":279148,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"KDc3AG3IEBMx8Tl2CABFAADB715AADQGyDuSMDoSwKgBsgG71+RZmQEtjRUHcoAYAfytlAAAAQEICjpWrxkzMMnvFgMDAFUCAABRAwNDgvxC7QI88WfD\/nmpkqp9ARAGyGRxQ4RET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAJ\/wEAAQAAFwAAFAMDAAEBFgMDACgXHEmxtB27IkDoCvL0h+F7c+f8TcRDsy6CqCzGChZ6FoyFzUyePTZb"}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00422{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":279180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQdyWZkBuoAQECcn1wAAAQEICjMwygc6Vq8Z"}
+00423{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":280229,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z4hAADQGUJ+SMDoSwKgBsgG71+LVp22NQK\/KhoAQAfzXjgAAAQEICjpWrxYzMMnv"}
+00617{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":281225,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"KDc3AG3IEBMx8Tl2CABFAADBZ4lAADQGUBGSMDoSwKgBsgG71+LVp22NQK\/KhoAYAfx6pAAAAQEICjpWrxczMMnvFgMDAFUCAABRAwPRJg31eab3ysTmSMYn2Uzral0JV5k11z5ET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAJ\/wEAAQAAFwAAFAMDAAEBFgMDACiGFID+aNZDU9nRBzeW4e64RViQl0\/5CtSyiQQA9zbWcZlcmtso2AM7"}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":74,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1620898025216,"flow_last_seen":1620898025281,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00422{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":281262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8qG1aduGoAQECfIvAAAAQEICjMwygg6Vq8X"}
+00422{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":284805,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEBAADQGZ+eSMDoSwKgBsgG71+Xyf4O1ZsTPD4AQAfx55QAAAQEICjpWrxszMMny"}
+00617{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":284814,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"KDc3AG3IEBMx8Tl2CABFAADBUEFAADQGZ1mSMDoSwKgBsgG71+Xyf4O1ZsTPD4AYAfx\/3AAAAQEICjpWrxwzMMnyFgMDAFUCAABRAwPCYZRZd6iwXl4cdgYsrZ94YmmQOpSMgWdET1dOR1JEASBsK\/pFJSBBcEfHwChWdBj6ydeGGd9YieHZ4ClTFbYqWsAwAAAJ\/wEAAQAAFwAAFAMDAAEBFgMDACjt7\/bAULNE+WgTgYfXfM35eOUAcSYTR3sQDPx8+RqIpuFk95xhuCPk"}
+00809{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":77,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1620898025217,"flow_last_seen":1620898025284,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":352,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"ee4ced3f2d15de4b5cb6fb0a894fec9f","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00422{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":284856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxM8P8n+EQoAQECdrEgAAAQEICjMwygw6Vq8c"}
+00493{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":328969,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAGq\/TAqAGykjA6EtfjAbsjVMneMNstlIAYECc5cwAAAQEICjMwyjQ6Vq8WFAMDAAEBFgMDACgAAAAAAAAAAEGplKDDq5dZCU1+NAgl24RRhhTnC2dH4NovV7siyYZV"}
+00495{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":329465,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAGq\/TAqAGykjA6EtfhAbvK+gt1\/kpD04AYECfh5AAAAQEICjMwyjQ6Vq8WFAMDAAEBFgMDACgAAAAAAAAAAKauR28IkCyStrHlcalMD1sWZ5Wn2MSRbzKA9FAoX\/hE"}
+00494{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":329920,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAGq\/TAqAGykjA6EtfkAbuNFQdyWZkBuoAYECe8pAAAAQEICjMwyjQ6Vq8ZFAMDAAEBFgMDACgAAAAAAAAAAB5maQfyPXhdVoS\/p3ZbXhW0o4dU+7tbhtuebMEjYedv"}
+00494{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":330792,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAGq\/TAqAGykjA6EtfiAbtAr8qG1aduGoAYECfaFgAAAQEICjMwyjU6Vq8XFAMDAAEBFgMDACgAAAAAAAAAAE\/vO9km5p4uK3crsogzWChkPhozARTO15XY3g+sST+j"}
+00494{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":331794,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAGq\/TAqAGykjA6EtflAbtmxM8P8n+EQoAYECeK5gAAAQEICjMwyjU6Vq8cFAMDAAEBFgMDACgAAAAAAAAAAEZbHL3eB+dzSTAFjg5KqGJe\/T9OH1qRPHz24jKlsz7I"}
+01030{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":337846,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHuAABAAEAGqm3AqAGykjA6EtfjAbsjVMoRMNstlIAYECfAFQAAAQEICjMwyjo6Vq8WFwMDAbUAAAAAAAAAAYXJdXghqUa2sOFD7CPtX\/KVo24XloEXySq5SNpkGWSlzVxk9r\/s\/g7wNoHviYAqdrP7Gz9pWHtFURTvll1Ae36pWxNSqCfJNHoGCg0jhgA3VWx3Q4Ze69p20E4r2M8g6n03LjSovskZUvzezT1EIh3splUn6vPbH+djxlixC4UeSwKTw9vrOJ6LTL2zJrtvfp4YZsx\/mfhkWeuzzPe01dSl2sUYVADWql\/IxfFwQnByQMacIIud0DGCCu4u8YlNRkS1Mq+74sZbApV6e+kCy1eynaHhdfs6REa+dG7nuHXnNgC\/oQkEG7vtANSx7gERKO+l75w068l9uf\/Q7O26bVYVMhYEYTcXOpQg0RuzlGwn81FnvKGEg0x1JnDOKJ1FTO4TQmmeTviKgyGKzEHGVsCKb0Ob\/qlevN18Z\/8Iam1vN1iP1rRp7REX\/1wzOEmMf3zsnJp36d0JYoiqTpmEyIIuQiQhESWAluLfEnIuNgjcnEHH+U2epjXC6oQcSVSWaZJ2t9PO6N3Lfh+\/xIZcmK6pmHs5Ry5\/Ym4QIzoSLdBVcp4Kh3Q0\/S7US0n5AA=="}
+00981{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":338047,"pkt_caplen":472,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":472,"pkt_l4_len":438,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHKAABAAEAGqpHAqAGykjA6EtfhAbvK+guo\/kpD04AYECdt\/gAAAQEICjMwyjo6Vq8WFwMDAZEAAAAAAAAAAZvKNIQ7WqGS7ktfxrGh7\/bXauQSy80jHeoPgPfZrAUvue2r9GwpkIRQLqrgBGOe7WCViyTIrGFxD+BzBgvl2P1qgNJ+0HzZWj83JTAM7aG9dGUJHW2dal83XlAKkLQHkWzDyYQ9UVF56or8LuZ8E1DFdNbeYd0I9DR6ZHTldxf0gITNs5obdzc\/XnDyFHrmF+SUA\/sfgq8BBruTvtNTx\/UGB00Xjl6hMGZAbpj3xh1cI7TyQJ9sXXv7GuGbiYxfOtAV11uTu+7zpjJYwdXIyjiVexDu9\/qkieUcwi\/SrwYPZeOjgn9EKyfvpPIYHa8qyAmn17D4rZkBXR3O4tbP3BtQlYxQ8VrZxBH9sZ8IMi5m\/p6rvUO0BA60Mw+952RH3c6NPvWKydmwRFoWZsTY8qP5j8650ZGCx0dFjc7SEy8HlgDIm3pxi\/WKglGeTBvc9IrhucB9vzBocHfXhr\/cs\/u2hpgMUkK3YGbtBWIQbVQQgQrq3hcDKkLyPjGCwHJxTdNBXLVIWUIpaw=="}
+01001{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":338213,"pkt_caplen":494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":494,"pkt_l4_len":460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHgAABAAEAGqnvAqAGykjA6EtfkAbuNFQelWZkBuoAYECfXJQAAAQEICjMwyjo6Vq8ZFwMDAacAAAAAAAAAARYUqk81+TtHfLkWZm440OPG7Eengkl4SwFTNMSd0j6m18WW9qXHCro9VOTTnYA5xEEftyc3Fe2qZyxa4ovVTrDH9CGzKsDMcotVO6mgbDgo9+aQfJMCTCE6kZRKUjuSzrMbc5I8wlXkwlTqbgCdSCM0T3T1SOOwAe5\/kVSIa7pLkWiVuk0Sn11GcaDKxgv2n2m5fTCu1A3ThSL8j1uaZhXpQaddHIwyTJ6cI+eB2a5sfC7k+BwHD4qy4LchATtTMV3QU66ZD9766tt59HcMjklYMknyS+49D3Oq1+sqYDu+yMARDm05HjPz87Jpt\/kOeiwNkhCgllbRaU3JkaDqLVqrjHjki\/Xhyxpkj3JsF+XKIbPPl2E3XAzvX5demiy1a6cg9YhgANAPokO0Hk85fdVngDj9EWYdqeSKRfg1FA8lyebrdOwLzOWSkcfUeaK8jOWgQO3vsrO9MVOjw5QWtV9VmR14\/OXzd8wQa4K+dd4pOoHngWLQpLv4osimMqgqrWZRb8qpP6MTYMvNUcV1pXGDl9enup+eGlrDKSgDUJ0="}
+01015{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":338950,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":503,"pkt_l4_len":469,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHpAABAAEAGqnLAqAGykjA6EtfiAbtAr8q51aduGoAYECcI3gAAAQEICjMwyjs6Vq8XFwMDAbAAAAAAAAAAAVrLdgUgcMtdPI0k41gJmGl9UZfuXNkIAPyGs62Tijh6t2wMu9ZzS1Ya2T8acOnCfrJ+TO0WoVlLozjaEjK9pIBLRIKf6iY6l5S2WgyrpSNgFXc7jNx\/8tmLr7mhwsJYGeE8x2l6tHJYgtUcPS+wbye988jivBs3IIdg1szvRRIliF1DXpyHq+HDbqtcHD6rybMrEaxZiIWrvhfzSMblkKYlgR3+43BO32mCcCKtQBuLoVzmDXXVbSsYnor5CDuLOzmnX9WB4a9NRQmTFipP6VP\/Fl0QCM3S\/xraUcMoZEXwbZ4G1mmCMx4R48zXNibZql+aGfGCF1BNaMpvykLz2+kE1X2GN1yeBgwpjO97eKLn9jCh7NTwCURko+lEoGAjxMOhV\/2K4WWTJBBmtRsSCxP6KD5IeqcIKSL4e7chH6as24L\/tqBodMVQtqrqkhMZUtADgJxCfK1oFqcXDdtnVIcyJmJ+SBMm1x8\/gqjgOom4DZNEQRq26sjXCBS4zbFxafdVrHNMSM9i95udbVwp9hLLiJ26k0kk06LjLQ5CkGBfwHJeCQhxP0E="}
+01007{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":340078,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHhAABAAEAGqnrAqAGykjA6EtflAbtmxM9C8n+EQoAYECeE5AAAAQEICjMwyjw6Vq8cFwMDAagAAAAAAAAAAazFaKFwpSAW+WeCDlOC6\/jNoZ4HtsyCWTWYfFM4PQcBtwsxBdYkq9uADaJCfkcQL4YDYD+OeLQOXbxre33oTpWFpz6oT\/sAgqzx\/DG08P6rIKDXro6ccKcB0i1iIm\/fh+iODsMtAunA6sCJj+efhP8XKiqxwlxjkv+cNL6rX4UToyOqD0UjztQF8+QnNNdsklGc8UsPo0+wVCI40mWD9zEwN+Bm32\/LKnUb9Rng45EJa7qGEuceFTCrkCl\/czcRrdGlpFUi2KfDDc+k5sDwigGTvgpyCJgMb5GbOBIaJ6F5KFCvIa0pncMEBgnScHY9lKS0nwha8Ng8hMkYPUFBkEUdotJ+eQo2jrSGA3Eqxdp\/BawweTk07bJ8J5UQ0Pje2v\/lI\/Ne48kT1obtu91jYgALzBTfS5ySe01WhkbgRBFR4gWFGC9IY6nCRidWqRDlPJKC6wnuYd3xtHa8UHm0B+GIHmrVDMspK1DcO\/W5h2e9ZvnveS2L7aGupnG6jCWkUKQ+ULk0rvyKa0DXkEPmP+4wpGZ63FLJF94MwLR4CkH5"}
+00423{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":354855,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bLpAADQGS22SMDoSwKgBsgG71+Mw2y2UI1TKEYAQAfzZkAAAAQEICjpWr2QzMMo0"}
+00423{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":357367,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0IZlAADQGlo6SMDoSwKgBsgG71+H+SkPTyvoLqIAQAfwMpwAAAQEICjpWr2QzMMo0"}
+00423{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":357392,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0719AADQGyMeSMDoSwKgBsgG71+RZmQG6jRUHpYAQAfw1VAAAAQEICjpWr2czMMo0"}
+00424{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":358726,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z4pAADQGUJ2SMDoSwKgBsgG71+LVp24aQK\/KuYAQAfzWOAAAAQEICjpWr2YzMMo1"}
+00424{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":362979,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEJAADQGZ+WSMDoSwKgBsgG71+Xyf4RCZsTPQoAQAfx4lAAAAQEICjpWr2kzMMo1"}
+00424{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":363351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bLtAADQGS2ySMDoSwKgBsgG71+Mw2y2UI1TLy4AQAfnXywAAAQEICjpWr2wzMMo6"}
+02374{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":363976,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbLxAADQGRcuSMDoSwKgBsgG71+Mw2y2UI1TLy4AQAflzagAAAQEICjpWr20zMMo6FwMDAThufmaJqWsKGfxmvE2u1FMOqorZnF0jN7bzEy2l5DXPMGGs7Ujrz7uSt2zt5zfIVtyfwZ7GiiHW6+IpchqTMt+v4lG8VY\/ChneDoii2nY9Ue0eagHEF+3OI1GVlffg\/PBkKnUtU5o6Bwn3ndf0Oo5jZvUjwWBUy+rSb17jhzJkcpIPvdD0x6yezIeMaArpaTV8msXsShbzgHVvCVlHfhxdutN4p\/Dl4VSPY3lHW9rE0FGknQaNJLe7VDLbyTQMXeoIOJejb388sh7lfgspqaGbgv1ydG5YBUzWuBBRbNAkQ4uj5paJCAkgkDbqqwPhNixUTt\/HNRR3gEx3\/GV43lFQYgIpnAmKaUBkL9zgX6HYNIizzU48Ubjkpvr5aetIiMEZ0Xgf6X80IoZlhGrgbHnySg\/Fx\/rCxKkEXAwM6z25+ZompawoaxE8xvP62EQRV3tkOtMsIMep2jAwLvCgrqsk7lKH6AfMdxK7Jj9xpbVQL5s6UReNi8zA6vMHxbHS36xLaV2yDCzVbR4tPdUjWOZfy0+6gcL9GPFsOaSUBXveVQ86JkZqBP1iuAG3yJgzk8RhUaqUIfyccxgA7EtupHlOa3ongf3l3HIabih2kSDxYxVJo2JXYXcBxZCbOypWF+axyltjZPhES05gMwaaQbzoGuLPi3WfaiA\/kEljcYmN60Nk7ardn\/PhecmE5fJ4X+3s+aIVoaer2UZk7IRbZLyDKm02FXNj+Rs0mXXNyD9ItE7GDt9gtBrMRoo1sCzyKiVmhwx3Y6h61rP+JjktCG8yxSHiUQyKJ72c95k8JfcHEwNr7Pr26uj1kR6OMBKgvJXIAyKnPVGdSMgUy6XLp6JkkV2TRywoL4JRg71BohY5Jue1ywQyjL7SWIB2GFZrnHWfHqlwqC+UajRVNcZg2OpizwPXMUGK6HupKXviBnvDq7\/4ZRwTPate5B0P3Ps2zUvcyEkhlyir5toEXTa4uPW\/C4aYOt\/uB84DSj\/iK1g0vOazUDUDPU\/tEieZYU6whzFemUt80toFezUoPU6\/kThL3LHnJjDXes\/x8krpThr2q7CJnsP4EAHu20S0Wiioutydgy0WhXUHBdRZZLsag9AAF+feXoOdkVJRK60ab3FVR++rIZuR+0fOSEvWs7UlWyq28py1yieBGOtyaOsUE3siMBMlNtfQ1r8xD5TKdgV0Pfdn6\/F3qMqnFUClVTykxlbEfn3B5a5tgBvL2P5HD5xi39mVevJqgdIyjQ3tpF0CdRydmhh2V6mD18TR4veA1xWcsQNsMwmbhJvGZyuYCnOqwM9FqpiAwiAcb0ulMNoM7c65jBMSH31Hf81zvsdokfHAYJVqiNI2F5io\/xnW0w6XEO9xpba6NuTzvn3vFByW2m4fGXjBGNnwnTyOQkP6I7YX4lXlOpopcBzAqnJh8JSmXoLTKqwJ1sQ+anJKOkOKzIavbyDTmXnfS+NUvtXYw4jvah+6\/+nh6ldg7lPn2gkfZWvNJ3CDv6EEO5BDusyJNPsoY2LGfxmFsjJBNqnWy7avenVi\/xQjVaj4+IpLMeXSaeDrDnLr4MOyAAMch6Us5LIWVYS8wmQGMxmmXj8aJvaz3AJL+Wt9b9UCxvQZiL5DAwNb6q8DqRFMi9CWL9y6fqHFxfiFJWpOeHBFTqfeYyMOM8UvortStZl+B\/PvF5RL1ldeDIlHuwIez\/q7StBZhzrLhlV7mj79JPDCho424mAOb\/D0\/Er+QxWlfIR+uky6s5sabVFn4aQMcho4mzTmHkbWcqtsalvHn7GTQ2bODzP66Qw5gFF981Mx2PrCHJXpr8yTn3UVCUY6cfpZHKHXEm0u7iPnIfW5xUbxf3aLzgZ7EL6OO4+ap4wUO+UrdZcB9oAww7kgle68kX5UJCL3FQoS327MpNANz+zAp"}
+02379{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":365224,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbL1AADQGRcqSMDoSwKgBsgG71+Mw2zM0I1TLy4AYAfnJ0QAAAQEICjpWr20zMMo6vGHvb8F+TRX\/+23qH\/NaQgP4Jo49fDULp1mPk8FtqsXuFr9NtjGsbfXVS8Tf2F8I3F7Lrl9CZbsP4vUM5plWbl\/xTJ3oD5B451yCHTiXaLKLypQBcvvvs0Qqct5QFHg+TXa9N2GDEi6YKxDUsWnI2grES2WpUCnpjVxWry++VuuOSHt0CzPdp7W658\/8YOCCzY2K+pLhuEp0yttoy+61o4SHbniceXAyxJKBE7RqS1vnpsKUgNtDcHUFPgBwk\/7O1FX6uVvCUP63C0OcBL+G+ZVCx\/bta+3kB+A2uaMFXn2rg8C\/VPIODvs+\/dXXWm+bgxSn1\/llhz9wPmGAeQL25YHAJey8uyInl6rmcAf5UfBf9QW1evBcpxHXHlCu5qBlxD2yXibvttV+zuLFZpd0l8TG9kk+1YHE7xw++VI1tqiB5Guhv6JCl4sK9fj9ZP2xJ2WopRdgZ3PuPBL1xh3IjvgTuD8+FjGE4i2EzKO17AVHy+\/vnDyVZuy4fSU7uXuWAxHTd3nvrxipdbRuO+vyyf4L9KSLgyiXUO9bwZuZLPneMFlwhqSe1AHLgXAnNryHVR8CJeN8y08r4X6W2fN2qjUL+qcBPh6SsFXQcwJfZcYSKFnZFoJWbZUeXm2mwkcbuE1PArOmecZ1txN39A7etuKvnoHsn92w2t6B6w8pM2q2Y7uyDGkg\/dFIIlW7enqq6LiKjAcOpdiYF2PxsJ7DBWrnb9bAiKemOKwPNJ5r\/IGkIpJ9WxPkWH1cst72n78sYTfAvOc6CAwM0tmN1Djwao5VfQy7cRVXDZYH4oEIAFPBPoKnQW0SJSDewxJI66\/Mnu8V\/2viGYpqELTC0LevOnz0L4H9Lrzj4iK8ZnvHAKLTTDwJUCprRyQ0rD0ZpZ8M6X871S94T4JSt\/f45CJIMBeEiwdMD0KzMpxO5EXKrIgPPIqkYIRgXIO\/ol289eUitNjBD+ihShycSLa3vKUwVvtfW7h8cJRxL6P9dHe2WB0op3q1i6rCRV+rczfRCVfdiO0sv1cHvHRuKNXpia3iQOgHhJb0rp+GUD73sNf4i4LGputmO0yFTGUytLLRSPpO1WOkvxKQ3r\/T6r\/nhZpBgqWABLcJGmbIZXKWimFLm8FQfc\/fBN0MJkSu7WWFgFcECJNMSUpT6VIpNaDxqJZLwNl2X7YmWx9K363IyKqIAIomX2Io2WS5wnRus3fMg40LlJ5w+ihpC7cILXi0ovDtOzURVK0oYy70AdGbWDQpTdzKCHj0GpFHvXTdjJgbeS47U6689yZgcJ9r3HszrFRdm366CdA\/6gduuPVYZvy2\/SFw8cYH6zmQJOKoSRVX41TkUI64zqUzS63zGvCZ3UX4VOIDtVsuZevZUgOzAWsycY5AUrljzdW06r6QmA1ozPmJLKEAAzqAJgq5sGqEYkwy+i44jDWWWgtmvQAlcZcgdBPvaE+30oYfSeVtYzTPCZ4\/FeJJVGA7Ue\/OKy6brpALFZeu6b7VULwLib3EAb7I6JOLimYEnilQjkUc5fRWsVSJyDz6J6Gvw1otBC\/TcDCAKNhY3AJYuhbFcEJhdltuUje42wkt5EjXjrGeo7m3JILo5XHHeHctxLGoDdxyixoeGc0WZBuN8DcXutjtrCnX4RuhYLsxJ6zaHHX0tG8J16yIq4\/fheQlYFGHxeaatBvvMzgIGbyj02gsmKvP1Xw02l8boyp3qEagAX+CaSwHWZy\/PZpny79T+bhaWDzCZff0oa+45jKO\/zj0uaFMXotrNw\/zNHJ08Ic4fufK1zme5ugesFZ1rIufAv7KbNJ5WLNFNhJBExezoqTycOVzi3aL4Q\/SgE5jWk5ARRC7+eFcbLf6g5sqTofhHobysAuomgUyWykoeYtYFZaObFAs7OkMgrgNkUg+GpM1lcW+NxtHmCld"}
+00424{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":365254,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfjAbsjVMvLMNs41IAQD82+nwAAAQEICjMwylE6Vq9t"}
+02373{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":365353,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUbL5AADQGRcmSMDoSwKgBsgG71+Mw2zjUI1TLy4AQAfkKHgAAAQEICjpWr20zMMo6drX6boa1jrM\/pYoF6JxzZOhb3rYv63rpPCO+b3yzMNDpfdxu37t178XGHOb8Os6J7vzfGE2U7bJ+jNfML5\/\/PP4NL5ZJs4ZPxOMBuyZX7l8oHG6lI8DZu0SKFVPuISZffaxT7brbGJ1wFYRw4MiRSjeqN3BXkM5GBnMr64L55fETFqxQfY0isMg1S5G+c6ggG6I0GZD4ChuCOt1NsdZsgRe0outwC3oAEnqfKsO\/Y\/0uQ7IKiktmwQxF+MaR4SSTsBSs7TBCnwHQ4gfdNnV1y1Y+B11uz++4hdiWG7W470nqk7Fu9Wd2TiNyLuyFv3sCDL+3rqmd7VSyYSV2TT26wRQ+wNEzBesXx\/KgRZ+mAUBqZQ9cPmcKmiA8rB88MvtSqzz+AzMYUbhccWbGt1C28GjOghARWJ8AsRO5hlUWzmVw+ufN54lAYWT7Z11ytT1snbALQD5wcmGOnesjzuJ+YAwAm+7R7OGMypeZSO9fBtzxzDNPLFYn\/7\/sxK5t1d9dZNHFlyIOfBGgU3aY8WllsIeiyuvxDh3pTx6ncKO8zE5BfSjY280R5weoW4bA7cHhPTtSaJRgVEfhml3NIj+XgtCrQhPeJi4HcZ4Es9crcEul19BbVsnKoBqyy9r5d9MDPtCtc8GCKxbtu1Vf2lA2Jk9Re3IpLepKlSWOorIHvvzzdQscY70JP1wfOE5Ir+6AvmGd6yQJfKN61T3gsfgV7\/1HyiYgHlAQ009ccMwMZYpZRuI4jAJkLA+ZX616iPrUBMUiHgDaArapSSsb\/Y+HX7VnbtF\/uSWbvH516jp0mOgou2kdpyDYAGiJGdkBEjyuPc9M6zaPPaPgiR6Rvr5rZxzhzTh\/l\/bZhjOn18zu\/oiZOIAo1UjniWOfY+dbv8YRexyFoUtUGppHtRf00pzfsmb9KHMP5rCxEomolqSr3nJcZ8ZiQURIMKQ8UrybOs2WSzF\/0yjiOfXkXwP4Sp288O41rCAH4Ad0Y3rOMF5KOrtQvTQCgSODw7cJSExBwVFfIGYy3WsyiOyL+MGNm68uOZb7dEEaAt4ak80YZYuPWGDfJmOGTOen9mtMUm6vAdUrzvW8n1yMUPzyTE2kQfeIQbUQzM1FVBI89nVseZjnvSsletQzr7A8ulTTazF6GJ1VmAQjwfLZeqgmqtTV3nnNE8qIZEx5L7l\/2SU7FLTeJsoNgiJw0+v0ZhvpKWuSx6wBPr+5tRa96yT77RhhkKjI3vtcOou9F\/MVXAWOOKwHlTQ791biRchb4I4u0bgTRyNS26ZmjWAIq8YofwVszKXrJvJ7g8C+g7ziclLVRdbYXXTwhySpsiQ+t4ru9rgI+jHtmvbZPDX+SG5x0BNLgXBGCHTnqXwumt24ZyQXKMR0AlhNSylgBsgj0S1mgIYwxeWCjLIuuVdvMSg6XmnvVEe5BoYC54wy8EWnyv4\/RSDsI\/MXaWI1B986Tm4q3Ay6Wd1BXO5\/JHfuZ9ArLIN4c3UoP4ElCTbrlk6Czc8l03kRjpfcCRpDcIFZ50\/lrEIBwFnFVxu8ZnCDfVk9BLAJaB3oD\/rCx7Q28+chVXerK7qL0ROSLT9aLex4jlDTj4mg0HFpgBxp8I5MB8ITrSA3NFOUTTYFUCCRmIPx7Ap70zyvytkBjDdI9Ju24ly3MVPLIBgimOkM9JD6e6TCQZueF1B11yz5uoScLHGMtPcUzebp9sZ+SfeprN2QftHzgh15XVRdxMl4A9cyWukcmpHVK6Jdbwij3LALOFl0yyx0MN6kT\/Yndbw05utHLBfyrrDyQB4JKp+bTVaT0AXqPM6tIeYAYS9TFUs+UM9Djj8VSRVIpZc+E+1pbU8C5pGidTpGvM438IBwXXYWD9B39vYNkxmNypBxg18B1OUJUhn2jAwmXAyD0qF3n5IRnmq569H67kza"}
+00424{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":366601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0IZpAADQGlo2SMDoSwKgBsgG71+H+SkPTyvoNPoAQAfkLBQAAAQEICjpWr20zMMo6"}
+00424{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":366602,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA072BAADQGyMaSMDoSwKgBsgG71+RZmQG6jRUJUYAQAfkznQAAAQEICjpWr28zMMo6"}
+02258{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":366848,"pkt_caplen":1413,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1413,"pkt_l4_len":1379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAV372FAADQGw4KSMDoSwKgBsgG71+RZmQG6jRUJUYAYAflNkQAAAQEICjpWr3AzMMo6FwMDBT4XHEmxtB27IzABW15Cs6dB7jkXgq\/xnJSRgjzMF1Ou8GHWNiAe2u2coGxqlA+yjTe1NAxr2E22EJS65OsaoMzEo\/4hSX1eJQE2e9xvPKyYXft1Wnfzj7aqUExdFfzcxK2DdCFwcQBKo8wnyYK8WHT\/6YTVuWTBnqdTWBwMZjsZpL\/aBiyhPEjM+Hrj0RjKLNVpnB1\/NWaHwa4qLeKV+NP3H4my3hytGWjJqKceU9Kr05fQA7QFKDO40S7PLZ1\/TKpXu6d0Mkvd0SdviV4iuBkQmBgyEyGtslQdeHXrZpRbVVZKPw2zNrVOD\/L0MqqD7ZN5+\/raVjdi+dm14Mu8nHptT4H6NN7NJKDZ8EdQjQClZ0mVnG+CiWI+ZnUDelVMUdQ6l4KFL11e3DoviFxsow+xmwQj0l\/w7rxiAtiexTLeFMnrkVt7xvKvGdlNr4WMdtFFrEMTZK4SCBOjEmYP17IV0\/C2vqlG0\/SE2J7kM\/UOennRG7WBLhDZwG+EKFUbvE3\/9Li7jIfSddpa\/dAswixGzpPIslYaa8uHFqr6KpX30wxOR9JcDOTNAYnxm9R0IsmzGWrZxoHHyKb7ySlxVWZfYcaurPblV0FMqE88RxDIM9gTvhEZBN+35aJ9iA9KY8LqYDwFQKC5EMtbmi02fjsHlAINoscNxqZZN6UQzr5FMFhu9SL4v2ZXwFAUeiC4\/FwaltSoAICyYpccwhkKejoYy5mEyR4+ByR7TJmouH2d9MnfvcV3ijssJdtIjx6L8u8mb0zPu1v388kwlkcls4k5cYY344YkC4j6P9YHwKg97o0T3rpSQ29htqqhDYS7XEPRjXwARWApTk5g7NS+Ie0wHy8gvXdUvenX1h2Q+s1ACttJn0N73Ft4ihrxkD90bv5zFDpKQjIbbuB\/ph\/LT3E3u3\/aw1stdWJpG90V40giM9892BF81ePWyymN\/FWXcW1mpm\/Aj7FFdA9RK2FlSe1YWuq6gz7fMdahG7Q571ofLoWiYnf\/oR9VfUKY6DUl5d7c03RHV7+iL4xmGff4geMKpyR8LAWVaOajektiAkP6xc6xZlNiWTq4TM1gCWkNWE\/J5ocy4IDEeWwytIhMPP2SnjcXucx5XxTsARZvoOgnOLUwIvOwO0fY5h8ky1sk6Q5GsK4Q8hMMITrgikDNsxvMP31mR41rNCHxHrTRRpvXjZgkDURE1LrMOT+Z\/aEuME7TLiaw+s+M+5U7L6+jOK5bnbCy1nHbi2dc5LxMaElD9YeF9Tzqtrlcnd6EXN0TQuIofdJiI8GauqthW1\/jL1fNGGkSNPfRkRaAufrTUOT1tAZTFux2jbYuio4SrKZJ1fcRm375KcmKsZjvzLGx+SMQR5XOPrrHy77qE+uAfnD7jTpJiaUq8zV+aIilRmNMnZOHqyranXEjJUy50AR2F1YfhRAJBb08WIW\/aky5BQ4W71c1ZJ\/KGfpJt4aUX\/5ZR0yfhZBMMr1OUCQoGgQdvWFXGjl8C66fgHDOpT66JQO5fMwBKxkJvkk9DTJES5l77frCMozoawvX6HF3rgw0GT3lRM83WfUcBq+3v63txvbpOVQELVUIgs+rFqDtvA21Ta\/gB4EK3NmPrrqiBA1k2PJo81Tc4ekJKhTn\/z4Xg0PN3Mf94zabprcLihil90V0O\/Mi918x7K5XioV54uQYUHviqbmPYa5y9vsm7cQjOMvwUTBAnT+91Vlo\/nazTyL75SCtTxD+cH1k5db5IoZk1SKnE1X6UzbQP4klcXpFeHQHW584Boqy0xq\/mRk3cqku"}
+00426{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":366884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfkAbuNFQlRWZkG\/YAQD\/0gPQAAAQEICjMwylI6Vq9w"}
+00425{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":367099,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z4tAADQGUJySMDoSwKgBsgG71+LVp24aQK\/MboAQAfnUeAAAAQEICjpWr24zMMo7"}
+02385{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":367729,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUZ4xAADQGSvuSMDoSwKgBsgG71+LVp24aQK\/MboAQAflblAAAAQEICjpWr28zMMo7FwMDATeGFID+aNZDVLoE\/cKvRJmbgELOKKZ2wdGaWJ0jOukrZ3iqzMgi\/CxrxBjXmKhMJtmKRECiyxvM6NYBEy\/fU7Dy6uttdkRcDdN5jUyjKJGnzGPmjfoWv7HS4rvTWgyq3sgkSBuNCjTP58Y5jnxfIC5xR50QkbzU0ZD1kgoMrZq\/W12l3vpc\/K6nSTAxYQsrkh2nANqo4ebBcEwy5R8TTzupXt\/d0Y4328X0N9Oq+wkjwgnxX8\/Q0SrBqfjYbSeu5HNvDYEdeyHDgGZdCM5n9mMYz+gD3LQamT+Sd4oeuWN6gMPplIeq+HeyvphkJS0rjNIHpc2vxFY7uonlAUNnVPhmzLZaD4PWKat1mZRw7hwKgDG4gP0ASFND1KVSNNe2NQMLYxHn6hzHmNPzPRsHQWIKi\/7LSNq9NhcDAxgUhhSA\/mjWQ1Xx+A9Mt48C03PZNTcGzh6Vsq8rsvaPumXeifg5Qicp9deLulLy5Nh2S+d8YWZnopVJRF\/IWMTcu4bef65uy5tu+XopayKuAeyImZUwlQEZAGFWrbb0O1WzzuWAbOjzpg527ZQt6k3EcGnDICaNcOHFo7q2chAw0DozGQ0I36M1Le\/rdbkLKAqWBSwQvrFX6trgYezrSSSfEKp0FvO9AQvNARvVpZUk+0engz0OrJN1AWRX7IchWPdnYqPF3hHou++jXdRCJlstK4j4LR4e1Jl0vLgFEZkXyubs0ZV2DrgujXewSPfUAvpP1AtGjVZg5VfnTo0t9VHShti1HM0gylpZiiWOhaL1t8Psc\/Ism+OHUXY2ygEhFuzP3HxRwDVT+T25Rgnw26ffnZsd5BAUj15WMr4H1WqiqblHXcgmOqvIjLZnduWtnqoAcMcVpdSzWmpA8CIaZpCBF1cLddl455HDnb2I3ur7pVlLTiWL+q3eUlC7TDdaBkk3q+c1HBhhNX+aQYcmGS4KDQDd0Q7veISnpo\/b86QQIrW1\/cLrSxiTjNZAiqe72GzOVr0wk8liF8f+1dW7Oy5b2vWl4dCVhWmKtFV+OrJyR0g4XINU+t4ilTt5yNfDDY+mRRGFzhZlQYvy9rPJ5UuI6LYS\/xbTtNe0fA1S9q0GjUnwoa0xXJbz5BhSe9og9X9JZGXny571edE062Gu8zlBaeJQc0PIlIHE\/NDNnUdgPR3xiZ2waFUsxtdouznu6buKmY0p8\/qC\/\/XKDvVFVchAp2hoOGHWNz0gaGAZ6\/bUtxzicREK61\/07NLVt0vWQ\/rabQeWRYsdZNwoER\/5RXczWqFkUlsl6Di7C9+BqkO2sBnls8xw\/ctEoDVYTlnFYA1GXODjL8c9b\/qf2J8GDTBwoL2vfSSRPdNEe47Wbi7E7LZH1EP0ru5UmDuGhfnbDgHu3vGd9K0i98uEFOw5NttXvozyRW7mSgA8qclsZEc5C7cwWnPLT\/caUkhC+GFRua+H02nhSB0LyEmaWPA6+JBFkCDZC39HcIIfWhd2K8LDZfrFHlbPjB56x3fPyQ2ukWLmJvZgi9rifkfUAANjw73Mx1DeZmr31k3PZGH6gHsEJWCk\/lwFRdGb\/BcrLRoCzfkMSt385LpkUIgwxtunKrHtlysP1+XkXnwNbTJ2pCttfyFXBVGYLvWiFjSxUvYc4A6sTCnYfVAsLxlgJFx7b7iXhCzJfpJgBid5pq7lr8SrYobs\/aWbQ32CkxEVC+Xx\/bbJXSY4zOoK8Tc5Mw7xtxCfcx1idDWhYB2cdV8SwY06EY+ZOjxuuNf+6mpF6dNw2BgN2sgGVza26IkSn\/16s+u76a\/MSYPQhx3DBvwjplRFN4qu+H5UA4bbh+CKXv1MLzWz3md\/OYzc1u44LLoZI5DD9s9IMc7w5jNfH0Tp8\/Y6qOlHC1AR+EqS6qK659HfjIo5o5m1O3darxW8oxlZt6Aa"}
+02382{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":368976,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUZ41AADQGSvqSMDoSwKgBsgG71+LVp3O6QK\/MboAYAfnnqgAAAQEICjpWr28zMMo7sdKZQ8Jf48ta9cjt26a\/I73JzzT60SsWa37e618z+J6ZsSsxgYDT+G6ds8qmcv1Ws+aUkXixdr1i+JfjK3ljM+Xm5+mRZhNGuCG1EHnAqTqIiK0SDWgMj3IJAUW2A\/31XmfLG8WueHZx7U\/0PtQQDnPqc4xtr724dmd7c2feCM+css1+UaTxxwcMz8XDFraY4sO\/1a5mT0pVHlT0wYNGzWS\/IS9p897UzuF6s9eZfJXn4+AHuor4\/9gjcZipqRvjS6qWqaRxVuyjTSgzVoYJ2uuCWoo0EvbZMhnJfZ4LerYiKi9Ym6xcAQTrqqwG4LF1iRRIFQSosvocWSoRb9ujdOIvkYKz\/sm1LptuQafu8ll9+eHfzubdVu38rk\/rpTa\/EXvcRL7mfDWuOKEnR5SxTIi5UCy5L2sXKQoGmhDPc8Rxmxt4RGhmNr3kl7lFXgA9CC9CslccTaGNv6LHU9AlVAyaODjjeHkvUjKY32CHPBpNa4KS\/SiJke9UsJpo4ivdxoAP2ytOIWcFg4TWr\/GTHV4A1gyxAl8da8mk8skLz\/K1Dju6TshIbMYJLBjKrGdKtNOWfy9EVYCJiy3HokB1PX69Cxt8NQ\/OxsdKqwZJlWK6eGEnwQeoKW1RIo2l6Jik2Ygnwq2fr75TtRTP0p2iYYfzfLuwp+M0IPK7BFLnLZRP9fDKVAIsLPR\/04zevIBjXNa9DEpSV0HW0pUfUuX3piGX3tq6O8nFfHlr0I4XcUajA3i3hxnKkUHyREof9oKMalYMJgvbJmg8XBw9hcCfcgrQ0rTQ+2KUBgVS+eLna5ZhNJsPfLTyPSw4n3EuDLwpPUY8W4kPSCCRb9LSoNRi7s4AkKRyfni1AkiXIfabyv76c4jsRF\/JVXH0myqyDWqAq6as7zT1h8DMTvX3d0PyPt2KJgxahJWNOQuA5El42ldb2G5z8YyUOQ3TtGHOyInJ94KLg3jUeymuVKMiBJRx1i7fcsBaYw+7C3t1JtqvQmGZvTWT5AlUbbgc6JFdZV0KsrYtzSssIGb\/TjfB0bUGfgZmw\/Q0W30++UCfzKqVB8vsIIvjgqXelZqLhxQwzruOEpR8ndRPPKA+0FSYPBfxRtnY0CTDqcjx4uUuVZPmFV0GHIlZfe86lYtE0TSSHgbccbMXw47ch1HmZkkR2gOLS5kwK1fbjclFzzs\/1k1kslTSO7iXIejvjxt8VJeAGvOeKgaD0Fg2XpbRa3+EJG+vvyJcEDo\/mnM8R209RHF0haxC7b6IaCLU8\/XVtEznL7jRvqhJvotElFbebUVAa3CbvFWMZPY9s5lQ+HBBcd2n8pM\/stW0qR28tVAVvyn+Z\/\/UME5HPe7Cj9tLPosMgyH2I8J3cKk3uYs\/JyobyWfO2tEdZXQ\/EWgZz58hzBgO89kXm0WxvuYhqKr8GFkNeaJ6udVGs8\/CkEju1Zrx5qpmbdTS1mS2Tj6V0OcgQbbyVmGAWwa9a9gHX837D6+ia470LvzEMl8kar9Ehe81Haqo4nkfoi0nUNmoS6+onZl1Wc6IS0fWGVFQgEV4avFvns1szSHgqQBsCmqusJZ2rM37z5aprNdhLXRw2mE24PLlOg7X5F\/8+cf8rTRMFlQOeHMlykWC46UQgDWYm8DBNsxGAQZvZ737r86tSIoC\/CHjRwJHXLdknRTC1cKiB4PxzrjlLntQYzXDn8ieXc0XS2hAWWaArTvtAhE4rIS4ruWiE+kMUXywY7CFnImMVAwN5X7lhkA+mlKalEmsD\/1zDzss\/HarCeD3Q3lPI9Mk6yD+iZrjwYOz1ZFfzgbPLlrrFoiw5kZjUTLBkX+nX2kSzudyHeN3HLMJzqYVt+ogOsOte39GxphhG94mqRBACkLEAf8SOtbyayPYXmiR8hyFK7YNu1k2f7YrIDwa8TsR\/qfjJjKG"}
+00424{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":369011,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfiAbtAr8xu1ad5WoAQD827SgAAAQEICjMwylQ6Vq9v"}
+02377{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":369098,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUZ45AADQGSvmSMDoSwKgBsgG71+LVp3laQK\/MboAQAfnefQAAAQEICjpWr28zMMo7T2b\/3uN81am7qBMa4bLiz7BNIFvrLyzTOaPH9Eb7QxT4wxu+8emo0D3G4CBx524kwk9bs6S5AzjyNMZQZW84roANaw0DF4DYMjAf58MnxHiEAgoTdRngJQR4oND6XmJWaXggqArVPj0tcS4VHGVM8VLjOtTwf+0Kugo0+ME2JJ\/bGhQmn0xQhjOIDUDzKY1tcTt7Cg5Yswe0dPQTtt5sk3UUhrfRcCu7QVIXnByEjtMp7\/0YUU62utIFpOW02+0DtZ1Mklo7Y2Zhs8UlLjBG\/D9wqco+mocFNCj8\/BtTv5qSUfe7OjBBrtK2Fhm809y3+ng6m2hDYgDOyIYg4meKVxMuOtjRfkvOMOhp3EgVX49xVQYrBN7CzRVKytwQ4xIZZUCH3uShULhuT4WK\/DU4DqlfJ3ILxK7t941hUSzjwWF3Fryi5IEfL\/Ef8KYWgA2\/k76NeDm7ehWkH7sqpzCiG4jTkF+7d7I97wqvHmVUUB+8ywvI9AbDd+qkCLpqswKpnT8tySJaHtrUHQuAk0\/SUsQQtmXSaCoTUrBtwHc0v76De\/UBXfcK8+IWNE6bSWPsZnqy2y59OWvQuOC5vkCiwZBKrugtsDW+EHlhUMeHcvLivRTiyeyn1HxMCbK6XX+rPsCvsPvIeecGhkH92BFKRiR3l0oAYj\/NrjP6G4sqS34BkueiNXPzmveYXWOVXhBHthiVESo0aP0Mn8ldazyv8uVdTN3ba2fSpl1VLUnPFOtd3Q3eznn9yRq0+QIFo\/CB1238R1D6YnXn35wtpCXH9b+YJum2FIMmYBkAlPi0ndD1U2c+X1UFbWMlbcVcwXwpfGepZH6WFh6mZZkrT1e43jriNnXEBFcWeS+9zFWcLfZbIUyJczjIcmOK8RjWwX9SvmMUgpPMfalxOe8OBTcEG+OajCd+I2pHGtsFhXzOvCUqerzed5I6GKgaL3rGP8qgaRJJG2h6yw\/gO9fS+fiu9cYH73vTNWu\/BfUYTVkQQrAZA48lS2e2qVKItN0pLeS2UXzHQxjR2aNPedXTjD3\/4hzN7BxjJraNFAt6y2xmSoSd36QGxS96gldv2wHlnzTqhbfugYPgWQjmPD4QgneC8jHsdUoRJgbMmOMlHOFtOgw\/\/Ct2LEfPBrAlgAkEXy17xkyqvLJ+WgYcd8EV2rY0ZeXln4EG8FPKxLxrK3qGGrC6C8RAs\/2BWA7tqxFlG28DDApRCP+1MbEuUS1QHpOagdn9fg3TQ7TCa4NsZ5v0AOOflIbdqjSY\/KWe0TdDYuOwdjp6YXsM5Xbgrnwb7Vx4cAwy1uIstLt+Z55uuzOYOxP0Mu4V481tr9hKaV636KgToQqr12IqP28xrJNMUu6U8qPjkb06lf9dlmtgB+u4OwPGxdcD5VCGoljuKA+oKDb6xgm98TGfhKZWXytNgbq\/KSLP4cet+36nQZgol2xHno3jBppq55Glw+xXM3Vu96CyFLnj4ZNcboogHwJT6NmKuIkM\/EOehVfAy70GPZXQvQwPZ8bIHb3Na1QolXIHjYJyr4NG4+k\/p59jcCdJXtv9KUvy50f5MvukIE1gnwiKv9DHKF9DCODu0s\/Z1hRCfkqCwXig9sCAs4SAOEQIsCrD5V3kOj3AX27jMzKmROcURnI4Uk7qMqdU7OHVbK2GFs+e41QcxPnRc50Z+W+PvrUwdPcNC5bZ10RqMI+RTriq1GAGhbhu2hWZUQ5BMEcK6UP0UaR0kSXN6K6kNU2QcH9sb5N7FYwcYTVr6NyQCw1ph9W7C6ppJAN3uy\/tVoSLWiOSSxELLDWEdk03CK2bVDzLLlPc5Vlh3rehGsF\/JsV9mLgDfM53jI3cH0bzAUYYAubKm0D8SMg4IqnTNv43y75RgoHQzzQO\/0szZGs6gGXKnqDwfcHBDbUgeAnpISVTYqc2"}
+00424{"flow_id":6,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":369236,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UENAADQGZ+SSMDoSwKgBsgG71+Xyf4RCZsTQ74AQAfl22wAAAQEICjpWr3EzMMo8"}
+02383{"flow_id":6,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":370229,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUERAADQGYkOSMDoSwKgBsgG71+Xyf4RCZsTQ74AQAfl6CgAAAQEICjpWr3EzMMo8FwMDATbt7\/bAULNE+vXUmnEXDFJbc+mK1bJKrdvZ7xVJCSq2zcBEKfM04L\/itrPpHH\/u+55SLWriCn5mrZHr51tlUPrPfZ32KYh+hXbIlNnQtNln3t7lZ+C6LYVvEOJSPNsWyN\/68FZh\/A3wHYiE6Xnqe5Pg\/xKOJVmCGzHox7AXRWDwahrhuicEJbj6cDpr0e\/IFWew\/1w30J\/kMi5gw0zJKH7dgebaGpUZsyao9z0pOCEl1+d6rWqg8Mlkya5GMaSCKOs\/f7x4Z04HCEH9w999W3AlZoBX+94E1zi+1PgjoP69cf\/rFsp1EadkQ8oTJfHDZmZUxkDF7\/GJmhlwtIqONJ8gmF7eFN+HVu670ehD\/t3OfKoQ6JYApAevuKWUPQ39qz\/68a\/bJOxSnMMBzA2rwdCPUl4nPIQdFwMDEBPt7\/bAULNE++5oRi1PzNe6Xc4AfB1Nj\/7IiwG9XNywSRlRrxmCYqQRttiH7mKQlVnRUPRMI011bj7d9q3hURYN+xCaTcgR9EYCho939pljbxKNYEecNJ+3d93+wirKpuK4hhkaymYb4l7F9NIOy69ZOsDWX8VpEm49oPxyS60gqVdVh5+ax\/6TTAW7vrrwDneQoMkqHHm0Q8fdwpCMKwv4Gp0gq6mmbdpkcwAlMVo1qbNL5tcc+EMBmXPahLiDppzMk2moIbijc56jTwh9ucOGvEO0IVChFiBK0TE0IRCgZBNab5Ub+VxzaCkSldtzDTrfkxXI7qHVko4xD5cLVfmYZwSZDJ0npx5VKF8C7J8S9138f+s+KHsrITBic3rP+gkCQJj\/OUq25eOQbui4968DUpn9amXd\/HMKBqXOLqA5VZLwbUhrXwK7YqV2syzT4g2FtqtkltEg+Tov8YU3MDNTDDOBq1xX998XC89rFG\/XN7O8eIfzImy2idrkdIJfMwBI9UT98Fnud0IquTiPAd0C5+LSK5bZ7lugTpLg2Q1wqWkzXAjyEN8QItiWKwNXaJAYVpmRJE3dsDtycSiyQkAC8fsVse1NIoTCdn2dYxTwXBiv9MAwctTqeEkWW9y\/2bB1T\/UkJqAep41FYFFmGbCyECAdKmGZgRsjhdEb1DMTQcJn80jsJlOrgFubVxr1B0m0Vqqby0NB291Txlu1x7XlUqAjNDPfc7J5eO\/glF+I069SGLGQ8342HJ9Cel1tsyHVtvIwUhdSCtruEIE7pgyzpH+pp2HJAVVK6SFpXLhawM95nyD0pQwfO82LoOhmmWUc7I\/0+BF4E9ZRZ6GW\/Bvx7gTnGBiZE4EwReRwSlGG4mzqtteqP2wzYgUK6kTe4W1E2u7neMyyBhN3LRm51QHtJ+KCCu5cwhKOCavFSWr+rHSVPBEXKavxdUWAqT\/wB6ZRsCn8gN+g7uBrxtcLsAwoZ1g3soeAqAR5V9GgmIz1xgtYucoFYEf2Oh7IjHVYo68Zf6qRUvOYCQFC9\/tsgpg64brPYvX1lBPMwa0Vcohm4Of4xkw1UhKBBvkeuvyykefd22K0Z2eehxQXF1KCQ3bvEONLrItLgAnkZhVdJsPGiWZwWJcTdt5z5c6XwlKFBAqzvrbAEqeW3wNPPOrUI5icX61evbEk+dcI0CUqNDcX01E6ekgmrwU7xdvsleC0vn\/dZj6Cy3uixokdMTLI2Nmv80DIAp75itTLtLgCA0VQ7DTLd3qW2\/pTrHJ+ZLVCa9bjKrX+9w75NvQLL2U27Ut0yQGAQoQNb5N+hbdupW+bJACkjWbrtqx7uaY3W7dls66tYViwHIzofX14E2JlWnpuHpFJp0duEHf7D4g3B8EoWG3HnEVIaKH2dqafdUwltv1JunNh8uNYNbgsjoBX5B\/xYrOjNVZNWiDRPnNM7IKWUw93O6qF7XNrRLE\/IYhra+2Y\/as5f+8152hvF13YqStE"}
+02384{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":370490,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUEVAADQGYkKSMDoSwKgBsgG71+Xyf4niZsTQ74AYAfnN4QAAAQEICjpWr3EzMMo8dsFSed0ZHQgNDfDyzx+pydoTpC\/Gue0W1E8dbWPkklPNUfg3D2nMgC0GCtV5hnYSON1vocBU6TWieYDAS8J826ZG0k+eDh3\/jbMTMwdQaeH3WtaVomWzfEtMnB28mVlEWxqNLmX4bO6ZC\/NDa2QVLXuE6ob4urm5jvsluFHD28\/0\/nLG\/v2QM7dFZ56knEKhcm0CtuEDhQI+oxqXqvijHn5GcbRnahSdLNVbO\/48pAYJ+8ikFXJsG3Wh1zEiPP1iQN1sCmXo5vfiKZFzDSqaE8WVUlzcqFvNwzo\/tu20k7Ki9OVVAl398t\/+ZiEM4XA6ddXofRe9wCxCMxVA7nlh9Q2r0a2L0sc+aAAICWFUyjEt7ALUGqgaRDqlyBeHie8xrat3i5MRckLgC4R4mN6mNu\/EbgPHKfwimeRy6NNCXkSQre32EKf789WqQYBNfGjUU02S8+r2x0P+DEEHTCEUNfKvaFOLeMYWtudadMc\/RINIWBaBaJMCFHlIheynSLIEH3IQShrck7Y6yy4\/0xEXnuhHP9MZkzQW1Qs8FxdDLZqFy\/OoLD\/l2\/5MEtZhaeOcf96Hxu1CfPNzk4BOKNWbJelWglFJewJvBAzvQjpGZ0CAF5nq\/NxZyiqxlF9fBHy78A8LWvg\/uHQpKuTrk1XfX9J541H2AAJiNP47GEMLN5ow35T3I8nLi12rssThqJUCsiKJkx+1pDmO8m7a6GPOFnmFtaWLOidXvqUgOisdZLKc10nSuaaIvWdGBfnuGd2M4gtEOZObu545CNqd95iQf1UqAPWKZJ7nsG8EjcTQ\/zP2azHnayIdPOJNia\/McVq9Q1ZP+MFjTOK9AU5EPBJhFopdVDZKpjhG6tFfOwuL8v9GlpJQCAB8A9C8azEZ6u3irsURyydmEc78k+\/cIcbJC+O0YG4GbJPQp146MRhqKjqfzTqDUfBG4g44GGiDq+MKVv6yOPb6lLb5hXCstmKiYrW04eqZill7jTf6FRnLWbxW+BUMFJLAIVqUiUByjvdt1PWyzsJtz8CCD0\/C2m1cEimAXwGKovCZx4JAQ2EOTTha+alCi4XdT49MFVghJiUgL1qH5YPAtfWO130sb8suCBpojWZJdgAb2oJMtqwxnaVxhGmwNw1K\/OwmZeZkaAZ3q619nUMoOrnVg+bLjvw5kKoKvDqw7Nuh0GxPclJix41ec1L\/lmJnwvaVo2+XTwism322t+4QyfyLxNduQOwKeaDqzTYPbNH9O3UmQPBG2xIoLPlqrTlimvwFwSWIqtq07vGgR3AhmvtZ4mOdvbWKhc5jWFk5URIIGoTX+II88vvePD\/XuziiORpiCqVUUYPckMyrinXiRdC26\/6DcaAgILoyyBGZ\/r54aI9gfkxnV0JZkC0fsYmbMvk279tkRy4tSIYLiPpa0O\/ri7dvf7IaCNFOJaHG0dQLz63TmUv2LnmitMRnRaSaFU2btsw7FQPLaaBZEP7Mp9a1ovC8oz0\/uFyvqgbdtXe71to7O3dhVoCNnjybB5dRhG2Uvuu9MycjgOL45LdVvtoNYn7lTogjAmBIhSfoLyJGnoPcGo\/0Mi4ElWEoTtrYn7XVKzeHgXtbWx\/lm6cwiKnhsVN5Uo1+sTXPqw32XXzjbMTae2AvwOFnq\/dpfgY1Q27D1TBz90aPSz2tXLAhpbvkVKYbe98gXjUQTjX3+82xr2qRrm2Q6zi\/CESy5GYUZgOMkHmtOII3BLWoy0MEItUaQdrgP7nyGuE3gdn4cScKjg21ghnsLYlJ9Y19z2JL2fh8UxmZja8YA8nMQRiUk3eNHcHGXvur11p84ncLZL48Yz7IlS+pDIeA1lvFvRTdLAdWdxebtSzwsd3YVIl28ItVC2mLmt+cWH8aIt4bJ2fkoofOGCCZ+5tf\/\/WxT8f8CAvOl8bdhY2z"}
+00424{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":370526,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtflAbtmxNDv8n+PgoAQD81drgAAAQEICjMwylU6Vq9x"}
+02382{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":371355,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUEZAADQGYkGSMDoSwKgBsgG71+Xyf4+CZsTQ74AQAfnzJQAAAQEICjpWr3EzMMo89Il7rDT35aUij3P6MFw4xR4OeIh7UftAhRDgHxyVKvfIpRbqjRQRyXFtShi\/KwA\/WckNYlba2klez5EYUir5IOIocA6K0aG2nQ+C7+raPjfCL\/nSk6XqS1fpHvMOkj8IfvqNskKUixcCJ0bXhBA0oaBm4V0aa1NCPEcSixPxSB55lQAxZg9xwILwKli6zvJyesmfZK1gO3rRKrgd5sK8kdPCIOd5B0iGHTBAB1MTrOvPGbxuYQvssxbkJ1v4GE1n4ETiJiruPE73o\/ONryZPEJrkhczScqI0h+s6ltQJPg0i7b+TN1zn0JPB0396jXn5HqcX19Yx+Ruv5D9+E7WDFvoQvO22xXOniCY4rLBMKfnhJ5\/H7EH1Nss\/CkGY7qERIxd1e59cQ0DcUHBQlWhu35HI1Am3mg2s9xY5ul428qjuCQyW3lX8YbT82a8Aq2tOMZ+U4j2dDnOnuy1peSY3RlFDcLY213HnZD7KFN2ieLNsrw4IVStQWNeVgJUGC2mPozGSWeHbAGnuroIyLuUrNjj7oUP7+0QOLOTqqkosLLYG8zUpke8bN5dPe\/st5\/SloXQywEfDY5T64T3nfOE1b80F7xc4T3VPRa6Cj+9vfrUQuBUfe\/JHo\/RcZNemiRlR3qsJmdUOhgG3i8jwqPlY1InLWNbuuN8zIOy14nXpED4457olddlwwJqQhDGCt\/Bz3kyOq2M6QN877LOrU5V2tHMmhHdi1xSFxLFg1njRinIDnArLmpZfa3yAZMpVKeM5aezKq9lgzKgeptlb8XX8Kk8hjQsVrWo3x0sf7vHCVqoiliUkR6ZFEjx2xDoMbH5Uepo6IHToOzE+qytbDAVLBm\/UXnmcCjmiQZYqmlIYhRmmEE60Ksm9n\/Q7KFVAUP0qFwJzD+a3E3kRmnxN1UidDqtTTd0BhQIZX5\/pqkfw5AkRSo0nB7IlUL1KxjQUfYAjV526cSpJelH7qV6xJKX0k0cF2iWvFjkagRK0R+yoJbXOAK45hyfiCazH+ap8ope0gSMmcW4G1FOusdYYAwIpeG\/cjlFYxKQUp8QtCguDbJxWZTbJM\/NvKhX9dZzQB3lYUsPJUm5yfbEEl+rzkSSyqmsUNGRNU5veoqbxMdKeMEDhUQJvOEWvakASXshrK+PmPB+CbpuLzc+zi8OLjoWFYs9YKlde22qlZS2hT0z4V+RtYqy6cMD3hub3sgUoI3ljKKv9ihfgprwtA6GkrEXbpfjyPAN9s2oRYixbA1w5exUasJwyZi\/wy9\/TZ\/K2HJecVThu+tkN1zFi7W26rZP9vsF9WS0JOzAX84vq5fWIKP9+eq88AhuXfVppVHcuh7zzXciFiDhS0uCAZwcKd5KdII8eEhRYC8+\/H+hd7dKcEKKQ1Sp36URuziyRd+dyD9LhDf0mq4EyC3Apff7l63CWeM1IChImiIBsWtyMjXZEoNvUdE27qlHwOg2LhELi9uE\/DOE2TRkw\/yfWzJoTEf2iVUcMPtLOMvf4mo8xHJE44i\/I93LwI86iIfik8b9ZeVLbS5OaTBf\/1pIYolFaGA4fpjle5FkffSEcG2LF5LMGfU5IvIiviu662VzZYUClR7RzwhSXRRRTIjuRd5GWov5leApOcsdQzYL\/FBtLHXO+fuxm0pm2cBn\/Z7TDZQ\/QyzhQC8aFdI5F+DuI7ptZUnDJafY935svlaQGl+OQ0K01qiaKwInCLfh9PxSndSQbD4pIVhz\/EIe5GY7Hi6iJhflUd1JpGOgaQLoK6ZPNRZYs6W\/GdQ8KQBfpAKyJ6kEeOnGjVn2sunE1y5uBTygnJdOPc5OajNziFmwrdYZWYEDmwbrTilayBSg5laHgYOZxxSs28\/mEhloTL\/Vl9aIUWzQSv2dwejei1x5tfFNyqNor\/GzK6QN58lN5HFiURZ22imN0"}
+02373{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":371602,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUIZtAADQGkOySMDoSwKgBsgG71+H+SkPTyvoNPoAQAfkX6AAAAQEICjpWr3IzMMo6FwMDAXT36wExvsy3LZ7Gl0dRhHVYhYAVCU5JEuic6j3YoBKBxNNARdFjzNbnK1OQymSo+pkkszSmK0HVICpyg9kQdL0kDxAJKPuGXCtp6EZE0xYtMr0yrdq7SJfWD71P9AkIFAk9CvITX5SH1BREkCY8O4UBMKtA\/oZ9N9O3VNX\/Q16wrIRmS5dNR2hI607e3K44w98qJ699QQ8tJwcHQzHwrWFJZNr8QMYziWXvlNQYBCLs6nsVYHSh6Jdo54mNPyOKQFV2w6RQF+hIpdHQp5hC4v8+Xf1e4ww\/EWZHVcg3ucltYEMOdn8yFxj6oEzJv2jtgLvZKRTmKFaL9eAoMy3MNpsu4bff8MoCAROr8qEpYwjWS5Y87woQCGesAKe12KH6xmaWHGaiPWNK5W+dqFG4bJEfqL9qRRhEyL69PjYqVYj2DxjmR\/2I7xZqxuVgxvJ646SkuJsTeVRoIHoG151zSmrtSjAZc3HsWRrKSQSxnmgP\/3HLrH0XAwMfuPfrATG+zLcuD\/XjqLrYrIOpPCXEVrn4kIWQTwJo8d6EcixxS\/9hRiBSoim1w2y+cDTZdkUh5cMm6ftWi5l446kfN4D\/v8J+KsfWNzxpPFn1Bu9u7o7Djj+S6pr2yyNymB9jWpO\/4\/GjoAg9kWVrVhc6xODhVFQyT9Hzsa9EiCGpAKdZDYcUevkgmNh64th6MUO\/6O7Qet3uEFO11aWWastYFcKLT94cR6ZExa8LYsYDZ4lDgq9rlRBCv2yKAsV3uqbSZYAAcyzmZ6KjuAZegF24ioVUj7D2diQTzgrkY2WLQmnytpmYQ5SM9SpWLmDeZVF97F0Swud5Qp6h6o+GUftCnqFhWn3Kqm9E0SCoc6e5iVPbO1PVu\/PJcec9bBfelFl4qWKDU1gMyCfuklBY8RsJkq7qdKG7XxTMCzEqNRdHgZNS0y5kjdw2O0MkjUDe5PVrBxrJR8vqoSNdbNhdrPL1l\/cFfJNS5YZUIAR21D9HAv3Z85H4NxjGsMk6NbYrpuZlfrN5Fm+j8ZHHuc8GShnkutrJ08uiJncBKwIquLx3C2FaAAXIITdJNmjuFYadiJ6cuBYodAZBKXPMuAiUAlTw04f8ZtkSUsS7GRBhn5YYU\/h2BP0eACB2tZi3lNDTiv\/a0xWU2n3uLlciq46knaO3GLT1GAOS618vSLKB250ATYEyd3YNOg3SpmOMIlNJYKMUmheFrKCYJGlTXxxBu50e26vSfFY8dwBaJ6V2DonBSaESTIQyKb1ctO4Z8g+e7X9Zsp6lPDbReuAqBhsAYS9GBaa0nFpgZlt4Fvzq5Sbt9rpq6\/KtAXg7BV9vTI\/NfZFVcld68T4kJlGKSQKGdri787vxbxbxcwpQCF\/4g2Tr7jNa9VfedXSWTV5HYo3hskJabdioUmco87PfjsrjptOkWmuUOwCCk\/q1t1BieoxI1r0cm40n1SXEyCTXK1UDUhJYVqfM1aJqCJyHPGHtgzXqerLOfQNxQt+sZ5e+ArZnBuSdOAOgbmLt9RtZitSX6qimhimSBswRDWFkJs9F4N5TkmjZuKbfaaYGpMyEhlKL1Np4spJxOunD5z7U3TP2j+biAziAlrB7pzAzHmNoUrfeh\/ndDhF7jpRSFCj2ZPZ3rjgQPQ1IzrrokF6Ed6454bFvnsSL8kZ6qWUPwIqlc1JRljSNLZhsbSFjnpnGzJ\/Wuh2SQh0\/LA1T1t0T49wyfsKHdOAbQjKAbRepdTyH74YKN6y0wZ3QB7MPgcK47UtZ3uwMxxEXsWSh3MMw0luPEsrHoAz7IqJrzg3CeJCuS5zM89A40bbY37Z8ZVfZlkA\/g3Aknvso8fKQXUeLW0kzqiAXNwaB8SBkO4BRKnM+W2N9IV1yE34ozFBaYoZbWNgiL5nvfCMq2bf7SFBm3R0maZlG"}
+02374{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":371727,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUIZxAADQGkOuSMDoSwKgBsgG71+H+SklzyvoNPoAYAflu5QAAAQEICjpWr3IzMMo6xWed\/9jwpYijIO3Sbyid6M0cfACq7c3Ssli1OVmUNsHSI7Ap5Ltt6RxvFVfc8FPMmWSas2lbxKm9ldQErK0qXI+7bE+Z2P9PwXJ1i563Sez9o+ixCmtHp4nevLubL5v7AADToCz6AeQvHFjmM0GwnPVhQXtuWW5q+0FmITm9\/EeR6fnxfUbQ+k+TT3k7RuQIrWLx6ZZ0zsI2o54yTDoU2NO2FNu2mogyBtmPuabkX34mggbktluYFUOi082nhsbHOQw2zFeEh\/\/OeSHONp0WPjjhAQKkNX0tupiKMYOzRdxEqR+4eADjlsY5w+t1ZcESDGs7uJPMtqeFxuKvAk0tYZc44p14UjqcPcM+z9v+ZfceCDYmZOskYxwkgqU78mFoAmOGX3+vVlRtAmtwVwb1ZOsDSHmW+Owo\/AmD9pw9QKb1TOQpsjbmYmofSYnnHgnDFFZZ5XJ6Na1PxyZsYd5WxUgzZ6dv+nE7FfD2GxjpNIpd5JwQr\/KmHLiUEO0TJ7qXZbWTZhpfToe6ydt4JoWidURqYuwAqSAU8OjvKJVOvuL+rMPzTXkkGCvySnCUSKQoE606EXdvO0zaYud0q+SmIaAoST3kyEn4e5bq0xU+eV8yBe5ROfSoWguQ5yvH\/oefEGSF2IaZ4Tl5zEmPiKulPzRQRpo\/S25RUWGFLGJ7jFk\/dgmAvqfO9CfUJ3LtaduZm2Fasb1I+M3MIl5ekaihJESPjISMAthbY6cSvGCUVH+BPTlXlRsyEPyuXvx\/aO4qGSKXZRe3Eec0CiLlrhyhI4W\/abNyn\/6JzBSYs83Bm419os+aA8ZPxkP1M1hHflXa6KMNlmANwcWRVNeOMl53Ch\/0qNzSOiXT8db3T1EmH1l8VQCDAMG6JvNxskUNP+mTpu7gVv2nWJUdnm+9CG7GLo06kYgYvQRMR+kYkwtFvd2LAH9clrh0aI3EoVbo+yeBRwuYnLpnkLvIz6BcnWdYzUCoM2wN99onqmShZFqYrtAtDoX0E1gzkgktwHkScx8Tddm2xq9\/Y2hPCcX1AgCw8RsCbp8GJSvThDkoFR+EZOM2Bil06RPTVPzlOh9DxsMvXM4GLqc+qktjUWwHxbot4eZEAxNPLTqo+0noIDaVlTp738zIom963agUTALqdeoSR6fZhH0EhbWYdDumWRMx7WI0P5vFEofb7jgoLilYxEmc8udGZg3R5P+38ThDNTRo7uMFwUHgIHH4wvOgklp0M2haGwt32cWOxrOkDUiRsv7eMeBXS2rWVxIXGTtzcW3OlwP5GmwDtnwsPh5eY1mrwzRmPsirJpw\/ISjQ+s62R\/J0NM7la6VFqoKnxiv2hz76XmJJef7sc3mZDeWa72YFL53zac8mayyeCwe6P0TOAEXXJdQKmJiaLcqno8QLEpqK\/pWmDjfAlNb+x9+cOzEE0j99CfZyoNXcYd4Gxd\/mJfFERgEBlkPxR8iDLsggsc0nSocVPhB7lswDqZQYitqsh+MeDwm5teUVTRmgQfbznLvDBq07N4W\/tGOjhXERNkMaZrOjGGeWCKrWsML8d4MWSKVzBDbDBjejLa0QdhjaScHzT8RfRDj4ve9LKR5KR\/yEaCL7NrakqMcRXlRcAOTEihcYsJpuceXyBevdqYw\/cbicq\/I4ihdWMWjr41Jdmw9rTdpTKUIGdxpseqbHQ5n3wPzwRwT1bQ4kL5muI5Bz3gFlTS75BTF5ZYQnn\/hCZVQFTS+GxNaa4DsxFRext5bYpihF8UYA2mM6Hpa9EMkyfI9Ch3StyGqFy4xa4x9cJcsFVVgHlQEUyUjjByNivs4MjlYC1Q\/PgkSV33tgN9eVYcFj7kK+JkCPV24POwPSsFhwv0btnhs6rlDZ9w8gYT9VcSuyz+WiI2OzVt1j+WsTEM9ccu2HDJLWyMPsew56mI6G"}
+00425{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":371760,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6EtfhAbvK+g0+\/kpPE4AQD83xzwAAAQEICjMwylY6Vq9y"}
+02374{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":371857,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUIZ1AADQGkOqSMDoSwKgBsgG71+H+Sk8TyvoNPoAQAfkUTwAAAQEICjpWr3IzMMo6rboAiOYGBtKbjWDMWZRfNRPxvopwAoawXvnkeSSf7q1l8bLAlKo93udldTodezm4D3CcVbt3Whd1jU+TQrbaU9+K3LsIeZYlpuatNslQKRiy+u2LD+plWfvfVL8CqRV8DU0Div8JUwXNnpfEPg5D+z5zcuvKY46JegCSNDTAEh0GtVjhuDd8QV5f0Cnf3vHeF\/Bl2SMysyydNv1WVF5ZEIfNZeCVSVndRGsehnMq4BzbQvpOV\/BI+tPiHXa4RChn9zNxEGievRGdAn0Qb13IXY1m6fXvq\/cZAyatmWsccoOv\/Nrj3NVygPMCpBpQQu3Yb2bHD8QYPLiAmFokrFKxD5PZUJL9OV9blJ7mCwoydfNn3IlW5l+Y+gmQ4K9IFEqmqnM5pSNYFt2G5l864a10XHWb+dTB\/aU9D0PcRAmB9KHpASHtHIhgRQzHgOiyYgOyLDXMFwqY0OpUZDqnmNi+A9c6FCkhcVwUoc3xDwwr3gQ5\/WIHSUfuz1naE8p9PEl3OVwIBusEswrdLsPcVERUqbkauAooNSWhgROyIz\/yBD5383VUboWl+ITMmA5rGj2FkKJSFG3khTfJgoC5hlxpM41YbY9WtwxMBSvf9uXC26SMrNSatsh670\/wceeE0YCdjMPjwRSoBy5bLYDMaJskxEAf0SfxFjsugnf8JfeYjkpE6X1Kg62WSw\/CYJNUPdRSq1NCxwsrXwC4AEplnT6r6apteQfwp456Jdv8ac1PZYVA2rnm\/apiUMXVHE2XXu5GzozOOaSUCF8vaKohn8UO1sRBD8mDEsh8LoxsnrnQq5+2Uk+2OzsxsBxrQQRqC+\/Qs90B9Q3VfevR3EzJ968Oj\/30eLUJjHzTHcXIRvWyx3s5sAthlhRPxQmAE6Vmz2R21\/doJ7PatDcOoSSINZkl8umOQ9uLLYJSlhzSYbppZS6QwEIV3QEUj16Kdmg8XKwms39lrCLtggnEMeXhOA8cBTEn1q7f1dFjIxl+q5hi8tIWmfcec\/kZYRY3BH8qZ9IS6EDGCvo4TDMAVShZkvBj\/VmftPkEzBdzuWglX1diTJFlqeSI1SMOHZVabe\/Buw\/HxyzNedRdi7KxbVKzFI7c38cMiK4zgvKpr4DDPSTMIP5wPo3XgycMaaghY7X8pU0CzqE+viYE2FAzOGoemq5zwvR2jrBDqrrHs03aorru2Zcdh1f8U6pIcLUiTYEF+\/a8nmcJpv9uFy6nT1XaVcP4YKF5RFo63DOT4p2NV1nEu23SEBbG+5F0iUH2rtOF4YaVHGdCNhotS2t6OsI4hoZWDeyUBpSRWCrvXavLgDxs+yNrGInRBEYE1uQkx5SUR0dEePBlVCc0R2e6RMCH\/9uZFokCMXxV3CYVXl5p7nbQ15j3wX6qIcy14IpSF8dlBoC+cPb6ddsEyMKbyzKwLC7NTWArvHkenwDHQJprUJK3\/WFy6aYxtNDoxuOtBvswCl+A1LBxAxS6iWjLC+HxKpXAS3dOoYeT6pmHmyrA6DCiXwlffmmoJlNCRk7DOR6EHdtUeyEsFdqFSflae2HZNAM2XEy9BFY2rQRvEmqukDtpDLTOVFWn3X1fwPGuSms6ToGEKe1\/PZir9VZFrwic\/dV98ajv1rVh5qCZA6r6LHGXPEl3x34UgMwxg\/djIJLhPm+P6dMWi1pA+6b577SJHqs2Xv0IF42LrOIyWMEG3FsY91TcNDXn66u3m2CoVkGtrDB+vNDCyJqOJ\/fbyJUOE2j5SK+1UJW9fzUoCod9xmCS5bDOKdurK3RFS9EiKHDDqTr067QpdRXXNntYp5H32QwgeYLF0JJ3Q63sgiuVCeEbwTCEgTE6DqzDNSCPqObKNKmIKiCRyhqJma0jiuNYOT16NqoKho7fdxyd8zxkpVQNccNR2Q3MaxcD7xAvZTpbDZPQ"}
+01009{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":483096,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHjAABAAEAGqnjAqAGykjA6EtfkAbuNFQlRWZkG\/YAYEAD+UQAAAQEICjMwyrw6Vq9wFwMDAaoAAAAAAAAAAkK2MkM9Ny49jA2qHxHIi8zPEw5ch2nszEGVQNBn\/Ifc7zGbiWS7qtm8euzhIXwBmfy7ktdlEL1uOIfVzgYYBTAGUA6UzDkb60gerG3CAQ4Kbsz1o4lMC9VNM4rEKXz+1EhICv55wq+aDVPEaXGUYQzMZvawx7xbLh0KrkXIxnCSkIk5IAm7SnYUqFU0fpoUc3MkoD11jBR3Mtx\/mkLHJVKl5HyA3JcdUjbT189eLiGN77bk\/YLpGhQljABKbCPIaK3Rk9jMoa39PZt+sR8OZ13GuCAnTYUDaLA3hEJZ31qAkhjvrDiELgrGwwqV1rj1uV8GwrKB4CBXJizoDask41FK1D5b+uFWEUlPZ7M2g+XOH5goEmYn9+\/hMRMe9w+OUXg6r5cNulH1RWn+yt2EExCXeFY5lOzYvy5qbomPwdUci0lM6nYbYPTXFD7+3Jej1LxFeIqwcY\/JKg+jrO4wmcvhSSiZfvW4F4qSzPc2UAZtV722O78WwOqkA9z7iUfH5PgT4kNu7B6CsUPVnQC86hSgoG++7+unflEEary2DzLutHU="}
+00424{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898025,"pkt_ts_usec":512858,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA072JAADQGyMSSMDoSwKgBsgG71+RZmQb9jRULAIAQAfYrmwAAAQEICjpWsAAzMMq8"}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1620898027036,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00441{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5392,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":36438,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Etf1AbvGGXtuAAAAALAC\/\/+JoQAAAgQFtAEDAwUBAQgKMzDQVQAAAAAEAgAA"}
+00437{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5393,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":65042,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG71\/XZbafoxhl7b6AS\/ogqVAAAAgQFrAQCCAo6VrYRMzDQVQEDAwc="}
+00423{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5394,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":65158,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXtv2W2n6YAQECxHWQAAAQEICjMw0HE6VrYR"}
+00745{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":65849,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEfAABAAEAGqzzAqAGykjA6Etf1AbvGGXtv2W2n6YAYECyxoQAAAQEICjMw0HE6VrYRFgMBAOYBAADiAwMa4UcAStjcr1T8QU4\/RokhU4ObPfNgIZ\/sGmPR9DSx4gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACR\/wEAAQAAAAATABEAAA53d3cuaWl0LmNuci5pdAAXAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
+00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5395,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1620898027036,"flow_last_seen":1620898027065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":235,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00424{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5396,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":93791,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AotAADQGtZySMDoSwKgBsgG71\/XZbafpxhl8WoAQAfxUgQAAAQEICjpWti4zMNBx"}
+02364{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":99664,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUAoxAADQGr\/uSMDoSwKgBsgG71\/XZbafpxhl8WoAQAfxbRQAAAQEICjpWtjMzMNBxFgMDAHACAABsAwOJynoGwbtCo0XxS09HoMeio\/47ter7h4BET1dOR1JEASCEnyEqiBKz80DuJ751m\/r4OLp6WvY0V8xPsFwHQJxYYsAwAAAk\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEAFwAAFgMDC8sLAAvHAAvEAAa\/MIIGuzCCBaOgAwIBAgIQB9wL9mjgc3TVW2Kkapy60jANBgkqhkiG9w0BAQ0FADBkMQswCQYDVQQGEwJOTDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQ8wDQYDVQQKEwZURVJFTkExGDAWBgNVBAMTD1RFUkVOQSBTU0wgQ0EgMzAeFw0xOTEyMTAwMDAwMDBaFw0yMjAxMDUxMjAwMDBaMIGAMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFTGF6aW8xDTALBgNVBAcTBFJvbWExKzApBgNVBAoTIkNvbnNpZ2xpbyBOYXppb25hbGUgZGVsbGUgUmljZXJjaGUxDDAKBgNVBAsTA0lJVDEXMBUGA1UEAxMOd3d3LmlpdC5jbnIuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZlzbvmWRC\/N39zrle66Mr2+Xw9uz+qV\/sjWmZqrnwhZzOZlZE4J6seHFNBcYbGHtIIOuio8pbbhTX9iebS9cLK+dqE+SHXAnIsAE3IZDNZlmrfI4UgCGByRHLgUtkPYMP5hrucr3XgGSboROYfi+zqZRLx24KJADZSc+sPhba2p4xS\/eHnDHp\/kG5qQ22v1eKoZ8SmsJ3n8LinYO1iLtnZASJJFNtvCXRWuypjCDwuHO43NPlE0EeDg9K3FlKgaPLrfJVDdD94ke+tbyMGc2o5nTlK7pLsHxA89V0jGlzYuYlWa7EHLgYx1kPB5isnDY5e1cIEw9oSKCV6MIC4bDAgMBAAGjggNKMIIDRjAfBgNVHSMEGDAWgBRn\/YggFCeYxwnSJRm76VERY3VQYjAdBgNVHQ4EFgQUl0y7ZbzBa16mDWuKgPQtxHrO4fQwGQYDVR0RBBIwEIIOd3d3LmlpdC5jbnIuaXQwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vVEVSRU5BU1NMQ0EzLmNybDAvoC2gK4YpaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL1RFUkVOQVNTTENBMy5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwbgYIKwYBBQUHAQEEYjBgMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9URVJFTkFTU0xDQTMuY3J0MAwGA1UdEwEB\/wQCMAAwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABbvAkAoIAAAQDAEcwRQIgMpn6UZ8mvD6g5xyf+F5fym9DnkQ17M5TdZCVLIuv64QCIQCMNrRSjBrC9mO1Y+JamzuT68HFlXxk40L11UXVXyyDnQB2AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABbvAkAwUAAAQDAEcwRQIge8c+DIGvYslEgvTaHFTNFTLWQa81AUWDjTUpv6ElCucCIQDvvXQXAtESMeC4"}
+00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5397,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1675,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+02364{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5398,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":99693,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUAo1AADQGr\/qSMDoSwKgBsgG71\/XZba2Jxhl8WoAYAfwVewAAAQEICjpWtjMzMNBxsj8MR3f6AEvG4eSJYwdyZH+WlzMkaQB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbvAkAskAAAQDAEgwRgIhALgtrjRjLkR\/rAB5MBfgnlxpJdJt6orlXKGboRVTnCbtAiEAyLtEPTpk9WH5iPTLxkjZlpu9Pc64UCDjnXR+sPpDarAwDQYJKoZIhvcNAQENBQADggEBAJOAbpI1rRHs9Vy+P+VdE3UnvD+Jio4nEgE5RwbnAfNL\/DFeFOYeJPIsqbJgYdMVUVM+OpwUu1RJywIL0G6GM\/5cJt4ZhsAxSIVh24WiV7IvIewgPMn9QHngQK11QGNe0\/ql6m0JbDzZ07XZ5dersGc2crdH3jJbMOqQ0uWDIBDVQtx5+tWqfL9oSvAf0\/huPiJs2FMUWY2RGCX70zPWFZ7k8ciUy\/mtlZNYF2sFPmWDdoixexTZmY9INLT+JrBSb8Knhonc3RXjj078yiZhKG8zo3X6QeHtEVsmrjqm773cjUt4X9v8657NnF4IYs+tzCHkIK9+OxEneEGpGeV9yIQABP8wggT7MIID46ADAgECAhAIcLzFrz\/blZqRy2ru7+RlMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xNDExMTgxMjAwMDBaFw0yNDExMTgxMjAwMDBaMGQxCzAJBgNVBAYTAk5MMRYwFAYDVQQIEw1Ob29yZC1Ib2xsYW5kMRIwEAYDVQQHEwlBbXN0ZXJkYW0xDzANBgNVBAoTBlRFUkVOQTEYMBYGA1UEAxMPVEVSRU5BIFNTTCBDQSAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXYPD9lDKTtsbdFHrd4QvyPCeKhKdzXxI1vgTB5B58IxAL2IN0V13bkCEIAej+1kIwRFp6A5O4FNz2M\/wkn\/Ip6IsNKWuVyKdB+SKiryEsi3aFS1WEGBQGgGGk+FKfu1TTwPTz9AlhvOqMxeNf9kmPV13XRUBaA2EQQSJFVj75R3LnfxFXbu06RZRSGfqL7RJ+0K6Ks4yj+H0drxj7kLH0Tn4K3zlcIWTeyEozqS1M\/Gfea9yxpAT7NUsfOPbw0e475Jo1bkB7yNp84dsFtXVtHEHPyYZdHNRi+RlL9FhUn4bVKHHAJWAScWq3Iu9HHkYbUgoPomaWoK8aufbbfPJQIDAQABo4IBpjCCAaIwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFGf9iCAUJ5jHCdIlGbvpURFjdVBiMB8GA1UdIwQYMBaAFEXroq\/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBCwUA"}
+01207{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":99759,"pkt_caplen":641,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":641,"pkt_l4_len":607,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJzAo5AADQGs1qSMDoSwKgBsgG71\/XZbbMpxhl8WoAYAfzL1gAAAQEICjpWtjMzMNBxA4IBAQCpKDV6xHvW2icerJjPJzZPETJ0dOZA3R3N8mh3Na+zjF3GBL8V9CNni7lvlwTrRp3CzcnRpK6BLsm6seiA0BzJOcFWdllsnH3jqfDT0TTYPElZixqYzr\/G8tgwNf\/pb12grzruZlOuqoxpyL6ap6B72IJLMxPIB\/N31\/NkzZ5j+UInU64QM4lyNxXxvvceNaLOwy3y17LmC8dpwOUfX3xpm37OJhozRMO6dwU7ul0\/QYn6FjvuBG5brFZL74xw8kp7V70Zbos2B1QmLYYJlB9fN6vwIz+PLF+WnkdxqETeqbmFL7U0YKVfCaCaQx3Uvy1E1o3a\/XXLXxagDmHCcD02FgMDASwMAAEoAwAdIDbu+HYJpCB9q7XjUPaIchkNyQEby+RpyPtdnAaSnXY2CAQBAEQ0btzDITXFPcG+FXLDrSGk7AzJBG39ieklB2cIhITX+i2hTbMiOGTqcdCgASGsnjTWaVkyAniTvKCJ9+g74ZEqNgacnPqabZetDzSmOk\/SsPMz3T63lZTVifV8Veyhql4+O3PRMQURUNNs7\/XezMQzj3b8DLBe6I14k1KjfrBYnAwsAykL7RwPAYXVW3+9v1\/Ycv233cP2di8YbDipuSmd6CyGDGpLmRUupj2ya2zc9A58RsrU27gyW0iJvi8X\/qB\/iNs9+Rk7TvqcEXZUG+GmcbDk0BFxFuyou5M7GcDjfq2waFWMf4DG7GmF6qd4ZD\/KkPwzRAcczFBvPQy9UCoWAwMABA4AAAA="}
+01104{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5399,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1620898027036,"flow_last_seen":1620898027099,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3690,"flow_avg_l4_payload_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.iit.cnr.it","server_names":"www.iit.cnr.it","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3","issuerDN":"C=IT, ST=Lazio, L=Roma, O=Consiglio Nazionale delle Ricerche, OU=IIT, CN=www.iit.cnr.it","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"C4:F6:98:75:7E:20:5C:B6:33:14:59:3F:CF:26:96:38:D0:4B:73:69"}}
+00423{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5400,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":99784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXxa2W2zKYAQD9I7RgAAAQEICjMw0JE6VrYz"}
+00424{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5401,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":99786,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXxa2W21aIAQD8A5GQAAAQEICjMw0JE6VrYz"}
+00553{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5402,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":109911,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAGq8rAqAGykjA6Etf1AbvGGXxa2W21aIAYEABbbgAAAQEICjMw0Js6VrYzFgMDACUQAAAhIFBok\/agxNzuMfpppXkO1bybG+lJ+kB739VPW8Cg3oQXFAMDAAEBFgMDACgAAAAAAAAAALwatIlERrhNk0K79H+ekc3wU6NMkH6GbUJBZWFVjEHw"}
+00426{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5403,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":135915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Ao9AADQGtZiSMDoSwKgBsgG71\/XZbbVoxhl8t4AQAfxGUQAAAQEICjpWtlgzMNCb"}
+00497{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5404,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":137146,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnApBAADQGtWSSMDoSwKgBsgG71\/XZbbVoxhl8t4AYAfxuXAAAAQEICjpWtlkzMNCbFAMDAAEBFgMDAChG7Yuecuxj9\/f8DAAn+WUYe1pqJuV11zsYwYq7up8geYP54YCdtVMI"}
+00426{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5405,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":137225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGrCfAqAGykjA6Etf1AbvGGXy32W21m4AQD\/44BAAAAQEICjMw0LI6VrZZ"}
+00939{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5406,"source":"safari.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620898027,"pkt_ts_usec":138264,"pkt_caplen":444,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":444,"pkt_l4_len":410,"pkt":"EBMx8Tl2KDc3AG3ICABFAAGuAABAAEAGqq3AqAGykjA6Etf1AbvGGXy32W21m4AYEAC0wwAAAQEICjMw0LM6VrZZFwMDAXUAAAAAAAAAAbXn4Bs15DzzoVAkZQwC0ykWdQoWjH+D7gOdmMTHj1zHDB7rmU6aMQbrkJ0ucGMp8XOjqguJiLQ3WqA6O2BHDWATP+aOa7MtKyrMluHRtZ\/H79HwCA+jMo+8QY3rbrULeN0pJyQCkOJILM\/LsUOaS5biUi9fJVxSiZnOgZQ1Su\/NNv+IBHFWthmZtfcS2PIqoj2DZH44360rqb7NcShlwsYFH\/3H8oyxVbDj5kgB1riWY8PvjjHEye9fsBDEiFZ\/KrDc3jzOBaVhQRxuXh3UM51mS8+P4Ebe58F2kPh9wty4hWyMJwoDdXhXCsU92v6Azn9dKChqIsKGxkOK764NTCZjQuN2Gh5SfKX5v+\/AraTxsASc6AWnWcHQw2L6RXCs9LkETGwLGWxSIWq4ud9FPDdtRlH+ogljoZck5xg\/wArwlFWg6LM1oLUZngVEEe8J1kXcHbet22uI9kSpWKGiRsZWNWfCeLo44EEChC72"}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2083,"flow_first_seen":1620898024056,"flow_last_seen":1620898029980,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1877633,"flow_avg_l4_payload_len":901,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":801,"flow_first_seen":1620898025216,"flow_last_seen":1620898026198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648336,"flow_avg_l4_payload_len":809,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55265,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":621,"flow_first_seen":1620898025216,"flow_last_seen":1620898026065,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":509563,"flow_avg_l4_payload_len":820,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":927,"flow_first_seen":1620898025216,"flow_last_seen":1620898026187,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":807134,"flow_avg_l4_payload_len":870,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55267,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test"}
diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out
index ca287d56d..73a529d5c 100644
--- a/test/results/signal.pcap.out
+++ b/test/results/signal.pcap.out
@@ -1,29 +1,29 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"signal.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569051245838,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569051245838,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00806{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051245,"pkt_ts_usec":838268,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569051245838,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569051247593,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569051245838,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569051247593,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":593701,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"xiwDYGpkxGGLNYKpCABFAABHd8wAAP8RvnbAqAIRwKgCAe15ADUAM\/YJyvgBAAABAAAAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569051247593,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569051247594,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569051247593,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569051247594,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":594090,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrcBKAbtArcPUAAAAALAC\/\/8kVgAAAgQFtAEDAwYBAQgKKFVNgQAAAAAEAgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569051247599,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569051247599,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":599529,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN66AbtonqfVAAAAALAC\/\/\/ZywAAAgQFtAEDAwcBAQgKKFVR7gAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569051247600,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569051247600,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":600467,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd67AbuyrbdxAAAAALAC\/\/+b2AAAAgQFtAEDAwcBAQgKKFVR7wAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569051247601,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569051247601,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":601573,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd68AbvGwW2DAAAAALAC\/\/\/RsAAAAgQFtAEDAwcBAQgKKFVR8AAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569051247603,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569051247603,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":603797,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGZHDAqAIRIuHwrd69Abtt2McPAAAAALAC\/\/\/RCgAAAgQFtAEDAwcBAQgKKFVR8gAAAAAEAgAA"}
00471{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":630078,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"xGGLNYKpxiwDYGpkCABFAABXR+wAAEARrUfAqAIBwKgCEQA17XkAQwp5yviBgAABAAEAAAAABGU2NzMFZHNjZTkKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA8ABBc5GBA="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e673.dsce9.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.57.24.16"}}
00433{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":643687,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73rrg+UqLaJ6n1qAScSCOEgAAAgQFrAQCCAqWTinBKFVR7gEDAwc="}
00422{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":645554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66AbtonqfW4PlKjIAQBAspvwAAAQEICihVUhuWTinB"}
01119{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":645675,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN66AbtonqfW4PlKjIAYBAt1eQAAAQEICihVUhuWTinBFgMBAgABAAH8AwORcncPsZ5qIVMCFuWgfAh6It7r+HS2ZZg+ldmkQzu5TCBZnL8ZiCuWJmLRaxcsIL0Nu9GPkgNG7xXFvEs6oR8pMAA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgWo6on7tfmVX9S3E+N7mNvysCblDKK8M25vsu0sA3gR4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00771{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1569051247599,"flow_last_seen":1569051247645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00422{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":689292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0iWYAADQGC1wXORgQwKgCEQG73rrg+UqMaJ6p24AQAOsqrAAAAQEICpZOKe8oVVIb"}
02368{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":690070,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUiWcAADQGBbsXORgQwKgCEQG73rrg+UqMaJ6p24AQAOsk4AAAAQEICpZOKe8oVVIbFgMDAHoCAAB2AwMUvHUAE5HMBEvgFTw0tJYf9hRVmcvTon70MEFpfY6v5iBZnL8ZiCuWJmLRaxcsIL0Nu9GPkgNG7xXFvEs6oR8pMBMCAAAuACsAAgMEADMAJAAdACCntgbwbo5VCKgnWyzzbxNiYUv5TbAEMN8fHIjijFrefhQDAwABARcDAwAuswKpeCejOoOw25TCHDnCBnSE\/EDYh72zOouUq0a4h55O2UyGCXr9v\/kUb\/uSOxcDAxXadbUshWDvGBikuR8SOuBpUeNI1693y8L3641uBF4BZxIMw4+PPQdMEhC1axL6i9NCqA1nBf1y3dZcjHQsYZunXzGkrdM0vWa3qphO0piLVIKXE\/3+596rbcx2BPuIMa9lWSn\/ct8NiZoQCJJNM8PjO8W9lfNC5ECdeCmmjgHxxIJhiJTlywDSOm9Uc0pSUiePTxv\/4KT6AL11Br\/ijo9iy5r1UGyGfO0IwL7VxAoqhQ+zdzXP1EAXuk66nYkfQq0ZhpZ+3DCjdvBM9l4Sx4hr7lgjn6tZpOTRdoHCRBAAJ8CmppexmxAbf3JZYiY3VUjLo9Ik6JGRyyx\/FtiseJMdk3glQ8VpuUSwnPWXfUtSsBtMscBr+2Y31TguARp+u0UONMA51QCEZ53+Z+RuEs3JwFbDMrxtEprt97PbptEsgR1A1LMv7LzI8YYwJJoW2DhCgaKBxnkbZlQ1J6gnQVzYORGWorgvyKUYxM0z2JfaATyNddNAbozunJz4QJu+1AfmvXfltPj7Ci8er+MIVgYsL+mHb6IL1P2uMImO+3XY604f7C8uqXLGk\/XP5fQhxQRzNMoQx5h3Y3oLiSqjQWdq2D+L2Uje0qgr5hdumqqN2807uonZJKKJRa7QaHud8+ENKDxe6FVnMXNfF5MMMbaMWooisAni7666s3DlkqkhxijBQ1X0YB7ah1BWbReHB3Gnm3pR009L42qSb7iikBn9uLdMyAvc36sJFM2LaglZWmjfFtNz6nfYJg3ozeHP9q8in\/F6k34KD1wgssOdQlaaGBk+SyiSrYDr03Ax0vJjYKwNuo+bX7dU5KMcVLegtPCi0pIjiutSiUAemkFtRbxujywM9xI5KcRdn8zU007oFNbjuqA9GkP8OqvlHM8rhL8+QXRgohZbBtLkW6dqsBmkUNfjZ1rN5O2r+UvO6wVsjBqANpm9XkHTQmP3DS8TcYs4YqL8uaiR+3BQzl7CT5ZeA1D1ZWQ0QFNeZZMf+3VzuAXKpbnV\/vnrKPyXVNf8JohigJxUTWW\/ofmC94vzPfkmR1EwWSkzmQcg8J4i7UNazI3V5+I0k\/hJIww2hI3FhjkbeesO10ockpQQkX0TvyhpUt9CgaJfkoCi0XWvjioULJwWc9rHKVYmrvSR1Q6+2GEsfnkxFfteQUj856jvSAMDkvUWLsesaxvoaQW6Go1gNwaECPwhMouTIR7mWZb7LITEVw3agwZ5d+G6gr4fZWqA4Pz4NyEvC4\/YvcKwD6TrpeDiNTCjz6OUu7\/0G1i6yQbGsjRPKf0bGiRgED0QQhDfV3HRULSCd+tnyfocZTRRZaaPYy8L6UXJfHD48YEa171lKCrIFIijj2cIip0nYv79\/FjnSUBmuq\/Y7XqlELQxjusNGnTdBehnRPCnuuMJZCORNShUmNsELcm9LsBTbCsfCUxxXUqT7fqfdeFRwlk\/9fqFAntGDCdU\/FjIp7e1gDx35ylDg1\/YD6EuuU4gmzsouRwDt6XF77Qk02kXFIYLGHjKJMTXzNvbIS4aMoERgjIPqtV45PvaH9ceHJs9POim0Zq+rvcux2Wk4n+achEJL1yQUCuioQoaLZ9zznii5TqhbWfvpJ1tYI6qgtsnGhrFhRsX9jxugLreyTblL9GAxeMd1SVWkRnV46WycjNkOH05jmyT"}
-00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1569051247599,"flow_last_seen":1569051247690,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02380{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":690287,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUiWgAADQGBboXORgQwKgCEQG73rrg+VAsaJ6p24AQAOuJLwAAAQEICpZOKe8oVVIbxAXCpHbxPftaL4zD+bXbUvS8WzTblfQmSFg3TcVgBhrRL7IMVVjmem3E64jPckHXSIMaCBo0I6Vru1KcVVtRsTg\/KT8zjUtuGiDTbqlTqprLzMVMKG5JBGoAPgC871UdRhEjkyTpQETY0\/jDkHxSwOH4x4tr\/E9d8X60qp0b\/8eSP3yaZNx6nPtIDWU9bO9w8kuQCfrDwTEjcGZ0hAhigPynn99QQxdSNZAB4I0Ea0UJ86TWYm80tof3NT+f0dEuX6V8zRYUyDPRWw0iiPKDgdvySuxFILhkiF6MZX8EFKMcL\/yEvW94RcjYbpJvt91GL7snvYFl8bXMXmoTpXqvnUGhXc0nZEuoqH3+5Oix15F0gTTHbsruxzP8sFnF9mcTLDks8vv\/dHU8oZiHJQHStW6a6yoSWFiAV697M7\/n+qgt9ESweWU7DmmEfWUxaEq+qgkJaeDz2eDqVhc4AoXnECDQ+K\/iJW\/DlDACPYMLiLp+DwuWvAVyyRncqDwiY5NN35jujMOyJMTssVmmkQ2\/COS5GFAfClCsxcYxHYXc+ZoFRrEPvOBF\/VVocQs4w2EzBRZ8ziaI4JSM42QdhQEMz5A7Y1dcYC3lsTvUyzaebJNRykwIVtGK\/kk41STOkjp+IRsHK4v0wNgoKSkZ\/KAnXenufKx7+ol6XwCeMTyv5G7NuQGuRA3+HJJRv\/q813ewEIOsmUZN2y9urgQGCTjxA4hNycl7l7i+P6ecXDqSNyVhPtZY0y\/42gXiKs3+jtZMxFGDsuKCyFaR8PfxeI+teeYy7dzGNyOLjeFNv7UsiZg57I+r7+fb+ZGBPZPf21numlZbcdiXlTotn\/JSv1nv95V8cKsUXhVmaLOj+Znha4jPuMbbBxMSAfUMZMYObaxxtAsUAjuVU6LcMesmSPlZPVvvyjDOMO9kV1Nss7hBTIqC9CqOD8tWmUAA8RDhPWOmcCoaVvQK4gamwkMa5\/oo+llZxpMe6FT\/Cy5pfA9RdtTsTSAAHZ6k1w7F5FJX6WCosUra5AJtx58za0ujMV65mGpgLE8RUJMOKoGKSV3ry5yEUa+\/CdmZ9W6gaYUVYZLJpgcrso\/wMBkzWxIKHiI0L5Yto8+9H5Pav2fcE8zeTAOupLYj\/mNC3CpinV\/1tXD0mczD11UtvsKwGwZ+1ywKYB6YktBCKzgawLWTqlxOFSLVCgGDUARyqLj0fzUB8HHcvLngkSv9Gc2cM\/p\/zJe7oF2Hlil\/qgGEmIxpw37N8ywkO8psfZcB1fstW5+nMkgCPjhAHqYduF6d+BslQEATpnfEf4319WFCVpVnsJej9zDqCxii8iaLQ1FnBv8CJab9k+nhklAxNHea63zjQkoMmoWK0bNHME45w+dwL+VvSFLJkJqHdQYmOB6OuqUSsgBPgjSy4Yj4zICpNnkopcYNmF8sFixg5tY0Agwg6g+zOUf1auld5T4mS89vZcvBp\/H2pjFXqr4F2+nr8aDZqxszaOav1rlo+LtuFDnSIm8EK9\/b8UkqZ1mdLyfFzWAXAjYZLoaXI2ETFePtnPjccHnkkALLzbJYFNXVgjNr56WzKmuyQAzZOeo2MThI508zTwSLTBmDMuvmevCTF+JnO4Jwn9eSLeza\/V3HQkQTg60Fr6B7sqhtvA8\/Y5QpENWUN3c02GKHt\/VGmKHSeCwvKvmPn108H4HMIfL0fDzuEBzmZ1H5IhR1PCnSAD8\/jAXT8kUfxUwcUyFl9ZtX6hJrkxuc+tzXz2LE3+WHRdjrs363PwgyplOYHNKHhRUFw5GYte3mv5TNY4uDKa0Dy+bQy9sFRNe\/47JVi0gJ94Gic1DghxysVQTcdZaipYhrbuvVJZlY1p7s0RpdAw36Hdw+SjMdlGyb3D3Vk0SV9ALyeNezhkDfgeCtYgKn2wq0Blr1ZBnB"}
02069{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":690606,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAAT0iWkAADQGBpkXORgQwKgCEQG73rrg+VXMaJ6p24AYAOsQRQAAAQEICpZOKe8oVVIbgcjm4wszT5ZXlXNWtV0zRbnQ0QVtT5ZipYVbTMplTQXXYKOwUoUSe1qODXfp95OGTrfDfCvMoopRGn2ONzPoFKyyrDTvM6+othCUgsXqizlgIDZMQzfLS4Am2bGg5hZX\/2xFNG9BZqqV1XIqDxWL9KNTgLN+IzQTQ9zr245kLykxiTujX2LmcTrRzYne3NmhGc6djTMLVgFppANRE3G2V7k0toZM+pULkDBl5s7hdce2qLF5oBRFCGYUcBKv9jpJnmwDM+djWHTE8x4Ou9S0ZYvXwRUCRvtVQQg41sIptslztqDKOufaRqT1C+UeoH3a1lkeGRXuwjuFFAq9Yhyvk27taFX6GZ99kunbKFlKlns6fiCipVV6CDJJaVS8Ki9wt4DBmu9HJqBBHRPDtMUelH2i0XWTydUBhC\/u\/urhJOKao8N\/joTK9DHox2aAh9CM6QrywyOkd98Fhrs9Lyq0CKYt1vpKudYBW7kH7Z3W2GlxUzRTqvkwZ+72TWwQItbGZ87O6IxjzTVnoQOUtKAes2mw2Y0KZiP3DkXQak2ojPVjiXPxlJDs0lhzt0tyrXSNrM3IvJ3uuUKLuLRnLU+E1tcnuzfQ05Z5dMeAnLv5N4jG3RpjfZyXxy0H2QuVK9z1qFAaBoEdS0EHA+OHToINQ1EyiMVMWgAwHO3zinXahWZudOgXUWzIhhwDU2qpLxcfSnHBMZShsy0VWynIPJLuiUiB3S4Gl4Beu++7OA11rhpIAPwq28IGF4XQN6U2+Kq5ToG2TR0UIQ8BWaWYq41PcG13eTkr3gvj7Z4eB+SCU8fUmi1872hxLpVO2R42pCcFcTvsv0Gq876QqkAGfwmjBs9oOYWGMzPQmhjb8hDlqkoSYJYSA9J7QRjX9t6PCIXpx2okbL27ElKPZlCf54w8TZDoM5\/w9Uon\/HW3I47ZGhWK9RjLjuOTLzugDyXp\/W2k2vMhA+wRBgDjnPejoz7eBPG\/RN1Uwc7nbC8G9ZINXKXC61sIWIUUNPzYD4v0x9IJXwWm3jKCtxFn67zuezCfN56Xr29XZWC3DbGj6bd19ttlR7D2xXEpjeXOSsBcjomezhVUqxUGRgVCghfiE1dEu\/tTBua2OCVeleB2Tg44voJatV5pEUtBFejT45C\/TW\/ncDo8ntGIJq9XrwfZbO3CThdJhhTIrts2NDPVRfjGENmwYrKXroPLZ7+6rWgqFfSVWvs7R+rGLWZ3BiRBMBkGvf89Hy7+RKpbNsQWdHSD2oYEcG6XUc0DnXyQZjQH62caupn5cApKIDKgWLzfbhkGGiLoFGqoGlr2I3kn5\/3+A2ABfumW99BkoierP9+0W6H\/VcX6nw8vpdgrODVsmSDq5cqNHuTO70zojR5jUOesKl7LA7kmyfJVilQxzONsDQ61nNEGCzS0tUEgM82St1scF+2juM2ITbLELE2yfQqGmRe2hIhMtIOw+WZ+fmT3MXEn7vGXibBA3XbDHSs6MZfoQJZVGGT7+5\/Wl\/G\/ropW\/z5UvF6mKNaBlJJQQ05O1F7ouI7kLsNUpUVoBuErftuq3MclniVRlqMBVXsLAUsUdHYMsuiBvpGJgHZtvzsX3MsyCwOkkOem4kElrXRK69wcmg=="}
02386{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":690774,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUiWoAADQGBbgXORgQwKgCEQG73rrg+VqMaJ6p24AQAOu3qwAAAQEICpZOKfAoVVIb3CjSG8W+zO6s93o3NrVx+sWT7unr9HQTwuUAwYwy2juLUDN7lcvCpisJgbWd16dtEYIHt8jWpTaLm9qulXwqVpYAojWFmzoKfoOyYpKuCYDH2xLo0TbprJFVK+RtIyT10mHF2WV1fLYH8Nitm6r7ggLOiiSmcGcu74aH6TM4cpCsP55XolFNJ\/1T94Kju3LU6ENc4OSG1u3fLVuC9K72+rRTvJii7xH90Y4rH\/JqdosPRC67+xsS+J8WSAV3+7mdcEDvIQbyZ\/AjN\/Toqj\/VyX7saKR+0R6an20SGOGVN3Xj5CK4GNgT6+Fmm8cO5vPvA+7XX6xx1S+RCQ+WZSyDTOn9DxF1v\/sroK9tTPRkUTn42dq5e+U3N5OuXO\/OCFJeAXUTOHTVseLasgMixaIsHXp5HxBRQkElKz\/0bmp1fTB\/YnXw0nyF9+jfNkytwIRPNsyhjOsEBD4b\/mX8qjiDKiIWwLjBrKMQ68435ehvs0WrLDUeNQ23Sp6q1IstLR328zmVrHmOH2+QvlABOhgAPBeoHYRhVYkTEh\/+dAHTgjzZUlvhYTaHZx\/OqEXYrIyUxeFLNmPXfGpbTxgSfHrkM3yx65gSt7R\/NZDIL11Ts0PqLdpcqxnSbL6QCyL+4qgSRSxdpC\/Gh5+65M8+4sTKj7rRE7utOJNH2WE2Q4uMx6hzy74S7fmh5V66QiOA\/EbFdGvWGj5cFpCg6S3WOOrzPwLMJwwhF+BHslLFzgBONVoJKIpF6D6K\/dWAJCPKQ4cTArvTaCg\/111QAmHeAksHUTli4Opff2CnEc+0D5fdKit50wTOekHrzV7T3iFgAmEoR\/owPDh\/yvEv9N5ZCaPS1xW0xe\/cEr+wc38yf0aU0rS6ANXWhRqM5pwhuCtuezIikq4a9ZEv6jTNbVI66UrEmLlftFxKEKm2fZGBYyrh2AeEwt+PMDFPjJfVf9vChGjdLh0juqCn9J3K0d9AapVSbr0oEjUEtH+Vj+dmw+9eDVUv6bxJgKZtozf\/7GpSeWDlKc5wMtL7fBzF6jtBRPqIKSqL3BMswelCm8egzmXM41YX668TEVzFkYxLxFIB+g7yP+ePHuYz4ceiF6jBV1RpPK4kCEdc+qhxs\/F7BsyM6K2coNxH6eXgjjOrZ+GLZiP90I22Q6k1taIhgV0y6Fnxche\/wKrhd0o+Ht+2Daqc8WBiY9ZmPZ0qWLjG0DJOxEywrmu\/RBZaWLCgIHqLyqBFDa+qGZw6tY5YnkPgPVrEqEXOqwm5NelxwHHb8l\/mS0iuuVMquEQrsV3f0SfzAAl8w\/MVOF9OencG85LVrqTB5\/tgc5Op0coscxcEGCbrb75zx81VcXUnO151f\/1YabjcVRkzLGlrcBpkZzlGBKuG30Y\/0x3OyFmNg1COmirie12cyb\/V7zt9h+tkosv6XE1i6p2AhmuUBdhn9\/9HKLUCG\/va4wJCob03jUk7RxeBvcPDmZ\/eZDGov\/z6WoxfBu7KYx41KUXSVDO3eiVdDQG+M6y5AH2NZzKv1eIp5QzGfwoWNZbyX7U4DwZ5Ck9EDWLy6Xmd1+FJdUJMRnyVMjAa1iVdv9d1EJrqwJjPpCMdWrAHd6WpxrwnGql\/T15uqhCbqld5UpQTsywDFc8m34GQpHOlpQi2EVThke+plojMgRk1vVJNcrmZuydcr5ed4+HLp6UPQ0koL0o7\/NiRxQ6IeCLcO66mEtnYAbT+9IyRcrnjwVF3aJDlegdLmq6famVO2UtyJfgYdPysbMXYxPIHGELI6LGIA60ZEN4WHS78ilcUN3tDQ1NZjIs6\/Nj1X7epYJRSeYqwkoeH8\/gAzvvxtmK6XnTsK2zVRaO9x2DHnBS5tKgRiKmxDiUUaHSevOdf2aGHzYbN+yZ9vXnSTlMVQkrPFTd8R+P669ek88Asu5kU"}
@@ -33,45 +33,45 @@
00435{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":704415,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG7wEr7fyfqQK3D1aASaN\/uCAAAAgQFrAQCCApkFVboKFVNgQEDAwg="}
00422{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":706588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcPV+38n64AQCBZ9JQAAAQEICihVTfNkFVbo"}
00692{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":706645,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGY7fAqAIRIuHwrcBKAbtArcPV+38n64AYCBZZNQAAAQEICihVTfNkFVboFgMBAMABAAC8AwNdhdJvuXs\/d642PJRF7UI\/AdVwXtSGkzdnBwsA+gkrIgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":32,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1569051247594,"flow_last_seen":1569051247706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00435{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":709413,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73rtLEL7asq23cqASaN9\/CQAAAgQFrAQCCApkFVbqKFVR7wEDAwg="}
00422{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":711067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67AbuyrbdySxC+24AQBAsSOAAAAQEICihVUlpkFVbq"}
01119{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":711181,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd67AbuyrbdySxC+24AYBAsbUQAAAQEICihVUlpkFVbqFgMBAgABAAH8AwNvt088oc+wJ\/keps9Nd59wAmt0exXgkmLypgOxJ3yQxCADkYPnm5qJAc81bPMGd68mU3RC86F4komLht8jFwvJuwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgDvSu5WvgGSyqdaiHWcjph88Rx8PSoGix+VWVEEqv9GkALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1569051247600,"flow_last_seen":1569051247711,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00434{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":714648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO0G93Mi4fCtwKgCEQG73r1n96jrbdjHEKASaN+tQgAAAgQFrAQCCApkFVbrKFVR8gEDAwg="}
00435{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":714775,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G9nMi4fCtwKgCEQG73rwJHv1\/xsFthKASaN+4LQAAAgQFrAQCCApkFVbrKFVR8AEDAwg="}
00423{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":716291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2McQZ\/eo7IAQBAtAbwAAAQEICihVUl9kFVbr"}
01121{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":716407,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd69Abtt2McQZ\/eo7IAYBAtWzgAAAQEICihVUl9kFVbrFgMBAgABAAH8AwNt7hXbpLjXMRR\/bxdtzkjvB4xS1PwDQ6PxbRaUrO0qwSDVSMeS43dgzqJuDX9Nz7D77w9PJu+JEAZF32iZkikHGQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAggkVxJnNxvx7yRJ3IWr6\/bePVPj3hLoE6hEcrUhAYuEMALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1569051247603,"flow_last_seen":1569051247716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00422{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":716684,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW2ECR79gIAQBAtLWAAAAQEICihVUl9kFVbr"}
01123{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":716836,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGYnfAqAIRIuHwrd68AbvGwW2ECR79gIAYBAtCawAAAQEICihVUl9kFVbrFgMBAgABAAH8AwMC\/iq\/29\/bfQmL3NywRdaHPxawxpN\/gjq67bcZmEul+iC0YvLniq6GFUwRgLKNIv\/K1BW3lLi2Y9hIO9HhpF3gJwAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg4ti0IjmHHcY34Qh7EHKKwWM8SOIvozUrzGlVTZfDoB4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1569051247601,"flow_last_seen":1569051247716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01249{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":736785,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":673,"pkt_l4_len":639,"pkt":"xGGLNYKpxiwDYGpkCABFAAKTiWsAADQGCPgXORgQwKgCEQG73rrg+WAsaJ6p24AYAOuJWgAAAQEICpZOKh4oVVJKnIdxTDQCa3bwpp8qZUEnScFYs3z3dWDBGjzryxaWrIi+qzoWSMnArxF3sImdbCn52xRLpVshwlw+WqkG3hLIfozqw5ZHTeAfADPExF\/wey\/sr0EihW+TfoHNmSbwGc0ikc1SDLvnbvY0fX2A4pmZj4jKsnVwZoRndmPrFndUPs9rUpHAfuV9ErfRLYgvbD46TyqH0H2ABuXN6f8uunLcCX6NOcBSsdPG3pv7M3BpVCgoXNeVmEg9TQdA2z+ddzK2M30O0y\/\/mrGq4Pb0SfrA8UUwXw5BhJHT2594o0FS3phkSwE3Adkc3NQIVWiISpJ37nre6SGOBxcDAwEZroqigXUEsChF9TPrIWnhL335\/QTgDSXCse7a8tfDZ30r7uZclwhK5hcYan+zLya7EEteRNl\/QlPJcQ4vbycyu4vCd6WPqPJ\/DYVl3pcffiA2MNdXJKrj0e6JyuDfLHhmKw5hU86hih3Vf1cQUBBpqpxQvLhwbLc5oxhqjZ9JAp6pQyceyui6v3OkzLh0O112i7yTrliNBGBPKJSyZ+Pp\/Mo9GEnwiCGln\/yZ++BPDIL2RDocRF7jvLJfPcyuiGsSxA4P\/HsIT5bZS3Zscm6MSq7cJ7qORcBYYtdUI4pt+IDz2gHWZrp+ipI3wud6YhZtuyq9WquduBrCl9UqpFM2X+oB+BzgfkPZAxbz6zRNnwg2wqPaFkkTox0XAwMARTp6ekbMYoGvY57U9nXsg7rDWcypKmPyEBHt5j4665u7PEuG2oIHovZFn30sZHD\/rMQHzFm7aVRYHI2Yv4CfSBbnBw4YFw=="}
00424{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":738209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN66Abtonqnb4Plii4AQA\/sPFAAAAQEICihVUnWWTioe"}
00535{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":745981,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xiwDYGpkxGGLNYKpCABFAACEAABAAEAGSHLAqAIRFzkYEN66Abtonqnb4Plii4AYBAAqMQAAAQEICihVUnyWTioeFAMDAAEBFwMDAEWt3vSyYiyXNihI1uEvJcD3z4UZlRCq\/v6Noa6tzj1C2PFXglBI2RcmKUroHMPUFJ7ycyKUh9XP0G0NH2GNDEqL6FJpfsY="}
00422{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":816804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0cO8AAO0Ghowi4fCtwKgCEQG7wEr7fyfrQK3EmoAQAG6D7AAAAQEICmQVVwQoVU3z"}
02357{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":818667,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUcPAAAO0GgOsi4fCtwKgCEQG7wEr7fyfrQK3EmoAQAG4WPAAAAQEICmQVVwUoVU3zFgMDAFkCAABVAwPc909jc\/a4iqBfpiekbcU8+LL\/ViLUa3VEtY9sKaHIISBOpjSQqcfDFIpBjm15LStVN32XWcn9Y5zNrzIlx4N\/GcAvAAAN\/wEAAQAACwAEAwABAhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3Bl"}
-00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_tot_l4_data_len":1849,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00843{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01818{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":818679,"pkt_caplen":1095,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1095,"pkt_l4_len":1061,"pkt":"xGGLNYKpxiwDYGpkCABFAAQ5cPEAAO0GgoUi4fCtwKgCEQG7wEr7fy2LQK3EmoAYAG5f1AAAAQEICmQVVwUoVU3zciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEypibcpB8suaanHOY9SoCSN0NHwGMJ4pIWQvyBijPTWA2EP2EPfqnXdUisC4Pb4OM5ySBmLP6w0pboMLmiQBa9gYBAQA7WFTYV3qMJPFywNI4IVakynFqqq4OCC2y9MUP9g3f\/gQ6\/b4BQTX5tnnzs45u7uJ5n3ycLcVaexZSXSzBH9THuSYGTgWqTO5IPiwzH64FkTGOGsrH5ixWuBCfvK6bvg+isWHFVkrk1uzOPwuvuQwSjIKEPgHhE\/c1KTV2RXOHBYJnemfYtsJAMdAqySwO27qbYiyuci8QZVkGbzqlirqZ\/V+xkcpVRj1zVjRYELjuGO\/KuVU4DfrD3MjxMOgGIQ4kd4locHD7VyUCOeFFDf0gX3CrOlpPFQYgsWZ5Y7A5d0pIkhzeaxZS2DWW3wqmU2XzzJ3\/MdcgBis9zMbCg5YHFgMDAAQOAAAA"}
-01220{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_tot_l4_data_len":2910,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01231{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":60,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1569051247594,"flow_last_seen":1569051247818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00422{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":820337,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrcBKAbtArcSa+38xkIAQB+9yVQAAAQEICihVTmNkFVcF"}
00422{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":820470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA06d0AAO0GDZ4i4fCtwKgCEQG73rtLEL7bsq25d4AQAG4TtAAAAQEICmQVVwYoVVJa"}
02355{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":822394,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXU6d4AAO0GB\/0i4fCtwKgCEQG73rtLEL7bsq25d4AQAG7q5gAAAQEICmQVVwYoVVJaFgMDAGICAABeAwMNXD8fXbNx86yVNZArROawe23r2GZoQa3gLHkrH4BfYiDYrD5r2btJMgmiQISYggyjzcYEtCwpCd3hAwR36bb9U8AvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01829{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":822421,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARC6d8AAO0GCY4i4fCtwKgCEQG73rtLEMR7sq25d4AYAG6ByQAAAQEICmQVVwYoVVJaZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EE3ecTy+6jnlMrNpbZTIAwArvkiOIfUg610O9bIAAW3K+f6BdAyjwzCSwQQGhwDJQc9kNXtCjtMOgrhB58Hf6YUAYBAQAOYV7EzNIKjxhuqbi91MheopXcoDmIsgmHAwsfk5nPLanTx9Y+0OGVH\/cQPWZKAeQKebYJsZuYA2jgH86xEruWZQgRpJjzY5LGsrFgK8PWH9Kuv\/Aks16UO0Fljri74+vQ1PqVg+C2qPlhTXWfYVZWx3CRgcmCRuGS6Ahmy+tQajp8rd3eHE+9nwzyw\/8W+mjs7XWJREMJWA2kKUMidGpPdbknJdGDk\/P8UIoX3zvNEj12pjk0QnOMhrlzAROUBsM4zXRDSQrgAQuQkIHXFb\/AkAMWwonXebSDBNwnBu40MFVcWw4gCpwV9eN5CWqVxtWuhBTxNmgsnRxsjP26R0IaFgMDAAQOAAAA"}
-01229{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1569051247600,"flow_last_seen":1569051247822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00526{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":823475,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"xiwDYGpkxGGLNYKpCABFAAB\/AABAAEAGZDHAqAIRIuHwrcBKAbtArcSa+38xkIAYCABaGAAAAQEICihVTmZkFVcFFgMDAEYQAABCQQQ0a64xGwwi1kkJsdUkQiNOXRlFpHsfkxHSAhcTsXv6UyZKkk4J1ZCtXUXGlACAfofI4Wt3Eai4rLftrFZhdx5J"}
00423{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":823951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd67Abuyrbl3SxDIiYAQA\/cGEQAAAQEICihVUsZkFVcG"}
00423{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":827539,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0\/+sAAO0G948i4fCtwKgCEQG73r1n96jsbdjJFYAQAG5B6wAAAQEICmQVVwcoVVJf"}
02356{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":830388,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXU\/+wAAO0G8e4i4fCtwKgCEQG73r1n96jsbdjJFYAQAG5scQAAAQEICmQVVwgoVVJfFgMDAGICAABeAwMvJ3aJtK0kaecaCZoe0tWDQbGlv7Y+K9fLr8mRSrrnUCDZ0QnDKT+KoPSvU+UzJyw64qxui2t3eVV6nNiyIB\/wKMAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01831{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":830426,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARC\/+0AAO0G838i4fCtwKgCEQG73r1n966MbdjJFYAYAG6dQgAAAQEICmQVVwgoVVJfZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EE6KGWqENscs7my902gawi82EKGEBY1OGfCfEfs7ccHGRh\/ivx4SUKMrTlS5v1UjrC46CJp46iaaYMUhfqQloWHQYBAQCK5xLvS8uYOH+now\/VHq0+02Yf\/3dOOduLRhd\/U10lyXbakGblKOev0HYzCWD1LMPGzJ+aAqSss1M0\/tRwNDL+MwmzLschKgXIEyFMjj+oV+knxenQFOJNP+AMJogCZ0ndTs+TrruKmq03cz5imW\/nL46yqnkx8gUP1Yu7AMbchxBVlAMph0uTVkFAFMHS59CeTXh+pYWTuiyGhUWJylpqoJ9cH8dpUVcvKwfOL4AhZTAlB058Vtw3SRtuIhbdKFTFYYRM8B2iOARPcnK52bczpoXKQd1Ppube4uIpD2t0FPo7ShsDqPM79kQtshChk1GlRFCGA+L5WL78DoirnVfdFgMDAAQOAAAA"}
-01229{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1569051247603,"flow_last_seen":1569051247830,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00423{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":830427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qogAAO4GS\/Mi4fCtwKgCEQG73rwJHv2AxsFviYAQAG5M0wAAAQEICmQVVwgoVVJf"}
02356{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":832906,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUqokAAO4GRlIi4fCtwKgCEQG73rwJHv2AxsFviYAQAG621gAAAQEICmQVVwgoVVJfFgMDAGICAABeAwMfr0tPJB6EerPxtB9rbk4yB+ls6Zlwm2aEnwwF4DJG5SBjSOP6ZrEXGLOGyuPQLd8ex1o\/\/eXmbMaXqtuiQ9iL+sAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00841{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00852{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":71,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01831{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":832918,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARCqooAAO4GR+Mi4fCtwKgCEQG73rwJHwMgxsFviYAYAG4fHwAAAQEICmQVVwgoVVJfZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEdfPoVIyelAs1jDQcYxNUltibkItZOC04agY2rkl7kMMiBS\/aF+0jsINgkrbWwWAfbwuwerivp8REahUHCyJFuAYBAQAwgXAg1F\/KADI27hgUi\/kZ2sOJHbC\/ZPcTIYXQ1w90dtoz6bZyrm1epVwCQwjBL2QjpYwnDUdIPvsjjmkEb5S3D8Td13XPzd1jHR+whv0NGBxiBMR+u2B3dFNLty6clmqhY7\/y55vsTHDSX3GA89ayJr86+2Cyp5bNhpW\/sJYDYfpH82gx73nDCPQQTGxxTDJPQLZlf0FPd+OymguMU5XiHADFr\/rMRdzxd1YvV1NC8DRBwjXXeZgaI8MGGg0WqD47SPHU3AWGmz8DHk7YkMiB4a20GDuRbi6NkKteoBMtuoULvZMUoeTOPp+YOVNtFbUvQxiAnMf2jMHrb0HSOxB4FgMDAAQOAAAA"}
-01229{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01240{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1569051247601,"flow_last_seen":1569051247832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00599{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":833987,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAACyAABAAEAGY\/7AqAIRIuHwrd67Abuyrbl3SxDIiYAYBABg8wAAAQEICihVUtBkFVcGFgMDAEYQAABCQQTzJ1yPIXJ3ZnR+vGzI54jrzhnu8C3zk3AuTzCiaxGYRAyma\/mN8ZRj03ZTAyyUj+D\/l2fAgVRsNhr3Y0B3RZ5gFAMDAAEBFgMDACgAAAAAAAAAAJjG9\/FrrX2\/si5tk63YfV\/QxCZCnOQaYOIilQwA+2OO"}
00424{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":834319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd69Abtt2MkVZ\/eymoAQA\/c0QgAAAQEICihVUtBkFVcI"}
00424{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051247,"pkt_ts_usec":834575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGZHzAqAIRIuHwrd68AbvGwW+JCR8HLoAQA\/c\/KwAAAQEICihVUtBkFVcI"}
@@ -103,7 +103,7 @@
01017{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051248,"pkt_ts_usec":104787,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"pkt":"xiwDYGpkxGGLNYKpCABFAAHoAABAAEAGYsjAqAIRIuHwrcBKAbtArcUY+38xw4AYCAD9QQAAAQEICihVT35kFVdHFwMDAa\/F9vt\/9gkmYxL\/+ShPTbFvI1PSPYhUM2de99uXXOHXe9OCXLAUfarkUFfRoe5S47APECytCBHsU0u7TdOM\/XF8xVecTCpQuOm6IEHioppxi2LiRb6vTlZfdTzTgq8ExcQVwy1FsKT5KSeMhsz1VrnGNNkKTe6g9yy1yjgMe7wf\/OZ60WcOhsNRAUUUrmlgEmXRmDQXh61e8dDNIAFuxrKkVrihwuZtI1leYNUChEvuTsGPsKolArsOXDwnuc2791g3u46Vb+P5NgXhP\/GwVi06j1An4YT0zQ+H1zJQ5jv0ZeQLF+tW4yxbichxXk8GrqQYk7I+t+w6WSfnDUjOulq15JRfVl1HArxinr7NuRrAWd9wpdBZPIs8UeQonaxWS9EijXMrsnMZjwZODw9cXwmnF0iQT5V1IjxpZt0Ro7pTOEoSsWww5eXtxWQq6So6o8fP1Nk3wxRHcFHtqXUR0ojeEYUhYR8k+TZXdb2m59C3zrdwC+x2kqxLgwN337oSIRUgcCiGE3mcm25rRLWcfutMjVWfN6jzcPjvqsGnAOIR9r8VfnOBoq2GToS+NZyDIQ=="}
00808{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051248,"pkt_ts_usec":547165,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTAAAP8RkXUAAAAA\/\/\/\/\/wBEAEMBNJw9AQEGACG6jqoABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00808{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051253,"pkt_ts_usec":252519,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569051255515,"flow_last_seen":0,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":78,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":78,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569051255515,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00489{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":515841,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="}
00468{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":515860,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="}
00423{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":515909,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"}
@@ -112,7 +112,7 @@
00423{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":539646,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qAUAADEGen0R+JKQwKgCEQG73qSsUOk6vJjB8IARBCu0YwAAAQEICt4q7JEoVW9l"}
00423{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":539776,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0qAYAADEGenwR+JKQwKgCEQG73qSsUOk7vJjB8YAQBCu0YgAAAQEICt4q7JEoVW9l"}
00423{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051255,"pkt_ts_usec":541412,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpO4ARBAC0cgAAAQEICihVb4DeKuyR"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569051257169,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569051257169,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051257,"pkt_ts_usec":169058,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="}
00423{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051257,"pkt_ts_usec":169426,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"}
00455{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051257,"pkt_ts_usec":192060,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="}
@@ -122,31 +122,31 @@
00407{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051257,"pkt_ts_usec":194777,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkxGGLNYKpCABFAAAoXdwAAEAGb7LAqAIRAhLodt65Absqy4RPAAAAAFAEAABzDwAA"}
00408{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051257,"pkt_ts_usec":194834,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkxGGLNYKpCABFAAAo4ZQAAEAG6\/nAqAIRAhLodt65Absqy4RQAAAAAFAEAABzDgAA"}
00808{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051261,"pkt_ts_usec":595218,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTIAAP8RkXMAAAAA\/\/\/\/\/wBEAEMBNJwwAQEGACG6jqoAEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569051264073,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569051264073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":73974,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKMBLAbsF0WXIAAAAALAC\/\/9prAAAAgQFtAEDAwYBAQgKKFWN0AAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569051264078,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569051264078,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":78385,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3a+JAAAAALAC\/\/8ydQAAAgQFtAEDAwcBAQgKKFWSTQAAAAAEAgAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569051264088,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569051264088,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":88425,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xiwDYGpkxGGLNYKpCABFAABTylIAAP8Ra+TAqAIRwKgCAdvHADUAPyTGAMEBAAABAAAAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAQ=="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569051264088,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569051264090,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569051264088,"flow_last_seen":0,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569051264090,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":90815,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN6\/Abvpz5RJAAAAALAC\/\/80LQAAAgQFtAEDAwcBAQgKKFWSWgAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569051264091,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569051264091,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":91926,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7AAbuO10RdAAAAALAC\/\/\/fDwAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569051264093,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569051264093,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":93006,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7BAbuYIIuMAAAAALAC\/\/+OlgAAAgQFtAEDAwcBAQgKKFWSWwAAAAAEAgAA"}
00436{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":113301,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAADQGlLoXORgQwKgCEQG73r7gO6oYx92viqAScSBHlgAAAgQFrAQCCAqWTmoXKFWSTQEDAwc="}
00599{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":113960,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"xGGLNYKpxiwDYGpkCABFAACz4rsAAEAREhzAqAIBwKgCEQA128cAn9JUAMGBgAABAAYAAAAAEnRleHRzZWN1cmUtc2VydmljZQ53aGlzcGVyc3lzdGVtcwNvcmcAAAEAAcAMAAEAAQAAAB0ABDavL27ADAABAAEAAAAdAAQi4fCtwAwAAQABAAAAHQAEaxdHWcAMAAEAAQAAAB0ABCOpAyjADAABAAEAAAAdAAQ0zyk7wAwAAQABAAAAHQAENMjD8Q=="}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":63,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}}
-00441{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Signal","breed":"Fun","category":"Chat"},"dns": {"query":"textsecure-service.whispersystems.org","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.175.47.110"}}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":115004,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkxGGLNYKpCABFAAA4YPoAAEABlGjAqAIRwKgCAQMDIGEAAAAARQAAs+K7AABAERIcwKgCAcCoAhEANdvHAJ8AAA=="}
-00473{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00424{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":116081,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3a+K4DuqGYAQBAvjSwAAAQEICihVknGWTmoX"}
01126{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":116204,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGRr3AqAIRFzkYEN6+AbvH3a+K4DuqGYAYBAtznQAAAQEICihVknKWTmoXFgMBAgABAAH8AwPawK\/+wN1+Tx0CNiEAg+cUW3czvaCh\/qY5WXGzJz9xKSBQ\/3brog7H4kKz+Cr0Y+KAPc0Wuh7pzTw9CcTlpz8EzgA0EwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEGl0dW5lcy5hcHBsZS5jb20AFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgQjLeK9mUdDm2SPbON0\/yv\/211C08osOnnwisGWfkQjYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVANEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1569051264078,"flow_last_seen":1569051264116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.2","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":150664,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0riEAADQG5qAXORgQwKgCEQG73r7gO6oZx92xj4AQAOvkPwAAAQEICpZOaj0oVZJy"}
02378{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":151436,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUriIAADQG4P8XORgQwKgCEQG73r7gO6oZx92xj4AQAOvEnQAAAQEICpZOaj0oVZJyFgMDAHoCAAB2AwMA9vr9rkd4ApXKyDGM9DvNqLylQa2U3Kj2eYOyu9RJDyBQ\/3brog7H4kKz+Cr0Y+KAPc0Wuh7pzTw9CcTlpz8EzhMCAAAuACsAAgMEADMAJAAdACCVXfSN3Gm6j3Dzd6yKHirgAxbwYWbpS\/t6nzsX9\/1tHxQDAwABARcDAwAubSX2Yk494MC9aR7fCLNwMxN0Or0wXtcHzqTKZcy1Z7r1XEI5b+rsKAfvtLQvMRcDAxXa6CIxOumkbdppHVhUPPUFc9A0D2VreyuftXwz1F1aIcOpup2lw\/WinI9r84Oj14qP4mvLrzURHw05iQuzZQJcJffQ3n33JhH87R4b5SLH\/sWKtBdYmlv66OLR7cWh803EGzANE4\/\/50haa\/DfzI+66ZCXGVZ1cR0tPlKH4qGZ0\/teswg4plrYdA7F+UjB\/MgH04JHHhDrZT\/gW3XZsMjXqDRxMOe8zdLkVIZWowd0smMxhuYMHDnkO8L2p06dIu1Y9I1nrDgogegRm3IqIhnzBuclK8UolTqUfOTT8Rs8cL6yKMEFhKeHeTI2DCMgOEXXPIAPWDUelqwPg851vA02Ku6ItriMfedawd0VcQzNjSfqWq8ny0bLY431MeLy1lswpPf2rLrD4SsbAT8YGRYVVn6fezp1NTkVFTdty+YjXk+RUvXkuAbfcvrkRbSxzEkTEoJWEROx\/h9dvULj14VHUBU7W02\/LWGPup7bSV6zXAscGUmgJoMC9aF5ATH7abehZp10SOhmBZl+ZcZCLgDTpC2CuFTcKjTJGLBZ5blfnWZbzM83hdr2Dx6UCdIAAJR2AjgGfC82i95bSjhJS5IWB51v1res9laqPBGLK3YTUhr\/mVDNF6qVq3nJGELIqKXn9Ju5piQrbN8XBx\/e\/tJK0yiaYgzK\/U4uFtv5+l4nUqqhbMmpjyRcgzriES1wmgLtgiJWxOeNbaTleyPGIe6ODQ2rEg8WgV6MSRut0SJvcLtXfbLeG22ZSHtByXdj0TojjjUrwaPEHSvf9Ll0it+sCaiAHKpU8gK22cCzayJTNM1lihw6+iXYFQpSGU0YQzUCx6FpJeSzk1RyVa8oSaLkCRii5V2j+fvsHdAgImdoaSH5JLMPjgkuRuyCVpN6wuwwxhTzKpFAa1CdNEO1MTnFhruBh6DAvYID9mS9ooBfqYZe66dHMy87CdSuckAW0nPrfKxm6ejhYXB\/YyEZ6NL2Kx7keMZqrsR\/Ii2I2voK3tA0Z0d+nsnmpXKhDd9miuueeeSSm5JKv4A7eMJuH25rgpHErf8xRnpDId+P+\/ItJ3UUyoWNPIsKecvwbHpMSO5XoS4RKTP5ULhw4Ih4GTulI7dVthXRWrlMcZdPqaC+6Hfkr9vCX0O6BgWNfbnf\/LNIOF0MFwXHJFUZAHukuUl\/UuaGNwN\/p5zMsqxPJjynhIZ8o2Gx\/Pqa2UL0NaVNiAJ7P+PtDTSIjSRsHAtPKxOOpVBbhQxgA6jKs7CZE8qyzGzTzfm6U4uY3kpkuyg5nl7uo82UxJbGHXDwAE0s9UhR+bcq8NRbSlfimPjwGmDveTvXM6h94SIrtvbWxRvTE1jKYGjlsf4bzZoPCN+9mu6J8nfCfJfJxfuBIcW5tJOiifODQ+ET72qFymTL+xdQxSuWDYHNlH0kU+ZD8VgRwXxXzEmCPs7v5xJzz7uPEnnbZhFydli0o+GyMH1BtjAaoepUYM1+olAUC4OMjUaI\/haoRSwFZDNitVy\/sojBc2DIS9BwRB8pEbq+vKbml82NxLNk764m2a4sUxhtwW47ZUDtXDJpnNF1YfTNBPQsPsYhShPUNQoWk\/uxdsDKIr7\/hJnMNDpJOeMJqM0e5Ks+7bidksjRBVXEEiyn34wFqJBvEIP6ix7jF8EZn9yWVjKnpFuzR89k"}
-00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00825{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1569051264078,"flow_last_seen":1569051264151,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"},"tls": {"version":"TLSv1.3","client_requested_server_name":"itunes.apple.com","ja3":"17305a56a62a10f6b0ee8edcc3b1769c","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
02373{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":151667,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUriMAADQG4P4XORgQwKgCEQG73r7gO6+5x92xj4AQAOtdjAAAAQEICpZOaj0oVZJyn08AXZfpifqi3wkFAomv1JNbKYDKrsp+LsJ8qHOU6FtBsbmXn+KTk8wO2iHKdrz2\/8zP+U2ix2yLTK8qnthh9K0EGMQtT1Le7\/pv6\/2XqqwuYQ7+I7tGGlBpxwp\/IObWiQhvM7iCl1cdGimpZP4k8QXRDpzf0rqDc+13YjM0gi0OZx4kEN0hVrggAswtbozNmC8rsWOlT0kjfImkBpxXir3Y7+a2tED5tyVBciEsNAzErXFUniww4LzfCGy1T0eHu2EBL8St+jaItlcLzrl9H2Ll2ojYMs8iaILfQcTaP5evHSoFbRhNSHG2thuozP1+LkrFnUrShXJH0cf4hBic8VMq7dBeFQlsycpVOCSkCikEcQYtteLlMb1Qot84xoZ8ghEizN97L1eNqLSFie38BEaohniQHibduiY3bHluI95ZpV36AZZYSGXM2bJqxd8BNUhGikRILrmhDjn3Pr0nA6kHmE9xgTUSywLsWKKnTgrjDX2O6wSruCKXUblBI\/hVsyM5Eq4t5jgoHQlnn6tN52dztYz9NtsOmyktPFhVMFCeKu88ldqaR2ONc7dULXSpRfS9Fb2n3EgpU5dNdJ7QXz8qC6aY1uoe6cP7llb3eJS8KGX4UVLc8Xzmvdw7cN6onDkEYGBUtuVrB\/w+SX4Xlz8QnAi5Im8QqXuLXTeDukeBH6Ap\/bYrVOdOBw82b371MO19IuM9rGLTo7+jjn9zv+p1J59crNN9pQ6V+D+\/YgmYzmTfXGjQ0lYmeDglrg9toVcIxX4EhgQmlQImI2O+De2cxrCYB1P15WaYcrPkONdplqutl351pd0JEu5dnlmjvKk87HVc0k+rcOsEmGQbg0nsLQNZ1cBb9wZL5lQWaGydBQ3eMNCyKh6JPGUYgrANBuMB+YpIN0MbPC4yXlLSLS+agKuAHHFTb2LO+TX+f6l9x6nh9FaIoNzPm+kWkOPEwg7VFtxn38Ep\/E4ZqucAQjBK6nxN45DPsJ61oXTg6ibCjZ6nBYp49Z\/RT8VoYUyNqxhvyCeH5Z3TeeCEKcFFAk1k+cAihAt4aI6NlwjscxQFLo5HpVZY2ueB+ujQ5lP\/wW0tBy0XtlgnJJImrPSI8kJSidf1d8p\/KXHqrUQwxq5UkcUgDAHquUk5\/wBE1k2GNYFq22qCNb6Z8UDmQMQu7nChP9Ob\/LmJotdkaNbSg+y6SxEwclTyjLyIm+mOLOGPX7rKI3qa5NFkYhh8r2vGb9WMyq\/xLji75moCwAY642FWvdO\/J92DHXQuhxpNwfr73To1bDuLaAAKMPqsUUBqf3NgkVn1dlGjr08uanx0CQ+AWfOtMIiMBX5oQ4retDT\/3ziEI2QQ5QzPmjwqhhHeeONhOiCifwcnQvMonxQ5AUCY2QBi8kheX\/P4Ytbp8OQ7tupiyNSbuJDl6TPHBxINBISdToFsYmC\/pXIRnSShXnz+sbSgx+r8467NklxL5R2kGCSsf8pMZCL7ZIugGgCX\/P8z7MmezeDrIJrmjusr4qLIJ4NIDM1qKiFnfG7UYtIKjx05xeyCk+ch4pv+okkGkedwxtP0s0BVHPo5+MiofFCINSXZjOPdkj+wqM0xjWujt1s+YAue2yQbb5c\/\/vo61N13wrBEsELZgr0A+0QjOjsPACKwkW6sVdVxIe2yshPA3yFvJqSJ4C9q9ilZRoZuKUgJAA5Sc3BJujs1HNKWum8uYw52JQqZDYs08Kw7QPCsFiS8s3AauymBueYRR8aipzE0\/mF89nsyjz2tRdZ3nTgnsE2uU5gbjzUo8oFLHauutS3HBw2eUHQ24cFIoorVyvGu8LGsHvCrYP6cd67KjWYO48co5MBSsizfslv9Ec9c7zjX8rfMThTOkcKZn08l2P0y5FxFLMJvpNLQH3vA0bhcQ76kZBOEGxLJpXE3FlKj"}
02081{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":151976,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"xGGLNYKpxiwDYGpkCABFAAT0riQAADQG4d0XORgQwKgCEQG73r7gO7VZx92xj4AYAOvUVAAAAQEICpZOaj0oVZJykMTnT9umJuzLkPbl0yKdSDEDgItG5CkvUTO4K1g8+ok9Ke0w4g9YqWttZMWTDfHuFkTHMFVypiYPzHnUZRXXjRh5NNyaPSNu12pGzmTcitTA37c6uCNwYnjxHWEN3+\/wfMREPl9Z6gjcmzscGdSaJgQjUqUKQ+ENACFglyD6ndSy52hcx+ef0e8UXvJfm9O1DQbFO9fQ\/1MhuinAfqbmvbpiv0LkHx87l8mDC5wXifTGtd7rmqfwL5NroqZgJw+YQ174BrqEdFUKSX\/Yik\/uqBv\/CeAdA0WQJLXHFgUBBfDxS+J1KqN+\/sF8E9LU8EL0GA2hv2gGXgiNxMZser2Wwl\/1IFAgpZTHNjy94xx0go6NOZ3IjW4ajSiCcddTpbJDLt9BQXe6VeW\/mtGeLIolClWG4BRAyo9NlOdEEQun8vfbvc795TOZeb8oQWcb8s7THP\/uvQfsdaqttuB8Vp1l12OJ7OMMvysTJSh9SDWe8DF93cSxandFZ0XgG\/7\/9uVpM5at9CfgqS5N3+CYNGTQpVErHrCtWofEO8uehZFzYto1dzT1zGdBeR3xKoz7fayu7+d7GuEiQM+ZBb7MHxaOUPQJgrQYSvr064EclahWiEI0nqhBLYSlsMBVH4fG57X0BrOvxZiuOOyuBIQYqBbMKjboJwc3qr5ZaVOvQaSbTY8Ij3O+L6m4G\/7IwBTYIVVE2\/nzGDpR1Gonuugkivak1tkdpQD81XQf0zREF3EFCzhegv+QFzz2Iplc1iuNHrOh4rOCOnMn5r30YzB5jQF8IUBveZScPPOrqUkG0OV01IoPfoOym4RFSM51t3yQqANqB8Z6mNdgw3bQ94wE\/6gAJm+OqFhBGHdGk79r4a\/BR\/wehQC0NUwszUpS0wNvxxcXNJqzZ5KibYlO9ArSnbM5nEPXNayCqP\/sbS32bB+gKN0Icp2tIhatgE0N6o+xG8+gBHLEBzOUZzeG4IUdDwmty5IHw30uFW+gVdUq9JhIqDJ\/sgrD\/LpGsk8pubk8FIu67zwX0w58zuypR7IrD\/ZSGtgyzMTcIb9a1V1hLdpCenCu5JCgoLvh4UVuB7bg4Ztfq+rQB3m0\/KynpLYL9g\/WbcCouNbRmjFsQ2m+p+hP33cvLGMT5I3FH+QrzDavVUZR6w2AovBbqPjNDWZD0HBK1yc6XUbTxL108mqQLA4ODuZxkQEo7KNAiAZSmCbT3PVsjrLcSYR5BrvNZwaWlbn4qWj64UNwU1rAvUUhjD2NZS7lXyl745WCn4GoFNHo3EA3pGft9Anjfpzf3wQsneqjkf83ZCw8XeEOXw0nhdtUanKbqZQqdYFjaxwHl2dluz304YXoqCkyRUAPgYvcC0xCMuuwyvM6FaYETEFVbuxQ7gH9m8w0\/aNEzacr41v8n2CkdCEgFyAX6eIgnYbuVMJT35oNAEWMitW1sOCRCSLnVwNTU5uBbzQ6lpdqo\/eG+xlyH3yTBPZlA2\/klRa\/fNkGbtkuwschjdKURojmlA2BALpT2Qcffnbvn7W57aVF8B9Fp+9aF+FG3hDYRkyz+lrFSJqugSNx9P4uYc8v1a1BvVlLqMH0uG\/n+DzX5UocPTTTyZH1VUbBxrtIf+gWY6k7Nw=="}
02383{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":152149,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUriUAADQG4PwXORgQwKgCEQG73r7gO7oZx92xj4AQAOuCDQAAAQEICpZOaj4oVZJyhQp03z5wa6OUr5vY7qF2DZ9zjmZpNw67ljFIv8YL2z7zgcnR3q+zXA1uYqK5XxYlwVeu2zbPiaPIXuEABgixQsiAm\/q1hp\/IgThUyM2RBeMOJe6lsCYGJeqqe9Aem7sVxjfd7xo56IIPZ9nPnis+smkeVUYFY7N+2QIGNTeultLNy\/HDR4hTasUNeWF4Moe\/1FdqV13D1LhI3gwN2PFKfNGHmIcEek2GxDUy9bxf9zrqYLMm86pxI5cUsxgJaBfUA8uHfpRBwbakCMnjFMsFJSKCubL2EoGMUY6NEl4+90R5W0qj1DSYBA2uoGMhckvvnhOdXw67IRbK6lWU+6qF8\/VbsDr7uqF0SbXbILusjxQumoUm3aXXW8+IU\/s2\/f6IwbB7zX0AI\/d6ya15E\/LcoFm30ZbN+M6+ntSZYOIM2SuIsQltmFq2iguvabHIleo3jNsngkHJYcxA4yq87m1FMEQYWi8YNjamQDUYW2KMOvHPOovEtRf30CQSALlH78NSTL6hu6vEvZuhNi5TUGs\/F1RVc4TnnM\/nSrEeVJWUTG2BvLsXflRCUEe9x0uRKotK9svzPMbMUSuqMVAZGSQ3eZcwlkEvNU8kVoVLfM1VRdbJPH9w0KOx7m3nDI6w62j9raHCub9uAq7LKyr4+MYBJDOA0fqNfcmSA10MNFpxoPovGouSDyXZULb9z2qF7m5qjLT1A7U3uNWN\/bgOKs+yTWQ2CVL2H6kPdKJWYOWm\/Z3D5hHHFAu\/R\/pNaRPSM3I0jjlsAhCedSJTkeUCuCvskFGFJzUp7Bj\/J+IF2UcGrI9dpNI7NSNeDPdcnMg2CagaKvxDhkFI6CAyPiyAGtuMINy\/90\/yoeYeiZPL1LaPbxKN07nUV48cweM8P4ingKgWPzHl9nSaJOKW6bMaVXXY\/ukfEXtscq6Pu0nSRjg0toE3mpGbnUWPX1PR6YK+HMByhCXeFtGEnbMZIIxl8cgK6V5ePJBAjSzJKDiqwVEjtDNjLnjI+nsXv9L0EBnGAaR2Kn31PWXxzJR3lydIvZLYtN3RixvCr8dLJf5yLUZeidcu4WVBsHLeLz5SiwV7dAdH3JoTw7gMTkNBUpDHGXZhSJEitqK5hN0S+dDiYmXZgzSCfo+BNu+FEEYXexbyLkX48RaeWE8CqGr4v1lkkbRRj17yFOxGGMVMWdsX1JltDPcHHER0DTGfbQyPiEPJ9wqViKMe9qsKmz\/aZJOqN99\/mYFpkoT6jVG26q1bdyfgHNaAUxicSrsb1OqU0IYS+BwY7WD+TXAivC6UuQHf0\/uBjHxJzi4qeAs7TXHpuXXd5Q7VRGX05E+UI+YK3vzLAJWEIBBtozTibm5AvPDxaF1nBZeEqk9STRZyJ92oOXLCqK3+AiWXigy2zkY+mbydTXAD+Dm32ArwHBcIGIV+gMzSSYFblKZJha0Ir1Z\/uiZX\/T6Ztvs6junmUqQBHJQqW9MPfItkb+cbcl1w5+Zuq5rhS1W3V2Q4kYj0gSmcqAPCwLzNL6XIr\/D2oZj7vRi3VEDMnD63flyXYfSsHwDvk\/1lZVkeDK11m77696dw\/5mWdPs2AmD682ZHF0iBK\/Db5FmLd614cPQyrtPiD4Vu0xMi9LJJQduWGOXasyJOfsPmfWBE7M\/vimrnFDW746IEXgobjNKijuTYmrp23gvl5dfUFdqKRXHOZSoGebgvYWtMLGyrUtJvEpVO8R+uq8tkjvTaNj\/B+fseJjfSloezby0Xl5kF3ftCaJG6TjkHjxuW6qoWD7\/tdBjOu56EdIFhf\/iZggSt9KYH6Z8tDdgSySmP3Zp9Cd5x63FpGBDzMkN31v17RN45rk9KdKn1C46w5Ul2ZgtSeBkM3Z6JzCJsdXH1XbEp0FxpvNNkp39KgIDkQwfMSamyPlcRmKBGna+iuv\/W"}
@@ -159,42 +159,42 @@
00436{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":203333,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sBFykuNjtdEXqASaN9RcQAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
00436{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":203483,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sEV2c5FmCCLjaASaN+uMAAAAgQFrAQCCApkFUBNKFWSWwEDAwg="}
00693{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":229464,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"xiwDYGpkxGGLNYKpCABFAAD5AABAAEAGUHXAqAIRI6kDKMBLAbsF0WXJzZ\/UIoAYCBbVbwAAAQEICihVjm1kFUBJFgMBAMABAAC8AwNdhdKAFZvPd8KN3PrIuLJ+p3RN76tFaWi69JIAQQd9fgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZwAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_tot_l4_data_len":345,"flow_min_l4_data_len":32,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1569051264073,"flow_last_seen":1569051264229,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00426{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":254064,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGSMLAqAIRFzkYEN6+AbvH3bGP4DvCGIAQA\/vIpwAAAQEICihVkvqWTmo+"}
00425{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5RKqNYh2YAQBAsAMQAAAQEICihVkvtkFUBM"}
01121{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259325,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN6\/Abvpz5RKqNYh2YAYBAufSQAAAQEICihVkvtkFUBMFgMBAgABAAH8AwN+5Ttf6YokHynLX4ecaPrHKATOoW12Tu+wzd9uDQspWSA1hUwuwgYjwI2sT5j3KinfN4lvjC3KseF9UMaW83tPxQAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgepTejFE5doby0DivzOsCuvXU1Qv8gn4J5BRpbhy8vDQALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1569051264090,"flow_last_seen":1569051264259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259363,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ReRcpLjoAQBAvkagAAAQEICihVkvtkFUBN"}
01123{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259470,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7AAbuO10ReRcpLjoAYBAsKeAAAAQEICihVkvxkFUBNFgMBAgABAAH8AwNYXsKfONHmzDFwOYBHmMHWccv+TKZTGPJmOKuaWv\/yOCDtD78sld\/x8V+rzxyBuU3uWmdAA4D7yp8sPLtMpD+m1QAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg1yEhEumbjcw84EpI\/aJKwlqb4nNO3GXKiR9CVTP9slYALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1569051264091,"flow_last_seen":1569051264259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259507,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYIIuNFdnORoAQBAtBKQAAAQEICihVkvxkFUBN"}
01121{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":259677,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7BAbuYIIuNFdnORoAYBAvQ5wAAAQEICihVkvxkFUBNFgMBAgABAAH8AwMBrKJ6lAeYyvz4VxhLDcDvBph9JELZn65LIOXEqYKG0yBO77oSw5+zVdfbslJwrAju9uKTARXrNL8JS7VTuLS\/cAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAgH0+fBZOWslk8wxPYbGM9RiS44cUzBW0Uf6uB5Vg5FGAALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1569051264093,"flow_last_seen":1569051264259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01251{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":270338,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":673,"pkt_l4_len":639,"pkt":"xGGLNYKpxiwDYGpkCABFAAKTricAADQG5DsXORgQwKgCEQG73r7gO7+5x92xj4AYAOtR3AAAAQEICpZOarQoVZKWpBLq1cB7OdZb6xp9z5fwrC3OVnVl2VdwPkolr4BdfDYeAIQr9Dkn9Rsvvf4KEikTR0BFWnQINwbkQCNO99y3yeYtGbvpbfy8u4H198gZjVR+Gyqwo6PV4tPwO6z2f8tuKz2tY1Wg6nw\/0CgwbCufi9WnWGvjeR2ZqSysvkZCHIrGz1O7VPGBlLw3XyYe34nJxFSmopT+POuDNbl292u7XzRQlDJkZb3CHbjIcmIJ0dV8miK3ibEyfMd79twkaWLFVRdZ4p\/jU7xNRa2jb3CW2NYTs8SX7O4Pw5PNySZ4T87+LhWeZ2VkIIeAVZjRtyDi3IOoHMFNDhcDAwEZ3+hD+U9Vi\/5Xcf5vCiPBn1BmO9wNSV6AdF3tRHnea3hr4ZdD+hkzSaVvgKpYHFHgB23\/e2quxLEexhaK0nMZ4VxZniNgSR6Yf9LrlK3bMuqscrTGCRrhJW27wXnH4rCCAiY2J0iz82w7tjvS10QvXSj1623\/HZVo4I1mby2o04dNaEpsAWvaKQETFwWkfgDAVedcyQuAdzC8wJ3\/+QOXOYjIb+me0tv8ThMnYPdF8UJ7DVx4USDSX\/C9hh5CtHEB8cLvL23i1rGL9I5V7gs\/Dfcdj0XIlBC0mRN\/2fG\/xt2wuxvlPyTGeWAIMj7hTzUwxjMJHydcleQ9TyJCmCrDuVvC+RQxQIPSBahwXfO8ajnrFjzBiaALDTkXAwMARakWzMpwVM5wZrzPDptq4zf+MkRtlYtKoayRLlOpXf5hmjmoathW6qRP+yAdeWHdGLRhcZ+5E7erNqJ7muze6s\/VJL32XA=="}
00441{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":271704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGSLbAqAIRFzkYEN6+AbvH3bGP4DvCGLAQBABPuwAAAQEICihVkwqWTmq0AQEFCuA7v7ngO8IY"}
00424{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":341086,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0lEcAAO4GTvIjqQMowKgCEQG7wEvNn9QiBdFmjoAQAG5hVAAAAQEICmQVQHAoVY5t"}
02357{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":342899,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUlEgAAO4GSVEjqQMowKgCEQG7wEvNn9QiBdFmjoAQAG4V2AAAAQEICmQVQHAoVY5tFgMDAFkCAABVAwPngLgY21HHoPH4CHf91D0DijSN0DONzcF4eVqKpsvieiDsfCrRuAo7QF9VH+77JZkXFC2O7ty5q3WnB\/Zm5PDVl8AvAAAN\/wEAAQAACwAEAwABAhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3Bl"}
-00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_tot_l4_data_len":1849,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":228,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1569051264073,"flow_last_seen":1569051264342,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1637,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
01819{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":343005,"pkt_caplen":1095,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1095,"pkt_l4_len":1061,"pkt":"xGGLNYKpxiwDYGpkCABFAAQ5lEkAAO4GSusjqQMowKgCEQG7wEvNn9nCBdFmjoAYAG7s8gAAAQEICmQVQHAoVY5tciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEMWQCAHI03NByJ4q5lY4gg05XSW8QObiJ+zMq73hVFLAJzDkl9ZUshAKm\/\/0LLAwHdejH2c8JuzrkkKH7vtHNRQYBAQBF6rWl38tLgEZaJHR9miBCj6f6krpP4qMlleinhhfvaPVBMsxp0rRHZqEiOWuqcl+3RQMgsXC1X6qgTVEqi6gn1H6XqLqGqmLU6E98mkI\/a3hD8MgnOzIA\/PAu6B8ewRT3DPOYWix2wWKu3Jw68DXr0Pv4N7B3O0ihPYP3gM+9UP1b+752vl\/Gdn65iz3nMp7XqOfViJuWlIJBTuQ3+u7iqgg41yQeOXQpklE7xD9585YfCLqbxsAQVuJAE9pZcjXHPNLfAVkwGuxWzDSxvqTRUOolp7Z7XCt16FswouX09M3tQEBQH7gXW6cZeiOMq+yDdAbutVQAs8WkqVN18gQLFgMDAAQOAAAA"}
-01219{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_tot_l4_data_len":2910,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":415,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01230{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1569051264073,"flow_last_seen":1569051264343,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2666,"flow_avg_l4_payload_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00425{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":344475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WaOzZ\/dx4AQB+9PvQAAAQEICihVjt5kFUBw"}
00531{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":346706,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"xiwDYGpkxGGLNYKpCABFAAB\/AABAAEAGUO\/AqAIRI6kDKMBLAbsF0WaOzZ\/dx4AYCABSpQAAAQEICihVjuBkFUBwFgMDAEYQAABCQQTAAQFeqaxcPjmmsRP0oJLLx6BokWD\/AZ1dfxoGTaM7uCOTu4MS2i9nNUsPIXW9zYz4cBy204beSQi8sZHgvYUk"}
00424{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":367627,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Ya4AAO4GgYsjqQMowKgCEQG73r+o1iHZ6c+WT4AQAG4BngAAAQEICmQVQHcoVZL7"}
02356{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":369936,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUYa8AAO4Ge+ojqQMowKgCEQG73r+o1iHZ6c+WT4AQAG6+VgAAAQEICmQVQHcoVZL7FgMDAGICAABeAwNu8dE7Sdw67vExce1lmc6tUX3BJzty7id96PHyq9+LziCrC0t8waXbU1rG+dAlQYUF+O4HLQ41oBg583GSOK2gjsAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01834{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":369938,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARCYbAAAO4GfXsjqQMowKgCEQG73r+o1id56c+WT4AYAG7NNwAAAQEICmQVQHcoVZL7ZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEKpzMfAzPchd0JZSlcwPFvtFBvCqGpfgScKBQqZ\/xzFbCCpOYAXMNG9Rgec\/86sIdMQszMG2fCcBB7wjlosC3sQYBAQCE3r9OzWEvUCQ08VEMJ1X9rtgZHmd0iDDaKAflkMrWL9ShH+vJjHPZAfjkyd9co\/FP7oB43L6REUtrHPu7ZWq1EWidvWB0\/y5MlNbmIgc9sQDoJey5CG\/8U9ijHS4lN0bKoBaWAVoxLxcicbv\/yWJWB9AeztCIBGJG+BpisxgdHcAvvXqZMSTnCgwMkxYuVhG\/TFdujrKgFA+jEziyNmOKQPmNyQ8bfYHKDGCJAREmx5hHgIFdzdJCVZv1N1RxDkItk95piHbGiFBHXi6myS8Km0LO3\/TXDqgXKehMuwrvZfRY8ItmNL621VUldVLpFIzkuXeyZFv0fUbAQPcfqjzlFgMDAAQOAAAA"}
-01228{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01239{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":234,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1569051264090,"flow_last_seen":1569051264369,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00424{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":371125,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0jjEAAO4GVQgjqQMowKgCEQG73sEV2c5GmCCNkoAQAG5ClwAAAQEICmQVQHcoVZL8"}
00426{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":371564,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN6\/Abvpz5ZPqNYrh4AQA\/fz+AAAAQEICihVk2lkFUB3"}
00425{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":371989,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0C\/kAAO4G10AjqQMowKgCEQG73sBFykuOjtdGY4AQAG7l1wAAAQEICmQVQHcoVZL8"}
02360{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":373131,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUjjIAAO4GT2cjqQMowKgCEQG73sEV2c5GmCCNkoAQAG6iUgAAAQEICmQVQHcoVZL8FgMDAGICAABeAwPhTvJij0GGExhjGkeCX4\/eZO+MLxN\/CXbeunzBcI0XniAinrKyytW4344mV\/s65tnfG\/0k8ZRr+xf+ZuX00iTDx8AvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01829{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":373258,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARCjjMAAO4GUPgjqQMowKgCEQG73sEV2dPmmCCNkoAYAG466QAAAQEICmQVQHcoVZL8ZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEC\/PlgwytI3vpsSej2FF5fbWDIIJMf6fL98CkUslLmixi4P6n41y62BkhZK9KPPgxURpzV5msqtQWASxJ3\/MEXwYBAQAXtZ2x2i2jQZwQy8NRUujyA6ELtnUYFlnwfQiYZOFYNIc4p9thtQasma\/GWOrRaf69vVBYPlBYcfcleztJQyKG3K8LUlrP8IMHeXSg483jkQtKyaXW8EpmPUney3uGTOhpfLKGV+iJounjZRP7h5AzftAVYxmhPTo3ltPkMLg4oMqotBVh378hatFt4kG1+laiiwNli9D0HSSd+alRcg1PVe8Hw581aAQmViLFGUgyz5q0utZIe3lG7LfomtcuRwhELEaZqTAwSnfVBwxdCYOSut84vga3jRVyiKZu8MiYLEbTc3h9Qw8TPLeHxepBb32QbIF6PkmTyvYGJEBMkt5xFgMDAAQOAAAA"}
-01228{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01239{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1569051264093,"flow_last_seen":1569051264373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
02359{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":373882,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUC\/oAAO4G0Z8jqQMowKgCEQG73sBFykuOjtdGY4AQAG45ZgAAAQEICmQVQHgoVZL8FgMDAGICAABeAwNpJs\/GY5HYRjqt9IN2kbVuXOMzCNjyfum\/cYad8+9q2iA0csiw9WuvqD+s5HcN2vlKlingfAxRPD37i5tofd8cDsAvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1569051264091,"flow_last_seen":1569051264373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01834{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":374011,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARCC\/sAAO4G0zAjqQMowKgCEQG73sBFylEujtdGY4AYAG47bQAAAQEICmQVQHgoVZL8ZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EEhqRGI2uPZEQqqs\/NKhZ8VQXts4kh1oPGWXWuR\/wD6nE7bNc4p6EPKJtmOi2EfpKHXE\/F5fwr3J1Q8Z\/6xd9FLgYBAQCRwR7c+DPgPmTyL4aCGhwuEKNygTnjioQOqmXv8Puvd7LCYFQxMQRHPfwpoyJJ00o4SldbbfX0v3hTSWiBjNpPCnWFRor4GR3Fzn6cC4xMIydcKXyFIMmKq\/PMRvKb10BMPytcFTtUWgs1K0AZK5t6PuizWuOMcpX6WhhiQeYaFLoTwbIcNYIL5bNCFi0uaVwTro5a7frJwYWkNhMBHE3\/AU0kwnfs3OePzhTb8FtON0GKTZeokG0ZBf5UMIUJZRGTGP\/4daXmWBavlaHIXpWuxFmTUpMCcrYa93IFs94OJQiKZqkvvUdhAmm3dNy8E8p4p3qTxtVX2u3VQSvqfS9jFgMDAAQOAAAA"}
-01228{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01239{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":241,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1569051264091,"flow_last_seen":1569051264374,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00425{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":374852,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7BAbuYII2SFdnX9IAQA\/c08AAAAQEICihVk2xkFUB3"}
00425{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":375318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7AAbuO10ZjRcpVPIAQA\/fYLwAAAQEICihVk2xkFUB4"}
00597{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":443934,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAACyAABAAEAGULzAqAIRI6kDKN6\/Abvpz5ZPqNYrh4AYBAB0uwAAAQEICihVk69kFUB3FgMDAEYQAABCQQQvIQtTC3wsLDZURcqy6fud3o3cmduBgrSZYhjyE1mtUup0j1FMZ+yIK86HeaJrZEboPP6ftAA12sDFzQ\/cLMiYFAMDAAEBFgMDACgAAAAAAAAAAGhromIIj7FF2zqBnkRGnCJDWAcm3IGLGUhi2Ze+vRhr"}
@@ -224,17 +224,17 @@
00495{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":612194,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAABnlEwAAO4GTrojqQMowKgCEQG7wEvNn93HBdFnDIAYAG79pgAAAQEICmQVQLMoVY96FAMDAAEBFgMDACghB2eB771eibt8xLtm+J2t7+E+Go+xRzU2K1+SjRStFAm8+4PYN+oO"}
00427{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":613233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKMBLAbsF0WcMzZ\/d+oAQB\/9NrgAAAQEICihVj+lkFUCz"}
01024{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":618382,"pkt_caplen":502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":502,"pkt_l4_len":468,"pkt":"xiwDYGpkxGGLNYKpCABFAAHoAABAAEAGT4bAqAIRI6kDKMBLAbsF0WcMzZ\/d+oAYCAA5lQAAAQEICihVj+5kFUCzFwMDAa\/iya5yB8bzgW\/94EWBybAN1ddr\/7WES71\/jCNrzr0FH6q3aJgiy2IfbVQ44mNUDuV7iwXfQaVyuha4zq\/e25UJAkYI6uwvJW+LQUJOd\/v2pq4epMncCGs1ajyZ67Vbew3Gju79DKmvIgpzrv06tpzp7E+daDpbAgsRXv1PvYB\/FN74Ftsu2gPWO2zYBb90gDVSCHkAwtqsoSTg69ARb40jlSYAJQF9HDPxTIqf4gt2uiWWzmUycb5euj7T7WgTLXLwDmYJHFppQPto0FGFG9BrQFaBno6edoJ4ZZYbmgmCI6OtD0GHWkskfQZhfwrsUzWPmO5qfo43cPVVETruvNJsyVcXD6n0czHhT7UwRmyg6zBqDWNzN\/h1bEUhVfJhYtX8WCaf549D\/dTHDX2BfqeRXKa5V2eyZvPUwi+yN1ySsIc4MyJocwaErEj2YimlmKxRE0QEqNIPIC93m8NDcqvoi5o6SIIYS17NLE64lMx7oF3ydL1W4RfeDQ2\/3Rg+xuSfCV0aYKxXY4lk9QxVG4IimVa1gUP0VKmYu8mxI1D\/pOR8FY9SS7tpsmHRTOxgJg=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569051264666,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569051264666,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":666082,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGUS7AqAIRI6kDKN7CAbvJrSrvAAAAALAC\/\/+7dwAAAgQFtAEDAwcBAQgKKFWUiQAAAAAEAgAA"}
00436{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":775024,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAO4G4zEjqQMowKgCEQG73sL5Zid4ya0q8KASaN+dwQAAAgQFrAQCCApkFUDdKFWUiQEDAwg="}
00424{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":776703,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSrw+WYneYAQBAsw7wAAAQEICihVlPVkFUDd"}
01121{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":776825,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGTzXAqAIRI6kDKN7CAbvJrSrw+WYneYAYBAsKOgAAAQEICihVlPVkFUDdFgMBAgABAAH8AwPqnmHY+ky08QaEFpsYq0FGVLaxG+964Hq2icanaO7xlCBmz3takGKujlgk83\/DuHgM2oWMrAxFhkG7HMIkIEBMvgAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAACoAKAAAJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAMwAmACQAHQAg5cIrTlOOMEP5oixl5QwpN10lLFAYbdhRGOo98Zyw2T4ALQACAQEAKwAFBAMEAwMACgAKAAgAHQAXABgAGQAVAM4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1569051264666,"flow_last_seen":1569051264776,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
00424{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":885425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0Z4EAAO4Ge7gjqQMowKgCEQG73sL5Zid5ya0s9YAQAG4ybAAAAQEICmQVQPgoVZT1"}
02356{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":887563,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUZ4IAAO4GdhcjqQMowKgCEQG73sL5Zid5ya0s9YAQAG6wegAAAQEICmQVQPkoVZT1FgMDAGICAABeAwNPU1nCJ97Zo6Vjasw21LYJzTX3WgHniE2ZiBvYvvO2+CByOmROZ9S278p7di5l5CKU0oCAaeZpNl0SjO6ZatfZM8AvAAAW\/wEAAQAACwAEAwABAgAQAAUAAwJoMhYDAwfnCwAH4wAH4AAD5zCCA+MwggLLoAMCAQICAhAYMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMB4XDTE5MDIxNTE3MzgxN1oXDTI5MDMxMjE4MjAyMFowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxLjAsBgNVBAMMJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsyBG10UW3wKLLz5OJmoB1s7B4cDs7uzp+xAOMcalYh2zeKMeI5eS4fZrup1VtHgb8XPc0CjxtIo4ECTf0led4xcI6qra+CWE7B8yrOm4B5WB+rFt1x8Xj4+SRSkkl1mO5SjQElZeSpEpoWomCLRDxMb0qDwfWzcLqYsWeQHtIiBPzWEAOsmV6UE2NHQVNJdatKUHl8y16oCXrU4c0l6+o+bKDTtiskaDATWyONnz1GL1kQjlH8lDSNn296rLmQ\/kEO2CsZeYYAwVPKDQjTfNLDVo4YeZxRDlho+ZcZdamE5Kd7FiSRmA+nLkAydQ60ijWw1Fp7JSHvsL2X08ffpJtAgMBAAGjSDBGMEQGA1UdEQQ9MDuCJXRleHRzZWN1cmUtc2VydmljZS53aGlzcGVyc3lzdGVtcy5vcmeCEnNlcnZpY2Uuc2lnbmFsLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAKWsuR7z3DD\/hxNr0t1jsS\/8oBtaP6uM3Dv1WDnwO6tsohTdhQxfJRHMBKnAzAM9voRiv314toGiGKun6d3y\/TrcyK15lDQgdiPT6biOI4+sVLREXnDl0mhxNgt0yN7ewiHL4WxlNTqyYgy21RRxPEQHrbCScndmFrswcHfVN6FkuGTc45cEC0zoiaaAKUipjJUOjlX4Ha+q0UyNaHMPquP8A8XGBIYi6DJY8uNgP1q8F88lDA5HALWR045FALki4r5+N+Jy3GF2pTFCFvLEDS5LCk6lR9ujCktrdh0VbOHMA35rRs5lki24EQZf\/DqrquVyyzRFCDN9TVXAVBaSoSQAD8zCCA+8wggLXoAMCAQICCQCJui2rSuTzYjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTAeFw0xMzAzMjUyMjE4MzVaFw0yMzAzMjMyMjE4MzVaMIGNMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9w"}
-00840{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00851{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":323,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01832{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":887591,"pkt_caplen":1104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1104,"pkt_l4_len":1070,"pkt":"xGGLNYKpxiwDYGpkCABFAARCZ4MAAO4Gd6gjqQMowKgCEQG73sL5Zi0Zya0s9YAYAG5bvwAAAQEICmQVQPkoVZT1ZW4gV2hpc3BlciBTeXN0ZW1zMRMwEQYDVQQDDApUZXh0U2VjdXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUlgaTggQxdIuKtneIwF5El1BqW3lroFT0Ao2i+qg\/UAzsXltWn73z6POt4ugq6tSg8R6Qd+hMM1XI8C5BUyDHqO7fbNRUKJQLd5hK1dlNL4nulXrPso+oK0n8cCAwHHbCpiNGtUkAmZa90NbXBwJAChUcWDWsAA8qbOQfmZqnIH+ud010uf9CDz0C6HC5\/Bli8DmDZ2HwbyCygzCLZmU7RG7nHYoMRAPZnyL7xwAxG7Xi7VYMAZvUeb1b7cKw+ggsSN6YB+xB+5DD9Dnfd8C4rL59coR2OxbmJa5GKnZDL1lKyqAElcOI2+vb2niQlHVPhwqFzkj9T0HC+lnpzQhwIDAQABo1AwTjAdBgNVHQ4EFgQUAYsY8T\/7ORlEboWGvpRlMqcyPJAwHwYDVR0jBBgwFoAUAYsY8T\/7ORlEboWGvpRlMqcyPJAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAfh6+IQueptC7yQLtUSujbjw20zBDe\/4zKIxR8R+D91zxX7qY0fm5A6tKTzlOiYyMZ6w9Vw\/xFZk02k1WOYjoXsr+1MyTnn29qSznParLryOH52hEofW4c5Z\/i18bQq0TxoZMQNSDCKNyf7NlhfylWGcnIrum+LmyfdVzwLgTWcCJroO\/7K1r26ZNIaugOs9eNFk1UirSRuxD+NZCXv6BeLrGOSeyz5MSty1szCZ2+RCCQ5kb8h\/KckcFoOkJuqohhWiOJy\/EFOC2tcdnp+Axl0WizD0cIxCzYED6HUd\/M6AjLgPIB2X2WGKGew+0NcDVIlR3MbhaxHgWmCWyxK8C1RYDAwFNDAABSQMAF0EERdMBDGp5AaYd6W8Y6K7XPAtLeSsFd\/MCEliovy7MiCpTpCZWA8iwx\/kasUDw6UD4XgqcMifqWZ7dI035NznLqAYBAQCFO1gzqxBCkwfTt5RbcSNjVhnH9Z1GBA+P3VqIhqi2y3fTC09YsZobAAeaiJC7NlEmQc805qnqhsiTKWt0+o93k6uPH\/QEzerJdaUZhI5Jh3qsiaPpcxj+Sbq4xbluZ+jebQ+cjpA7UtOAEjirJNy3paRE6nfhaXDjiKvtz4Q3dVjpspp2q3zFNtYyrzKjQTP6ebA\/90hP3Z5kBjK5wueng1\/qFFFAJJPNZVjdt90IBhbsqt0UpbO1BcoAzxmPaMGCoFx+b660hzpAsNYwwRcso1FpZ806cfecoUR9K7ZwWe8L1kEL\/Br+QLn49TXSXvz+gvcUw2p+4UyptflrUUVOFgMDAAQOAAAA"}
-01228{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_tot_l4_data_len":3239,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
+01239{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00425{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":889270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGUTrAqAIRI6kDKN7CAbvJrSz1+WYxJ4AQA\/ckxAAAAQEICihVlWVkFUD5"}
00597{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051264,"pkt_ts_usec":894221,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAACyAABAAEAGULzAqAIRI6kDKN7CAbvJrSz1+WYxJ4AYBACrZgAAAQEICihVlWpkFUD5FgMDAEYQAABCQQTquNP6GY7fQLK2iZyWMIts8xYB7Fly4bH4O\/SnX24F7Ir3fomGTee9Atgk8uJOjMv68Sggowtz2dJ3yTV9cFukFAMDAAEBFgMDACgAAAAAAAAAABOJelbNZWsO\/mOCDsN+UZCa2OkXEQohqoGlLdv8lwo0"}
00493{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051265,"pkt_ts_usec":2510,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"xGGLNYKpxiwDYGpkCABFAABnZ4QAAO4Ge4IjqQMowKgCEQG73sL5ZjEnya0tc4AYAG61hAAAAQEICmQVQRYoVZVqFAMDAAEBFgMDAChc4ROackEnamCtna2hZgZnF8Vo6DLBQaiWsf69JdY1JXrgUZVAikNH"}
@@ -243,7 +243,7 @@
00498{"flow_id":17,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051265,"pkt_ts_usec":5666,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"xiwDYGpkxGGLNYKpCABFAABpAABAAEAGUQXAqAIRI6kDKN7CAbvJrS1z+WYxWoAYBABG9wAAAQEICihVlddkFUEWFwMDADAAAAAAAAAAAXr0G6WkwildHebwwoTMS\/j500xAmTZrUAlNO0CDgH4CkWXBIoPemFc="}
00495{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051265,"pkt_ts_usec":5683,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"xiwDYGpkxGGLNYKpCABFAABmAABAAEAGUQjAqAIRI6kDKN7CAbvJrS2o+WYxWoAYBAAQbAAAAQEICihVlddkFUEWFwMDAC0AAAAAAAAAAl\/0PFi+uzoLG\/yjsYLC10gy+hXF39eOo8J9Gq0ZRrcXJrO1ha0="}
00481{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051265,"pkt_ts_usec":5694,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"xiwDYGpkxGGLNYKpCABFAABeAABAAEAGURDAqAIRI6kDKN7CAbvJrS3a+WYxWoAYBABfbgAAAQEICihVlddkFUEWFwMDACUAAAAAAAAAA6UYtqR3XQaITcujng0e4PfvGMyB3EHM1ShLjWCd"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569051266396,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569051266396,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051266,"pkt_ts_usec":396342,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
00424{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051266,"pkt_ts_usec":396673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"}
00456{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051266,"pkt_ts_usec":743731,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
@@ -256,18 +256,18 @@
00408{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":24579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xGGLNYKpxiwDYGpkCABFAAAoAAAAADQGlM4XORgQwKgCEQG73rjhiC9WAAAAAFAEAADMiwAA"}
00408{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":41242,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xGGLNYKpxiwDYGpkCABFAAAoAAAAADQGlM4XORgQwKgCEQG73rjhiC9WAAAAAFAEAADMiwAA"}
00408{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":48829,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xGGLNYKpxiwDYGpkCABFAAAoAAAAADQGlM4XORgQwKgCEQG73rjhiC9WAAAAAFAEAADMiwAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569051267121,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569051267121,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":121677,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGbbHAqAIRDSP9Kt7DAbsjR8rsAAAAALAC\/\/\/U1AAAAgQFtAEDAwcBAQgKKFWeFwAAAAAEAgAA"}
00440{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":154562,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAPEG\/LQNI\/0qwKgCEQG73sO\/wI8zI0fK7aAScSCWtAAAAgQFrAQCCAqvNN\/RKFWeFwEDAwg="}
00425{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":161440,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8rtv8CPNIAQBAsybAAAAQEICihVnjqvNN\/R"}
01122{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":161538,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkxGGLNYKpCABFAAI5AABAAEAGa7jAqAIRDSP9Kt7DAbsjR8rtv8CPNIAYBAvKhwAAAQEICihVnj6vNN\/RFgMBAgABAAH8AwOed0BRRXhHmhS2o0Rd7s+quzaOqPDOekK9aAMPsTMIOSC1IZE3ylyuwin+a6TID60OpC6k\/IyX7sen4PPIFu25JAAiEwETAxMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqAEAAZH\/AQABAAAAABMAEQAADmNkbi5zaWduYWwub3JnABcAAAANABgAFgQDCAQEAQUDAgMIBQgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIKiOhVxjy4KSaZXVIZPgxwuPZSXAvfjlA0iNSRIg7yBrAC0AAgEBACsABQQDBAMDAAoACgAIAB0AFwAYABkAFQDlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
-00442{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":377,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1569051267121,"flow_last_seen":1569051267161,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":377,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569051264115,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":194585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0UOEAAPEGq9sNI\/0qwKgCEQG73sO\/wI80I0fM8oAQAHYz9AAAAQEICq8039UoVZ4+"}
02365{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":197332,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xGGLNYKpxiwDYGpkCABFAAXUUOIAAPEGpjoNI\/0qwKgCEQG73sO\/wI80I0fM8oAQAHYoLAAAAQEICq8039UoVZ4+FgMDAEYCAABCAwO8CP99YakUmA5\/wTpOe7dfvmNFl3vc9k06WUNBKeJlFgDALwAAGgAAAAD\/AQABAAALAAQDAAECABAABQADAmgyFgMDB6QLAAegAAedAAOkMIIDoDCCAoigAwIBAgICEBcwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxEzARBgNVBAMMClRleHRTZWN1cmUwHhcNMTkwMjE1MTczODE3WhcNMjkwMzEyMTgxOTUwWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEdMBsGA1UECgwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxHTAbBgNVBAsMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMRcwFQYDVQQDDA5jZG4uc2lnbmFsLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM18LQzkZEfWlg4hw\/dBL9paXMIB8No3GZAgAy\/09MbfinutJhogqyGsfD9QVwKOcVCvolxWRJxOVHLvfJ+j3OjaizipPSg4tJBcbN+9ZakhzUpPRoghEI4yiKrl0Sqi7vJNILC1JTYvkRytQ9n\/4Jbs5Y2RBnRT1TPYTV57UYEJTbpi7gEiAWGj2rth0iCCvOasx+qhZEdPOn1e6lwVwWKHe0IcTRfT2CWMW01KVLcW86+adINJC\/1ymCCoUyAve8Qsdf59G5bmObwjQzhxFqFhHY7QFfbJcvl0n1Cn1eglY+a\/RyEDs5oux7VcZ8aj6P5GLiya+i08XBOQs3AuHwECAwEAAaMdMBswGQYDVR0RBBIwEIIOY2RuLnNpZ25hbC5vcmcwDQYJKoZIhvcNAQELBQADggEBAG\/PlhcSBiL6fGKTGRpaoycPg7hJ9ziHLiB+y0QyB5wqO5derbp7SMXlOZV+SdL63ngqyVoN0iuC4BM7lU8DJithuOT+DkdBUHAdejNgRNl0tgpxiKFhl81NV1bHcDkHXtI6Eg31yWJKn5PkQX5bVICwoe1ebZJdERU+Uc4uf9IUgrJmkWNSNRRVNtXEiyL7WEbG3MlOE7UNzIJWYeBa\/F7AWNItLd5fu9hbJvGq\/pLUxVuNeSr2mrSxLF\/UtUYOvxNSwLpLCNoS7wnv60ZtLmXBCZ8hswk\/q79aWHy3ln5ByH72UEQs3psE2qaoOv8CGulVWMPSRA2lUjj3NNE1CfIAA\/MwggPvMIIC16ADAgECAgkAibotq0rk82IwDQYJKoZIhvcNAQEFBQAwgY0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMR0wGwYDVQQKDBRPcGVuIFdoaXNwZXIgU3lzdGVtczEdMBsGA1UECwwUT3BlbiBXaGlzcGVyIFN5c3RlbXMxEzARBgNVBAMMClRleHRTZWN1cmUwHhcNMTMwMzI1MjIxODM1WhcNMjMwMzIzMjIxODM1WjCBjTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xHTAbBgNVBAoMFE9wZW4gV2hpc3BlciBTeXN0ZW1zMR0wGwYDVQQLDBRPcGVuIFdoaXNwZXIgU3lzdGVtczETMBEGA1UEAwwKVGV4dFNlY3VyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFJYGk4IEMXSLirZ3iMBeRJdQalt5a6"}
-00818{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
+00829{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01706{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":197345,"pkt_caplen":1009,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1009,"pkt_l4_len":975,"pkt":"xGGLNYKpxiwDYGpkCABFAAPjUOMAAPEGqCoNI\/0qwKgCEQG73sO\/wJTUI0fM8oAYAHYWKgAAAQEICq8039UoVZ4+BU9AKNovqoP1AM7F5bVp+98+jzreLoKurUoPEekHfoTDNVyPAuQVMgx6ju32zUVCiUC3eYStXZTS+J7pV6z7KPqCtJ\/HAgMBx2wqYjRrVJAJmWvdDW1wcCQAoVHFg1rAAPKmzkH5mapyB\/rndNdLn\/Qg89AuhwufwZYvA5g2dh8G8gsoMwi2ZlO0Ru5x2KDEQD2Z8i+8cAMRu14u1WDAGb1Hm9W+3CsPoILEjemAfsQfuQw\/Q533fAuKy+fXKEdjsW5iWuRip2Qy9ZSsqgBJXDiNvr29p4kJR1T4cKhc5I\/U9BwvpZ6c0IcCAwEAAaNQME4wHQYDVR0OBBYEFAGLGPE\/+zkZRG6Fhr6UZTKnMjyQMB8GA1UdIwQYMBaAFAGLGPE\/+zkZRG6Fhr6UZTKnMjyQMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAH4eviELnqbQu8kC7VEro248NtMwQ3v+MyiMUfEfg\/dc8V+6mNH5uQOrSk85TomMjGesPVcP8RWZNNpNVjmI6F7K\/tTMk559vaks5z2qy68jh+doRKH1uHOWf4tfG0KtE8aGTEDUgwijcn+zZYX8pVhnJyK7pvi5sn3Vc8C4E1nAia6Dv+yta9umTSGroDrPXjRZNVIq0kbsQ\/jWQl7+gXi6xjknss+TErctbMwmdvkQgkOZG\/IfynJHBaDpCbqqIYVojicvxBTgtrXHZ6fgMZdFosw9HCMQs2BA+h1HfzOgIy4DyAdl9lhihnsPtDXA1SJUdzG4WsR4FpglssSvAtUWAwMBTQwAAUkDABdBBL30nzZVyj3HADNv+D7T\/SGP9MtFevdpYYCB1v4p50Orcn7nVnrzJgFU5ZtmoIJq9\/VyVsMQpmzBxj2IoM4V8GAGAQEAmJgBb3Rs4zRx7tzAkdDCG5kzx14tBVaGWAVsUGR5HRM+WwrYbCETvNI6BA0j9kJq9NF7G5SBVz3opvSR9jb+wy4xVS08vBBUpJJF1iRj0El6WrqSBKO76KhL6n5uCypiY2s9WVlPZDa9L5ZAy9SRuEJ8djc4tj7fCULAbotLNjIdRMoyJaKfZMYv91TiqWWYXmXdK79atK9RHNU\/3LqduNgXpEy9cBAMvxZTKY2+wNjvctJ97RCpjXjCdE1u92cYqVUxaxOH7751Z0UWfUvt64l9tEOkoHSJx5A5Bx2h1LyN8hTSU1xnfQu\/mIXoIFbpKgAQXnrkYrKCwxgWbGvkWRYDAwAEDgAAAA=="}
-01141{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_tot_l4_data_len":3144,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":449,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
+01152{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
00427{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":200920,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR8zyv8CYg4AQA\/gm\/AAAAQEICihVnmWvNN\/V"}
00599{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":208672,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"xiwDYGpkxGGLNYKpCABFAACyAABAAEAGbT\/AqAIRDSP9Kt7DAbsjR8zyv8CYg4AYBADctAAAAQEICihVnmyvNN\/VFgMDAEYQAABCQQR3AJwD6bvm8LSD4P4qqhTngHu3j+sGyQuY\/SHAiBL2yXE70CUQKXnm7Nk1bW5kNxGjQM7Ydxo9Eb1d6LVwZQCKFAMDAAEBFgMDACgAAAAAAAAAAHpNgLBkD5iitC2mzH\/sbjhLNGCD9Pu3p2ZDjsJD0dhT"}
00427{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":240710,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0UOQAAPEGq9gNI\/0qwKgCEQG73sO\/wJiDI0fNcIAQAHYp9AAAAQEICq8039ooVZ5s"}
@@ -276,26 +276,26 @@
00427{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":243345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR81wv8CYtoAQA\/8mFwAAAQEICihVno2vNN\/a"}
00427{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":243402,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGbb3AqAIRDSP9Kt7DAbsjR81wv8CY+4AQA\/8l0gAAAQEICihVno2vNN\/a"}
00500{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"signal.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569051267,"pkt_ts_usec":250865,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"xiwDYGpkxGGLNYKpCABFAABpAABAAEAGbYjAqAIRDSP9Kt7DAbsjR81wv8CY+4AYBADbrwAAAQEICihVnpSvNN\/aFwMDADAAAAAAAAAAAVWG6O8VCZhpL3ljuuQbyjQJH99xwYFcfRw3CnAmaC4jWGNvCJKk0L4="}
-01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":627,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":255,"flow_first_seen":1569051267121,"flow_last_seen":1569051267505,"flow_tot_l4_data_len":206833,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":811,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_tot_l4_data_len":1232,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":32,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":32,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_tot_l4_data_len":471,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_tot_l4_data_len":13052,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_tot_l4_data_len":13683,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":304,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_tot_l4_data_len":4704,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_tot_l4_data_len":4747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_tot_l4_data_len":4933,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_tot_l4_data_len":4727,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_tot_l4_data_len":4945,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_tot_l4_data_len":4684,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_tot_l4_data_len":18958,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":498,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_tot_l4_data_len":266,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_tot_l4_data_len":266,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_tot_l4_data_len":4441,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_tot_l4_data_len":5313,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":255,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_tot_l4_data_len":206833,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":811,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":63,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+01156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":627,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":255,"flow_first_seen":1569051267121,"flow_last_seen":1569051267505,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198653,"flow_avg_l4_payload_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","issuerDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":27,"flow_first_seen":1569051247600,"flow_last_seen":1569051261087,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57019,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":27,"flow_first_seen":1569051247601,"flow_last_seen":1569051261087,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":26,"flow_first_seen":1569051247603,"flow_last_seen":1569051261087,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":57021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":26,"flow_first_seen":1569051264090,"flow_last_seen":1569051264669,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3875,"flow_avg_l4_payload_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57023,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":255,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198653,"flow_avg_l4_payload_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test"}
diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out
index d1cc4cb06..1f4008f21 100644
--- a/test/results/simple-dnscrypt.pcap.out
+++ b/test/results/simple-dnscrypt.pcap.out
@@ -1,82 +1,82 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1491813284555,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1491813284555,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":555591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"}
00432{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":666208,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"}
00415{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":666742,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRZAAIAGMNvAqCunhncaGMQ5Abvf\/XrkwVvO7FAQAEBxlgAA"}
00695{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":694670,"pkt_caplen":260,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":260,"pkt_l4_len":226,"pkt":"uFpz9d6dpDTZFrEGCABFAAD2PRdAAIAGMAzAqCunhncaGMQ5Abvf\/XrkwVvO7FAYAEAlbQAAFgMBAMkBAADFAwPMizo6irh7WreX73XN9DV4060ZvWSF1+Ey0R2L6KnrlgAAIMrKwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAfDo6AAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACIqKAB0AFwAYKioAAQA="}
-00724{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":20,"flow_max_l4_data_len":226,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00735{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1491813284555,"flow_last_seen":1491813284694,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":785768,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoQ1NAADMGd56GdxoYwKgrpwG7xDnBW87s3\/17slAQAO1wGwAA"}
02182{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":804255,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGQ1RAADMGcn+GdxoYwKgrpwG7xDnBW87s3\/17slAQAO3NaAAAFgMDAE4CAABKAwPwzG4wgnUdZ\/ihaiFoVDHroitDo2a4fEyTY7BXZ5JZPADALwAAIgAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMWMAsAFiwAFikABl8wggZbMIIFQ6ADAgECAhEAgq+ZL1oGkuP+seqxnpVXKjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA5MjEwMDAwMDBaFw0xNzA5MjAyMzU5NTlaMFYxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZBgNVBAMTEnNpbXBsZWRuc2NyeXB0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMckfBBUAmrlLg9wkJ4soZKlNIQMjAggQKzmCAoclNmR68JK3M4fLIkZ2yXTonlITBB6lnVMoAEZBMpbwABFaHlvwXOygaKXWMqPrv9P2mABRSsrUM48enZZksNWv7PgLoxCuUq5dQBTVQR\/+by4tusvjA8jLniSGAuRogCoK4+Bry\/K+xZLe6ieKZUbVIlNqwdFGVmi1s5OLasHEUqX3u10wEovTkqy0XKLeRMURdWGGIngZ4B1kBCB2d1U+m0gFZYxmqr1P6dc7K8OEI3dM3DbamnJnsXBJbGEaumQnAruKpEh9F42Ex5kUzE0\/0+ZFnaBZZ5GElTxAukaT6e5cC9AjTkUNuhSiVZmYI3UO5kBtvx+puTX6r6HSCENTo8ysIVAw1KYMcNaU8lYpu8keEp0LYAErZzfAYqii7LXakRuY38nE81YesDT6mZZ1Ly9tnGg4M6ODkxJdz5DZmROa7jf8FmEtCAEowI5vLVOllOfnWanbpE2+EvTbRRy\/fzHdxKqlCdny547wJVtRBzRfgbpneL2Rl4XMDk+eO9+SRc9ZBEO+\/Bmiz9V5vnn8ZVeKQPUGyXFzUb00uH1IfaZcPPWqJSewYGBo2cK\/Vkdgwr65W8qBkCn5miAkFskh\/VXELFsO4eP9lILEVHFXkRsG\/flpdUix7ZBlvkKZSSaYW8VAgMBAAGjggHnMIIB4zAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUriOphLhNie\/nS04PS4s1uALDpQswDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG8="}
-00781{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_tot_l4_data_len":1660,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00792{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1491813284555,"flow_last_seen":1491813284804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1516,"flow_avg_l4_payload_len":252,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02180{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":809422,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGQ1VAADMGcn6GdxoYwKgrpwG7xDnBW9QK3\/17slAQAO3CTAAAY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzaW1wbGVkbnNjcnlwdC5vcmeCFnd3dy5zaW1wbGVkbnNjcnlwdC5vcmcwDQYJKoZIhvcNAQELBQADggEBAEYKh0V6lmCDQfNwo5jPTcH6S9OBZ3Moyfar6ls8iUE8tp\/LzNzBmFb+TXq8npQywPd6U9lqAmXSoJhyb0dfYBhHNVbsB3cQ14vBgqNMJM5m+cWeyf\/JuPZZFBypV6qfp0R+3wJrnwK6f10riZMvAxtVsnZgneHQr4eFFSBfHM1MTPMjofv5JIYhc6+CAaCp2NcOqOsu4Y40YpTUMbkYOxaWUTkMOAgJXGhWVj4TdHMrScYZuPI2D+FcmknNKB4k7q+xxdQ\/8Z1BFGci4Yasa8VEmFoacSHLZ3plleYor63ehrG6hIIT\/HsaYVTaC23y2ysidaPGKG3OrI5uVNMugsgABgwwggYIMIID8KADAgECAhArLm7q2XU2bBSKbtujfIwHMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAyMTIwMDAwMDBaFw0yOTAyMTEyMzU5NTlaMIGQMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE2MDQGA1UEAxMtQ09NT0RPIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsICGeGgWaTrODWNLP0B0NNJwGTHC2IFRRY6qKDADAJ\/HczbxKFtdwOjD4b54wacPguBiptJG60DvvpL24wg7dXOXmWOPg2vTMKwt0VeUi803kgkZLRBrgCX975n3p7QeqdTgDt8rfWWVW+XRwp8hYsil42zhOCWV9BwGGCWj+4tB5OdobrK0c176cQqmighkU1vkk8lpfJ6Nd0m3Eal0KxZNYz\/TpFDUD9Zkx5sUSHuWBSr\/nVQeD5MsByGE\/prmLzgO5QehVLcA5MkGG7LJ1FF5nDeJUOkDeFKpe22fsjNbe4uHSdzXdxFMICq47JBC6+9RIfaueUbnX+u5YWCpQIDAQABo4IBZTCCAWEwHwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMA4GA1UdDwEB\/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA\/oD2GO2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb24="}
00415{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":809547,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRhAAIAGMNnAqCunhncaGMQ5Abvf\/XuywVvZKFAQAEBmjAAA"}
02188{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":812434,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGQ1ZAADMGcn2GdxoYwKgrpwG7xDnBW9ko3\/17slAQAO0GWgAAQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg\/3kCDKo2cuH1Z\/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBpsP0\/HEZrIqPW1N+8QRcZs2eBelSaz662jue5\/DJpmNXMyYE7l3YphLG5SEXdoltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js9iPc0d1sjhqPpepUfJa3w\/5Vjo1JXvxku88+vZbrac2\/4EjxYoIQ5QxGV\/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ\/\/u+aen\/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX\/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO\/qJakXzlByjAA6quPbYzSf+AZxAeKCINT+b72xAAV4MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci\/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9\/E+ioSj0t\/EFa9n3Byt2F\/yUsPF6c947AEYe7\/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g\/vOldxJuvRZnio1oktLqpVj3Pb6r\/SVg="}
02186{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":819901,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGQ1dAADMGcnyGdxoYwKgrpwG7xDnBW95G3\/17slAQAO34tQAAvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz\/TQ10asyBgiXTw6AqXUz1uouhbcRUCXXH4ycOXYR5N0ATd\/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VXaX2S2FLKc4G\/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeWukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq\/NzgtHj6RQa1wVsfwTz\/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp\/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN\/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0="}
02183{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":819906,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGQ1hAADMGcnuGdxoYwKgrpwG7xDnBW+Nk3\/17slAQAO1GdQAAKddGtworZbbTQm8Vsrh7++\/pXVPVNFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n\/PYmE8eAFqW\/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEFgMDAeAWAAHcAQAB2DCCAdQKAQCgggHNMIIByQYJKwYBBQUHMAEBBIIBujCCAbYwgZ+iFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucYDzIwMTcwNDA5MDQwMjQwWjB0MHIwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCCr5kvWgaS4\/6x6rGelVcqgAAYDzIwMTcwNDA5MDQwMjQwWqARGA8yMDE3MDQxNjA0MDI0MFowDQYJKoZIhvcNAQELBQADggEBAH+wfpp+5LlkCRisx4nBj3QUHeouZckpEuXuzNLrHapMTI2irFC1B8nhS8VqiSEhU80d87eufNjS9ja4P3y\/9Gf1mDgVmwelWuNUfTDa0fIOG+Iok+qRyzywOVh+bLzrVJ1TmjtXTZD42IWFcGqgYx7yUytRrBy8tsK+7tvF\/TdoJvdyDca\/zwlZABw6+foldVCqO5dRcQIV1cOsQ1EYCUZmHJPpUe2sxVE3cuvAzL9LySGo9pync+JfJU2vw8JdwOcokNSprDor2Fq2Lrm0a1PkUH6nOdzaMWMf+cM8JLhskYX9lg8v9hKrHYKQkVmkHpKCAtg4IbjOmYaD7pVy9OUWAwMCTQwAAkkDABdBBMEs0dECnmFQPDW5C0BBrEMoEh4DjhYFU4eSiJdJ9mljSCwYMH7V0aqjKeNFtBNkSZzO+82ibO9HrYtEZLZ8uDkGAQIAk5XSxny444hJPAK0CpcicVGDHP34yccqcLYDlo74p7IOXPx0SctfMWFb2A8xgPUxJLYc9cB2I7sj8\/0z76ycvCM5RRzSYQWvG5fn\/5iwJxbsVCfnDwJJZnfgvh07WRjpKHYVTfAwTJpj85KMnatkxk63nWewt4+TX8iq4cY3AB3\/a5QUn5GqW4LItt2OQm6ABClfUZGcxaUs4crG9lguHxOSFUMmCUWr69ZAh9PDiLkKoc86nSogP7WkDOP6U\/FD7uSo4RqMculUizMsuht5YTgS3kzGS1I="}
-01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_tot_l4_data_len":7000,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":636,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1491813284555,"flow_last_seen":1491813284819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6756,"flow_avg_l4_payload_len":614,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"b8f81673c0e1d29908346f3bab892b9b","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
00836{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":819907,"pkt_caplen":360,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":360,"pkt_l4_len":326,"pkt":"pDTZFrEGuFpz9d6dCABFAAFaQ1lAADMGdmaGdxoYwKgrpwG7xDnBW+iC3\/17slAYAO3oGAAAY0Xq\/9g4SaHrnZU8W1EHPc0FO8GkCpQDheHi1SbVYbB9oNEiawhz288ItkmH6s7w0KED+G+eCWHNyuXA3itUrsI3pIWlCF52GKrWkKP0tp81086u88BxGaebXQsoIN5DJj+Bkoh+LdpaN54mH6seoq0838MPwuEFWHBBAdUELKkrH\/owKxm4b1PukIrJ6X5pT4z5sS8GkdA2Auq6Afx2mzKwic7VG\/QM7RGtFcnOQchhmy0eEFvCbRRk+9iyB8vHpzlYjS8F5\/Gf2pAVXe0WvA7kUdTGMcYZEtAafqgneJnHhfsa6+wE1MrrlHWrtCRuUw\/BrDa4DslYLKEsCrqa\/sD\/vfjhn1PjhKWaFL8lEIko8KEFzoTomOzgFAGEEb\/k+guXUfM2tmxYFgMDAAQOAAAA"}
00417{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":820155,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPRlAAIAGMNjAqCunhncaGMQ5Abvf\/XuywVvptFAQAEBWAAAA"}
00589{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":825049,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"uFpz9d6dpDTZFrEGCABFAACmPRpAAIAGMFnAqCunhncaGMQ5Abvf\/XuywVvptFAYAEBS2QAAFgMDAEYQAABCQQQmJSolkwGDyVAdCVJ6eIlxoGwq5F0FnvTyGQfQq87GDzWoVfXGSnPYpcidY+497arq9kBqNEHHq0pXWvGrnjmFFAMDAAEBFgMDACgAAAAAAAAAABYnOw0XTGd6c2GPgttRE3Y7c\/U6PC3f24OW3JIoT6yO"}
00491{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813284,"pkt_ts_usec":839943,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"uFpz9d6dpDTZFrEGCABFAABdPRtAAIAGMKHAqCunhncaGMQ5Abvf\/XwwwVvptFAYAEBVBwAAFwMDADAAAAAAAAAAAQS1TJ+m8SrlGXLzDCmOjwkrDHkaokQ+7Wi90r7MCGPULJYmu25moAk="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491813286275,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1491813286275,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":275625,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSdAAIAGML7AqCunhncaGMRNAbtYb9jbAAAAAIACIADK3QAAAgQFtAEDAwgBAQQC"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1491813286392,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1491813286392,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":392272,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PShAAIAGML3AqCunhncaGMRSAbte7A6DAAAAAIACIACOtAAAAgQFtAEDAwgBAQQC"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1491813286393,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1491813286393,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":393273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PSlAAIAGMLzAqCunhncaGMRTAbtepcAHAAAAAIACIADddQAAAgQFtAEDAwgBAQQC"}
00433{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":463777,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xE3jDV\/XWG\/Y3IASchA2bgAAAgQFHgEBBAIBAwMH"}
00415{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":463900,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSpAAIAGMMfAqCunhncaGMRNAbtYb9jc4w1f2FAQAEDoegAA"}
00701{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":464103,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PStAAIAGL\/TAqCunhncaGMRNAbtYb9jc4w1f2FAYAEDIdQAAFgMBAM0BAADJAwNv0uKa8YPP5S3C1fDc6AAVy\/lKelnnMptROJU3jjxHAgAAIGpqwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgOrqAAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAja2gAdABcAGJqaAAEA"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1491813286275,"flow_last_seen":1491813286464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00431{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":470177,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADUGuOWGdxoYwKgrpwG7xFOF+CiKXqXACIASchDdaAAAAgQFHgEBBAIBAwMH"}
00415{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":470265,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPSxAAIAGMMXAqCunhncaGMRTAbtepcAIhfgoi1AQAECPdQAA"}
00700{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":470494,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PS1AAIAGL\/LAqCunhncaGMRTAbtepcAIhfgoi1AYAEAxMwAAFgMBAM0BAADJAwPabWMx4TPEe003EmcOaVVkGB4BJdiLaMIosjjzc6WatQAAINrawCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgGpqAAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAhqagAdABcAGDo6AAEA"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1491813286393,"flow_last_seen":1491813286470,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00431{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":489522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xFKVdKj9XuwOhIASchD+twAAAgQFHgEBBAIBAwMH"}
00416{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":489644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPS5AAIAGMMPAqCunhncaGMRSAbte7A6ElXSo\/lAQAECwxAAA"}
00702{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":491438,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"uFpz9d6dpDTZFrEGCABFAAD6PS9AAIAGL\/DAqCunhncaGMRSAbte7A6ElXSo\/lAYAEA4UAAAFgMBAM0BAADJAwMEITmqCCDYKHQAOZXDppXwBZfCK5UgUTxqQznpvaY\/AwAAIAoKwCvAL8AswDDMqcyozBTME8ATwBQAnACdAC8ANQAKAQAAgDo6AAD\/AQABAAAAABcAFQAAEnNpbXBsZWRuc2NyeXB0Lm9yZwAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAgqKgAdABcAGKqqAAEA"}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1491813286392,"flow_last_seen":1491813286491,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00416{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":545726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"pDTZFrEGuFpz9d6dCABFAAAovEhAADUG\/KiGdxoYwKgrpwG7xFOF+CiLXqXA2lAQAO2N9gAA"}
02182{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":573464,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGvElAADUG94mGdxoYwKgrpwG7xFOF+CiLXqXA2lAQAO2+aAAAFgMDAE4CAABKAwOVw+3slcnEBg1d\/J9MTQ+QtWLiUZUSggGmLi8EnEpAxgDALwAAIgAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMWMAsAFiwAFikABl8wggZbMIIFQ6ADAgECAhEAgq+ZL1oGkuP+seqxnpVXKjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA5MjEwMDAwMDBaFw0xNzA5MjAyMzU5NTlaMFYxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZBgNVBAMTEnNpbXBsZWRuc2NyeXB0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMckfBBUAmrlLg9wkJ4soZKlNIQMjAggQKzmCAoclNmR68JK3M4fLIkZ2yXTonlITBB6lnVMoAEZBMpbwABFaHlvwXOygaKXWMqPrv9P2mABRSsrUM48enZZksNWv7PgLoxCuUq5dQBTVQR\/+by4tusvjA8jLniSGAuRogCoK4+Bry\/K+xZLe6ieKZUbVIlNqwdFGVmi1s5OLasHEUqX3u10wEovTkqy0XKLeRMURdWGGIngZ4B1kBCB2d1U+m0gFZYxmqr1P6dc7K8OEI3dM3DbamnJnsXBJbGEaumQnAruKpEh9F42Ex5kUzE0\/0+ZFnaBZZ5GElTxAukaT6e5cC9AjTkUNuhSiVZmYI3UO5kBtvx+puTX6r6HSCENTo8ysIVAw1KYMcNaU8lYpu8keEp0LYAErZzfAYqii7LXakRuY38nE81YesDT6mZZ1Ly9tnGg4M6ODkxJdz5DZmROa7jf8FmEtCAEowI5vLVOllOfnWanbpE2+EvTbRRy\/fzHdxKqlCdny547wJVtRBzRfgbpneL2Rl4XMDk+eO9+SRc9ZBEO+\/Bmiz9V5vnn8ZVeKQPUGyXFzUb00uH1IfaZcPPWqJSewYGBo2cK\/Vkdgwr65W8qBkCn5miAkFskh\/VXELFsO4eP9lILEVHFXkRsG\/flpdUix7ZBlvkKZSSaYW8VAgMBAAGjggHnMIIB4zAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUriOphLhNie\/nS04PS4s1uALDpQswDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG8="}
-00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_tot_l4_data_len":1664,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":53,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1491813286393,"flow_last_seen":1491813286573,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02180{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":575998,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGvEpAADUG94iGdxoYwKgrpwG7xFOF+C2pXqXA2lAQAO3gJwAAY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzaW1wbGVkbnNjcnlwdC5vcmeCFnd3dy5zaW1wbGVkbnNjcnlwdC5vcmcwDQYJKoZIhvcNAQELBQADggEBAEYKh0V6lmCDQfNwo5jPTcH6S9OBZ3Moyfar6ls8iUE8tp\/LzNzBmFb+TXq8npQywPd6U9lqAmXSoJhyb0dfYBhHNVbsB3cQ14vBgqNMJM5m+cWeyf\/JuPZZFBypV6qfp0R+3wJrnwK6f10riZMvAxtVsnZgneHQr4eFFSBfHM1MTPMjofv5JIYhc6+CAaCp2NcOqOsu4Y40YpTUMbkYOxaWUTkMOAgJXGhWVj4TdHMrScYZuPI2D+FcmknNKB4k7q+xxdQ\/8Z1BFGci4Yasa8VEmFoacSHLZ3plleYor63ehrG6hIIT\/HsaYVTaC23y2ysidaPGKG3OrI5uVNMugsgABgwwggYIMIID8KADAgECAhArLm7q2XU2bBSKbtujfIwHMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAyMTIwMDAwMDBaFw0yOTAyMTEyMzU5NTlaMIGQMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE2MDQGA1UEAxMtQ09NT0RPIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsICGeGgWaTrODWNLP0B0NNJwGTHC2IFRRY6qKDADAJ\/HczbxKFtdwOjD4b54wacPguBiptJG60DvvpL24wg7dXOXmWOPg2vTMKwt0VeUi803kgkZLRBrgCX975n3p7QeqdTgDt8rfWWVW+XRwp8hYsil42zhOCWV9BwGGCWj+4tB5OdobrK0c176cQqmighkU1vkk8lpfJ6Nd0m3Eal0KxZNYz\/TpFDUD9Zkx5sUSHuWBSr\/nVQeD5MsByGE\/prmLzgO5QehVLcA5MkGG7LJ1FF5nDeJUOkDeFKpe22fsjNbe4uHSdzXdxFMICq47JBC6+9RIfaueUbnX+u5YWCpQIDAQABo4IBZTCCAWEwHwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMA4GA1UdDwEB\/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA\/oD2GO2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb24="}
00415{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":576105,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTBAAIAGMMHAqCunhncaGMRTAbtepcDahfgyx1AQAECEZwAA"}
02188{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":576592,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGvEtAADUG94eGdxoYwKgrpwG7xFOF+DLHXqXA2lAQAO0kNQAAQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg\/3kCDKo2cuH1Z\/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBpsP0\/HEZrIqPW1N+8QRcZs2eBelSaz662jue5\/DJpmNXMyYE7l3YphLG5SEXdoltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js9iPc0d1sjhqPpepUfJa3w\/5Vjo1JXvxku88+vZbrac2\/4EjxYoIQ5QxGV\/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ\/\/u+aen\/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX\/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO\/qJakXzlByjAA6quPbYzSf+AZxAeKCINT+b72xAAV4MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci\/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9\/E+ioSj0t\/EFa9n3Byt2F\/yUsPF6c947AEYe7\/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g\/vOldxJuvRZnio1oktLqpVj3Pb6r\/SVg="}
02185{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":576593,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGvExAADUG94aGdxoYwKgrpwG7xFOF+DflXqXA2lAQAO0WkQAAvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz\/TQ10asyBgiXTw6AqXUz1uouhbcRUCXXH4ycOXYR5N0ATd\/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VXaX2S2FLKc4G\/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeWukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq\/NzgtHj6RQa1wVsfwTz\/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp\/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN\/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0="}
00416{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":576695,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTFAAIAGMMDAqCunhncaGMRTAbtepcDahfg9A1AQAEB6KwAA"}
02185{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":577890,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGvE1AADUG94WGdxoYwKgrpwG7xFOF+D0DXqXA2lAQAO2hbAAAKddGtworZbbTQm8Vsrh7++\/pXVPVNFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n\/PYmE8eAFqW\/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEFgMDAeAWAAHcAQAB2DCCAdQKAQCgggHNMIIByQYJKwYBBQUHMAEBBIIBujCCAbYwgZ+iFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucYDzIwMTcwNDA5MDQwMjQwWjB0MHIwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCCr5kvWgaS4\/6x6rGelVcqgAAYDzIwMTcwNDA5MDQwMjQwWqARGA8yMDE3MDQxNjA0MDI0MFowDQYJKoZIhvcNAQELBQADggEBAH+wfpp+5LlkCRisx4nBj3QUHeouZckpEuXuzNLrHapMTI2irFC1B8nhS8VqiSEhU80d87eufNjS9ja4P3y\/9Gf1mDgVmwelWuNUfTDa0fIOG+Iok+qRyzywOVh+bLzrVJ1TmjtXTZD42IWFcGqgYx7yUytRrBy8tsK+7tvF\/TdoJvdyDca\/zwlZABw6+foldVCqO5dRcQIV1cOsQ1EYCUZmHJPpUe2sxVE3cuvAzL9LySGo9pync+JfJU2vw8JdwOcokNSprDor2Fq2Lrm0a1PkUH6nOdzaMWMf+cM8JLhskYX9lg8v9hKrHYKQkVmkHpKCAtg4IbjOmYaD7pVy9OUWAwMCTQwAAkkDABdBBCc8hf9vE2wZwrQnXu9YH+lRMUNRSLgJU8KHHrKTvfXna2Y4by1Lls1iB8\/WNqhdR+rdUUd0AgB+00cm261o1TgGAQIAQyzFpmcfP1MnDH5qpcaD9K8mug\/oateQWX23GjbQ2EqxbYJUXZzx42vCql1QVtN3ydUt9NLSmtyQFakIlrTTqfd1sMQ0p4PUFBlaykzLol4lEM\/foAJ1ypoc0kphEASKw7dSKE46k1cWWf0Kr7Vc14fRfQ66O3Xak0CwI6W5ewD\/ahs\/I0OrD6KCKuLSgyG39Uucn\/dNBeTexQbNk0R721qVnEc08qax8lakfFsM7kf+0+2nGlp0a+4e\/Tbc87+QqcGEa10UVJgFZNmojtYUAd2A0bjFqDo="}
-01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_tot_l4_data_len":7024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":12,"flow_first_seen":1491813286393,"flow_last_seen":1491813286577,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
00834{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":577893,"pkt_caplen":360,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":360,"pkt_l4_len":326,"pkt":"pDTZFrEGuFpz9d6dCABFAAFavE5AADUG+3CGdxoYwKgrpwG7xFOF+EIhXqXA2lAYAO1VyQAAgfDgysVfPEvmt5Z9dTAzetcvPVa35+oZfQL6WY0Ay7\/SLRbZjQkIzELPhiW\/jQuAta0gRp95uN6eScNGa9U+1+0LcjCHLosA2x+QmQYF8egmyHJlZdJk\/Sgu9KwWjD7uvcr4eSFqJqFqmIts60wVW9\/jpZRmS1gbKvtL\/bHcpM+OE649K\/TgaB7ykLDJwPfp2FcqRMwnYdMCBQtedbCWlaKNpjOM4uWjHkUSJakrdi+JOOcSzf109Ki9FDf2NjuZuEPzkwTfVr7bTmmg7XF\/AO5eC0C8zsIrmetOXUeuCms8RO3U2vi053XW6u314+lb0XlAHaK4816yG097CtxEzbROdp7gvCSlPMKquzXjsj7b8hSNxzDXbRLqJCPRPwyrlJuSOBZx+q8QFgMDAAQOAAAA"}
00417{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":577894,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoyxFAADMG79+GdxoYwKgrpwG7xE3jDV\/YWG\/ZrlAQAO3m+wAA"}
00417{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":578248,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTJAAIAGML\/AqCunhncaGMRTAbtepcDahfhDU1AQAEBz2wAA"}
00587{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":581502,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"uFpz9d6dpDTZFrEGCABFAACmPTNAAIAGMEDAqCunhncaGMRTAbtepcDahfhDU1AYAEC7GAAAFgMDAEYQAABCQQRW0lV6McmTUT8JY9gbBLSM5KYf2JZG113UuVep5lsaZ+vaAaBxlB4uxo3rOimT2gVpPyUiEaINLq9dzSN1ucsqFAMDAAEBFgMDACgAAAAAAAAAADO6WjRkHVs5dxlyRfEYMkuQgMxWA5hhAVoDLVBE0snP"}
02183{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":586517,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGyxJAADMG6sCGdxoYwKgrpwG7xE3jDV\/YWG\/ZrlAQAO1XTAAAFgMDAE4CAABKAwP8wAzvKk5HUlNo3C2nCdDWJUj9FJTpDUdpGrUZtmUKOQDALwAAIgAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMWMAsAFiwAFikABl8wggZbMIIFQ6ADAgECAhEAgq+ZL1oGkuP+seqxnpVXKjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA5MjEwMDAwMDBaFw0xNzA5MjAyMzU5NTlaMFYxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZBgNVBAMTEnNpbXBsZWRuc2NyeXB0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMckfBBUAmrlLg9wkJ4soZKlNIQMjAggQKzmCAoclNmR68JK3M4fLIkZ2yXTonlITBB6lnVMoAEZBMpbwABFaHlvwXOygaKXWMqPrv9P2mABRSsrUM48enZZksNWv7PgLoxCuUq5dQBTVQR\/+by4tusvjA8jLniSGAuRogCoK4+Bry\/K+xZLe6ieKZUbVIlNqwdFGVmi1s5OLasHEUqX3u10wEovTkqy0XKLeRMURdWGGIngZ4B1kBCB2d1U+m0gFZYxmqr1P6dc7K8OEI3dM3DbamnJnsXBJbGEaumQnAruKpEh9F42Ex5kUzE0\/0+ZFnaBZZ5GElTxAukaT6e5cC9AjTkUNuhSiVZmYI3UO5kBtvx+puTX6r6HSCENTo8ysIVAw1KYMcNaU8lYpu8keEp0LYAErZzfAYqii7LXakRuY38nE81YesDT6mZZ1Ly9tnGg4M6ODkxJdz5DZmROa7jf8FmEtCAEowI5vLVOllOfnWanbpE2+EvTbRRy\/fzHdxKqlCdny547wJVtRBzRfgbpneL2Rl4XMDk+eO9+SRc9ZBEO+\/Bmiz9V5vnn8ZVeKQPUGyXFzUb00uH1IfaZcPPWqJSewYGBo2cK\/Vkdgwr65W8qBkCn5miAkFskh\/VXELFsO4eP9lILEVHFXkRsG\/flpdUix7ZBlvkKZSSaYW8VAgMBAAGjggHnMIIB4zAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUriOphLhNie\/nS04PS4s1uALDpQswDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG8="}
-00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_tot_l4_data_len":1664,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1491813286275,"flow_last_seen":1491813286586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02181{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":587580,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGyxNAADMG6r+GdxoYwKgrpwG7xE3jDWT2WG\/ZrlAQAO05LQAAY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzaW1wbGVkbnNjcnlwdC5vcmeCFnd3dy5zaW1wbGVkbnNjcnlwdC5vcmcwDQYJKoZIhvcNAQELBQADggEBAEYKh0V6lmCDQfNwo5jPTcH6S9OBZ3Moyfar6ls8iUE8tp\/LzNzBmFb+TXq8npQywPd6U9lqAmXSoJhyb0dfYBhHNVbsB3cQ14vBgqNMJM5m+cWeyf\/JuPZZFBypV6qfp0R+3wJrnwK6f10riZMvAxtVsnZgneHQr4eFFSBfHM1MTPMjofv5JIYhc6+CAaCp2NcOqOsu4Y40YpTUMbkYOxaWUTkMOAgJXGhWVj4TdHMrScYZuPI2D+FcmknNKB4k7q+xxdQ\/8Z1BFGci4Yasa8VEmFoacSHLZ3plleYor63ehrG6hIIT\/HsaYVTaC23y2ysidaPGKG3OrI5uVNMugsgABgwwggYIMIID8KADAgECAhArLm7q2XU2bBSKbtujfIwHMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAyMTIwMDAwMDBaFw0yOTAyMTEyMzU5NTlaMIGQMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE2MDQGA1UEAxMtQ09NT0RPIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsICGeGgWaTrODWNLP0B0NNJwGTHC2IFRRY6qKDADAJ\/HczbxKFtdwOjD4b54wacPguBiptJG60DvvpL24wg7dXOXmWOPg2vTMKwt0VeUi803kgkZLRBrgCX975n3p7QeqdTgDt8rfWWVW+XRwp8hYsil42zhOCWV9BwGGCWj+4tB5OdobrK0c176cQqmighkU1vkk8lpfJ6Nd0m3Eal0KxZNYz\/TpFDUD9Zkx5sUSHuWBSr\/nVQeD5MsByGE\/prmLzgO5QehVLcA5MkGG7LJ1FF5nDeJUOkDeFKpe22fsjNbe4uHSdzXdxFMICq47JBC6+9RIfaueUbnX+u5YWCpQIDAQABo4IBZTCCAWEwHwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMA4GA1UdDwEB\/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA\/oD2GO2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb24="}
02189{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":587582,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGyxRAADMG6r6GdxoYwKgrpwG7xE3jDWoUWG\/ZrlAQAO19OgAAQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg\/3kCDKo2cuH1Z\/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBpsP0\/HEZrIqPW1N+8QRcZs2eBelSaz662jue5\/DJpmNXMyYE7l3YphLG5SEXdoltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js9iPc0d1sjhqPpepUfJa3w\/5Vjo1JXvxku88+vZbrac2\/4EjxYoIQ5QxGV\/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ\/\/u+aen\/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX\/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO\/qJakXzlByjAA6quPbYzSf+AZxAeKCINT+b72xAAV4MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci\/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9\/E+ioSj0t\/EFa9n3Byt2F\/yUsPF6c947AEYe7\/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g\/vOldxJuvRZnio1oktLqpVj3Pb6r\/SVg="}
00415{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":587663,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTdAAIAGMLrAqCunhncaGMRNAbtYb9mu4w1vMlAQAEDYTgAA"}
02186{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":592873,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGyxVAADMG6r2GdxoYwKgrpwG7xE3jDW8yWG\/ZrlAQAO1vlgAAvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz\/TQ10asyBgiXTw6AqXUz1uouhbcRUCXXH4ycOXYR5N0ATd\/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VXaX2S2FLKc4G\/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeWukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq\/NzgtHj6RQa1wVsfwTz\/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp\/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN\/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0="}
00416{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":592939,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTtAAIAGMLbAqCunhncaGMRNAbtYb9mu4w10UFAQAEDTMAAA"}
02180{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":594033,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGyxZAADMG6ryGdxoYwKgrpwG7xE3jDXRQWG\/ZrlAQAO3legAAKddGtworZbbTQm8Vsrh7++\/pXVPVNFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n\/PYmE8eAFqW\/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEFgMDAeAWAAHcAQAB2DCCAdQKAQCgggHNMIIByQYJKwYBBQUHMAEBBIIBujCCAbYwgZ+iFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucYDzIwMTcwNDA5MDQwMjQwWjB0MHIwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCCr5kvWgaS4\/6x6rGelVcqgAAYDzIwMTcwNDA5MDQwMjQwWqARGA8yMDE3MDQxNjA0MDI0MFowDQYJKoZIhvcNAQELBQADggEBAH+wfpp+5LlkCRisx4nBj3QUHeouZckpEuXuzNLrHapMTI2irFC1B8nhS8VqiSEhU80d87eufNjS9ja4P3y\/9Gf1mDgVmwelWuNUfTDa0fIOG+Iok+qRyzywOVh+bLzrVJ1TmjtXTZD42IWFcGqgYx7yUytRrBy8tsK+7tvF\/TdoJvdyDca\/zwlZABw6+foldVCqO5dRcQIV1cOsQ1EYCUZmHJPpUe2sxVE3cuvAzL9LySGo9pync+JfJU2vw8JdwOcokNSprDor2Fq2Lrm0a1PkUH6nOdzaMWMf+cM8JLhskYX9lg8v9hKrHYKQkVmkHpKCAtg4IbjOmYaD7pVy9OUWAwMCTQwAAkkDABdBBHapq+a+1RvaPkrw+ee4k70lh1UvgomunW7tJZ3KB124vcMiE9zuSDjw4PjWLR7E4GTzkba9rjMuXrbauIHzKn8GAQIAplJVwDYmDyML4CQqvp1K03QmRcaDRSLAosFIHzAu+sRgS4ebNR1U+qXWnKHsr4NyPmpRKNuQtWk9DiLrHVaOTLjs2sp38uqEwrOQ3UxXMDKscR1hzl5lnSJoMmXRKibLbT6rRa8wH+wE5niBm63yoijWbPb3gM9Yrt7XniDCuX8sE8b5leg1+dfONIAju22uS\/nTvjAUNQGLY373tsRF9u0TebVGxNOBmi+RJYuGPyjgaC6hIj8qnAHaRcUIufdTuupfzhDQdcw19jjXcdjEO55xl3IgL5M="}
-01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_tot_l4_data_len":7024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":76,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":12,"flow_first_seen":1491813286275,"flow_last_seen":1491813286594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
00834{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":594496,"pkt_caplen":360,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":360,"pkt_l4_len":326,"pkt":"pDTZFrEGuFpz9d6dCABFAAFayxdAADMG7qeGdxoYwKgrpwG7xE3jDXluWG\/ZrlAYAO3PeQAA9KgKw1cRKN1LhBpLd0u6575qOGfheGjeKby+2Oy67SVjTf9V2dZBv9BQgaDSierKZovk7ZVnrNNHEsWJhs4XAqtOL7+AnB+KGzxwpkYnPGOxO1gLCj5HmyeXEn+HHxS25swqrkgAec\/JaI2JcROXZppxzn1shFTqUuJpFv1dXzcXCgTjsAIWBKB4u2Bf09QjWk86ppbUwDXx74wtLbeoFSGvP4zs\/WR18s35Wm5lVtMgmoCFrl7U8NCN0abLau0Hn5RiLdTA7XfY\/+uj+QEvI\/nDtTiroeKDOFxXG3jja6DhnklD9Ty1bXR13kyPLxRh2ECehDLaCgotOanR8u7LB\/FRF7jVnFmDXDm8OdqRTvpOO+j9QbKG\/9spShqTY4XwJ09Wr0r9LbwgFgMDAAQOAAAA"}
00415{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":594497,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"pDTZFrEGuFpz9d6dCABFAAAoPCFAADMGftCGdxoYwKgrpwG7xFKVdKj+XuwPVlAQAO2vRQAA"}
00416{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":594609,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPTxAAIAGMLXAqCunhncaGMRNAbtYb9mu4w16oFAQAEDM4AAA"}
00588{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":598966,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"uFpz9d6dpDTZFrEGCABFAACmPT1AAIAGMDbAqCunhncaGMRNAbtYb9mu4w16oFAYAEDgnQAAFgMDAEYQAABCQQQ5fXNvqbM11bCAY9DPMQgGl+h2VtzUXoPpNzY63jYw2WS6d0DPAXMiUXzSMxAPEkVJHsBPRzq4wrlqJTMAnyVeFAMDAAEBFgMDACgAAAAAAAAAACEYNrBfOvxn+amPUTqDEMEbEnofHBf+HvoGe9j\/c1FH"}
02181{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":609961,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGPCJAADMGebGGdxoYwKgrpwG7xFKVdKj+XuwPVlAQAO2HAwAAFgMDAE4CAABKAwPRJEonBRLMJfaLaVlyxfTIHpJjWzn7Q34svDlfU+7rVwDALwAAIgAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMWMAsAFiwAFikABl8wggZbMIIFQ6ADAgECAhEAgq+ZL1oGkuP+seqxnpVXKjANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTA5MjEwMDAwMDBaFw0xNzA5MjAyMzU5NTlaMFYxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxGzAZBgNVBAMTEnNpbXBsZWRuc2NyeXB0Lm9yZzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMckfBBUAmrlLg9wkJ4soZKlNIQMjAggQKzmCAoclNmR68JK3M4fLIkZ2yXTonlITBB6lnVMoAEZBMpbwABFaHlvwXOygaKXWMqPrv9P2mABRSsrUM48enZZksNWv7PgLoxCuUq5dQBTVQR\/+by4tusvjA8jLniSGAuRogCoK4+Bry\/K+xZLe6ieKZUbVIlNqwdFGVmi1s5OLasHEUqX3u10wEovTkqy0XKLeRMURdWGGIngZ4B1kBCB2d1U+m0gFZYxmqr1P6dc7K8OEI3dM3DbamnJnsXBJbGEaumQnAruKpEh9F42Ex5kUzE0\/0+ZFnaBZZ5GElTxAukaT6e5cC9AjTkUNuhSiVZmYI3UO5kBtvx+puTX6r6HSCENTo8ysIVAw1KYMcNaU8lYpu8keEp0LYAErZzfAYqii7LXakRuY38nE81YesDT6mZZ1Ly9tnGg4M6ODkxJdz5DZmROa7jf8FmEtCAEowI5vLVOllOfnWanbpE2+EvTbRRy\/fzHdxKqlCdny547wJVtRBzRfgbpneL2Rl4XMDk+eO9+SRc9ZBEO+\/Bmiz9V5vnn8ZVeKQPUGyXFzUb00uH1IfaZcPPWqJSewYGBo2cK\/Vkdgwr65W8qBkCn5miAkFskh\/VXELFsO4eP9lILEVHFXkRsG\/flpdUix7ZBlvkKZSSaYW8VAgMBAAGjggHnMIIB4zAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQUriOphLhNie\/nS04PS4s1uALDpQswDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG8="}
-00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_tot_l4_data_len":1664,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":81,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1491813286392,"flow_last_seen":1491813286609,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":1520,"flow_avg_l4_payload_len":253,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02180{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":610521,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGPCNAADMGebCGdxoYwKgrpwG7xFKVdK4cXuwPVlAQAO0BdwAAY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA1BgNVHREELjAsghJzaW1wbGVkbnNjcnlwdC5vcmeCFnd3dy5zaW1wbGVkbnNjcnlwdC5vcmcwDQYJKoZIhvcNAQELBQADggEBAEYKh0V6lmCDQfNwo5jPTcH6S9OBZ3Moyfar6ls8iUE8tp\/LzNzBmFb+TXq8npQywPd6U9lqAmXSoJhyb0dfYBhHNVbsB3cQ14vBgqNMJM5m+cWeyf\/JuPZZFBypV6qfp0R+3wJrnwK6f10riZMvAxtVsnZgneHQr4eFFSBfHM1MTPMjofv5JIYhc6+CAaCp2NcOqOsu4Y40YpTUMbkYOxaWUTkMOAgJXGhWVj4TdHMrScYZuPI2D+FcmknNKB4k7q+xxdQ\/8Z1BFGci4Yasa8VEmFoacSHLZ3plleYor63ehrG6hIIT\/HsaYVTaC23y2ysidaPGKG3OrI5uVNMugsgABgwwggYIMIID8KADAgECAhArLm7q2XU2bBSKbtujfIwHMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAyMTIwMDAwMDBaFw0yOTAyMTEyMzU5NTlaMIGQMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE2MDQGA1UEAxMtQ09NT0RPIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsICGeGgWaTrODWNLP0B0NNJwGTHC2IFRRY6qKDADAJ\/HczbxKFtdwOjD4b54wacPguBiptJG60DvvpL24wg7dXOXmWOPg2vTMKwt0VeUi803kgkZLRBrgCX975n3p7QeqdTgDt8rfWWVW+XRwp8hYsil42zhOCWV9BwGGCWj+4tB5OdobrK0c176cQqmighkU1vkk8lpfJ6Nd0m3Eal0KxZNYz\/TpFDUD9Zkx5sUSHuWBSr\/nVQeD5MsByGE\/prmLzgO5QehVLcA5MkGG7LJ1FF5nDeJUOkDeFKpe22fsjNbe4uHSdzXdxFMICq47JBC6+9RIfaueUbnX+u5YWCpQIDAQABo4IBZTCCAWEwHwYDVR0jBBgwFoAUu69+Aj36pvE8hI6t7jiY7NkyMtQwHQYDVR0OBBYEFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMA4GA1UdDwEB\/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQIBMEwGA1UdHwRFMEMwQaA\/oD2GO2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNlcnRpZmljYXRpb24="}
00415{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":610600,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPT5AAIAGMLPAqCunhncaGMRSAbte7A9WlXSzOlAQAECltgAA"}
02188{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":611120,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGPCRAADMGea+GdxoYwKgrpwG7xFKVdLM6XuwPVlAQAO1FhAAAQXV0aG9yaXR5LmNybDBxBggrBgEFBQcBAQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2pmj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg\/3kCDKo2cuH1Z\/e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBpsP0\/HEZrIqPW1N+8QRcZs2eBelSaz662jue5\/DJpmNXMyYE7l3YphLG5SEXdoltMYdVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc2bXhc3js9iPc0d1sjhqPpepUfJa3w\/5Vjo1JXvxku88+vZbrac2\/4EjxYoIQ5QxGV\/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ\/\/u+aen\/e7KJD2AFsQXj4rBYKEMrltDR5FL1ZoXX\/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5AplBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO\/qJakXzlByjAA6quPbYzSf+AZxAeKCINT+b72xAAV4MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci\/ITeIjANBgkqhkiG9w0BAQwFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNwAHG8U9\/E+ioSj0t\/EFa9n3Byt2F\/yUsPF6c947AEYe7\/EZfH9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g\/vOldxJuvRZnio1oktLqpVj3Pb6r\/SVg="}
02185{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":612130,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGPCVAADMGea6GdxoYwKgrpwG7xFKVdLhYXuwPVlAQAO034AAAvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz\/TQ10asyBgiXTw6AqXUz1uouhbcRUCXXH4ycOXYR5N0ATd\/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VXaX2S2FLKc4G\/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXFMfEcMOwsZ9qGxbIY+XKrELoLL+QeWukhNkPKUyKlzousGeyOd3qLzTVWfemFFmBhox15AayP1eXrvjLVri7dvRvR78T1LBNiTgFla4EEkHbKPFWBYR9vvbkb9FfXZX5qz29i45ECzzZc5roW7HY683Ieb0abv8TtvEDhvAAQ6MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq\/NzgtHj6RQa1wVsfwTz\/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp\/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN\/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0="}
00416{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":612199,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPT9AAIAGMLLAqCunhncaGMRSAbte7A9WlXS9dlAQAECbegAA"}
02181{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":612925,"pkt_caplen":1364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1364,"pkt_l4_len":1330,"pkt":"pDTZFrEGuFpz9d6dCABFAAVGPCZAADMGea2GdxoYwKgrpwG7xFKVdL12XuwPVlAQAO0yiwAAKddGtworZbbTQm8Vsrh7++\/pXVPVNFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n\/PYmE8eAFqW\/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEFgMDAeAWAAHcAQAB2DCCAdQKAQCgggHNMIIByQYJKwYBBQUHMAEBBIIBujCCAbYwgZ+iFgQUkK9qOpRaC9iQ6hJWc99DtDoo2ucYDzIwMTcwNDA5MDQwMjQwWjB0MHIwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCCr5kvWgaS4\/6x6rGelVcqgAAYDzIwMTcwNDA5MDQwMjQwWqARGA8yMDE3MDQxNjA0MDI0MFowDQYJKoZIhvcNAQELBQADggEBAH+wfpp+5LlkCRisx4nBj3QUHeouZckpEuXuzNLrHapMTI2irFC1B8nhS8VqiSEhU80d87eufNjS9ja4P3y\/9Gf1mDgVmwelWuNUfTDa0fIOG+Iok+qRyzywOVh+bLzrVJ1TmjtXTZD42IWFcGqgYx7yUytRrBy8tsK+7tvF\/TdoJvdyDca\/zwlZABw6+foldVCqO5dRcQIV1cOsQ1EYCUZmHJPpUe2sxVE3cuvAzL9LySGo9pync+JfJU2vw8JdwOcokNSprDor2Fq2Lrm0a1PkUH6nOdzaMWMf+cM8JLhskYX9lg8v9hKrHYKQkVmkHpKCAtg4IbjOmYaD7pVy9OUWAwMCTQwAAkkDABdBBOQBw8a7wwwIBUc6xvoRYH95nvrfu1gNnFZrS3UCDSaz2sm9sLlpLhcqAfa8gejsKHleao51wRJX0wZ5raBhnV4GAQIALnQnGKjqB5gH3ozWgjfwqzq1r9fLbFPh+TecMRPPo7Kb4cdPYHrTZdnzP\/wVgQRmlRxxRmAdF+eYO8VkjhyNbIwURiq96\/6++bWFXva15lFpOzDRGSnn+GsV8Latce+HzRor+gXr76P24APQnSRFcc9dFE61EPF6CJH1OFUyb5AvxOHpD38pQmtACr+aLFVh2Pdmynku3UPNWvmIoHyxLo3PbU0jv4biMOWuClHYVwiQCIyJ\/yl3q9LU9dK34zKNNcLK3+MhNiIT4RnabH+qnJ8rldvJgCc="}
-01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_tot_l4_data_len":7024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
+01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":87,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":12,"flow_first_seen":1491813286392,"flow_last_seen":1491813286612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":6760,"flow_avg_l4_payload_len":563,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"simplednscrypt.org","server_names":"simplednscrypt.org,www.simplednscrypt.org","ja3":"83e04bc58d402f9633983cbf22724b02","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL, CN=simplednscrypt.org","alpn":"h2,http\/1.1","fingerprint":"3E:20:0F:BF:AD:D8:5C:A1:A1:1B:E5:B2:A7:D4:68:E2:6A:DB:01:41"}}
00833{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":612927,"pkt_caplen":360,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":360,"pkt_l4_len":326,"pkt":"pDTZFrEGuFpz9d6dCABFAAFaPCdAADMGfZiGdxoYwKgrpwG7xFKVdMKUXuwPVlAYAO24IwAAOniMGP4VfxmqNYQkfmYsWzbtFzPT8SzMmHLpB8VEC49Krcr1+mK5gWMneNpnV9dODfdehLZnP0A\/O2j3PCFXZww0C2p7j2lBW5KK\/nFKj0DgymGHVQn2sGgTGQbXWLq7kpacgXw8M39PxN7RT2S8WR98pWYHn6moqRPQIUN71ryQq2I3sVu3GSK+WnX6dN+gVflqI+wV93ySPTZNsauRM\/ypKN7HSpQlBFHVKNMAggEU3sXbo\/\/YnRHEE0y13nL0P5k6I9ow\/Isps7udr+o640FCadudaRKKLP7C888mtsiggJjlQ8I3kTpna8W+eEWAtsai9jHCC0AwVsAYwxrsXIn4elp8rDeNYgHNpBqZu2j1wa+9s3OgRLcQiqmrn4PiMSsVVK0GYu0nFgMDAAQOAAAA"}
00416{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":613108,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"uFpz9d6dpDTZFrEGCABFAAAoPUBAAIAGMLHAqCunhncaGMRSAbte7A9WlXTDxlAQAECVKgAA"}
00589{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1491813286,"pkt_ts_usec":617377,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"uFpz9d6dpDTZFrEGCABFAACmPUFAAIAGMDLAqCunhncaGMRSAbte7A9WlXTDxlAYAEBXewAAFgMDAEYQAABCQQS3Xp2AlfFC22Y2YogKVYDmOcIMxJboN\/X7MTLKc+s0a\/3KPHASyDk0CPcYXgtszMN5ekLUAAOsBJqGyUfM8brVFAMDAAEBFgMDACgAAAAAAAAAAGSqZuE6blT7eearrYamBpAP9Uxx8q45CrWFtb1OeTqe"}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_tot_l4_data_len":15042,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":385,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_tot_l4_data_len":7903,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_tot_l4_data_len":7903,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_tot_l4_data_len":10054,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1330,"flow_avg_l4_data_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":39,"flow_first_seen":1491813284555,"flow_last_seen":1491813285262,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":14238,"flow_avg_l4_payload_len":365,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00136{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test"}
diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out
index 093d69a46..3b56d1127 100644
--- a/test/results/sip.pcap.out
+++ b/test/results/sip.pcap.out
@@ -1,7 +1,7 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1120469572844,"flow_last_seen":0,"flow_tot_l4_data_len":475,"flow_min_l4_data_len":475,"flow_max_l4_data_len":475,"flow_avg_l4_data_len":475,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1120469572844,"flow_last_seen":0,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01013{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469572,"pkt_ts_usec":844249,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1120469572844,"flow_last_seen":0,"flow_tot_l4_data_len":475,"flow_min_l4_data_len":475,"flow_max_l4_data_len":475,"flow_avg_l4_data_len":475,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1120469572844,"flow_last_seen":0,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
01037{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469572,"pkt_ts_usec":981006,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7tD8U0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OTAzZGYwYQ0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDkyLTE3MDFhZjYyLTEyMGM2NzE3Mg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDE1MTI0ODczNy00NmVhNzE1ZTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYWY1NjZiZTE4MjA3MDA4NGM2Zjc0MDcwNmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
01297{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469590,"pkt_ts_usec":259876,"pkt_caplen":722,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":722,"pkt_l4_len":688,"pkt":"ADBUADRWAODtAW69CABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MyIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWFmNTY2YmUxODIwNzAwODRjNmY3NDA3MDZiYiIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9ImJkNzlmZWNhZTYwMGEyZWI3OWQzN2VjNzMyMTQ4MzBiIg0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
00798{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469590,"pkt_ts_usec":405967,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/U8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzgtNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
@@ -16,9 +16,9 @@
01047{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469865,"pkt_ts_usec":145161,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"pkt":"AODtAW69ADBUADRWCABFAAIHAABAADcRiibU8iEjwKgBAhPEE8QB83zWU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDczIFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz03NDYwMjg4DQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODYtMTcwMWIxOTMtNjQ1MjA0ZWQ2DQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTIyMDI4NjY3LTQ4MWI5ZmM4MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiMTkxNTE0YzZiNjk1YjRhMmRkNjU5Y2MwZmYiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
01015{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469938,"pkt_ts_usec":910409,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"pkt":"ADBUADRWAODtAW69CABFAAHvakAAAIARFv7AqAEC1PIhIxPEE8QB28mlUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTE0NjM5MDAwLTQ3N2U3NTkxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTZkNTQwYTUNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2MkAxOTIuMTY4LjEuMjo1MDYwO2xpbmU9YWNhNmI5N2NhM2Y1ZTUxYT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDc0IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="}
01038{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120469939,"pkt_ts_usec":47813,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"AODtAW69ADBUADRWCABFAAICAABAADcRiivU8iEjwKgBAhPEE8QB7jgxU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NCBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9NmQ1NDBhNQ0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDg5LTE3MDFiMjM2LTJiNzIxMTYwNw0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDExNDYzOTAwMC00NzdlNzU5MTE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYjIyOTcyYjkwZjQ0MGMzZTRlYjI1MDg0MmJiIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1120470049188,"flow_last_seen":0,"flow_tot_l4_data_len":830,"flow_min_l4_data_len":830,"flow_max_l4_data_len":830,"flow_avg_l4_data_len":830,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1120470049188,"flow_last_seen":0,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01486{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470049,"pkt_ts_usec":188993,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"pkt":"ADBUADRWAODtAW69CABFAANSam4AAIARyuzAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1120470049188,"flow_last_seen":0,"flow_tot_l4_data_len":830,"flow_min_l4_data_len":830,"flow_max_l4_data_len":830,"flow_avg_l4_data_len":830,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1120470049188,"flow_last_seen":0,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
01486{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470049,"pkt_ts_usec":696866,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
01486{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470050,"pkt_ts_usec":699023,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"}
01186{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470051,"pkt_ts_usec":405231,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"pkt":"AODtAW69ADBUADRWCABFAAJvAABAAC8RRz7IRHhRwKgBAhPEE8QCWxwoU0lQLzIuMCAxMDAgdHJ5aW5nIC0tIHlvdXIgY2FsbCBpcyBpbXBvcnRhbnQgdG8gdXMNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQ9NTA2MDtyZWNlaXZlZD04MC4yMzAuMjE5LjcwDQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIElOVklURQ0KU2VydmVyOiBTaXAgRVhwcmVzcyByb3V0ZXIgKDAuOC4xMiAoaTM4Ni9saW51eCkpDQpDb250ZW50LUxlbmd0aDogMA0KV2FybmluZzogMzkyIDIwMC42OC4xMjAuODE6NTA2MCAiTm9pc3kgZmVlZGJhY2sgdGVsbHM6ICBwaWQ9MzI2NDIgcmVxX3NyY19pcD04MC4yMzAuMjE5LjcwIHJlcV9zcmNfcG9ydD01MDYwIGluX3VyaT1zaXA6OTcyMzkyODcwNDRAdm9pcC5icnVqdWxhLm5ldCBvdXRfdXJpPXNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IHZpYV9jbnQ9PTEiDQoNCg=="}
@@ -33,11 +33,11 @@
00891{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470098,"pkt_ts_usec":867648,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"pkt":"ADBUADRWAODtAW69CABFAAGTao0AAIARzIzAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"}
00891{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470102,"pkt_ts_usec":883325,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"pkt":"ADBUADRWAODtAW69CABFAAGTapAAAIARzInAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"}
00891{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470106,"pkt_ts_usec":888846,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"pkt":"ADBUADRWAODtAW69CABFAAGTapEAAIARzIjAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDo4MTY2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0Pg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguMS4yDQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6IDANCk1heC1Gb3J3YXJkczogNzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_tot_l4_data_len":8900,"flow_min_l4_data_len":355,"flow_max_l4_data_len":830,"flow_avg_l4_data_len":494,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":50,"flow_first_seen":1120469572844,"flow_last_seen":1120470509599,"flow_tot_l4_data_len":18892,"flow_min_l4_data_len":13,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":377,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1120470796804,"flow_last_seen":0,"flow_tot_l4_data_len":474,"flow_min_l4_data_len":474,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":474,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":50,"flow_first_seen":1120469572844,"flow_last_seen":1120470509599,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":18492,"flow_avg_l4_payload_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1120470796804,"flow_last_seen":0,"flow_min_l4_payload_len":466,"flow_max_l4_payload_len":466,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":466,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01014{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470796,"pkt_ts_usec":804243,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"pkt":"ADBUADRWAODtAW69CABFAAHua6IAAIARFZ3AqAEC1PIhIxPEE8QB2h4sUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjg4NzQ2ODYtNDU1ZGJiZDkxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDEgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1120470796804,"flow_last_seen":0,"flow_tot_l4_data_len":474,"flow_min_l4_data_len":474,"flow_max_l4_data_len":474,"flow_avg_l4_data_len":474,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1120470796804,"flow_last_seen":0,"flow_min_l4_payload_len":466,"flow_max_l4_payload_len":466,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":466,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
01035{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470796,"pkt_ts_usec":941095,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDI4ODc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmU3Zjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
01298{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470814,"pkt_ts_usec":189540,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IjAwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="}
00794{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470814,"pkt_ts_usec":336427,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"pkt":"AODtAW69ADBUADRWCABFAAFKAABAADcRiuPU8iEjwKgBAhPEE8QBNvufU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMiBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyNzExMTE3NS00MzMwYzlkNjE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
@@ -52,9 +52,9 @@
00396{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470882,"pkt_ts_usec":727710,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"pkt":"ADBUADRWAODtAW69CABFAAAha9AAAIARFzzAqAEC1PIhIxPEE8QADcBLICAgICA="}
01830{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470899,"pkt_ts_usec":862890,"pkt_caplen":1118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1118,"pkt_l4_len":1084,"pkt":"ADBUADRWAODtAW69CABFAARQa9cAAIAREwbAqAEC1PIhIxPEE8QEPH6wSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjAyMzgyNzUtNDc4OTI3YmExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpDU2VxOiAyIElOVklURQ0KUHJveHktQXV0aG9yaXphdGlvbjogRGlnZXN0IHVzZXJuYW1lPSJ2b2kxODA2MiIscmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLHVyaT0ic2lwOjE5Mi4xNjguMS4yIixub25jZT0iMTcwMWI5N2I0ZWI2YzY2ZDY0ZDBiMjBmNWEwYmVmOCIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLG5jPSIwMDAwMDAwMSIscmVzcG9uc2U9IjBiNzk5MGJiMjFkNTU3MmQ2NTcxZTk3Yjk4YzZkNzBmIg0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9zZHANCkNvbnRlbnQtTGVuZ3RoOiAyNzANCkRhdGU6IE1vbiwgMDQgSnVsIDIwMDUgMDk6NTQ6MjUgR01UDQpDb250YWN0OiA8c2lwOjM1MTA0NzIzQDE5Mi4xNjguMS4yPg0KRXhwaXJlczogMTIwDQpBY2NlcHQ6IGFwcGxpY2F0aW9uL3NkcA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KQWxsb3c6IElOVklURSwgQUNLLCBDQU5DRUwsIEJZRSwgUkVGRVIsIE9QVElPTlMsIE5PVElGWSwgSU5GTw0KDQp2PTANCm89U0lQUFMgMjQ0NjY0MjIgMjQ0NjY0MTggSU4gSVA0IDE5Mi4xNjguMS4yDQpzPVNJUCBjYWxsDQpjPUlOIElQNCAxOTIuMTY4LjEuMg0KdD0wIDANCm09YXVkaW8gMzAwMDAgUlRQL0FWUCAwIDggOTcgMiAzDQphPXJ0cG1hcDowIHBjbXUvODAwMA0KYT1ydHBtYXA6OCBwY21hLzgwMDANCmE9cnRwbWFwOjk3IGlMQkMvODAwMA0KYT1ydHBtYXA6MiBHNzI2LTMyLzgwMDANCmE9cnRwbWFwOjMgR1NNLzgwMDANCmE9Zm10cDo5NyBtb2RlPTIwDQphPXNlbmRyZWN2DQo="}
00918{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470900,"pkt_ts_usec":37074,"pkt_caplen":437,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":437,"pkt_l4_len":403,"pkt":"AODtAW69ADBUADRWCABFAAGnAABAADcRiobU8iEjwKgBAhPEE8QBk5azU0lQLzIuMCAxMDAgVHJ5aW5nDQpBbGxvdzogVVBEQVRFLFJFRkVSDQpDYWxsLUlEOiAyNDQ4NzM5MS00NDliZjJhMEAxOTIuMTY4LjEuMg0KQ29udGFjdDogPHNpcDoyMTIuMjQyLjMzLjM1OjUwNjA+DQpDU2VxOiAyIElOVklURQ0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNClNlcnZlcjogQ2lycGFjay92NC4zOGUgKGd3X3NpcCkNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyMDIzODI3NS00Nzg5MjdiYTE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1120470985348,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1120470985348,"flow_last_seen":0,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00623{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":348411,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1120470985348,"flow_last_seen":0,"flow_tot_l4_data_len":180,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1120470985348,"flow_last_seen":0,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
00626{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":418358,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIa\/0AAIARFmfAqAEC1PIhJHUwncgAtL+rgAhvrwAABXg3lstxbmgVFGoUFBVpYG5qbG5kbGoWF2xubWBmfn9Fxsnw\/Ofz+uXwy\/H2z83k+sJTdF9CW\/bw8vzg7pfo8ldaT011Z399ZmV0dUN4S0dVQ2dmbWNsZGZkeGRvbxQUbBcRExAXEBwfHRAQFhAQHxwfGR4YEBcSFGxibWNqFRUXbmV3ckDQ93N9fmJnYmoVahcVZUNxWll+YGZ6cnJJZXpgeF1EQg=="}
00626{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":421891,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIa\/4AAIARFmbAqAEC1PIhJHUwncgAtNyMgAhvsAAABhg3lstxcX5wdtbF0Et0dn92T1BB0VhmZ2V\/Z294Y2ZmahQXFhQREBAVb2ZPemVlYWJoYE9\/YWZkcnV4bWwVFRVqZ2xpYn94ZmBnY2F0zfjXdmNiYXhveHJgaW5jUFlwZW1kYWdlamoREhAQEx4fHx0XahRvRl1F3V5ESdbQxFFR39TfQXR\/Z9L15ebs6JeW7+DslJOU6uqUn5CcnJKX+Ofs5+Hg6g=="}
00624{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":427557,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIa\/8AAIARFmXAqAEC1PIhJHUwncgAtJlvgAhvsQAABrg3lstxkpfo6Zfq5frn5uz6+sB4emFkcGBneMvv7+rslZHu5OLqkpKdkpCUlZGcnpuHh4GAgoODgYGGhoGBgIGDg4GAhoSFhZ6ZhYSFhYeHhoWFhICCgIOBmJyQnZ+Yn5CW6u7s6e7ol+ji7vrcWtzJ8\/Lz9ujq7u6XkZaWkZ2Ym5iFh4aGhZyemZ6fmZ+fk5OfhYeEk5STk5eU6fj3T1hDVM9BQg=="}
@@ -63,10 +63,10 @@
00629{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":466372,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIbAIAAIARFmLAqAEC1PIhJHUwncgAtKmigAhvtAAACJg3lstx5NneS0l8Y2kVYm9oFW9tbW1jZWRyc3hvZmpoaGpjaHpzTXRnen5Z2l1FzdHU0dvZy+zx3Pzm7peVlZeX7unjw\/P09\/Xz4fzz9c3C9uXl+vP2Wkl0aG1mZ0twR1TQWU1PflrBy\/PBR3BkZ2ZsZHN6YWRyeHXH4\/\/x8U1W\/Nb15ezv7pWRkJ2FmZubhYWEhZiZm4SFhISYnoWbhISbnJaXlw=="}
00627{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":504000,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIbAMAAIARFmHAqAEC1PIhJHUwncgAtLaDgAhvtQAACTg3lstx6urs5ueUkJOXlZGWlOyVlOD46O7hzXXbxsfz\/OLg5ufawPH4wk3N8Obu7+Pv6unk4fj\/29jZ1\/7l4+Ht7JOXlOrs4vPPUfVQz97J5fLjl5GXkpyRl+jqk5aQlero4uLh7+rslJfp6uP+9vbL+OLg5vj99\/LL9ub4+uTs6ZSVlJXp6Ojv7eqWkZOTnJORkpCTk5GXlpaRkJCW6erp7JWXlw=="}
00627{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470985,"pkt_ts_usec":511036,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"ADBUADRWAODtAW69CABFAADIbAQAAIARFmDAqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/PyVkZKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6ZaQnZ6EhJuFh4WFmYWYk5+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00531{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1120470986,"pkt_ts_usec":363611,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"ADBUADRWAODtAW69CABFAACEbAUAAIARFqPAqAEC1PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAA="}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":34,"flow_first_seen":1120470796804,"flow_last_seen":1120471094413,"flow_tot_l4_data_len":15827,"flow_min_l4_data_len":13,"flow_max_l4_data_len":1084,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_tot_l4_data_len":1620,"flow_min_l4_data_len":180,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","ndpi": {"proto":"RTCP","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"sip.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1120470986363,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":34,"flow_first_seen":1120470796804,"flow_last_seen":1120471094413,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":15555,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test"}
diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out
index 2b786960e..5b6c812cc 100644
--- a/test/results/skype-conference-call.pcap.out
+++ b/test/results/skype-conference-call.pcap.out
@@ -1,7 +1,7 @@
00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype-conference-call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1501061916646,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1501061916646,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":646303,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="}
-00587{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1501061916646,"flow_last_seen":0,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":112,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00599{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1501061916646,"flow_last_seen":0,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00549{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":653642,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="}
00503{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":690803,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"}
00503{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":708119,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"xCwDBkn+XEl5dU5qCABFAABkRTcAAG4RtDZoLigxwKgCFOziwIIAUMppAQEANCESpELFWk\/f3gwyXjBMYMcAIAAIAAHhkH7lJQGAcAAEAAAAAwAIABQrKEEJgBBMTTHUJMwo4kS9VvHVU4AoAARKHr2N"}
@@ -16,5 +16,5 @@
00583{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":808770,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"xCwDBkn+XEl5dU5qCABFAACbRTsAAG4Rs\/toLigxwKgCFOziwIIAh3g4gMkABgAAA+kozqPuZhFQtvXYhXLU9laq6VpMsxyF5TyhbvlCVt7zAQFZOlRbxtk69tkjpENIlvzMKACC+zjGaufaaX4NQvZmRVnu7CWMI45MVTTEiJyIi0Y0uEFenTy\/eoe7G29X6WGy1lhMaBQE7oAAAAsBKpMsVI2YWnKXTg=="}
00585{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":808981,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"xCwDBkn+XEl5dU5qCABFAACbRTwAAG4Rs\/poLigxwKgCFOziwIIAh7GygMkABgAABE31YJhxpeEStx\/Non2Hw9ODhjn1nPI6twAa6v4TPbXALXJS4WDhGnHiGs7M0q1LV5JIhmLN19a4UZ2oNcceD7gcC6\/hlfHMoWziriN+88lO8+6FVpNUywPwW580clvLUe3t1RqG\/Q2pUoAAAAwB9dds5qvBKmJN+A=="}
00585{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype-conference-call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1501061916,"pkt_ts_usec":809040,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"xCwDBkn+XEl5dU5qCABFAACbRT0AAG4Rs\/loLigxwKgCFOziwIIAh3lxgMkABgAABLEYhveI+TJqXoNflKzETGTrRbw2whOI8HHGZ9H1FnMJe5bOVFI65E6c22uJfv\/qd5toD\/qg2AhULgiZ0dL4yqWJoA7uey4F0+\/ntXNU1VN2Qkq5FFOEjp3tzTNRRgKcJLBlUIvR1ZSm7IAAAA0B0DttNZRbKmPtmw=="}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_tot_l4_data_len":32887,"flow_min_l4_data_len":40,"flow_max_l4_data_len":923,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00142{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test"}
diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out
index 9d7a3e8c9..dbb67a3d2 100644
--- a/test/results/skype.pcap.out
+++ b/test/results/skype.pcap.out
@@ -1,53 +1,53 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431969641947,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431969641947,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969641,"pkt_ts_usec":947863,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431969641947,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431969641948,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431969641947,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431969641948,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969641,"pkt_ts_usec":948058,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5KYAAEAREpPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431969641948,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431969641948,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":87132,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDTB0AAEARqxnAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":87286,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDfx0AAEAReBnAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431969642244,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431969642087,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431969642244,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":244935,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7CqYAAEAR7JjAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
-00631{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431969642244,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431969642247,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431969642244,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431969642247,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":247578,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7ECYAAEAR5xjAqAEiwKgBAf+SADUAJwCOlegBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
-00632{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431969642247,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431969642318,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431969642247,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431969642318,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":318375,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"0NQSxnP1PBXCt3IOCABFAABE3usAAEARGErAqAEiwKgBAfpVADUAMOQoL9MBAAABAAAAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431969642318,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431969642334,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431969642318,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431969642334,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":334003,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAnAAAEAR9LLAqAEiwKgBAeU5ADUAQzJbSPEBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431969642334,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431969642336,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431969642334,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431969642336,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":336869,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5NNAAEAGc8HAqAEiQTffIcNqnEKAlL6TAAAAALAC\/\/\/spQAAAgQFtAEDAwUBAQgKPiKLPAAAAAAEAgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":337189,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+t\/gAAEARP0PAqAEiwKgBAcKBADUAKu5ghe0BAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAAAEAAQ=="}
-00635{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":337316,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+EyEAAEAR5BrAqAEiwKgBAf4VADUAKsDYd8YBAAABAAAAAAAABGRzbjQBZAVza3lwZQNuZXQAABwAAQ=="}
-00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431969642337,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn4.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00465{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":376469,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+lUAQEJvL9OBgAABAAEAAAAABWU3NzY4AWIKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAQABBffSSI="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431969642376,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e7768.b.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.223.73.34"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431969642376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":376823,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw0tAAEAGVKHAqAEiF99JIsNrAbvkkjeSAAAAALAC\/\/9pYAAAAgQFtAEDAwUBAQgKPiKLYwAAAAAEAgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":398350,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKxdsAAEARMVTAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":398483,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKPqUAAEARuIrAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431969642398,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst6.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00560{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":400867,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA15TkAhAy4SPGBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAArBADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":67,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00434{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":433995,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGIPEX30kiwKgBIgG7w2sxgMP95JI3k6ASOJD6qQAAAgQFrAQCCAr301nQPiKLYwEDAwU="}
00423{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":434069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zNJAAEAGSybAqAEiF99JIsNrAbvkkjeTMYDD\/oAQECxRlwAAAQEICj4ii5z301nQ"}
00685{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":434817,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADz+0lAAEAGG\/DAqAEiF99JIsNrAbvkkjeTMYDD\/oAYECz3GAAAAQEICj4ii5z301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_tot_l4_data_len":339,"flow_min_l4_data_len":32,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431969642444,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1431969642376,"flow_last_seen":1431969642434,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skypeassets.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431969642444,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":444382,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ldAAEAGhorAqAEinTh+08NsAbvs\/oHsAAAAALAC\/\/9bSwAAAgQFtAEDAwUBAQgKPiKLpgAAAAAEAgAA"}
00433{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":469363,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYZlBN98hwKgBIpxCw2oyvdjRgJS+lKASOJDQnQAAAgQFrAQCCApNl5tJPiKLPAEDAwk="}
00421{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":469425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MzFAAEAGJXDAqAEiQTffIcNqnEKAlL6UMr3Y0oAQECwnRgAAAQEICj4ii75Nl5tJ"}
@@ -55,7 +55,7 @@
00430{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":519540,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4WGRAAHYGzoWdOH7TwKgBIgG7w2wloWLk7P6B7ZASIACkPAAAAgQFrAQCCAoZLBplPiKLpg=="}
00427{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":519606,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00kpAAEAGiqPAqAEinTh+08NsAbvs\/oHtJaFi5YAQ\/\/\/eqAAAAQEICj4ii\/AZLBpl"}
00558{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":548365,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"0NQSxnP1PBXCt3IOCABFAACSMcdAAEAGKsnAqAEinTh+08NsAbvs\/oHtJaFi5YAY\/\/9NyQAAAQEICj4ijAwZLBplFgMBAFkBAABVAwEgtkKG+1toLI7mzUNcQhv4\/5ujub1OOHHUzm\/nOhDVwQAALsAKwAXACcAEwAfAAsAIwAPAFMAPwBPADsARwAzAEsANADkAMwA1AC8ABQAEAAoBAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":32,"flow_max_l4_data_len":126,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1431969642444,"flow_last_seen":1431969642548,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":578563,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0X1hAAEAGuKDAqAEiF99JIsNrAbvkkjhSMYDD\/oARECxQSQAAAQEICj4ijCr301nQ"}
00421{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":599415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Q7tAADcGHeZBN98hwKgBIpxCw2oyvdjSgJS+zYAQAB02+wAAAQEICk2Xm2o+Iou+"}
00558{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":607645,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"PBXCt3IO0NQSxnP1CABFAACWQ7xAADcGHYNBN98hwKgBIpxCw2oyvdjSgJS+zYAYAB083AAAAQEICk2Xm2w+Iou+CdMT1UPQKox859yHIz6o0HUYFajlOiLQWTdPoYnrUXixya2Pp2zpzSU+jOImqOecY7jJZh9E5dKbkMH+15xd6tNouZaP9NUCC0CxLkdMTRpDGKnG\/6TFMnvwoV63\/D1Ks8g="}
@@ -66,31 +66,31 @@
00426{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":630945,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0anpAAEAG8nPAqAEinTh+08NsAbvs\/oJLJaFomYAQ\/\/\/YHwAAAQEICj4ijF0ZLBpv"}
02372{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":708091,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"PBXCt3IO0NQSxnP1CABFAAXUXR9AAHYGxC6dOH7TwKgBIgG7w2wloWiZ7P6CS4AQ\/SBcLgAAAQEIChksGng+IoxdUYsZAArswT+sVYDe4\/s+octFa5f5NraUxxncYJ0H1DXox59A2Fq5VISuVN85wP2CCUyU9Jri0W12MS8UHhofDtCC\/aeGWq+l6J+nD16R4eDapUlNB52CJOmfvVeyYhEr\/aSkyh+x5qntiHPmxNL4oQ4t9q9cRGg37NGw4W3v7gKUqZA7GOEtfs7ndzQKvfITYRFhRXtB+Geyc8SVWiWlBbePlt40Z9Mwm7DPu0JToThROvr07EpvaNHsDj+sfl4\/ssqhJPAoVfz0wWGwi\/ByYUJT0t+8BVptm\/HAUYoi\/0PQFRMfymq9Y999sgymNr6YwPYzcm66fQL57hVd+E\/NpGuAwv\/j4I98bfIb7cS26RkUtr41mvTduUpwXz6HZnONvg3rFQ55MtL0jpv\/5T2PNTkmAFhF5Csuvsme4bvtShQRBEmXn48raUgx6y\/5XH7Pm2hyngLVzMnjf+Ej0KsCBNhIlshCh7AABeUwggXhMIIEyaADAgECAgQHJ6pHMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTQwNTA3MTcwNDA5WhcNMTgwNTA3MTcwMzMwWjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgU1NMIFNIQTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDR6DendopwSxnwIDcJJDd\/6vt45gW6aq1OJw38cmrZbCHEZBGVcxAKXCV7iGyUBP3H26573EoIsz4W8dCt2zBt1xoeUrU98EcZA+J9pr1XEz9U6jqjsXf8QvBjSWqRgC4wScCK6yuv\/jrrB10G9+n9hA6RvQkgKehuXQnOFdPn79tQ60TvGFerBB28Mfn3eyoTz9E9Ua8bxbV757D8U7ua52PeQTO2RyRpXbhGp\/+tq99PenglJyEmNMoCbjdR8O1YGmCU9sST2N0wJCXXHOsZlDVdk7KuqimDc8R0WQVSZ53aZ1E5BTo26vIedisUruw9+RSZiwduvOcMVt6svq7bdTKQnmO9dL\/gCsr4NJZnhM3RQjh4x5m2DM62D+kby\/RZvhEOyywyyPqDKWR5PItL8DJ0bPOTuJZrXVdaaMHMDHmKGd71SQJeCIABiQwyzdLWltVLoPPsv6v0fbOhuXzaTtflt6y58iVfAcuMlqgorsEzWvY\/CJDc6\/852CbIEp0cmqqpwBaOhu1nUpYAfw2SPT3ZcDbl6kJvH66V5Vtd+NA6x9Ted4bQ\/J5O4uK4qWg3CcQ544W4ifMfbrdtH0ovGAlv3koBjxTJt6bup2OfM6RUfEKDaLil37\/suRpdEzvZrWj9IApVkSFk+dcTAaAIXVmJG0SvpKzHBRD6QUqo+wIDAQABo4IBezCCAXcwEgYDVR0TAQH\/BAgwBgEB\/wIBADBgBgNVHSAEWTBXMEgGCSsGAQQBsT4BADA7MDkGCCsGAQUFBwIBFi1odHRwOi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeS5jZm0wCwYJKwYBBAGCNyoBMEIGCCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL29jc3Aub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUF"}
01505{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":708318,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"pkt":"PBXCt3IO0NQSxnP1CABFAANSXSBAAHYGxq+dOH7TwKgBIgG7w2wloW457P6CS4AY\/SCFTgAAAQEIChksGng+IoxdBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NkcDEucHVibGljLXRydXN0LmNvbS9DUkwvT21uaXJvb3QyMDI1LmNybDAdBgNVHQ4EFgQUUa8kJpz0aCJXgCYrO0ZiFXsezKUwDQYJKoZIhvcNAQELBQADggEBAGli9oSRAMRvgnsk4UKipYuCXKfFRMvnUnZj03aeeOJpNbE4urCWxh+se8ayZXeLfY2uZLmljBfKWGXDrYL1xaL1AROTxn5E5cRh+gO2VsFy4cgoxWkhj6xu\/X9Dgza4wNagKP4aRb79k4yNpGR5HxTboZ8h3MBOexciF7G2PNOb4gqjfpmwwazY9IbfPNp9FJxAwXzSGG\/xTyZFCZWUXNrQmPj0TIKWEN6sMMsrrvmS6r95A\/weP6wJpD9l\/ZFPliSnzrROapYpF67AqN8XIvQX49wcOQZWEOrqtXQXPE7dfpEKqAt4B6cxRAgxqxiEDxKc596ELOltk0W\/qME\/NNwMAAFnAwAYYQTTN3+FNDwR9eQeYOtvGQZc+LyhevxS5+nlWdkwyQdoN8m1+2TrSW23TxxjbLbMZoXA+i+E6BgARpsJXZy4miOppb32qv9x1t203eD1ERk7k5Ne4\/vHdrClQby6SNFwJX8BAATxuL0lrQIrFkTOmrS5j4SkOHuGFL5IcHjsIYlkHJlCypJxNDdccJhYLSmDWKENgzEzPLuBRlhOVXExXlaXjd68azcrncuOeSNLeJs78eJnyzYwueBV344\/vv\/bXNO4NZWFimC\/F4mVSiKEMCm7MyjsWpHZmcyKExChenvC0DW6ATJpMz1P4puTiXvc\/8vEV+pCUBOhRwLMvD9W3q3uRUvG3vg3vVjajv+Btk1AKLdhZaRe4JLk95s\/SEkzGRiWE3FMms62iGDeJkFoWMbc9BW\/F7T0cbGYU\/g91JLgrFBNmNc8lbhf\/w7YDwyAohQfhUNLqcaoLYvKXuoozmjbQcIOAAAA"}
-01184{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_tot_l4_data_len":4096,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":455,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","issuerDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
+01195{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":9,"flow_first_seen":1431969642444,"flow_last_seen":1431969642708,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","issuerDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
00427{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":708360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08wdAAEAGaebAqAEinTh+08NsAbvs\/oJLJaFxV4AQ\/\/\/PCwAAAQEICj4ijKoZLBp4"}
00575{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":721022,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"0NQSxnP1PBXCt3IOCABFAACfLVVAAEAGLy7AqAEinTh+08NsAbvs\/oJLJaFxV4AY\/\/8rtQAAAQEICj4ijLYZLBp4FgMBAGYQAABiYQSjw7rH0spJ7j8GLYCMheRZGMxZ3\/fgvwjIxHOMZDyj1laQGsIe8lJQFXSsShMnTlSuvrtrEr4fnpODoiXtT2hGPxMrjRFBdsir\/yXczKkdYM+WfvMDNhZibmcCg77lKAQ="}
00685{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":811199,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADz0jBAAEAGRQnAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECz1pAAAAQEICj4ijQ\/301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431969642969,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431969642969,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969642,"pkt_ts_usec":969264,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6a7MAAEARi4zAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00631{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431969642969,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431969642969,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00422{"flow_id":15,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":9186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0ZFRAAHYGwpmdOH7TwKgBIgG7w2wloXFX7P6CtoAQ\/LXRwAAAAQEIChksGpY+Ioy2"}
00508{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":9234,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"0NQSxnP1PBXCt3IOCABFAABvm8pAAEAGwOjAqAEinTh+08NsAbvs\/oK2JaFxV4AY\/\/\/bRAAAAQEICj4ijdQZLBqWFAMBAAEBFgMBADDh1P2DFckZhZIzor4Rd7jotjMfxJZ2UzpT6K+Q5gEAtsfbN\/CWzx7cD1P81jQ1G+s="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431969643037,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431969643037,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":37502,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"0NQSxnP1PBXCt3IOCABFAABEXycAAEARmA7AqAEiwKgBAcqnADUAMDQMD6ABAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431969643037,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431969643037,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00436{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":44621,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjuUAAEARaFTAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00436{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":44901,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZzYAAEARkAPAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00465{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":92602,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1yqcAQLnbD6CBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAgABBfOIaY="}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
00509{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":92605,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"PBXCt3IO0NQSxnP1CABFAABvZhBAAHYGwKKdOH7TwKgBIgG7w2wloXFX7P6C8YAY\/HoykQAAAQEIChksGp0+Io3UFAMBAAEBFgMBADAEIZ9QnHrxVn\/WY8oun0Tyt3xxzcNsOk\/T+WDRxQ8\/8kzjS7L\/TKzBpAcOCtF1Dsw="}
00426{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":92714,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EOJAAEAGTAzAqAEinTh+08NsAbvs\/oLxJaFxkoAQ\/\/\/MiAAAAQEICj4ijicZLBqd"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1431969643093,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1431969643093,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":93209,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAi9JAAEAGs6fAqAEiF84hpsNtAbuewXptAAAAALAC\/\/+RHQAAAgQFtAEDAwUBAQgKPiKOJwAAAAAEAgAA"}
00434{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":138907,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ThhAAEAGCoHAqAEiQTffIcNqnEKAlL7NMr3ZNIAYECi\/vwAAAQEICj4ijlRNl5tsq7xG5CK7Tso="}
00434{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":139721,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w20Yoc3insF6bqASOJBNnAAAAgQFrAQCCArsLkk6PiKOJwEDAwU="}
00422{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":139799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z0xAAEAGcDnAqAEiF84hpsNtAbuewXpuGKHN44AQECyklQAAAQEICj4ijlTsLkk6"}
00675{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":140579,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtyndAAEAGdFXAqAEiF84hpsNtAbuewXpuGKHN44AYECz6mwAAAQEICj4ijlXsLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1431969643093,"flow_last_seen":1431969643140,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00442{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":186457,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDNYcAAEARwa\/AqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
00441{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":186535,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABD3H8AAEARGrfAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
00433{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":343162,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7eVIAAEARfezAqAEiwKgBAdR8ADUAJ+nL8sABAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
@@ -101,15 +101,15 @@
00675{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":477980,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtA4pAAEAGO0PAqAEiF84hpsNtAbuewXpuGKHN44AYECz5TAAAAQEICj4ij6TsLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00455{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":486691,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1twAAEARIFPAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="}
00455{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":486838,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKJUgAAEAR0efAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431969643944,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431969643944,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":944313,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYXlAAEAG9xvAqAEiQTffIcNuAbtcUOQ7AAAAALAC\/\/9\/kQAAAgQFtAEDAwUBAQgKPiKRcAAAAAAEAgAA"}
00676{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":954910,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtWwFAAEAG48vAqAEiF84hpsNtAbuewXpuGKHN44AYECz3dgAAAQEICj4ikXrsLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431969643971,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431969643971,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":971809,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLW5oAAEARm5TAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431969643971,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431969643972,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431969643971,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431969643972,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969643,"pkt_ts_usec":972025,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe5YAAEARe5jAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431969643972,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431969643972,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00433{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969644,"pkt_ts_usec":2391,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8sH5AAEAGqBrAqAEiQTffIcNqnEKAlL7NMr3ZNIAYECi8awAAAQEICj4ikahNl5tsq7xG5CK7Tso="}
00430{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969644,"pkt_ts_usec":54609,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xBwAAEARMyPAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00437{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969644,"pkt_ts_usec":55126,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXA0AAEARmyzAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
@@ -151,9 +151,9 @@
00457{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969647,"pkt_ts_usec":671666,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK\/BoAAEAR+xTAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="}
00456{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969647,"pkt_ts_usec":671738,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKCvMAAEAR7DzAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
00431{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":100710,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6q30AAEARS8LAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431969648258,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431969648258,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00788{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":258514,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/AooAAAQRAYTAqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431969648258,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431969648258,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00811{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":274375,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRAosAAAQRAXHAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"}
00883{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":291079,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHAowAAAQRATrAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"}
00876{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":308077,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"pkt":"AQBef\/\/6oPPBbTu2CABFAAF\/Ao0AAAQRAUHAqAD+7\/\/\/+gQBB2wBawDYTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6TGF5ZXIzRm9yd2FyZGluZzoxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6TGF5ZXIzRm9yd2FyZGluZzoxDQoNCg=="}
@@ -168,7 +168,7 @@
00686{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969648,"pkt_ts_usec":818803,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADz9gZAAEAGITPAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECzeeAAAAQEICj4ipDv301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00455{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969649,"pkt_ts_usec":180236,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLCHYAAEAR7rjAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00455{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969649,"pkt_ts_usec":180374,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLh8wAAEARb2LAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1431969649862,"flow_last_seen":0,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":309,"flow_max_l4_data_len":309,"flow_avg_l4_data_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1431969649862,"flow_last_seen":0,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00802{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969649,"pkt_ts_usec":862353,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJCUdAADQGY89soKouwKgBIgG7wSW4YeeiqCbN0IAYAEgh+QAAAQEICmF6dG0+IfU9FwMBARD7Uh6I13FzmcC+6gIV5n6AJhrBsHNwxcug1X4hBQozb5rifdWfxFgx5N7\/STRCna2lXcJzFlsdHwFqwb5pWB6kc7KLSFtZJ1+xqs\/LWpjXKXVYWA3FemYFVDyRXOngCpgT23pGW6q+fdoixXKwG46vp4NCAhC8D9JiN3KitsOr260NevBFtGudn3qUJfX\/3DhGLatA0j+U2CwrLM6DTOg9xpgfiq+azd0+zhMP0HAm0WOjBrmnGfTNcgHh+iJmkjL5sJ7TuSOU5HIOWUg6nL2f38I4\/Fmt1UsWozkMatK9FYjzbVIEXXgeh7hu8fTbVAUDu9Avc4N0XIcK0QG830wTIghFDiessVKi+sWFRr4k9g=="}
00424{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969649,"pkt_ts_usec":862431,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05cZAAEAGfGTAqAEibKCqLsElAbuoJs3QuGHot4AQD\/f34wAAAQEICj4iqE1henRt"}
01726{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969649,"pkt_ts_usec":865108,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"pkt":"0NQSxnP1PBXCt3IOCABFAAPu\/qxAAEAGX8TAqAEibKCqLsElAbuoJs3QuGHot4AYEACQpAAAAQEICj4iqE9henRtFwMBACCGlFiiXnGNbnUA8eFNVg97y26hgjzRrXr8V0YtIj6nMBcDAQOQKBOjiVJxpWdYeLLT\/Xbro3HQPBzjJPC4nFo8EDiP\/qwXTbKKHYw0zh5BjL36gX1CXDX+RahFJG73NIEjJWIM604+RslBUiVdP7BtOTwH9Na9fDbxf2Np60NBtc7IDn0njVPn\/OQFpDztHwH7ReKVzxI3mekCkJeQu5frlXMtzYs\/A6\/788RG\/9eQL\/SpUlGx+OzCYIvqD3TfRfjbcI0rUIMK13b81m\/QfwBa7fmPZMBLpKLV+owE6zVvsZhb2YounO4vXImcKbLXc+pHduRZUFgR7JTndx4BwWKNOeOJb0lOXmVFpPD2t5ChyQpB8B7yAVMimVYrMkRjOI+yOmuEWzpBBb71HAu2RXfIAr1ik+\/qd4k78SdOCRVzA9X9FlfHQtMw2+\/RMHqj5tfPuEb1dJqljOBer+yTyAiFyXzsxxDLI9ugRcdcvYukWjNLVzxsQTVIpyochPhHmfXZ5n\/eZ4dJphlsEijiHWw2q71oBZmMc5GGD6vO7ZjLO3AJWFPWmwoscaJzsLs58ocuQ2qdcOCA7GGVHN\/ijVl75hciIPcfOvLZ6urcFhUq1WWuqtEbVnfmbri38YkIXbc7ejHLENq2QCqsgj5enMQz75I2\/pet\/YCSsRs1eqVYMNg8xjXCKqSJQl62\/bTcGsNwyoxippOcJq8VpG7H7Fvy+AXb68gGTkeGTRQKqtF74u9vbasRDNwPq8\/DPKRvzqNHk914l9uHQ2AKRiwOC\/bnlDR9ocQFekQhsprf\/xDrXO7tscQNAKBRL+tD76zQwjIPz3PJEHN3Pc+QE5WHu5rFSvvxfz\/Z2\/HSf2Um2ZE3koBnXh0ea61MNA9NADFAPSD8Z5NIyJgusH5hoNWKXVoIkzU5GHgbwG14JuajpHBJlMNEXsfmLLVK9oYSSz6nK+qKkyM3mC7X8XBCMQsh\/0ouHgH6HndraUIKsjtp3JPkKjI4aYdJ0qIoz0PG\/x3wOUA4h1YDaa67wXVn4YAKaKBMtrlL40SzVa5Z91cUYV13ZvBCGjlszRtWPZdtD1L\/SaFfIp1tQJKNS\/3Rzkx+IjbAX1llTBgWy3mJMF73JAKDegzbMvdSvKJ6AUv810GsIeQ99gKRkiy\/yhCs7P73CjnzDITEbSmsOsmYIQAoX97vBTFy0OqF392JfqJYzpguRdJo39kQQV95yc415TouOPz9jkaLSSogaYBmY8ija5cax3+df915"}
@@ -188,104 +188,104 @@
00679{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969651,"pkt_ts_usec":834755,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtGdtAAEAGJPLAqAEiF84hpsNtAbuewXpuGKHN44AYECzY8QAAAQEICj4ir\/\/sLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00455{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969652,"pkt_ts_usec":268972,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQykAAEARtAXAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00455{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969652,"pkt_ts_usec":269113,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQawAAEARtYLAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969652,"pkt_ts_usec":367075,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qlYAAEARtuTAqAEiQAQXpjLdnFYAKjPsm5AC0vz7eA6m1WQz3XSdSXIE0xPsZ0Mgdb244ufZVMBp9g=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00686{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":119942,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADzP99AAEAG11rAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECzNsAAAAQEICj4itQP301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":376411,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4KG4AAEARcKrAqAEinTeCmzLdnFQAJDcMm5ICyNK5iZjkkcxv0MQR2rwmgaeyTFibCj82iA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":376411,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6eUkAAEARgjTAqAEib91NjjLdnFcAJt55m5QCPbPKJuLeDOim50Iw20p93HTUvcQYvwIjUtlP"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":504,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":376578,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/jgcAAEARcPDAqAEib91KDzLdnFgAK3qlm5YCVGMQ34A4D4rgbT25j64U\/rdJx+5zd3Em6+QXhoxyxA8="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":376578,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5a+4AAEARkvDAqAEib91KLjLdnFsAJRNlm5gCrA8YBMpkQAilpoWSkSOFSSJ7mpap5i7P8hQ="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":376578,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K\/cAAEARbLHAqAEiQTffDzLdnFoAIDycm5oCpFKxpTcQMqT3s1qudFIeHwatW0Yo"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00435{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969653,"pkt_ts_usec":798202,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8cW5AAEAG5yrAqAEiQTffIcNqnEKAlL7NMr3ZNIAYECiWawAAAQEICj4it6hNl5tsq7xG5CK7Tso="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969654,"pkt_ts_usec":389094,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2YJcAAEARmtjAqAEib91NoDLdnFwAInstm5wC0d61W0FRabgFV8W1nkBP2OEpO4vgeHY="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969654,"pkt_ts_usec":389095,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYWsAAEARhiPAqAEinTg0HDLdnEkALM83m54CE+gbUNd25CDT9n3foWmJBdcqOFnduxapZrLe74dYiza3"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969654,"pkt_ts_usec":389222,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwK8AAEARb0vAqAEinTfrsDLdnFYALGUnm6AC1ZExgfTg8R8Kk2ngcBhiodhOGddomI+8IvUKr50t+FQG"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969654,"pkt_ts_usec":389223,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ttcAAEARMM7AqAEinTg0DzLdnFsAIgnVm6IClklzvpwg0J9RRu2barB5pBf+dP\/198s="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969654,"pkt_ts_usec":389223,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6uggAAEARpzfAqAEiQAQXpTLdnFQAJvWzm6QCh3CXl6XGrqArz4Fq72vdiruIePdvscfnf8nL"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969655,"pkt_ts_usec":399908,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+KmIAAEARBSXAqAEi1cezljLdnEQAKk92m6YCxHNRXNt6saUbXJuaVxAVloiUB3Kd06UQ7eXoZ8Yw\/Q=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969655,"pkt_ts_usec":399908,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAysnAAAEARTIvAqAEib91KGDLdnEEAHsG9m6gCfNYVHSc6jWjicVy5t1mw5NpUpQ=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969655,"pkt_ts_usec":400081,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FyIAAEAR57bAqAEib91KMDLdnEgAKadmm6oC656jqkVeUmOjjlOF7oTonkHhDKTP6NWeDWkwfWY5"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969655,"pkt_ts_usec":400081,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4PBwAAEARwsfAqAEib91KKjLdnFgAJKhzm6wCYALzkzdu\/LrNPcT4NWmc+JYpVJ3L9m5YbQ=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969655,"pkt_ts_usec":400081,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1xDsAAEARa1jAqAEi1cezkjLdgQkAIXwbm64C\/E7GKHTAnqTXhScHNyy9JU+1q7MSwg=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":410462,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8yZkAAEARz2bAqAEinTeCrzLdnEYAKHoim7AC0Uz4eUhtRx+U2n96ruKge0mKrTm6r7jfF82JDy4="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":410539,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+lOIAAEARTinAqAEinTc4ojLdnEQAKlJUm7IC63nFT7uUV5k0L358bPvax6aIijF38KySzDuXwNYHgA=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":410539,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA43x4AAEARCHPAqAEinTg0ITLdnEsAJM3am7QChNdFtOWmIsBdiMlrk7loIt\/AHz17BjRqJg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":410553,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAA\/QAAEAR92XAqAEib91NrDLdnEoALEKJm7YClKE3lTfT0DUQisSOS4KG\/La+hJBP5DfxaCwxffHTvFZU"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":410568,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1zB8AAEARzPbAqAEinTeCoDLdnF0AIXcUm7gCbIFVwo6Azkv+1yCNquXcTTuKbOiUHg=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01080{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":652360,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISRnsAAEARcJbAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01076{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969656,"pkt_ts_usec":652710,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISynkAAEARKfDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01079{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":29199,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISvf0AAEAR+NnAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01075{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":29887,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISJhIAAEARzh3AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367363,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGANAAEAGj4bAqAEinTg0LMNwnGCx3l8+AAAAALAC\/\/8vJgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367596,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2l9AAEAGyKzAqAEinTc4qsNxnE+r6BKEAAAAALAC\/\/99aQAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367809,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwhRAAEAGlxXAqAEinTeCjMNynGH\/hzWiAAAAALAC\/\/+8tgAAAgQFtAEDAwUBAQgKPiLFlwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367969,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/NlsAAEARxRrAqAEib91NkTLdnFsAK6mBm7oCyq7Iy7cmxwvThWDRoZOMl0+28C1BuPbRnMjSw2j4JUc="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367969,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA27UQAAEARdBjAqAEiQAQXjDLdnEwAIlR2m7wC9vRcAIihDfXYF+Nv6Z8h\/1gxupEorwc="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":367982,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4fm8AAEAR4uHAqAEiQAQXljLdnEQAJKG2m74ChlnucS6od9D4320Ts5x3xY96lsRHLX7REg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":368015,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0lqwAAEARaEzAqAEib91KGTLdnFwAIDPbm8ACFZDv7jAw6LF020D2sIW\/RLlBE6QH"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":368032,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5GS4AAEAR4kXAqAEib91NmTLdnFgAJQIPm8ICkS16B313b791pcC\/iQ60uf4KWNmYdYf5eCQ="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00423{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":421051,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EVBAAEAGR1HAqAEiQTffIcNqnEKAlL7VMr3ZNIARECjsdAAAAQEICj4ixcxNl5ts"}
00424{"flow_id":19,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":421113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H49AAEAGORLAqAEiQTffIcNuAbtcUOSfLmGB64ARECzffQAAAQEICj4ixcxNl50C"}
00436{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":498063,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYi6dN4KMwKgBIpxhw3JnDsNv\/4c1o6ASOJAm+AAAAgQFrAQCCApOvfTqPiLFlwEDAwk="}
@@ -312,23 +312,23 @@
00435{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969657,"pkt_ts_usec":791788,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8X2JAAEAGSCvAqAEinTg0LMNwnGCx3l+sHyRlkIAYECltgQAAAQEICj4ixzpMZC+5IVzDseW9I30="}
00436{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":162892,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA88jpAAEAGZvPAqAEinTeCjMNynGH\/hzYDZw7DuIAYECnhlQAAAQEICj4iyK1OvfULJJFwCjegzGQ="}
00435{"flow_id":50,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":218742,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8EC9AAEAGkuHAqAEinTc4qsNxnE+r6BLEPu7rjYAYECq3pwAAAQEICj4iyORNea2iMpsmfs9xo5c="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376019,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQSRAAEAGrlLAqAEi1cezr8NznFXnJeTHAAAAALAC\/\/+4YAAAAgQFtAEDAwUBAQgKPiLJgQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376335,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QmIAAEARVi\/AqAEiQTffJjLdnE8AIJ1Im8QCCqRVDPPz90033q\/EDoSNqvvC54ua"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376365,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+eZEAAEARtmzAqAEinTfrrzLdnEgAKiUSm8YCMvX5DXLyjY07d4zs9r3Rfjeqbt6RlQe5nLyOBDZmjA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376366,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+H6wAAEAReNbAqAEiQTffKzLdnEIAKjdVm8gCRata2g4WRHPEL7\/NhH8e4p0ZaFQg5mWNPjrWv1AvJA=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376488,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4T0EAAEARk9HAqAEinTc4oTLdnEwAJGHem8oC2K8VAwXZ2I4FcvndU1pGdzS9eSLWH0xc+w=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":376526,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4VhMAAEARqOnAqAEib91KETLdnFYAJFy+m8wCfUg82Gg6DnsozSUd0tlDoiZPS7EFljPm7g=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":463921,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxVw3Nt\/WNx5yXkyKASOJA3OAAAAgQFrAQCCApO2zlGPiLJgQEDAwk="}
00423{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":464004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kRFAAEAGXnHAqAEi1cezr8NznFXnJeTIbf1jcoAQECyOCgAAAQEICj4iydlO2zlG"}
00490{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":464553,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"0NQSxnP1PBXCt3IOCABFAABkvFZAAEAGMvzAqAEi1cezr8NznFXnJeTIbf1jcoAYECzdMwAAAQEICj4iydlO2zlGUyU7cFcUPq3639jExXXe2rp6QwLRh9WNc6p+6woeVCkt2aXhyDUzLR\/RObUkbNHR"}
@@ -338,11 +338,11 @@
00423{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":535070,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Gy9AAEAG1FPAqAEi1cezr8NznFXnJeT4bf1jqoAQECqNRwAAAQEICj4iyh5O2zle"}
00436{"flow_id":57,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":535622,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8yIxAAEAGJu7AqAEi1cezr8NznFXnJeT4bf1jqoAYECrpyQAAAQEICj4iyh5O2zlegPUYPB\/96j4="}
00436{"flow_id":57,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":977400,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8JSJAAEAGyljAqAEi1cezr8NznFXnJeT4bf1jqoAYECroDwAAAQEICj4iy9hO2zlegPUYPB\/96j4="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431969658978,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431969658978,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":978927,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyihAAEAG3WDAqAEinTg0LMN0AbuAxvN6AAAAALAC\/\/9gYQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431969658979,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431969658979,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":979059,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAnpdAAEAGBHXAqAEinTc4qsN1AbtlArMMAAAAALAC\/\/+4FQAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431969658979,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431969658979,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969658,"pkt_ts_usec":979286,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABACelAAEAGT0HAqAEinTeCjMN2AbvInJj+AAAAALAC\/\/8kpgAAAgQFtAEDAwUBAQgKPiLL2QAAAAAEAgAA"}
00436{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":21373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8GolAAEAGPqXAqAEinTeCjMNynGH\/hzYDZw7DuIAYECnePwAAAQEICj4izANOvfULJJFwCjegzGQ="}
00434{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":57584,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8kv1AAEAGFJDAqAEinTg0LMNwnGCx3l+sHyRlkIAYEClolAAAAQEICj4izCdMZC+5IVzDseW9I30="}
@@ -362,21 +362,21 @@
00523{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":271940,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"0NQSxnP1PBXCt3IOCABFAAB6JbJAAEAGfSDAqAEinTc4qsN1AbtlArNVviBnW4AYECzzfAAAAQEICj4izPlNea82lrtEvF7Syi3sYudbWmm1LLmltdXITy9EZvRGZ4\/xmZ+XSmldmKNIhY33FGOH7bkZm8kH56oaXL6ossqblsc6QCTpmqw22A=="}
00438{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":272005,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcP8AAEARhjrAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00438{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":616,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":272095,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAB8QAAEAR73XAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":392250,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3kJUAAEARCA3AqAEiQTffEjLdgQkAIzBxm84CB+tg2yEaM9\/bL8TBCQEYokW3ou6uIFeA"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":392251,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBYQoAAEAROAbAqAEinTeCmjLdnEUALTFnm9ACrELw0MyN5alTGXUohI4skjQwNKD1mI1L+u5IA2eq73xPAw=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":392325,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DEcAAEARjD7AqAEiQTffLTLdnEwAJedsm9ICSKWpAVcx8I7JZ8adPdtcTNxD1Y7ygdStLzI="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":392325,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyadkAAEARfcfAqAEinTg0GDLdnEEAHr+2m9QCPz6lPkIa5+HaiHK3kAac8KWOvw=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":620,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":392326,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BWcAAEAR4iHAqAEinTg0LTLdnEwAIdjym9YCeMy7FyJwEm6ud1zY3LUeAZMSqKDeqQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":400916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rp5AADMGBfedODQswKgBIgG7w3TcDZ\/UgMbzw4AQAB2lWgAAAQEICkxkMUs+Isyo"}
00490{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":401033,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"0NQSxnP1PBXCt3IOCABFAABimbtAAEAGDazAqAEinTg0LMN0AbuAxvPD3A2f1IAYECwISQAAAQEICj4izXpMZDFLCID\/ssOnhCQbPdgraKv5X6X6LEBl4VvsbMI2yvwLdbH5FbeEibgiwFjV2Yetww=="}
00443{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":426587,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDMrcAAEARxH\/AqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
@@ -390,47 +390,47 @@
00456{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":710400,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKunYAAEARPLnAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
00455{"flow_id":65,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":769727,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMiXhAAEAGz6XAqAEinTeCjMN2AbvInJlHrpWZfIAYECxiBQAAAQEICj4izupOvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
00523{"flow_id":64,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":845978,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"0NQSxnP1PBXCt3IOCABFAAB6qmRAAEAG+G3AqAEinTc4qsN1AbtlArNVviBnW4AYECzxPwAAAQEICj4izzZNea82lrtEvF7Syi3sYudbWmm1LLmltdXITy9EZvRGZ4\/xmZ+XSmldmKNIhY33FGOH7bkZm8kH56oaXL6ossqblsc6QCTpmqw22A=="}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431969659988,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431969657029,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431969656652,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431969652367,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.172","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.153","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431969655400,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431969657367,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431969657368,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.162","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431969659392,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431969658376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431969653376,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431969654389,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431969656410,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431969655399,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.150","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431969659988,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969659,"pkt_ts_usec":988385,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnVAAEAGLQHAqAEi1cezr8N3Abvoukp8AAAAALAC\/\/\/lagAAAgQFtAEDAwUBAQgKPiLPxAAAAAAEAgAA"}
00434{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":53593,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7w3fqOPcW6LpKfaASOJBSzgAAAgQFrAQCCApO2zrZPiLPxAEDAwk="}
00422{"flow_id":71,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":53732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0KCpAAEAGx1jAqAEi1cezr8N3Abvoukp96jj3F4AQECyptwAAAQEICj4i0AVO2zrZ"}
@@ -439,21 +439,21 @@
00494{"flow_id":71,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":120059,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABm3+1AAEAGD2PAqAEi1cezr8N3AbvoukrF6jj3F4AYECxgUQAAAQEICj4i0EdO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00431{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":209555,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6BEgAAEAR8vfAqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00436{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":325223,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8TkFAAEAGWUzAqAEinTg0LMNwnGCx3l+sHyRlkIAYECljpwAAAQEICj4i0RRMZC+5IVzDseW9I30="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":403887,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4bnAAAEARKjLAqAEiQTffETLdnFYAJDJym9gCRkbR2cp0xkwlV8oyn8X0NKXbrbkoGiloQw=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":403888,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4jIYAAEAR1MHAqAEiQAQXnzLdnEkAJMXJm9oCsTdSNq2fp4IomM1W0LtS\/XasnVb1cYIFcA=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":403961,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA496cAAEAROH3AqAEinTfrjjLdnFkAJNtLm9wCCq\/Vr9SUD4fwmmEiNdezuQ9niYUSk+YjJQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":403961,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3fJEAAEARs5PAqAEinTfrjzLdnF4AIz7Dm94CUldClJ3Jj\/ar7UJqBheNPI8TcYWyskFm"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":403962,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3tIAAEARCNHAqAEinTg0FTLdnEQAHrtxm+ACoNYW9c0Iu96VtPV4yMd9SlxQuA=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00494{"flow_id":71,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":484584,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABmD4lAAEAG38fAqAEi1cezr8N3AbvoukrF6jj3F4AYECxe5QAAAQEICj4i0bNO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00437{"flow_id":51,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":537735,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA80ZBAAEAGh53AqAEinTeCjMNynGH\/hzYDZw7DuIAYECnYWgAAAQEICj4i0ehOvfULJJFwCjegzGQ="}
00456{"flow_id":65,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969660,"pkt_ts_usec":630996,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMISNAAEAGN\/vAqAEinTeCjMN2AbvInJlHrpWZfIAYECxeqwAAAQEICj4i0kROvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
@@ -465,62 +465,62 @@
00435{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":349965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA85tJAAEAGccbAqAEiQTffIcNqnEKAlL7NMr3ZNIAZECh5AQAAAQEICj4i1RFNl5tsq7xG5CK7Tso="}
00455{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":362113,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLrEUAAEARSunAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00455{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":362113,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLuWoAAEARPcTAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":414015,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+WsgAAEARoKjAqAEib91NlzLdnFsAKnZMm+IChMIMA7Iu2mZsqQZJnqfJooyOMKE\/uWGoix8bU\/YAAA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":414016,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HyoAAEARyHDAqAEinTg0ETLdnE0AK6EGm+QCNgMH2ITpxVJW+XmKXJHtTvzd6uYJCxFPw1m4ZheLNng="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":663,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":414088,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2iHEAAEAR2M3AqAEiQAQXqjLdnEsAIkoGm+YCpGAFhs2RBCMUexQexYbsFkqmQ\/8Qtyc="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":414088,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2+lgAAEARAQ\/AqAEib91NqDLdnEcAIop9m+gChrJ8v\/omTh7Ne4Bar5T53RvLKUpGcwE="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":414088,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5wkwAAEARPJTAqAEib91KLDLdnF8AJV5Dm+oCagLaZIeW7H9EIxc7czPbdaN+lYkEZAqCu0Q="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00686{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":537143,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADzbXJAAEAGqcfAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECys5wAAAQEICj4i1cz301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00494{"flow_id":71,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":868514,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABmO61AAEAGs6PAqAEi1cezr8N3AbvoukrF6jj3F4AYECxZgQAAAQEICj4i1xdO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00490{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969661,"pkt_ts_usec":889665,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"0NQSxnP1PBXCt3IOCABFAABinkRAAEAGCSPAqAEinTg0LMN0AbuAxvPD3A2f1IAYECz+lgAAAQEICj4i1yxMZDFLCID\/ssOnhCQbPdgraKv5X6X6LEBl4VvsbMI2yvwLdbH5FbeEibgiwFjV2Yetww=="}
00455{"flow_id":65,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":150768,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABM+VNAAEAGX8rAqAEinTeCjMN2AbvInJlHrpWZfIAYECxYvgAAAQEICj4i2DFOvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":422043,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBe8QAAEARtE3AqAEinTfrmDLdnEEALXlam+wCJAhMYE3a2mA+K8Gsvq1dkqSohtdF5WONseMrsTgQWNCbqg=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":674,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":422044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PtsAAEAR8UnAqAEinTfrkjLdgQkAINq8m+4CkuZLUb2HgW9IroWQ+JaU9ew2O1bn"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":675,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":422217,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GQkAAEARSEjAqAEiQAQXjzLdnFIAK+Dtm\/ACn46vTpwjXGMZ9bJtrKD0Tox8o\/uW9MNcEfVIZROhfxw="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":422217,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+3+IAAEARuLHAqAEiQTffGTLdnFwAKrqUm\/ICs3eZ5yAavzTYAFVG6cHtvks6WRTX6quz\/un4rGT7CA=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":677,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":422217,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/8JUAAEAR8n\/AqAEinTc4lzLdnFsAK42nm\/QCY347bApK+fSJyR3vpMK2pFmarm3qJcKY67tEOMSW2tE="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":678,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00523{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":484047,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"0NQSxnP1PBXCt3IOCABFAAB6QTZAAEAGYZzAqAEinTc4qsN1AbtlArNVviBnW4AYECzm9wAAAQEICj4i2X5Nea82lrtEvF7Syi3sYudbWmm1LLmltdXITy9EZvRGZ4\/xmZ+XSmldmKNIhY33FGOH7bkZm8kH56oaXL6ossqblsc6QCTpmqw22A=="}
00436{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":651193,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8iUBAAEAGHk3AqAEinTg0LMNwnGCx3l+sHyRlkIAYEClalgAAAQEICj4i2iVMZC+5IVzDseW9I30="}
00437{"flow_id":57,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969662,"pkt_ts_usec":966374,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8gFdAAEAGbyPAqAEi1cezr8NznFXnJeT4bf1jqoAYECrYhwAAAQEICj4i22BO2zlegPUYPB\/96j4="}
00438{"flow_id":51,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":359268,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8g\/BAAEAG1T3AqAEinTeCjMNynGH\/hzYDZw7DuIAYECnNWgAAAQEICj4i3OhOvfULJJFwCjegzGQ="}
00495{"flow_id":71,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":375428,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABmXWZAAEAGkerAqAEi1cezr8N3AbvoukrF6jj3F4AYECxToAAAAQEICj4i3PhO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431969663377,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431969663377,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":377930,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1DJAAEAGhNzAqAEinTeCp8N8nF+W1hb6AAAAALAC\/\/8sigAAAgQFtAEDAwUBAQgKPiLc+gAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":378172,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy1ywAAEARC+fAqAEinTc4pjLdnFYAHmpym\/YCUIZT7d8ZZahDgzlHGwrFeQgMHw=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":686,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":378172,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBojAAAEARjU7AqAEi1cezmzLdnEQALVYJm\/gCocGAOu9ctMRuZg09sIXFBXfoFp0ezBOePl8z3klTgDOO8A=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":687,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":378237,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4LIAAEARBt3AqAEinTg0GzLdnFsALK5Hm\/oC27Di400dfPUDJrwFd8eoU\/psKrn9OzjyFuH7NFUpoc4x"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":378237,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyTM0AAEAR4z7AqAEinTfrrTLdnEwAHgM8m\/wCyw55OL3+chZLjMlighndXw9\/qA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":689,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":378238,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5cNoAAEARvzrAqAEinTfrnTLdnEoAJXKym\/4Cz\/csSQ42SRwcVm84KNSC1Bge6u0+CtZPiaQ="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":690,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00435{"flow_id":87,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":505002,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIpxfw3yB0ZuyltYW+6ASOJDi6AAAAgQFrAQCCApOq7XZPiLc+gEDAwk="}
00423{"flow_id":87,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":505133,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0s6BAAEAGpXrAqAEinTeCp8N8nF+W1hb7gdGbs4AQECw5lAAAAQEICj4i3XlOq7XZ"}
00536{"flow_id":87,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":505683,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"0NQSxnP1PBXCt3IOCABFAACDnKFAAEAGvCrAqAEinTeCp8N8nF+W1hb7gdGbs4AYECwikQAAAQEICj4i3XlOq7XZChG\/0yYPmKegA+hNcGZvZSHoQU++Nx5Rkm\/BbOmvh7jXIbPWsU9+9CW7Aer6Cao0MOGe9zx9ivMI2TavlPWiK+DRzmfsbbpjuMlmH0Tl0g=="}
@@ -531,55 +531,55 @@
00436{"flow_id":50,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969663,"pkt_ts_usec":864825,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IPpAAEAGghbAqAEinTc4qsNxnE+r6BLEPu7rjYAYECqhrAAAAQEICj4i3t9Nea2iMpsmfs9xo5c="}
00435{"flow_id":87,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":161090,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8BTFAAEAGU+LAqAEinTeCp8N8nF+W1hdKgdGcA4AYEClI7QAAAQEICj4i4AZOq7X7zDi7upn8y1s="}
00490{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":176258,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"0NQSxnP1PBXCt3IOCABFAABigoRAAEAGJOPAqAEinTg0LMN0AbuAxvPD3A2f1IAYECz1rQAAAQEICj4i4BVMZDFLCID\/ssOnhCQbPdgraKv5X6X6LEBl4VvsbMI2yvwLdbH5FbeEibgiwFjV2Yetww=="}
-00430{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00398{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":357397,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAABoPPBbTu2CABGrAAgAAAAAAECgoTAqAD+4AAAAZQEAAARZO6bAAAAAA=="}
-00462{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":702,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":405665,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8z44AAEARX+vAqAEi1cezpTLdnEcAKEGUnAACQndt5hKcGQjs\/aUFepuMkaIJ9906aCWz4pv6M2E="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":703,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":405665,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyGYIAAEARfyPAqAEiQTffFDLdnGEAHnjQnAICuB3xnzqHf8BCJKQQ6ooGPwkzRg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":704,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":405843,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3zjoAAEARkxnAqAEiQAQXlDLdnEoAI3yfnAQC5t7RxPpucIQEcbOpo3n\/i37I7X5QLz7O"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":705,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":405843,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3gRQAAEARembAqAEib91NlDLdnF0AI32wnAYCAtkwZfUpvy0PrMgHjjv7gkQ5J07OrfdX"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":706,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":405843,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1GOEAAEAR4qLAqAEib91NjTLdnFQAIf21nAgChdWCG2VT3PvRM4JN\/HMVRe1geqFvmA=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":812764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0HPFAADcGRLBBN98hwKgBIgG7w24uYYI6XFDkhIARAB0PDgAAAQEICk2XsRI+IpIH"}
00456{"flow_id":65,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":990164,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMCKZAAEAGUHjAqAEinTeCjMN2AbvInJlHrpWZfIAYECxNrQAAAQEICj4i40JOvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431969664990,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431969664990,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":990501,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3tAAEAGNZTAqAEinTeCp8N9Abt3wuHVAAAAALAC\/\/8VHgAAAgQFtAEDAwUBAQgKPiLjQgAAAAAEAgAA"}
00436{"flow_id":87,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969664,"pkt_ts_usec":999307,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8zB1AAEAGjPXAqAEinTeCp8N8nF+W1hdKgdGcA4AYEClFqAAAAQEICj4i40tOq7X7zDi7upn8y1s="}
-00432{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":6027,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"pkt":"PBXCt3IOxCwDBkn+CABGAAAgivAAAAEC9ufAqAFc4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"}
-00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":712,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00435{"flow_id":99,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":118447,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhOdN4KnwKgBIgG7w31xB6fgd8Lh1qASOJDOhQAAAgQFrAQCCApOq7dsPiLjQgEDAwk="}
00423{"flow_id":99,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":118524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H2lAAEAGObLAqAEinTeCp8N9Abt3wuHWcQen4YAQECwlMAAAAQEICj4i48JOq7ds"}
00522{"flow_id":99,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":715,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":118638,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8rbhAAEAGqxrAqAEinTeCp8N9Abt3wuHWcQen4YAYECxvXwAAAQEICj4i48JOq7dsgEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIAm3wSlkltQgb6XXB2qkyh5"}
00678{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":196483,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtt4xAAEAGh0DAqAEiF84hpsNtAbuewXpuGKHN44AYECyk4QAAAQEICj4i5A\/sLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00423{"flow_id":99,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":717,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":245288,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0EG1AADcGUa6dN4KnwKgBIgG7w31xB6fhd8LiHoAQAB001gAAAQEICk6rt40+IuPC"}
00482{"flow_id":99,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":245407,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"0NQSxnP1PBXCt3IOCABFAABdGotAAEAGPmfAqAEinTeCp8N9Abt3wuIecQen4YAYECwyVgAAAQEICj4i5D9Oq7eNha\/REPk0JK+jyXRvQAnIdnOzfqInh3kQnO9afU+VElpw2DvgAIcm25w="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416513,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9S9AAEAGY\/DAqAEinTeClsN+nEtADbnoAAAAALAC\/\/\/YlwAAAgQFtAEDAwUBAQgKPiLk6gAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416714,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1j8QAAEARCNrAqAEiQTffGDLdnGAAISuNnAoCfsB5JB\/rTYpH1Pyy3TEn61xOyU3n6Q=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":720,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416715,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Ev0AAEAR0ADAqAEinTc4rzLdnE0AK5vynAwCv2wYRcgby0Lpb\/j9BzqAbRO\/1tuxNgazREl3CBLvd3M="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416767,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0pwAAAEARuljAqAEiQAQXkjLdgQkAIJb3nA4CpT3k+\/yRRYMAziIEiKPZ4SNw4uYJ"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416767,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ZQAAAEARfiTAqAEinTc4kTLdnFsAImkAnBACXCxecPPKFtdeUw7sQSBvp3gi9mq4vcM="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":416768,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+hGcAAEARenXAqAEib91KKzLdnEEAKumHnBICbsOSISjTImKbV\/UiCWod5a6w5EFlZL740jo5mcYkgQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":101,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":632166,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiSdN4KWwKgBIpxLw35DcUQuQA256aASOJA7FQAAAgQFrAQCCApOt5+TPiLk6gEDAwk="}
00424{"flow_id":101,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":632245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tVZAAEAGo9XAqAEinTeClsN+nEtADbnpQ3FEL4AQECyRaAAAAQEICj4i5cFOt5+T"}
00532{"flow_id":101,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":632843,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"0NQSxnP1PBXCt3IOCABFAACBua5AAEAGnzDAqAEinTeClsN+nEtADbnpQ3FEL4AYECwSIgAAAQEICj4i5cFOt5+T207BU8RTpz6cl51LKBWtARK9wP6VlGI4+stPzH0uYPT1Iirrs3Q6E000sIWPSE+TE6j51s80FUJLgPFuh4yNWoNY6QY\/5AVyuzDhnvc="}
@@ -590,24 +590,24 @@
00438{"flow_id":101,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":763079,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA88\/VAAEAGZS7AqAEinTeClsN+nEtADbo2Q3FEmYAYECjdFgAAAQEICj4i5kFOt5\/KwFGYWtZyg7g="}
00482{"flow_id":99,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969665,"pkt_ts_usec":771502,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"0NQSxnP1PBXCt3IOCABFAABdh01AAEAG0aTAqAEinTeCp8N9Abt3wuIecQen4YAYECwwTAAAAQEICj4i5klOq7eNha\/REPk0JK+jyXRvQAnIdnOzfqInh3kQnO9afU+VElpw2DvgAIcm25w="}
00496{"flow_id":71,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":195715,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABmMmpAAEAGvObAqAEi1cezr8N3AbvoukrF6jj3F4AYECxIqAAAAQEICj4i5\/BO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":429147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QwsAAEARVYDAqAEiQTffLDLdnE0AIF\/DnBQCMyjz3r9eJ18XTFVNiAvxrYpQ3ucg"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":429312,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA82TgAAEARDlzAqAEinTg0GjLdnFoAKNB4nBYCAAvRN+bFqY3YyxruA93YXf9Qo41EFxKazlLBv\/8="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":429312,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/\/94AAEARYWbAqAEiQAQXmzLdnEQAK4rqnBgCdE2WfHkd94c\/GZASHmkYP3mRsrUzW7aH679XKkCN7wg="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":429312,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3cPYAAEARJ5XAqAEiQTffKTLdnFsAIyQanBoCqUIPvRhVKRfli2TsAPxez+o30kiStRum"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":429312,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAy3VkAAEARCjDAqAEinTg0LzLdnF0AHgzhnBwC9HB1yp1CFIBUD5AqeEDWvWy7jA=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":87,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":480016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8jDNAAEAGzN\/AqAEinTeCp8N8nF+W1hdKgdGcA4AYECk\/5wAAAQEICj4i6QxOq7X7zDi7upn8y1s="}
00483{"flow_id":99,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969666,"pkt_ts_usec":618248,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"0NQSxnP1PBXCt3IOCABFAABd03JAAEAGhX\/AqAEinTeCp8N9Abt3wuIecQen4YAYECwtAAAAAQEICj4i6ZVOq7eNha\/REPk0JK+jyXRvQAnIdnOzfqInh3kQnO9afU+VElpw2DvgAIcm25w="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431969667019,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431969667019,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":19463,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYg5AAEAG9xHAqAEinTeClsOAAbtI+pnpAAAAALAC\/\/+D\/AAAAgQFtAEDAwUBAQgKPiLrJgAAAAAEAgAA"}
00436{"flow_id":57,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":38437,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8xXlAAEAGKgHAqAEi1cezr8NznFXnJeT4bf1jqoAYECrIrwAAAQEICj4i6zhO2zlegPUYPB\/96j4="}
00436{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":108629,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8jf1AAEAGGZDAqAEinTg0LMNwnGCx3l+sHyRlkIAYEClJPgAAAQEICj4i631MZC+5IVzDseW9I30="}
@@ -617,23 +617,23 @@
00438{"flow_id":101,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":199850,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8awRAAEAG7h\/AqAEinTeClsN+nEtADbo2Q3FEmYAYECjXfwAAAQEICj4i69hOt5\/KwFGYWtZyg7g="}
00424{"flow_id":112,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":272591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA08RxAADcGcQ+dN4KWwKgBIgG7w4C5VVBfSPqaMoAQAB3JKgAAAQEICk63oUM+Iuui"}
00474{"flow_id":112,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":272699,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXZX9AAEAG84nAqAEinTeClsOAAbtI+poyuVVQX4AYECxq7gAAAQEICj4i7CBOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":439791,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvH9AAEAGnJDAqAEinTeCpsOBnFXYqqHbAAAAALAC\/\/9QDQAAAgQFtAEDAwUBAQgKPiLsxwAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":439986,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SW0AAEAR5iPAqAEi1cezjTLdnE8AKQ5hnB4CGyqpujGNRC+tNfD9NfpLzFflMbzl80z6vtvIbjHD"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":439986,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5JaMAAEARO5vAqAEiQAQXqDLdnEYAJeE7nCAClYKeY8U7yQoFLZ\/n5OmCV2u37neBgVGbscg="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":440039,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/+CwAAEAR6vHAqAEinTc4jjLdnFcAKxxKnCIC+gceuOzI36Gk6bxAzIG\/CfJN2Kdzd\/KAG2cg42HExgA="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":440039,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0paYAAEARVdzAqAEib91NjzLdnFYAIE1nnCQCSJLvZtGpgN01LZemo1XXZO+oxg0w"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":440039,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBc7oAAEARJM\/AqAEiQTffITLdnEsALfH+nCYCgzglH2UUEeAloaKWvjnBLcR69MpntGSFdWneylROBFqJdg=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":679820,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIpxVw4FWpWbU2Kqh3KASOJCyZwAAAgQFrAQCCApOrGnnPiLsxwEDAwk="}
00424{"flow_id":113,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":679894,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04YFAAEAGd5rAqAEinTeCpsOBnFXYqqHcVqVm1YAQECwIogAAAQEICj4i7bdOrGnn"}
00525{"flow_id":113,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969667,"pkt_ts_usec":680317,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"0NQSxnP1PBXCt3IOCABFAAB6xORAAEAGk\/HAqAEinTeCpsOBnFXYqqHcVqVm1YAYECy3pgAAAQEICj4i7bdOrGnndublI75nXubO21nQycJvJO84XcmJJcjmGsjdZZ7Sh0tXGkpbJzOfwgjXE\/IbWS5lhr9khfI7sGEed7z9CnOIWbYvFHUiqw=="}
@@ -650,19 +650,19 @@
00438{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":369272,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2iIAAEARHRfAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00438{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":369273,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6jAAAEARDQnAqAEiwKgBAeA+ADUALBXIHdcBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00876{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":391015,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGBApwAAAQRATDAqAD+7\/\/\/+gQBB2wBbXKDTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBUUC1MSU5LIFdpcmVsZXNzIE4gTmFubyBSb3V0ZXIgV1I3MDJOLCBVUG5QLzEuMA0KVVNOOiB1dWlkOnVwbnAtV0FOQ29ubmVjdGlvbkRldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCg0K"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":393491,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuzMAAEARQDfAqAEib91NmzLdnEQALFAWnCgCEvePRGLJGr6Sre+ODORDkQCce9O5GJ9D557YPiPEFuAx"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":776,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":393551,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/2XIAAEARv6rAqAEinTeCjzLdnFEAK32DnCoCUchv5aDS7Qgi\/2x8dTOyi7BA\/ZCxsEvRrtCtnVEnyoU="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":777,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00535{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":477732,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDHPJAADcGRGBBN98hwKgBIgG7w24uYYHrXFDkhIAYAB1z8wAAAQEICk2XtLA+IpIHFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00408{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":477830,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAomF9AAEAGwE3AqAEiQTffIcNuAbtcUOSEAAAAAFAEAADHvgAA"}
00442{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":492204,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDB9wAAEAR71rAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
00442{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":782,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":492347,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDDGwAAEAR6srAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":503619,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABItzYAAEARPsPAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":783,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00491{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":552184,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"0NQSxnP1PBXCt3IOCABFAABi1zFAAEAG0DXAqAEinTg0LMN0AbuAxvPD3A2f1IAYECzkpQAAAQEICj4i8R1MZDFLCID\/ssOnhCQbPdgraKv5X6X6LEBl4VvsbMI2yvwLdbH5FbeEibgiwFjV2Yetww=="}
00474{"flow_id":112,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":613246,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXsndAAEAGppHAqAEinTeClsOAAbtI+poyuVVQX4AYECxltAAAAQEICj4i8VpOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
00438{"flow_id":101,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":634104,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8SbFAAEAGD3PAqAEinTeClsN+nEtADbo2Q3FEmYAYECjR6QAAAQEICj4i8W5Ot5\/KwFGYWtZyg7g="}
@@ -673,7 +673,7 @@
00456{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":794693,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK8GcAAEARBsjAqAEiwKgBAd\/IADUANro4UU4BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAABwAAQ=="}
00456{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":794885,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKwQ4AAEARNiHAqAEiwKgBAcNGADUANrH\/diQBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDYBcgVza3lwZQNuZXQAAAEAAQ=="}
00437{"flow_id":51,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969668,"pkt_ts_usec":813342,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8gzNAAEAG1frAqAEinTeCjMNynGH\/hzYDZw7DuIAYECm4IQAAAQEICj4i8iFOvfULJJFwCjegzGQ="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431969669039,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431969669039,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":39715,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5lAAEAGvXbAqAEinTeCpsODAbsS3IR+AAAAALAC\/\/\/HlQAAAgQFtAEDAwUBAQgKPiLzAwAAAAAEAgAA"}
00436{"flow_id":122,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":172605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhSdN4KmwKgBIgG7w4O9Vc6mEtyEf6ASOJBZ3QAAAgQFrAQCCApOrGt3PiLzAwEDAwk="}
00425{"flow_id":122,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":172726,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0jk9AAEAGyszAqAEinTeCpsODAbsS3IR\/vVXOp4AQECywggAAAQEICj4i84hOrGt3"}
@@ -682,91 +682,91 @@
00432{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":300239,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6C1AAAEAR6+\/AqAEiwKgBAcLvADUAJlJY1+QBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00424{"flow_id":122,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":302321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0pT9AADcGvNydN4KmwKgBIgG7w4O9Vc6nEtyEx4AQAB3AKAAAAQEICk6sa5g+IvOI"}
00466{"flow_id":122,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":302385,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSXh5AAEAG+t\/AqAEinTeCpsODAbsS3ITHvVXOp4AYECx5qgAAAQEICj4i9AhOrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":408592,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA749YAAEARS6HAqAEi1cezqDLdnEYAJ90VnCwCpNRKktf4Qi\/bdq+yPcZvRHBM0A5YqXcB1iPXfA=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":803,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":408592,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5xgUAAEARIZrAqAEinTg0EjLdgQkAJZdLnC4CEFtjW45ZN3BY7kxO5IarNwXkC3qnvdRTMpg="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":804,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":408664,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9eQsAAEARtnjAqAEi1cezmjLdnGIAKUaUnDACIJVxUOV7zs6xYvMq6EYi6E1yxVZ+ttOndiNbBj7C"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":805,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":113,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":412702,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8SP9AAEAGEBXAqAEinTeCpsOBnFXYqqIiVqVnNYAYEClbUwAAAQEICj4i9HZOrGolRtJrmlCDoq4="}
00436{"flow_id":50,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":830994,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FSdAAEAGjenAqAEinTc4qsNxnE+r6BLEPu7rjYAYECqKcwAAAQEICj4i9hhNea2iMpsmfs9xo5c="}
00465{"flow_id":122,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":840170,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSr9pAAEAGqSPAqAEinTeCpsODAbsS3ITHvVXOp4AYECx3kQAAAQEICj4i9iFOrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
00686{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969669,"pkt_ts_usec":956349,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADzRR9AAEAG0hrAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECyMHgAAAQEICj4i9pX301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00433{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00431{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.21","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.26","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.47","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431969665006,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431969664357,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431969668503,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.168","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.141","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431969661414,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431969666429,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.41","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.25","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.157","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.175","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431969668393,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.143","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.166","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431969667440,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.142","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431969665416,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431969662422,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.151","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431969660403,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431969663378,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431969664405,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431969667439,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431969669408,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00494{"flow_id":71,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":56543,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABm9XxAAEAG+dPAqAEi1cezr8N3AbvoukrF6jj3F4AYECw5nwAAAQEICj4i9vlO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00473{"flow_id":112,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":811,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":66703,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXQOtAAEAGGB7AqAEinTeClsOAAbtI+poyuVVQX4AYECxgCwAAAQEICj4i9wNOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
00455{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":410701,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLTl4AAEARqNDAqAEiwKgBAeuAADUAN9PqYyoBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00455{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":814,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":410891,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLtqQAAEARQIrAqAEiwKgBAeF+ADUAN7bIb04BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":418370,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1a3EAAEARxCLAqAEi1cezkjLdnF4AIe2\/nDICH70PgbauE\/TDe2jJ8Wqi40Tw\/dlcGg=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":815,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":418371,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4XYMAAEARoWrAqAEib91KIDLdnEkAJPvTnDQCE7A5vpizco713fAfzrDXfyhKHUClX6xRMw=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":816,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00457{"flow_id":65,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":473991,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMASdAAEAGV\/fAqAEinTeCjMN2AbvInJlHrpWZfIAYECw4VQAAAQEICj4i+JpOvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
00465{"flow_id":122,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":713987,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABStFVAAEAGpKjAqAEinTeCpsODAbsS3ITHvVXOp4AYECx0KQAAAQEICj4i+YlOrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
00483{"flow_id":99,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969670,"pkt_ts_usec":895271,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"0NQSxnP1PBXCt3IOCABFAABddstAAEAG4ibAqAEinTeCp8N9Abt3wuIecQen4YAYECwcVwAAAQEICj4i+j5Oq7eNha\/REPk0JK+jyXRvQAnIdnOzfqInh3kQnO9afU+VElpw2DvgAIcm25w="}
00435{"flow_id":113,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":6380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA80VhAAEAGh7vAqAEinTeCpsOBnFXYqqIiVqVnNYAYEClVHAAAAQEICj4i+q1OrGolRtJrmlCDoq4="}
00438{"flow_id":101,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":300551,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8bcNAAEAG62DAqAEinTeClsN+nEtADbo2Q3FEmYAYECjHhQAAAQEICj4i+9JOt5\/KwFGYWtZyg7g="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":427254,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7f50AAEAR4bnAqAEiQAQXjTLdnEQAJ4UFnDYCwyd8EHi1QBLXs1KZU1iJVh3lwESpNueb3tiaIg=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":427254,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ovIAAEAR9aDAqAEiQTffHDLdnFoAKLy9nDgCw\/trQW+yBgre1M\/iGb+xrR1ukS\/k6lR8WrcUGNw="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":825,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":427327,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3g4AAEARUfvAqAEinTfroTLdnEsALJxsnDoCIAhyfiAhHAGT2pPsDhuBxLXCl+D8eTQt2\/ZTx9MpLSju"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00525{"flow_id":64,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":841809,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"0NQSxnP1PBXCt3IOCABFAAB684hAAEAGr0nAqAEinTc4qsN1AbtlArNVviBnW4AYECzChgAAAQEICj4i\/e9Nea82lrtEvF7Syi3sYudbWmm1LLmltdXITy9EZvRGZ4\/xmZ+XSmldmKNIhY33FGOH7bkZm8kH56oaXL6ossqblsc6QCTpmqw22A=="}
00678{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969671,"pkt_ts_usec":883043,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtolVAAEAGnHfAqAEiF84hpsNtAbuewXpuGKHN44AYECyK2AAAAQEICj4i\/hjsLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00466{"flow_id":122,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":261205,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSOtRAAEAGHirAqAEinTeCpsODAbsS3ITHvVXOp4AYECxuIAAAAQEICj4i\/5JOrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
@@ -776,29 +776,29 @@
00424{"flow_id":64,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":489136,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0LphAAEAGdIDAqAEinTc4qsN1AbtlArObviBnW4ARECyQUQAAAQEICj4jAHVNea82"}
00425{"flow_id":51,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":489205,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0AexAAEAGV0rAqAEinTeCjMNynGH\/hzYLZw7DuIAREClCdQAAAQEICj4jAHVOvfUL"}
00424{"flow_id":65,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":489205,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mkVAAEAGvvDAqAEinTeCjMN2AbvInJlfrpWZfIARECyRzgAAAQEICj4jAHVOvfad"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":489344,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NOAAAEARZEfAqAEinTeCkDLdnGIAINainDwChxJXV87XhkbitLg+A\/cA051ANFNY"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":836,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":489344,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2EcMAAEAR7TnAqAEib91KEzLdnEEAItfhnD4Cb3aeHJFamREFARmu+jDLOabt8VoC3Pk="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00475{"flow_id":112,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":838,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":767407,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABX+H1AAEAGYIvAqAEinTeClsOAAbtI+poyuVVQX4AYECxVgwAAAQEICj4jAYtOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
00437{"flow_id":57,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":839,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969672,"pkt_ts_usec":917592,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8JB1AAEAGy13AqAEi1cezr8NznFXnJeT4bf1jqoAYECqxxgAAAQEICj4jAiFO2zlegPUYPB\/96j4="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443345,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAbK1AAEAGNnfAqAEinTc4ksOFnF5LaK4QAAAAALAC\/\/8DvAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443587,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVldAAEAGAsbAqAEinTeCmcOGnEV7WkqhAAAAALAC\/\/\/tSQAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443716,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3dtAAEAG4QXAqAEib91KL8OHnF60mgT1AAAAALAC\/\/9fYAAAAgQFtAEDAwUBAQgKPiMELQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XMQAAEARBHrAqAEiQAQXrTLdnFEAIKzLnEACNoZuauEq3ADhWmqb7oTzdlIdyJ9N"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":844,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443897,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lioAAEARmezAqAEinTfrmTLdnFcAJ4lunEIC66wPUwGEAyW45bIdeHP6QiT0x60Zbz70ciSKMQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":845,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":443922,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA180cAAEARCDTAqAEib91NlTLdnF4AIdImnEQCEhW3FidGQ7GJtk\/GLqF7d8vgcOXTwQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":134,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":574373,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYiGdN4KZwKgBIpxFw4bvEzbne1pKoqASOJB0cwAAAgQFrAQCCApOtNyOPiMELQEDAwk="}
00424{"flow_id":134,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":574496,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MLVAAEAGKHTAqAEinTeCmcOGnEV7Wkqi7xM26IAQECzLGgAAAQEICj4jBLBOtNyO"}
00576{"flow_id":134,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969673,"pkt_ts_usec":575107,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":172,"pkt_l4_len":138,"pkt":"0NQSxnP1PBXCt3IOCABFAACeCKhAAEAGUBfAqAEinTeCmcOGnEV7Wkqi7xM26IAYECzq0wAAAQEICj4jBLBOtNyOAWZkzughlCNCvXtxaSBC7JDDHESH2Je\/F\/dAa\/dGMFUSCfM7GfI9QD7EeE1HvoXmVLVi66CRjiesLXojeIkm3wSlkltQgb6XXB2qkyh5Vk+0lcLLAHHuBwwN2gPYaYa\/ZIXyO7BhHne8\/Q=="}
@@ -823,20 +823,20 @@
00435{"flow_id":135,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":38380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA86FxAAEAG1ojAqAEib91KL8OHnF60mgVan9mDBYAYECql7wAAAQEICj4jBn1NhV8Xx9YMHiFnIWo="}
00436{"flow_id":134,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":235943,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8AKVAAEAGWHzAqAEinTeCmcOGnEV7WksM7xM3SYAYECg3HwAAAQEICj4jB0NOtNyvZO1SW4ugTYc="}
00436{"flow_id":133,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":316206,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8HghAAEAGhSDAqAEinTc4ksOFnF5LaK51T0tw1IAYECns8gAAAQEICj4jB5NNhXFJby9fpLXtPtU="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":456524,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxa4AAEAR02nAqAEinTeCkjLdnFoALfPInEYCTMX9D0zWqHZlar9rRJ4nLA7eV\/fFhp0UOFHwVjJRpWMfLA=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":57,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":456591,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Y3RAAEAGjA7AqAEi1cezr8NznFXnJeUAbf1jqoARECpPPQAAAQEICj4jCB9O2zle"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":456592,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9FOcAAEARGqjAqAEi1cezjzLdnFYAKftynEgChXSqdM1qvdY\/tcyUx+hTJaaUvSW+LNUHctwmtBhJ"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":71,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":456592,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0A1lAAEAG7CnAqAEi1cezr8N3Abvoukr36jj3F4ARECxxEQAAAQEICj4jCB9O2zrq"}
00436{"flow_id":87,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969674,"pkt_ts_usec":534411,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8orZAAEAGtlzAqAEinTeCp8N8nF+W1hdKgdGcA4AYECkghwAAAQEICj4jCGxOq7X7zDi7upn8y1s="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431969675055,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431969675055,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":55729,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAteJAAEAG7UHAqAEinTc4ksOIAbsXgt4IAAAAALAC\/\/+cAgAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431969675055,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431969675055,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":55919,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQxNAAEAGFgrAqAEinTeCmcOJAbvJCUUsAAAAALAC\/\/85TwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431969675056,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431969675056,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":56059,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWxNAAEAGY87AqAEib91KL8OKAbuRyk0GAAAAALAC\/\/\/OdwAAAgQFtAEDAwUBAQgKPiMKdQAAAAAEAgAA"}
00436{"flow_id":134,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":92713,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8V6pAAEAGAXfAqAEinTeCmcOGnEV7WksM7xM3SYAYECgzyAAAAQEICj4jCppOtNyvZO1SW4ugTYc="}
00467{"flow_id":122,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":157906,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSeE5AAEAG4K\/AqAEinTeCpsODAbsS3ITHvVXOp4AYECxi1wAAAQEICj4jCttOrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
@@ -854,18 +854,18 @@
00436{"flow_id":143,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":353523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGyOVv3UovwKgBIgG7w4qMyvZEkcpNB6ASOJB16gAAAgQFrAQCCApNhWBgPiMKdQEDAwk="}
00424{"flow_id":143,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":353626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0A+1AAEAGuwDAqAEib91KL8OKAbuRyk0HjMr2RYAQECzL7gAAAQEICj4jC5tNhWBg"}
00524{"flow_id":143,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":353740,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8PFFAAEAGglTAqAEib91KL8OKAbuRyk0HjMr2RYAYECy2PgAAAQEICj4jC5tNhWBggEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIACC0CxLkdMTRpDGKnG\/6TF"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":413612,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAarpAAEAGVDDAqAEib91KJsOLnE+UB73TAAAAALAC\/\/+\/fwAAAgQFtAEDAwUBAQgKPiML1gAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":413818,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rAwAAEAR7JDAqAEiQTffFTLdnFsAJTYGnEoCYEAkEhPrC3cXaZ2QhtIeOoxIY9w9Ekoojl8="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":898,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":413819,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAySgUAAEARsYLAqAEib91NjDLdnEMAHpNUnEwCeUQO24lPxsdSE1aywi7G9Ehfag=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":899,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":413876,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3KwsAAEARbhfAqAEinTeCkjLdgQkAI6nfnE4CnxxG0E+kNYaCqSmEqqaVzyCf2xFtLT6I"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1431969675567,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":900,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1431969675567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":567066,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoxtNAAEAGPGLAqAEiEaxkJMNoAbucCLSTZ4D+ClAR\/\/\/87QAA"}
00424{"flow_id":143,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":667575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0luxAADYGMgFv3UovwKgBIgG7w4qMyvZFkcpNT4AQAB3bbAAAAQEICk2FYKk+Iwub"}
00460{"flow_id":143,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":667652,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"0NQSxnP1PBXCt3IOCABFAABNf2tAAEAGP2nAqAEib91KL8OKAbuRyk1PjMr2RYAYECyMfgAAAQEICj4jDNNNhWCpro9SILG2kEIipiuKXJkgpDduj12IclUwiw=="}
@@ -878,30 +878,30 @@
00436{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":816231,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA87QxAAEAGuoDAqAEinTg0LMNwnGCx3l+sHyRlkIAZECknVQAAAQEICj4jDWVMZC+5IVzDseW9I30="}
00475{"flow_id":142,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":852388,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABWVO1AAEAGBBrAqAEinTeCmcOJAbvJCUV1l+7ieIAYECzFzgAAAQEICj4jDYlOtN5CdYilVbtaCwK\/tgRArD4Y28szEXDIjTbyD0VdE11jWOuPGA=="}
00462{"flow_id":141,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":913705,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPam1AAEAGOKjAqAEinTc4ksOIAbsXgt5RB+ihfoAYECzxxQAAAQEICj4jDcZNhXLb+CbW3lZbBv40\/beInvTLb7s0B7Su\/nEv8OsV"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":950087,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPisQAAEARbGbAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
-00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":913,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969675,"pkt_ts_usec":950344,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPsQsAAEARRh\/AqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":914,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431969675950,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00423{"flow_id":144,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":915,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":3705,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0uhNAADcGDeNv3UomwKgBIpxPw4sbzRmAlAe+CoAQAB3XZgAAAQEICk1\/o5M+Iwz7"}
00523{"flow_id":144,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":916,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":7380,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"PBXCt3IO0NQSxnP1CABFAAB6uhRAADcGDZxv3UomwKgBIpxPw4sbzRmAlAe+CoAYAB1g3QAAAQEICk1\/o5Q+Iwz7W0+jDkwYdyalyU6Dj4HU2pOBY1mmiLVz6n0Ki\/31ujL4cTtm9Z9iwycIFTqWFFeNZVIbEEF+VxzdalPoORYPdFWCi8Axrg=="}
00422{"flow_id":144,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":917,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":7446,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06rBAAEAG1EXAqAEib91KJsOLnE+UB74KG80ZxoAQECnF6wAAAQEICj4jDiNNf6OU"}
00434{"flow_id":144,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":7992,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8F4hAAEAGp2bAqAEib91KJsOLnE+UB74KG80ZxoAYECkMIgAAAQEICj4jDiNNf6OUySqTc3CS7Ig="}
00483{"flow_id":99,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":919,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":266879,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"0NQSxnP1PBXCt3IOCABFAABd5kpAAEAGcqfAqAEinTeCp8N9Abt3wuIecQen4YAYECwHbwAAAQEICj4jDyZOq7eNha\/REPk0JK+jyXRvQAnIdnOzfqInh3kQnO9afU+VElpw2DvgAIcm25w="}
00437{"flow_id":51,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":920,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":399049,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8KJpAAEAGMJTAqAEinTeCjMNynGH\/hzYDZw7DuIAZECmalwAAAQEICj4jD6pOvfULJJFwCjegzGQ="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":429637,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBH10AAEARELrAqAEinTfrkzLdnFQALfL6nFACIA2HAe7F64ULrxZmZzlp\/IcJjWPYQGVuGoQXNRtdAcprsg=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":921,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":429638,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9SBkAAEARs0rAqAEib91NpTLdnFQAKf+JnFIC4bFrPlS3SgwUQ0ZkfJhi4Ibaq\/8x3HMPk6r8UbN8"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":922,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":101,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":923,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":440226,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8iAlAAEAG0RrAqAEinTeClsN+nEtADbo2Q3FEmYAYECizhAAAAQEICj4jD9NOt5\/KwFGYWtZyg7g="}
00437{"flow_id":134,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":613109,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8MwdAAEAGJhrAqAEinTeCmcOGnEV7WksM7xM3SYAYECgt5AAAAQEICj4jEH5OtNyvZO1SW4ugTYc="}
00475{"flow_id":142,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":709727,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABWkfJAAEAGxxTAqAEinTeCmcOJAbvJCUV1l+7ieIAYECzCeQAAAQEICj4jEN5OtN5CdYilVbtaCwK\/tgRArD4Y28szEXDIjTbyD0VdE11jWOuPGA=="}
00462{"flow_id":141,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":838729,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPlqBAAEAGDHXAqAEinTc4ksOIAbsXgt5RB+ihfoAYECzuLQAAAQEICj4jEV5NhXLb+CbW3lZbBv40\/beInvTLb7s0B7Su\/nEv8OsV"}
00437{"flow_id":133,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":930,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969676,"pkt_ts_usec":964997,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FedAAEAGjUHAqAEinTc4ksOFnF5LaK51T0tw1IAYECniqQAAAQEICj4jEdxNhXFJby9fpLXtPtU="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431969677018,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431969677018,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":931,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":18656,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAFnhAAEAGqHLAqAEib91KJsOPAbu0bGHpAAAAALAC\/\/+PWgAAAgQFtAEDAwUBAQgKPiMSEQAAAAAEAgAA"}
00460{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":45314,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABP37sAAEARF2\/AqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
00459{"flow_id":150,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":45399,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPvnQAAEAROLbAqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"}
@@ -913,25 +913,25 @@
00523{"flow_id":153,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":390314,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8Tm1AAEAGcEHAqAEib91KJsOPAbu0bGHqDtZB8IAYECxLcwAAAQEICj4jE4NNf6TagEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIBx7gcMDdoD2GmGv2SF8juw"}
00408{"flow_id":63,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":390359,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoez5AAEAGLGPAqAEinTg0LMN0AbuAxvPyAAAAAFAEAADiyAAA"}
00437{"flow_id":135,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":436520,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8KzpAAEAGk6vAqAEib91KL8OHnF60mgVan9mDBYAYECqYuwAAAQEICj4jE7FNhV8Xx9YMHiFnIWo="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":439255,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kxIAAEARaE7AqAEib91NpjLdnEsAK\/dAnFQCl1hxbJqFe\/EoPOrYejcO5KpAaYBpd\/JMh2XsR696PgE="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":439256,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4mEQAAEARAMrAqAEinTeCpTLdnFoAJC3GnFYCIQGR7TxLVU8tswjr1LACebeVCHQalWySEQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":439327,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1f9wAAEARGT3AqAEinTeCnTLdnE0AIXYPnFgCFJgmOhVj0TGqdlU73IOUBy59C5OuhQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00496{"flow_id":71,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":581712,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABm1jFAAEAGGR\/AqAEi1cezr8N3AbvoukrF6jj3F4AZECwcVgAAAQEICj4jFEFO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00436{"flow_id":144,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":680875,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89bNAAEAGyTrAqAEib91KJsOLnE+UB74KG80ZxoAYECkFoQAAAQEICj4jFKRNf6OUySqTc3CS7Ig="}
00425{"flow_id":153,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":689309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA05MhAADcG4y1v3UomwKgBIgG7w48O1kHwtGxiMoAQAB2JxAAAAQEICk1\/pTg+IxOD"}
00499{"flow_id":153,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":689388,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"0NQSxnP1PBXCt3IOCABFAABq3jRAAEAG4IvAqAEib91KJsOPAbu0bGIyDtZB8IAYECxlQwAAAQEICj4jFKxNf6U4DpQ6T7GhI\/HZuALGyyd6FuE62cjswcclHGXEXQQQrFo1hEMiHK+aF1hYQEgpCBKH6FPKIRys"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":975446,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLNkoAAEARwOTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":950,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":975770,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLu3AAAEARO77AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431969677975,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00475{"flow_id":112,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969677,"pkt_ts_usec":985081,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXYOVAAEAG+CPAqAEinTeClsOAAbtI+poyuVVQX4AYECxBOwAAAQEICj4jFdNOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
00436{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":127257,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA81kZAAEAGzMnAqAEinTc4qsNxnE+r6BLEPu7rjYAZECpqKQAAAQEICj4jFmFNea2iMpsmfs9xo5c="}
00456{"flow_id":65,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":128519,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMjBFAAEAGzQzAqAEinTeCjMN2AbvInJlHrpWZfIAZECwajAAAAQEICj4jFmJOvfadOsfzaffo90GU9fGuBRpgbZPEZs9Bzxti"}
@@ -941,13 +941,13 @@
00456{"flow_id":65,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":958,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":254715,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"PBXCt3IO0NQSxnP1CABFAABMb+hAADcG8jWdN4KMwKgBIgG7w3aulZnLyJyZYIAZAB1q6QAAAQEICk6+CS8+IxZiCZN8qOdAn2tQKPavo9VwulBfRWu9L1K6"}
00408{"flow_id":65,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":959,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":254809,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoPRtAAEAGHCfAqAEinTeCjMN2AbvInJlgAAAAAFAEAACnIwAA"}
00686{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":962,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":380830,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADzJGNAAEAG8tbAqAEiF99JIsNrAbvkkjeTMYDD\/oAZECxrVgAAAQEICj4jF13301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":448473,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA28WwAAEARPrfAqAEinTfrkTLdnFYAInUwnFoCL\/MPOOsaaRslv0+ih8hUClTBOiOZV0s="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":963,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":87,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":448539,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yERAAEAGkNbAqAEinTeCp8N8nF+W1hdSgdGcA4ARECn+pQAAAQEICj4jF6BOq7X7"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":448540,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBiiMAAEARDm3AqAEiQTffGjLdnEQALZMdnFwCzKFKSd3cA9PLS4BXWJFRrjZHyG3cJPIPdrTAqEb6jU8VDg=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":965,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00424{"flow_id":99,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":448540,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA09b9AAEAGY1vAqAEinTeCp8N9Abt3wuJHcQen4YARECzwvgAAAQEICj4jF6BOq7eN"}
00463{"flow_id":141,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":486903,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABP7\/JAAEAGsyLAqAEinTc4ksOIAbsXgt5RB+ihfoAYECznxQAAAQEICj4jF8ZNhXLb+CbW3lZbBv40\/beInvTLb7s0B7Su\/nEv8OsV"}
00677{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969678,"pkt_ts_usec":578114,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtqoVAAEAGlEfAqAEiF84hpsNtAbuewXpuGKHN44AYECxwzwAAAQEICj4jGCHsLkk6FgMBALQBAACwAwNVWh9r1BitCFD8cZbUoP0jV12FHPzKsJViTeYgJXwI\/wAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
@@ -956,17 +956,17 @@
00462{"flow_id":143,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":106043,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"0NQSxnP1PBXCt3IOCABFAABNgeVAAEAGPO\/AqAEib91KL8OKAbuRyk1PjMr2RYAYECx\/IQAAAQEICj4jGjBNhWCpro9SILG2kEIipiuKXJkgpDduj12IclUwiw=="}
00438{"flow_id":144,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":351214,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8McxAAEAGjSLAqAEib91KJsOLnE+UB74KG80ZxoAYECn\/IAAAAQEICj4jGyRNf6OUySqTc3CS7Ig="}
00437{"flow_id":134,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":442446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8UB9AAEAGCQLAqAEinTeCmcOGnEV7WksM7xM3SYAYECgi4wAAAQEICj4jG39OtNyvZO1SW4ugTYc="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431969679451,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431969679451,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":451353,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZ+RAAEAG8MXAqAEiQTffDMORnF\/vfD8JAAAAALAC\/\/9szQAAAgQFtAEDAwUBAQgKPiMbhwAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":455907,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zKQAAEARzHXAqAEinTeClzLdnFEAJhOjnF4CtwUXw\/VWCApVJdrfxkhI5qU9AKuGw3faL7f5"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":976,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":455908,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5dCsAAEARu0zAqAEi1cezqjLdnEsAJQhSnGAC6QwwmBRocZoeU0bscPTURL89AdihxLtaI+k="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":977,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":455968,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lc0AAEARZY3AqAEib91NsDLdnFQAJ2jKnGICi6AMRljZtq+Es\/pWkLbSJ\/TvDoZrPj0F5hXOgQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":161,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":581118,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIpxfw5E\/Sv9r73w\/CqASOJDLRwAAAgQFrAQCCApNoe2VPiMbhwEDAwk="}
00427{"flow_id":161,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":581242,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cmZAAEAG5k\/AqAEiQTffDMORnF\/vfD8KP0r\/bIAQECwh8QAAAQEICj4jHAhNoe2V"}
00553{"flow_id":161,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":581781,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOIGxAAEAGN\/DAqAEiQTffDMORnF\/vfD8KP0r\/bIAYECwRzAAAAQEICj4jHAhNoe2VfNU8dhpM38DGRSZmxic4e0pEdx+lOUJozRNK0FR\/ZhB0X2eExkEyGGlGIiJpdaUcTRpDGKnG\/6TFMnvwoV63\/D1Ks8iZ9m9UtWLroJGOJ6wteiN4iSbfBKWS"}
@@ -976,48 +976,48 @@
00438{"flow_id":161,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":719036,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8M35AAEAGJTDAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECml3QAAAQEICj4jHJBNoe23pd7yTaWfPN4="}
00437{"flow_id":113,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":784006,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8v6FAAEAGmXLAqAEinTeCpsOBnFXYqqIiVqVnNYAYECky+AAAAQEICj4jHNFOrGolRtJrmlCDoq4="}
00499{"flow_id":153,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969679,"pkt_ts_usec":876258,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"0NQSxnP1PBXCt3IOCABFAABqnWNAAEAGIV3AqAEib91KJsOPAbu0bGIyDtZB8IAYECxcwgAAAQEICj4jHS1Nf6U4DpQ6T7GhI\/HZuALGyyd6FuE62cjswcclHGXEXQQQrFo1hEMiHK+aF1hYQEgpCBKH6FPKIRys"}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.141","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.32","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.166","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.176","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.26","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431969675413,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.21","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431969671427,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.161","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.151","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431969676429,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431969678448,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.145","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431969673443,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.153","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431969677439,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431969672489,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431969679455,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431969674456,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431969670418,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":157,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":121792,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLe\/oAAEARezTAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00457{"flow_id":158,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":121982,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLZ0MAAEARj+vAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
00437{"flow_id":133,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":156186,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Uc1AAEAGUVvAqAEinTc4ksOFnF5LaK51T0tw1IAYECnWQQAAAQEICj4jHkRNhXFJby9fpLXtPtU="}
00438{"flow_id":161,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":245443,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8NYVAAEAGIynAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECmj0AAAAQEICj4jHp1Noe23pd7yTaWfPN4="}
00425{"flow_id":64,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":260604,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0yHRAADMG56OdNziqwKgBIgG7w3W+IGeqZQKzVYARAB2\/4AAAAQEICk15w7Y+Isxs"}
00426{"flow_id":101,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":467231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sU1AAEAGp97AqAEinTeClsN+nEtADbo+Q3FEmYAREChWvAAAAQEICj4jH3pOt5\/K"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":467231,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5uekAAEARKTXAqAEinTc4lDLdnEoAJXlNnGQC\/A+kfzeJzZXZQQBxWhYkhXip+EvBFG8rlU4="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":995,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00425{"flow_id":112,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":467232,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zLtAAEAGjHDAqAEinTeClsOAAbtI+ppVuVVQX4ARECyFHwAAAQEICj4jH3pOt6FD"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":467232,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyVhkAAEAR2gHAqAEinTfrnjLdnF8AHti+nGYCSGBvJFR\/HGq\/K9Cny1\/vxLQHiA=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":135,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":631037,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Fu9AAEAGp\/bAqAEib91KL8OHnF60mgVan9mDBYAYECqMTwAAAQEICj4jIB1NhV8Xx9YMHiFnIWo="}
00466{"flow_id":122,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969680,"pkt_ts_usec":766244,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSh+RAAEAG0RnAqAEinTeCpsODAbsS3ITHvVXOp4AYECxNDgAAAQEICj4jIKROrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
00477{"flow_id":142,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":41663,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABWkJdAAEAGyG\/AqAEinTeCmcOJAbvJCUV1l+7ieIAYECyxoAAAAQEICj4jIbdOtN5CdYilVbtaCwK\/tgRArD4Y28szEXDIjTbyD0VdE11jWOuPGA=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431969681060,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431969681060,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":60077,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2fpAAEAGfq\/AqAEiQTffDMOSAbvQogCqAAAAALAC\/\/9eaAAAAgQFtAEDAwUBAQgKPiMhyQAAAAAEAgAA"}
00439{"flow_id":161,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":96746,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8aJVAAEAG8BjAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECmggAAAAQEICj4jIe1Noe23pd7yTaWfPN4="}
00437{"flow_id":167,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":195252,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYa5BN98MwKgBIgG7w5Js9UEp0KIAq6ASOJBL6AAAAgQFrAQCCApNoe8nPiMhyQEDAwk="}
@@ -1027,17 +1027,17 @@
00461{"flow_id":149,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":230528,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPW28AAEARm7vAqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
00425{"flow_id":167,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":324095,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rmJAADcGs1NBN98MwKgBIgG7w5Js9UEq0KIA84AQAB2yMQAAAQEICk2h70k+IyJP"}
00495{"flow_id":167,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":324203,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"0NQSxnP1PBXCt3IOCABFAABn3QRAAEAGe37AqAEiQTffDMOSAbvQogDzbPVBKoAYECwQoQAAAQEICj4jIs9Noe9JdRKYsr25V5AAdpQR0WFwQXZONwsp2+ImLRVUPhbhlzT9d0d7m6HpVNUn8Hw+fr6YtSFt"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":480233,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/b9AAEAGpVbAqAEinTc4oMOTnFuhu64eAAAAALAC\/\/+OBAAAAgQFtAEDAwUBAQgKPiMjagAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":169,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":480376,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4YcMAAEARzb3AqAEi1cezojLdnF0AJAuMnGgC2mPP3NT+NgZcfouOKEVgI\/tI0sJfUuMhDA=="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1011,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":170,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":480376,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1+dEAAEARBS\/AqAEib91KEDLdnGAAIfCsnGoCw1fhnSu+3d\/Tw+s36JFjatVqYPGvPQ=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1012,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":171,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":480429,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyaGwAAEARx63AqAEinTfrnzLdnFUAHmVKnGwCxXHmKlMo0hJpMwmU59yIG9tJmA=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00464{"flow_id":141,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":580971,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPIXdAAEAGgZ7AqAEinTc4ksOIAbsXgt5RB+ihfoAYECzbvQAAAQEICj4jI85NhXLb+CbW3lZbBv40\/beInvTLb7s0B7Su\/nEv8OsV"}
00437{"flow_id":168,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":627128,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGsBqdNzigwKgBIpxbw5OkoMOPobuuH6ASOJAefQAAAgQFrAQCCApNfpJAPiMjagEDAwk="}
00426{"flow_id":168,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969681,"pkt_ts_usec":627257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mLVAAEAGCm3AqAEinTc4oMOTnFuhu64fpKDDkIAQECx1FQAAAQEICj4jI\/xNfpJA"}
@@ -1053,16 +1053,16 @@
00437{"flow_id":168,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":348276,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8itpAAEAGGEDAqAEinTc4oMOTnFuhu65apKDDzIAYECobJwAAAQEICj4jJslNfpJmzRAJJHd6CMc="}
00426{"flow_id":113,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":488799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04ypAAEAGdfHAqAEinTeCpsOBnFXYqqIqVqVnNYARECnOGQAAAQEICj4jJ1VOrGol"}
00426{"flow_id":122,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":488799,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA07TtAAEAGa+DAqAEinTeCpsODAbsS3ITlvVXOp4ARECx8LQAAAQEICj4jJ1VOrGuY"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":172,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":488870,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4pYYAAEARPZvAqAEinTc4kjLdgQkAJLU7nG4Cyw+0E3ewR9IGP0eBLCPkEu6cvusCSULx8g=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":173,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":488871,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2L4AAEARJivAqAEib91KHDLdnE4ALJRcnHACG8tsqKlSc3O3hWaMTNmN0BY4DMi8SBQzDHozUa6r8phn"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":144,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":496465,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hMBAAEAGOi7AqAEib91KJsOLnE+UB74KG80ZxoAYECny6AAAAQEICj4jJ1xNf6OUySqTc3CS7Ig="}
00440{"flow_id":161,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":602614,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ydJAAEAGjtvAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECmapwAAAQEICj4jJ8ZNoe23pd7yTaWfPN4="}
00495{"flow_id":167,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969682,"pkt_ts_usec":754990,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"0NQSxnP1PBXCt3IOCABFAABnIoNAAEAGNgDAqAEiQTffDMOSAbvQogDzbPVBKoAYECwLFAAAAQEICj4jKFxNoe9JdRKYsr25V5AAdpQR0WFwQXZONwsp2+ImLRVUPhbhlzT9d0d7m6HpVNUn8Hw+fr6YtSFt"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431969683081,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431969683081,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":174,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1039,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":81595,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOCFAAEAGavXAqAEinTc4oMOVAbs\/vddwAAAAALAC\/\/9bFwAAAgQFtAEDAwUBAQgKPiMpogAAAAAEAgAA"}
00458{"flow_id":157,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1040,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":152230,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLwG0AAEARNsHAqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00458{"flow_id":158,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":152315,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL8lsAAEARBNPAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
@@ -1072,23 +1072,23 @@
00438{"flow_id":168,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":288050,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8qdRAAEAG+UXAqAEinTc4oMOTnFuhu65apKDDzIAYECoXgQAAAQEICj4jKm9NfpJmzRAJJHd6CMc="}
00426{"flow_id":174,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":375368,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0JsVAADMGiV2dNzigwKgBIgG7w5UO87UxP73XuYAQAB30RwAAAQEICk1+k\/U+Iyoz"}
00486{"flow_id":174,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":375477,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"0NQSxnP1PBXCt3IOCABFAABeYkJAAEAGQLbAqAEinTc4oMOVAbs\/vde5DvO1MYAYECzDbwAAAQEICj4jKsZNfpP1C\/K+P2bJpeJPHa2PUHDULtdZf\/0zeGwCQKqXzvyh2rxHpWJ9WEovTk91"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":175,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":445395,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLY\/4AAEARkzDAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1048,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":176,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":445606,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLbZEAAEARiZ3AqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1049,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431969683445,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst13.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":177,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":498513,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjFBAAEAGzLvAqAEinTeCqsOWnFJsNFWpAAAAALAC\/\/\/KJgAAAgQFtAEDAwUBAQgKPiMrQAAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":178,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":498651,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAygKMAAEARGILAqAEinTeClDLdnFMAHuO+nHICw5e0uFvnoh7r2z7q0Ash9G6vuA=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1051,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":179,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":498651,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA37XsAAEAR+hLAqAEinTg0JTLdnGAAI2eBnHQCCWFRyRLVPOTLcRjYZLb3DOT1DUSOmuDR"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1052,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":180,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":498704,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1nZ0AAEARXdnAqAEib91NmjLdnFEAIcopnHYCxd71ZoU+BTO6L2LN9kiyomjWgPGl4A=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00437{"flow_id":177,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":623605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYhCdN4KqwKgBIpxSw5bt8UdnbDRVqqASOJAWbAAAAgQFrAQCCApOqggfPiMrQAEDAwk="}
00425{"flow_id":177,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":623712,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bWZAAEAG67HAqAEinTeCqsOWnFJsNFWq7fFHaIAQECxtGQAAAQEICj4jK71Oqggf"}
00505{"flow_id":177,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969683,"pkt_ts_usec":624257,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrizRAAEAGzazAqAEinTeCqsOWnFJsNFWq7fFHaIAYECx1igAAAQEICj4jK71Oqggf1scwOyi+GNro1zNlkpz1kJCutCUd78rawR2K0Dss\/kuexdEgM5cPtj8qxMgNmwBXm5DB\/tecXQ=="}
@@ -1104,19 +1104,19 @@
00461{"flow_id":150,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":272306,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPCJcAAEAR7pPAqAEiwKgBAfaEADUAO+FnvnsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAHAAB"}
00462{"flow_id":149,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":272401,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPHy0AAEAR1\/3AqAEiwKgBAdd3ADUAO4zaTRYBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
00495{"flow_id":167,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1068,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":324140,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"0NQSxnP1PBXCt3IOCABFAABnNhdAAEAGImzAqAEiQTffDMOSAbvQogDzbPVBKoAYECwE+wAAAQEICj4jLnVNoe9JdRKYsr25V5AAdpQR0WFwQXZONwsp2+ImLRVUPhbhlzT9d0d7m6HpVNUn8Hw+fr6YtSFt"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":467205,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA16v8AAEARrgrAqAEinTeCrDLdnFMAIRT0nHgCu2bzH4JB7obGwPAa3nMCpmcjtPyNNg=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":467279,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hr8AAEAReCLAqAEib91KKDLdnFIAKIqNnHoCPuiFRI7wAmsXvw\/hsEg3lYrpYaj71nbGjF\/D9YI="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00458{"flow_id":175,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1072,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":539079,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLqeAAAEARTU7AqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
00457{"flow_id":176,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1073,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":539162,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQlQAAEARtNrAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
00487{"flow_id":174,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":876496,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"0NQSxnP1PBXCt3IOCABFAABe\/1RAAEAGo6PAqAEinTc4oMOVAbs\/vde5DvO1MYAYECy9mgAAAQEICj4jMJtNfpP1C\/K+P2bJpeJPHa2PUHDULtdZf\/0zeGwCQKqXzvyh2rxHpWJ9WEovTk91"}
00439{"flow_id":134,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":905750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/2ZAAEAGWbrAqAEinTeCmcOGnEV7WksM7xM3SYAYECgNqgAAAQEICj4jMLhOtNyvZO1SW4ugTYc="}
00439{"flow_id":168,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969684,"pkt_ts_usec":965856,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8uBBAAEAG6wnAqAEinTc4oMOTnFuhu65apKDDzIAYECoQ\/AAAAQEICj4jMPRNfpJmzRAJJHd6CMc="}
00439{"flow_id":177,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":102030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ex1AAEAG3fLAqAEinTeCqsOWnFJsNFXh7fFHoYAYECoDogAAAQEICj4jMXtOqgg\/dBFKHGWgP00="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431969685111,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431969685111,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":111093,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAAC9AAEAGWN3AqAEinTeCqsOYAbvnclCjAAAAALAC\/\/\/oPwAAAgQFtAEDAwUBAQgKPiMxhAAAAAAEAgAA"}
00497{"flow_id":71,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":117166,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"0NQSxnP1PBXCt3IOCABFAABmnN5AAEAGUnLAqAEi1cezr8N3AbvoukrF6jj3F4AZECz\/DAAAAQEICj4jMYpO2zrq3Ik+3JoryHORYpUOodhZtdvbaLVaOrSVdhFGDoNFz\/ygR9NCUBkcRkZjFi6mIQWuXX4="}
00476{"flow_id":112,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":231966,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABX6YxAAEAGb3zAqAEinTeClsOAAbtI+poyuVVQX4AZECwlEgAAAQEICj4jMftOt6FDtE+JMLnPtxIKxglVlecVLUAud036XUzec3hM4iMJiZPeQZY="}
@@ -1129,15 +1129,15 @@
00425{"flow_id":183,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":358979,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0ZyZAADcG+vGdN4KqwKgBIgG7w5jP+27253JQ7IAQAB2PswAAAQEICk6qCdE+IzH9"}
00497{"flow_id":183,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":359052,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"0NQSxnP1PBXCt3IOCABFAABlfFBAAEAG3JbAqAEinTeCqsOYAbvnclDsz\/tu9oAYECx20AAAAQEICj4jMnhOqgnRdB6rqSY5gTFTXdFTg9Bm\/CX0YSch8t1o2530L+EgrBJRuOnQwGMPQHcj8K4bAGf3WA=="}
00440{"flow_id":161,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":413140,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ebhAAEAG3vXAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECmPvwAAAQEICj4jMq5Noe23pd7yTaWfPN4="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":483955,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9kPYAAEARbgbAqAEib91KDDLdnF8AKfx\/nHwCoMStpaQYl8DnkwYEqqAF9FXdbHxKRUYHrOVyJRT4"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1093,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":483956,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAc7wAAEARJVPAqAEinTeCnDLdnGIALEvBnH4CZ\/Wwkka3Pn+XJ2UB3JhFKbNG53SJ0IkPRrwOiZA6M572"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1094,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":484020,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA72\/8AAEARIuzAqAEib91KHzLdnFUAJxsjnIACakgRW6zNH9umAy\/xnD4EBConFfeCu32RWyeo5A=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1095,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00458{"flow_id":175,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":579350,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLzugAAEARKEbAqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
00457{"flow_id":176,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":579539,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLSKwAAEARroLAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
00439{"flow_id":101,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969685,"pkt_ts_usec":656480,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA82+1AADcGhjadN4KWwKgBIpxLw35DcUSZQA26NoAYAB0qhwAAAQEICk63szg+IuZBa1Fa9Z6K\/TI="}
@@ -1148,41 +1148,41 @@
00458{"flow_id":158,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":240037,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL3PYAAEARGjjAqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
00438{"flow_id":133,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":341823,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8iRBAAEAGGhjAqAEinTc4ksOFnF5LaK51T0tw1IAYECm+OAAAAQEICj4jNk1NhXFJby9fpLXtPtU="}
00477{"flow_id":142,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":488863,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABWXbBAAEAG+1bAqAEinTeCmcOJAbvJCUV1l+7ieIAYECycdwAAAQEICj4jNuBOtN5CdYilVbtaCwK\/tgRArD4Y28szEXDIjTbyD0VdE11jWOuPGA=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":494151,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7KdYAAEAR1RfAqAEib91KHTLdnFgAJyRCnIIC1fLHUFbyfUuPJFSEHOCi7XP7hf4fCpbSA7AYcw=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1114,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":494152,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wC0AAEAR2OzAqAEinTeCkzLdnFMAKhU5nIQCbtjtgTR5b1SpAOgeT3hZ1sNas6z5WpsHwiEzG2Fdeg=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00486{"flow_id":174,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":540994,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"pkt":"0NQSxnP1PBXCt3IOCABFAABee+9AAEAGJwnAqAEinTc4oMOVAbs\/vde5DvO1MYAYECy3IQAAAQEICj4jNxRNfpP1C\/K+P2bJpeJPHa2PUHDULtdZf\/0zeGwCQKqXzvyh2rxHpWJ9WEovTk91"}
00439{"flow_id":177,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1117,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":561149,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8KGZAAEAGMKrAqAEinTeCqsOWnFJsNFXh7fFHoYAYECr99AAAAQEICj4jNyhOqgg\/dBFKHGWgP00="}
00497{"flow_id":183,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1118,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":675317,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"0NQSxnP1PBXCt3IOCABFAABlvF1AAEAGnInAqAEinTeCqsOYAbvnclDsz\/tu9oAYECxxrgAAAQEICj4jN5pOqgnRdB6rqSY5gTFTXdFTg9Bm\/CX0YSch8t1o2530L+EgrBJRuOnQwGMPQHcj8K4bAGf3WA=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":726462,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIS0J4AAEAR5nLAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1119,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":726709,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISl+cAAEARXILAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1120,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00688{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1121,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":815579,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"0NQSxnP1PBXCt3IOCABFAADzoepAAEAGdU\/AqAEiF99JIsNrAbvkkjeTMYDD\/oAZECxKjgAAAQEICj4jOCX301nQFgMBALoBAAC2AwNVWh9qIUBTYdqPuvpJ\/EUxWvWdVTCc6qQWuOlUPkFPXAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQwAAABkAFwAAFGFwcHMuc2t5cGVhc3NldHMuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00438{"flow_id":135,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1122,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":824743,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA83MZAAEAG4h7AqAEib91KL8OHnF60mgVan9mDBYAYECp0PgAAAQEICj4jOC5NhV8Xx9YMHiFnIWo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01083{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":992272,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISTt8AAEARZ\/jAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1123,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969686,"pkt_ts_usec":993049,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISzasAAEARJoTAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1124,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00496{"flow_id":167,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1125,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":256921,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"0NQSxnP1PBXCt3IOCABFAABnR7hAAEAGEMvAqAEiQTffDMOSAbvQogDzbPVBKoAYECz5kgAAAQEICj4jOd1Noe9JdRKYsr25V5AAdpQR0WFwQXZONwsp2+ImLRVUPhbhlzT9d0d7m6HpVNUn8Hw+fr6YtSFt"}
00536{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1126,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":310549,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDyHVAADMG51OdNziqwKgBIgG7w3W+IGdbZQKzVYAYAB0hggAAAQEICk15ypg+IsxsFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00409{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":310663,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoAo1AAEAGoJfAqAEinTc4qsN1AbtlArNVAAAAAFAEAAA6rAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":193,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":504457,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBxOwAAEARHhbAqAEinTc4qDLdnEYALROCnIYCHY\/YUYokwK99l51ViNrnwr9nS0r47IMjMyFmHPRTFPvIVw=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":194,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":504457,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rI8AAEAR6\/\/AqAEiQTffHTLdnEoAK4\/BnIgC0n2YTtpud4yFT0SZ+E2i0ODhSKmWbVLKl+n0TQ0fOTc="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":195,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":504529,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3NGcAAEAR+6bAqAEinTfrpjLdnE8AI+OWnIoCh50u5xbhS9toIKRfor72\/ZRTG\/Y\/lAII"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1130,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00464{"flow_id":141,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969687,"pkt_ts_usec":571173,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"0NQSxnP1PBXCt3IOCABFAABPimVAAEAGGLDAqAEinTc4ksOIAbsXgt5RB+ihfoAYECzEdQAAAQEICj4jOxZNhXLb+CbW3lZbBv40\/beInvTLb7s0B7Su\/nEv8OsV"}
00436{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":11370,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8fZJAAEAGKfvAqAEinTg0LMNwnGCx3l+sHyRlkIAZECn37AAAAQEICj4jPM1MZC+5IVzDseW9I30="}
00425{"flow_id":113,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":12680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0DP5AADcGVR6dN4KmwKgBIpxVw4FWpWc92KqiIoARAB0DjwAAAQEICk6sfdE+Iu5A"}
@@ -1194,12 +1194,12 @@
00426{"flow_id":142,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":514814,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0zt9AAEAGiknAqAEinTeCmcOJAbvJCUWXl+7ieIARECyMywAAAQEICj4jPsJOtN5C"}
00426{"flow_id":135,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":514890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0bgBAAEAGUO3AqAEib91KL8OHnF60mgVin9mDBYARECqEdwAAAQEICj4jPsJNhV8X"}
00426{"flow_id":143,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":514891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0hDhAAEAGOrXAqAEib91KL8OKAbuRyk1ojMr2RYARECyYHAAAAQEICj4jPsJNhWCp"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":196,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":514943,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzhcAAEARLU\/AqAEib91NnzLdnEkALGRznIwCwyeMbMrdlUQ5AFonNJwRLd3E7Awg+gZSbquojb\/nyMcP"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1156,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":197,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":514944,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4ZaYAAEARmVXAqAEib91KEjLdgQkAJLX6nI4C1Tkw7dXubJLsc4XN4Hhz+Cr0PORpW0nsUg=="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1157,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":144,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":581627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8MPRAAEAGjfrAqAEib91KJsOLnE+UB74KG80ZxoAYECnbQAAAAQEICj4jPwRNf6OUySqTc3CS7Ig="}
00467{"flow_id":122,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":590817,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"0NQSxnP1PBXCt3IOCABFAABSsw9AAEAGpe7AqAEinTeCpsODAbsS3ITHvVXOp4AZECwupAAAAQEICj4jPw1OrGuYTUkltcFyUDx1UKDVsGVbE\/Ct+3YM+MpJT8qq59Fj"}
00463{"flow_id":143,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":614975,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"0NQSxnP1PBXCt3IOCABFAABN\/MpAAEAGwgnAqAEib91KL8OKAbuRyk1PjMr2RYAZECxaKwAAAQEICj4jPyVNhWCpro9SILG2kEIipiuKXJkgpDduj12IclUwiw=="}
@@ -1209,21 +1209,21 @@
00410{"flow_id":122,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969688,"pkt_ts_usec":720130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAobwNAAEAG6iTAqAEinTeCpsODAbsS3ITmAAAAAFAEAABxNwAA"}
00440{"flow_id":177,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":275151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/ctAAEAGW0TAqAEinTeCqsOWnFJsNFXh7fFHoYAYECrzZAAAAQEICj4jQbhOqgg\/dBFKHGWgP00="}
00438{"flow_id":113,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":428675,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8DP9AADcGVRWdN4KmwKgBIpxVw4FWpWc12KqiIoAYAB1atwAAAQEICk6sf0A+Iu5AKJ1ayO+rNFA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":198,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470381,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzR5AAEAGi+rAqAEinTeCrcOanEPZ9P\/0AAAAALAC\/\/+a6AAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":199,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470548,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGpxAAEAG1PvAqAEi1cezjsObnEM6Aj3FAAAAALAC\/\/+TmAAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":200,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470785,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7khAAEAGAdHAqAEinTfrnMOcnE7UANcqAAAAALAC\/\/9gqgAAAgQFtAEDAwUBAQgKPiNCegAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":201,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470958,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zvgAAEARklXAqAEiQAQXlzLdnF0AJqz9nJAC1zV5OvO9upQBsUXmJpF2nBcsF0HuRy8JJIUg"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1172,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":202,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470958,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5rSQAAEARguHAqAEinTfrrDLdnGAAJdphnJIChjRH4yCKz81IO5fkX1qSeV8SZKk7yqqsiNY="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1173,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":203,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":470981,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyo54AAEARi\/LAqAEi1cezmDLdnFcAHjAjnJQCZ2daOJDdnSgXIMa0IqUKO\/m6pw=="}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1174,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":199,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":525184,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIpxDw5sesq08OgI9xqASOJCQMAAAAgQFrAQCCApQDL\/UPiNCegEDAwk="}
00426{"flow_id":199,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":525261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0n95AAEAGT8XAqAEi1cezjsObnEM6Aj3GHrKtPYAQECznJAAAAQEICj4jQrBQDL\/U"}
00554{"flow_id":199,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1177,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":525806,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"pkt":"0NQSxnP1PBXCt3IOCABFAACQdIRAAEAGesPAqAEi1cezjsObnEM6Aj3GHrKtPYAYECzznQAAAQEICj4jQrBQDL\/Ub+iEpNZYNceRyGBgSB3fK8wL2sGV8+6y9bK312hvam5FzQRsq5UiP\/Cn1owftehiayARDqcsrfqj+AmmX4QlEtvQAT4X3J0qE6j51s80FUJLgPFuh4yNWoNY6QY="}
@@ -1248,47 +1248,47 @@
00437{"flow_id":198,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":729325,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8GnRAAEAGPpnAqAEinTeCrcOanEPZ9QBBKvQZMIAYECpfLQAAAQEICj4jQ3ZOp72xFzP0mFIZu5U="}
00438{"flow_id":199,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":925551,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8oiBAAEAGTXvAqAEi1cezjsObnEM6Aj4iHrKtfIAYECottwAAAQEICj4jRDpQDL\/hxH9LQ46+GKw="}
00437{"flow_id":200,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969689,"pkt_ts_usec":998707,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8uUVAAEAGNtjAqAEinTfrnMOcnE7UANd2M6a2f4AYECk6DgAAAQEICj4jRINMWRmSrtaWXBVsqR0="}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.37","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431969686992,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431969686993,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431969686726,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431969688514,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431969682488,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431969685484,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.31","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.29","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.168","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.148","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431969687504,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431969684467,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.172","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431969686494,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.147","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431969683498,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.159","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431969680467,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431969685483,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431969689470,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.152","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431969681480,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.162","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":198,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":245271,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/lpAAEAGWrLAqAEinTeCrcOanEPZ9QBBKvQZMIAYECpdKgAAAQEICj4jRXlOp72xFzP0mFIZu5U="}
00439{"flow_id":199,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":401436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Tc9AAEAGoczAqAEi1cezjsObnEM6Aj4iHrKtfIAYECor3AAAAQEICj4jRhVQDL\/hxH9LQ46+GKw="}
00426{"flow_id":144,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":435825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0p15AAEAGF5jAqAEib91KJsOLnE+UB74SG80ZxoARECmNzgAAAQEICj4jRjdNf6OU"}
00426{"flow_id":153,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":435825,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OFhAAEAGhp7AqAEib91KJsOPAbu0bGJoDtZB8IARECxGygAAAQEICj4jRjdNf6U4"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":204,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":481458,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVDVAAEAGBNHAqAEinTeCsMOdnFaE5icqAAAAALAC\/\/\/EvgAAAgQFtAEDAwUBAQgKPiNGZAAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":481619,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoHIAAEARwNrAqAEiQAQXkTLdnFgALcyQnJYCZ5BZSWZ\/iXC28\/gJa4xy6SADRNB7IBe6OkY8K1Ib90nh6Q=="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1205,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":481620,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2TSkAAEARlefAqAEinTc4pTLdnFQAIg\/nnJgCnGl25qOBTIS5Gpv0M8FAGs9\/YbWac7o="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1206,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":200,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1207,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":558595,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ELJAAEAG32vAqAEinTfrnMOcnE7UANd2M6a2f4AYECk34AAAAQEICj4jRrFMWRmSrtaWXBVsqR0="}
00437{"flow_id":204,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":604504,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWw53yBAwphOYnK6ASOJA8uAAAAgQFrAQCCApOpRObPiNGZAEDAwk="}
00425{"flow_id":204,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":604609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+KpAAEAGYGfAqAEinTeCsMOdnFaE5icr8gQMKoAQECyTZwAAAQEICj4jRt9OpROb"}
@@ -1299,11 +1299,11 @@
00437{"flow_id":204,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":734453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Jq1AAEAGMl3AqAEinTeCsMOdnFaE5idx8gQMboAYECn0JQAAAQEICj4jR19OpRO7eWBA9+mp+gg="}
00498{"flow_id":183,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":746972,"pkt_caplen":115,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":115,"pkt_l4_len":81,"pkt":"0NQSxnP1PBXCt3IOCABFAABl1MpAAEAGhBzAqAEinTeCqsOYAbvnclDsz\/tu9oAYECxh3QAAAQEICj4jR2tOqgnRdB6rqSY5gTFTXdFTg9Bm\/CX0YSch8t1o2530L+EgrBJRuOnQwGMPQHcj8K4bAGf3WA=="}
00440{"flow_id":161,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969690,"pkt_ts_usec":823165,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8vJxAAEAGnBHAqAEiQTffDMORnF\/vfD9kP0r\/xIAYECl6tgAAAQEICj4jR7dNoe23pd7yTaWfPN4="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":76049,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjRAAEAGNtXAqAEinTeCrcOeAbsMd47qAAAAALAC\/\/9tvAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":76248,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl7lAAEAGV97AqAEi1cezjsOfAbt1SdybAAAAALAC\/\/9NxgAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431969691076,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":76385,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWD1AAEAGl9zAqAEinTfrnMOgAbv31LXOAAAAALAC\/\/\/yiAAAAgQFtAEDAwUBAQgKPiNIswAAAAAEAgAA"}
00437{"flow_id":198,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":78471,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8uTlAAEAGn9PAqAEinTeCrcOanEPZ9QBBKvQZMIAYECpZ7gAAAQEICj4jSLVOp72xFzP0mFIZu5U="}
00438{"flow_id":208,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":145460,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcG+JvVx7OOwKgBIgG7w58e2AO\/dUncnKASOJDyJAAAAgQFrAQCCApQDMFlPiNIswEDAwk="}
@@ -1324,22 +1324,22 @@
00425{"flow_id":207,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":334332,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0N95AADcGKjedN4KtwKgBIgG7w56D64idDHePM4AQAB2SJAAAAQEICk6nv0Q+I0kw"}
00470{"flow_id":207,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":334402,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"0NQSxnP1PBXCt3IOCABFAABUFOBAAEAGRBXAqAEinTeCrcOeAbsMd48zg+uInYAYECyQlQAAAQEICj4jSbBOp79EOIZhDgpM596b5urYTkyt6EokOB\/jfhHHccIbekKWmsc="}
00438{"flow_id":200,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":484611,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8b19AAEAGgL7AqAEinTfrnMOcnE7UANd2M6a2f4AYECk0SwAAAQEICj4jSkZMWRmSrtaWXBVsqR0="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":496472,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03rMAAEARUOLAqAEi1cezkTLdnFsAIONWnJoCpMZAnYkDnzYrDpEHe3Wyl3Fm6DsP"}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1240,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":211,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":496473,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA38a4AAEARPmXAqAEinTfroDLdnFsAI2YonJwCbYbrE4NbR6JS44ONijeTgTVa37UWYcSt"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":212,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":496537,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/mMEAAEARl0\/AqAEinTfrmzLdnEMAK8StnJ4Ceg13qBmaNbQ5r3u++QJg+\/7hY4I5I2kK1W2d7qoWGw0="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1242,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00461{"flow_id":208,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":587823,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"0NQSxnP1PBXCt3IOCABFAABOYSNAAEAGjmbAqAEi1cezjsOfAbt1SdzkHtgDwIAYECwLBgAAAQEICj4jSq1QDMF3EmQmnx6sH6BO82garWUNa027XrMWTbG33jE="}
00505{"flow_id":209,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":597995,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABr1T9AAEAGGq\/AqAEinTfrnMOgAbv31LYXE02AWoAYECxzMwAAAQEICj4jSrdMWRsjTOTU6C9pwmn1THUzY5b6U80doM\/+81I3Di34csN6MEKT2gWCOGQ+NQDycBffWk+LeTwGvX3Zbg=="}
00457{"flow_id":176,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":647552,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLdPMAAEARgjvAqAEiwKgBAeQAADUAN6zvm+wBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAAcAAE="}
00458{"flow_id":175,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":647680,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLeBAAAEARfx7AqAEiwKgBAdRHADUAN3UY\/nwBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDEzAXIFc2t5cGUDbmV0AAABAAE="}
00470{"flow_id":207,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969691,"pkt_ts_usec":851311,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"0NQSxnP1PBXCt3IOCABFAABUpjRAAEAGssDAqAEinTeCrcOeAbsMd48zg+uInYAYECyOkQAAAQEICj4jS7ROp79EOIZhDgpM596b5urYTkyt6EokOB\/jfhHHccIbekKWmsc="}
00437{"flow_id":204,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":64678,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8GGxAAEAGQJ7AqAEinTeCsMOdnFaE5idx8gQMboAYECnu+wAAAQEICj4jTIlOpRO7eWBA9+mp+gg="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1431969692087,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1431969692087,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":213,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":87049,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFBAAEAGALbAqAEinTeCsMOhAbuvVQecAAAAALAC\/\/9OOgAAAgQFtAEDAwUBAQgKPiNMnwAAAAAEAgAA"}
00461{"flow_id":208,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":135050,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"0NQSxnP1PBXCt3IOCABFAABO+BNAAEAG93XAqAEi1cezjsOfAbt1SdzkHtgDwIAYECwI5AAAAQEICj4jTM9QDMF3EmQmnx6sH6BO82garWUNa027XrMWTbG33jE="}
00504{"flow_id":209,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":150204,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrU7xAAEAGnDLAqAEinTfrnMOgAbv31LYXE02AWoAYECxxDAAAAQEICj4jTN5MWRsjTOTU6C9pwmn1THUzY5b6U80doM\/+81I3Di34csN6MEKT2gWCOGQ+NQDycBffWk+LeTwGvX3Zbg=="}
@@ -1350,9 +1350,9 @@
00508{"flow_id":213,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":334751,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"0NQSxnP1PBXCt3IOCABFAABuyYFAAEAGj1bAqAEinTeCsMOhAbuvVQflSOC7goAYECwpBQAAAQEICj4jTZZOpRVM44Sb+UDZvBPvyND8nEiSDIgGrYJQDfLAHfdrnXRK8kGdb7zASRkE5IOUEx\/7yIb01lebNVn49aeUJw=="}
00439{"flow_id":199,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":458370,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8F3hAAEAG2CPAqAEi1cezjsObnEM6Aj4iHrKtfIAYECoj4AAAAQEICj4jThFQDL\/hxH9LQ46+GKw="}
00438{"flow_id":134,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":474566,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA87cNAAEAGa13AqAEinTeCmcOGnEV7WksM7xM3SYAZECjwPwAAAQEICj4jTiFOtNyvZO1SW4ugTYc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":214,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":507482,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlm8AAEARZQTAqAEib91NkjLdgQkALPOBnKACf9Ciuj22pCihR6NIjTKXTxwVlkuMzvocVlIJl4RJ8z3V"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1261,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00439{"flow_id":198,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":543720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/u5AAEAGWh7AqAEinTeCrcOanEPZ9QBBKvQZMIAYECpUPQAAAQEICj4jTmZOp72xFzP0mFIZu5U="}
00470{"flow_id":207,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":684875,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"0NQSxnP1PBXCt3IOCABFAABUG0JAAEAGPbPAqAEinTeCrcOeAbsMd48zg+uInYAYECyLUwAAAQEICj4jTvJOp79EOIZhDgpM596b5urYTkyt6EokOB\/jfhHHccIbekKWmsc="}
00508{"flow_id":213,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969692,"pkt_ts_usec":847150,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"0NQSxnP1PBXCt3IOCABFAABuNqxAAEAGIizAqAEinTeCsMOhAbuvVQflSOC7goAYECwnCAAAAQEICj4jT5NOpRVM44Sb+UDZvBPvyND8nEiSDIgGrYJQDfLAHfdrnXRK8kGdb7zASRkE5IOUEx\/7yIb01lebNVn49aeUJw=="}
@@ -1384,7 +1384,7 @@
00438{"flow_id":198,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":270116,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8cjdAAEAG5tXAqAEinTeCrcOanEPZ9QBBKvQZMIAYECpJpAAAAQEICj4jWP9Op72xFzP0mFIZu5U="}
00458{"flow_id":157,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1296,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":288043,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLThEAAEARqR3AqAEiwKgBAeRaADUAN2o90\/0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00459{"flow_id":158,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1297,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":288129,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLOT8AAEARve\/AqAEiwKgBAcDQADUANww\/OoYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1431969695483,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1431969695483,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":215,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":483561,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAoJZAAEAGGuzAqAEib91NjsOmnFcVc978AAAAALAC\/\/\/LYQAAAgQFtAEDAwUBAQgKPiNZ1AAAAAAEAgAA"}
00443{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":591631,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABD5OwAAEAREkrAqAEiwKgBAc5yADUAL8ad+vYBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
00443{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969695,"pkt_ts_usec":591712,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDIwMAAEAR1DPAqAEiwKgBAdmfADUAL7TEHKMBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
@@ -1408,12 +1408,12 @@
00426{"flow_id":168,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969696,"pkt_ts_usec":498864,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0b3pAAEAGM6jAqAEinTc4oMOTnFuhu65ipKDDzIARECo6pgAAAQEICj4jXcdNfpJm"}
00428{"flow_id":174,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969696,"pkt_ts_usec":498864,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA09\/ZAAEAGqyvAqAEinTc4oMOVAbs\/vdfjDvO1MYARECyweQAAAQEICj4jXcdNfpP1"}
00473{"flow_id":207,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969696,"pkt_ts_usec":883824,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"0NQSxnP1PBXCt3IOCABFAABUy\/hAAEAGjPzAqAEinTeCrcOeAbsMd48zg+uInYAYECx6\/gAAAQEICj4jX0dOp79EOIZhDgpM596b5urYTkyt6EokOB\/jfhHHccIbekKWmsc="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431969697097,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431969697097,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":216,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":97104,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaXZAAEAGUgzAqAEib91NjsOnAbtL1T0XAAAAALAC\/\/\/LOAAAAgQFtAEDAwUBAQgKPiNgHAAAAAAEAgAA"}
00437{"flow_id":216,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":478541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGxIZv3U2OwKgBIgG7w6e9PNNuS9U9GKASOJBj3AAAAgQFrAQCCApNjGGMPiNgHAEDAwk="}
00425{"flow_id":216,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":478617,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Y41AAEAGWAHAqAEib91NjsOnAbtL1T0YvTzTb4AQECy5igAAAQEICj4jYZhNjGGM"}
00525{"flow_id":216,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1326,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":478741,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8lqJAAEAGJKTAqAEib91NjsOnAbtL1T0YvTzTb4AYECzcrwAAAQEICj4jYZhNjGGMgEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIA\/5AVyuzDhnvc8fYrzCNk2"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431969697530,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431969697530,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":530346,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWjtAAEAGlejAqAEinTfrksOogQnO4dHgAAAAALAC\/\/9nBQAAAgQFtAEDAwUBAQgKPiNhywAAAAAEAgAA"}
00437{"flow_id":217,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":602315,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIoEJw6jH8XvBzuHR4aASOJCSaAAAAgQFrAQCCApMXRz0PiNhywEDAwk="}
00426{"flow_id":217,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1329,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969697,"pkt_ts_usec":602436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UqNAAEAGnYzAqAEinTfrksOogQnO4dHhx\/F7woAQECzpSwAAAQEICj4jYhJMXRz0"}
@@ -1431,24 +1431,24 @@
00437{"flow_id":217,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":68812,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8HKtAAEAG03zAqAEinTfrksOogQnO4dIux\/F784AYECr6GQAAAQEICj4jY+NMXR0I+8v6kCGg1MM="}
00439{"flow_id":199,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":149010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8xhlAAEAGKYLAqAEi1cezjsObnEM6Aj4iHrKtfIAYECoNvgAAAQEICj4jZDNQDL\/hxH9LQ46+GKw="}
00440{"flow_id":161,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":322293,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8PAdAAEAGHKfAqAEiQTffDMORnF\/vfD9kP0r\/xIAZECldjAAAAQEICj4jZOBNoe23pd7yTaWfPN4="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":508678,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIoEQAAEARVbXAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1346,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00427{"flow_id":177,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":570838,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0e4pAAEAG3Y3AqAEinTeCqsOWnFJsNFXp7fFHoYARECoyaAAAAQEICj4jZddOqgg\/"}
00427{"flow_id":183,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":570839,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0t6xAAEAGoWvAqAEinTeCqsOYAbvnclEdz\/tu9oARECxLmAAAAQEICj4jZddOqgnR"}
00439{"flow_id":217,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":635691,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8SuxAAEAGpTvAqAEinTfrksOogQnO4dIux\/F784AYECr35QAAAQEICj4jZhdMXR0I+8v6kCGg1MM="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431969698743,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431969698743,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":743022,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"0NQSxnP1PBXCt3IOCABFAABEy5wAAEARK5nAqAEiwKgBAfdZADUAMBpr\/I4BAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431969698743,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1352,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431969698743,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00470{"flow_id":219,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":797139,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA191kAQKAy\/I6BgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAABAABBfOIaY="}
-00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431969698797,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1353,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431969698797,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1354,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":797752,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABASetAAEAG9Y7AqAEiF84hpsOqAbtGC\/RmAAAAALAC\/\/+XCwAAAgQFtAEDAwUBAQgKPiNmuAAAAAAEAgAA"}
00437{"flow_id":220,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1355,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":840738,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7w6oZSGV1Rgv0Z6ASOJDhugAAAgQFrAQCCArsLyLPPiNmuAEDAwU="}
00426{"flow_id":220,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1356,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":840845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ZSJAAEAG2mPAqAEiF84hpsOqAbtGC\/RnGUhldoAQECw4twAAAQEICj4jZuLsLyLP"}
00655{"flow_id":220,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969698,"pkt_ts_usec":841627,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbDrpAAEAGMCXAqAEiF84hpsOqAbtGC\/RnGUhldoAYECxjgQAAAQEICj4jZuLsLyLPFgMBAKIBAACeAwFVWh+iRxw4dKYdeAHJfyjlXjv9yCDOr6NdIx96jKX10wAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
-00752{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1431969699142,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1357,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":4,"flow_first_seen":1431969698797,"flow_last_seen":1431969698841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1431969699142,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1358,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":142169,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQstAAEAGrVjAqAEinTfrksOrAbuMrH5PAAAAALAC\/\/911AAAAgQFtAEDAwUBAQgKPiNoDgAAAAAEAgAA"}
00655{"flow_id":220,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1359,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":168503,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbhlNAAEAGuIvAqAEiF84hpsOqAbtGC\/RnGUhldoAYECxiOwAAAQEICj4jaCjsLyLPFgMBAKIBAACeAwFVWh+iRxw4dKYdeAHJfyjlXjv9yCDOr6NdIx96jKX10wAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00437{"flow_id":221,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":217668,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7w6sASTQ1jKx+UKASOJCu2QAAAgQFrAQCCApMXR6HPiNoDgEDAwk="}
@@ -1458,7 +1458,7 @@
00521{"flow_id":221,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":291304,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4lntAAEAGWXDAqAEinTfrksOrAbuMrH6YAEk0NoAYECzM1wAAAQEICj4jaKJMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
00438{"flow_id":215,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":447656,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8GRVAAEAGonHAqAEib91NjsOmnFcVc99Ix3A4pYAYECml8gAAAQEICj4jaT5NjGBDwr8qfxKhl3o="}
00439{"flow_id":217,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":569811,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8WLxAAEAGl2vAqAEinTfrksOogQnO4dIux\/F784AYECr0RQAAAQEICj4jabdMXR0I+8v6kCGg1MM="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1431969699577,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1431969699577,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":577033,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAuMZAAEAGoFTAqAEinTeCm8OsnFQhlXAyAAAAALAC\/\/+7tgAAAgQFtAEDAwUBAQgKPiNpvQAAAAAEAgAA"}
00655{"flow_id":220,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":624008,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbarFAAEAG1C3AqAEiF84hpsOqAbtGC\/RnGUhldoAYECxgdwAAAQEICj4jaezsLyLPFgMBAKIBAACeAwFVWh+iRxw4dKYdeAHJfyjlXjv9yCDOr6NdIx96jKX10wAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00521{"flow_id":221,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":684363,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4bbNAAEAGgjjAqAEinTfrksOrAbuMrH6YAEk0NoAYECzLUQAAAQEICj4jaihMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
@@ -1470,13 +1470,13 @@
00426{"flow_id":222,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":840128,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0WWJAAEAG\/8TAqAEinTeCm8OsnFQhlXBwFdEIa4AQECnb6QAAAQEICj4jasJOs6Ex"}
00437{"flow_id":222,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969699,"pkt_ts_usec":840675,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IPhAAEAGOCfAqAEinTeCm8OsnFQhlXBwFdEIa4AYEClWagAAAQEICj4jasJOs6ExgUZfklcFTZE="}
00478{"flow_id":216,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":39730,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"0NQSxnP1PBXCt3IOCABFAABbJJ9AAEAGlsjAqAEib91NjsOnAbtL1T1gvTzTb4AYECxIgwAAAQEICj4ja4lNjGHr5RyfsH3VvVnJQl71QZdIt8rlNEktfRguBXjBrITvME1ddq1hxqhh"}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431969692507,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431969698508,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431969690481,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.165","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431969691496,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00521{"flow_id":221,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1379,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":265889,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4RftAAEAGqfDAqAEinTfrksOrAbuMrH6YAEk0NoAYECzJDgAAAQEICj4jbGtMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
00655{"flow_id":220,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1380,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":331788,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbkspAAEAGrBTAqAEiF84hpsOqAbtGC\/RnGUhldoAYECxdtwAAAQEICj4jbKzsLyLPFgMBAKIBAACeAwFVWh+iRxw4dKYdeAHJfyjlXjv9yCDOr6NdIx96jKX10wAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00437{"flow_id":222,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1381,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":365945,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8zmFAAEAGir3AqAEinTeCm8OsnFQhlXBwFdEIa4AYEClUXgAAAQEICj4jbM5Os6ExgUZfklcFTZE="}
@@ -1487,7 +1487,7 @@
00496{"flow_id":167,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":848041,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"0NQSxnP1PBXCt3IOCABFAABnB2ZAAEAGUR3AqAEiQTffDMOSAbvQogDzbPVBKoAZECzEwAAAAQEICj4jbq5Noe9JdRKYsr25V5AAdpQR0WFwQXZONwsp2+ImLRVUPhbhlzT9d0d7m6HpVNUn8Hw+fr6YtSFt"}
00462{"flow_id":167,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":978115,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"PBXCt3IO0NQSxnP1CABFAABNrmlAADcGszNBN98MwKgBIgG7w5Js9UF50KIBJ4AZAB0RSwAAAQEICk2iAno+I26uHXCueEdSOLNzAMaWfFxW2Oe31pOdxv3jjg=="}
00410{"flow_id":167,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969700,"pkt_ts_usec":978211,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo62dAAEAGbVrAqAEiQTffDMOSAbvQogEnAAAAAFAEAAA2uwAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1431969701181,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1431969701181,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969701,"pkt_ts_usec":181587,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1hBAAEAGgwrAqAEinTeCm8OuAbux\/OLXAAAAALAC\/\/9NAwAAAgQFtAEDAwUBAQgKPiNv+wAAAAAEAgAA"}
00438{"flow_id":222,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969701,"pkt_ts_usec":216436,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8KhlAAEAGLwbAqAEinTeCm8OsnFQhlXBwFdEIa4AYEClREAAAAQEICj4jcBxOs6ExgUZfklcFTZE="}
00521{"flow_id":221,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969701,"pkt_ts_usec":228617,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4tqhAAEAGOUPAqAEinTfrksOrAbuMrH6YAEk0NoAYECzFUQAAAQEICj4jcChMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
@@ -1537,11 +1537,11 @@
00426{"flow_id":208,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":512274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0q7pAAEAGQ+nAqAEi1cezjsOfAbt1Sdz+HtgDwIARECwUnwAAAQEICj4jfO5QDMF3"}
00426{"flow_id":200,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":512330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0y1hAAEAGJM3AqAEinTfrnMOcnE7UANd+M6a2f4ARECkFZwAAAQEICj4jfO5MWRmS"}
00426{"flow_id":209,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1459,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":512330,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06l5AAEAGBcfAqAEinTfrnMOgAbv31LZOE02AWoARECzyPAAAAQEICj4jfO5MWRsj"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1431969704663,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1431969704663,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":663999,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjY9AAEAGMVPAqAEib91KLsOwnFtwFABlAAAAALAC\/\/8u+gAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431969704664,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431969704664,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":664195,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvDNAAEAGM9LAqAEinTfrsMOxnFbKZQg9AAAAALAC\/\/\/99wAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431969704664,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431969704664,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":664322,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIjNAAEAGNnTAqAEiQTffD8OynFri9dA8AAAAALAC\/\/+GBAAAAgQFtAEDAwUBAQgKPiN9hAAAAAAEAgAA"}
00437{"flow_id":225,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":743180,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIpxWw7HlrcetymUIPqASOJDOiAAAAgQFrAQCCApF6hSRPiN9hAEDAwk="}
00425{"flow_id":225,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969704,"pkt_ts_usec":743309,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NN1AAEAGuzTAqAEinTfrsMOxnFbKZQg+5a3HroAQECwlZAAAAQEICj4jfdNF6hSR"}
@@ -1569,7 +1569,7 @@
00426{"flow_id":204,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":512349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GzZAAEAGPdzAqAEinTeCsMOdnFaE5id58gQMboAREClYyAAAAQEICj4jgM5OpRO7"}
00426{"flow_id":213,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":512349,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08PtAAEAGaBbAqAEinTeCsMOhAbuvVQgfSOC7goARECzgxgAAAQEICj4jgM5OpRVM"}
00438{"flow_id":222,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1489,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":515723,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA860VAAEAGbdnAqAEinTeCm8OsnFQhlXBwFdEIa4AYEClAWwAAAQEICj4jgNFOs6ExgUZfklcFTZE="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431969705713,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431969705713,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":713833,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAO5ZAAEAG5a3AqAEiQAQXpsOznFablHTpAAAAALAC\/\/\/tRQAAAgQFtAEDAwUBAQgKPiOBlwAAAAAEAgAA"}
00438{"flow_id":225,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":828043,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8aB9AAEAGh+rAqAEinTfrsMOxnFbKZQiU5a3ICYAYECmbtgAAAQEICj4jgglF6hSkCDlkOMMwVQQ="}
00437{"flow_id":227,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969705,"pkt_ts_usec":916215,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIpxWw7Pn2AWqm5R06qASOJA+QQAAAgQFrAQCCApMP02qPiOBlwEDAwk="}
@@ -1580,11 +1580,11 @@
00425{"flow_id":227,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":123617,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iQFAAEAGmE7AqAEiQAQXpsOznFablHVW59gF64AQECqS9gAAAQEICj4jgy9MP03d"}
00437{"flow_id":227,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1499,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":124145,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8NMpAAEAG7H3AqAEiQAQXpsOznFablHVW59gF64AYECo9CgAAAQEICj4jgy9MP03dvRFcC9M5aYU="}
00522{"flow_id":221,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":190429,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4b4VAAEAGgGbAqAEinTfrksOrAbuMrH6YAEk0NoAYECyyCAAAAQEICj4jg3FMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":277294,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABALAFAAEAGkuHAqAEib91KLsO0AbvHHCHtAAAAALAC\/\/9KwwAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":277450,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABApn5AAEAGSYfAqAEinTfrsMO1AbsGcnDPAAAAALAC\/\/\/trQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1431969706277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":277646,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkWpAAEAGxzzAqAEiQTffD8O2Abu4rlNDAAAAALAC\/\/\/BnQAAAgQFtAEDAwUBAQgKPiODxwAAAAAEAgAA"}
00438{"flow_id":226,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":311958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8eKVAAEAG4AXAqAEiQTffD8OynFri9dCOh7IvWoAYECkenAAAAQEICj4jg+kuudJYB9ShBDhY9ug="}
00438{"flow_id":229,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":353932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+gmdN+uwwKgBIgG7w7Xvxq\/pBnJw0KASOJDKVgAAAgQFrAQCCApF6hYkPiODxwEDAwk="}
@@ -1609,7 +1609,7 @@
00463{"flow_id":223,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1524,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":963964,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"0NQSxnP1PBXCt3IOCABFAABNBFtAAEAGVLPAqAEinTeCm8OuAbux\/OMgeZuFrYAYECyAvQAAAQEICj4jhnJOs6LAbiJ8sZfDJaByCG++TyeH7mntaEp3F4nXwA=="}
00656{"flow_id":220,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1525,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969706,"pkt_ts_usec":999146,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbBeVAAEAGOPrAqAEiF84hpsOqAbtGC\/RnGUhldoAZECxDzQAAAQEICj4jhpXsLyLPFgMBAKIBAACeAwFVWh+iRxw4dKYdeAHJfyjlXjv9yCDOr6NdIx96jKX10wAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00502{"flow_id":230,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969707,"pkt_ts_usec":67399,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"0NQSxnP1PBXCt3IOCABFAABt8ulAAEAGZZDAqAEiQTffD8O2Abu4rlOMyHp2R4AYECyIKQAAAQEICj4jhtkuudPpI5bq6HMzIBDTkc9VEw4iCS9khhJElSKv7lgEA0wtqe8DbuphtcTug+qyZjVGz2PfJmKteoTIZ7xX"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431969707326,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431969707326,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969707,"pkt_ts_usec":326642,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1ORAAEAGTF\/AqAEiQAQXpsO3Abu4qWeDAAAAALAC\/\/9x6QAAAgQFtAEDAwUBAQgKPiOH3AAAAAAEAgAA"}
00437{"flow_id":227,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1529,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969707,"pkt_ts_usec":344703,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA81tRAAEAGSnPAqAEiQAQXpsOznFablHVW59gF64AYECo4SwAAAQEICj4jh+5MP03dvRFcC9M5aYU="}
00513{"flow_id":229,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1530,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969707,"pkt_ts_usec":410177,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"0NQSxnP1PBXCt3IOCABFAABzQslAAEAGrQnAqAEinTfrsMO1AbsGcnEY78av6oAYECxj9AAAAQEICj4jiC9F6hY3sJ5M2vPvqN11yHQsLBYX78Fbyq3x3hepbRjJ8YnhMbQPilSaKG1RU\/yixUsT4fxcBNvK\/vN9qGK86WKCmteS"}
@@ -1652,7 +1652,7 @@
00411{"flow_id":174,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969710,"pkt_ts_usec":648606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoB+JAAEAGm0zAqAEinTc4oMOVAbs\/vde5AAAAAFAEAAA7dwAA"}
00522{"flow_id":221,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969710,"pkt_ts_usec":670432,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4jZhAAEAGYlPAqAEinTfrksOrAbuMrH6YAEk0NoAYECygoAAAAQEICj4jlNlMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
00438{"flow_id":227,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969710,"pkt_ts_usec":806602,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8QptAAEAG3qzAqAEiQAQXpsOznFablHVW59gF64AYECoq2AAAAQEICj4jlWFMP03dvRFcC9M5aYU="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1431969710853,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1431969710853,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1587,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969710,"pkt_ts_usec":853799,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAz19AAEAG2DnAqAEinTg0HMO8nEnrI3UzAAAAALAC\/\/8PzQAAAgQFtAEDAwUBAQgKPiOVkAAAAAAEAgAA"}
00438{"flow_id":222,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969710,"pkt_ts_usec":911790,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8kI1AAEAGyJHAqAEinTeCm8OsnFQhlXBwFdEIa4AYECkrYwAAAQEICj4jlclOs6ExgUZfklcFTZE="}
00438{"flow_id":232,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969711,"pkt_ts_usec":97782,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtJ2dODQcwKgBIpxJw7we\/\/hU6yN1NKASOJAgZAAAAgQFrAQCCApMXGQgPiOVkAEDAwk="}
@@ -1673,20 +1673,20 @@
00524{"flow_id":232,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":467510,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"PBXCt3IO0NQSxnP1CABFAAB4nA1AADMGGFSdODQcwKgBIpxJw7we\/\/iW6yN1hIAYAB1uowAAAQEICkxcZYE+I5sOhMZaEh93OnZ3c\/muXOFwrztIYK5khE9IdC6mh6JkvLg12WBJtsQSO0zju2ffDzwJPfOQ3lkywMIQJ087yDYbZwOPHlE="}
00427{"flow_id":232,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1607,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":467605,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W21AAEAGTDjAqAEinTg0HMO8nEnrI3WoHv\/42oAQECdu8QAAAQEICj4jm9hMXGWB"}
00429{"flow_id":232,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1608,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":507693,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0nA5AADMGGJedODQcwKgBIpxJw7we\/\/ja6yN1qIAQAB1\/kwAAAQEICkxcZYs+I5s2"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00582{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":913771,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChlVQAAAERcjPAqAEi7\/\/\/+sFNB2wAjXH\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1616,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00577{"flow_id":233,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1617,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":913828,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgzegAAAEROaDAqAEi7\/\/\/+sFNB2wAjNfyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00581{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":913884,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChxxoAAAERQG3AqAEi7\/\/\/+sd6B2wAjWvSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1618,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00577{"flow_id":234,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1619,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":913898,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgMZsAAAER1e3AqAEi7\/\/\/+sd6B2wAjNHFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431969712913,"flow_last_seen":0,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":913984,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoiaEAAEARbbDAqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"}
-00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431969712918,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431969712918,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":918145,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYEAAEAB8QTAqAEBwKgBIgMDgJYAAAAARQAAKImhAABAEW2wwKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="}
-00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431969712918,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431969712931,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1621,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431969712918,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431969712931,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":931653,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAK1RAAEAGGV7AqAEiW77YfcO9MD57jsMsAAAAALAC\/\/8yeAAAAgQFtAEDAwUBAQgKPiOdpAAAAAAEAgAA"}
00426{"flow_id":237,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":980992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0xLRAAPUGywBbvth9wKgBIjA+w71YjgIOe47DLYASH\/7LvwAAAgQFoAEDAwQBAQQC"}
00409{"flow_id":237,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969712,"pkt_ts_usec":981073,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoyL5AAEAGfAvAqAEiW77YfcO9MD57jsMtWI4CD1AQIAAMeQAA"}
@@ -1713,50 +1713,50 @@
00409{"flow_id":235,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":715848,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAorjMAAEARSR7AqAEiwKgBAdMzFOcAFCBsAAEAADLdMt0AAA4Q"}
00449{"flow_id":236,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":717677,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYMAAEAB8QLAqAEBwKgBIgMDgJYAAAAARQAAKK4zAABAEUkewKgBIsCoAQHTMxTnABQgbAABAAAy3TLdAAAOEA=="}
00417{"flow_id":237,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":736415,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFCAAoxMpAAPUGyvZbvth9wKgBIjA+w71YjgIPe47DnFAUJeUGIQAAAAAAAAAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431969713736,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431969713736,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":736740,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGB5AAEAGLJTAqAEiW77YfcO+MD4D6992AAAAALAC\/\/+KswAAAgQFtAEDAwUBAQgKPiOgwQAAAAAEAgAA"}
00426{"flow_id":238,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":779504,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0e5xAAPUGFBlbvth9wKgBIjA+w7686z9CA+vfd4ASH\/6FhgAAAgQFoAEDAwQBAQQC"}
00410{"flow_id":238,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":779626,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoL3hAAEAGFVLAqAEiW77YfcO+MD4D6993vOs\/Q1AQIADGPwAA"}
00418{"flow_id":238,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":779738,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"0NQSxnP1PBXCt3IOCABFAAAtqZ1AAEAGmyfAqAEiW77YfcO+MD4D6993vOs\/Q1AYIACvLwAAFgMBAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":813443,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuRSsAAEARjAjAqAEisBo3pzLd+R0AGvy6nPQCqlUgKb9nOC7NdHVpaZsV"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":813503,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuxDQAAEAR2PrAqAEiTLnPDDLdsbUAGvt+nPYC2PYYRrvqRJzYx\/ENvQip"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1670,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":813568,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu9OEAAEARrrjAqAEisGFk+TLdaAsAGvRlnPgCVJNAf7hukPL\/wXB1U06s"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1671,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":813568,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQzIAAEARLjDAqAEiRz4AVTLdg28AGnA0nPoCdLBbJLLwvfiy++3Nr6hQ"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431969713814,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431969713814,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00617{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":814754,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"PBXCt3IOxCwDBkn+CABFAADBLbUAAP8R6nbAqAFc4AAA+xTpFOkArSlHAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAyAAQRfc21iwBgADIABBF9yZmLAGAAMgAEGX2FkaXNrwBgADIABwAwADAABAAAPvAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwAzAKAAMAAEAAAwOABANTHVjYeKAmXMgaU1hY8Ao"}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431969713814,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431969713815,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1673,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431969713814,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431969713815,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00650{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":815539,"pkt_caplen":227,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":227,"pkt_l4_len":173,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAK0R\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QCtu5cAAAAAAAQAAwAAAAALX2FmcG92ZXJ0Y3AEX3RjcAVsb2NhbAAADIABBF9zbWLAGAAMgAEEX3JmYsAYAAyAAQZfYWRpc2vAGAAMgAHADAAMAAEAAA+8ABYTTHVjYeKAmXMgTWFjQm9va1Byb8AMwAwADAABAAAMDgAQDUx1Y2HigJlzIGlNYWPADMAoAAwAAQAADA4AEA1MdWNh4oCZcyBpTWFjwCg="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431969713815,"flow_last_seen":0,"flow_tot_l4_data_len":173,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1674,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431969713815,"flow_last_seen":0,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_afpovertcp._tcp.local"}}
00417{"flow_id":238,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":822833,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFCAAot7tAADYGlwZbvth9wKgBIjA+w7686z9DA+vffFAQA6DimgAAAAAAAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":965184,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuO\/8AAEARXS3AqAEinTeCkTLdAbsAGqTTnQwCwP4SRbwMfSMDCWlEQOP1"}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1681,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969713,"pkt_ts_usec":965185,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuUbAAAEARRubAqAEiQTffJzLdAbsAGjQZnQ4ChKdksriBAZEnlRRV2r4X"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1682,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00417{"flow_id":238,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1690,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":165130,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFCAAoe6BAAPUGFCFbvth9wKgBIjA+w7686z9DA+vffFAUJeXAUQAAAAAAAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1431969714165,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1431969714165,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":247,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":165437,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXlBAAEAG5mHAqAEiW77YfcO\/AbtO2k10AAAAALAC\/\/\/+rQAAAgQFtAEDAwUBAQgKPiOiXAAAAAAEAgAA"}
00426{"flow_id":247,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1695,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":207763,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0n3BAAPUG8ERbvth9wKgBIgG7w79kPKOqTtpNdYASH\/7vYgAAAgQFoAEDAwQBAQQC"}
00410{"flow_id":247,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1696,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":207840,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAofgBAAEAGxsnAqAEiW77YfcO\/AbtO2k11ZDyjq1AQIAAwHAAA"}
00418{"flow_id":247,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":207954,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":25,"pkt":"0NQSxnP1PBXCt3IOCABFAAAtbvxAAEAG1cjAqAEiW77YfcO\/AbtO2k11ZDyjq1AYIAAZDAAAFgMBAAA="}
00417{"flow_id":247,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":250589,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFCAAohDNAADYGyo5bvth9wKgBIgG7w79kPKOrTtpNelAQA6BMdwAAAAAAAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1703,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":398039,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMR1AAEAGWiPAqAEiTKehBsPATzJsmy7uAAAAALAC\/\/\/3pQAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":398234,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtnFAAEAGcsPAqAEiR+4Hy8PBSU++p132AAAAALAC\/\/8aaAAAAgQFtAEDAwUBAQgKPiOjPwAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1431969714398,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":398565,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOeJAAEAGfjbAqAEiBfi63cPCeSJZV8ukAAAAALAC\/\/9xGAAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1431969714399,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1431969714399,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1706,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":399341,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMoNAAEAGzS3AqAEiVh8jHsPD6OVaW8KbAAAAALAC\/\/9Q8QAAAgQFtAEDAwUBAQgKPiOjQAAAAAAEAgAA"}
00437{"flow_id":251,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":471352,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OCJAAHEGlpJWHyMewKgBIujlw8M6uTMdWlvCnKASIADQQwAAAgQFrAEDAwgEAggKABoDtj4jo0A="}
00425{"flow_id":251,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":471444,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0C5pAAEAG9CLAqAEiVh8jHsPD6OVaW8KcOrkzHoAQECwOlQAAAQEICj4jo4gAGgO2"}
@@ -1781,7 +1781,7 @@
00577{"flow_id":249,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1749,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":835749,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"PBXCt3IO0NQSxnP1CABFAACf9cNAAHMGABJH7gfLwKgBIklPw8GfDHVBvqdeNIAY\/8I0CQAAAQEICgMco4A+I6QWyMQyGiG2r\/3uU2msM480Vm6KX6\/LsMHE37hgwVCkrulVFxF93a9bT+pbtinMot1EjVqDWOkGP+QFcrsw4Z73PH2K8wjZNq+U9aIr4NHOZ+xtumO4yWYfROXSm5DB\/tecXerTaLmWj\/TVAgs="}
00425{"flow_id":249,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1750,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":835852,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ot1AAEAGhmPAqAEiR+4Hy8PBSU++p140nwx1rIAQECiMvgAAAQEICj4jpO0DHKOA"}
00438{"flow_id":249,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1751,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":836395,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8F7BAAEAGEYnAqAEiR+4Hy8PBSU++p140nwx1rIAYECgfQQAAAQEICj4jpO0DHKOA72ydd\/Dm76E="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1431969714902,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1431969714902,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":252,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":902925,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA9lxAAEAG47DAqAEiUVNNjcPEROe9aVYgAAAAALAC\/\/\/WyQAAAgQFtAEDAwUBAQgKPiOlLwAAAAAEAgAA"}
00537{"flow_id":216,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1756,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":912892,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDsolAADcGEbZv3U2OwKgBIgG7w6e9PNNvS9U9YIAYAB0gaQAAAQEICk2Mcqg+I2GYFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00410{"flow_id":216,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1757,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969714,"pkt_ts_usec":913003,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoiKNAAEAGMvfAqAEib91NjsOnAbtL1T1gAAAAAFAEAADiEgAA"}
@@ -1801,11 +1801,11 @@
00438{"flow_id":227,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":118606,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8PzZAAEAG4hHAqAEiQAQXpsOznFablHVW59gF64AZECoaNgAAAQEICj4jpgJMP03dvRFcC9M5aYU="}
00437{"flow_id":250,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":139773,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Dv5AAEAGqR7AqAEiBfi63cPCeSJZV8vhQ7fcvYAYECrJwwAAAQEICj4jphcAAG6yvouwwfuK2cY="}
00439{"flow_id":252,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":383586,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8bUFAAEAGbNDAqAEiUVNNjcPEROe9aVaB2bol\/oAYEClkFgAAAQEICj4jpwgAupldFs\/7EKwgSC8="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1431969715510,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1431969715510,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":253,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1789,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":510906,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA3TdAAEAGS\/3AqAEiR+4Hy8PFSU9+U7C+AAAAALAC\/\/8DrQAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1431969715511,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1431969715511,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":254,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":511090,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAKktAAEAGjc3AqAEiBfi63cPGeSKEqukYAAAAALAC\/\/8kCwAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1431969715511,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1431969715511,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":255,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1791,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":511238,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAylVAAEAGNVvAqAEiVh8jHsPH6OX+Qs16AAAAALAC\/\/+d5AAAAgQFtAEDAwUBAQgKPiOnggAAAAAEAgAA"}
00438{"flow_id":255,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1793,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":594629,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8OFdAAHEGll1WHyMewKgBIujlw8c9omIw\/kLNe6ASIADqygAAAgQFrAEDAwgEAggKABoEJj4jp4I="}
00425{"flow_id":255,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1794,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":594733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0XmBAAEAGoVzAqAEiVh8jHsPH6OX+Qs17PaJiMYAQECwpEwAAAQEICj4jp9MAGgQm"}
@@ -1843,7 +1843,7 @@
00438{"flow_id":251,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":972851,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89dhAAEAGCdzAqAEiVh8jHsPD6OVaW8L1OrkzbYAZECmjMQAAAQEICj4jqT8AGgO9IXsnOyU+9vo="}
00427{"flow_id":255,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":998132,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0OGpAAHEGllJWHyMewKgBIujlw8c9omJ8\/kLQuoAQAP80CQAAAQEICgAaBE8+I6hX"}
00434{"flow_id":255,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969715,"pkt_ts_usec":998242,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4PsBAAEAGwPjAqAEiVh8jHsPH6OX+QtC6PaJifIAYECmbnAAAAQEICj4jqVgAGgRPthvSGQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1431969716015,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1431969716015,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":256,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":15431,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfGpAAEAGXaPAqAEiUVNNjcPJROc2X9vGAAAAALAC\/\/\/T7gAAAgQFtAEDAwUBAQgKPiOpaQAAAAAEAgAA"}
00437{"flow_id":226,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":62424,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8OGdAAEAGIETAqAEiQTffD8OynFri9dCOh7IvWoAZECn47gAAAQEICj4jqZUuudJYB9ShBDhY9ug="}
00437{"flow_id":256,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":76217,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8egBAAHQGLBFRU02NwKgBIkTnw8naYr1gNl\/bx6ASIACSowAAAgQFrAEDAwgEAggKALqZxj4jqWk="}
@@ -1858,7 +1858,7 @@
02040{"flow_id":255,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":152294,"pkt_caplen":1249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1249,"pkt_l4_len":1215,"pkt":"PBXCt3IO0NQSxnP1CABFAATTOHBAAHEGka1WHyMewKgBIujlw8c9omJ8\/kLQvoAYAP8sGwAAAQEICgAaBF4+I6lYnBHfuTNVbAFLZ8DE2QGUO1g6nBUp5seBp87UhS2jhNjf08RW31yEi5I\/Os6GFAVvrNgG+dbfcCj+F\/7m8DBwttY92apmGYGNmeHzkAsX0Wz8FN4myG0U54J4I7rrMv7CRWH07gGG5H8oxMSdf49R622ox1BET9T32UT\/\/DLtGfrGsThS2DU3JLI27HuZl82xmzdrA3yamC2GjggEeePxwrUWYiO6kuAg5DIjkwVQl263WKYPvH03946leosR\/c0AaLUDGuyZg3e4qIjdvb1DoRHzK6RjZh2mgFfrNeSBp20aa\/1vGqATjKbNL\/jOSm0jXj\/kbQfK\/pDVJqQ3i0xi83WDDM5HMbheL7g3ucWpwio9NdKYRIbmCgHrXD6I7mG\/o+dJxID81cAZHwLxJ31zKuPQIhzYmtC9YEKyuGLAkdB+gXPWBjQjkrjHi+GLadGNKBRqp58HFIDvuMlhbPoD1+eycclIpiA74UASAAW3vjmqfdxADdHAXD+8bTI9uefhYKxK25Vejid8QfPiTetPFCiaVpTMFYl1jJFqTTiCqOzpU\/B1JSn3z5VCN\/3PvW1u4Kc+loI5EikF2TCNRtXyRCcFoB+msAOSn4QbIjnn28bEofup4vNbm+S5v+bgdMnG2doNgCqQXo9LbaITqE\/FWwV4Y\/ViW97dpVsdkcfz\/MW61dC8ouAmSrjamqhaa12xGTBgSf6kcAhwZ6KL66p2p18pZkbyBt7i2YM2DIyzyVIGm7dNTvTETRLLqMXhj3l4wjAwitPgRRkRk7t13uIzNrSrnXYEhfL9o\/nWPLDFc1UjtjKgdmDoVL+F3B0O\/GwZVZZSaX+7TyW3anQFpWIE0arS9UFRZa7p8ca\/C1yfvIcb8p+W4VMn3hFSoBwh6PjWiCUsa+UQMLl\/7TKMFqUDXavWn+ONPFyensNvg26KDd\/ho2bUS7A5TK41KdQD8MOdhpJJbFGeQ+fyDkI7NB7z264re5BXZLiyoqev5FAOuW+EgaYQaaSo2oAKVu2bUv9vzcYBeeth8XOWie4yyKeib3wY0w6iZyzjL4+\/2tercbN+UsPMHWRqxqjOKjSDcxjQ38RL5zBcfkhF+hW\/uQj18jeHUGJG+RlnIiigQqQLWJwME\/5KFXaI2LZl6pbBzinLl4WqR5E0PZUqvx1hw3ZW2C7E2KpKKgAyVAdLC9rLK8Ne9TaWGsk8wgWCTMjYqDHpdX6AyrTWj4jJo\/0FwP6f40o2VPCe5XnsOGoYyWDQlAGZPSZQu2np2A1n1tUosQM+fFEbPgsmblMMFrDA9BMQ3Uo0RvYlCbIl8WIA3skDUAJKTD0XMRgHFOUXN7v9vsThiuioooXMJoGILZcHQ\/5O6VmVAxnNfqvwOhRu9Hrhyc09WmQnh\/YI2kkGshlnOOPOP4ZeaeTr0h\/Gnu0NLxEQNBJcfCEU7KAhYpOrP0bGfJIoHw2o9tyqamhEhYflMv8NmLRJLfT5AZCdOk1d4p5NRQyoOL8qQ+oMCVG6i+fNsWO3GtUENCQc0VW4SD8Wr3Ww8X7ljs7V4goPQO0xL8KNoA0+G+WhX+pgVzME1B4kFQ=="}
00446{"flow_id":253,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":173123,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"PBXCt3IO0NQSxnP1CABFAABC9dxAAHMGAFZH7gfLwKgBIklPw8W6q5fIflOxCYAY\/7U3owAAAQEICgMco44+I6kzvZv3HosRqeTwyFun2sE="}
00425{"flow_id":253,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1856,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":173246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA097xAAEAGMYTAqAEiR+4Hy8PFSU9+U7EJuquX1oAQECo3UAAAAQEICj4jqf0DHKOO"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1431969716182,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1431969716182,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":257,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":182666,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAI3FAAEAG8D7AqAEiUYUTucPKrY8W93X3AAAAALAC\/\/8pggAAAgQFtAEDAwUBAQgKPiOqBgAAAAAEAgAA"}
00446{"flow_id":256,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1869,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":208766,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"PBXCt3IO0NQSxnP1CABFAABCeglAAHQGLAJRU02NwKgBIkTnw8naYr2eNl\/cBIAYAQJxYAAAAQEICgC6mdM+I6nbd+c7b+yayoVA2nSITh0="}
00425{"flow_id":256,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1870,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":208845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0d2xAAEAGYq3AqAEiUVNNjcPJROc2X9wE2mK9rIAQECnP8wAAAQEICj4jqiAAupnT"}
@@ -1884,25 +1884,25 @@
00441{"flow_id":252,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1944,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":747887,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/ZNAAEAG3H3AqAEiUVNNjcPEROe9aVaB2bol\/oAZECle+wAAAQEICj4jrCIAupldFs\/7EKwgSC8="}
00427{"flow_id":253,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1945,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":764648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA09fFAAHMGAE9H7gfLwKgBIklPw8W6q5fkflOxDYAQ\/7FG6QAAAQEICgMco5Q+I6rE"}
00439{"flow_id":257,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1946,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":776065,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/4BAAEAGFDPAqAEiUYUTucPKrY8W93Zm19BG5IAYECk8CgAAAQEICj4jrD0CsDJIZdJpfu5kCPY="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01084{"flow_id":258,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":797621,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISY\/IAAEARUx\/AqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1947,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01079{"flow_id":259,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":797900,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISf8oAAEARdJ\/AqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1948,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00438{"flow_id":225,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969716,"pkt_ts_usec":890521,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8HjRAAEAG0dXAqAEinTfrsMOxnFbKZQiU5a3ICYAZEClxEgAAAQEICj4jrKxF6hSkCDlkOMMwVQQ="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01081{"flow_id":260,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":61595,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISs5YAAEARA0HAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1973,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01077{"flow_id":261,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":62243,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISf4EAAEARdK7AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1431969717177,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1974,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1431969717177,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":262,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1984,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":177542,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+WNAAEAGAQPAqAEiUA4uecPLET9q+lcrAAAAALAC\/\/9zkwAAAgQFtAEDAwUBAQgKPiOtxAAAAAAEAgAA"}
00445{"flow_id":262,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":265774,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoQ1AAHQGJVlQDi55wKgBIhE\/w8sUK4TLavpXLLAS\/\/\/FfwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
00425{"flow_id":262,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1988,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":265879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NNxAAEAGxZbAqAEiUA4uecPLET9q+lcsFCuEzIAQECwJ2AAAAQEICj4jrhsAAAAA"}
00558{"flow_id":262,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1991,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":266616,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"0NQSxnP1PBXCt3IOCABFAACTX6BAAEAGmnPAqAEiUA4uecPLET9q+lcsFCuEzIAYECzjbQAAAQEICj4jrhsAAAAAKlynFyjlOqL8dqz+bX0Or8xAQIj\/HCOpBXfertyPyUZgodtmd04O2PMb+P08ptsCU+g5Fg90VYKLwDGux8zNmsOYKUZ\/JEWy+3Ah3jd8vcozSBl279Q14msgEQ6nLK0="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1431969717295,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1431969717295,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":263,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1992,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":295253,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAu4NAAEAGWCzAqAEiUYUTucPMrY9zRWLSAAAAALAC\/\/\/cJAAAAgQFtAEDAwUBAQgKPiOuOAAAAAAEAgAA"}
00552{"flow_id":262,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1999,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":356333,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"PBXCt3IO0NQSxnP1CABFAACNoRNAAHQGJQZQDi55wKgBIhE\/w8sUK4TMavpXi4AY\/6C0HgAAAQEICgADVZY+I64bS62Kgl1ACKAwpANux8IK7+mmPs6Q432Z3QEqRI3UeUJeWYsHKQHcFtC62UOETMDlx8zNmsOYKUZ\/JEWy+3Ah3jd8vcozSBl279Q14msgEQ6nLK36o\/gJpl8="}
00425{"flow_id":262,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2000,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":356436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04RFAAEAGGWHAqAEiUA4uecPLET9q+leLFCuFJYAQECmzMAAAAQEICj4jrnQAA1WW"}
@@ -1929,9 +1929,9 @@
00426{"flow_id":263,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":603510,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0dJ9AADAGrxxRhRO5wKgBIq2Pw8wuoXfzc0VjLoAQECkqFgAAAQEICgKwNyM+I68a"}
00504{"flow_id":230,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":781540,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"0NQSxnP1PBXCt3IOCABFAABtgVZAAEAG1yPAqAEiQTffD8O2Abu4rlOMyHp2R4AZECxe8AAAAQEICj4jsBEuudPpI5bq6HMzIBDTkc9VEw4iCS9khhJElSKv7lgEA0wtqe8DbuphtcTug+qyZjVGz2PfJmKteoTIZ7xX"}
00437{"flow_id":262,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":788496,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IDhAAEAG2jLAqAEiUA4uecPLET9q+leLFCuFJYAYECk9VwAAAQEICj4jsBcAA1WWI9QHv+GwZuI="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431969717899,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431969717899,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00714{"flow_id":264,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":899953,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJlCBAADAGQl8Rj6AWwKgBIhRnwSeBM8VdlvCqUoAYASHIigAAAQEIClVKAjo+IiGKFwMBANBGiA2FCgkg8zogS8Wv8uA0hKKXZpqXahZerQ98bBCn7C+LnTtdb1gFMe8akVD0ZXaKV2LbbgrevU7SQvBoNrIKmLDngOd7HnJnwMZSKAgZhBWjSGnNxPPChGecLDOMDXdtNcHO5aH0kerDi4eahd\/xxcweKHEqdaSg9EF7AN1znxgL9Vtu5lzdAyFIAlRZuEfAfgPOG5VblTu4iCKf5kwtqrTH0XrU9yr9hT+57cz\/TU37sy04NvAQJNXRsNfuIJU+SbJ1mgQuWHV+U5AtBgSt"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431969717899,"flow_last_seen":0,"flow_tot_l4_data_len":245,"flow_min_l4_data_len":245,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":245,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2044,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431969717899,"flow_last_seen":0,"flow_min_l4_payload_len":213,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":213,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00426{"flow_id":264,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":900063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ie5AAEAGPWbAqAEiEY+gFsEnFGeW8KpSgTPGMoAQD\/lO7gAAAQEICj4jsIZVSgI6"}
00551{"flow_id":264,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":901263,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOywdAAEAG+\/LAqAEiEY+gFsEnFGeW8KpSgTPGMoAYEAClWwAAAQEICj4jsIdVSgI6FwMBACBFSXcAQNGwOhcu0QVlHuKzyvFkGgpCme0Kai94jEbJ0RcDAQAwQN+VK2ikiOW7uk5UyLlTNolrUZSBmQX1wD8NXzXPIFfAPuABh4UNMZuiOLR\/\/d5p"}
00617{"flow_id":243,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":905976,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"PBXCt3IOxCwDBkn+CABFAADBmPEAAP8RfzrAqAFc4AAA+xTpFOkArRpOAAAAAAAEAAMAAAAAC19hZnBvdmVydGNwBF90Y3AFbG9jYWwAAAwAAQRfcmZiwBgADAABBF9zbWLAGAAMAAEGX2FkaXNrwBgADAABwAwADAABAAAPuAAWE0x1Y2HigJlzIE1hY0Jvb2tQcm\/ADMAMAAwAAQAADAoAEA1MdWNh4oCZcyBpTWFjwAzAMwAMAAEAAAwKABANTHVjYeKAmXMgaU1hY8Az"}
@@ -1940,9 +1940,9 @@
00410{"flow_id":230,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":910804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAopvdAAEAGscfAqAEiQTffD8O2Abu4rlPGAAAAAFAEAAD76AAA"}
00462{"flow_id":208,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2051,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":938891,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"0NQSxnP1PBXCt3IOCABFAABOD61AAEAG39zAqAEi1cezjsOfAbt1SdzkHtgDwIAZECylBgAAAQEICj4jsKtQDMF3EmQmnx6sH6BO82garWUNa027XrMWTbG33jE="}
00439{"flow_id":224,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2052,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":944695,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8u05AAEAGA5jAqAEib91KLsOwnFtwFACeyWA\/QIAZECqHvwAAAQEICj4jsLBNhWV5MasRplDVU5Q="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1431969717949,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1431969717949,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":265,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2055,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":949030,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1MFAAEAGbfDAqAEiW77afcPNMD7mkcxwAAAAALAC\/\/+pEQAAAgQFtAEDAwUBAQgKPiOwswAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1431969717949,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1431969717949,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":266,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":949481,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjMJAAEAGuFXAqAEiW77YF8POMD6CImXAAAAAALAC\/\/92lQAAAgQFtAEDAwUBAQgKPiOwtAAAAAAEAgAA"}
00437{"flow_id":266,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":992463,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGUBRbvtgXwKgBIjA+w86t1YyggiJlwaASOJDgygAAAgQFrAQCCAoNJSaXPiOwtAEDAwk="}
00425{"flow_id":266,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969717,"pkt_ts_usec":992568,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ynpAAEAGeqnAqAEiW77YF8POMD6CImXBrdWMoYAQECw3ygAAAQEICj4jsN8NJSaX"}
@@ -1960,7 +1960,7 @@
00440{"flow_id":252,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":192620,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8W25AAEAGfqPAqAEiUVNNjcPEROe9aVaB2bol\/oAZEClZewAAAQEICj4jsaIAupldFs\/7EKwgSC8="}
00513{"flow_id":224,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":237742,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"PBXCt3IO0NQSxnP1CABFAAByWnZAADYGbjpv3UouwKgBIpxbw7DJYD9IcBQAp4AZAB159QAAAQEICk2FciY+I7CwmAIXkyBXzHE154LabKT7fJo+gXNAEWzUURQTrLo9dtJdHsP4Dv0+8630BSXoEtPs\/t59yXG3UZA5xAHlgzk="}
00410{"flow_id":224,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":237861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAopbNAAEAGGUfAqAEib91KLsOwnFtwFACnAAAAAFAEAABjQwAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1431969718289,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1431969718289,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":267,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":289986,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAEiZAAEAG6EDAqAEiUA4uecPPET\/DDsi2AAAAALAC\/\/+lsQAAAgQFtAEDAwUBAQgKPiOyAgAAAAAEAgAA"}
00438{"flow_id":248,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":316293,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA80FVAAEAGuu7AqAEiTKehBsPATzJsmy887NUaAIAYECgrbAAAAQEICj4jshy+oN9kxXgAHFm0KHI="}
00878{"flow_id":266,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":350462,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"0NQSxnP1PBXCt3IOCABFAAGAeNBAAEAGywfAqAEiW77YF8POMD6CImX9rdWNC4AYECj+9gAAAQEICj4jsj4NJSaium5jNp\/t6MnvYv17vInE+u60ockfR5mfGTOro0QN8LMKnmAyvODPlTeyrnkoAUpKceu5uu4NlVO\/v7ctJqTBVS8o0R1CSL+EPA5s6N3+\/xSicLOSk8FOw0ZK8JvNsCjaQnMlPLIfYEsiQsmAyX1mhdmutUXuX1FlLSieJ868LDp8KWnZBPAIIPoWEV34j0UNNhg8OjdvwRinNdOManql86rY\/V2GVf6ms8Z9fpiOdcl2TxrxP9aSeZz3HmVMIj+c1\/jv3lQrBoXgfkzaS2fI27xuPVW4vOSfOCqdpBx40nBoPLwgs99WAHdL8kRdgfaFID96DQLsQ1X2UmAKMsqHqhcdQYFDK9h1czYRqgSNf6OjxZjjG\/RON6LXVdAjMLtOT1G4VUncOMp43DgkS1qIRYNmPbrc8XzQI4wvtYSHiTNizbbA6Gpepi0kbFY="}
@@ -1989,20 +1989,20 @@
00427{"flow_id":220,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2115,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":882029,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0R45AADkG\/vcXziGmwKgBIgG7w6oZSGV2Rgv0Z4ARAcX40wAAAQEICuwvcRg+I2bi"}
00427{"flow_id":220,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":882147,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MIVAAEAGDwHAqAEiF84hpsOqAbtGC\/UOGUhld4ARECycXgAAAQEICj4jtEjsL3EY"}
00418{"flow_id":220,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969718,"pkt_ts_usec":921428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoUvNAADkG854XziGmwKgBIgG7w6oZSGV3AAAAAFAEAABwfQAAAAAAAAAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431969719055,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431969719055,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":268,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":55293,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXAXoAAEAR9ajAqAEiwKgBAfP2ADUAQxAUbrQBAAABAAAAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAE="}
-00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431969719055,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2123,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431969719055,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00520{"flow_id":268,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":110031,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"PBXCt3IO0NQSxnP1CABFAAB3AABAAEARtwLAqAEBwKgBIgA18\/YAY7LlbrSBgAABAAIAAAAAE3AwNS1rZXl2YWx1ZXNlcnZpY2UGaWNsb3VkA2NvbQZha2FkbnMDbmV0AAABAAHADAABAAEAAAAZAAQRrGQkwAwAAQABAAAAGQAEEaxkCA=="}
-00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":67,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1431969719110,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00707{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2127,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"},"dns": {"query":"p05-keyvalueservice.icloud.com.akadns.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.172.100.36"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1431969719110,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":269,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2128,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":110749,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHqNAAEAG5HrAqAEiEaxkJMPQAbsLGQpgAAAAALAC\/\/8xEQAAAgQFtAEDAwUBAQgKPiO1KQAAAAAEAgAA"}
00418{"flow_id":269,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2138,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":259428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"PBXCt3IO0NQSxnP1CABFAAAsDItAAPAGRqYRrGQkwKgBIgG7w9AFbnZwCxkKYWASH\/7prQAAAgQFoAAA"}
00411{"flow_id":269,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2139,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":259555,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAocytAAEAGkArAqAEiEaxkJMPQAbsLGQphBW52cVAQ\/\/8hVQAA"}
00730{"flow_id":269,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":260395,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"pkt":"0NQSxnP1PBXCt3IOCABFAAERGFtAAEAG6fHAqAEiEaxkJMPQAbsLGQphBW52cVAY\/\/\/qjAAAFgMBAOQBAADgAwNVWh+31WXSTHREMokhIqCcUnp9wljFgut1FAWv\/IRrRCC9J9K2RjJjHnC8CFVB8Gg9pkEtkLMETmSD4xz1bWuZVABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAABNAAAAIwAhAAAecDA1LWtleXZhbHVlc2VydmljZS5pY2xvdWQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_tot_l4_data_len":341,"flow_min_l4_data_len":20,"flow_max_l4_data_len":253,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2140,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":4,"flow_first_seen":1431969719110,"flow_last_seen":1431969719260,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00417{"flow_id":269,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2144,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":411070,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoDIxAAPAGRqkRrGQkwKgBIgG7w9AFbnZxCxkLSlAQiZaW1QAAAAAAAAAA"}
00537{"flow_id":269,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":411077,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"PBXCt3IO0NQSxnP1CABFAACEDI5AAPAGRksRrGQkwKgBIgG7w9AFbnZxCxkLSlAYiZasDAAAFgMDAFECAABNAwNVWh+3tveMD2elbOWAHrVVg31Lnt0c0FKnZZJQCRlxxCC9J9K2RjJjHnC8CFVB8Gg9pkEtkLMETmSD4xz1bWuZVAAEAAAF\/wEAAQAUAwMAAQE="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_tot_l4_data_len":473,"flow_min_l4_data_len":20,"flow_max_l4_data_len":253,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2145,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":6,"flow_first_seen":1431969719110,"flow_last_seen":1431969719411,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":325,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.AppleiCloud","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p05-keyvalueservice.icloud.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00462{"flow_id":269,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2146,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":411126,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"PBXCt3IO0NQSxnP1CABFAABNDJBAAPAGRoARrGQkwKgBIgG7w9AFbnbNCxkLSlAYiZY9MAAAFgMDACCErnELMC4NLURXH1XOmma\/eoxmsTpmClh52QJbqp0ANg=="}
00412{"flow_id":269,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2147,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":411202,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo51ZAAEAGG9\/AqAEiEaxkJMPQAbsLGQtKBW52zVAQ\/\/8gEAAA"}
00411{"flow_id":269,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2148,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":411203,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoh2pAAEAGe8vAqAEiEaxkJMPQAbsLGQtKBW528lAQ\/\/8f6wAA"}
@@ -2016,7 +2016,7 @@
00427{"flow_id":267,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2161,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":542170,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0nWJAAEAGXRDAqAEiUA4uecPPET\/DDskUGbeX8oAQECjIwwAAAQEICj4jttEAA1Ws"}
00435{"flow_id":267,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2162,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":542266,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4m21AAEAGXwHAqAEiUA4uecPPET\/DDskUGbeX8oAYEChZZQAAAQEICj4jttEAA1WsJ6JHsA=="}
00522{"flow_id":221,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2163,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":559358,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4kUZAAEAGXqXAqAEinTfrksOrAbuMrH6YAEk0NoAZECx+lgAAAQEICj4jtuJMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1431969719561,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1431969719561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":270,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2164,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":561453,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAR+5AAEAG+sPAqAEiW77afcPRMD4OYtZAAAAAALAC\/\/9xPAAAAgQFtAEDAwUBAQgKPiO25AAAAAAEAgAA"}
00418{"flow_id":269,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2165,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":564377,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoDJFAAPAGRqQRrGQkwKgBIgG7w9AFbnbyCxkLUFAQiZCWVAAAAAAAAAAA"}
00418{"flow_id":269,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2166,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969719,"pkt_ts_usec":565059,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoDJJAAPAGRqMRrGQkwKgBIgG7w9AFbnbyCxkLdVAQiWuWVAAAAAAAAAAA"}
@@ -2036,20 +2036,20 @@
00438{"flow_id":257,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2221,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":291175,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8tnZAAEAGXT3AqAEiUYUTucPKrY8W93Zm19BG5IAZECkulwAAAQEICj4jua8CsDJIZdJpfu5kCPY="}
00438{"flow_id":251,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":432476,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8DbFAAEAG8gPAqAEiVh8jHsPD6OVaW8L1OrkzbYAZECmSNQAAAQEICj4jujsAGgO9IXsnOyU+9vo="}
00879{"flow_id":266,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":514647,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"0NQSxnP1PBXCt3IOCABFAAGAK65AAEAGGCrAqAEiW77YF8POMD6CImX9rdWNC4AYECj2pwAAAQEICj4juo0NJSaium5jNp\/t6MnvYv17vInE+u60ockfR5mfGTOro0QN8LMKnmAyvODPlTeyrnkoAUpKceu5uu4NlVO\/v7ctJqTBVS8o0R1CSL+EPA5s6N3+\/xSicLOSk8FOw0ZK8JvNsCjaQnMlPLIfYEsiQsmAyX1mhdmutUXuX1FlLSieJ868LDp8KWnZBPAIIPoWEV34j0UNNhg8OjdvwRinNdOManql86rY\/V2GVf6ms8Z9fpiOdcl2TxrxP9aSeZz3HmVMIj+c1\/jv3lQrBoXgfkzaS2fI27xuPVW4vOSfOCqdpBx40nBoPLwgs99WAHdL8kRdgfaFID96DQLsQ1X2UmAKMsqHqhcdQYFDK9h1czYRqgSNf6OjxZjjG\/RON6LXVdAjMLtOT1G4VUncOMp43DgkS1qIRYNmPbrc8XzQI4wvtYSHiTNizbbA6Gpepi0kbFY="}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431969717061,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431969717062,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431969716797,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.39","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431969713965,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.145","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.62.0.85","src_port":13021,"dst_port":33647,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431969713813,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.97.100.249","src_port":13021,"dst_port":26635,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":271,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":556111,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnloAAEARWNXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2226,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":272,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":556330,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK65gAAEARC5fAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2227,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431969720556,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst5.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00440{"flow_id":252,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2231,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969720,"pkt_ts_usec":848846,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Ya5AAEAGeGPAqAEiUVNNjcPEROe9aVaB2bol\/oAZEClPQwAAAQEICj4ju9oAupldFs\/7EKwgSC8="}
00416{"flow_id":247,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":38439,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"PBXCt3IO0NQSxnP1CABFCAAthDRAADYGyohbvth9wKgBIgG7w79kPKOrTtpNelAYA6A0ZwAAFwMBAAAA"}
00410{"flow_id":247,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2236,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":38558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoq1JAAEAGmXfAqAEiW77YfcO\/AbtO2k16ZDyjsFAQH\/8wEwAA"}
@@ -2067,16 +2067,16 @@
00438{"flow_id":262,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2270,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":514408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8X0xAAEAGmx7AqAEiUA4uecPLET9q+leLFCuFJYAZECkvAwAAAQEICj4jvmoAA1WWI9QHv+GwZuI="}
00457{"flow_id":271,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":596689,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKt0gAAEARP+fAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
00457{"flow_id":272,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":596772,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKslEAAEARRN7AqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":273,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":954000,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0TgAAEARJgHAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2276,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":274,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969721,"pkt_ts_usec":954245,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAl6MAAEARX5bAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2277,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_first_seen":1431969721954,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00881{"flow_id":266,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2281,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969722,"pkt_ts_usec":473111,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"0NQSxnP1PBXCt3IOCABFAAGARphAAEAG\/T\/AqAEiW77YF8POMD6CImX9rdWNC4AYECjvDgAAAQEICj4jwiYNJSaium5jNp\/t6MnvYv17vInE+u60ockfR5mfGTOro0QN8LMKnmAyvODPlTeyrnkoAUpKceu5uu4NlVO\/v7ctJqTBVS8o0R1CSL+EPA5s6N3+\/xSicLOSk8FOw0ZK8JvNsCjaQnMlPLIfYEsiQsmAyX1mhdmutUXuX1FlLSieJ868LDp8KWnZBPAIIPoWEV34j0UNNhg8OjdvwRinNdOManql86rY\/V2GVf6ms8Z9fpiOdcl2TxrxP9aSeZz3HmVMIj+c1\/jv3lQrBoXgfkzaS2fI27xuPVW4vOSfOCqdpBx40nBoPLwgs99WAHdL8kRdgfaFID96DQLsQ1X2UmAKMsqHqhcdQYFDK9h1czYRqgSNf6OjxZjjG\/RON6LXVdAjMLtOT1G4VUncOMp43DgkS1qIRYNmPbrc8XzQI4wvtYSHiTNizbbA6Gpepi0kbFY="}
00457{"flow_id":271,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2284,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969722,"pkt_ts_usec":604608,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK1+UAAEARH0rAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
00457{"flow_id":272,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2285,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969722,"pkt_ts_usec":604741,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK050AAEARI5LAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1431969722958,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_first_seen":1431969722958,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":275,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2288,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969722,"pkt_ts_usec":958172,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMbpAAEAGam7AqAEi1KEIJMPSNFCRDXDAAAAAALAC\/\/+cTwAAAgQFtAEDAwUBAQgKPiPECQAAAAAEAgAA"}
00441{"flow_id":273,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2289,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":14290,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAmT0AAEARXfzAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00440{"flow_id":274,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2290,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":14375,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1YAAEARZ+PAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
@@ -2100,18 +2100,18 @@
00528{"flow_id":227,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2311,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":790537,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"PBXCt3IO0NQSxnP1CABFAAB7SH5AADYG4opABBemwKgBIpxWw7Pn2AXzm5R1X4AZAB3c4wAAAQEICkw\/Xx4+I8Z64vChZIGSYGPd3gWvHAF1FFvTvMFyE+EKC4hLmmkTcTXcSZeXLUvbX\/aasqLFgOputlv\/VSyHYLoj1pO44uMuYdtsNL3meSE="}
00418{"flow_id":239,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2313,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":864300,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQpkAAEARjprAqAEisBo3pzLd+R0AGtW0noACYJ7Q\/f1BEkFMtKs2xKkA"}
00417{"flow_id":240,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":864300,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAujeYAAEARD0nAqAEiTLnPDDLdsbUAGk80noICQMd2CkIbTJvr2m+0rjWR"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":276,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":979489,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLQV0AAEARtdHAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":277,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969723,"pkt_ts_usec":979685,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLuaAAAEARPY7AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2316,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_first_seen":1431969723979,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00438{"flow_id":275,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":58733,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FntAAEAGhbHAqAEi1KEIJMPSNFCRDXEXwSvNzoAYEChagwAAAQEICj4jyE4\/mk5203B1cONeI20="}
00441{"flow_id":273,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":89704,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAyr4AAEARLHvAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00440{"flow_id":274,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":89826,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAk9AAAEARY2nAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00440{"flow_id":249,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2324,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":396161,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA84\/pAAEAGRT7AqAEiR+4Hy8PBSU++p140nwx1rIAZECj6jwAAAQEICj4jyZ0DHKOA72ydd\/Dm76E="}
00440{"flow_id":252,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2326,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":466339,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8WStAAEAGgObAqAEiUVNNjcPEROe9aVaB2bol\/oAZEClBOgAAAQEICj4jyeMAupldFs\/7EKwgSC8="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1431969724570,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_first_seen":1431969724570,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":278,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2329,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":570574,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJs1AAEAGdVvAqAEi1KEIJMPTNFCYsmkqAAAAALAC\/\/+V\/gAAAgQFtAEDAwUBAQgKPiPKSgAAAAAEAgAA"}
00438{"flow_id":278,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2330,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":644714,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQw9NEN1OLmLJpK6ASOJD4ewAAAgQFrAQCCAo\/mJ6PPiPKSgEDAwk="}
00426{"flow_id":278,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2331,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969724,"pkt_ts_usec":644823,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kBRAAEAGDCDAqAEi1KEIJMPTNFCYsmkrRDdTjIAQECxPXAAAAQEICj4jypQ\/mJ6P"}
@@ -2136,7 +2136,7 @@
00439{"flow_id":262,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2358,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":243061,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8sAtAAEAGSl\/AqAEiUA4uecPLET9q+leLFCuFJYAZECkgiwAAAQEICj4jzOIAA1WWI9QHv+GwZuI="}
00457{"flow_id":272,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2360,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":641504,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKA0wAAEAR8+PAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
00457{"flow_id":271,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2361,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":641698,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKPxoAAEARuBXAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1431969725833,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_first_seen":1431969725833,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":279,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2364,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":833987,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABANR9AAEAGjrLAqAEilQ0gD8PUNFDIS2mSAAAAALAC\/\/+IvwAAAgQFtAEDAwUBAQgKPiPPMAAAAAAEAgAA"}
00438{"flow_id":279,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2365,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":886130,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9RkpUGCyEtpk6ASOJCS6wAAAgQFrAQCCAo\/guiRPiPPMAEDAwk="}
00426{"flow_id":279,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2366,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969725,"pkt_ts_usec":886255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0FRFAAEAGrszAqAEilQ0gD8PUNFDIS2mTZKVBg4AQECzp4QAAAQEICj4jz2Q\/guiR"}
@@ -2162,7 +2162,7 @@
00441{"flow_id":273,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2406,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":93107,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA778AAEARB3rAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00440{"flow_id":274,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2407,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":93193,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJ6IAAEARz5fAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00438{"flow_id":248,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2409,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":309976,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8LQRAAEAGXkDAqAEiTKehBsPATzJsmy887NUaAIAZECgInwAAAQEICj4j1Oi+oN9kxXgAHFm0KHI="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1431969727446,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_first_seen":1431969727446,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":280,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2410,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":446487,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw6JAAEAGAC\/AqAEilQ0gD8PVNFDxI3WvAAAAALAC\/\/9NiQAAAgQFtAEDAwUBAQgKPiPVcAAAAAAEAgAA"}
00439{"flow_id":279,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2411,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":462196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA894xAAEAGzEjAqAEilQ0gD8PUNFDIS2nzZKVBu4AYECq3awAAAQEICj4j1X8\/guieZ8yzMrUUW5Q="}
00438{"flow_id":280,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2412,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":498658,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQw9XOgDWr8SN1sKASOJC1wgAAAgQFrAQCCAo\/fSyFPiPVcAEDAwk="}
@@ -2185,15 +2185,15 @@
00417{"flow_id":270,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2430,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":878606,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"pkt":"PBXCt3IO0NQSxnP1CABFAAAtmCZAADcGs55bvtp9wKgBIjA+w9E3PWT+DmLWR1AYA6AnKQAAFwMBAAAA"}
00410{"flow_id":270,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2431,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969727,"pkt_ts_usec":878680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAog9ZAAEAGvvPAqAEiW77afcPRMD4OYtZHAAAAAFAEAADfIAAA"}
00522{"flow_id":221,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":344489,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"0NQSxnP1PBXCt3IOCABFAAB4yJVAAEAGJ1bAqAEinTfrksOrAbuMrH6YAEk0NoAZECxcjgAAAQEICj4j2OpMXR6aqu6O72aW6xh35z3AV+yJQQlzV\/czZ3tOI38nltt4UVqSgJEIfqzGP6jAcvysYI+CHXjgzzv6OFuoeDW4oVrEywZ4EAM="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":281,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":511844,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIsLcAAEARRULAqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2451,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00439{"flow_id":279,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2457,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":712068,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8u3lAAEAGCFzAqAEilQ0gD8PUNFDIS2nzZKVBu4AZECqykgAAAQEICj4j2lc\/guieZ8yzMrUUW5Q="}
00457{"flow_id":272,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2458,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":712328,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKohwAAEARVRPAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
00457{"flow_id":271,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2459,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":712462,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKmkkAAEARXObAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1431969728749,"flow_last_seen":0,"flow_tot_l4_data_len":507,"flow_min_l4_data_len":507,"flow_max_l4_data_len":507,"flow_avg_l4_data_len":507,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1431969728749,"flow_last_seen":0,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01069{"flow_id":282,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":749479,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIPEXQAAAER9GvAqAFc7\/\/\/+sOkB2wB+wkMTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29ubmVjdGlvbk1hbmFnZXI6MQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1431969728749,"flow_last_seen":0,"flow_tot_l4_data_len":507,"flow_min_l4_data_len":507,"flow_max_l4_data_len":507,"flow_avg_l4_data_len":507,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2460,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":1,"flow_first_seen":1431969728749,"flow_last_seen":0,"flow_min_l4_payload_len":499,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
01065{"flow_id":282,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2461,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":750205,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIN8CkAAAERFbjAqAFc7\/\/\/+sOkB2wB+afnTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6Q29udGVudERpcmVjdG9yeToxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZTo6dXJuOnNjaGVtYXMtdXBucC1vcmc6c2VydmljZTpDb250ZW50RGlyZWN0b3J5OjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy1OVC81LjEgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzpkNDZkNTAwOWUxNDcxYmE2ODAwZTQzZTdmMGUxMmVlNA0KDQo="}
00982{"flow_id":282,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2462,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":750814,"pkt_caplen":475,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":475,"pkt_l4_len":441,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHN3wIAAAERJx\/AqAFc7\/\/\/+sOkB2wBuX63Tk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVwbnA6cm9vdGRldmljZQ0KTlRTOnNzZHA6YWxpdmUNCkxvY2F0aW9uOmh0dHA6Ly8xMC4yMTEuNTUuMzoyODY5L3VwbnBob3N0L3VkaGlzYXBpLmRsbD9jb250ZW50PXV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpVU046dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGU6OnVwbnA6cm9vdGRldmljZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
00993{"flow_id":282,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2463,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969728,"pkt_ts_usec":751505,"pkt_caplen":484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":484,"pkt_l4_len":450,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHWqWoAAAERXK7AqAFc7\/\/\/+sOkB2wBwvRETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
@@ -2209,7 +2209,7 @@
00879{"flow_id":266,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2475,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969730,"pkt_ts_usec":313650,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"pkt":"0NQSxnP1PBXCt3IOCABFAAGA7b9AAEAGVhjAqAEiW77YF8POMD6CImX9rdWNC4AYECjQnAAAAQEICj4j4JgNJSaium5jNp\/t6MnvYv17vInE+u60ockfR5mfGTOro0QN8LMKnmAyvODPlTeyrnkoAUpKceu5uu4NlVO\/v7ctJqTBVS8o0R1CSL+EPA5s6N3+\/xSicLOSk8FOw0ZK8JvNsCjaQnMlPLIfYEsiQsmAyX1mhdmutUXuX1FlLSieJ868LDp8KWnZBPAIIPoWEV34j0UNNhg8OjdvwRinNdOManql86rY\/V2GVf6ms8Z9fpiOdcl2TxrxP9aSeZz3HmVMIj+c1\/jv3lQrBoXgfkzaS2fI27xuPVW4vOSfOCqdpBx40nBoPLwgs99WAHdL8kRdgfaFID96DQLsQ1X2UmAKMsqHqhcdQYFDK9h1czYRqgSNf6OjxZjjG\/RON6LXVdAjMLtOT1G4VUncOMp43DgkS1qIRYNmPbrc8XzQI4wvtYSHiTNizbbA6Gpepi0kbFY="}
00438{"flow_id":262,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2476,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969730,"pkt_ts_usec":396861,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8mg9AAEAGYFvAqAEiUA4uecPLET9q+leLFCuFJYAZECkMggAAAQEICj4j4OsAA1WWI9QHv+GwZuI="}
00428{"flow_id":262,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2477,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969730,"pkt_ts_usec":482726,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0oUFAAHQGJTFQDi55wKgBIhE\/w8sUK4UtavpXlIAQ\/5iQtgAAAQEICgADVhg+I+Dr"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","flow_id":281,"flow_packet_id":1,"flow_first_seen":1431969728511,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":279,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969730,"pkt_ts_usec":994053,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8KLZAAEAGmx\/AqAEilQ0gD8PUNFDIS2nzZKVBu4AZECqpqgAAAQEICj4j4z8\/guieZ8yzMrUUW5Q="}
00441{"flow_id":252,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969731,"pkt_ts_usec":488493,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8EFJAAEAGyb\/AqAEiUVNNjcPEROe9aVaB2bol\/oAZECkl8gAAAQEICj4j5SsAupldFs\/7EKwgSC8="}
01049{"flow_id":282,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2500,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969731,"pkt_ts_usec":759264,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIBLRwAAAER2NHAqAFc7\/\/\/+sOkB2wB7a5yTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpNZWRpYVNlcnZlcjoxDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZTo6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOk1lZGlhU2VydmVyOjENCkNhY2hlLUNvbnRyb2w6bWF4LWFnZT05MDANClNlcnZlcjpNaWNyb3NvZnQtV2luZG93cy1OVC81LjEgVVBuUC8xLjAgVVBuUC1EZXZpY2UtSG9zdC8xLjANCk9QVDoiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsgbnM9MDENCjAxLU5MUzpkNDZkNTAwOWUxNDcxYmE2ODAwZTQzZTdmMGUxMmVlNA0KDQo="}
@@ -2230,29 +2230,29 @@
00439{"flow_id":279,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969734,"pkt_ts_usec":114383,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hLpAAEAGPxvAqAEilQ0gD8PUNFDIS2nzZKVBu4AZECqdgQAAAQEICj4j72g\/guieZ8yzMrUUW5Q="}
01087{"flow_id":282,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2526,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969734,"pkt_ts_usec":853624,"pkt_caplen":555,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":555,"pkt_l4_len":521,"pkt":"AQBef\/\/6xCwDBkn+CABFAAIdnLUAAAERaRzAqAFc7\/\/\/+sOkB2wCCWYzTk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnVybjptaWNyb3NvZnQuY29tOnNlcnZpY2U6WF9NU19NZWRpYVJlY2VpdmVyUmVnaXN0cmFyOjENCk5UUzpzc2RwOmFsaXZlDQpMb2NhdGlvbjpodHRwOi8vMTAuMjExLjU1LjM6Mjg2OS91cG5waG9zdC91ZGhpc2FwaS5kbGw\/Y29udGVudD11dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZQ0KVVNOOnV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlOjp1cm46bWljcm9zb2Z0LmNvbTpzZXJ2aWNlOlhfTVNfTWVkaWFSZWNlaXZlclJlZ2lzdHJhcjoxDQpDYWNoZS1Db250cm9sOm1heC1hZ2U9OTAwDQpTZXJ2ZXI6TWljcm9zb2Z0LVdpbmRvd3MtTlQvNS4xIFVQblAvMS4wIFVQblAtRGV2aWNlLUhvc3QvMS4wDQpPUFQ6Imh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7IG5zPTAxDQowMS1OTFM6ZDQ2ZDUwMDllMTQ3MWJhNjgwMGU0M2U3ZjBlMTJlZTQNCg0K"}
00994{"flow_id":282,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2527,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969734,"pkt_ts_usec":854265,"pkt_caplen":484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":484,"pkt_l4_len":450,"pkt":"AQBef\/\/6xCwDBkn+CABFAAHWlOAAAAERcTjAqAFc7\/\/\/+sOkB2wBwvRETk9USUZZICogSFRUUC8xLjENCkhvc3Q6MjM5LjI1NS4yNTUuMjUwOjE5MDANCk5UOnV1aWQ6MmNiYzc4NWUtMjVmNC00MGNhLTk4YjUtMGQ1ODA0YWRhYThlDQpOVFM6c3NkcDphbGl2ZQ0KTG9jYXRpb246aHR0cDovLzEwLjIxMS41NS4zOjI4NjkvdXBucGhvc3QvdWRoaXNhcGkuZGxsP2NvbnRlbnQ9dXVpZDoyY2JjNzg1ZS0yNWY0LTQwY2EtOThiNS0wZDU4MDRhZGFhOGUNClVTTjp1dWlkOjJjYmM3ODVlLTI1ZjQtNDBjYS05OGI1LTBkNTgwNGFkYWE4ZQ0KQ2FjaGUtQ29udHJvbDptYXgtYWdlPTkwMA0KU2VydmVyOk1pY3Jvc29mdC1XaW5kb3dzLU5ULzUuMSBVUG5QLzEuMCBVUG5QLURldmljZS1Ib3N0LzEuMA0KT1BUOiJodHRwOi8vc2NoZW1hcy51cG5wLm9yZy91cG5wLzEvMC8iOyBucz0wMQ0KMDEtTkxTOmQ0NmQ1MDA5ZTE0NzFiYTY4MDBlNDNlN2YwZTEyZWU0DQoNCg=="}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":283,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969735,"pkt_ts_usec":255261,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuQGgAAEARFBbAqAEiarz5ujLdOxAAGjrunqMCSv26L3gQtCJn9dl5F8Bv"}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2528,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00457{"flow_id":272,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2543,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969737,"pkt_ts_usec":793099,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKNw8AAEARwCDAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
00457{"flow_id":271,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2544,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969737,"pkt_ts_usec":793236,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKv88AAEARN2DAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
00442{"flow_id":273,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2546,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969739,"pkt_ts_usec":164470,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA88UAAEARA3TAqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00441{"flow_id":274,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2547,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969739,"pkt_ts_usec":164656,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAieIAAEARbVfAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2553,"source":"skype.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_first_seen":1431969735255,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"106.188.249.186","src_port":13021,"dst_port":15120,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":276,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2554,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969741,"pkt_ts_usec":292951,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLh7wAAEARb3LAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00457{"flow_id":277,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2555,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969741,"pkt_ts_usec":293099,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLtQQAAEARQirAqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
00804{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969742,"pkt_ts_usec":365609,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJCUtAADQGY8tsoKouwKgBIgG7wSW4YenMqCbVRIAYAE+qkQAAAQEICmF6ztI+I3o6FwMBARDomDRC9tnU\/exAVC59HZPlEBW4rHeYicAzJ9Yo0Ees\/wMPsuDWIc9hCCUxarvHcZ19ZOXniHKoqEwFGFsxlBMnqF983iXzs4Ynpy4FeuPjfx841vRmTU+g6x2y3wWqnDLKBif9hjEV+q0Otvz1I9aTRlaCaRrqii2xzU1UlVzO2uuCVbfcDxrKUz0yrDO6G8lGCa4\/MlcQvm5H+k1a6Ixj7cii3DGdvIn73tTBKLcoiEBpQvuHlTOznFl6\/2MAlPmCpWlUEi815rMJLcNqendQ2Yy0vjL3Hx8fW+k80UUU8OLNEA0T3b9IpL0NiCziwQt9nyF5sZf9\/X6whqFZX+OeA6yRDmcN91vQkWrGQVmUDw=="}
00426{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2563,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969742,"pkt_ts_usec":365687,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0UZNAAEAGEJjAqAEibKCqLsElAbuoJtVEuGHq4YAQD\/cskwAAAQEICj4kD5lhes7S"}
01712{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969742,"pkt_ts_usec":368354,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuHjxAAEAGQDXAqAEibKCqLsElAbuoJtVEuGHq4YAYEADuGAAAAQEICj4kD5thes7SFwMBACBZ3ZKcXmiBOk8D3IqoiB5thIyobcGXKCD31gMfT+5A7hcDAQOQO7JLMoFeqVUWWmFcMdC2n5EJzzwS3YP5oZXZUFNTlPrB+a2ONgY4rboRQssilQ2K11Qjncw1AF9QP3kbPUEWtFQPwaf3YOKe2do45hKGhxsHeM3OE0suxeg7aufNBuoh\/So7tuMtBMs5J+i4Fcbt9YPNjgoB6HiLnLN8m0mwYVSekxbPaw1OSUIrtpuiI8YTcNv\/G6DI\/4SjAShssstqlUpRosFhRCBeyH8I5ssp5H0fRNw9LyXfTzPSgDUATp+z7J5tL0z7z0UwAlB5WOe2DIp5zAEmNoipVm1WkhIonL0bpVviHpmF6JeaJu9YuR+qY0OxaF5lv9InlxjedoREa7AQa086chZTRieU+Iwnn4eNA40uMLQe4NJ61OMnhR0OBTgAp+GIzLqYbAN8FhVaqql1eX24uT+XRklcpQqlf1YilU9Nx+B3RTODIyCusKmXQimXtaQOf8d3ZoNo3ZVbme+6m0ska74FBwiI4fpJdo5OVdSUJM+b+HJtmvnKNuaTFljN3f4rdPUtBOH3rriKzK8EgJOFWSXosTVQHRuZ9IZvqvH+eqqjiSjf6FPYaYgiIK+gyDl6wzWbYQgW8X0jEPo8pWNfo6jldR4WBu6Sp1ct33wKW+M5G8AbE0tKxJpjAJVeEczXfpfUiikFjTctJNm936lqB368qHztej94vu3mzkfAOsrj3vkAo6zEpPOAoKrO4VtJ0PhhP47MLOQE++bojbpOyZ5BQ3Dwd\/m4BbHJLKxhx9uTroFmNxGncddLUYaqJhRxP05rUvaHtVjgsQHR8uGMmKFzJ8OzcPWwFkov3C\/sWuxMFnbVoNIAfeM5HRMNvhN0lioecbScAH2z0BOKPm5afUtSZJSqMrcxgURrI0Hyl45TvWFJHSZwwP9esxP4tWpzvHqDzDFDvrsTKj5+drUTa1My+HQaxS7X0IzhNZh6FR7hZuENXh+2rSKFSxbrocQOehW71KB\/0xoR8AfBBt7NC7gxIGWU430rERFOm8BwgjU05UNW2+bVOWaL+B9iGyH1fSzrgbz9TWDmL3kZ624JvqR31IegpjiHJAstkRJ3ZvM6rk0ReJLanvVh3UpP6GqWM9HHW0Vj4\/RVAF35SqAeAYfUiw2yJGB7augJIlPoKVmMr+f4Txia+zEbKl6QnUGNJ4c3LfW6YKMGlnck\/ka7do4zzRPExB\/z2iaNO0yPcrToM+Fu\/Qgzqzr7"}
00426{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969742,"pkt_ts_usec":508305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0CUxAADQGZN9soKouwKgBIgG7wSW4YerhqCbY\/oAQAFM4VwAAAQEICmF6zvY+JA+b"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00581{"flow_id":284,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":776534,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAACh3hQAAAERKXPAqAEi7\/\/\/+t42B2wAjVUWTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2593,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00578{"flow_id":284,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2594,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":776598,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACg2\/EAAAERK5fAqAEi7\/\/\/+t42B2wAjLsJTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00581{"flow_id":285,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":776670,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChjL0AAAEResrAqAEi7\/\/\/+vwwB2wAjTccTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2595,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00577{"flow_id":285,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2596,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":776721,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgyNwAAAERPqzAqAEi7\/\/\/+vwwB2wAjJ0PTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_first_seen":1431969745776,"flow_last_seen":0,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":286,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2597,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":776832,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoljUAAEARYRzAqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"}
00449{"flow_id":236,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2598,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969745,"pkt_ts_usec":780447,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYUAAEAB8QDAqAEBwKgBIgMDgJYAAAAARQAAKJY1AABAEWEcwKgBIsCoAQHBZxTnABQyOAABAAAy3TLdAAAOEA=="}
00408{"flow_id":286,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":31995,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoS5QAAEARq73AqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"}
@@ -2261,25 +2261,25 @@
00449{"flow_id":236,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2622,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":547896,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYcAAEAB8P7AqAEBwKgBIgMDgJYAAAAARQAAKPxTAABAEfr9wKgBIsCoAQHBZxTnABQyOAABAAAy3TLdAAAOEA=="}
00457{"flow_id":272,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2627,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":803369,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKUvYAAEARpDnAqAEiwKgBAdxDADUANtEePu0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAABwAAQ=="}
00457{"flow_id":271,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2628,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":803502,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKe1gAAEARe9fAqAEiwKgBAc4GADUANhjrBXkBAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDUBcgVza3lwZQNuZXQAAAEAAQ=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2629,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2629,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":287,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":885173,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISe9sAAEAROzbAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2629,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2630,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2629,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2630,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":288,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2630,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969746,"pkt_ts_usec":885498,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISdZwAAEARfs3AqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2630,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2631,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2630,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2631,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":289,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2631,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969747,"pkt_ts_usec":141667,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISeR0AAEARPbrAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2631,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2631,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":290,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969747,"pkt_ts_usec":142346,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISXjYAAEARlfnAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2632,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2632,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00409{"flow_id":286,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969747,"pkt_ts_usec":554327,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoBdoAAEAR8XfAqAEiwKgBAcFnFOcAFDI4AAEAADLdMt0AAA4Q"}
00449{"flow_id":236,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969747,"pkt_ts_usec":557913,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABEBYgAAEAB8P3AqAEBwKgBIgMDgJYAAAAARQAAKAXaAABAEfF3wKgBIsCoAQHBZxTnABQyOAABAAAy3TLdAAAOEA=="}
00442{"flow_id":273,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2636,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969748,"pkt_ts_usec":262990,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAKKsAAEARzo7AqAEiwKgBAc3qADUALN\/7ZhIBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00441{"flow_id":274,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969748,"pkt_ts_usec":263105,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5EEAAEAREvjAqAEiwKgBAcpaADUALFPq9ZgBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00457{"flow_id":276,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2647,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969750,"pkt_ts_usec":316047,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLga0AAEARdYHAqAEiwKgBAfe9ADUAN4CxqiYBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00457{"flow_id":277,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2648,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969750,"pkt_ts_usec":316236,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLcFEAAEARht3AqAEiwKgBAf4NADUANx167A0BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1431969750597,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":1,"flow_first_seen":1431969750597,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":291,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2649,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969750,"pkt_ts_usec":597501,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYx1AAEAGQ2nAqAEinTg1L8PWMD5iE\/TfAAAAALAC\/\/\/p7gAAAgQFtAEDAwUBAQgKPiQvsAAAAAAEAgAA"}
00437{"flow_id":291,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2651,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969750,"pkt_ts_usec":865851,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGs4qdODUvwKgBIjA+w9azhlZQYhP04KASOJDCuQAAAgQFrAQCCApiCpO7PiQvsAEDAwk="}
00426{"flow_id":291,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2652,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969750,"pkt_ts_usec":865951,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wMFAAEAG5dDAqAEinTg1L8PWMD5iE\/Tgs4ZWUYAQECwY2QAAAQEICj4kMLtiCpO7"}
@@ -2288,37 +2288,37 @@
00532{"flow_id":291,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2656,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969751,"pkt_ts_usec":97769,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"PBXCt3IO0NQSxnP1CABFAACAxa9AADMG7ZadODUvwKgBIjA+w9azhlZRYhP1OIAYAB2oqAAAAQEICmIKk\/8+JDC79RtnezqwNkWmj+L6lXY3V1LUsLxOLBdhnxf1oRIVuBrv1bl4qHetgcqH6oA8OkFa3J0qE6j51s80FUJLgPFuh4yNWoMCufmCpDDtqw=="}
00426{"flow_id":291,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2657,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969751,"pkt_ts_usec":97984,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ln5AAEAGEBTAqAEinTg1L8PWMD5iE\/U4s4ZWnYAQECkXDgAAAQEICj4kMaFiCpP\/"}
00438{"flow_id":291,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2658,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969751,"pkt_ts_usec":98548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8cuFAAEAGM6nAqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECmWAgAAAQEICj4kMaFiCpP\/ou083U4OUyI="}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00434{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_first_seen":1431969747141,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_first_seen":1431969747142,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2659,"source":"skype.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_first_seen":1431969746885,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00417{"flow_id":292,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969751,"pkt_ts_usec":302316,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":12,"pkt":"AQBeAAAB0NQSxnP1CABGwAAkAABAAAECQmnAqAEB4AAAAZQEAAARZOweAAAAAAJ9AAAAAAAAAAAAAAAA"}
-00466{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2660,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00599{"flow_id":291,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2671,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969752,"pkt_ts_usec":702036,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACwh4FAAEAGHpXAqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECnRuwAAAQEICj4kN+BiCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
00600{"flow_id":291,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2673,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969754,"pkt_ts_usec":301317,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACw0RhAAEAG1P3AqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECnLfAAAAQEICj4kPh9iCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2700,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969756218,"flow_tot_l4_data_len":88046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2700,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969756218,"flow_tot_l4_data_len":88046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2700,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969756218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":79866,"flow_avg_l4_payload_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2700,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969756218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":79866,"flow_avg_l4_payload_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
00601{"flow_id":291,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2725,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969757,"pkt_ts_usec":319046,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACw99xAAEAGrjnAqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECm\/yAAAAQEICj4kSdNiCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2746,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2746,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":293,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2746,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969758,"pkt_ts_usec":516437,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIeXwAAEARfH3AqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2746,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1431969759543,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2746,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1431969759543,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":294,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969759,"pkt_ts_usec":543192,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFwABMl\/4AAEAR3SbAqAEiEf0w9QB7AHsAOFSa4wIG7AAAChwAAPSnEf0w9dkEndkb+ycx2QSd2Rb0\/7nZBJ3ZG\/snMdkEnl+LA3WC"}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1431969759543,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2761,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_first_seen":1431969759543,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP.Apple","breed":"Safe","category":"System"}}
00458{"flow_id":294,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2763,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969759,"pkt_ts_usec":588131,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"PBXCt3IO0NQSxnP1CABFAABMAABAADgRPeUR\/TD1wKgBIgB7AHsAOA1EJAEG7AAAAAAAAAAMR1BTc9kEnl2e8n962QSeX4sDdYLZBJ5fkbdSxdkEnl+RubQR"}
-00435{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":1,"flow_first_seen":1431969751302,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2792,"source":"skype.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_first_seen":1431969758516,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00695{"flow_id":264,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2799,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969762,"pkt_ts_usec":102807,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5lCJAADAGQm0Rj6AWwKgBIhRnwSeBM8YylvCqrIAYASF5ZAAAAQEIClVKruc+I7CHFwMBAMDbVcDXDjk6OywWp+H6bz0fp7Wdoe+zQTYAYzmO6g9ZcYAM2yKmlHkdsIQ\/fH+0unnd4ebwCzOwTTJYEQKBIirSGmlpFwGzZcKVtPCCjD5ILam\/x\/j0mo3148Vj7y6Tj7YjGVbzc8xx0I7GWPviK3o0QTcqDMMx68MZm6wWhSIUc+ijHlPByZnCGs2hs509J6XKUe8m5c5Ov+jIzGK9u5v5MgyqbthXRZTArzNzI37QCYC3kZkF3a6QteV2op9W3SI="}
00426{"flow_id":264,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969762,"pkt_ts_usec":102909,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0rgNAAEAGGVHAqAEiEY+gFsEnFGeW8KqsgTPG94AQD\/n1QwAAAQEICj4kXGNVSq7n"}
00549{"flow_id":264,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2801,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969762,"pkt_ts_usec":104186,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOqiNAAEAGHNfAqAEiEY+gFsEnFGeW8KqsgTPG94AYEABIFAAAAQEICj4kXGRVSq7nFwMBACCrq8Pa1S0H21OIhZwGAXIjnAlDFONAulogzbl9GkhCVBcDAQAwWffu8MxJHsXmejKZY05dKxegWcqQTLbKFBDdYnR0wJj18BcB6JFw+p\/ehKRUVyxJ"}
00425{"flow_id":264,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2806,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969762,"pkt_ts_usec":502876,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0lCNAADAGQzERj6AWwKgBIhRnwSeBM8b3lvCrBoAQASECYQAAAQEIClVKsEc+JFxk"}
00600{"flow_id":291,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2815,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969763,"pkt_ts_usec":146604,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACwwYxAAEAG5InAqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECmpKAAAAQEICj4kYHNiCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":295,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2921,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969770,"pkt_ts_usec":694149,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABArS9AAEAG3hDAqAEiTKehBsPXTzInl3a\/AAAAALAC\/\/8aLgAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":296,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2922,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969770,"pkt_ts_usec":694385,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABALoZAAEAG+q7AqAEiR+4Hy8PYSU+K+FHXAAAAALAC\/\/9\/iwAAAgQFtAEDAwUBAQgKPiR90gAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":1,"flow_first_seen":1431969770694,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":297,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2923,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969770,"pkt_ts_usec":694633,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQGxAAEAGd6zAqAEiBfi63cPZeSJOVOkRAAAAALAC\/\/+EAwAAAgQFtAEDAwUBAQgKPiR90wAAAAAEAgAA"}
00441{"flow_id":297,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2924,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969770,"pkt_ts_usec":813916,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2Z5AAHIGrHkF+LrdwKgBInkiw9nUmdR+TlTpErASRBBRzQAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
00425{"flow_id":297,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2925,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969770,"pkt_ts_usec":814036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mqxAAEAGHXjAqAEiBfi63cPZeSJOVOkS1JnUf4AQECwKBgAAAQEICj4kfkoAAAAA"}
@@ -2340,9 +2340,9 @@
00425{"flow_id":295,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2944,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":261244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NnJAAEAGVNrAqAEiTKehBsPXTzInl3b0mo2mjYAQECqMWgAAAQEICj4kgAW+obtE"}
00437{"flow_id":295,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2945,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":261774,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8I9dAAEAGZ23AqAEiTKehBsPXTzInl3b0mo2mjYAYECoFFwAAAQEICj4kgAW+obtETjjGVAMHb58="}
00438{"flow_id":297,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2946,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":436178,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Vx1AAEAGYP\/AqAEiBfi63cPZeSJOVOlk1JnUs4AYECohbwAAAQEICj4kgLMAAHDpAn7P43BvMd8="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1431969771806,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":1,"flow_first_seen":1431969771806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":298,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2951,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":806353,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXBhAAEAGzRzAqAEiR+4Hy8PaSU8uFQxlAAAAALAC\/\/8djQAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1431969771806,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":1,"flow_first_seen":1431969771806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":299,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2952,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":806544,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZhxAAEAGUfzAqAEiBfi63cPbeSJooXaIAAAAALAC\/\/\/X7AAAAgQFtAEDAwUBAQgKPiSCJAAAAAAEAgAA"}
00441{"flow_id":299,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2953,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":918975,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABA2bNAAHIGrGQF+LrdwKgBInkiw9s0p7etaKF2ibASRBBmywAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
00425{"flow_id":299,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969771,"pkt_ts_usec":919107,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HKZAAEAGm37AqAEiBfi63cPbeSJooXaJNKe3roAQECwaugAAAQEICj4kgpQAAAAA"}
@@ -2377,7 +2377,7 @@
00438{"flow_id":296,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2988,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969773,"pkt_ts_usec":756074,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8q5ZAAEAGfaLAqAEiR+4Hy8PYSU+K+FIIJqKqBIAZECnrjAAAAQEICj4kibgDHKWz6MDF2eKkrLc="}
00438{"flow_id":295,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3004,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969774,"pkt_ts_usec":500525,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8HI5AAEAGbrbAqAEiTKehBsPXTzInl3b0mo2mjYAYECr4ggAAAQEICj4kjJm+obtETjjGVAMHb58="}
00600{"flow_id":291,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969774,"pkt_ts_usec":584948,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACwbWhAAEAGOK7AqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECl8sAAAAQEICj4kjOtiCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1431969774806,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_first_seen":1431969774806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":300,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3013,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969774,"pkt_ts_usec":806959,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwnFAAEAGyM7AqAEiTKehBsPcTzIA95PqAAAAALAC\/\/8TqQAAAgQFtAEDAwUBAQgKPiSNxwAAAAAEAgAA"}
01485{"flow_id":298,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3029,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969775,"pkt_ts_usec":664452,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"pkt":"0NQSxnP1PBXCt3IOCABFAAM8djRAAEAGsATAqAEiR+4Hy8PaSU8uFQyjSF8fk4AYECpvNQAAAQEICj4kkRsDHKXGUavdqK5jKMMSJd1aThF7FBKXUICAfMNWFhUmUxI0Tq84vrbku0g5Bx4GJkFifLaR+VJDd+xQMueYgdSOmzSizXPN6wIAQFcrsg18EZnlgZqkvX1wya1ra\/P8ikZD5J87cXK+UHuMBwjXGgkBe4osU++\/IXTumsPbQuL8DCeN877EODz9BoW3xUarWJUqzA\/j5MPZJc7lduck\/cfSybhRdJyeMFH9C8wmlj92USXfkU3WYeDhjcYUlD1iOuk9+rWcC+3nnfR2OuYKvn3kxTKrEd4b3o2bdK71sbLK\/\/MsOKQihY+yZK4AqOeMm9Yl4fBOqp1rRpZqQ9zBCofUHLvcubQbs20H1ekdSJl12ZlEEbFzd\/o2SU6Uq9nj77Nn1Ja8X7Ae0asCmfZO85WbUjnsQYfDJAagQw8yO\/owZ6F726YJRxhRWxUvIzbbD1D4zH90pizBiBH1iESRyyzoBySiMtaxh3t\/+q906FJLA9OQ+fiubRU6wQpUhBZkugMpmRVGR2Nf2iNMVk2gBzTbw0WXJ77WlgnXoSuZ0+iTWgwde\/8DMVtAp67TKvDGDeL63N7wb48UHwEcT00Ep3h+nqlfRnZGkzMYbcCyD60Q8jS4z\/d9dISk\/S7Gwx7OmNwIKZ3jQHA6nSjKOZ1WJun2ICFKv0fJysa9HE0Xw3qsnO7y75YYEDyMz\/gqIm\/Zum3EOBjpbkyzjimZODWcCjFu+R+kUfL3d1Z5kktQd458igMhgW7dzqZCXtNcBoNAONTFxOfmWt\/4ZbKtET4f0\/nXNkMO0ql6ay5cUFKsUQlHyOtM5gOPL\/tQaOW2bibD0yjXqWxatQSK3ftkEbHU0K5GcU7RGNosArNSZpeFyU5nsJ0kDM4FnwlaMhVvvACIgrayRKC6+MnomefZoSnoPP0cC4ica8qpyErvBLQxNNTWWvRgDpvNVv4tvkwCr+7kKasulPom\/7SE7jCRFuhSFgtVnuXJ\/Nh6ZN72EJ72zrie0NZ0MgCIrGnBLFp91z2jTIl7S1cD\/AgDSsPV6bU="}
01476{"flow_id":299,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3030,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969775,"pkt_ts_usec":664453,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"pkt":"0NQSxnP1PBXCt3IOCABFAAM805lAAEAG4YLAqAEiBfi63cPbeSJooXbGNKe39IAYECk3XQAAAQEICj4kkRsAAHD5NilX5D9QuJPVOF9F0MsWIyMCx8wmB7325OhhkpjZqNmQFVRZh2DcOK2Qkj3IWSkR+1ZEVcjNen9sPVTvumWqi2dkr+D+7\/jTE81PzAVkIHgOwxDV9PHcMhZJqHDkvV7S0T9aQY7j8dnm6dvWkAWBXYT5\/vYCQuY5Hq9XuvOiUo70rdoECScmATxus8wmyoIZqkY2go4nSDc8d6DDxh2u770\/HODI8yuJAcSz7sEyVBp1j6EoItTcfEsxFNeU3s+xFrpHJu4aDRiGGbvNBgP3e3+fXMWkfMW1ORg73le3VNf8kNg4YAGmxTMB5OwTsvcYXGJsLIuV06tk5Rmj2pvFLcGVJg9wFQIsfogrYj+OpFA+iWyta029Y8BUL0rF2o1bK7GsusGX+xgPqlB8zdwaptZzG0NRcFWaVickdNQ4mtjCHc5EWAal9HJKxXcdjjPtvK64tq5YzVKpJvwDYrlf8kYl9xxMk+DvHKWdIrtySzI8ziFJzRf9txNe7SOmQ20gTr+mAezfkg2A4Yk1EEmFpy77yRnOJqKMjZ8dVKdPeBXe1UWiDTWilEMiomx5RVYZIZIreqmcCn4JNpPewgfnmngE3uQjIJWconOKVwyckKVu\/1HCUXEGoVlbUiSuQPve449ne+PFJ1imorp1lEphPPkbfEJ\/wgiBKTmM6R\/CQOSQ2v3T4lM5n75LegxR0L5xglSmRwOdueKvl8jUVtvIo\/TA5vjqBGJFs7og7L0IG9AaoE0DWblqouRdMS6zAKhVxqjr4e\/h\/rjIQ3MD5qnbVVBC9Hpsiq0CVDo\/Qkh07wp15HNyoR1W+Bj6xHFo08QqnaUPmpDtWweIMDPYQgEBV4Cv0YyGH1qLqrK3aQVL8VWusSxvM3EtjgiC3OncHLFwOG+\/LQH47MH+TK7AD7PvsB6UjKl1j4wEHCd42G2JOh60HmuSBPu1NlwoQWq65mQeoNzV78+XnhbbOeJkKSuIgS3ARrm1xTDDkwbNEFW6RI31RtYx75ORhmcdLtIQGUSJ3dloJrW7BVI="}
@@ -2388,30 +2388,30 @@
00438{"flow_id":297,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3054,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969776,"pkt_ts_usec":284862,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8C5tAAEAGrIHAqAEiBfi63cPZeSJOVOlk1JnUs4AZECoOngAAAQEICj4kk4MAAHDpAn7P43BvMd8="}
00437{"flow_id":300,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3061,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969776,"pkt_ts_usec":480651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAAC4GnURMp6EGwKgBIk8yw9wNTHkCAPeT66AScSCe6QAAAgQFrAQCCAq+oc+oPiSNxwEDAwc="}
00409{"flow_id":300,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3062,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969776,"pkt_ts_usec":480751,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo01NAAEAGuATAqAEiTKehBsPcTzIA95PrAAAAAFAEAABYdwAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3071,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3071,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":301,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3071,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969776,"pkt_ts_usec":969188,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISIDoAAEARltfAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3071,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3072,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3071,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3072,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":302,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3072,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969776,"pkt_ts_usec":969478,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISyoYAAEARKePAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3072,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3077,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3072,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3077,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":303,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3077,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969777,"pkt_ts_usec":184649,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISsXEAAEARBWbAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3077,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3078,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3077,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3078,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01078{"flow_id":304,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3078,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969777,"pkt_ts_usec":185355,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISPVEAAEARtt7AqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3078,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3078,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00438{"flow_id":295,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3080,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969777,"pkt_ts_usec":541469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8V4pAAEAGM7rAqAEiTKehBsPXTzInl3b0mo2mjYAZECrstQAAAQEICj4kmGW+obtETjjGVAMHb58="}
00438{"flow_id":296,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3088,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969780,"pkt_ts_usec":799033,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Ys5AAEAGxmrAqAEiR+4Hy8PYSU+K+FIIJqKqBIAZECnQKAAAAQEICj4kpRwDHKWz6MDF2eKkrLc="}
00439{"flow_id":297,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3089,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969781,"pkt_ts_usec":311956,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8UCxAAEAGZ\/DAqAEiBfi63cPZeSJOVOlk1JnUs4AZECr7BAAAAQEICj4kpxwAAHDpAn7P43BvMd8="}
-00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_tot_l4_data_len":384,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_tot_l4_data_len":792,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_tot_l4_data_len":792,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":8,"flow_first_seen":1431969712918,"flow_last_seen":1431969747557,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_first_seen":1431969777184,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_first_seen":1431969777185,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_first_seen":1431969776969,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3090,"source":"skype.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":17,"flow_first_seen":1431969642336,"flow_last_seen":1431969661480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50026,"dst_port":40002,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":295,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3106,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969783,"pkt_ts_usec":391187,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8\/wRAAEAGjD\/AqAEiTKehBsPXTzInl3b0mo2mjYAZECrV5AAAAQEICj4krza+obtETjjGVAMHb58="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1431969783628,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_first_seen":1431969783628,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":305,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3107,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969783,"pkt_ts_usec":628523,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJsBAAEAG06bAqAEiUA4uecPdET\/5wLoiAAAAALAC\/\/9\/YwAAAgQFtAEDAwUBAQgKPiSwIwAAAAAEAgAA"}
00444{"flow_id":305,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3108,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969783,"pkt_ts_usec":723543,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABAoepAAHQGJHxQDi55wKgBIhE\/w92tjxb3+cC6I7AS\/\/+oHwAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
00426{"flow_id":305,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3109,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969783,"pkt_ts_usec":723647,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sYlAAEAGSOnAqAEiUA4uecPdET\/5wLojrY8W+IAQECzqDwAAAQEICj4ksIIAAAAA"}
@@ -2423,7 +2423,7 @@
00979{"flow_id":264,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3116,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":621362,"pkt_caplen":471,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":471,"pkt_l4_len":437,"pkt":"PBXCt3IO0NQSxnP1CABFAAHJlCRAADAGQZsRj6AWwKgBIhRnwSeBM8b3lvCrBoAYASFkNgAAAQEIClVLBnA+JFxkFwMBAZCllgvfKgF3Uuy2s+53DS76VVnqikpXIc3w7V3Ix74m70o8mFUpsp8eGrlCfVkhSOm1QbJBTs9E59sjW1f2kz1cx6sA5h9+Uslt7bLzmfCkZOEes9x1njC2nvBrHBBVkdN9vTKYtKoqrpJ7XtDHAuiBv8+m+jJ6jWgjvjR5vrP5DGAAK\/WXz7\/7XE5iN\/r2nQUL8b55EBg\/7XJ9cSavbLCUiso\/Px3scVJqGuCzwi7M4A38Zu8jRFPT2LmYwQyEvyHWawU8lrVyfXav1ED\/QoNsS6QQjzHDpoM+zypXuFR94DfDIAMZ6YZWhZ55yiuFEog5nSYWBAtowtxhUqSukk\/NdRVzZbpmBw\/gsZf\/cBkJTMy+Sgzy5eVlEQ8IVz+0WmwyCFGSm6ky++PBd4w8TKZxk2rZoCsoF9CuyVP+oJ1oI2IR8nf3pAV\/+k604Q+oLdUhKmWpSJCB5WJUXkXKMyrW3s2AcAILPe+bPiqi\/VEY3FPr878SOwWK1TrUfRFqTymWnf0iwuHNiAMMUWj1pBZT"}
00427{"flow_id":264,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3117,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":621445,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Vk1AAEAGcQfAqAEiEY+gFsEnFGeW8KsGgTPIjIAQD\/NEMwAAAQEICj4ktAFVSwZw"}
00552{"flow_id":264,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3118,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":622668,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOb59AAEAGV1vAqAEiEY+gFsEnFGeW8KsGgTPIjIAYEAB6dQAAAQEICj4ktAJVSwZwFwMBACBMjqTWniHrcBEslZ43JJNdL32X\/QhiSiCd6RZ4FJgq0hcDAQAwLQvVvlMqMy3QmZD5957cdCXiFf+d7rhuZsTQ6kDGI4tkD\/5WT\/FCi1XYQFUuPtqx"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1431969784741,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_first_seen":1431969784741,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":306,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3119,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":741030,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAOglAAEAGwF3AqAEiUA4uecPeET+tjIdjAAAAALAC\/\/\/6AAAAAgQFtAEDAwUBAQgKPiS0eAAAAAAEAgAA"}
00444{"flow_id":306,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3120,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":827745,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABAogNAAHQGJGNQDi55wKgBIhE\/w94bo3ajrYyHZLAS\/\/9ZUgAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
00425{"flow_id":306,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3121,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969784,"pkt_ts_usec":827850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03GtAAEAGHgfAqAEiUA4uecPeET+tjIdkG6N2pIAQECyW9gAAAQEICj4ktM4AAAAA"}
@@ -2443,11 +2443,11 @@
00439{"flow_id":305,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3145,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":202181,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8u11AAEAGPw3AqAEiUA4uecPdET\/5wLpfrY8XW4AZECj6sQAAAQEICj4kwfYAA1guNacy1AseEXM="}
00438{"flow_id":297,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3150,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":313527,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA88FlAAEAGx8LAqAEiBfi63cPZeSJOVOlk1JnUs4AZECrfuwAAAQEICj4kwmUAAHDpAn7P43BvMd8="}
00426{"flow_id":297,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3157,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":429517,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA03Q1AAHIGqRYF+LrdwKgBInkiw9nUmdS7TlTpbYAQQ7YgMQAAAQEICgAAcZg+JMJl"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3161,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3161,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":307,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3161,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":519346,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABIkIwAAEARZW3AqAFcwKgB\/+EV4RUANFGUU3BvdFVkcDB5FYpWEIvHwwABAARIlcIDhMAbG8d8ZX7RWey9o+VAQ2IEJyw="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3161,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3161,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00459{"flow_id":306,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3166,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":717718,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMeSRAAEAGgTbAqAEiUA4uecPeET+tjIfbG6N29YAYECn1lwAAAQEICj4kw\/gAA1g9wFsSni5WKW4ffF04tPxwhn8niMHYoouN"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1431969788719,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_first_seen":1431969788719,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":308,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3167,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":719766,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtCpAAEAGk4XAqAEiTsric8PfcYPq0olRAAAAALAC\/\/+YTgAAAgQFtAEDAwUBAQgKPiTD+gAAAAAEAgAA"}
00438{"flow_id":308,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3171,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":813213,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8euxAAHMGmcdOyuJzwKgBInGDw984j2+76tKJUqASIAAVbgAAAgQFrAEDAwgEAggKAlDJPj4kw\/o="}
00425{"flow_id":308,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3172,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":813318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA00tZAAEAGdOXAqAEiTsric8PfcYPq0olSOI9vvIAQECxTqwAAAQEICj4kxFYCUMk+"}
@@ -2457,16 +2457,16 @@
00437{"flow_id":308,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3176,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":892295,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8vnJAAEAGiUHAqAEiTsric8PfcYPq0omdOI9v9YAYECqjWQAAAQEICj4kxKQCUMlGXTwVWHHTywE="}
00429{"flow_id":306,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3177,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969788,"pkt_ts_usec":929483,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0omJAAHQGJBBQDi55wKgBIhE\/w94bo3b1rYyH84AQ\/3A\/QgAAAQEICgADWGI+JMP4"}
00437{"flow_id":308,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3180,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":337122,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8yZdAAEAGfhzAqAEiTsric8PfcYPq0omdOI9v9YAYECqhngAAAQEICj4kxl8CUMlGXTwVWHHTywE="}
-00432{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00400{"flow_id":309,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":358221,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAABoPPBbTu2CABG2AAgAAAAAAECgljAqAD+4AAAAZQEAAARZO6bAAAAAA=="}
-00464{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3181,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00439{"flow_id":296,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3182,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":490238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8BQxAAHMG8SxH7gfLwKgBIklPw9gmoqoEivhSCIAY\/89FjgAAAQEICgMcpms+JH+M9YwsX9kjArQ="}
00410{"flow_id":296,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3183,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":490350,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoYEBAAEAGyQzAqAEiR+4Hy8PYSU+K+FIIAAAAAFAEAAC0NAAA"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1431969789832,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_first_seen":1431969789832,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":310,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3185,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":832358,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcbhAAEAG1ffAqAEiTsric8PgcYPYQ6AmAAAAALAC\/\/+PtQAAAgQFtAEDAwUBAQgKPiTITAAAAAAEAgAA"}
-00433{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00400{"flow_id":311,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":851535,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAD7PBXCt3IOCABGAAAgDOsAAAECdSfAqAEi4AAA+5QEAAAWAAkE4AAA+w=="}
-00465{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00477{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3186,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00437{"flow_id":310,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":919493,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8evFAAHMGmcJOyuJzwKgBInGDw+BU8I6O2EOgJ6ASIADRMgAAAgQFrAEDAwgEAggKAlDJrD4kyEw="}
00425{"flow_id":310,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3188,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":919575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0W4RAAEAG7DfAqAEiTsric8PgcYPYQ6AnVPCOj4AQECwPdQAAAQEICj4kyKMCUMms"}
00528{"flow_id":310,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3189,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969789,"pkt_ts_usec":919738,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"0NQSxnP1PBXCt3IOCABFAAB91URAAEAGci7AqAEiTsric8PgcYPYQ6AnVPCOj4AYECy3rQAAAQEICj4kyKMCUMmscN6y6QrZswAe8uR7xBV73FcFbEjUmlrtmODaJOIr8ibpApC0LYZk5IgMI2xrpqlIANoyTT+7zlMqyp64IMDhlnfh3EUr2eSqug=="}
@@ -2486,27 +2486,27 @@
01720{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3211,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969790,"pkt_ts_usec":768307,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"pkt":"0NQSxnP1PBXCt3IOCABFAAPumhxAAEAGxFTAqAEibKCqLsElAbuoJtj+uGHr9oAYEAARNgAAAQEICj4ky+9hev4GFwMBACBbgSbcJJce+Z904vloqEn8mJlY6mX5v3mDBB37LVF0MRcDAQOQpoP9C65+DCgV2awG59SxQHlmjqPUA\/URESYfcW2pzZmDuOeQStGOEz8Xdy+lJuiMNVfOoHlTzcoRt9dNsYAJFOKprozhUxxq9MX7jRwps+hxCIOsj\/Z\/WBXHH7kbWA3KEIPDGlg5wmKMMIeOuDZER\/JUdbuUaFAaypwOdrYUFrAiOo3xHaFMuHJQRxXKkjJ9taZvN4Wc56eoPZKlfTc14NljJcfSpDOFWBc2roUV5UcGXIZs8y038B\/0vKjnCiX+G8BoLqQIaE+TnqP4vv\/3TlnKy3onbjk8jjMSq1xQUvXjZve9CaN5QJFdh7FMRQi7TdZxDeZIQF\/AobqWQh4QSbr4wZ43KzSZZia2agtKiD6JPk0eXDAinP3ODlli3R3XHhlpdYsb8L9V5zI1xH5do\/bxZpWYp34ykJAa9\/8VE4foYykJijaYsiGgLRXS+I77tNvaLtp2odKrWN\/Dbd7aFDuiqnk1U5EFl3peDYoyMdgSsuGuaSZWJavtjLStOjp63LdRrO5ibBkKpHJfw6T02xpjAytL5fNupRZqn7HCjES0xQcUQ4JYOLSLz0rxGhinhjRCu8ilstAkqYLR1m\/+T3RZhKEhmmiwPCwPKYPpjudr1Tjqbqvkm46q8+HQO4GYQwogW7Gm35+Xvoxqt+y+ZjoZa\/RNUZcuCP+m6SMTG5sWdAnjr\/nXlFWL7W5PzjPitZWUhTwQ53KAVGPjI2l9+nJHq+C4E4Uuo38yQ+Vz1ibqVdJhcHA5QAMECzLfq\/dI8ZzW2xcv4hH0LBlsp6m91U16yVBzyOV\/shhGp9oI+H8QyNsyT7tlB3eEyfq\/IPyzlZCjq9OWeUX0tcW+e22TYykzlaewMwicuDKk+v295awKkA51L6MIZbJp+nykLRvwv4iioI61n+1q2qJRYJCtpZdmYN5lX5CcoMzqhL6WDDj5vylmtmE5JHSCCjfkh89HQsJRTMVuLne8l4ISDRJJzXsWx+y7F+xjdQkT2K\/o4aCsG9hPCevsmirWCPOGsbgIJz+GJsRn6sREBuh3Xyu3SVSjNo8lBi0vRtMR2g9t5+EjMQ2cZXJOCmUACD1HY7Peiu7oDQIYRTfPedb06e9XdoywTRewDQFkBD7Z7wbGzfuax1w8NoyQcfeXMYw7s9Gh7N3Pca3qxsQXr9L2hNNsKwKHsrxNcy43q7CzoktwvWxO2v\/C92U8RdasTrfc8rgV"}
00601{"flow_id":291,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3214,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969790,"pkt_ts_usec":934910,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"0NQSxnP1PBXCt3IOCABFAACwp0FAAEAG\/tTAqAEinTg1L8PWMD5iE\/U4s4ZWnYAYECk9CAAAAQEICj4kzJNiCpP\/ou083U4OUyKG5W39Rls52kHB4seHtGFWOjnxH9vL96zo7s\/hrhePc7yngjP78uPjgBCPNClMUrhUfbjHZM1vl72+27X8ItWoRr+cMWFEKEXMETqEyhRTKZ3N68tnVQztCI2VGGc5XDXqlMlRkcFBPVHkMJHGNR6XiHbo9Q=="}
00418{"flow_id":291,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3220,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969791,"pkt_ts_usec":165736,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAohAhAADMGL5adODUvwKgBIjA+w9azhladAAAAAFAEAAAddgAAAAAAAAAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":312,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3221,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969791,"pkt_ts_usec":166147,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA8JJAAEAGte\/AqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/hugAAAgQFtAEDAwUBAQgKPiTNeQAAAAAEAgAA"}
00438{"flow_id":308,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3222,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969791,"pkt_ts_usec":200362,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8kjpAAEAGtXnAqAEiTsric8PfcYPq0omdOI9v9YAZECqaYQAAAQEICj4kzZsCUMlGXTwVWHHTywE="}
-00434{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00433{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_tot_l4_data_len":801,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_tot_l4_data_len":801,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1431969792168,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_first_seen":1431969789851,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_first_seen":1431969789358,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_first_seen":1431969788519,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1431969643944,"flow_last_seen":1431969668477,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":50030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_first_seen":1431969791166,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_first_seen":1431969792168,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":313,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3224,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969792,"pkt_ts_usec":168841,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6r1AAEAGu8TAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/d0gAAAgQFtAEDAwUBAQgKPiTRYQAAAAAEAgAA"}
00439{"flow_id":305,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3225,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969792,"pkt_ts_usec":230105,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8GDFAAEAG4jnAqAEiUA4uecPdET\/5wLpfrY8XW4AZECjrCQAAAQEICj4k0Z4AA1guNacy1AseEXM="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1431969792778,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_first_seen":1431969792778,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":314,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3227,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969792,"pkt_ts_usec":778032,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABACyhAAEAGm1rAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/F2QAAAgQFtAEDAwUBAQgKPiTTwgAAAAAEAgAA"}
00444{"flow_id":313,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3228,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969793,"pkt_ts_usec":170537,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABATYlAAEAGWPnAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/Z6gAAAgQFtAEDAwUBAQgKPiTVSQAAAAAEAgAA"}
00438{"flow_id":308,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3229,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969793,"pkt_ts_usec":341864,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA810BAAEAGcHPAqAEiTsric8PfcYPq0omdOI9v9YAZECqSCAAAAQEICj4k1fQCUMlGXTwVWHHTywE="}
00444{"flow_id":314,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3231,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969793,"pkt_ts_usec":781225,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXRdAAEAGSWvAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/\/B8AAAAgQFtAEDAwUBAQgKPiTXqwAAAAAEAgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1431969793871,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1431969793871,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":315,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969793,"pkt_ts_usec":871150,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA68cwAAEARBXPAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1431969793871,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3232,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_first_seen":1431969793871,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00444{"flow_id":313,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3233,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969794,"pkt_ts_usec":172396,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1lAAEAGFynAqAEinTg1M8PhMD4fbaHhAAAAALAC\/\/\/WAgAAAgQFtAEDAwUBAQgKPiTZMQAAAAAEAgAA"}
00444{"flow_id":314,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3234,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969794,"pkt_ts_usec":784356,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/CFAAEAGqmDAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/++BwAAAgQFtAEDAwUBAQgKPiTblAAAAAAEAgAA"}
00438{"flow_id":295,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3235,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969794,"pkt_ts_usec":907548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8W2xAAEAGL9jAqAEiTKehBsPXTzInl3b0mo2mjYAZECqpCwAAAQEICj4k3A++obtETjjGVAMHb58="}
@@ -2523,248 +2523,248 @@
00432{"flow_id":315,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3247,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969799,"pkt_ts_usec":18123,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6VP0AAEARokLAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00443{"flow_id":314,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3248,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969799,"pkt_ts_usec":793474,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgi9AAEAGJFPAqAEinTg1M8PiAbsrN9oxAAAAALAC\/\/+qewAAAgQFtAEDAwUBAQgKPiTvIAAAAAAEAgAA"}
00433{"flow_id":315,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3250,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969802,"pkt_ts_usec":19013,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6+ugAAEAR\/FbAqAEiwKgBAdpVADUAJgS+DhkBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_tot_l4_data_len":783,"flow_min_l4_data_len":20,"flow_max_l4_data_len":95,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_tot_l4_data_len":783,"flow_min_l4_data_len":20,"flow_max_l4_data_len":95,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_tot_l4_data_len":822,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_tot_l4_data_len":822,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_tot_l4_data_len":752,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_tot_l4_data_len":752,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_tot_l4_data_len":852,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_tot_l4_data_len":852,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969678270,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50033,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":17,"flow_first_seen":1431969657367,"flow_last_seen":1431969676525,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50034,"dst_port":40033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_first_seen":1431969675567,"flow_last_seen":1431969675716,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969678254,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":50038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":14,"flow_first_seen":1431969658978,"flow_last_seen":1431969677390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":396,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":313,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3251,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969802,"pkt_ts_usec":183087,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"0NQSxnP1PBXCt3IOCABFAAAwHcFAAEAGiNHAqAEinTg1M8PhMD4fbaHhAAAAAHAC\/\/86fAAAAgQFtAQCAAA="}
00439{"flow_id":308,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3252,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969803,"pkt_ts_usec":191195,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8AztAAEAGRHnAqAEiTsric8PfcYPq0omdOI9v9YAZECprlwAAAQEICj4k\/GUCUMlGXTwVWHHTywE="}
00423{"flow_id":314,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3253,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969803,"pkt_ts_usec":795574,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"0NQSxnP1PBXCt3IOCABFAAAwuxNAAEAG637AqAEinTg1M8PiAbsrN9oxAAAAAHAC\/\/8k5AAAAgQFtAQCAAA="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3255,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3255,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01081{"flow_id":316,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3255,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969807,"pkt_ts_usec":22348,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISnUMAAEARGc7AqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3255,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3256,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3255,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3256,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01077{"flow_id":317,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3256,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969807,"pkt_ts_usec":22553,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISO+0AAEARuHzAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3256,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3256,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00426{"flow_id":310,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3260,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969807,"pkt_ts_usec":279157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HSRAAEAGKpjAqAEiTsric8PgcYPYQ6CkVPCO1YARECnK3QAAAQEICj4lDFgCUMnN"}
00426{"flow_id":310,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3265,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969807,"pkt_ts_usec":703292,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gkhAAEAGxXPAqAEiTsric8PgcYPYQ6CkVPCO1YARECnJNgAAAQEICj4lDf8CUMnN"}
00426{"flow_id":310,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3273,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969808,"pkt_ts_usec":350555,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OwJAAEAGDLrAqAEiTsric8PgcYPYQ6CkVPCO1YARECnGsgAAAQEICj4lEIMCUMnN"}
00439{"flow_id":305,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3282,"source":"skype.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431969808,"pkt_ts_usec":684170,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8us9AAEAGP5vAqAEiUA4uecPdET\/5wLpfrY8XW4AZECiq1wAAAQEICj4lEdAAA1guNacy1AseEXM="}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_tot_l4_data_len":803,"flow_min_l4_data_len":20,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_tot_l4_data_len":803,"flow_min_l4_data_len":20,"flow_max_l4_data_len":119,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_tot_l4_data_len":719,"flow_min_l4_data_len":20,"flow_max_l4_data_len":138,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_tot_l4_data_len":719,"flow_min_l4_data_len":20,"flow_max_l4_data_len":138,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_tot_l4_data_len":863,"flow_min_l4_data_len":20,"flow_max_l4_data_len":138,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_tot_l4_data_len":863,"flow_min_l4_data_len":20,"flow_max_l4_data_len":138,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_tot_l4_data_len":734,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_tot_l4_data_len":734,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_tot_l4_data_len":775,"flow_min_l4_data_len":20,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_tot_l4_data_len":775,"flow_min_l4_data_len":20,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_tot_l4_data_len":743,"flow_min_l4_data_len":20,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_tot_l4_data_len":743,"flow_min_l4_data_len":20,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_tot_l4_data_len":777,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_tot_l4_data_len":777,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_tot_l4_data_len":413,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":20,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":20,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_tot_l4_data_len":824,"flow_min_l4_data_len":20,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_tot_l4_data_len":824,"flow_min_l4_data_len":20,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":20,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":20,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_tot_l4_data_len":754,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_tot_l4_data_len":754,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_tot_l4_data_len":809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_tot_l4_data_len":809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":20,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_tot_l4_data_len":720,"flow_min_l4_data_len":20,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_tot_l4_data_len":793,"flow_min_l4_data_len":20,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_tot_l4_data_len":793,"flow_min_l4_data_len":20,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_tot_l4_data_len":656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_tot_l4_data_len":663,"flow_min_l4_data_len":32,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_tot_l4_data_len":663,"flow_min_l4_data_len":32,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_tot_l4_data_len":843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_tot_l4_data_len":843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_tot_l4_data_len":756,"flow_min_l4_data_len":20,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_tot_l4_data_len":756,"flow_min_l4_data_len":20,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_tot_l4_data_len":413,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":273,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_tot_l4_data_len":88046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1431969641947,"flow_last_seen":1431969668369,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_tot_l4_data_len":17270,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":200,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_tot_l4_data_len":739,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_tot_l4_data_len":739,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_tot_l4_data_len":692,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_tot_l4_data_len":802,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_tot_l4_data_len":802,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_tot_l4_data_len":4453,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":234,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_tot_l4_data_len":4453,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":234,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_tot_l4_data_len":744,"flow_min_l4_data_len":20,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_tot_l4_data_len":744,"flow_min_l4_data_len":20,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_tot_l4_data_len":632,"flow_min_l4_data_len":32,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_tot_l4_data_len":632,"flow_min_l4_data_len":32,"flow_max_l4_data_len":96,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_tot_l4_data_len":267,"flow_min_l4_data_len":20,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_tot_l4_data_len":267,"flow_min_l4_data_len":20,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_tot_l4_data_len":417,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_tot_l4_data_len":417,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_tot_l4_data_len":4474,"flow_min_l4_data_len":20,"flow_max_l4_data_len":364,"flow_avg_l4_data_len":223,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_tot_l4_data_len":4474,"flow_min_l4_data_len":20,"flow_max_l4_data_len":364,"flow_avg_l4_data_len":223,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_tot_l4_data_len":732,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_tot_l4_data_len":732,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_tot_l4_data_len":845,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_tot_l4_data_len":845,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":4,"flow_first_seen":1431969713814,"flow_last_seen":1431969726846,"flow_tot_l4_data_len":692,"flow_min_l4_data_len":173,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_tot_l4_data_len":699,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_tot_l4_data_len":699,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_tot_l4_data_len":667,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_tot_l4_data_len":667,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_tot_l4_data_len":6805,"flow_min_l4_data_len":441,"flow_max_l4_data_len":521,"flow_avg_l4_data_len":486,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_tot_l4_data_len":2957,"flow_min_l4_data_len":20,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_tot_l4_data_len":5436,"flow_min_l4_data_len":32,"flow_max_l4_data_len":986,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_tot_l4_data_len":5436,"flow_min_l4_data_len":32,"flow_max_l4_data_len":986,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_tot_l4_data_len":190,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_tot_l4_data_len":676,"flow_min_l4_data_len":20,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_tot_l4_data_len":676,"flow_min_l4_data_len":20,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_tot_l4_data_len":894,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_tot_l4_data_len":894,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_tot_l4_data_len":4286,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_tot_l4_data_len":4286,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_tot_l4_data_len":1180,"flow_min_l4_data_len":32,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_tot_l4_data_len":1180,"flow_min_l4_data_len":32,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_tot_l4_data_len":26793,"flow_min_l4_data_len":293,"flow_max_l4_data_len":371,"flow_avg_l4_data_len":339,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":32,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":32,"flow_max_l4_data_len":131,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_tot_l4_data_len":862,"flow_min_l4_data_len":32,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_tot_l4_data_len":862,"flow_min_l4_data_len":32,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_tot_l4_data_len":625,"flow_min_l4_data_len":20,"flow_max_l4_data_len":101,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_tot_l4_data_len":625,"flow_min_l4_data_len":20,"flow_max_l4_data_len":101,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_tot_l4_data_len":3884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_tot_l4_data_len":3884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_tot_l4_data_len":1824,"flow_min_l4_data_len":20,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":294,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_tot_l4_data_len":804,"flow_min_l4_data_len":20,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_tot_l4_data_len":804,"flow_min_l4_data_len":20,"flow_max_l4_data_len":347,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_tot_l4_data_len":342,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_tot_l4_data_len":864,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_tot_l4_data_len":864,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_tot_l4_data_len":808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_tot_l4_data_len":808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_tot_l4_data_len":4249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1156,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_tot_l4_data_len":4249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1156,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_tot_l4_data_len":8866,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1215,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_tot_l4_data_len":8866,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1215,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_tot_l4_data_len":3067,"flow_min_l4_data_len":20,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":170,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_tot_l4_data_len":811,"flow_min_l4_data_len":20,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_tot_l4_data_len":811,"flow_min_l4_data_len":20,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_tot_l4_data_len":782,"flow_min_l4_data_len":20,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_tot_l4_data_len":782,"flow_min_l4_data_len":20,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_tot_l4_data_len":942,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_tot_l4_data_len":942,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_tot_l4_data_len":1469,"flow_min_l4_data_len":32,"flow_max_l4_data_len":437,"flow_avg_l4_data_len":122,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_tot_l4_data_len":1404,"flow_min_l4_data_len":20,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_tot_l4_data_len":1404,"flow_min_l4_data_len":20,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_tot_l4_data_len":914,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_tot_l4_data_len":914,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":7,"flow_first_seen":1431969792168,"flow_last_seen":1431969802183,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":28,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":7,"flow_first_seen":1431969792168,"flow_last_seen":1431969802183,"flow_tot_l4_data_len":292,"flow_min_l4_data_len":28,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_tot_l4_data_len":1059,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_tot_l4_data_len":1059,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_tot_l4_data_len":901,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_tot_l4_data_len":901,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_tot_l4_data_len":835,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_tot_l4_data_len":835,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_tot_l4_data_len":841,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_tot_l4_data_len":841,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_tot_l4_data_len":749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_tot_l4_data_len":749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_tot_l4_data_len":839,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_tot_l4_data_len":839,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_tot_l4_data_len":790,"flow_min_l4_data_len":20,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_tot_l4_data_len":790,"flow_min_l4_data_len":20,"flow_max_l4_data_len":92,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_tot_l4_data_len":3634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_tot_l4_data_len":3634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_tot_l4_data_len":891,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_tot_l4_data_len":891,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_tot_l4_data_len":974,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_tot_l4_data_len":974,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":67,"flow_max_l4_data_len":99,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_tot_l4_data_len":814,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_tot_l4_data_len":814,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_tot_l4_data_len":1024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_tot_l4_data_len":1024,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_tot_l4_data_len":1003,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_tot_l4_data_len":1003,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_tot_l4_data_len":833,"flow_min_l4_data_len":20,"flow_max_l4_data_len":114,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_tot_l4_data_len":833,"flow_min_l4_data_len":20,"flow_max_l4_data_len":114,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_tot_l4_data_len":3337,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_tot_l4_data_len":3337,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_tot_l4_data_len":1204,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_tot_l4_data_len":1204,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_tot_l4_data_len":796,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_tot_l4_data_len":796,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_tot_l4_data_len":1042,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_tot_l4_data_len":1042,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_tot_l4_data_len":1080,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_tot_l4_data_len":1080,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_tot_l4_data_len":692,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_tot_l4_data_len":692,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_tot_l4_data_len":718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_tot_l4_data_len":718,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_tot_l4_data_len":726,"flow_min_l4_data_len":20,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_tot_l4_data_len":726,"flow_min_l4_data_len":20,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_tot_l4_data_len":702,"flow_min_l4_data_len":20,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_tot_l4_data_len":702,"flow_min_l4_data_len":20,"flow_max_l4_data_len":94,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":273,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_tot_l4_data_len":800,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_tot_l4_data_len":800,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_tot_l4_data_len":2056,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1384,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_tot_l4_data_len":2056,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1384,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_tot_l4_data_len":184932,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":477,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":67,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":28,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_tot_l4_data_len":336,"flow_min_l4_data_len":28,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_tot_l4_data_len":944,"flow_min_l4_data_len":20,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_tot_l4_data_len":944,"flow_min_l4_data_len":20,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_tot_l4_data_len":888,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_tot_l4_data_len":888,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748262,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_tot_l4_data_len":294,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_tot_l4_data_len":823,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_tot_l4_data_len":823,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969723753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":251,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50098,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":15,"flow_first_seen":1431969665416,"flow_last_seen":1431969685656,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50046,"dst_port":40011,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969692603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":106,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50054,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52850,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":16,"flow_first_seen":1431969667439,"flow_last_seen":1431969689428,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50049,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":17,"flow_first_seen":1431969663377,"flow_last_seen":1431969687753,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50044,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":17,"flow_first_seen":1431969689470,"flow_last_seen":1431969722520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":191,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50074,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":17,"flow_first_seen":1431969673443,"flow_last_seen":1431969701671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50053,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63108,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":17,"flow_first_seen":1431969683498,"flow_last_seen":1431969716234,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50070,"dst_port":40018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":18,"flow_first_seen":1431969689470,"flow_last_seen":1431969717232,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50076,"dst_port":40014,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":17,"flow_first_seen":1431969681480,"flow_last_seen":1431969709213,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50067,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":17,"flow_first_seen":1431969690481,"flow_last_seen":1431969722726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50077,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":17,"flow_first_seen":1431969699577,"flow_last_seen":1431969718631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50092,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":17,"flow_first_seen":1431969658376,"flow_last_seen":1431969684569,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50035,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":17,"flow_first_seen":1431969704664,"flow_last_seen":1431969722362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":241,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50097,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":14,"flow_first_seen":1431969788719,"flow_last_seen":1431969803191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50143,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":14,"flow_first_seen":1431969789832,"flow_last_seen":1431969808350,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"78.202.226.115","src_port":50144,"dst_port":29059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":19,"flow_first_seen":1431969689470,"flow_last_seen":1431969716588,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50075,"dst_port":40003,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":2,"flow_first_seen":1431969698743,"flow_last_seen":1431969698797,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63321,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":16,"flow_first_seen":1431969657367,"flow_last_seen":1431969688218,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":50032,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":7,"flow_first_seen":1431969675950,"flow_last_seen":1431969702405,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":357,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55159,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1431969642247,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65426,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":255,"flow_first_seen":1431969710853,"flow_last_seen":1431969807279,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":79866,"flow_avg_l4_payload_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":50108,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":49485,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63421,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":4,"flow_first_seen":1431969712913,"flow_last_seen":1431969714738,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54067,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1431969641947,"flow_last_seen":1431969668369,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1431969641948,"flow_last_seen":1431969668369,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57406,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_first_seen":1431969807022,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":86,"flow_first_seen":1431969719110,"flow_last_seen":1431969765415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15522,"flow_avg_l4_payload_len":180,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":50128,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":12,"flow_first_seen":1431969707326,"flow_last_seen":1431969717500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49360,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":4,"flow_first_seen":1431969713815,"flow_last_seen":1431969726847,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":17,"flow_first_seen":1431969722958,"flow_last_seen":1431969740384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":250,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50130,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":19,"flow_first_seen":1431969724570,"flow_last_seen":1431969725166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3849,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":50131,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":15,"flow_first_seen":1431969714398,"flow_last_seen":1431969727593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50112,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969794907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50135,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":6,"flow_first_seen":1431969712931,"flow_last_seen":1431969713736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":111,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50109,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":6,"flow_first_seen":1431969713736,"flow_last_seen":1431969714165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50110,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":3,"flow_first_seen":1431969774806,"flow_last_seen":1431969776480,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":50140,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":10,"flow_first_seen":1431969717949,"flow_last_seen":1431969723488,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50125,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431969717949,"flow_last_seen":1431969750910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":332,"flow_tot_l4_payload_len":3826,"flow_avg_l4_payload_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.23","src_port":50126,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431969719561,"flow_last_seen":1431969727878,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":50129,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1431969643972,"flow_last_seen":1431969670410,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57726,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":8,"flow_first_seen":1431969642087,"flow_last_seen":1431969695591,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55711,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":14,"flow_first_seen":1431969675056,"flow_last_seen":1431969702873,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50058,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":13,"flow_first_seen":1431969677018,"flow_last_seen":1431969694645,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":421,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50063,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":4,"flow_first_seen":1431969713814,"flow_last_seen":1431969726846,"flow_min_l4_payload_len":165,"flow_max_l4_payload_len":165,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":12,"flow_first_seen":1431969697097,"flow_last_seen":1431969714913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50087,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":13,"flow_first_seen":1431969706277,"flow_last_seen":1431969719939,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":282,"flow_packet_id":14,"flow_first_seen":1431969728749,"flow_last_seen":1431969734854,"flow_min_l4_payload_len":433,"flow_max_l4_payload_len":513,"flow_tot_l4_payload_len":6693,"flow_avg_l4_payload_len":478,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"239.255.255.250","src_port":50084,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":1431969643093,"flow_last_seen":1431969698671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50029,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":16,"flow_first_seen":1431969649862,"flow_last_seen":1431969790906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":4924,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.170.46","dst_ip":"192.168.1.34","src_port":443,"dst_port":49445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":5,"flow_first_seen":1431969793871,"flow_last_seen":1431969802019,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55893,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1431969642318,"flow_last_seen":1431969642376,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64085,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":14,"flow_first_seen":1431969714398,"flow_last_seen":1431969733216,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50113,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748263,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":18,"flow_first_seen":1431969717177,"flow_last_seen":1431969730486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50123,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":43,"flow_first_seen":1431969715510,"flow_last_seen":1431969755612,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2898,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50117,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":27,"flow_first_seen":1431969718289,"flow_last_seen":1431969752365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50127,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":79,"flow_first_seen":1431969648258,"flow_last_seen":1431969808391,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":26161,"flow_avg_l4_payload_len":331,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":15,"flow_first_seen":1431969783628,"flow_last_seen":1431969808684,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50141,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":18,"flow_first_seen":1431969784741,"flow_last_seen":1431969808951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":262,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.14.46.121","src_port":50142,"dst_port":4415,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":296,"flow_packet_id":14,"flow_first_seen":1431969770694,"flow_last_seen":1431969789490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":165,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50136,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":298,"flow_packet_id":32,"flow_first_seen":1431969771806,"flow_last_seen":1431969808100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2836,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":50138,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":15,"flow_first_seen":1431969698797,"flow_last_seen":1431969718921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":50090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":64560,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431969643037,"flow_last_seen":1431969643092,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51879,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":20,"flow_first_seen":1431969714165,"flow_last_seen":1431969745160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":327,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":50111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1431969642969,"flow_last_seen":1431969723490,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":270,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49903,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":19,"flow_first_seen":1431969714902,"flow_last_seen":1431969731550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50116,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":17,"flow_first_seen":1431969714399,"flow_last_seen":1431969726002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":256,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50115,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":40,"flow_first_seen":1431969716015,"flow_last_seen":1431969752089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2961,"flow_avg_l4_payload_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":50121,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":100,"flow_first_seen":1431969715511,"flow_last_seen":1431969808618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1183,"flow_tot_l4_payload_len":5646,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"86.31.35.30","src_port":50119,"dst_port":59621,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":18,"flow_first_seen":1431969642376,"flow_last_seen":1431969712120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":2483,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.223.73.34","src_port":50027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1431969642398,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49990,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":16,"flow_first_seen":1431969705713,"flow_last_seen":1431969723790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":50099,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":18,"flow_first_seen":1431969697530,"flow_last_seen":1431969725781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50088,"dst_port":33033,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1431969643971,"flow_last_seen":1431969670410,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60288,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":15,"flow_first_seen":1431969681060,"flow_last_seen":1431969700978,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":454,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":12,"flow_first_seen":1431969717899,"flow_last_seen":1431969784849,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":405,"flow_tot_l4_payload_len":1085,"flow_avg_l4_payload_len":90,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.22","dst_ip":"192.168.1.34","src_port":5223,"dst_port":49447,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":291,"flow_packet_id":15,"flow_first_seen":1431969750597,"flow_last_seen":1431969791165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":916,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.47","src_port":50134,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":14,"flow_first_seen":1431969706277,"flow_last_seen":1431969717910,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":458,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":50102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":7,"flow_first_seen":1431969792168,"flow_last_seen":1431969802183,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":7,"flow_first_seen":1431969792168,"flow_last_seen":1431969802183,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50145,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":15,"flow_first_seen":1431969658979,"flow_last_seen":1431969687310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":50037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":15,"flow_first_seen":1431969664990,"flow_last_seen":1431969683864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":413,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":50045,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":15,"flow_first_seen":1431969667019,"flow_last_seen":1431969685356,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":347,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":50048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":15,"flow_first_seen":1431969669039,"flow_last_seen":1431969688720,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":353,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.166","src_port":50051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969696024,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":261,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":50056,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":15,"flow_first_seen":1431969675055,"flow_last_seen":1431969694153,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":351,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.153","src_port":50057,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":18,"flow_first_seen":1431969714398,"flow_last_seen":1431969731992,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50114,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":31,"flow_first_seen":1431969715511,"flow_last_seen":1431969755484,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2618,"flow_avg_l4_payload_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50118,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":15,"flow_first_seen":1431969683081,"flow_last_seen":1431969710648,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":403,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.160","src_port":50069,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":15,"flow_first_seen":1431969685111,"flow_last_seen":1431969703010,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":486,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":50072,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":2,"flow_first_seen":1431969719055,"flow_last_seen":1431969719110,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62454,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969709588,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":50078,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":15,"flow_first_seen":1431969691076,"flow_last_seen":1431969708230,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":50080,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":15,"flow_first_seen":1431969692087,"flow_last_seen":1431969710209,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":515,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":50081,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":297,"flow_packet_id":18,"flow_first_seen":1431969770694,"flow_last_seen":1431969788429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50137,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58368,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":299,"flow_packet_id":23,"flow_first_seen":1431969771806,"flow_last_seen":1431969808841,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2577,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":50139,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":16,"flow_first_seen":1431969699142,"flow_last_seen":1431969728419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":684,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":50091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":15,"flow_first_seen":1431969701181,"flow_last_seen":1431969719738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":308,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.155","src_port":50094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":16,"flow_first_seen":1431969659988,"flow_last_seen":1431969685175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":50039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":15,"flow_first_seen":1431969706277,"flow_last_seen":1431969723613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":592,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":50101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":16,"flow_first_seen":1431969691076,"flow_last_seen":1431969717999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.142","src_port":50079,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":56387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":7,"flow_first_seen":1431969683445,"flow_last_seen":1431969709776,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54343,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":16,"flow_first_seen":1431969675413,"flow_last_seen":1431969703766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":50059,"dst_port":40015,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":16,"flow_first_seen":1431969673443,"flow_last_seen":1431969701528,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.47","src_port":50055,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":7,"flow_first_seen":1431969677975,"flow_last_seen":1431969704363,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58458,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":16,"flow_first_seen":1431969695483,"flow_last_seen":1431969723584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":50086,"dst_port":40023,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":15,"flow_first_seen":1431969704663,"flow_last_seen":1431969718237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":50096,"dst_port":40027,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":7,"flow_first_seen":1431969642244,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":54396,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":2,"flow_first_seen":1431969745776,"flow_last_seen":1431969745776,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":56886,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":18,"flow_first_seen":1431969725833,"flow_last_seen":1431969741920,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50132,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":16,"flow_first_seen":1431969727446,"flow_last_seen":1431969727738,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":50133,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":387,"flow_first_seen":1431969642444,"flow_last_seen":1431969808620,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":172532,"flow_avg_l4_payload_len":445,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":50028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.185.207.12","src_port":13021,"dst_port":45493,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":2,"flow_first_seen":1431969759543,"flow_last_seen":1431969759588,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.253.48.245","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1431969642334,"flow_last_seen":1431969642400,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58681,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":8,"flow_first_seen":1431969792778,"flow_last_seen":1431969803795,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.53.51","src_port":50146,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":20,"flow_first_seen":1431969716182,"flow_last_seen":1431969728657,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":110,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50122,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":22,"flow_first_seen":1431969717295,"flow_last_seen":1431969788791,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.133.19.185","src_port":50124,"dst_port":44431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":5,"flow_first_seen":1431969713813,"flow_last_seen":1431969733946,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"176.26.55.167","src_port":13021,"dst_port":63773,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":2,"flow_first_seen":1431969712913,"flow_last_seen":1431969712913,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":51066,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":7,"flow_first_seen":1431969721954,"flow_last_seen":1431969748262,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52714,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":7,"flow_first_seen":1431969720556,"flow_last_seen":1431969746803,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":52742,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":7,"flow_first_seen":1431969723979,"flow_last_seen":1431969750316,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65037,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1431969642337,"flow_last_seen":1431969668794,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":65045,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":4,"flow_first_seen":1431969745776,"flow_last_seen":1431969747554,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49511,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test"}
diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out
index 5998859aa..266edeb35 100644
--- a/test/results/skype_no_unknown.pcap.out
+++ b/test/results/skype_no_unknown.pcap.out
@@ -1,53 +1,53 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_no_unknown.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970632,"pkt_ts_usec":290618,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"}
-00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":276297,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAj1gAAEARZ+HAqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":276471,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAlRoAAEARYh\/AqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431970634431,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431970634276,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"a.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431970634431,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":431836,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDXEcAAEARmu\/AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431970634431,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431970634432,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1431970634431,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431970634432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":432009,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDrh8AAEARSRfAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431970634432,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431970634589,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1431970634432,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"conn.skype.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431970634589,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":589949,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7UlwAAEARpOLAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431970634589,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431970634591,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1431970634589,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431970634591,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":591842,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA75y8AAEAREA\/AqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431970634591,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1431970634591,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"api.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":648740,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"0NQSxnP1PBXCt3IOCABFAABCEa4AAEAR5YnAqAEiwKgBAe5YADUALntuuqkBAAABAAAAAAAABGFwcHMLc2t5cGVhc3NldHMDY29tAAABAAE="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431970634669,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"apps.skypeassets.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431970634669,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":669345,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"0NQSxnP1PBXCt3IOCABFAABXFu0AAEAR4DXAqAEiwKgBAeFeADUAQ\/HxjTUBAAABAAAAAAAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAE="}
-00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431970634669,"flow_last_seen":0,"flow_tot_l4_data_len":67,"flow_min_l4_data_len":67,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00680{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1431970634669,"flow_last_seen":0,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00571{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":723111,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"PBXCt3IO0NQSxnP1CABFAACYAABAAEARtuHAqAEBwKgBIgA14V4AhKxSjTWBgAABAAAAAQAADkRCM01TR1I1MDExNzA5B2dhdGV3YXkJbWVzc2VuZ2VyBGxpdmUDY29tAAAcAAHALQAGAAEAAAbhADUDbnMxBG1zZnQDbmV0AAZtc25oc3QJbWljcm9zb2Z0wDJ4Gz7uAAAcIAAAA4QAJOoAAAAOEA=="}
-00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":67,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00702{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"db3msgr5011709.gateway.messenger.live.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":728684,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABADqBAAEAGmPnAqAEinTg0HMgdnEkK2QRYAAAAALAC\/\/9q8wAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":728986,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/L\/oAAEARx0DAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1431970634728,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":729529,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/lFMAAEARYufAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"dsn13.d.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1431970634729,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":729598,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt4dAAEAGpVrAqAEinTh+08geAbsxSRU0AAAAALAC\/\/+DfQAAAgQFtAEDAwUBAQgKPjGHIQAAAAAEAgAA"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431970634730,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431970634730,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":730943,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIWAAAEAR1c7AqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
-00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431970634730,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431970634731,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00671{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1431970634730,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431970634731,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":731075,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL+hcAAEAR\/RbAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
-00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431970634731,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1431970634731,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst11.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00441{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":805200,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"PBXCt3IO0NQSxnP1CABFAAA4BUNAAHYGIaedOH7TwKgBIgG7yB4Nim5XMUkVNZASIABVdAAAAgQFrAQCCAoZLZ4CPjGHIQ=="}
00436{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":805262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/VlAAEAGX5TAqAEinTh+08geAbsxSRU1DYpuWIAQ\/\/+P3gAAAQEICj4xh20ZLZ4C"}
00566{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":832794,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"0NQSxnP1PBXCt3IOCABFAACSvDJAAEAGoF3AqAEinTh+08geAbsxSRU1DYpuWIAY\/\/9YPAAAAQEICj4xh4gZLZ4CFgMBAFkBAABVAwF2gnUJnVCWWbyDtFIDg6B8bhQi3kG6KGexUdynVrU4nwAALsAKwAXACcAEwAfAAsAIwAPAFMAPwBPADsARwAzAEsANADkAMwA1AC8ABQAEAAoBAA=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_tot_l4_data_len":238,"flow_min_l4_data_len":32,"flow_max_l4_data_len":126,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1431970634729,"flow_last_seen":1431970634832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02369{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":914047,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"PBXCt3IO0NQSxnP1CABFAAXUCBZAAHYGGTidOH7TwKgBIgG7yB4Nim5YMUkVk4AQ\/SANhgAAAQEIChktngw+MYeIFgMBDm0CAABGAwFVWiNKv+VQQ4f\/l6e8WrHKPk18QS4G4dXttQRK9+OHNCDFBwAAmPU\/uZfnwwRzzyScJ+oJXq5g50nbzRo6qyekQsAUAAsADLAADK0ABsIwgga+MIIEpqADAgECAhNaAABXr+G5kPxf1sjbAAEAAFevMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBTU0wgU0hBMjAeFw0xNDEwMjcyMjUxMDdaFw0xNjEwMjYyMjUxMDdaMCcxJTAjBgNVBAMMHCouZ2F0ZXdheS5tZXNzZW5nZXIubGl2ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyx0gXDtYT4FDgq1U\/QT4gIqh\/oOwWGgGWr1Rw1pQofkd5Appl7fbVIjBIuJ+PMiYpN1xCoV1HZbm8LArgeHDfsoutcr0hH5rsD6th+v+cZ\/Gp0zo8NL2R606iXfu6X64MlQlCO\/UFzzV4LPDfXvjmXPMa6j593FmA7o9xMkfCYTsoSVSUMNFAU2t8o01SWuCjZYIf4rKo8YKrN0XNh868VsKpWPOf0is1CGHYv+tscgp6dRsSNLEMuMqcjtY2hH3b+XSVViiIbU2Qv8fj9559K777if3lrsPegqawHj5lb\/SF0hqH55segyHJV40HOAoBBNKrXmDFC7xJBy2UTmWzAgMBAAGjggJ8MIICeDAdBgNVHQ4EFgQUUTD6bxEALx8wce+ldRcbVOgh+TAwCwYDVR0PBAQDAgSwMB8GA1UdIwQYMBaAFFGvJCac9GgiV4AmKztGYhV7HsylMH0GA1UdHwR2MHQwcqBwoG6GNmh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybIY0aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybDBwBggrBgEFBQcBAQRkMGIwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL21zaXR3d3cyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0gBEcwRTBDBgkrBgEEAYI3KgEwNjA0BggrBgEFBQcCARYoaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzADAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMIGfBgNVHREEgZcwgZSCHCouZ2F0ZXdheS5tZXNzZW5nZXIubGl2ZS5jb22CJiouYmV0YS5nYXRld2F5LmVkZ2UubWVzc2VuZ2VyLmxpdmUuY29tgiUqLmJ5Mi5nYXRld2F5LmVkZ2UubWVzc2VuZ2VyLmxpdmUuY29tgiUqLnNuMS5nYXRld2F5LmVkZ2UubWVzc2VuZ2VyLmxpdmUuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQCnsc3osHo0VQdHc5SuNwgNZJ8VsGz4eyw1SrNg9wtd7X8dgqG0DxuGBpdklYV1npJ69Mh9pxvTLkelzlqQDQ\/1JCGc1pEMYEeLbjuCppS3YkAcyqQNhIJN8hG7Ed1mdiul2eLg+teOctcRJaHvYA6AG90ICkMWVpiMmukLC+WmFcpurK\/Y"}
00463{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":914209,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"PBXCt3IO0NQSxnP1CABFAABICBdAAHYGHsOdOH7TwKgBIgG7yB4NinP4MUkVk4AY\/SDRYwAAAQEIChktngw+MYeIMUuJaVUXCwA66lzZMRkm0xM\/nV8="}
00435{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":914256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0pUhAAEAGt6XAqAEinTh+08geAbsxSRWTDYp0DIAQ\/\/+JVgAAAQEICj4xh9kZLZ4M"}
@@ -56,7 +56,7 @@
00560{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":934601,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"0NQSxnP1PBXCt3IOCABFAACPS55AAEAGW6zAqAEinTg0HMgdnEkK2QRZ7hN5uoAYECyExgAAAQEICj4xh+xMX+pXEDaxqNNs94bJX3MjOodsEDM88DACObmxILHLguZFB4dasZ4qWIC3URykkoTC6unHwssAce4HDA3aA9hphr9khfI7sGEed7z9CnOIWbYvFHUiq2BRTuds7TrjOA=="}
02383{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":989841,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"PBXCt3IO0NQSxnP1CABFAAXUCkVAAHYGFwmdOH7TwKgBIgG7yB4NinQMMUkVk4AQ\/SANZgAAAQEIChktnhQ+MYfZUYsZAArswT+sVYDe4\/s+octFa5f5NraUxxncYJ0H1DXox59A2Fq5VISuVN85wP2CCUyU9Jri0W12MS8UHhofDtCC\/aeGWq+l6J+nD16R4eDapUlNB52CJOmfvVeyYhEr\/aSkyh+x5qntiHPmxNL4oQ4t9q9cRGg37NGw4W3v7gKUqZA7GOEtfs7ndzQKvfITYRFhRXtB+Geyc8SVWiWlBbePlt40Z9Mwm7DPu0JToThROvr07EpvaNHsDj+sfl4\/ssqhJPAoVfz0wWGwi\/ByYUJT0t+8BVptm\/HAUYoi\/0PQFRMfymq9Y999sgymNr6YwPYzcm66fQL57hVd+E\/NpGuAwv\/j4I98bfIb7cS26RkUtr41mvTduUpwXz6HZnONvg3rFQ55MtL0jpv\/5T2PNTkmAFhF5Csuvsme4bvtShQRBEmXn48raUgx6y\/5XH7Pm2hyngLVzMnjf+Ej0KsCBNhIlshCh7AABeUwggXhMIIEyaADAgECAgQHJ6pHMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTQwNTA3MTcwNDA5WhcNMTgwNTA3MTcwMzMwWjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgU1NMIFNIQTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDR6DendopwSxnwIDcJJDd\/6vt45gW6aq1OJw38cmrZbCHEZBGVcxAKXCV7iGyUBP3H26573EoIsz4W8dCt2zBt1xoeUrU98EcZA+J9pr1XEz9U6jqjsXf8QvBjSWqRgC4wScCK6yuv\/jrrB10G9+n9hA6RvQkgKehuXQnOFdPn79tQ60TvGFerBB28Mfn3eyoTz9E9Ua8bxbV757D8U7ua52PeQTO2RyRpXbhGp\/+tq99PenglJyEmNMoCbjdR8O1YGmCU9sST2N0wJCXXHOsZlDVdk7KuqimDc8R0WQVSZ53aZ1E5BTo26vIedisUruw9+RSZiwduvOcMVt6svq7bdTKQnmO9dL\/gCsr4NJZnhM3RQjh4x5m2DM62D+kby\/RZvhEOyywyyPqDKWR5PItL8DJ0bPOTuJZrXVdaaMHMDHmKGd71SQJeCIABiQwyzdLWltVLoPPsv6v0fbOhuXzaTtflt6y58iVfAcuMlqgorsEzWvY\/CJDc6\/852CbIEp0cmqqpwBaOhu1nUpYAfw2SPT3ZcDbl6kJvH66V5Vtd+NA6x9Ted4bQ\/J5O4uK4qWg3CcQ544W4ifMfbrdtH0ovGAlv3koBjxTJt6bup2OfM6RUfEKDaLil37\/suRpdEzvZrWj9IApVkSFk+dcTAaAIXVmJG0SvpKzHBRD6QUqo+wIDAQABo4IBezCCAXcwEgYDVR0TAQH\/BAgwBgEB\/wIBADBgBgNVHSAEWTBXMEgGCSsGAQQBsT4BADA7MDkGCCsGAQUFBwIBFi1odHRwOi8vY3liZXJ0cnVzdC5vbW5pcm9vdC5jb20vcmVwb3NpdG9yeS5jZm0wCwYJKwYBBAGCNyoBMEIGCCsGAQUFBwEBBDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL29jc3Aub21uaXJvb3QuY29tL2JhbHRpbW9yZXJvb3QwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUF"}
01516{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":990634,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"pkt":"PBXCt3IO0NQSxnP1CABFAANSCkZAAHYGGYqdOH7TwKgBIgG7yB4NinmsMUkVk4AY\/SBQngAAAQEIChktnhQ+MYfZBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NkcDEucHVibGljLXRydXN0LmNvbS9DUkwvT21uaXJvb3QyMDI1LmNybDAdBgNVHQ4EFgQUUa8kJpz0aCJXgCYrO0ZiFXsezKUwDQYJKoZIhvcNAQELBQADggEBAGli9oSRAMRvgnsk4UKipYuCXKfFRMvnUnZj03aeeOJpNbE4urCWxh+se8ayZXeLfY2uZLmljBfKWGXDrYL1xaL1AROTxn5E5cRh+gO2VsFy4cgoxWkhj6xu\/X9Dgza4wNagKP4aRb79k4yNpGR5HxTboZ8h3MBOexciF7G2PNOb4gqjfpmwwazY9IbfPNp9FJxAwXzSGG\/xTyZFCZWUXNrQmPj0TIKWEN6sMMsrrvmS6r95A\/weP6wJpD9l\/ZFPliSnzrROapYpF67AqN8XIvQX49wcOQZWEOrqtXQXPE7dfpEKqAt4B6cxRAgxqxiEDxKc596ELOltk0W\/qME\/NNwMAAFnAwAYYQTTN3+FNDwR9eQeYOtvGQZc+LyhevxS5+nlWdkwyQdoN8m1+2TrSW23TxxjbLbMZoXA+i+E6BgARpsJXZy4miOppb32qv9x1t203eD1ERk7k5Ne4\/vHdrClQby6SNFwJX8BAAl\/ijfHVX974KM6wxLtSAfJWttdJMe9phrgwFSWtGSLSkLj7JTk0LOh5eeCvEEKc4XyfO+z9QBr3NsQn+vRBXoi+ZRFdXLZuvlXGipZ\/ucfqfIHMXWjrHlXR\/LFLQ+XNzDn0xc5\/t+\/ZMdGuYxw0VImAhbjPejldJMh0hc4Qzp2SS0NTHC7fcQ2uR09eM6n6MWSLps2XhBpK1q\/8vPqNVAHTu5Iv6lpl++ND07Oxbi1BzAbCIjaCYOj1\/uDcOROeE+gjITbkOPynUa5ZqLz\/1LFziPCTlq8mC2+jxz2G855lLj0tgGab1j1m+m8pMnwqwxJ8XNN3IxLbO1GF2fXdkkOAAAA"}
-01195{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_tot_l4_data_len":4096,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":455,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","issuerDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
+01206{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":9,"flow_first_seen":1431970634729,"flow_last_seen":1431970634990,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3792,"flow_avg_l4_payload_len":421,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.gateway.messenger.live.com,*.beta.gateway.edge.messenger.live.com,*.by2.gateway.edge.messenger.live.com,*.sn1.gateway.edge.messenger.live.com","ja3":"06207a1730b5deeb207b0556e102ded2","ja3s":"5e4e5596180ebd0ac0317125ee490707","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2","issuerDN":"CN=*.gateway.messenger.live.com","fingerprint":"95:C4:07:41:85:D4:EF:AA:D9:1F:0F:1F:3C:08:BF:8E:8B:D0:90:51"}}
00436{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970634,"pkt_ts_usec":990686,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tBlAAEAGqNTAqAEinTh+08geAbsxSRWTDYp8yoAQ\/\/+ARgAAAQEICj4xiCMZLZ4U"}
00581{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":6082,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"0NQSxnP1PBXCt3IOCABFAACfFfJAAEAGRpHAqAEinTh+08geAbsxSRWTDYp8yoAY\/\/8YnwAAAQEICj4xiDMZLZ4UFgMBAGYQAABiYQSrq03YfHFl820bvS6W0Qg6ooFgejoxhjE8+5PigHKrLNmVczXJQCrkQ4zH0r4Tyq5CcJvbEQQ6XgJDw4iF3in7mO06MpCaUPpZUq2g8z5yNwkoaNsdB2jO9aO23OTlK6Y="}
00433{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":140069,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0kzBAADMGIXWdODQcwKgBIpxJyB3uE3m6CtkEtIAQAB0KtwAAAQEICkxf6oo+MYfs"}
@@ -65,26 +65,26 @@
00445{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":140625,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8y75AAEAG297AqAEinTg0HMgdnEkK2QS07hN6BYAYECkGOAAAAQEICj4xiLhMX+qKABUsdMFxBVE="}
00436{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":292806,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0FXVAAHYGEXmdOH7TwKgBIgG7yB4NinzKMUkV\/oAQ\/LWC9gAAAQEIChktnjM+MYgz"}
00519{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":292905,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"0NQSxnP1PBXCt3IOCABFAABv\/ThAAEAGX3rAqAEinTh+08geAbsxSRX+DYp8yoAY\/\/9rIgAAAQEICj4xiVAZLZ4zFAMBAAEBFgMBADBQZqpRu3lF7RSGvtBgMw1mSnNGu4DvBvveLkv5kkOygzRoC+lc04nMGjZN3fCN3gs="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431970635325,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431970635325,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":325136,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA657QAAEARD4vAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431970635325,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1431970635325,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"ui.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00518{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":367533,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"PBXCt3IO0NQSxnP1CABFAABvF85AAHYGDuWdOH7TwKgBIgG7yB4NinzKMUkWOYAY\/Ho6CgAAAQEIChktnjk+MYlQFAMBAAEBFgMBADAE6Vbf2ar\/mJLYKulsBWZHlkQ4OKZ3utTO4lzLpQZ4uuQKcuuOHkCvyMCCR6EuLpw="}
00436{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":367607,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0w0pAAEAGmaPAqAEinTh+08geAbsxSRY5DYp9BYAQ\/\/99yQAAAQEICj4xiZoZLZ45"}
00449{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":375402,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA4MoAAEARFm\/AqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00448{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":375527,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWkkAAEARnPDAqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431970635433,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431970635433,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":433165,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"0NQSxnP1PBXCt3IOCABFAABECpEAAEAR7KTAqAEiwKgBAfitADUAMI+fhgYBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431970635433,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1431970635433,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":489303,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA1+K0AQBV0hgaBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAMABBfOIaY="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1431970635489,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1431970635489,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":489934,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPS1AAEAGAk3AqAEiF84hpsgfAbv4Tz2XAAAAALAC\/\/9zuAAAAgQFtAEDAwUBAQgKPjGKEwAAAAAEAgAA"}
00452{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":531097,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDdt0AAEARgFnAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
00453{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":531215,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDiigAAEARbQ7AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
00445{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":534408,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yB8YNTxd+E89mKASOJCdjgAAAgQFrAQCCArsPW3FPjGKEwEDAwU="}
00434{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":534489,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0P2xAAEAGABrAqAEiF84hpsgfAbv4Tz2YGDU8XoAQECz0iAAAAQEICj4xij\/sPW3F"}
00688{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":535479,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADta4RAAEAG00jAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwtoAAAAQEICj4xikDsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":32,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1431970635489,"flow_last_seen":1431970635535,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":185,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apps.skype.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00444{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":681147,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA762oAAEARC9TAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
00445{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":681276,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7\/zoAAEAR+APAqAEiwKgBAcLIADUAJ6plKNsBAAABAAAAAAAAA2FwaQVza3lwZQNjb20AABwAAQ=="}
00450{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":827854,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/rmUAAEARSNXAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="}
@@ -92,19 +92,19 @@
00465{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":828106,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLWNIAAEARnlzAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
00465{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":828184,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLGiMAAEAR3QvAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
00688{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970635,"pkt_ts_usec":871447,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtH0JAAEAGH4vAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwsUwAAAQEICj4xi43sPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431970636044,"flow_last_seen":0,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":229,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":229,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431970636044,"flow_last_seen":0,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00701{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":44810,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"PBXCt3IO0NQSxnP1CABFAAD5QB1AADEGlPMRj6CVwKgBIhRnxOfKLqrmIALxFIAYAQoi5AAAAQEIClVX3cw+MS9sFwMBAMAQLvPrUolszeBH4PjooKgoykESMntuxk1Te2w+x8Oya6GSybBw6qqEM+wWK2sXwWrrizJ5XKzKOAmSZesb7xCcv3da\/+28YcXK\/F7zVFmE31vvvLV8YkG8GBOlPbpZKZERb9mwy2LwmHQtz7O0hAoAaXw9xzeYM92S6l8kX5r5cFIIVhHHc18X56Qt2VFcbjB+OTKH9K3bn722DOl83K579IAjLFDRbrYAdebZ2GL8xgCQwxYSG690LowE4mV3zjs="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431970636044,"flow_last_seen":0,"flow_tot_l4_data_len":229,"flow_min_l4_data_len":229,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":229,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1431970636044,"flow_last_seen":0,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00433{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":44874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"}
00556{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":45750,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"}
00433{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":261075,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0QB5AADEGlbcRj6CVwKgBIhRnxOfKLqurIALxboAQAQqiwwAAAQEIClVX3qQ+MYw5"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431970636300,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431970636300,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":300980,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLV\/cAAEARnzfAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431970636300,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431970636301,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00671{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1431970636300,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431970636301,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":301275,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLvh0AAEARORHAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431970636301,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431970636340,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1431970636301,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1431970636340,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":340726,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAozBAAEAGBGnAqAEinTg0HMggAbskulgsAAAAALAC\/\/+RjgAAAgQFtAEDAwUBAQgKPjGNXAAAAAAEAgAA"}
00688{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":342517,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADt1GlAAEAGamPAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwqgwAAAQEICj4xjV3sPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00446{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":369700,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89txAAEAGsMDAqAEinTg0HMgdnEkK2QS07hN6BYAYECkBeAAAAQEICj4xjXhMX+qKABUsdMFxBVE="}
@@ -125,7 +125,7 @@
00466{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":919674,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLHJUAAEAR2pnAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
00466{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970636,"pkt_ts_usec":919859,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLIxUAAEAR1BnAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
00690{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970637,"pkt_ts_usec":84621,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtI\/5AAEAGGs\/AqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwnqwAAAQEICj4xkDXsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1431970637197,"flow_last_seen":0,"flow_tot_l4_data_len":646,"flow_min_l4_data_len":646,"flow_max_l4_data_len":646,"flow_avg_l4_data_len":646,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1431970637197,"flow_last_seen":0,"flow_min_l4_payload_len":626,"flow_max_l4_payload_len":626,"flow_tot_l4_payload_len":626,"flow_avg_l4_payload_len":626,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01275{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970637,"pkt_ts_usec":197675,"pkt_caplen":680,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":680,"pkt_l4_len":646,"pkt":"0NQSxnP1PBXCt3IOCABFAAKaWZdAAEAGpyzAqAEiEaxkJMgbAbtPoUTcdzmC\/1AY\/\/+3vwAAFwMDAm2oQWYRyP748hMxFdAlY7EpLrN6kLughwvFpazZiqEW\/OZDc+EJPuHs5foI32Mtbk82IkMifsIYZr\/HgiWjp+qREkYwozIjDKA5RZr7pIvzcneHU5GjcfdA5I77GYqEliHbS2doHbevDGi5Wa7sLiRbXMA02aUJUp\/5WaIoIiwbOjRHFDMfCP5Z0\/J4lyMuhvKCpFQAO\/2wsDj\/MPbX5tlaL2EUm+IAfj6k00l5GWxpD7mtGhNIVcb8QkIXInLtd3tVvIfRqABdUPRdVk\/Oh8BYWO2hK2Jb5ytXLiGpVvyovjVj1ZXrjmeVOKzHYpnRvZZVE8aFr66jGGaGqwDLQKMakQCl3AK9obxhTX7luk8wNkyeGegCmXzvS4PBGTePDaeLJKSaHfRaaHCxBYP0IhnBKAC4N2jJ7aD0fuZCHAZyigwXRHRquVVgktLhkQLT0TrYI3l3qtmwkgNW3jlZmJ4UQcSOvOidllHsQvfEINIQuYffVEsqMVhXTG+aIO0hcL5jGoK\/2RywKg2\/ZDMiN+K9iSmWjEbwWSaN\/mkdtJTUxH4QcdrB9ORkHB0HW3rfKB\/TAafOnsKWi\/W1MbdmydveZGvrEmiyhj4NuiYhmxDSjj3\/4SRSy9HQ4Wxnu49AdVNnLycIUgrlledmcfb74m5EfYew5ExynB0kOvO\/AHcy3+wEfzmIbZkColXfZHhSlTlGEbBImUFDQWKlAJ0uaFUTw3Rq+PzDdQpZCLYV+ZYFyGNzuzH6vpabtmD1cwx0eABQdDvMezqNrzbAEH58b+AaG+h547E5oMr20bNoOdWJxGzZ\/kyAHLEf4gPOQ8A="}
01201{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970637,"pkt_ts_usec":197747,"pkt_caplen":622,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":622,"pkt_l4_len":588,"pkt":"0NQSxnP1PBXCt3IOCABFAAJg3uZAAEAGIhfAqAEiEaxkJMgbAbtPoUdOdzmC\/1AY\/\/82dAAAFwMDAjP0A3EPvtkTeRb8cFQp6pny5RM9Gnq4g+tevwtE\/WP22C8Uri1KdT3EBD+yCpMq\/b87CkoZm1+57ReFpRxcXXNbv8fmUZp4LfXGYAKK\/pxeeUvalXmICe2lECt2CjjUSRyUKdAGFZrNvCY2\/wZUpBfyYa\/+rlJcFwW3DXHOhnHdn4QEUo73+QW6pHlQGunmF0QmCQanElT8N\/bMb3RJnCc61l4RycIlVAF6Ksg5HA\/PKrYlV2XNEp7ur7RV1bzdvrRDp05wQjE83yF2+\/Zqwt4MRXssBShrwnb3hEuuMcZgQoFkEhY58EVGP3Ljm+RQgt\/RdUWzV6sjs4TAaqiNuIwUaqv+AfsmnLhujtd9Hc6+ZcJ9yMianW3O6MVxJ70OU7QnQRAi9B2JbRVg59CxbKPbN0bnPbMKE5N39MjxBkYm0yiOiyiHl0P3Xm8ltEin3BwY+GDkHhnXcwEeooC2S1\/4ktGCaZHkn\/k2Szc8GZnaGTWNnahHoy\/YkjOOXbjpA1O9h79pJ7aYrlRvBOm3f1m9CJ9BUs\/FU4sHmdZR0BiRQukoVRFc42QMlL7+4m6\/BxZQimsAq\/phHH03+2+AKsxWWcE29ndM6W1tas2nE7vfTX1S5m\/YyEFVMUyOo5pk7CkRxQvvBfhIGFzzhSjuVThl8iSAOkaF9xkVKPHRO\/JJKo90DAl86kKSFj0IAulnEwTwaRdIuubGGi2tTWanj85dryrFg8Q4mVv2pDFEoHGcuAXqGw=="}
00428{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970637,"pkt_ts_usec":339430,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAo8lZAAO8GYd4RrGQkwKgBIgG7yBt3OYL\/T6FHTlAQnYx\/rgAAAAAAAAAA"}
@@ -165,25 +165,25 @@
00689{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970640,"pkt_ts_usec":703791,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtM5xAAEAGCzHAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwZuwAAAQEICj4xniXsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00467{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970641,"pkt_ts_usec":479360,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLXS8AAEARmf\/AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00466{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970641,"pkt_ts_usec":479551,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLJjoAAEAR0PTAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1431970634648,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61016,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431970632290,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":169011,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"0NQSxnP1PBXCt3IOCABFAABQHEVAAEAGi0TAqAEinTg0HMggAbskulh14+mZNYAYECy1swAAAQEICj4xo95MX+wkj\/+\/FJjGnvuHRd2oWYqGsDWb1go6xLS\/RXUyPQ=="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431970642408,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431970642408,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":408833,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkRoAAEARZRPAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431970642408,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1431970642408,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00479{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":408989,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOP7YAAEARtnfAqAEiwKgB\/wCJAIkAOrIIRXEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
00479{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":409032,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkDsAAEARZfLAqAEiwKgB\/wCJAIkAOrIDRXYBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
00505{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":409146,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABgJtAAAEARz0vAqAEiwKgB\/wCJAIkATHVQRXdAEAABAAAAAAABIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAAAgAAHADAAgAAEAAAOEAAZgAMCoASI="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431970642412,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431970642412,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":412443,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARtFGRXKFgAAAAAEAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAEAA\/SAAAaAAMCoAQE="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431970642412,"flow_last_seen":0,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":70,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1431970642412,"flow_last_seen":0,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00490{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":413917,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARnhKRXGFgAAAAAEAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAEAA\/SAAAYAAMCoAQE="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431970642414,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431970642414,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00646{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":414142,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKa30AAEARijTAqAEiwKgB\/wCKAIoAtudmEQJFcMCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAG9FEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRuRQAA"}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431970642414,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431970642417,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1431970642414,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431970642417,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00653{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":417815,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKmzEAoqm8CoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFuRQAAQUxJQ0VHQVRFAA=="}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431970642417,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1431970642417,"flow_last_seen":0,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00470{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":418040,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"0NQSxnP1PBXCt3IOCABFAABOXUsAAEARmeDAqAEiwKgBAQCJAIkAOtIRRXgAAAABAAAAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAE="}
00713{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":429802,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"PBXCt3IO0NQSxnP1CABFAAEBAABAAEARtnjAqAEBwKgBIgCJAIkA7VV4RXiEAAAAAAEAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAEAAAAAAK0HQUxJQ0VHQVRFICAgICAgAAQAQUxJQ0VHQVRFICAgICAgAwQAQUxJQ0VHQVRFICAgICAgIAQAAQJfX01TQlJPV1NFX18CAYQAV09SS0dST1VQICAgICAgHQQAV09SS0dST1VQICAgICAgHoQAV09SS0dST1VQICAgICAgAIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
00450{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970642,"pkt_ts_usec":592149,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABABnoAAEAR8L\/AqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
@@ -197,92 +197,92 @@
00465{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":98205,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLrQ0AAEARSiHAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
00466{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":98290,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLoG8AAEARVr\/AqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
00443{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":603808,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6D08AAEAR5\/DAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":669769,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOBnEAAEAR74LAqAFcwKgB\/wCJAIkAOrExRg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00646{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":670155,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAADKWJAAAEARnOfAqAFcwKgB\/wCKAIoAtjdgEQJGDcCoAVwAAACgAAAgRU1GRkVERUJGRENORUpFTkVCRURDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAACwUAAAxGEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQQLRgAA"}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":499,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00479{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":670179,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOM9EAAEARwlzAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00479{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":670180,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABO8TcAAEARBPbAqAEiwKgB\/wCJAIkAOrIDRXYBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
00505{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":670278,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABggQQAAEARdRfAqAEiwKgB\/wCJAIkATHVQRXdAEAABAAAAAAABIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAAAgAAHADAAgAAEAAAOEAAZgAMCoASI="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00479{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":670427,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAABOJN8AAEAR0RTAqAFcwKgB\/9JCAIkAOpbmnKMBEAABAAAAAAAAIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":503,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00490{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":673228,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARtFGRXKFgAAAAAEAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAEAA\/SAAAaAAMCoAQE="}
00490{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":673653,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"PBXCt3IO0NQSxnP1CABFAABaAABAAEARtx\/AqAEBwKgBIgCJAIkARnhFRXaFgAAAAAEAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAEAA\/SAAAYAAMCoAQE="}
00646{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":673804,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAADKHC4AAEAR2YPAqAEiwKgB\/wCKAIoAtt1hEQJFdcCoASIAAACgAAAgRU1GRkVERUJGREVORUJFREVDRVBFUEVMRkFGQ0VQQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAIAAHRFEQAABgAAAAAAAAACAAAAAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQRzRQAA"}
00653{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":676499,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"pkt":"PBXCt3IO0NQSxnP1CABFAADUAABAAEARtqXAqAEBwKgBIgCKAIoAwKSxEAoqncCoAQEAigCqAAAgRUJFTUVKRURFRkVIRUJGRUVGQ0FDQUNBQ0FDQUNBQUEAIEVNRkZFREVCRkRFTkVCRURFQ0VQRVBFTEZBRkNFUEFBAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAEAAAAAAAAAAAAAAAAAAAAAAAAAAQAFYAAwABAAEAAgAhAFxNQUlMU0xPVFxCUk9XU0UACgFzRQAAQUxJQ0VHQVRFAA=="}
00470{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":676745,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"0NQSxnP1PBXCt3IOCABFAABOhtkAAEARcFLAqAEiwKgBAQCJAIkAOtIQRXkAAAABAAAAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAE="}
00713{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":680280,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"PBXCt3IO0NQSxnP1CABFAAEBAABAAEARtnjAqAEBwKgBIgCJAIkA7VV3RXmEAAAAAAEAAAAAIEVCRU1FSkVERUZFSEVCRkVFRkNBQ0FDQUNBQ0FDQUNBAAAhAAEAAAAAAK0HQUxJQ0VHQVRFICAgICAgAAQAQUxJQ0VHQVRFICAgICAgAwQAQUxJQ0VHQVRFICAgICAgIAQAAQJfX01TQlJPV1NFX18CAYQAV09SS0dST1VQICAgICAgHQQAV09SS0dST1VQICAgICAgHoQAV09SS0dST1VQICAgICAgAIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431970643964,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431970643964,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970643,"pkt_ts_usec":964341,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NACoR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqSjYAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431970643964,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1431970643964,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00689{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":73243,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtJ+NAAEAGFurAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECwMkgAAAQEICj4xq07sPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":120720,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"PBXCt3IOxCwDBkn+CABFAACAhzsAAP8RkTHAqAFc4AAA+xTpFOkAbM4wAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxiwD\/\/4GSf7ADAABgAEAAAB4AATAqAFcwAwAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/g=="}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00577{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":121096,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7xCwDBkn+ht1gAU9NAGwR\/\/6AAAAAAAAAxiwD\/\/4GSf7\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsYIEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADGLAP\/\/gZJ\/sAMAAGAAQAAAHgABMCoAVzADAAcgAEAAAB4ABD+gAAAAAAAAMYsA\/\/+Bkn+"}
-00583{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00595{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":513,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00448{"flow_id":10,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":148535,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FR5AAEAGkn\/AqAEinTg0HMgdnEkK2QS07hN6BYAYECnjVgAAAQEICj4xq5lMX+qKABUsdMFxBVE="}
00466{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":547596,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLb0kAAEARh+XAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00466{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":547740,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLkaoAAEARZYTAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970644,"pkt_ts_usec":777198,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+iz0AAEARV8bAqAEinTc4qjLdnE8AKqlOercCgeG1zG2vbzPj0KjKJlzB46QihppHpHZWBMh9hdX\/8Q=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970645,"pkt_ts_usec":790194,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA533AAAEARH43AqAEib91KDzLdnFoAJRqBerkCLcYyzYQBZ1UUv9afmdL8U47Y0EMKk9GOcm8="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970645,"pkt_ts_usec":790194,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IE0AAEAReEHAqAEiQTffITLdnEIAKKkPersC6xhZmoz4NcwgQN8Oq77mdsG6aJAJEzSI01rU6ec="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":519,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970645,"pkt_ts_usec":790377,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7MzsAAEARLhjAqAEiQAQXkTLdnFsAJ6Pner0C2KbUw2DxbMk3cWJigGAv5JrHPRhWYHrZrKFH\/Q=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970645,"pkt_ts_usec":790378,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+dlAAAEARIrjAqAEinTeCpTLdnFwAKmyyer8CyymJmKIvjgybbxj4QUGrEeWW\/O+vVrSV+3Rj4Yjh8w=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970645,"pkt_ts_usec":790378,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6yaYAAEARHe\/AqAEinTg0GzLdnFkAJhz6esECVdgpKZUPSYYd3u6m4rCVVtMoL0MGJKJcpPJg"}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":522,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00730{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":526093,"pkt_caplen":279,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":279,"pkt_l4_len":245,"pkt":"PBXCt3IO0NQSxnP1CABFAAEJQB9AADEGlOERj6CVwKgBIhRnxOfKLqurIALxboAYAQqNlQAAAQEIClVYBlc+MYw5FwMBANBBPnYQ3MvLTtMYdbz0\/DlZYXrEXIv2\/rH+drT1aX9evssLuVRMDl3QSMVQ5mEY0\/AMVWIBvH6FB7+VLmLzLBAlApwIR\/pgZ8dHNQ+FR9uDZJv8y\/k81NO6WrgsBaMbre5mHzeJJa\/1PvYSNghTDfU7tyJC\/BuhouOcubsp78rR9\/PeoVc8nRc15q6ePgewOeEXV7cwouwXYH5r22PZtMDOfowJ3WUbhMyTHrhhLUTwNC6TLywCmXjGJCy\/vKgI21C6KbUoV5dQmUZJn5EWFr7D"}
00435{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":526191,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA04y5AAEAG46bAqAEiEY+glcTnFGcgAvFuyi6sgIAQD\/lCpAAAAQEICj4xtOFVWAZX"}
00558{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":528090,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOcKNAAEAGVdjAqAEiEY+glcTnFGcgAvFuyi6sgIAYEAD3WAAAAQEICj4xtOJVWAZXFwMBACDuYk2bwgTyOXwC51MmgFGi2ZbfVRwCbzRfkIv9V7lkERcDAQAwIXJA9A7j3DEsaoI+VAhi19LwoM0S0IRXaTeOOjxSOxnOIy\/Lo5axDlu3HMFCyqNA"}
00434{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":741540,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0QCBAADEGlbURj6CVwKgBIhRnxOfKLqyAIALxyIAQAQpP+gAAAQEIClVYB5U+MbTi"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":799914,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7AJsAAEAR\/k3AqAEib91KIjLdnFsAJ+15esMC4VlNRvu3By\/5s5rGR+P6LgoKPKR7nd4t4OfW1A=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":799914,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/TKMAAEAR42DAqAEinTfrqDLdnFgAKzONesUCSrWxfzMM\/u+ve5H0njBV7f1MGIL\/NDrkYJJdktuSF9Y="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":799986,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5mqYAAEARlXzAqAEinTfrjzLdnF4AJa4yescCvwHYJJA0SDNaHmIGriSDO5fklPid0RnUmyQ="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":799987,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1cmsAAEARiRbAqAEib91NjzLdnFYAIbzweskC5JgrRdKtWjAuXzT2S5r85LjjhllfqQ=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970646,"pkt_ts_usec":799987,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA42pAAAEARJFHAqAEib91KLDLdnFMAJIhoessC81Jpsjijfp0Q\/Q0jMgS+1lTSx5HXr8lZjQ=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00478{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":110720,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"0NQSxnP1PBXCt3IOCABFAABQmndAAEAGDRLAqAEinTg0HMggAbskulh14+mZNYAYECyiagAAAQEICj4xtydMX+wkj\/+\/FJjGnvuHRd2oWYqGsDWb1go6xLS\/RXUyPQ=="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":810412,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zV0AAEARYhbAqAEi1cezrTLdnE0AJlZnes0Ccg7v+3Lfid3osaqIFpFm\/v4o\/QqgzaHMxbGQ"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":810413,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1vrcAAEARJFjAqAEinTc4pzLdnFgAIREees8CCCEtcEeglQLd7mhp21iK7rcni5fedw=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":563,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":810480,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9vysAAEARohHAqAEiQAQXpTLdnEQAKTALetECX1BVIaBDDxsr7kKWybF1ggh0MeIv40Hl0rhawj9H"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":810480,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4G6EAAEARfQHAqAEiQTffETLdnFkAJOrWetMCvMga3ljFR4ptkQ1XTBYwQJAI0\/6MTBVdPQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970647,"pkt_ts_usec":810480,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1FVUAAEARg0\/AqAEiQTffEjLdgQkAIczZetUCcHkMN3GT\/RrB0G0KocMuGJme8meMAw=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431970648367,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431970648367,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00801{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":367692,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":333,"pkt_l4_len":299,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE\/BH4AAAQR\/4\/AqAD+7\/\/\/+gQBB2wBK+71Tk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cG5wOnJvb3RkZXZpY2UNCg0K"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431970648367,"flow_last_seen":0,"flow_tot_l4_data_len":299,"flow_min_l4_data_len":299,"flow_max_l4_data_len":299,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1431970648367,"flow_last_seen":0,"flow_min_l4_payload_len":291,"flow_max_l4_payload_len":291,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00823{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":368249,"pkt_caplen":351,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":351,"pkt_l4_len":317,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFRBH8AAAQR\/3zAqAD+7\/\/\/+gQBB2wBPQhzTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"}
00895{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":368833,"pkt_caplen":405,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":405,"pkt_l4_len":371,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGHBIAAAAQR\/0XAqAD+7\/\/\/+gQBB2wBc+ePTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1JbnRlcm5ldEdhdGV3YXlEZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCg0K"}
00888{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":369351,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"pkt":"AQBef\/\/6oPPBbTu2CABFAAF\/BIEAAAQR\/0zAqAD+7\/\/\/+gQBB2wBawDYTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6TGF5ZXIzRm9yd2FyZGluZzoxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLUludGVybmV0R2F0ZXdheURldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6TGF5ZXIzRm9yd2FyZGluZzoxDQoNCg=="}
@@ -292,54 +292,54 @@
00819{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":470636,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFNBIUAAAQR\/3rAqAD+7\/\/\/+gQBB2wBOS6hTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1XQU5Db25uZWN0aW9uRGV2aWNlLTE5MjE2ODAyNTQ3ODkwMDAwMQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1XQU5Db25uZWN0aW9uRGV2aWNlLTE5MjE2ODAyNTQ3ODkwMDAwMQ0KDQo="}
00887{"flow_id":49,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":471194,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGBBIYAAAQR\/0XAqAD+7\/\/\/+gQBB2wBbXKDTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBUUC1MSU5LIFdpcmVsZXNzIE4gTmFubyBSb3V0ZXIgV1I3MDJOLCBVUG5QLzEuMA0KVVNOOiB1dWlkOnVwbnAtV0FOQ29ubmVjdGlvbkRldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCg0K"}
00880{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":471824,"pkt_caplen":393,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":393,"pkt_l4_len":359,"pkt":"AQBef\/\/6oPPBbTu2CABFAAF7BIcAAAQR\/0rAqAD+7\/\/\/+gQBB2wBZ2gITk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBUUC1MSU5LIFdpcmVsZXNzIE4gTmFubyBSb3V0ZXIgV1I3MDJOLCBVUG5QLzEuMA0KVVNOOiB1dWlkOnVwbnAtV0FOQ29ubmVjdGlvbkRldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":822506,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/tTsAAEAR41DAqAEiQTffIDLdnFYAK5o2etcCQsTVfNgeznDqGm3ssKnJOluDwQd072c+I4wlse7Ecr8="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":822569,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1vAAAEARJ\/bAqAEib91KITLdnEsAKklketkCS\/KCvZwmcOx3xDmHrpkfhUG8CXubM92mElOOFhZFlQ=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":822569,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6md0AAEARSUPAqAEinTc4kTLdnEgAJsmIetsCpJOMytcJAiTHtz9O4hYGu7tAbRVxbii4hHFE"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":822569,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5n+IAAEAR+MLAqAEiQTffDTLdnEkAJdiCet0C1RhCM\/VIp+W5EaRfz2WprIWREBw71gUfrFc="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":822579,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA29EUAAEAR81vAqAEinTg0EzLdnFQAIrQSet8CIfzcSNY9VVu6zPT0+wzX1iqsIu28Tro="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":880273,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISCYEAAEARrZDAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01087{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":880591,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAIStlkAAEARPhDAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":979653,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAIS99EAAEARvwXAqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01087{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970648,"pkt_ts_usec":982373,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISMXYAAEARwrnAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777390,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABADS1AAEAG4vXAqAEinTfrk8ginEEPp71\/AAAAALAC\/\/+7IQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777525,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAvnJAAEAGmhbAqAEiQTffLcgjnEma5hywAAAAALAC\/\/85DwAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777696,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABATBhAAEAGcsvAqAEib91KLcgknEjYMAm6AAAAALAC\/\/91FQAAAgQFtAEDAwUBAQgKPjHBiQAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777888,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5i9YAAEARDTHAqAEinTeCqzLdnEwAJdiNeuEC3c6rdtKsOez6ZXpeJVa7dJ779QK3\/h1JCUU="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777963,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4dm4AAEARIgTAqAEiQTffQTLdgQkAJKmFeuMCyKqN77xeuXZwH4mCRZ2EnuTirQv1Yiuj0A=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777964,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4qTUAAEARhmHAqAEi1cezjDLdnEMAJE+IeuUC57gN1FWjl+cH4OXx7LBzSKM5WN7Ui1CRpw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":777990,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAx6cAAEARH9zAqAEinTg0JzLdnF8ALF\/teucC9OsZNQfegPGKe6bjID0chTfhFg98J57+zrR\/SJSxjuh7"}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":778021,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+a34AAEARfBXAqAEinTg0GTLdnEoAKvPOeukCU4Ora98LBiEx3upKt3C\/idNCTbgKHnJdEXlx5pIWdA=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00435{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":834167,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NmVAAEAGcUDAqAEinTg0HMgdnEkK2QS87hN6BYARECnAggAAAQEICj4xwcBMX+qK"}
00435{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":834168,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0nplAAEAGCQzAqAEinTg0HMggAbskuliR4+mZNYARECzWtAAAAQEICj4xwcBMX+wk"}
00446{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970649,"pkt_ts_usec":858177,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIpxByCKHTehVD6e9gKASOJCRTQAAAgQFrAQCCApMYEY4PjHBiQEDAwk="}
@@ -366,23 +366,23 @@
00446{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":387919,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8lg5AAEAGKNnAqAEib91KLcgknEjYMAoJdih2JIAYEClpAAAAAQEICj4xw+RNh6yILYCuK5us2zw="}
00446{"flow_id":60,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":570011,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hBhAAEAG1HTAqAEiQTffLcgjnEma5hzvzyelXIAYECkeiwAAAQEICj4xxJpNlOiwwc7xhOCNCBA="}
00690{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":631191,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtnd9AAEAGoO3AqAEiF84hpsgfAbv4Tz2YGDU8XoAYECzzCAAAAQEICj4xxNfsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431970650785,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1431970650785,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":785836,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAQ6lAAEAGFV3AqAEinTeCsMglnFZwrI8vAAAAALAC\/\/\/tTwAAAgQFtAEDAwUBAQgKPjHFcQAAAAAEAgAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":786156,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ax0AAEARLXbAqAEiQTffHDLdnE4AKA\/ueusCO4\/2IMsd1vZVtYtrG4KJHI0MKaf\/zYcpuYfyCTg="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":786157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA02DgAAEARwOTAqAEinTeCmjLdnE0AIDT4eu0C9+f6EdNHv7hYXHZqXAueiqwkwiBF"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":786177,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+20MAAEARvT3AqAEiQTffLDLdnFQAKsWAeu8CRodfDjWwQgXB9ThlvK8WB1Z6kJ0K1lKVKQH1\/lgrJA=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":786305,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA++5AAAEARZaPAqAEiQAQXrTLdnFEAKkiDevECuUkWpyPJriCjpMdyVTxdl5EcBPkRY6\/lJZGF7hytnA=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":786315,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/bcAAEARMcnAqAEi1cezmjLdnFEALEFuevMCLFThLGMqgdMtKoErvKHNoLTdO9PKUomxAAk6+9gobSzp"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":649,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00446{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":909954,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIpxWyCXC803gcKyPMKASOJCo1gAAAgQFrAQCCApOqL1kPjHFcQEDAwk="}
00435{"flow_id":67,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":910057,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0eB9AAEAG4PLAqAEinTeCsMglnFZwrI8wwvNN4YAQECz\/hAAAAQEICj4xxe1OqL1k"}
00508{"flow_id":67,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970650,"pkt_ts_usec":910605,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"0NQSxnP1PBXCt3IOCABFAABoLuFAAEAGKf3AqAEinTeCsMglnFZwrI8wwvNN4YAYECw4GgAAAQEICj4xxe1OqL1kQDBPNYAQZj8RkGWwccFpRJKeMgR0hR6+94lop5uzmYWORKswp70IIqGKetrWefi+S4Dxbg=="}
@@ -391,11 +391,11 @@
00541{"flow_id":67,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":36724,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"PBXCt3IO0NQSxnP1CABFAACC8GNAADcGcWCdN4KwwKgBIpxWyCXC803hcKyPZIAYAB0RJQAAAQEICk6ovYQ+McXtHitk1rXbGCBHeHaSSNzGsVxElPEVR\/vbxjlAVuu1ETdC29OeKffCUxNeoarv0xwO52ztOuM4SeafxGVSGxBBflcc3WpT6DkWD3RVgovA"}
00433{"flow_id":67,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":36808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0kUFAAEAGx9DAqAEinTeCsMglnFZwrI9kwvNOL4AQECn+ZwAAAQEICj4xxmtOqL2E"}
00445{"flow_id":67,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":37395,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ry1AAEAGqdzAqAEinTeCsMglnFZwrI9kwvNOL4AYECnUTwAAAQEICj4xxmtOqL2E+DHKQRbsUKg="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":380247,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABADJRAAEAG447AqAEinTfrk8gmAbvxz5x7AAAAALAC\/\/+ORwAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":380427,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+dJAAEAGXrbAqAEiQTffLcgnAbvOrmZyAAAAALAC\/\/9P1wAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1431970651380,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":380673,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAiTBAAEAGNbPAqAEib91KLcgoAbtIes+yAAAAALAC\/\/\/TJAAAAgQFtAEDAwUBAQgKPjHHwQAAAAAEAgAA"}
00447{"flow_id":60,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":419881,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FVJAAEAGQzvAqAEiQTffLcgjnEma5hzvzyelXIAYECkbPQAAAQEICj4xx+hNlOiwwc7xhOCNCBA="}
00447{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":444501,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iadN+uTwKgBIgG7yCZm7uws8c+cfKASOJB\/agAAAgQFrAQCCApMYEfJPjHHwQEDAwk="}
@@ -416,21 +416,21 @@
00449{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":690614,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjPwAAEARaj3AqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00454{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":802418,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDLMAAAEARynbAqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
00453{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":802490,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDFisAAEAR4QvAqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":850367,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fnAAAEARsRvAqAEi1cezkjLdgQkAKdgxevUC7H9CpX1vDFjUgifamALKVmn9IG\/Fgz6DNfXKD8OP"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":850367,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/x4wAAEARZ+\/AqAEi1cezoDLdnF4AKxOyevcCGvABkprWeh8EUhOC0BCTnmpfRyuj2xsq6jfI1V+MUC4="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":681,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":850367,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1mAEAAEART6jAqAEinTg0DDLdnF8AIfBgevkCw9fuW226FZ\/i0VkBrMngLZ\/OvlepsQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":682,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":850440,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAT+gAAEAREWjAqAEiQAQXjzLdnFIALKj4evsCuV\/AUAbJFwXr2TpK\/p9BHGpZ+kg1tywBGmcFc5l3l+UA"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":683,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":850441,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5DD0AAEARIzfAqAEi1cezrjLdnFkAJTHjev0CDsFSgVTjU3l7SB\/6pLcIO\/MFhUO5HKYdIt4="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":684,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00513{"flow_id":73,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":685,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":868482,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsOfhAAEAGtf7AqAEinTfrk8gmAbvxz5zEZu7sLYAYECxFrAAAAQEICj4xyaVMYEfZsJPOrYWxbQ2kS5GoHYZTSJUEAhUVjQ9Suc6gMln7jVEiXtQHYU+2Wg9JNG\/SECNBnGag8RNJ4KY="}
00448{"flow_id":59,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":950739,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8WcBAAEAGlmbAqAEinTfrk8ginEEPp73th03onYAYECk3\/QAAAQEICj4xyfdMYEZOu98xvI+OKgs="}
00434{"flow_id":75,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":972533,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0BRlAADYGw9Zv3UotwKgBIgG7yCgNTasMSHrP+4AQAB1dYgAAAQEICk2HrhU+Mcjn"}
@@ -439,57 +439,57 @@
00446{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970651,"pkt_ts_usec":994234,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7\/FwAAEAR+uHAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
00445{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":62750,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8p89AAEAGFxjAqAEib91KLcgknEjYMAoJdih2JIAYEClifgAAAQEICj4xymZNh6yILYCuK5us2zw="}
00521{"flow_id":74,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":164974,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxJMBAAEAGM5jAqAEiQTffLcgnAbvOrma7ApkXD4AYECx0mwAAAQEICj4xysxNlOpApvNYMEQS5cpK5u6346cd8BL2N20dvzqenZJMFcn1yRtBVTFQ\/i2ToNXpC7XoSTbRK6UPDCtXBWtUo6jCxA=="}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1431970649778,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.25","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.19","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.27","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.12","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.39","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1431970648979,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1431970648982,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1431970648880,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1431970643669,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1431970644120,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.65","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.173","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.145","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1431970643670,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":53826,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.33","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.44","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.143","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.15","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.34","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.28","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.44","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.32","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.17","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1431970648822,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.145","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.171","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.154","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1431970644777,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.170","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.167","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.168","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1431970645790,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.165","src_port":13021,"dst_port":40028,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1431970646799,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.143","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1431970649777,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1431970647810,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.173","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1431970650786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.174","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1431970651850,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":197267,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/RGQAAEARstbAqAEiwKgBAfWbADUAK9VUuF8BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAABAAE="}
00451{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":197349,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/82IAAEARA9jAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="}
00466{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":197408,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL34IAAEARF6zAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
00466{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":696,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":197514,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLl8AAAEARX27AqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
00447{"flow_id":67,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":697,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":375150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8CVlAAEAGT7HAqAEinTeCsMglnFZwrI9kwvNOL4AYECnPHAAAAQEICj4xy55OqL2E+DHKQRbsUKg="}
00513{"flow_id":73,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":385300,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsizZAAEAGZMDAqAEinTfrk8gmAbvxz5zEZu7sLYAYECxDqQAAAQEICj4xy6hMYEfZsJPOrYWxbQ2kS5GoHYZTSJUEAhUVjQ9Suc6gMln7jVEiXtQHYU+2Wg9JNG\/SECNBnGag8RNJ4KY="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431970652388,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1431970652388,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":699,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":388904,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAw4RAAEAGlYHAqAEinTeCsMgpAbtXW5NMAAAAALAC\/\/+W4QAAAgQFtAEDAwUBAQgKPjHLqwAAAAAEAgAA"}
00447{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":507478,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8S1pAAEAGXEPAqAEinTg0HMgdnEkK2QS07hN6BYAZECnCzQAAAQEICj4xzCFMX+qKABUsdMFxBVE="}
00446{"flow_id":81,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":513605,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGYgqdN4KwwKgBIgG7yCm78+IiV1uTTaASOJDDlAAAAgQFrAQCCApOqL71PjHLqwEDAwk="}
@@ -498,21 +498,21 @@
00434{"flow_id":81,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":704,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":637541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0XTdAADcGBNudN4KwwKgBIgG7yCm78+IjV1uTlYAQAB0p6wAAAQEICk6ovxQ+Mcwn"}
00530{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":705,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":637631,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3a8NAAEAG7QvAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECwneAAAAQEICj4xzKJOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
00442{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":706,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":702673,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6qdwAAEARTWPAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":859729,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyWSMAAEARpePAqAEib91KDTLdnEkAHvqKev8C0IwzOBgB3UEKOkJTX5CI9Vwhwg=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":859729,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1DNUAAEAR8g3AqAEib91KLjLdnFsAIUKoewECUhceSedyogxjoY07gc663Yk4liOtLw=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":708,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":859801,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6I1wAAEARDKfAqAEinTfrrjLdnFMAJnmaewMCB1Y35rB9hiYgpWTMLw7QXUk3fDnH35+GDlnt"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":709,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":859801,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8IkgAAEARdlHAqAEiQTffFjLdnEkAKNsyewUCeMezn62nslRHzPMr8rZBDWA5jghU5oMMawkbl98="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":859801,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2CdUAAEAR8anAqAEib91NkTLdnFgAIo9yewcCvaqOUinZ3k4PRY4yBX99xmfLU0z2qZs="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":711,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":60,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970652,"pkt_ts_usec":922001,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Cw9AAEAGTX7AqAEiQTffLcgjnEma5hzvzyelXIAYECkVaAAAAQEICj4xzb1NlOiwwc7xhOCNCBA="}
00520{"flow_id":74,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":12042,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxrEtAAEAGrAzAqAEiQTffLcgnAbvOrma7ApkXD4AYECxxUQAAAQEICj4xzhZNlOpApvNYMEQS5cpK5u6346cd8BL2N20dvzqenZJMFcn1yRtBVTFQ\/i2ToNXpC7XoSTbRK6UPDCtXBWtUo6jCxA=="}
00530{"flow_id":81,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":151309,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3wFhAAEAGmHbAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECwleQAAAQEICj4xzqFOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
@@ -523,61 +523,61 @@
00448{"flow_id":61,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":735813,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8zvFAAEAG7\/XAqAEib91KLcgknEjYMAoJdih2JIAYEClb+wAAAQEICj4x0OlNh6yILYCuK5us2zw="}
00448{"flow_id":59,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":750983,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA83+5AAEAGEDjAqAEinTfrk8ginEEPp73th03onYAYECkw\/AAAAQEICj4x0PhMYEZOu98xvI+OKgs="}
00448{"flow_id":67,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":821331,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8XLdAAEAG\/FLAqAEinTeCsMglnFZwrI9kwvNOL4AYECnJfAAAAQEICj4x0T5OqL2E+DHKQRbsUKg="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":869214,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA54bUAAEARt2bAqAEinTeCljLdnEcAJaaFewkCIUNJcqobuUolNpafXbellV+EM\/ULmpysjyw="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":869214,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBP+oAAEARp7DAqAEinTg0DzLdnFsALYwJewsCVNeDMJHHK\/Dt9HVlBuPPBbINu9bDjb8MSpCCrsrjyd0TEg=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":869278,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0mUYAAEARls7AqAEinTfrojLdnGEAICOXew0CZW2\/4VtO8SUcLK6ApfNDe+uaEMsE"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":869278,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6nacAAEARXcXAqAEib91NnzLdnF8AJrQGew8Ci4JWnsKyT6r3gHVnkQ4+dXrvzbvknlDqGmE\/"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":869279,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABB8NoAAEARcG\/AqAEiQAQXlDLdnF0ALRa1exECrGOk9zKZhpR5Z4LrruV\/92iAsqS9CAawX8X4D80kRASy7Q=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00530{"flow_id":81,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970653,"pkt_ts_usec":973551,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3yV5AAEAGj3DAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECwiRAAAAQEICj4x0dZOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
00521{"flow_id":74,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":499807,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxva5AAEAGmqnAqAEiQTffLcgnAbvOrma7ApkXD4AYECxrhAAAAQEICj4x0+NNlOpApvNYMEQS5cpK5u6346cd8BL2N20dvzqenZJMFcn1yRtBVTFQ\/i2ToNXpC7XoSTbRK6UPDCtXBWtUo6jCxA=="}
00514{"flow_id":73,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":678977,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABs0lFAAEAGHaXAqAEinTfrk8gmAbvxz5zEZu7sLYAYECw6uwAAAQEICj4x1JZMYEfZsJPOrYWxbQ2kS5GoHYZTSJUEAhUVjQ9Suc6gMln7jVEiXtQHYU+2Wg9JNG\/SECNBnGag8RNJ4KY="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":821677,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6wW8AAEARn+fAqAEiQAQXjjLdnFcAJg\/KexMCQ3jYuEugpNmWmUQtEzO7LdTOeKZd1ItpRQQC"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":730,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":821678,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA03zwAAEARghzAqAEiQAQXkjLdgQkAIIDZexUCZ4W5ZqoZlNOePqUvRCFg3WRtDoC9"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":821742,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/GZwAAEARf3vAqAEinTeClTLdnEsAK1wIexcCaeXnH1khWR2dVjoEFgFOwJFG48UKy+DykqMrgwb0UzA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":732,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":821742,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBOycAAEARwEbAqAEib91NlzLdnF0ALQ\/xexkCYPXpRAQdHH0\/jNHVbGCv27qhgsGUdDsPAuuhBF8LGQtOxA=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970654,"pkt_ts_usec":821742,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAm5UAAEARk+DAqAEi1cezpTLdnEQALDM7exsCCwiB5Tp\/+eOgtAg8Bibngtvk3Z9waqj3cY7b3c6tDEmT"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00548{"flow_id":22,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":127494,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDdRxAADMGPzqdODQcwKgBIgG7yCDj6Zk1JLpYdYAYAB1wuQAAAQEICkxf\/gA+MY4\/FgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00419{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":127563,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoU2tAAEAGVEbAqAEinTg0HMggAbskulh1AAAAAFAEAADVtgAA"}
00517{"flow_id":75,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":323128,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"0NQSxnP1PBXCt3IOCABFAABuJZBAAEAGmSXAqAEib91KLcgoAbtIes\/7DU2rDIAYECxznwAAAQEICj4x1xlNh64VXoBGQFpplMys2JWIO4+I29OA4cPWkJJGByBiX+YJVXNQ2TREXlwyKhu2PLot6b6UkyYNEZ8cQhCRbQ=="}
00530{"flow_id":81,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":417287,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3kSVAAEAGx6nAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECwcowAAAQEICj4x13dOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
00448{"flow_id":60,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":713397,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8J\/9AAEAGMI7AqAEiQTffLcgjnEma5hzvzyelXIAYECkKhwAAAQEICj4x2J5NlOiwwc7xhOCNCBA="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":836661,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABANxVAAEAGcHTAqAEinTg0LMgunFRemxUUAAAAALAC\/\/+0UAAAAgQFtAEDAwUBAQgKPjHZGQAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":836975,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyDf8AAEARix7AqAEinTeCnDLdnFMAHh0Aex0Cxk3n0hRKPcgDeocb540rNGApyA=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":741,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":836975,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBoCUAAEAR+GnAqAEiQTffGzLdnF0ALfl1ex8CqPqPm6RB3JLpE4+TALz\/NA1U\/CYbcdFd\/zzgY3E\/zKJhBw=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":837009,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6UqAAAEARkIPAqAEinTc4jjLdnE0AJphseyECmYsgkMQHN\/YIHMBu8w6RdZxUPKbDb+JHSqeN"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":837009,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4DEcAAEARVQbAqAEiQAQXmjLdnGAAJHYfeyMC79DK\/hLwI0tI0UYsgGEWGk5hr4E5iC40QQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":744,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970655,"pkt_ts_usec":837137,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5ayYAAEARfGrAqAEinTg0ITLdnEIAJe9eeyUCb3+11x21V+othQ6FZpV0z1bnAthdPIEc8bI="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":745,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":97,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":151384,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIpxUyC6j+8V4XpsVFaASOJDYRQAAAgQFrAQCCApMZ\/6WPjHZGQEDAwk="}
00436{"flow_id":97,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":151461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HiFAAEAGiXTAqAEinTg0LMgunFRemxUVo\/vFeYAQECwuNgAAAQEICj4x2lNMZ\/6W"}
00561{"flow_id":97,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":152015,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"0NQSxnP1PBXCt3IOCABFAACOOrdAAEAGbITAqAEinTg0LMgunFRemxUVo\/vFeYAYECxXoQAAAQEICj4x2lNMZ\/6Wrhs79BGYhMMB7iEF5tcHMoy4VALgEGzyG5tHOfMPK\/eAX\/weDS1SZ6oiHiBYEb64N3y9yjNIGXbv1DXiayARDqcsrfqj+AmmX4QlEtvQAT4X3J0qE6j51s80"}
@@ -586,48 +586,48 @@
00436{"flow_id":97,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":458892,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA02iBAAEAGzXTAqAEinTg0LMgunFRemxVvo\/vFuIAQECosHgAAAQEICj4x24VMZ\/7l"}
00449{"flow_id":97,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":752,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":459465,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8kq1AAEAGFODAqAEinTg0LMgunFRemxVvo\/vFuIAYECqizQAAAQEICj4x24VMZ\/7lUZ\/2f58qofY="}
00448{"flow_id":67,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":509026,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8OGhAAEAGIKLAqAEinTeCsMglnFZwrI9kwvNOL4AYECm\/BAAAAQEICj4x27ZOqL2E+DHKQRbsUKg="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":861167,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1wZMAAEARPVPAqAEib91KKjLdnEYAIaXieycCe1fKnMoPyS7sKN+ClU5dh7E8u7Wn6g=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":861168,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3VcEAAEAR2kbAqAEinTfrrDLdnFQAI1TmeykCBTNtXbhMDQf2D6UV0R3mHu30wTeW\/+eg"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":861258,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAylicAAEARmerAqAEinTfrpzLdnF0AHsxpeysCNBmO6n4oPt4qGVJFTPBgQCMCbA=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":756,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":861258,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+1C4AAEARDvPAqAEinTc4jDLdnEMAKhWUey0Ck6OV07meiCUQoBZZK2TePWK3VEloqo0Om\/LmRrc7qA=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":861258,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaS8AAEARxk7AqAEi1ceznDLdnF8ALXpUey8C35QflkiVLuyYHEgftQvOcxrFG1PZDcVv\/V5f70upN2kVjw=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":758,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":61,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970656,"pkt_ts_usec":877174,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA86MxAAEAG1hrAqAEib91KLcgknEjYMAoJdih2JIAYEClPvgAAAQEICj4x3SZNh6yILYCuK5us2zw="}
00447{"flow_id":59,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":760,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":144362,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8f5BAAEAGcJbAqAEinTfrk8ginEEPp73th03onYAYECkjxAAAAQEICj4x3jBMYEZOu98xvI+OKgs="}
00691{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":761,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":192569,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtCkVAAEAGNIjAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECzZgAAAAQEICj4x3l\/sPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00524{"flow_id":74,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":762,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":277158,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABx0FhAAEAGh\/\/AqAEiQTffLcgnAbvOrma7ApkXD4AYECxgtAAAAQEICj4x3rNNlOpApvNYMEQS5cpK5u6346cd8BL2N20dvzqenZJMFcn1yRtBVTFQ\/i2ToNXpC7XoSTbRK6UPDCtXBWtUo6jCxA=="}
00514{"flow_id":73,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":401499,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABskhRAAEAGXeLAqAEinTfrk8gmAbvxz5zEZu7sLYAYECwwIgAAAQEICj4x3y9MYEfZsJPOrYWxbQ2kS5GoHYZTSJUEAhUVjQ9Suc6gMln7jVEiXtQHYU+2Wg9JNG\/SECNBnGag8RNJ4KY="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431970657448,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1431970657448,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":764,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":448450,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHFJAAEAGizfAqAEinTg0LMgvAbu6eq5bAAAAALAC\/\/9TfQAAAgQFtAEDAwUBAQgKPjHfXgAAAAAEAgAA"}
00448{"flow_id":108,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":765,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":789843,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADMGtI2dODQswKgBIgG7yC\/usf9LunquXKASOJDxVgAAAgQFrAQCCApMaAAoPjHfXgEDAwk="}
00436{"flow_id":108,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":789913,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0sH5AAEAG9xbAqAEinTg0LMgvAbu6eq5c7rH\/TIAQECxHLAAAAQEICj4x4LNMaAAo"}
00535{"flow_id":108,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":789997,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB86qtAAEAGvKHAqAEinTg0LMgvAbu6eq5c7rH\/TIAYECzAyQAAAQEICj4x4LNMaAAogEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIAI2TavlPWiK+DRzmfsbbpj"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867433,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUUpAAEAGahfAqAEib91Nr8gwnF4IVezmAAAAALAC\/\/8+qQAAAgQFtAEDAwUBAQgKPjHhAAAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867668,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9oHUAAEARRyvAqAEinTg0DTLdnFUAKQgoezEC\/l8nlzJZpnLIFE7P8fkc8mrPmKIpl9hxLirEQuOc"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":769,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867668,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4f1AAAEARf6LAqAEib91KGzLdnFsAJDT4ezMCrsyhXN3LQtIkyb75hiLtvYPm8jFPNUJJrw=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":770,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867722,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+qWkAAEARhrHAqAEinTfrkjLdgQkAKiNZezUC\/2slHaKqOmhTH+zKnxlHa\/OJZyFRbGPJo\/ii7tiMOQ=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":771,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867722,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA13XsAAEARu5rAqAEinTeCoDLdnEgAIdXCezcCHsxzqj9mHv\/LaKdjYymm7xXHyFOeHw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":772,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970657,"pkt_ts_usec":867722,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9HFoAAEARyynAqAEinTg0KjLdnEUAKXprezkCzIUWKH677Ew8QeRY2LFi0olqYWN\/wfRNYM+xO4zo"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":773,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":108,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":15615,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0\/zFAADMGtWOdODQswKgBIgG7yC\/usf9MunqupIAQAB1WngAAAQEICkxoAH0+MeCz"}
00532{"flow_id":108,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":775,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":15668,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"0NQSxnP1PBXCt3IOCABFAAB57e9AAEAGuWDAqAEinTg0LMgvAbu6eq6k7rH\/TIAYECyFzQAAAQEICj4x4ZRMaAB9rs4rj\/Zn4y1sqwdIy3afkOEmLBspD4c0rMSeRLd9b91SLsTSeHa0jfo08XXIbE1KDwebW7o1FbLX0Wq5X\/ZmIfUdu0eE"}
00531{"flow_id":81,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":776,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":106871,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB324VAAEAGfUnAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECwSKwAAAQEICj4x4e9OqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
@@ -640,40 +640,40 @@
00548{"flow_id":109,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":783,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":477153,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"PBXCt3IO0NQSxnP1CABFAACEzlVAADYG9sdv3U2vwKgBIpxeyDDQUSwCCFXtQ4AYAB0PzQAAAQEICk2j4ls+MeIg+msEBmAzVVCg2om5ksbH3i5LqsKTi3p3bVMjULlB3fNdv7WeJTRW\/7JhqPxV1N\/TFHUiq2BRTuds7TrjOEnmn8RlUhsQQX5XHN1qU+g5Fg8="}
00435{"flow_id":109,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":784,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":477291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA02O5AAEAG4n7AqAEib91Nr8gwnF4IVe1D0FEsUoAQECk+4QAAAQEICj4x419No+Jb"}
00449{"flow_id":109,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":785,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":477870,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8w3xAAEAG9+jAqAEib91Nr8gwnF4IVe1D0FEsUoAYECncyQAAAQEICj4x419No+Jb\/KZqQh\/x2yw="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":879063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0MmQAAEARtULAqAEinTg0EDLdnGAAINARezsCntsIeaNpS6NjCmJc+OoOrMkvCcDa"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":786,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":879242,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAykUAAEARZUbAqAEi1cezjzLdnFIALAJQez0CXU0wVq4fYZh\/Y+8+QJuiiaVycN5JEmy9Mj2R1c64L1Y6"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":787,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":879243,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7lJ0AAEARm2LAqAEinTfrsDLdnF8AJ1FIez8C0TqVtIrtp1zqD0lx1wHOKMmPMNUvlfjRgE8UFg=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":788,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":879243,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4HuEAAEARyLnAqAEinTg0GDLdnGAAJDiFe0ECGzhHlfYpbTJCQlYvElI0z7NbdWF7vdKvag=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":789,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970658,"pkt_ts_usec":879243,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/Lr4AAEAR0DTAqAEib91KFDLdnGEAK3JGe0MC70klwlgauZl1jUNJ9T6muSj9wXln3SVqW5QyJa+s4xA="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431970659480,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1431970659480,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":480110,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAaDxAAEAGUyXAqAEib91Nr8gyAbuh2H3fAAAAALAC\/\/+ohwAAAgQFtAEDAwUBAQgKPjHnRwAAAAAEAgAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":834732,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAPbBAAEAG45PAqAEiQAQXpsgznF2bjnkgAAAAALAC\/\/99bQAAAgQFtAEDAwUBAQgKPjHoqQAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":834986,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1elAAAEARHtbAqAEinTeCkDLdnFAAIfN1e0UCt0zo\/WrZ+Zw8Ki6+SR8vgG1TLjatCw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":793,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":834986,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/fyEAAEARaHbAqAEinTg0FDLdnGEAK5aLe0cCmWiuCofYyBz6GXTZdvI4LweQLKgxsl8j0KcXdBMS+c8="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":794,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":835052,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBTDEAAEAR4+jAqAEinTfrkDLdnGAALTL8e0kC17QicxuXB5auWkNIni8RcFzpWBK6wb+NIPIUjtvt0ICuYw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":795,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":835052,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+n20AAEARW\/XAqAEib91NpTLdnEQAKqfKe0sCA3KviLJG1lAzDVoG9idWXcbF4pfswWYweShFk+5UVw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":835052,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA71A4AAEARxQ\/AqAEinTeCkjLdnGEAJ5FDe00CRUi6WS8h8mPi8e9oMy1XIZqCitDbn3NkpyCi9w=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":798,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":837706,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGxWVv3U2vwKgBIgG7yDJl2k5Wodh94KASOJCbeAAAAgQFrAQCCApNo+OiPjHnRwEDAwk="}
00437{"flow_id":120,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":799,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":837783,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vZ1AAEAG\/c\/AqAEib91Nr8gyAbuh2H3gZdpOV4AQECzxPQAAAQEICj4x6KxNo+Oi"}
00534{"flow_id":120,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":800,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970659,"pkt_ts_usec":837881,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8I7FAAEAGl3TAqAEib91Nr8gyAbuh2H3gZdpOV4AYECyksgAAAQEICj4x6KxNo+OigEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAIAFcrsw4Z73PH2K8wjZNq+U"}
@@ -684,7 +684,7 @@
00436{"flow_id":120,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":129554,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0raxAADYGF8Fv3U2vwKgBIgG7yDJl2k5Xodh+KIAQAB0AqwAAAQEICk2j4\/w+Meis"}
00514{"flow_id":120,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":129658,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsOlBAAEAGgOXAqAEib91Nr8gyAbuh2H4oZdpOV4AYECyPmwAAAQEICj4x6c9No+P8rykSL\/YNWXmmSdsJysigGnvSxhmV7qYqIM+fUQQnb8UpRj+FOZcGRraAYWqHRq8j3tnIqulYKJg="}
00534{"flow_id":108,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":131554,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"0NQSxnP1PBXCt3IOCABFAAB53zBAAEAGyB\/AqAEinTg0LMgvAbu6eq6k7rH\/TIAYECx9kQAAAQEICj4x6dBMaAB9rs4rj\/Zn4y1sqwdIy3afkOEmLBspD4c0rMSeRLd9b91SLsTSeHa0jfo08XXIbE1KDwebW7o1FbLX0Wq5X\/ZmIfUdu0eE"}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431970660159,"flow_last_seen":0,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":309,"flow_max_l4_data_len":309,"flow_avg_l4_data_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1431970660159,"flow_last_seen":0,"flow_min_l4_payload_len":277,"flow_max_l4_payload_len":277,"flow_tot_l4_payload_len":277,"flow_avg_l4_payload_len":277,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00815{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":159683,"pkt_caplen":343,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":343,"pkt_l4_len":309,"pkt":"PBXCt3IO0NQSxnP1CABFAAFJkcJAADIG5BVsoKNswKgBIgG7yBaV3SxsiZUqrIAYACaXjgAAAQEICmGAz38+MVp4FwMBARB8Fy4qyreLjg5Q96tDDF\/tJNQpsIShBClYLxny\/F4IVS87inYaH8NMzidehO4QJLb0Gpm5qZy83nu17ekToUXtOsjvJgerL5AdcFL4wkOs5YWIZJQILj89EVd3kwm2gSreMO6fU0x3sDxMFrXZesIKTvERW3z9QiBmYf77CRAcaBKDIZ4h8M6jvsMWFjh8rbcU6C9Yz3364yiyHbQuoqtvQN4EQD7H\/ZMlnDFOtnG2H8aPUdqUMD5HAjMSCpEQqc4JKy0wVFFuLxpIEra0u2hVB7ftMdJLJ\/sq+RNwy1Sfuv0g7qCHweCB0CkHYTzB2\/cU6qQOlFTex1tRE+sh29iBulHeN2MmenT9xvrZggKZYQ=="}
00438{"flow_id":127,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":159759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/qVAAEAGakfAqAEibKCjbMgWAbuJlSqsld0tgYAQD\/f6XgAAAQEICj4x6exhgM9\/"}
01729{"flow_id":127,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":162198,"pkt_caplen":1020,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1020,"pkt_l4_len":986,"pkt":"0NQSxnP1PBXCt3IOCABFAAPuXRVAAEAGCB7AqAEibKCjbMgWAbuJlSqsld0tgYAYEABN6wAAAQEICj4x6e5hgM9\/FwMBACBZ+Bs2C0RS\/3DQyGZlP7ulpgg75GP5qHQjRGtchozZwxcDAQOQsZo+mdYHDHNhryD2tBwTy4NvJ6ZcB90CLvDuO3oQpA0NMcbrVNY5NoFZnnz0+pHYPlsxDiwS7sQ7DD24qzDLtHgUUDp9pF8b6+msIHWzLPEMF8+q7Hjw2nVwpow1oTrrramWFNK3HRWRwVplTmpzcS1pGJ+gQZaUVDp8kdn+ynK0M3\/CdKLtFbx\/CK0N6q8IWYmbmyMU5F09Bl18WwyIuujJA\/tFE5EWnSsW2X+zhBTRq9ZI\/U83NB7qUlABm1QnhF8bT1juNjzO0mWZlZFkQTsnKvttlKSdtcMJ5dRpAqaA7SHB9Yz5a49nYhRO+wwnisVOiZGDLnrE+5oMmTb9C9ZKB5wr20bAzzEkorS06bd9G1Av+Y\/0Lf00cKMeFW4\/NlQQW2HF8cVYvIZB6\/NQlnUH0R\/vBxkZqKxj1qnAgjVDBnssNNPdbIKrHQdoBZOJ1oafA1nh+V4oZbi2LQd\/E9fD9yqlUtsVwzp7nZEacc3p6m0hUW7kAV1Xt3xzsImKJZZ7j62VNDmcm6WWPL29PEP1oF9dSb1pTuKLUUHMDB7w2YxBjm\/ZP6TnMxz3NjZHO6QfscWBsVMMmj8RnOruQ3QLIGDLGpDyMgBlDBTqoOiUC8PgBmSlGAPlhRVT95WOL1mqA6t0DBes+DH8fSZeIVvA3K7YCF4kypftCQiLFXrErN2XOvSvejhBSuUJcdOOdCNOjGoPoLOWoqVEN7LXgsXaWfdoBTx79TQIPG1as39Z7fRVj+fkKyD61xYiyqgtf1\/WpWVrCyTwKovWQ0C6GFD907jbLAxlD1UmA3abuFNLCt\/acdLUjndrKvuooQD6IYCIwrJi8YL7kKb0+32ovATeOhPAdbLgWa9wSUgKddlog7emY+Y\/Esr+n4M8E4bdevnoTb75M4ozaSVREGSwce5U3XhhEIMmQQkznZpj46Kf9jFwDbzxK7wZgQZ21paket5\/tiCE9zIgnjVS0wcx5TiuHX4egIJeH+3peLDINK2jmmDw6Tm7kJ69c9scP9Gd7zhw6XHG1S0IW6aTMTHKdqb5u2V1sEk8osIRYPNxQKLPY35nEHSqNlCZVyRPLhgWH+JjqVOEwNbhNBOOCigDYop+TfjfQDQrLH+IrQWISQBJnU69BfsNuFeEx3PLuH6o+oBZH+QNZRQR6lheial\/vXPOSCwP4oQlK11s+sl5+hhICPKCRXfAUncH7wDdsLSe"}
@@ -696,12 +696,12 @@
00435{"flow_id":127,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":816,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":382243,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0kcNAADIG5SlsoKNswKgBIgG7yBaV3S2BiZUuZoAQACoGOAAAAQEICmGAz7c+Menu"}
00450{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":781651,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAd\/YAAEARf0PAqAEiwKgBAf3LADUALKDXdTsBAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00449{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":781889,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABADV8AAEAR6drAqAEiwKgBAdb0ADUALMTUeDABAAABAAAAAAAAAWEGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":128,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":848421,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6TMEAAEARsjLAqAEib91KGDLdnGAAJk69e08C7Jn\/msaru979SjBYNnh0LMk7Ko\/+l6KrptIV"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":129,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":848422,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4j48AAEARa97AqAEib91NoDLdnFAAJOlwe1ECSObCw6nUMfh7bnqIU3mueprtSIlR2AyZTQ=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00455{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":882697,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDA9cAAEAR81\/AqAEiwKgBAe0QADUAL\/kqxMsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAAQAB"}
00454{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970660,"pkt_ts_usec":882768,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"0NQSxnP1PBXCt3IOCABFAABDBJcAAEAR8p\/AqAEiwKgBAeUHADUAL+4jvNsBAAABAAAAAAAABGNvbm4Fc2t5cGUGYWthZG5zA25ldAAAHAAB"}
00444{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":89012,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7i9kAAEARa2XAqAEiwKgBAfrwADUAJ8Zq760BAAABAAAAAAAAA2FwaQVza3lwZQNjb20AAAEAAQ=="}
@@ -712,7 +712,7 @@
00451{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":287394,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/lmgAAEARYNLAqAEiwKgBAebpADUAK335A20BAAABAAAAAAAABWRzbjEzAWQFc2t5cGUDbmV0AAAcAAE="}
00466{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":287560,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLvUMAAEAROevAqAEiwKgBAeD4ADUANz9NJ5kBAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAABAAE="}
00466{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":287747,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLYwQAAEARlCrAqAEiwKgBAdB8ADUAN25j7f4BAAABAAAAAAAAAzMzNQEwATcBNwEzBXJzdDExAXIFc2t5cGUDbmV0AAAcAAE="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431970661447,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_first_seen":1431970661447,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":130,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":447529,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAYfhAAEAGv0vAqAEiQAQXpsg1Abs0yMrkAAAAALAC\/\/8mywAAAgQFtAEDAwUBAQgKPjHu7gAAAAAEAgAA"}
00447{"flow_id":121,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":460213,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA83iRAAEAGQyPAqAEiQAQXpsgznF2bjnl5scFgjYAYECnrLAAAAQEICj4x7vpMQvGckklqarCuvYw="}
00447{"flow_id":130,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":833,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":649016,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGK0hABBemwKgBIgG7yDUuR6JLNMjK5aASOJDvYAAAAgQFrAQCCApMQvL8PjHu7gEDAwk="}
@@ -723,103 +723,103 @@
00447{"flow_id":59,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":845910,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89l9AAEAG+cbAqAEinTfrk8ginEEPp73th03onYAYECkRewAAAQEICj4x8HlMYEZOu98xvI+OKgs="}
00435{"flow_id":130,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":848613,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0UWNAADYG2exABBemwKgBIgG7yDUuR6JMNMjLLYAQAB1VWAAAAQEICkxC8y8+Me+1"}
00522{"flow_id":130,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":848719,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxQiNAAEAG3u\/AqAEiQAQXpsg1Abs0yMstLkeiTIAYECzU8AAAAQEICj4x8HtMQvMvj3RAvemHT+P7z0rouwAwTgf6jSGe3VlkB506Kg5x6iMueUoaC06tZlkow8O3V51nHVDge5Zkoq+VQDfaxQ=="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":131,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":855921,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgx0AAEARe8zAqAEib91KHDLdnFoALOnqe1MCA8GYjWWu9fDS5z8O1HnUzLtilbW9STWNzZ4dxAZIYogR"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":854,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":132,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":855921,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3uKMAAEAR4H7AqAEinTeCkjLdgQkAI\/pPe1UCb1OUWk4YvTHMO4jKAgG4ML6WHkkTPHmm"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":133,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":855985,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6xIYAAEAR1JLAqAEinTeCmDLdnFYAJvNGe1cC+NCgg6iFX83BbHq4v+mwzzHLJiFQXcBRQbw9"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":856,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00450{"flow_id":109,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970661,"pkt_ts_usec":909149,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89dNAAEAGxZHAqAEib91Nr8gwnF4IVe1D0FEsUoAYECnPcQAAAQEICj4x8LdNo+Jb\/KZqQh\/x2yw="}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.33","src_port":13021,"dst_port":40002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.42","src_port":13021,"dst_port":40005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.13","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.15","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.142","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.148","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.154","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.42","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.13","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.160","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.28","src_port":13021,"dst_port":40026,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.27","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.46","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.159","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_first_seen":1431970660848,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.24","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.20","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.22","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.27","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.150","src_port":13021,"dst_port":40007,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1431970657867,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.160","src_port":13021,"dst_port":40008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.149","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1431970655837,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.142","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1431970659834,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.144","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1431970655836,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.156","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1431970652859,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.174","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.172","src_port":13021,"dst_port":40020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_first_seen":1431970661855,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.152","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.167","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.176","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.144","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1431970659835,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.146","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1431970653869,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.162","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1431970654821,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.165","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1431970658879,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1431970656861,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00514{"flow_id":120,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":241980,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABswt9AAEAG+FXAqAEib91Nr8gyAbuh2H4oZdpOV4AYECyHZwAAAQEICj4x8gNNo+P8rykSL\/YNWXmmSdsJysigGnvSxhmV7qYqIM+fUQQnb8UpRj+FOZcGRraAYWqHRq8j3tnIqulYKJg="}
00533{"flow_id":108,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":252159,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"0NQSxnP1PBXCt3IOCABFAAB5WsVAAEAGTIvAqAEinTg0LMgvAbu6eq6k7rH\/TIAYECx1VAAAAQEICj4x8g1MaAB9rs4rj\/Zn4y1sqwdIy3afkOEmLBspD4c0rMSeRLd9b91SLsTSeHa0jfo08XXIbE1KDwebW7o1FbLX0Wq5X\/ZmIfUdu0eE"}
00522{"flow_id":74,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":635440,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxpVZAAEAGswHAqAEiQTffLcgnAbvOrma7ApkXD4AYECxL2wAAAQEICj4x84xNlOpApvNYMEQS5cpK5u6346cd8BL2N20dvzqenZJMFcn1yRtBVTFQ\/i2ToNXpC7XoSTbRK6UPDCtXBWtUo6jCxA=="}
00448{"flow_id":121,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":684588,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8v89AAEAGYXjAqAEiQAQXpsgznF2bjnl5scFgjYAYECnmaQAAAQEICj4x871MQvGckklqarCuvYw="}
00466{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":705015,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLomMAAEARVMvAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00466{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":705101,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL2k0AAEARHOHAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":134,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":914582,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+nlYAAEARkRrAqAEi1cezrDLdnEsAKjxNe1kCd7pyWFY\/2XtrOx7QzlcFNoQgfV3dFZmCGAMb34HK5w=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":864,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":135,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":914582,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3jiIAAEAR0y7AqAEiQAQXlzLdnF0AI+cqe1sCynRK6RblWzdW13\/d3OH7SI3y+M61XQ85"}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00448{"flow_id":61,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970662,"pkt_ts_usec":966772,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8xIdAAEAG+l\/AqAEib91KLcgknEjYMAoJdih2JIAYECk4DQAAAQEICj4x9NdNh6yILYCuK5us2zw="}
00520{"flow_id":130,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":47901,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABxXIpAAEAGxIjAqAEiQAQXpsg1Abs0yMstLkeiTIAYECzQQwAAAQEICj4x9ShMQvMvj3RAvemHT+P7z0rouwAwTgf6jSGe3VlkB506Kg5x6iMueUoaC06tZlkow8O3V51nHVDge5Zkoq+VQDfaxQ=="}
00531{"flow_id":81,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":290033,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3DI9AAEAGTEDAqAEinTeCsMgpAbtXW5OVu\/PiI4AYECz+AQAAAQEICj4x9hhOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
00450{"flow_id":97,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":424188,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8lU1AAEAGEkDAqAEinTg0LMgunFRemxVvo\/vFuIAYECqHtAAAAQEICj4x9p5MZ\/7lUZ\/2f58qofY="}
00691{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":754371,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtK5ZAAEAGEzfAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECy\/9wAAAQEICj4x9+jsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":136,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":923214,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3FyoAAEARSg7AqAEiQAQXsDLdnEEAI4rRe10CzbovR94s4Zxf8rLQnBsqBqSn7dHSA+Hg"}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":137,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":923214,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6rCQAAEAR7PjAqAEinTeClDLdnFMAJgbKe18CYcW5TKiM44ghnCPOJzkfQkjh9HCzfXzFFif7"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":872,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":138,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970663,"pkt_ts_usec":923286,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8YPIAAEARzyHAqAEinTfrmzLdnFsAKKqoe2ECDwqATU5QUcdDsP2+OoC0sJan4F5erjlhYCY+cbA="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":140615,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8b7ZAAEAGN+fAqAEinTg0HMgdnEkK2QS07hN6BYAZECmVhAAAAQEICj4x+WpMX+qKABUsdMFxBVE="}
00521{"flow_id":130,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":247785,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABx5GdAAEAGPKvAqAEiQAQXpsg1Abs0yMstLkeiTIAYECzLlgAAAQEICj4x+dVMQvMvj3RAvemHT+P7z0rouwAwTgf6jSGe3VlkB506Kg5x6iMueUoaC06tZlkow8O3V51nHVDge5Zkoq+VQDfaxQ=="}
00516{"flow_id":120,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":347166,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsIKZAAEAGmo\/AqAEib91Nr8gyAbuh2H4oZdpOV4AYECx\/MwAAAQEICj4x+jdNo+P8rykSL\/YNWXmmSdsJysigGnvSxhmV7qYqIM+fUQQnb8UpRj+FOZcGRraAYWqHRq8j3tnIqulYKJg="}
-00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":139,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":361045,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":46,"pkt_l4_len":8,"pkt":"AQBeAAABoPPBbTu2CABGwAAgAAAAAAECgnDAqAD+4AAAAZQEAAARZO6bAAAAAA=="}
-00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00518{"flow_id":75,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":578394,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"0NQSxnP1PBXCt3IOCABFAABuB+1AAEAGtsjAqAEib91KLcgoAbtIes\/7DU2rDIAYECxPmgAAAQEICj4x+x5Nh64VXoBGQFpplMys2JWIO4+I29OA4cPWkJJGByBiX+YJVXNQ2TREXlwyKhu2PLot6b6UkyYNEZ8cQhCRbQ=="}
-00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00456{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":140,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":698567,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"pkt":"PBXCt3IOtPCr0yf4CABGAAAg8JwAAAECkLLAqAHl4AAA+5QEAAAWAAkE4AAA+wAAAAAAAAAAAAAAAAAA"}
-00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":880,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":141,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":878431,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/kL8AAEARaq3AqAEib91NmjLdnFEAK0H5e2MCFDnpGlF82iGY4eNpUibWNoDaPXvzzVnf0YiL6zK2YSk="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":142,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":878432,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5Q+cAAEARHWrAqAEiQAQXlTLdnF4AJXN2e2UCDFA+Qxh89YvJZEs857N5H5uVs05hCuMkyAI="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00450{"flow_id":121,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970664,"pkt_ts_usec":926552,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8QLhAAEAG4I\/AqAEiQAQXpsgznF2bjnl5scFgjYAYECndrAAAAQEICj4x\/HpMQvGckklqarCuvYw="}
00451{"flow_id":109,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":132695,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8djhAAEAGRS3AqAEib91Nr8gwnF4IVe1D0FEsUoAYECnC4AAAAQEICj4x\/UhNo+Jb\/KZqQh\/x2yw="}
00435{"flow_id":59,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":892802,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0abpAAEAGhnTAqAEinTfrk8ginEEPp731h03onYARECmo8AAAAQEICj4yAEBMYEZO"}
@@ -830,33 +830,33 @@
00435{"flow_id":75,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":892992,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OUdAAEAGhajAqAEib91KLcgoAbtIetA1DU2rDIARECwVvwAAAQEICj4yAEBNh64V"}
00435{"flow_id":67,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":893058,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0EDtAAEAGSNfAqAEinTeCsMglnFZwrI9swvNOL4ARECnEiQAAAQEICj4yAEBOqL2E"}
00436{"flow_id":81,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":893059,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0H05AAEAGOcTAqAEinTeCsMgpAbtXW5PYu\/PiI4ARECzlfgAAAQEICj4yAEBOqL8U"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":143,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":893059,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyYRMAAEARmlXAqAEib91NqzLdnF4AHu9ce2cCLa6FGK\/rw+WZJkTZL2SD2CNvhA=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":893,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":144,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":893090,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sE4AAEARMsfAqAEinTc4oTLdnF8AITASe2kC9psOqbEN3IbEA34wiMcNZp24IiAl1w=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":145,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970665,"pkt_ts_usec":893094,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00533{"flow_id":108,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":274816,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"0NQSxnP1PBXCt3IOCABFAAB58G5AAEAGtuHAqAEinTg0LMgvAbu6eq6k7rH\/TIAYECxlpAAAAQEICj4yAb1MaAB9rs4rj\/Zn4y1sqwdIy3afkOEmLBspD4c0rMSeRLd9b91SLsTSeHa0jfo08XXIbE1KDwebW7o1FbLX0Wq5X\/ZmIfUdu0eE"}
00445{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":370007,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="}
00156{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","type":94}
00521{"flow_id":130,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":443211,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABx33tAAEAGQZfAqAEiQAQXpsg1Abs0yMstLkeiTIAYECzDBgAAAQEICj4yAmVMQvMvj3RAvemHT+P7z0rouwAwTgf6jSGe3VlkB506Kg5x6iMueUoaC06tZlkow8O3V51nHVDge5Zkoq+VQDfaxQ=="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431970666902,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_first_seen":1431970666902,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":146,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":902808,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431970666902,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_first_seen":1431970666902,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":147,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":902983,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAZOhAAEAGVprAqAEib91Njsg4nE30S7v3AAAAALAC\/\/9gmwAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":148,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":903020,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAp19AAEAGSKzAqAEinTfrqsg5nGDRQCL5AAAAALAC\/\/9RGgAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":149,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":903155,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAfbxAAEAGcbnAqAEi1cezsMg6nFWOWkeEAAAAALAC\/\/9u6QAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":150,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":903260,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9fE8AAEARfyTAqAEib91NlTLdnFAAKVN0e20CYiNLpCtZKVRm5qzsJsm2qgqqm\/VHJHAXu9AEnz3Z"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":903,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":151,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":903278,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7vtoAAEARQB3AqAEib91KEzLdnEEAJxFYe28CrL8oxTm2+6Ol0c4xcn\/aCmr6scDIaqNamEoS7g=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":149,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":958576,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIpxVyDpdiXkDjlpHhaASOJCjtgAAAgQFrAQCCApO3n4vPjIEMAEDAwk="}
00435{"flow_id":149,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":958681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0TkBAAEAGoUHAqAEi1cezsMg6nFWOWkeFXYl5BIAQECz6qQAAAQEICj4yBGdO3n4v"}
00569{"flow_id":149,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970666,"pkt_ts_usec":959233,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"0NQSxnP1PBXCt3IOCABFAACU3h1AAEAGEQTAqAEi1cezsMg6nFWOWkeFXYl5BIAYECzwwAAAAQEICj4yBGdO3n4vpH+4YbRf46LMGng\/E51p5GZzYC9xP5Es2\/w2eKnW9UtZ6FFtAFdhjFPvc+i78cRadFWCi8AxrsfMzZrDmClGfyRFsvtwId43fL3KM0gZdu\/UNeJrIBEOpyyt+qP4CaZf"}
@@ -889,22 +889,22 @@
00447{"flow_id":147,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":492330,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA88BpAAEAGy2vAqAEib91Njsg4nE30S7wpxRcMPYAYECkrwAAAAQEICj4yBnVNkBTphTv5WfSZuu0="}
00447{"flow_id":146,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":677114,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8jd1AAEAGy07AqAEinTeCjsg3nEXoG0gEyGJx5oAYECrEYQAAAQEICj4yBy5OwLXQr3KT27Tir4g="}
00448{"flow_id":149,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":843268,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8D8hAAEAG37HAqAEi1cezsMg6nFWOWkflXYl5QIAYECpJUAAAAQEICj4yB9RO3n48uQiwNY7rtQs="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":152,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":913849,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6bg8AAEARKxbAqAEinTeCjDLdnEsAJgsKe3ECMurpMuGdyMUwflNlvhyptKR18dfr99Rpa+D7"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":937,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":153,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":913849,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBDu8AAEARihTAqAEinTeCpzLdnF8ALeNce3MCnSaJe8js0\/W0uOkrjvFqVEozNuFXZVFpbX\/qiFWAThpduA=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":938,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":154,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":913913,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4i7gAAEARb8PAqAEib91NkjLdgQkAJGEVe3UC\/j9SXtMCBQsEGLuepyVsXxpYMSM\/UQo5ag=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00449{"flow_id":148,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970667,"pkt_ts_usec":989480,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8+klAAEAG9cXAqAEinTfrqsg5nGDRQCMtGayygYAYECiBLgAAAQEICj4yCGZMVm\/1OYUqH2Q1qrY="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":155,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":278677,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6QgAAEARDjHAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":941,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":156,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":278886,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAkhAAAEARZSnAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":942,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_first_seen":1431970668278,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00792{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":328383,"pkt_caplen":327,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":327,"pkt_l4_len":293,"pkt":"AQBef\/\/6oPPBbTu2CABFAAE5BIwAAAQR\/4fAqAD+7\/\/\/+gQBB2wBJULdTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHV1aWQ6dXBucC1XQU5EZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogVFAtTElOSyBXaXJlbGVzcyBOIE5hbm8gUm91dGVyIFdSNzAyTiwgVVBuUC8xLjANClVTTjogdXVpZDp1cG5wLVdBTkRldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDENCg0K"}
00848{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":344610,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"AQBef\/\/6oPPBbTu2CABFAAFjBI0AAAQR\/1zAqAD+7\/\/\/+gQBB2wBT72wTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5EZXZpY2U6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IFRQLUxJTksgV2lyZWxlc3MgTiBOYW5vIFJvdXRlciBXUjcwMk4sIFVQblAvMS4wDQpVU046IHV1aWQ6dXBucC1XQU5EZXZpY2UtMTkyMTY4MDI1NDc4OTAwMDAxOjp1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6V0FORGV2aWNlOjENCg0K"}
00514{"flow_id":120,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":359634,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsw99AAEAG91XAqAEib91Nr8gyAbuh2H4oZdpOV4AYECxvkgAAAQEICj4yCdhNo+P8rykSL\/YNWXmmSdsJysigGnvSxhmV7qYqIM+fUQQnb8UpRj+FOZcGRraAYWqHRq8j3tnIqulYKJg="}
@@ -913,13 +913,13 @@
00888{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":394659,"pkt_caplen":399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":399,"pkt_l4_len":365,"pkt":"AQBef\/\/6oPPBbTu2CABFAAGBBJAAAAQR\/zvAqAD+7\/\/\/+gQBB2wBbXKDTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTEwMA0KTE9DQVRJT046IGh0dHA6Ly8xOTIuMTY4LjAuMjU0OjE5MDAvaWdkLnhtbA0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBUUC1MSU5LIFdpcmVsZXNzIE4gTmFubyBSb3V0ZXIgV1I3MDJOLCBVUG5QLzEuMA0KVVNOOiB1dWlkOnVwbnAtV0FOQ29ubmVjdGlvbkRldmljZS0xOTIxNjgwMjU0Nzg5MDAwMDE6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCg0K"}
00514{"flow_id":73,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":949,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":399932,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"0NQSxnP1PBXCt3IOCABFAABsZYVAAEAGinHAqAEinTfrk8gmAbvxz5zEZu7sLYAZECwFUAAAAQEICj4yCgBMYEfZsJPOrYWxbQ2kS5GoHYZTSJUEAhUVjQ9Suc6gMln7jVEiXtQHYU+2Wg9JNG\/SECNBnGag8RNJ4KY="}
00448{"flow_id":146,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":503217,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA83NZAAEAGfFXAqAEinTeCjsg3nEXoG0gEyGJx5oAYECrBKAAAAQEICj4yCmdOwLXQr3KT27Tir4g="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431970668514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_first_seen":1431970668514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":157,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":952,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":514558,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAux9AAEAGAGPAqAEib91Njsg7Abv27osgAAAAALAC\/\/8jHQAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431970668514,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_first_seen":1431970668514,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":158,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":953,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":514761,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAscJAAEAGp2XAqAEinTeCjsg8AbsAEWpXAAAAALAC\/\/\/YaAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431970668515,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_first_seen":1431970668515,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":159,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":515022,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA27JAAEAGFFnAqAEinTfrqsg9AbvoZ1qDAAAAALAC\/\/+WyAAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431970668515,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_first_seen":1431970668515,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":160,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":515289,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAgztAAEAGbDrAqAEi1cezsMg+AbsskrryAAAAALAC\/\/\/xlwAAAgQFtAEDAwUBAQgKPjIKcgAAAAAEAgAA"}
00447{"flow_id":60,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":559388,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8LfFAAEAGKpzAqAEiQTffLcgjnEma5hzvzyelXIAZECnYhQAAAQEICj4yCp5NlOiwwc7xhOCNCBA="}
00449{"flow_id":160,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":577239,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93nVx7OwwKgBIgG7yD6AD\/E0LJK686ASOJCKGgAAAgQFrAQCCApO3n\/CPjIKcgEDAwk="}
@@ -943,15 +943,15 @@
00535{"flow_id":157,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":803791,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8+9lAAEAGv2zAqAEib91Njsg7Abv27oshEKH0yoAYECzyVAAAAQEICj4yC49NkBYwgEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAICux8zNmsOYKUZ\/JEWy+3Ah"}
00447{"flow_id":67,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":858973,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8uEtAAEAGoL7AqAEinTeCsMglnFZwrI9kwvNOL4AZECmO8wAAAQEICj4yC8ZOqL2E+DHKQRbsUKg="}
00450{"flow_id":148,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":904263,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8u2FAAEAGNK7AqAEinTfrqsg5nGDRQCMtGayygYAYECh9oQAAAQEICj4yC\/NMVm\/1OYUqH2Q1qrY="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":161,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":973203,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1LlEAAEARAb\/AqAEinTfrpjLdnE8AIZ69e3cC3u8ghDSSA4Gtev71JCe8ggQmBcfTOg=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":978,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":162,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":973268,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyB6AAAEARJ\/jAqAEi1cezkTLdnFgAHgsae3kCyqgAJfxhjLbJRJUrPtsodh20jg=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":163,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":973268,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+wKIAAEAR1+DAqAEiQTffKjLdnFgAKi+se3sC0K9BEnPeD0WuBXXm5wareR+WL1\/qIQP+x9YGu9Sm5Q=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":980,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00517{"flow_id":160,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":981,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970668,"pkt_ts_usec":998419,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrGxBAAEAG1DrAqAEi1cezsMg+Absskrs7gA\/xNYAYECz9XAAAAQEICj4yDFFO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
00517{"flow_id":159,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":982,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":93710,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"0NQSxnP1PBXCt3IOCABFAABwXWxAAEAGkm\/AqAEinTfrqsg9AbvoZ1rM+umGlIAYECxNmAAAAQEICj4yDLBMVnGKp9iYwrlcLUTfptpUQ9HnlFyq2KvXjkAGnxSlIXPZFxPNf26I7IG6HpdVzoKbtM+2y58XZOdHADBnVSgw"}
00434{"flow_id":157,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":983,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":96078,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA04rNAADcG4dpv3U2OwKgBIgG7yDsQofTK9u6LaYAQAB335AAAAQEICk2QFnk+MguP"}
@@ -963,12 +963,12 @@
00451{"flow_id":156,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":372662,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIWEAAEAR1djAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00517{"flow_id":160,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":990,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":517573,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrdjpAAEAGeRDAqAEi1cezsMg+Absskrs7gA\/xNYAYECz7VwAAAQEICj4yDlZO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
00518{"flow_id":159,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":718745,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"0NQSxnP1PBXCt3IOCABFAABw8NlAAEAG\/wHAqAEinTfrqsg9AbvoZ1rM+umGlIAYECxLKQAAAQEICj4yDx9MVnGKp9iYwrlcLUTfptpUQ9HnlFyq2KvXjkAGnxSlIXPZFxPNf26I7IG6HpdVzoKbtM+2y58XZOdHADBnVSgw"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":164,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":927160,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2E64AAEARG+XAqAEi1cezkjLdnF4AIuLme30CQ7dH2z2v6k8Do\/cqwHkYPEueogZ7yfU="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":992,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":165,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":927161,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9jJkAAEARWu7AqAEinTg0JjLdnE8AKRAHe38C0EXr0Mxbt14LCxM+eOaK\/XZWtSRnQDNWL9r8hWuf"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":993,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00448{"flow_id":149,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":944918,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8QlNAAEAGrSbAqAEi1cezsMg6nFWOWkflXYl5QIAYECpBIwAAAQEICj4yEAFO3n48uQiwNY7rtQs="}
00448{"flow_id":146,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":960069,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8TPZAAEAGDDbAqAEinTeCjsg3nEXoG0gEyGJx5oAYECq7fwAAAQEICj4yEBBOwLXQr3KT27Tir4g="}
00450{"flow_id":97,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970669,"pkt_ts_usec":983230,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8JPJAAEAGgpvAqAEinTg0LMgunFRemxVvo\/vFuIAYECpuKwAAAQEICj4yECdMZ\/7lUZ\/2f58qofY="}
@@ -976,12 +976,12 @@
00516{"flow_id":158,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":118698,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrhQZAAEAG0\/bAqAEinTeCjsg8AbsAEWqgQyFuW4AYECyVggAAAQEICj4yEK5OwLdijvxAZZgUoCkBH\/EVHhRNRbBof0ntyHRIt71VUzxiPflWQfiWlCD80Wr\/3G66XhsettJAtcl5eA=="}
00488{"flow_id":74,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":192028,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"PBXCt3IO0NQSxnP1CABFAABY\/VZAADYGZRpBN98twKgBIgG7yCcCmRdezq5m+YAZAB14hgAAAQEICk2U\/F4+MhB1y6ri\/NV24R+k+4cX0jR6SFLXPQzoQ2dX0dan4GJ97gCcCEYV"}
00421{"flow_id":74,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":192148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo\/8xAAEAGWNTAqAEiQTffLcgnAbvOrmb5AAAAAFAEAADOJgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":166,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":304110,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/QYAAEAR+ifAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1001,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":167,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":304363,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLI7cAAEAR03fAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00675{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1002,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_first_seen":1431970670304,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"pipe.prd.skypedata.akadns.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00691{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":315034,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADt4eBAAEAGXOzAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECymbwAAAQEICj4yEXDsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
00518{"flow_id":160,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":354192,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABr48dAAEAGC4PAqAEi1cezsMg+Absskrs7gA\/xNYAYECz4FgAAAQEICj4yEZdO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
00533{"flow_id":81,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1005,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":460380,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3LFBAAEAGLH\/AqAEinTeCsMgpAbtXW5OVu\/PiI4AZECziFwAAAQEICj4yEgFOqL8U9IDgvpwdzGcEkd9CX4txidHNl7imFBAwZtm7PgDORMBSjaYWMXjPRWAjyRyC8GW2MJh6wHE92aXcM+JRSsWm\/1CudQ=="}
@@ -994,12 +994,12 @@
00487{"flow_id":157,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":742698,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABWvTJAAEAG\/jnAqAEib91Njsg7Abv27otpEKH0yoAYECz89QAAAQEICj4yExhNkBZ5b6tnM5g+MIH9ugWQ4EK6dUZuKY7n+8BcqJBKLNao313kcQ=="}
00518{"flow_id":159,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":770839,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"0NQSxnP1PBXCt3IOCABFAABwH2JAAEAG0HnAqAEinTfrqsg9AbvoZ1rM+umGlIAYECxHFAAAAQEICj4yEzRMVnGKp9iYwrlcLUTfptpUQ9HnlFyq2KvXjkAGnxSlIXPZFxPNf26I7IG6HpdVzoKbtM+2y58XZOdHADBnVSgw"}
00449{"flow_id":147,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1014,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":788978,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA81OtAAEAG5prAqAEib91Njsg4nE30S7wpxRcMPYAYECke7wAAAQEICj4yE0ZNkBTphTv5WfSZuu0="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":168,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":941309,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyyNoAAEARNhPAqAEib91KJjLdnE8AHkdoe4ECIl4YB+sv8264lsMD2bF6lk0ImA=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":169,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":941372,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyjX8AAEARWhHAqAEinTg0KDLdnFEAHlwwe4MCZJjbDEMF5Jp3fN4mrZ11ZfLW0g=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00438{"flow_id":97,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":941522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0I6dAAEAGg+7AqAEinTg0LMgunFRemxV3o\/vFuIARECrzuwAAAQEICj4yE95MZ\/7l"}
00438{"flow_id":108,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":941522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iuxAAEAGHKnAqAEinTg0LMgvAbu6eq7p7rH\/TIARECwTHgAAAQEICj4yE95MaAB9"}
00436{"flow_id":61,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970670,"pkt_ts_usec":955108,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA02WxAADYG74Jv3UotwKgBIpxIyCR2KHYs2DAKCYARAB23kgAAAQEICk2HwJ4+McPk"}
@@ -1008,50 +1008,50 @@
00468{"flow_id":166,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":393566,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLdIYAAEARgqjAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00516{"flow_id":158,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":584483,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrmRxAAEAGv+DAqAEinTeCjsg8AbsAEWqgQyFuW4AYECyP0QAAAQEICj4yFl9OwLdijvxAZZgUoCkBH\/EVHhRNRbBof0ntyHRIt71VUzxiPflWQfiWlCD80Wr\/3G66XhsettJAtcl5eA=="}
00519{"flow_id":160,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":825759,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrLPFAAEAGwlnAqAEi1cezsMg+Absskrs7gA\/xNYAYECzyXQAAAQEICj4yF1BO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":170,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":951288,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABArq9AAEAGEE\/AqAEib91KEshDnFkB\/oZbAAAAALAC\/\/94TQAAAgQFtAEDAwUBAQgKPjIXzQAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":171,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":951422,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmb4AAEARx3TAqAEiQAQXqzLdnF8ALTBge4UCLJNHDZxrWqKO2le\/27Ln4ZxRCYpxEOdXlle+BhpaiN\/trw=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":172,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":951423,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1BfQAAEAR+PHAqAEib91KKzLdnEEAIUqfe4cCc5jQ2kkfJiYMRWMm+FrbQ2W3s3qD9w=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":173,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970671,"pkt_ts_usec":951475,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0IIEAAEAReCLAqAEiQTffFDLdnFcAIOS9e4kCJNSTA+Y3HirwjN7M3H9IWhw2zkeB"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1029,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.40","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_first_seen":1431970664698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.229","dst_ip":"224.0.0.251","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00456{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_first_seen":1431970664361,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.146","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51267,"dst_port":40025,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.176","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.151","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.171","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.43","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.19","src_port":13021,"dst_port":40001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_first_seen":1431970670941,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.38","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_first_seen":1431970666903,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.149","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_first_seen":1431970664878,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.154","src_port":13021,"dst_port":40017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.171","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_first_seen":1431970671951,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.20","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.42","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.140","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.166","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":137,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.148","src_port":13021,"dst_port":40019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_first_seen":1431970663923,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.155","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_first_seen":1431970667913,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.167","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.161","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_first_seen":1431970665893,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_first_seen":1431970662914,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.172","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_first_seen":1431970668973,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.145","src_port":13021,"dst_port":40024,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_first_seen":1431970669927,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":174,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":329260,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":8,"pkt":"AQBeWbwBJKQ8\/kzXCABGwAAgAABAAAECfDnAqAHb6Vm8AZQEAAAWAESk6Vm8AQAAAAAAAAAAAAAAAAAA"}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431970672330,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1030,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_first_seen":1431970672330,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":175,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":330878,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIpxZyEOVl6lyAf6GXKASOJAXYAAAAgQFrAQCCApNdqzUPjIXzQEDAwk="}
00436{"flow_id":75,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":330884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0BR9AADYGw9Bv3UotwKgBIgG7yCgNTatbSHrP+4ARAB1JQAAAAQEICk2Hwec+Mcjn"}
00437{"flow_id":175,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":330988,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GgdAAEAGpQPAqAEib91KEshDnFkB\/oZclZepc4AQECxtDwAAAQEICj4yGUhNdqzU"}
@@ -1067,34 +1067,34 @@
00449{"flow_id":175,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":627112,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8aOBAAEAGViLAqAEib91KEshDnFkB\/oa5lZep1YAYEChK0gAAAQEICj4yGm5Ndq00xUaEJw2DyPo="}
00521{"flow_id":159,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":664961,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"0NQSxnP1PBXCt3IOCABFAABw\/flAAEAG8eHAqAEinTfrqsg9AbvoZ1rM+umGlIAYECw\/tAAAAQEICj4yGpRMVnGKp9iYwrlcLUTfptpUQ9HnlFyq2KvXjkAGnxSlIXPZFxPNf26I7IG6HpdVzoKbtM+2y58XZOdHADBnVSgw"}
00449{"flow_id":146,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":669651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8hKtAAEAG1IDAqAEinTeCjsg3nEXoG0gEyGJx5oAYECqw9wAAAQEICj4yGphOwLXQr3KT27Tir4g="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":176,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":959482,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1S7cAAEARFafAqAEiQAQXjDLdnEMAIfDFe4sC3LQi2HlVtL\/yF355PoVbgc9yifdOBA=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1046,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":177,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":959483,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+TFEAAEARFPLAqAEiQAQXnjLdnFUAKkRXe40CBN0haY4HfyNbFaIJe0md26M72eisE+NIO7kZgnvi7w=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1047,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00437{"flow_id":109,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":959654,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0YTBAAEAGWj3AqAEib91Nr8gwnF4IVe1L0FEsUoARECkGfQAAAQEICj4yG7pNo+Jb"}
00437{"flow_id":120,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1049,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970672,"pkt_ts_usec":959654,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0aYhAAEAGUeXAqAEib91Nr8gyAbuh2H5gZdpOV4ARECy9VAAAAQEICj4yG7pNo+P8"}
00452{"flow_id":155,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1050,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":547534,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtKcAAEARQpLAqAEiwKgBAfduADUALM6fTeoBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"}
00452{"flow_id":156,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":547671,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAitYAAEARbGPAqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431970673563,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_first_seen":1431970673563,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":178,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":563758,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABApWxAAEAGGZLAqAEib91KEshEAbuPHWWLAAAAALAC\/\/+gUwAAAgQFtAEDAwUBAQgKPjIeFQAAAAAEAgAA"}
00451{"flow_id":148,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":569860,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Q3BAAEAGrJ\/AqAEinTfrqsg5nGDRQCMtGayygYAYEChreQAAAQEICj4yHhtMVm\/1OYUqH2Q1qrY="}
00449{"flow_id":147,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":878144,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8UDxAAEAGa0rAqAEib91Njsg4nE30S7wpxRcMPYAYECkS5gAAAQEICj4yH09NkBTphTv5WfSZuu0="}
00449{"flow_id":178,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":880130,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGyAJv3UoSwKgBIgG7yEQiaEt4jx1ljKASOJAO\/AAAAgQFrAQCCApNdq5oPjIeFQEDAwk="}
00436{"flow_id":178,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":880260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0gVFAAEAGPbnAqAEib91KEshEAbuPHWWMImhLeYAQECxk6gAAAQEICj4yH1FNdq5o"}
00535{"flow_id":178,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":880324,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"0NQSxnP1PBXCt3IOCABFAAB8stpAAEAGC+jAqAEib91KEshEAbuPHWWMImhLeYAYECwvmAAAAQEICj4yH1FNdq5ogEYBAwEALQAAABAAAAUAAAQAAAoAAAkAAGQAAGIAAAgAAAMAAAYBAIAHAMADAIAGAEACAIAEAID2b1S1YuugkY4nrC16I3iJ"}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431970673966,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_first_seen":1431970673966,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":179,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":966269,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAY6tAAEAGi8vAqAEi1cezr8hFnF3LCMFlAAAAALAC\/\/+c0QAAAgQFtAEDAwUBAQgKPjIfpgAAAAAEAgAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":180,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":970845,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0vU0AAEARcr7AqAEinTfrqzLdnEYAIOCne48C+j3UCj6Khrhd65pIazZgrSV3BW0j"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1059,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":181,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":970845,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6zOQAAEARzB\/AqAEinTeCrTLdnEMAJgAFe5ECW1GQc626NgViJqEYKjead5HrxbDyRckYY2Mu"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1060,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":182,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970673,"pkt_ts_usec":970905,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA08VkAAEAR8c7AqAEinTc4jzLdnFIAIGspe5MC1RnFiDDpE1Hd7iM493fNRlWzMToF"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1061,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":179,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":18578,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIpxdyEUu77fnywjBZqASOJAmdQAAAgQFrAQCCApO3xkOPjIfpgEDAwk="}
00435{"flow_id":179,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":18641,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0ax5AAEAGhGTAqAEi1cezr8hFnF3LCMFmLu+36IAQECx9awAAAQEICj4yH9pO3xkO"}
00571{"flow_id":179,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":19041,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"pkt":"0NQSxnP1PBXCt3IOCABFAACWN0BAAEAGt+DAqAEi1cezr8hFnF3LCMFmLu+36IAYECxWSwAAAQEICj4yH9pO3xkOsFDI7qsei964fUMEnfCOjiSi3+qAd86vtj0EFy+5edQ39AzLjWycx6MsRrBZOBFqVxzdalPoORYPdFWCi8AxrsfMzZrDmClGfyRFsvtwId43fL3KM0gZdu\/UNeJrIBEOpyw="}
@@ -1110,21 +1110,21 @@
00519{"flow_id":160,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1076,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":565384,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABraPNAAEAGhlfAqAEi1cezsMg+Absskrs7gA\/xNYAYECzntQAAAQEICj4yIfhO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
00449{"flow_id":179,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":867548,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8exhAAEAGdGLAqAEi1cezr8hFnF3LCMHILu+4HYAYECocTQAAAQEICj4yIyZO3xkb8jl+H1rFkgE="}
00449{"flow_id":175,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":880712,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8oBRAAEAGHu7AqAEib91KEshDnFkB\/oa5lZep1YAYEChCDQAAAQEICj4yIzNNdq00xUaEJw2DyPo="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":183,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":981289,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/ed8AAEARbbrAqAEinTg0EjLdgQkAK+56e5UCujNYWaHOaIv8Mbnq8Yy9ltzxTGOAleIkOtVygbgwGI4="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":184,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":981289,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/QPIAAEARV4\/AqAEiQTffKzLdnEYAK9tXe5cCDvOGtur9CosePaKDkKEzL5ekZUj+DrgiIjruAPBzlGM="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":185,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":981352,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2DYgAAEAR1ZfAqAEinTc4ljLdnE4AIk81e5kCIa6rFGHkjW7tTxYGLEfEQXIXcRjIprw="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00437{"flow_id":121,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":981467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0oQpAAEAGgEXAqAEiQAQXpsgznF2bjnmBscFgjYARECkhhgAAAQEICj4yI5dMQvGc"}
00437{"flow_id":130,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970674,"pkt_ts_usec":981467,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0pAxAAEAGfUPAqAEiQAQXpsg1Abs0yMtqLkeiTIARECwRKQAAAQEICj4yI5dMQvMv"}
00486{"flow_id":157,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":476227,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"0NQSxnP1PBXCt3IOCABFAABW72hAAEAGzAPAqAEib91Njsg7Abv27otpEKH0yoAYECzqiQAAAQEICj4yJYRNkBZ5b6tnM5g+MIH9ugWQ4EK6dUZuKY7n+8BcqJBKLNao313kcQ=="}
00468{"flow_id":167,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1085,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":541371,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLEdEAAEAR5V3AqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
00468{"flow_id":166,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1086,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":541454,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLOQoAAEARviTAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431970675578,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":1,"flow_first_seen":1431970675578,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":186,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":578247,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVJFAAEAGmuXAqAEi1cezr8hHAbtzmW86AAAAALAC\/\/\/ayQAAAgQFtAEDAwUBAQgKPjIl6QAAAAAEAgAA"}
00449{"flow_id":179,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":591379,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8mnRAAEAGVQbAqAEi1cezr8hFnF3LCMHILu+4HYAYECoZfQAAAQEICj4yJfZO3xkb8jl+H1rFkgE="}
00448{"flow_id":186,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":640920,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADgG93rVx7OvwKgBIgG7yEfSVR1Cc5lvO6ASOJBaGQAAAgQFrAQCCApO3xqhPjIl6QEDAwk="}
@@ -1133,14 +1133,14 @@
00438{"flow_id":186,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":703742,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0B\/NAADgG74\/Vx7OvwKgBIgG7yEfSVR1Dc5lvg4AQAB3AvAAAAQEICk7fGrE+MiYn"}
00490{"flow_id":186,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1093,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":703833,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABakGhAAEAGXvTAqAEi1cezr8hHAbtzmW+D0lUdQ4AYECzDQgAAAQEICj4yJmVO3xqxJBunUkBMeJMsfT1eF4pqVDnte2DgNERt9BmDXlOuUVzA32khXIM="}
00449{"flow_id":149,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1094,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":829788,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA87NBAAEAGAqnAqAEi1cezsMg6nFWOWkflXYl5QIAYECoqQgAAAQEICj4yJuJO3n48uQiwNY7rtQs="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":187,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1095,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":992044,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAxtRAAEAGKUnAqAEinTfrmMhInF05JqawAAAAALAC\/\/9CLwAAAgQFtAEDAwUBAQgKPjInhAAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":188,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":992172,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABB4XAAAEARAafAqAEinTc4kzLdnE4ALQw6e5sCLpawwxGRzNJ9jeoeh5bY+9RpiszLnAcSdcNuRnMOI9PLQQ=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1096,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":189,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970675,"pkt_ts_usec":992172,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1ktIAAEARBdLAqAEiQTffEjLdnFkAIdOte50CPL9ZRieP6CLGvHSnuteGzwQxXE6Sug=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1097,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00467{"flow_id":178,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":8062,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMySdAAEAG9crAqAEib91KEshEAbuPHWXUImhLeYAYECwpDwAAAQEICj4yJ5NNdq638u7zvxiLk1N\/bk90UuwO7GFozw5RA+4e"}
00489{"flow_id":186,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1099,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":61587,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABazv5AAEAGIF7AqAEi1cezr8hHAbtzmW+D0lUdQ4AYECzB3wAAAQEICj4yJ8hO3xqxJBunUkBMeJMsfT1eF4pqVDnte2DgNERt9BmDXlOuUVzA32khXIM="}
00448{"flow_id":187,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":61751,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIpxdyEgRBN2QOSamsaASOJC3pAAAAgQFrAQCCApMXif\/PjInhAEDAwk="}
@@ -1158,18 +1158,18 @@
00453{"flow_id":156,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":575622,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAW5oAAEARm5\/AqAEiwKgBAfsCADUALD+l2TUBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAHAAB"}
00449{"flow_id":179,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":839368,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8V+VAAEAGl5XAqAEi1cezr8hFnF3LCMHILu+4HYAYECoUpAAAAQEICj4yKs9O3xkb8jl+H1rFkgE="}
00691{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":881699,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"0NQSxnP1PBXCt3IOCABFAADtZZFAAEAG2TvAqAEiF84hpsgfAbv4Tz2YGDU8XoAYECyM5gAAAQEICj4yKvnsPW3FFgMBALQBAACwAwNVWiNLhX\/\/ejAO4KpxNC8\/ZrCwmmE9wkU90zxCDkcIKAAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAPQAAABMAEQAADmFwcHMuc2t5cGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":190,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":959268,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2RjwAAEAR6djAqAEinTfroDLdnFYAIpfGe58CtglNf35c9xed\/TOYZPtdg4AQKYWmKBE="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":191,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970676,"pkt_ts_usec":959269,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5iSIAAEARWf7AqAEinTc4kjLdnF4AJWUse6ECi+HEJAzVpo3ery\/yzADPEQnmy2088qUgojE="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00449{"flow_id":187,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":62836,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8eChAAEAGd\/nAqAEinTfrmMhInF05JqcNEQTd4oAYEClKIwAAAQEICj4yK65MXigTaJ2t5RvhjU8="}
00435{"flow_id":97,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1134,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":69222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0O6RAADMGePGdODQswKgBIpxUyC6j+8XAXpsVb4ARAB0n7gAAAQEICkxoExk+MduF"}
00450{"flow_id":175,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":137627,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8uTZAAEAGBczAqAEib91KEshDnFkB\/oa5lZep1YAYECg5SAAAAQEICj4yK\/hNdq00xUaEJw2DyPo="}
00490{"flow_id":186,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":398158,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABaEXRAAEAG3ejAqAEi1cezr8hHAbtzmW+D0lUdQ4AYECy8qwAAAQEICj4yLPxO3xqxJBunUkBMeJMsfT1eF4pqVDnte2DgNERt9BmDXlOuUVzA32khXIM="}
00450{"flow_id":121,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":598388,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8PThAAEAG5A\/AqAEiQAQXpsgznF2bjnl5scFgjYAZECmsYQAAAQEICj4yLcRMQvGckklqarCuvYw="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431970677603,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_first_seen":1431970677603,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":192,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":603695,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAVVtAAEAGmsLAqAEinTfrmMhKAbuh9dLFAAAAALAC\/\/9BpgAAAgQFtAEDAwUBAQgKPjItyQAAAAAEAgAA"}
00448{"flow_id":192,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":668523,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iGdN+uYwKgBIgG7yErORgmHofXSxqASOJDMTwAAAgQFrAQCCApMXimSPjItyQEDAwk="}
00437{"flow_id":192,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":668645,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0tRpAAEAGOw\/AqAEinTfrmMhKAbuh9dLGzkYJiIAQECwjOgAAAQEICj4yLglMXimS"}
@@ -1180,15 +1180,15 @@
00469{"flow_id":178,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":840343,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMTWxAAEAGcYbAqAEib91KEshEAbuPHWXUImhLeYAYECwh7wAAAQEICj4yLrNNdq638u7zvxiLk1N\/bk90UuwO7GFozw5RA+4e"}
00449{"flow_id":146,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":886541,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8pqRAAEAGsofAqAEinTeCjsg3nEXoG0gEyGJx5oAYECqcrgAAAQEICj4yLuFOwLXQr3KT27Tir4g="}
00449{"flow_id":187,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":960696,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8u0ZAAEAGNNvAqAEinTfrmMhInF05JqcNEQTd4oAYEClGpgAAAQEICj4yLytMXigTaJ2t5RvhjU8="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":193,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":974229,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"0NQSxnP1PBXCt3IOCABFAAA+xqAAAEAR0mLAqAEinTeCqjLdnFIAKv3he6MC3h4IlBBBiQEMzD2u81WGXlCVYngNZSbA0YydRzOnaw=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1148,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":194,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":974230,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyXBgAAEARPQLAqAEinTeCnzLdnFAAHlQNe6UCbRCk9Zm0qay7l4LGg8ZPRvGp2A=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1149,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":195,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970677,"pkt_ts_usec":974294,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABATykAAEARrDLAqAEib91NqjLdnFUALAKIe6cC06nLoifBCja4NtBTBPAIMkjY1r+eVyo0K906xL\/RnajP"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1150,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00511{"flow_id":192,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1151,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":100002,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"0NQSxnP1PBXCt3IOCABFAABpUC5AAEAGn8bAqAEinTfrmMhKAbuh9dMOzkYJiIAYECyexAAAAQEICj4yL7ZMXimi86hE3Mf+F71gUhXfICsOYAQVmYXa6zVmVAN\/UCwMTk1xoRWYRdaWkDsfzScQ6Y1RzsI3trk="}
00448{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1152,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":255384,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA82W1AADYG73lv3UotwKgBIpxIyCR2KHYk2DAKCYAYAB1GaQAAAQEICk2Hx8A+McPk18UgKt1JlMY="}
00519{"flow_id":160,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":367207,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABr679AAEAGA4vAqAEi1cezsMg+Absskrs7gA\/xNYAYECzY7QAAAQEICj4yMMBO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
@@ -1198,28 +1198,28 @@
00440{"flow_id":108,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":815299,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0\/zdAADMGtV2dODQswKgBIgG7yC\/usf+bunqupIARAB1B\/gAAAQEICkxoFM0+MeCz"}
00492{"flow_id":186,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":844746,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABaoa1AAEAGTa\/AqAEi1cezr8hHAbtzmW+D0lUdQ4AYECy3CgAAAQEICj4yMp1O3xqxJBunUkBMeJMsfT1eF4pqVDnte2DgNERt9BmDXlOuUVzA32khXIM="}
00523{"flow_id":130,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":853914,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"pkt":"0NQSxnP1PBXCt3IOCABFAABx5S1AAEAGO+XAqAEiQAQXpsg1Abs0yMstLkeiTIAZECySxAAAAQEICj4yMqZMQvMvj3RAvemHT+P7z0rouwAwTgf6jSGe3VlkB506Kg5x6iMueUoaC06tZlkow8O3V51nHVDge5Zkoq+VQDfaxQ=="}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01093{"flow_id":196,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":945749,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISqNoAAEARDjfAqAEi\/\/\/\/\/0RcRFwB\/vqceyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1161,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01089{"flow_id":197,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":946074,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAAISZSMAAEARj0bAqAEiwKgB\/0RcRFwB\/jf1eyJob3N0X2ludCI6IDE1NzMxOTU0NDUsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1162,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00437{"flow_id":109,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":984866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0zltAADYG9xFv3U2vwKgBIpxeyDDQUSxaCFXtQ4ARAB062gAAAQEICk2j9mU+MeNf"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":198,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":985147,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/p1UAAEAR8T7AqAEiQTffGDLdnF0AK+jLe6kC6fGNK2goAXsNse6RdApll6kRm4bOwgAP2hC\/D2eOAyk="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1164,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":199,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":985147,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7GMMAAEARF0\/AqAEinTfrnjLdnFsAJ5Hde6sCJ8R84KyvegILw5PDMDyyzP0qbIKzwXJl3e6CLA=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1165,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":200,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970678,"pkt_ts_usec":985207,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA49SsAAEARo3fAqAEiQTffEDLdnGAAJBSJe60CT4+h0ZiCfQwqP7NMcZ5acjfF0jfx+oM28A=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1166,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01092{"flow_id":201,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":27972,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISpvoAAEARD93AqAFc\/\/\/\/\/0RcRFwB\/v9VeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1167,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01088{"flow_id":202,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":28646,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xCwDBkn+CABFAAISy7gAAEARKHfAqAFcwKgB\/0RcRFwB\/jyueyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1168,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00524{"flow_id":130,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":53222,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"PBXCt3IO0NQSxnP1CABFAAByUWlAADYG2ahABBemwKgBIgG7yDUuR6KbNMjLa4AZAB0lqwAAAQEICkxDA\/w+MjKmHICQbtHFQnC9psgvY9YKQc8qPv8hKVwzZzoO3xpEQw9YsjMO6v0VQd\/siDDiwWhBpVXKCbrCFreU7q7JA2M="}
00420{"flow_id":130,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":53339,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo3N9AAEAGRHzAqAEiQAQXpsg1Abs0yMtrAAAAAFAEAADMRwAA"}
00450{"flow_id":179,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1171,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":129453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FdtAAEAG2Z\/AqAEi1cezr8hFnF3LCMHILu+4HYAYECoLvAAAAQEICj4yM7dO3xkb8jl+H1rFkgE="}
@@ -1228,32 +1228,32 @@
00517{"flow_id":158,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":556480,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrna9AAEAGu03AqAEinTeCjsg8AbsAEWqgQyFuW4AYECxw0AAAAQEICj4yNWBOwLdijvxAZZgUoCkBH\/EVHhRNRbBof0ntyHRIt71VUzxiPflWQfiWlCD80Wr\/3G66XhsettJAtcl5eA=="}
00547{"flow_id":75,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":567629,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDBSBAADYGw4Bv3UotwKgBIgG7yCgNTasMSHrP+4AYAB2qogAAAQEICk2HyQg+McjnFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00421{"flow_id":75,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":567725,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoD41AAEAGr27AqAEib91KLcgoAbtIes\/7AAAAAFAEAABRsgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":203,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":839799,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK0kgAAEARJOfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
-00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1179,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":204,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":839976,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKzS8AAEARKgDAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
-00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_tot_l4_data_len":54,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1180,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_first_seen":1431970679839,"flow_last_seen":0,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"335.0.7.7.3.rst0.r.skype.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00449{"flow_id":147,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1181,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":871076,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8RfhAAEAGdY7AqAEib91Njsg4nE30S7wpxRcMPYAYECn7nQAAAQEICj4yNpdNkBTphTv5WfSZuu0="}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":205,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":995024,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"0NQSxnP1PBXCt3IOCABFAAA7shQAAEARfXbAqAEi1cezlTLdnF4AJ7D1e68CWBP9byLKqG9T\/ZSkhpqmfvjcm+3DFpOZwv2yxQ=="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1182,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":206,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970679,"pkt_ts_usec":995025,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA12TQAAEARDmTAqAEinTg0HTLdnEoAIVxje7ECiU\/XVCamnPFSSydeUAuZRUP3ucHK0w=="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1183,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00437{"flow_id":120,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970680,"pkt_ts_usec":340618,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rbJAADYGF7tv3U2vwKgBIgG7yDJl2k6modh+KIARAB3sngAAAQEICk2j97g+Meis"}
00469{"flow_id":203,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970680,"pkt_ts_usec":899172,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKn9sAAEARV1TAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
00468{"flow_id":204,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1188,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970680,"pkt_ts_usec":899366,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKCR0AAEAR7hLAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
00512{"flow_id":192,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970680,"pkt_ts_usec":982950,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"0NQSxnP1PBXCt3IOCABFAABpt85AAEAGOCbAqAEinTfrmMhKAbuh9dMOzkYJiIAYECyTjgAAAQEICj4yOuxMXimi86hE3Mf+F71gUhXfICsOYAQVmYXa6zVmVAN\/UCwMTk1xoRWYRdaWkDsfzScQ6Y1RzsI3trk="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":207,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":5016,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2XQAAEARDgvAqAEinTg0KzLdnEYALMh9e7MC2jL0tZM0Yzvr0KHAzi3oveeicB3qmta1c4OVExZFkpM\/"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1190,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":208,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":5017,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"0NQSxnP1PBXCt3IOCABFAAA1sl0AAEARTKHAqAEib91KEjLdgQkAIR6we7UCnzLS60tunXakNuMsocCUgSoxAT5iGw=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1191,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":209,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":5017,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"0NQSxnP1PBXCt3IOCABFAAA\/HVAAAEARe03AqAEiQTffDzLdnF4AK6Bke7cC41QXoMCqTrFc3jjyFt76m6sxlqO9wK+EPcEKNtA\/tkI="}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1192,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00520{"flow_id":159,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":249913,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"pkt":"0NQSxnP1PBXCt3IOCABFAABwHH1AAEAG017AqAEinTfrqsg9AbvoZ1rM+umGlIAYECweUgAAAQEICj4yO\/ZMVnGKp9iYwrlcLUTfptpUQ9HnlFyq2KvXjkAGnxSlIXPZFxPNf26I7IG6HpdVzoKbtM+2y58XZOdHADBnVSgw"}
00469{"flow_id":178,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1194,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":303889,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABM2ZVAAEAG5VzAqAEib91KEshEAbuPHWXUImhLeYAYECwUdwAAAQEICj4yPCtNdq638u7zvxiLk1N\/bk90UuwO7GFozw5RA+4e"}
00450{"flow_id":175,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":446130,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8cPtAAEAGTgfAqAEib91KEshDnFkB\/oa5lZep1YAYECgohwAAAQEICj4yPLlNdq00xUaEJw2DyPo="}
@@ -1261,12 +1261,12 @@
00492{"flow_id":186,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":539485,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABatu1AAEAGOG\/AqAEi1cezr8hHAbtzmW+D0lUdQ4AYECyskQAAAQEICj4yPRZO3xqxJBunUkBMeJMsfT1eF4pqVDnte2DgNERt9BmDXlOuUVzA32khXIM="}
00469{"flow_id":203,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":909608,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKnmgAAEARWMfAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
00468{"flow_id":204,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1199,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":909798,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKbIIAAEARiq3AqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":210,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":960901,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"0NQSxnP1PBXCt3IOCABFAAA3frUAAEARsN7AqAEi1cezkDLdnEkAIwRMe7kCZypNkc74yL7GF7GC5QinylqI\/WPnVsk+"}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1200,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":211,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970681,"pkt_ts_usec":960902,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBaTkAAEARlaPAqAEib91KKDLdnFkALS1Je7sCEGG8jv3asKVduW1KlINShpl5CYZ6daDh4AHUflFCiwcMag=="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1201,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00436{"flow_id":146,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":15869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0dXdAAEAG47zAqAEinTeCjsg3nEXoG0gMyGJx5oARECo0XgAAAQEICj4yPvJOwLXQ"}
00436{"flow_id":158,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":15970,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0HVdAAEAGO93AqAEinTeCjsg8AbsAEWrXQyFuW4ARECwbXAAAAQEICj4yPvJOwLdi"}
00436{"flow_id":147,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":16048,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0hSdAAEAGNmfAqAEib91Njsg4nE30S7wxxRcMPYARECkhZwAAAQEICj4yPvJNkBTp"}
@@ -1276,51 +1276,51 @@
00437{"flow_id":149,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":16340,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0YS1AAEAGjlTAqAEi1cezsMg6nFWOWkftXYl5QIARECq\/bgAAAQEICj4yPvJO3n48"}
00438{"flow_id":160,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":16403,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JHdAAEAGywrAqAEi1cezsMg+AbsskrtygA\/xNYARECysNQAAAQEICj4yPvJO3n\/R"}
00450{"flow_id":179,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":253996,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8VxNAAEAGmGfAqAEi1cezr8hFnF3LCMHILu+4HYAYECr\/kwAAAQEICj4yP99O3xkb8jl+H1rFkgE="}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00447{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_tot_l4_data_len":8,"flow_min_l4_data_len":8,"flow_max_l4_data_len":8,"flow_avg_l4_data_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":33,"flow_min_l4_data_len":33,"flow_max_l4_data_len":33,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":207,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.29","src_port":13021,"dst_port":40010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_first_seen":1431970679027,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_first_seen":1431970678945,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_first_seen":1431970679028,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.92","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_first_seen":1431970678946,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_first_seen":1431970672329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"233.89.188.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.140","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_first_seen":1431970672959,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.158","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.18","src_port":13021,"dst_port":33033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.170","src_port":13021,"dst_port":40021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.40","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.43","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.18","src_port":13021,"dst_port":40025,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.24","src_port":13021,"dst_port":40029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_first_seen":1431970681005,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.15","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.16","src_port":13021,"dst_port":40032,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":181,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.173","src_port":13021,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.171","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_first_seen":1431970675992,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.147","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":1,"flow_first_seen":1431970674981,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.150","src_port":13021,"dst_port":40014,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.159","src_port":13021,"dst_port":40016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_first_seen":1431970677974,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.170","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_first_seen":1431970673970,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.143","src_port":13021,"dst_port":40018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.160","src_port":13021,"dst_port":40022,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_first_seen":1431970678985,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.158","src_port":13021,"dst_port":40027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_first_seen":1431970676959,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.56.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_first_seen":1431970681960,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.144","src_port":13021,"dst_port":40009,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1211,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_first_seen":1431970679995,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.149","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":187,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":532335,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8zJhAAEAGI4nAqAEinTfrmMhInF05JqcNEQTd4oAYECk03AAAAQEICj4yQPVMXigTaJ2t5RvhjU8="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":212,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":971296,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA7SRAAEAGAv\/AqAEinTfrkshMnFVVB2sVAAAAALAC\/\/9GzAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":213,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":971500,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA5x1AAEAGCPzAqAEinTfrnMhNnFpJkZ45AAAAALAC\/\/8fDgAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":214,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":971692,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAMNRAAEAG8HbAqAEiQAQXn8hOnEl2PjrTAAAAALAC\/\/+HCAAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_first_seen":1431970682971,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":215,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":971895,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABARUhAAEAGeZjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8xegAAAgQFtAEDAwUBAQgKPjJCqwAAAAAEAgAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":216,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":972023,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"0NQSxnP1PBXCt3IOCABFAAA2ToQAAEARSoLAqAEinTeCrzLdnEYAIsBye70C0WV2Jw2JJv9T381tb7aFs7ugTny6Jk4="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1217,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":217,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970682,"pkt_ts_usec":972023,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBmw8AAEARYEjAqAEib91NrTLdnEwALft7e78CS2barOC4bSdle3ySCU4isieKFyYrhir3D1S\/zus1mmpuRQ=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00447{"flow_id":212,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":43958,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIpxVyEzh8Ob8VQdrFqASOJAqmgAAAgQFrAQCCApMYN9LPjJCqwEDAwk="}
00436{"flow_id":212,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":44063,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0JNdAAEAGy1jAqAEinTfrkshMnFVVB2sW4fDm\/YAQECyBfAAAAQEICj4yQvNMYN9L"}
00533{"flow_id":212,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":44604,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"0NQSxnP1PBXCt3IOCABFAAB3Mo1AAEAGvV\/AqAEinTfrkshMnFVVB2sW4fDm\/YAYECzPowAAAQEICj4yQvNMYN9LG\/ElW63KxOao8VKmuRdmcRFihQOEgdmeqxt9tl+ffCv6XLznEh5tysSzRUGu2IKGHne8\/QpziFm2LxR1IqtgUU7nbA=="}
@@ -1346,15 +1346,15 @@
00448{"flow_id":213,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":542740,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8XZRAAEAGkonAqAEinTfrnMhNnFpJkZ6byTsrQ4AYEChm5AAAAQEICj4yROFMXOPPdjjDMntxC5I="}
00512{"flow_id":192,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":786925,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"0NQSxnP1PBXCt3IOCABFAABpdhtAAEAGednAqAEinTfrmMhKAbuh9dMOzkYJiIAYECyIpQAAAQEICj4yRdVMXimi86hE3Mf+F71gUhXfICsOYAQVmYXa6zVmVAN\/UCwMTk1xoRWYRdaWkDsfzScQ6Y1RzsI3trk="}
00454{"flow_id":215,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":978082,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAGihAAEAGpLjAqAEib91KMMhPnEhg80NCAAAAALAC\/\/8tkQAAAgQFtAEDAwUBAQgKPjJGlAAAAAAEAgAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":218,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":987836,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8i9IAAEARpC3AqAEinTfrrzLdnFcAKG0ve8ECvWqBesxtVN\/+FF8A8FJFXO0bTxFAGhtLbx9IUYU="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1247,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":219,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":987837,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0Ni4AAEARsXfAqAEinTg0ETLdnE0AIDQfe8MCmFcjIzVltOuGOdvvgZmibnosxcEh"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":220,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970683,"pkt_ts_usec":987900,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0PqwAAEARIpXAqAEiQAQXqjLdnEsAIM3ke8UC93ejJq9SbNcOBlZBFwBC35pf1nt9"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1249,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00448{"flow_id":212,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":69368,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA84vRAAEAGDTPAqAEinTfrkshMnFVVB2tZ4fDnQYAYECluegAAAQEICj4yRu9MYN9f7d463h6NxxM="}
00450{"flow_id":213,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":152100,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8Jt5AAEAGyT\/AqAEinTfrnMhNnFpJkZ6byTsrQ4AYEChkhAAAAQEICj4yR0FMXOPPdjjDMntxC5I="}
00448{"flow_id":215,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":268798,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADcGx+Rv3UowwKgBIpxIyE81se9IYPNDQ6ASOJCdPQAAAgQFrAQCCApNifogPjJCqwEDAwk="}
@@ -1365,13 +1365,13 @@
00580{"flow_id":215,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":563732,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"PBXCt3IO0NQSxnP1CABFAACbFSFAADcGsmRv3UowwKgBIpxIyE81se9JYPNDdYAYAB2FVwAAAQEICk2J+mk+Mke1yNVL9qyoiY0MBsyANMGSNjrd5g1ndD1+H5z8rKkNmwGp5zI9pi6xZhVsHc8MmY79QX5XHN1qU+g5Fg90VYKLwDGux8zNmsOYKUZ\/JEWy+3Ah3jd8vcozSBl279Q14msgEQ6nLK36ow=="}
00437{"flow_id":215,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":563798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0S\/pAAEAGcvLAqAEib91KMMhPnEhg80N1NbHvsIAQECjtWQAAAQEICj4ySNtNifpp"}
00449{"flow_id":215,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":564328,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA857NAAEAG1zDAqAEib91KMMhPnEhg80N1NbHvsIAYECha\/AAAAQEICj4ySNtNifppdiL3+rNlcMo="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":221,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":583222,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJbZAAEAGym3AqAEinTfrkshQAbtIMwlhAAAAALAC\/\/9JqAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":222,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":583412,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABATSFAAEAGovjAqAEinTfrnMhRAbsdDADVAAAAALAC\/\/99UAAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":223,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":583695,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0\/xAAEAGTU7AqAEiQAQXn8hSAbvNFjtFAAAAALAC\/\/\/EBQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_first_seen":1431970684583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":224,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":583810,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAs0xAAEAGC5TAqAEib91KMMhTAbtJAhNrAAAAALAC\/\/8NiQAAAgQFtAEDAwUBAQgKPjJI7gAAAAAEAgAA"}
00448{"flow_id":221,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":658664,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+iedN+uSwKgBIgG7yFDrM+1YSDMJYqASOJAcRAAAAgQFrAQCCApMYODePjJI7gEDAwk="}
00448{"flow_id":222,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":658670,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYG+h2dN+ucwKgBIgG7yFE1cNv2HQwA1qASOJASpwAAAgQFrAQCCApMXOVNPjJI7gEDAwk="}
@@ -1395,15 +1395,15 @@
00437{"flow_id":223,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":973915,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0\/HpAADYGLtxABBefwKgBIgG7yFJrWCY8zRY7joAQAB1KewAAAQEICkxH2kY+Mkmw"}
00503{"flow_id":223,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":973984,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"0NQSxnP1PBXCt3IOCABFAABkagBAAEAGtybAqAEiQAQXn8hSAbvNFjuOa1gmPIAYECyhWwAAAQEICj4ySnJMR9pGOm9QiCGp0cwW6vp4r5Dn8\/7YY8lRGP7REcP1BqFDpRTD4qb3sZ4E9ti6rTGePCt6"}
00449{"flow_id":212,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":995805,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8WuNAAEAGlUTAqAEinTfrkshMnFVVB2tZ4fDnQYAYEClq4gAAAQEICj4ySodMYN9f7d463h6NxxM="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":225,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":997599,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"0NQSxnP1PBXCt3IOCABFAAAyBX4AAEARk57AqAEinTeCnTLdnE0AHhvPe8cCM2e01AKVV7JkJRCi7OoE7P+SqQ=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1286,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":226,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":997600,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8MWwAAEARL9zAqAEiQAQXmzLdnEQAKCm\/e8kCIw7UNc1vAeAYbNVJreKXHNKN8e8UIdCt8moAbvU="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1287,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":227,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970684,"pkt_ts_usec":997661,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"0NQSxnP1PBXCt3IOCABFAABBr7UAAEARf9fAqAEi1cezjTLdnE8ALaWJe8sCd26eaxqppENRG4WXSuPXFKjQruFJphoXGEqS7tX7w9Yk1Q=="}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1288,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00467{"flow_id":204,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":1537,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABK\/5kAAEAR95XAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
00467{"flow_id":203,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":1625,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKlSsAAEARYgTAqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
00450{"flow_id":146,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1291,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":127027,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8XEBAAEAG\/OvAqAEinTeCjsg3nEXoG0gEyGJx5oAZECqAhAAAAQEICj4ySwpOwLXQr3KT27Tir4g="}
@@ -1421,20 +1421,20 @@
00492{"flow_id":221,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":713332,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABaQBJAAEAGr\/fAqAEinTfrkshQAbtIMwmq6zPtWYAYECx4ZQAAAQEICj4yTU5MYODx4TzV3\/Y4WDPH3tpvaLZcP8pol15k+DSkUSs81WKefnkA99PxSe0="}
00449{"flow_id":214,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":727482,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8i2lAAEAGleXAqAEiQAQXn8hOnEl2PjsWIF+fsYAYECgZKQAAAQEICj4yTVxMR9i06BKmNwKjHHk="}
00519{"flow_id":160,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":772709,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrNJRAAEAGurbAqAEi1cezsMg+Absskrs7gA\/xNYAZECy8IwAAAQEICj4yTYlO3n\/RxnG4\/AJEgxSLpj4g1w1XejDcElFRdGJgTnfA7RCUIGPtheZryFD\/LSyJskZ7bbubC2TOpkOp3g=="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":228,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":835246,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChckEAAAERlUbAqAEi7\/\/\/+udlB2wAjUvnTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1316,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00588{"flow_id":228,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":835271,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgeC8AAAERj1nAqAEi7\/\/\/+udlB2wAjLHaTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00593{"flow_id":229,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":835365,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6PBXCt3IOCABFAAChI3QAAAER5BPAqAEi7\/\/\/+uLNB2wAjVB\/TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOUFBQQ29ubmVjdGlvbjoxDQoNCg=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_tot_l4_data_len":141,"flow_min_l4_data_len":141,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1318,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00588{"flow_id":229,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":835379,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6PBXCt3IOCABFAACgWWQAAAERriTAqAEi7\/\/\/+uLNB2wAjLZyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KTVg6IDINCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KU1Q6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCg0K"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_first_seen":1431970685835,"flow_last_seen":0,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":230,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":835490,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo7Q4AAEARCkPAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"}
-00453{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431970685839,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00461{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431970685839,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":231,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":839326,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr0AAEABX8jAqAEBwKgBIgMDgJYAAAAARQAAKO0OAABAEQpDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
-00485{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431970685839,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1431970685852,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1321,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_first_seen":1431970685839,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_first_seen":1431970685852,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":232,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":852960,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXIlAAEAG5ijAqAEiW77afchUMD4lFgKCAAAAALAC\/\/+SwgAAAgQFtAEDAwUBAQgKPjJN1wAAAAAEAgAA"}
00437{"flow_id":232,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1324,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":921461,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0NCRAAPQGWplbvtp9wKgBIjA+yFR61rIKJRYCg4ASH\/4KBwAAAgQFoAEDAwQBAQQC"}
00420{"flow_id":232,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1325,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970685,"pkt_ts_usec":921522,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoGAJAAEAGKsjAqAEiW77afchUMD4lFgKDetayC1AQIABKwAAA"}
@@ -1456,7 +1456,7 @@
00460{"flow_id":231,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":107739,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr4AAEABX8fAqAEBwKgBIgMDgJYAAAAARQAAKJsOAABAEVxDwKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
00503{"flow_id":223,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":157266,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"0NQSxnP1PBXCt3IOCABFAABksFpAAEAGcMzAqAEiQAQXn8hSAbvNFjuOa1gmPIAZECycyAAAAQEICj4yTwRMR9pGOm9QiCGp0cwW6vp4r5Dn8\/7YY8lRGP7REcP1BqFDpRTD4qb3sZ4E9ti6rTGePCt6"}
00428{"flow_id":232,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":318900,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoNDhAAPQGWpFbvtp9wKgBIjA+yFR61rILJRYCtlAUJeVEpAAAAAAAAAAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431970686319,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_first_seen":1431970686319,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":233,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1349,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":319207,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAzaZAAEAGdQvAqAEiW77afchVMD6WWeS2AAAAALAC\/\/89ewAAAgQFtAEDAwUBAQgKPjJPpQAAAAAEAgAA"}
00548{"flow_id":159,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1350,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":367443,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACD9yRAADYGAqSdN+uqwKgBIgG7yD366YaU6GdazIAYAB3tXQAAAQEICkxWgtA+MgrFFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00421{"flow_id":159,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1351,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":367539,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoQM9AAEAGr1TAqAEinTfrqsg9AbvoZ1rMAAAAAFAEAABYBwAA"}
@@ -1472,7 +1472,7 @@
00492{"flow_id":221,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":679198,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABaaTBAAEAGhtnAqAEinTfrkshQAbtIMwmq6zPtWYAZECx0qAAAAQEICj4yUQpMYODx4TzV3\/Y4WDPH3tpvaLZcP8pol15k+DSkUSs81WKefnkA99PxSe0="}
00517{"flow_id":158,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":837592,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"0NQSxnP1PBXCt3IOCABFAABrqW9AAEAGr43AqAEinTeCjsg8AbsAEWqgQyFuW4AZECxUhwAAAQEICj4yUahOwLdijvxAZZgUoCkBH\/EVHhRNRbBof0ntyHRIt71VUzxiPflWQfiWlCD80Wr\/3G66XhsettJAtcl5eA=="}
00429{"flow_id":233,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":843632,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAok\/NAAPQG+tVbvtp9wKgBIjA+yFVGmTUvllnkvFAUJeWicgAAAAAAAAAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431970686843,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_first_seen":1431970686843,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":234,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":843964,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXdpAAEAG5NfAqAEiW77afchWAbv9gi8BAAAAALAC\/\/+4gAAAAgQFtAEDAwUBAQgKPjJRrgAAAAAEAgAA"}
00438{"flow_id":234,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":906649,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rxlAAPQG36Nbvtp9wKgBIgG7yFakF93g\/YIvAoASH\/7ehAAAAgQFoAEDAwQBAQQC"}
00420{"flow_id":234,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":906761,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoj59AAEAGsyrAqAEiW77afchWAbv9gi8CpBfd4VAQIAAfPgAA"}
@@ -1482,27 +1482,27 @@
00429{"flow_id":234,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970686,"pkt_ts_usec":972411,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAoQBJAADcGC7hbvtp9wKgBIgG7yFakF93h\/YIvB1AQA6A7mQAAAAAAAAAA"}
00448{"flow_id":213,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1379,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":23682,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ncNAAEAGUlrAqAEinTfrnMhNnFpJkZ6byTsrQ4AZEChZYwAAAQEICj4yUmFMXOPPdjjDMntxC5I="}
00429{"flow_id":234,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1382,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":201898,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFAAAorxpAAPQG365bvtp9wKgBIgG7yFakF93h\/YIvB1AUJeUZUAAAAAAAAAAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431970687261,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431970687261,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":235,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":261985,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuS7AAAEAREzPAqAEirjGr4DLdfQsAGuTOfB8CfeyODsgiOuU1SIeok9yn"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431970687261,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1384,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_first_seen":1431970687261,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":236,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":262047,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAurJcAAEARrJHAqAEiUx8MrTLdXYMAGpfYfCECZ7K5p+bX8n+OJOOTrcyv"}
-00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1385,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":237,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":262067,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuSakAAEAREGnAqAEivYqhWDLdTEEAGhcdfCMC1zNoLOVTJhFFmEsFrmck"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1386,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":238,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":262098,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOf4AAEAROozAqAEivbyGrjLdV6QAGoKkfCUCWKDpreHeWqMtL4LNh6CD"}
-00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00542{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1387,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00503{"flow_id":223,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":337958,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"0NQSxnP1PBXCt3IOCABFAABkxTpAAEAGW+zAqAEiQAQXn8hSAbvNFjuOa1gmPIAZECyYNgAAAQEICj4yU5ZMR9pGOm9QiCGp0cwW6vp4r5Dn8\/7YY8lRGP7REcP1BqFDpRTD4qb3sZ4E9ti6rTGePCt6"}
00422{"flow_id":230,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":666142,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo51IAAEARD\/\/AqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"}
00462{"flow_id":231,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":668942,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"PBXCt3IO0NQSxnP1CABFwABElsAAAEABX8XAqAEBwKgBIgMDgJYAAAAARQAAKOdSAABAEQ\/\/wKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":239,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":670003,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAjTxAAEAG\/gPAqAEiTKehBshYTzLHdCWnAAAAALAC\/\/\/vzwAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":240,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":670182,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABADkBAAEAGGvXAqAEiR+4Hy8hZSU+Qnyq6AAAAALAC\/\/\/FaAAAAgQFtAEDAwUBAQgKPjJU3AAAAAAEAgAA"}
00512{"flow_id":192,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":670347,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"0NQSxnP1PBXCt3IOCABFAABpUJ1AAEAGn1fAqAEinTfrmMhKAbuh9dMOzkYJiIAZECx5nAAAAQEICj4yVN1MXimi86hE3Mf+F71gUhXfICsOYAQVmYXa6zVmVAN\/UCwMTk1xoRWYRdaWkDsfzScQ6Y1RzsI3trk="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_first_seen":1431970687670,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":241,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":670559,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtDFAAEAGA+fAqAEiBfi63chaeSLm2Z5sAAAAALAC\/\/9aigAAAgQFtAEDAwUBAQgKPjJU3QAAAAAEAgAA"}
00468{"flow_id":166,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":726679,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLZ5gAAEARj5bAqAEiwKgBAe6nADUAN3lCuqsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00468{"flow_id":167,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":726760,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"0NQSxnP1PBXCt3IOCABFAABLTOwAAEARqkLAqAEiwKgBAdo6ADUAN4ffpXsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
@@ -1522,9 +1522,9 @@
00436{"flow_id":239,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":953143,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA06CNAAEAGoyjAqAEiTKehBshYTzLHdCWoEv4emIAQECx16wAAAQEICj4yVfS+r7gZ"}
00569{"flow_id":239,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":953768,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"0NQSxnP1PBXCt3IOCABFAACTKcJAAEAGYSvAqAEiTKehBshYTzLHdCWoEv4emIAYECwycAAAAQEICj4yVfS+r7gZDpcymbPRjqHS0MBRvFH\/Ltx8fwWiBBmQIi9mCQBkccCvt9P5uN6AByyOzUlygvBS3J0qE6j51s80FUJLgPFuh4yNWoNY6QY\/5AVyuzDhnvc8fYrzCNk2r5T1oivg0c4="}
00437{"flow_id":147,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970687,"pkt_ts_usec":998806,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0Hx5AADcGpXBv3U2OwKgBIpxNyDjFFwxF9Eu8KYARAB1V6gAAAQEICk2QKO8+MgZ1"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":242,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":25302,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuOK8AAEARxlrAqAEib91KDjLdAbsAGqZSfFUC4vleo7UvMvPmsU4YCKBd"}
-00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00595{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00469{"flow_id":178,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":51220,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"0NQSxnP1PBXCt3IOCABFAABMImpAAEAGnIjAqAEib91KEshEAbuPHWXUImhLeYAZECz6TQAAAQEICj4yVlNNdq638u7zvxiLk1N\/bk90UuwO7GFozw5RA+4e"}
00467{"flow_id":204,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":53940,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKaYcAAEARjajAqAEiwKgBAftsADUANoJ0c24BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAABwAAQ=="}
00469{"flow_id":203,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":54034,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"0NQSxnP1PBXCt3IOCABFAABKe8AAAEARe2\/AqAEiwKgBAev9ADUANqf\/XW0BAAABAAAAAAAAAzMzNQEwATcBNwEzBHJzdDABcgVza3lwZQNuZXQAAAEAAQ=="}
@@ -1535,13 +1535,13 @@
00512{"flow_id":239,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":236294,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"PBXCt3IO0NQSxnP1CABFAABqp6xAAC8G9GlMp6EGwKgBIk8yyFgS\/h6Yx3QmB4AYAOMjhQAAAQEICr6vuTU+MlX0979\/jAaFxz9J17kaFgdP5kj+tcc94wOOYkyU7BSju0gtD25WNJlFffpkoREITQq1kY4nrC16"}
00436{"flow_id":239,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1450,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":236469,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0R15AAEAGQ+7AqAEiTKehBshYTzLHdCYHEv4ezoAQECpzJgAAAQEICj4yVwq+r7k1"}
00448{"flow_id":239,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":237097,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8HstAAEAGbHnAqAEiTKehBshYTzLHdCYHEv4ezoAYECqQygAAAQEICj4yVwq+r7k1zWOVyLN8y6I="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":243,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":320038,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAukPgAAEARnzfAqAEinTfrjTLdAbsAGuidfHYCyiJR+IygHiSHdyp3P0rG"}
-00584{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00596{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1458,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00449{"flow_id":241,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":347281,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA81axAAEAG4m\/AqAEiBfi63chaeSLm2Z7HnfKa24AYECiVrgAAAQEICj4yV3UAAJTxinTTcj1jiGY="}
00481{"flow_id":222,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":417497,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"0NQSxnP1PBXCt3IOCABFAABVYx5AAEAGjObAqAEinTfrnMhRAbsdDAEeNXDb94AZECxNwgAAAQEICj4yV7pMXOVgRJ52DFIu7cAK7Gpc8dNzIO4YY2vVOHQu5N+2IqCrL00y"}
00492{"flow_id":221,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":417499,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABai7JAAEAGZFfAqAEinTfrkshQAbtIMwmq6zPtWYAZECxt+AAAAQEICj4yV7pMYODx4TzV3\/Y4WDPH3tpvaLZcP8pol15k+DSkUSs81WKefnkA99PxSe0="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431970688560,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_first_seen":1431970688560,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":244,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":560737,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABALZlAAEAGrHTAqAEiUVNNjchbROcBp2a0AAAAALAC\/\/\/KOQAAAgQFtAEDAwUBAQgKPjJYSAAAAAAEAgAA"}
00448{"flow_id":244,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":626729,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8CBlAAHQGnfhRU02NwKgBIkTnyFsYw7jOAadmtaASIADTOAAAAgQFrAEDAwgEAggKALwVrD4yWEg="}
00436{"flow_id":244,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":626849,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0NhhAAEAGpAHAqAEiUVNNjchbROcBp2a1GMO4z4AQECwRkQAAAQEICj4yWIkAvBWs"}
@@ -1549,9 +1549,9 @@
00537{"flow_id":244,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1489,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":720791,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"PBXCt3IO0NQSxnP1CABFAAB6CBpAAHQGnblRU02NwKgBIkTnyFsYw7jPAadnG4AYAQJ4AQAAAQEICgC8FbU+MliJ8y+WiiMWk+rxA++uleX3d3qQzoYwWYU6TExH7yqfoCHp9Ru\/tJhVTD8G0rb8kSYVwDGux8zNmsOYKUZ\/JEWy+3Ah3jd8vQ=="}
00436{"flow_id":244,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1490,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":720875,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0wwVAAEAGFxTAqAEiUVNNjchbROcBp2cbGMO5FYAQECkQgQAAAQEICj4yWOcAvBW1"}
00449{"flow_id":244,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":721426,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8vqJAAEAGG2\/AqAEiUVNNjchbROcBp2cbGMO5FYAYECk9gQAAAQEICj4yWOcAvBW1LtP9fnVyMSs="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431970688781,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_first_seen":1431970688781,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":245,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":781923,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwP5AAEAGaDbAqAEiR+4Hy8hcSU\/pBV4yAAAAALAC\/\/81QAAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431970688782,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_first_seen":1431970688782,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":246,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":782103,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUvJAAEAGZSbAqAEiBfi63chdeSKNyxjDAAAAALAC\/\/80+QAAAgQFtAEDAwUBAQgKPjJZIwAAAAAEAgAA"}
00443{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":837836,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6Sy4AAEARrBHAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00452{"flow_id":246,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970688,"pkt_ts_usec":888547,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"PBXCt3IO0NQSxnP1CABFAABA75tAAHIGlnwF+LrdwKgBInkiyF33HT2hjcsYxLASRBBSegAAAgQFrAEDAwABAQgKAAAAAAAAAAABAQQC"}
@@ -1584,7 +1584,7 @@
00458{"flow_id":245,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":648519,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"PBXCt3IO0NQSxnP1CABFAABCrvxAAHMGRzZH7gfLwKgBIklPyFwwtyP96QVejYAY\/6U7JQAAAQEICgMcyZQ+MluitTxtVIkexevUyA+Ov+0="}
00439{"flow_id":245,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1538,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":648609,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0cEpAAEAGuPbAqAEiR+4Hy8hcSU\/pBV6NMLckC4AQECk\/tgAAAQEICj4yXHYDHMmU"}
00446{"flow_id":245,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":648701,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4yeNAAEAGX1nAqAEiR+4Hy8hcSU\/pBV6NMLckC4AYECn+DQAAAQEICj4yXHYDHMmUFOwssA=="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1431970689672,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_first_seen":1431970689672,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":247,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":672643,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2ypAAEAG\/uLAqAEiUVNNjcheROdnq4JVAAAAALAC\/\/9ETAAAAgQFtAEDAwUBAQgKPjJcjQAAAAAEAgAA"}
00550{"flow_id":108,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":704558,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACD\/zhAADMGtQ2dODQswKgBIgG7yC\/usf9MunqupIAYAB2f3gAAAQEICkxoH3A+MeCzFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00421{"flow_id":108,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":704673,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoElNAAEAGlU7AqAEinTg0LMgvAbu6eq6kAAAAAFAEAADppwAA"}
@@ -1607,19 +1607,19 @@
00437{"flow_id":247,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970689,"pkt_ts_usec":938796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0x8dAAEAGElLAqAEiUVNNjcheROdnq4WXnrqPh4AQECoqcAAAAQEICj4yXZEAvBYu"}
00435{"flow_id":157,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":2958,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA04rlAADcG4dRv3U2OwKgBIgG7yDsQofUZ9u6LaYARAB3jKQAAAQEICk2QKuQ+MguP"}
00437{"flow_id":245,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":35437,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0rv1AAHMGR0NH7gfLwKgBIklPyFwwtyQL6QVekYAQ\/6FQNQAAAQEICgMcyZg+Mlx2"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431970690133,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431970690133,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":248,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":133876,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"0NQSxnP1PBXCt3IOCABFAABEeJ0AAEARfpjAqAEiwKgBAemMADUAMK9udVgBAAABAAAAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431970690133,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1570,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_first_seen":1431970690133,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00480{"flow_id":248,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":190958,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"pkt":"PBXCt3IO0NQSxnP1CABFAABUAABAAEARtyXAqAEBwKgBIgA16YwAQDU7dViBgAABAAEAAAAABWU0NTkzAWcKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAsABBfOIaY="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1431970690191,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1573,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"e4593.g.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.206.33.166"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_first_seen":1431970690191,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":249,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":191533,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA15NAAEAGZ+bAqAEiF84hpshfAbtO4sWoAAAAALAC\/\/\/AXwAAAgQFtAEDAwUBAQgKPjJehwAAAAAEAgAA"}
00437{"flow_id":247,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":206670,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0CChAAHQGnfFRU02NwKgBIkTnyF6euo+HZ6uFl4AQAP85vgAAAQEICgC8Fko+Ml1S"}
00446{"flow_id":247,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":206744,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"0NQSxnP1PBXCt3IOCABFAAA4hhxAAEAGU\/nAqAEiUVNNjcheROdnq4WXnrqPh4AYECow1QAAAQEICj4yXpYAvBZKrPlLdA=="}
00448{"flow_id":249,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1577,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":235132,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADkGRn4XziGmwKgBIgG7yF8ZBQnnTuLFqaASOJBGLgAAAgQFrAQCCArsPkNyPjJehwEDAwU="}
00436{"flow_id":249,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1578,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":235236,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0z6tAAEAGb9rAqAEiF84hpshfAbtO4sWpGQUJ6IAQECydKQAAAQEICj4yXrLsPkNy"}
00666{"flow_id":249,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":235915,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbrhlAAEAGkMXAqAEiF84hpshfAbtO4sWpGQUJ6IAYECzJfgAAAQEICj4yXrLsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
-00763{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_tot_l4_data_len":315,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1579,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":4,"flow_first_seen":1431970690191,"flow_last_seen":1431970690235,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":167,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"apps.skype.com","ja3":"3d49c0a7161d6636fcb6973f14e05046","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01972{"flow_id":247,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1580,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":333177,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1190,"pkt_l4_len":1156,"pkt":"PBXCt3IO0NQSxnP1CABFAASYCC9AAHQGmYZRU02NwKgBIkTnyF6euo+HZ6uFm4AYAP9vFQAAAQEICgC8FlY+Ml6WZA1g8kk3GRuW+KdN6BJiQG9J69exPkyGs0ohXWvcAnmDzlQx3ARJW5a\/NMvmkXHzZrnkSO+cYBxS+HHmrSjMf9WXi8xCwDYqSxEsxcOXx5vfgrn3i6sOTtn+VIggdKtv8l0YwS7cBkFvJuBhz1ZB03Yelzn+JZ\/EwEhl861pnKSOIj0SlnN6Ucn6o2kFZ8MvUPzVs5akmAtSdBkw5wGbhMiPlAsgmEROrUJq8QL7cUIs5VtRE38r+u7uOSviuIKzgV45OgzuEtzVzWiqeGlboSATHAFcolwRwCJsLJ56+T5pe2irWd6YTymhpmuEJHUoOrWdA15yfKX2\/LfLr5vuv6mdQuNSEDffkAHQZOmQj4pr2wxAVUEwi0iXuSuoggqgYSMVyL\/1+EsC8Gj58\/jy6zpzZa6jLRP0FlqYD\/kc\/c1Rz\/5M7ydbSzwHlpt4RInMaFzDO9QKjtCKqJwp417ZVPnvnGODc\/9BbXUPAkG0P9ABebCPKUHek9gSIv8FrGQqd5bGAEBO6qb8iVdU9gPCC4vtzmWduKwbsf\/fUENnbDWZlDUiLst6t5OH1UlwuLbGoan8+GykB\/V5yI3\/mo0YvFhY59jFrjPg0y6ZHrZ0X9mPiCc8bpC8a+OXbuOEtwvoCadGhesO6pdBVWvhqrDdfB9YrifFI6gnnI4zDOJG6AT3gn+brq7P6qvY\/aXN0MJeSHRTO8fi4UYACLQxefEBocbn6ph1l+zzY+OU\/XCYve0HNpisxsphLsjR2ybXm5Jws6kxpr0XUMLkJIuv5wk5AJl6dYTvXtHc4EcXaawHTY8qL4aNG58iheg6Iz6k8gYyKPYm12dYc0ZMNyRAxp+26L\/HaKuFDdZAxHxK\/V1LSG54qKeG3HtEI4JDGO2jO4HKX1M+\/7X6UdODTuC6cPSCTpseicKMqzdEQ+Y7itD+RR\/IVvbHGRiBDvIPsnJNmz0Nmh+xLOHnOWaDlTC3c7idHCWcSgEy9oZsR71JjHjnb+c6joR4MalTrmmjinxHJRgAZG37paIiBxqdVUJ8z+SUf0x0hUYH5S8aq4D3xRtsoFbSymyv3ZHr+ZhpN\/7ZLdq8jzl3DAH4\/ql8jU2zPJGuj3XZ4WId\/\/Eg75ZoN\/A7z036pB5QlVZWNVzSaMDMw+GI7MxklsSJ5D9IG\/r7XTMnDOjlR52fUn4cAeII0ypdoxOrqOtfZ\/eHNjj1E7LpV1vdL9emUQR7HsYjMc6Q6nmzn\/RA4ERci2vskCRr4GvqtPGgphmNH9boDKLkX3J0Jg966lJJnjyUaDpG8W8HKl5CidnLzMlhipj71z+4P43t\/IAjaSd5SzsEWoj6KCFHaJc3UyUSnHEydmWcXflIJTTREgfPpP3SDpgorfOHczhAo7b4n75SO+z9x3297AaYh5+btRw0SkKxPkqqk1k6CCcJG59y\/fr63wHObnGNYR1h47yWAx33eRhH3LAEnm04knA\/+hCxBGyaeUj5oavl2Rif+iRPaLk="}
00449{"flow_id":241,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":333196,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8mLNAAEAGH2nAqAEiBfi63chaeSLm2Z7HnfKa24AZECiODwAAAQEICj4yXxMAAJTxinTTcj1jiGY="}
00449{"flow_id":213,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1594,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":556703,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8XFFAAEAGk8zAqAEinTfrnMhNnFpJkZ6byTsrQ4AZEChL2wAAAQEICj4yX+lMXOPPdjjDMntxC5I="}
@@ -1630,9 +1630,9 @@
00449{"flow_id":240,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":655511,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8+BJAAEAGMSbAqAEiR+4Hy8hZSU+QnysQ5ZyWQIAZECp0GQAAAQEICj4yYEsDHMmEsUo9bapdk3s="}
00449{"flow_id":244,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":729680,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8wJFAAEAGGYDAqAEiUVNNjchbROcBp2cbGMO5FYAZECk10wAAAQEICj4yYJQAvBW1LtP9fnVyMSs="}
00437{"flow_id":127,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1610,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":798430,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0kcVAADIG5SdsoKNswKgBIgG7yBaV3S6WiZUyIIAQAC5toAAAAQEICmGA7Ws+Ml\/+"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1431970690890,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_first_seen":1431970690890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":250,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1611,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":890491,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAtBpAAEAGkJfAqAEiW77YfchgMD4BM37JAAAAALAC\/\/8o9wAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1431970690890,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_first_seen":1431970690890,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":251,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1612,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":890943,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAW\/1AAEAG6RnAqAEiW77YGMhhMD6A1I6YAAAAALAC\/\/+Z6gAAAgQFtAEDAwUBAQgKPjJhMgAAAAAEAgAA"}
00437{"flow_id":250,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1614,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":943981,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0q+NAAPUG49Fbvth9wKgBIjA+yGChcdZWATN+yoASH\/5orwAAAgQFoAEDAwQBAQQC"}
00420{"flow_id":250,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970690,"pkt_ts_usec":944103,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoE35AAEAGMUzAqAEiW77YfchgMD4BM37KoXHWV1AQIACpaAAA"}
@@ -1647,7 +1647,7 @@
00446{"flow_id":251,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":2142,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA80QlAAEAGdBHAqAEiW77YGMhhMD6A1I7uSE6kloAYECnVHgAAAQEICj4yYZ8NH3Ow5U5PVEeeCZo="}
00666{"flow_id":249,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":41571,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbs\/tAAEAGiuPAqAEiF84hpshfAbtO4sWpGQUJ6IAYECzGawAAAQEICj4yYcXsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00897{"flow_id":251,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":341646,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"0NQSxnP1PBXCt3IOCABFAAGDYOdAAEAG4uzAqAEiW77YGMhhMD6A1I7uSE6kloAYECnVYgAAAQEICj4yYu4NH3Ow5U5PVEeeCZpIIwSmkpxtPWvIQ8ycvXYLJYFHzypUoxCI4WYjUn1+fD\/hEHw\/QclyzkFvzzgC+gTQISL9Gc2pOkm+7\/OxwST+HGNp1LPLG6lujGcE5Y5efc8EkFCg\/zsXT+ZIbYKWoUDRi61OdIxcs1kdUr4ZmxkOXWCJxxDN3OxiEJ+JriDCicgOMiHmUcbTyLC8iJKqBM9\/gpZEaTW\/5N20B2\/GLkJHjFFoRXE07pKWEGQgr6c6gqXuPl3DEjhJckvETpiJ8v+p0qIXRcxs1ht4ZilQkjxIw3S2cnA0p5u+lOChexJvZqWieZkgH5t1pDMw9Xuovqbllekc1lBNq\/GEGTZgDYc\/K9V5zkcHXAC0+1fMaDUI1WM4ewVb5f1GOrOQGU\/l0MoMxFG30yoODyXJi6F+eWg8shWymNPdud0cNGJaiwifLozFkaD5vlA="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1431970691351,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_first_seen":1431970691351,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":252,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":351277,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAcRRAAEAGRgjAqAEiUuBu8chil+9r2DTZAAAAALAC\/\/8RNAAAAgQFtAEDAwUBAQgKPjJi9wAAAAAEAgAA"}
00448{"flow_id":252,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":419338,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7FAAHIGWW9S4G7xwKgBIpfvyGLApWwfa9g02qASIAC5cwAAAgQFrAEDAwgEAggKAAcb7T4yYvc="}
00436{"flow_id":252,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":419442,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0AnRAAEAGtLTAqAEiUuBu8chil+9r2DTawKVsIIAQECz3yQAAAQEICj4yYzoABxvt"}
@@ -1657,7 +1657,7 @@
00448{"flow_id":252,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":490424,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8BH5AAEAGsqLAqAEiUuBu8chil+9r2DUhwKVsb4AYECngtgAAAQEICj4yY4AABxv0Y+a7tnpGfD8="}
00449{"flow_id":239,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":505158,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ic5AAEAGAXbAqAEiTKehBshYTzLHdCYHEv4ezoAYECqERgAAAQEICj4yY46+r7k1zWOVyLN8y6I="}
00430{"flow_id":250,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":584256,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"PBXCt3IO0NQSxnP1CABFCAAoq\/ZAAPUG48pbvth9wKgBIjA+yGChcdZXATN\/NVAUJeWjFAAAAAAAAAAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1431970691584,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_first_seen":1431970691584,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":253,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":584569,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+lxAAEAGSlXAqAEiW77YfchjMD4Tm3MJAAAAALAC\/\/8foQAAAgQFtAEDAwUBAQgKPjJj3QAAAAAEAgAA"}
00437{"flow_id":253,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":636628,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0Yg5AAPUGLadbvth9wKgBIjA+yGMdRKLvE5tzCoASH\/4ZmQAAAgQFoAEDAwQBAQQC"}
00421{"flow_id":253,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":636736,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAosdpAAEAGku\/AqAEiW77YfchjMD4Tm3MKHUSi8FAQIABaUgAA"}
@@ -1667,7 +1667,7 @@
00481{"flow_id":222,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":704530,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"0NQSxnP1PBXCt3IOCABFAABVQcpAAEAGrjrAqAEinTfrnMhRAbsdDAEeNXDb94AZECxBKgAAAQEICj4yZFJMXOVgRJ52DFIu7cAK7Gpc8dNzIO4YY2vVOHQu5N+2IqCrL00y"}
00492{"flow_id":221,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":704531,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"0NQSxnP1PBXCt3IOCABFAABaP+1AAEAGsBzAqAEinTfrkshQAbtIMwmq6zPtWYAZECxhYAAAAQEICj4yZFJMYODx4TzV3\/Y4WDPH3tpvaLZcP8pol15k+DSkUSs81WKefnkA99PxSe0="}
00666{"flow_id":249,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":768668,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbUz1AAEAG66HAqAEiF84hpshfAbtO4sWpGQUJ6IAYECzDngAAAQEICj4yZJLsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1431970691783,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_first_seen":1431970691783,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":254,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":783150,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA6ABAAEAGoz\/AqAEiTKehBshkTzK\/rUQGAAAAALAC\/\/\/JZwAAAgQFtAEDAwUBAQgKPjJkoAAAAAAEAgAA"}
00898{"flow_id":251,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1675,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":820992,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"0NQSxnP1PBXCt3IOCABFAAGDpfBAAEAGnePAqAEiW77YGMhhMD6A1I7uSE6kloAYECnTiwAAAQEICj4yZMUNH3Ow5U5PVEeeCZpIIwSmkpxtPWvIQ8ycvXYLJYFHzypUoxCI4WYjUn1+fD\/hEHw\/QclyzkFvzzgC+gTQISL9Gc2pOkm+7\/OxwST+HGNp1LPLG6lujGcE5Y5efc8EkFCg\/zsXT+ZIbYKWoUDRi61OdIxcs1kdUr4ZmxkOXWCJxxDN3OxiEJ+JriDCicgOMiHmUcbTyLC8iJKqBM9\/gpZEaTW\/5N20B2\/GLkJHjFFoRXE07pKWEGQgr6c6gqXuPl3DEjhJckvETpiJ8v+p0qIXRcxs1ht4ZilQkjxIw3S2cnA0p5u+lOChexJvZqWieZkgH5t1pDMw9Xuovqbllekc1lBNq\/GEGTZgDYc\/K9V5zkcHXAC0+1fMaDUI1WM4ewVb5f1GOrOQGU\/l0MoMxFG30yoODyXJi6F+eWg8shWymNPdud0cNGJaiwifLozFkaD5vlA="}
00448{"flow_id":252,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1677,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970691,"pkt_ts_usec":867151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8DntAAEAGqKXAqAEiUuBu8chil+9r2DUhwKVsb4AYECnfQwAAAQEICj4yZPMABxv0Y+a7tnpGfD8="}
@@ -1686,19 +1686,19 @@
00428{"flow_id":236,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":292545,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAug2AAAEAR1cjAqAEiUx8MrTLdXYMAGvz0faICfIT9gb6c5K1Sd5xbHa0C"}
00438{"flow_id":245,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":348752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0sHNAAHMGRc1H7gfLwKgBIklPyFwwtyQL6QVhmoAQ\/JhHTQAAAQEICgMcybA+MmVG"}
00448{"flow_id":252,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":417814,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8vvZAAEAG+CnAqAEiUuBu8chil+9r2DUhwKVsb4AYECndJwAAAQEICj4yZw8ABxv0Y+a7tnpGfD8="}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1431970692464,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.17","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_first_seen":1431970687262,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.138.161.88","src_port":13021,"dst_port":19521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_first_seen":1431970688025,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.14","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.155","src_port":13021,"dst_port":40004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.170","src_port":13021,"dst_port":40011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_first_seen":1431970688320,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.141","src_port":13021,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.173","src_port":13021,"dst_port":40012,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_first_seen":1431970682972,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.175","src_port":13021,"dst_port":40006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.157","src_port":13021,"dst_port":40013,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_first_seen":1431970683987,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.175","src_port":13021,"dst_port":40023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_first_seen":1431970684997,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.141","src_port":13021,"dst_port":40015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_first_seen":1431970692464,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":255,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1702,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":464197,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAG0ZAAEAGm9bAqAEiUuBu8chll+8qmATQAAAAALAC\/\/9+NAAAAgQFtAEDAwUBAQgKPjJnPQAAAAAEAgAA"}
00449{"flow_id":244,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1704,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":520010,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8OKtAAEAGoWbAqAEiUVNNjchbROcBp2cbGMO5FYAZECku8wAAAQEICj4yZ3QAvBW1LtP9fnVyMSs="}
00448{"flow_id":255,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1705,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":533701,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8K7ZAAHIGWWpS4G7xwKgBIpfvyGV1sVenKpgE0aASIACFcQAAAgQFrAEDAwgEAggKAAccXD4yZz0="}
@@ -1716,7 +1716,7 @@
00437{"flow_id":255,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1740,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970692,"pkt_ts_usec":939750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFAAA0K7pAAHIGWW5S4G7xwKgBIpfvyGV1sVf3KpgFLoAQAQLRlQAAAQEICgAHHIU+MmgH"}
00448{"flow_id":240,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1742,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":3083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8I9pAAEAGBV\/AqAEiR+4Hy8hZSU+QnysQ5ZyWQIAZECprGQAAAQEICj4yaUsDHMmEsUo9bapdk3s="}
00665{"flow_id":249,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1743,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":26199,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbsaRAAEAGjTrAqAEiF84hpshfAbtO4sWpGQUJ6IAYECy+zgAAAQEICj4yaWLsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1431970693196,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":1,"flow_first_seen":1431970693196,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":256,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1753,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":196942,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWFNAAEAG7F7AqAEiW77YfchmAbumoVhjAAAAALAC\/\/\/PlQAAAgQFtAEDAwUBAQgKPjJqCAAAAAAEAgAA"}
00437{"flow_id":256,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1754,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":239490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0PUNAAPUGUnJbvth9wKgBIgG7yGaCZHojpqFYZIASH\/6TZAAAAgQFoAEDAwQBAQQC"}
00420{"flow_id":256,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":239613,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoI6NAAEAGISfAqAEiW77YfchmAbumoVhkgmR6JFAQIADUHQAA"}
@@ -1735,7 +1735,7 @@
00421{"flow_id":223,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":811798,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoUttAAEAGzofAqAEiQAQXn8hSAbvNFjuOAAAAAFAEAADDwAAA"}
00898{"flow_id":251,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970693,"pkt_ts_usec":882761,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"0NQSxnP1PBXCt3IOCABFAAGDdEhAAEAGz4vAqAEiW77YGMhhMD6A1I7uSE6kloAYECnLpwAAAQEICj4ybKkNH3Ow5U5PVEeeCZpIIwSmkpxtPWvIQ8ycvXYLJYFHzypUoxCI4WYjUn1+fD\/hEHw\/QclyzkFvzzgC+gTQISL9Gc2pOkm+7\/OxwST+HGNp1LPLG6lujGcE5Y5efc8EkFCg\/zsXT+ZIbYKWoUDRi61OdIxcs1kdUr4ZmxkOXWCJxxDN3OxiEJ+JriDCicgOMiHmUcbTyLC8iJKqBM9\/gpZEaTW\/5N20B2\/GLkJHjFFoRXE07pKWEGQgr6c6gqXuPl3DEjhJckvETpiJ8v+p0qIXRcxs1ht4ZilQkjxIw3S2cnA0p5u+lOChexJvZqWieZkgH5t1pDMw9Xuovqbllekc1lBNq\/GEGTZgDYc\/K9V5zkcHXAC0+1fMaDUI1WM4ewVb5f1GOrOQGU\/l0MoMxFG30yoODyXJi6F+eWg8shWymNPdud0cNGJaiwifLozFkaD5vlA="}
00449{"flow_id":212,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1785,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970694,"pkt_ts_usec":100135,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8w2xAAEAGLLvAqAEinTfrkshMnFVVB2tZ4fDnQYAZEClH6AAAAQEICj4ybYBMYN9f7d463h6NxxM="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1431970694308,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":1,"flow_first_seen":1431970694308,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":257,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970694,"pkt_ts_usec":308651,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0wpAAEAGAQ3AqAEiUHlUXchn861MQWgbAAAAALAC\/\/+zaQAAAgQFtAEDAwUBAQgKPjJuTgAAAAAEAgAA"}
00548{"flow_id":192,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1796,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970694,"pkt_ts_usec":432341,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACDIDFAADYG2amdN+uYwKgBIgG7yErORgmIofXTDoAYAB2K1gAAAQEICkxeOfA+Mi4JFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00422{"flow_id":192,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970694,"pkt_ts_usec":432466,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo\/eBAAEAG8lTAqAEinTfrmMhKAbuh9dMOAAAAAFAEAAAmPAAA"}
@@ -1748,12 +1748,12 @@
00454{"flow_id":257,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":316316,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwedAAEAGEjDAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+vgAAAAgQFtAEDAwUBAQgKPjJyNwAAAAAEAgAA"}
00666{"flow_id":249,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":319855,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbntFAAEAGoA3AqAEiF84hpshfAbtO4sWpGQUJ6IAYECy19gAAAQEICj4ycjrsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
00449{"flow_id":213,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":408037,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8vrpAAEAGMWPAqAEinTfrnMhNnFpJkZ6byTsrQ4AZECg5MgAAAQEICj4ycpJMXOPPdjjDMntxC5I="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431970695865,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_first_seen":1431970695865,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":258,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":865959,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWQRAAEAGas3AqAEilQ0gD8hpNFCsfgF7AAAAALAC\/\/9i1QAAAgQFtAEDAwUBAQgKPjJ0WwAAAAAEAgAA"}
00449{"flow_id":244,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1818,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":883625,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8CZNAAEAG0H7AqAEiUVNNjchbROcBp2cbGMO5FYAZECkh+wAAAQEICj4ydGwAvBW1LtP9fnVyMSs="}
00449{"flow_id":258,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":908819,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGm+xiHqrH4BfKASOJCW7wAAAgQFrAQCCAo\/i4QRPjJ0WwEDAwk="}
00437{"flow_id":258,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1820,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":908926,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0yZ5AAEAG+j7AqAEilQ0gD8hpNFCsfgF8vsYh64AQECzt7wAAAQEICj4ydIU\/i4QR"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431970695909,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_first_seen":1431970695909,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":259,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1821,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":909168,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2LhAAEAG+17AqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/uVQAAAgQFtAEDAwUBAQgKPjJ0hQAAAAAEAgAA"}
00567{"flow_id":258,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1822,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":909726,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"0NQSxnP1PBXCt3IOCABFAACRUHNAAEAGcw3AqAEilQ0gD8hpNFCsfgF8vsYh64AYECyGGgAAAQEICj4ydIU\/i4QRsKu\/G+vqC8jfQ+HvwIDojVtELMrVHx8SlS274+GELEv8Mx\/sOIHL5wpScJG7+8RtU+g5Fg90VYKLwDGux8zNmsOYKUZ\/JEWy+3Ah3jd8vcozSBl279Q14msgEQ6n"}
00436{"flow_id":258,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1823,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970695,"pkt_ts_usec":953433,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA0pfdAADUGKN6VDSAPwKgBIjRQyGm+xiHrrH4B2YAQAB39lgAAAQEICj+LhBw+MnSF"}
@@ -1780,11 +1780,11 @@
00429{"flow_id":235,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":334882,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+HkAAEARZmnAqAEirjGr4DLdfQsAGpXefcACJf2u8qgkatcYbdd0gE\/+"}
00430{"flow_id":236,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":334945,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAuk3UAAEARxbPAqAEiUx8MrTLdXYMAGjJQfcIC\/PmkO\/ZLL41O1l2CVTPo"}
00449{"flow_id":240,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":450488,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8FglAAEAGEzDAqAEiR+4Hy8hZSU+QnysQ5ZyWQIAZECpZ4AAAAQEICj4yeoQDHMmEsUo9bapdk3s="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431970697478,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_first_seen":1431970697478,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":260,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":478490,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/r1AAEAGxRPAqAEilQ0gD8hrNFBkkG+ZAAAAALAC\/\/82XwAAAgQFtAEDAwUBAQgKPjJ6nwAAAAAEAgAA"}
00449{"flow_id":260,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":521865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyGvw2U4ZZJBvmqASOJDuMgAAAgQFrAQCCAo\/iaIXPjJ6nwEDAwk="}
00437{"flow_id":260,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":522012,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA05GtAAEAG33HAqAEilQ0gD8hrNFBkkG+a8NlOGoAQECxFMgAAAQEICj4yeso\/iaIX"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431970697522,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_first_seen":1431970697522,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":261,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":522139,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJ8VAAEAGrFLAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9fxAAAAgQFtAEDAwUBAQgKPjJ6ygAAAAAEAgAA"}
00445{"flow_id":260,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":522232,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"0NQSxnP1PBXCt3IOCABFAAA5lcVAAEAGLhPAqAEilQ0gD8hrNFBkkG+a8NlOGoAYECwuIgAAAQEICj4yeso\/iaIXFgMBAAA="}
00436{"flow_id":260,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970697,"pkt_ts_usec":566374,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"PBXCt3IO0NQSxnP1CABFCAA07DtAADUG4pmVDSAPwKgBIjRQyGvw2U4aZJBvn4AQAB1VMQAAAQEICj+JoiI+MnrK"}
@@ -1805,7 +1805,7 @@
00450{"flow_id":258,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":355827,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8jh9AAEAGNbbAqAEilQ0gD8hpNFCsfgHZvsYiKIAZECpdXAAAAQEICj4yfgc\/i4QdlEVm+IpzAKs="}
00455{"flow_id":261,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1878,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":527984,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIalAAEAGsm7AqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9b2wAAAgQFtAEDAwUBAQgKPjJ+swAAAAAEAgAA"}
00667{"flow_id":249,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1879,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":608177,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"0NQSxnP1PBXCt3IOCABFAADbYshAAEAG3BbAqAEiF84hpshfAbtO4sWpGQUJ6IAZECypLAAAAQEICj4yfwPsPkNyFgMBAKIBAACeAwFVWiOCVbYrRciiFbDPyo4FvK6EfrMUp8GvYuL\/j8yxbgAATAD\/VgDAJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAAApAAAAEwARAAAOYXBwcy5za3lwZS5jb20ACgAIAAYAFwAYABkACwACAQA="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1431970698661,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_first_seen":1431970698661,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":262,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":661976,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAL8NAAEAGlA7AqAEilQ0gD8htNFBZKlAPAAAAALAC\/\/9ctAAAAgQFtAEDAwUBAQgKPjJ\/OAAAAAAEAgAA"}
00450{"flow_id":262,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":714556,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyG0MzUGLWSpQEKASOJAD+QAAAgQFrAQCCAo\/iaNBPjJ\/OAEDAwk="}
00437{"flow_id":262,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970698,"pkt_ts_usec":714662,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0OGtAAEAGi3LAqAEilQ0gD8htNFBZKlAQDM1BjIAQECxa7wAAAQEICj4yf2w\/iaNB"}
@@ -1820,7 +1820,7 @@
00898{"flow_id":251,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":485984,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"0NQSxnP1PBXCt3IOCABFAAGD38ZAAEAGZA3AqAEiW77YGMhhMD6A1I7uSE6kloAYECm15QAAAQEICj4ygmsNH3Ow5U5PVEeeCZpIIwSmkpxtPWvIQ8ycvXYLJYFHzypUoxCI4WYjUn1+fD\/hEHw\/QclyzkFvzzgC+gTQISL9Gc2pOkm+7\/OxwST+HGNp1LPLG6lujGcE5Y5efc8EkFCg\/zsXT+ZIbYKWoUDRi61OdIxcs1kdUr4ZmxkOXWCJxxDN3OxiEJ+JriDCicgOMiHmUcbTyLC8iJKqBM9\/gpZEaTW\/5N20B2\/GLkJHjFFoRXE07pKWEGQgr6c6gqXuPl3DEjhJckvETpiJ8v+p0qIXRcxs1ht4ZilQkjxIw3S2cnA0p5u+lOChexJvZqWieZkgH5t1pDMw9Xuovqbllekc1lBNq\/GEGTZgDYc\/K9V5zkcHXAC0+1fMaDUI1WM4ewVb5f1GOrOQGU\/l0MoMxFG30yoODyXJi6F+eWg8shWymNPdud0cNGJaiwifLozFkaD5vlA="}
00456{"flow_id":261,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":535186,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA1tBAAEAG\/UbAqAEiUHlUXchsAbvYtBS\/AAAAALAC\/\/9X8gAAAgQFtAEDAwUBAQgKPjKCnAAAAAAEAgAA"}
00451{"flow_id":262,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":563607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8XNZAAEAGZv\/AqAEilQ0gD8htNFBZKlBIDM1B14AYECmxhgAAAQEICj4ygrc\/iaNOv+3qnuBIGqs="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1431970699896,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_first_seen":1431970699896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":263,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":896876,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAq+JAAEAGjwvAqAEiXU\/gsMhvOKrhhkW1AAAAALAC\/\/9MqQAAAgQFtAEDAwUBAQgKPjKEAQAAAAAEAgAA"}
00455{"flow_id":259,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":935211,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAJVVAAEAGrsLAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/eswAAAgQFtAEDAwUBAQgKPjKEJwAAAAAEAgAA"}
00448{"flow_id":263,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970699,"pkt_ts_usec":988047,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADYGRPJdT+CwwKgBIjiqyG99aSIL4YZFtqASOJC3HAAAAgQFrAQCCAoANM5PPjKEAQEDAwU="}
@@ -1831,7 +1831,7 @@
00438{"flow_id":263,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1913,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":104247,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0\/fBAAEAGPQnAqAEiXU\/gsMhvOKrhhkX0fWkiXIAQECkMzgAAAQEICj4yhM8ANM5r"}
00449{"flow_id":263,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1914,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":104823,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8kO5AAEAGqgPAqAEiXU\/gsMhvOKrhhkX0fWkiXIAYECmYdQAAAQEICj4yhM8ANM5rAJngurdz24A="}
00450{"flow_id":258,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1916,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":265620,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8nnRAAEAGJWHAqAEilQ0gD8hpNFCsfgHZvsYiKIAZECpV8wAAAQEICj4yhXA\/i4QdlEVm+IpzAKs="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431970700273,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_first_seen":1431970700273,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":264,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1917,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":273545,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXG9AAEAGZ2LAqAEilQ0gD8hwNFCdm737AAAAALAC\/\/+kFAAAAgQFtAEDAwUBAQgKPjKFdwAAAAAEAgAA"}
00450{"flow_id":262,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1918,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":289747,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8sn1AAEAGEVjAqAEilQ0gD8htNFBZKlBIDM1B14AYECmutgAAAQEICj4yhYc\/iaNOv+3qnuBIGqs="}
00450{"flow_id":264,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":316427,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHC8tiDYnZu9\/KASOJDXAgAAAgQFrAQCCAo\/i4hfPjKFdwEDAwk="}
@@ -1859,9 +1859,9 @@
00455{"flow_id":259,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970700,"pkt_ts_usec":948879,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAA35AAEAG0JnAqAEiUHlUXchq861iaxDLAAAAALAC\/\/\/aywAAAgQFtAEDAwUBAQgKPjKIDwAAAAAEAgAA"}
00450{"flow_id":263,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1955,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":206189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8wOpAAEAGegfAqAEiXU\/gsMhvOKrhhkX0fWkiXIAYECmUNQAAAQEICj4yiQ8ANM5rAJngurdz24A="}
00454{"flow_id":257,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1956,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":362456,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAUqNAAEAGgXTAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+YDAAAAgQFtAEDAwUBAQgKPjKJqwAAAAAEAgAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1431970701461,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_first_seen":1431970701461,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":265,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1957,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":461042,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABABNpAAEAGl07AqAEi1KEIJMhxNFBceQzyAAAAALAC\/\/9qAAAAAgQFtAEDAwUBAQgKPjKKDQAAAAAEAgAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1431970701508,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_first_seen":1431970701508,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":266,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1958,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":508822,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA+6xAAEAGP0HAqAEiXU\/gsMhyOKrDZAILAAAAALAC\/\/+oNwAAAgQFtAEDAwUBAQgKPjKKPAAAAAAEAgAA"}
00449{"flow_id":265,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1959,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":535646,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHGqbrB+XHkM86ASOJCJjwAAAgQFrAQCCAo\/pB5HPjKKDQEDAwk="}
00437{"flow_id":265,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970701,"pkt_ts_usec":535752,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0GjJAAEAGggLAqAEi1KEIJMhxNFBceQzzqm6wf4AQECzgbwAAAQEICj4yilc\/pB5H"}
@@ -1906,7 +1906,7 @@
00450{"flow_id":265,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2009,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970702,"pkt_ts_usec":582271,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ikZAAEAGEebAqAEi1KEIJMhxNFBceQ04qm6w0IAYEClzUQAAAQEICj4yjl8\/pB5axn8ujwJhcPA="}
00450{"flow_id":258,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2012,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970702,"pkt_ts_usec":864651,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8LxBAAEAGlMXAqAEilQ0gD8hpNFCsfgHZvsYiKIAZECpL6wAAAQEICj4yj3g\/i4QdlEVm+IpzAKs="}
00448{"flow_id":241,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":61838,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8CwxAAEAGrRDAqAEiBfi63chaeSLm2Z7HnfKa24AZEChc5gAAAQEICj4ykDwAAJTxinTTcj1jiGY="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1431970703073,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_first_seen":1431970703073,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":267,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2016,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":73232,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA2zBAAEAGwPfAqAEi1KEIJMhzNFD26tn9AAAAALAC\/\/\/8RgAAAgQFtAEDAwUBAQgKPjKQRwAAAAAEAgAA"}
00450{"flow_id":267,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":145740,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHPVGwsc9urZ\/qASOJBaugAAAgQFrAQCCAo\/nFogPjKQRwEDAwk="}
00437{"flow_id":267,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":145844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0QUdAAEAGWu3AqAEi1KEIJMhzNFD26tn+1RsLHYAQECyxnAAAAQEICj4ykI8\/nFog"}
@@ -1930,7 +1930,7 @@
00549{"flow_id":178,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":649581,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":145,"pkt_l4_len":111,"pkt":"PBXCt3IO0NQSxnP1CABFAACD5dVAADcG4eVv3UoSwKgBIgG7yEQiaEt5jx1l1IAYAB2\/zAAAAQEICk12y4A+Mh9RFgMBAEoCAABGAwFAG+SGAq3gKeF3dOVEucmctDExXgLdd50VSpYJul2ocCAcoOT2TGNRri+OTuHmdmoKiNXYxVyumMXkgfIqab+QWAAFAA=="}
00421{"flow_id":178,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2050,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":649700,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"0NQSxnP1PBXCt3IOCABFAAAo3TpAAEAG4dvAqAEib91KEshEAbuPHWXUAAAAAFAEAAB1NQAA"}
00450{"flow_id":262,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2053,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970703,"pkt_ts_usec":852286,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA84nxAAEAG4VjAqAEilQ0gD8htNFBZKlBIDM1B14AZECmg9AAAAQEICj4yk0g\/iaNOv+3qnuBIGqs="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431970704329,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_first_seen":1431970704329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":268,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2056,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970704,"pkt_ts_usec":329249,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAHThAAEAGppnAqAEilQ0gD8h0NFB7qA8CAAAAALAC\/\/9lUQAAAgQFtAEDAwUBAQgKPjKVIwAAAAAEAgAA"}
00450{"flow_id":268,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970704,"pkt_ts_usec":371172,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHQNAtU7e6gPA6ASOJA1ewAAAgQFrAQCCAo\/gOZ\/PjKVIwEDAwk="}
00438{"flow_id":268,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2058,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970704,"pkt_ts_usec":371294,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0+SJAAEAGyrrAqAEilQ0gD8h0NFB7qA8DDQLVPIAQECyMewAAAQEICj4ylU0\/gOZ\/"}
@@ -1946,7 +1946,7 @@
00450{"flow_id":265,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2071,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":236057,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8gV9AAEAGGs3AqAEi1KEIJMhxNFBceQ04qm6w0IAZEClpBwAAAQEICj4ymKg\/pB5axn8ujwJhcPA="}
00898{"flow_id":251,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":762603,"pkt_caplen":401,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":401,"pkt_l4_len":367,"pkt":"0NQSxnP1PBXCt3IOCABFAAGDuwBAAEAGiNPAqAEiW77YGMhhMD6A1I7uSE6kloAYECmdnQAAAQEICj4ymrMNH3Ow5U5PVEeeCZpIIwSmkpxtPWvIQ8ycvXYLJYFHzypUoxCI4WYjUn1+fD\/hEHw\/QclyzkFvzzgC+gTQISL9Gc2pOkm+7\/OxwST+HGNp1LPLG6lujGcE5Y5efc8EkFCg\/zsXT+ZIbYKWoUDRi61OdIxcs1kdUr4ZmxkOXWCJxxDN3OxiEJ+JriDCicgOMiHmUcbTyLC8iJKqBM9\/gpZEaTW\/5N20B2\/GLkJHjFFoRXE07pKWEGQgr6c6gqXuPl3DEjhJckvETpiJ8v+p0qIXRcxs1ht4ZilQkjxIw3S2cnA0p5u+lOChexJvZqWieZkgH5t1pDMw9Xuovqbllekc1lBNq\/GEGTZgDYc\/K9V5zkcHXAC0+1fMaDUI1WM4ewVb5f1GOrOQGU\/l0MoMxFG30yoODyXJi6F+eWg8shWymNPdud0cNGJaiwifLozFkaD5vlA="}
00450{"flow_id":268,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":769505,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA89YZAAEAGzk7AqAEilQ0gD8h0NFB7qA9PDQLVqIAYEChZdgAAAQEICj4ymrk\/gOaLNT3NT3k1sQY="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1431970705942,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_first_seen":1431970705942,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":269,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2081,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":942081,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAIgJAAEAGoc\/AqAEilQ0gD8h1NFDRK91BAAAAALAC\/\/87SwAAAgQFtAEDAwUBAQgKPjKbZQAAAAAEAgAA"}
00449{"flow_id":269,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2082,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":984189,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFCAA8AABAADUGzs2VDSAPwKgBIjRQyHXO868x0SvdQqASOJBt+QAAAgQFrAQCCAo\/gOgTPjKbZQEDAwk="}
00437{"flow_id":269,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2083,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970705,"pkt_ts_usec":984294,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0iDxAAEAGO6HAqAEilQ0gD8h1NFDRK91CzvOvMoAQECzE+QAAAQEICj4ym48\/gOgT"}
@@ -1972,7 +1972,7 @@
00509{"flow_id":240,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970706,"pkt_ts_usec":351735,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"pkt":"PBXCt3IO0NQSxnP1CABFAABmsrFAAHMGQ11H7gfLwKgBIklPyFnlnJZIkJ8rGYAZ\/6JyXQAAAQEICgMcyjs+MpwsZBZO\/lnBnsg0dCVQeqMbFcMi5x2cxvVY3grUM9xFR9ksPv3jFA1FPSSFtIV0qkuTN3I="}
00450{"flow_id":268,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2114,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970706,"pkt_ts_usec":824882,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8jcNAAEAGNhLAqAEilQ0gD8h0NFB7qA9PDQLVqIAZEChVXAAAAQEICj4yntI\/gOaLNT3NT3k1sQY="}
00451{"flow_id":262,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2115,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970706,"pkt_ts_usec":984168,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA86IVAAEAG20\/AqAEilQ0gD8htNFBZKlBIDM1B14AZECmUywAAAQEICj4yn3E\/iaNOv+3qnuBIGqs="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1431970707102,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_first_seen":1431970707102,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":270,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2116,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":102885,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABA\/2lAAEAGnL7AqAEi1KEIJMh2NFCv5GiXAAAAALAC\/\/+lEAAAAgQFtAEDAwUBAQgKPjKf5wAAAAAEAgAA"}
00449{"flow_id":270,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2117,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":176073,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"PBXCt3IO0NQSxnP1CABFAAA8AABAADQGqCzUoQgkwKgBIjRQyHapD3vnr+RomKASOJCFFQAAAgQFrAQCCAo\/p5PEPjKf5wEDAwk="}
00437{"flow_id":270,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2118,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":176148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0qAZAAEAG9C3AqAEi1KEIJMh2NFCv5GiYqQ976IAQECzb9gAAAQEICj4yoDA\/p5PE"}
@@ -1984,197 +1984,197 @@
00429{"flow_id":235,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2124,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":409651,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAunF8AAEARwoPAqAEirjGr4DLdfQsAGuvkfc8CwbP5+\/0XaLBIocIya3up"}
00428{"flow_id":236,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2125,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":409651,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu7o0AAEARapvAqAEiUx8MrTLdXYMAGunwfdECOswvcOuv5soiKh7QcjIR"}
00450{"flow_id":270,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2126,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":636184,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA86y5AAEAGsP3AqAEi1KEIJMh2NFCv5GjhqQ98OIAYECmm\/QAAAQEICj4yofo\/p5PX6wz3Jw7OQXM="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":271,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970707,"pkt_ts_usec":911507,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+nsAAEAR9XPAqAEihexDGTLdwCsAGiMOfdMCo1rvIegrMqRysYXm5vlz"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00540{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"proto":"Skype.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00450{"flow_id":270,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2132,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970708,"pkt_ts_usec":204706,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8ct5AAEAGKU7AqAEi1KEIJMh2NFCv5GjhqQ98OIAYECmkxgAAAQEICj4ypDE\/p5PX6wz3Jw7OQXM="}
00451{"flow_id":263,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2134,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970708,"pkt_ts_usec":272876,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8xlJAAEAGdJ\/AqAEiXU\/gsMhvOKrhhkX0fWkiXIAZECl4zgAAAQEICj4ypHUANM5rAJngurdz24A="}
00450{"flow_id":265,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2144,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970708,"pkt_ts_usec":429074,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA84MtAAEAGu2DAqAEi1KEIJMhxNFBceQ04qm6w0IAZEClcngAAAQEICj4ypRE\/pB5axn8ujwJhcPA="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":272,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970708,"pkt_ts_usec":715662,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"}
00450{"flow_id":268,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431970708,"pkt_ts_usec":726988,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"0NQSxnP1PBXCt3IOCABFAAA8s5VAAEAGEEDAqAEilQ0gD8h0NFB7qA9PDQLVqIAZEChN9AAAAQEICj4ypjo\/gOaLNT3NT3k1sQY="}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_tot_l4_data_len":897,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_tot_l4_data_len":897,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_tot_l4_data_len":887,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_tot_l4_data_len":887,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_tot_l4_data_len":777,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_tot_l4_data_len":777,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_tot_l4_data_len":727,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_tot_l4_data_len":26,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_tot_l4_data_len":791,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_tot_l4_data_len":791,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":1431970635489,"flow_last_seen":1431970690062,"flow_tot_l4_data_len":2957,"flow_min_l4_data_len":20,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_tot_l4_data_len":3884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_tot_l4_data_len":3884,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_tot_l4_data_len":1740,"flow_min_l4_data_len":32,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_tot_l4_data_len":846,"flow_min_l4_data_len":32,"flow_max_l4_data_len":245,"flow_avg_l4_data_len":105,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_tot_l4_data_len":658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_tot_l4_data_len":658,"flow_min_l4_data_len":32,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_tot_l4_data_len":1379,"flow_min_l4_data_len":32,"flow_max_l4_data_len":355,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_tot_l4_data_len":1379,"flow_min_l4_data_len":32,"flow_max_l4_data_len":355,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_tot_l4_data_len":716,"flow_min_l4_data_len":20,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_tot_l4_data_len":716,"flow_min_l4_data_len":20,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_tot_l4_data_len":3975,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1156,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_tot_l4_data_len":3975,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1156,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_tot_l4_data_len":674,"flow_min_l4_data_len":32,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_tot_l4_data_len":674,"flow_min_l4_data_len":32,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":32,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":32,"flow_max_l4_data_len":93,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_tot_l4_data_len":747,"flow_min_l4_data_len":20,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_tot_l4_data_len":709,"flow_min_l4_data_len":20,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_tot_l4_data_len":709,"flow_min_l4_data_len":20,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_tot_l4_data_len":304,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_tot_l4_data_len":1023,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_tot_l4_data_len":1128,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_tot_l4_data_len":1128,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_tot_l4_data_len":878,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_tot_l4_data_len":878,"flow_min_l4_data_len":20,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_tot_l4_data_len":1074,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_tot_l4_data_len":1074,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_tot_l4_data_len":3225,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_tot_l4_data_len":3225,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1056,"flow_avg_l4_data_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_tot_l4_data_len":1004,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_tot_l4_data_len":1004,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_tot_l4_data_len":1059,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_tot_l4_data_len":1059,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_tot_l4_data_len":130,"flow_min_l4_data_len":26,"flow_max_l4_data_len":26,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_tot_l4_data_len":1010,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_tot_l4_data_len":905,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_tot_l4_data_len":905,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_tot_l4_data_len":1087,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_tot_l4_data_len":1087,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_tot_l4_data_len":905,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_tot_l4_data_len":905,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_tot_l4_data_len":713,"flow_min_l4_data_len":20,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_tot_l4_data_len":713,"flow_min_l4_data_len":20,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":58,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_tot_l4_data_len":442,"flow_min_l4_data_len":58,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_tot_l4_data_len":384,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_tot_l4_data_len":364,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_tot_l4_data_len":694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":109,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_tot_l4_data_len":740,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_tot_l4_data_len":740,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_tot_l4_data_len":83849,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":421,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_tot_l4_data_len":83849,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":421,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":13,"flow_first_seen":1431970672330,"flow_last_seen":1431970689889,"flow_tot_l4_data_len":643,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":13,"flow_first_seen":1431970672330,"flow_last_seen":1431970689889,"flow_tot_l4_data_len":643,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_tot_l4_data_len":2718,"flow_min_l4_data_len":32,"flow_max_l4_data_len":986,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_tot_l4_data_len":2718,"flow_min_l4_data_len":32,"flow_max_l4_data_len":986,"flow_avg_l4_data_len":339,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_tot_l4_data_len":814,"flow_min_l4_data_len":32,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_tot_l4_data_len":814,"flow_min_l4_data_len":32,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_tot_l4_data_len":16609,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":638,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_tot_l4_data_len":16609,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":638,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_tot_l4_data_len":687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_tot_l4_data_len":687,"flow_min_l4_data_len":32,"flow_max_l4_data_len":107,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_tot_l4_data_len":14786,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":591,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_tot_l4_data_len":14786,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":591,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_tot_l4_data_len":700,"flow_min_l4_data_len":32,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_tot_l4_data_len":700,"flow_min_l4_data_len":32,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_tot_l4_data_len":5516,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_tot_l4_data_len":5516,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_tot_l4_data_len":199,"flow_min_l4_data_len":67,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_tot_l4_data_len":169855,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":488,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_tot_l4_data_len":715,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_tot_l4_data_len":952,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_tot_l4_data_len":952,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":48,"flow_max_l4_data_len":64,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_tot_l4_data_len":12178,"flow_min_l4_data_len":293,"flow_max_l4_data_len":371,"flow_avg_l4_data_len":338,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_tot_l4_data_len":763,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_tot_l4_data_len":763,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_tot_l4_data_len":273,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_tot_l4_data_len":273,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_tot_l4_data_len":836,"flow_min_l4_data_len":20,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_tot_l4_data_len":836,"flow_min_l4_data_len":20,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_tot_l4_data_len":746,"flow_min_l4_data_len":20,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_tot_l4_data_len":746,"flow_min_l4_data_len":20,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_tot_l4_data_len":738,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_tot_l4_data_len":738,"flow_min_l4_data_len":20,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_tot_l4_data_len":808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_tot_l4_data_len":808,"flow_min_l4_data_len":20,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_tot_l4_data_len":751,"flow_min_l4_data_len":20,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_tot_l4_data_len":751,"flow_min_l4_data_len":20,"flow_max_l4_data_len":100,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_tot_l4_data_len":789,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_tot_l4_data_len":789,"flow_min_l4_data_len":20,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_tot_l4_data_len":848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_tot_l4_data_len":848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_tot_l4_data_len":844,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_tot_l4_data_len":844,"flow_min_l4_data_len":20,"flow_max_l4_data_len":128,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706168,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_tot_l4_data_len":839,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_tot_l4_data_len":839,"flow_min_l4_data_len":20,"flow_max_l4_data_len":130,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_tot_l4_data_len":385,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":54,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_tot_l4_data_len":742,"flow_min_l4_data_len":20,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_tot_l4_data_len":742,"flow_min_l4_data_len":20,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_tot_l4_data_len":721,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_tot_l4_data_len":264,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_tot_l4_data_len":16919,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_tot_l4_data_len":16919,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":222,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_tot_l4_data_len":376,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_tot_l4_data_len":956,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_tot_l4_data_len":956,"flow_min_l4_data_len":20,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_tot_l4_data_len":815,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_tot_l4_data_len":815,"flow_min_l4_data_len":20,"flow_max_l4_data_len":111,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_tot_l4_data_len":666,"flow_min_l4_data_len":32,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_tot_l4_data_len":666,"flow_min_l4_data_len":32,"flow_max_l4_data_len":113,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_tot_l4_data_len":11502,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_tot_l4_data_len":11502,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":32,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_tot_l4_data_len":517,"flow_min_l4_data_len":32,"flow_max_l4_data_len":112,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_tot_l4_data_len":301,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":140,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_tot_l4_data_len":748,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_tot_l4_data_len":748,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_tot_l4_data_len":207,"flow_min_l4_data_len":20,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_tot_l4_data_len":161,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_tot_l4_data_len":263,"flow_min_l4_data_len":20,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_tot_l4_data_len":3022,"flow_min_l4_data_len":32,"flow_max_l4_data_len":367,"flow_avg_l4_data_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_tot_l4_data_len":3022,"flow_min_l4_data_len":32,"flow_max_l4_data_len":367,"flow_avg_l4_data_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_tot_l4_data_len":266,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_tot_l4_data_len":266,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":24,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":14,"flow_first_seen":1431970651380,"flow_last_seen":1431970679567,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":441,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":14,"flow_first_seen":1431970659480,"flow_last_seen":1431970693361,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":431,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51250,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":14,"flow_first_seen":1431970668514,"flow_last_seen":1431970696319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":321,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":14,"flow_first_seen":1431970673563,"flow_last_seen":1431970703649,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":19,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.18","src_port":51268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":3,"flow_first_seen":1431970684583,"flow_last_seen":1431970684880,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51283,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_first_seen":1431970707911,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":61095,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":5,"flow_first_seen":1431970687262,"flow_last_seen":1431970707409,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"83.31.12.173","src_port":13021,"dst_port":23939,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":7,"flow_first_seen":1431970634729,"flow_last_seen":1431970661287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59113,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":17,"flow_first_seen":1431970687670,"flow_last_seen":1431970706351,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":235,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51289,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":17,"flow_first_seen":1431970635489,"flow_last_seen":1431970690062,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":2405,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51231,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":30,"flow_first_seen":1431970688781,"flow_last_seen":1431970693454,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"71.238.7.203","src_port":51292,"dst_port":18767,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55028,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":12,"flow_first_seen":1431970690191,"flow_last_seen":1431970705014,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":1336,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"23.206.33.166","src_port":51295,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1431970636044,"flow_last_seen":1431970646741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":1,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":6,"flow_first_seen":1431970686843,"flow_last_seen":1431970687201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694737,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63342,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":14,"flow_first_seen":1431970699896,"flow_last_seen":1431970708272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51311,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":20,"flow_first_seen":1431970701508,"flow_last_seen":1431970702603,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":323,"flow_tot_l4_payload_len":719,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"93.79.224.176","src_port":51314,"dst_port":14506,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":256,"flow_packet_id":10,"flow_first_seen":1431970693196,"flow_last_seen":1431970706224,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51302,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":15,"flow_first_seen":1431970688560,"flow_last_seen":1431970700671,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51291,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":33,"flow_first_seen":1431970689672,"flow_last_seen":1431970694329,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1124,"flow_tot_l4_payload_len":2899,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":14,"flow_first_seen":1431970691351,"flow_last_seen":1431970701913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51298,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":18,"flow_first_seen":1431970692464,"flow_last_seen":1431970694362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"82.224.110.241","src_port":51301,"dst_port":38895,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":4,"flow_first_seen":1431970685839,"flow_last_seen":1431970687668,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":16,"flow_first_seen":1431970659834,"flow_last_seen":1431970689548,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51251,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":15,"flow_first_seen":1431970682971,"flow_last_seen":1431970692227,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51278,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1431970635325,"flow_last_seen":1431970688837,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":240,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":15,"flow_first_seen":1431970651380,"flow_last_seen":1431970670192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51239,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":7,"flow_first_seen":1431970634731,"flow_last_seen":1431970661287,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":53372,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":17,"flow_first_seen":1431970651380,"flow_last_seen":1431970679713,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":576,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51238,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":18,"flow_first_seen":1431970687670,"flow_last_seen":1431970703163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":290,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51290,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":15,"flow_first_seen":1431970652388,"flow_last_seen":1431970670585,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":586,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51241,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":20,"flow_first_seen":1431970688782,"flow_last_seen":1431970692885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1024,"flow_tot_l4_payload_len":2561,"flow_avg_l4_payload_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"5.248.186.221","src_port":51293,"dst_port":31010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":15,"flow_first_seen":1431970668514,"flow_last_seen":1431970686964,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":15,"flow_first_seen":1431970668515,"flow_last_seen":1431970686367,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":571,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51261,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":5,"flow_first_seen":1431970687261,"flow_last_seen":1431970707409,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"174.49.171.224","src_port":13021,"dst_port":32011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":15,"flow_first_seen":1431970677603,"flow_last_seen":1431970694432,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702158,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":15,"flow_first_seen":1431970684583,"flow_last_seen":1431970702162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51281,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1431970635433,"flow_last_seen":1431970635489,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":63661,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":16,"flow_first_seen":1431970668515,"flow_last_seen":1431970693321,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":567,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":15,"flow_first_seen":1431970675578,"flow_last_seen":1431970692134,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":16,"flow_first_seen":1431970649777,"flow_last_seen":1431970678255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.45","src_port":51236,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1431970642412,"flow_last_seen":1431970643680,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":229,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":7,"flow_first_seen":1431970642408,"flow_last_seen":1431970643670,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1431970642417,"flow_last_seen":1431970643676,"flow_min_l4_payload_len":184,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.34","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1431970642414,"flow_last_seen":1431970643673,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":348,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1431970643964,"flow_last_seen":1431970644121,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c62c:3ff:fe06:49fe","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":16,"flow_first_seen":1431970666902,"flow_last_seen":1431970694879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":77,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":7,"flow_first_seen":1431970634730,"flow_last_seen":1431970661287,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57592,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":16,"flow_first_seen":1431970657867,"flow_last_seen":1431970685617,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":220,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.175","src_port":51248,"dst_port":40030,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":199,"flow_first_seen":1431970682971,"flow_last_seen":1431970705724,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":77329,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":13,"flow_first_seen":1431970672330,"flow_last_seen":1431970689889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":13,"flow_first_seen":1431970672330,"flow_last_seen":1431970689889,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"111.221.74.18","dst_ip":"192.168.1.34","src_port":40025,"dst_port":51267,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":58061,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":8,"flow_first_seen":1431970660159,"flow_last_seen":1431970690798,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":954,"flow_tot_l4_payload_len":2462,"flow_avg_l4_payload_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"108.160.163.108","dst_ip":"192.168.1.34","src_port":443,"dst_port":51222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":18,"flow_first_seen":1431970695865,"flow_last_seen":1431970707876,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":26,"flow_first_seen":1431970697478,"flow_last_seen":1431970707879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15769,"flow_avg_l4_payload_len":606,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51307,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":15,"flow_first_seen":1431970698661,"flow_last_seen":1431970706984,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51309,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":25,"flow_first_seen":1431970700273,"flow_last_seen":1431970706319,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":13978,"flow_avg_l4_payload_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51312,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":14,"flow_first_seen":1431970704329,"flow_last_seen":1431970708726,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":232,"flow_avg_l4_payload_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51316,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":20,"flow_first_seen":1431970705942,"flow_last_seen":1431970706101,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4880,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51317,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1431970634669,"flow_last_seen":1431970634723,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":57694,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":348,"flow_first_seen":1431970634729,"flow_last_seen":1431970685945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":158703,"flow_avg_l4_payload_len":456,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":13,"flow_first_seen":1431970636340,"flow_last_seen":1431970655127,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":291,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51232,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":14,"flow_first_seen":1431970657448,"flow_last_seen":1431970689704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":496,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51247,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":2,"flow_first_seen":1431970690133,"flow_last_seen":1431970690190,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":7,"flow_first_seen":1431970636301,"flow_last_seen":1431970662705,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":51753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":7,"flow_first_seen":1431970670304,"flow_last_seen":1431970696803,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":55866,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":36,"flow_first_seen":1431970648367,"flow_last_seen":1431970708411,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":363,"flow_tot_l4_payload_len":11890,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":6,"flow_first_seen":1431970697522,"flow_last_seen":1431970702574,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":17,"flow_first_seen":1431970649777,"flow_last_seen":1431970674421,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.45","src_port":51235,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":7,"flow_first_seen":1431970634591,"flow_last_seen":1431970661089,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49864,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1431970634589,"flow_last_seen":1431970661089,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64240,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1431970649777,"flow_last_seen":1431970680320,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.147","src_port":51234,"dst_port":40001,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":7,"flow_first_seen":1431970668278,"flow_last_seen":1431970694738,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64258,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00513{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":17,"flow_first_seen":1431970650785,"flow_last_seen":1431970683130,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":78,"flow_tot_l4_payload_len":194,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.176","src_port":51237,"dst_port":40022,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":17,"flow_first_seen":1431970666902,"flow_last_seen":1431970699651,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00515{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":18,"flow_first_seen":1431970666903,"flow_last_seen":1431970694442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.170","src_port":51257,"dst_port":40032,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970700372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.146","src_port":51276,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":17,"flow_first_seen":1431970675992,"flow_last_seen":1431970693146,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":92,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.152","src_port":51272,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00515{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":17,"flow_first_seen":1431970682971,"flow_last_seen":1431970695489,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":296,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.156","src_port":51277,"dst_port":40026,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":4,"flow_first_seen":1431970685835,"flow_last_seen":1431970687666,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":59052,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00515{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":19,"flow_first_seen":1431970666903,"flow_last_seen":1431970694687,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.176","src_port":51258,"dst_port":40021,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706168,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64364,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00515{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":19,"flow_first_seen":1431970673966,"flow_last_seen":1431970700297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.175","src_port":51269,"dst_port":40029,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":7,"flow_first_seen":1431970636300,"flow_last_seen":1431970662705,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":7,"flow_first_seen":1431970679839,"flow_last_seen":1431970706169,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60413,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":16,"flow_first_seen":1431970634728,"flow_last_seen":1431970664345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":13,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.28","src_port":51229,"dst_port":40009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":16,"flow_first_seen":1431970655836,"flow_last_seen":1431970685642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.52.44","src_port":51246,"dst_port":40020,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":257,"flow_packet_id":7,"flow_first_seen":1431970694308,"flow_last_seen":1431970701362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":6,"flow_first_seen":1431970695909,"flow_last_seen":1431970700948,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51306,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00515{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":76,"flow_first_seen":1431970637197,"flow_last_seen":1431970705557,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15399,"flow_avg_l4_payload_len":202,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":8,"flow_first_seen":1431970634432,"flow_last_seen":1431970687929,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":58631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1431970634431,"flow_last_seen":1431970687929,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":60688,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":14,"flow_first_seen":1431970661447,"flow_last_seen":1431970679053,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":500,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.166","src_port":51253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":13,"flow_first_seen":1431970684583,"flow_last_seen":1431970693811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":391,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"64.4.23.159","src_port":51282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":14,"flow_first_seen":1431970701461,"flow_last_seen":1431970708429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":14,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51313,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":23,"flow_first_seen":1431970703073,"flow_last_seen":1431970706415,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10758,"flow_avg_l4_payload_len":467,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51315,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":10,"flow_first_seen":1431970707102,"flow_last_seen":1431970708204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51318,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_first_seen":1431970708715,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1431970634728,"flow_last_seen":1431970661287,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":62875,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":2,"flow_first_seen":1431970685835,"flow_last_seen":1431970685835,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":265,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"239.255.255.250","src_port":59237,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":7,"flow_first_seen":1431970634276,"flow_last_seen":1431970660781,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":64971,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":15,"flow_first_seen":1431970687670,"flow_last_seen":1431970700698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":95,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51288,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":3,"flow_first_seen":1431970691783,"flow_last_seen":1431970692055,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"76.167.161.6","src_port":51300,"dst_port":20274,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":6,"flow_first_seen":1431970685852,"flow_last_seen":1431970686318,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51284,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":6,"flow_first_seen":1431970686319,"flow_last_seen":1431970686843,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51285,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":6,"flow_first_seen":1431970690890,"flow_last_seen":1431970691584,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51296,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":15,"flow_first_seen":1431970690890,"flow_last_seen":1431970705762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":335,"flow_tot_l4_payload_len":2522,"flow_avg_l4_payload_len":168,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.24","src_port":51297,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00511{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":11,"flow_first_seen":1431970691584,"flow_last_seen":1431970703178,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.216.125","src_port":51299,"dst_port":12350,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00138{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test"}
diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out
index 0b1171a2e..ab02c4f0d 100644
--- a/test/results/skype_udp.pcap.out
+++ b/test/results/skype_udp.pcap.out
@@ -1,11 +1,11 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_udp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1156534494734,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1156534494734,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1156534494,"pkt_ts_usec":734879,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1156534496,"pkt_ts_usec":782355,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_tot_l4_data_len":78,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"proto":"Skype","breed":"Acceptable"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"proto":"Skype","breed":"Acceptable"}}
00437{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1156534500,"pkt_ts_usec":825691,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCvuoUBXkuASuSYOIkRaPfGbxEfOnC\/51D4o9Ncw=="}
-00527{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1156534494734,"flow_last_seen":1156534500825,"flow_tot_l4_data_len":117,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
+00538{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1156534494734,"flow_last_seen":1156534500825,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":93,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"proto":"Skype","breed":"Acceptable","category":"VoIP"}}
00417{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"skype_udp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1156534567,"pkt_ts_usec":55540,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"ABbjGScVAAR2lnvaCABFAAAuAABAAEARoZ\/AqAECGOC+lYyWmV4AGplLsGsC8X+1b++522uzltBGo\/MQ"}
00417{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1156534567,"pkt_ts_usec":244697,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"AAR2lnvaABbjGScVCABFAAAuy+IAAGUR8LwY4L6VwKgBAplejJYAGg6E4FcCztAyD8zMjQ7u\/eBiRTNa"}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":26,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test"}
diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out
index 833b0d9bd..78e963fe2 100644
--- a/test/results/smb_deletefile.pcap.out
+++ b/test/results/smb_deletefile.pcap.out
@@ -1,7 +1,7 @@
00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584368315417,"flow_last_seen":0,"flow_tot_l4_data_len":400,"flow_min_l4_data_len":400,"flow_max_l4_data_len":400,"flow_avg_l4_data_len":400,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584368315417,"flow_last_seen":0,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00972{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368315,"pkt_ts_usec":417275,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584368315417,"flow_last_seen":0,"flow_tot_l4_data_len":400,"flow_min_l4_data_len":400,"flow_max_l4_data_len":400,"flow_avg_l4_data_len":400,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1584368315417,"flow_last_seen":0,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}}
01092{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368315,"pkt_ts_usec":418447,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00413{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368315,"pkt_ts_usec":418500,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"}
00896{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368317,"pkt_ts_usec":575781,"pkt_caplen":378,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":378,"pkt_l4_len":344,"pkt":"2MuK4S0uKDc3AG3ICABFAAFsAABAAEAGtQrAqAF2wKgBu94QAb3ooAbm8kM0F1AYqgDGowAAAAABQP5TTUJAAAEAAAAAAAUAAAEAAAAAgAAAAJ8PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAAAAAAAAAAAAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAABoAAAAoA8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AACAAAAAEATAB1AGMAYQD+U01CQAABAAAAAAAGAAABBAAAAAAAAAChDwAAAAAAAP\/+AAARAAAAHQAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"}
@@ -16,5 +16,5 @@
01100{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368317,"pkt_ts_usec":587603,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOLRAAIAGO6bAqAG7wKgBdgG93hDyQzhN6KALGlAYEAS2GQAAAAABgP5TTUJAAAEAAAAAAAUAAAABAAAAuAAAAKUPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAADPCUzktmNQBM3a2TJv71QGqtlA8LZjUAceu0c0iWdUBAAAeAAAAAACA9B0AAAAAACAAAAAAAAAAFQQAAAoAAADFAAAACgAAAJgAAAAgAAAAAAAAABAABAAAABgACAAAAE14QWMAAAAAAAAAAP8BHwD+U01CQAABAAAAAAARAAAABQAAAEgAAACmDwAAAAAAAP\/+AAARAAAAHQAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAD+U01CQAABAAAAAAAGAAMABQAAAAAAAACnDwAAAAAAAP\/+AAARAAAAHQAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGz+U01CQAAAAAAAAAASAAAAAQAAAAAAAAD\/\/\/\/\/\/\/\/\/\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAACAAEAAADNtesUnIBJiady75EwC3S7AwAAAAAAAAAAAAAAAAAAAAAAAAA="}
00415{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368317,"pkt_ts_usec":587634,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAsa8kM6QVAQqfyBSAAA"}
00560{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"smb_deletefile.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1584368317,"pkt_ts_usec":587709,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"pkt":"2MuK4S0uKDc3AG3ICABFAACQAABAAEAGtebAqAF2wKgBu94QAb3ooAsa8kM6QVAYqgANAgAAAAAAZP5TTUJAAAEAAAAAABIAAAEAAAAAAAAAAKgPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAkAAAAAAAAAM216xScgEmJp3LvkTALdLsAAAAAAAAAAAAAAAA="}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_tot_l4_data_len":27272,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":270,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test"}
diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out
index 383349328..0e2c3d77e 100644
--- a/test/results/smbv1.pcap.out
+++ b/test/results/smbv1.pcap.out
@@ -1,12 +1,12 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smbv1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492191036092,"flow_last_seen":0,"flow_tot_l4_data_len":157,"flow_min_l4_data_len":157,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":157,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492191036092,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":92974,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="}
00566{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":120420,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"}
00598{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":120691,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":137,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":151,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","20":"SMB Insecure Version","22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","20":"SMB Insecure Version","22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00663{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":154924,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"AAwpAu9qAFBW6AqxCABFAADlcSMAAIAGdOoKgADzrBCcggG9xu+bfBqQ0ttpeFAY+vD0\/QAAAAAAuf9TTUJzAAAAAJgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAAA\/8AuQAAAJAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANwA2ADAAMQAgAFMAZQByAHYAaQBjAGUAIABQAGEAYwBrACAAMQAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANgAuADEAAABXAE8AUgBLAEcAUgBPAFUAUAAA"}
00539{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":157874,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"pkt":"AFBW6AqxAAwpAu9qCABFAACGF9QAAIAGzpisEJyCCoAA88bvAb3S22l4m3wbTVAY+b51+wAAAAAAWv9TTUJ1AAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAABP8AWgAIAAEALwAAXABcADEAMAAuADEAMgA4AC4AMAAuADIANAAzAFwASQBQAEMAJAAAAD8\/Pz8\/AA=="}
00493{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":191436,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"AAwpAu9qAFBW6AqxCABFAABkcSUAAIAGdWkKgADzrBCcggG9xu+bfBtN0ttp1lAY+vBBMgAAAAAAOP9TTUJ1AAAAAJgHwAAAAAAAAAAAAAAAAAAI\/\/4ACEAAB\/8AOAABAP\/\/HwD\/\/x8ABwBJUEMAAAAA"}
00521{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492191036,"pkt_ts_usec":191677,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"AFBW6AqxAAwpAu9qCABFAAB6F9UAAIAGzqOsEJyCCoAA88bvAb3S22nWm3wbiVAY+YJgRQAAAAAATv9TTUIyAAAAABgHwAAAAAAAAAAAAAAAAAAI\/\/4ACEEADwwAAAABAAAAAAAAAMxs6wAAAAwAQgAAAE4AAQAOAA0AAAAAAAAAAAAAAAAAAA=="}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_tot_l4_data_len":959,"flow_min_l4_data_len":80,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":137,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test"}
diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out
index 2becb51fc..a13be971f 100644
--- a/test/results/smpp_in_general.pcap.out
+++ b/test/results/smpp_in_general.pcap.out
@@ -1,10 +1,10 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smpp_in_general.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1217149853878,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1217149853878,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":878966,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="}
00422{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":879393,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"}
00415{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":879422,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"}
00471{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":879690,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"AAKlxo7UABbU5r3hCABFAABQUOBAAIAG\/1cK4sp2CuLKNQbqIyjmvft7qAz+QVAYhOQscgAAAAAAKAAAAAIAAAAAAAAAAWFiaGlrAHBhc3N3b3JkAFNNUFAAAQAAAA=="}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":20,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"SMPP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"proto":"SMPP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"}}
00442{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":886293,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"ABbU5r3hAAKlxo7UCABFAAA9My4AADwGoR0K4so1CuLKdiMoBuqoDP5B5r37o1AY8AA72wAAAAAAFYAAAAIAAAAAAAAAAVNNU0MA"}
00416{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149853,"pkt_ts_usec":988641,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUOFAAIAG\/34K4sp2CuLKNQbqIyjmvfujqAz+VlAQhM\/NvQAA"}
00440{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149882,"pkt_ts_usec":791596,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AAKlxo7UABbU5r3hCABFAAA4UPFAAIAG\/14K4sp2CuLKNQbqIyjmvfujqAz+VlAYhM\/NfgAAAAAAEAAAABUAAAAAAAAAAg=="}
@@ -16,5 +16,5 @@
00441{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149884,"pkt_ts_usec":833412,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"ABbU5r3hAAKlxo7UCABFAAA4M4EAADwGoM8K4so1CuLKdiMoBuqoDP5\/5r379VAY8ADh3gAAAAAAEIAAAAYAAAAAAAAABA=="}
00417{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149884,"pkt_ts_usec":833512,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUPVAAIAG\/2oK4sp2CuLKNQbqIyjmvfv1qAz+j1ARhJbNagAA"}
00424{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"smpp_in_general.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1217149884,"pkt_ts_usec":833831,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABbU5r3hAAKlxo7UCABFAAAoM4IAADwGoN4K4so1CuLKdiMoBuqoDP6P5r379lAQ8ABiAAAAAAAAAAAA"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_tot_l4_data_len":552,"flow_min_l4_data_len":20,"flow_max_l4_data_len":70,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test"}
diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out
index 420f8c749..cd3adcf40 100644
--- a/test/results/snapchat.pcap.out
+++ b/test/results/snapchat.pcap.out
@@ -1,13 +1,13 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431417993318,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1431417993318,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":318652,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="}
00409{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":319843,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":322345,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAof1xAAEAG3mAKCAABSn2IjYHRAbtgYhiUn53nbVAQ\/\/9PMwAA"}
00718{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":373192,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"ABoRAAACABoRAAABCABFAAEKf11AAEAG3X0KCAABSn2IjYHRAbtgYhiUn53nbVAY\/\/9LawAAFgMBAN0BAADZAwNQUkrj\/NwhWGN+74t6DO1OzXkqPZ7NjCRqFpHWgKKF7SB5P2Jy9UHDO3+nUN7rdggpnyyuKLgakXSnjHmueU\/o1AAswCvALMAvwDAAngCfwAnACsATwBQAMwA5ADIAOMAHwBEAnACdAC8ANQAFAP8BAABkAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAw=="}
-00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":20,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00791{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1431417993318,"flow_last_seen":1431417993373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":375603,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAa5AABAGjA9KfYiNCggAAQG7gdGfnedtYGIZdlAQ\/\/9OUQAA"}
00600{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":476626,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"ABoRAAACABoRAAABCABFAACxAa9AABAGi4VKfYiNCggAAQG7gdGfnedtYGIZdlAY\/\/8EngAAFgMDAFECAABNAwNVUbSJQinlln\/8edE+8CspXRzVGNkcjqtzNcG7sXtSrCB5P2Jy9UHDO3+nUN7rdggpnyyuKLgakXSnjHmueU\/o1MAvAAAF\/wEAAQAUAwMAAQEWAwMAKAAAAAAAAAAAf2zZevNRbfwJe\/A1K5Q+MDebGGO+Uf8ZeAUlLlz2nCI="}
-00834{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_tot_l4_data_len":503,"flow_min_l4_data_len":20,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00845{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1431417993318,"flow_last_seen":1431417993476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":363,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"36e9ceaa96dd810482573844f78a063f","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
00409{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":479525,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAof15AAEAG3l4KCAABSn2IjYHRAbtgYhl2n53n9lAQ\/\/9NyAAA"}
00480{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":533668,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ABoRAAACABoRAAABCABFAABbf19AAEAG3ioKCAABSn2IjYHRAbtgYhl2n53n9lAY\/\/\/n2gAAFAMDAAEBFgMDAChjpkAEFO1Imock9wPzUl61uVUbhQtDgFJLyjkYPfyHn3wBcQOiHJ+Z"}
00409{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":534065,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbNAABAGjApKfYiNCggAAQG7gdGfnef2YGIZqVAQ\/\/9NlQAA"}
@@ -17,24 +17,24 @@
00411{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":535072,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbVAABAGjAhKfYiNCggAAQG7gdGfnef2YGIcdlAQ\/\/9KyAAA"}
00785{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":535256,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"ABoRAAACABoRAAABCABFAAE3f2JAAEAG3UsKCAABSn2IjYHRAbtgYhx2n53n9lAY\/\/\/YKQAAVnC0jR2z5CJlKZ8fFFQ8iRLZP172ZMrsOdo1SYpVQsQaoADocXdPgUrE0Pnq5UHQfeORu9\/czCm6OlgNS+YaLiqXdxksA+wiCdfpYmwCi\/6Nxlq6\/m3RaHuR0Z5xjL1StUO4mzH5UcsjkROn7NVe5vAVF9H7hWfYf\/LMtivYeaNQDAYnc3CoO6FCTYqyAICPE\/ljwAR\/YlV9wUHpuGfK0MtD6UAN8xX92tRW7hWhs8asthEs+J5bfrnZcCHsBVGhsRvljOga8XVhi50v4xcKnca3jR4+GaR5e519J810NayxCAAqQKIp2HbcxnASL94+PONXQoAPl3MQQEgb7UxHoAnlIFIkYEl4mj9MR2B6yQ=="}
00411{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431417993,"pkt_ts_usec":535622,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbZAABAGjAdKfYiNCggAAQG7gdGfnef2YGIdhVAQ\/\/9JuQAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431418008131,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1431418008131,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":131807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8OQ1AAEAGJJwKCAABSn2Ija34AbvuolTmAAAAAKAC\/\/8JnAAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="}
00410{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":132967,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAeJAABAGi9tKfYiNCggAAQG7rfgRXasZ7qJU51AS\/\/8jCwAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431418008133,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1431418008133,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":133607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8wNFAAEAGnNcKCAABSn2IjduBAbsrgq06AAAAAKAC\/\/9G3wAAAgQFtAQCCAoAKm3rAAAAAAEDAwY="}
00411{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":135133,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAeRAABAGi9lKfYiNCggAAQG724HUfVLFK4KtO1AS\/\/\/1gQAA"}
00410{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":135378,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOQ5AAEAGJK8KCAABSn2Ija34AbvuolTnEV2rGlAQ\/\/8jDAAA"}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":136568,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAowNJAAEAGnOoKCAABSn2IjduBAbsrgq071H1SxlAQ\/\/\/1ggAA"}
01111{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":138643,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"ABoRAAACABoRAAABCABFAAItOQ9AAEAGIqkKCAABSn2Ija34AbvuolTnEV2rGlAY\/\/+krQAAFgMBAgABAAH8AwOhEVtKJFbmMdITP5FzjInwHIS\/R2esElHqAErlmxUy8CACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDbwAcwCvALwCewArACcATwBQAMwAyADkAnAAvADUA\/wEAAZcAAAAhAB8AABxmZWVsaW5zb25pY2UtaHJkLmFwcHNwb3QuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMS7WjP546+2lF\/TKyZI1bqIDoSMpbWj033whzxbUsavA0etyrZ4bKy5YSQsnhoz8RnY+\/yWt\/LQE9Z6ryY2tS2fDeIY9FtoXb0PXCAhPOZ9PZLgbr5sz9tAG9IyywPJZ6z79yL6zaCwJFb69s170JD9vfS74pAn3H8WYSxk9sXMidEjgizByb1wRsJYo7f11VDDw7z51tPC3nJwPfffTWJrmhbc9Lbb832t4bcLlJFcU\/yNM14PJqZdRRsDPXFzlk5o6fcwAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDABAACwAJCGh0dHAvMS4xABUAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1431418008131,"flow_last_seen":1431418008138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00410{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":141329,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAedAABAGi9ZKfYiNCggAAQG7rfgRXasa7qJW7FAQ\/\/8hBwAA"}
01111{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":141878,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"ABoRAAACABoRAAABCABFAAItwNNAAEAGmuQKCAABSn2IjduBAbsrgq071H1SxlAY\/\/8b8QAAFgMBAgABAAH8AwNZW7OoopxmUl9aAmMbvJ5KlPrEhizm1d1wyfHascr\/qiACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDbwAcwCvALwCewArACcATwBQAMwAyADkAnAAvADUA\/wEAAZcAAAAhAB8AABxmZWVsaW5zb25pY2UtaHJkLmFwcHNwb3QuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAMS7WjP546+2lF\/TKyZI1bqIDoSMpbWj033whzxbUsavA0etyrZ4bKy5YSQsnhoz8RnY+\/yWt\/LQE9Z6ryY2tS2fDeIY9FtoXb0PXCAhPOZ9PZLgbr5sz9tAG9IyywPJZ6z79yL6zaCwJFb69s170JD9vfS74pAn3H8WYSxk9sXMidEjgizByb1wRsJYo7f11VDDw7z51tPC3nJwPfffTWJrmhbc9Lbb832t4bcLlJFcU\/yNM14PJqZdRRsDPXFzlk5o6fcwAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDABAACwAJCGh0dHAvMS4xABUAMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1431418008133,"flow_last_seen":1431418008141,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00411{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":142062,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAehAABAGi9VKfYiNCggAAQG724HUfVLGK4KvQFAQ\/\/\/zfQAA"}
00618{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":294053,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"ABoRAAACABoRAAABCABFAADAAetAABAGizpKfYiNCggAAQG7rfgRXasa7qJW7FAY\/\/+zsAAAFgMDAGACAABcAwNVUbSYnv8lFkwrP3tkn4HenuHfYNVayyWpsUxN9vxrPCACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDb8AvAAAU\/wEAAQAAEAALAAkIaHR0cC8xLjEUAwMAAQEWAwMAKAAAAAAAAAAAXacoUY2XPyBFJGfEF3Th1vw79TgzZopqWjm3nxKar8M="}
-00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_tot_l4_data_len":809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00804{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":33,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1431418008131,"flow_last_seen":1431418008294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00620{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":294450,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"ABoRAAACABoRAAABCABFAADAAexAABAGizlKfYiNCggAAQG724HUfVLGK4KvQFAY\/\/9r2QAAFgMDAGACAABcAwNVUbSYmROcimMu8n3UiA4V9o6+qZRQpBjKJ9EfdyRo\/iACAgRWcgR9w4k0fccFDBFgltGnL9Eev8AwahrxGVyDb8AvAAAU\/wEAAQAAEAALAAkIaHR0cC8xLjEUAwMAAQEWAwMAKAAAAAAAAAAADDcXv+W8vtUMi18PvtyGNW\/DmWyzX37WYnllu2M793g="}
-00793{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_tot_l4_data_len":809,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00804{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1431418008133,"flow_last_seen":1431418008294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Snapchat","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feelinsonice-hrd.appspot.com","ja3":"fded31ac9b978e56ce306f8056092f2a","ja3s":"7bee5c1d424b7e5f943b06983bb11422","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00410{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":295945,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoORBAAEAGJK0KCAABSn2Ija34AbvuolbsEV2rslAQ\/\/8gbwAA"}
00411{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":296189,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAowNRAAEAGnOgKCAABSn2IjduBAbsrgq9A1H1TXlAQ\/\/\/y5QAA"}
00482{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":296495,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"ABoRAAACABoRAAABCABFAABbORFAAEAGJHkKCAABSn2Ija34AbvuolbsEV2rslAY\/\/9RZwAAFAMDAAEBFgMDACg\/yxy\/isn7sp4msLqfjCgWlkRFGBF2Q3Vx+rR9jOq2HtyKTSD1PBM5"}
@@ -53,7 +53,7 @@
00412{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":349295,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfVAABAGi8hKfYiNCggAAQG724HUfVNeK4Kzo1AQ\/\/\/uggAA"}
00612{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":349448,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"pkt":"ABoRAAACABoRAAABCABFAAC4wNhAAEAGnFQKCAABSn2IjduBAbsrgrOj1H1TXlAY\/\/\/G6wAAstjj3\/bsqpZpfZBbB0U0MfQ1fvcBtg\/ngUbvEy0ydo\/TCHa74MV9Zwi2677DhjDQ7Y8hgLv04yaniKcq9e1oXDbG0nZBEfAhi3hvl9olQoHXtdnYwEdx7D2DuVvaqcLIx2lazMNmhLU53oscsI35lmtDhvLcFW6nY5DJFHZ\/uvNo7JO137yNDEMdsY\/zZaRu"}
00412{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"snapchat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1431418008,"pkt_ts_usec":349631,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfZAABAGi8dKfYiNCggAAQG724HUfVNeK4K0M1AQ\/\/\/t8gAA"}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_tot_l4_data_len":2131,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_tot_l4_data_len":3365,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1089,"flow_avg_l4_data_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_tot_l4_data_len":2799,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test"}
diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out
index 77e5f767e..08fa32d2b 100644
--- a/test/results/snapchat_call.pcapng.out
+++ b/test/results/snapchat_call.pcapng.out
@@ -1,7 +1,7 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595865799020,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595865799020,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02203{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":20160,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00582{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595865799020,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
+00594{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595865799020,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}}
02239{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":37006,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"}
02213{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":37074,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02208{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":50574,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIpAAEARymnAqAypEriKjqRjAbsFTgAjw1EwNDZQw4BG53qjBuoAAAACKKznrhPUqJ5o7BjwQAIYOgIApAEEAAQAQ0hMTxUAAABQQUQAIwIAAFNUSwBcAgAAU05PAJACAABWRVIAlAIAAENDUwCkAgAATk9OQ8QCAABBRUFEyAIAAFNDSUTYAgAAUERNRNwCAABTTUhM4AIAAElDU0zkAgAATk9OUAQDAABQVUJTJAMAAE1JRFMoAwAAU0NMUywDAABLRVhTMAMAAFhMQ1Q4AwAAQ1NDVDgDAABDQ1JUSAMAAENGQ1dMAwAAU0ZDV1ADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4lEwNDYB6IFgkpIa6H7tgIaiFYKRkQOZdTLeLAF4MnSFOq4wCsGZFGIlTmcj5MNiAOJd\/wxBRVNHA78+534aJGpQz3fTGhLA01g1MDkBAAAAKAAAALCir626Nfdlr16nNUFUTgfR1r6cqrNy6jaIgHxu7sBUVbGuAflhncgG\/tarPbDP8Z0PbFQMXHjUk17jcBtg1V9kAAAAAQAAAEMyNTVQ9M9VwKYsE1D0z1XApiwTWWjAu58dEhUAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -16,5 +16,5 @@
00453{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":105753,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"CL6sCxdumt9Y+uvcCABFAABCAJFAAEARz4LAqAypEriKjqRjAbsALmnoQMOARud6owbqB97g\/jhJ9kT7eseQiNAVbouFZELJBQ7vbNXPBus="}
00453{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":105760,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"CL6sCxdumt9Y+uvcCABFAABCAJJAAEARz4HAqAypEriKjqRjAbsALq54QMOARud6owbqCFB\/R6QkZ4cH6CMIS5RzQDZFuCrfWVfg0GUd8kY="}
00618{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"snapchat_call.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595865799,"pkt_ts_usec":105971,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"CL6sCxdumt9Y+uvcCABFAAC7AJNAAEARzwfAqAypEriKjqRjAbsAp9wkQMOARud6owbqCRc3SXpZ6Q9b9545QLOgrmU7yrTkDeu1OuRMhPND6AkTs3ROozWJziUGPGTD7NgdmiQX5t0ozTRtTxbk7\/KukXzKWYmVD9Mk3HoJXFObywsgcQzdtt+wsCQ6BlbJTbVGz4\/ddaV5nEeaHbghbcZU6VpqPRWkwkqgnOUcsHXDm4\/7lQ3gSNvX5H+o61wG2b9kKE9PLXv5"}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_tot_l4_data_len":11072,"flow_min_l4_data_len":28,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00135{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test"}
diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out
index 5e53c44f4..a49da6c2d 100644
--- a/test/results/ssdp-m-search.pcap.out
+++ b/test/results/ssdp-m-search.pcap.out
@@ -1,7 +1,7 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssdp-m-search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1532054645808,"flow_last_seen":0,"flow_tot_l4_data_len":29,"flow_min_l4_data_len":29,"flow_max_l4_data_len":29,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1532054645808,"flow_last_seen":0,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054645,"pkt_ts_usec":808785,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1532054645808,"flow_last_seen":0,"flow_tot_l4_data_len":29,"flow_min_l4_data_len":29,"flow_max_l4_data_len":29,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1532054645808,"flow_last_seen":0,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054650,"pkt_ts_usec":808802,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxSyxAAEARiTbAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
00433{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054655,"pkt_ts_usec":808797,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxW1JAAEAReRDAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
00433{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054660,"pkt_ts_usec":808775,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxbhVAAEARZk3AqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
@@ -16,5 +16,5 @@
00435{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054705,"pkt_ts_usec":808776,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxvxhAAEARFUrAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
00435{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054710,"pkt_ts_usec":808804,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxwmtAAEAREffAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
00436{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ssdp-m-search.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1532054715,"pkt_ts_usec":808776,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxxENAAEAREB\/AqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_tot_l4_data_len":551,"flow_min_l4_data_len":29,"flow_max_l4_data_len":29,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test"}
diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out
index 1797ef365..71eadf8b8 100644
--- a/test/results/ssh.pcap.out
+++ b/test/results/ssh.pcap.out
@@ -1,23 +1,23 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1320435464760,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1320435464760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":760244,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"}
00431{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":760270,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":760285,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwppUXgAFBWwAAICABFAAA0xzVAAEAGPsOsEO4BrBDuqOQbABY3Xn+rQqJ2N4AQ\/\/\/+RgAAAQEIChyVr\/UAEyL4"}
00448{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":768382,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AFBWwAAIAAwppUXgCABFAABJVM9AAEAGsRSsEO6orBDuAQAW5BtConY3N15\/q4AYAFs9HQAAAQEICgATIwEcla\/1U1NILTIuMC1PcGVuU1NIXzUuMw0K"}
-00683{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_tot_l4_data_len":169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}}
+00692{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"","hassh_client":"","hassh_server":""}}
00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":768431,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwppUXgAFBWwAAICABFAAA0YDlAAEAGpb+sEO4BrBDuqOQbABY3Xn+rQqJ2TIAQ\/\/\/+HgAAAQEIChyVr\/8AEyMB"}
00449{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":768726,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AAwppUXgAFBWwAAICABFAABJ8QpAAEAGFNmsEO4BrBDuqOQbABY3Xn+rQqJ2TIAY\/\/86WQAAAQEIChyVr\/8AEyMBU1NILTIuMC1PcGVuU1NIXzUuNg0K"}
-00753{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_tot_l4_data_len":254,"flow_min_l4_data_len":32,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}}
+00762{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1320435464760,"flow_last_seen":1320435464768,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"","hassh_server":""}}
00421{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":769170,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AFBWwAAIAAwppUXgCABFAAA0VNBAAEAGsSisEO6orBDuAQAW5BtConZMN15\/wIAQAFv9rQAAAQEICgATIwIcla\/\/"}
01633{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":769196,"pkt_caplen":970,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":970,"pkt_l4_len":936,"pkt":"AAwppUXgAFBWwAAICABFAAO8JwpAAEAG22asEO4BrBDuqOQbABY3Xn\/AQqJ2TIAY\/\/8A3QAAAQEIChyVr\/8AEyMCAAADhAQUGLoxRxrO8i2IidbRRFAN9AAAAH5kaWZmaWUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGEyNTYsZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDE0LXNoYTEsZGlmZmllLWhlbGxtYW4tZ3JvdXAxLXNoYTEAAACDc3NoLXJzYS1jZXJ0LXYwMUBvcGVuc3NoLmNvbSxzc2gtZHNzLWNlcnQtdjAxQG9wZW5zc2guY29tLHNzaC1yc2EtY2VydC12MDBAb3BlbnNzaC5jb20sc3NoLWRzcy1jZXJ0LXYwMEBvcGVuc3NoLmNvbSxzc2gtcnNhLHNzaC1kc3MAAACdYWVzMTI4LWN0cixhZXMxOTItY3RyLGFlczI1Ni1jdHIsYXJjZm91cjI1NixhcmNmb3VyMTI4LGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAJ1hZXMxMjgtY3RyLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMjU2LGFyY2ZvdXIxMjgsYWVzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsY2FzdDEyOC1jYmMsYWVzMTkyLWNiYyxhZXMyNTYtY2JjLGFyY2ZvdXIscmlqbmRhZWwtY2JjQGx5c2F0b3IubGl1LnNlAAAAaWhtYWMtbWQ1LGhtYWMtc2hhMSx1bWFjLTY0QG9wZW5zc2guY29tLGhtYWMtcmlwZW1kMTYwLGhtYWMtcmlwZW1kMTYwQG9wZW5zc2guY29tLGhtYWMtc2hhMS05NixobWFjLW1kNS05NgAAAGlobWFjLW1kNSxobWFjLXNoYTEsdW1hYy02NEBvcGVuc3NoLmNvbSxobWFjLXJpcGVtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFjLXNoYTEtOTYsaG1hYy1tZDUtOTYAAAAabm9uZSx6bGliQG9wZW5zc2guY29tLHpsaWIAAAAabm9uZSx6bGliQG9wZW5zc2guY29tLHpsaWIAAAAAAAAAAAAAAAAAAAAAAA=="}
-00788{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_tot_l4_data_len":1222,"flow_min_l4_data_len":32,"flow_max_l4_data_len":936,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}
+00798{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}}
00420{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":769310,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AFBWwAAIAAwppUXgCABFAAA0VNFAAEAGsSesEO6orBDuAQAW5BtConZMN16DSIAQAHf6CQAAAQEICgATIwIcla\/\/"}
01474{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":770779,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":850,"pkt_l4_len":816,"pkt":"AFBWwAAIAAwppUXgCABFAANEVNJAAEAGrhasEO6orBDuAQAW5BtConZMN16DSIAYAHfp7gAAAQEICgATIwMcla\/\/AAADDAoUAPIpTowp\/R3EVkG6Xa+q1wAAAH5kaWZmaWUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGEyNTYsZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMSxkaWZmaWUtaGVsbG1hbi1ncm91cDE0LXNoYTEsZGlmZmllLWhlbGxtYW4tZ3JvdXAxLXNoYTEAAAAPc3NoLXJzYSxzc2gtZHNzAAAAnWFlczEyOC1jdHIsYWVzMTkyLWN0cixhZXMyNTYtY3RyLGFyY2ZvdXIyNTYsYXJjZm91cjEyOCxhZXMxMjgtY2JjLDNkZXMtY2JjLGJsb3dmaXNoLWNiYyxjYXN0MTI4LWNiYyxhZXMxOTItY2JjLGFlczI1Ni1jYmMsYXJjZm91cixyaWpuZGFlbC1jYmNAbHlzYXRvci5saXUuc2UAAACdYWVzMTI4LWN0cixhZXMxOTItY3RyLGFlczI1Ni1jdHIsYXJjZm91cjI1NixhcmNmb3VyMTI4LGFlczEyOC1jYmMsM2Rlcy1jYmMsYmxvd2Zpc2gtY2JjLGNhc3QxMjgtY2JjLGFlczE5Mi1jYmMsYWVzMjU2LWNiYyxhcmNmb3VyLHJpam5kYWVsLWNiY0BseXNhdG9yLmxpdS5zZQAAAGlobWFjLW1kNSxobWFjLXNoYTEsdW1hYy02NEBvcGVuc3NoLmNvbSxobWFjLXJpcGVtZDE2MCxobWFjLXJpcGVtZDE2MEBvcGVuc3NoLmNvbSxobWFjLXNoYTEtOTYsaG1hYy1tZDUtOTYAAABpaG1hYy1tZDUsaG1hYy1zaGExLHVtYWMtNjRAb3BlbnNzaC5jb20saG1hYy1yaXBlbWQxNjAsaG1hYy1yaXBlbWQxNjBAb3BlbnNzaC5jb20saG1hYy1zaGExLTk2LGhtYWMtbWQ1LTk2AAAAFW5vbmUsemxpYkBvcGVuc3NoLmNvbQAAABVub25lLHpsaWJAb3BlbnNzaC5jb20AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_tot_l4_data_len":2070,"flow_min_l4_data_len":32,"flow_max_l4_data_len":936,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}
+00833{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18":"SSH Obsolete Client Version\/Cipher","19":"SSH Obsolete Server Version\/Cipher"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}
00423{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":770807,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwppUXgAFBWwAAICABFAAA02jNAAEAGK8WsEO4BrBDuqOQbABY3XoNIQqJ5XIAQ\/\/\/3bQAAAQEIChyVsAEAEyMD"}
00455{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":771113,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"AAwppUXgAFBWwAAICABFAABM0xtAAEAGMsWsEO4BrBDuqOQbABY3XoNIQqJ5XIAY\/\/\/JFwAAAQEIChyVsAEAEyMDAAAAFAYiAAAEAAAABAAAACAAAAAAAAAA"}
00628{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":772570,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"AFBWwAAIAAwppUXgCABFAADMVNNAAEAGsI2sEO6orBDuAQAW5BtConlcN16DYIAYAHdn8wAAAQEICgATIwQclbABAAAAlAgfAAAAgQDeSfyQaZlMN50rZWPv03765nhe6x3QoSsJCqwnKyLfjGSkoqt7mc4Ld6mlLggz1S1TsljO3\/0XXcijdmqbmAc2JkbckhVijD9K8OCNAKtgo7nlW65H6CZR2gwVonNV3bBjZcrh3d5MDJfcmUL9ZemGf6UOcuHHhUEe3SjeJ0uzIwAAAAECAAAAAAAAAAA="}
00423{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":772673,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AAwppUXgAFBWwAAICABFAAA0rWVAAEAGWJOsEO4BrBDuqOQbABY3XoNgQqJ59IAQ\/\/\/2uwAAAQEIChyVsAIAEyME"}
00617{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ssh.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1320435464,"pkt_ts_usec":774287,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"pkt":"AAwppUXgAFBWwAAICABFAADEyg1AAEAGO1usEO4BrBDuqOQbABY3XoNgQqJ59IAY\/\/+RQAAAAQEIChyVsAMAEyMEAAAAjAUgAAAAgQCKUG7tHgFITWPHoMxc4wuZ1BXy9n04qGBXJaOb+9wr70emYr8wHGq5ovMs7cviXyxxuF2Wdy30WLOfkouWkCplLGVZjdOTH0a5W2C9UmG80DhI+zr3en+DO3OfgxTtHr+gZJk6dXUbjvnH28419VgXWQUn69FtGg8SjApYMkgSUQAAAAAA"}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_tot_l4_data_len":26774,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1312,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test"}
diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out
index 0478f0d78..d68fd4944 100644
--- a/test/results/ssl-cert-name-mismatch.pcap.out
+++ b/test/results/ssl-cert-name-mismatch.pcap.out
@@ -1,22 +1,22 @@
00490{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620643422034,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1620643422034,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":34834,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="}
00450{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":162607,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="}
00437{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":162625,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCRAAEAGNRbAqALeaJpZadX0AbtP8LY4aCxUYYAQAOWFsAAAAQEICgGXD0StfZhX"}
00771{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":196037,"pkt_caplen":311,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":311,"pkt_l4_len":277,"pkt":"BBjWBrNaACWQ1Mz5CABFAAEpgCVAAEAGNCDAqALeaJpZadX0AbtP8LY4aCxUYYAYAOWGpQAAAQEICgGXD02tfZhXFgMBAPABAADsAwNgmQ7zHV6F023ZZMjzy2PnOAFhzodV\/0kvIs9S5KNjJQAATMArwCzAhsCHwAnACsCswK3ACMAvwDDAisCLwBPAFMASAJwAncB6wHsALwA1AEEAhMCcwJ0ACgCeAJ\/AfMB9ADMAOQBFAIjAnsCfABYBAAB3ABcAAAAWAAAABQAFAQAAAAAAAAAaABgAABV3cm9uZy5ob3N0LmJhZHNzbC5jb23\/AQABAAAjAAAACgAMAAoAFwAYABkAFQATAAsAAgEAAA0AFgAUBAEEAwUBBQMGAQYDAwEDAwIBAgMAEAALAAkIaHR0cC8xLjE="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_tot_l4_data_len":389,"flow_min_l4_data_len":32,"flow_max_l4_data_len":277,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1620643422034,"flow_last_seen":1620643422196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00438{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":323351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA0X1pAADAGZeBomllpwKgC3gG71fRoLFRhT\/C3LYAQAOX9lwAAAQEICq19mPkBlw9N"}
02334{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325332,"pkt_caplen":1474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1474,"pkt_l4_len":1440,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAW0X1tAADAGYF9omllpwKgC3gG71fRoLFRhT\/C3LYAQAOVgYQAAAQEICq19mPoBlw9NFgMDAFACAABMAwOyFB1JAwr2Ek6Q1qUskLvoCKxZqXUDKBtO2f4bevmgIgDALwAAJAAAAAD\/AQABAAALAAQDAAECACMAAAAQAAsACQhodHRwLzEuMRYDAwtRCwALTQALSgAGrDCCBqgwggWQoAMCAQICEArwbNo3pgtkE0LwoesdWf0wDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEnMCUGA1UEAxMeRGlnaUNlcnQgU0hBMiBTZWN1cmUgU2VydmVyIENBMB4XDTIwMDMyMzAwMDAwMFoXDTIyMDUxNzEyMDAwMFowbjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAcTDFdhbG51dCBDcmVlazEcMBoGA1UEChMTTHVjYXMgR2Fycm9uIFRvcnJlczEVMBMGA1UEAwwMKi5iYWRzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgTs+IzuBMKz2FDVcFjMkxjrXKhoSbAitfmVnrErLHY+bMBLYExM6rK0wA+AtrD5csmGAvlcQV0TK39xxEu86ZQuUDemZxxhjPZBQsVG0xaHJ5906wqdEVImIXNshEx5VeTRa+gGPUgVUq2zKNuq\/27\/YJVKd2s58STRMbbdTcDE\/FO5bUKttXz+rvUV0jNI5yJxx8IUemwo6jdK3+pstXK0flqiFtxpsVdE2woSq97DD0d0XEEi4Zr5G5PmrSIGKS6xukkcDCeeo\/uL90ByAKySCNmMV4RTgQXL5v5rVJhAJ4XHELtzcO9pGEEHRVV8+WQ\/PSzDqXzrkxpMhtHKhQIDAQABo4IDYTCCA10wHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFJ3uwXuBCzpHaXEYfRE3k7ylGz\/7MCMGA1UdEQQcMBqCDCouYmFkc3NsLmNvbYIKYmFkc3NsLmNvbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGsGA1UdHwRkMGIwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMC+gLaArhilodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAzB8BggrBgEFBQcBAQRwMG4wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBGBggrBgEFBQcwAoY6aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMlNlY3VyZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAXEIRl4qAAAEAwBHMEUCIA31lQVxLlGQtmD+EotwEA4nRwuFPXuV0xshu0hTQ5UZAiEAs4pKwNZ3+26AHYb2hrtlZHLd1WiPtMvKd4JqJ1OXfQ8AdgAiRUUHWVUkVpY\/oS\/x922G4CMmY63AS39dxoNcbuIPAgAAAXEIRl5bAAAEAwBHMEUCIQDFolbItr2HcUQkbLvwzJgsoWNIiTyhxNnOnoz8nCG4KgIgLN5EkktDYlBYhwcO0GkP7Bjvv5TWL4xMZc1VFg=="}
-00803{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_tot_l4_data_len":1861,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1440,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00814{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00437{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325346,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCZAAEAGNRTAqALeaJpZadX0AbtP8LctaCxZ4YAQAPuFsAAAAQEICgGXD22tfZj6"}
02338{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325350,"pkt_caplen":1474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1474,"pkt_l4_len":1440,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAW0X1xAADAGYF5omllpwKgC3gG71fRoLFnhT\/C3LYAQAOVbxAAAAQEICq19mPoBlw9NJbgNLwB2AFGjsPX9AXmcVm24N3iPDKR6zBsny\/eeiEKaDf7UiwXlAAABcQhGXnoAAAQDAEcwRQIgKsntiBqt8Au8DAABFkxISELhP3U\/wb5lb76pvfenWL0CIQDr2kLhCWP\/QUNxXqGmvr1GaG9EuokTOLEnGPhGv1cMkDANBgkqhkiG9w0BAQsFAAOCAQEA0RGxlwy3Tl0lhrUAn2mIi8LcZ9nBUyfAcCXCtYyCdEbjIP64xgX6pzTt0WJoxzlT+MiK6fc0hECZXqpkTNVTARYtGkJoljlTK2vAdHZ0SOpm9OT4RLfjGnImY0hiFbZ\/LtsvS2Zg7cVJecqnrZe\/za\/nbDdljnnrll7C8O5naQuKr4teuice3e8a4TtviFwS\/wdDnJ3RrE83b1IljILbU5SV0X1NajyYkUWS7AnOmrFUUByzMwdGrM6kt0lfJy\/gvGVsgIKZocHdedPeECqAtq7FAJYanOsjNN9RbBOGhbwq0\/FPCC01zojqS10nGowxzOiqyB4m6wytmzf0QwjpMwAEmDCCBJQwggN8oAMCAQICEAH9o+tuynXIiEOLckvPvJEwDQYJKoZIhvcNAQELBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgQ0EwHhcNMTMwMzA4MTIwMDAwWhcNMjMwMzA4MTIwMDAwWjBNMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcrliQTcHEMBWQNVtuPIIV9SxcvePb\/3FD+mQlgNTuGKJN8GbQCnNuEZg2F2SvN539+kGEr8evjP4ac03PM5eQopaHU4MruaZ1SC0dVjd72jEyGtesqwb0ql1Lt0dG3SqTw5AueYCA7xMEahQ7tZuSvsIHZU782vz\/eq7cXH5VMQzoOQek174v0wtq0rHfX\/5XdFM7NYDdro5EmLOfDtPa4Nf0aymrRKdLWIRtkkuBw9pzixKXSJAERXUa3Tcxl5LozVQNO+TBPzleLrjzXH4QjoZBAI1FZkewoWXOoKopCU7zl+voLqsPcqcwDvrH9P0Ud8OkWyhXwrP5gv23RVibAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBQPgGEcgjFh1S8o541GOLQs4cbZ4jAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEAIz7fS9IxQqW2fkJcGkTMadFotF1L4AQhbEvibcyx4JePplMJzaoqZeU5Tx6DpW5cmKIkJub7oe2Txy4Cxk1Kv7BC33jas6j5bf8hhVM2YEx2zuw43A=="}
00437{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gCdAAEAGNRPAqALeaJpZadX0AbtP8LctaCxfYYAQARKFsAAAAQEICgGXD22tfZj6"}
01144{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325538,"pkt_caplen":584,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":584,"pkt_l4_len":550,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAI6X11AADAGY9domllpwKgC3gG71fRoLF9hT\/C3LYAYAOWeJwAAAQEICq19mPoBlw9N1lGA8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls\/3HB40f\/1LkAtDdC2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPitc+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLzFgMDAU0MAAFJAwAXQQSfPD0+2hyzpX6XvHE87OMIo+mQMyEjJaKvRk6jzXbV7TJpQEYIvZLrAHFO+I0uH4KwZID6Vn4PD7d+\/e6PTvLpBgEBAIZuhJdnxAuMxxpuaYxZTCxybq\/SRhTfq91ygxjEhiZaoLeCiknryeR1XBTum26kIo1q2yNuvQk8CKd6hOc5f6oKERIacwAkubGLIArYaXHm\/ZxaG0I9LxOxHcK\/dYXwTP013HOSbXtfzzsXgLTKOTcqrRMiFijJkt4hp3CJh9UUMhEevNbRpuK82kXly3lQzK\/wwUQe4n1Ky2kVJ7f+Gu5\/kXa8HEhkdanGf2jf8faNYjAJe6mcd8KPfQgfyh6qH+LsaLIrat96jRia8wi+9BxPUVaAKI2dtdktuorf5RZwi\/cfY+t5ldoduI3QUJvEv7M9gtUtdo42GFJl9c9KysQWAwMABA4AAAA="}
-01127{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_tot_l4_data_len":3915,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1440,"flow_avg_l4_data_len":391,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}
+01138{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","issuerDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}
00439{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":325550,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA0gChAAEAGNRLAqALeaJpZadX0AbtP8LctaCxhZ4AQASiFsAAAAQEICgGXD22tfZj6"}
00544{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":326406,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"BBjWBrNaACWQ1Mz5CABFAAB\/gClAAEAGNMbAqALeaJpZadX0AbtP8LctaCxhZ4AYASiF+wAAAQEICgGXD22tfZj6FgMDAEYQAABCQQR3kdBEzsAbckXxhxZPB7YNFIGgegw6wbTOhZCV559EoLoXsK\/DABGNdFUNvhJlgjoi6pF7kn5BtR715jNzOuWN"}
00440{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":493716,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA0X15AADAGZdxomllpwKgC3gG71fRoLGFnT\/C3eIAQAOXvfAAAAQEICq19maMBlw9t"}
00510{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":493729,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"BBjWBrNaACWQ1Mz5CABFAABngCpAAEAGNN3AqALeaJpZadX0AbtP8Ld4aCxhZ4AYASiF4wAAAQEICgGXD5etfZmjFAMDAAEBFgMDACgAAAAAAAAAAFby\/uAJZTNFwwUqUoCgOytrFRiVxd7BGhLKzCfnFnrv"}
00440{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1620643422,"pkt_ts_usec":620446,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA0X19AADAGZdtomllpwKgC3gG71fRoLGFnT\/C3q4AQAOXuoAAAAQEICq19miIBlw+X"}
-00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_tot_l4_data_len":4698,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1440,"flow_avg_l4_data_len":223,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00142{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test"}
diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out
index 7cb184f22..e85cc11f4 100644
--- a/test/results/starcraft_battle.pcap.out
+++ b/test/results/starcraft_battle.pcap.out
@@ -1,59 +1,59 @@
00484{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"starcraft_battle.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1437389953643,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1437389953643,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":643103,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="}
00467{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":643311,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1437389953741,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1437389953741,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":741760,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX14AAIARVpTAqAFkwKgB\/uXCADUANEsbLmwBAAABAAAAAAAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1437389953741,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1437389953741,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00460{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":742059,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX18AAIARVpPAqAFkwKgB\/uXCADUANO2f6I8BAAABAAAAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1437389953741,"flow_last_seen":1437389953742,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00489{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":743440,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"IImEa8W6hCYVPnXECABFAABcAABAAEARtd7AqAH+wKgBZAA15cIASF7P6I+BgAABAAEAAAAAAzEwMAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAAAAgGbmItd2luAA=="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":52,"flow_max_l4_data_len":72,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1437389953741,"flow_last_seen":1437389953743,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"100.1.168.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":774618,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoZttAAPMGom3AHvxbwKgBZAG7DI12Mx+JhBzagFAQAB8ujQAAAAAAAAAA"}
00554{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389953,"pkt_ts_usec":805110,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"IImEa8W6hCYVPnXECABFAACMAABAAEARta7AqAH+wKgBZAA15cIAeFi6LmyBgwABAAAAAQAAAjkxAzI1MgIzMAMxOTIHaW4tYWRkcgRhcnBhAAAMAAHADwAGAAEAAAA7ADgDbnMxA3AxNgZkeW5lY3QDbmV0AANvcHMGZ2l0aHViA2NvbQAAAAASAAAOEAAAAlgACTqAAAAAPA=="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":52,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"91.252.30.192.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389954,"pkt_ts_usec":123062,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAohUoAAPMGdW9Q77oawKgBZAG7DZT7ZyHlrZYt91AU9s3jwgAAAAAAAAAA"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1437389954543,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1437389954543,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389954,"pkt_ts_usec":543028,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2AAAIARVpLAqAFkwKgB\/uXPADUANOzD5FkBAAABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1437389954543,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1437389954543,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00461{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389954,"pkt_ts_usec":543322,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2EAAIARVpHAqAFkwKgB\/uXPADUANAhuNT0BAAABAAAAAAAAAjI2AzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="}
00460{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389954,"pkt_ts_usec":544145,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"IImEa8W6hCYVPnXECABFAABIAABAAEARtfLAqAH+wKgBZAA15c8ANGxA5FmBgwABAAAAAAAAAzI1NAExAzE2OAMxOTIHaW4tYWRkcgRhcnBhAAAMAAE="}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_tot_l4_data_len":156,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1437389954543,"flow_last_seen":1437389954544,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"254.1.168.192.in-addr.arpa","num_queries":1,"num_answers":0,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00559{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389954,"pkt_ts_usec":714572,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"IImEa8W6hCYVPnXECABFAACRAABAAEARtanAqAH+wKgBZAA15c8AfYPVNT2BgAABAAIAAAAAAjI2AzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAAAJABcGc2lnbnVwCndvdy1ldXJvcGUDY29tAMAMAAwAAQAAAAkAGg04MC0yMzktMTg2LTI2BmF0dGVucwNuZXQA"}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":52,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"26.186.239.80.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":642290,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAo31oAAPMGG1FQ77oowKgBZAG7DZa8aq6WRaVMa1AU+bLclgAAAAAAAAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1437389955670,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1437389955670,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":670603,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"IImEa8W6hCYVPnXECABFAABFcNYAADURfO2twigWwKgBZAG70UAAMRxxEMkFXwBmE17ybHuJOXq3nhBj9+0\/GMWhnexwnqL3\/n6xqnftvooLDz8="}
00458{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":696678,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"hCYVPnXEIImEa8W6CABFAABFDD0AAIARlobAqAFkrcIoFtFAAbsAMXj5DBnPzxTN69maKsxX+B31W\/+0ERxkBS+pEu\/Lu7MhCuhfcS4mTXYS47w="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1437389955747,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1437389955747,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":747893,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2IAAIARVpDAqAFkwKgB\/uXcADUANLhfizwBAAABAAAAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1437389955747,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1437389955747,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00514{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":800556,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"pkt":"IImEa8W6hCYVPnXECABFAABuAABAAEARtczAqAH+wKgBZAA15dwAWs2+izyBgAABAAEAAAAAAjQwAzE4NgMyMzkCODAHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAC+XABoNODAtMjM5LTE4Ni00MAZhdHRlbnMDbmV0AA=="}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":52,"flow_max_l4_data_len":90,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1437389955932,"flow_last_seen":0,"flow_tot_l4_data_len":21,"flow_min_l4_data_len":21,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":21,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":17,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"40.186.239.80.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1437389955932,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":932316,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"hCYVPnXEIImEa8W6CABFAAApUQNAAIAGOxbAqAFk2DrUbgvsAbu4rIxVQhQWM1AQAPyVMQAAAA=="}
00432{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389955,"pkt_ts_usec":967025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0zAIAADUGSwzYOtRuwKgBZAG7C+xCFBYzuKyMVoAQAofTiQAAAQEFCrisjFW4rIxW"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1437389956550,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1437389956550,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389956,"pkt_ts_usec":550428,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"hCYVPnXEIImEa8W6CABFAABIX2MAAIARVo\/AqAFkwKgB\/uXjADUANNVsy9IBAAABAAAAAAAAAjIyAjQwAzE5NAMxNzMHaW4tYWRkcgRhcnBhAAAMAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1437389956550,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1437389956550,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00461{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389956,"pkt_ts_usec":550723,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"hCYVPnXEIImEa8W6CABFAABJX2QAAIARVo3AqAFkwKgB\/uXjADUANaawlcQBAAABAAAAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAAB"}
00560{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389956,"pkt_ts_usec":552232,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"IImEa8W6hCYVPnXECABFAACPAABAAEARtavAqAH+wKgBZAA15eMAe9\/glcSBgAABAAIAAAAAAzExMAMyMTICNTgDMjE2B2luLWFkZHIEYXJwYQAADAABwAwADAABAABT2QAcEG1pbDAxczI1LWluLWYxMTAFMWUxMDADbmV0AMAMAAwAAQAAU9kAEg9taWwwMXMyNS1pbi1mMTTASg=="}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":52,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1437389956550,"flow_last_seen":1437389956552,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"110.212.58.216.in-addr.arpa","num_queries":1,"num_answers":2,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00514{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389956,"pkt_ts_usec":605099,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"IImEa8W6hCYVPnXECABFAABvAABAAEARtcvAqAH+wKgBZAA15eMAWyEky9KBgAABAAEAAAAAAjIyAjQwAzE5NAMxNzMHaW4tYWRkcgRhcnBhAAAMAAHADAAMAAEAAFRfABsPbWlsMDJzMDYtaW4tZjIyBTFlMTAwA25ldAA="}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":52,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1437389958129,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"22.40.194.173.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1437389958129,"flow_last_seen":0,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389958,"pkt_ts_usec":129733,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"hCYVPnXEIImEa8W6CABFAAA3SKVAAIAGzl7AqAFkUO\/QwQ1jBF+OUzht5cVUn1AY+ehDuQAA00l1ne7IFusS1wyd32Yu"}
00425{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389958,"pkt_ts_usec":226831,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBZAADQGDv1Q79DBwKgBZARfDWPlxVSfjlM4fFAQPaJ7fgAAAAAAAAAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1437389961548,"flow_last_seen":0,"flow_tot_l4_data_len":21,"flow_min_l4_data_len":21,"flow_max_l4_data_len":21,"flow_avg_l4_data_len":21,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1437389961548,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389961,"pkt_ts_usec":548711,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="}
00434{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389961,"pkt_ts_usec":598805,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389962,"pkt_ts_usec":628618,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="}
00158{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","type":35020}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1437389963466,"flow_last_seen":0,"flow_tot_l4_data_len":389,"flow_min_l4_data_len":389,"flow_max_l4_data_len":389,"flow_avg_l4_data_len":389,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1437389963466,"flow_last_seen":0,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00917{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":466906,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1437389963466,"flow_last_seen":0,"flow_tot_l4_data_len":389,"flow_min_l4_data_len":389,"flow_max_l4_data_len":389,"flow_avg_l4_data_len":389,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1437389963466,"flow_last_seen":0,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00905{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":467110,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"pkt":"AQBef\/\/6hCYVPnXECABFAAGQAABAAAERxbzAqAH+7\/\/\/+pbNB2wBfPulTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVwbnA6cm9vdGRldmljZQ0KVVNOOiB1dWlkOjExMjY2NzM2LWZhNTktMTFlNC05YzlmLTg0MjYxNTNlNzVjNDo6dXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
00917{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":467335,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
01001{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":467688,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":486,"pkt_l4_len":452,"pkt":"AQBef\/\/6hCYVPnXECABFAAHYAABAAAERxXTAqAH+7\/\/\/+pbNB2wBxIynTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpJbnRlcm5ldEdhdGV3YXlEZXZpY2U6MQ0KVVNOOiB1dWlkOjExMjY2NzM2LWZhNTktMTFlNC05YzlmLTg0MjYxNTNlNzVjNDo6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
@@ -64,17 +64,17 @@
00917{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":468965,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhWlvTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyOTU5NjQtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyOTU5NjQtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
00999{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":469204,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"pkt":"AQBef\/\/6hCYVPnXECABFAAHUAABAAAERxXjAqAH+7\/\/\/+pbNB2wBwK\/TTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENClVTTjogdXVpZDoxMTI5NTk2NC1mYTU5LTExZTQtOWM5Zi04NDI2MTUzZTc1YzQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOmRldmljZTpXQU5Db25uZWN0aW9uRGV2aWNlOjENCk5UUzogc3NkcDphbGl2ZQ0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsNCjAxLU5MUzogMQ0KQk9PVElELlVQTlAuT1JHOiAxDQpDT05GSUdJRC5VUE5QLk9SRzogMTMzNw0KDQo="}
00990{"flow_id":12,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389963,"pkt_ts_usec":469428,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"pkt":"AQBef\/\/6hCYVPnXECABFAAHOAABAAAERxX7AqAH+7\/\/\/+pbNB2wBuo1wTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENClVTTjogdXVpZDoxMTI5NTk2NC1mYTU5LTExZTQtOWM5Zi04NDI2MTUzZTc1YzQ6OnVybjpzY2hlbWFzLXVwbnAtb3JnOnNlcnZpY2U6V0FOSVBDb25uZWN0aW9uOjENCk5UUzogc3NkcDphbGl2ZQ0KT1BUOiAiaHR0cDovL3NjaGVtYXMudXBucC5vcmcvdXBucC8xLzAvIjsNCjAxLU5MUzogMQ0KQk9PVElELlVQTlAuT1JHOiAxDQpDT05GSUdJRC5VUE5QLk9SRzogMTMzNw0KDQo="}
-00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1437389954123,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.26","dst_ip":"192.168.1.100","src_port":443,"dst_port":3476,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1437389955642,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"80.239.186.40","dst_ip":"192.168.1.100","src_port":443,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":511456,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"hCYVPnXEIImEa8W6CABFAAA8SKZAAIAGzljAqAFkUO\/QwQ1jBF+OUzh85cVUn1AY+eiiKgAAgb8pIAfuTigNRzF0YIhRn73AbVc="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1437389964518,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1437389964518,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":518743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0bDFAAIAGrOPAqAFkrcJx4A2yAFD3XxLXAAAAAIACIABVKAAAAgQFtAEDAwgBAQQC"}
00433{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":552209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0QI0AADUGY4itwnHgwKgBZABQDbI8Bg5O918S2IASp5SDTQAAAgQFlgEBBAIBAwMH"}
00417{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":552313,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDJAAIAGrO7AqAFkrcJx4A2yAFD3XxLYPAYOT1AQAQBqlgAA"}
00889{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":552447,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"pkt":"hCYVPnXEIImEa8W6CABFAAGGbDNAAIAGq4\/AqAFkrcJx4A2yAFD3XxLYPAYOT1AYAQCCywAAUE9TVCAvY29sbGVjdCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogQmF0dGxlLm5ldC8xLjMuMC41OTUyDQpIb3N0OiB3d3cuZ29vZ2xlLWFuYWx5dGljcy5jb20NCkFjY2VwdDogKi8qDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCkNvbnRlbnQtTGVuZ3RoOiAxOTcNCg0Kdj0xJnRpZD1VQS01MDI0OTYwMC0yJmNpZD03OEFBODYzRi0zOTgzLTQ5MjgtQTg4NC0zQ0Y0NzlENEU4NkImej0yJmFuPUFQUCZhdj0xLjMuMC41OTUyJnVsPWVuLXVzJnVpZD0xMjQwNjcyMjgmY2QyPTEuMy4wLjU5NTImY2QzPTAmY2QxPTEmdD1wYWdldmlldyZkaD1FVS5iYXR0bGUubmV0JmRwPSUyRnBsYXklMkZTMlgxX3JldGFpbCUyRnBsYXk="}
-00691{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":20,"flow_max_l4_data_len":370,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}}
+00701{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1437389964518,"flow_last_seen":1437389964552,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":350,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {"hostname":"www.google-analytics.com","url":"www.google-analytics.com\/collect","code":0,"content_type":"","user_agent":"Battle.net\/1.3.0.5952"}}
00425{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":569270,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBdAADQGDvxQ79DBwKgBZARfDWPlxVSfjlM4kFAQPaJ7agAAAAAAAAAA"}
00557{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":569995,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"IImEa8W6hCYVPnXECABFAACNVBhAADQGDpZQ79DBwKgBZARfDWPlxVSfjlM4kFAYPaJuWAAAIwQ9pMGCyW3AhiuMP8mzYNJ83EmoDToO2hkSMZkDGaOuRjmhWKDQgF9DTw9ofoWFaqUwLCp1Mpis4vuebKZmDopIZT6lwQKmTcwYC821AtDb+uHs5pcy\/NnhzDKyYJ7rprHLquI="}
00425{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":585420,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoQJUAADUGY4ytwnHgwKgBZABQDbI8Bg5P918UNlAQAVho4AAAAAAAAAAA"}
@@ -83,22 +83,22 @@
00417{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":602775,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDRAAIAGrOzAqAFkrcJx4A2yAFD3XxQ2PAYP+lARAP9njQAA"}
00426{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":635398,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoQKgAADUGY3mtwnHgwKgBZABQDbI8Bg\/6918UN1ARAVhnMwAAAAAAAAAA"}
00417{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":635479,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDVAAIAGrOvAqAFkrcJx4A2yAFD3XxQ3PAYP+1AQAP9njAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1437389964752,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1437389964752,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":752396,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2UAAIARVpbAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1437389964752,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1437389964752,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00451{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":783426,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/X2YAAIARVpXAqAFkwKgB\/up6ADUAK3heAXYBAAABAAAAAAAABGxsbncIYmxpenphcmQDY29tAAABAAE="}
00540{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":788027,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbnPyAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAAFQfABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAATwABFf43f7ALwABAAEAAAE8AARX+N39"}
-00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":43,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1437389964790,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_first_seen":1437389964752,"flow_last_seen":1437389964788,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"llnw.blizzard.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"87.248.221.254"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1437389964790,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":790451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0FwlAAIAG67fAqAFkV\/jd\/g20AFApaAewAAAAAIAC\/\/838QAAAgQFtAEDAwgBAQQC"}
00540{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":835229,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"IImEa8W6hCYVPnXECABFAACCAABAAEARtbjAqAH+wKgBZAA16noAbgsvAXaBgAABAAMAAAAABGxsbncIYmxpenphcmQDY29tAAABAAHADAAFAAEAADuIABcIYmxpenphcmQCdm8FbGxud2QDbmV0AMAvAAEAAQAAASoABFf43f7ALwABAAEAAAEqAARX+N39"}
00435{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":848509,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0tGpAAPUG2VVX+N3+wKgBZABQDbTA0NjuKWgHsYAS\/\/+fJQAAAgQFtAEDAwQEAgAA"}
00419{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":848564,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwpAAIAG68LAqAFkV\/jd\/g20AFApaAexwNDY71AQBADa8wAA"}
00674{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":848660,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"hCYVPnXEIImEa8W6CABFAADjFwtAAIAG6wbAqAFkV\/jd\/g20AFApaAexwNDY71AYBACGigAAR0VUIC9zYzItcG9kLXJldGFpbC9BRjExQ0QwMC9FVS8yNDYyMS5kaXJlY3QvczItMzYyODEtQkEzNTZERDU3NTU3NzI4ODQzQ0FGNjNBMTJDNzlBQTMubWZpbCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogQmxpenphcmQgV2ViIENsaWVudA0KSG9zdDogbGxudy5ibGl6emFyZC5jb20NCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_tot_l4_data_len":291,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1437389964790,"flow_last_seen":1437389964848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":0,"content_type":"","user_agent":"Blizzard Web Client"}}
00426{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":906753,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAowZRAAPUGzDdX+N3+wKgBZABQDbTA0NjvKWgIbFAQD\/7OOgAAAAAAAAAA"}
02371{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921004,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcxFhAAPUGw79X+N3+wKgBZABQDbTA0NjvKWgIbFAQEApQtQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZQ0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9ODY0MDAwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQWdlOiA2NDA4NjINCkRhdGU6IE1vbiwgMjAgSnVsIDIwMTUgMTA6NTk6MjQgR01UDQpMYXN0LU1vZGlmaWVkOiBGcmksIDAzIEp1bCAyMDE1IDAwOjAzOjE2IEdNVA0KRXhwaXJlczogVGh1LCAyMyBKdWwgMjAxNSAwMDo1ODoyMiBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxMjQwMDMNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0KdmVyc2lvbj0zCnNlcnZlcnBhdGg9YmFzZQoJcGF0aD0KZmlsZT1CYXR0bGUubmV0L0JhdHRsZS5uZXQuTVBRCgluYW1lPUJhdHRsZS5uZXQvQmF0dGxlLm5ldC5NUFEKCXNpemU9NzEzNjE0NzUKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9Q2FtcGFpZ25zL0xpYmVydHkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJBc3NldHMKCW5hbWU9Q2FtcGFpZ25zL0xpYmVydHkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJBc3NldHMKCXNpemU9MzM5MTU1NzQ3OQoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTAKCXBhdGg9YmFzZQoJdGFnPWJhc2UKZmlsZT1DYW1wYWlnbnMvTGliZXJ0eS5TQzJDYW1wYWlnbi9CYXNlLlNDMkRhdGEKCW5hbWU9Q2FtcGFpZ25zL0xpYmVydHkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJEYXRhCglzaXplPTgwNDkxOAoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTAKCXBhdGg9YmFzZQoJdGFnPWJhc2UKZmlsZT1DYW1wYWlnbnMvTGliZXJ0eS5TQzJDYW1wYWlnbi9CYXNlLlNDMk1hcHMKCW5hbWU9Q2FtcGFpZ25zL0xpYmVydHkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJNYXBzCglzaXplPTYzMDk4MzEzCglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MAoJcGF0aD1iYXNlCgl0YWc9YmFzZQpmaWxlPUNhbXBhaWducy9MaWJlcnR5U3RvcnkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJEYXRhCgluYW1lPUNhbXBhaWducy9MaWJlcnR5U3RvcnkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJEYXRhCglzaXplPTE2MjcyMTIKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9Q2FtcGFpZ25zL1N3YXJtLlNDMkNhbXBhaWduL0Jhc2UuU0MyQXNzZXRzCgluYW1lPUNhbXBhaWducy9Td2FybS5TQzJDYW1wYWlnbi9CYXNlLlNDMkFzc2V0cwoJc2l6ZT0xMDU5MDc2NDIxCglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MAoJcGF0aD1iYXNlCgl0YWc9YmFzZQpmaWxlPUNhbXBhaWducy9Td2FybS5TQzJDYW1wYWlnbi9CYXNlLlNDMkRhdGEKCW5hbWU9Q2FtcGFpZ25zL1N3YXJtLlNDMkNhbXBhaWduL0Jhc2UuU0MyRGF0YQoJc2l6ZT0zNTE0MjMyMAoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTAKCXBhdGg9YmFzZQoJdGFnPWJhc2UKZmlsZT1DYW1wYWk="}
-00863{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_tot_l4_data_len":1791,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}
+00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1437389964790,"flow_last_seen":1437389964921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1647,"flow_avg_l4_payload_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"llnw.blizzard.com","url":"llnw.blizzard.com\/sc2-pod-retail\/AF11CD00\/EU\/24621.direct\/s2-36281-BA356DD57557728843CAF63A12C79AA3.mfil","code":200,"content_type":"application\/octet-stream","user_agent":"Blizzard Web Client"}}
00419{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921047,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFwxAAIAG68DAqAFkV\/jd\/g20AFApaAhswNDeo1AQBADUhAAA"}
02371{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921116,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcxFlAAPUGw75X+N3+wKgBZABQDbTA0N6jKWgIbFAQEAoYMwAAZ25zL1N3YXJtLlNDMkNhbXBhaWduL0Jhc2UuU0MyTWFwcwoJbmFtZT1DYW1wYWlnbnMvU3dhcm0uU0MyQ2FtcGFpZ24vQmFzZS5TQzJNYXBzCglzaXplPTQwOTgzNDU4CglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MAoJcGF0aD1iYXNlCgl0YWc9YmFzZQpmaWxlPUNhbXBhaWducy9Td2FybVN0b3J5LlNDMkNhbXBhaWduL0Jhc2UuU0MyQXNzZXRzCgluYW1lPUNhbXBhaWducy9Td2FybVN0b3J5LlNDMkNhbXBhaWduL0Jhc2UuU0MyQXNzZXRzCglzaXplPTEwODE5MjI3MwoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTAKCXBhdGg9YmFzZQoJdGFnPWJhc2UKZmlsZT1DYW1wYWlnbnMvU3dhcm1TdG9yeS5TQzJDYW1wYWlnbi9CYXNlLlNDMkRhdGEKCW5hbWU9Q2FtcGFpZ25zL1N3YXJtU3RvcnkuU0MyQ2FtcGFpZ24vQmFzZS5TQzJEYXRhCglzaXplPTM5NzA3NTQKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9Q2FtcGFpZ25zL1N3YXJtU3RvcnlVdGlsLlNDMk1vZAoJbmFtZT1DYW1wYWlnbnMvU3dhcm1TdG9yeVV0aWwuU0MyTW9kCglzaXplPTg5MzMyOAoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTAKCXBhdGg9YmFzZQoJdGFnPWJhc2UKZmlsZT1Nb2RzL0NoYWxsZW5nZXMuU0MyTW9kCgluYW1lPU1vZHMvQ2hhbGxlbmdlcy5TQzJNb2QKCXNpemU9MjY2MTM2CglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MAoJcGF0aD1iYXNlCgl0YWc9YmFzZQpmaWxlPU1vZHMvQ29yZS5TQzJNb2QvQmFzZS5TQzJBc3NldHMKCW5hbWU9TW9kcy9Db3JlLlNDMk1vZC9CYXNlLlNDMkFzc2V0cwoJc2l6ZT0xNTU4MDI3MjMKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9TW9kcy9Db3JlLlNDMk1vZC9CYXNlLlNDMkRhdGEKCW5hbWU9TW9kcy9Db3JlLlNDMk1vZC9CYXNlLlNDMkRhdGEKCXNpemU9MTcwMjc5ODcKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9TW9kcy9MaWJlcnR5LlNDMk1vZC9CYXNlLlNDMkFzc2V0cwoJbmFtZT1Nb2RzL0xpYmVydHkuU0MyTW9kL0Jhc2UuU0MyQXNzZXRzCglzaXplPTI1OTg1Njg2NDEKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9TW9kcy9MaWJlcnR5LlNDMk1vZC9CYXNlLlNDMkRhdGEKCW5hbWU9TW9kcy9MaWJlcnR5LlNDMk1vZC9CYXNlLlNDMkRhdGEKCXNpemU9NTA1NjUwMDkKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0wCglwYXRoPWJhc2UKCXRhZz1iYXNlCmZpbGU9TW9kcy9MaWJlcnR5TXVsdGkuU0MyTW9kL0Jhc2UuU0MyRGF0YQoJbmFtZT1Nb2RzL0xpYmVydHlNdWx0aS5TQzJNb2QvQmFzZS5TQzJEYXRhCglzaXplPTMyNDgzCglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MAoJcGF0aD1iYXNlCgl0YWc9YmFzZQpmaWxlPU1vZHM="}
00420{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921129,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFw1AAIAG67\/AqAFkV\/jd\/g20AFApaAhswNDkV1AQBADO0AAA"}
@@ -108,36 +108,36 @@
00420{"flow_id":15,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921476,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFw9AAIAG673AqAFkV\/jd\/g20AFApaAhswNDvv1AQBADDaAAA"}
02373{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921620,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcxFxAAPUGw7tX+N3+wKgBZABQDbTA0O+\/KWgIbFAQEAp40AAAdGEKCXNpemU9NDkwNwoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTEKCXBhdGg9YmFzZQoJdGFnPWVuVVMKZmlsZT1Nb2RzL1N3YXJtLlNDMk1vZC9lblVTLlNDMkFzc2V0cwoJbmFtZT1Nb2RzL1N3YXJtLlNDMk1vZC9lblVTLlNDMkFzc2V0cwoJc2l6ZT02NDYxMDIzCglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MQoJcGF0aD1iYXNlCgl0YWc9ZW5VUwpmaWxlPU1vZHMvU3dhcm0uU0MyTW9kL2VuVVMuU0MyRGF0YQoJbmFtZT1Nb2RzL1N3YXJtLlNDMk1vZC9lblVTLlNDMkRhdGEKCXNpemU9MTIyODk3CglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MQoJcGF0aD1iYXNlCgl0YWc9ZW5VUwpmaWxlPU1vZHMvU3dhcm1NdWx0aS5TQzJNb2QvZW5VUy5TQzJEYXRhCgluYW1lPU1vZHMvU3dhcm1NdWx0aS5TQzJNb2QvZW5VUy5TQzJEYXRhCglzaXplPTE0MDIyCglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MQoJcGF0aD1iYXNlCgl0YWc9ZW5VUwpmaWxlPUNhbXBhaWducy9MaWJlcnR5LlNDMkNhbXBhaWduL2VzTVguU0MyQXNzZXRzCgluYW1lPUNhbXBhaWducy9MaWJlcnR5LlNDMkNhbXBhaWduL2VzTVguU0MyQXNzZXRzCglzaXplPTEwMzA0OTM3NDEKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0xCglwYXRoPWJhc2UKCXRhZz1lc01YCmZpbGU9Q2FtcGFpZ25zL0xpYmVydHkuU0MyQ2FtcGFpZ24vZXNNWC5TQzJEYXRhCgluYW1lPUNhbXBhaWducy9MaWJlcnR5LlNDMkNhbXBhaWduL2VzTVguU0MyRGF0YQoJc2l6ZT00Mjg3NjAKCWZpbGV2ZXJzaW9uPTI0NjIxCglmbGFncz0xCglwYXRoPWJhc2UKCXRhZz1lc01YCmZpbGU9Q2FtcGFpZ25zL0xpYmVydHlTdG9yeS5TQzJDYW1wYWlnbi9lc01YLlNDMkRhdGEKCW5hbWU9Q2FtcGFpZ25zL0xpYmVydHlTdG9yeS5TQzJDYW1wYWlnbi9lc01YLlNDMkRhdGEKCXNpemU9NzI0NjU2CglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MQoJcGF0aD1iYXNlCgl0YWc9ZXNNWApmaWxlPUNhbXBhaWducy9Td2FybS5TQzJDYW1wYWlnbi9lc01YLlNDMkFzc2V0cwoJbmFtZT1DYW1wYWlnbnMvU3dhcm0uU0MyQ2FtcGFpZ24vZXNNWC5TQzJBc3NldHMKCXNpemU9MTMzMjkxODUzNAoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTEKCXBhdGg9YmFzZQoJdGFnPWVzTVgKZmlsZT1DYW1wYWlnbnMvU3dhcm0uU0MyQ2FtcGFpZ24vZXNNWC5TQzJEYXRhCgluYW1lPUNhbXBhaWducy9Td2FybS5TQzJDYW1wYWlnbi9lc01YLlNDMkRhdGEKCXNpemU9Mjk3NTE3CglmaWxldmVyc2lvbj0yNDYyMQoJZmxhZ3M9MQoJcGF0aD1iYXNlCgl0YWc9ZXNNWApmaWxlPUNhbXBhaWducy9Td2FybVN0b3J5LlNDMkNhbXBhaWduL2VzTVguU0MyQXNzZXRzCgluYW1lPUNhbXBhaWducy9Td2FybVN0b3J5LlNDMkNhbXBhaWduL2VzTVguU0MyQXNzZXRzCglzaXplPTI3ODg3MDEwNwoJZmlsZXZlcnNpb249MjQ2MjEKCWZsYWdzPTEKCXBhdGg9YmFzZQoJdGE="}
00420{"flow_id":15,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389964,"pkt_ts_usec":921641,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoFxBAAIAG67zAqAFkV\/jd\/g20AFApaAhswND1c1AQBAC9tAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1437389967432,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1437389967432,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":432431,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0U2dAAIAG+pjAqAFkDIHeNg24AFDXJA2NAAAAAIACIACvkgAAAgQFtAEDAwgBAQQC"}
00434{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":630455,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAAC0GoQAMgd42wKgBZABQDbj6JMXG1yQNjoASFtD4xgAAAgQFtAEBBAIBAwMH"}
00418{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":630517,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2hAAIAG+qPAqAFkDIHeNg24AFDXJA2O+iTFx1AQAQBPaQAA"}
00538{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":639692,"pkt_caplen":139,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":139,"pkt_l4_len":105,"pkt":"hCYVPnXEIImEa8W6CABFAAB9U2lAAIAG+k3AqAFkDIHeNg24AFDXJA2O+iTFx1AYAQD\/UgAAR0VUIC91cGRhdGUvTGF1bmNoZXIudHh0IEhUVFAvMS4xDQpIb3N0OiB1cy5zY2FuLndvcmxkb2Z3YXJjcmFmdC5jb20NCkFjY2VwdDogKi8qDQoNCg=="}
-00687{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_tot_l4_data_len":189,"flow_min_l4_data_len":20,"flow_max_l4_data_len":105,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}}
+00696{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1437389967432,"flow_last_seen":1437389967639,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":21,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"},"http": {"hostname":"us.scan.worldofwarcraft.com","url":"us.scan.worldofwarcraft.com\/update\/Launcher.txt","code":0,"content_type":"","user_agent":""}}
00426{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":833673,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoibdAAC0GF1UMgd42wKgBZABQDbj6JMXH1yQN41AQAC5P5gAAAAAAAAAA"}
00785{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":834099,"pkt_caplen":327,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":327,"pkt_l4_len":293,"pkt":"IImEa8W6hCYVPnXECABFAAE5ibhAAC0GFkMMgd42wKgBZABQDbj6JMXH1yQN41AYAC6X5gAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjI3IEdNVA0KU2VydmVyOiBBcGFjaGUvMi4yLjMgKENlbnRPUykNCkxhc3QtTW9kaWZpZWQ6IE1vbiwgMjUgQXVnIDIwMTQgMTg6MTk6MjcgR01UDQpFVGFnOiAiNmUyMDMzLTI3LTUwMTc4M2EyOGE5YzAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KQ29udGVudC1MZW5ndGg6IDM5DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCg0KU2Nhbg0KMi4yLjg0Ljc3DQpTY2FuV2luNjQNCjIuMi44NC43Nw0K"}
00418{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389967,"pkt_ts_usec":834235,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2pAAIAG+qHAqAFkDIHeNg24AFDXJA3j+iTG2FARAP9OAwAA"}
00425{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":27078,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoiblAAC0GF1MMgd42wKgBZABQDbj6JMbY1yQN5FARAC5O0wAAAAAAAAAA"}
00417{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":27107,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoU2tAAIAG+qDAqAFkDIHeNg24AFDXJA3k+iTG2VAQAP9OAgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1437389968486,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1437389968486,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":486982,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaD9AAIAGnzjAqAFkAuQuaA2kAbvjTIWjXKb5cVARAQDtEwAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487209,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEBAAIAGnzfAqAFkAuQuaA2hAbso9r9xF3ZyNlARAP06DgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487307,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEFAAIAGnzbAqAFkAuQuaA2iAbuuMy\/9hNS6Y1ARAQCOtQAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487427,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoaEJAAIAGnzXAqAFkAuQuaA2jAbuWFKpTUfGXQ1ARBFh\/KAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487518,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWNAAIAG7grAqAFkAuQucg2aAbv4rJBdJdjUo1ARAP0omQAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487631,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWRAAIAG7gnAqAFkAuQucg2YAbs5x3Vg1+NhTFARAQDDxgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487742,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWVAAIAG7gjAqAFkAuQucg2ZAbvryQjoVlrkVFARAQB8vAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487849,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWZAAIAG7gfAqAFkAuQucg2XAbvNUW978CZu3VARBF0M8QAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1437389968487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":487945,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoPo5AAIAGjnLAqAFkxyaknA2eAbtl4GJo2w7rJVAR9fPuOQAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1437389968488,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1437389968488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":488066,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAobDZAAIAGrOrAqAFkrcJx4A2cAbsxkmlKz83WwVARAP18ZAAA"}
00494{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":519450,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"pkt":"IImEa8W6hCYVPnXECABFAABdOZFAADkGFKgC5C5ywKgBZAG7DZol2NSj+KyQXlAYAk8nagAAFQMCADAMud3SaYTsSqa\/uoo0a5E8VCc4Xkt3IWOikvjNzbZ6\/KN17SBOZ1wiAn+Wb8fZvA4="}
00418{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":519504,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoGWdAAIAG7gbAqAFkAuQucg2aAbv4rJBeJdjU2FAUAAApXQAA"}
@@ -177,32 +177,32 @@
00427{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389968,"pkt_ts_usec":685334,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoVBxAADQGDvdQ79DBwKgBZARfDWPlxVUVjlM4olARPaJ64QAAAAAAAAAA"}
00435{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389970,"pkt_ts_usec":671140,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0DEUAAIARlo\/AqAFkrcIoFtFAAbsAIKDYDBnPzxTN69maK3zVmJ1A8q4\/WcfKtlQW"}
00452{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389970,"pkt_ts_usec":729677,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"IImEa8W6hCYVPnXECABFAAA\/jiEAADURX6itwigWwKgBZAG70UAAK09mEMoFok0rRRKq\/gpUJClbhllLX\/LbhD0JR6ucwFId24LczKc="}
-00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1437389976946,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00454{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1437389976946,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389976,"pkt_ts_usec":946687,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7AQEICgBN"}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1437389976946,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1437389976946,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00426{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389980,"pkt_ts_usec":126345,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"pkt":"AQBeAAAWtFJ+6zOBCABGAAAoAABAAAECQqbAqAFr4AAAFpQEAAAiAPkCAAAAAQQAAADgAAD7DndzYmFj"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1437389981134,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1437389981134,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":134438,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2cAAIARVpXAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1437389981134,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":297,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1437389981134,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00451{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":164861,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"hCYVPnXEIImEa8W6CABFAAA+X2gAAIARVpTAqAFkwKgB\/s+ZADUAKjZ5W6oBAAABAAAAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAQ=="}
00470{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":169989,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"IImEa8W6hCYVPnXECABFAABOAABAAEARtezAqAH+wKgBZAA1z5kAOuq0W6qBgAABAAEAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAcAMAAEAAQAAAAYABFDvuho="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1437389981197,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":299,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_first_seen":1437389981134,"flow_last_seen":1437389981169,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"nydus.battle.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"80.239.186.26"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1437389981197,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":197007,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EYNAAIAGHCvAqAFkUO+6Gg27AFBEOrW2AAAAAIACIAB5\/gAAAgQFtAEDAwgBAQQC"}
00470{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":218038,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"IImEa8W6hCYVPnXECABFAABOAABAAEARtezAqAH+wKgBZAA1z5kAOuqDW6qBgAABAAEAAAAABW55ZHVzBmJhdHRsZQNuZXQAAAEAAcAMAAEAAQAAADcABFDvuho="}
00426{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":256483,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDbuOe0nfRDq1t2ASOQixoAAAAgQFtAAA"}
00418{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":256545,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYRAAIAGHDbAqAFkUO+6Gg27AFBEOrW3jntJ4FAQ+vAHdQAA"}
00609{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":265910,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"hCYVPnXEIImEa8W6CABFAACzEYVAAIAGG6rAqAFkUO+6Gg27AFBEOrW3jntJ4FAY+vA+7gAAR0VUIC9TMi9lbkdCL2NsaWVudC9yZWdpb25zP2J1aWxkPWVuR0ImdGFyZ2V0UmVnaW9uPUVVIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBCYXR0bGUubmV0IFdlYiBDbGllbnQNCkhvc3Q6IG55ZHVzLmJhdHRsZS5uZXQNCkFjY2VwdDogKi8qDQoNCg=="}
-00708{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":20,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1437389981197,"flow_last_seen":1437389981265,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":324978,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoBz5AADMGc3xQ77oawKgBZABQDbuOe0ngRDq2QlAQPLjFIgAAAAAAAAAA"}
01109{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":325475,"pkt_caplen":569,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":569,"pkt_l4_len":535,"pkt":"IImEa8W6hCYVPnXECABFAAIrBz9AADMGcXhQ77oawKgBZABQDbuOe0ngRDq2QlAYPLht0wAASFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQxIEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTG9jYXRpb246IGh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvcmVnaW9uc3htbC9yZWdpb25zLnhtbA0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUxlbmd0aDogMjQ3DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xDQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vSUVURi8vRFREIEhUTUwgMi4wLy9FTiI+CjxodG1sPjxoZWFkPgo8dGl0bGU+MzAyIEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Rm91bmQ8L2gxPgo8cD5UaGUgZG9jdW1lbnQgaGFzIG1vdmVkIDxhIGhyZWY9Imh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvcmVnaW9uc3htbC9yZWdpb25zLnhtbCI+aGVyZTwvYT4uPC9wPgo8L2JvZHk+PC9odG1sPgo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1437389981330,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1437389981330,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":330014,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RD1AAIAG6XXAqAFkUO+6FQ28AFBBQIDMAAAAAIACIACx5gAAAgQFtAEDAwgBAQQC"}
00418{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":344916,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEYdAAIAGHDPAqAFkUO+6Gg27AFBEOrZCjntL41AQ+O0G6gAA"}
00426{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":385510,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDbzhin+3QUCAzWASOQhgoQAAAgQFtAAA"}
00420{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":385569,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRD9AAIAG6X\/AqAFkUO+6FQ28AFBBQIDN4Yp\/uFAQ+vC2dQAA"}
00707{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":385630,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"hCYVPnXEIImEa8W6CABFAAD9REBAAIAG6KnAqAFkUO+6FQ28AFBBQIDN4Yp\/uFAY+vANTQAAR0VUIC9zZXJ2aWNlL3MyL3JlZ2lvbnN4bWwvcmVnaW9ucy54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogZXUubGF1bmNoZXIuYmF0dGxlLm5ldA0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9ueWR1cy5iYXR0bGUubmV0L1MyL2VuR0IvY2xpZW50L3JlZ2lvbnM\/YnVpbGQ9ZW5HQiZ0YXJnZXRSZWdpb249RVUNCg0K"}
-00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1437389981330,"flow_last_seen":1437389981385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":441002,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoABlAADMGeqZQ77oVwKgBZABQDbzhin+4QUCBolAQPLhz2QAAAAAAAAAA"}
02372{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":441587,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcABpAADMGdPFQ77oVwKgBZABQDbzhin+4QUCBolAQPLg3NAAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQxIEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBGZWIgMjAxNCAyMzo0NzowNSBHTVQNCkVUYWc6ICJlMDU2LTljYS00ZjFjNTdkOWFmMDQwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNvbnRlbnQtTGVuZ3RoOiAyNTA2DQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veG1sDQoNCjwhLS0gVGhpcyBmaWxlIHNwZWNpZmllcyB3aGF0IHJlZ2lvbnMgdGhlIFN0YXJjcmFmdCAyIGNsaWVudCBjYW4gY29ubmVjdCB0by4gRWFjaCBub2RlIGhhcyB0aGUgcG9zc2liaWxpdHkgb2YgNCBhdHRyaWJ1dGVzOgogICAgICAgICogZGlzcGxheW5hbWUgLSBUaGlzIHNwZWNpZmllcyB0aGUgc3RyaW5nIHRoYXQgd2lsbCBiZSBkaXNwbGF5ZWQgaW4gdGhlIGNsaWVudC4gSXQgaXMgaW50ZW5kZWQKICAgICAgICAgICAgICAgIHRvIGJlIGEgTDEwTiBzdHJpbmcgaWRlbnRpZmllciAoaWYgdGhlcmUgaXMgbm8gY29ycmVzcG9uZGluZyBMMTBOIHN0cmluZyB0aGVuIHRoZSByYXcgc3RyaW5nCiAgICAgICAgICAgICAgICBpdHNlbGYgd2lsbCBiZSBkaXNwbGF5ZWQpCiAgICAgICAgKiBob3N0bmFtZSAtIHRoZSByZWdpb24vaG9zdCB0byBjb25uZWN0IHRvLiBUaGlzIHdpbGwgYmUgZ2l2ZW4gdG8gZGFyayBwb3J0YWwgYW5kIGlzIHR5cGljYWxseQogICAgICAgICAgICAgICAgdGhlIHN0cmluZyBwcmVwZW5kZWQgdG8gImxvZ29uLmJhdHRsZS5uZXQiLiBJbiBkZWJ1ZyBidWlsZHMsIHRoaXMgY2FuIGJlIGEgZnVsbHkgcXVhbGlmaWVkCiAgICAgICAgICAgICAgICBhZGRyZXNzIG9yIGlwLgogICAgICAgICogYWxsb3dlZFByb2R1Y3RMb2NhbGVzIC0gYSBjb21tYSBkZWxpbWl0ZWQgbGlzdCBvZiBwcm9kdWN0IGxvY2FsZXMgZm9yIHdoaWNoIHRoZSByZWdpb24gaXMgYQogICAgICAgICAgICAgICAgdmFsaWQgb3B0aW9uLiBPbmx5IGNsaWVudHMgd2l0aCBvbmUgb2YgdGhlIGxpc3RlZCBwcm9kdWN0IGxvY2FsZXMgd2lsbCBiZSBhYmxlIHRvIGNvbm5lY3QgdG8KICAgICAgICAgICAgICAgIHRoZSBzcGVjaWZpZWQgcmVnaW9uLiBJZiAnYWxsJyBpcyBzcGVjaWZpZWQgdGhlbiB0aGUgcmVnaW9uIGlzIHZhbGlkIGZvciBhbGwgbG9jYWxlcwogICAgICAgICogbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uIC0gYSBjb21tYSBkZWxpbWl0ZWQgbGlzdCBvZiBwcm9kdWN0IGxvY2FsZXMgZm9yIHdoaWNoIHRoZSByZWdpb24KICAgICAgICAgICAgICAgIGlzIHRoZSBkZWZhdWx0LiBBIHByb2R1Y3QgbG9jYWxlIHNob3VsZCBub3QgYXBwZWFyIGluIHRoaXMgbGlzdCBpbiBtb3JlIHRoYW4gMSByZWdpb24uCiAgICAgICAgKiBpc0JldGFSZWdpb24gLSBpZiBzZXQgdG8gJ3RydWUnLCA="}
02189{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":441753,"pkt_caplen":1377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1377,"pkt_l4_len":1343,"pkt":"IImEa8W6hCYVPnXECABFAAVTABtAADMGdXlQ77oVwKgBZABQDbzhioVsQUCBolAYPLj3\/QAAd2lsbCBiZSBkaXNwbGF5ZWQgaW4gdGhlIHJlZ2lvbnMgbGlzdCBmb3IgYmV0YSBidWlsZHMgYW5kCiAgICAgICAgICAgICAgICBoaWRkZW4gaW4gbm9uLWJldGEgYnVpbGRzLiAgSWYgYW55IG90aGVyIHZhbHVlLCBvciB1bnNwZWNpZmllZCwgd2lsbCBleGNsdWRlIGl0IGZyb20gYmV0YSBidWlsZHMuCgogICAgICAgIE5PVEU6IElmIGxlc3MgdGhhbiAyIHJlZ2lvbnMgYXJlIHNwZWNpZmllZCBmb3IgYSBwYXJ0aWN1bGFyIHByb2R1Y3QgbG9jYWxlIHRoZW4gdGhlIHJlZ2lvbiBzZWxlY3RvciB3aWxsIG5vdCBhcHBlYXIKCi0tPgo8cmVnaW9ucz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9VU19SRUdJT04iIGhvc3RuYW1lPSJ1cyIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJlblVTLGVzTVgscHRCUixlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElULGtvS1IsemhUVyxlblNHIiBsb2NhbGVzVGhhdERlZmF1bHRUb1RoaXNSZWdpb249ImVuVVMsZXNNWCxwdEJSIi8+CiAgICAgICAgPHJlZ2lvbiBkaXNwbGF5bmFtZT0iQVVUSEVOVElDQVRJT05fRVVfUkVHSU9OIiBob3N0bmFtZT0iZXUiIGFsbG93ZWRQcm9kdWN0TG9jYWxlcz0iZW5VUyxlc01YLHB0QlIsZW5HQixmckZSLGRlREUsZXNFUyxydVJVLHBsUEwsaXRJVCxrb0tSLHpoVFcsZW5TRyIgbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uPSJlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElUIi8+CiAgICAgICAgPHJlZ2lvbiBkaXNwbGF5bmFtZT0iQVVUSEVOVElDQVRJT05fS1JfUkVHSU9OIiBob3N0bmFtZT0ia3IiIGFsbG93ZWRQcm9kdWN0TG9jYWxlcz0iZW5VUyxlc01YLHB0QlIsZW5HQixmckZSLGRlREUsZXNFUyxydVJVLHBsUEwsaXRJVCxrb0tSLHpoVFcsZW5TRyIgbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uPSJrb0tSLHpoVFciLz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9TR19SRUdJT04iIGhvc3RuYW1lPSJzZyIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJlblVTLGVzTVgscHRCUixlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElULGtvS1IsemhUVyxlblNHIiBsb2NhbGVzVGhhdERlZmF1bHRUb1RoaXNSZWdpb249ImVuU0ciLz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9CRVRBX1JFR0lPTiIgaG9zdG5hbWU9InMyLWJldGEiIGlzQmV0YVJlZ2lvbj0idHJ1ZSIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJhbGwiIGxvY2FsZXNUaGF0RGVmYXVsdFRvVGhpc1JlZ2lvbj0iYWxsIi8+CjwvcmVnaW9ucz4K"}
@@ -214,27 +214,27 @@
00427{"flow_id":30,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":497815,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoAB1AADMGeqJQ77oVwKgBZABQDbzhioqYQUCBo1AQPLho+AAAAAAAAAAA"}
00426{"flow_id":29,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":500677,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoB0BAADMGc3pQ77oawKgBZABQDbuOe0vjRDq2Q1ARPLjDHQAAAAAAAAAA"}
00419{"flow_id":29,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389981,"pkt_ts_usec":500692,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEY5AAIAGHCzAqAFkUO+6Gg27AFBEOrZDjntL5FAQ+O0G6AAA"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1437389982130,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1437389982130,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":130449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0Zr9AAIAGfH3AqAFk1fh\/gg29BF8F03V0AAAAAIACgABKLQAAAgQFtAEDAwABAQQC"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1437389982140,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1437389982140,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":140672,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EY9AAIAGHB\/AqAFkUO+6Gg2+AFAFq5RDAAAAAIACIADZ\/QAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":182998,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADIGMUXV+H+CwKgBZARfDb3bZ8BEBdN1dWASFtBArgAAAgQFtAAA"}
00419{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":183063,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsBAAIAGfIjAqAFk1fh\/gg29BF8F03V122fARVAQgADvOgAA"}
00426{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":197448,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDb7iEHr2BauURGASOQiM8wAAAgQFtAAA"}
00418{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":197512,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZBAAIAGHCrAqAFkUO+6Gg2+AFAFq5RE4hB691AQ+vDixwAA"}
00605{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":207536,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"hCYVPnXEIImEa8W6CABFAACxEZFAAIAGG6DAqAFkUO+6Gg2+AFAFq5RE4hB691AY+vCboQAAR0VUIC9TMi9lbkdCL2NsaWVudC9hbGVydD9idWlsZD1lbkdCJnRhcmdldFJlZ2lvbj1FVSBIVFRQLzEuMQ0KVXNlci1BZ2VudDogQmF0dGxlLm5ldCBXZWIgQ2xpZW50DQpIb3N0OiBueWR1cy5iYXR0bGUubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_tot_l4_data_len":233,"flow_min_l4_data_len":20,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1437389982140,"flow_last_seen":1437389982207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/alert?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":264282,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAo0FpAADMGql9Q77oawKgBZABQDb7iEHr3BauUzVAQPLigdwAAAAAAAAAA"}
01113{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":264460,"pkt_caplen":573,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":573,"pkt_l4_len":539,"pkt":"IImEa8W6hCYVPnXECABFAAIv0FtAADMGqFdQ77oawKgBZABQDb7iEHr3BauUzVAYPLjHwQAASFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQyIEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTG9jYXRpb246IGh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvYWxlcnQvZW4tZ2INClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIzNg0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMQ0KWC1QYWQ6IGF2b2lkIGJyb3dzZXIgYnVnDQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vSUVURi8vRFREIEhUTUwgMi4wLy9FTiI+CjxodG1sPjxoZWFkPgo8dGl0bGU+MzAyIEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Rm91bmQ8L2gxPgo8cD5UaGUgZG9jdW1lbnQgaGFzIG1vdmVkIDxhIGhyZWY9Imh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvYWxlcnQvZW4tZ2IiPmhlcmU8L2E+LjwvcD4KPC9ib2R5PjwvaHRtbD4K"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1437389982269,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1437389982269,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":269189,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RElAAIAG6WnAqAFkUO+6FQ2\/AFB8c4vnAAAAAIACIABrlQAAAgQFtAEDAwgBAQQC"}
00560{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":277691,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"hCYVPnXEIImEa8W6CABFAACOZsFAAIAGfCHAqAFk1fh\/gg29BF8F03V122fARVAYgAAxSQAASgAACmYCCu0tZq3I6AoAACmZZLcjoQAARtxDNzK6ACu0twAAZyUMBhcAbWF0dGVvYnJhY2NpMUBnbWFpbC5jb20CMlMAAIzUrFUAAAAAAAAAAAAA\/\/9dOfxp7nY4rwAAAAAAAAAA"}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1437389982130,"flow_last_seen":1437389982277,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":25,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
00419{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":285092,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZNAAIAGHCfAqAFkUO+6Gg2+AFAFq5TN4hB8\/lAQ+OniPgAA"}
00427{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":326953,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDb8Q\/FwJfHOL6GASOQgOjQAAAgQFtAAA"}
00419{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":327018,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoREtAAIAG6XPAqAFkUO+6FQ2\/AFB8c4voEPxcClAQ+vBkYQAA"}
00690{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":327086,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"hCYVPnXEIImEa8W6CABFAADwRExAAIAG6KrAqAFkUO+6FQ2\/AFB8c4voEPxcClAY+vB9RQAAR0VUIC9zZXJ2aWNlL3MyL2FsZXJ0L2VuLWdiIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBCYXR0bGUubmV0IFdlYiBDbGllbnQNCkhvc3Q6IGV1LmxhdW5jaGVyLmJhdHRsZS5uZXQNCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vbnlkdXMuYmF0dGxlLm5ldC9TMi9lbkdCL2NsaWVudC9hbGVydD9idWlsZD1lbkdCJnRhcmdldFJlZ2lvbj1FVQ0KDQo="}
-00693{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":20,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1437389982269,"flow_last_seen":1437389982327,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/alert\/en-gb","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":328685,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoalVAADIGxvPV+H+CwKgBZARfDb3bZ8BFBdN121AQFtBYBQAAAAAAAAAA"}
01424{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":353012,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"IImEa8W6hCYVPnXECABFAAMPalZAADIGxAvV+H+CwKgBZARfDb3bZ8BFBdN121AYFtA2dAAAQhBhdXRoAABFVY6G+90e5RUxXp4+G0ebeIneHs7aBwPZh2+UQc5Nk0V2JAEAVWkLB4w0UIk9yJEQ6yTjmdl2I9+PqOhKZSoix\/bmVgx4WNCjTknfg5z4wJvzE1OBMdrGXOS0cR+nwYpl4ElkGqntlsVmuLgHpUk01IOa0K\/JyONGAAyFZnumepm9S\/lCIPUJF6GJEuDUX6Y4nyhjnLk16ifmmIEWiwufuoTZMU2lwqO\/utcFYSOpcJe\/b2kcYXV0aAAARVU2snzZEbM8YXMKi4LIsklf0W6AJPw7Ld4Ihhx3qFKUHIAA5xb08KAeucAypsE5M1ak92bwZ5SdcQI8DPwGE3GJZu+BTmXMbucMQyp\/iv2KBitSYDoml+hR0jHXLAJ3YUGB1xM2mx6OS+6rcgRamq1F8xnbkY7N24PI74t1EGANOR1F5\/7AvurpBKX5+mIPHM2taZ2EpHOc5mm1pVGDHjliFOE7TIj1c\/XNx4TNAVMMCGtnTAO+tmQDoPh+0Xq7tAPeVM8xvoKKIMVmwi5NQmOqdyILBkTZkkU0W8rCduoGkl65hNZkclw8t1cUCv4S4ny5lvFxWbEFfptYt4u7WhOcn\/YhWg0lC3X8ndQ1ZV3erc1s\/YSAB5LBRrNjMYjs61PSA4wYXgvVGp5scP04rfUw+N9Q+2IFPF6JSJerfdZcesgGZfGOeYm+bjDxXpOXURI9bYpE8DMXUwHRWqrSrqBvrGC6QGWEauk48yscsV8W3A52eSpzMjRolgSAZdF8BZiZ4dIwDkAr0Op0Jl2mpCschU4kcNeyGuSi2ukOYCp1myyg7mELUNU4nbiTNdVFH+dt2FsJ\/VKX1vnvtsNM6IUAf33yDWpSTgw+dy+gSz3S4BTTozenkJQ9rVI8u1RT9P34503+NhvV8lqzGVK0eBSLVw31diZD8yuZT+yZp0fkomWmbuhKU1CewoXIRnlgYEkxT8UmxhtTesgGHHiPi4b1Igg="}
00419{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":372796,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoZsJAAIAGfIbAqAFk1fh\/gg29BF8F03Xb22fDLFAQfRnu1AAA"}
@@ -254,33 +254,33 @@
00513{"flow_id":31,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":710820,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"IImEa8W6hCYVPnXECABFAABsallAADIGxqvV+H+CwKgBZARfDb3bZ8QzBdN3UlAYHVD1UAAAQIAAA6nAAb68IAAAAfQGAE1hdHRlbwZCcmFjY2kHZR2cAgAAAAAAAAAAAgoxMjQwNjcyMjgjMQAAAAAAAAAAAAAAAAA="}
00424{"flow_id":31,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":717908,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"hCYVPnXEIImEa8W6CABFAAAqZsZAAIAGfIDAqAFk1fh\/gg29BF8F03dS22fEd1AYe86oUgAARQE="}
00453{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":733143,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"hCYVPnXEIImEa8W6CABFAAA\/ZsdAAIAGfGrAqAFk1fh\/gg29BF8F03dU22fEd1AYe84vwAAAR+0eDqB+Q6jkKGsdpNkL4gbT05i26+I="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1437389982769,"flow_last_seen":0,"flow_tot_l4_data_len":10,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1437389982769,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":769377,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"pkt":"hCYVPnXEIImEa8W6CABFAAAeGS0AAIARpdHAqAFkBSq0ms+aBF8ACqcOCQE="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1437389982769,"flow_last_seen":0,"flow_tot_l4_data_len":10,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1437389982769,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":769429,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"pkt":"hCYVPnXEIImEa8W6CABFAAAeFBMAAIARMAnAqAFkPnP2M8+aBF8ACiwrCQI="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1437389982782,"flow_last_seen":0,"flow_tot_l4_data_len":9,"flow_min_l4_data_len":9,"flow_max_l4_data_len":9,"flow_avg_l4_data_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":379,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1437389982782,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":782998,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"pkt":"hCYVPnXEIImEa8W6CABFAAAdK4EAAIAR93XAqAFk1fh\/1BfhBF8ACcrCAQ=="}
00426{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":823721,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":10,"pkt":"IImEa8W6hCYVPnXECABFAAAeAABAADYRyP4FKrSawKgBZARfz5oACqYOCgEAAAAAAAAAAAAAAAAAAAAA"}
00427{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":825686,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":10,"pkt":"IImEa8W6hCYVPnXECABFAAAeAABAADcRTRw+c\/YzwKgBZARfz5oACisrCgIAAAAAAAAAAAAAAAAAAAAA"}
00429{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":833431,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"pkt":"IImEa8W6hCYVPnXECABFAAAjAABAADMRL\/HV+H\/UwKgBZARfF+EAD6ZYAl05\/GkEgAAAAAAAAAAAAAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1437389982884,"flow_last_seen":0,"flow_tot_l4_data_len":9,"flow_min_l4_data_len":9,"flow_max_l4_data_len":9,"flow_avg_l4_data_len":9,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1437389982884,"flow_last_seen":0,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00406{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":884376,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"pkt":"hCYVPnXEIImEa8W6CABFAAAdDfMAAIARFTLAqAFk1fh\/phfhBF8ACcjwAw=="}
00428{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389982,"pkt_ts_usec":933512,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"pkt":"IImEa8W6hCYVPnXECABFAAAjAABAADMRMB\/V+H+mwKgBZARfF+EAD6SGBF05\/GkEgAAAAAAAAAAAAAAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1437389983663,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1437389983663,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":663994,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EZpAAIAGHBTAqAFkUO+6Gg3BAFD6MpY\/AAAAAIACIADjdgAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":723450,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcFck85k+jKWQGASOQjIewAAAgQFtAAA"}
00419{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":723508,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZtAAIAGHB\/AqAFkUO+6Gg3BAFD6MpZAXJPOZVAQ+vAeUAAA"}
00609{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":723568,"pkt_caplen":193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":193,"pkt_l4_len":159,"pkt":"hCYVPnXEIImEa8W6CABFAACzEZxAAIAGG5PAqAFkUO+6Gg3BAFD6MpZAXJPOZVAY+vBVyQAAR0VUIC9TMi9lbkdCL2NsaWVudC9yZWdpb25zP2J1aWxkPWVuR0ImdGFyZ2V0UmVnaW9uPUVVIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBCYXR0bGUubmV0IFdlYiBDbGllbnQNCkhvc3Q6IG55ZHVzLmJhdHRsZS5uZXQNCkFjY2VwdDogKi8qDQoNCg=="}
-00708{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_tot_l4_data_len":235,"flow_min_l4_data_len":20,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1437389983663,"flow_last_seen":1437389983723,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/regions?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00427{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":783248,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoioNAADMG8DZQ77oawKgBZABQDcFck85l+jKWy1AQPLjb\/QAAAAAAAAAA"}
01109{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":783412,"pkt_caplen":569,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":569,"pkt_l4_len":535,"pkt":"IImEa8W6hCYVPnXECABFAAIrioRAADMG7jJQ77oawKgBZABQDcFck85l+jKWy1AYPLiCrgAASFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQzIEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTG9jYXRpb246IGh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvcmVnaW9uc3htbC9yZWdpb25zLnhtbA0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUxlbmd0aDogMjQ3DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xDQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vSUVURi8vRFREIEhUTUwgMi4wLy9FTiI+CjxodG1sPjxoZWFkPgo8dGl0bGU+MzAyIEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Rm91bmQ8L2gxPgo8cD5UaGUgZG9jdW1lbnQgaGFzIG1vdmVkIDxhIGhyZWY9Imh0dHA6Ly9ldS5sYXVuY2hlci5iYXR0bGUubmV0L3NlcnZpY2UvczIvcmVnaW9uc3htbC9yZWdpb25zLnhtbCI+aGVyZTwvYT4uPC9wPgo8L2JvZHk+PC9odG1sPgo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1437389983788,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1437389983788,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":788102,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0RFRAAIAG6V7AqAFkUO+6FQ3CAFAtDsyVAAAAAIACIAB6SQAAAgQFtAEDAwgBAQQC"}
00418{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":803460,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEZ5AAIAGHBzAqAFkUO+6Gg3BAFD6MpbLXJPQaFAQ+O0dxQAA"}
00426{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":846428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGertQ77oVwKgBZABQDcLXOt3ELQ7MlmASOQjVRgAAAgQFtAAA"}
00418{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":846485,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoRFZAAIAG6WjAqAFkUO+6FQ3CAFAtDsyW1zrdxVAQ+vArGwAA"}
00706{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":846567,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"hCYVPnXEIImEa8W6CABFAAD9RFdAAIAG6JLAqAFkUO+6FQ3CAFAtDsyW1zrdxVAY+vCB8gAAR0VUIC9zZXJ2aWNlL3MyL3JlZ2lvbnN4bWwvcmVnaW9ucy54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogZXUubGF1bmNoZXIuYmF0dGxlLm5ldA0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9ueWR1cy5iYXR0bGUubmV0L1MyL2VuR0IvY2xpZW50L3JlZ2lvbnM\/YnVpbGQ9ZW5HQiZ0YXJnZXRSZWdpb249RVUNCg0K"}
-00704{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1437389983788,"flow_last_seen":1437389983846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.launcher.battle.net","url":"eu.launcher.battle.net\/service\/s2\/regionsxml\/regions.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":904712,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoAVhAADMGeWdQ77oVwKgBZABQDcLXOt3FLQ7Na1AQPLjofgAAAAAAAAAA"}
02372{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":905356,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcAVlAADMGc7JQ77oVwKgBZABQDcLXOt3FLQ7Na1AQPLir1wAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQzIEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTGFzdC1Nb2RpZmllZDogVGh1LCAwNiBGZWIgMjAxNCAyMzo0NzowNSBHTVQNCkVUYWc6ICJlMDU2LTljYS00ZjFjNTdkOWFmMDQwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNvbnRlbnQtTGVuZ3RoOiAyNTA2DQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veG1sDQoNCjwhLS0gVGhpcyBmaWxlIHNwZWNpZmllcyB3aGF0IHJlZ2lvbnMgdGhlIFN0YXJjcmFmdCAyIGNsaWVudCBjYW4gY29ubmVjdCB0by4gRWFjaCBub2RlIGhhcyB0aGUgcG9zc2liaWxpdHkgb2YgNCBhdHRyaWJ1dGVzOgogICAgICAgICogZGlzcGxheW5hbWUgLSBUaGlzIHNwZWNpZmllcyB0aGUgc3RyaW5nIHRoYXQgd2lsbCBiZSBkaXNwbGF5ZWQgaW4gdGhlIGNsaWVudC4gSXQgaXMgaW50ZW5kZWQKICAgICAgICAgICAgICAgIHRvIGJlIGEgTDEwTiBzdHJpbmcgaWRlbnRpZmllciAoaWYgdGhlcmUgaXMgbm8gY29ycmVzcG9uZGluZyBMMTBOIHN0cmluZyB0aGVuIHRoZSByYXcgc3RyaW5nCiAgICAgICAgICAgICAgICBpdHNlbGYgd2lsbCBiZSBkaXNwbGF5ZWQpCiAgICAgICAgKiBob3N0bmFtZSAtIHRoZSByZWdpb24vaG9zdCB0byBjb25uZWN0IHRvLiBUaGlzIHdpbGwgYmUgZ2l2ZW4gdG8gZGFyayBwb3J0YWwgYW5kIGlzIHR5cGljYWxseQogICAgICAgICAgICAgICAgdGhlIHN0cmluZyBwcmVwZW5kZWQgdG8gImxvZ29uLmJhdHRsZS5uZXQiLiBJbiBkZWJ1ZyBidWlsZHMsIHRoaXMgY2FuIGJlIGEgZnVsbHkgcXVhbGlmaWVkCiAgICAgICAgICAgICAgICBhZGRyZXNzIG9yIGlwLgogICAgICAgICogYWxsb3dlZFByb2R1Y3RMb2NhbGVzIC0gYSBjb21tYSBkZWxpbWl0ZWQgbGlzdCBvZiBwcm9kdWN0IGxvY2FsZXMgZm9yIHdoaWNoIHRoZSByZWdpb24gaXMgYQogICAgICAgICAgICAgICAgdmFsaWQgb3B0aW9uLiBPbmx5IGNsaWVudHMgd2l0aCBvbmUgb2YgdGhlIGxpc3RlZCBwcm9kdWN0IGxvY2FsZXMgd2lsbCBiZSBhYmxlIHRvIGNvbm5lY3QgdG8KICAgICAgICAgICAgICAgIHRoZSBzcGVjaWZpZWQgcmVnaW9uLiBJZiAnYWxsJyBpcyBzcGVjaWZpZWQgdGhlbiB0aGUgcmVnaW9uIGlzIHZhbGlkIGZvciBhbGwgbG9jYWxlcwogICAgICAgICogbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uIC0gYSBjb21tYSBkZWxpbWl0ZWQgbGlzdCBvZiBwcm9kdWN0IGxvY2FsZXMgZm9yIHdoaWNoIHRoZSByZWdpb24KICAgICAgICAgICAgICAgIGlzIHRoZSBkZWZhdWx0LiBBIHByb2R1Y3QgbG9jYWxlIHNob3VsZCBub3QgYXBwZWFyIGluIHRoaXMgbGlzdCBpbiBtb3JlIHRoYW4gMSByZWdpb24uCiAgICAgICAgKiBpc0JldGFSZWdpb24gLSBpZiBzZXQgdG8gJ3RydWUnLCA="}
02188{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":905489,"pkt_caplen":1377,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1377,"pkt_l4_len":1343,"pkt":"IImEa8W6hCYVPnXECABFAAVTAVpAADMGdDpQ77oVwKgBZABQDcLXOuN5LQ7Na1AYPLhsowAAd2lsbCBiZSBkaXNwbGF5ZWQgaW4gdGhlIHJlZ2lvbnMgbGlzdCBmb3IgYmV0YSBidWlsZHMgYW5kCiAgICAgICAgICAgICAgICBoaWRkZW4gaW4gbm9uLWJldGEgYnVpbGRzLiAgSWYgYW55IG90aGVyIHZhbHVlLCBvciB1bnNwZWNpZmllZCwgd2lsbCBleGNsdWRlIGl0IGZyb20gYmV0YSBidWlsZHMuCgogICAgICAgIE5PVEU6IElmIGxlc3MgdGhhbiAyIHJlZ2lvbnMgYXJlIHNwZWNpZmllZCBmb3IgYSBwYXJ0aWN1bGFyIHByb2R1Y3QgbG9jYWxlIHRoZW4gdGhlIHJlZ2lvbiBzZWxlY3RvciB3aWxsIG5vdCBhcHBlYXIKCi0tPgo8cmVnaW9ucz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9VU19SRUdJT04iIGhvc3RuYW1lPSJ1cyIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJlblVTLGVzTVgscHRCUixlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElULGtvS1IsemhUVyxlblNHIiBsb2NhbGVzVGhhdERlZmF1bHRUb1RoaXNSZWdpb249ImVuVVMsZXNNWCxwdEJSIi8+CiAgICAgICAgPHJlZ2lvbiBkaXNwbGF5bmFtZT0iQVVUSEVOVElDQVRJT05fRVVfUkVHSU9OIiBob3N0bmFtZT0iZXUiIGFsbG93ZWRQcm9kdWN0TG9jYWxlcz0iZW5VUyxlc01YLHB0QlIsZW5HQixmckZSLGRlREUsZXNFUyxydVJVLHBsUEwsaXRJVCxrb0tSLHpoVFcsZW5TRyIgbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uPSJlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElUIi8+CiAgICAgICAgPHJlZ2lvbiBkaXNwbGF5bmFtZT0iQVVUSEVOVElDQVRJT05fS1JfUkVHSU9OIiBob3N0bmFtZT0ia3IiIGFsbG93ZWRQcm9kdWN0TG9jYWxlcz0iZW5VUyxlc01YLHB0QlIsZW5HQixmckZSLGRlREUsZXNFUyxydVJVLHBsUEwsaXRJVCxrb0tSLHpoVFcsZW5TRyIgbG9jYWxlc1RoYXREZWZhdWx0VG9UaGlzUmVnaW9uPSJrb0tSLHpoVFciLz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9TR19SRUdJT04iIGhvc3RuYW1lPSJzZyIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJlblVTLGVzTVgscHRCUixlbkdCLGZyRlIsZGVERSxlc0VTLHJ1UlUscGxQTCxpdElULGtvS1IsemhUVyxlblNHIiBsb2NhbGVzVGhhdERlZmF1bHRUb1RoaXNSZWdpb249ImVuU0ciLz4KICAgICAgICA8cmVnaW9uIGRpc3BsYXluYW1lPSJBVVRIRU5USUNBVElPTl9CRVRBX1JFR0lPTiIgaG9zdG5hbWU9InMyLWJldGEiIGlzQmV0YVJlZ2lvbj0idHJ1ZSIgYWxsb3dlZFByb2R1Y3RMb2NhbGVzPSJhbGwiIGxvY2FsZXNUaGF0RGVmYXVsdFRvVGhpc1JlZ2lvbj0iYWxsIi8+CjwvcmVnaW9ucz4K"}
@@ -293,36 +293,36 @@
00419{"flow_id":38,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389983,"pkt_ts_usec":964689,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEaVAAIAGHBXAqAFkUO+6Gg3BAFD6MpbMXJPQaVAQ+O0dwwAA"}
00457{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389984,"pkt_ts_usec":585571,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"IImEa8W6hCYVPnXECABFAABFqPIAADURRNGtwigWwKgBZAG70UAAMT09EMsFZOyxDrjYRG2y0ipp9PqccSz6JxbGFLjQufRr6ohrr0sYBVOehSg="}
00458{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389984,"pkt_ts_usec":611162,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"hCYVPnXEIImEa8W6CABFAABFDEYAAIARln3AqAFkrcIoFtFAAbsAMRWsDBnPzxTN69maLBrknSaakXZhGjrjRS\/nnffiCjL5Ti69F2I4aVohCWc="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1437389985308,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1437389985308,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":308638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EaZAAIAGHAjAqAFkUO+6Gg3DAFAjjlJ6AAAAAIACIAD93gAAAgQFtAEDAwgBAQQC"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1437389985320,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1437389985320,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":320648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0EadAAIAGHAfAqAFkUO+6Gg3EAFAnGJJ3AAAAAIACIAC6VgAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":363689,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcNyhhfoI45Se2ASOQiDbQAAAgQFtAAA"}
00418{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":363741,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEahAAIAGHBLAqAFkUO+6Gg3DAFAjjlJ7coYX6VAQ+vDZQQAA"}
00618{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":373629,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"pkt":"hCYVPnXEIImEa8W6CABFAAC7EalAAIAGG37AqAFkUO+6Gg3DAFAjjlJ7coYX6VAY+vDEMQAAR0VUIC9TMi9lbkdCL2NsaWVudC9mZWVkL2xpdmUtZXZlbnQ\/YnVpbGQ9ZW5HQiZ0YXJnZXRSZWdpb249RVUgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogbnlkdXMuYmF0dGxlLm5ldA0KQWNjZXB0OiAqLyoNCg0K"}
-00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":20,"flow_max_l4_data_len":167,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1437389985308,"flow_last_seen":1437389985373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/live-event?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":376430,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGerZQ77oawKgBZABQDcQgMkzhJxiSeGASOQhdQAAAAgQFtAAA"}
00418{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":376469,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEapAAIAGHBDAqAFkUO+6Gg3EAFAnGJJ4IDJM4lAQ+vCzFAAA"}
00617{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":385645,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"pkt":"hCYVPnXEIImEa8W6CABFAAC5EatAAIAGG37AqAFkUO+6Gg3EAFAnGJJ4IDJM4lAY+vAQTgAAR0VUIC9TMi9lbkdCL2NsaWVudC9mZWVkL2hvbWVwYWdlP2J1aWxkPWVuR0ImdGFyZ2V0UmVnaW9uPUVVIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBCYXR0bGUubmV0IFdlYiBDbGllbnQNCkhvc3Q6IG55ZHVzLmJhdHRsZS5uZXQNCkFjY2VwdDogKi8qDQoNCg=="}
-00715{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":20,"flow_max_l4_data_len":165,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1437389985320,"flow_last_seen":1437389985385,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"nydus.battle.net","url":"nydus.battle.net\/S2\/enGB\/client\/feed\/homepage?build=enGB&targetRegion=EU","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":428701,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoYVZAADMGGWRQ77oawKgBZABQDcNyhhfpI45TDlAQPLiW5wAAAAAAAAAA"}
01077{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":429248,"pkt_caplen":545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":545,"pkt_l4_len":511,"pkt":"IImEa8W6hCYVPnXECABFAAITYVdAADMGF3hQ77oawKgBZABQDcNyhhfpI45TDlAYPLi7LgAASFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQ1IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTG9jYXRpb246IGh0dHA6Ly9ldS5iYXR0bGUubmV0L3NjMi9lbi1nYi9kYXRhL2xpdmUtZXZlbnRzLnhtbA0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpDb250ZW50LUxlbmd0aDogMjM1DQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xDQoNCjwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vSUVURi8vRFREIEhUTUwgMi4wLy9FTiI+CjxodG1sPjxoZWFkPgo8dGl0bGU+MzAyIEZvdW5kPC90aXRsZT4KPC9oZWFkPjxib2R5Pgo8aDE+Rm91bmQ8L2gxPgo8cD5UaGUgZG9jdW1lbnQgaGFzIG1vdmVkIDxhIGhyZWY9Imh0dHA6Ly9ldS5iYXR0bGUubmV0L3NjMi9lbi1nYi9kYXRhL2xpdmUtZXZlbnRzLnhtbCI+aGVyZTwvYT4uPC9wPgo8L2JvZHk+PC9odG1sPgo="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1437389985434,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1437389985434,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":434803,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOhAAIAGLLjAqAFkUO+6KA3FAFDb6m0AAAAAAIACIAAq7AAAAgQFtAEDAwgBAQQC"}
00426{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":441435,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAo4f1AADMGmLxQ77oawKgBZABQDcQgMkziJxiTCVAQPLhwvAAAAAAAAAAA"}
01089{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":441938,"pkt_caplen":553,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":553,"pkt_l4_len":519,"pkt":"IImEa8W6hCYVPnXECABFAAIb4f5AADMGlshQ77oawKgBZABQDcQgMkziJxiTCVAYPLgPegAASFRUUC8xLjEgMzAyIEZvdW5kDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQ1IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KTG9jYXRpb246IGh0dHA6Ly9ldS5iYXR0bGUubmV0L3NjMi9lbi1nYi9kYXRhL2NsaWVudC1ob21lcGFnZS54bWwNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1MZW5ndGg6IDIzOQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktMQ0KDQo8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL0lFVEYvL0RURCBIVE1MIDIuMC8vRU4iPgo8aHRtbD48aGVhZD4KPHRpdGxlPjMwMiBGb3VuZDwvdGl0bGU+CjwvaGVhZD48Ym9keT4KPGgxPkZvdW5kPC9oMT4KPHA+VGhlIGRvY3VtZW50IGhhcyBtb3ZlZCA8YSBocmVmPSJodHRwOi8vZXUuYmF0dGxlLm5ldC9zYzIvZW4tZ2IvZGF0YS9jbGllbnQtaG9tZXBhZ2UueG1sIj5oZXJlPC9hPi48L3A+CjwvYm9keT48L2h0bWw+Cg=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1437389985446,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1437389985446,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":446792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0AOlAAIAGLLfAqAFkUO+6KA3GAFDf523sAAAAAIACIAAmAgAAAgQFtAEDAwgBAQQC"}
00418{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":448671,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEa5AAIAGHAzAqAFkUO+6Gg3DAFAjjlMOcoYZ1FAQ+QXYrgAA"}
00418{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":465654,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEa9AAIAGHAvAqAFkUO+6Gg3EAFAnGJMJIDJO1VAQ+P2ygwAA"}
00426{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":486479,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcUKff272+ptAWASOQgysAAAAgQFtAAA"}
00418{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":486584,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAOxAAIAGLMDAqAFkUO+6KA3FAFDb6m0BCn39vFAQ+vCIhAAA"}
00701{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":495868,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"hCYVPnXEIImEa8W6CABFAAD5AO1AAIAGK+7AqAFkUO+6KA3FAFDb6m0BCn39vFAY+vDrAwAAR0VUIC9zYzIvZW4tZ2IvZGF0YS9saXZlLWV2ZW50cy54bWwgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogZXUuYmF0dGxlLm5ldA0KQWNjZXB0OiAqLyoNClJlZmVyZXI6IGh0dHA6Ly9ueWR1cy5iYXR0bGUubmV0L1MyL2VuR0IvY2xpZW50L2ZlZWQvbGl2ZS1ldmVudD9idWlsZD1lbkdCJnRhcmdldFJlZ2lvbj1FVQ0KDQo="}
-00683{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_tot_l4_data_len":305,"flow_min_l4_data_len":20,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00694{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1437389985434,"flow_last_seen":1437389985495,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/live-events.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":499187,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"IImEa8W6hCYVPnXECABFAAAsAABAADMGeqhQ77oowKgBZABQDcb00A3Z3+dt7WASOQgzVQAAAgQFtAAA"}
00418{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":499228,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAO5AAIAGLL7AqAFkUO+6KA3GAFDf523t9NAN2lAQ+vCJKQAA"}
00705{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":508690,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"hCYVPnXEIImEa8W6CABFAAD7AO9AAIAGK+rAqAFkUO+6KA3GAFDf523t9NAN2lAY+vCXMwAAR0VUIC9zYzIvZW4tZ2IvZGF0YS9jbGllbnQtaG9tZXBhZ2UueG1sIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBCYXR0bGUubmV0IFdlYiBDbGllbnQNCkhvc3Q6IGV1LmJhdHRsZS5uZXQNCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vbnlkdXMuYmF0dGxlLm5ldC9TMi9lbkdCL2NsaWVudC9mZWVkL2hvbWVwYWdlP2J1aWxkPWVuR0ImdGFyZ2V0UmVnaW9uPUVVDQoNCg=="}
-00687{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_tot_l4_data_len":307,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00698{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1437389985446,"flow_last_seen":1437389985508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"eu.battle.net","url":"eu.battle.net\/sc2\/en-gb\/data\/client-homepage.xml","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":547436,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoxexAADMGtL9Q77oowKgBZABQDcUKff282+pt0lAQPLhF7AAAAAAAAAAA"}
02373{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":559563,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcxe1AADMGrwpQ77oowKgBZABQDcUKff282+pt0lAQPLhOqwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBNb24sIDIwIEp1bCAyMDE1IDEwOjU5OjQ1IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KU2V0LUNvb2tpZTogbG9naW4uY29va2llcz0xOyBEb21haW49YmF0dGxlLm5ldDsgUGF0aD0vDQpDb250ZW50LUxhbmd1YWdlOiBlbi1HQg0KQ29udGVudC1MZW5ndGg6IDI3NzQNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWw7Y2hhcnNldD1VVEYtOA0KDQo8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCI\/Pgo8ZmVlZCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwNS9BdG9tIiB4bWw6bGFuZz0iZW4tZ2IiPjxhdXRob3I+PG5hbWU+QmxpenphcmQgRW50ZXJ0YWlubWVudDwvbmFtZT48L2F1dGhvcj48dGl0bGUgdHlwZT0idGV4dCI+U3RhckNyYWZ0wq7CoElJPC90aXRsZT48dXBkYXRlZD4yMDE1LTA3LTE5VDAxOjMwOjAwLjAwMFo8L3VwZGF0ZWQ+PGlkPjIwPC9pZD48ZW50cnk+PHRpdGxlIHR5cGU9InRleHQiPiA8L3RpdGxlPjxwdWJsaXNoZWQ+MjAxNS0wNy0xOVQwMTozMDowMC4wMDBaPC9wdWJsaXNoZWQ+PHVwZGF0ZWQ+MjAxNS0wNy0xNVQxNjozMzo0NC44OTlaPC91cGRhdGVkPjxpZD4xOTgxNjc2MzwvaWQ+PGxpbmsgaHJlZj0iaHR0cDovL3djcy5iYXR0bGUubmV0LyIvPjxzdW1tYXJ5IHR5cGU9Imh0bWwiPldhdGNoIExpdmUgTm93IDwvc3VtbWFyeT48Y29udGVudCB0eXBlPSJodG1sIj48L2NvbnRlbnQ+PGltYWdlIHhtbG5zPSJodHRwOi8vd3d3LmJhdHRsZS5uZXQvbnMvc2MyL25ld3MiIHR5cGU9ImNvbnRlbnQiIGhyZWY9Imh0dHA6Ly9ibmV0Y21zdXMtYS5ha2FtYWloZC5uZXQvY21zL2JuZXRfdGh1bWJuYWlsLzRqLzRKN09VSUlTQ0xUUTE0MzY5NDM2MjkyMTAuanBnIi8+PC9lbnRyeT48ZW50cnk+PHRpdGxlIHR5cGU9InRleHQiPiA8L3RpdGxlPjxwdWJsaXNoZWQ+MjAxNS0wNy0xOFQwMTozMDowMC4wMDBaPC9wdWJsaXNoZWQ+PHVwZGF0ZWQ+MjAxNS0wNy0xNVQxNjozMzo1My43MzRaPC91cGRhdGVkPjxpZD4xOTgxNjc2MjwvaWQ+PGxpbmsgaHJlZj0iaHR0cDovL3djcy5iYXR0bGUubmV0LyIvPjxzdW1tYXJ5IHR5cGU9Imh0bWwiPldhdGNoIExpdmUgTm93IDwvc3VtbWFyeT48Y29udGVudCB0eXBlPSJodG1sIj48L2NvbnRlbnQ+PGltYWdlIHhtbG5zPSJodHRwOi8vd3d3LmJhdHRsZS5uZXQvbnMvc2MyL25ld3MiIHR5cGU9ImNvbnRlbnQiIGhyZWY9Imh0dHA6Ly9ibmV0Y21zdXMtYS5ha2FtYWloZC5uZXQvY21zL2JuZXRfdGh1bWJuYWlsLzRqLzRKN09VSUlTQ0xUUTE0MzY5NDM2MjkyMTAuanBnIi8+PC9lbnRyeT48ZW50cnk+PHRpdGxlIHR5cGU9InRleHQiPiA8L3RpdGxlPjxwdWJsaXNoZWQ+MjAxNS0wNy0xN1QxMjowMDowMC4wMDBaPC9wdWJsaXNoZWQ+PHVwZGF0ZWQ+MjAxNS0wNy0xNVQ="}
02372{"flow_id":42,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":559920,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcxe5AADMGrwlQ77oowKgBZABQDcUKfgNw2+pt0lAQPLjwkQAAMTY6MzM6MjQuNzA1WjwvdXBkYXRlZD48aWQ+MTk4MjU3NjQ8L2lkPjxsaW5rIGhyZWY9Imh0dHA6Ly93Y3MuYmF0dGxlLm5ldC8iLz48c3VtbWFyeSB0eXBlPSJodG1sIj5XYXRjaCBMaXZlIE5vdyA8L3N1bW1hcnk+PGNvbnRlbnQgdHlwZT0iaHRtbCI+PC9jb250ZW50PjxpbWFnZSB4bWxucz0iaHR0cDovL3d3dy5iYXR0bGUubmV0L25zL3NjMi9uZXdzIiB0eXBlPSJjb250ZW50IiBocmVmPSJodHRwOi8vYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0L2Ntcy9ibmV0X3RodW1ibmFpbC91My9VMzdWMkVWRDUxOFQxNDM2ODI1Nzk1MTMwLmpwZyIvPjwvZW50cnk+PGVudHJ5Pjx0aXRsZSB0eXBlPSJ0ZXh0Ij4gPC90aXRsZT48cHVibGlzaGVkPjIwMTUtMDctMTdUMDE6MzA6MDAuMDAwWjwvcHVibGlzaGVkPjx1cGRhdGVkPjIwMTUtMDctMTVUMTY6MzQ6MTIuODk3WjwvdXBkYXRlZD48aWQ+MTk4MTY3NjE8L2lkPjxsaW5rIGhyZWY9Imh0dHA6Ly93Y3MuYmF0dGxlLm5ldC8iLz48c3VtbWFyeSB0eXBlPSJodG1sIj5XYXRjaCBMaXZlIE5vdyA8L3N1bW1hcnk+PGNvbnRlbnQgdHlwZT0iaHRtbCI+PC9jb250ZW50PjxpbWFnZSB4bWxucz0iaHR0cDovL3d3dy5iYXR0bGUubmV0L25zL3NjMi9uZXdzIiB0eXBlPSJjb250ZW50IiBocmVmPSJodHRwOi8vYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0L2Ntcy9ibmV0X3RodW1ibmFpbC80ai80SjdPVUlJU0NMVFExNDM2OTQzNjI5MjEwLmpwZyIvPjwvZW50cnk+PGVudHJ5Pjx0aXRsZSB0eXBlPSJ0ZXh0Ij4gPC90aXRsZT48cHVibGlzaGVkPjIwMTUtMDctMTZUMTM6MzA6MDAuMDAwWjwvcHVibGlzaGVkPjx1cGRhdGVkPjIwMTUtMDctMTVUMTY6MzM6MzMuMDE4WjwvdXBkYXRlZD48aWQ+MTk4MjU3NjM8L2lkPjxsaW5rIGhyZWY9Imh0dHA6Ly93Y3MuYmF0dGxlLm5ldC8iLz48c3VtbWFyeSB0eXBlPSJodG1sIj5XYXRjaCBMaXZlIE5vdyA8L3N1bW1hcnk+PGNvbnRlbnQgdHlwZT0iaHRtbCI+PC9jb250ZW50PjxpbWFnZSB4bWxucz0iaHR0cDovL3d3dy5iYXR0bGUubmV0L25zL3NjMi9uZXdzIiB0eXBlPSJjb250ZW50IiBocmVmPSJodHRwOi8vYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0L2Ntcy9ibmV0X3RodW1ibmFpbC91My9VMzdWMkVWRDUxOFQxNDM2ODI1Nzk1MTMwLmpwZyIvPjwvZW50cnk+PGVudHJ5Pjx0aXRsZSB0eXBlPSJ0ZXh0Ij4gPC90aXRsZT48cHVibGlzaGVkPjIwMTUtMDYtMjhUMDY6MDA6MDAuMDAwWjwvcHVibGlzaGVkPjx1cGRhdGVkPjIwMTUtMDYtMTlUMTU6NTc6NTguMzM2WjwvdXBkYXRlZD48aWQ+MTk4MDMzODQ8L2lkPjxsaW5rIGhyZWY9Imh0dHA6Ly9iaXQubHkvR1NMRU5VU0VVIi8+PHN1bW1hcnkgdHlwZT0iaHRtbCI+V2F0Y2ggTGl2ZSBOb3cgPC9zdW1tYXJ5Pjxjb250ZW50IHR5cGU9Imh0bWwiPjwvY29udGVudD48aW1hZ2UgeG1sbnM9Imh0dHA6Ly93d3cuYmF0dGxlLm5ldC9ucy9zYzIvbmU="}
@@ -344,31 +344,31 @@
00420{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":631224,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoAPhAAIAGLLTAqAFkUO+6KA3GAFDf527B9NAY\/lAQ+vB9MQAA"}
00426{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":635209,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAo4f9AADMGmLpQ77oawKgBZABQDcQgMk7VJxiTClARPLhuxwAAAAAAAAAA"}
00420{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":635256,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoEb1AAIAGG\/3AqAFkUO+6Gg3EAFAnGJMKIDJO1lAQ+P2ygQAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1437389985821,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1437389985821,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":821971,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2kAAIARVovAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1437389985821,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":630,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1437389985821,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00459{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":852937,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"hCYVPnXEIImEa8W6CABFAABGX2oAAIARVorAqAFkwKgB\/tisADUAMndemisBAAABAAAAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQAB"}
00609{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":882329,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"IImEa8W6hCYVPnXECABFAAC0AABAAEARtYbAqAH+wKgBZAA12KwAoDk1miuBgAABAAQAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQABwAwABQABAAAAGwAlC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAllZGdlc3VpdGXAIcA2AAUAAQAAUvQAEQVhMTk2MQFnBmFrYW1hacAhwGcAAQABAAAAEwAEAuQucMBnAAEAAQAAABMABALkLms="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_tot_l4_data_len":260,"flow_min_l4_data_len":50,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1437389985891,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_first_seen":1437389985821,"flow_last_seen":1437389985882,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.112"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1437389985891,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":891466,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN5AAIAG2oXAqAFkAuQucA3HAFCKhzd4AAAAAIACIACLmQAAAgQFtAEDAwgBAQQC"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1437389985892,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1437389985892,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":892512,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LN9AAIAG2oTAqAFkAuQucA3IAFBzB1TrAAAAAIACIACFpQAAAgQFtAEDAwgBAQQC"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1437389985898,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1437389985898,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":898046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOBAAIAG2oPAqAFkAuQucA3JAFBxSWFcAAAAAIACIAB68QAAAgQFtAEDAwgBAQQC"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1437389985898,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1437389985898,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":898284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOFAAIAG2oLAqAFkAuQucA3KAFB0cH\/ZAAAAAIACIABZTAAAAgQFtAEDAwgBAQQC"}
00609{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":912745,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"IImEa8W6hCYVPnXECABFAAC0AABAAEARtYbAqAH+wKgBZAA12KwAoI8HmiuBgAABAAQAAAAAC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAAAAQABwAwABQABAAAASwAlC2JuZXRjbXN1cy1hCGFrYW1haWhkA25ldAllZGdlc3VpdGXAIcA2AAUAAQAAUJ4AEQVhMTk2MQFnBmFrYW1hacAhwGcAAQABAAAAEwAEAuQua8BnAAEAAQAAABMABALkLnA="}
-00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":637,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":50,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.107"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1437389985923,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":637,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"bnetcmsus-a.akamaihd.net","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"2.228.46.107"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1437389985923,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":638,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":923018,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOJAAIAG2oHAqAFkAuQucA3LAFDKy4tMAAAAAIACIAD3fAAAAgQFtAEDAwgBAQQC"}
00434{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":923942,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDccmQrPVioc3eYASOQiYawAAAgQFtAEBBAIBAwMF"}
00418{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":923976,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLONAAIAG2ozAqAFkAuQucA3HAFCKhzd5JkKz1lAQAQARRAAA"}
00621{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":925599,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"hCYVPnXEIImEa8W6CABFAAC9LORAAIAG2fbAqAFkAuQucA3HAFCKhzd5JkKz1lAYAQD4IwAAR0VUIC9jbXMvYm5ldF90aHVtYm5haWwvZ2MvR0NGMURITUg4RkRZMTQzNDY3MDAzNzQzNC5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_tot_l4_data_len":253,"flow_min_l4_data_len":20,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1437389985925,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1437389985891,"flow_last_seen":1437389985925,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/gc\/GCF1DHMH8FDY1434670037434.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1437389985925,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":925630,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOVAAIAG2n7AqAFkAuQucA3MAFCmW5TdAAAAAIACIAASWwAAAgQFtAEDAwgBAQQC"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1437389985925,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1437389985925,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":925643,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LOZAAIAG2n3AqAFkAuQucA3NAFAjKxvdAAAAAIACIAAOiwAAAgQFtAEDAwgBAQQC"}
00434{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":927741,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDci+ghTYcwdU7IASOQiZNAAAAgQFtAEBBAIBAwMF"}
00418{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":927961,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOdAAIAG2ojAqAFkAuQucA3IAFBzB1TsvoIU2VAQAQASDQAA"}
@@ -377,15 +377,15 @@
00435{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":930881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcrPCIDOdHB\/2oASOQjwXgAAAgQFtAEBBAIBAwMF"}
00419{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":930941,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOlAAIAG2obAqAFkAuQucA3KAFB0cH\/azwiAz1AQAQBpNwAA"}
00617{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":931987,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"hCYVPnXEIImEa8W6CABFAAC6LOpAAIAG2fPAqAFkAuQucA3JAFBxSWFd4DDjTFAYAQDm9QAAR0VUIC9jbXMvYm5ldF9oZWFkZXIveWYvWUY5UFJDWlhKVlBaMTQyODU5MTI1NDMxNy5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985931,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/yf\/YF9PRCZXJVPZ1428591254317.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00618{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":945970,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"hCYVPnXEIImEa8W6CABFAAC6LOtAAIAG2fLAqAFkAuQucA3KAFB0cH\/azwiAz1AYAQBOfQAAR0VUIC9jbXMvYm5ldF9oZWFkZXIvMHgvMFhRMVZYUjhaUjI3MTQzNDEyODUyNzQ3MS5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1437389985898,"flow_last_seen":1437389985945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/0x\/0XQ1VXR8ZR271434128527471.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00434{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":955202,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcsAWb5HysuLTYASOQgfxgAAAgQFtAEBBAIBAwMF"}
00418{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":955228,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLOxAAIAG2oPAqAFkAuQucA3LAFDKy4tNAFm+SFAQAQCYngAA"}
00621{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":955542,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"hCYVPnXEIImEa8W6CABFAAC9LO1AAIAG2e3AqAFkAuQucA3IAFBzB1TsvoIU2VAYAQD34AAAR0VUIC9jbXMvYm5ldF90aHVtYm5haWwvNGovNEo3T1VJSVNDTFRRMTQzNjk0MzYyOTIxMC5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_tot_l4_data_len":253,"flow_min_l4_data_len":20,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00736{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":654,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1437389985892,"flow_last_seen":1437389985955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_thumbnail\/4j\/4J7OUIISCLTQ1436943629210.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00618{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":955590,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"hCYVPnXEIImEa8W6CABFAAC6LO5AAIAG2e\/AqAFkAuQucA3LAFDKy4tNAFm+SFAYAQCbwAAAR0VUIC9jbXMvYm5ldF9oZWFkZXIvZmEvRkE1MTJJUFVOMFNFMTQzNjk3OTkzNjM4OC5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":655,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1437389985923,"flow_last_seen":1437389985955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/fa\/FA512IPUN0SE1436979936388.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00434{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":957622,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDcy5z5mcpluU3oASOQil2AAAAgQFtAEBBAIBAwMF"}
00418{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":957643,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLO9AAIAG2oDAqAFkAuQucA3MAFCmW5Teuc+ZnVAQAQAesQAA"}
00426{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":958266,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAodyJAADkG100C5C5wwKgBZABQDccmQrPWioc4DlAQAeoPxQAAAAAAAAAA"}
@@ -399,14 +399,14 @@
02386{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":960171,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcdyhAADkG0ZMC5C5wwKgBZABQDccmQtBaioc4DlAQAeqavAAAJDIREW4ihAJB9JNKUJHlgoLmDw0wao0FS4BKxaoHEDUTTV9g5Yk3xr86XYeFTntjqGkjWQpoajVXI6DShK0zzxJEsaC+NznK1BTlt1LdjJEaHg6EZOOJBFMjXEHFSlMMWNw8f1UahlSX0qKS6dRhBqV5MVY0JBPHERyNY2TjPxSXtBc110F04cU+FTdIyI4+H3ZYHfjVN4Lk22r2j\/h4\/ecJKEWpc6V6gzqCeR4ZZ1\/lhIak1qX4UoEcACMqftTgScRPLjRe7SvaNf5bqSHBQgCvpbIjOuWeBvALSDoRU4nbZGuGoKiqle2EllKyyK7REkQzEUR0qQtSaDXTljHlhMRspaa6GPKEzQv16JxPb3VGXMUoTlSlPjlQccCo3C2ho9tfcO6bWFWKRJ4FAU29wheMxZ1i41zHA8sHjnlY7dqKg+Nj2lptytVik3jZL4RPCJNtvZHVZLSU6rUOxoGSfMBXYgZ0oSMWhOxzrhCaoS4sgYoT291OvC8bGORDG4PytqBIzzVjTqKfEYOg4VTIc0KbVinCn8uB4g05UwuyorxrGkUpShp4fZkPAYRHZTgknWnEJU+INKg8AviBWgOeBJyo7VaL1PhYHSC2n5iAxNDwJoQDUUOGIqajSicC6GC6SFpkCAOda0yGJAprSNTwnl55ZU5jgMEAtQC4rWdBrSn+FB4HCtSBJNJ0ioB550zGQ45ZYaiC1jToXMU4H7Bl8MOKZzSfhXmQ5jTwNcxl8R8CcOia0PSmHjFSaUNOfKmJJUw5Ka6IoMq5Dnz8cIBafzANayLatGyz48eGX78EDSDUSVuKUsRV8hlyyOVRnnyxMXtTA86kLFWgPl8PgcMQQUNOtKMNKVoR8cq1Hwzw3ZSWpQt9Y1FAi1pmSSRUmooCK188HtUVt2021sQaA14Zjw4Cn3\/dhLTqKT0KAnOh8M+WeZGHqewkU2IQCdIzrkf5DjywyUQKAleER5itB9lK+Q5HDJ8adaSYwuVPI0J4cxyy8sSAJpLWFhoWOkBCQyjMitKHxJpgnGmVKXJCGWpAqGrwyz4UpwzOFrTi1Q5Ih+FaEVzpReWYphD5UgajdMgg0z8hx8fM4kAdRpUwVFRZ40JBNBThQACmVanD9lIlAtR46rIp0kcQSQKUYU9OQPA4I3SohwcFFSjJSM60agIFQgoDmAwAJLZEZc8E3BVvTpUWdUdCaMhpSjIwpxFBw4EYklJaBXMX5iqpc1AClWzDfhEbEfluzczlTAwCdKdrg0qeVS7da2yAhSRwKlgjAEj5SDQ5ffiaHSkoN6W0fmwBHAEMMuICkZ\/fhqVNJbR6100V9WhQhChixrm1NKmmdaGmHGtIE6USmt9ceSsAdQ0sEaRyoppMxBfSBll8wwZKmeVCZ7ehVQmqqrRmagQ5alpWujPlmKYEWkWNRUjiahTwuI2ZBIhRqA0oGJ\/oGQoB9tMRojVCryoTLD82vM5Ak5knkSeZrgLmkFatgWHdUNIo1bVJ6VGYZKaiwGWpTXWM+VKYa9JBqEBpiRVcMD+axYkZkKozz0jywkOtRL2g6VDAQ\/hIPDlmK5AihFP34W3npTCVul1rLRSIC2ioJz4+kHhXPnXlhtoNTL9hutNfSq1W1VUjlUaqcMjywPaamvwpgxRgkolTQrq8\/DTTxHEYdwtepMIBU6JQ6Sqvp0Clalhm1RxHLjXECAbUdrkId2U1ryOR\/wCYPOuWWG2miea086a0g5NQ1yPMUNa1BwxFqXmNJQCvaQMmkRVFSASQfgMsRUcachTbSkNoA1A5Z\/dxzzOGBFNtdwNQXMZNARWnEc\/tNK4Y6VGMOBKgio7FOHGnjn5HDJVgNKLTDsgGXhyAy+OfPEFCpenDSaY6iU5\/+U1\/iMOlSAcuoSkNOpFNJyypRRkOFSM+WGKCp0w0tR6Vp8c8QJFNTbyELUgn4ffzOWQxG1SuKjc="}
00419{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":960181,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPJAAIAG2n3AqAFkAuQucA3HAFCKhzgOJkLWDlAQAQDudgAA"}
02403{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":669,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":960384,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcdylAADkG0ZIC5C5wwKgBZABQDccmQtYOioc4DlAQAeqwdQAAVc1qBTiPH9qYe3KnRe6mC0g\/HkeQHDP4csRKItJE5U2zMRm2fNaZeXDDWWibSG7uFMszAjh+334dajrTMhY8fLP9hhDRaR1pqmeAqtLc1dKRpPlyw9OGkUkx\/bn+77q4aphpJ4Ukoa8iK8OP7Z4E41MNQ30pPTGWR48uGZ8MQ\/GiWrJirTIgfA+fHPDIaRKBaaeGtKCp5nPl8cOCmtCc8GmnjIzAz5j45Z08DibXDjQgdutNCL+oVzP3k\/wxG9JzlCDWnNH31yPL\/hh\/wqAJpDqwoR+Hj5+H8cManusnGsMtc+FR+1cvLCplPGkBcxzHh+2VK4SUlr2heJrXjlwqOGWWWGvUmkCsFdJpU1pwPDzz+zESKgQtJy4eXx58K+dcRLaXbSeZJHl8R4jzB4+WI8KXYKQxU04\/A0ofjyOHSpbSSlqbaQAZkLnTlTxNKV41wkonlu5io7TjLSoahzrl8RhqmGHmKjNNJwACrxpSufM1ocPRSg4UwSTWvM1r40yrTLDkqEpl+NYpiFqftr2ERSrFMMlNXtPww+01JDWNP2cMv2zyxIU96wEY\/KpP2YSN4kUlpYgc8qZZVP8Aw8cDLgKVK+nqPUxA\/wCn\/HliHmJppSWo5Cg+muWQzrw5kj4YiXk04J91Yz8TUV8\/LEbnWnpSLrIHnn\/4ED\/HEUpKBUunDLLCNqilNSsVUgHNsvh\/xw1O0XvUOlTTn4+JpXD0SsheIyy5\/EHCoguLVKjXSoHMipPx5VxA60BxJNZK\/wDPP\/jhC9MtJ\/b+GGIutSpiWjHSRUA+A\/diYUXbRNp4VAddLFfIUp4f4jBQQQtIHhSMOKesYRp6wcNUTXtJ8DhqibUvTSn+Ff5Ye9Nes6W4UFCcqjny5YVJaz0uRbP+WEtJa8YvA5efw+GEtMtI0VpQHPx4ftnhd9OtZA08aeXPCBpLSq1pl9v2j4HD606rSsKlSSM\/j93lXDJxpjSB45Uzwvxp+HbS8vhxwre+orTbcfsw7dKcUnCp69hUq9hUq9Sn2j9xxFKevYRFKsYjSr2FSr2FSrFMRRKZK9hqda9TUdP2k+A5twPDCAWlSm56TUA51HAU\/pqK0GZ8cT0FPTNK50+\/jlyJpwzwMk0y1hjQV8P3+WIimbc0mIamLHjlpHixOQ+7Cqbilq9MatQGqrVR8eZ+3C407QgpoDD09ZrT9uJ5nDcaak4epV7CpVn7qA8fHywqb8aejSp1EZDgPEjn9gw6VEnhWWLO2hcx455jx8Sowx5CkLXpxVCig+3zOHpqzhU1Yw9NpWfPDVKmGfVkOA405n\/CuGJFOid9YxCmrFf35+dKYlw7adKKsDUsONTUeOZxZHKlShRhwNf4f8MJDTU2y0Of\/PCSmrIw9OOdKw4FSr1MMhWkK9iSX7KVSwOA+zBxZtNSwMz4cPEfxOEdKVLwwpVnEqasgVNK5nD0qUF4cvs\/iMMaXFKXppz5eXlzyrhItMUpSg1+7z4+Iw6VDWnqYelXqf8AHDpSpJiB4DP7iP8ADDIKa+gpoxEHnw+A8csMWppSUVjSa0\/dhiBUgVrJTKhAKniKAg\/YcMnCmPzrHTIA0sQB+BqsuXA1BDD78MiC1MCnfWSQVpIgI48NQ48hQUwlCIRS386jtbRuKxPxrkxJX4AgVBBHOowxYDpU9wqOYXQkMCnOtNUbGuVVqRQ+VPhiOwi1IkDSvNDGeKlePriqycM6x0L0r4YYsC0yior2zgakAdeZQ6h9orUYiQRSWmKMDQHOlcsN309LUngc\/j4cq\/HCpLSwARxoa8OXka4VNS1BHHP4cPL7cPfhTGl0yPDLIjn93lhUyVjDgU1ZpzxJKdDrSgTkT48ePh9uWGp1OppWocaU\/l40yGEhpwlPJIwFMmHgwrwpxOdMsLcR309L1xtkVp40Cn7q8csEDgaa1eFuCKxyUHlnTjSo88QLAR0="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":675,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":960792,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"hCYVPnXEIImEa8W6CABFAAA0LPVAAIAG2m7AqAFkAuQucA3OAFAbejKQAAAAAIACIAD\/hwAAAgQFtAEDAwgBAQQC"}
00617{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":961650,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"hCYVPnXEIImEa8W6CABFAAC6LPdAAIAG2ebAqAFkAuQucA3MAFCmW5Teuc+ZnVAYAQBV1AAAR0VUIC9jbXMvYm5ldF9oZWFkZXIvNzgvNzhYSDJVTlU0SllLMTQzNDU2MDU1MTY4Ny5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":680,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/78\/78XH2UNU4JYK1434560551687.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00434{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":962002,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IImEa8W6hCYVPnXECABFAAA0AABAADkGTmQC5C5wwKgBZABQDc1+R6dFIysb3oASOQjP5wAAAgQFtAEBBAIBAwMF"}
00418{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":962022,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLPpAAIAG2nXAqAFkAuQucA3NAFAjKxvefkenRlAQAQBIwAAA"}
00617{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":962058,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"pkt":"hCYVPnXEIImEa8W6CABFAAC6LPtAAIAG2eLAqAFkAuQucA3NAFAjKxvefkenRlAYAQBEtgAAR0VUIC9jbXMvYm5ldF9oZWFkZXIvbWYvTUZUSDhUUzQySEtYMTQzMDE4Mzc3ODMxOS5qcGcgSFRUUC8xLjENClVzZXItQWdlbnQ6IEJhdHRsZS5uZXQgV2ViIENsaWVudA0KSG9zdDogYm5ldGNtc3VzLWEuYWthbWFpaGQubmV0DQpBY2NlcHQ6ICovKg0KDQo="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":688,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"bnetcmsus-a.akamaihd.net","url":"bnetcmsus-a.akamaihd.net\/cms\/bnet_header\/mf\/MFTH8TS42HKX1430183778319.jpg","code":0,"content_type":"","user_agent":"Battle.net Web Client"}}
00426{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":964900,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"IImEa8W6hCYVPnXECABFAAAoJ7VAADkGJrsC5C5wwKgBZABQDcngMONMcUlh71AQAeoVuwAAAAAAAAAA"}
02380{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":690,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":966572,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcJ7ZAADkGIQYC5C5wwKgBZABQDcngMONMcUlh71AQAerAGQAASFRUUC8xLjEgMjAwIE9LDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDA5IEFwciAyMDE1IDE0OjU0OjE0IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtRnJhbWUtT3B0aW9uczogU0FNRU9SSUdJTg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNCkNvbnRlbnQtTGVuZ3RoOiA1ODU2Mw0KQ29udGVudC1UeXBlOiBpbWFnZS9qcGVnDQpDYWNoZS1Db250cm9sOiBtYXgtYWdlPTI5OTczNg0KRXhwaXJlczogVGh1LCAyMyBKdWwgMjAxNSAyMjoxNToyMSBHTVQNCkRhdGU6IE1vbiwgMjAgSnVsIDIwMTUgMTA6NTk6NDUgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCv\/Y\/+EAGEV4aWYAAElJKgAIAAAAAAAAAAAAAAD\/7AARRHVja3kAAQAEAAAAWQAA\/+EDK2h0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8APD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpBMEExMjY4NURBMzkxMUU0QjhFQ0M3RUQ2NkYxQjY1NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpBMEExMjY4NkRBMzkxMUU0QjhFQ0M3RUQ2NkYxQjY1NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkEwQTEyNjgzREEzOTExRTRCOEVDQzdFRDY2RjFCNjU1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkEwQTEyNjg0REEzOTExRTRCOEVDQzdFRDY2RjFCNjU1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+\/+4ADkFkb2JlAGTAAAAAAf\/bAIQAAQEBAQEBAQEBAQIBAQECAgIBAQICAwICAgICAwMDAwMDAwMDAwQEBAQEAwUFBgYFBQgHBwcICAgICAgICAgICAEBAQEDAgMFAwMFBwYFBgcICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgI\/8AAEQgA2QGuAwERAAIRAQMRAf\/EAQ4AAAEEAwEBAQEAAAAAAAAAAAUDBAYHAQIIAAkKCwEAAQUBAQEBAQAAAAAAAAAABAECAwUGAAcICQoQAAEDAgMEBAUKCRERDgQHAAECAwQRBQAhBjESEwdBUWEIcSIyFAmBkaHRQlLSIxUWscGSM9Mk1CU="}
02390{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":966639,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXcJ7dAADkGIQUC5C5wwKgBZABQDcngMOkAcUlh71AQAepN6AAAJvDhYnKCwkNTk4SUxJXVlhgZsmNzg7PDNFRkdDV1hcXlWFmiRLRVZbU2VmZ2htYXN\/FGVyijpEWlJ5c4EQABAgMEBAcKBw0FBQcCBwABAgMAEQQhMRIFQVETBmGR0SKSFQdxgaGxMkJS0xQI8OHSI1OTFsFicqIzQ6NUlNRVGAmy4uNEF4IkRVYZ8cJzZHSkRsM0Y4OztMQldf\/aAAwDAQACEQMRAD8A\/COyngqS1KQlsqIDcjY2snYK1yPYfUrj0dFNZbwcZs+HdEXyEyMl2cOj4oPtQq+5Awa3RAxaoogYJs24Gg3B62DUZeIMRQCC7NmBFFIBr0UwSjLxEwoRDc6ekWwl+DHMuDtftqR47fWpnr7UfU55GZOVmYwiywSsEtR72karRaJKGVlymZqQJp0jT3uTiiRQLVFnx0SojiX2HK7ric8waEHKoIIoQcwcHN5WDdbbLviw8Ri0pqVLqQpFoMFW9Ng0+LwUnJ4NTlcOkaXB\/Q8TpyaJ05VHp2i0XBgN7nm77RCoktAo404Nik19kHIjI4Re7wWNPIdY+EjcQQSIif3eDgvkdB1RpZ4Dj8h2z3OM3GvcNO+40AdyQzWgfZrtQTkRtScj0Exs5RzsCxJV\/ARrHgmL0ki8FKlDUVEFqLTgksaNY1jWPEbDEpRpcnPggeocHDIBFt1HDtGlVHMsJp4DiQbviJBkIh23pNaiAI6T1Chw77PiHdQiIxcNKr0pcflp2OGdN3VxCL+spIRDfXRKJRJyDaskudWSuvAb2SJZm4SZG+wGUhLETOYAAkbCBYo4QFKNJV5UKRe0s2avK4DoOqRNh7xi0WdBjpaB6vFIyxMcl4Is+qYItaAQf0DwCmE6mhwymCTXL9GXxAHbTHdTQvVMN71ymYv1nuFpcRwTNbKWpCQQpp0ZtuClM0KAUPBhjmRhQkZ968cI1EXg6DIwNV5FtUFGv4CG\/L6wDUtgbkS4qEXu1PPW\/UsQUPBuMNXDeTRJIAUaLT+RUDiJjLCsc4SULCBr4J2yIkpM7SkpOmIMtpi+3M2KBkRqIsI0\/wDZFiM8vEJPixE1PTSuJTk04OOUTgm3y+J\/3uKeA4Z1KNUM6lh+3y9OX2uB6mOOTCO6lit39Dmy847QwtCURtcWWU220U0C5lndQ4KEnNRZkqy6k1w9GQTmQhRstV5qQDIC6wqKybT5tgvircyzBUJSSAFpMhpJSZ+Inii4m+XRr\/Y4z\/InDOpRFp1NDxHLn+5h62E6lEd1NDkcuP7nSa9h9vC9Sx3UoiJcyOXfB5ca\/dLASlqyXVRUBmN2K6csEUm6yatxLCpgLISZXyUZWcNuqK\/NsrwMOKGhKjxAwroHl+Zmg9EzPN01lWi2uE0Pu47avp4KznIgiocTqWrxmHZVlALLZ+9HiEShXLgj\/e49bFWclEGnJhCCuXNK\/a4+pw3qYQnU8NV8ujX+xx62O6mEd1NFPQ9Di984tQobQHI+hbPDiuNhFQibd3FvrqffBlhvLoCu0YgTlOJZssAsI1qPOSeEBKCBYQFTMwUxVtZcF1Ckg+SkTHCq3xARZLnL0\/2uPWwR1MItOpoYOcviNscV6MscMlEJ1NDB3l\/0ebJPZTC9Sw4ZPKK61\/p46csLj8GG27frs8zb9NQyn67cJat1oUrmECriupCVHoxFUZaUCy1RsA4TrlbIeUqVoSCdEBZlSFlFnlGxPdN3L3oc2blNHsNmt1pab4ogtJS5IIO864c3HFV6VqJUe04mbyTCJCffvPCdZN5Ok2wVTZHskhI0Qs5y+Rn8QMtmWJOpomOVQOd0CgV+IHaaY7qaO6qgc7oNIqeABTbljjk0Icqir7bpA6uuBv7LCTpy1rUjTlR4s15NUuSxTIoGaW67c1dKcQNZOl2SxOQussNksQM5kEEgWAG084FJFTSZZ7SvGfIHk8J0q7mgX64kLukHUCo="}
@@ -451,74 +451,74 @@
02437{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":772,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":993138,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXc0ClAADkGeJIC5C5wwKgBZABQDci+gjFdcwdVgVAQAepaNwAAGx732slx51tQ8X12DyPwVHd7R4rqC8JIcDb6JIsAsEDNUHTPbFF3PFkLwbF9Kx9xy8Th+SDu+F\/eRMeBYOaDb1QdM9tX+iqk\/wBxM\/w3oO6aT\/xOH\/YN\/BBkDSyCwbq8xa0LQqxJzY8NqXSECMROLidrZSswOnOw1rzxNWu+yKNwPrnZb8CoO8mC53urAe2uu6cQ0O6DpDgof\/XAP91VX+BIg7zdoSUCGWwdcoMWpBmhkYCBnaW3VHRHZFiEeEcZPiqnCF08L6cZzaz8zTb\/AKJCg73MhaQbhaUrpSXbhQQ2U3IJ8lRbBLdx15INfUcG4LX43Fi09EJMQY9kgm7148TbZTYG2lhy5LI5DfQ+ac0S3XX8UkPe59UEc0E3v\/UrxCu0UkeXvbYFhwZ\/9+\/\/ACF5rtl+7\/O\/C937l377\/wAf43dXY0LdlXCf+9sJ\/wCiF3PSPe\/A+THY8u2m9+s38urtdYe2Z\/oJwT\/fH\/5T11ra\/wByYfyvul3vuZ++OP8AI\/FDmHs0\/wCklw5\/98\/+8yrltnPevC+d9qXWduf8w5n5n2KXaI+Bdmh0RRIVZFZ2TmKn\/BdQeOO1b\/8AKbd\/vhh\/\/dwLx7Vff\/51HZS\/pzZ3\/JvzMX7Vb2A7W\/ovYX8xvI3ta\/6Y+Hf71R\/99MvI9rvd1HyI7an9KdzT3oxf5k\/ZoepcOBOF0n+0s\/wQvV8L9nT4ofznmP21fjntX21K\/V86mbRJFLrkeqCknf0SBp+KOF8N4ywabDMUgE1NJqCNHRu5OaeRH9tCvjzmTwc9hTg48XifR4Y8LldM1PNaRmac1lKrVR5pjqmOcT\/e95nrKLiH2eeMmzQk1eFVBs1xuI6qMfZd+68X+XmDr5TiUZvZjOdKnfRPmqjqnqmP73P6IwsXTdvtNnDxI6OLT56J6466Z9PgmHonhPi7DuNcFixLDpc8TtHxn44nc2uHIj+tepZLO4OfwYxsGd3pieqX896tpOa0bNVZXNU2mOE8pjrjwf8Ayd7rrtk7ZGcLRy4Ng0rZMYeLSzN1FKD+L\/LluV1jXtejJROWy03xJ4z8H\/32O\/7H7H1apVTns9FsGOEfD\/6+HnwhoeyHsZdM6LiLiWN0kr3d7T0c2pJ37yS+5O4B9T0XHaFoE1TGdz0Xmd8RPbPq87nNr9sooidL0mbRG6qqPN0aeyZjxR1u8n7FejvC2O7UKhXcgoKX7IOG9p9RxBS8NyycOsDqm9pcgzShnMxjr+W2q4LWq87h5WasjHtufXbweH+4dx2VwtJxdRpp1abUcr7qb\/7p6vRM8dzhnZ92OihkZi3EQ96r3HvG0shzNjO93n7TvLYeZ26\/o+zkYUxms\/7aud9p328M9c+h3PafbicemchpHtMKN01RumY6qeqn0z4I49qbG679Dxt597A\/9GFZ\/uB\/\/eRryLZH3dX8ie2l\/SndL96ML+ZH2a3fRHReuP5rI4aIKyg6I4PPvXbLUSkkWqqt4B9Hi33ryXS\/8TaCqv8A3Vz9p\/Se0EewbF0Yf+zCj00z9zu2R7Y2lz3BjRzJsF6zVVEReX83U01VzamLyxH4pRsdZ1XA0jkZB\/FfjOYwYm01x54fVGSzVUXjCqnyT6lb8VoiP\/Haf\/lG\/wAVPynA+HHnhr8hzfxVX0Z9SW1cM9hHMx99RleDdfpTiUV\/q1RL8K8DFw99dEx44lpsS4HwTGcQNdWUXfVRteTvXt20GgcAuKzGj5HN43s+Nh3q3b7zy8U2diyW0+radloyeVxujh793Rpnjx3zTM+lvnahc06srvf1UEEaoKkEnZBW\/mqIdsEgVuOqSOsMc4d4i4t4lkpaw9xQQnMyRoPdBp2I\/ed\/bQLzPO6fqmrZ6cHH9rh08J\/028HXP97oe86Trez+zmkU5nJx08evdMT+veON\/g0xytxjrm7n2BYBR8O0IpqOINboXvPxPPUld7w="}
00419{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":773,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":993148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"hCYVPnXEIImEa8W6CABFAAAoLRZAAIAG2lnAqAFkAuQucA3IAFBzB1WBvoI3EVAQAQDvPwAA"}
02446{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1437389985,"pkt_ts_usec":993425,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"IImEa8W6hCYVPnXECABFAAXc0CpAADkGeJEC5C5wwKgBZABQDci+gjcRcwdVgVAQAeqJ9AAAjkMDT8KMLApt1zznwy8h1fWM5rWYnMZuq88o5Ux1RH9zPNwPtm2wb\/13\/wAC6Ntl+7\/O\/C9c7l377\/x\/jc34Z\/0NYT\/uSH\/AC7vpnuHA+RT9mHk2v+++c\/mV\/alsLbrknApGysDrDtgB7\/C3fZLZB87tXmW2UT08CfBV9z3zuYVR7Fm6ed6PxOZ8MSNk4cwstNx7tGPmGgFd40qqKshgTHwaeyHkm0VFVGsZuKvjK589UzHobJx0K5R14g0CBuSsjinaXOyLhiRjiA6WRjWjrY3\/ACXUdqMSmjTZpnjVMW89\/ueldz7BrxNcprpjdTTVM+WLdssfsufm4clFvhqXN9fC0\/mvw2SqvkKo6qp7Il9fdIo6Os0T14dM\/Wqj7nLnbLujyoO2QQR4QgBsgYbKiu6gAgZBDkEFBCsB1AXCB0CndBA3QMRdasIIspYRdQHJBN0Agg\/kgUIId8Sos9FANOqAcdAggm5VgA2QF0ANSoGagcHU6KicyCb6IAH8FQt\/EFkTfQXVEXufNQNdAboDlbdADTVBN\/JAZfNBIabIGDf7BBKokBQOCqJ3G5CcR8TFAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIBAIGGyAQCB0EjdAyAQOz4UDIHZsUFo2QS3dBaN0Dt3QWNtY9UFkbSQbILu7LRrz5BABBKC6Pdt9kHI+FM1TWGB\/iaIyGsPO6DY8OyzUcs9CXNEjJbBjtR5oFlZFRmorqeR82YubI0aAG+yDDfm7lhuBI8AkAbDogvxGR9Jh8EGYXltK5o3AtoCg1cEb55mRsaXPeQ1rRzJQei6\/gupkj4D7KMIgdNiFZJHiuNtjOxdyd5Mjufmg984RhNHgWGU2HYfTspKGmjEUMEYs1jRsAgzG7qwGCSJbuVQh0KyGWxDuSzIhQSgEHSM9HVV\/HVZT0U3u9U+smDJc5blOZx3Go0Qcm\/kVxef8Az9\/2yb+CA\/kVxf8A6\/f9sm\/ggn+RXF\/+v3\/bJv8AFQQOCeL\/APX7\/tk38EHMeE8MxDC8NdDiVV75Ud4Xd53jn+E2sLuF+qDYYhh0GLUctJUs7yCQWcPz9UHXVZ2UYhSVBkw2ujc2+neExvA9QDf7kFbOCuL2kFtc8EbWrHaIJ\/kzxvf\/AMcqv+fn\/GQOOGOON\/fKr\/n5\/wAZUUVNdxpw23v6l9SImnV0hbKz5nWyg55wNxi3iqkkbKxsVbDbvGt+FwOzh\/BBywclodA8LcQycMYn75FC2dxjMeV5sNSOnosjmDe2SsH\/AJug\/wCO5BYO2WssP8zYP+OUF7e2est\/nbB\/yhQTJ2x4lI3LBh9M2Q83FzvuuFRrsN4cxvj3GxV17JI4HEd5USNytDR9lg\/h80HdsMbYWNYwZWNGVo6AIOnODf8ATVH+6an\/AAZEHeDBfVBe3X+pWRYAoHtogZig6d7aNOKaTp7kz\/DkQd0UZ\/vSD\/YN\/BB0521\/6KqT\/cTP8ORBtYe3LuomM\/Ut8rQ2\/ve\/\/QQWjt12\/wAw\/wDtf\/4iCwdu1j\/nH\/2v\/wDEVFje3f8A+4f\/AGv\/APEVGrxntLxXjGmfh0DaTC6eYZZHyThpLTyzOtp1sFBz7s14IbwnQSzSzxVNXVZS58JuxrRsGnnve\/p0Qc4YABdOQbYnRQPD8S0OjuCz\/wDXADt\/fVV\/gyKDu6ebINFRhCaztUDGS5\/NFdc8Y9k0OOVstdh1QyjqJTmkikF43O5kEag\/IojjH9znjKlHdw1\/gA07uscB+SBXcH8fwgNZiFS5o\/cxBwA+pCgX+SvaF\/8AZ1Z\/7RP+MgDhfaLhbS9tRWytAv4asSn6FxJ+iK3nAva1iEeKxYZj4Lw9\/dd8WZJI33sA4dL6bAhEd0CS7bg3VDx3IuoLD9TfdAEqiLk="}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":21,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":42,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_tot_l4_data_len":981,"flow_min_l4_data_len":20,"flow_max_l4_data_len":447,"flow_avg_l4_data_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_tot_l4_data_len":430,"flow_min_l4_data_len":20,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_tot_l4_data_len":430,"flow_min_l4_data_len":20,"flow_max_l4_data_len":121,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_tot_l4_data_len":420,"flow_min_l4_data_len":50,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_tot_l4_data_len":36033,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":878,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_tot_l4_data_len":24113,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":831,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_tot_l4_data_len":24110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":831,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_tot_l4_data_len":24110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":831,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_tot_l4_data_len":24110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":831,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":166,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_tot_l4_data_len":42602,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":198,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":20,"flow_max_l4_data_len":73,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":43,"flow_max_l4_data_len":110,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":42,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":42,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":9,"flow_max_l4_data_len":15,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":9,"flow_max_l4_data_len":15,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":9,"flow_max_l4_data_len":15,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":9,"flow_max_l4_data_len":15,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":20,"flow_max_l4_data_len":535,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_tot_l4_data_len":3252,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_tot_l4_data_len":872,"flow_min_l4_data_len":20,"flow_max_l4_data_len":539,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_tot_l4_data_len":659,"flow_min_l4_data_len":20,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_tot_l4_data_len":870,"flow_min_l4_data_len":20,"flow_max_l4_data_len":535,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_tot_l4_data_len":3232,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":293,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_tot_l4_data_len":854,"flow_min_l4_data_len":20,"flow_max_l4_data_len":511,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_tot_l4_data_len":860,"flow_min_l4_data_len":20,"flow_max_l4_data_len":519,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_tot_l4_data_len":3511,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_tot_l4_data_len":3298,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":299,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_tot_l4_data_len":271,"flow_min_l4_data_len":32,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_tot_l4_data_len":271,"flow_min_l4_data_len":32,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":10,"flow_max_l4_data_len":10,"flow_avg_l4_data_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_tot_l4_data_len":4610,"flow_min_l4_data_len":380,"flow_max_l4_data_len":460,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_tot_l4_data_len":128106,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":715,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_tot_l4_data_len":296,"flow_min_l4_data_len":52,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_tot_l4_data_len":281,"flow_min_l4_data_len":52,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_tot_l4_data_len":142,"flow_min_l4_data_len":52,"flow_max_l4_data_len":90,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":52,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_tot_l4_data_len":562,"flow_min_l4_data_len":20,"flow_max_l4_data_len":293,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982825,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"62.115.246.51","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1437389961548,"flow_last_seen":1437389961598,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1437389955932,"flow_last_seen":1437389955967,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"216.58.212.110","src_port":3052,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1437389981134,"flow_last_seen":1437389981218,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":53145,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":9,"flow_first_seen":1437389964518,"flow_last_seen":1437389964635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":777,"flow_avg_l4_payload_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3506,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00467{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1437389976946,"flow_last_seen":1437389980126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.107","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":13,"flow_first_seen":1437389958129,"flow_last_seen":1437389968685,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.208.193","src_port":3427,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1437389985821,"flow_last_seen":1437389985912,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":388,"flow_avg_l4_payload_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":55468,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_first_seen":1437389968488,"flow_last_seen":1437389968521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"173.194.113.224","src_port":3484,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":41,"flow_first_seen":1437389985891,"flow_last_seen":1437389985996,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":35189,"flow_avg_l4_payload_len":858,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3527,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":29,"flow_first_seen":1437389985892,"flow_last_seen":1437389985994,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23509,"flow_avg_l4_payload_len":810,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985969,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":29,"flow_first_seen":1437389985898,"flow_last_seen":1437389985982,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3530,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":29,"flow_first_seen":1437389985923,"flow_last_seen":1437389985992,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":23506,"flow_avg_l4_payload_len":810,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3531,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1437389985925,"flow_last_seen":1437389985962,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":146,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3533,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1437389985960,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.112","src_port":3534,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":215,"flow_first_seen":1437389982130,"flow_last_seen":1437389985956,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":38286,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.130","src_port":3517,"dst_port":1119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968525,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968519,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.114","src_port":3482,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968541,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3489,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968521,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3490,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968522,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3491,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1437389968486,"flow_last_seen":1437389968520,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"2.228.46.104","src_port":3492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1437389964752,"flow_last_seen":1437389964835,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":274,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":60026,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1437389953643,"flow_last_seen":1437389953774,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":66,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1437389982884,"flow_last_seen":1437389982933,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.166","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1437389982782,"flow_last_seen":1437389982833,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":7,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"213.248.127.212","src_port":6113,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":10,"flow_first_seen":1437389981197,"flow_last_seen":1437389981500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3515,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":12,"flow_first_seen":1437389981330,"flow_last_seen":1437389981497,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":249,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":10,"flow_first_seen":1437389982140,"flow_last_seen":1437389982442,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":519,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3518,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":9,"flow_first_seen":1437389982269,"flow_last_seen":1437389982443,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":463,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3519,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":10,"flow_first_seen":1437389983663,"flow_last_seen":1437389983964,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":515,"flow_tot_l4_payload_len":654,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3521,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":11,"flow_first_seen":1437389983788,"flow_last_seen":1437389983963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2996,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.21","src_port":3522,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":10,"flow_first_seen":1437389985308,"flow_last_seen":1437389985615,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":491,"flow_tot_l4_payload_len":638,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3523,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":10,"flow_first_seen":1437389985320,"flow_last_seen":1437389985635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":499,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":12,"flow_first_seen":1437389985434,"flow_last_seen":1437389985610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3255,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":11,"flow_first_seen":1437389985446,"flow_last_seen":1437389985631,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3062,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1437389955670,"flow_last_seen":1437389984611,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":223,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"proto":"Starcraft","breed":"Fun","category":"Game"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1437389982769,"flow_last_seen":1437389982823,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":2,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1437389968487,"flow_last_seen":1437389968610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":11,"flow_first_seen":1437389963466,"flow_last_seen":1437389963469,"flow_min_l4_payload_len":372,"flow_max_l4_payload_len":452,"flow_tot_l4_payload_len":4522,"flow_avg_l4_payload_len":411,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":179,"flow_first_seen":1437389964790,"flow_last_seen":1437389968014,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":124502,"flow_avg_l4_payload_len":695,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"87.248.221.254","src_port":3508,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1437389953741,"flow_last_seen":1437389953805,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58818,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1437389954543,"flow_last_seen":1437389954714,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":249,"flow_avg_l4_payload_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58831,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test"}
diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out
index 91a907917..4d440e25f 100644
--- a/test/results/steam.pcap.out
+++ b/test/results/steam.pcap.out
@@ -1,203 +1,203 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":693497,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":693949,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYsALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1357332164693,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":694326,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYoALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":694714,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYkALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1357332164736,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1357332164736,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":736574,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYoALAcZVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1357332164736,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1357332164736,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":737048,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYkALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":737426,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb3AqLyVRI5bJLJhaYkALD4wVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00497{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":737823,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYoALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00448{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":761287,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSYAAIARjXhFHJGswKi8lWmKsmEANLLiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzAy3GMcAAAA="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":786555,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYoALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00498{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":787027,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQazAqLyV0G+rU7JhaYkALGIfVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":787460,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LvAqLyVUatzCLJhaYsALBktVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":787832,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYkALAccVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":823633,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWScAAIARjXlFHJGqwKi8lWmJsmEANPbVVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA7fJcQrwAAAA="}
00450{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":834981,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSgAAIARxIxEjlskwKi8lWmJsmEANPCBVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAzHF5K\/4AAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":836588,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYsALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":836991,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYoALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1357332164836,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":837381,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qbAqLyVRRyRrLJhaYkALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":837780,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYsALBkvVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":869478,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSkAAIARjXVFHJGswKi8lWmJsmEANAokVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAumV7f70AAAA="}
00450{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":873184,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSoAAIAR3dxIpT27wKi8lWmKsmEANMZ2VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAjNtWHqQAAAA="}
00449{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":876828,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSsAAIAROeySQpgNwKi8lWmKsmEANDIHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAhmUJFOgAAAA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1357332164886,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1357332164886,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":886847,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb\/AqLyVRI5bIrJhaYkALD4yVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1357332164886,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1357332164886,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":887493,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAROR3AqLyVy025BLJhaYkALFmQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":888054,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC7AqLyVRI50s7JhaYkALCShVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":888531,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYkALFeBVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1357332164888,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00449{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":892062,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWSwAAIAROeySQpgMwKi8lWmLsmEANKu+VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAMlh+aU0BAAA="}
00450{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":912924,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS0AAIARqvhEjnSzwKi8lWmJsmEANEAeVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAHUr6J8MAAAA="}
00450{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":925660,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS4AAIAROeqSQpgMwKi8lWmKsmEANAVPVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAJg+KI\/QAAAA="}
00450{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":927241,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWS8AAIAR3dZIpT28wKi8lWmJsmEANMuoVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAUb2BCq8AAAA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":936282,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARQa3AqLyV0G+rUrJhaYkALGIgVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":936712,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYoALFeDVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1357332164936,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":937088,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYsALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":937511,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYkALLOSVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":974050,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTAAAIAR3dhIpT25wKi8lWmKsmEANKoaVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAABVTtA7EAAAA="}
00450{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":980734,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTEAAIARxIVEjlsiwKi8lWmJsmEANIkpVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA3X7NeAABAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1357332164986,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1357332164986,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":986669,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYkALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1357332164986,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1357332164986,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":987107,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYkALFePVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":987504,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYkALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332164,"pkt_ts_usec":987855,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYoALIgcVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1357332164987,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00449{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":15111,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTIAAIAROeSSQpgOwKi8lWmLsmEANBm8VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAc5jYKUQBAAA="}
00449{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":17274,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTMAAIAR6HHQb6tSwKi8lWmJsmEANJoiVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA03wFcOUAAAA="}
00450{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":20030,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTQAAIARjWtFHJGrwKi8lWmJsmEANNwtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAk2i\/c84AAAA="}
00449{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":27560,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTUAAIAR3d5IpT2uwKi8lWmJsmEANL5BVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAyxQbKKkAAAA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":37133,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYoALBkxVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":37556,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYkALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":37929,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARORzAqLyVy025BbJhaYkALFmPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1357332165038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1357332165038,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":38324,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYoALLOPVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1357332165038,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1357332165038,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00449{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":75421,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTYAAIAR3dxIpT2vwKi8lWmJsmEANO1rVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAw5zrdLEAAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":87319,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYsALLOOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":87803,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxzAqLyVSKU9rrJhaYoALFeOVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1357332165087,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":88203,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYkALIgeVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":88572,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkyDAqLyVkkKYDLJhaYkALLOTVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1357332165088,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":121960,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTcAAIAROeCSQpgNwKi8lWmJsmEANEZHVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAkDOUBj8BAAA="}
00450{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":125176,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTgAAIAR3dtIpT2uwKi8lWmKsmEANFKmVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAqXeqX6cAAAA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":137546,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYkALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":137979,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw\/AqLyVSKU9u7JhaYkALFeCVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":138337,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L7AqLyVUatzBbJhaYkALBkyVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":138716,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6vAqLyV0G+FVLJhaYoALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":148604,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTkAAIARDmnQb4VVwKi8lWmKsmEANIntVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAATel0NDIBAAA="}
00450{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":166578,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWToAAIAROdySQpgOwKi8lWmJsmEANCG6VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA27XMEOAAAAA="}
00450{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":175965,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTsAAIAR3ctIpT27wKi8lWmJsmEANAJdVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA5fe1HLAAAAA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":187509,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARZ6rAqLyV0G+FVbJhaYkALIgdVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":187985,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYoALFeMVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1357332165187,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":188410,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxHAqLyVSKU9ubJhaYkALFeEVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":188765,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARHb7AqLyVRI5bI7JhaYkALD4xVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1357332165188,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":226135,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWTwAAIAR3dVIpT2wwKi8lWmKsmEANKPuVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAASRKpercAAAA="}
00450{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":229000,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT0AAIAR3ctIpT25wKi8lWmJsmEANNMtVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPeyXWaUAAAA="}
00450{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":230092,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT4AAIAROdeSQpgPwKi8lWmKsmEANLvcVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAACGWHPF4BAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1357332165237,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1357332165237,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":237614,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYsALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1357332165237,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1357332165237,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":238086,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qjAqLyVRRyRqrJhaYoALAcbVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":238600,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx3AqLyVkkKYD7JhaYkALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":238956,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxvAqLyVSKU9r7JhaYoALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1357332165238,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":243079,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWT8AAIARDmTQb4VUwKi8lWmJsmEANLI1VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAPGE+dlEBAAA="}
00450{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":266390,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUAAAIARjWBFHJGqwKi8lWmKsmEANA+cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA1CBaTb8AAAA="}
00450{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":270837,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUEAAIAROdSSQpgPwKi8lWmLsmEANCWgVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAfF+2fVEBAAA="}
00450{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":277274,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUIAAIAR3dBIpT2vwKi8lWmKsmEANO05VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA8dLGb6gAAAA="}
00451{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":279030,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUMAAIAROdWSQpgMwKi8lWmJsmEANPf\/VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAXTRtTucAAAA="}
00450{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":285882,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUQAAIARxHFEjlsjwKi8lWmJsmEANM4fVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAQP0jAwIBAAA="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":287742,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+LzAqLyVUatzB7JhaYsALBkuVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":288542,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYoALFeAVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":288951,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARBC\/AqLyVRI50srJhaYkALCSiVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1357332165288,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":289304,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR+L3AqLyVUatzBrJhaYoALBkwVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00499{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00451{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":291495,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUUAAIARDl7Qb4VUwKi8lWmKsmEANGnGVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAD\/WHUH0BAAA="}
00451{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":310175,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUYAAIARquBEjnSywKi8lWmJsmEANI39VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAA\/x7bdLIAAAA="}
00450{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":330124,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUcAAIAR3b5IpT28wKi8lWmKsmEANK1cVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAARbG1YaUAAAA="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":337053,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx7AqLyVkkKYDrJhaYoALLOQVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":337468,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEAR5qfAqLyVRRyRq7JhaYoALAcaVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":337861,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNxrAqLyVSKU9sLJhaYkALFeNVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1357332165337,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","ndpi": {"proto":"Steam","breed":"Fun","category":"Game"}}
00450{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":344423,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUgAAIARDlrQb4VVwKi8lWmJsmEANOC5VlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApkPUDiMBAAA="}
00450{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":370602,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUkAAIARjVZFHJGrwKi8lWmKsmEANABlVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAAZ1y1R+AAAAA="}
00450{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":375115,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"AAwp3FvtAFBW4RiuCABFAABIWUoAAIAR3cdIpT2wwKi8lWmJsmEANEZJVlMwMQgAAgAAAAAAAAYAAAEAAAABAAAAAAAAAAAAAAAAAAAApDC7AqgAAAA="}
@@ -213,59 +213,59 @@
00551{"flow_id":50,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":949380,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"pkt":"AAwp3FvtAFBW4RiuCABFAACQWVEAAIAR3WxIpT28wKi8lWmKsmEAfEkXVlMwMVAABgQAwKtTAAYAAAUAAAADAAAAAQAAAAUAAABQAAAAgux1ympnhlJKXy0zvwqCQYTlqRzT2LWXTXvx\/11gCr4VUXaqpbhFIulso4n7wIJQpJ1kPnewIgY2tvvA5o3XJWewqSsndHrQTTMCTo8TCAM="}
00440{"flow_id":50,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":950083,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AAwp3FvtAFBW4RiuCABFAABAWVIAAIAR3btIpT28wKi8lWmKsmEALJhoVlMwMQAABQQAwKtTAAYAAAYAAAADAAAAAQAAAAYAAAAAAAAA"}
00440{"flow_id":50,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1357332165,"pkt_ts_usec":983077,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARNw7AqLyVSKU9vLJhaYoALKBoVlMwMQAABwQABgAAAMCrUwAAAAAGAAAAAAAAAAAAAAAAAAAA"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_tot_l4_data_len":1080,"flow_min_l4_data_len":44,"flow_max_l4_data_len":332,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":44,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1357332165137,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1357332164737,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1357332165138,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1357332165289,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1357332164786,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1357332164694,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1357332165287,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1357332164937,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1357332164837,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165020,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1357332164837,"flow_last_seen":1357332164869,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1357332164787,"flow_last_seen":1357332164823,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165370,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165266,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1357332164736,"flow_last_seen":1357332164761,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165375,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165229,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1357332165137,"flow_last_seen":1357332165175,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1357332165037,"flow_last_seen":1357332165075,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165027,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164927,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":11,"flow_first_seen":1357332165288,"flow_last_seen":1357332165983,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":324,"flow_tot_l4_payload_len":992,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165277,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165226,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165125,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332164974,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332164873,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1357332165037,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1357332164887,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1357332165188,"flow_last_seen":1357332165285,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_first_seen":1357332165288,"flow_last_seen":1357332165310,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1357332164888,"flow_last_seen":1357332164912,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1357332164886,"flow_last_seen":1357332164980,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164834,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1357332165187,"flow_last_seen":1357332165344,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165243,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1357332164936,"flow_last_seen":1357332165017,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1357332164787,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1357332165138,"flow_last_seen":1357332165291,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1357332164987,"flow_last_seen":1357332165148,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1357332165238,"flow_last_seen":1357332165425,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1357332164986,"flow_last_seen":1357332165166,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1357332165088,"flow_last_seen":1357332165279,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1357332164937,"flow_last_seen":1357332165121,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1357332165337,"flow_last_seen":1357332165520,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1357332165038,"flow_last_seen":1357332165230,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1357332164737,"flow_last_seen":1357332164925,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164876,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1357332165087,"flow_last_seen":1357332165270,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test"}
diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out
index e71ba35ff..bfcc00b13 100644
--- a/test/results/teams.pcap.out
+++ b/test/results/teams.pcap.out
@@ -1,10 +1,10 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00777{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041672,"pkt_ts_usec":419153,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1587041672419,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041672,"pkt_ts_usec":611330,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1587041673094,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1587041673094,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041673,"pkt_ts_usec":94451,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"}
00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041673,"pkt_ts_usec":412435,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","type":34969}
@@ -17,21 +17,21 @@
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","type":34969}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":611218,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041675,"pkt_ts_usec":997451,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1587041675997,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00482{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":10607,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"KDc3AG3IEBMx8Tl2CABFAABfTWlAADkRcM3AqAEBwKgBBgA17Y0ASwAAzp2BgAABAAEAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQABwAwAAQABAAAACQAENHJNIQ=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":59,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1587041676362,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.33"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1587041676362,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":362386,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex0AbuczSMnAAAAALAC\/\/99oQAAAgQFtAEDAwUBAQgKMISXcQAAAAAEAgAA"}
00434{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":405623,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8L\/5AAGwGm3w0ck0hwKgBBgG77HRJoiConM0jKKASIABWrQAAAgQFoAEDAwgEAggKYQZMqDCEl3E="}
00421{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":405727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSMoSaIgqYAQEAmVMgAAAQEICjCEl5xhBkyo"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1587041676435,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1587041676435,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":435900,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx1AbsuhcJCAAAAALAC\/\/\/XIQAAAgQFtAEDAwUBAQgKMISXugAAAAAEAgAA"}
00423{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":448366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0CixAAHUGQvQ0ccKEwKgBBgG77HWQGjC4LoXCQ4AS\/\/8WpAAAAgQFoAEDAwgBAQQC"}
00405{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":448463,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcJDkBowuVAQIAA3YwAA"}
00689{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":449862,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD6AABAAEAGgVrAqAEGNHHChOx1AbsuhcJDkBowuVAYIAChLwAAFgMBAM0BAADJAwMtfzNr5sJ0vwUnIfI3TV9sTsGbPpwfZOWfmMdYc+2laQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACEuroAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACNraAB0AFwAYABsAAwIAAnp6AAEA"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1587041676435,"flow_last_seen":1587041676449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00413{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":462228,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCi1AAHYGQf80ccKEwKgBBgG77HWQGjC5LoXDFVAQCAROjQAAAAAAAAAA"}
02368{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":463856,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCi5AAHYGPFI0ccKEwKgBBgG77HWQGjC5LoXDFVAQCAQshQAAFgMDF4QCAABmAwNemFWMOwvyyx98MPDpobiZrVYPHPwmzf3\/rqSZvCgYpiAgPgAA6ItZFOaiSOVhga+svmIZUZRfrWAIsMqwTIVN78AwAAAeAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQAAAAAACwAOdgAOcwAItTCCCLEwggaZoAMCAQICExYACfRizWOR6fGx5P0AAAAJ9GIwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MDkxMjE4MTY0NVoXDTIxMDkxMjE4MTY0NVowHjEcMBoGA1UEAxMTdGVhbXMubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOO+GAF5FB9ACneJsYJqU+PaAkwhs3Pmnh9LB9B35XWkyrIOYraOvvuhrHxhFcxbMuiVa3ke581gm0OvyNFkH2vhqLGtQ51IvKov0oZNIk4rt1kgisStRRDSjUTgKLPQ44s9fKS9qz\/Va1Q2\/LQEZQNYdKcaI2nANY2RmggVm7Aa\/Dx1r4sJ2SJmuRoiN6m9zGBwTorEnL9Q2Qy5FB5\/iaYy2JMNbemS7IbV+TczygQFu\/QwI3ZrqvbUGdtEzDIOU7YZXOmC6UcqvvcY0rIuNd65HCSFAv0X9ivVh0LGDegTyjuqKz68YmBI\/eJFXu94jw\/tEDwiIAZfs4Qk12UiGJsCAwEAAaOCBHgwggR0MIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAW0mulFVAAAEAwBGMEQCIHebEsXaxq31cmEfhRo\/gehRDe\/E1VvIxKmBjiYm513RAiBg9lvKKuXFDabtrglkBNY11LNgy+HL5dblDYVf8MIppAB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbSa6UVUAAAQDAEcwRQIhAOXf5ZJgk7Qqrx2VlFvAiEAHVXnD3mS7WxPkEHf9oGczAiA4\/Ss\/FGYnu0+Vqu\/igskDlNIA5yQpWRpemVD\/90ZvtAB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbSa6UqQAAAQDAEcwRQIhAOcvU5U2Fi9LD1ckKACgnV\/R4RUZapoJoV\/V8Nkdsox8AiB+s48woDYS2UZcbGfro+s0PlMOsyBbDvpNcsr42cSgwgB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbSa6UYEAAAQDAEcwRQIhAIBIEv6AY07+qXpuv9wKUq5PN5rdrOhWtdzhJm8jXedKAiBSHHhgI9NvoD6YhCpK3V\/Qif41w296yUSCK7eujn89vzAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFCbjW3RNU09jtsrWbR3zyYhJ"}
02358{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":464089,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCi9AAHYGPFE0ccKEwKgBBgG77HWQGjZlLoXDFVAQCASK9wAAxC7UMAsGA1UdDwQEAwIEsDAeBgNVHREEFzAVghN0ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAjJY5eD13an7Bpx5xxIqIPAsj0wiAkSQlVHG2eWn1U7EMYkaYNm1bcZdbxatFHak6SPpDF\/BFWOAuxpq29sjki83Ws\/tIbRtncE4DVkv23fvgeWG2G8sq5qx4c5qA830fqmXSktLgOpsdgmBaOYSsTY0x33dUHa4NMN17Lj60Gsd3yzeSYx7BQkMQJ\/V8Vdknwzcy4ja6ZEHFlhJa7naHWvheu4dpEV12l\/I7XnKJj3AvK6V0oRh9ztLUCO5SEw\/4IchbkuDrjeM7N7xqdsbAB+zxItuIRkK6NPYNfq2P1YcBIYP\/55E1YA\/2W2kVT3L2yJ3TBXNrhGw8kxGBtYIUDJYcydM9DjdbmXfvOOXkrLnLmQLDNp1UY2giyd1SVy6dmyy4UPGdKMrUjUJxLeLEth\/qlHwMQ78rdVWdoP1WKC\/rLalfyuTCeXW4p3qIF7Av0WcDgkUyDRhNrOo0xzsIbxL1KpcpwCXtJW8Gn3LPsecGEsCzZJ4Oio5x7suMWRhIOATNYjrQKjkP5yhS6WUM11anpHQdizI1hSi0Dsn9iu9KVNBmLjAhQpIWNLvziKckaPyFYM8Jju2yhenSjGdxKE8kwLk8CNf9zLVQ456aLfF9ge8FhSE9Tl8aBpIGGPaqGtl414VBcDE1HXqCtckuHxFFd2OvG07l2FddY0bGOrgAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7"}
@@ -40,29 +40,29 @@
00406{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":464401,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcMVkBpBvVAQIAAljQAA"}
02367{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":464457,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCjFAAHYGPE80ccKEwKgBBgG77HWQGkG9LoXDFVAQCAQqtQAAAQICE3gAErJ3YfnO2ox+\/bwAAAASsncwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTIwMDMxNTE1MzUzOVoXDTIxMDMxNTE1MzUzOVowKzEpMCcGA1UEAwwgTWljcm9zb2Z0X0lUX1RMU19DQV80X0tleUJpbmRpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAEyAX+5SqsGiqoUBRMLbUF1MOQcsxK8kPSKDVxGywx62TXqosok\/w8WIw51eitl2x7hGoq0+h3f95iPllxy7yEMgH7qmedNRiuGxRK+fAa5MH9aVtlomaFyqBArysde41\/HXuL4UW4GtwiAkT5ExgE2wHYEV7T5X03YsAWWM3JKQwMjB+rXZkft+Uk5MWL\/cJto5+yML0QwJr2wL9Ak66bKsuEMnGd8UzoAOAp5Rk0DmxRztNTjl\/lZ2ntFXsAyJALx3q0EDreLw0q2SftDOieUHmNsOvbAPjYsWKtDXayhXR0gqkwAbamSUrmFXf6QE7XDQuHTRyG7d\/srUScNlDAgMBAAGjgdYwgdMwHQYDVR0OBBYEFJ\/ldPQSLwcZJHaSD6SOKmapFFoKMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2BzJtHgcjpFgIBZAIBBzAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4ICAQBQf\/nlSogs2KaMuQIKX+dZl6u\/fN4stOkBATIA+8WfgJ+qNyF20yCllnRhbqa4pd5JTrRYGJZhGA7agazmyim9wGvV0HcHxLLN3oNZBP5gF5jLC0IqxgJEvTiyy1\/1wYRdtr+SpcKNi2ZCac3x7voBvsf3YH\/f1jAp2zQ87qKhRy1PmcUkJdsJR2OnkYNgdR6oPKCsPkPve+qZXjBdfEVjq9duYM1IFFq0MYXUlFCy8YhnxEcasx4mCnA6B14O98ewaSZZhGaP6Py\/67LRhuWf36qXptvXI8bFJZEld25A5aR+COHvYWrlWmmfie3I9YEeDGTVodHmHxesLeBLQQmxpuZgnJ1eZYwSS2g4bPN+OSonsgPlHLzmBJcUpzxJl3mgtcjyN+2OgF46A4V1ENucCVGdLYjsbo\/kk6U7V0KiqERMGjIUeUVMt9tfNUf6xYXUsVOKsIfNcAMbDiCO2hf6q+1nKxCJw6p0qsB1ANlzJi00XH17tvsddvABkR26jQRxWpc1ck4l6ErNYoE186dUnlcdlKjaIHU4jQ4CS6fS1HuZFQD6VdPpfAFSv8BxzC46PHD4wMhUHF2gx9Kp9\/ATrborJ6OxeXVS1Ba+IQzGX6MpVsGiH22VzumR7tEvftwy0MX7pfN+X9yHBrJmVvFG4s6d6wUOHM9cT9DziFvLgAwAAWkDABhhBEOupEe2\/wMMEK1iMM54UEoH8unxhtj8WYzN80k6LTIvPHF\/E25mwBrd3Ddc+3TTzEaMPjU0+M1XvIyvzj\/A5sXKLwcCblI6sSI+xP6Em1WR2E8sGgWJwUQhIVnRVHu17gQBAQA2v2zCtIQ6w5Ob9q9XSh\/Bog29dyX+eHSPzY16LHjE96ewrDw0qMexSBDw"}
00706{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":464459,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEBCjJAAHYGQSE0ccKEwKgBBgG77HWQGkdpLoXDFVAYCAScCwAAzjPbh60Ymm0tjFk6kKgrED9s6hrOYY5pNu9VYrK5pPgxrSAhNhst5\/5\/8MVEhARh014b8CQkuIP\/vDOZQPpfBPopVpmJQj7JuxbLB4RkMuq3bvko5Pv44o\/CEkLjRMQz4fOj+fCfq6EDg08bLmY27izuXnzUyg6CsISBPAsldliaS9FIdEgJKTmeAjW1uvY2xcoz9nx4cyxTpSxEiJpA4aFIkpyBYWDmjthHymsU\/xnc8dTEutTFR+vDoTJfm4wIDWbSvwIBoMC53HPI8+MWGNP49ra7DgAAAA=="}
-01049{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_tot_l4_data_len":6511,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":542,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+01060{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00406{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":464500,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx1AbsuhcMVkBpIQlAQH8sfPQAA"}
00624{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":469351,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"EBMx8Tl2KDc3AG3ICABFAADGAABAAEAGgY7AqAEGNHHChOx1AbsuhcMVkBpIQlAYIABMRAAAFgMDAGYQAABiYQRucgjp+M009+y7BfrWGJrcaVoux\/RH354hUT9jM7kfyxIcTlbdGetTxtE3\/iG2szAPJokY+ykEqiJVfPaADPdlT4ze\/rZ3TdQ75xvFCAZrXljZeVoJBMqQeQJ6WRkIuLoUAwMAAQEWAwMAKAAAAAAAAAAATwxUzwoKZVac8SgD+A7mr6xxWyeSVP1XG1iEDvtSuCM="}
00414{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":481000,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoCjNAAHYGQfk0ccKEwKgBBgG77HWQGkhCLoXDs1AQCAM2ZwAAAAAAAAAA"}
00660{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":499766,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAG9tTAqAEGNHJNIex0AbuczSMoSaIgqYAYEAlcWgAAAQEICjCEl\/VhBkyoFgMBAKkBAAClAwNgsc\/zVfk3fJaoeGVjBvcvXHJydxa1mwDEXFImXbQK\/wAAHsAvwCvAMMAszKnMqMAJwBPACsAUAJwAnQAvADUACgEAAF7\/AQABAAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAsAAgEAAAoACAAGAB0AFwAY"}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_tot_l4_data_len":322,"flow_min_l4_data_len":32,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02363{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":545373,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL\/9AAGwGleM0ck0hwKgBBgG77HRJoiCpnM0j1oAQBAXctwAAAQEICmEGTTMwhJf1FgMDEGYCAABRAwNemFWMXBNb2F1eIS0NgygX31DvjFSWgfTq\/PXgXBX\/USAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC098AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
02357{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":545588,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMABAAGwGleI0ck0hwKgBBgG77HRJoiZJnM0j1oAQBAX4aAAAAQEICmEGTTMwhJf1LnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00421{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":545644,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSPWSaIr6YAQD9OIagAAAQEICjCEmCFhBk0z"}
02211{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":545713,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfMAFAAGwGllY0ck0hwKgBBgG77HRJoivpnM0j1oAYBAXusQAAAQEICmEGTTMwhJf1BM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdICf13BoKrGZPNG0+yUJZK8TCtflNTiG631bDCjWUJK4jBAEBAHbj1ePhfFL5FSiea0SFM\/ZkVyK+eDewU7ywV8xdIo\/5AzxB4ECtK1IiGdkJ4RVX31AHi\/CkjfaxlSycpoLayFFGuAJ\/ODU7meLERtve+q8bpBRRkElp8CtGG9ufBWZM9OTtVSHSiids0Y1qJQaSL3O++gtGLx1JVip50NS8osX9SZs8vOU1mv9\/OX7t6Mf4KJwc2l5RJQo9oZOzhWuMVW1WLzsIvCX5rZUG4lQu5imnPzvYMSQrxbkvH5vRtOnQ0oCK3Q4B72NjaN5XozPSxx6kRN1\/Ro5FKsGYBxIif+k03b5X8xi1li92DKijNEFd0s2WeBCBNW7PWnaHVE4F\/NAOAAAA"}
-01297{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_tot_l4_data_len":4653,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":581,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01308{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00421{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":545746,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSPWSaIxFIAQD9aDPAAAAQEICjCEmCFhBk0z"}
00551{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":547152,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIex0AbuczSPWSaIxFIAYEAAchAAAAQEICjCEmCJhBk0zFgMDACUQAAAhILIaMevnbK1\/hpHUboPpPe+pb1HBL\/FLZ+shbMz6dR9FFAMDAAEBFgMDACgAAAAAAAAAAIJ0SPvnUI1H6qTG02JvBbggKD0kfO8io3ogy9sAjVIf"}
00492{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":592494,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnMAJAAGwGm000ck0hwKgBBgG77HRJojEUnM0kM4AYBAUC6gAAAQEICmEGTWMwhJgiFAMDAAEBFgMDACgAAAAAAAAAAP2LLG2PnDQehKYYtBjGkN6MY9XhuxGTfkh6HM3dIStA"}
00423{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":592590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex0AbuczSQzSaIxR4AQD\/6CJgAAAQEICjCEmE9hBk1j"}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":611249,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1587041676612,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1587041676612,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":612882,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
00433{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":642642,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="}
00421{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":642755,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5PAqAEGKH4JBex2AbukS07qokMa3IAQEAn5EwAAAQEICjCEmIFVAL3h"}
00753{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":643404,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRp3AqAEGKH4JBex2AbukS07qokMa3IAYEAkkyAAAAQEICjCEmIFVAL3hFgMBAPEBAADtAwMFij+vLNUEXtDYw018fSI+oguo6nn0NGVGlSQBEa6j4wAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
-00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_tot_l4_data_len":394,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00792{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1587041676612,"flow_last_seen":1587041676643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02378{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":675374,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXULqZAAG0G5kwofgkFwKgBBgG77HaiQyYcpEtP4IAQBAWIzwAAAQEIClUAvgAwhJiBCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQTOd4jCuMTh7EYDlmBiiGmTGwexXcFlv\/T2ck50p74cYWIJH\/qL5LjbfCSDp3wqAO8ZZNaw1gxy4Uzbx\/mTFEUoBAEBACuEjKAM1qXUNVaS\/GaC95SQ9vmaMh+jYNW\/golBe81NwxyW1ReEMvroTkbS6BjiR97ixB57SOr\/EVlzcCLlr0XL6vCOvZKaaq3SzHreSfwbGspHUYxwK5i8j23AovUYK4FdR8PK9GkF5j5DZYPL2nmL62KrpTU3AqFF18hKfZ2alq2jaowqtsC3NBCAd6aifgpEBRhB9rZP2x\/YPgDeBGSAHqMX"}
00553{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":675379,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"KDc3AG3IEBMx8Tl2CABFAACULqdAAG0G64sofgkFwKgBBgG77HaiQyu8pEtP4IAYBAVGDwAAAQEIClUAvgAwhJiBfbkMHpnw46Od39l8xQWfkMb8Y4m7UQItE2ZTaCJ\/+0VF2uUDoFo+ZzMmKB4UT6N0T0t8m216vjKZdmv27C48wjxjvRwQlpbFUmbQ8WYEeJCXNqNVwUeFV6amQX8OAAAA"}
00438{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":675476,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS0\/gokMa3LAQEAkrhwAAAQEICjCEmKFVAL3hAQEFCqJDJhyiQyu8"}
@@ -77,12 +77,12 @@
02365{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":769788,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex0AbuczSQzSaIxR4AQEADqKQAAAQEICjCEmPthBk1jFwMDQBgAAAAAAAAAAVkfdghZFn7EKrTllFW7HsImopwaU4grgSMVQ9Ln8qFbWiGKPmAEmfR8JlskLbsUstOIiA11CeyqpKw3y7eFcu4cr3fWBWF5a3MhVe\/qNNfyWDy5QD2e\/ZEtYoVJsEXAk\/u4zUG5JuKAUP+mHQ6miLNPfeaCeFAdX6eOWqUw\/e60W7tbVcQwA9+siW+1loHYZMDieP2+QUop2JdvGnqEul0ug8pAuR27fw8RwfKHTxcg10fjGvxpfiZcouuy\/Z57jOQxIlff9oul2kld6vdPQGtwoyWjc1UHnvPTg1yJePblTg5CahHTzrLsBQxpZrmyqKdvVb85s17DvC1KGz4MmwZUUWA4eT9wRmFHopDghoqcHG\/TEUkfn259GszahDaoDNR8OgZy8Q818o394BbboE8nAuPdWEprIyVVDWOF7dnLzpj8\/XR1PbJ9nhjWR0jGM1kOA\/4OTzxGuyglNZT7bHz+UBToU+UIUqEUmv79ueiLkumpRnyuyQioiqXqiExvwqapAYh0gRfE5rwyN1YKgjZ1S6ii0sVjhv304LHo2H0GaWkaTm3uMm96ue8TnP6zQ48ESJiZ1eq6bnNAzhiu\/gGA1WT2l5PIxoy3unMgoFe2mDMpi0BH3MP7JWF1N\/lm7VlqmE6Xw01KFWXDgCokZ60+uckebdZhnMGG\/TTMbCtmg5YFRQxHb2PCCRhBMTGjr\/LmmAg56y7IxinR\/rR4IcGtsawGo+UmBw\/8KklLJsV6nE9oxFbzQt6BAI4E00uKSTEDocctWaTbMtDyWdnog9mDE3YWHOdhvAba9bjNNA+H67B1lUyh903op51e73olekk8ly\/bdCK5N0acS5BLgBeAbydJTxWysj0Btrph1fw\/fEQc35Q4KShs2VktgCr2tqQMRfTezBI4YDMSCiihlgFvMb0CXxMkwG8\/1CGdkME4i9xQqqwyCEcRlfUVbd15eWz9TW8L3BdFxC1rSJaHjaCAkG8fnNsS+v6P\/xLtrgrq8y8HBfUAHiPDgwzqwCfoiDhB9hlCUonShmV0cWfqCXdW4L+gNSJcWndZSLwshj6EItxNX1Hr7TEmWMGCwatiCyOZiHMutTXIKiuWPEi0+s2043QIyMz+DgoAt3lmPScsBM6oDqTW++hMmfyofGU2QSRCgs7Q8voEuT7jPC564IIi2T17wgokC4rxLMBa4xSSpoj\/lYnLw0mR3TwT1jNQ7JJ\/+iNW+uZ+HUm8w7TvxbgQQQYcQ98FcfYRP+dmJ64ByZ2rQ1N72p9w7aBDPNjQKJ478xGSSKFmjLiNEqhKkFXREAidA8oqmMko9vNvjsAkotRjKmRbon0\/zAHocH32Pq7nogXTuUe53R2soxdSgvcTM6fReTUMf5YNCAqD3wom12vilzgS\/6OPV8UTie1wmsZheZpR6DnPoczhJZzzvst\/grCBPaeuAOQ1PRBp0fCsZKh3QQlc+rjPVR0FD\/Qb8IGBkUF4huRvbJVzkNszF2EL+RkvXhJbprXBncJJRjIISx2jUiJg57HcPcg1UZg6rOcWqafEFAyghPThgPc06l24tfmRM6\/F2g7EZp6S\/4USUUzJfscT7EEfit6a5\/cx\/sNNn56Mbw3e0soYaYHXbVyeygrGu9xdcE\/PIPgetT6G4EXxf79l8hokaNLJqOaX7Wgo9haYksVOYzj0E7yuDUHZbu+7JW0pewGxjcxp8wa\/A+qdZBGPA3PWdq6zSBGv3gg9dk\/lkrwIjE5u78KfYIeHNg7IBuuZCKzE\/vZOGS5pXCZRIXmlHk0S9C81njFOovyu4OGmGoZXok3hOnqUBn4ZgjIjoAoTT5i30p4sM7jCijhG5Kk80L2ElGVDWiPbYcM6YBy3G8ofyiHdFIeQUUiEg4j+PX1\/"}
02366{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":769794,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex0AbuczSnHSaIxR4AQEABkowAAAQEICjCEmPthBk1jhetVSaOs0tVuOWSWMQt9KqsujxkAMKWHRi1WGPxJI63MiRm2Ue\/V7d2WwiTSqcWMmV4UGBaBicxHy0Im9BFzDU3NPUffzhyUjcoAONACL0EqIVjd+10VQxMJcbmvHrnp5weXg+CcMG4Dd8yFN0vKXme0TYB80DXsjBqDYndTE8W1CDaLM1Fpt7g3kwqwppOJOdACvhyvD2b0bMN+27J\/5sUsuwybgNukgyii8wUecNhmpO2zLmM263oF3M2iHh2\/a3cCaSw\/q2SexfQDUFSiocH3Sj5MTL3FTfyXCVuzyFn1Z9sMNr+h\/uZxr7J4\/pYPPENAalR9p8vwjUF2SKtKyjMUltBbm8nHX1gFhoaJG8levkK1PAM0uiA4kXxEoXQBLTw4HDO6eHj7U8HOYflNZXJWB15vmpaF61hrJnxjWHv7QqxOKL7yWyxSAWNT\/YDsPFOJOVeKEtJyKrHXmo89w7s5jTRmj24Jqykxq3HbONuc9m74lriHWyALwtB4+19pOt8Ofv42xsEzdzppNHnN6WleK1tM3E3VtreWlthU0885jovLDfKT5DtNDmGtGgEhYwoxYmwCEiuJFqFGi0X3Kbm92KzNxjf8IrFjBzIiqUO9PqXwbfUup9qhvG9KOVQOg0xBhMjV6bc7a3Uv70HipO0VLfK\/95Zn2\/0+Kt4kLPjyEsDh3x1+wI3KKHFxsgRTJB+roeShavaOcq6wUrIhIrWz9nDgJ45C7pgGliTQcFcll5A8leMbwk7nc3fEQvLuT+07WcS\/MtgsUTIfKSBZ5kKvSbKLebl2\/2hxHU5+8hr6ODuw0pGl5BJKPZXudUVDojF0y+t+wviklcVBYGSeutHjyxzaPsOV30d7+cE50ezVy4fF0AAOK6tztNR5ayL\/o7BJYQqcWztDcXoZhqgV19AAsJH5OXGjv\/5XuBfBdUtK+4D95P7Kv8Hvu\/e7hKaVHfFkNxX7rtQ5KlOzOTCC6VUt+j5OCYKlTcJyhMGyqDl4L7iIWLTqmlkA7hGU2tnY5HAzfxtElKR+kqelu\/FinQpzRcf3I\/dHsQFRPfLRahYBMfi3fDEBbIbUT9hXjYctI\/+cDAlN\/5hyfxhna4YcY\/dA0zq22Bdvt4HYS8mZD4xWp5AmjhYnWr1I9Tb+xPnSg0sPnW83DuQpqY2LCUA++RU\/oFYJAuTZHg1A+eFNULtjFJmKsbNp5VWsaTAGUs3RXIf7VtLQ83xCL7CyPOY7dY94\/Yil4+jd3kf46y6K9IH6YPzz4d1TXXvmX71YzDR94JcxRaRnaARqx7T\/M5BNw5bhFW6ees0i4OJNgphq1VaLc3xNeIkFY6+S0icOS5yTlqzLV6zZHXQnLJIwP6QbL+TjaCXYpbZqDEkPhCxZ22MJ1RILD0FpjJPJlDopx3HaGqXbUJmyoohvW1tLqcChXQPB0cIEcKpfHUoQzXH\/Bt5Ulfa\/aPlOx7YjBTNYrlqHP+uUCsRkSJDK5+jHrnzCN8XyStU70Shbp\/CV73lzd1PTqBYjnrv+NQUgOSroLFuXu8GUiUHz9XVwBs5hq0aN\/pXA6kMANc+EClVvxxF910l93c7wo71We89\/85YCbH\/H11hsYuGjoAucYB143swT+YbDm9IrvMjghO8iNg1T9V5414OnB+Zig+jXFJXc2rpyVkqp790PqfQiSZYXzKGwZmYwLIX7Y2J3lrgqCltjx5WPaKCTgZLmvqFbyJZD3BNuEFcBZ5dyfSEvI7e4bYBQ4HdpBAuGeXiBCvN27t0Ca0F\/GUQILX5M2a9bOsfJp4IFIffaALVfwVVAPzgLFtn\/+q5CC2YHe7L\/Wr6N91+wKfktrFQIBiJDAae0dpARr\/waXCgK8wLfWnNDGNhN42hH8i\/H3fo\/x2KGVF4zCYeIlOf7cLP3"}
02360{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041676,"pkt_ts_usec":769795,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex0AbuczS9bSaIxR4AQEADpHQAAAQEICjCEmPthBk1jWylJT2di9X\/pvFaCQxDFYRfzWolRdIDirpYmnOjJmvqzpPA20taElVSIyDpXIMkWMyn3oIaYGIwhOLremdRsUNp03DOSE0Qkil1Xvh8ARZ6a7EKylJ2d4ApuGmBztqseHxfEpgUlKPxX+h84La9BtzmnLiV1VI2cd4IIlJXIRgf6HTDy8DS30120bXw6K0uBESHQptRN2v4yA9I59T66cF+0Z+nh9n+sakB1c72DZswss7Dh7v\/WCZb+eBEKyH+n\/x8sUQUDYzGJV5cl5ahTWtm5yB56D801VI\/QszB\/rBNLsiULlYwNVvoQTdZsKiYakVOJXYKUsJNeFxiNau427oWcIahwMsIScodPYS53RwRwBbAEwWWPDD6coxlJsPaubSPct1ohEFZRFPmW8O+mNBQpax9O80yYU44R44ErS3kxnzSmo2w+RxAAU\/LIEkHTk4DVIJK6yThlxB3YeuvbhDYOM35H2YrsxRKkgw6OgUIz9pwLgQt1dSiDHlyxCys0hX0mpGL83TQwpZTLeIq9MVr+JSUefh5SDekKs0YUgU0+0geu5seVlKUcYEdd4hglQrZKDRFK4qBkErbhpvA0AxhxjBoWN2AgqcluckgYk+lNTKgM0kjgFI8F7raGXad\/jjvl0gK7PQF4xM6meoFuwtX9cJfUDVpWK\/rumhjVcbtQkmneCqUVtIVSAedxj4FXFY8I5bo8imqKdHih9gQ5ZwwpJV1tsT7LhCaiIpvT7vMyUD4KcaDAF7p2xnADPcBuHSsNXrLG9uDl4bUd1T0MUqFO1g8qRnwCyrGTm6e9UN7ykFwU4R0BGEPawYjzh\/YQ2ekavMZOOVmPD3hGOXFTqU1U0sl8pg0+gu0MkYpZhgY2VdaczFI0oPb8R\/eBaagnOntSrO5v7xyypKaC+qpe64TRzODER1z1PmzPThGv\/9ExvpAsagEsYZYtdyusumABraQVkUhsqoiuz\/ib37K5ph5F8GUsC5oqpLSBXiJYXHAzxX92IzBk8AYM0HN7BGhHLfklyX8j4fS\/QxrvMgKSXkMTf6QyHF4Ajzl913VbtnjGcdfi+f8D\/IJtG4mRNdqfvq9BfForVSQzVA\/c1HCadO6UaMdDv4Aldr1jESpPG1abFiZpq7CH91kgOj6WssBpEPpg53VmyRO54j8fOEFIzh9k8h0saoSfjfjXw5PUCbuXwQQB8tRzuyC\/Nu1IlfBYOaZSglnORhQe8XHaVD9ih8DrKEwZCf1vm8RMsykUUpaRgFIDUyg5E8D8WlzM94CGTsO\/QWtvkfkNw5Iox2dSXUm\/ETbDP3Q5uV4EK9R9+3YaAZhy5io9dsYvoGQgoHfLfhY4cvk7bVFSZnFeKoogwZmPNWHDiZb0bupho9glsxFxXYmuVAsxHK2phdgA8YaCCSjbqMRniiK5ot2Igq80qEW8u\/sJvC74mt4SA\/TSPC9to4z1\/mHJAEArnfiB7Jr8x0a6mu716nNe47p4kf6eSHLDYQHjMHLa7YQsDkFsbsdOF30\/1HXco\/QAXF8XtxgcUi5Jbpr9LdPZ4JuilhHuTojmwbzMtwYqL73vydQSMuosglSqWr82hN9rOqy9Y3coVs3WxvJ9MWXZ2NRgiQo+8bmrLECoxVx04fRmKaS0XlQyqAplUvfegGyrrvXovMwkhEvINqjXa8uqe4+PEcIbVSefDh8nNA2ojdbDXU8Cau8T38os2eomn8l\/izzvZRbBjtMl8eEhO\/MQbam0kSKai2SoMTRaze2tqPCx+24ZvgsBPUIIZeaZv+ZgqU\/j47gUKPlJ2+71EpvVNg2H8zX5u6HWmBGagt751JdzJkUNimibD\/NgSmLL6diuWbN5pps7+HzI3Xsav5YeXqy2svA4hmCOgEa8UTnFur+fKdVdXlOv\/V54"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1587041677042,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1587041677042,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":42751,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWM6AAAAALAC\/\/\/8iwAAAgQFtAEDAwUBAQgKMISaAAAAAAAEAgAA"}
00433{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":88014,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8FwhAAGwGtHI0ck0hwKgBBgG77Hf6fNLR2z1jO6ASIACfvwAAAgQFoAEDAwgEAggKYRMfbzCEmgA="}
00421{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":88160,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWM7+nzS0oAQEAneQwAAAQEICjCEmixhEx9v"}
00703{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":88499,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex3AbvbPWM7+nzS0oAYEAl+5wAAAQEICjCEmixhEx9vFgMBAMkBAADFAwM5dVF27rKLSF3ZLHW6jf6ecE8+y\/c\/MIkP9CtH6UUE1iAORwAAVmOWcPohT0niCo9N4puGGU7iW5AxxYvHQvC09wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1587041677042,"flow_last_seen":1587041677088,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02363{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":137230,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFwlAAGwGrtk0ck0hwKgBBgG77Hf6fNLS2z1kCYAQBAVAOQAAAQEICmETH58whJosFgMDEGYCAABRAwNemFWNrPjx8U\/n2+1HOnhSXCpnALSFvyfXRw2ICUZrciDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEP8AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
02208{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":137251,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfFwtAAGwGr0w0ck0hwKgBBgG77Hf6fN4S2z1kCYAYBAWzJQAAAQEICmETH58whJosBM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdIP49xIfrfjDvk9a062lCLcDWR7nMSideF7Sue\/RplckxBAEBAH6zAEyUpfFNwqzR7mmhOYufXGc+KPq30VcKIDnpWEwxZCz2OpNChgHJKjPVTQ5EDGCelpa35ZM110cuSF0Wn015y8PlugqZYRvLoVz6fJ6UdKXR5SgVQONGhs7fdu3GB\/JcRY3DO3LPhEFPo8gOI7nUYKeDaBZJ02iftBX0OaHjcaBQG0kTPE\/IofdfYyaOWf6Ag2IxMr6LVaXz97cn90K4hhnEBy0QXrzoDbDxFfOmWoFc72r8b0ZHVtFOpaj3dIiZyMIzopBcPDvxW0P0nb2U0wKlaFWbTnNvZUuhC1MPHmTmPij8dkbUSOhdta0bEasOTIRpplZ1IlyiBxmbNVAOAAAA"}
00438{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":137337,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex3AbvbPWQJ+nzYcrAQD9zrQAAAAQEICjCEmlxhEx+fAQEFCvp83hL6fOM9"}
@@ -92,15 +92,15 @@
00494{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":184001,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnFwxAAGwGtEM0ck0hwKgBBgG77Hf6fOM92z1kZoAYBAWuSwAAAQEICmETH88whJpdFAMDAAEBFgMDACgAAAAAAAAAAAKrgBHo\/OOQWfKLiWv1DSZ7VsgdwrCQ83brRuEYu3dO"}
00425{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":184101,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex3AbvbPWRm+nzjcIAQD\/7LxwAAAQEICjCEmophEx\/P"}
02363{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":186021,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex3AbvbPWRm+nzjcIAQEAAogQAAAQEICjCEmothEx\/PFwMDOsgAAAAAAAAAAQJpxAXFlgGOw6NQNyLgxT\/WQbnFK58fUOQKkdNAS5RydKNY8HzEFuEeAet1NUkUBXLHKuYVABOUmmxk9BmgxadTV\/RKIwYbgskYp8Au1ug6qGwFxJaN+Ox4BVqbjN6nDgIZw8LZeylc2yM2OqpL4pPdpi5U7Qocm\/Ex1IAc2JPxnpZI6Zcab6cRQZ1sT0mb3slH8HhkXkN8w9DZliXVBWUUQAMvBW00kp6vrBzorNtoxB1x1hyQWudtCsv4vYSc8V43+13gX\/zgTC\/jXRIw3RE7fSqBdLDyfoGcu0NxvKMnKtkQJYNYDHrdaGy9bx87US7FPnCk3fANf3h\/fWnlfhNEKZpqyvyHbdUO4iI0MDZtIVs2ZpocOMz+KsJbr1uFywJkG8yjul4XBo6L6ae68NXUqIIkcD19\/eFJn5278MbAh6uZPcsE1PI9r74+JV3K2Sxr7vKJXItXiaUNOoCrhKYGl\/wOAlq7k8zQqDgwcQYhv8r5D4XZGifULhmztXm8+ILd4yDCJWZxN\/LseI9SyvE2xTqt9jV27Ap8FjRfgrtSeU4EyrqJjWf0tCjQQt8\/CLeumf8EqjXZ7WgL26vJN8PyHdaG8xk2XrysHLQeEFUpUpVbsn5z\/R2y2lA3hgF2KApkegZ8tQ3SklLAabJVzWkV2L9XzPrjYtxzyyOaVCl3l2pcwyjSKCPkqvj6ps6Kx0Rs2kGbqk1VfEjcYAbJxhsNZ+6tvkMu0eTBypbUpntOC2QQgt3RFs1WomWmUe2sHbpq+RYF9NOH7\/HsFWxyJuiS+w\/YU09y6AD0y5DjSxKFIi\/xXSz5jlBxo+6UxLr2Bz3OHHAq1ZLXOkcepl0JLkUpAlAQ6lBfsqvGLHUBkj9W10pt\/SgJLZGJ5fcPTJZe5wIdJSipqQio5vBSAq6trCzVsfqWTG8iGlLAHSre5GUM\/FCWxVKBEt9Jv7BrVwzCozKwnO5nZlSyFSlI5fPZtlkLaOM2QMfuC4G7jipn7mgfOnuqmlvsD33chok9nPigNeigKBeyQ9fmcEj9gvJTa8TVwKezKFgzGMak7\/xYB\/L9Gt72bGUBlFrqHcKcYcn606JK06EcUwdJ0As7VO2hSuG9uRMmJ02JocPYp\/0i5clMIzlRZGcjCkOSJMxMJ4UmWbXA4DuLJj2mmnsyT6wfywFkWVcKRwCXd5255UO\/UqrclSzDAijjEWgsN0Ppua1RTtoWqzMW9g+fo\/kLunsvPij5XHVuBrqw3+XLVjO9EZn2lW+kkugQ3scDQ7X77soldus7L9IbFwcc7z2yn2n1rDRPtxdCtHMt2KcfuVih7E3ZcltM7jHjb9VQG5D8dTHlFL2Kd3MHcHnpWcL0G2vFoXObqmEocfEWT+AmFOOKGCAnXmn0u\/K2L8acgiFNRR2DkfncieK4iqlJXNxMANehiPOrKzIh5j9DsIZUp7mQjpFIij9gM6htFfEr9FnEuPcObTNmDekLChMIWsJ+fEDWhU7B396RyQzA0KgZ6udB1Ojmo8yjw\/KlcsjTEek+wHeM2\/ceUNRwqMVM7nhbwiv3vM9IKIMuEWsCowIVJUHA2XhlTQd\/kfmeOSqkj4Ou8iRFRMuNkgHHNwQRLwas6e2FJE\/TQjEx5STAxXhbAKsVhQoh2cXkj9Gl5lTMj5CGVIt+bpFob7jAuhcmJS6FFwEfk2\/2o1yB8c94jCoZyfye2ECQkf78bVYsZEi+hVrz13PQxXJO5P3u4didOBHy4fI4MCRS1KiV6QmCAHl5yQr3WdtIMqT5vQXxCmvYe3BmrHF2\/vVwJg7I2dm8p1xJnmIMtjiqEGmYipeJuLvdC0taL5z\/mI4umSoZh1T2BIvdklHpsoGKl5X+PmrU3d04aJ5QnmiN6U8+QpKw"}
-01299{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_tot_l4_data_len":6429,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":494,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01310{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":167,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":13,"flow_first_seen":1587041677042,"flow_last_seen":1587041677186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5981,"flow_avg_l4_payload_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
02362{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":186025,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex3AbvbPWn6+nzjcIAQEAATNAAAAQEICjCEmothEx\/P5AmATORmFYP7I2nBov1DOAa3ez5VMz+PdmoaUFqueTVtrK6BWDsGuC+wteXP56yloZigSrL1zn5wqAElpR2QDI6BcRTmg8QMRyjfeb4vwyvMIp6ednEyNRLjM9UI61peqgEaKrCeQaTj3cUM+87eGrKl7rWU0WEtwPbfcF0chHYC54dD2eqPaxDrn0SrAZ\/3hM21\/NLwc\/rsCwUd+6z49H0jtsFJA3pEVnc2uFuifTEU8fV+EltPM58dgx+yEMvHIa2yeC\/l2M28MJLAGg\/KzxzqcZUNuoZXBaZ2SDbk27Mm7sn\/iQMWzf4knknVOMXmm2XbL0GfRoj0rOdZoHnh7bX993OeADKhh2oxODmT3lfeobDuVl9dR26Wgmnd\/U7Bv1Fz6v6Itihy7ax4+uA73pZUKIBd5Yo\/mHk5jXqWUkP3\/qqPpmAzdADUEJPaoTDgJHolRMRkz1DyAJ5Z9uJ4qJ+mGy1QD7vxUM2EVm17zwbSraGm7\/xo8l8ntULPYeo3KO5dd02xl9n1TqSIXpFazXZJiXSEcAP1jpS9GLVQOqMr8A4y1O5jXKdIMQcLSNxrJ0WSfh3TfGxNfpHUMmW6fDRxgLvY4yAm9j197rcz9hDiLyzJcAZV9scJNavaz+8Y3nv3emG6MapVINyRXbSoqYhwr9CE5xw\/Cu\/uvrXqBo+Ud3v4IWmBaR4xwkFTtY2kyLJYf6Qxpk7mvxoTPK+ldpJBYpuq9N2CYCYHnEFxyHCxXFmtBDnnqPIKTVVbSICZW3YtZ2+3sxFaQsUMHc3OBuDLid5poF4ghFzlCIeZLXPFRFzpYxoPEniy2M7pHyOkOOQFfUvrtvRmwNVsEx38lNS+6cbyaoetDBPAy3utqb0CthvIr6yxrlodTKlRQRS+2gJVHK1aA+wdmK2joJjQuqzWb19lN0YIhOYeLcWCHBqr+PAoJgTXBLIsk\/5iDmd1R8PZzSPuvJ9Xtbtqs5X+boqgaRmxphDHQ2YCN2ATV4JZXhjQqS5nTwkNib9JSFAX5YV1wIb3Hos0\/DgyII\/Vn19IJsBQ8fUeOAN6I5HE89bje9Nt6VYWR+6q74OkrmxWYpyPQPUzyBZ7l8zAWsB3p6nH+vAqQeUnSoWR3Q2ccJVp20jK9YOqZX32QS9K80Sj6SJ1elFq9LkJC2TC+MRYvbaxiai0NluhS5WcEgvyuMlvB1Im3lLPPBexFgYpMFSYxPZHswwLAHKNFzf+lhB0IcX7UyIAwh6caK0RSTgZ5CVoor+qnesmsUvUP6Fr\/gwSH\/uQyWnPbBtmFOubE+BSf9TeLqobSwWjKnF6fJyMsFMvjxcRhPNO98nUBX0zXnFh1Hqch4b9OIwkLLNX4iRoIQC3KRdSO6s+veoVy9+D7WwJR0I4xC1Om+NX85sI61O3rXfDdhV\/IP5FKd3rqlgbUANCvg41Rb\/3bSZ\/OBOcPlQ+PV8kK\/YHb1d0xKncljiFoGzUHazX5hHApUWCCKyPCaKh6MDF7CVih7CNP7uSo4WcMQtbUgXUvj\/YjlOJoSFeLHVCAq732L0zhE8afzX5SQdkoP5L8CG3zaiJySY8SLPAGJgq2hIoqvr+XL+NO\/b5QaAqccKUSkz300JQPuPh3lQjSQZ8\/5XnsrAydUKvinZg1M69wJkuUdRLAEpEV7rXuiTt6fk9GI9REZDKL1FamMKwrubDExZzQ1TByzcJamuFOABVCVdQ5orB40Ilz53WJ91yOU29DAUJRkFWu5FB\/iQL5\/QcgOFH+Lfs7mS87O4pajt3wpkf4sdsnguwpnxbM38tvtUObvzU9R5RA71\/0ip+jRfq8ZJn+6+qiAkceMaPf+jCAC1RIRDEGk2J9YcqJ7RA6Tty7PCVxlus9ufktP1enuaHhXRt\/YdgEWSvILhti15K"}
02364{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":186027,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex3AbvbPW+O+nzjcIAQEAAFtgAAAQEICjCEmothEx\/PnbPSWryiGzQDS\/oFUBlW8bowjYxMP9iVB1LZDNG9xoaC4GLRUNkCELYmJU4K02gjIvu9srl3y3tjYCayyUnwhCfELIPerCfHTtF9Nz7Xde31fWkQAufe25dxtBq4vdbcJBXxfvUP2KXraRglsYMTPNQAKCPOJTv\/rA52cA9l8PfBkRcFCvU0gQBr\/+XALJwF4wQDCTWL\/TetSwT\/RsgmMKMxhP+ehM7r\/5f6cyhtmVYPQeHmJ3MbymkM6VuFxgQje62RIVYNEmpTLzdI9uZrqDkpzyElVE1YGPCN4G3nib8AzHehlq2EBFPLShsFEAjeq9D6heur1JX+qxFnp1E7C4D546JbHG0eft8cxKfgj+M1fK9Gr8MJXsqCIcQu3QBCDYii8MQ4y8Pk7b\/cKtxEy+Q0Q1HCyJ4Dmm25Iu8qghDIddAish2UFxW7\/C+qda7wgKrE+9+iXpyuXlKBbVSR\/ED7+dPTK8Xs0eKyU6GTXo9uITAj9ck3S9v4nku0XSqhWsvREQlb4vCBrRU7oo3jwyQt6TXXQgp10a3vuiU2CDX8yCcH7155l5ry7VXy4PYMrCTveQYJtAUkuTa5orWzQoUsBToeW6pBg6YigktAJm\/ARWCt0oCbzjhV86sL5sKEgisoVN7n2EYOYAzXj1gOkMdgQKujmKxdbznVmLiRdVp8w8VIjtx5RCyfAltOsDYQGfpGlKygkkscvfgpAIZ9evZmMFP6Y8zir3NWCI3cwLLy20A0UEQ0I+XWOgnYxBYTizgMmOYxYN6G7zkrSn8Ysk\/8Z5Q7jw9nMg1GdkhC9YDT94WxyGXjcItRwWjZEPYOEO32W6quMs16FPwgG+N6ycAgCyrTY0Cn2I2J3JlOMDojejlPa16j9tYoYfLsucILwWnrYYxYZDGXuuiCbIYjrH5zeNgQS0r2UVGFignNnhNiN8o2nueU2N2sgbj8\/vi9A1acTz8Ua+VIHi8XxMlSEV7IX3cxzDz4Mg2I0\/HSVy2ph3\/VlDddmbliDP6h3TW86Lg62C\/uGdSZfALbx8oqo1hOeq9HE0BDq3H4oM3mMCdo7csSDZVSoqhtyxyh3p\/fpbmTbD8hGhTJYbPL+sFzSarPK2QWRJXF\/IjalEx9KyO9X1z2d+TbJkVHyv99+29Hc8jUcWggBZYYHFjBeF9kEs5B1dCfREobsVRPjholcCBRdExkXhm0tkBeythz5DWelDcqw\/PFC6azVGKC7mKqXcFxOVRWY3h87IYj\/dtb13hQIf36szWaDnpsvC2EV5BefktsYN3yX1t9IKLECSAzzFF6+Wlg2DD8XWL\/dNeaQvqRPuA3mQ5wIB\/7+aqqfS0w9ZKGdlGRyBNE3\/3\/06xyQelV1M53oa71uwdl9aMSdmT84qK5vOQcEYlFiFVWf8SSSpch8Skv5VyfMpdj2ToeUkhMHoPcY6wbyIpLPxR89e2u1jCDJJkBTjlK3prd\/BDQ6hiq9wvF6ls\/zF9DLTgkJKgNN2kF152YeenpauZUlkeZ+MTHbU1MnL5QtrPjBmG22aWD+D2eFeIDStsWFqnYEhqU3uJ24dkGCw5aQW1o1QkgNM1jtxyqwafrW+650eE8JygtQjGRv2D0vsDSu+anLhAWXJNymra31+FzOo6obZg2Y1Zt2945tS1NcqpKMEu\/3wpIc328DjsmYXNmyrP276jW0U\/MoxzPu22nU3VNBkEchmC7+H8ndefuW\/c2oahJizzZ8\/VmzGfzbgk0lsn5aQ0TtNvQUBYggMWNAP5oJeHgfwom6zG71DATTtL78SMl9SCALU3HmGx3DSl1\/qIFmAp2TfsSAJezp0WgP07EPyLGrOg1C2LpAkdU1os16JMvMPYdzAKaMgjcHfp29sd5EmfhehI02mz517NqAmJbpDL9K6Hn"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1587041677243,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1587041677243,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":243705,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx4Abt\/TkvVAAAAALAC\/\/\/5uQAAAgQFtAEDAwUBAQgKMISawwAAAAAEAgAA"}
00424{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":255126,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wUlAAHUGi9Y0ccKEwKgBBgG77Hiki1UTf05L1oAS\/\/8DeQAAAgQFoAEDAwgBAQQC"}
00407{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":255227,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkvWpItVFFAQIAAkOAAA"}
00699{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":255452,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD+AABAAEAGgVbAqAEGNHHChOx4Abt\/TkvWpItVFFAYIAA3rwAAFgMBANEBAADNAwPZLPUYRvEghAe9kJUNx9IFhytDuazyHj3Xl0vfJTFFvgAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI6uoAAP8BAAEAAAAAGAAWAAATdGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAi6ugAdABcAGAAbAAMCAAJaWgABAA=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_tot_l4_data_len":330,"flow_min_l4_data_len":20,"flow_max_l4_data_len":234,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":266382,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowUpAAHYGiuE0ccKEwKgBBgG77Hiki1UUf05MrFAQBAE\/YQAAAAAAAAAA"}
02370{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269133,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUwUtAAHYGhTQ0ccKEwKgBBgG77Hiki1UUf05MrFAQBAH1pQAAFgMDF4QCAABmAwNemFWNnrZpaF22Bped6ZWw91UwI3oUldGCaX5R54k8RiCIFgAA2\/RfiviLafpeQF8wbrmKm4c0zQA\/y2Pu6GvQeMAwAAAeAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQAAAAAACwAOdgAOcwAItTCCCLEwggaZoAMCAQICExYACfRizWOR6fGx5P0AAAAJ9GIwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MDkxMjE4MTY0NVoXDTIxMDkxMjE4MTY0NVowHjEcMBoGA1UEAxMTdGVhbXMubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOO+GAF5FB9ACneJsYJqU+PaAkwhs3Pmnh9LB9B35XWkyrIOYraOvvuhrHxhFcxbMuiVa3ke581gm0OvyNFkH2vhqLGtQ51IvKov0oZNIk4rt1kgisStRRDSjUTgKLPQ44s9fKS9qz\/Va1Q2\/LQEZQNYdKcaI2nANY2RmggVm7Aa\/Dx1r4sJ2SJmuRoiN6m9zGBwTorEnL9Q2Qy5FB5\/iaYy2JMNbemS7IbV+TczygQFu\/QwI3ZrqvbUGdtEzDIOU7YZXOmC6UcqvvcY0rIuNd65HCSFAv0X9ivVh0LGDegTyjuqKz68YmBI\/eJFXu94jw\/tEDwiIAZfs4Qk12UiGJsCAwEAAaOCBHgwggR0MIIB9QYKKwYBBAHWeQIEAgSCAeUEggHhAd8AdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAW0mulFVAAAEAwBGMEQCIHebEsXaxq31cmEfhRo\/gehRDe\/E1VvIxKmBjiYm513RAiBg9lvKKuXFDabtrglkBNY11LNgy+HL5dblDYVf8MIppAB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbSa6UVUAAAQDAEcwRQIhAOXf5ZJgk7Qqrx2VlFvAiEAHVXnD3mS7WxPkEHf9oGczAiA4\/Ss\/FGYnu0+Vqu\/igskDlNIA5yQpWRpemVD\/90ZvtAB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbSa6UqQAAAQDAEcwRQIhAOcvU5U2Fi9LD1ckKACgnV\/R4RUZapoJoV\/V8Nkdsox8AiB+s48woDYS2UZcbGfro+s0PlMOsyBbDvpNcsr42cSgwgB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABbSa6UYEAAAQDAEcwRQIhAIBIEv6AY07+qXpuv9wKUq5PN5rdrOhWtdzhJm8jXedKAiBSHHhgI9NvoD6YhCpK3V\/Qif41w296yUSCK7eujn89vzAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFCbjW3RNU09jtsrWbR3zyYhJ"}
02359{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269225,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUwUxAAHYGhTM0ccKEwKgBBgG77Hiki1rAf05MrFAQBAF7ywAAxC7UMAsGA1UdDwQEAwIEsDAeBgNVHREEFzAVghN0ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAjJY5eD13an7Bpx5xxIqIPAsj0wiAkSQlVHG2eWn1U7EMYkaYNm1bcZdbxatFHak6SPpDF\/BFWOAuxpq29sjki83Ws\/tIbRtncE4DVkv23fvgeWG2G8sq5qx4c5qA830fqmXSktLgOpsdgmBaOYSsTY0x33dUHa4NMN17Lj60Gsd3yzeSYx7BQkMQJ\/V8Vdknwzcy4ja6ZEHFlhJa7naHWvheu4dpEV12l\/I7XnKJj3AvK6V0oRh9ztLUCO5SEw\/4IchbkuDrjeM7N7xqdsbAB+zxItuIRkK6NPYNfq2P1YcBIYP\/55E1YA\/2W2kVT3L2yJ3TBXNrhGw8kxGBtYIUDJYcydM9DjdbmXfvOOXkrLnLmQLDNp1UY2giyd1SVy6dmyy4UPGdKMrUjUJxLeLEth\/qlHwMQ78rdVWdoP1WKC\/rLalfyuTCeXW4p3qIF7Av0WcDgkUyDRhNrOo0xzsIbxL1KpcpwCXtJW8Gn3LPsecGEsCzZJ4Oio5x7suMWRhIOATNYjrQKjkP5yhS6WUM11anpHQdizI1hSi0Dsn9iu9KVNBmLjAhQpIWNLvziKckaPyFYM8Jju2yhenSjGdxKE8kwLk8CNf9zLVQ456aLfF9ge8FhSE9Tl8aBpIGGPaqGtl414VBcDE1HXqCtckuHxFFd2OvG07l2FddY0bGOrgAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7"}
@@ -109,7 +109,7 @@
00408{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269406,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkyspItmGFAQIAASXgAA"}
02369{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269473,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUwU5AAHYGhTE0ccKEwKgBBgG77Hiki2YYf05MrFAQBAFxvAAAAQICE3gAErJ3YfnO2ox+\/bwAAAASsncwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTIwMDMxNTE1MzUzOVoXDTIxMDMxNTE1MzUzOVowKzEpMCcGA1UEAwwgTWljcm9zb2Z0X0lUX1RMU19DQV80X0tleUJpbmRpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAEyAX+5SqsGiqoUBRMLbUF1MOQcsxK8kPSKDVxGywx62TXqosok\/w8WIw51eitl2x7hGoq0+h3f95iPllxy7yEMgH7qmedNRiuGxRK+fAa5MH9aVtlomaFyqBArysde41\/HXuL4UW4GtwiAkT5ExgE2wHYEV7T5X03YsAWWM3JKQwMjB+rXZkft+Uk5MWL\/cJto5+yML0QwJr2wL9Ak66bKsuEMnGd8UzoAOAp5Rk0DmxRztNTjl\/lZ2ntFXsAyJALx3q0EDreLw0q2SftDOieUHmNsOvbAPjYsWKtDXayhXR0gqkwAbamSUrmFXf6QE7XDQuHTRyG7d\/srUScNlDAgMBAAGjgdYwgdMwHQYDVR0OBBYEFJ\/ldPQSLwcZJHaSD6SOKmapFFoKMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2BzJtHgcjpFgIBZAIBBzAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4ICAQBQf\/nlSogs2KaMuQIKX+dZl6u\/fN4stOkBATIA+8WfgJ+qNyF20yCllnRhbqa4pd5JTrRYGJZhGA7agazmyim9wGvV0HcHxLLN3oNZBP5gF5jLC0IqxgJEvTiyy1\/1wYRdtr+SpcKNi2ZCac3x7voBvsf3YH\/f1jAp2zQ87qKhRy1PmcUkJdsJR2OnkYNgdR6oPKCsPkPve+qZXjBdfEVjq9duYM1IFFq0MYXUlFCy8YhnxEcasx4mCnA6B14O98ewaSZZhGaP6Py\/67LRhuWf36qXptvXI8bFJZEld25A5aR+COHvYWrlWmmfie3I9YEeDGTVodHmHxesLeBLQQmxpuZgnJ1eZYwSS2g4bPN+OSonsgPlHLzmBJcUpzxJl3mgtcjyN+2OgF46A4V1ENucCVGdLYjsbo\/kk6U7V0KiqERMGjIUeUVMt9tfNUf6xYXUsVOKsIfNcAMbDiCO2hf6q+1nKxCJw6p0qsB1ANlzJi00XH17tvsddvABkR26jQRxWpc1ck4l6ErNYoE186dUnlcdlKjaIHU4jQ4CS6fS1HuZFQD6VdPpfAFSv8BxzC46PHD4wMhUHF2gx9Kp9\/ATrborJ6OxeXVS1Ba+IQzGX6MpVsGiH22VzumR7tEvftwy0MX7pfN+X9yHBrJmVvFG4s6d6wUOHM9cT9DziFvLgAwAAWkDABhhBE+RAXC\/Xyd7UGeindq9xlq2qMKybD1FvF7NS0Q4Wnqgy+n0khMcobgonh6xbfdP6E2KVfyXbwTlraeuMDOGmxneQcHBifND6feNrPEleiAvyZ63CqEHXbuSCiAa5uZ0\/wQBAQAuqm4B5\/bbJuxzQ4HWtDDnbGvzWU\/SbPr4jUYJusk\/mOTB1TEHVi7Ysu5R"}
00706{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269476,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEBwU9AAHYGigM0ccKEwKgBBgG77Hiki2vEf05MrFAYBAHfiwAAXmhm9FMI3qyjcnWYHDq5pJXe5LxxQiXcS7F7UMWyodFmf0Y2n4UV1oaptfAq62Mp0hzP0jkRR8Koy5NnpWVYjEEaobvfceXcy2e5kVF+mgUEbNMUUEHK0j5oyhuvhNYbp2ZSRS2srlEhhTZPrqPsdetHCr7lhX+majSPjB+X\/p7T24uO+LOMiS\/yeCk67d9qdVGcdwSOZ342Z1h4dM\/m4hrDY2zgeDXbNjB\/GfFdIsk52m7C1N7zBwfS2ftaTTJLXZDO0benj1Uao8znBEwW3iHOavB0DgAAAA=="}
-01050{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_tot_l4_data_len":6515,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":542,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+01061{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00408{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":269547,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx4Abt\/TkyspItsnVAQH8sMDgAA"}
00623{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":274350,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"EBMx8Tl2KDc3AG3ICABFAADGAABAAEAGgY7AqAEGNHHChOx4Abt\/TkyspItsnVAYIADFvQAAFgMDAGYQAABiYQTxgotmGkb9FcH5FUJAmY+IuSsOw5d+NiTKNDdr8gMKGCiRz+OrN2usCVeyQuJ2hYG0lEs1BP4wAxS3bfPvL9r2KEGBZkrJHYatnTVZxhAAdnXdPSdHbUfx19ZFZrZkHzAUAwMAAQEWAwMAKAAAAAAAAAAAaIoAUkcmslIl15A1c+bAL53g4S7Y2eLaeTpGpoRJasw="}
00415{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":285008,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAowVBAAHYGits0ccKEwKgBBgG77Hiki2ydf05NSlAQBAEnOgAAAAAAAAAA"}
@@ -119,17 +119,17 @@
00779{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":422728,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041677,"pkt_ts_usec":611261,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1587041678029,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1587041678029,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":29919,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
00435{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":74133,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
00422{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":74233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
00704{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":74525,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex5Abv0H+uPO2V4UYAYEAlkRgAAAQEICjCEne9hEv\/bFgMBAMkBAADFAwOeU\/FfLHrtrdCBVUwx+w+ija6LF0MoHL44Af8vhwR8KyDASAAAvuo5mSGLHTbLJlo\/aqiaHVmeYbbWtXIqS6QEPwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02364{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":120796,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKldAAGwGm4s0ck0hwKgBBgG77Hk7ZXhR9B\/sXYAQBAVKXAAAAQEICmETAAQwhJ3vFgMDEGYCAABRAwNemFWOOTYxM1NwQpKmeq910c4Y3+sTj8LkGeyXAZo3KyA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFcAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
02359{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":120831,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUKlhAAGwGm4o0ck0hwKgBBgG77Hk7ZX3x9B\/sXYAQBAXWRgAAAQEICmETAAQwhJ3vLnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00422{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":120910,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+xdO2WDkYAQD69magAAAQEICjCEnh1hEwAE"}
02214{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":120987,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfKllAAGwGm\/40ck0hwKgBBgG77Hk7ZYOR9B\/sXYAYBAVgZQAAAQEICmETAAQwhJ3vBM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdICEPGiTacHJnq6PrPlvxEoSaCKiLlyOZHNbVkDzqi85DBAEBABUbcpY7flrxlEmvDQF\/IYHc9AdP2GVXd1cOX\/fYXfT0ZSgvuD5sBNK5kL95opARYfACknMPnR9YPrMt4drq5G4D+3Cq1bWVzdWq+Y6vcG7\/6uyH6ZztbTHWxMaRhLpLKLYHjPBw59DsssnYv\/Xsw\/X07nCzjEwuAfVl+DdsaTEacepOIpFcFqQOg6LM3hKoP+z0mamxSI4\/NqdwUUBwZts0zK8YKpE9AzWTPuNF3\/jzGJyN2ecuBhwndtaTM4BlK30GTE3PBMfPZH0YwgA+aAeOVv1qWqnYS2k6eM925BUb91FnctQbP9V0JMtxgrqfeLE8JKM916dg0kOffJQ5+7sOAAAA"}
-01298{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_tot_l4_data_len":4685,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01309{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00422{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":121021,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+xdO2WIvIAQD4ZhaAAAAQEICjCEnh1hEwAE"}
00423{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":121060,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+xdO2WIvIAQEABg7gAAAQEICjCEnh1hEwAE"}
00551{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":122107,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIex5Abv0H+xdO2WIvIAYEAA4KwAAAQEICjCEnh5hEwAEFgMDACUQAAAhIP7RpoO5uqiByuxIuFaSUf7cSQPUqY\/bPrLjbKhyQYw0FAMDAAEBFgMDACgAAAAAAAAAAA2bwhqRB70JhCC7tK0J+uT0p40fntt9Ofuwu8IMPAUS"}
@@ -139,63 +139,63 @@
02360{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":167016,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex5Abv0H\/JOO2WI74AQEACuHAAAAQEICjCEnkphEwA3J+mKwXvMvO8jfyhEiq4VtBb0DtQ8isPryoapLKM2XxbLPC6pdDIeSIAwXVrF08zI4T\/yzbSkl9w2wMdC9g5YanKAuHEJ96oJyzuW8ReCHP9aLsp3AvGfcFqr\/AnF9VVhOFq\/aRGmqk+ftx9jHdFU7La3MJMRb0FAF3T0NoK6lMgh5JFfDyD4hClVL5yUd7aJtp\/onXnRAa3qXgrkuXwGo3gZ48T4YkBKLDFE7gjiqjFf0eqMm9d3y\/5JC92l1H1VpmEqAyLCIMZaQMErwXfU1AYMA64uvLVUxAnIwfzRexoX0U2ADCPeuV\/mrPM53OMkHlBXAbkr5kUpoZm1eVvF3jIjXmNe\/z+ZFhNbqSPwbpCwaiOFHtP4jDPCs3tUv+5tvPiiwBsoYfAADbsV7YWtp3iMoQaIAzXk1hMy6dQyPBAmA4b5mjKDIYUpZUVoCYV9fCCOmc1+f2E+BwBcp64ChwwzDGaENNLKxJN4hT3pR7aU+3srTUfZMRKTJe1UsGrFb9EmBcniDvg2fqh0KZ2Cj+Gud6xZ0bg2lr7iBFi\/j9ppWYlKwg4ODh+6QMmUTVJ4EqZC73H57nN0fs99Zuj1JdC66ebUny3bRweuqhkjmQgtftv8QBwRZ3vY47iMSUjbmytbduip+HnI5bcdv8K9xn40cmub+pon2DZ5i\/GcvZcenP5xAk24ssyosJuV8AUUlVJcz5WvzOzXbxUgiQ0LU2Co9fA8TxSQ8Q+BDIkoaZYEc3pYEQiM+b1lRmL4RcwRifMmkZOH2xx\/MXNKGpj2mohaUHSGAnu3jAKS6WmRqhrtcWAfEwlirw++SKoF0sshMtkSYFloGaFPFrPf185KwWATOK2ym83A5870DeQoP1eSkY11vx+ExqyySQiBkyYHtB0tiUi3COVsrybNI5EOQtWusiWFkAogY9yUXBpb4qyPbYczG0iKPISEJzUs81Vt2cdNzBP9Ty8Js14b3hHM2LUD1jH6IU3rQzokQPA226onwObbu1tv92xfMnnzHmB4iS4+kImvhQmRJyCqa1wbpLaB0waGh8MzKMNZGKvYESQV2\/n76KYiG\/n3daltozEvfLDBzW1VUGVqb67PDdrQD3GtB+bI4hwh8ogEBjOPM+MhgRK3LtFt0yLF6WfkUC21rlb0dk\/Oi2Op4f3w0wnwZmxNY+tx+wivYeaTkZ5dsYZ2DYApsaC8u\/9\/Q55oo\/k1bP4S+AuBjJqQFJhtVTCYOlsBugmKaW\/Sn3qRnKgAfkDwKQzpDLG0TqHPlNC8+Exy2AkjcHLdA+Le2hti3+MrppkdHEVaXvgcDQKEs8a50VgUKuIg8y9B1E2CWX36+TsEBekAUraAkyycxjYB0CifaBgJMR+f55yrMKmjlscjkz4m6LjYf5LnAYpa3scIIubyJfeHm0CO+CFKix8I9MUY0sxEe9a\/aovbisEaJWGIPnGKHRhPzl5h2Z38meqwh3+UPL2Ji+RM6cMJR2TvAktmDZjmYJ20Yybxpmiml1+vvcshqo0tdulUe78IAbZ\/l\/9PpFVPcC04jtq729NZ8R6bfZ0VmDXNNukN9J8i9zZcGdeQawz0JJUtS1bIDmGCU3oEyQUjhxBAUz9IWNRH35l9TnleE\/PoX5leE4tV2ZpXqs9rR7Sc5YeC4b71Hstp6sXnB8LP1Y1G\/XziMvq8MeVQ7c8qG8Q9SG4yrwFHt7zKwecAZVHul2jyRRdhYST1LfwPeBZZFHzRlZ3CFnop787FACRzaIejUFmCCQX4RLM8JGSvJ4INFYGD\/pcSHF4qGDCxi3nE9IzvoWNnWITCqzw9On3dLEvIzswSbSPIJJGMr3mrNRyRzyvMDpb9ExgUN7\/GYVNu1m93zfuqwKJAI1pW4XeXckO+wZvg3r\/+NEz\/Sx0hTRHs"}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041678,"pkt_ts_usec":611338,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":59584,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1587041679059,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01055{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":280602,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBKZoAAEARjaTAqAEG\/\/\/\/\/0RcRFwB7XmveyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01051{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":280885,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":406816,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","type":34969}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041679,"pkt_ts_usec":611289,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","type":38}
00447{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":62816,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00522{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":74798,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
-00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00886{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":216814,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/44MAAEARlesAAAAA\/\/\/\/\/wBEAEMBa5dnAQEGABWCmMYYtQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1587041680294,"flow_last_seen":0,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":68,"flow_max_l4_data_len":68,"flow_avg_l4_data_len":68,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":664,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1587041680294,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294054,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
00407{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294170,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
01902{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294649,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
00407{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":294680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041680,"pkt_ts_usec":611341,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":218709,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1587041681218,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00530{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":248693,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":55,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"ConnectivityCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
00385{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":407197,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00148{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","type":34969}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":611328,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00145{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":714331,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
-00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":61,"flow_min_l4_data_len":61,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":714835,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRU9EAAP8R5HLAqAEGwKgBAfaCADUAPVgfcugBAAABAAAAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_tot_l4_data_len":61,"flow_min_l4_data_len":61,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":866,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1587041681714,"flow_last_seen":0,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00610{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":744695,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC9OkBAADkRg5jAqAEBwKgBBgA19oIAqQAAcuiBgAABAAMAAAAAB2V1LXByb2QHYXN5bmNndwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAvAACoVYXNtLWFwaS1wcm9kLWV1LXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsABoOd2V1MS1hcGktdGVhbXMIY2xvdWRhcHDAZsB3AAEAAQAAAAoABDRyS0Y="}
-00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":61,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1587041681745,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00697{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":873,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"eu-prod.asyncgw.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.70"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1587041681745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":745719,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux6AbuCUaOxAAAAALAC\/\/8ErAAAAgQFtAEDAwUBAQgKMISsLQAAAAAEAgAA"}
00584{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":754842,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"KDc3AG3IEBMx8Tl2CABFAACo\/M1AADkRwR\/AqAEBwKgBBgA1x1kAlAAAiC2BgAABAAMAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAHADAAFAAEAAAb4ACQPYXNtLWFwaS1wcm9kLWV1DnRyYWZmaWNtYW5hZ2VyA25ldADAMgAFAAEAAAEsABoOd2V1MS1hcGktc2t5cGUIY2xvdWRhcHDAUcBiAAEAAQAAAAUABDRyS0U="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":46,"flow_max_l4_data_len":148,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1587041681755,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Skype","breed":"Acceptable","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.75.69"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1587041681755,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":755860,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex7AbtPkLhOAAAAALAC\/\/8ixgAAAgQFtAEDAwUBAQgKMISsNwAAAAAEAgAA"}
00435{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":772449,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8MUxAAG0Gmwk0cktGwKgBBgG77HoxlVjpglGjsqASIACccwAAAgQFoAEDAwgEAggKVud31zCErC0="}
00423{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":772560,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux6AbuCUaOyMZVY6oAQEAnbCgAAAQEICjCErEZW53fX"}
00732{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":772814,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":292,"pkt_l4_len":258,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEWAABAAEAG+HvAqAEGNHJLRux6AbuCUaOyMZVY6oAYEAmUUgAAAQEICjCErEZW53fXFgMBAN0BAADZAwO+LJEVwOHGYhKiVcLvt6A9rXWEi+VY68GJ4Pnee\/+sYQAAHLq6zKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACU6uoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjq6gAdABcAGAAbAAMCAAL6+gABAA=="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_tot_l4_data_len":374,"flow_min_l4_data_len":32,"flow_max_l4_data_len":258,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1587041681745,"flow_last_seen":1587041681772,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":226,"flow_tot_l4_payload_len":226,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00435{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":786454,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PqJAAGwGjrQ0cktFwKgBBgG77HsaOOK2T5C4T6ASIABGlgAAAgQFoAEDAwgEAggKVN17aDCErDc="}
00423{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":786551,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLhPGjjit4AQEAmFKgAAAQEICjCErFNU3Xto"}
00714{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":786764,"pkt_caplen":277,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":277,"pkt_l4_len":243,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEHAABAAEAG+IvAqAEGNHJLRex7AbtPkLhPGjjit4AYEAnBuAAAAQEICjCErFNU3XtoFgMBAM4BAADKAwNa\/jUh9W55wUB0tnlMq1eAEhrPfTr7oU\/DtVhV\/8e2AwAAHNrazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACFGhoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAJ6egABAA=="}
-00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_tot_l4_data_len":359,"flow_min_l4_data_len":32,"flow_max_l4_data_len":243,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":882,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1587041681755,"flow_last_seen":1587041681786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02367{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":802258,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU5AAG0GlW80cktGwKgBBgG77HoxlV6KglGklIAQBAXbeQAAAQEIClbnd\/MwhKxGsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
02367{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":802287,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU1AAG0GlXA0cktGwKgBBgG77HoxlVjqglGklIAQBAUZCwAAAQEIClbnd\/MwhKxGFgMDF2cCAABVAwNemFWRvAfOxj\/O2LS1GvKbLbSBGZz8VXg6KCdxioXd2iDMPAAAuPt+tyjvNYKaxBUbB7raSosgkzWm+0YaVQadbMAwAAANAAUAAAAXAAD\/AQABAAsADooADocACMkwggjFMIIGraADAgECAhMtAAND9wESkm\/sd3ORAAAAA0P3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xODA2MTIxMTUyNDVaFw0yMDA2MTIxMTUyNDVaMCgxJjAkBgNVBAMMHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9uZE6YVmzh1ro\/4d8Zo+mVIUEDaUviyuYUeJe2UcdHKsHDSUdTQ273GJngjGhgUHAMwvq9w4DIyOUBwcveTFYCZWzVANdRsFsD39nLpXp3vseB5VUXnmXJq29gPKyJFpkrbimMnnEOki7t5nlA9Z2K+wtT1X+Z4mAoJsSkScanGPxLU8tNcdirpZ0\/tvH70adSNM5iFxsRFLblVIdVrqSBeeNgafOdZlIIGOv9P0ABMY7kxYKnw7S8oGlbB3U6ETluGBbgY1c8n6n6\/5011R8Q390xb8uiX78WpVL6NRdD2McwEdmJZUS5ppX\/9INS5YdaB\/lVrmNtlNRMwIco6t6QIDAQABo4IEgjCCBH4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY\/PgldcAAAQDAEgwRgIhAK4F5+xyAZ8PgWPavtk6ktZ1Mdq5zCcDAj1dU28RQakyAiEA4DkHuRE6HiTW8RE5rf\/suuvGjdxWguIuLXIbKDGvcIwAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWPz4JSyAAAEAwBGMEQCIEUKuHHg1cOu3ulDL23MIyS7vGphefBcWA43AQQTjyDEAiAwpImJzpyITltxVu+5E9RI6mCB4HmB+34SpNIgXnX3UQB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABY\/Pgk\/MAAAQDAEYwRAIgVkQLEK+aFME4Hb3costoQAwcLpeeMRkWlMpAVlvVKYwCIFBaS7ZLwxVX5ANaQxIs20s7ccOU9sO75sNDOPFjUiVzAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFj8+CXzAAABAMARzBFAiBcPX96Y\/KYUQsVX6QdJU7x5hxNzu6nSgTjsrM4Wi0KDwIhANsnPYmqBlSVUmPKVKXLbePowV4E\/X0udEs\/42bFhpbcMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUC8G3iHj\/iQZjMtUq"}
02380{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":802295,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUMU9AAG0GlW40cktGwKgBBgG77HoxlWQqglGklIAQBAUxzQAAAQEIClbnd\/MwhKxGUEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDCTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1LmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEAPvLPMKV6vx5q3zlYGCg8w53u54HFS\/xn9r8fTjfa3vCv7or5A3tgZ3THO9r\/K0rr\/VR1E4vlwoESulISILopijrNQyTM1RcF\/pwWP3PgbUHAdj3yq0jFWWJkukRPChiCP0HqPxg6WOegMFd19dFqMRS2lJll2rboAd7kq\/u18+UZChhfpAJX3rZcJm9z\/i4J9QhDxA\/HJH+dKGdlodxb8Dr9+HCF56VPJN5CPx1EO12FBoUdHhzU2U5R5P0eERbMngDZlxqX42XHhjUbU3a+MtEsQUlLoz6TDFt3VwcwPDWLjNFpoif6VeirnRAe0RffumyJ08lb1wuUiKnYtJXXjhYABysBAAcnMIIHIwoBAKCCBxwwggcYBgkrBgEFBQcwAQEEggcJMIIHBTCBx6IWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTBgPMjAyMDA0MTUyMTU3NDhaMIGbMIGYMEwwCQYFKw4DAhoFAAQUKYX8YT2+L7ASD15CDkyew9We\/XwEFAj+JZ906ocEwry7jqg4XzPG0WxlAhMtAAND9wESkm\/sd3ORAAAAA0P3gAAYDzIwMjAwNDE1MjE1NzQ4WqARGA8yMDIwMDQxOTIxNTc0OFqhIjAgMB4GCSsGAQUFBzABBgQRGA8yMDE5MDQxNjIxNTc0OFowDQYJKoZIhvcNAQELBQADggEBAIqBVwyEEXU6DdYDkoqozQrVQ3FRKIupPdre3a2OvDuPW67S6m+tIdeZ+Zw9LPj+fsyi8jf2W8ZWZc4ClcyDblg9\/4QFNtwVQXl\/inU56UYBHMz0qJ+TlvszBwql1\/mJBV01cH5ActofnFMnyNGINyReu+UvHJO6dh1AH4X4rEowHHpl+4s\/zexMBK1xfIDEwT\/2vFdefuv46V0LNIY8NDUYTnWXdDZPMP9v2chYYDkVgXP0Tvyu\/anOPVEkkZ\/uySkMtjbbQW5NAC934A6s58ZNbyf\/qkweMbyXW5vDLaf7E\/7QvopkhMOF\/1Jz"}
@@ -218,21 +218,21 @@
00712{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":819550,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEGPqdAAGwGjeU0cktFwKgBBgG77HsaOPk3T5C5IoAYBAWlfAAAAQEIClTde4YwhKxTMVWY2KoM3UYNmUH53VfnFXQ7Balll6FrwjaWxkYmpJt0YQsGfB6o7My7usVjRo8Gl8LHEn9yDr8ZQjiqXpWCxWD1TPA5JGPQ4rki4qwn2LQnW1Z8jDbbG2rCsSoIsJ13reEorAWYQD9lgY7u6NhKhQivxM+NrK3lC10+ksRahXbaAed8F13P2B6X6pzJCA3sXXJy0ubM3rtfZ\/JuagHOdHC6t5DukWhpcRN\/gb9\/\/aLYdj+03iV+MEje6vELnhdfMDQOZ6uyxdS\/Ox2Q0OUOAAAA"}
00424{"flow_id":19,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":911,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":819590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex7AbtPkLkiGjj6CYAQD8xtBQAAAQEICjCErHJU3XuG"}
00597{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":912,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041681,"pkt_ts_usec":820604,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAG+ODAqAEGNHJLRex7AbtPkLkiGjj6CYAYEAAfqAAAAQEICjCErHNU3XuGFgMDAEYQAABCQQSp\/xAWzX3m+GIpNYZNVd0zA6MTBbdTMGVEx0p1jU87SuX7JAy22e1aGg2H\/gasj5M3tBe1eXKbBJ6jddJBRYpYFAMDAAEBFgMDACgAAAAAAAAAADSGNV1DA1tmj+MfNOrWBiBzPkbQyCVjLR4dzDxIj2ac"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1587041682076,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1587041682076,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":76700,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/cHAAAAALAC\/\/+l4gAAAgQFtAEDAwUBAQgKMIStbAAAAAAEAgAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1587041682077,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1587041682077,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":77081,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VLAqAEGNHJLRex9AbuFeblcAAAAALAC\/\/\/qlgAAAgQFtAEDAwUBAQgKMIStbQAAAAAEAgAA"}
00435{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":106830,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8XUVAAGwGcBA0cktGwKgBBgG77HwdJJF2jIP3CKASIACM5QAAAgQFoAEDAwgEAggKVscEoDCErWw="}
00424{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":106937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V3AqAEGNHJLRux8AbuMg\/cIHSSRd4AQEAnLdwAAAQEICjCErYpWxwSg"}
00736{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":107386,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEaAABAAEAG+HfAqAEGNHJLRux8AbuMg\/cIHSSRd4AYEAmCtgAAAQEICjCErYpWxwSgFgMBAOEBAADdAwM8bxQ0whreuqvYvEztjLrW4PBGRpjuL7egzSBD9aU3vgAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACYCgoAAP8BAAEAAAAAKAAmAAAjZXUtcHJvZC5hc3luY2d3LnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABgAGwADAgAC2toAAQA="}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_tot_l4_data_len":378,"flow_min_l4_data_len":32,"flow_max_l4_data_len":262,"flow_avg_l4_data_len":94,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1587041682076,"flow_last_seen":1587041682107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-prod.asyncgw.teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00435{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":937,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":108320,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8CPlAAG0Gw100cktFwKgBBgG77H37toO1hXm5XaASIACQKwAAAgQFoAEDAwgEAggKVQ929DCErW0="}
00423{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":108400,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebld+7aDtoAQEAnOvQAAAQEICjCErYtVD3b0"}
00715{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":108566,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"EBMx8Tl2KDc3AG3ICABFAAELAABAAEAG+IfAqAEGNHJLRex9AbuFebld+7aDtoAYEAl5vQAAAQEICjCErYtVD3b0FgMBANIBAADOAwNRm85ZKo2j5rIUIlemfdLsNPrk0mWhHKlhPOh2TLU7CwAAHKqqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACJ6uoAAP8BAAEAAAAAGQAXAAAUZXUtYXBpLmFzbS5za3lwZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgAGwADAgACmpoAAQA="}
-00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":32,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1587041682129,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":939,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1587041682077,"flow_last_seen":1587041682108,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1587041682129,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":129643,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIVE8AAP8R4\/3AqAEGwKgBAcFqADUANJ5TmvIBAAABAAAAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1587041682129,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":948,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1587041682129,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02366{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":139467,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUdAAGwGanY0cktGwKgBBgG77HwdJJcXjIP37oAQBAXL3gAAAQEIClbHBMAwhK2KsYFQCvPTWcgwCwYDVR0PBAQDAgSwMCgGA1UdEQQhMB+CHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA2X\/om4H+4\/cR81+swhscxS+n0lRF6\/9QaS3UJkZbRbKTCin3OgcYqSG9pYg6G1+1K1UtTBpsolwlA3Wj42xE7Uv4QpgEXC5f0oaTcFK1me59SUtzp5qGDrwX6WjG8Ktb6uYB5gEczE7C4PC+CFPM3paTb5H5cy9SB3sXBctpW9JL3Q4jgLf0RmKI+tU\/yzqXGVuQXEGhEGBnx2gx7c5jv9zuJnDG+h+fy0tJ8oKxrnU3\/YDtE5a8Gc9riCos64k1IwawJ2ex5sg6EIN6aZMm7jlbnY0GaYkT3Xzq9y\/pq48vIUbUNujVUDc5\/R\/SCSk\/dzf6G7\/xO1H5cZnPEC40ThKUvhXFO2qUKIhsUCjzJG5EdSNtcUv8eCyVsfCMB7dRsifQSwSDmGmM4n\/G81i0O9M4b2XZ+YaSEgJZmQx7Uh5AdoOqwYq2SqBhAihGJdwH2XMq283yNTDRqqo\/WVv2tQAJnjORm59j1r8dDWyuUfRzmyA\/balmQRC8\/yMgQswTFwP1y97tt4lyNjydBDOIBJv2TudKgtjqTbU59+fWu1pBkJP0+oPi5U7f32J4ZwXrKLU9tbuRaGYpYaW\/H8\/s8ycG4tlrTfTYH+M+FW9Y1DTTSC08bOYNW3zgFB64XvsPWTwevXfQWad0gfn6zMKIffJ0Woh7B4kndlMdWD8PoFQAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4"}
02366{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":956,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":139500,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXUZAAGwGanc0cktGwKgBBgG77HwdJJF3jIP37oAQBAXx1AAAAQEIClbHBMAwhK2KFgMDF2cCAABVAwNemFWSaFVRkCOJc9DstYMfC08iAySbs8fPN8bS7IioNyBmSgAABnBrPYmSUv6UMChNwK9m8a4QGJY6Yy\/tWe+U9sAwAAANAAUAAAAXAAD\/AQABAAsADooADocACMkwggjFMIIGraADAgECAhMtAAND9wESkm\/sd3ORAAAAA0P3MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xODA2MTIxMTUyNDVaFw0yMDA2MTIxMTUyNDVaMCgxJjAkBgNVBAMMHSouYXN5bmNndy50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9uZE6YVmzh1ro\/4d8Zo+mVIUEDaUviyuYUeJe2UcdHKsHDSUdTQ273GJngjGhgUHAMwvq9w4DIyOUBwcveTFYCZWzVANdRsFsD39nLpXp3vseB5VUXnmXJq29gPKyJFpkrbimMnnEOki7t5nlA9Z2K+wtT1X+Z4mAoJsSkScanGPxLU8tNcdirpZ0\/tvH70adSNM5iFxsRFLblVIdVrqSBeeNgafOdZlIIGOv9P0ABMY7kxYKnw7S8oGlbB3U6ETluGBbgY1c8n6n6\/5011R8Q390xb8uiX78WpVL6NRdD2McwEdmJZUS5ppX\/9INS5YdaB\/lVrmNtlNRMwIco6t6QIDAQABo4IEgjCCBH4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABY\/PgldcAAAQDAEgwRgIhAK4F5+xyAZ8PgWPavtk6ktZ1Mdq5zCcDAj1dU28RQakyAiEA4DkHuRE6HiTW8RE5rf\/suuvGjdxWguIuLXIbKDGvcIwAdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWPz4JSyAAAEAwBGMEQCIEUKuHHg1cOu3ulDL23MIyS7vGphefBcWA43AQQTjyDEAiAwpImJzpyITltxVu+5E9RI6mCB4HmB+34SpNIgXnX3UQB1AG9Tdqwx8DEZ2JkApFEV\/3cVHBHZAsEAKQaNsgiaN9kTAAABY\/Pgk\/MAAAQDAEYwRAIgVkQLEK+aFME4Hb3costoQAwcLpeeMRkWlMpAVlvVKYwCIFBaS7ZLwxVX5ANaQxIs20s7ccOU9sO75sNDOPFjUiVzAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFj8+CXzAAABAMARzBFAiBcPX96Y\/KYUQsVX6QdJU7x5hxNzu6nSgTjsrM4Wi0KDwIhANsnPYmqBlSVUmPKVKXLbePowV4E\/X0udEs\/42bFhpbcMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUC8G3iHj\/iQZjMtUq"}
00440{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":957,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":139578,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+VHAqAEGNHJLRux8AbuMg\/fuHSSRd7AQEAkmRgAAAQEICjCEradWxwSgAQEFCh0klxcdJJy3"}
@@ -248,20 +248,20 @@
02374{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":140679,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCPxAAG0GvcI0cktFwKgBBgG77H37to72hXm6NIAQBAXTOAAAAQEIClUPdxEwhK2LjSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gWAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUqShwURmVA+Jp3zLm2A+QCVyZqYAYDzIwMjAwNDE1MTkzMzA5WjCBmzCBmDBMMAkGBSsOAwIaBQAEFE8LW9m32q+ftvNjciJ21uGVriYpBBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fQITewAE4Lxi6ctlZLvhngAAAATgvIAAGA8yMDIwMDQxNTE5MzMwOVqgERgPMjAyMDA0MTkxOTMzMDlaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTMzMDlaMA0GCSqGSIb3DQEBCwUAA4IBAQBJ3b+j9b9amWJnAoiCkmf2UNIwgNLUYY7i2oIxOcCe4FwtfKqAknYBXLXDmybtzIEQGc9zVWPgZbClw+Dn6abFkbXSG0mhM4QP5D5MQbVxhe7SgYoYVGwkJbmRpd4grc+7uBTiXMgAxBCB5kUsxvRwqLqgwU4Ain2W6hQNvDRMAvojfSg3lYkOFvlf7bcTwOK90BIJGU11EABEc5brrKndHE9hje0klAXbzMZTL8AqrbgnzOZi1rf+0+Wq4RUDesXv6I1AJt7EoKj704jMo9fFhVZPD8osr0ZocAW0OSf5m2CQ\/UMENY99jq5D1K0ZM\/O3ik40uY\/GyUUQa5PIKgTroIIFIzCC"}
02368{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":140795,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUCP1AAG0GvcE0cktFwKgBBgG77H37tpSWhXm6NIAQBAUnjQAAAQEIClUPdxEwhK2LBR8wggUbMIIDA6ADAgECAhNhABSap66sLDo2qRdOAAAAFJqnMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0yMDA0MDIxNzEzMzNaFw0yMTA0MDIxNzEzMzNaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfMV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1maDM3NHgdAGgJqybRrmWKqSKKEAYvfdrTYPfOpI9FRrz1yFR14GS0e4UDB2rKDlnKsuo9ERf\/Qqpm4JL8SvL0pujmn6ZoeGzO2t5TqMTECkWob1tiLQA1JYOA8RRLKv\/6QsvJzMX0qMbFHNBo4sgrAXoMuWjZcqWxH4fyrsBZdgc0mwpuoYVkD1vOmNWzPZMimjQN4cSMkWQA18afJyhp3Zot3K0OwDCe+wWTKimBMVYuYulSV22tyMOegkWJc5sufvpl383UKGyEuZphpcLBxNnCardIA\/ZTccdHp9K8sF+mKwepxetf1cMDzSEN\/\/lScMw9vnX9v5H8JjKrjnwIDAQABo4HWMIHTMB0GA1UdDgQWBBSpKHBRGZUD4mnfMubYD5AJXJmpgDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAgtIw1XGBca6Erz1OvszgvoWacr5GZbPwH0ImFUkqlkKLrDGX26dw78f6py5VurHJyseUPcKNiqot0YVSXUymap0K7zktMxei7OfRzxrEOStMFRhf4eEHV\/O7\/AyBR9FkstJwucamtnpDISZxXPW9rr05PkrOTdnlVyrAOCoYfaDnEQ+1xPoitDay0pVcsGYu77BrbIohKzTwrNEliVrRyxHwimvvaHfJEeI73Qw0xrKz5P2CAjjq+NS3oq42ShzO\/ZCeXkJIIQxSItMiM\/KixA61UUs2f5UNuYZUE81ffd5fJNZDPejQ32czGjgspCbvyvnAED5O\/ZqaA7YQYaq3nSRcyP4y0KOHUNeWrapkqf2VGf9QXuHcfDAhUX30IdVSnvu\/CLNrMi1Rc\/CZt9f0sLen3IGaj7ifKeBfINsKUj7Utkgl6EdqdMZrfLLmiG6+Y3\/KPyWJtGfIZM3e6ZY5B2wRzMrYYSNTP1k2g+IB3vv\/TAkkF6yAhm3Pz+d\/Rl+lIDcAaXujGd1t6LMRqDJpYUmLJDdwfzEcDT63DedYHw5CsMOyixyuwnidRlHASQQC1dmeOqRbV0dQxUDR0kmGy1yLAB3YKRexpVCttjSYvsbYbEtKmpQHIQQ8GwjWv4W9qsYbbo7PJWc0DNh7tJ43lVbs0jzQ0ajpeayGRvxpIogMAAFJAwAXQQTQoJYD6g8ebuDYZ3TNfiyX7B1Telgu6tp3m42naMlYmauJOKphc\/89F+xdu1RR0YKKWJ0SE4nRHS0ZUXLkE6DcBAEBAEIZWso7nL8yIcjBEQboGQnS0F50lXsOAmMHksMjMesG+hWHJWLYFLv\/CyhQ509vz1h0"}
00712{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":140797,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEGCP5AAG0Gwo40cktFwKgBBgG77H37tpo2hXm6NIAYBAVDcgAAAQEIClUPdxEwhK2LSACSZiy6xhZBqFoHfuVJnWThOmXSvs5HXo3nkFTRLqH\/gFiVBrWHZPaugh5f71QBq9sKelJI+oDa8wSlJ5Wt4j3w9VFG\/sQznUFvp8oJAtwYO5QBk3182KbUZxp5sVVXJuFqmJZO+GuUdjnw1GCNdmlSgjR1DoejFE\/6m13ilnZhP9wECEUStxbPasnxIc6wJ5KLpnMUvRkvrC2VBa49EtHON6Sd\/jJ4oOhG9BR2vDdkKCsdYc9u6\/DazX8JYXbReumcyu1TD8JRN0Vbg2sOAAAA"}
-01039{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_tot_l4_data_len":6525,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":652,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}
+01050{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":969,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1587041682077,"flow_last_seen":1587041682140,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6185,"flow_avg_l4_payload_len":618,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"eu-api.asm.skype.com","server_names":"*.asm.skype.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=*.asm.skype.com","alpn":"h2,http\/1.1","fingerprint":"B9:41:1D:AE:56:09:68:D2:07:D0:69:E1:68:00:08:2B:EF:63:1E:48"}}
00424{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":140844,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebo0+7aaNoAQD1W34AAAAQEICjCErahVD3cR"}
00424{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":140846,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebo0+7abCIAQD063FQAAAQEICjCErahVD3cR"}
00598{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":141039,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAG+N\/AqAEGNHJLRux8AbuMg\/fuHSSo44AYEABmRwAAAQEICjCErahWxwTAFgMDAEYQAABCQQTQQKZeyPBCj\/p5lAGVLYOFivnXhnGHV0uHxCWHexpxHH2i8efa+9lnmebcwDiKsHG1Pc4CMMYS+KXQfwpjzBJWFAMDAAEBFgMDACgAAAAAAAAAADS8+dm2+8m4Tn34wvGsEBUoapDp6JZWBjkwDD4HPrC3"}
00424{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":973,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":141105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+V7AqAEGNHJLRex9AbuFebo0+7abCIAQEAC2YwAAAQEICjCErahVD3cR"}
00598{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":974,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":142066,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAG+ODAqAEGNHJLRex9AbuFebo0+7abCIAYEABRlwAAAQEICjCEralVD3cRFgMDAEYQAABCQQTu+YlTGKNSK0JFZRyqdMcvGNFAs8T2GsnSGKY8NwNTGeyVr\/1AlmGpT90ZYfsLkZwIOBCg3KYKsTl5v4TwCb0eFAMDAAEBFgMDACgAAAAAAAAAALUx48gePS5Fp56cO0sk\/WM80Xs1SkLT\/cUJ6fNFiZHX"}
00612{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":143053,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC+wIdAADkR\/U\/AqAEBwKgBBgA1wWoAqgAAmvKBgAABAAQAAAAABmNvbmZpZwV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAAs5ACEGY29uZmlnBXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAOAAFAAEAAAALAB8MY29uZmlnLXRlYW1zBnMtMDAwNQhzLW1zZWRnZcBUwGUABQABAAAAOgACwHLAcgABAAEAAABoAAQ0ccKE"}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":52,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1587041682144,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":975,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"config.teams.microsoft.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.113.194.132"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1587041682144,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":976,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":144166,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOx+AbuHxTqTAAAAALAC\/\/\/vlgAAAgQFtAEDAwUBAQgKMIStqwAAAAAEAgAA"}
00426{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":977,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":156833,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EIdAAHUGPJk0ccKEwKgBBgG77H5W9rKzh8U6lIAS\/\/\/8MgAAAgQFoAEDAwgBAQQC"}
00407{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":978,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":156932,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTqUVvaytFAQIAAc8gAA"}
00703{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":157086,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":271,"pkt_l4_len":237,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEBAABAAEAGgVPAqAEGNHHChOx+AbuHxTqUVvaytFAYIACSqAAAFgMBANQBAADQAwMdYvXtwu11hWCpvITmw2DM6JIDDr9YgJ4rTdtCECjTrgAAHBoazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACLCgoAAP8BAAEAAAAAHwAdAAAaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGAAbAAMCAAKKigABAA=="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_tot_l4_data_len":333,"flow_min_l4_data_len":20,"flow_max_l4_data_len":237,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":979,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1587041682144,"flow_last_seen":1587041682157,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":217,"flow_tot_l4_payload_len":217,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00415{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":988,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":169218,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEIhAAHYGO6Q0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAE4GAAAAAAAAAAA"}
00494{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":989,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":170306,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnXUtAAGwGb980cktGwKgBBgG77HwdJKjjjIP4bIAYBARcWAAAAQEIClbHBN8whK2oFAMDAAEBFgMDACgAAAAAAAAAABiDMTg4knHCAbQ9Vx3NJRfj8hBMfqWHYQc8rmnwNJ7o"}
02361{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":171677,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUEIlAAHYGNfc0ccKEwKgBBgG77H5W9rK0h8U7bVAQBAEm2AAAFgMDFzgCAABmAwNemFWSwS\/ycRm1UxBWjREjevX7sDJBeLh6akA9m4m\/PyDpOAAAlIe4cbnQLpC9a9FjVSPLc99EZ2Q33v9F0b0mR8AwAAAeAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQAAAAAACwAOKgAOJwAIaTCCCGUwggZNoAMCAQICE3sADNbH39scQ60ghXIAAAAM1scwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMB4XDTE5MTIxMTAyMDQyMFoXDTIxMTIxMTAyMDQyMFowJTEjMCEGA1UEAxMaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrqDBP+YMdR0HfbHcvrOGB2sCn\/Se0vHU+Fn51AKp2JHU8q5i2kBr5zlcJvgJYNjCo2y4+2JZqwxJfi5S4arAjsU4frBsnH1Y9ISrCHeLbLMZOXbUi9eCuhvh9GAZ7zVELu771b0zQiOGD2Y9JVf2SsqJf7XviEWGn6VwYteMLJs6NpanorDRfbpR7ugP9sS\/xQxXEGBbvBlLWXP9RB2Yrh\/4Xury50kZfNzlbVf8pNAkoFvPOjW9\/1hCbzhAj1p9w4MaVOo5BJuBL0rN2nV9fm3P4uSev4C1LVLOnAJ5ibTb17Nqav3\/7Yow3OKxi4nZQXUxdY2C9LlPG7CFQyTUhAgMBAAGjggQlMIIEITCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFu8rxhzAAABAMARzBFAiBmvv5B8\/O3v6EPGguvYI\/P2qGKP7ROqf0ovNi97Nz5BgIhAIZGcMhsK+U63M2eI+bAJ9WKJNG5kOdENaLWEuFCBeRpAHYA7sCV7o1yZA+S48O5G8cSo2lqCXtLahoUOOZHssvtxfkAAAFu8rxi+wAABAMARzBFAiA\/o312sro2ci86205w8nBhXgh51C+CLzKeFUsHGAF44wIhAPlqNmDAztceZS3Xynsbz+gJ8JIAzYCsjwloJWcCVXVuAHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFu8rxi+QAABAMARjBEAiB2eTFMm4i3KkYmP4vs8o+pq42SSpLb45iau7FX5j5KsgIgVy5yt1KRup4Xn1x551kicrPWi6kJvL9BWjFWvibdgnUwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBS7S\/DhGe87NYr7Xh2ON096b9XMvTALBgNVHQ8EBAMCBLAwQwYDVR0RBDwwOoIcKi5jb25maWcudGVhbXMubWljcm9zb2Z0LmNvbYIaY29uZmlnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0"}
@@ -271,37 +271,37 @@
00408{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":172494,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTttVvbDuFAQIAALFQAA"}
02377{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":172680,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUEIxAAHYGNfQ0ccKEwKgBBgG77H5W9sO4h8U7bVAQBAHB7AAAEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwHhcNMjAwMzE1MTU0MTIzWhcNMjEwMzE1MTU0MTIzWjArMSkwJwYDVQQDDCBNaWNyb3NvZnRfSVRfVExTX0NBXzFfS2V5QmluZGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvT7p2jRZ8\/dmjvHeLh\/yQq3j\/VLXZx+gb9\/gYzTJ1NuB\/fNr+MLJRZzh0ZHkoTOnU7rdrucl91EiuE5B7nZnaSgipbpqErKWG7ldt1BJoxJbVw3c0jWJs70AznmaPQ8k7ZtFvTnBMQ0WnBynR1EgwoKd4nRGzCwl4KDD3XL3IqlH0ccYaShIcyuhkaDQJlSNPBzOoy8PtNqzGG7skD5yyX2jyJunr5KAlOqPUTkQJ4NPWskLkpO9m9cxKSSjrxWittzJ58MG+I4PdxkAxykg0Xy9AXb71oEqTLr+VNh33xYFcQptcCkJevVo9+ql0C2dvsMb9LMJRuZ7hgAUOpntcCAwEAAaOB1jCB0zAdBgNVHQ4EFgQU9kInIFSIlBnF7lkM4zZm22FFWzAwDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwHwYDVR0jBBgwFoAUWIif1tycSCK3FD7\/hIjo5oX\/+n0wPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYHMm0eByOkWAgFkAgEHMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAGY5nYacL1MJ3uGLUYkLN3TiyuW2utxsRuA4aiy3HDugPxruQtVgJYjFRC\/JWgJmU+a44O62VOtwA5VOouXajEfXeuRrvz\/bG8g2I3r0wfI+FVPM1dXuOYJktX508R\/y9eIqqjN\/gVpqa3sQ8lAlrF0Scae9MtjdmFWTqrmqmRSME+M6a2\/DAbo3T+4hZJPLKDqX\/5eVPprHv1utxtcK4mv2gh3hCllXuRdr9tTWiL31IE\/cErb1MoVZP+lgwRcqQq3vHNOaOswdpAN2\/HhnhOerhptulS9eDFhMUTcJ53lU8rAEspJSc7UyYyiCYgme1LJXW0VEnSFWcgfq7FLhcRLNsnz\/vHrlaHipB\/RRIfH01X6hr96Wn7qbjdLv\/3SzeLKGtOgzb0w1EFpEUWzunpeelOLr3bHN8gWDlKQhH2XZpQlLonrIkxk2So4Oj3pfROmjNZTylKBRIDkQkqdLfcc6bB2oYkKLNiwspvT4uWwL1ky3k+uTc8A2CVnfcZHD0h2qjWl8a3xJpw4R6hRBwNB+X2UrJV2u3\/w3id5wcWfh+DNrPllmdRV8pkGlTYhcHM+tXYdp4veYHXwHYQOdZ0ICSl3IAr1tLMfADF\/u+pZl0U8QnUQdzVEvWZPqZQh8nWy8Ibenx7gHCRYw3EE7jAZvuJvTV3zqCtmgjQBH+5dSDAABaQMAGGEEz3wa8tsiAGQNgfEDLC55klPgDaYrll6Qs4MTgcXRKg\/NeX+pzx54x5hc8v5BTxmoungSR9bm3O0Bp1\/mx35oydSZaptgcdryC8LE9DYpwi+Z315UmzumUWKLLtvDAm0ABAEBAHgISIkHZEujTNP8snwiZoNWGux1b6isjgFFT\/fx2TcRh2KJ6W5kLyV2rnBxCLOKTZdQVMTPihpHeJ\/Rwb9oe4Tv6aBiBhKD5qSanU6OrqInUEfx9hYzxb\/7obzmYCd4ZP0RS3DXyRsxZIgaICgfyYWmG5QDty6n"}
00607{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":172683,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1EI1AAHYGOxI0ccKEwKgBBgG77H5W9slkh8U7bVAYBAGByQAARJ\/yE86JRqyM\/N5553Gxm\/tllzSdO7xOJP0J9nAsnsIKjxRrloiZfD\/gVUiytWDypyc1x1dhVdcBqiu3UV2YKRrCSS\/a\/94RdsP82tnVqmB1\/xpZ2DxRn50uF4WXCWXA1mrBNkPQ6ts6V5QARJcy187mhiMPKQ0b2stKhCxgkuaAuRryjZ2Y2ecOAAAA"}
-01102{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_tot_l4_data_len":6442,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":536,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
+01113{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1001,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":12,"flow_first_seen":1587041682144,"flow_last_seen":1587041682172,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6166,"flow_avg_l4_payload_len":513,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=config.teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
00496{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":172684,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnCP9AAG0Gwyw0cktFwKgBBgG77H37tpsIhXm6soAYBARGpgAAAQEIClUPdzMwhK2pFAMDAAEBFgMDACgAAAAAAAAAABckn\/Z2BLcr4a9ceayiTzolfHTKPZZ30ZSgslqMDJUa"}
00409{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":173311,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOx+AbuHxTttVvbJ8VAQH84FDgAA"}
00629{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":178165,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"EBMx8Tl2KDc3AG3ICABFAADGAABAAEAGgY7AqAEGNHHChOx+AbuHxTttVvbJ8VAYIADQxgAAFgMDAGYQAABiYQRb26wex+ywDP+17p1b9MI22rzxhTPvUAH4uj3R1aCijUUOjCC+t\/YZ8iSpz+BifjGFDzVQ\/fMi4GUMlJTc56I5Ph1ZLk8h2BEOPmGvuaTEz75B\/TOM+hHsiHbHUs\/qYT4UAwMAAQEWAwMAKAAAAAAAAAAADEnD5bI3ciySL1\/QLlDFlnmnam5ZLkjmEkwMLApSrUo="}
00417{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":189817,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEI5AAHYGO540ccKEwKgBBgG77H5W9snxh8U8C1AQBAEgPQAAAAAAAAAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1587041682355,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1587041682355,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":355684,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPcIEAAP8Rx8TAqAEGwKgBAf9rADUAOydaEDoBAAABAAAAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1587041682355,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1587041682355,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1102,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":369801,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex\/Abv2sXoGAAAAALAC\/\/+1wwAAAgQFtAEDAwUBAQgKMISugAAAAAAEAgAA"}
00568{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":370931,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdUKtAADkRbU3AqAEBwKgBBgA1\/2sAiQAAEDqBgAABAAIAAAAADm5vcnRoZXVyb3BlY25zDnRyYWZmaWNtYW5hZ2VyA25ldAAAAQABwAwABQABAAAA5AAyEW5vcnRoZXVyb3BlY25zLTMyC25vcnRoZXVyb3BlCGNsb3VkYXBwBWF6dXJlA2NvbQDAPwABAAEAAAAEAAQ0ckww"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":59,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1107,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"northeuropecns.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.76.48"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1124,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":376166,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+GfAqAEGNHJMMOyAAbuusi7sAAAAALAC\/\/9JyAAAAgQFtAEDAwUBAQgKMISuhQAAAAAEAgAA"}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_tot_l4_data_len":493,"flow_min_l4_data_len":493,"flow_max_l4_data_len":493,"flow_avg_l4_data_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1587041682420,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1587041680216,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1587041682369,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1587041682376,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1587041679280,"flow_last_seen":0,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1587041682420,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1153,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":420333,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8cKZAAGwGWtQ0ck0hwKgBBgG77H8VHmMl9rF6B6ASIAAZOgAAAgQFoAEDAwgEAggKYQa0RDCEroA="}
00425{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1154,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":420448,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXoHFR5jJoAQEAlXvgAAAQEICjCErqxhBrRE"}
00707{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":420739,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIex\/Abv2sXoHFR5jJoAYEAmOxwAAAQEICjCErqxhBrREFgMBAMkBAADFAwMlzpQNXKnJso0lmbQsWQ9QP0JUtMkYTF2ySEjqwct4CiA\/IwAA6KEdJo41XGChq4nIXjJi3Ldaf94\/c7z6UnyyFQAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00773{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1587041682420,"flow_last_seen":1587041682420,"flow_tot_l4_data_len":310,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1587041682423,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1155,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1587041682420,"flow_last_seen":1587041682420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1587041682423,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1156,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":423316,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HMFAAGwGr7I0ckwwwKgBBgG77ICUvjjErrIu7YAS\/\/+TZQAAAgQFoAEDAwgBAQQC"}
00409{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1157,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":423394,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG+H\/AqAEGNHJMMOyAAbuusi7tlL44xVAQIAC0JAAA"}
00729{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":423900,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEUAABAAEAG95PAqAEGNHJMMOyAAbuusi7tlL44xVAYIABbPwAAFgMBAOcBAADjAwOLjruZZJmwp+AQ5ixl8mdC3oKgE\/9DUAxdN3dPhROtcwAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACe+voAAP8BAAEAAAAAMgAwAAAtbm9ydGhldXJvcGUubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIysoAHQAXABgAGwADAgACWloAAQA="}
-00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_first_seen":1587041682423,"flow_last_seen":1587041682423,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":20,"flow_max_l4_data_len":256,"flow_avg_l4_data_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_first_seen":1587041682423,"flow_last_seen":1587041682423,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00781{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":440956,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
02368{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1160,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":467714,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMNAAGwGqhA0ckwwwKgBBgG77ICUvj5xrrIv2VAQCAS9XwAAx23sJOl22cozxfimMAsGA1UdDwQEAwIEsDBJBgNVHREEQjBAgiMqLm5vdGlmaWNhdGlvbnMudGVhbXMubWljcm9zb2Z0LmNvbYIZKi5ub3RpZmljYXRpb25zLnNreXBlLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAaMoTg\/CrkXvH3jnb1h9ibtDE5NT9WRyEmtWPdlMgqhbXA+eyQkb6BYaT\/ta0E\/bOL5hM07pSBrD5uauHzlX4vs6BmFI3X35rS4lnHgq3cUKdaq3M5dfcGtIoKERK4KHEXYdDhAF8RY9DfZJta8j9hj4NqjvMcG7hzkZJWkwVjeh7J49fLI2k+ojmtb1lfRr9wT7N317pl9QMlUj3HrapDo2fvCe\/9jktj3lbttPHLsuaLesAF3dE1wm5y4UOzoiawZGA4Fu5fMnwFxWfpzZRwMq0O\/xKMAg5RkinWwDyzGDnwCbl\/c52s299ZBhbtM6yURpSqq0aQFxtyQoGGDw\/qhMEVa25dds5d0iBdM6KFgBsOhenjJcJxMzPvvOPmkJltWXhqnxSJWsJkaqh7zSNoA5U1JZzOXFYRt3uw3OVIBSfQ21T75pEiBJReA5mMtRoJjyJYo4d7ViJlpWq6D+qmTq9MD3A+u3+2YaocGXunqdlchKzuckM3C3Mck\/119eusSb9+YO\/2kHgBIQsNEyRtMbVXs6aJDUwnxYYIGRAPR16yCXImFMfJYah5q6a0OgPBMYG1cJ5tHN0+DQkL0jj0N6DmBrUSDSDele8PSh59PdIzO8wgJ\/BtAAk1rmVDiVhBV4spP7GSKWzbAS3cC\/0tn2xGj\/VdVxgHiGox4WbcNAABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/Ra"}
02360{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1161,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":467743,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHMJAAGwGqhE0ckwwwKgBBgG77ICUvjjFrrIv2VAQCARrYQAAFgMDF7gCAABeAwNemFWSM6lG7UcIyFTu+ZAqpmou+1b9cSMUroQIXKhIYCB8QwAA2ApmCUiPkE7sFwGKZX+v4TYcZTXmXturaOIeDMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADrIADq8ACPEwggjtMIIG1aADAgECAhN7AAGtxR5ngEfSKjQjAAAAAa3FMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA1MTQyMjQzMDlaFw0yMDA1MTQyMjQzMDlaMC4xLDAqBgNVBAMMIyoubm90aWZpY2F0aW9ucy50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhBGUsVZpQSij1FrZ7UA10MFYiBlB5qoAYVuQvi8fG6euixViIn3J51NZJYhGR9o9SjpExVF2F2DFovz9yE2Ia\/Js6elboqU3tszl2KyanJJeYoaK16pdijTSVQFhN4OdbERR3KA2WROPO8wQk5QxhwLnXHsi9CWFTyGcRk+vPFwlw5KqW\/M10uCMZmhSG7qvFaAxU3WMhxRZoulvHCtLsLixgdLwHdgneRl6nZt63WXT6bo3+kmkw\/xmDwfJ7D6TraPEOZ2o0yk5oxtTbOwZJn7SB0bf3p9QQt1xurYAgml4fxfJApv2JqBVXOI\/jmUvTQYhdO3HrtSogk83Ok1TQIDAQABo4IEpDCCBKAwggH2BgorBgEEAdZ5AgQCBIIB5gSCAeIB4AB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABY2DbozwAAAQDAEcwRQIhAL7yA+kvf6VyrXY9vRgMDH0C7\/Io8PJ\/yV1QUmCPOwVMAiBP29xDfTKiXeL\/1YyqeVregr5YN5oWtRBikBVJd3jVKwB3ALIeBcyLos2KIE6HZvkruYolIGdr2vpw57JJUy3vi5BeAAABY2Dbo1MAAAQDAEgwRgIhAN0fi4bS99twLR1xFEbYoEf1bxKtPOSefKqtncETvlpWAiEA6RdOI\/5bz9mmM0V4jVAIKSzQNqshYo8T7WxtiLn0NBEAdgDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAWNg26TrAAAEAwBHMEUCIDw9PjnuwJTBQuMPh48Xf9EW3r7JbJn71l0K1\/daUahFAiEAgGQAyryExjVwDZyDMNzwvajRi+xQMrmc2fF++zZqi7sAdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAWNg26eaAAAEAwBGMEQCICcGgSBGxMNucL7euSSv6ARrwjTQ8vyMwA5w1wb5qCDvAiBmX3aytg2JYDJ3fuGlFzcm5ghqLXlUCo2l8o4CFVrFOjAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFIpXMi3QH62h"}
@@ -320,30 +320,30 @@
02360{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":557183,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUcKlAAGwGVTk0ck0hwKgBBgG77H8VHmjG9rF61YAQBAW7MAAAAQEICmEGtMwwhK6sLnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00425{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":557246,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXrVFR5uZoAQD9NK3QAAAQEICjCEry1hBrTM"}
02215{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":557307,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfcKpAAGwGVa00ck0hwKgBBgG77H8VHm5m9rF61YAYBAVk8wAAAQEICmEGtMwwhK6sBM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdIDfWWwwgxiTFT55Er7HGo41C+OpZwd7\/OsY+usepf0tUBAEBACC92gd6UwTVfl0ckkoWFysP\/qHVoA38Pawo6\/4V7MR1X\/SCKBW84BAY597xBLPkkL3MNo7qeLVUG7snH2EW5DBKKNaE0iQRZniHtEt0r4H4+eshqsOgXo5S+v1XTK8F4rXQk\/Ss2RJtNLsjfK+sYQaTu8Ccn4OunImZAIMFFAi3mRTek4f8o0qlkMqcCaxcB38MFjQzOCTHltKiMBSJIAz4SR0XttE13q2wsa8AlCxCsrJlltMqQbqDBWkePd66NCb2I64Tjma+ae\/ZFHoyZwKeS5oI7IGnK5dXVKDc6kGe7tQSTERt6eb7P1a\/SpSk1zZJhfDRFm6O\/2I3Ley6340OAAAA"}
-01300{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1587041682420,"flow_last_seen":1587041682557,"flow_tot_l4_data_len":4673,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01311{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1587041682420,"flow_last_seen":1587041682557,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00425{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1186,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":557342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXrVFR5zkYAQD6lF3AAAAQEICjCEry1hBrTM"}
00556{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":558763,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIex\/Abv2sXrVFR5zkYAYEABZEQAAAQEICjCEry5hBrTMFgMDACUQAAAhIK\/sgoqbP1FUk5z3uBhISmpZe7zNM7WCfNmacEg0wRVeFAMDAAEBFgMDACgAAAAAAAAAAJIf4wDKViT\/AGT8JuQxf\/b3YbtHGUgi6ofrTu7kIdPE"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":611214,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","type":38}
00425{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1190,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":625355,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cKtAAGwGWtc0ck0hwKgBBgG77H8VHnOR9rF7MoAQBAVQ3QAAAQEICmEGtREwhK8u"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1587041682668,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1587041682668,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":668456,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1587041682668,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1587041682668,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00583{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":697730,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"KDc3AG3IEBMx8Tl2CABFAACny9dAADkR8hbAqAEBwKgBBgA14LoAkwAALzeBgAABAAIAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAASwANRRhLXVwcy1wcmVzZW5jZTQtcHJvZAtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AwEYAAQABAAAABgAENHJNOg=="}
-00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":66,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1587041682698,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1201,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.58"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1587041682698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1202,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":698689,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG913AqAEGNHJNOuyBAbtgCOGqAAAAALAC\/\/\/jdgAAAgQFtAEDAwUBAQgKMISvtwAAAAAEAgAA"}
00495{"flow_id":27,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":711586,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABncKxAAGwGWqM0ck0hwKgBBgG77H8VHnOR9rF7MoAYBAUBLAAAAQEICmEGtWcwhK8uFAMDAAEBFgMDACgAAAAAAAAAACnDPFg8JobiAasYkqEjH3+CRacPkKTu59duD23yppKN"}
00427{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":711680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex\/Abv2sXsyFR5zxIAQD\/5DxQAAAQEICjCEr8RhBrVn"}
02362{"flow_id":27,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":713948,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex\/Abv2sXsyFR5zxIAQEABGIwAAAQEICjCEr8ZhBrVnFwMDQBgAAAAAAAAAAW2TdgB90fLaE+l2mrykb9hvYu939KmveqzgkF0ciEQXQY9a1xArbH7Orn\/bQOMMGotiSYyD6MjHgZ3hb9wFSqufWKVzzWXKjCLkZRswQSVQs0usMW1nBbLytPxUwwF9hz7mzsypTSvNYXwzZj9Nw2kaq2KASnOWBrZoUncgmQHKzqRWxoRDJsPwWnLP8nai4rtUoR3pX9JfMVJ9kJmHsx6Is9gHyhqXOI5QnEwVM0mBf4p06i3EuefZoqTOTKc\/lMpV3d7k1xWBT8YQFSJdqLJMAsV+pXDTHjfZHHNxcKV+Cs0IWXYEFfpO5gkHYz2Cj+UJyk1MlAAXInKiekWnizUeSMNVxbmhuqvVzzFjYaydAZR5y8jBWiwUNpzWlyMe4aC7lrpnabAcAyD9dBnEuwtHtrrVuB0hfF+fAZMCKZd2ruzlm+pNxjNUwwKkkMDJxPtluPObrfBg7Kvoe5G0kXHDjRRfsRpzLoE+6eqyPCBdu9FUpDvvO5WEkWfxN6u\/axUC145j8W+YGBowx03GhFQ99jOA2lYC383lvWl5s\/yIjv+znbjeAqpwr44dC\/qm2+5yAYsAlwh+Ne+DI7ArhwFpx3WuAAlgFqchf7I9n91ViX3sdDNtyJV\/\/ht+VQidC19xPKjR7XXVO4Qdvg9AA1TVRZ2WFLfzTA5os4pAULwQhPBRQmmPadjN50kGNqTVaXa06gTtPDKjiskmZGwIELAK12bjXmG+IE\/CBGgdV3cZz4qE245ayZxWvUITsJSQQ6LyisnU72q\/LWADJ2eitkpeQzQxwZ8x64SilFz69HAHvWjrN\/fq7t9UPNCb9bdET10yT6zyxX6WTUd52coU9HR2g1JOfzn\/\/tkuFyZc2vR9SoIByp6fiu+QFEkYBzREXL5pkwfKe\/eLfSrXSfSb9al2DF0B4paBSPfyz0rYJ6OrFrwWlXrKajNLyzDwBjhH7yXrWN28UmqRFAUN93OWfZiiFh+vMswzguHncaqaRyLvUEJJUgCCkEEguOiolwkk3QI0HbqNPtAKzOZlpRrr0+LPTR242d5BzGjuMVVf3UwvsTaCGUwvW+rOMjZkH+ro4RO93OOBGkWDxX3sSpaRowzN9PbS6x7jrMhNHVBsQ8TldDJFhw19yTc4Kb2zE83r7L4bFRX99JlXlcJQHeW7ypKHpJ9Lqw1ONfZp6\/Svhs13ISgHvVVCWDIMU0BPQ5MRRTFS5JgOhdXyE\/5fk6yCZ09qEDZ329FC6ja5Czf+OoTKcFxmu83zfqDUqpWyuMz8mcYJDZz3nWINwdE6zaSprtWyg6m1El7FPLYldV6ct3tpSj7fT4jtQ33hDWLbBUWoUj\/2NG0e6z6gJZ3VSwFpnBEj18W5PqXbmifKO4a83GoK1bqqJu+cFUaoX153xup5adH2cHQ\/E8PjH1e4eIIEK+DxEB1g7vywTMPpEaCeHINwVclqgj\/wUFNcuIESWloQTKHzxIGpGOeUMa1ZEirIWXTjyF3CM4g8W8dESGc7svXRJrI3MQWauSm8\/uGPwu0feSA4Sv4xgDPc2OaeFW\/VsPbMJkeB+okvXJ\/4d5a\/krtDq3Q4eD2plufWJYp8pkmPyG8VsIzOVMNnyf1dT7QPxAiSgFE7V3DH9xScH+YjgU6LMMSMK8lUYjmc+tvpDVYtttjpctyvb5U5rdnVSBJLuq9goEOUKBg5OMqWUDwvBN34goN6jm2XuSmzxC7tydp5hkBzDDG8D81Xhax4MtNCdtKYN8iYxm4ooe6WgzdvHqkkMcK9ZI8svGp1KYmrg4AhRztpoUs\/jmqqZDgo5bB2BZjqOyalV\/hgZueIuU2\/Kz9D2t5MBjXPNDOzX\/VJu4KLdWxuDDHb04vICNrhepXqycgccP2XIYQz"}
02378{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1206,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":713954,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIex\/Abv2sYDGFR5zxIAQEAB8tQAAAQEICjCEr8ZhBrVn4thJaMbUvvbgufCvGZ7jx3PczRsf2Arqz2n5BFuyIODGzi+8QdRylyYCJTnJjkPT5mLT885uAoFDU\/G4FKgdBqCuWp9iKSYeX91S4YPodIkt86nL2wvLwjWlNwOrUMA+DCf\/uOMkTK3P3b9nfAMt1yYRSQs3w\/ic3NS8GQ3UthZ7+kh\/Ze1glfi5egYx\/KBdyWFUWDhtEO0x42vlbu3s5H\/fCw\/VlyoFbcS2rtKJ\/a9IrRZPxQsTcxlIiYXsVv3N9T06I0cFwXytznOcgpTWM7Rq\/x+90gAp7lA6vKEppEBx9lZmg\/1HUjslS9KVIycj6NekvHlzQpD8r3q7hNJ1BbmhJh0M2Qm+q2Im9JvuWob1rBL97MK8OO07RMHZghXL3KnZOApaqJ\/uAimAbCxSQi\/PDqo5JKBhcO9H1Uot+WAMzK6xfb+tZpu1W5mu+f148PxCC0ytclplp0MKzp\/XQELY5JDJOq0wnJfsIhSszMw\/I3mfrRT21F7RBpesyai8T8Ej23OoxMpoKXaODCL361OAo9X8tr1HYseG0c13Q\/QBoT0c16yZntoRvoUNK3l3VuxSJhHfcxs1RcoarVl2scMRPl9NNJG38phU9HlFXrD8P9OjrMG55cZ6Vpp8pjNpQxYFqhcBQ57q+QljXwNSUaiudr\/x8tf02eDUH6+HztcQ8crSCOoPx3D1WAOrAA1e+JLhJLe84zUtFPNnNaj2nxkISrKXLWtYDm2jxqaae\/drnXyBXgfOipmw6sDswWJD5m6auaZOAB4QOsMbUfAIJ6Z3GxkNVJS8f+dqNgR+aK3YZAM7ROLvywhZjybwj3s7QpjpNlqgBicYLn+M9r\/wOcyOYbi\/b+ToCX+raIH5AUV\/9zcGcQwLTmUpNvB+2TFTEwmJjcr0WNbIWa6VB5ORR3adGUyBbK05skxOq46L5vJe\/ZTupT3z2TC7thSUgZ3w9krZ6DPky409x+mh3fZwzJfJq+CndGi0O8fjxBM9\/U\/kSJBXOpPVOfVGlPP0xi208b5rrsW5nUauLmvX8\/Uq8\/oc8nP\/4QUU5dWOrsbz4zZbO2uvIujzooY0dsgBwOG5nQo93uqvuvW2V88L3nqdildgEQxfIlxknd1GBbXiNfVMZHm2oMtJazBQkKuZF1IX6U22KVYvlMIU5EjMXnGMgAEf7uquOimoOC+bqm0HGj0fBFwhy37BFLtimw4uFctC2FSIBrPkNlngesdy2SIZSkLsndMVU6P92jZGge6pKWh\/\/Q3tHgIczSLKFKYEL\/xOIo9ipW5N5\/3HtFhHAYPsmHvDNAuiQKyxn9Ors8jY6+cl\/l4TDbN8alcxyU41mYYMTwEhveQWAz1njZSLtjndg+o06Az\/2M0E3gAK7hJcIDo\/C15Nmk9Ucv10WnOLsUFBMzofujGHBjoh1hOAA8T7PvYLQwgCqB\/xUEHhRixqh4xc2zbbn77x1Ye4cwuIvW5AoS55KOUfOneAweKhQiMOrB5Sgkpkm7wiOUjqdh8Udmhd6rFXPchIE0E\/4B9mJT5af6J4ieloUlwpnMj4OiG04UiwN+zSi42Eh5ZKqvnmceOJHqOCswrw+rlMcwMmMlQtsOmfu+ZYl7IonXFNJFJsGIi\/zxtpeJvdb\/Xfc2X6rVc5qoGA1cotWdg4KBCeHNIClCEq8WzVIYiEKYnBA0p7evq7ebO8A9RiaPOvQqWxg7Aoe+5wg5eZYrz8Bh7xNbAR2gpppHuFIM+AN+3I8AzoU7tB4uAoOANs2RfX96\/Anwttfm8OeAIbG2aYPTHiOd+oYD4zW9EkEiT5KiLuQrKyj+Tbnk5mC6fD\/b8\/p7Vg35vfMXW23HO7EbxiQq7THuo1hQLdB3Y4+2JjP\/JeLsiDLC8WuF\/bJFUGHgLCoBXZhAMXufGD"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1587041682740,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1587041682740,"flow_last_seen":0,"flow_min_l4_payload_len":233,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":233,"flow_avg_l4_payload_len":233,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00743{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":740607,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEdws9AADEGDl2ifRODwKgBBgG767gSqyGfi6a7DoAYAWi65wAAAQEICpHNoqswhBBbFwMDAOQAAAAAAAAACKmKftpP18TObpudfRHF+x2Q26rJbEiP394UtjZJPj4wSIR\/hp3JlNrAGtpUw45IgQ+\/Td3gBgwIaydoMxwS3i93S6aIvQahVpj\/c5RwIn5XTgvMLlxphbaNgBQKVcUBzOyFCFmX25bboaZrE8yGPewBV8YF9rPw3wiL2qX6gOrVwGBD+SxN5WBWFI2hGO+JWJUmRSYMjHC+44xSTFiyxGwuYeySW1fNosn1ZrrnxmEfRHvkqjQUYvkmRW87MNYmA\/nzpUUAJUjx7fyAlsSNV0cWWtSO31yX1lU5orE="}
00425{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1209,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":740712,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwxXAqAEGon0Tg+u4AbuLprsOEqsiiIAQD\/hw3AAAAQEICjCEr+CRzaKr"}
00426{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1210,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":744342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09YRAAGwG1eQ0ck06wKgBBgG77IG+FZNKYAjhq4AS\/\/+qaAAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1211,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":744445,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOGrvhWTS1AQIADLJwAA"}
00704{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":744658,"pkt_caplen":273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":273,"pkt_l4_len":239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEDAABAAEAG9prAqAEGNHJNOuyBAbtgCOGrvhWTS1AYIAAsUQAAFgMBANYBAADSAwPkbX85xJUsmCJfCQtb2nqS5r5NxitfmjfkWtCVFh+GIgAAHEpKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACNCgoAAP8BAAEAAAAAIQAfAAAccHJlc2VuY2UudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACAoKAB0AFwAYABsAAwIAAkpKAAEA"}
-00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_tot_l4_data_len":335,"flow_min_l4_data_len":20,"flow_max_l4_data_len":239,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00751{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1212,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1587041682698,"flow_last_seen":1587041682744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":219,"flow_tot_l4_payload_len":219,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"presence.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01247{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":745381,"pkt_caplen":665,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":665,"pkt_l4_len":631,"pkt":"EBMx8Tl2KDc3AG3ICABFAAKLAABAAEAGwL7AqAEGon0Tg+u4AbuLprsOEqsiiIAYEAA0LgAAAQEICjCEr+ORzaKrFwMDAlK2BaXSajSAVWEKj3frXxijYpT3GD2Cuos6bxaeeEb0O6UJhzmzPZI\/SWy+fgBnTfneCwusduYkx4s3F4xCn2MY3DEvpr\/P48ATzKlJ++OHqI7OI3KpokJ1bF8YwJjJpFyWkPT0\/gdDA2C0thwexYlLgVCHe4dECfAKO3ai6a9AkpIGftSCmWnSsB7\/GodcDd1wDIWHn+mS6A9bTO\/2sRCfLQjmwaqnM\/0Kd1DorrQMm9TT6\/w11NzOyGJGqVRWfthWKCJ2r5CEFaogXR64MxPpr2FM6spcuDUY4C3Hc53Q7uc97BndljPBEgsGGu2WIs1hpBKyBrbp4cakeWFrgRHILDge\/JLjoB\/we0ie6rPfHdzAzbH+CVHboc7ECVvIV6N2Rd\/z5fI6cJ5y1i\/CGpe9JS\/DjF+npNlL3gVvBs3y7VpT4ziTRBRlbzG6hzfaYWVE\/I1GNwloup0kRP0\/\/fFg59buQBmTxdHJsfm4laPDQEGg2\/E9TD5wbcmagME1tYB8Z6HaDDAe1MbrBXtLSM8VMS0ZeI23LZfgw6dIscXGQh+EZCVohYQ2K\/dCOtZqYIGlXsZd11O+bX\/KPVaVnsGCQqimWVbYkJXTdkE5fdL4ibwUdj8vI7+8IXUv8oArxAdVEWB2+pth6d9Zti7C4SxMlmajA50jkJHElO8G4w6Wzb86qkyK4WbkuYLazUSRxEvrQrVtZjtDDcEAhbB3i\/CCiXoyK9403MAI7UV+NXn0+Iqmacnoi+GSVKkccDjbrlFQ3qxHSBpnh\/Zt22FSB4TV4eA="}
02358{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1214,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":745498,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpr1lEqsiiIAQEADIXgAAAQEICjCEr+SRzaKrFwMDIBe2BaXSajSAVsA+S0rbnqiekP4iuZq32HuCU1Zk8b7DobfyXAMC40RMGMmv03seNmRLB1WBKOAndSNsjwejL\/4UdAY51oTzt\/idB5m9EO71\/T1MmFynzxV07rmvd3Y7KFXQR\/+x23FlX8GjLiPfQFhiUhRh28ymzOk2Fma1O328pbgtPmfOm2\/I1HthpOnXap2OPKovdSqIn\/dOEzmEXK5RH4Vhc7yfPS0tJ3lq\/j9Y4mE4jZEoUqARpTmnt\/EmaVbJrcge1AqzkW+CZ+w4JlO7k9TdFEi5TByHM4C1T005glLtZNkRmPpMGHQbjibw3NTyD4LLOA7ibrI0r9IDNmoeUUfh8DCZdpfo3pxnEzyt7oapZ3bsP3f2dkvlxSg+Dlv55qlRYMXtNU7tnt3+G6vIRUNWvNYWxEeaewlxO7D31DoGy39yf6\/Uf40kqlYmjJklCFuyytx+XwcWqT4ARI652Z\/KTokqiY0d8hvIMHweZqCdsZ3sZLcS92z0hCZYB+QTk3oNwXMxF3HPTJhWvhOq0wqkZDSVoE431Wjz26KTR\/D\/dA5pInq8bEC3yVuUKN1PLZW9Mz7MYJyzusjyBNsPLXM5O8OEeeK5MiWTYDXzmOLsLkb2vkB\/HV4y3Ev95rIiSF36Cpgqv6+0aR866vdj7FtuF34EidwFeCf1Bf+A5YjRmGj3oaiwxanjseDhhtnxhUTf19iNoEFSzhAIqnGHRAvLOkI5d3FBbQQt+YdQcTmf4uC9ThNnySNA0HXREePQs7huoiwdf2bLMzadvLcQRiRnWU7Hl35DzJo7SAfHQVc1y7a5SVG8H0C\/gvRNuAfv3HAV07QuKJAR49iIkFCcVRaJ\/jE5NYdjrNiiLdvzoxuEZ0dWMxMftRotvm8FM6ig5uEvIZbx9cs5I19iYZQ+xjuzmSG9hz4iz+WjzAoY1dmLOtgbT\/XB2FXmqmn+QhnOY3Ljx0J2ha7XjBQ8hWDhzClw138COO6BoFzaLcXOQXTKJXlqio99G1EHem2LSJs4Fip7GdtxGPNIMZ40wLG2DFzen08a5EPl23FFXPX0SR69Sbx3M0R+hQyRTGJvzQ2b0FETVcaGBWv\/AJUXgawU3fpNn7TAnn6usnhvfGudG7WV4wZ6vkSA+LX0MCVzjn7ur93PxY\/kpdqz3fuiKZIsdz1qUGtjG9iABsh28XZ9j4vR0VSK81wLD3NNpJ2yPv0bwOqpCaovF6tXQ1Ews6XsxqJi5G36BrzaJ5\/NXawhnu8ri1Vz28LUjmOZPpd6keVddX571\/oIU+Q3p3lccmI7+gjH3KqlUBiHCmpfZcYeOnCUEoJ6+9LH3uDsI4lVcAzp2csO0NXDwcfvMalB6gajtPszvwIJElID7GHKx1BsawLle+AuhD6lA8\/ePLwyuj37+iokrx6+vklOjmfe4s9diN429ybZIsLrxpS9gvhCcqJjHRib1BY+X07qe0e72A4QTMrUQvOqVAnCJ6MepkVyL+TYwE71AQhIyEcdhSMj5NByh+Ps2+o6B6TxNGxL+Hz7Gkx+JsBR2inYY8O+Lv0UT9kVL4KGsfhNjVDtOQlSBGenVIqSWzA0IMPQo8+3Of8Hq4M82zM4CAZ0HSDgvnwrTIr12aPKQZeXdT79Zkpu9xzzr2tssbkalNRSPafbicgt9KUTproDv5wkhK7YwHiqPcGR0QVqeIcuyQotM2kpYtKzEsnaTsMsANkeXwUSaYMnhtvVUO0AlG4\/nEwlNMBHzNthJE9IyucPPp6lNbtpzJXbzjnbqhKzr1pBPW1NzcsmUvTf4AThdCxRFDDYC8Q9bGPZ8M76S438LhtuVyUo\/lD6YFPci0DvupTGZalsukVJfD\/0b05qjSDFI9eEwsvlchodrzNqwexfGQO0oqhK"}
02358{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1215,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":745501,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGvYHAqAEGon0Tg+u4AbuLpsL5EqsiiIAQEABs5gAAAQEICjCEr+SRzaKrei53o4vFQHMBld1Fh\/SJ7lY\/Br6V6nMJYu3OAHgdn1qCcCSFYKKt9BOxyQf3yfDnlntHKN9zdEPSvXN\/0hi8YerzFHTzlE9CpJ2R08FI9jE11z3fnVvhf8e7OcEQqRZgxnPlEzNldSNYqEcmHkXvJhZMq8lx7wyR4LUbGNhgoKdPGH278UPChna6A3t6rVbTyY26njMEfo0Zm6rhpJo44iHLRIKvpaj2GQsfRT+cQeJIZ7CCI7T1q2PUyZhm1ySaJCt2LeO9BPdVU6xJnGhMV\/aWAPQcJ6kB0bxcZrLoRiXTU5Sjkns\/IiFNL\/xvNJTPnSiFRhwUoHK+lhufNQUo13wAlnryX9ux9knlEKyd0St6x6x3\/0AcGE5iocc88TMKvbPeEJdROrTHJPBGw3wEtTcJnsCO86HHTsshAVdGVqkIx3wKVLP63U4Kblp4jy32ZZqt5mrVmtgkvfyXyOjEWSHg9\/kbER4PSr77Twprpqx983VEq2Hcb9Z5Mm3nOhfwTP2T3g\/CCF8QgaWGZrUDu1iiRUPI6K2BHYirquzyMaFufY9V8GpIhq1n1xceUiQLPYGN3l5fQJCiBdXfFafOcSFxIjVpojrL2EOuqK2nuMjLQQp+4Aqc6WZPgm2ebUN\/iKkfC2yH2bLExo2MPi3VUFi92NENpciPyW+eXAFY69MJj5yxa5BiY59sQ5ELiBJlv7RkENWrGuHIllIcpW3ItUf5UzQsbStrqU99fkGX6jKCwXrvMoRcz4OdAQSCuL42ekbFYHiL0ne5NvHaRIqcek4\/JcqoZpMdpQey7y+2Dl6doTImRGjrtsYDDKgFGhDU4N8dTso9ThZ3fuQI5GnuKCyDE7AIeVXiQlYv5F01woYov2hCUZp7ZcJSt2ohbipTR8\/9XsRLAxqgXB5GsFcoOvfysdpEjckn3ixs\/e\/E+9YhRVwcgw9hwvaxpOHeSVNLQn1UC1jd6XPsedgr5CYCUUWjOwS77pYeBf15DMuXoTC2DTw4N0qK0I2k9jO2h06\/VwS+DdyYzdZyIEDJootRjKr6+oHebS0B7nXpok59GLbGxDjEh9wakV1SZs7RvQXUIMtwshnqDiJum9ddTnNB2+bpdzgJa3FjnjCyxjYAJBZhtEPLvmmDoY+ugXE9QtbOp299K6ArOZPB6JuK4rlVYneXIpSl0yfeQgFoaNPTPCWdaxvM+AfcOB7YkH0w1UJu2dyLSmHw42qCGfzhxeXIbZVNdJjctQ0Cqo5zXErR1874K9\/40112SIrZY04P1wdyAy51DHX6xP4DMvjfqz6wVaf6gJ\/DZxBp20paRElTtDQN\/dHqjokoah04MvpFxBCi0Oy+R7CfKweUnqAqr1HqpFAPT9qsa8YrIc8G0wUUzeAax4URzLWOt85EjAnPLK1DAQYPq0v9Q0KLOsGsn1kbSvDpNs37iMzwcZRFzWoLHwwnKhxoV5ph1YHpzct0GfB5TMtawMLt6xx8fpDVN\/qmtv7vr0PwcpkWAe12mwk6YMCBt5BjA8f7N0hNc28Z18gN\/CgGnUTUJNyHOY9\/otIhpyZk2nAcBRRfiJ1pLKbDvtAKXiFEDhY9R4CdMU31jbFPykJh6n2eH+U5nfePcR\/NQL8CGF86lRBvbS1BffGRulEfJVi517lk3dtmRmFX4czmj4U5S0fLX7dTEWdkjlqGvyPwcgdLRBZYccWZ3e0IwyZLzh4ZvqC6GXgR\/YxXU2EyExTuarC8OxvaikQEuWDLdXLrVfF\/5zh5AAnOxdXMDpgpl7zVyHlEg1yLy9mLgj1yQgKUqwCNhyVJZLyPBjuKvSewLkE6Yb4TMgTQzgnkGvHFjAbR3wnBeO3lqHZFEbIHcmklDS0L5Y7TchFMURbahXYDs4fVUOyQ800EYRGVfodFdgqI"}
@@ -362,7 +362,7 @@
00973{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":802460,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF9YlAAGwG1E40ck06wKgBBgG77IG+Fan7YAjihlAYCAQZjgAARB3NUS9Zk+plCHydbLwht6fHuAcJFjDcQTuMBm+4m9NXfOoK2aCNAEf7l1IMAAFpAwAYYQR6tpUy5NXM+b9iM+cFYLOVoxfQQZAdwAwBnNQmG89SfktKZlW1KIl1BTCDvw7+QCqfKCn71umzwivv\/OxwflljmAtGVmYZEXl72dfa4QN\/9Zz78swbEJx7nM3\/Z4J6EI0EAQEAX4hrEkMZswhAd4kvFhrJWBKypARC1W\/VDRiL9L2a20hFHCbF63QBpCSoqAZ0cIMepddQpbkm67\/2TOnsGaqPw4Ay3HFBScGNfPK8cYYSH6skTXrDeIptwlk8Q18J1h37eiUbcJM+0Vcn6oALdz+\/oknqpott++0+3AzjceHR7Y\/M3JXD5iAuqZVpz7ieAg+lETDEi\/Zeh8v8R1D\/F6nHSzm0TVWSvPEBmPA+O3DHRvMGghrclcEQpQ+pcrVPxOH1Dpfvugnu15dQI7Izh93WH1cJKVYwlyVc0Nbkw0t8XvQm0q++3QqX7Pd9c2ycMnVUvXc++SHTEQiUFxLaTWWrLQ4AAAA="}
00410{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":802547,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG93XAqAEGNHJNOuyBAbtgCOKGvhWrmFAQH\/OyDAAA"}
00626{"flow_id":30,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":806046,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"EBMx8Tl2KDc3AG3ICABFAADGAABAAEAG9tfAqAEGNHJNOuyBAbtgCOKGvhWrmFAYIABmlQAAFgMDAGYQAABiYQTSMCeEivTxD3Uoj1CdT6hnMeYe\/myCoo2If6kFa6BybMIfvoTvwWLHChyab4ek7OlUsui82X66GcwpE7Y\/aYMptrPdMlXK1hZpM8SFPp4ImRqqH2stb3E18rhOlY6kH5gUAwMAAQEWAwMAKAAAAAAAAAAACbY+n28jW9Z51qMsjh6WbX8j7sNwJiUHj8kay0XL5hY="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1587041682809,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1587041682809,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":809173,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyCEVImrEWfAAAAALAC\/\/+rgAAAAgQFtAEDAwUBAQgKMISwIQAAAAAEAgAA"}
00426{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":852443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wtBAADEGD0WifRODwKgBBgG767gSqyKIi6a9ZYAQAWh8ogAAAQEICpHNoxswhK\/j"}
00426{"flow_id":31,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":853827,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wtFAADEGD0SifRODwKgBBgG767gSqyKIi6bC+YAQAWh3DAAAAQEICpHNoxwwhK\/k"}
@@ -373,10 +373,10 @@
00437{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":862686,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7ILLfLe3JqxFoKAS\/ogNbwAAAgQFrAQCCAoTeRnVMISwIQEDAwc="}
00424{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1299,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":862738,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEWgy3y3uIAQECwqYQAAAQEICjCEsFATeRnV"}
01123{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":863165,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyCEVImrEWgy3y3uIAYECxutgAAAQEICjCEsFATeRnVFgMBAgABAAH8AwOllRwzFBLD2fGS0RdMQwmyeJX+rt9niSTc6LgefMaOGyDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgvrFq4xkMZjK7jeeGFDXjFBVctkvDk2bUa2GIO\/qlb3oAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1300,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1587041682809,"flow_last_seen":1587041682863,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":917091,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZNAADQGRHqnY9ekwKgBBhFS7ILLfLe4JqxHpYAQAfo2WAAAAQEIChN5GgswhLBQ"}
00634{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":917561,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"KDc3AG3IEBMx8Tl2CABFAADMwZRAADQGQ+GnY9ekwKgBBhFS7ILLfLe4JqxHpYAYAfqVNQAAAQEIChN5GgwwhLBQFgMDAGACAABcAwNj9DFW90uUp62kpYH0gZzusgJkAmnNdPklOGghCxgYwCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0sAwAAAU\/wEAAQAAEAALAAkIaHR0cC8xLjEUAwMAAQEWAwMAKMmzRIH47MLZIGbvoCJbTEvrZpOUBHnePc1mxcuJT5HZCR1Sfyp+RIk="}
-00890{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_tot_l4_data_len":881,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1345,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1587041682809,"flow_last_seen":1587041682917,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":917621,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEely3y4UIAQECcnXwAAAQEICjCEsIMTeRoM"}
00494{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041682,"pkt_ts_usec":918603,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAG+drAqAEGp2PXpOyCEVImrEely3y4UIAYECcphgAAAQEICjCEsIQTeRoMFAMDAAEBFgMDAChs678blRqlXKUex844yXqkDF719MGcqIK3P4stu596NYJ2PZbeVYuz"}
00423{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":10449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZVAADQGRHinY9ekwKgBBhFS7ILLfLhQJqxH2IAQAfo0+wAAAQEIChN5GmkwhLCE"}
@@ -384,17 +384,17 @@
00424{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":59472,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0wZZAADQGRHenY9ekwKgBBhFS7ILLfLhQJqxLk4AQAfUwvQAAAQEIChN5GpowhLDb"}
02085{"flow_id":32,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1441,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":134358,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT+wZdAADQGP6ynY9ekwKgBBhFS7ILLfLhQJqxLk4AYAfWd3AAAAQEIChN5GuQwhLDbFwMDBMXJs0SB+OzC2msrk3HDfuo1F9oSu2tMpdc5amiX3sP3+HF3T+eUlrMKwLu5vpRX2sY6Qgb2AfcqUJbzNahAcjl+AgBrxnDW3IzmBx1GjxIf54xU7CDOWBB6h2asl5Y0jc+NBtT4wwHKlGK7aTIDJNKtZpQBrtKu+wC1wThAEhnwiJCMcZrlw3JmUaM8hAcPWiv+P2f4HU7kVuR6SWFtZOY\/fBG6AA4hICINInUXNSPR\/9S0jS0+Tu+TIJ\/unj8qEMubqIQCh\/V448Q5nnpg+m97oZrqoHkU1CldcnFv99miigRKhMTB8UhJojHRmQkNNuSqkYUg1wt2+YPyuyggI93J3CSs68a0sNXTEXI8hPLWv745fuMVK+GzYpn3QIWpwecAc8ojwFk3sYFYGc6Kr3niKjvleeE9wyMd31MixrWRPeRyiEuUWD42A1y13fLADAszjc75ai96VXjLbCKwl0noyJq882kPNRilUNVn3DopZ1sxVJmeonQsuho+5bzSM5XTbWli5afK8uq4VkO1JTnH+QCaWxMcc3coahz2TQstp35Riylbla3PZIwtYbAltxp9HvMr2YRvetAhN583PQgyTcSglBA9VLQMuqlDS+Yp5l8M6wZyJzO21eJigfJi1o\/n0C6Jl9pe7P96S2qxZwHKbeC+ollOwzuEsW6W2euMv5Bty7uHkH95xBMzwiarDmQ+o1Ei+q2YXDkKmEFKmLcmSoD1gJV0NJfr5r7g39mk42G6pLB1NBDrBN71b4WG1g\/5u0a3rqw0V9i7QnL9BlX8fxEEmTnz9iZZ3YLsygkbuA7AHtVSjftrngTxt6ZxhwkU\/9bPSsV5zngK7DqCVeqwznry2Ak1K69ATi4hxBM6vJm4J5azYrQKBdtWCpMP6MD86FiPSrAXBunH0b4hPq5tzuqdO0D+jBbTb4Wuyuo2mJh3Wdi0GgAny77koSTNopgL0vMBX\/vxnEJDucvwdPHZyocOBrw+JRn9zmCrcQ0Y9Q0ezNl4QGHwMISpDuDI3rn5Latk4ocMu5N0vMsbOO1\/gQG9gmVcYiZsj3DHKbeczYMtV72zfzt4zMH0+e6uu8iTq60uJMXwyI30UG5fzVxRJ4j\/UD4W6mchwCwMr6q8+gd6YplByjwds617qOLrlHt36ra5Pk7X2fO+uom00juBLnsnSYzThqYa7AtStu7Ns8fxifn\/O6P+gzFrmtBjaHQA\/1xx17u3yi7XFhplKfr0jTUgN4p9G9TDE1YDvXCLgzdejZdoinUNYt+hdtAOR181o9OXHQQ+xZ\/Iv3h2AhVNwBkYN5nU8A1alX8Z3DnlAKQt\/+z+XcHUI6niPCc2ejcpuzXcezHBSBFte4gprIQQh03wzDWXI8qpvQafa7vTvNS+kOicPxL+ziFk1R29VK\/Tlcj\/S6eX9KExxqzooyHpqkZQzSaFvny7YFcXNSIa65RZq2MYCDgk\/dnxWHjsRaDEqCSAKbU2Fq986vwayL1+sL\/Zf1k26dI2qd3cUitCRLJhXhcARrcLsJcnB0d07VW1y7nmsSoLB3uoEg6LNbIgzreGXNOpkcDmj7mkRp8bmBxNM5VFiS++mkDQD2K+9dRHKpWlfUBTooQQQ3cD6RayBt1mpz8="}
00425{"flow_id":32,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":134460,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyCEVImrEuTy3y9GoAQEAAdJgAAAQEICjCEsVMTeRrk"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1587041683142,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1587041683142,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":142905,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"EBMx8Tl2KDc3AG3ICABFAABOVgkAAP8R4j3AqAEGwKgBAeCgADUAOmwyTTEBAAABAAAAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAE="}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1587041683142,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1443,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1587041683142,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00635{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":184989,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"pkt":"KDc3AG3IEBMx8Tl2CABFAADQTcNAADkRcALAqAEBwKgBBgA14KAAvAAATTGBgAABAAMAAAAACmNoYXRzdmNhZ2cEc3ZjcwV0ZWFtcwZvZmZpY2UDY29tAAABAAHADAAFAAEAAAAMACoVdGVhbXMtY2hhdHN2Y2FnZy1wcm9kDnRyYWZmaWNtYW5hZ2VyA25ldADAPgAFAAEAAAEsADAWbXNnLXVrc28tMDEtY2hhdHN2Y2FnZwd1a3NvdXRoCGNsb3VkYXBwBWF6dXJlwCnAdAABAAEAAAAFAAQ0clg7"}
-00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":58,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1587041683186,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1452,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"chatsvcagg.svcs.teams.office.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.88.59"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1587041683186,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":186164,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEUuAAAAALAC\/\/+uKgAAAgQFtAEDAwUBAQgKMISxhQAAAAAEAgAA"}
00436{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":220355,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8HR9AAG0GokE0clg7wKgBBgG77INQlxoFJQBFL6ASIAAufwAAAgQFoAEDAwgEAggKAdQEQDCEsYU="}
00424{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":220462,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEUvUJcaBoAQEAltDgAAAQEICjCEsaYB1ARA"}
00728{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":220741,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAG64vAqAEGNHJYO+yDAbslAEUvUJcaBoAYEAkhLAAAAQEICjCEsaYB1ARAFgMBANgBAADUAwMl\/B1Vk9A1CXIA2wtxg6SSBUkcTlC\/1\/z0\/eteey4O7gAAHJqazKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP2toAAP8BAAEAAAAAIwAhAAAeY2hhdHN2Y2FnZy50ZWFtcy5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAICgoAHQAXABgAGwADAgACSkoAAQA="}
-00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_tot_l4_data_len":369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":253,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1456,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1587041683186,"flow_last_seen":1587041683220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02359{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":257226,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSFAAG0GnKc0clg7wKgBBgG77INQlx+mJQBGDIAQBAUMBAAAAQEICgHUBF0whLGmFMuT5WpzTDiCSYT3xi9v6V14KwZXMAsGA1UdDwQEAwIEsDApBgNVHREEIjAggh5jaGF0c3ZjYWdnLnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDEuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBADlaSLft\/Il2mfNfS96UN1u6SRdI6uOdxV\/SghC34ek6RV73kkGH\/KgGm5Qpn7ZmjaE7sCW67DpV9CSox9Z3dhmyY3WubiTFoRkhvmI2ia7VsKC3uTVFKGfcG3LipFC\/23JDrzT7qcdgDJzOLWf3MLJd1Kyh6NVC9EjRBrGrjji8xmok7R0RS8CcrVoIMxOsb4aFIvlKHgOLGwrUEg+jJK1WekigAR\/pyb5Ve0qqD3wvtdis9OWT8zz+JfQQtYBGzTf3Zo2YdFfy+cLVdoneW08GcCeeO0e+2qhhnfoQYTUFxVDlSKesMCCZ19oghBpnMirb2zEgWNe+6hV0VBHo0qa0oI+8VxV0m5jsWGKpN5r0RSQeZVBFjmNPja7EWAv9BG0nDBvzPaTNS9lsRoXc1ue7UQ2fGyQcImPgttcAOrqAGM9U+s0UrVqPi9GRGdpB+ymstXnktW0UVXqemudrGvUxOJRKDRvwctjZP2On9XpkEuwYzeJ7edeTKIXaTMPr5bSi6KtPMv8scypPxl6auLwwuyW3phPvh3sr9vdYmG1LA+UpioWKxGVlTy3H5MrR\/a3CRRhXX1OZmYh1RDRwmACanys8duLXWdgmjDNNxzIBOXG7wiGPQfS3+9iG0JTdXjbTpu3jNtZbvAVXCu9kow13tCXvpYdCShakHGed8k9wAAW4MIIFtDCCBJygAwIBAgIQCLh6UBu+nNotFk0+OVG\/VTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTEyOFoXDTI0MDUyMDEyNTEyOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjvPxhHV3vL7JpPUWpVMrUGCZ3Nh92SS14XJJN0j+2oaTo30dmksQTXd5fmWpfG424kfUNknQzCQCJxTirnHN2Vd0PBBWGZJKh2L545CNXt7RQRsaph9AoiwejlXXJthoQqvsDd7dXmGVs6xsgc6o4K2vX8qm5FFoLif9VCpxpMy7fpLx9lNRBTHQGYKwymPQ8koAC830aUv0WpZWOSbJnUsKYzQy"}
02360{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":257259,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUHSBAAG0GnKg0clg7wKgBBgG77INQlxoGJQBGDIAQBAV\/qwAAAQEICgHUBF0whLGmFgMDF3UCAABeAwNemFWTX+wdGNX8oxlCGUFyPvBvLhwa23SJPmbGfiAFTSAKNgAAYI5Bn7yZok1NjyjltU+IxFQsPzvZ6TxxnxJ15MAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADo8ADowACM4wggjKMIIGsqADAgECAhN7AASlfowIISvJ5X2hAAAABKV+MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xOTA0MTcxODA1MTFaFw0yMTA0MTcxODA1MTFaMCkxJzAlBgNVBAMTHmNoYXRzdmNhZ2cudGVhbXMubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANU1qnnBvmy8C7Js4SASBv8VhKovjO8KWcEBXJYH+nL92c58HW+\/O2tD936VWFXybN3aygUEbfsRDQxqdr4H5fX4AK7vRTgqqTK30Q27pyykcZLAPNVHl5CT3BDbK26mvB0bkclFS5N7mn2BO7jTdrLK2tIK5SlMnU69OwQAz23VGD4+wXMnI6UljEmHMh9LFdVrr0t79PNKfbfZYvlADsP84DPPW08tKNfSqe7UKmsJ7MMYbT0CJg98Hydo0keIWo0LvEudSSFVo66eTVpzBQ+lF9+LHRn3b3pHrs5Ur09HenhHW09yEF7fSCpJVCA4GnB+ZE5zHw2TzKxckD2Fv50CAwEAAaOCBIYwggSCMIIB+AYKKwYBBAHWeQIEAgSCAegEggHkAeIAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWosgo7HAAAEAwBHMEUCIQDxsZNzYkLbM868bD3SMkNLWXX8lEALfvxqPoQGY5x2tgIgDEcJW3p8o64LKSWQRQ0+hsJn1\/JDWZihSsbo+ExTPccAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWosgo6rAAAEAwBIMEYCIQCVNmWzXEcKUnDtdzYtY1zrJRprglbAs8n2Ye0VfgyrhAIhANdbj8+fopl1sUicALfp38YDI4gwAAs5\/Cl8K38eMOLqAHYARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFqLIKOrQAABAMARzBFAiBZfs1DPFEJiU6\/3XIJfgFRhP6k6Nx0f85Q3SaNv1cmwgIhALcW2jWl+eD\/\/wQgRUpHHHxjIdpbgQykhNksyH6XUpOWAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFqLIKOwQAABAMASDBGAiEA3F7dGIpug0aCn6LwM2SYyuKjt9KzmSMxBdPRBbC+H2kCIQCd1JR1wwjqsINPZmZUwAHCOJo7tLF4e9bN96ALAzkBTjAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYE"}
00440{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":257321,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7FzAqAEGNHJYO+yDAbslAEYMUJcaBrAQEAlP3AAAAQEICjCEsckB1ARAAQEFClCXH6ZQlyVG"}
@@ -406,19 +406,19 @@
00425{"flow_id":34,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":257610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7GjAqAEGNHJYO+yDAbslAEYMUJcxgIAQD8tUtQAAAQEICjCEsckB1ARd"}
00596{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1472,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":258621,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAG6+rAqAEGNHJYO+yDAbslAEYMUJcxgIAYEACBEQAAAQEICjCEscoB1ARdFgMDAEYQAABCQQRezSsAnQlWi0lqjQ4SpHGDfX17OXxqfEsHS8ZLdzsrGwBaBZFaQaUp8s6URLRqDEULI2+tuWAliD5jYvlhw6DSFAMDAAEBFgMDACgAAAAAAAAAAJnk61cTj4qNF6lQxeOyYfjOa3e0tTslesD1nI3CMPG4"}
00554{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1473,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":270660,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG7AvAqAEGNHJYO+yDAbslAEaKUJcxgIAYEADGawAAAQEICjCEsdUB1ARdFwMDAFgAAAAAAAAAAU4rtga3rq\/SDasDr\/c8RLmPqsh8im3OWQrnz2JH7mVci39ydqqhqXreT6iBJDhCtIoiv56M41zLr4M5t0Mld8g5EWihM+F4YqGRaSsS8K2G"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1587041683333,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1587041683333,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":333389,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyEAbsX4foHAAAAALAC\/\/8Q\/AAAAgQFtAEDAwUBAQgKMISyEgAAAAAEAgAA"}
00437{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":378966,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
00424{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":379074,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
00705{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":379360,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyEAbsX4foIG4kggIAYEAle8wAAAQEICjCEsj9hHvtMFgMBAMkBAADFAwNQ2mjoGM5bceT+50qedBeC2QzxBSnWB8x+XpaOKMz6dSCjQgAAk2B6jpiMP4aNnNPzeGx44\/6X3U2RH3y64O03zgAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":406443,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","type":34969}
02365{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430778,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVANAAGwGcd80ck0hwKgBBgG77IQbiSCAF+H61oAQBAWFnQAAAQEICmEe+38whLI\/FgMDEGYCAABRAwNemFWT1kX8u9ATY\/YCwH831ucgt0juCj9cD9NieB4F3SDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkMAwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
02361{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1501,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430816,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVARAAGwGcd40ck0hwKgBBgG77IQbiSYgF+H61oAQBAUL2AAAAQEICmEe+38whLI\/LnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00425{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":430891,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4frWG4krwIAQD6+b9wAAAQEICjCEsnFhHvt\/"}
02217{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":431072,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfVAVAAGwGclI0ck0hwKgBBgG77IQbiSvAF+H61oAYBAVk4gAAAQEICmEe+38whLI\/BM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdIFmAFbN6pEW7KsGaZYeH9XkA5bDQyl7+p6tUu1Mmf\/12BAEBAInrImOTUJcbCIQhdFRlAi3IWodeZq3y\/CMsb8IHyRAKdguL6HVOMPEMCjN5\/h6+bQOYvmkJNymua9YYwLCgJPZydwWvzjcG53SXOc6pk8\/Mrbq\/tArMd1+ucmZQYW7GGuy\/c2vDUTAELDZuXxWJ2yYh64vhA6mFlGcF\/DVHqgghv4bhk6A4KK64jygxjd5enDraCuJpfckEe6ASLLIW8qZDRlb1eGsVeJKluno5vSmx9sIhuYoA0jCfPC8xi\/WJYcHpQ\/+NzumoFHPo914gQZKU8AWtCe5f+AWv0f8LkMhch75nRssezrgIjd2xDyUaq9dlODpz+BfPMEMxxBygMaoOAAAA"}
-01300{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_tot_l4_data_len":4685,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01311{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00425{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1505,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":431113,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4frWG4kw64AQD9aWpQAAAQEICjCEsnFhHvt\/"}
00553{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1506,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":432261,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIeyEAbsX4frWG4kw64AYEABxswAAAQEICjCEsnJhHvt\/FgMDACUQAAAhIHlHECyVYXiIWBhXkzZvQlMWaCVu+lDMYkV1pzAo97ByFAMDAAEBFgMDACgAAAAAAAAAAM38DY8prudyLmt15rCEEidJ0bawdrQJHah5FREcDBRP"}
00496{"flow_id":35,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1509,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":477093,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnVAZAAGwGd0k0ck0hwKgBBgG77IQbiTDrF+H7M4AYBAWmfgAAAQEICmEe+60whLJyFAMDAAEBFgMDACgAAAAAAAAAABrg34hnZWwieIala85MwkRBQ90\/5OmnCY8VKC399k19"}
@@ -428,24 +428,24 @@
02366{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":478325,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyEAbsX4gZbG4kxHoAQEADx9gAAAQEICjCEsp9hHvutDHcc6klo6KPNM\/o34DlMc1ibh02AeqxSFguVn0wjv2VBZ0Uy2yjqYc5jWwho+xIl5aFaD98VMWIrCG0\/OdNBEK82cBBsZa5JVCcYSMZ8k4dNNSH1mYpYEcLqvd8UOhGdqjjFIp0N1D+XhCCV+1O4VcuqBth6zKbwPyKBmzqgJu1akbfmUT+L+iuzUFYMnc\/h4nCsCJd158nFYa76wgSFedaCApeMH7GJ0KPUsQ5syc1J+oGFU16iFpZCPRORSz\/MrtwphqEWC+s1YGpRHaVHlNvALGyK+y\/2+\/TvmmPzplwOJA5zBWbuv2BJKLFoFTGSy1jOYY6RNWxB\/ZMdLL\/K1B3Dg3ml6tOR1Epk9ca8bl+3UUkkp0CCyeWTNk9p3btiLZ6ouLe2w+mc7bBM2798faPPaS0pAwFVS8rTPSh2bO\/2aBvWrqB\/zCLD6dgj14JqpC5qcboCYDdQaAlq6IqNWyW3ummOJmnBLqKzTV2Vu7IPs3tloj64MTEiG2mhuNVItgYG9hqKQrL7HCC3WoCSjuOf+07RIYY1sYYtyjtOTzVaJ2PA8LtmzItJLNgTZ40x+uWZmxgiEPEWqPEK\/w2HA\/i9Iup2s7hjqJ0rnbXna93wRPqpmEjh086UoDYUTKqBoyADI90ORGt5+VANfWNpg9wL4LFzRf1lYOuD8HZMV6Y65Mj8X9fVc3+e94N1EbLc+8YizKV\/+p4grn0w6zP\/KL9SJjkd1vveXC3pGJEBXRHmQkUUbijxaRZh5vSyI3FNxllOpRtWv0VKaNZ80wFiB7Jv+3M3g9YQ9m3Yj328FjMxFv29V16GmoCGaxvSwxGlBVLC45EpnwWqB6oTbemsqU7c3TOadjxaNMpztZ6xfJNG9CRQ7kSQdwxPpbWk\/CQD0X4GvF71DS2151YMZJ5waUgJD+tIYhG+TbJ+kCxhi4xBoo9Dzco1vNd2FNIf3o13omRdlM4t9aTYNwzxJuY9hrXkXwEArBWhcGfxga1I1ForDLN84XDpE+1O9WNrTkd3ZfzqgJOm1OnEMWBSF4tJsmvLON2uH\/AJ05AzOvjl467HIrQ6Lz1tLInUvwI01pRMg\/P\/tDOg52jrj9rVGkFuqhcS8JMgu2Pl0kyAT0u5v8RGK7hSRn2rVVsnGr+I1OEj8i5o9M3BK82HXYzo+gg4wYbdAKpY48dNJbbAyFQDvaHhQ\/PTVZX1swJtnVN41ka6qjxYlHRt7jxBaHe60FUHdh8jirySuknOvTZHIqIlApkZto28LhsC7RMTsxzW773z0d19kEPAxEVD\/hymACh1ENMbIlknGUIBoM3rAq9Sjqushq6edWyRwXdkd8V1wuMnnEzZdJfslGQ2R2Ze5qt3WwXdsDt8UXz7giku8wB7BweHAeoIxWhSWO\/qow\/rrr72qZRZnJS2HVDayPVZ5U2lfACJOnVI62VMHKp+yLOOVwu5ZLgLSsMmk9cTU5M0I0qdaiuLkxRnmfN2NAHEz2GOX2KflxOvplnt5ym7kLiJvQvQWXuIjwepcwoZTE8g3C+1SHA5OZIsZiQIgvk\/wbEKGYguOlbR4tw9CQk\/0u8q2RmnX+OShSmEH+2PxeRA2cu0PKi3Qfy9f3UarU7W87rgVjj5rxeSEl\/QAGrDSQM2qwQfLfNuj5\/ME4MMwZw4D\/oWnhr4TX3TLY9Cee3mCV49Ootz4LtlMTb9Bks67ue3P+poGWHIH7HFDr\/2ZyLxTFAPx5nAdxPdOqeLnE7bmbOMBM1t9sMhNzaWT1pgyojF92fKUG\/5JJ7P7h7hztYsnZ77KB4r+JhCm0\/BwDnubdUfF725ro0KvmEwbuH+Wq+EVkWY44J72rxSTMj1dFHHzY589FN7F8Z11X6wEwEnbD0giqOfLrGogRIKiVptmo6fJjc3g\/gB"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041683,"pkt_ts_usec":611241,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":291077,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1587041684291,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00627{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":304618,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"pkt":"KDc3AG3IEBMx8Tl2CABFAADIzNlAADkR8PPAqAEBwKgBBgA16AsAtAAAN+6BgAABAAUAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAHADAAFAAEAAABCABQJc3Vic3RyYXRlB21zLWFjZGPAFsAyAAUAAQAAABYACAVhZmQta8AWwFIABQABAAAAGQAoEm91dGxvb2stb2ZmaWNlLWNvbQZrLTAwMDIIay1tc2VkZ2UDbmV0AMBmAAUAAQAAAKAAAsB5wHkAAQABAAAAoQAEDWsSCw=="}
-00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":46,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1587041684306,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1686,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1587041684306,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1687,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":306115,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWZTAqAEGDWsSC+yFAbvNnLiZAAAAALAC\/\/\/7GwAAAgQFtAEDAwUBAQgKMIS1wQAAAAAEAgAA"}
00427{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1697,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":317619,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0FJpAAHUGEAYNaxILwKgBBgG77IU13hw0zZy4moAS\/\/\/HZQAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":317725,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
00696{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":317987,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGWNnAqAEGDWsSC+yFAbvNnLiaNd4cNVAYIAB7OAAAFgMBAM4BAADKAwNT9yhcRBpq6+zC6hAkiruFzkDB0iUODZ2vqxEjURraCwAAHGpqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACF2toAAP8BAAEAAAAAGQAXAAAUc3Vic3RyYXRlLm9mZmljZS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAja2gAdABcAGAAbAAMCAAK6ugABAA=="}
-00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00756{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00416{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1701,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":329497,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoFJtAAHYGDxENaxILwKgBBgG77IU13hw1zZy5bVAQBAEDUQAAAAAAAAAA"}
02355{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1718,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":361997,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFJxAAHYGCWQNaxILwKgBBgG77IU13hw1zZy5bVAQBAE1xgAAFgMDEScCAABiAwNemFWUxi40371SEBsRoSvi3K1qS7dk8re7yQqXzV6fTCDWDgAAEZy1g76FcVx8iRxcs1H3LDFiTCTdny4ZR8Qn1cAwAAAaAAUAAAAjAAAAEAAFAAMCaDIAFwAA\/wEAAQALAA1vAA1sAAjQMIIIzDCCB7SgAwIBAgIQB2hUBcDpx4XEzZrxIUolfjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxEaWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTE5MDcxMjAwMDAwMFoXDTIxMDcxMjEyMDAwMFowcTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEbMBkGA1UEAxMST3V0bG9vay5vZmZpY2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7+Nra7fKq66KQLN4DKrA0VnlSVepnT\/oHFUN09PHVOIi7oIBLhWjsVBqFAmP7Gvo7MbUy9kMq0TvmUUptU30SReC5mTFyD4zO8TNxdR9JPw96iUXWdQlXrYfS1dnwMgxGbkub+csPd4PL3NOPVyo1dRsT1B4jZ13Me0JRl4Um40k8h0i5XD6GrOfIdKinMEamE0dNEDqD8kvBR5fkH2bnLUv4EM4l5i7SRrOz9iLyy0cmw\/GDqCNBRqipSW0ywd6Wkhk42sgG1SK2czbZjKs1SeqOMRrmzmJkxgWAHJ9pxwvazNb+F+VfrRD8B2v7mI1gp3c8zJVWl7ap\/lrTf4RwIDAQABo4IFhDCCBYAwHwYDVR0jBBgwFoAU3VHQojFzqXOuj7QBfl2MV8uf8PcwHQYDVR0OBBYEFEvzprbM0Zp6vEsA3rmSQigYtbvmMIICIwYDVR0RBIICGjCCAhaCEk91dGxvb2sub2ZmaWNlLmNvbYIdYXR0YWNobWVudC5vdXRsb29rLm9mZmljZS5uZXSCIGF0dGFjaG1lbnQub3V0bG9vay5vZmZpY2VwcGUubmV0ghNib29raW5ncy5vZmZpY2UuY29tghBkZWx2ZS5vZmZpY2UuY29tghplZGdlLm91dGxvb2sub2ZmaWNlMzY1LmNvbYITZWRnZXNkZi5vdXRsb29rLmNvbYIUaW1nLmRlbHZlLm9mZmljZS5jb22CEG91dGxvb2subGl2ZS5jb22CFG91dGxvb2stc2RmLmxpdmUuY29tghZvdXRsb29rLXNkZi5vZmZpY2UuY29tghlzZGZlZGdlLXBpbG90Lm91dGxvb2suY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIYc3Vic3RyYXRlLXNkZi5vZmZpY2UuY29tghxhZmQtay1hY2RjLWRpcmVjdC5vZmZpY2UuY29tghNiZXRhLXNkZi55YW1tZXIuY29tghR0ZWFtcy1zZGYueWFtbWVyLmNvbYIPYmV0YS55YW1tZXIuY29tghB0ZWFtcy55YW1tZXIuY29tghZhdHRhY2htZW50cy5vZmZpY2UubmV0ghphdHRhY2htZW50cy1zZGYub2ZmaWNlLm5ldIIQYWZkLWsub2ZmaWNlLmNvbYIUYWZkLWstc2RmLm9mZmljZS5jb20wDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmwwP6A9oDuGOWh0dHA6Ly9jcmw0LmRp"}
02381{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1719,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":362087,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFJ1AAHYGCWMNaxILwKgBBgG77IU13iHhzZy5bVAQBAGr9QAAZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLWcxLmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAWvnKNL7AAAEAwBGMEQCIFbofofUy9ktak4PriQRRgfrb\/\/YUBTYLuzVUeWLPNoHAiAioRFLut07EprtxaQiI\/9Rt7gXRYKun6JeXwdIx2uTBAB1AId1v+dZfPiMQ5lfvfNu\/1aNR1Y2\/0q1YMG06v9eoIMPAAABa+co0zgAAAQDAEYwRAIgEVb+llytLDXFaLeM916wyeaunc5wOnHG\/joEXgg5fZECIDCL4nvgXJcKX\/dhEP\/NBmkp2wU8xtwPu2NSvmr2oYluAHYARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFr5yjSQgAABAMARzBFAiEAwKcUB0l49\/P4tNFKoTeSduAoShl40L2Cz5dlG2pZ7KkCIFkr8DwT3VrMX8xNpgd1kCRNM08sc6SGi0BCGha6KZWKMA0GCSqGSIb3DQEBCwUAA4IBAQAWuauuUY2aQwCm\/RoC4+uIQOS1azmqVkslnqB35KSxJas3tRxoeEifxauQp6WRjYFK4Fu4SsemL+vPwDq0ObnMf6w9ySMoB\/QlWejUlaum98h2UqthxLIKniT4o+Hfp8UTyjSdgGFIf142\/naakhcaZ33JndSts2u98OrXalNgf8sjAHzyeg9WqlXA8ZtXQBKwxE4ITfDwAevAtpw1kCSe+DLygQ83fbzlfXBqFrD6QtsY7SInkQedfawfF4VQhIMwCfiKEuGNHRE5I\/E9Vs5xp6wxpEeqR\/axNK4iH7WxgQEkbJFJXHVZolr\/j\/ZjjLsI5WWFpSEpKZ\/ddN+5mUn3AASWMIIEkjCCA3qgAwIBAgIQAZ7Bxr0\/WXuyDDM45VHYdzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xNTA4MDQxMjAwMDBaFw0zMDA4MDQxMjAwMDBaMEsxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJTAjBgNVBAMTHERpZ2lDZXJ0IENsb3VkIFNlcnZpY2VzIENBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRrfaHFHlUJ1fHLwVoPJs8zWfsRRAshPKkR8TZU0JFCbvk\/jPB17xGL9GL5re1Z3h8anC+\/bjltlTPTF6suCJ0c1UpCHPIZPfQlQkOeYNQv1\/11MybQmGOgAS5QarOThKZm6zWxb5bAnO1FqSrcWLUmOpAOYWm9rsv6OeHwov2nDLN7Pg+v4nndCOCS9rqv3OmJTz9v6nlaP\/4MKJgxzsuo\/PFfzs7\/Q8xoXx0D9C\/FMS9aPGl52un35sAfkYlTuboE\/P2BsfUbwsnIEJdYbw\/YNJ8lnLJfLCL\/\/lIBVME+iKvt81RXW3dkHQD8DNP9MfA"}
00408{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1720,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":362150,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLltNd4njVAQH9LcJwAA"}
02369{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1721,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":362334,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUFJ5AAHYGCWINaxILwKgBBgG77IU13ieNzZy5bVAQBAEixAAAPlZGR69zIIvcej6j8l3\/AgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQsFAAOCAQEACCnEyKb+tDgo96MZZ4zqBTsOS0BiYh48FMYF3DanTzJxRgVegB1ca\/Btbdkhdgu9RsS5ZpdN\/4AUeodphLLW\/8kWcL6jzIshre5cjSStwo+Z4MyeigkDuA+atVuQKyr316UvSmWoxOTFx3GplkZPq21LKhbL8ak79h8hObTrrWAEgpsSv96r0kYdDA07dgL5C9XOU4VCeylNRtGLzWTsIRZPLwFDWNFl7Vyl+0Sg0lDo3mbEtjGehzMDsMnGSxLnWzWU2UbOMeu\/uPaeC4SFgiJWxCOEVOdSMwwlyxrsRFUPY5Zys80ZXn4OJ4XVpOqw4qXcBiklkOjOLOnp0HzvzhYAAdkBAAHVMIIB0QoBAKCCAcowggHGBgkrBgEFBQcwAQEEggG3MIIBszCBnKIWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9xgPMjAyMDA0MTMxNTMyMjNaMHEwbzBHMAcGBSsOAwIaBBRItqniEpOzwCCxKs5Oc2SaPGfcmwQU3VHQojFzqXOuj7QBfl2MV8uf8PcCEAdoVAXA6ceFxM2a8SFKJX6AABgPMjAyMDA0MTMxNTMyMjNaoBEYDzIwMjAwNDIwMTQ0NzIzWjANBgkqhkiG9w0BAQsFAAOCAQEAurQ3e0uI2\/3QkXdKtO6HPFwkivYaluy4DwK1QvLUfqePLndtpNN8rsupNb7b\/oo7qhnkfY+aPOaVxIdkWedm3ej5ryG4h7BDas+S0IgWxBRCJCIJezKZ2rLUqHIgGtfo1If3nSrVtTlE7E0LOqjMAqi\/7ttk\/ztQyN9xOGxQGuO7ZKFfJ6iJrFpCGrwKKruaHeFdfi9EZpajkk0OzX6tLr1rW+TMWGmCl5K1kIOCQocnxk6ZQ1LkFDHPXsJ\/N7UncZNkWEQJlYSYExY1U9QqoJVKXkJQYwJucq3+pmOUTbBYX8JRfA9eAEhvetTvhBj7ubZmVqbnQ2UOWb2bG4H\/LgwAAWkDABhhBM3oeauFr\/+yDZmf7u6HI3wTfUAx0qmvQiJb1VA8dnP8BFmdEg1HD3CFvQtnFzldT60cf66xT1pxU\/vheLykWn9qYtFtB2LBAywLyeSS1+E5f+d4eFrgYscIAxDCl69sZgQBAQBQ27XZvH1rV2pUXV\/lggIb0Wd7OIg0w8iduLLGNJi6RuH+K+KSLtule2pvwGAy7uAJjAv5I7CIrUGIj1\/V5FNvQ4vdk+ifuw0OzRTDtGXxV5PVwBDdKC7jFKqB5z8lOYtDr6seiApM5UMkvPMgD0iAhmeoE2D88GvyCSY171XvVnfeLHMH+TkJvNlLsjSpG+p66s96vTtTZaH6Hb5VDzAyRIdBteTyFTmXgxbAfzYXWJPrvGY2LunIPSMDrxTYfWYYMp5aKEuETmsefIq5WE3Z2OlYaBi+d+DPhPwI"}
00465{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":362335,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQFJ9AAHYGDuUNaxILwKgBBgG77IU13i05zZy5bVAYBAEvfwAA2BU6FLOqezFGRH8EDwiDKQrqoWuDQ8c67wKl46tlInnEsf3RDgAAAA=="}
-01566{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_tot_l4_data_len":4843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
+01577{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
00409{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1723,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":362373,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLltNd4tYVAQH9HWVAAA"}
00627{"flow_id":37,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":366212,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"EBMx8Tl2KDc3AG3ICABFAADGAABAAEAGWQ7AqAEGDWsSC+yFAbvNnLltNd4tYVAYIADR3gAAFgMDAGYQAABiYQTJ2e7AKWBQ04e1oVsTbr+Pd2xAGivzg\/UtbmFTalVk6OyMTpkH+ppXobE+32uV7\/D6XXEPCiyHu9Fj+T5kVMU86jwjuCr9Zld4aeEx7Ov9VdAH0mPX8DQpk4RPAjXOA4YUAwMAAQEWAwMAKAAAAAAAAAAAk6diy7+2roS\/v+tTXTMj5Lt7gLRyYvp53RvO8TB8FLY="}
00537{"flow_id":37,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1725,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":373953,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"EBMx8Tl2KDc3AG3ICABFAACFAABAAEAGWU\/AqAEGDWsSC+yFAbvNnLoLNd4tYVAYIAAp8gAAFwMDAFgAAAAAAAAAAamLj9A5OPT3Qblu0RImM1R5UCQzMjbveajEvsmKdeWImBylqL0J4JcD7voAm+GUiwTzCBvruK8wFjqXhmNh2gqVGlRZ9RFB0TkonutwnTL2"}
@@ -453,54 +453,54 @@
00593{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1727,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":374350,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"EBMx8Tl2KDc3AG3ICABFAACsAABAAEAGWSjAqAEGDWsSC+yFAbvNnLyCNd4tYVAYIABWVQAAFwMDAH8AAAAAAAAAA\/r4V7fKCRvENEHp2g9oFooWRNtbwacjQp5ot\/N9Dpu1\/XRH0KkXCfxdbarfm17nT4djYDWdAWmnmNu\/aTLusJ6kYlOwsB+guT1ONQ8OI1tB+9TDyiNT0a2qyBQ+OOL4BWjVA16FFnxWiLsBk7g\/adWO6XttK6ej"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041684,"pkt_ts_usec":611243,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":90830,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1587041685091,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1587041685090,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1587041685091,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":91534,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZE40AAP8RJK\/AqAEGwKgBAdGuADUARafs9AEBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAQ=="}
-00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1587041685091,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1587041685092,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1776,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1587041685091,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1587041685092,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":92516,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZD5kAAP8RKKPAqAEGwKgBAf7OADUARYKEB0oBAAABAAAAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAQ=="}
-00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1587041685092,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1587041685093,"flow_last_seen":0,"flow_tot_l4_data_len":61,"flow_min_l4_data_len":61,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1587041685092,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1587041685093,"flow_last_seen":0,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":93044,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"EBMx8Tl2KDc3AG3ICABFAABRstMAAP8RhXDAqAEGwKgBAcXdADUAPUwYqlcBAAABAAAAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAE="}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1587041685093,"flow_last_seen":0,"flow_tot_l4_data_len":61,"flow_min_l4_data_len":61,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1778,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1587041685093,"flow_last_seen":0,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":53,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00572{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":104871,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfqZ9AADkRFFfAqAEBwKgBBgA10a4AiwAA9AGBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AABwAAcAMAAUAAQAADYsAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJABwAAQAAAAUAECoBARHxAHAAAAAAAG\/dVKE="}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":69,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}
+00704{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1781,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"42.1.1.17"}}
00556{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":105349,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"KDc3AG3IEBMx8Tl2CABFAACTMl9AADkRi6PAqAEBwKgBBgA1\/s4AfwAAB0qBgAABAAIAAAAAD3Ryb3V0ZXIyLWFzc2UtYQd0cm91dGVyBXRlYW1zCW1pY3Jvc29mdANjb20AAAEAAcAMAAUAAQAADNUAHg90cm91dGVyMi1hc3NlLWEIY2xvdWRhcHADbmV0AMBJAAEAAQAAAAgABDRyDy0="}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":69,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1587041685106,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1782,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"trouter2-asse-a.trouter.teams.microsoft.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.15.45"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1587041685106,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1783,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":106192,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGNWvAqAEGNHIPLeyHAbsC\/Q6WAAAAALAC\/\/9IhwAAAgQFtAEDAwUBAQgKMIS4zgAAAAAEAgAA"}
00627{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":127636,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"KDc3AG3IEBMx8Tl2CABFAADKzTRAADkR8JbAqAEBwKgBBgA1xd0AtgAAqleBgAABAAMAAAAAA2FwaQtmbGlnaHRwcm94eQV0ZWFtcwltaWNyb3NvZnQDY29tAAABAAHADAAFAAEAAA4OACoDYXBpC2ZsaWdodHByb3h5BXRlYW1zDnRyYWZmaWNtYW5hZ2VyA25ldADAQQAFAAEAAAEsACcbYy1mbGlnaHRwcm94eS1ldW5vLTAxLXRlYW1zCGNsb3VkYXBwwGbAdwABAAEAAAAGAAQ0ck2I"}
-00687{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":61,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}
+00699{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1792,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"api.flightproxy.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.77.136"}}
00619{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":136892,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"KDc3AG3IEBMx8Tl2CABFAADDZa9AADkRWCPAqAEBwKgBBgA17z0ArwAAVKqBgAABAAMAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAALoAAiBGV1YXoCdHIFdGVhbXMOdHJhZmZpY21hbmFnZXIDbmV0AMA5AAUAAQAAAAAAMBJiLXRyLXRlYW1zLWV1bm8tMDULbm9ydGhldXJvcGUIY2xvdWRhcHAFYXp1cmXAJMBnAAEAAQAAAAoABDRy+ns="}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":53,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1587041685171,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1797,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.250.123"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1587041685171,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":171649,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABADGUAAP8RK\/DAqAEGwKgBAeRZADUALJr8l0UBAAABAAAAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQAB"}
-00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1587041685171,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1798,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1587041685171,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00655{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":185131,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"KDc3AG3IEBMx8Tl2CABFAADeqaxAADkRFAvAqAEBwKgBBgA15FkAygAAl0WBgAABAAYAAAAAB291dGxvb2sGb2ZmaWNlA2NvbQAAAQABwAwABQABAAAANQAMCXN1YnN0cmF0ZcAUwDAABQABAAAAxQAUCXN1YnN0cmF0ZQdtcy1hY2RjwBTASAAFAAEAAAAmAAgFYWZkLWvAFMBoAAUAAQAAACYAKBJvdXRsb29rLW9mZmljZS1jb20Gay0wMDAyCGstbXNlZGdlA25ldADAfAAFAAEAAACgAALAj8CPAAEAAQAAAJ8ABA1rEgs="}
-00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":44,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1587041685232,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00694{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1799,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"outlook.office.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"13.107.18.11"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1587041685232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1805,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":232231,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyIAbtyjZOTAAAAALAC\/\/8ViAAAAgQFtAEDAwUBAQgKMIS5SgAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1587041685240,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1587041685240,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1806,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":240465,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyKAbtGGzTNAAAAALAC\/\/8rVAAAAgQFtAEDAwUBAQgKMIS5UgAAAAAEAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1587041685243,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1587041685243,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":243104,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPU3QAAP8R5NHAqAEGwKgBAchtADUAO5eNyGMBAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAAB"}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1587041685243,"flow_last_seen":0,"flow_tot_l4_data_len":59,"flow_min_l4_data_len":59,"flow_max_l4_data_len":59,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1587041685248,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1807,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1587041685243,"flow_last_seen":0,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1587041685248,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1808,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":248604,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyLAbsws\/klAAAAALAC\/\/\/xvAAAAgQFtAEDAwUBAQgKMIS5WgAAAAAEAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1587041685251,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1587041685251,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":251950,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6IfFAAAAALAC\/\/8d8gAAAgQFtAEDAwUBAQgKMIS5XQAAAAAEAgAA"}
00426{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1810,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":253368,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0w5JAAHUGiY00ccKEwKgBBgG77IqoHlkCRhs0zoAS\/\/9MIAAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1811,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":253460,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzTOqB5ZA1AQIABs3wAA"}
00660{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":253933,"pkt_caplen":240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":240,"pkt_l4_len":206,"pkt":"EBMx8Tl2KDc3AG3ICABFAADiAABAAEAGgXLAqAEGNHHChOyKAbtGGzTOqB5ZA1AYIAAZhwAAFgMBALUBAACxAwNemFWVZrT7WTFXDzKTJwgyjyi4pczPS4OaStHQgrmy6wAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXAAAAB8AHQAAGmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_tot_l4_data_len":302,"flow_min_l4_data_len":20,"flow_max_l4_data_len":206,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1812,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1587041685240,"flow_last_seen":1587041685253,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":186,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00569{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":256108,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"KDc3AG3IEBMx8Tl2CABFAACb\/nFAADkRv4jAqAEBwKgBBgA1yG0AhwAAyGOBgAABAAAAAQAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAHAABwCEABgABAAAADgBABHByZDEOYXp1cmVkbnMtY2xvdWTAKgZtc25oc3QJbWljcm9zb2Z0A2NvbQB9o\/w8AAADhAAAASwACTqAAAAAPA=="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":59,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1813,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1814,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":261856,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jN1AAG0Ge5k0cg8twKgBBgG77IfA1AaRAv0Ol4AS\/\/+iigAAAgQFoAEDAwgBAQQC"}
00409{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1815,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":261955,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q6XwNQGklAQIADDSQAA"}
00685{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":262299,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"pkt":"EBMx8Tl2KDc3AG3ICABFAADzAABAAEAGNLjAqAEGNHIPLeyHAbsC\/Q6XwNQGklAYIAAraAAAFgMBAMYBAADCAwNemFWVnmpu5iBYzDA0OwyTFl3gYWrTqQBuMzMR9X7FRwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAbQAAADAALgAAK3Ryb3V0ZXIyLWFzc2UtYS50cm91dGVyLnRlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00789{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":223,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00800{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1816,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1587041685106,"flow_last_seen":1587041685262,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":203,"flow_tot_l4_payload_len":203,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00416{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":265739,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5NAAHYGiJg0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAGIJAAAAAAAAAAA"}
02373{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1818,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":267727,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUw5RAAHYGgus0ccKEwKgBBgG77IqoHlkDRhs1iFAQBAEKpQAAFgMDFysCAABZAwNemFWVon9sUY4smg\/Tw8+Zv8VcFlbcOdwExviP9\/E9yiDtJgAAkTnSxwdrr6KK4vMnxfSrgFx0pEdWZA9lBe7G6sAwAAARAAUAAAAXAAD\/AQABAAAAAAALAA4qAA4nAAhpMIIIZTCCBk2gAwIBAgITewAM1sff2xxDrSCFcgAAAAzWxzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwHhcNMTkxMjExMDIwNDIwWhcNMjExMjExMDIwNDIwWjAlMSMwIQYDVQQDExpjb25maWcudGVhbXMubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKuoME\/5gx1HQd9sdy+s4YHawKf9J7S8dT4WfnUAqnYkdTyrmLaQGvnOVwm+Alg2MKjbLj7YlmrDEl+LlLhqsCOxTh+sGycfVj0hKsId4tssxk5dtSL14K6G+H0YBnvNUQu7vvVvTNCI4YPZj0lV\/ZKyol\/te+IRYafpXBi14wsmzo2lqeisNF9ulHu6A\/2xL\/FDFcQYFu8GUtZc\/1EHZiuH\/he6vLnSRl83OVtV\/yk0CSgW886Nb3\/WEJvOECPWn3DgxpU6jkEm4EvSs3adX1+bc\/i5J6\/gLUtUs6cAnmJtNvXs2pq\/f\/tijDc4rGLidlBdTF1jYL0uU8bsIVDJNSECAwEAAaOCBCUwggQhMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW7yvGHMAAAEAwBHMEUCIGa+\/kHz87e\/oQ8aC69gj8\/aoYo\/tE6p\/Si82L3s3PkGAiEAhkZwyGwr5TrczZ4j5sAn1Yok0bmQ50Q1otYS4UIF5GkAdgDuwJXujXJkD5Ljw7kbxxKjaWoJe0tqGhQ45keyy+3F+QAAAW7yvGL7AAAEAwBHMEUCID+jfXayujZyLzrbTnDycGFeCHnUL4IvMp4VSwcYAXjjAiEA+Wo2YMDO1x5lLdfKexvP6AnwkgDNgKyPCWglZwJVdW4AdQBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW7yvGL5AAAEAwBGMEQCIHZ5MUybiLcqRiY\/i+zyj6mrjZJKktvjmJq7sVfmPkqyAiBXLnK3UpG6nhefXHnnWSJys9aLqQm8v0FaMVa+Jt2CdTAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFLtL8OEZ7zs1ivteHY43T3pv1cy9MAsGA1UdDwQEAwIEsDBDBgNVHREEPDA6ghwqLmNvbmZpZy50ZWFtcy5taWNyb3NvZnQuY29tghpjb25maWcudGVhbXMubWljcm9zb2Z0LmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWlj"}
02364{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1819,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":269229,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUw5VAAHYGguo0ccKEwKgBBgG77IqoHl6vRhs1iFAQBAEktwAAcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAbVNFS732wYQvpkp3TDu3jW5fDqMTSkI2h2vMgS6KsQ1QnCBa0j+Kz1QXRYKkRourVWeuaDA+ZX8fhYHy+mFVKIf93Uy3iALbB6EzeCzhBLgr0WXY+KnfFMc4DaThv6rNLAatFngta1jAOodkGyqq1eAE86s+M7+i462khCw5GrSfOsuQdoz+fi1d4Iqxt5D+efo7tL9jCs2k7qBfDzR5Jpqt4QO5jQgZY7tC+Qfc5IQs+OKqyuud7i5nhK9uBhU+9r1PgtOxtRYeRQSKjULmcKavWh36Lmq7BnvKlaWyxjMqLVFElt8\/Abr+9TPfLe3vBDrqBYzIhtFQ8w7UW2UefD5fgcAqtVRPFSLUHVqHAx2CiXnXIgB9uZIdlLUh5\/Me4AhuKHzx47glbPuFhf6zgzevdov27btHB45dG8flVKgj+dU5xDnbX+j4qyt+zoTjxwEUdfXCSNSY0rJsRk8\/zeFyE\/ESrRTEMlGN\/gzW616B42ihaLRYkPoDYvQYdmGgL3fIKU14Avf3mgnLPXIfAoF50JTW4rVtcYkTAJQYAi2Os00jlfHVd4+0DvnzANuY1WMbFSpokuD6AjYKqWuAdqZgmyAsXMDlXps7UtNi3\/9FrFJ6zXAQ7kaQCkkKzcTkyRYy4ioUXc1zYrS7rhFMfDnOlHnUFy1dCoDYRCmagG8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB"}
@@ -509,21 +509,21 @@
00409{"flow_id":45,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1822,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":269429,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzWIqB5qB1AQIABbIQAA"}
02371{"flow_id":45,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1823,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":269473,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUw5dAAHYGgug0ccKEwKgBBgG77IqoHmoHRhs1iFAQBAGsQwAAbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0yMDAzMTUxNTQxMjNaFw0yMTAzMTUxNTQxMjNaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfMV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9PunaNFnz92aO8d4uH\/JCreP9UtdnH6Bv3+BjNMnU24H982v4wslFnOHRkeShM6dTut2u5yX3USK4TkHudmdpKCKlumoSspYbuV23UEmjEltXDdzSNYmzvQDOeZo9DyTtm0W9OcExDRacHKdHUSDCgp3idEbMLCXgoMPdcvciqUfRxxhpKEhzK6GRoNAmVI08HM6jLw+02rMYbuyQPnLJfaPIm6evkoCU6o9RORAng09ayQuSk72b1zEpJKOvFaK23Mnnwwb4jg93GQDHKSDRfL0BdvvWgSpMuv5U2HffFgVxCm1wKQl69Wj36qXQLZ2+wxv0swlG5nuGABQ6me1wIDAQABo4HWMIHTMB0GA1UdDgQWBBT2QicgVIiUGcXuWQzjNmbbYUVbMDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBRYiJ\/W3JxIIrcUPv+EiOjmhf\/6fTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZjmdhpwvUwne4YtRiQs3dOLK5ba63GxG4DhqLLccO6A\/Gu5C1WAliMVEL8laAmZT5rjg7rZU63ADlU6i5dqMR9d65Gu\/P9sbyDYjevTB8j4VU8zV1e45gmS1fnTxH\/L14iqqM3+BWmprexDyUCWsXRJxp70y2N2YVZOquaqZFIwT4zprb8MBujdP7iFkk8soOpf\/l5U+mse\/W63G1wria\/aCHeEKWVe5F2v21NaIvfUgT9wStvUyhVk\/6WDBFypCre8c05o6zB2kA3b8eGeE56uGm26VL14MWExRNwnneVTysASyklJztTJjKIJiCZ7UsldbRUSdIVZyB+rsUuFxEs2yfP+8euVoeKkH9FEh8fTVfqGv3pafupuN0u\/\/dLN4soa06DNvTDUQWkRRbO6el56U4uvdsc3yBYOUpCEfZdmlCUuiesiTGTZKjg6Pel9E6aM1lPKUoFEgORCSp0t9xzpsHahiQos2LCym9Pi5bAvWTLeT65NzwDYJWd9xkcPSHaqNaXxrfEmnDhHqFEHA0H5fZSslXa7f\/DeJ3nBxZ+H4M2s+WWZ1FXymQaVNiFwcz61dh2ni95gdfAdhA51nQgJKXcgCvW0sx8AMX+76lmXRTxCdRB3NUS9Zk+plCHydbLwht6fHuAcJFjDcQTuMBm+4m9NXfOoK2aCNAEf7l1IMAAFpAwAYYQRsf0uDmNKLJMeXHDZT0rfSfJS0YLu\/bNhtzdpDmZmv8ma9KGaKhbTpzUwtn+ftaZbx8rgClygx+yMxR7e4zKtAmcY+KBoVy9Pm22bWMCV0xzBqYQjq2W\/LcgoXQQ+8DfcEAQEAFs5VYCTZMkBsKc6j\/UO8aegTX42l6mEtjxcpF4fJCxlS6IcQIfcCZeQV2fZLTvVQ\/Ez0b7C9+zA0gHWVT\/TMxd2avgCyCGEEjtePKrowtFv0Ee6PrRZfjOrT3MTDYsLN\/dZDWa76luBUbueF0lYElHQaCMEtS0ExGpJcr\/mMQXKl8uBv"}
00587{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":269476,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"pkt":"KDc3AG3IEBMx8Tl2CABFAACow5hAAHYGiBM0ccKEwKgBBgG77IqoHm+zRhs1iFAYBAG7UwAA0mcjUfghRDb\/G5+kNE504qga61CM4XWHMBZPM70HVY6bl5nTW4wMgEeYhASKAuc9\/c\/3xIbCGqTe4byauDnwt4gDPGW+QsBCOLLeXL0uNApF+1lxuJWGCd0dT62LqmKvy+IaoLTNxa2wjndjRezbtFElebsXF2K1eQmjcw4AAAA="}
-01136{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_tot_l4_data_len":6398,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":533,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
+01147{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1824,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":12,"flow_first_seen":1587041685240,"flow_last_seen":1587041685269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6122,"flow_avg_l4_payload_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"config.teams.microsoft.com","server_names":"*.config.teams.microsoft.com,config.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=config.teams.microsoft.com","fingerprint":"B9:54:54:12:C9:E9:43:65:10:70:04:7B:AD:B6:0C:46:06:38:A5:FA"}}
00409{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1825,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":269514,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyKAbtGGzWIqB5wM1AQH85VJwAA"}
00436{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1828,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":278616,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8aa1AAGwGYc00ck0hwKgBBgG77IgacWa+co2TlKASIABIJQAAAgQFoAEDAwgEAggKYR7cGTCEuUo="}
00424{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1829,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":278702,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZOUGnFmv4AQEAmGrAAAAQEICjCEuXNhHtwZ"}
00705{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":278900,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyIAbtyjZOUGnFmv4AYEAk6ggAAAQEICjCEuXNhHtwZFgMBAMkBAADFAwO15W+8jaHI2sAcvPxYu3fOurYjru\/fmNz9T6MzJf3JQCDMFgAAPSmx1EB8rJYwgB6DDk65Ho1qqYZPmBoFpBpgkAAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1830,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1587041685232,"flow_last_seen":1587041685278,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00436{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1833,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":280598,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VD9AAGwGx0kofgkHwKgBBgG77IwJMzAcxeiHxqASIADLBQAAAgQFoAEDAwgEAggKUkq4VzCEuV0="}
00424{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":280662,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6IfGCTMwHYAQEAkJnwAAAQEICjCEuXRSSrhX"}
00758{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":281210,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRpvAqAEGKH4JB+yMAbvF6IfGCTMwHYAYEAl4\/QAAAQEICjCEuXVSSrhXFgMBAPEBAADtAwMO1aNpNC\/DfNA+zTgvlq4OTJH4Eaani+1AUzQaqTtdmgAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
-00784{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_tot_l4_data_len":394,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1835,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1587041685251,"flow_last_seen":1587041685281,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00560{"flow_id":45,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1836,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":291122,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"EBMx8Tl2KDc3AG3ICABFAACTAABAAEAGgcHAqAEGNHHChOyKAbtGGzWIqB5wM1AYIAA3KwAAFgMDAGYQAABiYQTSPsjxWGWz4pCe4\/e9vVSjl\/Z8Q0uN7k1kWUEcGAc3\/Gbp5QJzgkXHFiB4HT74NNZrxT8zrukht5BQ2pVsvaE9T\/TxBN83rZAPJ4GFxp7hMLAUr2QcDHEgUN74E6qDjiI="}
00436{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":294102,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VA1AAGwGd200ck0hwKgBBgG77IvHJo2qMLP5JqASIAAqDQAAAgQFoAEDAwgEAggKYR8CxDCEuVo="}
00425{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":294163,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/kmxyaNq4AQEAlolwAAAQEICjCEuYBhHwLE"}
00685{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":294436,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyAABAAEAG9sTAqAEGNHJNIeyLAbsws\/kmxyaNq4AYEAkImQAAAQEICjCEuYFhHwLEFgMBALkBAAC1AwNemFWVha04P4CUw6CKshmFd7ZG0fMDUFnrEIuMFFDaDAAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAYAAAACMAIQAAHm1vYmlsZS5waXBlLmFyaWEubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_tot_l4_data_len":338,"flow_min_l4_data_len":32,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":84,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00417{"flow_id":45,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":302502,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAow5lAAHYGiJI0ccKEwKgBBgG77IqoHnAzRhs181AQBAFwiQAAAAAAAAAA"}
02359{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":312634,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVEFAAGwGwa8ofgkHwKgBBgG77IwJMzW9xeiIvIAQBAWJ5wAAAQEIClJKuHcwhLl1i+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"}
00440{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":312734,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4XAqAEGKH4JB+yMAbvF6Ii8CTMwHbAQEAlO8wAAAQEICjCEuZJSSrhXAQEFCgkzNb0JMztd"}
@@ -537,7 +537,7 @@
02360{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":327512,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUaa9AAGwGXDM0ck0hwKgBBgG77IgacWxfco2UYoAQBAXqeQAAAQEICmEe3EYwhLlzLnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00425{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1863,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":327559,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZRiGnFx\/4AQD696oAAAAQEICjCEuZ5hHtxG"}
02217{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":327736,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfabBAAGwGXKc0ck0hwKgBBgG77IgacXH\/co2UYoAYBAXZxAAAAQEICmEe3EYwhLlzBM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdIOCr76LZu+DzyppiQ4LXLjCknXmVh5L\/rzTB1MVm\/KYrBAEBAAxBncNrD\/LiaoNf070Ud5s0K3Qj6M8xR9RIm7PcqW5BGU2RT5bJ1J1\/vPw\/kEHw5B\/Uel\/7Vump0vJ2PLzOrErRyyCy28H\/CjX4MS5ml+FO20xzXCyrWMM7RTfG5O8pUzdUipdnv5tp8CEA9qx6ymaIH4LQzcd25exQ1jXi1wp2wpq1d3aNjekPj4eK0nEZdfqEb7DCsRd5VORtQjWIRft09NKay8Oga5U9FYZDF3Q3Jgh7ntp9aEW45cCnmqMHChTsgN77+cu6BRJVKaTHLAYBcjy+pnzEKqtwv\/FE2G8wlFpV2sdcybgRd9GbYcZ+DBsXlYzmLLHTjMll+hgnm6kOAAAA"}
-01300{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_tot_l4_data_len":4685,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01311{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00424{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1866,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":327777,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyIAbtyjZRiGnF3KoAQD9Z1TgAAAQEICjCEuZ5hHtxG"}
00554{"flow_id":44,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1867,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":329295,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIeyIAbtyjZRiGnF3KoAYEABTMQAAAQEICjCEuZ9hHtxGFgMDACUQAAAhIDvgCHP2mI9cHzHqLz85L4rinpyirwQM0G15qiz8GUl0FAMDAAEBFgMDACgAAAAAAAAAANX1ITsccwssQQ7QgJqtBU2+fCpbWHhbhVG\/24Xb2iQ\/"}
02367{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":350456,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVA5AAGwGcdQ0ck0hwKgBBgG77IvHJo2rMLP55IAQBAVq\/gAAAQEICmEfAvowhLmBFgMDF7oCAABVAwNemFWVkv8HhgEBqRl7J096sK\/AcfyJkv6Je+CA9SLGGCApBQAAsHV\/DAKaYivrrDw\/3qGp42fGJ7afmMuMlyPWksAwAAANAAUAAAAXAAD\/AQABAAsADt0ADtoACRwwggkYMIIHAKADAgECAhMWAAq9oyiKJqzr8XheAAAACr2jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTEwMTAyMTU1MzhaFw0yMTEwMTAyMTU1MzhaMCYxJDAiBgNVBAMMGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvCd9UicgkwpI8bSwvCRO2lOesvtPd+z3GH6xRllv8Ei9b8VelLW2PuVMgau2FL6GVCPmGFiOhTMrB6Z5IhkEeYdzS19ordJYDNCTCV4CGHzvr3YSWpcXIsFnyRznGOPnlEMKU5qRnjk8yv7HdVvlTmG5IFjydJQBIE3EVy\/zWWQLcnHvkr+Pm+Ix8GPacEMThyVrZ57NGyt4w\/0XALYy3lIrBrwRrbdUiLTzkL4A+otgHb4wpI6lV59J8U\/8irhpL7YotYvOZ643jEuaSoC\/jdiOIKCF3kQGitPPXXdCq5zTupCxIYUh4B8CR5z8H6nlx9UNqdWcNq9d5jrCXcj+0CAwEAAaOCBNcwggTTMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgD2XJQv0XcwIhRUGAgwlFaO400TGTO\/3wwvIAvMTvFk4wAAAW23tMw9AAAEAwBHMEUCIF1LvMGCv0Kl+bp5C3GlL+E\/KEFrucmW+jN0WG1BTye7AiEAlb84qvncp6SV0hcgJPmaG243TJvGYrss3NJol6FvYZkAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAW23tM08AAAEAwBHMEUCIDiK+zbmA9fB\/F+jlf2HQYINB6AsuO6IJw9RLZW6d2VYAiEAgFQKKr4w6oc+CLe9pgqJVTk\/xWbnsVo3VT1pL7gD2NQAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAW23tMxBAAAEAwBIMEYCIQDC8ilwFdB7z4rC1+bZS4g04LUlLUYH350FnOYfD3Y\/DwIhAKOhDWx9PqjkWoW1QpLAVveNHTmUFKE125bJ\/m64vRMUMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUGvpD1lPIMLQZUxjL0t3R6SFpb+0wCwYDVR0PBAQDAgSwMIHyBgNVHREEgeowgeeCGyouZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIZKi5waXBlLmFyaWEubWljcm9zb2Z0LmNvbYIO"}
@@ -547,7 +547,7 @@
00425{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":350807,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/nkxyaei4AQEABWmQAAAQEICjCEubNhHwL6"}
02369{"flow_id":47,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":350844,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVBFAAGwGcdE0ck0hwKgBBgG77IvHJp6LMLP55IAQBAUzCQAAAQEICmEfAvowhLmBSqXCnzW92VpGfmYH1m1omtpnznil4dlESqAdtp3w6FXuEWbbWJo8SXlGFwdbk4I1pl1VcrvqNPn0Bj0YLUNyg6z\/RLXSi7gZzsEq6arWNJbWEMn937JTQo+WYGloIYmbu2BlzuQhg6CCBSMwggUfMIIFGzCCAwOgAwIBAgITeAASsndh+c7ajH79vAAAABKydzANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMjAwMzE1MTUzNTM5WhcNMjEwMzE1MTUzNTM5WjArMSkwJwYDVQQDDCBNaWNyb3NvZnRfSVRfVExTX0NBXzRfS2V5QmluZGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMATIBf7lKqwaKqhQFEwttQXUw5ByzEryQ9IoNXEbLDHrZNeqiyiT\/DxYjDnV6K2XbHuEairT6Hd\/3mI+WXHLvIQyAfuqZ501GK4bFEr58Brkwf1pW2WiZoXKoECvKx17jX8de4vhRbga3CICRPkTGATbAdgRXtPlfTdiwBZYzckpDAyMH6tdmR+35STkxYv9wm2jn7IwvRDAmvbAv0CTrpsqy4QycZ3xTOgA4CnlGTQObFHO01OOX+Vnae0VewDIkAvHerQQOt4vDSrZJ+0M6J5QeY2w69sA+NixYq0NdrKFdHSCqTABtqZJSuYVd\/pATtcNC4dNHIbt3+ytRJw2UMCAwEAAaOB1jCB0zAdBgNVHQ4EFgQUn+V09BIvBxkkdpIPpI4qZqkUWgowDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYHMm0eByOkWAgFkAgEHMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAFB\/+eVKiCzYpoy5Agpf51mXq7983iy06QEBMgD7xZ+An6o3IXbTIKWWdGFupril3klOtFgYlmEYDtqBrObKKb3Aa9XQdwfEss3eg1kE\/mAXmMsLQirGAkS9OLLLX\/XBhF22v5Klwo2LZkJpzfHu+gG+x\/dgf9\/WMCnbNDzuoqFHLU+ZxSQl2wlHY6eRg2B1Hqg8oKw+Q+976pleMF18RWOr125gzUgUWrQxhdSUULLxiGfERxqzHiYKcDoHXg73x7BpJlmEZo\/o\/L\/rstGG5Z\/fqpem29cjxsUlkSV3bkDlpH4I4e9hauVaaZ+J7cj1gR4MZNWh0eYfF6wt4EtBCbGm5mCcnV5ljBJLaDhs8345KieyA+UcvOYElxSnPEmXeaC1yPI37Y6AXjoDhXUQ25wJUZ0tiOxuj+STpTtXQqKoREwaMhR5RUy32181R\/rFhdSxU4qwh81wAxsOII7aF\/qr7WcrEInDqnSqwHUA2XMmLTRcfXu2+x128AGRHbqNBHFalzVyTiXoSs1igTXzp1SeVx2UqNogdTiNDgJLp9LUe5kVAPpV0+l8AVK\/wHHMLjo8cPjAyFQcXaDH0qn38BOtuisno7F5dVLUFr4hDMZfoylWwaIfbZXO6ZHu0S9+3DLQxful835f3IcGsmZW8Ubizp3rBQ4cz1xP0POIW8uADAABSQMAF0EEVUOl7pe4bv3w"}
00863{"flow_id":47,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":350857,"pkt_caplen":385,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":385,"pkt_l4_len":351,"pkt":"KDc3AG3IEBMx8Tl2CABFAAFzVBJAAGwGdjE0ck0hwKgBBgG77IvHJqQrMLP55IAYBAUAZwAAAQEICmEfAvowhLmB1mwwl2HxCaeNZf17r\/V0yqBBRUoHnSvpJmfw6E5\/tgsHr+tD173BXAbUQ1q55sAirgtlRvVLMwQBAQB6UEtdRqN6XcCq+KRys\/Id+5V1qj9US4tzhJ0XgkMi0hY5EuDvbgQWD3\/fDG94JYyTghb4WT9Y+fDAtWTmXywcT2ZdIZxDZvSgmUvPjmr++A7GMVbTktM\/DKSuOgFp6shWbA5xJZUblQb7pxTkebO9BeatiO6RekvrEoiUUN+Xacl1ILS15afpfKMbxVZC7Ti0ZCITP6EGK7vKsDW4ihkofOECzrtFqRexltpRNoX+4QBQ65s87v77RRyCfwvscg5jnYI0zipu3ESDDT\/Q50JMmLnztzHXDSJj1xNv\/diMlo4Y3lpOj6meifNpVlumTA4JHWjK+W9UZsTw9LOeNTF1DgAAAA=="}
-01301{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_tot_l4_data_len":6641,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":603,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00426{"flow_id":47,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":350884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyLAbsws\/nkxyalaoAQD8lP8QAAAQEICjCEubNhHwL6"}
00495{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1876,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":351722,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnVERAAGwGxxkofgkHwKgBBgG77IwJM0FdxeiJOoAYBAREIgAAAQEIClJKuJ4whLmbFAMDAAEBFgMDACgAAAAAAAAAAIBKHfNSFxBlmWv7H0u34ZHIWc0Rm83nyQsUXsoW1cEf"}
00426{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1877,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":351776,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR5HAqAEGKH4JB+yMAbvF6Ik6CTNBkIAQD\/72OwAAAQEICjCEubRSSrie"}
@@ -563,7 +563,7 @@
00409{"flow_id":42,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1906,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":420065,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q9iwNQXllAQIACxegAA"}
02369{"flow_id":42,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1907,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":420101,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUjOFAAG0GdfU0cg8twKgBBgG77IfA1BeWAv0PYlAQCATN7gAAEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSAyMB4XDTIwMDQwMjE3MDM1MVoXDTIxMDQwMjE3MDM1MVowKzEpMCcGA1UEAwwgTWljcm9zb2Z0X0lUX1RMU19DQV8yX0tleUJpbmRpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxsiBlqpOW25S5JSJRGJ1elO4z8Cxx8jNsk9kLYVQKs+e98oaED8XegtCmY2gfy5SvlD2b43t9l71c8xjHJCDkMkZMu9JTyFDBKGze6W\/pLHEFCO6kHAhZKXuFehTyqO1Si8kROv9Qfwcu6ZFKCosAsHZ8MyCYYG1PPEngklFLDOyceTJEc8vjwGq4SxDde9z\/TqVuryShRAwtvRu1OQIfFCJn5YrZEl10823PNr9KRyR9XSB3vWefjsaTm80al5kWLASp9YF+YJdK5zrvYTgTOU\/5y4S10IaaefssKozfAjHMgxAw5pvouW4dzl\/qCudhVPWmxVHmHX4g39wOLeobAgMBAAGjgdYwgdMwHQYDVR0OBBYEFBCKcvn5VkfyCyzb0gRYSE4LJNzzMA4GA1UdDwEB\/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMB8GA1UdIwQYMBaAFJGeO0RsPVecQncqNNdP0cxKlyzaMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2BzJtHgcjpFgIBZAIBBzAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBCwUAA4ICAQCUrZ1UklznMIstdAw2M6U2kCFNmXzLi1q6isY0VsZrflxVnjm68aj\/9BhhNAL3xORW3nX5VdPYd\/DrWkCDVHAdHxEEcdfeekSO2ss1HNjwDiEg02OUE4SdwYvw9d6TYuhpbysWpom4PxIdl3QcGot8R5TrzqAANlQ6tAlH\/152BpvUWfM8\/yUm5F\/Nuz+nR6c5u4Jx0jNIc11e7yrKSzVkrzgLbBsjWF8eGVJZNGQyeB8C4Q2gSpObfL2XBJ0Du4mDoAe5JiKIhHwaDG0Ey64kEg9iQgBAL14zEzrqtLhqq9urFLeaU0HO7yZNz1rmJ2UYdL3ZdD0yl3RzAScs7WNaOjbaJjluDUkCVbH8GhRymqIyBIRWJ7sZRsP+k6aHGSKD8TcuLwh3L3EWb24qtbayC\/l2pwgA2pPIvKz8ObpLi\/PtR4LfVN1MMDEhmd\/A0XbTocInVs6H1B+mOIJqIc3Tgn5etZ1H2jnV1ZRD6SyhVfqSmO2E9Uk2jLeb6WqJV8Ii3Q81ZZ\/aGfjm6w7U4decHkKlYzns14MCLBfGm0yxaSFjYyD0IJho2p4Ucid0BvebSCTHzGuJ8\/ofHL6ftnGIFd\/1GjwbG7VVeTWD2feQlQsJnGLuQjv8TQ4xNBaYC5VaRqSXyaKa5Twegd7h7X3PgshSrKG7sVflIdflHtcmNwwAAWkDABhhBOJCmP665u+jsfKoStrafe1IG17spRyNcQ9radLxgk1FfIpXmVcotZ3lmovr4XEOi9FU9Dp3zgoxh37t9whGJkD9oSn7OyvaAqtNPnQqq1T3Ty3OFPdgEVsDyBVD1FPumQQBAQCDUp45bE+gKwMoR4DNbqkKHriRNXKiJfLuCO2cDPuQu+48iwJLODvS5\/Y341RmrixwM0YJlVGjfqmyiQP+QnGThX12oVsW1BYrve57\/KoCwbnaYSn+HeOgJtOe1NJFgZwomlBQOR3bAbvY"}
00622{"flow_id":42,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":420103,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"KDc3AG3IEBMx8Tl2CABFAADCjOJAAG0GewY0cg8twKgBBgG77IfA1B1CAv0PYlAYCAT33QAAhP8kGj4A71uZvPuiIFQNgmojQyaAV6pd1jD+lOLbBOEBkTitcW4qGNMWpLn0+DB74MywI1q+MsMrl9My\/pdszw+\/257T4TKQGFMqcjqLSt5G1XTEqzbXOxxwgReoxUjqT630fph3hTnJwYPYvxV91IFSGcWpVdfcj52uSWwebMcG2nFbczAZWuaUPPSbPbbCU33y2ywSDgAAAA=="}
-01176{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_tot_l4_data_len":6421,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":583,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","issuerDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
+01187{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","issuerDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
00410{"flow_id":42,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1909,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":420144,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGNYPAqAEGNHIPLeyHAbsC\/Q9iwNQd3FAQH82rZwAA"}
00425{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1919,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":446016,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VBNAAGwGd280ck0hwKgBBgG77IvHJqVqMLP6L4AQBAVa+gAAAQEICmEfA10whLnA"}
00497{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1920,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":446109,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAG90\/AqAEGNHJNIeyLAbsws\/ovxyalaoAYEACJMwAAAQEICjCEugthHwNdFAMDAAEBFgMDACjKOW9G6pYYFQxbBReF7uslk560sh+IyAUFvY0v0wF49L1jZlB3T9Xz"}
@@ -576,12 +576,12 @@
00483{"flow_id":42,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1985,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":655805,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"EBMx8Tl2KDc3AG3ICABFAABbAABAAEAGNVDAqAEGNHIPLeyHAbsC\/Q\/NwNQd3FAYIADDMQAAFAMDAAEBFgMDACg1g3wT\/ODOeR+aU\/gTizqUW4fCOmeXoMw7EtPrJ+nxsME1J+VVQInR"}
02357{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1986,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":659207,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyIAbtyjZS\/GnF3XYAQEABUTAAAAQEICjCEutphHt2RFwMDDn8AAAAAAAAAAWyvKpVaeilV\/5D9VXLPmEWMPulyRMiX2TW05r2RAqSdQjx9+rN8RqXZC8K3ZdIo10c+YSWuucNxRfOXOl2XZv97bN9rrnkLWZz4VUApZidtTeFhjjOwubdlrm9EBwVlnU0IGM7MtNRZL0KP3ojKQFKyryxHvWRniX4oEZLqBihyEejtNfwQ5K7W9VoXZczL0OHNWi\/NRnGmMtQfbkee0RxUScTLiHCXmsgmOegZH64j8YgD74gysNaww4qAeIgh46AMhj\/UI+tZ5Fk7pQv8XxwLSRcnLXMZpBqlOFjbY3oHZ2DY+4SytonO5k7\/v4BwpYJDX9jh8IRjSMdyI11Mma9m\/tM5NmuetauXj4Z5Y+xBcKf0ZTVmN+aPqs8u5Lbr4tfOqliJCj8dI7hKVUD0DRV7oxLE4InF68\/Xbsb\/E6fgRCaXsV92ktIlKe5QwoP3lPmhuFPbb0UXGmVZEBlkHDynOC0aRGwtnO2TMBf24ArqTlBywNirZflpwK\/+quDjwBMjNmSSVHeEH7WtZbu9TZQWUlXHLrPeXXgROEcz5y9sEA8JfizJpOKS23sE6ly01s6lpYSruNMzRH56rIsDVFXHoSBggyXyLYrSl9ADxEOmu\/yOPhSUHukY5T5idzOI+S05116zj3AzUIIyWngkAW50lMZ0pripPzKS6Eg\/UbovYdAJ4Jo0RjQ9GIZCrfr6rNEOOW1lqZwUEPi9m83nZzC6PdepICiXeCJYlaLxy9zDfIQf+NHF7ZnnxAzUCinh50HEFIaCoFRvb8K08aTZbjtaP2NQZaZZAVj1\/QkCjq5HamvDJ0\/tRG4p88ayaFbtCSX08IR6xH8SCrcwZa9WgvIKv8Ivwewr4idFh3JhjMntMqYfxuwN6qxDUUihyhVXY1UUHXZr1D367alMo4Rey\/xCzIWWZUY2tRnfLA+GG4n2FqbDzO16MI3CdfTh3X+eUvt2AsDzUkLRngijMfue6SL4rZe3uTuZcxlUYZoLnVfTyFfzpUie1WV1YcFEkPHalobpo59loQCpLNaCoKxm64Qzmy5hfeFqDxK5re9uWpvNyfoTyYoEOxzU0OfphPlJxvUbZtKj1c8z+7X7SZ1mmc98yNB891zI5C7EZKhhAEaPh+7BF3QzaLbQznJpVBFpTVHz+tMjKYL8+wX58pH4BOCyFPxsLGlsRiJr\/VqGUM8A8mazZ8exuPC1SulZVj8NZZphYxAbWHKY1dMnA2d30MEeD21J3+b2Shzk8iRRR6tpjpUpDM8b1ef3PgPDh6wh4SOnjSQ3bp+T4SourLMrm4TLw2dtehZgWDLfY6kJzDD0Wms1IWyQX+rwRMMQsri8xTIORE2iNUmO0js\/zuwzKyhMXKnb9MX1GrkF0I3+OtSc0H2QLrsgQFGMLoHcucWC30pzVFzCSOnScFd3sUzVdoeT7+GQw8p1XHi6aSNIM8uNhkRDRk\/KptgzgnxA+jsjcu6V1P9hyl3dfJY8tBUmFvhQ6ySqE5I+JRxKGCrE8QgoY7a4jfvBq3S23X\/EfdvGk+et1noYpY+kiJ+du9EmXh6wLsmHsPxNlIU6NvDCq2VllN52QjxaXHWmQQyO5dwhSar9ITnefHMRxKxBsXS62xrlq1LciiCEugy\/gT30KiAvip\/ncQmxXmSaVzBZ85fn8mZHAdwpnhAdaMrxRWT9M+LGOW2wF2zP5MJHDltAdsZJ+Q6snPDyWRxPoKM05V7hYmdToEa0m0tGD6IVGvA9NaNXs+Xa6DHGbI0\/AFfRc7xuDRGfOwY8DF5sbswlv3sQPMeIsrvDKKAEu9lKBhHT93B7Y+rU92HBdO4RkIRs1XtYlAax3ZkHhI7PCJfzHyyAG2sYQn94lA767q4fQCHjQvsn5PH0\/OAf"}
02367{"flow_id":44,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1987,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":659215,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyIAbtyjZpTGnF3XYAQEACcrQAAAQEICjCEutphHt2RfPlUrr7WkJImFDpJlgku\/Mcu3R9jA4oFvqMCL92bqnjr90nBd4aAaKUh4RaXay6msK9eXofvdUiB4V14ac92o9Y67vbpSHeIYMxohjA37zpuqyrKWjbU\/X96dR4e4IL90vpmrULO83u1ZMtOn2NPOjY\/uO57xawZKSEPD\/933o9dX2WFCDZXkz\/zIb4q3lYebUBRAmhD6OypAhhohtkMDQUY0lsUOhBGOC\/OcvdgLfT3mEXm\/8WTtB1XVCX3w4Pd9R4j9zDkkgjvL2pin7RLsXKLXxFkxOZUhoDDyqPzHTlGk0kgFB9BNHluM8U5BaxoO5kz3GO9pmi9RybmfAeCtpP2gKRO2m6kYR8uvLGYaa3amN7kBmq0L1BTjIFxO9mU0nFiDu\/OSKAlOBLDm9NItj6V0xmhxAWebD2mHEMh8P2FRd1uA1SCkQQ3PfMJCodQdSqYTgegwI9licO7JtCiooKYdSQ280itKolnIXnfXid9Zr4U2jG534iSwNH3BgntZh+RfEeMe\/y18GSspB92SHPJAvQOpVSt\/x35GQulblT+82UKy9zyqE9HeZAgyPzpMGZtiHd8DEEdPA9dWQBsUO3ZyHW0fyqxtNxf34KEXGzjCfokibheA44qlGkK2qtd+d+1KQJAtNPRcQXIyK6vTsIX345sxAzLgR6kaMBjhaHx5gBJWuZ8BUIs9Z6VPsfBUyA1BmKyN2syB8NS9reCS82KfGPWWWeC4UNTth6Wi5HydKISBgpwqvgeFQ+NCaOe7JIbJRib0jR6tUJRrr9UKgCjAmOvOe9JDXVkpE+FACnglgIfaXvdvlJKGCd16rr\/dPmJibbrAgb2gMvlL4oH2TDmhoKBHoray+ntXKhyUrTiTU1C\/xpCccQkIp3hM+QfI4LUOoGei6JgGgH7SM9ciBzescfbrjlqp7bgkERvxuQk4F\/P57y7N2O61CcnzbX2J5ZLI2PU6sfj7tGXNqsXRwOojjJa+RMwJDFeIuasPJWdZizauJpuVR96AQguxJHHOER4x0asHMSPNJebVlDZNwv5+gRstPIyKY8+ofvRsIpKwhZAfq3DdP+vBFHML23v2h+aHO52R6ZQe+a4\/5peMOH\/taax49mquG\/2SVLaDiauGaMyyqOomCxuqyews7DaAiUIDG\/NML3jJq8hKb6\/HfbOSUU8lqz6eFGVRxQH0PUZKjNSDSMFabJN\/MPBeY0vY7AqI3kojMNZxK8psNXC\/yK8GZlvQ66j6V+pP8+SV972JDc518LLCrH6skGBj8qW\/yD+72HrE2pXLlUgNG4x7oN9Lpa4C6vEw5eS1WBohjbclX7on4WYSsZgbuMTt1ynzY61VNzsK6Xz7D4lcV2JxgAW62uIvMj+SV6I76Ky4NlNTEozvJLkh6jVmGTEz\/pkJu7WlxLAFKDcoB7c33IpM2w8Sxo1Il1+1E\/MuZc9LbqqjHpNdXFax4NVm\/\/4qzQEy0MEKmbX98VCTI6zUNO7r+aqesU17F6el5Z3U9WmZkF+f1FZ2yby4iRxZTbJd\/ZsSYg9sf7tysYHRzeCw2rCNvoL9MUUQx1lGggaLnIdgY\/t80dQyLCjpUGN5Vu5RKshZUS6iMwkAd5zt\/aB85VHN7ELOSskqEyXSTl\/bB\/gzyQIO07R06AJ0uv5d8k84cZJpWOBhP924m46df7y1\/uKQX9LYOO85cm3ASYDTC54RsobYK37BgG8NcdMp7YlrIufSTD98nL73eGJBOyuoMO+kSFBIcUYzWU42Bc\/RjwqZ5hiIuj1gnT1F9DCqQGNJTEp8H7gBrqeCzERvjM7krXS+7olbsmkaSdxHgeAHky5zhROqDEpChRAKxInVYyCQa4GYGWxefp+6zEU+f0ImbrGeOJ9vRvhaSfo3tTs3jQhpRB1piVT"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1587041685984,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1587041685984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":984732,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
00426{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":996890,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":996986,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk3cy6oDyVAQIACBQQAA"}
00652{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041685,"pkt_ts_usec":997296,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"EBMx8Tl2KDc3AG3ICABFAADbAABAAEAGgXnAqAEGNHHChOyNAbtKVk3cy6oDyVAYIAAs2QAAFgMBAK4BAACqAwNemFWVDIT9d4HngeJpG5mlHm9Rt958WOVPiGzzmIF3agAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAVQAAABgAFgAAE3RlYW1zLm1pY3Jvc29mdC5jb20ACgAIAAYAFwAYABkACwACAQAADQASABAEAQIBBQEGAQQDAgMFAwYDAAUABQEAAAAAABIAAAAXAAA="}
-00767{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_tot_l4_data_len":295,"flow_min_l4_data_len":20,"flow_max_l4_data_len":199,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00778{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2021,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1587041685984,"flow_last_seen":1587041685997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00415{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2022,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":8515,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQFAAHYG\/yo0ccKEwKgBBgG77I3LqgPJSlZOj1AQCASYigAAAAAAAAAA"}
02365{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2023,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":10362,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUTQJAAHYG+X00ccKEwKgBBgG77I3LqgPJSlZOj1AQCASa8QAAFgMDF3cCAABZAwNemFWW8C0W89TTgqUKjOWIsiE2Y+2ePAr7RSpdbuGESyCTMQAA6egPuYFj\/MApkL3g9Rg+u5na9LGY5q\/3ymy\/W8AwAAARAAUAAAAXAAD\/AQABAAAAAAALAA52AA5zAAi1MIIIsTCCBpmgAwIBAgITFgAJ9GLNY5Hp8bHk\/QAAAAn0YjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMTkwOTEyMTgxNjQ1WhcNMjEwOTEyMTgxNjQ1WjAeMRwwGgYDVQQDExN0ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA474YAXkUH0AKd4mxgmpT49oCTCGzc+aeH0sH0HfldaTKsg5ito6++6GsfGEVzFsy6JVreR7nzWCbQ6\/I0WQfa+Gosa1DnUi8qi\/Shk0iTiu3WSCKxK1FENKNROAos9Djiz18pL2rP9VrVDb8tARlA1h0pxojacA1jZGaCBWbsBr8PHWviwnZIma5GiI3qb3MYHBOisScv1DZDLkUHn+JpjLYkw1t6ZLshtX5NzPKBAW79DAjdmuq9tQZ20TMMg5Tthlc6YLpRyq+9xjSsi413rkcJIUC\/Rf2K9WHQsYN6BPKO6orPrxiYEj94kVe73iPD+0QPCIgBl+zhCTXZSIYmwIDAQABo4IEeDCCBHQwggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABbSa6UVUAAAQDAEYwRAIgd5sSxdrGrfVyYR+FGj+B6FEN78TVW8jEqYGOJibnXdECIGD2W8oq5cUNpu2uCWQE1jXUs2DL4cvl1uUNhV\/wwimkAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFtJrpRVQAABAMARzBFAiEA5d\/lkmCTtCqvHZWUW8CIQAdVecPeZLtbE+QQd\/2gZzMCIDj9Kz8UZie7T5Wq7+KCyQOU0gDnJClZGl6ZUP\/3Rm+0AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFtJrpSpAAABAMARzBFAiEA5y9TlTYWL0sPVyQoAKCdX9HhFRlqmgmhX9Xw2R2yjHwCIH6zjzCgNhLZRlxsZ+uj6zQ+Uw6zIFsO+k1yyvjZxKDCAHYAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFtJrpRgQAABAMARzBFAiEAgEgS\/oBjTv6pem6\/3ApSrk83mt2s6Fa13OEmbyNd50oCIFIceGAj02+gPpiEKkrdX9CJ\/jXDb3rJRIIrt66Ofz2\/MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUJuNbdE1TT2O2ytZtHfPJiEnELtQwCwYDVR0PBAQD"}
02366{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2024,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":10608,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUTQNAAHYG+Xw0ccKEwKgBBgG77I3Lqgl1SlZOj1AQCATEUAAAAgSwMB4GA1UdEQQXMBWCE3RlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBR6e4zBz+egyhzUa\/r74TPDDxqinTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBACMljl4PXdqfsGnHnHEiog8CyPTCICRJCVUcbZ5afVTsQxiRpg2bVtxl1vFq0UdqTpI+kMX8EVY4C7Gmrb2yOSLzdaz+0htG2dwTgNWS\/bd++B5YbYbyyrmrHhzmoDzfR+qZdKS0uA6mx2CYFo5hKxNjTHfd1Qdrg0w3XsuPrQax3fLN5JjHsFCQxAn9XxV2SfDNzLiNrpkQcWWElrudoda+F67h2kRXXaX8jtecomPcC8rpXShGH3O0tQI7lITD\/ghyFuS4OuN4zs3vGp2xsAH7PEi24hGQro09g1+rY\/VhwEhg\/\/nkTVgD\/ZbaRVPcvbIndMFc2uEbDyTEYG1ghQMlhzJ0z0ON1uZd+845eSsucuZAsM2nVRjaCLJ3VJXLp2bLLhQ8Z0oytSNQnEt4sS2H+qUfAxDvyt1VZ2g\/VYoL+stqV\/K5MJ5dbineogXsC\/RZwOCRTINGE2s6jTHOwhvEvUqlynAJe0lbwafcs+x5wYSwLNkng6KjnHuy4xZGEg4BM1iOtAqOQ\/nKFLpZQzXVqekdB2LMjWFKLQOyf2K70pU0GYuMCFCkhY0u\/OIpyRo\/IVgzwmO7bKF6dKMZ3EoTyTAuTwI1\/3MtVDjnpot8X2B7wWFIT1OXxoGkgYY9qoa2XjXhUFwMTUdeoK1yS4fEUV3Y68bTuXYV11jRsY6uAAW4MIIFtDCCBJygAwIBAgIQC2qzsD6xqfbEYJJqqM3+szANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2MDUyMDEyNTIzOFoXDTI0MDUyMDEyNTIzOFowgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq+XrXaNrOZ71NIgSux1SJl19CQvGeY6rtw7fGbLd7g\/27vRW5Ebikg\/iZwvjHHGk1EFztMuZFo6\/d32wrx5s7XEuwwh3Sl6Sruxa0EiB0MXpoPV6jx6NXtOtksDaxpE1MSC5OQTNECo8lx0AnpkYGAnPS5fkyfwA8AxanTboskDBSqyEKKo9Rhgrp4qs9K9LqH5JQsdiIMDmpztd65Afu4rYnJDjOrFswpTOPjJry3GzQS65xeFd2FkngvvhSA1+6ATx+QEnQfqUWn3FMLu2utcRm4j6AcxuS5K5"}
@@ -590,16 +590,16 @@
00408{"flow_id":49,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2027,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":10918,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk6Py6oUzVAQIABvigAA"}
02367{"flow_id":49,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2028,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":10986,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUTQVAAHYG+Xo0ccKEwKgBBgG77I3LqhTNSlZOj1AQCAQGZgAA7dIaCgAAABSW0TANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwHhcNMjAwNDAyMTcwODI2WhcNMjEwNDAyMTcwODI2WjArMSkwJwYDVQQDDCBNaWNyb3NvZnRfSVRfVExTX0NBXzRfS2V5QmluZGluZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2SgxvpjDYjzBSs0WMPjaEnxfx0ph8YUENHkNtBgmTL\/I48ISA513PDZvgRlkEL8juzKHixKietMtbTjX2g0Ru+b0Xx3jTpJvUnThqOsEv072NriYX3tuq2YlbZfSvXX5g4CDBZAx1V8Y9CnBOP5Oj+UOsWBE9phfvyhrfN9XBADPrUuim5l2H3Wsx6VgY2WqiE\/AD766Gm5hxSrOygTdO6oYRNS6py2EIDxPSfo06of+f+bd5U4O1djL9YnvzHRcJG3xZRsDSBXZSutpJVrdUc3OsjyygQKoWHCbplOYXHYtXrL52V4R8lPBoeGGNIyX3nlHFJFj2gzYcVCm7fr90CAwEAAaOB1jCB0zAdBgNVHQ4EFgQUov5qP4QsEh\/ZqaZNTXvN5iiM8UwwDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYHMm0eByOkWAgFkAgEHMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAKPl9SK0LY+EXU1pDCJZNILX\/tsLthBgVVkdFDbAun0x8Ww8QmlW6qLErphV\/AeU0i+ofY+1NRBI3dS5PHQF9yXT2VY0sqQBSti9zuzRw2uf11GLfIZx5EWNPlMkhPfXzWNxUVi2\/FkJWN3wqvwaShm5c0f5selfWZ8Bqq8SRlmox8B96mIVf3wk3SXeHNpZbjUXl7OcH6T7+r8sLEa8EYOEBcS5JF+k4PEHqk5mNBrpgaczqCJLhxuii3S7bIBIeG6sBZe83weEPDxpxsTpw02D\/5yXHd9C+oxAP4JQbVAgyoHjFdw4c3IsOE7FxTfNUSZNWmQXjOei3vQ32nR0chEHjNlTdJwKuQGoTQF0k45jiFV7z7s0Iv2rHqv+dB3P18SlgUBifwg+S0xQ3fPol\/cooBvyJhDIAIVmL+OOF17ZWOn9PMX6jznZgzxMjIBIIOMqNUaLfXXbbB\/ykAOUOkrVO6XTcdly26wevgCDRUTIPFRDzoN6slnotBP4mwALUEQTE5HTW+ultwf5P6UIHEZ2AtKHtW9Prb2\/IOVj7iZ8WMW3OpZkfhPmb50r4KHj5SL1FEouj0ymUJWTijP7SJELUHZslfqBZzbwVYghPjrsaOPr34Xaw9EPOiMn++5naD9XuozjC863v1M25zIRY0O3DfW4ygEYRsRTfv+z4LPLDAABaQMAGGEE2sl6xnO4uP94rSIxVlg4b\/j99hnR8yaBzHoUH9\/qsNRkW9haIO+cM+lX2sjma0NLyCeRaBVp\/yTEPyTID+7UaplNFWbv\/tcVBB71zV4gY+ppHdd07J8XxSx68sr41pWVBAEBACErGiRr9GjIHoClE\/uVmHDe2IM5WQ+tESjQJIYlxc54JzAdeIHUmFPRqdqVWHNRbyNeVieOWV6u"}
00689{"flow_id":49,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":10988,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD0TQZAAHYG\/lk0ccKEwKgBBgG77I3Lqhp5SlZOj1AYCAS77AAAvIujPjRzrH4orx5NcFc758218nlovmJ9A8tO8uTQ31JS\/9Z8ard+gW85grhMGd5fC2AryGxpyADt94rcf5ANohO2O9w3chTBZqvmZ4RhOhDKhvjS2iYXJjZeQZW4VIDPOEwLyXk3X6tvRm\/KDMyqBXlWC2ySrpNlGYxWmAcLr+g2XNRhvDDEB8TeShOR8\/Q9S18sFSiDKSlKk9h3K4GyIjAuOKk30BmRTqH\/RcpyOnUhtU+GG6Fn\/M6NQ9dAXiKSzWT0bDE6Wh0OAAAA"}
-01086{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_tot_l4_data_len":6467,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":538,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
+01097{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2029,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":12,"flow_first_seen":1587041685984,"flow_last_seen":1587041686010,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6191,"flow_avg_l4_payload_len":515,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"7d8fd34fdb13a7fff30d5a52846b6c4c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=teams.microsoft.com","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00408{"flow_id":49,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2030,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":11027,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGgizAqAEGNHHChOyNAbtKVk6Py6obRVAQH8xpRgAA"}
00555{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2031,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":32102,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"pkt":"EBMx8Tl2KDc3AG3ICABFAACTAABAAEAGgcHAqAEGNHHChOyNAbtKVk6Py6obRVAYIACsmwAAFgMDAGYQAABiYQQ29kHwPhvvnpaiCYG3+fxcHuntYbQcDfQWnyrEsXfWZHYY41ZDY2su30b0oAzRR5MiPvwj0FEd0ujfw7k4nnayIJgepfpgOA95AYZxgWsUyhsxGXi+m1LNcagh5bJS0Bk="}
00417{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2032,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":42525,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoTQdAAHYG\/yQ0ccKEwKgBBgG77I3LqhtFSlZO+lAQCASAowAAAAAAAAAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1587041686239,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1587041686239,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2043,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":239545,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2e9AAAAALAC\/\/9PlwAAAgQFtAEDAwUBAQgKMIS9EAAAAAAEAgAA"}
00436{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2044,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":288146,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8YwZAAGwGaHQ0ck0hwKgBBgG77I9T9FE0YIdnvqASIADemAAAAgQFoAEDAwgEAggKYR9buzCEvRA="}
00425{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":288255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
00707{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":288562,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyPAbtgh2e+U\/RRNYAYEAniuwAAAQEICjCEvUBhH1u7FgMBAMkBAADFAwPWvyUszXyGVwTdfXyAsIQo65lWnkpPMHo57lR912BOzSAuDwAAZ8HaIUQ\/TUKOJyzDpeZ2C6OXN9Z66nmD08\/sfwAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02360{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2047,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":339149,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwhAAGwGYto0ck0hwKgBBgG77I9T9FbVYIdojIAQBAWA4QAAAQEICmEfW+0whL1ALnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
02363{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2048,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":339238,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYwdAAGwGYts0ck0hwKgBBgG77I9T9FE1YIdojIAQBAWSmQAAAQEICmEfW+0whL1AFgMDEGYCAABRAwNemFWWDCWNYomQcFTZR7F9Q0j+Flr5LhYeyNcj8nMvlyDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW78AwAAAJABcAAP8BAAEACwAO3QAO2gAJHDCCCRgwggcAoAMCAQICExYACr2jKIomrOvxeF4AAAAKvaMwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFTATBgNVBAsTDE1pY3Jvc29mdCBJVDEeMBwGA1UEAxMVTWljcm9zb2Z0IElUIFRMUyBDQSA0MB4XDTE5MTAxMDIxNTUzOFoXDTIxMTAxMDIxNTUzOFowJjEkMCIGA1UEAwwbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8J31SJyCTCkjxtLC8JE7aU56y+0937PcYfrFGWW\/wSL1vxV6UtbY+5UyBq7YUvoZUI+YYWI6FMysHpnkiGQR5h3NLX2it0lgM0JMJXgIYfO+vdhJalxciwWfJHOcY4+eUQwpTmpGeOTzK\/sd1W+VOYbkgWPJ0lAEgTcRXL\/NZZAtyce+Sv4+b4jHwY9pwQxOHJWtnns0bK3jD\/RcAtjLeUisGvBGtt1SItPOQvgD6i2AdvjCkjqVXn0nxT\/yKuGkvtii1i85nrjeMS5pKgL+N2I4goIXeRAaK089dd0KrnNO6kLEhhSHgHwJHnPwfqeXH1Q2p1Zw2r13mOsJdyP7QIDAQABo4IE1zCCBNMwggF\/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2APZclC\/RdzAiFFQYCDCUVo7jTRMZM7\/fDC8gC8xO8WTjAAABbbe0zD0AAAQDAEcwRQIgXUu8wYK\/QqX5unkLcaUv4T8oQWu5yZb6M3RYbUFPJ7sCIQCVvziq+dynpJXSFyAk+ZobbjdMm8Ziuyzc0miXoW9hmQB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABbbe0zTwAAAQDAEcwRQIgOIr7NuYD18H8X6OV\/YdBgg0HoCy47ognD1Etlbp3ZVgCIQCAVAoqvjDqhz4It72mColVOT\/FZuexWjdVPWkvuAPY1AB3AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT\/TM5a1toGoAAABbbe0zEEAAAQDAEgwRgIhAMLyKXAV0HvPisLX5tlLiDTgtSUtRgffnQWc5h8Pdj8PAiEAo6ENbH0+qORahbVCksBW940dOZQUoTXblsn+bri9ExQwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQa+kPWU8gwtBlTGMvS3dHpIWlv7TALBgNVHQ8EBAMCBLAwgfIGA1UdEQSB6jCB54IbKi5ldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghlldmVudHMuZGF0YS5taWNyb3NvZnQuY29tghkqLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tgg5waXBl"}
00441{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2049,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":339261,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyPAbtgh2iMU\/RRNbAQEAmKzgAAAQEICjCEvXJhH1u7AQEFClP0VtVT9Fx1"}
@@ -613,49 +613,49 @@
02368{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2057,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":390756,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyPAbtgh259U\/Rh04AQEABTVQAAAQEICjCEvaNhH1wbIrw5FRKsH6HIfUDB\/UW0W24JYRUtY5aU1BLH2m0HpRX0djJRDALdnRoFB8Zid7lY+CCAOVlGt7ZdcKye\/zDKb3XVuFsYrz1K2\/2cqJ8e5QC0L0ZKjl19dFWUi4oWz579Pvkqn4+wwiyQcC159kbX0JYg492cAOAux\/LMymWHW+6kwgsttCBpY1fr9YfE4xZ+DBZ4AeWRMA1dLrVEIUWUrnO6OddQUzeWCTCevxedzWew\/JamWqEoxfeMVyFK8Ta1+Qz\/FH\/o16Pb1t7JOIjRHYcOkWVu1gYMQtirNlysqP50DJZWltn7\/gzZ8J81BmUUrG1LDv+xiY2\/urYXIGO8F+imslJomLrCqYsPPlTkLhvElR\/IBFCT\/h45SkKj2AuXtOhfC50CEyvn2V4STKXq8SNlajhpqNqaU8cHLzXTaP4Yen9\/rV7RyRNDDHib0yzOynDXf6zWVjvaNQ2uJbpitmsOEGwhLGeQmbm83IxTs8YLJuUkgsUzauTKe8r92pJ+LIMj9fTQd75GwD7w12bvbrMM6vr0ej8BQhfnI8CeqJGS4EQxOTy0SxV2t\/18DnhW5rS33GuMrMBTYXDNVMloJ3He\/byO36yNrYbOzO9sMixesCi2z2eboTUhA+5mtBNY+FfxopxUQ7sr461JI+VUTwX+Ue6iWVWtL\/yXUd6tcwnlBtTjviLMQR7ZiNzI8lQ9ObGHE30pX34pV1PKMGmNAbHokF908ZFPx3JTebul6wVDoOMJtnWj+zaEKFs4L5oOfhwUSA5nX4HDCWJjy2GddhhWpnNFslv7od66tx9frksr8RdEmKnN3y4u8e\/0zQt4XuP4t\/+HUEGEyf3++HEVCP5fGkrl8CRZThenVChScmCmQn+XJCvE7M2Lz4QGhZ03IfNlFr\/2e+wJJQwJpomZPNCFVsVfvBAlYI1sPYgRzbdnFDf9FRw2OL75MjqyC7qZl8rTl2KCYjajA6rVGz4lGxuUr0SFULMz3V\/1L3kOBqbLVdF\/uTfyF8LwgSc8tTy4dCY3uXl9P2EqA6WM\/E+hY+FfGQudXd1HwDTRa36TqRbFEkULimHjalLhw218\/gYUSvF2OwCkgQXMLX6iAvubK5zw4ZtjhkDnSK23+rZwdAOy\/u6lXVGFHHFJNT\/9YfoXu1bhnkMUgeeE\/VDtE8GZjpTshsNp9SC4fuQsaSJfP\/6B6cL6iotWypa6vNiL5z0RcxK+L8uU9hS0o00q7nXgtbRA\/0oxhVxi5nxlvA8N3A3bEXaEpYAVfI+82KYgm7I9cysmOoaUxzct+bte1A9qoS3ajnLCUyBqWRu2oxELWS2nmdAVLcRyb7yjr6w1egMPh504z5es4ulMHXe5xC82xVDjukV5xkAFqY5ompuqNT\/M0M+aTSEGeRxntEJdhePyZfy+RnmxZDwyQh66vEty+IrjSOsQm52Sb\/fnrY6g3HLOSq19eoCSjs2jMI6xn1Um98kIIFnx\/RiJS3x8+pls9F5x665UifjrdfTTb7Bk0xWKvHErxYzuQYOuqoUDCV11ljiamNRn7aTkHupB8oAAjkx9G7tzKBx7xCvmxRH47tWx80VL2+FETKjdlPchOCrWrotI9dEh9A\/Zr+7zOzgjid1g03lxHUeob3c7dmllDs1W9BD99eEodUvNX5ffOnR+TOqIkRR+x75KPjWjMb0NQ0usP3Y1vb8OrCm0afBebZHLSJ\/3XBxDZ3RgsEmTyXbTzQ8lc7cVQk4nItJVPWGq7HQ9V1gHQiVa9lsb4PX+eAyNJBi3J+RbVId2FHBXwlt5cbgD+Pp1pAoFwVzAWuhPLl97WyycrSbhtbvCs7AYAdFnYQGScbLg244EWlpfMu0zI3O4dJhhLO8FjkaNU9bNw5iZLP8v7AXBWGz3ysKvueXWuK96"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":611252,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":659283,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1587041686889,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1587041686889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2104,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":889381,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR0nAqAEGKH4JQ+yQAbuMpd1iAAAAALAC\/\/\/7KQAAAgQFtAEDAwUBAQgKMIS\/iwAAAAAEAgAA"}
00438{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2108,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":918390,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PdhAAGwG3XQofglDwKgBBgG77JCDb8\/fjKXdY6ASIAC\/qwAAAgQFoAEDAwgEAggKUkSG7zCEv4s="}
00425{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2109,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":918473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd1jg2\/P4IAQEAn+PwAAAQEICjCEv6dSRIbv"}
00759{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":919156,"pkt_caplen":312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":312,"pkt_l4_len":278,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEqAABAAEAGRl\/AqAEGKH4JQ+yQAbuMpd1jg2\/P4IAYEAngnQAAAQEICjCEv6dSRIbvFgMBAPEBAADtAwMbmcXPy8rEyjOH5t3NVXkoUGCRZxMGyIKbY0co\/wunRQAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACc\/wEAAQAAAAAeABwAABlsb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tABcAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAKAAoACAAdABcAGAAZ"}
-00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_tot_l4_data_len":394,"flow_min_l4_data_len":32,"flow_max_l4_data_len":278,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00796{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2110,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1587041686889,"flow_last_seen":1587041686919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02372{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":950659,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdlAAGwG19sofglDwKgBBgG77JCDb8\/gjKXeWYAQBAUYLAAAAQEIClJEhw4whL+nFgMDETsCAABVAwNemFWW7R35oy+pDouxbKQc3ZxSE0RLhoRWbTV6NPlktSB6OAAARuc6MTC1YmpF4SmrzBdvOs6F07smAuHCwru2ycAwAAANABcAAP8BAAEAAAAAAAsAD40AD4oACcwwggnIMIIHsKADAgECAhN7AAL0+uu8c4DySSOTAAAAAvT6MA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgMTAeFw0xODA5MjQyMTQ5MzBaFw0yMDA5MjQyMTQ5MzBaMCsxKTAnBgNVBAMTIHN0YW1wMi5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9uMC7tn8RKm9hx1Q+vclCmv2FS5644lZCwDqwzCYb8L0QUXObmurDTp9z7imH\/68rvf0\/+KpPvZzn8n+A1ECu6H51tc4jh4cund1rKWCEvaClslKP1O5XZfDppym7WFQSIHQp9LXW26FaTqarCYkxKrkm\/lTdJtaXF5\/C7ZRJIFVaL9dmL\/uMiooAbDLhN56zmBjGeB2V01oJAQhD\/q\/lznyyirBK2V2vQ7WyyX4O7R5ox9CbJ7fjHmVfu5B\/IGhKzckLb+kPv4Ou1DFiJ+VjXUg8+HNiqYybm516lzAMR9GTpDm\/EaK\/DoNiRmeP+V6xIxpVOXNmdtJ2yXkhn+AQIDAQABo4IFgjCCBX4wggH1BgorBgEEAdZ5AgQCBIIB5QSCAeEB3wB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZg2YTSEAAAQDAEYwRAIgNf1dCr\/A\/68iTF44ctzG4dfYj5k8kwrcMxb+OAftshACIEOFf1L8DyVWvGmp2q28iEZd5RDO6L\/3eE60TQKPTKibAHcAVhQGmi\/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFmDZhK0AAABAMASDBGAiEA6k0qgGOQ2\/4vWshsmYpY7DSpdiwLlTeFqoSnh81\/2Y4CIQDv1+L779lV6U+goVXZN5Lr8mJnM2dtvY1ZqBBLJZkaOwB1AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABZg2YSsoAAAQDAEYwRAIgWKBW8MG0XWRpOFEy6yhRlkRMXWMvZwn2MMfc6oSrj0gCIBftriorxFHUNkLYAHoFWkhm8hNqcHO+KKiAs49boZzUAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFmDZhLTgAABAMARzBFAiAA3dU0fJfG9tq5Rc4+sUUH+XraMuPYSatYD6LC\/2\/zTAIhAJWqprUivm3Ca3RKEfcrJtar2nlcdcqed0u5OIHS\/4PYMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYBBQUHAwEwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIh9qGdYPu2QGCyYUbgbWeYYX062CBXYTS30KC55N6AgFkAgEdMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjAxLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTAdBgNVHQ4EFgQUiTQV2m224F\/j"}
02359{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2132,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":950878,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdpAAGwG19oofglDwKgBBgG77JCDb9WAjKXeWYAQBAV+igAAAQEIClJEhw4whL+ni+Wbrav3bQpcZNAwCwYDVR0PBAQDAgSwMIIBJgYDVR0RBIIBHTCCARmCGWxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CG2xvZ2luLm1pY3Jvc29mdG9ubGluZS1wLmNvbYIbbG9naW5leC5taWNyb3NvZnRvbmxpbmUuY29tghpsb2dpbjIubWljcm9zb2Z0b25saW5lLmNvbYIkc3RhbXAyLmxvZ2luLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgh1sb2dpbi5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIfbG9naW5leC5taWNyb3NvZnRvbmxpbmUtaW50LmNvbYIebG9naW4yLm1pY3Jvc29mdG9ubGluZS1pbnQuY29tgiBzdGFtcDIubG9naW4ubWljcm9zb2Z0b25saW5lLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwMS5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEARVCFDXaNOijZYnNGoRWvtuOpazT+6a5NhffPDEd8mw13I5P2ZjdjuwO0BCuAa0rcrb9Xsv2qMoirtQ46ssv7U4RUbJ2q644olWDdoDLw3u2IwAi4+it8uqFANVWf479pYNzQSRACICWvLYyZOXoCzSVgryqqt6S9JYKLV\/5cOCwnLGXIMXunQZDJ9OLbjk3hV+y1gACDA7qTWXqQxmgI9aFpumAbRwTxqZV913sHD\/Cf4ut1VrXdDHEcgGroOgboavAnBPF1buLwyr8dsFVfenl1cv4K6OyxBhOa\/qPQC3E1A4UNtSz4dz0swsNbngQZDrl3H9MqpMRswrpJ9jUAZ4uzcbjmByMFT7UrO5NyfE2e754OXgg0kzSG7F0aYPVW64WQaAN5alS554Apkxzpnhy4dbLpcc+qDxw4uZRbEMvvqiGy3Tzvw2N2ZlLhpfCA79zVH3D9QcugIgQY75KsamAAzOcbXq0zT0xKgmRKBpdzG5DeC2KsBbrTTak1bUSSPLjvYpHhgabRiV7OEik97n1Dth5jNj0APlNTe65xy1gwKh4ItrHo4sQMKfxY9NyTKSBVKN3poUeJpe9p2ArtCr\/ZmVWqTui7XFpZPfiQUHWHxyvx0VTPR40NEp\/NGn3Uw7Bd\/MS5F6AKZAjGFEeyvsfA2p3QKRyzfNkfQWM3fP8ABbgwggW0MIIEnKADAgECAhAIuHpQG76c2i0WTT45Ub9VMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MTI4WhcNMjQwNTIwMTI1MTI4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE"}
00425{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2133,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":950934,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd5Zg2\/bIIAQD9PyAwAAAQEICjCEv8RSRIcO"}
02378{"flow_id":52,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2134,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":950998,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPdtAAGwG19kofglDwKgBBgG77JCDb9sgjKXeWYAQBAXbdAAAAQEIClJEhw4whL+nCxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCO8\/GEdXe8vsmk9RalUytQYJnc2H3ZJLXhckk3SP7ahpOjfR2aSxBNd3l+Zal8bjbiR9Q2SdDMJAInFOKucc3ZV3Q8EFYZkkqHYvnjkI1e3tFBGxqmH0CiLB6OVdcm2GhCq+wN3t1eYZWzrGyBzqjgra9fyqbkUWguJ\/1UKnGkzLt+kvH2U1EFMdAZgrDKY9DySgALzfRpS\/RallY5JsmdSwpjNDKApQTl6ii3wQDAbRrwKNRKj4CscxnY9RYvra4Il2IGLP7npfCtQVN\/jSsxwxRzId3jeGOcUYa1okhJwHkIFUMAK5m4S+DHVwdsxLmmVC0BU\/Kj8qTM2cFU84jN5EwT04ozIVitGL++OYFwOWk3+FukY+8JB9+HGmLHmgjF0R1eYnYB3WnmOLtEsC1NOsYugOBgclvyzOaOXDohHl2wOSu96hPLlsu2anSMjrwOEJ8bpUBBj5FcdqcO8ao6h7cMd99xai8oYUItkA9yBatn4MF7y5xAmsQKCESMfD26qQ4esdkivR9fQWpzVPZm4qD5pjne0nfzaQS\/t7s8xJP\/cgQctTadaH\/f+jlPsvaPuRz\/re0OFQjjhnzySEl3lxb2\/QD2T6Zeb+c5wFFlPeuxlzDs6p5z\/B4soN+Lz3NftQ4GQhcmlezYqSfQ0GWUXOI\/yigppSD0yN1dtP\/m3QIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFFiIn9bcnEgitxQ+\/4SI6OaF\/\/p9MB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBADCaxp1q\/e+TCAy+gnf5dqBtnnswI3uoKVr0aj7HCwyW37hLUuQNnDjteGO1c8AcHzvgp\/9\/SVGVMrjQm6nlz5YDgYDVSmEY\/sRqxt9\/QUYinIBm6w9CoOTzpCGjmNB6dPaM6MPSK6orzhFZGUTnXAcJQuvX\/RVNuW9sRDUmh7qjO2iwgecgyX8TAvPMq58clVDLrmSAu4cKXc6ma7J94z024ilRtyX80AnjsK3EYi4+foUmsvav920xc8YZmKlykwLOygs9POzZcOiA9RareGqHTcaBN6gKdoEGqO8XYHxwEBM8ONczTOQ3ZQj7kbPoFnZhKmX1WJSzRQHvwE8De7gMAAFJAwAXQQT5Q3NX5+d\/vhmyEzQZS24FRi7c0NlInzlo9prwvSS72XN3ITGDUUkf08M476kbOOUoMMHqYQc6oj0O6bfXFDmSBAEBAFm3RbnkZSe\/HZkUuzk5CD54825akP22vFckBYApYbEnfNvrl90DcYqxlxOAbK4etyjcIHygT3cT2gKpEWe+eUPlMnpe1sulvXKKf88tgLx26PfwFVhF9xiqEb+vkJFQXYsYuZNO3++Ldm7pqxHnd\/CvToZvWRE21DTuItVwd6VmJkluYxROw5v2mbQk0b8ZSRsEG\/BaMPLjjujzzMq4YUvwks7E"}
00562{"flow_id":52,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":950999,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"pkt":"KDc3AG3IEBMx8Tl2CABFAACUPdxAAGwG3RgofglDwKgBBgG77JCDb+DAjKXeWYAYBAVCNgAAAQEIClJEhw4whL+nQ32fUU3wgpyNXOS+YAQTaKFItA\/wMBEfcoJdzfo7Vhy7bDY7\/0CPvRpu\/u8Nd\/XiPGZZp2CcfD1ltBTqX9aHWUFSItU3j5\/wjZXSsX\/40JJB41OxGJ\/QivD2yTgOAAAA"}
-01368{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_tot_l4_data_len":4970,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":552,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}
+01379{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2135,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":9,"flow_first_seen":1587041686889,"flow_last_seen":1587041686950,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4662,"flow_avg_l4_payload_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"login.microsoftonline.com","server_names":"login.microsoftonline.com,login.microsoftonline-p.com,loginex.microsoftonline.com,login2.microsoftonline.com,stamp2.login.microsoftonline-int.com,login.microsoftonline-int.com,loginex.microsoftonline-int.com,login2.microsoftonline-int.com,stamp2.login.microsoftonline.com","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"678aeaf909676262acfb913ccb78a126","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1","issuerDN":"CN=stamp2.login.microsoftonline.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"7E:0F:A2:51:8F:FB:49:30:C3:34:07:5E:F8:7C:FD:34:20:A2:96:63"}}
00426{"flow_id":52,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2136,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":951040,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd5Zg2\/hIIAQD9DsBgAAAQEICjCEv8RSRIcO"}
00598{"flow_id":52,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2143,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":961193,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGRtfAqAEGKH4JQ+yQAbuMpd5Zg2\/hIIAYEACglQAAAQEICjCEv85SRIcOFgMDAEYQAABCQQRF1\/1oMSdAxU1Mhx45DP5rD7GL3YTR99AHtI6CS5oE4zxa53P4viOFVIG1jEeguhsWdkQLAbDAklx91P7lzGi2FAMDAAEBFgMDACgAAAAAAAAAAIsLD7O97vjhH8lCxLcrSKE9fDLXgiaI+ndnxfU8CGCX"}
00496{"flow_id":52,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2149,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":989758,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnPd1AAGwG3UQofglDwKgBBgG77JCDb+EgjKXe14AYBAS3VwAAAQEIClJEhzYwhL\/OFAMDAAEBFgMDACgAAAAAAAAAADZpCQltcb4W89AtkdO9slaMxcqcxRBEn0SsLOBRfFJa"}
00427{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2150,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":989876,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR1XAqAEGKH4JQ+yQAbuMpd7Xg2\/hU4AQD\/7q2gAAAQEICjCEv+lSRIc2"}
02365{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2151,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":990857,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAGQcHAqAEGKH4JQ+yQAbuMpd7Xg2\/hU4AQEABNrgAAAQEICjCEv+pSRIc2FwMDBr4AAAAAAAAAAePA94OGpVBLytLIfaroE7oqp+HOXd8UByPugH8HzrPxHY6FbCeiWSuRr5zpNXdpR1RsQklvrI6HCoVzS6XUdIKYRsmPO4RJ2a4E1u6OwWTePx2dxO60BO+qIdaZ5ecNtxrmRIIUi1e1Trl8m8kAsb\/VbNaIPR7hOzHhbl+PypQ9GCfmgVj\/fxHQISVjgqCa8FkXQxPA90ZNPOiF1hfXyWHxiXMbo8ZrFOhBnsxxfZiFCWF3E9YOUGLW7iCkTl90elvDyrmexD0ZfbytvWp\/gUgVwh8RkSDmPblo4ZSkiRU0VDGLSrHQoNt3wqABFEYBRDzXsVAh8MThL3+IqsQpVjPw5oYPDjeo3+xpjYpGgcLm3eekFOemHb2sMXGYiNLYvAsORs6lEkfgVcxWkpTJvE34NcuHORFRSZ0IUgZ1dscJvS6bIFBGdnvA2W0maKiA3H0YD6UA2uogVS7MwY2oXUofDoDwZO5uDMX57KUQ+cr866deE0u7ipaVduqIEp8GnNYxCcDgGsju0RCibBjASiYBbu3mpXeh5epFHGuxHRYKMxCC27X8RVdeTH8JDHuO2nvY17ZrNIqLlQdT2gzfNow05J1usWPgsfn2UaL2pca01ZMYcnprMp1yyKvuL1wI7WWxrRpfHP9Xl+Ip7y8q6BeuZ\/e2nl8oybNEkOCvP+P+wqvczxBIfxipTRAVDBO5j\/hCWBDgAjVVWvSUU\/4bKyeqBxBuUckSS2l126lImxlqhDN752EBOoS7IUXDNgqOiqc1AqegdcJaM23lOplPvxancBb6PP\/dZMlZFmJKfQrGzvkPMrkAn3wpAvrsMxiIEJWeZilB9lD2I47th3wCcHXBOWURaTK1OMDYQ0NYB\/5VJ282WNWThXOOC2PpdV9spt9akXKXGPhDjkTA1pT6I\/fAaF0K6AoYo+PgVgPNWN0ZtPMu87dzvl4a9rLl2xDOsuWPbAoT+EYjTlKzuigNrU\/1rOK19D\/8DowgTfc6FK9Nxz2mA2w2vI6DHiWE8WSwfEcZyCbJ2zLwT8NoYVftk0XavGvmEoyb44Bbz90\/eeSN5Vr58wutjx9faAc5iMMVwIK2Js\/oydOBXaeTfsURd2dRcROAB0czOCJETnJDO1n17bYR2LlKYI4EzlerwQ4PD21NZAlCwT3YxCrUaSYCoPRDlUVgo9Dh2X79F2BTGQi5BF4f7B+wG7boz\/kBE5bSdJXAn0pSSkOl8ybYDTK84m1wcEHwGDnUlCrVopvZJJU0WPReT7JdPTJNuztetf\/0S+yp9NNADe\/uAgy2y80hYfysGsjGFU+WvzInfYbhbU5hz\/pTqH\/JK7p4pWtRnQdscy1FrkdkENLAQXzRE8jPzA\/1R\/bD7l5+4X3bozs9z8sggarZr422ILU2L0V4o44eyZLWaSc\/pUcwD5vjKaxKUYH4hjeOc9rYdiKfoxiA6CYssx1aMm\/86YVLhrpq6YcFbxm5TbZ9681fAZw0xMCmntVIOe7mL4IaXCZvomgA0dovYjVmlm6RFkvU02tjQXxpi6Af1ekZWphYc5vKYGlJU4X8kCv5HtHoHZ8XUQ1E7e\/9w9yYB+\/Y5uW\/r\/tnpLB93a58YEWJSvj9u\/g2QOcybfAefqfllvkVj3IckRbnmgMIrOv5sAjYloF7AnSDCqHf9qPRn6NWaeGBqp192nwhaWUHpMLpOrsPM3qHyRJZmgP+WpRmRKw8Nnytuo9E7mmI+nGT3qHxuAkXPIdv6ilCZwdtuyZ6NWDgiWLKaj94jQ2nxJUDH4EQaFPgdwD\/PBDv0+l7Qw6Id\/+oPXfM2Zmi7tSgctaTANJmVk5dlzzfxFGg5DiIyULK+Y1UrBMY521S4mY19PeomcDR4x2n8AGxYBc049BUeffY"}
00840{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2152,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041686,"pkt_ts_usec":990861,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"EBMx8Tl2KDc3AG3ICABFAAFjAABAAEAGRibAqAEGKH4JQ+yQAbuMpeRrg2\/hU4AYEACL+AAAAQEICjCEv+pSRIc2T3+mjlZiqvbSIDS3yLvmShrsZpTdEV0CSknJx5v5+YLFlaaPK8+ftc599Xj2DRHchYBtpvqLLN+5pP+TvtxqTjsw5hzPtq5q1uzS+S9M0Km3DX5xYcUsZT9velQx0jRi4+X2MlHPL7YU7A6KRKGx1OVWljS\/7qWTSdb0mQKgyQ7pWtIixslp31xh7yft5bDMRxJliVXwceBH\/1w+ox97x8oBqUiBfNWVaj3d2hGQG6TiV688PRENTqErJXTDMUieGv0vJkh\/T1OzjQPCg7TZe4oVOcBmRO1r2t25kvfR6cqsYFMYuDBXWEvlJB4cg\/smK4evTuN\/c4rerSDOolH0ulyxPnAKXgqzvFsJl5luX\/1O15UOeC9pxDfoRB3THa6onajGaeaSN\/0s6q9KSVT9"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1587041687245,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1587041687245,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":245112,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIeyRAbt4yq\/kAAAAALAC\/\/\/rWgAAAgQFtAEDAwUBAQgKMITA4AAAAAAEAgAA"}
00436{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2193,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":293530,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8EaVAAGwGudU0ck0hwKgBBgG77JHMBk4keMqv5aASIADnTgAAAgQFoAEDAwgEAggKYPR58TCEwOA="}
00425{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2194,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":293639,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yq\/lzAZOJYAQEAkl0AAAAQEICjCEwQ9g9Hnx"}
00706{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":294098,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmZKwAAAQEICjCEwQ9g9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
-00772{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_tot_l4_data_len":354,"flow_min_l4_data_len":32,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1587041687370,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00783{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2195,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_first_seen":1587041687245,"flow_last_seen":1587041687294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1587041687370,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":370480,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1587041687370,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1587041687370,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00706{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2197,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":382278,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"EBMx8Tl2KDc3AG3ICABFAAECAABAAEAG9rTAqAEGNHJNIeyRAbt4yq\/lzAZOJYAYEAmY0wAAAQEICjCEwWdg9HnxFgMBAMkBAADFAwOyv9PSQv\/SmdcPkRjuFnJs95jqk9PvclXpwloDxRoWsCDkPAAAKbM0d7f12FXyaEAA7qD+P9kwtx+HS3tAUpaW7wAewC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAXv8BAAEAAAAAIwAhAAAebW9iaWxlLnBpcGUuYXJpYS5taWNyb3NvZnQuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEACwACAQAACgAIAAYAHQAXABg="}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":412781,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","type":34969}
00780{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2199,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":427043,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETBAAEARZ+HAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJGRMVEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00440{"flow_id":53,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2200,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":430016,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAEaZAAGwGudA0ck0hwKgBBgG77JHMBk4leMqws7AQBAWoNwAAAQEICmD0enowhMEPAQEFCnjKr+V4yrCz"}
00692{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":435320,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":49,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1587041687436,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1587041687436,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":436782,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5oIAAAAALAC\/\/9njAAAAgQFtAEDAwUBAQgKMITBnAAAAAAEAgAA"}
00436{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2203,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":466298,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8OsBAAGwG7o1oKLuXwKgBBgG77JKBluUGb4uaCaASIADVGwAAAgQFoAEDAwgEAggKAbkbHzCEwZw="}
00424{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":466398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
00716{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":466635,"pkt_caplen":280,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":280,"pkt_l4_len":246,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEKAABAAEAGVIDAqAEGaCi7l+ySAbtvi5oJgZblB4AYEAl2MwAAAQEICjCEwbkBuRsfFgMBANEBAADNAwNcYEYY9r+P9DTmk4+ghvjGxbgXLamZQ7BCvuLi0gzQzQAAHMrKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACI2toAAP8BAAEAAAAAHAAaAAAXYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAgqKgAdABcAGAAbAAMCAAIaGgABAA=="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_tot_l4_data_len":362,"flow_min_l4_data_len":32,"flow_max_l4_data_len":246,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02365{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2206,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":512045,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsFAAGwG6PRoKLuXwKgBBgG77JKBluUHb4ua34AQBAUPSwAAAQEICgG5Gz4whMG5FgMDF2ACAABeAwNemFWXWoznNEDG0nqSFdxS15urfQPAW1Ki15lKX+AAtiAKRAAA667wWoqa+vDiRfvp7swmXkbxWCktv+PyIN9JCMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADpsADpgACNowggjWMIIGvqADAgECAhMtAAcUzkF9hlrqvm6yAAAABxTOMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA3MTYwMDAyMzBaFw0yMTA3MTYwMDAyMzBaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYCLN53Kexlrvsr+3rXZR74UHw5zlzegNiM6ErPRT\/txn4iFY2zFTqC+sWY7W7Oz4G1tsBCxRCqDiWTxn5SoBhxDmnlpMqOtTTpv5IM4kd\/8Guw\/818ANBFltXQet6T9XZsisGK5x9lUCYcHW8ynBG3v5uNf0Z6m2VB67+wzZ2C3iG0UAM447HUmbA40yblclmVBneenfOna+w64hv1nSyt5YNMGiattt3RBLqQ25FUDZwDSm6\/Xrxs5bFSfj0HMxAb5EpzZ2SxfSP+UgsmRV0Oq\/HfZsAL9LwqbT3aESBPoyba7n926l2qjVJiyrcjkPpm+NqXC8ligQT0pRVDCcpAgMBAAGjggSXMIIEkzCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+sPAAABAMARjBEAiBx6hq9wYK8lGTp3u5E7AFX+BkbRLRZ5Lup8OuEt\/B0tQIgGypwFVlROzmTzUQqtoWQp2MHW1EriZKLwX2GVgWat5wAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H61YAAAEAwBHMEUCIBBA4jXntmRWzvCXbsrMW4W1hyQue\/vS7Ncn0z5ewGEwAiEAln3ydSWKxMs1mek8BuU+Pp\/Ar72loNB67Ntve4Q85KAAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWv4H62XAAAEAwBHMEUCIQDLjQfYXTzdnrjIDBYNPqxZrBUDuC2VVPJNvuwXJuHkoAIgHkqG2mwJ4b5UFgxZl8\/iCIL8mYENQc4ZRdEfVujQdbMAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWv4H6xWAAAEAwBHMEUCIDM4gWIHlpsWZA++c4q0XblHDWvH710R4c4I0Xek5jDJAiEAoovM291ZXguFtfeLFlqPtsBXmuKsHbLob14668lLPKIwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBRaFtJxTHeO"}
02376{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2207,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":512265,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUOsNAAGwG6PJoKLuXwKgBBgG77JKBlvBHb4ua34AQBAUKLwAAAQEICgG5Gz4whMG5u7ULEJXx3wLpj46dVpk82I\/TWPtckn49e\/hQSVr3EHt3+OZKkEpVUt6UrXQJoGRXLM0HkJ8WrZXD0Qa68e9sBbUErKncGzGbDi0ZlQRP3mbLrTVyrxmCCLIUOhZfsDyb240MsALWJh\/oFXHE7\/ljOUOM6cKSLqHCoDAlDpYnX56jK4LWEL08GR6mh\/5VITpcQfwBmMwvkv9mOLS4ZpwPEmhLSqyGu16Y\/56mnFNsMxGk0K5SR9eLj\/GWrLkpmo8s8a1kGMMmuwBk3lBwwLvsxmuu06DvwPFcDfLMelnaGDMvWRCtZxQsXyJDSkTh6N3g51UWTgnvA0wMSFBa8APfju9jyltnh0NALAa2Hw8+U8BmP9cUFeYIYphIfoPlp7VdUS1ULWH9NF3Ut4DN0n3OsSQ785dsbBPeihfJivVIlUL3EpDjEBf2oQDFNiplkZ4F7EIuWriZG\/\/UTrX6ZlXZg46\/CCmN+gsCAwEAAaOCAUIwggE+MB0GA1UdDgQWBBQI\/iWfdOqHBMK8u46oOF8zxtFsZTAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMJMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQA+8s8wpXq\/HmrfOVgYKDzDne7ngcVL\/Gf2vx9ON9re8K\/uivkDe2BndMc72v8rSuv9VHUTi+XCgRK6UhIguimKOs1DJMzVFwX+nBY\/c+BtQcB2PfKrSMVZYmS6RE8KGII\/Qeo\/GDpY56AwV3X10WoxFLaUmWXatugB3uSr+7Xz5RkKGF+kAlfetlwmb3P+Lgn1CEPED8ckf50oZ2Wh3FvwOv34cIXnpU8k3kI\/HUQ7XYUGhR0eHNTZTlHk\/R4RFsyeANmXGpfjZceGNRtTdr4y0SxBSUujPpMMW3dXBzA8NYuM0WmiJ\/pV6KudEB7RF9+6bInTyVvXC5SIqdi0ldeOFgAHKwEABycwggcjCgEAoIIHHDCCBxgGCSsGAQUFBzABAQSCBwkwggcFMIHHohYEFCh3Ac5lnou4VSj4K88j38W8dhpMGA8yMDIwMDQxNjA0MDkxOVowgZswgZgwTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0ABxTOQX2GWuq+brIAAAAHFM6AABgPMjAyMDA0MTYwNDA5MTlaoBEYDzIwMjAwNDIwMDQwOTE5WqEiMCAwHgYJKwYBBQUHMAEGBBEYDzIwMTkwNDE3MDQwOTE5WjANBgkqhkiG9w0BAQsFAAOCAQEAkY+0NVCyWnq+KPa32fe1YIM8e2fy76JPV\/ftYnZoOTbZstat2664voPYQbNKH6uJ8oX7n5yD5itDCtjsRJZVFK1Tb\/ZzdchtTxgjdIssRQ8+F8RPAqnyvhpLwX2IZf376QSSrDcWEM7QfOHS\/Bg+4SrfZ5g2BwhM0x7K5tLR\/L+MvGMS+aqcMsJfTLF5lTcwxYQawJGRvV4Ae8vgN9zTXYLyO7NpTrQ5LrcuO1YGXNbLEEgmzqBua6maBgC6c4sAiSdRxcyD5zIll8Yeiu3WP8s8"}
00440{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2208,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":512328,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVUrAqAEGaCi7l+ySAbtvi5rfgZbqp7AQEADtgQAAAQEICjCEweYBuRs+AQEFCoGW8EeBlvXn"}
@@ -671,7 +671,7 @@
02360{"flow_id":53,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2224,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":544008,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUEahAAGwGtDo0ck0hwKgBBgG77JHMBlPFeMqws4AQBAWI0gAAAQEICmD0eukwhMEPLnNreXBlLmNvbYIQKi5waXBlLnNreXBlLmNvbYIiKi5tb2JpbGUuZXZlbnRzLmRhdGEubWljcm9zb2Z0LmNvbYIgbW9iaWxlLmV2ZW50cy5kYXRhLm1pY3Jvc29mdC5jb22CFSouZXZlbnRzLmRhdGEubXNuLmNvbYITZXZlbnRzLmRhdGEubXNuLmNvbTCBrAYDVR0fBIGkMIGhMIGeoIGboIGYhktodHRwOi8vbXNjcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmyGSWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcmwwTQYDVR0gBEYwRDBCBgkrBgEEAYI3KgEwNTAzBggrBgEFBQcCARYnaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzMB8GA1UdIwQYMBaAFHp7jMHP56DKHNRr+vvhM8MPGqKdMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEAUxCmyVHd3H7BNm7xrFDWc0lUKQfFfvZJj7fGm702yYNfNb17H3sDMMybFW0xvlL9Ezzab9UkH29uzppLcvgSPbaskyoVw+2aUUDOWU9BNPXX55faad2R1I6KtC+PfV7YLtmbicvSGz4AqzYw9ZreqUymbtwFHx+mEj1q7bV3EnUB\/tkVGJLU4rtEsbNOyNY0rT1MPRe2qZ6z8OTI\/Ubwew2S+CzQq6NSEinFnoQ24d33L9+Q2VR7IJxgZJZ0JLJRb2EkmyBTG1bJPbFiADdV1t9YSY2ps7oVekv29d\/XDIODAnQFR1IHqlMXtC77TWoRsh1X4rC3iStLm+7YDXNcZ\/4Mj9IuoDmWavbkJCD0d5pvrPILAZtuXahuvQzQtAY2n0vu1+AhHxMbk9e2L2iJYbk++P\/GCSsH0E3MwFuGBx2aD8kcD\/GasOSgJ2hX1PemGbx7\/Y9FGQudVhN6gkjLviiZxZQGDI3hc4aNkSo6HFXMcwVO63+RLd5FmQcXxQ4wQgOa8gPG9Z+WsefaydUjjPdFmpvxlC8L\/\/hy5Vj29oZ7skaSNpSCyBSNkBskAzSt9el50ZVrhM5J4i3BG1jJVGu2oqjlyxlbfhoa6VdObxpgGXjYRrBKCYMJOGSIW1HBsVpPOHiO3HTRTWSc3nsno7KhTt65NB2bdGHaIXFW18cABbgwggW0MIIEnKADAgECAhALarOwPrGp9sRgkmqozf6zMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAgBgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMTYwNTIwMTI1MjM4WhcNMjQwNTIwMTI1MjM4WjCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UECxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgVExTIENBIDQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr5etdo2s5nvU0iBK7HVImXX0JC8Z5jqu3Dt8Zst3uD\/bu9FbkRuKSD+JnC+MccaTUQXO0y5kWjr93fbCvHmztcS7DCHdKXpKu7FrQSIHQxemg9XqPHo1e062SwNrGkTUxILk5"}
00424{"flow_id":53,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2225,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":544052,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yrCzzAZZZYAQD9MYCgAAAQEICjCEwgVg9Hrp"}
02215{"flow_id":53,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":544137,"pkt_caplen":1389,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1389,"pkt_l4_len":1355,"pkt":"KDc3AG3IEBMx8Tl2CABFAAVfEalAAGwGtK40ck0hwKgBBgG77JHMBllleMqws4AYBAX8SgAAAQEICmD0eukwhMEPBM0QKjyXHQCemRgYCc9Ll+TJ\/ADwDFqdNuiyQMFKrIQoqj1GGCuniqz0r0uofklCx2IgwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0MAAEoAwAdID2wq4f0lQfGVzJpXBccxBDfZYX0KpmIHjjd+E2DHQNZBAEBAHxjoU6KZqBWhq0to7klz28RtGCRfewEkiZZBupxVk2we2bTgitxHqh38ATXbY6PCdco8CFnNkHHFgZdf1YWP3eqxrQBJtIN8v1Uuab4peByIwFZ\/dYYbC3uCEfCFW5OLi269pqNDsX\/TobMaAKTY\/TJsSzK3l0fJxe6R6bSuN2iphhnLK9BLKRuwGE5arn5UNXv1Nfr82AeT6RqxXxcL6t7ffpnSbteYKR2CfLp2AXxoW85XqE3nt\/Aw+tG+pzzCq\/O7jSXvqYa2iiqDjVJoI+YgJlx\/o1Ox4KQIi0HyWy+8bc+ldGKSyt09\/kuFgloinUAIqrEuWDAdTSrmLCvlcoOAAAA"}
-01301{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_tot_l4_data_len":4967,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
+01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","issuerDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00425{"flow_id":53,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2227,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":544169,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yrCzzAZekIAQD6kTCQAAAQEICjCEwgVg9Hrp"}
00552{"flow_id":53,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2228,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":545241,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"EBMx8Tl2KDc3AG3ICABFAACRAABAAEAG9yXAqAEGNHJNIeyRAbt4yrCzzAZekIAYEACxYwAAAQEICjCEwgZg9HrpFgMDACUQAAAhIEEei9EC+K5+wTIH7nn4OrBCpvwIyhcSNoau7TZIohg7FAMDAAEBFgMDACgAAAAAAAAAAJhotVo7bnsIfNVJhUttAitclNGZcxD+p1Dd2JviYPnO"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":611308,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
@@ -679,17 +679,17 @@
00497{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2239,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":618688,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnEapAAGwGuaU0ck0hwKgBBgG77JHMBl6QeMqxEIAYBAVw6QAAAQEICmD0ezUwhMIGFAMDAAEBFgMDACgAAAAAAAAAAKmibfDE971fe1e\/39N5Ncwu98x5\/x81YgWFBEvwX87I"}
00426{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2240,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":618759,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyRAbt4yrEQzAZew4AQD\/4RkgAAAQEICjCEwktg9Hs1"}
02363{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2241,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":619835,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"EBMx8Tl2KDc3AG3ICABFAAXIAABAAEAG8e7AqAEGNHJNIeyRAbt4yrEQzAZew4AQEACbkwAAAQEICjCEwkxg9Hs1FwMDQBgAAAAAAAAAAU7pYxlahMDWRzm9MFDgTtWid9FhYd7u+WsyEYSwBibY07OoGT1CwznR0tLGYhMqBxbDN9vic3fzw\/IYGGnoKKzzTy47wPGZjbmjTn8dMJVD5tOwEHjdetaUGeeDKOJuXarE\/8LhuvnzubzxwigYsvE0AWh7exGKJ9OIBLGFKErhPtaEtPyniW\/yvGC6j4V5\/CFBqXZ5WL1haaEk\/ZjAzh57u+1VBM\/wRYp+hdNLwXvCCWDyIPDaa0FFUvOl6qrDnM4S5MIC8xvbk8GWMVUjNvCpN2SAbjujkywLs+w2uYREU3ifWthY8y3aiqGhkbqqD3FFSDjkrOYg6XAZesZXevuHC6VVrOXWKgb4Re9RxLJFHoYlQpm\/JVkNwnBNB75t3Mv0nmSTH7fNNXXS2lAgrDQYYJz95oLeu90PmgrNDR4v7SsPKyi\/9RPaXtjlIiTbBWjPLtC07VGNizU0VL4HIzZmf3gUaXqn5ShkFdtkejUlml428oIUjL4zZQJuXxOJhDmjt8bPCyjiw0K5jFYV6XKaWcgGKqaFtGaRH4bsKdpJQW1O2xVYhWr4KJqMjjiJNKaXX9JN7kg7ioy2wXnTWVoYgbARgNXAa3lw9MN4xEM\/eU6cqvvf7kokL46vpVf093TNPtegMKvXERjVVEXBKLBRc3hADgInKSHS1LyMQF4vpg9OhOl\/\/z5kWRsovrahDJM5W76w9fTCBF\/tDo1uuWKJTZhKoXy4cff6zXh1SHCXseb1rIRfJ9hciowdJTpFFEP7BBwBb+C\/By0g3wrmr8VU+nTBmC5zw1agZ1foy5CKPOzNFSbIyAcRDK6R8w4zov8n3nf6g2XGARkpti6CijLJ9M18jwwu4I0D8IjjsNpSWcyLiW1AsqT3rs6gUTdgPb7X3PZ6bhC\/C8XLVGEmlc5KzFj08cxJdQO+gNAcD4CcsX3s5Kc71xM8hqLvkHfO4bZSAYYgT3u532iSaqScjpJbhES5B7L6TQyBgmjF\/UlqNn9Un86Zd9jsOwcMEXQP0nSkyL96CImG6rRqEQ6caWrp6WoNSHGGCIs6AVgd3toq8BbDydkyiThSrDa+EikhyK5LJlI+fdBBjZB7KmciUPVZ3pP3pBismpajZUCwX5pKswfiRHqMvs41I7VvHeuJIT2vz4FGAp7bTeRKru6nrBZ6bVFRkd9+U3ZLeacxYOSFo4+lHHxKSVLFwR8hTzrY5lxWTjBCfFWPKTJT2wrvtXZqpoNOY6fLOWGqZmstL8GbkXTJDyUUaRI5+Qj0r1CgotaTR2eR0AqkW8hUzmBzq2DebzbvMViLJZRRhKNJsld5j\/2MS8xDF1TOVtNO38KkaOLsl4pYgJx1UqF\/UZjBZkr2ZGQydCWR4XS27nfcpSakppKps\/534lNKE8Cf\/gggdu5z9zzeGGuhfcDuiJcMOyzfozd\/t1naCilqNSWR2Ri4RCIK89DYlJkWngqZZqAxpQWonPAw5HLhu3i0LtfxkHAmyu00XaJ6dkCGuN2kg7T\/6+BVOreag\/L8Q3YkGqOB3DmkCrHmMUxe1YlBrH0zJqbI3+8\/InBymHqx0rNT2q67xptFmc3j3Yys50HFz\/Gp3UON1gmlNQQtXvJeVjQ1ghHQxV7kuEBmO0pHxHzu3g2SAfCfavImjSSE\/20GqcSlmZk0eDJ61opqbP2px85hNdktAnnOQTuFIRMLGCfxNziUFF2gqj48mGjuQMuUracRHxHK5rFzbQ8aRK\/bybB1szkbR9APadQ7hrcGKmJGELnNhsrukgUDtsE9mrUXF\/x5CwvhquoBT5OaUOPq6LjE\/+TkVSkBcwVYhyK+HfgTcTskywHwCgPHYu8ASXMIBgGouqXa7eg9Olih1NMPKL9q2hUOoQAbsxIw"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1587041687731,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1587041687731,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":731296,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
-00647{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1587041687731,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1587041687731,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00639{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":745080,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"pkt":"KDc3AG3IEBMx8Tl2CABFAADTPBBAADkRgbLAqAEBwKgBBgA19Q8AvwAAY+WBgAABAAQAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQABwAwABQABAAAGxQAfCmV1bm8tMS1hcGkOdHJhZmZpY21hbmFnZXIDbmV0AMA8AAUAAQAAABUACwhldW5vLTEtMcATwGcABQABAAAAOgApHWFtcy1ldW5vLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwFbAfgABAAEAAAAVAAQ0qbp3"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":56,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1587041687745,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2260,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"euno-1.api.microsoftstream.com","num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.169.186.119"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1587041687745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2261,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":745932,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0wzHAAAAALAC\/\/81+QAAAgQFtAEDAwUBAQgKMITCxwAAAAAEAgAA"}
00436{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":789261,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
00424{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":789367,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
00724{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":789561,"pkt_caplen":287,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":287,"pkt_l4_len":253,"pkt":"EBMx8Tl2KDc3AG3ICABFAAERAABAAEAGiRjAqAEGNKm6d+yTAbth0wzIENQdkYAYEAmMqgAAAQEICjCEwvABIndtFgMBANgBAADUAwN1hCAWlzZVXD7TCb6igB3LJP9WVkluJUaJIbsmWjvyJAAAHCoqzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACP6uoAAP8BAAEAAAAAIwAhAAAeZXVuby0xLmFwaS5taWNyb3NvZnRzdHJlYW0uY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAI2toAHQAXABgAGwADAgACOjoAAQA="}
-00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_tot_l4_data_len":369,"flow_min_l4_data_len":32,"flow_max_l4_data_len":253,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02375{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2268,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":835274,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLJAAGwGP6M0qbp3wKgBBgG77JMQ1B2RYdMNpYAQBAV+GwAAAQEICgEid5owhMLwFgMDF2ICAABeAwNemFWXh6zC4\/H\/NtqCN0bOMCauIHEB+mzTfOs8euglHiDdOQAAbpqWXnIoaFoz5CwjBIm\/uwJeUgS1lb4+XjBSWMAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADp0ADpoACNwwggjYMIIGwKADAgECAhMWAAXWDX37jaDzNM+RAAAABdYNMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0xOTA3MTYwMDAyMzVaFw0yMTA3MTYwMDAyMzVaMCQxIjAgBgNVBAMMGSouYXBpLm1pY3Jvc29mdHN0cmVhbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3WyrqhMwneHn3ldwh\/L7UvhOaeyJEw9wAAoXcE2xoCmqN4VQ5dbEJYH2mvnyhH\/q6XQPMuv5SvOYFeFvBsXU42c+cX\/k7ETSWOHymPaiIe9DTakXAw15b1zeAID1a\/qtYq5SKoRqlJOmhP2W2Kj0sGRH9wfU0k6ZKAWCfTCOD3TUKn+kY2\/mFqcxx163RyO5fuue9HjLSPUcK\/XG71pH60ASR2HaDJ53frCURseRASs3N8sp\/lXPNSJpmTy7XzZlvWnjNXBXoGazR\/Ok20dcDNsKQLrS\/5IQoN1eesCyt1n77jwW\/wlDvDN1w4lyx8ZJ\/cWIxkLDRUfkhCN5r674PAgMBAAGjggSZMIIElTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFr+B+\/gwAABAMARjBEAiBFAIuj2Tc26ezbEtOORf3erX84s94DFwS362RUQnwe7QIgOIGvV6+3NbZm4ZuetunBQ10P6vIaYP3f6rBpFmv0R+kAdwBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWv4H7+HAAAEAwBIMEYCIQDNJZUV9kVpum734SuFZbu\/+8d+lBfpKXnRWlVnv4VBQAIhAOB8l0UtbGxz+O5oUYg0D5KcrYbc2wZN7ZDiNmBXUAj6AHYAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFr+B\/ArgAABAMARzBFAiEAuBvGi+GOETS1WKJJY5hLjgoB7c051zHr2NZg0TjxMOsCIDxZ4sYqPPwpfAkKARkELM5\/901w8Rli7y0l6JyGidHOAHcAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFr+B+\/jQAABAMASDBGAiEA+MKOXA0Ondu3DQFnrt75yf8KubCg3tehYpwWY4vXmlsCIQD\/nRJiTBIbc8ubEEHt73izO3Lpmnq\/6a3pOruDbMUQaDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMD4GCSsGAQQBgjcVBwQxMC8GJysGAQQBgjcVCIfahnWD7tkBgsmFG4G1nmGF9OtggV2E0t9CgueTegIBZAIBHTCBhQYIKwYBBQUHAQEEeTB3MFEGCCsGAQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9NaWNyb3NvZnQlMjBJVCUyMFRMUyUyMENBJTIwNC5jcnQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLm1zb2NzcC5jb20wHQYDVR0OBBYEFBqManmr"}
02374{"flow_id":57,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2269,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":835383,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGLRAAGwGP6E0qbp3wKgBBgG77JMQ1CjRYdMNpYAQBAWsgQAAAQEICgEid5owhMLwwOanO13rkB+7itickOM6sWzClM4+MmvLcbNBLrnF4V3YWSeC++FIDX7oBPH5ASdB+pRafcUwu7a61xGbiPoBzG5Lkrn4eDzLnGiaFmaI0JOwKoMulxEdfoEgYeSwuZucblOVlSLG2b11ELrZdYw8Px3QlvgzRXt7H1Qz5UiXpwUkotvR3JWuICp9lolIe5J60CSx3kgR92c8tN\/4WGD1T3s0aOb9rCYItvMsQ9tPxBbQmwxxh7EHa4bdj6Cx+2ba2Mvp8vBl5Y7YHOovui1k8V7QG1CyDIVKzzvILipqdYzArlzZ6cB8fXzanOO9SrBgB4IrfV3IEK8uYozcmv3h2blZSJdCGsNQgQsfgyJr5Ju8KSKC\/YBRXHVfDjXC3X8vemefPY5bjLuvnfTMDPuoH50hwfPnUhpdzhRXbVC4Se6xCyfS4mknEm7GwCY+56QrG4tTOAb6Goc64Et\/mRZOWT1ZafFxp2VlGwIDAQABo4IBQjCCAT4wHQYDVR0OBBYEFHp7jMHP56DKHNRr+vvhM8MPGqKdMB8GA1UdIwQYMBaAFOWdWTCCR1jMrPoIVDaGezq1BE3wMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwkwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09tbmlyb290MjAyNS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABH+cgY6IQo3bsj1KSICYp5FDu36Bp\/vv54kNRf+OYiyuwHheN\/Ri5f9t3fxinJPSTrosynXdIfkufMXYIeIklWCvdl9E0h\/BpA6iWbnnZb3lc1gD9fhyvZ27vqbNUihmH3SkypPgRbHqJa70SXzpm9Q2gCbKqj0NQDj\/Sw77eUVm38WD8eOyTYglPAdAbkSUFCZgeAoQiyOeP\/txp7V5MrpoKqzSE+kX+SLGP8TAi2QETYYZig6IprelfFZ7p9tKhd1k1DDBRLV3mS0trzb13ZZ\/qXW5Vbh\/kZcO4r47A777xKQkc4gEoG6PFLjf+NA9AxBIGaHGNoyaeD23I8o8r0WAAcrAQAHJzCCByMKAQCgggccMIIHGAYJKwYBBQUHMAEBBIIHCTCCBwUwgceiFgQUov5qP4QsEh\/ZqaZNTXvN5iiM8UwYDzIwMjAwNDE2MDU0NDMyWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCKvAByAdWIHJuDIkxrsp0IcMhI6BBR6e4zBz+egyhzUa\/r74TPDDxqinQITFgAF1g19+42g8zTPkQAAAAXWDYAAGA8yMDIwMDQxNjA1NDQzMlqgERgPMjAyMDA0MjAwNTQ0MzJaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTcwNTQ0MzJaMA0GCSqGSIb3DQEBCwUAA4IBAQBBH0DLZunGVBeAKCXAyKBsflNVIX8JjxQ1XCt6s9miilzUAXjwI99uBl7swMjB1ALnJKy+2rca\/25L8XzDVvPYcM+x\/Gedy9NxkxBmZ\/X7R44fQVEKYzoqijEj7X\/K4uXE99MLXzwEuNywXIHp4EMlFpfj\/8ZV\/KoPDGbuRXrPsh4c\/\/I02wwbomuM4waDq9SVNwHXVGBP0UfSXCtnQm9AfmbgNEYHvJK\/rst2j6FvdyCK4YJ\/qrygiWeKoGapDxeDt6OxnHzQJvI05so4hdZw"}
00440{"flow_id":57,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2270,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041687,"pkt_ts_usec":835438,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGienAqAEGNKm6d+yTAbth0w2lENQjMbAQEAAIwgAAAQEICjCEwx0BIneaAQEFChDUKNEQ1C5x"}
@@ -711,17 +711,17 @@
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","type":38}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":611386,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00464{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":880711,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
-00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_tot_l4_data_len":62,"flow_min_l4_data_len":62,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00667{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1587041690880,"flow_last_seen":0,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00743{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":915102,"pkt_caplen":301,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":301,"pkt_l4_len":267,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEfVLxAADkRaLrAqAEBwKgBBgA1+boBCwAAeGqBgAABAAUAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQABwAwABQABAAAACgAuHWFwcGxpY2F0aW9uaW5zaWdodHNfaW5nZXN0aW9uB21vbml0b3IFYXp1cmXALcBCAAUAAQAAAJEALB1hcHBsaWNhdGlvbmluc2lnaHRzX2luZ2VzdGlvbgtwcml2YXRlbGlua8BgwHwABQABAAAAXwAXAmRjDnRyYWZmaWNtYW5hZ2VyA25ldADAtAAFAAEAAAAeABwQY2ZyLWJyZWV6aWVzdC1pbghjbG91ZGFwcMDGwNcAAQABAAAABwAEKE+KKQ=="}
-00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":62,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1587041690916,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2318,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"40.79.138.41"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1587041690916,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2319,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":916341,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MP+AAAAALAC\/\/9nAwAAAgQFtAEDAwUBAQgKMITPEwAAAAAEAgAA"}
00437{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2320,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":946470,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GwdAAG4GfY4oT4opwKgBBgG77JSCI5UvqezD\/6ASIAArFwAAAgQFoAEDAwgEAggKUvjCpTCEzxM="}
00425{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2321,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":946579,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MP\/giOVMIAQEAlpqQAAAQEICjCEzzFS+MKl"}
00749{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":946965,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyUAbup7MP\/giOVMIAYEAnoKAAAAQEICjCEzzFS+MKlFgMBAOoBAADmAwMbIQaP+rFGCYsreMCv9lvxK9Aj9uBCbNOtF1CHIeISyAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":32,"flow_max_l4_data_len":271,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2322,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1587041690916,"flow_last_seen":1587041690946,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02351{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2323,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":980253,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwlAAG4Gd\/QoT4opwKgBBgG77JSCI5rQqezE7oAQBAU0IQAAAQEIClL4wsUwhM8xdGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
02370{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2324,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":980284,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUGwhAAG4Gd\/UoT4opwKgBBgG77JSCI5UwqezE7oAQBAXCJwAAAQEIClL4wsUwhM8xFgMDGyQCAABVAwNemFWa20Cj7Unjex3iJOTtzxG\/C7sRUaW8D8adjZRDjSBSLgAA9oEaTw33+XDCI2eobHPkHM5cfyRARrnQe4Dl7MAoAAANAAUAAAAXAAD\/AQABAAsAEkcAEkQADIYwggyCMIIKaqADAgECAhNuABQ+IygxVnX+3gt8AAAAFD4jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDAzMTcyMTQ2MTRaFw0yMjAzMTcyMTQ2MTRaMCcxJTAjBgNVBAMTHGRjLnNlcnZpY2VzLnZpc3VhbHN0dWRpby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTjRhywpCP09kk\/FUbRL0JHcwFbXYrKO+yEnwFM3rPYCWH\/N3ytkgm55W3De9R7TQ4nG6hXjvu49n3GFbb7tzgjX4oUgzhxxZTMBnakqeLogod6D5ZdDfokss9bp+ils6rtyCJ2XgEKGa5\/c8Mrrd6rtcviCMBXmgB2qxkza1z3wKmopsTvC\/wZ3Plw8ddfnLBdhAtnPdFwhZLXumxfbNwCtNzeqzd3gMfj6Vx9tJpzRnOOnFRUc8UHNW\/hDyGqfdV9oadinJHISOkaW14SG+NiKCbs62+K4kOYuse8tDejJHAH5YGV2juPptMgDxbpvzxpK0cFfQD7NTJKkWmOjp7AgMBAAGjgghAMIIIPDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAFw6n9T+QAABAMASDBGAiEAmX768G6NS+ZYbiNO9DZJmZdvkp6\/SHor7vGRrNqzQZQCIQCzE3PNmahLeoD1Ru15LTmGBf3T\/5eQtpKsbupBPVD5rAB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABcOp\/U6gAAAQDAEcwRQIhAMlAkpZnDcncwQhl8yQ9bv\/urmUo\/HvBUXlQ2OoHaY9wAiBX8w8hdwe+ti1JzlOgo+l6ERsL\/85ZiYbyBS4PLBobRAB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABcOp\/VMgAAAQDAEgwRgIhAKECRib58RCo5MlQHGb4ATWRjKZrjAjdUPi+tLxPf7uOAiEAilsYu+v0osacw7zHLY7aZ\/y5oCRfVO4yXuUTkPyx1scwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSJNZ2CkQqUlyOTG\/kUtmT72TvlhTALBgNVHQ8EBAMCBLAwggRZBgNVHREEggRQMIIETIIcZGMuc2VydmljZXMudmlzdWFsc3R1ZGlvLmNvbYIkZGMuYXBwbGljYXRpb25pbnNpZ2h0cy5taWNyb3NvZnQuY29tgiBkYy5hcHBsaWNh"}
00440{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2325,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":980356,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyUAbup7MTugiOVMLAQEAny+QAAAQEICjCEz1JS+MKlAQEFCoIjmtCCI6Bw"}
@@ -733,17 +733,17 @@
00425{"flow_id":59,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2331,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":980730,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyUAbup7MTugiOwWYAQD9pNfwAAAQEICjCEz1JS+MLF"}
00676{"flow_id":59,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2332,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041690,"pkt_ts_usec":991303,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"pkt":"EBMx8Tl2KDc3AG3ICABFAADqAABAAEAGxefAqAEGKE+KKeyUAbup7MTugiOwWYAYEAAW4AAAAQEICjCEz1xS+MLFFgMDAEYQAABCQQSUnYSpybVYpi0p11KRpbmhDxBYhpXs5PROhBf4L2I5udzZUNYx70vQNqldliW9YUOr3Ds7MC+ESYnGUnUCnqeiFAMDAAEBFgMDAGCQ8BEm9rKcsTBnitntEAU7w\/ebg8cwxch5T6MJMx5sWNKe3opj2yGBAl7jJQwnA6\/JZOhoJxAXbcFpzYdB74brSKX5UU\/5TfIPccnelKyI+2smrraCFoe9GA\/I3dLOqBk="}
00573{"flow_id":59,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2333,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":23203,"pkt_caplen":173,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":173,"pkt_l4_len":139,"pkt":"KDc3AG3IEBMx8Tl2CABFAACfGw1AAG4GfSUoT4opwKgBBgG77JSCI7BZqezFpIAYBAR8aAAAAQEIClL4wvIwhM9cFAMDAAEBFgMDAGA8Y2ZIWeRHbyEr11qF9jGK6p2aZClxjDUYQUISatc4CMtjM8T0AW1danbz\/TUonKqcSp07EQXLmUGHz0azZhSQ\/P1XmIHbTE3XM0JPoHoHdkx69JC4UjQ23LrepYpKgj0="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1587041691075,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1587041691075,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":75869,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZLy0AAP8RCQ\/AqAEGwKgBAfWPADUARdrUdPIBAAABAAAAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
-00666{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1587041691075,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00678{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2343,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1587041691075,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00551{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":148968,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"pkt":"KDc3AG3IEBMx8Tl2CABFAACQrGdAADkREZ7AqAEBwKgBBgA19Y8AfAAAdPKBgAABAAIAAAAABGVtZWECbmcDbXNnDHRlYW1zLW1zZ2FwaQ50cmFmZmljbWFuYWdlcgNuZXQAAAEAAcAMAAUAAQAAADwAGw9tc2dhcGktcHJvZC1zZnIIY2xvdWRhcHDANMBJAAEAAQAAAAoABDRybAg="}
-00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":69,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1587041691149,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00705{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2351,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"emea.ng.msg.teams-msgapi.trafficmanager.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.114.108.8"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1587041691149,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2352,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":149774,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbhw9AAAAALAC\/\/8jXgAAAgQFtAEDAwUBAQgKMITP9QAAAAAEAgAA"}
00437{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":168973,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
00424{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":169076,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
00724{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":169247,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"EBMx8Tl2KDc3AG3ICABFAAESAABAAEAG173AqAEGNHJsCOyVAbumbhw+rneBYYAYEAkjHAAAAQEICjCE0AhSqiqsFgMBANkBAADVAwNwlpHiXHB3s5dLKatTLHHCd3zPHP62TkNPLWHwExyS1QAAHAoKzKnMqMArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAACQysoAAP8BAAEAAAAAJAAiAAAfZW1lYS5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbQAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAoACMrKAB0AFwAYABsAAwIAAhoaAAEA"}
-00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_tot_l4_data_len":370,"flow_min_l4_data_len":32,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00754{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02364{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2356,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":190981,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCZAAHEGZdU0cmwIwKgBBgG77JWud4cBpm4dHIAQBAU1egAAAQEIClKqKsEwhNAIOSG3N+pypQO63Wiq+lXA9TALBgNVHQ8EBAMCBLAwgdYGA1UdEQSBzjCBy4IabXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CHCoubXNnYXBpLnRlYW1zLm1pY3Jvc29mdC5jb22CIHBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tgiIqLnBnLm1zZy5pbmZyYS50ZWFtcy5taWNyb3NvZnQuY29tghpuZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIcKi5uZy5tc2cudGVhbXMubWljcm9zb2Z0LmNvbYIPKi5tc2cuc2t5cGUuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAL6k2g2YNYubaMQKNE1HOCJsRU+ocKgoaCUntNxasdyLm3sRjtpRjulwsmHOrGDRgisqGVKYPLOcPDYZIMeHJRyVC9lP7rDFU4mwEdob9bYoVAdPJ2aPEkM0RXDf2sxO3K11UvhIdAETfgAyN9OClLnbVRlD+uqcSQfdbt9NgeCozGT3uA8rW\/bT\/D+YBI2NyvjucwOF4fAmlb69iaENpHzKyKPP3gChGWXwPlsCAHcWT5DWYPJpL\/3DLl81bF7tO5zY3zxJMB1OeVgvUKXeAS+CwfpLrKG0C\/eU6XUXAM17Wou3AdZL8ESxq7zdQlPlfLXcrxTWn\/9yqOyE2Dy4v0AC0DldAOOVuaP1Qw\/jkncKrZHy6CBjd4i6SlAvV9SXMMji3v+3tCPq3NDcYwEwIaLF7pK3asugmSWv+kUpt0b\/7nszZggDVjiXOaXQXGxlI76wm\/oQiScQLHdORY8mAIDxrFvAZJI7K5Yvpy\/uFT0TJ1pbtUzx0WkkWUFI1ibsaySDvxZ5PLRRf\/b+CTj2DeuAhuHN0bB0Jvlf\/geQ+McX36gP8ZJv4hZskP2p2eU4LlDvKZxVbJkUfzIhrbjoxfdlKOwkktqzdS57vVoeibk02\/OS8fdv79ZBLOsYxfdKaSWNDVEN1Q82426XhaggJ7kscl3nnmFp\/\/6iCwQwe+4wAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC"}
02365{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2357,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":191015,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUPCVAAHEGZdY0cmwIwKgBBgG77JWud4Fhpm4dHIAQBAVUQgAAAQEIClKqKsEwhNAIFgMDGB4CAABeAwNemFWbphWJj3FHoaitshBkuLDswlXgPqBiBzBEu1JtHyDXQAAAZRrutGMTFhK\/e+kmqI+\/Zkfq5RwCFGfplOpyVcAwAAAWAAUAAAAQAAUAAwJoMgAXAAD\/AQABAAsADzgADzUACXcwgglzMIIHW6ADAgECAhMtAAXjKxcECLqmmESDAAAABeMrMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA0MTYxMTE2MzBaFw0yMTA0MTYxMTE2MzBaMCUxIzAhBgNVBAMTGm1zZ2FwaS50ZWFtcy5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6bCd8p5bTLvzxk8peM7yBrK70g2\/ne6IdANafglT8XcZya+kzQ+Mrq7kzfFADke3O8Tx7TUot+0PBV0bRjhOIjoJDjeYjEK5EYLvzP\/ySf7pw9kLmBrKdGIghjawzgMfBQ+yDuY\/xusYl8Z47kqd+jPCmEco1090vX6eIgZ8wGG2\/T7lHMlix9MM4ujKDmlWL49Z23s\/pkG8X5qSmPCSe8hYe88aLueRsTy6p3v3Xu7dyeSEXAzx\/bDVVaxz3kOPZBiVLWJJOMXLcEmbiMaXAMI6U8P9IrZe+hOcEVIK9XFTfMj\/46Q93XlPcSEmIEfpYZtfvDv7sl6\/A5f5fQGzFwIDAQABo4IFMzCCBS8wggH3BgorBgEEAdZ5AgQCBIIB5wSCAeMB4QB3ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABaiXmCwwAAAQDAEgwRgIhAOGrg6reSNR0KyBcO7Q7gCii\/1TfL9g1oiqVd0YwoVapAiEAo0slJl38aVeAP4NsC2+9NTgOONNX+OjfBhbPKxRd44EAdgBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWol5gw+AAAEAwBHMEUCIQDkM0pbU+Au4qjEvxjAp\/EAbF2TL4NdBrZsJZN5DU0NVwIgQTjJD4VNExwZMMAMGeIVulDmRVcC9IBVnX9gEFloCAQAdgBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWol5gsiAAAEAwBHMEUCIQDDgYufFTxeWXSxmFvArocCbZmbbMDfyXZOhvBhqyPhVQIgYFyw6bpP5pJ3KJPpJJoXXep5ToH0HnBguiw6qxLe5xoAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWol5gsIAAAEAwBHMEUCIBS3pBnZlixZCjQBEekFzZeTixM7WI6B2W3gzs33Y16dAiEA9fSLRhO193sisnPmL+HqxGK+KzX8HMBeMyZ3aF2OKikwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQMd5+v"}
00441{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2358,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":191074,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG2I\/AqAEGNHJsCOyVAbumbh0crneBYbAQEAn+NAAAAQEICjCE0B1SqiqsAQEFCq53hwGud4yh"}
@@ -760,23 +760,23 @@
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041691,"pkt_ts_usec":611256,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","type":38}
00780{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2437,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":419649,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzETFAAEARZ+DAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPmTDokAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1587041692528,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1587041686659,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1587041692528,"flow_last_seen":0,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":528594,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
00425{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":528684,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
00526{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":528752,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
00424{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2441,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":578366,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0cMxAADIGTLOXCzKLwKgBBgiu1d6yibeDw8sj14AQAfXhSgAAAQEICnMgXxEwhNVF"}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":611278,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1587041692808,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1587041692808,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":808980,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
00437{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":880898,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
00425{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":880999,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
01123{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":881339,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG+AjAqAEGp2PXpOyWEVIVrX6RNJWFioAYECynDgAAAQEICjCE1qITeUD2FgMBAgABAAH8AwNIwmNvYpaxx4YaNkM5UOMBu+\/rhWm5ROKLkUQ+n9+bqCDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0gByEwITAxMBwCzAMACfzKnMqMyqwCvALwCewCTAKABrwCPAJwBnwArAFAA5wAnAEwAzAK0Aq8yuzK3MrACdAKnMqwCsAKoAnACoAD0APMA4wDYAtwCzAJUAkQA1AK8AjcA3wDUAtgCyAJQAkAAvAK4AjAD\/AQABQQAAABIAEAAADWRhdGkubnRvcC5vcmcACwAEAwABAgAKAAwACgAdABcAHgAZABgAIwAAM3QAAAAQAA4ADAJoMghodHRwLzEuMQAWAAAAFwAAAA0AMAAuBAMFAwYDCAcICAgJCAoICwgECAUIBgQBBQEGAQMDAgMDAQIBAwICAgQCBQIGAgArAAkIAwQDAwMCAwEALQACAQEAMwAmACQAHQAgqeitnlzPDiYBqjP3nyoLl6FANLUWPuCFiHYla5PeYScAFQB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00836{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00847{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00424{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2447,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":951911,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBJAADQG6funY9ekwKgBBhFS7JY0lYWKFa2AloAQAfqJ4wAAAQEIChN5QT0whNai"}
00636{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":953141,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"KDc3AG3IEBMx8Tl2CABFAADMHBNAADQG6WKnY9ekwKgBBhFS7JY0lYWKFa2AloAYAfrg1wAAAQEIChN5QT8whNaiFgMDAGACAABcAwOUbx5\/B3ZgLf5vCjBFIQRrfoTRnqXQyERycJrp90X9EiDe8bvsDQaKZ\/SHTClTSUEpcKfm8tnRcB\/XxmDM4wjf0sAwAAAU\/wEAAQAAEAALAAkIaHR0cC8xLjEUAwMAAQEWAwMAKHrIfL7WEd9FBF7y+nv07iI\/qncPABmynlkhHQHjbn7q57JKbc2IA90="}
-00890{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_tot_l4_data_len":881,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00901{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00425{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2449,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":953200,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrYCWNJWGIoAQECd61AAAAQEICjCE1uoTeUE\/"}
00497{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2450,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041692,"pkt_ts_usec":953966,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"EBMx8Tl2KDc3AG3ICABFAABnAABAAEAG+drAqAEGp2PXpOyWEVIVrYCWNJWGIoAYECdxjAAAAQEICjCE1uoTeUE\/FAMDAAEBFgMDACgePBs\/C2EWA291JuO3YkDgacglhK1S7Nmn4LfYvs\/WgbNRA6YYJi6T"}
00423{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":63122,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0HBRAADQG6fmnY9ekwKgBBhFS7JY0lYYiFa2AyYAQAfqIYAAAAQEIChN5Qa0whNbq"}
@@ -786,35 +786,35 @@
00425{"flow_id":63,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2455,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":332477,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrYR7NJWK64AQEABvXQAAAQEICjCE2GATeUK5"}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":412749,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","type":34969}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1587041693428,"flow_last_seen":0,"flow_tot_l4_data_len":985,"flow_min_l4_data_len":985,"flow_max_l4_data_len":985,"flow_avg_l4_data_len":985,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1587041693428,"flow_last_seen":0,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01722{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":428391,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
00444{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":474528,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
00659{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2481,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":475613,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1587041693515,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1587041693515,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00487{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":515047,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1587041693515,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1587041693516,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2482,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1587041693515,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1587041693516,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2483,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":516414,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1587041693517,"flow_last_seen":0,"flow_tot_l4_data_len":75,"flow_min_l4_data_len":75,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1587041693517,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":517336,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"EBMx8Tl2KDc3AG3ICABFAABfDxsAAP8RKRvAqAEGwKgBAdnVADUASzsZd8IBAAABAAAAAAAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAQ=="}
-00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1587041693517,"flow_last_seen":0,"flow_tot_l4_data_len":75,"flow_min_l4_data_len":75,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00681{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2484,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1587041693517,"flow_last_seen":0,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00587{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":530810,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"KDc3AG3IEBMx8Tl2CABFAACrU5xAADkRak7AqAEBwKgBBgA12dUAlwAAd8KBgAABAAAAAQAAEmItdHItdGVhbXMtZXVuby0wNQtub3J0aGV1cm9wZQhjbG91ZGFwcAVhenVyZQNjb20AABwAAcAfAAYAAQAAAAUAQARwcmQxDmF6dXJlZG5zLWNsb3VkA25ldAAGbXNuaHN0CW1pY3Jvc29mdMA6AAAnEQAAA4QAAAEsAAk6gAAAADw="}
-00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":75,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00704{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2485,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"b-tr-teams-euno-05.northeurope.cloudapp.azure.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2486,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":561382,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZBAAGwGgJc0cvp7wKgBBgG7w2KOQNor8MQxRoAS\/\/8u4wAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":66,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2487,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":561493,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NiAbvwxDFGjkDaLFAQIABPogAA"}
00667{"flow_id":66,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":561676,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NiAbvwxDFGjkDaLFAYIADs+gAAFgMBALYBAACyAwNemFWdM\/wbLFSI3dPgZpkO7ysDE3\/GJlDQM9ZmaeyX\/AAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2488,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_first_seen":1587041693516,"flow_last_seen":1587041693561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00650{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2489,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":572678,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJQAAGwR4OU0cvp7wKgBBg2Ww2AAw6emARMApyESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAh\/IMTdT4SN+oAgAAgAAcHVcadqCg=="}
00659{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2490,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":576546,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJQAAGwR1dM0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="}
00444{"flow_id":64,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2491,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":576566,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":582165,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2492,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1587041693582,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2493,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":582610,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1587041693597,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1587041693597,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00687{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":597783,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1587041693597,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1587041693597,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
02367{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2495,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":608822,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
00424{"flow_id":66,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2496,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":608925,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSijAqAEGNHL6e8NiAbvwxDIBjkDaLIAQIAAjCQAAAQEFCo5A6cyOQO94"}
02359{"flow_id":66,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2497,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":608986,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZFAAGwGevY0cvp7wKgBBgG7w2KOQNos8MQyAVAQCASF5gAAFgMDF+kCAABVAwNemFWdsj2BaVsDh5E5y8r1X3UjjxOVlMfMQIu1roLiOiDgQAAALn9hMRlUjUOvDW8rXXboUZyNr1rD5AfhgK2308AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
@@ -828,22 +828,22 @@
01148{"flow_id":66,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2505,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":609230,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMnZZAAGwGfnk0cvp7wKgBBgG7w2KOQO948MQyAVAYCAQXbQAAEO5WjXjIe6ycKomslpwe+EFt6Mjgit5TOxZ3H33HANI4vT53PRNoyKZhkE4S9iFCZzfCTWensJkZpnlLMABE4aqNQAX6ZU\/zapbAGS9LPTaiKv9Ry1gMKarsrTbdnF5winwAmVhwqa89tPKzbfBk4V04yBPdDJ2DjFTLanTQ3ELGqhKqqmcvrsuHghO2d9ak1HP13ExxC0+i4+GrhqIUwyWxdjniUJlyleN+iiIaKEg6jvrVHFWrR3PUtDbo8TEacEyF96c8xXcjPVnUVrhVI++2dvqyNpMZ8ACJADw9JEE8gToopzGHlqjm36adlbvaZA10Gxs+B\/nQx7a7NeW17x1RViO2RGJOk4lHSYkzJLzAXxFd+J6icgx2JzFBiVk7job1q60ezkEMDfaRdnPXFQ8MAAFpAwAYYQTcFelLA9oFcMXaZ1+o4whLp\/a59umnbq2FWq3OKBO8zamaxT2FyU19rYZ0ZilAUrKQf46lDK+8Hxp0k3fgqsnaxCN0dCohw\/JNH9hjSMMszCDsvH6g7UTzxGxVCtADiowEAQEACew2uQQDAc0TMzu4GCnlS5Qzgmai2FDlIr6yuHqj75k4WxQ8qA6CvskecRbf1DI9baDBITgISolwC9cfOnzbJSFP+LKDved8MDt+3jHN4TLLYVmpkkTYoA1qlWzMDaUvs17YThv1FNMmlaagZcuSaMDHizlaM3P7XnJYM0O9ky+rQRcXOKg="}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":611228,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":611913,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1587041693611,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
00648{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2515,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":625394,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="}
00427{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2516,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":628354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":69,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2517,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":628427,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"}
00664{"flow_id":69,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":628756,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"EBMx8Tl2KDc3AG3ICABFAADjAABAAEAGSXnAqAEGNHL6e8NlAbtcWVYp3qhb8VAYIADHIgAAFgMBALYBAACyAwNemFWdJel+38T72uo9XNMIcFrJVaaQNKpU+a+Uq8VSQwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAXQAAACAAHgAAG2V1YXoudHIudGVhbXMubWljcm9zb2Z0LmNvbQAKAAgABgAXABgAGQALAAIBAAANABIAEAQBAgEFAQYBBAMCAwUDBgMABQAFAQAAAAAAEgAAABcAAA=="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_tot_l4_data_len":303,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2518,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_first_seen":1587041693582,"flow_last_seen":1587041693628,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00602{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":640777,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1587041693654,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1587041693654,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00687{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":654732,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1587041693654,"flow_last_seen":0,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":222,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2520,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1587041693654,"flow_last_seen":0,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
00649{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2521,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":658468,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1587041693668,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1587041693668,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00486{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":668523,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
-00504{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1587041693668,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2525,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1587041693668,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
02370{"flow_id":69,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2526,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":675117,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"}
01151{"flow_id":69,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2527,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":675141,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMNyNAAGwG5Ow0cvp7wKgBBgG7w2XeqGltXFlW5FAYCASXtQAABwMCBggrBgEFBQcDCTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJvb3QyMDI1LmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzANBgkqhkiG9w0BAQsFAAOCAQEAPvLPMKV6vx5q3zlYGCg8w53u54HFS\/xn9r8fTjfa3vCv7or5A3tgZ3THO9r\/K0rr\/VR1E4vlwoESulISILopijrNQyTM1RcF\/pwWP3PgbUHAdj3yq0jFWWJkukRPChiCP0HqPxg6WOegMFd19dFqMRS2lJll2rboAd7kq\/u18+UZChhfpAJX3rZcJm9z\/i4J9QhDxA\/HJH+dKGdlodxb8Dr9+HCF56VPJN5CPx1EO12FBoUdHhzU2U5R5P0eERbMngDZlxqX42XHhjUbU3a+MtEsQUlLoz6TDFt3VwcwPDWLjNFpoif6VeirnRAe0RffumyJ08lb1wuUiKnYtJXXjhYABysBAAcnMIIHIwoBAKCCBxwwggcYBgkrBgEFBQcwAQEEggcJMIIHBTCBx6IWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTBgPMjAyMDA0MTUxOTA="}
00424{"flow_id":69,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2528,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":675196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSijAqAEGNHL6e8NlAbtcWVbk3qhb8YAQIAArqAAAAQEFCt6oY8HeqGlt"}
@@ -861,18 +861,18 @@
00600{"flow_id":71,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2551,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":756239,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJcAAGwR4PI0cvqNwKgBBg2Ww2EAoTssAQMAhSESpEJLDXUDhL3sfvdJg10ADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIMhO7y5FcPLOAgpkLIJifRx7Dv8ek2QLf5zo\/BiwDhB4"}
00688{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2552,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":763689,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"EBMx8Tl2KDc3AG3ICABFAADy1jgAAEARsxjAqAEGNHL6icN1DZYA3qn\/AAMAwiESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIw8CdSu6OifoAFAAUc60+h2VE9PTAWxn4K2V6NOmKA20AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACAOMJjC3yWHP2a8uRvQ6tdNq4Cf2VvwjY\/Ply+68rS7wg=="}
00603{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2556,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":808734,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxgAAGwRBnY0cvqJwKgBBg2Ww3UAoXQEAQMAhSESpEK\/FrW6Bpt+jaFgT0IADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIL4g0LfB18yA2q\/RVWXcDhE8D9XtCMo2nCqOglxViaD8"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1587041693828,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1587041693828,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2559,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":828302,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf\/AqAEGNHL6mMNeAbvdNMkXAAAAALAC\/\/\/QFQAAAgQFtAEDAwUBAQgKMITaQwAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1587041693849,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1587041693849,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2562,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":849498,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSf7AqAEGNHL6mcN0AbuMksvlAAAAALAC\/\/8dvwAAAgQFtAEDAwUBAQgKMITaVwAAAAAEAgAA"}
00427{"flow_id":74,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2564,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":869354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nZxAAGwGgG40cvqYwKgBBgG7w17cXACa3TTJGIAS\/\/81\/QAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":74,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2565,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":869423,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMkY3FwAm1AQIABWvAAA"}
00644{"flow_id":74,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":869663,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWnAqAEGNHL6mMNeAbvdNMkY3FwAm1AYIACuOQAAFgMBAKkBAAClAwNemFWd9sBVDmqpQ1JOmTf85+s9vRwXDIKd7RSpfqD9hwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUyAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2566,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_first_seen":1587041693828,"flow_last_seen":1587041693869,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00426{"flow_id":75,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2567,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":893017,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NypAAGwG5t80cvqZwKgBBgG7w3QJhgXYjJLL5oAS\/\/9RUwAAAgQFoAEDAwgBAQQC"}
00408{"flow_id":75,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2568,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":893121,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksvmCYYF2VAQIAByEgAA"}
00645{"flow_id":75,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":893319,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWAABAAEAGSWjAqAEGNHL6mcN0AbuMksvmCYYF2VAYIAA4UQAAFgMBAKkBAAClAwNemFWd\/1XCA+79geTWEWiWwTsvTSnBi9NExcEsdrOoSgAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAUAAAABMAEQAADjUyLjExNC4yNTAuMTUzAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-00759{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_tot_l4_data_len":290,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00770{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2569,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":4,"flow_first_seen":1587041693849,"flow_last_seen":1587041693893,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Skype","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02359{"flow_id":74,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2576,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":912361,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZ1AAGwGes00cvqYwKgBBgG7w17cXACb3TTJxlAQCARdzwAAFgMDF+kCAABVAwNemFWdM9zHzxbjC7QANdHz8AfaCDM7kl4CH3iC8m+C5SA8HQAAdg+4AWMXjI8CbVJCHoa9vuL+BAQY6d2I21i7H8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
01144{"flow_id":74,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":912478,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMnZ5AAGwGflQ0cvqYwKgBBgG7w17cXAZH3TTJxlAYCAT9qQAABLAwgZAGA1UdEQSBiDCBhYIWdHIudGVhbXMubWljcm9zb2Z0LmNvbYIYKi50ci50ZWFtcy5taWNyb3NvZnQuY29tghh0dXJuLnRlYW1zLm1pY3Jvc29mdC5jb22CGioudHVybi50ZWFtcy5taWNyb3NvZnQuY29tghsqLnJlbGF5LnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABCcisiO+DAS4OPnUkT5drdGW+ySCAd1BsW3Lp1Fdet9nBRcfBcsaKZ66uJsRxluxJrhagjZ4fh8tXKFj90="}
00408{"flow_id":74,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2578,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":912518,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMnG3FwIa1AQH8FOfQAA"}
@@ -883,7 +883,7 @@
02368{"flow_id":74,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":913477,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnaFAAGwGesk0cvqYwKgBBgG7w17cXBA73TTJxlAQCASc0wAANTA1WjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE3MDUwNVqgERgPMjAyMDA0MTkxNzA1MDVaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxNzA1MDVaMA0GCSqGSIb3DQEBCwUAA4IBAQAeBlju+Bk8y9loNywmQduZG4vnsADIVOxrHwFDnlBuunDk3ICaZx4wK6m9ivD5M022cpjNZnVqryu4PhlvNBEmbfkg8kao6U8HlpI2WvX78jsc4bJjy+2Gu7b44KpbB8D3\/z16ntBvpqRM3nFjhy\/osreAQDPfZBdXsFDqYwBgcr21zhN+a+2xDJiymBT2ez9LWXwRVTa0vspjfdNsak2ljytLjN8EglWs2FjRqVz0aTyPocmLxHKlAs0Sc\/TyGsqYQomSLPABh0rsRmXkqE0dNpzs6a1b7XwxHlOi8n9+XwMR7di1d5FAi1XR3XPr91vUU4nTGA1yy3\/MpPq+1L1IoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
01153{"flow_id":74,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2584,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":913602,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMnaJAAGwGflA0cvqYwKgBBgG7w17cXBXn3TTJxlAYCAQnDgAAEO5WjXjIe6ycKomslpwe+EFt6Mjgit5TOxZ3H33HANI4vT53PRNoyKZhkE4S9iFCZzfCTWensJkZpnlLMABE4aqNQAX6ZU\/zapbAGS9LPTaiKv9Ry1gMKarsrTbdnF5winwAmVhwqa89tPKzbfBk4V04yBPdDJ2DjFTLanTQ3ELGqhKqqmcvrsuHghO2d9ak1HP13ExxC0+i4+GrhqIUwyWxdjniUJlyleN+iiIaKEg6jvrVHFWrR3PUtDbo8TEacEyF96c8xXcjPVnUVrhVI++2dvqyNpMZ8ACJADw9JEE8gToopzGHlqjm36adlbvaZA10Gxs+B\/nQx7a7NeW17x1RViO2RGJOk4lHSYkzJLzAXxFd+J6icgx2JzFBiVk7job1q60ezkEMDfaRdnPXFQ8MAAFpAwAYYQQhQf1daOeyhgiavOXY\/txK+QPeehjV4SAFwgk2\/7vZFfnvBpx3s79fUnAwIryC0QS1\/SQoFkL+wU7sxxwPvq+ruhfRWOuXB4uL2Rh3JHRqTevg\/\/GagRR8oAQLHABO2g0EAQEAAFpM+ijJH609K8Xd4u7I\/GpZsxkUnc1ySSo2E\/dDEZ7xCReh8uynQdfZkfJaSbRKJmhhmUU+xVoZLwzoqlQhwyPtxEv7I4b1oax8FTuY+k7WDigByZC2b8eLQVWHprFPRqAGAXk7TEa8sB3CwmuSJ1iD75izcK4LDTR17k+CeJ81gvVdt3w="}
00584{"flow_id":74,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":913604,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"KDc3AG3IEBMx8Tl2CABFAACmnaNAAGwGf\/U0cvqYwKgBBgG7w17cXBgL3TTJxlAYCARH6AAAoGYXVjxNjX0u94sb8EN71aR8FxRAxm4b7QhVDBFJeFyj2oxCVxEyLIOQM9r2Y\/py\/X1yaMdHm1JKh4uaQ14MPCaKxipbs9DYx5FnTDsagbvW939x1tOszgRxqrOpD63\/UszJQ1xtkbtRA8XFVVi29UHzj+W5gCPWBr0OAAAA"}
-01224{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_tot_l4_data_len":6616,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","issuerDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
+01235{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2585,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":14,"flow_first_seen":1587041693828,"flow_last_seen":1587041693913,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":450,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.152","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","issuerDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
00409{"flow_id":74,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2586,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":913642,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShfAqAEGNHL6mMNeAbvdNMnG3FwYC1AQH+4+sAAA"}
02360{"flow_id":75,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2595,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":937910,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyxAAGwG4T00cvqZwKgBBgG7w3QJhgXZjJLMlFAQCAT\/SwAAFgMDF+kCAABVAwNemFWdlZ1o0K1pDuc31o7KbeFA6zW0UoTj74rN53YU1yAVNwAAZbPmUJGFDDA3baQ8RQ+flEqSYPNJweq+ysirz8AwAAANAAUAAAAXAAD\/AQABAAsADuwADukACSswggknMIIHD6ADAgECAhMtAAZemCjIP80XJ2CuAAAABl6YMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xOTA1MjQxNDEwMjZaFw0yMTA1MjQxNDEwMjZaMCExHzAdBgNVBAMTFnRyLnRlYW1zLm1pY3Jvc29mdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCLTNHPfgLoOgUfyR4c2CDg+CoBg7bwaQp6OOdTLjN80e6165bdZW8ryNWADQBv\/\/6Ld1H5eQQNetSDwVifHVU+CteBiHg6T9F1rA96B1Fk1nARcGhMPsZbgvGxJ+NR6ygkRK7GWC6KFZyOiZ0MvWyxQTJBlsBwklHTiX9D0fiSz06Q+tVkIHpWWHGkJRO+Tm3UUtCMr7e1K4eQloaVRg1AeMGEhZEaGXyKum9VwAP15maK0zwKMiUymx8uWFHW4J0+7wZd9kZyUeJvDO2QDZvxPl5w9NBzvGZUQFIkRD+XvUanlt9AtvhnDy5BiPzueeQgaJbyvyJl4Af8nIo8gppfAgMBAAGjggTrMIIE5zCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFq6jb0ngAABAMARzBFAiEA+SbPYnNZBq5NAa+KJuZcLJF6Cs7c51vg2wno92Y73cQCIFui0LePG9Yu0H+TqmpdeWJeVlJ0KiyWWMKI6D92L\/K3AHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFq6jb1LQAABAMARjBEAiAZDnc3oPi8LaNBy6Df89WOlPch018jWvYNKaDO2U51nQIgYZuZffTHCtDDZ3lWVJgiVsjUCTGqki0p6MIBuSQoIfUAdwBc3EOS\/uarRUSxXprUVuYQN\/vV+kfcoXOUsl7m9scOygAAAWrqNvNaAAAEAwBIMEYCIQChq4nHPM4twtbxyAgrDLE3a797eV+6L2EiO6pBrFmrUAIhANBHWXnY9HAcs6WqVRp9r8q8wlaSY9pBfB7vJlbCShQPAHUARJRlLrDuzq\/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFq6jb0QQAABAMARjBEAiAzKKpy8ELEm5AO\/Cl8weRDML0CJ7IOPZ2GbRbx\/8vxWgIgDCW1c1pNKCE9DA2mbQwKGa4Z2H7dNtIRrzU4ZJcZOr8wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSC313bBDWiwUMAeq0EgFmCSqbJVzALBgNVHQ8EBAMC"}
01144{"flow_id":75,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2596,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":937947,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMNy1AAGwG5MQ0cvqZwKgBBgG7w3QJhguFjJLMlFAYCAQZAAAABLAwgZAGA1UdEQSBiDCBhYIWdHIudGVhbXMubWljcm9zb2Z0LmNvbYIYKi50ci50ZWFtcy5taWNyb3NvZnQuY29tghh0dXJuLnRlYW1zLm1pY3Jvc29mdC5jb22CGioudHVybi50ZWFtcy5taWNyb3NvZnQuY29tghsqLnJlbGF5LnRlYW1zLm1pY3Jvc29mdC5jb20wgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBABCcisiO+DAS4OPnUkT5drdGW+ySCAd1BsW3Lp1Fdet9nBRcfBcsaKZ66uJsRxluxJrhagjZ4fh8tXKFj90="}
@@ -894,23 +894,23 @@
02368{"flow_id":75,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2601,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":938366,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNzBAAGwG4Tk0cvqZwKgBBgG7w3QJhhV5jJLMlFAQCASEQQAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"}
01153{"flow_id":75,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2602,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":938381,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"KDc3AG3IEBMx8Tl2CABFAAJMNzFAAGwG5MA0cvqZwKgBBgG7w3QJhhsljJLMlFAYCATpCwAAEO5WjXjIe6ycKomslpwe+EFt6Mjgit5TOxZ3H33HANI4vT53PRNoyKZhkE4S9iFCZzfCTWensJkZpnlLMABE4aqNQAX6ZU\/zapbAGS9LPTaiKv9Ry1gMKarsrTbdnF5winwAmVhwqa89tPKzbfBk4V04yBPdDJ2DjFTLanTQ3ELGqhKqqmcvrsuHghO2d9ak1HP13ExxC0+i4+GrhqIUwyWxdjniUJlyleN+iiIaKEg6jvrVHFWrR3PUtDbo8TEacEyF96c8xXcjPVnUVrhVI++2dvqyNpMZ8ACJADw9JEE8gToopzGHlqjm36adlbvaZA10Gxs+B\/nQx7a7NeW17x1RViO2RGJOk4lHSYkzJLzAXxFd+J6icgx2JzFBiVk7job1q60ezkEMDfaRdnPXFQ8MAAFpAwAYYQR9Xzasg6o56fwVydh8\/2qHt6uNNjQsgEydKcdG8qpRHli+PKMoJeNKLPLwYJA\/NVQY9Mgsc2LsWo924Dp37+uJHJoKxlwS\/mcRdQEFZSjE9BkNuroZHuDQnnNMsKYyv1UEAQEAK4yX\/YhVEwd2zEFvWPVpwix8vVQtkifJlrXh74kG4KB2YpM6atsG6NGDuhleV5Q8I0DDXGvheEFR\/He2pQR6uNZ7aZd3nT2DLVDCbVHDOETZ+6ZW0YfuvH3OsFI+LfFXOCxaCdQu8\/oStOwZaB186hoKZA2VJkkbUo285KLz3Q1iCsTYa\/E="}
00583{"flow_id":75,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":938382,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"KDc3AG3IEBMx8Tl2CABFAACmNzJAAGwG5mU0cvqZwKgBBgG7w3QJhh1JjJLMlFAYCAQnLgAAvPhf6s8atadXOYIv8S\/kfh4lalB+\/KO7EsW7qibh4IX25u6kJs295JdF00jtndo3KB+O5mLywq7lVcO2UaxV7pBao4ZK\/1jPpcSNa98o6xrwsOJ+MWsHZAWq9r7iEbUJV++auMwbgBpMe6uRjTmnSy9VPw119vTUh0QOAAAA"}
-01224{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_tot_l4_data_len":6596,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":507,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","issuerDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
+01235{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2603,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":13,"flow_first_seen":1587041693849,"flow_last_seen":1587041693938,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6300,"flow_avg_l4_payload_len":484,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10":"TLS Certificate Mismatch","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"52.114.250.153","server_names":"tr.teams.microsoft.com,*.tr.teams.microsoft.com,turn.teams.microsoft.com,*.turn.teams.microsoft.com,*.relay.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5","issuerDN":"CN=tr.teams.microsoft.com","fingerprint":"A7:90:8D:41:ED:24:D2:83:48:95:90:CE:18:D3:A6:C2:62:7A:07:75"}}
00409{"flow_id":75,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2604,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":938410,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksyUCYYdSVAQH8FaMwAA"}
00409{"flow_id":75,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2605,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041693,"pkt_ts_usec":938413,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGShbAqAEGNHL6mcN0AbuMksyUCYYdx1AQH71ZuQAA"}
02001{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2629,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":120717,"pkt_caplen":1227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1227,"pkt_l4_len":1193,"pkt":"EBMx8Tl2KDc3AG3ICABFAAS9\/boAAEARNM3AqAEGNHJNiMnhDZYEqZVHBl3+t6o2WT+OKw\/oTFMoposi76goQSvdTkAkvomrWFuLQAOPtN1PZOmBbtTke\/YgFGvZ0KvPBNQ5Wm2b8RSp8MLBeXUbSb3ihMwS+jtgaiyGWs+98DH\/XiUzP5qF03kNm6hkC2X4f90uSk+qnKDXx+nMgrAp0\/c4ktIgnvwSKlQuZz9ri97ShVTO0OWHpHehFI8ySmDhIQvj+B8Ons2z5Lvg3ffuGNYe6crWNgXZ0qKFgPHpXjJx\/wdodQrdlhUSFIrhAuf7ipEjkyD1z1y2FzfwouTPXUXbzMBEFC4M+pre6XPfxER5ZFN2Z5ot8Wfj4sMpfOmqwegxunkQP4u4Dpoyl1yTFZ5tGVDoS8bVR9dEvjepY1DyFVKh4lzFW8ooCq3R0u0NzPR1zbXcsUK2vRNQfkuFkm8kJpBPm+sDRNV0E7nocNcIy9cbzYY8R2L5n8Ei8aRtWWInQYVRebKHiM3bT78vy8pu91j3o6F7sj94167kkAjRqNewpzCwSD0Wg+CSHSzVXmncsbo8cUJmybHnSbzP2\/cVCW0tIuklqz\/yTGItsOKa14YayXwz8NM3QLabWUJcuzL2qgJeZM7ds+vJhDjMub1jJ0pY7\/AOgd1gx6v1aOpp83mXc849HgYCS4FHRhVJbviqYw3Qz7wEvIPnET9G5D9tT3taEhj8OsCry0Cv3Cdh60qxw7GhkX8C4KBQtcxkOzOFQvaN4P465wdmFCboScbCuxn4wCzFtcVhwooyaX9ParD4z\/JHSlm+cuHZFX0k4mhOL3rzKGDphdIiWrabG7bPDeIDWqx1979JFMahbtO9RC+9rtm8+2gjkSuDvk0mptCERf0EwFD1njDYdIkeyeHjVG7sJKOHmalzFx0NsAyJtfSeRPQO2szzmHsmxH3+otQV5gmzsVCZSGXuqGpX7iUa5voQifaQEBkPxFidHtFPkMsZFsYJsRHYaYKEgt\/+t9tdfO7KOEvvqkgGd4snxb6kryNJr2z4yoU2Uz6XCNoppFlA4n61o5lQX4TMyUOL3fUpNNrNMH8xLyxBEJ5RjmQ0uf814MIfXsYQqHMfNWhc9ff5G6ZsWJPmEUmgVZHeYDD2QEWXT+zPq0BWChHEwinek+mjRLoa6CYfNtWd8mE3A7g5ww9TFyamhwXowuT3QA9V3xAvMgNzqScDow\/fkYkgloS2F\/LZ6qCI1z\/DibL70ZeKbW3al8cF73MCwSxTCGB6EtBn48z\/yXevDNcWU2DL7arg\/QaX6Mm7dmtwH7Y8+9SgfRZ5O8Kg9d7ih\/FsyUgMgAF2h7e\/pym\/O6Ou\/89k2PfYJHRfrd1M61FVy5Uhs5kfsIAbGuSuMrDL5oCbdnJOcJ2XQgIKrjquEvSMSpkabv7tbKU2YFGQ97\/wTqpxOGPbhfS0XvKh1GR2BI3nCh31aHfAeBu8fsfZlFOvbAd0oZC9Q6h7vGIgcDuEy0O7t7cX7xKNwyLUtO7hmIUkhppFuIdcKwrHlWqVKc2WE77kUDf1xEVdexjFM7FKjmNQk8nMclH5R\/ou8m94L58wLC2ILhY4q0WDOvWLmGIorcxK4E+MnpjO\/SgE"}
00444{"flow_id":64,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2630,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":166447,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJYAAGwR1m00ck2IwKgBBg2WyeEALargAzk5ZGQ3NzNkLTE5NGQtNDI0MC04MzliLTMxMTIxNWQ3OGZjMw=="}
01426{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2631,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":217771,"pkt_caplen":795,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":795,"pkt_l4_len":761,"pkt":"KDc3AG3IEBMx8Tl2CABFAAMNNJcAAGwR06A0ck2IwKgBBg2WyeEC+aecB1UVQ0I8M6FxU9jkNGUVrfYsu7yDLmG89ZSTvlNF5TpUlzTQ8G\/WoZAcduFrX9xwwsgTlyWR\/ZJXdWBPXcQKDMBDl8GHaw3lWitB0YSSDN\/6aj6wVTGssPy0SacuJz4PM485lC\/WpQEUg\/dwTCBKSb4sZpaN+b4fa4H63Sras9CRRkNNZX8Oo9eyIyZ3gqUv9gPVTI150j7g3RDPNpeJNlf85JSIyyePgyMPvxSZBMqkSilqp1nYF18Exoly8w9aSdwAwZImrCEE1FiGLxTlBeZR5SojZLildRr+USDoQk4aPiyQCz8uW6vXBZDAVScTmaYW4KeHzCPn1Zi5Z1D5ohg239NFCPP7p0w20EvQqZtbtw6YdY8FFZJ4Xjka3LlyJ0LqUH+CyBqrbB\/jfF+y+fX1zfSErh\/AtY\/SHoHzRUK3ptds98ieAen3ZuR2zX9OCRPVjiecyOb1JF5sRoUw\/Fg0RSBKhZH1fRsz5fI9R3e8DC\/QYF6HGWV1kuMhPh7vnQS3GA9w061KitjkHMdmB1O7EFgska2ph1S4NYSpXr9TmiS\/5YRKt09eo9iN2SjkJTb96gJStpSbNR\/tbZZRrH8bZODZsf7i3\/4S2mlJX9KHA8CaNu\/8hdp8pfDPEZ3ygGD\/G\/LmYqao4O\/cprao85GqyLmFi0fJKyD\/QOixF8jqWlPrfO+6l0217b9TQn22e3jScw4kcpjFpnMc9Exibi4Ka7ZxpjLsaCg3th\/eTjUhyYLe5f2OMo3hezY+\/hd+3gqV+axaOZ9DVnh0Oa\/IxOpvqVU4sDicawTrJAVg7xBYRMKpTnNFnt\/RJh5KkJRZLTMxPCIRwose2fhDQ\/0qv94wuRRujWSPz4LfVns\/mjvv9LOwg+aCsDOQj4NqAxYVlzysfVVXB6MT9pCHm8HRXlYWtA3+jSTKtcCBfysZ1ekXEmi0tG\/WUYPmN39o\/dbKs8XmGYfABSUkKMhZErAWH4pRMuDbO8vknAtW\/8ZIAEH0"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1587041694219,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1587041694219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2632,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":219802,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9w\/AqAEGNHJNiOyXAbs8mpamAAAAALAC\/\/8lfgAAAgQFtAEDAwUBAQgKMITbvgAAAAAEAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1587041694221,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1587041694221,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":221137,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"EBMx8Tl2KDc3AG3ICABFAABWS5cAAP8R7KfAqAEGwKgBAe2lADUAQpDJn88BAAABAAAAAAAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAQ=="}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1587041694221,"flow_last_seen":0,"flow_tot_l4_data_len":66,"flow_min_l4_data_len":66,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2633,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1587041694221,"flow_last_seen":0,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00575{"flow_id":77,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":234511,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"pkt":"KDc3AG3IEBMx8Tl2CABFAACixyFAADkR9tHAqAEBwKgBBgA17aUAjgAAn8+BgAABAAAAAQAAG2MtZmxpZ2h0cHJveHktZXVuby0wMS10ZWFtcwhjbG91ZGFwcANuZXQAABwAAcAoAAYAAQAAAA4AQARwcmQxDmF6dXJlZG5zLWNsb3VkwDEGbXNuaHN0CW1pY3Jvc29mdANjb20AfaP8PAAAA4QAAAEsAAk6gAAAADw="}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":66,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00692{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2634,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"c-flightproxy-euno-01-teams.cloudapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":76,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":262764,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
00409{"flow_id":76,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":262870,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
00675{"flow_id":76,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":263191,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAG9mTAqAEGNHJNiOyXAbs8mpancOM\/AVAYIADbZQAAFgMBAL4BAAC6AwNemFWex6L93KvTNrWWS\/8PQ2rao\/9bFvV0yUUyu2nlvwAALAD\/wCzAK8AkwCPACsAJwAjAMMAvwCjAJ8AUwBPAEgCdAJwAPQA8ADUALwAKAQAAZQAAACgAJgAAI2FwaS5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tAAoACAAGABcAGAAZAAsAAgEAAA0AEgAQBAECAQUBBgEEAwIDBQMGAwAFAAUBAAAAAAASAAAAFwAA"}
-00782{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":20,"flow_max_l4_data_len":215,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00444{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2640,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":264118,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJgAAGwR1ms0ck2IwKgBBg2WyeEALargAzk5ZGQ3NzNkLTE5NGQtNDI0MC04MzliLTMxMTIxNWQ3OGZjMw=="}
02369{"flow_id":76,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2641,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":308351,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVptAAGwGbuA0ck2IwKgBBgG77Jdw40StPJqXalAQCAQlEAAAcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA0LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUenuMwc\/noMoc1Gv6++Ezww8aop0wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQCGBg8ckx9UDTW7UZXC+1At9FP7A44gNWDP9CaNquKk0Ym4Hc6H0wUEGjC2TPH4ZMpVVvzoaDTGQwOYpaTTUvX3MEMOYKEG1Cvx9tqcsdP3yUB2L0u\/Y3lBDRRYTQjeuiKHInHCIKjjX\/QCOyzvB5\/C0exDQl9fWwS+qncho+mgAfK2IA8Fxzsv6+EtDoQ7Dvl6yGFB0IOq2h0mRJqrPawbpWi2DqNdE30PlqszN6KarfO3etdnYrpJGC2USn7nux+J+nU9mSFC0ZsLRlurcf+j5mIScxOoR1R1zgqZUwqnxhpp4P1IJVImICPzlelUrV+V7b3YppHp2Rgn\/+S4J10m17s2TbLTa97JGjEE\/3YQ7h5IdjwTnwuq1dP++rQhXt3FX3MOWAHLNAKjiWyKZFU6vIewI5Hi6y2fkjqSeRt4\/aWEgJvh20gdM0p+zqdmShg\/748CHucnl5Zm4aJe3RbjYEYoFcds8ex0ujMudADb\/QzGDXRU0vzS1rVbA4cYFxJP\/arXmxNmNaQws3ulhsztenPZhSi+YjcTSxMjLvyNTiFRWl6oPmD03juUR4abmC3Z6rh\/ORpnPJ\/Em03uuhRVjI2A+WVhItVGj\/kDERprkC2fKCqbcztcQMil\/Kk2WHT\/UliJtmxX7yjxKPFWCSC+MDNsBV3uBwoK+m\/VewoOUwAFuDCCBbQwggScoAMCAQICEAtqs7A+san2xGCSaqjN\/rMwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUyMzhaFw0yNDA1MjAxMjUyMzhaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvl612jazme9TSIErsdUiZdfQkLxnmOq7cO3xmy3e4P9u70VuRG4pIP4mcL4xxxpNRBc7TLmRaOv3d9sK8ebO1xLsMId0pekq7sWtBIgdDF6aD1eo8ejV7TrZLA2saRNTEguTkEzRAqPJcdAJ6ZGBgJz0uX5Mn8APAMWp026LJAwUqshCiqPUYYK6eKrPSvS6h+SULHYiDA5qc7XeuQH7uK2JyQ4zqxbMKUzj4ya8txs0EuucXhXdhZJ4L74UgNfugE8fkBJ0H6lFp9xTC7trrXEZuI+gHMbkuSufh4PMucaJoWZojQk7Aqgy6XER1+gSBh5LC5m5xuU5WVIsbZvXUQutl1jDw\/HdCW+DNFe3sfVDPlSJenBSSi29Hcla4gKn2WiUh7knrQJLHeSBH3Zzy03\/hYYPVPezRo"}
02362{"flow_id":76,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2642,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041694,"pkt_ts_usec":308388,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUVppAAGwGbuE0ck2IwKgBBgG77Jdw4z8BPJqXalAQCAQxsQAAFgMDFxgCAABVAwNemFWez81PLBKBZ\/ZpWXJH6TAXSuhpR6LjZ9O5\/Ib1biDUNwAAmksidY2QH9d8PFbA8ZxWhvJjR72URb6wfpIuXsAwAAANAAUAAAAXAAD\/AQABAAsADhsADhgACFowgghWMIIGPqADAgECAhN4ABOX6qx\/dbFtLnWXAAAAE5fqMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNDAeFw0yMDAzMjQwNDQ3MDZaFw0yMjAzMjQwNDQ3MDZaMCwxKjAoBgNVBAMMISouZmxpZ2h0cHJveHkudGVhbXMubWljcm9zb2Z0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5cPc7+ffK5nA0L4JgyJVHq5gssIfEdRmtC73dVI6zgnGtpT6f3nwYpTDAQKMlx6QsudSvJ2pakD8uGh72z+HfVZkUmpPe5HPUgy1w7rfw5LOkFR51Ypaumu6aB51uPVwr5ibsSYWY3hG5ucc\/Fn9\/HeGIvOHWZAl8Fv0RRb4k5k1AJpccrpd9E2zNB3GiJmtrMIXuhWVXnyfpngGQbH0SM6dSEdm8JZcHarOtVgxYQQG\/b1ODleAEzslbmo86WxY6Z1cSJq33dsyCLLLD7LqitPXTTIoJz3Pd3tcRV4T8gAVTyZBtgIeBCpt\/+d6nv5Dj3LOJiKm1ezIikFMa9YWECAwEAAaOCBA8wggQLMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAXEK5s89AAAEAwBGMEQCIGAcfPGmuUGLqlrtIZKVsZNpcprCDipXuImCLtIeofxOAiAJCiZ4ErCA5qX67EyXj01VyLmTNMWAvahgRq6K6zvqnwB2AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABcQrm0FYAAAQDAEcwRQIhAJKFCfeWNvf1IxKewyf4Xx8dQsiTrAwAumZ30GCkn7hZAiADsvQWiokkf8qqj+AUZjNgCqKxE\/Ch2mf8PRQt8JGvPQB3AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABcQrmz2MAAAQDAEgwRgIhAJ1EiYGY8MIsWsVz++Q4MhHeZVQpPNpzqTWMVhZGWHu\/AiEAuZhwzU+0SjAULNYTIgEjQDfa3HJLPfxzSMnkXO0tRp0wJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDQuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBQu7tiLoY1nJpN+\/JvokwgNNDQ88jALBgNVHQ8EBAMCBLAwLAYDVR0RBCUwI4IhKi5mbGlnaHRwcm94eS50ZWFtcy5taWNyb3NvZnQuY29tMIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2Nv"}
@@ -931,18 +931,18 @@
00617{"flow_id":64,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2661,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":97646,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAC96aQAAEARTOPAqAEGNHJNiMnhDZYAqZXIBl3+t6o2WT+OKw\/oTFMopouEH4gbE0oRDnfWSnKbiyKA1UFShjfP9XQMr3SuktBSg1fr9\/Cv\/\/M0m+iLV\/dO3k6aT89fa6A5A3fRXT6CWOsUW+zzpL9t2NYyp4ILTyhEca0jB07mOJmmtnQSS9730zSyT7ohVjIYmPNHU1Xc22zVUEHiNv5tw+qb5rATPwWbZIu65v4RMfw\/EGgkViIlMBU="}
01834{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2662,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":266056,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9NJsAAGwR0mw0ck2IwKgBBg2WyeEEKflMB9ibKDPiSDb+odHTLUFZkznbbNX+J75f4EKLo2v0jCX9AvnGgnVouaqfXtzVQexQAc1YLo9VPn1LnUy8C7YtiqmZA3\/Ycz29Q47Bpz7+p7QpPt6afnEOkBNbHEYWCCM+cq9EqFlbk9xc5YxsB8NIXcrytxDWz107+fOlbAP13E3AQrUoBlqIIil7ONM2N7g\/p\/vOe7i+nBW6l5WsxqWBzGz5Z5SICVeaiJoijcw2GNy5+jpe+kX08oNLuVfb\/NcVKqJ7Die4rlf9+C0PChMRQfilNjUjoWrkB9otn9V6wwExztequjn7uHyTieBqABT4hA3ockTP4mHSvE6G8V1bBtnrjKgYUZcKyYHBZc2DUmMKgTtwVTI2lk2Ea4gNMhCkUI7CNsEhyXwHoIhlVmQ7onfB6Jc+F0jJSdcmF1yTybA\/5lqI+deTAFxg2\/aAnHDrqjSP5cORcUVkW46ncl8M7JV\/nscb7XMxRyI5n6mWYtVbf3Iv0sH\/o91BzYkFqHjiUvwg7REoM83Gmj0VgUKSoRgtaN6\/cmfPC0E3oNeNP8ahVyhxTk7Ca1HKX1Yu6RBSNA1aX5zVIz838T7cv8L6hG+iUFfvjecGsexC4eODgN3nDBC91YpnOOWUos+a4eFAQrc4NrPsKniLHhpePKN6WiIkebuyLDcfO9FHlcZFCJ5gTOXtRUyqf1p4fAbrNUhPFcauPNjp\/B85U054L82CiNU\/jFCTJ3qAPXoONXavaAeymRDmy8BAcJ4d7r4d06TQNZzAXQm2MBDzFf7+x3tbuHDGcjO7RoRMhJgKaAdXFjXWtVnAfkIzgslTHMFtjC1R9tDE4kIOpSZEOWpvFdvU0uVqpRJH8ubukf84dzqEyIDsjGztiC+J0gZX5b0oZVrQdmwydICESBjOc9j1c\/oF+inRp\/lgoaRIfqSs+TaCQv\/XuP5OyyrUr9NRFJbSrec0dnvPYIFeN69MqRRxwdMf6pNO+W0eiTsAmVR3\/mRnbyfLfzYSH4LU\/McDNvqvrWe+3gopqgFDOthv\/drY026C7XUxgMnxISnEt5j6+J1hnjP45lGL\/PpwjCQfzk\/2QrUr8qNxxBiFFT7ei6ujcr9Z4Udrk4490KsI66pR6Au6hZHyLGUcAwME9WkeaItuTSDZSY1hy5SJdkooAg34C0Uf4ikN8uhL4eHQY4pTyaUjOulk7o1b9\/XiUpUyggJ4jF+ZtuPdSg98uOUKlaLEDJhEfxy5hCwAjhXB2GTYcleyj8HZClU0UU1+3sZMQQ0x9vuwGJ1w1xw9yJfsGlVpVNL139cr0Zf+un4U8owBnI2QVbk9FV6koX\/eF+3WBbOIl6azfwspFauN09SX1VriWH6aV2RSN3QYNWsI\/EMJmca6gEVuzDU\/NDsSiPyuKcUkBhWe8w=="}
00446{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2663,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":267528,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"EBMx8Tl2KDc3AG3ICABFAABBBqUAAEARMF\/AqAEGNHJNiMnhDZYALR2vA2RlNzNhMDFmLTQ3NmQtNDQ3NC1hNzliLTMxM2VmOGRmNjI0ZQ=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00550{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":278787,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":278905,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2666,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1587041695278,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":305290,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="}
-00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00587{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2667,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00551{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":305879,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="}
-00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_tot_l4_data_len":120,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00587{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2668,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1587041695305,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
01662{"flow_id":63,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":309999,"pkt_caplen":975,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":975,"pkt_l4_len":941,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPBAABAAEAG9oDAqAEGp2PXpOyWEVIVrYR7NJWK64AYEACfCgAAAQEICjCE3\/cTeUK5FwMDA4gePBs\/C2EWBhPnt9rTOeXlSRdCMdWlZ2hh1ujeyOz+vtQgRyqCjB7KcrqhhBcxiY09Yi+fzRdUCWlCMJFUYL5wD58NG6SGlo0m3MhaTL91MJQpfXPSARG\/okUk3oikkWt2Y9HD7HWNcYWFF0yvbFjLzDgm5QxcwuP3SstmF+R9Q87mOgyoEIHcDEqqNgi6j3pUupR9xSOWXujI\/V+\/BlZwv+zlPIs4KeSyM6oQ3qSZLgQiKW0gIsjlC5tRTmglZXFCqVTYU7oid1B4d5\/QkMDGDfXVCom\/BfWLGl3fbPSsbpp49\/NF2u8dWirTFY74SFjQS\/S3kzcGU\/EURpKpFaL431RKZO+KTpeiknpknGjGhBqsrcG4UOorL4fICHt66HlO0wlyO\/vUlCotPVii5tIdtVQgenz8KMwH2eVEV8C43IdapCIHC9+dc1+ey0Vz5WVQ+3GcEYSOZupnBqfrs4fecnDXp6mseSbm6JfxpHVS5morMgrwggHinCmCYoICGC9jqCWuW910945bwzfBoidpMmIacF5WtPa41f3kMjr5YXpF3rcJxYphmKNQeL3pUK0fCdiaZpaSr5FXuhwxFxXRVxQydXgrg5XmpNfVgHwgjFcwfEHgPD3zmR2JN0JdFYiuhlBpc3qSK8uRgWqnshsw6vxTKE3ZVA4tDuoS\/Hc8CY5vVN9QF1cOUcCIqBRAFJbe074Emz1iwrUi9Gfh4CX8kowsqRlDLnSk2nZES+96m\/tjoELojBJTfZhS2lXlq\/B7uDRBXaPBDHITtXVzChOFETwLwNxn9QfNV\/pxPiA5l6XeaebaDQcoLNGKVOfGe2AwHZHtb\/CYi2KRPrdcUjBOEX1kTcpS8P2a6eDnlp\/TrfacOzcAGFN5jHF1c3+g12vlHy8Xd+pNKjm+Q9b7nUwRqFM31CC4ycvN230wK7pDN280O01BngHaKLuB7lKV7r45KfubnyWwOef2C\/zXz4dgkFQuivCiWJOp0xpKvobvUbfCmGGrb97acBiKLo5IEfn0S5+7i9oNt0XV2Pt9yu7iLVzZI26qTDOQ8HM6NBeNXRl5NWQHESYXo23gzSvuwl0sBlZMsvMjSezPfTTq3TDzB8k0OTld7SjweAtyrY4v4AyqPPu4oCABh95kVfnqrl\/GPUJMQqFKTpOo3eG7KkBBEe4LPXMLyu7nJ\/wA3\/VWsVyGsDoSb\/Gu"}
00515{"flow_id":80,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2670,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":330085,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="}
00551{"flow_id":80,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2671,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":330306,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="}
@@ -957,12 +957,12 @@
00516{"flow_id":81,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2680,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":407379,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":413161,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00149{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","type":34969}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00565{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":421892,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1587041695422,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1587041695421,"flow_last_seen":0,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1587041695422,"flow_last_seen":0,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00565{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":422685,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="}
-00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1587041695422,"flow_last_seen":0,"flow_tot_l4_data_len":132,"flow_min_l4_data_len":132,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
+00585{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2683,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1587041695422,"flow_last_seen":0,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00716{"flow_id":70,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2684,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":432593,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="}
00534{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":432665,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="}
00768{"flow_id":70,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2686,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041695,"pkt_ts_usec":432806,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="}
@@ -989,12 +989,12 @@
00515{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2714,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041696,"pkt_ts_usec":574201,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0IwoAADUR1KxdR27NwKgBBj\/Nw3QAYHcAAQEARCESpEKDWwnX0gcAJk8k2bqAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUw6PYcnYrotsM1O+VvNKE3YekJS+AKAAETRcPqA=="}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041696,"pkt_ts_usec":611304,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","type":38}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1587041697061,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1587041697061,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":61972,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
00436{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":91344,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
00423{"flow_id":84,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":91452,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
00748{"flow_id":84,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":92026,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":305,"pkt_l4_len":271,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEjAABAAEAGxa7AqAEGKE+KKeyYAbtVmTcxYapvvoAYEAlljAAAAQEICjCE5t4L9mYYFgMBAOoBAADmAwMvt9\/l19PgHHhBJ7fePZ9nkIIpM9PqvMR3RuXFQQr78gAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACV\/wEAAQAAAAAXABUAABJnYXRlLmhvY2tleWFwcC5uZXQAFwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACgAIAB0AFwAYABk="}
-00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":32,"flow_max_l4_data_len":271,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00761{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02350{"flow_id":84,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2734,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":123566,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+dAAG4GMxYoT4opwKgBBgG77JhhqnVeVZk4IIAQBAXnDAAAAQEICgv2ZjgwhObedGlvbmluc2lnaHRzLmF6dXJlLmNvbYISZ2F0ZS5ob2NrZXlhcHAubmV0ghVkYy50cmFmZmljbWFuYWdlci5uZXSCH2F1c3NlLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHmJyenMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2NhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWNmci1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1jaW4tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdY2tvLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWN1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh9jdXMwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1lYXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdZWF1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHWVqcC1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1ldXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDItYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDQtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIfZXVzMDUtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIeZXVzMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5uY3VzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHW5ldS1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh5zYWZuLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHnNjdXMtYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdc2VhLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXN1ay1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh1zd24tYnJlZXppZXN0LWluLmNsb3VkYXBwLm5ldIIdd2V1LWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCH3dldTAzLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCHXd1cy1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0gh53dXMyLWJyZWV6aWVzdC1pbi5jbG91ZGFwcC5uZXSCIHd1czIwMi1icmVlemllc3QtaW4uY2xvdWRhcHAubmV0MIGsBgNVHR8EgaQwgaEwgZ6ggZuggZiGS2h0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybIZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNybDBNBgNVHSAERjBEMEIGCSsGAQQBgjcqATA1MDMGCCsGAQUFBwIBFidodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcHMwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAJWTZzx1MK5GdVXHHDNo4UfZmpqNSZyuP+i0NBu9AKrV3sQoq5pmeYJ7vP+oV2p39mLTb2oqM52AGvlnpmoTNJwN7XVFBPYI8jrT6ZwWv1hAZa"}
02368{"flow_id":84,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2735,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":123656,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUX+ZAAG4GMxcoT4opwKgBBgG77Jhhqm++VZk4IIAQBAVyJQAAAQEICgv2ZjgwhObeFgMDGyQCAABVAwNemFWhbnl7WUqfYm1R+o3Ql0XAiScTRcea89UxKH+n8yCpFQAAQf+OsMwa2a86lyxGKjOde+fqEWJ1inJtKjMpocAoAAANAAUAAAAXAAD\/AQABAAsAEkcAEkQADIYwggyCMIIKaqADAgECAhNuABQ+IygxVnX+3gt8AAAAFD4jMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDAzMTcyMTQ2MTRaFw0yMjAzMTcyMTQ2MTRaMCcxJTAjBgNVBAMTHGRjLnNlcnZpY2VzLnZpc3VhbHN0dWRpby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTjRhywpCP09kk\/FUbRL0JHcwFbXYrKO+yEnwFM3rPYCWH\/N3ytkgm55W3De9R7TQ4nG6hXjvu49n3GFbb7tzgjX4oUgzhxxZTMBnakqeLogod6D5ZdDfokss9bp+ils6rtyCJ2XgEKGa5\/c8Mrrd6rtcviCMBXmgB2qxkza1z3wKmopsTvC\/wZ3Plw8ddfnLBdhAtnPdFwhZLXumxfbNwCtNzeqzd3gMfj6Vx9tJpzRnOOnFRUc8UHNW\/hDyGqfdV9oadinJHISOkaW14SG+NiKCbs62+K4kOYuse8tDejJHAH5YGV2juPptMgDxbpvzxpK0cFfQD7NTJKkWmOjp7AgMBAAGjgghAMIIIPDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHcARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAFw6n9T+QAABAMASDBGAiEAmX768G6NS+ZYbiNO9DZJmZdvkp6\/SHor7vGRrNqzQZQCIQCzE3PNmahLeoD1Ru15LTmGBf3T\/5eQtpKsbupBPVD5rAB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABcOp\/U6gAAAQDAEcwRQIhAMlAkpZnDcncwQhl8yQ9bv\/urmUo\/HvBUXlQ2OoHaY9wAiBX8w8hdwe+ti1JzlOgo+l6ERsL\/85ZiYbyBS4PLBobRAB3AFWB1MIWkDYBSuoLm1c8U\/DA5Dh4cCUIFy+jqh0HE9MMAAABcOp\/VMgAAAQDAEgwRgIhAKECRib58RCo5MlQHGb4ATWRjKZrjAjdUPi+tLxPf7uOAiEAilsYu+v0osacw7zHLY7aZ\/y5oCRfVO4yXuUTkPyx1scwJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCAR0wgYUGCCsGAQUFBwEBBHkwdzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3J0MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC5tc29jc3AuY29tMB0GA1UdDgQWBBSJNZ2CkQqUlyOTG\/kUtmT72TvlhTALBgNVHQ8EBAMCBLAwggRZBgNVHREEggRQMIIETIIcZGMuc2VydmljZXMudmlzdWFsc3R1ZGlvLmNvbYIkZGMuYXBwbGljYXRpb25pbnNpZ2h0cy5taWNyb3NvZnQuY29tgiBkYy5hcHBsaWNh"}
00440{"flow_id":84,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2736,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":123672,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTggYapvvrAQEAkxvQAAAQEICjCE5v4L9mYYAQEFCmGqdV5hqnr+"}
@@ -1019,9 +1019,9 @@
02044{"flow_id":80,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2764,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":617801,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"pkt":"EBMx8Tl2KDc3AG3ICABFAATab+wAAEAReGTAqAEGXUduzcNgP8wExulzgMkBKwAA5lpsDx4xU6SHE\/lu1cbeWFc6naonT4JAuuoZuxzI2sow1YFjz\/bN9xje4nS4yGtK00hDpzDL30dBZsmDCgne5kA+GN7AB2rifeH85TWum9Ym\/tooPmTKi3RcSOyfHYutcmofKWKT6s5HQ0fhH3Z6TEwNM2mVI03jCxYraV2r9+r5vX2roR9dDhYZCtVYnoe2G94imh042ouKgMpu\/PMbneFIAUoIzKFlb4+KVdOQi9CqtSXinHYzN36ema5KYQpc1KyqvWCh55IReBkkf6eXTLqqSI6dTY6hZFgWciY5RYQ99JlURiHAJmhbQCRd7pQy9wAMJ3Dnv7MNtqksN+FOQwHUroTwANyMahHw5ah6ol+IhGg0tCOZU15M2KXffB2FHYXsLZhb9DdAb2qruuCuBo5bKggCZkeu6pQBS89aR5KgMU6ytD3htUIcxm7sAn89EmzHwqHEosUqx7BKyXmBTAXIz8JPiWv4VXpinCTtxDlo4SXifwylOdC+0SNYYJkWZzihLlaFHygFs2vHgi0K9WD\/oXvHIXSuuSTK2uxSj1jG8bJL2ykEEIxDyRFtdGh\/ZE+wftE\/mQ9YXajIN01\/z5xd2TdxJ0XFoYpjBA9wx2VkHjJOrAnh+sS74cNKz4juprWtOva9feBFvVQ2uTErBycBhDWnXY7mNb758ZVjfw29b82kC6yxlDX8dlXihl5NMKEZ\/fCkQXLDgFAGqlpUrD4YEvyEhCkoLyVGJNr5DnFltRPr75k4W1UHlJ4hsnM96fngXx1PRBKQxtntySydf\/gewnTwKpCJ8\/juYQd2cFLFENXsYY0fwFh2HyqUUXe8HKSkkeqSwdNLCW4SXakZRfCCfmRstuKJ+gtEoyR0bBA7yiN7oxZy0k\/tJgXCtVHO+dYMPxJ8U+Zf\/ERaIb9VcqVayqmjK7lYUYQlzr5xtjIN\/y0BnFwqnCVWK017RciqG4gAJJWDvcipvgXrLv+WM7\/tYsOzW\/qf5M22Wa\/bJs6LLzWeKJU7KuB3je3ekpHAgCGd6vhl4mmLHuyOJ2bQjGOBKgDEP+8zAn\/xVpFQp4pSUFWWTAOYY86A9jXXifGlGdfKSBIRj\/N7atpZUjpXIWN\/lbvz5PUw4ARDgWv2vNavHz0cekm1PzRbGRDiPVIF7xSamOQ8dimSWFLS7fiHfvE9z+Tn\/yKWVVYf5xtDBW8FR2DNl8k7005dCen26fidZ7EVGcXBoxCWAAl1+Gq23N9F9uql\/K43EHmfqI5N8AkOMCeCNZ3pAxfN0oPKGpjfR5ccfWU1eot6BRyBYU07SODDhNtU1JtVCI53CZfa64aKe13fJU4CW+tdR9bUMGuyvOtjXg\/1K9e3w6ZaYqdgp1xWudLj0ck5PlQ74yF50ptQb375kNBzIJn1Hbj013yqUM5\/A7z2NgaYTw1hPuYNkfagxRT1lhzj\/sbPqPshs89+pGA6B9WlovHvPUJG9OLlaXw4YEkUlGuNBUMdBG15ZKU2BXf0h+ZSUw79WtohyoMCIfVTG+ydvas7vDDIrwS3noXqCCRMOk26U0AffjXMPbLbB8QQLVPEQD1SOSr+39h6G5W1ha3VeQ4FgAAAAeAuqGnJ7B5kI8U="}
02040{"flow_id":80,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2765,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":617826,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"pkt":"EBMx8Tl2KDc3AG3ICABFAATae2IAAEARbO7AqAEGXUduzcNgP8wExoSUgMkBKwAA5lrJLZgVPA0x9\/Ak0gXdsUJRceCTjz3PuRUPmAV78wFmDZkhlnERaBeQZTpXK7bb\/ZH2EdSRPwMpfg3keJ58F4NQW+eV73UAjqTTnUBcDAv4nztEOLvuqB+OuNNskceTT8J7XXNMIpnjNsBafsA15HhMWLJaTdLNJtYKxyGCuP1VHuGj+r0Sw8IL4\/l8CXmZ2YSMG\/JXV31DGroywkc5SLibL6tUGhgUNTM9EyJ3F6vXgq9CwLKp4El4q5iXjQyPZPdko\/XT+rXs3DmTySkPluXO97qvFJADso\/8EZbcYND++Hol2E0eGRWcqUYVhXKl6eto\/rOtNHC451D+lCLNPyd5NpgXFwGBbGvjzLFOR+ar+fgxtOOWcBpZfxr97EamwQ78f3XF4tXmtiVMV4IZU\/QB\/t5IBKVFJBryw9fHaodywEBQirqg1SqRFeQeBk5FzDTKm3N7fmuuTmxvAVjS7XIOvD8eq4KUrPejRpMwDJ\/f5O2dFeBVCSvt7BOneZRjxfJPvUBLFqqsVbRshIFGF9x2dGPFE6lpi7JIzhS4bN5efAHfWQucmHyMmWgeifrr7ErMUkIT8aJzIkTuXYe5hJmB\/z6RlF14OrhD67zleJHeO8g69SbdnyfWIYgAwYy2h5IInehvzD9mSoMmMf3602PdTBLaKaiyoeCcWEZIwkWEcfXM620bAzyDuDDM7ApjYN\/5x5YoCj0dfw3GHGZADAIszp14jYwX1iwT9tAu3yjXNHx7khS\/tbMQUF4q2az6FFcm0PS\/+qmcYsSx3cV7Z9IE0s85tnkXHyt+QxoAKaj4E1rVE1DTJTvEDp2NP6zcLKH6HDxjOqKRNc3rNv4xPzyidKQCH5YMzM4omH5JtzeyfgMhlyWUz9DjzAVtcjLInCJP5M96JlK1AafIqKkoFOqVR1nccfWFvPH7oF8im2KRr+bfIoJCLvbtqfadTbYXNuGKkpf+T8Daa3aN598fQt4lebspWWyj+hL3MvHqO9a0LS9kXdoJ5PXDUKjMnUDUAhIKq6tPlnBz+aBDmyu68zxLDJRcLsAX5+TEjy6f3gEfac3trJeU5hy39luehdZFNd+wwlJG2HxtJ7WXUmXTOo8GYGy6fF3bJyvr+25UbtzAFR9tz536T1QiIIM54x\/OT6B55TEl5UvBujxsfFmPOM6E0kyQSAjGPezPNZ7ECAvkGuCgOI2+NqY1OwrHlSFWjIAIe15st5Kcec82qv1Xjqrj1teCXNpFr8erfFbrNsyW3qiEIqSG48TeN2bP9AUHSIFxDK1A0GrG4VCWiC25uQBGPm2n7YnEOTbvJdHlnw4Wudkk1HhECOyrQhed5OqGtk6BqjAVRMV\/5y895yJn8U9SloFoPNb538uegseNseABC8atFUO8nTyX+rPC0KklbhzUxRJ92ZSEK2V99cuFw+LEvM\/9osmUOWMvrOqTF2taeFSZBxKuej\/7molrThcqLQMKoJgnjpVMurXpzk9uNuZetKRCs47i2AikShegzcyro\/UcnnUaChxa3F57u9EihqryxV1pfnonBIM1jDU5+0fDvcQFQwVL8Rdxv4p\/be2RjKyH4+cnxm\/KgAAAAq6K4T8PVd6LFAo="}
00480{"flow_id":81,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2766,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":619539,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"EBMx8Tl2KDc3AG3ICABFAABanjAAAEARTqDAqAEGXUduzcN0P80ARteagMkABAAA5lsmU+EIO4Jd\/4VVSEgk4ZreSec3uDuofyQ83QvCKgJVhk3g5k7mDymOgAAAAaxz4Wn0\/8jj7Tk="}
-00442{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1587041697660,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1587041697660,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":660621,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
-00474{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1587041697660,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00482{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1587041697660,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00592{"flow_id":71,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2768,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":663187,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"KDc3AG3IEBMx8Tl2CABFAACtfJsAAGwR4PY0cvqNwKgBBg2Ww2EAmWC+AQMAfSESpEINQAd8TvBOvXDWMxoADwAEcsZLxgANAAQAAAAAAAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHME3GnagqAUAAYLOxJmLF8a9P8QJMpg69OprVoITMAAAAAgCIACTIuMC4xLjIxMQAIACBXZEEobQtnwOsCYr30FXefykLuRj2+vxB\/THVizwWzVA=="}
00543{"flow_id":80,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2769,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":668816,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"pkt":"EBMx8Tl2KDc3AG3ICABFAACILyMAAEARvX\/AqAEGXUduzcNgP8wAdKAIAAEAWCESpEJpNUW874Cqp91dCQQABgAJbzUvSTpGWTMyAAAAgHAABAAAAAcAJAAEbv\/+\/4AqAAgAAH+KUoZYAIAzAACANwAEAAAAAgAIABSrJHBh7YcwQRz+xslFJPGEt4fI4oAoAAQWqXBo"}
00648{"flow_id":73,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2770,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":668978,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"EBMx8Tl2KDc3AG3ICABFAADWXowAAEARKuHAqAEGNHL6icN1DZYAwtlEAAMApiESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxoAIAAQAAAAGAA0ABAAAAACAUAAEAAAAAQAUABRzrT6HZUT09MBbGfgrZXo06YoDbQAVAAoicnRjbWVkaWEiAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8AAgAIBF1x2DO\/FnH+NItZ0DdGmNq9Qpo8WCUVFVIxiEnjM\/h"}
@@ -1032,88 +1032,88 @@
02051{"flow_id":80,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2776,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":676447,"pkt_caplen":1256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1256,"pkt_l4_len":1222,"pkt":"KDc3AG3IEBMx8Tl2CABFAATa6dkAADURCXddR27NwKgBBj\/Mw2AExilggMkBKwAAdOzsa5K8UoqAgMkd6DyrDFM5Z5ls+wHmur1BhbBuUi5o3AHNCpvPNXoPapE6jrC+JzT+SZK8D06h9KkWZnNZ0to+rDxXAL8qfeNCyQf8VSQ0AntLdH\/K59E3hXZoxKxbgv5xmpBpN4h1DRb9ss3Zw9lHvXc\/zsARlFA3rTxVvmG8JuxQyZ11l2MiBj9O9PdNIgqmQ1X\/t8VvsmcP+oaVyL3Rye4vON7N9\/i3GQfK6jefXyT1F\/FReir67ocbsdrX4arGdGCd4Z7JejYiBJDSTjGNHiAnz7fAVLR2qqJL4\/Sd8X8dQV+r3yS+02htPEKHVN9cxfg\/OrSm57mPr52PrYaZ7ojRC3fnjoDXQu9PKKdBMNxw2ArNdoz0fpib6VWO\/EXu8gg09eqHwBEubXujZe+W8VKaLv\/4JLWNuhjLYaYTayQdmWDR\/ghya9BFOZMgbQTqjCeK5p0rW7VJ84jhVQ0JrJEtvM7SR3GN6Aksfur8vluQMNljEf0pe4ZXLIkwKxbUw2XInUe\/MrWGHIrq72jgjiaeuCLdP9pTVb23+PswDjwfr24AhxZxhkjRbp5SqjFwht1aWh0EXq3HsBzNii+irNEd6Pb7dvdE\/xlAVPTYMjZRBlTGv7elYyfGxw9YcKOu\/mcnyL2wusZdMc\/2lW0e\/\/s70KlhN4cSdg9+68j9qKCKCjrk5ts8OacUCq6sdwpP93U\/vaeEBHyR47Tzyfv1Jimai1ElwYHqr9C4C5ZMSfglAU97+eT9jCQG6NLM4gCbt+557epmUASqswbBeTk\/nN5weW6zTNPFW2iB9hYQxGa1WOY2dnVWQ06fxh08sjwfySpW5jTPNnpJa+ebIDJ1gmhlQom6TSavGEaLMnUlBSh40YzBoSITQ6\/hPa6QMANwcufrSnM9lfVHtQcxEQUmXywUAOQss+xImJic9lANftI7cg53ol9psrYwRvwIP6sJl9ct990QvLyQHF0+BGcKIQaVCLLS8z5Vq7PNqxYl0pZXe6VJ4fVCVoUBgYAs5oSxFmGHh5UnV7TXlPgZfuAWfZR70M3xVymqw6DLqU25r\/DNfjLFP37YjFuvJEGlAsHex+mfPYAR1UcKjdn3O1LchDrKOblh1YKg7ZVE7mAzkAi\/1nM3ZZfXZ7nGnqyWZEE6SeX9J8d557nRzBbgKQfX8b6QyIipZQHaKYLT1uCeQuHhoeOi9nka4DyXixxciPGXsP3CYn8rMacQg+2nCZtkAzyP643oGuCmv4OoP\/dPKqpk\/G67Lpw5G55kJ0UbCgi6jUrG7bVFWMuv8L\/JEjEuNlGyMphzfPfmlXefF647EGhTXLymFznu95xGlhre0omC5\/AvhztRX7vR8nN372CvUepGLo\/oMN5Jb6zz2V8i2oXn8NMp5kLbZxjRl0ZjFk3uRvayyWBSNvfY\/nxbVl9cjJOWlDhjRo0LH5FrIx+L08J\/U01uek5LCClDUdc9KzE1t7PZL1\/sNf+f1xp5CANozF\/uu+\/QNRdgulBTdfDW6IKj8XEvdzIHuOEs9UL2y8mbR7h1NTWsZfYTDiwy11ObRF6CUkaZP08bUDvAfGLcVYzBXFUCQZOJgAAAAg7rLYYXyWxwhDw="}
00592{"flow_id":72,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2784,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":713165,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"KDc3AG3IEBMx8Tl2CABFAACtVxwAAGwRBno0cvqJwKgBBg2Ww3QAmStwAQMAfSESpEKq36JSlpzO4UFUsSMADwAEcsZLxgANAAQAAAAAAAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAIACBb+0dO7XG7sUjMCcGQZhDcW3hrI\/E2Bu3cGSpxYdsKow=="}
00594{"flow_id":73,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2785,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1587041697,"pkt_ts_usec":714311,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"KDc3AG3IEBMx8Tl2CABFAACtVx0AAGwRBnk0cvqJwKgBBg2Ww3UAmdF8AQMAfSESpEJ\/K8mw63L1SVFc8SkADwAEcsZLxgANAAQAAAAAAAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHAaHGnagqAUAAYaOUMdiD0+ug9lexVR\/3YR6\/W6KUAAAAAgCIACTIuMC4xLjIxMQAIACDm9keelgh3gAU1t68wEkZCoxEf5LkRAoAG52M5NOQtKg=="}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_tot_l4_data_len":7466,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_tot_l4_data_len":7582,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_tot_l4_data_len":7530,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":242,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00455{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_tot_l4_data_len":7994,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_tot_l4_data_len":13457,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_tot_l4_data_len":776162,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":597,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_tot_l4_data_len":9810,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_tot_l4_data_len":31500,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":605,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_tot_l4_data_len":8660,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_tot_l4_data_len":600,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_tot_l4_data_len":10410,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":61,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_tot_l4_data_len":600,"flow_min_l4_data_len":120,"flow_max_l4_data_len":120,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":69,"flow_max_l4_data_len":127,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":53,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":46,"flow_max_l4_data_len":148,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_tot_l4_data_len":62529,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":812,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_tot_l4_data_len":21202,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":623,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_tot_l4_data_len":12901,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_tot_l4_data_len":8326,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_tot_l4_data_len":8282,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":59,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_tot_l4_data_len":12988,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":541,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_tot_l4_data_len":11276,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":106,"flow_first_seen":1587041682420,"flow_last_seen":1587041683086,"flow_tot_l4_data_len":89754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":846,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":37,"flow_first_seen":1587041682423,"flow_last_seen":1587041692106,"flow_tot_l4_data_len":10500,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":283,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_tot_l4_data_len":16124,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_tot_l4_data_len":11564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_tot_l4_data_len":16494,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":568,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_tot_l4_data_len":9376,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":390,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_tot_l4_data_len":10437,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":417,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_tot_l4_data_len":12708,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_tot_l4_data_len":19902,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":603,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_tot_l4_data_len":23569,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":637,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_tot_l4_data_len":11237,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_tot_l4_data_len":8848,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":368,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_tot_l4_data_len":1722,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":28,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_tot_l4_data_len":84,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":28,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":46,"flow_max_l4_data_len":180,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_tot_l4_data_len":15603,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":288,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_tot_l4_data_len":194,"flow_min_l4_data_len":59,"flow_max_l4_data_len":135,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_tot_l4_data_len":3592,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1258,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_tot_l4_data_len":4664,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1257,"flow_avg_l4_data_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":58,"flow_max_l4_data_len":188,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_tot_l4_data_len":12691,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1209,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Skype","breed":"Acceptable","category":"VoIP"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_tot_l4_data_len":12691,"flow_min_l4_data_len":45,"flow_max_l4_data_len":1209,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":66,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":32,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_tot_l4_data_len":320,"flow_min_l4_data_len":32,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_tot_l4_data_len":222,"flow_min_l4_data_len":52,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_tot_l4_data_len":7878,"flow_min_l4_data_len":46,"flow_max_l4_data_len":1222,"flow_avg_l4_data_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_tot_l4_data_len":776,"flow_min_l4_data_len":54,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":69,"flow_max_l4_data_len":139,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_tot_l4_data_len":329,"flow_min_l4_data_len":62,"flow_max_l4_data_len":267,"flow_avg_l4_data_len":164,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":75,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_tot_l4_data_len":9564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":597,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_tot_l4_data_len":9564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":597,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_tot_l4_data_len":1470,"flow_min_l4_data_len":140,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_tot_l4_data_len":432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":108,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_tot_l4_data_len":1001,"flow_min_l4_data_len":76,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_tot_l4_data_len":1817,"flow_min_l4_data_len":140,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_tot_l4_data_len":432,"flow_min_l4_data_len":76,"flow_max_l4_data_len":195,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_tot_l4_data_len":1001,"flow_min_l4_data_len":76,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":108,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":49,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_tot_l4_data_len":9285,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":371,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_tot_l4_data_len":11055,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_tot_l4_data_len":11027,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":424,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_tot_l4_data_len":1230,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1122,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_tot_l4_data_len":1230,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1122,"flow_avg_l4_data_len":307,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_tot_l4_data_len":246,"flow_min_l4_data_len":44,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_tot_l4_data_len":9656,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":459,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_tot_l4_data_len":9672,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_tot_l4_data_len":247,"flow_min_l4_data_len":56,"flow_max_l4_data_len":191,"flow_avg_l4_data_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":55,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":59,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_tot_l4_data_len":193,"flow_min_l4_data_len":69,"flow_max_l4_data_len":124,"flow_avg_l4_data_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":66,"flow_max_l4_data_len":142,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_tot_l4_data_len":10405,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":61,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":25,"flow_first_seen":1587041693828,"flow_last_seen":1587041694047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6930,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.152","src_port":50014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":33,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":31,"flow_first_seen":1587041693582,"flow_last_seen":1587041694243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_first_seen":1587041697660,"flow_last_seen":1587041697673,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":30,"flow_first_seen":1587041693849,"flow_last_seen":1587041697765,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7358,"flow_avg_l4_payload_len":245,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.153","src_port":50036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":40,"flow_first_seen":1587041676435,"flow_last_seen":1587041676536,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12621,"flow_avg_l4_payload_len":315,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1300,"flow_first_seen":1587041677243,"flow_last_seen":1587041697130,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":750126,"flow_avg_l4_payload_len":577,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":37,"flow_first_seen":1587041682144,"flow_last_seen":1587041685098,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9034,"flow_avg_l4_payload_len":244,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":52,"flow_first_seen":1587041685240,"flow_last_seen":1587041685471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":30424,"flow_avg_l4_payload_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":25,"flow_first_seen":1587041685984,"flow_last_seen":1587041686156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8124,"flow_avg_l4_payload_len":324,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":29,"flow_first_seen":1587041687745,"flow_last_seen":1587041687963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9450,"flow_avg_l4_payload_len":325,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681744,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63106,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":5,"flow_first_seen":1587041695278,"flow_last_seen":1587041696498,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1587041685092,"flow_last_seen":1587041685105,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65230,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1587041685090,"flow_last_seen":1587041685136,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1587041681714,"flow_last_seen":1587041681754,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":77,"flow_first_seen":1587041676362,"flow_last_seen":1587041677077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":60045,"flow_avg_l4_payload_len":779,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":34,"flow_first_seen":1587041677042,"flow_last_seen":1587041677375,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":20082,"flow_avg_l4_payload_len":590,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60535,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":26,"flow_first_seen":1587041678029,"flow_last_seen":1587041678303,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12049,"flow_avg_l4_payload_len":463,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":20,"flow_first_seen":1587041681745,"flow_last_seen":1587041681895,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7654,"flow_avg_l4_payload_len":382,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60538,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":20,"flow_first_seen":1587041681755,"flow_last_seen":1587041681908,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7598,"flow_avg_l4_payload_len":379,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60539,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1587041682355,"flow_last_seen":1587041682370,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":65387,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":24,"flow_first_seen":1587041682076,"flow_last_seen":1587041682204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12188,"flow_avg_l4_payload_len":507,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.70","src_port":60540,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":22,"flow_first_seen":1587041682077,"flow_last_seen":1587041682212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10552,"flow_avg_l4_payload_len":479,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.75.69","src_port":60541,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":106,"flow_first_seen":1587041682420,"flow_last_seen":1587041683086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":86354,"flow_avg_l4_payload_len":814,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.77.33","dst_ip":"192.168.1.6","src_port":443,"dst_port":60543,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":37,"flow_first_seen":1587041682423,"flow_last_seen":1587041692106,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9736,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.76.48","dst_ip":"192.168.1.6","src_port":443,"dst_port":60544,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":83,"flow_first_seen":1587041682698,"flow_last_seen":1587041691929,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14416,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.58","src_port":60545,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":35,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10412,"flow_avg_l4_payload_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":29,"flow_first_seen":1587041683333,"flow_last_seen":1587041683650,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15546,"flow_avg_l4_payload_len":536,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":24,"flow_first_seen":1587041685106,"flow_last_seen":1587041685981,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8860,"flow_avg_l4_payload_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":25,"flow_first_seen":1587041685232,"flow_last_seen":1587041685890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9605,"flow_avg_l4_payload_len":384,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":31,"flow_first_seen":1587041685248,"flow_last_seen":1587041688035,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11696,"flow_avg_l4_payload_len":377,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":33,"flow_first_seen":1587041686239,"flow_last_seen":1587041686589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":570,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":37,"flow_first_seen":1587041687245,"flow_last_seen":1587041688061,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":22353,"flow_avg_l4_payload_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":33,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":307,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":24,"flow_first_seen":1587041694219,"flow_last_seen":1587041695993,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":8320,"flow_avg_l4_payload_len":346,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1587041672419,"flow_last_seen":1587041697427,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":1674,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Telegram","breed":"Acceptable","category":"Chat"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1587041673094,"flow_last_seen":1587041677380,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1587041684291,"flow_last_seen":1587041684304,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":54,"flow_first_seen":1587041684306,"flow_last_seen":1587041685465,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":14487,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1587041685243,"flow_last_seen":1587041685256,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51309,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":20,"flow_first_seen":1587041682809,"flow_last_seen":1587041688190,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2932,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60546,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":17,"flow_first_seen":1587041692808,"flow_last_seen":1587041695538,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1225,"flow_tot_l4_payload_len":4100,"flow_avg_l4_payload_len":241,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1587041683142,"flow_last_seen":1587041683184,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Skype","breed":"Acceptable","category":"VoIP"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":31,"flow_first_seen":1587041693428,"flow_last_seen":1587041697999,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":1201,"flow_tot_l4_payload_len":12443,"flow_avg_l4_payload_len":401,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1587041682668,"flow_last_seen":1587041682697,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_first_seen":1587041692528,"flow_last_seen":1587041692578,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":1,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1587041682129,"flow_last_seen":1587041682143,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":49514,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":37,"flow_first_seen":1587041695305,"flow_last_seen":1587041698021,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":1214,"flow_tot_l4_payload_len":7582,"flow_avg_l4_payload_len":204,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":8,"flow_first_seen":1587041695305,"flow_last_seen":1587041697619,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":712,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1587041685091,"flow_last_seen":1587041685104,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":131,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":53678,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_first_seen":1587041690880,"flow_last_seen":1587041690915,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":259,"flow_tot_l4_payload_len":313,"flow_avg_l4_payload_len":156,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1587041693517,"flow_last_seen":1587041693530,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","ndpi": {"proto":"TLS.Dropbox","breed":"Acceptable","category":"Cloud"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":16,"flow_first_seen":1587041682740,"flow_last_seen":1587041682856,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9052,"flow_avg_l4_payload_len":565,"midstream":1,"l3_proto":"ip4","src_ip":"162.125.19.131","dst_ip":"192.168.1.6","src_port":443,"dst_port":60344,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":7,"flow_first_seen":1587041693597,"flow_last_seen":1587041695591,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1414,"flow_avg_l4_payload_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_first_seen":1587041693515,"flow_last_seen":1587041693640,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_first_seen":1587041695422,"flow_last_seen":1587041695432,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":6,"flow_first_seen":1587041693611,"flow_last_seen":1587041697663,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":9,"flow_first_seen":1587041693654,"flow_last_seen":1587041697713,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":1745,"flow_avg_l4_payload_len":193,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_first_seen":1587041693582,"flow_last_seen":1587041693698,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":408,"flow_avg_l4_payload_len":136,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":6,"flow_first_seen":1587041693668,"flow_last_seen":1587041697714,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_first_seen":1587041695421,"flow_last_seen":1587041695433,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":25,"flow_first_seen":1587041676612,"flow_last_seen":1587041676808,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8429,"flow_avg_l4_payload_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":27,"flow_first_seen":1587041685251,"flow_last_seen":1587041685681,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10159,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.7","src_port":60556,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":26,"flow_first_seen":1587041686889,"flow_last_seen":1587041687253,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10175,"flow_avg_l4_payload_len":391,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.67","src_port":60560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1587041680294,"flow_last_seen":1587041680294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1090,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":281,"midstream":1,"l3_proto":"ip4","src_ip":"93.62.150.157","dst_ip":"192.168.1.6","src_port":443,"dst_port":60512,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1587041685171,"flow_last_seen":1587041685185,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":194,"flow_tot_l4_payload_len":230,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":58457,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":21,"flow_first_seen":1587041690916,"flow_last_seen":1587041691089,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8952,"flow_avg_l4_payload_len":426,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":21,"flow_first_seen":1587041697061,"flow_last_seen":1587041697244,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8968,"flow_avg_l4_payload_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_first_seen":1587041687731,"flow_last_seen":1587041687745,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":231,"flow_avg_l4_payload_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1587041675997,"flow_last_seen":1587041676010,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":118,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1587041691075,"flow_last_seen":1587041691148,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":177,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62863,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test"}
diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out
index 977991801..ec60a0bdb 100644
--- a/test/results/teamspeak3.pcap.out
+++ b/test/results/teamspeak3.pcap.out
@@ -1,7 +1,7 @@
00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamspeak3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946745680740,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946745680740,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745680,"pkt_ts_usec":740311,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946745680740,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946745680740,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}}
00650{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745680,"pkt_ts_usec":740373,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYyVlAAHgRnZkKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="}
00441{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745681,"pkt_ts_usec":306941,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="}
00650{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745681,"pkt_ts_usec":306983,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="}
@@ -14,5 +14,5 @@
00443{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745717,"pkt_ts_usec":152877,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"YDjgxTWgZmZmZmZmCABFAAA+24JAAK8RVQoKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kXBU+nh1IAAAAAAAAAAA=="}
00655{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745717,"pkt_ts_usec":152941,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"pkt":"YDjgxTWgZmZmZmZmCABFAADX24NAAK8RVHAKAAABCgAAAs\/DJwMAw5v2GKGXKYQPUukAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIrSNf449weIP3Mtxs2f5CVIz4AlysccbJOh2Hx12\/FfvZIUr+CaqJ1NptjWD4c\/54KoGPBsG2TxDXHlEIv0\/gMC2N1sDtT78ZQaJDzVZlIiJ77J6cpv3JiGD+0usMBNzYePKwevp\/qOojGedOx6lkmihZs5dImFMit4tG7yLMrbaiHxknDDM0H2fni\/wB8qDeNKn5ajIuG8cxGCA=="}
00443{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946745717,"pkt_ts_usec":746131,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"REREREREZmZmZmZmCABFAAA+3ANAAK8RVIkKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kXBU+nh1MAAAAAAAAAAA=="}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_tot_l4_data_len":1469,"flow_min_l4_data_len":42,"flow_max_l4_data_len":196,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test"}
diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out
index 0d77b0b6a..788badcb5 100644
--- a/test/results/telegram.pcap.out
+++ b/test/results/telegram.pcap.out
@@ -1,29 +1,29 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telegram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1588779596451,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1588779596451,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00780{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":451825,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1588779596451,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1588779596451,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":464499,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACavyQAAAERSFfAqAE17\/\/\/+tQiB2wAhkPyTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":464729,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJuJEAAAERXjrAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1588779596464,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":465053,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTehJAAAERW5\/AqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00530{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":708234,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"AQBeAAD7jP5XIzfkCABFAACAA9gAAP8RFKbAqAFL4AAA+xTpFOkAbODJAACEAAAAAAEAAAABBV9kYWNwBF90Y3AFbG9jYWwAAAwAAQAAAAAAHxxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzwAwAACkFoAAAEZQAEgAEAA4A2a7+VyM35Iz+VyM35A=="}
-00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00558{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779596,"pkt_ts_usec":708683,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAGwR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsHDYAAIQAAAAAAQAAAAEFX2RhY3AEX3RjcAVsb2NhbAAADAABAAAAAAAfHGlUdW5lc19DdHJsXzRBQkIzOUE0MUVFRkRFQjPADAAAKQWgAAARlAASAAQADgDZrv5XIzfkjP5XIzfk"}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":108,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1588779596708,"flow_last_seen":0,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_dacp._tcp.local"}}
00653{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":257598,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AQBeAAD7jP5XIzfkCABFAADbeQgAAP8RnxrAqAFL4AAA+xTpFOkAx\/OHAAAAAAAFAAAAAQABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEIX2FpcnBsYXnAHAAMgAEFX3Jhb3DAHAAMgAEcaVR1bmVzX0N0cmxfNEFCQjM5QTQxRUVGREVCMwVfZGFjcMAcAP+AAcBWACEAAQAAAHgAFwAAAADHIw5HYWJyaWVsZXMtaVBhZMAhAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="}
00683{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":258319,"pkt_caplen":253,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":253,"pkt_l4_len":199,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAMcR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QDHLvQAAAAAAAUAAAABAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQhfYWlycGxhecAcAAyAAQVfcmFvcMAcAAyAARxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzBV9kYWNwwBwA\/4ABwFYAIQABAAAAeAAXAAAAAMcjDkdhYnJpZWxlcy1pUGFkwCEAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="}
00752{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":258438,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"AQBeAAD7jP5XIzfkCABFAAEmpacAAP8RcjDAqAFL4AAA+xTpFOkBEl+aAACEAAAAAAMAAAADCV9zZXJ2aWNlcwdfZG5zLXNkBF91ZHAFbG9jYWwAAAwAAQAAEZQADQVfZGFjcARfdGNwwCMBOAExATMBRQE3ATEBOAE3AUEBMQE5ATABQQFCATQBMAEwATABMAEwATABMAEwATABMAEwATABMAEwATgBRQFGA2lwNgRhcnBhAAAMgAEAAAB4ABEOR2FicmllbGVzLWlQYWTAIwI3NQExAzE2OAMxOTIHaW4tYWRkcsCFAAyAAQAAAHgAAsCVwEEAL4ABAAAAeAAGwEEAAgAIwKYAL4ABAAAAeAAGwKYAAgAIAAApBaAAABGUABIABAAOANqu\/lcjN+SM\/lcjN+Q="}
00783{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":258687,"pkt_caplen":328,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":328,"pkt_l4_len":274,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfARIR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QESmwYAAIQAAAAAAwAAAAMJX3NlcnZpY2VzB19kbnMtc2QEX3VkcAVsb2NhbAAADAABAAARlAANBV9kYWNwBF90Y3DAIwE4ATEBMwFFATcBMQE4ATcBQQExATkBMAFBAUIBNAEwATABMAEwATABMAEwATABMAEwATABMAEwATABOAFFAUYDaXA2BGFycGEAAAyAAQAAAHgAEQ5HYWJyaWVsZXMtaVBhZMAjAjc1ATEDMTY4AzE5Mgdpbi1hZGRywIUADIABAAAAeAACwJXAQQAvgAEAAAB4AAbAQQACAAjApgAvgAEAAAB4AAbApgACAAgAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1588779597291,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1588779597291,"flow_last_seen":0,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00769{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":291316,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/KUAAP8ROizAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00557{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1588779597291,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00569{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1588779597291,"flow_last_seen":0,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00569{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":511254,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"pkt":"AQBeAAD7jP5XIzfkCABFAACbIpQAAP8R9c7AqAFL4AAA+xTpFOkAh0T\/AAAAAAABAAAAAQABHGlUdW5lc19DdHJsXzRBQkIzOUE0MUVFRkRFQjMFX2RhY3AEX3RjcAVsb2NhbAAA\/wABwAwAIQABAAAAeAAXAAAAAMcjDkdhYnJpZWxlcy1pUGFkwDQAACkFoAAAEZQAEgAEAA4A2q7+VyM35Iz+VyM35A=="}
00596{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":511362,"pkt_caplen":189,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":189,"pkt_l4_len":135,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAIcR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QCHgGsAAAAAAAEAAAABAAEcaVR1bmVzX0N0cmxfNEFCQjM5QTQxRUVGREVCMwVfZGFjcARfdGNwBWxvY2FsAAD\/AAHADAAhAAEAAAB4ABcAAAAAxyMOR2FicmllbGVzLWlQYWTANAAAKQWgAAARlAASAAQADgDarv5XIzfkjP5XIzfk"}
00544{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779597,"pkt_ts_usec":760485,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"pkt":"AQBeAAD7jP5XIzfkCABFAACLhdQAAP8Rkp7AqAFL4AAA+xTpFOkAd9R+AAAAAAABAAAAAgABDkdhYnJpZWxlcy1pUGFkBWxvY2FsAAD\/gAHADAAcAAEAAAB4ABD+gAAAAAAAAAS6CRp4F+MYwAwAAQABAAAAeAAEwKgBSwAAKQWgAAARlAASAAQADgDarv5XIzfkjP5XIzfk"}
@@ -49,85 +49,85 @@
00560{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":214854,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAGwR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsHDUAAIQAAAAAAQAAAAEFX2RhY3AEX3RjcAVsb2NhbAAADAABAAAAAAAfHGlUdW5lc19DdHJsXzRBQkIzOUE0MUVFRkRFQjPADAAAKQWgAAARlAASAAQADgDarv5XIzfkjP5XIzfk"}
00655{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":739288,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"pkt":"AQBeAAD7jP5XIzfkCABFAADbJxEAAP8R8RHAqAFL4AAA+xTpFOkAx\/KHAAAAAAAFAAAAAQABD19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMgAEIX2hvbWVraXTAHAAMgAEIX2FpcnBsYXnAHAAMgAEFX3Jhb3DAHAAMgAEcaVR1bmVzX0N0cmxfNEFCQjM5QTQxRUVGREVCMwVfZGFjcMAcAP+AAcBWACEAAQAAAHgAFwAAAADHIw5HYWJyaWVsZXMtaVBhZMAhAAApBaAAABGUABIABAAOANuu\/lcjN+SM\/lcjN+Q="}
00685{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":739491,"pkt_caplen":253,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":253,"pkt_l4_len":199,"pkt":"MzMAAAD7jP5XIzfkht1gD8IfAMcR\/\/6AAAAAAAAABLoJGngX4xj\/AgAAAAAAAAAAAAAAAAD7FOkU6QDHLfQAAAAAAAUAAAABAAEPX2NvbXBhbmlvbi1saW5rBF90Y3AFbG9jYWwAAAyAAQhfaG9tZWtpdMAcAAyAAQhfYWlycGxhecAcAAyAAQVfcmFvcMAcAAyAARxpVHVuZXNfQ3RybF80QUJCMzlBNDFFRUZERUIzBV9kYWNwwBwA\/4ABwFYAIQABAAAAeAAXAAAAAMcjDkdhYnJpZWxlcy1pUGFkwCEAACkFoAAAEZQAEgAEAA4A267+VyM35Iz+VyM35A=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1588779600828,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1588779600828,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":828022,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"EBMx8Tl2KDc3AG3ICABFAABGiX4AAP8RronAqAFNwKgBAfC\/ADUAMkhio9MBAAABAAAAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQAB"}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1588779600828,"flow_last_seen":0,"flow_tot_l4_data_len":50,"flow_min_l4_data_len":50,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1588779600828,"flow_last_seen":0,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00768{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":838194,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyb04AAP8Rx4PAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
00475{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779600,"pkt_ts_usec":842525,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"pkt":"KDc3AG3IEBMx8Tl2CABFAABWE2lAADkRqo\/AqAEBwKgBTQA18L8AQgAAo9OBgAABAAEAAAAABWU3MDQ3A2UxMgpha2FtYWllZGdlA25ldAAAAQABwAwAAQABAAAAFAAEXHr3XA=="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e7047.e12.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.247.92"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01028{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779601,"pkt_ts_usec":222806,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsBFEAAEARsrvAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01025{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779601,"pkt_ts_usec":223133,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHskFkAAEARZAvAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00781{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779601,"pkt_ts_usec":447909,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJZAAEARYHvAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAM98X0EAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00583{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779603,"pkt_ts_usec":292776,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"AQBeAAD7wJrQLWJ0CABFAACnQj4AAP8R1i7AqAE14AAA+xTpFOkAk34YAAAAAAAFAAAAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAyAAQ9fY29tcGFuaW9uLWxpbmvAFQAMgAEFX3Jhb3DAFQAMgAEIX2FpcnBsYXnAFQAMgAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMgAEAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
-00568{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":53,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1588779603292,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00579{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779603292,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":92,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1588779603292,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00612{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779603,"pkt_ts_usec":292829,"pkt_caplen":201,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":201,"pkt_l4_len":147,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAJMR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QCTHG8AAAAAAAUAAAAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADIABD19jb21wYW5pb24tbGlua8AVAAyAAQVfcmFvcMAVAAyAAQhfYWlycGxhecAVAAyAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAyAAQAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1588779603292,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1588779603292,"flow_last_seen":0,"flow_min_l4_payload_len":139,"flow_max_l4_payload_len":139,"flow_tot_l4_payload_len":139,"flow_avg_l4_payload_len":139,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00769{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779603,"pkt_ts_usec":320702,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"wJrQLWJ0KDc3AG3ICABFAAEyUGUAAP8R5oLAqAFNwKgBNRTpFOkBHhkkAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_companion-link._tcp.local"}}
00659{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779604,"pkt_ts_usec":297208,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"AQBeAAD7wJrQLWJ0CABFAADgDXQAAP8RCsDAqAE14AAA+xTpFOkAzL4AAAAAAAADAAMAAAABCF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAHAJQAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AlwCUADAABAAARlAAOC0x1Y2EncyBpUGFkwCXAOwAMAAEAABGUABIPNTAtMzUtMTAtNzAuMSAxwDsAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
00688{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779604,"pkt_ts_usec":297420,"pkt_caplen":258,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":258,"pkt_l4_len":204,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAMwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QDMXFcAAAAAAAMAAwAAAAEIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAwAAcAlAAwAAQAAEZQAEA1MdWNh4oCZcyBpTWFjwCXAJQAMAAEAABGUAA4LTHVjYSdzIGlQYWTAJcA7AAwAAQAAEZQAEg81MC0zNS0xMC03MC4xIDHAOwAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
00769{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779604,"pkt_ts_usec":398986,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy\/rUAAP8ROBzAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_tot_l4_data_len":286,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1588779601222,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1588779601223,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1588779603320,"flow_last_seen":0,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":278,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.53","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1588779596465,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00781{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779606,"pkt_ts_usec":465822,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJdAAEARYHrAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABAmSTUAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00533{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779607,"pkt_ts_usec":307651,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"AQBeAAD7wJrQLWJ0CABFAACAeJ4AAP8Rn\/XAqAE14AAA+xTpFOkAbGrlAAAAAAABAAEAAAABDF9zbGVlcC1wcm94eQRfdWRwBWxvY2FsAAAMAAHADAAMAAEAABGRABIPNTAtMzUtMTAtNzAuMSAxwAwAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
-00573{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_tot_l4_data_len":512,"flow_min_l4_data_len":53,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":128,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
+00585{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":102,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1588779596464,"flow_last_seen":1588779607307,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":480,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
00561{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779607,"pkt_ts_usec":308336,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAGwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsCTwAAAAAAAEAAQAAAAEMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAcAMAAwAAQAAEZEAEg81MC0zNS0xMC03MC4xIDHADAAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
-00585{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_tot_l4_data_len":459,"flow_min_l4_data_len":108,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":153,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1588779607374,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00597{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1588779603292,"flow_last_seen":1588779607308,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":435,"flow_avg_l4_payload_len":145,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_sleep-proxy._udp.local"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1588779607374,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779607,"pkt_ts_usec":374355,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA9u6QAAP8RfGzAqAFNwKgBAcuWADUAKd8a0oUBAAABAAAAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQAB"}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1588779607374,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1588779607374,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00621{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779607,"pkt_ts_usec":388567,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"KDc3AG3IEBMx8Tl2CABFAADD2ppAADkR4vDAqAEBwKgBTQA1y5YArwAA0oWBgAABAAMAAAAAAmluCWFwcGNlbnRlcgJtcwAAAQABwAwABQABAAAAXQAuGWluMi1wcm9kLWVhc3QtdXMyLTIzZmEzMzAOdHJhZmZpY21hbmFnZXIDbmV0AMAtAAUAAQAAAAsAMBNpbjItZ3cyLTA0LWVkZTZmMDZlB2Vhc3R1czIIY2xvdWRhcHAFYXp1cmUDY29tAMBnAAEAAQAAAAUABBQsTvs="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":41,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"in.appcenter.ms","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"20.44.78.251"}}
00769{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779607,"pkt_ts_usec":883587,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyjSEAAP8RqbDAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1588779608134,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1588779608134,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00460{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779608,"pkt_ts_usec":134321,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABEQD4AAEARtebAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1588779608134,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1588779608134,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00460{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":135146,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABE4wYAAEAREx7AqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1588779611355,"flow_last_seen":0,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1588779611355,"flow_last_seen":0,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":355675,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZH80AAAER55nAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1588779611355,"flow_last_seen":0,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1588779611355,"flow_last_seen":0,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":125,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00769{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":393437,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyXK8AAP8R2iLAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
00782{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":451548,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJhAAEARYHnAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGALuAMeAAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00570{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":458582,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZnzoAAAERaCzAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
00570{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779611,"pkt_ts_usec":657864,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AQBef\/\/6jP5XIzfkCABFAACZ2TYAAAERLjDAqAFL7\/\/\/+uI8B2wAhTXETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQo="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1588779615019,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1588779615019,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779615,"pkt_ts_usec":19709,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHiDkAAP8Rr83AqAFNwKgBAe7AADUAMxxUuQsBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1588779615019,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00657{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1588779615019,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00475{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779615,"pkt_ts_usec":32983,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXJ0xAADkRlqvAqAEBwKgBTQA17sAAQwAAuQuBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAA4ABFx69t8="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779615,"pkt_ts_usec":961995,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD78KNaMBgSCABFAABNRwcAAP8R0cDAqAE04AAA+xTpFOkAOcUdAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779615,"pkt_ts_usec":962218,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"pkt":"MzMAAAD78KNaMBgSht1gBhFuADkR\/\/6AAAAAAAAABNzt7FsMpmH\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5dUAAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36528,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABERC0AAEARERTAqAFNW2wIB1qGAgkAMLAM3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8o+UYRJgGi8A=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36609,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEWYkAAEAR97nAqAFNW2wMBVqGAgsAMMZE3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/VYJzCLkR9XA=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36707,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEZqwAAEAR5prAqAFNW2wQAVqGAg8AMLyJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9u+DapRNA5DQ=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36797,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEMZgAAEARH6\/AqAFNW2wMAVqGAhgAMB7S3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8nsGAWUhbrUA=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36876,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABECJIAAEARTK7AqAFNW2wICFqGAhoAMJgJ3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8HjiXC2fxIoA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":36955,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEVZYAAEAR963AqAFNW2wQBFqGAhoAMGBV3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8kkP6VHClAVg=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1588779616036,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
00501{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":70253,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcvxJAADMRYxZbbAgHwKgBTQIJWoYASDvF3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeKPlGESYBovAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
00501{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":76440,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc0gJAADMRUCVbbAgIwKgBTQIaWoYASCPC3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJeB44lwtn8SKAAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
00503{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":161820,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcHlxAADQR\/s5bbAwFwKgBTQILWoYASFH93EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBg2rJe1WCcwi5EfVwAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
@@ -140,8 +140,8 @@
00527{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":374470,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8TYUAAEARA4rAqAFNW2wMAVqGAhgAaPtH3EwAKRVlt6y8I22p7aDVlzF9tkqG8Vy9mc+httTfBLUUKD3nPIpyRy3ItnD3hVzo5GeIoM2qaFz\/yCQX0+y0hipTw\/kylFSjOOn2uuzWtdHeg39EeEdeCXu4W27oK0KN"}
00525{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":374717,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB80idAADMRT+BbbAgIwKgBTQIaWoYAaCPe3EwAKRVlt6y8I22p7aDVl5GbCK4j4zRv3DTd8DT6OUw6qpjroPsdobKbJkssqpPX5uXMLNXGSRggLwmRIKQDuFEnjoz+E5Zlydodds5mKwEYgkGhNIjlK85eZgSRk81C"}
00782{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":446782,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJlAAEARYHjAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAPwKR20AAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":188,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":188,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":188,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1588779615962,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":188,"source":"telegram.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1588779615961,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.52","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00527{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":466029,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB8HoJAADQR\/ohbbAwFwKgBTQILWoYAaHRJ3EwAKRVlt6y8I22p7aDVl5cYNmc7owIGPJxlskGx5br+SSQy40sMDI5d++f\/6aTzwNmsmc+tH0QUeknBRS9SCGoK6JwfyvJhza8gjx8KUlZD1YkPUiuIlncqMpzfBBG3"}
00528{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":484536,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB8KBFAADQR9P1bbAwBwKgBTQIYWoYAaKHG3EwAKRVlt6y8I22p7aDVl1abu3bDGz6o8fsNot++0zK7RzO7PBk+7Vrmoj8ysTske1f\/EcqIuDby2Fk6mUM4OzQiEPo4kF6e\/Y9\/bAWD7HEOuyvzTKmDTuxutup64haF"}
00525{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779616,"pkt_ts_usec":505295,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB8dyVAADYRn+ZbbBAEwKgBTQIaWoYAaCIT3EwAKRVlt6y8I22p7aDVl45mJpEhOWgZ6A6Kc6hID4w4KLG36jYh+Cxfh82Yl8XDNtvIeuCeB52AwTUXULg6UcBqL7rYB23KloHtMZxkmQf1gFMMk8wX4hEL6yN80sZ2"}
@@ -201,11 +201,11 @@
00527{"flow_id":22,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":173924,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8dtkAAEAR2jXAqAFNW2wMAVqGAhgAaBww3EwAKRVlt6y8I22p7aDVl4vdmXzL72TBwedu7KHurKAh2P1dZR4VCu529CPBH17fOUG3BML2yTk2nLmjgNfhYpep7QwAOhc9vcf32ofx\/+LJzcEwwk2H80BEPwH6IV27"}
00528{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":174002,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8f+UAAEAR1SLAqAFNW2wICFqGAhoAaL863EwAKRVlt6y8I22p7aDVl2Z+eUAsmBtQeyC0OUCkfafRX4V225PAmCB0ZuqiMkYuVH6y\/\/nCzJBhcNkpFmRP0pMKp8O1m88zc2drgTh2WlOw+HbtYOEO6ont+XVyA4Ix"}
00528{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":174079,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8zjwAAEARfs\/AqAFNW2wQBFqGAhoAaNO63EwAKRVlt6y8I22p7aDVl2tG15m00Z4O5OQSm8Uf2GNj8pAbvopp1wpqnYKwsNZGvZRa0ShBkvgF25\/+Y5mE73LLX4U7zxEu5AntT0mzac2u85OXiFO8LcRPWoBqHH6T"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00506{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":174153,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"8KNaMBgSKDc3AG3ICABFAABsqlYAAEARTFnAqAFNwKgBNFqGevgAWLgQjfykZ0OTWbVGSN3cMHZvNB3RufFF5FIV8MQ0P3KjKgWFEWl4FO4hV\/puQOILS4RjUor87I6iIoOnx\/A9NueumG+cX0HrNbBHt0bLwMXSB9A="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00508{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":174225,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"EBMx8Tl2KDc3AG3ICABFAABs\/QcAAEARlrXAqAFNVwvNw1qG7TMAWH9So7C\/sNzcuk+cyiR2EyU9Q\/nbaTxTjDBemDeFTsb5lNpyEwlgOlPEUd9m7ay58cjORIuAWP8IcwSg0vb1EIxOrmmqeB4nTaYDWzAgf8R5\/bQ="}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1588779617174,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","ndpi": {"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}}
00503{"flow_id":24,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":203544,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcd3tAADYRn7BbbBAEwKgBTQIaWoYASL6H3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBh2rJe25Xh4b4bMJgAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
00659{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":209923,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"KDc3AG3IEBMx8Tl2CABFAADcv79AADMRYelbbAgHwKgBTQIJWoYAyO2t3EwAKRVlt6y8I22p7aDVlz0hS6R\/P6+h7iDam6YNZso1HdbCXaIDIoav8iPnn0fy6+kW9pNMmLa42T9nF\/vZoSfsIHIOW25zUxWLLAxS+KjdCoqjtaEnysQ9pWmOqty88YWXptpYLJIsnEoYpLj73ezoCreiNoCQ4U69zJz9X3a0\/UDc7Pi882XCIV9co6HLki9cZNIlEUT1D\/ZlHKeKTlQV8OBLC21Y0mtlViOwDpz2GB\/I0aD0+8OrgNpr858X"}
00503{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779617,"pkt_ts_usec":217072,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABca2FAADYRq81bbBABwKgBTQIPWoYASEuO3EwAKRVlt6y8I22p7aDVl\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcBh2rJeR1ZfLL10uzsAAAAAAAAAAAAA\/\/9XC83DXdwAAA=="}
@@ -229,11 +229,11 @@
00458{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779618,"pkt_ts_usec":677132,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"8KNaMBgSKDc3AG3ICABFAABM2MgAAEARHgfAqAFNwKgBNFqGevgAOHVzLDN7SsFyWuK6F0tpc5OATWnzbEU7qCpTN1Xozj8qtDOuKYxZPvphz9N0EPmGit2J"}
00458{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779618,"pkt_ts_usec":677198,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl2KDc3AG3ICABFAABMg0kAAEAREJTAqAFNVwvNw1qG7TMAOE0OU2RiXNjy8sJRKs8KhnTyEy6Nhnt95vQlharNkBkXr2lvtMgl2dlHhYY4WvPjXQkp"}
00486{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779618,"pkt_ts_usec":681115,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3I8KNaMBgSCABFAABcQqkAAEARtBbAqAE0wKgBTXr4WoYASPszoQUCF9P7scTQPabFpgbA0VyPrQrjBdPkNrzYYnOrrtS8RRJbPFmnTpzV\/p+26\/mmrLK5EkJB2QBg75XmqKGTLA=="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1588779619914,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1588779619914,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779619,"pkt_ts_usec":914905,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="}
-00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1588779619914,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1588779619914,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00476{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779619,"pkt_ts_usec":916408,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="}
-00683{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00695{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
00657{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779620,"pkt_ts_usec":362388,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"KDc3AG3I8KNaMBgSCABFAADcfG8AAEARedDAqAE0wKgBTXr4WoYAyKTrFri0AOIdoUF8HgC1gBiBR4WYAW+Y6ixI\/CimmbnvmNPc+7RWqRDiYYB5BtoNOZ+GYknJLF6vnmq\/vZVQVX\/qPiXfvr596tV5ihbzsQEUXujBr6CW5Jx7mLZKATUjQZG4pqkScDCtoGFYwLbXUskyWRSbrC6hy+uBu0qPmfd4SD\/7qckjnc8v4qbewk41c5gifJqMys+k7q5JK0Iwk8+BFQhZBUejZZ6XcaO0DUWhA3vqRiw7b6ii7Tnk1Hel1Nqd"}
00702{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779620,"pkt_ts_usec":426617,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"pkt":"KDc3AG3I8KNaMBgSCABFAAD8M2UAAEARwrrAqAE0wKgBTXr4WoYA6OlehgGD1Gs0b120gEqf\/nK6f5WdQYejVzOsfJQlZP1AA6F9i0G7vZx1n8e25\/f5Mg3Jxah8nNc1tpxpe\/hy5cvvXVKXhfzXSLG1Qs8LShdTAgKPSWKnJDG+WOm1vZmRgd1Fi6ndcEV4W69AKGJdSjWzqB2FMtgvLbL75OcZDujIR2L6+0iE7z9X0+MJRjiEmby2aw0x8v+3mcowSs8zThHH\/YXo85JS0WXttk3c7nWNkJTbpXRKOSjL6vZwlv27BEWBuawzbbdbMQbuJj7r8dESqiyUArN7hdiDWj\/hscj136s="}
00721{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779620,"pkt_ts_usec":490069,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"pkt":"KDc3AG3I8KNaMBgSCABFAAEMW60AAEARmmLAqAE0wKgBTXr4WoYA+BFfLsDgPR+aI0jSmDeUwtyB2xUsT4BFGGcaH00QmXPwbTrfpMgsc5AFbeWTFhj50GiOMhjqhcxWRVD1a5b3PE53mT8NyoSlP80Z9AfMMyDTBtzFX1Zb5T18rhJNznSbJwRwMxKMQJlFd7U7yyptA46tU7ICSikqYFU6C\/HoJbvjNUIdP7NxZQQ4THckr2o2NhcBPqHLYNfMbjACd5hNPNrUai5y9Yb27TnsHBAeqmUL\/EpdipPTlGxY65\/wQFQiP9mrcF8pvutmbHhwhtyfXetd+bmrGzGSy3SZ+qTszdMo+XnEKdOPdC9JaZjlpY3MCcQh"}
@@ -243,95 +243,95 @@
00638{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779620,"pkt_ts_usec":675886,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"pkt":"8KNaMBgSKDc3AG3ICABFAADMZvUAAEARj1rAqAFNwKgBNFqGevgAuJMYkbG\/KIwIwQnayLD0LMXcqEj4lfZ8P9V2iOgexzXB+FkyVtJQfJJnKJmRVHq7SYjBzTc81jea\/W4JIV63if0rV5VmSeagRTwkiWOdGd9o02IQOA+PZJoz0lbdO4rIb8YnZr2XoGAdftw\/Xvcd7TrER6tHinrYdVg4a727UMkOFw96i+NaQr+lRQwgZr4Zf8u+FORrz2a5CnGe4doPuGXE8geBfZgxu\/1NsVKk2aHZjlE="}
00661{"flow_id":25,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779620,"pkt_ts_usec":724400,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"KDc3AG3I8KNaMBgSCABFAADcPBYAAEARuinAqAE0wKgBTXr4WoYAyD7zXC3NU7wX1h\/h\/kWcJ8qpQmiUN4mhou4JHo77YBPu7\/VIjDsoEmtNSaKDnbUdu9rsQvahuCrdo6qM8+WBlFmUqWfA9spsOUDbGhwiOu\/lCsyDdexur637pbnJEdrQnE5HC5ssaS6AKLWy49YhWHXZpaKXSUEpzSC6ItBDxBR3fKHkGB5NVGyHr8\/h4eaV5mQuKkaNSXZCpy8wOZWWvDRFDXwW4QKX+b0Qm\/U5oaRB0uDYUq\/aULnstigk7puyQYRj"}
00782{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779621,"pkt_ts_usec":450773,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJpAAEARYHfAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAKhEc1gAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":97,"flow_first_seen":1588779617174,"flow_last_seen":1588779623177,"flow_tot_l4_data_len":19160,"flow_min_l4_data_len":56,"flow_max_l4_data_len":248,"flow_avg_l4_data_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":97,"flow_first_seen":1588779617174,"flow_last_seen":1588779623177,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":18384,"flow_avg_l4_payload_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"RTP","breed":"Acceptable","category":"Media"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00890{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779625,"pkt_ts_usec":981468,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/jrEAAEAR6r0AAAAA\/\/\/\/\/wBEAEMBa16\/AQEGAN7JmyKFuQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":""}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00675{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779626,"pkt_ts_usec":393710,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/BJImXJc1CABFAADlSCQAAIARbWnAqAErwKgB\/wCKAIoA0XdaEQLkXsCoASsAigC7AAAgRUVFRkZERUxGRUVQRkFDTkZDRUNERkZFREJEQ0VIQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoAREVTS1RPUC1SQjVUMTJHAAoAAxAAAA8BVaoA"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1588779626394,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1588779626394,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779626,"pkt_ts_usec":394307,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOW9EAAEARmjHAqAFNwKgB\/wCJAIkAOrFARg4BEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1588779626394,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1588779626394,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00471{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779626,"pkt_ts_usec":394380,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABOiakAAEARbFnAqAFNwKgB\/wCJAIkAOrE9RhEBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
00471{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779626,"pkt_ts_usec":394481,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABONx8AAEARvuPAqAFNwKgB\/wCJAIkAOrE5RhUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAAAgAAE="}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":363,"flow_max_l4_data_len":363,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1588779625981,"flow_last_seen":0,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"telegram.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1588779626393,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.43","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00782{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779626,"pkt_ts_usec":467979,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJtAAEARYHbAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAOKuuvkAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1588779628757,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1588779628757,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779628,"pkt_ts_usec":757409,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA7n3IAAP8RmKDAqAFNwKgBAcJkADUAJ31bFnMBAAABAAAAAAAABGRhdGkEbnRvcANvcmcAAAEAAQ=="}
-00632{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1588779628757,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":695,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1588779628757,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00504{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779628,"pkt_ts_usec":804372,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"KDc3AG3IEBMx8Tl2CABFAABr7g4AAEARCNXAqAEBwKgBTQA1wmQAVwAAFnOBgAABAAIAAAAABGRhdGkEbnRvcANvcmcAAAEAAcAMAAUAAQAAADwAFBFtYWlsLWRpZ2l0YWxvY2VhbsARwCsAAQABAAAAPAAEp2PXpA=="}
-00660{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":39,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1588779629044,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":698,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"dati.ntop.org","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"167.99.215.164"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1588779629044,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779629,"pkt_ts_usec":44577,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"}
-00631{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1588779629044,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1588779629044,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00457{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779629,"pkt_ts_usec":45803,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="}
-00657{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779629,"pkt_ts_usec":79368,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00782{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":719,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779631,"pkt_ts_usec":447782,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJxAAEARYHXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGALnIwr0AAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00479{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779631,"pkt_ts_usec":710543,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7wJrQLWJ0CABFAABZzLkAAAIRSQLAqAE14AAA+xTpFOkARfrBAAoAAAACAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQlfQ0MzMkU3NTMEX3N1YsAMAAwAAQ=="}
-00572{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_tot_l4_data_len":689,"flow_min_l4_data_len":53,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00584{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":720,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1588779596464,"flow_last_seen":1588779631710,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":641,"flow_avg_l4_payload_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01030{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779632,"pkt_ts_usec":305252,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsdQUAAEARQgfAqAFN\/\/\/\/\/0RcRFwB2FvpeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":721,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01026{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779632,"pkt_ts_usec":305662,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAHsvq0AAEARNbfAqAFNwKgB\/0RcRFwB2JlBeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiA0MDk1NjMzNTA1MDQ3NDIyMDI0ODQ4MjA1NjAzMDgyNTQwNDYyOSwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzUzMDMzMDEyNDgsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAyNzUwMzcwNTYwLCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":722,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00461{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779632,"pkt_ts_usec":315962,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABES\/gAAEARqizAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
00479{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779632,"pkt_ts_usec":717737,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7wJrQLWJ0CABFAABZVrUAAAIRvwbAqAE14AAA+xTpFOkARfrBAAoAAAACAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQlfQ0MzMkU3NTMEX3N1YsAMAAwAAQ=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1588779634762,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1588779634762,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":762513,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViWJsAAEARtXvAqAFN2DrNRPIWAbsFTgTHw1EwNDZQozVJE19KlwkAAAABdLDg+WGAhzOZu62GoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbfji0b2UKZEBPixRS8R5FV4DZD4i7T\/6B0Z4nKaYTElCcNQLL0+vajT\/QP9tp6wIGReVi8x7NFEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwAuVjx2eeSNkn+AhDtSgQn3BeW8lDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAAuXQLYHE9JIhKrGV8rvXoOxMjFuf2JfKTHXlSKWC8+sAyENtsO94X6K9sux59v7JM7rsrjePubGsEAWqYL7e1xkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1588779634762,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1588779634764,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1588779634762,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1588779634764,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":764481,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViUS0AAEARvOnAqAFN2DrNRMaGAbsFTkE+w1EwNDZQdSQ0JxgV+\/AAAAABpTtWGWoI4a2O5woGoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbapsx9TSQuPwh8YeJs33Nmze8URvGPZoGeJQWhFImAF+FKGJcZ5Gv+AWggZjhNIH2DzcOgKswVEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwTrr3TE8EhubDtCHdJzdVC1d+PPBDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAIbXL08ZJ3aJ+3OQ3+Rsvbic8DCd31+92QlBmAfJ4ZcgyovDvfnINbPNV9UIgMSv\/oTfYVDM1unv0Eg0xlJTYVZkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1588779634764,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1588779634764,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}
02222{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":794508,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADcR1xbYOs1EwKgBTQG78hYFTlCg01EwNDYFozVJE19KlwkAAAABlFnOyl1IE6Kl9p2lJqJe20wr+YJJK3OQaQI+K1yyeZR9yLW3lS\/Tdnt9xcKqAlOjTi1OwA2w6a7+tRtr3KAKpiTPSke9Qgxq9RZuUGOobpscabZyRsqHgng7hPe2XFawQxldFDSjxKnYQdE5FFv9BpDrnq\/TTXf9TFvgw\/QnXVAz5Cyt9UqBUF1hH0e8eHxu6vo8lxkhnIhe5h6hLOoAm1BnioEr9hnRo4ORCSZRNuTGnhroEuVGyj5HhhPz45sTADcZH\/aRhJy7qwSQPpjxKMRjwHfkXW+yFpSOG3Hp5CsHedxutEJhnZDI+4BG1I6mpoDE8Zvk+SOrrxTdABEKpyABqDKs78QbQi9n46y46LF2JTAo36T9cjW0OkfnS1dX8RBGe5tpl\/GX8HAEOsAa\/z+6O4B5WSOIZhf34xGOy\/N3OFC+u9lN+ttVyLf++3WOzpd57ZzPwtC+yE\/BNwbA4eO5JHsp6kPUffzjzL5K4L4obRfRfmFzgUJr2AvlNCCKETOUv9FcgCj+O3Ce2J+FzvWWvPIvOKN37xrUN\/mjFcjn6vrnzc3WHSBHZUUQPgLL9gdUFNa8\/yQjJhbGLlt8bvQA1SJaoWXDVmYJjnjFSJJFF8RWpizfJP35dxquwrjEwUged8l6McoK7qHu4Ld19f6o8UJyTgkxjnhmujMkW40UK64Bo1F6vaXjIzepbsvzrfPs4buhFyCPcm2wLFZq5nMbYvmNgbBAMNYgQ7+Y4Zo47U6dIvcnsHay4b8rdIZC\/Ra4RUg2MEAVMY04nZVwsS9kMvxjw7tWpuLXdlQCjlvuGOf6dZ6k9rHdaI3URstXL6UuWo0Gdj\/NtiaGySmIHVV6i7EbmaJp3uFyYDnUvrIMjfc6ghlolVGsZni+GAZQbXnpWH5ualh+GQk\/IS2IEz0uyBJ6dsYticBr8EFAQR7hHY\/3OyEr27WwpwoLmUJn9UQqUUNET0+qTxL027bZTqGeTGLe2rH0z4qd78Ue12s\/mmitdGeaTOEIB+kN9Oz976ydi7i+SoMBr\/+hKLj5gjHsfiNqAK8opkFFxqyBh0nqOBdwUSl8gZVmShAcuOo649XW2Yut5pCeSZfn3ZoRq+lWx89wdySCjOMW8exEEWunv6bjn3slpy7AmRkw+sPRuDmUtrstSTMggBfN+zYz4kU9msu81pr+IK0y7aQh4mmTipBI3toWvtKGgxtFFCU+90ZF+2e26g7ax+JPhJWCf1aeqV2qjVTswyDUe+X8YVqx5YC7ACn0pIzEQj12x8eSFM60TkG8kXSrR+cBcSE4aaYhrAy3pypcCtMV26Co80JeaaDwDMCwmVAzo0E\/BwpqMknzmJBeyZjvON\/562D3ZU9nDxApe4H14sNeh3KyKanbNvTWcgxWJPs+wQ9X1d9egrD3CNpHov7eGsS9E5PTryqkw6dcr07anAdXKz39OKneC7uTIi2xMN4pi9HDUne9kKxezY6JaiaaEds0Egs5TrKu5MlMzp7QSr1MmDFu7VQLrafQLtQSQLw0f+CkdiOkRSoewADHR7WnRu3Pw\/1y7ALeor+7d7v\/xVkXtV0+u1JaX2B1bUYYuBQruUl0bp5QCHut4tI5G7u+9P1dYnUX\/rSklohEaFv70M62kLeKCl4bX8BdPalaH0yKRZF9q2iCLDdluLwx+pd3G8lRNNpU8gMggNTI9z\/7Pxs0oOqfN32KINp0rOMXmr0ZD6E5U7SeSuShxUVrIQgXkF5QTsc4zAeYQXZrfPFcKANcrPTz3MqQYdpM"}
00436{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":795180,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4emwAAEARmNTAqAFN2DrNRPIWAbsAJN5oQKM1SRNfSpcJAg\/VJy\/hU5JXfMk208XyiTI7oA=="}
02232{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":797116,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADgR1hbYOs1EwKgBTQG7xoYFTqbf01EwNDYFdSQ0JxgV+\/AAAAAB\/upOH6rH2BIyQSeP5oglrVNRjLzUPYUddHT9m6BsmcKmApdlysrOkxHuxx9vijlyM8wYkq7JvX19IQMhKJZA0U6a8sLp7rHlGFo5nqmm0jMnW7WPHt\/LNpmp9sMej9LIYl7HVWlYuGONw23gJgIuAlpWAO6yh+eVnrhPvfDTj31c6\/L1ooPLrq5NV7Gc7jNhPXAjTc4ZaIElGMpTUieuhBDEobdC\/yRUwhIJac7BNwvPjcF+IDwdoZlLRJw3R5oXAi2b\/NF4EAf1KMRYvNmplcTy11GLuiSvRAmihe5Rh\/orc2nsZbWj+vVmUmzCiWHVssa5KLzmBbkyMh6lJPB3gwNR9L\/Fq9yeGKy0+1JnwE4BdYx5u8HLnX2wgYVFT\/rFfn1Oc62CdMeazmAG7K4pybekkUnanBSVSlDsTtacnk6lBahTKCPl4BKZo41FpeNyrCv6CdLYcTHgeBE4YGrMXUeFT\/ilVEPrTMzFe5kzHIStA3AKnuB\/P+S0D02eLWMotPjv93++mmxST6HP114UWR5QNEIWRxUS8RL0hQeu4zY97Ng6cw4CKN+Csj\/ZvkP4kxD\/Zq7tP6yj9mYvYIO9zExfP9oeGiwS\/4f+6unIp0FdFoZmq8bqYOIOw8QtYVOoNnStryjcigG\/awK2ZaMXV+46Pnbc7phNOyTwsLBxxc\/12QJJ45cSQCeX9fI3HOGC6Lef+EyN3wVq9oB+wBoxI5umm0icT\/zZ2yvFo6UFJ2uDstyecW1AqbCfnn6WWrQLz6eMr+vL\/JleVbbatuBYa5gdk2Yt+67fkdck3Dk3mkph8oGaf+SDkR7Tf9p8ulHM4RwOnQJFlNf4xkSWeQGBLD6wjBE4rkLONEpat+rbynMjiBPAofixsPnISwVDLf0nq9DMrjUvdWlIIMyhGej2e24qnTkMu6p7FC\/huIoB0mRmYhHnBPlCQn\/LUzArFEcNys29X1cxw25iplZFvHkHdOc24AY5G54G00MdsxNdaE\/paJZz93dfFlaEUpxXdsPnTzUS4pfi+tXdLdZlCDSCbcoeLXsZ10o3zvR7bkNwPdSYObv6FtEohnNHd5N8A7GThnHg9zUXltLPSF3xHvq8673iVUYgBtPyG5IX44udpmQI7jeus04VvFTz2gu4npRTD34iJ0hoN0ntT0nFkqcX5\/lL09qWjNDuFP\/S1ls4UAok+2ha5s3PvhtAKIlco7aoWYLrSj95gTSsEvt+vv6BHLLnycSfEmJgy7LNVNyoUK4C4+9WgT1JfWOmVbGaY23xkwzP15QjiTTdKIEkJwiBmgJIruM0dA1J41jJPUcFpH8opFJyrh1InbMhpwrdsem5Er87sEkX0BhYPXkyvKucSZm6W1RMofNDgCdyw5TOBfDKdoqNmc54r82qBE2FvdTks67OsedSUGg\/xIKev6elshEbqcaKfcXRRyuerRJ9Na1ZC85buNS0\/0S8Uk1MnuNcWLIniDOgLmxDYioY8+6ffXPskGoeJ6mpsWIPFN\/ZXPivRS+0hFla3abk42RYHrYiht3fXvADKY3mvEEwWMSzU84L2ho8ij4vLNJYBjTvbpsEkPGMqANA85Spe5XJ9p4g9hQurfHWfSLDKdhStCgrn8jpcM\/\/FkUBZViwdPAW2JLOvsdSXQXeDGKI7nTEgI0kYpnr4frOKaPCHqb3HEqFHSRiARTSD0ufyxhTd6AYnG3WyBQ7hHD\/6lTnreRmZxISZ6q\/gFRJTubvR8\/BO8IvV1XaeMgD55oE\/mi7ALMHyuc8OmMt"}
00434{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":730,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779634,"pkt_ts_usec":797531,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4M8YAAEAR33rAqAFN2DrNRMaGAbsAJKIhQHUkNCcYFfvwAo2OXEY+ceV4qFvU3oSjW1YxGw=="}
00461{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":731,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779635,"pkt_ts_usec":327488,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABE\/3cAAEAR9qzAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="}
00782{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":732,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779636,"pkt_ts_usec":450767,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJ1AAEARYHTAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAMgSJqsAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1588779632305,"flow_last_seen":0,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1588779629079,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779636,"pkt_ts_usec":498756,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABIkKQAAEARZWTAqAFNwKgB\/+EV4RUANJmxU3BvdFVkcDBukus1wI\/JPgABAARIlcIDfp+BivWMmwGHLE6mtUd\/uj\/4zNc="}
-00511{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":733,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543816,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABETKwAAEARCJTAqAFNW2wICG32AhEAMEyhL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/8Sf7Krq21RXQ=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":734,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543822,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEp8EAAEARpYXAqAFNW2wQAW32AhEAMJ\/zL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9gDcREEDsyHQ=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":735,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543824,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABE6yEAAEARZiPAqAFNW2wMA232AhIAMCHWL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+2+xugMe3kOw=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":736,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543824,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEy+YAAEARiWDAqAFNW2wIAW32AhUAMEz1L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+LrTXW6BYYCg=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":737,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543825,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEayUAAEAR5h3AqAFNW2wMBW32AhkAMN01L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/+U8S0SsiW5Mg=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":738,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00470{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":543827,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEEQsAAEARPDrAqAFNW2wQA232AhkAMF6eL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/Ppp3gSInx5A=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1588779637560,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":739,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1588779637543,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","ndpi": {"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1588779637560,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":560983,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF+GQAAP8RP6TAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1588779637560,"flow_last_seen":0,"flow_tot_l4_data_len":49,"flow_min_l4_data_len":49,"flow_max_l4_data_len":49,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1588779637560,"flow_last_seen":0,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00527{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":572601,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB67hUAAEARCL\/AqAEBwKgBTQA11UMAZgAAakSBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA0ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1588779637560,"flow_last_seen":1588779637572,"flow_tot_l4_data_len":151,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":741,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1588779637560,"flow_last_seen":1588779637572,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00501{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":577920,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcg6JAADMRnoxbbAgBwKgBTQIVbfYASNOVL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJei6011ugWGAoAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
00501{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":743,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":582520,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABc3cdAADMRRGBbbAgIwKgBTQIRbfYASNNBL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeEn+yq6ttUV0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
00501{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":744,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":681763,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcuRdAADQRZBVbbAwDwKgBTQISbfYASKh2L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJetvsboDHt5DsAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
00501{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":682180,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcJ6tAADQR9X9bbAwFwKgBTQIZbfYASGPWL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJelPEtErIluTIAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
00501{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":712776,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcTfZAADYRyTZbbBADwKgBTQIZbfYASOU+L+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJez6ad4EiJ8eQAAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
00501{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":715269,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"KDc3AG3IEBMx8Tl2CABFAABcdalAADYRoYVbbBABwKgBTQIRbfYASCaUL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8dyFcB12rJeYA3ERBA7Mh0AAAAAAAAAAAAA\/\/9XC83DTfQAAA=="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1588779637830,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1588779637830,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00634{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779637,"pkt_ts_usec":830278,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"pkt":"AQBef\/\/6KDc3AG3ICABFAADKg14AAAERg9XAqAFN7\/\/\/+sufB2wAtsJkTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS84My4wLjQxMDMuMzQgTWFjIE9TIFgNCg0K"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1588779637830,"flow_last_seen":0,"flow_tot_l4_data_len":182,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":748,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1588779637830,"flow_last_seen":0,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00468{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779638,"pkt_ts_usec":48488,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEsZEAAEARo67AqAFNW2wICG32AhEAMJEzL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/9ywagRVgIMjg=="}
00471{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779638,"pkt_ts_usec":48579,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEUI8AAEAR\/LfAqAFNW2wQAW32AhEAMO1PL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/cV+9m8\/VZmQ=="}
00469{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779638,"pkt_ts_usec":48692,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"EBMx8Tl2KDc3AG3ICABFAABEfdIAAEAR03LAqAFNW2wMA232AhIAMLZjL+Sfp2xOtDPLzYKhu+piHv\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/\/\/DysMOlAk5VA=="}
@@ -408,7 +408,7 @@
00529{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":102810,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8l\/0AAEARuQ\/AqAFNW2wMA232AhIAaBYjL+Sfp2xOtDPLzYKhu+piHsUUdzWSq1JnQgHuwL5ZzFMZZUBkOgRAnQ06mV54nHJajHrw7JhJwP3pu854HgpQ8PBvE4mqy42\/yBfG6DvXpdhYfDWpcRMy5Iccl3fM9+eE"}
00528{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":102917,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB8soYAAEARnoTAqAFNW2wMBW32AhkAaK6EL+Sfp2xOtDPLzYKhu+piHpNqf0EGr3ouAM5o5Ho9IqKddcI\/Z\/b49j1yM7XDT90BJismgiRZXHF2EATHEoy8Lfiy7GCHIU14gsQujHjWVVo1d9xKDk2YVJGvI62nEIlc"}
00526{"flow_id":44,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":102958,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB87a4AAEARX17AqAFNW2wQA232AhkAaI81L+Sfp2xOtDPLzYKhu+piHgzmMNcDOZ2PoiHjW2yYnS6ePj1BGRdJoM8nFXnzaBh75yJzDzYLzBbUH1ZxWuxSCc8tLVzq402LbPVjqpmjcVElk5pqYd5uYnj2wmDnoeHG"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1588779639103,"flow_last_seen":0,"flow_tot_l4_data_len":88,"flow_min_l4_data_len":88,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":853,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1588779639103,"flow_last_seen":0,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00505{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":103009,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"EBMx8Tl2KDc3AG3ICABFAABsKQMAAEARarrAqAFNVwvNw2326XwAWFNj2ajstQcU9VmrWsN2RmlsiodFzsmW0mXr5Gv8o0f2aR9YWQKIE34PAz\/0T4VwEA0DXBRrws2ycCoPovMV6p5YsfJULcJS2cwqBKkU3Xys+SQ="}
00528{"flow_id":43,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":152556,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB8KINAADQR9IdbbAwFwKgBTQIZbfYAaHLEL+Sfp2xOtDPLzYKhu+piHuRszQ41FbqXYbZZXAVFrGnz5aD6BIy2wA8WvWucaYHtk\/B8UWoe98wisy7vNTjdhvmyB6Y3Dlp4+tSorsm+9d+JCobletUdU3L\/e04ZzdCo"}
00528{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779639,"pkt_ts_usec":166296,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB8ugZAADQRYwZbbAwDwKgBTQISbfYAaKtUL+Sfp2xOtDPLzYKhu+piHrTHFdAFs\/SBIX5Iprv7doYCM0HACNVv0QlFf11rJbUDaIETC76BFd1FamkhtAFe0ooVzY\/LfUHdb+DFFh5kJjNqEmRDzDoNYGDvpKOPyWnW"}
@@ -422,31 +422,31 @@
00533{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779643,"pkt_ts_usec":386239,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"AQBeAAD7wJrQLWJ0CABFAACAWI0AAP8RwAbAqAE14AAA+xTpFOkAbI7lAAAAAAABAAEAAAABDF9zbGVlcC1wcm94eQRfdWRwBWxvY2FsAAAMAAHADAAMAAEAABFtABIPNTAtMzUtMTAtNzAuMSAxwAwAACkFoAAAEZQAEgAEAA4AMeKa0C1idMCa0C1idA=="}
00562{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779643,"pkt_ts_usec":386383,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7wJrQLWJ0ht1gBqDxAGwR\/\/6AAAAAAAAAGKCkEok1wBv\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsLTwAAAAAAAEAAQAAAAEMX3NsZWVwLXByb3h5BF91ZHAFbG9jYWwAAAwAAcAMAAwAAQAAEW0AEg81MC0zNS0xMC03MC4xIDHADAAAKQWgAAARlAASAAQADgAx4prQLWJ0wJrQLWJ0"}
00454{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779645,"pkt_ts_usec":374887,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJNSEAAAER4arAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779645,"pkt_ts_usec":375046,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTiPpAAAERTLfAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1129,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
00461{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1130,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779645,"pkt_ts_usec":381398,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABEsxIAAEARQxLAqAE1wKgB\/+EV4RUAMB\/7U3BvdFVkcDCyd4qJW50BwwABAABMUeIxMdBB4jsY0JrM5ZhQFz1Lqg=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779645,"pkt_ts_usec":381544,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa3qgAAAERKNPAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1131,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00481{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779645,"pkt_ts_usec":854328,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7wJrQLWJ0CABFAABZEhgAAAIRA6TAqAE14AAA+xTpFOkARfrKAAEAAAACAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQlfQ0MzMkU3NTMEX3N1YsAMAAwAAQ=="}
00770{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1174,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779646,"pkt_ts_usec":451654,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEyaYkAAP8RzUjAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1588779645375,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1588779636498,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1177,"source":"telegram.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1588779645381,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00784{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1179,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779646,"pkt_ts_usec":560083,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJ9AAEARYHLAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHA28acAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00482{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779646,"pkt_ts_usec":913796,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7wJrQLWJ0CABFAABZib4AAAIRi\/3AqAE14AAA+xTpFOkARfrKAAEAAAACAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQlfQ0MzMkU3NTMEX3N1YsAMAAwAAQ=="}
00461{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1213,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779647,"pkt_ts_usec":270006,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABExqMAAEARL4HAqAE1wKgB\/+EV4RUAMB\/7U3BvdFVkcDCyd4qJW50BwwABAABMUeIxMdBB4jsY0JrM5ZhQFz1Lqg=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779647,"pkt_ts_usec":380255,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaUgcAAAERtXTAqAE17\/\/\/+sYKB2wAhlIKTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00456{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779647,"pkt_ts_usec":380279,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJgtEAAAERk\/rAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00814{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779647,"pkt_ts_usec":380573,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTigFAAAERS7DAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1588779648840,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":311,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1588779648840,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00572{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779648,"pkt_ts_usec":840484,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaCVUAAAER\/ibAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1588779648840,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1588779648840,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00455{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779648,"pkt_ts_usec":840510,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7wJrQLWJ0CABFAABJAsIAAAERFArAqAE14AAA+xTpFOkANQuaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
00814{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779648,"pkt_ts_usec":840835,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTiqZAAAERSwvAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
00460{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779649,"pkt_ts_usec":19702,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABElPEAAEARYTPAqAE1wKgB\/+EV4RUAMJohU3BvdFVkcDD0Jfgh9tR1aAABAAC\/vOrzE8GBHXmaYexmJHVX5sZgYw=="}
@@ -454,16 +454,16 @@
00770{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1330,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779649,"pkt_ts_usec":979794,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEycgkAAP8RxMjAqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
00459{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":102979,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM8zMAAEARoKnAqAFNVwvNw2326XwAOBQNt7NLZEiPyb9nJ25aFShQjjbK9tSAqF2RZJuCl4MIgiF4TeaDrkRovC99CpyADzRp"}
00481{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1352,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":283367,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7wJrQLWJ0CABFAABZgjsAAAIRk4DAqAE14AAA+xTpFOkARfrKAAEAAAACAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQlfQ0MzMkU3NTMEX3N1YsAMAAwAAQ=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1588779650651,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1588779650651,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":651135,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"EBMx8Tl2KDc3AG3ICABFAABD6GYAAP8RT6TAqAFNwKgBAeT3ADUAL99XO7EBAAABAAAAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQAB"}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1588779650651,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1588779650652,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1588779650651,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1588779650652,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":652266,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHeaUAAP8RvmHAqAFNwKgBAcF9ADUAM+X9HKUBAAABAAAAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAQ=="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1588779650652,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1588779650652,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00477{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":666077,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"KDc3AG3IEBMx8Tl2CABFAABXLE1AADkRkarAqAEBwKgBTQA1wX0AQwAAHKWBgAABAAEAAAAABWU0NTE4BGRzY3gKYWthbWFpZWRnZQNuZXQAAAEAAcAMAAEAAQAAAAcABFx69t8="}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1376,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e4518.dscx.akamaiedge.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"92.122.246.223"}}
00505{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":681877,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"KDc3AG3IEBMx8Tl2CABFAABtxO5AADkR+PLAqAEBwKgBTQA15PcAWQAAO7GBgAABAAIAAAAACXRlbGVtZXRyeQdkcm9wYm94A2NvbQAAAQABwAwABQABAAAAcAAOCXRlbGVtZXRyeQF2wBbAMwABAAEAAAA8AASifRMJ"}
-00674{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":47,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}}
+00686{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}}
00571{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":842623,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaJ+EAAAER35rAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00815{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779650,"pkt_ts_usec":842643,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTivJAAAERSr\/AqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
00784{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779651,"pkt_ts_usec":446598,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGKBAAEARYHHAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAJsQpYUAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
@@ -472,45 +472,45 @@
00771{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1512,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779653,"pkt_ts_usec":520455,"pkt_caplen":320,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":320,"pkt_l4_len":286,"pkt":"jP5XIzfkKDc3AG3ICABFAAEy5oIAAP8RUE\/AqAFNwKgBSxTpFOkBHhkOAACEAAAAAAEAAAAED19jb21wYW5pb24tbGluawRfdGNwBWxvY2FsAAAMAAEAABGUABANTHVjYeKAmXMgaU1hY8AMwDIAIYABAAAAeAATAAAAAMAFCkx1Y2FzLWlNYWPAIcAyABCAAQAAEZQAWBZycEJBPTM5OjJBOjg4OkFDOjQxOkFCCnJwVnI9MTUyLjERcnBIST1mOWM0NmM2ZGQwN2QRcnBITj0zYzVkYzVjZTk1NzgRcnBIQT04Y2E4Y2I3MzFjMWMNTHVjYeKAmXMgaU1hYwxfZGV2aWNlLWluZm\/AHAAQAAEAABGUABoObW9kZWw9aU1hYzExLDMKb3N4dmVycz0xN8BUAAGAAQAAAHgABMCoAU0="}
00571{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779654,"pkt_ts_usec":853807,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACa7R8AAAERGlzAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00814{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"telegram.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1588779654,"pkt_ts_usec":853821,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"AQBeAAD7eCjKBfrMCABFAAFTjhBAAAERR6HAqAFF4AAA+xTpFOkBP9DmAACEAAAAAAEAAAADEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAABAAAAeAAvEXNvbm9zNzgyOENBMDVGQUNDEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MQX3Nwb3RpZnktY29ubmVjdARfdGNwBWxvY2FsAAAQgAEAABGUAB0LVkVSU0lPTj0xLjAQQ1BhdGg9L3Nwb3RpZnl6YxFzb25vczc4MjhDQTA1RkFDQxBfc3BvdGlmeS1jb25uZWN0BF90Y3AFbG9jYWwAACGAAQAAAHgAHwAAAAAFeBFzb25vczc4MjhDQTA1RkFDQwVsb2NhbAARc29ub3M3ODI4Q0EwNUZBQ0MFbG9jYWwAAAGAAQAAAHgABMCoAUU="}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_tot_l4_data_len":3444,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_tot_l4_data_len":22264,"flow_min_l4_data_len":40,"flow_max_l4_data_len":264,"flow_avg_l4_data_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_tot_l4_data_len":1624,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_tot_l4_data_len":1520,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_tot_l4_data_len":1624,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_tot_l4_data_len":1520,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_tot_l4_data_len":1520,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_tot_l4_data_len":399,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_tot_l4_data_len":116,"flow_min_l4_data_len":50,"flow_max_l4_data_len":66,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":51,"flow_max_l4_data_len":67,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_tot_l4_data_len":2574,"flow_min_l4_data_len":286,"flow_max_l4_data_len":286,"flow_avg_l4_data_len":286,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_first_seen":1588779647380,"flow_last_seen":1588779654853,"flow_tot_l4_data_len":1595,"flow_min_l4_data_len":319,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_tot_l4_data_len":20763,"flow_min_l4_data_len":108,"flow_max_l4_data_len":435,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1588779596464,"flow_last_seen":1588779654853,"flow_tot_l4_data_len":1460,"flow_min_l4_data_len":53,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":56,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_tot_l4_data_len":200,"flow_min_l4_data_len":56,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_tot_l4_data_len":384,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_tot_l4_data_len":728,"flow_min_l4_data_len":182,"flow_max_l4_data_len":182,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_tot_l4_data_len":144,"flow_min_l4_data_len":56,"flow_max_l4_data_len":88,"flow_avg_l4_data_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_tot_l4_data_len":2752,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":917,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":39,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_tot_l4_data_len":268,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_tot_l4_data_len":536,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_tot_l4_data_len":1840,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_tot_l4_data_len":57280,"flow_min_l4_data_len":40,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_tot_l4_data_len":1840,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_tot_l4_data_len":59616,"flow_min_l4_data_len":40,"flow_max_l4_data_len":296,"flow_avg_l4_data_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_tot_l4_data_len":1944,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_tot_l4_data_len":1840,"flow_min_l4_data_len":40,"flow_max_l4_data_len":104,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_tot_l4_data_len":216,"flow_min_l4_data_len":41,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1588779603292,"flow_last_seen":1588779643386,"flow_tot_l4_data_len":675,"flow_min_l4_data_len":108,"flow_max_l4_data_len":204,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_tot_l4_data_len":136,"flow_min_l4_data_len":47,"flow_max_l4_data_len":89,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1588779637560,"flow_last_seen":1588779637572,"flow_tot_l4_data_len":151,"flow_min_l4_data_len":49,"flow_max_l4_data_len":102,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":301,"flow_first_seen":1588779617174,"flow_last_seen":1588779629315,"flow_tot_l4_data_len":61960,"flow_min_l4_data_len":56,"flow_max_l4_data_len":280,"flow_avg_l4_data_len":205,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_tot_l4_data_len":2752,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":917,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_tot_l4_data_len":20763,"flow_min_l4_data_len":108,"flow_max_l4_data_len":435,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":123,"flow_first_seen":1588779616036,"flow_last_seen":1588779620617,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":256,"flow_tot_l4_payload_len":21280,"flow_avg_l4_payload_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.7","src_port":23174,"dst_port":521,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618928,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":23174,"dst_port":523,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619034,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":23174,"dst_port":527,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1588779600828,"flow_last_seen":1588779600842,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61631,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_first_seen":1588779626394,"flow_last_seen":1588779626394,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_first_seen":1588779650652,"flow_last_seen":1588779650666,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":9,"flow_first_seen":1588779597291,"flow_last_seen":1588779653520,"flow_min_l4_payload_len":278,"flow_max_l4_payload_len":278,"flow_tot_l4_payload_len":2502,"flow_avg_l4_payload_len":278,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.75","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_first_seen":1588779647380,"flow_last_seen":1588779654853,"flow_min_l4_payload_len":311,"flow_max_l4_payload_len":311,"flow_tot_l4_payload_len":1555,"flow_avg_l4_payload_len":311,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.69","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655297,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1588779596464,"flow_last_seen":1588779654853,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_first_seen":1588779639103,"flow_last_seen":1588779650102,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":28150,"dst_port":59772,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1588779608134,"flow_last_seen":1588779649019,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1588779637830,"flow_last_seen":1588779640832,"flow_min_l4_payload_len":174,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":696,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"239.255.255.250","src_port":52127,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1588779617174,"flow_last_seen":1588779618677,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"87.11.205.195","src_port":23174,"dst_port":60723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1588779634764,"flow_last_seen":1588779634797,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1588779628757,"flow_last_seen":1588779628804,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":79,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":49764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1588779596464,"flow_last_seen":1588779598465,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":252,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":54306,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1588779648840,"flow_last_seen":1588779654853,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":56384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651686,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.1","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":298,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":54896,"flow_avg_l4_payload_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":28150,"dst_port":529,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651659,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.3","src_port":28150,"dst_port":530,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":288,"flow_first_seen":1588779637543,"flow_last_seen":1588779654458,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":288,"flow_tot_l4_payload_len":57312,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.1","src_port":28150,"dst_port":533,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":25,"flow_first_seen":1588779637543,"flow_last_seen":1588779651680,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1744,"flow_avg_l4_payload_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.3","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":24,"flow_first_seen":1588779637543,"flow_last_seen":1588779651645,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1648,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.5","src_port":28150,"dst_port":537,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1588779607374,"flow_last_seen":1588779607388,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":167,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":52118,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_first_seen":1588779603292,"flow_last_seen":1588779643386,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":196,"flow_tot_l4_payload_len":635,"flow_avg_l4_payload_len":127,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::18a0:a412:8935:c01b","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1588779647380,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"239.255.255.250","src_port":50698,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1588779637560,"flow_last_seen":1588779637572,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":135,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":301,"flow_first_seen":1588779617174,"flow_last_seen":1588779629315,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":59552,"flow_avg_l4_payload_len":197,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test"}
diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out
index da8ee8f56..c55334182 100644
--- a/test/results/teredo.pcap.out
+++ b/test/results/teredo.pcap.out
@@ -1,23 +1,23 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1438853615305,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1438853615305,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853615,"pkt_ts_usec":305874,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1438853615305,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1438853615305,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
00561{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853615,"pkt_ts_usec":358642,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"ABsXAAEVbEFqjICJCABFAACJMb4AAHIRHPjCiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1438853619792,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1438853619792,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853619,"pkt_ts_usec":792073,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"bEFqjICJABsXAAEVCABFAABZKFgAAH4RGp8KcBBZwogcTOvdDdgARWZ6AAEAAJXRHBBSCtwOAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1438853619792,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1438853619792,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
00560{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853619,"pkt_ts_usec":844656,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcAAAHIRHQfCiBxMCnAQWQ3Y690AdQSAAAEAAJXRHBBSCtwOAAAAFCJG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZJ0AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEz\/AAAAACABAA=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1438853629357,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1438853629357,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00484{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853629,"pkt_ts_usec":357785,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"bEFqjICJABsXAAEVCABFAABZf5wAAH4Rw1cKcBBcwogcTPfYDdgAReM8AAEAAPs1qOhE924kAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1438853629357,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1438853629357,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
00559{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853629,"pkt_ts_usec":411015,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcEAAHIRHQPCiBxMCnAQXA3Y99gAdXxOAAEAAPs1qOhE924kAAAACCdG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1438853632713,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1438853632713,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00485{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853632,"pkt_ts_usec":713044,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"bEFqjICJABsXAAEVCABFAABZcmgAAH4R0KcKcBBAwogcTNtaDdgARUt\/AAEAABh7537NjT4KAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1438853632713,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1438853632713,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
00559{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853632,"pkt_ts_usec":766780,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcIAAHIRHR7CiBxMCnAQQA3Y21oAdWZ0AAEAABh7537NjT4KAAAAJKVG+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYARiEAAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEy6FgeABnFWlQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1438853633749,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1438853633749,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00461{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853633,"pkt_ts_usec":749196,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"bEFqjICJABsXAAEVCABFAABQa1QAAH4R18EKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAA6wgo8LJvAAAAAA=="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1438853633749,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1438853633749,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","ndpi": {"proto":"Teredo","breed":"Acceptable","category":"Network"}}
00462{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853633,"pkt_ts_usec":749978,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"bEFqjICJABsXAAEVCABFAABRa1UAAH4R178KcBBDwogcTMpkDdgAPZLqYAAAAAANOv8gAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTIAAbVcAAQaF2tytrco="}
00463{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853633,"pkt_ts_usec":803112,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"ABsXAAEVbEFqjICJCABFAABRMcMAAHIRHVLCiBxMCnAQQw3YymQAPZNqYAAAAAANOn8gAsKIHEwAAAAAAADCiBxMIAEAAMKIHEwg8zWbRvk\/RoEAbFcAAQaF2tytrco="}
00462{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853635,"pkt_ts_usec":723980,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"bEFqjICJABsXAAEVCABFAABQa2cAAH4R164KcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAAGb3LNOF2AAAAAA=="}
@@ -33,9 +33,9 @@
00463{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853651,"pkt_ts_usec":224097,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"bEFqjICJABsXAAEVCABFAABQbEIAAH4R1tMKcBBDwogcTMpkDdgAPJPWYAAAAAAMOhUgAQAAwogcTCDzNZtG+T9GIALCiBxMAAAAAAAAwogcTYAA1cXm4AnCAAAAAA=="}
00486{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853653,"pkt_ts_usec":349933,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"bEFqjICJABsXAAEVCABFAABZW7oAAH4R5ysKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="}
00561{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1438853653,"pkt_ts_usec":403120,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"ABsXAAEVbEFqjICJCABFAACJMcgAAHIRHO7CiBxMCnAQag3YzSEAdV9uAAEAALEbP+pGqa\/pAAAAMt5G+T9GYAAAAAAwOv\/+gAAAAAAAAIAA8ic9d+Oz\/oAAAAAAAAAAAP\/\/\/\/\/\/\/oYAZL4AAAAAAAA6mAAAB9ADBEBA\/\/\/\/\/\/\/\/\/\/8AAAAAIAEAAMKIHEwAAAAAAAAAAA=="}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_tot_l4_data_len":828,"flow_min_l4_data_len":48,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":69,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":69,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_tot_l4_data_len":372,"flow_min_l4_data_len":69,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_tot_l4_data_len":186,"flow_min_l4_data_len":69,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":14,"flow_first_seen":1438853633749,"flow_last_seen":1438853651224,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.67","dst_ip":"194.136.28.76","src_port":51812,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1438853632713,"flow_last_seen":1438853632766,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.64","dst_ip":"194.136.28.76","src_port":56154,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test"}
diff --git a/test/results/tftp_rrq.pcap.out b/test/results/tftp_rrq.pcap.out
index afe8860e1..0d6a5cb6c 100644
--- a/test/results/tftp_rrq.pcap.out
+++ b/test/results/tftp_rrq.pcap.out
@@ -1,10 +1,10 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp_rrq.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411051,"pkt_ts_usec":972852,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1367411052077,"flow_last_seen":0,"flow_tot_l4_data_len":524,"flow_min_l4_data_len":524,"flow_max_l4_data_len":524,"flow_avg_l4_data_len":524,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1367411052077,"flow_last_seen":0,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01082{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":77243,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"}
00414{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":81790,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1367411052077,"flow_last_seen":1367411052081,"flow_tot_l4_data_len":536,"flow_min_l4_data_len":12,"flow_max_l4_data_len":524,"flow_avg_l4_data_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1367411052077,"flow_last_seen":1367411052081,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":520,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
01082{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":86300,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"}
00414{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":88961,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAIAAP8ROXPAqAD9wKgACsW6DXUADKpIAAQAAgAAAAAAAAAAAAAAAAAA"}
01083{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":88995,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"}
@@ -18,7 +18,7 @@
01086{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":104726,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkzAAAIARI0XAqAAKwKgA\/Q11xboCDA\/KAAMAB1RlbG5ldCBQcm90b2NvbAogICBTcGVjaWZpY2F0aW9uIiBbM10uKSAgTm90ZSB0aGF0IGl0IGlzIDggYml0IGFzY2lpLiAgVGhlIHRlcm0KICAgIm5ldGFzY2lpIiB3aWxsIGJlIHVzZWQgdGhyb3VnaG91dCB0aGlzIGRvY3VtZW50IHRvIG1lYW4gdGhpcwogICBwYXJ0aWN1bGFyIHZlcnNpb24gb2YgYXNjaWkuKTsgb2N0ZXQgKFRoaXMgcmVwbGFjZXMgdGhlICJiaW5hcnkiIG1vZGUKICAgb2YgcHJldmlvdXMgdmVyc2lvbnMgb2YgdGhpcyBkb2N1bWVudC4pIHJhdyA4IGJpdCBieXRlczsgbWFpbCwKICAgbmV0YXNjaWkgY2hhcmFjdGVycyBzZW50IHRvIGEgdXNlciByYXRoZXIgdGhhbiBhIGZpbGUuICAoVGhlIG1haWwKICAgbW9kZSBpcyBvYnNvbGV0ZSBhbmQgc2hvdWxkIG5vdCBiZSBpbXBsZW1lbnRlZCBvciB1c2VkLikgIEFkZGl0aW9uYWwKICAgbW9kZXMgY2FuIGJlIGRlZmluZWQgYnkgcGFpcnMgb2YgY29vcGVyYXRpbmcgaG9zdHMuCgogICBSZWZlcmVuY2UgWzRdIChzZWN0aW9uIDQuMikg"}
00417{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":107183,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAcAAP8ROW7AqAD9wKgACsW6DXUADKpDAAQABwAAAAAAAAAAAAAAAAAA"}
01085{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tftp_rrq.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":107258,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkzEAAIARI0TAqAAKwKgA\/Q11xboCDBNwAAMACHNob3VsZCBiZSBjb25zdWx0ZWQgZm9yIGZ1cnRoZXIgdmFsdWFibGUKICAgZGlyZWN0aXZlcyBhbmQgc3VnZ2VzdGlvbnMgb24gVEZUUC4KCjIuIE92ZXJ2aWV3IG9mIHRoZSBQcm90b2NvbAoKICAgQW55IHRyYW5zZmVyIGJlZ2lucyB3aXRoIGEgcmVxdWVzdCB0byByZWFkIG9yIHdyaXRlIGEgZmlsZSwgd2hpY2gKICAgYWxzbyBzZXJ2ZXMgdG8gcmVxdWVzdCBhIGNvbm5lY3Rpb24uICBJZiB0aGUgc2VydmVyIGdyYW50cyB0aGUKICAgcmVxdWVzdCwgdGhlIGNvbm5lY3Rpb24gaXMgb3BlbmVkIGFuZCB0aGUgZmlsZSBpcyBzZW50IGluIGZpeGVkCiAgIGxlbmd0aCBibG9ja3Mgb2YgNTEyIGJ5dGVzLiAgRWFjaCBkYXRhIHBhY2tldCBjb250YWlucyBvbmUgYmxvY2sgb2YKICAgZGF0YSwgYW5kIG11c3QgYmUgYWNrbm93bGVkZ2VkIGJ5IGFuIGFja25vd2xlZGdtZW50IHBhY2tldCBiZWZvcmUgdGhlCiAgIG5leHQgcGFja2V0IGNhbiBiZSBzZW50LiAgQSBkYXRhIHBhY2tldCBvZiBsZXNzIHRoYW4g"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_tot_l4_data_len":25775,"flow_min_l4_data_len":12,"flow_max_l4_data_len":524,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"STUN","breed":"Acceptable","category":"Network"}}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_tot_l4_data_len":28,"flow_min_l4_data_len":28,"flow_max_l4_data_len":28,"flow_avg_l4_data_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"STUN","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":99,"source":"tftp_rrq.pcap","alias":"nDPId-test"}
diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out
index 715012df2..2ef936dee 100644
--- a/test/results/tinc.pcap.out
+++ b/test/results/tinc.pcap.out
@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1495983427717,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1495983427717,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00432{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":717971,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1495983427744,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1495983427744,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":744301,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":768940,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"}
00404{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":768999,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"}
@@ -14,14 +14,14 @@
00405{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":816188,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABcILL3nACbGCvpSCABFEAAovE5AAEAGvx+DcqgbuVPacOds2We5l\/9MoNDrTFAQAOXpxgAA"}
01799{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":816902,"pkt_caplen":1093,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1093,"pkt_l4_len":1059,"pkt":"ABcILL3nACbGCvpSCABFEAQ3vE9AAEAGuw+DcqgbuVPacOds2We5l\/9MoNDrTFAYAOVaPwAAMSA0MjkgNjcyIDAgMCAyQ0RBOTlENzEyMEZENkRFQkMwQkUwQjA4NTI4ODc2QjRBQjYyRENGQjFFRTEzRjA1OERGQ0I1RjcyOEMwRTQ4QjMzMEE2MTJDNTc2NTI4NDYyQ0ZCRDA5QUYzNEU4NDUxODdENzMzRjg3ODZGM0Y0ODNBRDVDOUNFQ0U4M0JBMTAwNjMxRjQ1RTI1M0UwQUQ2QTE5Q0Y0NkMzMEI4ODY0NEVFMUI4RDA0RDEzQ0FBQUJBODNBNTcxMDE4NThCNjZCQjg5RDcxQ0YyQ0M5N0FCMjA5NjE0QUJDQ0U4MTIyMTJDMTJCMzM5NUY1RjE2QjQxQTVCMzlFMkYyRDIwQUQ3MjMzMzJCNTRDREVFRDhENEYzOERCN0Q5MDgzQzMxMjdDRjhEODgxQTlENTJEM0NCQzc0RDhCNDMzNjZCNjIzRDA4NUYyMzI3OTgyREYxRDA4ODc4MjMxMjc3REIzRTI5NEJGQTQ5NUM2OUVGOTUxMjIzOTEwOEEzQTdBRjg2NDYzMzQ2MzdCNTYxNUI1RkE0MzUzMjM5MDY3NDAwMkJBRkI2RjRDNjNENjExQ0EyOEU2QjEyRkRGNjZCODAwQ0QzNDYwMkFDOTFGQkUyMkEyMzA3MDU4ODdEMTdCMEIyQUI1OEE5RjY4N0FCQkQ4RDhCRkU0ODMxNTc0MDAxODBBMDEyQjg0NERFQUU4RERDMjJDOUFBNjMxQ0NFQzU3QzRGNzRBRkZFMTZEOUU1RDE1QkM3QzhENjNFNjdFQTE3QzFDREI1QkNCM0EwRjFGNDEzRUU0RUJDQjE1RUY5MDREMzI4NzE3Qjc4NjFEQUJFMDBEMDNBRjQ1MzdDMzA2NUJDNDhEN0M5NjAwMTFBMDlCQTU5NjcxQkQxRDQxMTc1NUM3RDBCQzFCMzNCQ0VBMTM4NzI0NzZBNzdFRjFEMkVGMzI5QTg5RUJEQzZDOTE0NTQ5NTE2Njk0QzU5ODM0RTlBNTFCQUUzRjY4MjE1NjgyNjBFNzk4MjY3NDY3NERCMjMzQTNCNzQ5MDBBM0JFNjY0RjYyNjQwMEQ0MjYzQ0E3Nzk2RUNGNzBFRTM0RDZDNjc1MUY4RDE4M0I4MDM0RjEzNTZDOTA3QkNDN0RCMDFGQzFEMTIxOEJGNzk2M0EwMThCODNEQTU5ODMyQzZCQzRENjRCRjY4Mjg4ODAyMTU3M0FFNzhDMzFGNzgxRkI5MUM3QUIzQkY2RTNBODBBOTZBRDA2OTNBQzI1QkY5RkI1RDRDMjk4MDY0QjM2OUFFNkUyMDg1OUJCREU5MTM3QzQ0MkUxRkU3ODU5NzQ3MDIwOEMzMjA5N0YzQTZEQTI3Njk4RTQ0REFENzQ3NEMwMThCCg=="}
01795{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":818440,"pkt_caplen":1091,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1091,"pkt_l4_len":1057,"pkt":"ACbGCvpSABcILL3nCABFCAQ10wRAADEGs2S5U9pwg3KoG9ln52yg0OtMuZf\/TFAYAHNfmAAAMSA5NCA2NCAwIDAgNkIyNTk3MDlCMkFERDA4OThCQjhBOTg3QUEzMzlGREZCMjRBQkVBRTc0RTYxM0MzRDJCQkUxMTk3RTlGMzg5RjY5NTVDRjA4NUNFNUU4RjY1RTc5RUFGMkRDQ0QxRjczODc3Mzc3NzVERUREMTMzRDE0MDFCQ0JCODdBNTQ4RTg3RkQzMDhDMjc3NERFRkExOTI2Qjc2M0I2MzgwREQwMkRDMTc5NDkwNzNENEFGOTY1RTY4MkI1QkE4QTdFNTQxOTNEMTRGRTVCQzI3ODk4QTU3OEJDOTNDMTEwNDM5NkEwMzRCOEVEMzQwNEEyQjlDQTI0NEY5QUQwMjRENjAwMzk4OTk2M0VBNjQyQTNFMzBFQjk2MENBMDY1MTU2NDdDMEU1MjU0QkUxRTc1RkY0REVCMTQxNzA1NzI5MzcxNjZGOThGQUE4ODEwNkMxQ0RGQjI4NjNFMkNFOUI1MzRFODJDOUQxOEVFMTg0NkE3RkQ2QjA3NDRDMTM2NDREMTJDNjA1ODY3QkVDREVEQzU3RUQzOEEyMDM0RDVCNDdDNTA4QTBCMEUzNzEzMEIwNjVDNjQzNDRENjNFNDRGRTNCQkYxOUE1OTM1MUI3NEUyMjUwRjlFRUMwNUIyN0MyREE3NThBRDk5MjAzNTYwMEU5Qzc2QTk0MDQzRUFENUZENzk3ODYxNkRCNDJDMzdBMDc5NjgxREQxMzg2NkJFMkVFNEY2RDY2RDA3MDcxRjNDQkQxOUFGMUM1NTA5QUQyNzcwQTYzMkE1OURGOTA2RjBGM0UwRjgyNTVENzQyQzBFNEYxQzgyNjA1RTg5QTcyNDlEMDI2MDNFMzNEMzgzRDIzNDA2RjFDREE5QUU1NDE0OTMxMTk5NTVCMDQ0REU4QTA2QUNFODU4MkQ0NDYyNjMyRTAyMDY5NDhBRkUzM0Y1OUUyRTRBNEY4QjA0MzE2MTM2NUZDRkM0ODQxRTk0MTAxRTZCMTczNjUwRjdGMUIwQUU4ODdEODY0REM0MEE5MUNFMTYwREU1MUU1MjM3ODVDMUUxNzE1QzQ5NkVCMjMzRURBODhGMzNEMkQ2MDREMDUyNjY3RTMxNTI4Q0JGN0MzNzNFRTk5QjExMkNGOEI0MjU4MjQ0Qzc1MkYzQkJCMzBFQTdBMUQ2Mzc4NTFEMzI0MUM0MEFBQ0U2RkVGRjYwNkE1OEFENENDRDI5RDNCMzlGRUJEMDA4NjE4QTk4ODY4NDgzRkVCNDhCRjc4NDZDNzgzQTlBMzY4ODAyOTdGQzcyNjk0RDA0MENFMUI1QUEyODcwMEVGNDIwNzgzRjI4NDFBNEU4NDhBN0VGQTYzQTQ1N0UxMUJFRTkyMTQ4NzFGQQo="}
-00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_tot_l4_data_len":2309,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1059,"flow_avg_l4_data_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1495983427717,"flow_last_seen":1495983427818,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2097,"flow_avg_l4_payload_len":233,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
00413{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":844409,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACbGCvpSABcILL3nCABFCAAo5z5AADEGoze5U9pwg3KoG9lowIoRT99jFi\/RA1AQAHN+NgAAAAAAAAAA"}
00417{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":844446,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ACbGCvpSABcILL3nCABFCAAv5z9AADEGoy+5U9pwg3KoG9lowIoRT99jFi\/RA1AYAHOprwAAMCBpIDE3Cg=="}
00405{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":844471,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABcILL3nACbGCvpSCABFEAAok+xAAEAG54GDcqgbuVPacMCK2WgWL9EDEU\/falAQAOV9vQAA"}
01795{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":844511,"pkt_caplen":1091,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1091,"pkt_l4_len":1057,"pkt":"ACbGCvpSABcILL3nCABFCAQ150BAADEGnyi5U9pwg3KoG9lowIoRT99qFi\/RA1AYAHMHJQAAMSA5NCA2NCAwIDAgNTg2MUFCRjZBODU4NUNFRTIyMDFCQTE4NUFDMDIwMEFDOTBEMEE5NDMxQUM0ODk3NEY3NEQ5REMzNzk4QjNBOEYzRkMwNDI4N0U0MDY0RkQ2OEE5QjJEQUM1RkNFNjczNEQyNERENzExQjFERjE3RUU4QjU2MTE4NTlCQjM3OTYzMjUwMTIwMzVFQ0M1Nzg5MEVDQUJDMDM5NUI2ODdCQTgwRjQzM0Y4RDA0OTZERjk1MjFDNTdGMzgzNkYxNkMwMERFRDRFRTcxNjg0RDIzQkUzQUFFNTJBQjVCNUU2QjNCRjA2Q0JDRjYwODIzOTJBNjkzQUJCQTQ2NTBEMUVCMTY0NjQ2MkMzMUNFQTc2NzhBMUExODJDRUY5RjBENkU5RkZFMDg2Rjc2NDIzQUEyMkRFRUE1QzczMDBBRDYyRUU5MzNEQTJCMjJFMEIxQjA2MkQ2NkM0NDA3NURFMjdCQkQ1MDkxQkRBMUZCOTI5Rjg5NTdCNDVFQzA0QUQzQ0ExNTAzOUFCRUI3RURBRDVERTRDMjVGREREMTMxMDQ5MzBDMDFBOENEQTJFQkQ1ODQzOEQ4OTlBQ0E3NTRFQjYwRUREMTI5QzMxNTg4NTNBMTMwNEEyRTcyNDZDOTg3MjlGQzlCRjVBRjk4RTk2MEI4RjhGQTJCNzk3NDg0NkVCQjQzNEU3NzkwNEQzRTQxQkEwNjEyQUU4MUREOTM5M0ZBOUM0Q0NGRjFFNTcyNTA3MDM5NkQ5OUQ1MkJFQUFBMENBRDQzQThEMkIzREM3QjcwMzMyNDRGMUQ1M0MwRDFERDA4RjQ4REI5M0NBOEU3MzBCODBCRTM2MERGRkYxMjE2QTI0NEUxMERFRDcyQ0RGQjAxQ0Y5RjIyOUI0NkRDRDgxNjJFQ0I4MjlCMUI4NTNGNDZENjc3NzZDMDg1RDdFMDMyODk2REE3MDMzRjg1NDU3MTU2MzA3NTdDMTNBOTU0Q0Q5MEEzQTA0QTA2MTQwODA4RDhERTEwN0M5QTRGNUIyQURDQzE5QUFGNTc5REE3RjQzRkMzMkM3MDg0ODg0RkQ5QzRGNkI2NzM3QzA4OTU1RDZCRTZFOUE0Q0YxRURGQTVBRDY1MkY3MzhDQzY2OTJDNDUwMTcyQjY0NTk1RkJBMTU2Q0RGQ0ZFRjVCQTg4NzBCRUZFQUVFNjM0RjZCRTQwNzU0ODgzNzdGQTJFNTJGNjUxOEI4NDhGNEE4OTcyM0E2RjNFRTZEOUQ2MTgxNTUwNzZDNUU4OTYwRDdCRUEzRTBCQTk3QkM1MjdDQzhENThGMDdEMkJCMkRDMTg2REQ4QzA2Mzk2RkI4RkMxOTQyNjRBNkYxRDUzMDgwMTE4NAo="}
00405{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":844547,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABcILL3nACbGCvpSCABFEAAok+1AAEAG54CDcqgbuVPacMCK2WgWL9EDEU\/jd1AQAPV5oAAA"}
01800{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":846083,"pkt_caplen":1093,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1093,"pkt_l4_len":1059,"pkt":"ABcILL3nACbGCvpSCABFEAQ3k+5AAEAG43CDcqgbuVPacMCK2WgWL9EDEU\/jd1AYAPXfGwAAMSA0MjkgNjcyIDAgMCA0RjhGNzEyQUI0NkY3NzAwMDhFNTJDMjEzNkI3RjhGQUU2REE2NTdFN0RFRkJBNDUwRTBDOEREODQxODBBNTgxNzI0MUE5REEyNzdGRkExQUQ1NTMzMjczMUVCMzQ3NkNBM0IwMjMwNEFCOEQ4NDEwMTQzRTg2REY4RjgxNUQ5RUE5ODlFQkM4QUZDNEQ0NjQ1M0RGOTQ1QzVBNzMxNjhGMTc3QTJCNDQ3RTMxNDZEMjA2QTg2N0YwQ0U0NzUwRTIzN0Q5QjQyRUZFNDA2ODc1NDJGRkY2NzUxRkVGRTVFOERFQTc5NzI0NUJDOTM5RUFEM0U5M0MwMTExQTZCRUZGQkQyMTA1Qjk3RDAzRTc0NUNFNTU0MDI2NjQyMkFDMzdDQTRENzNCRjVBMTUwNjIzMjA5QzQwNEE4QzEzNTQwQjM5MTBFQ0QwRkU2QjYzMTlDREU1REY2OURDNDMxRUE1OTZFRjFCQUNGMjMwNzAxNDQwODlBMUNFMjYxRDFCNzg0NzUyNEU0ODBENTQxRUYzMTdFQkI0MDY3QkQxNUNGMzJCMEM0OUJBRjhGNzgyMTgwMzU5RTZDN0Q0QzQ2MEI4M0U1MjJEODIyMTg2MEZFNUMwMjMyRDk2N0JGRTI3RTAwQzE3OEEzNjg1MDAxMDRCRTE3REU3N0Q0NkQ5OUUyRTEyM0M2ODdCODYwMUFDMjI3MzlBRDQ0MkMxMUUwQ0I2RTc4NkQ3RDI4QjE1MTZERENGMDg3MzcyMDFDNEUwMDAyM0QzODkyNzhFRUNDMTlFQUEyOENCNjlDRTNBNkZGMjQ3Q0JENDIzMjI2RTI0NTVBREFGMTMyNjZDOTZCMjdDOURERjJDQzdFNEMwQkEwMzgyMzg0M0IxNDFGNzY4ODhCNzFDRTdBREIxQjRBQkNGMEY5MDQ3NjUyRjMzMzc3NDlGQkJDQjA0NDU0ODFDNTJFMkIxQjg0OEJBMEQ4QTBBNEY2Q0E5ODk3MjJCQzUyRjZDNjA3RjRBRjU1QzUzMDkzNDA4MEY5OUVBQkI5OTk1MDJDQUUxMzdCMTY3MzVGOUJGOUE4M0YwQUE2OTczNkFBQkVBRkYwODNCQ0ZBMjgyQkVFNTUxNUU1OUI0NjQ2OUY3MUVCMDg2NjIwRUI0NTFEMENCMTA2Q0JDMjIyRDZEOTM4RDAxRTJEN0ExODQ4MDMyN0MwMEY3QjVCNERBQjg0OTBGQjI4OTI2REQ1MEQwMTY5QjBBOEU2NEYxMzhEOEFCRTJERUQwODJBMTcyNkJBQjcwNkNFREZDNDA0NzE4RjRDOEYyNzJDNDYzN0FFOUExNEMwRjhFMjQ1MTFGNEU5NkM4Qjk0NzkwNUY4Qjg3Cg=="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_tot_l4_data_len":2322,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1059,"flow_avg_l4_data_len":232,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":10,"flow_first_seen":1495983427744,"flow_last_seen":1495983427846,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":2090,"flow_avg_l4_payload_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
00405{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":861035,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABcILL3nACbGCvpSCABFEAAovFBAAEAGvx2DcqgbuVPacOds2We5mANboNDvWVAQAPXhmgAA"}
01805{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":876000,"pkt_caplen":1081,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1081,"pkt_l4_len":1047,"pkt":"ABcILL3nACbGCvpSCABFEAQrvFFAAEAGuxmDcqgbuVPacOds2We5mANboNDvWVAYAPUkEQAAiB+s2kqTqI6YM\/AUnmeMiobHdt\/DLj5S\/GLPHBry5z9cJr34QzkNjEA4v1PHR83p7XlCAxSeXJwFwoUmAaXnb4\/u8zplJP2gXGTKNDvRlE+xOjCsUi3N5GsAYIrxRd36Grn29UKIS11fyEGh\/jiRwTCtEPInGx0j0SI5sw3OIdJCTbVMkaljBwxgvJB6qk054et+feVZDe+NNlp2O2s6Q5UgvJxQXKtetmTBtKjPt+nnAYxQ7nEzoQoMOThYGYKSJO7QRq7+v96aT+sbwm4Ssic5elO06H4uFntzK09OB\/gPIQNgJQKL0z+cSHfWpaWnU2QkPxnSR1qZNa613\/\/KBpEjj82HjWhQFWwek+e2VmcbH7+q8FArjEnSDpYV+hpb0qCqrFl1XQ9BI4\/KFNtvNCI1QfjU3i5Rn3OgoveQHGigzs5kAim4PPWS84YfXVTOvQScoh+Q8r2TX\/un7xNIFFvzDCNc0ACsVRN0bFbzsg81UuyOD04FBEifnpJjudXVeC3fOCIkv47ImNKUf1RkUfrKgEPz7zed67BgfO1nhR1htVOQgWMFg0mzu0AXwfBQHWQVeYi7ChXVp3iO1MH28mvaOKiPZNs72j7T2Kzw+y78uQyPxz9gAEelnAOojlLd3W1hWWoeUKkAr1PbbGl0kCL7ArHOgFpj4oeuuxKnweUKn22PCTiIGDNaAjzixYyWwo2Yt3inVhlQcbTsiRz1vrd7p3m76vtnSPCPWPPwmV3yOVVLD\/kPTIi9T8zbxpcIF8CkoP43ZcYyn6qSlYAmi4B7bZwv3ITNGUdfusRFvCMoxKlymdY1gQ9t51Nrr5mpZ+dI64wDMITxwTtT\/eooQXi9\/gEvJ+iZNl4+Zfnecji\/mrBKBa7VvjArcmJ1gvGouPEJvDJT\/E+B0JMzT7MjeROqaEZYy+MespoTkXo06i\/Q1hBesoebplhP5iZFhxZuFqPJED9e32hSRSEFP4t3ripue+eIPmLbu1uSkil6cBYmxrRcFABrmrAvAxb4rx5CAvrQrmNdy8i3KsLWRv3WASbn9ONsxMM\/Jm6rbiHVz52NTjLN+5HA7wfROW3yXIoJeoVewaENUFh6Sq6z7gCbV8UDX6Y+G1jkswzl3Iqp\/5jTH3oY9UuRzpDpHLeTC5Xsriql6gfuSIH1v71BYWcChXS2S2LBpT9cmigxa5q3WRGN8yB0pd2R0palIZrGp7HwS\/BYiWhb5p+BRKlj29Eh4siczqJbcaVhLkOVNz\/7nsyFYVr4c3uulCcdwFZV9yOL\/FfAU67r6EgRYHFCQO7xIuvyhoQwrPdwRChpqJBAbJ2oed0us8+t4QdkpbFeeHHACAz\/x3TtxLLR7ynr1SXuTmpWUw=="}
01814{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":892983,"pkt_caplen":1081,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1081,"pkt_l4_len":1047,"pkt":"ACbGCvpSABcILL3nCABFCAQr0wVAADEGs225U9pwg3KoG9ln52yg0O9ZuZgDW1AYAIP+FQAAHaOGw7v4ZG9HaLWeo5C\/KXctvAreKqcP+UlwzP7+oktV3esJ0c2DS5s9YANPwXf42FKtlKLUeY2bR+X50puKwHY1O\/IlaaLtganBj30QBgL7J4d5sQwmThMvRW6\/Vew2SxgAM0iGmdITcpI3oeAaIPEVrWngEOu5SE5zhsU\/Y5nH9OgfLUHkka+LfIhygCHfiQBPpTQAMJ53RWmTvob8pRx+KYp4Cv0yW5tY2p\/+FizY4rg4mg3wkXOZN\/kOa9bUmSkYs8WmQridUG6IEphjeJc2fW\/YlTdqRXNsKu2WW5EO3SyAW7cfco38RnEX1\/brySUPJf\/2HkeG9sQOAwYSQc8DXBYGe0C92rdfNmsja+Z0biXYWHuas+OCSr4173ZyymKpohc4F2EotR8zkPo39M6uunUX6j8MCLC\/cJkzFenrhz38UKZNVkJTVMkdm0WqkD5VEAWk39lNoO3hfXfMdpcbvtOkx08vQlrL5XpU9gvOge0g0G\/OuZ1l7tngg5UAMnuw6bxyVVknh6RzGlRvlJl7322MGzbmba+QBxm3NVbQkY1IOP87\/3ZpSu+6uLPLm\/E1s\/QCeaGfO6zUnrTHcvtArI2SvV5zOFzYo5bTadcGxAryyHsMn4\/d8a4F9FEDaXbfJuOTNhdRHEu0M76VMw5sURXAWIuDmzaWu6a6eLp5DeBrNNndnDIIZ\/XA\/i7KYGe6Izbl50eadSAu9P+8Swq2WokqqNsR\/SfId7CFdyfu2jQNSdd0j+iJbGX+KVLb101sOtRiSFnG9jD\/DTrzLr0vzgQlcK5V\/IjoWhhZt3ulT58RM5gDzyhCJJ\/3zS13WmxHSBe7nPr\/U8+8uG\/MjEP7x50PLaGxc+7tpYa0wPDGPiwZLRQRw6+1M7r9c41CHFtkqySSWWxV3FLXIlukkJ3JKAzS1Yb97N40TJpXwo1rMuO80B8dVdzuKba5osFGz2\/Gq\/vHp8fhIhKDrmg7XoCjtA+0EzakaFoesPxK9PDP6boBYTZ3MxRsyxEwEnSPjs7OQhvDC+32bZWtcYAzGfLluZVnGyqI4kIBQxG3mThBb8kw14E4htlQxk20m2xEi5IJvlIjh3AI2XIMAEwE\/5zV5V4yS7TtSDPT5QCTOFvtcFPxH1IjQgA0JTttjpKP4XH+1vtILrIURABpk7oaLJXfMkYE6K+X04WP953dQ96zwmIrb94X270HjoPjpnGuL\/DInffcL2Zes7gMRmZyy\/zM6MQhovfKC\/8vNIOZ2Qmww\/aOcavKGexW54atzoRqdUW0IhKeaa4+ACtEzx4L\/+zi2AIsViqhEqvjpX12hOXazuHIcuMMcikMQSg6IoNPBwq9iig5yJnH7sDEChNrIeX+Mg=="}
@@ -33,9 +33,9 @@
01799{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":942075,"pkt_caplen":1081,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1081,"pkt_l4_len":1047,"pkt":"ACbGCvpSABcILL3nCABFCAQr50JAADEGnzC5U9pwg3KoG9lowIoRT+N3Fi\/VElAYAINY6AAA71tFVtbLRm\/FWBrwGGSgBlamuiuzHwgd2fbkiz45WMYM9DB9VLLGGMfqQuIBqmomFA7FcPHazsQuvfhEWK22O2XTZXqzs1e8nhkvwXmMHIjhHudQ6douEBcClMiVTAj8W4gWgrUeGm9y21JWxyTXtViURTB6HW1zZSpygIm5SG+3JiIIVDP46JdiP7HuDk3Q2qLvE88QMMi1Xt0Hg+tpdkUrzw0xDNtSbLZVxA2F8VDk+rS3N4TwC1IptCoK\/n2FHeijsL5Bh\/xTBE2vXVRi1PGLqRew4BX2ipvYhHZie05hlCY9B9lHpky96+usu7XzpE5UnF1kQ27au6ARTgVAFjYMjD7WXdXF\/WgqGtknUgRrMjl70LYknNR9Sio20Q61q\/muD8tJVkdzFbgp7ZwhCbH6QBKuyZVtoCKaVvTRUgZ1MMXtVJPZLLcc6aAcRILR1ySvqZacubOv+MxSoniCeIOOfz8qqGVhBgMHYp9zrmucZU1AFpTTBJ79VMMyEQ8quU\/9vyHepVMkWS8Btv2cM01xUQe5x9dygFrydz4nFpbCSJ3CeJXaj3OkqLNjgqtbzDPtGBV7PsM5cUYOEcjVXOxd4BhiCo96riZ54P755HsajwsIjIISO0JsrqhUXoQ+u2RtOynTRbYceB+gHW1s4r0KZ4Ce5YmlbVLzEpI02LalKqlN2ALN83lJxRiTncL+iTsLa6MU1ftNAhMxIN0z6e4u9CbyLyZg525Aci2D1gOYctQ3VD1EGg4jaJfC8SaufNB3klKRMVR\/klkedLQNUGTYPL1G6\/1SuxMsLFy8YGVTws\/+eaWoXY8gyPgJJETCkkBGiv5I01w27qZ917O6hUNtbRfoky4RBp3M4MXvgnhNeQoc4ZTrtaFwXc8U+Q3QfNXkaY1g8RbRdxgjtgSRbuy0IyUY9FF5fYLd9dilSmqn5o8x\/5tjFrVmcvigd680RvteVuN0VDRaJEG0wf1CPbXQflCxNhyl7kLXTHY7+khtR5C69HLZZLWuDoi47vZZASDmhLuykYtLo21bh3bM9obDFin8eYhxUe1NdhHoYV3\/q4EsdJ3SuIFGI7yemZVKAGFWGmHlJ09TuJZpVne2waz4slCtrwmHBXZbI9ttDJEtV9JQH5mPwJyVdOGCZd+\/i1Sdg2TeDfy50HXp3CYFUlQdbirLrfweKKzHZaMWu4fEGAG1WlgROeJjevyBzIacpxiFC1F\/iFu8XVsTiu\/iUHZVhw77ZucfwK5G1l4jLzXCxT+GRIY\/Nj6P73XPYmD+ItLE9RX+FSkFRtRN15Ulq3VCxpxUrxaxzmp9yhje6enTowFWVdMyiECNuaM3FUegU5HQD8lAYaBIZdIY7cEeZnzIPA=="}
00469{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":942310,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABcILL3nACbGCvpSCABFEABTk\/BAAEAG51KDcqgbuVPacMCK2WgWL9kVEU\/nelAYAQWmswAAUQViRm4\/ULlifZ1syaafJYrGx2oGaimTTwiDEMT\/CJFBzPFJdbi93VsVCA=="}
00414{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983427,"pkt_ts_usec":944295,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ACbGCvpSABcILL3nCABFCAAo50NAADEGozK5U9pwg3KoG9lowIoRT+d6Fi\/ZFVAQAJNt7QAAAAAAAAAA"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1495983428000,"flow_last_seen":0,"flow_tot_l4_data_len":652,"flow_min_l4_data_len":652,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":652,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1495983428000,"flow_last_seen":0,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01258{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":367,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1495983428000,"flow_last_seen":0,"flow_tot_l4_data_len":652,"flow_min_l4_data_len":652,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":652,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1495983428000,"flow_last_seen":0,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
01320{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":524,"pkt_caplen":734,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":734,"pkt_l4_len":700,"pkt":"ABcILL3nACbGCvpSCABFAALQAABAAEAReMuDcqgbuVPacNln2WcCvOcuvywVtuwFGBCYss6acsiJNNNiAbBIlKDNCK44gk8rPgtBTYPcB0TBQaeKKWA+4iZhbEKh+1udHAv6t2B1Yn6IJMtYq5DM3X4M272sdmCIguJEDbWnC1eertoAJ\/nCld7bT5YQq8t1ppSFEJgecf3feprazQpcAFso0UkuKa+f8uN2aRv39oQ84yMBNBDhwVJ0a0nVOlZ6yZDSD51mMG4JoLiN6RWJXjcVqxy8m9jXpG1c+xsS0O6vC2KUMrKi+v7l2G+JsqarL4sHxppbbBoKMn1G6jriIHVF2byGLSZ00B3htFsVVj1wv1QBh8gghmipFPjUm\/aeSaE+oJUPKU+sp7Dg6Xva6c8vbo3TtJqvjKV8ke6QyQ7aGh5wPiN9\/a7xgRazNtYiEGk2\/mB4tPUVqvmOMmFqyRUy5E54tmImaZBxLH6d0RcjOcdr5cOGQQBnbEVGuWb70eAFXbxU9GwFaLQbsB4ixO+0UXLmZZZSFjcwzL0p2ByLphsBC+0r5HUR+xSSVPlg1gpXDvLAqvPafPWGz0oEsVqgZuuOxAECfRwfFUitnotekdgFMlckueO6aNw3gcrUrWq8lluC226td1YzzuWc1bztMEO46Nwl29tlwW+n4BfE8Ks4iF0RmPeruypgNVfy8UHTu26YFArxZ++\/ysArMEP2WLqaUMI6M\/jOSF4Hmz4MDlNkXALZoCcota0mysF7b9UawKat33S4Mn95EjfrH9sP42bJhKBoemGSQoufnGy397VEaJIbjn0C4TMCdTSxnPB2Kbauhcj5J9SFESxhfdT1dCI+XOZyD+qGea1LaaQlTKnH9E\/\/jMJNmp50jvcNxKjRrVFwHpWvyCjkeewfQ5cMV0LYN7Zr0J8LPcmGWZ6HVdR8joEBR5VzTkpA484re9kkh3rmNHcG6eXJdcA="}
00657{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":27839,"pkt_caplen":238,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":238,"pkt_l4_len":204,"pkt":"ACbGCvpSABcILL3nCABFCADgAABAADERibO5U9pwg3KoG9ln2WcAzPGuM9Lx5\/tPdTG2m3Y0AlyEq2mnzqyIMEs7w8HRBEl8Y5NuT+Tl6VzNZm9syhOM8O5X9DMCZ2i18aEY5\/AFa+9vGaBzFiMm9BvXYzjoD8NIhl92KAV3hQzzPzdUGmBVVMf0BbRkDSRCiFN9nGpFLBN+y4nOpA3kBUeSofHjZl9gZY\/0gSr+qv0Gl1ZSJf+LLeeMJpEC6tb9XeO6w6224M34GMTZTkD7Nv+SCyj6hVz9obZb5coivi5CEA1BAiI84UNSuifu9w=="}
02358{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":27886,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9ln2WcFrJ9NJd3U32890WxGJqXzu8N9z7F3z+nPlNt4ZdduCnxHzVoztNfcD4uWugbXdRpxTU2iz+JXKOrBgP5eOvIBvd+AeyeE4xrdk5UB\/TRK305AVJ3NrauFoVv2qwmhRXxr1Dx7T18ByO+3W2zS86R0E1qrOxGfKzosa15\/y1MVEISI68OTNay3zeW7VOUKfkNyNjRsU+AguCnzSzXClkCO+DI0liF3VNKieM\/heXuMdrZGWfriUBTPtVJSzZkruLEN0ilRDylUau34hOZDI4b\/LgE8v7OCwdsOToW9oY4zV\/kimskruY\/nc+Gg5fPu+KGj7px2YRFxmHzBHtftHv\/c6HjDE4dEBjOUCCEv2nJNiO76vr0WPYo+R9rhdn1vka\/fjPzMUIHHcjBscg++Vllw20uKvfiwOBLD6wTh2wMVvts6e79sb9NTzsTtB+1Gt7SGIn8aCcepVuBS\/2H3SqbiAgDgAnkwOBIXQPOFejdn9yviveX4u51Ibsj+bPSj\/W07XGWw2zr9RDuBhN8A\/LTIH9rLvjJM4Kkvl\/5PwtKgpSqIRX8gYyDpegWlWHlcEOz4OwqORwWZF05hMotMRQ6Ntq3Xt5QXZYYFkb\/qHYmV6Df7nuH9EO5UeSqLNPpaABHNe+p1DGaxpnR90+UHwd\/NtsH0FID3q6bZ9XvxctJb\/DoIwjsZDycWDw3VRFV0X\/H42Xyh+5xDlXAaiFIvQkNdhroO3IapcYbg6Md7HncgV7eLzF8arQYs25WRS++IDqEDu\/+rOjItnyJZWaN0Vrpj1jCyE6cbZ3g6PwjjB76QW0txCiJ\/uJaRhpIwij\/8PmBHX\/kXNHfTIj96V6+Dc+hsW8I1E04BbaMwmfLLHffrlcTHQ8R3ATF8U\/Y0IKtadKSkj+6zIHTe55kvW08eWB+z0WNM2nQbNe65kOiwJqDPpPz0BbDlrTklp9sEwdFSjXPEXOJhHc\/8rK3M5uHXBD4xXD+6Rm6RQdiTlP104I2jM2wrTk77S3Md0srBAcddRKQb9n4XyHOWqrfbVvHKDibLesEoTe0P3DDr9qeyTQ3iNflNMza7qhQY4sabmXT9qODiYHrRbWcTL45BHL2vTwO8nhNJT44qIWnkrCV4lp0qaDQfM8rca3PX+zT\/cGeZRLHDyf50mcL1GZgIjtGIc7VE9PX5AtfywiD8ZpROEx6caJRKj\/D98NAia8b37yZn6I95seYEybTvHoqPkEKerbHgi6u\/0ZYPRpbNZhrZ8id\/zhitH6fh369TzYU3xuaW8t\/A0P94lK+bboF+w\/Q6xtuSMHH3x9UzQp7TQzqWZZ5XXc9P8RsBQgk1DR6IuhGlXmGrcCG1D51JWNudsLE9My1kXiJJ5xooh9+A085OeQWk3CJW65yUmX7hQLMmw6tatcybcXnmHUuvMAMRA\/TDUOW9C1ehOcxWRZx8myHw5\/YN5fywIinpJv3L3MMM3OqY4uX7rtO01OYCMsB4Jcw+6PcUJ\/zRQcMn8\/pmMwD8NMp7NjmsBB0WVU34b0KUDb6R8BEhCczVwjx9lnAglm51qQGChxGcC8ukg9d9xqRtpz4+S447nZ7Yu0kYLD8Pa3+fwRE7Q4\/QOegIlRIJurvP6PT6yU7vfLIvBa0FNqwp6J1NXDn3Zy74e49v+xg8BMjQD\/aKtYrgVMFhE42zFBQJMqabaa8ZMz+Y87GaNHz58bKbZkyRBbIWZSQLiZa56ISi4uzVcvfoEBoq4G+vpmOTgmii5XyxQGZoPLveFavUwbNnO70ma6V8aqS392LUUKzYSUuwhuk0FriGlY4zgnUC7aLT5R5bJhBrtekYhFhBHS0lDiLK\/RbJm2M44I3aY2tPjD1oe9RfRb1WVs2cwmNAEcGxD4MgWD4caomP4SKy\/RZeBhedag2vOkN0dvY1jPYfEzYwUz5\/gJqR6g=="}
@@ -46,9 +46,9 @@
02108{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":28595,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"pkt":"ABcILL3nACbGCvpSCABFAAUQAABAAEARdouDcqgbuVPacNln2WcE\/M+z\/A+v15K5vi1TlODQqqyeVx2PsUKhOBlNo0ASn+kPzo4yYOZDxj\/KB7osmthLQDNVgmgHa1KJ8K4VOr9uM3hlgvXixOGtD1dUUxMI\/mf52syZlFTfMQaDAUxoJkg\/dyR9o9zv9XsLg0VE0Ao80noky4cl\/QLXZO\/Xl4CRTBZLAfOyg6LGGUCiZNNGufOcOvbWiyfPbG\/NdeKujL\/6zI9504j\/6L1QghKr3gjYidqeSnT3sucogyEq9+JaNTFWh3kaMgvD2ByFKtm30vtEZGCd7+AFwDUxeSNBQbgx8yRCYAQSz5vG4rdt8NjGN9WObHWswWpXj+BHNGS0imMrkM7crqAHbB0S4DLwa5jXZS4oKQRHGZhL9DV9XlEEtNUu4qf203LEn+1UpBJj7+i4gNLnpXKPjK2PImTf75M\/bkLkM30TBV0HRcCGZ7tS4CJJeVRCYneJCCBQN3AyXMqZ\/1iAfdNmJJOZlVS7uwV+QFr7D+BLKqYA5xHetHAh+vuUzqnmyfLVOU\/04RuNSgP1yqy+Hkv0INArmLm\/jZuvLJw9\/XREJjoLZpQ6DyVPUhq89G4ivzkV2xa5Ks5MkhcatclSbJDPsZJPEsRafkKDuZTtMaNnWF74ctsMoEEAu9pReb+rgzLIeNdGnuq0RaloZARo+fqlmsWLgVi7IGQv9Qb+O2gQPQhMsnw6jo3WLBvqK1fHppCrAx+9\/IvAdwSGkpWfmunYECarxJih35IzmfbQdoQ2ldzr+dCEe2BXZ6rxIwtZDyO\/8zXUmA9G375qYLc+ZVhi4pRrsQhwo9rFBmqkrGZbFVQXtG1hL3lPY24uBYilLmtTShkrjr4WFNjuioSY06uukla0Ip+9fgusG7ZhQkGgExvahk9ZgBy0GcIspbOOaCvUdJZNvwfTxkFzpwzRhZPhXRrQcVovS4xjDU5qtzjsl2az\/MXBmBCpECf46ZOpYf03S3P\/DEl9oDtE5uFTz48+oI2579PGwIZh6TGy8iT2uupCXtNqvT9XLuOJfVQLun4TAE2AyW+5FeePHrzGni29dudzqAgNj1YOQESGOFTDextwC500gwERBxHBKaycr9kSvQiA46V6els\/W9Qy3Xj5wtFlLm1IRpscPmYn4aAau2HaDE9FlgFzNoyJLXv+MYgoQKNczqgLy6ak+e84ZhGrJHPd\/dI0sHtv5Sdofx7RVBpoE1lV04zqaKTkxgS4sDxgZFK447fjlOnsc7lXmo209Nhxsx+R7XQToC4NdYRXN8qws1o+TkVHTMnf3x5pJPkBm+KJep1DmciFUTGRBPcDloioOXJNiIigtppDM2YhpretPOtWjG9huCUCpInaTa+DRtyO72xBva2cVZz+2g5FOJX9YHw0Lvz+PrmZD01Po1hhj389h0kyfJ66ZB8KoQg8pxg8hWabn0KROtFJsNkrR8j8jmrigFFKZLsR2xxBxiT9YNeuhRlx4BfyYxCaqthxpSwxNc5VhcDHyxya9oeakAa6WUPlzXo8mgwXYpHSdyaAjUCYJ\/4XtNaYRert+MxqXiQe3fuu0411CFmjldi9PEh2twt4XksN2sJWuDeSKk1EBB5zVnYe6RXqFWq1dcFkUSCPos\/lzj3ufCZRVUlNyJlqS2pans1zNKDYxfacEul7dY7e7qJPG267ybYwx8T1tkbF7f5PKUOTsuQbvfyuWcw="}
02339{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":28776,"pkt_caplen":1478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1478,"pkt_l4_len":1444,"pkt":"ABcILL3nACbGCvpSCABFAAW4AABAAEARdeODcqgbuVPacNln2WcFpPF55U7zeXasbGebKK48P4totka3WHI5a69\/DBLYM7krRYkERhDmCcIwYzAiEyC\/iSy9RhwhHaMDncfNMwE4N4PVlT+i5f1BqYYXrFwMxAwC2AymzCG+3q+nKhO1CAUduKcZWemJ3M2VJZWIectFzGJ+ENEom3wOmh\/KcIH\/pzYwg5HYDYflLlpYALRF7eC8dav29GEEADfshdl+0sz6TLltcRhNG5Yv5j9XH3TmOewktXRFRKSgwvwWRby9JS94kwyseggJE0bOnQa5yI2O7y7iMENUUz6Wa4XPWK+kE8ro2zciNCew5ui8ZiR\/3+Do8\/TIqrhnwwoXx\/5c3AEmyLuITMi4qMzZjmFv+Gj3UnqYNCtJb37JeDTI7SK8z38V1BlvlQXWLlh220XuW4pg6NHJyWdRmwsCsokZBkfZmFZ1ZlcXQKDj3mCYwiUWnEES0iRIPZLrZrrGBmfktfQKainl5\/1TAXEnK9s5PsCr0QhfssIJl8x9YWyz9fbIj1sLTXM21LhBhRs8yC0w2Lhws53Dp9qrcZkK2YtOhcTa7Sv6zIAQBYyiide1OtvncrosvDMQt\/Lr4ULKkHxM6iTW+FN\/AoSQVJ\/B2eh9NNpceDtZzWlZdLp31+XSoXvtSvqX9dZYx3Fm0Z0jDrn2SXsU4COn66XepnzA5iKXWuWCXlq8GGppI8yFbtQ3fOBFGX0GY04yiYyL1BxCqOcBR4lm3PBfB5cksN8aQbsjwZ72ymKjfMRvNIIokryf4wjpe6XAHj+C+057jO993OdKOIXUAvwFmwoZ30ysGif\/m5RVuRtL8HGKAWHcVJDT1mkRik1isXu5F3\/vQ67n1GtDPMvQq0OZ7N+X5WkoEXbFebX\/smXz18aV5tFzOrZYSEHMnIQkgwi++Xn90M2st96GI7xvNgSS5E5h0rXRdkpSgnwyTtNMMxo+hxEOxgRB2q13V3T3UYqFc7DfNVDmuVhkvKArrdIJIhBjQ56noBxh+sjp4AoJ87E0T\/OIw+yIloQX+w\/uMtsid6wJitYhW2rCBhQnsJYcY3hMAVv6GlPtnqnnzKWFwgJ3ZaERL8A1salS2ahavWHey797gPNCef5xHc7313H\/3vWykMnqPR6lzs5788d\/DHagINOwkRwV9lF+3kwp1h8rVq\/44skW+EsvvON8RYfmg\/eiNksV6EFhf8KvwcICb6denOm\/VCp8VdpfLsKD3\/3sXPZ0Q8fqWXNQXROTnsJ1nHGXe37\/cfOkNOLT6+DAGmKEURKrvA\/qunfBZik5Pfp8Fb0wkm1eE6vXAAmQ48lSpwHSdnVvIF7ApxmVvfrI7NiZsAxkJoQMj1327yDtDljQOygwbRX0HpQnb05vrxffHF3AZgfan+x9q2NIUGq7x0HthLVI5eciZsKI4FYSG+vgHDkSgFz3haf5EZaAGTIlRRtXrVjVYpISkJ4+EgJ32Ki1jgG5rHWPwo4Fg5Zjl3rBcTP0rttVSL5khQLqwRVwPYf\/GRdU7UqNjybQWN\/Xo+8cXHSyUGq3FhX4K6M2gMVgtOOFdBnlxTcIzxYQSu2UIeonfQtiWiPjTOx1mTDF6gcuvt8FLZt1hVwk6rPfjlgkFu241DEefRby71n0Q4R8ANpYLQ82a+aed4x41VCy3qFALKuUTAjDaghMysGl+fk1hQGdWPoobCX30FaShKRd49Rk1sx2A0w4\/DBrfjrkGgeJigZa+paqLmBCBqfy8HlnOYfF+9R+pNX5cJ8BSpetpugI6ooOqQqZQDRKWa8qfM191JxXVIwMBkUstSSHyXi+P8At6XB2fkAlducfrKz8HuqCoJNE7QrYmjIZSSu8AthYiDFa+qRgwrD2lFB7pWR8wsC5MSTWZsRycmTsAnNoAQ0msTyQ\/dCTJNp40H5\/5ATYyCzFCBZLoyiodLg="}
01381{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":28902,"pkt_caplen":774,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":774,"pkt_l4_len":740,"pkt":"ABcILL3nACbGCvpSCABFAAL4AABAAEAReKODcqgbuVPacNln2WcC5NYNMthrCBmbVcLDzx04GEaMBSJLDJLDYwwTtxER12czIPzvLWnK7TS2inmdofowfj\/GBA00qd7fFhWAZK0lO8txWM21Pnmlz5TtQTOL3eQ9AAyMMtiOA+aJtu86\/2KX2bJBXt1gfdemRkHUZHnW5XcVhDVYLp0elJOpWJP\/fPb2TTUEwLA8V9TT6UkDNzjtgeyVMkkPJ7dFLvdQYO\/LeD7rk7qUIRl6uTk3Ig8lrTZ16KCNAlDMRGZ39Q2Whby0KMKv3dIKKx8AfZmgo3MVoN7p08ehD\/kxHv6GuQ75AmHdEu1kJLfl06abggE+JDSOl2USp1ONL6t\/AAOQr9C+5aq7ie+oWaCvqGopfd\/BbBLdIK8kj221POsOjTNzLAOoaBG9snasbtYoPzkZEgPHUwldH39tI78ITonPV1GPVA9ZLiJCpjDTnFVh2CKybBHYh55UlQtmnc97O64hKTB250XxmSR9TyoTgniaJ4Vx+o2imnr9JOHdkM\/pcxizRNdixyx9BMACk3nlKD7FR8sMHaPzpWcilYoiqfI0AttvIcjhRqks6\/xKNa8FDZpKNsFscBWgUUwSaF71jJCyanex2xWz59dkYB+70kKsZcXTwWBLPBDUL3ZJ7PfNcnM2roS\/eF25pB6lVgZLj5gIYTk4JeDBjLizEynGHrVwKQj253i3GJZyyWmOjeMsYhoh4qYCaJxABqLFcLS\/CIqhc0XX8dbtkRxCKZL0Q+wOnH48pgGijYre0pSYNZPfnFs90\/NkSH8T6Zzjt8PVMtqa5NgHLGt+9fkSmsNIhltNPsecMqNtWZ3altiiXNyzIclAEEtxPto3JcCz0S0zNOYFypCtGYOjtx1sAFrCsQwLXkg\/0PtytHYcqK153MPFl3f3KtFfLOZDrflmjPzA8D0H5yDHRR19+MTe72Fzw8+RxTBKEARpsUky45xVVbcuEn8lA\/CXc0fP4TtFkUa9UQeq5VWX"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1495983428043,"flow_last_seen":0,"flow_tot_l4_data_len":732,"flow_min_l4_data_len":732,"flow_max_l4_data_len":732,"flow_avg_l4_data_len":732,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1495983428043,"flow_last_seen":0,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01366{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":43218,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"pkt":"ACbGCvpSABcILL3nCABFCALwAABAADERh6O5U9pwg3KoG9lo2WgC3AOYwHfE3coRkd9vFWAurZs8jstTwnXw\/cqsx5iKbKA7woGOpEZiStAKTCSRoKp6x6\/f9Zs+BpTFgPOcyy5YAMcbffaGjwWOnT8IyeKE5n34quupOTS2uuRjCtyNCFAo8WTnSMzbi32PyJcywIUxEUQ8liTYbPgKdwTgaiP\/Hotm1mtwLDTs7hG08UqSbcXCWXNFFVPEK47MaPqwoPn2dh7mqibglI+NUfYKog17NTDVZj+waYLvcDN9j2XoImkNzUjCipW9K3ac4j70R5PFggHU36XlCSNZ2XhIjFKM00nQGI+QLoteQ8j0aZAsrLXLYsxqqK4SvGoYgma1olbSPh2W15iEFnVNfCrkhO342UfUtRpoqO2eSyqwBMxkb1F3H2m0kYUJQotA5znx3A5M2I2cLV97Zq1M5s2yfOsVLnemh3YMo8DmxGOnynqe4PdTcIIYCFlTuvlbJxcoz46oqoG4DHCRlF0dlntPGix0TitI5D\/n0YiE5bQQUU7gqIMYrd\/038O+j7JziwNwLqI9ZUNuZRL5RgmChAbYY5TtTaE7r+CtYmugTK7qdhtdAytq+kIRcuZJxzW2e+QHOyzQjzCE7aIMnqFyw73cJLJvOafzGqDIWsdusVXsa7JkhE0L2HSLACJvLruZU6SO95zxggRtnzTruoO2bZQpKHl56KP7dWrprSH\/BtWoA8QYIMdKrZ11e6dVhhfntSzlJ7oOBRzS82PQtcxITPaQUBY7kloV6nEsD123\/RYWvYnnlopmrLjY88pZllsFaRoYa+q+rxj125r8cCXiXcb20crMWSrxvWF5gSaLraJg0iySCfa0N+9TIxFXdaISLPrnQJf+KFNsm71eDJSNCihlQD114v9gJdrqDDh2zOpIECten2AFkK5gz9Y9P\/m15B6u92mwRdXwhBzI10R26F6x1VA2OCcHHQ90EjxcfGr9C9BCt8qY+zJFJYvpTw=="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1495983428043,"flow_last_seen":0,"flow_tot_l4_data_len":732,"flow_min_l4_data_len":732,"flow_max_l4_data_len":732,"flow_avg_l4_data_len":732,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1495983428043,"flow_last_seen":0,"flow_min_l4_payload_len":724,"flow_max_l4_payload_len":724,"flow_tot_l4_payload_len":724,"flow_avg_l4_payload_len":724,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","ndpi": {"proto":"TINC","breed":"Acceptable","category":"VPN"}}
02350{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":43268,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"pkt":"ACbGCvpSABcILL3nCABFCAXAAABAADERhNO5U9pwg3KoG9lo2WgFrCCQQfVUKnrm4XUK3wfxxn8qlQ5ZlUxAsin94OmtvvCqeiNDv9hCgysXgIe\/Jwp6foEgyUgSLwbFE+jFX5EiTbzvLxw+eE+9kkIbIypcFMAA862am\/h5EhYX9oyZgZit\/ohLFdBZAd\/9piW+TIg1JYKUHUk24mSNhkzehqNGbaa8v1XNXvCAKUf+je80JL2ztiSjDNtOMrbTSNyuOyDQhbbpaRAakKCJ88rhmRVZWPpGUvSoCLUQLdy+ls4UP9VbLIv60yNlhG\/tIZF+Y9AgYJgNK7469NXCZUoHPgebmwGoSIBvEupGZ2HWMq5tD1YtSNLd5mdcZ4U6bdW57PJT8Mqpobu5nNKCEUTKU8fv54QllT27onCmdTrjSLU7i56qGCPKz8Pmgpd+4MU1sOXlteqk11G5kxvUePU9AHDMWVZcDsBw+8w6+Ab\/JxYo4ilYPsOkX7nL+VL0USjj5AuG8wFeeDnvZeQURQeN12MuZewRpRzkJa5jIqIQqHHvEIR3I+NlcYV0IJXsrpavQ6RSGtYmR7+94hoEShFxTK6D2mPtrdLiAqRfmJptPiSWLm5Mqo0iayfkgY6sd6M1vwIpwRPc0qQOtn1doDjup9IIauyzdANQF9x2voU4Z8dsvHyVyVE9VF\/Qdb\/Bbe15\/vrLpOF+cB00\/TXrJ07AVZHqEwel\/iScs2S9kgqiIjzb1T0G6y8xlHQV7ktrErMlC4GXnRqlxWayYa4G266nN6wc0wTy9MD7G5DpqxUPZwZIrxZiMHXc4mPXA210XTsNG7LVVQM581lStiGr1a4pUZOImjoO\/gk5frgMuu6jHFgEA+vJuy5sW5lQpb37IXQqFXKKxN2z8Ke+x4zy7ALHVigelzuNCf3HZfol1uD4eeP+2tpVITMiH4O5PCcLDMT1yYFhbvLg8pREkBITQB+rUBzFhHXEVteh6noPH6hIRkDIrLyfEHdswFs6MATwSlSxKkz0QuaSV8BEXCeHOM+JmmNRCgSmcHuzwrDdDGG7eSF7kzVOXV4KPQtBdbB4rq\/rFfGJFSiBXn2huFIeNdQhj4gFtDQIfYjXMsmhSsrScwjLj7C7jg2Rwm\/XuhfLgws3rBZC6s4ClAl8Lku7gDzAWOdYgK2FafJmEnZR3NXAFEI8JF5r5ITwwBATJADMcv7GO51VLOgFAuacu5w0kk1gxapzbHcSOdPeKJB+9voPecizTzqOKMuqIngnpb\/qfLXWqnLz7U6\/\/ui4aHgWF+lKp0xsjiPYD9YnVxFJE08oruybimAl5F4KHctwad6wrnqDh7AMDE3spgEO04z6pL2VZXL\/wvq6pxHL80kORMsGZgPOmyHtPCRE5Jd+RFgmwBejwRrNJFCuLc2P622GjZ1t\/hPuud14khvjnfHdyfKsl19iLyzwv7qu0oEoiwBrYf06g7MzcULZl4XUxJNSE9RYU15rJmRxguh4eXuIOqgIqrfkbI\/\/vDyBWYyc45utTloDIm+GnDiAeigtPF4FijLPE9qVDfQilPuHMnf6UDvllbgNqo19g3gnmLroqXep+7LyRYp4sWr4\/d\/TZKaCucaaCwVm1u\/1te\/n+aOftes5xygxK+OaKehbJ47nnj4GJRcueg7KFHNq2ES0Uj1Rh2+lhguZLWYwLh4\/FPK0vdBcca9l29F4kxSaDHn6BeoZpX+wivGn5jMTbID2EPugYpELm+yXQDHU1W7JBJkdRRhJfBWIKo8UZofXK4qgL2\/MqCqF2T2\/hEjt9sAO7DVGx2T23++65+kzCDH2qiAfrQdQFlN08V17FGkydmcJibPSSbSe7aLjPjiXuGdc7ip\/LMmiTS0sCJq6zHCBk5aHilHCEqmTl+eL9Q9vwrMeAdX+cTIhD7xTxK6aeGzriTEJFQi6+ZDkO2+SfJZlZhRSLhc55JEaOH4LdN2VABhAfw=="}
01633{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":43295,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"pkt":"ACbGCvpSABcILL3nCABFCAOwAABAADERhuO5U9pwg3KoG9lo2WgDnO+CxkvMU5czu375VqRfqLEu7HGryDGh\/bfeaQJnEYyovrmntDxt74C8PKQJMHvY4MA1ZHuHhnLJLLc7h764zEbGLw\/vzqsaP4XOJmX3J5ZoXTmAMsXnjvJUPqVeWdg0PXJhqa6st9hNynxv5D0rpJqm0\/zV192qcE59jCUVvmB8PfyMGzNb8iu7j79YvIHCzFHzmycvx5sIdKuzv+9aaD2+9O1fWAuPwq8\/8DIg8DeQB7htbL3\/j6lwDGupSOVHCsI1+lYyNr8A5\/OFujJsJCBzKGXQVn+oJRoQMsFgr0giRTOfhVQb+GlZOLXTcVvxl6mNiWSoDQXoxAfPuixrlp8F\/MUrFtVqJYJIqlWUSZ0FHJzKiXJ5yQvwNmnsvYHqMQNW6ZCn++1tGEto8r5tq\/BDe0FvMAOQC\/Iq49d9xjtHRJaZkPSuUT0Ue8\/0Y0g7e7MLBCNRDp3pFvP\/SDROeSBv+1Hrsd3VgZ3eZsdET6SE7O+jiB1npy8XRuCERu\/h5FlX8FbvbKHJP4IXbapoGYosv9tEU2XONo65wz3MCF\/bVbrUPcOASb6j+c55C5rFZMKjA9llC2lki+5ox8NX3C0rsVb9ezbzAq4pvwBxx6yeMVlmBhRxjwXLWviN6bjb8+kKUMxdeqvtFZ90hWLG3av8x5N1D1shhjp\/Pkh3vfzESwJoedvps7xxuR16c9ku4Rlje1SzPbiXWLLd2ctB3NoWHVeTFrvLRU2yqM5LNXQpjLOWYVqndimokWzm3PvfsX2+ickLKvqhiNB8NMbCQKKllVtQtaf37M0W3hxij8fNqkfQ3Dwvv36xYQY6aA2cxZJ7cAJfgWt3+2IqzsbQ\/hOa1lDnl8uliASJ4hjXOWhi4prZ86H1uoSeDR53SAlBdMQQ3YoaLSv6kQQOXAUwHuZQi7+x\/RE5HfoAvVeNzG90OcOnL2uiCxjhyp3\/swc9NGfoqhpvTPlS\/HF6E4gzQu+uwm3Kmj7AsKixik3ciIBb6VqLoyiaQR35wKSQydm3qyc2A8RxVwJEHM9ChZNid+PGF9MC3cdjsTP6IG4AOw3VS8jLQznT38vyJvgWelWwQ+I9gJ2zh8MbfaLP+EWNQPI478wMYlCsuyg5uNNDg0lSF1epToqo6+lky+h2nAa21hKOviRtVRN8LV88QPWbYJx4n3gM4sg9yVPde6y+bdl\/hYGe1J5JIAW7OGyTqN+C43dvapKXMw=="}
01268{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983428,"pkt_ts_usec":43356,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"pkt":"ACbGCvpSABcILL3nCABFCAKgAABAADERh\/O5U9pwg3KoG9ln2WcCjG9uLSN6qXd28O84810Rge15GEeg7I\/PEgDJNw1y0g+1jdG27MHxxE17GuT0dBFp72NMdvJQ4dCHD37hVYCYAm1tHtZ4x3kRkiZShykNzD6SHFVZP2VGXotnLrS3zmLuLDSn3Fsu77lKpW83i\/IBUxe1ZnUERXYl9d6KTABMLAnv8cl2TsNOD11THWQ75915qDQQi3tze6l5YoWqdfZ7PU81w+J3yKCLkqKFq3dhYGgRcCPFxJlv2Zk9WZs4pamJKvKKl\/3y59Rp1kl6arMtRrQM+c4YwLwanNOag6QHFB\/DFxxWcWJvvy4sCRBQA8kXLk2VpQbAMn9n4bKUUZvxQFZHpM2eh9wffSxs19AyFKi0nfwtC4hzoA0RSorHHR9n4Lz8\/EmGfPkRVJ2MTboPZvVnK0rCPTfZPBTPWzXuXbXVvmkVlADw+kI\/ogOXjo0Ry2Pr2xMr+9FhLrW57FqASikRn1f6dfat4ws\/SIQ6OqcO+o\/EwI86BA6wNYVn7ackk\/ur3AD+HYI7ap37ZsItPJB5cP6yTqpdVVb7jDxvIXDj9uG\/GjYiJAl\/HLFEJQpl8PkHHTGLRMbWGu8UefLgh4yU5NgzA+54tuDPIihWpq429PKCFmSSQfyPD0oTCru0cH3S\/p50QBnK3SkvFvQJYWHI68tx64++cijo6aBCv9smucEbCU\/1arPlneOrugavFQ009pfwMHTsRlDhgKf\/Ovu4VH4LuJ79b9dis7a\/hrMjLod5S1cn2kUGAoulKsI8\/A8m8aBZ20db1ncQQzJ9YTAHBS8AemTbgn1G0ImzTyH+q8MOMS8Mv1rLaomE34RpL0RvHpJMERZNL8gSbYni028m22HAcAg="}
@@ -67,8 +67,8 @@
02116{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983429,"pkt_ts_usec":93001,"pkt_caplen":1310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1310,"pkt_l4_len":1276,"pkt":"ABcILL3nACbGCvpSCABFAAUQAABAAEARdouDcqgbuVPacNlo2WgE\/NC1K5DIzsdIHxzc\/dytvhMIhrCvkmp22D1RS8eQoCv0RroWF99\/t8hUHp3OU5w5IhdzP\/JdNSfL0skiJu7GRd8+qCi0BkYy5MK1DqeI0ZIwrnK6o142YEopprAxKvT2gVlZWGDltMms7\/6EqH0yEFVoYFJ7Z2HbqYJfdM4LDDtE5mkXok3kf3ZAUsZ2lEql1MdcUOQpOiqvPZOVQxpP8aBZbEJkAZClr065SN2wu\/i8NXpT30V6tCIwgwWh10U8o9IFP\/1tDhWufRcyb95tpUHMPxZRNDP9L4OZme57n2h+\/JUPQNZSQGSt+1LFkwcCdf2hbitNACXxS+TmW3rhMTqTi4f\/rV6RhKV0GCsAneHDli\/8TvcfL3bEo9OjqcrX1pfDgieBxaQTbp4wKrlQWWkibRJ1Klpes5F+nUsuFWEOnz765Fi1FZfz0rdPVKIVI\/tPs\/SqKOIo8lp7Ju9JpHgnWRl4171pCPvvvVHbn3qlkb6tMPU40QvgbEUN9v741qWewttg0twaP3fm3a3zNxAM3Epis\/w2fDAiDUelXi1vzZr13QCNBCmFkoSZG1dsJMOuXhmDEAqmx17sBY6qSCKaPRUUAr7tam4m\/Drpw73dO+xM+uu0YsbCKTzQPOgMqewBc0tee+PdeSxEO0yiWmMydQ0+b\/AgkLb30iCx1fDuFE\/6bSX1ReR8dI4uZlnnjg+JSpjtrjVjOes81VUa9nwlhjoZNOege+s6RanuO2rek4VxesYuVos1\/D5pAhpFltvJc4W6wjnh7v8LbwbvO8JqdNCRW3YNZVzJKv9YXml+Aqj29Vyxqpd20lMbqoizWco\/MvFHLrYswB4V6A+6hzPdm+rRVPypoqJWDRzwwEZV5TRI6\/NMGzQIxoYrvkAJq9o0bdGtQJYejrzZyxNl9pY7yKtmJbeXsy8t5Vs\/d12jCBnEqp4kZ66RLn334xaOUwW\/lLbQkeeEdEZATa7Jbe2ppgEBYVByd7N1w8kMqd85T3RgFtL\/HhUzx8PEFsAfAE53qzRdl5Kt0fYBHag4UdYch4v9sIlvR+z3uN7AGZ23IsmyYjRlHPbJ5wz1vACwXCgggxOyFntxaUx5BsMW7q3UHHXM2XKlBeCIItaRMF+DKAOJ65btGtNIKG8\/W2YuDZMj+1pX47o\/G4u88iFYX0Qo5x55G3gLhSLdgWL+1I3U8OnwLOCybyNWBJpRjdR5x7RfS2lYHyzrLg8CFwglW0xGrXhXn6KpCa3g4MLnemAc4bX0ogOx1c9Jfwjcn6S+erIt5\/9es2cKnjGffD6mGfgCc4DwJ9F4AvTDn6DjRjsVgzag+JU8JzYXs\/b0evFQ9lh8MqDDlNUumenvzH3pLkT03ZO65SVrQ4bpKAlhNxOL7xK8YZz9pAu1hKjctYYOfCjptSyusTs5ZigqhGUfln1aF5Cuw799f3rD3Z+K9b4tx6FqX3FDII1QVNMV\/moLlM46vopos7H9hrLQBk\/26J24DeWJpS8m+QSZ5hC4dHpadiv2Rr1iNPXgnqsRPb5VV0zGNds3QrJy1oHiPnyeLno+3uvI5U5ocpIN2st6Avk8bj4OxlkP9NjVpj8n+39ITREHaBD2Pmu6baozbSi9zownOtAiZ9EZBKzGmGxODjTID+7Ltge4L6X9s0T\/ox3GDuuRL0WUioH3qt\/SHfCBzUiKaTKdiqg="}
01045{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983429,"pkt_ts_usec":93120,"pkt_caplen":526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":526,"pkt_l4_len":492,"pkt":"ABcILL3nACbGCvpSCABFAAIAAABAAEAReZuDcqgbuVPacNlo2WgB7J62aRDhv5lHZCc70ajhTJHa5jVi1efjSbFWsOD919+OPkOe23wCU\/SRc\/iz14OUCbnWQNvjwGKVLH6ApV++AQZwJOHvLZ8AbeieaoCZOKJ1J3nC6kIVkNErHfR9I4+evq9eRdylqwEVqye8D9E8j6K+I6BRQCJuDqiiFaL\/8HC24C9RLbT7AsGIvIT9aaTc4pX9XpdHUedKRlAcZjkMQlGiZn1rd4ADQnn4rOxP7u3OatTT04QI6e+zLLW29sNlsrV6YGCEi7FZm6vzmisMQnLVfeekLe6wzR3UA0u4rtCg3ZBOF8Wk3bGNIMy8+iwepSJg0N1KqeJRJ0Y0B1dKnbNcErAdukQgssBeoF9UhuQoxd3TuVi4bp7oTFvKnof8bkTw8HLxqckRQ4YHHb23TclrB1hc\/8a27rKJ53l5UoY5t4wYz7EGq+JKP0MYfGzVrz3FTzRHqSj1eaAyQR776gmVMWpxTfF4i\/1tYY+SaVYbfcridlAI1GzlEC1Q6UGxCYosiljcM+mAHS1zJ5jhJTA9uogDQ0K7\/GSRHVaTvI283Gh7GpGqXG8HwVOWTeFwc4IvrZy9nmg3Ck3uzR3TEJMVTuHQ1EWTT+fki0boCyE4Bmvi4Ct9VxQgC2kKLhE0vYYyLEvMvw=="}
01241{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"tinc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1495983429,"pkt_ts_usec":93240,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"pkt":"ABcILL3nACbGCvpSCABFAAKQAABAAEAReQuDcqgbuVPacNlo2WgCfHXgG5Pnen+JSm0ePn+sTkg7n8QrD3+u+zSxhclrXawOkmKPI5bQdv8gm+E1mLFTfemDp3GzZ9aP3lMufgknIZokx5WVaMn1as2QWkbPVcnUkRAMT80HsUKqp8rklAmrENv9H5ZkeRDvhpVV\/GDdo5praAfFXazwg027M9FdOV9GZ08TX\/KZr4HR8hivoScZJ8N4xCsiEYYBPqYKBQK0A4QXRxATS9KQ2l8bJKxfUPoNI35xL+fV9E3rk2r2IGc048fNTmRPQTAtbIDIgSJj4hLymgZV0a7ppEOQkq\/03efwd5+Sfy\/pbJJ8Nos9ca4TgPSGdo7XTCiigTQfH1Gx8h+QZsf7r6w2mhcsJsxYBOqt8fERE\/KodQZ4bV5oKEYnNm6lNGHl+jZSm3hPSyXbDN8mgWCBDkTPAwepc4r1dJZfPA0kuPa7Ylxw+MBohuEOaqDl2hN7uJSkTdk3a9wL7xkPFn+xBu5jTJI\/EYc9\/typ6KiVjpCgKIk+hNiO2vtca9pYSzpgmZSavhzDbFHWSxJjLerRfI\/wmQaOmhH5tk+aq48UaU1PlxcdxTvlLbr9A93C7cUyHbli4i0W30Qw14WubnbvpCZzi2UCRuONDPsUkW69WsqgZv\/oKADeYT6OsBNUovblOnWv6E8KVOiUv7mO0kB8RL5APFHYNeEEUlRETzv9bBLzsBVeUiiYmis8BNg8NMBLzSRhSWvLOLFuoasg8iGOZxX0FrPgiTEt48UmCEXaKlkbwQjcrZc1oEZbcHx\/aCeSxnsXDsV4GYXioTDmy68q+x1MlrtVibHJ0aNy3HR0X4G7PZuYKN7diHTrKiLVC9nRmw=="}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_tot_l4_data_len":5962,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1059,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_tot_l4_data_len":165096,"flow_min_l4_data_len":84,"flow_max_l4_data_len":1476,"flow_avg_l4_data_len":1269,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_tot_l4_data_len":165208,"flow_min_l4_data_len":84,"flow_max_l4_data_len":1476,"flow_avg_l4_data_len":1232,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_tot_l4_data_len":5199,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1059,"flow_avg_l4_data_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":27,"flow_first_seen":1495983427744,"flow_last_seen":1495983475109,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":5390,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test"}
diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out
index 2af406d06..8d7217b96 100644
--- a/test/results/tk.pcap.out
+++ b/test/results/tk.pcap.out
@@ -1,20 +1,20 @@
00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613939315029,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613939315029,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":29133,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"}
-00624{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613939315029,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1613939315029,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00449{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":127338,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKKoNAADkRkxzAqAEBwKgBsgA1yvIANgAACIaBgAABAAEAAAAABXdob2lzA2RvdAJ0awAAAQABwAwAAQABAAABLAAEaJs3ng=="}
-00651{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613939315127,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.155.55.158"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613939315127,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":127815,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6pQMAAEARUazAqAGywKgBAdknADUAJrATOWkBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAHAAB"}
-00625{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613939315127,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1613939315127,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":183610,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1z01AADkR7ibAqAEBwKgBsgA12ScAYQAAOWmBgAABAAAAAQAABXdob2lzA2RvdAJ0awAAHAABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="}
-00646{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":38,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613939315184,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00658{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613939315184,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":184123,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6otUAAEARU9rAqAGywKgBAdI8ADUAJlfumIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAADwAB"}
-00625{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613939315184,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1613939315184,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1613939315,"pkt_ts_usec":239614,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB1ZXdAADkRV\/3AqAEBwKgBsgA10jwAYQAAmIaBgAABAAAAAQAABXdob2lzA2RvdAJ0awAADwABwBIABgABAAAOEAAvA25zMQNkbnPAFgNzb2EHZnJlZW5vbQNjb20AYBhZHgAAA4QAABwgAAk6gAAAHCA="}
-00646{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":38,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":38,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_tot_l4_data_len":135,"flow_min_l4_data_len":38,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00658{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00121{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test"}
diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out
index cebe00f91..bf56cf571 100644
--- a/test/results/tls-esni-fuzzed.pcap.out
+++ b/test/results/tls-esni-fuzzed.pcap.out
@@ -1,14 +1,14 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01382{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680386,"pkt_ts_usec":576239,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00780{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01386{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680387,"pkt_ts_usec":847337,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGkJDAqAEMaBB9r8LfAbu98X4VZuCG7lAYIACqfgAAFgMBAscBAALDAwPZvt6xqK7JiSO2eRBioUk2Uu867QdPWpn6Sv4hYS472iAz8c+AKNafKEsBeorsjdYMXk2HdHvKJL23Af8gga\/qxAAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg0HCVKAanlLS9J1B8hdchDfkoKDxcPc3B5hBZYsZWdz8AFwBBBCakAur\/e3rF+tGl0au7NOTY4DQpBg\/YjV6ew74w8otvaCGiCdoeWGhEGjsldqwZrBxN3o59i8BSdRX+YPQ+GgkAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAFyK2kXV21yqtAW2T62b\/NDTnJgxOrhECle3qcjynhZQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJLkAAE456EuY9a6HsKAg7En+2G8rSItqsoven5V2IfJ3Q2bekOZcTKgIZokRYkaF7ExtxsFhqXy+gigbwIQnaXqjvmpA5fAKz4tj4ykxew5OhWQtUKuHkOYZfaYtn1syOdzFlDd5f+dopSDJ1HH+q6E3XfYeSjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtw\/pm8l4GeHZCKXzswlPS\/Jet6JKlP28PhB6QjuLs0HyKQD3u9h3gOMLbs85P+uPv\/61THn6BnP+Gq0XsiHUv\/ZFCqDNSvUTBmtmCAtgIUfzrLcUWkNsVonaILrLi\/m6vYUQElVuyPe7nXS\/qvJdz0NipXdWB8POXCwp8YOWkAHAACQAE="}
-00769{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00781{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01380{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1590680391,"pkt_ts_usec":590254,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_tot_l4_data_len":736,"flow_min_l4_data_len":736,"flow_max_l4_data_len":736,"flow_avg_l4_data_len":736,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24":"SNI TLS extension was missing"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"e5ef852e686954ba9fe060fbfa881e15","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1590680386576,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1590680391590,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1590680387847,"flow_last_seen":0,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test"}
diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out
index 96c2379cd..6cf7faeb9 100644
--- a/test/results/tls-rdn-extract.pcap.out
+++ b/test/results/tls-rdn-extract.pcap.out
@@ -1,13 +1,13 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00585{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":147,"flow_max_l4_data_len":147,"flow_avg_l4_data_len":147,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":946681200000,"flow_last_seen":0,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
02368{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ERERERERIiIiIiIiCABFAAXc5PJAADUGLVrVx5X7CgAAAQG7emnv2LZrZGeGnVAQGJhAQwAAFgMBAEoCAABGAwEAAAAAWuuHTEcV+akd0cdt\/mCIl2W0D3ZsYen8qlKhhyDexkYNJNvmICdLfXfmBpGxedPIi6ruP\/C4V2lgLy7HPwAvABYDARoFCwAaAQAZ\/gAOyDCCDsQwgg2soAMCAQICCmkXyLYACAACTA8wDQYJKoZIhvcNAQEFBQAwgYsxEzARBgoJkiaJk\/IsZAEZFgNjb20xGTAXBgoJkiaJk\/IsZAEZFgltaWNyb3NvZnQxFDASBgoJkiaJk\/IsZAEZFgRjb3JwMRcwFQYKCZImiZPyLGQBGRYHcmVkbW9uZDEqMCgGA1UEAxMhTWljcm9zb2Z0IFNlY3VyZSBTZXJ2ZXIgQXV0aG9yaXR5MB4XDTExMTAyMTE2NDIwM1oXDTEzMTAyMDE2NDIwM1owggVRMQswCQYDVQQGEwJVUzEQMA4GA1UEBxMHUmVkbW9uZDESMBAGA1UEChMJTWljcm9zb2Z0MQwwCgYDVQQLEwNHRlMxHjAcBgNVBAMMFSoub2ZmaWNlYXBwcy5saXZlLmNvbTEUMBIGA1UEAwwLKi5tc2Fkcy5uZXQxGTAXBgNVBAMMECouYWRzMi5tc2Fkcy5uZXQxGDAWBgNVBAMMDyouc3RjLnMtbXNuLmNvbTEtMCsGA1UEAwwkY2RuLmRjMmZpbGVzLioubGl2ZWZpbGVzdG9yZS1pbnQuY29tMSAwHgYDVQQDDBdjZG4uKi5saXZlZmlsZXN0b3JlLmNvbTEoMCYGA1UEAwwfKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLmNvbTEsMCoGA1UEAwwjKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLWludC5jb20xLTArBgNVBAMMJCoubWFya2V0cGxhY2Uud2luZG93c21vYmlsZS1wZXJmLmNvbTEYMBYGA1UEAwwPKi5zdGoucy1tc24uY29tMRswGQYDVQQDExJhamF4Lm1pY3Jvc29mdC5jb20xJDAiBgNVBAMMGyoubWljcm9zb2Z0LXNicy1kb21haW5zLmNvbTETMBEGA1UEAwwKKi5saXZlLm5ldDESMBAGA1UEAwwJKi5tc24uY29tMRYwFAYDVQQDDA0qLm1zbi1pbnQuY29tMSMwIQYDVQQDDBoqLmYxZHMuc2hhcmVkLmxpdmUtaW50LmNvbTEdMBsGA1UEAwwUKi5mMWRzLndseHJzLWludC5jb20xHjAcBgNVBAMMFSouc2hhcmVkLmxpdmUtaW50LmNvbTEaMBgGA1UEAwwRKi5zaGFyZWQubGl2ZS5jb20xGDAWBgNVBAMMDyoubWljcm9zb2Z0LmNvbTETMBEGA1UEAwwKKi5saXZlLmNvbTEXMBUGA1UEAwwOKi5saXZlLWludC5jb20xFDASBgNVBAMMCyoud2x4cnMuY29tMRgwFgYDVQQDDA8qLndseHJzLWludC5jb20xFzAVBgNVBAMMDiouc3Qucy1tc24uY29tMRgwFgYDVQQDDA8qLnN0Yi5zLW1zbi5jb20xKTAnBgNVBAMTIGltYWdlcy5tb3h5LndpbmRvd3NwaG9uZS1pbnQuY29tMRkwFwYDVQQDDBAqLndseHJzdS1pbnQuY29tMSwwKgYDVQQDEyNpbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUtaW50LmNvbTEoMCYGA1UEAxMfaW1hZ2VzLnBhcnRuZXIud2luZG93c3Bob25lLmNvbTEVMBMGA1UEAwwMKi5qcC5tc24uY29tMRswGQYDVQQDDBIqLmMzc2NzLmpwLm1zbi5jb20xGDAWBgNVBAMMDyouYXNwbmV0Y2RuLmNvbTEWMBQGA1UEAwwNKi5ob3RtYWlsLmNvbTEqMCgGA1UEAwwhKi5wYXJ0bmVyLWRmLndpbmRvd3NwaG9uZS1pbnQuY28="}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_tot_l4_data_len":1627,"flow_min_l4_data_len":147,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":813,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
+00823{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1587,"flow_avg_l4_payload_len":793,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA"}}
02365{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="}
02375{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ERERERERIiIiIiIiCABFAAXc5PRAADUGLVjVx5X7CgAAAQG7emnv2MHTZGeGnVAQGJhsRwAALXBjLndpbmRvd3NwaG9uZS1pbnQuY29tghYqLm1hbmFnZS5taWNyb3NvZnQuY29tMB0GA1UdDgQWBBR3cTg6hCQojXMJJ5D1bQIhPIcNAjAfBgNVHSMEGDAWgBQIQuPbThFm87UIxUDbVXwzRhGDODCCAQoGA1UdHwSCAQEwgf4wgfuggfiggfWGWGh0dHA6Ly9tc2NybC5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcmyGVmh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NybC9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3JshkFodHRwOi8vY29ycHBraS9jcmwvTWljcm9zb2Z0JTIwU2VjdXJlJTIwU2VydmVyJTIwQXV0aG9yaXR5KDgpLmNybDCBvwYIKwYBBQUHAQEEgbIwga8wXgYIKwYBBQUHMAKGUmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMFNlY3VyZSUyMFNlcnZlciUyMEF1dGhvcml0eSg4KS5jcnQwTQYIKwYBBQUHMAKGQWh0dHA6Ly9jb3JwcGtpL2FpYS9NaWNyb3NvZnQlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBBdXRob3JpdHkoOCkuY3J0MD8GCSsGAQQBgjcVBwQyMDAGKCsGAQQBgjcVCIPPiU2t8gKFoZ8MgvrKfYHh+3SBT4PC7YUIjqnShWMCAWQCAQowJwYJKwYBBAGCNxUKBBowGDAKBggrBgEFBQcDAjAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAzjHSjzBBboE6Hf63YDAZ0eEE3Fr233P7k1evyql\/LmafHbV8kz4aMun+H+VIZeRM5Bql9x7WpjwQDS+J+smj4QnJo\/6ntdr3MlGPRoDRdkfFG7SosnI\/eCbIu9XuIWOHkZSH4\/9X7izdGgsuT0UnVndeXlHcgDw1ihOLBtxnkosbQSMKCF9\/HjID72MCp56vMoSU+WuvUQXXBr\/LgJr8eUtWe0pS65dkmCZ\/QNCuARDC2VnL+opy23sLHDSC3saZZQ+ZMxgShBWj\/VUrF5JAj8XmonqXVJeNovnT8++jWSd9AcVEkeZAo2TqMC\/26PhofncqN75eWaN2qQf74Z0rNwAGFzCCBhMwggP7oAMCAQICCmEDMzYABQAAADAwDQYJKoZIhvcNAQEFBQAwJzElMCMGA1UEAxMcTWljcm9zb2Z0IEludGVybmV0IEF1dGhvcml0eTAeFw0xMDA1MTkyMjEzMzBaFw0xNDA1MTkyMjIzMzBaMIGLMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MRQwEgYKCZImiZPyLGQBGRYEY29ycDEXMBUGCgmSJomT8ixkARkWB3JlZG1vbmQxKjAoBgNVBAMTIU1pY3Jvc29mdCBTZWN1cmUgU2VydmVyIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOqfX5ELzRmCX5Hqq\/WLKNiL9Rzgkcm8zQIQUCK3OApcz3EMWC2IbKi4PDNj+XOdPOnDee3y\/snLw24k4jxCcNhft1v3m1\/1J294AOuWXbdvz+RBBPC7Q71vXyYPt443QRNUZxuQACc4uBrDlm0cMTU1ScVGHudzpMoDEXlBga\/Tjkaixb4AUwW5OJy3YCmzylKaksVTJ7ZBDUD4L5vngUkaWmqoT3HH6G2BvifvydbGkisQ5DY1QAjQTXD9cJsgHLO533WdK3fQxM1qce9aWAv5cIU="}
02376{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"ERERERERIiIiIiIiCABFAAXc5UxAADUGLQDVx5X7CgAAAQG7emnv2MeHZGeGnVAQGJhPMQAAiAWJbWaSMKuviDnX1C0Llpx4JK8Aq88JPhOua8Pg4c9gf4tT3ALQ87CGEd69AgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBQIQuPbThFm87UIxUDbVXwzRhGDODALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwgACDAjBgkrBgEEAYI3FQIEFgQUforCnFoyjMJxotlPdXD3qRv2lAUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwHwYDVR0jBBgwFoAUMyHwy\/6ioESS3vY7M9hfAUuXeF0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4Y2aHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3JshjRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3Jshh9odHRwOi8vY29ycHBraS9jcmwvbXN3d3coNSkuY3JsMHkGCCsGAQUFBwEBBG0wazA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvbXN3d3coNSkuY3J0MCsGCCsGAQUFBzAChh9odHRwOi8vY29ycHBraS9haWEvbXN3d3coNSkuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCPwtFc7xQRdxdjBzxMfGja\/oZK4iDMP7AnPdHirMiLSKbkWfc6Bq19UvH2ZWGWISKuaL4vet6zDPXpxd34ZYJdy2w+DDcRdBUJeFW9JhK71pV007z1dgkqat82xI5W1R8g33+CMNdDq2gii2paxZvQnY0LDFCFfsxagAeLA06\/vV9sVg8FqeJUw6XTUlxfTQvdBfhREgMhb5xsl5gqwcERvL0brvvjV19PHwCe4qRR0\/esCTdYpQkh0XLQssGL203cE9FUWE0rwK36Uxk1sRWoQmS37ccfpXmoDTjUUL\/0Wv8v6b8\/fTjl+yAM1E7gLx1FevsoLzFIb8xuXGhC+urICwEw7BAmQjgjqcMZuNlwGmgsksufc+bM\/zMj7ttetX8FWD9QxRwIGPTrL2KqU\/ehzd7j64IcGmdroUynaHFA0WU7QRicSeNx++tNg5PTR+ZkQsu2NRz7NA6hKPuMoacfAShR5XGUN5zcQVt8fuksI2eUnXPfX0B5o42VMMxTFwi8UIbz\/BAZgfz0Wm7z3KKadXvDrKBR7TK2WN9PjpFTatKqG13mU7iJo56JoeMp4LNs6xrMb1qqwuL2HkUp79bCQ7E7rT4m\/IGXXEj9Ylk0ksn7uaHXQgX7GfZ+MvspNNWHZuUEHcg+EPqmePUefd4aOnh83CpxBqMtbwVVI4uQ7wAFFjCCBRIwggR7oAMCAQICBAcnYgIwDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMDA0MTQxODEyMjZaFw0xODA0MTQxODEyMTRaMCcxJTAjBgNVBAMTHE1pY3Jvc29mdCBJbnRlcm5ldCBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC99M0npUrYkBnbsgp7YKROjw6Yo5x8UHbrs0qMnxiw55rFK4KGCSisERIyJvUZ6vC4Z2jFBv30Ga7ZE6DQgScIpnmcBPVIMi42H6trJuyhQ7SdgLBJA+qCSV8FE8Wgg1\/hKvQEGUt+yNqIvLVdA7x4VqHpf8Vq77b\/HQFZtx9TWl\/G+JFtxX1Dkxg="}
01643{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":946681200,"pkt_ts_usec":0,"pkt_caplen":968,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":968,"pkt_l4_len":934,"pkt":"ERERERERIiIiIiIiCABFAAO65U1AADUGLyHVx5X7CgAAAQG7emnv2M07ZGeGnVAYGJh7iQAAdEXtFbqyfMg6NBQeqmP35dRLyCMrh2mVE5kJFO96ASBOt8ZIQa7JhwEp2cKHOH+2QqTwss4t\/bRMV\/Co1stO+l9d\/bn7CdwWhWTlcZzV8TOXOGcum7wXNgV+EDZ\/fuuYWlscraXnCRB9+Uovs483FdZvuVs33Leff45mfyNc7RJ\/jAfw\/hn5uDRDe7LqhfuMqarf\/ZENLPX7r5eJ8QaKr0n2PC4j9kQWJZER4iPDyoVVSSrIIa99ESaGsChFuofuNhOB1UtHGo7bCfHRlylQFDKZCePywOdTj2v0+hNcPI3uVJkPJ0dOPBLzjxIXRvCJakWztTwMd0UEL72+tZ6YPAU7u0E5hCC8eQTWQs0+iennejdJELTMnyRcI6ZIbvvj1O4hKZPk\/YAaGzpswffr2dRNvvER9qKOQiShT2m10mgUidmfkNgfnhvmbWQlKbY0Q6Rb9Q3rdAZ+n\/Fj3EWnfDqaXGtz2MNYBI6IbxPQ5tDfzcQKDgcCAwEAAaOCAXcwggFzMBIGA1UdEwEB\/wQIMAYBAf8CAQEwWwYDVR0gBFQwUjBIBgkrBgEEAbE+AQAwOzA5BggrBgEFBQcCARYtaHR0cDovL2N5YmVydHJ1c3Qub21uaXJvb3QuY29tL3JlcG9zaXRvcnkuY2ZtMAYGBFUdIAAwDgYDVR0PAQH\/BAQDAgGGMIGJBgNVHSMEgYEwf6F5pHcwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdIICAaUwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMTgvY2RwLmNybDAdBgNVHQ4EFgQUMyHwy\/6ioESS3vY7M9hfAUuXeF0wDQYJKoZIhvcNAQEFBQADgYEAK0jzlPtExZNq1k3+tBNOEiYXyrJaqwm5VqRvf1eeZLL15NM172Nly+UsFZzvzvgqxZJkK0k+PDZsvRibZGeXP+1o0BbBEzzyUaBX3iTONatpkE4rDDr5tPGA+m0AeaY6lplOOm5U0KNZbosdlUm7ldh1uOESM6xcJ7vLVXHV+u0WAwEABA4AAAA="}
-02965{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_tot_l4_data_len":7001,"flow_min_l4_data_len":147,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1166,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher","9":"TLS Expired Certificate"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","issuerDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_tot_l4_data_len":7001,"flow_min_l4_data_len":147,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1166,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+02977{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher","9":"TLS Expired Certificate"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","issuerDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test"}
diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out
index b0a1ddf0f..4f5d99d8a 100644
--- a/test/results/tls_esni_sni_both.pcap.out
+++ b/test/results/tls_esni_sni_both.pcap.out
@@ -1,13 +1,13 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595697574192,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1595697574192,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":192522,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":222665,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"}
00417{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":222752,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUj2YzZRGlAQEADZRAAA"}
01279{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":223192,"pkt_caplen":688,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":688,"pkt_l4_len":654,"pkt":"LLBdqyO5+P\/CRWqLCABFAAKiAABAAEAGXzLAqAEVaBGvVdjMAbsVnUj2YzZRGlAYEABWzQAAFgMBAnUBAAJxAwMGpWRlayh22tFtXEAzmjJevDFs1IWqC4u2bXbxwIE69xC3C2PdEU5UEeZFLwoPl1YAAAYTAxMBEwIBAAIyAAAAMwAxAAAudGhlc2UtYXJlLW5vdC10aGUtZHJvaWRzLXlvdXJlLWxvb2tpbmctZm9yLmNvbf\/OAW4TAQAdACDbPfgwm2DuUZA1nST0TTbZcl3w+W\/UxK+KeNTQ8XZoWAAgv3B+CGpVXz5mDsUtrAvL6LtcWXtckj8m0zxukSXGubwBJLiEXRo3Il0FXLcYe218vYUq39pSaQl2gMs4ivT8n1x7zgN3LVJZggr8LaXJSaZj+ZfScLvSUl0NfE2D5vqc+gOMHnjCyEe7IDOFOZjn05FzfBy7N5ap9\/JNXoj2xa+U6V2TwvihaOc\/GNCQ6radfGia+nrZvKr+\/PSWUJ3U3+s+ls4zTysApsA8H5wb9QQLoDHnidAxhd22vS0hBakUY1GaI8quApXj8Gi3AdmbGrSGWDxyVN2ge+mdUMI+RoHLYqX6pmmt\/vdmkxN3iLPApbDuw24AT4oR57WxTdN\/UMH28g1ogoYgvvt0YKXWkQJVwSb5If5rcPLpxymWg\/rm+dBosTm60e9wnaghZCsA+n\/Ru6RO9sPaxhBDxDQiTz5XD2LapL8ABQAFAQAAAAAACgAKAAgAHQAXABgAGQALAAIBAAANABgAFggEBAEEAwgFBQEFAwgGBgEGAwIBAgMAMgASABAEAQQDBQEFAwYBBgMCAQID\/wEAAQAAEgAAADMAJgAkAB0AIKwXrYJPOPenZGQf1a2Cz8a6UMLnBYZ9xGnya\/eMwngzACsAAwIDBA=="}
-00872{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_tot_l4_data_len":750,"flow_min_l4_data_len":20,"flow_max_l4_data_len":654,"flow_avg_l4_data_len":187,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
+00883{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1595697574192,"flow_last_seen":1595697574223,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":634,"flow_tot_l4_payload_len":634,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
00417{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":265763,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAo1A9AADkGlJxoEa9VwKgBFQG72MxjNlEaFZ1LcFAQAELmiAAA"}
02403{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":271419,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"+P\/CRWqLLLBdqyO5CABFAAXc1BFAADkGjuZoEa9VwKgBFQG72MxjNlEaFZ1LcFAQAEIx7gAAFgMDAGoCAABmAwNw+lc6r0tf3YdYfbWvsjq6lUYmX2lHn0WywBDUA8mO+BC3C2PdEU5UEeZFLwoPl1YAEwMAAC4AMwAkAB0AIEBba40GfrygMyeAtaoaApWLvD\/pYpMxaPlBkSn3R+V6ACsAAgMEFAMDAAEBFwMDDteWD7lzB+RguiGPJK4o8U\/3eSchjzjEO1ByvIgmphBIgJlGXyjPfHNj3sVwryZcorbjVq897pLlEJIAZrrTthlHpJHUlG05hAmbjJsZbjsB67us5cQpu4U1RSUTTswTHf4yHjhP3s5UXLXpyIUm+4nTIZ9TqJTDQGlZQyN2UGWrdCQBfdIhnCMgu\/2aXsQ5i6fZYeaTRhXjGDZtKlthS0BOXO81T49o8ccubMxteBGqFFf9vNmrALi2irDVJ3cVoe4DZQbfjAT9jWLPe53LJAR8N8XzJvdbkO7Aa\/SylZf1LkDBnjehDTxWaaR5Y8tUY0kUUdNrU0D6HeOjX5NFpmOrKHz21IhEVKmy+i50+gq6l27zZ5EYMJu3YM\/V9aylWqWbAq5yAvAGlhA6geYJZcZ7mejPiQyQo3ML\/QLj1SrFXg\/Wx99XPJGdpsx41f4Yjq6lTCV91GiE7zO83kwDs6Qz4i+DBZbOiAYTr3mVhpf9YbxZw4IG2lwjhSpgt+nfTBBfK27AdNvnUyes546Kopnx\/Ui1UpobuW5UwRuu9pQWissd2Hy+BdJ7laD\/iqxPTm+sfW+zY9xR+zynG3ylj5VT94FuQ4zqGrnFMnn5UEAEokqyWvCmDpMCTEcIsCQDEEQxPk3n7vpVAcapbO8VBnrmpgaylIUnkypZnlYg1QDn0IBMxbmQ52vIqYrUZ+IczH9g6i12ON4BgW1L92ZDz8zdAOX4Q\/3EanpP+heCjViSVOwhhuxcaIiQGbz\/0yOeJ6fEZ4EEHhODQT52phhiu+ZM2TBwx3eDjxR1xTQEEgoPZTDMDsxv9HKP\/dF47AYjZFB541mF7OEFDCbmlMRDOqjWAHWVaWgUkwuZA1KnHSdikmrvikihfaMaPDgMJdfsU4aTwT4bSRcoJcReLIY6eF6ZSCNsda3CRvCiYbr2sbG\/CFMzJNZ7pnPsrmRX4tsx1hw1O\/dvM7ykIC5Ym8eTPneFZSeAKSHplh6X0hqsha0mq5SqMHsfiUKyGZ7NQ6g7JsoAXleLiaFDkVJbffau5ztX\/yIiYkSq+OKvOGxaDTS+JEdUo5wUaqGU4qAWAk\/XGTR6s2UIDrTSpx2IskAq63dbThAl8mpWh+n6C2TrP\/H4yhXnRyZpVz+Ot7t5sx4wkCh90wiMR+rXkYef8bSetnAjz+5\/H76\/+CnEJKoi953vSh96Bz68OPmoLQ6AOT1z\/SBjt87JDuujmHVl9Ffp279aI+muMhIykgOOcAJludWp8v66HBIPG1X31Z8BdQs8lA25Tff4hqcQHpkU+CZh9aR+ap5G\/KZmOpUEJ4P5g61Ud8Rgiuh1H3z3G2iW\/ZUI93EltA19hKVbrXPwQDhdxZNtaurtRhiWwe3iR7mkRzTx+QwZAGN\/pr8HUkYFKa9\/xO42BN8EwrCFJ401qFbtYycwwQQPIyF9tFUxiYfL9APSjSAAiN8QsjaD8o600MHu3X+ZLe\/CPA3uKA1tAJJcu\/NY6\/oCSgznU+iUzxIqzo9lL8pyBVXOQLIksCdIEYwVTRAU6dWmLQwD06bNmUV\/\/xAj0jvu7cj2NcyuF+IBdMGR6lhHFisWJriPSo\/uukTaNKY8CWqBsAqIFTrJqdvV9GOZ1\/g0E44W77UDAcxX4FmlncGI6q9qW\/6c6Jt7WawSSNBEY3PMNmrkjP679DpG9U8whzqkpz061ZLNU+MdKTFOTBBMtw1qiG1Yi7bRwZJOgX7VLUhIw7CYKc+Uc8D5cajqldAtDGEGfJZ4muawOq3f+SLJctSHmnR4OnU="}
-00919{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_tot_l4_data_len":2250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":375,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
+00930{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1595697574192,"flow_last_seen":1595697574271,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2094,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"these-are-not-the-droids-youre-looking-for.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
02397{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":271426,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"+P\/CRWqLLLBdqyO5CABFAAXc1BJAADkGjuVoEa9VwKgBFQG72MxjNlbOFZ1LcFAQAELyRQAAFyqikxkqJVDWQ42HIFth8ZvD33\/+05z4sdxxp+xbJu8vuIM+Ao6gibWGn76tHzdlsOjFKoo\/SKq3AhXb90tqwKfi7WABZ5oX05X57OEtA9IAgp60m5qoS89IRiABt3DhIS9lyzQNaHEknGLbQ4NkQVqDe5eVJ3ixXy7VtF1K2Q3tj4yG1bHBL8O1scF1slahZqMtehgzlXbxaMHXtlOvlTeG1FJ2f4kl+C3hdUOTFi92fh9p19u8G3i+R6sSNx0UpnzPdxMVAMa5MckNTAgpRPLtogRikMHRV7ob+2EC3ej8VM0Iii3qzRnqasT9cmdngljjOqyM24SaFpDlicMM\/yLyUtIyCloxMbXpHau3ggY9ppcBeGcgN3p1OHs1\/zyQANjD9n0kkie\/5Dt4p7LohMSt1ruh7y8E7e3ll8ThOJ160MI7KMTx3Jsuwc3GC3MoiEVv5GclwIsIfdQmcmJVG43\/57DO0+tYbZ\/21HiUqSh2bpOWMiFyQP9FI4OUoKbEIfZVrujGWfNZcEJIZvTs1i5yG5js3yUEeoOKf38vyE81Cog3zFnw\/Lo5kOgRMG+lShd0jdY7MlzJhpYv2SKKeORG8oIY0Mqd6djT4\/lM+E8qLFNIGDvOIFa7Gj960ecLIXXg9ECJNbh2nWkoXSkdz6OxVjpYd+14Wm1QxiVn9vhhI7OLAHCZuvxIrx0M8HVlskS2QB1FEct4yhuktbvRHFMq8hsAKTU22Yv9nROmGUwAPZ+dQZNVOngdywxnTlqencx8HlJwSPbvas5FzQkQ0nnkM36B3mtgync5p2VWEf+KRbqM4IjPTMLcGK0ElPPbiM89d5Csa4LgTUjjb2rl8\/D+JLR2wQyjl7\/gcUX50z3KqIwmFgrK9o0ZVi5yhUqnfeejt9VBgYRvf3JKe92mZ+ZVkwFPFeSevIVcI1t3QswNcEBV2wQUSRWeUDfRe0n+IxzsRJsA56KNaiMvsuXduxE2EsuIY1ZVU7ZhbU9lkwRsOZhZHxsAExFu8enJ+byhOZujeQNzXmXzZOC2bS9qX67a0tnIPxRr3Mv04HTbIK1B7itczcqSB0zU4KeEv4LIVMRC\/mv4YMfGGzJIythskI\/r2I8rzH3WdDtEKL0KSmsaQsUUSCvRZkFLNSOWaZUD7tOM009AnP68Ffj723ifVu1SQanUu2H4j3iJffH+AG0gUEqhF2jYt\/cLDP7ZwWR9QxY3PZahoTuOUnflD7vrJJO5u5S2CWg65ceHz6F\/wayrIsrgJ3GF7T6gAFWsMobT1wRNnSfPj6SSuKxeTCQpI79gfhCOMEYg2UZFkoc509XEkA\/8AXagX3lEacvGoEczdVv7WucauL64EKV72yfYgP\/Riz\/XPls2AVvJ6FBrtPuRecnoC\/a7DgkcJfININqi9EEo16lVqt37mPsN56DyAvBkCCoGvqAYu1uu4Ot+z9dwwa7k0Qnx1Oli6XLpK6V99sXo0IzJ0nZXSAQFqnWCdhyWQ3hCHv9jO78\/5YG3U6\/uv6xHK1lDy4dQbcz62c3rU6MBK2rFggzwYpmQQbK7mAX7ZIEw9Ukz4XYO5oJ\/2HGduFmgBEqS3qY7x\/B3p4\/SvTqzDWULfeVHa5MWz6bY7cJ6FU3Ja4kF2iX+bzlDb34l2ZYkGCJGpwnyFoRCVIyEMzxLZD+vveW+HKfsSNBKASm2LjCWgeRXMKcrDy1vxPEnmAF0HS4qQBpF2rDZP8UXi1SDkixIoORkDK4EinMDgIIZwcT6pv7H+j9+enInC2maFE7Cg13qeVQvRZvL2QkrbyXo0KUJNZ\/M4DZlnvbT4TITLxy+CvB8Kwe7EluYje8SCkm9pVu6uQxEczWrApxwG5f7LsFamd\/NsgpP2bCRhNZ2kJbvilaoAm14FmmmwCgyZhMj3rP0PoWFp2+HJHwbLheNvovUHwdzRs8TUcKs2RRWLXs="}
01788{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":271429,"pkt_caplen":1055,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1055,"pkt_l4_len":1021,"pkt":"+P\/CRWqLLLBdqyO5CABFAAQR1BNAADkGkK9oEa9VwKgBFQG72MxjNlyCFZ1LcFAYAELK6gAAT4ghP3hAvHSRvYPIW833T8rF0Vb7KH06FoewTAHZnqWdySNvGA1BxAjRnqSgkcaszyh2X1zXq8n1rU39mkjuPssXpNy0Yd8Ntqhr6IkjitlXdgtlJj7xhQ9UoIiZcvWuA9jvhC87nawMNDWfhT30qW75J6ZK9p0l2LAN3VHcyhihPuPbJfm\/hoEi\/ZSmP+iVcMdlFWkWGov\/4oIFO3D54v\/gDoDobZnoZeuKm6uP3MVRtY3shfZ\/6tU+n3cv1o2lLXa7HtFOHfLrQlsoEWF2lM0wW0SPZh9660o0z7UmRHP95Lt8306pkdwCmwWobpv3dGfSyzgFjC37mALM8FOGWtRHCQVxTK1bkVH24\/iO7tnwMiLfl8+PCfSEIcn4qZabVpC66oynF4PNse79A\/AE+MPWCgJNcoT\/6gnSaQv\/kt1G\/q5cglaY0Sldw7DZSvmK2mI0YORAsgbnwA\/PozxLNtIu1xIZi8eo0kzP9lh9WRd0HFfGTBfOC2kswb\/V\/oQvfBhvGGlie9PuybXz9t11+7ADCk5VShjvcWkFCuWaJlqksghDYgEje9YpFuzKEz6HrmEpRdMAipEQGzBUR7C9DraNH6ZW1Hm19SP3mrIcPZq\/c2znS5bfngweLUV2+pEoGq7zHM9g93bMoyxejtCRGQnj1ApcsicKQuMgFzTknAi51AHU3gNqaFQzxnWTO\/2IwhjtfnL8UV\/hmQwqj3z0VT14W6w14nO8\/Nt5SgRZPmUHmqYTno\/JUC97XXejTt65r\/2jugM4PUNLMBrvNciVpdEWv1EqcSKzp8lXlQIabRK3SWC4aGbqoCZDZ0hCIcacSlmeepx51erWBYsrY4ESdj0CiUQvXO0gkFZzeLr68KUFJfxUTfMyPZ9y5V0Tvmtp7Tc2NzqYj40LPLP+QansiTtpBxYCofIBujKLdlrZfUJq0jLu9YHZvJfi\/D5RKBu3O674y+CgVem6PWZvyamnLea5EZBDNHsJLWoEyY1bXRvDRMo9+lWHpo9MhMTyWAI3W7L+ub78UjSEJrmIy+Fu9c4TfagVYoMHaLErPhMpGinA7uA\/XqdtLkN5PFGr5Oh4y15ad61bKv9i0oYpqyrPiqwiqakOvHHOatdRayOfXKVxbaefKxL25FKFrwB\/TmHLYL1Lx+4Yj\/bwVcUMTK69GE0+ZJfkXRCaK6CX5QTG1YCk1dmU2nInmT3rTJiJTK\/i2AJVwkIu9HaQAkkrQuaY9RuYSAywJnJ+oIJQS+7cLIFV9U1ceZipL5\/XiRBi\/cDlf5cTH8Z0SQkIGiENPtgVVt6EUK\/c6dMFflSUh8S\/42FVl0Uk\/FJRkk8="}
00417{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":271554,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjMAbsVnUtwYzZcglAQD9LLkAAA"}
@@ -17,15 +17,15 @@
00588{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":272682,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"LLBdqyO5+P\/CRWqLCABFAAChAABAAEAGYTPAqAEVaBGvVdjMAbsVnUuwYzZga1AYEACVEAAAFwMDAHTbGkXPhSFh2EtBT4Ucf2la9Me1Pr\/cnCufOWXr97iBYl2sFJjp6mds9gcEN0NbujkofpclXD\/7+RfwBuf00YU6dfzrsRTSZBOq190E19skhMEmjtDKcO4oViXiNfEnYtMrdsZgdVLAYKRQU4zDKuBqkYlDYQ=="}
00419{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":303215,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAo1BRAADkGlJdoEa9VwKgBFQG72MxjNmBrFZ1LsFAQAELW9wAA"}
00419{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697574,"pkt_ts_usec":303765,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAo1BVAADkGlJZoEa9VwKgBFQG72MxjNmBrFZ1MKVAQAELWfgAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1595697597731,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1595697597731,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":731441,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjaAbvycO9jAAAAALAC\/\/+plAAAAgQFtAEDAwYBAQgKRX6yWgAAAAAEAgAA"}
00436{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":760281,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72Npkmiax8nDvZIAS\/\/9OXwAAAgQFeAEBBAIBAwMK"}
00418{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":760372,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycO9kZJomslAQEAB++AAA"}
01284{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":760792,"pkt_caplen":693,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":693,"pkt_l4_len":659,"pkt":"LLBdqyO5+P\/CRWqLCABFAAKnAABAAEAGXy3AqAEVaBGvVdjaAbvycO9kZJomslAYEAA4MwAAFgMBAnoBAAJ2AwNdJNFyReVirRSVojufnGMbeLCCSIfasM1ieW4FG8of3hAwM4m8b00Q9oV+Hc7T5oMLAAYTAxMBEwIBAAI3AAAAOAA2AAAzeW91LXRoaW5rLXRoYXRzLW5vcm1hbC10bHMtdHJhZmZpYy15b3VyZS1zZWVpbmcuY29t\/84BbhMBAB0AIJnVpjNl66MOXpvmx41gUQaYeiX7Z6hw7BwkUWzRGGpOACC\/cH4IalVfPmYOxS2sC8vou1xZe1ySPybTPG6RJca5vAEkS4DxHD4+QDhSKdiI9dtzmEYOX\/XsngPoMxgQvNMUwzIntV9PDa3UuBPJJ0uISr3A0kNEKeu1WYMqXVS11VsTg2a9oo\/43miikoJcoUUiy1+yOgTMZU6cbZxblnsgUg1\/xO\/snQQVSkBCjdT7iXQq+6rdARBQIPBbI8RPIWgC\/aX5zfvRKbqhzKSkI16fHp0WqW\/nLO8BrKQzxpfdSdI4nhqvgX9U6XHk8pDekey4Olh2o7N7l+ZuvLuQrv4785RVuirst7QWHRV2Bry+Hk0MA5HVdlJYWh5sSSkPTUD9beLuumP3bW19kkE0M1up6+gTpBl9qsjvZgOotscar2pvqtkrE0XfU6KUOEWnq2oJz8N4PI+8cq1Isu1cBJJOnfv1frzevwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGAAWCAQEAQQDCAUFAQUDCAYGAQYDAgECAwAyABIAEAQBBAMFAQUDBgEGAwIBAgP\/AQABAAASAAAAMwAmACQAHQAgyNi4uav9JMuW\/0Qhwazj9bJ0hRmofP\/tRvglJ5t3J3AAKwADAgME"}
-00878{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_tot_l4_data_len":755,"flow_min_l4_data_len":20,"flow_max_l4_data_len":659,"flow_avg_l4_data_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
+00889{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1595697597731,"flow_last_seen":1595697597760,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":639,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3"}}
00418{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":798677,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAok5FAADkG1RpoEa9VwKgBFQG72Npkmiay8nDx41AQAEKMNwAA"}
02396{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":802693,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"+P\/CRWqLLLBdqyO5CABFAAXck5JAADkGz2VoEa9VwKgBFQG72Npkmiay8nDx41AQAEJ+WgAAFgMDAGoCAABmAwMYnKu1Jz+6wQ82eQfnPz1iBy0pMTqXSLHRMgZJarxZjxAwM4m8b00Q9oV+Hc7T5oMLEwMAAC4AMwAkAB0AIGTvR4q7UNlprJwAqSF2GX0R3EKGN6QfuwZhqNEFK0pwACsAAgMEFAMDAAEBFwMDDteVaXbyXZkQ\/cI+WQumU1mC2rlwocG7oLUHshsoekS\/A79Zaxr1OjC4xM3FQR1R26sPv6u\/EqxA1VGswfTcKEt51IksXsMaVKbbPBlSkvXmJ0\/3wRTOY07XOx+r2fnL84lylZjbtoo8B9Y1dKEt8d9sAZlMjuLs9PoyYnwImlz+P2JRe1+Y\/tLNvcXMhdXI\/HZu\/yloKGvKvouMlVMA44FNj6ewgfbAUGFYdp4eSZu4t7JsUiUJkDRQrcVbYpf3mfJE5QpiV0mAgsU0rGsXrmKUDRhLm+2D9Re+PD8eBqQl8HDGOp\/ISiBuQT+yJSAH2DKOToTO88XAmej0oXmdQSiD74Mo+jePgUV0vOUyjM25DaEyyAVNzdHQXyOaFlsffCs2U2WBJU2boP9TYdzEEqdNuXr5NMfhKSIwO963a1PuzQ3hjyWcwsm8Bj8NUcgQ2vBmwrwvL5DhOz7pWqYERn+JR3AzJcSousSIne+GmBraIGCO9SispoCMfn6MGqtvr3gGefNz\/q+KP8Hn9w8YdCRqeHbXcTU7x1tSP6dO9YdxDvRrcjitaTdjJqnRd+ltSmQejZuHF0nxse3xOSnkUPk4hEqTX0nUKDJqDru2EO3EtG2EThZDiczX\/0sKwPmH+WLMEXYNz7rNUTJHvU\/nTwyGjXW69x\/x4DAVMDZPWavpi9a3WcS5uttBaPYPFTzqq9qjdv13KRLyjB+lBnRkVq850hgPvjRH+mid\/9XN2mELbCZqmMhC+qcDgVYcilQEO1b8VbBkEco9qFfZEL7nVzxKPP6rlUFF4z8PiVfHqmNIQ3eAIQSYhuGrbkPE2pOpPNiEnpU4bhVsfVuwq0s3ffLklW5WX7GYemfENVPGYG7HCA59klltW83a3qj3b6sgYhKN4OiP9jiHDdWe4HYQisWM4936AA1WLOm0wl5QjKazAOO7riO+\/bo\/o6HwWNKbgKQ6BJ8lCgU+inZfsifvF5ZGqLJg+sd0L3cWV5ZsZ63SHFLYvnWLUhJEUttvFVo5bXUBmruggUXtN3hYpKKLXqzOS+iy7XwmKSCW8lx2EI4LwGyhGvUgE86w0+Z5szxT0fqUvYmOjGkMnsXWkuLQQZiW7Lf4g2YqoE7KR2P9dUejo36\/OZzZ1oOwNLfavrChxcwQ1+xvl5\/hS8xrq5CnwmsTqf5padEsIB6yRk3d2smXhw6aMUPQ9ux7spoUrE++3j+P74C0Klu6t4nT9RY+na7P3kWRGAEenE5RgIenxd7FbhS9A0MpRwC+IH5tnhmKLZlnLQAbDB074\/MkOIhNkxkbHDIr90MydtSbR6P6ct3JLVmPViV2PHhgDOP0BDK39Tu8469StctyQcUSDnyWp43y\/+hOKcVNzTJtyDEH3Tx+20y5MLBb\/YjVz9DP60PbixpIeynBJN9BaSLuzdoLq33e1TreXUCbCQwebQOGPskm2exOa8LMXjcNkqL9yat+rJo3zURd5ampqiZtI3N7zqIivk1dlEaRKbdZZkZQ1wXFW6HJoFdjOs2WToXdi630rI\/dTBDSg\/HE2eqOSO9MYTmFbVG5Ti9P2EtnTtFugIj37y8HEILLYoLOilZntzHh0e5vXGFUYQ6wqxIVfiMrQ322GxPeSFLMCsZreWZGLgPPa+\/vJ7hHank2RtD+8\/4s98fq7fapNFv0wDdXBExSs71U90eBAgH1GwcCOoWe8Lh2JtmqAKMF+7WGls29e0eZdiGXuJ6ncrIDtbbEacfHP1zJnVDSjIoMzgUkT88soPNsNHJrKscyTzGQF3o="}
-00925{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_tot_l4_data_len":2255,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":375,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
+00936{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","21":"TLS Suspicious ESNI Usage"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}
02398{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":804171,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"+P\/CRWqLLLBdqyO5CABFAAXck5NAADkGz2RoEa9VwKgBFQG72Npkmixm8nDx41AQAEKPEwAAcS0g0F8MPSbyVgblbbvu6aMWx\/vmdy147oVtvsmmle7FFzAjy6q7XEHxhlCVy14thXmQuWJsh5I9OVhcyKMrVlBNHB2hL8uzTYwj+QmW3L\/wfqGcalT0XrIKmH+r+0zGr3CH057s0hOoLQJMTXBk2z9LT9dBM0yfsoGBkT+h9ErlxnayUC+\/IGfTvwXs0L4r2q9hbxlPb2N5I6HvSoF2w3h9maKFhSTXh3KSM4taVbzUh7Pc87y2CGZKQSHYVdby8swVwRW4kRG3FcvhfZUjqKur\/6WUGJKOzzum4czceRX4ApEbZiczBlzrmgGusnjuYjZ\/nv73rVl4S1Fu3754+ExT8L+ElssXxdzbktiTDM1pAG88NzvjJEjeh1MgtZpf2Q2OhlZM4apLSHQ4t2BjJIydHSxTairFchqp1lTH586jrmu5Ip1ePFtOc\/77vGAdgBQD9wrTBLtlCnYBEJPDZo7nfGY1Vc9mxS5h\/jSRqiOdfdy0HBozammN6+D6BUbb5qOZbgtL7NHViKd0rnS68GmgdAR+I7nc+2bpWDJOL9pO0vkm+xTE\/0gqZKu473BYBD2uKb2fqBNTF56c3pipjNVWOsmz5bCjU7mN23Cv31KxAeZqdnNBA+5\/lezEjaXt8mTpAKz1yhiXoKu399U2ZehQckUKK0KVwAlxXSHZG9JcOe6pk160aCH14Bz+hd3XGnubzMhrxSENohNQ+5XJ5yfh\/T1BYJqc\/HCaZBymoQX2+It+Di1e9j0uq4AbdXeA+rZBu9t1EfvLij\/0jhU7UePrwYWr8ek6TZdP7ebfHEy6BVNpPeLlr+llYDIe+AsDiqD\/3229jHYi+KLnQoZiZjF+k9qYlnwMY1ZuuL4OGEELPlFgz5+Llt\/Dg+O1mKpnc1qaB5fQKEp2c8A1JXUBoaW4p40D6w1SU9O5DML94Fuf+NWrmpm6vcPq1w6rXrEeTve\/5y7uO\/h74LeiOvWasJnbUePBYp4jMvIKoW2peiTz6bxnFiFQlePehhe3nKLR+hFiIyymS4MHmVlZvBds9xb8JRtlEsaQT4vz1LqpfL0ILLOob0ZzkcQFDjJlpe2HsbSalYISDUS90sDbT57r5ohZRH6+GV+lmSnJ0B2tSS175fj4fHzVWyXthVEbiEy8hXSlMf65NnX4SGPphG8xB7b49BoaeNvJLsutJlwlx5SrwyekCJwFv8BSiioFpAkEfoN1XjFGxaZ24oPVPsANsdNMjwe0grs6GWxrjBtbG44hMpg3dyQEjNDQjdH3fhN3\/F0nUIcRZGcu\/YREkBiUDX2F9PT32QyEbKQ\/3W5QRsB17GGdWt5Dt9NkEdE4+cAv44jPDfok7GV8uIcTLk0FmYXVY9ifq1itCTkVkpPgjOQQDZkDDVYMN2PrwbuzbefUlJVLar5amwhhuqxTvNyngX1Z8yBWsQThfQyQvHqqrvD7yvB40YHChnKi\/tCRbvYe3QUxIR4\/OL9OlIfqH2ohPqAbcmzPWjYrJf1tvlEm5gdEt3QgIksMJDlE24NhIdagUywnsFSitkdvJVqwJxXBrrInapI\/2XPCsfhD4zFmKGRXpaPMPWj\/Pdinxsf2QwGAPn\/2cpZ\/d3ICxY2TBZsCM2rOKJMEr6qY4ZUHfB4Qp\/QlNwmKfSwYbWPuVcw8YQ1pbWKV8CUIJo+DbWmw6a9+RqtTgiTc3rGSs6UZ0tLDOWDeg6vWqGU98ynRlOACZrOQ6wDGkVFh0NUfgKyvPm7Z2Pmieqenx45WsLVXW7fIloghReN0laudYfuWqFryJ34joxgR47QYAIwTPMhzOnxRfzGfrjs96cpta97KsibCQ1shPcl07mL8X9mFj+ypEdHHkZKxgctVIJ0Cj2MlNbHrrxY2ORAEtkmHmMI+NZGrIev0ZvJ8h1GgZzqrARuVzyOJ20Tr13HVFU8FFRFzzvajUCJbqG0="}
01778{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":804176,"pkt_caplen":1055,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1055,"pkt_l4_len":1021,"pkt":"+P\/CRWqLLLBdqyO5CABFAAQRk5RAADkG0S5oEa9VwKgBFQG72NpkmjIa8nDx41AYAEJrKwAANlaIPKqZfmwL6N1QJJGCIWYRIPt3urXE7Q7ayAmLBZsyAQCj5SQN8uw\/+3BXbnqRJgVvfkZaiahfccUgoO5sF39QkuzfLPVYwIO1U3g\/ZPFWt0GUer2ksvwRvMCaejOMH\/ePM+aH4IX4b+WhjvS+kt0k6WGLr1x31L9RIbka4q5FgdmJjrxW1MT8z85VBW6WuGpAqDgi5KQj83UrRX+hnrxZ51XD8nst\/oNpJwJAgGBFPOxWJpq1ruQT6zsChvqmjzaCu5YmKL82bzXIUNmFcfe+zxGFeYSHXWkI6SR1BKqkbio\/YdXzPi6ED9U3YIP2vCGAJVDlUUlXDNJvuQCtHMJXq+dAUg7sndO\/RrpL9MFrJAQMfcMk65ffrN5+TJeb16JlFjqkcepAe\/9MCiUJCTBeK6BqJ8ZrtzljcDt+a9vGj9H6p9put2f0O71cWCD+T9ZPlvDHC3CEZ4oPdVfXbDB9L5BTlnhSFpaO+Mp13uhVIWh29Ydpig3vaVjjGSm9\/ZE7E2YMLjDpan7SQ2zy43987HpcpcvY42MMWUjB08eIzJ2wghnZextd0JXczlfWdviXpV1NFgJPH5+SH8SLEFunCMX\/FWb4Ww2XshPRvParY32hYZ9QwzGDYIk5jpuAw2\/Gws2JNV8pggxRc30ecfhBPWkW5GNgGyJLXd3gdUv8kToUclYLWh9Fl1OUQ1vUAqTTgHdtxccQx3z9AmRxdk7s2RYbamZnY7eDjyGFrApN5WyLA10tNwift0ywIbLCEfwH4mriRMLsGkS+yIY5v0LyHAPZLDvma24k3Y10pcWlr+5EFHA6KEkGU7pAO\/xzBmMSxI4pHtplXhxsBewL0GnTOWG\/WSjNLKskp4B\/hWiOIgAM2kpooHFyzI0zJ06i4DizyzpeZw0eY+q6NS2CSfNkjVybHBeKQqka+0TNScdvt5W2RI\/SCdKnZygysYhajKxywAwmJyGPW71O\/q668WQhtG6CymZqiJC17RagLWkkHWLVVavvy4AdiVd3Vdz9HUWlgvwxuums7NmvJDzjs8tEFSJe9c+Lzux2k8Ypq1JuHRTzhVcK94gQJ1qHNvm3gn4ZLfXi7qzxPKWv5aMbRZHs12BMnhrpsOIfyRQp2N\/x1cW6zcBr4Mx4GQwvVTvxJHBktXR5LLWuZV29L91xIJJYsVtejg1\/v196kjx3M69qBVYmjBkk7sss5LtKVS0k9Ci+76hTJdm52fU4cmiDMC3USTV4udRKTx+XDDwCbCXRvOabP4kqlGXczLEFXzTtAgXq0x7k56Szmy6cAgWZnjhFZ\/CXQZJKw2U7NF2lR3JHw0ySphHuxPs="}
00418{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":804261,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"LLBdqyO5+P\/CRWqLCABFAAAoAABAAEAGYazAqAEVaBGvVdjaAbvycPHjZJoyGlAQD+lxKAAA"}
@@ -35,6 +35,6 @@
00419{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":832925,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAok5VAADkG1RZoEa9VwKgBFQG72NpkmjYD8nDyI1AQAEJ8pgAA"}
00419{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":833514,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"+P\/CRWqLLLBdqyO5CABFAAAok5ZAADkG1RVoEa9VwKgBFQG72NpkmjYD8nDynFAQAEJ8LQAA"}
02313{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1595697597,"pkt_ts_usec":855003,"pkt_caplen":1445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1445,"pkt_l4_len":1411,"pkt":"+P\/CRWqLLLBdqyO5CABFAAWXk5dAADkGz6VoEa9VwKgBFQG72NpkmjYD8nDynFAYAELIhwAAFwMDBWplzicVCZkneNntXmzlkgcFPUoR724b66\/4aFGXjza5mmC3zqfD8bM7gil7myUhARY2kw9OHvr9uwzPmTvBHjRsELIrWZwcLZLV99JfhGJTo2AoCcZCgLpYTIgfIUP5yU7xwkkVNn+vj1tSupzP0tmv56auqdA\/UR+KA1PORkvMHA3ya80UFD6NE5E0Bg7xxaZ6cP0Px7YhPWHKZn6s4KxtzuFOOydj9eGw5Kehc\/SnpSlwzmcxdp3iCWueCFDfp29IsYOBx\/gPDnQbEVHXpyd0ziy\/lVYJCR6VM9MRn8QvKeGW3AiZR4yFbraogEKpcTGTh1T55hGtYvibNUKrIBdcIwzGVctVJ9bIWJ8pypthvUjVxU7s9kaKdI+vH\/LIT1Nj\/kTSSAsltH2kDpRkeP78vWQVSTKSa\/NLd7OJuWWyHjfdMVIsulnSNLRm2mLF+DB\/2DgVryJ+Np2bhlT70OQRLbs5mXEare2aozleJtcUPNPTD8weucmD8+PVHdQUdlfUTt3zjzhdzsp82hjYg5yjrJpzTSonmIPTNwOpysWltsa6zXRjk++cCbFk6QUoiZ9+Dn3JJ4O5fc3K59ax2s6cgnpIvwqQkWpV4WdTqyWxjefa498GtVerV7PY\/XzcsCtBEWzDdjlLDmwBobWpGfk3s\/VszXVEAR4rwm7\/\/yu558oAFlDkTgiBSfzj7qp00\/kRFuxfc3L2G05sb7A5RRZ7sr3OJE0pckqzmYOP26SoI1UMKRR\/HW7PxUmEa+3WKEktQ3kYEFQrQwxdy70ku1m7PjlyidteV5MEOUoIILdx75zVIQaHbJcMNE78mY5kgGcqjPjHDKQSdksBlgoV025VzfLuNCoo8kMBGIGzuBryleLJHnPP29XCAqV6gYFw9PiLwC5V9dEcjAnkr4apoDL1NTRE+ca4io6PUqFcpjKEbz1X\/bNC2EPVLRfm9+BFFYjQpR7\/AeuLjJEyVnbvapEltGx1fTnDg5+p\/viBdp9FPrECd5xeMKznZ\/Z5uz7VTMjvpK5c\/6dtLQ6MzoNtDx6U5vKyu03ougGxsI67C96xoB8Ru9mrmEhNLGaZPMo\/MRHGcoWPWdMu4DD4nrPmUrq7hJMKsmFPV3tyhx\/ZUIqLpKeZdTP7ffnHf6G6BjvTfKoi8RXLa3S18CBhnC+bfrYD1d2teesludojFv\/XikOZSDkYBRSTeC1ECOOalXjjIkc2AZd1XaxX\/729CzpGwA0n3hvku6mS9RZ+KQhlhv\/dCRi45nUxoccgJQQaBNSCpC9jU3xQOF+ZEOweldBvTqKcPu+Q2DEH4H0dQIFQWnxk\/DhQY4Via144XNb4Bo+4k8s271yWtexNCD1KfV2TjPrCNb6XVaWfklvPy3BpTSHcfinyRMyVNzQam\/e\/vOZRMuTmWx\/HIjOVWq5Ipi+MMW5i8nd7G12OHiuFMIhjlyt5uSA5H8QXC0aY6O2firVleGCsdkSDTJ0qUe3PMMtHhXoMkY24TtILf\/hZk\/u5Bbn6h7m3wcle8fSJFRbjLGhRfoUeMBRG6KbjmEpDoeCvVvDn3MEI26y4dLEtY6O0uPHIP6TTYInmwFv51IzzmyLwQKuWJnZRAISY4Lq3SAOetGVLBgDL+tlvlCu6krmwzJzE1DgAjIjr4TjX9JKtMSJWDu9ecXMyAkU6c\/sSb9HZq4Loprj4HvS9SCMdbYMyQye3e4YdAWX+KS98qzGBclqf4EZV255jjHhTlQMCf8l4+bN5U8wSPZbVeatya7uJFa7OmqBgpuzwu4unc9EHFcOKqGY5ZFnBjvD449vjrPDMJ3GKlrwyQp4JU+DlPlxYM51pSY5AYewjIEAHGag="}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_tot_l4_data_len":8051,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":402,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_tot_l4_data_len":6556,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":364,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00137{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test"}
diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out
index 903ddf0aa..6efee9db9 100644
--- a/test/results/tls_invalid_reads.pcap.out
+++ b/test/results/tls_invalid_reads.pcap.out
@@ -1,21 +1,21 @@
00485{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1252380859868,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1252380859868,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":868541,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":884558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"}
00181{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32}
00418{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":884593,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"}
00558{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":885010,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"}
-00701{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":20,"flow_max_l4_data_len":122,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00712{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00425{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":903858,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"}
01560{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":904145,"pkt_caplen":905,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":905,"pkt_l4_len":871,"pkt":"ABy\/OaVxABTRQblQCABFIAN7ZLwAADcGRQHOIT1xwKgKZQG7D3++yAIwc1S12FAYAC7UaQAAFgMBAEoCAABGAwFKpdC6H6OgW9P9+36ZeylFdZAhIjuWsoYXgfHuBoY2PiAghstWnalLtI\/GEpEEY1X3TGy25\/uiN5Y0TJRzRBFccAAEABYDAQL2CQAC8gAC7wAC7DCCAugwggJRoAMCAQICAwu3YDANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCDUZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA5MDYyOTEzNDQ0NloXDTEkMDgyODIyMTgyOFowczELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENsYXJhMRQwCgYDVQQKFAtZYWhvbyEgSW5jLjEOMAwGA1UECxMFWWFpb28xEzARBgNVBAMTCnMueW1tZy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnpMjPO31hCPv8BaeHQppL8BxWSjK5J1JC194ULNrexmx\/9huNLACC8bEsR4XEORh5PXVgYjadRupRmp4Fk\/wO6LnB9xj1ao2h2hOESKvNr693GGL2wYzpGMV++q7LTHqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
-00744{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_tot_l4_data_len":1065,"flow_min_l4_data_len":20,"flow_max_l4_data_len":871,"flow_avg_l4_data_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00754{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
01074{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":942787,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":532,"pkt_l4_len":498,"pkt":"ABy\/OaVxABTRQblQCABFIAIGZL8AADcGRnPOIT1xwKgKZQG7D3++yAWuc1S4s1AYAD+2RgAAFwMBAdnfDz1\/fsHWlLraecMKERmy3J\/aTnu8qf5UYWNcHyHe\/qLYOhjPv+73wFgm\/NQ9xAw+HPWJk6a+787AdoTyhWmWkYYwGplZQvyne3xd8TlaymfOL3kGwbDQN6p7B+VuJieqYvZhXWBwYuk3GjgcQ15a6NIYL4kMviWwqdKeGwxe+20EWBBJeSUAiPB01mEftaF+JQCyYRjqI49OmGKPNdZFNHvDJ1wbRuZb9fmNhM2UszF5Fds3I99p3c4lAPpv5Mdv\/34G3uEQ6ECuLEqFQm9dWwbzVXfhnuotvuNPS5zvX7D9CMYE6FLx\/JguS20EShZI5qELNPOb2Gxo9Ukg0wP6o9uEI\/QZ5WhPpoVMqYV0MxwsoIWJsuqkW51LGVdDu1cE9hCQR1ZX9mEznDh9\/PSKM5J27PVWnUmpMF0OMXWbFnGUTiUkt14118eqReZtxmXVEPK9C89tTw505sMtq4LMlvTvAMnirHYg9Q6z\/BqhHsZXYg\/NUNdyNPCCqKafx2GQngk\/hS89haID5VtPt7swOqv0643PI4Tn5KYlAIReWeOHSY8L\/LYwEMI8Jvti+nv\/n8QFL\/2VUkKpzE0C0fCD4axHKR8Cm6SjDcr45H+sIA6EWxhDoKgaxg=="}
00418{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1252380859,"pkt_ts_usec":943054,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABTRQblQABy\/OaVxCABFAAAoMRFAAIAG8x7AqAplziE9cQ9\/AbtzVLizvsgHo1AQ9X3gCAAA"}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_tot_l4_data_len":1583,"flow_min_l4_data_len":20,"flow_max_l4_data_len":871,"flow_avg_l4_data_len":226,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1421985541,"pkt_ts_usec":772794,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_tot_l4_data_len":30,"flow_min_l4_data_len":30,"flow_max_l4_data_len":30,"flow_avg_l4_data_len":30,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1421985541772,"flow_last_seen":0,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00477{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1544035479,"pkt_ts_usec":538596,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
00159{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","type":33024}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1544035479,"pkt_ts_usec":721867,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="}
diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out
index 9169f7718..fb57fc799 100644
--- a/test/results/tls_long_cert.pcap.out
+++ b/test/results/tls_long_cert.pcap.out
@@ -1,22 +1,22 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1553619078033,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1553619078033,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":33240,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"}
00441{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="}
00428{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58524,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+yCMZpGX4AQCAq0dAAAAQEICiSv2Y7Qt2rg"}
01125{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":58827,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"BBjWMe9aeDHBvV4kCABFAAI5AABAAEAGNczAqAJ+aG\/XXesOAbssL+yCMZpGX4AYCAq5aAAAAQEICiSv2Y7Qt2rgFgMBAgABAAH8AwNIXs7ENgjZTiNTE9f7O6LZiEI6uIc1pNyGFGqcdf\/LQyBdW5a1Bj3nkJn1H8mNAZlpujswEx54IJ8raTCHYls3FgAi+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUACgEAAZGKigAAAAAAFgAUAAARd3d3LnJlcHViYmxpY2EuaXQAFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEAEgAAADMAKwApSkoAAQAAHQAgHx3Qgw74Ok9EJ4ixjMksToTJ1f0PfjMmJ83bCaqtyGQALQACAQEAKwALCgoKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1553619078033,"flow_last_seen":1553619078058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00428{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":88544,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eDHBvV4kBBjWMe9aCABFAAA0ITlAADYGIJhob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOu5bwAAAQEICtC3av8kr9mO"}
02376{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":91883,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kBBjWMe9aCABFAAXcITpAADYGGu9ob9ddwKgCfgG76w4xmkZfLC\/uh4AQAOuDIAAAAQEICtC3awAkr9mOFgMDAE4CAABKAwNVMtps0XtokkjC1gPE4\/KUJ6lo4L6JfLUX\/EQs\/RZj3ADAMAAAIv8BAAEAAAAAAAALAAQDAAECACMAAAAFAAAAEAAFAAMCaDIWAwMPfgsAD3oAD3cACuIwggreMIIJxqADAgECAhAHrG10aT6YsaH2msNNW\/HcMA0GCSqGSIb3DQEBCwUAMF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MB4XDTE5MDMwNzAwMDAwMFoXDTIwMDUwNTEyMDAwMFowZDELMAkGA1UEBhMCSVQxDTALBgNVBAgTBFJvbWExDTALBgNVBAcTBFJvbWExHDAaBgNVBAoTE0dFREkgRGlnaXRhbCBTLnIubC4xGTAXBgNVBAMTEHd3dy5yZXBzdGF0aWMuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV+MoTBM9TK0OoJt5QuApA9tPXya0zX1a3Ag59txQIELvplH2CUI0yPk6MwlUfk\/QyB9VJwP5ynDZulBq+PhC6m+ahoGcKrSSR22gBsGAaQ6CStsVpuQYre1BQCuOkzyHA6qdEhCOwn3lpMMaU2v5rAArYgOlI6q9E0FALF73FSHRzTan9MjcennBUYmGDNqjkvspY0oO37dFO6zbNfZHlbVANbvbKGBll10AGMHR\/W\/+WpodtUD8TaFInXBFlfGdOAeUXAN1a90MpS6947KQDst1elD\/R\/MU5ndBWKX2i4xodj56emiB+7Oj67\/EMg7iyXoZGJS2MS8+LWOMXPgezAgMBAAGjggeQMIIHjDAfBgNVHSMEGDAWgBSQWP+wnHWoUVR3se3yo0MWOJ5sxTAdBgNVHQ4EFgQU55+91g3brgkpANCGNzfwge0PHBMwggUBBgNVHREEggT4MIIE9IIQd3d3LnJlcHN0YXRpYy5pdIIMcmVwc3RhdGljLml0ghVhbXAtdmlkZW8ubGFzdGFtcGEuaXSCEXd3dy5yZXB1YmJsaWNhLml0ghNhbXAtdmlkZW8uZGVlamF5Lml0ghlhbXAtdmlkZW8uZC5yZXB1YmJsaWNhLml0ghF3d3cuZ2VsZXN0YXRpYy5pdIIQb2FzanMua2F0YXdlYi5pdIIVdmlkZW8uZC5yZXB1YmJsaWNhLml0ghN3d3cudGVzdC5jYXBpdGFsLml0ghRuYXBvbGkucmVwdWJibGljYS5pdIIUdmlkZW8uaWxzZWNvbG94aXguaXSCFGdlbm92YS5yZXB1YmJsaWNhLml0ghFjZG4uZ2VsZXN0YXRpYy5pdIIQdmlkZW8uZ2Vsb2NhbC5pdIIPbWVkaWEuZGVlamF5Lml0ggxtZWRpYS5tMm8uaXSCIGFtcC12aWRlby5lc3ByZXNzby5yZXB1YmJsaWNhLml0ghNkb3dubG9hZC5nZWxvY2FsLml0ghBhbXAtdmlkZW8ubTJvLml0ghVib2xvZ25hLnJlcHViYmxpY2EuaXSCFHRvcmluby5yZXB1YmJsaWNhLml0ghJzY3JpcHRzLmthdGF3ZWIuaXSCFXBhbGVybW8ucmVwdWJibGljYS5pdIIScm9tYS5yZXB1YmJsaWNhLml0ghZ2aWRlby54bC5yZXB1YmJsaWNhLml0ghRhbXAtdmlkZW8uZ2Vsb2NhbC5pdIIcdmlkZW8uZXNwcmVzc28ucmVwdWJibGljYS5pdIIOd3d3LmNhcGl0YWwuaXSCFXZpZGVvLmxpbWVzb25saW5lLmNvbYIQbWVkaWEuY2FwaXRhbC5pdIIrc3luZGljYXRpb24tdm9kLXByby5ha2FtYWkubWVkaWEua2F0YXc="}
-00842{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_tot_l4_data_len":2177,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00853{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02378{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":92957,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eDHBvV4kBBjWMe9aCABFAAXcITtAADYGGu5ob9ddwKgCfgG76w4xmkwHLC\/uh4AQAOt2FwAAAQEICtC3awAkr9mOZWIuaXSCD3Rlc3QuY2FwaXRhbC5pdIIPdmlkZW8uZGVlamF5Lml0ghN2aWRlby5yZXB1YmJsaWNhLml0ghRtaWxhbm8ucmVwdWJibGljYS5pdIIYdmlkZW8ubGFudW92YXNhcmRlZ25hLml0ggx2aWRlby5tMm8uaXSCE3Bhcm1hLnJlcHViYmxpY2EuaXSCDHZpZGVvLjNuei5pdIIrc3luZGljYXRpb24tdm9kLWhkcy5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIXYW1wLXZpZGVvLnJlcHViYmxpY2EuaXSCEXZpZGVvLmxhc3RhbXBhLml0ghp3ZWJmcmFnbWVudHMucmVwdWJibGljYS5pdIIaYW1wLXZpZGVvLnhsLnJlcHViYmxpY2EuaXSCGWFtcC12aWRlby5saW1lc29ubGluZS5jb22CEG1lZGlhLmthdGF3ZWIuaXSCEmJhcmkucmVwdWJibGljYS5pdIIrc3luZGljYXRpb24tdm9kLWhscy5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIQYW1wLXZpZGVvLjNuei5pdIIuc3luZGljYXRpb24zcmQtdm9kLXByby5ha2FtYWkubWVkaWEua2F0YXdlYi5pdIIVZmlyZW56ZS5yZXB1YmJsaWNhLml0ghhhbXAtdmlkZW8uaWxzZWNvbG94aXguaXSCHGFtcC12aWRlby5sYW51b3Zhc2FyZGVnbmEuaXSCEmNkbi5mbHYua2F0YXdlYi5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jZHAuZ2VvdHJ1c3QuY29tL0dlb1RydXN0UlNBQ0EyMDE4LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG\/WwBATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjB1BggrBgEFBQcBAQRpMGcwJgYIKwYBBQUHMAGGGmh0dHA6Ly9zdGF0dXMuZ2VvdHJ1c3QuY29tMD0GCCsGAQUFBzAChjFodHRwOi8vY2FjZXJ0cy5nZW90cnVzdC5jb20vR2VvVHJ1c3RSU0FDQTIwMTguY3J0MAkGA1UdEwQCMAAwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWlYkSnQAAAEAwBHMEUCIEDvaleIrTBvK6FB\/OkCqlyXj09JkUG\/tby2JJZ\/t2VOAiEAqSEut\/LfPM4oFW7QXn9fPaZecEo0viGqwKjcSP9jXhYAdgCHdb\/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr\/XqCDDwAAAWlYkSsZAAAEAwBHMEUCIQC9+CIErtWpgJN+vZlgoV5iFQL45uxlhFYyw13NhM\/bTgIgER+dLYRsxVMNJXOk\/kmtHPID7P7h3ACnRH7kZ2OdOokwDQYJKoZIhvcNAQELBQADggEBACqaRawdxV9ZrfFCAyF9BSNjN9CTvrFe5o3HW1vIQ2WjItuB5mhb63OYja7a2FV5hBb4fCna6ppH8ld8iq1rVStXDO3OzLLmoK2FQ60tl3bG3vZWHDDav1yVb\/BrtJ4Rs\/P7DvkvOAg0uIFVGMUTi9dt6lVL0jdweZD33r3IsXeAyS19SovLEXcc2cwPU3fAzIhgZWoxHNTs4OqzLd8h7to7Rmz\/K5oKlZNlh95nTbuQNDhxEUcwP73aki5NZmKALZxFoVfqCjRGopkHvIomBt82WUpk87VAbBQuUbo3uaJO3Ag721FlAwGHyvWKD5A8Xl0C6zmMA288lm8EDMK+CmwABI8wggSLMIIDc6A="}
00429{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93048,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpRr4AQB+mm\/gAAAQEICiSv2bDQt2sA"}
02057{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93749,"pkt_caplen":1266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1266,"pkt_l4_len":1232,"pkt":"eDHBvV4kBBjWMe9aCABFAATkITxAADYGG+Vob9ddwKgCfgG76w4xmlGvLC\/uh4AYAOuRsAAAAQEICtC3awAkr9mOAwIBAgIQBUb+GCP34ZQdo5\/OFMRhczANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0xNzExMDYxMjIzNDVaFw0yNzExMDYxMjIzNDVaMF4xCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xHTAbBgNVBAMTFEdlb1RydXN0IFJTQSBDQSAyMDE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4rRY03hGOqHXegWPI9\/tr6HFzekDPgxP59FVEAh150Hm8oDI0q9m+2FAmM\/n4W57Cjv8oYi2\/hNVEHFtEJ\/zzMXAQ6CkFLTxzSkwaEB2jKgQK0fWeQz\/KDDlqxobNPomXOMJhB3y7c\/OTLo0lko7geG4gk7hfiqafapa59YrXLIW4dmrgjgdPstU0Nigz2PhUwRl9we\/FAwuIMIMl5cXMThdSBK66XWdS3cLX184ND+fHWhTkAChJrZDVouoKzzNYoq6tZaWmyOLKv23v14RyZ5eqoi6qnmcRID0\/i6U9J5nL1krPYbY7tNjzgC+PBXXcWqJVoMXcUw\/iBTGWzpwwIDAQABo4IBQDCCATwwHQYDVR0OBBYEFJBY\/7CcdahRVHex7fKjQxY4nmzFMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA4GA1UdDwEB\/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH\/BAgwBgEB\/wIBADA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQAw8YdVPYQI\/C5earp80s3VLOO+AtpdiXft9OlWwJLwKlUtRfccKj8QW\/Pp4b7h6QAlufejwQMb455OjpIbCZVS+awY\/R8pAYsXCnM09GcSVe4ivMswyoCZP\/vPEn\/LPRhHhdgUPk8MlD979RGoUWz7qGAwqJChi28uRds3thx+vRZZIbEyZ62No0tJPzsSGSz8nQ\/\/jP8BIwrzBAUH5WcBAbmvgWfrKcuv+PyGPqRcc4T55TlzrBnzAzZ3oClo9fTvO9PuiHMKrC6V6mgi0s2sa\/gbXlPCD9Z24XUMxJElwIVTDuKB0Q4YMMlnpN\/QChJ4B0AFsQ+DU0NCO+f78Xf7FgMDAd8WAAHbAQAB1zCCAdMKAQCgggHMMIIByAYJKwYBBQUHMAEBBIIB"}
-02307{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_tot_l4_data_len":4921,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":546,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","issuerDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}
+02318{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","issuerDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}
00430{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":93790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpWX4AQB+2iSgAAAQEICiSv2bDQt2sA"}
01497{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":95599,"pkt_caplen":855,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":855,"pkt_l4_len":821,"pkt":"eDHBvV4kBBjWMe9aCABFAANJIT1AADYGHX9ob9ddwKgCfgG76w4xmlZfLC\/uh4AYAOu8PwAAAQEICtC3awUkr9mOuTCCAbUwgZ6iFgQUkFj\/sJx1qFFUd7Ht8qNDFjiebMUYDzIwMTkwMzI1MTYyMDU4WjBzMHEwSTAJBgUrDgMCGgUABBR3enuod9bxDxzpICGW+2sabjf17QQUkFj\/sJx1qFFUd7Ht8qNDFjiebMUCEAesbXRpPpixofaaw01b8dyAABgPMjAxOTAzMjUxNjIwNThaoBEYDzIwMTkwNDAxMTUzNTU4WjANBgkqhkiG9w0BAQsFAAOCAQEAavnXjy432rmpzc6dwVO6eKJOSNsqguQZpGcyF4sV\/HIVmlWjRLlk1UJGnicGN2gzBOLk7VHdBHmOIK6k3aSmwaIj9G7Rwrs4h0+NIUBuvGMhZ6v8fDXi9NQ4+Zqd8+pvQNfFG7QfgkJETLaQB0bMPhCGlX7cZQnOah6+EcZGpWKZdNWMU\/\/E+Z6jYNI3VsmF5i80jEZI\/nkmhyTOqZEYtl0+xuwDg2GQS6OM6jXyrMcbhWw0cXG9F26qsCjajcLPiYO1z2e19GcNvD+y7LMATl0PKRIbR5l6TApQ9yJ1iQI06E\/Es\/BZgbsIHNNqVql+10lJ7BNzYcuuKVWud4vOyBYDAwFNDAABSQMAF0EEVracG9qNXtYKOXpaPv6J3gztVK0h8GoSY61HTcpTySyg7c8GmQuNX8SPxY1832t0AO6sywYL8zVeu1N68qVIvwgEAQBA\/QKQh5wvjlJxr2oZyvJRI5BJWrkE1DR3Llm96FOhqhGkBYFtrVcVmLWgJ3uyhss65kYP+gkV\/Aj0pwa7VoTYL3WkKCQXZh5ofXN5yYn8uV7alzaejpV\/vM+NLTHqZznT9x1QXgdz82FQYTX93Hfn7qlDOCIMQIpFPiafvBNNrWDat5ZO2Fh051I5Aou4213PhHh1ufxgQ1DEvxRKyVcvWGLfYD3JzBEu5qVe9V7kLs2fbSsrLJg7g5wdAwjW0GNvKaTAW5pehcTaLK5xuKyloOW3bStd3y6qa6TkhTrJNS0E3KzkNuTrd+rvs9gAwbV\/o7bOJ9+0NiqTgWSnpbP6FgMDAAQOAAAA"}
00431{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":95640,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"BBjWMe9aeDHBvV4kCABFAAA0AABAAEAGN9HAqAJ+aG\/XXesOAbssL+6HMZpZdIAQB\/OfKAAAAQEICiSv2bLQt2sF"}
00605{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":96422,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"BBjWMe9aeDHBvV4kCABFAACyAABAAEAGN1PAqAJ+aG\/XXesOAbssL+6HMZpZdIAYCAB8QwAAAQEICiSv2bLQt2sFFgMDAEYQAABCQQRP4nTO7t1gsI+sncz3jLxPpGhLzyoJgYH\/Heat+NBgLeKqEhe7mj2inNwoJCD5LV\/qCPQv+KYPvBQWRUBtB06EFAMDAAEBFgMDACgAAAAAAAAAAA4cTqcj7y\/hvDbKtXE0ElrDaudKH2f2AXwmK1WfLrv\/"}
00563{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":104774,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"BBjWMe9aeDHBvV4kCABFAACRAABAAEAGN3TAqAJ+aG\/XXesOAbssL+8FMZpZdIAYCABWXQAAAQEICiSv2bvQt2sFFwMDAFgAAAAAAAAAAb\/x0RnZJwH8uWLyU9jchZrDqEEG9N2hXfwbnHQL0G\/XqSw4vJO5tvQIFj88Tjie\/WjLQdGBWvdE9B6uhvyryoJCQ\/EEkL8iR\/LrKxkDArPO"}
01566{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tls_long_cert.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1553619078,"pkt_ts_usec":105197,"pkt_caplen":902,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":902,"pkt_l4_len":868,"pkt":"BBjWMe9aeDHBvV4kCABFAAN4AABAAEAGNI3AqAJ+aG\/XXesOAbssL+9iMZpZdIAYCACgXgAAAQEICiSv2bvQt2sFFwMDAz8AAAAAAAAAAuMmufqqvCfCAgI+Y8ziAqtHnha8l08vk42HEKw5f8DNApnAf8eKGbrx81Mau3Kmxm7mc51VsRf3eP8BKCREjqar62CkMs3353fhMkczdZrTQh04YZgdkMJnSYFA4IiBLU1ncL\/o7W5EdFOmDG80nxc+JX5TM5N8c\/68A8pL7d4\/SXNUhHxe6BYbqz1ca6V0ykfLrkBJfeIMsQX1HGuKEEVBqn4ldYw\/k4Hc7PjMH4SPmr5Eor\/tMJjXaJhp9Bo+WuiHzj+8r+qVGVESvVM5uAiGhFbV\/jTRSXhGemYw82ONxC+6sF137EptS2HXtf2+Q89WVpGM\/UqKRf0xutuxtqQgaj50Bo136z61I3zDp5DgRhPhbx7UmTMY6G3yG4D2C\/6ylHqdx8IwZxbf3txr1TnyZ6t6NEUGLPyRtff+UZinltNjRbDh0OeMHX6qgYfdh+mmJSxUItZc7CDFNjqeoSIK5duKt9Oh\/nL1tHm+ZqKSxfLuhJ3ohEAsQAES3V\/pC3OtgKA5W60oylVTTb5\/i4dxCH820+amYUnuY5nY93oDQifKZRf83pgimFeleqpIkko1q3+6G4oF64xQ2oU7TX41+jdTIt\/wMtO4bo85mmZKePkoS5Dq5W8LtVNMBzUhbMZHJjxK5vanJNtBQOT6Vgc1ts7Z3VUqKIHrbCkw+riLw5taZE7qi+G8+Kh54juPU9m63V5iVXtN6S60y+EkKeVI+nAxw+2qVfFHV7RAnrM8KkXjFxvnUdSPSEFVr\/YGrOy1R8ltnqncOwARaMuX+zBwS\/XV5N8iC8p4uJsKUWh0i9VWtZtQkThVs3QiX362SVnNNPocF0+IQy+zl+fhkUuQ4X5wfhipaWHAKjxCavdUYRgE7LBRhFBQ6y6aBJ+y61PNJdt4N7yU7gydERP1C0+C\/xTDZztQVRZNmNyfILw2mQVuoP8ICAbsjc7MhFI6qu+kcMxy2+L32f+JInMGFsDu\/mOves3MgjcTzzjivlqZ1EBBgY2vFvckrPKwnJNGye6e1H8jhmGRGsrq6Dc5YlcV0qstUWKAnYlX5noGh9TZ0AY7xXAldx5TQ40IiedW1b41+pyOgjQ="}
-00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_tot_l4_data_len":111413,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test"}
diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out
index d48f4a702..cc3ef5f52 100644
--- a/test/results/tls_verylong_certificate.pcap.out
+++ b/test/results/tls_verylong_certificate.pcap.out
@@ -1,22 +1,22 @@
00492{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578254908457,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1578254908457,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":457751,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"}
00451{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":469342,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="}
00440{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":469463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"}
01138{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":475203,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1578254908457,"flow_last_seen":1578254908475,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00439{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":487025,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"}
02276{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490162,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkFAADYGfUyXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADhELwAAAQEICnKdu4cBv7cXFgMDAGwCAABoAwNlGU2AqRgtupr99CpElXpAX0W4mJRx0pamW+kBQCXRGiDAUaIPvzZxFDiZxCRHWTbQLdyz05DKtbn9EBVW9WPsz8AvAAAg\/wEAAQAAAAAAAAsABAMAAQIAEAALAAkIaHR0cC8xLjEWAwMUYQsAFF0AFFoAD8Uwgg\/BMIIOqaADAgECAgxmMNWPLPIdEd8O15QwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLTArBgNVBAMTJEdsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMzAeFw0xOTExMTkwMTMxMjJaFw0yMDA4MjkxNzE5MzJaMHcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxGYXN0bHksIEluYy4xJDAiBgNVBAMMG3AyLnNoYXJlZC5nbG9iYWwuZmFzdGx5Lm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKRn796CdKVNRaMO7f7VjfBoTnQrrAIXQyviFPuHVSEpART5JsFX\/FX2lg8AwXVM4jiLWrMNjxMeVkCBdAEsAIVPOLEW9qlmwEc+rbG7tej27SxcKaGyT5vtOiIf43vcHFRWC2SipuJzozDUKG62hG1Q5ILStfGEiuA41wI7qHkzLWhf\/HuUhCAVBHoRupDjsGZeZG1DDJBzwDL+7KpMfIOTSzNdvCWX5\/PNjIze9T+qETtgANuqALC19HeMl+0tmA6N9R9774Rm6Qj5cunUUrWzjDF6EL3rAGA04Ia\/0HZ1c4dfJlMcsBCkf5ue0BP2OEBnpeuvJdomQzLLtjFwo9kCAwEAAaOCDGswggxnMA4GA1UdDwEB\/wQEAwIFoDCBigYIKwYBBQUHAQEEfjB8MEIGCCsGAQUFBzAChjZodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9jbG91ZHNzbHNoYTJnMy5jcnQwNgYIKwYBBQUHMAGGKmh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9jbG91ZHNzbHNoYTJnMzBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwCQYDVR0TBAIwADCCCf0GA1UdEQSCCfQwggnwghtwMi5zaGFyZWQuZ2xvYmFsLmZhc3RseS5uZXSCCyouMTJ3YnQuY29tghUqLjJibGVhY2hlcnJlcG9ydC5jb22CFSouM2JsZWFjaGVycmVwb3J0LmNvbYIVKi40YmxlYWNoZXJyZXBvcnQuY29tghUqLjhibGVhY2hlcnJlcG9ydC5jb22CCiouYWJ1c2UuY2iCGSouYWNkbi1pdC5wcy1wYW50aGVvbi5jb22CEyouY2RuLmxpdmluZ21hcC5jb22CFSouY29udGVudC5wbGFzdGlxLmNvbYIPKi5kaW1lbnNpb25zLmFpghcqLmRvbGxhcnNoYXZlY2x1Yi5jby51a4IVKi5kb2xsYXJzaGF2ZWNsdWIuY29tghEqLmRvbnRwYXlmdWxsLmNvbYIPKi5lYmlzdWJvb2suY29tghQqLmZvcmVpZ25hZmZhaXJzLmNvbYIPKi5mcy5qaWJqYWIuY29tghMqLmZzLnVuaXRwcmludHMuY29tggwq"}
-00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_tot_l4_data_len":2097,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00800{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02269{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490366,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkJAADYGfUuXZUIxwKgBoAG71hTYdqMfq+PiSoAQADh9xwAAAQEICnKdu4cBv7cXLmdnbGVhcC5jb22CDiouZ29vZGVnZ3MuY29tghIqLmh1ZXZvc2J1ZW5vcy5jb22CFCouaW5keS5teW9tbmlnb24uY29tggwqLmp3YXRjaC5vcmeCGioua2luZ3Nmb3JkY2hhcmNvYWwuY29tLmF1ghAqLmxhbmNlbnRlcnMuY29tgg4qLm1hZGVieXdlLmNvbYIQKi5taW5pcm9kaW5pLmNvbYIOKi5tb2RjbG90aC5uZXSCDioub3Jpb25sYWJzLmlvghEqLnBzLXBhbnRoZW9uLmNvbYIMKi5zY29kbGUuY29tghEqLnN0ZWVsc2VyaWVzLmNvbYIQKi50aGVmb3JlbWFuLm9yZ4IWKi51cGxvYWRzLmV2ZXJzaWduLmNvbYIUKi51cGxvYWRzLnNjaG9veC5jb22CCSoudnRzLmNvbYIWKi54LnN0ZzEuZWJpc3Vib29rLmNvbYIOKi55YW5nMjAyMC5jb22CCTEyd2J0LmNvbYITMmJsZWFjaGVycmVwb3J0LmNvbYITM2JsZWFjaGVycmVwb3J0LmNvbYITNGJsZWFjaGVycmVwb3J0LmNvbYITOGJsZWFjaGVycmVwb3J0LmNvbYIIYWJ1c2UuY2iCCWJyaXRhLmNvbYINY2RuLmZ3dXBkLm9yZ4IRY2RuLmxpdmluZ21hcC5jb22CDmNkbi5zZWF0ZWQuY29tghRjZG4uc2tpbGxhY2FkZW15LmNvbYITY2xpbmljYWxvcHRpb25zLmNvbYIKY2xvcm94LmNvbYImY29udGVudC1wcmVwcm9kLmJlYXZlcmJyb29rc3dlYjIuY28udWuCGmNvbnRlbnQuYmVhdmVyYnJvb2tzLmNvLnVrghNjb250ZW50LnBsYXN0aXEuY29tghFjb29sbWF0aGdhbWVzLmNvbYIeY29wdGVycm95YWxlLmNvb2xtYXRoZ2FtZXMuY29tghhkOC1kZXYuY29vbG1hdGhnYW1lcy5jb22CGWRlZmx5aW8uY29vbG1hdGhnYW1lcy5jb22CGWRlbGl2ZXJ5LWFwaS5ldmFkYWNtcy5jb22CDWRpbWVuc2lvbnMuYWmCFWRvbGxhcnNoYXZlY2x1Yi5jby51a4ITZG9sbGFyc2hhdmVjbHViLmNvbYIPZG9udHBheWZ1bGwuY29tgg5lbHVuaXZlcnNvLmNvbYISZW1haWwuYW1nLWdyb3VwLmNvghdlbWFpbC50ZWtvZm9ybGlmZS5jby51a4INZmVlZG1hcmtldC5mcoINZnJlc2hzdGVwLmNvbYIKZ2dsZWFwLmNvbYIMZ29vZGVnZ3MuY29tggdoZWFwLmlvghBodWV2b3NidWVub3MuY29tghxpZGVudGl0eS5saW51eGZvdW5kYXRpb24ub3Jnggxqb2ViaWRlbi5jb22CCmp3YXRjaC5vcmeCD2tpbmdzZm9yZC5jby5ueoIYa2luZ3Nmb3JkY2hhcmNvYWwuY29tLmF1gg5sYW5jZW50ZXJzLmNvbYIZbGlzdHMubGludXhmb3VuZGF0aW9uLm9yZ4IZbS1zdGFnZS5jb29sbWF0aGdhbWVzLmNvbYITbS5jb29sbWF0aGdhbWVzLmNvbYIMbWFkZWJ5d2UuY29tgg5taW5pcm9kaW5pLmNvbYIMbW9kY2xvdGgubmV0ggxvcmlvbmxhYnMuaW+CFnB1cml0YW5tZWRwcm9kdWN0cy5jb22CC3Jldmlld3Mub3Jngh5yZy12aWRlby1zdGFnaW5nLnJ1YW5nZ3VydS5jb22CFnJnLXZpZGVvLnJ1YW5nZ3VydS5jb22CDXJ1"}
00440{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490412,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Haod4AQD9X9EgAAAQEICgG\/tyVynbuH"}
02279{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490433,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkNAADYGfUqXZUIxwKgBoAG71hTYdqh3q+PiSoAQADi2agAAAQEICnKdu4cBv7cXYW5nZ3VydS5jb22CCnNjb2RsZS5jb22CF3N0YWdlLmNvb2xtYXRoZ2FtZXMuY29tghRzdGFnaW5nLmFwcGJsYWRlLmNvbYIPc3RlZWxzZXJpZXMuY29tghtzdGcucGxhdGZvcm0uZWx1bml2ZXJzby5jb22CDnRlc3QuYnJpdGEuY29tggx0ZXN0LmhlYXAuaW+CEXRlc3Quam9lYmlkZW4uY29tghJ0ZXN0LnJ1YW5nZ3VydS5jb22CDnRoZWZvcmVtYW4ub3JnghV2aWRlby1jZG4ucXVpcHBlci5jb22CF3ZpZGVvcy5jYWxjd29ya3Nob3AuY29tggd2dHMuY29tghJ3d3cuMTAxbmV0d29yay5jb22CEHd3dy5hdXRvczEwMS5jb22CDXd3dy5icml0YS5jb22CDnd3dy5jbG9yb3guY29tghB3d3cuY29sbGlkZXIuY29tghV3d3cuY29vbG1hdGhnYW1lcy5jb22CEnd3dy5lbHVuaXZlcnNvLmNvbYIOd3d3LmZsaW50by5jb22CEXd3dy5mcmVzaHN0ZXAuY29tggt3d3cuaGVhcC5pb4IRd3d3LmhvbGFnZW50ZS5jb22CE3d3dy5pY3N5ZG5leS5jb20uYXWCEHd3dy5qb2ViaWRlbi5jb22CE3d3dy5raW5nc2ZvcmQuY28ubnqCD3d3dy5tcm5hdHR5LmNvbYIbd3d3Lm15amV3ZWxsZXJ5c3RvcnkuY29tLmF1ggx3d3cubXlqcy5jb22CD3d3dy5uZXRhY2VhLmNvbYIUd3d3LnBhcmVudGluZzEwMS5jb22CGnd3dy5wdXJpdGFubWVkcHJvZHVjdHMuY29tgg93d3cucmV2aWV3cy5vcmeCCnd3dy5zYmEuc2GCEXd3dy5zaGFzaGF0Y29tLnNhghp3d3cudWF0Lm9udGFyaW9jb2xsZWdlcy5jYYITd3d3LnZhY2F0aW9uMTAxLmNvbYIXd3d3LndhbHRlcnNwZW9wbGUuY28udWuCHXd3dy53ZXN0d2F5ZWxlY3RyaWNzdXBwbHkuY29tMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSpK4fhziRHOxu\/z4U3AlWdDZRY5jAdBgNVHQ4EFgQU2CO0eMPJq2CeqVZCIeX1YrVvvTkwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgCHdb\/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr\/XqCDDwAAAW6BSSgiAAAEAwBHMEUCIG6nkvzIZDj5rhbdbal5n1pBtt3rnqxh+6TcEjEtD\/irAiEAoAKCiwufsd4qr\/cWCTskhlcs6m2522hByYB17xG5Yd0AdQCyHgXMi6LNiiBOh2b5K7mKJSBna9r6cOeySVMt74uQXgAAAW6BSSiwAAAEAwBGMEQCIBp3yFYvVThVDRFyxmwn4rNl38YJZzQmmVby6O172\/IQAiBWgmeRoaRi+QWXUFo2BdkM0pNYnLsKD4IXGsbS+aGODTANBgkqhkiG9w0BAQsFAAOCAQEAPVKJBSV6XJU\/A7sY94vAIqukZFKVmxLSr7+0gP1WUidgzTJDIJIE3YtPsNMHJQ8JnqGGOWmt52V\/utr7Khnkpe5FsIFqX6\/DqaNlhbtwQtP62lXW6GDkYEOD\/PmwzBByXfKcpwXu3A2+GCdGYkqnaCFqbEIFqjcIIeBnbZkbw+9m+iSSLwhMso2hCQMOEFJdZDzZi2N1V89HQfEwNxfmEjfjTifXwhtTqk7bMAc3hG6CB4OCLvwktKKz73u4hK0zUO4z"}
00442{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490465,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Hatz4AQEAD3jwAAAQEICgG\/tyVynbuH"}
02286{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490567,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"KDc3AG3IEBMx8Tl2CABFAAWMJkRAADYGfUmXZUIxwKgBoAG71hTYdq3Pq+PiSoAQADha5wAAAQEICnKdu4cBv7cXbR\/LX8nVOu2fvuHvWFyjyBSf2+8VLzx\/QeXyjMJokT1EA2WFxc4WCWKwGvR+\/BLYJMtHu4C10XjRAu40GwAEjzCCBIswggNzoAMCAQICDkbwjNvPLFRm7zMB3V80MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTUwODE5MDAwMDAwWhcNMjUwODE5MDAwMDAwWjBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEtMCsGA1UEAxMkR2xvYmFsU2lnbiBDbG91ZFNTTCBDQSAtIFNIQTI1NiAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8B14TKY5dmuhHyN6CNfRpVbTKIlcNeQBIWAybX0imVNksulxEKgtnklMe3xhSDNE1E9Z6yXTWibM4Zcs3stqt93oGHR9Tz7mvzT1ZTKyR6AG5CQyKyN9mAXnDG4xWGi4m5XJQhvJJmZz5S\/x4trsB\/KFPoYm2wQfJkr2kpj5bJOwv0+EAtI9HcLL\/CWSzruvTXehY3aEw7OAcRx09N3xQimYDklpydpXIPRb3Z47sVEW0W9KTvixgkPor4r3ONc2lpvjufJB2t+ocBTlYKJ4Hhccqhsvmdrq+cz2Yfy+Fwn9PYqO4fv2sJH2r+s6ydke0xT6zThL5sgTVQSa30ovQIDAQABo4IBUzCCAU8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSpK4fhziRHOxu\/z4U3AlWdDZRY5jAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo\/\/z9SzA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QuY3JsMFYGA1UdIARPME0wCwYJKwYBBAGgMgEUMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAoh1pigqOxBSDKioSTTknkE7wjazSlmJHNl6S0frFk7U3B2Up0vRTUGvJ9P409d24Hfr83BSsVpQnnEKqBE237VjZmdJJ5iAv06d3uCqJGu+nz4Yt1lPpC5OcTqvZRe6khIX\/NOQOwLulzl+ViYVwqsFd7M8r09mD3wPKgacCMrd3YRAlTtl089l5grUmcLRSvI8z14quGdD8kq0vujygSFhHXv0gVpUgwXIdq2aZpNV4N0gbn7JMN2d6\/ULS01ae0x2OxAxolrZHURD3e+sVCWT1+fBjFi093yNCOpNjzKuvT1cGx\/4UVWLOJxEZ4fRC7SIwazUaSgWApGXfzMtv0BYDAwFNDAABSQMAF0EEawxlsOPuC\/v6LcxjIYDdYK5Ef1pmh3pllnUlqZjGwLrqzaj1eiuLrGdt9kwOYB9ci5Qe9SBpSUxu4l57XQQp5AYBAQBe9Buretkf0+bEQtIAAIujrnbbG4g5USUjrun5rI4edUoHW0hniFtzIhgRMhGPoRKcRb0c10lv"}
-03477{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_tot_l4_data_len":6361,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":578,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}
+03488{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","issuerDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}
00725{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490569,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEGJkVAADYGgc6XZUIxwKgBoAG71hTYdrMnq+PiSoAYADjE1QAAAQEICnKdu4cBv7cXzCLA0sJGrzYrkqYeX95fkjAkc1mPtjny9HtgPu1dnBHxIjyZwb3WbSh7xFHdjlJ9LayiCXU+dx64OQO5nS+WLY+1ZElqQk+i9g\/kMcB6yWny8XU2DsJ6luMRen3nv70cCttR1003kBzJKrSDFZmNLiiRMt8ct0QCIqjrBaLKDe9G6enBlLYoyT7wBnHEp28KoHWQu8rl3NwKln2FI3jNRS+GQYNDQGCzFiamKet1KePK0jikPpVZk2uHAbOSr+Z0aJx3kQ31imBNFgMDAAQOAAAA"}
00442{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":490605,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+JK2Haz+YAQD87xlwAAAQEICgG\/tyVynbuH"}
00615{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":501216,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGnmfAqAGgl2VCMdYUAbur4+JK2Haz+YAYEAAKWAAAAQEICgG\/ty9ynbuHFgMDAEYQAABCQQTH5tGUopjSjWc3V5g8OPm4JB2tlghwqc4c7itepwfZrwFWixAP48WmSW\/oHUg0\/tDllM9KvSI4LF83FbIwkaj5FAMDAAEBFgMDACgAAAAAAAAAAGH0xPBqc1LQH3P3k4+rU181NnTrTx84D0HwPLdrBsFz"}
00513{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1578254908,"pkt_ts_usec":512283,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"KDc3AG3IEBMx8Tl2CABFAABnJkZAADYGgmyXZUIxwKgBoAG71hTYdrP5q+PiyIAYADhRZgAAAQEICnKdu40Bv7cvFAMDAAEBFgMDACj8bciWxFxco8nBV+vz6uJapqJf1ww4lYVxVlyDlR2X\/\/a25cyE9xS0"}
-00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_tot_l4_data_len":20597,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":429,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00144{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test"}
diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out
index c671150cb..e41c0e3b3 100644
--- a/test/results/tor.pcap.out
+++ b/test/results/tor.pcap.out
@@ -5,15 +5,15 @@
00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","type":38}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821664,"pkt_ts_usec":212868,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00141{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1383821665420,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":420161,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"}
00420{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491157,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":491486,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"}
00700{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":498155,"pkt_caplen":269,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":269,"pkt_l4_len":235,"pkt":"UlQA2EYhUlQAWul3CABFAAD\/A2BAAIAGenPAqAH8W49d8semAbvp\/8nT+Fm4\/VAYAQAYUgAAFgMBANIBAADOAwFSe39m5Uhx5LWaEhy\/VSH7GBPue0xnQwvtdptmyyiBdQAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAF0AAAAZABcAABR3d3cuY3Q3Y3RyZ2I2Y3I3LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
-00739{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_tot_l4_data_len":319,"flow_min_l4_data_len":20,"flow_max_l4_data_len":235,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00750{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00404{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":595471,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAovfFAAC4GErlbj13ywKgB\/AG7x6b4Wbj96f\/KqlAQAHsD0AAA"}
01416{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":606254,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUvfJAAC4GD8xbj13ywKgB\/AG7x6b4Wbj96f\/KqlAYAHsRmwAAFgMBADkCAAA1AwFSe3FhblJ+qnc\/Xzrv\/Y8DDcBFhBvTPyDsEKscsd0kcQDAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSvlfSdTowV7IWy1hEB2lrCnfDzGtBqT\/O8oAtmrv2JLdqdXF9TVeFWadHWqnWPGu6R+q42bK4+xjL04xQfF3pJAIC\/xQ6mh+tNVoGiUr0NNcGTl\/oiliWHeVQ\/Ju\/zL08UfHENRqFwbSMKVqwe1ATJEGwjD2o4uXXxFa7TuOOqF2A7NSc1tB1EOMyaSxSj2ErpMMeriZLtJkC2ATIqhThSiA2Zyhk6VZhBmt03QbLE5z3Buy1faaJlcTBsDXGPf+lHOxYDAQAEDgAAAA=="}
-00951{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_tot_l4_data_len":1107,"flow_min_l4_data_len":20,"flow_max_l4_data_len":768,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
+00961{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00589{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":610798,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuA2FAAIAGesPAqAH8W49d8semAbvp\/8qq+Fm76VAYAP0DsgAAFgMBAEYQAABCQQQBz\/iRhshChnDAfb40Y8MWCXprjP8lZG1DtE+U+j6BWPrq+5OFeCsW2pZ7Suy0BvJsDRr0urFqDxcFndXejXYEFAMBAAEBFgMBADB1hh6st8IRTt9zFzeTFecieoX\/gRdWKeoIyOPbMfbM9ZtQFSMUifno+9FawQ2f0SI="}
00487{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":694821,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjvfNAAC4GEnxbj13ywKgB\/AG7x6b4Wbvp6f\/LMFAYAIOUGAAAFAMBAAEBFgMBADBVGONY7qr+VSoL0tusO+zWBvMzRndz3BHOEZVHB+8buEuy3EGlBEJ4IOcNmaSoQEo="}
00508{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":695404,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA2JAAIAGev7AqAH8W49d8semAbvp\/8sw+Fm8JFAYAP1YCwAAFwMBACB0ZHngnVul9\/NrqvzHaXwgcwIQhnFnY8TbxAF8aR5I8hcDAQAgrt1BCg17CnWnOF9fCAs5b\/AwpXaxSWcaCu6nHvL7OA4="}
@@ -25,15 +25,15 @@
01208{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821665,"pkt_ts_usec":877534,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA2VAAIAGePvAqAH8W49d8semAbvp\/83E+FnCPlAYAQCWHAAAFwMBACBIdsG\/zOXG\/XztpJ8eFepnZhEXQSSgOOQTcWqQ9+Lx5RcDAQIg68Keur3cYqAVMp4H9MAwBHczaDXxrJyCRIcH8VQ2ys9UgruN16hGu3fmB9dMFBX17YHcxjnf9bkvZ5A+RhhNicA7w+vJ2Ns0QrTXkW5SgRWCVRvJhjWw4mb7fMmSgCsMsTul8R6MZbcOMTGg\/YTBVFikQb3GWC+0IB29jRW6YQDkfmINVrldJvRH6sL3\/dejMT3SKkZPcB5Fo2gOldl60pRT9KT95zyd4\/hxFlF6pB1Ax2uRSXOpfgJNaIpWWlP6OPbAVyZJEYFvHsIF7bPRcB9CJlCy2iBlJba+1e89qHcfFu5tLGbxl+3UyI\/Jh2oyc3e9rZvi1L99EMzYdTkkXss9d\/X3UJIgG85A\/wJNaJO4FLEfbddJ\/eyzitzquPQVt9k1\/V6UUJkVdZ20Qp0mpLiBJV+cbq\/Itkeh6TKJS2ha8XVBado8qntl6NIf1ASx7L+2T9gJ07KqYOQqLmNvrpdhUaZV3r0bF0KfhsxqcFz15doyFlP\/lX+Bc01wQhZyOA\/\/krtSsiVkCfRoVfZBIPR2IMa5ntyOfRRaqtvGZ9MdJMQo0FzAt27vxx2nAJSuXxhiBPP7ScJYdTbWORIFEE2KU9GVIf\/oDl1Xu0uk3H0je2K74L5Xv5S0Uwz54Me47i8w5SjiqyXqQtqCc3xM79wE8eqcS14Q+HIe2vFtw1jum5z5\/XGlcFyJBHkjgA8o8YEO9V+Tn8TP0u0HUp5fMg=="}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":212873,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1383821666407,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":407384,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"}
00420{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":480751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"}
00411{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":481792,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"}
00706{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":482149,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"UlQA2EYhUlQAWul3CABFAAEGA2pAAIAG0YnAqAH8Ljs0H8enAbvpjJYZMTT2fVAYAQDoYgAAFgMBANkBAADVAwFSe39nmuU3sweaQVD0jHq0Cq72Q\/dbDCXKTgOCZqGRcwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGQAAAAgAB4AABt3d3cuZTZyNXA1N2tiYWZ3cnhqM3Bsei5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"}
-00823{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_tot_l4_data_len":326,"flow_min_l4_data_len":20,"flow_max_l4_data_len":242,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00404{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":554821,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoI35AACwGBlQuOzQfwKgB\/AG7x6cxNPZ96YyW91AQAB4ZHwAA"}
01418{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":558024,"pkt_caplen":803,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":803,"pkt_l4_len":769,"pkt":"UlQAWul3UlQA2EYhCABFAAMVI39AACwGA2YuOzQfwKgB\/AG7x6cxNPZ96YyW91AYAB45HQAAFgMBADkCAAA1AwFSe3GQvlkjsNvaqzz1Jg8ocO0ckhO5WNgjw2W3RHOCfQDAEwAADf8BAAEAAAsABAMAAQIWAwEB0QsAAc0AAcoAAccwggHDMIIBLKADAgECAgkAyJuPbVBYWYkwDQYJKoZIhvcNAQEFBQAwJDEiMCAGA1UEAxMZd3d3LmdtdnV5Nm10amJ4ZXZ3bzN3LmNvbTAeFw0xMzA2MDcwMDAwMDBaFw0xNDAyMDcwMDAwMDBaMCMxITAfBgNVBAMTGHd3dy5icGNhdTViM2hhaWY1ZWxzLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtCoMNoMB\/bPWkwxZa12ExSs9Zb210E0A0rPDg\/7EzQuI8FPhS\/b9Slh2Zmvd0oyi6lLKja47rCq7aGurj20gIvMTF3alteVEWgxcVTpzPdHCTWiWEM3BqrqpAB9leOgfzVv1dV3nD\/giRvObx58gFxwD3JELm7e2NCKMmsXzs8kCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBAvjgQRO82hCrJcL+59OA\/RWLlWFm\/P21ukV0xsN07DzGhwE9bjq3ra0wFqNHW3zZIWYSNX98ynuB8ouYxXYrz849\/jFhxPLbJX3GKAh4pjUc+K8VCKG22ffnB9DKVxVvH3rTXnFEX4Wc57zOJjmoHoLAegzPRCVD3MAhPM+avehYDAQDLDAAAxwMAF0EEh\/lTj1UNAgjsYqR\/yEmabZJVS5dmXeCRVk+J6ufSUkL56OUbWroIwh4izJDA6FYBnBdIZDGf5wXV1D3SwsF\/ewCAradRhN3chNFMTWX1OFng4xEzuMm030V84VdrAyOo7+m5etluRr+EXSWfkc1CIgMl7cxdFTVP31JtGREZ5+\/Jg+3Dp55Scwe4RT7WiqFCa1tb7UnP8P8bB8+rR6vtEOWjTaeyVzbjxFRUqvBwouD+uvazREdAU4vow6DB4vIlyXAWAwEABA4AAAA="}
-01035{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_tot_l4_data_len":1115,"flow_min_l4_data_len":20,"flow_max_l4_data_len":769,"flow_avg_l4_data_len":185,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","issuerDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
+01045{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","issuerDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
00586{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":562358,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuA2tAAIAG0eDAqAH8Ljs0H8enAbvpjJb3MTT5alAYAP3tDAAAFgMBAEYQAABCQQQbCwji4LUZT0epSH0gj4mvHkh2ZeQtzOVA1S7vs3bZ23H+4gJJqoM2Dz1h4aKovW61xcrmP4JLevLNNBaCJDBjFAMBAAEBFgMBADDcfk8P+jYf+z7UeGSu8le4RjkGrW6Vw3SLThiYsnvGmMLEq9EIBVULs+mRW0ZhKbc="}
00487{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":644122,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjI4BAACwGBhcuOzQfwKgB\/AG7x6cxNPlq6YyXfVAYAB8mlgAAFAMBAAEBFgMBADB7EOw8+wEtEdpBi+G7JcCsTcVRGogcbGSmNZC1iS7tC4fMNHvHjM1Gc\/QZkOBwWaQ="}
00505{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":645596,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA2xAAIAG0hvAqAH8Ljs0H8enAbvpjJd9MTT5pVAYAP0wUQAAFwMBACC8MSttPKbpeuJql1UlAtNdadSILn5gK8Svy7ekD6MzsRcDAQAg7tsD6870z1FfLFv1BukG3ypusdNwWJbe+1lZO4ENyNk="}
@@ -45,15 +45,15 @@
01203{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821666,"pkt_ts_usec":838948,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyA3BAAIAG0BfAqAH8Ljs0H8enAbvpjJoRMTT\/v1AYAQCjBwAAFwMBACCuEhGVA4NvraHqWBXF0VGKi7yya+9S+1okg4GocBkj\/BcDAQIgqsSvH4svwNynX5ByKfenV2pkK\/zH5qdmrle51GUZdAWp5VTZzjCx\/s3z2YQPJOaJ8hzBRzNfwMHhVLGiZ7rvf8BQlBrfRXfo1Snj5ShDklJKVYJgPv2imkOqDOab6FYtIehUfgy8e7\/Zk1BnQWZBDR65DFznkpxbkLGufZ3ovawC+z9M4mggiRY94e6nM\/jPQLpCTGp\/RkFgwoH9gKmn39AxE+unqF+GFeMXpjFIRmGGU\/+LplD76IzG1gwlZfxa\/6Jxfuy79GRU4FdzUKbzAj11MMv17UuUi4h56ghDeKXYYdM4tC\/LXZ\/5NMyY6nutaKaN2EQUUnYef5MMUaupYOXf1D6kW59zAm5jQYAQSxX+1R54hIg3w0gGqTatO1RcWJIzFrzo0AoVma9K4X3hjZ0WkF9LuCsrVueZ3XSqYRKiAMp5ktEluSU6NzCWY1UVUp+HZJEzDSzrfACABWhRZMuy6rhAvLFaTc7VPRtHQOpZQybaBeHzl50phweF0i3PNlz0NPDXS6WPUwBXGNDr1SzWWaJbRY2Y4GSwU5sBZM3Po9LrosDeNJexY70v7YJeR9hc2lHfRlsUqMsQfVkEOB27ZG5GYJXOEwOc07o0Udlctf3xwBBTlYOwkN1sJz6Mv2PRCxvz5YJLj1BlbRaZ5UYiMKkvLub0aqJX\/mhIykWQUm04S5iR7nVREMC7l7Ehiq2XcjHQmTfj6eJSX+Mh5w=="}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":212884,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1383821668403,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":403824,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"}
00420{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":547648,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"}
00411{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":548030,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"}
00711{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":548416,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"pkt":"UlQA2EYhUlQAWul3CABFAAEIA3dAAIAGxrrAqAH8JuVGNceoAbuUs9YyhA0RIVAYAQDlUgAAFgMBANsBAADXAwFSe39pbZn4CAZLPeIeRH8NC+wysEGwDtFI6Y81\/Q\/FOwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGYAAAAiACAAAB13d3cucTRjeWFtbmM2bXRva2p1cnZkY2x0LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":20,"flow_max_l4_data_len":244,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00404{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":700311,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAodvRAADQGoB0m5UY1wKgB\/AG7x6iEDREhlLPXElAQABC1rQAA"}
01657{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":700468,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJdvVAADQGnHsm5UY1wKgB\/AG7x6iEDREhlLPXElAYABC9qQAAFgMBADECAAAtAwFSe3FkFBSyW8wepaOLNrHGBX6ujzo8E8jJ3hV5JUvPxQAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAIC7NDsQgl1IAWKbRx1wHPylgZjfFRnDGoYNfQ7CNaqRXHVejZyQnn6wNxAX2btR4cHb94VBJHyDz7731tfwYVhKU0Q0uQ+9iUV+KttLf4WfEH1OPgH35Lx+gZDuhiP6HSf7zcDaWz9UsBaGz5RpkdjpNOWfJEY2DOahHxjPJn9rAgCAPu2BuVcYmwTooEwYEE91V6CDblIATWpwKW\/TTRBsnSpOw2KnYuG7m0Xlmbfg1qWpqJep8soTArmFtgLXw0ykgqE3hliGUbTWkGTb5TgEp5QccknHUgEE5eiM4FmSQpPQAOha3Vv0rrVEZTpoq6WO4d3vecLDTlOfJdSF3sF8QF0WAwEABA4AAAA="}
-01031{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_tot_l4_data_len":1297,"flow_min_l4_data_len":20,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":216,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
+01042{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00672{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":708049,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuA3lAAIAGxtLAqAH8JuVGNceoAbuUs9cShA0UwlAYAP1UZwAAFgMBAIYQAACCAICVqs\/lAnDz1OCq70x00UceWrtuOw3N0LPh14jZeUdb0SIrh+q2nw7OzMPTMbvR2F3l+e9Ge2cO3B9dU3NuyuxmC2T11LmEuzT\/Hf14mMzupeO2yAdSPyikLwGzVW35ZClY6hUlpdVjzbtMcZLgCVrp1P2c6gx2eE0q2TMx74J8ShQDAQABARYDAQAwUYDo0syC7vcphX7PaChw29yHdSCulVCitJfgxPBnmRO2gFPOcCsNzcRdYYMrxKaX"}
00486{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":872166,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjdvZAADQGn+Am5UY1wKgB\/AG7x6iEDRTClLPX2FAYABG6QQAAFAMBAAEBFgMBADAaY3i5fXWZ4AML4bIyljsoDgZZBOXmk153GE8srIolG5kCI8vhcZkuXXaLWjel7Is="}
00506{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821668,"pkt_ts_usec":872735,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByA3pAAIAGx03AqAH8JuVGNceoAbuUs9fYhA0U\/VAYAPwTKQAAFwMBACAk0DxcKn+Ish+ZeQZv7WaMFXe8WkhVh9eJrY8qC7+55RcDAQAgv+Szj7Xko2kB53mat2M83QOGXHAJE0170QxkHpJFs+o="}
@@ -67,9 +67,9 @@
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821672,"pkt_ts_usec":213282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00591{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821673,"pkt_ts_usec":254958,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821674,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821676,"pkt_ts_usec":212885,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -78,7 +78,7 @@
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821680,"pkt_ts_usec":212883,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1383821673254,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821682,"pkt_ts_usec":212886,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821684,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -91,9 +91,9 @@
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821692,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00679{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821693,"pkt_ts_usec":159821,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821694,"pkt_ts_usec":212894,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00142{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","type":38}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821696,"pkt_ts_usec":212907,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -104,10 +104,10 @@
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821702,"pkt_ts_usec":213488,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_tot_l4_data_len":218,"flow_min_l4_data_len":218,"flow_max_l4_data_len":218,"flow_avg_l4_data_len":218,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1383821693159,"flow_last_seen":0,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821703,"pkt_ts_usec":288336,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821704,"pkt_ts_usec":212955,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821706,"pkt_ts_usec":213267,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -118,7 +118,7 @@
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821712,"pkt_ts_usec":212949,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1383821703288,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821714,"pkt_ts_usec":212940,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821716,"pkt_ts_usec":213464,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -139,13 +139,13 @@
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821732,"pkt_ts_usec":212991,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821733,"pkt_ts_usec":324487,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":662,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":662,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1383821733324,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":213076,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821734,"pkt_ts_usec":359648,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821736,"pkt_ts_usec":213187,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","type":38}
@@ -155,8 +155,8 @@
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821742,"pkt_ts_usec":213016,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00490{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00470{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":843,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1383821734359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821744,"pkt_ts_usec":213025,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00143{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","type":38}
00373{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821746,"pkt_ts_usec":213762,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -177,12 +177,12 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821762,"pkt_ts_usec":212987,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00593{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821763,"pkt_ts_usec":366999,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1344,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821764,"pkt_ts_usec":213182,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1390,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1390,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1383821763366,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821766,"pkt_ts_usec":213046,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821768,"pkt_ts_usec":213010,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -205,37 +205,37 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383821786,"pkt_ts_usec":213089,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_tot_l4_data_len":63576,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":450,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_tot_l4_data_len":9950,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_tot_l4_data_len":1332694,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":845,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00594{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822123,"pkt_ts_usec":915516,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1834,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822124,"pkt_ts_usec":212807,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822126,"pkt_ts_usec":212337,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822128,"pkt_ts_usec":212399,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1383822129889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":889928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1383822129897,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":897135,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJhAAIAGdgbAqAH8W49d8sfnAbtnuw7MAAAAAIACIACSwAAAAgQFtAEDAwgBAQQC"}
00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1842,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":949318,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGFtLUU5v6wKgB\/AG7x+atYj18G1cDZ4ASOQgvyAAAAgQFtAEBBAIBAwMH"}
00414{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1843,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":951535,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJlAAIAGv0TAqAH81FOb+sfmAbsbVwNnrWI9fVAQAQCoogAAAAAAAAAA"}
00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1844,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":961527,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x+fD3pw1Z7sOzYASOQgZlAAAAgQFtAEBBAIBAwMH"}
00414{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1845,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":962943,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCJpAAIAGdhDAqAH8W49d8sfnAbtnuw7Nw96cNlAQAQCSbgAAAAAAAAAA"}
00693{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":965354,"pkt_caplen":263,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":263,"pkt_l4_len":229,"pkt":"UlQA2EYhUlQAWul3CABFAAD5CJtAAIAGvnHAqAH81FOb+sfmAbsbVwNnrWI9fVAYAQBc+gAAFgMBAMwBAADIAwFSe4E3FMYInxr2a\/LGdBo7iY6X3woxpwwwB2E4X+3g5wAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFcAAAATABEAAA53d3cudDNpM3J1LmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
-00738{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_tot_l4_data_len":313,"flow_min_l4_data_len":20,"flow_max_l4_data_len":229,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00749{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1846,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1383822129889,"flow_last_seen":1383822129965,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":209,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00697{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822129,"pkt_ts_usec":972457,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"pkt":"UlQA2EYhUlQAWul3CABFAAD9CJxAAIAGdTnAqAH8W49d8sfnAbtnuw7Nw96cNlAYAQCN\/AAAFgMBANABAADMAwFSe4E3htlD0jNwndR+1ou7jED0jjAcq7bR5WAiBXnUvwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFsAAAAXABUAABJ3d3cuZ2Z1N2hieHBmcC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"}
-00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_tot_l4_data_len":317,"flow_min_l4_data_len":20,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00830{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00406{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":21438,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAooqlAADEGdDTUU5v6wKgB\/AG7x+atYj19G1cEOFAQAHuoVgAA"}
01412{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":23500,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"UlQAWul3UlQA2EYhCABFAAMPoqpAADEGcUzUU5v6wKgB\/AG7x+atYj19G1cEOFAYAHuyMAAAFgMBADkCAAA1AwFSe3L53X2pEnJ+sMNK7yLUj\/W6pO2+NRex4VwJn0DBEwDAEwAADf8BAAEAAAsABAMAAQIWAwEBywsAAccAAcQAAcEwggG9MIIBJqADAgECAgggWXsb82yVFTANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZ3d3cud29oZ3BhczQ1ajZ1Y3cuY29tMB4XDTEzMDkxMTAwMDAwMFoXDTEzMTEyNDIzNTk1OVowITEfMB0GA1UEAxMWd3d3LjdkNDNhaDJraWtyYWJqLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyklKQGQkcctz93HgInj2t1gLlEeTreYlTjt5cVuEnkRhvnpxBBhUZcDOSffaAx9+S0RFFDudqL8\/TeDZIwrCCOxcwFVb+zUytTfEc8ly5MA1G7S5d2I\/x5yvg04rZJRI9\/q5ks8spXJHHzSyzwoRTx50l96ITtI3yPQNeVSHVUcCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC38KFCTBghhDrxpOEFUDAKZE4bCRug43WMb6jvNo\/BPXQ48wsYWM\/S+47KwCPqXVUNCDyMF+wvJ2aRBnR37D+\/ayO\/p7RlBCVwDONA9IZk20eslgIepjkM58HbyrjYv5PJpyqgB0BsDzJJ400K0\/0xL29Q2pOCbmf5\/QOa\/soHuhYDAQDLDAAAxwMAF0EEqppowQXXYJtKnNsDr3CjDoKRPdSy8GzPWFf2pW59bta1CDBd2K0DAFHTa+02CMVDmRNatXtDgujISj+n9Smk7QCAb3zAMJEE0ZhtRVfh24BgLQXvLqOzphBWw67izOerVVz4biNemHUEOkNwxD+9oynPQgMUOQR3MDvw5YUW7GSS7yczMzYXquDqWDrOY8Ns7gaPrsQ1YbSUTuO7mrfNLqHYD1sSjpyqfIn2S3zLLZ7+opf6vOO4LybO3Wf9JdFNFCsWAwEABA4AAAA="}
-00945{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_tot_l4_data_len":1096,"flow_min_l4_data_len":20,"flow_max_l4_data_len":763,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
+00955{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","issuerDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
00591{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1850,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":28263,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ1AAIAGvrrAqAH81FOb+sfmAbsbVwQ4rWJAZFAYAP37zgAAFgMBAEYQAABCQQQirs+7bZ92YZQcxZd+2DqfqldWcJ\/uP\/ceE0gwSB7sufju+Ou\/tmWkLRzvFyBtO+ky9kbj5Lk5KBHB2Iw8kEPgFAMBAAEBFgMBADD1vChkZBoQ7JL0US4P8m+ntzIHU6Wo0YrvCmKRLKn0gkpxAE5NLpPezGJYavoceMs="}
00406{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1851,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":43639,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVpRAAC4GehZbj13ywKgB\/AG7x+fD3pw2Z7sPolAQAHuSHgAA"}
01420{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":47877,"pkt_caplen":802,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":802,"pkt_l4_len":768,"pkt":"UlQAWul3UlQA2EYhCABFAAMUVpVAAC4Gdylbj13ywKgB\/AG7x+fD3pw2Z7sPolAYAHsRlAAAFgMBADkCAAA1AwFSe3Mya1gXPjAm53azNqffVZKBFeKBDmPnY4w6w9WrzADAEwAADf8BAAEAAAsABAMAAQIWAwEB0AsAAcwAAckAAcYwggHCMIIBK6ADAgECAghNHmd17ZYxhDANBgkqhkiG9w0BAQUFADAkMSIwIAYDVQQDExl3d3cueGtnazdmZHgzNjJ5eXl4aWIuY29tMB4XDTEzMTAwMzAwMDAwMFoXDTEzMTExODIzNTk1OVowIzEhMB8GA1UEAxMYd3d3Lmc2Z2h2aXNldmYzaWJ1dTUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZ8HsrDd3h3QHNwmeQmsZhanoLQrgAdOGeNpqPnN8EeEfWHfAhERw2P2X\/65ntH30P1+pO341gfmDPiVnWKrKbdemOhWc5+hwLlrFMBHRwZhKfLV209jv90DdPiH2IEACikyepIw6POeuekcFmqTOmoCEJTbNBSj+8LU10shZzwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAAld0vA63k+sJBP0ASZPfowRgyf+KO3kn9u3Vfn7j2WGuu25E+hu31LvqyGY8p7YDhLtCfkLQW1kVQfVdYZigxa2W4XZzHJjJYQrJ4F3JAYrDHIJCSkFotsj+MHGvK8RMtwgWN\/DmTm0H+ElopdeZ6A1Yuf68M1eu+xcwU2J0cvXFgMBAMsMAADHAwAXQQSv97\/ilH42iFMoakelVTbrRTFAZqGEhYWR4S3V07Pyvxs1FvawqYKlRiM9gWAzXMX3bH1mpgVzLKUzeldVvvMfAIBVo+FA8tVYJ+HmyEdPa4Bdq+fFwyKjkuUjQTrHZKNrhamWl\/lB\/Ebo5CHux4Al+fZgZ3+QV\/Qd226bY9RwWJMGz\/2mP\/I1NkneJVmd+dkjXIeap\/WZmuZpe7HnTO5Mr1\/5mFqkmCL0boxqqxqxKDf58gCY\/Dfggk9bCoIClc40qBYDAQAEDgAAAA=="}
-01031{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_tot_l4_data_len":1105,"flow_min_l4_data_len":20,"flow_max_l4_data_len":768,"flow_avg_l4_data_len":184,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
+01041{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","16":"Suspicious DGA domain name","22":"Unsafe Protocol"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","issuerDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00592{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":52242,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCJ5AAIAGdYbAqAH8W49d8sfnAbtnuw+iw96fIlAYAP2\/YgAAFgMBAEYQAABCQQTOrOIMUq8r6n1aKYiNs7U2FFNAVDNnCvPBG2\/LKMvoSWVofCBD3sAosTws5sK\/9czSs3fhclBVGnT2zMaH3JdCFAMBAAEBFgMBADAuL1gg35pDGio6a0sJwrrveSJC9yOSrYPI1ot\/w0ux0mAKfgjlBtwnXbCgD70pNiU="}
00489{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":87045,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjoqtAADEGc\/fUU5v6wKgB\/AG7x+atYkBkG1cEvlAYAIO3AgAAFAMBAAEBFgMBADDfL2A9XXe6ItVkvPujf8ZlF9xDBUk6le1K6Q6vBc+xdpwWP5E1hcztjRUOvKJL2iM="}
00511{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":88305,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCJ9AAIAGvvTAqAH81FOb+sfmAbsbVwS+rWJAn1AYAP2ryQAAFwMBACDOqfI9\/1zpoMalpFDIOq\/+t2OKhFCF0\/8W1gJZQrk9KhcDAQAgdqvsCDJjPYM1XmS1wYHUGxKvFb4w\/k11fkDeEVu2xhM="}
@@ -255,15 +255,15 @@
01204{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1868,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":265485,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKVAAIAGvO7AqAH81FOb+sfmAbsbVwdSrWJGqVAYAQC4GwAAFwMBACDFSvr+d\/a8SxY\/MRGL7d7bbuedWRMGsboWG\/MyOHFANxcDAQIgpjhLHHmpnkUvTkzSmmX06lIrigiP6O2YGeNrjBqcUKAg0V5n04hnKawS4oV3ArwURsxbSqTy7nYCs5KiFnKnwi730wK5bay5XMFaFmjdjmKYZSW64Y0QNegmAn8DqakiaeHV87kzGgz3L9ox61bWiC7ouRVLhzhTBTst37kLzy4TNJ0GnKImOj5PufZsdM+oCGA2mvANTfeJutkC6ZMcW98j+pnuFaSHZzEegAuoGbIri50vuCfmrI2ykVCIM9NHhe9ybbly8c3tpXnB7ABcxCwT9cacO8yaW32GDXf0T2TNHRQBR8ftn3ArezELLiB+r\/QDebccDRa2eZtwv2TQLf+BNxJIfC26FMUwNp\/bjbZ2ljD5pQMxBFWet2NCvrAp+ghJEuezGbgv6C5rt8UW64fKEqFi5BkU51c8Olr31vNS6W7u39ITzaSwxhpbi68BFr3Rgd\/GyFPAVUVRnYWjC3W5C6vQVoV7Aby3obieH9X+LnXS6ZQbtgqerkwfF8KrGQotnTRdzUKW4z9tkcE0UuVe7uIeuC9HJsmkSSo3J519HAgZFVRecMir2db0k+I5GUB0IixS\/iYrCMdQWisoKFLfUljPOUI5aqKo36qAQO14+eb9abwMSo3q9Ox\/s+P\/TpXIDhzGRU3esXRnHYI+TtA6jgEY\/nm1hg0DjrFdYHYoOUETQ2zqC1kbLLgkWACGgfOjypLmJyMKImn7bnn9Kg=="}
00408{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1872,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":328617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAoVplAAC4GehFbj13ywKgB\/AG7x+fD3qV3Z7sSvFAQAIyFsgAA"}
01210{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1873,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":329179,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"pkt":"UlQA2EYhUlQAWul3CABFAAJyCKdAAIAGc7nAqAH8W49d8sfnAbtnuxK8w96ld1AYAQCeOAAAFwMBACAz5YAEXPD9Qp6lyJHqu1BSVaHO73GRNQm8Htgf0+c9mxcDAQIggGSqd7QMnsJ4kHJMLOklbVLNgwUP\/EkZy7W3NwFozzCote80AtSk7sn6fxe8acuFRFCQKIbQM5JkKbLFJdsaVBQIS8KJ3mJqEcN17ES7yv5X7kmwtAY0Oj+Qn\/O4MiKZiIbqCXUuIXBs30w6k5i1XKkR\/YjI1yzaosB78mCP1N+MitRHHOzKJ9BIN4RckCB0ahIg+SW3srzVgs\/hUNP4hLSwA9r1bn6Wx+XHvuNF74KSSRthK+UB\/PbjZmI13OCt6kBCakhFRLo4xd1Znv2Pfbt7FqyHdLdHCBcsGD5Uvdtw8qWMKPEXLk4NoW11tQXMBdwCgl\/xGuIkXESj2qcd+a6G\/U6B0dEP6RlAAX7I5nDrY50PtBQ94gZLzKB2qfFxI3h0QACydQDa1E2U\/DYgZWjvoy4r8eOXazr+Kwq8DkGePJs8qqu1PjYknNmPq\/hHKHLKZUAJ1IBCeVI4vX+BTiiooRLb09iC6svjWG00Y\/b+8hUWDkM60gjsOfnXmKe2Gmtai4EAK1BhjnT\/RDUesrNd1VdrsxdUqjj8s3SAUTlKeqcxkD3BLawtjcU5vI\/ChZmMJyoWadYf6Jq7tFuHIfLRmpSVDM39OBv8K4ikJC\/r5Tb12+qassYZfOLPbD\/SvIb+tyWIo\/\/o3GZf3Ucp04R7Pi0FoX8Ifpgv2ENVeAXzErpm7zVYy8TvEmUz3OuTxmPK6l0aAG8fU4fQnhW+nQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1383822130889,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822130,"pkt_ts_usec":889737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"}
00423{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":33681,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"}
00413{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34064,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"}
00692{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":34778,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"UlQA2EYhUlQAWul3CABFAAD6CLBAAIAGwY\/AqAH8JuVGNcfoAbv0twfgYNP3BVAYAQATzQAAFgMBAM0BAADJAwFSe4E45UNCHF+9nmoqAUUyRuC4BvKCHcuaRNsIL6pQWAAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAFgAAAAUABIAAA93d3cuam10czJpZC5jb20ACwAEAwABAgAKADQAMgABAAIAAwAEAAUABgAHAAgACQAKAAsADAANAA4ADwAQABEAEgATABQAFQAWABcAGAAZ"}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_tot_l4_data_len":314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1894,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":183159,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogW9AADQGlaIm5UY1wKgB\/AG7x+hg0\/cF9LcIslAQABBhHwAA"}
01663{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":220406,"pkt_caplen":983,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":983,"pkt_l4_len":949,"pkt":"UlQAWul3UlQA2EYhCABFAAPJgXBAADQGkgAm5UY1wKgB\/AG7x+hg0\/cF9LcIslAYABCPDQAAFgMBADECAAAtAwFSe3MzJnpApPNpEflNBeQT+wMfGN8EfVfDfSCJ1CHhSgAAOQAABf8BAAEAFgMBAcsLAAHHAAHEAAHBMIIBvTCCASagAwIBAgIIQu7SDsoDvGgwDQYJKoZIhvcNAQEFBQAwITEfMB0GA1UEAxMWd3d3LmdnNTYyaXpjeGR2cWRrLmNvbTAeFw0xMzA5MTUwMDAwMDBaFw0xNDAyMjEyMzU5NTlaMCExHzAdBgNVBAMTFnd3dy5mY3N5dm5sZW13eHY1cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJQ5+9Jafzi9QKeOG1kHDMDsvWpuxkXpeqU5V0auc99fup3dK8JdNTGzu3St2C7rtsHg\/aOI\/RD9LBPI3jkM\/bU0HyaJ3ATnGMkGr5BqkEX3ztOgHRZwu+TnTmi+fZZYOYr6X\/P1TAaEG\/JhZstA4GTErKlTy7h8CUyjLfJJOEhDAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAczayP3BW1GC9VJrrjJIooGh9+Wn4OGeizzpTmcCFI8IoeRhpPTIKqepFXqDaxPlMKybjBOaBnrwjugwfJouvDQ5AWM8LmNJinE97MZJTCtJdki6wMXqQ\/ENtzXqVsU9szKRr4KBKbjpnMQxheyATYof7q025Meevj610uNi4SCIWAwEBjQwAAYkAgNZ95EDLu9wZNtaT00r9CtUMhNI5pF9SC7iBdMuYvOlRhJ+RLmOccvsTtLTXF34W1VrBebpCCyop\/jJKRnpjXoH\/WQE3e+3c\/TMWikYarTty2uiGAHgEWwen28p4dAh9FRDqn8yd3TMFB91i24iuqnR94PTW4r1osOc5Pg8kIY6zAAECAICTjLv4dzbQkY4v+6c0tODTLPLUqpNj9udRk8Y5oVDxQec9DISv\/Q0OumZb9e9ll5wRwIEXxwVEOFM8Zk7VR4yvxN9ykEmlw9419WCYJtUgx5zCtQLvohpLrdz+KVdNF7f8BvF9kFE63nikb7K7Z17dZMj\/1ql3DTeHgdk9yw81yACAjddiRyq9Wcm6MZOMF0YAyjYY2sKmLvYg01bPUt\/KNhSxOpXIEHegbPMrbIHKvNT+7w8eAmj4pYQmubnfUL+Uj1iDQbNgSR2mn642+8mQSG60moMsBVPLLA9EvmzLv1gcuBhCiJcGvwEu1dlI9t0c613woXTslAdeYNWIZ8noJgsWAwEABA4AAAA="}
-00942{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_tot_l4_data_len":1283,"flow_min_l4_data_len":20,"flow_max_l4_data_len":949,"flow_avg_l4_data_len":213,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
+00953{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","issuerDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00679{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1897,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":230750,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"UlQA2EYhUlQAWul3CABFAADuCLJAAIAGwZnAqAH8JuVGNcfoAbv0twiyYNP6plAYAP1iWwAAFgMBAIYQAACCAIC489sTVZq\/GrKwFJ77i9pUjo8mUMWtC+3TfOvVv3\/lZeMgGHHRgTuax8BoSKz6hvfA1XyfqMyXXhhXL\/hmqpwL9+xMKjSKeC1\/nBFQNGi1R9BX0jpaOpJQL\/tEkXCPrXGMaMRX6FbhYcsf0y1KKo8nlIUSjgfqR7Uu68BU+P0kTBQDAQABARYDAQAwR5He0W0\/mJ2cp4A+CQ7sLCv+qfOQ89lzDZTa6EzlNuKFpcImS+UZUc6RvdwtbKaR"}
00490{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1898,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384005,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABjgXFAADQGlWUm5UY1wKgB\/AG7x+hg0\/qm9LcJeFAYABE5sQAAFAMBAAEBFgMBADDGp5YJU4NYfAXlehYJRQ2odQmJNNLuW3og1BToTR83Gb0PCN+omLLmSnduJdxzfxE="}
00509{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1899,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":384736,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCLNAAIAGwhTAqAH8JuVGNcfoAbv0twl4YNP64VAYAPyWYgAAFwMBACD5OA5hWmwcr3qvvvlx80AhOaZ3HeL86UCzuBfLPvgmkBcDAQAg9ZKvZ3vwmeoBnpaDZ9egruCXkAuHZkA8B+2\/ifVrt+I="}
@@ -275,7 +275,7 @@
00408{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1905,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822131,"pkt_ts_usec":785482,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAogXVAADQGlZwm5UY1wKgB\/AG7x+hg1ADr9LcMDFAQABJT3QAA"}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822132,"pkt_ts_usec":212345,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1383822123915,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822134,"pkt_ts_usec":212476,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822136,"pkt_ts_usec":212325,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -296,12 +296,12 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822152,"pkt_ts_usec":212240,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00594{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822153,"pkt_ts_usec":962104,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1953,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822154,"pkt_ts_usec":212265,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1383822153962,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822156,"pkt_ts_usec":212208,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822158,"pkt_ts_usec":212282,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -330,27 +330,27 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822182,"pkt_ts_usec":212191,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00592{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":1176,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2067,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822184,"pkt_ts_usec":212229,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822186,"pkt_ts_usec":212454,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822188,"pkt_ts_usec":212408,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1383822184001,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":212084,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1383822190886,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":886155,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
00424{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":950538,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
00414{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951036,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
00705{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822190,"pkt_ts_usec":951387,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"UlQA2EYhUlQAWul3CABFAAECCO1AAIAGZazAqAH8PtKJ5sfxAbspsDzfr4YtaFAYAQCdOAAAFgMBANUBAADRAwFSe4F0W8quv62S3\/7ygOUuf1KhU9yi6dM6uUHTsgpIIwAASMAKwBQAiACHADkAOMAPwAUAhAA1wAfACcARwBMARQBEADMAMsAMwA7AAsAEAJYAQQAEAAUAL8AIwBIAFgATwA3AA\/7\/AAoA\/wEAAGAAAAAcABoAABd3d3cuNmd5aXA3dHFpbTdzaWViLmNvbQALAAQDAAECAAoANAAyAAEAAgADAAQABQAGAAcACAAJAAoACwAMAA0ADgAPABAAEQASABMAFAAVABYAFwAYABk="}
-00747{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_tot_l4_data_len":322,"flow_min_l4_data_len":20,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00758{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2076,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":21804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"UlQAWul3UlQA2EYhCABFAAAo\/HtAADEGwfc+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAQAHsV+AAA"}
01408{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":37108,"pkt_caplen":794,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":794,"pkt_l4_len":760,"pkt":"UlQAWul3UlQA2EYhCABFAAMM\/HxAADEGvxI+0onmwKgB\/AG7x\/Gvhi1oKbA9uVAYAHv3EwAAFgMBADkCAAA1AwFSe3NuVwW3wewrm0Np+8gZfpw+6\/jzal\/O1PvTkdk53QDAEwAADf8BAAEAAAsABAMAAQIWAwEByAsAAcQAAcEAAb4wggG6MIIBI6ADAgECAgkAnJid7KPSoQwwDQYJKoZIhvcNAQEFBQAwIDEeMBwGA1UEAxMVd3d3LmEzdXljZGYzcm41bWQuY29tMB4XDTEzMTEwMjAwMDAwMFoXDTE0MDIxNzAwMDAwMFowHjEcMBoGA1UEAxMTd3d3Lmw3eHZ5c2ZudmtiLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0E2BOtnhLWOrZ8fxoxHjGhRWK1of38SpSBNg5b\/k4kfDQHGdL4hq3fcEtr78BJMr4Zf+dYRrf\/i8rLos33njMgo8oJqA1j9vg7wEx0spYhdfQskm1dLeQGZDN8DvyEqgknxhybcPAzyUGQZRPqosoPpI5OTClxfRzUMzk7OKJS8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAm4jj3CZ6E1Ur8DviH98154vz0x1VeY822f6PAgvXyJtEympFvro6oRz0e84wk+8Qk0u0CdxDSjoRRjMK6lpFUg\/ercM64yiXv3o0lSyuqYxq\/SsO88j6J4ug5YwlK8Ehm1An0BaEAIegLyliXKN+BU5QRzDZbd+6KUfKBngbsihYDAQDLDAAAxwMAF0EEovB5\/SW2DTHDDu+OYi9steUmfdbRCgSfNJGR4sNXRhl4hDgZfzXk2twIBJG8Grnw6YRIQGWT5IV1zZmnjnqbwgCAJ5r93gRCIdpZBfFMdDkPE2+t\/hq3eVxsiAp1+p8jigUZ61y99H5SXlIgzrbD14E0t9D2JNq7y+mW7anG7udz8ud8\/ae4433FISa8H+fPWATMTLX2XMO5nykP2OL2RzB12Z2Luv3SScQUiuIYkRAZLPfzndYQO4drRpTnAK0HOmMWAwEABA4AAAA="}
-00950{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_tot_l4_data_len":1102,"flow_min_l4_data_len":20,"flow_max_l4_data_len":760,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
+00960{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","issuerDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
00591{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2078,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":41090,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"UlQA2EYhUlQAWul3CABFAACuCO5AAIAGZf\/AqAH8PtKJ5sfxAbspsD25r4YwTFAYAP0z3gAAFgMBAEYQAABCQQRyKTQEXNEYBPZV3\/zEfTQkWpNPJBiGRL97y9vdutfsluomI+BM\/wATV9EXLZXU4z9ZBfdBaPDrleVfhRSEO4dsFAMBAAEBFgMBADDeTPLuhZGymstjqXonoYXbszTd6MvHlO4reIE7DIAVoLx2Ew2CndrSlYijv1enZdc="}
00492{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2079,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":163678,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"UlQAWul3UlQA2EYhCABFAABj\/H1AADEGwbo+0onmwKgB\/AG7x\/GvhjBMKbA+P1AYAIMjzwAAFAMBAAEBFgMBADAMkj8NEfgHVt41gvVoGZmSjJhPRcEYixw81Fk5SSn\/jCrlEY8yRundvc02RY4WwzM="}
00509{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2080,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822191,"pkt_ts_usec":164491,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"UlQA2EYhUlQAWul3CABFAAByCO9AAIAGZjrAqAH8PtKJ5sfxAbspsD4\/r4Ywh1AYAP2+LAAAFwMBACBL1ibhXCdYHNj2E4PTgng+oqeH24GkH8CHyZvt8J3ixBcDAQAgEkRPKK9bVsaEt1jzbATo6gi5Jrhe3QmS4lNa9Qi2Z+w="}
@@ -382,23 +382,23 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822212,"pkt_ts_usec":212113,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00593{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":39100,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2685,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822214,"pkt_ts_usec":212221,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822216,"pkt_ts_usec":212093,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00542{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822217,"pkt_ts_usec":531372,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_tot_l4_data_len":97,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1383822217531,"flow_last_seen":0,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":212163,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","type":38}
00542{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822218,"pkt_ts_usec":758583,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":212053,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","type":38}
00542{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822220,"pkt_ts_usec":774203,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2870,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2870,"source":"tor.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1383822214039,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822222,"pkt_ts_usec":212047,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822224,"pkt_ts_usec":212144,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -423,9 +423,9 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822242,"pkt_ts_usec":212027,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00593{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":96142,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3491,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822244,"pkt_ts_usec":212056,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822246,"pkt_ts_usec":212005,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -435,7 +435,7 @@
00542{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3714,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822248,"pkt_ts_usec":944702,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhAAMBZjPcAAgAAgyAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822250,"pkt_ts_usec":211939,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1383822244096,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822252,"pkt_ts_usec":211970,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822254,"pkt_ts_usec":212017,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
@@ -458,17 +458,17 @@
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822272,"pkt_ts_usec":211953,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00594{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":144364,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3857,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822274,"pkt_ts_usec":212080,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","type":38}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1383822276,"pkt_ts_usec":211998,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00144{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","type":38}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_tot_l4_data_len":11192,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_tot_l4_data_len":582,"flow_min_l4_data_len":97,"flow_max_l4_data_len":97,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_tot_l4_data_len":8633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":297,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_tot_l4_data_len":9301,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_tot_l4_data_len":1448416,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":793,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1383822274144,"flow_last_seen":0,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test"}
diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out
index 20cbdc330..961f6c461 100644
--- a/test/results/trickbot.pcap.out
+++ b/test/results/trickbot.pcap.out
@@ -1,15 +1,15 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609266107551,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1609266107551,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":551500,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"}
00415{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797175,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="}
00409{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797418,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9JAAIAGK1IKDB1lUnbhxO+GG6gSdtdXYu1SXVAQ\/\/+p4QAA"}
00880{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797621,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"pkt":"IOUqtpPxAAgCHEeuCABFAAGFc9NAAIAGKfQKDB1lUnbhxO+GG6gSdtdXYu1SXVAY\/\/9PNwAAUE9TVCAvT0syMXBxSkF0eXlHQkVvMDBzayBIVFRQLzEuMQ0KUmVmZXJlcjogaHR0cDovLzgyLjExOC4yMjUuMTk2L09LMjFwcUpBdHl5R0JFbzAwc2sNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC13d3ctZm9ybS11cmxlbmNvZGVkDQpETlQ6IDENClVzZXItQWdlbnQ6IE1vemlsbGEvNC4wIChjb21wYXRpYmxlOyBNU0lFIDcuMDsgV2luZG93cyBOVCAxMC4wOyBXT1c2NDsgVHJpZGVudC83LjA7IC5ORVQ0LjBDOyAuTkVUNC4wRSkNCkhvc3Q6IDgyLjExOC4yMjUuMTk2OjcwODANCkNvbnRlbnQtTGVuZ3RoOiA5MjgNCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQoNCg=="}
-00829{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_tot_l4_data_len":445,"flow_min_l4_data_len":20,"flow_max_l4_data_len":369,"flow_avg_l4_data_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
+00839{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
01652{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797702,"pkt_caplen":982,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":982,"pkt_l4_len":948,"pkt":"IOUqtpPxAAgCHEeuCABFAAPIc9RAAIAGJ7AKDB1lUnbhxO+GG6gSdti0Yu1SXVAY\/\/9JYwAAT0syMXBxSkF0eXlHQkVvMDBzaz1VNnlLdXljcHlydFdTZmZzSVQ5Z0hhdDNpV0Jlb0NsSkM2MjdZZUlKdk5aOHcwVjE5VEhaNUxvamNjeVBuJTJCT0phVHlOOWJMZ0tKJTJGdWpKUmxlNk40MWpxdVdYQmR1emNzRFJEUDNlbzJlaVI3NGZPVWU5TEloJTJGbWFPQlZQJTJCMVBtJTJCM0xRVHFwJTJCJTJCdUZlbDdrTnQlMkZLbHIxWDEzNFZxQmZGaXZDTVBLRGxpNjZEVmRPUWRadzZBVGtMdmM0VFVpRWJDS0tUUGNkYUxFdkdHWjNDWmNBVEt1bkZaUElVVU1LREFHWVJ0NFd6diUyRjB3VWd6UmNKclpYcHBGampwWCUyRm01SVZnY2hSRyUyRjhvYTVlQ2U2ODBCZkFldVlzZzczc2J5R2IySGc2aUJCUnJ2bSUyQmxIQm1QY0hhdGRCSWZiU01TM1pNdGtoOVVTYjZSVDlXUHNQaGtqNzlHVHBIU3JRdnY3NmVHNFdFb1JlV0thQ2o5clA2Z2Y5RndyVmVtTTVZRVBHVHFpQzZqdFFGa1lwRFFORG1iemZHdyUyRmxlUlVLQ09DMCUyQnF6SENkR2VSTHd2U29CeTVvenpPODhvdXBIeHE2dkZJb1BMQjY1M0NrRGlPa0FnUFZvZms1eVhmY1NzeVFseHlVSW56OUlPdVUlMkI1UW1pSjQlMkZpWkxwNDRmZWRrWiUyRkhLWCUyRnRpMTJnNG0lMkJxVkN4aEVNUWx3WE1XMSUyRnEzMTZ3NVY2V0YlMkJ3emEwbkx3anlKVWVFSmw0WjlPOSUyQlBaY1d1Q2ZJMCUyRldHQ1ZCQmxteVJrV0Y4ekJmeWJreEZjTDNaWVBpT25mdWQycVZsM0hLdkFyMFhqdUpnZlBFR1N4QkpOaE9DWjlaNTglMkJtNjN4UElYU3JtOEpuYThjNTdPZjUlMkJOeG5CbjU4a1hXTGxwcVJpckRPY0U0V0E0bjdJbzBFampEYjIwNmFmZmlkSzdIVUE1MFBYdmcxTlJHUDk0VFh5aWFNNDc0akZmRG0yQW9yRlBxdnElMkJEbWhsVTM4RENodTY3ZWpBU1ZZbWNyZkdZZjdZMEkzNVB2U2x2Y1N1SCUyQmNqJTJCYiUyQiUyRiUyQk9OJTJCakJ0alVTY0szbGU0TXNrVVFRaWwwSFd3VjEzQ3ptNlJiZyUzRCUzRA=="}
00407{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797705,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoYEUAAIAGft9SduHECgwdZRuo74Zi7VJdEnbYtFAQ+vCtkwAA"}
00407{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266107,"pkt_ts_usec":797742,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoYEYAAIAGft5SduHECgwdZRuo74Zi7VJdEnbcVFAQ+vCp8wAA"}
02243{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":728827,"pkt_caplen":1412,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1412,"pkt_l4_len":1378,"pkt":"AAgCHEeuIOUqtpPxCABFAAV2YEgAAIAGeY5SduHECgwdZRuo74Zi7VJdEnbcVFAY+vDwMwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54DQpEYXRlOiBUdWUsIDI5IERlYyAyMDIwIDE4OjIxOjQ5IEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgNCkNvbnRlbnQtTGVuZ3RoOiA1NjUzMg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQoNCt9qVvivS5njbjPP+PYiESkufSY2NBwPvvnHyiY29RlVUcWgqz2aIvCI30ph4ZB7gAsg4sYrw6DiahDColZ5c7Kb5tvBMWmCYiGNHuNsmJf7Huj9VYI9FR07cx2lwZ7GYisaxhrOouOAyayBA7kEIObsNo6X33XBYs8E4r6GwtAsV11qU+T0D\/Iim8CHkakB\/LhAn7QH2krJygLSJ56EglGnhrf+K5hHvICD06rkfkncxFWJu8vBdDsVrAerAwgDRYFkFqh6XzDUYylyL85lCJjE3taZN0a+4+2Jimj3vB0GlLb9stm5jqdv0Cnaa251FhV6nVDdjj0Jkl5899BkkZqkul+ChFNYwoIinB3X\/3DiEygF3sgyFV7TGlGJ1llDvl4vimhZRySn4m+Ur3Mb1pdnbQyLhzVJkj8C\/KgTGLjw9oNZ1ORv0tIwW42KxnZIu1\/zFOkPPMp+1pdjbdVXhqvKT0TC9zEgkTTzlFVmMHLe29xPRriSzU5at+eXH0sJo3ZOuNuMc1DD0xai228NNI7\/pufaVeJMcfRAzqN1D4LyZG2p4TvwCKzEn1SXdpnH0nGShubgkSHpBo5zJU7xTSmA47lQBrkcU\/aHl6N72BrTeqOezbPEh7ifHsOchWnIeMcKhe3vY6f+LZ\/wmBPIWu5F9BcbJZwtNrsXw8FfYP71wjVtfRXqBgjzU87viyDleZ+WIN2L9hOhvuiXXZHwkbynuqoyo3pI08qOjcxFhfT+CWPccU3nY1khPNDGKXClN0VTBj4FjJGGk30y9ChJR35dkBIWFPbBeXSGpdDWdMz7Teo\/KsiQvA3pO5QAaQ9\/b5Cq9Pc1yBVLejLzfRpSPBaWDbaxp51Jy4Bus\/oVgbbvxnKlLlXKzJxgwl65kLCk9CroONu5Mhoe7u7Ke5LlBFmLIRxdeKm6YIfQrDOaDYJIGVoiO+L+sU3bF5VDmvAD5+TWRqWLcrD6RG+a+yuM8WGGEn8iR6PkXt8fQu+q\/ork2JWOHV2h5Tvbsy3CVM26F2hFGUfi8aJux3sWY7\/Dx7iyR+JHSurfOuXXJc1hLCjBKnAMTxwLJLiHmXhZ29CmNMVJ5EJUwiq0q\/2NhH0R2EbdOZ405M1cWucYkX1e5JCUVsTfHCc+QZlTBpuQqAkt38qgSSzlBcSTkoOP1Gxnxd+VtaMEmUlp9CWF\/HxMOf\/vHmEoPR2d+NXMGo6i9bAJ22Y9c+FLSDIM0LuE1dCIUVHMdkx0Z1Mh6C\/N4qGyhUA8wq0XRzc+8T5UwU7j0QcyxIu4RVz1NP6IWh2TGDoxHPnXVfc\/vqSm0mXlvDHnMkU4kERTXYxCWoTOT9SGt35Y53gqVQ2XUcjUXhcXBh50FUv1TPyX4oFoqSthvUXa4Oqo1EHhocZxbKcuhBGNInGH9LHfXfnQQxnIuZLL+71U73xSRwBMooym2yn2Nc51TCapTOEmF6gltmYk1AV7+rutalady7J1kufphBaI4iy0ryagEWXXTS+CVgAzBmaPOxt8ZRNA7pLUYjSs7r6Mv837aMoS9D5h5MFZCMXP8dKJYWnjzxKEKWEeMCE="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_tot_l4_data_len":2811,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1378,"flow_avg_l4_data_len":351,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address","25":"HTTP suspicious content"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","12":"HTTP Numeric IP Address","25":"HTTP suspicious content"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}}
00409{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":729030,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9VAAIAGK08KDB1lUnbhxO+GG6gSdtxUYu1Xq1AQ\/\/+flgAA"}
02252{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":731166,"pkt_caplen":1412,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1412,"pkt_l4_len":1378,"pkt":"AAgCHEeuIOUqtpPxCABFAAV2YEkAAIAGeY1SduHECgwdZRuo74Zi7VerEnbcVFAY+vBzIQAAOhQk+dfkANa6s9vW1xjo\/EvQkvmfXufhTIiprUjpdwv1HfBjv61gTwhLHYq3mF4QbVK9Hpp9ndVCZkYHTHjV+sBufLlmmhcV6ryrGW0AkBZkmPsQUmbRoYL5W\/WbifBo+45VpbFapb4FpBsLghzUiDontj\/AQ0kWd0LrCnByzwj0AIFoEHrbVYMqh20quTdNme468zsoNbI9IpAomq5jw6r76LUYpnGLQ8RFCaFuZp+nnu\/wJ02JpJTVmeoZNrniq0DLlLX8gI02JrJ7jR5lX6367KXftuH\/4Ac3QNSSVPDaWn7E8Jwtso4A9vlUuqZAj9PMILIJEb\/YlleKUgd90LCuIFRFoRAAUAo1kIlPsKC+6zPgn9WhNcU9yO2duZQJYDzc+VtwJozgLugivHsQUOmWiTfavndSF7xwC6bT+KArJT6MSkeYl19XTbCgdEPq6QoHjtmmX1litYyyF6UoxSzukjDUB1DtbEqImtkWxnr7vvlylKFdsuf0Wu8Hjx4yi0f\/ec+auTwhGn\/KKHaYS+TchWEps9Yp9ii\/NVnRP1w7r7gBRyXFUq64rzHWwFPt2Lv35lErqSvYBYQ97LABpl0catq0YiAC+oipVxrTRlQJRe4Z3PBQ2gjeUmIYtY4aAooaObGdVPisM77aQJpykf83q0JbCtHBSmRIwDHMXmPePUydP579tKv1rll8GOUikKtAEm8eaqkCqepufHsxSmHhlWRVQrc8QRAQYR6gy3nh0KB1D8eZj4IA5BTBpc4gb3WrBlUzqhoCE8Iij5Lr5CXPas5301XSJRo5wDD0z7MVzcnNrQM05PkrppVhxhjZH+fUgP9u1ZXAKlK52p22+ZOFQrvRYAiAteV0NaC6nIUdYX8TRt6QImK5rLqSs4Y9tD2YOcK0uSb+cbDBb+RoLePGyn8rF2AJ2\/eDR04TIN\/V6Y\/uBgG\/RTOgDbm7rsd1XC7xsqyraHF2JLqQsk85fomhldMj18dyZu8BHN6tTuuJlWqIBOAS0v+5U+MYt06yTFLu2pDJ3w0PF8xU58HsJDL4cDdtPgyDqKG4+6Tnn47MxdWxrkagi2RbZb1U8N+o8oqtNbe31VLknNvvqBaiakJp6R1W0yJgd8iu09r3ii9yaJyXUTmyhnKmywB0GV4tGqk9JVbyn+BGkLAVN3xkX4v8VZHAPB71u1WAeyGh0vROdp2UprUPIXudsG+UmB5OMcNFEqisptQFHIKUXJG7pDM0N\/Hf8Mug0Eo3IuvV67UZW4cgbriNX+yuJUIH1dvn++J8LxF06mYYrRR+dWmrcUFjVDebng7kBzEhi1gZ4X0qdFBMINT\/S\/2I6d9BO2kye11PHBhzYS9OtAyBreIkVaFTePVqflmDrBzuNay36GoPJYhuN3qJ3qbL8PsRgzMKDxxmfHR2rhq2HvyEGehTIeot3seUqzralbF3Z\/pZbnXbI1VZmOc8QlxK9TzZyvxs5K+4qdLN8oLgaBhAWLdAVHCNoC9dfla4Y6FAFBPgJcWi\/3s6GcyrWfrkMd8XAtx\/r00NyTDMr98EX3jktcAA6o7hdfTl+YfTlAKn00zGj\/IuTEyCt0z90cAecDSI\/pYEPvW1QgX+NVC+uVBSvhvB4xQWXNfeu0rTjiGbGYI1L\/MEldCpTMOVoZZzFsvxF+AjKgUJd892OhI2HDlUYZrxzjoeAYWyIu3LcNOX7NZk9lDaDwR\/PiOMLCn6WhibL0w5C1ffo\/BtafsrsQKKKbiTB5mrTbDRWwV+juKrJtyn5d7\/yRuYlcidjsXodOCK2bJxoehB+TZS1zQnzRMil2c="}
00411{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266108,"pkt_ts_usec":731310,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9ZAAIAGK04KDB1lUnbhxO+GG6gSdtxUYu1c+VAQ\/\/+aSAAA"}
@@ -17,5 +17,5 @@
02158{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":211419,"pkt_caplen":1337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1337,"pkt_l4_len":1303,"pkt":"AAgCHEeuIOUqtpPxCABFAAUrYEsAAIAGedZSduHECgwdZRuo74Zi7WKtEnbcVFAY+vD7bAAAawe5rQdB18cRNYwP9H12ICqsTdYSAXHsJb3kVdaHDZmteN+FhZcKiwd0uGSY2Ln2tNhGYI\/W3sbikFe0sqfREPsx6ZgTbH6JLQpFVzLYhqoMFoo7TPYBMrcOPqfPsi\/6JuRDpI9yxkUD+iGOu6vRgPjgdPrp4vCQB1cVfELTzyTp76Sy\/yOuP58LajXVZsDb9xuu5hJ4iPWLX0AMQGCaHHoEtWqDMkQ9IWtWHPoHl2uL62Zcxsv2ewXM2a7eGXQQHLVtG23DKp8b2iMTb3KqK4jfTUzCPZbu0P6DbPhkanxWKtAsM+wExQVVaLstVJ9vs3p0T0USqZUr6NkyTxc+I8zFpsiGNegFljxO3WxMytBberzkI1HZdCUn0d\/Wq+xEnSjl7MiXAHWfpNaCKX3SKazOzNKAeIRh+hn9Tcp9Fz\/lRt3iG36YbiZm+aiqPwGeWuXmFbwk6sQFBS\/KY0q6o508hZJOfxTEdCBJywjSlBbTBn2KlO7c1iDlLFLzI5y1CADqMsqBJjFwz2JDuESyvaipEJgchjHyIcSOI51FJHzrEY3bTrEhFcvistP8ijiS6Ddrm0qw4lO5zxezmPnzEi2pkwp+zOyYSGoJP7p7Q3HXlXbHo4kTVrNzPHer43ytGV5NZcpBAa+7wJDgys72yjxRCA3jHzMYsVNRer8bjAyp3bToVFEYlhq4loljXQTJmkzl9Mhkwv11m+3irGy0HIam5ZohkUNho8K4fpubpqemAb5HqF4D+x3+zDYfBJt5n1eCKv8R5wK10cGRalYA\/dQy2R33\/jpVV4SPgu6fsvK05EYGgkBkHwlaXojbj\/SC4Zr3g5XTJVKAT51\/ovKfWC3oAyftKTJgc9TNVwpVXWGHCWhvDbnxH0cHUxDKtGe+Pax\/q20BdePl5SmZ2igjyaG\/e0nlC3oirk+eE+Xq+iGp4Ww1Ud2AgkhL59lKMFZjhpqQfhrwWCNmtdCDeiBuygGfDkZCmPc5FMtFhq57rVa2AJddnBCwlGtDMquxkYWB1O2LMg4XocsKYxT2XDLZ7usm0N4xtZAcu+eY9qQXbIXg1RIe168AU3u398rdWoExKGL\/B6RWQGfO2kHCWdMu2hDqjFlL85FPbXaGaQJLUBES8CmxT3++M4kIsDT1OQzdoaypaAijsi6UhL9Zs5OW\/6RB\/mf0cojWV8D52lO9l33qYCbtSPK6rNdJgvFWHzkne2NKphN49\/o4xMtbuj4H8KR\/HdME2HhizqBJtVphLx+J6Sr4lVZo7QcJ+9EDk1aFlh0FlrT7pTIMmQYqKAMIKBFB9ZnzERlD8\/Qc0cH97Tbu3hSpGyQttu\/Zo9i6ecgtUE4lI0D\/GtrWyw6x4PSh0Yggmv\/KjRXBuc2huhw9y1+B4w1B\/A7z02klinrbZh6VekIcTq+uJsYOJi1XHIAX4D2DNMzkZ8wMa6ayxBrPZMq+V3Zv1j3\/AcCsigUfR\/DkLmzkEBrahjuEaR9yZkYHt8YuwYqYF\/Z0bqdOwDsKiYyz\/VN5VInCFM089BDi8prytU2EUU5Y3VFqUqM+6BajAYDuSLFe+Sx9jKFpZbyafVj3Q7\/Xm1FpBXspidAQZDus8qnHJFlDp5l6xrHCr4itKZ72iDdWR1FSth9hv9b2LQWKn\/3nfrqNJv\/Wqq+P5cFBv0o3cG+0Ad\/eQhXM2l3yqzXnGG\/1794F8Ae3wSGS46FYePo="}
00411{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":211610,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoc9dAAIAGK00KDB1lUnbhxO+GG6gSdtxUYu1nsFAQ\/\/+PkQAA"}
02403{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"trickbot.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1609266109,"pkt_ts_usec":508985,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcYE0AAIAGeSNSduHECgwdZRuo74Zi7WewEnbcVFAQ+vCZ3wAAKxkPv0AaA6ZGcQjAFPG1i3bFgP7usmIhGBKyiXvC+9Coca73cem7oBgmT\/W0abVcwBTLNBjxNKVWAHQ4nygPFvB01N+NUYOWTHfT9BmVMGJLX68WbXxyyW4BWXsrgNax7AkOcb9M8cpE2wfv+Syw1p2\/3b19rXRJhamDlMt7QQCyVLj7MG\/gmo5aA\/RMLoovC\/cnwNKc4yHWMQ\/spJ5AqgmiozWq7NpbcFXR6FeOs+bFx5vY3zBfokCkV7h0fwMLoGubeAdlxHIF5vqz3WZYoyRDF7MGVkzLVX8n1NghN6XolPvX75Zwox0rUZVWSJD3XhMVU\/E\/IXpndmjItwgKgMdfrMlo+LZ0tGMMAhYMSZnC\/5MVT+VB0pLkzr753cFidiyQesvEx26Uvpw7amSYI\/k\/eHnCs5V3pkgxmyEXlj3AaE7IhPh\/3ZGl0pWRqBWT2FCvfC210NkKOsPoWKdErIZZ+dDtfUiIXGC3JCByN8o2TVtDdsHUiik7FsKEcX5TMyGJKXFAQP1XFBEIGgYKdeY3ED2tmOdYYGrBzKy+koAAgJXqZ0q1h3iFh2RrGL4tysay2MTGZiGDjF8hRpd1O8\/s7glx+VWCUa4f29+nbunC9+eh1djoeE0yYlUf25swEQHzTdM86HExsD\/znUfBQ30i4lz5F8omVaNwZC+\/HNRWFKu7g0r6kJ3fFg9yxqQtFbPbu+KXEH02jlKE6Qr0T9X36ZNG0cRuEBIpLRknN6Zp8ugd2Ga6hIlICjGA99gCumhWqU3FJJ66wIr1+Kcsh6XBUk9HqOE5Wyu9siM4gDySlCu+oXAg6\/xgSilX2mbXQU0rt0fCyrLrLm9hFcn6arcSqN4LyIv3Zgb5GNOqlS7VHIkzRnGRgCTwe8EvCWN\/v6EgXDQ1DHFrzgusR+nvjBfCcC83mpGRb9TLQ1zYJr\/u\/abfVw80vOeM2ZWp3Cb+l5i24AZF5ytjOsJAmq6oXHwznGBDGbyOTVWDiUZNU6TsmZulUQs5tMVAgpChF\/7E+gHoeWinkxc\/a0VOUmEEPH06pjPsiIOmd\/9apUwMV\/l+wKmptaS+LQMLHbNj2VaNPPwzXvR9k3Y0x7ZELJzo41B8VLjajkegyhOiGz47IFUHiZThn4UvYBnnsWYBZIeajBkbS1QREMxuZVz6Vm5Pp+K9t5nY+SimaScNl9WLDmHOAOtW4n9FH4zlN8z9D0F\/a1maWmRHFJN4Kt5Mu+r\/FrWazx3ECmYB80\/Xuj7cHSofm8Uk0wACYiSd9+vUkmYel7uV9c85NwAxkVazfPvCgLQL\/U4Ldoc2Qxz1\/54oE3uRFk9h\/V7WvtguMFm4LPPB9TlhO\/LXtUXVYqp91zHP36CgItPdmRLyg96LS3eyGGWomV0QNG4Zyf\/H0Gfyik4d25JvDgixmtOeK+EjU3ob07I3+xY7wSO3QELs3tUX2O5F\/8mKYxURnBDle9ZCs1xR7LffyD3IhzxsGl0pIAddsfcwzjb2G1pUPNdQ5kMBAD+gxPZWVJaN\/jzh4Zjx0Lte9IS+nTCfaHYkIJXpnIKYnipEOH5Flsd7+vohDpige+YQHRZVG2LlzghLfY0gBkuppDdOhrgA5HYnUxu9FNWVkOumFlvD5W+DkRvWL\/r6ouDQB1CyE9ybFYTUoAyiclYov9WWv5JLWLTcc5oqDZRMUnk8LMnIcEEGSTbaq7GhpzepcUz6IA1KsLUj+rvvww1hoe3HUUDZgZsWwKM3jL756Ht\/OrdOVuxtL2xBIgpeu7dcLIdPrmQDbN6GAUQagfSDS0vFfbfF06tAOI2B3G36NuxPUeQdJU8QBCY12yiab\/DH\/AX6bHTMRxzY8yktz2iRCVkcb7CEdvUZY\/ZpHqZJF\/AX5PWXS\/jzQLmWyemVvh0PBn0HowzcWrkaDlMqPQ+aaxgwq8idVQc8LQM3F5G2OgOALbU="}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_tot_l4_data_len":59486,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":803,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test"}
diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out
index 677b1663f..b0f65d236 100644
--- a/test/results/tumblr.pcap.out
+++ b/test/results/tumblr.pcap.out
@@ -1,19 +1,19 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tumblr.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605292102219,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1605292102219,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292102,"pkt_ts_usec":219041,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292102,"pkt_ts_usec":602965,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd5sejoTgBAk6T9pAAABAQgKJEdEAsLc4vQ="}
-00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605292102603,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1605292102603,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292102,"pkt_ts_usec":603001,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPqDR2fQOlgBAB9XmBAAABAQgKqXtBHsLc4vw="}
00452{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292102,"pkt_ts_usec":653473,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdELkP7ovbiYYrgBALf0cxAAABAQgKwt2S76l05rw="}
00452{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292102,"pkt_ts_usec":678719,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ9A6UTj6g1gBALxQp7AAABAQgKwt2UBql09U8="}
-00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605292103804,"flow_last_seen":0,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":696,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":696,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1605292103804,"flow_last_seen":0,"flow_min_l4_payload_len":664,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":664,"flow_avg_l4_payload_len":664,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01348{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":804319,"pkt_caplen":750,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":750,"pkt_l4_len":696,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YArgGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziFnW6Ce2BgBgB9Z0sAAABAQgKOMLyjsLdWyEXAwMCkwAAAAAAAAAEyttPIBHYl6fl6+wxakteQia67zuCx64sVbYiAEMKI1LRZB2ZjjRACezRfqMgcw8Wk8Ja+jFsbTh6PPGiWyRnZCafAJvoLbr\/QbtaCfYNT07cM7gv8MAYjagAz2\/uUXvHhHXYjVHplnNsW6sWSYWdjj7pK3cCYJyTWWk8KcaWVSPm5FJowuyKrEBg\/xvy4liO6V1qSsclVnGU5uOkFVqkiQyVPIXxSNOn3SjKKoV+GRhNjLSyOjDMf9ZrVDwqHvTDUwRZgkE5k6+v4Ngk9WrnV1ax1ubCqnHoIel2EK4gbfVvolwb83\/d3YNFV8lq1e+SHlYke+eJRKzjNIOw4b4Y36hRm5\/D2hks6V9vGkg6sSDzHRzniE1V4ce1mOtmNnefjf42UQc2HkOmWCkUVtMokEc166qSRXnlIooPlIQBw2b0stTzXYA2D5SN\/BALZmedX1SrmcVBJ4DrMf\/xHLEmuGaRjzLDgXIUB\/jHR45QJ7tyaECd\/R1pWTx+wCe3sS0fZlg4mB6GzVlIgWc0sXiXzk4KusTcJBlT6WCFzmZVXwOxGhq4mx\/Ar34HImolLoUFN3W4QPP1XuhLobsRn8+uu1UjAIOgrakq2nUZ7wxPjCRa6GR8HhsJaaSV8kQKCsWaODSJH8qsgcj27KMOqJKDEttTsUUejaBrXacD1ursBsQeG6kxeWCpc+pc+B6lF82QSaY+dqDc0x6adlVhzh25sn9xUc5gttNEqsRpcCwXleCFl5slq6Eo208ayh44XAy4\/3sSIcuuXZecriDdQNtCpH0D9WnZpbvC6F0uUd8YgEMLKpbVgkphXTjpgJPqNLHR1Jtsu8T0zduHUyA8I2rMdecA7vfO5m6vB6zg"}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605292103804,"flow_last_seen":0,"flow_tot_l4_data_len":676,"flow_min_l4_data_len":676,"flow_max_l4_data_len":676,"flow_avg_l4_data_len":676,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1605292103804,"flow_last_seen":0,"flow_min_l4_payload_len":644,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":644,"flow_avg_l4_payload_len":644,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01325{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":804485,"pkt_caplen":730,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":730,"pkt_l4_len":676,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAqQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPNREQMJOagBgB9f9ZAAABAQgKI0OBn8LdXfIXAwMCf+a7XKOkxtVKJI04EV4D3mT6IiNw5ZdwpK\/ctvLby5AnUtCRp1wz9iXgvd8CBQl59Ed1wqXQfvbQcvgr9o4GGMRVH8BPyBiK9wAHxfoair+VUOV+cUyNlvDKwuPaUh\/47DlY44LAL0vv9eo4G0vPSmnyuohMST6JkC52HBED7hDgCc5lbkYutM3P7xGL1Z5MrmmzLXVyM4doUQOUayCKfyqRux1EiZDMeHsdoHvinwuW98Zns+5LqMwEKiz9\/ZA1Iu594xbEmeMockAnjj3HmV8YsDERU2TzTk3sWn0ZhKp12Rdx11cVSOnv1ddUqmkYpF6VPIBgfZdY0+3WEYNWwp9gOeZ1SPKEW1sZa\/MZbqxYU+ge0aUNP414S6YsDr4wWnXY\/hrIPt4hdVJid3p8HC+BYX8NVuisAelA3CsslL+yrlEZs\/QElNY2EIBitMqJSsgpwlduIlvcGoykV3DYfMjS3smQ0\/HaV+vGuY59BD+HYzkVJoRFJ5+AoB\/9kz8MrwgQrulG8+mXwGs2Tz+e0pxggDcl3iaCIQO5yUqOapIz\/jo8gXQAUjpsoKRzsKjRY\/OKBL3cj5DbujlngZrs+3yRDxMp\/A8kmIYDSMjyy21do9HW47erPa0WwNSepOx56UCCZyny26AleUHgV47LLX+Hh0DKxyVNOlUl474o9ZULR18pA1FtXPbynHGzdWF0peqNAJdGXSpxCnSDK+dkiaw9fmAlL\/EwEDJgbnaFqYBoa1wzZSNmUTmn9uQt7gG5UTLglNz7Gtm2hHwfzEK4uAknhpJOuKuRvE3auX9h725wqrVluU5SCPoyvKwHHRb0nBQK3ngxp6Haaq8pgOXbmw=="}
00512{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":806476,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dicAAABAQgKOMLykMLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"}
00504{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":807934,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"qtsDr8lk5EKm5WPyht1gC36AAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACPzNkn38YBu3OPN5UQMJOagBgB9TxfAAABAQgKI0OBosLdXfIXAwMAIkCDsSUDRd2gtpG1ie0hMvlOrf1SL9AYeSm49w1LAyMVmmo="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605292103810,"flow_last_seen":0,"flow_tot_l4_data_len":414,"flow_min_l4_data_len":414,"flow_max_l4_data_len":414,"flow_avg_l4_data_len":414,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1605292103810,"flow_last_seen":0,"flow_min_l4_payload_len":382,"flow_max_l4_payload_len":382,"flow_tot_l4_payload_len":382,"flow_avg_l4_payload_len":382,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00973{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":810303,"pkt_caplen":468,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":468,"pkt_l4_len":414,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAZ4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtL87ROW\/JgBgB9bw+AAABAQgKM4zEpsLdXIMXAwMBeeuGCWF9Lb0Ci6TEBMXMSCRU5\/ujX\/oVXdGh+BNpGjYWczn5t9MnrcPf0zR8Rsvgek65i+QCA5M9xg538hLyui9336X\/wmAqUKW0ovcGHfVkBbInk26LgYglI5Td\/ssdGWORhYySPbJXLEFtu\/h1mXhj5XU6VyNxU9SBh\/8O12l+trWyWdbANDOIW9SbvtVRvHBRVZmz1ag3okb4Plbrh4Qi4B+G74t5h0\/qMYjiEuZ1+PtpSHBW9OPbPwwcOV4UZ67nf4PG8vUha9JOewT6Ihb4Yfc7EBAGx7VHrcHsn7dvXiF8gTt9bh55AJVAbM2ak8Yu6DoJnJsa+jvwTKddiAxdtJhT3E7fBmbothroFA49N5AzGnFsh4cxhtIWJBj0s+8J1Phi\/75LUnCD0lYbxKIDoOKf0QWR08Jx8MCXKqwRPsjDU42Fi\/URG4BOwibUPBjlxMt8e\/Bx1zwNGX2TOl3lRdKcwrnMTh58G0mfgl41Ox0e5b1fEr4M"}
00506{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":811173,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMUzROW\/JgBgB9W6tAAABAQgKM4zEp8LdXIMXAwMAIinMMkxOhnFjQLjLSAyia+Ge5bjIivBAhB3nTGih+nlOG64="}
00513{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292103,"pkt_ts_usec":882887,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YAE4GQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGQ26Ce2BgBgB9dhQAAABAQgKOMLy3MLdWyEXAwMAKQAAAAAAAAAF+jUU1elIEFUi9UepC3cLGnJUpit7lClItBx8Gs+U4NeE"}
@@ -36,7 +36,7 @@
00450{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":7294,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMXPROW\/wgBAB9V2AAAABAQgKM4zFa8LdmTU="}
00515{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":13772,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAE4GPSYgARaADQAhjG7PLAjWn7UqAcsBIEmLB5kd7IUo3\/YpAbuhMroJ7xHc4hk7gBgL0KpXAAABAQgKwt2ZPzjC8twXAwMAKQT4a6EVPf\/MC7YjIsJ\/xsbAtMgLrAKkLm7X3dykd1N6K99jQOjUHHP+"}
00451{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":13801,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDK9YACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIYxuzywI1p+1oTIBu9ziGTu6Ce8\/gBAB9bmoAAABAQgKOMLzX8LdmT8="}
-00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605292104650,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1605292104650,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":650967,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoWdXXNVgBAB9YSyAAABAQgKTYTpp8Lc6wE="}
01632{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":708085,"pkt_caplen":958,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":958,"pkt_l4_len":904,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAA4gGPQBk\/5sAAAAAAAAAAJjHFZMqAcsBIEmLB5kd7IUo3\/YpAbunnNE5b\/Cy7TFzgBgNmAqqAAABAQgKwt2avzOMxWsXAwMDYzwBWFGf3wrvapbXFWd7ouvLdghfl+4z+hBwmOgK9wGyR+OPX7lOzUdAc1SJr5LriUzr1yBY7Xib5kSqyUe1yMWTnDKjnIpvvHNgMKeXa5Up0SNNoLJtEdUe1mGD07CoAkrza8oQW5bVCoHgq14o3MnL6zXKFsjiRaQzZkuYg5+7Aj2P1N0CNc+IAxdROK0pH\/GxQiM6tuecE2+gQzmhw8E3iHdRNvDacWAbPfX3wvR+pC8TV6Qv860Gq2LKC53agz8DcRjtoZEcuZOhJ5yhI9CuBenRURaM4viI5VsqWVKgp+rY1v6KMHtg+yatPhTLTS9MPN4iQ97gX2OMMD7P2mW+3ZZvUCdGiWBsUg6Vj\/Ap5Mzn0gfcfeRnmJvMfLFq1nOksu1TLYjygvtri7DOI4N08pvsGA+AxOUtFDp8sAe84PJ\/21BDriB3QHickdGoioTM2aEE0PI+dA9r8nkLQ2zBkp2+AbZ\/8u1erDn5mZmrCWkr0ltVa991lUooZGx04XrJXhl2ZKc4btbOY8Rlu044w5RE0bOIYGFt8tFLH8swzMwtpav0OQK8qSkL6wOxHeOUnEVN0ECUER5orXRvQ8TMRsavGs+Z1q\/Va1E+zSj0hs6uOsQiwI0xzzDkYOZdmDCJqsZ3J6lIaLPNwBqjtLvu\/377ZyJPS4DVZ6Mb0n2AdZqw2N83Kf4Hi\/u+Bu2HNYrTrUAxg0Nber11\/WPswv95QWS6ELyGjJxcgXf8UQfUIkV9dkAl5Jl8V1\/fZqVxSfh7c39oZxBgC\/LniuuZbWg4U2p+lRLEZa9tas4+DdJvKpcHPstWpGAXg1pdjMq4YjztJJEqk1BeypbVxpPOR0Fg7RmNqpmYSR85L+OdthM+GqKZRaTno+Z+dye8WdKy+GaoW++Rq5vaWds9P+XsPFxKSigyvCA4lQFpzrootxNe7vIM8FtDz8YN4jPIumx12vCngDooYbzHqb1soJW8fbBHabZgF+L+uI5CplVCMzg3onU+QCbVt89y\/vnTkwWeoYKoyvZGwoUGfxMsONS21CzAPnXBJLN3Wk4A+c2YEpm19lonsDISObmpr1y2uwgFJXM5FyU5wJdmSepqrzzpid3zMruIok1KBZWEV5MHlSIkq97aM+zCTvnfjY4oDZogFPSHnQ=="}
00452{"flow_id":6,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":708121,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCmLwACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACYxxWTp5wBu7LtMXPROXNYgBAB71XXAAABAQgKM4zIKMLdmr8="}
@@ -46,17 +46,17 @@
00454{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":753048,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJjHFZMqAcsBIEmLB5kd7IUo3\/YpAbunnNE5c1iy7TGWgBANnEilAAABAQgKwt2cIDOMyCk="}
00454{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292104,"pkt_ts_usec":753400,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJjHFZMqAcsBIEmLB5kd7IUo3\/YpAbunnNE5c1iy7TIGgBANqkggAAABAQgKwt2cITOMyC8="}
02337{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":110519,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPQBk\/5sAAAAAAAAAAJjHFZMqAcsBIEmLB5kd7IUo3\/YpAbunnNE5c1iy7TIGgBANqs0+AAABAQgKwt2c\/zOMyC8XAwMDxwEBzrcSS3K5OvG3xn\/LGTYrHxlBcvU63Og\/RHCGKC40vrehiI7u2mc+F5dXiGbhg+9Z5zU3VYEe7q3+Y4aH8+AnuWWY+l4adTsdPwSLI6LxbpogHx3LG9nbqOiE43CauPmkLb95xDQ08\/EpdJ9F8F2dIpKcBPfKFvHXRgNAImy4DtFrI9FT5HmsybXvvkfeEnYIfo54m2L7RhtTSOV0tXnv\/YdNzBmQo\/A5CW9P\/7n9gWUVYJ9PdxWjMfSW1EdqCiOxc3+X5ifVSxXalHiI647H8eKaZmurlf+0S\/0zV+eZcn4qnkX34sjC2Asy0gWAQZV+9MJg+7mkQLJMYEXcAPGRNg4tefd0nHesQcipu920rrSW2mmyIuy9yeB94ZoIHCppunxCdp1NZdMHOs9r0trDzCoHUTc7\/9Qlfe0m+VkB2990TrTjHQVxXBlcctm03Ays1jf+ExOuXrlZq3ZfHIzKOzVkeVS5h5PoYoNVyFwqJwHG3Hcg2J7jJB9MBrsalvQ2JKpVPfeFhbx8gG577thKu4TJqzkbDEfJO4nF6XwklHBiMmhNE4dHrutFhNwa4g4qhS\/j8talPMlxf6RPqQttul8EtaY9HDYLv\/uVzqRPUNpg7BVmbfPZiuhb7zlBS5iEnD7HQr1yQZdvwO+KzbIE45IFNZW0vgffAtFqu87pW7cuAJT8hM56hM0y6I+9t3N4WPrl2skqqD284bdCmVuKpW7KxVl75osYa39By5S0YZ0rOhVU2oDwmajRbT9ApzMrA5XiDcwWgwiRvWK5yPSKsstsm9ZOL1eIX3FmAY2SRP0EAfXbqrqLpljBXygL\/R8LJp8bhvHuKr\/+sClGHii9YBUARpOa4GbxKZ1qIqeS0S2ZYZX1S\/9xAliYg0dUySl8oxdPH5B8EWXD+KxUfWUtnsViPVDmZ0XU0KQ5f4C8c4FNFLHtcajHbDxoTjYcERJoqWojm\/yyrh6lc+9zOSdm00\/3MAYymqX2j8WeKFjEwj6b1Fqta3+24+OZU5u15gzUzWlxwbzvwm3Kqiosep47WFWsdaYhg3Be5h6YiZpJAppJBg04SYf4ZaEeHhXoai5FANTUXKpYbGw05nOMSMP94Qprkia9MaeFAe\/ie7VqZzY4At9eU\/hBoWVBps5dEUyUbCwPVSjoiPvMrWKWQezHxse4BUNO75HC8CjYXzrDiNv4t1oUxr4cbkvpDn\/e6VDdJ3lRl5phUKJLMfC5SfDld2mynnjYTJq3ycVhoifV23V7nEu6yK0UfZz5rdo3umtEBZcSi9kXAwMAGr61pDqOGDuPdKtlpUbzjF8U2KtF1iOja+TvFwMDGmMCqh8cTWKvAmVZEaNPgEH+97D18f89CvJMMFY1Ag+PObGTjCp9Ms+mi7cU8Q\/jF3a\/SoIJErowjs42wnhthva2tU2664fju+VwVDzyJa2Tcw55S+pzCOFX9yyK3bRY\/HUIKAXdeUMPsPdbJrUTBPdRkOCYO+mggvi75BgDwlP1YByP5E4WzRdka22ZXeq93kbftXgFatirElRz9scr5l+KJz5oe2lGv5+PMdWQxerk0m1ONQCukYoK6SGVVmDv8Ut0437nltuiQZk4yTaQWeAACYZspITRL\/mHjeHqkhCMVYbcTy4zejWcEWYdMSnWtDXlc4GLRMUaYxNju1zjL0m47NMwmn70\/MIpwK3VTHdtwIF27trD2k7Ds\/gqV5XSteoR2b8IWCb1pGAMK5VAM4XATXlZqA0yAj3+BjjOmWbyvmwfs10cQhpvmP8kucjHGvYzyZVyQAg0TedhRpOd13lo1cgQvotnBV1X3lDQzLvz6UnNMVBTYCiXCsMalg=="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605292105170,"flow_last_seen":0,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":192,"flow_max_l4_data_len":192,"flow_avg_l4_data_len":192,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1605292105170,"flow_last_seen":0,"flow_min_l4_payload_len":160,"flow_max_l4_payload_len":160,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":160,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00674{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":170049,"pkt_caplen":246,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":246,"pkt_l4_len":192,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHAMAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/HZTRuvUgBgSELhfAAABAQgKdG+lysLdLW8XAwMAm7+VUv5v3n1cEKhvA7Obmk7hW69laavu9OZNOdP5v2aiE9LYEKQeHffn7vm6VstuW5LB+GPd1bdCCYxPrQ8cpXXvSrRBde7Ubgvulsw\/eGF6vJKgoYXL5h04lY18ojPm\/cV9tUPretg64t\/hG52\/jXKkQ9+5e1GR1KuJgn1MWQ\/97vN82J\/Jt388ivkqQMfP0T\/jvMqs33Elwytq"}
00657{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":170518,"pkt_caplen":237,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":237,"pkt_l4_len":183,"pkt":"qtsDr8lk5EKm5WPyht1gDdvHALcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqZwBuzRq\/RZTRuvUgBgSEKKhAAABAQgKdG+ly8LdLW8XAwMAazorJ+v8Qql\/1vWfAai2gkZCI3DTL5oADrcU2MSE9kWZdYS8Jqpk4fHfL5KS3jLCf57oTjL53SDsaGk+gIvtoan6S0MuUK39MyCSYP90lEM7cfvMMDv9MYZwBU7ADMu7jSPLRoIxvW6l0Cl8FwMDACLudklu9KmRe2M4B\/MpTRVuBpiUQvjz3VbQML7h4xLHHM4W"}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605292105171,"flow_last_seen":0,"flow_tot_l4_data_len":144,"flow_min_l4_data_len":144,"flow_max_l4_data_len":144,"flow_avg_l4_data_len":144,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1605292105171,"flow_last_seen":0,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00606{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":171046,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAJAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxfpsKg54gBgd\/fuUAAABAQgKdG+ly8LdWR0XAwMAa1HIP\/vnAAogIw4J2B2TkEHONIFMeD5XyAVKi4Q2Vue2Mstte\/aj9aBEGnaC\/XLTSleNDPxB5FKFlYuKlZTTvSjcjRkZVdPHhikw9Xf3PTuX4sNc4A4aMrxDB+2xDdlSgUdvbOv4DPatYzp8"}
00509{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":171411,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxmpsKg54gBgd\/YTsAAABAQgKdG+lzMLdWR0XAwMAIlHp65gwK7PBPS\/ZXxVrtwWRv5u\/D1Oka\/7+0BiFD1N3mso="}
00605{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":176233,"pkt_caplen":197,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":197,"pkt_l4_len":143,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAI8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxpFsKg54gBgd\/f4EAAABAQgKdG+l0cLdWR0XAwMAau+1WhRe96DKEz4O2DiVS\/91xsnWseh+6lrx3LgaqNmDXwRm1lqF7AcLtXkaV8D99qMpoGwTJnk5i4\/A5jdKnihSC+92twzKrr9YRFj27xUmeqz0tGED25O9+HkuuOkV2W5IN6Z8o+lbpTM="}
00589{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":176588,"pkt_caplen":186,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":186,"pkt_l4_len":132,"pkt":"qtsDr8lk5EKm5WPyht1gCnTDAIQGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0oqaoBuwynxwBsKg54gBgd\/ayxAAABAQgKdG+l0cLdWR0XAwMAX\/Yd2tE30yITdLVScy1FaO070XnDZMR6GJiZVqwat++QvYX+J9OjAkXIuTA6eA+46mRMhtiJSnHUHMZJ232U\/skK8H88Oqka3BXGyUundCVpL+UIL2bs9pZSC7nGsqsQ"}
00453{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":195930,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av0WgBAMvoDtAAABAQgKwt2d3XRvpco="}
00453{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":197034,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupnFNG69Q0av2tgBAM0YBAAAABAQgKwt2d33Rvpcs="}
-00524{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605292105197,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1605292105197,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":197307,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OYAAAAAoAL9IHL6AAACBAWgBAIIClFT82IAAAAAAQMDBw=="}
00453{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":198295,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupqmwqDngMp8ZqgBAMGKRpAAABAQgKwt2d4HRvpcs="}
00453{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":201287,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATSgqAcsBIEmLB5kd7IUo3\/YpAbupqmwqDngMp8aRgBAMHaQ8AAABAQgKwt2d4HRvpcw="}
@@ -83,18 +83,18 @@
00467{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":230486,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="}
00455{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":230554,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="}
01148{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":231042,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBgB++4yAAABAQgKUVPzg8LdnfMWAwECAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKdraAAEAAB0AIDYvcGjd9fK5d+Sh8kpRELYm8anOzkwuInZrhF5dnrEgAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAjo6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00525{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605292105274,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1605292105197,"flow_last_seen":1605292105231,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00533{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1605292105274,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":274861,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="}
00455{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":278180,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBALMO8iAAABAQgKwt2eLFFT84M="}
00590{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":278180,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIMGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBgLMLo5AAABAQgKwt2eLlFT84MWAwMAWAIAAFQDA88hrXTlmmERvh2MAh5luJHCohEWeruMXgeeCeLIqDOcIFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEEwIAAAwAKwACAwQAMwACABcUAwMAAQE="}
-00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_tot_l4_data_len":824,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":137,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00884{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":369,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1605292105197,"flow_last_seen":1605292105278,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":278202,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9uzC4X7BgBAB+\/fCAAABAQgKUVPzs8Ldni4="}
01156{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":279427,"pkt_caplen":609,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":609,"pkt_l4_len":555,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAisGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9uzC4X7BgBgB+02zAAABAQgKUVPztMLdni4UAwMAAQEWAwMCAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzAEcARQAXAEEExY5kLmOwRv8kXqMgU71DSi1G3IRBI9R3G1FdB2DV7QSEVT77XPPN7itUbmQi8o5VRMb3+Xc7elHSRXKhH0fKVwAtAAIBAQArAAsKenoDBAMDAwIDAQAbAAMCAAI6OgABAAAVAKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00467{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":299371,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="}
00455{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":299399,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="}
01150{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":299606,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBgB+x+BAAABAQgKUVPzyMLdnkMWAwECAAEAAfwDAy8GqoFoWkNyI7mYtVTa5cXzmnUMn\/AW4e4uQZtHexViIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIBw5Ol89JTdAu7B94JP0srEvQLd+Q79aN+DwFdZiG4R\/AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAhoaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00834{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00845{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1605292105274,"flow_last_seen":1605292105299,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00455{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":315905,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfsGn7vj3gBALcuwYAAABAQgKwt2eVVFT87Q="}
02104{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":318011,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfsGn7vj3gBgLcuJjAAABAQgKwt2eVlFT87QWAwMAmwIAAJcDAwTNI9jWgX\/IPxZ3SNWPY9ai9luhPs9EjohTqbc7n+zcIFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEEwIAAE8AKwACAwQAMwBFABcAQQT5KBEn\/99oGBe7ypR481hxLVfrClZStqbcOF1gF\/hJaHKWiAGV8SzUoUI5bt70K5fpn26dp8GWx+5kLHcJ2jNcFwMDACAZ5FSRNSIdgOFXRV\/5HowmP2dDwVcjHWLSHAHClCkvgRcDAxGloYPZIFbjm3XlWc0fa3e3FaOhKoA0BKz1eEXiMK1gn5Dx4O+n2VOHAFQI5hk+5UgiZJClEBlJNgCvsF9aYBg+QNz\/Fj+yaYYPhlpYwjBddKCz46j\/S0kYn6TNKp14DHgjpZ4RKJ9p5m7m044JICnkSLqRnKAHwr\/hBW5A\/3TQIgKozFkcg1kUXHKIJR+CFJ\/uKl3ieKHHwtiy0\/GE2QZeMGKDAHQwtwEH8uSwhlJ6WyMIh3E6vAUJgh1hptw\/fsnOw5+slyKf48Es8jdLAVtjQ4J7CyEPc7Lb6si5ofFCzLMCC1AoI3V6rFoDILWavuuigFGjdXTDYL3q4S43mM5JcQNxFBtvk4mtRH9Jpcc48jAAvydGhsyp8focbFsQwO4fAQv1d954fHiPa530wuR+I4ABbRn4I3qLsSxg63X6\/C3Bvr7hR9ptQNxL6zLA8dTkusaOoNrU10VglGDHqf9nolQDLQ6JQC74gVduLgEXHCQH2KmPQ\/cYLw\/EOVHS9Pju0ZnO2mYcnCo1awlLExAjl3T7r4XpAg+4pp+Jf+8pBP5G2TvRa5yau8A\/\/n\/yp+Yf4e\/\/y7rVwZ5broWhii\/eVLlunVGWTLUtyV3CYp6LNy9dKvcOAlN9KQ1ABpdxtI83FrVCzXnx7JJsPAyoGlHo9008fKE6gKzSeI35u3bHpJgeQSO6sbv\/arSllLAEEn1CXH1mOFmHFxEBpnHseDFVZJaRT02wp4RmI+wD29Pm1BMYxxJfyaWOW3THmwOKzkLbHk3W2GVTEPI\/aTkRS\/txC067TKeFqu8AkruZQEDJE6ANt6\/TAbxi4Xs5SKUaO7SMfNnlonLAWNqEInMyj\/VAW6HYmQ8SyjV7OMBuPMzGM5B3GyfDYN0ndu6NvXlid+tTZGIV5l4Wn9yN3pRVFVW0w5AtD\/NOz3S9CIVTyDctL6qKrKCvwQGcUjgd8eld+v0nYy4AtxMIb9yVyEoIhL3mvPWU4w0Kzajt99putz4oZ4TKrD56+00ZoIPuRq7Mw606yy0K2j4nWQLxsWI8yM+HbXtg2R8X3Dl9hHc0Ks2d7NkaYjnma2VMq\/T1Nuxfe8\/S+GD4G3+mYjXaBOiRLnlMKZFGxFQmZQpRWuPNmGjp3mWSSn3DrEy9uzBoIcSanT0KHy6xSx1gcsvgUlbWcJ5QqJZ\/cUovMi270g7jHQPOw15mRywMyco2K62YhnMISpGjSiSmSwv9hLy+bPRZWUJvcDCiGgD1ct9iqKAjJOf6AsgLN0aUsDEZTXRwFkfJmdgbNrXKrgs1Im+0B6+HQSEyOJVxuRlzTHYTymrG2gus1zDzLSEznxQQ9mdM\/NQCdg=="}
02099{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":318011,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhg3mn7vj3gBgLcjt+AAABAQgKwt2eVlFT87SoV70o0F0M2LY1DEzTgHG7koNmP6ZYr30SX2TWUreZvsS3s9towGhQsOF2Ti32ot5ycNRV3Qknz\/\/tSzv0d4jzhuHu7zNJUMQP8rY\/n8uiuvEaDZFXnjMGKAWYn6d6yuP+nrZIhS1sicov2fRfd\/xsxBJAVXAgZhHNM6qzT38QIDBI+42+RY8s1zIvjvsqkLxPz96tFFcYUL2v0kOT80dq+TzmegB1pDkPMZpqeMIK5OsPjktiOtJmTlhYQjqu7RB3yRWp2\/kJyjaZ67+DWI4x7YSrIz4WkjEN44UWLoQvCUxnEm64m4ELNV5eQlaI1L09\/BbGIhoq9ZYLMQaBK24JgTYnLkgSwb7FgMX1urg6R\/tIicUsyKbMAtBuv3R61SC2vWxKeZ7fEypHxuj4svnElBRrfW9lcVZetVolTzaAqAjm9OL5z6L5rT1RPu0gk3Nh8oiHOclIT8eg6NYdA89nkKyoXrLFo9KW1h6dmqiGlRTcDhRMdI5DYZTR0eCCBni2lBsDlbfrz\/baXCE6FGGtzo2V3YnP7Em1ZqbFn6USu5DGa+W8nOA8up4U1GNc3v1hlBsSlOssIrr7FD8JJ0ssfqU0NbGUESAQMAmPT00O4Ui2aXl+YzWsrPaZONXt8WCsV2MVZ+bQLxLGjQIYXKG+drabqHxtyevoKVS0veshwoAWif+QIFFP1t9kVriBkYd4B91dfc+5YPmzEjDFYr6m0fpQmc8T8muS+jBTaL8VxtdUYwQLopX29Ntbii0c7krbP9ZcgaqFuihBPzJJKWDt6Z6OUQ+dnoc2E65DxdGg9tEkoRIjxg9dwu8N9\/l0GKe42FIeJsPQoWADbbK3RvFwRSjGEa79HObTylDrasbGzc1RfTMV2h5\/8MaX14J4aq4Scr65VWwxyCD49nnSTPPkaJar3mL4tFZIk8a8uKdFzcm5nq5ODk\/h0BUbuTrFkl0edVMA8bna47uPbb+lLll7bsaJB\/Q7RLTJPYiPMWvnemlq3RZVmJKcLSlU6zZ6n5m1sYXfaI4Y0sGTAuMyHWEbsgc1x\/vm6Nw\/BDs4KagrD5zS\/7IVc9kvhvxtWTUFUkED2lGdHHn3cQzF76Rvgz1BcFGYTta\/I0c6y9\/3\/F\/vysizvJyTetBzXsR6PGv1ljYC2TX77k058Ebi+iCKHNCoYRBVLWH2qTehRPpe6DpAtvY8tRQtn8xX1KAq55GttQiGT7gH3JaZjgq\/10c86w3VTxQcsRImilu4n5HntiJJF3uM4F\/dVxuyCHQRI1JHJ118h4vURZ6FMJFChI7I2QtZHuKgN7xJxBUAijE953JaQ4ngBX0iZgjKuIzmoslm\/a4WuR6lGLKwdlMsgUcZY3Y6oKO78d9bLrk4OAaPdmok83ffZBtb7UI\/3CBVA3y\/aJzotYYeeulvXKF8asLMemKwNPdUwB2SU9mlMOORjQaBojl3EX6imvQkNgnXRCsPgr6gfKEcJK2j5vX5htw5\/RkNadr5F+EeL+PQsGzBeAcUmabtfltSipdBMmsdGG6+YSHyzxf2JHFbXV6pMCosBNVlVgAhMzVMOIeYuLrtp7kDQAbp+y8mtZadNn06jtSRQQAWdM0rCAT2jA=="}
@@ -105,28 +105,28 @@
00455{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":322435,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5yG572bgBEB+\/EWAAABAQgKUVPz38LdnkM="}
00455{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":339147,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZvixr+cgBALMOfQAAABAQgKwt2ebFFT88g="}
00591{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":340527,"pkt_caplen":185,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":185,"pkt_l4_len":131,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAIMGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZvixr+cgBgLMEIPAAABAQgKwt2ebVFT88gWAwMAWAIAAFQDA88hrXTlmmERvh2MAh5luJHCohEWeruMXgeeCeLIqDOcIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOEwIAAAwAKwACAwQAMwACABcUAwMAAQE="}
-00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_tot_l4_data_len":856,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":7,"flow_first_seen":1605292105274,"flow_last_seen":1605292105340,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":88,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"consent.cmp.oath.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00438{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":340544,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gA6lJABQGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5wAAAAAUAQAABcOAAA="}
00455{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":345821,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvf7ixr+dgBALMOdPAAABAQgKwt2eclFT898="}
00439{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":345830,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gA6lJABQGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv50AAAAAUAQAABcNAAA="}
00456{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":347849,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvf7ixr+dgBELMOdMAAABAQgKwt2edFFT898="}
00439{"flow_id":11,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":347857,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"pkt":"qtsDr8lk5EKm5WPyht1gA6lJABQGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv50AAAAAUAQAABcNAAA="}
-00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605292105418,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1605292105418,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":418417,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="}
-00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605292105433,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1605292105433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":433892,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACgGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5MAAAAAoAL9IMKvAAACBAWgBAIICr4D0hAAAAAAAQMDBw=="}
00467{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":447883,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou0O5ht8oBJXgIDEAAACBAV4AQMDAwQCCArC3Z7YE2bkRg=="}
00453{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":447904,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBAB+wS5AAABAQgKE2bkY8Ldntg="}
01291{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":448108,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3xqPjrugBgB+4JWAAABAQgKE2bkZMLdntgWAwECZwEAAmMDA01hkKus+MkqaNZ11u\/JhpX8opi+Paz\/2culjqS\/fRVYIMdAvSOkLp4IegED4alflZbkeoPKAFn+1vm3NO5kGg0FACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqamgAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACAZgcv6djgDbSXoFxR2Bhsr1SLhgniKBtXtlIDDETXMCAAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAIKCgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNam9hQpY2hMMKuXsZwFntxH9VeeCDjG5ZumnFfjZUDtOBPLSzw4R57\/QCBI18BwcPm48mrUGyW53Ub1R1QzZAjB7iAKV4vFIwFfFqvyyzCt+XQCHUSkW6UYjU9HW8UHVOSLv+gTEZIbkGDOYtPsq7YccVngTZL3n3IHqwmTgcbP5ueNH8XOZq7\/Y1OeX7Wx9xVtrBDjNMgQxbOzaBnVFB93EKDMM4PQzj6qYiuKetEAoBMozzmixqRKxA5zUbOA5h0RPxge6RCPaz+BuJE3Cm\/zM5MOERtu8U1IsclnN2s3hdk+igAAxMH67OIYeJEbtrgELqGnjRFz2Dy5CExYP6mmzTrMo8NEajMnamg6uhqcAqBJ0WIxFJA=="}
-00818{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_tot_l4_data_len":764,"flow_min_l4_data_len":32,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00829{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":436,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1605292105418,"flow_last_seen":1605292105448,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00466{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":459292,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a1gJBeUoBJXgDGmAAACBAV4AQMDAwQCCArC3Z7jvgPSEA=="}
00453{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":459314,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBAB+7WdAAABAQgKvgPSKsLdnuM="}
01149{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":459543,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCAiUGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkF5QDVtGugBgB+\/IDAAABAQgKvgPSKsLdnuMWAwECAAEAAfwDA0SwrBQ+d5serlsxTSylSCJ2cOl7xaFhVNFnNENmyXzLII1+rGz9ESjQv1hbMrYHKnzgyMTJu0Ir\/kwfyDkc\/1pDACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGgAYAAAVY29va2lleC5uZ2QueWFob28uY29tABcAAP8BAAEAAAoACgAIiooAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmKigABAAAdACA9g892NhkW61BobOu+QMSd1m\/f0wlw8Wps+OIILfVOLAAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAALq6gABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1605292105433,"flow_last_seen":1605292105459,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":485825,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou4O5h3ogBALPfjjAAABAQgKwt2e\/hNm5GQ="}
00454{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":492745,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a5gJBmZgBALMKpAAAABAQgKwt2fBr4D0io="}
00819{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":494854,"pkt_caplen":356,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":356,"pkt_l4_len":302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAS4GPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+Ou4O5h3ogBgLPUAoAAABAQgKwt2fCBNm5GQWAwMAgAIAAHwDAw6IIth+R6VC4MCy4H4pC4R4NC+hmlI2w+T+VCPrieVAIMdAvSOkLp4IegED4alflZbkeoPKAFn+1vm3NO5kGg0FEwIAADQAKwACAwQAMwAkAB0AIHJkIFENvX9kSeVAQ6dQ32HTFcgVQiHD3CRMxNxQEmJ1ACkAAgAAFAMDAAEBFwMDADTDBTfsVEi22J5pAKqKmAXlTvVm436Rh8drCKTtC1v5wE\/gxHcai1SkGWW6uGtCAyWJqQowFwMDAEWRNLBCCNGaGZ4B5qnY9YCKWpmgS0EJqXTldfxvJtv2xQcCV4fkEky+QOkr3wF4L0ZnpaA2obKYHrtVVdHrPKyOLGuwE4c="}
-00858{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_tot_l4_data_len":1098,"flow_min_l4_data_len":32,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00868{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":442,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1605292105418,"flow_last_seen":1605292105494,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00453{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":494867,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mHehqPjv8gBAB+QDiAAABAQgKE2bkksLdnwg="}
00564{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":495563,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAHAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mHehqPjv8gBgB+cGqAAABAQgKE2bkk8LdnwgUAwMAAQEXAwMARXSu5HHoLN4J6sfTv5jSyh19PaWjGE58SRDgu4lQJ15nul9a9ZpY9a0dRf5BmVKNCB+qr4DA4KPR5sXwiPP3T+WIniKhgg=="}
01016{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":495661,"pkt_caplen":503,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":503,"pkt_l4_len":449,"pkt":"qtsDr8lk5EKm5WPyht1gDBurAcEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mHjhqPjv8gBgB+dW4AAABAQgKE2bkk8LdnwgXAwMBnHNP3I0+tGOOYz9OcaSyIi8m7zKJimtabzgKdie0gq5Klg\/790ehUAvIDz0RNTUP1I62agSUzGvWtfccQD5xFeZQExrycGsGLODdEvh2cV0BctQadOdf5NqMRUock\/sNfZ4yuUn1lw4FjfztheYz0Ci8GD4eH70+nPp9ccKGmYcmu+Qon9vn4U7c13cy05gsZR5HmytWQGRP0n1f+wuOgObbcI2yQEC2Nj2+IOjjvLiTUfir+Sm9+asuYkSnNkttIPTzQtuX2pTY4O84M7GjKjhQU2nXHffXQNuERHejceg8tz0lpkMQuaNcLqFVdsgv2NFfVkM0eFW67X4whTa4CDgeWtuFQj0PnE1ukLDAiVh2P93N1jNZqeTEXTyrNqg4\/WGtdcudeJ8pkmk2AdAdl8+vofmlynmyH2ABlbJngI3fMpFXXsU7UNkV7VoA2SENEuCb6jXCkyJqUJVoCZRPsH+ryjo2FqrSE1BzjkUr3GCokVTvWz4YuHp9OPFlzTAUR50L+JzcL8IZCfvnyfcL+3C4Gb\/WwzRPB5vQL+A="}
@@ -136,7 +136,7 @@
00455{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":534734,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mH9lqPj0bgBAB9\/2EAAABAQgKE2bkusLdny8="}
02068{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":587354,"pkt_caplen":1273,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1273,"pkt_l4_len":1219,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABMMGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY8Go+PRsO5h\/ZgBgLe7n8AAABAQgKwt2fYxNm5LoXAwMEnkylLneLfYiEsa\/+icvuOrYEuCq84U6tBmBnELnGkHHKx6KYFpR4Fe\/XHHyqkCnvCCLTv+Dx9mX7625gC+aMAqz+\/Ouvxl966llOIwq43m8CWCTcNMRg65EvQj1Q7XYNOOizSIYk+doQLnK5rTGxpc4KsLrfHXUHm2O2rqmBLuL0iGJ5reKHquQ9qRTwL5XrhC1Dd91wKd7h3lGIjYRPKAemB4X3bMNVW5ijhhQxlJ2IWAOHkySl4ERaef0gXORn0gnlBHX8wieqKK3S7YMv4ofDlQiTVu5W2tS1k5kFRtbWTGiklccd9lVJjxuB71ajdM+L9U3ogC16Q8AEKIu1NPr13FWu5xmi+oDXG+wjTKjduMk\/GFWewzy+od8xZ99eHM9\/03re69ZTGQ8hrwkKKJArjWIFxA88ihKgQCduocrycXVLp8wxvdnWChPsRwOFuCtewxMK1jbff3qIDX\/FTCQ8bI0gnKgD0Fy61qPpUxEAPsPDB+kbCu8t1UgHiTbE0FbcqFy1gUlTn6yqbPcLLG7WHr38urVJLpczNYBXp2xPR2SolDPsapK9WbRjFG4lC50dUUTsFiosAa+dKYdbrrxVOLJxCD6BbDV+wCUiPeEIsvyDzr\/nGV+qdLcpoTMdZfSrsEO1ZOs3tRwW0FUNoEAtOLXzPAC80DFXzrTQHnZWETDOKh4MoieAbNvgLvrpefav9TTU0MEI53macsfhAslKxvAgWrlV1jySt6T\/ntNdFyBKxtxMqoMz8OG8z4VGikY5D9TIrQeALkAutzCD9U19jYvIV3ElHzWg5em3G0E66065vP7OTCAboRPl\/+pH4A1jM30yAQcbXUDLBKSFKNaZ\/EZqU9RQvbbhXIvEF3luu8MsSftzJVueNDrs2vB\/3Dso8YAshWcKwxoiOqpxXI12\/7LO3+IH9iAqh2M0UN3GF41kAs+1qEHZyPc7zOC9s+ZPRQImKNr\/pcEKakvf+ZlhHQynrqJGCPXgejTUpg4B23RjsETARpDk6yjNPym5VerN2C1P3QihC4BPZFYo4bf+mTyJzPRF\/pDuLTt+\/tgs32L8H5cr+VdaK1LPKCOafvmxPNCGHmjozIYzDz5VQSHHsNHlkk4Z7YvrtQKtE6iTfSe\/Cx1rufWxvHR+F1Q\/pycds5teCsQ3YdPw1rn\/883yWTIJwZaWBESgZLD0XdgfhiooRn5X8JyKEeNMc0F61tbU3mUi5TAm01eeUmfs9weKz7Lt7lJiJmrw6tkZPxTF4Earn6StqmVeLDqhT0t0p5U8C+6uagpCw4ZamEmXcPf5YCfnj927WeNA35FpYc903JSYIq2o40D5B8rGYNsc5IXRk+zto8jElZNMwZYYpRmgYY\/ib9hPL4sc8QfPvbKkPvuTPJr3mwj8KnVsI5soAGlKBL\/lz+RlOvIm0FwBip14ohFs9Adq4mcI+EAay6hXkJNs9uxOFQ5wQgq971GbQWeNRZ\/9i+ElGLuOw+BPdbu++6ocRHL6Cn895vBPVR3MnmGVp51NBJ4popw4ETqZmh0eKNyvSHFg5hiLAN+eWzSxx+GPN+KNBo6yLDU2GQ=="}
00454{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":587428,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mH9lqPkG+gBAB7viBAAABAQgKE2bk78Ldn2M="}
-00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605292105669,"flow_last_seen":0,"flow_tot_l4_data_len":152,"flow_min_l4_data_len":152,"flow_max_l4_data_len":152,"flow_avg_l4_data_len":152,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1605292105669,"flow_last_seen":0,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00620{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":669051,"pkt_caplen":206,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":206,"pkt_l4_len":152,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAJgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOk4W2C\/9gBhA0URlAAABAQgKBcmbq8LdLRcXAwMAcysuUqnNdP5CtlTC2pWvfZyUMV8UFocs8M6W09NnsspPibPhqobMFIm1f0B4kk13U59rzTyXjGQM3JpbSJkQg4GGmBSNMo7KgMloXnt3GygjcT75OOC0YPo3\/MFdKUwkpDu47ubalsF7IwgRDAn\/l0DFoLo="}
00511{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":669426,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOsYW2C\/9gBhA0ehRAAABAQgKBcmbrMLdLRcXAwMAIgQb59HIMHYAgoaCAJqbMMjq72ntBt\/\/eGErLyXH34Iczsk="}
00632{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":669518,"pkt_caplen":215,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":215,"pkt_l4_len":161,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sAKEGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKOu0W2C\/9gBhA0aEtAAABAQgKBcmbrMLdLRcXAwMAfBkhBkIFqMuMKjD1\/xjqGp2hEKMP3ziLomYjJXbyDDBzMNKC8MmFqfqAj9+xvxfAO7rBldu4UpazYVXmg399TnFcypI7qckvMpQyy6kehQ5F75J5BlTYjgokme9I6h8+9mS8Y6D2WQEp5qh0Ix9\/vReZo1xT0xocl8k7wFQ="}
@@ -152,13 +152,13 @@
00455{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":718255,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKPFsW2DV1gBBA0f90AAABAQgKBcmb3cLdn+Y="}
02359{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":718447,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbvd2hbYNXV3yjw3gBgL2leiAAABAQgKwt2f5gXJm62Ao+Dv7HSFyymkQwE2eNtseD9HDXZEYtL4RFlDfJm4njwq3yLAmVwGP9WvO19NKRGcVMtgqyJFAMJOszVhmnPfPL5y3y+pCJvN3nxfJoDTDITdwhHKjPX6YvbgF3dqNNAAm48gX8ALmDWRWhEOngcuaEJHR3g2rtB9ipXAYWJOVLJaqJGDZ+5yEcBI3Z7OnDhZRJRwdlQx6ZKodc9VXdFIGt9qRB9D5LrD02Jz4xEUN8FU4SqVvaQVd+26puVCjPvfBHI10n0o+MOYslGlJ8\/N\/bwJsV0HXXhBE64ZcWjanGwSUGEhmBOFrGkOFrOv1tkGyoDWYoATEafJgFeeb\/a\/G89UmcDqnOvkX\/U9ZE03UPfx233MEA8TtsUxLrFWaUHpSfVryvhHtb1mbz7\/tGOYEE\/nTdu4YgOI7KlzFgulx0TaefiFYxwJzSPjKsWqoBoRy5+jW7ka7ue0H1uD\/58R0Oeg0scIaA0CaMhhEhk0REFw7DLZiV6JdPO32qxTHnhybqQ4Vn18scJC5Kw95K\/em9B2mLsyFUw0e4MES8QawqKZSNxAPf94Q8kN8zEdZOQf1i+UFRicegB\/vUf5+MSSaUKLUFJR47kYhTS00BXVzC3mgo6Y6bYXiy3RY\/FWBOez7Ym1lVvFU0VtqA\/3NVx1G0b1nCXW062sNH8QuaMwiG\/T7OLT9znDCjrNFqJx51i57Koj4GoO2VOtRMHMwAHzkmzfH0fOuCJwIoCtoTyF8VQ5oNQ\/Nw86Qy0gf+oy8rRkMdG3vxfahwTUNJ52\/iq5N7SYVj64sIPn7CpAcN9+VcdTOjnG8UBHacrnamW7hxgVF6++SQO3v1JEmOqDjw5sZA1uWHR86GRRtpCk28gl0rNtdxJJS1WVh+vAVk+U8Ih925Sj8REOdrk0OItGzMLHuQvqrylbZagq7MjWFw+2+2WhjxX3FB72HAELfVpmkVCEpV0dB\/0SwW+yU\/yPnxaiJ+kUTbr4FUK7Ffjy3oqc+KYJESzvRSWu4P2ePHWBRZ+FsYxNv5oMNwiBhZoF93aBrQM4PzpBtxsGfWTdb8pDQnGLdkMylvbHiq6bVbEQiHqNMPBpY2u5G57BiKK1IhVR225DdMsvr4yfI8CroYBOgPCMVT9UjcVTf65B1jzb0RUMUUNtetxgD3ErDPFXO\/mWD3ublc3W1qeQBT6C\/YatHsQT1nKhwGyyu77kCquwgw3wgVK3LrHYY6ei49fFHWimRNrhgTnwE35eNAJ+nmpk2IrNnwzY3ZPFiGys2AWxwwO8IrvfPDB\/lbjRdmA2Jfa4OoxwVWfA\/rYhf\/\/p3kY8FUKGTe9etl1hiDu2r2Km2D7GjqtqySWkhD5GF5+FL3tdRaPDOSPIiDf9lr0tfc8BQPwFnkvAKwaWARHRFWW3nXx\/eLjHODFTc1OhurXC36U603KQWsRAxM7k0UgrbJYMJZ3put72jl8lePKKPzLDMV+Ygkx7SJhgIYFKRvTEeKl1SXdRHe3Vu8zJCX+KjefnMutGs0G95IFoqaDUahCf+Azq8U0xJL1hjy3t5qQ8x0TFUSdgcRRKgBZYhx6lczzopOGVmbfQbYIzZ3jWPr33DjxiIj7WBfQOZprnd7jczYA9TLHV3XTpYgPrb\/9dkFKniNYTzgBxemNPOrBHNVcSD1OpBrsCPqP83laX+IZrVxoE7ut3CN9HcF\/bNzTw0tJxpVZvKH2uDBQ1E7vb\/dpOLZ\/FmMquB1V0fmXrgpwhQUmb4smrLDEIUMVfqhsv4cfay84WZ4Jip6N03XXSaI\/edsjrkmZc8un7tcoj4iVyKWpfCvLRdJCKZzEe6vpUapQfJbTvtvsTdtjMdyqoHHSJ+6mBTo98gSb7yg=="}
00456{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":718452,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCP\/sACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3doBu3fKPFsW2DrtgBBA5\/nmAAABAQgKBcmb3cLdn+Y="}
-00510{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605292105726,"flow_last_seen":0,"flow_tot_l4_data_len":159,"flow_min_l4_data_len":159,"flow_max_l4_data_len":159,"flow_avg_l4_data_len":159,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1605292105726,"flow_last_seen":0,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00627{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":726518,"pkt_caplen":213,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":213,"pkt_l4_len":159,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAJ8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npntnZTJergBgB9damAAABAQgKLIniTsLdLfkXAwMAepLzP8oRHbXAD5D56fW\/ezxXNRxKdaqM6BwQpjw0zyORx06Rl8gHWinoWY19NxmIXl2owLgVHJ\/UEVkHmda\/PMinu6FgCqLeUi5RUsVJaGqL1ulKRH6Mi5nxYau2z9M9f+jUaBIVXH47AOoxy+jPs5YTh+8Es3OdfTIr"}
00507{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":726719,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxAEcGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn1jZTJergBgB9c+fAAABAQgKLIniTsLdLfkXAwMAInb0OIEXDizCLxamWTiLwYinYzi396zhkwGnl1I5tNs4gXU="}
00455{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774640,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9YgBALghHTAAABAQgKwt2gFiyJ4k4="}
00456{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774928,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMl6u56Z9\/gBALhxGlAAABAQgKwt2gGCyJ4k4="}
02337{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774928,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW0a5gJBmZgBgLMEf6AAABAQgKwt2gGL4D0ioWAwMAegIAAHYDAzBkmNGKowNxLH+KF7JIQjKggH3khV\/t5VR87EC97HUHII1+rGz9ESjQv1hbMrYHKnzgyMTJu0Ir\/kwfyDkc\/1pDEwEAAC4AKwACAwQAMwAkAB0AIP03zyt0csDnR+HgBzny0UyzosjuHbR2qOfi0v46GhQlFAMDAAEBFwMDACQIZyBvYiG3YR6jisy4WysMxXQ+NyiGADMPtlyIDFAgG0FBwtcXAwMQ+sSgmRhuk1FhEEgQe\/75S08lqwQiEo\/7r4L+7bjg2cid6\/shCnkD1RS8DVaJ8dkY665w\/hBYvPFdmsUCg\/RJcB3yKR2ebhLNclItVhXbAeDpCge\/HOLWCd9nYfCzfXNA5Csc7+z+R7bzjNqlNF80xKFoyCakjZNfoHv3Q82thKSTfEmw+JLHJyJtrY2cxWjkSTQGk2IXgZDevcHm3G2vAFdJCH4\/mo18ANTBjQo8lADVn1hi2\/ZgD69S76K1dDKyHrP+qhQrRvhE3kcc69SP3CcLqPnWBgedRblbRGyoV82vdd97gFPkXZO1qmnboJNpdxA2ZM6I1unB1s8jGhxjwXH9BZSiTk9ZT6y476SHb4CPGaicoHr\/aEpV4\/kjLQR641djnfwJpl0dCEmg70xutSLmMvKZBOsuJXg5KLNumRlhamNLuSy8qD2RU0umaBAgw98aVaSIwFdj5D9i\/uCUVMUNGkfqpQ115+5yf+k01jBpe7TQ08odSH8\/sfFrIOD9GdE1r8icmCWevuAglZpXctf1xctz31MpqzeJVG48swdo4T+sGbJVyL3R74de7KQ8i6hiTehFkk3+jDmmBjOK3PiYusyfbzOZrS96vtOwjc+YfYAk8cDXKRXHM99v0KecJaUaEzezGbfpuzu6VOzed5VpmQJ3WGMHIiEftqXLLiqEZ8bU+VIK+4DsKLYDm5wfN2YYWFzlXHZSVVeeuuxoLOtoeR+6qkpcW+e9PznweGuUPVa1jpJc7UYEPIdwNPBXamd6lOqx29IHixD3G6B9E5RPHU5PAwEYkb32Qh90DcD8A1mnn1+68J7R22C3s2crYGHrpVQ8LOD8fuSHZM9OTnIJYi8Ab10lNjUYCdMBVYbVbJDNpLLPlxk9NvTtomFiv0fbCWwoMW3l9uxnq3cMuhE65lx8wADk3NFGGnNyuIy++oCdgttUR44lVC5XmwDT4FQERuuTvz388de\/fdJOoUwWsY6t134An4hTrdzNP8TT4HhBIWCuWHODtUzBikMG43WJVz0xx\/RUvucUnttMmdRghY\/B9H4\/FLX4PnG4gsMMKwZx6ExiXwc9NCzCnRF000rb4ZeNyqFFYL5Fk2FojCjIHwM4eEICdBEQFqIfBcmTaw4w\/ZyUmZsu58CRbO\/cmsW+9f0lmEqW3yX9jqbkd6YtnzloYgmvVFUXU5xAgHklqWqFGDeE0qfQLcm2EPhMcaJFYALj82dzE9ERsa511HZSprD93L8wKdTyW\/WRWoNXQUCURklfC9WX3mfWHAXGWeVB1IhOwdKUzw02HTBh66i+k4KjS3htLO4Kfoq7PfAJhD1AsJIxZSk6KCjwRmPPcP62uTpaMqADSaE6OZKcZLZZAL7ySz\/RUJJzFqClGn98Bdwv2N22j+x3Gec7nFB2Y0mM+2Rgw7c1JxmpafPd+uqgl6VpPOZArNQHaPOZs0652j\/Uua52pavhJf3+uPVzDfzhDuL\/tLEyB6R2HDmMdjP43bL90cG5ZErTTC9vIFooK82OhcGwXEuyl0dGKPdpLA4KeaJOjgexY9PwFmSWi84VgRE4lIeh8Gdu5ciyp+3pkescBOSwgYcQZz76W9Y9tiRDkrPgNchV+w=="}
-00867{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_tot_l4_data_len":2113,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":574,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1605292105433,"flow_last_seen":1605292105774,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Yahoo","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"cookiex.ngd.yahoo.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02332{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774928,"pkt_caplen":1474,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1474,"pkt_l4_len":1420,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABYwGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW1xpgJBmZgBgLMLjIAAABAQgKwt2gGL4D0iqz0uYAkjbRuG2Ouu2SH5W6jXzsDkL6aTNQ4b00smrbfXPdM7+Def8oybtLRoEVxZV5tC32vH2uEp3lJqvTkkwYBml2z+LbxhwvD5REDUKGWDehh6LNSoSzax2PStuTKnyTtB1ofnyhoCrMVXaFmg2R5D8om2TcdAnfAnpFHEgM3nKLsnWVBkZrKIFUc9tjBm1RpWoO8BWMcGPJtuX13uulrizBt\/pL4Ya6H6e0Wf9SC\/L6IhmkO9KjZ1+WJqofVkk1tHZxUsomU+Qv9MUpWZVY0pKs5SD1LiFhg545IlRbSQlrRSDr1Arewib1ismmioqtYbCODrlGENyk59G3CPaHclPXXWglwnZy8mKh0Eok12eAK5QgM6hEcrn+q2NqOco9eVegyV2XDxRGfVGP3CpaZNSjMkw35A6RmSjn2g\/E6AhG8ZdG6lOrQQrQQDl4yuyrjNoJrpWJlzq99NpvE67PZ3PRFaCONH692tYu8xWV7UDbZBaQamr6hlvjeI\/Z5PiOqobmuldpfQIGOgJNmKLWQmqkvFFWXFWDEYQinWOKDU38LPMuo\/XB9bkQsmz+yrSaxutYzyJX6IeGUFBdWR4wsUgTTMt6tdKrmvB9AFthcYwGF9L3yQR5SsubdCBdEW+56lfjrbTmQTIdJqFi9wTqcmy\/ixJIe3GZua1wPtOUtQJGpejR1TOKwsM+gJiWy+I1T+80iLCJT2TglwT9oKjgBhdu15+JHf1t\/vbdEeiKk5rMKJlHVglUKdrSpfkSc+ya5KikxOR\/FsqT5eRXBAgtYR3Rsr9Wvy8dVTPfkbfHZalUMoz3PAshS5H37S0+uJrshYYehCUEASpDRIxE3m8p5sf3aXdDNK6LL0n4JYaOL1CJdB3dG2wyhdmKRnenpw71R1tBIhNvDmYHvNmwNKZJ5bmxlfAIRDhnqRVaBAuTV8i6k6dX74e5cXFHG8I6gLa+iVtjNFFyex2ewDtIDb7rXWOzUqtk6BP1rZ28zG1st6D87rEmQqDpaboaITq5ZAP9zoKZgT1uxow1VctTi4Gx7pPjYne5g8s6T3Yx+3fPkvKZ2mVtwRB4Gd6wZMzOsnBoHhqtt9C9qjm0bYHSHuDnGLhB9lV7So1PeoomKKakpO8GLTNnvWF8jg+pztRrK\/NH5m7RmjGfQTflcGMmo+jBi7YOn7l5q0GIs\/bQ3QJXY+Yxpp5mc8paEKyv+kxc\/BP4ZOAgrQTKrbQrlLWrYP3uGz1PZrBA3A6P4QLfsuOLJIOhMG9QZ3nFhuiAYWyyhmNH2y7BbylErOeFB0Sic4sww\/IAT2DHBn2qALvZNlIcUiO4BPgm2KtGs\/99+CKf9kLW5SrHQGMFeTGuNB\/AirXCtFRy8wrMDHSGJosGcjGvsLMMLCPZe9LTnLTqt9ukYrA+ehHTlNIQ+mAK6ZP16JQmEWcS9Wsa5wKt7vi3A9TH0Uh6P6l6yzg4SfDWwfhiTrENwlLoBqDLfXxd7Wo9jAKGd+Wbx060OXcx\/SG0zBJcPmqoI3qFBaLDxgICxTiG72lSycm+N6g573Hv6LSS9uBy92YGDHrEqKpTcX+xKjpGyuRPG9h8mg1xI+DEIbDVZSe4CvyxY3jJQ0+4VOiOLOkbTTxYkgYj3gkKyFZ8esAqM3KKVoo2n4hSRzADx8v9KJXmcht2jWaggb+zbeBCr5M6h57JpP\/pqZGrvmR6RwM2cEypJ+pRXBY09noS1qQaNxAvD\/v\/FAJdn5DAh4nH7bkKYIwqpmRHT0QW0LYE7rN9q5KI5k6w4f2+nCOwDQ\/f8GZ1gsDKUXboCSOWyKI7fSV2lWjEBVLjyQMwe\/yGDs3ZfW59x7o88v1BXw4Jrg=="}
02254{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774929,"pkt_caplen":1406,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1406,"pkt_l4_len":1352,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABUgGPSABSZgAFAgAAAAAAAAAEAEqAcsBIEmLB5kd7IUo3\/YpAbu4DgNW3IZgJBmZgBgLMOxgAAABAQgKwt2gGL4D0ipmfj73scMChIKfQOlUqAQhZ47uCIOB6u+zgzF+PfcLM0tEkgUH1IF0oysZpbqY8OO9DwKX7+uWisq4fHq\/GTK8IhfgSmkSD9heQQpJ4PWGHylbaxL8xmFy1asd7hrIipCGWOAfnNw\/HeyUvtPoJhQ6tMjoSwt0D5GK7Oi4oxBsNU1rH94vMMdIfNCf8IeFsCwx19RIMYUHZwozKHlwBTijkks8qulmUN1+oEsJOkiROkv527\/LuMGjqN4RlaKi7bi7ToQM4d3j4yHxwYaAj6pbrs05vKuiXu\/OWKFYNatM9kMOrt2YM3Z+Z78h71i1BDODfTV0dNJik5U\/O5YeF6rXISTI3Pz4gouSam+Z52EICbGNNZG3u79oE\/bzT+IAuB1LDk9OI8acva2eQJmLXxvOMTZN5w+Egx1wR26dIH1Az0bVU+u6UCy4gfFufSyh6sjtSBFxvMXPx+rrTB+nS3\/wt4hYIxylLBYfRbWVAmVl8ESGzUl6p8Mysz1HmHrjm+\/Di\/cvxrIz+PiWGnEYvU7PjgrLzqRvihWeUAhV+20aHqwa6QVUHfRd7p9fITWzQaUYoayk94hyTeJcna+26pd9SsA3MqEkbZ8zdan7WVIS19ANKI7O1p1tfu3SLE8Z\/KDNeiiMREA1j6o8PY\/wTxEGU6YEEwb45zhkNHJJm09yqr2dpYVvd1oG9ZiWoDN4B\/ju5281gqFtLElnJ8PCsbBhHWRLtzS8AvRHMTeasZJ5cObZSC39F14S121mcPtW9R3JAJwqOTWcmmb3STqDOnzAzExkvAPsclU24dzqGN\/IZgI5+\/qDhQ4juDekuyUHv44yAvXjuoe8\/2YeTD0LpJiuYhd0nmmKNZTGsAlVWQ8lIGiQxElZbZoLSBZrZ7ERMm3h4Znh4PxZC1GQg4jLj0mNN5KWsFiW4mAtiqbDAFEpnP69tFOxpL+3VawaH76GTN013SJcfgQovVO6Kt9sduUg6Q5Yg\/fMVXaYfEnkD6y3T2Ce9WvHCBORfj072MOBxT8O5F9sBp4+Eq9xHJtYgyYjvERGdHUbaHmHDuVujkNFI9IP25rzqPkKmvz2ice21Nm6VQthpt7SORj8CZiRyhPWQhiky7arg\/0uKqZ0jte3WjUETZh1JUTuCnw+KxCM24M3L\/+XRT4DkK0Kc201lwQH9hgCj2Jnhy9gr65d\/FPLTdJwR9wm0YHIvCaNuZQxF\/sJ2tX\/y8CNDIyhkzhrqC+79vx\/ykAn\/Zj3Qq0KBKja5pV\/3XMlkB1sK9TvyPvgMNtwukj0eUMiOolnkO2owDbE41vxRwnQoixoBdz9PL2Ymj1U0ur48BhzlXVmpZlPfiTo72x451b87\/2j1pVlevm7NV37QDuKUxLPEGNZJLq8OF+f\/7CAH4oHG2yhcEsRlkmqfcwQuOIf0YoQRXa4\/oXu3wDYdOrfSBlHsBTrd+rLO9xmwika3kHiuLP7g5FM\/XxGQogoh4PldhPXKJ8ZKpeKM4OnI1FF48\/r7Qc3ZO6UzMO6koYi3JTn46LvhrIZWzEc+XT60HknSKUTyiy8c+\/lRJoRk7mCsJCujfP0XIaj9KCUTRwblK+fPx7dlXLR6esmbAsNBA8tEfyO706i4BkJLJayNdVkrwV3ry4HGj\/xr8t\/BPR35aIYRCT9T4aYk5OLe9MOk9uj15k7ZMzprcfTGS\/Sctfwl6am0\/NZkaHPfHiDwvrg8+3+jx6hLmJQy1L0Pa2Vtt+HvlWA+JXTyYCqSTWJPf9LozM="}
00453{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":774942,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCUBCACAGQCoBywEgSYsHmR3shSjf9ikgAUmYABQIAAAAAAAAABABuA4Bu2AkGZkDVtcagBAB9avCAAABAQgKvgPTZcLdoBg="}
@@ -172,31 +172,31 @@
00510{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":789000,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAEcGPQBk\/5sAAAAAAAAAAMAATAMqAcsBIEmLB5kd7IUo3\/YpAbvKotlMmCK56Z9\/gBgLh3XIAAABAQgKwt2gJiyJ4k4XAwMAIuIP5n5zdg3vwwgJWEqXoU9oSITck2Fnmb8jYDK18OCChTk="}
00454{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":789015,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn3\/ZTJgigBAB9Rp4AAABAQgKLInijMLdoCI="}
00454{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292105,"pkt_ts_usec":789017,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBYNxACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAEwDyqIBu7npn3\/ZTJhJgBAB9RpNAAABAQgKLInijMLdoCY="}
-00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":731,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292105789,"flow_tot_l4_data_len":153848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":603,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292105789,"flow_tot_l4_data_len":153848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":603,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1013,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292105998,"flow_tot_l4_data_len":155628,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00548{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292105998,"flow_tot_l4_data_len":155628,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605292108746,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":731,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292105789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":145688,"flow_avg_l4_payload_len":571,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":731,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292105789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":145688,"flow_avg_l4_payload_len":571,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1013,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292105998,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":147468,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1013,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292105998,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":147468,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1605292108746,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2777,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":746966,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBAJCACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QYBu4l3wyDoZi2igBBBsd06AAABAQgKqXtZHsLc+wU="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605292108746,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1605292108746,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2778,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":746999,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjLcACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PQBu\/EwVJeVyjqfgBBI2yKLAAABAQgKqXtZHsLc+ww="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605292108747,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1605292108747,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2779,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":747008,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDu9XACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RIBuyQ3N5hBwa5pgBAB9TOKAAABAQgKqXtZHsLc+w0="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605292108747,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1605292108747,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2780,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":747015,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBLbYACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3QIBuwaOpKNiTUmPgBAFOCVEAAABAQgKqXtZHsLc+ww="}
00456{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2790,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":789015,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdBuhmLaKJd8MhgBAN560UAAABAQgKwt2r5al1DDM="}
00457{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2796,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":796001,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc9JXKOp\/xMFSYgBAPnfW6AAABAQgKwt2r7Kl1DlE="}
00456{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2797,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":796448,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdEkHBrmkkNzeZgBALy8PxAAABAQgKwt2r7al1DgU="}
00456{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2798,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":805587,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdAmJNSY8GjqSkgBAMILKCAAABAQgKwt2r9ql1FBI="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605292108895,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1605292108895,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2839,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":895208,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1IAAAAAoAL9IHkiAAACBAWgBAIICgXJqEYAAAAAAQMDBw=="}
00468{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2848,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":917845,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUV6pXdToBJXgDxxAAACBAV4AQMDAwQCCArC3axnBcmoRg=="}
00454{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2849,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":917920,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBAB+8BsAAABAQgKBcmoXMLdrGc="}
01150{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":918360,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qld1Md4lVGgBgB+1S7AAABAQgKBcmoXcLdrGcWAwECAAEAAfwDAwjhV3OqKqFQfpcnWP89rtumm\/UccggvWkyi\/8FQZPWxIDvu3xcXjzuK8OGeiJCkn4luO5ref2KxaCnpVBkTuZCrACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGAAWAAATNjQubWVkaWEudHVtYmxyLmNvbQAXAAD\/AQABAAAKAAoACFpaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAgZaSQBi71IH\/A5WZQ4IeqmtWtcLONPQZBNc11j5iQXXAALQACAQEAKwALChoaAwQDAwMCAwEAGwADAgACuroAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00842{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2850,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1605292108895,"flow_last_seen":1605292108918,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2860,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":948507,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUZ6pXlYgBALMLUWAAABAQgKwt2sggXJqF0="}
02361{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973288,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iVUZ6pXlYgBgLMFeiAAABAQgKwt2skgXJqF0WAwMAegIAAHYDA70pP1kmftv264MZuYHw5WZTCVuFWP8Mhj6OXJJTeVwtIDvu3xcXjzuK8OGeiJCkn4luO5ref2KxaCnpVBkTuZCrEwEAAC4AKwACAwQAMwAkAB0AIDKxiM2DA\/nBK7WTiEd\/k4U7BNMQxZZ7ttlE5VYbumFSFAMDAAEBFwMDACTxHQ9uNJ9KokvqQOm2Jep1lStPj6xxMqtFSrBzubQPiJBk9p0XAwMT5jIB5CX6dEENs2yf\/G\/LwkNH+l1xzF5J9b6RCBqoQKggF5RDSlwhcUYs4oOikpnq0CnXYaeCH270v5Oi3Q+AR2wwYTG9sxDpqo3mmABHMhKSHuHioreE3DgcQ31CrbedudaqWdrHJe5ikdo7Kg1lcGvnY+2WLk0\/GOEbSYwXimLlYFOi2AZ0mSzTWlglXfflzQoxo6nTmIuPF8o9K\/sTZrPkreo5h+QlaPUGZwPLQ2PcSVwN2HTsl+9xrwwK0aayUCoyYQ0ne9CHcAc01xGD8i+gs+nIJKLYUBoOVEE1S6Py4Yb52IUQlFx+7nln4xPQh3lq9Y9y9X99ejzOZ4MTF4OJcrM81Mp2bOz1J2E43AHWvfh\/5U2Y23NEDKG+F6GhSh0q5yp4xodiT09PB\/9Q6npHI7bXJheGlhcZIw37Fkf\/e2aIWpecJTwHWiBsBMv3iTwsRQrwJhjsBOR8Ta\/+NrusRaxIbGlD6TZpxW0bbBipgl7efFJI+2dS2noq\/RTp32LTZjTdvEoJna9k4YObHvoyhTosCgjJ8MMv9V+iYhDh5fG87AQ7G1pP3qze8uffLulac2CpNl\/EFnoTJcM3u\/JsfxhFFR8BVp\/3s313hOgr2Q2Y8NJMGCC\/QvIw2dNdZz4x9p42AdS7gdPme4lMaRBUxP\/ETJqAfgtHCfl4lms\/nO8hyngXLrNW1VMB2IIq6v65KjSQUi14Bi19Z4P+AO78YplhUiMbdPgsVj22RDcD5d7Ev2LY7tdjh8c+Sl1dNNlN6\/GLDElFt2Rx5e97Qavbz6xFRfWiHiQkgmrDUUfqco7P\/wqcB9aXLu7wPJ6BTHUQ32C\/8RYynxurOjvhWFYhWT\/NhDx+foqWrl8O7oSBrKn41eBhGMwKNe3bauzMFTmxO7NoZfE5FUSRxsYC3B0ktI\/EelK6Dno7gwvD\/sUb\/q+tdagVFIpHGKCkXlDvsMYA1MIz1ZmhAv6WSlDW9TOhclRR+so7107vSG5m11sprf1SQGw1ZUB3aHnKD8dtWup6wkngaAynZX74Mas4\/LCySYu3L5nru1DwoFIS1BcPhJ7Hfd6z8NRvBgr0uvOzKeJyIJIhfRyJqfORFJTdFlVcMdaFe9BWfLOUPGMd726mwDewxXe3dR4J2xDk92WGGVSnPCiPr0OKgMOJDHi1a5GxHmkhbph1a3jLV8Y8SZj\/wlO5wmDOkg5vizSEjbXvVLozcHsbSufvHRCCk9AlolUegT05jCYxfh9Sp8l+co6bQatO\/CPMVA5\/ZP8uRvc2rl2vC0Cllfm2F+r5Skzm0s5xPoE\/RBTPfzQDH5pBE9HDzH9gt1eQ3H75NzGx9UIljizhdgKy\/PWXU7AtfkVPk+mjwhpynMNyH9IjP+kyM19XMAJXIpAwU3QHS0W5PIO3TQCHFEcKLBrbbDgHIhXAWf+LmjYOTHqB5Vvc3oab7+97jSo9ewXZXFfraVmO2mK7QLLwZ7XYMghHmkOykIIKHPTkDnY6wpq8jShrDEcsOFcuzmCFny8jUboWMsR0LDTyXYFHak+7tFjDyVqomKfyE8D6GRSUHoEA7b7sKkIQ7a6+Sp3NKchBa0uvj4zQZW\/H9j97b7i6IE0iTBkyU1hprFrZDqIDQw=="}
-00872{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_tot_l4_data_len":2125,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00883{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2953,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1605292108895,"flow_last_seen":1605292108973,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.3","client_requested_server_name":"64.media.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02355{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2954,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973288,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iWr56pXlYgBgLMFeiAAABAQgKwt2skgXJqF0GAbtn1qvgn2PsKLIBKysp55uEBQ\/O4+S82E8EYj2mTlN2dzpe8isTnFljju+RROMiwHuQCHLmG5AT8yGydCtxtLde4sxTaA2tMCu4Engm1ei7hSz+TZW13LMPghQrC0WxinXhUFfu421cy9p7DhiBaZbbkbbeO2Oax4lPBW1WvtRzLjfkSXcv753+PD6oTeFlSHy52ZcZ\/OHBz5tGFRqMknFy8cs3byN\/edZUKEHuk+E3IeEOsRmXAtFBJou0v7vHX7r7AJSBM3IHuU0v5w6IvRxhtsT+pHO2Veg8W9OFJW9gcb\/Syv15v4M02hVFy0xE87xphcxY3R1NuwxpHidNAWag0nlaFTDYW7b1KqTU\/9N51U3zIda68WHXZCuCSWVcZ1koMYdBxUYXd4Neib5kQjvW8LGlicivzl8Enl80KdIQEGXQjIpjvksD75ShCIvpvSu2J8U8uWC5uJH1mJGGZwKAJ\/WBqbmJdDam3DbA68l1EiBcLnL1h\/+DONPxQjcN2GJ4e+MW1f9y02j5DGXPIuvpTQ7F3DNOxBPFm2KRXjJI8ucqTAU0e7CLkn7z8fY3aEOzM5X8cMGn9rBZIUtmMQNjCRctxLnaGpvBMBxkA\/Dx6HC35qraTxyk+o39\/Y2vL7+MD7dxZEsWqzTdT9ktrSHsurPplwuz0Dlo\/9ZovPAz8l5Md7UhfGLQyVoNUSWo6p1DGiQLuXKvrI2h5c\/3vt+\/H6pCgCUU3E5RE4Aof9dPEAHF96O7lxYtTceP5c4FOJC+6oqgDGbbUJBxD7JhCCrapBS1TvozNVUdSHmefTqTBj0HniQ6zHevrrJED+32tXJYfhVOQXToKnx4fxxPnDnNoid9m1DCCwihJh8rEYksyer6bKmTOoWBS74cHB2zhVinoq20bWujhikXBK2O+4K7pgfk6GYS3jIW5BIuL5Cgb4nbuRe6T+8jS+FisMYfxv8TJdJhW3vGJPjet7nwEY+9Blebtj6xTnLbqm1GkADnTkkGVD3jxsrpKqMKuResojVQ7Wm3zFa9dUPpVYLnJvRIefo7mpEfTon4Zd08lv9rcfUBxHx5mAqSrM7Q5pX25VaCThTa2LA117s2iaL\/xGNlVNKuD+2\/ISSCi1gW1Wu5qN8uTnLcGKeDaBp6hrTb\/JRUyM7H3JDht\/7y0WLdzs+3hQsPYmbbUtpi5X\/N+DuCIb2KjoWAZwHYrGmu6enRYrj5CFevnAJUHVZnewDZaJV7zFyIObac2v3sFpwpPLjxbzp\/iycuMViVh\/Jm51LMItM+TQnWuGTUx963+9jeKwkd\/4axFz1GdrVx\/xzEEGzots1tRtMundcCAputJJtd1UAALCHuoOFwKmZTcQ1g4\/jUx1+gCCrEdeSzskrSk230gkI\/REuH6Tn+s26ybtBJ+ij+3Mph80lAJucaVNVxSucbFYbUyUbJC9eFd6h0O1OXnoLGKncdy2LhN8CKQErAT6qv7iCwv0IzfU\/0pzLhqITqz+iNJcmlQ0jphTsQCBW0ziR5VOlOCHJZlFji2KK1zt\/bLx6Dy7rUKAHD4DA1uF+ZmI8GM47JxVTb4uXUN0zqv7I6sDLj2KeLSscpz7P2VcNfCT7kYFK475LGufjK6KiImbvLs4+owYhrMBDAJlYmul4YI3DH9pyDXOs1qhQBUD2D9SDRE99p91ypnb4zXXtJsWX6D74dv9bMLx+5E9CnVy3ktMFprKruMbFxqJth0k2QKhG4ko13RQGcqSusMN9bHUtR3SltlB22AAx0zmNpdv5DplfTh3YaB1R7kOCvfbYVK0U4MThXktGHwtHRj7TH5tvYnPe3hy6CZP7PUcsgZRKQOyFk02JeoW+uYwOm7LNUWsbsUA=="}
02215{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2956,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973289,"pkt_caplen":1382,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1382,"pkt_l4_len":1328,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABTAGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iYDZ6pXlYgBgLMNozAAABAQgKwt2skgXJqF1Gc0ycEvpq1f5FEZe5ghZ5y0LnLomsYTTyVZyIDc6r1edevCyEULRvwsgmJ6uf1BnCO3zqCDVzCAybSiMW1HetYfHoy+xh6XDa+kAFY38HcL9s325V59huCcvmgRBILjFs0Ub7EY9oBwHjXeBPxnZ6YZiiMHsTvL2+EnDUhvuBAD\/BplyyGVMMrK115kh+w3AFEJfB1OlI5S2soQMZ\/lyONYnQvVj0I14WlgXHByAdv7gRephB0uJvBL\/9x\/W3ZCNwSSxbwkgtIgehpUILJMEQ37oWoXN\/nKI2hz2NeEu83s\/H6wgXPeHJmu8Wg6a9KRsdmgDohHGdlUw6rYrk\/D3OuqLL8AmuYngrG0rliDpV8AGE\/XIDllACZXRcA4C3kQsuVnwpJqRKAxylaQkuI2s\/Lz+4otg+QLLuEUWSuzMtYZCyv5bZfRb4dkCQa4izKuB+IceJC4LCh5lxyFx5tfYCFrNMHzj4igFdRxLxmyOaN2\/aklYS6VEnbzD2tUyPj1v0u26OAmwya53SGFP8ius9sxv75S5vCMT5qJrK0ApiNfNV0ulYCWdV3yIrbV2trmSvU2BYpr2iHCqVi1L1tEC9aQDbpUQSZ9QTaXw4nUo2+ccJfaCXsrYkTuZlVoh0fsWoK3n+urkahtOlGhlI1dhF3BDoMxV4oWhawRgC9MPUgL+00P7lpoRtNUrLKKuGSEkhrT4O+3gL5j3Ze44fMGv2sQ0Ao2Xmx+c9iM5Qix7OyVMu3RaBKeYgQ3Kmv6hUMRKv\/8ZaHLmAhhzDTqMtd3pem9UEFlXFXKDylSnThS8dmgfi1tx9kHSjMWKTHPJFEzark8\/wdetZsEsFXxf1H9mE7L58Rb5YhNmr2VNNG3uhzv0baCdfVm\/8emMLSH4QpjV1j1kMN\/T+A5DeWvDepwvM8dAXnAuYkKitZcwIsMa\/UjsPLZxdMO74lcXkmLGnOvu6Yy7I0fHPOs8R4OfbgzF+nyOQC5Q9SwBUCKzfXT9o86wpwiuQVNgWtO9kNqBmrCcsB+ibR48THeLzDLrOQvLjszx27F3jfZZKjlrOcaxRd5dcen1PXYgg88r9rP3C3bufhm8VzyivF8oCkZwn8GY2UULn9yuEEM+X8vYYkTMc4B8CjdGpqKRCdOwG0uj2AN4MCa7aleRS+45Lh4aOz4tTMA0oXxzs3FhbYzBXIPQr41rHKZ4Mi+D4cRYpWDot0zhaCzqa5q5kpB5vimUAxFL+MGza77Hwrkk\/YkVnJb3U6980qbEjC9gFngLckXfdT38xC1+pEDiMQVlN96gLbytvU60GfWFlkx+Q\/IqxQwNlk\/8qJuyeNa995WcPsVCrpYu1ku\/s\/u1rJRIMGzQGKok+6ztMfX6FemrYPZLQsF9ogjuH1rhMQxZ1DtH65HYpxm\/chHoMuhSxBKInFva06yTVbZqHmzniffM0lp0QED2TtecLZ6txh2WnRrVWfpnBDfdK0JTRIQx7mXa5BKuvWqzLKbE7k1JaDeFnCpqbyKHo3Uq4X2ovFnDuTScPHgN9IBeG\/WJa+kY7fcJVIkCoInfdE5fL5wGeUo9BX4Pu5ONmgLwEfe64UnlGdf75zh13pQMWhwyqeW+R\/3uxE2U0I4nXEPD+xqURhdvcCIGg+0tZdQ68dgR621YhkwYi\/AaxX5TVpwmgERA8KcNJi7lDRKhYoslF4tH0grmNv85iY3J21My2q3H\/Gu1qm+f0ejymX7w="}
02372{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2959,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973290,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iZUZ6pXlYgBgLMFeiAAABAQgKwt2skwXJqF3laAyriXRslhE0wdNwnaDEPBX3b4TElq6NdXEBiwGN3ZSjDzP\/RqKe238dOHWM7uvgmErcJyDspglwuVrF+mkwnyOK8NPYh\/ITPd0AVr5cycvm1KP9PanCJZ+PHjkYvlM00IwuLM2WAZqQ9LQKLIFhk1Vuut\/UvTnQS98kvk+66JQZ5t93hGhQ1SEmgDjEWhs3lkV5td1FRMmPicdlnTxs39gcBvo4ORR5EM+uuJpZvUgT\/mOvgqYJuJ\/MCkmLaqgfpJa3B\/W6DHKN9+2H2exd0mbn2Jto\/FgmyJuMSEwXQiwdD6PnPoyNlFM2pHMK0sOQACgwZJyP4BkiPr3Ai\/sNXBRe+\/ko3P\/OiHQgWg48Tjo5yvVJsDJ7FhNU5HauSO5IqobKd+qwmyO9aC3EpZdTwXpVt5HitExBhtPb6\/\/kd3sevI1vwYDfpJxuY24km2qrRk5sGYC+hJHrWDKczfLo2fOZf4diEYKCGmY6R7kAVPaLASinBrfCm1dZi3CRww9CesZ80aRwHKZ4X7LVdA9obja7RBnn\/ChGj1sb1O6tM9jAuKmAPASNFv55sGDWJDatzEtQI1jpyExCn7zPUNBUqC8Dx+Z\/27lGtN3BGtds4TW+HAiZRYn3LAjGHyfaThogXdAgpAP3BIXg\/9zVjP88wPx+W\/Za+F5baTggy7\/GsEmyXGqJvc\/vyExzx9xCDHHsNmkRIHTmo\/TbDKd6M7KNhEwINHgbden+VMWIgmQjGAu2rFse93tKrSmFvnIdZh0fxzMG3tomdHsVjrgQNwnHV4lP6bErtkfl3k4A7enIARsVvm166x\/xlXA6TX5I6YNPyH2SSO3VXCEYeGGq6YtNi9nbi8Yx0Qjeuo79hR4\/Ep1zyYwiyeeXltLK67nsL6\/neEgRHwfklzPLBFqWJIU7IVGrnzEtlG9xfPTb2clyUgMQ\/17wsYMMczvZdoB5ErJWNEKXFvTmxGw3\/DncVjs8xKLKtwSNEgMpqAwOXPdrERMH2nLKnAMFNjgOxKqWluDeNzLcqRaiQcPuj4eO1KC8ABClkun\/kJMURSUNFPXcfkECTmjsYHUmV\/JCb\/2Oor7TT4bbOJ2mU2Q\/kKkljoVGCb8hUQL9vL15pqeQLGdjzX1lEYfLn4sYZeKhyHwvfSWAVgh6uBj4K\/ch2AmqrOjvwo9CYEU0iuUnUmRkbD6zM0nYfEptNb\/ujThNIjwos3WFk4sDTJE1Qt0bLWf3+Ur7+QBVIZ6VwDY86vPnxru+T0e0wsdhE6wzJVROZ6N1iKePXzq9z\/MLHAvgdVxxoo1zF9CiKYHL2cV+OTCgYgf8C8CZrvoLMgOkWpsNjR\/OQaNNFWTUzDiQ6ouPxgvKMN3SEB0EVe5WOdaTHLFsjso2hdh\/BepRUnQDPq5\/7EqPwv\/BM0y4G1V+WcrwLlWBmfTu4k2Lq08rKx9vuj+zwThKJahM5oP0HmEsn+ArFJDDHCDN9WuIogCBhMsFaYEHjcWb7N3qqohcJRj9Dz81W3Gdzv3Hkt2PSKwDb7uvZvkgjVaasT6CLam5eFAmS2Wm2ZyT04nvc\/t81uMPFwMDARnGmUv\/bDc3J0EntcWWKTj+P9YZg\/axb8aaAlOp8csPpPl8LB1fzsOFFALqRVixOsKKbqL1qfXRXkUIDuSNgbd5oWAg1lm3m5pCF3R2r\/N5t\/zn8f6rngVPlgbazPWgsOtgIqqPF46t0YLmU\/6RsPrH3WdZ2tu1yAQUKNjxrRCmvjOFa6dJM\/N8p+SIgLIq+wxKTCE3+hDU2e+9vjFQboB170WnbvSjFobVd7jBqzLCQlZvOMdICypTORWqsB9TXsbmzuPpYC7z3oHCpyGK30L11uEvcb476u8wmg=="}
@@ -206,36 +206,36 @@
00455{"flow_id":20,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2964,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973322,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qleVgd4mq+gBAB3KiqAAABAQgKBcmolMLdrJM="}
00623{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2966,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973326,"pkt_caplen":207,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":207,"pkt_l4_len":153,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAJkGPQBk\/5sAAAAAAAAAAMAATQMqAcsBIEmLB5kd7IUo3\/YpAbveCh3iar56pXlYgBgLMPWuAAABAQgKwt2skwXJqF3dQZ2u0hZVMK2JTI\/oFQ\/CE6QjQFrqVFn3uSmal27pWs0HSft70tl8AjCpJKIcXreVsA8qdRsG3X2K6BjQF+MXAwMANbbqCnCiZcHsKWXvS4vd4w1cP0laWKmE3ONxdUKDAkfC+k5H4FZ\/7gcgUl5YG6uiG7lVUDYX"}
00455{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2967,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292108,"pkt_ts_usec":973329,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCOgvACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADAAE0D3goBu3qleVgd4ms3gBAB3KgxAAABAQgKBcmolMLdrJM="}
-00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605292114506,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1605292102602,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1605292114506,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12579,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292114,"pkt_ts_usec":506948,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iknWH70O\/fgBATex8tAAABAQgKqXtvnsLdEcs="}
00457{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12580,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292114,"pkt_ts_usec":736576,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvQ79+YpJ1igBBY1dkNAAABAQgKwt3C3al6v1A="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14179,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554831,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duJjvT55jAgBAB9d1JAAABAQgKVGZuDcLdE7E="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14180,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554865,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCRbVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwVgBu1ozjhE9MAHmgBAB9RZAAAABAQgK5fXM6cLdEu0="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14181,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554874,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gA8lZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqlIBu\/+4ugmfFZgCgBAB9UmMAAABAQgKTADwSsLdGmw="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14182,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554881,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBu\/tACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACACjDQBuwRHeTthOU5lgBAB9RTKAAABAQgKi91SNsLdGI4="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14183,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554888,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAlISACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsooBu5EKNZ7ythfhgBAB9RDDAAABAQgKWJK\/EMLdGI8="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14184,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554906,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBlBRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTgBu2jzM2ULiifpgBAB9R7MAAABAQgK2Fskl8LdF\/4="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14185,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554924,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBTnWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwTYBuwdwDB5je19MgBAC+RdtAAABAQgK2Fskl8LdF9E="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14186,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554935,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCDsgACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4bwBu7dGlx3VVkGGgBAB9ZNXAAABAQgKuCcas8LdF48="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14187,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554946,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBC50ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACADwYoBu\/frxKCU+7xigBACJCsCAAABAQgK5fXM6cLdFzo="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14188,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554955,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCjT0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADrIQBu3CsbiISBiplgBAJFEMHAAABAQgKZRk18sLdF+A="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14189,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554965,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB1DkACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PoBu5jg6U77lZSLgBAB9bFqAAABAQgKob1mQcLdFBA="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14190,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554976,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCkAwACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PgBu6pVAe\/PmdazgBAB9nEsAAABAQgKob1mQcLdFA4="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1605292116554,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14191,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":554985,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCnAxACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAO5PYBu2KmMmkBhhCygBAB9hx4AAABAQgKob1mQcLdFA8="}
00456{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14192,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":783801,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPnmMC3biY8gBANvdD5AAABAQgKwt3K6VRlt1w="}
00456{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14193,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":783930,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvBWD0wAeZaM44SgBAN0gneAAABAQgKwt3K8eX1FWk="}
@@ -250,58 +250,58 @@
00456{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14202,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":783952,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBNmN7X0wHcAwfgBALjg4+AAABAQgKwt3K8thacg8="}
00456{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14203,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":783952,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvk+vuVlIuY4OlPgBALOKdvAAABAQgKwt3K8qG8sBY="}
00456{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14204,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292116,"pkt_ts_usec":783952,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhvNVWQYa3RpcegBALd4k3AAABAQgKwt3K8rgmZ+0="}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605292118602,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1605292118602,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23343,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292118,"pkt_ts_usec":602881,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAi73ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAADYOtWCxtoBu1KGqo810Lv\/gBAB9aO7AAABAQgKDow6U8LdGxc="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605292118714,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1605292118714,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23344,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292118,"pkt_ts_usec":714869,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gADFFACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv1wBu54AWFX+ZWnrgBAB9ax4AAABAQgKIY6128LdIt0="}
00458{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23345,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292118,"pkt_ts_usec":777753,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg61YIqAcsBIEmLB5kd7IUo3\/YpAbvG2jXQu\/9ShqqQgBAMVq52AAABAQgKwt3S6w6JbWQ="}
00457{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23346,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292118,"pkt_ts_usec":786493,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/XP5laeueAFhWgBALgb+AAAABAQgKwt3S8iGL6TM="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605292119370,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1605292119370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23347,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292119,"pkt_ts_usec":370851,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gB9dmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAO4aoBuwkMYXdt3wkTgBAGDPrTAAABAQgKuCcls8LdJNk="}
00456{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23348,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292119,"pkt_ts_usec":458269,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvhqm3fCRMJDGF4gBAMQfSOAAABAQgKwt3Va7gmdTA="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23349,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":654870,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBWy\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAO4pQBuzf4sNBRRFrJgBAB9RDeAAABAQgKzK1LLsLdJJ0="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23350,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":654889,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD6CDACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1uYBu2Ue7VYDxGJbgBAB9U4jAAABAQgKcJlSucLdI9M="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1605292120654,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23351,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":654893,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCJJIACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAEv2oBu3NXQRgXN+V5gBAZpzN2AAABAQgKIY69b8LdKhI="}
00456{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23359,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":839721,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvilFFEWsk3+LDRgBALmwajAAABAQgKwt3a98yslWg="}
00456{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23360,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":853149,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvW5gPEYltlHu1XgBALmkPeAAABAQgKwt3bBnCYnCU="}
00457{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23362,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292120,"pkt_ts_usec":853914,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbu\/ahc35XlzV0EZgBAPBj1lAAABAQgKwt3bBiGODSw="}
-00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":23398,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292120926,"flow_tot_l4_data_len":152530,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":598,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23398,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292120926,"flow_tot_l4_data_len":152530,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":598,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1605292121486,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00559{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":23398,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292120926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":144370,"flow_avg_l4_payload_len":566,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23398,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292120926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":144370,"flow_avg_l4_payload_len":566,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1605292121486,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23415,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":486006,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+osAAAAAoAL9IJMMAAACBAWgBAIICpi1TMUAAAAAAQMDBw=="}
00469{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23416,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":507427,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYUDXPqMoBJXgPvWAAACBAV4AQMDAwQCCArC3d2UmLVMxQ=="}
00456{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23417,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":507474,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBAB+3\/SAAABAQgKmLVM28Ld3ZQ="}
01151{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":507997,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc+oxm+TWGgBgB+yW6AAABAQgKmLVM28Ld3ZQWAwECAAEAAfwDA9nSk2KeVcFHOIgIqlGvi0eycTTMQTOty0xI9t2BdS31IHNR5s\/xYMO8\/2mipv181fxQHxiQGiouoi3LhBjKSL1oACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY2F0YXN0ZXJzLnR1bWJsci5jb20AFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKVpaAAEAAB0AIObRVS3K9ld1BBlaeDdBVyGReJdkTjt6xYTnNvdI\/itGAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAnp6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23418,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1605292121486,"flow_last_seen":1605292121507,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00457{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23419,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":536972,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYYDXPyRgBALMHR7AAABAQgKwt3dsZi1TNs="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1605292121674,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1605292121674,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23420,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":674877,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v36ZlfzugBAB9Zh5AAABAQgKG7m2dMLdLYw="}
02348{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697370,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5NYYDXPyRgBgLMC8nAAABAQgKwt3eSZi1TNsWAwMATgIAAEoDAxpQESrrMU9YbSQ9zCsdHawt5YMXgYkltEspSqmQB3JOAMyoAAAi\/wEAAQAAAAAAAAsABAMAAQIAIwAAABcAAAAQAAUAAwJoMhYDAxJXCwASUwASUAAGqzCCBqcwggWPoAMCAQICEQDrMNf9g78s2B0RdM6vHPcUMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxNzA1BgNVBAMTLlNlY3RpZ28gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjAwMzI2MDAwMDAwWhcNMjIwNjI4MDAwMDAwWjAXMRUwEwYDVQQDDAwqLnR1bWJsci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3vjF4X+JWWJ67GOQodS9DKhznOOISB5JmsFVckwPAsp322xSVlvt1KMtLR03EYF8mlfcVN6BcmiMmLCxFM30Cy5grlI7PM0mLwx9I4qAgM9h55AWkrkQHji9iLmmvUaFFT65vB08DMDUBI0yVzPUnUg8yvH0u\/I4JU6c8vtQr1l46PYo+PoYs9lI0ZJ7QNaCl7ToJ5u1utwsA\/n7PXFuFSWnoYyAF3\/ADP73f1k67A5q9p3tew9OS4O1ICCSWgKOyZBe27b9wXvwRGEE6PxKNAKPZqm7dA6LTUZ95codcujDIVOx26\/6kM6tfnMhK\/ndMnf7oKT+HNxyn8Q9tfuj1AgMBAAGjggNzMIIDbzAfBgNVHSMEGDAWgBSNjF7EVK2K4Xfpm\/mbBeG4AY1h4TAdBgNVHQ4EFgQUe3lD5209EzWXWSfbGBnCFfi1fs8wDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAgcwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMIGEBggrBgEFBQcBAQR4MHYwTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMCMGA1UdEQQcMBqCDCoudHVtYmxyLmNvbYIKdHVtYmxyLmNvbTCCAfcGCisGAQQB1nkCBAIEggHnBIIB4wHhAHYARqVV63X6kSAwtaKJafTzfREsQXS+\/Um4havy\/HD+bUcAAAFxGIO28QAABAMARzBFAiAv9sPCbI+Ze7+h14lxd8ZmbZZz9uMFUMgm7maIOQkeCwIhAPeLaJdlr\/Qn2OfqGTmW4Lsm8vtho7ExfyrelbZGH7uxAHYA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMAAAFxGIO2ugAABAMARzBFAiBM\/kDyc1wHCfgzv72N+c2ichTu\/bW9GBqsSHTCvEJlMQIhALjAvz2\/QEnY1QPtVfV0c3t\/hTrs2IAyLpHJaCZBUwUCAHcAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAFxGIO23gAABAMASDBGAiEAkUDaMCsDpE\/N7lirpxQy8WCr3pWcd4g1TeF50+0EskACIQD6pAsuL4CJ6T3Zur5SFVOcOR4QZUWucg=="}
-00895{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_tot_l4_data_len":2125,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00906{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23421,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":6,"flow_first_seen":1605292121486,"flow_last_seen":1605292121697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1917,"flow_avg_l4_payload_len":319,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23422,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697400,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/JFm+Tr+gBAB9XboAAABAQgKmLVNmcLd3kk="}
02343{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23423,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697605,"pkt_caplen":1486,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1486,"pkt_l4_len":1432,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABZgGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5Ov4DXPyRgBgLMC8nAAABAQgKwt3eSZi1TNvKlPayhqp7cwcAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXEYg7aMAAAEAwBHMEUCIQDTZP74GcQvYCJ8SGJOEu76j2jWsvaAdVG7iq+C1pU1OQIgS4iLPS9VTitaa+bao6qUx6vhTN5SrQUOafovaJvi4wQwDQYJKoZIhvcNAQELBQADggEBALVLwLBSDWjs16T0C14kfJxZ7nhiT+RJE3xUVrHwCptZYUX3nbzbRWkn9cUVpyO7WaPtx0Q8YsdUnzQhrcP7VhPtzY5oVr9IjcFWzTkFEqaO\/EdHtkxbtE1kr7yqYzOHaYSOPUs9Z7OKjF5zkpH3QuNIYhobcqdYelCEZLALcAXOSasXo+NLzPeB9Ju5YOJwzARaaJboaPLVd7qOD8Mmfw0rAvDmO77XujIpHsHFDed8WW0BZIuofNhHPMBFRqVkhA29gRg2+pwDeuwGelEsbk3g4KxX9UT9wMNBfhes4ZV2+Ph9CV9BY45mSQDG8LqJTrcd7e8V0TUeua5OpBhMuhIABhcwggYTMIID+6ADAgECAhB9W1EmtHa6Edt0Fgu8Uw2nMA0GCSqGSIb3DQEBDAUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMlVVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xODExMDIwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMIGPMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxNzA1BgNVBAMTLlNlY3RpZ28gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWczPW1zwg0ADSF0W41j4Hoj\/HQe4yMMmwbP30n8sSmA8tP41NAQyCDxd\/Yi7puEh5+xaDTq3XMiWTtwe\/uVA\/qUzDQCrpOf\/ZgcofFjJB2oAmuSN6hyAe4\/8gmjyVRG+HdQaQQLQykxYJEAgjPtLdhw9vXVEUagppxU8BcmnP05NMbQSgoxuCfrGaue3FnsU3eJ+aCDT7Vi5YxAkOBmRbvDfc8Z8oaKhWsJKjXJ+7iJgIGyQdqzCFrq+wLp56ncHAQhziAvDq4ErS75AOtMFAFvBvhUJKZPekMKD+vy6jJ1qOi1i4rcMZF4Rj7W9W\/YPLYDTEdL7mndvh5OXKDF8VAgMBAAGjggFuMIIBajAfBgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUjYxexFStiuF36Zv5mwXhuAGNYeEwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgEwUAYDVR0fBEkwRzBFoEOgQYY\/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA\/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCA=="}
02215{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23424,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697605,"pkt_caplen":1382,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1382,"pkt_l4_len":1328,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABTAGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5QHYDXPyRgBgLMK07AAABAQgKwt3eSZi1TNsrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAMr9hvQ5Iw0\/HukdN+Jx4GQHcEx2Ab\/zDcLRSmjEzmldS+zGea6TvVKqJjUAXaPgREHzSyrHxVYbH7rM2kYb2OVG\/Rr8PoLq0935JxCo2F57kaDl6r5ROVm+yezu\/Coa9zcV3HAO4OLGiH19+24rcRki2aArPsrW04jTkZ6k4Zgle0rj8nSg6F0AnwnJOKf0hPHzPE\/uWLMUxRP0T7dWbqWlod3zu4f+k+TY4CFM5ooQ0nBnzvg6s1SQ36yOoeNDT5++SR2RiOSLvxvcRviKFxmZEJCaOEDKNyJOuB56DPi\/Z+fVGjmO+wea03KbNIaiGCpXZLoUmGv38sbZXQm2V0TP2ORQGgkE49Y9Y3IBbpNV9lXj9p5v\/\/cWoaasm56ekBYdbqbe4oyALl6lFhd2zi+WJN44pDfwGF\/Y4QA5C5BIG+3vzxhFoYt\/jmPQT2BVPi7Fp2RBgvGQq6jG35LWjOhSbJuMLe\/0CjraZwTiXWTb2qHSihrZe68Zk6s+go\/lunrotEbaGmAhYLcmsJWTyXnW0OMGuf1pGg+pRyrbxmRE1a6Vqe8YAsOf4vmSyrcjC8azjUeqkk+B5yOGBQMkKW+ESPMFgKuOXwIlCypTPRpgSabuY0MLTDXJLR27lk8QyKGOHQ+SwMj4K00u\/I5sUKUErmgQfky3xxzlIPK1aEn8ABYUwggWBMIIEaaADAgECAhA5ckQ6+SK3UdfTbBDdMTWVMA0GCSqGSIb3DQEBDAUAMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEgQ2VydGlmaWNhdGUgU2VydmljZXMwHhcNMTkwMzEyMDAwMDAwWhcNMjgxMjMxMjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ\/MPans9s\/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E\/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M\/5+bJz\/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat\/\/O+T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq\/nROacdrjGCT3sTHDN\/hMq7MkztReJVni+49Vv4M0GkPGw\/zJSZrM233bkf6c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE\/pDkP2QKe6xI="}
00457{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23425,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697613,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/JFm+UB2gBAB9XFwAAABAQgKmLVNmcLd3kk="}
00457{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23426,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":697627,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/JFm+UWGgBAB62xqAAABAQgKmLVNmcLd3kk="}
01818{"flow_id":41,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":698447,"pkt_caplen":1087,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1087,"pkt_l4_len":1033,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABAkGPQBk\/5sAAAAAAAAAAEpymhYqAcsBIEmLB5kd7IUo3\/YpAbupQGb5RYYDXPyRgBgLMGCCAAABAQgKwt3eSpi1TNtMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b\/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC\/QV9AqURE9JnnV4eeUB9XVKg+\/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo4HyMIHvMB8GA1UdIwQYMBaAFKARCiM+lvEH7OKvKe+CpX\/QMKS0MB0GA1UdDgQWBBRTeb9aqitKz1SA4dibwJ3ysgNmyzAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH\/BAUwAwEB\/zARBgNVHSAECjAIMAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggEBABiHUdx0IT2ciuAntzPQLszs8ObLXhHeIm+bdY6ecv7k1v6qH5yWLe8DSn6u9I1vcjxDO8A\/67jfXKqpxq7y\/Njuo3tD9oY2fBTgzfT3P\/7euLSK8JGW\/v1DZH79zNIBoX19+BkZyUIrE79Yi7qkomYEdoiRTgyJFM6iTckys7roFBq8cfFb8EELmAAKIgMQ5Qyx+c2SNxntO\/HkOrb5RRMmda+7qu8\/e3c70sQCkT0ZANMXXDnbP3sYDUXNk4WWL13fWRZPP1G91UUYP+1KjugGYXQjFrUNUHMnREd\/EF2JKmuFMRTE6KlqTIC8anjPuH+OdnKZDJ3+15EIFqGjX5UWAwMBLAwAASgDAB0gLH6RLssy22llQcWPiFKUnoyq6gqCRQCxRcYRI\/7m3gwGAQEAbIQOjlHA3LbhMqS0gQtAGaEb34UnVLonL1fHOVHczvOpXapEm3kSmuFJbuQt7k4LgPQ8CsuFQdyU8\/K26nE1W+sjxZnAtcpBYG1+5RGIAZJoAdyj3+8GtPT+e31tyZNJ53uDnbWlCLOhIMgJzkTJScbougZrJpm8+OZ5Cfco1GvJ2dycAyNaSldFcRrH+VXY8cxHUgZKNiTTMfCV\/L45zls2D+y8MG\/qyWuT5dQC212n1lS1Xc0Jb6soBh4Pollyz2lXpuim7KCwa9YFU3r66+KWUbS7ZIrAxhHlUXxKeTs7FzldfRNITYdl\/pVqecH03LHNJjKlm82+Les8Zgi4ChYDAwAEDgAAAA=="}
-01164{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_tot_l4_data_len":6014,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":501,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","issuerDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}
+01175{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":23427,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":12,"flow_first_seen":1605292121486,"flow_last_seen":1605292121698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5614,"flow_avg_l4_payload_len":467,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Tumblr","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"catasters.tumblr.com","server_names":"*.tumblr.com,tumblr.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"738f0c3c6e00286f3afac626676d352d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA","issuerDN":"CN=*.tumblr.com","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:78:BA:5B:B5:54:5D:A1:2C:D2:79:4C:42:99:BB:3A:A9:DB:86:C2"}}
00457{"flow_id":41,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23428,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":698453,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/JFm+UlvgBAB7Wh9AAABAQgKmLVNmsLd3ko="}
00458{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23429,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":698552,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d79\/gBALlo7gAAABAQgKwt3eUxu5BaQ="}
00573{"flow_id":41,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23430,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":702261,"pkt_caplen":171,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":171,"pkt_l4_len":117,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AHUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/JFm+UlvgBgB9eKRAAABAQgKmLVNnsLd3koWAwMAJRAAACEg924hu4ACPC\/PXaZkE34PlImv8km+iF8yNNvrjew6ZXQUAwMAAQEWAwMAIJFrjXRXjeDXwP40UzvzcMNsiyj2fWWptNdFdbsKijzm"}
00581{"flow_id":41,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23431,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292121,"pkt_ts_usec":702405,"pkt_caplen":177,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":177,"pkt_l4_len":123,"pkt":"qtsDr8lk5EKm5WPyht1gCYf1AHsGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoWqUABuwNc\/OZm+UlvgBgB9RncAAABAQgKmLVNnsLd3koXAwMAVjb4fHtLI2KzgJj1QoT30oBM8DV6Pb2214VxmzkjVJFxhBRek9mNXbe9Fh5wMtkvsmiJMN02A4T\/VeGjzgJsxSkKm+5oRHVITd+Qh6ejcjBJDX+CV6CP"}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1605292122064,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1605292122064,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23631,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":64463,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGkAAAAAoAL9IOE8AAACBAWgBAIICthbOh0AAAAAAQMDBw=="}
-00512{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1605292122076,"flow_last_seen":0,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":118,"flow_max_l4_data_len":118,"flow_avg_l4_data_len":118,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1605292122076,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00573{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23633,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":76240,"pkt_caplen":172,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":172,"pkt_l4_len":118,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAHYGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2Qd9sejoTgBgk6QsuAAABAQgKJEeQFMLc4vQXAwMAUQAAAAAAAAAPN+72C7wfHoQtmaJB3aOHKjPk6JlEWLNjF5TOq7HiJ1O2KSnCxtEIEQAeO4GmbeSTOkkpawAah7BKsajx09L6L57ZkTTcEWLCJA=="}
00517{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23634,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":76586,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"pkt":"qtsDr8lk5EKm5WPyht1gD4BTAE4GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXidvHABuwi2QjVsejoTgBgk6YPXAAABAQgKJEeQFMLc4vQXAwMAKQAAAAAAAAAQ4G\/3mQ3kGgQra1eBqPYCTvM1QPmaUoG2gBnwdZPdmFLU"}
00469{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23650,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":94721,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="}
00454{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23654,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":94761,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="}
01147{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":94987,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBgB+5pFAAABAQgK2Fs6O8Ld39kWAwECAAEAAfwDA4SEFpd+Ui2RJOstUdyWPiOQJLso1+e8murU+rSUvScLIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACBB0ZlvhvxIZjessBrEqcEd8cKmBCymsB2\/FWOJUIU9TwAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKKigABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00833{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1605292122095,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00844{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23657,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1605292122064,"flow_last_seen":1605292122094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1605292122095,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00466{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23664,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":95843,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="}
00457{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23818,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":116538,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBAMRA6zAAABAQgKwt3f5SRHkBQ="}
01878{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23819,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":116538,"pkt_caplen":1134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1134,"pkt_l4_len":1080,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABDgGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBgMRHzEAAABAQgKwt3f5iRHkBQXAwNAGJc9h3GYNRFQlTKtM7rxIBlCWvu2+kAtsSKUpPeQGC2f9G6Xq+yeDPU221fnjVpofZnbGWH209M5VFwfCbYBd\/Ug672I7YdgqPjdHdeHhsk5JO7a6ZKrKfKPrNR6YV7haA9UHN\/J20tM3dd1ztVqjpfbv0\/ZJmmisIhD21RHxC+bpnR9aUwAHNslPkgS258ZBH2f6TbIDYUZtSMnZWw3Yk\/ci8p72sljAny1A0bK6nTpcgQdrpz72F8pAQANc8+dtvsHTLhIpCvOc6Ne6kWtUKT7C\/mvdjTu5edIany0ejKotIFClcl4RxqARVu2X1rfTugLw5NDSe0wQ2nHTzTqPvaW7AfYVBRuhLTkXbNrJI65nxsqhUnfa60m3bgzF7vJcVGCZnpJafd9EdKxWUn3zIF9HNZPAaoWOVFHMyX9a+GRL3JsX2Y5BoTsGub9kof4cZv9bszWuQGQ32PqzX8tj0vwQgSS+\/6S++A\/fvGhO3z2O4J5JcExiBHL9NO41Ci77nPGUPc8rzROsKBv+iwjPxII7ZTo+HPy8VtcXYK9fMChuPeM2GJGvjtvuTXBXbAajdN99K6za2E83mXsUFa4zXbW8l6vvPf\/QtzoTU4L9xdK63gJGDxlquf0XuSzocIpEQi1F1Wer1yQa02YyM9dE5pCuSsEvLN9e3nWr+e5ts1swpdDA9qB0i7vopuVw7pVJRa\/5jtj10ogWPHGj2tvaRujTQeDciYar+lH9\/+jsk7PRHX+uIUqDDNJr9L4h4Y5HFaECy28OARK+N8iZPMvLjs+b2v9+1SVFwvOZk2keVzr60iLx9SAxK+qK3iQWWRvVmrjER7XMeaQBw9ZDHNiSeMtNeFfmRKRTQN09GNCR0gb6nnbLaowG55byyc9Ixf0CX1E+gt7yBldEZUUKfDlxtw+uLgeGUXqthxjdDzHmt05igu5OjLX1G4r5IZOVC4zPzyhWkdvVj3Xlv+5VdG78q9fG74Kr4jrWd0HmfWAicEqqlrJ0tzM615CXJdHLq2i\/icncRzXkfKIHoIE7akepvW2uFW47l3zunDfCPS2CPdfu4SgfwscjhTdvMd0yEZgiOOpbXgOiFet4ZTlfmbFFc1UeXXFtn8JSmdDTZps738TSMj+kk9x8MshGWKOVu0ue6LonWUyQNu1K9\/sN\/LUbwtwiJhRTd4lbHV3YBTVFelyuUAiHAYYrO1BQq\/1qgPHYrAC9\/XR1LO2ONRYU\/Y5+xV2iMD3hHSQ30e3g5G4lPgWiJR\/5BxivIHZmOM3jV1\/ejjWfzi6Q+rJSgLP1NhRuCOEWEb8Rva9JGpl5hBrk9oX7wzBiu7yI4Hc4KR6E6bjwM0G+KtwCI+dvZO488RHnGsWkcv5evakZJvQrVRCJM0\/gTwn"}
@@ -319,24 +319,24 @@
00469{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24118,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":163288,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="}
00456{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24126,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":163315,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="}
01151{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":163584,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBgB+67mAAABAQgKEsEoDMLd3\/0WAwECAAEAAfwDA7bS9qVsy5B4YR21YJQRtEh5Py7oz+4S+4EMfJZtbGRGIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGAAWAAATYWpheC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACPr6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp+voAAQAAHQAg8WEmWZ9OWDe9\/XkTSDe85PaENProAIW9qnEE9QmUWSAALQACAQEAKwALCurqAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00843{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00854{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24188,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1605292122095,"flow_last_seen":1605292122163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24197,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":165400,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBALMAhqAAABAQgKwt3gBdhbOjs="}
02097{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":177975,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBgLMGI1AAABAQgKwt3gDNhbOjsWAwMAegIAAHYDA7dV5ZkT\/mjoqceUP9u1zNMdU1SEq5DnLUlH2Q7fKNoxIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBEwEAAC4AMwAkAB0AIFAd14EV8G05iG4WF5Jgc8wLgFZzq8HEbhgNf5kJLIleACsAAgMEFAMDAAEBFwMDCdVSiO7BlWPlonlTQN8m85Uslq0LoX1xLrU6UPgTXhQ5SOVedTg5\/t+LXCLaIemAoITTMDcQqtV5GAopdvB+z0fu7pnii6ewDuEf5\/nCdQ2N87j4f6iZ4PL5BQp3LA0rW1ZfyTKM\/6m\/ZA8ZrB7cl5HG97BZL7chyw+ezEtPH8hJC\/1lxMkcFNCLYgr70dmqLA3ailXyqM0K2SZY3i+h7GFsUGQhbMDpxulbBbP4ER7\/aOksSG494SjtWgCuNEYgxVEFJ6+Mlhu1oiWZZMbO0\/2UBp1a8XJfgAaan5VbgdW3N8QLKocfh4RT51ZE8YRd+U0F8NFqmADEhL3yyFB4XqoN3o8Lk66qO2T6\/6EV+uU1fKaAE4+BaAbt3fN\/UIC5KPTqnaUqWRPYafyKzF2MkCXvtql7gv5ntQzSMqEhNqT2Jjz05JG9R9\/dJTEHhuvm+IbsZpw1Jrf3li9vmLPSMk7KJ7TgqYalMtUGEuOrdGBlRV5KS8PWda0VIjOCgwoqx590ZLcFhG75Rzq6ywXpgq3SWGE1taqTx7TZJv\/xKP7tKCaP2bCB1QMTEN6Ez3OW5YOpvcyCjo\/FNzIFgH78okExel2T+4QgWd0QDbjrXRNFEUajCCKhPorBa5eoeEC98R0TcAwDNqrsVZUdjtXAQFW6ekXkTVpy8leaysXkRcOw0Y0S5MolUe4rE3nAcr5CP5aIyBI1VLy28b5zAgdCk6zmVX0h0SXtRjLRF6N4BLemj+A0JyGmpTQrEUfgB0zekRR0ZggOFbSGHN9+VhxD3zck6ExBrFhnGB4jons+9v2envh8OMwmKxxhovk\/YIoEXKz1ukHOddZCzI7Nsx4nT0vpoitUL7Gw\/+sv8a5gx3H8qJfF23Y4ePqn8u\/oz0svy\/I25wg3gxM4rpf\/QyLuXGPaeakKLDewZmKMVrUvh\/sRWtDDph13zQBxOnqpeMhb4tXmUhgr4SK2W2e3gtDun2Kuf+IKSorxcvLPl91Ui9jvD1UdperFB\/LZiShwfaSnP1ONMU8SZZ5j6wLTeNAkxFFsHHiLfGik37czsNnSoRAI9q0b0KepNLXlXxxDpn2rNY1fWxj1dTcnqzRTh5z9j1+LAEIVMmCm+Iu4kAKF+6oBkVJh\/UL8mh4m0ssjd9y7vCFp3acKsV8PNM+s6CHbhaeELra7DN8zMImH5dMwvRIfyvdLCMZtR5qf8ALCy08yZWico1XngSvH4fowbVb6N+fBwtKcwVV9fA0mIiWrIHb4CNxtAIU3dXFpDs1gLWwDsw4qFEtTRdH7Uq5Yyw\/4qEW4I\/h0i0apQxmca0B+3inQzmqYM8sNzcH+BHAAeskclDPF6TTnEjLMGKjEU0I494WwUuvxttMSrW+v+IKH6foXccQQnOB4eEiAAmysbLAvI8AscX4BdXWVrk9lXwkhTQ=="}
-00874{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00885{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24239,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1605292122064,"flow_last_seen":1605292122177,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"apis.google.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02097{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24240,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":177977,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTNEpAHmpvgBgLMEYhAAABAQgKwt3gDNhbOjvMPKi94u0iRVDR1QzjNhyA0H06ssS4vl8egD6GM6ItiYkjLXAQPP1LeOkykLB5a3RlOnTQ0X5A1mwUlc6ACfy5\/1H2BdTEd9DBG8rEgFQAfKEpygTkquQsh8SAMqoCPQMpYJk\/xdli9rVHZKevzxaYQbqK144cJOXTalIQ84zZqjNKjvPHAsCRZ4Or9yPlVHJNTcUZi1xLfbWa1TSU+MmQZRf6WjHabhMb7\/sBiQPDTROeNOMEauyUwK7ulnH3bq9gEhxmnKscY\/aIljJpSefnInQEtNSjtdNUckzHuTqxfg+g0Hf9TpfBXVZwCFHXLse2qIbfe0+PdbXsy0isV9XX\/jMMLxJOci9LOVBp9kSxmP1w\/dYbsHZooKXzFMSxK1pWKdqunw\/A2mvHLcZRl+DGAwEmsct9q8EWcQg2HCxDZcvLpm5x9RzIuTxybIPQifmICRHkqoi7TlTUTyQdHuJy9uyrA5PQvvwCLM8qQ+E\/gUGVKmEiknxTaF2LqwdoYRv5LJ2rI\/SaZSp+ud0YBB0dSGXHE8PPRwX\/BSe0dfMMJkaxscLBUVeANTKafTD2VY8inHstn2pASaHPNT22vjh6wYRBKGdzLJOJAw1m7TMHAUWGo\/EPG2k7eURs0Eb7aBs5YEH4QEunonADw2QQP+SFLzU7JG2\/PlcDSHnrA32pmMP+8xTnyMdc\/6BG5xll4GmiHDjvRI5UiIkU+DaPBMOa1+Lt8vUGLy1FbqoOp\/+wntsdvnW4YKkeSFQkSdEU36jG+gtQidWOC2UMevAbPAYdN54U3WUHWT0zObA0KFrt3kdmmdXYIqGeJow876yuKYQmE1QoJK5VKoXpccZAtGzHVZBWHdaAzfHDBGQNjPTeQgFTgkjssoB3pnWTuIOzUzz9ngv\/Cu0Kv4RkXuuIBPdbOuDiF0\/BO3fqz7nO+8k2FBwNZyjr0vGLEJvli2CoQMlii9jJ2pJyr0+CqZHByj3CTUrevLTe4pDwn7FIKG2hCCGHyWMbm8z7ALpfJvzbB0f6xceVxaEzEqn+Ar7gtIEig4M+AXjjCzd7LOahEOP1PJEKV998k24J2p3PA+gmrj3DouF7fPSUkpPTLWMcAfKzNXMc75RxqWxhM9uRxjZ57FyN8qC+16iidQg3HzTjSbtDogcjoswfsQhlabL6VQNnU1+9vmxunsJCPlhELgDoWMY73RvYr\/O0Wc9Uc7vPAmz7XSm2kVAxaFUrSzxjRlkSIyFWaZtVCR+TLG9Zg37ldSvKo7hblU7aUMdKazlemhS\/MQPzGF4TQH87GwmiWA08xdGuz60yaePYCRD+AlPqBJoIKdk4lvsJCf8zJkUanbpxa7S+28AnL86KoUyVdwT9\/RAKJIolBZciQJcOS2cydOEQNmTcRPfxJe+HuIzu+gXTdizh2l9wFALJ9GW1T3rz3iLzWiBvi2RWPkNbbcpX5ZH1kKDb32Vl6E9M5YwFTv03SJBhD5h9nK4mhstXcgPnd+ma9RQ3nIkVDWmTYVH1Z5aScLgp6XMNMGmRYyw13lbW+MDb6\/6QWLjpXNZHAA3Lra\/s\/\/0IycHTjPeHBTpveplUmXsPrmsCoMhGVRE8Xl5CMj6g8TCvCQ=="}
00785{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24241,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":177978,"pkt_caplen":325,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":325,"pkt_l4_len":271,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAQ8GPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTOQJAHmpvgBgLMMFLAAABAQgKwt3gDNhbOjuvLGCrWM0GuhwMFoagOAdsCgnddWYnAru9SgQqgTxKSgkke9r9gjF9IBhRJFAa\/PE4Da+pvNla+z7q6xvWahXPeyE0PrzkR3elfdO+yLR1sIBNo3vJ9Q1JEloutmnviFHbp2FHHltexUS5DD9Tyi7xHZPT8jKFGn\/4sjPTZoxy+Xr4j9DUQCFvZ5+0\/k1Skz0xyrJjXvAXayu0sTzZSxNjCuzKl\/svDOFlbTKw1v8fuyVJbpa+zc+OrovD\/PVbQQ+VyEM6KzoFzNAKDuEZ8sEZU8V86jPN7r0NN7TPeIjLGsRXXtNAlgMZ\/mhjg9h+ag=="}
00455{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24247,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":178005,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0Aeam8k0zRKgBAB9QyTAAABAQgK2Fs6jsLd4Aw="}
00456{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24248,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":178067,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0Aeam8k0zkCgBAB8gfdAAABAQgK2Fs6j8Ld4Aw="}
00456{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24249,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":178071,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0Aeam8k0znxgBAB8QbvAAABAQgK2Fs6j8Ld4Aw="}
00543{"flow_id":43,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24301,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":178953,"pkt_caplen":150,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":150,"pkt_l4_len":96,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAGAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0Aeam8k0znxgBgB9dQLAAABAQgK2Fs6j8Ld4AwUAwMAAQEXAwMANbCwYWhW0jUdqBkvWA24z8kmgrwpj5oUEolxflOnMfxPYJk4tzHlrBNaaWSkJt7\/5zNJ1sik"}
-00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24374,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122188,"flow_tot_l4_data_len":162300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":636,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24374,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122188,"flow_tot_l4_data_len":162300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":636,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00559{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24374,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122188,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":154140,"flow_avg_l4_payload_len":604,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24374,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122188,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":154140,"flow_avg_l4_payload_len":604,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
00456{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24422,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":207366,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBALMBcPAAABAQgKwt3gTxLBKAw="}
00457{"flow_id":43,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24423,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":210391,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTOfFAHmqvgBALOP0hAAABAQgKwt3gUthbOo8="}
01247{"flow_id":43,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24424,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":210391,"pkt_caplen":666,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":666,"pkt_l4_len":612,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAmQGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTOfFAHmqvgBgLOL35AAABAQgKwt3gU9hbOo8XAwMCAUIbF\/\/hatnBX8h91xFXbcWxtIUee8NEXRemgZdC+4H5Q1qcdtUDU8X2CjoZmWzoRUpYj1MdLnU3tIJeX91oHoXx\/4G6ckHILs6p3iSVbR52ySvZ4ftSJ5T4A5pMY2EtgD5g6px5DK1NcTz9XQXNTcRu7r3nFeijkgV7lse9bwZklDjJbOZGJteZkXcvHiz6qZL43umerNGhYHPcBhtr1iuAJq4V9G4bLq4VFnj1nB\/P6XpF0tauh5iKrKO1cop\/uWKpETV6F3f8aSYyRnRYSfX9lsbNVVY9cv0EBeRlG5RwW5VOsxGHkPDW1YHw+c\/94Cp3WIi7vCcGxfXWCbADUD3tEpkIg8NU2fK25ApqRAGRik6ClA8RRwug4fN6lpSClM2od06K7bML0SgBLeFeqWoYyxmbKiwQnu+dOHzNepARtOgFdzoBSA3WmPbOLGNuR3aA8omrLZJLRywKdY5\/SQq91NrUtFIxr\/1jqqrv1HD2Z3VXNyBIjgmZOFbZn89SyzA1s6Ph1JFIPgPnq2HMHmFkrqBZW3ho+v6r8MzPk8FoxknVBXTfe2VM0EvUb5wahUj\/C3gE7eer0U0sgcBZ7cfpH384TLqIRGvjWmCk0lQG4bjtGIkIPRQVp8TO9taHNYo1Bv9cWFihJNLyMUlVYYn0GOP9a4vW7uHPZ\/tN4kaPTBcDAwA5O\/1HEqA5lYLiwYW0WMc+DJ\/qblQcA+tNv8zEgpxaZ+\/bNuOp83uzhg9vl3fnrc\/OX17E+j\/UdH2N"}
00456{"flow_id":43,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24425,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":210428,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0Aeaq8k0zw1gBAB9QQAAAABAQgK2Fs6r8Ld4FM="}
02096{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":212637,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBgLMKSgAAABAQgKwt3gVRLBKAwWAwMAegIAAHYDAzyuzOrWYt4YZvIEVsUzzH4rmoshNwFiyvyyhBWtMqaUIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9EwEAAC4AMwAkAB0AICh+LQj159\/vtLeAUNGb41KKW9y5Bg9TQeFJo1Uc4bBkACsAAgMEFAMDAAEBFwMDCtqU2z5yY5GabD7OqpDm8sh5zYYtzwxFPh8uKx8kTCtMwhxF69uMOL10+lFpcFraq7ZhDvIrGUf+qv7wCW\/gZUu406R4gElOTaHFyUVM++eBZKxVdE6nNemXiD9uG3lzKXFp6ar8vCeoYIaDHxWYcYNLpLXAnSAD0kzHq6+SncaT2W6qcD3+SY\/PedRoJLeGkk6JFiMNuBThHvaoNDJiHDyIxQkGn\/JUZgtMfbNVm1ZQc05qCGxb+NzBoeLsz9F0\/wRve2uuzULL7qjA\/x+0e9zJPpLI+fRc4yTKXzq6VDYIDB+1QifyM6AgnElJcTiawgOqpNFVH\/SdK3F5XVZEAe+zpEoX6rWuAwsIE8uHjmFWvaLy5rsPnBHzLDsh7j\/u3662SfwGdInRpAq82Kq04rvnSkxxSLWB+PtbPW0V4N9xd5QUws9Ac+sJTFlJAD7e8CcP3rkmEsm8B3hifmDCMogozZV9YFp4lJmdBsRR3uPuUleWy7gf2zD7MtKBJchm2XuKYP3PHKTtWuLmrQJzrtJy\/q4OTaTrnbyM3iTlq5H7I56vZ5hChfTJWVpzGpmuVvXOx01fX3PKtgOiRGNiNbBHgu96Ps9JE0a+1w26eC1kG\/FMZvEuJYfkJvHEBjoA9qeyN8hPkJnHYY3pye1NN3YyKHluPE0IRBN3s4REm66Rhth\/gM8GiysPFNe0hFhVNrO8m0mJJUuyFnlXflDzD0bMKDDJElOgV3IL+NWHL1aXiAwW97LfA7oGGzJ8QV5uuw8ZbbH+wfHOgEfYBJMslUIpSt9wmhMIeV4m8a6t\/83E4O09PzSRghuKl3Il73dycSFi+5jbEDSWoNR9dUKmkp4suztAoekAjy9HiSPiO6YxCMoKcSAt8VXpvmLwmQiuzewJtrBaq+FrBJLid0g9ELAf3Deqxm1o66K8rYdYjPLiXuys7xf9SfpxluDoPPo4EMTOvwD61ox0IhaRl5JjZZk88n8tsZ+\/IFMjkkmCl7nl7884LLG4vVfg3U0TcabOJJ6iDzGobOevwTeC4Rjk3+ROzOFCUMlg2fZtdBOoRIHtS3g3JBt9ute\/unjrNrcxBB3HK2HyFwf37M4ZSdMG43SO57NKbJIoK2eRzMrQ13SJ40ayflaqNNnm58NZg7fjoLh6sw\/TNuJGvOZJS6czESlKFHGfBNFguRjPCgSIgCATLb0857Rp91DxeiaojpYjtW1pRA\/8oCtDRkhy2vwvuZO1OPe\/XzdEy3NnCNYbf1KGqWTKkugyfRUqfB+kw2MWMYsvm\/GSLoIx0cdSVMw+Pc7BC2QbRPeAgVSSyMNaGyULydkuugG8+o758qIp\/6SB2KDVXN8xoF6VyB91H7bNPFfKqdoMy8pyO9LgfWtHA40KAfEq9LVik6Ryc\/0q9mp0k1a8xx\/04c2SHosoboucmA=="}
-00884{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_tot_l4_data_len":1933,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00895{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24429,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":6,"flow_first_seen":1605292122095,"flow_last_seen":1605292122212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":1725,"flow_avg_l4_payload_len":287,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"ajax.googleapis.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02099{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24430,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":212638,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"pkt":"5EKm5WPyqtsDr8lkht1gAAAABNgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zc1iIuQ0+gBgLMKSXAAABAQgKwt3gVRLBKAz3jATol5oeiUMSL5ONQOxAAvgVpZZWaOdgUgNhjipQocAV3F0mXi3hQTaoZ87zlrxVIsoMEhYKnTsdoYqX4sgWR2yzs2m\/gEx4DbuRYU+VXcxRWCBJBu\/PsdP\/d\/wyjWaHB\/098RvVaYdfG\/T2DxbFNkXNdxevOlj11TmNVz3apB1+xO\/R7DFM54Bi6nwhKDd9nx2Jb0VcOXemPV0lL3RbJkPAaXn+1fdnHbdSY37bL6VQ6m87+JRkxmjsVQrgXL\/sjGDMIA7gGs3ixCZqKdue6Ud04h+D4JWoakx\/mAhnK4NHkjHKxcsXtoNo\/+b8qVR7r7O+rKdzJFlj0DCzh7hxtMqfUdUoOycbKQ7WO\/ItcrPtpIL4NKBtWI5PXGUuBa90C5NoUBajqi1Hxu29z0tkgdffZEfAUj9LM1h5pm6UYyg0Dnbd9mgX740q5+fq8DHxXDz1HwT1ovDlUQ3rEMk4NO0DFYFzdTaSwlPw97HNN8kht2zq89kWJilkpdDdik81Aklz3+a2bpiDQoQ7EOCG3mykJcrcGDP\/H3RkyAgpTwfw\/5nUNkwp63d6r0IrdaobCZg1G4NaeXcK6drkrbBIw4aOUiXsevvsatEB90R8snrBXpHQPm7vRUBaAeGiF6G971igPLponWTNegMBn3iVoGXfaEZC\/aAQv1mHzJQLrHgTyQmn4Oirjeo3A6czB45xxGDjN5IyNzyT49F3NG0VTfy2Tc8uoG2zJOJM0yMs8202acrzbtNiJw9WoDpf3Fem1qtLIWQ\/AY6zH4vl57QHAuuwPj6pOIhmEAi73IuLzbrcDZwfeRh7vGLHEi\/ojj39SyjDYo+newJvyugRKTplQzOtsH\/ETe8kY42rD1n+1qgYlxJc4m+FvTMauQhZeFyRrNsjel4vf0QTsr6dzIBPLSRqmr9LECvYsOPpAFD6ouClYcUlKk4CPcIQHMTnIZLXzkS0ryQhgIYIL9nli5NNnLuvy44FzoQk1oXGolqIuvjSPvIQbarsS6gjn826KL4+ZSkXQS4l3DHci6XiRx0gd+pi4w70a0M8dishT5uvUhtYpcYCDMIAGBRVvEKtLQSm0TVCuaytEeLhyLv6WpHy\/LUJAG17rUmA3Di7\/6Lpg+eolXosKq2ciGRS0s9kjpFRncG745ZkTz\/ANWo9BENyo\/Xff+ufRdHf+Nzzg8oRZyb2nXplNEWTaQpL+bbUieeDSlyWJW5nqoR93jHIB5RhU2337JjwZANoNvTkbbYK2HtzM+K1faJOOI6tpEmyNjAAUu2ucD4jwD9nbepwa7dNLnKUQBjiuB68TqhnGs5cat11rD1QKEIbPWrPetVpP6oUFAhh8\/4M3GZDGxjqHtWAQlcWL0lR5Be3bNkS3VHLmEVbHPSxunp2pYBqrhrOhuylo0oOtoXhfOSgXQ73O6eEE0Z8FN7svS5YCb2IO+a7Cq+gRPXDbuzC0LfDzb7CF2sN\/p5IjB0dN6mK6lnYoq\/cs65IZS8TvwprNh16M67F9Uknsaer89JLNehueuCYZoCgQ0p849dXMdB5a40QshsdDdKtmP0bL5K3ECBlRgA9lHWz3eob4W3G6MJDgKW2\/ewVam0PQN6Q4A=="}
00455{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24433,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":212681,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5DT7t83NYgBAB9RtbAAABAQgKEsEoPcLd4FU="}
00455{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24434,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":212684,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5DT7t83gQgBAB8hamAAABAQgKEsEoPcLd4FU="}
@@ -370,20 +370,20 @@
00457{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24665,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":537161,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jELzgBAMVT2QAAABAQgKwt3hmU2FL2I="}
00519{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24670,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":627295,"pkt_caplen":132,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":132,"pkt_l4_len":78,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAE4GPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc1X\/jELzgBgMVXKAAAABAQgKwt3h9E2FL2IXAwMAKQKGO4CK2Sa9InR5j0uCXwXkJgY2TxXmIFKpB6UdD+bJIqvG+646NML7"}
00455{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24671,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":627315,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQvOdXXODgBAB9UbpAAABAQgKTYUv4MLd4fQ="}
-00507{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1605292122674,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1605292122674,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24688,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":674024,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9u8AAAAAoAL9IJXTAAACBAWgBAIIChNnJ60AAAAAAQMDBw=="}
00470{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24691,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":697976,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGM8FfbwoBJXgNHxAAACBAV4AQMDAwQCCArC3eI6E2cnrQ=="}
00455{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24692,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":698027,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBAB+1XrAAABAQgKE2cnxcLd4jo="}
01295{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":698360,"pkt_caplen":706,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":706,"pkt_l4_len":652,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AowGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV9vBYIWxkgBgB+5tKAAABAQgKE2cnxsLd4joWAwECZwEAAmMDAxcqM3SukIiua6aXUWl305akyrAbsQ8fC5QrHYGn8yAqIOfUpAFM2ex8Yzi\/Sen\/tnD95LkMo2l4V+QtyZhS\/smCACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAfqKigAAAAAAHQAbAAAYc2Iuc2NvcmVjYXJkcmVzZWFyY2guY29tABcAAP8BAAEAAAoACgAICgoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkKCgABAAAdACDK7MvCss9kPuP\/sGQIpNIgaBZPSr9Qiypf8B3tmZxOcgAtAAIBAQArAAsKiooDBAMDAwIDAQAbAAMCAAKamgABAAApASsA9gDwAAAiIJslU1lFpjTpi3lmNcM02Z66mKz\/ebRIkuOX18rpowH2yWfRzdOZHXike\/2DtKx+3unPfKAy7bV8y4oY0zmw0E1pgUb7btO6Vjk+uxl7qJDciqRgqzQMVKk21FI05k9Tj8+QijWSqapfQXpJZo9ZGd54w+gB1V2q8Nw7dtF2+eFiyJH2mXerNpN0ZE6fUqgXQsD4DbRpYQjZTIcPcs\/we2ogtL0JfR+e875ICH323jad+VODdi9WWJ93O+ld3DiE0YkFyo7kp5dxhnBMUode0ut+uFiEfQ9mADB5yJ2cgEQe3BR1tRHNJhSdnJ6lY4sULQAxMNVjiEV0UOkpjkSg09LdgE2p3Pne63LSoF7PSJBmSVGBkf3yxkp3tDTf\/lSBUFM44A=="}
-00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_tot_l4_data_len":764,"flow_min_l4_data_len":32,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
-00508{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1605292122698,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00831{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":24693,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1605292122674,"flow_last_seen":1605292122698,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":620,"flow_avg_l4_payload_len":155,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00516{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1605292122698,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24694,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":698834,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gCuvGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABKcpoVprIBu3ASIMYXhL6qgBAB9S93AAABAQgKNSTnjcLdLMU="}
00849{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24701,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":732998,"pkt_caplen":373,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":373,"pkt_l4_len":319,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAT8GPQBk\/5sAAAAAAAAAAGj0KsgqAcsBIEmLB5kd7IUo3\/YpAbvdzp1dc4P\/jELzgBgMVXssAAABAQgKwt3iXU2FL+AXAwMAZgKGO4CK2Sa+MBvWVs7aSwMQS1XdhHEK8n0QGhVYPJ0fcKO17xXh1\/TnQFRLHAhfuOJ2xqV5suXStfVhcwsAjHRGV6KZtBpAeOpM+oH9KIaOY4i4b\/jiZXZvwoiqbraw4dTi6GqRqhcDAwCvAoY7gIrZJr99mddCvV5Pi0UZF1VOg83YYk8DSpojNp1UYB44rfbd7Nv8VPsaWBdoZtachs1FIB3x\/bOmuXGr+S46PqQ36u3DTULgx9r65qELgZBRCA6hbwCsou28zGuziJt2YNElBpvQRj87bfBHBJxeO0txFtGJ27GM6yrh5vi9xhWlJ+47R6OKNPxj0EcUTaIqG5HKo62n\/kFi\/O7kfvi+xjlge7IttySRyXMA0Q=="}
00456{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24702,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":733019,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQvOdXXSigBAB80T6AAABAQgKTYUwScLd4l0="}
00458{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24705,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":740353,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGQ8FflcgBALPUoSAAABAQgKwt3iZBNnJ8Y="}
00457{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24706,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":741055,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAEpymhUqAcsBIEmLB5kd7IUo3\/YpAbumsheEvqpwEiDHgBALdyXtAAABAQgKwt3iZjUkMfM="}
00830{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":755298,"pkt_caplen":356,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":356,"pkt_l4_len":302,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAS4GPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbGQ8FflcgBgLPTVnAAABAQgKwt3icxNnJ8YWAwMAgAIAAHwDAzWOeYeWA9tkttviHxFHMRX5kqSsIBnhr\/DteXs0HEdcIOfUpAFM2ex8Yzi\/Sen\/tnD95LkMo2l4V+QtyZhS\/smCEwIAADQAKwACAwQAMwAkAB0AIFMDDI70FepQJKovamRd8ZlpHhD3xMTEwVZ8ecFebZNRACkAAgAAFAMDAAEBFwMDADQFe8opu15w3t96wSHw\/hxzIs+jjXApto7NOP2S71vo6f\/CtK\/ovPn++sEbY22xCwtxfVMNFwMDAEVbG9+HThxTS\/dJcNiVEkQR4XKZN+zpevp6yXH6XRikKTfzKIbPDrUVd1y98ABmy1ohMiTG\/WkM87GBpF3QqkJmysT4GaI="}
-00860{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_tot_l4_data_len":1098,"flow_min_l4_data_len":32,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00870{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24707,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":6,"flow_first_seen":1605292122674,"flow_last_seen":1605292122755,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":890,"flow_avg_l4_payload_len":148,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"sb.scorecardresearch.com","ja3":"44d502d471cfdb99c59bdfb0f220e5a8","ja3s":"2253c82f03b621c5144709b393fde2c9","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00456{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24709,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":755310,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV+VxYIW1ygBAB+VIAAAABAQgKE2cn\/8Ld4nM="}
00569{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24711,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":756223,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AHAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV+VxYIW1ygBgB+T2\/AAABAQgKE2coAMLd4nMUAwMAAQEXAwMARdDa9yrwoDnXPAyRfhiAZdq3e3C4m8Yc02N87\/88hZCnz69OIwfWZ2BptZXPxasUo0TUxx2bF\/d152CHdMmBWDoRE9rAHw=="}
01232{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24712,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":757708,"pkt_caplen":658,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":658,"pkt_l4_len":604,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1AlwGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV+axYIW1ygBgB+VmoAAABAQgKE2coAcLd4nMXAwMCNwrnx58\/PIi4o8myvWzyo3u9DyUAppiXea+vyGuuJYMUHtXtWYrg1Hsg+C7FBVzlja1nzb6ETUiYH8gvKZKVXjl8gX\/3UuoCjf71OhhnKaPNuaHVkfgxOtXZjlfllVbqR3DsyOp25iSHYZvBZJpZ3V+n8DWu9k0zBHZUAmRyFH8F7VG8vZlwkwmg\/3EFOeKC0d06\/H88fvHhCSOYvPjy3P14FG+Cc36H2q43wE9Ee6MuepBT5CqPNrFZe2aSr3YXHU7O5ddvvLtUhlVjdcU4hyptsylE3OYERVs+iYPfr5eIgsHGSffcJ7Cps\/diN02bAAO8kwIQ6Zne6tTXTZFv5jAkHyId75IU8OLCvHuyxjpgv5zKLcSXbSC0KeRtw6977ykppqcn88\/ocu7xn4l\/H2aLxRISLYUBMfPkLWakOMisURNIERG4l5ULiorEuGOIdzy1pY5OtO3nehXn71KD8RoBDE+zQCW\/n1uw2kPNYn71j+f+q8X33+lII4davppG47hK01RsGcPK0cOtT+L0d88ohmKIJo9L+Du1kLPAvOFJcCx0GgMtHBSAqgMxBj+SNz0QS9VKms8gBRshW7o96AsrItA3IBmjQRh9aRDhNEMlvuPIBOGyhkr8Q4+tSOQ5PUUxMsDRE273AO2DqookmjXvBrr5j3pvEWTABXTAb9QheR6waA5w4GsOWUGhhqsEmCZxLZCeJpWkwJAeKrC7g5P\/Rg8iigOX41VRSVdQf4WG5LqgBAMA\/Q=="}
@@ -393,88 +393,88 @@
00456{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24719,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":795953,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV++hYIW6RgBAB904HAAABAQgKE2coJ8Ld4ps="}
01276{"flow_id":46,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24720,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":796414,"pkt_caplen":686,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":686,"pkt_l4_len":632,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAngGPQBk\/5sAAAAAAAAAAGAGB0kqAcsBIEmLB5kd7IUo3\/YpAbuY\/FghbpE8FfvogBgLjyopAAABAQgKwt3inRNnKAEXAwMCUzZARbwxBkz3+SQfcs\/ZgbJZR+bKWkZu1ko90Fx\/mX2WuGFZ3yc43oenDWWC7\/RugTGPifZDrYRGw8ILNxwIdvH669GvPEFLAiUkCO9U1MaSlMiRtwAwlul+BFEl\/v6cbkxREtBOi\/I9EyBs3uZIgfGrIP7V36dV5XAdEh9XDAOTT+r7CVkTcwhHyuTDl+4cEe2WDrf6kH3EvVNHovmTgR6NBbi2ZzvYf\/I871e+eny2ObsTDS6auOCtJPml+QIiKq\/ZkAuyyE1Zk+G1NyrqxHvZOjNK6PZGzRLIb2cXXN+qdoebo6v7qqagSnmieYKIxz39tsigxdvJ2Vr383zhE8HvFXk6odr7Mo1KVfG41Qgy41fDBKoqAqmSHI9\/7hARsmC4Ktp6kgI\/6jCJ5pWZ4C\/rURmJeamcqLzm3Qyz+EXXgtS7ZHk6gYfIMlqB0g8AfaGtX4V9ZKDbk7QH4E3XetnXPqE0zgsbAXBciZyypq0sULlHE+VYpeL9kTykm7iBz2x1sM5QbsFGx+gXTmWRZj1LeT\/eAGa7MD277zs4U0uvXuwqDDXXC5f2ps1c5TG15onNx03RwFOOB4k6M3IjiYwxMPI02tCNW0y\/LSreaxKdooxeKVrn2mf0VY9lnBX9Si7WNjag5aI+NS859ngGEY9uoQE3\/Ami5dcrKKUOWHWg9oqk4\/qmhetPitZOnjEO5fFPTUN6biVkUyJISciA2ixL1SyqYa45+bJx+mhTWP82k4RdhoHrnraU8LSU0jqAY0Jsb3n37bdgMNgq+P75djh0grs="}
00456{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24721,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":796421,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gD3A1ACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPwBuzwV++hYIXDpgBAB80uwAAABAQgKE2coKMLd4p0="}
-00514{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1605292122874,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1605292122874,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24733,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":874816,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="}
00457{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1605292122,"pkt_ts_usec":899206,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00560{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_tot_l4_data_len":1490,"flow_min_l4_data_len":32,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_tot_l4_data_len":1490,"flow_min_l4_data_len":32,"flow_max_l4_data_len":696,"flow_avg_l4_data_len":165,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":75,"flow_first_seen":1605292122076,"flow_last_seen":1605292122470,"flow_tot_l4_data_len":37634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":501,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":75,"flow_first_seen":1605292122076,"flow_last_seen":1605292122470,"flow_tot_l4_data_len":37634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1080,"flow_avg_l4_data_len":501,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00531{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_tot_l4_data_len":8259,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":266,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00549{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_tot_l4_data_len":823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":149,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_tot_l4_data_len":823,"flow_min_l4_data_len":32,"flow_max_l4_data_len":149,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_tot_l4_data_len":79659,"flow_min_l4_data_len":32,"flow_max_l4_data_len":6072,"flow_avg_l4_data_len":744,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_tot_l4_data_len":762,"flow_min_l4_data_len":32,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":76,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00523{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_tot_l4_data_len":762,"flow_min_l4_data_len":32,"flow_max_l4_data_len":319,"flow_avg_l4_data_len":76,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_tot_l4_data_len":153848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":603,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00532{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_tot_l4_data_len":1089230,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2458,"flow_avg_l4_data_len":651,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_tot_l4_data_len":152530,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":598,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_tot_l4_data_len":1576,"flow_min_l4_data_len":32,"flow_max_l4_data_len":676,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00524{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_tot_l4_data_len":1576,"flow_min_l4_data_len":32,"flow_max_l4_data_len":676,"flow_avg_l4_data_len":175,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00547{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_tot_l4_data_len":21326,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1240,"flow_avg_l4_data_len":426,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00542{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_tot_l4_data_len":980,"flow_min_l4_data_len":20,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_tot_l4_data_len":10299,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1311,"flow_avg_l4_data_len":294,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_tot_l4_data_len":3907,"flow_min_l4_data_len":32,"flow_max_l4_data_len":652,"flow_avg_l4_data_len":205,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_tot_l4_data_len":26052,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_tot_l4_data_len":162300,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":636,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_tot_l4_data_len":155628,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1432,"flow_avg_l4_data_len":610,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_tot_l4_data_len":2267,"flow_min_l4_data_len":32,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00525{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_tot_l4_data_len":2267,"flow_min_l4_data_len":32,"flow_max_l4_data_len":189,"flow_avg_l4_data_len":80,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_tot_l4_data_len":41578,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3173,"flow_avg_l4_data_len":659,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00546{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00527{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_first_seen":1605292118714,"flow_last_seen":1605292118786,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00571{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00552{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104013,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":664,"flow_tot_l4_payload_len":1202,"flow_avg_l4_payload_len":133,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":75,"flow_first_seen":1605292122076,"flow_last_seen":1605292122470,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":469,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00539{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":75,"flow_first_seen":1605292122076,"flow_last_seen":1605292122470,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1048,"flow_tot_l4_payload_len":35234,"flow_avg_l4_payload_len":469,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1605292114506,"flow_last_seen":1605292114736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108796,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108805,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56578,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1605292108746,"flow_last_seen":1605292108789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1605292102219,"flow_last_seen":1605292102653,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_first_seen":1605292108747,"flow_last_seen":1605292108796,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":31,"flow_first_seen":1605292105433,"flow_last_seen":1605292106000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":7251,"flow_avg_l4_payload_len":233,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00560{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":13,"flow_first_seen":1605292121674,"flow_last_seen":1605292122517,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":407,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1605292102603,"flow_last_seen":1605292102678,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":107,"flow_first_seen":1605292122064,"flow_last_seen":1605292122440,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6040,"flow_tot_l4_payload_len":76219,"flow_avg_l4_payload_len":712,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00553{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00534{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":10,"flow_first_seen":1605292104650,"flow_last_seen":1605292122733,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":287,"flow_tot_l4_payload_len":442,"flow_avg_l4_payload_len":44,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_first_seen":1605292119370,"flow_last_seen":1605292119458,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":255,"flow_first_seen":1605292105669,"flow_last_seen":1605292122890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":145688,"flow_avg_l4_payload_len":571,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1671,"flow_first_seen":1605292108895,"flow_last_seen":1605292115212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2426,"flow_tot_l4_payload_len":1035742,"flow_avg_l4_payload_len":619,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1605292122698,"flow_last_seen":1605292122741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120839,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00548{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00529{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_first_seen":1605292118602,"flow_last_seen":1605292118777,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":255,"flow_first_seen":1605292103810,"flow_last_seen":1605292122755,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":144370,"flow_avg_l4_payload_len":566,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1605292103804,"flow_last_seen":1605292104007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":644,"flow_tot_l4_payload_len":1288,"flow_avg_l4_payload_len":143,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":50,"flow_first_seen":1605292105197,"flow_last_seen":1605292105378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":19710,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00553{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":12,"flow_first_seen":1605292105274,"flow_last_seen":1605292105347,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":35,"flow_first_seen":1605292105418,"flow_last_seen":1605292122864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1279,"flow_tot_l4_payload_len":9163,"flow_avg_l4_payload_len":261,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":19,"flow_first_seen":1605292122674,"flow_last_seen":1605292122861,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":620,"flow_tot_l4_payload_len":3283,"flow_avg_l4_payload_len":172,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_first_seen":1605292122874,"flow_last_seen":1605292122899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":62,"flow_first_seen":1605292121486,"flow_last_seen":1605292122503,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":24052,"flow_avg_l4_payload_len":387,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":255,"flow_first_seen":1605292105170,"flow_last_seen":1605292122449,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":154140,"flow_avg_l4_payload_len":604,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":255,"flow_first_seen":1605292105171,"flow_last_seen":1605292122739,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":147468,"flow_avg_l4_payload_len":578,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00547{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00528{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00555{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00536{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":28,"flow_first_seen":1605292105726,"flow_last_seen":1605292122804,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":1371,"flow_avg_l4_payload_len":48,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00545{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":63,"flow_first_seen":1605292122095,"flow_last_seen":1605292122344,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3141,"flow_tot_l4_payload_len":39546,"flow_avg_l4_payload_len":627,"midstream":0,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00554{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00535{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test"}
diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out
index 3ad172cdf..32780a6ec 100644
--- a/test/results/ubntac2.pcap.out
+++ b/test/results/ubntac2.pcap.out
@@ -1,34 +1,34 @@
00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ubntac2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943433,"pkt_ts_usec":175002,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1486943433175,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00643{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943443,"pkt_ts_usec":357445,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4JAAEARuPbAqAEB\/\/\/\/\/65hJxEAt\/NoAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeagsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdAbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1486943443357,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943453,"pkt_ts_usec":510239,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4NAAEARuPXAqAEB\/\/\/\/\/9gZJxEAt8imAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADedAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdEbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1486943453510,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00643{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943463,"pkt_ts_usec":665911,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4RAAEARuPTAqAEB\/\/\/\/\/7r\/JxEAt+S2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADefgsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdIbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1486943463665,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47871,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943473,"pkt_ts_usec":817118,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4VAAEARuPPAqAEB\/\/\/\/\/+l8JxEAt7UuAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeiQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdMbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1486943473817,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":59772,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943483,"pkt_ts_usec":995037,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4ZAAEARuPLAqAEB\/\/\/\/\/8v8JxEAt9GkAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADekwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdQbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1486943483995,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":52220,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00642{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943494,"pkt_ts_usec":148315,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4dAAEARuPHAqAEB\/\/\/\/\/7qCJxEAt+IUAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADenQsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdUbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1486943494148,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":47746,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00643{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1486943504,"pkt_ts_usec":301123,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4hAAEARuPDAqAEB\/\/\/\/\/6dWJxEAt\/Q2AgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADepwsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFdYbAAU0LjAuMA=="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":183,"flow_max_l4_data_len":183,"flow_avg_l4_data_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","ndpi": {"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1486943504301,"flow_last_seen":0,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test"}
diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out
index 484b921dc..fee91ce9b 100644
--- a/test/results/upnp.pcap.out
+++ b/test/results/upnp.pcap.out
@@ -1,7 +1,7 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"upnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1541515314826,"flow_last_seen":0,"flow_tot_l4_data_len":664,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1541515314826,"flow_last_seen":0,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01297{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515314,"pkt_ts_usec":826314,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1541515314827,"flow_last_seen":0,"flow_tot_l4_data_len":664,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1541515314827,"flow_last_seen":0,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01271{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515314,"pkt_ts_usec":827161,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtYAAAERvobAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
01297{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515314,"pkt_ts_usec":944489,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="}
01269{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515315,"pkt_ts_usec":6305,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtcAAAERvoXAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
@@ -15,8 +15,8 @@
01272{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515319,"pkt_ts_usec":474552,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtsAAAERvoHAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
01298{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515320,"pkt_ts_usec":458778,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="}
01272{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1541515321,"pkt_ts_usec":472909,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtwAAAERvoDAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_tot_l4_data_len":4648,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_tot_l4_data_len":4648,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_tot_l4_data_len":4648,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_tot_l4_data_len":4648,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"proto":"WSD","breed":"Acceptable","category":"Network"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00124{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test"}
diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out
index 0b28ee645..b54d2644f 100644
--- a/test/results/viber.pcap.out
+++ b/test/results/viber.pcap.out
@@ -1,11 +1,11 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1527155638428,"flow_last_seen":0,"flow_tot_l4_data_len":133,"flow_min_l4_data_len":133,"flow_max_l4_data_len":133,"flow_avg_l4_data_len":133,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1527155638428,"flow_last_seen":0,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00561{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":428936,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1527155638474,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1527155638474,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":474128,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHQZAAEARnDbAqAARwKgAD7KvADUALIZ64YMBAAABAAAAAAAABWdyYXBoCGZhY2Vib29rA2NvbQAAAQAB"}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1527155638474,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1527155638474,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00609{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":476527,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"MAdNo1+nAA6OMNv9CABFAAC9W3xAAEARXUPAqAAPwKgAEQA1sq8AqYax4YOBgAABAAMAAgACBWdyYXBoCGZhY2Vib29rA2NvbQAAAQABwAwABQABAAAK\/QAGA2FwacASwDAABQABAAADcAAMBHN0YXIEYzEwcsASwEIAAQABAAAAIgAEHw1WCMBHAAIAAQAAChUABwFiAm5zwEfARwACAAEAAAoVAAQBYcBswH0AAQABAAAKFQAERavvC8BqAAEAAQAAChUABEWr\/ws="}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":44,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Facebook","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"graph.facebook.com","num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.8"}}
00499{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":483176,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"pkt":"AA6OMNv9MAdNo1+nCABFAABsvbFAAEAGirvAqAARNAD9ZYG4EJTYH5RlTQ0UaIAYAtrUUgAAAQEICgAhYFH3kz3SOAALAAAAldaoLlKjmwog1MjwGSIlPYr6Sdpf8civ07lgAXs3mNLP4I1IauuXnWuqSM\/O114Rmek="}
00420{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":524866,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0M+hAACYGLr00AP1lwKgAERCUgbhNDRRo2B+UZYAQAIxrZwAAAQEICveUYGsAIWBC"}
00527{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":525136,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"MAdNo1+nAA6OMNv9CABFAACAM+lAACYGLnA0AP1lwKgAERCUgbhNDRRo2B+UZYAYAIyDiQAAAQEICveUYGwAIWBCTAAOAAAA7ZKoDv3w6OEJqmeEcnEl5cUBQprrMM7Rp8izc+yMxyWcB68VLspY31LXwDQ0RwmmKdwU4EmaqJ3KShawrAeJ2amPhoabWg=="}
@@ -15,41 +15,41 @@
00421{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":585043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0vbRAAEAGivDAqAARNAD9ZYG4EJTYH5ZXTQ0U9IAQAtpmOAAAAQEICgAhYGv3lGCl"}
00516{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":674271,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"pkt":"MAdNo1+nAA6OMNv9CABFAAB4M+tAACYGLnY0AP1lwKgAERCUgbhNDRT02B+WV4AYAJW3YgAAAQEICveUYQEAIWBnRAAQAAAAhWyJ8NwOoiiefvfHWmYSvvyMNosILosbQOgWVmb9FwMzhNX+D1qiZakE4ObB3LGQCYZWvxRShcP8Pqrl1bo="}
00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155638,"pkt_ts_usec":676652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0vbVAAEAGiu\/AqAARNAD9ZYG4EJTYH5ZXTQ0VOIAQAtplgQAAAQEICgAhYIL3lGEB"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1527155639005,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1527155639005,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":5882,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8HWBAAEARm+DAqAARwKgAD4nTADUAKI8By5wBAAABAAAAAAAAA2FwcAZhZGp1c3QDY29tAAABAAE="}
-00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1527155639005,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1527155639005,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app.adjust.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00738{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":8484,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"pkt":"MAdNo1+nAA6OMNv9CABFAAEhW4BAAEARXNvAqAAPwKgAEQA1idMBDcumy5yBgAABAAQABAAEA2FwcAZhZGp1c3QDY29tAAABAAHADAABAAEAAAHMAASyots6wAwAAQABAAABzAAEsqLbmcAMAAEAAQAAAcwABLKi2LPADAABAAEAAAHMAAS5l8wIwBAAAgABAAKIXQATBG5zMDEGYWRqdXN0BXdvcmtzAMAQAAIAAQACiF0AFARkbnMxA3AwOQVuc29uZQNuZXQAwBAAAgABAAKIXQAHBGRuczLAkMAQAAIAAQACiF0ABwRuczAywHHAiwABAAEAAWUPAATGMywJwKsAAQABAAFlDwAExjMtCcBsAAEAAQAAMG8ABC02EQHAvgABAAEAADBvAAQtNhFB"}
-00661{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":40,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1527155639234,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app.adjust.com","num_queries":1,"num_answers":12,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.162.219.58"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1527155639234,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":234839,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AA6OMNv9MAdNo1+nCABFAABAHWRAAEARm9jAqAARwKgAD\/WYADUALODJ\/WMBAAABAAAAAAAABG1hcGkJYXBwdGltaXplA2NvbQAAAQAB"}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1527155639234,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1527155639234,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00839{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":237450,"pkt_caplen":373,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":373,"pkt_l4_len":339,"pkt":"MAdNo1+nAA6OMNv9CABFAAFnW5VAAEARXIDAqAAPwKgAEQA19ZgBU\/qk\/WOBgAABAAkABAABBG1hcGkJYXBwdGltaXplA2NvbQAAAQABwAwABQABAAAKmgACwBHAEQABAAEAAAA7AAQ2RabiwBEAAQABAAAAOwAENrtbtsARAAEAAQAAADsABCLf10HAEQABAAEAAAA7AAQjoIExwBEAAQABAAAAOwAEI6WM3sARAAEAAQAAADsABCOitm\/AEQABAAEAAAA7AAQ2RVffwBEAAQABAAAAOwAENrpW+MARAAIAAQAAA2AAGQducy0xODgzCWF3c2Rucy00MwJjbwJ1awDAEQACAAEAAANgABcHbnMtMTEyOQlhd3NkbnMtMTMDb3JnAMARAAIAAQAAA2AAFgZucy02ODUJYXdzZG5zLTIxA25ldADAEQACAAEAAANgABMGbnMtNDczCWF3c2Rucy01OcAbwSgAAQABAAADYAAEzfvB2Q=="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":44,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1527155639240,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"mapi.apptimize.com","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.69.166.226"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1527155639240,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":240854,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8C6FAAEAGkTrAqAARNkWm4pB6Abv8W2quAAAAAKAC\/\/9PrwAAAgQFtAQCCAoAIWEPAAAAAAEDAwc="}
00434{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":414725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHpPMSQJ\/Ftqr6ASaN+BOQAAAgQFtAQCCApMsKWZACFhDwEDAwg="}
00421{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":417273,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6JAAEAGkUHAqAARNkWm4pB6Abv8W2qvTzEkCoAQAq0WDQAAAQEICgAhYTtMsKWZ"}
00666{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":419114,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AA6OMNv9MAdNo1+nCABFAADoC6NAAEAGkIzAqAARNkWm4pB6Abv8W2qvTzEkCoAYAq3FAQAAAQEICgAhYTtMsKWZFgMBAK8BAACrAwOf\/2TjK8r1kWpdan2TJekyDzujbi8jagHQAHL6QuSe+wAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":32,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1527155639240,"flow_last_seen":1527155639419,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00422{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":592888,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0gc9AAOYGdRM2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG4XbAAAAQEICkywpcUAIWE7"}
02370{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":594657,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcgdBAAOYGb2o2RabiwKgAEQG7kHpPMSQK\/FtrY4AQAG6arAAAAQEICkywpcYAIWE7FgMDAEwCAABIAwMLHEIErVr5e+d+yFhQeYy5TJaKTvDbe+d55IGEJK9XMADALwAAIP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xFgMDEVgLABFUABFRAAW+MIIFujCCBKKgAwIBAgIQSJIT4MMvKqIG9KAsMNS0lTANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNjAyMTEwMDAwMDBaFw0xOTA0MTAyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQwNDMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRkwFwYDVQQJExAxOTU5IExhbmRpbmdzIERyMRcwFQYDVQQKEw5BcHB0aW1pemUsIEluYzEcMBoGA1UECxMTUHJlbWl1bVNTTCBXaWxkY2FyZDEYMBYGA1UEAwwPKi5hcHB0aW1pemUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yweODrn0HMixsXfKOospPUGhUn\/osi07WYbM2MA5hMxNJIlpLzRykh557oNhQYEnhUd1dP01i00IDibJyJOOn9wLohH2qjeTtgA5KS6ToWu75VgJV6kyq6X3rlgIIgDLmwZubwQQHVok1qPh0PmBn4+G2Zpyt1dLhrz99NApchcdWgEl9Yafe2\/jZIbMXd8\/6bk+oQ5ItsgdSSwKD3f0DylPoEr9HglXrseuMgvYLDhmeKArfgb\/Ql7VVIo1qs4oGWYqtWt3ZwW7mTEy3yekKAtTVyReu+biZSQBW05Hgn4raIgigTR\/EJ+sUdDvDc9deVlXnSuOEIn\/ynWk2oJnQIDAQABo4IB6DCCAeQwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYEFHCj31xxJa8\/ZGYVVTFqBgDRAaWdMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wKQYDVR0RBCIwIIIPKi5hcHB0aW1pemUuY29tgg1hcHB0aW1pemUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBsVTXMfmfu7FXFawh8Q+pRoJzZtRl1uV217huAjn4GLi61TfLIkqmrl2rFaFJlDwDA3JACJXHYlATCvcPnukIAvcpTxX+UAJNejiY5g\/DFg09EeKw73yH4cPtSkqJQp1tWUGB7WF1aVpSCb\/23LG2ceNppRmm0jzFXqYirkKy5PS4pnf9v3bTXaUg="}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_tot_l4_data_len":1836,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1628,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02371{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":594735,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcgdFAAOYGb2k2RabiwKgAEQG7kHpPMSmy\/FtrY4AQAG7OPAAAAQEICkywpcYAIWE7jgUumjwsSflXjaztwmxFplmOyeqFjTlAH6ZCRY2Og+XkJADhWliv5FVU\/DWWnJQddCCPoXDozxh3Sbf3Tx2Lf2O470fEQ5ucm3IqbHYX6p0B+PSjs7UlF99i9CQEKQbGZL7NiJ8WFaSfZGeLMdYM+bd9aFFULgAGEjCCBg4wggP2oAMCAQICEDaCXn+1pIGTfvbRc2u5PKYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5FNmF8kFEV\/8wRB7cPESjF7huAfijX8KpIR3OWfTs84ipCTI8sYtjpD4nNvOP+ThmLgeXQY9Lpt3DX55zPOfKIA1PfDIFz8EuSGVKhdAfVjFtjuXGMtQbvJ99lvyY10\/49FhW+ONFvpEYguSKvq\/NUjdRh08el8HoOq75\/0bkZT8\/w0eDL8y4Ql4tfvdaaK5dS8CmNSH1hqPISYuYY2ANySFIwpIwZUayhjUEQiV+radOSxJAAHqIaFxvn6OkeBEhrj0LDr5FFCPP63XX9qDxvEVsXryhMuzzWHhCKAs6AXbwxaCewWlw3o9Lpnnf8na24w8TfBg7sVFsaiA5zp5pAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUmvMr2s+tT7YvuypISCoStxtCwSQwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgIwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBpijZomh47ZQvgfM+mq3E7r2GkP+RkAUkQ0x2P4tXtZ9OeW5e9Qh4H+dC7bfcylVoiKWL4DJxZVic2oCISEfpH9FHJWXspSqVINXzFl2bgJyU7FXoydUqR+6ZrnuJT+g2ME\/sjuAsSLK7t2x1HkNXQk2l2kTgVNNcY6n68a1jeKjmQA0QESlbYaOX1fGl+nn1US9DYhqtnZhNXXokqF60trr1ADmbtiv9UtMEBy6ngR7oRYY+triNIKsYleYkcQQSVwBHqVyvWtJf6sekVYuxKcXf986Gc2vZrACnFMuf6TuqzKqcYlxxYp0I2X+wUz\/h7DvfdzIgVmppcyPEgx9GGcqEXm666\/myoMtEAdklz9z8nhzy2yS36qpCQyQo="}
02385{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":594742,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcgdJAAOYGb2g2RabiwKgAEQG7kHpPMS9a\/FtrY4AQAG5FUgAAAQEICkywpcYAIWE7CZ\/JaR8HGam\/3rr4C4iCRBYQfwfAgCJff7ww3rrNB3lkVtj\/80+cMLtuHlFL5s29F8TFv8g\/jrEfika3BkNvYi3PUZ1FyorpE4vAx5G+W7b6N0qJ\/vCd2hMmIiwGkD6LE5igGdbd2kpIfz0PiZ0kcksOe0T\/1Da2g3YjWIsUbLhd92FtOXbt3RI9a4eIl5G+wEYCHnYc3bavXE\/1ANacTangnqKO\/LEWeVwh00WBmgw5bG0o1yXStxGQ0Pbeb170+qSLZndyL5uQQCxSEmD5\/7VwLomaeQmJgS3sXHhvgYfx\/FUABXgwggV0MIIEXKADAgECAhAnZu5W60nzjqvXcKL8hN4iMA0GCSqGSIb3DQEBDAUAMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMDAwNTMwMTA0ODM4WhcNMjAwNTMwMTA0ODM4WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX\/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs\/Q36nGz637CC9BR++b7Epi9Pf5l\/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu\/Nio5JIk2kNrYrhV\/erBvGy2i\/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP\/0uK3pN\/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma\/RMhnEw6abfFobg2P9A3fvQQoh\/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq\/yapiqcrxXStJLnbsQ\/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH\/BAUwAwEB\/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAQEAZL+D8V+ahdDNuKEpVw3oWvfR6T7ydgRu8VJwux48\/00NdGrMgYIl08OgKl1M9bqLoW3EVAl1x+MnDl2EeTdAE3f1tKwc0DurFxI="}
01140{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":594933,"pkt_caplen":595,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":595,"pkt_l4_len":561,"pkt":"MAdNo1+nAA6OMNv9CABFAAJFgdNAAOYGcv42RabiwKgAEQG7kHpPMTUC\/FtrY4AYAG7NjwAAAQEICkywpcYAIWE71u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBDb9v5njLta8VxN6b0FC+ppyxY5VkxPwMAd0CQOK6gpwagWrmk0kj7vl7SySoP1foWZjrA\/Rg81VD1cSGgsnKEQGAQEAyjGOlWQnRs7jjOaoOS5YVEimpQR8PYCIlnQGlXJ9PGtqY1cnoDdKvrw7eORhLNX5KdiOQQVZTg8QcJPYDXxB9t3jI4GlLhSY9mY+AZiNteaLVcHFZFJF\/GmvBPVu9FToyvfpQWxI9v0nYldE3Qdt\/uVFKsy1weuCm\/194Tlgru9gJEc2elKrLfLKgbP8+RaqP9DJ6fvTtH5BOn2IqEsbCQJrMjrfz4v2gZsrbGq+3bzvdOOm0e2wHQW5uu5hzmOWRBwbn+KkUm3ti22iT0Xr73UPGm9FZvLPUwrR8czr5g3uGtnq0vSoWmEhyA55gZmdXrAMETmyLTlUEPIF9Y1XBxYDAwAEDgAAAA=="}
-01136{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_tot_l4_data_len":5357,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":595,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","issuerDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
+01147{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":9,"flow_first_seen":1527155639240,"flow_last_seen":1527155639594,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5053,"flow_avg_l4_payload_len":561,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","issuerDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
00423{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":692482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6RAAEAGkT\/AqAARNkWm4pB6Abv8W2tjTzEpsoAQAsMPKQAAAQEICgAhYYBMsKXG"}
00422{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":695975,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6VAAEAGkT7AqAARNkWm4pB6Abv8W2tjTzEvWoAQAtoJagAAAQEICgAhYYBMsKXG"}
00422{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":696036,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6ZAAEAGkT3AqAARNkWm4pB6Abv8W2tjTzE1AoAQAvEDqwAAAQEICgAhYYBMsKXG"}
00422{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":696083,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0C6dAAEAGkTzAqAARNkWm4pB6Abv8W2tjTzE3E4AQAwcBhAAAAQEICgAhYYBMsKXG"}
00596{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":719698,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AA6OMNv9MAdNo1+nCABFAACyC6hAAEAGkL3AqAARNkWm4pB6Abv8W2tjTzE3E4AYAwcXYgAAAQEICgAhYYdMsKXGFgMDAEYQAABCQQQif0HwmkRgOTneBKTut0tN9AW4SfLVSUzuW3UL\/NJZtYN\/bVPqB\/NGE5BzM1hQLQMxz70nPpE1GBHYkv6b+J8TFAMDAAEBFgMDACgAAAAAAAAAAMmKkUBzXF+f8vviq5uyTbEuut2rNwkbh9Zx9oMXgXoQ"}
00771{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155639,"pkt_ts_usec":893475,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"MAdNo1+nAA6OMNv9CABFAAE2gdRAAOYGdAw2RabiwKgAEQG7kHpPMTcT\/Ftr4YAYAG7KuAAAAQEICkywphAAIWGHFgMDAMoEAADGAACowADAn2gqIZctsFDgAFT4WfWm8PIYbZeU7R769Z8VL3YvUFTWOa8LJ0c8IMJNLcPSWP9dGu38MBpgAtm0qVqMlwyGY5hTX2oeGOOHOYcvUqoOcr3ICNrcFLCIEanKE7MyJQ1wgm3DX4a4jDYtzRnGAJZY7ftOdHSfz5WlWP4vEsdw+dBhy5nBtFzqkkVZfZ2OyhkrJA1yw1h66FbYl\/FShg5YCRQ12eiBiNYppwt0BPbNxVdkksUQlcz7moo7w5JApDGiFAMDAAEBFgMDACgD5Lk+bHdoDNdjeRCd6onIzcUsbCayNa6tFCu94gsha1XhJfneFNzu"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1527155640085,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1527155640085,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":85923,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8sZJAAEAG60jAqAARNkWm4pB8Abt0c9BwAAAAAKAC\/\/9xAAAAAgQFtAQCCAoAIWHiAAAAAAEDAwc="}
00434{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":261254,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYG9to2RabiwKgAEQG7kHz0FjHkdHPQcaASaN\/u9gAAAgQFtAQCCApMsKZsACFh4gEDAwg="}
00422{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":264334,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZNAAEAG60\/AqAARNkWm4pB8Abt0c9Bx9BYx5YAQAq2DyQAAAQEICgAhYg9MsKZs"}
00666{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":275168,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"AA6OMNv9MAdNo1+nCABFAADosZRAAEAG6prAqAARNkWm4pB8Abt0c9Bx9BYx5YAYAq1TTQAAAQEICgAhYhBMsKZsFgMBAK8BAACrAwPxHao\/Q96Yxv6ptzoREqGRwhus41t797c9sc55oDAI4gAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABm\/wEAAQAAAAAXABUAABJtYXBpLmFwcHRpbWl6ZS5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":32,"flow_max_l4_data_len":212,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1527155640085,"flow_last_seen":1527155640275,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mapi.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00421{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":450457,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0l3xAAOYGX2Y2RabiwKgAEQG7kHz0FjHldHPRJYAQAG6FIwAAAQEICkywppwAIWIQ"}
02370{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":452297,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcl35AAOYGWbw2RabiwKgAEQG7kHz0FjeNdHPRJYAQAG479QAAAQEICkywppwAIWIQjgUumjwsSflXjaztwmxFplmOyeqFjTlAH6ZCRY2Og+XkJADhWliv5FVU\/DWWnJQddCCPoXDozxh3Sbf3Tx2Lf2O470fEQ5ucm3IqbHYX6p0B+PSjs7UlF99i9CQEKQbGZL7NiJ8WFaSfZGeLMdYM+bd9aFFULgAGEjCCBg4wggP2oAMCAQICEDaCXn+1pIGTfvbRc2u5PKYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5FNmF8kFEV\/8wRB7cPESjF7huAfijX8KpIR3OWfTs84ipCTI8sYtjpD4nNvOP+ThmLgeXQY9Lpt3DX55zPOfKIA1PfDIFz8EuSGVKhdAfVjFtjuXGMtQbvJ99lvyY10\/49FhW+ONFvpEYguSKvq\/NUjdRh08el8HoOq75\/0bkZT8\/w0eDL8y4Ql4tfvdaaK5dS8CmNSH1hqPISYuYY2ANySFIwpIwZUayhjUEQiV+radOSxJAAHqIaFxvn6OkeBEhrj0LDr5FFCPP63XX9qDxvEVsXryhMuzzWHhCKAs6AXbwxaCewWlw3o9Lpnnf8na24w8TfBg7sVFsaiA5zp5pAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUmvMr2s+tT7YvuypISCoStxtCwSQwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgIwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBpijZomh47ZQvgfM+mq3E7r2GkP+RkAUkQ0x2P4tXtZ9OeW5e9Qh4H+dC7bfcylVoiKWL4DJxZVic2oCISEfpH9FHJWXspSqVINXzFl2bgJyU7FXoydUqR+6ZrnuJT+g2ME\/sjuAsSLK7t2x1HkNXQk2l2kTgVNNcY6n68a1jeKjmQA0QESlbYaOX1fGl+nn1US9DYhqtnZhNXXokqF60trr1ADmbtiv9UtMEBy6ngR7oRYY+triNIKsYleYkcQQSVwBHqVyvWtJf6sekVYuxKcXf986Gc2vZrACnFMuf6TuqzKqcYlxxYp0I2X+wUz\/h7DvfdzIgVmppcyPEgx9GGcqEXm666\/myoMtEAdklz9z8nhzy2yS36qpCQyQo="}
02384{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":452330,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcl39AAOYGWbs2RabiwKgAEQG7kHz0Fj01dHPRJYAQAG6zCgAAAQEICkywppwAIWIQCZ\/JaR8HGam\/3rr4C4iCRBYQfwfAgCJff7ww3rrNB3lkVtj\/80+cMLtuHlFL5s29F8TFv8g\/jrEfika3BkNvYi3PUZ1FyorpE4vAx5G+W7b6N0qJ\/vCd2hMmIiwGkD6LE5igGdbd2kpIfz0PiZ0kcksOe0T\/1Da2g3YjWIsUbLhd92FtOXbt3RI9a4eIl5G+wEYCHnYc3bavXE\/1ANacTangnqKO\/LEWeVwh00WBmgw5bG0o1yXStxGQ0Pbeb170+qSLZndyL5uQQCxSEmD5\/7VwLomaeQmJgS3sXHhvgYfx\/FUABXgwggV0MIIEXKADAgECAhAnZu5W60nzjqvXcKL8hN4iMA0GCSqGSIb3DQEBDAUAMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMDAwNTMwMTA0ODM4WhcNMjAwNTMwMTA0ODM4WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX\/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs\/Q36nGz637CC9BR++b7Epi9Pf5l\/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu\/Nio5JIk2kNrYrhV\/erBvGy2i\/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP\/0uK3pN\/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma\/RMhnEw6abfFobg2P9A3fvQQoh\/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq\/yapiqcrxXStJLnbsQ\/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH\/BAUwAwEB\/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAQEAZL+D8V+ahdDNuKEpVw3oWvfR6T7ydgRu8VJwux48\/00NdGrMgYIl08OgKl1M9bqLoW3EVAl1x+MnDl2EeTdAE3f1tKwc0DurFxI="}
@@ -61,23 +61,23 @@
00422{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":455220,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0sZhAAEAG60rAqAARNkWm4pB8Abt0c9El9BZE7oAQAwdvUwAAAQEICgAhYj5MsKac"}
00595{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":468658,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AA6OMNv9MAdNo1+nCABFAACysZlAAEAG6svAqAARNkWm4pB8Abt0c9El9BZE7oAYAwdkgwAAAQEICgAhYkJMsKacFgMDAEYQAABCQQR1\/lrPOP7QwmMUcyMj3ciYBV4nbgy5urRN+a4ubAY7ShW7R8zP6mu8tVt6rElE2w9k2xEoQ7u2Sz2BhSTxjeIGFAMDAAEBFgMDACgAAAAAAAAAAHJGbbT+xZdnTc0A126zrXMK2QZgtkAyQPt\/y4fIDDSt"}
00774{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155640,"pkt_ts_usec":644021,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"MAdNo1+nAA6OMNv9CABFAAE2l4FAAOYGXl82RabiwKgAEQG7kHz0FkTudHPRo4AYAG6y6QAAAQEICkywpswAIWJCFgMDAMoEAADGAACowADAn2gqIZctsFDgAFT4WfWm8MPKahZ+5Cdq35rw6SUGf1iZ2jDB22ZQsI+e5Qr1hc9C2EI9IJG\/SDlf22yMU9fiR4es+rk+63SbwgoN+r0qAud8CZkrSOJ\/fN2o5Y+\/mX5maf6rrnJxPIVjsBiAJ3Vr1gCv+Yw3ueKogDbaA+9g8GCwjfNtyABxKM4yqasm+BOm7v7vljzSztzN6rgICNtf5pHmho\/3BwE\/CHqQqr8VrV0ecreQQoXm5Kmqmdj+8+CNFAMDAAEBFgMDACiQWGXBQHkKbXqKtilNyeoDxkLpzPhc3gjpcp237WmZeB9cuMOiP+O8"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1527155641574,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1527155641574,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":574870,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AA6OMNv9MAdNo1+nCABFAABBH3ZAAEARmcXAqAARwKgAD5IqADUALZxVyU0BAAABAAAAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAQ=="}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1527155641574,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1527155641574,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":691221,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXEZAAEARXIvAqAAPwKgAEQA1kioAlzNhyU2BgAABAAUAAAAABW1lZGlhA2NkbgV2aWJlcgNjb20AAAEAAcAMAAUAAQAACsAAHg1kbzJneTJrd2FrOWsyCmNsb3VkZnJvbnQDbmV0AMAxAAEAAQAAADsABDbmXWDAMQABAAEAAAA7AAQ25l2mwDEAAQABAAAAOwAENuZdIsAxAAEAAQAAADsABDbmXaA="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":45,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1527155641697,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"media.cdn.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.96"}}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1527155641697,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":697916,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA825FAAEAGCivAqAARNuZdYOCwAbu7GrjkAAAAAKAC\/\/84\/wAAAgQFtAQCCAoAIWN1AAAAAAEDAwc="}
00433{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":714003,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMbw25l1gwKgAEQG74LAWDyy+uxq45aAScSCWXAAAAgQFtAQCCAp+anA4ACFjdQEDAwg="}
00421{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":716061,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025JAAEAGCjLAqAARNuZdYOCwAbu7GrjlFg8sv4AQAq0zmAAAAQEICgAhY3p+anA4"}
00673{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":717778,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"AA6OMNv9MAdNo1+nCABFAADs25NAAEAGCXnAqAARNuZdYOCwAbu7GrjlFg8sv4AYAq3PXQAAAQEICgAhY3p+anA4FgMBALMBAACvAwM9xUi6e2VHcfR2Et1lmWRy3PNn2wAw6MtgIjCKmCwNtgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAYABYAABNtZWRpYS5jZG4udmliZXIuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":32,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1527155641697,"flow_last_seen":1527155641717,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00422{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":733771,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0XIVAAPQG1T425l1gwKgAEQG74LAWDyy\/uxq5nYAQAHY1FQAAAQEICn5qcDoAIWN6"}
02379{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":736492,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcXIZAAPQGz5U25l1gwKgAEQG74LAWDyy\/uxq5nYAQAHZ\/VwAAAQEICn5qcDoAIWN6FgMDAFQCAABQAwPoyuuCaGbnEG9iDpn6258VxnAoTYnO+9\/ziBviurg4hQDALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMLAgsACv4ACvsABj8wggY7MIIFI6ADAgECAhBhzDxU6rjF73JHtAvuSXwJMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRoYXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNjA3MDMwMDAwMDBaFw0xODA3MDMyMzU5NTlaMHkxCzAJBgNVBAYTAkxVMRMwEQYDVQQIDApMdXhlbWJvdXJnMRMwEQYDVQQHDApMdXhlbWJvdXJnMRkwFwYDVQQKDBBWaWJlciBNZWRpYSBTYXJsMQswCQYDVQQLDAJJVDEYMBYGA1UEAwwPKi5jZG4udmliZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8n+EisnmdyKBpkVsvzsuk\/ujYXgyIE8xGBKCjA5x7cHaC1oIJtHyf+8X\/v119n6FNK4ChBrewFLJq+ebjhk2nuYslAfSLg42OpZz\/g07QolDzaSoO6LFeMdCDOxsqogq6F2gGWu1v93wXMZ3SxX0w18h2ffrV9iogCDu\/mnq8X\/idwGWekNtI2\/kjVqiWLJtkY\/tdLE9BJjPIoiwKQc4Yt+KQkFdDlibpwcHG8eeybzMInWXu7FC1vF3Qqbr8s\/\/3HEi8mcold\/nqp4tpy6eja5yIZxJyRta4uP5CWP1mxVh1nXdmY8bXdVUchnq4u5yoCX0k4ET9h8entvHWZ+XwIDAQABo4IC9TCCAvEwGgYDVR0RBBMwEYIPKi5jZG4udmliZXIuY29tMAkGA1UdEwQCMAAwbgYDVR0gBGcwZTBjBgZngQwBAgIwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB\/wQEAwIFoDAfBgNVHSMEGDAWgBTCT0hX\/NFPmsBdOH0OBdvZLrVSYDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdGouc3ltY2IuY29tL3RqLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGouc3ltY2IuY29tL3RqLmNydDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFVsIW2uwAABAMARzBFAiEAlTt3Tfiw+ZZkJLDr25tqCm1oUh0cB9HjeEURiPCEppcCICtUSsKus6VjSQLSl7aDoWDctozD4ksxtvlWI8eePdKUAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFVsIW22wAABAMASDBGAiEAkwIgHnjei9Vt6R6DySH3EGyATRDY6APv7x+fMnLLC70CIQDRAgEBufCSaKFWQnR4phBwxt9rp0P7DMPVkK1VYgphwgB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABVbCFttoAAAQDAEgwRgIhAIHqLNKBhDtGl526NtEeDShBJzlZdt1CuekDsZFrZQ2oAiEAiNWljtQFJroPTOKnW86s\/s54V\/TJEZ\/n1XzoqcAzlFAwDQYJKoZIhvcNAQELBQADggEBAJU="}
-00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_tot_l4_data_len":1840,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02379{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":736756,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcXIdAAPQGz5Q25l1gwKgAEQG74LAWDzJnuxq5nYAQAHYAbgAAAQEICn5qcDoAIWN6DOxt1OzHqMvhJvwwQooO47ut9+eXDtZ+A5ZnGjrcq2qJVOVbgdkd6I25eKYUJt2urtAhOjrPcorixm2yJ\/hW1xBFWZwHdnbJvL+PZ+ZzcYKnISrAdmvESEXZGQgo64jKTAxcoIuHeEjpk9wurUs1j7MPPt5LEsFsH1yGZsIo3KTOfo47hjn7RkANfGeYLvr0unZAVSQ8xJjgl\/9tb\/KjjzD3PmJRgi2QVH4UQu0+jOgzjJNxTayr1LjNe5ReXtNCnYITgfCCDkvGNrAxZBq6TCvzY9cBNkFuW9Dk4BywBTZkeNv4jbregdSEKZ28FTVb8AHBC+GwWIDTN6zDInvAAAS2MIIEsjCCA5qgAwIBAgIQFofWiG3iMAaFIz2\/Eb9llzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0aGF3dGUgU1NMIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy\/Ab7BJPS6lkgO0SFl1I55xDweuCwlEDaRvgMKLu5zmA4P9LYEUIbka1J7o\/H3mzeN2\/9iyA8bed009zVJIhBgInuNr7E1b6NUxOq5KW4kwq+7NrNPNQyVu\/QTqC4l7s5UB5uZcP9ss7gWalICcb+vq78PjuBIJeLj0bfYGQHdbsbhjifR3s0zqHRl6122J+3Jtt5gDZI8sU3+NkyrnykU4HHmaFUOC9PdaC7WqW7zawCWxkC1RMYp86sdFUSBYubopVGZHI4zVobOhanvnGZjFQDuJZsAdM+Bpg\/IYE7An4AR1MBHg5GQ\/tLLdwLGugvmPh+0ZmrE2ykF95v9hX1AgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vdDEuc3ltY2IuY29tL1RoYXd0ZVBDQS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vdDIuc3ltY2IuY29tMEEGA1UdIAQ6MDgwNgYKYIZIAYb4RQEHNjAoMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzcwHQYDVR0OBBYEFMJPSFf80U+awF04fQ4F29kutVJgMB8GA1UdIwQYMBaAFHtbRc+vzst6\/TGSGmq280brV0hQMA0GCSqGSIb3DQEBCwUAA4IBAQCNBt5DyXYCytkjl17zY9d9RMIPawr1B+WLuPrgo\/prgJK1AyzFN+DC5ZW1knAYKEKU7kt3agEPiyPsVk30AGnlhMji6t5bPvY8BzqUymwnscyDGmBxJ9K\/AvUeRNNI1abTdiEAnPqYZOsXNj\/rGzw+prHZWAYOctlovvGnINdS5KR3H3FwnVU1hTfhHU2UwnB\/lUBuS32ytCkqA3nIuUxnYQSgiyf\/WQDrVX\/GtzM1LV5OrLjqEsXo97mrvnSSLLfZTcqELxzC8HJ8sjFuz4DliAc2UXu6Ya9tjSNbNKOVvKIxf\/L157fo78S1JzLp954="}
02375{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":736812,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcXIhAAPQGz5M25l1gwKgAEQG74LAWDzgPuxq5nYAQAHZxUgAAAQEICn5qcDoAIWN6accr6L67DKrn6mAS6iaKeBYDAwWOFgAFigEABYYwggWCCgEAoIIFezCCBXcGCSsGAQUFBzABAQSCBWgwggVkMIGeohYEFEa+Iw4ZP5maMKC4NxcA4+LDp5F8GA8yMDE4MDUyMTAyMTM1N1owczBxMEkwCQYFKw4DAhoFAAQUb3ZbhgHP5WMdW1xQZ5ZT9boGB5gEFMJPSFf80U+awF04fQ4F29kutVJgAhBhzDxU6rjF73JHtAvuSXwJgAAYDzIwMTgwNTIxMDIxMzU3WqARGA8yMDE4MDUyODAyMTM1N1owDQYJKoZIhvcNAQEFBQADggEBAAPTUZoPSBdDjHSBTqOjtgzNwpwfYgfabmMVz50S3KFFm0sU04GeuaJ9g41HuA3WluvSf45+ZzyGXqOzpnQu7CNK0+C5XXL5w3wA6xPikljvupwbkdIDvED4aCXc4moYsF8a2\/yyz6\/nhDX+yWHLuDmh0AFcjMsDe+tg47JixKaw0vz+2sEocUMFQueV8hkMa6aUg1D\/SmUJGkG5+Bnf7m0+jYFFC8OuCGT0ZYwdUemRyCvX3jEDWBpoawR3NV8dPTzngEmRHYocIHT7xPt4a9djV57OumdaEuIkkW3gV9XHbidEmozL53rArtlqIPuFqBGlI7EjZDn3i6lao9BuWoegggOrMIIDpzCCA6MwggKLoAMCAQICEF+lH8xBSm2RR4lGHU5W04swDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEbMBkGA1UEAxMSdGhhd3RlIFNTTCBDQSAtIEcyMB4XDTE4MDMyMTAwMDAwMFoXDTE4MDYxOTIzNTk1OVowLDEqMCgGA1UEAxMhdGhhd3RlIFNTTCBDQSAtIEcyIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZMA\/yejKx7eZiXFf4tSxRfO8yrc56yq6UgFxOxS6RXzxO5HkfCU0DT9vyz1\/JX+xy72lbb5N14BhIJbHNKoCidTSZZ6PVj2i6A4pBjQ1qS3vJcpIPuW3sAaA2Y41QPl4QcojC3FIOhpWmDGDZf0odjyDcHPeieLTRh99KkwetQtXqmaUgGnf\/K0kd9bsRZEutRzuT66Gn0XeSHDBhFrA1oW8jHF0Smi2eEufQMOhKHhPPUoNEZfJxPg3+bRrvsUGi9cPoVDBcI2NQ3QYpMu4OBVl+NKlZj05jfE4cu5Csz2wW4\/EdXIVLodtlxTb8iaFp1GtcwKvJ25iriW18S3VwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1GLTExMTcwHwYDVR0jBBgwFoAUwk9IV\/zRT5rAXTh9DgXb2S61UmAwHQYDVR0OBBYEFEa+Iw4ZP5maMKC4NxcA4+LDp5F8MAwGA1UdEwEB\/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQByJUL6mFwcpQr8CxmZsKEelg\/FMEUB7AeZHuzqSZeuYK5iA+HwTVLAMPFRslKVi1rZv71rnuMWl8dpv3mJPY\/8lHnxhMAUlLmMLTkP9IBxCXMQJP1epsUmSvmZ86Uaex+xMiKPXqoI585YqifHHTm8QDXDAlzJfgFElfMNbw3r7TmKy3yF53oxRVGh+IyOH9fZdzMhmqRTONVDIb64MWTXF\/X6xSd5PVBNLpzEqyDKXXd3ueW\/sLO6cemVuwuC2LSoReHiw6dHlo+SA8\/sVl5yApWl0+8F1OpB6xbPdSicaEUe\/y+SNyC32l7shvVq1e3h6Qm5HttUdScBRxxRGvpSFgMDAU0="}
-01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_tot_l4_data_len":4800,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":600,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","issuerDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}
+01054{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":8,"flow_first_seen":1527155641697,"flow_last_seen":1527155641736,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4528,"flow_avg_l4_payload_len":566,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media.cdn.viber.com","server_names":"*.cdn.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","issuerDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.cdn.viber.com","alpn":"h2,http\/1.1","fingerprint":"B6:30:6F:02:75:A8:08:0A:AE:AA:9C:6C:9F:B5:8E:4C:82:02:3D:39"}}
00888{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":736986,"pkt_caplen":408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":408,"pkt_l4_len":374,"pkt":"MAdNo1+nAA6OMNv9CABFAAGKXIlAAPQG0+Q25l1gwKgAEQG74LAWDz23uxq5nYAYAHbvHwAAAQEICn5qcDoAIWN6DAABSQMAF0EE6z0yNbGqTMxF+MnCaSA57q9LYwN+e+lepEhgp62oGOKsCS5eYr4u+IsYLr2pa02Wv2IdtpoaeBaNslvnpGKZ1gYBAQDO8o0fMehLtSsNyCkYui8oRCxTJn0IX8wE1D0eiRfeypo53QSm10hK7t\/pPgqmfFiKfJJT9qj\/2jXndubPingGEnufws7avME3Qf6TfeC3DpgM7mbnB9Fv83\/JqQaLiSLSQk9QwqJbDtyQ\/T72qgCHH5Wku3AvJTg7bkY18oAVC3Z\/wJru8CNk5PtxYawyTRHK+qxLU+EeRL4DcuWVkRGDI9aweBYlGERJyKJ5DTh821u8zq\/0O5tCKY7\/B35xu4bZ588NQt8J4hGjI+ebLfhc\/8J7xyqIJE3YGtwoqTGpqwwajwq2lWmJ2plG6Rdpj0u1Mhxtwln16byAZ91nz2crFgMDAAQOAAAA"}
00422{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":739471,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025RAAEAGCjDAqAARNuZdYOCwAbu7GrmdFg8yZ4AQAsMtGwAAAQEICgAhY39+anA6"}
00423{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":739546,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025VAAEAGCi\/AqAARNuZdYOCwAbu7GrmdFg84D4AQAtonXAAAAQEICgAhY39+anA6"}
@@ -85,23 +85,23 @@
00423{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":740178,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA025dAAEAGCi3AqAARNuZdYOCwAbu7GrmdFg8\/DYAQAwcgMAAAAQEICgAhY4B+anA6"}
00596{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":756058,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AA6OMNv9MAdNo1+nCABFAACy25hAAEAGCa7AqAARNuZdYOCwAbu7GrmdFg8\/DYAYAwfMqQAAAQEICgAhY4R+anA6FgMDAEYQAABCQQR8hYex6T6IcfjrQGz2dWBRSQxJBICDIAwL4VUpMgxTmSC9MkB7XZu6WQAGc\/NuWQdIiLiI7lhVN4jtP\/V2hUkiFAMDAAEBFgMDACgAAAAAAAAAAPinAWXbwMl+PxlMD4nzrBWBuwFUoxaHLVoZlLYU1RLV"}
00755{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":772588,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"MAdNo1+nAA6OMNv9CABFAAEmXIpAAPQG1Ec25l1gwKgAEQG74LAWDz8Nuxq6G4AYAHZ6wAAAAQEICn5qcD4AIWOEFgMDALoEAAC2AAAqMACwdl6URFAA6YMRSWiAuGyrMvhx5yRQJDL2xvOldivO2HDCATKXaYBmvXO5Dr1T4CoyfOMHoEzRVzCiIp3wFmrpe3Nvz3wmjg6V92idYHBD\/Ir+mX8KY78ab9v06pKtsYqXpy4JSStOTTDB5sv9zFHKr9ko39Zd\/xxZlTUtGeSrWTqMzSWYSn4WJ85veaGeOFci3F\/u+XPj830Dga\/E8q0wfgVk0haiDxQaPUcrvoDSWrMUAwMAAQEWAwMAKPAGp6nvnGSjNCIJ9wRqtsyn22rlG09D61TtZki59jc8\/Qas\/wW6MEo="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1527155641813,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1527155641813,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":813689,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"AA6OMNv9MAdNo1+nCABFAABAH5VAAEARmafAqAARwKgAD539ADUALISKl70BAAABAAAAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQAB"}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1527155641813,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1527155641813,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00584{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":840131,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"pkt":"MAdNo1+nAA6OMNv9CABFAACrXElAAEARXIjAqAAPwKgAEQA1nf0Al5UFl72BgAABAAUAAAAACGRsLW1lZGlhBXZpYmVyA2NvbQAAAQABwAwABQABAAAGHQAfDmQxZmplOWdtM2QwNXQ4CmNsb3VkZnJvbnQDbmV0AMAwAAEAAQAAADsABDbmXTXAMAABAAEAAAA7AAQ25l1swDAAAQABAAAAOwAENuZdn8AwAAEAAQAAADsABDbmXWM="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_tot_l4_data_len":195,"flow_min_l4_data_len":44,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1527155641845,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":83,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"},"dns": {"query":"dl-media.viber.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"54.230.93.53"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1527155641845,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":845544,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8nXxAAEAGSGvAqAARNuZdNdKuAbvV1v7mAAAAAKAC\/\/\/mSAAAAgQFtAQCCAoAIWOaAAAAAAEDAwc="}
00434{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":865014,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAPQGMec25l01wKgAEQG70q53C5Ep1db+56AScSB9zAAAAgQFtAQCCAp+anCqACFjmgEDAwg="}
00422{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":867207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX1AAEAGSHLAqAARNuZdNdKuAbvV1v7ndwuRKoAQAq0bCAAAAQEICgAhY59+anCq"}
00670{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":868230,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"AA6OMNv9MAdNo1+nCABFAADrnX5AAEAGR7rAqAARNuZdNdKuAbvV1v7ndwuRKoAYAq2cvgAAAQEICgAhY6B+anCqFgMBALIBAACuAwM1qr437x53guPHYx6idTGnRu91RvVMpGhSbboCtiTLxAAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABp\/wEAAQAAAAAXABUAABJkbC1tZWRpYS52aWJlci5jb20AFwAAACMAAAANABAADgQDBAEFAwUBBgMGAQIBAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":32,"flow_max_l4_data_len":215,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1527155641845,"flow_last_seen":1527155641868,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":183,"flow_tot_l4_payload_len":183,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":887306,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA04YZAAPQGUGg25l01wKgAEQG70q53C5Eq1db\/noAQAHYchQAAAQEICn5qcKwAIWOg"}
02376{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":890520,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc4YdAAPQGSr825l01wKgAEQG70q53C5Eq1db\/noAQAHYWawAAAQEICn5qcK0AIWOgFgMDAFQCAABQAwPXSeroJomquS3Icmb908A5CzBxMU9kJmJipiVdlo2bqADALwAAKAAAAAD\/AQABAAALAAQDAAECACMAAAAFAAAAEAALAAkIaHR0cC8xLjEWAwMLBQsACwEACv4ABkIwggY+MIIFJqADAgECAhArCzUGt7zqYcU28iBidjj2MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xGzAZBgNVBAMTEnRoYXd0ZSBTU0wgQ0EgLSBHMjAeFw0xNjA2MjYwMDAwMDBaFw0xODA2MjYyMzU5NTlaMHUxCzAJBgNVBAYTAkxVMRMwEQYDVQQIDApMdXhlbWJvdXJnMRMwEQYDVQQHDApMdXhlbWJvdXJnMRkwFwYDVQQKDBBWaWJlciBNZWRpYSBTYXJsMQswCQYDVQQLDAJJVDEUMBIGA1UEAwwLKi52aWJlci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcgssKhaCshLn7MOI3o\/HwNPg4Umo9z70uRy8p4MYx9OrHSxuubk3cAfBqqnZs++75IJCaOxWfVcpjJKVkKl++ww0iA0ou8OKXrojTBnFQGZM\/MULZ63jjcWbDXTqmDhpuZlU7XUfM0pI511NgBWqAGWFuYNeAZ4AEBT3ji7OoFFZI9zdyUetdjViMzp4xxycQH4\/Xe\/n2tOj\/fADnQxfirKO+5wNgIOGnlTHwm0YKKKB4Ow4KdoBWuohQLAtpnxjQsuPvT\/Pc8vJR\/lFPLRObEIPudktAradTxWZCRinzp6azqWVZqA+YpEeX6g0Od4utrHXK8ROOIaXouSab18MpAgMBAAGjggL8MIIC+DAhBgNVHREEGjAYggsqLnZpYmVyLmNvbYIJdmliZXIuY29tMAkGA1UdEwQCMAAwbgYDVR0gBGcwZTBjBgZngQwBAgIwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIwwhaHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5MA4GA1UdDwEB\/wQEAwIFoDAfBgNVHSMEGDAWgBTCT0hX\/NFPmsBdOH0OBdvZLrVSYDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vdGouc3ltY2IuY29tL3RqLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vdGouc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vdGouc3ltY2IuY29tL3RqLmNydDCCAYAGCisGAQQB1nkCBAIEggFwBIIBbAFqAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFVjQKNiQAABAMARzBFAiADGhaX4e5694tXWFf9C7aYUyZebOO1ewNFTjBMKAmDawIhAOUb0dawJ7YyWph6djzxjPrv6bfmIbnz7yWOc8naN+LBAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFVjQKNzwAABAMASDBGAiEAoGZTBb3GJAn4wnB3XFXEvRTKBliJa9e40vm8zeaTF20CIQDwLQqXqOD6SvAZcXpalAxgvlWZ8cCvw6AXRn1QAGiu4wB3AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT\/vEAAABVY0CjcQAAAQDAEgwRgIhAN3\/bLnx4zseAF6YX\/GXwkZGKzURnh0xPsL\/M5rt5HxOAiEAkjBpAU5gR\/VSAgq03Onvii7MiMIPaGRYRMr3cBp7cvAwDQYJKoZIhvcNAQELBQADggE="}
-00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_tot_l4_data_len":1839,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":89,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":6,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02381{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":890769,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc4YhAAPQGSr425l01wKgAEQG70q53C5bS1db\/noAQAHZ73wAAAQEICn5qcK0AIWOgAQAzIMkLGilBwo17+h1vyzUxHYrDOwc9vPDUqUyTBSPVjWgtZJoJQDTCQxUlc78RAlspu0Ne5sF1y6rd+7pz0tYCAqum4XlCNO9Iobk6RQJQ3KtnKzH3ghtXdUucX+7Fp+XemKd1y+RI6E9MeBQqfsXKhwc7T26FN1lgNIOD\/Y\/UIC0Xx0RCnHykMGMLwbXjj7y+RkzdiXOG8iCc93QKzbbFaVQLUkyD2lNFloJMwiyXJ6gu4PgO\/emqSyJHAhsU1vW4JibyyzcpDftgPDpZYd0Y1EqXR+wevAVfDVB4GYvDg9NCgKNIYEvDbNqCGi5HvaBV5yiHxF3i62IjWW8gGqe0AAS2MIIEsjCCA5qgAwIBAgIQFofWiG3iMAaFIz2\/Eb9llzANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMRswGQYDVQQDExJ0aGF3dGUgU1NMIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy\/Ab7BJPS6lkgO0SFl1I55xDweuCwlEDaRvgMKLu5zmA4P9LYEUIbka1J7o\/H3mzeN2\/9iyA8bed009zVJIhBgInuNr7E1b6NUxOq5KW4kwq+7NrNPNQyVu\/QTqC4l7s5UB5uZcP9ss7gWalICcb+vq78PjuBIJeLj0bfYGQHdbsbhjifR3s0zqHRl6122J+3Jtt5gDZI8sU3+NkyrnykU4HHmaFUOC9PdaC7WqW7zawCWxkC1RMYp86sdFUSBYubopVGZHI4zVobOhanvnGZjFQDuJZsAdM+Bpg\/IYE7An4AR1MBHg5GQ\/tLLdwLGugvmPh+0ZmrE2ykF95v9hX1AgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vdDEuc3ltY2IuY29tL1RoYXd0ZVBDQS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vdDIuc3ltY2IuY29tMEEGA1UdIAQ6MDgwNgYKYIZIAYb4RQEHNjAoMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzcwHQYDVR0OBBYEFMJPSFf80U+awF04fQ4F29kutVJgMB8GA1UdIwQYMBaAFHtbRc+vzst6\/TGSGmq280brV0hQMA0GCSqGSIb3DQEBCwUAA4IBAQCNBt5DyXYCytkjl17zY9d9RMIPawr1B+WLuPrgo\/prgJK1AyzFN+DC5ZW1knAYKEKU7kt3agEPiyPsVk30AGnlhMji6t5bPvY8BzqUymwnscyDGmBxJ9K\/AvUeRNNI1abTdiEAnPqYZOsXNj\/rGzw+prHZWAYOctlovvGnINdS5KR3H3FwnVU1hTfhHU2UwnB\/lUBuS32ytCkqA3nIuUxnYQSgiyf\/WQDrVX\/GtzM1LV5OrLjqEsXo97mrvnSSLLfZTcqELxzC8HJ8sjFuz4DliAc2UXu6Ya9tjSNbNKOVvKIxf\/L157fo78S1JzI="}
02384{"flow_id":10,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":890790,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc4YlAAPQGSr025l01wKgAEQG70q53C5x61db\/noAQAHY7DwAAAQEICn5qcK0AIWOg6feeaccr6L67DKrn6mAS6iaKeBYDAwWOFgAFigEABYYwggWCCgEAoIIFezCCBXcGCSsGAQUFBzABAQSCBWgwggVkMIGeohYEFEa+Iw4ZP5maMKC4NxcA4+LDp5F8GA8yMDE4MDUyMDIzMzI1MlowczBxMEkwCQYFKw4DAhoFAAQUb3ZbhgHP5WMdW1xQZ5ZT9boGB5gEFMJPSFf80U+awF04fQ4F29kutVJgAhArCzUGt7zqYcU28iBidjj2gAAYDzIwMTgwNTIwMjMzMjUyWqARGA8yMDE4MDUyNzIzMzI1MlowDQYJKoZIhvcNAQEFBQADggEBAA5Galj9boy29rCO8yKWMuA8ntj2oLJscfTQs6+\/qwy2IBgCzdVg3BY0Ss+d8h0LLJ1Wu+jHE8mtnG+6aP3ZM5FyNPvXO67EW2JiX\/Gt\/u65\/BtjW9+x1AR7UsmyiBrOzzQ23CRCHor2JDEzSxj7um8tGJYOEdq256AhWs32zq77+4wWODmzpGLJA1V+vZBzyFRfbxSpAPy7oBdAjMYdF70TOaFK4kQ3YptsZHvv\/ntsdQknPHmMThzNzl38Z5X33W+wiF\/adbo06JWV\/JvE19TQE\/yCvvSKCTh1lMr\/d4gz8RLq7OlKkwfhJEQkUFQ\/K8EtgzXisOl6zHG6FxUCaHigggOrMIIDpzCCA6MwggKLoAMCAQICEF+lH8xBSm2RR4lGHU5W04swDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEbMBkGA1UEAxMSdGhhd3RlIFNTTCBDQSAtIEcyMB4XDTE4MDMyMTAwMDAwMFoXDTE4MDYxOTIzNTk1OVowLDEqMCgGA1UEAxMhdGhhd3RlIFNTTCBDQSAtIEcyIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZMA\/yejKx7eZiXFf4tSxRfO8yrc56yq6UgFxOxS6RXzxO5HkfCU0DT9vyz1\/JX+xy72lbb5N14BhIJbHNKoCidTSZZ6PVj2i6A4pBjQ1qS3vJcpIPuW3sAaA2Y41QPl4QcojC3FIOhpWmDGDZf0odjyDcHPeieLTRh99KkwetQtXqmaUgGnf\/K0kd9bsRZEutRzuT66Gn0XeSHDBhFrA1oW8jHF0Smi2eEufQMOhKHhPPUoNEZfJxPg3+bRrvsUGi9cPoVDBcI2NQ3QYpMu4OBVl+NKlZj05jfE4cu5Csz2wW4\/EdXIVLodtlxTb8iaFp1GtcwKvJ25iriW18S3VwIDAQABo4GrMIGoMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0RBBswGaQXMBUxEzARBgNVBAMTClRHVi1GLTExMTcwHwYDVR0jBBgwFoAUwk9IV\/zRT5rAXTh9DgXb2S61UmAwHQYDVR0OBBYEFEa+Iw4ZP5maMKC4NxcA4+LDp5F8MAwGA1UdEwEB\/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDgYDVR0PAQH\/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQByJUL6mFwcpQr8CxmZsKEelg\/FMEUB7AeZHuzqSZeuYK5iA+HwTVLAMPFRslKVi1rZv71rnuMWl8dpv3mJPY\/8lHnxhMAUlLmMLTkP9IBxCXMQJP1epsUmSvmZ86Uaex+xMiKPXqoI585YqifHHTm8QDXDAlzJfgFElfMNbw3r7TmKy3yF53oxRVGh+IyOH9fZdzMhmqRTONVDIb64MWTXF\/X6xSd5PVBNLpzEqyDKXXd3ueW\/sLO6cemVuwuC2LSoReHiw6dHlo+SA8\/sVl5yApWl0+8F1OpB6xbPdSicaEUe\/y+SNyC32l7shvVq1e3h6Qm5HttUdScBRxxRGvpSFgM="}
-01045{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_tot_l4_data_len":4799,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":599,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","issuerDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}
+01056{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":91,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":8,"flow_first_seen":1527155641845,"flow_last_seen":1527155641890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4527,"flow_avg_l4_payload_len":565,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Viber","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dl-media.viber.com","server_names":"*.viber.com,viber.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"76cc3e2d3028143b23ec18e27dbd7ca9","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=thawte, Inc., CN=thawte SSL CA - G2","issuerDN":"C=LU, ST=Luxembourg, L=Luxembourg, O=Viber Media Sarl, OU=IT, CN=*.viber.com","alpn":"h2,http\/1.1","fingerprint":"E1:11:26:E6:14:A5:E6:F7:F1:CB:68:D1:A6:95:A1:5E:11:48:72:2A"}}
00890{"flow_id":10,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":891007,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"pkt":"MAdNo1+nAA6OMNv9CABFAAGN4YpAAPQGTws25l01wKgAEQG70q53C6Ii1db\/noAYAHb6cwAAAQEICn5qcK0AIWOgAwFNDAABSQMAF0EE1Bz1buwGj7arDvQKfn63IR0V1xqKcdsJ+4Xe60p6b0Drrq+bwGpcEENi2XR4FgisbSBm9CEN5BCw07M+YNuptQYBAQAizAbdjJeK+r0hyLzDP6Rhbxwstrsv5rbzwdiBGXV90oKpEl22KCV4RA2SoLO5Vzu64fCPL16OfwZqOlif0POj0Arw82eaZ05Lniseo1L4+lL3xjW3FkOToBXxkKnPfoY90ACaPbxIJxruTsZtTIMKBEGnMjMyOwr1PRpk2\/YFStDcJ9OCbRAyrgQsaFaFH8JLr+3QrzgJZq4PrvwXXj0f4E2PzogtH+gzUpl1xiuSHPDMU9u\/9OK3VBvURgUO+iEzaC1B+pR7bfOHvM4yZz0qPi6YwxrggUHzuKvTgWGyRfrWCky1dsnB\/4pwaDDlxHg92Ks70O2hklJ\/MDoS2o9fFgMDAAQOAAAA"}
00423{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":907599,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nX9AAEAGSHDAqAARNuZdNdKuAbvV1v+edwuW0oAQAsMUiAAAAQEICgAhY6d+anCt"}
00424{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":907687,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nYBAAEAGSG\/AqAARNuZdNdKuAbvV1v+edwuceoAQAtoOyQAAAQEICgAhY6d+anCt"}
@@ -109,52 +109,52 @@
00423{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":908610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0nYJAAEAGSG3AqAARNuZdNdKuAbvV1v+edwuje4AQAwcHmAAAAQEICgAhY6p+anCt"}
00597{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":919447,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"AA6OMNv9MAdNo1+nCABFAACynYNAAEAGR+7AqAARNuZdNdKuAbvV1v+edwuje4AYAweSMQAAAQEICgAhY61+anCtFgMDAEYQAABCQQSMx\/xgnJ0MZTU6UD6zv5MkFyJpocQc5AKoUSYK9zABMxwrUyi\/0dAkAqmJnPW6alP\/ucXiRnaUzkicp4VxP6m4FAMDAAEBFgMDACgAAAAAAAAAABRVXqqmLxV40IubwlDoWtFMgIUcnsOsHdSZcoe4VaEF"}
00756{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155641,"pkt_ts_usec":938791,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"MAdNo1+nAA6OMNv9CABFAAEm4YtAAPQGT3E25l01wKgAEQG70q53C6N71dcAHIAYAHYMtAAAAQEICn5qcLEAIWOtFgMDALoEAAC2AAAqMACwdl6URFAA6YMRSWiAuGyrMmmL\/\/UWFxFwpKywqh8LTHb7USmx1KY9KmzAhCi1q6hmD+OGu3LMjHxvB3cvc5SklGKlumRvGOcwLqFtagakksM5P+Fip2sQsOCYZKab19+Yvjc5rHsVPiyh5RFDgckZWhcThGhxUSpsacAQqTmRWtfGctL\/UCycuv3p03qdYdZSTcJhvQIY2\/iRwfij+r2XZCSBoldbr\/8Q0s3nsglS3PwUAwMAAQEWAwMAKMgA\/zJ+MUGgvIWNCUUgyDJly9qc4jmQiOpPnjfyRxfOQBpTgUTvYOc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1527155644240,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1527155644240,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155644,"pkt_ts_usec":240774,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0lAAEARXnTAqAARrNkXaqQJAbsAHwH3DO5PoOHayJNED10MJ0pTvsIOJQ7muOI="}
00423{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155644,"pkt_ts_usec":243647,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"AA6OMNv9MAdNo1+nCABFAAAzV0pAAEARXnPAqAARrNkXaqQJAbsAH4RqDO5PoOHayJNEEDIopLF1oa8UykhAnf8="}
00424{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155644,"pkt_ts_usec":244636,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"MAdNo1+nAA6OMNv9CABFAAAyAABAADoRu76s2RdqwKgAEQG7pAkAHohoAA5y\/VBeClgsOyCTlKKUc09Z1nXjEg=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1527155646819,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1527155646819,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00444{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":819778,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AA6OMNv9MAdNo1+nCABFAABBI8dAAEARlXTAqAARwKgAD4oDADUALaw8\/YcBAAABAAAAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAQ=="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1527155646819,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1527155646819,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00464{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":840307,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"pkt":"MAdNo1+nAA6OMNv9CABFAABRXJhAAEARXJPAqAAPwKgAEQA1igMAPcYV\/YeBgAABAAEAAAAAD2FwcC1tZWFzdXJlbWVudANjb20AAAEAAcAMAAEAAQAAASsABKzZF04="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1527155646850,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":123,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"app-measurement.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.78"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1527155646850,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":850574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8QKlAAEAGdTLAqAARrNkXTqq2Abu2kyjUAAAAAKAC\/\/\/OpwAAAgQFtAQCCAoAIWh9AAAAAAEDAwc="}
00436{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":851668,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8SUEAADoGspqs2RdOwKgAEQG7qrbgrF\/UtpMo1aASpagYYgAAAgQFZAQCCAqjjizLACFofQEDAwg="}
00423{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":855196,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKpAAEAGdTnAqAARrNkXTqq2Abu2kyjV4Kxf1YAQAq3p2QAAAQEICgAhaH6jjizL"}
01125{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":860573,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"AA6OMNv9MAdNo1+nCABFAAI5QKtAAEAGczPAqAARrNkXTqq2Abu2kyjV4Kxf1YAYAq1z5wAAAQEICgAhaICjjizLFgMBAgABAAH8AwNBPsdw19xPZmwn4MTofE7KpZzlehZ2ryKsHoehtt8SkyAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AEwAcwCvALMypwC\/AMMyowAnACsATwBQAnACdAC8ANQEAAZf\/AQABAAAAABgAFgAAE2FwcC1tZWFzdXJlbWVudC5jb20AFwAAACMA2gB3xmugirq4ty3TFMj+47dZbYBXktcQ\/Fy823lCDlYKB2I9H4xj09kCGfGET468Pn7WKGmpHa+d4io34b79G4zdduOMVQjYCVWJd2+svjjieR2WmccqyJfAVJDiSGaILG39AMxmPrLGKG+W90qFvZ+sjOk1xBxZC4lq\/vWERh9dI8LaVYFE2i7VMlSVzcW5MKdEpuvpZDk7ugj4\/NffY7m0Pt8V62OtFaSYvEHuUpsBuuh2p0N2Bnn0v0DCnV5O+4x\/YpKAcbs0\/4gq2kI7gwNYwqLZdKvB5cFAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABAACwAJCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAYABUATgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_tot_l4_data_len":661,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":165,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1527155646850,"flow_last_seen":1527155646860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00424{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":861661,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SUsAADoGspis2RdOwKgAEQG7qrbgrF\/VtpMq2oAQAKrpygAAAQEICqOOLNYAIWiA"}
00645{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":862539,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"MAdNo1+nAA6OMNv9CABFAADWSUwAADoGsfWs2RdOwKgAEQG7qrbgrF\/VtpMq2oAYAKpAyAAAAQEICqOOLNYAIWiAFgMDAGoCAABmAwNbBou+xK8IA8Bigvg9R7OVkhyuEsJxtVGVuZ+HIv6bZCAtuuVLu0IaXHkCuJfDbS+MIlAXHQF7wFtqpJjA8h8AE8AvAAAe\/wEAAQAAFwAAABAACwAJCGh0dHAvMS4xAAsAAgEAFAMDAAEBFgMDACgAAAAAAAAAAAka+C7\/X1Be6gfmmulH95vZtL0tyB43DjLcKezq7VI1"}
-00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_tot_l4_data_len":887,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":147,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":129,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1527155646850,"flow_last_seen":1527155646862,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":679,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"app-measurement.com","ja3":"3967ff2d2c9c4d144e7e30f24f4e9761","ja3s":"67619a80665d7ab92d1041b1d11f9164","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
00423{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":866569,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QKxAAEAGdTfAqAARrNkXTqq2Abu2kyra4Kxgd4AQArXnHAAAAQEICgAhaIGjjizW"}
00493{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":867103,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"AA6OMNv9MAdNo1+nCABFAABnQK1AAEAGdQPAqAARrNkXTqq2Abu2kyra4Kxgd4AYArXc8AAAAQEICgAhaIGjjizWFAMDAAEBFgMDACgAAAAAAAAAAIOnf1NdjktXIFsIc8dJxf0KKwsAuNCCVUpEltwtBSlD"}
00423{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":908111,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SWEAADoGsoKs2RdOwKgAEQG7qrbgrGB3tpMrDYAQAKro7gAAAQEICqOOLNwAIWiB"}
01531{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":914950,"pkt_caplen":882,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":882,"pkt_l4_len":848,"pkt":"AA6OMNv9MAdNo1+nCABFAANkQK5AAEAGcgXAqAARrNkXTqq2Abu2kysN4Kxgd4AYArXrHQAAAQEICgAhaI2jjizcFwMDAysAAAAAAAAAAZ1vAQ\/roP\/wIuwXOXPyEztEyVeYgRHxpDp872tQbcToaeg0tiAsk6O5dXvpjQiesottAoi\/QfJJaH4vvLj4xBS6fb81phopoeZFlp6nKiXosvcdFEsNhsWHzroiDWSGFAGInHBBttHFnPjZx4bGlLfYDi93k9y1OB5zZSlJ9hzS5oQtV+I1JFa3y7wmByuV6gnPxSsi3pdxQykiNN5Q1m83qlSuP3buHJ9YG2LtsvnibVgZCDw7tVhIGDHbfXZwJ+c9DblUnmr7GoL2CvInYpqUDx+w4PV2ER\/TlJub7w4qyEQUQprFJJw6vRTW\/ekeQ2Ut4c9vqg8vPjSFz8ObHgw+7amwQy+011slQnvkfjjLRkdx+4MU1YuLxn36qCbCB0KNjWzGzj13CuqkKcDIzsszEa\/o467mOvwg08h7yZZA31IV5TP9IYJGzQ7UXxXAGiFwMgP9HSm0wMdQa9cBt87ou7ZtOficG9hA3YL7OJlA7xcLOBsAYgMklrTDqyetK1JZxSBvPAj+0cXEg7zki17JJiNGHULKw+gf1E0BFFMW5w3aTENqEiMukM3b1w9m\/yjIgtcc9MEE8IvlRJciIUcsIChFr5La2NzZK1v56lBskE40NvRCOpj5a2iJSa3C3DZsJ11oxAvR\/6idz0WrrzYV67hGj8BgPbkLkja7TckG9LsJQM6+87D87mZ6YJvQaqoBoAGvoDfGHIbLOrly3YVJxZ7nOFe\/yK2ISSOgshSqL++NfKutztIivV7BjP9smUg7k41J3YG+hUbAt8I40jTxuUVOYa3UHX9JRKpApom4PGeSxPRBJpPLLen6gUPp8dFee9\/eeJ\/9wp416WxSLrgNOwNUBSi8xUMFUavxOVq\/JNy1+2kGbGGZWI5yhW4+rmpnMWE8zPTfJ\/hCQBM9sVEQGxJH6jp6h8T0WzOoMal1BkK+sMUvRT9uqXwVm5WPX2PUi6OL4QeAQsTwG1Pyrf9imCyZBaia1vovZZ3IrwgC4VFlxzpG\/pKpAtjf2DT\/q+M8YbvjZEuZEVLWuH\/wFYwCiCNG3apw7wL4HQHVsk8mV0zA"}
00424{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":915935,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0SWgAADoGsnus2RdOwKgAEQG7qrbgrGB3tpMuPYAQALHlewAAAQEICqOOLQwAIWiN"}
00985{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":932283,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"pkt":"MAdNo1+nAA6OMNv9CABFAAHSSW0AADoGsNis2RdOwKgAEQG7qrbgrGB3tpMuPYAYALEz3QAAAQEICqOOLRwAIWiNFwMDAZkAAAAAAAAAAcYH5ganGUEenB5VC+uS6R4yyeNzSTNyNjbvnhM3HHvtbrsF3friRUkHOdEYHgsb+iMRP5hkFYePtJvbPzJAvalYiR5BUcWNm8FZTLDYGVsLHe7EENGB9KQZw1BsnCY1C+8qYxRJ6+IBOXz2JnMzaT1NmeLXRQUyyWnST4ZiRmipAeK2onNFKgPJoRaYjw1tG9puTDsqoJXsoXU\/jSOW9iuw+bsZLlXyLD6VMRoSERpzuslu6zAM0bGwzHU2gqd3froFK7t6vjcUXeMVYnAk\/3M9ci0swWIU8XI+sReXYJLWn25s3xH\/FLTwaZgf22Yfurf+UbMJygddjYAU40icsbaYTtdLCSLeSs9dabOaYZm+S5hBqhUE+wo7ubDIee6909VDa8IQqVDVjdm4ML\/c6y2O8mdLf78pt6cOlSUySfKA6\/z0Kwrz84Q0i4yNdRlrdeYehphB2r3LxmCKo\/tAvjrVIKWl5iLFvECom1k1s+qaPaEUhOZZiTMDmmXTDT9UZdBSQmQ6gxe+zfa8ttHpDwLY"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1527155646968,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1527155646968,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":968117,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1527155646968,"flow_last_seen":0,"flow_tot_l4_data_len":69,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1527155646968,"flow_last_seen":0,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_805741c9._sub._googlecast._tcp.local"}}
00477{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":968177,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7MAdNo1+nCABFAABZHwxAAP8RutLAqAAR4AAA+xTpFOkARSvHAAQAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
00424{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":975566,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0QK9AAEAGdTTAqAARrNkXTqq2Abu2ky494KxiFYAQAr7hsAAAAQEICgAhaJ2jji0c"}
00948{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155646,"pkt_ts_usec":985278,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"pkt":"AA6OMNv9MAdNo1+nCABFAAG2QLBAAEAGc7HAqAARrNkXTqq2Abu2ky494KxiFYAYAr7c1wAAAQEICgAhaJ+jji0cFwMDAX0AAAAAAAAAApW6ODyeXpKyk4XJyhRL3V+HzjI4sBL9MUeh9Y1zBqAJwrzZH+Y3uNuiBE+QKguFAvBOfOpOPMq8ebeawGTayYLfCy21lgdDnG5JA27GGgHZEBwVXIlYAPdnQSdovnn9bs8Hrj2yDV6Aik+GVNHFMgCPcEfIVIlvqBZ0AJ25HyeNnwuKavxvKknzbfLWKOpRYDIBICqb7gL\/dO6ZeSBBTQ1KCO5yWHN1Y1kDj7Sbrgog4x8bEkQ4G7z4TuAw3vM0TKeOOEf8cRndbb16wNSMbnfi7bW531GbRHntyJ575HNK95vlJxhGk9qugIRG7zcR8M\/ygnf2nhicsZ2DhplyH5zbFuEP4515bmjJwo2t\/O1MH5L4zdRVGVnQklVsozy7CGd0Z283j6oDI93oCh4E1lF1OkFB49+BwfH5GOivXAEOByWOdhvvTT6A0mXUDvHVdFcxblre1IUgYU\/SpfqUI5MJltm\/HTefqzzEd++k8NQO+ctSZY0="}
00424{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155647,"pkt_ts_usec":26154,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0ScYAADoGsh2s2RdOwKgAEQG7qrbgrGIVtpMvv4AQALfh\/QAAAQEICqOOLVIAIWif"}
-00450{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1527155647500,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00458{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1527155647500,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155647,"pkt_ts_usec":500374,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
-00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1527155647500,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00492{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1527155647500,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00437{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155647,"pkt_ts_usec":500402,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACMAdNo1+nht1gAAAAABA6\/\/6AAAAAAAAAMgdN\/\/6jX6f\/AgAAAAAAAAAAAAAAAAAChQDAigAAAAABATAHTaNfpw=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1527155648481,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1527155648481,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":481643,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AA6OMNv9MAdNo1+nCABFAABEJLZAAEARlILAqAARwKgAD61YADUAMDkH00kBAAABAAAAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1527155648481,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":210,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1527155648481,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00582{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":506661,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"MAdNo1+nAA6OMNv9CABFAACpXKlAAEARXCrAqAAPwKgAEQA1rVgAlY7c00mBgAABAAUAAAAAB3ZlbmV0aWEDaWFkBmFwcGJveQNjb20AAAEAAcAMAAUAAQAAAQIAGQF5A3NzbAZnbG9iYWwGZmFzdGx5A25ldADANAABAAEAAAAdAASXZQGCwDQAAQABAAAAHQAEl2VBgsA0AAEAAQAAAB0ABJdlgYLANAABAAEAAAAdAASXZcGC"}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":48,"flow_max_l4_data_len":149,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1527155648513,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":211,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"venetia.iad.appboy.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"151.101.1.130"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1527155648513,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":513495,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8cjBAAEAGbuvAqAARl2UBgtnCAbvgBRgtAAAAAKAC\/\/+wcAAAAgQFtAQCCAoAIWodAAAAAAEDAwc="}
00436{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":523699,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAADoG5xuXZQGCwKgAEQG72cJzm\/EW4AUYLqAScSBKVAAAAgQFtAQCCArIDMgpACFqHQEDAwk="}
00423{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":526879,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0cjFAAEAGbvLAqAARl2UBgtnCAbvgBRguc5vxF4AQAq3nkgAAAQEICgAhaiDIDMgp"}
00677{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":533128,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"pkt":"AA6OMNv9MAdNo1+nCABFAADscjJAAEAGbjnAqAARl2UBgtnCAbvgBRguc5vxF4AYAq0GIgAAAQEICgAhaiLIDMgpFgMBALMBAACvAwNMJ7CvztfSmUaRPcK3z4cAvGSi2\/cpgw4T9New8B2\/AwAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABq\/wEAAQAAAAAbABkAABZ2ZW5ldGlhLmlhZC5hcHBib3kuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
-00716{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_tot_l4_data_len":328,"flow_min_l4_data_len":32,"flow_max_l4_data_len":216,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1527155648513,"flow_last_seen":1527155648533,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":184,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"venetia.iad.appboy.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00424{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":543275,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0OTlAADoGreqXZQGCwKgAEQG72cJzm\/EX4AUY5oAQADvpRQAAAQEICsgMyC4AIWoi"}
02382{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":544884,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTtAADoGqECXZQGCwKgAEQG72cJzm\/a\/4AUY5oAQADvJnwAAAQEICsgMyC4AIWoiNYAgKtnxi+t0zXvgqCNxYDJHlan1lapV20Z\/ny62IjeQgHIScYpqH+tVAAKb3EMP5nUUR1kQVrYkpKhqr2TFadRS9mHnnhZmaWW+\/AofJwQcNaK7ji309PCPZs5ODBDwwHUVKqTV\/dYYiu+qX2et2RkP5mWClu5PRe2YjEph5kcLHGPjrZtGJ2ZPub6ZAwZ3\/VBc3XXoydIa2cEe8omRMVYfrlKzGLPnue4sx2wX4UvPbHuHzDhK1tkYNtEfU6ZRK9cO77nMHM9ywKgvFhh4AASPMIIEizCCA3OgAwIBAgIORvCM288sVGbvMwHdXzQwDQYJKoZIhvcNAQELBQAwVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNTA4MTkwMDAwMDBaFw0yNTA4MTkwMDAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS0wKwYDVQQDEyRHbG9iYWxTaWduIENsb3VkU1NMIENBIC0gU0hBMjU2IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjwHXhMpjl2a6EfI3oI19GlVtMoiVw15AEhYDJtfSKZU2Sy6XEQqC2eSUx7fGFIM0TUT1nrJdNaJszhlyzey2q33egYdH1PPua\/NPVlMrJHoAbkJDIrI32YBecMbjFYaLiblclCG8kmZnPlL\/Hi2uwH8oU+hibbBB8mSvaSmPlsk7C\/T4QC0j0dwsv8JZLOu69Nd6FjdoTDs4BxHHT03fFCKZgOSWnJ2lcg9FvdnjuxURbRb0pO+LGCQ+ivivc41zaWm+O58kHa36hwFOVgongeFxyqGy+Z2ur5zPZh\/L4XCf09io7h+\/awkfav6zrJ2R7TFPrNOEvmyBNVBJrfSi9AgMBAAGjggFTMIIBTzAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0OBBYEFKkrh+HOJEc7G7\/PhTcCVZ0NlFjmMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj\/\/P1LMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC5jcmwwVgYDVR0gBE8wTTALBgkrBgEEAaAyARQwPgYGZ4EMAQICMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCiHWmKCo7EFIMqKhJNOSeQTvCNrNKWYkc2XpLR+sWTtTcHZSnS9FNQa8n0\/jT13bgd+vzcFKxWlCecQqoETbftWNmZ0knmIC\/Tp3e4Koka76fPhi3WU+kLk5xOq9lF7qSEhf805A7Au6XOX5WJhXCqwV3szyvT2YPfA8qBpwIyt3dhECVO2XTz2XmCtSZwtFK8jzPXiq4Z0PySrS+6PKBIWEde\/SBWlSDBch2rZpmk1Xg3SBufskw3Z3r9QtLTVp7THY7EDGiWtkdREPd76xUJZPX58GMWLT3fI0I6k2PMq69PVwbH\/hRVYs4nERnh9ELtIjBrNRpKBYCkZd\/My2\/QFgMDBgsWAAYHAQAGAzCCBf8KAQCgggX4MIIF9AYJKwYBBQUHMAEBBIIF5TCCBeEwgZqiFgQUJzerGfqxBfrD93SB0OZc5bk="}
02384{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155648,"pkt_ts_usec":544918,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTxAADoGqD+XZQGCwKgAEQG72cJzm\/xn4AUY5oAQADusSgAAAQEICsgMyC4AIWoiPqiLGA8yMDE4MDUyMzE3NTc1OFowbzBtMEUwCQYFKw4DAhoFAAQUEurfRswIgDhzYLZaaRYBzAy16eIEFKkrh+HOJEc7G7\/PhTcCVZ0NlFjmAgwmPQKX1q9WdqJzgnKAABgPMjAxODA1MjMxNzU3NThaoBEYDzIwMTgwNTI3MTc1NzU4WjANBgkqhkiG9w0BAQsFAAOCAQEAo5XhR4a5uHlh3wOPhuWdv6OS5xxJkpx6L6IjOEkhcFQq0nbNRz2wdjFv8Sz36agda4r5\/GaRbcYFSydISE8Azh9RpIeYZKY7Sc9i9JqlkJh1g\/+2We6I\/69cWVeLYvG+VOU2kwPPlwg5Uswpo2mssZ8\/AzB3vlAsCuU20s5uPD2M+HeFKJ6NnulWLXTVi7OrdOaZZiXdyv+KSqg9c3iu9dPyRItV80EkHKsy9tXQoL2NcXaRVNB8eXDmUvBaEddosRKNzmE0m8N5v\/JLd\/LRvIN5bquOLVihd2JC3ND9c5dpup76e1upNiUSDIi4fh0CGP8vdeRruihofEgXohftGKCCBCwwggQoMIIEJDCCAwygAwIBAgIMU4dVR0twSWuSuiypMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS0wKwYDVQQDEyRHbG9iYWxTaWduIENsb3VkU1NMIENBIC0gU0hBMjU2IC0gRzMwHhcNMTgwNDEwMDczMzExWhcNMTgwNzExMDczMzExWjB\/MQswCQYDVQQGEwJTRzEbMBkGA1UEChMSR2xvYmFsU2lnbiBQdGUgTHRkMRUwEwYDVQQFEwwyMDE4MDQxMDAwMDQxPDA6BgNVBAMTM0dsb2JhbFNpZ24gQ2xvdWRTU0wgQ0EgLSBTSEEyNTYgLSBHMyBPQ1NQIFJlc3BvbmRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqsozu9fkpn7\/6s9Cmu985JFgLKciPNzTDBR1Cuxfm9sVtQfvGUvJhw\/66IzOmsNT6BgfPnVoPEO8JURVBo2uKgoITrl37NCU8iu2mUgQ5DuZWT9rQNuus1S1cwEBkzIk\/1tLFninJjubpYbzrNtsDAQ2\/EVGfwU8gB7WoeGzhTCC\/7TWVTrRdr4\/A0UWbStH2uPrO2SMIcJPl5AanON\/kjCiirRWI4Yd697beejNWLSoKAvhF110W\/P+BWZnhEOe9ybf5pytqfE15qgfc3MrpIxJp1qYcmCrItkDqHjbPMil40ncSioOE4IteBpXiMZAj0MTEKoOTKLVy1HZ\/sd28CAwEAAaOBxzCBxDAdBgNVHQ4EFgQUJzerGfqxBfrD93SB0OZc5bk+qIswHwYDVR0jBBgwFoAUqSuH4c4kRzsbv8+FNwJVnQ2UWOYwDwYJKwYBBQUHMAEFBAIFADBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggEBAHP6J5aL4sE\/oDdgw24mzzfGnHTeaHTNJz1p\/D2a4B3iaxDsh2iYcwJqw1W8YWnmlTNMrh8gLmAgaTejRYiPkZQlkVMf3uMlkneOawMEteRjmsh0ixBn5VlXap2KG\/JA9WaEAKZpdc089eOFgOsQuKtiO3RIorFfaGIkBGwbYLyf9vHavMCyGiiMfykULp6NcuuosCZ\/3rpxRHzx887Aau1TkeeuzecFhLocBKXRlCK1R2BvuZhYRFtgHu+IMwMzNl\/+J6+XgxYBkuntLqB+M3q3UMKMp6Sp4uNLDPBO4n8="}
@@ -173,34 +173,34 @@
00557{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155657,"pkt_ts_usec":854803,"pkt_caplen":160,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":160,"pkt_l4_len":126,"pkt":"AA6OMNv9MAdNo1+nCABFAACSvbhAAEAGio7AqAARNAD9ZYG4EJTYH5cWTQ0VOIAYAtqtvwAAAQEICgAhczv3lJsHXgAPAAAALeU9A2Q1LwgOdyngjohXz80gI\/bHFZK0\/umu4RSLYZIcIs2S5qP0N\/PuFBzLdpP65obrj0YxSQvn609TiS7Mq7ffuzQQGy1y7XP4cD1w3yHvoWFYO3kXNw=="}
00477{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155666,"pkt_ts_usec":982912,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
00477{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155666,"pkt_ts_usec":982983,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"AQBeAAD7MAdNo1+nCABFAABZIsxAAP8RtxLAqAAR4AAA+xTpFOkARSvGAAUAAAACAAAAAAAACV84MDU3NDFDOQRfc3ViC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAcAbAAwAAQ=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1527155670632,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1527155670632,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":632131,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8WoBAAEAGCJrAqAAREskEILFwAbuQXSU3AAAAAKAC\/\/+HxQAAAgQFtAQCCAoAIX+3AAAAAAEDAwc="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00741{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":640484,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfMxAAEAR5NnAqAAREskEILhDHzEBCRHz7fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABABAK45kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6f1EwNZ4BrIBNZIXKB4sgy96MQL790EZYw7fY9vCydMCFozrGypXQPtcVrV5xCrsYqA8zuDlnCD1lV04sfnGYMAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
-00506{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":640566,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+fM1AAEAR5bfAqAAREskEILhDHzMAKi7T7fYZAKwZNYyPZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
-00502{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1527155670640,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
00419{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":640613,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwfM5AAEAR5cTAqAAREskEILhDHzEAHFuJ7fYJALM5kpFjAQAArBk1jI9k5Ec="}
00436{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":663972,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAACsGeBoSyQQgwKgAEQG7sXDMrFlhkF0lOKASaN8nuwAAAgQFtAQCCAoAWtCxACF\/twEDAwc="}
00419{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":672314,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"MAdNo1+nAA6OMNv9CABFAAAwfVFAACsR+skSyQQgwKgAER8zuEMAHAAy7fYaAKwZNYyPZORHMkN8XkO4AMg="}
00497{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":673581,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"MAdNo1+nAA6OMNv9CABFAABofVBAACsR+pISyQQgwKgAER8xuEMAVGj37fYMAAEArBk1jI9k5EcyQ3xeQ7iuOZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00423{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155670,"pkt_ts_usec":673838,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoFAAEAGCKHAqAAREskEILFwAbuQXSU4zKxZYoAQAq28sQAAAQEICgAhf78AWtCx"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1527155671066,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1527155671066,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":66998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8FY9AAEAG0gLAqAARNrtbtr+YAbtog5WsAAAAAKAC\/\/+1DQAAAgQFtAQCCAoAIYAjAAAAAAEDAwc="}
00741{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":140889,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdfNBAAEAR5NXAqAAREskEILhDHzEBCYn27fYBAAUArBk1jI9k5EcHridUEQCowEO4MgAAAEMBABACAKg7kpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAvcYFlBohustZk1e\/8OyZiSqP86k39WGwDkG7f\/rMnT2tcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB0003hcgpcmSdQZoJFj9c3crNvbbzPmA66eL1DRMEucxiwDMA5JhH5EzU3oJcu6XrgTfyNvrAIA0DorhgznjXYQAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00497{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":173842,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"MAdNo1+nAA6OMNv9CABFAABofl9AACsR+YMSyQQgwKgAER8xuEMAVG317fYMAAIArBk1jI9k5EcyQ3xeQ7ioO5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00436{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":237849,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"MAdNo1+nAA6OMNv9CABFAAA8AABAAOYGQZE2u1u2wKgAEQG7v5iCE\/ghaIOVraASaN+HqAAAAgQFtAQCCAosBh44ACGAIwEDAwg="}
00423{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":240677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZBAAEAG0gnAqAARNrtbtr+YAbtog5WtghP4IoAQAq0cfAAAAQEICgAhgE8sBh44"}
00671{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":250450,"pkt_caplen":247,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":247,"pkt_l4_len":213,"pkt":"AA6OMNv9MAdNo1+nCABFAADpFZFAAEAG0VPAqAARNrtbtr+YAbtog5WtghP4IoAYAq2yzwAAAQEICgAhgFEsBh44FgMBALABAACsAwNpu8fyH0bmBuIhI45OMI2QAejACKsvR53r1YItFVUgZgAAHMArwCzMqcAvwDDMqMAJwArAE8AUAJwAnQAvADUBAABn\/wEAAQAAAAAYABYAABNicmFoZS5hcHB0aW1pemUuY29tABcAAAAjAAAADQAQAA4EAwQBBQMFAQYDBgECAQAFAAUBAAAAAAAQAAsACQhodHRwLzEuMQALAAIBAAAKAAgABgAdABcAGA=="}
-00726{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_tot_l4_data_len":325,"flow_min_l4_data_len":32,"flow_max_l4_data_len":213,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1527155671066,"flow_last_seen":1527155671250,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":181,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00424{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":421054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA05kFAAOYGW1c2u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG4d1gAAAQEICiwGHmYAIYBR"}
02373{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":423359,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc5kJAAOYGVa42u1u2wKgAEQG7v5iCE\/giaIOWYoAQAG7hfQAAAQEICiwGHmYAIYBRFgMDAEwCAABIAwP86fAGEnB5p5caZ\/mpzpaPW0mo2UVNHIXnx4NY82lYtwDALwAAIP8BAAEAAAsABAMAAQIAIwAAABAACwAJCGh0dHAvMS4xFgMDEVgLABFUABFRAAW+MIIFujCCBKKgAwIBAgIQSJIT4MMvKqIG9KAsMNS0lTANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxPDA6BgNVBAMTM0NPTU9ETyBSU0EgT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNjAyMTEwMDAwMDBaFw0xOTA0MTAyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEOMAwGA1UEERMFOTQwNDMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRkwFwYDVQQJExAxOTU5IExhbmRpbmdzIERyMRcwFQYDVQQKEw5BcHB0aW1pemUsIEluYzEcMBoGA1UECxMTUHJlbWl1bVNTTCBXaWxkY2FyZDEYMBYGA1UEAwwPKi5hcHB0aW1pemUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yweODrn0HMixsXfKOospPUGhUn\/osi07WYbM2MA5hMxNJIlpLzRykh557oNhQYEnhUd1dP01i00IDibJyJOOn9wLohH2qjeTtgA5KS6ToWu75VgJV6kyq6X3rlgIIgDLmwZubwQQHVok1qPh0PmBn4+G2Zpyt1dLhrz99NApchcdWgEl9Yafe2\/jZIbMXd8\/6bk+oQ5ItsgdSSwKD3f0DylPoEr9HglXrseuMgvYLDhmeKArfgb\/Ql7VVIo1qs4oGWYqtWt3ZwW7mTEy3yekKAtTVyReu+biZSQBW05Hgn4raIgigTR\/EJ+sUdDvDc9deVlXnSuOEIn\/ynWk2oJnQIDAQABo4IB6DCCAeQwHwYDVR0jBBgwFoAUmvMr2s+tT7YvuypISCoStxtCwSQwHQYDVR0OBBYEFHCj31xxJa8\/ZGYVVTFqBgDRAaWdMA4GA1UdDwEB\/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBQBgNVHSAESTBHMDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzAIBgZngQwBAgIwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBT3JnYW5pemF0aW9uVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNybDCBiwYIKwYBBQUHAQEEfzB9MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FPcmdhbml6YXRpb25WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wKQYDVR0RBCIwIIIPKi5hcHB0aW1pemUuY29tgg1hcHB0aW1pemUuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBsVTXMfmfu7FXFawh8Q+pRoJzZtRl1uV217huAjn4GLi61TfLIkqmrl2rFaFJlDwDA3JACJXHYlATCvcPnukIAvcpTxX+UAJNejiY5g\/DFg09EeKw73yH4cPtSkqJQp1tWUGB7WF1aVpSCb\/23LG2ceNppRmm0jzFXqYirkKy5PS4pnf9v3bTXaUg="}
-00783{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_tot_l4_data_len":1837,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1629,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02373{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":423411,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc5kNAAOYGVa02u1u2wKgAEQG7v5iCE\/3KaIOWYoAQAG7UpwAAAQEICiwGHmYAIYBRjgUumjwsSflXjaztwmxFplmOyeqFjTlAH6ZCRY2Og+XkJADhWliv5FVU\/DWWnJQddCCPoXDozxh3Sbf3Tx2Lf2O470fEQ5ucm3IqbHYX6p0B+PSjs7UlF99i9CQEKQbGZL7NiJ8WFaSfZGeLMdYM+bd9aFFULgAGEjCCBg4wggP2oAMCAQICEDaCXn+1pIGTfvbRc2u5PKYwDQYJKoZIhvcNAQEMBQAwgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDIxMjAwMDAwMFoXDTI5MDIxMTIzNTk1OVowgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTwwOgYDVQQDEzNDT01PRE8gUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5FNmF8kFEV\/8wRB7cPESjF7huAfijX8KpIR3OWfTs84ipCTI8sYtjpD4nNvOP+ThmLgeXQY9Lpt3DX55zPOfKIA1PfDIFz8EuSGVKhdAfVjFtjuXGMtQbvJ99lvyY10\/49FhW+ONFvpEYguSKvq\/NUjdRh08el8HoOq75\/0bkZT8\/w0eDL8y4Ql4tfvdaaK5dS8CmNSH1hqPISYuYY2ANySFIwpIwZUayhjUEQiV+radOSxJAAHqIaFxvn6OkeBEhrj0LDr5FFCPP63XX9qDxvEVsXryhMuzzWHhCKAs6AXbwxaCewWlw3o9Lpnnf8na24w8TfBg7sVFsaiA5zp5pAgMBAAGjggFlMIIBYTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQUmvMr2s+tT7YvuypISCoStxtCwSQwDgYDVR0PAQH\/BAQDAgGGMBIGA1UdEwEB\/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBsGA1UdIAQUMBIwBgYEVR0gADAIBgZngQwBAgIwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBpijZomh47ZQvgfM+mq3E7r2GkP+RkAUkQ0x2P4tXtZ9OeW5e9Qh4H+dC7bfcylVoiKWL4DJxZVic2oCISEfpH9FHJWXspSqVINXzFl2bgJyU7FXoydUqR+6ZrnuJT+g2ME\/sjuAsSLK7t2x1HkNXQk2l2kTgVNNcY6n68a1jeKjmQA0QESlbYaOX1fGl+nn1US9DYhqtnZhNXXokqF60trr1ADmbtiv9UtMEBy6ngR7oRYY+triNIKsYleYkcQQSVwBHqVyvWtJf6sekVYuxKcXf986Gc2vZrACnFMuf6TuqzKqcYlxxYp0I2X+wUz\/h7DvfdzIgVmppcyPEgx9GGcqEXm666\/myoMtEAdklz9z8nhzy2yS36qpCQyQo="}
02386{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":423471,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXc5kRAAOYGVaw2u1u2wKgAEQG7v5iCFANyaIOWYoAQAG5LvQAAAQEICiwGHmYAIYBRCZ\/JaR8HGam\/3rr4C4iCRBYQfwfAgCJff7ww3rrNB3lkVtj\/80+cMLtuHlFL5s29F8TFv8g\/jrEfika3BkNvYi3PUZ1FyorpE4vAx5G+W7b6N0qJ\/vCd2hMmIiwGkD6LE5igGdbd2kpIfz0PiZ0kcksOe0T\/1Da2g3YjWIsUbLhd92FtOXbt3RI9a4eIl5G+wEYCHnYc3bavXE\/1ANacTangnqKO\/LEWeVwh00WBmgw5bG0o1yXStxGQ0Pbeb170+qSLZndyL5uQQCxSEmD5\/7VwLomaeQmJgS3sXHhvgYfx\/FUABXgwggV0MIIEXKADAgECAhAnZu5W60nzjqvXcKL8hN4iMA0GCSqGSIb3DQEBDAUAMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwHhcNMDAwNTMwMTA0ODM4WhcNMjAwNTMwMTA0ODM4WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX\/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs\/Q36nGz637CC9BR++b7Epi9Pf5l\/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu\/Nio5JIk2kNrYrhV\/erBvGy2i\/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP\/0uK3pN\/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma\/RMhnEw6abfFobg2P9A3fvQQoh\/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq\/yapiqcrxXStJLnbsQ\/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo4H0MIHxMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH\/BAUwAwEB\/zARBgNVHSAECjAIMAYGBFUdIAAwRAYDVR0fBD0wOzA5oDegNYYzaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDUGCCsGAQUFBwEBBCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAQEAZL+D8V+ahdDNuKEpVw3oWvfR6T7ydgRu8VJwux48\/00NdGrMgYIl08OgKl1M9bqLoW3EVAl1x+MnDl2EeTdAE3f1tKwc0DurFxI="}
01144{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":423665,"pkt_caplen":595,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":595,"pkt_l4_len":561,"pkt":"MAdNo1+nAA6OMNv9CABFAAJF5kVAAOYGWUI2u1u2wKgAEQG7v5iCFAkaaIOWYoAYAG6aGQAAAQEICiwGHmYAIYBR1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLYUspzgb8c8+a4bmYRBbMelC1\/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI\/V5eu+MtWuLt29G9HvxPUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vRpu\/xO28QOG8WAwMBTQwAAUkDABdBBKVu9sr1P5C47B3B5yMt4JTypSrWz38y1ZTzzcBnZrcdS3AnybivQLKBT39iG19IJXNCJ7UUZVHQl0O9PnwLZG0GAQEAjsjWA\/VmiKLUpWuwWQKg\/dDn4yuOgeWJ3MU143Z1VCH4E6tF8D2JsArJZOdg\/Y9XM024MGCZSQY9GiPkUG6RK6rnw\/RcCkZoVxlXCDHYUAjquNnabkJx2usDeTn6gn9zLE4PvDthFbnH9lJ7i65cRj\/XGiohiPFNFZKB6dEzhbAGDe6n7niP31dJzcnWch4PFGpQYw0Gs4pQaGcfeCvcRsCayLixX3CQPR268cboJfOy059NwRzJHcqXX9sr5Gu\/tRF86UFMWLa0VKh3oyQjopJ12GYCGikgTMS0ciGFR\/Z69VyGWYyaGXdYW0Fwi4Nc77rd5PAXXItX8YEc47ehNRYDAwAEDgAAAA=="}
-01139{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_tot_l4_data_len":5358,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":595,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","issuerDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
+01150{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":281,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":9,"flow_first_seen":1527155671066,"flow_last_seen":1527155671423,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5054,"flow_avg_l4_payload_len":561,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"brahe.apptimize.com","server_names":"*.apptimize.com,apptimize.com","ja3":"d8c87b9bfde38897979e41242626c2f3","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Organization Validation Secure Server CA","issuerDN":"C=US, ST=CA, L=Mountain View, O=Apptimize, Inc, OU=PremiumSSL Wildcard, CN=*.apptimize.com","alpn":"http\/1.1","fingerprint":"BC:4C:8F:EC:8B:7B:85:BD:54:61:8B:C0:7B:E7:A2:69:0B:F2:49:E5"}}
00424{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":427051,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZJAAEAG0gfAqAARNrtbtr+YAbtog5ZighP9yoAQAsMVrQAAAQEICgAhgH0sBh5m"}
00424{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":427126,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZNAAEAG0gbAqAARNrtbtr+YAbtog5ZighQDcoAQAtoP7gAAAQEICgAhgH0sBh5m"}
00424{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155671,"pkt_ts_usec":427173,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0FZRAAEAG0gXAqAARNrtbtr+YAbtog5ZighQJGoAQAvEKLwAAAQEICgAhgH0sBh5m"}
@@ -220,14 +220,14 @@
00423{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155677,"pkt_ts_usec":865795,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoJAAEAGCKDAqAAREskEILFwAbuQXSU4zKxZYoARAq21qAAAAQEICgAhhscAWtCx"}
00423{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155677,"pkt_ts_usec":897422,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0iblAACsG7mgSyQQgwKgAEQG7sXDMrFlikF0lOYARANKbQAAAAQEICgBa7PMAIYbH"}
00424{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155677,"pkt_ts_usec":899869,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0WoNAAEAGCJ\/AqAAREskEILFwAbuQXSU5zKxZY4AQAq2ZXAAAAQEICgAhhtAAWuzz"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1527155679410,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1527155679410,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":410348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8V2ZAAEAGC9HAqAAREskEA4PQAbvgGt8vAAAAAKAC\/\/+jOgAAAgQFtAQCCAoAIYhJAAAAAAEDAwc="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00742{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":411371,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdf+NAAEAR4d\/AqAAREskEA5UuHzEBCY\/LBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABABAPdbkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB6SNCb6pEPHTLEjikG3nU2iKPCm3mBiaaSkNyyVaokw3bFWKZLztddqHjISoa\/0AQVn24h8Bz7MKBuS1UkASdYsAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
-00505{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_tot_l4_data_len":265,"flow_min_l4_data_len":265,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":265,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_min_l4_payload_len":257,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":257,"flow_avg_l4_payload_len":257,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":411435,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AA6OMNv9MAdNo1+nCABFiAA+f+RAAEAR4r3AqAAREskEA5UuHzMAKui4BbgZADUY9RiYZORHJd9NTuHNNxtcmrwm2dMLSwG7ObMAAA=="}
-00501{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1527155679411,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
00415{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":413920,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"AA6OMNv9MAdNo1+nCABFiAAuf+VAAEAR4szAqAAREskEA5UuHzEAGscOBbgRAAEAAAAuCDgEAAAHridU"}
00419{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":413995,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwf+ZAAEAR4snAqAAREskEA5UuHzEAHM1MBbgJAPtbkpFjAQAANRj1GJhk5Ec="}
00497{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155679,"pkt_ts_usec":443071,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"MAdNo1+nAA6OMNv9CABFAABopnVAACsR0YoSyQQDwKgAER8xlS4AVO7dBbgMAAEANRj1GJhk5EcyQ3xeLpX3W5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
@@ -242,49 +242,49 @@
00744{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155680,"pkt_ts_usec":425210,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdgFpAAEAR4WjAqAAREskEA5UuHzEBCfL3BbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABADAOZfkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDBwi76Swr0MOTz\/c5hajJVU6voPOM8+w36FJ4OkGE\/tR24fyv\/CaoMEnpxJXj\/PN1kLEo0ZZ0uL9MCA0UlpQljokAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00440{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155680,"pkt_ts_usec":447716,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"MAdNo1+nAA6OMNv9CABFAAA+p+BAACsR0EkSyQQDwKgAER8xlS4AKukSBbgLAOVfkpFjAQAAqWSSkWMBAAAAAAAAAAAAAAAAAAAAAA=="}
00498{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155680,"pkt_ts_usec":456436,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"MAdNo1+nAA6OMNv9CABFAABop+RAACsR0BsSyQQDwKgAER8xlS4AVP3ZBbgMAAMANRj1GJhk5EcyQ3xeLpXmX5KRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
-00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"viber.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1527155647500,"flow_last_seen":1527155647500,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::3207:4dff:fea3:5fa7","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00740{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155680,"pkt_ts_usec":930533,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"AA6OMNv9MAdNo1+nCABFiAEdgKpAAEAR4RjAqAAREskEA5UuHzEBCQoaBbgBAAUANRj1GJhk5EcHridUEQCowC6VMgAAAEMBABAEAONhkpFjAQAAAAAAACXfTU7hzTcbXJq8JtnTC0sBuzmzAAAAAAAAAAADAAEAZgIAZwABeAAAAAAAAIAAGwkdkSv31AWZshbdezAt4SmQgEbXQ8gpESKVZEPm+yytcfHi3zlsEfu0kKTP5bAY2qxB7\/oc6uBQ0Wmie0yDB9DmD+jAgz+1QPoVxa1oGy5FCWmigjpujQmQ+eyliMV67TFt7n7QCPfcsBILiupGCOx7jtQ6ZaY8kVB+OFA+3okAAAAAAAAAAEcFAAA4AAAAEABBbmRyb2lkLDguOS4wLjIAAAA="}
00499{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155680,"pkt_ts_usec":961840,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"pkt":"MAdNo1+nAA6OMNv9CABFAABoqKpAACsRz1USyQQDwKgAER8xlS4AVP\/XBbgMAAQANRj1GJhk5EcyQ3xeLpXjYZKRYwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIAAAAAAAAAAAAAAAAAAAAAA=="}
00420{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155681,"pkt_ts_usec":421332,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AA6OMNv9MAdNo1+nCABFiAAwgLpAAEAR4fXAqAAREskEA5UuHzEAHPpEBbgJAM5jkpFjAQAANRj1GJhk5Ec="}
00422{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":97548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2hAAEAGC9fAqAAREskEA4PQAbvgGt8wdKSu+oARAq1TiwAAAQEICgAhjdYA5FGt"}
00425{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":130784,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"MAdNo1+nAA6OMNv9CABFAAA0\/ypAACsGeRQSyQQDwKgAEQG7g9B0pK764BrfMYARANI\/LQAAAQEICgDkZ+UAIY3W"}
00423{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":132180,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"AA6OMNv9MAdNo1+nCABFAAA0V2lAAEAGC9bAqAAREskEA4PQAbvgGt8xdKSu+4AQAq09SAAAAQEICgAhjeAA5Gfl"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1527155685529,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1527155685529,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":529875,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"AA6OMNv9MAdNo1+nCABFAAA8KqJAAEARjp7AqAARwKgAD8OxADUAKKNciEIBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1527155685529,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":421,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1527155685529,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00455{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":530485,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"MAdNo1+nAA6OMNv9CABFAABMZZhAAEARU5jAqAAPwKgAEQA1w7EAOLypiEKBgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAABfAATYOs1k"}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}
-00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1527155685757,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":422,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.205.100"}}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1527155685757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
02361{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":757293,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AA6OMNv9MAdNo1+nCABFAAXcfu9AAEABNMHAqAARwKgADwgA3UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
-00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1527155685757,"flow_last_seen":0,"flow_tot_l4_data_len":1480,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1527155685757,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
02361{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1527155685,"pkt_ts_usec":757669,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"MAdNo1+nAA6OMNv9CABFAAXcOTwAAEABunTAqAAPwKgAEQAA5UOrGAABMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWl9fMTIzNDU2Nzg5MEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaX18xMjM0NTY3ODkwQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpfXzEyMzQ1Njc4OTBBQkNERUZHSElKS0xNTk9QUVI="}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_tot_l4_data_len":7101,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":322,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_tot_l4_data_len":6877,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":30,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":30,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_tot_l4_data_len":5773,"flow_min_l4_data_len":20,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":28,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_tot_l4_data_len":10349,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_tot_l4_data_len":2960,"flow_min_l4_data_len":1480,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":1480,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_tot_l4_data_len":7127,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":375,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_tot_l4_data_len":7373,"flow_min_l4_data_len":32,"flow_max_l4_data_len":623,"flow_avg_l4_data_len":127,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_tot_l4_data_len":7373,"flow_min_l4_data_len":32,"flow_max_l4_data_len":623,"flow_avg_l4_data_len":127,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_tot_l4_data_len":61632,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":692,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1527155646968,"flow_last_seen":1527155666982,"flow_tot_l4_data_len":276,"flow_min_l4_data_len":69,"flow_max_l4_data_len":69,"flow_avg_l4_data_len":69,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_tot_l4_data_len":309,"flow_min_l4_data_len":40,"flow_max_l4_data_len":269,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_tot_l4_data_len":106,"flow_min_l4_data_len":45,"flow_max_l4_data_len":61,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":45,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_tot_l4_data_len":213,"flow_min_l4_data_len":44,"flow_max_l4_data_len":169,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_tot_l4_data_len":8457,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_tot_l4_data_len":4754,"flow_min_l4_data_len":20,"flow_max_l4_data_len":265,"flow_avg_l4_data_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_tot_l4_data_len":70,"flow_min_l4_data_len":28,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_tot_l4_data_len":7857,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1004,"flow_avg_l4_data_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_tot_l4_data_len":197,"flow_min_l4_data_len":48,"flow_max_l4_data_len":149,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_tot_l4_data_len":383,"flow_min_l4_data_len":44,"flow_max_l4_data_len":339,"flow_avg_l4_data_len":191,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_tot_l4_data_len":208,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_tot_l4_data_len":195,"flow_min_l4_data_len":44,"flow_max_l4_data_len":151,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":22,"flow_first_seen":1527155639240,"flow_last_seen":1527155640252,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6393,"flow_avg_l4_payload_len":290,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":22,"flow_first_seen":1527155640085,"flow_last_seen":1527155641008,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6145,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_first_seen":1527155644240,"flow_last_seen":1527155644244,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":22,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":46,"flow_first_seen":1527155670640,"flow_last_seen":1527155677861,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":5405,"flow_avg_l4_payload_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1527155670640,"flow_last_seen":1527155670672,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":24,"flow_first_seen":1527155641697,"flow_last_seen":1527155647390,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9565,"flow_avg_l4_payload_len":398,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.96","src_port":57520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00462{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_first_seen":1527155685757,"flow_last_seen":1527155685757,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":19,"flow_first_seen":1527155648513,"flow_last_seen":1527155648748,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":6479,"flow_avg_l4_payload_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"151.101.1.130","src_port":55746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","ndpi": {"proto":"Viber","breed":"Acceptable","category":"VoIP"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":58,"flow_first_seen":1527155638428,"flow_last_seen":1527155685200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":591,"flow_tot_l4_payload_len":5517,"flow_avg_l4_payload_len":95,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":89,"flow_first_seen":1527155641845,"flow_last_seen":1527155647484,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":58768,"flow_avg_l4_payload_len":660,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.230.93.53","src_port":53934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1527155646968,"flow_last_seen":1527155666982,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":244,"flow_avg_l4_payload_len":61,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1527155639005,"flow_last_seen":1527155639008,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":261,"flow_tot_l4_payload_len":293,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1527155646819,"flow_last_seen":1527155646840,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35331,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1527155641574,"flow_last_seen":1527155641691,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":37418,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1527155638474,"flow_last_seen":1527155638476,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1527155670632,"flow_last_seen":1527155677899,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":45424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":27,"flow_first_seen":1527155671066,"flow_last_seen":1527155672061,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7577,"flow_avg_l4_payload_len":280,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.187.91.182","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_first_seen":1527155685529,"flow_last_seen":1527155685530,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":50097,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":43,"flow_first_seen":1527155679411,"flow_last_seen":1527155685088,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":257,"flow_tot_l4_payload_len":4410,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1527155679411,"flow_last_seen":1527155679443,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":38190,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1527155646850,"flow_last_seen":1527155680789,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":972,"flow_tot_l4_payload_len":6977,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.78","src_port":43702,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_first_seen":1527155648481,"flow_last_seen":1527155648506,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":181,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":44376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1527155639234,"flow_last_seen":1527155639237,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":331,"flow_tot_l4_payload_len":367,"flow_avg_l4_payload_len":183,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test"}
diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out
index f14cfc2fd..adaea0c50 100644
--- a/test/results/vnc.pcap.out
+++ b/test/results/vnc.pcap.out
@@ -1,11 +1,11 @@
00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vnc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1476111264364,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1476111264364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":364066,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"}
00418{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":364590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"}
00410{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":402886,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"}
00418{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":414487,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFRAAIAGAADAqAJuX+0w0Br06Y8QfmeG6sUwZVAYAQRT+gAAUkZCIDAwNC4wMDEK"}
00418{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":453192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EP7tAkntxOodxQGGCABFAAA0XtNAAHQGVB1f7TDQwKgCbumPGvTqxTBlEH5nklAYQTco9wAAUkZCIDAwNC4wMDEK"}
-00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00580{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_first_seen":1476111264364,"flow_last_seen":1476111264453,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
00414{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":453247,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xOodxQGGEP7tAkntCABFAAAwfFVAAIAGAADAqAJuX+0w0Br06Y8QfmeS6sUwcVAYAQRT9gAABw2FBYEGggI="}
00410{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":490253,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"EP7tAkntxOodxQGGCABFAAApXtRAAHQGVCdf7TDQwKgCbumPGvTqxTBxEH5nmlAYQTV17wAADQAAAAAA"}
00402{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":611079,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xOodxQGGEP7tAkntCABFAAAofFhAAIAGAADAqAJuX+0w0Br06Y8Qfmqg6sUznlAQAQFT7gAA"}
@@ -16,13 +16,13 @@
00452{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":655672,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"EP7tAkntxOodxQGGCABFAABKXvVAAHQGU+Vf7TDQwKgCbumPGvTqxTO7EH5q2VAYQGXxHwAAABD4kWjKRPuBSComGQUeVSOHJpwdvgNCVw3Sf0PlviJsDA=="}
00436{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":655707,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xOodxQGGEP7tAkntCABFAAA+fFxAAIAGAADAqAJuX+0w0Br06Y8Qfmr76sUz3VAYAQFUBAAAAAQisGUct5Ou6lUgPdb106WnFrY60A=="}
00412{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111264,"pkt_ts_usec":692028,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"EP7tAkntxOodxQGGCABFAAAoXvZAAHQGVAZf7TDQwKgCbumPGvTqxTPdEH5rEVAQQFd88wAAAAAAAAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1476111286462,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1476111286462,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":462067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"}
00421{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":462174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"}
00413{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":499568,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"}
00421{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3547,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":510841,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmRAAIAGAADAqAJuX+0w0Br0yWdPW3mu4zw37lAYAQRT+gAAUkZCIDAwNC4wMDEK"}
00421{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":549120,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EP7tAkntxOodxQGGCABFAAA0bfFAAHQGRP9f7TDQwKgCbslnGvTjPDfuT1t5ulAYQTf4GQAAUkZCIDAwNC4wMDEK"}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_tot_l4_data_len":148,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
+00583{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"30":"Desktop\/File Sharing Session"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}}
00417{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3549,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":549175,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"xOodxQGGEP7tAkntCABFAAAwAmVAAIAGAADAqAJuX+0w0Br0yWdPW3m64zw3+lAYAQRT9gAABw2FBYEGggI="}
00413{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3550,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":585970,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"EP7tAkntxOodxQGGCABFAAApbfZAAHQGRQVf7TDQwKgCbslnGvTjPDf6T1t5wlAYQTVFEgAADQAAAAAA"}
00406{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3551,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":595556,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xOodxQGGEP7tAkntCABFAAAoAmZAAIAGAADAqAJuX+0w0Br0yWdPW3nC4zw5\/1AQAQJT7gAA"}
@@ -33,6 +33,6 @@
00446{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3556,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":680165,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"EP7tAkntxOodxQGGCABFAABFbf5AAHQGROFf7TDQwKgCbslnGvTjPDsnT1t9AVAYQGUMdAAAAAtD14zifYG0h7hNY6JEfjTiOFBsN4kA8OBfXio="}
00454{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3557,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":680351,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"xOodxQGGEP7tAkntCABFAABKAmxAAIAGAADAqAJuX+0w0Br0yWdPW30B4zw7RFAYAQFUEAAAABB5egU6EyiUhjcAQTfjXu4EJ6Tyd+fY2j1lCEncfpiMwQ=="}
00454{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3558,"source":"vnc.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1476111286,"pkt_ts_usec":680712,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"EP7tAkntxOodxQGGCABFAABKbf9AAHQGRNtf7TDQwKgCbslnGvTjPDtET1t9AVAYQGWCBgAAABAyRkBH2n2M0M1lbRupL3R3bhQSGUiIXpMn5oN9qHkc9w=="}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_tot_l4_data_len":38150,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_tot_l4_data_len":135184,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test"}
diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out
index 6814588e8..0cef5f944 100644
--- a/test/results/wa_video.pcap.out
+++ b/test/results/wa_video.pcap.out
@@ -1,8 +1,8 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_video.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455764,"pkt_ts_usec":448302,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
-00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455767339,"flow_last_seen":0,"flow_tot_l4_data_len":580,"flow_min_l4_data_len":580,"flow_max_l4_data_len":580,"flow_avg_l4_data_len":580,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455767339,"flow_last_seen":0,"flow_min_l4_payload_len":548,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":548,"flow_avg_l4_payload_len":548,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01171{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455767,"pkt_ts_usec":339689,"pkt_caplen":614,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":614,"pkt_l4_len":580,"pkt":"xiwDYGpkkLkxKPrKCABFAAJYAABAAEAGw8bAqAIMnfAUNcDLFGab0R+KLuhMzoAYCAC1GwAAAQEICjTPJUoefmf9AAIh+FvbCnh\/a7IflRY0dljac\/EUrviXyMSuBINQo97GbKMEImMXigVRfinz4XcgTWeXa9giOjhsqf3NxGX9biqY1yfPHcFHJiCc0ZCHvaCNvgkJPVj4efQEO9oXblNeeRaKGRLTNPthw+X05ffa2MEEZsCc5sOdGdAvm7FUBTmDLJxrbHLFDC+Qz785Kp4Y\/nNC9dvuMTiwRIaMjyeDYd66NcNSVYXm4FIuAYawjSGgb9SDZkFGOfhJtHvzWqgQNk\/CQvD5MdFqw4Ro6oaWM5dtaU5byhQ5BGyiSFfIOfXO6utXNWA73iF5EEI1sUrW9Z96Yp1YyVWH1nWO8RF0xmRHhUXi8Z\/sZFez1+bI7zqAvAPYQUokFVSdoHMsl0C7omqMhJPL\/hGc9NtDl21eaiXOM52GOzZWxZMbXJmB\/9+NsouXUZBUgsh9jMSFGZLM23GdBqdyDiy78nD8F4EJr2A\/aUaJIwQnw3GNyvDzKtsy8d2KrzMKlf6d7qvFNf6tCn5YbJzbYCtXcK3bzzVNLm8QIxxktFuE4kwqNUk0pOIUno0bVHsn8uJRI7p6utCiNLoFNA283\/oV8xNqLi4LT4fQ\/\/415n+lAj9aAo0RTNMlYFu4h64\/Lu0dkox1O3c7ouf5f6puZ8pmi+uDZVI\/IU8sc3s7dCFETLgaxg8hmXkWbIHTksRKvfJv3iIyf9m9mqHEEfDnGMuE7VsJzvR+Imk61iI="}
00423{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455767,"pkt_ts_usec":391415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0cX4AAFMGgWyd8BQ1wKgCDBRmwMsu6EzOm9EhroAQALQFAQAAAQEICh5+dS80zyVK"}
02318{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455767,"pkt_ts_usec":568245,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcX8AAFMGe\/+d8BQ1wKgCDBRmwMsu6EzOm9EhroAQALSeYwAAAQEICh5+deo0zyVKAAeY92kokkA7hrw6j6Vhkd+oEkvjt9+mUaq3VF5ALR\/3dyTIUqE+ce9A8zw57IwXMUm48Ve04aN2q3aoE1gIxi914RnbSua9WCw4BiKEAwBPqN8fZa53YGzu6KGDd+y61i8hb8APzgCq0BgVHxbqR0bN2PsZSNYDa\/cxDiPbHbN81oUvSJ1gG1HfKBlexobCedzu2sUfK2Qs2a4k4D1FAWNImtONV8L8QIDh9roN6NGgmn\/lqF1FSp0J1KRgd0jLjFjyO8E83j6fNPMnzyDyrqqDONC2kuu2acMixjEUltdGs477N1jzC9n+ER\/b\/S6TQcGEY9qe321iyRfAWuN0DLg7mjzkOAiLNEYzLk5mIXEf0ZRFKJwDAvOVHtFaYq9PK\/+TyWbUbh9dyV6FAMdUFiad1IPXICQYrOxMJpvYW44GNTJj7JJd\/vptPppVq\/RnqviVF+HvVQYCfsL\/SVoCMkJWYQL1ncdQ0eep1cbBr6nAtINm6y3vpk9iSvMUPjyihT4LCr1goaODAyLUwBnoKlcyQnCzrUTIAqAAM29AsZFrK3bZYGCyGW\/1MqA4MzwyfwMD1bF+saAkWfKpa6RSRkk3KGr6n6v79y+8bFqwHEmh79h64wuCdareEkcN59XiCjPB2jxFRkpLZWY0mc91mPUnIxaHkuQIMuo4JPBhS7O2C4sRkwc2EdliToDywQdgKCedjvE+Fkv+IJ1yiEuAY7OC0Yop8Phr2Qm2qT+26YDaaSkP6CBAA8F\/0qtcGuDnlIq3ve6KW\/D6MuF4EOQk1b\/mWeGOhmO2zaJtvFI8PxQT5VxpwG5mTmAHNrmnqHuX0IWL3zCefnedyGujv7ty3zJnVuQwRLy87IaxzKXwsdyDG3gOFStZBZK2qgn8IW\/xr0PRTCCbF58t6+kmge68BzSwUxMSja0zleeuWy9nliB9zaa4b+jN\/22Q56CpjAU0jeotHbt7rfwSgaDBMBcRXkBKkMuSRjHPsILIfuplVXUe9hbVn7Go2YVn3YMI8\/AExe4f\/h8AveIFQCrjpuBYwwenY\/QBLof\/waMaXnDMoOqv3UDo5f\/rUkCJZYja2kE\/3ozUaT8Uz0PCmt\/gc\/KCFNUf0Dg1W5QGc7mNzo6HmKq3sVYeKZxgXc+0B\/+Kg+WdAj0nr4z70bgW5GCi4QLhKZrELaubvCFff0BZt4Ss2ARFEyAH9IKD4jhRLgOIMULFRSu5xrKXDGooBaqIU\/671otysjRrQ81PzcJeLF2eHbj0voj\/+FWKEGjREDnwIqXWvMaPKFe8PlPupWBMwOzFz8pMa1\/Cfixow4NV+SRN1L2CcfmYjYCb8vwd81S0Sbh\/yjs0qpd5YLoB8pMYh\/yUoZ+FIXdWz+sa2pEUMxHkvUFc+7SzHNfV7LJOOBb6vDyxWLEcl4dY0FU+ynkwQS3op34TZEH4GA2VEfQdOgNR2iu4EKt2LFEXckrFDQqafGZhK5SjyixnKMbzvINk8a1d4ltQPewgraMY4ASPPuLS07U5UPA1qlh8E94Xhh8y1zAB0VWBPRDFRutgl1y4BL0Lad98ZYlvDZMJKhfwsfD1K84zCNVytc0lpEdS4WwTmG5jVDNkEok\/lFTqI9CJ\/ndHCOSY1DeCIemKT8q2EgY6ncZJwmIWq3s+IAWyQwqNpA+uXGEPONBjE53SU6ADJ7J2GkLvQbStohFZjKPShMILgTsEvkwNRe5icjnZF5b4X\/JteDZslY73Nte1q4DiPugbpWEOEW3UaXBVcccSnBXfsrY1lsgjH8BpxoTBACfj\/Nm3cIxvIq14OKHRvxy9b0mNen\/kzoDrO5sZ\/dAjHBdNu5W\/9k529dGB7vwkors="}
@@ -18,25 +18,25 @@
00441{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":744413,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0SGuLuhUabAQB+GvVQAAAQEICjTPLsQefnemAQEFCi7oUqEu6FRp"}
00425{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":744665,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0SGuLuhVgYAQB93kaAAAAQEICjTPLsQefnxx"}
00425{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":744674,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0SGuLuhWCoAQB9vj3wAAAQEICjTPLsQefnxz"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":789452,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00567{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":789547,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":789676,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455769789,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00567{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":789803,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":790205,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00568{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":790329,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":790753,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455769790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00567{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":790875,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455769791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455769791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":791001,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455769791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455769791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00567{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":791128,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00453{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":802594,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="}
00453{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":803703,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k8AAFQRMGQfDVYwwKgCDA2W0bgANE7FAQMAGCESpEIMCJFuDJOtHXjqlE0AIAAIAAHuJHGmBnJAAgAIAAABa44EONE="}
@@ -45,9 +45,9 @@
00452{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":813684,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI86gAAFMRH9i5PNgzwKgCDA2W0bgANDKMAQMAGCESpEIMCJFuDJOtHXjqlE4AIAAIAAHuJHGmBnJAAgAIAAABa44EONY="}
00452{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":817420,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIYqUAAFMRzt6zPMAwwKgCDA2W0bgANFCKAQMAGCESpEIMCJFuDJOtHXjqlFIAIAAIAAHuJHGmBnJAAgAIAAABa44EONc="}
00452{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455769,"pkt_ts_usec":823739,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIblcAAFAR2nid8MEwwKgCDA2W0bgANGTSAQMAGCESpEIMCJFuDJOtHXjqlFAAIAAIAAHuJHGmBnJAAgAIAAABa44EON0="}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455770313,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455770313,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00584{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":313920,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClcA8AAAIRlYrAqAIM7\/\/\/+shNB2wAkeqFTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455770313,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455770313,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00568{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":337759,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaSm4AAEAR9\/PAqAIMHw1WMNG4DZYAhm0eAAMAaiESpEIMCJFuDJOtHXjqlFZAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
01039{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":338553,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"xiwDYGpkkLkxKPrKCABFAAH0+3oAAEARRY3AqAIMHw1WMNG4DZYB4H2\/gMcAAQAAAAAAAAAAABAAAAAAAACJhKdzsHnuet1Qdz41\/V0LZ6iaR+ompnqOC0UyarH5UrXQ7gahHsgo8fBSar+USGufvh1qJu\/NRhrMD3qR\/SAjm0znSoh6VhewgoYurQjuAFWWewtWrMpeuHL4S\/+0MyTq468+zTecDbZ6EwtoSN0rV7q8TBzNbXoPKLU+8hBZZ+C0Zwhv4pNQvQ73HCap6B8nDrljl1VQCssxIyDoFppm+A1WDiIcrzOwFmAtFZRxfxAwsXnaqMpfV7ETckMB4GqGDHMY9D07KVFzYHB6BDNMqwxrKcvDDDOcXgoLbVnJVRsvDhbsoDZ9LSZ\/DUdboxbtnb0+yVLLEsITqGIoWKkIia7aJcm3+DfUCeopy1IrRGOwSHhGcTRsKeL4Zo8myF1iplt\/QK0IWu1ypm\/fXsMYLI+JQtSzFlXwTnhFMZKGXe\/+5y10FBJa3vn8WHaLeEglFQxibWJAB9Pl\/RPmifsBDlwaKTewkQGv68cDGTBCOjDXY08IucQjkM5PSAZ1gm8bFtFdu3YCSvIUwWcVUUY1BlV1G\/8KITQVBlllroCeNwk8Egd\/diM+uKs4CkbCkQ4jiWkDlVqqBRrvIHMCzzF3cMkNZw=="}
00453{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":353829,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/z8AAFQRL3QfDVYwwKgCDA2W0bgANEyYAQMAGCESpEIMCJFuDJOtHXjqlFYAIAAIAAHuJHGmBnJAAgAIAAABa44EOvU="}
@@ -59,23 +59,23 @@
01033{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":399460,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"xiwDYGpkkLkxKPrKCABFAAH078EAAEARUUbAqAIMHw1WMNG4DZYB4LPEgMcABQAA7igAAAu4BhAAAAAAAADdDtdGgPMQURSC4i+bB8o\/1HG5aAJL4GYSpVwPn0hZC4vErhJCi+kPN6K1LVLgrG\/FYLs+r0XOf7YlQT8r8BJOGL9VPR3gdEgUtSVxFG6TYpsVID13kmoFaMW1FwE7sx5mzuYIGo\/4aM0pexZCXfVvetG9VZDMAyHfEmsAr+6jdX9fi13TuipplahPdNsJxRkUFgpXsKcvV4dAqnl4nXIY0j3ADIisGiGyJTVeb\/k9c4Qhw2lbl80JZNyLGNM1MgbSsmtKKR+pZGDwPBuYPMk92D6pZo8LXXFuE6IT06Spdf5UhFQLG+g7541HA186tU5XWwtc9tuZbbErOBDIebxXeGbfFgNcwCTO29hQ2dpGTTEEymavYdlYu1WcJ058wAhf6SAVz2a5I1uyDGEkppEI4YkyEhwc+jPsjEtp9Q8RX5XOLlnxxfwPalknHJZMX1u3Op1NMOx5DTlKgT\/BBDBBVjyIN5VOMVHXQR586sl0Jl81dD1+D1wYsCX9Q69otSDvyetlL54WW2FO6ynH12YX0VXgYAc+IigmUhZgEm5rWZuNBxx9yeEzJ0hzLD0PhkTwkFI9A5ypd1XGQSD+BkQ+oS0nZA=="}
00401{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":413965,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"pkt":"xiwDYGpkkLkxKPrKCABFAAAizsUAAEARdBTAqAIMHw1WMNG4DZYADqpXaGVhbHRo"}
01037{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455770,"pkt_ts_usec":414944,"pkt_caplen":514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":514,"pkt_l4_len":480,"pkt":"xiwDYGpkkLkxKPrKCABFAAH0pt0AAEARmirAqAIMHw1WMNG4DZYB4N5fgMcABQABKosAAA2sBxAAAAAAAABl2CRI4\/P6avTyoQECclUvlfmvEsiuKl9H\/ThrT3d8aicafRFp\/z8sMV2ZHSVLtT\/QilgXqWkBNvLxvxaJUqUTcqrNSrxIcQTrMF4phKndZt5NpGJqXPQQ2DvfGrDv0TVqJ89pa9YkH8YaeSt208wbPPZOJMPvBzz\/CQ4tdFuydIZYkmmQ+\/EGf666eMVRFigScVJRc359e1vv+Gu+diokfsbZX1urdlKoDexsdch0fau5FH44yqkC5SMbWRe90QR5M9VlKoEmEK706U9\/9L4IVcKlMGZzeVLXV4cjevaXCgTJtn6aZkcS1hGhDZf\/mUlBOFsddULKTz840WdY5cNY7yEGJebknTWK0x4RzRHSfsfqjhHSt9c9tltlHc0YaGnLcDQxqTjZaYkVFzQW8IZXPmH8W6BcVBbTF418h10XE9tT\/WKigYxlw+aSa2FDbHmO07sypyk+SYK4IBATZzFUkztmdyJt0Vi8AFQdrkX8dQbfQgWcBUBpv3owahDIyhQanRQNqxxWRJlBdHEA3n4H2NUgGk5lt2EAFlxPtIKoJkALHQFSl80ZupWJCLfqxADGlA0AMFOie7mzA17nZgxFG+s3MQ=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00810{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455772,"pkt_ts_usec":49243,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqwAAP8RG\/kAAAAA\/\/\/\/\/wBEAEMBNNtQAQEGAH5K8tcAMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00578{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455773,"pkt_ts_usec":318325,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgzaAAAAIRN\/7AqAIM7\/\/\/+shNB2wAjBq9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455772049,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455764448,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00581{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455776,"pkt_ts_usec":326104,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChemIAAAIRizvAqAIM7\/\/\/+shNB2wAjbrDTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="}
00537{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455779,"pkt_ts_usec":337361,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"AQBef\/\/6kLkxKPrKCABFAACBKKcAAAIR3RbAqAIM7\/\/\/+shNB2wAbVXRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00812{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455780,"pkt_ts_usec":246416,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455781247,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455781247,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455781,"pkt_ts_usec":247252,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455781247,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455781352,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455781247,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455781352,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455781,"pkt_ts_usec":352254,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="}
-00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455781352,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00588{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455781352,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00454{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455781,"pkt_ts_usec":879070,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="}
00454{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455782,"pkt_ts_usec":59394,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="}
00456{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455782,"pkt_ts_usec":574285,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="}
@@ -97,7 +97,7 @@
00454{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455784,"pkt_ts_usec":457517,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIZ10AAEARARjAqAIMATxOQNG46GMANCcnAAEAGCESpEIj3XkG8YKTfumrO2cACAAU6blUiL9REGgUrCAn+fBDik0yMhM="}
00455{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":759,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455785,"pkt_ts_usec":93770,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIAhwAAEARZlnAqAIMATxOQNG46GMANIOWAAEAGCESpELiTBMRfqfJFlAu70AACAAUETfw2Mz3GqSutzo\/jaGh5v\/ta3Q="}
00456{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":813,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455785,"pkt_ts_usec":727200,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABI\/SoAAEARa0rAqAIMATxOQNG46GMANEXyAAEAGCESpELUGmRM4v14M3+SwVkACAAUtayjNCZzPKH53T\/nbmuRrjaNJtY="}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":905,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":905,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455780246,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":914,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455786,"pkt_ts_usec":352137,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIzVYAAEARmx7AqAIMATxOQNG46GMANF\/EAAEAGCESpEIZ4CVqeKeVT3p7HUAACAAU6Kbx\/jNowHL0MvzAfWa9g7vNcsE="}
00456{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":980,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455786,"pkt_ts_usec":971777,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIn+AAAEARyJTAqAIMATxOQNG46GMANAAbAAEAGCESpEJKPRR9wXq\/Tr8FSnUACAAUeIBw4gXxXCGcyc2sVr33kFFSLwk="}
00456{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455787,"pkt_ts_usec":614749,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIBh0AAEARYljAqAIMATxOQNG46GMANCDcAAEAGCESpEKJVb4NwlVAQm0FxDsACAAUuCOcZYtOcgJZwgV2vzy6J0EMZhM="}
@@ -105,33 +105,33 @@
00458{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455788,"pkt_ts_usec":857123,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABI\/V4AAEARaxbAqAIMATxOQNG46GMANAWBAAEAGCESpEL9J7xmYK5cDifcwVEACAAUqNPdEYZoQK\/V+H4fwJUlvZ8d4i4="}
00458{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455789,"pkt_ts_usec":484753,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIcg8AAEAR9mXAqAIMATxOQNG46GMANP1VAAEAGCESpEIva9dDDm4yI7yH5UoACAAU\/jrs9XS9h1GzkJiayrGB\/RlA7es="}
00456{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455790,"pkt_ts_usec":106267,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABImzcAAEARzT3AqAIMATxOQNG46GMANNL1AAEAGCESpEJXW7ZH0lh5LwkGSz4ACAAULT2Fd3ym5658dK6thlww0X1Ddqw="}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455791449,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455791449,"flow_last_seen":0,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00863{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455791,"pkt_ts_usec":449110,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxMkoAAEARwOHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455791449,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1470,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455791449,"flow_last_seen":0,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00859{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1471,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455791,"pkt_ts_usec":449786,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvmCUAAEARWwjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455792270,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455792270,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00588{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":270282,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClb\/UAAAIRlaTAqAIM7\/\/\/+v4BB2wAkbTRTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455792270,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455792270,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00569{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":270460,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNCIAAEAR8gzAqAIMuTzYM9G4DZYAhkjkCAAAaiESpEIMCJFuDJOtHXjqlGBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00569{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":270570,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaRxUAAEAREWnAqAIMnfDBMNG4DZYAhnsyCAAAaiESpEIMCJFuDJOtHXjqlGFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00569{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1541,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":270694,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACafQwAAEARxyXAqAIMszzAMNG4DZYAhmblCAAAaiESpEIMCJFuDJOtHXjqlGJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
00569{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1542,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":270823,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa1S0AAEARgELAqAIMnfDEPtG4DZYAhngiCAAAaiESpEIMCJFuDJOtHXjqlGNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455792273,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455792273,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00589{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455792,"pkt_ts_usec":273279,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAACleZoAAAIRi\/\/AqAIM7\/\/\/+skCB2wAkenQTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455792273,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00527{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455792273,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00579{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455795,"pkt_ts_usec":276739,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6kLkxKPrKCABFAACgOnoAAAIRyyTAqAIM7\/\/\/+skCB2wAjBoITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
00579{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wa_video.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455795,"pkt_ts_usec":277117,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6kLkxKPrKCABFAACg4VAAAAIRJE7AqAIM7\/\/\/+v4BB2wAjOUITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_tot_l4_data_len":535,"flow_min_l4_data_len":109,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":133,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_tot_l4_data_len":285,"flow_min_l4_data_len":140,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_tot_l4_data_len":696,"flow_min_l4_data_len":347,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_tot_l4_data_len":231913,"flow_min_l4_data_len":10,"flow_max_l4_data_len":1147,"flow_avg_l4_data_len":470,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_tot_l4_data_len":285,"flow_min_l4_data_len":140,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":142,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_tot_l4_data_len":654475,"flow_min_l4_data_len":34,"flow_max_l4_data_len":1301,"flow_avg_l4_data_len":732,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_tot_l4_data_len":16046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":120,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_tot_l4_data_len":16046,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":120,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_tot_l4_data_len":936,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1561455770313,"flow_last_seen":1561455779337,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":503,"flow_avg_l4_payload_len":125,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51277,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1561455769791,"flow_last_seen":1561455792270,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1561455792273,"flow_last_seen":1561455795276,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":51458,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1561455791449,"flow_last_seen":1561455791449,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":680,"flow_avg_l4_payload_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1561455769790,"flow_last_seen":1561455792270,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":422,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":493,"flow_first_seen":1561455769789,"flow_last_seen":1561455792270,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":1139,"flow_tot_l4_payload_len":227969,"flow_avg_l4_payload_len":462,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1561455792270,"flow_last_seen":1561455795277,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00130{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test"}
diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out
index 6c2a4c5f3..3a2329bee 100644
--- a/test/results/wa_voice.pcap.out
+++ b/test/results/wa_voice.pcap.out
@@ -1,26 +1,26 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455687942,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455687942,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455687,"pkt_ts_usec":942546,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="}
-00636{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455687942,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1561455687942,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00455{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455687,"pkt_ts_usec":944542,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"kLkxKPrKxiwDYGpkCABFAABMq4sAAEARSbjAqAIBwKgCDAA1yOcAOH0WZG+BgAABAAEAAAAAA3d3dwZnb29nbGUDY29tAAABAAHADAABAAEAAADaAATY7yZ4"}
-00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455687991,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"www.google.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.239.38.120"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455687991,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455687,"pkt_ts_usec":991884,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"xiwDYGpkkLkxKPrKCABFAAA89ksAAP8RQAfAqAIMwKgCAe1dADUAKOSmDHcBAAABAAAAAAAAAWcId2hhdHNhcHADbmV0AAABAAE="}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455687991,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1561455687991,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00488{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":18542,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"kLkxKPrKxiwDYGpkCABFAABj38gAAEARFWTAqAIBwKgCDAA17V0ATz5mDHeBgAABAAIAAAAAAWcId2hhdHNhcHADbmV0AAABAAHADAAFAAEAAArzAAsEY2hhdANjZG7ADsAsAAEAAQAAAEEABJ3wFDU="}
-00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":40,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455688201,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00676{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"g.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.53"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455688201,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02378{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":201615,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDyQZ7pIeMIAQCAC0bwAAAQEICjTN8KY8skLCFwMDD+Ai5NOSopi\/6GqwlD\/tAZzY1QGzvljqTGTmGCJOrU3x8CYKomrYaziO5eZ4ouY8cCYpOJvKrDNJX33pdge2bBxjgZp3ciHlbT9gHcPpJV3HIK5K4Xwsy7N\/d9l3pDdGz5PHrVVzZeXakf14DKR+hXrIhRVy6hpv5t2VthQzM3sKU7KhJpL\/6a5Sp489WK3Z7dzYFK2J+ermhE1b03GDPIEb7MGTpTJQaqangZgy8gro1eaetAilk1o529zodA1M9O5BVqL2oF301LG+kaqQTY1SPLvOnn1MxBlBEbzmsfvPr0H7C5Xcv51kP+cMU9R39VU1KEVp3e+2GMmIXWxgb+NKRMo4d5o6BKoHJ36YKQ33eAmIMAcZsFkdzfDz5q2jCxngiuQsbQKoYL1rQHGV7CXWI3zE9edQrQPJaGQZaxu\/+b+1vqSWxtCMEOUMVSmhM+FpUOqnKqwXsN4BgvySE1+U34RH0SV6FPoBjF0WGfVjkUid\/lVZcbedi\/PfkG0yBpT2\/Is9EIUqT+5Azj96UOFZqIEtSsIYSrk7ySkvjrKz5bHkeMLQk1mxQwJByZOSa30oY5bmNGAgD00g7CKAigVgWl6pq33BURhk4PDRhLJn426pN8ndnOOPzVylhr5g1C978hT8qaiuW1hlXdPnoMeCp9hEy7A5ziIjQi\/j6SVmDBSjwtJ0oqoQ\/ul2VzP1hHUGnZiTl\/qoxKKUfFrrwqTto6BvQjrKNa8bmHfrJg1RkCF3YK1iU3RCTPB\/4c68wZU3wRZ8hH1dNOLSgkwNQHFvEa\/gv\/qOxZkCS+Hpja9b5OtYooCqZnURTItdIoosw\/pte6KHG8eCIx\/U7yLLCmLs4D6MQwGZZ2yJ9zt9zcZXv1g03W4UohfquGy0ioHzSnw\/O3jNSfyTyrsrgxGqBD7B02ehphvU7Ax3IIziLDpWGnOBTyjYVNl423Z+0c9qK5fdUeybRNKKbWmwJqAFyKo3Mn2oSjBse+IbmEyy74UtCrn7MO79P00k7ZwAdz4X9zs28aMTKpnGFfXXxKMpT0Dd5ofiYXaTFr2Jwybi92XLCleA2OWxMIUro0rxoo67fYKdVxbqwQCMyEw6LTznHMXWYOpkkn6VHuawZe8M1HJsON5lEoItuqd\/IBfWUMshGlV8OgIAoc3EW3VlOFAiqg0pqVqjmyE8T8wQAvejRCf2f7iThtrzSrjIJDgibkW3Ecp3KoIC1KVlhjp4HLMvTgc12F13bDzcsr4rYSNpgOus\/4N4UzMrQyfYM2uNlqx0HfPLs50MVn\/Kyef0KdSuCHGqHLEJ+g1+EB9i2mop53wwymGotu9IoWgU02wrdRtoavOIQ5TMaPT9Jy+tmpyw9rSZn4YhMfxR72sCFIVM2eQlDOP2kti8y02qh8vwstuWp8ER3\/PKo9BgChhkuUmF5Df6lKXn1exWi67C9f1S5pc1iv33gDt3T0VcEHwoxmIh6MLrQ4LDUY7JX7mEuRfro3sR\/Ir2ufPPOhOBqsPV5YskVY9tWAevz7WMRn8EtRyvVaVHL3wxu1gErJNgcQ\/Af9fGR5KHI8lfrzLWY+bV9Q6PY8piE9FU2r7QV9Q5YgbBE6yKjPA3fOpiBOv+IVCsLXJNVdRvAywibpuoJAy2z01Fc5o3x+ZW2eqdFSSyuDepi7EBv4YJnAtmqjCVimRnoZ68Pz\/ocEFw5tBKkvU5uadJKwflJJ0hJUUOKwAQFCWvvApj3f356wTvDmU788W1R\/Vmzin60ZrsL16uD4sDmXGOueQVWddIzbIT0jyuT6IK9gJjCyELuMZhwwjNJ\/gEh8+\/PwFaVXbn\/1dsvjpj0IhPwCusRttL60194v983ySgSQpQrf9f+n\/rJIRYwpsq4DBRu9SydD72zD93mD4idl3s3tsUHh6rp5k7Bf4L"}
-00516{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455688201,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1561455688201,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
02377{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":202302,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xiwDYGpkkLkxKPrKCABFAgXUAABAAEAGJCjAqAIMEfI8VMDKFGdIDym57pIeMIAQCADYpQAAAQEICjTN8KY8skLCFtVfgrozcBhAJsfsFvLQO\/UNbKaPAKskPEHc2H7HNZvZ0KHfZ\/KP+B9OyPm0SdMSjavTXp1RBX4n8dtnNy7ldwySyG0XJJWeRoZiiRtgXrZdFFD0QAS3Pe1DBo\/FUctyy9XBKqwrw5v92Jj5UtBctOxUvfejQ1SPTAJ5IukXOUTVRhF+GJ6uJpn2Gyv2J\/hXj4mZyNeIliL2I7bOA3ury1GpGWko+MWMnPSKdWfc+5iZ8htj49VB2VDsL+uaCsidGqZX708pkKajJgAtzAX6+OwUhPXab61vOJn2ZVsE84On3Sc1Kl0WWtXgaA5Kty9ym4wLqQYEYP55F5oeJX4cTBOZRUcxhyM2DEPfiJE4aGH7aPKJO1JXXtoaeR6aRsid5OY044cRXoCwjbqa8kVLoyG\/1hSUaMwK17Rm6Nq+PbrF+ED8fmHgN\/1Dutcz+R4xma\/dfBoQDryBVCTEwOthrl7LLjRmNDBA\/nKPrgUx1pUPyir\/k\/cBNu5VmA9ROEDXJTcYsaqkjSroNougihkTVcfxMwA0V1eozYWnylZYZfyg3u53u+M+Do2uu\/vpHb6ZX\/5fq7AfMO72tRX4kcflTeOHJPV42uX70ZwC1O+A2X8wG0wRrb8uK6OFhHts3S52N3FVIqWr3CBOEKtXus3msBLphIaEqtw7dKWimDDeKkgZyeDybQGBbwSqGgwXI4sXoyN6QNVYT2T4i6kGXwJ8KRo8HtR5yB7rhqGJ7va7Tq2PlcpSnVIQRwao1mofCncrFLbOpoxslAuFLv8G+fW1GEiueEIhAplFAErT8lEbc6sY9uI88S0O6mDpNBlvCBLanRfw12SWljEVA4Wh2w31ojL9SCLJgyYKb3rrXT3V5i0AGJxXutmEyz9yTXUcoSU1YUo3WfmVLfx6RyxgbfoU7yfB7G33wI6gfsYIkzsYXlIla2ZkFjlWmYTCmfyEh6mVsXCVMnp1BhZdWj+7bWgfM4VrhMG0uNxDM0Z53kq9r7jYLXP1URavTKVNjY1WxQ1RAuRJtVPSgtQELf6AAzGAMW947SHl7bPC94gub8Kmqytrgl8ICRtP21Twca8YlwoKzIkJ0ROGsHSJ1IUBnknB2X57XNTUY80EyrwKOEYdXqBbK5\/uwztG9gvPjPu8PKqPu7OCXZj1ZBnnEX2PjjdGe8\/qo\/GKpAlJAuol7xe33zGz401h7+ux36y894Mbarjx1CDQxx9YqwY6Lr4EHSyCq\/xOaCM9Ig4AmEcFYjNP6niCHmI6fO24v\/GQB6WXdzSw2ClyCXHYbvr4Qqi+4qXoeh2xXDeKjcBBfLtEOni++s2q3gzhbAvkZLj\/NmeA2TXw0Z3iDbzj8\/Y4RPkg+eKwZkIo3UDfKsFnJdpryN60+cHgLr\/4b6yqkGde7QP698bVNcwUBDmhcPTGUF72BSrLQvrtwQZtWbAZrNkztpBLnQ0QkqUG4rCER6dvRqYMKv5dFfseMTa1Q1gUuqPbbz23yUKTRtop\/\/Lht4EEFlQYsfbz48ddhpIGiMg5mZbcRDG3SabEXgtzSNVHYYfQC6vW4pikjByoIlKAdhA6SR3Oh3PU52UQkf1H00x5\/\/1hV8lcpLckyN2LNUVFAYrwz5do38QxPssBrJ+3S6\/aEGPegc3B67mnX5V9KdAWJTKT9mA6BOcYDIvqCcaofS9sLdAjWNazl\/6YRqmsk\/JZn6nsHta+t4co6kKrh8ZoenAhtwbNaOVmExbItteeviDeqFUd2pkhp3kXIT8d6YMdXIloWHR8vT7oGOwNL5sNWFZXjAeqyXFLohZVoKLbw4szdHzrmDOl0IHwY6y6lYvTSYc6OyNhkaHXFSCKUjvAFZPuWmliraxAT7phw5quixNUJhdRcYng0LMN9J3KAyHFA8Ber5WNyIqMxWZ5wh4eVaY0B\/wQ"}
02038{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":202454,"pkt_caplen":1255,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1255,"pkt_l4_len":1221,"pkt":"xiwDYGpkkLkxKPrKCABFAgTZAABAAEAGJSPAqAIMEfI8VMDKFGdIDy9Z7pIeMIAYCACWYAAAAQEICjTN8KY8skLChD9+sl9zTIn+9oKwtdTi9Vdi\/cqtS9SsuLktLexhq+H6HSh0nUz\/pR7lGjfA8jUSbTLAiEYeFmvZtDgZTjhibXwhbTyW2ej1slX5wS0YUeKb381u+fexhn3xRkOOgFD2lHUCDNs6ZDxZ3MgjWXZ\/6y+5+G4Cr5MmO9LbbXgHM2tCoGf6bFpAilIbDNDjf72PZn2d6eJMciO25CCni3NwF1VQe25Bd9JCM8RNSipKwwpntSqY6SidwnIyNKgMjNfj+GMhuOpcSsAcRSjT\/L\/y6Nc7rkRDfvgoZpO7IrcZRsLerm0SSzH8usyI2xA+WCvEPlDoV\/87+olgpceCoKG1cf6TrD9aD7Lh7Yzi2mRYXX50kN9XYC9UhK+eEqcUiK0EA6ia38NkceSip2pBuv85\/091UH5OzSLrTUOJg+XVoE7ssGb7XKiRE+FOZu+zmhmuXn2Ujg8u76JsqT+uY0KkCyvwkXLeCV2kPGxz31MiSwGtNtz1oNvEGHur+FQDs\/zPpy1TfX803cqFKkblAu9BFTe4MXIK6IqhxFJcK3dj\/d8o2Zlvxu2S2NA3FH3zT7CWqacXhL+wQyS+\/DALOFfsZZCyD97Lwmcig1rgISji1T9qsBO4dRFWt5bVa2GoIozmHRLhPE\/xUBXrVvCjMLlRXbBby9l3tFLBkeNarajglfyHMtazotsPWceBe13wiPjaSciJqd486cT5nmripbb2TNv6m2QS+yBxolanBtMMlalvyClJnjFYXmEMA\/Cqafcjah0LpamWi5cGxlhK2o7VpcXk60WiDqklprDwU1C6AQQ3t9+In381BWOH2ylFLvtkYQS6mza73M7ORMV9T+VX4ja00u4BItehp2lgwr5wZ9hQu6lejNiwFYLaMPe7D\/bAwWtcZeYT8kAUL9H2S1idX7efThRI\/sFUnhFydcfZzFx9yoqvQ\/XNBIf8hR2ZwEmxUM7nHYq2mZ+\/B91bETK14kZx6AmSi1jqJABWenJppvp4cXzcY1BWUqJk0PLYkAexhw7t652If5IzcojeSdWFP2lhdau7nHX6G7lW4Utg7ZWXLyccWSWSv6ha+LeiDlED1cCwY2vVHkPEKRqluaQYKLl2qvR1wE3m0usuIl4q2MEc3z7A5MGmXicgQHspwoVe96OedZ9UbKdxn5F5OBTgOA+JY4EBKs3\/51SigijtnbNr7w00IZM1a32DUVsHDNnCKoJQHhPhULTSuboR4FgTKv5jA8DkAaFXzOTQQMYjx7YZD+FVCVnmqRcXzRQCUejaACj05EFq7vsiXpx9kEWnOGLDfJ22A0AjBRXoBK9EYB2xjWa+gzWXLgtnfTfAdhzT3lkAyklF\/qQA0sttDRgDxUQ4slW4E3BzVFH0h4GehIXJZzWEseP9XQr0J1UhTOB7Dv78mCeQyIVzY5PpIKGqL37IUaJV6gk4viji4bM8JRt522Xsc3xIrKuiMjhRRmYQYZR2\/fsuI+jWL\/oLRyVbeQmMYbj2qIY8qMyxD0\/HUbbJCm1sWV3U2RsK1wnhcO2gFFVKyPqfKwE0xDwAtsxVH6ZCeakAFNP5dRNlfhay6WJ8owHDTw=="}
00423{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":226427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0TxoAADEGKbAR8jxUwKgCDBRnwMrukh4wSA8vWYAQAYNbPgAAAQEICjyzTX00zfCm"}
00498{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":226428,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"kLkxKPrKxiwDYGpkCABFAgBpTxsAADEGKXgR8jxUwKgCDBRnwMrukh4wSA8z\/oAYAZklAAAAAQEICjyzTX40zfCmFwMDADBBMeYgtgt9IoqVyG19Nwskqr7pCCl5Q+uac6KaMFU5rnqChCXfQ+g55lEPhVLxVNw="}
00425{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":227687,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGKcrAqAIMEfI8VMDKFGdIDzP+7pIeZYAQB\/9PtQAAAQEICjTN8Ng8s01+"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":445940,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI7iMAAEARBjHAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455688704,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1561455688704,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":704143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd7AqAIMnfAUNcDLFGab0QrZAAAAALDC\/\/8eGAAAAgQFtAEDAwYBAQgKNM3yoAAAAAAEAgAA"}
00436{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":744885,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uKd8BQ1wKgCDBRmwMsu6BkVm9EK2qASbHAbGAAAAgQFeAQCCAoefUIDNM3yoAEDAwg="}
00424{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455688,"pkt_ts_usec":841176,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxerAqAIMnfAUNcDLFGab0QraLugZFoAQCAytcgAAAQEICjTN8zsefUID"}
@@ -36,20 +36,20 @@
02316{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":216070,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcQIAAFMGfHyd8BQ1wKgCDBRmwMsu6CU+m9EL2oAQAHGn6QAAAQEICh59Q9g0zfN0P9EJdvILzcI4+iv7cGgPZxifVid4pVWfJP98HQuccwwKRYSOPhlVGwsuDm0OyCClVA8E2hDIEfSGFDLjNTDD+Yr\/MXBJifH0bkpS8b1zg8sUoQ78GeL0zZFihNblbbDAj8lQApFtHi7sR8OGZ9Ouwg9+5V93gALNZG3\/tWVyLQi4lGHvj2COl\/jMTrmw6nVjWpZWpM4sSSBFPd6MBy7terPnbLE53bnE2Jc\/hGGgHV3uLCfH6mF6H\/zKEWgr3dea+ABNUQ7O6\/4r1j+nPL066YTrT2ZN0hdWYEd4h85nkd731NXJ3FyHwL3vIk4D8qb1OZmOaDSe\/TJgLfDBVJfRY0zQhnrA6CYf+4CQxlFjxfZO8mew1aRhZeG4EWDwc3iGBsLxGKH4fw934wH9uDUAZ\/wls5AkOAIUHu6h9eM594oqmmEPMCoRljJQnI2MIh+7BWFJ+1LSmx19jnHmlEC3ouo\/ZgXa0\/xcH5XRehH3vsIwAJGiK2zsY+XcN82Z\/8eWYQ5m3TGgLqma5Vb3DBxR5dUM4E1C1sdNsQED9IQxQ7d79V1bwZ4WY2\/A1IueIrch7gbOa39PoH99zApTn\/FFPXd1tr13W8lEAOW3rwpIMHJvX+bBFjHHq2cJ\/a1HZrjVtiT9j0O6qIEKJIriA7s2QA5MGIPw1mCZI\/+FDxdrr0RVFq5hah8hoI0x09nYB8\/UEeHBnr9+ZiuDfKscJPgmNrwMXEwMLDQb9Jm2JWyKyQabAdsXAGanTIC4mVh5GCdqT5P8cHgXtklF+9ubnaOXy21w39IzcVBLIvOyPe2Tx2QKukOT5ItPs+lRSpiv\/eqB7ur7+KBOMqO3sbphKYjI1zSMoNLqnADON3ZSu5lyC3z+cDEcQTH+ZtkYLqLraqDuX1ocgYT7+HBFHiRIC0rIuO+Mo1vTWR1EORhKxVpRa6I8Gb4lp3DIQt+KFKzUXS8LaA95r7FGs\/ylKFIpYVVazGbp0Z\/dgiln4bHWe8o5kfROM1xZEylDpDjoy2EnV2ZfbL\/OkY0383ymjcEVRfkCRK5g6LxWv+buj92T8\/AHkar\/3XOuNWIwTefFgQRIJnPQNwPMQX7c5yMbGBZeBETM9ToNARp0c22XOkdawMHJfuZdHL+Xk9eOUHsJjMKOojt\/jrrVyRuPwozXI5LyUIpVXqGCJ0x6\/lpIH6wYo\/r73B9oUul5KwPWSWstC604rNtzFF4a56eD\/uodW1UVVTR\/F2mfsMR5+aTLETLrPFjVj3TPoXQ+qnrZZU7cgGBBOiejShVkqOYcWC1qAymA2y+D5QeKXKzwI3Y7yDUHc6JRBAgpPiHHRzzovjYQwwtrl+v2vXOViOlICQkpRCDKTkrHUzg3zGC5MzzI9jb5JgOB1jh+8Zaldi4JLXZRSZI+LPHP8TkQg2k0rx2LX2GiUZb5MsdzBTQSD+HvSBptZKwpOTJXEHzcPB72gsOk2rGY4T3f8P65DccJEmR3abeIn2gzfaAa5ejFzIay9rEAYkjHGTOCRJmrH+LIFiifSFccNs9AoIPxtd48PwKCUxlF207jXj6824z9lSGxLhVwrzAI7pPJC+UjJeLic\/R1EZaXw9975j9XxZWdPUYNeQ262VKt481qNbBeKsCNdflIlNlBn+M97YKSewciNMWX1EH7WXbVT8eQYZZA8mf\/6x\/BwpNpGl+Uw\/OjW6T42EZcVYL04Em\/3x8i06xq5+zwh8eb4s\/Jds62dRdiJS+LK8FcTAOJ43JRwJFw20lmUqjWJZ8DGMj1DJ8MOa9pqn1Cj71PGN8UNPEKGtuW7zlh0s1v5hHwfK9TVSfliezOE9OFawJKO6JaAyfSDdn5Cqp1Zss="}
00581{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":216112,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"pkt":"kLkxKPrKxiwDYGpkCABFAACkcQMAAFMGgXed8BQ1wKgCDBRmwMsu6Cqqm9EL2oAYAHHWpgAAAQEICh59Q9g0zfN0OmD+snV1QUhqItc7CZBQmsG6qZYUD1Z6WHk+O6S+J2qqFsZKWh7S\/FBIrxbjGtydUoqTdUJzETbYyVuUlCBNH7egwhJx0ddumHZlEir2k+KjhenSaBvgdPqOElvcisAIjGuRKR+Gh+VleoERAQquDA=="}
02305{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":217298,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgcQQAAFMGfHqd8BQ1wKgCDBRmwMsu6Csam9EL2oAQAHGDJAAAAQEICh59Q9g0zfN0j00kD7SW47vpxLkGozFihiVHS84IOEIZ4S8w+pvhkI4\/BVPnMsu7keXoL493PG4Jl94mip3ZYMBXk0tzcxBsugkacLva6p+\/l9Ai4U77Xu7ts\/uFMCxxoRjCgcN\/3abOTw7N\/kRx+RhOrYwoq8rRMCqlUvDBqFAj10JdY6DJhmvLJlse2k9rMuixA3LoDW2+YSjX6RE0TOsMgivknvp8OpgqixA9QfIZ29RNEZJHEfRHvv8WUGRGI4DC5QUbOAmvnrpUWSwma3mVGFQT84CFlrEXLA1PMEMSRVDLOunbvTbivqIQkojlxXim7s8ZS07plo6AFOBloQ8gVaqHhZF6Wn4CIYkFuQUNvSDxEOypAKKhj7H4kMiZJ1UQ2Z1fxcys83bOxOj7emx2V3aeoIGT0\/ueprJ5LcJSQMZpEAnaDnQc\/VaEFzRb971FV8zqAkJSYizTV5x+JUvvy9xXIMqn\/3fQbQUmv4v1w3Slrt6EpOUdN8P50D34oF6OYFbUkFztGvx+Shr2reNIJIEbqzscAMhZ2n\/wNndDVNqvuB2sj6lsd07u17prEMI7kSFMn0DTi1FACMEvfe5Mb74VlY\/HNTVinIWOkse32EgSfpXV8cbvDOkZe5ZKJG69923K5xLmUKXpYyIvkR3e7JoSITZuahaMUANfyBSFxEokn67s+ECk\/ssch+u5bfqsg3XvCKFAFnx5tivzoDbhvvAl6INch9X1rAEZNcqHBqiwJPFMMVj39syFXYg8dDE35EtV11JaMuM9FtN5HnKSF4YcmhkWAYGjUNKDcQgs6E4NESJzNqtaW3VxC1mVGieihYnQ6HmR29huWMyF9qLObApw9iuMne4NWo4W0B51AN95npmBmaYCoSYfn7BHgFHCbeoLN7NM5NbbLQ5kTIq93TvZr8e67pIeNREdh0OcCN52mIP4nRNZQjGCVNXsE9odeo1mGqr\/rl5+KrQ9Fgt66Epj918esPteMZ6ztV4ajtwc7YhiTc8EuPiCZ0DbE038c\/5ImCKaqpahBsfMxcUkfridm6dlIJiaPiAAh5+7f7ntavun4Aeuj2ytX5STanePvtyxDY5DKQ0m6f9hs3Hxqdh+oo9Z7+ITcmY6SofZV0f0ej7sl5bIs9O\/C00CyTNx8MQe6eFgNRlolcqu3cJn87m8x08H38tnSMCc9lsuy6L2TE4n4II04VpSQEMolCII0BykjN0hVcPtnS4uZbNoM1dKUe5BHJCEyf7GIRAQcaWVbF00l4X1Yu5UKSH1yu1Obp\/JbUj6ZnkFex7ND8w48lrhUDw1GlTVmz7NuOpUCUDBmT7uMEhSVqRa5LuFo9CYd9NqVKjYECe\/yRfzlPI6SZISdWYrnJJRnwZp0poUQXGqh1PxRg3bQOIbU3aPQcTT2RCPoX5y975\/oAwgg2TgwXxg4+MVnSNPx3gCTFs5rKEG6tDM4Xbedl6ZvM5XFhTMBrR8gylJ4twI+PoHkmduAYJ\/UVs4dj65UpqTL1cHtHWLBf2jbHf\/YrCZNOqmXzvYO40AizTV9byTfAD5L161bjeZqzsDx2o1lW2PKYG5EWF5PWID9lrCAsFRKv4Z7wYt3hImKywE5DnXEMGUI581vp4PffKxbeKo2RCqkRbN1RmtrhJwenM\/hA3eh3E\/xoIbjklGRJGA1z7qu4SA3wwLGY+nY8WK2fss\/TARdobk2Lz2kQ7qC5Vp2ZddP3r0IVPwYZC+Wk5uW8ih0NTcDqxvrTop7lT3Xkt2eiwRqtM4oUK85X8A4+ZllM8ua+hFMrxd+oXnn8x75LXgHrSoF7NZqCgjN0ML7ajRMGVHnkkJQnvnPiHe1oIQYUdjaPOUG1tMaio="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455689728,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455689728,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":728258,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"xiwDYGpkkLkxKPrKCABFAABL058AAP8RYqTAqAIMwKgCAdgAADUAN5FDM2kBAAABAAAAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAE="}
-00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455689728,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00665{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1561455689728,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00478{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":761023,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"kLkxKPrKxiwDYGpkCABFAABbphoAAEARTxrAqAIBwKgCDAA12AAAR3hsM2mBgAABAAEAAAAADG1lZGlhLW14cDEtMQNjZG4Id2hhdHNhcHADbmV0AAABAAHADAABAAEAAABFAAQfDVYz"}
-00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455689909,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":61,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"media-mxp1-1.cdn.whatsapp.net","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"31.13.86.51"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1561455689909,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":909150,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGAsTAqAIMHw1WM8VHAbtOnG1kAAAAALDC\/\/9BlgAAAgQFtAEDAwcBAQgKNM4E3wAAAAAEAgAA"}
00436{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455689,"pkt_ts_usec":928899,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFQGLsgfDVYzwKgCDAG7xUfuAwj8TpxtZaASbHDC9wAAAgQFeAQCCAqHqaVzNM4E3wEDAwg="}
00424{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":36803,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG1l7gMI\/YAQBAZZdQAAAQEICjTOBV2HqaVz"}
01121{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":39586,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGAMvAqAIMHw1WM8VHAbtOnG1l7gMI\/YAYBAYvJwAAAQEICjTOBWCHqaVzFgMBAgABAAH8AwNcVCo+6ckxRamHLuTFRhM635aj8rPn5Xsyc8oyNs70zCDheIsHXcZUiMjn0WFeVyeYgqZCpFf+j0FPaajeZJof+QA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAACIAIAAAHW1lZGlhLW14cDEtMS5jZG4ud2hhdHNhcHAubmV0ABcAAAAjAAAADQAYABYEAwgEBAEFAwIDCAUIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAADMAJgAkAB0AIGUBEpxLHOCHLdBePKDwToeE+eWXh1GjpLqsIp7hpBQmAC0AAgEBACsACQgDBAMDAwIDAQAKAAoACAAdABcAGAAZABUAlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00835{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00846{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1561455689909,"flow_last_seen":1561455690039,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00423{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":55150,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0CsgAAFQGJAgfDVYzwKgCDAG7xUfuAwj9TpxvaoAQAHFafgAAAQEICoeppfc0zgVg"}
02313{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":58075,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgCskAAFQGHpsfDVYzwKgCDAG7xUfuAwj9TpxvaoAQAHGU7wAAAQEICoeppfg0zgVgFgMDAHoCAAB2AwOjzyNHQjOpVvgAif\/8F5WB9m2U0scKnow2LScA2\/aVYiDheIsHXcZUiMjn0WFeVyeYgqZCpFf+j0FPaajeZJof+RMDAAAuACsAAgMEADMAJAAdACA5nxEHCn05\/Ye07pEajb+KCDvivuQkVTABzhNxH4pZLRQDAwABARcDAwP5obHjPldjOIylS0+Xwpe8NgBs43eBM3dIxITUTfptTDNiEB5Eq0rvnM+mOfPCdmgTgQTBzQK8hpmmqbe7NdS62S\/ZuugNetE6eL3lk3qguCRroXHIbV1vyR6JjglAciF4rrgEGkTOFdS1Oh85ZPwfZlJtXJnCnXkOfnwaFTtqIp2vSs887u2XmX5mcidKKal5aNyYWhETi63K9AOOkIQOqicaNIul5dEK6cCF5UMqRtDujk6NZzq7IwbqWADmhPMvnSM7A2l+EOSR0CaMazr82cComYDqc1PUsHe2I1niKsnT0m1bV13AzR+EvM8m0OxMD4lFOtzeiDXkenrkqREyOTi4MlfsrYptn9wRYRV+e63xQXaxh+dVdNVyHXfTD0qsdTX3wHgFwQl3oM6OXEaiyYn+KgXcXwq0ethdNrg08BJH\/8vapxF09PyDshSzAEpTXcEPu+GTbmZnoxjzvnDD18Zw26PohkmdbrlVfCBfPion7RT7C+Kb5UvF05Md5Tyv88FUdj\/VqRuFeEEnHphi\/R49yNc14nHYu4RN+XtOOSCmOwRK\/KBE5LZyV531wsNioyG+mpgfGatM7Tej\/w9lMWDYNl3p48MnFtX4IuCPpJtMt\/7NFVU2KyGybpb+cZXqPqee513o3Bp9uklsEM5Q02zzFMJMLBg8mewlDo+FbF5rjsLV2ebsrguXxpBNl3oHzU5n0lCR1wfayg9+yOdAiAWQ3Oys+AIICdmYtvasLN34LcCjcQD9YHzCzMirdSNF4OcXEtYeyMM5Sy6evWRISUbSiY6nQwyWBkw6bzxYYMb9lWVJNgEdfPpmxhjWDLantpJHGf1ojh8wQGIpRye3GHuhLaMEMVQZ4qbSOgvfn0nY\/CBysFxH7B1Ar3mwKcbisTwK8XJi8AK6+V+r\/\/vPWyG46iraQ7EEr0NABdn16L73zC3c4rUFcGCo3yv6nej46D3DVlZkcihybI8h+tLCp6b1ECWUVmYlINnm0Fxjv\/Rzo1yvYAfLRkl5wor8XK2Fz5nPTdPjLUTFI0X8tPfMr4lQEtr1lsx1uySK500IMrHApEofGX\/hBQdjjXSkQKDb+qcTK7sscfs5Dw5Td9blyzSb6ZftirLtqGt3+4r6Rk7H5mZPRCA0zEuJVUfsoBZY1WnrFNH7JTqWV61uqG1Rg44Yb\/dIwgoql8PDUAeyOTqxTSxsdG5duuR08zKsMhbg9mG2\/yjO7ZaSI9pXuKQqr3PlVwkcZ5\/c+b\/ZY5rbF0DFyRYf+Ya8itNTAp7GZ\/aoxoaK3dQTdA7C6++KMGOuUIeHq6Xpbi\/VSGaTsxQzLetZ0O0VmkUlLT\/RMxfq23QQiWbaeODe9tr3FwMDBe07gSGdhQaI9CSMCNgrecYRo\/+ZQun\/P9l3D4+KLQd\/am5Ukve96RSjpiSxrXHOZDo3MzLFr6eCZenso+tx\/kuRg\/tO6gWleSWfkYD+wyNSXegvt8V\/PxoE9wLtK\/z0QA49nDoK8NElxDHqwqsW7Jct5rqMts\/tuZB4W4+Qwj8h86gLJMpfkBGXRUSFmoixhMPOSOMNmJsNYZA4acZu7dCF\/7UJji6XAk2j1GNbkwpRxJMZ3aXKUN9svBHzCf6Hjdwq6mcXi5kRMkpqnNoBts\/p043tMsLNIewponpI4qPinwhvNic="}
-00882{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_tot_l4_data_len":2117,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00893{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1561455689909,"flow_last_seen":1561455690058,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"media-mxp1-1.cdn.whatsapp.net","ja3":"b92a79ed03c3ff5611abb2305370d3e3","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02324{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":58103,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgCsoAAFQGHpofDVYzwKgCDAG7xUfuAw5pTpxvaoAQAHFX\/QAAAQEICoeppfg0zgVgspFXKOJvplc45DT7iGl7Njpc0oTgqks\/uNS1ZxTmPU\/OA5ByiKjgw3vzNjwDnElCorze7ZipusLc9IlzS62vjRQ1ICsULZ3htyVo9kVh7cyjID5Usi1jTmHBqTUwDiE8zgmSu3MR9zmMn0xcZ8U+NhvXnbzdG6qMKlgYTJ4H+HJMPzTo4cABWBWkB8\/nPBVh0qm30TrAKyUqoS5ls8jrMnHRdCiIuEGO0hQFLRR2UaMXtbHVyZin3TzybUi8V29MOuKqS+vna6wGjhfwmUdat89PvcXgB1KuttQzVf7I9U6RpMzHbH0vqemFj\/Lmh+HcIUlgxcfSSqFvNzO0vzsCg2ARyZW2FdS17wr3Ev0GlrKc\/yvBquaOsMeT5\/lqBkWmjxF+6DRKIRBNWcBwasAnIMBog4iqM1OrW9RKHIAxSY6X0d8RC\/5\/vBvGaISxX\/Jt90NwmfUsPLLsvmBUlzoQpGuCPVExNmBJI8oGRigLfQZLaBjvuqm1PWX19xMKzra7JiswFsZQlUnyumGWmU8oXMqSlO51Ybwtk50OoHZKUaHg4hO4a2trUalXPqf08nIkedcneJeUYSCwpq1ovxW2k\/4glOxTjLLZvDhRwNkxLTrnKXgK+\/3mLeTO\/rIT9urW7+yx8GGdgm+PBJVU2Qz+pt8bHdYKh\/ukX+0BomJj\/3wijT3hcmqQy\/0U8SDMRUBmf1eAkrFt\/2YiJRd0Y4rkURIFPsHyu8C\/ZLMFMorEJ50MXKfHKV7cUuMO\/j2eYgQofQbRfhnhx5d2zxsd7uWvsolHCN675HUyIwSeeKf5TiOKWlcKl3Yd4eNIg+K6rCMTShlp\/HoFxnxb1OcnzX\/VGh38eczFKTSUKya0Iln\/NGH5wduacZbQs0fyEUA5sDMcIKlnMqFP+C+z+OZfFpN8a5aTSlwimf785Dwo9yUQY+5IW8WS0+xoCIhZtJ6fImcpp3ATH4Ng+eRWLEGEbhlC9bbh59Wf6WHqSD38PM9by21tKpALia3ssIiGpL52FO6wjunTeA7hDCAKuTk9zNlkNXbyEYNf9kVXov66Ges4GEwfC43qDvFiBr5XYvo+phi1icSx29Crj4G1uYoYPtF\/CIa0VSNqnyzPWNXreWuFWS\/eBki5rrIR5+fI8\/Osuo2Qr+jMf+UQrGdoZG1mcXjpqDwPMLIb\/DsB\/XscnsHVwT64ZhJbqT9cWOkRb0O5rGm3lieuz9U90M7oDH3iNxPPzqeaXIgd\/R1oqIiGMz5CSYJypVtyd5BFwqP7As0h5PHa6HgP+QVuxkQ+vBAaWxsc2UT\/s8zP31s9pqfqCZjtqTfewmTefdrDoS9c3Hh6VCySGlXFknpXxgEFb3CW9uJo9jk4vUWiDvic8oFl02fCs7L12MgSP3iTWPxFMn70Xb6j8MIFuWhRmczYzkg7PUqqoO2nS7vztmLRn5t\/2X+JwzbnETUu616oL2m3s2TI66qrJpeH\/5Sttpp4dcPFRPuGbdcfb5fvHhfaFq5pv2+gW3YXmG7E9bG++YQQ\/dwEDb\/+wB2sNN9SbIOTi1nTzI4S4Vym0AqeRpR27Y6X0WHzgHNr7S+F1Wn3cLReHFmYwNbg\/+nnxMkuJgCn2Aiu\/sI\/5UlITUSYv6iezugS1Pw2\/d9MdQIqd9L9UbbNEAy\/qj6h8t7NZ\/w693yT6Tid5TCcCO1oAN3HJzOhWQCQIwFcCfVpuREc2vjSrS4XAwMBeVLCCyylGbkyr7jZYWgs8CLnAXX6T\/TFTMmVU\/L9xIBnvx+mQhmeANuFYVEfZwfrJ\/Y+J\/GbSOvz1mMH+14iujJAZ9NRphzX7FOGRk2dgKYOZ87CXWaltMvMaO7vmQk="}
00815{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":58125,"pkt_caplen":349,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":349,"pkt_l4_len":315,"pkt":"kLkxKPrKxiwDYGpkCABFAAFPCssAAFQGIuofDVYzwKgCDAG7xUfuAxPVTpxvaoAYAHFcHAAAAQEICoeppfg0zgVgQ+tPBb7kaYYO+rR6biY\/FBVM+j2A0rn7l59uqzzwyz9IETm4Q4l0DthJst\/l6zOboAPQy9exfAgNfP4EZ\/JbGajAQUBkwZgWHP70oqgcBwGZOYSBtZdU+XnPK1CYTGKoUl\/Yzc05cVrQBp6CrIqx+GBKT+y1i7brTP5WCSjn\/vAJ\/FcB1EuL7kTLeoCNqFHmmSy\/qp\/xoqN4T8\/C9jO+UJF0ToXnckaSMUJB8MnrZLedBkrWQNra3UoTjAL0XqbBCsZHJzlsmm1fHKnLqz12zc2bjAKiYayUlVT+D66uNh0ZY4G5+q9PsIwxKP9+WOWGCQFZk1SIlpakKDWpO8rszSmIytVLOGl04AjQwxLmrghDKqHZj0l2FUMBSQ=="}
00424{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455690,"pkt_ts_usec":60632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGAtDAqAIMHw1WM8VHAbtOnG9q7gMT1YAQA\/VMDQAAAQEICjTOBXSHqaX4"}
@@ -62,12 +62,12 @@
00520{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455693,"pkt_ts_usec":315606,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"xiwDYGpkkLkxKPrKCABFAgB5AABAAEAGKYPAqAIMEfI8VMDKFGdIDzP+7pIeZYAYCADZwAAAAQEICjTOBFg8s01+FwMDAEC+4ca82mxfgqL0M+jKmHCJENEAGUWdgR0YVkDDwjAaHB0ws79emtobbKfA5f7P5v+FiwA6ZnqSa8M+APsSqNHf"}
00500{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455693,"pkt_ts_usec":340306,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"kLkxKPrKxiwDYGpkCABFAgBpTxwAADEGKXcR8jxUwKgCDBRnwMrukh5lSA80Q4AYAZkAkwAAAQEICjyzYXU0zgRYFwMDADDwCq2t8tv2Nubh7K7Zs7SXKW9oP5b\/dRRCT4JlE+XMfzbIWgBqJ9qCooLqBSPC2qE="}
00426{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455693,"pkt_ts_usec":353289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGKcrAqAIMEfI8VMDKFGdIDzRD7pIemoAQB\/8nUwAAAQEICjTOBMk8s2F1"}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455701309,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1561455688445,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455701309,"flow_last_seen":0,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00861{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455701,"pkt_ts_usec":309996,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxXcMAAEARlWjAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455701309,"flow_last_seen":0,"flow_tot_l4_data_len":349,"flow_min_l4_data_len":349,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1561455701309,"flow_last_seen":0,"flow_min_l4_payload_len":341,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":341,"flow_avg_l4_payload_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00858{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455701,"pkt_ts_usec":310940,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFvHu4AAEAR1D\/AqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455702980,"flow_last_seen":0,"flow_tot_l4_data_len":63,"flow_min_l4_data_len":63,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":63,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1561455702980,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00469{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455702,"pkt_ts_usec":980324,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"kLkxKPrKxiwDYGpkCABFAgBT1H4AAC8Gs3ARqy9VwKgCDAG7xUbop23K2+r6qYAYAEJmGwAAAQEICipMBbM0zcKkFQMDABo0yWx0nf4Y8Lruj7Xpo7KOiHQ6o5fprSXAlA=="}
00425{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455702,"pkt_ts_usec":981751,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA01H8AAC8Gs5ARqy9VwKgCDAG7xUbop23p2+r6qYARAEJXLQAAAQEICipMBbM0zcKk"}
00470{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455703,"pkt_ts_usec":144658,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"xiwDYGpkkLkxKPrKCABFAgBTAABAAEAGNu\/AqAIMEasvVcVGAbvb6vqp6KdtyoAYBACmYwAAAQEICjTOOFoqS5CDFQMDABoAAAAAAAAAAyfFNdvhqDfXGuNhDL9lpNkkKA=="}
@@ -76,39 +76,39 @@
00409{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455703,"pkt_ts_usec":149308,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkkLkxKPrKCABFAAAoAABAAEAGNxzAqAIMEasvVcVGAbvb6vqpAAAAAFAEAAAOlgAA"}
00409{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455703,"pkt_ts_usec":260399,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kLkxKPrKxiwDYGpkCABFAgAoq3IAAC8G3KcRqy9VwKgCDAG7xUbop23KAAAAAFAEAACOuAAA"}
00409{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455703,"pkt_ts_usec":262823,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kLkxKPrKxiwDYGpkCABFAAAoq3MAAC8G3KgRqy9VwKgCDAG7xUbop23KAAAAAFAEAACOuAAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00571{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455704,"pkt_ts_usec":556895,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/62DBiVgAcCABFAACa1ogAAP8Rp9yp\/qL07\/\/\/+sTQB2wAhsguTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00570{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455704,"pkt_ts_usec":557041,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6xiwDYGpkCABFAACadbUAAAERkPrAqAIB7\/\/\/+sTQB2wAhlJ4TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00513{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455705,"pkt_ts_usec":874172,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD7kLkxKPrKCABFAABNhSMAAP8RkszAqAIM4AAA+xTpFOkAOcRFAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00492{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455705,"pkt_ts_usec":874523,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5+sIAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00553{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1561455705874,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00462{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":881291,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD7kLkxKPrKCABFAABNdOIAAP8Row3AqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
00492{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":881597,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00566{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":912375,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00566{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":912436,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":912561,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1561455706912,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00566{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":912682,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":913062,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00566{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":913136,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00566{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":913639,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1561455706913,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00566{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":913891,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1561455706914,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1561455706914,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00567{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":914378,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1561455706914,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1561455706914,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00567{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":914597,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
00454{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":925823,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="}
00454{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":925951,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="}
@@ -116,23 +116,23 @@
00455{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":942065,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABISQ8AAFER\/sCd8MEwwKgCDA2W3AgANNxIAQMAGCESpEKmZ0918K0sABMVszoAIAAIAAHthnGmBnJAAgAIAAABa44DQz0="}
00454{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":942143,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIdjQAAFMRu0+zPMAwwKgCDA2W3AgANMf9AQMAGCESpEKmZ0918K0sABMVszwAIAAIAAHthnGmBnJAAgAIAAABa44DQzo="}
00454{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":945445,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIKZAAAFMR6fC5PNgzwKgCDA2W3AgANKn2AQMAGCESpEKmZ0918K0sABMVszgAIAAIAAHthnGmBnJAAgAIAAABa44DQ0I="}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00586{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455706,"pkt_ts_usec":979952,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClm6MAAAIRafbAqAIM7\/\/\/+vzMB2wAkbYGTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1561455707435,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1561455707435,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":435698,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkkLkxKPrKCABFAAA+06QAAP8RYqzAqAIMwKgCAeyFADUAKgBWfx8BAAABAAAAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1561455707435,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":232,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1561455707435,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00497{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":470289,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"kLkxKPrKxiwDYGpkCABFAABnIjoAAEAR0u7AqAIBwKgCDAA17IUAUyY\/fx+BgAABAAIAAAAAA3Bwcwh3aGF0c2FwcANuZXQAAAEAAcAMAAUAAQAACz4ADQZtbXgtZHMDY2RuwBDALgABAAEAAAA+AASd8BQ0"}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_tot_l4_data_len":125,"flow_min_l4_data_len":42,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1561455707474,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"pps.whatsapp.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"157.240.20.52"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1561455707474,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":474558,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkkLkxKPrKCABFAABAAABAAEAGxd\/AqAIMnfAUNMVIAbt68MpNAAAAALDC\/\/823wAAAgQFtAEDAwcBAQgKNM5JcwAAAAAEAgAA"}
00438{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":511792,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kLkxKPrKxiwDYGpkCABFAAA8AAAAAFMG8uOd8BQ0wKgCDAG7xUi7sKeEevDKTqASbHBlBQAAAgQFeAQCCAq1oF6CNM5JcwEDAwg="}
00426{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":513528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MpOu7CnhYAQBAb72QAAAQEICjTOSZq1oF6C"}
01125{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":524675,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"xiwDYGpkkLkxKPrKCABFAAI5AABAAEAGw+bAqAIMnfAUNMVIAbt68MpOu7CnhYAYBAZ\/fQAAAQEICjTOSaW1oF6CFgMBAgABAAH8AwOH9qQ7+yKL4tunVBajRAEMZcD0LnYn0chkBCJ8V\/W5wSAyZRitQuT5VUG0rd7O73q87mICh7P83OWE866NlPwORwA0EwMTARMCwCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUAL8AIwBIACgEAAX\/\/AQABAAAAABUAEwAAEHBwcy53aGF0c2FwcC5uZXQAFwAAAA0AGAAWBAMIBAQBBQMCAwgFCAUFAQgGBgECAQAFAAUBAAAAADN0AAAAEgAAABAAMAAuAmgyBWgyLTE2BWgyLTE1BWgyLTE0CHNwZHkvMy4xBnNwZHkvMwhodHRwLzEuMQALAAIBAAAzACYAJAAdACCprT1zqPKQIzBBlpj9bMg6Glq9UTNfNHVaZHTwErUpPQAtAAIBAQArAAkIAwQDAwMCAwEACgAKAAgAHQAXABgAGQAVAKcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00826{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00837{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1561455707474,"flow_last_seen":1561455707524,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00426{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":563261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0dcMAAFMGfSid8BQ0wKgCDAG7xUi7sKeFevDMU4AQAHH9LAAAAQEICrWgXrQ0zkml"}
02312{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":564246,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgdcQAAFMGd7ud8BQ0wKgCDAG7xUi7sKeFevDMU4AQAHGGewAAAQEICrWgXrU0zkmlFgMDAHoCAAB2AwMbx5jBGb9jcCzBGUQ2GMGdlhFJYVgwhAtq9mprqxqF\/yAyZRitQuT5VUG0rd7O73q87mICh7P83OWE866NlPwORxMDAAAuACsAAgMEADMAJAAdACAF0w\/BCchYjQXH0p24J+drYANuzZKMrwmpXqGgk9u+ORQDAwABARcDAwP5Wgc6PlzggHpkX\/Wp3TjSh81P9nq\/cgpyzztKepHa2x0WuXpEEE6\/TaYKZRsB+rmN2uK3HCd7OVUb349mJqWppsEe8SisLNHSu\/nUO8WB7bzsfYPl3aMXthvoitQgE0UmMUWIoXMBLUfQIUtMAKU4BFkiPuHJZjGaSQDxdrVRpivPacK9nOW4iR5KSvOsgfUAGhKLYiY9Ccry4ZifOXhLDIhiKVuBcM3Ix951JM6P8x5aUyAOHA3fPlCLX5nCsFTvNC+hCyzzMnMaI2UWNKaEQB8ndd2tbVgAmocYxYzE8fR1b5W\/wzuCZNLZq7Z7HBbI0LpCj8oQ6JCH8E1nVUkRZq0nuZ2FoGUb57XzI9FQBbaXi3suCKMMFBr\/0FnR25AHpb1tGd2H4\/5q\/sgRktqp8m9jvlEenub5qq7rEh4lN3A7IiR2AW0o0WUUx8rJgSWjubComFH6D5hgE3m7ulcWnWqFMsgUTjMcNbKGV8fsxFt3pJiOyLW5BJmELDfa6YJ1eHZwsCYQDRO\/wzMJxF4+2CwBKOOvM+5KmResBNV7qITOLPTgHB4h8zVoLSi6E1T1O6Z9I5RIZGA4IZQc1bZL2weaABYAsYDFG4Z2xAh0nLj0wjd+Bl1MBfpQujwQ\/Npc1S\/cySvfzUsrWEX62FKj3UL7ydnl4mVJ867bpLqt1R9kBYa4lV\/2cVJbA\/ocMchGWSbbc\/jeFjba+w1GvP09HqxcQOdh0RvcA0BS4bksi+2FIspWCmaxX+cBiac6aGWZRIpzi1kwHh9tEJ1+2rYTD2kZhDMHnm8btagZ2km4n+cQt3ROGP9WWDqn+Mtk6+J\/uVZBGyY2I19wNJhyqCXimK8g5vQBsDEfOgtIjYu5C6691HKp7FsGB345l2K7UWWdaxjO86z0qY\/l6bV1QYnE7qo66gQVuq8wZ8mBCkwGdv0TGJV5fyWjsgItJPSTwL348ueshJTVZwVh\/v02bD9vlQWKsW2FStVdX65ObcqK98vKBReUHEJ9ljd5gXQFo8yqk7rPIRS3JPjl\/RZ1ueTxaVlhe081OyhIL8Knd778BCvILNovjkblr3P\/1UGTyKJwqsmR5+Qxw6BQY6+s6a59teOEM1p1hKZOcmb1A5U6msol8YqzRKIFfKVRBiAnSt2OK6mOgfGPVxjdEQh\/IJfmhdKcFo3Q3kMDFFSJlYTjHDHsZXEHDAlbCqGE1hE58HI\/NTtyOSexy5S3DYFe+e4aNjmUCAPu2jURxDm9syYeh+U0oH3GdENWJaEfffChV79watWewc8iW6MzIH86BXgQh4pA4v8HEdmACRx9y0HekCk10Ug30hW+6c2hgiubhKmJsufPoTxjrS7GFwMDBe2DHr\/1kMH5l1XQwxZeXEDYnDeEfIueLGATGtt89ZkPGhOZJlvBAR5Q1UIDf5FMrQLXLcRS6HgfPDtH5nHr9Hc9UCSB1E5Ud96TSZjnp\/QlN4BuWCLTEpvOMEsBfUtYapucnAP9NE6KzfW7CqwCrsZ8G9gC1U2\/LcSa46G\/YT1Je9NrDnrT8ZB\/c1hsR4Rs91GzmBH8XbmsjWW1T2Snefipgf+Mvd46Jl+V1R6Kg+hDAxvmhHgr+WTZ3eXaVEGyXq5nlOpV2QIwBoS5xwKL8Amb58h1uyuaoh6xVrEsXZwtl7rluLE="}
-00873{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_tot_l4_data_len":2117,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":352,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
+00884{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":253,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1561455707474,"flow_last_seen":1561455707564,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1905,"flow_avg_l4_payload_len":317,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"},"tls": {"version":"TLSv1.3","client_requested_server_name":"pps.whatsapp.net","ja3":"7a7a639628f0fe5c7e057628a5bbec5a","ja3s":"475c9302dc42b2751db9edcac3b74891","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
02312{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":564349,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"pkt":"kLkxKPrKxiwDYGpkCABFAAWgdcUAAFMGd7qd8BQ0wKgCDAG7xUi7sKzxevDMU4AQAHF7pAAAAQEICrWgXrU0zkmlejRqAJioVLdT2hau9bYSUyuFDEda\/yzX0NIqqPJZ+H5Rq6r7w1TrNMnWyPFYdEpkmegKe9ow7EdvV3kdazcUTZDfmR96bX6gDR4vrYvrD6xuljqnssQurW0ELu9mP3vGK1\/TAMAqpqvO8uMK3vXyIWXmB6TE44a8Hwg+KllMFuDA5GATShGRThKiI5TBlmif1RiPS2GP6UbdvFNPC7HrwfieHSssAqvmIBz7exrX\/vKMUf651jtFEKywKCmeo6xUv8MfShAN4EnMiRf6aK6v7ZqA+I6GBLKUiHwT1kkmJ06uD50BcjCmVhhp0o+Ar7u+68\/PV709hrFess9Ij9YyA4V6Qo5AYXwmaqHJKdFEkunhlU2F6NZRbyfH+4wJXGpOGH\/SguMF3DK2mtBaHg5H0NbkZZ4ypHqHERd+KycK\/rr0VIfhGpp8q3NAwo8IqhPx4igY1ahxhBe\/KtvvllJHcs3i9aBPjXqJWNKXf3nV8SDom6iPMs7tLmgOtoqy8VsjiNsFzBpd2QUkrSzRDv6mfTfQkgwPtvqpp+7ffwZVTxcx8fCjvU8\/rbKAdevDvEOFkiK72Z\/d+u\/YSq6m4QLx9WU9ymOrmKBARvbljXz8YzuidwTQ6Cw3OtlpDMcS1Pq8GelLxbyudKswbltPw3o1P4o\/I8qDmuxvB9LLHn5n\/SL\/VmO8kCRlf8fE5nrUteTz3Pm9W0Potq1Sg+IXY6EgUYRlfmux+4NphRbQ9mdB0U85VcaViW6ONh\/pU4N2R6\/+j+xp01lNa1vLRiEwbbmz5tJrtg9HjN+ztprlnR3Ul6yWO2FzmYtrt\/u5Mq6F7uTt2pvvJdGJbWKnJxh93Fc2b8hlipfeWdlxz6IbEBsqjRKgknqBcN0OE5V5K2WVKkE0sRrQSG7V4FIcsxLHphzavbIqEALk5ddZX6nMLh2y8xnLjkSg29SoYpU53hfbqg8fULpzr8Vbc5y5PV8cVIDCFbUz7SaNKrn9eR3i+3j7UOuUAJu9RFpZRMh2M73z3MXvVZgSHWm6gN4LX14CUjRRAHmYfynPw41yLhq2wnOe8FEOYC1pbyPAkHuh344Ip8BQWnmMUnAP2wA0Xqp8vFrCUnSg6BYMSruIl5R3N3EpT7ICwpc5HnaouGdZrmYfH57ZE\/5OifqAjhSgZIX0Oonbr\/T01ifh7YQ3KmwVR6Mc9sCyMwy9+qfmX0VoIxlmLpKKnLI4GSM1ID1Z4bgfF7dEvtLMfZSn1V+R2deUZ09iT9NNj2sm\/pO\/Ctye+\/ct4D5aZNDr9OIWMM38f4Rn6ncimz5An2YiwRC9C2qI7eRaS866asjZhfSx3ouq6lEbcuG6T6rTnfzWrIYYW3FHpS7jFnNIhqrNnXyBdF3rBd78ZAsGkDAg9nwQHcZ0HBEtDo\/UR\/lyQfVemHjEDT2Y\/wTjymiT+eFqWGBi2BPUj19UoKJ1AGRVIytRe5fNSizcpBZN48OCi+em6tRAa58zyimtkovictvSvf3tD50wCPRetmAqHlqT4w0nZCQZtDxU3X58GR+JnalzVrjbR946pnFTa3UkBybCIxSPuHnI0tM3gDjcSwVrMoNXwKXBWMW6FNuj\/kNb1vvktUE1JBX\/URFIgQHcZpM\/8xdAMi+DLhxPG+UC8QHrIRvyyjBZuyKgzmRn8wvZ278v2dU0XU6jLpKRY+Pw6Or1ILBMmo4AMl6lFpeMGCvc5ynguPkXAwMBd6mhNcGPiGqGcNJf+Pii+9veURQADUq4dPbeM+BaCgTsYR6icEaeS2lGPqcO731jCUPY0Z+Knyi4\/VKoasOJit9Otql7o4CXgpar3EWINRIocUj6TE8TNQVNPUEHjBo="}
00810{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":564360,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"pkt":"kLkxKPrKxiwDYGpkCABFAAFNdcYAAFMGfAyd8BQ0wKgCDAG7xUi7sLJdevDMU4AYAHFTSgAAAQEICrWgXrU0zkml5zGLy\/oEoBGgPp+20oYTdRbGGCQwcGAMejnilyxMHL20VT9oxBg95ndZSSGo71EKRsLo1vdIfV7O0KFrW9033v\/9gq+tBriLEja4OqKGjamZtho7f1mcl5wnpUA8jrc7uIw1kCZct18NW+LPaB0UmsxgbGiupXJrXMDc8RSvdsz2D8\/ZKsLxzNErtQNJcccu3nfXtJ8ut82FM5VdhqxLel4fzcWEi2TGS+0Ejt79bCaIO8nbvqLxoEGyq5Uq2sfwLt30LogVS5Mu0t0iDZQRFj4P1V7KlQBDYWix83FCfgwmoSDQm77Ko3x6OJrkbi2SjIW0mgRX7K8x\/Em\/jhoUiUDkm6r60EqzcBINyulVSVZ4164kmFHqcCM="}
00427{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":567480,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGxevAqAIMnfAUNMVIAbt68MxTu7CyXYAQA\/XupQAAAQEICjTOSc+1oF61"}
@@ -142,14 +142,14 @@
00490{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":606412,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"xiwDYGpkkLkxKPrKCABFAABfAABAAEAGxcDAqAIMnfAUNMVIAbt68MzBu7CzdoAYBAD\/jgAAAQEICjTOSfW1oF61FwMDACZtUduoJYEf+ZWhUFkQfOfYGtpw60XmMytwsRSfDQQjPENZ2yHjBQ=="}
00478{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":606628,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"xiwDYGpkkLkxKPrKCABFAABXAABAAEAGxcjAqAIMnfAUNMVIAbt68Mzsu7CzdoAYBADQRwAAAQEICjTOSfW1oF61FwMDAB4Z4BblH1ByvtHn+qZInbC8B686Vq\/E8xdP1hQbe1Q="}
00690{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455707,"pkt_ts_usec":606927,"pkt_caplen":258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":258,"pkt_l4_len":224,"pkt":"xiwDYGpkkLkxKPrKCABFAAD0AABAAEAGxSvAqAIMnfAUNMVIAbt68M0Pu7CzdoAYBAD\/YQAAAQEICjTOSfW1oF61FwMDALtsmsCPLEdWtcfRqj0ukvCNtl7zvbxOXZXaMcCzxQGKFgt1U6hq4D2WUasBKSQiPfBdQJBK4EOB1gqL1toC6baPy75XysKWyktW7gw7k+0Q2B4aOr19VB0nqiglJSvuZfjhXFj9gz5NT4CfYSQiykOi8XjR4PH62\/TKowBKYr\/vDOUMQswnc3YHL2rxTjloG4+pJxxpP+26TPM0qX9wf8asvQiXnNqOyUF20eGFS8pbrko\/tGp5kSK2a94A"}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1561455704556,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.162.244","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1561455706979,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1561455704557,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"239.255.255.250","src_port":50384,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00462{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455709,"pkt_ts_usec":888553,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD7kLkxKPrKCABFAABNP9UAAP8R2BrAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
00492{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455709,"pkt_ts_usec":890098,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1561455709984,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1561455709984,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455709,"pkt_ts_usec":984212,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"pkt":"AQBef\/\/6kLkxKPrKCABFAACggMsAAAIRhNPAqAIM7\/\/\/+vzMB2wAjOY9TS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTklQQ29ubmVjdGlvbjoxDQpNQU46ICJzc2RwOmRpc2NvdmVyIg0KTVg6IDMNCg0K"}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1561455709984,"flow_last_seen":0,"flow_tot_l4_data_len":140,"flow_min_l4_data_len":140,"flow_max_l4_data_len":140,"flow_avg_l4_data_len":140,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1561455709984,"flow_last_seen":0,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":132,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
00581{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455713,"pkt_ts_usec":15065,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"pkt":"AQBef\/\/6kLkxKPrKCABFAAChffAAAAIRh63AqAIM7\/\/\/+vzMB2wAjYZETS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpzZXJ2aWNlOldBTlBQUENvbm5lY3Rpb246MQ0KTUFOOiAic3NkcDpkaXNjb3ZlciINCk1YOiAzDQoNCg=="}
00537{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455716,"pkt_ts_usec":20462,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"pkt":"AQBef\/\/6kLkxKPrKCABFAACBk7cAAAIRcgbAqAIM7\/\/\/+vzMB2wAbSFSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cG5wOnJvb3RkZXZpY2UNCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
00462{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455718,"pkt_ts_usec":911851,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD7kLkxKPrKCABFAABNWGMAAP8Rv4zAqAIM4AAA+xTpFOkAOUTGAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAwAAQhfYWlycGxhecASAAwAAQ=="}
@@ -178,28 +178,28 @@
00454{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455719,"pkt_ts_usec":248009,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIN+YAAFMR25q5PNgzwKgCDA2W3AgANHnhAQMAGCESpEKmZ0918K0sABMVs0MAIAAIAAHthnGmBnJAAgAIAAABa44Dc0w="}
00403{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455719,"pkt_ts_usec":319676,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"pkt":"xiwDYGpkkLkxKPrKCABFAAAih78AAEARuxrAqAIMHw1WMNwIDZYADqAHaGVhbHRo"}
00399{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455719,"pkt_ts_usec":331922,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"pkt":"kLkxKPrKxiwDYGpkCABFAAAeO2sAAFQR83IfDVYwwKgCDA2W3AgACo7+T0s="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1561455721320,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1561455721320,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00811{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455721,"pkt_ts_usec":320417,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqQAAP8RHAEAAAAA\/\/\/\/\/wBEAEMBNNuDAQEGAH5K8tcAAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1561455721320,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
+00573{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1561455721320,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46"}}
00403{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455722,"pkt_ts_usec":362940,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"pkt":"xiwDYGpkkLkxKPrKCABFAAAi46wAAEARXy3AqAIMHw1WMNwIDZYADqAHaGVhbHRo"}
00399{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455722,"pkt_ts_usec":380824,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"pkt":"kLkxKPrKxiwDYGpkCABFAAAePgMAAFQR8NofDVYwwKgCDA2W3AgACo7+T0s="}
00811{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455722,"pkt_ts_usec":541136,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqUAAP8RHAAAAAAA\/\/\/\/\/wBEAEMBNNuCAQEGAH5K8tcAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00812{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455724,"pkt_ts_usec":934690,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqYAAP8RG\/8AAAAA\/\/\/\/\/wBEAEMBNNuAAQEGAH5K8tcAAwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00403{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455725,"pkt_ts_usec":463865,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":48,"pkt_l4_len":14,"pkt":"xiwDYGpkkLkxKPrKCABFAAAixzsAAEARe57AqAIMHw1WMNwIDZYADqAHaGVhbHRo"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455726,"pkt_ts_usec":442435,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIUlcAAEARof3AqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
00812{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455729,"pkt_ts_usec":803232,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1561455730495,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1561455730495,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455730,"pkt_ts_usec":495456,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="}
-00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1561455730495,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00588{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1561455730495,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00456{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":73692,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1561455726442,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00861{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":356183,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="}
00857{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":356928,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1561455731665,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1561455731665,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":665769,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="}
-00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1561455731665,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1561455731665,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00457{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":697327,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="}
00455{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":699179,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="}
00457{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455731,"pkt_ts_usec":771636,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="}
@@ -229,11 +229,11 @@
00428{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455737,"pkt_ts_usec":155479,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkkLkxKPrKCABFAAA0AABAAEAGKcrAqAIMEfI8VMDKFGdIDzsY7pIez4AQB\/\/KXAAAAQEICjTOr488tAya"}
00457{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455737,"pkt_ts_usec":290531,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABIaUoAAEAR\/yrAqAIMATxOQNwI+xoANFOWAAEAGCESpEJEp04wqayhNgpwqhcACAAUjz2kl+dJJZ\/5pJmfYUQPx33hp98="}
00581{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455737,"pkt_ts_usec":893179,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"AQBeAAD7kLkxKPrKCABFAACmf9YAAP8Rl8DAqAIM4AAA+xTpFOkAklETAAAAAAAFAAEAAAAACF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAEFX3Jhb3DAFQAMAAEIX2FpcnBsYXnAFQAMAAHAJQAMAAEAAA2VABANTHVjYeKAmXMgaU1hY8Al"}
-00569{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_tot_l4_data_len":374,"flow_min_l4_data_len":57,"flow_max_l4_data_len":146,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00581{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":632,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00613{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455737,"pkt_ts_usec":895397,"pkt_caplen":200,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":200,"pkt_l4_len":146,"pkt":"MzMAAAD7kLkxKPrKht1gDagnAJIR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QCSh5AAAAAAAAUAAQAAAAAIX2hvbWVraXQEX3RjcAVsb2NhbAAADAABD19jb21wYW5pb24tbGlua8AVAAwAAQxfc2xlZXAtcHJveHkEX3VkcMAaAAwAAQVfcmFvcMAVAAwAAQhfYWlycGxhecAVAAwAAcAlAAwAAQAADZUAEA1MdWNh4oCZcyBpTWFjwCU="}
-00578{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_tot_l4_data_len":374,"flow_min_l4_data_len":57,"flow_max_l4_data_len":146,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
+00590{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":633,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_homekit._tcp.local"}}
00455{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455737,"pkt_ts_usec":912653,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABI3cwAAEARiqjAqAIMATxOQNwI+xoANNKMAAEAGCESpELCmPpdxscpAaqNI2UACAAUdLiw0j82TxziQLO4s52BG1yXKEE="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1561455738163,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1561455738163,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":640,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455738,"pkt_ts_usec":163757,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"2DBiVgAckLkxKPrKCABFAAAok2wAAP8GGLzAqAIMqf6i9MDIwAcC6LXACBPPY1AQCAWHOAAA"}
00427{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455738,"pkt_ts_usec":163886,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKxiwDYGpkCABFAAA0AAAAAP8GrByp\/qL0wKgCDMAHwMgIE89jAui1wYAQEABYwQAAAQEIChqjwVI0zNyh"}
00455{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455738,"pkt_ts_usec":534250,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkkLkxKPrKCABFAABI0+QAAEARlJDAqAIMATxOQNwI+xoANEP+AAEAGCESpEIyor5B+F8OHsEYQ28ACAAUnFfgVJ84tg8AhKdl6pcQPBXzhho="}
@@ -245,45 +245,45 @@
00566{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":419902,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACayvEAAEARjYzAqAIMnfDBMNwIDZYAhh8rCAAAaiESpEKmZ0918K0sABMVs1BAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
00566{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":711,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":420295,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACar8UAAEARlGzAqAIMszzAMNwIDZYAhgreCAAAaiESpEKmZ0918K0sABMVs1FAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
00566{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":712,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":420615,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkkLkxKPrKCABFAACa9WkAAEARYAbAqAIMnfDEPtwIDZYAhhwbCAAAaiESpEKmZ0918K0sABMVs1JAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00587{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":430274,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClZnoAAAIRnx\/AqAIM7\/\/\/+sQPB2wAke7DTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":713,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00586{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":432427,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"AQBef\/\/6kLkxKPrKCABFAAClgs4AAAIRgsvAqAIM7\/\/\/+uDKB2wAkdIITS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANClNUOiB1cm46c2NoZW1hcy11cG5wLW9yZzpkZXZpY2U6SW50ZXJuZXRHYXRld2F5RGV2aWNlOjENCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMw0KDQo="}
-00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1561455741484,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":714,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1561455741484,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455741,"pkt_ts_usec":484694,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4hv4AAEABnOPAqAIMW\/w4MwMDoFgAAAAARQAA73IeAAAxEb\/8W\/w4M8CoAgx\/wNwIANsAAA=="}
-00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1561455741484,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":718,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455741680,"flow_tot_l4_data_len":29222,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455741680,"flow_tot_l4_data_len":29222,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00484{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":716,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1561455741484,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00538{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":718,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455741680,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":20946,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455741680,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":20946,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
00437{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455742,"pkt_ts_usec":405584,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4TCgAAEAB17nAqAIMW\/w4MwMDoOEAAAAARQAAZumbAAAxEUkIW\/w4M8CoAgx\/wNwIAFIAAA=="}
00437{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455742,"pkt_ts_usec":405951,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4HrIAAEABBTDAqAIMW\/w4MwMDoOEAAAAARQAAZp1RAAAxEZVSW\/w4M8CoAgx\/wNwIAFIAAA=="}
00437{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"wa_voice.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1561455742,"pkt_ts_usec":405963,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkkLkxKPrKCABFAAA4twoAAEABbNfAqAIMW\/w4MwMDoOEAAAAARQAAZq9YAAAxEYNLW\/w4M8CoAgx\/wNwIAFIAAA=="}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_tot_l4_data_len":7191,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":299,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":26,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_tot_l4_data_len":44650,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":525,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_tot_l4_data_len":1540,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_tot_l4_data_len":26358,"flow_min_l4_data_len":34,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":160,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_tot_l4_data_len":126,"flow_min_l4_data_len":55,"flow_max_l4_data_len":71,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_tot_l4_data_len":374,"flow_min_l4_data_len":57,"flow_max_l4_data_len":146,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_tot_l4_data_len":1392,"flow_min_l4_data_len":347,"flow_max_l4_data_len":349,"flow_avg_l4_data_len":348,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":40,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_tot_l4_data_len":270,"flow_min_l4_data_len":20,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_tot_l4_data_len":270,"flow_min_l4_data_len":20,"flow_max_l4_data_len":63,"flow_avg_l4_data_len":33,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_tot_l4_data_len":374,"flow_min_l4_data_len":57,"flow_max_l4_data_len":146,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_tot_l4_data_len":832,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_tot_l4_data_len":23052,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":461,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1561455709984,"flow_last_seen":1561455716020,"flow_tot_l4_data_len":390,"flow_min_l4_data_len":109,"flow_max_l4_data_len":141,"flow_avg_l4_data_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_tot_l4_data_len":144,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_tot_l4_data_len":125,"flow_min_l4_data_len":42,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_tot_l4_data_len":29222,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1420,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_tot_l4_data_len":119,"flow_min_l4_data_len":40,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_tot_l4_data_len":826,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":103,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_tot_l4_data_len":4351,"flow_min_l4_data_len":10,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":88,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1561455688201,"flow_last_seen":1561455742310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6423,"flow_avg_l4_payload_len":267,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"17.242.60.84","src_port":49354,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_first_seen":1561455738163,"flow_last_seen":1561455738163,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":85,"flow_first_seen":1561455707474,"flow_last_seen":1561455707887,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":41946,"flow_avg_l4_payload_len":493,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1561455721320,"flow_last_seen":1561455738622,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1500,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":164,"flow_first_seen":1561455730495,"flow_last_seen":1561455742404,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":25046,"flow_avg_l4_payload_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1561455741432,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_first_seen":1561455689728,"flow_last_seen":1561455689761,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737895,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1561455701309,"flow_last_seen":1561455731356,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":341,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":340,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_first_seen":1561455687942,"flow_last_seen":1561455687944,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1561455702980,"flow_last_seen":1561455703262,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":7,"midstream":1,"l3_proto":"ip4","src_ip":"17.171.47.85","dst_ip":"192.168.2.12","src_port":443,"dst_port":50502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1561455706914,"flow_last_seen":1561455741420,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741419,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_first_seen":1561455705874,"flow_last_seen":1561455737893,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":138,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":16,"flow_first_seen":1561455731665,"flow_last_seen":1561455741046,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":704,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1561455741430,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":50,"flow_first_seen":1561455689909,"flow_last_seen":1561455690302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":21432,"flow_avg_l4_payload_len":428,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1561455709984,"flow_last_seen":1561455716020,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":366,"flow_avg_l4_payload_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1561455741484,"flow_last_seen":1561455742405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1561455707435,"flow_last_seen":1561455707470,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":75,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60549,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":255,"flow_first_seen":1561455688704,"flow_last_seen":1561455743434,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":20946,"flow_avg_l4_payload_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1561455706913,"flow_last_seen":1561455741420,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00129{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test"}
diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out
index 00a117b6a..9c164a3fe 100644
--- a/test/results/waze.pcap.out
+++ b/test/results/waze.pcap.out
@@ -1,56 +1,56 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"waze.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1435587866603,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1435587866603,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587866,"pkt_ts_usec":603221,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
00456{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":103902,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
-00465{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1435587867443,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1435587867443,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":443555,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ABoRAAACABoRAAABCABFAABMAABAAEARHHkKCAAByFlLxrSGAHsAOIB9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANk705txaHKW"}
-00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1435587867443,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00507{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1435587867443,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
00451{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":753906,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"ABoRAAACABoRAAABCABFAABMdHBAABAR2AjIWUvGCggAAQB7tIYAOEf+HAIA7AAAAUgAAAbvyDaVGNk70ieZS5oL2TvTm3FocpbZO9ObncvLHNk705ud0JHn"}
-00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1435587867755,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1435587867755,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":755556,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8zNlAAEAGoisKCAABQSeAh9aDAFDjx6dUAAAAAKAC\/\/+uwgAAAgQFtAQCCAoACGuNAAAAAAEDAwg="}
00405{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":759303,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHFAABAGKqhBJ4CHCggAAQBQ1oMcOFir48enVVAS\/\/8NRwAA"}
00405{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":759471,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAozNpAAEAGoj4KCAABQSeAh9aDAFDjx6dVHDhYrFAQ\/\/8NSAAA"}
00760{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":781306,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":317,"pkt_l4_len":283,"pkt":"ABoRAAACABoRAAABCABFAAEvzNtAAEAGoTYKCAABQSeAh9aDAFDjx6dVHDhYrFAY\/\/9cJAAAR0VUIC94dHJhMi5iaW4gSFRUUC8xLjENCkFjY2VwdDogKi8qLCBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlLCBhcHBsaWNhdGlvbi92bmQud2FwLnNpYw0KeC13YXAtcHJvZmlsZTogaHR0cDovL3d3dy5vcGVubW9iaWxlYWxsaWFuY2Uub3JnL3RlY2gvcHJvZmlsZXMvVUFQUk9GL2NjcHBzY2hlbWEtMjAwMjEyMTIjDQpIb3N0OiB4dHJhMS5ncHNvbmV4dHJhLm5ldA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KVXNlci1BZ2VudDogQW5kcm9pZA0KDQo="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_tot_l4_data_len":363,"flow_min_l4_data_len":20,"flow_max_l4_data_len":283,"flow_avg_l4_data_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1435587867755,"flow_last_seen":1435587867781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":0,"content_type":"","user_agent":"Android"}}
00405{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587867,"pkt_ts_usec":781675,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHJAABAGKqdBJ4CHCggAAQBQ1oMcOFis48eoXFAQ\/\/8MQQAA"}
00457{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":123896,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNMsNAAEAGQsQKECWdriXnUaUQFGaA18okWhY9doAYAVcnqgAAAQEICgAIa9FBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1435587868632,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1435587868632,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":632030,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA814xAAEAGPpQKCAABNubjrLHZAFCatruPAAAAAKAC\/\/+u6AAAAgQFtAQCCAoACGwDAAAAAAEDAwg="}
00407{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":633828,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHNAABAG0cE25uOsCggAAQBQsdllSURwmra7kFAS\/\/\/ZDAAA"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1435587868634,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1435587868634,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":634159,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8jYZAAEAGx0MKCAABLjOtto0EAbvOcuGFAAAAAKAC\/\/+3SQAAAgQFtAQCCAoACGwDAAAAAAEDAwg="}
00406{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":635389,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHRAABAGEGouM622CggAAQG7jQQxjR56znLhhlAS\/\/87IAAA"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1435587868635,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1435587868635,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":635666,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8H6lAAEAGNSEKCAABLjOtto0GAbtbbHOtAAAAAKAC\/\/+YJQAAAgQFtAQCCAoACGwEAAAAAAEDAwg="}
00406{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":644726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHVAABAGEGkuM622CggAAQG7jQakk4xSW2xzrlAS\/\/87HgAA"}
00407{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":644889,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo141AAEAGPqcKCAABNubjrLHZAFCatruQZUlEcVAQ\/\/\/ZDQAA"}
00406{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":645018,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAojYdAAEAGx1YKCAABLjOtto0EAbvOcuGGMY0ee1AQ\/\/87IQAA"}
00406{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":645125,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoH6pAAEAGNTQKCAABLjOtto0GAbtbbHOupJOMU1AQ\/\/87HwAA"}
00521{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":906825,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"pkt":"ABoRAAACABoRAAABCABFAAB7145AAEAGPlMKCAABNubjrLHZAFCatruQZUlEcVAY\/\/9jcwAAR0VUIC9pbWFnZXMvSEQvQ0gyLnBuZyBIVFRQLzEuMA0KSG9zdDogcm9hZHNoaWVsZHMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQo="}
-00659{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":20,"flow_max_l4_data_len":103,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00668{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1435587868632,"flow_last_seen":1435587868906,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":83,"flow_tot_l4_payload_len":83,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/images\/HD\/CH2.png","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00407{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":908213,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHZAABAG0b425uOsCggAAQBQsdllSURxmra741AQ\/\/\/YugAA"}
00411{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":910657,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAq149AAEAGPqMKCAABNubjrLHZAFCatrvjZUlEcVAY\/\/\/LpgAADQo="}
00407{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":912005,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHdAABAG0b025uOsCggAAQBQsdllSURxmra75VAQ\/\/\/YuAAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1435587868996,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1435587868996,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":996463,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8cVdAAEAGm2kKCAABrcJ2MI7pAburox1\/AAAAAKAC\/\/9UDAAAAgQFtAQCCAoACGwoAAAAAAEDAwg="}
00407{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587868,"pkt_ts_usec":998782,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHhAABAGyFytwnYwCggAAQG7julUXOKAq6MdgFAS\/\/\/xMQAA"}
00405{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":2019,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAocVhAAEAGm3wKCAABrcJ2MI7pAburox2AVFzigVAQ\/\/\/xMgAA"}
00654{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":2239,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADejYhAAEAGxp8KCAABLjOtto0EAbvOcuGGMY0ee1AY\/\/+QzQAAFgMBALEBAACtAwFksj7uK\/R43HfLeC3YagY+KKYMl8Gp\/0RLJxa1HLl7kwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1435587868634,"flow_last_seen":1435587869002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00404{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":2486,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHlAABAGEGUuM622CggAAQG7jQQxjR57znLiPFAQ\/\/86awAA"}
02241{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":3560,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdHpAABAGzGI25uOsCggAAQBQsdllSURxmra75VAQ\/\/\/H7wAASFRUUC8xLjEgMjAwIE9LDQpDb250ZW50LVR5cGU6IGltYWdlL3BuZw0KQ29udGVudC1MZW5ndGg6IDI1MzINCkNvbm5lY3Rpb246IGNsb3NlDQpEYXRlOiBUaHUsIDEyIE1hciAyMDE1IDA5OjUyOjU4IEdNVA0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0zMDANCkxhc3QtTW9kaWZpZWQ6IFRodSwgMTIgTWFyIDIwMTUgMDk6MjM6MTggR01UDQpFVGFnOiAiYzM2NzQ1ZmI3NzAxYjVkNGQ1ZDA5Y2VlZGZiYzhjNTgiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KU2VydmVyOiBBbWF6b25TMw0KQWdlOiAxMTQNClgtQ2FjaGU6IEhpdCBmcm9tIGNsb3VkZnJvbnQNClZpYTogMS4xIDNhYmVlYTllZjQ2MWM2OGYzYTE1NGEyZmY2ZjQwMjc1LmNsb3VkZnJvbnQubmV0IChDbG91ZEZyb250KQ0KWC1BbXotQ2YtSWQ6IDJQV18wWXNBVDZTNFgzMjZMUmFqR28wNDBVaDJoVktaSElsUE1vWHlFNTVReGk1ZlZiUVFSZz09DQoNCv\/Y\/+EAGEV4aWYAAElJKgAIAAAAAAAAAAAAAAD\/7AARRHVja3kAAQAEAAAAPAAA\/+EDMWh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8APD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS42LWMwMTQgNzkuMTU2Nzk3LCAyMDE0LzA4LzIwLTA5OjUzOjAyICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ0MgMjAxNCAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpDNTgxNENCMjY2MjIxMUU0QjRFM0MzNDdCODY1Q0JBMSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDozQUQwNUIwNDY2NDkxMUU0QjRFM0MzNDdCODY1Q0JBMSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkM1ODE0Q0IwNjYyMjExRTRCNEUzQzM0N0I4NjVDQkExIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkM1ODE0Q0IxNjYyMjExRTRCNEUzQzM0N0I4NjVDQkExIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+\/+4ADkFkb2JlAGTAAAAAAf\/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggL"}
00406{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":53971,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo15BAAEAGPqQKCAABNubjrLHZAFCatrvlZUlJyVAQ\/\/\/TYAAA"}
02602{"flow_id":4,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":54418,"pkt_caplen":1678,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1678,"pkt_l4_len":1644,"pkt":"ABoRAAACABoRAAABCABFAAaAdHtAABAGy2E25uOsCggAAQBQsdllSUnJmra75VAQ\/\/9vCQAADAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f\/8AAEQgAMgAyAwERAAIRAQMRAf\/EAJoAAAEFAQEBAAAAAAAAAAAAAAcAAQQGCAUCAwEAAwEBAQEAAAAAAAAAAAAAAAQFAwIBBhAAAQMDAgMEBgcJAAAAAAAAAQIDBAAFBhESITEHQVGBE2FxMlJiM5GhIkI0FTWxosIjQ1MUNhcRAAIBAgMFBQcFAAAAAAAAAAECABEDITEEQVFhcZESIjJCcvCBwdFSgjOhseHCE\/\/aAAwDAQACEQMRAD8A0vkGQWuw2t+5XJ9MeLHTuW4r6gB2qJ4ADnXSIWNBiZy7hRU5Qdxsz6gv3BuahFuabmp82BiUx9Ma5Ki66Jkb1cN6z9xXAeunjp7YFKmozYCq13fzExfcmtBQ5Lk3OdSdmefLjLSzjH5UpPBy4XaZHaiM96lFtSlrA+Gsl06VxevpBJ+E0N96YLTmRT95BsGZ5umMVtNQ80h9lysshlpwHXQpdjOEaadhSeVd3NOlcynBvmJxbvvTLt8V+Rj3jKuokl1hllu3Ys68oCGxdpTT0qW6fZYQ00SlG\/kVE6jsot2LYzJf0jAcamD3rhyAX1HPpLPhWbRsgYeYfZVAvUFXlXO1vH+aw5\/EhXNCxzFL3rJQ71OR3zezeDjcRmN0tFYzaCfqgHrXmeOZDeEidibD6Y70NQ0TFkuna1MI5OaH3uX0U\/pCCjKMHO3eN0R1QIZWOKDZuO+Z16jRL7Ezm8x79JVMujUlXmSl8CtBAU0pI+6nyynaByq7pmU2wVwEi6kMLhDHGcByRIdSEOvOOoHJK1qUB4KJrYATAsTGbddaXvaWppZ4FSFFB+lJFBxgCRGW44pfmKUpbvYskleo5faPGiFTWaOt0PIpmYYnaUyCMpskBuRlN9I1Wph\/7TUFxPAOnaQNyvX31CuMotsfKx7o\/tLiKxdR5lHePwhx2n3ezvNSpTlA68Lj\/wDOLmy4Ap2QG2YyO1TzjqQ2B6d1NaKv+qxfV0\/zMz311cR\/0WSzuC3osSFHlKHHV5EdO79oq3oPx+8yLrvyU9soP9aciUWtEJIt7zTNxiPPcWWn2luj4ErBV9QrlsQZ2mBFZrLBS011Rzht4gyZD0OUwvXXdGcjgNlJ7gdRXzmo\/Gm6h61n0VjxvzEJtJxqBvqBkbDuWT5VwQXbJgkRu6KiDlJuUg7YiF\/CjcD6zVDTW+7h4nNOQ2xHUP3sckFffsmY7nc5t0uUq5TnPNmTXVvyHO9bh3HT0d1XUUKABkJCdixqZF1rqs5i1orCI8RpRWEN+FZm85jtpy0E\/m2KPR7Je\/dlWqUrRhavjaUOHqqVqLOJTY1WHAjPrK1i9gG2jA8jlNJ+Y73j2N3hUWV4FM4si3s5yXHH1hlGcWloWl5ZAQq4W8goZKjppu2CqWneiBvobHkZPvpVyPrX9RM1So8mJKdiS2lR5cdZbfjuApWhaToUqBq0GBFRIrIQaGfPWvZzFrRCMVADUnQUVntIX8WxudCwKDYnEKbvWeXSK4zDI0W3bYR3F9aeaQpRJGvZU69dBctsRT1MpWbRCBdrEdBNScfdPy9lQ5ZnCz3BLZl9o\/wpSlsyGVh6FNaOjrD6fZcQeHjWtm8bbVEyu2g4oYK73hnUdxSW8hxey5sWQENXZZMWYtCRokOlJQVaAd3jTqX7flLJwzEUazc2hW45GVS+YviMZnTKcAuGKMnVP5zaJCpbKCeSnWV7k7R29tMW7zE9xw3Aikwe0POhXiDWQrLinTll8xLNa7l1HuSOLjzJVAtqAeKUlQ1WVd+p0rq5euZsRbHUzlLSeUFz0EtltwvK2n0u2fplY7XKHFuVOfVJDZ7FbFr4qT6qXa+m12PIUm4svsRRzNYSME6cTLbdJGS5LPN4yqanY7MKdrTLX9mOjQbU+A9XPVS9f7Q7KiiD2xjVqx2T2mNWMv8AoKWjEVEIyvDxohOfdfwb3yPYV8\/5XL+p8HveivRPDKx0t\/1aP+ke27+jfhPbP7\/fWuo8Z8X3ZzLT+AeH7cpdk+HhWM2nqiEVEJ\/\/2Q=="}
00641{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":54724,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":228,"pkt_l4_len":194,"pkt":"ABoRAAACABoRAAABCABFAADWcVlAAEAGms0KCAABrcJ2MI7pAburox2AVFzigVAY\/\/9mQwAAFgMBAKkBAAClAwGlXtzD4CYR60HmpO3Epp6iuyOtJr59nHMXn8J60vKduCBvCKEM0sorljArU6qw4dCFWjF23JNAwYV6Z6lEcvF3aQAcwAnACsATwBQAMwA5ADIAOMAHwBEALwA1AAUA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_tot_l4_data_len":274,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1435587868996,"flow_last_seen":1435587869054,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00406{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":54928,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodHxAABAGyFitwnYwCggAAQG7julUXOKBq6MeLlAQ\/\/\/whAAA"}
00407{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":55189,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo15FAAEAGPqMKCAABNubjrLHZAFCatrvlZUlQIVAQ\/\/\/NCAAA"}
00407{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":55656,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodH1AABAG0bc25uOsCggAAQBQsdllSVAhmra75VAR\/\/\/NBwAA"}
00655{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":106324,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeH6tAAEAGNH0KCAABLjOtto0GAbtbbHOupJOMU1AY\/\/9DnQAAFgMBALEBAACtAwGHsWGgHOt8dG+f+uI0AkWsU3L2DLrIYI7d\/JEa4+8W9QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1435587868635,"flow_last_seen":1435587869106,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00406{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":106781,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodH5AABAGEGAuM622CggAAQG7jQakk4xTW2x0ZFAQ\/\/86aQAA"}
00591{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":107169,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"pkt":"ABoRAAACABoRAAABCABFAACtdH9AABAGx9CtwnYwCggAAQG7julUXOKBq6MeLlAY\/\/9aKwAAFgMBAFECAABNAwFVkVUdTZdNQZ4vLa\/vFFCecMZjU0GJsAgafF+WvV97nSBvCKEM0sorljArU6qw4dCFWjF23JNAwYV6Z6lEcvF3acARAAAF\/wEAAQAUAwEAAQEWAwEAJNog+Fm3DNfNFmROpYXuJw9xo8XNwqprowJ+Om9jMAaOVABf4g=="}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_tot_l4_data_len":447,"flow_min_l4_data_len":20,"flow_max_l4_data_len":194,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":6,"flow_first_seen":1435587868996,"flow_last_seen":1435587869107,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":307,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f8f5b71e02603b283e55b50d17ede861","ja3s":"23f1f6e2f0015c166df49fdab4280370","unsafe_cipher":2,"cipher":"TLS_ECDHE_RSA_WITH_RC4_128_SHA"}}
00408{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":108256,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo15JAAEAGPqIKCAABNubjrLHZAFCatrvlZUlQIlAQ\/\/\/NBwAA"}
00408{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":108709,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAocVpAAEAGm3oKCAABrcJ2MI7pAburox4uVFzjBlAQ\/\/\/v\/wAA"}
00476{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":108839,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"pkt":"ABoRAAACABoRAAABCABFAABXcVtAAEAGm0oKCAABrcJ2MI7pAburox4uVFzjBlAY\/\/\/hJQAAFAMBAAEBFgMBACTBPx2ymvoFQmAuJHwqIX\/9mxl\/ucrNp\/rFjciYy7qxtwjVS7w="}
@@ -59,12 +59,12 @@
00408{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":160812,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodIFAABAGyFOtwnYwCggAAQG7julUXOMGq6MgY1AQ\/\/\/tygAA"}
00408{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":161225,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo15NAAEAGPqEKCAABNubjrLHZAFCatrvlZUlQIlAR\/\/\/NBgAA"}
00408{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":161775,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodIJAABAG0bI25uOsCggAAQBQsdllSVAimra75lAQ\/\/\/NBgAA"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1435587869162,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1435587869162,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":162594,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8XmhAAEAGt7gKCAABNubjrLHgAFDjpDJQAAAAAKAC\/\/\/u\/QAAAgQFtAQCCAoACGw4AAAAAAEDAwg="}
00407{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":163745,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodIRAABAG0bA25uOsCggAAQBQseAcW82v46QyUVAS\/\/\/ZBQAA"}
00407{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":163885,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoXmlAAEAGt8sKCAABNubjrLHgAFDjpDJRHFvNsFAQ\/\/\/ZBgAA"}
00597{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":165386,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"pkt":"ABoRAAACABoRAAABCABFAAC0XmpAAEAGtz4KCAABNubjrLHgAFDjpDJRHFvNsFAY\/\/8QEAAAR0VUIC9sYW5nX2Fzci9sYW5nLnBvcnR1Z3Vlc2VfYnJfYXNyIEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFR1ZSwgMjggQXByIDIwMTUgMTQ6NTA6MjUgR01UDQo="}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_tot_l4_data_len":240,"flow_min_l4_data_len":20,"flow_max_l4_data_len":160,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00669{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1435587869162,"flow_last_seen":1435587869165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":140,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_asr\/lang.portuguese_br_asr","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00407{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":165848,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodIVAABAG0a825uOsCggAAQBQseAcW82w46Qy3VAQ\/\/\/YegAA"}
00411{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":166078,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAqXmtAAEAGt8cKCAABNubjrLHgAFDjpDLdHFvNsFAY\/\/\/LZgAADQo="}
00407{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":166236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodIZAABAG0a425uOsCggAAQBQseAcW82w46Qy31AQ\/\/\/YeAAA"}
@@ -79,12 +79,12 @@
01151{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":349566,"pkt_caplen":602,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":602,"pkt_l4_len":568,"pkt":"ABoRAAACABoRAAABCABFAAJMdItAABAGxiWtwnYwCggAAQG7julUXOMGq6MgY1AY\/\/9NtAAAFwMBAh8SCnfPwGJEd\/29jMiS4f1KqUh9GmDtDXk89brrlgaIMwR+FIY3syWRSAsWWofvrEBzc9V5y9pleJN2h4MEuTxVRBw7SshXVsmx+oSDnX1YGL+HGMfU6U9CV6Dg0HxgBytU2dbSehZLtQ5F5ATuB22hxsIQlqtLigvEWztINy9ZOVst7oaico2M8l2qdsxFtqCCQ1X9VLSxIqyULT8uVWfkKMrxfNtvgG7KDwwIvhsXG6e62fPF37iscR\/G89OSBeK\/KvOhLEIbn1IXInoEoQFFb5mAtNF3kQZ9D+T8QayCcP35+r2PlSz6rESvcJj2E6c2wWXCAEdOPxMk35m57E\/3uu4SwXQ5y5w5\/KTMS3j\/40TzYhjggOUcWNzofkc3c3K2rf6gMhAy+Se1ICDOLwhrbvX3DbQDxofvIYYxCRTRotloQJpNGPa+MuGQvdT15lcishlBhwuipOXTG0\/8XG5A7qXd6pgGsjJ61LOP3QJYaUzSwrRd0q85WoUGuLXYFmtIw0HHeN9CrNsfa1eyCCC7Fo0+WFOS050R8CDAUAwauhr2xOmJMHf\/oGEG02oDIidj8UgGqlaUIPLVBzO3H1FDE1dZoDte+F59AhR\/CjOzsZJY+dGesUbOHXRUWyJMaYKk7FK7NszqbSJaMedKBkHbtW29x9IYbdoBaWfUbDGfWfx7sAJihJbIWKiH6+ZVJW5TQX2fGcyf48xqMj+QGII="}
00408{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":400451,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAocV1AAEAGm3cKCAABrcJ2MI7pAburoyBjVFzlKlAQ\/\/\/rpgAA"}
01776{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":425938,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"pkt":"ABoRAAACABoRAAABCABFAAQcdIxAABAGDF4uM622CggAAQG7jQakk4xTW2x0ZFAY\/\/9J2QAAFgMBADUCAAAxAwH9mF72oxu76M+yQHYrXOQ0cqC6GWlKoWmFTaoyeqnTQQAANQAACf8BAAEAACMAABYDAQwDCwAL\/wAL\/AAEfjCCBHowggNioAMCAQICCHZ4M8fShJA1MA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE0MTEwNjE2MDkyMFoXDTE1MTEwNjE2MDkyMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxGTAXBgNVBAMMECoud29ybGQud2F6ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5dfWK79dCVb2w7\/g3HRrN4i9qgMlhgQofXQQXw0gD87T9syXmF5pz0Cwmmw7pjObFe\/feCHhP5Q5TYPxHvQFVRms3bi3u+ghHQQErMDQ+nN0nE87Jr74s0kO4gi5kxlnWO5u\/CLx56XE08DG89cYwLep2yXaw7FpQ88oYQg1iuiHwkbjtoRpijShFrwII4yGENpw3VHkb6Fx\/gAEFaQxZm6zeckwQ1HY64ImqtGYTIGt4mDB1FJaTUZwduWO6oPZLB\/Kr54+3jOco4hPhs\/aZ7TMra\/18qq1rDcwobkr4\/HCy6N0TGrQ6Dyn4sPpnwba++QjAmdGfjGSZmIvFi42lAgMBAAGjggFDMIIBPzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0RBBQwEoIQKi53b3JsZC53YXplLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNZsbyCbuRAq04t6Ot9dGm1t3uVoMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFaY2zopJZdE3mmntQjiL6V0yWpBnkS3\/vdmjvi7m0l8VT3fDFeuTu6nvu5k8w=="}
-00799{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_tot_l4_data_len":1334,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1032,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+00810{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":66,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1435587868635,"flow_last_seen":1435587869425,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
04652{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":476878,"pkt_caplen":3201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3201,"pkt_l4_len":3167,"pkt":"ABoRAAACABoRAAABCABFAAxzdI1AABAGBAYuM622CggAAQG7jQQxjR57znLiPFAY\/\/8suQAAFgMBADUCAAAxAwFqIHt\/YtLKZ9dBM12eQvSQ8djEaPgXkLVazaez9z2ohwAANQAACf8BAAEAACMAABYDAQwDCwAL\/wAL\/AAEfjCCBHowggNioAMCAQICCHZ4M8fShJA1MA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE0MTEwNjE2MDkyMFoXDTE1MTEwNjE2MDkyMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxGTAXBgNVBAMMECoud29ybGQud2F6ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5dfWK79dCVb2w7\/g3HRrN4i9qgMlhgQofXQQXw0gD87T9syXmF5pz0Cwmmw7pjObFe\/feCHhP5Q5TYPxHvQFVRms3bi3u+ghHQQErMDQ+nN0nE87Jr74s0kO4gi5kxlnWO5u\/CLx56XE08DG89cYwLep2yXaw7FpQ88oYQg1iuiHwkbjtoRpijShFrwII4yGENpw3VHkb6Fx\/gAEFaQxZm6zeckwQ1HY64ImqtGYTIGt4mDB1FJaTUZwduWO6oPZLB\/Kr54+3jOco4hPhs\/aZ7TMra\/18qq1rDcwobkr4\/HCy6N0TGrQ6Dyn4sPpnwba++QjAmdGfjGSZmIvFi42lAgMBAAGjggFDMIIBPzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0RBBQwEoIQKi53b3JsZC53YXplLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNZsbyCbuRAq04t6Ot9dGm1t3uVoMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFaY2zopJZdE3mmntQjiL6V0yWpBnkS3\/vdmjvi7m0l8VT3fDFeuTu6nvu5k81XJXuDi\/QV01oDgfZuZsV2qZV4S8xqLmj\/8s8QnmcTeHpomDMSdjXTXziFnSkko3MHsuUeD3+MGC1nPfT5fsZillvuFCuBa9EdwSkLYUOi3Mlp3bk6Tl94tG9aBCkhS9VYoZ3uVQ8YKxxo2feCGxvelUxlMnHtG1cv5a\/1EGGP3Gcuou9O0zWYPP0fFQk+hOSuPNmdovXtxh1Re1KKIL0UVsXBYJhTMfrcrZHoBdcnUY5men8tY5KeGAL6RhV+\/2r0ZIy51ZzR1MkbMjkDu3BOeFXQAA\/QwggPwMIIC2KADAgECAgMCOnYwDQYJKoZIhvcNAQEFBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xMzA0MDUxNTE1NTVaFw0xNjEyMzEyMzU5NTlaMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCoEd1zYUJE6BqOC4NhQSLyJP\/EZcBqIRn7gj8Xxic4h7lr+YQ23MkSJoHQLU09VpM6CYpXu61lfxuEFgBLEXpQ\/vFtIOPRT9yTm+5HpFcTP9FMN9Er8n1Tefb6ga2+HwNBQHygwA0DaCHNRbH\/\/OjynNwaOvUsRBOt9JN7m+fwxcfuU1WDzLkqvQtLL6sRqGrLMU90VS4sfyBlhH82dqD5jK4Q1aWWEyBnFRiL4U5W+44BKEMYq7LqXIBHHOZkQBKDwYXqVJYxOUnXitu0IyhT8ziJqs07PRgOXlwN+wLHee69FM8+6PnG33vQlJcINNYmdnfsOEXmJHjfFr45yaQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBRK3QYWG7z2aLV29YG2u2IaulqBLzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4IBAQAnjM\/pxzu+wG\/oloT7nFxdkOR324syYJtl2IUmtbqfHt5kTh\/GyCBbCZ+rqeAJNEWiZSU3PX9abyDM+frxHY8QDAI6xMkBdpa+m\/kV2DnRxQNHdriKjDHWYNXkj9v6PMbVmCj4HI8XkTTLy1J60fs6IOThhrHYGA++1odkjcUKJUJR77I4uOAd0OH85vSvRrrvwL\/FtAX1lHUM\/qK+Arrqhlv5NbNm9cWNhaEaI3caGRdUE2CfC+G0nCgq+a4CNG0lk5yCqBd78YWw0w9Y4fux\/pyho+j9yT\/013HcvYykGeAhIyNVE4+kFgIJfrmv7ttTZL1xL7k5zjC3tLxU4EcHAAOBMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg\/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt\/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ\/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBOBgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GBAHbhEm5OSxYShjAGsoEIz\/AIx8dxfmbuwu3UOx\/\/8PDITtZDOLC5MH0Y0FWDomrLNhGc6Ehmo21\/uBPUR\/6LWlxz\/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1Wb8ravHNjkOR\/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8SFgMBAAQOAAAA"}
-01057{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_tot_l4_data_len":3469,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3167,"flow_avg_l4_data_len":578,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01068{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1435587868634,"flow_last_seen":1435587869476,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00406{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":477117,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoH6xAAEAGNTIKCAABLjOtto0GAbtbbHRkpJOQR1AQ\/\/82dQAA"}
03290{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":477401,"pkt_caplen":2189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2189,"pkt_l4_len":2155,"pkt":"ABoRAAACABoRAAABCABFAAh\/dI5AABAGB\/kuM622CggAAQG7jQakk5BHW2x0ZFAY\/\/+UTAAAVcle4OL9BXTWgOB9m5mxXaplXhLzGouaP\/yzxCeZxN4emiYMxJ2NdNfOIWdKSSjcwey5R4Pf4wYLWc99Pl+xmKWW+4UK4Fr0R3BKQthQ6LcyWnduTpOX3i0b1oEKSFL1Vihne5VDxgrHGjZ94IbG96VTGUyce0bVy\/lr\/UQYY\/cZy6i707TNZg8\/R8VCT6E5K482Z2i9e3GHVF7UoogvRRWxcFgmFMx+tytkegF1ydRjmZ6fy1jkp4YAvpGFX7\/avRkjLnVnNHUyRsyOQO7cE54VdAAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEABA4AAAA="}
-01057{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_tot_l4_data_len":3509,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2155,"flow_avg_l4_data_len":438,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01068{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":69,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":8,"flow_first_seen":1435587868635,"flow_last_seen":1435587869477,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00406{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":477557,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAojYlAAEAGx1QKCAABLjOtto0EAbvOcuI8MY0qxlAQ\/\/8uIAAA"}
00406{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":477671,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoH61AAEAGNTEKCAABLjOtto0GAbtbbHRkpJOYnlAQ\/\/8uHgAA"}
00852{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":485626,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFujYpAAEAGxg0KCAABLjOtto0EAbvOcuI8MY0qxlAY\/\/8UTwAAFgMBAQYQAAECAQAJa91NRPBS+OZzLaCqfCknHxqEZfY3H68IP1Ho1BBqnh6b7yuJIMHYs8aoMVVPkqSoo9OnUP0GeX0EfIJ45fdbqQtr0jkMcNQPZhI8eD5VTRdQNYcmz\/FbHXph\/in2fTBhNYFofRjr3wPBsN5zGGWrzacXqvsEq0BupiskMiLS0slIXmdHMT0gK99zu4LD6y9B1PDZperEgT9j6K3+U7SkQWTiDFpQpTZQKlexzWIo5RK4HOE5YtHsotOSTkv\/UPZQZ+wHpPE2SMT0KZTb5jkxFQbxDBS\/EwJ4ZVP\/A4Jz0Eiu4FVHZdvMx8sv4vT7\/u\/9yV7wipm0dcJMETeCqgNTFAMBAAEBFgMBADAw1v6zA6S9DfPaW2cWz1NmpG9t9+zzaNsjRXaaiFm11EmhCd9f2u0uC5aAmMCqrSs="}
@@ -101,23 +101,23 @@
00407{"flow_id":6,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587869,"pkt_ts_usec":854914,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoH69AAEAGNS8KCAABLjOtto0GAbtbbHWqpJOZiFAQ\/\/8r7gAA"}
00457{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587870,"pkt_ts_usec":163940,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNMsRAAEAGQsMKECWdriXnUaUQFGaA18okWhY9doAYAVcm3gAAAQEICgAIbJ1BJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
02324{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":459664,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdJlAABAGJShBJ4CHCggAAQBQ1oMcOFis48eoXFAQ\/\/+1BwAASFRUUC8xLjEgMjAwIE9LDQpDb25uZWN0aW9uOiBjbG9zZQ0KRGF0ZTogTW9uLCAyOSBKdW4gMjAxNSAxNDoyNDozMSBHTVQNClNlcnZlcjogQ2hlcm9rZWUNCkVUYWc6ICI1NTkxNTIyNT1lZDFiIg0KTGFzdC1Nb2RpZmllZDogTW9uLCAyOSBKdW4gMjAxNSAxNDoxMTo0OSBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjA2OTkNCg0KATQHAwAjAiONZiUAAO0bBzsIMh3rBzsH8HiADA4GBzsIJ2cADA6AAgMAQrv1wIACAwBCu\/XACAA2FA0REBIREQ8ODQwLCgkHFkYNEBAREA8ODQsLCgoKCRVGDRUREBAODg0LCgkJCQkVRgMSCgQEEQd7HQEQIWWYaeoWMWACQNSuoQ1EsJf9t43\/\/6lhEEXJCyc3I0UF1v\/8ABMeJAJIAhAPSAIHOwAAAAwAECFlAAAF\/\/\/hxQJVIWar5ZMINiIHfZ7YoQycSpZuVuj\/\/6kYpC7tpCZYpt0G1wBO\/5UciwJdAhYPVAIHOwAAANQAVSFmAAAVABLYdAMcIWbjhxZfM6YAbbMioQ0zTsJmcVX\/\/6dLmLIr4CcQX0v9MQAJABMfov1O\/eANcgIHOwAAAAQAHCFmAAA0AAu9zAROIWaOcaSjNioF3DCwoQ1hkJcNJEP\/\/6hgK4FmZyZOzHMFvwAl\/+Yc4QKoAl8O2wIHOwAAAPIATiFmAP\/q\/\/9FSwU5IWYRpmuEN2QCJEvHoQyilMIYhtL\/\/6VYDxVkMCaK9PX8jQAmAC4fW\/z5\/YgNDAIHOwAAAOkAOSFmAAAn\/\/iq9QYzIWbj5wQYMn4AETH4oQ4ojZelKAf\/\/6iAhLpjQSc18OAE8AAw\/\/Ad1AJAAeUPuAIHOwAAAAkAMyFmAABKAAAtEAccIWV+DE43MRUEY6zPoQ2ycRi7RVH\/\/6ewkCeBnyeG8ZUDSv\/p\/8EnUg1yC6sIDwIHOwAAAOgAHCFlAAAUAA9z9AkQIWbN0vS4L\/4AOYOKoQ5SbuzjcPr\/\/6pNburqzCcCJ3T+LgAP\/\/0U3we2BgYXHwIHOwAAAAEAECFmAP\/h\/\/pAvwpIIWYdgcm2OYoHk9mCoQ17WsKz+4\/\/\/6KkJhoB0iZUq4H65P+hADMenP2R\/eANvQIHOwAAAPoASCFmAP\/0\/\/oUZAs\/IWaAcGg+PwMIJoSqoQ3wm4mbqeX\/\/6WDObfxciRqRZwFcgBN\/\/oVaQGvAYoSZAIHOwAAAOYAPyFmAP\/q\/+y6GQxIIWZni7bCLB4C3ASdoQ1Hd0RRw4T\/\/6iPGaIFcShR0Tv76v\/g\/+8qlfSi9a0F1gIHOwAAAOYASCFmAAAdAAoDqw0GIWadK77\/Kz0Ci025oQ2D5vGYxAP\/\/60TVXCHACexBQ3++QAJACMTPAsWCcQZEgIHOwAAAOgABiFmAP\/i\/\/vQtw4VIWbsFbVZLqwEPrgVoQzxyvAtx9v\/\/6ndr5YwESdid2\/\/Ev\/gAD0VTAe7BvcXpQIHOwAAAOwAFSFmAP\/oAAG4xg8DIWXRPp+yNYMDrt5poQ1eeOsUl9\/\/\/6eMD+c52SYF6p393wBC\/8YRcgbXBcgX3gIHOwAAAOkAAyFlAP\/t\/\/eOdxAwIWYUIxyeLKAEK37DoQyjBUUUywb\/\/6cODQDaCShXh6r7rwATABwpF\/aR9+MGswIHOwAAAOoAMCFmAAAj\/\/xE2xEXIWbswY4iK\/MFMEvzoQ5VN27lAN\/\/\/6l8riSAuCembaYA5v\/k"}
-00758{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_tot_l4_data_len":1771,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":295,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}
+00769{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":92,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1435587867755,"flow_last_seen":1435587871459,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1631,"flow_avg_l4_payload_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"xtra1.gpsonextra.net","url":"xtra1.gpsonextra.net\/xtra2.bin","code":200,"content_type":"application\/octet-stream","user_agent":"Android"}}
00406{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":461917,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAozNxAAEAGojwKCAABQSeAh9aDAFDjx6hcHDheBFAQ\/\/8G6QAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1435587871656,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1435587871656,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":656080,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8\/jRAAEAGF+wKCAABNubjrLHiAFBcJZMGAAAAAKAC\/\/8UywAAAgQFtAQCCAoACG0yAAAAAAEDAwg="}
00408{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":657385,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodJ1AABAG0Zc25uOsCggAAQBQseKj2mz5XCWTB1AS\/\/\/ZAwAA"}
00410{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":657541,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo\/jVAAEAGF\/8KCAABNubjrLHiAFBcJZMHo9ps+lAQ\/\/\/ZBAAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1435587871658,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1435587871658,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":658817,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8NxhAAEAG3wgKCAABNubjrLHkAFDBi1oqAAAAAKAC\/\/\/oPgAAAgQFtAQCCAoACG0yAAAAAAEDAwg="}
00409{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":659994,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodJ5AABAG0ZY25uOsCggAAQBQseQ+dKXVwYtaK1AS\/\/\/ZAQAA"}
00409{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":660158,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNxlAAEAG3xsKCAABNubjrLHkAFDBi1orPnSl1lAQ\/\/\/ZAgAA"}
00619{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":689811,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"pkt":"ABoRAAACABoRAAABCABFAADD\/jZAAEAGF2MKCAABNubjrLHiAFBcJZMHo9ps+lAY\/\/+63QAAR0VUIC9sYW5nX3R0cy9sYW5nLnBvcnR1Z3Vlc2VfYnJfdHRzP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMDggQXByIDIwMTUgMTI6MTI6MjcgR01UDQo="}
-00674{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_tot_l4_data_len":255,"flow_min_l4_data_len":20,"flow_max_l4_data_len":175,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00685{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1435587871656,"flow_last_seen":1435587871689,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/lang_tts\/lang.portuguese_br_tts?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00408{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690083,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodJ9AABAG0ZU25uOsCggAAQBQseKj2mz6XCWTolAQ\/\/\/YaQAA"}
00414{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690191,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAq\/jdAAEAGF\/sKCAABNubjrLHiAFBcJZOio9ps+lAY\/\/\/LVQAADQo="}
00408{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690342,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKBAABAG0ZQ25uOsCggAAQBQseKj2mz6XCWTpFAQ\/\/\/YZwAA"}
00615{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690486,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"ABoRAAACABoRAAABCABFAADBNxpAAEAG3oEKCAABNubjrLHkAFDBi1orPnSl1lAY\/\/8BLAAAR0VUIC9zaGllbGRzX2NvbmZfbmV3X2xhdGFtP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiByb2Fkc2hpZWxkcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBTdW4sIDI5IE1hciAyMDE1IDExOjI5OjUxIEdNVA0K"}
-00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_tot_l4_data_len":253,"flow_min_l4_data_len":20,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00690{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1435587871658,"flow_last_seen":1435587871690,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"roadshields.waze.com","url":"roadshields.waze.com\/shields_conf_new_latam?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00409{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690659,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKFAABAG0ZM25uOsCggAAQBQseQ+dKXWwYtaxFAQ\/\/\/YaQAA"}
00413{"flow_id":10,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690770,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAqNxtAAEAG3xcKCAABNubjrLHkAFDBi1rEPnSl1lAY\/\/\/LVQAADQo="}
00409{"flow_id":10,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":690911,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKJAABAG0ZI25uOsCggAAQBQseQ+dKXWwYtaxlAQ\/\/\/YZwAA"}
@@ -129,19 +129,19 @@
00410{"flow_id":10,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":867874,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKZAABAG0Y425uOsCggAAQBQseQ+dKc5wYtaxlAR\/\/\/XAwAA"}
00410{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":868136,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo\/jhAAEAGF\/wKCAABNubjrLHiAFBcJZOko9pug1AQ\/\/\/W3gAA"}
00409{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":868318,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKdAABAG0Y025uOsCggAAQBQseKj2m6DXCWTpFAR\/\/\/W3QAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1435587871918,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1435587871918,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":918621,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8cIlAAEAGqJ4KCAABsCJnacdpAbv69x3BAAAAAKAC\/\/\/XPAAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
00409{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":929277,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKhAABAG1JOwImdpCggAAQG7x2kFCOI++vcdwlAS\/\/\/FGAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1435587871929,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1435587871929,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":929480,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8KgBAAEAG7ycKCAABsCJnacdqAbskTkdIAAAAAKAC\/\/+EXgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
00409{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":932105,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKlAABAG1JKwImdpCggAAQG7x2rbsbi3JE5HSVAS\/\/\/FFwAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1435587871935,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1435587871935,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":935294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8\/WxAAEAGG7sKCAABsCJnacdrAbsTBZAkAAAAAKAC\/\/9MygAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
00410{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":938758,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKpAABAG1JGwImdpCggAAQG7x2vs+m\/bEwWQJVAS\/\/\/FFgAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1435587871939,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1435587871939,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":939085,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8xDRAAEAGxZIKCAABNBFy25hiAbudWal8AAAAAKAC\/\/9IxgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
00408{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":941271,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKtAABAGRTA0EXLbCggAAQG7mGJiplaDnVmpfVAS\/\/9kvwAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1435587871941,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1435587871941,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":941434,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8RGdAAEAG0bkKCAABNubjrLHqAFALhykvAAAAAKAC\/\/\/PIgAAAgQFtAQCCAoACG1IAAAAAAEDAwg="}
00409{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":943372,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodKxAABAG0Yg25uOsCggAAQBQser0eNbQC4cpMFAS\/\/\/Y+wAA"}
00410{"flow_id":10,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":943907,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNx1AAEAG3xcKCAABNubjrLHkAFDBi1rGPnSnOlAR\/\/\/XAgAA"}
@@ -158,21 +158,21 @@
00407{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":945981,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGFjUKCAABNubjrLHkAFDBi1rHAAAAAFAEAAC8vQAA"}
00406{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587871,"pkt_ts_usec":946086,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGFjUKCAABNubjrLHiAFBcJZOlAAAAAFAEAADpRwAA"}
00656{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":45758,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADecItAAEAGp\/oKCAABsCJnacdpAbv69x3CBQjiP1AY\/\/86cAAAFgMBALEBAACtAwGmC6YG6dpggqRoocPCS6GRSW3HALPFXrzPaO9ENu8EQgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1435587871918,"flow_last_seen":1435587872045,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":51153,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLFAABAG1IqwImdpCggAAQG7x2kFCOI\/+vceeFAQ\/\/\/EYwAA"}
08151{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":84616,"pkt_caplen":5526,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":5526,"pkt_l4_len":5492,"pkt":"ABoRAAACABoRAAABCABFABWIdLJAABAGFQdBJ4CHCggAAQBQ1oMcOGi048eoXFAQ\/\/9HOQAAC\/JkLXAieP4LTk\/Xu8H+ADLAUAMHHv6KAVigX2\/eP8ggPkJr+p8ABQUA+0oCs\/Yv\/r4HBPrn8eDLxQmBh732\/7RwCnAgr+9YKQAIORweTb8\/s8YDADVAUAMHQX5egYkAay\/Y78MQRsKV+f74BQUA+yEBMPVIf5qHTvkn8kD3zgoBJ7f5\/6XgDvAg0+1sJM\/oeXQtDM7fq8wIADfAUAkDxwIBA2uAvf8JYAWv+c\/sIIlA6+n\/vCIAe\/uPAcT4In\/XhFf\/R\/2f0AaBX7f6Av\/Db\/\/L\/rwHg\/nAiIAZyEBxMBPh\/ABK\/0ABA9eAvX83IAO\/99fvMINAw+sfzCAAe\/x2AXn50oCMg3z+U\/7AF\/7\/3\/AEAP\/yUADf\/mwF2\/rwWn\/N20EguAPt\/wBE\/0ABBD2Ax39uIALv9P\/yYH\/Al+v\/3B\/\/+\/2BACL7rwDvAoj+c\/\/AM\/Z+wEAJ\/QATuAM\/\/\/gDk\/5gKX+d8EEgN\/v6AQA\/P0ACBLkApf+fYAL\/8u\/2MHiAZe1f7Bz\/+\/6iAEn9qAFOAX798AGgU+t94JgP+QAvuAPr\/9wBv\/4v9L90BgGPp\/AIAwA5f0ACBSSAkX\/UQAO\/8Df6EHRAL+5gABr\/fP\/R\/3z\/pYFIgHT+jANAR+B9wPgP9QA8KAXkAWP\/i\/\/PwP90HAEfF\/QYAwAzf0ACBZoAVn\/+gAUP7n\/+cG1\/9e\/AFBj\/fAEBAEABkwEyf2T+lAWgO9T94VAN8QBCIAXsAQ\/98\/1\/jb+GMYEOf\/goAgAtv0ACBfUAMAAoYAZv7EAC0Gn\/t\/DALBb+\/QIfABsDVICyfnT\/uAd\/\/8r+oagH7gA4oAdsAhv8L\/z\/YH\/KRMAd+Ag2AAAn\/0ADBlJ\/7IBFoAfv6vgHYGS\/e\/IARBP+\/QMhAYcE2IAi\/ZQAPAmfx8H\/wfAB6wAqKAbkASP7A\/hvOMAiVX9tiBxF\/gAiP0ADBo7\/yABjAAk\/6QgLwGP\/PfKgXBL+fgPsAgIGBf8yfPQB0ApfZ7wBgif16QAPGAg4AWv5s\/XPHECqYb39ODhN+gAcP0ADBst\/jYB2oAqf57gP4GJ\/A\/NAcBD9\/gSDA\/wG1n5B\/HUCtAr\/C7mDQj\/r6P\/zEAen\/6f4y+8\/CcFAajzdCFRR9gAWf0ADBul\/dwCPIAvv5VAToGY+yfMgjA\/9fgTHBOsHO30IfE4EiAlek7uFgjfd6f\/PiAlr\/zf3l+rfBYH6bDsdCHhP8AAQv0ADBwz\/SwCj4A3P4xgWwGl+mfMgoA\/8\/gTMBzgHPvvp\/E0FkAc+L8GHohfR6\/+wqAlz\/PP2d+LPDUK2ajm9KJhJ7AAKv0AEBxp\/QQDDoA\/\/31gZQHJ+bfJAuA\/8fwR3CFgG4Pqf\/KoHaAI9s8yJ4c\/D7v+QEAw7\/EP0190vIsOIYbfNgLg95wAE\/0AEBzR\/G4DkoBNv25AbAHq+S\/GAzBD7\/wPuCrAGOPmLfR4IY\/y9V9oLwXe58\/95aA0\/+hfzC9QvQkROVjZt+NQt5P\/\/P0AJA8cDAwaI\/x8AVZ\/y4AjwOH+yvRIKoRfz\/IEAav88AXT\/yf8nACP\/35wWAz9X8Af\/33f\/n\/uf\/0\/wf+sB3ge8EBAf7AEACX8wAwZB\/rcASb\/9gAtYOJ+qvPwLYSPz\/AEAGf7nAFQAR3\/2\/3\/8v8gQgf+P+AT\/2YgD7\/6\/\/1v2T+tBBAe+D\/gT9gAAAv8w\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQPHBAMEXoF+f45f6wAGP9DQDkLT\/P7IBAZ\/A+b6GgaYAsd7h\/7ICeAMCfzf6BIB\/76IBOv0bAWP5UA4gzPZ+nDAPBf3\/\/6AoAMEbQF4\/4sf7pAF59NAEcKr\/F7YBgZ\/A2L7JwWDgb58MQA8B7+oBH7gIAf+\/+kwBHf2SAZD7gAmgg3gvRCwHA35AANAkAQEkwFJf4jf8YAFj9bAFYJx+37wCAX\/AmP8+gRDgOj9QgCsA39kAIFgP\/f9AAcwArf7DAXX97AUAOHsv3B3\/AX9AAfAkAUEuwFOf5L\/9GAD\/9oQG8I\/+n8ACgV+AZb98QLFf\/l+JwHgAT7z\/APgZ+n6ACMwAnP82AXUAa\/9f6X2AiBX2\/gBAAyAkAUE\/QEaf6M\/+MAB793QIsIB+V8YCwV+AGf\/jwEr\/1x\/YQHP\/V63+waAZ9n6ADB4AXABrAR0C1\/mfoAExEAHu\/QGABDAkAYFQoEL\/8Pf\/v\/+T+DALMHP9\/8sDgT+\/4EAKP9qfryAYQJT+55n+Qjgb8v4ADqoAigDtANME6\/MPWoQxo\/Xl+4LABVAkAcFnwC2\/+0gCF\/55+NwN4GX9p9AEAT9\/lkBTP2u\/okBmQFf+L5b+wrgR7\/6ADYgApwI3ACwGn+zfJAgx+9vf+4PABlAgAcF+4B+gCbAFF\/zz+TARUFx9P9QEgT9\/ZQBSvvv\/mGChADz+B5L\/QxgJ7f6AC\/YBNQLO\/5MHo+Y++AtyS8nZ+4UAB2AgAgGZ3\/8AGagI6\/tJ+WAU4FL839cFAR9\/KsBxfpe\/rEDhv8L9t6MAY0\/37H+AB1gBwQQi\/qQID+CO4Y9ST6\/Y\/QXACGAgAkGyH+aALHANJ\/lJ+TAZEE38b9kFwR8\/DgBDvjwfwmEKv3H977MBY1fr7AAAAzoCrwS0\/dMHo9r+2RIyT53W\/oZACVAgAoHLX74gPwgRx\/dJ+NwdEEn8D9sGAR8+7MA3PfS\/88Eyvsr+F9cC4yfV7YE\/\/TQDmQXp\/MMGp9bO6JVh\/4PaAYaACkAcAoHfX6JgUmgWL\/Uj+DwhcEr7n9sGgR8+6n\/hfbwgIgFBPl7+v\/YD4tfH74H\/+QIExQZA++gE59L\/BBdRs3XeBAZACzAcAsHx33wgY7gaT\/Mt95QlYEv7R9sGwR8+43+1fZwgZQFLfa3\/WCUFIk+z8wM\/9D4F4Acb+ucC19DfNRlRH2PnB4XADBAcAwH9f2ggdCgdg\/E99swpYFD659oHQP8++H9IfYugnCE+vUwAYEoF4b+p9oO\/8pQHGQcA+i8AR88va5oQn13vCgUADOAcAkDxwUBBmN\/zoASwB+wFkfV33MB+hJfV+0CAf+T\/07\/UoCVf4z+tAkfeAQEP4\/sBf\/V9\/kMBeQBj\/VAR8AJ4MEgh\/QN\/AAIgHABBkiAWYATIBHwFs\/Vf3CCGBJ\/S+0CAf+gAKT\/Qf\/DAAD\/7AP\/pAMCv7\/0A\/\/ab\/5YAdQBv\/cwJcBV7z\/wR\/wJ\/wAMAHABBjWAqAAXAAbQF4\/U\/2zCMhL\/P+0Cgf\/BAUH\/Lv9OgBwAQAJ\/3AIBv9f4Av\/hP\/5IACQB4\/jwD8Bp9\/+wJ\/gEAAAPgHABBjABG4Agv\/xgF1fVD2wCRBL\/N+0Cgf+qAhb\/CP7agJ4BC\/0\/7AIA\/\/\/6Af\/wiAMT\/NgBq\/tf+kCWAH7AAAQCAgATQHABBjeBQgAuv\/ZwFx\/U32qCUhM\/M+0Cgf+1Ah7\/Av7MgKUA9\/xgBAMAn\/f6Af\/++AJL\/IQBT\/3v8gB0A78f+AAAAgAWwHABBlCBgQBBv\/KAFdfVP2yCVBLfL+0Cgf+bAl3\/DX7HAPcBR\/hf\/AYAf\/\/6AAAR8AX\/+vwAoAFf6sBaBn7f8AgAAgAagHACBneBa4BXH\/OgFH\/VT26CVBK\/L+0Cgf+8AdL\/X38ggKoA2\/lAAAqAP9f8AQAfKAPv\/Mf\/2AVf73\/cBT\/wAAf+AAAeAHACBq8BbQBt\/\/ZAEjfV\/3RCRhIfN+4Cgf\/UAZj\/4394AI8Ay\/c\/7BGAP6\/8AQAruAYP\/V\/+6AqP8z9cA4CwEA\/7\/gAhgHACBu8BIQCCf\/ywEBfWb3nCNhGfO+4CgQBCALAAzQAV\/74AI\/pf9Bp\/v1AABAAtCAJYASP+BBCv\/v50AALQKAP1\/AAlQHACBzcA+oCSwAJgDV\/Xv4LCGhCfS+4CAQDDAEgB\/ACXfxj\/4\/pf+CR+\/wgEBgAowAK4A0f9OBgQBn2T\/cSAQAft+QAowHACB3yAmwCbQAkgCzfYz4sCAA\/fV+8CAgGw\/2ADmwE4fbb\/M\/9gJC99fpgOCgAU1\/18CAP8sCCwEHxV+4dwX\/fj9wAsgHACB72Ad4CaYAxQCP\/a35YB3A5\/Z\/ABggK6\/zEFeoGafIv+9AEgYDp7nkAYDf\/4N\/x8Clv8gCpAEbs1\/Amwb+vV9QAwAHACB++AMYCOYA4wB7\/cn5+Bwg1\/c\/EBAgQz\/rAHugHyerf+fAegyEP43dgoEf\/KH\/ZkDpf8uDSgEPnZ\/szwd9PF9AAzwHACCBKAOgB3YAqwBs\/fL6rBpAv\/g\/IAggW+\/xwKGgHteTj+hAphREv1vaA4Ff+TX\/T8D7v9bD8QBHjABI8wf7+39QA3QHAJA8cG\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQPHBwEEBgFhf7hfrFAnUD1\/Qn06GCEf5PsDAHADif+RfgYBiwCX4yCsJ\/8\/r\/37\/9KwAo\/wSAjQGT+6\/7gR\/d\/4W\/P6ABE\/MAEEOYFAf83fuHAkWDsfSv1GF0ET5fuDAJMCrv+G\/qUBOv\/D6QB8IgDfr\/P8\/+rAAQ\/0DAe0Fk\/c\/4IC\/uBIQ\/f7AAq\/MAEEboDQf+x\/xgAgaDh\/Vb1aFkEL5vuDADcBf\/+xf0aBKP876yAkH4Lfr+v9\/\/\/gACP2DAXEFsADP030f2CAO\/\/8AAR\/MAIEsgCTAA8\/1vAb8DPvYX18FSD35vwDAF8AiP+8f+kAtP6j8p\/QGQS\/p+H\/AA1P\/0f6lAPgEgAnfyHlgIDIIAX9\/\/4\/MAIE8gAAgDn\/6jAWyC6\/bj2mFADn5\/yD\/\/7\/ZP\/2AHuAgv5n9l9gFga\/n9gAABfv\/yP9fAFUEIBMPvvZAQDoGA39\/\/e\/MAIFPP+fAGaAASARaCdvev3gEwDP5\/0DABv+kwAHgPh\/8\/4\/\/x74Doh\/l9ADABu3\/0AC9\/7sCXBrPuPOAiEP\/BX+\/\/F\/MAIFff7qAJhgGgAL0B+Phz4iEiC75\/0E\/6b9vwA9gVL\/sP50BB6ECgn\/j8wEAB5Q"}
00409{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":139667,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAozN5AAEAGojoKCAABQSeAh9aDAFDjx6hcHDh+FFAQ\/\/\/m2AAA"}
00658{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":139946,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeKgJAAEAG7oMKCAABsCJnacdqAbskTkdJ27G4uFAY\/\/\/bawAAFgMBALEBAACtAwGNvLHuc12\/pFbnkT4Pum8D8uFdGv9vMlW4Y0hHfiKGhwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1435587871929,"flow_last_seen":1435587872139,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":140238,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLNAABAG1IiwImdpCggAAQG7x2rbsbi4JE5H\/1AQ\/\/\/EYgAA"}
00660{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":205500,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADe\/W5AAEAGGxcKCAABsCJnacdrAbsTBZAl7Ppv3FAY\/\/9RtAAAFgMBALEBAACtAwGE\/segDJyCTDDrsx\/XYj7jlyYez\/MCm2qOXqnc1anvDwAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1435587871935,"flow_last_seen":1435587872205,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":206080,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLRAABAG1IewImdpCggAAQG7x2vs+m\/cEwWQ21AQ\/\/\/EYQAA"}
00658{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":289316,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADexDZAAEAGxO4KCAABNBFy25hiAbudWal9YqZWhFAY\/\/8vsgAAFgMBALEBAACtAwF2lB5vq2mfN7X6ktw+ENS1yvGFdgW5h3\/A\/IpZBJlZIAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1435587871939,"flow_last_seen":1435587872289,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":289966,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLVAABAGRSY0EXLbCggAAQG7mGJiplaEnVmqM1AQ\/\/9kCgAA"}
00625{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":340645,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"pkt":"ABoRAAACABoRAAABCABFAADFRGlAAEAG0S4KCAABNubjrLHqAFALhykw9HjW0VAY\/\/\/+LwAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL3Byb21wdHNfY29uZi5idWY\/cnRzZXJ2ZXItaWQ9MTUgSFRUUC8xLjANCkhvc3Q6IGNyZXMud2F6ZS5jb20NClVzZXItQWdlbnQ6IC8zLjkuNC4wDQpJZi1Nb2RpZmllZC1TaW5jZTogVHVlLCAyMyBKdW4gMjAxNSAyMTo0MToxMyBHTVQNCg=="}
-00679{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_tot_l4_data_len":257,"flow_min_l4_data_len":20,"flow_max_l4_data_len":177,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00690{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1435587871941,"flow_last_seen":1435587872340,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":157,"flow_tot_l4_payload_len":157,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/prompts_conf.buf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00409{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":341312,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLZAABAG0X425uOsCggAAQBQser0eNbRC4cpzVAQ\/\/\/YXwAA"}
00413{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":341619,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAqRGpAAEAG0cgKCAABNubjrLHqAFALhynN9HjW0VAY\/\/\/LSwAADQo="}
00409{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":341957,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLdAABAG0X025uOsCggAAQBQser0eNbRC4cpz1AQ\/\/\/YXQAA"}
@@ -183,7 +183,7 @@
00409{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":469776,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoRGtAAEAG0ckKCAABNubjrLHqAFALhynP9HjYWlAQ\/\/\/W1AAA"}
00410{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":470699,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLtAABAG0Xk25uOsCggAAQBQser0eNhaC4cpz1AR\/\/\/W0wAA"}
00408{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":471104,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAozOBAAEAGojgKCAABQSeAh9aDAFDjx6hcHDiobVAQ\/\/+8fwAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1435587872476,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1435587872476,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":476294,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8WSJAAEAGvP4KCAABNubjrLHwAFDxQTSmAAAAAKAC\/\/\/drgAAAgQFtAQCCAoACG2EAAAAAAEDAwg="}
00409{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":477714,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLxAABAG0Xg25uOsCggAAQBQsfAOvstZ8UE0p1AS\/\/\/Y9QAA"}
00410{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":477861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoRGxAAEAG0cgKCAABNubjrLHqAFALhynP9HjYW1AR\/\/\/W0gAA"}
@@ -192,17 +192,17 @@
00409{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":478810,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoWSNAAEAGvREKCAABNubjrLHwAFDxQTSnDr7LWlAQ\/\/\/Y9gAA"}
00407{"flow_id":15,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":478908,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGFjUKCAABNubjrLHqAFALhynQAAAAAFAEAACjswAA"}
00615{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":479232,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"pkt":"ABoRAAACABoRAAABCABFAADAWSRAAEAGvHgKCAABNubjrLHwAFDxQTSnDr7LWlAY\/\/9RbQAAR0VUIC9sYW5ncy8xLjAvbGFuZy5wb3J0dWd1ZXNlX2JyP3J0c2VydmVyLWlkPTE1IEhUVFAvMS4wDQpIb3N0OiBjcmVzLndhemUuY29tDQpVc2VyLUFnZW50OiAvMy45LjQuMA0KSWYtTW9kaWZpZWQtU2luY2U6IFdlZCwgMTcgSnVuIDIwMTUgMTQ6MDk6MzggR01UDQo="}
-00673{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_tot_l4_data_len":252,"flow_min_l4_data_len":20,"flow_max_l4_data_len":172,"flow_avg_l4_data_len":63,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1435587872476,"flow_last_seen":1435587872479,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":152,"flow_tot_l4_payload_len":152,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/langs\/1.0\/lang.portuguese_br?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00409{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":479402,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodL9AABAG0XU25uOsCggAAQBQsfAOvsta8UE1P1AQ\/\/\/YXgAA"}
00414{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":479716,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAqWSVAAEAGvQ0KCAABNubjrLHwAFDxQTU\/Dr7LWlAY\/\/\/LSgAADQo="}
00409{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":479841,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodMBAABAG0XQ25uOsCggAAQBQsfAOvsta8UE1QVAQ\/\/\/YXAAA"}
02253{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":515481,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdMFAABAGzyKwImdpCggAAQG7x2vs+m\/cEwWQ21AY\/\/+F+QAAFgMBAD0CAAA5AwH1S9MIgCkUPyVSxCu9eO4c7lZkVyWRyK5nvkH92WW6GwDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBC\/cLAAvzAAvwAARyMIIEbjCCA1agAwIBAgIIGh2bzDH41NkwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMTEyMTMzNjExWhcNMTUxMjMxMDAwMDAwWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzETMBEGA1UEAwwKKi53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3DcqHH9nkO3xJ2\/KjK4+KdknYUOVAk5FCYu5jhH\/bx1tLDU5Ztle1x8HXTubW53UMCKQTgs3yaddERtJEwSjyOgcGzlHOBFe\/UBG5axvku4xaKMLfQktC2naRwB2q5Zom58pascBUUKKOZ26OEqBgHScTupV5iXj2dZqbrBMYx2mzRxrYrezh6HTAvLdjhr5H5Y8GFvRsIJNaQ3RiwUMzGqBqvApch1ohN8NmHPL5rAyRQfJ3ATlFU6SBrCbVrSV6DCXrLr2DYC4NtOWPEwmBlvslYl+WfClmW6BJgXQEErTAD4MEK2x2ubl5h0Cf8PUnVyuPmxzQVU39c6eXAQc0CAwEAAaOCAT0wggE5MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggoqLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQUAd9hvZ9qWOfmBT7pRCOjoYgBvDAwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALdEMofnAGs9KF\/aAssHoa027WFzlWlvAbahX1IS8HUzv4b7JE7O0JpCoo3n8\/YUadxD2PgK3U10HkSESZRPOEPUTuWPs2UxFE\/n5D34NIkm++oUgyVGOxd+tZTYilONIzglzPOPjwLpJRWewhlKC6I+dLqlm\/SdDf\/pngDN\/VbjmZ\/PKSIVX0ndrGoitOGL6cTZzcCN6T+tScWH0F1BGXTJlCsG\/cM1dsQxrwcY+4dBN5kQOon3i6gCvwBVGWuV5oLg6ItomasewqbtKKSz9Dz3xF1GDgpcISl4W4bCy5wn+oOv8UEqnX+NyIshCEV1j1gDa1t++GW4+YjpoJwLyFwAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMC"}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":177,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1435587871935,"flow_last_seen":1435587872515,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00410{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":566264,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo\/W9AAEAGG8wKCAABsCJnacdrAbsTBZDb7Pp1NFAQ\/\/+\/CQAA"}
02254{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":568660,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdMJAABAGzyGwImdpCggAAQG7x2kFCOI\/+vceeFAY\/\/\/d2QAAFgMBAD0CAAA5AwGJBKh0VCTwuekm8YofcDfcU3yh44UbRfqdIBb4m1TZawDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBC\/cLAAvzAAvwAARyMIIEbjCCA1agAwIBAgIIGh2bzDH41NkwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMTEyMTMzNjExWhcNMTUxMjMxMDAwMDAwWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzETMBEGA1UEAwwKKi53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3DcqHH9nkO3xJ2\/KjK4+KdknYUOVAk5FCYu5jhH\/bx1tLDU5Ztle1x8HXTubW53UMCKQTgs3yaddERtJEwSjyOgcGzlHOBFe\/UBG5axvku4xaKMLfQktC2naRwB2q5Zom58pascBUUKKOZ26OEqBgHScTupV5iXj2dZqbrBMYx2mzRxrYrezh6HTAvLdjhr5H5Y8GFvRsIJNaQ3RiwUMzGqBqvApch1ohN8NmHPL5rAyRQfJ3ATlFU6SBrCbVrSV6DCXrLr2DYC4NtOWPEwmBlvslYl+WfClmW6BJgXQEErTAD4MEK2x2ubl5h0Cf8PUnVyuPmxzQVU39c6eXAQc0CAwEAAaOCAT0wggE5MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggoqLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQUAd9hvZ9qWOfmBT7pRCOjoYgBvDAwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALdEMofnAGs9KF\/aAssHoa027WFzlWlvAbahX1IS8HUzv4b7JE7O0JpCoo3n8\/YUadxD2PgK3U10HkSESZRPOEPUTuWPs2UxFE\/n5D34NIkm++oUgyVGOxd+tZTYilONIzglzPOPjwLpJRWewhlKC6I+dLqlm\/SdDf\/pngDN\/VbjmZ\/PKSIVX0ndrGoitOGL6cTZzcCN6T+tScWH0F1BGXTJlCsG\/cM1dsQxrwcY+4dBN5kQOon3i6gCvwBVGWuV5oLg6ItomasewqbtKKSz9Dz3xF1GDgpcISl4W4bCy5wn+oOv8UEqnX+NyIshCEV1j1gDa1t++GW4+YjpoJwLyFwAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMC"}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":6,"flow_first_seen":1435587871918,"flow_last_seen":1435587872568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
05107{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":569585,"pkt_caplen":3545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3545,"pkt_l4_len":3511,"pkt":"ABoRAAACABoRAAABCABFAA3LdMNAABAGN3U0EXLbCggAAQG7mGJiplaEnVmqM1AY\/\/9T4AAAFgMBAD0CAAA5AwGuqqUjqfu42AzUp6pnk8p9zIE0fFYkczwXlPrIUdq6GwDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBDAMLAAv\/AAv8AAR+MIIEejCCA2KgAwIBAgIIdngzx9KEkDUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMTA2MTYwOTIwWhcNMTUxMTA2MTYwOTIwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi53b3JsZC53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl19Yrv10JVvbDv+DcdGs3iL2qAyWGBCh9dBBfDSAPztP2zJeYXmnPQLCabDumM5sV7994IeE\/lDlNg\/Ee9AVVGazduLe76CEdBASswND6c3ScTzsmvvizSQ7iCLmTGWdY7m78IvHnpcTTwMbz1xjAt6nbJdrDsWlDzyhhCDWK6IfCRuO2hGmKNKEWvAgjjIYQ2nDdUeRvoXH+AAQVpDFmbrN5yTBDUdjrgiaq0ZhMga3iYMHUUlpNRnB25Y7qg9ksH8qvnj7eM5yjiE+Gz9pntMytr\/XyqrWsNzChuSvj8cLLo3RMatDoPKfiw+mfBtr75CMCZ0Z+MZJmYi8WLjaUCAwEAAaOCAUMwggE\/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghAqLndvcmxkLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQU1mxvIJu5ECrTi3o6310abW3e5WgwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAVpjbOikll0Teaae1COIvpXTJakGeRLf+92aO+LubSXxVPd8MV65O7qe+7mTzVcle4OL9BXTWgOB9m5mxXaplXhLzGouaP\/yzxCeZxN4emiYMxJ2NdNfOIWdKSSjcwey5R4Pf4wYLWc99Pl+xmKWW+4UK4Fr0R3BKQthQ6LcyWnduTpOX3i0b1oEKSFL1Vihne5VDxgrHGjZ94IbG96VTGUyce0bVy\/lr\/UQYY\/cZy6i707TNZg8\/R8VCT6E5K482Z2i9e3GHVF7UoogvRRWxcFgmFMx+tytkegF1ydRjmZ6fy1jkp4YAvpGFX7\/avRkjLnVnNHUyRsyOQO7cE54VdAAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBA1VEDMzXeskEeC3gUKul3lP31QXxCQZyBpyytjLNYhvNMQdfIrqVpYv5p20b8P2F8BoUNYcZmKjDHOANnp943oBADlwpSevDnQPDv\/wkvcHQd2bX1fbIVkX6cgN8rWBxU3G+sLysjgLpLm55c6lMMeUQfGEqdKdHZZpP1+GUWSKhXN30B90Gf7mdzM3f39\/0MbFzVaqMqoCmAX9ZBdYa0q3P20vkZrKoVH9vtlldg8RIQz8WQezNZOssNI10py8E9qJyTixBJYEvtCqJpjv28q8HMcOHtbNNL6gdZzslFoa6e0dEUsbueS+dguY1ESQUSjzkK+DNGJMJLm8ArOFmM5x4xAZNAyzabeyWzOAtUbGuYnzuSWY42lmhsklxx+XSwwVXf+M+jyPjREqj03xALnVJzrn+vJElbBGqoSLIw\/K+lkWAwEABA4AAAA="}
-01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_tot_l4_data_len":3813,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3511,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01054{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1435587871939,"flow_last_seen":1435587872569,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00409{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":569903,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAocIxAAEAGqK8KCAABsCJnacdpAbv69x54BQjnl1AQ\/\/+\/CwAA"}
00408{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":570286,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoxDdAAEAGxaMKCAABNBFy25hiAbudWaozYqZkJ1AQ\/\/9WZwAA"}
00593{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":595298,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"ABoRAAACABoRAAABCABFAACuxDhAAEAGxRwKCAABNBFy25hiAbudWaozYqZkJ1AY\/\/8MmwAAFgMBAEYQAABCQQQ4BVLjLvc+HZGngY00+3Wo\/kZ45i9D7JrE6hE3wZbaIDTZhb9zNpOq0ZSZtrJ0ILhIdSEM\/LEW0+5OVnF4voG1FAMBAAEBFgMBADDqnEXoQ2Wj2nCaB4kh8NXXGUiCBecloJhaKlB25qG0zhN05u8PLH3x+RuGJFOha+Q="}
@@ -210,7 +210,7 @@
00935{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":648064,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"pkt":"ABoRAAACABoRAAABCABFAAGxdMVAABAGz+Y25uOsCggAAQBQsfAOvsta8UE1QVAY\/\/9S0QAASFRUUC8xLjEgMzA0IE5vdCBNb2RpZmllZA0KQ29ubmVjdGlvbjogY2xvc2UNCkRhdGU6IE1vbiwgMjkgSnVuIDIwMTUgMTQ6MjQ6MzIgR01UDQp4LWFtei1tZXRhLWNyZWF0b3I6IEN5YmVyZHVjaw0KQ2FjaGUtQ29udHJvbDogcHVibGljLG1heC1hZ2U9MzAwDQpFVGFnOiAiZTY1ZmY3M2ZjODI5ZmVhMDdmMWU1OTI4NGEwZTMwOTMiDQpTZXJ2ZXI6IEFtYXpvblMzDQpBZ2U6IDIzMA0KWC1DYWNoZTogSGl0IGZyb20gY2xvdWRmcm9udA0KVmlhOiAxLjEgZjY3MDEzZjQwNWIzZjhlZTY4MzY4OTljMmVhZjk5MTYuY2xvdWRmcm9udC5uZXQgKENsb3VkRnJvbnQpDQpYLUFtei1DZi1JZDogVzY1azVSRnIyclhWdUhhSzBjSDRjNU5VekFISEx2NkJDcDNUaXB4LXpiVlBVaU5kNmM4NWh3PT0NCg0K"}
00409{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":649276,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoWSZAAEAGvQ4KCAABNubjrLHwAFDxQTVBDr7M41AQ\/\/\/W0wAA"}
00410{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":649703,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodMdAABAG0W025uOsCggAAQBQsfAOvszj8UE1QVAR\/\/\/W0gAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1435587872702,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1435587872702,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":702798,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8Y6lAAEAGsncKCAABNubjrLHyAFAC8Q4\/AAAAAKAC\/\/\/yUgAAAgQFtAQCCAoACG2WAAAAAAEDAwg="}
00409{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":704043,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodMpAABAG0Wo25uOsCggAAQBQsfL9DvHAAvEOQFAS\/\/\/Y8wAA"}
00410{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":704177,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoWSdAAEAGvQ0KCAABNubjrLHwAFDxQTVBDr7M5FAR\/\/\/W0QAA"}
@@ -219,7 +219,7 @@
00410{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":705148,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoY6pAAEAGsooKCAABNubjrLHyAFAC8Q5A\/Q7xwVAQ\/\/\/Y9AAA"}
00407{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":705357,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGFjUKCAABNubjrLHwAFDxQTVCAAAAAFAEAACygAAA"}
00612{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":706282,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"ABoRAAACABoRAAABCABFAAC+Y6tAAEAGsfMKCAABNubjrLHyAFAC8Q5A\/Q7xwVAY\/\/8YIAAAR0VUIC9uZXdWY29uZmlnLzEuMC8zL2xhbmcuY29uZj9ydHNlcnZlci1pZD0xNSBIVFRQLzEuMA0KSG9zdDogY3Jlcy53YXplLmNvbQ0KVXNlci1BZ2VudDogLzMuOS40LjANCklmLU1vZGlmaWVkLVNpbmNlOiBUaHUsIDE4IEp1biAyMDE1IDEyOjA2OjEyIEdNVA0K"}
-00672{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_tot_l4_data_len":250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
+00683{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1435587872702,"flow_last_seen":1435587872706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":150,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Waze","breed":"Acceptable","category":"Web"},"http": {"hostname":"cres.waze.com","url":"cres.waze.com\/newVconfig\/1.0\/3\/lang.conf?rtserver-id=15","code":0,"content_type":"","user_agent":"\/3.9.4.0"}}
00409{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":706630,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodM1AABAG0Wc25uOsCggAAQBQsfL9DvHBAvEO1lAQ\/\/\/YXgAA"}
00414{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":706862,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"ABoRAAACABoRAAABCABFAAAqY6xAAEAGsoYKCAABNubjrLHyAFAC8Q7W\/Q7xwVAY\/\/\/LSgAADQo="}
00409{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":707184,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodM5AABAG0WY25uOsCggAAQBQsfL9DvHBAvEO2FAQ\/\/\/YXAAA"}
@@ -237,13 +237,13 @@
00409{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587872,"pkt_ts_usec":905648,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodNhAABAGRQM0EXLbCggAAQG7mGJipmURnVmrw1AQ\/\/9T7QAA"}
05827{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":171594,"pkt_caplen":4048,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4048,"pkt_l4_len":4014,"pkt":"ABoRAAACABoRAAABCABFAA\/CdORAABAGNV00EXLbCggAAQG7mGJipmURnVmrw1AY\/\/9yewAAFwMBD3Ae1c06ifDdZ7BaSZ+kw2is10akaaf1JPfoUrCK2GqgGQQcgA2X4xxr6A49RJfWB0c7fivetH79hLECquq0UzRCLMJna6CBqDbIblxhRoJUE2P3G2EvUNUHgpLQ35HpNtXvJhMK27hRNI416LMXU0D3Yf7mO3+EtSTj2xRgPaZoSOeoDuALIHS8KjaZX+sOMVfcn3JZS5icItFEkjQ45fzYKyp3cul3Tflim37qqdx6u++pYAFTTMb+LGOW5\/baL\/d0W2Zhs2KJKrDGYNj6\/vZXg21Pxw6cAg52ufQfS3Y6OhnsyabaYLWPDufFI0MosFGQHpKQXS8zwvFfjO4TSI9eIzkZdyVCdTdiqLdZsJxJxfZkB7oFpmkikM3tOM127FHB5f3smAF23Z8r48mowA5kfAJYM4E20uWYE3DpVEiIloL4EO\/Dlmv8JAOORWjzGyOnO8nEzNkm8yPJj4DKpj28XdbiMPy7GY+2hpS\/iDe7qInE5pa0thfuRq5jNhEh4K4t46\/lvAR3uV4CIcfwT+aOXR8Xjz3QxiXw0LYsctle76Kvpn0L7wUW9UvrzeI4ag3VLmH+xVEKHImUqFXShcW69D9uKvDhpopLD6s4cViJH\/Bxs0p5zltV5+xUsI2pQ\/i+90u1d1DYRUkc0BqgwtC98oVzrNHEzMLd+jpSsNa7jzPeDn7ELQpHe31C9\/EmCU9o\/cH4Rf\/bsnc\/ypMnpV06zxJPuotqWGx6A4msAS2RJJ3P2SnJRCbS0HNcSqR2mzrVqvIDn4wGwTsoN3IkQw\/\/nyrh5PFoDv6ljKtVLWmBc7IIExpb8ZhBHF1+yPvfeVyjBFmZ8xO3ON93R3RdCGEmmKXTUVAfOj2LCzpCVgM8KTJe1xqUQ6hBmfT7ScIZ8qS+HhQoU1\/nJSFGq40ujteIcpYB3oTdScuGYGXmFtTSKFtxoJcYF+XeplO49VhMGVbojnqb67ZQN\/QOuAyZf0qEDVNrtBBcX4wMEewmPY+8VFq\/FLcYyPe7FhK9AQAtlZ4TDqV6Z3LIGWzXxJGUOOMgu316+O3YdELUYTTKwO13dx5aXlzwVj6smB3JkoB3WTEdelTSMKv45QdrGYPgfPqV\/gFmHQiIA8x4DrJfy0hVe2MDGSm+4Nkz19vJxUOA3PhKGz4VBqRlDCdZv4a\/q0ZXgti9y5cSflabJC\/Hq8ylIGQaUAehfkTXRflip0lrDHGSpyGyFsWhcuMkijFevtzDd\/3kUwQKd4eV5wqg0PY\/mBolDUg5vIy85pzGKbsjBzvvvR2Ht+5wld362BaNYuSPh\/Cdr+9FWREh1OLrxKHo9bsI4ySk1OyYv+d10tRZSZYzifqoqyY1UgP0W+aZlyKvkAnOudIc\/+B81xBe3WRzNn2mx8vUHoiu6\/JIn\/F6I2AJOsyAvH2lOPj+qg7Cd8VUBEr1sMNhH\/qKwjVUYhO0M17mjpJzJx9l3\/BnjBl8KMSKrQIECl4dc9np74gluhOM0na2oCiqwdc3QHryuFgzjmIMEZqWqijN8ueMAo7n\/VrXBTYDPv7NhpU3tTlz1v81VERyfk6v+D7xXUqkekcaceuBOP78Hs3EYijWXU7gIqlJgzl0qb9vCGZnhCPaTEMtfK3VQSsA1DA\/\/GJ8V2mS27\/19rI93iWU5DRZolI4dOM1bElAWkyH\/HwUpeKHR0H45nrmE\/4yC9jtXIYo5ED9LqFg5rnn43iWSfcymbrrwqAqg7AUW1k7QOdYRPgnDBilO0nJhvG8tu9xb7g5215LROCwK8+6JI8mlaKV7ZCku2lSHeO1LtkBgsc\/zDkvyJ8eyfMsa4CObp\/GyVmlvkL0BeWJBPsFcj4+766YxCs5+AGJ9AgtPdNUsu\/lfw4PP1edysDT3641dnKwW3iA25hqBqAP\/zfc9CUjnmXjz9KHWt1cAeVqQiqJkBC8KcLxj3YtstEl9wQ1t+9rjUVo6PPfvroxIXjgRdzpE5zxIz4Ae9iZe6IFZqI6slIJk7A8b1\/CsiLmDmnizHMUErGfnt7aBPb7BQ6gu34tFFJMff7FTF+Pw7yAK12iJ11HtcDlESMTZqU3MOJlPwLMm4yc\/BgxXio\/l8D8vgt\/gnBZktZrBoYAYAkKT8oa\/Hh3llZB4fH0OHbKcAyPMFo4rAr3oXnE95vDLJNzTDAeYlTWHwS+NEutWihUoRlUSVMGpfm75ZZi6jHXnk9houTnDnwkkpg+\/6hISwKPKcZ3EpMTZbQOgi4TRmvU3O3xuT\/UM4TasLtNypx4xZF76qiOE+RG4MOYCtUCvArnh\/aEV4\/Xli3hNIkVzh2iTgWiYHe7ZN+NBQCBiJKaMsAQnsQ8RivuVcpZhzVioIgfyz\/lv3ppbJc0VLrAzrO6znQtBlgbd1khNk0ljCWnDJ0puy0oGtt1CNhL7apcZDDUablPh7g6s8uDjFB9hJ375sst1C+MVfocPQ\/BSTAtvc0QYSGwS66p+nJ+tS61qMMO3x2vojMSVIvdpb9l8yoXf3T5KraqlNQhuddurP9SjpBEZzKVRUOJ0gxBaGSnGLQm7DeSEYR9t5VbKpT7OXC7zG\/Ftmi4onHtADMvSPOt5m28YgN9Fko6B93SomlAHpDiZKWvFxiTPHEGysrA27U96Ri5UYAPgEeHOdQkRSDf7ejopsWDARLq1h96dctb\/EPa3CnW5xuFSu246gpY4mTqqGvJXT1IrcKxlrJVxau2Kf7inuWM6\/mSiBqI3Nww6eWib5YiNCb6iIZeRRt0bo33bIKDhRNu2FDTjJ+MT31fmL1OEWJb6n0Y2tH10vcYWCtTlbM4aYPYvpdxdEU91I+JCPJXEU2RZaAwab8rCCbPK\/QbHbuKXdqPrtPu0Q7MifvodJlv35fNYzuy7KdTfuRURp9jOQJAMUhZnuvLj9KGt1kDnRDSq4cG10yveZG+6xm+TvZYEgPbAi8YiukBp3OoSVvgAUtCQzyw4MKmSVzKlBsJaxMdb\/h5QNgGOKwM5UW+N77Zu6q38MZ2x2on07fx0aCtYzGiyHQn5WPk+txqZ5uWD9fyu9aiASXlmgWhYSpCMxkv6\/cRTK36I2W+lPFcctgJ4zL+C6qtJQcdY+0LCoUbsu9Cgor5USSObbpMnOUyqzpG\/Hol0rJyGv3XT8N6sNXKZ9Nsb\/G11pM9dSWvMxXZYPsacJ+IaYuMb+BeYWbQOJpM8uFiMCq\/dTFMyh061ufwV8SEYEY1s2PniEfBICKp8NfgVzkcvaw4gNE9h70qW5HTy7FW5Cv2DDVp4nbVBoGqkDT7032S3BUHxXoYVuDwWqubWneN0HosqS3OJFBnjUG9GmJ2kIId6ltlSQMIFj+q5zCJKTtsGW0G3Vrt15htewNjxtWy4GhgnNqbz5VXvnvWYUx5YTGjZk7NqitRwSryuXMQ8NsS4Vjtm5wcvv+Evz0kTcXoguSt6x9wqhel\/dNO4ZEXJxtzKTGdFqYNBp5lpP3vhO7ILd5JspWHTePyD9hWd4Ske7eWn68+nB2z2jpBoA90+Wffnuk9dd73+BlCai0pfRGS27ng1COwvdrkTyuWdNGIKqrvBdxsqBslGyZn3pZhmPLyhO9M4RzvOUYMtZOKZsqpHDPgnfY2puI7Ehn+XdQWOmpFqeoMXAOQcUyUm+io\/SCKEERDygLh+EBk39s4xu6uf0VYhvgU41d97r5JiglCI3HLiIhzIDnWK56XOziDzHWFzhNgaGFyHR4KUCboM4iUwAne4em1aGRhPFdihboZ1texKS1+DDu3pS+4mR+dbJtPgTJoT1TI+zUmDkpTcGJN6kJuAo30grqYznoL0o5lZE8RsImRB2QwdK8+NUcBYTNaZ9BIjmg2p46TEo+lcvU4vyqIMcw\/JsnnkNHoBniX6G8wz8XZq595zK41RXPqrD6HAtUk1jULRZlGWQNtrmf0OgAuziv2+IphpKBdxuvfhR\/kB+Gvh2\/65eQey5u54nnDI6GOzjIRYHBwaV5abp7VTNd\/CDMDNVlV7Je585PkWCSrsl+1Wcgyj44re38ee2VqoOr1jW6G40wCBTdPUBLkm2HL+wFWNE5AOUBK3SszzoyBLLX7gkRpMwXFcPfm9G\/CgPNkDoXgrln5oE3WiKgdtEGybPSAxjECh8lCckRtt8xEX31t+DCHN1ghq47p9Fu8O15jb0c8ddAyGh2lGx7x9qLkCxB7\/WjKpvUQmzQXR3Tx6aXpAfxSB43qOkKqBbzHAG\/RVSuJ4o89z0g1a1zRIXQ7bfBn4V3LN9G8ZSIF3N8oy8a4Zs0zSwD2yEDpr\/ynTAR2SWlmtUIuKPcPyROtn8\/vsz5+oSu0nbFXxUJg4OjO+7vPzhOzEFMkYYgMFl6vjlo5jsdklntcEo4HvNW8KZZxIWn+VgOHEJZ4MOKtT4xn1iF81dsZGASWVXP1tBkxRtmr74k4DkeAdmakOZW+Nzktm0mbm8PoRbhjgcoguNXsXIQC9IMzS3awc69AkXVvJgBPrlORKCP2mvjUC4od1mUF5F4troUNoSOHS9gk+ijuwl5BgiA\/JEYjP4tqH2Ljq\/+s+SmioaJvBAdtrVfdvGHStUDEqgzn1xCFjbAcSnJPnrjnZkugbW3EZGuCow8d2QAZmCuEYgG3sUf6IdXG\/bR4mWQaJhEwVupEkhSKroqQLzO9nbD0OtiWrtLFy3TR\/gd5PBcNZ2vkvFCBQea\/ZWzMneHkZb39NleHRib2QY4CjUW67W\/If2WZ0JyPjqdU\/nvG8Bbe17t8Dkg5Fu3TjP4ECPeGj78G5sfpsv3lttjoyG+NwIvNvQwz1IqwWmVaw2tO91MFwFPbBpyHrctpRRu7Ehc8hFxOB5Pe8s8ji+wMlVwGMPJD7XCGClVivG8QHOf3JIp2mzDc8UcxijSMLLfzWHnd4R++FrqsnL1CI9DEOoORFM2xKaYaxv3QjvDSdNU+ni1LhfjlyxuPoAWw8UZrTFQBUpHMJ\/GugSfFyjjHvHajyC8CgSep\/9glZNMdwXoasxxJmSb0slxpPl2WyC6+mqAuD3492+8ZwKel2BJM07v9aw49\/xHXwlCpvKinlH5D\/8aDyY88+ck0so149hs+v1gS4l+HFZn4QiE4muz7RdPJYlPjR1Mu4ZwC7aeBD2h9yPYpIqTrRJLJFDofxE70e3h4GrC4uLr+\/rMpHPqVIZe6TPwLh3PXwYSOxdl4cnNm2vmZ0U+YiY6jGOK\/g7dh1OYe4aYxA+WMlHWHBJ1jUaaUswbh3PKKlaW2O8MnOYjKBqYA7Wz2DRPDpTRwOFvJFQMBACDEWUnamGel4WGO8B7bz17uz\/4UBIKizwpxrvKxIfvTEw=="}
02254{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":486827,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdOVAABAGzv6wImdpCggAAQG7x2rbsbi4JE5H\/1AY\/\/+OAwAAFgMBAD0CAAA5AwGT\/N2DAjIgaWtQ9FtzlofeU2qXyUUfT55EGVPZdVXqfQDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBC\/cLAAvzAAvwAARyMIIEbjCCA1agAwIBAgIIGh2bzDH41NkwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMTEyMTMzNjExWhcNMTUxMjMxMDAwMDAwWjBkMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzETMBEGA1UEAwwKKi53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3DcqHH9nkO3xJ2\/KjK4+KdknYUOVAk5FCYu5jhH\/bx1tLDU5Ztle1x8HXTubW53UMCKQTgs3yaddERtJEwSjyOgcGzlHOBFe\/UBG5axvku4xaKMLfQktC2naRwB2q5Zom58pascBUUKKOZ26OEqBgHScTupV5iXj2dZqbrBMYx2mzRxrYrezh6HTAvLdjhr5H5Y8GFvRsIJNaQ3RiwUMzGqBqvApch1ohN8NmHPL5rAyRQfJ3ATlFU6SBrCbVrSV6DCXrLr2DYC4NtOWPEwmBlvslYl+WfClmW6BJgXQEErTAD4MEK2x2ubl5h0Cf8PUnVyuPmxzQVU39c6eXAQc0CAwEAAaOCAT0wggE5MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAVBgNVHREEDjAMggoqLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQUAd9hvZ9qWOfmBT7pRCOjoYgBvDAwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEALdEMofnAGs9KF\/aAssHoa027WFzlWlvAbahX1IS8HUzv4b7JE7O0JpCoo3n8\/YUadxD2PgK3U10HkSESZRPOEPUTuWPs2UxFE\/n5D34NIkm++oUgyVGOxd+tZTYilONIzglzPOPjwLpJRWewhlKC6I+dLqlm\/SdDf\/pngDN\/VbjmZ\/PKSIVX0ndrGoitOGL6cTZzcCN6T+tScWH0F1BGXTJlCsG\/cM1dsQxrwcY+4dBN5kQOon3i6gCvwBVGWuV5oLg6ItomasewqbtKKSz9Dz3xF1GDgpcISl4W4bCy5wn+oOv8UEqnX+NyIshCEV1j1gDa1t++GW4+YjpoJwLyFwAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMC"}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":247,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1435587871929,"flow_last_seen":1435587873486,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00410{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":537747,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoKgNAAEAG7zgKCAABsCJnacdqAbskTkf\/27G+EFAQ\/\/+\/CgAA"}
03254{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":688799,"pkt_caplen":2165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2165,"pkt_l4_len":2131,"pkt":"ABoRAAACABoRAAABCABFAAhndOZAABAGzBawImdpCggAAQG7x2vs+nU0EwWQ21AY\/\/8xhwAAVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBOgmktKs2u8KZlermTQ1uo4DJTwO1l81HZU2UEEh3Ngme4s26QuzUjA7qcwVyCM1XqEq6UQVV34bM+n6Wr2h2E0BAJLfa35ghbxmR2cOGeSxQ0QIBKsOjB4LFUFw7fdneS6XtoSfgXl26vJDz87ynp2qyipRikKGn6hf7+ViGycvsK4BKr8tgesZPGaHKiSrsCEvq3USRDsjqReE78pN7OZEOFqhdRudu6KIfOhaywGfAxUa05+8yNCVsyOwa\/A7LpeIMgrxCzOgOyyw8PqpXvOss+OHVfdN9+RSV+45P85\/cc\/9KH1eiEoD3pDTNiyl6THghmR7M2FrOD62YcUvzU9rOxpB09SWOhaKo+FBvDJdBf14ghLyVsYbIHmBZqkUP2W5pFDX4kBUZOAFIUnT8dGgcFJ9sIuZ56ZDaEYSOiPuyVoWAwEABA4AAAA="}
-01032{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_tot_l4_data_len":3841,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2131,"flow_avg_l4_data_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":249,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":8,"flow_first_seen":1435587871935,"flow_last_seen":1435587873688,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
00409{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":740336,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo\/XBAAEAGG8sKCAABsCJnacdrAbsTBZDb7Pp9c1AQ\/\/+2ygAA"}
03259{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":741385,"pkt_caplen":2165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2165,"pkt_l4_len":2131,"pkt":"ABoRAAACABoRAAABCABFAAhndOdAABAGzBWwImdpCggAAQG7x2rbsb4QJE5H\/1AY\/\/+oRwAAVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBOgmktKs2u8KZlermTQ1uo4DJTwO1l81HZU2UEEh3Ngme4s26QuzUjA7qcwVyCM1XqEq6UQVV34bM+n6Wr2h2E0BAAyZl+rWcTq+gkByVq0iJpxicN\/c8gLvTI9h3iA0lJs+7H925BdJCDqJZHMEIJ3esa2CF6kTJ9hEd\/QqabHGg4SfSn1UAaJIv4qDcn1HTyjms\/BrUiYh3cK4RsVRWUeOiOoBaXy5RfCoT9IOGJnrNTRyfld0yOTZXuDjwcFD9un4dqM4gtM\/rDF+FzvLBDOjoY91Q0xJEqZaGq7nGfncCC6PwjeOa0pzp6YCla8LUtvwIWVVkpnr8xS0aHf5bvqDy7YNCXU7in7B\/CJujsRE7\/VZ3N76zpwAoiPaEKmBKGxf8c1QC\/U6j7Dtp9aGpPMUFuaTejIJ9172rX4WLjSMHNoWAwEABA4AAAA="}
-01032{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_tot_l4_data_len":3841,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2131,"flow_avg_l4_data_len":480,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":251,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":8,"flow_first_seen":1435587871929,"flow_last_seen":1435587873741,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":457,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
00595{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":743733,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"ABoRAAACABoRAAABCABFAACu\/XFAAEAGG0QKCAABsCJnacdrAbsTBZDb7Pp9c1AY\/\/80TQAAFgMBAEYQAABCQQT\/dwBvETwxF8HCpQtNfsy8UrBBkbpcvUx4LvSTxKGyAUCgZo9OVa0V\/y4wB6KRUILtO1k82Zb3KCobi7iLg3GAFAMBAAEBFgMBADDJbwDESrOZXymXXCSDJzCaZl3p39KOFCGEfB5Zg+YJsK4+c+l5667V8OaYTl16zUU="}
00409{"flow_id":13,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":744300,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodOhAABAG1FOwImdpCggAAQG7x2vs+n1zEwWRYVAQ\/\/+2RAAA"}
02255{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587873,"pkt_ts_usec":744588,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdOlAABAGzvqwImdpCggAAQG7x2kFCOeX+vceeFAY\/\/\/xTwAAVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hx"}
@@ -255,7 +255,7 @@
00766{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":32523,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"pkt":"ABoRAAACABoRAAABCABFAAEt\/XJAAEAGGsQKCAABsCJnacdrAbsTBZFh7Pp+XVAY\/\/8SGQAAFwMBAQA2cWNxhmFZ1d05ru4JHvr0OIL2iGaMKnI94EwzC2yQE540T3A0JIAAzhceoCMTYb5\/FzVOQOUp43HXJdX2fspdo3fP2gytqtdEdOv7A0UWBQWLY+UsoOPPb02RFGzSv3y492ODg9wFQHzh9Nc24nSDFIUaqQ0iqf8EN7mLYSOuUstK6UxxwhTv0\/DgBEBNRguxwahy2dXT8G77M2loXu4JnRhb4QWJtjV4yH4at8J\/Jk12WXQTRFwqxLExNz6ZlbtXVRxRETsgG\/OSmCDW2M0kfD7OsEeES+UP\/SXAguG6Dbe1lZFu339\/2ueaBYBhQnAyPfiyro2ryd9vwfYU6xX+"}
00408{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":32938,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodOxAABAG1E+wImdpCggAAQG7x2vs+n5dEwWSZlAQ\/\/+0VQAA"}
01412{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":33211,"pkt_caplen":797,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":797,"pkt_l4_len":763,"pkt":"ABoRAAACABoRAAABCABFAAMPdO1AABAG0WewImdpCggAAQG7x2kFCOzv+vceeFAY\/\/9lsgAAa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBOgmktKs2u8KZlermTQ1uo4DJTwO1l81HZU2UEEh3Ngme4s26QuzUjA7qcwVyCM1XqEq6UQVV34bM+n6Wr2h2E0BAM9mz+LbaVNoYtO4IQOXwlBRJ7ns\/DVBy6Zp9NlScUu3WYIkc4O3zqqgw24BWnyGCxjh8xj9BsrAgSinwrLnA7UuugPOJojDJlj0+86ZDDTnmP9bkqHXfjekY5ITVwsi\/FERZ0crVkWxdN9pDkwpl\/39efL8IzIGD1WGtbsj+bpmC74d8rW8QAvO1WL1DgqRhY\/ZSmG7RD1GL6w+y78+trf3u0ucvXYnWH1yflQu0xz+m+zgvO7x4ee945eez+NnKZJ2HNdtCTS8N83CURDylnsbcrSjeZWw9842LQXJHAJuDkayPcXDayY7Q0wCJ3ErevanCQnnyPtOCzFTctUPvdsWAwEABA4AAAA="}
-01033{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_tot_l4_data_len":3881,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
+01044{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":10,"flow_first_seen":1435587871918,"flow_last_seen":1435587874033,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":3661,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.waze.com","fingerprint":"A9:35:F0:16:17:A3:FD:73:EC:0C:03:24:F8:34:5A:8A:B3:D7:8D:57"}}
00725{"flow_id":12,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":33402,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"ABoRAAACABoRAAABCABFAAESdO5AABAG02OwImdpCggAAQG7x2rbscZPJE5IhVAY\/\/8hcwAAFgMBAKoEAACmAAABLACgZYyyhW1E1RrNGRvl3ohq119X1zv6a+W0q7fpCHAJaiASCgGxvM0rhJRkkLGGrlffTZ3l4zA+p8CFkaN6JHmOKVENLTv9r8pnWIHaooS4Pb47q3nOdRgC0eH1b\/Ewz9XYHXlsdcwi8J+4wbRkAHQShh8SBqlngMLlZzx5fNeItuk6fyWSV3kjPJ1Abgp39F4iMNEsBy\/4BNtpUX5c9YyTwxQDAQABARYDAQAwDo5z9CCmu4T4yf8vDBdE1yo11d2ywtj29Fhj0WImC33Kx4H59Kyp0eRB+qVJPx7i"}
00461{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":33503,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABN\/XNAAEAGG6MKCAABsCJnacdrAbsTBZJm7Pp+XVAY\/\/8oCQAAFwMBACAJ6HqBXkdDtXSDf0r9cvid2om33dYTk4HvLbhI2imOcQ=="}
00408{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":34039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAocI5AAEAGqK0KCAABsCJnacdpAbv69x54BQjv1lAQ\/\/+2zAAA"}
@@ -269,59 +269,59 @@
00768{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587874,"pkt_ts_usec":343123,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"pkt":"ABoRAAACABoRAAABCABFAAEtcJBAAEAGp6YKCAABsCJnacdpAbv69x7+BQjwwFAY\/\/+HPAAAFwMBAQC7\/o5A\/SNlwLrFHOhVIYdvKluvLhZh1POT6fHvf9DCGcIpt9NvMANr9sZ9LNyXWTpS4W5wlMSdSBjr+ilY+yorbNaVIAAFnQ6lSa\/BikJFafqFjXdbXSH5\/fMJbEIbNGXkBQkR6doyrvuesHXVZc1HIkHtsfyZYv8E9UMgRTUyVxE43VjH4CWre\/GVTZpctIV3iPU\/eHiCbt33SPtVg737wEEz7boy\/w\/y793VYCn9K4rxJ3ncCtVXEc33omhjYWyCx7LSRuCZM5youkODRiYWEGatQZSBhdisgY+deajUrECtJ1AJFpINyUI36x4Pko1QSeUkcu5jfjJzdDvk6XzJ"}
00658{"flow_id":6,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587875,"pkt_ts_usec":693592,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"pkt":"ABoRAAACABoRAAABCABFAADdH7BAAEAGNHkKCAABLjOtto0GAbtbbHWqpJOZiFAY\/\/\/6sQAAFwMBALADrBKnGaK3WfzgCT3FYMNAjOZ+llBr3fI4vohyMsCSWn0ULt9+PV1IYPDe9kWWiV0OVn0edXZwGLo80p2mJdQ2gU2BvbX0MVkUpb15ppn1+hc6yQZdgKhFg0mU9F5BGATZ+rMVVPUcVRCj6KXAKEDnjm300I28sOYVdfFzTyDIuOT4nedEd55u3siGOk9\/rZms9VjSHdQf1AEs8NpfzxCE5zDZ\/iJuIgZc3IDyg6y66A=="}
00408{"flow_id":6,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587875,"pkt_ts_usec":694967,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodQdAABAGD9cuM622CggAAQG7jQakk5mIW2x2X1AQ\/\/8rOQAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1435587878215,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1435587878215,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":215938,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8EZdAAEAGeDAKCAABNBFy25htAbtopH5VAAAAAKAC\/\/+mHQAAAgQFtAQCCAoACG\/CAAAAAAEDAwg="}
00408{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":217263,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodRhAABAGRMM0EXLbCggAAQG7mG2XW4GqaKR+VlAS\/\/9ktAAA"}
00408{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":217523,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoEZhAAEAGeEMKCAABNBFy25htAbtopH5Wl1uBq1AQ\/\/9ktQAA"}
00659{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":444441,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeEZlAAEAGd4wKCAABNBFy25htAbtopH5Wl1uBq1AY\/\/\/QKAAAFgMBALEBAACtAwGuYbGMU0Nfp5xq\/npkGkka24sX9VU\/rk18edcLN8FjCgAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1435587878215,"flow_last_seen":1435587878444,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":444758,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodRtAABAGRMA0EXLbCggAAQG7mG2XW4GraKR\/DFAQ\/\/9j\/wAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1435587878606,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1435587878606,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":606407,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8DkFAAEAGt5sKCAABsCK6tI3YAbvsnGGoAAAAAKAC\/\/+FVQAAAgQFtAQCCAoACG\/pAAAAAAEDAwg="}
00408{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":608820,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodR5AABAGgNKwIrq0CggAAQG7jdgTY55X7JxhqVAS\/\/+rXgAA"}
00408{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":609194,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDkJAAEAGt64KCAABsCK6tI3YAbvsnGGpE2OeWFAQ\/\/+rXwAA"}
02252{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":781291,"pkt_caplen":1422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1422,"pkt_l4_len":1388,"pkt":"ABoRAAACABoRAAABCABFAAWAdR9AABAGP2Q0EXLbCggAAQG7mG2XW4GraKR\/DFAY\/\/9nLgAAFgMBAD0CAAA5AwHUlsLLBsJauTEgY6cbF8sk70tyX71bfKz4jyHUCpz0tgDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBDAMLAAv\/AAv8AAR+MIIEejCCA2KgAwIBAgIIdngzx9KEkDUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMTA2MTYwOTIwWhcNMTUxMTA2MTYwOTIwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi53b3JsZC53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl19Yrv10JVvbDv+DcdGs3iL2qAyWGBCh9dBBfDSAPztP2zJeYXmnPQLCabDumM5sV7994IeE\/lDlNg\/Ee9AVVGazduLe76CEdBASswND6c3ScTzsmvvizSQ7iCLmTGWdY7m78IvHnpcTTwMbz1xjAt6nbJdrDsWlDzyhhCDWK6IfCRuO2hGmKNKEWvAgjjIYQ2nDdUeRvoXH+AAQVpDFmbrN5yTBDUdjrgiaq0ZhMga3iYMHUUlpNRnB25Y7qg9ksH8qvnj7eM5yjiE+Gz9pntMytr\/XyqrWsNzChuSvj8cLLo3RMatDoPKfiw+mfBtr75CMCZ0Z+MZJmYi8WLjaUCAwEAAaOCAUMwggE\/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghAqLndvcmxkLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQU1mxvIJu5ECrTi3o6310abW3e5WgwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAVpjbOikll0Teaae1COIvpXTJakGeRLf+92aO+LubSXxVPd8MV65O7qe+7mTzVcle4OL9BXTWgOB9m5mxXaplXhLzGouaP\/yzxCeZxN4emiYMxJ2NdNfOIWdKSSjcwey5R4Pf4wYLWc99Pl+xmKWW+4UK4Fr0R3BKQthQ6LcyWnduTpOX3i0b1oEKSFL1Vihne5VDxgrHGjZ94IbG96VTGUyce0bVy\/lr\/UQYY\/cZy6i707TNZg8\/R8VCT6E5K482Z2i9e3GHVF7UoogvRRWxcFgmFMx+tytkegF1ydRjmZ6fy1jkp4YAvpGFX7\/avRkjLnVnNHUyRsyOQO7cE54VdAAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVow"}
-00785{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_tot_l4_data_len":1690,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":281,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":362,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1435587878215,"flow_last_seen":1435587878781,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1550,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00408{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":831646,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoEZpAAEAGeEEKCAABNBFy25htAbtopH8Ml1uHA1AQ\/\/9epwAA"}
03270{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":832590,"pkt_caplen":2177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2177,"pkt_l4_len":2143,"pkt":"ABoRAAACABoRAAABCABFAAhzdSFAABAGPG80EXLbCggAAQG7mG2XW4cDaKR\/DFAY\/\/+itQAASTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBA1VEDMzXeskEeC3gUKul3lP31QXxCQZyBpyytjLNYhvNMQdfIrqVpYv5p20b8P2F8BoUNYcZmKjDHOANnp943oBAA2cPuQCO7g6eGIofdwSUu1YiujzpSy38t12trry0O2PSWAvUAij90kb\/sJpYN4NqUjzUJdfSN1KVmLcVB4AJNUkSGJMw0SwXdio6cxmxZUSh6GtIQ+kn2uSSq1+Dg2ikAlE0A2Iu6vIqiqXO6MQK8ECg4TkizWrH4e4Pbt7GJm8aGqEUcz7vz66hNyhBW0b58ayuhEIG\/bmaiyEQlKLf9a0RIY3y6Ua76puU9aH7t9BoVDHB5s5R8SkAGfWjCUbJVq27PGYfyOXlpnUIo0igwdBUOZKq0o2YGGYnuWpIzzx13cKNAq1TbYGjobMXQeALF7Koz9jdXl4rMwgmfGR1kUWAwEABA4AAAA="}
-01043{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_tot_l4_data_len":3853,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2143,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01054{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1435587878215,"flow_last_seen":1435587878832,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2123,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00408{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":832815,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoEZtAAEAGeEAKCAABNBFy25htAbtopH8Ml1uPTlAQ\/\/9WXAAA"}
00657{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":901005,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeDkNAAEAGtvcKCAABsCK6tI3YAbvsnGGpE2OeWFAY\/\/8ZoQAAFgMBALEBAACtAwFWCBNoAIHi9OlNrmTTyx\/umOS8ZNI54fs0MYN5hNdT+wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1435587878606,"flow_last_seen":1435587878901,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587878,"pkt_ts_usec":901314,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodSJAABAGgM6wIrq0CggAAQG7jdgTY55Y7JxiX1AQ\/\/+qqQAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1435587879018,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1435587879018,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":18798,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8CjxAAEAGu6AKCAABsCK6tI3aAbtwD3ouAAAAAKAC\/\/\/pMQAAAgQFtAQCCAoACHASAAAAAAEDAwg="}
00407{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":20661,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodSNAABAGgM2wIrq0CggAAQG7jdqP8IXRcA96L1AS\/\/+rXAAA"}
00408{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":20846,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCj1AAEAGu7MKCAABsCK6tI3aAbtwD3ovj\/CF0lAQ\/\/+rXQAA"}
00595{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":130036,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"ABoRAAACABoRAAABCABFAACuEZxAAEAGd7kKCAABNBFy25htAbtopH8Ml1uPTlAY\/\/9XCgAAFgMBAEYQAABCQQQATU4nliehvNXm16xRaCitOB\/9BSV0IzVuFLFin1daa5Q2BJoDXENmdVLRDFYwQFmjb4+go7AlwuB\/6\/X3g7B2FAMBAAEBFgMBADAp5TwOgUBjgp6LZ7MpTXgv5bZA477tqS8CTnJvnl6OgegZQLA+2ARDBJixIlcwPwg="}
00410{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":130362,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodSRAABAGRLc0EXLbCggAAQG7mG2XW49OaKR\/klAQ\/\/9V1gAA"}
01774{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":181153,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"pkt":"ABoRAAACABoRAAABCABFAAQcdSVAABAGfNewIrq0CggAAQG7jdgTY55Y7JxiX1AY\/\/+BGwAAFgMBAD0CAAA5AwH43\/Coq+O7F27uwBca4DxqHvsYbg\/KrmI1zK52e1hLPwDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBDAMLAAv\/AAv8AAR+MIIEejCCA2KgAwIBAgIIdngzx9KEkDUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMTA2MTYwOTIwWhcNMTUxMTA2MTYwOTIwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi53b3JsZC53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl19Yrv10JVvbDv+DcdGs3iL2qAyWGBCh9dBBfDSAPztP2zJeYXmnPQLCabDumM5sV7994IeE\/lDlNg\/Ee9AVVGazduLe76CEdBASswND6c3ScTzsmvvizSQ7iCLmTGWdY7m78IvHnpcTTwMbz1xjAt6nbJdrDsWlDzyhhCDWK6IfCRuO2hGmKNKEWvAgjjIYQ2nDdUeRvoXH+AAQVpDFmbrN5yTBDUdjrgiaq0ZhMga3iYMHUUlpNRnB25Y7qg9ksH8qvnj7eM5yjiE+Gz9pntMytr\/XyqrWsNzChuSvj8cLLo3RMatDoPKfiw+mfBtr75CMCZ0Z+MZJmYi8WLjaUCAwEAAaOCAUMwggE\/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghAqLndvcmxkLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQU1mxvIJu5ECrTi3o6310abW3e5WgwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAVpjbOikll0Teaae1COIvpXTJakGeRLf+92aO+LubSXxVPd8MVw=="}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_tot_l4_data_len":1334,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1032,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1435587878606,"flow_last_seen":1435587879181,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00408{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":233437,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDkRAAEAGt6wKCAABsCK6tI3YAbvsnGJfE2OiTFAQ\/\/+mtQAA"}
03764{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":233895,"pkt_caplen":2533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2533,"pkt_l4_len":2499,"pkt":"ABoRAAACABoRAAABCABFAAnXdSZAABAGdxuwIrq0CggAAQG7jdgTY6JM7JxiX1AY\/\/\/5bAAArk7up77uZPNVyV7g4v0FdNaA4H2bmbFdqmVeEvMai5o\/\/LPEJ5nE3h6aJgzEnY10184hZ0pJKNzB7LlHg9\/jBgtZz30+X7GYpZb7hQrgWvRHcEpC2FDotzJad25Ok5feLRvWgQpIUvVWKGd7lUPGCscaNn3ghsb3pVMZTJx7RtXL+Wv9RBhj9xnLqLvTtM1mDz9HxUJPoTkrjzZnaL17cYdUXtSiiC9FFbFwWCYUzH63K2R6AXXJ1GOZnp\/LWOSnhgC+kYVfv9q9GSMudWc0dTJGzI5A7twTnhV0AAP0MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT\/xGXAaiEZ+4I\/F8YnOIe5a\/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U\/ck5vuR6RXEz\/RTDfRK\/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx\/\/zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR\/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU\/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1\/Wm8gzPn68R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I\/b+jzG1Zgo+ByPF5E0y8tSetH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh\/Ob0r0a678C\/xbQF9ZR1DP6ivgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe\/GFsNMPWOH7sf6coaPo\/ck\/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8VOBHBwADgTCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrMGGMw\/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2tmEaSLk\/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb\/JVSvN0Jc+nCZkzN\/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3lQI5kQsO\/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIEceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9ZbjKzE4wDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOBgQB24RJuTksWEoYwBrKBCM\/wCMfHcX5m7sLt1Dsf\/\/DwyE7WQziwuTB9GNBVg6JqyzYRnOhIZqNtf7gT1Ef+i1pcc\/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+DNusdVm\/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ\/EhYDAQFLDAABRwMAF0EEUdfsExjWe4NHvbr+edgPwpaXr5ofgQ+6PoRFH55R0LbV3sdciOak08kRsDmselhUdfdTYpOuXzq6q0ZsDW7nXAEAGak2Za+JSk7lktynDqeu6k1aYmY\/TYvW6UvvHpwPNzIIzTQwKvOTt4eK7wPrFaT0BdUTHyV09GY9LxFxaa\/ebPM69mSaVVwA2bAD3OUKrb\/8bLxhh8H64KZcWJQWJXYtYbZJRT63XEHOM2gE31McbBpnb1oKdcv9pXwa5fsNJLlx7opmim9te8urE4+IcuATgeUzfl\/AP7HRCW5mGTJS4ke6ORtBp2W2LUuTVonmt+NR1ramSMHOvVE8G\/f3OFQKt4JjI9onzHV9E6fEjfdUNLxWoBo0QGB1sWh2S5viK8iwQHhlsCLNvmSqKXXExF6G79f6NT2Q3+vTFsSRb6rBbRYDAQAEDgAAAA=="}
-01044{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_tot_l4_data_len":3853,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2499,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01055{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":377,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1435587878606,"flow_last_seen":1435587879233,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00408{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":284185,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDkVAAEAGt6sKCAABsCK6tI3YAbvsnGJfE2Or+1AQ\/\/+dBgAA"}
00729{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":382881,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"ABoRAAACABoRAAABCABFAAESdSdAABAGQ8o0EXLbCggAAQG7mG2XW49OaKR\/klAY\/\/+rAgAAFgMBAKoEAACmAAABLACgg\/JpS9qUL5p6+FH6c6MxwCK4cRLLEBytlVyqVmEEI8OflthIa4sgVetDlAHzCcVMWYkVzzbYIS9BkZtAOy60ryDRoSLKVkLABThVCDjY3JeIVBvKwFfQBYacpLg5nSJPcAr7nj8DS9LMW\/gf1uT2S\/B8mfQ6hpRI0jpOHj4+jEC2hmIqP6z\/BMORDidHGn5YQGlf4G3mFElDqimOASRQdxQDAQABARYDAQAwp2f81zUNMEDKpW8aaqGPR1ZnVymJK4QaPamhmqfVPdLLcY06wLo2Nr1hIyYf8Zhb"}
00409{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":439480,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoEZ1AAEAGeD4KCAABNBFy25htAbtopH+Sl1uQOFAQ\/\/9U7AAA"}
00659{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":574527,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeCj5AAEAGuvwKCAABsCK6tI3aAbtwD3ovj\/CF0lAY\/\/\/+sgAAFgMBALEBAACtAwGSsw\/fktSmaBgooXXKSQQjKTgV1PXtiav8sr65RpY55wAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1435587879018,"flow_last_seen":1435587879574,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":574890,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodSlAABAGgMewIrq0CggAAQG7jdqP8IXScA965VAQ\/\/+qpwAA"}
00596{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":709248,"pkt_caplen":188,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":188,"pkt_l4_len":154,"pkt":"ABoRAAACABoRAAABCABFAACuDkZAAEAGtyQKCAABsCK6tI3YAbvsnGJfE2Or+1AY\/\/+e1AAAFgMBAEYQAABCQQTKtcwr30+oDHBPWKWYbRHy0eyakPFGIW4xcbL6BoqSb+ZiZ3SiSZoVFxmHb69Ys\/1iEh9\/w1Q7L8H4sMwJiAn4FAMBAAEBFgMBADDSGEm7wBPM25MNlbKzm4DTdjgpRJUTYlTdtCsl3oOBqhQg\/ftMX3En0j1UC\/NlyJ8="}
00409{"flow_id":19,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":709576,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodSpAABAGgMawIrq0CggAAQG7jdgTY6v77Jxi5VAQ\/\/+cgAAA"}
00614{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":798185,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ABoRAAACABoRAAABCABFAAC9EZ5AAEAGd6gKCAABNBFy25htAbtopH+Sl1uQOFAY\/\/\/kzgAAFwMBAJD8HE52CfIrV3Brayr5u11zfpMHdFPFm9zUE2a8OjB3cI+FuzesbgxZkjaTMZ5RAsGAjIr1M5ytCzgsUxySeIGsd9XDJp9DHl9sUd5nXNRC4xyMk9JgZLal69XWqJtpg5FkzW\/gA22yto0HI1i0rxA5eaLYMck3kGgx2L48tMPmfFrga9pLlQSgkt7Q8dwi+Lk="}
00409{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":798806,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodStAABAGRLA0EXLbCggAAQG7mG2XW5A4aKSAJ1AQ\/\/9UVwAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1435587879850,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1435587879850,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":850574,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8Fw9AAEAGrs0KCAABsCK6tI3cAbueIGdrAAAAAKAC\/\/\/NjwAAAgQFtAQCCAoACHBkAAAAAAEDAwg="}
00408{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":852814,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodS5AABAGgMKwIrq0CggAAQG7jdxh35iUniBnbFAS\/\/+rWgAA"}
00408{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":853039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoFxBAAEAGruAKCAABsCK6tI3cAbueIGdsYd+YlVAQ\/\/+rWwAA"}
01773{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":855334,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"pkt":"ABoRAAACABoRAAABCABFAAQcdS9AABAGfM2wIrq0CggAAQG7jdqP8IXScA965VAY\/\/+UhwAAFgMBAD0CAAA5AwFcqzwTYQh3\/v2OgspaMDMux1UIfhSf8mNupsBH2EOrqwDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBDAMLAAv\/AAv8AAR+MIIEejCCA2KgAwIBAgIIdngzx9KEkDUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMTA2MTYwOTIwWhcNMTUxMTA2MTYwOTIwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi53b3JsZC53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl19Yrv10JVvbDv+DcdGs3iL2qAyWGBCh9dBBfDSAPztP2zJeYXmnPQLCabDumM5sV7994IeE\/lDlNg\/Ee9AVVGazduLe76CEdBASswND6c3ScTzsmvvizSQ7iCLmTGWdY7m78IvHnpcTTwMbz1xjAt6nbJdrDsWlDzyhhCDWK6IfCRuO2hGmKNKEWvAgjjIYQ2nDdUeRvoXH+AAQVpDFmbrN5yTBDUdjrgiaq0ZhMga3iYMHUUlpNRnB25Y7qg9ksH8qvnj7eM5yjiE+Gz9pntMytr\/XyqrWsNzChuSvj8cLLo3RMatDoPKfiw+mfBtr75CMCZ0Z+MZJmYi8WLjaUCAwEAAaOCAUMwggE\/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghAqLndvcmxkLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQU1mxvIJu5ECrTi3o6310abW3e5WgwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAVpjbOikll0Teaae1COIvpXTJakGeRLf+92aO+LubSXxVPd8MVw=="}
-00786{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_tot_l4_data_len":1334,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1032,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
+00797{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":396,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1435587879018,"flow_last_seen":1435587879855,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"}}
00409{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":907076,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCj9AAEAGu7EKCAABsCK6tI3aAbtwD3rlj\/CJxlAQ\/\/+mswAA"}
03762{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":907785,"pkt_caplen":2533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2533,"pkt_l4_len":2499,"pkt":"ABoRAAACABoRAAABCABFAAnXdTBAABAGdxGwIrq0CggAAQG7jdqP8InGcA965VAY\/\/\/czAAArk7up77uZPNVyV7g4v0FdNaA4H2bmbFdqmVeEvMai5o\/\/LPEJ5nE3h6aJgzEnY10184hZ0pJKNzB7LlHg9\/jBgtZz30+X7GYpZb7hQrgWvRHcEpC2FDotzJad25Ok5feLRvWgQpIUvVWKGd7lUPGCscaNn3ghsb3pVMZTJx7RtXL+Wv9RBhj9xnLqLvTtM1mDz9HxUJPoTkrjzZnaL17cYdUXtSiiC9FFbFwWCYUzH63K2R6AXXJ1GOZnp\/LWOSnhgC+kYVfv9q9GSMudWc0dTJGzI5A7twTnhV0AAP0MIID8DCCAtigAwIBAgIDAjp2MA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT\/xGXAaiEZ+4I\/F8YnOIe5a\/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U\/ck5vuR6RXEz\/RTDfRK\/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx\/\/zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR\/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU\/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBcGA1UdIAQQMA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQUFAAOCAQEAJ4zP6cc7vsBv6JaE+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1\/Wm8gzPn68R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I\/b+jzG1Zgo+ByPF5E0y8tSetH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh\/Ob0r0a678C\/xbQF9ZR1DP6ivgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe\/GFsNMPWOH7sf6coaPo\/ck\/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8VOBHBwADgTCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrMGGMw\/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2tmEaSLk\/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb\/JVSvN0Jc+nCZkzN\/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3lQI5kQsO\/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIEceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9ZbjKzE4wDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOBgQB24RJuTksWEoYwBrKBCM\/wCMfHcX5m7sLt1Dsf\/\/DwyE7WQziwuTB9GNBVg6JqyzYRnOhIZqNtf7gT1Ef+i1pcc\/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+DNusdVm\/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ\/EhYDAQFLDAABRwMAF0EEUdfsExjWe4NHvbr+edgPwpaXr5ofgQ+6PoRFH55R0LbV3sdciOak08kRsDmselhUdfdTYpOuXzq6q0ZsDW7nXAEAqVC5cY6b\/xsz4zChDIiQFbDK00EKI6+FC\/PVG20PNvu8Di9EZnylVwtpay7miL3zweA00n24G9Us7VnYZnrfsmNv+M9xis2GhDVD83zodnbZXGSs6lcyjnGOjW5H9jCCdODbh3uPCbuDWwAGiHV88WMj4i\/be8TwK0P7jaN+hOj3pvLODA+U0xSbS3JmdeLwF0ofnaPFodM56a0ji5puY20QnxrwVEcjGNt9qqQA9GF8gKRHvCO94p1cXEC2qNVxWpY4i4y3CIloXfMn8AA4bE8yObaMrKb+AlpFcuNWuzXafwsXsllfeqOJrFkd7LRPqIhOiTjoxOMfdzazDvPvuBYDAQAEDgAAAA=="}
-01044{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_tot_l4_data_len":3853,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2499,"flow_avg_l4_data_len":481,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01055{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":398,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1435587879018,"flow_last_seen":1435587879907,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":459,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00409{"flow_id":20,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":958138,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCkBAAEAGu7AKCAABsCK6tI3aAbtwD3rlj\/CTdVAQ\/\/+dBAAA"}
00656{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":958583,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADeFxFAAEAGrikKCAABsCK6tI3cAbueIGdsYd+YlVAY\/\/+8qQAAFgMBALEBAACtAwFRXWw4ffzcoR+ELSkdRag9IC5DFcRvWYz6Kh3Hk0YO0AAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1435587879850,"flow_last_seen":1435587879958,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":958805,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodTFAABAGgL+wIrq0CggAAQG7jdxh35iVniBoIlAQ\/\/+qpQAA"}
00728{"flow_id":19,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587879,"pkt_ts_usec":969462,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"ABoRAAACABoRAAABCABFAAESdTJAABAGf9SwIrq0CggAAQG7jdgTY6v77Jxi5VAY\/\/\/QgQAAFgMBAKoEAACmAAABLACguRveXhDifa8+Zvsue43SnoHhHo9vk+mFx\/8e6i6Q6g0+yceMFnPSfLrqs1iny9s65WOjTCGrw7brH1fNEpXHTU4HpzzK2Znr6VTUsmFxk8lZ2iYpHk+VzWBU\/fO4bv1f33ZHqtBv9oWGHCTxqO3s2y5HHT71gRvK6huM+Rc4cN25ReqJCwma8WAVfmDQZt0KyplP7JOsT95PQOIJnwoYjBQDAQABARYDAQAwbi+tK96nWOAsfK4Flsh5RapHNeqbxY9pUWCIj7a6H0u\/S+NpvLaO2Fr+o8qu2phD"}
00408{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":19901,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoDkdAAEAGt6kKCAABsCK6tI3YAbvsnGLlE2Os5VAQ\/\/+blgAA"}
@@ -334,29 +334,29 @@
00813{"flow_id":20,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":318085,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"pkt":"ABoRAAACABoRAAABCABFAAFNCkNAAEAGuogKCAABsCK6tI3aAbtwD3trj\/CUX1AY\/\/+jCQAAFwMBASB7AY1S959lQBsWkulFa27o1ltoeQLa3UthSFl27nOAAgh3vRmQEA8ZkSMDGd3f1nU4OgUFZDpTaE+MJbTlS\/yN\/y\/VwmW42Ot97LgFGjdk1Jm3e\/GpHaBfYKiZ77lAm\/57Zqh5FdqRcqUYoiFCCwI49LqDC33HdJyClLQ\/imnsGlJj9XLOW7YbuKMHs0qquixJTprmmBha0lAaRSyOaS4QKJl6DQExPE0y3Ep3lXmh9M5P4AZztAqkvO7qkG45NEo58XcCyExcnzMa6T6xeF190puSge+YMJ5GWna+tTBwT8rB4VZpiE84LSkYnJfI68GNLZzkAY6q0Trd2N\/e+\/QPXVrC5gqSO3C1YXUdo8LSe1d9J1EvHYx1AL9npFNLU3g="}
00409{"flow_id":20,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":318513,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodTxAABAGgLSwIrq0CggAAQG7jdqP8JRfcA98kFAQ\/\/+abwAA"}
05109{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":568184,"pkt_caplen":3545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3545,"pkt_l4_len":3511,"pkt":"ABoRAAACABoRAAABCABFAA3LdT9AABAGcw6wIrq0CggAAQG7jdxh35iVniBoIlAY\/\/+VDQAAFgMBAD0CAAA5AwHhw6IicUDtXAWoCC0azSI34YwjioY2g+UL8Z8sSkJu7wDAEwAAEf8BAAEAAAsABAMAAQIAIwAAFgMBDAMLAAv\/AAv8AAR+MIIEejCCA2KgAwIBAgIIdngzx9KEkDUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwHhcNMTQxMTA2MTYwOTIwWhcNMTUxMTA2MTYwOTIwWjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi53b3JsZC53YXplLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALl19Yrv10JVvbDv+DcdGs3iL2qAyWGBCh9dBBfDSAPztP2zJeYXmnPQLCabDumM5sV7994IeE\/lDlNg\/Ee9AVVGazduLe76CEdBASswND6c3ScTzsmvvizSQ7iCLmTGWdY7m78IvHnpcTTwMbz1xjAt6nbJdrDsWlDzyhhCDWK6IfCRuO2hGmKNKEWvAgjjIYQ2nDdUeRvoXH+AAQVpDFmbrN5yTBDUdjrgiaq0ZhMga3iYMHUUlpNRnB25Y7qg9ksH8qvnj7eM5yjiE+Gz9pntMytr\/XyqrWsNzChuSvj8cLLo3RMatDoPKfiw+mfBtr75CMCZ0Z+MZJmYi8WLjaUCAwEAAaOCAUMwggE\/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAbBgNVHREEFDASghAqLndvcmxkLndhemUuY29tMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQU1mxvIJu5ECrTi3o6310abW3e5WgwDAYDVR0TAQH\/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAVpjbOikll0Teaae1COIvpXTJakGeRLf+92aO+LubSXxVPd8MV65O7qe+7mTzVcle4OL9BXTWgOB9m5mxXaplXhLzGouaP\/yzxCeZxN4emiYMxJ2NdNfOIWdKSSjcwey5R4Pf4wYLWc99Pl+xmKWW+4UK4Fr0R3BKQthQ6LcyWnduTpOX3i0b1oEKSFL1Vihne5VDxgrHGjZ94IbG96VTGUyce0bVy\/lr\/UQYY\/cZy6i707TNZg8\/R8VCT6E5K482Z2i9e3GHVF7UoogvRRWxcFgmFMx+tytkegF1ydRjmZ6fy1jkp4YAvpGFX7\/avRkjLnVnNHUyRsyOQO7cE54VdAAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEBSwwAAUcDABdBBFHX7BMY1nuDR726\/nnYD8KWl6+aH4EPuj6ERR+eUdC21d7HXIjmpNPJEbA5rHpYVHX3U2KTrl86uqtGbA1u51wBAAccA5nba1zaH9e0iiZKPCK3OZKSwO8nAwgvlpCAgXrNuGkkOSIhiofdXox25PUz9BLoikRuoBBgCagNmFZsxOXxhkV9Cm3Np4jUEJgbUtUWQatpPPNyuCYjaBvBZ4va5HQTlDIyj3zDN4\/xl37tvEjNhxX1vb4wP6YPw+mPF9MgssIauH9gfcAbCybGv3dsc5RMMtkb6NWQSRpG5ThmEuxnPrmQhIR4jJU4c0\/YGueEP\/QViSJjyD9DEWsZFZ9KMyFmIM6WOSWc2e3bd5\/ot8m+XUly9+FMfdDl4UTc2FfINEuIfOBGLZ2YxhcosC8PiIf0xFP2hypZiOaxzJGTwxgWAwEABA4AAAA="}
-01044{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_tot_l4_data_len":3813,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3511,"flow_avg_l4_data_len":635,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01055{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":428,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1435587879850,"flow_last_seen":1435587880568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3491,"flow_tot_l4_payload_len":3673,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"39f74f5618836d3c5f7dcccc9f67ba75","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00408{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":569050,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoFxJAAEAGrt4KCAABsCK6tI3cAbueIGgiYd+mOFAQ\/\/+dAgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1435587880576,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1435587880576,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":576575,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0U4FAAEAG6tYKECWdyKAEH6vXAFAtnZBdDlnt+YARAVu2DAAAAQEICgAIcK6K\/GDA"}
00408{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":577294,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUFAABAG+SLIoAQfChAlnQBQq9cOWe35LZ2QXlAQ\/\/9M8gAA"}
00408{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":577703,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUJAABAG+SHIoAQfChAlnQBQq9cOWe35LZ2QXlAR\/\/9M8QAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1435587880577,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1435587880577,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":577937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0OqdAAEAGA58KECWdyKAEMbWJAFDzNuhArgf0IIARAVuhgQAAAQEICgAIcK4TbB\/F"}
00410{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":578259,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUNAABAG+Q7IoAQxChAlnQBQtYmuB\/Qg8zboQVAQ\/\/9\/2wAA"}
00410{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":578520,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodURAABAG+Q3IoAQxChAlnQBQtYmuB\/Qg8zboQVAR\/\/9\/2gAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1435587880578,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1435587880578,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":578787,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA04rRAAEAGW5EKECWdyKAEMaNfAFDGgz5oQX0A9YARAVvp7QAAAQEICgAIcK4TbB\/F"}
00409{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":579068,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUVAABAG+QzIoAQxChAlnQBQo19BfQD1xoM+aVAQ\/\/\/IRwAA"}
00409{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":579481,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUZAABAG+QvIoAQxChAlnQBQo19BfQD1xoM+aVAR\/\/\/IRgAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1435587880579,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1435587880579,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":579627,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAohIxAAEAG3tQKCAAByKAExrBxAFBvlik9kGnb21AR\/\/8iigAA"}
00408{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":580112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUdAABAGHhrIoATGCggAAQBQsHGQadvbb5YpPlAQ\/\/8iigAA"}
00408{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":580413,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUhAABAGHhnIoATGCggAAQBQsHGQadvbb5YpPlAR\/\/8iiQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1435587880580,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1435587880580,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":580707,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0VK5AAEAG6ZcKECWdyKAEMc7ZAFAfHIxhueqe64ARAVv9kwAAAQEICgAIcK4TbCOv"}
00409{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":580952,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUlAABAG+QjIoAQxChAlnQBQztm56p7rHxyMYlAQ\/\/\/f1wAA"}
00409{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":581398,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUpAABAG+QfIoAQxChAlnQBQztm56p7rHxyMYlAR\/\/\/f1gAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1435587880581,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1435587880581,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":581548,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA02RhAAEAGZS0KECWdyKAEMc4KAFB1GwfcXT3HdoARAVthCwAAAQEICgAIcK4TbCOv"}
00408{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":582251,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUtAABAG+QbIoAQxChAlnQBQzgpdPcd2dRsH3VAQ\/\/9DTwAA"}
00408{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":582653,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodUxAABAG+QXIoAQxChAlnQBQzgpdPcd2dRsH3VAR\/\/9DTgAA"}
@@ -364,15 +364,15 @@
00406{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":583141,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGPlIKECWdyKAEMbWJAFDzNuhBAAAAAFAEAAAiEAAA"}
00406{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":583260,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGPlIKECWdyKAEMaNfAFDGgz5pAAAAAFAEAAAKxgAA"}
00406{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":583768,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGY2EKCAAByKAExrBxAFBvlik+AAAAAFAEAACO2wAA"}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1435587880583,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1435587880583,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":583990,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo9fdAAEAGbf4KCAAByKAEMeyeAFAiBCaW3fvegVAR\/\/\/m8gAA"}
00409{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":586923,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodU1AABAGHqnIoAQxCggAAQBQ7J7d+96BIgQml1AQ\/\/\/m8gAA"}
00409{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":587342,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodU5AABAGHqjIoAQxCggAAQBQ7J7d+96BIgQml1AR\/\/\/m8QAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1435587880587,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1435587880587,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":587670,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoE7JAAEAGT68KCAAByKAExqhRAbtmrsLcmVFRdFAR\/\/8aBwAA"}
00408{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":588071,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodU9AABAGHhLIoATGCggAAQG7qFGZUVF0Zq7C3VAQ\/\/8aBwAA"}
00408{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":588513,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodVBAABAGHhHIoATGCggAAQG7qFGZUVF0Zq7C3VAR\/\/8aBgAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1435587880589,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1435587880589,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":589106,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoS15AAEAGGJgKCAAByKAEMew\/Abump6BqWVh1BVAR\/\/\/VjgAA"}
00409{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":589338,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodVJAABAGHqTIoAQxCggAAQG77D9ZWHUFpqega1AQ\/\/\/VjgAA"}
00409{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587880,"pkt_ts_usec":589665,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodVNAABAGHqPIoAQxCggAAQG77D9ZWHUFpqega1AR\/\/\/VjQAA"}
@@ -390,15 +390,15 @@
00461{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587882,"pkt_ts_usec":255233,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNFxZAAEAGrrUKCAABsCK6tI3cAbueIGoNYd+nIlAY\/\/8mlQAAFwMBACDJjEu8pRJQ7ss+2IWucIURIZTqPsggb3KHjbrCpRJa4Q=="}
00409{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587882,"pkt_ts_usec":255446,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodV5AABAGgJKwIrq0CggAAQG7jdxh36ciniBqMlAQ\/\/+aCAAA"}
00458{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587882,"pkt_ts_usec":433893,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNMsZAAEAGQsEKECWdriXnUaUQFGaA18okWhY9doAYAVciEwAAAQEICgAIcWhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1435587894241,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1435587894241,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":241434,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA87+5AAEAGZNsKCAABLjOtto0mAbvDfJnqAAAAAKAC\/\/\/\/twAAAgQFtAQCCAoACHYEAAAAAAEDAwg="}
00409{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":244164,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXFAABAGD20uM622CggAAQG7jSY8g2YVw3yZ61AS\/\/86\/gAA"}
00409{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":244582,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7+9AAEAGZO4KCAABLjOtto0mAbvDfJnrPINmFlAQ\/\/86\/wAA"}
00659{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":323314,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADe7\/BAAEAGZDcKCAABLjOtto0mAbvDfJnrPINmFlAY\/\/+u+wAAFgMBALEBAACtAwFHEcC8WvO2sF2kYiE8YWqxi\/TdpMl6\/BrnTeWud37DVAAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_first_seen":1435587894241,"flow_last_seen":1435587894323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":323591,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXJAABAGD2wuM622CggAAQG7jSY8g2YWw3yaoVAQ\/\/86SQAA"}
04653{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":759207,"pkt_caplen":3201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3201,"pkt_l4_len":3167,"pkt":"ABoRAAACABoRAAABCABFAAxzdXNAABAGAyAuM622CggAAQG7jSY8g2YWw3yaoVAY\/\/+bTAAAFgMBADUCAAAxAwEQ4j+T34l3QXjFbZfKigUFFyjrCdRbNzyFwlg2YjoxCQAANQAACf8BAAEAACMAABYDAQwDCwAL\/wAL\/AAEfjCCBHowggNioAMCAQICCHZ4M8fShJA1MA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE0MTEwNjE2MDkyMFoXDTE1MTEwNjE2MDkyMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxGTAXBgNVBAMMECoud29ybGQud2F6ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5dfWK79dCVb2w7\/g3HRrN4i9qgMlhgQofXQQXw0gD87T9syXmF5pz0Cwmmw7pjObFe\/feCHhP5Q5TYPxHvQFVRms3bi3u+ghHQQErMDQ+nN0nE87Jr74s0kO4gi5kxlnWO5u\/CLx56XE08DG89cYwLep2yXaw7FpQ88oYQg1iuiHwkbjtoRpijShFrwII4yGENpw3VHkb6Fx\/gAEFaQxZm6zeckwQ1HY64ImqtGYTIGt4mDB1FJaTUZwduWO6oPZLB\/Kr54+3jOco4hPhs\/aZ7TMra\/18qq1rDcwobkr4\/HCy6N0TGrQ6Dyn4sPpnwba++QjAmdGfjGSZmIvFi42lAgMBAAGjggFDMIIBPzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0RBBQwEoIQKi53b3JsZC53YXplLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNZsbyCbuRAq04t6Ot9dGm1t3uVoMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFaY2zopJZdE3mmntQjiL6V0yWpBnkS3\/vdmjvi7m0l8VT3fDFeuTu6nvu5k81XJXuDi\/QV01oDgfZuZsV2qZV4S8xqLmj\/8s8QnmcTeHpomDMSdjXTXziFnSkko3MHsuUeD3+MGC1nPfT5fsZillvuFCuBa9EdwSkLYUOi3Mlp3bk6Tl94tG9aBCkhS9VYoZ3uVQ8YKxxo2feCGxvelUxlMnHtG1cv5a\/1EGGP3Gcuou9O0zWYPP0fFQk+hOSuPNmdovXtxh1Re1KKIL0UVsXBYJhTMfrcrZHoBdcnUY5men8tY5KeGAL6RhV+\/2r0ZIy51ZzR1MkbMjkDu3BOeFXQAA\/QwggPwMIIC2KADAgECAgMCOnYwDQYJKoZIhvcNAQEFBQAwQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTAeFw0xMzA0MDUxNTE1NTVaFw0xNjEyMzEyMzU5NTlaMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCoEd1zYUJE6BqOC4NhQSLyJP\/EZcBqIRn7gj8Xxic4h7lr+YQ23MkSJoHQLU09VpM6CYpXu61lfxuEFgBLEXpQ\/vFtIOPRT9yTm+5HpFcTP9FMN9Er8n1Tefb6ga2+HwNBQHygwA0DaCHNRbH\/\/OjynNwaOvUsRBOt9JN7m+fwxcfuU1WDzLkqvQtLL6sRqGrLMU90VS4sfyBlhH82dqD5jK4Q1aWWEyBnFRiL4U5W+44BKEMYq7LqXIBHHOZkQBKDwYXqVJYxOUnXitu0IyhT8ziJqs07PRgOXlwN+wLHee69FM8+6PnG33vQlJcINNYmdnfsOEXmJHjfFr45yaQIDAQABo4HnMIHkMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBRK3QYWG7z2aLV29YG2u2IaulqBLzASBgNVHRMBAf8ECDAGAQH\/AgEAMA4GA1UdDwEB\/wQEAwIBBjA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEBBQUAA4IBAQAnjM\/pxzu+wG\/oloT7nFxdkOR324syYJtl2IUmtbqfHt5kTh\/GyCBbCZ+rqeAJNEWiZSU3PX9abyDM+frxHY8QDAI6xMkBdpa+m\/kV2DnRxQNHdriKjDHWYNXkj9v6PMbVmCj4HI8XkTTLy1J60fs6IOThhrHYGA++1odkjcUKJUJR77I4uOAd0OH85vSvRrrvwL\/FtAX1lHUM\/qK+Arrqhlv5NbNm9cWNhaEaI3caGRdUE2CfC+G0nCgq+a4CNG0lk5yCqBd78YWw0w9Y4fux\/pyho+j9yT\/013HcvYykGeAhIyNVE4+kFgIJfrmv7ttTZL1xL7k5zjC3tLxU4EcHAAOBMIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg\/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt\/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ\/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBOBgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GBAHbhEm5OSxYShjAGsoEIz\/AIx8dxfmbuwu3UOx\/\/8PDITtZDOLC5MH0Y0FWDomrLNhGc6Ehmo21\/uBPUR\/6LWlxz\/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1Wb8ravHNjkOR\/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8SFgMBAAQOAAAA"}
-01059{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_tot_l4_data_len":3469,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3167,"flow_avg_l4_data_len":578,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01070{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":537,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1435587894241,"flow_last_seen":1435587894759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":554,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00410{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":810795,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7\/FAAEAGZOwKCAABLjOtto0mAbvDfJqhPINyYVAQ\/\/8t\/gAA"}
00854{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":811066,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu7\/JAAEAGY6UKCAABLjOtto0mAbvDfJqhPINyYVAY\/\/+IdQAAFgMBAQYQAAECAQAHMdJhJQ03yx9btB7RGhSehGjrtQuWMePdiLRrcV08tBv2mJB\/HJ\/FTWU3wdrHYlLCot5oPQB00X80aRZkmv0BgeS140QWzoZMuJ\/1+e2\/TBSIlh5kvmN2V6u6BVLZo6hM4DaEjgpMkVymtCjilCf0e1rtIFVwKmJwaEVqFdZblXhePOjEAu6VGJbBbZ8de8Ry926a4ToJRlH0qXBLyY+Ty8eWFpkP56taM15hK09nVHzb52OCzk5I214tv7aghGmXXviLc7jMpbPGdBm1z1El\/GsK37Xcu7Xw191qsMM7+S85hpL0pxlWK8sVmoe4TSQJs3jEN95GzHgDNzpIg+DfFAMBAAEBFgMBADAZpiiO3QsW\/8kGzF4Q9JbsqebjOVIFvU31cZ8Vz5E919l+vyZZq3ksvhayugl7RoI="}
00408{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587894,"pkt_ts_usec":811376,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXRAABAGD2ouM622CggAAQG7jSY8g3Jhw3yb51AQ\/\/8suAAA"}
@@ -412,7 +412,7 @@
00407{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":627730,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXlAABAGMDOuJedRChAlnRRmpRBaFj12gNfKPlAQ\/\/9OlwAA"}
00407{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":628143,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXpAABAGMDKuJedRChAlnRRmpRBaFj12gNfKPlAR\/\/9OlgAA"}
00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":628291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0MshAAEAGQtgKECWdriXnUaUQFGaA18o+WhY9d4AQAVd\/BgAAAQEICgAId7tBJdw4"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1435587898822,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1435587898822,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":822469,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8qMZAAEAGamAKCAABbKiw5MaMAbuJft8IAAAAAKAC\/\/93xAAAAgQFtAQCCAoACHfOAAAAAAEDAwg="}
00409{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":824110,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodXtAABAGzb9sqLDkCggAAQG7xox2gSD3iX7fCVAS\/\/+\/9AAA"}
00409{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587898,"pkt_ts_usec":824326,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoqMdAAEAGanMKCAABbKiw5MaMAbuJft8JdoEg+FAQ\/\/+\/9QAA"}
@@ -428,18 +428,18 @@
00410{"flow_id":32,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587899,"pkt_ts_usec":229685,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoqMxAAEAGam4KCAABbKiw5MaMAbuJft\/mdoEhW1AQ\/\/++tQAA"}
00673{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587899,"pkt_ts_usec":318080,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"ABoRAAACABoRAAABCABFAADndYFAABAGzPpsqLDkCggAAQG7xox2gSFbiX7f5lAY\/\/\/bEwAAgAC8ZsshsEYVPNm3QpKvHHqYG5xP2x2\/5U\/+xIQXT32Ja3Fc+bWQg+v1g4OP2u6+xEObvhBr9OCT3nT5iGsDuCAwFusyPBCSH+QEnbMZp9MI2ffSAIJg4eG0z9h233DLB0Akp5\/XqI7bocb1GaMFO5+XiyatVpSIkTb+GKsHGe5Z0dT+Jq416QtuL8H82YJNuTzIgGGg+vCfhwgHApn\/WL7K5pRtb3hdL9ZyxaFK5UX0YNRiWlRpFI6mzT1hU2s="}
00410{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587899,"pkt_ts_usec":372457,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoqM1AAEAGam0KCAABbKiw5MaMAbuJft\/mdoEiGlAQ\/\/+99gAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1435587905035,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1435587905035,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":35020,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA82iNAAEAGeqYKCAABLjOtto0pAbvwXaAfAAAAAKAC\/\/\/IZgAAAgQFtAQCCAoACHo8AAAAAAEDAwg="}
00408{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":38374,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodYZAABAGD1guM622CggAAQG7jSkPol\/g8F2gIFAS\/\/86+wAA"}
00408{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":39092,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2iRAAEAGerkKCAABLjOtto0pAbvwXaAgD6Jf4VAQ\/\/86\/AAA"}
00657{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":111264,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"ABoRAAACABoRAAABCABFAADe2iVAAEAGegIKCAABLjOtto0pAbvwXaAgD6Jf4VAY\/\/\/tNgAAFgMBALEBAACtAwGvtEh7ZPeUuZEpuZqGf1gkt94wLOoQqmQjq2yZ1wt58QAAQMAUwArAIsAhADkAOMAgwA\/ABQA1wBLACMAcwBsAFgATwBrADcADAAoABcATwAnAH8AeADMAMsAdwA7ABAAvAP8BAABEAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAA="}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_tot_l4_data_len":282,"flow_min_l4_data_len":20,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":70,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1435587905035,"flow_last_seen":1435587905111,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":182,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":111789,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodYdAABAGD1cuM622CggAAQG7jSkPol\/h8F2g1lAQ\/\/86RgAA"}
01780{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":510433,"pkt_caplen":1066,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1066,"pkt_l4_len":1032,"pkt":"ABoRAAACABoRAAABCABFAAQcdYhAABAGC2IuM622CggAAQG7jSkPol\/h8F2g1lAY\/\/9aVgAAFgMBADUCAAAxAwFeJ1mZ10BwchLB7kIbnu2IqTwfkvokm8Y\/9DBPzYFJ+AAANQAACf8BAAEAACMAABYDAQwDCwAL\/wAL\/AAEfjCCBHowggNioAMCAQICCHZ4M8fShJA1MA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE0MTEwNjE2MDkyMFoXDTE1MTEwNjE2MDkyMFowajELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxGTAXBgNVBAMMECoud29ybGQud2F6ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5dfWK79dCVb2w7\/g3HRrN4i9qgMlhgQofXQQXw0gD87T9syXmF5pz0Cwmmw7pjObFe\/feCHhP5Q5TYPxHvQFVRms3bi3u+ghHQQErMDQ+nN0nE87Jr74s0kO4gi5kxlnWO5u\/CLx56XE08DG89cYwLep2yXaw7FpQ88oYQg1iuiHwkbjtoRpijShFrwII4yGENpw3VHkb6Fx\/gAEFaQxZm6zeckwQ1HY64ImqtGYTIGt4mDB1FJaTUZwduWO6oPZLB\/Kr54+3jOco4hPhs\/aZ7TMra\/18qq1rDcwobkr4\/HCy6N0TGrQ6Dyn4sPpnwba++QjAmdGfjGSZmIvFi42lAgMBAAGjggFDMIIBPzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0RBBQwEoIQKi53b3JsZC53YXplLmNvbTBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFNZsbyCbuRAq04t6Ot9dGm1t3uVoMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQEFBQADggEBAFaY2zopJZdE3mmntQjiL6V0yWpBnkS3\/vdmjvi7m0l8VT3fDFeuTu6nvu5k8w=="}
-00801{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_tot_l4_data_len":1334,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1032,"flow_avg_l4_data_len":222,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
+00812{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":580,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":6,"flow_first_seen":1435587905035,"flow_last_seen":1435587905510,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1012,"flow_tot_l4_payload_len":1194,"flow_avg_l4_payload_len":199,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}
00408{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":561592,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2iZAAEAGercKCAABLjOtto0pAbvwXaDWD6Jj1VAQ\/\/82UgAA"}
03291{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":565256,"pkt_caplen":2189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2189,"pkt_l4_len":2155,"pkt":"ABoRAAACABoRAAABCABFAAh\/dYlAABAGBv4uM622CggAAQG7jSkPomPV8F2g1lAY\/\/+UKQAAVcle4OL9BXTWgOB9m5mxXaplXhLzGouaP\/yzxCeZxN4emiYMxJ2NdNfOIWdKSSjcwey5R4Pf4wYLWc99Pl+xmKWW+4UK4Fr0R3BKQthQ6LcyWnduTpOX3i0b1oEKSFL1Vihne5VDxgrHGjZ94IbG96VTGUyce0bVy\/lr\/UQYY\/cZy6i707TNZg8\/R8VCT6E5K482Z2i9e3GHVF7UoogvRRWxcFgmFMx+tytkegF1ydRjmZ6fy1jkp4YAvpGFX7\/avRkjLnVnNHUyRsyOQO7cE54VdAAD9DCCA\/AwggLYoAMCAQICAwI6djANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NVoXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQEFBQADggEBACeMz+nHO77Ab+iWhPucXF2Q5HfbizJgm2XYhSa1up8e3mROH8bIIFsJn6up4Ak0RaJlJTc9f1pvIMz5+vEdjxAMAjrEyQF2lr6b+RXYOdHFA0d2uIqMMdZg1eSP2\/o8xtWYKPgcjxeRNMvLUnrR+zog5OGGsdgYD77Wh2SNxQolQlHvsji44B3Q4fzm9K9Guu\/Av8W0BfWUdQz+or4CuuqGW\/k1s2b1xY2FoRojdxoZF1QTYJ8L4bScKCr5rgI0bSWTnIKoF3vxhbDTD1jh+7H+nKGj6P3JP\/TXcdy9jKQZ4CEjI1UTj6QWAgl+ua\/u21NkvXEvuTnOMLe0vFTgRwcAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwEABA4AAAA="}
-01059{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_tot_l4_data_len":3509,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2155,"flow_avg_l4_data_len":438,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
+01070{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1435587905035,"flow_last_seen":1435587905565,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":3329,"flow_avg_l4_payload_len":416,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Waze","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.world.waze.com","ja3":"f392f120f1087cd2f8814539cf58cfa4","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.world.waze.com","fingerprint":"30:50:FA:42:94:E4:1A:34:9B:23:55:CB:7B:F2:0D:76:FA:1C:58:4B"}}
00408{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":616042,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2idAAEAGerYKCAABLjOtto0pAbvwXaDWD6JsLFAQ\/\/8t+wAA"}
00859{"flow_id":33,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":616310,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu2ihAAEAGeW8KCAABLjOtto0pAbvwXaDWD6JsLFAY\/\/\/JfQAAFgMBAQYQAAECAQABdvJydlcMSpicGhoMOrabVGKoF9G2F75ZmSchFXLY9HRlRuATtXlj3Kmw2lTVmH7CIYyZPRRLSZ7DnoDidZ7ahyd4voJoBjUKlVqtj5QR3jT8PhEYskxNDAwyA+JNVOXUvICvNILdk+xGV\/OEdF9gktUl0qSzzR07BzLKglqobW0cn4OQyH9iWRZq5afPwj\/ieanMcEXcgSgP\/9XGcs\/0p8Bqs0KXiiEX6xOYbQPpjTvlW4Kajas2TK9+Dq4V0zOKVJpbqXZ\/HTRVOSWdcXgOK0x9SdOXVWPNOdvJzoN\/gE3JjgsvvZ\/RbCE1RoWjvzPDsFET\/Mvw228RHd9kv4ZKFAMBAAEBFgMBADB2t+EVjaGEY4+mLUMf\/DMVi6wRy0c5cpYCXDAQMZotFPQRW6rCCfPA4CjK6\/VOdsc="}
00409{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587905,"pkt_ts_usec":616683,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodYpAABAGD1QuM622CggAAQG7jSkPomws8F2iHFAQ\/\/8stQAA"}
@@ -447,48 +447,48 @@
00409{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587906,"pkt_ts_usec":206886,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2ilAAEAGerQKCAABLjOtto0pAbvwXaIcD6JtFlAQ\/\/8rywAA"}
00612{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587906,"pkt_ts_usec":207621,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"pkt":"ABoRAAACABoRAAABCABFAAC92ipAAEAGeh4KCAABLjOtto0pAbvwXaIcD6JtFlAY\/\/+rHQAAFwMBAJDkrrD9SA4+LmKzspcHnXowhPBblCCla204NgqPS0UbDvi3FwMZblBmNtY0jKhmQuQORsNfhK8al25NMwXFLKNdn+z1CtsyYB43HL9wyLLSMNK7nC1Zky+WYPvMpkuwuyJ0+McaUzeUsX5ul4pcc5NuTj8ADh7sJcVgm+9jWgCOQ9KUX5vGtnm3baGraIAVagc="}
00409{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"waze.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1435587906,"pkt_ts_usec":208378,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodYxAABAGD1IuM622CggAAQG7jSkPom0W8F2isVAQ\/\/8rNgAA"}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_tot_l4_data_len":3437,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1644,"flow_avg_l4_data_len":202,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_tot_l4_data_len":855,"flow_min_l4_data_len":20,"flow_max_l4_data_len":413,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_tot_l4_data_len":850,"flow_min_l4_data_len":20,"flow_max_l4_data_len":413,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_tot_l4_data_len":810,"flow_min_l4_data_len":20,"flow_max_l4_data_len":375,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_tot_l4_data_len":852,"flow_min_l4_data_len":20,"flow_max_l4_data_len":413,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_tot_l4_data_len":847,"flow_min_l4_data_len":20,"flow_max_l4_data_len":413,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_tot_l4_data_len":843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":411,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_tot_l4_data_len":831,"flow_min_l4_data_len":20,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_tot_l4_data_len":831,"flow_min_l4_data_len":20,"flow_max_l4_data_len":211,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00479{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_tot_l4_data_len":82074,"flow_min_l4_data_len":20,"flow_max_l4_data_len":17224,"flow_avg_l4_data_len":767,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_tot_l4_data_len":10726,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3626,"flow_avg_l4_data_len":289,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_tot_l4_data_len":5769,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3167,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_tot_l4_data_len":4960,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2155,"flow_avg_l4_data_len":215,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_tot_l4_data_len":43531,"flow_min_l4_data_len":20,"flow_max_l4_data_len":11152,"flow_avg_l4_data_len":1360,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_tot_l4_data_len":4993,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2499,"flow_avg_l4_data_len":249,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_tot_l4_data_len":26934,"flow_min_l4_data_len":20,"flow_max_l4_data_len":8116,"flow_avg_l4_data_len":961,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00480{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_tot_l4_data_len":8641,"flow_min_l4_data_len":20,"flow_max_l4_data_len":4014,"flow_avg_l4_data_len":540,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_tot_l4_data_len":1700,"flow_min_l4_data_len":20,"flow_max_l4_data_len":568,"flow_avg_l4_data_len":130,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_tot_l4_data_len":57774,"flow_min_l4_data_len":20,"flow_max_l4_data_len":21908,"flow_avg_l4_data_len":1750,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_tot_l4_data_len":7041,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1388,"flow_avg_l4_data_len":306,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_tot_l4_data_len":4941,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2131,"flow_avg_l4_data_len":274,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_tot_l4_data_len":7001,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2131,"flow_avg_l4_data_len":333,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_tot_l4_data_len":61947,"flow_min_l4_data_len":20,"flow_max_l4_data_len":11799,"flow_avg_l4_data_len":1674,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00499{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00479{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00482{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_tot_l4_data_len":446,"flow_min_l4_data_len":20,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_tot_l4_data_len":446,"flow_min_l4_data_len":20,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1435587880580,"flow_last_seen":1435587880589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52953,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":17,"flow_first_seen":1435587868632,"flow_last_seen":1435587869162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1624,"flow_tot_l4_payload_len":3077,"flow_avg_l4_payload_len":181,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45529,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":15,"flow_first_seen":1435587869162,"flow_last_seen":1435587869302,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":535,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":14,"flow_first_seen":1435587871656,"flow_last_seen":1435587871946,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":550,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45538,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":14,"flow_first_seen":1435587871658,"flow_last_seen":1435587871945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45540,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":14,"flow_first_seen":1435587871941,"flow_last_seen":1435587872478,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":552,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":14,"flow_first_seen":1435587872476,"flow_last_seen":1435587872705,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":393,"flow_tot_l4_payload_len":547,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45552,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":14,"flow_first_seen":1435587872702,"flow_last_seen":1435587872838,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":543,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.230.227.172","src_port":45554,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":15,"flow_first_seen":1435587898822,"flow_last_seen":1435587899372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":191,"flow_tot_l4_payload_len":511,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"108.168.176.228","src_port":50828,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1435587880579,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":45169,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":107,"flow_first_seen":1435587868634,"flow_last_seen":1435587888318,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17204,"flow_tot_l4_payload_len":79914,"flow_avg_l4_payload_len":746,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":37,"flow_first_seen":1435587868635,"flow_last_seen":1435587884546,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3606,"flow_tot_l4_payload_len":9966,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":24,"flow_first_seen":1435587894241,"flow_last_seen":1435587901093,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3147,"flow_tot_l4_payload_len":5269,"flow_avg_l4_payload_len":219,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":23,"flow_first_seen":1435587905035,"flow_last_seen":1435587907392,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2135,"flow_tot_l4_payload_len":4480,"flow_avg_l4_payload_len":194,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"46.51.173.182","src_port":36137,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":32,"flow_first_seen":1435587878606,"flow_last_seen":1435587882306,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11132,"flow_tot_l4_payload_len":42871,"flow_avg_l4_payload_len":1339,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36312,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":20,"flow_first_seen":1435587879018,"flow_last_seen":1435587882336,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2479,"flow_tot_l4_payload_len":4573,"flow_avg_l4_payload_len":228,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36314,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":28,"flow_first_seen":1435587879850,"flow_last_seen":1435587883075,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8096,"flow_tot_l4_payload_len":26354,"flow_avg_l4_payload_len":941,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.186.180","src_port":36316,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_first_seen":1435587880587,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.198","src_port":43089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":16,"flow_first_seen":1435587871939,"flow_last_seen":1435587873226,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3994,"flow_tot_l4_payload_len":8301,"flow_avg_l4_payload_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39010,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":13,"flow_first_seen":1435587868996,"flow_last_seen":1435587869400,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":548,"flow_tot_l4_payload_len":1420,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.118.48","src_port":36585,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":33,"flow_first_seen":1435587878215,"flow_last_seen":1435587880857,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":21888,"flow_tot_l4_payload_len":57094,"flow_avg_l4_payload_len":1730,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"52.17.114.219","src_port":39021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":23,"flow_first_seen":1435587871918,"flow_last_seen":1435587874945,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":285,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51049,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":18,"flow_first_seen":1435587871929,"flow_last_seen":1435587874378,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":4561,"flow_avg_l4_payload_len":253,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":21,"flow_first_seen":1435587871935,"flow_last_seen":1435587874495,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2111,"flow_tot_l4_payload_len":6561,"flow_avg_l4_payload_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"176.34.103.105","src_port":51051,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1435587880578,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":41823,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1435587880576,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.31","src_port":43991,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1435587880583,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60574,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":37,"flow_first_seen":1435587867755,"flow_last_seen":1435587873026,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11779,"flow_tot_l4_payload_len":61187,"flow_avg_l4_payload_len":1653,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"65.39.128.135","src_port":54915,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1435587880577,"flow_last_seen":1435587880583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":46473,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1435587880589,"flow_last_seen":1435587880590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.160.4.49","src_port":60479,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1435587867443,"flow_last_seen":1435587867753,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.89.75.198","src_port":46214,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test"}
diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out
index 3796f2b46..882a63a72 100644
--- a/test/results/webex.pcap.out
+++ b/test/results/webex.pcap.out
@@ -1,15 +1,15 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"webex.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00466{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444570624853,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1444570624853,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570624,"pkt_ts_usec":853841,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="}
00406{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570624,"pkt_ts_usec":860347,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"}
00404{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570624,"pkt_ts_usec":860575,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOXRAAEAGTagKCAABQERpZ6GCAbtPGIcNsOd49FAQOQgf2QAA"}
00670{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570624,"pkt_ts_usec":860735,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"ABoRAAACABoRAAABCABFAADrOXVAAEAGTOQKCAABQERpZ6GCAbtPGIcNsOd49FAYOQh62gAAFgMBAL4BAAC6AwNWGmYAecKEXHBKd9RHCMqE79SthA0OtjJysVWA+njuJAAAOMwUzBPMFcAUwAoAOQA4ADXAEsAIABYAEwAKwC\/AK8ATwAkAogCeADMAMgCcAC\/AEcAHAAUABAD\/AQAAWQAAABUAEwAAEHJhZGNvbS53ZWJleC5jb20ACwACAQAACgAIAAYAGQAYABcAIwAAAA0AIgAgBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAQEzdAAA"}
-00753{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_tot_l4_data_len":295,"flow_min_l4_data_len":20,"flow_max_l4_data_len":215,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1444570624853,"flow_last_seen":1444570624860,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00406{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570624,"pkt_ts_usec":860939,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ9AABAGtg1ARGlnCggAAQG7oYKw53j0TxiH0FAQ\/\/9YHgAA"}
04075{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":366647,"pkt_caplen":2774,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2774,"pkt_l4_len":2740,"pkt":"ABoRAAACABoRAAABCABFAArIARBAABAGq2xARGlnCggAAQG7oYKw53j0TxiH0FAY\/\/+niAAAFgMDD14CAABNAwNWGmYGrXlEL8KcmRJCmeb5vtKebzB1FTCh\/csGLpROsSCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAAEAAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGE="}
00404{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":418062,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOXZAAEAGTaYKCAABQERpZ6GCAbtPGIfQsOeDlFAQSmADHgAA"}
02053{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":424499,"pkt_caplen":1273,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1273,"pkt_l4_len":1239,"pkt":"ABoRAAACABoRAAABCABFAATrARFAABAGsUhARGlnCggAAQG7oYKw54OUTxiH0FAY\/\/8tYwAALp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01106{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_tot_l4_data_len":4314,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2740,"flow_avg_l4_data_len":539,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01117{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1444570624853,"flow_last_seen":1444570625424,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2720,"flow_tot_l4_payload_len":4134,"flow_avg_l4_payload_len":516,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","server_names":"*.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00404{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":478209,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOXdAAEAGTaUKCAABQERpZ6GCAbtPGIfQsOeIV1AQVQDzugAA"}
00833{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":479114,"pkt_caplen":364,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":364,"pkt_l4_len":330,"pkt":"ABoRAAACABoRAAABCABFAAFeOXhAAEAGTG4KCAABQERpZ6GCAbtPGIfQsOeIV1AYVQCmoAAAFgMDAQYQAAECAQBaUJRMvDfnP91s4fLaSdu44xt7RFR+trnYQAsQZuxiv+VH3sH2YjpaVj+0amWHFiBxymsVXudQxps8\/5f1xDtVwG8a\/DnSLkvL1cihzvsCtgdF4uu98yJ277wUvmb2ADrv\/q4qNCFJheN\/tviU6E0p9sJD0tbw6UMAxbTbpfvHhmrNcSZ7gphi4YoWg\/4K8xa5CFlA9Bwr2cXgCUOqkETobyBCJoOdy3LvdLyGtJDLzvg3lKApkzr7cWH2Z5H4GoYK7ZrQQMBwoGfNCtEfEXMdQL8J5i6bQe\/G8tQ\/hKM0OV9AzcPKReXjJ659etvNkSFvYhXHHHcoPV8Xx8\/e+ceMFAMDAAEBFgMDACBs0R1B8r1wXdCDd995zf9rNLSN0DOD7DSUs+Nqz9hnAA=="}
00408{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":480124,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoARJAABAGtgpARGlnCggAAQG7oYKw54hXTxiJBlAQ\/\/9HhQAA"}
@@ -17,15 +17,15 @@
00406{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":788425,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOXlAAEAGTaMKCAABQERpZ6GCAbtPGIkGsOeIglAQVQDyWQAA"}
01135{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":798477,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"ABoRAAACABoRAAABCABFAAJAOXpAAEAGS4oKCAABQERpZ6GCAbtPGIkGsOeIglAQVQA0zAAAFwMDAmeqqCMUx8c9iSNQiPKergAXiXKVeDDXEnFufJco20ynj8UmHyLA2Gq0yypm4O4M5k6jK\/Gbw6t6uftvgO2VFS+g01cGRRstYeMzT8\/Hv4nm9THYS9voNdEYzsJ98ZqAjA3jPiTvqcTqRq8tbz6JTLDwpZyrMTp3ORDu0dYyicoODxkI0c9QBdqJmCymc9FPHRIhh0HqsZYhtVO1uFbNMJ8w+rFwR83\/x5wHQCSUCu89CM+Fd9BsswnBqF3Kqps6nsem+Tbw9cH\/KN2yMAKQdN+uUsPs63edc\/s3Sdp6E97G2vP4yFhyQeKHoouACY5RvoB+MBp2SU5eOZnTY+Iai9heQofNjj2sn0l7TrwEmSwLVg1WyH5Bdhn9EYQtKNBZ12FOnufS1hyJNwRdDbUxD3zGxuFzvYXTNZ\/fnCqudf0ZmTXI3AdgcxGhOfl16FTOxG48h2XFwhhVQW0urpsR3O8IB8nI5rHhGU8pxxcgv1x0WdQv09IPQsn6cDIiYXmz6rg00Rq0IY9uXu\/I5kTEwfdFaCJHKe0YxoKClsPNITnj+BoIBp9w8tlfu\/yZQE3rc5CMF9EfrY\/hQ1GWW+se96TuUMTG9GXrtegBkzyJ\/wDwGmKaQXspeg6t1G01Qf6yH+FggJlIsWoOtIRyUy4US5sHsI52mtRgEx2e5un0aNCb6rM2Q4pIBzXe+tb4ql99+K6pnHQ="}
00408{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570625,"pkt_ts_usec":799010,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoARRAABAGtghARGlnCggAAQG7oYKw54iCTxiLHlAQ\/\/9FQgAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1444570627404,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1444570627404,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":404164,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8hnNAAEAGAJUKCAABQERpZ6GEAbuwMDkNAAAAAKACOQgO\/QAAAgQFtAQCCAoATL9+AAAAAAEDAwY="}
00407{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":409779,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoASZAABAGtfZARGlnCggAAQG7oYRPz8bysDA5DlAS\/\/9Y3gAA"}
00406{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":410952,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAohnRAAEAGAKgKCAABQERpZ6GEAbuwMDkOT8\/G81AQOQgf1wAA"}
00716{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":411108,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"ABoRAAACABoRAAABCABFAAELhnVAAEAG\/8MKCAABQERpZ6GEAbuwMDkOT8\/G81AYOQi8XAAAFgMBAN4BAADaAwNWGmYD1bgajSKfLk8MBc\/KhqagawnHbCgQ2bA0JfR3iiCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="}
-00754{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1444570627404,"flow_last_seen":1444570627411,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":411318,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoASdAABAGtfVARGlnCggAAQG7oYRPz8bzsDA58VAQ\/\/9X\/AAA"}
00587{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":815979,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpAS1AABAGtW5ARGlnCggAAQG7oYRPz8bzsDA58VAY\/\/\/Z6wAAFgMDAFECAABNAwNWGmYJvIxu30wG6\/QUZCmoAMbL6LdQC15hV8KtMY\/qdSCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAAEAAAF\/wEAAQAUAwMAAQEWAwMAIKNCXdoHLE35gFWT8+ZDcTEszCphhanV0csUAVKKsy+J"}
-00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_tot_l4_data_len":496,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":65,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1444570627404,"flow_last_seen":1444570627815,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00406{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":866438,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAohnZAAEAGAKYKCAABQERpZ6GEAbuwMDnxT8\/HdFAQPLgawwAA"}
00466{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":867035,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABThndAAEAGAHoKCAABQERpZ6GEAbuwMDnxT8\/HdFAYPLjpWAAAFAMDAAEBFgMDACBXzEd1erS3V3J4BRCzEeJwOZFWWJv7nft2Y0meqHofKg=="}
00407{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570627,"pkt_ts_usec":867279,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAS5AABAGte5ARGlnCggAAQG7oYRPz8d0sDA6HFAQ\/\/9XUAAA"}
@@ -33,27 +33,27 @@
00408{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":113149,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoATNAABAGtelARGlnCggAAQG7oYRPz8d0sDA8NFAQ\/\/9VOAAA"}
01062{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":113281,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":533,"pkt_l4_len":499,"pkt":"ABoRAAACABoRAAABCABFAAIHhnlAAEAG\/sMKCAABQERpZ6GEAbuwMDw0T8\/HdFAYPLgltgAA4D86yWxOofraycd6q8+9111oxSs78SkXydJiKVK5NG9Ksa8JcplVFpGHi5NmCJQxfVk\/aCzkkddizbqROo4KmLRpMdS79VL6k3fOUp4msSvZdH9Gx4RHATuO9MdxbvwYimqsZZ5BDaPDRH7nYd8SRCmXz6zDU0\/N9anaVk\/Hdu30MRzEnQrC\/g+4JnnyuE5gi3bCCXU0sNz5FKNXx5wdx3lUkmPtV5rYkWXytJjPSHfDZA9kvmo4Df7Ji1\/iTxgIAMjepR\/QchGb+A4uZ2w7CLOHrT+4+dHN5a92ssVS3TM1gsuzDAxQQxYW7k4l0RfbrVAhqPnA\/KdR6XakGTwmpg59c881TJMyXE8K6ZgfW7jqWcvFO8PnFzcNYtcPnvu2DacXj4CouqwJme\/Op7\/7FJRM6n3C0rkfoJ0R12qYOnCDQjK+vtijEhwf7MDvCx1R0Y2U+CO1GO4kT6DLWyG2NZO0E4gjMLAheFp6jcj7A3P3V80KwTJFaM0rNGVgWpsXV+W8VN7K4jUjldIrSu\/F4qGsyJxgyUJcdxGiB498zEuf4bJ3kO+HqzRA7v+SHqROL8mYH+YuEboQd7Ns+OLs6GULghyX7MhTGrzgRS6\/6kqpZBFQcHJ7oU3kJLuEOQc="}
00408{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":113456,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoATRAABAGtehARGlnCggAAQG7oYRPz8d0sDA+E1AQ\/\/9TWQAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1444570628113,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1444570628113,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":113579,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8CqVAAEAGfGMKCAABQERpZ6GGAbuTEbVkAAAAAKACOQivfwAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="}
00407{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":117515,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoATVAABAGtedARGlnCggAAQG7oYZs7kqbkxG1ZVAS\/\/9Y3AAA"}
-00467{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1444570628117,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1444570628117,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":117770,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8SvxAAEAGPAwKCAABQERpZ6GHAbtcKPU9AAAAAKACOQimjgAAAgQFtAQCCAoATL\/BAAAAAAEDAwY="}
00407{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":121468,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoATZAABAGteZARGlnCggAAQG7oYej1wrCXCj1PlAS\/\/9Y2wAA"}
00405{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":121847,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCqZAAEAGfHYKCAABQERpZ6GGAbuTEbVlbO5KnFAQOQgf1QAA"}
00715{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":121998,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"ABoRAAACABoRAAABCABFAAELCqdAAEAGe5IKCAABQERpZ6GGAbuTEbVlbO5KnFAYOQgw\/QAAFgMBAN4BAADaAwNWGmYE7RhsRONG\/m1MT5VVrdjnvzP1znNlFG2+WauU5SCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="}
-00754{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1444570628113,"flow_last_seen":1444570628121,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00407{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":122193,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoATdAABAGteVARGlnCggAAQG7oYZs7kqckxG2SFAQ\/\/9X+gAA"}
00405{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":122373,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoSv1AAEAGPB8KCAABQERpZ6GHAbtcKPU+o9cKw1AQOQgf1AAA"}
00713{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":122668,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"ABoRAAACABoRAAABCABFAAELSv5AAEAGOzsKCAABQERpZ6GHAbtcKPU+o9cKw1AYOQiciAAAFgMBAN4BAADaAwNWGmYEkvVIckj2nKXTHHhTgHLpDPs+ur2PFRE7SXTT+yCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAA4zBTME8wVwBTACgA5ADgANcASwAgAFgATAArAL8ArwBPACQCiAJ4AMwAyAJwAL8ARwAcABQAEAP8BAABZAAAAFQATAAAQcmFkY29tLndlYmV4LmNvbQALAAIBAAAKAAgABgAZABgAFwAjAAAADQAiACAGAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMBATN0AAA="}
-00754{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1444570628117,"flow_last_seen":1444570628122,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00407{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":122955,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAThAABAGteRARGlnCggAAQG7oYej1wrDXCj2IVAQ\/\/9X+QAA"}
02590{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":336752,"pkt_caplen":1658,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1658,"pkt_l4_len":1624,"pkt":"ABoRAAACABoRAAABCABFAAZsATpAABAGr55ARGlnCggAAQG7oYRPz8d0sDA+E1AY\/\/8oiAAAFwMDBj\/t\/uIrkeQDyGZjWp49yCokUxS9FJHYvfXcMyCQaPOCwkcDNmYuFZEDo\/AwFcNyVv3+05WHJJ9u3TkD2KauF1mgk0jI0of3UmdonsFWv\/JiNqjo4cXOMELy4x6zIJZLEgl3NOVFNEqCscqzuhbFk5Yi7SH091sPTQtHd7s6FBq8krpiCZCl\/bHltNo\/McejeSzraT9Jdz4cVrWOscxkLMvgMOCMEDi81Db80tJQoclIrfd9nyZN6s39OPaFfyWF\/N29yGtgdBQ0P6s0OuWMX6mu1EwOdwewMYStj3alPG89DAcQ7pvpiLESJW606r2uBDDWRUzcIygOAHa7\/MsD3sgMC4S2P+3A3XViDy40J8hZOleTUyyqOihy5uYucGtJvSJLcg4AOsMGXdsFOhyH\/02P3p6CMG1HuvLQDeGsoN4iYM47oyimizjecSAu1zJ7S0WBOmXbIAx3YDAAU9t22W\/54Fy5\/6CVu5HdBOdrmkrT3B1u\/\/deLHjqKPsJAl3fMe5XYOHmcga74KWvBl7iu759RuqGgFotJ81LhBPb71\/HOczfP5P8yosT5\/4l4IEnT6PKQjBiTAH+WAuEyWFMQyQA6GbwQ9oiJPujo5FGxZHQ2F6d35PjU+eD3vRwzl7+Wl5S0CPYhthTL30CgvX+hyQTb9EGTxGDn8eCdFlSKuNxNv+ulNNTwPQuoAGbtDCKEkrywvByIe3nErJf\/OSUKWT5zYRHcrJcdpVgtaacoCfYpJ4nYbRk1bWib4OBnnkkQyA6Q0WNg43VYIvxKHe45Th++Pn4qQlvN3mxpCQsAWTbYduEIgpcn2sWCa\/mUml\/m1ipOTNnbb162x2drd0lgBlC9v7feYgXAAcXLdB1AqgN7RCjNbOGBxHWtJpJvfVt+NZ8v56\/Ge9typCQPDrJl2\/b+jW+1i6iAChxn9R5t7eMNvRzQLirxssPTrkjLbnH9OVjWuv4GqCHrIaAON2I21f4jzCKSzc3nL14ZdfYx0svKweCv2B9Jok9xI64Iyd5JYgspuUyVRncg97uHQGBWi5+JRYxSppCt4t\/Stq5NgT\/0FQ0Ld19sE2VFjI6UMEopSEdYMJ41x+NoolbUndl7jwz9qtswoz8aloXgmG27DB9o3p3s6UdzBHtQwNp7fbNnJ9V7yAWZ3yz7dW8zSfb1YG\/eOCjMr1eGYo5YbbX2CLEvfDgkDf8S52R1ru0MDzSgRMMn3sedzpumMJYC6333Gn7iBWavTTHRsp+cY+3zHCuNTDuzSjT6jPVIhJy12peZFyPBOr1OVhYWEmD2k2xydOxdAznhyb7UOHXpSPY5Z0XY9U2P7lGPYE7iuEUR8op1K4882hvk0M4oE\/Gz5\/icSXEHgP8XbYVo9pDXtnQNbhmYqKPMkLjH8mNwUX5KFnCAVB6yb\/HcPF5VGqxI7UkQQFQr\/LiC35GAgRfd44EX5DG1\/3cYH27HOdNpExm93tlCclYm8UosyEATMOoN1HxGvUEWLAp+oKsPvzNgl8Pe\/xQkizA3CGOgaF8X0ld6dLdrCS40sZWUOXqLY9SNGWldNRRpMPGVefAbzNHLDZ+aj40zBYIijFDVniRi4G5KjdNarxznoNu8j7zM\/RFTHDAh824OKoihYBZEHNKxws8sznsYoEnwP0NMajIFLdibzlcElYboV0McwtqEFlYOHl2B2Yq8ffshJENkwKQlKcZ7KBa5cxjQr1FdoAObKAS2R5bYvqtU7oRAzqzTTWMyprI+6FlMqvAqv0ZXSA7AaHl5PcP5EUTMlDDIKp9fTrAzIVAD2G1NhaFtcxHdR5bP2fGPkJ8qc4IPoVPmHQ81o9ulM2YIIJqUenEIGiXX50pa6C4rFhu4ZrOWr+pJhQOi9EaXuH7ejRC8KkXqKY\/jVgnIu6lm1+kqD+dKO1BvzMAQL4bgaZx3A6hx\/Y3kuas7jn1d5dQkAUWK31l5XEJKs6YLJTOk8EueBKJf4WUM5M\/2R2JlGSm4hZ7xV89TvlYctx7+VeVBr\/cQPGqi07EYebk5WrhvXxzQ+R5ZZ9OJBVWFRUu9vc88B8wWcsODvu\/x7BEf7gHu8u6Mk1VmXxoDBe3sfbyXVkllkEkjWZ1t\/I96pKvryzYOp2+vwdvch9tE+WL6YA="}
01140{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":388122,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"ABoRAAACABoRAAABCABFAAJAhnpAAEAG\/okKCAABQERpZ6GEAbuwMD4TT8\/NuFAQROwsYAAAFwMDA9T6+I822bcSE7LxlTUXSyoNCwtzH4RJSxf9333iQ\/XdBP07ym8b3A\/XVliHymMtZ\/OMaR2i40GdTUtEso5w+jXJ1bvU2e5foeo7BUfcqd1l3eHeZdMykJqIwZL6fRFExjyO5Tb9D4BKywmMBt2fDbTf6LPbrhpUIcmbnPGe7m\/o\/v74JuCWNSX6uweF1M+rt7PezIxzpY5zNIl3PuQJxwS8GNN3Grr8FtcanBZuLBRrRvThrYdWZjpaC4DeMnmPLR8t6nhljRnGUxcUP1KsOho3deuVPDOiZz01zYn4Tq7OpT0CKEEiZHR68dLdoSbXO\/itXzhuT5t8NZnuD7pzPaGFCz8FtqAlK92G\/iII8JRFJuZXrwEUFllzsDWcXvWcu976PKrjGJo+dP41Psy93ULHV28gwgRMGps1cWcXOpTLudobpW2EYTmIFvnMzXaMBdMPjZjjHPRBbJlHGGKZmwZwYlpS2i94mg4NH1G+\/LIhqsRclU88sfVkh2wijO6HbnuDHar5GjtL8sRsdRoTjl8+5KG\/1xKz3pMMRyg0qSGAJynHH+wQ8BFTH7QVLS1CHpDQbNHPgHzMt4wCcLt74bANBJEy+t7wt0zm0cY2Ix9Tvuli\/GYGCPS52OA2phRiDPbzhYH406S5cr7uHu6FSA+vWpiVCEvowiD0nUs4YqVUABVdkP\/1J\/Z7QKEQo5YhZD\/sT6U="}
00537{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":514304,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"ABoRAAACABoRAAABCABFAACEAUBAABAGtYBARGlnCggAAQG7oYZs7kqckxG2SFAY\/\/+ufAAAFgMDAFECAABNAwNWGmYKL2EFknJPvXFykCSHotly4la6oG496nIi7KRcKSCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAAEAAAF\/wEAAQAUAwMAAQE="}
-00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_tot_l4_data_len":459,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00807{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":104,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1444570628113,"flow_last_seen":1444570628514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00406{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":564894,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCqhAAEAGfHQKCAABQERpZ6GGAbuTEbZIbO5K+FAQOQgelgAA"}
00585{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":565912,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpAUFAABAGtVpARGlnCggAAQG7oYej1wrDXCj2IVAY\/\/9V4wAAFgMDAFECAABNAwNWGmYKzk9E9QTUrFeH5Hw2eqdwlTnoxi20+pBaUP1saiCiEgrZvpHjzJYNIqBz8GV5Z5nEiB2\/9li16SQKz1NTSAAEAAAF\/wEAAQAUAwMAAQEWAwMAIFcfE72a+QYqy4KnB7ssdgEQPAH15UqMjQbvXvYfEwJV"}
-00796{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_tot_l4_data_len":496,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":82,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00807{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":6,"flow_first_seen":1444570628117,"flow_last_seen":1444570628565,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":356,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1.2","client_requested_server_name":"radcom.webex.com","ja3":"f9010d8c34749bdf7659b52227e6f91b","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00460{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":566905,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNAUJAABAGtbVARGlnCggAAQG7oYZs7kr4kxG2SFAY\/\/+PgAAAFgMDACAy73ppu2XOX3ICuy8hyAfMVby0BzvjSQkSvagk3Ak6Dg=="}
00406{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":567184,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoSv9AAEAGPB0KCAABQERpZ6GHAbtcKPYho9cLRFAQPLgawAAA"}
00406{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":567464,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCqlAAEAGfHMKCAABQERpZ6GGAbuTEbZIbO5LHVAQOQgecQAA"}
@@ -61,38 +61,38 @@
00408{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":568372,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAUNAABAGtdlARGlnCggAAQG7oYej1wtEXCj2TFAQ\/\/9XTQAA"}
00467{"flow_id":3,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":618984,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABTCqpAAEAGfEcKCAABQERpZ6GGAbuTEbZIbO5LHVAYOQhTdwAAFAMDAAEBFgMDACDsrVn+klk2PAbR1UMB7W8XzTSyzCFQLnlG0me9k09RdA=="}
00409{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570628,"pkt_ts_usec":619392,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAURAABAGtdhARGlnCggAAQG7oYZs7ksdkxG2c1AQ\/\/9XTgAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1444570630272,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1444570630272,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570630,"pkt_ts_usec":272557,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0ymtAAEAGS1oKhc4vuT+TCtV7Abs2TX647AAfvYARAZp5QwAAAQEICgBMwJ1XHSbf"}
00409{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570630,"pkt_ts_usec":272755,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWBAABAGRHK5P5MKCoXOLwG71XvsAB+9Nk1+uVAQ\/\/\/y2gAA"}
00409{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570630,"pkt_ts_usec":272893,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWFAABAGRHG5P5MKCoXOLwG71XvsAB+9Nk1+uVAR\/\/\/y2QAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1444570631058,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1444570631058,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":58632,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0G+BAAEAG6O4Khc4vaxTyLOg3Abv3v7ExKrw8QIARAiEILgAAAQEICgBMwOxXHSRB"}
00409{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":58850,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWRAABAGM3drFPIsCoXOLwG76DcqvDxA97+xMlAQ\/\/9\/\/QAA"}
00409{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":59010,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWVAABAGM3ZrFPIsCoXOLwG76DcqvDxA97+xMlAR\/\/9\/\/AAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1444570631722,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1444570631722,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":722722,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA87rhAAEAGmE8KCAABQERpZ6GKAbt6Ji+WAAAAAKACOQhMyAAAAgQFtAQCCAoATMEuAAAAAAEDAwY="}
00408{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":726320,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWZAABAGtbZARGlnCggAAQG7oYqF2dBpeiYvl1AS\/\/9Y2AAA"}
00406{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":726629,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7rlAAEAGmGIKCAABQERpZ6GKAbt6Ji+XhdnQalAQOQgf0QAA"}
00492{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":731449,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn7rpAAEAGmCIKCAABQERpZ6GKAbt6Ji+XhdnQalAYOQgODwAAFgMBADoBAAA2AwHgmz2uanfCUjnykbM2Mv9FAODhfxJmAjR5YaebpjX1JgAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_first_seen":1444570631722,"flow_last_seen":1444570631731,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":7,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570631,"pkt_ts_usec":731733,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWdAABAGtbVARGlnCggAAQG7oYqF2dBqeiYv1lAQ\/\/9YmgAA"}
02247{"flow_id":7,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":200990,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"ABoRAAACABoRAAABCABFAAV4AWhAABAGsGRARGlnCggAAQG7oYqF2dBqeiYv1lAY\/\/+6OgAAFgMBD14CAABNAwFWGmYNJvrCeyqJ+yGixMjFkysXvSP42V4YBYxn0xf6yiDu5C+q5u2enqRZq+rKCDeYalzIW6XI487FIwumfVZTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFOA=="}
00407{"flow_id":7,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":251291,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7rtAAEAGmGAKCAABQERpZ6GKAbt6Ji\/WhdnVulAQP8ATigAA"}
03883{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":251919,"pkt_caplen":2633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2633,"pkt_l4_len":2599,"pkt":"ABoRAAACABoRAAABCABFAAo7AWlAABAGq6BARGlnCggAAQG7oYqF2dW6eiYv1lAY\/\/\/KqQAAMIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxwAE1DCCBNAwggQ5oAMCAQICECUM6OAwYS6fK4n3BU18+P0wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEwODAwMDAwMFoXDTIxMTEwNzIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO3Hy8PEUcuyvg\/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4\/4uVW3sbdLs\/6PfgdX7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvSj+hwUU3RiWl7x3D2s9wSdNt7XUtW05a\/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTdOrUZ\/wK69Dzu4IvrN4vs9Nes8vbwPa\/ddZEzGR0cQMt0JBkhk9kU\/qwqUseP1QRJ5I1jR4g8aYPL\/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+glFQIDAQABo4IBmzCCAZcwDwYDVR0TAQH\/BAUwAwEB\/zAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EzLmNybDAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFH\/TZafC3ey78DAJ80M5+gKvMzEzMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI\/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMD4GA1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoIWbTsRTX3ilv\/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9\/w4AAAA="}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_tot_l4_data_len":4182,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":185,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1444570631722,"flow_last_seen":1444570632251,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":7,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":302950,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7rxAAEAGmF8KCAABQERpZ6GKAbt6Ji\/WhdnfzVAQUJj4ngAA"}
00857{"flow_id":7,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":303117,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu7r1AAEAGlxgKCAABQERpZ6GKAbt6Ji\/WhdnfzVAYUJjVPwAAFgMBAQYQAAECAQBzrrtuF9+KR1wUqM\/\/NKdN8XLh8LQAufDmYdAQr2kRZIkBiYk\/hpbt+Iw+GTsKw0MtqYlnE6k0JY9H5kPH6+3OvBZdfDr2Wzdb\/rVXoop9XeS3qxcoMcCtEPmKSw1YTu4ogI6viS3URet+1rFfs1NFOGBBeILYBuPxbyD0gsT6KS\/UiR0jsVBU2CV4D6dE771y9w173iAG+kgV+8uCpersHqxTFvH7nQS0EVVu6lAmO9h2KB+zo7A2OHw+3G5t5Bzfsbiv4mjcPd\/6\/jR7clclPVs0yNFWcHNf2oGZqRyddUHOhRIOGuMrPkMyBuqiDtCyTpZqh9l+796Gg1qXVIeKFAMBAAEBFgMBADBnxM9xD\/Xbyw5+1ZQ\/sLmg5Xk56Qv2zLjGfmg8K7fxP6VW2XGTw5fhz9YGWv\/TttY="}
00410{"flow_id":7,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":303284,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWpAABAGtbJARGlnCggAAQG7oYqF2d\/NeiYxHFAQ\/\/9H8QAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1444570632436,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1444570632436,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":436109,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8E6FAAEAGB\/MKCAABFyz987+YAbs3etLXAAAAAKACOQhiaAAAAgQFtAQCCAoATMF2AAAAAAEDAwY="}
00409{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":439585,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWtAABAGSj0XLP3zCggAAQG7v5jIhS0oN3rS2FAS\/\/\/PVQAA"}
00406{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":470387,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoE6JAAEAGCAYKCAABFyz987+YAbs3etLYyIUtKVAQOQiWTgAA"}
00492{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":470550,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnE6NAAEAGB8YKCAABFyz987+YAbs3etLYyIUtKVAYOQiFHgAAFgMBADoBAAA2AwGEmq+NZP+kc3ErHq1IRgxSv+RZnIPy+ZyIImU+XVBptwAABAA1AP8BAAAJACMAAAAPAAEB"}
-00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00727{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1444570632436,"flow_last_seen":1444570632470,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":470778,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAWxAABAGSjwXLP3zCggAAQG7v5jIhS0pN3rTF1AQ\/\/\/PFwAA"}
00493{"flow_id":7,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":541070,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ABoRAAACABoRAAABCABFAABjAW1AABAGtXRARGlnCggAAQG7oYqF2d\/NeiYxHFAY\/\/92owAAFAMBAAEBFgMBADD9PmnvW3yJRGDCtXk88uGURezbwFFzyI2PxxOI3cMS57iKf8\/Uw3einH9SeqEXnkY="}
04305{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":591660,"pkt_caplen":2957,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2957,"pkt_l4_len":2923,"pkt":"ABoRAAACABoRAAABCABFAAt\/AW5AABAGPuMXLP3zCggAAQG7v5jIhS0pN3rTF1AY\/\/8vQwAAFgMBADUCAAAxAwFWGmYO1rhEh3sKERRiLa6er7WS4Mc5yLLjZ\/vDnTpgjAAANQAACf8BAAEAACMAABYDAQsPCwALCwALCAAHJTCCByEwggYJoAMCAQICAwMLXjANBgkqhkiG9w0BAQUFADBAMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0IFNTTCBDQTAeFw0xNDEyMTgwODI3NTlaFw0xNjAyMTkyMTMyMDZaMIGdMSkwJwYDVQQFEyA1MjhwYWlFTHVjZEpwRWtPanNxSDIzakJDREVvbVEzejELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMQswCQYDVQQLEwJJVDEWMBQGA1UEAxMNd3d3LndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOBsgr08pWRdeldXJQh9ZVWm9nEGfXfgFv7SFWzq8rI+qi4OhNYD0cEyN04QMR15qcWRV6c2PFRpC8IEABY40l4ktzNkaSY2HcFNODzwxJ6O3kvYpx7G5niqPfMhDu6kdAVeIt4YDgYwygfMomu\/sRD32stB0z39Do7CqRCo16k8Pli9rjjhhm4nUy5KGCGQg2uPC8pEHfWBoqIU0xycUWnkpXXq3g+RDZpClE7YQWk1QQ7+En0FD0xicbTUHJl55mF0slM3Rh1+SuTWSoQQnQ\/+uPzY0nIjO2fGxXGbTzZkaCeIZreyw7A\/i6bPmJ7pSHACf2MovqwssuYVqn7kcaMCAwEAAaOCA8QwggPAMB8GA1UdIwQYMBaAFEJ5VBthzVUrPmPVPEhX9Z\/7Rc5KMA4GA1UdDwEB\/wQEAwIEsDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwggJBBgNVHREEggI4MIICNIIQd3d3LndlYmV4LmNvbS5hdYIMd3d3LndlYmV4LmNhggx3d3cud2ViZXguZGWCEHd3dy53ZWJleC5jb20uaGuCD3d3dy53ZWJleC5jby5pboIPd3d3LndlYmV4LmNvLml0gg93d3cud2ViZXguY28uanCCEHd3dy53ZWJleC5jb20ubXiCD3d3dy53ZWJleC5jby51a4ILbS53ZWJleC5jb22CEHNpZ251cC53ZWJleC5jb22CEnNpZ251cC53ZWJleC5jby51a4IPc2lnbnVwLndlYmV4LmRlghFteXRyaWFsLndlYmV4LmNvbYIUbXl0cmlhbC53ZWJleC5jb20ubXiCE215dHJpYWwud2ViZXguY28uaW6CFG15dHJpYWwud2ViZXguY29tLmF1ghNteXRyaWFsLndlYmV4LmNvLmpwghFzdXBwb3J0LndlYmV4LmNvbYIQaG93ZG9pLndlYmV4LmNvbYIMa2Iud2ViZXguY29tghVteXJlc291cmNlcy53ZWJleC5jb22CEmludm9pY2VzLndlYmV4LmNvbYINdHJ5LndlYmV4LmNvbYITYnV5b25saW5lLndlYmV4LmNvbYISYnV5b25saW5lLndlYmV4LmRlghVidXlvbmxpbmUud2ViZXguY28udWuCEXRlbXBib2wud2ViZXguY29tghV0ZW1wc3VwcG9ydC53ZWJleC5jb22CDXd3dy53ZWJleC5jb22CCXdlYmV4LmNvbTA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vZ3Rzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL2d0c3NsLmNybDAdBgNVHQ4EFgQUrzja2z769pN9I4b3r3d3lm17XYIwDAYDVR0TAQH\/BAIwADBvBggrBgEFBQcBAQRjMGEwKgYIKwYBBQUHMAGGHmh0dHA6Ly9ndHNzbC1vY3NwLmdlb3RydXN0LmNvbTAzBggrBgEFBQcwAoYnaHR0cDovL2d0c3NsLWFpYS5nZW90cnVzdC5jb20vZ3Rzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBBQUAA4IBAQAvuebUSYomJeazjVaUuaZEOu1eiO9NXlT0gAXaY+nBn9NplhbsHxSHjGcVFhTOlfQJQ7O2PIsniGT8njs\/8EOgAHMOQu7d0YAdoxHCL3Sm9N66NMEpVV2G4WgXygLs4kJh+yUBb1kIku9DiG38AU+r+99Jkqmyn3tMOTCvETWEYkl+blYjS5l0FssSr6KQmrm1sClsOKID4cShgc9IV3B50cL0ujDIZCufuPZyI0qR+lnHIN3+rLqfP\/7mDXbNVamMD49\/DJf7eLfwCr37T4WHDGz9KbKKastRcnHmH2Q518aObG0TJ\/l3+UreTIcQ2rThuXKkjXwSVbbpdWwNMHuUAAPdMIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTAwMjE5MjIzOTI2WhcNMjAwMjE4MjIzOTI2WjBAMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xGDAWBgNVBAMTD0dlb1RydXN0IFNTTCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJCzgMHk5UatcGA9uuUU3Z6KXot1WubKbUGlI+g5hSZ6p1V3mkihkn46HhrxJ6ujTDnMyz1Hr4GuFmpcN+9FQf37mpc8oEOdxt8XIdGKolbCA0mEEoE+yQpUYGa5jFTk+eb5lPHgX3UR8im55IaisYmtph6DKWOy8FQchQt65+EuDa+kvc3nsVrXjAVaDktzKIt1XTTYdwvhdGLicTBi2LyKBeUxY0pUiWozeKdOVSQdl+8a5BLGDzAYtDRN4dgjOyFbLTAZJQ5096QhS6CkIMlszZhWwPKoXz4mdaAN+DaIiixafWcwqQ\/RmXAueOFRJq9VeiS+jDkNd53eAsMMvR8CAwEAAaOB2TCB1jAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEJ5VBthzVUrPmPVPEhX9Z\/7Rc5KMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMBIGA1UdEwEB\/wQIMAYBAf8CAQAwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nZW90cnVzdC5jb20wDQYJKoZIhvcNAQEFBQADggEBANTvU4ToGr2hiwTAqfVfoRB4RV2yV2pOJMtlTjGXkZrUJPjiJ2ZwMZzBYlQG55cdOprApClICq8kx6jEmlTBfEx4TCtoLF0XplR4TEbigMMfOHES0tdT41SFULgCy+5jOvhWiU1Vuy7AyBh3hjELC3DwfjWDpCoTZFZnNF0WX3OsewYk2k9QbSqr0E1TQcKOu3EDSSmGGM8hQkx0YlEVxW+o78Qn5Rsz3VqI138S0adhJR\/V4NwdzxoQ2KDLX4z6DOW\/cf\/lXUQdpj6HR\/oaToODEj+IZpWYeZqF6wJHzSXj8gYETpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQWAwEABA4AAAA="}
-01570{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_tot_l4_data_len":3106,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2923,"flow_avg_l4_data_len":517,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","issuerDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}}
+01581{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1444570632436,"flow_last_seen":1444570632591,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":2966,"flow_avg_l4_payload_len":494,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"www.webex.com.au,www.webex.ca,www.webex.de,www.webex.com.hk,www.webex.co.in,www.webex.co.it,www.webex.co.jp,www.webex.com.mx,www.webex.co.uk,m.webex.com,signup.webex.com,signup.webex.co.uk,signup.webex.de,mytrial.webex.com,mytrial.webex.com.mx,mytrial.webex.co.in,mytrial.webex.com.au,mytrial.webex.co.jp,support.webex.com,howdoi.webex.com,kb.webex.com,myresources.webex.com,invoices.webex.com,try.webex.com,buyonline.webex.com,buyonline.webex.de,buyonline.webex.co.uk,tempbol.webex.com,tempsupport.webex.com,www.webex.com,webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"714ac86d50db68420429ca897688f5f3","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=GeoTrust, Inc., CN=GeoTrust SSL CA","issuerDN":"C=US, ST=California, L=San Jose, O=Cisco Systems, OU=IT, CN=www.webex.com","fingerprint":"EE:CE:24:B7:67:4D:F0:3F:16:80:F8:DC:E3:53:45:5F:3E:41:25:CD"}}
01136{"flow_id":7,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":591823,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"ABoRAAACABoRAAABCABFAAJA7r5AAEAGlkUKCAABQERpZ6GKAbt6JjEchdngCFAQUJgT1wAAFwMBACBH\/1+4ssP5+r51KHoVlXmGpHPOXLNFe7ZVKdpfEkx8jxcDAQPghB7AHD4xu8ZetThKlFRnvqmplDEr11sv6gYnz9qjgq3dJjSM7RNpvbBrH0Nzfe67METwiZy0iTxD4QLgGHKmVAaddH6YdM5gElDiZD4SLJFZUuLjAKFacvU115VMsETKBJWkWaUd8sTg8686+hrMEqv1r65DGTFztVOdGNrfhbGwkRrF6j6hEVvedoU88QtrIwx1MobLlb0pj1qo\/Lbq1xUQ9hGY9l8wp4AM\/5KTsAhFGmm+9PSqM5t6J0VghK9SqBIC2PPVZdhjZWVTW\/0ZYb0K2exYkTCPtefugNGyls7zqQMrqi+OMLC+STkfN0Mf23LPHCIEagt6Od\/7TYM6TojeonOEZs5GjNftM4H8mvn0tPEbUUqTl0YhTCRHmnojAWsquYWV0CC3WbslLhBn87PKf1RIjhs6PEKo4TMsRKCEc6YzqyeaQ9x09FzuAosWemPanxyw0HR9fjfQ7L+A3OINGFNvoWE9p+5X5oSI0qCLmoHspcRmVjxM5xDYXze5XoFrJNuM6u3cYQimqJAqNTcVL\/wJh2tIbre42JJ2Rjp79tAaVQbzwrHJHG8pOma7icNf7k\/vOZaOpxo\/2rSuEg4FPyhv\/H8gu+JW8eWZz5hfYjNHYokY\/B3UJaAqnrNSSW9rrha+1xSpOBFUY0w="}
00409{"flow_id":7,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":591949,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAW9AABAGta1ARGlnCggAAQG7oYqF2eAIeiYzNFAQ\/\/9FngAA"}
01079{"flow_id":7,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":592020,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"pkt":"ABoRAAACABoRAAABCABFAAIa7r9AAEAGlmoKCAABQERpZ6GKAbt6JjM0hdngCFAYUJj3gwAAdTTP33MwkthbMd82fpGfgOpHvwaDOGy6Sk\/8Fk5XzjJZGf22ZbFlL3jYmDgAZ4bP3IPBxlr\/NWvNQ06vurmjjtRmSb9upUIgnYaIqqOa3THIU7rQsNMJ22Pmedl4tNLVnrXo1B6knUiXGp3dq7vntLeyIMEuijyYif9cvXdJJruDE9Re+TzlwAOr4qgBTWi18bDyRHzev002AePGC13x4PsucY2Qex1rN9Fc8cYDRYQaep1a3zQBAoaw1OOIqs4ftmq22T0mLwzQviqD1US0Nu7z1iYuOFdPgOA3SbZulf+0VVKqk5r2nBPCfG0ykFYzsc2FsceEm+XmQC5wYc9VL9y0mMwQipbEMvqAOTt2hCZDoGDj2FYOi9zjpyn0JD716pGEMCu30oiNFN8yynqLYWL5ejMB6mizwXoaX1EKQDZf7Y7lTCa4EAdNcgX8nBzKpWk5tzKbCPdWCsxFngzQgCGbDF3iF5r3M+G4M4xMupxMBO3faHFxx4Nai4tQUVusDiVaZ+t\/jBryBJj\/7kkueGKZVC17donrAZspaKCyKhQ2dWqakJiaZjJksazyIb7OJg+c2An+Wj1m4ldythC7QPEkMkCvicpse2E7PhJmlUPqlj33IGckrUPLVZxqpn0sgv\/3OWu1rgPVfAYVvKyuGXsC"}
@@ -104,17 +104,17 @@
00410{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570632,"pkt_ts_usec":742559,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAXNAABAGSjUXLP3zCggAAQG7v5jIhTlqN3rV51AQ\/\/\/ABgAA"}
01097{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":137443,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"pkt":"ABoRAAACABoRAAABCABFAAIiAXdAABAGSDcXLP3zCggAAQG7v5jIhTlqN3rV51AY\/\/9sYwAAFwMBAdBr6rILLXSFfLg2xmcpp7IzjJDTPMXzdMKTosQVEQmd\/NFjPQ1znLompWH0SbWBVqguYeRqgYBlLJDr3tKAHftNbqlL1TEL7I5ZOaJboZ3flnha2DT2kZCvC40+JCvHZ96tdi4z7uHrb00aqlbZ2zCfdV2cmlPpxVzTjfMRLbdS6on04jNn\/ItcWbN0OEGtifIJ+tXSTg2GCfeyHT9p8mJv7osbIyon4jClJrZ\/qLYu2c5e6lKxDhQyetNN0IO\/tQ6GAnSpzUiUPMbb0\/rKdtDFoqgU1gB7IpWDe0iMGmFtFpoklWekWY3QllPKp1PNOP1edC0+GG9YeXTyBA\/03Oh8QBf4Y+PxScTe0HKoR0ivtezQkVoHn61lY+na6E092GzZVlfDp5XdmhUKToC9vcNKWuFOdILwYY1PQgXTNU4zkdW+\/8VSpxdux626mbKN23DPSjKheShbpaOotO0Ftm6rB6\/EALB2Q2kks0SK3KuoRYbRbqQauFGEvzX6V6k3YoRQ5EIZwW6UOBcmAqTJicciQWaA7f4XHbTqalPo97knYeYd26wFwPqRjQTH9Gd3EEqkG9i9uE1U4gze1BDS+uRRlo1SBbV137uDSdiTgOQUXBUDAQAgwS\/Rg9gFfgiFf+h0mxtWS3MfWKg4wYwBTN8NPs0oChM="}
00407{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":205058,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoE6dAAEAGCAEKCAABFyz987+YAbs3etXnyIU7ZFAUfL1BSwAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1444570633357,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1444570633357,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":357298,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA87DBAAEAGmtcKCAABQERpZ6GOAbtaKC3iAAAAAKACOQht0gAAAgQFtAQCCAoATMHSAAAAAAEDAwY="}
00408{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":360351,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAXpAABAGtaJARGlnCggAAQG7oY6l19IdWigt41AS\/\/9Y1AAA"}
00406{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":360483,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7DFAAEAGmuoKCAABQERpZ6GOAbtaKC3jpdfSHlAQOQgfzQAA"}
00493{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":362374,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn7DJAAEAGmqoKCAABQERpZ6GOAbtaKC3jpdfSHlAYOQhBGAAAFgMBADoBAAA2AwHTw\/bn8phv0cUj5hxDCEb0N0sEPfC+Zz7P154TmGT2KQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_first_seen":1444570633357,"flow_last_seen":1444570633362,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00408{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":362543,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAXtAABAGtaFARGlnCggAAQG7oY6l19IeWiguIlAQ\/\/9YlgAA"}
02247{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":759559,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"ABoRAAACABoRAAABCABFAAV4AXxAABAGsFBARGlnCggAAQG7oY6l19IeWiguIlAY\/\/98JgAAFgMBD14CAABNAwFWGmYPgnRc4iMnpQXjn7W1o8Eq0vfQyXO+n056EKcu0yDKqOB0ehPXzyt5zMr3ZHbaIAcaxRyOh0DvxOa9GFdTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFOA=="}
00406{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":810470,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7DNAAEAGmugKCAABQERpZ6GOAbtaKC4ipdfXblAQP8AThgAA"}
03883{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":811592,"pkt_caplen":2633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2633,"pkt_l4_len":2599,"pkt":"ABoRAAACABoRAAABCABFAAo7AX1AABAGq4xARGlnCggAAQG7oY6l19duWiguIlAY\/\/\/KpQAAMIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxwAE1DCCBNAwggQ5oAMCAQICECUM6OAwYS6fK4n3BU18+P0wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEwODAwMDAwMFoXDTIxMTEwNzIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO3Hy8PEUcuyvg\/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4\/4uVW3sbdLs\/6PfgdX7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvSj+hwUU3RiWl7x3D2s9wSdNt7XUtW05a\/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTdOrUZ\/wK69Dzu4IvrN4vs9Nes8vbwPa\/ddZEzGR0cQMt0JBkhk9kU\/qwqUseP1QRJ5I1jR4g8aYPL\/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+glFQIDAQABo4IBmzCCAZcwDwYDVR0TAQH\/BAUwAwEB\/zAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EzLmNybDAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFH\/TZafC3ey78DAJ80M5+gKvMzEzMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI\/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMD4GA1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoIWbTsRTX3ilv\/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9\/w4AAAA="}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_tot_l4_data_len":4182,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":225,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":8,"flow_first_seen":1444570633357,"flow_last_seen":1444570633811,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00406{"flow_id":9,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":862615,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo7DRAAEAGmucKCAABQERpZ6GOAbtaKC4ipdfhgVAQUJj4mgAA"}
00857{"flow_id":9,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":862998,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu7DVAAEAGmaAKCAABQERpZ6GOAbtaKC4ipdfhgVAYUJgTNwAAFgMBAQYQAAECAQB9e7+NQHEVjddpWUvPW6gV6\/uT\/ulXG5JxuO2\/mzmtXH4zuQRw4iJCJPU3VPj6u38aPmB4Dsrc2Qs7ct0BxP7VNOFNHbm4pP4m\/3dz2Pjv9y\/W0h7QlT85w8QCL34iEAdymlHA5KlHcdrW+I+vmDbGdQmyygBMVJCS\/bCmSL7JoPdVIpFgDVVF+4lbc3He9yu65EhIhdjxOIS8ikJ9hxIMoSUUgeXpqoEMVJYMxCSBnDrePp9ACWlVgT9pI70aFkz+oJ9T\/isvSvlMITHn5IT78zWHA0bxvsyWLreoOZ9\/CzO5bs4+NWuoDSobztYVtDo3kFpJzWS5Vqe1lXyKfjipFAMBAAEBFgMBADCzHuR\/K+4uIP\/YCZDD3LbGmMwrUaEgFCaL0QLOypFC3IeRFhoJZMkn2m5kv4Bl\/K8="}
00409{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570633,"pkt_ts_usec":863970,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAX5AABAGtZ5ARGlnCggAAQG7oY6l1+GBWigvaFAQ\/\/9H7QAA"}
@@ -122,108 +122,108 @@
01143{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570634,"pkt_ts_usec":124821,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"ABoRAAACABoRAAABCABFAAJA7DZAAEAGmM0KCAABQERpZ6GOAbtaKC9opdfhvFAQUJix4QAAFwMBACC2Gf98Lp3bUwIlav73r8\/RI8c9Dn9LTEAK7H9AKpnY2hcDAQIQQu0+BOhGMCHr6u35CSjzcixsV7Gd1f+U7zb+kRVo\/VUdxUFXkCuvjf38HXZG0MCUGizOrUDSjMjEmJlwX\/YdPx3iJqrloL3xFqpC1\/mG6wsgfWsOC7O9Uhxu7fogAPGhGmU79Evgh4Sae4yBGszAUYTMtJOxgVWijoO32g2Soco8\/NB8XFRGVMkkaXy6vQ8kw1wfIX7BzZBf1N6ccMV\/FAMko\/a+1VvZEfQrjlcMNUDOw3OqHCJAyksuO8Va4jBI3k9DZTQ2FV\/YTiH+7ZMZFJww6cTNH9CEUVRpXJ4WpqfVvV7fOwbb0qDBgpJt+HLSOSN8sI2DUcBsYvXP8DvDxVZKsHRzSbH0+i2EpYHbd9KWGTktCDcoADim\/yzZvjqoCzKMkaZrCcRF+zcVI\/WMh7Ruj17CNaxZHdV0LQZnoiQT6hDC+gsxli3OnOfjuvgXxg5XDtlNKXQgvieOTTUrsu8pdXHmVJ28P2dOz2ANpVJONCUcqtRIwr2Zj0XSbIYiWDwtKcClS\/3iYfp5AbMbNdfxzmLKdYKuvcPE\/sHGbBqWMP0EbQbsipOM\/Q76ik\/J0t\/9NAQy0UNk0saRvWTKcC8ai93rl1oWKsiCHL8\/12BXybpctrzVVshMoML\/Rd009EnsSl+1yWVrmBFedfo="}
00409{"flow_id":9,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570634,"pkt_ts_usec":125667,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAYBAABAGtZxARGlnCggAAQG7oY6l1+G8WigxgFAQ\/\/9FmgAA"}
00456{"flow_id":9,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570634,"pkt_ts_usec":126109,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"ABoRAAACABoRAAABCABFAABK7DdAAEAGmsIKCAABQERpZ6GOAbtaKDGApdfhvFAYUJhLJQAA6M8TR5XszWO89LtX48bicE\/9oPFdvfJa9CRPtEy1N2EC0A=="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1444570636151,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1444570636151,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":151328,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8tbVAAEAGMwwKCAABch3V1KL+AbsYGndcAAAAAKACOQjFmAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="}
00409{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":154295,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAY1AABAGF0lyHdXUCggAAQG7ov7n5YijGBp3XVAS\/\/+5HQAA"}
00407{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":154740,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAotbZAAEAGMx8KCAABch3V1KL+AbsYGndd5+WIpFAQOQiAFgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1444570636155,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1444570636155,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":155519,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8NxlAAEAGu0sKCAABch3MMcm+AbvkVPXwAAAAAKACOQhdrAAAAgQFtAQCCAoATMLpAAAAAAEDAwY="}
00409{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":157830,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAY5AABAGIOtyHcwxCggAAQG7yb4bqwoP5FT18VAS\/\/+cAAAA"}
00493{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":157950,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABntbdAAEAGMt8KCAABch3V1KL+AbsYGndd5+WIpFAYOQhDcwAAFgMBADoBAAA2AwEixpBV3K1aYKpnKzRaOLYWz3kxtW8gINw5Lf9cpQ2h2AAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_first_seen":1444570636151,"flow_last_seen":1444570636157,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":158232,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAY9AABAGF0dyHdXUCggAAQG7ov7n5YikGBp3nFAQ\/\/+43wAA"}
00407{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":158443,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNxpAAEAGu14KCAABch3MMcm+AbvkVPXxG6sKEFAQOQhi+QAA"}
00493{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":159914,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnNxtAAEAGux4KCAABch3MMcm+AbvkVPXxG6sKEFAYOQjpBAAAFgMBADoBAAA2AwELSWRUw5u41GvWexySi8w7aRuG0UGhgcOkKRM8ZLYwuAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1444570636155,"flow_last_seen":1444570636159,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":160142,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZBAABAGIOlyHcwxCggAAQG7yb4bqwoQ5FT2MFAQ\/\/+bwgAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1444570636160,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1444570636160,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":160380,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA80GxAAEAGr+EKCAAB0cXen7mKAbt7nBKGAAAAAKACOQhH7AAAAgQFtAQCCAoATMLqAAAAAAEDAwY="}
00409{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":163417,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZFAABAGrtHRxd6fCggAAQG7uYqEY+15e5wSh1AS\/\/86HgAA"}
00408{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":163735,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0G1AAEAGr\/QKCAAB0cXen7mKAbt7nBKHhGPtelAQOQgBFwAA"}
00494{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":164429,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn0G5AAEAGr7QKCAAB0cXen7mKAbt7nBKHhGPtelAYOQh2yQAAFgMBADoBAAA2AwENSlEe7+NgWQr9TJ\/2WZpS5a6sUQSaq2ncdIKzDktEmAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_first_seen":1444570636160,"flow_last_seen":1444570636164,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":164621,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZJAABAGrtDRxd6fCggAAQG7uYqEY+16e5wSxlAQ\/\/854AAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1444570636170,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1444570636170,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":271,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":170439,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8c99AAEAGAvcKCAABQER5meEvAbvnI7E0AAAAAKACOQgMmAAAAgQFtAQCCAoATMLrAAAAAAEDAwY="}
00409{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":175135,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZNAABAGpVdARHmZCggAAQG74S8Y3E7L5yOxNVAS\/\/8JAQAA"}
00407{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":175390,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoc+BAAEAGAwoKCAABQER5meEvAbvnI7E1GNxOzFAQOQjP+QAA"}
00495{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":176823,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnc+FAAEAGAsoKCAABQER5meEvAbvnI7E1GNxOzFAYOQg\/MQAAFgMBADoBAAA2AwHlQjeb\/eKZHKuppjWfos5yg+nhloBcE1OwdwWUSYyZagAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1444570636170,"flow_last_seen":1444570636176,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":177089,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZRAABAGpVZARHmZCggAAQG74S8Y3E7M5yOxdFAQ\/\/8IwwAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1444570636180,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1444570636180,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":180806,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8nw9AAEAGbDMKCAABPm3nA7L2AbufQl3jAAAAAKACOQhqbwAAAgQFtAQCCAoATMLsAAAAAAEDAwY="}
00410{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":183521,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZVAABAGOcI+becDCggAAQG7svZgvaIcn0Jd5FAS\/\/\/LpgAA"}
00407{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":183683,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAonxBAAEAGbEYKCAABPm3nA7L2AbufQl3kYL2iHVAQOQiSnwAA"}
00494{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":185047,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnnxFAAEAGbAYKCAABPm3nA7L2AbufQl3kYL2iHVAYOQiqgAAAFgMBADoBAAA2AwG1npMJl\/ayeEKp148YQXJQu08Kp5pJKEAcdvXjyY7AEAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1444570636180,"flow_last_seen":1444570636185,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":185321,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZZAABAGOcE+becDCggAAQG7svZgvaIdn0JeI1AQ\/\/\/LaAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1444570636248,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1444570636248,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":248727,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8NIdAAEAGU1wKCAABQERojK3MAbt5hvZ2AAAAAKACOQh5XQAAAgQFtAQCCAoATMLxAAAAAAEDAwY="}
00409{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":252206,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZdAABAGtmBARGiMCggAAQG7rcyGeQmJeYb2d1AS\/\/9NcQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1444570636252,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1444570636252,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":252483,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA80SxAAEAGIt4KCAABch3Ki7gMAbtSShPdAAAAAKACOQjlGgAAAgQFtAQCCAoATMLxAAAAAAEDAwY="}
00409{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":255532,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZhAABAGIodyHcqLCggAAQG7uAyttewiUkoT3lAS\/\/+vWAAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1444570636255,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1444570636255,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":255758,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA870JAAEAGjzEKCAABrfMETM36AbsKei2zAAAAAKACOQiHkAAAAgQFtAQCCAoATMLxAAAAAAEDAwY="}
00409{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":259424,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZlAABAGrO+t8wRMCggAAQG7zfr1hdJMCnottFAS\/\/8j1AAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1444570636259,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1444570636259,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":259848,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8u9ZAAEAGuzQKCAABQER5ZMv7AbtwVXkkAAAAAKACOQjQ2AAAAgQFtAQCCAoATMLyAAAAAAEDAwY="}
00410{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":263791,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZpAABAGpYVARHlkCggAAQG7y\/uPqobbcFV5JVAS\/\/8eagAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1444570636264,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1444570636264,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":264505,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8YelAAEAGFSMKCAABQER5Y9qhAbtb96MaAAAAAKACOQismgAAAgQFtAQCCAoATMLzAAAAAAEDAwY="}
00410{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":268416,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZtAABAGpYVARHljCggAAQG72qGkCFzlW\/ejG1AS\/\/8PxQAA"}
00407{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":268706,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNIhAAEAGU28KCAABQERojK3MAbt5hvZ3hnkJilAQOQgUagAA"}
00493{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":268852,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnNIlAAEAGUy8KCAABQERojK3MAbt5hvZ3hnkJilAYOQhZ6QAAFgMBADoBAAA2AwFZAOdrf318d9DQoA0D3C8cGGy1yScsdSsQfqgP8YHJWQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_first_seen":1444570636248,"flow_last_seen":1444570636268,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":269047,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZxAABAGtltARGiMCggAAQG7rcyGeQmKeYb2tlAQ\/\/9NMwAA"}
00407{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":269399,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0S1AAEAGIvEKCAABch3Ki7gMAbtSShPerbXsI1AQOQh2UQAA"}
00495{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":269543,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn0S5AAEAGIrEKCAABch3Ki7gMAbtSShPerbXsI1AYOQjEKQAAFgMBADoBAAA2AwEgf\/e\/jgX0597KeqXA4hkOqtuJMPxy38wcZQGqQdMmagAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1444570636252,"flow_last_seen":1444570636269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":269759,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ1AABAGIoJyHcqLCggAAQG7uAyttewjUkoUHVAQ\/\/+vGgAA"}
00407{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":269901,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo70NAAEAGj0QKCAABrfMETM36AbsKei209YXSTVAQOQjqzAAA"}
00493{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":270105,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn70RAAEAGjwQKCAABrfMETM36AbsKei209YXSTVAYOQhXBgAAFgMBADoBAAA2AwEbjnmamhrG0ilv8MM2B7NxSQPfoK5gN5dT14i2jCOS+AAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":298,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1444570636255,"flow_last_seen":1444570636270,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":270294,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ5AABAGrOqt8wRMCggAAQG7zfr1hdJNCnot81AQ\/\/8jlgAA"}
00407{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":270430,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAou9dAAEAGu0cKCAABQER5ZMv7AbtwVXklj6qG3FAQOQjlYgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1444570636270,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1444570636270,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":270568,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA879dAAEAGBrMKCAABch3IC7rhAbtuYS0jAAAAAKACOQivZQAAAgQFtAQCCAoATML0AAAAAAEDAwY="}
00409{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":273711,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAZ9AABAGJQByHcgLCggAAQG7uuGRntLcbmEtJFAS\/\/+vAwAA"}
00495{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":273982,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnu9hAAEAGuwcKCAABQER5ZMv7AbtwVXklj6qG3FAYOQirFAAAFgMBADoBAAA2AwHYELTmAdFk47j\/kG3RMIzBgWabbigjj\/WcrWQ+O8XfAwAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":303,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1444570636259,"flow_last_seen":1444570636273,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":274175,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaBAABAGpX9ARHlkCggAAQG7y\/uPqobccFV5ZFAQ\/\/8eLAAA"}
00407{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":274320,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoYepAAEAGFTYKCAABQER5Y9qhAbtb96MbpAhc5lAQOQjWvQAA"}
00493{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":274819,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnYetAAEAGFPYKCAABQER5Y9qhAbtb96MbpAhc5lAYOQh9SQAAFgMBADoBAAA2AwFui4ALd8hCzC1Hn0XZp9IbNctVu8L5+XzvOp52wmP4PgAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1444570636264,"flow_last_seen":1444570636274,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":275494,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaFAABAGpX9ARHljCggAAQG72qGkCFzmW\/ejWlAQ\/\/8PhwAA"}
00408{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":275644,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo79hAAEAGBsYKCAABch3IC7rhAbtuYS0kkZ7S3VAQOQh1\/AAA"}
00493{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":276432,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn79lAAEAGBoYKCAABch3IC7rhAbtuYS0kkZ7S3VAYOQiWfgAAFgMBADoBAAA2AwGYeAXD1rCaFxll3KHQwiDcn3jmpgdAsGqZOECdkGYcowAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_first_seen":1444570636270,"flow_last_seen":1444570636276,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":276627,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaJAABAGJP1yHcgLCggAAQG7uuGRntLdbmEtY1AQ\/\/+uxQAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1444570636359,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1444570636359,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":359207,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA86IFAAEAGnowKCAABQERpYciqAbsEZyp7AAAAAKACOQievAAAAgQFtAQCCAoATML6AAAAAAEDAwY="}
00409{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":363606,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaNAABAGtX9ARGlhCggAAQG7yKr7mNWEBGcqfFAS\/\/8xvgAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1444570636364,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1444570636364,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":364135,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8Y+FAAEAGIywKCAABQERpYpEJAbvtraEaAAAAAKACOQh2dQAAAgQFtAQCCAoATML7AAAAAAEDAwY="}
00409{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":368157,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaRAABAGtX1ARGliCggAAQG7kQkSUl7l7a2hG1AS\/\/9pXgAA"}
00407{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":368456,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo6IJAAEAGnp8KCAABQERpYciqAbsEZyp8+5jVhVAQOQj4tgAA"}
00493{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":368630,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn6INAAEAGnl8KCAABQERpYciqAbsEZyp8+5jVhVAYOQiOAwAAFgMBADoBAAA2AwG0+nLinPAGG4t2PmApyj1cBSRGozWXopqiBuxsT+LyqQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1444570636359,"flow_last_seen":1444570636368,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":369036,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaVAABAGtX1ARGlhCggAAQG7yKr7mNWFBGcqu1AQ\/\/8xgAAA"}
00407{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":369197,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoY+JAAEAGIz8KCAABQERpYpEJAbvtraEbElJe5lAQOQgwVwAA"}
00494{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":369622,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnY+NAAEAGIv8KCAABQERpYpEJAbvtraEbElJe5lAYOQjiHgAAFgMBADoBAAA2AwF3tBEHB6guyNBNlJmUpeM5u9lxXWyFQhCvqu17Ld8y\/QAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1444570636364,"flow_last_seen":1444570636369,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":369848,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAaZAABAGtXtARGliCggAAQG7kQkSUl7m7a2hWlAQ\/\/9pIAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1444570636387,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1444570636387,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":387910,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA82lhAAEAGrK8KCAABQERpZ6GqAbsG3RlZAAAAAKACOQjUWwAAAgQFtAQCCAoATMMBAAAAAAEDAwY="}
00409{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":395572,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAadAABAGtXVARGlnCggAAQG7oar5IuamBt0ZWlAS\/\/9YuAAA"}
00407{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":395961,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2llAAEAGrMIKCAABQERpZ6GqAbsG3Rla+SLmp1AQOQgfsQAA"}
00495{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":397645,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn2lpAAEAGrIIKCAABQERpZ6GqAbsG3Rla+SLmp1AYOQjTBwAAFgMBADoBAAA2AwHQxD6jP9mnXAR\/gJlsx5rnkfAjqPqPevvcaVvn\/9cADgAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1444570636387,"flow_last_seen":1444570636397,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":398289,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAahAABAGtXRARGlnCggAAQG7oar5IuanBt0ZmVAQ\/\/9YegAA"}
02278{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":461571,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"ABoRAAACABoRAAABCABFAAWMAalAABAGNEo+becDCggAAQG7svZgvaIdn0JeI1AY\/\/+fPgAAFgMBDz4CAAAtAwFWGmYRArDIcqLQ\/bRHkH\/nYeN2CQCCxM0AncO1AEsIWwAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNV"}
00407{"flow_id":14,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":462122,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAonxJAAEAGbEQKCAABPm3nA7L2AbufQl4jYL2ngVAQQLCFVAAA"}
03814{"flow_id":14,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":471138,"pkt_caplen":2581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2581,"pkt_l4_len":2547,"pkt":"ABoRAAACABoRAAABCABFAAoHAapAABAGL84+becDCggAAQG7svZgvaeBn0JeI1AY\/\/9AIAAABAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_tot_l4_data_len":4150,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":328,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":8,"flow_first_seen":1444570636180,"flow_last_seen":1444570636471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":14,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":522174,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAonxNAAEAGbEMKCAABPm3nA7L2AbufQl4jYL2xYFAQTvhtLQAA"}
00854{"flow_id":14,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":522571,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFunxRAAEAGavwKCAABPm3nA7L2AbufQl4jYL2xYFAYTvhSuAAAFgMBAQYQAAECAQB+x8SRFL2Xl25V270B08YXmzYouk2YY7Sh\/JZqWhl4FAtkaXyk3Y9KixLFglwMo8snZosACNZ4mi2KAWt7xQOoUCJFw9A8VP36T2QysqLRz+1q0kYb5d\/10QCwqU3BwBjieuKr8pvMNhakG+LNQUb+GVGXP22+JcaSnx8acpHquVahAg7KoKG3tge9\/o9hdNRcmkUTbETYhUcsO7kERjHuJsF0qrOU57OEoNvti6\/1IS+igd4z+TosVT5AeT9dpZLzf3XRHLkdc5Nvoq1Osrjx\/sIi6S\/VVKZD06Ovl1vOLOWhBJRCY7hpB6GOLUIaDO7uCntgxqENsNjJnu\/IjQOVFAMBAAEBFgMBADDMSFBVAWePsR52e6bpBiy3sbZr48YDsbwKShZC0wc+zB5r5AmNyl574bcRRXY1Kmc="}
00410{"flow_id":14,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":523151,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAatAABAGOaw+becDCggAAQG7svZgvbFgn0JfaVAQ\/\/+63wAA"}
@@ -231,22 +231,22 @@
00407{"flow_id":15,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":698579,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNIpAAEAGU20KCAABQERojK3MAbt5hva2hnkO2lAQP8AIIwAA"}
00492{"flow_id":14,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":699386,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ABoRAAACABoRAAABCABFAABjAa1AABAGOW8+becDCggAAQG7svZgvbFgn0JfaVAY\/\/+8kAAAFAMBAAEBFgMBADABGZe8ehOSe7gK0FC8QxqAhYLDRh5yPtE2RphosONMTi0lAqbKlg87+MpJfR3JJIE="}
05676{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":701917,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAa5AABAGn3HRxd6fCggAAQG7uYqEY+16e5wSxlAY\/\/\/gJgAAFgMBDz4CAAAtAwFWGmYSafQ2QQh1yhO3tQEaAendowKn9NoaYwQzVwrXvgAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01113{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":335,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1444570636160,"flow_last_seen":1444570636701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
03884{"flow_id":15,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":703657,"pkt_caplen":2633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2633,"pkt_l4_len":2599,"pkt":"ABoRAAACABoRAAABCABFAAo7Aa9AABAGrDVARGiMCggAAQG7rcyGeQ7aeYb2tlAY\/\/+\/QgAAMIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxwAE1DCCBNAwggQ5oAMCAQICECUM6OAwYS6fK4n3BU18+P0wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEwODAwMDAwMFoXDTIxMTEwNzIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO3Hy8PEUcuyvg\/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4\/4uVW3sbdLs\/6PfgdX7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvSj+hwUU3RiWl7x3D2s9wSdNt7XUtW05a\/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTdOrUZ\/wK69Dzu4IvrN4vs9Nes8vbwPa\/ddZEzGR0cQMt0JBkhk9kU\/qwqUseP1QRJ5I1jR4g8aYPL\/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+glFQIDAQABo4IBmzCCAZcwDwYDVR0TAQH\/BAUwAwEB\/zAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EzLmNybDAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFH\/TZafC3ey78DAJ80M5+gKvMzEzMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI\/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMD4GA1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoIWbTsRTX3ilv\/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9\/w4AAAA="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_tot_l4_data_len":4182,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":336,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":8,"flow_first_seen":1444570636248,"flow_last_seen":1444570636703,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00409{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":704202,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0G9AAEAGr\/IKCAAB0cXen7mKAbt7nBLGhGP8vVAQTE\/eTQAA"}
04347{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":705030,"pkt_caplen":2974,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2974,"pkt_l4_len":2940,"pkt":"ABoRAAACABoRAAABCABFAAuQAbBAABAGoXCt8wRMCggAAQG7zfr1hdJNCnot81AY\/\/8g1gAAFgMBDz4CAAAtAwFWGf8rmqTEjYV3fKJgrv6xsqvAH8t8a+41N1gtskOvYQAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOA=="}
00407{"flow_id":15,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":705760,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNItAAEAGU2wKCAABQERojK3MAbt5hva2hnkY7VAQUJjtNwAA"}
00407{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":706197,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo70VAAEAGj0IKCAABrfMETM36AbsKei3z9YXdtVAQT9jIVQAA"}
01741{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":706939,"pkt_caplen":1041,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1041,"pkt_l4_len":1007,"pkt":"ABoRAAACABoRAAABCABFAAQDAbFAABAGqPyt8wRMCggAAQG7zfr1hd21Cnot81AY\/\/+3iQAABgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_tot_l4_data_len":4150,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2940,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":341,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1444570636255,"flow_last_seen":1444570636706,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":707337,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo70ZAAEAGj0EKCAABrfMETM36AbsKei3z9YXhkFAQZqitqgAA"}
01052{"flow_id":14,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":720192,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"ABoRAAACABoRAAABCABFAAICnxVAAEAGamcKCAABPm3nA7L2AbufQl9pYL2xm1AYTvhkIAAAFwMBACB3C9lWLtSxCr74F+P7WC+tzib0fsc5+dwNBTzRkQ+jLBcDAQGwwSJTKS5td9FItkSmZW7S9M4+MdlGodmbw8B\/UmfU6mVq47gcpEXfv6lCsX3yLgGK351qzwEjOwh0r+GAA1s\/5ZmEAiDgvunOPbGg6XzdNUiAMroWTVuFaTw5IiGh0MMAEuqBFtHvmmmvIoSgqkgFSxefoiCIE\/SJm7V\/f5Xl2DhL\/sTUt4oLPfaQ9+y0+CqWYaUWlNtMG3zbhDk7VEZem+QOR\/86TBym1rBAzgActYZxmxAr4ZzRXVZ8mn8kZEyaup4JF\/khofRR8tRvk8sCL+e9jS27xVb7FSRMSa+a5ydzA1U+nZf4TcOU2QOumwjpo5KgClMy45902ObAorPnMYN4kUlcNAVWuVZHZsAM5Sl0WCwuYRWHnrd60P5IkMjFIgNmj7mjbJyQnb+4pzqZeq2GTxZXwZX+\/olfxcjjg84cDobM7I+Ux8oBcL4B\/ULghXfkxNRrFgPUXpC9UsbV21KIY3QulG7CeWi1aj6K3vEpeTJHb5pVYxj4Uys7gVr0VJxN5MNnAbHaWjNw0SK7St32Pqg5DmC7mt5Y+Qle4fgPQh5rLqk5AUVFrocorQ1P"}
00410{"flow_id":14,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":720856,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbJAABAGOaU+becDCggAAQG7svZgvbGbn0JhQ1AQ\/\/+4ygAA"}
00852{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":772489,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu0HBAAEAGrqsKCAAB0cXen7mKAbt7nBLGhGP8vVAYTE9m9wAAFgMBAQYQAAECAQBh6Iy9x2yr2m3xCdPZgNEdWjzbtsH2sPvYvNbtEMZmEUi3Vyw3BcED3uFDM2yCVMFHZc6N1UUEiCo9ZhNym\/qc8HGIV0wYsojyO62X3SvuITZcIJCPTGFtS+OURqXOoXomLux2q1+8brIHtkd2xeug0MRBTcwpvvKWy\/DTUhJQEnk2vcibEAvCyV7G\/ezNsHrddU0d\/TZOID\/yLw9ZRFpxDH7NweWg16f5lT7lvRKnmbeFiP0y0S85VqXzj5Nt6P2qIn+1cRcJlHovSBcrMHg2xbrkBddhfwcca8oJMbmRfXyiJNgU4LW9mTyL7XYEpFKfcR91vzNimh+l07SYSpVCFAMBAAEBFgMBADBcUhS76c+8eQPT3fB901S73VeGweczs1DsGD9TAdI0\/OBKBz8qREHhH3ROFJlUi8k="}
00411{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":772793,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbNAABAGrq\/Rxd6fCggAAQG7uYqEY\/y9e5wUDFAQ\/\/8pVwAA"}
05676{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":773132,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAbRAABAGlfNARHmZCggAAQG74S8Y3E7M5yOxdFAY\/\/+LZAAAFgMBDz4CAAAtAwFWGmYROltx5TnOap9UIE\/2w1MWBK1my7lSyNNjjVz6WgAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":347,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1444570636170,"flow_last_seen":1444570636773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00854{"flow_id":15,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":773401,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuNIxAAEAGUiUKCAABQERojK3MAbt5hva2hnkY7VAYUJjxsAAAFgMBAQYQAAECAQCZ6rrS4j7mksPkLANY2EpSpokmY5Lee+lBKCPpOZHfXp1fFLLNPE035x828S0y1EQDc8njA4rf5c3IoOBYAkW4m7x696LVX0ih7Y9CqgDL1B6yna5cRmn4YKD6c4mm38UvSifo5Tbq3QqtilkVc\/cK33qCDjCCDXA+yVGIexfPvbK4k53WTVK8dLRuY0CANraDoA3h61IpLC\/B\/jk\/Rtn1wmsqHWabMvWg5D8GlA+L\/Cu7bVhuv8KWI1WKDYR2icRl9PPlwJXiloUSEnsZFI8uNeVW9rTd0c4rLhiMlN8qWEup34ROCZLfJTafKUhn3VVU\/xejWCs4ig95w71MCUcLFAMBAAEBFgMBADBtORReP+0N+C\/5qD8bapB7MJQN7MZ8HQW6AXEUh6YL1FDSZove7qK9Vb4bbl+fd1M="}
00411{"flow_id":15,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":773617,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbVAABAGtkJARGiMCggAAQG7rcyGeRjteYb3\/FAQ\/\/88igAA"}
00855{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":773896,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu70dAAEAGjfoKCAABrfMETM36AbsKei3z9YXhkFAYZqi3+AAAFgMBAQYQAAECAQCKYf+wQGVh16cvfGjmi+GjYexIJm3TjXJPQzGPzrUE\/rqhEkIr7YcPINyJlXOCyVqjuVdxcCJ9NitnLXN0JUMUOPpX1k\/+dR5lsOpXrw+iQEqYfMCKPIl51Avar9s6c0b\/ccBZc3E4Xk4W0JBzPouJSIh+s9tpjD3dDUTtfiDyNHb6jRPnnf\/JiQzulWVG1ivFkeLZJoMEcg3Bz5YXkgCst4aBDx\/i+f5wtPnes2p1TvMaH\/2l8EMcbjUPWkrxFuQ5v1XnY4iyKRCXogYzxL6831ZTV5a223WqO1DNFgnRfcEIzkfayoqcHiojx\/Y2TXv22pPHpvT7t457TCsOF\/twFAMBAAEBFgMBADCi6GXiKEfVocs4Smlug8p+Nv1D6I8BZ0cMreVLJb83ihj9gmorDGb0EK3FcaLV+bg="}
@@ -255,11 +255,11 @@
02250{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":775737,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"pkt":"ABoRAAACABoRAAABCABFAAV4AbdAABAGsBtARGlhCggAAQG7yKr7mNWFBGcqu1AY\/\/8alwAAFgMBD14CAABNAwFWGmYSOq7AeK\/VHzv7nfWztvaQXy0YwTsZ5fll9syYzSDLAwedTzll\/9Nw9s31KtozYpSn8DlGZoSiw+AYRlhTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFOA=="}
00407{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":826252,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo6IRAAEAGnp0KCAABQERpYciqAbsEZyq7+5ja1VAQP8DsbwAA"}
05710{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":827404,"pkt_caplen":3993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3993,"pkt_l4_len":3959,"pkt":"ABoRAAACABoRAAABCABFAA+LAbhAABAGpgZARGliCggAAQG7kQkSUl7m7a2hWlAY\/\/9HlQAAFgMBD14CAABNAwFWGmYSAx+RVmmZg899fGqSm6Bka6ywB4RCQzstiNYepSBKYiYj9vBvO3nJiUtMhL1sij4kR4946TgIFLn6SVhTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGEunyuJ9wVNfPj9MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMDgwMDAwMDBaFw0yMTExMDcyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_tot_l4_data_len":4142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":355,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1444570636364,"flow_last_seen":1444570636827,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
05711{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":828477,"pkt_caplen":3993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3993,"pkt_l4_len":3959,"pkt":"ABoRAAACABoRAAABCABFAA+LAblAABAGpgBARGlnCggAAQG7oar5IuanBt0ZmVAY\/\/9Y1gAAFgMBD14CAABNAwFWGmYSnSyrvrtGFwtam\/nzusEr0jYvjfdu6uqr5P0OECCWvxpTLsqrLpjanZKIiqyuPBYNJWtzLd4kspwBSVhTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGEunyuJ9wVNfPj9MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMDgwMDAwMDBaFw0yMTExMDcyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_tot_l4_data_len":4142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":356,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":6,"flow_first_seen":1444570636387,"flow_last_seen":1444570636828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
03883{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":829761,"pkt_caplen":2633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2633,"pkt_l4_len":2599,"pkt":"ABoRAAACABoRAAABCABFAAo7AbpAABAGq1VARGlhCggAAQG7yKr7mNrVBGcqu1AY\/\/+jjwAAMIIEIKADAgECAhBRP7l0OHC3NEBBjTCTBpn\/MA0GCSqGSIb3DQEBCwUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTAeFw0xMzEwMzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEvMC0GA1UEAxMmU3ltYW50ZWMgQ2xhc3MgMyBTZWN1cmUgU2VydmVyIENBIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy2AXKHHQttRdWOcVKUgmW6EvYDPFon5pCKGLDpTBTflURglsDeg0v4XkEybSWdxmBAZRZ+bz3epkngi23g91aJ3+yA3qcUyXpSB9GT8idKfi+eVb29\/3ZOmjai0uCM0ESw8g8zNaWeoQhGiIEAycXixxoYZMPDlGAMx20tc7rftBirO6zewF072k168rVPanul5jKjapEDiWZShWWpM5tAlQfKmom4gY6Y0istEzRdZNQ\/xMv1trhxhj1n8klXfMAOt4mTbQpCc0PPSNvFkqBFvvygxDDuNbYVTI98b0PvYxSlUoWl3pSIWN1Lxb5xGa+9bUJ2P8nAM1EfG9LP7D3AgMBAAGjggFjMIIBXzASBgNVHRMBAf8ECDAGAQH\/AgEAMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9zMS5zeW1jYi5jb20vcGNhMy1nNS5jcmwwDgYDVR0PAQH\/BAQDAgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTBrBgNVHSAEZDBiMGAGCmCGSAGG+EUBBzYwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM0MB0GA1UdDgQWBBRfYM9hkFXfhEMUimAqsvV69EMY7zAfBgNVHSMEGDAWgBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQsFAAOCAQEAXpRWSd2OLWX1wTZRtgPj2p5zGfIfWatYfmwmBSz6gddcIxciLDeT94bsheawo\/0f4jKoRW\/h2fu5r9JwoDJCZb+E\/hYqjz\/Fptajk31D6XQhkTUo9GPpLu339Vx\/S5q1IOkKveBFEAwUlJpdpeNLkegkm0ZAZfQics2Z+IgR9fN\/5jOC5qjFfv7QCOIlWAhxaObNouYU3k5SJC395XkTU+deLy1NG21AFVIr94eJeBKBbtlNqi141MIsPQhfh5GeHw6w3jBSZIaJqp1mnA52DIDydNgq+Lg6ztfWDxG+a6sU9b1BoCJjifG6D28pY2YtP6yMcsX7x+TUD\/I7T4wpxwAE1DCCBNAwggQ5oAMCAQICECUM6OAwYS6fK4n3BU18+P0wDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEwODAwMDAwMFoXDTIxMTEwNzIzNTk1OVowgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO3Hy8PEUcuyvg\/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4\/4uVW3sbdLs\/6PfgdX7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvSj+hwUU3RiWl7x3D2s9wSdNt7XUtW05a\/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTdOrUZ\/wK69Dzu4IvrN4vs9Nes8vbwPa\/ddZEzGR0cQMt0JBkhk9kU\/qwqUseP1QRJ5I1jR4g8aYPL\/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+glFQIDAQABo4IBmzCCAZcwDwYDVR0TAQH\/BAUwAwEB\/zAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9wY2EzLmNybDAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFH\/TZafC3ey78DAJ80M5+gKvMzEzMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI\/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMD4GA1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUFAAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoIWbTsRTX3ilv\/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9\/w4AAAA="}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_tot_l4_data_len":4182,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":357,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":8,"flow_first_seen":1444570636359,"flow_last_seen":1444570636829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":500,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00851{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":830638,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuc+NAAEAGAcEKCAABQER5meEvAbvnI7F0GNxeD1AYTE9xBgAAFgMBAQYQAAECAQAEJ\/W6AMtMNXfn+z8cZ1EpSauHEvV67C4BIPYGlTr8kboXB9Oq3NXtbsq979Zt74ZTxyldimsSabvCofi01oHiQl5fNMdel1C7y+fi0Ru9KrE5KKP0VIggXSQaBHNsRwU2v6UOVt8Iztltdv0flcWC6UkhfdODoC+ZN\/7PU1vRo\/v1hllBNXjnBma7emhIIACqnC85yKNJ1wThEx64SKTaN23yVcYcgZz0j3zf1KlB9qw4xTefzdb25EOIh9Y0P41fH6BlEUyaMakCXN\/+eNlWfkNgKFeUQ47CAlSUTcLTInY1TaJWxvxGjbJuwCKt8un\/2irPicwzgLDFHuaSgS6TFAMBAAEBFgMBADCXURkOxCraVsD13drdn27VNH9KrjOT3DUDaII8EzfCpFKhxTweqwisHpGfWUrNgAg="}
00410{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":831131,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbtAABAGpS9ARHmZCggAAQG74S8Y3F4P5yOyulAQ\/\/\/4OQAA"}
00407{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":831481,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoY+RAAEAGIz0KCAABQERpYpEJAbvtraFaElJuSVAQTO8MzgAA"}
@@ -268,11 +268,11 @@
00850{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":839473,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu6IZAAEAGnVUKCAABQERpYciqAbsEZyq7+5jk6FAYUJjctgAAFgMBAQYQAAECAQBXELeE22orfRHyO7iYVT1m6q3lbIWCe39BzPhHISO8mVEhxzNXSnjyJqJ7t4xvw2RpyedoWUDRQV5M5duqi39l8huSgTr6HUqiPPLrK8H5+YBDkhleHW6xnrG35wBP2sHcBJvySQB0nX7o5+d7iLVUEjuceFEoGz9YiluMpe80JFKVXsu\/EsmYs4FJN0AxRBV4Rg+jzwr3ZRA\/Yf5JIXpge2rbhxPpXr3jpIJ9gQF\/9ttkamjTXFLyMyBlPJ93LtBm40CDLQUP2M5qOJ+2kCU3LGWbK1M9ZrZeaq2uuYufK9LH0wNKfvRQ4QngpGArVSc9BtMjm5o0S0uia8YXpvBVFAMBAAEBFgMBADDeYY6oRb1Sx58+OoYccdOlQcbidfJ+XvnG7OkDkiJ73s0dhqmoA0U2bunZHo5tGpQ="}
00410{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":842642,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAbxAABAGtWZARGlhCggAAQG7yKr7mOToBGcsAVAQ\/\/8g1wAA"}
05714{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":894711,"pkt_caplen":3993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3993,"pkt_l4_len":3959,"pkt":"ABoRAAACABoRAAABCABFAA+LAb1AABAGlf9ARHlkCggAAQG7y\/uPqobccFV5ZFAY\/\/+KJwAAFgMBD14CAABNAwFWGmYS\/Z\/DgIaC4F3A6vWFfTwKeM+7hxQ\/MLnp7eykmCC0VhtNO44CsjutlOFpXxkFi7ilYsk5xuyo2fo3aKYyQQA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGEunyuJ9wVNfPj9MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMDgwMDAwMDBaFw0yMTExMDcyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_tot_l4_data_len":4142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":365,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1444570636259,"flow_last_seen":1444570636894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00852{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":895983,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuY+VAAEAGIfYKCAABQERpYpEJAbvtraFaElJuSVAYTO\/8iQAAFgMBAQYQAAECAQBKz8VAcYGRCUxyTTm12E2YCFZWr3BjrWhipEpnrXhhxj1MIecbPmgYdshTAomuSJsV+ngNhOnDxwNUl4MphH25YnDW3y\/D5JB+VOryaIKA7PSsSYpU8swhaVzf8\/a3UBkaBacxyaeRKkQbcUWT+268fk63eT6XIEeps92NVGpTa+SuaZvp\/YJJEUPFU0rRb0XwIaVfwwuTg1neFIu1+4epaHSQzQW9eFzmJF3T4+uOLnIvqa\/4Ydz3W7NjcmJv62P1RhVxDAwWQoz5xUBA84Ac4nNtRUQ5ZhiziHLvZmOMgHtfleqw5zTqosgeTmmOakOR6s28Kd5RrKQxHeSTNBGAFAMBAAEBFgMBADDNdsftYPv47HQqVMtWpzE50vsZhtbBXRWYGCfc\/cKXEMfPEY1UJSjDUI+1BaVLkz8="}
00409{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":896552,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAb5AABAGtWNARGliCggAAQG7kQkSUm5J7a2ioFAQ\/\/9YdwAA"}
05712{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":897531,"pkt_caplen":3993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3993,"pkt_l4_len":3959,"pkt":"ABoRAAACABoRAAABCABFAA+LAb9AABAGlf5ARHljCggAAQG72qGkCFzmW\/ejWlAY\/\/\/iVAAAFgMBD14CAABNAwFWGmYSO4ujwppVKuHJGKzYGAeqsTGrkuWznfOYrvCxcCBgdTl8Q+EnZotV0xZg72NNDMfW235XcJYrwHbEaKYyQQA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGEunyuJ9wVNfPj9MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMDgwMDAwMDBaFw0yMTExMDcyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01110{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_tot_l4_data_len":4142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01121{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1444570636264,"flow_last_seen":1444570636897,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
03470{"flow_id":14,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":898687,"pkt_caplen":2309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2309,"pkt_l4_len":2275,"pkt":"ABoRAAACABoRAAABCABFAAj3AcBAABAGMMg+becDCggAAQG7svZgvbGbn0JhQ1AY\/\/\/KrwAAFwMBBWDde1FdWoJWDuJ36PlKWy8Z8EviG2jV4W+KGkEd6W\/guAjEifv9fBDCH9+v3GZ8sypODLmQzBSnbslrOpYCfWOH9IdRjgX25zNML\/jvNaV6OdNRv1+Pk8Aw1JRYGm35ODHu7UdMrb2ZpY0w67xXnTvc2rVZXlA7xJNc2BGRnkuZGuozOEJSQMhqTZPeyTvyb0wVuWxRopCC2hu5uvWjlvvxc4LO0P7n7+pIJ1Bf55yP9RSrrXwfAG52wDw7JiNs\/Q8UifKi8OByfAS1ae3q7\/ScOdQuC2y5rh2vpSFM\/oFXSRW4lavqwkbaA3HAMXJdsnYFkgNA6jIdzPiVTvXmsxlJA3QxQ0rZfzwoKLvApXdMw30R5YbK89GnZh9lnczyP4QWFKuffm\/vKqfIwWIERKiFRkT7VUB8inwWwdvLyy5pDpo8IxKgHskWtjuU0eKIR1WiQmLE3idaRqWZU8xosc7oeSaGpmfxGolkPTG7xWEit50mRz13TBREfI+Y0W7tLPMGJ1QHGVVerko+O3kgNwzGtoNqGH86YGf2gkGmNkXQINjPzxY1YzbUG0nD6lT8S4+oYDZsdyE91wNqw4ss\/8Z32Gk9a4GB26rNC2HWrv8mE0VW7V+OtSNsjejA5hIf52nQFtQxOFABVjdL2YFiP16hrGKsCEVecpGrE4FapisFrMpJd8wSIP8Z2G+QVjuiFA63gzng398lzTOhOtyk9DuQqBuVCQDnGIXM1S+Uajq1uAlZmECvSIcyuYGTu5cZNhlJCI0gJgR854Pc8SNgtbhajOCvVLGsqmJ1Z8arwqbOT72dGX1mtm2\/jWG0IRka4OpOoI2USFVDdXOJnksmG93cQaJ60GvIzx56evOOkeEG6UYfA2uhryk\/FiyLXOeI6jtNKJJU5YzG+Q7Ly0PrTWsj6FQfmmsXZLpHBrat9V2zNnGSURdG1P73eUCwqb13yFYpSQWp5WEgm7rbo9G5zo2Y4542IFd8FeoHr0FKZON79unA7kvP2v1PbWH2VqNdpTmvgZ7JqO9KfXpJh8+RpKnwvY5P+2K2f65Ixx\/AsN9FnJZk1lhWkmkR4yW6MkNYY4uTmUYwGIa4dn+jHWjGNC9mpI5JvwfwRkoBA\/h2RZGXDGqWyb6T7AXiZajnRE2MttwnMTeYX32ri6s\/9x6mRUaUF1iCowSU+4uqEhXR4OvG2kcwQWw9q9hWrObEr3YESOtHlKTxaZoVyWMrXHSi77pM99QlwpcHrdFNTi\/i\/Sv2yrJNSDiWxZROaF1sHa4vt1+6kxEwT\/Uhf1FgOdagMtCzShZY1xQX5F8YOXsAHKOYg8ctiZsvrey+WhmaiVA70VSNhYFdyzSWpVE8CiV4TQZlWKoeTTtlnIyiHRyyoISoOKOHpcYMDcP\/Vps8f\/WiPxLziihOtDuw5RCzQraGTJMW08io5pS3KcGhWjyeRjF9AZfEdO09QEsoogtYrKB+8Q1rQZgL9\/hkr3AoqDmXSVNf8kNR8lNat3LE1OGJg3oNxNejSCWlareae7fD69\/HVxNyk1dqq6JmYWdP8QnsLgPwckcy0K87DYw4qlNoGciIsb+ExmSAS0HLNJC6ffrLH+LgiHUUHzzZxhWlSmCioPLNLxh5\/agSF5C5Oeb+iXn\/YNdKMMr3y4hzZAFbtwxiqvzATIUsQrn2mVpBIu0eYPvwaCEblmJroRyO5BxhUkPVxTCrpBExMm4ENkm1RjDYU8Qu4eX4XDau3XynJ19km42r1mMdaZJrg+n5UtDENLfdd3sxt0JnwdU8ECQ2oBhP1Qe36+aBU\/ZPbxGLAXojhvzX1u7dvwOeYPJgl7dAf3nxZhcDAQNAnds9\/tJb406vCBadsl8Ux8fxf\/TxUtBTMoFLoyxTR4cXj\/u1KeLAxhj\/ExaRt88vE30Wxc2hPMzZV8qRRyMaYxVvWX3bmrGykcHYwf2m4iv7z7BSEfjxlW40G8adMtWyK5p4pdb81lxtB\/hdT2u+ed7TFmJH05UaTxZ1xOMeAF04bB4UiIPM7tLrtwC7yawFCSa19669UvJFcsckaQpSO7yugEgKKJWdomCzA+M7Qg0UYQKLft0gAhc0dEsB2hA9kpjtHAyFyzhhOg02sOnj3aFnsWAvLPwEh4a19gAVFZ+aXpsSWl24QLXviRJ\/HiY5kFTggCyOwpuflU5dhJLwPNTcB7MUQoi0r9tU+jwyBM1FwPa2vsP9rN3ODTiH28eNfrHTGWj2hDjqqGWybDqJ6NcXTnrLX7hqJ52YZanAqelXOoXDCBxVDV+C83K\/lRsReFbaydVmIGfAt1wjs8dKuUnnR8RJluX7X\/mgeerWhF\/ggIEnc66WGT6DLCIywvCVDg0+Lc0Iw6lhprxYYtwzQSK0dCsqiL5AduwK5WIOyFxNNUHkC0T9B8ei\/cxrKXTn2SGI+f2VnUfgdjUqI4\/Tfr86cuGgBEaR9EGprwn9bdJb1Xp5KlRUVSS0HAqF4RxqrjiuKZlPuTFjRRQ+Meg7MByIgLHbHMmQ1tvCKyMZnnJ0dLEtzrsMsCBJHLrshcuDS5vDklYn1jiPhLc5f0uOlPeFKQOOoU7NMAss1p1w9EudT+TwqbmyK+JNatJkjdhkwgXc31cIgTFiL6\/TWvG+4xrJNszOZz26CnAuAEdL2ulIi3JjTUE9ZFnx\/tL27DxCO4SS\/NLyK8Gufckh\/DJ8prQe1czlZ\/2cK3UwIOtTGYUPcLhb65Gxu49J2Hu2ZSXS9jCKE4kZOwrV3RUj9CYUT4ux7LSEYbb2Gx7\/jWO4nHrUOoms+5UidpIYakVr+C4p9oVn7mRrqUKWMQ3Kpm8tma7ZFyB\/wLDFxrwZUzb+MZGM8oAObbNJdpMap9ZASyRe1JkAo\/LOGOoLl8X9c8rv9amSUnj5S23SEyY8i7TbR0\/zfq4X6\/yv\/b1ZKxkH7AwraD618y0EuJGU4Ufsg57MdRUDAQAgpL2NNQm25P39Nva6IyGHkTSOVEKrtfAgvLc0DNz\/PtA="}
00849{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":899301,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu2lxAAEAGq3kKCAABQERpZ6GqAbsG3RmZ+SL2ClAYTO9tJwAAFgMBAQYQAAECAQBR11gDSI0mnDZ9mJO34BHZiGaXufHHx8CsR6Be+Te0OnR0gJ8RTMaIk1DH6ST47bCFvccOK1TKqbr6cuX9mu3AvrPFbANOKjQYWyGWclpxBJU00HSDgsf3tXUWPPUPdwzoZAWMAgVKQhzd1kznVZ5pGAcQN5CozP9bk0XrveDz80w\/tPuj098aBdk1xWRR9mic6f2p9E3J1dQkurPaIajvAg4DevM5kskfb4XhbePaEh7QDMdJbuTHnpLwUx408R5gkHli60UUruksvNppZ3N4l7B5ekI71HCckqTO5KlnCFg3jEPINupUtidLfQnFz373Dc+yNb5dYdOLFR7fqOGiFAMBAAEBFgMBADCKJ\/AKrAveqKpjl+DyUCSNgWnnugZuPfFZ+Yan7R3r8U\/I+qwhH27GTa3bIr23wkA="}
00409{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":899792,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAcFAABAGtVtARGlnCggAAQG7oar5IvYKBt0a31AQ\/\/9H0QAA"}
@@ -285,7 +285,7 @@
00411{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":962816,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAcRAABAGpVxARHljCggAAQG72qGkCGxJW\/ekoFAQ\/\/\/+3QAA"}
00407{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":963026,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNxxAAEAGu1wKCAABch3MMcm+AbvkVPYwG6sPdFAQQLBVrgAA"}
03814{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":963296,"pkt_caplen":2581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2581,"pkt_l4_len":2547,"pkt":"ABoRAAACABoRAAABCABFAAoHAcVAABAGFtVyHcwxCggAAQG7yb4bqw905FT2MFAY\/\/8QegAABAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_tot_l4_data_len":4150,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":381,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":8,"flow_first_seen":1444570636155,"flow_last_seen":1444570636963,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":963553,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNx1AAEAGu1sKCAABch3MMcm+AbvkVPYwG6sZU1AQTvg9hwAA"}
00854{"flow_id":11,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":973588,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuNx5AAEAGuhQKCAABch3MMcm+AbvkVPYwG6sZU1AYTvj6ZAAAFgMBAQYQAAECAQCAe\/mp5u2\/6229QI24iKcByMNry7UNBZfsXakGUQT8wFWc4pDl+1RCfxyQOgnwxykqX9gP2Dq\/DHVfpBd5xWi8IwL5SRWbK1nUCmyi2wHJTm3svxRNqYkq1J5+gFzTflfDMnMHwFrLSrNICds\/UF+g32M9S9LiT99JvXj\/NLtmyyHZcLbapqb0TO\/jgg0je9l2yNo1Y45fVAFKsoVeIpYFI35++TY5832x1BWGgqvJ0UhHZkO38wh6dZFCw1Ei0Zz3myvGEQjMcMc3YwEG2PrXTpoxKFjkjcanY6aazaT3NRQiCgU4OuWkFkcMODlWNsusZQ+rcxALJm0l6DWF66sBFAMBAAEBFgMBADAYwKGBhq5NY6YAhyZgirCQhkrB\/4exqoUrr4zHmiAHgMalmSruBKlic2lOJkHB9KY="}
00410{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570636,"pkt_ts_usec":973786,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAcZAABAGILNyHcwxCggAAQG7yb4bqxlT5FT3dlAQ\/\/+LOQAA"}
@@ -313,14 +313,14 @@
00410{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570637,"pkt_ts_usec":191363,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAdRAABAGtUhARGlnCggAAQG7oar5IvZFBt0c6VAQ\/\/9FjAAA"}
01056{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570637,"pkt_ts_usec":191588,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"pkt":"ABoRAAACABoRAAABCABFAAICY+ZAAEAGIWEKCAABQERpYpEJAbvtraKgElJuhFAYTO9hMgAAFwMBACD22CDOs8BfPgmxeWsfNUhHUZqu\/f1zvWDBKCbiFwJ1ORcDAQGwZON2fqrVig0UeSVfKSUtB054WY1\/ZJhZaEmhVp9yAP6rHKkkGmfVfKAcSImwt548wRKQlD9usyJ+B1uFD\/PSYmEj6BKXx13DuCAgPBCmw9fhkKC\/NA8Eb+9lMpX1B0wqLyLIamLEAR0hGrq+QOAFXXQbOHRw5AlprpyYnPmEfDMeGq1nJRCrlLfxILJ9rKHp3qjrzY2RvX2isXsu6nPapV\/qe4PAf\/3mOdQTTpuVrCzmucUv2SEiHiw396jr2Wfs1HtO\/93Av6iG5+MA8utP5KFzxhb7B4r8l5pfnt3a8CvaKeAwCP8bNnMI31DAZdYyhr4OMyWUpu+0RQEbffygIB5fn2vBympfI61\/KnvaFj+fU8Pj9GhPkG+DRXTdIjtYMTd\/uLFBD\/VwARbhfio3+a5lwmdUskpYPzmrIEJWxVXXJQWVQeJA\/J9slMgGa9qLAYwFceEVA4W4zoYjemZYUochTqIRQlGhJ2rxWsAwhF\/lzGojaxeZLazrj5YQePw6+CzAoSanCNWMRkd0HTkVSYxRIkpgCClJ+QGZ9tOPzAIzb3iIMgxcUYfBJAyn5L\/t"}
00410{"flow_id":22,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570637,"pkt_ts_usec":191762,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAdVAABAGtUxARGliCggAAQG7kQkSUm6E7a2kelAQ\/\/9WYgAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1444570637191,"flow_last_seen":0,"flow_tot_l4_data_len":664,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1444570637191,"flow_last_seen":0,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01271{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570637,"pkt_ts_usec":191973,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
-00500{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1444570637191,"flow_last_seen":0,"flow_tot_l4_data_len":664,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
+00512{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1444570637191,"flow_last_seen":0,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","ndpi": {"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00407{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":197194,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0S9AAEAGIu8KCAABch3Ki7gMAbtSShQdrbX3PVAQTbZWSgAA"}
01847{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":198277,"pkt_caplen":1119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1119,"pkt_l4_len":1085,"pkt":"ABoRAAACABoRAAABCABFAARRAdZAABAGHiByHcqLCggAAQG7uAyttfc9UkoUHVAY\/\/\/a\/wAAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01112{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_tot_l4_data_len":4150,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2862,"flow_avg_l4_data_len":518,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01123{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":411,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1444570636252,"flow_last_seen":1444570638198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":496,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
05675{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":199485,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAddAABAGFYVyHcgLCggAAQG7uuGRntLdbmEtY1AY\/\/+AEAAAFgMBDz4CAAAtAwFWGmYSW0EiuvKB8G4duX+mVQdIp5xJ8dkxayHOG+eykgAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":412,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":6,"flow_first_seen":1444570636270,"flow_last_seen":1444570638199,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00496{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":200377,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ABoRAAACABoRAAABCABFAABjAdhAABAGpQxARHlkCggAAQG7y\/uPqpY\/cFV6qlAY\/\/9k7wAAFAMBAAEBFgMBADC+wNoJ2WMs\/kaYz+tTyOltIAk5CPeovLxPrlbRQogHN3MeURFd+ERbTcs80zOPM\/0="}
00494{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":201355,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"ABoRAAACABoRAAABCABFAABjAdlAABAGpQxARHljCggAAQG72qGkCGxJW\/ekoFAY\/\/8w5QAAFAMBAAEBFgMBADCClCt8nCyG8uA3DQ\/JHlSa+N9aejykoxJQAMeJ2cM3K1MpJK4JimEThmjEiLBqmOU="}
02251{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":203525,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"pkt":"ABoRAAACABoRAAABCABFAAVyAdxAABAGr\/xARGlhCggAAQG7yKr7mOUjBGct21AY\/\/+CIwAAFwMBBSAY+YDQBCZItaZYaxWGIUxU+pqzqQ1ndJ\/\/iJygcdZYFVRuLbm3W6+z7NmtECu4DNCVX3+94D4zU64u9KtpKvaSl0gdpa85Io+OH93MqLa2zYvwufyZMp4ZAKqvEFOONvxUvJ6Rf2\/hH9FDvu13VVhRm0fNBWPq8GQ0HoUb3JK2OYHFU9WVEiPl\/2tOhRvGR3SlCDLSN\/daritZkbGZIT3sl\/zwx5b4He1UhIO2Z99Ut\/uswhzPkS+V8RDG7vpOHmoVQRP8c6HLF0gj2rhuPXrGGUus9rTIJHklDGFyo6RuVkph9haSAXZeJxiuUfUUiDlUEkBJ2iACbcSjPpJi2\/qQNsA1aIy2xCNUPKH36DehBtKYuusFoliAIakNaIqnqM8xUAMzCjnNH+fQJT22s5IsN4swGJeoIIWq00qQxPfAQkJugdHgDhMpq9sJyMgMWAhG4lbSew5eb\/RFFsAlXZhzWcL+HDMCRFVCIucYsFkgslcnigqo9pKPoE+VCPV9X9lbBKcfZFNf8Us1vYsTyZXukNpOwW5e4G0crgDXHy4Em1fergSxApwwaUJNS8llaoIbvEe9rKELwWsMGfqKXCkXyD7kIBcUpHw6ZeYs8KE8RK61uqtaPv8JjwN4YwCR38kxo8xIDYGwNfAAkUua6nun0oUBqjdbgPijp37cUaJmyAUYcG3AZaF9oJtY9MI8O5tn5Jqjw2sE84foDGhHKrIB8r5VEzC6GSVlhq6X4eDyILulDEFD46vDqLVL2\/4Tr3qRtYXZnEnd0VWsKK4IVCC3PKG62yAkj+JnKPKRbmthZDCpK8gy\/7GKgbjCWI1AYya1qAZ\/IG+XjyulObOLtyqiRDAfXB2iVSfN3JAmezIbab4Pf1qFscRTJ48rMG9gJOTPffM19HeO9a\/tD\/QLto2HGQF7a56KvrbgcIcWtUD3Cv\/9PvdDgNWylvGDpWXw2rR9vfU+N2Dl1Ecen17SuE05+ujwu7t2jiIcmMFwH5q8qIEccpc8gtwkDLT4TeKwliXx7KVmlDsif6VAr5mwYauOCTmAfXz3Wr0xrJFQI6FeGFqTrR0H00Odj5F\/qcHk5JxgSMraIdnKVRiiQQsxLFoc2Kw6wIwDPvxbz93UxrZQaLMKu5o8KjU2bncXKo99VzfFk0nFaC26+\/7+H7x2XD3PGyYtVsItxRRuuvCbGkeuknwDeliAh6O0hM9qhVtIET5whZlb2PPvbUh9BCFW19il0VaScY1lw69WS\/XkL5\/9+1bkNuTjEAXXMGf5XRXk4wFuqlV4sBk65++IfaybgGO\/FPQHzcrV001Zy\/RwwHm\/qQV2qeNR\/mSnIFLuz1mbdLc0lp\/RrnBJFXdTs6+a46ktZyJ99DaeF715TYQ0mNmbksl2gX4GhUOA7d+h7PWD0tOdpXGpEf+INYJtg4BJ9meGHTjMGjZs30LtEBO1DUf19oS8pIljghRcg6h2R3CB3emU+oWse81mypFhzKf+S6UdVAX1\/398beeL3JqOjH0Dszm5ttSXHcGf33c3nsWjmm46g6Jnf5So6OCgTbCPRmhgaLaa40OjYnIp3g9\/JhRn6xLYtp+Ud5ZS1P7T1LKP2i9l1RLdP49imtCA0QlpitAIqOryU16iMmLIKNzQIzibqbciIe3zK16uWFigqS0fNlQKcGD0cx4vldfmuL51jQE9rH5vjgGgvfajqdhiygny49i7ZGxzWK72uvo109E79EzsPfLxcE9oMjD3XsRvTf5HFQMBACBwpCiWSOZI3NIV2SER6CDEMofuNUDvBcJ0bovrQ+QYzA=="}
@@ -328,7 +328,7 @@
03390{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":211110,"pkt_caplen":2245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2245,"pkt_l4_len":2211,"pkt":"ABoRAAACABoRAAABCABFAAi3Ad5AABAGpfXRxd6fCggAAQG7uYqEY\/z4e5wV5lAY\/\/+KCQAAFwMBBWBIqRCnjYw8AfOCURpJNQkDYpxFSqEWp9kGgM6+ZYVEbRytMlDHxnWfc8XZN0\/Jx7gF6TEHjiFhieHTDTuzl20HC5RG2oksahpab2gea21+eA1clGlLDvJNsylN8CXpCCMwwprtbgW1\/rIaDuT0+vCA3CBDI3e43enZ2EwtySD5WREZQAkB72UnhKctapztUkRwKQ2bJ43R12kihf+6z0YPr4q3WVPdfb3xCscmWD18tPnrOPmJrswfsHxOZpcc+RthLw5c7GmSU5xY8Yf2vN19SF43r0pye6in2J41Z2gaNvaxMpSrFZJNL\/5vm76QKvswMO\/z74tEJzSVPKnytSud9RC7wn3pzzVt9JVLF5dJoXUzNj59FuUDW5G\/tFH4tp9tQRBv4JD\/wjgi0YIxsJMnMJzFwTUrc8La9f8cBd0bVi\/sAtX2XfNp0zcaSUQtwD6mcSr4PkefKYzvskeHxFboGOlGiK32+wpwLwQQ0\/mseViunDbX7mwX1WMKgqMCgqXFO8Tr7906FOzo0py\/b\/xSsoj+IkFrOfDA1kpJJgryct26OBaleVQZN\/Y65WbI15Wt3eqdtx0pp2Rd0j6StI\/Q+\/Vu6McmpD5gO2pY8d5buH2TgUup\/jmD1ckiu2q7gGyBftClq4fwH7ZuEuauJn\/jby1BZwayn0+\/m2Jy1yBnsLiZ+5xlUsXalwMx3oGSWFxq+fdhU18NJO6CAKEafqdPbeJxL0qlMMeBWD4KCn0lPEyL0\/B7gG+GhSyLCSpxBNdZqJVpp4b5ehZgZCjRc9nDxzv0w3gGjDmNa2Aa8QKLewl9vaaFedxmbF9ESp9wdavX9sfzsRsNJVQTMLhDL6GTf5CnVmUo16Mq\/8bX8\/xGYqX86p60mSVxkgVjBhMiFNaODFwwUSWHuA7z23dEJflVFaV69cVoAuJJXK62xCxl7MRIzqwwz3kSWhRc+GhI+q7dLO4qSORsgbML4dEbVTNliss\/aH0aRdch8qZcTvWikQECyuh40wBuYkN3iQXI7xTKTsXHTU2qExx2UOIkGZDeRd53O\/W3+XlhiJ2ZPUhJ7sTXR176q5kj+rcdGgEshWWKpg55m8DNM5L\/fDWBTlE+2o2Mkq0H4DeMVHgzHCo0Ms8UD6F8FnjchVBfmHmFPxgoX+R\/PRv\/\/WQe+b7Kv0yL4VBi21cWYRau2NRC8zYoPQeEd563VJI+xljYAa15PdGXP7CFHMPN0gSQ+JqStWMZaOf4TRz9noSM7UtVQBAzngtvpuGMV6l+kvGrSQ0oasGJPmuROFlVsYZ\/CZgumw9vUO0XCH9\/v7JUyGEeIUZGBUT69ddZDk1QW\/WLKySV\/EubY2L9voSh+NFlmE6mi2hfn53mJaoyMfjY7lD4hzEgPtwwCQm0CSL\/Xy2WgRHGsHuNjw\/DxF67k5R7Kib3omVifzmQ3h+4zu5w01JhNagkG42xiEGjaNeOrBNpgu\/eyg0RZFDNaSIfe6O+pQAVGlg78dsHgNlQzhWl80jnNBKiKB4YxhXqK1BddjVMXrJUbFRfRZoyXX+GFMGymnQabyjEmYSMEju8C6VgiM96XB9w0acHReqz51t6+PObTup4iE51KXW7BQJCtGWHY230GR8ZA6otFcHTCR3A0I6LSvHs6Tg7wsTQMEdo+0I9QJfK8gwuYFV8AcB8DXpLAUOcMVDhQ7roZVrHP3dcAgiOAmOAErr4vjrwTr8KMZ4O\/z0emWAxmLSW3zqUzB9g+3RoWqx2NavuU5gtmc0766kh2bm6VDt7AK45IcabzPKwwdpsHgfWJb8E\/fG1pF+Z1mJyxyz4uP+TJhB+7FFUwYQzwWGgbRcDAQMAe+ZhlsRtShTkg2fyevfKzdzv+GBE1hQQtOhsn3QgyFEBLjPVI8L5PlpSSEq4VM7bJLFmEXM78FpxLY0XabtQRgUsd669ge2ZN2e+T5DjcJPhk0UGy\/7MyAi2xpy9TqsmrXspvvhlECVbfAyegLlrBt+0lYXdP14hvwjSRu8JJXg2vqB8kQmumF6fcnSV60Qe2jVahhghcNMpX0N\/qjO5Ovxs922FmuGmx28RmfVnwhbZMWLS1YFVcOLqiOt\/6yTpLv63MAedZaCcKtkAcMe0G6REe4sldgkurKzkBAOb7WzYhMGog5NTkJX2kJT7tv9y07GZo0nuCQlTM3ZsboApMZP+7cJqXuD\/BwIuw2wEBAT1Wae07bUJOuS5k5k6fYAaXiSUyHJgQg+VTMUbIcVSybfLEetZIGPkz9nw6maaY\/sNPbGu6yvEL50s7Z+3BlZ2A8exqziAHLi3V1hp5nXLcKVClFv7fnkYuikhLVgN23\/mJRITPSgOVB4zbN\/UtCN+Zyaos6KX23xiqOFLfdJldq82L5dt+P2\/xZ5ZDvv\/FnCNVo5LoyVEAeya9mIk3afznCnNuhb5a\/2enaU8gYvJz\/eqHHu+ZtY27iYzTaxqrl2ndFC7kTyeLUb1ZYRbjwbRb8JrZjmZWIdcCRAWS4PyqKtzl5cQqqq7BKHvqlWayoSgoXG1YUyM6ecUEjLP0IjHORAlPfuonr+WCdIgJNb6Lik9TMnkmtoTO8W8w55FBc2cgrp6YsbhW64d5LgxE440r+1GSqpMQuuZ09mDfKC1V3kPVfzOoGv0qOKIOI0LCAvMrKldxU0\/371NprLzkn+MzYc+6tnaaTa+d4dnCOxa+dsBNE4M7CQpwiOIfiZQXBLHs+BKAsQOI9SN+bFxGd54ByEGe6rquTSNA0HP2I6cpKOMrdV9288rhbIO6Uf2hkJCsbc\/emCCd4cg7WwBwprwtd4kmg1E99CFqRvUrOkgG4ASgNdBjV0500oGGZOfGvBlULWxfRJ\/TvkgB0\/UsZk9FQMBACBIp8wb88lQWNdzs2Pb2nZJRWd7eiMKNXHcuIJts1BROg=="}
03392{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":211737,"pkt_caplen":2245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2245,"pkt_l4_len":2211,"pkt":"ABoRAAACABoRAAABCABFAAi3Ad9AABAGnHxARHmZCggAAQG74S8Y3F5K5yO0lFAY\/\/\/VXgAAFwMBBWAwLX8ZpC+NjLNrThU\/Qiu7MZG0sO8PFM2Y8cX67I+4GS4myH53ZMqEe8nFxFhsL89AjQ4jVY\/oTPkHSVrq6JwXoUPXAd60UI1\/CcpPBlj\/ksEAtFL1gPkgGAnKl6RcFXh06W3R+bNqbwxP4LbNOQQY27QRro1L1s3NcPfx3LDThjwf608Rog2U\/Hxaw2+DS\/DmTrHJL6rclrmHDhaTsOXzEZm2FUr31NKhu2WCPAa\/\/mjbu8Ur86JPEDdmYiD6zJ+2fzqqzTQ9Gs0QLDIoyCETJ9K2yJ6mHDhEDorBwxIv\/WMGQ838uIAw+2Yf6GZOFEDwgvUXt8B7E9BRq9Eu1TfhVcoNIZJFIAoiKID1teFchbo1Hyn4U1OVk2faVixZbhEHhqT8HQyvSjgdOkOt3nvSKy5rzbRL+uttdTV3BCbbXfCRt4uUI6qMTFBjp2UsrvVxu4qSj4TzMym5YyhOlldW8EbAeBaGWoi1W842kR\/DFhsFGxRkLpEAQGXUuxB35ssimoJjYPCsCr3WF0gk8cC5iY8W6WshhREPJYgJIQJ\/moz+DJBZTyEcRfpcmjATwxO8rnCQxHEIjXGz2KjdmOG2vSkJOVEqr422zYuhJz38igYVpTNHkVxHt\/bVIBz\/5oczZwrSH40g0fjlidkLHQS5a\/Z9I3cj3GRbUDDnTMl8EvOf\/L+QTeOF\/3xf2NIcDhtCwQcDnO0D1JowYRbx9klMDwzzwSJK7um3RiDzrqHJWKAemZO+XaAzs6mG3TA\/1JrsFH7FL2CONlfyJHx1jvc2gQ33j9\/3lEy2\/+ButxDDU9awHYovEUcSMP\/qjJgPNjRLnzlkqlETK1so\/Odxmot6NGMv3TFWnahFcdbkBp+HTGXaP4NTS\/Flb4m5ykhnnEyXVjPRVEiWUL95\/H8s0GFx53XN\/9TdvYwzi4wClz61AWfbHZCihcmoSRgSWmOBElVA1h1csdciy6US75mMvpdUsP\/uCi5Zm5eLQz6OVGTkE\/OZB+ZJD\/TMXT5THU4hwDQMn7K5cezP98Ln\/e1+OIGEwkSzsWXfvh\/5gmjleCiRHsvxGVqKKxEvwiShn6UXjVYil93vyUGD7kU9Lbpyn+elmI1kCCl0tuuXFBzDSSAXiDHSlyVqD7fVFcgbUsYMBmn9JWnq\/tfHjbOxJwF\/N7bjn8vbxLjehD84NIYLGOn1bAI0OeIuuP2v1\/htfdzui1fcigF8hmSYomcOyCVeq5nT8bAIozkFv6aNzU+fJqgydQlnpoqE6eZcvkRsG96LeJiIs669DTNLgP71ZWdkMaeur6KelTJoUZ9RimFoTAJxak6CShYXWCZAQ0cq\/IAwuzS9LWRfSZy4rtPxyYe44uH6BPay2oW+91ZFStjES+\/dOJ8jNVTSPa0+Cr8jIspeXXbWyqrpM\/HK6xM1OXl7QyTKVgWWq3dkOwIb+3WjxHB8EtJPMV7LlVggKZk\/dxNBaN0PEvOAnLioQpsR3l24kZnJr3KylVsFsQVG\/xFfX8PWoVutljM9MLvnjOYC2dd8TZEbpf6o9jvJHBATbBKIQw\/eXMQitoNMISXU6UUcWQLjYglmThUkEU6F27pAvmlmKa4SjWIkMTr2eA5u5VZsSzscvP8QibmEKpg8AEE6KiQI9SNNFcCoFHCtMkWaeaqRUkpAT7RNQ3o70jyZLIdWQBMKhcPE4yrrQtCpdBkmf\/RlHMobSakmS9u+LZwjEZrcCofeHgDzENuSM7xEPIJ+GrC3cdX8Up3e6s35vXcsywe1AZEUukKAjGbcFW9P6PksoMQudKZQgrY2NA+yepkIG3rg0eQ+CCEKB\/Xas1RtvN8QWBcDAQMAOc27yvY7FIJcRuB+j6sqt+3JjDpMvi3BKr5GfGDFKnOeYy4i7qdxOPRjXbRLuhZpEiZbu6fAyX0xrWV8cK7ZucQsmE\/kdwuToIg2PbUfZKR3RlXKuRgUhgAilWCbs0JAYM7I6SGb81A9jKGTZUJKK1zMhXj0IuIiEkuHmvLGuC+nnZWgfZCBNYc38UF2f9DsVNAfnS09bO9HEDCMleKUCpQ0LEM7oteYhZETtZb9Y+xemK+TPWGOT+TlZvlEEE3FKRjDdLxelebkCzwgHxgGBatYmvE2mb8pd30dYeSEYf3XQdauToAZpU2dpqIYKG1OuYgj\/XxMz1qsHobHQULq494dfD+8ql9hivT1yV0tc2PCavYedg5YOV1RYid+b5Ik4DzT3QshRJXrwgr6ZM8VqgIpIBtluEP0Kt\/S2PZrmChVtafPqgV7pnS5VdWgy1Me9MKlvmkjLO9MmmTZR6EMhd1FBWVZWV\/+wvPEpepamB69SWyLTQ16AqTMt0mJq8RhjrWcafqIRzb7bn2XpWqZwn0wYkv7L27\/ORlZXXpqsUND4VLQIaC092AiCKT2zidGwyFInBaeBKTio0BetL3qP7ZyB8QCl3DYDn41Cdx76zCnL+A1ausO1PBR7I+Sl85bn5X3tH6QhtLgorunc0iQkr0WOQPB0WIKUI4cDj0wfjoRLUDJ3wTMHiH6QCawDkIPaWLvFxfXZWCp63KX2Uti5JGhhuSLa2Ac9N6RcIGzskPl68UlZAR+0gmGEHYVa22tUCSZ2d36spGZMn3K4s3scj\/Na6KLvsI4GV1TXvL7oNvbMLdeUfX\/2gFYjHN+2jGrFtWmvbHajuC3\/fTFgWsedk2+cnM23ZQEHJNpaAydnWsDvp1CjNLPzqXxmGWBM6eoNmVAkNDd3glxS2fDd+ScafZM1QCBw\/WO+SvRXrWKcZ7K8VAtFAe9Pb0Rfjr+XRAf9pGjrykMP\/KYHsZXsRRE5vXE\/1dvCTNVi1ISVXagvJtihI0rq7CyBrRVm9HMkqfzFQMBACB4uyAggbr8leqvh4SMZbnXe3zvVEUIp3e2CJOZK3lXhg=="}
03866{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":212212,"pkt_caplen":2608,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2608,"pkt_l4_len":2574,"pkt":"ABoRAAACABoRAAABCABFAAoiAeBAABAGq0JARGlnCggAAQG7oar5IvZFBt0c6VAY\/\/9g+wAAFwMBCdCK5dEYCE9oHkE3SpubThJUXHGcidWdcxDMgTa12LtrUw8bMQZCwdunM8HzMEz2zgyp5AvwwEuRQ0x+Fl3+\/AqPwG0s5WMib3\/d6T+l+iiahv346Rf9OTEr0ILMEJkx9frczSG9KytDHXomCsNwVbxwrqWB5ATREJ1nAQ9E+LzVpP\/U+uMEO0G5j1MMku2xOTETmqZ5aKQmFG7USDFkRc3Roj82iIzSZKyCTHGES60pTDDd6m6i5UimAPWpS06e5LgtwHKgqB3Pl4UE7UEkifQ2x25d5y16grqaFUwLyEsoRvYSUTGOE3i6D9ivBoPePih2fooAVPAc3Fl4KYBbEhJb2yupgYoVWqMYMr3Z2v9eOC8t9tl\/VdulNM1pbdZ\/jWn1UXzjnwuZjqDZ1rKEo042qrE3H\/TA78FScV21e8lPcS+jaxgm1DQ8lRbu\/XQE1qTsgQypn381Q7oug1ZgEpy0dVt7eVI1xiDAdOFmRy3D1xBRz0T2rcFTG01GBw17Dv0UuI+zNjo\/4PawXO8lrpfG2412ABWrfn8UEByN3I8Zj+wsBDDhRx8nVJmx\/STQHEIAWD7qvtEQffwdg1FsqtP6n3lu1smBumVNRLiz01whCzi1nj6ARxgXNkjc6y+vRC8sgxdmMlOqvgGx4YXKiXl8e8FuMTN6yjf44o85ZlaVt56hIkK\/kN7rMfz0ZGXOEl3rczDkaGgzZZZqiNOsHECPOYlJczABbsqx\/kjo4gZNImKtqhCSLSG2iDEtbYFYkxMCmPkQ7BKn6WjxndfsdbWOn89JHSHwX6ycxoFUIQNYEGG7r97JSH9brW8FDRUmKmoQjJILO6Rl1L3AhrdhnmGiDvj+GMwZCmFQDU1cYH2PViJu+MycMRl5UTiKnyOMeEqTzq1+iUmOHHYWvVsC0V6wKkOYQqBmZigC1GESOHd4qezBl8LqxeTLpO9LY9\/Ygw+ofYIKrY8rkn4FN9L4gK4e9YNxqdzcw5iLxS9+dQKynbIgwQAeq80NjGPqliC7hPhnauZpyYUxAdT3H\/wjXxYmYAaQKLkOaW0SknLbVO3M0voO5ngCPOvRZsxog90A9isviQ5ZiafJVT6Us4TDvb6YhD85MIW4tJUrfYxQV3Ro6Y3JguaaKkfpHRxAhWjtXC1AK3sVdsChFCxVXzZ+P35Oyu\/nALPWCfqvgFBBQaYcxyaSk9R6qXOV8OC3GpacYLvYmhBiT+sma4\/iyfuY3rmGL7oSAtLoynpWooJL5lcLxTk4teSYhgE4\/OFv0IhYy33fa2DRDoPqxbWQeUo4EswfdMW1NeqRIyCpcJNu+rO5ex9Q\/ecqlurBUOLi01sc5rjoYhegURRPTGTqoBlLv4KMskPUkwqfUqHbYvwQRprqTRdXhmx26sxN2CI\/QN5EDt0WvmYQfuXIoP2IpkxYUeBsgMdMuNFwR5CIiXq9sFDTAXFvaxfDOJinGWv\/eOyJWVkIGZkX0n+wN46Zw\/pVSMBMbXfZHzMGgqavn4qdDoNyCyjsIa3x8suJk+q5+nv0yh4k+iKTKEanfCF7BYqAwYrD1tVJvIqnC+rV8b9Zy4NyLD7bzv2UBm0nimg3XFjOV98qoN0iyDnvUOv6yZZXdzcCffKuu4nWivmIhoWUnT61sVBWiElNE8YgkowiDHi+mxlc\/oNcBrARNn0P0igbhat3b1akdrCxDR2\/U6cH0oaNhCEolXs\/yKaJ95xLb8hTk9mYTOH\/uROpjf7JG9OHNJJcq3q9VWi1fDWOv7\/F94Z7pB+bdMIBNzGgsj1i7ZXbkcEEyPk9T2grNbzHznbwZfLISKTTNoW5jiyFMHEGllFIE16v8dHxQzajq9OWj0SltehQ119DBfCxIxHvvpFPyx0eIWDHKWmwCeN7xj4bXDMLYJupbD4VKHtRRtv5o4YQ675DoWOVk78XsnH4AB9NqX7TQD\/D7sYMUPQuBwD+c4m+uyrKfO4QqBNnCXQaxhnzlXc+8CPcFDgj9b8sd2\/ke2yefxzj0tFSbEvGYhFiA65W79kISOzBxUPbVXhtCj1s0209bdvsrZF5ikonuKFdymCqveoneVPXQESGOo9bws2D7HuDHB4W\/j+dDmQBLQz336V+9uLZ8tvBdTscoUMqwbDTUd5N6d0dmDCR3B5pvftwil+ftPXSP6mmn+FxUWV5nbr\/M98wXANPMJ+UkVbPg8qGypyZ2Fiyptc7PkKevXGlPGe5fVc0Il2F0t4RTVTFOVGE3yThumtuHr9bfKJXT3XkhFjf+8TVWF3+Td2KC+4AeOBHbQYSDxVD3g2bGi0s4uP4C4KjDCWoD61C230SjXICRct1NF\/axFUSFaw8\/rq75gL5iIHvQ6vFd6nQLTFPcwrjLF505QOhebJ+VrU+KJYBUcVqgo7M6X4TY1e+pTlQd+Y+zzsHMh6T3BwcEDOlFzZwzOyDc8m6jt0eZ2ZuolmucLjXEwSb7wM7xpJ0bGVvbIpYRtY0u2Vkme+BkLi9GT8HvNeKx79Gp4qn47tv6sIMY5d5JEVsQtSdmOHVUnn3AXdGKp4r2+ZOL+p13hTWXyoqCerenzG+2Bjpp1aMab6Yew92WQq+3yGhDXmkOv1sBHTcOpoG+oloye3gAsg+uAxYkwWrHzUU9zBYVy\/Vz+XtEkenIZRJMCOgGYh+2q+3Oqyu6vSaOuzbDM77Mk4tuRJwJhxqz5QTiQF4C7rbWDhFBzXWKDqkNguCiiibxO4ZPOuZwMroaG2pVqLrtipPOFLSSauoblrzOFkbD+Jz987MCevqnGCktde1xw0sNRogWyaA7Ej+6e022ffku4ryJqqsaHDvkHI7pInrb\/y74a\/zyHyZdmHTaKfKtZwW53tYxkEhks+SUr9ZdCguudE5dZQdokJHXaad97apBZNEjmJ5i8v\/\/DX+ZAbLGd6A8ejIz\/HZlctBSy7giKH0HgjpJr7mBro2t3XmMLskFdAfqbb6gkTcc+VMT865Rlkunikmf7LsHKLxoXs9ItYXe3chSJX9jpDefuJX+W\/94VDJ9JX65x\/CdAPOw4y8Wfan\/idNdBzMqbKzoyzAVnjKX3TZYL7uZQyj8qLiOireH\/3y+YRGZVry8v4n6iE5RCRFnzYyblek8nWmOS5J0IP9QhIgNemLIfV1to\/LMRyAhUx6sCMbJpdwV+yzJVkjzxDztVAdY4qbREl4ebJXnGDHyqLobJd+5mxY1tsnGHoJSb3yB00x3vhc1m046nlLV3EtLCTxYPBBxJp+zCDsKHtXBcsoQ9x1LT5SmtgZKVmJoKc21ydRf1d2PhWdHvMo6z3Cxhe8r3YrCL7q8sF7w4sG9xnjOJGkASvAFPtxCf+EZEHWEp7kFQMBACCCItIQVCaP2PI7n+NEWkiy8a7lKqnCPKr5eoNbQO79Sw=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1444570638225,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1444570638225,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":225615,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8UR1AAEAGNzMKCAAB2DrQKKmpAbtoC5J\/AAAAAKACOQjy7gAAAgQFtAQCCAoATMNiAAAAAAEDAwY="}
00409{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":234305,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAeFAABAGtoPYOtAoCggAAQG7qamX9G2AaAuSgFAS\/\/9SAQAA"}
00408{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570638,"pkt_ts_usec":235564,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoNx9AAEAGu1kKCAABch3MMcm+AbvkVPd2G6sZU1ARTvg8QAAA"}
@@ -357,30 +357,30 @@
00408{"flow_id":23,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570639,"pkt_ts_usec":262175,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2l5AAEAGrL0KCAABQERpZ6GqAbsG3Rzp+SMAP1AQa7XP3AAA"}
00411{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570639,"pkt_ts_usec":263789,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAe9AABAGtS1ARGlnCggAAQG7oar5IwA\/Bt0c6VAR\/\/87kQAA"}
00717{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570639,"pkt_ts_usec":266192,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"ABoRAAACABoRAAABCABFAAELUR9AAEAGNmIKCAAB2DrQKKmpAbtoC5KAl\/RtgVAYOQjE6AAAFgMBAN4BAADaAwOv\/q6xmTCIAwLzDcizR7a\/t25hvWTVcDLyx+PEedO+jAAAKMArwCzAL8AwAJ4An8AJwArAE8AUADMAOcAHwBEAnACdAC8ANQAFAP8BAACJAAAAHQAbAAAYc3NsLmdvb2dsZS1hbmFseXRpY3MuY29tAAsABAMAAQIACgA0ADIADgANABkACwAMABgACQAKABYAFwAIAAYABwAUABUABAAFABIAEwABAAIAAwAPABAAEQAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgM="}
-00766{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_tot_l4_data_len":327,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00777{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1444570638225,"flow_last_seen":1444570639266,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570639,"pkt_ts_usec":266643,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfBAABAGtnTYOtAoCggAAQG7qamX9G2BaAuTY1AQ\/\/9RHwAA"}
01271{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":457,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570639,"pkt_ts_usec":266868,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00408{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":266395,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoY+dAAEAGIzoKCAABQERpYpEJAbvtraR6ElJuhFARTO8JcgAA"}
00410{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":267573,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfFAABAGtTBARGliCggAAQG7kQkSUm6E7a2ke1AQ\/\/9WYQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1444570640269,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1444570640269,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":269875,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8fMBAAEAGd0oKCAABch3Ki7gfAbudV783AAAAAKACOQjtmQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="}
00410{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":284293,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfNAABAGIixyHcqLCggAAQG7uB9iqEDInVe\/OFAS\/\/+vRQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1444570640284,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1444570640284,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":284770,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8nBhAAEAGTKkKCAABch3V1KMdAbtvG1\/vAAAAAKACOQiE1wAAAgQFtAQCCAoATMP3AAAAAAEDAwY="}
00410{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":298110,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfRAABAGFuJyHdXUCggAAQG7ox2Q5KAQbxtf8FAS\/\/+4\/gAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1444570640298,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1444570640298,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":298584,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8YQlAAEAGkVsKCAABch3MMcncAbvjbaL+AAAAAKACOQiwWQAAAgQFtAQCCAoATMP3AAAAAAEDAwY="}
00410{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":309751,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfVAABAGIIRyHcwxCggAAQG7ydwckl0B422i\/1AS\/\/+b4gAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1444570640310,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1444570640310,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":310108,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8S45AAEAGO38KCAABQERpYpETAbtLyIh5AAAAAKACOQgv9gAAAgQFtAQCCAoATMP3AAAAAAEDAwY="}
00409{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":319368,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfZAABAGtStARGliCggAAQG7kRO0N3eGS8iIelAS\/\/9pVAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1444570640319,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1444570640319,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":319795,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8c3VAAEAGE5MKCAABQERpZ6GyAbtpybCOAAAAAKACOQjZNwAAAgQFtAQCCAoATMP7AAAAAAEDAwY="}
00409{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":330160,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfdAABAGtSVARGlnCggAAQG7obKWNk9xacmwj1AS\/\/9YsAAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1444570640330,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1444570640330,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":330424,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8tGhAAEAGXWUKCAABPm3geMe+AbssX3BwAAAAAKACOQi7XAAAAgQFtAQCCAoATMQYAAAAAAEDAwY="}
00409{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":338147,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfhAABAGP+o+beB4CggAAQG7x77ToI+PLF9wcVAS\/\/+9aQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1444570640338,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1444570640338,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":338595,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA82ZNAAEAGODoKCAABPm3geMe\/Abvolh2LAAAAAKACOQhSCQAAAgQFtAQCCAoATMQYAAAAAAEDAwY="}
00409{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":344333,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAflAABAGP+k+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"}
00409{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":344574,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAG9B4KCAABch3Ki7gMAbtSShQeAAAAAFAEAABI\/wAA"}
@@ -391,7 +391,7 @@
00408{"flow_id":19,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":345761,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGdyAKCAABQER5Y9qhAbtb96ShAAAAAFAEAAAPOwAA"}
00408{"flow_id":20,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":345959,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAG9p4KCAABch3IC7rhAbtuYS1kAAAAAFAEAAATTQAA"}
00408{"flow_id":20,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":346151,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAG9p4KCAABch3IC7rhAbtuYS1kAAAAAFAEAAATTQAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1444570640346,"flow_last_seen":0,"flow_tot_l4_data_len":55,"flow_min_l4_data_len":55,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":55,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1444570640346,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":346801,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"ABoRAAACABoRAAABCABFAABLP\/ZAAEAGY3QKhc4vUEpuRIKzAbsvtI0Fj3ahWYAYAWE\/AgAAAQEICgBMxFRXHeViFQMBABJ8gv9dmaTjHFUtA85jnlaY0C8="}
00424{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":347186,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"ABoRAAACABoRAAABCABFAAA0P\/dAAEAGY4oKhc4vUEpuRIKzAbsvtI0cj3ahWYARAWFq6AAAAQEICgBMxFRXHeVi"}
00409{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":347516,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAfpAABAG0ZNQSm5ECoXOLwG7grOPdqFZL7SNHVAQ\/\/+mgQAA"}
@@ -404,10 +404,10 @@
00410{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":372948,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAf5AABAGIHtyHcwxCggAAQG7ydwckl0B422i\/1AS\/\/+b4gAA"}
00435{"flow_id":29,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":373238,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8S49AAEAGO34KCAABQERpYpETAbtLyIh5AAAAAKACOQgvkgAAAgQFtAQCCAoATMRbAAAAAAEDAwY="}
00409{"flow_id":29,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":381985,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAf9AABAGtSJARGliCggAAQG7kRO0N3eGS8iIelAS\/\/9pVAAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1444570640382,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1444570640382,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":382255,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8O9hAAEAGNk0KCAABUEpuRILnAbv7u\/+DAAAAAKACOQgB2AAAAgQFtAQCCAoATMRbAAAAAAEDAwY="}
00410{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":385652,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgBAABAGoDlQSm5ECggAAQG7gucERAB8+7v\/hFAS\/\/9imAAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1444570640385,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1444570640385,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":385961,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8smJAAEAGv8IKCAABUEpuRILoAbtZhnY\/AAAAAKACOQgtTwAAAgQFtAQCCAoATMRdAAAAAAEDAwY="}
00409{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":389057,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgFAABAGoDhQSm5ECggAAQG7guimeYnAWYZ2QFAS\/\/9ilwAA"}
00435{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":389377,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8c3ZAAEAGE5IKCAABQERpZ6GyAbtpybCOAAAAAKACOQjY0wAAAgQFtAQCCAoATMRfAAAAAAEDAwY="}
@@ -418,31 +418,31 @@
00409{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":403608,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgRAABAGP94+beB4CggAAQG7x78XaeJ06JYdjFAS\/\/+9aAAA"}
00407{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404023,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAofMJAAEAGd1wKCAABch3Ki7gfAbudV784YqhAyVAQOQh2PgAA"}
00493{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404146,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnfMNAAEAGdxwKCAABch3Ki7gfAbudV784YqhAyVAYOQizYAAAFgMBADoBAAA2AwHL0KbklNiTQBXXAOTSW3u+JaExiKsBBup5X7QAW6mJdAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1444570640269,"flow_last_seen":1444570640404,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404321,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgVAABAGIhpyHcqLCggAAQG7uB9iqEDJnVe\/d1AQ\/\/+vBwAA"}
00409{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404444,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAonBpAAEAGTLsKCAABch3V1KMdAbtvG1\/wkOSgEVAQOQh\/9wAA"}
00494{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404564,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnnBtAAEAGTHsKCAABch3V1KMdAbtvG1\/wkOSgEVAYOQgbMgAAFgMBADoBAAA2AwGrp6IiqHkBm3loHqbaZBzbVkh+xkbqhD+UPXWnBcnLxAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1444570640284,"flow_last_seen":1444570640404,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgZAABAGFtByHdXUCggAAQG7ox2Q5KARbxtgL1AQ\/\/+4wAAA"}
00408{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404851,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoYQtAAEAGkW0KCAABch3MMcncAbvjbaL\/HJJdAlAQOQhi2wAA"}
00495{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":404972,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnYQxAAEAGkS0KCAABch3MMcncAbvjbaL\/HJJdAlAYOQhAsgAAFgMBADoBAAA2AwGD780leUD\/zJ6TyDunDGCFeal9B+1RLC9bN3N7SvEEPAAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1444570640298,"flow_last_seen":1444570640404,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":405134,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgdAABAGIHJyHcwxCggAAQG7ydwckl0C422jPlAQ\/\/+bpAAA"}
00407{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":405337,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoS5BAAEAGO5EKCAABQERpYpETAbtLyIh6tDd3h1AQOQgwTQAA"}
00494{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":405816,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnS5FAAEAGO1EKCAABQERpYpETAbtLyIh6tDd3h1AYOQiLjgAAFgMBADoBAAA2AwERAQnq4d\/gxiGfJU2bLkxxyvmp1+D227r48TmpdQ4WzgAABAA1AP8BAAAJACMAAAAPAAEB"}
-00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":6,"flow_first_seen":1444570640310,"flow_last_seen":1444570640405,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406001,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAghAABAGtRlARGliCggAAQG7kRO0N3eHS8iIuVAQ\/\/9pFgAA"}
00407{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406122,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoc3dAAEAGE6UKCAABQERpZ6GyAbtpybCPljZPclAQOQgfqQAA"}
00494{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406243,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnc3hAAEAGE2UKCAABQERpZ6GyAbtpybCPljZPclAYOQg1JwAAFgMBADoBAAA2AwGYvNjE9n0n5PBRt0o9HyCmeZcSM\/CYZuDVHrLRWw9j1QAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1444570640319,"flow_last_seen":1444570640406,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406408,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAglAABAGtRNARGlnCggAAQG7obKWNk9yacmwzlAQ\/\/9YcgAA"}
00407{"flow_id":31,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406529,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAotGpAAEAGXXcKCAABPm3geMe+AbssX3Bx06CPkFAQOQiEYgAA"}
00493{"flow_id":31,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406648,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABntGtAAEAGXTcKCAABPm3geMe+AbssX3Bx06CPkFAYOQhVUgAAFgMBADoBAAA2AwHChCdZOEMAlD5sXipmDRVVUN8O0TYEJmE+D4b2cbQgJQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":6,"flow_first_seen":1444570640330,"flow_last_seen":1444570640406,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":31,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406810,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgpAABAGP9g+beB4CggAAQG7x77ToI+QLF9wsFAQ\/\/+9KwAA"}
00408{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":406931,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2ZVAAEAGOEwKCAABPm3geMe\/Abvolh2MF2nidVAQOQiEYQAA"}
00495{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":407052,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn2ZZAAEAGOAwKCAABPm3geMe\/Abvolh2MF2nidVAYOQhfdgAAFgMBADoBAAA2AwHVxA3qKVbS+aM2DodEgQ0ezLSejrbBA\/G4QcrR0TfK+wAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_tot_l4_data_len":223,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1444570640338,"flow_last_seen":1444570640407,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":10,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":407211,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgtAABAGP9c+beB4CggAAQG7x78XaeJ16JYdy1AQ\/\/+9KgAA"}
00407{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":407386,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAABAAEAGo40Khc4vUEpuRIKzAbsvtI0dAAAAAFAEAADXXQAA"}
00408{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":407504,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAofMRAAEAGd1oKCAABch3Ki7gfAbudV793YqhAyVAQOQh1\/wAA"}
@@ -452,21 +452,21 @@
00408{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":407983,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoO9lAAEAGNmAKCAABUEpuRILnAbv7u\/+EBEQAfVAQOQgpkQAA"}
00407{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408102,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAosmNAAEAGv9UKCAABUEpuRILoAbtZhnZApnmJwVAQOQgpkAAA"}
00703{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408223,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAO9pAAEAGNYcKCAABUEpuRILnAbv7u\/+EBEQAfVAYOQjgzQAAFgMBANMBAADPAwFWGmYQaUf4c9qAoNyA\/Wv7T0CEUJYDhQEnkMlpU0A7GyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00718{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1444570640382,"flow_last_seen":1444570640408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408448,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAgxAABAGoC1QSm5ECggAAQG7gucERAB9+7wAXFAQ\/\/9hwQAA"}
00702{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408569,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAsmRAAEAGvvwKCAABUEpuRILoAbtZhnZApnmJwVAYOQglNwAAFgMBANMBAADPAwFWGmYQn3y+Y635kayg0wLQlN\/9KaMadTF0LMgTLEN5tSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00718{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00729{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1444570640385,"flow_last_seen":1444570640408,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408732,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAg1AABAGoCxQSm5ECggAAQG7guimeYnBWYZ3GFAQ\/\/9hwAAA"}
00407{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408854,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoc3lAAEAGE6MKCAABQERpZ6GyAbtpybDOljZPclAQOQgfagAA"}
00407{"flow_id":31,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":408974,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAotGxAAEAGXXUKCAABPm3geMe+AbssX3Cw06CPkFAQOQiEIwAA"}
00408{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":409094,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo2ZdAAEAGOEoKCAABPm3geMe\/Abvolh3LF2nidVAQOQiEIgAA"}
05394{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":491206,"pkt_caplen":3751,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3751,"pkt_l4_len":3717,"pkt":"ABoRAAACABoRAAABCABFAA6ZAg5AABAGp+XYOtAoCggAAQG7qamX9G2BaAuTY1AY\/\/8D1wAAFgMDAEECAAA9AwNWGmYWXEGw9CJjvdcNuzSsMlp9Orc+irG3LDezhMQ32wDALwAAFQAAAAD\/AQABAAALAAQDAAECACMAABYDAwzLCwAMxwAMxAAFRjCCBUIwggQqoAMCAQICCHWz0GAVbUuOMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE1MDkyOTE5MDAwN1oXDTE1MTIyODAwMDAwMFowcDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxHzAdBgNVBAMMFiouZ29vZ2xlLWFuYWx5dGljcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9BndDbJK8n7UlIX\/panjjh8hJC5iT0ZBb4n1fzKUGCslR7CuA61\/m5PuhHD7uChpG8m+dcIdjK+lCk4Ky\/GjTkY8xuesL9WBwMHS\/Hrat89knNWIA4R+pVzg3Mhs+X5UMRmpdBZOmr4NrSJF8Lrb62Mof9jRYV+TfZLSYQGtdCECWJyWPzvviaBYn0y\/StSRbgzKH\/OZ2PFi5kULxOFq6N2Z1rQMg1an9CA4b0071UiZ81PNNyOXn0hQAYgiG1taVb0pwcq6dkDzdkU8Mj5UQEwk7PxR0R9obitrIs4rbpf8WxzqsPYmwOc4u8iUoIs1JhHXQXOBS9Il8fv6siekJAgMBAAGjggIFMIICATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgdIGA1UdEQSByjCBx4IWKi5nb29nbGUtYW5hbHl0aWNzLmNvbYITYXBwLW1lYXN1cmVtZW50LmNvbYIUZ29vZ2xlLWFuYWx5dGljcy5jb22CFGdvb2dsZXRhZ21hbmFnZXIuY29tghJzZXJ2aWNlLnVyY2hpbi5jb22CGHNzbC5nb29nbGUtYW5hbHl0aWNzLmNvbYIKdXJjaGluLmNvbYIYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tghh3d3cuZ29vZ2xldGFnbWFuYWdlci5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBT7LQYFGFR41L0io4xkJ374xMN2JjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAQJSeiLmnd4PKpAfj7I3xzeXS1dNcG6fyiARh5Zoe0SUxjPFwo88NMrzmh0tyACdSvc8NJDQzX8TKtj83s8i19Ake7gtOnF9Tpu2Hzclzi3q+SiEfev2tJudnpEvRMWpVSKV2LXURdVH8U2o1372iylNiJCZT09KlUfkrxYU4N89A\/vnhmzqxQRy\/XRuLgKbUXvBKpr965AgdOBQ1UOjR9ssZes3Mwd1+y57S8qJ\/K66iFyIufxsa620sBJ9dGoqC9UrOLL1FUd4NViOrTCWlMXGetNRkwskmJgfCd79OPNFsbl8mrjHGjY4vuv2jRpRQ83MOifldMLRH4JGYvQWCiAAD9DCCA\/AwggLYoAMCAQICAwI6gzANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMDQwNTE1MTU1NloXDTE2MTIzMTIzNTk1OVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRlcm5ldCBBdXRob3JpdHkgRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcKgR3XNhQkToGo4Lg2FBIvIk\/8RlwGohGfuCPxfGJziHuWv5hDbcyRImgdAtTT1WkzoJile7rWV\/G4QWAEsRelD+8W0g49FP3JOb7kekVxM\/0Uw30SvyfVN59vqBrb4fA0FAfKDADQNoIc1Fsf\/86PKc3Bo69SxEE630k3ub5\/DFx+5TVYPMuSq9C0svqxGoassxT3RVLix\/IGWEfzZ2oPmMrhDVpZYTIGcVGIvhTlb7jgEoQxirsupcgEcc5mRAEoPBhepUljE5SdeK27QjKFPzOImqzTs9GA5eXA37Asd57r0Uzz7o+cbfe9CUlwg01iZ2d+w4ReYkeN8WvjnJpAgMBAAGjgecwgeQwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFErdBhYbvPZotXb1gba7Yhq6WoEvMA4GA1UdDwEB\/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH\/AgEAMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQELBQADggEBAKr6qSDNameD7V7Uft4dxH\/gJQYAxST7qcgtbX7enYJlLIFjNGY+6VLCCLTLL\/dfmTpqnFB6hQWMfdEqSITTCWx8ws01n\/OC7lLeaF\/kAIoXIJb3KY2aTcuo3obIDW9WhwN9Az\/c+nl9IRn5yDovUXaMx0GScY8lzjf4SkwAI+\/ENRCu4COAc3xNNC7IbpDWEB6ZhHMacPLtVQ7uFwbqZ+4y6yzdZwc\/9ovCcN5bAOa7G9M2GiJsbLA1QmyQCT2T6WQJIg6FBp\/CcyHT5l+A5I2FIjpzA7Fgjq5o4vQ+l+dgEgloNt461uJDlVs3gZKBH7uN161SZBZXltleNH7INdgAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwMBTQwAAUkDABdBBIaKNVmPKL3TXXfhqMLDWuNGuVEzZureya0ML+MyYUl5oX8b7lGhet1wfigTSCer1FgnvtMkLDpU2KzVIU4FEgwGAQEACjO0VooNP1L6232eswqmLt\/1deu7q3pXGl44Jso6LvWSKYw1C7GnaJTLN+Vu2BAlYMazfva\/KG14DJLJcn63aooqWw6UnUr\/YLfSQIyKmPVbsvo\/vCtiw16J5eKpYkUTXOowdDWqJzfpnNc\/nvp9DYi3Z3Up8G5WJ3obs\/AcVqRCDkZXqmMTbIadu\/TDtG2L5fsDjNgV9vI9gn\/uWjFmo\/gPd1CkZpVRnqrWikJGDKE9Z+n+Me\/0lLxabZBRTPYb36gWdRsdNF\/8I+x2jBPiEVhOAa\/UtlAKTqDPo0etmhQuyNJSi39NvqO3zgYxYpnDMrLT5JVnPNqRwZH5dt0clhYDAwAEDgAAAA=="}
-01262{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_tot_l4_data_len":4064,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3717,"flow_avg_l4_data_len":677,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}}
+01273{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":543,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1444570638225,"flow_last_seen":1444570640491,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":3924,"flow_avg_l4_payload_len":654,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"ssl.google-analytics.com","server_names":"*.google-analytics.com,app-measurement.com,google-analytics.com,googletagmanager.com,service.urchin.com,ssl.google-analytics.com,urchin.com,www.google-analytics.com,www.googletagmanager.com","ja3":"75edb912bc6f0a222ae3e3e47f5c89b1","ja3s":"389ed42c02ebecc32e73aa31def07e14","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google-analytics.com","fingerprint":"E0:F0:1E:71:F2:B5:D9:2D:F7:4E:8F:CB:10:37:17:7C:0C:C4:07:9D"}}
00408{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":491530,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoUSBAAEAGN0QKCAAB2DrQKKmpAbtoC5Njl\/R78lAQSDX6eAAA"}
00582{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":592124,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"pkt":"ABoRAAACABoRAAABCABFAACmUSFAAEAGNsUKCAAB2DrQKKmpAbtoC5Njl\/R78lAYSDUnbQAAFgMDAEYQAABCQQQARi2Sq6lomOqdBwTXeK+7\/VSCE644W9ePmSa9EWlwoNhBkPWiERqUZ6KGC\/aDzofvpP6QqC1qdhwZ214CYXZcFAMDAAEBFgMDACiMfFcaI1hpldHeUclqaHBcFUg1h+fECh+\/j1y52hpRJWkfYJdr7o0+"}
00409{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":592914,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAg9AABAGtlXYOtAoCggAAQG7qamX9HvyaAuT4VAQ\/\/9CMAAA"}
00589{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":593166,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpAhBAABAGn6hQSm5ECggAAQG7guimeYnBWYZ3GFAY\/\/\/TtAAAFgMBAFECAABNAwFWGmYw1S2SuQizrUA2AASo1\/xNI5gqSv2km0LL+94AiyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgAEAAAF\/wEAAQAUAwEAAQEWAwEAIAtAOY9Gt7feGYdDv\/ZQ6IBSs9DH9KrW9HIkjyflxg+V"}
-00759{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00770{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":547,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1444570640385,"flow_last_seen":1444570640593,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00407{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":548,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":593288,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAosmVAAEAGv9MKCAABUEpuRILoAbtZhncYpnmKQlAQPLgkhwAA"}
00467{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":643888,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABTsmZAAEAGv6cKCAABUEpuRILoAbtZhncYpnmKQlAYPLgwbgAAFAMBAAEBFgMBACB3tOPNrA1yIPhgJ2zXsFBvVf8GU6w+9JhDmg6WwOMMyw=="}
00409{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570640,"pkt_ts_usec":644580,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAhFAABAGoChQSm5ECggAAQG7guimeYpCWYZ3Q1AQ\/\/9hFAAA"}
@@ -503,19 +503,19 @@
01271{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570660,"pkt_ts_usec":729371,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
01272{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570664,"pkt_ts_usec":697173,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
01272{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570668,"pkt_ts_usec":729335,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"pkt":"ABoRAAACABoRAAABCABFAAKsAABAAEARgN0KCAABrBABS\/waE8QCmKnIUkVHSVNURVIgc2lwOjE3Mi4xNi4xLjc1O3RyYW5zcG9ydD1VRFAgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxMC4xMzMuMjA2LjQ3OjY0NTM4O2JyYW5jaD16OWhHNGJLLTUyNDI4Ny0xLS0tM2U0Njk4NjE4Y2ZiMmI3MztycG9ydA0KTWF4LUZvcndhcmRzOiA3MA0KQ29udGFjdDogPHNpcDo0NTE5MUAxMC4xMzMuMjA2LjQ3OjY0NTM4O3JpbnN0YW5jZT03YTQ2ZjFlMTI3MDJlN2ZiO3RyYW5zcG9ydD1VRFA+DQpUbzogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPg0KRnJvbTogPHNpcDo0NTE5MUAxNzIuMTYuMS43NTt0cmFuc3BvcnQ9VURQPjt0YWc9ZDM4MzM3NjcNCkNhbGwtSUQ6IEtvcExUdzl4c19sRXBDdGlQYTA3YlEuLg0KQ1NlcTogNCBSRUdJU1RFUg0KRXhwaXJlczogNjANCkFsbG93OiBJTlZJVEUsIEFDSywgQ0FOQ0VMLCBCWUUsIE5PVElGWSwgUkVGRVIsIE1FU1NBR0UsIE9QVElPTlMsIElORk8sIFNVQlNDUklCRQ0KU3VwcG9ydGVkOiByZXBsYWNlcywgbm9yZWZlcnN1YiwgZXh0ZW5kZWQtcmVmZXIsIHRpbWVyLCBvdXRib3VuZCwgcGF0aCwgWC1jaXNjby1zZXJ2aWNldXJpDQpVc2VyLUFnZW50OiBab2lwZXIgcjMzNjg4DQpBbGxvdy1FdmVudHM6IHByZXNlbmNlLCBrcG1sDQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1444570669736,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1444570669736,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":736143,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA80OhAAEAGQOUKCAABPm3geMfSAbvlsh8HAAAAAKACOQhHhwAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="}
00409{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":745196,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAiJAABAGP8A+beB4CggAAQG7x9IaTeD45bIfCFAS\/\/+9VQAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1444570669745,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1444570669745,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":588,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":745822,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8QwJAAEAGzssKCAABPm3geMfTAbvSW4ztAAAAAKACOQjs9gAAAgQFtAQCCAoATM\/vAAAAAAEDAwY="}
00409{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":760020,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAiNAABAGP78+beB4CggAAQG7x9MtpHMS0luM7lAS\/\/+9VAAA"}
00407{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":760287,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0OlAAEAGQPgKCAABPm3geMfSAbvlsh8IGk3g+VAQOQiETgAA"}
00493{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":760654,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABn0OpAAEAGQLgKCAABPm3geMfSAbvlsh8IGk3g+VAYOQh66wAAFgMBADoBAAA2AwE1744IWto6M0QCtsjP9fOG23xHxlWSJd969XnKXp6XHQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1444570669736,"flow_last_seen":1444570669760,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":761708,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAiRAABAGP74+beB4CggAAQG7x9IaTeD55bIfR1AQ\/\/+9FwAA"}
00407{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":762448,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoQwNAAEAGzt4KCAABPm3geMfTAbvSW4zuLaRzE1AQOQiETQAA"}
00494{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":762590,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnQwRAAEAGzp4KCAABPm3geMfTAbvSW4zuLaRzE1AYOQhN4wAAFgMBADoBAAA2AwE4pMre7\/gDNHFUYUtdH4I+oIdCvO8Q22rK5cuvc6RHAwAABAA1AP8BAAAJACMAAAAPAAEB"}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1444570669745,"flow_last_seen":1444570669762,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570669,"pkt_ts_usec":763196,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAiVAABAGP70+beB4CggAAQG7x9MtpHMT0luNLVAQ\/\/+9FgAA"}
00407{"flow_id":31,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":369848,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAotG1AAEAGXXQKCAABPm3geMe+AbssX3Cw06CPkFAROQiEIgAA"}
00410{"flow_id":31,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":370331,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAiZAABAGP7w+beB4CggAAQG7x77ToI+QLF9wsVAQ\/\/+9KgAA"}
@@ -524,12 +524,12 @@
00410{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":373698,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAihAABAGP7o+beB4CggAAQG7x78XaeJ16JYdzFAQ\/\/+9KQAA"}
00410{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":373944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAilAABAGP7k+beB4CggAAQG7x78XaeJ16JYdzFAR\/\/+9KAAA"}
05676{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":676967,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAipAABAGMHU+beB4CggAAQG7x9IaTeD55bIfR1AY\/\/9VLwAAFgMBDz4CAAAtAwFWGmY08WBlVaMiuMkf\/1kPwYrznYnbZP8YRm1BkLyY7wAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01112{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01123{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":602,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1444570669736,"flow_last_seen":1444570670676,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":678036,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo0OtAAEAGQPYKCAABPm3geMfSAbvlsh9HGk3wPFAQTE9hhQAA"}
00851{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":728746,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFu0OxAAEAGP68KCAABPm3geMfSAbvlsh9HGk3wPFAYTE+3ZwAAFgMBAQYQAAECAQBcqxtsDTGlipY3CqYvMhYWSR\/8XHHZXEFgKc28Jn+a29M9CnV4bkbE4IMmcB7kQnQHLnsYeOID0oEkbJng69hDFpcijtob8vZi11lJgHyFoDw0mbA\/HPJJ8lx55Bf9SDGt2koX\/heYW5uOytG1uc8PLJo3xUiuujXgCH3djGHUIooxWzxLGe2mFwiaYj6IWa3U+jlNoz3PWvB1g5BwrlViXx9njdhK0Q3aM1CJPxDVCxEafUC4KSpHqwcstTUtOAA8Gi050jeZwIPKWigkS3Em0NBV0ENN6mTmH8ETG4QO3xwLEaxtxz8Ch\/KjfKvst2ZHdf3QDHdrItKtoIOqOwwHFAMBAAEBFgMBADAaALQ2pUk5ebL0fOsBMmvnDjpE9bl5GxXpter9Zsd9\/1uEjoQZJQkgxUVbBb+uhKg="}
00409{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":729666,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAitAABAGP7c+beB4CggAAQG7x9IaTfA85bIgjVAQ\/\/+sjgAA"}
05677{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":730016,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAixAABAGMHM+beB4CggAAQG7x9MtpHMT0luNLVAY\/\/\/JRgAAFgMBDz4CAAAtAwFWGmYzMITHz8pj+nvXObs\/kOYhDg2UDp0EdJOkGpmV8AAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01112{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01123{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":606,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1444570669745,"flow_last_seen":1444570670730,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00407{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":730757,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoQwVAAEAGztwKCAABPm3geMfTAbvSW40tLaSCVlAQTE9hhAAA"}
00858{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":781382,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuQwZAAEAGzZUKCAABPm3geMfTAbvSW40tLaSCVlAYTE+2\/AAAFgMBAQYQAAECAQCWt0bEGBDiaW3wkbA3O9F3Ig4uidDxRApMSk8+hNZu3nn\/2GHToLO1hDLhQlAUkWRhyw0t1zVFXdxxdkjFz+5r0lkpZkHUszIurP+R8\/miZN4KjtkgXpMas\/So\/iPlXIMc\/yjT4WQBt4gtBtYhmFSppzsDmDIIk7mvfZxHXTD23VSjluF2QBfO2IWqMrFMUF5kLARyx4G2\/8ZjdNECapgOq9cdJsgD5BlcY2c+dHng19\/mYZA2BSxtQAyOT54Ghdr77MsgQiN2Llu3v+LZWpM+Zbvdg4hXwk\/BShSPoskiySh9VLMF\/nq+MGssfcSvrol76Im5W9PG\/DQIxfUY9d4FFAMBAAEBFgMBADBxLGEx28Qy59TtwMgeCKhDXvKFs7ZrkHvDe4Wu\/kgdVZQLIXwlg8iFIVwJQqhI6Xs="}
00409{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570670,"pkt_ts_usec":782112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAi1AABAGP7U+beB4CggAAQG7x9MtpIJW0luOc1AQ\/\/+sjQAA"}
@@ -545,15 +545,15 @@
00707{"flow_id":37,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570671,"pkt_ts_usec":150838,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"ABoRAAACABoRAAABCABFAAECAjRAABAGPtQ+beB4CggAAQG7x9MtpIKR0luQTVAY\/\/\/rJAAAFwMBAKCEUhgKS7Ore4V4XA8IdFUR4Er1pvl9N7NYzUrhqEqujMkCBt+R8+2ApxunQLbKtNBJ8frcD2IKNtRomHDisv5N1FfXTiIF2dw6IwJazu6xz8Sd9iJy3puaVNpZiGX3bSd4UxrqDoDAiYTuOjZvvQvkxFi3mKSaoKyOk3zR\/ULK5zXQWWH0E74qa1ipQXdhN7aYZwSSWvuhhYGExQr7m8GaFwMBADA1J1QYl7kQR0+Pa+4n7lamQYXLA+LfemMg8fQ6Z4hBckTkoKi+8YFeNtjNLDUxh78="}
00408{"flow_id":37,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570671,"pkt_ts_usec":202137,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoQwhAAEAGztkKCAABPm3geMfTAbvSW5BNLaSDa1AQatU+yQAA"}
01735{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570671,"pkt_ts_usec":657240,"pkt_caplen":1024,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1024,"pkt_l4_len":990,"pkt":"ABoRAAACABoRAAABCABFAAPyAjVAABAGO+M+beB4CggAAQG7x9MtpINr0luQTVAY\/\/+gngAAFwMBA4B4LQc11sgj5iAjgSB3smLHk7\/SenRjb8ZFufK1knTFHzViNUQ\/iWw\/BOftoBW9nu2wpcFh2HwgU90pvkNcoN3JCbeXg7zpP1ezlsV6QElTGlBhpUkmV46hyOlVhhnaJx1KI0dq7t9l2OweDBGK0PQn5LHPHqu3x3JwyzvWZe6xh\/rGhX21y1g9t7yynI49ZQ1uUFo+qHPBLxoGdUow0Nj+lk0BQmVemJO5h7c0sShigdmTKTicVuZqbHk\/pE38q1MzwYlWJWSLv2xA2GgCJqiuRlsay4my3w7o9Vi1Ji5WFF9W8QkwiGSI5ggoIDDBZWH3NmaA+lF8t3eiBjypw\/rWIh9A2GBa3astQstJfJ08\/f53WRAGsSNqvaLmfLY8ybTwelhl+r\/IsAm\/v+U9SALE6vcYTZzwtM7rC0Y4D6OKd5A2YZrYZr5N+9ozCULr\/LwYAYAzJil4Lo2Cf7apInyitpc\/u55LLzZ+QHjotatTnTmeP+cEBxnKpPddLlPdVCvBesENj6jodLYSANMsJbl8Ph9BrHzMFj4hWAUgN9EqjGPvfT3Ev+JIBaoKqTIsS4Jdxtn1gw4zM5eITulccgYHizb7hA1c+re\/xWy3E2bQxzCqjtlptwHqBhwzh7BEAmwlvt6\/QPrJoU3B4ajbDa\/JBst1RbCrRoJRTmMwBmupRBWsPxCdvz\/ONIep8rncQophQvNN00cswoHha82TMfvBV9GWfAU4JOqknc7fIUig\/Fq9FzM5SR3AIldNixb6m6k2BJgbP7Pdm3XQ4rykU\/h3IUpB9cU2BiQB2JGXhl8vAT2MALS8szaGnalxePhZ\/bkp0IVj3CB8leJca9JvvjCdvmJEhQQ8JNLfy62IYtvdHh\/WvnJCUwTiJB+3rdbOgNDbnIS6FrKbcF5eLcmQYyfDnGpnmjiopAp5z+p+nganqLY6s2IodIyKWKoxKXHcUIGTrSy1e1bInxGzE0NHM7L5ZVjjKw4KM00glRLxFzT1YXy9uo0vKe\/nyD3jl4ArmoCsPvapZZ1+b4t13d2fXbhrcNpDAY94KdF\/pnb5WAkfCD3uJkZNtnnwz2iPpqszCJeS7SCcEyTkm6h8bhd95c1TdZd53H96TlF53rKj9WkZ3aJQmix4oXCwZwJkfRd\/Y7hdGD+ihyVfdmDmYW3M4SNv8CCf+KYV74TZla\/OWJ0vmxcDAQBA7bK+SOd8Bp2bc2MJqkBhbTMVnwLf1cGaM\/0unjO3v+yruYCgeAeC00Ow3WKSsgss2LTGvZ1dgWooudhb7lqK0g=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1444570672215,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1444570672215,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":215106,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8MYhAAEAGVYAKCAABQERpZ6HLAbsAQeF1AAAAAKACOQgEvgAAAgQFtAQCCAoATND9AAAAAAEDAwY="}
00410{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":219041,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAjpAABAGtOJARGlnCggAAQG7ocv\/vh6KAEHhdlAS\/\/9YlwAA"}
00408{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":219386,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoMYlAAEAGVZMKCAABQERpZ6HLAbsAQeF2\/74ei1AQOQgfkAAA"}
00494{"flow_id":38,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":269788,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnMYpAAEAGVVMKCAABQERpZ6HLAbsAQeF2\/74ei1AYOQieegAAFgMBADoBAAA2AwGjqRN4oMmUAvXJWDJ5WPEL71jxOoo9r1VB6+4PEHNUEQAABAA1AP8BAAAJACMAAAAPAAEB"}
-00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00741{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":635,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_first_seen":1444570672215,"flow_last_seen":1444570672269,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":38,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":270226,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAjtAABAGtOFARGlnCggAAQG7ocv\/vh6LAEHhtVAQ\/\/9YWQAA"}
05712{"flow_id":38,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":626514,"pkt_caplen":3993,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3993,"pkt_l4_len":3959,"pkt":"ABoRAAACABoRAAABCABFAA+LAj9AABAGpXpARGlnCggAAQG7ocv\/vh6LAEHhtVAY\/\/\/4awAAFgMBD14CAABNAwFWGmY2OKSnMLhuCBt0JAb2DEjvPN+R95L+HKgtL7uTUiDN0VOJNIBlLSS4f88OqxP3+igjtpCbQoGsmGl2RmZTSAA1AAAF\/wEAAQALAA8FAA8CAATpMIIE5TCCA82gAwIBAgIQKXSJqdQeSb5h94FpRuYh8zANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDQxMDAwMDAwMFoXDTE4MDQxMDIzNTk1OVowdzELMAkGA1UEBhMCdXMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3NlMRwwGgYDVQQKDBNDaXNjbyBTeXN0ZW1zLCBJbmMuMQwwCgYDVQQLDANDU0cxFDASBgNVBAMMCyoud2ViZXguY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXjIYUvDCGFnLF6CX7BhvJlmnmrg0KiZFcDP6TyJs2s+n7Hjqpb8O374x26knzLrTkrkpNBVvbi6eY8X6lmrWlqvlgEoyMmslNbZoAjUy1C9HNIMI2F1bLGI\/pKRUGbpk5wvAv6SKOf+cKi3mis7U2sccUb8cFxKTVpp62iK2uOzkFa4zF1i4hm\/NKjJWJVuj\/D8tQpd0PSuU5wWY7G1x\/5UpvvDV7KS7Tsmn3ib\/8gstBL+PLvKZHJ8YWc8u02oGZQoWD64APslwdmLLyDqq5USERl2bc761RHbBhnmKf3IpyvGqgfCFbQ7hfb+sniY0O+KQiBpaJI1bt4iiHQ1YQIDAQABo4IBZDCCAWAwFgYDVR0RBA8wDYILKi53ZWJleC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGUGA1UdIAReMFwwWgYKYIZIAYb4RQEHNjBMMCMGCCsGAQUFBwIBFhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Quc3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBRfYM9hkFXfhEMUimAqsvV69EMY7zArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zcy5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zcy5zeW1jYi5jb20vc3MuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAU0XVgHR8KQTLFFzVVA7s1Rlqj4+dm5q+OB5OfJMqYeX\/hnGHVeD8z9\/9EdKsauBRbbFpJk38PC3aGoy0iL9v8CA4V6o0qYzEfedbF\/p\/UuvtChO8CktAaqN64hPdToCJEy3gqyB\/Hv7VVuKXUBogujzn1WBdIyBUlO\/hClSnOD8Qq1So\/AzCrw+\/ChOOV7DI631hsLE1M73UmQqxi7Cbu5R5TsXH6v6s\/7CAPBhVtuxTBBcBuPtA6Pd2Q8vOf6ByuErVmWAV\/tOLfjGuqPuM2JoxzR1iH82zcoIcxOzmtUIYsiTuUSCi\/AsNsm265BOW9oeh5kgZU+pE6LkGX9bECAAU8MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ\/zANBgkqhkiG9w0BAQsFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJbA3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid\/sgN6nFMl6UgfRk\/InSn4vnlW9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzus3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8TL9ba4cYY9Z\/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVKFpd6UiFjdS8W+cRmvvW1Cdj\/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0TAQH\/BAgwBgEB\/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2IuY29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB\/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4EFgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxnyH1mrWH5sJgUs+oHXXCMXIiw3k\/eG7IXmsKP9H+IyqEVv4dn7ua\/ScKAyQmW\/hP4WKo8\/xabWo5N9Q+l0IZE1KPRj6S7t9\/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtGQGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt\/eV5E1PnXi8tTRttQBVSK\/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTYKvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A\/yO0+MKccABNQwggTQMIIEOaADAgECAhAlDOjgMGEunyuJ9wVNfPj9MA0GCSqGSIb3DQEBBQUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMDgwMDAwMDBaFw0yMTExMDcyMzU5NTlaMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA2IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8kCAgpejWeYAyq50s7Ttx8vDxFHLsr4P4pAvlXCKNkhRUn9fGtyDGJXSLoKqqmQrOP+LlVt7G3S7P+j34HV+zvQ9tmYhVhz2ANpNje+ODDYgg9VBPrScpZVIUm5SuPG5\/r9aGRwjNJ2ENjalJL0o\/ocFFN0Ylpe8dw9rPcEnTbe11LVtOWvxV3obD0oiXyrxySZxjl9AYE75C55ADk3Tq1Gf8CuvQ87uCL6zeL7PTXrPL28D2v3XWRMxkdHEDLdCQZIZPZFP6sKlLHj9UESeSNY0eIPGmDy\/5HvSt+T8WVrg6d1NFDwGdz4xQIfuU\/n3O4MwrPXT80h5aK7lPoJRUCAwEAAaOCAZswggGXMA8GA1UdEwEB\/wQFMAMBAf8wMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwDgYDVR0PAQH\/BAQDAgEGMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMB0GA1UdDgQWBBR\/02Wnwt3su\/AwCfNDOfoCrzMxMzBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsOAwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2lnbi5jb20vdnNsb2dvLmdpZjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwDQYJKoZIhvcNAQEFBQADgYEAEwLd+OiGAPJa+PggDFmIYgfOzvdO+btZoZjl4TjdTrxmGNOt6xjyDcltPkqUIMM8ur1lVMavRLMQrSxrPqvXB7a4gWPF+V4u5Spnzs0zDCrXiVYDIx+zvug6CFm07EU194pb\/2bPUK\/GbVeNGXi3uaLRV+ofmkuvusmOEn7Gvf8OAAAA"}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_tot_l4_data_len":4142,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":690,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":643,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":6,"flow_first_seen":1444570672215,"flow_last_seen":1444570672626,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4002,"flow_avg_l4_payload_len":667,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00409{"flow_id":38,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":627470,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoMYtAAEAGVZEKCAABQERpZ6HLAbsAQeG1\/74t7lAQTO\/8BgAA"}
00851{"flow_id":38,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":678256,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuMYxAAEAGVEoKCAABQERpZ6HLAbsAQeG1\/74t7lAYTO+atwAAFgMBAQYQAAECAQAuppU4ElPOMVNipeJaWtYwd\/pvWAtwO7pVTcwUuBj0JDxY6VnwQzztScdjLr8Pcj8u3vy6LVQ7m48dDphYxGEqcu1rKhix8wpyxf8hqqzr4ft8X2BnR6SvAXq0uv6MX5HQ7oD5GSdsggxLFSZHneq9DKcQgX7+0nhFxKzwVtVldpjLXq79j\/rlFiYG81tL9wnO473pAKuLlL3yKl8wMiRrEmsrw68MWwi3GZ+GT3VPpSn40JTjfnZIjmlrzilGE91ULr\/9YU92jzBIBKS+GmFJZMGK71hcaw3F6KJaWBf1gxX8k+\/DfohrkTinc38RSeL4CG507sR24h+ewz7oE4uyFAMBAAEBFgMBADC4olNnPx+6lJkGqx6oK+EiWjHYmGYPffVkRkiK0WyPT8N+5YzjoItdJvrDQJeo9zE="}
00410{"flow_id":38,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":679144,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAkBAABAGtNxARGlnCggAAQG7ocv\/vi3uAEHi+1AQ\/\/9HsAAA"}
@@ -562,15 +562,15 @@
00411{"flow_id":38,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570672,"pkt_ts_usec":943507,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAkdAABAGtNVARGlnCggAAQG7ocv\/vi4pAEHlBVAQ\/\/9FawAA"}
03874{"flow_id":38,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570673,"pkt_ts_usec":246494,"pkt_caplen":2608,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2608,"pkt_l4_len":2574,"pkt":"ABoRAAACABoRAAABCABFAAoiAkhAABAGqtpARGlnCggAAQG7ocv\/vi4pAEHlBVAY\/\/\/XVwAAFwMBCdBxLLWSPEcVTPk19a6RQSj\/HYO13nqarKLu4pl+tnPrre2wPJIRBzaFPuCZR4nIVzVt5TgLzsUv4LDQFurGviI+25Sp4kPOj8WFqS4ctOKFW\/a\/c7HRcHubuPd8PgX4kQ5PwrFXHw1+ELd4KWdXwJuHECA8USn7TQSdk+zsnZGABbL0TklMSnEDkhf5fI4dGCYqiJJa3a8f7TLBhsJO16gnqb0vreOrQCMdXy3ZW+A2kYdg+F0r\/pkGWR8rmaOk660cRikdWW+bMqYisJqG9blxC3OO0DOIlJH\/SF1+pArnMi4yt0yQCEswGNiPvwMyMDYkeV3e\/a3+nF4v3mSWBTZZcQtEkcZ3fuLnmB+Oa87Zy35Rb792AZ7zfZKhwcbUJfxNk0M30v5SnhKor\/QMBN+3461ebWJFlABREdcWXp3uhJs0cj6SU+rxjRHKRGu1vyQbz7WmxJf20XJ618iszXhYhP8PM0vhTizUHHmyWIwZUzL13fRRYeU8uKecwjxsYu+PhwwbXYZKbz42ZGCVm5VoHEd\/6KGLL8MmRPLo1sSKugMNc3aX5pmkcDl0Keryiphq6jrc5HNpB9ksfAv+387vXz0cPxgry+shHAzJyVkFtB\/3CIQ69oOpS\/o2gzSyduBgf4wXr9mvD0B4gi0xu2hj2M8nmsSyS5ZF8NpVcT8Bs8GF2hQD9A1QmQ5hVsqev1h5b8x1I\/0VSazTpLSwWA5n9ImKNrB28ZWiYFtJoKcRBidm3YKdX59A5CGziIgMIUivq2vEaxvMojJ\/Q+uKu0gGLPC+odug2TFrzpmJIEDIvKwjczNJ+qzMCAJGzPzXP+Iutfd7KHi6jzIwOUSFk1RthpSgLUhNAm4MqwX0ux3upofh91y1pDof5xDFfwQrXMaWYISh12sxcquzh201cUFjVc5RJH+D9OLmrU8szFmDpNFSQvlUHEWnie4Sz1eskdMXnrtLc\/sAyBEgLG0Hbp0BRoOKD5ChN5yIT0j+kQJDj8dRk4FyBbyx3bhh8tOozGT0icyAvbpHdJpc93mD4l\/Fh9Byz2cyotXvuL3UKHYuzVrF\/Px8ZCFz+04bU0cl9+t2SzSD7qP6U1sQG+mzG7bpH3TwcrdQDCQq1eTexNP4Nz+CySuHIHVdKWpmbIvWlQYl7+tjJoOZ1COZF3mEaRVy3g351VmsNdg4z0EfD7KxIyidbgJEUTTVY\/VXriJ01zyMiBBAbEGSDERkCW0oki8KPVvatcrO2WVVw7CIbC2A9FxL7j1h1NmPMiyLBsXZEAaQNmajnRGpm2A9T\/T7oyQFne9VuFfvrux07UlC6xt84ucd27tP+EG7YmDrd0XZA0yczM5u3T5QHouULTzku\/QkF0UBr7DnUC2xcchQrMQLMP2\/i2sNaXPHPcOhHhQW0BtzWeKngcaGZICXtm3gzGFP\/14SF6QGhvDIhss2Ngm8a3xJCLZGbXMr68va9eSCzC9p4bESe7hArjqLEkM1DnO4Qy6gSi803M6HqbEPhUZp3kLuaPb++WcBRiqYA+tp6ZmAYxGo1lrF8WcPx5ETYNoNx+qIlrbYBErT45GqSGHgFa\/bsXT6AjmPD2BsMuzb3MyNt48XQNqYST2ZncnpbRB\/QDVJ+RSbyKEoPzkyn+jPX4a10oXE5\/SME1lX8NtesLsxqF39WQ8kVuvaYluWx0NlM+AsltoGs7wH7w\/Ke\/LRbm2y3g\/fNZcD0MYBnJCU24WwkN0XxN8LtHZKIMgGB2SIat65m61dqCewFMxUzGtA7goYvEa9UoCuKk1HFzmZnRndCVESjMHcWPR86Vsxl6eMaglOYVoxuHyLq4wyyJ94\/VgJ4zdfJI4VhdvJXUZ\/F0PbkuoSicbt0GdvFak33YaiS1ueqdyvEyzEgdsakioBGYIiM4SdVkY\/+xGswRVfu6HRWGtCsZXu7keWt8qgYMb5wFSdc+4fnsr2RFgiYAR2dhWrn\/Hm3EoKIZ8RrcBb48ERdhcLVCWM3ruYR7WN0mJpAN2LGbEl\/b6tjSFn2xwt28fX1bXGZOix4hZ+25HRCORrW8HLeednkeSYM21yclGjGhydge9dvPkxfGs6gFLUNMdD7u1RfLlHTogwsdMMCYB3Z0HqDf9JyOyAHme07NG8nR5fGVkYgSLRWbK03\/74Qu9bmpVcM23hXQgklG+0RH3aSYDC2S\/L9T3GsseReB0W1Ltt+sCTVZkGtsDBrP0kaRW2iP1wo7Bztt02WEKs3jx+YaxcWkZfRdKSjDkoGS5w68U3UeX8eWlaCGKZ9SM\/X3WBdD3oQ+G9BX76RDWBW0yLgRkzFDNtCuCBT2F88ngyJBdrM\/h7V31HBvtd7YPbui5Il073EqntQHrDIsOhwMAkqi9B\/kv76U\/paWJF8woebSmmJHRkjpRSgZgBRqy5YDWgsEkBsb\/M7PToEBQ3leCAwUVxr8WS75bWnbVdbkIZdY+PTaLeeCkuG7H7vwHsMHNE1K7RV2aEJqgrchEzMkpJfc\/F3W7UorADHKMPEliKd7a1Sl5kCk3D9DaJfO3OQsBHyh3ZE7AAsge2VLZ\/hKcfBRRDWXybOanemCu6Q7vsvM8wWH4o8dl4VDgGt80bTo8Wt1uxpADugU6ulqKwUOXrGWE5bDusJ2mpJbpLoLiFHB23KWFqKzDZwzFrN0wJTtYC96dHAFFtcFTJAxVJXjOFXgbY7vRAZRGUwDQXteKawnevNpun7oZyesoi7eusyyYP2jxb+HyXF+z7ka6hd60sXztpl8vmZcoekRcexV9VhJVffkIysEhlTHwq1XquRiHrMeRzFOZtAIJBPJ6OZxJcxt20ZPFVJr8aJ8EpGmcPk9Vrzifck90TJwUFBj1fhjVY\/UPhml37sb\/LM8HBxgBhMnNtJeY7KSrWcNA5DLTaNxf2vVrKUt7LUhb0Q\/D8yV+8tnQoqnGzXd4q7PgiJ5Ok02GD1eJbmsGd8S46DGlSQ2ESWiFO81bUBCz\/l+gy6UWKEh\/Dk3vJef1PahTiYWdIeKgHkHGP9f5CayvJZetPhLRg2JcUwKffvitpq3RA60DPcuH5N7FFwzhR+R2KhtSqQFLREu3\/ny4h2cMyB6kAUHnvrnSRJbtqPECJz3ku2o3UDldRKB+N\/okiRvibcBw8LdAM2eYNe4pcJ3TZPSMDc5M13NTrYEFMCbRwBCL31Sr9XIldusv6xbllg7QWuoPgFbQbBXbGMK9TKRzIvrHbzjSFGNrhzkAZRY1XEJbbyX4CL95T8494H\/EN9az0oAVmouUwLKw9TcllFwgrYL9Izx4U7UjaNaDShgCnfoEPMD+MNTfyg1MAEL10owxfKqO3l+CO7xyXepyXAUAYKab7FQMBACA9dI3WgNGnAauL1dqZIyQbop7VGGyDAjtV+hyF5mmGyA=="}
00409{"flow_id":38,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":661,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570673,"pkt_ts_usec":280105,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoMY5AAEAGVY4KCAABQERpZ6HLAbsAQeUF\/744I1AUa7XPtwAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1444570674487,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1444570674487,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570674,"pkt_ts_usec":487975,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8CB5AAEAGejQKCAABrfMAbtlxAbui3tn8AAAAAKACOQgsWAAAAgQFtAQCCAoATNHiAAAAAAEDAwY="}
00410{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570674,"pkt_ts_usec":499448,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAklAABAGsB2t8wBuCggAAQG72XFdISYDot7Z\/VAS\/\/8cOwAA"}
00407{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570674,"pkt_ts_usec":500159,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCB9AAEAGekcKCAABrfMAbtlxAbui3tn9XSEmBFAQOQjjMwAA"}
00662{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570674,"pkt_ts_usec":600509,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjCCBAAEAGeYsKCAABrfMAbtlxAbui3tn9XSEmBFAYOQgu1wAAFgMBALYBAACyAwF10XyjAsAxicBbHHpuW8T0LZqOxOyDfFNTQx6hPM8mVgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_first_seen":1444570674487,"flow_last_seen":1444570674600,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":39,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570674,"pkt_ts_usec":600804,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAkpAABAGsByt8wBuCggAAQG72XFdISYEot7auFAQ\/\/8bgQAA"}
05677{"flow_id":39,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":110598,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAk1AABAGoNat8wBuCggAAQG72XFdISYEot7auFAY\/\/\/mtwAAFgMBDz4CAAAtAwFWGmIdHu5dz76\/IuzQTDtiAhUgwLQWfqmTm8g03f1qUAAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_tot_l4_data_len":4234,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":705,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":671,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":6,"flow_first_seen":1444570674487,"flow_last_seen":1444570675110,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00408{"flow_id":39,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":113353,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCCFAAEAGekUKCAABrfMAbtlxAbui3tq4XSE1R1AQTE+\/7gAA"}
00853{"flow_id":39,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":163959,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuCCJAAEAGeP4KCAABrfMAbtlxAbui3tq4XSE1R1AYTE\/9iwAAFgMBAQYQAAECAQADqEbmbhNsumkBtAw0L1FiNOhiWgRZUZ55aPV5j4qSX6CJmn4f8ibzLJBlBGsAtgVCMqb3u\/bkEAwuWi3+E7uYNezIwjTe6uWtAYnXIHiRx75nDApJ9g3cbSfyo\/qsdlUxQzwGUMwRXI\/KZ5gpdEwezEGeP4EkEUeNRGvOTWNA1b6isLsNGEPVow6vZOJCaTzDuZ0FoMc5Ae\/GMdYxQvd4tmk3HlTvEaGZw3K85jUAIaU9PyIqcSNZBrfjNzLy5+n81AmqdPFIWfsMUUQ+n\/CXyELkuNfob4CA5H3XcX196Fn0C7YJybKnDxfalCnXJ4srNt6p3fhw2czhca2\/nB2uFAMBAAEBFgMBADAifxZQCOeUA1lSfy0VO6Pq3JMmDH1y+Vy7Vcl3lTQRhhGehcW0+Ylu3FQ0gSzj5pE="}
00410{"flow_id":39,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":678,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":164264,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAlBAABAGsBat8wBuCggAAQG72XFdITVHot7b\/lAQ\/\/8K+AAA"}
@@ -580,24 +580,24 @@
00410{"flow_id":39,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":692,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":475056,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAldAABAGsA+t8wBuCggAAQG72XFdITWCot7eFlAQ\/\/8IpQAA"}
00545{"flow_id":39,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":694,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":475825,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ABoRAAACABoRAAABCABFAACKCCVAAEAGed8KCAABrfMAbtlxAbui3t4WXSE1glAYTE\/UtQAAmHVEYbuqOyCrxFJu6n22Og77DMpB20n4QmoYUJth1X+w3z6u9DIZFjIBQ2eHYidmx2WtmuC+Q+hUoiqkcZsL5JNP7gopOvzrK7EqC7vXk\/VlCpBDIvGFCmQRzVhLLhBg0rE="}
00410{"flow_id":39,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":695,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":476003,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAllAABAGsA2t8wBuCggAAQG72XFdITWCot7eeFAQ\/\/8IQwAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1444570675941,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1444570675941,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":736,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":941714,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8SaRAAEAGwwMKCAABPm3lnsp5AbteGJvVAAAAAKACOQhIBAAAAgQFtAQCCAoATNJxAAAAAAEDAwY="}
00409{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":945842,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAm5AABAGOk4+beWeCggAAQG7ynmh52QqXhib1lAS\/\/+1iAAA"}
00407{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":739,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":946782,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoSaVAAEAGwxYKCAABPm3lnsp5AbteGJvWoedkK1AQOQh8gQAA"}
00663{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":997260,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjSaZAAEAGwloKCAABPm3lnsp5AbteGJvWoedkK1AYOQjWkQAAFgMBALYBAACyAwEHq+X4OM58pZkulReYFtDW\/RDKtfBfQqv2TASThhAOCAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":740,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1444570675941,"flow_last_seen":1444570675997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":741,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570675,"pkt_ts_usec":997731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAnBAABAGOkw+beWeCggAAQG7ynmh52QrXhickVAQ\/\/+0zgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1444570679512,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1444570679512,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570679,"pkt_ts_usec":512700,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8dLdAAEAGDZsKCAABrfMAbtl1Abugj6duAAAAAKACOQhfOgAAAgQFtAQCCAoATNPZAAAAAAEDAwY="}
00409{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570679,"pkt_ts_usec":516479,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAphAABAGr86t8wBuCggAAQG72XVfcFiRoI+nb1AS\/\/8cNwAA"}
00407{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570679,"pkt_ts_usec":516623,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLhAAEAGDa4KCAABrfMAbtl1Abugj6dvX3BYklAQOQjjLwAA"}
00664{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570679,"pkt_ts_usec":526515,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjdLlAAEAGDPIKCAABrfMAbtl1Abugj6dvX3BYklAYOQi67gAAFgMBALYBAACyAwE3afvT656oHHNlOl3\/S5vQra3qbarVhBS8TCkcXn\/60QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":824,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_first_seen":1444570679512,"flow_last_seen":1444570679526,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570679,"pkt_ts_usec":526722,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAplAABAGr82t8wBuCggAAQG72XVfcFiSoI+oKlAQ\/\/8bfQAA"}
02277{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":79755,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"ABoRAAACABoRAAABCABFAAWMAqNAABAGql+t8wBuCggAAQG72XVfcFiSoI+oKlAY\/\/9YtQAAFgMBDz4CAAAtAwFWGmIhpdMClixxGH1P3IzNWjym1oz\/Vm0EP84\/FROoyAAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNV"}
00406{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":82130,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLpAAEAGDawKCAABrfMAbtl1Abugj6gqX3Bd9lAQQLDVaAAA"}
03813{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":91160,"pkt_caplen":2581,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":2581,"pkt_l4_len":2547,"pkt":"ABoRAAACABoRAAABCABFAAoHAqRAABAGpeOt8wBuCggAAQG72XVfcF32oI+oKlAY\/\/+QNAAABAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_tot_l4_data_len":4274,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":534,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01122{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":846,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":8,"flow_first_seen":1444570679512,"flow_last_seen":1444570680091,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":511,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00406{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":91328,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAodLtAAEAGDasKCAABrfMAbtl1Abugj6gqX3Bn1VAQTvi9QQAA"}
00853{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":125739,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFudLxAAEAGDGQKCAABrfMAbtl1Abugj6gqX3Bn1VAYTvgeLgAAFgMBAQYQAAECAQCcgU0dFAydAt1bwWuwgYT6mr2lcaMFB9CDQyxoEtMzoDh1nlnjoxyLJ4He6xCirhE6PRv0yfRCLpmqfZ0WY+2m8X285tczrEBYICsVY\/P9ug8F9h5Z1cEDNvjxGHabdWijgjcENae5p6IhqwMuHn6ZZv+428J69nMnoyodgVGZBmSuRHRXf7qcdYCYNZasn\/un9nq78TLpMsJY\/87ceKuMdUXwPQWp7CyY\/2Qe2ycI9KhK\/kVUuYYzQzMffM6sVjiYTvWWztTdhFw32qEPmFxC3TuxyB8XzdetBA8CbQwuQGvoGSbkRv6JvrBjnubCbVhquLbCDwILUKbSdSGMvZcUFAMBAAEBFgMBADCARA4xmCv92PXDY+qlt41SoJf\/Uwd33ZXkWGsvtwJw5crYqOk3sL8JCzLtHEEFSJY="}
00410{"flow_id":41,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570680,"pkt_ts_usec":125976,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAqVAABAGr8Gt8wBuCggAAQG72XVfcGfVoI+pcFAQ\/\/8K9AAA"}
@@ -608,15 +608,15 @@
00408{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570690,"pkt_ts_usec":937763,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoSadAAEAGwxQKCAABPm3lnsp5AbteGJyRoedkK1AROQh7xQAA"}
00410{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1003,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570690,"pkt_ts_usec":940377,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAvNAABAGOck+beWeCggAAQG7ynmh52QrXhicklAQ\/\/+0zQAA"}
00410{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1004,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570690,"pkt_ts_usec":940588,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAvRAABAGOcg+beWeCggAAQG7ynmh52QrXhicklAR\/\/+0zAAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1444570693238,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1444570693238,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":238349,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8LOJAAEAGVXAKCAABrfMAbtl3AbsPD\/XWAAAAAKACOQic9QAAAgQFtAQCCAoATNk0AAAAAAEDAwY="}
00411{"flow_id":42,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":244944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAxBAABAGr1at8wBuCggAAQG72Xfw8AopDw\/111AS\/\/8cNQAA"}
00409{"flow_id":42,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":245402,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoLONAAEAGVYMKCAABrfMAbtl3AbsPD\/XX8PAKKlAQOQjjLQAA"}
00664{"flow_id":42,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":297839,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjLORAAEAGVMcKCAABrfMAbtl3AbsPD\/XX8PAKKlAYOQjZZAAAFgMBALYBAACyAwFP3AbhLhTWOx1T12yIPxjjHHkav2YDbjvETRMnoVMoSgAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1063,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_first_seen":1444570693238,"flow_last_seen":1444570693297,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00411{"flow_id":42,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1064,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":298648,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAxJAABAGr1St8wBuCggAAQG72Xfw8AoqDw\/2klAQ\/\/8bewAA"}
05678{"flow_id":42,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":766903,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rAxdAABAGoAyt8wBuCggAAQG72Xfw8AoqDw\/2klAY\/\/\/4DQAAFgMBDz4CAAAtAwFWGmIvr2fkKd74YByGbdYdmpDL9Iax2YS7H6drFqqYhQAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01112{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_tot_l4_data_len":4234,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":705,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01123{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1074,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":6,"flow_first_seen":1444570693238,"flow_last_seen":1444570693766,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00410{"flow_id":42,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":768368,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoLOVAAEAGVYEKCAABrfMAbtl3AbsPD\/aS8PAZbVAQTE+\/6AAA"}
00857{"flow_id":42,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":870805,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuLOZAAEAGVDoKCAABrfMAbtl3AbsPD\/aS8PAZbVAYTE\/xSQAAFgMBAQYQAAECAQB\/lMfcOyzSFtvzhiCHyEEFZaSghx7hULTQzfehcdy6HOZtxb9XEHObkFwD\/OTotTo\/mupVjmxXBO2XEP2UV9WRGEDwyJkhJ4H7Fd4yE8ifc0BzjThXupi9ISSYN+tbMHwotLlhwLF6L4sHCv+nvWDz0QZVlIQ1qBiDGLdyutJBTMLjphMyLgJmPJiX\/MoAFmyEC7w1qWfX+kih2HM\/efeJ+juxKLLRhBIXkEmnw3JQn6dynGsA6pb822R6gmGe1iSr+D8kGx\/CXbkS3LrtMUV839q0yIurqTrLlspkPnvvUYrN1XSrxCngNummT0SDhG9jyoy9RALgsa2veN1LGbZ0FAMBAAEBFgMBADDSiUb2ExE\/e85k2zmYmEm0g\/y2LQmKn2pvdJyMJY9vhF1b5CRrYvY9FhFEHUCyDxY="}
00411{"flow_id":42,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570693,"pkt_ts_usec":871619,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAxlAABAGr02t8wBuCggAAQG72Xfw8BltDw\/32FAQ\/\/8K8gAA"}
@@ -626,42 +626,42 @@
00412{"flow_id":42,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1090,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":180703,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAx9AABAGr0et8wBuCggAAQG72Xfw8BmoDw\/58FAQ\/\/8InwAA"}
00548{"flow_id":42,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1091,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":180852,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ABoRAAACABoRAAABCABFAACKLOlAAEAGVRsKCAABrfMAbtl3AbsPD\/nw8PAZqFAYTE9+QQAAYMNllA45YOg7s\/V3FNa7TcKbtucZ8mvaPzrduR8d4GOdPqB\/Vc6yLiClDb4SGaF+XNqtCApbbDmZaYfIgYFlBwQ7D6G\/lqVhg2mTSJR1UkuX0hBLl1qumaY21EsSl3Eo2JI="}
00412{"flow_id":42,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1092,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":181039,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAyBAABAGr0at8wBuCggAAQG72Xfw8BmoDw\/6UlAQ\/\/8IPQAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1444570694561,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1444570694561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":561618,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA802lAAEAGOT4KCAABPm3lnsp\/AbubwQrQAAAAAKACOQiUEgAAAgQFtAQCCAoATNm5AAAAAAEDAwY="}
00410{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":564407,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAytAABAGOZE+beWeCggAAQG7yn9kPvUvm8EK0VAS\/\/+1ggAA"}
00409{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1114,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":564543,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo02pAAEAGOVEKCAABPm3lnsp\/AbubwQrRZD71MFAQOQh8ewAA"}
00665{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":614759,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADj02tAAEAGOJUKCAABPm3lnsp\/AbubwQrRZD71MFAYOQigvgAAFgMBALYBAACyAwGiAbZfNeJzK4ep+8FP1757rfliUbGs5JPyfYBIT\/aU1QAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1115,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1444570694561,"flow_last_seen":1444570694614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1116,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570694,"pkt_ts_usec":615065,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAyxAABAGOZA+beWeCggAAQG7yn9kPvUwm8ELjFAQ\/\/+0yAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1444570699074,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1444570699074,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":74033,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8OjpAAEAGn3oKCAABNvEgDrSDAbvRQeFHAAAAAKACOQhpXwAAAgQFtAQCCAoATNt9AAAAAAEDAwY="}
00409{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":77509,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2VAABAGBmQ28SAOCggAAQG7tIMuvh640UHhSFAS\/\/+YiwAA"}
00407{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":77833,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOjtAAEAGn40KCAABNvEgDrSDAbvRQeFILr4euVAQOQhfhAAA"}
00699{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":79240,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAOjxAAEAGnrQKCAABNvEgDrSDAbvRQeFILr4euVAYOQhpTwAAFgMBANMBAADPAwFWGmZLJysQyU55el0fA2qHtq46\/QtJIPLxFEGaenjG8gAARgAEAAUALwA1wALABMAFwAzADsAPwAfACcAKwBHAE8AUADMAOQAyADgACsADwA3ACMASABYAEwAJABUAEgADAAgAFAARAP8BAABgAAAAGAAWAAATYXBpLmNyaXR0ZXJjaXNtLmNvbQALAAQDAAECAAoANAAyAA4ADQAZAAsADAAYAAkACgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEAIwAA"}
-00751{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00762{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1233,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_first_seen":1444570699074,"flow_last_seen":1444570699079,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1234,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":79481,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2ZAABAGBmM28SAOCggAAQG7tIMuvh650UHiIFAQ\/\/+XtAAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1444570699096,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1444570699096,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":96723,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8731AAEAGBawKCAABTi7tW+lsAFBr3TT9AAAAAKACOQhjAgAAAgQFtAQCCAoATNuAAAAAAAEDAwY="}
00411{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":101467,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2dAABAGIddOLu1bCggAAQBQ6WyUIssCa900\/lAS\/\/+AggAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1444570699101,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1444570699101,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":101872,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8ZgxAAEAGjx0KCAABTi7tW+ltAFASyr2MAAAAAKACOQgzhQAAAgQFtAQCCAoATNuAAAAAAAEDAwY="}
00410{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":106726,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2hAABAGIdZOLu1bCggAAQBQ6W3tNUJzEsq9jVAS\/\/+AgQAA"}
00408{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":107051,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo735AAEAGBb8KCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhHewAA"}
00408{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":107274,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoZg1AAEAGjzAKCAABTi7tW+ltAFASyr2N7TVCdFAQOQhHegAA"}
01127{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":201560,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"pkt":"ABoRAAACABoRAAABCABFAAJA739AAEAGA6YKCAABTi7tW+lsAFBr3TT+lCLLA1AQOQhcTgAAUE9TVCAvanNvbi8xLjMvcmVnaXN0ZXJEZXZpY2UgSFRUUC8xLjENCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vanNvbjsgY2hhcnNldD11dGYtOA0KQ29udGVudC1MZW5ndGg6IDM1OQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuMjsgTEctRDg1NSBCdWlsZC9LVlQ0OUwuQTE0MTIwODc2NTYpDQpIb3N0OiBjcC5wdXNod29vc2guY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0KeyJyZXF1ZXN0Ijp7InYiOiIyLjEiLCJ0aW1lem9uZSI6NzIwMCwiYXBwbGljYXRpb24iOiIzNjI0RC0yQkI0MCIsImRldmljZV9uYW1lIjoiUGhvbmUiLCJkZXZpY2VfdHlwZSI6IjMiLCJwdXNoX3Rva2VuIjoiQVBBOTFiSFVIUXFEQTFfVDlpREhzVGhCNFc1UnZBaFlremFoQ2t1b0VhbHVBVzkxYm5ZdFF5S04tRXZaSUNwa2doUmIyODJESDZJbzE1MWNTcFA1UGh4ME5BTGdjdHZYcjY5X2NBd3NIREpNbU92VHJCNjE5cEF1SV9UN0hNRHhGMlN0WFZpXzFlQ2tNWTg5c2FuSGg="}
-00720{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_tot_l4_data_len":636,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1241,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_first_seen":1444570699096,"flow_last_seen":1444570699201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":536,"flow_avg_l4_payload_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/registerDevice","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
00410{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1242,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":201996,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2lAABAGIdVOLu1bCggAAQBQ6WyUIssDa903FlAQ\/\/9+awAA"}
00531{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1243,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":202178,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"pkt":"ABoRAAACABoRAAABCABFAACC74BAAEAGBWMKCAABTi7tW+lsAFBr3TcWlCLLA1AYOQj1VQAAeGdkd3RHcl93ZzFudyIsImxhbmd1YWdlIjoiZW4iLCJhbmRyb2lkX3BhY2thZ2UiOiJjb20uaGFhcmV0eiIsImh3aWQiOiJhMzc1ZGI1N2VmNjJkMWM1In19"}
00410{"flow_id":45,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1244,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":202486,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2pAABAGIdROLu1bCggAAQBQ6WyUIssDa903cFAQ\/\/9+EQAA"}
00859{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":212081,"pkt_caplen":388,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":388,"pkt_l4_len":354,"pkt":"ABoRAAACABoRAAABCABFAAF2Zg5AAEAGjeEKCAABTi7tW+ltAFASyr2N7TVCdFAYOQhiswAAUE9TVCAvanNvbi8xLjMvYXBwbGljYXRpb25PcGVuIEhUVFAvMS4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb247IGNoYXJzZXQ9dXRmLTgNCkNvbnRlbnQtTGVuZ3RoOiA2Nw0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuMjsgTEctRDg1NSBCdWlsZC9LVlQ0OUwuQTE0MTIwODc2NTYpDQpIb3N0OiBjcC5wdXNod29vc2guY29tDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXANCg0KeyJyZXF1ZXN0Ijp7Imh3aWQiOiJhMzc1ZGI1N2VmNjJkMWM1IiwiYXBwbGljYXRpb24iOiIzNjI0RC0yQkI0MCJ9fQ=="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_tot_l4_data_len":434,"flow_min_l4_data_len":20,"flow_max_l4_data_len":354,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1245,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_first_seen":1444570699101,"flow_last_seen":1444570699212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":334,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"cp.pushwoosh.com","url":"cp.pushwoosh.com\/json\/1.3\/applicationOpen","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.2; LG-D855 Build\/KVT49L.A1412087656)"}}
00411{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1246,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":212387,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA2tAABAGIdNOLu1bCggAAQBQ6W3tNUJ0Esq+21AQ\/\/9\/NAAA"}
01078{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":445643,"pkt_caplen":551,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":551,"pkt_l4_len":517,"pkt":"ABoRAAACABoRAAABCABFAAIZA2xAABAGH+FOLu1bCggAAQBQ6WyUIssDa903cFAY\/\/\/YHgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNi4zDQpEYXRlOiBTdW4sIDExIE9jdCAyMDE1IDEzOjM4OjI1IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uOyBjaGFyc2V0PXV0ZjgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IHBocERhZW1vbi8xLjAtYmV0YTMNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctSGVhZGVyczogT3JpZ2luLCBYLVJlcXVlc3RlZC1XaXRoLCBDb250ZW50LVR5cGUsIEFjY2VwdA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kczogR0VULCBQT1NULCBQVVQsIE9QVElPTlMNClgtUFctQ2x1c3Rlci1Ob2RlOiBhcGktMjcNClgtUFctRnJvbnQtTm9kZTogZnJvbnQtMDYNCg0KMzkNCnsic3RhdHVzX2NvZGUiOjIwMCwic3RhdHVzX21lc3NhZ2UiOiJPSyIsInJlc3BvbnNlIjpudWxsfQ0KMA0KDQo="}
00409{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":446597,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo74FAAEAGBbwKCAABTi7tW+lsAFBr3TdwlCLM9FAQPLg\/aAAA"}
01078{"flow_id":46,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":469003,"pkt_caplen":551,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":551,"pkt_l4_len":517,"pkt":"ABoRAAACABoRAAABCABFAAIZA21AABAGH+BOLu1bCggAAQBQ6W3tNUJ0Esq+21AY\/\/\/ZQQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuNi4zDQpEYXRlOiBTdW4sIDExIE9jdCAyMDE1IDEzOjM4OjI1IEdNVA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uOyBjaGFyc2V0PXV0ZjgNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IHBocERhZW1vbi8xLjAtYmV0YTMNCkFjY2Vzcy1Db250cm9sLUFsbG93LU9yaWdpbjogKg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctSGVhZGVyczogT3JpZ2luLCBYLVJlcXVlc3RlZC1XaXRoLCBDb250ZW50LVR5cGUsIEFjY2VwdA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctTWV0aG9kczogR0VULCBQT1NULCBQVVQsIE9QVElPTlMNClgtUFctQ2x1c3Rlci1Ob2RlOiBhcGktMjcNClgtUFctRnJvbnQtTm9kZTogZnJvbnQtMDYNCg0KMzkNCnsic3RhdHVzX2NvZGUiOjIwMCwic3RhdHVzX21lc3NhZ2UiOiJPSyIsInJlc3BvbnNlIjpudWxsfQ0KMA0KDQo="}
00408{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":469610,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoZg9AAEAGjy4KCAABTi7tW+ltAFASyr7b7TVEZVAQPLhAiwAA"}
02277{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":636393,"pkt_caplen":1436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1436,"pkt_l4_len":1402,"pkt":"ABoRAAACABoRAAABCABFAAWOA25AABAGAPU28SAOCggAAQG7tIMuvh650UHiIFAY\/\/9jGQAAFgMBADUCAAAxAwH\/zw1+R1s0KR\/IbYZc2PfwME+dJgV6XwqJg7QSDec4RwAABAAACf8BAAEAACMAABYDARUwCwAVLAAVKQAFXzCCBVswggRDoAMCAQICEQCdQkMK1N5I61mRiSe3ehiVMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE2MDQGA1UEAxMtQ09NT0RPIFJTQSBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4XDTE1MDExNDAwMDAwMFoXDTIwMDExMzIzNTk1OVowXjEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMR0wGwYDVQQLExRQb3NpdGl2ZVNTTCBXaWxkY2FyZDEaMBgGA1UEAxQRKi5jcml0dGVyY2lzbS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAA3Xo3VrVGoNjyfTAnteqZvMRorFsBcUmNRAU6O+fIOFTL2HBerzVacL6iN\/3e7tpoDj2G0w99h2ljpFbJOOs\/5LDXbOzMiiK8em0O4stpmdJ9XRPPsl84S9c28oFVY\/CA7mcBU9DG82SqcJZfVXMNJurlcwFqncer+B2cLhO1Q9vNeDwrd\/08ONxH63Sc\/9e7XYbjGiq6U9Xfe2sGRd48e5GR+\/P5VKk5mkWAf53\/POZofrKGaVDhb8CMN4vf32VkZ40mYSlZEqJ3t2185CGnvcQKrLsr1Vyfu+NpjHbnnm6UL5ga+eAf8pLU8s43gOdvEzjgjDHC3KGqzfgebXLAgMBAAGjggHfMIIB2zAfBgNVHSMEGDAWgBSQr2o6lFoL2JDqElZz30O0Oija5zAdBgNVHQ4EFgQU4uzEA450c3G1fzDal95D9y1zepQwDgYDVR0PAQH\/BAQDAgWgMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCME8GA1UdIARIMEYwOgYLKwYBBAGyMQECAgcwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EMAQIBMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1JTQURvbWFpblZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYUGCCsGAQUFBwEBBHkwdzBPBggrBgEFBQcwAoZDaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRG9tYWluVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMC0GA1UdEQQmMCSCESouY3JpdHRlcmNpc20uY29tgg9jcml0dGVyY2lzbS5jb20wDQYJKoZIhvcNAQELBQADggEBAGq+UkpuPRjjFDs3mpC\/SrlpIrR8BTQFY+VlXzJ3FX8SYeKu4JQrG5GVN2SPnUZPHTl6bX8+4KbBOefRuHnFyExESoW58HeEYPo2e\/W8kKD0oCcIQsoegVwoq4oYnrSDEc+UOu15CKOMua55zVMl\/zRWRhX6eCTgJerJ43IB5UT+hQVZ+iWm7VBfNbh8pq4a59nca5ROC\/fSVCgTnwYTaD3QU4MXaIj\/7sFjaL8IgbDAVIFM\/bdNLqIMYozSbFQ="}
-00795{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_tot_l4_data_len":1738,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1402,"flow_avg_l4_data_len":289,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00806{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":6,"flow_first_seen":1444570699074,"flow_last_seen":1444570699636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1382,"flow_tot_l4_payload_len":1598,"flow_avg_l4_payload_len":266,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00408{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1252,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":636941,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOj1AAEAGn4sKCAABNvEgDrSDAbvRQeIgLr4kH1AQQMhRhgAA"}
00502{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1253,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":639844,"pkt_caplen":120,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":120,"pkt_l4_len":86,"pkt":"ABoRAAACABoRAAABCABFAABqA29AABAGBhg28SAOCggAAQG7tIMuviQf0UHiIFAY\/\/8nAwAALf4SsU2uf+VDXLMYtuAd7dAVY\/\/f85YQR3m3nhkc31shlW7dCqbyxdX2SoNIiptQr2Xh1S2KleiqoE0ylHUWfmYp"}
00408{"flow_id":44,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1254,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":640368,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOj5AAEAGn4oKCAABNvEgDrSDAbvRQeIgLr4kYVAQQMhRRAAA"}
@@ -670,22 +670,22 @@
02282{"flow_id":44,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":643002,"pkt_caplen":1436,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1436,"pkt_l4_len":1402,"pkt":"ABoRAAACABoRAAABCABFAAWOA3FAABAGAPI28SAOCggAAQG7tIMuvioJ0UHiIFAY\/\/\/EHAAAQHuIWe0O3azSd4I03AaVAtiQ+S3qN9UaYNBnINfYQgtFr4Jo3t1mJDeQKZQZRhkluIDXy9SGKGpEcCYjYqmfhm+\/upBw0lZ3hXjv6iWpF85QcowAOqrj22M0n\/gGcQHigiDU\/m+9sQAFeDCCBXQwggRcoAMCAQICECdm7lbrSfOOq9dwovyE3iIwDQYJKoZIhvcNAQEMBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoqEo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu\/xGXx\/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ1+z9DfqcbPrfsIL0FH75vsSmL09\/mX+1\/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTaQ2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg\/DKWUSe8Z8PKLrZr6kbHxyCgsR9l3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNXQTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q\/0lYvvCo\/\/S4rek3+7q49As6+ehDQh6J2ITLE\/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206LiW7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF\/cNDDoqosIapHziicBkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY\/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3MVw6akfgw3lZ1iAar\/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGjgfQwgfEwHwYDVR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFLuvfgI9+qbxPISOre44mOzZMjLUMA4GA1UdDwEB\/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH\/MBEGA1UdIAQKMAgwBgYEVR0gADBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQBkv4PxX5qF0M24oSlXDeha99HpPvJ2BG7xUnC7Hjz\/TQ10asyBgiXTw6AqXUz1uouhbcRUCXXH4ycOXYR5N0ATd\/W0rBzQO6sXEtbvNBh+K+l506tXRQyvKPrQ2+VQlYi734VXaX2S2FLKc4G\/HPPmuG5mEQWzHpQtf5GVklnxTM6jkXE="}
00409{"flow_id":44,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":643521,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOkBAAEAGn4gKCAABNvEgDrSDAbvRQeIgLr4vb1AQWoAsfgAA"}
02053{"flow_id":44,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":643969,"pkt_caplen":1272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1272,"pkt_l4_len":1238,"pkt":"ABoRAAACABoRAAABCABFAATqA3JAABAGAZU28SAOCggAAQG7tIMuvi9v0UHiIFAY\/\/8ORAAATHxHDDsLGfahsWyGPlyqxC6Cy\/kHlrpITZDylMipc6LrBnsjnd6i801Vn3phRZgYaMdeQGsj9Xl674y1a4u3b0b0e\/E9SwTYk4BZWuBBJB2yjxVgWEfb725G\/RX12V+as9vYuORAs82XOa6Fux2OvNyHm9Gm7\/E7bxA4bwAEOjCCBDYwggMeoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4MzhaMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA\/Ntfojts7emxEzl6QpTH2Tn71KvJPtAxrjj8\/lbVBa1pcplFqAsEl62y6V\/bjKvzc4LR4+kUGtcFbH8E8\/6DKedMrIkFTpxl8PeJ2aQDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCrTLBPI6s6T4TY386f4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXEXSp9t7TWxO6szRNEt8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++\/pXVPVNFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOkcTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7rEFsR2CDUbD5Mj3n\/PYmE8eAFqW\/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEULY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1Aq2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiDyx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEFgMBAAQOAAAA"}
-01134{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_tot_l4_data_len":6012,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":429,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}}
+01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":14,"flow_first_seen":1444570699074,"flow_last_seen":1444570699643,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5712,"flow_avg_l4_payload_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"api.crittercism.com","server_names":"*.crittercism.com,crittercism.com","ja3":"54ae5fcb0159e2ddf6a50e149221c7c7","ja3s":"c800cea031c10ffe47e1d72c9264577a","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA","issuerDN":"OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.crittercism.com","fingerprint":"68:8B:FC:77:1E:CA:80:33:0C:A9:0E:29:A6:E4:0D:FC:3A:AE:43:18"}}
00409{"flow_id":44,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":644152,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoOkFAAEAGn4cKCAABNvEgDrSDAbvRQeIgLr40MVAQZdAcbAAA"}
00408{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":864721,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoO9tAAEAGNl4KCAABUEpuRILnAbv7vABcBEQAfVAROQgouAAA"}
00410{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":864930,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA3RAABAGnsVQSm5ECggAAQG7gucERAB9+7wAXVAQ\/\/9hwAAA"}
00410{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":865096,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA3VAABAGnsRQSm5ECggAAQG7gucERAB9+7wAXVAR\/\/9hvwAA"}
00442{"flow_id":35,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":915340,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"ABoRAAACABoRAAABCABFAAA\/smlAAEAGv7gKCAABUEpuRILoAbtZhnl8pnmKQlAYPLgY5AAAFQMBABJgV68LS6YLMRfC0ydf82IUCbU="}
00411{"flow_id":35,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":915568,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA3ZAABAGnsNQSm5ECggAAQG7guimeYpCWYZ5k1AQ\/\/9exAAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1444570699916,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1444570699916,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":916083,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8M+lAAEAGPjwKCAABUEpuRIMPAbsBc+gmAAAAAKACOQj74QAAAgQFtAQCCAoATNvPAAAAAAEDAwY="}
00411{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":917636,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA3lAABAGnsBQSm5ECggAAQG7gw\/+jBfZAXPoJ1AS\/\/9icAAA"}
00409{"flow_id":47,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":917753,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoM+pAAEAGPk8KCAABUEpuRIMPAbsBc+gn\/owX2lAQOQgpaQAA"}
00705{"flow_id":47,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":968023,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAM+tAAEAGPXYKCAABUEpuRIMPAbsBc+gn\/owX2lAYOQhMegAAFgMBANMBAADPAwFWGmZL3uOMxVToaE\/p7S\/f3l0TPSF72MmK+MgBnG9FXiBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1274,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_first_seen":1444570699916,"flow_last_seen":1444570699968,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00412{"flow_id":47,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570699,"pkt_ts_usec":968436,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA3pAABAGnr9QSm5ECggAAQG7gw\/+jBfaAXPo\/1AQ\/\/9hmQAA"}
00589{"flow_id":47,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":123146,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpA35AABAGnjpQSm5ECggAAQG7gw\/+jBfaAXPo\/1AY\/\/+wJAAAFgMBAFECAABNAwFWGmZs4HEvkRp5CPDyrBD1d5FN0QkfcyNSvyMimX2MYiBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgAEAAAF\/wEAAQAUAwEAAQEWAwEAIHCqMV4qXgoAjYY8C2uGvdRpugsaOBkKyyR+wqee4vc5"}
-00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00771{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":6,"flow_first_seen":1444570699916,"flow_last_seen":1444570700123,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00410{"flow_id":47,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1283,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":123390,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoM+xAAEAGPk0KCAABUEpuRIMPAbsBc+j\/\/owYW1AQPLgkYAAA"}
00472{"flow_id":47,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":174042,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABTM+1AAEAGPiEKCAABUEpuRIMPAbsBc+j\/\/owYW1AYPLii3QAAFAMBAAEBFgMBACD\/OJPkF4mrRi\/eVp7fdXJ6ptt9f9Xyrl80jGyqqpclXg=="}
00411{"flow_id":47,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":174449,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA39AABAGnrpQSm5ECggAAQG7gw\/+jBhbAXPpKlAQ\/\/9g7QAA"}
@@ -695,24 +695,24 @@
00412{"flow_id":47,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1289,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":175680,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA4FAABAGnrhQSm5ECggAAQG7gw\/+jBhbAXPrmVAQ\/\/9efgAA"}
00875{"flow_id":47,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1290,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":427964,"pkt_caplen":396,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":396,"pkt_l4_len":362,"pkt":"ABoRAAACABoRAAABCABFAAF+A4JAABAGnWFQSm5ECggAAQG7gw\/+jBhbAXPrmVAY\/\/\/EXwAAFwMBAQIK4F6naWXIdaW7I8Z58oqr4pe2aGe1khnn8cReqBpHVVeIRWJgqEdVTEv70\/At78M3MinIEB4V2DdA1+GtZMig4vQvEUrRCRgn+IK5uD2tYZpQdkXPY8l+HHTYDzw7s2WhMTVlDu61pqkG5cPIBlrdh2DGx10lkgxqd2I19aauAuLJp5MnLHEEKDOM+pMiGMiisODAMF8YSBSarxawY5qMg4D1VtwD28kRBv1uweOCrytT7E3Yn6XfLzbcBA8F2K2+Rip2TtVqoW0R1CPB7U7kXDK3wEghFEbW2tKTzMiQ6GTMXnvFlwH4EkJGyDXZwtwvNblo3aEBHFM52kiqB9sT6skXAwEASmNURClRk13EjF96Y9CTxyDn9xd2qeHhNjzFJbBfkblji5C0fbT5UIkvSSHkXM\/saSoul2\/swhTjbFKe+FIqNDIwRG19wgN4uriR"}
00444{"flow_id":47,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":459128,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"ABoRAAACABoRAAABCABFAAA\/M\/BAAEAGPjIKCAABUEpuRIMPAbsBc+uZ\/owZsVAYQOj7XQAAFQMBABKp7I2jaOZ4+TM20Luobgcl8wI="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1444570700561,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1444570700561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":561150,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8d7ZAAEAG+m4KCAABUEpuRIMRAbsN6aumAAAAAKACOQgrqQAAAgQFtAQCCAoATNwQAAAAAAEDAwY="}
00410{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1303,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":563231,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA4lAABAGnrBQSm5ECggAAQG7gxHyFlRZDemrp1AS\/\/9ibgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1444570700563,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1444570700563,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1304,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":563368,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8CyVAAEAGZwAKCAABUEpuRIMSAbsmf9c3AAAAAKACOQjnfgAAAgQFtAQCCAoATNwSAAAAAAEDAwY="}
00411{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1305,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":565210,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA4pAABAGnq9QSm5ECggAAQG7gxLZgCjIJn\/XOFAS\/\/9ibQAA"}
00408{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1306,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":565371,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAod7dAAEAG+oEKCAABUEpuRIMRAbsN6aun8hZUWlAQOQgpZwAA"}
00408{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1307,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":565470,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCyZAAEAGZxMKCAABUEpuRIMSAbsmf9c42YAoyVAQOQgpZgAA"}
00703{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":615658,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAd7hAAEAG+agKCAABUEpuRIMRAbsN6aun8hZUWlAYOQiQtAAAFgMBANMBAADPAwFWGmZMED4A5Nh17gO7bSCRkq5lMHNAG46Z4njZWjB\/3CBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1308,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1444570700561,"flow_last_seen":1444570700615,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1309,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":615826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA4tAABAGnq5QSm5ECggAAQG7gxHyFlRaDemsf1AQ\/\/9hlwAA"}
00703{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":616161,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEACydAAEAGZjoKCAABUEpuRIMSAbsmf9c42YAoyVAYOQhPIgAAFgMBANMBAADPAwFWGmZMUiXWlfiAkM3TLt+8m\/rKGRmXBLOAMg7wv4yATyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1310,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_first_seen":1444570700563,"flow_last_seen":1444570700616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00411{"flow_id":49,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":616245,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA4xAABAGnq1QSm5ECggAAQG7gxLZgCjJJn\/YEFAQ\/\/9hlgAA"}
00587{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":767052,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpA41AABAGnitQSm5ECggAAQG7gxHyFlRaDemsf1AY\/\/9HpQAAFgMBAFECAABNAwFWGmZsTnqkZUSl5NRIyBNUjvkakGhXOc4JYCEZKcugqyBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgAEAAAF\/wEAAQAUAwEAAQEWAwEAINDUobyLhy7qsYKa7pQfKNg2A0RpIAZr2PLAT+0SGUWY"}
-00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00771{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1312,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1444570700561,"flow_last_seen":1444570700767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00590{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":767240,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpA45AABAGnipQSm5ECggAAQG7gxLZgCjJJn\/YEFAY\/\/\/8lwAAFgMBAFECAABNAwFWGmZsSZTLsQmRXOA9BIEe6tiHL133I9vGXpYkt5mn6yBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgAEAAAF\/wEAAQAUAwEAAQEWAwEAIMu5\/8GpZLkiWJOsiQMnmQk6hTa1OPQQyiJKhIZUJS16"}
-00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00771{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1313,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":6,"flow_first_seen":1444570700563,"flow_last_seen":1444570700767,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00409{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1314,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":767503,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAod7lAAEAG+n8KCAABUEpuRIMRAbsN6ax\/8hZU21AQPLgkXgAA"}
00408{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":767565,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoCyhAAEAGZxEKCAABUEpuRIMSAbsmf9gQ2YApSlAQPLgkXQAA"}
00471{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570700,"pkt_ts_usec":817960,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABTd7pAAEAG+lMKCAABUEpuRIMRAbsN6ax\/8hZU21AYPLhIQQAAFAMBAAEBFgMBACD134W\/9WTwbFl0+qIZUJuaE\/5h61bUXkkGmkRjO5HGhQ=="}
@@ -736,29 +736,29 @@
00409{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570709,"pkt_ts_usec":696086,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo02xAAEAGOU8KCAABPm3lnsp\/AbubwQuMZD71MFAROQh7vwAA"}
00410{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570709,"pkt_ts_usec":696919,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA7hAABAGOQQ+beWeCggAAQG7yn9kPvUwm8ELjVAQ\/\/+0xwAA"}
00410{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570709,"pkt_ts_usec":697460,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA7lAABAGOQM+beWeCggAAQG7yn9kPvUwm8ELjVAR\/\/+0xgAA"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1444570712008,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1444570712008,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570712,"pkt_ts_usec":8198,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8BPxAAEAGfVYKCAABrfMAbtmHAbtwYOR3AAAAAKACOQhFnAAAAgQFtAQCCAoATOCLAAAAAAEDAwY="}
00409{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570712,"pkt_ts_usec":12584,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA7pAABAGrqyt8wBuCggAAQG72YePnxuIcGDkeFAS\/\/8cJQAA"}
00407{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570712,"pkt_ts_usec":13209,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoBP1AAEAGfWkKCAABrfMAbtmHAbtwYOR4j58biVAQOQjjHQAA"}
00665{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570712,"pkt_ts_usec":16521,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjBP5AAEAGfK0KCAABrfMAbtmHAbtwYOR4j58biVAYOQiiYgAAFgMBALYBAACyAwGU3Odz\/vfsiokT464lK0c\/\/ta9zx7QCCoXHtBhwwrAhAAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00744{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1411,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_first_seen":1444570712008,"flow_last_seen":1444570712016,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00409{"flow_id":50,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570712,"pkt_ts_usec":16964,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA7tAABAGrqut8wBuCggAAQG72YePnxuJcGDlM1AQ\/\/8bawAA"}
00442{"flow_id":49,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":705974,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"ABoRAAACABoRAAABCABFAAA\/CyxAAEAGZvYKCAABUEpuRIMSAbsmf9p02YApSlAYPLgiMwAAFQMBABLzO3uKwLUa5N0D96wcS3I69kA="}
00412{"flow_id":49,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":706775,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA7xAABAGnn1QSm5ECggAAQG7gxLZgClKJn\/ai1AQ\/\/9emgAA"}
05679{"flow_id":50,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":707778,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rA71AABAGn2at8wBuCggAAQG72YePnxuJcGDlM1AY\/\/8jQQAAFgMBDz4CAAAtAwFWGmJDfb\/\/PzlIsaqgIFL8HT\/M2cJoPrWmeJ5ySmjuzwAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01112{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_tot_l4_data_len":4234,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":705,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1444570713719,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+01123{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1416,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":6,"flow_first_seen":1444570712008,"flow_last_seen":1444570713707,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1444570713719,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":719932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8m55AAEAG1oYKCAABUEpuRIMXAbuTJntGAAAAAKACOQjR\/QAAAgQFtAQCCAoATODYAAAAAAEDAwY="}
00410{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":727956,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8NAABAGnnZQSm5ECggAAQG7gxds2YS5kyZ7R1AS\/\/9iaAAA"}
00409{"flow_id":50,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":729259,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoBP9AAEAGfWcKCAABrfMAbtmHAbtwYOUzj58qzFAQTE+\/2AAA"}
00408{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":730352,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAom59AAEAG1pkKCAABUEpuRIMXAbuTJntHbNmEulAQOQgpYQAA"}
00702{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":734065,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"pkt":"ABoRAAACABoRAAABCABFAAEAm6BAAEAG1cAKCAABUEpuRIMXAbuTJntHbNmEulAYOQhTzAAAFgMBANMBAADPAwFWGmZZuBzwgmCJdcmTjbwZnC8oKUidI7QzbitGwcbpgSBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgBGAAQABQAvADXAAsAEwAXADMAOwA\/AB8AJwArAEcATwBQAMwA5ADIAOAAKwAPADcAIwBIAFgATAAkAFQASAAMACAAUABEA\/wEAAEAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAAR"}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_tot_l4_data_len":316,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1429,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_first_seen":1444570713719,"flow_last_seen":1444570713734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":51,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":734643,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8RAABAGnnVQSm5ECggAAQG7gxds2YS6kyZ8H1AQ\/\/9hkQAA"}
00850{"flow_id":50,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":820220,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuBQBAAEAGfCAKCAABrfMAbtmHAbtwYOUzj58qzFAYTE8rqgAAFgMBAQYQAAECAQCWmAWectP+J0A5Z2E+tnU97CXr2FOrN+LZS8Vb9mt4CS85xnRMgnqdJ6+5bSTKY5+sKvD0uOf1\/W+RCAJKPf9jm1ZTqZ2Gfv4lNIMODzPmzr684HM+3meSGcQ8DxxKLdTe20+g5alQAPFfi6wh4AaLxCFXTcKKjU5ppmYA3lLabZTHgExRfPxWxrCIGH9cHAZwlD62tlSeJJ6Bj5suxXonXbcjTyTgz+8mv2YaroIm3XFBu247nShRyixb0vMsQybAOZdQyfLJ65phnYoR3sg3UTZdBTdKtLs72nU1ZcxYMM\/SRxfYlGHyI81qJK3cDBVnA0qVgWMM2Nph8o4B07yMFAMBAAEBFgMBADAj5FDOpEuOjNf0skw9zVzK1F2d+LsHA3YiiFiktoj052qwNVAhJb7qOp5xJoHV4\/s="}
00410{"flow_id":50,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570713,"pkt_ts_usec":820671,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8VAABAGrqGt8wBuCggAAQG72YePnyrMcGDmeVAQ\/\/8K4gAA"}
00588{"flow_id":51,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":238965,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"pkt":"ABoRAAACABoRAAABCABFAACpA8ZAABAGnfJQSm5ECggAAQG7gxds2YS6kyZ8H1AY\/\/8Z7AAAFgMBAFECAABNAwFWGmZ7j4touJYuyExL4xTp2XN88sUNliawBCgTpqIwUCBKAAAAOC7EJ2lJH7mDuj6DaIBXRCqOxY\/AVNJYEqB0IgAEAAAF\/wEAAQAUAwEAAQEWAwEAIGHRs+Sg8bWNqolu8prJr20w\/iFuAjz6TMIW1wLUxZ5c"}
-00760{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_tot_l4_data_len":485,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00771{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1433,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":6,"flow_first_seen":1444570713719,"flow_last_seen":1444570715238,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"dff8a0aa1c904aaea76c5bf624e88333","ja3s":"6dfe5eb347aa509fc445e5628d467a2b","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00408{"flow_id":51,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":290000,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAom6FAAEAG1pcKCAABUEpuRIMXAbuTJnwfbNmFO1AQPLgkWAAA"}
00468{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":290624,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"ABoRAAACABoRAAABCABFAABTm6JAAEAG1msKCAABUEpuRIMXAbuTJnwfbNmFO1AYPLgnbAAAFAMBAAEBFgMBACAR8oB0o3Rds9SbYBXls93X3wUnTf47baRWW+9Ugy3q0g=="}
00410{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":291226,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8dAABAGnnJQSm5ECggAAQG7gxds2YU7kyZ8SlAQ\/\/9g5QAA"}
@@ -772,15 +772,15 @@
00411{"flow_id":50,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1444,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":661967,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8tAABAGrput8wBuCggAAQG72YePnysHcGDokVAQ\/\/8IjwAA"}
00544{"flow_id":50,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1445,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":662503,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"pkt":"ABoRAAACABoRAAABCABFAACKBQNAAEAGfQEKCAABrfMAbtmHAbtwYOiRj58rB1AYTE+XDgAA8n0K26HazNKgkc4Dl3hoP4WguocQuzfWhRw7Y9nJnNR7PrvGp96hPUjOpoXrA9sB65wlWNk5C82ZpqUzOqi4+lE7pRaZSuJvJaTS1h7ZZ7sXSutlTUhm3UIjLVg0bO258xM="}
00411{"flow_id":50,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1446,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570715,"pkt_ts_usec":663092,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA8xAABAGrpqt8wBuCggAAQG72YePnysHcGDo81AQ\/\/8ILQAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1444570716599,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1444570716599,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1454,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570716,"pkt_ts_usec":599098,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8ldZAAEAGdtEKCAABPm3lnsqRAbsgVHeCAAAAAKACOQiaIAAAAgQFtAQCCAoATOJUAAAAAAEDAwY="}
00410{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1455,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570716,"pkt_ts_usec":603330,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA9FAABAGOOs+beWeCggAAQG7ypHfq4h9IFR3g1AS\/\/+1cAAA"}
00408{"flow_id":52,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1456,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570716,"pkt_ts_usec":604060,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAolddAAEAGduQKCAABPm3lnsqRAbsgVHeD36uIflAQOQh8aQAA"}
00665{"flow_id":52,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570716,"pkt_ts_usec":610502,"pkt_caplen":241,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":241,"pkt_l4_len":207,"pkt":"ABoRAAACABoRAAABCABFAADjldhAAEAGdigKCAABPm3lnsqRAbsgVHeD36uIflAYOQieBgAAFgMBALYBAACyAwH2mTMdHJrmw7XGFaYthT2kGUSX+T\/uNQ3U\/xVLblVUyQAAWMAUwAoAOQA4ADcANsAPwAUANcATwAkAMwAyADEAMACaAJkAmACXwA7ABAAvAJbAEcAHwAzAAgAFAATAEsAIABYAEwAQAA3ADcADAAoAFQASAA8ADAAJAP8BAAAxAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADwABAQ=="}
-00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":71,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00745{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1457,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_first_seen":1444570716599,"flow_last_seen":1444570716610,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00410{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570716,"pkt_ts_usec":610944,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA9JAABAGOOo+beWeCggAAQG7ypHfq4h+IFR4PlAQ\/\/+0tgAA"}
05676{"flow_id":52,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570717,"pkt_ts_usec":923568,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rA9NAABAGKaY+beWeCggAAQG7ypHfq4h+IFR4PlAY\/\/9eFgAAFgMBDz4CAAAtAwFWGmZj69h90cfTm0P8hJdpnTrybQ92MkqiMy7IoJ+Y8wAALwAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01113{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_tot_l4_data_len":4234,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":705,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1460,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":6,"flow_first_seen":1444570716599,"flow_last_seen":1444570717923,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":4094,"flow_avg_l4_payload_len":682,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"64ea4359ad4b496db653a3f30f7073e6","ja3s":"4192c0a946c5bd9b544b4656d9f624a4","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00408{"flow_id":52,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570717,"pkt_ts_usec":977160,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoldlAAEAGduIKCAABPm3lnsqRAbsgVHg+36uXwVAQTE9ZJAAA"}
00855{"flow_id":52,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1462,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570717,"pkt_ts_usec":994686,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFuldpAAEAGdZsKCAABPm3lnsqRAbsgVHg+36uXwVAYTE92+gAAFgMBAQYQAAECAQALQTz6KcI35KZoeIMPbSyR9X\/eQZe0OFECu7tGpF4u8y0Tf27yrhCes\/lWu6UUOwvCZOrTt+l7NYdz+F5Kg4sFCzKSQSkF+Pz2ZNz1yaKwIgy7ofI09FWdJCMTe\/dWYf9mkbyadXXlp\/S1oVFZjZvt8ID0UvRqUuq3x+2ecyYuwXI8gCnO3oqtxZYcjA8A454LlBxbfcbrYjKWzLpcYGX0Kq8ET9iLhWyabhSdhxvrc+ZTb5CB2P+RSRNNnEfk2xolxyM9TiWdrb+LURVubG2zJzd37R7KSXD7vV9vIcqy2j\/c44eLXw84KKaeuE+avzkup6LZsPN\/2ltvD7\/B27soFAMBAAEBFgMBADCITsX0Z6PHJRemeFZdpRYu2msNx0v0szSQu5cLy\/Pv+yhBVyqJL4JaAbGREyH8Z9o="}
00410{"flow_id":52,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570717,"pkt_ts_usec":995012,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA9RAABAGOOg+beWeCggAAQG7ypHfq5fBIFR5hFAQ\/\/+kLQAA"}
@@ -790,12 +790,12 @@
00411{"flow_id":52,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":194410,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA9ZAABAGOOY+beWeCggAAQG7ypHfq5f8IFR5zlAQ\/\/+jqAAA"}
00464{"flow_id":52,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1469,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":323959,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"ABoRAAACABoRAAABCABFAABNA9dAABAGOMA+beWeCggAAQG7ypHfq5f8IFR5zlAY\/\/\/9uAAAFwMBACDYAlMgEXMNwMH0NIax0mFWDC9k9dpAvLzJWEoRTbcCMA=="}
00409{"flow_id":52,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1470,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":374937,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAold1AAEAGdt4KCAABPm3lnsqRAbsgVHnO36uYIVAQTE9XNAAA"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1444570718801,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1444570718801,"flow_last_seen":0,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00404{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":801686,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"pkt":"ABoRAAACABoRAAABCABFAAAk4zFAAEARKYMKCAABPm3lnso8IygAEONTAQAAAAAAAAE="}
00404{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":921691,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"pkt":"ABoRAAACABoRAAABCABFAAAkA95AABARONc+beWeCggAASMoyjwAEESbAgAAAAC4nQE="}
00404{"flow_id":53,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570718,"pkt_ts_usec":924198,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"pkt":"ABoRAAACABoRAAABCABFAAAk4zJAAEARKYIKCAABPm3lnso8IygAEONTAQAAAAAAAAE="}
00403{"flow_id":53,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570719,"pkt_ts_usec":39150,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"pkt":"ABoRAAACABoRAAABCABFAAAkA99AABARONY+beWeCggAASMoyjwAEEObAgAAAAC4ngE="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1444570719041,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1444570719041,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1491,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570719,"pkt_ts_usec":41198,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8mB5AAEAGdIkKCAABPm3lnsqTAbu3\/XtaAAAAAKACOQj9rAAAAgQFtAQCCAoATONEAAAAAAEDAwY="}
00410{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1492,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570719,"pkt_ts_usec":47347,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA+JAABAGONo+beWeCggAAQG7ypNIAoSlt\/17W1AS\/\/+1bgAA"}
00448{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570719,"pkt_ts_usec":47596,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG4zNAAEARKV8KCAABPm3lnso8IygAMvEjBgAAAAAAAAAh0jAhjOUQAAAB+4D\/bwAAAAQAGwMBAAAAAgAAAAAAAAAA"}
@@ -810,7 +810,7 @@
00449{"flow_id":53,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570727,"pkt_ts_usec":75663,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG4ztAAEARKVcKCAABPm3lnso8IygAMvEjBgAAAAAAAAAh0jAhjOUQAAAB+4D\/bwAAAAQAGwMBAAAAAgAAAAAAAAAA"}
00449{"flow_id":53,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570729,"pkt_ts_usec":75623,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG4zxAAEARKVYKCAABPm3lnso8IygAMvEjBgAAAAAAAAAh0jAhjOUQAAAB+4D\/bwAAAAQAGwMBAAAAAgAAAAAAAAAA"}
00449{"flow_id":53,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570730,"pkt_ts_usec":75669,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG4z1AAEARKVUKCAABPm3lnso8IygAMvEjBgAAAAAAAAAh0jAhjOUQAAAB+4D\/bwAAAAQAGwMBAAAAAgAAAAAAAAAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1444570732086,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1444570732086,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1527,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570732,"pkt_ts_usec":86555,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/tAAEAGidIKCAABPm3geMf2AbvHvWEvAAAAAKACOQgMSwAAAgQFtAQCCAoATObUAAAAAAEDAwY="}
00410{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1528,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570732,"pkt_ts_usec":90067,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA+tAABAGPfc+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"}
00436{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1531,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570733,"pkt_ts_usec":95720,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8h\/xAAEAGidEKCAABPm3geMf2AbvHvWEvAAAAAKACOQgL5wAAAgQFtAQCCAoATOc4AAAAAAEDAwY="}
@@ -819,23 +819,23 @@
00411{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570733,"pkt_ts_usec":111880,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA+1AABAGPfU+beB4CggAAQG7x\/Y4Qp7Qx71hMFAS\/\/+9MQAA"}
00409{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1535,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570733,"pkt_ts_usec":112182,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoh\/5AAEAGieMKCAABPm3geMf2AbvHvWEwOEKe0VAQOQiEKgAA"}
00495{"flow_id":55,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570733,"pkt_ts_usec":112697,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnh\/9AAEAGiaMKCAABPm3geMf2AbvHvWEwOEKe0VAYOQhGawAAFgMBADoBAAA2AwHVO4NHpduGJEZF49hflO7g+gMWTzynDfqMtHMiTtpV9QAABAA1AP8BAAAJACMAAAAPAAEB"}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_tot_l4_data_len":283,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00742{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1536,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":8,"flow_first_seen":1444570732086,"flow_last_seen":1444570733112,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00411{"flow_id":55,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570733,"pkt_ts_usec":113293,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA+5AABAGPfQ+beB4CggAAQG7x\/Y4Qp7Rx71hb1AQ\/\/+88wAA"}
00409{"flow_id":55,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570734,"pkt_ts_usec":115626,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoiABAAEAGieEKCAABPm3geMf2AbvHvWFvOEKe0VAQOQiD6wAA"}
00409{"flow_id":55,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570734,"pkt_ts_usec":115956,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoiAFAAEAGieAKCAABPm3geMf2AbvHvWFvOEKe0VAQOQiD6wAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1444570738415,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1444570738415,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1544,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":415965,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8pZ5AAEAGbC8KCAABPm3geMf6AbsEHk9CAAAAAKACOQjdywAAAgQFtAQCCAoATOrcAAAAAAEDAwY="}
00411{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1545,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":418908,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA+9AABAGPfM+beB4CggAAQG7x\/r74bC9BB5PQ1AS\/\/+9LQAA"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1444570738419,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1444570738419,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1546,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":419074,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8eOlAAEAGmOQKCAABPm3geMf7AbvAYZI1AAAAAKACOQjekwAAAgQFtAQCCAoATOrcAAAAAAEDAwY="}
00413{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":422538,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/BAABAGPfI+beB4CggAAQG7x\/s\/nm3KwGGSNlAS\/\/+9LAAA"}
00408{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":422731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAopZ9AAEAGbEIKCAABPm3geMf6AbsEHk9D++GwvlAQOQiEJgAA"}
00408{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":422892,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoeOpAAEAGmPcKCAABPm3geMf7AbvAYZI2P55ty1AQOQiEJQAA"}
00496{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":424345,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABnpaBAAEAGbAIKCAABPm3geMf6AbsEHk9D++GwvlAYOQh\/zQAAFgMBADoBAAA2AwHh7e2VL35m23t1WU\/32VTucYT8nOT5NyMFMmtQATYTFwAABAA1AP8BAAAJACMAAAAPAAEB"}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1550,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1444570738415,"flow_last_seen":1444570738424,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00412{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1551,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":424731,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/FAABAGPfE+beB4CggAAQG7x\/r74bC+BB5PglAQ\/\/+87wAA"}
00496{"flow_id":57,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":426143,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"ABoRAAACABoRAAABCABFAABneOtAAEAGmLcKCAABPm3geMf7AbvAYZI2P55ty1AYOQia+QAAFgMBADoBAAA2AwFlZ\/2gy5EJcUBexsWY6X0\/hsP+2A782vGEfEVj8EbqUwAABAA1AP8BAAAJACMAAAAPAAEB"}
-00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_tot_l4_data_len":163,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00743{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1552,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00413{"flow_id":57,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570738,"pkt_ts_usec":426631,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/JAABAGPfA+beB4CggAAQG7x\/s\/nm3LwGGSdVAQ\/\/+87gAA"}
00408{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":247906,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoZhBAAEAGjy0KCAABTi7tW+ltAFASyr7b7TVEZVARPLhAigAA"}
00411{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":248214,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/NAABAGIUtOLu1bCggAAQBQ6W3tNURlEsq+3FAQ\/\/99QgAA"}
@@ -844,7 +844,7 @@
00412{"flow_id":45,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":249618,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/VAABAGIUlOLu1bCggAAQBQ6WyUIsz0a903cVAQ\/\/98HwAA"}
00412{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":249861,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/ZAABAGIUhOLu1bCggAAQBQ6WyUIsz0a903cVAR\/\/98HgAA"}
05678{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":300724,"pkt_caplen":3961,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3961,"pkt_l4_len":3927,"pkt":"ABoRAAACABoRAAABCABFAA9rA\/dAABAGLqg+beB4CggAAQG7x\/r74bC+BB5PglAY\/\/87kQAAFgMBDz4CAAAtAwFWGmZ5tsqn+YAQZXvK+RxU4fExf6dY82QyqwsxQ76ZVQAANQAABf8BAAEACwAPBQAPAgAE6TCCBOUwggPNoAMCAQICECl0ianUHkm+YfeBaUbmIfMwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDAeFw0xNTA0MTAwMDAwMDBaFw0xODA0MTAyMzU5NTlaMHcxCzAJBgNVBAYTAnVzMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhTYW4gSm9zZTEcMBoGA1UECgwTQ2lzY28gU3lzdGVtcywgSW5jLjEMMAoGA1UECwwDQ1NHMRQwEgYDVQQDDAsqLndlYmV4LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ14yGFLwwhhZyxegl+wYbyZZp5q4NComRXAz+k8ibNrPp+x46qW\/Dt++MdupJ8y605K5KTQVb24unmPF+pZq1par5YBKMjJrJTW2aAI1MtQvRzSDCNhdWyxiP6SkVBm6ZOcLwL+kijn\/nCot5orO1NrHHFG\/HBcSk1aaetoitrjs5BWuMxdYuIZvzSoyViVbo\/w\/LUKXdD0rlOcFmOxtcf+VKb7w1eyku07Jp94m\/\/ILLQS\/jy7ymRyfGFnPLtNqBmUKFg+uAD7JcHZiy8g6quVEhEZdm3O+tUR2wYZ5in9yKcrxqoHwhW0O4X2\/rJ4mNDvikIgaWiSNW7eIoh0NWECAwEAAaOCAWQwggFgMBYGA1UdEQQPMA2CCyoud2ViZXguY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH\/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBlBgNVHSAEXjBcMFoGCmCGSAGG+EUBBzYwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAFNF1YB0fCkEyxRc1VQO7NUZao+PnZuavjgeTnyTKmHl\/4Zxh1Xg\/M\/f\/RHSrGrgUW2xaSZN\/Dwt2hqMtIi\/b\/AgOFeqNKmMxH3nWxf6f1Lr7QoTvApLQGqjeuIT3U6AiRMt4Ksgfx7+1Vbil1AaILo859VgXSMgVJTv4QpUpzg\/EKtUqPwMwq8PvwoTjlewyOt9YbCxNTO91JkKsYuwm7uUeU7Fx+r+rP+wgDwYVbbsUwQXAbj7QOj3dkPLzn+gcrhK1ZlgFf7Ti34xrqj7jNiaMc0dYh\/Ns3KCHMTs5rVCGLIk7lEgovwLDbJtuuQTlvaHoeZIGVPqROi5Bl\/WxAgAFPDCCBTgwggQgoAMCAQICEFE\/uXQ4cLc0QEGNMJMGmf8wDQYJKoZIhvcNAQELBQAwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDIwMDYgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc1MB4XDTEzMTAzMTAwMDAwMFoXDTIzMTAzMDIzNTk1OVowfjELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMS8wLQYDVQQDEyZTeW1hbnRlYyBDbGFzcyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLYBcocdC21F1Y5xUpSCZboS9gM8WifmkIoYsOlMFN+VRGCWwN6DS\/heQTJtJZ3GYEBlFn5vPd6mSeCLbeD3Vonf7IDepxTJelIH0ZPyJ0p+L55Vvb3\/dk6aNqLS4IzQRLDyDzM1pZ6hCEaIgQDJxeLHGhhkw8OUYAzHbS1zut+0GKs7rN7AXTvaTXrytU9qe6XmMqNqkQOJZlKFZakzm0CVB8qaibiBjpjSKy0TNF1k1D\/Ey\/W2uHGGPWfySVd8wA63iZNtCkJzQ89I28WSoEW+\/KDEMO41thVMj3xvQ+9jFKVShaXelIhY3UvFvnEZr71tQnY\/ycAzUR8b0s\/sPcCAwEAAaOCAWMwggFfMBIGA1UdEwEB\/wQIMAYBAf8CAQAwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vczIuc3ltY2IuY29tMGsGA1UdIARkMGIwYAYKYIZIAYb4RQEHNjBSMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LnN5bWF1dGguY29tL2NwczAoBggrBgEFBQcCAjAcGhpodHRwOi8vd3d3LnN5bWF1dGguY29tL3JwYTApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0ktMS01MzQwHQYDVR0OBBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMB8GA1UdIwQYMBaAFH\/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqGSIb3DQEBCwUAA4IBAQBelFZJ3Y4tZfXBNlG2A+PannMZ8h9Zq1h+bCYFLPqB11wjFyIsN5P3huyF5rCj\/R\/iMqhFb+HZ+7mv0nCgMkJlv4T+FiqPP8Wm1qOTfUPpdCGRNSj0Y+ku7ff1XH9LmrUg6Qq94EUQDBSUml2l40uR6CSbRkBl9CJyzZn4iBH183\/mM4LmqMV+\/tAI4iVYCHFo5s2i5hTeTlIkLf3leRNT514vLU0bbUAVUiv3h4l4EoFu2U2qLXjUwiw9CF+HkZ4fDrDeMFJkhomqnWacDnYMgPJ02Cr4uDrO19YPEb5rqxT1vUGgImOJ8boPbyljZi0\/rIxyxfvH5NQP8jtPjCnHAATUMIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4\/TANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ\/XxrcgxiV0i6CqqpkKzj\/i5Vbext0uz\/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6\/WhkcIzSdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn\/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4\/VBEnkjWNHiDxpg8v+R70rfk\/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10\/NIeWiu5T6CUVAgMBAAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH\/MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB\/wQEAwIBBjA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUAA4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5KlCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZtOxFNfeKW\/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3\/DgAAAA=="}
-01113{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_tot_l4_data_len":4110,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
+01124{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1444570738415,"flow_last_seen":1444570740300,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":661,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)","8":"Weak TLS cipher"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"},"tls": {"version":"TLSv1","client_requested_server_name":"","server_names":"*.webex.com","ja3":"7cb93b2404a98399e9f84c74fef1fb8f","ja3s":"91589ea825a2ee41810c85fab06d2ef6","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","issuerDN":"C=us, ST=California, L=San Jose, O=Cisco Systems, Inc., OU=CSG, CN=*.webex.com","fingerprint":"61:C9:DE:EE:FA:AE:DC:17:A0:36:B9:68:F9:17:F6:5A:90:7B:14:E1"}}
00408{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":301052,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAopaFAAEAGbEAKCAABPm3geMf6AbsEHk+C++HAAVAQTE9hXQAA"}
00851{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":351829,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":380,"pkt_l4_len":346,"pkt":"ABoRAAACABoRAAABCABFAAFupaJAAEAGavkKCAABPm3geMf6AbsEHk+C++HAAVAYTE+z5QAAFgMBAQYQAAECAQATAu9JlSz2mcBnZF6FyDc4l5o7MmSm75vaOWMxu6J\/xXqUWdERh1j55WiYOkmYsMbV6S1x837iYkFuSJxKmaHeWMvHGlorqANUqgqRUA\/8pvykXicX6ayIp5ANf7G+9nkXqwdwx4HAH\/BwLHizsvIhJlIXkd65DMZ5N1WqBy4JfSsGkYkC0XemW589pxubQbilumEFDfNkogY1lB8CMuQdf3LiCxZchU74i1w6NjXFhit6TTZBwpAcP8CuFNWLL2n9HT6bQf3JeQiGLpyTVG4iOmrsX6jRQKlqvvePpRZWJDUTOHuQaL+8SXK1QLrt\/BNu8p2lAKfXfRownjty9wuqFAMBAAEBFgMBADDuNh9IWMmDPtrCDmmT81sajsGqsm3XvIxN2aFX5es+KtJpI3hDQkVEiz1Kr06p49Q="}
00412{"flow_id":56,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":352317,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoA\/hAABAGPeo+beB4CggAAQG7x\/r74cABBB5QyFAQ\/\/+sZgAA"}
@@ -854,66 +854,66 @@
00637{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":706421,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"pkt":"ABoRAAACABoRAAABCABFAADNA\/tAABAGPUI+beB4CggAAQG7x\/r74cA8BB5SolAY\/\/+2rwAAFwMBAKD59UDZ7S7geJrVoYTOnjjAElM7mgEB5SfOzss2AtHnIjs7wJRjidoZeLKCsZK3Kzs5xW13JL+ljy2vDIr\/MQmdsFHjUqVYXgzVTVCkmtV8WnZlS3Vb17A2+NAprTG7USXVPvkyuUIRRNg3TVuSGRd3HbKWs4zo22fg7N+B9r+UJZyyPOKqBA1GZbAHLaPDnooAlMupSDk92KNoV3z+SqJ4"}
00409{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570740,"pkt_ts_usec":757122,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAopaRAAEAGbD0KCAABPm3geMf6AbsEHlKi++HA4VAQatU+1wAA"}
12191{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"webex.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1444570741,"pkt_ts_usec":261271,"pkt_caplen":8739,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":8739,"pkt_l4_len":8705,"pkt":"ABoRAAACABoRAAABCABFACIVA\/xAABAGG\/k+beB4CggAAQG7x\/r74cDhBB5SolAY\/\/82VAAAFwMBA8DFCTPOqzHwefYO9IhXr6OycdJGxl9DrzQx7TPYR+5D0QIOdbKIQnT70cPdijZrY60a86ffRhoATUhUhmwVqJbbVptIwtp4kvlQc6BxvAR3T6EO7nu1H+Cnlfy\/aSn0jlc5gDRFdzjDVuqJ5QZYNQpcf7Op5wDmxG\/cGTQ+KdLz8uFCL1MAmL7GrXw6soCUITfjQRwx4qSXRD7\/AyAIjhrwPKX9BtFOJVIhWMWLXtGo+bqwBKhVidPVQiwqFmrlyKAu9Sh2BW9N71u284Y8PJSYOxpcHUyHqCdGUDzViDtJVmahEy7qiSCSMtgmuRbkxYkwBS930S1Q074Bpkev1um645QUG02+88BRWeVZf+XphGor+qT54lnjHHPN\/FA3s6GMy2X1YRbCehewPowO8B6mC0mqmqEPG5ePujfTSNt7mbyBR8haGUDyp9VXTvZTd9aLAgwqLgVSgGZkizR+XFrKBKBO1TANRAh6\/sxU5hoo8x3FpueO42Jkg9bn3srQhK14KuTCvXjnOqYFoUKchLTKCBRdnwFYIId7OIEYpV57dk9ujYQGopw1y6SlI\/lKmLbVypKTByPUk2vIBesX4hlFB+fuvd9IXmk71D4vhG3sOvI3LV0vwz8yxir2VzBVbMq7x2osfpDTQei1T7Kh+SvQuKWsD7VLgADhbnVXtdJar3hT23RCnKpB8b0BhtZLPpKAZVgDJkPeK\/bMzbDFpW2cDtjPLqqrFOu1YtlU709XWlxxwW6S\/oXWOaRHO1XT0aRo8LKbtzMAvGbldj2rwUcnpOuAKPmESQ7fd0slunZXgyar0jdF4YT8Tiip+f\/efvpv+y73zK3eJ+RP\/xiAedxSVwmXW9e74jhjYhm+0P7otEZ6fWopLe0cEj+rW4xO0A6zmTLx+Y2M9ohomP+X\/ezgpDzB8I7Zap7FrxsGlSLAvwNHtX4WYu0sAeNfBOQP\/Xbl4H08DP1lGA7coPwae8RL0BtckiIcgP1eXF2dRzJETME07tPHp+tcpR0Ge3VaEFH1Qh7juQLkSVuTsXHYVQIk2ARHEquyvtHMpF+k2GZJDbuEwwvDXvUt0kx7WusonzvQR3ilNakYRrUmP4m\/y3inqVuBXiXPojpihmbrRYvDTxp8aFnCyLBD+4UudbNOTqA21FGiferbFljS4nJOyZ+\/L8tMJAdLDjbsojYZbqbFcXRas3rDliHRvuklu+zvjcUpimDzI1xEQNTSlyH7\/vZZj\/onFT1qPlAwhdK1abHRZTkUvSdYZK0VWve9J1pr\/W8XAwEAkNi411iQFkFYC1KpEPslN0Rq3AZTauftU0I2nfn3JJzv1tjP+UMG5O4ZQEJikGPqavG\/Cjl9XQJi7R4KHJNlc89Ehhuin1YLVtmaqBPDBwCeib6B\/Js4yaNtGBIIfA2BEqTn+zDkU2usRQMZNV5ZUoM2DKUuB1LwjyQ1pfy4w3u\/+H6pB+\/5oY85lj42IFrX6hcDAQBwA6+ZllICNLIYqudd6LnzQzO5vZMvavoO8gNeyfTP+O2TNyPOuHuf9ojNmlZq8+IQ+TGZ0fN8ndel7SA9gUuvvHui3AObULuaFAc8Jf0hVWll++5Dd3VH6rqn6Aezt7kgWAQbbBnNgnWa3OdoSWW1BBcDAQVg7Lb1JcqrwNT6xvkeBAHh\/hN7djvs4KyVjydiL1Wu\/pFKydj\/pydJkY6YcrhaCq0+uP5DSyCKGMjvOJM\/B05PMa\/d6ug9QynNE9IIk6ABU2coZim4xt7TU\/7mSHuQmSYFaHxyKp1zFYgTqQN2amxZmir5vm0M4t3V8TlzNXMhI3yExAj4UW2qlseL24V9ZFbb5cNZCT7BwSp3LwFLnvPn9IUvcnfgHi4G3ZgP1AIFUj4EvzJltMjbp5k6DQ3lBs65TEcTavZIrYa7mkFXf1Fml4qzZFGl9iWoSGOIRh4XHRV6onhR20SD8yGwythnz9fiiafXn1aF2soWuGwmReSWWLMp9C7C55sBXOrVMsMFQofRH54pvfHP4cUksbMJYLEefHowVK0UWQEHsgJYZi\/7QuQBPNGjRTaYNM2ac5Si\/r+yeHXuh57iACOZ69SiMcOCVnhofkBWzx5oq5G+uJ47crOUddlLPHnP1DTIhQx+2o62cZgWNhPLWqYSsmjXntCVAKTqyEwqgenOy\/x+OrFV7wLOsGcSbrXD3n8FTZYNY7nK5gBmMXiN0KCSgmeqQRL9uKdt0PWc4Gpad3Kwon\/A66BxDFU7qHU4+5H0O9nogl2GQeeRL9wC4vHLUgQMWIqxBSj7joNbsiCEAdFlorBI5JoGS0yFbARFc+bT+Egl3Kwm62m2HWrM8YW1EsaV9BSCDTscqD8\/iWhH\/6LLLgtij\/NUDZQaeyF5\/mofnuayDAsqRaUzuWTbKoC7dqEFjw8EHFUjwldO6aN54JN7vGdmLVCNXIBCva\/FdA+FRBUlttuYvsbqg0xbu3c0N90\/7\/7xCL8yn5+Nfb77o\/LOt4ryiv4eGp2S9OQlPpMftEb8lMdu3Cprlx8YWXTsmWlSXX\/RB+cFUP\/o\/IyuEEhOIpdFGhlfvG6ZqCcqVrrh1IQXSaUN9iRc3R6L81nLxFHs6\/sjMUv8+euHyocu9Lvu8\/1naIk6oAdk+MQsvJhLZyzk5YnUHizhYyyh5Nkj2+1Rr1N13uphu9K5jFMAs3c9hKactfTQ1nwsdGlhPirovhC\/GQPu6WuhcZr71nynvcJG3xcqiPYmUUa7h5ZdF2+z7vsI9Z8\/NYNKQrjnj9KX0CU9RWY+n7u\/+90NA\/II2YdUcve2LgAyfdF4JBD8\/DXsiCOcR5lyY5ts6ZFQdFP2slvwDrWaKEaeWbJsK\/fDvKaqnMrkXqi10m7lt6Ziarw6rVyBFmkYy6qzuwR3v5bulTeEXcl3jcmwlmTJzfvIrdiwDn9Uz9091sz24BLoX7CUh76QnMpMn\/z23d5PwsLHoG9\/cINkcD7+ZVBjuFvgrhuowWg4fSdgx9m2Ow\/9UEwODiOs7SSTSMcCCZ+ez3IanpDDx7W98OLFKHgAmcqavSmyJXdP6mvUgxF114\/jIi8qjdwBT8Oer50BfzfPMyEFnmqEGpNbUDwf0qS\/qzMoJxM2vt411Z3EqWJSc4jjEry846kiFJPkgztpVak1GXaNDWXutXky+gG\/PW\/xmGExsvHMwxanpv2dTw79q1DecdGLdbvxUWge686Yv2\/mwyUgagHAZ6srcmr+Z7Vx0DM1F8MVBdsGhq2w5SQeHiUnTg\/K3Og2uSjGrwu4k4Eep1CfYTcQXx6Mm4u01mB\/SOEa4iEKKuHDD+ENPUZeltQcLPp8Myq+jq39k60D95NYdiKV6MFw+Qf7P+aDiHf9vHHYHfGkVM8MWZTWZcsanzsgAd9Y5Es7XQyzNNOIXk+a5xJs1VRHlVgeSS7n4+bdTHhueX34ZQfEAVlcEkgw4ghOazh2s\/GBExA0KFXUYDmb1temqca4BSYXAwEFYNeQA1Amz7L1rzXo3zwpLwXGFCMYG38r+wWI1Pw1FIW\/tuFms\/l4VDIzJ4hUEVkmJHn\/maLf4OfIEbXAP3Yj3VyQn0gifCDr6yrUlzTImU\/n9LgwUo3BI91s8laFzAh9QndCoH13rjABj0S7SsFVmLYo7BkPeASkDGOZwZeVCvsTCoJ0537I8dBUFz0q348Skw0bvOiDHnaJuIPpPh7KV8kHHsgWxuZTEvkf4YZOhodQOJOTfsDiZTf1TiPtlRJOAVTXJz6XMPc98AEOllLji9euCAtO5Gz+0S9kSsCS\/XqcYeB1j0auHx\/b6YgQ6HkHbHK8hRWbiTSTroR7rTwHVZJG8jWEfhMHjbgrBcd231La6ireUD1FCfYfXLAqgmLeP1RbgmijDCFvgRWd5oJCdFomJ57\/VZsQNTtRka0cpiic4FqJRYCm4v1z9E\/g8+DeWm\/vGBHrZEDMKR4Gslauug\/TXTaK9bTax3JvcqF1kKGwGjnrvnBNK2uVCe5Sc3xE+fMcoQCAG9M6m96e4yV4VzQ1Oi8r0UxjYqzM\/Zpf+KN+QxrTJ0Fu55gkpjzQd0ikM1RDfB\/nK7hQ0KvrjTP4i5euhF6PN\/xKqJkbiLRMTuzkY1tiZSyKuaLY5wubOh5u1kfdClpTFlbO2UHhZ+FOxS5w27UQ6RJrYYRlgn27IS5KxlydzYobRXoUF0bgCAg5Eg7zH8vPREHuJvx\/oolzM8C6bH1VIpT5v+vrxLnrb8E2W4miZuZaeq5RrzVE6HRJyV7y1yoNDkeHY6JVltLiRtVB5cTzuNUz3QUHLUZkG3Ic2okiUVSsAkwUmOCzEuB2fZp4q51Oq407YXlwgEYWqyQhsc3pgj2vtCAh6QVXHZXBITzz01RjeHwzJfUgNP4xQ+WZp6XeYYSszB+2F7JqAgJs2TGIC5T3QQdD1Jm1mW68nEcMDg6q7tY2eaqp3LtoLUII7kI++P471z9aV1YKecsZZjAYjDZX+7pbqC+IR0WltOVRFtA3H5KQ\/KoRxgr3TD5fkcFdGA0RWrGttrCvIZ5i2YXWLODtTPITrOR\/yYfsFYJdJBhay\/y7ZDB2mj8Y34T0Ik0vUs8PUwW54Q4hBlBq6KekUmgwL3tiP9KxRt4XNk9iMaWcsS0pYENanKfYoa7JCrRXxmt+jFE\/6woYQxe3qG5O\/0U0R\/ZVEENVZyvfaxh5gaAzzOb0JHt91IVjprRvfpCvxukai3VHsDSZRcn69qeRhKU0N6++kqOIe3rwVRNKB9YZBkEjecbUc7Eh0Mj1TsJe2D9N+9Gv1ExxueKlesmPPZBCmNZSMo0AE1DSXXbKGSHWbyJbTEru3zvJipiIuUlskEJFvBEtuH+yFTjLksyh28CYZlnAboOVCf7BRl8ZF2WA1zw5bd5nZUoe1oMZMQhKckEFFrGIsZz+T5pJdyBTVCaC84bgn3eoRB++Lv\/4e6M9PyvGFoYYg6CyykA4ryrhKsTdd0fkALMM32msGKLqQ0PV4o8NqoWeraJCfLNojnG48scWkah9a\/G1n\/5XT9tnWe6UKSpqWSivu0aE+BOvyHQisWcBCwWBCRemUhE6OGFygMDtjl5\/84EFaK44VMf8TookbNeN\/drvO\/XqtePlhACLd8RmE7vz2fVj\/UIm1BykuYuXhy5NW2nndr89\/H+R8JOrOuuOFxTXynBwXqbnmDa2\/ayvJLprBMvjSjIOK41fhicG8GXZBAN55ZwcgdU1SqFf12NK6VwLJQC\/63WB0Mmhl6oemEBnvAOfWCSRvxIqEI11RS1V0tJTDaQMOH4l9g0rzpb7p3R01pvQr8LaF8ygfM8TOdAQ7iv2FwMBBWAhy0xDKsHFlIlnzuoyK5SargP7jlOmU\/bwO0pca8kuNygxpWiVvmfv3sRMIIGiWyg\/\/NLfsnKPzTpHjtWjF78L+o1F01lM7dApDUjR1AFGSuX3obSNZgvPQP0rAd1z60nd739vtftgYqf95LLPO8R8uM7fQ\/vV3yXCAayTRefOF\/By315dYNgFkFvNkV9\/9da2jUHDAxnyqI64At1ebYtagwS6jgMXmasEIRT9vjbHtwWsXzLgDypDWwT0V\/rpnKMmOs524Ur2Gi78lnuZi6xxS+fZeFS27ie7ajM4er2waCw69YK1hxR9CeO+9qF40ioRuYFTqxn2xFNR6O3N5m82+dA4uXugmx0KHHyC1XZR7VXAHwTOsQ0i+CWVyo68sWlJc\/HOYVLI4tBZrauBFmBEBJi8l7cZddoqYddBXsiSF4W3DIUVYK4OEVeUcb3KStn8akIeaqWucRxrZ9j7grx66s9WbO2n\/90aoYvi+2CSbh7kZWhbQIz7lnJVhLT28Yswx8MbwDLNuNVIAnoYDVoxmvai65z1FddzT17SUSob\/c+PVOcruNKBwhLr4AWnlh8iNRqYu9faqrMzBPqr1ySaBHnJFbcaXCwkNiuxixF4zNnalDZ4J+c9O\/5a5onbZmaWDxbH\/xWupeNBtt4dtwywZ+SH++az1dIpmYOjhMHe57dPNtsnJOfP6Fa93Nw+6ZnDb3mTlWTmrzGanHZmEVu6uhYgzM3Vi0RSYxqsMZcd7Jii8tjicvvedKUoTX5Yq1Z6GtE1+BvDXNG\/otFyQ+yawhu5a\/ghw56tdP7uJdK5YXIVLq7vfibMedfjqZQtTcBp6Y2yq1mzUYUHOp4+2sI28OGLJFBPhQblGEofGFxds3g0iAz0DuVYRQ8+RXQpdiMLlmeLDTi+2pMcwm8eLV2eXksj4G+NpQ0kLcL24ZXc\/gkEGgGuN3rI2ff6m2+FDbwe7+Dsz5smvShZxdw84dpBtfRSC5\/7VVaIGDDWVyIU37OUZ8Wmh2my1KPG5p3Qt5RswlEj868bmDr0yL0xcWFdG1GaktWDOBzf\/qFD2oUW7QZ\/mC5RD10Ph4MnjlFq8Y7d7+btrC3SplH+ZWjn7CsOnfTFOlmjG3OnhLkLMn5HJIK\/XAMgz+SljnIIGmnZQpHnlckscShqABNpH02G5sfTymrDYrAmKSwb5j8s3bpLYFjHX3OtY1Pxg7BO5McFq6yfkW\/vw6uF4oC+nLIwjia3odaYXXV5Tqhwx9xaMJCPWfeduOTWnu1T1z1rNl\/VNpFKyXk\/YsbYmSPEoNhqm2VCWaCbsswHZo78\/+OvSad8tm91u00BmjSNKCpCs6LrjNdhek6RT4HVRKJ8uXqK9jN1M4uZyBql+dPr7XVu4nI9fUxa2tl4llG64Qr1HqedRFLQreHPMvzM3QyOMxhnWj7eS7t8BIGhiurOf8Mc9NlYgSV4KuftVt+kHBgeNPw+CSLWDqaWLBFcQxdcymvf890lBvTTWsivZAio+J9FGqt4DLOy3seM16lMDHWlw+g5b69sAreSQU7jxqwLsEvxo7uSDYItdUjERPrnTmYHquTXeZ4sJeK+o0ryd1nGqhIMmMInZsZSvod9lzOJV\/RRRur\/42Dj8rpJ7rJwCBAF3LbQFDg\/WGjdRpXqHDNIv0mftuotwrnUjFLwWMM\/XYa4jVaz58KEIQQCY+lq6SGehaT1MckNzem1Ljms3384mzm4TuHzHbb+Hxuf9NrSf8GZPkMDUDaxOCbFfdBxrine+0rM4bedtXKgvGJw62rRLXuKIhvVc7kR7wV891X2WounnBJISxBgBARbdP8wM53Hx2PVlBcDAQVgVQ8wbgcYEb1o5lZDD08EkRS+7JcR\/qUEd+T\/AYBnG2A3M4eoBRAeGICxLex\/PUQfr+FCmQzvdwERaroBnzC03J7d629z6gyTa4CcDvMUDdzKd9F7SGJzyAI8ZwBXJBBIiOQJhFIUuXsHaU5jfdMT017bTrRwNzmKlvC\/mqSjOz6tZPPRHeNcoX10Y4LAFDLKinF4FXWZH0GwcSbV8UPdW+9t1mZ7JKQCNTSyM76CmNxGORxa\/NF90sL+5QXrVrX6BkP4SRc8MhNBpO5dcRUEj4xAWjNbFAk38vVnItPw6AVMXK1WnaqzTMfRzDZSmzxv0JxdIt32zW1o7xZLHjxLiszCKV41yUYJ88X1+6i7mFpA0iQKNFuBpeI9bIB5Ch7rykSP1zPljsNRu\/7CfPAxdUbdYgsqo1AN+7mTUms1xmo8aMKLniqN1tLugH63OF\/OTHM9Hch7b7MBINBP57MLDVuVAdOerMl1NhMsMq5B4PzzXWGAwoRblzlWjdGWaEJQAwiXvay0g\/VBdTAUhF5YzbhhRGUAygNeKPqX+Z3BjGbuEVxfOuxyhB3SjsUH72aE2w7uC5bHcPDFGaLHZ6xKVBeIe391engCad8zqo5SKJuopRyg5grgUHr1o2KaIhArDwBNyYsIE7lWK7eWVy921xbIjZ5KhlDwJwQwwxkw\/EKmJ3S3ofgT5LNLKoJ+CB7rUT5EQ6lhvLJjouxdeiomKcRMKhZL3W42ltK4gRFDiNRmaE\/28fsw7tjDP\/Ky1leYZ6tgoTJYRnL7o4H7xqQczQcy+rK4b2G9i511UDp\/UXwIUeBBX6ZJMVKRV+nESRD\/uj\/lEnJCjri84eVbpQNHNIQhyWG2kKHokRsOFgLkhgPrAzrS\/ZBtLeq0MIsD1i576x2CXVCwB3y\/Z09uVygY1PIog13y+P\/dRMX\/FIz+lIjb6gqnN5SJAT4+apbOPty4bbJ2k7EX4Izov1NuHz49a6aybV5+Zi4hPUEHIOtDOng24pmURtEb8QslPUevMPCnRQN9npcPf9r3i5imItyaa18QouJHhH8VU68Z7Ba5cLj3ihPQzBUh7YpvhuLQY4Mr\/1WpSRrwKG5YyAQPEUJ\/a+CGraThOSAPr9DvJa\/cs+Gp8qYFixe+UvMBuC7u6OgfUvlDzxaeiER\/mtBXTxlo4PpwKK4jWDYiZxPmVq7pmfGUToPvQ+GttK+ZN\/SNvKOsmLdloN6mjepuFDNKNLE5iUc1QWcWxXp9DS1DDGj83M3n1r+GiWbkbEnoo5dnbiJWRqsBn+Dd25LYBa+t1zjR5q6iY\/fN6\/On+h7jJfmi65LCNyMrn6OTwrUV4okhFcmlo0usnJ0XuQFW85znaiaJk7hcq3RbaYSeNVx24JSNHXu8CoZHRXov5eFa55n5zCOP+JQCgyDkHrilQAxGdTaA8LsisYCWwdzrrn4Crf0GGWS2LAFtEF6EorU\/Ven2u2Dpb+wzNW9tXYXaxMWH34ZK1YuzR4aZFKs2FWFw+yVvId\/AZKTtp3UUpImKNQwa27CzyQKR3XzSE3uj2WX3FqGjgLr2pcbwvPzqw1VfZveicv9tMSgeDIDpk1crGaYay17YEbM0U0DEN4QWq2M7pvt\/lU2BSvWEKT6enLdz8AI1Sqg4pxSx8Q+ZTMYTqzs6Dr9K5hShgZJO4V6sJ6U3bgyJGq+DSRog9\/37Pg0lD4KtOUQgmQLwLvjVtLxQBkr1DSuOELSZPX+SKNghCreMZf62oInc8sDtoUzX1w519L6GH9225kk7ERGFQBlg6jhV6eYwtDiQy7GLogpRaRCFYmqYRKccgA12DIgWjLYHay2znREXAwEFYHD\/3FlE6PNaQkI9jkDDEvLXLqt3yuM\/DbjpOd\/rivjc4m5QwP9yh\/qNnBixgwGJjZ33cwl5\/H1skfiS07TQlMftVlirB6g4ic1YzHNJAKiYhqNqMVLrXoIwvhAJ4AajUxNN3\/13K7SZfPLTcD+oGZ7N9J96cisFRjDeLxXBMgqOyqWwFeRoWmBTT\/Kr2DRQPaWcomO3Lcbo\/Jed3BMsxWYC0iY2VRuZsmxbqCyqBRncRQv4\/7AEq5tShfZvASQgciFkGowyd+wRqWwxj\/h\/q9PZcNaioWUTfA3S71OxuScsIcEnw0sARxyMXTpIF5dyHA6lC7YiAfmZ3KJVKh8IrS1dNm+WhkAAzAFMHX3kZIOG6rIqT869XsbhjVmftjO2ois9R7AtITzqVns2hjq0bC52m4fmlKb3zdUiWkHqImzs3bzbuNFEEHZiwe8CrOW1dVcbYOIDiho4bo585XIyRrWsDPkGdwiQlc3ambCtvPTa+yj54rfet97m0ryB8qZT3jbHNf7M6\/Kqc+cdZMuUfOmycpV0\/R39H6DTe\/NkdXMRBO8yNb9iTNzcuqpEJPIuXcELVWg7JUOMm87XFdhpiRLUJLb\/sUOIusvW+BKjXeDnqRiHLbm79ZK0dq3CGRkLJdyfhwKcUw3aHpmrklnBU4X\/HvNmCzWI0QZyCL6Z2uLsw2Guaiyq\/V0CpwtAHsaxgb54kEs4qDx229b6m70NGQfkXqY1RKtfGZSRbL+oZgZ+Uag69IefeZWoBSyPzRjgG1M2tMtviVxsTiKzMApy1E6FUmzePD2XKFPiAHrBB5y2dE0xnphCGtkwZeMFjw\/gKdK3ECxyVG2rGUJi9\/CPMj4mZz+uLk3jmBO9u3SOX4zopLWT0IgNPpRAFEtRutSSLjXiPZ+0U32AHj6RPMmZu5\/8B4+oWCqqyQO6AUWhC636zyhK0LD3GzB8ivAW7zyjb4R9gtrMNIsksLEVp6fa5NHU8q9M5FJF\/h1T3jvlOXbXEnvOKFNDqHgBBBDdvWZlnDzpdXCFV2xLToJ4CxM0yf3UCxSJXvpscawrSyZ3QUjX8YmGmhGW9rfxp9AfPy2QDKGGsprT7PQCxFwSugPyDhgG\/LH2jK3sbB6zGZeZ9FMVw5ZaEsB3JXVanm4e7XXRPAHj3YKBzGG9Tw5HL2\/K0+CUpul23ZbjIRQM8\/tSnGY1ywFpNkX7Y1W2IfpOBI7KFzX9TF9VEE7PiDZcqvaTGOA4\/eAqtZT\/mGDprJvxjtckxk0JG8v8QRDJy8KNfPTjc4QpDfs6Oz\/MwuNBAiX7sjydWiv1kh4EtmXd3F+GDn1LUiNUVH\/yyzN+QQ96afTLdR5WGWtc\/WSyk4vVlWB9c7pLCJnW\/fny7WR52RR2v9lJCX68IUfz9ErFMTMNCrkoPripWrysQ6Bz\/OttAUCFDIQ3fQoiYRGj\/o+W\/Q0r7B+CMBFZ7CPUGQ6JglNQspEF\/YLez96AJ6\/nntxg7Ju7n1hVFYLfu8vZbxi932IxeY2qfSOY38UdnSr4Fv2m25lrAx\/h6D9O7RzacHd9kgbadWYZjzM3RSo1dZWHycOVLtzAe7vN9GA2wkokhf19rIIzNnCKbb7Ostce+7Ig1jGmUwLMPHeqgUj8qXHy28dFIiBlzuxGJMG5IZfZqsFdlQVNfPGYBCxvf7lNtn8m43kEj6JM+gqJTxBTuW7RWVebiykN4P14YQmOzKROtWy0TaivfUujEmxzwopbWj+FFA4dXElDjq+c+NCv6WwTqq2KnLkFRFiARsdydwSEGV9y3eEwMldP1z1MxliNuwp6DmHENall7EIFfhZ+z4YTES\/JnHEnFwMBAiBBF1uurGrByHr+4t1R1epIcy52Sce2ujuiKlqZvktniP+SSVsTbZRDkgTt9DtdSBdB8lCxsJQSk8qREy0Icl0tKFuBqJWB5KbqbAkIhRoCjCOZrDu8O974BQDSrAex3T0Xlz2QFMk+5rcWAwMpfy7bSk2mI33hjWvxh6Tl3YXYjgJPKtttznSUbUUDVmk+8uMamP3d4XddjMSmHicrjVVWHaikYUC4Cd9OFoiw8yyNTJwDOywE9D9M606m6jnht3dfx08Xu73+7eSpMeU+a0tdeU72VVHgpvrzR3RLW5QFqA7xs+BlqVm6x0N3G0zBh51CXes6jDIrSZB6oi9fs5DGqxL9FN7g2BCwKDtn5C8qwSaH\/GB5CRIEOI\/eqfmXXanpQUJCZuH\/5JKpVOhos9OVPHLiFvCRZ9l+vvkL0zUxS\/Pi02ztJ27gUXRUCpnldKr0Gf3uTV+YigWxsPihOmMCrIaMVWHMyGXFUXtlqChxrwXlAFaCyqQGRzXy40DsDIWvyb\/I6LDg9EcyMXNbilu6yjukH9p4A13\/6PvZgTxX8QJRsS7TQAOhuTCtLX2tbD67bo+P1d8WPWTKqG51Uw3LrBhwofzD4sUgwmhbnftTdCfMd4n8vAfsVHzQm1uCfTyYir8wxb78lR\/gPHuXOouI7xOffJZNd85yU3DlsLHF6yN1QmXFlEk2q6fW2JtMrsgWoL5xNmj741B0E1bu6APf"}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_tot_l4_data_len":1383,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_tot_l4_data_len":1051,"flow_min_l4_data_len":20,"flow_max_l4_data_len":517,"flow_avg_l4_data_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_tot_l4_data_len":14608,"flow_min_l4_data_len":664,"flow_max_l4_data_len":664,"flow_avg_l4_data_len":664,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_tot_l4_data_len":4707,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_tot_l4_data_len":4715,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_tot_l4_data_len":7320,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_tot_l4_data_len":367,"flow_min_l4_data_len":20,"flow_max_l4_data_len":207,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_tot_l4_data_len":8660,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":173,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_tot_l4_data_len":7424,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":464,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_tot_l4_data_len":4707,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":313,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_tot_l4_data_len":4210,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":382,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_tot_l4_data_len":243,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_tot_l4_data_len":627,"flow_min_l4_data_len":13,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"proto":"Webex","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_tot_l4_data_len":627,"flow_min_l4_data_len":13,"flow_max_l4_data_len":50,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_tot_l4_data_len":7412,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2940,"flow_avg_l4_data_len":436,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":29,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":20,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":29,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_tot_l4_data_len":7391,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":434,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":20,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":24,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_tot_l4_data_len":4726,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2923,"flow_avg_l4_data_len":337,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_tot_l4_data_len":5797,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3717,"flow_avg_l4_data_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_tot_l4_data_len":6555,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2599,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_tot_l4_data_len":15716,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_tot_l4_data_len":326644,"flow_min_l4_data_len":20,"flow_max_l4_data_len":29662,"flow_avg_l4_data_len":636,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_tot_l4_data_len":5807,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_tot_l4_data_len":5859,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2547,"flow_avg_l4_data_len":254,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_tot_l4_data_len":5807,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_tot_l4_data_len":5807,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_tot_l4_data_len":396,"flow_min_l4_data_len":20,"flow_max_l4_data_len":236,"flow_avg_l4_data_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_tot_l4_data_len":35072,"flow_min_l4_data_len":20,"flow_max_l4_data_len":14339,"flow_avg_l4_data_len":1461,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_tot_l4_data_len":1360,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_tot_l4_data_len":183,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_tot_l4_data_len":6595,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":366,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_tot_l4_data_len":1816,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_tot_l4_data_len":1795,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_tot_l4_data_len":1360,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_tot_l4_data_len":1291,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_tot_l4_data_len":7320,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3927,"flow_avg_l4_data_len":522,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_tot_l4_data_len":4250,"flow_min_l4_data_len":20,"flow_max_l4_data_len":2862,"flow_avg_l4_data_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_tot_l4_data_len":8548,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":284,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_tot_l4_data_len":89006,"flow_min_l4_data_len":20,"flow_max_l4_data_len":17700,"flow_avg_l4_data_len":936,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_tot_l4_data_len":107792,"flow_min_l4_data_len":20,"flow_max_l4_data_len":17986,"flow_avg_l4_data_len":1924,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_tot_l4_data_len":639,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_tot_l4_data_len":599,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":66,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_tot_l4_data_len":25500,"flow_min_l4_data_len":20,"flow_max_l4_data_len":8414,"flow_avg_l4_data_len":980,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_tot_l4_data_len":41190,"flow_min_l4_data_len":20,"flow_max_l4_data_len":8867,"flow_avg_l4_data_len":1083,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_tot_l4_data_len":7823,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":460,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_tot_l4_data_len":323,"flow_min_l4_data_len":20,"flow_max_l4_data_len":83,"flow_avg_l4_data_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_tot_l4_data_len":7763,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3959,"flow_avg_l4_data_len":554,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":12,"flow_first_seen":1444570699096,"flow_last_seen":1444570740249,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1123,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59756,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":10,"flow_first_seen":1444570699101,"flow_last_seen":1444570740248,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":497,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"78.46.237.91","src_port":59757,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":22,"flow_first_seen":1444570637191,"flow_last_seen":1444570733113,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":14432,"flow_avg_l4_payload_len":656,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"172.16.1.75","src_port":64538,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":15,"flow_first_seen":1444570636264,"flow_last_seen":1444570640345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.99","src_port":55969,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":17,"flow_first_seen":1444570636155,"flow_last_seen":1444570639261,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":4355,"flow_avg_l4_payload_len":256,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":11,"flow_first_seen":1444570640298,"flow_last_seen":1444570645704,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.204.49","src_port":51676,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":14,"flow_first_seen":1444570636160,"flow_last_seen":1444570639259,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"209.197.222.159","src_port":47498,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":8,"flow_first_seen":1444570675941,"flow_last_seen":1444570690940,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51833,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":8,"flow_first_seen":1444570694561,"flow_last_seen":1444570709697,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51839,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":50,"flow_first_seen":1444570716599,"flow_last_seen":1444570737975,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51857,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}}
+00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_first_seen":1444570719041,"flow_last_seen":1444570720045,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51859,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":16,"flow_first_seen":1444570636180,"flow_last_seen":1444570636961,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":7084,"flow_avg_l4_payload_len":442,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.231.3","src_port":45814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1444570636259,"flow_last_seen":1444570640345,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":4387,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.100","src_port":52219,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":11,"flow_first_seen":1444570636270,"flow_last_seen":1444570640346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":360,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.200.11","src_port":47841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":8,"flow_first_seen":1444570636151,"flow_last_seen":1444570638237,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":7,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":11,"flow_first_seen":1444570640284,"flow_last_seen":1444570645701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.213.212","src_port":41757,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","ndpi": {"proto":"Webex","breed":"Acceptable","category":"VoIP"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":16,"flow_first_seen":1444570718801,"flow_last_seen":1444570739041,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":499,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.229.158","src_port":51772,"dst_port":9000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1444570631058,"flow_last_seen":1444570631059,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"107.20.242.44","src_port":59447,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":17,"flow_first_seen":1444570636255,"flow_last_seen":1444570639258,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2920,"flow_tot_l4_payload_len":7052,"flow_avg_l4_payload_len":414,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.4.76","src_port":52730,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_first_seen":1444570640346,"flow_last_seen":1444570640407,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":4,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"80.74.110.68","src_port":33459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":17,"flow_first_seen":1444570636248,"flow_last_seen":1444570639255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":413,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.104.140","src_port":44492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1444570630272,"flow_last_seen":1444570630272,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"10.133.206.47","dst_ip":"185.63.147.10","src_port":54651,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":14,"flow_first_seen":1444570632436,"flow_last_seen":1444570633205,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2903,"flow_tot_l4_payload_len":4426,"flow_avg_l4_payload_len":316,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"23.44.253.243","src_port":49048,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":17,"flow_first_seen":1444570638225,"flow_last_seen":1444570642072,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3697,"flow_tot_l4_payload_len":5437,"flow_avg_l4_payload_len":319,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"216.58.208.40","src_port":43433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":16,"flow_first_seen":1444570636359,"flow_last_seen":1444570639256,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2579,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.97","src_port":51370,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":11,"flow_first_seen":1444570640330,"flow_last_seen":1444570670371,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":11,"flow_first_seen":1444570640338,"flow_last_seen":1444570670373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":105,"flow_first_seen":1444570669736,"flow_last_seen":1444570738301,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":13596,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":513,"flow_first_seen":1444570669745,"flow_last_seen":1444570732084,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29642,"flow_tot_l4_payload_len":316364,"flow_avg_l4_payload_len":616,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":22,"flow_first_seen":1444570674487,"flow_last_seen":1444570675890,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55665,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":23,"flow_first_seen":1444570679512,"flow_last_seen":1444570680667,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2527,"flow_tot_l4_payload_len":5379,"flow_avg_l4_payload_len":233,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55669,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":22,"flow_first_seen":1444570693238,"flow_last_seen":1444570694561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55671,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":11,"flow_first_seen":1444570732086,"flow_last_seen":1444570734115,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":22,"flow_first_seen":1444570712008,"flow_last_seen":1444570716597,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":5347,"flow_avg_l4_payload_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.243.0.110","src_port":55687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1444570640382,"flow_last_seen":1444570699865,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":216,"flow_tot_l4_payload_len":216,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33511,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":24,"flow_first_seen":1444570738415,"flow_last_seen":1444570742172,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":14319,"flow_tot_l4_payload_len":34572,"flow_avg_l4_payload_len":1440,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":18,"flow_first_seen":1444570640385,"flow_last_seen":1444570699915,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_first_seen":1444570738419,"flow_last_seen":1444570738426,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"62.109.224.120","src_port":51195,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":18,"flow_first_seen":1444570636364,"flow_last_seen":1444570640403,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":6215,"flow_avg_l4_payload_len":345,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":11,"flow_first_seen":1444570640310,"flow_last_seen":1444570645707,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.98","src_port":37139,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":21,"flow_first_seen":1444570699916,"flow_last_seen":1444570700460,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33551,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":20,"flow_first_seen":1444570700561,"flow_last_seen":1444570713719,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1375,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33553,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":18,"flow_first_seen":1444570700563,"flow_last_seen":1444570713710,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":980,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33554,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":13,"flow_first_seen":1444570713719,"flow_last_seen":1444570715293,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1011,"flow_avg_l4_payload_len":77,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"80.74.110.68","src_port":33559,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":14,"flow_first_seen":1444570636170,"flow_last_seen":1444570639257,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3907,"flow_tot_l4_payload_len":7020,"flow_avg_l4_payload_len":501,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.121.153","src_port":57647,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":13,"flow_first_seen":1444570636252,"flow_last_seen":1444570640344,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2842,"flow_tot_l4_payload_len":3970,"flow_avg_l4_payload_len":305,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47116,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":11,"flow_first_seen":1444570640269,"flow_last_seen":1444570645699,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"114.29.202.139","src_port":47135,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":30,"flow_first_seen":1444570699074,"flow_last_seen":1444570740247,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7928,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"54.241.32.14","src_port":46211,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":95,"flow_first_seen":1444570624853,"flow_last_seen":1444570630376,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17680,"flow_tot_l4_payload_len":87086,"flow_avg_l4_payload_len":916,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":56,"flow_first_seen":1444570627404,"flow_last_seen":1444570630162,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17966,"flow_tot_l4_payload_len":106652,"flow_avg_l4_payload_len":1904,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41348,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":11,"flow_first_seen":1444570628113,"flow_last_seen":1444570628619,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41350,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":9,"flow_first_seen":1444570628117,"flow_last_seen":1444570628568,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41351,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":26,"flow_first_seen":1444570631722,"flow_last_seen":1444570633204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8394,"flow_tot_l4_payload_len":24960,"flow_avg_l4_payload_len":960,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41354,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":38,"flow_first_seen":1444570633357,"flow_last_seen":1444570635974,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8847,"flow_tot_l4_payload_len":40410,"flow_avg_l4_payload_len":1063,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41358,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00127{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test"}
diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out
index 7c2c6635d..823bfdce7 100644
--- a/test/results/websocket.pcap.out
+++ b/test/results/websocket.pcap.out
@@ -1,13 +1,13 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1475155931,"pkt_ts_usec":28697,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="}
-00510{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1475155946892,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"proto":"WebSocket","breed":"Acceptable","category":"Web"}}
+00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1475155931028,"flow_last_seen":0,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1475155946892,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1475155946,"pkt_ts_usec":892310,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"}
00483{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1475155946,"pkt_ts_usec":903705,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="}
00436{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"websocket.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1475156008,"pkt_ts_usec":638608,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"AAwpij2nAFBWwAAICABFAAA9BeZAAEAGXPzAqCsBwKgrh8c3MDnJ1LFpPIpUtFAYP+K7sAAAgY+3zv1X36uRO9juijLVvZI03KuJ"}
00486{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1475156008,"pkt_ts_usec":657690,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"pkt":"AFBWwAAIAAwpij2nCABFAABf27ZAAEAGhwnAqCuHwKgrATA5xzc8ilS0ydSxflAYAO0H8wAAgTUyMTozNDo1MyAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IGhlbGxvIHdlYnNvY2tldA=="}
-00505{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1475155946892,"flow_last_seen":1475156008657,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":38,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1475155946892,"flow_last_seen":1475156008657,"flow_tot_l4_data_len":226,"flow_min_l4_data_len":38,"flow_max_l4_data_len":75,"flow_avg_l4_data_len":56,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1475155946892,"flow_last_seen":1475156008657,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1475155946892,"flow_last_seen":1475156008657,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":146,"flow_avg_l4_payload_len":36,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.135","src_port":50999,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test"}
diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out
index 60f38e34c..0d757f16d 100644
--- a/test/results/wechat.pcap.out
+++ b/test/results/wechat.pcap.out
@@ -1,59 +1,59 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wechat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492167337792,"flow_last_seen":0,"flow_tot_l4_data_len":636,"flow_min_l4_data_len":636,"flow_max_l4_data_len":636,"flow_avg_l4_data_len":636,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1492167337792,"flow_last_seen":0,"flow_min_l4_payload_len":604,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":604,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01239{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167337,"pkt_ts_usec":792745,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="}
00421{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167337,"pkt_ts_usec":792797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00445{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167338,"pkt_ts_usec":426301,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMlAAAERHdXAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167338,"pkt_ts_usec":426352,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1492167338426,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
00445{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167338,"pkt_ts_usec":426605,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuMpAAAERHdTAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00475{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167338,"pkt_ts_usec":426637,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00445{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167339,"pkt_ts_usec":426956,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuN1AAAERHcHAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00475{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167339,"pkt_ts_usec":427069,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00445{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167341,"pkt_ts_usec":427326,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEuPZAAAERHajAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00476{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167341,"pkt_ts_usec":427438,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1492167342857,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1492167342857,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00463{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":857618,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"8IQvSpdgeJKcD6iOCABFAABQ0QRAAEAR5OLAqAFnwKgB\/tHmADUAPEQCPBkBAAABAAAAAAAADHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAQ=="}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1492167342857,"flow_last_seen":0,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":60,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1492167342857,"flow_last_seen":0,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00701{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":893346,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"pkt":"eJKcD6iO8IQvSpdgCABFoAECAABAAEARtJXAqAH+wKgBZwA10eYA7qtlPBmBgAABAAIABAAEDHNhZmVicm93c2luZxFnb29nbGV1c2VyY29udGVudANjb20AAAEAAcAMAAUAAQAANssADgJzYgFsBmdvb2dsZcArwEAAAQABAAAAxwAErNkWDsBDAAIAAQAACYwABgNuczHARcBDAAIAAQAACYwABgNuczTARcBDAAIAAQAACYwABgNuczLARcBDAAIAAQAACYwABgNuczPARcBqAAEAAQABNLQABNjvIArAjgABAAEAATS0AATY7yIKwKAAAQABAAE0tAAE2O8kCsB8AAEAAQABNLQABNjvJgo="}
-00688{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":60,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1492167342893,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00700{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"safebrowsing.googleusercontent.com","num_queries":1,"num_answers":10,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.22.14"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1492167342893,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":893680,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8j4ZAAEAGJj\/AqAFnrNkWDpcBAbvnsj+XAAAAAKACchDgsAAAAgQFtAQCCAoAMLARAAAAAAEDAwc="}
00435{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":941852,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8xIIAADIGPqOs2RYOwKgBZwG7lwHnJuhS57I\/mKASpajHRwAAAgQFZAQCCApd2bi8ADCwEQEDAwc="}
00422{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":941899,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4dAAEAGJkbAqAFnrNkWDpcBAbvnsj+Y5yboU4AQAOWaewAAAQEICgAwsB1d2bi8"}
00722{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":942107,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"pkt":"8IQvSpdgeJKcD6iOCABFAAESj4hAAEAGJWfAqAFnrNkWDpcBAbvnsj+Y5yboU4AYAOXwqgAAAQEICgAwsB1d2bi8FgMBANkBAADVAwNGweD9NUKL5AVTYyYP+mu6+yZ5eVPxgI+DpY7zF4i1IwAAIEpKzKnMqMwUzBPAK8AvwCzAMMATwBQAnACdAC8ANQAKAQAAjOrqAAD\/AQABAAAAACcAJQAAInNhZmVicm93c2luZy5nb29nbGV1c2VyY29udGVudC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjEACwACAQAACgAKAAjKygAdABcAGPr6AAEA"}
-00746{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_tot_l4_data_len":366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":254,"flow_avg_l4_data_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00757{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_first_seen":1492167342893,"flow_last_seen":1492167342942,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00422{"flow_id":5,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":994339,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0xKkAADIGPoSs2RYOwKgBZwG7lwHnJuhT57JAdoAQAVSY+QAAAQEICl3ZuPEAMLAd"}
02326{"flow_id":5,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":995064,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"eJKcD6iO8IQvSpdgCABFoAW+xKoAADIGOPms2RYOwKgBZwG7lwHnJuhT57JAdoAQAVREYwAAAQEICl3ZuPEAMLAdFgMDAT4CAAE6AwNY8KquurQREh2KA56GFyNwM5NNQTAm\/6ElicqXKStoqADMqQABEv8BAAEAABcAAAAjAAAAEgDyAPAAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVs\/SFoKAAAEAwBIMEYCIQD6zHRrh9AcxzPMFYouW3wGAA5k400xB8JLp\/vnuoRXTQIhAJa\/qK2iQ4DYAdp5cF41mcMUKrtPMyaAB4jQJuhQ9yd\/AHUA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbP0hagwAABAMARjBEAiApqxJ58Ienlh5fRXTZgXKhjqBeF9+AZpEZdiV6F4rGmwIgUSNGsv++wkBf75eOZfy2MnVNK8iuK65K9WF29UDC+DIAEAAFAAMCaDIACwACAQAWAwMOqwsADqcADqQAByYwggciMIIGCqADAgECAgg4NhvsMkLjzTANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjAeFw0xNzA0MDUxNzE0NDZaFw0xNzA2MjgxNjU3MDBaMHExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgSW5jMSAwHgYDVQQDDBcqLmdvb2dsZXVzZXJjb250ZW50LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAKrkboiiJDAZ7SAVzgulTL2i0xA34tqt\/GkkUNqbVAa39AygcAl8NIrqp02Ks65Dv1uPMcCUMhh36AWeZeXDlCjggSvMIIEqzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMIIDbgYDVR0RBIIDZTCCA2GCFyouZ29vZ2xldXNlcmNvbnRlbnQuY29tghwqLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tgiQqLmFwcHNwb3QuY29tLnN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CDiouYmxvZ3Nwb3QuY29tghEqLmJwLmJsb2dzcG90LmNvbYIiKi5jb21tb25kYXRhc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIpKi5jb250ZW50LXN0b3JhZ2UtZG93bmxvYWQuZ29vZ2xlYXBpcy5jb22CJyouY29udGVudC1zdG9yYWdlLXVwbG9hZC5nb29nbGVhcGlzLmNvbYIgKi5jb250ZW50LXN0b3JhZ2UuZ29vZ2xlYXBpcy5jb22CHCouZG91YmxlY2xpY2t1c2VyY29udGVudC5jb22CCyouZ2dwaHQuY29tghEqLmdvb2dsZWRyaXZlLmNvbYIXKi5nb29nbGVzeW5kaWNhdGlvbi5jb22CFCouZ29vZ2xld2VibGlnaHQuY29tgh8qLnNhZmVudXAuZ29vZ2xldXNlcmNvbnRlbnQuY29tgh8qLnNhbmRib3guZ29vZ2xldXNlcmNvbnRlbnQuY29tgiEqLnN0b3JhZ2UtZG93bmxvYWQuZ29vZ2xlYXBpcy5jb22CHyouc3RvcmFnZS11cGxvYWQuZ29vZ2xlYXBpcy5jb22CGCouc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIfKi5zdG9yYWdlLnNlbGVjdC5nb29nbGVhcGlzLmNvbYIMYmxvZ3Nwb3QuY29tgg9icC5ibG9nc3BvdC5jb22CIGNvbW1vbmRhdGFzdG9yYWdlLmdvb2dsZWFwaXMuY29tghpkb3VibGVjbGk="}
-00811{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}}
+00822{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":6,"flow_first_seen":1492167342893,"flow_last_seen":1492167342995,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":1640,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1"}}
00422{"flow_id":5,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":995102,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4lAAEAGJkTAqAFnrNkWDpcBAbvnskB25ybt3YAQAPuTuwAAAQEICgAwsCpd2bjx"}
02336{"flow_id":5,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":997432,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"eJKcD6iO8IQvSpdgCABFoAW+xKsAADIGOPis2RYOwKgBZwG7lwHnJu3d57JAdoAQAVSEawAAAQEICl3ZuPEAMLAdY2t1c2VyY29udGVudC5jb22CCWdncGh0LmNvbYIPZ29vZ2xlZHJpdmUuY29tghVnb29nbGV1c2VyY29udGVudC5jb22CEmdvb2dsZXdlYmxpZ2h0LmNvbYIrc3RhdGljLnBhbm9yYW1pby5jb20uc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIWc3RvcmFnZS5nb29nbGVhcGlzLmNvbYIdc3RvcmFnZS5zZWxlY3QuZ29vZ2xlYXBpcy5jb22CD3VuZmlsdGVyZWQubmV3czBoBggrBgEFBQcBAQRcMFowKwYIKwYBBQUHMAKGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcnQwKwYIKwYBBQUHMAGGH2h0dHA6Ly9jbGllbnRzMS5nb29nbGUuY29tL29jc3AwHQYDVR0OBBYEFPZmMOxU8xwpydFww8MTbwRomwiqMAwGA1UdEwEB\/wQCMAAwHwYDVR0jBBgwFoAUSt0GFhu89mi1dvWBtrtiGrpagS8wIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeBDAECAjAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAYiEQBl7yedUexGn6szb3MDK+IoIme10CDCNC8ql3aYKkvuR3AEvDcl87Ez5KuT0A\/6I9Jc\/8HV73OtPWhI1YE2m15XbZIjcu8Q4qo89fsjaJyJTa4PlIhyjTGCkuwiI3VInPzZ03gfuY2eOPAUJaYgYKqOMyEJpNoB5DxBGx5hm1KEUDlbBawaf1ntbTzowHgByJW+jYm4PvP6Oum12DCY0ztkjRpc8sllOzCXDFmUcsuqqS0osz3j2avh1dG\/xO4Z4LJMumlpAqqKqJLsHTPuINEPDQLwbweSYoMaFQTGpDXsWlvUVZnUp2VXTytCZCGWCOGQLMl0NzsNqBV1DSlAAP0MIID8DCCAtigAwIBAgIDAjqSMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTUwNDAxMDAwMDAwWhcNMTcxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT\/xGXAaiEZ+4I\/F8YnOIe5a\/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U\/ck5vuR6RXEz\/RTDfRK\/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx\/\/zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR\/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU\/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYDVR0PAQH\/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMBIGA1UdEwEB\/wQIMAYBAf8CAQAwNQYDVR0fBC4="}
00422{"flow_id":5,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":997482,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4pAAEAGJkPAqAFnrNkWDpcBAbvnskB25ybzZ4AQARGOGgAAAQEICgAwsCtd2bjx"}
02275{"flow_id":5,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":997934,"pkt_caplen":1442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1442,"pkt_l4_len":1408,"pkt":"eJKcD6iO8IQvSpdgCABFoAWUxKwAADIGOSGs2RYOwKgBZwG7lwHnJvNn57JAdoAYAVRFrwAAAQEICl3ZuPEAMLAdMCwwKqAooCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAXBgNVHSAEEDAOMAwGCisGAQQB1nkCBQEwDQYJKoZIhvcNAQELBQADggEBAAhOBKeAfxAWQ14CrddCgPSwjtKus+sRfZCEGH3nkBX7SX+omQWRu3rJ1jw3GAmatseSIAc1MwnkKGNyDbTgMpyHmMQbdolnwVBYsBOqExobMqW+6hGVTEhjSemZXSA3zP4qaVEWlUup3kmCwBBw9Czz7LwkJNBOrKXZXh5tksGnrEg1gfnl5Jxlac2HpEFQPy5XpZFRElgOjAmhrHqkEqUn85oQl31VAwb3ZlhfX2Thq11tpTlIdZhMKVo6jdMrypxVBL\/05hTVgKwm7ReJppNsXKTMuPBmjmTjfZriALNJx+QKqt1bg8dwkEZOvtDbWZZsLvUWNt5xzAHCEsEhxhYAA4EwggN9MIIC5qADAgECAgMSu+YwDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0wMjA1MjEwNDAwMDBaFw0xODA4MjEwNDAwMDBaMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDazBhjMP30FyMaVn5b3zxsOORxt3iR1Lyh2Ez4qEO2A+lNIQcIiNpYL2Y5Kb0FeIudOOgFt2p+caTmxGCmsO+A5IkoD54l1u2D862mkceYyUIYNRSdrZhGki5PyvGHQ8EWlVctUO+JLYB6V63y7l9r0gCNuRT4FBU12cBGo3tyyJG\/yVUrzdCXPpwmZMzfzoMZccpO5tTVe6kZzVXeyOzSXjhT5VxPjC3+UCM2\/Gbmy46kORkAt5UCOZELDv44LtEdBZr2TT5vDwcdrywej2A54vo2UxM51F4mK9s9qBS9MusYAyhSBHHlqzM94Ti7BzaEYpx56hYw9F\/AK+hxa+T5AgMBAAGjgfAwge0wHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFMB6mGiNifurBWQMEX2qfWW4ysxOMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsME4GA1UdIARHMEUwQwYEVR0gADA7MDkGCCsGAQUFBwIBFi1odHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkwDQYJKoZIhvcNAQEFBQADgYEAduESbk5LFhKGMAaygQjP8AjHx3F+Zu7C7dQ7H\/\/w8MhO1kM4sLkwfRjQVYOiass2EZzoSGajbX+4E9RH\/otaXHP8rtkbMhk4q5c0FKqW0uujHBQISba75ZHvgzbrHVZvytq8c2OQ5H97PiLLPQftXzh0nOMDUE6hr5juYfKEPxIWAwMAcwwAAG8DAB0gWdP3SuZNEbqAMhXJOSFDDnIjP8zVITtmWlwncBRgFB0EAwBHMEUCIQDiaflQYNp9p0QNfVSp7yJP9jXANWJWQjzQxJueE4o0KwIgfm9glWCV\/3bNKZwfhouBXCb+W7RlftGaaWwF2qKtvdQWAwMABA4AAAA="}
-01895{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_tot_l4_data_len":4770,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":477,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}}
+01906{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":10,"flow_first_seen":1492167342893,"flow_last_seen":1492167342997,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":4434,"flow_avg_l4_payload_len":443,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"safebrowsing.googleusercontent.com","server_names":"*.googleusercontent.com,*.apps.googleusercontent.com,*.appspot.com.storage.googleapis.com,*.blogspot.com,*.bp.blogspot.com,*.commondatastorage.googleapis.com,*.content-storage-download.googleapis.com,*.content-storage-upload.googleapis.com,*.content-storage.googleapis.com,*.doubleclickusercontent.com,*.ggpht.com,*.googledrive.com,*.googlesyndication.com,*.googleweblight.com,*.safenup.googleusercontent.com,*.sandbox.googleusercontent.com,*.storage-download.googleapis.com,*.storage-upload.googleapis.com,*.storage.googleapis.com,*.storage.select.googleapis.com,blogspot.com,bp.blogspot.com,commondatastorage.googleapis.com,doubleclickusercontent.com,ggpht.com,googledrive.com,googleusercontent.com,googleweblight.com,static.panoramio.com.storage.googleapis.com,storage.googleapis.com,storage.select.googleapis.com,unfiltered.news","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d655f7cd00e93ea8969c3c6e06f0156f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.googleusercontent.com","alpn":"h2,http\/1.1","fingerprint":"8B:36:AF:31:A2:4C:EE:50:CC:6F:34:F7:2C:A3:C5:B6:4B:02:AC:53"}}
00423{"flow_id":5,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167342,"pkt_ts_usec":997972,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0j4tAAEAGJkLAqAFnrNkWDpcBAbvnskB25yb4x4AQASeIpAAAAQEICgAwsCtd2bjx"}
00541{"flow_id":5,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167343,"pkt_ts_usec":2497,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"8IQvSpdgeJKcD6iOCABFAACJj4xAAEAGJezAqAFnrNkWDpcBAbvnskB25yb4x4AYASdgEgAAAQEICgAwsCxd2bjxFgMDACUQAAAhIFTDoRfECA9UXSx3Sxxy0vP1nhY9Lq9\/lQFw4g+aqXgVFAMDAAEBFgMDACBkfneDcqzi2Nje8E1lOFDpdGYGDUwA+4+JYfiYxYvJ2g=="}
00486{"flow_id":5,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167343,"pkt_ts_usec":10381,"pkt_caplen":111,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":111,"pkt_l4_len":77,"pkt":"8IQvSpdgeJKcD6iOCABFAABhj41AAEAGJhPAqAFnrNkWDpcBAbvnskDL5yb4x4AYAScb2AAAAQEICgAwsC5d2bjxFwMDAChkJ2bB26To\/kNXsOt+kwWJVo63aXLzXxNrnD+7sGyFG3arYue2\/uLN"}
01550{"flow_id":5,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167343,"pkt_ts_usec":24015,"pkt_caplen":895,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":895,"pkt_l4_len":861,"pkt":"8IQvSpdgeJKcD6iOCABFAANxj45AAEAGIwLAqAFnrNkWDpcBAbvnskD45yb4x4AYASfzjAAAAQEICgAwsDFd2bjxFwMDACsKRf1Xn9C\/aN7xUxi\/hM3vpriNty220pLm3SKA6sQTzQkPhFRman1R9b1WFwMDAB2\/FtEjvwdnpqCBWKIVjQOr1SamY63g6hfvlLKyvxcDAwDvEmg0c49TYeFGiDSC8Ug7EUrkwpvKoATdTI0WVcOSo6j3WXQKaMo8dXOXNQtokZMmgPf4GWW9F4RvX\/eLyYbqEsM2wIANVox2KQlf8QRo\/ZlQVU1VJ0too287FPVcd\/cy2Tk8URodRHSYjx2ln+sI4KWbuJc2U0N3M0Ws87a32UepfTQ79dMubHWgYo1B4g1Vk71L8z0ABCpTCVk5RECoMVKk7S7xBTJC5Y10rZWbqztOkeqxXXoB1egNAD2iwbFgFt5YQlc0rqD7Iy2nfqrdcqQoqiGmPLiGzF5DnrMrQ4g1yo\/JlTRc8SW3i2Gx6hYXAwMB8oSpBkXpYiyTTI19E\/Rir3Ae9RYOoKo6eL1MLvfgueFrcfE7WH9Z+Ka3pu6l33YWG5oFJaMZr7ue\/K+vZn62ipqp8+uHaxrTsj5lvZ2QtBLMqyGY+h4t3Kzo0gnvmLLfRD7Auqscv6eGpyv8XU8dzCGyPKQTmLmPd4sAiOcuEVpsvTCE\/PGF1WSPTFgZyXELGL+7dzYZG2efio3hJdgnb6BTVBrGIhO1AWqG0tMmPJd6+WccbUPLZoIFmIHcc\/0icHyeW9DK\/PSe44vS3i++Wx4I9Xs1AEmR5Kt8MOan7mu7PCvtqf4IZk8nIGW8uIT7hPronBtgXrOhUO7q4+Mc3zXu7yrPrVCpPlhd+J+SUBLGd0bNQUbdxyO3NzXwsZr7tNpMpMh5PUvFiVz0GP\/dIdRyorbdzTHsm6XKqAUcK0W\/AGbuhVn\/OjNKzEG3dKiQ+vmbMLUG\/jmIZP2tC+OaZ9rmENqlml3lXoBsB6658Q5D6HY9utk4cxFC+mFEWroJ1AR+BqhGoRJG1jyPzyu\/6a0XGcWhjiaQNRkatx69FQO0+4vdXS7QslnfOGoaYTVTYXBDpRn7jk3ssj99216YUu+AHR7mIG78PypDmd9bZ5HFZBzLn2hjAthfr18exnWo0W2ygMI39O71XT7XhMdllfsKOw=="}
00793{"flow_id":5,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167343,"pkt_ts_usec":49183,"pkt_caplen":336,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":336,"pkt_l4_len":302,"pkt":"eJKcD6iO8IQvSpdgCABFoAFCxNQAADIGPUus2RYOwKgBZwG7lwHnJvjH57JAy4AYAVSbYAAAAQEICl3ZuSkAMLAsFgMDAN4EAADaAAGJvwDUbxVD5pY99MWMwsYGglFDLd4TKc7HNP9Bfj1katTLjm5MUPP4LGAl7joaiNojx2JHv8uDL7LwEDY\/sgs1caWZ0AdGsLQF22vwx9oOj51CHV764BY8TCvvNNG4WjMwNM4OXgNRdZaAvzn0Ebh6tcIV1u8PTBE91h\/fPr8PnkGCX2HG6DgLHozhlAX94ZaimBGpVK2aaCKZA9\/5bR4YZ76aPButHJXvuJ2SyFZ\/fgYpMMbpK\/eCI\/vFAIPzDVW6u\/2\/221xFzCrv5xx4hbqROjJKoMVoXwUAwMAAQEWAwMAIFp8LMo3+xtUYPU5i10hvoNCEPCwhUtawe84m0jq9OGa"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1492167345896,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1492167345896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167345,"pkt_ts_usec":896252,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0u5hAAEAGF5PAqAFn2DrNTroLAbv4cm+uICz91YAQATUbzAAAAQEICgAwswD2qQZf"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1492167345896,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1492167345896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167345,"pkt_ts_usec":896311,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ew1AAEAGOYDAqAFnrNkXTs\/kAbv7Pa3ZiiWYPIAQAT3Z6QAAAQEICgAwswB+x0ZO"}
00422{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167345,"pkt_ts_usec":935019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0XCMAADcGv2jYOs1OwKgBZwG7ugsgLP3V+HJvr4AQAV1HoAAAAQEICvaptmIAL9cA"}
00422{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167345,"pkt_ts_usec":937743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vmsAADcGPoKs2RdOwKgBZwG7z+SKJZg8+z2t2oAQAVQFzwAAAQEICn7H9k8AL9cC"}
00423{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167347,"pkt_ts_usec":435725,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0LFtAACwG\/EnLzZeiwKgBZwG700RsJQ5CFiW5B4ARAQCiIgAAAQEICkXRnm4AMKsW"}
00422{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167347,"pkt_ts_usec":472253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7RAAEAGDZHAqAFny82XotNEAbsWJbkHbCUOQ4AQAk6XYAAAAQEICgAwtIpF0Z5u"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1492167350333,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1492167350333,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":333752,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92D9AAEAR3brAqAFnwKgB\/rP+ADUAKS5MZgIBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1492167350333,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1492167350333,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00650{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":372335,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA1s\/4AyDQ0ZgKBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACiyoADQNuczEGZ29vZ2xlwBjAEAACAAEAAosqAAYDbnMywEHAEAACAAEAAosqAAYDbnM0wEHAEAACAAEAAosqAAYDbnMzwEHAPQABAAEABThHAATY7yAKwFYAAQABAAUudQAE2O8iCsB6AAEAAQAFLnUABNjvJArAaAABAAEABS51AATY7yYK"}
-00668{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":41,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1492167350385,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1492167350385,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02202{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":385726,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivyhAAEAR8DbAqAFnrNkXQ8kzAbsFThBpDTHWY7YNkySLUTAzNQEAZRP82mbzhTNOuyagAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1492167350385,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1492167350385,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
00877{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":386186,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCvylAAEAR9BXAqAFnrNkXQ8kzAbsBbud7DTHWY7YNkySLUTAzNQLvwr0xyGRZ7meDZlovLzVjAbbzC3jR2f2rSyaEQR29GdHUR3g0xdsFTdTip7X1Nnsf4tYU5MBGkSRYowzYqBAgeAEueiV49O5ngVqvp6AacuKzAzgJV3z622EcXJUEyhTJ+nOIANjFkaDTQTI+jdNEu4FfF\/TnyxM++AGJ3to5M6SWYBz2BeCP\/OGMSC7yUukPIe4sRQeIQcXq+IYSj3PAlHKxZT8HDRP7kjwgghqQy0grhbmgn+9HaZmoQLo9gu4ijkDWy6wUW+W8oMWbJ3Ky6wEFXzApvzV\/FZNjJh6PDtkHubM5JHhhh00iIakeLzopZrU7PnZst39suCb9JKpUYtFvmoJnG3+X2ld76667v+kx3ZpHcdgXPlvpm8rm+2k6Em\/vgF23i7kHM9aRW5K+1InNa4QsADwuokzDCUylLbXZYixDaZtGruoPUyaIkf6OjyLbS2SNBQ=="}
02203{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":462573,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivzBAAEAR8C7AqAFnrNkXQ8kzAbsFTm8mDTHWY7YNkySLUTAzNQMCK\/NUmHquSjxA+X2gAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02228{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":488480,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7yTMFTuPKBNtpRNeisKdzzqqB80k\/RvEcLV+eNstooOP26jQwiV8kAUkwPIMgeBmjqFkk1eZa85ntkHHKG5sLS2nvF5TmkUr+if921Zg1I0\/4gCajXiftZ1cQ7HzDlknoAxBMi+AaCHBUPnPHivZkyl4iSGvXlnHgng3\/7naBjCDqlDK6F+CuxkK8R8D3zCSfpOaKQGBLlchz5S+hCTIwqEd99ts2qf\/5eNYdL5VkMpB5nPqZijuHeZKsbAA\/ctrAa2iT4JB48UuOXvpg5wOCy\/anBkev1fI+1TTLsBMyhp3HjpYh2aKJvkMCmiRctHYEQnmaEMBwOlLcCDMzXUr6cVbELb2ipeNilNIPUR6fbRTICFCh\/dLk8Z8s4+2+q+YRvL47cij8qjU\/MSP\/JdAcQdXgf4J1moMV\/HD76jtK\/q6K2AELbJTL7zlTXQDvl7lhybUqmS8n2wO6ChZ8mkKRPXTTl52a1+v\/t94S8AMxF3uAvJ9f0fJ\/ZMEI3IZ6O7qMEGehlJFUg6ku3WOM+3kE9ZCniZ1GxLmVMmc7+ELA+4BU071ElcmB0cNHc3igocgwlfnuRZX3+k22dSiwenP+A9\/TUyzBAHrcaRXwxtrkUB5nhrAwxJ7sXU8h0m3RmPoZeSXzzc9FxpQ5MJBVfPZ2nvgM8SZWj76Mbmfae4W0Y5pSAxeitiyz6e\/pvVhOlpfDYK7FaYxKn1bgfQne5NYXwxOjjO8qXjZbyhi6U1yf0AFPol4fV4k6ffTGHaG+993EhQAEInqFjs5KLpUuYY0UmCTl9cNR7U0ln37rA4ek3m2s0HjMh2LjsowbaeOmpJRUN6KZp0r5FoNKL2Rbyy6azhyGhinEk2F7Nx7T7OFc8qzh5U88cLdGwsiClMeV++e44EyVBwnyLUnGa79agiHRfcH8uQeFO2JdRvD8m0OGuY\/X4Xq2M9cudkHEZSL9Cvaxgr19m\/Ehm6WWrLrr5ou2qkcyHZ3odgdmbvlBOkYXAqUw1OB0DtQD3U6wTXoHGqO0PM1\/UtTkXAr1qpn86JcvZn\/ynpf2O5qdTtcOKebDq3DgNLkK0T9cm1y1rD4T88uFzlXeHlJh99mdpFsPJ+vFVCQJPwP7vqfT71mINa6\/Pb0Q7bplVWYi1b+UplNOm7yEjJaBRU8Bhv5Pxyh091JSaVecSM2kcDi5U\/hakzgazrriEloDM0v4i1dEuq0I7ZBLcjJFITvSi14YlRX8vKn4kLmPQ3\/oteLhKPRWjTUKm67b08p+Rv8wo6\/ZnvVJVK\/7YJnm2usF3Wz7NfPzR6ckRZ7uYkJZmfPh8\/VTMnabtN3diLkyqGe2ks0kfaaMAlrrWQhbKh5F1K\/LsLNpBub30iqBt5MUt5aEFkSBabvJWtjubQn6QyW8GVs2dFwnL\/CjJFVDk8+kRhzcqwTcIkUO4tw7WxxCUf0F3PNbBjXIBOJrChJ1p3uBHljOGy2Dh0DxDK+EyF7GTnybbIRpeK2oedkfCEnpPpUi7IlpneqyneEiPOyp2oNCjVACBgL5+pYyFsR5gW6VnysncwXQfH26UNpBXtf5HwJr+NOuLicMNTiFrLT4hNvlLhb3HdSm4\/kbBpXefbUT++QhHN5PIPKN2F75i0fG4B9SKWDSWSc\/XO7Nr\/jOHdYwW3e+5zfODYV5lIC5IJtaSio5iRwf\/LvS2RbglFn3Jj94DvsSRYClnbw0fes8mzb2I5dE9C5wElePnvErieuDHTJLAwGVHurqwdlhGSdQnFmnpIjvps8w458iyTv63wjC\/7VPejnxfmCEmz3XcXd1WkP82S2K"}
@@ -66,14 +66,14 @@
02226{"flow_id":9,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":536493,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7yTMFTm9MBNtpRNeisKdzzqqB80k\/RvEcLV+eNstooOP26jQwiV8kBblm3dTMANuspYc920Vx0oYIXBW0KuZ1vWoVnPSdPJ4UKJkf+FbmFOlk6SH8fRKFWFgYfZiOUUynAbxB3AJqplwmIHbobO7Z5tANMt7h7SxgWl44rImFSxqlDUEOCOBDmTMxMOEJhfDHaN7m6wQ1FMHS0Puwf1sjt7ZzGjL3ZPNckvOikzN2EUckFK\/lA1c672vmfe02ziUZ\/pY6YHiAbOQiGdRZMVAqXj6M22QamZxxwrXlFgVnaLXfLCPV2IYY4nU5YeNmSIRXKeiAw1x0sFuYSR8YcwwFWTHb3rmXTjtXaUa4tBug7rZuTXqSQxl\/ZdCnCBfz2JOMsix14LXJbTudLd7yYB7GeOxvBZvWoRlWFUSslm0uO1YA0Jh8tDD7iRCoR8p+qnt3ZGI+YIA4d1UgFizePuIPAYGWL+yWxpMDGg0OPOBHtkSVSwv1FCykzDwoyOXUXGcyj0MMrEbIMSUB2dJfjeTJnd\/+oiXplYyIcKiGSZhtN9CRM0lDUhq7UJasOIO1JObHpDpLCzL1reHq9or+CxHXdIk+oCMBfj32KolZWZ\/xzNJQvCEOMYT\/1VDd3tPGrrPSfeX87BQ3FDxI8ooUeghZ5YF1zbyhyDpcnzcOG3E7msqoi+Qmq\/W5JsXnQqHvdZt1XIYWICyJk6\/8T\/olEowQ76IeaFHY3n+lZOONMuyB5dtFQJTC5uhsElrydOQ75UeYWA4JJHZsrGc3xbaFnjVyU6OC1Ll7T0\/34JtFo8rmhCgBt9jeDYQOUI8QjrkMNvcLWVvpBZDq+PRKtCsmRfOVWmlbySzkIuSIc5uBb3OcYUx8S5ZcFBiiAYan12ayOFxHgo6O4VgVmdPvJQpE5pMn0SrFLLOQfO2l7S0lNmzTTcZrrRRRbow2OZdcHqLYbmdvMsGXQf1fvaX\/fnUKgUM78T3vdi04V7XSgHgo\/evARwLSRQswYtXqIdcY6r4vK\/NB+Mx9LO6W0g+0lPtM1ZJpmNbLEoSMPRRheWF\/OmwnW9+tH18eHRaIB7DjgP7lMlKQaXDZyJWTje6zVnOhNKBSp+23Oy8mfQUXnAkif9qR9DJfqb\/5ir3PHVtA95FGTW7Ldm+IAaiZRGNj2SNM4BCk71zqHmm44SGomUN3mRz8cuXTHp6SX5ipopQ3zde5ohPbnL\/vjWT1j\/m3XpFelbz3CL5qip13H5H7s65gHQ0Dz\/PkyrRSi5K1NwDiX6fWXe\/HHVu6Bd0oLYAsE5tHPE2IGZK\/\/HWEbqEAkdw\/oLC49T\/sONdPiBRIpouggFT3FlKx\/fDgLnCGULTxVovjFOkyFtmxZr7Uria+NX8HGmqInZyOoCaUzJkmyOErr85oNLIkfmZhBVoz3dOZqRkh1r2D5cA+7lniVSrGmNhJDjSx\/MnmPenG2zlhwhohPZOmw8x3iil0fFfRhLfL4skO5+F9cWr2ubyIsDVHr50DYUB2KRS2DkKuQCeE8+q9qacLxXdA5dNSxaECKQicceGe1STkkllK8uqQF3YNkJ1ItkvU+SpoQdvRp2Aq4GDq62WMiMTorwWI8WZppBrszr5u+K9bYtGCM7adBAyCy\/eTCKdS81r1saR0nyIbzspG8eOQ1CW2GQocZf86PIA1GwDS6hB07xgELPp\/gqvACA2ZtdqvN++gZtxWCuksO1ijxpronOQLGvH69vAQRIYWg0FF0rARniBS86bidtnxx7DTUGChUcb0q6suXX6bOg3eq6qKexSyYa0fKIBIokFyJP\/+"}
00432{"flow_id":9,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":539231,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"eJKcD6iO8IQvSpdgCABFoAA6AABAADcRvOes2RdDwKgBZwG7yTMAJnCsAAYr4opWZHoPXiPXDtetp+RWij5Bf+N3uVPD\/CKR"}
00444{"flow_id":9,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167350,"pkt_ts_usec":562751,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"8IQvSpdgeJKcD6iOCABFAABCvztAAEAR9UPAqAFnrNkXQ8kzAbsALs6hDDHWY7YNkySLB82utXxuM1jeW4I\/i0nY4r7ntsp3eUSD88EIprU="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1492167351026,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1492167351026,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":26518,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"8IQvSpdgeJKcD6iOCABFAAA92FdAAEAR3aLAqAFnwKgB\/to2ADUAKSL33acBAAABAAAAAAAABGRvY3MGZ29vZ2xlA2NvbQAAAQAB"}
-00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1492167351026,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00664{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1492167351026,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00641{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":61131,"pkt_caplen":227,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":227,"pkt_l4_len":193,"pkt":"eJKcD6iO8IQvSpdgCABFoADVAABAAEARtMLAqAH+wKgBZwA12jYAwUoh3aeBgAABAAEABAAEBGRvY3MGZ29vZ2xlA2NvbQAAAQABwAwAAQABAAAA2QAE2DrGLsARAAIAAQACiyoABgNuczLAEcARAAIAAQACiyoABgNuczHAEcARAAIAAQACiyoABgNuczPAEcARAAIAAQACiyoABgNuczTAEcBPAAEAAQAFOEYABNjvIArAPQABAAEABS50AATY7yIKwGEAAQABAAUudAAE2O8kCsBzAAEAAQAFLnQABNjvJgo="}
-00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_tot_l4_data_len":234,"flow_min_l4_data_len":41,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1492167351067,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00693{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"docs.google.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1492167351067,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02206{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":67458,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibQVAAEARaA3AqAFn2DrGLuD3AbsFTsxKDU3ZCrKMtFhpUTAzNQFnbJE8FVI6Xr9TUAWgAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kb2NzLmdvb2dsZS5jb21yl6H2wP73bUTm\/HO\/L6W7bp3Xhczs9ysCSmeki\/j96A7sEoRFEAE+SB65YLwp5s+42jMDuJu4lkMvUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq3MDAwMDAwMDCSV1vE+gNbm7+W8XblWvpmJ\/49qGQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAt6rwWAAAAADtcasM4uYqOdGcPkgWTuPinp6tSgmHbpcCw+LDtPZmZuBaJu0QIw4bgS6gnY4km2fVf4E4bxQZEQJVfGW2\/zkLZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmueetXmAEAL+XPr519ndPJ3mPFBWs\/DigCPL0uG+UOo9PlVynP5lP7SYDz1bkGMXY1YNt3+9e\/xaovsHZwZUHeJNaLtZCflec\/IAM0fVlrvjwb6nbNCsXZz6\/cPg4kuVRS2mBg046WN6uU3IIy4QYEX9WeFcdSLySSFcZAp9Y92PScUgAJmXEYeE91IXZUb3jX3RMxTRdpIGidUSIrQaDk8neMszYOzIv3i7wAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1492167351067,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1492167351067,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.GoogleDocs","breed":"Acceptable","category":"Collaborative"},"quic": {"client_requested_server_name":"docs.google.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
01651{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":67660,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"}
02229{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":121999,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"}
00448{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":122989,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbRRAAEARbRvAqAFn2DrGLuD3AbsAMQ6vDE3ZCrKMtFhpA7Y9jgNT0qCEjni6SuPZWM+AykfeqYgCOx\/sRFcfvEI="}
@@ -81,7 +81,7 @@
00445{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":123407,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"8IQvSpdgeJKcD6iOCABFAABCbRVAAEARbR3AqAFn2DrGLuD3AbsALv6EDE3ZCrKMtFhpBK1o18SKo\/qbz8U825\/VzcbL6V6+eFmxogbDKI4="}
00431{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":126049,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"eJKcD6iO8IQvSpdgCABFoAA6AABAADcR4prYOsYuwKgBZwG74PcAJs97AANw4OTyouUplCAQlCxyR5wFQ8L97KXJUGT9o9Kf"}
00431{"flow_id":11,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167351,"pkt_ts_usec":187679,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"eJKcD6iO8IQvSpdgCABFoAA6AABAADcR4prYOsYuwKgBZwG74PcAJmLSAAThnIEPyE2iTeMUNqIIGc3pgi1qVvKpqLMzF+Gl"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1492167352068,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1492167352068,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":68255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePFAAEAGFx7AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO38PQAAAQEICgAwuQeFnMDK"}
00423{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":122932,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OfYAACsGqnlA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWVTqwAAAQEICoWdcMgAL7Ej"}
00821{"flow_id":11,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":366369,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"pkt":"eJKcD6iO8IQvSpdgCABFoAFZAABAADcR4XvYOsYuwKgBZwG74PcBRQmsAAXfXTfs4CpU4zZDcNemGq3fAZVjuSRdySjI0P8ou9U96Fb95XNHQ5Ea8U4ZSmuUymwNiTNbhXsmzwKmBCuRJ4sBmMwptJChUKY0ESXRFy40FVrhyqSFvWzWYlYtv\/hZ43FRhBB9ZsIjDChwOu75W8VxLyhAf4IMvy51o+tsW0yS9eMLTBfOiyqz4NxBP0TuIqIFZQaIOrtR8uF6bo6A5KPpKxsXrQj5MdwsmOS+8COp2q0MzYzIgwFRgg62y0C\/lgco8tigwv3TFtazcfjpsxdmRBSghhQv+39dr+pAFDPhHgHiBhY9k3C6ydjauV5uApNmXzE1nG6gwZfdO2nzy3QDybZ6zVepjUf5UgvoZw3\/cp8oXD+UVRyQRlUziULxsVtRwqeiTfuyA5SFGNz7lnlALVNnIyGt8JlNqjk="}
@@ -89,17 +89,17 @@
00452{"flow_id":11,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":367864,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"8IQvSpdgeJKcD6iOCABFAABIbddAAEARbFXAqAFn2DrGLuD3AbsANL1NDE3ZCrKMtFhpBQoBtYakBkLfRax+TOi6IfaF3077Z7hpEcpobbJ7derDkLk="}
00432{"flow_id":11,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":371962,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"eJKcD6iO8IQvSpdgCABFoAA4AABAADcR4pzYOsYuwKgBZwG74PcAJIY2AAeeeUXUuwqERc9o6KyNGYuNKj080+Ib8mkGTA=="}
00442{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167352,"pkt_ts_usec":398283,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"8IQvSpdgeJKcD6iOCABFAAA\/bd1AAEARbFjAqAFn2DrGLuD3AbsAK7F2DE3ZCrKMtFhpBm7kl79oV\/7DDgt7GHK2JHDMxM8dDtJ486Q="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1492167353674,"flow_last_seen":0,"flow_tot_l4_data_len":230,"flow_min_l4_data_len":230,"flow_max_l4_data_len":230,"flow_avg_l4_data_len":230,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1492167353674,"flow_last_seen":0,"flow_min_l4_payload_len":198,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":198,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00695{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":674975,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwRAACwGsNrLzZeiwKgBZwG70ypPgUs4IVggsIAYAQuBHwAAAQEICkXRpIYAMKn\/FwMDAMGOrZUQQd+ekzcfermPixMN7baWMlCLOjLGRLUay7A9ywN4ZUGmiUXDO1gdTDC98QU1t8eAbnyMFUBj5qM3d0y5XCUUPMCeBhhxcxN\/8G4Ch12FyipeyhGtwqgzXcsPc5ZQsJ\/Yfu\/XdVaAYYDYsfkQdrrVo9IGd6i0jIOj1GEXv+MuFcw5UP8MbQ5QLfOihRir7leYEOxmHGeDrisZkZBhOzKLL2Q5myihhKQJ9yeXWCsp\/s4j9ebB8kfX1kVSE8Aa"}
00424{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":675042,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8JAAEAGdYLAqAFny82XotMqAbshWCCwT4FL\/oAQAcj35wAAAQEICgAwuphF0aSG"}
00422{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":687334,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7VAAEAGDZDAqAFny82XotNEAbsWJbkHbCUOQ4ARAk6RTgAAAQEICgAwuptF0Z5u"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":687484,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoXgBAAEAGtx\/AqAFny82X058lAbtnDvSGeC5ApFARAOXT9QAA"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":687522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0QwNAAEAG0kHAqAFny82XotNFAbtA8usy6z8oEoARAOWo0QAAAQEICgAwuptF0ZJx"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1492167353687,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":687624,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZmlAAEAGrtPAqAFny82XotNJAbvI4NzyAAAAAKACchB6zAAAAgQFtAQCCAoAMLqbAAAAAAEDAwc="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1492167353937,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1492167353937,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":937975,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8a3xAAEAGqcDAqAFny82XotNKAbuhD9GmAAAAAKACchCtqQAAAgQFtAQCCAoAMLraAAAAAAEDAwc="}
00422{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167353,"pkt_ts_usec":998138,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0bFFAACwGvFPLzZeiwKgBZwG700RsJQ5DFiW5CIAQAQCMMwAAAQEICkXRpNcAMLqb"}
00422{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":15537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0vARAACwGbKDLzZeiwKgBZwG700XrPygSQPLrM4ARAHCW2wAAAQEICkXRpNsAMLqb"}
@@ -110,15 +110,15 @@
00434{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":49234,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700mLgJvryODc86ASN8g1VAAAAgQFoAQCCApF8RJmADC6mwEDAwc="}
00422{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":49274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmpAAEAGrtrAqAFny82XotNJAbvI4Nzzi4Cb7IAQAOWalAAAAQEICgAwuvZF8RJm"}
00747{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":49650,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiZmtAAEAGrevAqAFny82XotNJAbvI4Nzzi4Cb7IAYAOVDAAAAAQEICgAwuvZF8RJmFgMBAOkBAADlAwMg8ecmhVvNIGBKxVKhOhJWIrAbXQB1XAVkfDWfr1I96iDQqVQUi2ekdsYx76vXfMv4reYubqyVUBJq1nTozJ\/kzAAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABgqKgABAA=="}
-00721{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00732{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00436{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":296899,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG700oogx9AoQ\/Rp6ASN8hHnAAAAgQFoAQCCApF8RKkADC62gEDAwc="}
00423{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":296948,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a31AAEAGqcfAqAFny82XotNKAbuhD9GnKIMfQYAQAOWs3QAAAQEICgAwuzRF8RKk"}
00423{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":427364,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0iSlAAC0GnnvLzZeiwKgBZwG700mLgJvsyODd4YAQAHiZtAAAAQEICkXxEsUAMLr2"}
02343{"flow_id":16,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":430928,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIiSpAAC0GmObLzZeiwKgBZwG700mLgJvsyODd4YAQAHju1AAAAQEICkXxEsYAMLr2FgMDAF0CAABZAwM1kPQW92cguevuQqDaCbRcD\/G+X6zRfbURm97Uu0BVKCA3foG4i9pV6QeN41xMuSS6TypXmVvnRL5nSZVX0j3qosAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00778{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00789{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":6,"flow_first_seen":1492167353687,"flow_last_seen":1492167354430,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00423{"flow_id":16,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":430957,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZmxAAEAGrtjAqAFny82XotNJAbvI4N3hi4ChgIAQAPuTPQAAAQEICgAwu1VF8RLG"}
02349{"flow_id":16,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":487785,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIiStAAC0GmOXLzZeiwKgBZwG700mLgKGAyODd4YAQAHgCbAAAAQEICkXxEsYAMLr2i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQSA+yeJtoQdKqu9TBTMq7boQ71hzXg4fvG\/uJ7nOZNJ\/ry0fvYdJJiIEOdEQ\/tGrfV1K3288dfFzu010\/GMEJVUBgEBABSNSFxa"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":8,"flow_first_seen":1492167353687,"flow_last_seen":1492167354487,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":487813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Zm1AAEAGrtfAqAFny82XotNJAbvI4N3hi4CnFIAQARGNhQAAAQEICgAwu2NF8RLG"}
00780{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":488072,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4iSxAAC0GnXTLzZeiwKgBZwG700mLgKcUyODd4YAYAHgviAAAAQEICkXxEsYAMLr2fTScOdm56ml7v1ofTVAkfVhd3wcrzURPmgmRKtBv2u80x9TnTxKtBnp2tzJvxT7yoK7qis+ID2ApL4Bg1FSshJivuWkb9x\/9I4xx7OzQ29cEdb4Qd8G3dnaBoRFgtpqrZd2VBPSjYjYstYO0oDVVYHM8jQlx9PCqFzGdHuRBpnuVBhSZsWykeif6s2sxXA7+43gpYo8JwIoAcuk5uZKdqLLaMhSPOw7XEhl4OLVKkcg6YAFkzpUfZkfB+G1B9nCg5GnUrcb8dtjLw77P\/8DIKbUlq2Li322jlWf9tleQaJX3Pcg3aj1TcUjxdk2Jw\/0XY2Rlsl5ThM\/ogtUWAwMABA4AAAA="}
00425{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":488100,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Zm5AAEAGrtbAqAFny82XotNJAbvI4N3hi4CoGIAQASiMagAAAQEICgAwu2NF8RLG"}
@@ -127,19 +127,19 @@
02106{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":865785,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"8IQvSpdgeJKcD6iOCABFAAUMZnBAAEAGqfzAqAFny82XotNJAbvI4N5fi4CoS4AYASiogAAAAQEICgAwu8JF8RMzFwMDBNMAAAAAAAAAAXVl2bEdSzpiU7Zyml3Li4A3tlDKuAIvlkudhWTUDandLFjvn6EokoSHVGijId5XO2gIA8Dr3kw0zJXPsULIhjdf27AC7hXM2QVIo2q91mvMP6SDhnj0dHL2XdevzIpxgcbaGE6Fw\/tOfCoK6W+qYtoCrpvUpf0v2LielE0HreHGuKAUr7RVh1MB0aeH+eZsr8M3qE9XFw5+fSu197vqnGenxERoRBjkNgG0jMyhPt86wa9PZXOZazWBc3RXhEf1r2daNsTrEBuF\/wgc9BX33oMyfDRIy7LNrz2eTZAJJ14kYUnUmDzVvxDUr+rhd8Gi3UTElW0shvGwvnuPvW7UUJIrGt7R+Q+KPxvSUE4YN6MrsdFI8y9uDs8uCQ9bAEeggduQAhQAkVZupsZY8I2D6XY03NeScMCLyPrJNzA9ZjKIzFgJhXfdRoborQA9JFUUAIsY0cjrevUfjL8tci0GL2WtfMDZl+8+9q7KFMH1wkegoH0eeYNW68wj+0TO5f8GuRwWfITiQkJm5eA\/xnnVIWW0cJLp557+6CAbIqYRG4EWvQ1jvR4mV6cxWNMHYD\/dubHBxhnT9OsZ6W1l1b38k2PJPYnTBZEpF+Dn0uole7CcbN08nLAB9xXPiBLvd3c27wC14jx0J1dVhI3Cend13\/nNTSpOydcfoN9A34xjqZSQWBX1eskDE6wZvM0TPA2V5\/iI7vdqlmSoX4B0fAHxcSunCrdAsMkzPZ+qzeSt9+WWVmOQ530zwM\/lSoe3hYDLcfhXsZezJHqSlgxMTmm9ApkjwdJMcG31FY42h5fnXmf19X1VGD3eqIrIRRBTfoXSJPcizxMCODczeDYk1njqSn+QhmPKI8DdGhV0K02ngpSrq0xFKOJluYb\/l6+h8GNnoMhksPF1Q+67Dnavznsk5PqC7Uw63bMybUnZ\/uMHNyTD7XgbyMxSPpbzClG6Njl6bqziGH7e4\/a9bGkE6K+hmMPfrsmIUOQTFEHWpgwEZ+AYycJbx5V0HW\/nKD+K9w3wfFQHSv1kpTD5aqa7hkoPXuhZoSgPYtmdm9uRmqMW+1wnUXrMeJy4BlfCHc+O83GptB6O2TqLh9yz5rbAaD1lM6UkW8g\/cb54XxvpQF9+Ty9UDT2pOmakMrsxiQEuPlUDT\/AOZwZDC3lnOIg1GxUyKZtfUN0L99VzZ4PRmxgYK0ovlZWH6rBozuaC+7WOd\/lfvo2\/8BUuGZidl98QV6mOjzZYg6RFpR4dHgiptsLAc91Hv29NoHaXH\/g\/+KmosnifMTjDOkXpvajbvTJYkuRByIwPyxrj3UlRRVEHlpaEFF7LRXFNLZKDU5teK+T4JrLS46g3kPd3V+WYvlxipr+g4177KabX0Ss9w3oDKyUL59w6KzpSm+yJvVpHmFL7Tr3P9UP2o5Y+gK4iJN0dW2TLqnAU\/1pBRRcn1fGvGFhjGzQFKtCcsis7PwleHyYYPNMarowz2kFJ3hyr2KnAqO1V\/Ug3MMOtzc30Kfj07I2CbahIY2MEQTudeo8LoBd0P9Oz3iQ5D0ZlvtX4TZrCOJXrsfH44fNyd5QE2itUZ9rH0YRmUBuQIDpHtn31Dm7ln0jLBlMgXTLUVIZVs9JISL9aiJ8IqOfZfOsPnoPi2A=="}
01072{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167354,"pkt_ts_usec":869112,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"pkt":"8IQvSpdgeJKcD6iOCABFAAIPZnFAAEAGrPjAqAFny82XotNJAbvI4OM3i4CoS4AYASioUwAAAQEICgAwu8NF8RMzFwMDAdYAAAAAAAAAAjjUh2xk8jMDiJIIdB2uw0YRbrot6hyg2Ttc1pVL9SA+EePoW1Xi9q65OFYKUVmOdM9bvvhzr1jPW4uO8eW0yljFtcGTKBMKM8PpEsLIO7+1P8T1S63WKFRgJ5Ka0U2UxSuj2RhoQVzNwPvsauVzDjyZtoHippSFMzFBloHSN5psPlJSHd7Uu9qVWCUeo5+9KrO0RMCOcA+DkBqb63GqOoJWnGo5AjdniweZggXmSVpy1OSwODnKosv5dSyLSatxMGRNALnEWUjzDDXqkPfuHyVIvXgFldqRCT8dkcRp4R0sGeWklsq6dbuaZAWIhMTI7a4U\/BEdVJhEvRKB+Pai2gfc\/d87kAzs5lG4F3E\/wWPuxkhAoBKj\/wvhjvSzSYHHexmdptDu90ZrsfapCJ4dQbkS2uiAbtOUcFPMoNi78oday4kMZ7peUUHzFLGDgpCVd4yl7PJiZJj9fZXgH\/1xcANHZSihoJVg1fqkOLQsYVE2FYbfRxXihyW5N4aNGHjwkRCyrxCl17\/6oHX6vJvi9\/XWVPnoRt7PRuuqm\/WkUKPB7QwhIwIkwlGBHmRylwZrLKqThL3EnpMGIH+i0+7OtXMtPpsYZQpgPuyWmYRRtQ=="}
00749{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":372539,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEia35AAEAGqNjAqAFny82XotNKAbuhD9GnKIMfQYAYAOWR5gAAAQEICgAwvEFF8RKkFgMBAOkBAADlAwPQGPUQ73ic+7iVIAjQSjq5W05BxFF6D6kJRu\/s5h+d6yA3foG4i9pV6QeN41xMuSS6TypXmVvnRL5nSZVX0j3qogAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIGhoAHQAXABgaGgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1492167353937,"flow_last_seen":1492167355372,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02037{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":388384,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8NAAEAGcN3AqAFny82XotMqAbshWCCwT4FL\/oAYAchBqgAAAQEICgAwvEVF0aSGFwMDBJ8AAAAAAAAACSCXh69SRVNj7LxTHyTa29lyIMx5rUn\/Kbsx2RSLcx6h5Rof7MvhSBslxiMA7RM+grN19AFhFkb86ybE4QzYLqZogvxRJjzavJpiSw0h2JHTRLw5hxkIJT93\/hBnX4KXAJggRKu+zDGdqHHdv4fTutm2SVgm7d7YrX77rNoEa49Z7tjdE+lO2DuQkrDWrkIcPj0eYPzI9xDvhacp1zu+uHhR194mvhqvVQzKnG9JQA7M8yc34zhOP58E3OjjXwz3ELzMbE8lsUYni0FdVDzD5AHz2ZXkJTACi6epY43d8swMwJs750LtRYiDdf+30r4284+LeVd8LVUpJU\/rrav+ZKJhyQ9sw9XMWliErx\/Hsl\/5h3MZRKZeqbDE6P8CmhyiQOuweltYgaOp1rsNtfHpo493xewTpz5snn5PbRcKUqFF5M4r7lhwPPhIeVK4WOUH\/33+Sq98q7EPLrHMUFohSF90hiJaXtAj+rHVK1gMf9oOJW2ySdU7MX2DS86yuQ6kfFtJuGuxo1Cz6PJoomwid9YpsbBbTMx6m4z9l\/ny1t10Pd97BylHaTo6YBGXBgtaz8dbyFkkD5Nbk5dwtmaGlM9uIlF\/rv5c1A55dbIdj8naBbyQ7fTwTJFbjISBkJmpaQoU2kc\/zziP44xaoDUxaRt9Ry\/806C0HPovj+JC6hKAJhd7IU3lz1cd2EcOR09Ulbh6GcnGtGoIEgMSnOqlHSHFOvhwMJOgqMdjV4Ts3j6kz4nuUL7P9W38WCZ6Et6v6MCfJC1NHlb+BiknubpqgZZ7mM9\/dQzJwaHAVm1pExnTA0Qtn9u2w0Ob0wTvtwWHLqB8+w1X5lLgz+g0\/KazNnFwZsVC8NJt7gXfJimXlNiQyyoVZPRU5TsryE76p7eJsfK2K3vD+oV2xOy0odJivKdVU9d\/b0lN4vXAAJXGR8apbNgPqwivAZHIvQdWqFgNwio4MLv0L8zBSqiIiaIpEMDbJPlGf3NTa8KHL9KuF0\/XkvPuIqyQ1vikTJWv3M0PfnYGX\/91JwgIycN3X4tfAJPTYU1bJR8H9lqbTS68wW7e8n7Z9kn4BsSK8WdGfSG\/BGchlsNazeLO6dljFOzNH1Nb0yqv79UpRl3Kr1HkZo+mQcyTmdDq73MBTVTodPICJb5JR1YLjVlWLyhlubA3PMAZhd7v493hq7IuxuvrhHldQDGHsYcPZ0+ZYWLqkDletWw1l3zV0GxsjRhJ3s3iffY9XBpGE8EG39zicWNmnu8THVvBYw\/7ASp9iDFLWiJkigPswdmPFhkbbEWproj9M3h6bBS7Z9ohy6yUXPGG6RKTKX45Eg\/Pm2f3Y3bPQ15p4S5E260\/wYzmk6Pco8MZXXOtCrfsbgBU3U\/QFaYJziOi8kV14C9ocoOj7UNbOPlK4JGIThUQC22wBIoO4QcICqfGi12dFi3\/dZawWcVCDgNfdmaRqjA7vn2Ew3dMX8AfiCfUGFCye6yKRfSC\/KcvJGql1sIadq+izTaBp+jfWADKBhJTOB7x6VUd2Bs6qIc6mkvKSj4SxqM+NPNL5GVHDR9qjJ4H5zSi"}
00425{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":708813,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0dwVAACwGsZ\/LzZeiwKgBZwG70ypPgUv+IVglVIAQAR3wRAAAAQEICkXRpoMAMLxF"}
00694{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":714716,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwZAACwGsNjLzZeiwKgBZwG70ypPgUv+IVglVIAYAR1S1AAAAQEICkXRpoQAMLxFFwMDAMGOrZUQQd+elO6yUWZaxB1XMRBaU5iIrSWBDYFMTBklza86ZAJ6mlfc+fSz1nangNwW6dDHehHKK9aovFSe8h\/p4B1XlNKo6T5XxbmSKu1Sbxvxyur1MrHjSISlyLPclpL0f6AhZsZEEcReSmOdovjdyShnPTyu0ybkZB4WFJHVgACkcFaPkTxnnNq1rLUf91oPxf\/kt+Uc1aHDCkMk\/Kcb18Ipw1elIOYbN1xUGZ7sM+yxphWAWHZg+LCttdBqRoJi"}
00424{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":714740,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8RAAEAGdYDAqAFny82XotMqAbshWCVUT4FMxIAQAd7uawAAAQEICgAwvJZF0aaE"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1492167355723,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1492167355723,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":723894,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8P4ZAAEAG1bbAqAFny82XotNLAbtsCoMeAAAAAKACchAveAAAAgQFtAQCCAoAMLyYAAAAAAEDAwc="}
00425{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":738109,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0C01AAC4GG1jLzZeiwKgBZwG700oogx9BoQ\/SlYAQAHip5wAAAQEICkXxFAwAMLxB"}
02346{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":743680,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIC05AAC4GFcPLzZeiwKgBZwG700oogx9BoQ\/SlYAQAHg1LQAAAQEICkXxFA4AMLxBFgMDAF0CAABZAwOhsS53G0R6i7AXuwL+d6wg7LMuP9pVZ3zq3hDh3VdALyAu7u+IESMOXMTRIYoN\/ZwuWvg9\/+wNvYR8waFYhnvDhcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":124,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1492167353937,"flow_last_seen":1492167355743,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":743715,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a39AAEAGqcXAqAFny82XotNKAbuhD9KVKIMk1YAQAPujcgAAAQEICgAwvJ1F8RQO"}
02348{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":744203,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIC09AAC4GFcLLzZeiwKgBZwG700oogyTVoQ\/SlYAQAHjYngAAAQEICkXxFA4AMLxBi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQ3uHpwef1MG+BNoRiDsPpSH5gW5GIz4uFejJInYWv7G+T9hMHk7Bq\/nr4Zhg6JNNyHsGHmEC5ci\/sFKwhYshZkBgEBADSEHffG"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":8,"flow_first_seen":1492167353937,"flow_last_seen":1492167355744,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":744228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a4BAAEAGqcTAqAFny82XotNKAbuhD9KVKIMqaYAQARGdxwAAAQEICgAwvJ5F8RQO"}
00781{"flow_id":17,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":744773,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4C1BAAC4GGlHLzZeiwKgBZwG700oogyppoQ\/SlYAYAHgcYwAAAQEICkXxFA4AMLxBrWqcYcmfgNeSEdnmJ5nyoHMAVeaBIcWYcz1pTCm2RGV7eUnYOO875YQ7xSqd2OzVA8qQXCPv27uKii008HP8GoLtpFGi0DAXndkfaNsefxALbcNqDrb\/EWVo7Od6q+is7u5kx8PwNSqcxfsH91yNQcsoNLmMNFHkzBwRHwtGsIcfF28w+wIumV\/7PrhP\/kvYEvyt+LEaddd+XZ2KB7za+Pe\/6Zq6By2Tb5BP2VLakhk+dc+A47b3kd8v58hS77Lns3WXAriAzfOs52nM8qdtSkZFmISUhdKxui67nouiSz0WuB8H5xQdMkNKMvhWjR5J3Apj3uim9AQtresWAwMABA4AAAA="}
00425{"flow_id":17,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167355,"pkt_ts_usec":744804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a4FAAEAGqcPAqAFny82XotNKAbuhD9KVKIMrbYAQASicrAAAAQEICgAwvJ5F8RQO"}
@@ -147,7 +147,7 @@
00435{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":77508,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG700uz8YPYbAqDH6ASN8iq2QAAAgQFoAQCCApFrUFyADC8mAEDAwc="}
00424{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":77551,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4dAAEAG1b3AqAFny82XotNLAbtsCoMfs\/GD2YAQAOUQHAAAAQEICgAwvPFFrUFy"}
00750{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":77750,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiP4hAAEAG1M7AqAFny82XotNLAbtsCoMfs\/GD2YAYAOVYrwAAAQEICgAwvPFFrUFyFgMBAOkBAADlAwPrb22xHnXa3171HQ\/x0N7leORqlrAubtrqrBze9\/ohpiA3foG4i9pV6QeN41xMuSS6TypXmVvnRL5nSZVX0j3qogAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8amoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIamoAHQAXABi6ugABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1492167355723,"flow_last_seen":1492167356077,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00497{"flow_id":17,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":105935,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnC1FAAC4GGyHLzZeiwKgBZwG700oogyttoQ\/TE4AYAHitFQAAAQEICkXxFGkAMLyeFAMDAAEBFgMDACi\/lY9ttWYgixpZVnLivPTiYtg2AlyBjdFSnoTBoX1jmkDYSHWa6jpY"}
00447{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":114749,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEvOpAAAERGbTAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00477{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":114803,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
@@ -156,10 +156,10 @@
00425{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":144235,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a4NAAEAGqcHAqAFny82XotNKAbuhD9MTKIMroIAQASibPAAAAQEICgAwvQJF8RRp"}
00425{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":487983,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0whVAAC0GZY\/LzZeiwKgBZwG700uz8YPZbAqEDYAQAHgPQQAAAQEICkWtQcwAMLzx"}
02344{"flow_id":18,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":488969,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIwhZAAC0GX\/rLzZeiwKgBZwG700uz8YPZbAqEDYAQAHgQdAAAAQEICkWtQcwAMLzxFgMDAF0CAABZAwOe8QHokcOaEsejRhiKIOT+eneKPUPW6CxSRu3PtDSDICAw4BRL3PXeGMjW+qUk6QYvRqoU0TSzHBocUA21W5zrfsAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":151,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":6,"flow_first_seen":1492167355723,"flow_last_seen":1492167356488,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":18,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":489000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4lAAEAG1bvAqAFny82XotNLAbtsCoQNs\/GJbYAQAPsIwwAAAQEICgAwvVhFrUHM"}
02699{"flow_id":18,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":489253,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMwhdAAC0GXvXLzZeiwKgBZwG700uz8YltbAqEDYAYAHgsPgAAAQEICkWtQcwAMLzxi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQ2x7XwiLdRbJe2ezzNqHZjd3m3ALtNJQlRJbXIqzTvDx5RppGiVwkllQUqIzEhC49B+KNSBDH019juum8PyR1nBgEBAKbOhpuiGA4sSKAcNwn1neg4GKEo9Wq0PnmYO\/WyA1EYjJ20yU\/kxoaKpaedC1gKNBYCsReuxUZ4+hxxLMXCimatIFs33lSUKoo+QhETf0Vgz0zpbdMzqStD1QwytsLCfP\/RP4ehRyoS5HMxeDCnHoGuZ8VEZf4VoAKRl\/VNrj9XAJg3UVUbkG2fLYMkecjDzpo9LRbCvbax6D6Wr2Ovjl1bXtxALUeNjxEYRoq+Dvpm600AgSzq1Z5DeRUL2DG8Gpi2C58Oazm7q3FRHSMkboSTRCJ8gTLt\/Kef2YLQ6m\/LSv3mIsdqbfOVYIl8ngbEr3Qxf0pPoa5mhgSRz1VDBvoWAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":8,"flow_first_seen":1492167355723,"flow_last_seen":1492167356489,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":18,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":489289,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P4pAAEAG1brAqAFny82XotNLAbtsCoQNs\/GQBYAQARUCEQAAAQEICgAwvVhFrUHM"}
00599{"flow_id":18,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":492166,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyP4tAAEAG1TvAqAFny82XotNLAbtsCoQNs\/GQBYAYARXmRwAAAQEICgAwvVhFrUHMFgMDAEYQAABCQQSK1xuoI\/EoM9LICk0fk\/dqoOaDBID8gzK5B4fzI1nC7bPJSViPhx8rygylgSJtQ08wpWYxrO6Tiw+b1qSjy8ZQFAMDAAEBFgMDACgAAAAAAAAAAFWZZ4LhzH+dBrtI+pdWhmOWc4CJbHUk7r6Bu7ogdr6t"}
02037{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167356,"pkt_ts_usec":520275,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8VAAEAGcNvAqAFny82XotMqAbshWCVUT4FMxIAYAd7CfgAAAQEICgAwvWBF0aaEFwMDBJ8AAAAAAAAACj7kGaxvPW1llgrPExXCFY+iK2k9UMlQIUE6PT\/jpyin18E8U+KIyO580A4r2l\/E6SdyNU52BlBa4+lMqpa90zCjDm5155DkgPBMxbUZragdvw8rKup9juv9cjjqZRE1b93ECKgpO7QlawALzkxAtB5wkebFmMLrXPNSzvj+GyXM7xUzF+xmFySulQiMdhr3fk8fScbdJOtIiZ4Rw5BzdzTrNZ55Na8Pe5GwjTLnHAmG3ozlpI37OrIO+pb9yoy5kJCkPWkBko\/wjM9BcLZvqeqNV2fdxSFXPwFvld\/HsntOPojrLzos97mq7BdkZJhJbMBZVdM7BvRPBA9Ep6JR3kmm49nVKQlJ8kxIx2df0k2Kj9uNT1fizDgGhzCffg+KGt27J4zB8MIrxuovjHWELoY8SNgYI6ohKjBoG33m9XG5ytbQ6RSahAPPuCc0iCINY9qRSKRRxsZ2MFDdCLJyzwp6ksaCcXDspFkFsut4tjPmhT1hUlMezWI+x+\/JYTlKNQ2iDZKOaJ4ooToIGg6\/svW7AWAEdlQ6WSgJ03eOUV8wt+9+PyGLH8kHXLtJNGhOeUdTJ\/PNyCisywwMA1BtYSqOcugP9NSgkyBqstG\/0YqOfVm\/JhSFtlNQtn++H5+VqhurBCPsE4Jp3GbYmEtnNYNuitPV12KbiPBBiP6atAc5JOGKcjU5JTiGmuPyY+jjxAt5QiElDMZDMRVGnIU41X6Pkefb85H0ALNDmRM+Qkv1Zkmph7ycMMJRI5UEnyZrX0Z1N4G6VsRHSpQU6lORIwLak5pAhkZw1AOizvL1ilISi1KhRhGXWULUZWST\/2V8LY8WZfFSKe8+jbCSFQv3LUfndPY9m1ozVMefBIb2L3q44PvleU6ALxbPho1wHR8A9GQR9AoOGvGk8ewKWXaAZAFv7RZ2Nhdpl3W8uCr48K2A1yF1v0MQhMtRJQk9V1khU\/4293n\/+GvZRqJ91JerRBsq5wVLzUiW8NxR3mmt7OSaMYsvgrPwItDG8Qgicq4qQ6f7bpYNEKxtXBhzygAdPtGq2xyYpKuHxuk+TwcDinj4EZl9wIBRVg2A6Oy20CTXlrOgMelOLA9FhK7fy5LJ+pP+qHrUjZB7muBVjX0pdaotzd1JrYGuVhZkvMFTZlJ8ojjK+U3AzaZAKISH7rzHGtSUgj\/W03+Kd6crV14Hx21CjirxIdckCpWzQk4myX33NE\/tTaRaJss\/fGiyIodgyAlrjx\/4YdwAGku6gNxNRBwvesPHuC2RFF26C8BKdFc5mNYQA7atVsfmp9ce8\/dB95qtuZUOOgzW6W1aVKjNr6PN4bCZJI+kSrbdlbHMmxplh1xfuVW2uOasnTaRrgmyiC26u\/qO2QKJ8JwASeF1U\/p61qacFon3hNfDk1M\/Unwp3KelUx+LpJy1DN8soQZmF2LTvOec7r6AwQcD6vRjG+L+E7AV99pWWU8++ouJUS\/b1OWMKnh8uJh3\/8nMHRgulOqJw\/D8kiYdcShztHgfqu7waukjvPag6nGZiZXJ8nbb1HZZThD4ZmGmvVIDd84kH9R2spUZ4EvP"}
@@ -183,24 +183,24 @@
00423{"flow_id":7,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167360,"pkt_ts_usec":666322,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA04RQAADcGG9ms2RdOwKgBZwG7z+SKJZh0+z2t24AQAVThqwAAAQEICn7IL9gAMMFi"}
00425{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167366,"pkt_ts_usec":907680,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0a4RAAEAGqcDAqAFny82XotNKAbuhD9MTKIMroIARASiQuQAAAQEICgAwx4RF8RRp"}
00426{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167366,"pkt_ts_usec":908222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P41AAEAG1bfAqAFny82XotNLAbtsCoSLs\/GQOIARARX2ygAAAQEICgAwx4VFrUIz"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1492167366908,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1492167366908,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167366,"pkt_ts_usec":908400,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8lZ5AAEAGf57AqAFny82XotNMAbt+X1IbAAAAAKACchBDOAAAAgQFtAQCCAoAMMeFAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1492167367159,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1492167367159,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":159051,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8UGVAAEAGxNfAqAFny82XotNNAbtphJemAAAAAKACchASSQAAAgQFtAQCCAoAMMfDAAAAAAEDAwc="}
00436{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":227479,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG700zSrc67fl9SHKASN8jkhQAAAgQFoAQCCApF0bHCADDHhQEDAwc="}
00424{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":227571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0lZ9AAEAGf6XAqAFny82XotNMAbt+X1Ic0q3OvIAQAOVJ0gAAAQEICgAwx9RF0bHC"}
00748{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":228238,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEilaBAAEAGfrbAqAFny82XotNMAbt+X1Ic0q3OvIAYAOWQkQAAAQEICgAwx9VF0bHCFgMBAOkBAADlAwMIMAddqPI8parJRh1yfNKrDdpzlU1BZ7DFnpjp1nvcByAw4BRL3PXeGMjW+qUk6QYvRqoU0TSzHBocUA21W5zrfgAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8CgoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhaWgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1492167366908,"flow_last_seen":1492167367228,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":264059,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0whpAAC0GZYrLzZeiwKgBZwG700uz8ZA4bAqEjIARAHjtOgAAAQEICkWtTF8AMMeF"}
00426{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":264118,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0P45AAEAG1bbAqAFny82XotNLAbtsCoSMs\/GQOYAQARXsRQAAAQEICgAwx91FrUxf"}
00436{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":489344,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hVJQAAAgQFoAQCCApFrUycADDHwwEDAwc="}
00424{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":489409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGZAAEAGxN7AqAFny82XotNNAbtphJenp1y9yYAQAOW6bQAAAQEICgAwyBZFrUyc"}
00426{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":549012,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0fK9AACwGq\/XLzZeiwKgBZwG700zSrc68fl9TCoAQAHhI\/wAAAQEICkXRshMAMMfV"}
02345{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":549744,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIfLBAACwGpmDLzZeiwKgBZwG700zSrc68fl9TCoAQAHjqewAAAQEICkXRshMAMMfVFgMDAF0CAABZAwODHFehjzW0hk5sWu5Ge8mFKciWQxbsw86zd9rLy\/qzTiB+R4AGaiYYG\/eTLeHwwqwepnXhm94m+8GpHgG9docrHMAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1492167366908,"flow_last_seen":1492167367549,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":549800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0laFAAEAGf6PAqAFny82XotNMAbt+X1MK0q3UUIAQAPtCmAAAAQEICgAwyCVF0bIT"}
02346{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":550195,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIfLFAACwGpl\/LzZeiwKgBZwG700zSrdRQfl9TCoAQAHicWQAAAQEICkXRshMAMMfVi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQP9onIxoqLlfKiUkbNgc+7yiRr7efVCxTibCqk9XQPMVvI9Aoe7O3LDaU6dLhOg8DRChtxEwJtY+NElt6TxP6+BgEBAL68Lae5"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":8,"flow_first_seen":1492167366908,"flow_last_seen":1492167367550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":550229,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0laJAAEAGf6LAqAFny82XotNMAbt+X1MK0q3Z5IAQARE87gAAAQEICgAwyCVF0bIT"}
00781{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":551584,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4fLJAACwGqu7LzZeiwKgBZwG700zSrdnkfl9TCoAYAHiNUgAAAQEICkXRshMAMMfV\/wUPj3J3gO0mKBbdMGG\/+oXHBAxnimdIiFbV5u3a8dOOCJ1fcmGnWeedg7V43T21vlini6SKaOHKuodqV+w9ljmEmp0jLlHMp+UH+4V8hIbgmPMk90l+vzhTNLfNph5Xv\/QVOsM2OTjI1rxhiQsLx1zzPlyStw5nZt7Ztpqi170qLzM3nZy2FH1ADBNtxpHLBUm59b+kWdwy2OjeYEQGB3Of58swX+iQSmZo2yxFIaV6Ib\/bWBqr59jlr2DeGQ8ZpdLz6ZfTi3O8GzeLU0IgCgTPvD1UwjI8NUD\/xpAsvNZWIYmahxWM4i7xxZVVCvD5mTDGY3Fj81uJL24WAwMABA4AAAA="}
00425{"flow_id":19,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167367,"pkt_ts_usec":551616,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0laNAAEAGf6HAqAFny82XotNMAbt+X1MK0q3a6IAQASg70wAAAQEICgAwyCVF0bIT"}
@@ -214,30 +214,30 @@
00436{"flow_id":20,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167368,"pkt_ts_usec":738739,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG7002nXL3IaYSXp6ASN8hTlgAAAgQFoAQCCApFrU3YADDIFgEDAwc="}
00424{"flow_id":20,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167368,"pkt_ts_usec":738777,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGdAAEAGxN3AqAFny82XotNNAbtphJenp1y9yYAQAOW5NQAAAQEICgAwyU5FrUyc"}
00424{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167369,"pkt_ts_usec":11230,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0dwlAACwGsZvLzZeiwKgBZwG70ypPgU2KIVgunIAQAUPLUAAAAQEICkXRs4AAMMlC"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1492167377896,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1492167377896,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167377,"pkt_ts_usec":896227,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KM9AAEAGqhzAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT1vHQAAAQEICgAw0kAycerX"}
00426{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167377,"pkt_ts_usec":936495,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Fj0AADQGCA\/YOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVQWugAAAQEICjJymzYAMHos"}
00698{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167378,"pkt_ts_usec":336252,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6dwpAACwGsNTLzZeiwKgBZwG70ypPgU2KIVgunIAYAUO4gwAAAQEICkXRvJsAMMlCFwMDAMGOrZUQQd+elpC6jXhQN0+OxKQcXsPaqnj+1ENZvcp3idjqige3Sp9lPHY+uJ33v64WfeuccJb2L+GFejBrHAWHVOhnbSAio2DFRSfAwDsFczqmZec8k66\/IRNX2\/z\/5YWZCT3eOmwSfnOC\/\/ADwJooRdfKE1JqLKXihpm3LUObOHaO66Lyygop\/1BlV5aspusDNcuRRtxWYmgN4FP8dI0tJbYetqwRirIWR9ioMQDFa6HRsijSdDMzvTAkfIMOaFem"}
00425{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167378,"pkt_ts_usec":336319,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0n8hAAEAGdXzAqAFny82XotMqAbshWC6cT4FOUIAQAgu3OwAAAQEICgAw0q5F0byb"}
00424{"flow_id":20,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167378,"pkt_ts_usec":674623,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGhAAEAGxNzAqAFny82XotNNAbtphJenp1y9yYARAOWvgAAAAQEICgAw0wJFrUyc"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1492167378674,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1492167378674,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167378,"pkt_ts_usec":674770,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8mSRAAEAGfBjAqAFny82XotNOAbtKc0omAAAAAKACchBzmgAAAgQFtAQCCAoAMNMCAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1492167378926,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1492167378926,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167378,"pkt_ts_usec":926091,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cOpAAEAGpFLAqAFny82XotNPAbtxraOrAAAAAKACchDymgAAAgQFtAQCCAoAMNNBAAAAAAEDAwc="}
00421{"flow_id":20,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":259,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA08+5AACwGNLbLzZeiwKgBZwG7002nXL3JaYSXqIARAHCktAAAAQEICkWtV9wAMNMC"}
00421{"flow_id":20,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":321,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0UGlAAEAGxNvAqAFny82XotNNAbtphJeop1y9yoAQAOWj7QAAAQEICgAw01RFrVfc"}
00435{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":33998,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG7005qx4IjSnNKJ6ASN8i96gAAAgQFoAQCCApF0b0+ADDTAgEDAwc="}
00424{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":34085,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSVAAEAGfB\/AqAFny82XotNOAbtKc0onaseCJIAQAOUjLAAAAQEICgAw01xF0b0+"}
00748{"flow_id":22,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":34520,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEimSZAAEAGezDAqAFny82XotNOAbtKc0onaseCJIAYAOUQ7wAAAQEICgAw01xF0b0+FgMBAOkBAADlAwOGOumiw0u0u0I6gmpzIGxnGk0VZSO+6aIdnNrT8rHiHCB+R4AGaiYYG\/eTLeHwwqwepnXhm94m+8GpHgG9docrHAAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABiqqgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_first_seen":1492167378674,"flow_last_seen":1492167379034,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00436{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":279841,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8iurAAAAgQFoAQCCApFrVgaADDTQQEDAwc="}
00424{"flow_id":23,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":279928,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cOtAAEAGpFnAqAFny82XotNPAbtxraOsZPN7f4AQAOUT8AAAAQEICgAw05lFrVga"}
00424{"flow_id":22,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":394583,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0P71AAC0G5+fLzZeiwKgBZwG7005qx4IkSnNLFYAQAHgiUAAAAQEICkXRvZkAMNNc"}
02343{"flow_id":22,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":396531,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIP75AAC0G4lLLzZeiwKgBZwG7005qx4IkSnNLFYAQAHjUhQAAAQEICkXRvZoAMNNcFgMDAF0CAABZAwP2cjKwLiUUHBPfMsc2itTJJSkFWQr9crF5wSNcPq+FziCc+qdX8GXELVfQ5N806uYJcFsoXMTX+cAyXbg9n1utjcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":238,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":6,"flow_first_seen":1492167378674,"flow_last_seen":1492167379396,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":22,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":396586,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mSdAAEAGfB3AqAFny82XotNOAbtKc0sVaseHuIAQAPsb3QAAAQEICgAw07dF0b2a"}
02695{"flow_id":22,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":397022,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMP79AAC0G4U3LzZeiwKgBZwG7005qx4e4SnNLFYAYAHgsPgAAAQEICkXRvZoAMNNci6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQSQKp51JuXPAhGfTXtbVBzWGCw+khkAuEoljsqTixbQ3MD2wv+poLjnkTVqvAyzVTsUAWoSBKdYk7rkC0BncsZxBgEBADrEUjGwJTQH\/3utg2jIgJfmRkSvcBM0nmPqGn2EQCMqIlKTQMwEPTbap39FdNIXj7WnyULGI0mijdVCYxDBGb1E7ekdapWy4ImeBIecAWZPTeQv6TP5cwWhxtR2bocV7XNUk1WNPx+ZR22LO4VCeRYGhB5fXkBorUDkv7iNXodjEl5OGKB+knwJaCiegC5nbaibgU5tUZ5gzvPpt4vM\/iY5bnzbccPVq25b7aQc11FfxDe2XY3LTqxtdXha+sWQ63tNKyZpJGhVcIc53lm4xkDaOx7CmNlh0mQZqDilx8vr0kKWKnJpIzDFg44CNyyM6IbcAALi8XRABFV10FpSEWIWAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":8,"flow_first_seen":1492167378674,"flow_last_seen":1492167379397,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":22,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":397054,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0mShAAEAGfBzAqAFny82XotNOAbtKc0sVaseOUIAQARUVKwAAAQEICgAw07dF0b2a"}
00596{"flow_id":22,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":400634,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACymSlAAEAGe53AqAFny82XotNOAbtKc0sVaseOUIAYARXHHQAAAQEICgAw07hF0b2aFgMDAEYQAABCQQQDGk5eUBtKpsuLsWox1TrmdQjPGpitnO2j07CAKLAS9gK8+k0MWvCOzEv3KKallXpE2DShuJG56zcCZdCOOMJWFAMDAAEBFgMDACgAAAAAAAAAAJ2Non8CnOdee+SRAiPzB6j6y9fjWuZ0WgelacS8R+j5"}
00495{"flow_id":22,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167379,"pkt_ts_usec":756739,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnP8FAAC0G57DLzZeiwKgBZwG7005qx45QSnNLk4AYAHgb+QAAAQEICkXRvfQAMNO4FAMDAAEBFgMDAChHOK6vDZXWbpq+G499J6WMaHFpG+2cm4rM3CIy5gGcC08FRdTkYbul"}
@@ -246,18 +246,18 @@
00425{"flow_id":22,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":125953,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0P8JAAC0G5+LLzZeiwKgBZwG7005qx46DSnNSRoAQAJ8NLQAAAQEICkXRvlAAMNQR"}
02362{"flow_id":22,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":158785,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIP8NAAC0G4k3LzZeiwKgBZwG7005qx46DSnNSRoAQAJ+3HAAAAQEICkXRvlkAMNQRFwMDBjhHOK6vDZXWb8K9uQJpNnm7MY9fWKyx9uA2e2tIKxuPK49b6XnrqL45BR3BcpWqbMCLvAHyedWAoGn4dk2TmK2ATQVsGiXT28fifp8v+RJEOO1QdyHs42f5UmnUvNYrefcHcCjpTB7VI4FwAA8yaw\/5b4E91lHuNv5Di720fCarTra6zDaet7FYt6jsjY1Lk\/G3yR5yW88lJzG\/g9powclcVkQFhHhSeN+rkbyNSLvGxTKbUFT\/CMAql+HX+sTlMRhtVZVNKv\/IqgtrruUyjXx4riz6zvLCS7UVgyhZHMHS\/7pAXoYme3EYd4\/vcswItkvfGSDLsen0IojoOGRI4xbSpLz6XYDk97lTlzJ0M91gB4\/o2YZpEdhnVMroP3JcVfdn53AY9CdZtYDmlsXbZv5LGClSfkhm\/bwTCshn53B7tsA3m7061cPiOt2rMwQDqlwob5v6xAeZZup3tBO+5bqoJXd2vv8kRsXMHpU7l3ZKIqYZ5J9iysRNmkNYbmmtPR6vmiO2yVSAB\/LexXuztbTXE4r5WvUD1wuypAiXqICAbyqQT4mz5XvXMNxbutD9gp4kR12cRcg9D0pJ8OYr3HqeCWomvT3B9TXiHoPKnV+YzNr64gYGtlmwui1YvUmWSq5sJAs4Lg7dz1KjORI1v7ukfJjD0sGdC72JUL33KRjbYV4p3rVhLwKYVmH7fcSH3KZH4LEbYHSeeDscsXlqiBU\/Y6ZTriy8M1AYFe6bQBmyiX2fcXy3Dj5VXPHdnVkXnTwSuo+eN\/fSlVEHCpcmpzWiOXovtUpyWBAYOKGnVQw3iYt9xiXxBYsdv2U3dkZxYDQU\/Vt6bbNAP5wzjoOso2NY3owQ+uXXzqt6HleYG6Bi+n7sJVC0Qz4JCBF0UvmbqZMHK8mmR5CYhvMD0UvXG5e+gQ1\/KPUjkEbxhPoIRuoCw\/fh9bK1kbXojwMsY3Iv6G7bGmPdyMhfY2KsEm8STsDPPVAwtAUig0lRcgs7mOmGOLk\/+L5JVhUKx6LEc\/kQ8w6GwgRiYLh75hMY7Buwz35OlsPvj1iCKS1QBNVJVnQlJ3QiARzCFqWSIUXbdiQZh0QkX2EEq4SmaZJxbDF04QsDXGkWjlegOqyLkZY\/5tD7TS9kc1YYT7Sx17qukq7DQBhP+nSeLybrcKoNdEJdDeng37EDRmmUieCxflso0YL42v24AFXi0vFFKxKB\/nbW8oIXgH1kuQawITOjoB5T1e7fP24Tqeplq50rwAy0yeH02anLOHZVljt2BaTEC3XU8cFcwS6mikLToBcxNRXsOoDedG\/zRwcw5o8xC2JkkHYMCb7W2qKLwrWmgOIvhKRdEwIRV8WN9zWWvCHBYBvnwoqy22CkqIYo3E0C04Uw7RBLeH4o0fuOCYrp9zgjWCs3wo2jAxTe3WwQOxP4Jc43KOrBbzVagVcg1HFAcwtt6b6yIhAkQTsIFTafiH\/w9bpvu2TmmL5LaYgAwkGmjpGI6g4YqpRwunT5BTZzB0pJ2gklU0nc\/2RFXhPZ5n01Wu\/q88HWWLT1D6rInP3ZKksOts9Xk9NG7ujgmIM8Na3mb99aLx\/oO3hYpSvZi0EBdAu4YjMNtQBLkxW+GqppGuOUeIFXjZlC5+yXTxgeF8XUP6vstyg00mTrLNnXLqq+oLqBnzO97Te+5M2U2XDCoXLJPuK5KCyjNaOn7rah454xLSnX01svTtoIItEGJ3nfEQiVm965X6hEDe6Bx0bL6NJo6frsYZzKDFsXJpwhHsAHmDoe+MSgtPK0fG\/u\/IBZvg0uKpK6sTyoTZ5n6Yw9jDkzb37rmEUVpQq9SeGih58vOLiIdCPMLBr9CdV44D4F\/41ZAtP7G8ysUVYmqWkQsg0DKEBQmWmfdTgiE11ZMwClTqwo"}
00750{"flow_id":23,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":233041,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicOxAAEAGo2rAqAFny82XotNPAbtxraOsZPN7f4AYAOVbvgAAAQEICgAw1IhFrVgaFgMBAOkBAADlAwP\/XNiqxBer6CoBriARmvadzv\/U5kXIDNO5dJQ14ZPOdyCc+qdX8GXELVfQ5N806uYJcFsoXMTX+cAyXbg9n1utjQAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB82toAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABiqqgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_first_seen":1492167378926,"flow_last_seen":1492167380233,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
02041{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":242615,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"pkt":"8IQvSpdgeJKcD6iOCABFAATYn8lAAEAGcNfAqAFny82XotMqAbshWC6cT4FOUIAYAgvsgAAAAQEICgAw1IpF0bybFwMDBJ8AAAAAAAAADGqRIyt3e4c3YdVy0fwI5trea0bIMCV5scLGGeFVlbUEXq8UZGK3vmg+j1bpwjUvX9dp+MAKqlXZjnlhcinu3jFMwqYAB7Pgl\/RSX+LVs7iHm8UJOI+3cqGge3LlAwSlAwk0VUqouRNTtkbIatS9e+UrWOdyQBaGfM\/ktAEgkx0nB4IAolWMGhDvITwQyFxPi25sKlWlCuzJTUjphTJgxIImr16ATWiio0hNqhwxRvijJLt\/pGbykyhOr6l1b6ek007AggcYY8dE3mWWww+TlOXkRbrTkuspPTDH\/E0MQZqtUQdwtnJTiyLedVp6SB9oVZEHIi05+KIO\/HO9RrVUYj99bgr9\/eXI\/nrPTT10QiGnoMM6GbHS05yGOBuJJ3G7VLX+F6\/qDGqFsHFf1JbFFbonY5R3aLp6eDkG39gl5WFKLfMizWW7+xQ4MPPwnkqm0rE0OruF4UOrvisqhxjVnCUAmxR1PBziY2Dbv5pRqRH+xVeSFT5UVq34yPgx7kwLMIRbijEhdxgOZ1RUNVqLurf7LJCayW2rOBBP3eO6yzyKPug1QNPxkh5TlFVr9xzpAc5a9U\/xKxdpsm4T1FhokR9k5JPROpgqMOGjiMaxo3J6IBb3xm5hHuifDBKUP+m1p7Xn9RYV6wBOZ1HuK06XYjiwF7\/gDqO2Gg2JpkcTF8Xu6ih91uoiuyBAUXCLZbSFb6l38p1bLUv\/GKCoutrT8dLdnkJXmEtdi4t5Sc4CopO8oPeAeXuat0DU+6\/mPOZGaPNuxHbE4Lp0iWWGhJ5Q7d7qjdWlji5WwBr7L12HbgXRQ1eB7o7fNPOAF5UIu\/WM12Z6gW08FnIEe6OHNDxrtl25r490gwDPBQQaMsDSVZ0p6MfUmg\/TZcWaYEfSvxy3lSYaS524G7BU5HMwcDcTbKpF1dYz5VoEPPjYmWvhTv6XyRewzBqBEsDp5w0vIQ2ksvfQWwrlNvE2VBqTt4J2ocz0\/jj4FMJ6bkoEIBq7GGpv043bFVzUYG+raDHVPAmnQ5HuSB2FiGzyvp\/ynZ69TblsmWry95Bv2dMmlXDaFNcQn0w9Sc9lhHC8\/luMFe9R7PtxDPpPsYybbdvwYVVm7iix3lLcv4+pKO7wawUjQdt3fUs8iW69cyMT+1bhelqK6xx\/Bsk5P4B3n+QPBTbGGUEn7nMMpZaa51nh+wuOLRjsOhVIBkrf1y7sOdcAJSFzwIPNASwkRBO\/+QeCIx3\/kn1twlp7FG+KPLn6EvQLiMJ8F6bPcQoJt2UD\/YAB\/3zEI8EEoS2QdqIYAkGZiHS5bYaweMeM3ZJmu9r\/NEeAqBlaYLmNjwh9lDd+5NyP4VmNEe9lfO2rwAM\/qSiQ\/819ojb+tAjlO1LkBmUq0id8KoKZh6ptH7AoKvjiGyy89mVnivW7btYoo5QWJ\/BNV26OMCReMJTU317dcgylavX+3K1V6FhSggO44mWVD2N6tXzdgMwUbraGoqwGOF6maZ+n6NvW6+aQkF6M6RxeTsP5Nhow1MBIgJQ8Tb6TdLPguZDSXbOfMyhzuD3GycClAZBa5RuX5uBIIKdJ"}
00436{"flow_id":23,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":457988,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG7009k83t+ca2jrKASN8itLQAAAgQFoAQCCApFrVlBADDTmQEDAwc="}
00424{"flow_id":23,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":458046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cO1AAEAGpFfAqAFny82XotNPAbtxraSaZPN7f4AQAOUR2wAAAQEICgAw1MBFrVga"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1492167380581,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1492167380581,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":581732,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8GvtAAEAG+kHAqAFny82XotNQAbtFV84kAAAAAKACchDy2AAAAgQFtAQCCAoAMNTfAAAAAAEDAwc="}
00425{"flow_id":23,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":585727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0Ih5AAC4GBIfLzZeiwKgBZwG7009k83t\/ca2kmoAQAHgROQAAAQEICkWtWWEAMNSI"}
02347{"flow_id":23,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":590172,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIIh9AAC4G\/vHLzZeiwKgBZwG7009k83t\/ca2kmoAQAHi+xwAAAQEICkWtWWIAMNSIFgMDAF0CAABZAwMNrCSIDNOLvQwu+WC\/XbJdKP194hOWV0n1i\/00hc5t9yBcCmKlnX0+l8+VUFMMn312MkptWFpvDfV3jpkpWVkCt8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":265,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":8,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":23,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":590211,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cO5AAEAGpFbAqAFny82XotNPAbtxraSaZPOBE4AQAPsKyAAAAQEICgAw1OFFrVli"}
02347{"flow_id":23,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":590625,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIIiBAAC4G\/vDLzZeiwKgBZwG7009k84ETca2kmoAQAHgahAAAAQEICkWtWWIAMNSIi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRuQZta7ETnvqFtrDw9Sift1iQXzYX72v26iTZCGzisTf7d+QKS2SpiQA5l8Dy7GgZRVhB+DXag5C8DSCCKjdDPBgEBABnKlY47"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_tot_l4_data_len":3438,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":343,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":267,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":10,"flow_first_seen":1492167378926,"flow_last_seen":1492167380590,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":309,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":23,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":590649,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cO9AAEAGpFXAqAFny82XotNPAbtxraSaZPOGp4AQAREFHgAAAQEICgAw1OFFrVli"}
00780{"flow_id":23,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":591251,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4IiFAAC4GA4DLzZeiwKgBZwG7009k84anca2kmoAYAHjl+gAAAQEICkWtWWIAMNSIRkegUwvMxkxVvteWTRtsy7b6NWkuMrZF4TyVgb+E5NdsFtADy6H37iuqs2GVTfzS3XJPvLl3D+Ri0ojp6RMGjY8ZVkX\/k4QQz9yw\/Njz4veR\/gCMZ6Itbi6hRLL6p9wdeRluCe4af35kT2e2dsJAEwU69kODFYvUDnl2Dque6AtNTIPBK1zE6+TyM0srw6tg\/ElUwrAI8dqVU2p9s+1hIyhy1SQe8f5Mqi921MHuqt2hj4JtmhI3cs4h14ogHwkVPTXKJC+WLXY98QB5iWBEkL9a8b0BCtimgSnGXOR+Ay1FRh8sbaI6RImz4Wph0CkNS4OBDl1wg+lDBuoWAwMABA4AAAA="}
00425{"flow_id":23,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":591287,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cPBAAEAGpFTAqAFny82XotNPAbtxraSaZPOHq4AQASgEAwAAAQEICgAw1OFFrVli"}
@@ -265,7 +265,7 @@
00436{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":894348,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701DDsQ6LRVfOJaASN8i7gwAAAgQFoAQCCApFrVm2ADDU3wEDAwc="}
00424{"flow_id":24,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":894386,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GvxAAEAG+kjAqAFny82XotNQAbtFV84lw7EOjIAQAOUg0QAAAQEICgAw1S1FrVm2"}
00748{"flow_id":24,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":894610,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiGv1AAEAG+VnAqAFny82XotNQAbtFV84lw7EOjIAYAOWJCgAAAQEICgAw1S1FrVm2FgMBAOkBAADlAwPkquj1+KgT4KNlV8MaR+Hdvo3+qTOKljkN+dwtx1j15iCc+qdX8GXELVfQ5N806uYJcFsoXMTX+cAyXbg9n1utjQAg6urMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIqqoAHQAXABj6+gABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_first_seen":1492167380581,"flow_last_seen":1492167380894,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00447{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":947303,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABExrdAAAERD+fAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00477{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":947353,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00448{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":947734,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABExrhAAAERD+bAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
@@ -273,10 +273,10 @@
00495{"flow_id":23,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167380,"pkt_ts_usec":953431,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnIiJAAC4GBFDLzZeiwKgBZwG7009k84erca2lGIAYAHihjgAAAQEICkWtWbwAMNTiFAMDAAEBFgMDACh0+E7epZD9eVBRkwrRTXJ2FcCaScxzkJxpEodh7Yei1lVGF6yGLPn7"}
00424{"flow_id":24,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":211728,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0VIpAACwG1BrLzZeiwKgBZwG701DDsQ6MRVfPE4AQAHggAAAAAQEICkWtWgYAMNUt"}
02344{"flow_id":24,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":212485,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIVItAACwGzoXLzZeiwKgBZwG701DDsQ6MRVfPE4AQAHjgBAAAAQEICkWtWgYAMNUtFgMDAF0CAABZAwOeRml+UEXV\/c05TUmeBavqKEyDNwxx0uepvO9Vp653ByA3mLBCmIceJJgOxXyELRaSDZshWQNNLhQemCnnvWjec8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":6,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":24,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":212528,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Gv5AAEAG+kbAqAFny82XotNQAbtFV88Tw7EUIIAQAPsZmQAAAQEICgAw1X1FrVoG"}
02346{"flow_id":24,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":212932,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIVIxAACwGzoTLzZeiwKgBZwG701DDsRQgRVfPE4AQAHjpiQAAAQEICkWtWgYAMNUti6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQSMuE4RsBoYpE292p5R+anu9ciUT\/Hc468n4OA5+NEg0+be4WfoFqBtj9V6cpBSJhCEsGS8qvF5xqCEo9MXukVtBgEBAF6VvgGy"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":8,"flow_first_seen":1492167380581,"flow_last_seen":1492167381212,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":24,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":212968,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Gv9AAEAG+kXAqAFny82XotNQAbtFV88Tw7EZtIAQARET7wAAAQEICgAw1X1FrVoG"}
00781{"flow_id":24,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":214255,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4VI1AACwG0xPLzZeiwKgBZwG701DDsRm0RVfPE4AYAHjX4AAAAQEICkWtWgYAMNUtMtEcXJQP74kjXZiXpO26folEXtE\/5wUdXtwlTodUkQ4eQ0khK3WcW7Fn72amkTQ2YBqN\/S29luRw6pGj8WveriECv6W\/V1sKsSHWojIXmb1R24hbXhjVOMFpTnUO\/38G7ai5USiUxLHmi\/GUxg34DK0IjWMCRruY47ZZUxEQ5bWfimxb4PQTCdVAKgXnRr5qaieYoUmcSfKPzfueCVbS1BQ1EnbyxER3tYNfbGAPlZRoIN9MOSPtlPl6IcGZyV7Vywz8ButClD0PsxQZHJ0N1tFdSbN4K9pjdpD7gpkvEdUsVs4DNujVW8G7Vsm2sWuPrLSW7UN4uAhGzn4WAwMABA4AAAA="}
00425{"flow_id":24,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":214287,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GwBAAEAG+kTAqAFny82XotNQAbtFV88Tw7EauIAQASgS1AAAAQEICgAw1X1FrVoG"}
@@ -285,7 +285,7 @@
00425{"flow_id":24,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":568242,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GwJAAEAG+kLAqAFny82XotNQAbtFV8+Rw7Ea64AQASgRewAAAQEICgAw1dZFrVpV"}
00448{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":948192,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABExsdAAAERD9fAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00478{"flow_id":3,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167381,"pkt_ts_usec":948330,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1492167382020,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1492167382020,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167382,"pkt_ts_usec":20263,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokulAAEAGgjbAqAFny82X058kAbutvz98aYB+jlAQAdESKQAA"}
00417{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167382,"pkt_ts_usec":374842,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoL8xAAC4G9rPLzZfTwKgBZwG7nyRpgH6Orb8\/fVAQAIMTdgAAAADZK2u8"}
00448{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167383,"pkt_ts_usec":949003,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEyKRAAAERDfrAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
@@ -293,22 +293,22 @@
00424{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167397,"pkt_ts_usec":120263,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePJAAEAGFx3AqAFnQOmnvIyxFGy60MyoSq1b+oAQAO0gQAAAAQEICgAw5QaFnXDI"}
00424{"flow_id":12,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167397,"pkt_ts_usec":175313,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0qRsAACsGO1RA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWWjrgAAAQEICoWeIMQAL7Ej"}
00425{"flow_id":24,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167400,"pkt_ts_usec":811884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0GwNAAEAG+kHAqAFny82XotNQAbtFV8+Rw7Ea64ARASj+rwAAAQEICgAw6KBFrVpV"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1492167400812,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1492167400812,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167400,"pkt_ts_usec":812629,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8voBAAEAGVrzAqAFny82XotNRAbuSN1YhAAAAAKACchAKOQAAAgQFtAQCCAoAMOihAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1492167401063,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1492167401063,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":63693,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/z9AAEAGFf3AqAFny82XotNSAbu9GRfgAAAAAKACchAdWQAAAgQFtAQCCAoAMOjfAAAAAAEDAwc="}
00436{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":175317,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701Ey6mUDkjdWIqASN8j5bgAAAgQFoAQCCApFrW16ADDooQEDAwc="}
00424{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":175359,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voFAAEAGVsPAqAFny82XotNRAbuSN1YiMuplBIAQAOVesAAAAQEICgAw6PtFrW16"}
00750{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":176057,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEivoJAAEAGVdTAqAFny82XotNRAbuSN1YiMuplBIAYAOVZ9QAAAQEICgAw6PtFrW16FgMBAOkBAADlAwPYeeuaiTy\/tIyKXoKofIhRithfsRyeOK+DY3\/clVFvoSA3mLBCmIceJJgOxXyELRaSDZshWQNNLhQemCnnvWjecwAg2trMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB86uoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABiamgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1492167400812,"flow_last_seen":1492167401176,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00436{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":410519,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8iiggAAAgQFoAQCCApF0dMbADDo3wEDAwc="}
00425{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":410611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0BAAEAGFgTAqAFny82XotNSAbu9GRfhaSEzFIAQAOUHxwAAAQEICgAw6TZF0dMb"}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":535088,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0CNFAAC0GHtTLzZeiwKgBZwG701Ey6mUEkjdXEIAQAHhd1AAAAQEICkWtbdUAMOj7"}
02346{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":535740,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXICNJAAC0GGT\/LzZeiwKgBZwG701Ey6mUEkjdXEIAQAHjHlQAAAQEICkWtbdYAMOj7FgMDAF0CAABZAwN83+a2Me56fibXx78rUR363\/nTU2lB5WzIcz9sv1UMVyAaIhm+GrvSL4C3za8tBz\/r8L0Wzeb9BIm3rLTP4zTFlMAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1492167400812,"flow_last_seen":1492167401535,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":535804,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voNAAEAGVsHAqAFny82XotNRAbuSN1cQMupqmIAQAPtXYgAAAQEICgAw6VVFrW3W"}
02701{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":537513,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMCNNAAC0GGDrLzZeiwKgBZwG701Ey6mqYkjdXEIAYAHgsPgAAAQEICkWtbdYAMOj7i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQfn61MCOntjQBNjCmmmldM\/GDNnHO6scDwbjNlCfZN9uXmL0ohSb5bGJjCQtFyK1jVyQzz92e05XdNwElXrx4qBgEBALtnr\/UL\/ucyTI2a49U6884nZEhP7T9DIs6D45g4GtqwizfD6g4Veq\/aC6xxcrjSuOX4NNVam2QlYnlwR50m5UXhlmxaaiJiPZHUVm7MEJcLJqiad5sLjBnocfb1mOwxYjqrXK7xT\/D2Je1LvHEEDHQf46JWeA3FaZ+ikHxR3VKF3NZUUTEaficAIp+ghIEgWjLvH5y6ATevX69WFA\/PdFWfKlhZ\/jZ8nk+VwMr+TNUzYIVWEZLrAt0+nlGVg8o\/b91ffsnpJVM9o16770l55XNmTWnQx9vASLjp59vV9SIHYrbcHR3F1cz4rmK0sFY8WKVf3UPDc2hN6h0t2rBuA9wWAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":368,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":8,"flow_first_seen":1492167400812,"flow_last_seen":1492167401537,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":537558,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0voRAAEAGVsDAqAFny82XotNRAbuSN1cQMupxMIAQARVQrwAAAQEICgAw6VZFrW3W"}
00598{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":540714,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyvoVAAEAGVkHAqAFny82XotNRAbuSN1cQMupxMIAYARXRzgAAAQEICgAw6VdFrW3WFgMDAEYQAABCQQR+Zzl6OF3mpBTuo1MHw06sa3HXCYdc2aan\/mlkbUAtlxEnFnijBED0VLBGpUi2PPuMFOYY4FqU2Kwbgr9KoNadFAMDAAEBFgMDACgAAAAAAAAAAPY\/RIx9sjpUCxjOK2FLU4x2pg76qmzxkX0LqNsEQp1b"}
00498{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167401,"pkt_ts_usec":897493,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnCNVAAC0GHp3LzZeiwKgBZwG701Ey6nEwkjdXjoAYAHhVMwAAAQEICkWtbjAAMOlXFAMDAAEBFgMDACj\/FfgXKdx6o9tjixDT8r1LXUhCaN6fSWvolEpiQojx\/\/sEVcb95exU"}
@@ -321,16 +321,16 @@
00426{"flow_id":26,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":271345,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0CNZAAC0GHs\/LzZeiwKgBZwG701Ey6nFjkjdd84AQAJ1JAAAAAQEICkWtbo0AMOmw"}
00408{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":309809,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAokuxAAEAGgjPAqAFny82X058kAbutvz99aYB+rlARAdESBwAA"}
00750{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":310146,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi\/0FAAEAGFRXAqAFny82XotNSAbu9GRfhaSEzFIAYAOXLGwAAAQEICgAw6hdF0dMbFgMBAOkBAADlAwNcdyw1yRDcJ84bZrg3yfpXPyAQAyCg+1tU4GVhjRrgZCAaIhm+GrvSL4C3za8tBz\/r8L0Wzeb9BIm3rLTP4zTFlAAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8KioAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABg6OgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1492167401063,"flow_last_seen":1492167402310,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00744{"flow_id":26,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":335967,"pkt_caplen":297,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":297,"pkt_l4_len":263,"pkt":"eJKcD6iO8IQvSpdgCABFoAEbCNdAAC0GHefLzZeiwKgBZwG701Ey6nFjkjdd84AYAJ36FAAAAQEICkWtbp0AMOmwFwMDAOL\/FfgXKdx6pGbalAz1ohkcA0lw2HwrHPuK9\/idzZPdcoSBfT7Jc5IB8+Q0\/iqiXWeiux54PEEb10mQ0NnmXUs1k9xWI1fO18IfaEHWmMVhXjTjn39E+xIiT\/rMyrwzBhM3vPKdwzqG2+\/pOewuwuaLCD2dBP+GQFajVHfNPwkJDAViiuPi1wGVZfBQk9kFJyHbovzhq7lZ+zlig0PtFdEi9Yiz60lOElWBfnTwm\/g1rqQnV4R\/ExK\/5BeoIvKE5wRE0CUm6sSbJRT8k81DbZZGlff0xmTiGNfAOA7sqmYeeMCC"}
00436{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":503323,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701JpITMTvRkX4aASN8ihIwAAAgQFoAQCCApF0dQjADDpNgEDAwc="}
00425{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":503381,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0JAAEAGFgLAqAFny82XotNSAbu9GRjPaSEzFIAQAOUFyAAAAQEICgAw6kdF0dMb"}
00424{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":663779,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA050BAAC0GQGTLzZeiwKgBZwG701JpITMUvRkYz4AQAHgFLAAAAQEICkXR1FQAMOoX"}
02346{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":665578,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI50FAAC0GOs\/LzZeiwKgBZwG701JpITMUvRkYz4AQAHj1YQAAAQEICkXR1FUAMOoXFgMDAF0CAABZAwPjjdO\/iKaTvZmxOOQcIaPi+XwdRT085iLMQSzoXvX2CSD2Roioh3VliBz70\/MEuqHmVMPaLVlcE9C1qSXIt5UDlcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":389,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":8,"flow_first_seen":1492167401063,"flow_last_seen":1492167402665,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":665635,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0NAAEAGFgHAqAFny82XotNSAbu9GRjPaSE4qIAQAPv+ugAAAQEICgAw6nBF0dRV"}
02698{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":666132,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbM50JAAC0GOcrLzZeiwKgBZwG701JpITiovRkYz4AYAHgsPgAAAQEICkXR1FUAMOoXi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRiCB\/oTnfbUwjHRkWGqKpkzWY2pPBFPSI0yl+TbNLg7osPgJcu3tO6CEuqUsUJjoo297g\/pub8Uk3SYQMbvnV8BgEBAAIRTPBMijx0A7fIwTN60i3BCQJK21T88+nZ0ohdQLtYXD8\/2Xu42EjSiOL4mMaRS77Lrj9FAnr3YwBIRoBj5ZexvizNqBZJjFOhCmH6CvsZswlyVIkh9WLXL5peuFTT5PdamoHJ0r5DMgU1OcATqzbQaTWDyCTkmWiu2xACXKNgb8p2IgGnpQK5LKxb7TPAuaJgJUboC4mA1aHYwMbhfvelmQQdHX1pXUjinFKE1tX5o6J8aYViGPJxnXnnIfo6K6TtO8nECxxn1upXYeDQGfk8aHchQCyPvNEQEF6u2ITkaCyH5bymmaKW4FybaGsc5FpnHpv26eig+cwL\/mPOvkwWAwMABA4AAAA="}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_tot_l4_data_len":3698,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":10,"flow_first_seen":1492167401063,"flow_last_seen":1492167402666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00427{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":392,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":666174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/0RAAEAGFgDAqAFny82XotNSAbu9GRjPaSE\/QIAQARX4CAAAAQEICgAw6nBF0dRV"}
00409{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":666204,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAoAABAAC4GJoDLzZfTwKgBZwG7nyRpgH6urb8\/flAQAIMTVQAA"}
00600{"flow_id":27,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167402,"pkt_ts_usec":669115,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACy\/0VAAEAGFYHAqAFny82XotNSAbu9GRjPaSE\/QIAYARWScwAAAQEICgAw6nFF0dRVFgMDAEYQAABCQQSodlJVfkgcPdCNyg8MxcPPyMMVu2GGgiiQcNvSk\/XPNS4tHGVpWALjyRNlzUBgx8BOzjGw3P57YxKONN42aXs0FAMDAAEBFgMDACgAAAAAAAAAABpHCGE0LVyx5Ogac1iVBZTsPVuaoIc1Qg\/Jbk1Zpdak"}
@@ -345,41 +345,41 @@
00478{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167411,"pkt_ts_usec":268762,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00425{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167422,"pkt_ts_usec":952271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNBAAEAGqhvAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT2SvQAAAQEICgAw\/kAycps2"}
00425{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167422,"pkt_ts_usec":991183,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0f4cAADQGnsTYOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVRmugAAAQEICjJzSzUAMHos"}
-00435{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00443{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00404{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167440,"pkt_ts_usec":370306,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9gAAAEC8bPAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00467{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00475{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00411{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167440,"pkt_ts_usec":984773,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPkAAAECRRTAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00436{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1492167440984,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1492167440370,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":12,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167442,"pkt_ts_usec":172270,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePNAAEAGFxzAqAFnQOmnvIyxFGy60MyoSq1b+oAQAO1ERAAAAQEICgAxEQWFniDE"}
00425{"flow_id":12,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167442,"pkt_ts_usec":226462,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0\/NwAACsG55JA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWXzsQAAAQEICoWe0MAAL7Ej"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1492167443647,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1492167443647,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167443,"pkt_ts_usec":647047,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPoAAAECRRPAqAFk4AAAFpQEAAAiAPsBAAAAAQIAAADgAAD8"}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1492167443647,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1492167443647,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00408{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167444,"pkt_ts_usec":467952,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPPwAAAECRRHAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00408{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167449,"pkt_ts_usec":288224,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00411{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167449,"pkt_ts_usec":586432,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPQQAAAECRQnAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1492167452759,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"wechat.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1492167449288,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1492167452759,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167452,"pkt_ts_usec":759446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XuFAAEAGtlvAqAFny82XotNTAbtWrkW6AAAAAKACchAjbQAAAgQFtAQCCAoAMRtbAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1492167453010,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1492167453010,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":10353,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8DstAAEAGBnLAqAFny82XotNUAbuiFhVRAAAAAKACchAILgAAAgQFtAQCCAoAMRuaAAAAAAEDAwc="}
00436{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":125561,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701NWIPBqVq5Fu6ASN8jLwAAAAgQFoAQCCApF0gWaADEbWwEDAwc="}
00424{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":125650,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuJAAEAGtmLAqAFny82XotNTAbtWrkW7ViDwa4AQAOUxAAAAAQEICgAxG7dF0gWa"}
00750{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":126120,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiXuNAAEAGtXPAqAFny82XotNTAbtWrkW7ViDwa4AYAOUnVwAAAQEICgAxG7dF0gWaFgMBAOkBAADlAwMB1JsivsRgj8yUUGC\/C0eM+z7uYBFdAkifuDVMARIokyD2Roioh3VliBz70\/MEuqHmVMPaLVlcE9C1qSXIt5UDlQAgCgrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8mpoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI2toAHQAXABgqKgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1492167452759,"flow_last_seen":1492167453126,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00436{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":357624,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gDZQAAAgQFoAQCCApF0gXVADEbmgEDAwc="}
00425{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":357702,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsxAAEAGBnnAqAFny82XotNUAbuiFhVSX4uT4oAQAOVoqQAAAQEICgAxG\/FF0gXV"}
00424{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":494187,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA09Z1AAC0GMgfLzZeiwKgBZwG701NWIPBrVq5GqYAQAHgwIwAAAQEICkXSBfYAMRu3"}
02344{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":494952,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI9Z5AAC0GLHLLzZeiwKgBZwG701NWIPBrVq5GqYAQAHhYvwAAAQEICkXSBfcAMRu3FgMDAF0CAABZAwN6N5cNcKB+geZ586vm83PPhTrmXxNHenpMA7hzmZodZCDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJsAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":6,"flow_first_seen":1492167452759,"flow_last_seen":1492167453494,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":494995,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuRAAEAGtmDAqAFny82XotNTAbtWrkapViD1\/4AQAPsprwAAAQEICgAxHBNF0gX3"}
02700{"flow_id":32,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":503112,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbM9Z9AAC0GK23LzZeiwKgBZwG701NWIPX\/Vq5GqYAYAHgsPgAAAQEICkXSBfcAMRu3i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQSPkMfKw10jFMaRSAnXxd9r1t17LwS+aMPmApZZbfSXP0\/fWlyIToTneiL+QDMhsA1WoF5d0Su\/mCO4hAcQSFxxBgEBAFR74UoSL0b+jqsoSuKqGa4DlzExNf2fj\/VtLFzWfqyINaDl5rnJVFqEm08mNo0decbeQ0LfGXeY\/ZVKWLhL4oX2qYQuV0a6l5WWlz97kfhOzR0p2sFswTCjFWxqR25f3UG6vYLrXH9gMPcyuU2LcMcv94vbKGEE\/4iXgNeZ7ab1p+z1bK0+4FmgQjOZk\/qBByyRPrXhBO2SbqAXTdDQyFoS2lpbsxIo654dF5qMCX8Lyhk42vRVy4gvXoNtBxJqgsMJF2UcW3jbnuKu59F+PrIWN+MYhrKFPZQ0xjNi7muyFF6Iv8cXw0h7m5IHfZmBupLYosRzNZB16cjQPS4XnTUWAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":8,"flow_first_seen":1492167452759,"flow_last_seen":1492167453503,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":32,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":503170,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XuVAAEAGtl\/AqAFny82XotNTAbtWrkapViD8l4AQARUi+wAAAQEICgAxHBVF0gX3"}
00599{"flow_id":32,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":506267,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyXuZAAEAGteDAqAFny82XotNTAbtWrkapViD8l4AYARV8ugAAAQEICgAxHBZF0gX3FgMDAEYQAABCQQTAUPypt9xaHCSU1tnZVmstVn87nMzf1JxjuZz0Dcm\/IjiDmrcH8Xg1GCgransUMQVsGK3AuYrz2m\/ZIpTChkN3FAMDAAEBFgMDACgAAAAAAAAAAK4eB3OcBQ+sbR1xd9XV894cFoYH\/CR+gwJ4Wm5PTFbT"}
00499{"flow_id":32,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167453,"pkt_ts_usec":870993,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABn9aFAAC0GMdDLzZeiwKgBZwG701NWIPyXVq5HJ4AYAHhfKgAAAQEICkXSBlUAMRwWFAMDAAEBFgMDAChEfqMDeLUua6RwlKh9qSN0\/\/E\/94R6G\/s4Y+xlw8mnUe4ch5s4cMck"}
@@ -388,64 +388,64 @@
00425{"flow_id":32,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":249739,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA09aJAAC0GMgLLzZeiwKgBZwG701NWIPzKVq5N2oAQAJ8a9QAAAQEICkXSBrMAMRxx"}
02360{"flow_id":32,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":342463,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI9aNAAC0GLG3LzZeiwKgBZwG701NWIPzKVq5N2oAQAJ9QIwAAAQEICkXSBsoAMRxxFwMDBqVEfqMDeLUubHjXDqL1UGRQa3G75vA0XsmSupA282tfARdwquGHO0x5nFxgFKbnCYJDxmMKCsvAz2QxIpIkSsWjSA0XHKqtn5Syh\/QaoPNVi9wCZYkxBpJV7UK4zzyujwMu2d0E+ek++odStLP7ZbZeDrXnDrVaMPXCZ5Mazlxhe6ExAN6oHuD9a0ysejEGQabofHOHqdDXXPcNq1QmIXC5X1nllUpgQBOC9iUPOU5U5HIg+tTXKYnp+RJLZ08hBIoccW93msjeus\/j9YR5FzO498dIfM9rNMRpvnJq6GhzCXdZanGdLt0NDF8vuPNMD31XlEXt+5G9RPKQ6\/ebEtXLpCeKIDLW5NBx0iOg069KSU\/JXA+5vujQSrDwRG8LcsKmXzUUDP9cvJ92tR2+SYQcWJC8jt0qwmF7bIcvXbYHprodmGziiT13Ukq7cvjuHcFPXAjg7UxQgwjP5lWfEzrO4n6e2Xw0YrMZTzdrf0zxtNaR+87fWgr3C76rxoje44DiKTEsHmzU0LwJ\/OXqtTmnDalkW6NwrQuL\/yZIyjXsQGk+pCEiqSoBfUZiVjhW2UA8cJFBwXrGQtwv4gUlQeMFW+GqkPiNa6ALKInJuNYhg9md+lKrE1GnrP4\/vqY4m7j7e8wIvavumhyI9qB5UfnzWnhXevsT2hrAn2Xx\/JIfGvt6n0O4m2\/1WGioGTZlIX5WKUfK9HYKZhYiX74Uv9G+nNfnuRZoGEtnqQjwcb\/fjEKox3elkYliJYs+DpNlDmeZIVg+kJk+1dDXunwlWCUrhr9UllyZZrJNMYT5xDzc8eVSTg+4hlotjxjwH5eKLfve4b\/79RInir0E5Vg4WGkwKVXGS\/h1tmj9lmeVv8cGa9lJChHtFMomY1YfmCxtdjdJg1DazDpNx4CBYkdM59IhDC5XeV5m5iV7JUHDjUHIiL6iW\/5lRBwl+wBVnQYW87MuYbeDQX\/7oh2RFgB9wIwi2g70ZVNnHY+njLCHUlN\/DdNPwI+IjQj2VZlpD+tUmPKi5QR49fO+hlpAizXYG21QlRF59O0En0wUuwFVeP7s3nX1OTHWmuA49NFDJxmEeF6LiZ6kqDQViffw2WT4cirKDRyQB8G8QDOw49YTYyuGFrfXA4CueOWYJ+wUyWihOnDvMgCncoi557gF\/\/qVFW\/Ihqy4Gt8tuEQuj8IA0qtjCvLU8PyZgNmGrj1JRuaqFrr\/hKqLbFMLwCzfwmUnUezXM0P5GMRT1UAIfoSn8v+5SxCwgutg9wvEv5qxfCDTqBsXHIw0xbs1P\/EBTR9NsPE7JEa4RqrqGCsRlZhtI8JbKZ40y16nHhoFdrqD9ooXlRwpDst5Z1iYG+mZPWb7AMrIy8SF9a7JLDGi0qF4lVMu9vhE+rIruBhw\/IqPY++Fg4Q6RJ1GMqiKuzXaZdJ3K9sXvQYegVax8xZWeSCh+JpdmELYSD1v7\/0GTlBOxp2IqkiMqJXqyDV6XIy5sj7+RDvNegi\/WIIvwJIIzfiHdyVqGqGJIwep7L39xEGOTCl42UazACchASNMmjICAyAYUUW93i+yJjR46GRN0kanWx9jU+yOQN95BMOdsZGVq4jfYUxa648dyB3l05IgR+VR\/6doLb8A9iEbCsn2d6TBCdHW3Ul7Ybd7vmjSPOXpjuhvmEMFFtoT8AIhP9bMNBFIlCdkkgh7xeH\/aomjiYmb7E9rCM2XuFBYtrDidc1+uzNM3Kg41jYXwKtSfNBn5+2XZwK4Tb81HZr0v7VYQBOBVSUWZdcprOhcUOncqZ91rjFQyuJyk4KkkZIuhYCuC+FII09xjwblzeHgOBNeUtFveZ9qd8IoXCpSnzTgZKzGSId6tfyKzPA1XPMma74oOb0fwGLlgefPkUtYRBirG9UKIgbU"}
00750{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":373136,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiDs1AAEAGBYrAqAFny82XotNUAbuiFhVSX4uT4oAYAOURrgAAAQEICgAxHO9F0gXVFgMBAOkBAADlAwOwu7FYw\/oDOwKcTwOiOKv7YlMzDssvxBClvfkpiaCariDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8uroAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIuroAHQAXABhaWgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1492167454457,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_first_seen":1492167453010,"flow_last_seen":1492167454373,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1492167454457,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":457964,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA86XpAAEAGK8LAqAFny82XotNVAbue7PR+AAAAAKACchAqvwAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1492167454458,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1492167454458,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":458448,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cSZAAEAGpBbAqAFny82XotNWAbsdO2wiAAAAAKACchA0zAAAAgQFtAQCCAoAMR0EAAAAAAEDAwc="}
00436{"flow_id":33,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":526589,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701Rfi5PhohYVUqASN8gB6QAAAgQFoAQCCApF0gb6ADEb8QEDAwc="}
00424{"flow_id":33,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":526614,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Ds5AAEAGBnfAqAFny82XotNUAbuiFhZAX4uT4oAQAOVmlwAAAQEICgAxHRVF0gXV"}
00424{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":731209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0lM9AAC4GkdXLzZeiwKgBZwG701Rfi5PiohYWQIAQAHhl0gAAAQEICkXSBy0AMRzv"}
02344{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":734223,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIlNBAAC4GjEDLzZeiwKgBZwG701Rfi5PiohYWQIAQAHhzUwAAAQEICkXSBy0AMRzvFgMDAF0CAABZAwOas640v324U5D9fJ5vO7sGpYs+zF1VgVdL3GKV1UbE9iAcYMK9E59njED1hK3WStu15DAHEEhJMQg30HN\/4iKe5cAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":33,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":734253,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Ds9AAEAGBnbAqAFny82XotNUAbuiFhZAX4uZdoAQAPtfYQAAAQEICgAxHUlF0gct"}
02701{"flow_id":33,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":734884,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMlNFAAC4GizvLzZeiwKgBZwG701Rfi5l2ohYWQIAYAHgsPgAAAQEICkXSBy0AMRzvi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQS9xwP2rDZ8v5OM1C2UYmY22LDhJiPHMc5Uf4rUFegirTO92nlAEQiJAyliKnEsGzPz5GPmR+IFlsOriqNRgMwbBgEBAHuXA3aefQWaU\/lOUm5S0I9RFQ4IbYueXISYP7j0LkkS3uf4X9H3UqrEeehoKZacOFxJS\/ZGfGnSnlbIbkSCfMgwKIVi53TnZXqlGtoN1y32YCQRxr2TtMKFOvFHXXYHB\/Ac+HtEjLyD4FoRkgOs1lfr41Qb2jvew6cmKv0uk0+RtOPB0FkS3htNWgCsaO2tW\/BS9cINcffQjRG9lcCTl5oVld+YC7M37eMRLsPXeSL3dPhoQ5G\/8Pc3l\/3ccU4EzbDQCJ3ro4cMItf5yxd3LsEJ9Uv4AzzgVPjFnvtov+syVv5gL6Ziwn9T7\/5eReUBJwcy2rO7pN8dQWv6aP7QfBUWAwMABA4AAAA="}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_tot_l4_data_len":3698,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":10,"flow_first_seen":1492167453010,"flow_last_seen":1492167454734,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":33,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":734930,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DtBAAEAGBnXAqAFny82XotNUAbuiFhZAX4ugDoAQARVYrwAAAQEICgAxHUlF0gct"}
00599{"flow_id":33,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":736194,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyDtFAAEAGBfbAqAFny82XotNUAbuiFhZAX4ugDoAYARXDmgAAAQEICgAxHUpF0gctFgMDAEYQAABCQQSMckZo6cNJuKko7ASzNW8zM48WYISyypuNV8z\/optNU\/SHqo9BNV5u+mcIURe9QKYRxOU+O0Ixgamjl6HluJtcFAMDAAEBFgMDACgAAAAAAAAAABM7Fi0dg5nQ824BJcvpqk2VIb5P5kO5+onwest\/nLnu"}
00436{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":801978,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701bGHEoeHTtsI6ASN8gRwgAAAgQFoAQCCApF0gdIADEdBAEDAwc="}
00424{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":802019,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSdAAEAGpB3AqAFny82XotNWAbsdO2wjxhxKH4AQAOV3BwAAAQEICgAxHVpF0gdI"}
00750{"flow_id":35,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":802251,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicShAAEAGoy7AqAFny82XotNWAbsdO2wjxhxKH4AYAOXnawAAAQEICgAxHVpF0gdIFgMBAOkBAADlAwNlRdxMBOhusYOhke3C4aoS6XOzHHv0fe3kJrWbx7\/QPCDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgamrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB82toAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAISkoAHQAXABhKSgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1492167454818,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_first_seen":1492167454458,"flow_last_seen":1492167454802,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1492167454818,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":818522,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8NuJAAEAG3lrAqAFny82XotNXAbvn9Cu8AAAAAKACchCqHQAAAgQFtAQCCAoAMR1eAAAAAAEDAwc="}
00437{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":836839,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC4GJp3LzZeiwKgBZwG701XgAvN\/nuz0f6ASN8ip9gAAAgQFoAQCCApFraHjADEdBAEDAwc="}
00425{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":836942,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06XtAAEAGK8nAqAFny82XotNVAbue7PR\/4ALzgIAQAOUPMwAAAQEICgAxHWNFraHj"}
00752{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167454,"pkt_ts_usec":837325,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi6XxAAEAGKtrAqAFny82XotNVAbue7PR\/4ALzgIAYAOV+twAAAQEICgAxHWNFraHjFgMBAOkBAADlAwOV9frOGjvUn7m\/tE4bAyr+3UrlA9jYYKoC1I6VS\/9RdiDTV6G8D5hCzz2oy9LF\/fe7R79cAC6gdeTyhTkWLR5CJgAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABjKygABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1492167454457,"flow_last_seen":1492167454837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00494{"flow_id":33,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":84079,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnlNNAAC4GkZ7LzZeiwKgBZwG701Rfi6AOohYWvoAYAHhGagAAAQEICkXSB4UAMR1KFAMDAAEBFgMDAChPKKgx5Bx38tIqf0DBGgIgyJvCPJP6ArmNr9ujESXGV0ovD6Kp4fqZ"}
02107{"flow_id":33,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":84612,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"8IQvSpdgeJKcD6iOCABFAAUMDtJAAEAGAZvAqAFny82XotNUAbuiFha+X4ugQYAYARXHcwAAAQEICgAxHaFF0geFFwMDBNMAAAAAAAAAAR3iS1C2zVdqt818j2V1AiBf6UJ+k1ajP+hPcA6ZaYO6QG1EI0V+qZOYYf829zKyM9HQwhpghq4FW557NyYcbY2QTbPztrqwDxaZpQyOlIGu0vbir1aEoWCT6MZ\/XE3W8+7QTd6WhoWUcoiPq+3G4NMdEENs0QwJvRMO7RovLuDhJbdxve+C2yTVR+S0aOnjOOSTk6W0Lyatd1nukKkQLmKk3u\/Db564dRnHhWL3BT+pRo+irQm5K\/3DXsyuZejR+18VRBN6oWdj99uqv96JsUmrU05J\/kyDJKYrsKpCq1Iy1vW+BycLnRaC27Sm+sOBG52f8Uz8uIVaq7tNp4l0ijXAerfw5LhD7LhmVFerHk\/EVjGXS7WMopb5TZBOiO0P79l7K7gqWE+i99S4pPiEAoulb3yKd5ZOxuGDjWlPXG3vTxYxvhNKBswER4jet7arTc0728EVqPx3WPkbznZSZKOxzG71oH0vpIqdW015UjMJyTPGH3gniVVExyPG5ldb6OqYQEvUOwmI8X86HtJBabpDWWkonoJ36QYMoixUqrEjCDCpI3I8nild2PLQZYlvd4qwxE6U1T8OiRDFZ+DvZmOpeRaUajX4fFEV10jzNsUnbD1Q8\/FPMpfM4v5BIF\/8bMBW\/C88WDS4wX3IfizYufrKsAcPIvEDpsLSFw+2OxzRgnVUpLk2kNAKTjlBkN9lnzAgkZKT9YNwKsdAL87PkFa3WfZwKT32YrMXPEmy6HGgLQXJ8xRODVE4gbePgySsJTyt\/oE4jS+V+d4tEzkWrZUEPz58JOJaJ4LYcGcVeay\/gtmZAfh\/dWcYK5tdhkDwqyElqyuCPXOewpH9f25dV43K22sDJBI9elGbrAV76nzDQJZjt4oTY14EbLv\/ABmrTZGYD8Gl7MRaiWtMzCCU8tbS7hh+Egys8wQebsWB+JpalwBLkacx+ou0FmgPGu25p4fJKWbGP+98GqdhyqLbZrCoFGTijJs1DBOUj+hAHOiUkH9KuaHEbGglvuNriPIOPsRwT7Ba5Kfi7g3kh6MfXTKEdDxAz8dZ6ZU23+pvmtEwNVqJMr3beZ\/sTasozYVuEpoUkbkto766BHf36SeemWaLiRottQSm3a6P2pEPmlfMN2BBMTwv\/Ku1\/8lr+c9jyF568Cm6yHFKhL3+A\/d0t0eJ\/oCcIFSgsFpFGs+pMhKc3r\/qeKR5r7RE54XYBiAeN+h7ZRls8Brtj4iTaBA0O3CwNYCYgC116jAm8c46XWmmg8JgFtRqgpFpiUkpL8yRoZ1rRhDhaPRN1j7SH73kSzr6nJObLXp6ksAWEp+okWPN6JRnXHD\/6U6nC4vRYgcpLdAyonX\/+5Bh4h9Cof8J795MKp8tQgvbvZDOgaajJOLXt5Q1N2WdhJHD8IwCRwqbQvy5ANalhvNZFz4bfaalGqy7F5lI9WjmslQs\/eaNCyo7ULm6c8V7ylUvCRbA3GqAq7K0roB4Wxmam86dxv1aXrSNxN28SSnnpkXS8w7CL530I5v+Hzf8rCtiClLxNHM8M7yvWg6hZ7TZiBXw0Mh6Yf0SauRXDNw8g52XyV5NlFj53vz2yvIFc2K9WtL0RJnDFSHe4u55hDkAqTZptWkOqTy8zctLBpJk1xg2TA=="}
01069{"flow_id":33,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":89189,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"pkt":"8IQvSpdgeJKcD6iOCABFAAIPDtNAAEAGBJfAqAFny82XotNUAbuiFhuWX4ugQYAYARUtwQAAAQEICgAxHaJF0geFFwMDAdYAAAAAAAAAAjCzXzV3NG55tysMmI01A0QawQKFiPB2YLgGazQfU83WRrCqYqvYZaoahgTyGhhR8OpxNgyiOhsBzGTVY3qrP\/Jgw0+huGS01956KIo2JCrmSGPA22cdsksfy77E+N69p+yxEvEl42WJmJqyZhBBDQbAsHrdw0lriW2L6uVO9om39xEl0QXJBlIlmevCd0BSAtnRk1diTX+KNhvChTab8Ro8eVKlHlwOCcPPe2tBts1++cA3xvMA4+wfymy+TZV9iBG1GvPw0Al4XVbJxjMzzT\/GFujlS90D+g5iRJ1sIgq3HlZl6UXJKBlVcIOrnscjGy55U3NQDBgO5Q7NOvuYjN4dWS3AISIU+jOB2HPrGU9mvUG6qqi4MqZbhv4xIKTeZaKKg3GhUtSeyyFIxlp9ZOXmYX3\/k+kB7PiZwOxnRfqv8XCmSOk4oo7eHe2HPUyk6NPBbHPXj\/XDvufjqp6\/bclIqyhIrfMuJfJacd13Ljb644yCzi+Y9509IabjTl7yRt1uEniQokFNFBYuWPNs5RFMSpi+R2+gvO8j6QLp2LGwnlxgP7g2iIRztNkmBv+AT6AsKKBnuKmU\/9sBDH2NId2yCHl7rNxgM8HvZBn4RA=="}
00424{"flow_id":35,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":176105,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0TYZAACwG2x7LzZeiwKgBZwG701bGHEofHTttEYAQAHh2NQAAAQEICkXSB5kAMR1a"}
04611{"flow_id":35,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":179324,"pkt_caplen":3182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3182,"pkt_l4_len":3148,"pkt":"eJKcD6iO8IQvSpdgCABFoAxgTYdAACwGzvHLzZeiwKgBZwG701bGHEofHTttEYAYAHgx0gAAAQEICkXSB5oAMR1aFgMDAF0CAABZAwOmYbJLVdEO1ex7gY39w3pjblOvuQdKqKCbcmULhSMqtyAeq8lCW6rjUSzPbiceDj7yEdXWbqYjSjHYCRN7e3dLe8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26Ni6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQqe8spAPs0X7RSbctKEExQii\/nZR21jBCdajGyxYXcWPJe1w6JPBIlstH2Aoln9E4iU5tSUXZOZdyF8FrZVEJaBgEBAMWGbVtOArJVXT\/6qrGzFQuyzq4Bk47TGF1wjrD7pK8SjxPeYu51kidDbiWdIZgua7gWIBY8p4rVnzXyLHfYGXxlyEdc+TelbHvVdjVaVY39\/ANn+Cxe5u1b8iGn32lm7alsSei+HgOQxj6CEKlIXiPl8DkLoVWpvOn5F0W4pUWDnmydd9BWtXpSD8A30RKRjZukcNrjqcpryQ6MKXfADTHQP8xvJHo+FlaSOZNCJocZpCSmvyTbr9r5QWU0B1RdEtBLvLPInRdqdbnGdw0JoEpqQPTuKmpaSjlbgEojQMf2718xrBgfpXJxb\/Uv7A5CiibTbmbTIvEbYT4D\/OIrVj0WAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_tot_l4_data_len":3562,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3148,"flow_avg_l4_data_len":593,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":544,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":6,"flow_first_seen":1492167454458,"flow_last_seen":1492167455179,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":559,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":35,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":179351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cSlAAEAGpBvAqAFny82XotNWAbsdO20RxhxWS4AQARVpDQAAAQEICgAxHbhF0gea"}
00438{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":179366,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701d\/O17O5\/QrvaASN8geewAAAgQFoAQCCApFraI2ADEdXgEDAwc="}
00424{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":179381,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuNAAEAG3mHAqAFny82XotNXAbvn9Cu9fztez4AQAOWDvAAAAQEICgAxHbhFraI2"}
00596{"flow_id":35,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":180353,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACycSpAAEAGo5zAqAFny82XotNWAbsdO20RxhxWS4AYARXAvgAAAQEICgAxHblF0geaFgMDAEYQAABCQQT6mbFqrS3fjAwophItOMwj+qLk5VGgJXN36xSlo0GL+1w788l2beA+lKcqQIgQCQhuR7wPprFiAQeCn1u6Sl5IFAMDAAEBFgMDACgAAAAAAAAAAOd5V0DLp\/WK+k8tV1TnsQdr1hYfhUS8aZPXAvoeqGeZ"}
00750{"flow_id":36,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":180487,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiNuRAAEAG3XLAqAFny82XotNXAbvn9Cu9fztez4AYAOU9hQAAAQEICgAxHblFraI2FgMBAOkBAADlAwM9fcE0colRywJmHYx0JC6oiZlXQMNTk+HTiXDSO5d6\/iAcYMK9E59njED1hK3WStu15DAHEEhJMQg30HN\/4iKe5QAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8ysoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABg6OgABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_first_seen":1492167454818,"flow_last_seen":1492167455180,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00424{"flow_id":34,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":190875,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0UbtAAC4G1OnLzZeiwKgBZwG701XgAvOAnuz1bYAQAHgOWgAAAQEICkWtojsAMR1j"}
02345{"flow_id":34,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":193294,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIUbxAAC4Gz1TLzZeiwKgBZwG701XgAvOAnuz1bYAQAHgpRwAAAQEICkWtojwAMR1jFgMDAF0CAABZAwN5lLx\/anNa5CdWKHFAWo2KsKhrZTHGO\/XekBGAWPpWUCB66mvcfG4Ged5EomNnAZ+CIUduULHJ6+CXsjslEbhhf8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":6,"flow_first_seen":1492167454457,"flow_last_seen":1492167455193,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":34,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":193307,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06X1AAEAGK8fAqAFny82XotNVAbue7PVt4AL5FIAQAPsH6QAAAQEICgAxHbxFraI8"}
02697{"flow_id":34,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":196100,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMUb1AAC4Gzk\/LzZeiwKgBZwG701XgAvkUnuz1bYAYAHgsPgAAAQEICkWtojwAMR1ji6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQSNBLURiDoD55uWxibVC9zReKlFx4BEDXdWGxMFKl9T5qwy1j7jAhyxCIBDLoSWJR9Dlx+HdqCUriOCLFcbeBelBgEBAAXkcFQocFdv33akBjke47ngxkAOMRyasoYgBHjGenVYoTi0PEjdl2sqxRUUGSjaECcxq325chACNvyY2ywZ6MFYIqCgdp6tGKuaNi\/yYIylqLGjabd5yIM7Fdx2GGZ0FEQ4p5DgF1tVyTFPKih1R8rrMvLAjaVmJ8Od9tDaDoY7\/RGQ2kL9HmcXerZBDlLAZAGfVp+8bNPWvgn95WjyjAbsCdg37ZVasaluIxi+CTaA3uKtwBbRvWklXfef10CSBDExvA1micJApp7qZ+syX05\/pRCf0iLsVzOyiiw3Ql5tuxBGzYKExfaCqObpMkrjeni954t5Cs00PEmIQHs94A0WAwMABA4AAAA="}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":8,"flow_first_seen":1492167454457,"flow_last_seen":1492167455196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":34,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":196125,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA06X5AAEAGK8bAqAFny82XotNVAbue7PVt4AL\/rIAQARUBNwAAAQEICgAxHbxFraI8"}
00599{"flow_id":34,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":197171,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACy6X9AAEAGK0fAqAFny82XotNVAbue7PVt4AL\/rIAYARVbqAAAAQEICgAxHb1FraI8FgMDAEYQAABCQQSe9ct109vl3nZaGpDspqU+kMk+njSATjwJpfRNEoBk4Fy+IGL5tqh9idWN8sua685w\/MhQolN5LUCaobR2x7W5FAMDAAEBFgMDACgAAAAAAAAAAA3rMunx7WZhU\/w92CUQrH9WIDvPZrDkxZfJeEKQqupU"}
00495{"flow_id":35,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":495488,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnTYpAACwG2ufLzZeiwKgBZwG701bGHFZLHTttj4AYAHiAnwAAAQEICkXSB\/YAMR25FAMDAAEBFgMDACjdvGeXbmORNz3imQRxQgJuk9A2g4DSsr760MLCQrIRMFfV61GTF3hu"}
01911{"flow_id":35,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":496690,"pkt_caplen":1153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1153,"pkt_l4_len":1119,"pkt":"8IQvSpdgeJKcD6iOCABFAARzcStAAEAGn9rAqAFny82XotNWAbsdO22PxhxWfoAYARVpUAAAAQEICgAxHghF0gf2FwMDBDoAAAAAAAAAAec2HimkjMvSkuGTQ3MrrTK23YW6zEDG4HtifnBw8dy\/ojjIDVyVauiw2mlYAjbJT7NoH9FiJFwpEOYf27Ebh63VcW8lcOJQJY4vc7EFvVhuDfqkQP78nKDH0qu8CQiY4oXrWHevBRnQoohdj4XDQvoJBw1q\/tgWflxu+7ggVBgjwzHp6ZNuSTLYyhqgqbl0HSDz3BIlXowmwek2YRTP9M2U1LQG9BIHSccX2vVigNw7HpSTkpZz\/\/\/outcNZ2XkMgxOvXVZ630tzzXLsce7GCDGj7DMMl5vC245eeVxx1gQgFSu3x9vugLSoAbOfeE2BOSAf5KWO+Z94IpXmE9Hk9UbMSd+D4wC\/plixDabpKlFbmKADc+kgXGE3eCQxcbh2k0ufOOvYfxWltK7b7z8bPZ2uNOBO6UhLN3p7jcjRbTjIh5+Y5IIEU7iObF8KmgTGzKg+Zgl2vrTFwJxOANMP4g59abHekT4w7GDbu7RXS+Rne8P89j5SJb\/Ms1F+Ay\/ei1OCO13cI3n3ksVR8Oj\/Lo7QlUgkeTKSLhqGUMqEFCPF6IIrb9MVdfxAAETx0ZVKOYynr+X8LI3vNuJ304FY7pG3\/0emqFYzc0M\/FooXUVth+rhH90BTvEv2X\/j9wDc26ribOTSvxyLJoCGsiby5CZlVF1\/djEcjWtcBhkx+\/SLp+dCI\/bfztvDFm5NqWp6YHm\/lsdIxcVAUJ7uUvemZrKirC0o+aMPsbvM\/fYVHqk3q2j2bhSx7ql8BfcZ5LnHeKk1qOcRHl2B0r9lng1QKMASp0JL17\/9stq8Mo9Xrvq0DePvW\/pBqUgQVC+N5aaM8Wnzu0l76NC1xzArS3uVrpEfwS8EyAkZUW1+jDhJ+uQJoeFW+K7OaBq2oa30VkhYpyJUfOYHMmDcJAwLwQcfAYlAxvdlv5pHrNe16uCbjBLisa6JrIY7FQsx2eCPxLs62ZEmdWQImjMwEjFFv74zU\/iqlJfzpeWnLiAnLdALgv5YIePmzWNE5UIiOdat93mdCEsg1AnnhnsXjMXclzsElsm1fwXwPokFCAC0d1ip\/NhZimGoDvsSlRRsj0N8xu9199ysceqlt00bdwnXGp9s+5ObDy38W9nAKQcqKcUV+I54\/sJ84UKa1me1\/29cLFg5qyRgPm++q8jZLGGVQDZLNGanSNt2+PRfhzDHHx3gP9JxWEhLQQ5PmK8u\/myqe1pzKcvvgqtvTir\/xCjK+2+uBRok96zi\/uvTeSBoC12CivEVumMgq5G1XBO2RMq5YgXHlTwkNN6YwYaoXQb1lRzQ7QT2q5lYO\/nriGmObzoWg+CAtR1zudzHb0HWzq3LyXPXOBNv9IT9lFXTbGKmCk3YVTV7xH2ipkEBkxNxFaU0dUOuAy4vOHVrsPUR3hSgKRwmWOCS3m8keVhEVF\/BD7sWrKIglA=="}
00427{"flow_id":36,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":499530,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0\/F1AACwGLEfLzZeiwKgBZwG701d\/O17P5\/Qsq4AQAHiC3gAAAQEICkWtopIAMR25"}
02347{"flow_id":36,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":501579,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI\/F5AACwGJrLLzZeiwKgBZwG701d\/O17P5\/Qsq4AQAHiLTgAAAQEICkWtopIAMR25FgMDAF0CAABZAwOF+7w2SmHcU9zcb28JcDQnGAmx6shrVHepdober5\/0sSDLK5nEKozFFehKxLSZMCTAPUR52rwta8Dt2NpTSUG7QMAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":6,"flow_first_seen":1492167454818,"flow_last_seen":1492167455501,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":36,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":501611,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuVAAEAG3l\/AqAFny82XotNXAbvn9CyrfztkY4AQAPt8dwAAAQEICgAxHglFraKS"}
02349{"flow_id":36,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":502415,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI\/F9AACwGJrHLzZeiwKgBZwG701d\/O2Rj5\/Qsq4AQAHh6jgAAAQEICkWtopIAMR25i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQToYIgPQnFHMukPpCMbYAtyCkTOgboRC\/IWCw2BGahXVmhSR3xmGfhbAz7L54KSkbhSzva1W6S0OrLg58ojgD+UBgEBACuWqtiy"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":8,"flow_first_seen":1492167454818,"flow_last_seen":1492167455502,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":36,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":502446,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NuZAAEAG3l7AqAFny82XotNXAbvn9Cyrfztp94AQARF2zQAAAQEICgAxHglFraKS"}
00785{"flow_id":36,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":502904,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4\/GBAACwGK0DLzZeiwKgBZwG701d\/O2n35\/Qsq4AYAHgYwAAAAQEICkWtopIAMR25VvFXSBWRH4LVMoif+a3PWQ\/IY3BX1hsBcm4fMDEwF26AvgqENGI8gqQJZCUGW8EqJbDuE+C\/hb1onY1PrhIBPuko\/71qFkmEs6my44YjiyE0x5TShTvdPqSejfT2TzPPcV\/3e+xH+tvqecNTCjdapI4+MA9Yb8fMsWeyfnMeOHXnBYsd2bDm8AUL7SL31x7YPixZDmVgHBBoDdtAKPOoQ+5faYTOkBXiEXR+97jLhGMU03SdTNf\/mmmX3YJXLfBjFjLxGIGnf6GveFv7WkltHvsT0euwWA4nsRqqkJ2s4JDJYh8zA9ILia+m50OrVV4Bak0GHZi2fEv\/a3QWAwMABA4AAAA="}
00425{"flow_id":36,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":502931,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0NudAAEAG3l3AqAFny82XotNXAbvn9Cyrfztq+4AQASh1sgAAAQEICgAxHglFraKS"}
00596{"flow_id":36,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":505447,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyNuhAAEAG3d7AqAFny82XotNXAbvn9Cyrfztq+4AYAShdrgAAAQEICgAxHgpFraKSFgMDAEYQAABCQQRLfGOXKsHTwDwaiRJMPFQZdrXTkVPKTQM6wmtGWYnFpie6rLE6uLmht2BoDbC1KqgfZuZPPJuk1BlRiwEqCfGNFAMDAAEBFgMDACgAAAAAAAAAADunnwkcqCnL0CfbOpb62nSTksEflqwm89UZmoGusPUM"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1492167455528,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1492167455528,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":577,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":528205,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8kudAAEAGglXAqAFny82XotNYAbvneYz3AAAAAKACchBIqgAAAgQFtAQCCAoAMR4QAAAAAAEDAwc="}
00497{"flow_id":34,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":563548,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnUb9AAC4G1LLLzZeiwKgBZwG701XgAv+snuz164AYAHizdwAAAQEICkWtopgAMR29FAMDAAEBFgMDACgzgIElE4pLe+2zi2rQXdcjmX\/2eB+Fwjq43XnFbQ9Q8FQ1vez2N5\/z"}
02015{"flow_id":34,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":564493,"pkt_caplen":1239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1239,"pkt_l4_len":1205,"pkt":"8IQvSpdgeJKcD6iOCABFAATJ6YBAAEAGJy\/AqAFny82XotNVAbue7PXr4AL\/34AYARU0AAAAAQEICgAxHhlFraKYFwMDBJAAAAAAAAAAARWWS0VSAp5WXsKBTFf3GCcV8No8JgJmaPj7Fnc7VCQ0J4HlpaDIvs5ol2wRgWiq3aZipcP2F9MHXtsULWPBpMz02LSA4l4zWp2WFWDx1KPZCtHn4iHy1VwgNIKHnrcxv5GD7o\/gYakEexoJcB9XMyFnKQ4uIm51lzZZuhWVi2zFr9qhNPXyiiTLRmd7yHGKLd6xXdyraU\/vOw53LWLm4pjgb9FCtHEhbE9bwa4PoBzIASy15AIAxRtlLPpCHniBq5SPgCkhoZBBZRt4+Es\/HJ6j7cdW3V4YbS9j4JGtvjJEr19ADYKRQi4XsVICY38z3W3UuOaz5tWWUJ266IzaXpEIAUT4\/IpNwlY7VTuCiP1r8CPkBDJ59EyioAla7Mm78yYXNdTzNUBQaPyCcCBVlvChNp0Zub6o9NJBEBw7+FSq6sRjWyldgNITiJTWQ0ilGii8gkM1x1ve1HWvY9Vg7EBf4Rs\/al3Wqc5hU\/LPc34VHbl6GIx5MU01gDseeeHtIoC5Pu0UekyiBxdwmUtvj26YoRWVb1jgumP1H\/6IOIhE3Rdq0M4xHQHEyiOt1KX17L1W\/vPlTxhKXE5dN5wjN7jw6T5BHY17MxAYlLORyIKYK892BsQ2W0GcirIm9GGYr2PLrnAcYtb4y3111+ce0ok352NAeiX33SVVSmYyPq0nXUyC1GMYPwBTzj64sIlz9XSkR5uFF7d5Bqy42tvwU4A91yfiyn9ZHIHDO1kL2FQL3DU1K3f3RlZAD6QezJaBAmKQGZc8wxajGEOZK2xrAsYFrRj48zy4O0kdpMWSNOfUvENBMlh+c3LicWYUQjocSZTiHqY5IlajArulaYTCLB2vvEA4ZS1L38BXuWcdnyCblTnBkjxFnGSx6DATx4yrE6DlwMfycuVVceAidGHBk6ameXFetbkUoKE9XZPecEmYJuJS5RKyA0M1LCJNmnRqrsNDpAVnaExWjF7OEWU0BJOiQsTYBAlxA5IF8We\/OTgQ6uEgjJ7Sid8g262Q2EzeQQgVFDVQd5\/mM\/0gMeOcYdcBxaVPbffXkdWaxDjeuH9jQeuVzPr+k4yxswT4Y1Al2Akz8o2eTGRuAE3wiRCpps7MA3fzunwOR6NZuAkiHwev4fBZhBEiY9n8ltTqBbDZlmE+L6J0p+7GHVQu3OOBdpnggOr\/xthHJqDe9hI7h8Z5YreKyMsBsUvTQ\/T6\/Eg3v2FMaQWgLkhern4QQzLDjBVTPBOmsXTdQkOaenRMhENNhg7Xv62q43S9MlRqsNUyjWrXudvL3bEgfXFEfdvQK3Wi8cwS8Gj++lqITnlfhtObZKN8yJ\/3hngSm82OIGLE3ZjFyyrT51iPw\/KWgteCGoFGuAtv9Um+E2RJlRsFsq5CK1jdM2vHnKEd4wh3jX4+3axO92CX8Pq2qiuplCxQY4VPHmyOndIUMExP0VPFQ7OylVRIaKs3emskGDEEn88N6jXm2Myjo8BpH6m1H7Zylp5\/d0BQp9Wte6obZmfHWktFjlzfq6TYgwZJk\/CF1BlhWQrifnoz8Zv8"}
@@ -460,16 +460,16 @@
00436{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":891345,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG701iyhnqT53mM+KASN8htQwAAAgQFoAQCCApFraLqADEeEAEDAwc="}
00424{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":891380,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuhAAEAGglzAqAFny82XotNYAbvneYz4soZ6lIAQAOXShAAAAQEICgAxHmpFraLq"}
00748{"flow_id":37,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":891558,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEikulAAEAGgW3AqAFny82XotNYAbvneYz4soZ6lIAYAOW1DgAAAQEICgAxHmpFraLqFgMBAOkBAADlAwP9NQ6LikCBiVimjppT8i2VlLy8HZBkMhwiS9FNacyQcSDLK5nEKozFFehKxLSZMCTAPUR52rwta8Dt2NpTSUG7QAAg+vrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8CgoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABiKigABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_first_seen":1492167455528,"flow_last_seen":1492167455891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00426{"flow_id":34,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":929354,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0UcBAAC4G1OTLzZeiwKgBZwG701XgAv\/fnuz7+YAQAJ352gAAAQEICkWtovQAMR4Z"}
00700{"flow_id":34,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167455,"pkt_ts_usec":960498,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"pkt":"eJKcD6iO8IQvSpdgCABFoAD6UcFAAC4G1B3LzZeiwKgBZwG701XgAv\/fnuz7+YAYAJ1nsAAAAQEICkWtovwAMR4ZFwMDAMEzgIElE4pLfJQd348ZqSNDqad9eLAkFSn\/Qn\/aCUPmc91v4Nbf17CDphJt9xgDEWm4yV5Bd+d6hmXjgjwBMGg4KC5twbaB5ps5qAZvll8pxQG6IYBX\/XIVfQupfuS+\/xHdb+td97LCtH4IaLiyhWXnejZkJEW3wGse+Xrmf0gIjfCyD8gkUvjSd\/jG65fM1UgysG+\/Z7LwebuukPlzP8RlzXnkDRv\/YlDrAmi4dNtSRztaplua3ioOqlULZgQWuN7q"}
02360{"flow_id":36,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":174239,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI\/GJAACwGJq7LzZeiwKgBZwG701d\/O2su5\/QxaYAQAImGXQAAAQEICkWtozoAMR5cFwMDLW+pqlamxow5\/KVqaz8H9kh+D7lmanUu0PfOVhPSQv1L5HmytrqsqtERUlRR4C8NL3NbBqMtzn3q8Z2skLt564odY262\/p2WQdJ2o2s4R5sZJfRsKhyrWsQVFm4eAEYbZyGearsoXux6xLzBshWk1Zcle2o3dcIHCHWNIj8QYAJ2kinFO9VlUgzUiIjPj9l\/vyRLripa9XApjUSXtHU7trVZE6gNGeEqQ6vB05matU4IJXb9Jn6bwPC1CQq\/Dx09TBEdMnFewkbxevdsi79k+GnxtX1YQumNm40QUaHVBUkehN26mRHj01NbzWLozjbyT41wX05nbchtv1v+Dv9i11kdBm+LDGVmEbzRvXlLeSWgPO1V3iWcGWbgbNSL2\/PLbsW0EVKh3mxqktZZOhMYI9m4+\/rlG2GKfrH4nYENGcOZgLDVpdPoPX7X8T2Pp7Beikv2Fooneks88wQvKVtUQVvwkODqIuJV8SkNMeMU5bQUnTC9JX+tcc9MbN973c9oL9I21K\/VcvMqfA3OrBWY46EtiN\/jTwiGItXnoO6hmzTDzKXoQGopjS3jVH93AfzrnJm6zg65+6VvSWJiUgEOi+1Swj1abnCXN3iG9gmAbLPVkB56lg5A3XK8zDIRZwPCY\/5WtYy4xMwhrQ6NZ+6dvnbYp1\/1ruROlO4SXZQTwkR6yy\/IvoTraVU\/Fsh228XByuwZc+lHSOkr9zOgwelvSbGrZg3BlUuaE9sJNxr\/O7fSB1r9ch76c9OPejogztHzmIJmZ44ZkLTARGn9PN1Si+zrK3LE5l8IP5s69CGLv81HYdXXWwrFUIr6v3fkgLWFnsbKye959Q1kdbEnV3vZ7Y7PUHPegerW0VwlRbIfwf31BM6cvlaC54jKnJRlLl4RfJDF+Me7nK8deeryq6YfbHeDwpz+S\/vwHz6Zw0r1jtLGQran4jGICbi6dDtcFBodp4788Vjs2u8fZiS3c4aATqhgOFYtIP+0x5IwYR6LcSpWsanAoEeQZKgrUIi\/zsQTRMHLpt\/Be9PV92VKGtSiy7tXrc9PP9M2byeH3MI7LQqdjlf\/PS1t2KfaJg5Wgcgpf8LKojTyqWuXdYymr3khRr8YFfrPSPfGxt4J3J8aRBx4DguTH586DUZgidtfdhsGO7XxaDMu+Sj3GZ9\/p+nuFHCtIH43qUYPnTOGHyWTErmug877DXN+iGWjs7eFc5rJtwiH1lEzCYsFHL7KL+H5zGR3taPCP2GExvDi434s9TEY2d74ESZZyR+EckHYsXn2kAuniATLe25tAbZdcLrpZs1GVJndduxhmhHd11aec2NMf0CIwRmjRN9WfC9KTdFI1XlLV0wIbYi1SNeH2p+ffZqD8ZNSq5iq8wnOcYKVrqViJM2UKRSt8\/KaN5sXzHfmqvIVlu5LiPm8DdHLuJp8kKLEPvGHxVkXa16DDtuVmYGN3zCgb\/fIvA++6nLx+tfsuQSqm6q3dDae76rkPRwehw2Af8O2C30XsMBaOqGCYOlWKGDGBps8qerTsU+BjieilKxETnBzJxLGLQOTi1vwiPhy4UvmrYhnaNISMIWY9c8OxC97D7mtwRhO3RUkxq0Vm0Bum2ko\/dsE62XkJ6OQjcUmo56lFntLAg48b8UDwSGR77HGapiEIlQ8OR3wlJjnjHWSWIJk4dV2qA67KKyMcOLTnzLStYYWvBXr+89YEKnsvampoIaKMU855gBl7HAvKy7cV5D6wgwSpIruVuLAl7Sum7XdC1Kmd9BPMUq0iFASPw1ClqnWGwyqw31CHWMMIpNI2mwkusKHd0jsx4rsuAM\/Ksok6imzjUWg0E1C40uuUAGbhgSMRzOqCAkMTAWsfy8DpvLKTGZbFnszOkW134J5jHFFuEFJFiPuVVL8M8lA"}
00424{"flow_id":37,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":250115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA02dBAAC0GTdTLzZeiwKgBZwG701iyhnqU53mN5oAQAHjRqQAAAQEICkWto0QAMR5q"}
02344{"flow_id":37,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":251036,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI2dFAAC0GSD\/LzZeiwKgBZwG701iyhnqU53mN5oAQAHgD6AAAAQEICkWto0UAMR5qFgMDAF0CAABZAwMQyj9bbiaPkZ2Xb3zWKEOFcszlPlUALGGF4F9n4cC9IiDqltGHEEOjKzGx6kNwPHwxPh3WsTKhUSaEhLoaKlfYzcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":648,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":6,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":37,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":251067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kupAAEAGglrAqAFny82XotNYAbvneY3msoaAKIAQAPvLNwAAAQEICgAxHsRFraNF"}
02347{"flow_id":37,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":251627,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI2dJAAC0GSD7LzZeiwKgBZwG701iyhoAo53mN5oAQAHhdywAAAQEICkWto0UAMR5qi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRppmH8i+60HAbfTvc3xrcF3kHQR5qAmyZW25jCWYkU3FVgzVXITZim69Ml6n3ZD\/8CuP\/PuMiAsIMJSiS22QraBgEBADtaHh5m"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":650,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":8,"flow_first_seen":1492167455528,"flow_last_seen":1492167456251,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":37,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":251652,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kutAAEAGglnAqAFny82XotNYAbvneY3msoaFvIAQARHFjQAAAQEICgAxHsRFraNF"}
00782{"flow_id":37,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":252601,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE42dNAAC0GTM3LzZeiwKgBZwG701iyhoW853mN5oAYAHhaMAAAAQEICkWto0UAMR5qzoSbMlRqH7JaM3j53Tya0SGHn7w\/kJXJq++JFot5vOIiA37Z+swSemgzUvwnS+Fw2saYEzNJ+4Ye1hhr0v\/ZNIOb5jEv7gXnS4KzYyWPKLzehGWKKv1aw6z9SGGwkYsHOh+V4suW\/uLEOoNs9XfOni2rPI2bq9VakhWOli88tcieGr\/Mf4dZBEfNk53qumJ4AJLNG58v+b9FlXfGphRu0ObBSROzHoSWcZSsfppUZ+1pZeAgq7hS5l9\/5IkexrphWB3y6VwXD\/XvC3Q1lQJWMycXCgMVOSrtvqnzE+WkRt8iIJb2fDRhsWNEEJWXhabDDSZVYq5U0oTWbdoWAwMABA4AAAA="}
00425{"flow_id":37,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167456,"pkt_ts_usec":252626,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0kuxAAEAGgljAqAFny82XotNYAbvneY3msoaGwIAQASjEcQAAAQEICgAxHsVFraNF"}
@@ -479,62 +479,62 @@
00425{"flow_id":37,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":812,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167467,"pkt_ts_usec":125789,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ku9AAEAGglXAqAFny82XotNYAbvneY5ksoaG84ARASi4yAAAAQEICgAxKWNFraOe"}
00422{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167468,"pkt_ts_usec":8215,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0KNFAAEAGqhrAqAFn2DrNjsJ7AbvMOVSD1yvysIAQAT22vQAAAQEICgAxKkAyc0s1"}
00424{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167468,"pkt_ts_usec":48114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA05nsAADQGN9DYOs2OwKgBZwG7wnvXK\/KwzDlUhIAQAVS2uAAAAQEICjJz+zYAMHos"}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_tot_l4_data_len":796,"flow_min_l4_data_len":32,"flow_max_l4_data_len":636,"flow_avg_l4_data_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_tot_l4_data_len":796,"flow_min_l4_data_len":32,"flow_max_l4_data_len":636,"flow_avg_l4_data_len":132,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00516{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_tot_l4_data_len":80,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_tot_l4_data_len":25193,"flow_min_l4_data_len":32,"flow_max_l4_data_len":5858,"flow_avg_l4_data_len":614,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_tot_l4_data_len":4091,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_tot_l4_data_len":4027,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_tot_l4_data_len":10622,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":408,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_tot_l4_data_len":17095,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_tot_l4_data_len":24397,"flow_min_l4_data_len":32,"flow_max_l4_data_len":8257,"flow_avg_l4_data_len":625,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_tot_l4_data_len":4091,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_tot_l4_data_len":18499,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_tot_l4_data_len":13790,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":362,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_tot_l4_data_len":34617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":641,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_tot_l4_data_len":9614,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1764,"flow_avg_l4_data_len":356,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_tot_l4_data_len":63075,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4316,"flow_avg_l4_data_len":733,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_tot_l4_data_len":17089,"flow_min_l4_data_len":32,"flow_max_l4_data_len":3148,"flow_avg_l4_data_len":610,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_tot_l4_data_len":60378,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4025,"flow_avg_l4_data_len":628,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_tot_l4_data_len":4091,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":240,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_tot_l4_data_len":298,"flow_min_l4_data_len":60,"flow_max_l4_data_len":238,"flow_avg_l4_data_len":149,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_tot_l4_data_len":234,"flow_min_l4_data_len":41,"flow_max_l4_data_len":193,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_tot_l4_data_len":311,"flow_min_l4_data_len":32,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":38,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_tot_l4_data_len":6394,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":491,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":41,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_tot_l4_data_len":4370,"flow_min_l4_data_len":36,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":32,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_tot_l4_data_len":279,"flow_min_l4_data_len":32,"flow_max_l4_data_len":87,"flow_avg_l4_data_len":39,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_tot_l4_data_len":191,"flow_min_l4_data_len":20,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":23,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1492167617247,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1492167337792,"flow_last_seen":1492167353998,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":100,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1492167353687,"flow_last_seen":1492167354015,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54085,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":836,"source":"wechat.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_first_seen":1492167353687,"flow_last_seen":1492167354049,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40741,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":41,"flow_first_seen":1492167353687,"flow_last_seen":1492167367265,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5826,"flow_tot_l4_payload_len":23865,"flow_avg_l4_payload_len":582,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54089,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":17,"flow_first_seen":1492167353937,"flow_last_seen":1492167367264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54090,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":15,"flow_first_seen":1492167355723,"flow_last_seen":1492167367264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":235,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54091,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":26,"flow_first_seen":1492167366908,"flow_last_seen":1492167378674,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9774,"flow_avg_l4_payload_len":375,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54092,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":8,"flow_first_seen":1492167367159,"flow_last_seen":1492167379000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54093,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":40,"flow_first_seen":1492167378674,"flow_last_seen":1492167401175,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":15799,"flow_avg_l4_payload_len":394,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54094,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":39,"flow_first_seen":1492167378926,"flow_last_seen":1492167401170,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":8225,"flow_tot_l4_payload_len":23125,"flow_avg_l4_payload_len":592,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54095,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":17,"flow_first_seen":1492167380581,"flow_last_seen":1492167401124,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":44,"flow_first_seen":1492167400812,"flow_last_seen":1492167448100,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":17075,"flow_avg_l4_payload_len":388,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54097,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":38,"flow_first_seen":1492167401063,"flow_last_seen":1492167448091,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":12550,"flow_avg_l4_payload_len":330,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54098,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":54,"flow_first_seen":1492167452759,"flow_last_seen":1492167467498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":32873,"flow_avg_l4_payload_len":608,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54099,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":27,"flow_first_seen":1492167453010,"flow_last_seen":1492167467495,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":8726,"flow_avg_l4_payload_len":323,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":86,"flow_first_seen":1492167454457,"flow_last_seen":1492167470188,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4284,"flow_tot_l4_payload_len":60307,"flow_avg_l4_payload_len":701,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54101,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":28,"flow_first_seen":1492167454458,"flow_last_seen":1492167467494,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3116,"flow_tot_l4_payload_len":16177,"flow_avg_l4_payload_len":577,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":96,"flow_first_seen":1492167454818,"flow_last_seen":1492167477932,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3993,"flow_tot_l4_payload_len":57290,"flow_avg_l4_payload_len":596,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54103,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":17,"flow_first_seen":1492167455528,"flow_last_seen":1492167467498,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":207,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1492167342857,"flow_last_seen":1492167342893,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":230,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1492167351026,"flow_last_seen":1492167351061,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":185,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":8,"flow_first_seen":1492167345896,"flow_last_seen":1492167360666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":6,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.78","src_port":53220,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":13,"flow_first_seen":1492167350385,"flow_last_seen":1492167350562,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6290,"flow_avg_l4_payload_len":483,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_first_seen":1492167350333,"flow_last_seen":1492167350372,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":13,"flow_first_seen":1492167351067,"flow_last_seen":1492167352398,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4266,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":7,"flow_first_seen":1492167345896,"flow_last_seen":1492167360663,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":55,"flow_avg_l4_payload_len":7,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.78","src_port":47627,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":8,"flow_first_seen":1492167382020,"flow_last_seen":1492167402666,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":3,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.211","src_port":40740,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1492167617247,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":247730,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA044hAAEAGMbzAqAFny82XotNdAbtNZ116WRhNMIARAViFkQAAAQEICgAxu\/1F0qIP"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1492167617247,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1492167617247,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":841,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":247977,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0trJAAEAGXpLAqAFny82XotNeAbstqSV4qlMZrIARASwk9gAAAQEICgAxu\/1Frj0D"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1492167617248,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1492167617248,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":248213,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8JpFAAEAG7qvAqAFny82XotNfAbt51Z1vAAAAAKACchAH4QAAAgQFtAQCCAoAMbv+AAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1492167617498,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1492167617498,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":498933,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA82VRAAEAGO+jAqAFny82XotNgAbuDb2VoAAAAAKACchA2DwAAAgQFtAQCCAoAMbw8AAAAAAEDAwc="}
00438{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":560653,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG701\/B3aGGedWdcKASN8hYRQAAAgQFoAQCCApFrkDUADG7\/gEDAwc="}
00424{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":845,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":560732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpJAAEAG7rLAqAFny82XotNfAbt51Z1wwd2hh4AQAOW9kgAAAQEICgAxvExFrkDU"}
00750{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":561213,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiJpNAAEAG7cPAqAFny82XotNfAbt51Z1wwd2hh4AYAOWw1gAAAQEICgAxvExFrkDUFgMBAOkBAADlAwOiNE1rRkT0h3QOeP2KdM3vXFnz\/PaRz1MgqYNk+PneFSA+FXDDfXOJsJmV4DXnwkF2Bf3XeOpXHU2Ui84OelC\/LQAgqqrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8SkoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhqagABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":846,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_first_seen":1492167617248,"flow_last_seen":1492167617561,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00424{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":847,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":562993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0KCxAACwGAHnLzZeiwKgBZwG7016qUxmsLakleYAQAJ8hsQAAAQEICkWuQNUAMbv9"}
00424{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":848,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":598882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0701AAC0GOFfLzZeiwKgBZwG7011ZGE0wTWdde4AQAOqB1AAAAQEICkXSpjoAMbv9"}
00436{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":849,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":850648,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iTkQAAAgQFoAQCCApF0qaCADG8PAEDAwc="}
00426{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":850743,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VVAAEAGO+\/AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX41AAAAQEICgAxvJRF0qaC"}
00425{"flow_id":40,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":880360,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA04KNAACwGSAHLzZeiwKgBZwG701\/B3aGHedWeXoAQAHi8wQAAAQEICkWuQSQAMbxM"}
02346{"flow_id":40,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":881041,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI4KRAACwGQmzLzZeiwKgBZwG701\/B3aGHedWeXoAQAHjxgQAAAQEICkWuQSUAMbxMFgMDAF0CAABZAwNR3Yv58EXkARruI6MbXBUr2l9SVzFl0EZ4wibgNUpCviDg0to5\/h\/p7gAXT1kViG+D6U7ulXWnLBXIcoeBXEekv8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":852,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":6,"flow_first_seen":1492167617248,"flow_last_seen":1492167617881,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":881093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpRAAEAG7rDAqAFny82XotNfAbt51Z5ewd2nG4AQAPu2WQAAAQEICgAxvJxFrkEl"}
02347{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":883554,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI4KVAACwGQmvLzZeiwKgBZwG701\/B3acbedWeXoAQAHiHUwAAAQEICkWuQSUAMbxMi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRvmOK+fTnqOModyMUfEJPqNuPEK0K9F8VanEMXLo3emZnyyByi4h3TzEoJ3NZkWfVMDbYyLdAZFt6um2TnU2csBgEBACjRh\/zk"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":854,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":8,"flow_first_seen":1492167617248,"flow_last_seen":1492167617883,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":883571,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpVAAEAG7q\/AqAFny82XotNfAbt51Z5ewd2sr4AQARGwrwAAAQEICgAxvJxFrkEl"}
00789{"flow_id":40,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":856,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":887240,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE44KZAACwGRvrLzZeiwKgBZwG701\/B3ayvedWeXoAYAHgafgAAAQEICkWuQSUAMbxM\/b5DNs64DIF5q7fKZyFICi9kQ\/lct9MI5GWa\/cqfyCs1GKceNnk6Y9GUvH+fsTdws9yPHuZm9fVmEyOZfvxY3PYax2LhoTy4jqGwwoONIIaUV0SEi2BY+zl9efMqYaJb\/SVywLPKEpu9E7WYPUulJS\/ghB2hjRHGdlg\/mPz7ya\/TKuviTZ\/XTu6Pj0pXNeXSk7o3HIzV0B+ECun3x707qYY1dyWOBgntihvasSdGXPEKHh89ZqUtQ4u8a3BaAUKyZ0vOCUo1w8sVLzKygft211f4ugtpGo7SyPHyY+w\/tHk64Zd3c6GhtFij\/npk7b\/UhVdDrPfRxDj\/aloWAwMABA4AAAA="}
00425{"flow_id":40,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":857,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167617,"pkt_ts_usec":887251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JpZAAEAG7q7AqAFny82XotNfAbt51Z5ewd2ts4AQASivkwAAAQEICgAxvJ1FrkEl"}
@@ -544,34 +544,34 @@
01032{"flow_id":40,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167618,"pkt_ts_usec":206374,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"pkt":"8IQvSpdgeJKcD6iOCABFAAHzJplAAEAG7OzAqAFny82XotNfAbt51aNswd2t5oAYASiMbAAAAQEICgAxvO1FrkF0FwMDAboAAAAAAAAAAt44uUgrR8S6ggxct0rsCFrK0VkP5jjpuDxIZHwGT\/LQ5oM0yKemOo3CJy+sgYabwkMKAQRzt1ziA+vU4hwmO\/h7VhdV302peVeCUzrwNxc3R+BgZwXwWmVB838IjzvBe62dlXiDkeuqa8P9QnsLOGK0ecP0DG47X81\/9p+dp0jpLEOorOEYwMgWg9wo0EU50cqVPyKg0hxw9qaa1dOVra5htlg7g67fvU8Z1ztKaE9LEmYnwxa2+AkX99swBreBcaitKRYQcoil17RFhlaySWGP8GedvbL+VyuZtqW70VHus1vb5wFJZ3avIjjNrL0fKHF+W0wIVVFZJa+\/e+lUh\/\/71rWY4CmTjYrQA8g4IdqMFzC1SocKZICpaGecTLkfp6adgogvH118clIVw9L+YGn0xucbAFmimdNpGNdBZHN4\/GYO6Sxga4RhaTM5YS+oDixeEOL+Yqz9bXszOZGcfDFIGko0qUe9zyJHwJjlStjBDLSZ+oLgyVe7syHmD0Mp83t0I+Oi4vVjYfIl8Q7VSqd7x\/JKFlT3vAUPwoZPlbFpv2tfIc3flxI7VYZnvxq5pben"}
00436{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":870,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167618,"pkt_ts_usec":976754,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Andsj9g29laaASN8iSHwAAAgQFoAQCCApF0qecADG8lAEDAwc="}
00425{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167618,"pkt_ts_usec":976798,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VZAAEAGO+7AqAFny82XotNgAbuDb2VpJ3bI\/oAQAOX3ugAAAQEICgAxva5F0qaC"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167619,"pkt_ts_usec":48267,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Dr9AAEAGBobAqAFny82XotNaAbub+DW+SvgsEIARAOUtjAAAAQEICgAxvcBFrgFX"}
00424{"flow_id":12,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167622,"pkt_ts_usec":380250,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePdAAEAGFxjAqAFnQOmnvIyxFGy60MyoSq1b+oAQAO3UVQAAAQEICgAxwQGFoOCz"}
00424{"flow_id":12,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167622,"pkt_ts_usec":434983,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0uEoAACsGLCVA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWUzwAAAAQEICoWhkK8AL7Ej"}
-00504{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00477{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":878,"source":"wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1492167619048,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":20,"flow_first_seen":1492167338426,"flow_last_seen":1492167458187,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167639,"pkt_ts_usec":304044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0bxNAACwGuZHLzZeiwKgBZwG702Andsj+g29laYARAHDjOwAAAQEICkXSu3UAMb2u"}
00425{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167639,"pkt_ts_usec":304212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VdAAEAGO+3AqAFny82XotNgAbuDb2VpJ3bI\/4AQAOXO7AAAAQEICgAx0YhF0rt1"}
00425{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167639,"pkt_ts_usec":887787,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA02VhAAEAGO+zAqAFny82XotNgAbuDb2VpJ3bI\/4ARAOXOWgAAAQEICgAx0hlF0rt1"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1492167639887,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1492167639887,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167639,"pkt_ts_usec":887918,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8T5xAAEAGxaDAqAFny82XotNhAbttdZ2FAAAAAKACchD+DQAAAgQFtAQCCAoAMdIZAAAAAAEDAwc="}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1492167640138,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1492167640138,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":138557,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8VUZAAEAGv\/bAqAFny82XotNiAbsbK4ceAAAAAKACchBmfwAAAgQFtAQCCAoAMdJYAAAAAAEDAwc="}
00436{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":203151,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702Ea0aYHbXWdhqASN8gHqwAAAgQFoAQCCApF8injADHSGQEDAwc="}
00424{"flow_id":43,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":890,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":203226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T51AAEAGxafAqAFny82XotNhAbttdZ2GGtGmCIAQAOVs9wAAAQEICgAx0mhF8inj"}
00751{"flow_id":43,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":203667,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiT55AAEAGxLjAqAFny82XotNhAbttdZ2GGtGmCIAYAOVdJQAAAQEICgAx0mhF8injFgMBAOkBAADlAwNTKUS2Efj261J+LE5stULB\/lzfBlOjyL3qEyuaPjoLLSDg0to5\/h\/p7gAXT1kViG+D6U7ulXWnLBXIcoeBXEekvwAgWlrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8SkoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIKioAHQAXABi6ugABAA=="}
-00722{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00733{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":891,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_first_seen":1492167639887,"flow_last_seen":1492167640203,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":892,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":214427,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0+B5AACwGMIbLzZeiwKgBZwG702Andsj\/g29laoAQAHDN6wAAAQEICkXSvFkAMdIZ"}
00436{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":893,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":450553,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hErAAAAgQFoAQCCApF8iogADHSWAEDAwc="}
00425{"flow_id":44,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":894,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":450646,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUdAAEAGv\/3AqAFny82XotNiAbsbK4cf8lL5uYAQAOWp+QAAAQEICgAx0qZF8iog"}
00424{"flow_id":43,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":521509,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0jDpAACwGnGrLzZeiwKgBZwG702Ea0aYIbXWedIAQAHhsJwAAAQEICkXyKjIAMdJo"}
02343{"flow_id":43,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":523427,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIjDtAACwGltXLzZeiwKgBZwG702Ea0aYIbXWedIAQAHiFDQAAAQEICkXyKjMAMdJoFgMDAF0CAABZAwOpnclgnMJRDF3ZiLpnTC4ta7TfKuCxUQBZwDuf6z48miBYxgzAaMyfJOk08sA4g8dg3UnK03IZIzAXShNAci3a7sAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00779{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00790{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":896,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":6,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00424{"flow_id":43,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":897,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":523484,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T59AAEAGxaXAqAFny82XotNhAbttdZ50GtGrnIAQAPtlvwAAAQEICgAx0rhF8ioz"}
02346{"flow_id":43,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":523898,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIjDxAACwGltTLzZeiwKgBZwG702Ea0aucbXWedIAQAHjD\/gAAAQEICkXyKjMAMdJoi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQAdCFM+z4Pj3h++LNkD49ZihRhKeOZguGplPPY68JOtUwDnXttZieII13qQKxtqyn32q+R2+1jkY8pOqvVI0bkBgEBAHBcPcRx"}
-01312{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01323{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":898,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":8,"flow_first_seen":1492167639887,"flow_last_seen":1492167640523,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00424{"flow_id":43,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":523937,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T6BAAEAGxaTAqAFny82XotNhAbttdZ50GtGxMIAQARFgFQAAAQEICgAx0rhF8ioz"}
00776{"flow_id":43,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":525014,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4jD1AACwGm2PLzZeiwKgBZwG702Ea0bEwbXWedIAYAHj7wQAAAQEICkXyKjMAMdJoxFwy3+pR7798L38aICm5PRXbvMTLd8bAytx20qUedNneLZhqqX+fas2jW9BTEa6+Y+g0FbaEsc0CdV0uSOiKWx8PESp808CDboG+hmz3XQR5H+kbrqgFqoLhOEegXLkTsLAzcdj8Mft7ftSP2tUH+bwMwlskUk2APWvNNtnGYXnJlN1Xx8DB5+yWP+B2cgJylQkcr4PeHueLkxI4HuHGGGlcCmmsodYm+yzlIityEkxJy2XMHEQJ+k2Zgz9YRaoV7ZAdbrc+xsmlSxnUNzA9OPMOR+gqYL50oTMcmTMwvAItw9y5XCKsP0JRZeI3o7TLpNb3qhcA8ChQZFMWAwMABA4AAAA="}
00425{"flow_id":43,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":525046,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0T6FAAEAGxaPAqAFny82XotNhAbttdZ50GtGyNIAQAShe+QAAAQEICgAx0rlF8ioz"}
@@ -581,39 +581,39 @@
01068{"flow_id":43,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167640,"pkt_ts_usec":847391,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"pkt":"8IQvSpdgeJKcD6iOCABFAAIPT6RAAEAGw8XAqAFny82XotNhAbttdaPKGtGyZ4AYAShHHwAAAQEICgAx0wlF8iqCFwMDAdYAAAAAAAAAAh1muGjOPXIX40dIJ1pd+2dFHsVMoNmHUc0fTMh1mApRVoCS2+G8qiOSrxGvgq+gc1+zTHqk0N0pq5TVYV2lpi0YYsI9rI3KMcQjeQSC129QCarWmDtfPvsv3PQdjZSuQw9o1ppwGtEhzY3LANHXfWguKZ2dgkOMTSEMrEV8QVc6uRyJMSv2VycsQzxdnRdz3T6iTn01YMbKWjGoqnuNfhb\/7rIQln+ltAsN6U3Pyw3EN\/MUT7Y3dqAOj9lkrb9No0LqpI0M9vmqs+RuThumptBGDuZxS9JDwzr\/YYZyKVZZFCC39iJItVBRrPleOQhv9muxoW32a1tXbE+As\/4MvMSMuRYuXWKCjrgBUsKfIjGG9EthdYXlwG01QkGdcsfvbJiMTrHX5a7rZBzpbdNxdc7BnNOInKgrK2P+szZ13Zfa+U6zOLkqDYYZQ6penSZthBEl0rCZ0xShqemMcI5ltxYwYx4Kaa9zbw28Bdh7xCCGijNfRY4KlDbCUKmrOQ4wbVQwy+5yysqRP5m2wWNlUpDYDSniojwRY7TnvUlquV2JEJjY71eqGRYXECVcg6CL89Oy4mqoP0fDV+w87hmsdveWVzBkLIdSGCkJtdtHRA=="}
00436{"flow_id":44,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":921,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":723120,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702LyUvm4GyuHH6ASN8hDHwAAAgQFoAQCCApF8itfADHSpgEDAwc="}
00425{"flow_id":44,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":922,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":723166,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUhAAEAGv\/zAqAFny82XotNiAbsbK4cf8lL5uYAQAOWouwAAAQEICgAx0+RF8iog"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":988101,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEonJAAAERNCzAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":924,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00478{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":988177,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":925,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1492167641988,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
00448{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":926,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":988464,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEonNAAAERNCvAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00478{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167641,"pkt_ts_usec":988496,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00448{"flow_id":45,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167642,"pkt_ts_usec":989408,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEo2tAAAERMzPAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00478{"flow_id":46,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":933,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167642,"pkt_ts_usec":989471,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00448{"flow_id":45,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":934,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167644,"pkt_ts_usec":990362,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEo9NAAAERMsvAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00478{"flow_id":46,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":935,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167644,"pkt_ts_usec":990474,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1492167648243,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1492167648243,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":243043,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"8IQvSpdgeJKcD6iOCABFAAA7101AAEAR3q7AqAFnwKgB\/kphADUAJzTVMN0BAAABAAAAAAAAA3JlcwJ3eAJxcQNjb20AAAEAAQ=="}
-00627{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1492167648243,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":936,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1492167648243,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01055{"flow_id":47,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":277339,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"pkt":"eJKcD6iO8IQvSpdgCABFoAILAABAAEARs4zAqAH+wKgBZwA1SmEB91rcMN2BgAABAA0AAgAMA3JlcwJ3eAJxcQNjb20AAAEAAcAMAAUAAQAADgoACwVyZXN3eAJ0Y8ATwCsABQABAAAALgANBXJlc3d4BHRjZG7AE8BCAAUAAQAAAC8ABgNzc2TAMcBbAAUAAQAAAhgABgNzc2TASMBtAAEAAQAAAIwABMvNniLAbQABAAEAAACMAATLzZfUwG0AAQABAAAAjAAEy82eNcBtAAEAAQAAAIwABMvNnjfAbQABAAEAAACMAATLzZfjwG0AAQABAAAAjAAEy82eI8BtAAEAAQAAAIwABMvNnjjAbQABAAEAAACMAATLzZfTwG0AAQABAAAAjAAEy82eNsBIAAIAAQAANa8ACgducy1jZG4xwBPASAACAAEAADWvAAoHbnMtY2RuMsATwQ8AAQABAAACoQAEtv4QccEPAAEAAQAAAqEABLhpznrBDwABAAEAAAKhAAQOEROMwQ8AAQABAAACoQAEZwce7sEPAAEAAQAAAqEABHt+dlDBDwABAAEAAAKhAAS0oxYuwSUAAQABAAACoQAEtv4LcsElAAEAAQAAAqEABLb+bmTBJQABAAEAAAKhAATLzZfxwSUAAQABAAACoQAEDhEsW8ElAAEAAQAAAqEABHBaSWTBJQABAAEAAAKhAAR9Jy3o"}
-00658{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_tot_l4_data_len":542,"flow_min_l4_data_len":39,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1492167648277,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":938,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.QQ","breed":"Fun","category":"Chat"},"dns": {"query":"res.wx.qq.com","num_queries":1,"num_answers":27,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.158.34"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1492167648277,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":277830,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8euFAAEAGk9vAqAFny82eIqtKAbscYaCqAAAAAKACchBlYgAAAgQFtAQCCAoAMdpLAAAAAAEDAwc="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1492167648494,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1492167648494,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":940,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":494081,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8\/\/9AAEAGDr3AqAFny82eIqtLAbsShiV+AAAAAKACchDqMgAAAgQFtAQCCAoAMdqBAAAAAAEDAwc="}
00424{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":582668,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"}
00408{"flow_id":48,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":582745,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"}
01107{"flow_id":48,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":583174,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"8IQvSpdgeJKcD6iOCABFAAIteuNAAEAGkejAqAFny82eIqtKAbscYaCrh1jrRVAYAOXThgAAFgMBAgABAAH8AwOCKLlYqqAvHPbStkNWfjviIJbNG8Opd41AdjWFUM5PDSCzw4Dj+1hijcfqB70gmV5q3+xDc\/7ZaGy4swNwVbbuBgAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTuroAAP8BAAEAAAAAEgAQAAANcmVzLnd4LnFxLmNvbQAXAAAAIwDA2rkP6N2F29W8IwDuml2ZBBexYWjz5d457nDC1tP3qzS2OGOajXlg7G9AUXA4imekq\/giRMEwa6iYhFjFjW4HKVdggoetJsKG1EFlq7Nse5+E1dc7PIUx4S\/ZrSiowXWl3yiYnLRXfAjDAJmKDd8SHhSHQTacbrGt8DQhtrFK0Cnfg4052zdZqAPMursq2AeUYh3+Ngc6z81+fZTHJbme2+rUNgUjlpPVl20yUvASxiP0qdMrlctOXqH2ToAmQQaKAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAgqKgAdABcAGFpaAAEAABUAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_tot_l4_data_len":629,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_first_seen":1492167648277,"flow_last_seen":1492167648583,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00425{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":873395,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"}
00409{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":873492,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"}
00408{"flow_id":48,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":901608,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAouBhAADEGZRjLzZ4iwKgBZwG7q0qHWOtFHGGisFAQAHukpAAA"}
02370{"flow_id":48,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":902355,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"eJKcD6iO8IQvSpdgCABFoAXcuBlAADEGX2PLzZ4iwKgBZwG7q0qHWOtFHGGisFAQAHtKVwAAFgMDAEgCAABEAwOl4vZPF0bScJW+f8qrSOuG6NWtKghGWg36rESUqwxOoAAAnQAAHAAAAAD\/AQABAAAjAAAAEAALAAkIaHR0cC8xLjEWAwMSvwsAErsAErgAB7QwggewMIIGmKADAgECAhBrUPksf4oyMjSwV4ASgKLNMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNjA1MTAwMDAwMDBaFw0xODA4MDkyMzU5NTlaMIGSMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdkb25nMREwDwYDVQQHDAhTaGVuemhlbjE6MDgGA1UECgwxU2hlbnpoZW4gVGVuY2VudCBDb21wdXRlciBTeXN0ZW1zIENvbXBhbnkgTGltaXRlZDEMMAoGA1UECwwDUiZEMRIwEAYDVQQDDAl3eC5xcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxAHUrCcNPlCBG6Ea74TgkCCNchqGwaeD2Gja2dtIEMhguVwcs2KcnPZ0BTW+Wlhjcw18e8a3qA5aNNNR6HqXXdpw\/\/iT557Axy4PbSeFd1UmxKwVpaDAK2lmFMGkIJZbI98Zm4W3hxCjhQTkBFZj5ePX5DrDh8NNFWdYeJpGDyQlwLTMtrViHAeoiVcJ8jPS6HWtO\/UiyIoryHVf+I52fvdVGVzMegbmFxAHrivdrBE5BhYr9d3wq3zhFepiy2tfGI8B\/Z1qLYHNh2WE25oNbTGh4cE7gu5oqY88UmzyxVxa5eR5B4OUwXYcO5yrSTEcdWhsy54YdU7iCwIG\/OHwPAgMBAAGjggRNMIIESTCCAUEGA1UdEQSCATgwggE0ggp3eDEucXEuY29tghF3ZWJwdXNoLnd4LnFxLmNvbYIWd2VicHVzaDEud2VpeGluLnFxLmNvbYIXbG9naW5wb2xsLndlaXhpbi5xcS5jb22CD2xvZ2luLnd4LnFxLmNvbYIPZmlsZS53eDIucXEuY29tggp3eDIucXEuY29tghBsb2dpbi53eDIucXEuY29tgg13eGl0aWwucXEuY29tgg5maWxlLnd4LnFxLmNvbYITbG9naW4ud2VpeGluLnFxLmNvbYIWd2VicHVzaDIud2VpeGluLnFxLmNvbYISd2VicHVzaC53eDIucXEuY29tghV3ZWJwdXNoLndlaXhpbi5xcS5jb22CEXdlYi53ZWl4aW4ucXEuY29tgg1yZXMud3gucXEuY29tggl3eC5xcS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuw="}
-00804{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_tot_l4_data_len":2129,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}}
+00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":6,"flow_first_seen":1492167648277,"flow_last_seen":1492167648902,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1"}}
00408{"flow_id":48,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":969,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":902391,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuRAAEAGk+zAqAFny82eIqtKAbscYaKwh1jw+VAQAPuecAAA"}
05030{"flow_id":48,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":903691,"pkt_caplen":3484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":3484,"pkt_l4_len":3450,"pkt":"eJKcD6iO8IQvSpdgCABFoA2OuBpAADEGV7DLzZ4iwKgBZwG7q0qHWPD5HGGisFAYAHs5gAAAvswAAAFUmcBh2QAABAMASDBGAiEAiufSCxdOF+7bgLpOmxcQG65s2qcgk7pdknOslLXY\/LoCIQDE45vN8fjY00CTdAwWDifBEAx38j2fQnz0tu8VuQYaaQB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABVJnAYgoAAAQDAEYwRAIgCJtQ2j0JaTPEQjEs0TuxHQfYaL2uWgH2iq\/PKYGE1wkCIAWv97otqd2tBkfL2zH82LGUijT7jPOhF4bZh7VUmVMPAHcAaPaY+B9kgr46jO65KB1M\/HFRXWeT1ETRCmesu09P+8QAAAFUmcBiDwAABAMASDBGAiEAsFcX8neGVSoD2KIq715oreo+ZZHssfyESZimYGEqbZECIQCY6c45FdAvBmBvBM8a7DIvTZz7Hqf\/jJKOfuPp2IaPgjANBgkqhkiG9w0BAQsFAAOCAQEAacSpqaeLeHtWG6B2q1V21KOu+t+P6DKXMlAHJQxnO\/Z6eX2lm2slENukRZAUJAfqy+pjKmCYyh9yOqKpYcU\/1LwhjaA5NbGJtr5doYCCLzWgEYUTI0CcVrgndk8aV9eIXFvmPSCniyEo0G+srQoPtcOJ\/dJ0fnTCOkJ5\/idKuF0HBwZDY3W5iZiYNg4LjjlBsrZrDbBuDmmmQ3X3T5CNLGlle4wCpKbNX7Ax4WO\/kwQeyYxpZrtwVijbRENwCnxqfK2bTAq08T3eIw+RT2WONqajChf3hIvPkUpOX61AJrDZm2Tu8KGncijArQGQQ3+qiBfUWFpk1ENGcqqlL9V\/NQAEUzCCBE8wggM3oAMCAQICAwI6bzANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMB4XDTEzMTEwNTIxMzY1MFoXDTIyMDUyMDIxMzY1MFowRDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHTAbBgNVBAMTFEdlb1RydXN0IFNTTCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA475+Coajz2ttPSuhl61JJE3Xd7k0eQilnqKe3kcSkj1+6hmGsehPPV\/30Kd3mlsfCgO1GVPbpSGUaWOdakyRDBBHvhH6bIYlt6sEaEI4CWXwFNoZnvprC6ti742n72NwI6ivgfPRbohnU+wSpCl1iqfyVz2ig5iX8gp91OdDbjB4YiJZWbhxJ0WqD2bGVT\/6MhcrMY9GoPppFHydn1ri6zNOEKaz7Xdj2MOe9N3feZp61O7e3ZrMw7epXcwROge7b5ekASNHlR+jd\/pYksbH0L3PkxhCt373nmXq1TvK7azFcKH+1BCa8BIERKwaW3hQRVdMb72Ay4FcLbO8dqEeZQIDAQABo4IBSjCCAUYwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFNJv95b0hT9yPDB9I9qFeJujfFp8MBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzOTANBgkqhkiG9w0BAQsFAAOCAQEAoNT3LPt0C39k8c1Dap9iUxwCfJiQou5PaNQgGnMSPnezUOtyvO6Ivn8X6nePg2GVT4ShyzJPbCG+0mmWfWO93CuoH9AThHD+9jWVifmmd7BGyLu3E\/XJYGnWTP7Sju\/TYMGAgOHn+4tvIXlK4NypG8G3+8NJWVy1dwdE1Jf8SQCJbwZOAXAZrC8RwOLmDy+GS417w7mnLvTxrBY+OUlRnhdLTxA6W6Wokm\/9+tYLA01HVlcZ88tr9fPWz7D19aMR0iBTEzQ3BSxDWmPfjUDWhR5R6VEXHgNWyfEwreebEaK50DGBm2ix2ejz5pR+x64TL4ft0CWwaPneCFrzKczUkgADgTCCA30wggLmoAMCAQICAxK75jANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDUyMTA0MDAwMFoXDTE4MDgyMTA0MDAwMFowQjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xGzAZBgNVBAMTEkdlb1RydXN0IEdsb2JhbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANrMGGMw\/fQXIxpWflvfPGw45HG3eJHUvKHYTPioQ7YD6U0hBwiI2lgvZjkpvQV4i5046AW3an5xpObEYKaw74DkiSgPniXW7YPzraaRx5jJQhg1FJ2tmEaSLk\/K8YdDwRaVVy1Q74ktgHpXrfLuX2vSAI25FPgUFTXZwEaje3LIkb\/JVSvN0Jc+nCZkzN\/Ogxlxyk7m1NV7qRnNVd7I7NJeOFPlXE+MLf5QIzb8ZubLjqQ5GQC3lQI5kQsO\/jgu0R0FmvZNPm8PBx2vLB6PYDni+jZTEznUXiYr2z2oFL0y6xgDKFIEceWrMz3hOLsHNoRinHnqFjD0X8Ar6HFr5PkCAwEAAaOB8DCB7TAfBgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHQ4EFgQUwHqYaI2J+6sFZAwRfap9ZbjKzE4wDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwTgYDVR0gBEcwRTBDBgRVHSAAMDswOQYIKwYBBQUHAgEWLWh0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeTANBgkqhkiG9w0BAQUFAAOBgQB24RJuTksWEoYwBrKBCM\/wCMfHcX5m7sLt1Dsf\/\/DwyE7WQziwuTB9GNBVg6JqyzYRnOhIZqNtf7gT1Ef+i1pcc\/yu2RsyGTirlzQUqpbS66McFAhJtrvlke+DNusdVm\/K2rxzY5Dkf3s+Iss9B+1fOHSc4wNQTqGvmO5h8oQ\/EgADJDCCAyAwggKJoAMCAQICBDXe9M8wDQYJKoZIhvcNAQEFBQAwTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw05ODA4MjIxNjQxNTFaFw0xODA4MjIxNjQxNTFaME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMFdsVhnCGLuoJotHwhtkRRomAoe\/toEbxOEYiHD0XzOnwXguAHwTjTs4oqVBGSs8WtTXwWzy2eAv0ICjv7dAQns4QAUT\/z78AzdQ7pbK+EfgHCZFVeTFvEPl2q3wmgjHMxNWTCsUR47ryvW7mNFe8XZX1DS41APOojnvxT94Me5AgMBAAGjggEJMIIBBTBwBgNVHR8EaTBnMGWgY6BhpF8wXTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTENMAsGA1UEAxMEQ1JMMTAaBgNVHRAEEzARgQ8yMDE4MDgyMjE2NDE1MVowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ\/UMB0GA1UdDgQWBBRI5mj5K9KylddH2CMgEE8zmJCf1DAMBgNVHRMEBTADAQH\/MBoGCSqGSIb2fQdBAAQNMAsbBVYzLjBjAwIGwDANBgkqhkiG9w0BAQUFAAOBgQBYzinq\/Pfetc4CuRe1hdG54+CVzCUxDQCmkm5\/tpJjnlCV0Zpv5BHeY4VumO6o\/1rI01WyZnFX3sAh6z0qpyNJAQSGQnv87n+iFlK1Z2fTQNs7JliyKHc9rhR3Ydb6KmYnoA36p3Nc6nDxlCFlRF\/6\/O8paKmih3nvee9PrAd3OBYDAwAEDgAAAA=="}
-01367{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_tot_l4_data_len":5599,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3450,"flow_avg_l4_data_len":699,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}
+01378{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":8,"flow_first_seen":1492167648277,"flow_last_seen":1492167648903,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":5407,"flow_avg_l4_payload_len":675,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8":"Weak TLS cipher"},"proto":"TLS.QQ","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"res.wx.qq.com","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","alpn":"h2,http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}
00408{"flow_id":48,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":971,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":903749,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuVAAEAGk+vAqAFny82eIqtKAbscYaKwh1j+X1AQATGQ1AAA"}
00845{"flow_id":48,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167648,"pkt_ts_usec":906084,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"pkt":"8IQvSpdgeJKcD6iOCABFAAFmeuZAAEAGkqzAqAFny82eIqtKAbscYaKwh1j+X1AYATFcEgAAFgMDAQYQAAECAQAhawO\/So02owaxwtSBTxgQTMGYEFFwQfENZd+q51oYgQaRl474gqK1J1Qcn\/lTkYGvPp69dZQntNXEY5pmbpNXrM5S78RwbgFdRvg9LmN5xSHxhEG+PtKta2IW9t4ERcm5QkxyjclvEYp\/3f0gkLogOpZzo1D6BoBxwqxl2od9ghrNs\/fgh1yMYsShe51\/CE6NfJmxw1tAncj0mIpZ\/V8NOsuLtjcBXBd5Yi0ZUzWmw95su4oMpe4ZCuldslgd3DFEQSFRYu5e+hEPRE+d30syoeIdkZiyk5oA9X6WlIkQLzKVKAPU9\/zOFZzCyerdURGdA8\/P0FtIx2sWQmLQY1gJFAMDAAEBFgMDACgAAAAAAAAAAHreAZXwYU5XDew+sGUU0hHC+4w9SB7ji3gKd9\/+recE"}
00417{"flow_id":48,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":991,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167649,"pkt_ts_usec":223893,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAouB1AADEGZRPLzZ4iwKgBZwG7q0qHWP5fHGGj7lAQAIOQRAAAAAC4nN6O"}
@@ -621,14 +621,14 @@
01089{"flow_id":48,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":993,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167649,"pkt_ts_usec":231886,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"8IQvSpdgeJKcD6iOCABFAAIeeudAAEAGkfPAqAFny82eIqtKAbscYaPuh1j\/YVAYAUjtBAAAFwMDAfEAAAAAAAAAAXo3ZqAIQZwh7WYehCHlMp2CtH44uuwR0zgQklawhRCsENEZBjI9PajPfT3VsbMx3WNURWJcAL6kcoNnDveagRd0RvLoKQbbVVXJA5Yj5eUPm1jx+5TE1\/ecNxSmtvyYECbmTTUblYS8ovOS2EBTA3j44A3UEct12yRb6UqJBd1siIyEUG3Zh1ku8hETRMmCk0SUIJfwsW8f40KA0F5eAAJEE8KqSzmbeUYh5GoMrv5Mw0hzFP2++\/pU33djuMhPGpvKO8Qmdo7whsId36G97l8LJQ4CatqxrzESizmQabw+zetuhwhPHh9Tu2m3k5xpX8oT28JvF3aqNOHtpbSSjaEZxtZPmlxYCAkwTkhN5q++m68WJThU02jI9ogUAN1XsBczrFmIB0KxNPkD36NOUM+SgChL+kvofeB399\/h+ZHtqGzQ31HxLRXn9tF\/MRlgZOIxSIz0D7lxlRhR2lkmUkBofEiuZW3W2VYXmyv4xNfJKuFpgeEI7tEbJKy35TMd0LLAAGZPZ07Bq2vq6aac31UUoTWHkbbDjaGI+UE8W+am4YZXNWi7mlvK9B5Z+NeDM3J61DZvgANBOqAKrwBNpgdNHhTTjVuOIx13FeZDMNFJXDR+X7tyKkdn+pdzleEMLhRKx03JGAIOyQ=="}
00417{"flow_id":48,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167649,"pkt_ts_usec":549109,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAouB9AADEGZRHLzZ4iwKgBZwG7q0qHWP9hHGGl5FAQAIyNQwAAAADcFepn"}
01671{"flow_id":48,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167649,"pkt_ts_usec":551913,"pkt_caplen":984,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":984,"pkt_l4_len":950,"pkt":"eJKcD6iO8IQvSpdgCABFoAPKuCBAADEGYW7LzZ4iwKgBZwG7q0qHWP9hHGGl5FAYAIxFlQAAFwMDA50y6eHBv2K64C7+tJIQlCdw2jUNZme81zBy9Kudd90KLapxrnKnOsSMuJfxCzRNgfWOQYwttn0mY\/t6aW25mV59UxR8nnPwhFXmjTofQjxTb1I89V\/73gJlncSt\/B1VlChgh0nl4hq+MNOHTNwf+6iIL3CbjtAS\/uFE1MRfMG2IzAWVohyS1zlqHfVH7dc8+5oj4UkxVlADQTMFb9uBsPH1MO0bV0zM9dmOm7iaKG\/PfvbDT8ROTgsUMYc95gKmCgbMJ1X1nLgVMtsXZOqXUESKGpgkUyDSGaKmFApsD2jbiEc7rHoz5S3NqWERAmOdT9PxkpqZgGX7g2c7WRqQdWEv7IJaRxvAx\/dgDrn4GXUBTMEQe4LfrDkGXxx0+OBdqBxvKZyt2svgQtIoijhUywBLw7ECbrjrNm3RCYQaza3Q7ZeXzpJszCiKLlqJM++\/1VDrvVoJ6qRkHK3E2n3WAiYSO6X9hlTqjlhALTKp9xuw4aBQI9vTAUKMv8l61n6GtcPlv1i9qFQJHocc94IwZrWaYA+\/hIVCy8OAc0mKOrJghE0pyY3mS4rYhUDtGSIDfLdVc7xZCGJT\/A0vKcIpmz6GyPOQEBxnxLi3K4Z\/v7dqmz87KJaqWbasRHhwUknVx+Qv8WEqUKxrU57ccRQEXGF+GNjkj46fcUrTA1\/Q1yt1KCFvFZxCRRA8phQeBYG9Ex\/r0eyVnv\/x5yKt5S1qto4LOBnDbqqRqlWEGAzYIoRh4Gn2Pa9lGBPM3svNKpd2o7plM1ICOKo+Qyuwz5Uqdx3SxU4R0EyWih9nqE19hRdxHQnyyThg5JunE5cG79CdtE+PAcg1XDWrbywOJDRXhXp1E6HHjPKvlzmNyOUUm8Ui2sY3e9XFdYYVVZX4mBBB\/XXP9VhbUZmSWHe1evb2ShulRaptP1T4uK81o7jbH7VdtvCHZjuBpRzZSYd8UFXpNUKPYrF9Pyh+a2AXknKLHQe1P7OMsLvCTYzuNAfEsCJQIgssxuUVh3rlvd0FdEgiddFvA5YHie3zCEIHmFPDnhUDvCfEF2N2B3fF2Q2Y8R9clzIhB\/jBSLhYKKqPyMzuGv4T8pHGEH8unfFFERaPv9BZRHW2HKULct\/SPhWcvj7+RlopmuzfQxR0jJKYpH9S4pO19aUX4raoISFb13mJ4M6wVLlnADsiu9c4m2L+\/Vvv\/YS+HyVAZ1\/KzBpu+nl2z9Hp7qT0FQQKtvobc68f"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1492167650311,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1492167650311,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":311981,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1492167650311,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00653{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1492167650311,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00651{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":345975,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"pkt":"eJKcD6iO8IQvSpdgCABFoADcAABAAEARtLvAqAH+wKgBZwA17JIAyGqeKzmBgAABAAEABAAEA3NzbAdnc3RhdGljA2NvbQAAAQABwAwAAQABAAAAHQAErNkXQ8AQAAIAAQACif4ADQNuczEGZ29vZ2xlwBjAEAACAAEAAon+AAYDbnM0wEHAEAACAAEAAon+AAYDbnMywEHAEAACAAEAAon+AAYDbnMzwEHAPQABAAEABTcbAATY7yAKwGgAAQABAAUtSQAE2O8iCsB6AAEAAQAFLUkABNjvJArAVgABAAEABS1JAATY7yYK"}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":41,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1492167650348,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00682{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1492167650348,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02205{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":348036,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibiVAAEARQTrAqAFnrNkXQ4sRAbsFTiZlDSoBZwIONIO7UTAzNQGbgwNlLywtCSgLtCegAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb227JKt8ARxJVGRWJtplczZ+Y0Ub6N9qmKgMLrSZKyo986eVN4hLCQ8XNjFEbipb4AqXbG2doRLcUxXPUTAzNQHogWCSkhrofu2AhqIVgpFY8KviMDAwMDAwMDA5UDTgFLbVCW\/cQ8zfwllNkC+Y3GQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAA4qvwWAAAAABQ8MfjcV\/rNPz9nE7SSiHC6cDht5RKlsv0JChHgsKm0olGM4pgTHU2HYUvFhtNkOqQx\/75FAQP87Et+xOmGXIhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees8hQEA9eDJxrTnigGUXAfpWeAkSroNTkBs4scsx1Ra2LSNreNDFvpSDuqq6UeKpHg6NTM40g2RnXl5QzirTperKCTKzWwn+4\/bmuO2uGlriSPr4ExcTigYtlruN8fxdgnsCAuRhi2\/JFjFnbJqpKvDwpzJerd7H8C9zsxPzgMehsK4\/vItkCcZuwJmgaicPHLBf9M3RGKygCyV25zBdoSYTv7XUf5XBhgAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00629{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1492167650348,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
+00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1492167650348,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"ssl.gstatic.com","user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}
00881{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":348333,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="}
02223{"flow_id":51,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":401660,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"}
00451{"flow_id":51,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":402045,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbjFAAEARRkvAqAFnrNkXQ4sRAbsAMdx0DCoBZwIONIO7A\/2cOIqV1ZCK4h2eK05EMevTWpEuYxJ\/wRQedJtK4Zk="}
@@ -638,18 +638,18 @@
00784{"flow_id":51,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":419895,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"pkt":"eJKcD6iO8IQvSpdgCABFoAE6AABAADcRu+es2RdDwKgBZwG7ixEBJqaZAATD7MXnehtiXlUz+Hk1AeZaUc2+ZMvDZUZ0GqGxNNaAlZinDCrBrnaOATxSGsOCFMaCaFec4SV7oO\/kLFwrUENrwh1y1mgTHgoiDmnYRHxuSeGyRFMYgw\/xosUJkzw12lBcnAXTNv8a\/2SuAyzWJ4jI6Iu2NlHm3V9zQ8CxPjqgYIbUhNNdrG5USoTXaVi5Y7S5DrKlzxBm3pDBUHpSYYgnG\/IeF1QrqlkpO7en7C1cHKFw6gJSHCRIMxY8ZiapLj1p4qZkxYLvpZc5K1weMNgNi9AfEMvDInvOymojlrBOTgO6WjdYp9wpg0vGani4DMjzXYMZAzdJxYXKztZguyy1lTWS4COCVAf8P5zodYdJZ5FJBDf9WNj4Gj5A6A=="}
00445{"flow_id":51,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1007,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":446122,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"8IQvSpdgeJKcD6iOCABFAABCbjpAAEARRkXAqAFnrNkXQ4sRAbsALnSgDCoBZwIONIO7BYiI4Q8+7Irw1TjIeblP7I8YsZt0hiW0bAcHDAs="}
00436{"flow_id":51,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1008,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167650,"pkt_ts_usec":467068,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"eJKcD6iO8IQvSpdgCABFoAA6AABAADcRvOes2RdDwKgBZwG7ixEAJriTAAUXSH3m+iN6aIxogGzNWS8zq8zerRpTJGHn\/W\/H"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1009,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167654,"pkt_ts_usec":504261,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0DsBAAEAGBoXAqAFny82XotNaAbub+DW+SvgsEIARAOUK7AAAAQEICgAx4GBFrgFX"}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00478{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00486{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1492167654504,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54106,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":44,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1012,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167662,"pkt_ts_usec":38819,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA00hRAACwGVpDLzZeiwKgBZwG702LyUvm5GyuHH4ARAHCUGQAAAQEICkXyPzYAMdPk"}
00426{"flow_id":44,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1013,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167662,"pkt_ts_usec":40225,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUlAAEAGv\/vAqAFny82XotNiAbsbK4cf8lL5uoAQAOV\/zAAAAQEICgAx57xF8j82"}
00425{"flow_id":12,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167667,"pkt_ts_usec":432251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePhAAEAGFxfAqAFnQOmnvIyxFGy60MyoSq1b+oAQAO34WQAAAQEICgAx7QCFoZCv"}
00426{"flow_id":12,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167667,"pkt_ts_usec":486259,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0HvAAACsGxX9A6ae8wKgBZxRsjLFKrVv6utDMqYAQAWWDwwAAAQEICoWiQKsAL7Ej"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00690{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167669,"pkt_ts_usec":545491,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwPUUAAIARd2TAqAFkwKgB\/wCKAIoA3H9oEQ7+\/cCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1023,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1023,"source":"wechat.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1492167669545,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":45,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1023,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167678,"pkt_ts_usec":290084,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEpChAAAERMnbAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00479{"flow_id":46,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1024,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167678,"pkt_ts_usec":290138,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00449{"flow_id":45,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167678,"pkt_ts_usec":290470,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEpClAAAERMnXAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
@@ -658,9 +658,9 @@
00479{"flow_id":46,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167679,"pkt_ts_usec":291241,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00449{"flow_id":45,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1029,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167681,"pkt_ts_usec":291654,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEpXFAAAERMS3AqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00479{"flow_id":46,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1030,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167681,"pkt_ts_usec":291756,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167690,"pkt_ts_usec":433709,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9oAAAEC8bHAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1031,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00409{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1032,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167690,"pkt_ts_usec":638500,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPVsAAAECRLLAqAFk4AAAFpQEAAAiAPsBAAAAAQIAAADgAAD8"}
00408{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167691,"pkt_ts_usec":48074,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPVwAAAECRLHAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
00411{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1037,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167693,"pkt_ts_usec":96253,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPV0AAAECRLDAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
@@ -669,9 +669,9 @@
00412{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1042,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":144163,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoPV8AAAECRK7AqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
00411{"flow_id":49,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":236955,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAAJAAEAGDs\/AqAFny82eIqtLAbsShiV\/Tv6yylARAOWcGgAA"}
00426{"flow_id":44,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":237043,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0VUpAAEAGv\/rAqAFny82XotNiAbsbK4cf8lL5uoARAOVfYAAAAQEICgAyCCdF8j82"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1492167695237,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1492167695237,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":237173,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8M9xAAEAG4WDAqAFny82XotNlAbtEgzv7AAAAAKACchBSeAAAAgQFtAQCCAoAMggnAAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1492167695488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1492167695488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1046,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":488485,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8xuRAAEAGTljAqAFny82XotNmAbsIrs6CAAAAAKACchD7hQAAAgQFtAQCCAoAMghmAAAAAAEDAwc="}
00418{"flow_id":49,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1047,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":535847,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAo4W1AADEGO8PLzZ4iwKgBZwG7q0tO\/rLKEoYlgFAQAHOcjAAAAAAICnRO"}
00410{"flow_id":49,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1048,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":538677,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJKcD6iO8IQvSpdgCABFoAAo4W5AADEGO8LLzZ4iwKgBZwG7q0tO\/rLKEoYlgFARAHOciwAA"}
@@ -680,15 +680,15 @@
00439{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1051,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":562421,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAACwGKJ3LzZeiwKgBZwG702WgJJlmRIM7\/KASN8ga\/wAAAgQFoAQCCApF0vJmADIIJwEDAwc="}
00425{"flow_id":55,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":562496,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M91AAEAG4WfAqAFny82XotNlAbtEgzv8oCSZZ4AQAOWASQAAAQEICgAyCHhF0vJm"}
00750{"flow_id":55,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":562959,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiM95AAEAG4HjAqAFny82XotNlAbtEgzv8oCSZZ4AYAOVrOQAAAQEICgAyCHhF0vJmFgMBAOkBAADlAwO2WFDDl4dFyeBPNOhybUjd72FmGP\/nu4brBDO9flonhCBYxgzAaMyfJOk08sA4g8dg3UnK03IZIzAXShNAci3a7gAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABjKygABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1053,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_first_seen":1492167695237,"flow_last_seen":1492167695562,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00437{"flow_id":56,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":854360,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702aaLHzgCK7Og6ASN8jmSwAAAgQFoAQCCApF0vKlADIIZgEDAwc="}
00426{"flow_id":56,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1055,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":854441,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuVAAEAGTl\/AqAFny82XotNmAbsIrs6Dmix84YAQAOVLjAAAAQEICgAyCMFF0vKl"}
00426{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1056,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":890423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0a99AACwGvMXLzZeiwKgBZwG702WgJJlnRIM86oAQAHh\/dgAAAQEICkXS8rgAMgh4"}
02347{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":891120,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIa+BAACwGtzDLzZeiwKgBZwG702WgJJlnRIM86oAQAHjJKwAAAQEICkXS8rgAMgh4FgMDAF0CAABZAwO6Hvtdy1\/xZryZSrWnJv06Ixk4sze\/ipN5ogdELbGC3iBB4xlOjKoTkDpNNo30AWaSGj1BD\/4+Gt6DSefvkE2ybsAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1057,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":6,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1058,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":891176,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M99AAEAG4WXAqAFny82XotNlAbtEgzzqoCSe+4AQAPt5DQAAAQEICgAyCMpF0vK4"}
02348{"flow_id":55,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":891511,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIa+FAACwGty\/LzZeiwKgBZwG702WgJJ77RIM86oAQAHgdSAAAAQEICkXS8rgAMgh4i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQTMALnjv1CI6dBqvm930IlFUe3V\/C8wCW3NB6ws6lDWgHVgrshZhXCAMYPCMyJtdsp2YHi0bz5SBcOeD1cncQgGBgEBAENJNkXx"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1059,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":8,"flow_first_seen":1492167695237,"flow_last_seen":1492167695891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":55,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":891546,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M+BAAEAG4WTAqAFny82XotNlAbtEgzzqoCSkj4AQARFzYwAAAQEICgAyCMpF0vK4"}
00780{"flow_id":55,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":895453,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4a+JAACwGu77LzZeiwKgBZwG702WgJKSPRIM86oAYAHhcPQAAAQEICkXS8rgAMgh4feQ6Vcn0UE6BcmemkY6Ordo0430PoDtYVX9m6GwDXwkGzaCOO2Gzbe4AwIrm62nAnuTE0S0voJRb7aKqAgjP3p20svZQfNzYyqAci9GDPKgj6zdQkU51O8\/dfE410rNl7B2DD6nwoBi9mJo0U2mlSGP4kHtBEoFl3dnNfLcipodIHbabyhDLbGkhT6vE3WjRsC38RgUnNMeSNBOR5BO6f5ONA9GXgx3RvvLzkVjT+V6c5IkzPwEFJtFgrffgtkUHmH7X2clDFKlVH0201b\/mjk2ldCjJRZ4mmIdDtsDPLQTJf\/aTjZzq7n3WznPbQKGOe0TnPxbVHWxTFJwWAwMABA4AAAA="}
00426{"flow_id":55,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167695,"pkt_ts_usec":895490,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0M+FAAEAG4WPAqAFny82XotNlAbtEgzzqoCSlk4AQAShyRwAAAQEICgAyCMtF0vK4"}
@@ -697,24 +697,24 @@
02019{"flow_id":55,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1065,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167696,"pkt_ts_usec":222771,"pkt_caplen":1234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1234,"pkt_l4_len":1200,"pkt":"8IQvSpdgeJKcD6iOCABFAATEM+NAAEAG3NHAqAFny82XotNlAbtEgz1ooCSlxoAYASjgUgAAAQEICgAyCR1F0vMLFwMDBIsAAAAAAAAAAd4YiuA6crhZEh9MHzL226\/uM4VKhthOyB3b35BkJStiV0vrwfgwOH2DF8uDE1W3vjnO8+sv+13JDkzXGfCsoRqE4+7jbAcSkl7soie42gPgtn1HRNFpueSKfCc0QLgo2CXeITV3LyUyp7YNiZhviF3UM1z66gWzS9KvElQ409EAxHiVua\/KZA8zrPUKpcLPvo\/EsSAzOaaKuIoNhGnPDNKZ1aoyOZ7Py5RP6e1kEIVU0zGW\/rKsKRPJEESL5737sZYfUqLJEsSQdm\/c1xkLZCVRgTnug43R64U3cpo4qlCz8Qyr+G4d1aP8fe\/CZGgIFm+9LqCLd1fauc3UJbHMRFcXgOk3zjEv9AVAn3rg1MntS+wy80PA\/vD6Z8r0ky3MElH1nVYUMPoHHKkAyNKcGDCXNQUW8jn6faYa0p1Br1krM+aaL4rSJ7W5RVOKFhS4XYwjaTVuzMf1jPujRDwEx9hIyqSiyxzpoEEEapvP2IPqnKqmEvIsbhsYI929bP\/mbFc81dkMJ\/EsH2+mZUb116COm0V0znIYPYr9bJ3ML4pIUurDs3FNGBw2u7L5jYxhrcqLQAATjWHNFJPY5IdOsDdCdVebEb6GB3BmBK7zp\/uqEeNv3Xx+ku9Qb\/WpyVsYAhMv4CDiJlZ02tptP+3E8CVZPOpkWrmh7LN\/bTL5RegkGt5XHQVzOstwCwgGFN0PAr4iFYb\/7GiXspbD8zQ6erLVU\/DchF7QnDZga1WCEMU28zn1HoyFeQxfBNJQ9GcJk\/oc\/q3sDo7Ho1mRFOXqZRzASPJF3RVYSn7cLEp1Hg9VdgJbBPIeU7G6CWa2xUTEV8oDnyUuUskL37nb4jcHUS9J2W5ncKhGLJ34BTeH3KXJ1Ne19trufVL+XBQAWwvTEktEF\/OUV33b1rv1FrGttH8YUZerR7TkvDHTnwWzxKvi6s\/UgXuPYWA4ghhsRwPay+WVssmWglpa4mC7dkldqdVuWXw7F0WE2wRyNdVdZhTfTBMOW6CjeBIGI1k1NQYRZKYUzrsFFBjqAAC7js4clBsz0qOociEExNQ8OlcNObgoX59bCsasMSowWoBXTPtZi7n6WOyF6tNF9wWLJe3nB9UJX6KsLttq7TgUSkxcOGEEnoNzHb3I1Uhzdwnjtpg1aTCbiREcfY\/Ry36qVYIC8seoVwUlflPH5IKmhutuqaFj85\/GRruZFZ+4WjX1gNi+HPrspys757qyol4e5GRM5kNZ8rF4pppGxtlKYwx\/CB1TgNDStDPKBj6iBhXZJD42vO4e\/h\/QUIFFo2RFRQZfv67ix4fJMWhQdQNCXSolQNWx47IAWiYKyOSHUwNTgQIUaDFkmVGXOElFE9xQmcvqTGqMmUKs\/Ht4C3WEQ14MTv\/c48C1v8BOtf9bTBeDHJSP9ir\/Cfo6MVjQTgKtFhs\/ajHutVnNaFC4NOphiE6Wr3n08LWew9+HFiohXV+BTqJIPlwFmKGSR+BwAG5MeX+Tr3MLR1rGGcsyTBVoiPlLhqRyQ+YLNF4lntqH3g9Lp6sD7FnNrg=="}
01074{"flow_id":55,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167696,"pkt_ts_usec":225954,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"pkt":"8IQvSpdgeJKcD6iOCABFAAIMM+RAAEAG34jAqAFny82XotNlAbtEg0H4oCSlxoAYASibSwAAAQEICgAyCR5F0vMLFwMDAdMAAAAAAAAAArkrV1zvitrGB2a5vw5h\/Hh+6TUs5RVQeU\/lAG7a2Wg7ivQTK0IHIg+J6PYWMbVhDsZ4xTGj\/eMsgHf2kpk8kkpsjG7D4G1UeznkANmSdGAdnEYUkS4kabsCiM6Rn9TtFDcDgDINT8agOdLN3ZNaNxk2kiZehiZGeMt8r1wA4NBhc2FOoJcrQM4VcBxTZxFhll6\/ualLRPFfSeBGhMhEc6pmUxBbmEv2sn61jIeVfE0B7siQCPnobB\/a1N0tPZWhc1NXjzzbhndL704pAA0k+NgIIxtLv592YQvcQC5IxR5Tih7LDulgYfvOWRL\/HGiIB+etm+NQxFEPpMfNzFtcv8u2Y\/HX5rI6lyYIo6WYp5W9z8+FPDsD8T5b\/H8LL0Zgi5FTWHleM9BWDJDawaQisaJXZMGXE\/UYkIXBi6G\/v22J5OAxIhLJoDId9i8YF8osxyGK6SHyWVjwYrwwv95uvJcVT\/1kIbYms8nJp7FrD0aegg3\/QXFhqiAnypstQgF0FY6FWA1sDuWA+4xFEinfVchp\/3GZU8myHYOrRNz8yB9md2NWiBHJfya94KGyzU6OrexCFmcpBEuH4pug3YCbLQA6kEXQ9xzfbCm7Lw=="}
00751{"flow_id":56,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167696,"pkt_ts_usec":636507,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEixuZAAEAGTXDAqAFny82XotNmAbsIrs6Dmix84YAYAOUVZQAAAQEICgAyCYVF0vKlFgMBAOkBAADlAwMlUfNTDYjhvRdeF23CS9txxbOTIA6V\/rqxhzXUPkoC0SBB4xlOjKoTkDpNNo30AWaSGj1BD\/4+Gt6DSefvkE2ybgAgKirMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIWloAHQAXABhaWgABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1070,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_first_seen":1492167695488,"flow_last_seen":1492167696636,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00423{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1075,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":2676,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0jyRAAC0GmIDLzZeiwKgBZwG702aaLHzhCK7PcYAQAHhJJwAAAQEICkXS88UAMgmF"}
02343{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":5590,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIjyVAAC0GkuvLzZeiwKgBZwG702aaLHzhCK7PcYAQAHi76gAAAQEICkXS88UAMgmFFgMDAF0CAABZAwPwWVmlXoWMDzfeHC3LUIazLTAckz4lU+GUmYVSYaKh6iAVSEeMY2IvjCMgDjKK8SiyT+W1aOjnLn\/Q4fRxYvFJEsAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1077,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":6,"flow_first_seen":1492167695488,"flow_last_seen":1492167697005,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00423{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1078,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":5638,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xudAAEAGTl3AqAFny82XotNmAbsIrs9xmiyCdYAQAPtCtAAAAQEICgAyCeFF0vPF"}
02346{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":6161,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIjyZAAC0GkurLzZeiwKgBZwG702aaLIJ1CK7PcYAQAHiMGwAAAQEICkXS88UAMgmFi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQwesuQP\/R5JUXKknaWveOWxsm4rrj+cJNNS5JRVNd0UdVSwSWTMdhCeKFK875+pX7PD7VQQRRx\/iPjIChftbhrBgEBAB+tPhP6"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1079,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":8,"flow_first_seen":1492167695488,"flow_last_seen":1492167697006,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00423{"flow_id":56,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1080,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":6203,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xuhAAEAGTlzAqAFny82XotNmAbsIrs9xmiyICYAQARE9CgAAAQEICgAyCeFF0vPF"}
00781{"flow_id":56,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1081,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":7058,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4jydAAC0Gl3nLzZeiwKgBZwG702aaLIgJCK7PcYAYAHhBRAAAAQEICkXS88UAMgmFoaiGCpS8oOjYacuydkQHgtPbP3DyrCSx4AGIoU3SQ6w6IlQLXR0jRvKahfxAvfRWK4NS0Ud2bL\/NEmEXTmcgYJtVpdEEZ51CAdmCnjdG5uJ1io+QU7gh0ieRKl0oDcMLrFtpE76p373nVzBc+KAsPd0s1oTigooRcerywIagM\/X4e2qLIZotZ7PkDFvtdRlU5qU+VC\/opMNw23\/weduPQHLssSRe9AcC5CbkN7\/nJMVWUhmp5xJ9EwyLnKx0P1muAOMxhsWDKq3MatVtiLYKjr3EcpIUBHqpmvyfA5M\/azGCndkdBUn+QYSjYkP7wL71mSayS2cuuL7yVrEWAwMABA4AAAA="}
00424{"flow_id":56,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1082,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":7106,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xulAAEAGTlvAqAFny82XotNmAbsIrs9xmiyJDYAQASg77wAAAQEICgAyCeFF0vPF"}
00598{"flow_id":56,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":9689,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyxupAAEAGTdzAqAFny82XotNmAbsIrs9xmiyJDYAYASiq3gAAAQEICgAyCeJF0vPFFgMDAEYQAABCQQS8+ivPYczW5+rJfLWUbP9rYqvXhfuC\/MWdEmcduZ5+9OMejhS0CyUEgMZsROleG8h7Nz3jzyX4sLzYdOP9rh\/7FAMDAAEBFgMDACgAAAAAAAAAAKPW9XXS+swNXytRtShV\/jCFnWvlpb2CiYLduqAyR2n3"}
00499{"flow_id":56,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1087,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":374064,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnjyhAAC0GmEnLzZeiwKgBZwG702aaLIkNCK7P74AYAHhaPQAAAQEICkXS9CEAMgniFAMDAAEBFgMDAChGxQBTa4I\/dQQi68l11IGtmusE372V+0\/B329iOZuMQCrZ\/RynVkvv"}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":384234,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00477{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1088,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00427{"flow_id":56,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1089,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167697,"pkt_ts_usec":412244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0xutAAEAGTlnAqAFny82XotNmAbsIrs\/vmiyJQIAQASg6fAAAAQEICgAyCkdF0vQh"}
-00438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1090,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1090,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1090,"source":"wechat.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1492167697384,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1090,"source":"wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1492167690433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":45,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167710,"pkt_ts_usec":328644,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEudxAAAERHMLAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00479{"flow_id":46,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167710,"pkt_ts_usec":328692,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":45,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1106,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167710,"pkt_ts_usec":328956,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEud1AAAERHMHAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
@@ -726,22 +726,22 @@
00450{"flow_id":45,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1112,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167713,"pkt_ts_usec":329924,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABEumdAAAERHDfAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00480{"flow_id":46,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167713,"pkt_ts_usec":329983,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00426{"flow_id":56,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1120,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167717,"pkt_ts_usec":375812,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0jylAAC0GmHvLzZeiwKgBZwG702aaLIlACK7P74ARAHgnogAAAQEICkXTB6oAMgpH"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1492167720101,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1492167720101,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1127,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":101930,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8R8JAAEAGzXrAqAFny82XotNnAbsR+WetAAAAAKACchBBBgAAAgQFtAQCCAoAMiBvAAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1492167720353,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1492167720353,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":353253,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8TqBAAEAGxpzAqAFny82XotNoAbuP9m4OAAAAAKACchC8ZwAAAgQFtAQCCAoAMiCuAAAAAAEDAwc="}
00437{"flow_id":58,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1131,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":458117,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702cUBmdaEflnrqASN8gU+wAAAgQFoAQCCApFrqVHADIgbwEDAwc="}
00425{"flow_id":58,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1132,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":458175,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8NAAEAGzYHAqAFny82XotNnAbsR+WeuFAZnW4AQAOV6PQAAAQEICgAyIMhFrqVH"}
00752{"flow_id":58,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":458584,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiR8RAAEAGzJLAqAFny82XotNnAbsR+WeuFAZnW4AYAOXtRgAAAQEICgAyIMhFrqVHFgMBAOkBAADlAwO4FYiIFcG2NJgznPgifBfdh+y\/SP3z7w7BFwt\/H9iuDCAVSEeMY2IvjCMgDjKK8SiyT+W1aOjnLn\/Q4fRxYvFJEgAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8iooAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIGhoAHQAXABiamgABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1133,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_first_seen":1492167720101,"flow_last_seen":1492167720458,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00438{"flow_id":59,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1135,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":700672,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iscAAAAgQFoAQCCApF0wrqADIgrgEDAwc="}
00425{"flow_id":59,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":700737,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqFAAEAGxqPAqAFny82XotNoAbuP9m4Pb2aKH4AQAOURtQAAAQEICgAyIQVF0wrq"}
00425{"flow_id":58,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":811434,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0wsRAAC0GZODLzZeiwKgBZwG702cUBmdbEflonIAQAHh5ZAAAAQEICkWupZ8AMiDI"}
02346{"flow_id":58,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":812106,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIwsVAAC0GX0vLzZeiwKgBZwG702cUBmdbEflonIAQAHjRMAAAAQEICkWupaAAMiDIFgMDAF0CAABZAwPzDOTXC6KtCwmAH31DtzK9aym9BCB5iswExo8YrNMyqCBgvGDUb62G4Do9NReMfS8YxaGk\/NAEyDLFergV\/vcvscAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":6,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00426{"flow_id":58,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1139,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":812140,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8VAAEAGzX\/AqAFny82XotNnAbsR+WicFAZs74AQAPty9AAAAQEICgAyISBFrqWg"}
02347{"flow_id":58,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":812783,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIwsZAAC0GX0rLzZeiwKgBZwG702cUBmzvEflonIAQAHiUmAAAAQEICkWupaAAMiDIi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQkTF+sAw\/uxWrVpMX6NHO5xk6RN7KKbfl+6q8GwdCCYJ7vQtUdziuDO8rZMmVw2WVREYHbirJRTh13oX98fb4SBgEBAEtPLmCv"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1140,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":8,"flow_first_seen":1492167720101,"flow_last_seen":1492167720812,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":58,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1141,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":812808,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8ZAAEAGzX7AqAFny82XotNnAbsR+WicFAZyg4AQARFtSQAAAQEICgAyISFFrqWg"}
00779{"flow_id":58,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":813116,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4wsdAAC0GY9nLzZeiwKgBZwG702cUBnKDEflonIAYAHiyYQAAAQEICkWupaAAMiDIXbQxaJ2fFnFfbCcl3eWZA4KQcgYqei0zO7LNcQCdFQyLb01pe0mx1YK\/OdasYs2XXJ6FWYhWMzVI4hoUfrese2MaWRGjf0auoZW9P1BkH8gvLIQ7wG0+NaEJiXPpbQm8PF9CV52kt9qDZ3ZzwwkqqIdndfc86RSeO9gYopVBeEpUmxKXfYXBHQcJZejVDsQhyQhPUlehGUJfqUlmEnnt9CChBsB6XTIMbTmf\/+aSo686TrrM6SnHTTuGo2lCeoJwHuf2uuAhIPpSTwgonOuqQg76fZkP6iQuUsERZbLFTyX60WdV2sl7tzCfCxqE1hLc+6Yfy3GGkZSc2ioWAwMABA4AAAA="}
00426{"flow_id":58,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167720,"pkt_ts_usec":813142,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8dAAEAGzX3AqAFny82XotNnAbsR+WicFAZzh4AQAShsLgAAAQEICgAyISFFrqWg"}
@@ -750,23 +750,23 @@
02113{"flow_id":58,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1146,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167721,"pkt_ts_usec":180006,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"8IQvSpdgeJKcD6iOCABFAAUMR8lAAEAGyKPAqAFny82XotNnAbsR+WkaFAZzuoAYASiXPQAAAQEICgAyIXxFrqX7FwMDBNMAAAAAAAAAAcddmFtL9s8aHhZ1QRj6q+EieTKnw\/oKGvdRzTouO+r2faahjix5EtI4tgzmV50yCJRXSKM\/lvhwFP1BLB38bpucmiJZvl3P66tr3r5XRfwvfX2umLXhuw4L6MEh1bMT2UKn6zSaO5f4Sd13xvbwyyp0luvNUKLScYKfsZ9JkElHc8Bo7lnmYgaTzh8DZBNwV6F4SBRNlZF8AmJneJAvi0Hip40BhgY\/MUGsVRyubnFFZVs49Hm4hrsZc69+mCCOKRwHoHHvdeqf3a32azqjyAhMELNokr9EgAoAcEtQS9mieHRF1Qax75dJbjS07hLnlygZU\/gNvLbKbd66mvczq4WzL+sHKaUhD2ui\/HZKNXua9CGa3eYvfXDHKPgYKp3FhfEz5HIp6aV8tADNM78QWeijawyvDy72jRVOUwc\/AbjoRvgc7PLCShdNm4C4M4FRTC6gpGMoTQQ4Hn5nV4mXnoO41SGPwZM7heqN\/RygoJSwO\/ejVr5IfwDfOXUbIVClDxKL5wDpRGYn17BlOJ9yX6Wiwi+jK9Hn47Oz8VqZ4gMtazqFbKwjaMeTM1jKQ6ecEyIXMqjdS+2oTqywN8JKWrZEAaJhIVeKEUhj7vrhcxt4ifseFKMgd9DsYo5eN8jp+r04c1vlVOGX41Eox4ZRn0\/LtdbBkflponxlb1NRWHudRb7iPJ50Yq6X5Brd64dYwcNkDcj2P1vkft57SDQXg4YJsptxvn1DwCHwTzBv41TDs0eT3mghv2PLceiam4QrsE+eVZyBDep8U496q2aRyANnXAB07e25CorTXMPecOQjaCPDfTyyuRGM4ABQpyXWLAtl01QUg+2v8iximZZ13Q4+vVzlnSKAjsSLhGmRLWcLQgt7mXaroGtKuRqvcfemQQneJ\/PQXOtxVDSOZq3t+ncFUFwVv8cKt6E482cN9c9lO6L7W2wfOBsqjLqIhTeLeU+ICSSwQNo\/+xgDnUedBRYqbieKjzKD7PZX5WMDpWdf7SIgDa\/1B7APKi1NHqkxjEOrMsOVk\/6uvK02pwswzrfe9HuI620qNjhDKSNOp79kIiDDYggzBaaADhQF1\/5On4STrraXeRqd5\/f29nO2o4bnUSzPPDZojB+27WpzKwH6DVBccSoxm5gvGZHmaCWB+XrLsgMuX6gHwxc3BnnOwGKrnBTNkLcW\/BECVb2tc4y+T8qKPHof5NsY7KbQ1vQaga7U\/3sZUsR7XMlUA9QzxgY0LMH4I8O3LIz9ZgcmY9byYqICy+BkrvvONj3CVVilHOzV0NMvMvatT1U165+x1X4PD2EMnVbStQRl0oIP4Jrl8cCxm+Ay7hnq3syGPMmw99Cpr\/UhJ8dcC8GD1\/L62OghUxlT\/pWZgvRJ5U7zB6CVXF2\/0SAJEA0X9ZMOPlsZQkUq1ybPOMHAeUyViUZI13fMta2IYTK3cpVFqr9uT+GRRE+hHOMjnABdhndlTcemQJRow7T5YKl3kChfD+t\/YMx15asUrPvn17UimieqR3l\/xzmkhIceaVByZ\/8cH4b8UZiGilGZjU3BRBZsh5mSnEkSDtwkrtg6UmdndENLsop4\/x1cZntmyI1Qs3SHolCZK2ZUZi8sy2G68rThIDuD8BiLmS7XoV0VrUoDwg=="}
01075{"flow_id":58,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1147,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167721,"pkt_ts_usec":185603,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"pkt":"8IQvSpdgeJKcD6iOCABFAAIPR8pAAEAGy5\/AqAFny82XotNnAbsR+W3yFAZzuoAYASjW8QAAAQEICgAyIX5FrqX7FwMDAdYAAAAAAAAAAmll4Z\/nAI5PtOkc+WmgTBFLWxMTDcMnrIR3FvSDg7qQtfcoUVUZ7eqfkgkX6mJrPSwQTYKMhd0In7w0gRme3wT0RFhsn7udpy\/Owt+2L6HKVLW3qHVilPAQxOuPMpKUiZSjhZmOUoZ3rp6UDZp7nUN7EzZJiWko1D91A443wUOzwadSAOJ4eZmCSzH9OkY+oX5ZY2haLm6X\/\/2mluiyHJTvC+hXrFP2A\/t0Z1S+RfU1QMpajaJwNIiiylBU9czWpoa4\/YoZ3Kn+yLlZR+9thY2kk05ZEwFctYiKsyUROThi41BXlOyBExCuuBNqBja2FuI6K7riDQ93kclHglPLfthZrYjFDWZTlu+qx8BikkByw\/UKKsvj6HYnYOrygQWOBCEqXdcTxU7z43wKd4dweM3S397DssjUxyuwBEVVkf2QouvTKQiQxhxXL\/7DOShwNsiQX3SGy0fBlrUZRKNxc\/OtnJObu9LAMUlPLHiOySyDHmztEPoXcbwz+2qGk1Z3twNHzs9sYyhrP2IhW1JS4iyDBlTVudFXwkkU+tei8bPskG+7FEf+uMq1Ol2XyFPoS9bkrbQJKdB4WSr0fJrrWuOpUnyIEXlMpLKwK3HAvg=="}
00752{"flow_id":59,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":10515,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiTqJAAEAGxbTAqAFny82XotNoAbuP9m4Pb2aKH4AYAOXLQgAAAQEICgAyIkxF0wrqFgMBAOkBAADlAwPB\/pJ6BvhHBq\/4TId1UjdeYYD0wwj82jOL+qyjL+5dzCBgvGDUb62G4Do9NReMfS8YxaGk\/NAEyDLFergV\/vcvsQAgysrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8mpoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAI+voAHQAXABh6egABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1159,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_first_seen":1492167720353,"flow_last_seen":1492167722010,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00437{"flow_id":59,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1163,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":70985,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC0GJ53LzZeiwKgBZwG702hvZooej\/ZuD6ASN8iqwgAAAgQFoAQCCApF0wxBADIhBQEDAwc="}
00424{"flow_id":59,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1164,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":71030,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqNAAEAGxqHAqAFny82XotNoAbuP9m79b2aKH4AQAOUPcQAAAQEICgAyIltF0wrq"}
00428{"flow_id":59,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1165,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":363463,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0hpVAAC0GoQ\/LzZeiwKgBZwG702hvZoofj\/Zu\/YAQAHgOTQAAAQEICkXTDIoAMiJM"}
02348{"flow_id":59,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":364483,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIhpZAAC0Gm3rLzZeiwKgBZwG702hvZoofj\/Zu\/YAQAHiTcAAAAQEICkXTDIoAMiJMFgMDAF0CAABZAwMLb\/bjahqipXDIAq7z\/zsCBoMKS82TWpulAU+Vb+o17yCLvNA70NWnnOkivxA3NtxTObgLtgPDGlVnUKXVA0Y5mcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1166,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":8,"flow_first_seen":1492167720353,"flow_last_seen":1492167722364,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":59,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1167,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":364537,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqRAAEAGxqDAqAFny82XotNoAbuP9m79b2aPs4AQAPsH3QAAAQEICgAyIqVF0wyK"}
02705{"flow_id":59,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":365024,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMhpdAAC0GmnXLzZeiwKgBZwG702hvZo+zj\/Zu\/YAYAHgsPgAAAQEICkXTDIoAMiJMi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRtFBJY2kTMiaaZFBuHN1c\/TNaqoxPpEk+Ku1B1KEIVp9iiNYDhXExDe\/OLl+n7vutXvft2uLIvAiGvAgswYqAWBgEBADySyo4fGlLduZomBkniwg2borttFJi0Oi8px0PnsWBARwmabT+FwpxGJ0A+ZahbBQMood1nI\/TB8n2CdmrmnL1Bk5F0S96\/wFegDfXCO8EsRKN4ZgeMWZfYsmVTCGxUHcNIhokgWfF675hNEqEB6Eqgl2XcR5+G564QhbW4oXb2QKjvGyinK1o4uXi+ED\/8gdfzUnO+YVe\/Mx0VLJ8Uvda3+x89Lbatfrmy1IoZVmz\/pSi1PF86Y1Xk19VU7egMTrW1k2mM1+E14GZuenX5NuFicscWj5HXhMlWuYpslHC5T\/B3H0EU6qKFDZ4rWzkEC9XEEh6++1mL6ne6wdgz+h4WAwMABA4AAAA="}
-01314{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_tot_l4_data_len":3698,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01325{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":10,"flow_first_seen":1492167720353,"flow_last_seen":1492167722365,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00427{"flow_id":59,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1169,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":365067,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqVAAEAGxp\/AqAFny82XotNoAbuP9m79b2aWS4AQARUBKwAAAQEICgAyIqVF0wyK"}
00599{"flow_id":59,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1170,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":367752,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyTqZAAEAGxiDAqAFny82XotNoAbuP9m79b2aWS4AYARX9lQAAAQEICgAyIqVF0wyKFgMDAEYQAABCQQSh+pnFGxxwzvrDsA0C+\/OV0hT8QxymxVSdVOzIK8Ts7xEtLYwEBepfGTQ4O02ZU78gXkUfB2wRx9JbEX7l0swBFAMDAAEBFgMDACgAAAAAAAAAAG4Yn7256L3yejklVAHqL0q7mw3v5ZM4LG\/C12DTIoZs"}
00498{"flow_id":59,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1175,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":717710,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnhplAAC0GoNjLzZeiwKgBZwG702hvZpZLj\/Zve4AYAHhVfQAAAQEICkXTDOIAMiKlFAMDAAEBFgMDACg7VmUMZZIKzA5NcQ\/AxiIDUBx1HTnigQytG0dHQHqNZy6HR+dvlZb5"}
00427{"flow_id":59,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1176,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167722,"pkt_ts_usec":756211,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0TqdAAEAGxp3AqAFny82XotNoAbuP9m97b2aWfoAQARX\/vwAAAQEICgAyIwdF0wzi"}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617598,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54109,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1196,"source":"wechat.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_first_seen":1492167617247,"flow_last_seen":1492167617562,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":59,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167742,"pkt_ts_usec":718478,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0hppAAC0GoQrLzZeiwKgBZwG702hvZpZ+j\/Zve4ARAHjs0wAAAQEICkXTIGoAMiMH"}
00451{"flow_id":45,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167746,"pkt_ts_usec":273974,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABE189AAAER\/s7AqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00480{"flow_id":46,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167746,"pkt_ts_usec":274024,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
@@ -776,27 +776,27 @@
00480{"flow_id":46,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1205,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167747,"pkt_ts_usec":275174,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00426{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1216,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167757,"pkt_ts_usec":556271,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePpAAEAGFxXAqAFnQOmnvIyxFGy60MyoSq1b+oAQAO1AWQAAAQEICgAyRQOFovCr"}
00426{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167757,"pkt_ts_usec":610750,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA05AsAACsGAGRA6ae8wKgBZxRsjLFKrVv6utDMqYAQAWUjtgAAAQEICoWjoLcAL7Ej"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1492167765155,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1492167765155,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":155968,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8EUFAAEARpLrAqAFnwKgB\/uvEADUAKLhvU\/MBAAABAAAAAAAAA3dlYgZ3ZWNoYXQDY29tAAABAAE="}
-00633{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1492167765155,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00645{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1218,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1492167765155,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00867{"flow_id":60,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":432548,"pkt_caplen":391,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":391,"pkt_l4_len":357,"pkt":"eJKcD6iO8IQvSpdgCABFoAF5AABAAEARtB7AqAH+wKgBZwA168QBZQj\/U\/OBgAABAAMABAALA3dlYgZ3ZWNoYXQDY29tAAABAAHADAAFAAEAAAJYAAcEd2ViMcAQwCwAAQABAAACWAAEy82Tq8AsAAEAAQAAAlgABMvNl6LALAACAAEAAU8CAA0HbnMtdGVsMQJxccAXwCwAAgABAAFPAgAKB25zLWNuYzHAZ8AsAAIAAQABTwIACQZucy1vczHAZ8AsAAIAAQABTwIACgducy1jbW4xwGfAjgABAAEAAAFuAAS4ac55wI4AAQABAAABbgAEy82TmMCOAAEAAQAAAW4ABMvNsDrAjgABAAEAAAFuAARnBx7vwKMAAQABAAANPgAEtv5vZMCjAAEAAQAADT4ABLfoeDvAowABAAEAAA0+AAS2\/hBmwHgAAQABAAABmAAEb6Frw8B4AAEAAQAAAZgABG+haBHAXwABAAEAAAFuAAS2jLiMwF8AAQABAAABbgAEtwK6mQ=="}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_tot_l4_data_len":397,"flow_min_l4_data_len":40,"flow_max_l4_data_len":357,"flow_avg_l4_data_len":198,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1492167765433,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1219,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"web.wechat.com","num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"203.205.147.171"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1492167765433,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":433146,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA88RZAAEAGKB3AqAFny82Tq+K0AbvYTb2iAAAAAKACchDtIAAAAgQFtAQCCAoAMky0AAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1492167765657,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1492167765657,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":657286,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8ZwNAAEAGsjDAqAFny82Tq+K1Abs3CyvvAAAAAKACchAf3gAAAgQFtAQCCAoAMkzsAAAAAAEDAwc="}
00437{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":701156,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rSlk19z2E29o6ASN8g4AQAAAgQFoAQCCApF8qRxADJMtAEDAwc="}
00425{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":701236,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RdAAEAGKCTAqAFny82Tq+K0AbvYTb2jpZNfdIAQAOWdWQAAAQEICgAyTPdF8qRx"}
00750{"flow_id":61,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":701869,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEi8RhAAEAGJzXAqAFny82Tq+K0AbvYTb2jpZNfdIAYAOUfdwAAAQEICgAyTPdF8qRxFgMBAOkBAADlAwN2f14Oc5hAS77GsYiJJWuQsbu0wB7\/AFxtEPxKO0DQmSCLvNA70NWnnOkivxA3NtxTObgLtgPDGlVnUKXVA0Y5mQAgenrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIenoAHQAXABgKCgABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1224,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_first_seen":1492167765433,"flow_last_seen":1492167765701,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00437{"flow_id":62,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":933685,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h9cwAAAgQFoAQCCApFrtG3ADJM7AEDAwc="}
00425{"flow_id":62,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1226,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":933797,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwRAAEAGsjfAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXiyQAAAQEICgAyTTFFrtG3"}
00425{"flow_id":61,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1227,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":972098,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0+8BAAC8GLdvLzZOrwKgBZwG74rSlk1902E2+kYAQAHiclQAAAQEICkXypLQAMkz3"}
02346{"flow_id":61,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":976298,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI+8FAAC8GKEbLzZOrwKgBZwG74rSlk1902E2+kYAQAHibjQAAAQEICkXypLYAMkz3FgMDAF0CAABZAwOdxUs6xI9qr\/nfcp+Skd122UOXK9okRp5CiHhQWbutICBDtbBAnWnGygM6P1AG0j+Q0vm5\/VvsmvPTT+HjfnB2iMAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1228,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":6,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":61,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":976336,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RlAAEAGKCLAqAFny82Tq+K0AbvYTb6RpZNlCIAQAPuWNwAAAQEICgAyTTxF8qS2"}
02350{"flow_id":61,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":976846,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI+8JAAC8GKEXLzZOrwKgBZwG74rSlk2UI2E2+kYAQAHjMCAAAAQEICkXypLYAMkz3i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQOPn8DbeEidIQj32f9HhBMwbyWUdcDE+\/3Vi5ux\/\/7BA5A6A6MIrjGmV8u5FKtYYwAhBykuyrmGYrHmGhNKH1NBgEBAH\/yIGov"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1230,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":8,"flow_first_seen":1492167765433,"flow_last_seen":1492167765976,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":61,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":976881,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RpAAEAGKCHAqAFny82Tq+K0AbvYTb6RpZNqnIAQARGQjQAAAQEICgAyTTxF8qS2"}
00783{"flow_id":61,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1232,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":977209,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4+8NAAC8GLNTLzZOrwKgBZwG74rSlk2qc2E2+kYAYAHjbvgAAAQEICkXypLYAMkz3vzSRAATJF5Ub4moHzwyV4aCffI9oBbi9oX6NyyE2mrm1ZVHbh8j6P4dLWkpBXUzFwjR\/MzxCp+3ICjlWJmYTDYpb3Ky+WlXnOxMeiY4zehdJIBH2kmIF+ZiWG+QuRxqRFpUrkavP\/MgD8MYFF+d0oAicK39skPTNThYTL3KePhO2ztkbZt+wRQNy6g3mY+SqpJkfhq+P7RpmlH\/TsEtt6r6jGE\/8Nj59DNjcU8X2RYCQgY9UdxUkK1sLN1YPrrRjDdK8znFnq4KtudJ4qF8IGzNnGJ7b5vhAkWZkfWWQx2\/aTR8DGFtAx87PcruS7\/4l7eDUnr4I+5QdhBwWAwMABA4AAAA="}
00426{"flow_id":61,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1233,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167765,"pkt_ts_usec":977242,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA08RtAAEAGKCDAqAFny82Tq+K0AbvYTb6RpZNroIAQASiPcgAAAQEICgAyTTxF8qS2"}
@@ -806,28 +806,28 @@
01096{"flow_id":61,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167766,"pkt_ts_usec":256128,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"pkt":"8IQvSpdgeJKcD6iOCABFAAIe8R5AAEAGJjPAqAFny82Tq+K0AbvYTcOfpZNr04AYASj4fgAAAQEICgAyTYFF8qT6FwMDAeUAAAAAAAAAArGSK6vg4V6ONkIANrXoEA1w3amtVbYxWsrGNXZufnMHgT3aK4D6qCJ8210x1aPb0HbyqC9c01TxW5rWyFwXYobrMkjPEacdcqbimPaI6BCCfrTlbWku4HfJUoqLcqhgMtJb7g+i9acBTQG2a\/V\/qBDYGiSabuSBeJZeC0h\/tu3F4xKKB61VH66psng67pca\/F601HoUhmZb+XOL6WIWIA5AXCRyH75myXxQoD5W5Xk+ZyfPUU8qS0CWqqlw9di5Hf2R54L+E6Ves+FAo2kDDtSA2UlgzkY0NqbNPzp8bCOOz9p\/srEymVv8IpNVQx9DmwakY\/Paf02pzFvOJPfBVE\/QrIVZ5CBGTlYukyDD8Xpx9YvRn4C3tcrFcximnIGa84eTXNIYnOLxpoCyFfDBNj1xNMMw\/zR44OHc1rel7N0tHOkTSEr4zFshHyoKNWcDGH9Ya\/uCYkQe5ctc3EFo\/hOZ7qI8ARWsjsRaAWG7UdjBU6LQZzzj0g+CK477vfzAeMYVd+VGOFLeYCs+RWIbY8HnyzsQBvQ5wajvJIIpovnoJSJdBjfvtc+LhGcZut83EYoJ1qdKo\/g1eCNMo+NHa9YlfJBIkW4Uq4esnCarOPr1TAjUF56Hxj3ceBC0qw=="}
00437{"flow_id":62,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167767,"pkt_ts_usec":274060,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rU+QocNNwsr8KASN8h73QAAAgQFoAQCCApFrtMIADJNMQEDAwc="}
00425{"flow_id":62,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167767,"pkt_ts_usec":274119,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwVAAEAGsjbAqAFny82Tq+K1Abs3CyvwPkKHDoAQAOXhegAAAQEICgAyToBFrtG3"}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_tot_l4_data_len":8877,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":341,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":26,"flow_first_seen":1492167617248,"flow_last_seen":1492167640200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1251,"source":"wechat.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":9,"flow_first_seen":1492167617498,"flow_last_seen":1492167640214,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":62,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1257,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167776,"pkt_ts_usec":953723,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwZAAEAGsjXAqAFny82Tq+K1Abs3CyvwPkKHDoARAOXYBQAAAQEICgAyV\/RFrtG3"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1492167776953,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1492167776953,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1258,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167776,"pkt_ts_usec":953879,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8k9VAAEAGhV7AqAFny82Tq+K2AbuZa8QhAAAAAKACchAaQgAAAgQFtAQCCAoAMlf0AAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1492167777204,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_first_seen":1492167777204,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":64,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1259,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":204515,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8XvpAAEAGujnAqAFny82Tq+K3Abv08QbJAAAAAKACchB71AAAAgQFtAQCCAoAMlgzAAAAAAEDAwc="}
00437{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1260,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":220516,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rYX2Lh9mWvEIqASN8j8PgAAAgQFoAQCCApF00IlADJX9AEDAwc="}
00425{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1261,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":220585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9ZAAEAGhWXAqAFny82Tq+K2AbuZa8QiF9i4foAQAOVhlwAAAQEICgAyWDdF00Il"}
00425{"flow_id":62,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1262,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":220877,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0VEVAAC8G1VbLzZOrwKgBZwG74rU+QocONwsr8YARAHDNcQAAAQEICkWu3L8AMlf0"}
00426{"flow_id":62,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1263,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":220927,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ZwdAAEAGsjTAqAFny82Tq+K1Abs3CyvxPkKHD4AQAOXMuQAAAQEICgAyWDdFrty\/"}
00750{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":221018,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEik9dAAEAGhHbAqAFny82Tq+K2AbuZa8QiF9i4foAYAOUtNAAAAQEICgAyWDdF00IlFgMBAOkBAADlAwO7CPpUAi5ji1WrIUUoJckLyw+WP0iTwMQC+JpZ0PHlhCBDtbBAnWnGygM6P1AG0j+Q0vm5\/VvsmvPTT+HjfnB2iAAgurrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8+voAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAICgoAHQAXABhaWgABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1264,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1492167776953,"flow_last_seen":1492167777221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00438{"flow_id":64,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1265,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":476493,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j\/yAAAAgQFoAQCCApFrtz+ADJYMwEDAwc="}
00425{"flow_id":64,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1266,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":476579,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvtAAEAGukDAqAFny82Tq+K3Abv08QbKs2vgPoAQAOVlIAAAAQEICgAyWHdFrtz+"}
00425{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":492766,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0+hdAAC8GL4TLzZOrwKgBZwG74rYX2Lh+mWvFEIAQAHhg0gAAAQEICkXTQmkAMlg3"}
02346{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":494071,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXI+hhAAC8GKe\/LzZOrwKgBZwG74rYX2Lh+mWvFEIAQAHhv+gAAAQEICkXTQmkAMlg3FgMDAF0CAABZAwMMdZZFC+a\/dtCPgB6zd6eEL1mqS0ty8xuhCtoWZrw+ICAMsBFok8j6ktN3mDNfYh89ubRYR7QbnhPUZ8eCwdphM8AvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1268,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1269,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":494128,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9hAAEAGhWPAqAFny82Tq+K2AbuZa8UQF9i+EoAQAPtadwAAAQEICgAyWHtF00Jp"}
02702{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":494665,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbM+hlAAC8GKOrLzZOrwKgBZwG74rYX2L4SmWvFEIAYAHgoRwAAAQEICkXTQmkAMlg3i6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQboshvxbTukiMimVQa2YbqP6iCCo5p7IPPYwOxUDOVm+iIWtRrqCuB2B\/s6Aeg0tRNXQX1KdroNbGN\/5qs8Z8bBgEBAFkL\/ex+jsqCBE+xXTsicXe+iS+maDDG5QgxIY9bYMVVBHj8fOVbMJQgoASCmJzIoErqKMPAhy+2syGGRA\/NWeMmSYBYh8Jg3kV2sAQwn8MTC\/J0DROx1oSBL8rfC\/F6Wc\/LtfmHtl3Mim0ah6fL4AqyNpveeiHUPigKWJdeodQFcXYgPwU13ZYq9tVM\/3b7yys5dswaSYlvqIGfG2hsuke2MIrIpvLc45hjLSJusMMnf7h2gbo16ncLTUCtrqUeOqSgQJEa9K14mMn1J0YfCPt1IBVAlhxyeII3LTKHEgjmKweWZVlB5iuFZ3WXRsYPTlYzVjcI+LOwK0zCLoafoy8WAwMABA4AAAA="}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1270,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":8,"flow_first_seen":1492167776953,"flow_last_seen":1492167777494,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":494700,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0k9lAAEAGhWLAqAFny82Tq+K2AbuZa8UQF9jEqoAQARVTxQAAAQEICgAyWHtF00Jp"}
00601{"flow_id":63,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":497640,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyk9pAAEAGhOPAqAFny82Tq+K2AbuZa8UQF9jEqoAYARWqOwAAAQEICgAyWHxF00JpFgMDAEYQAABCQQTKZanQFrSBWAGE7Lsy2NW8K6\/OvO32APvUx0zuyCdPie5U73QgBOPH2dgHei7rc7\/TCiKYRNjFNX\/xQHylg2LQFAMDAAEBFgMDACgAAAAAAAAAAOOqsDRMItC6TsbKzpaz8E0fEnlRnpFbFqVoK\/49cCbL"}
00496{"flow_id":63,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167777,"pkt_ts_usec":766434,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABn+htAAC8GL03LzZOrwKgBZwG74rYX2MSqmWvFjoAYAHihWgAAAQEICkXTQq0AMlh8FAMDAAEBFgMDAChye55KBmqR+mMBsNTBYkeoYWUd1mB13FUml8ygNJsw+gHbUh7R9AGL"}
@@ -837,13 +837,13 @@
02189{"flow_id":63,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167778,"pkt_ts_usec":77569,"pkt_caplen":1371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1371,"pkt_l4_len":1337,"pkt":"eJKcD6iO8IQvSpdgCABFoAVN+h1AAC8GKmXLzZOrwKgBZwG74rYX2MTdmWvMQYAYAJ9ZmAAAAQEICkXTQvsAMli\/FwMDBRRye55KBmqR+7W+mX2WSBoXCfEt7a9yVY9bggIEuNK1OGX2j1eGqkvZKP173fEwPLkiCk74zkonaHPtm6jcrByVapgBL\/JDdAyjVqE61ZNlKqmARHqs5XyLVvoruLA3CAw+koAqAXdpH3mEK7b7PNkgkHBM\/aIYtllLdk6JCdwGvci9sJzmLPoL4dQQW54IHkbMQ0bFGEZfehChEvq8CxgAro+ah0\/AOyuAct0R\/aqbSba\/ueUDgZGeK2eE9u9EQz4G2X8j0csLSF8IsUO5C3tIzhrm+21ny5IMnROaGya1meu2T8h4Pz37gYrj1B2+kcqatxqg\/8BduU4PIMkvmj6df2IGpzkfS5sce4rdtXfsJ015aRVTG9Ll3xQJmF0w\/SUtgAyGfvfn6U37QQTcZHX0J39LdRZUUGfEGPpn3fOiwpBYbZaXnEZQhA1Y2Kv6hSasfHwzBqDMQ1bohAWRtrYjs6fvHeci9hqig2QpRVZnWKGDy6PLmIVzV036Nn5qW7CoQ1P+XVjo1gYqYJdfcS4JoZdZA8wRtxpURWFGk1zKmWqe5AFCInXT0z2Yk6Gvh0Qbk4iXV75doVjM6eMUgdcwo50xo+nkefBpe5yN6cA\/mRmSvBvfYzOLA33IL3HLF1+1A4DGZY65G18NiPwiYORxNHow1SH73qUYafd0lquafYK1ynVnBUFem6wdl6rBGlEOjE6P+49g7XXmN65HJfb9TfPcoalbrKlk4NiinrAr9K4C6Kqv8njs+cMzBNB3wAKQJvZ7ejqlNBJyjHyIRuPuC9haRxxY9GSfHy0Avq6YRQNewKdluDCh7VX\/mKfh1pvy15fuQrdIGf6FKsNSeIzlonXxoBLiqLSnoFbIgSjNxlImSOLGrxAx5POyCnqodztftkM+wDw+EpluSG8Zh3IlcsMDHnv+cIwRwVObjN+NMSBS2c9Z8vMeCEjNCYFYL5JORE1+kRZ8YwhK5navhOkQGT0EdHZ6s58DVin+7XMBaP3SXVx+9mJOu5kHTFTyMDloLNRngT0lhs2pgdNyxq+nVOQazT+BCRR1t7lx1kExKwxtQ88oDxMOCKCs1N2vdcnGetuTfNWglzAi5U\/73qXzdZ\/\/psLxarAQEqJjc7\/WvDTRNutKb2EhKlKvGv+l4pO8gxv5zCZscPBlSsHcBeV0A5M1FEjNWQQHum59ujRLmhcBR+QwuZwNUH+APvr76HhCUi7HTSxsdAzsnyUFNRYsPnISVPGtVJwtGe8esiSPF3dOKgtQzfMNNiqwZrPPYPb2geyiEf2PytKwgc6IKb6fXa7PtHcalcuZzLFT7ZPIkqvhzQx75hPvO5ePV\/CLG4g8Mo9+sLRMTBFhhlUVLGFr2MZMTvCei8HF5hTeBjrpEuNrEpdL9UFCFhByJQ2vxeak2kwbh4apTGy0x95\/DJ7fr5zGvtJIkVPfrsPxsXhYpPl4SmNNwUyQf9i+n7yJJk\/ncOkhwVSt8L48Z95JFTYTxUEe3dDljGYtrXrcjwsF2ZT0JrDyN\/58R46OiugDRlaTF+bPCchtnHK3qeYbNc0gcFSkM29aPxP6M0RCxQ4ACwdtzQBazkGEXIRRBoubjOPvSG7BUgGpRsF0Bzpu7DyfYI2gb1nYCckHwQDey3ugFo0GzQ+tDm9FW4JfWeIKcygjOwUp8+IEJHYscEab709rOM4Wk1CF+uG2G4mrBklh0vuIfSFXRa2L8MgYPJSeS+ek45oq"}
00437{"flow_id":64,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1293,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167778,"pkt_ts_usec":905220,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74reza+A99PEGyqASN8j+HgAAAgQFoAQCCApFrt5kADJYdwEDAwc="}
00426{"flow_id":64,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1294,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167778,"pkt_ts_usec":905291,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XvxAAEAGuj\/AqAFny82Tq+K3Abv08QbKs2vgPoAQAOVjuwAAAQEICgAyWdxFrtz+"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_tot_l4_data_len":41563,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":569,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1492167788126,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":73,"flow_first_seen":1492167639887,"flow_last_seen":1492167667658,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":39199,"flow_avg_l4_payload_len":536,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1492167788126,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":65,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167788,"pkt_ts_usec":126900,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABEPYcAAAER2HrAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00550{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1492167788126,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1492167788128,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1327,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_first_seen":1492167788126,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1492167788128,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00477{"flow_id":66,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167788,"pkt_ts_usec":128365,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00559{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1492167788128,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1328,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_first_seen":1492167788128,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
00449{"flow_id":65,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167789,"pkt_ts_usec":152054,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABEPhsAAAER1+bAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00477{"flow_id":66,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167789,"pkt_ts_usec":153443,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":65,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167789,"pkt_ts_usec":154719,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABEPiIAAAER19\/AqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
@@ -854,33 +854,33 @@
00477{"flow_id":66,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1359,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167790,"pkt_ts_usec":176385,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00449{"flow_id":65,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1360,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167792,"pkt_ts_usec":220612,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABEPrkAAAER10jAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00477{"flow_id":66,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167792,"pkt_ts_usec":221994,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1492167795087,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1492167795087,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":67,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":87741,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AQBeAAD80CeIF3AECABFoAA4QcoAAAER1ELAqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1492167795087,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1492167795088,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1362,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_first_seen":1492167795087,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1492167795088,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":68,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":88948,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcsAAAER1EPAqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1492167795088,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1492167795090,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1363,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_first_seen":1492167795088,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1492167795090,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":69,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":90107,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD80CeIF3AECABFoAA2QcwAAAER1ELAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1492167795090,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1492167795091,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1364,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_first_seen":1492167795090,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1492167795091,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":70,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":91471,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1492167795091,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1492167795092,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1365,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_first_seen":1492167795091,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1492167795092,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":71,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":92845,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1492167795092,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1492167795095,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1366,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_first_seen":1492167795092,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1492167795095,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00458{"flow_id":72,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":95742,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1492167795095,"flow_last_seen":0,"flow_tot_l4_data_len":34,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1367,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_first_seen":1492167795095,"flow_last_seen":0,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","ndpi": {"proto":"LLMNR","breed":"Acceptable","category":"Network"}}
00434{"flow_id":67,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1368,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":96889,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"AQBeAAD80CeIF3AECABFoAA4Qc0AAAER1D\/AqAFk4AAA\/NNsFOsAJPA+T9YAAAABAAAAAAAACmxiamFtd3B0eHoAAAEAAQ=="}
00458{"flow_id":70,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1369,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":98225,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACQRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxQgU6wAk8ypP1gAAAAEAAAAAAAAKbGJqYW13cHR4egAAAQAB"}
00429{"flow_id":69,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1370,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":99442,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc4AAAER1EDAqAFk4AAA\/OA5FOsAIm9WRGIAAAABAAAAAAAACG1jenRtcGtjAAABAAE="}
00433{"flow_id":68,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1371,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":100641,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"AQBeAAD80CeIF3AECABFoAA2Qc8AAAER1D\/AqAFk4AAA\/MKoFOsAIsj\/\/HMAAAABAAAAAAAACGNhbnNhcWNxAAABAAE="}
00459{"flow_id":72,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":102006,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADxZEU6wAifoZEYgAAAAEAAAAAAAAIbWN6dG1wa2MAAAEAAQ=="}
00459{"flow_id":71,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":103351,"pkt_caplen":88,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":88,"pkt_l4_len":34,"pkt":"MzMAAQAD0CeIF3AEht1gAAAAACIRAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAQADwCsU6wAiwAT8cwAAAAEAAAAAAAAIY2Fuc2FxY3EAAAEAAQ=="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1492167795292,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1492167795292,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":73,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":292702,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdAAAIARc3vAqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1492167795292,"flow_last_seen":0,"flow_tot_l4_data_len":58,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1374,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_first_seen":1492167795292,"flow_last_seen":0,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00471{"flow_id":73,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1375,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":294066,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdEAAIARc3rAqAFkwKgB\/wCJAIkAOgw8\/wABEAABAAAAAAAAIEVORURGS0ZFRU5GQUVMRURDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00471{"flow_id":73,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1376,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167795,"pkt_ts_usec":295354,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQdIAAIARc3nAqAFkwKgB\/wCJAIkAOio7\/wEBEAABAAAAAAAAIEVERUJFT0ZERUJGQkVERkJDQUNBQ0FDQUNBQ0FDQUFBAAAgAAE="}
00471{"flow_id":73,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1377,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167796,"pkt_ts_usec":111890,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoABOQy0AAIARch7AqAFkwKgB\/wCJAIkAOgI3\/v8BEAABAAAAAAAAIEVNRUNFS0VCRU5GSEZBRkVGSUZLQ0FDQUNBQ0FDQUFBAAAgAAE="}
@@ -892,25 +892,25 @@
00426{"flow_id":64,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1383,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167799,"pkt_ts_usec":176993,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0PplAAC8G6wLLzZOrwKgBZwG74reza+A+9PEGyoARAHBO\/gAAAQEICkWu8i8AMlnc"}
00425{"flow_id":64,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1384,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167799,"pkt_ts_usec":180222,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Xv1AAEAGuj7AqAFny82Tq+K3Abv08QbKs2vgP4AQAOU6vAAAAQEICgAybalFrvIv"}
00426{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167802,"pkt_ts_usec":608250,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0ePtAAEAGFxTAqAFnQOmnvIyxFGy60MyoSq1b+oAQAO1kTQAAAQEICgAycQKFo6C3"}
-00436{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00444{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":74,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167815,"pkt_ts_usec":567817,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00468{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00476{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1395,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00412{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1396,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167818,"pkt_ts_usec":25453,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoTS4AAAECNN\/AqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
00409{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167819,"pkt_ts_usec":459029,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoTTIAAAECNNvAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00409{"flow_id":75,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167820,"pkt_ts_usec":408257,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00477{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1398,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00410{"flow_id":30,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1399,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167820,"pkt_ts_usec":484228,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoTTQAAAECNNnAqAFk4AAAFpQEAAAiAPsBAAAAAQIAAADgAAD8"}
00413{"flow_id":30,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1400,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167822,"pkt_ts_usec":531112,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoTUkAAAECNMTAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
-00438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00437{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_tot_l4_data_len":542,"flow_min_l4_data_len":39,"flow_max_l4_data_len":503,"flow_avg_l4_data_len":271,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_tot_l4_data_len":241,"flow_min_l4_data_len":41,"flow_max_l4_data_len":200,"flow_avg_l4_data_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_tot_l4_data_len":3632,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":363,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_first_seen":1492167820408,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_first_seen":1492167815567,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":9,"flow_first_seen":1492167648494,"flow_last_seen":1492167695538,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":9,"flow_first_seen":1492167640138,"flow_last_seen":1492167695550,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_first_seen":1492167648243,"flow_last_seen":1492167648277,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":495,"flow_tot_l4_payload_len":526,"flow_avg_l4_payload_len":263,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":19041,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_first_seen":1492167650311,"flow_last_seen":1492167650345,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":10,"flow_first_seen":1492167650348,"flow_last_seen":1492167650467,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3552,"flow_avg_l4_payload_len":355,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":65,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1401,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167837,"pkt_ts_usec":279361,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABETnwAAAERx4XAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00449{"flow_id":65,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1402,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167837,"pkt_ts_usec":280685,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABETn0AAAERx4TAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00477{"flow_id":66,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1403,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167837,"pkt_ts_usec":282035,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
@@ -921,46 +921,46 @@
00478{"flow_id":66,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167840,"pkt_ts_usec":352767,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00425{"flow_id":64,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167844,"pkt_ts_usec":200258,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Xv5AAEAGuj3AqAFny82Tq+K3Abv08QbJs2vgP4AQAOUOxgAAAQEICgAymaBFrvIv"}
00426{"flow_id":64,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167844,"pkt_ts_usec":485906,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0W3NAAC8GzijLzZOrwKgBZwG74reza+A\/9PEGyoAQAHAO8gAAAQEICkWvHm4AMm2p"}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_tot_l4_data_len":7958,"flow_min_l4_data_len":20,"flow_max_l4_data_len":3450,"flow_avg_l4_data_len":331,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_tot_l4_data_len":13739,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":381,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_tot_l4_data_len":4123,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":24,"flow_first_seen":1492167648277,"flow_last_seen":1492167720406,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3430,"flow_tot_l4_payload_len":7446,"flow_avg_l4_payload_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":36,"flow_first_seen":1492167695237,"flow_last_seen":1492167720429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":12571,"flow_avg_l4_payload_len":349,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54117,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1414,"source":"wechat.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":18,"flow_first_seen":1492167695488,"flow_last_seen":1492167720468,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00675{"flow_id":76,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167848,"pkt_ts_usec":542496,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADlWmgAAIARWkzAqAFkwKgB\/wCKAIoA0eSKEQ7\/A8CoAWQAigC7AAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJPAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwCA\/AoAR0lPVkFOTkktUEMAAAAAAAYBAxIFAA8BVaoA"}
-00555{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
-00451{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1492167849769,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00567{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00459{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1492167849769,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":77,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167849,"pkt_ts_usec":769805,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"pkt":"MzMAAAACuHgu4toHht1gCKryABA6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQD\/swAAAAABAbh4LuLaBw=="}
-00485{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1492167849769,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_first_seen":1492167849769,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00808{"flow_id":78,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167851,"pkt_ts_usec":2688,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/uHgu4toHCABFAAFI3+EAAP8R2sMAAAAA\/\/\/\/\/wBEAEMBNOAUAQEGADPq6ioAAAAAAAAAAAAAAAAAAAAAAAAAALh4LuLaBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEDNwcBeQMGD3f8OQIF3D0HAbh4LuLaBzIEwKgBajMEAHanAAwOaVBob25lZGlNb25pY2H\/AAAAAAAA"}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}}
-00439{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,121,3,6,15,119,252"}}
+00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":79,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167851,"pkt_ts_usec":203580,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"pkt":"MzP\/hmxbuHgu4toHht1gAAAAACA6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/hmxbhwDa5wAAAAD+gAAAAAAAAAhCo\/OihmxbDgE+iVJ12j4="}
-00473{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00481{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
00424{"flow_id":77,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167851,"pkt_ts_usec":204799,"pkt_caplen":62,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":62,"pkt_l4_len":8,"pkt":"MzMAAAACuHgu4toHht1gCL93AAg6\/\/6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAChQDCHwAAAAA="}
-00452{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00460{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00490{"flow_id":80,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167852,"pkt_ts_usec":23021,"pkt_caplen":110,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":110,"pkt_l4_len":48,"pkt":"MzMAAAAWuHgu4toHht1gAAAAADgAAf6AAAAAAAAACEKj86KGbFv\/AgAAAAAAAAAAAAAAAAAWOgABAAUCAACPAPHlAAAAAgQAAAD\/AgAAAAAAAAAAAAL\/tFRbBAAAAP8CAAAAAAAAAAAAAf+GbFs="}
-00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_tot_l4_data_len":209,"flow_min_l4_data_len":209,"flow_max_l4_data_len":209,"flow_avg_l4_data_len":209,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00440{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
-00453{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
+00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_first_seen":1492167851002,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_first_seen":1492167848542,"flow_last_seen":0,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00448{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_first_seen":1492167851203,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00461{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1422,"source":"wechat.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_first_seen":1492167852023,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::16","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":64,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167865,"pkt_ts_usec":974865,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Xv9AAEAGujzAqAFny82Tq+K3Abv08QbKs2vgP4ARAOXNQQAAAQEICgAyruNFrx5u"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1492167865975,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_first_seen":1492167865975,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":81,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167865,"pkt_ts_usec":975033,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8cVZAAEAGp93AqAFny82Tq+K4AbvAQN+1AAAAAKACchCA5wAAAgQFtAQCCAoAMq7jAAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1492167866226,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_first_seen":1492167866226,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":82,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":226283,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8hOdAAEAGlEzAqAFny82Tq+K5AbuucSvFAAAAAKACchBGZwAAAgQFtAQCCAoAMq8iAAAAAAEDAwc="}
00437{"flow_id":81,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":243313,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rhfZ1wawEDftqASN8iGUwAAAgQFoAQCCApFrzOuADKu4wEDAwc="}
00425{"flow_id":81,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":243399,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVdAAEAGp+TAqAFny82Tq+K4AbvAQN+2X2dcG4AQAOXrqwAAAQEICgAyryZFrzOu"}
00749{"flow_id":81,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":243873,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEicVhAAEAGpvXAqAFny82Tq+K4AbvAQN+2X2dcG4AYAOUGhQAAAQEICgAyryZFrzOuFgMBAOkBAADlAwM6MRNk3EmFJ9vIXCbdCkO3vP+WoKpqLBvgL+NdCbhfqyAMsBFok8j6ktN3mDNfYh89ubRYR7QbnhPUZ8eCwdphMwAgOjrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8GhoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIOjoAHQAXABhqagABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":4,"flow_first_seen":1492167865975,"flow_last_seen":1492167866243,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00437{"flow_id":82,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":495347,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rl6NAw+rnErxqASN8iAowAAAgQFoAQCCApFrzPtADKvIgEDAwc="}
00425{"flow_id":82,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":495436,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOhAAEAGlFPAqAFny82Tq+K5AbuucSvGejQMP4AQAOXl+wAAAQEICgAyr2VFrzPt"}
00426{"flow_id":81,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":513757,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0b+pAAC8GubHLzZOrwKgBZwG74rhfZ1wbwEDgpIAQAHjq5wAAAQEICkWvM\/EAMq8m"}
02346{"flow_id":81,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":514555,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIb+tAAC8GtBzLzZOrwKgBZwG74rhfZ1wbwEDgpIAQAHifDwAAAQEICkWvM\/IAMq8mFgMDAF0CAABZAwNdJVXKZAQ6L0HFxCp+fVehSoRoXpTG0NPHVWuOn9SnCCC9CRO8qTdKdBx1vFCAUpGqkrrbgAZaFdgU9IvXLwqN\/MAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1434,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":6,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":81,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":514612,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVlAAEAGp+LAqAFny82Tq+K4AbvAQOCkX2dhr4AQAPvkiwAAAQEICgAyr2pFrzPy"}
02348{"flow_id":81,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":514947,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIb+xAAC8GtBvLzZOrwKgBZwG74rhfZ2GvwEDgpIAQAHi2AgAAAQEICkWvM\/IAMq8mi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRPE\/g5q0vKNFqOQ8jDNX+U+KzfnGvIriLht8OOkBrvm3QdAnDj0nIpXAvz+ZzT+4Dlze6VtyjPc8CUqfVrM432BgEBAATq8z4m"}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_tot_l4_data_len":3366,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":420,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1436,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":8,"flow_first_seen":1492167865975,"flow_last_seen":1492167866514,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":3094,"flow_avg_l4_payload_len":386,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":81,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":514997,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVpAAEAGp+HAqAFny82Tq+K4AbvAQOCkX2dnQ4AQARHe4QAAAQEICgAyr2pFrzPy"}
00785{"flow_id":81,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1438,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":515940,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"eJKcD6iO8IQvSpdgCABFoAE4b+1AAC8GuKrLzZOrwKgBZwG74rhfZ2dDwEDgpIAYAHhjgwAAAQEICkWvM\/IAMq8mH8OtgucgtUA7PijryUnPiWyN1eNHGVt9PvidK0Kq\/DwczjZ+O0xK484Ewx2zKwDclwSi+Q1QCZ\/b3OVV\/O7TAMvy3oLlTYECM2iCz+kcJi62AmMoUaEN2v+6jidm2qj5Lvbz7fl35JpJTLqZaNBx+\/+2Pnig\/xR+k4OEpLf1l3KgzTw3uaUKSjTPBRH9lD8EjyPlDiZ9k9aHYiAr8AEy2zQ44UlrefG4HZ0Fo9XeZEmY\/ClVJFi8G7BInSN6S0qiTzHQ84nscFW1PATeZBPhwYYIB387B2Rff4BvPAY9b0SHHLmHmhzv9np7vfAuT6RzK834RMCbfHg\/7CMWAwMABA4AAAA="}
00426{"flow_id":81,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1439,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167866,"pkt_ts_usec":515966,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0cVtAAEAGp+DAqAFny82Tq+K4AbvAQOCkX2doR4AQASjdxgAAAQEICgAyr2pFrzPy"}
@@ -974,42 +974,42 @@
00425{"flow_id":82,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1457,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167867,"pkt_ts_usec":786787,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOlAAEAGlFLAqAFny82Tq+K5AbuucSvGejQMP4AQAOXkuAAAAQEICgAysKhFrzPt"}
00425{"flow_id":64,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167869,"pkt_ts_usec":32245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XwJAAEAGujnAqAFny82Tq+K3Abv08QbKs2vgP4ARAOXKRAAAAQEICgAyseBFrx5u"}
00749{"flow_id":82,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":50375,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEihOpAAEAGk2PAqAFny82Tq+K5AbuucSvGejQMP4AYAOWxhwAAAQEICgAys9hFrzPtFgMBAOkBAADlAwOZa2bywhmdZUX58olJRmXCZ7SuNmlIRPbIU98uRUk9bCC9CRO8qTdKdBx1vFCAUpGqkrrbgAZaFdgU9IvXLwqN\/AAgmprMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8amoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIamoAHQAXABj6+gABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_tot_l4_data_len":454,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1478,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":6,"flow_first_seen":1492167866226,"flow_last_seen":1492167871050,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00427{"flow_id":82,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1483,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":322390,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OUxAAC8G8E\/LzZOrwKgBZwG74rl6NAw\/rnEstIAQAHjcUQAAAQEICkWvOKMAMrPY"}
02346{"flow_id":82,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":323158,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIOU1AAC8G6rrLzZOrwKgBZwG74rl6NAw\/rnEstIAQAHj5IwAAAQEICkWvOKQAMrPYFgMDAF0CAABZAwMHSGBwYPf7AadFMOvOUBo51DwZ7SpKe2ppZoE6um1h4CAXdM3iNMSeSRYu5rAL4uxt+WZ\/oboN6SP4aeC7pGEeFcAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_tot_l4_data_len":1946,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":243,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1484,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":8,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":208,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":82,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1485,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":323215,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOtAAEAGlFDAqAFny82Tq+K5AbuucSy0ejQR04AQAPvV9QAAAQEICgAytBxFrzik"}
02703{"flow_id":82,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":323625,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMOU5AAC8G6bXLzZOrwKgBZwG74rl6NBHTrnEstIAYAHgoRwAAAQEICkWvOKQAMrPYi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQRPedl8rEGeVAPWuweixwLkUSzzvXlYc5p6md2+DuC6SsLqnlXPMLhf8AdJlsnHntUs8TfqCs4Ci\/\/C3S\/cM1ndBgEBAIk5n1ZCkb5BmAP6rtagvLrJsAyJBUF5gjhDLGukisJYMPBO847\/DDdQHujLQiLupmfebevl4plQW3mHGJhCl4OFNvpPeXUgyEEj53\/L3yoPBeLu7gHjH2aXPoyiJ+GvXrGdYtE6sH0BReG1OhbwdSLPjwXp2aIDb6r6dHKK9D2mHcqj\/4PMbh2Zt\/+ZpgLjf48dduSp8MErjyxbgFk0aCUU6yw7qMVrQhao8pADxLdpo5dlWBJi7HOleqb1AnpYRwJBuWPY\/BdB0N2BQGCDmIxYDXI6WOHG3vCyJq6BuULE3lS6uJy93lGxavermoUJ8Z56jl8STO3nLJK5KunMg7oWAwMABA4AAAA="}
-01314{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_tot_l4_data_len":3698,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":369,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01325{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1486,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":10,"flow_first_seen":1492167866226,"flow_last_seen":1492167871323,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":335,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00427{"flow_id":82,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1487,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":323666,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hOxAAEAGlE\/AqAFny82Tq+K5AbuucSy0ejQYa4AQARXPQwAAAQEICgAytBxFrzik"}
00602{"flow_id":82,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1488,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":325825,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyhO1AAEAGk9DAqAFny82Tq+K5AbuucSy0ejQYa4AYARVuHQAAAQEICgAytB1FrzikFgMDAEYQAABCQQSr0kOEGHE4WGKpY\/5aqefcAOavEkG2UwlG\/o9vNro3sWuojxfAR0juUwuvlIB\/hiM60Im9ShghIL3TNYMM\/pDQFAMDAAEBFgMDACgAAAAAAAAAAESRiMLSeBmuWadzIpsriOQh7WdCxs+OM1uhoR\/hEEj3"}
00497{"flow_id":82,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":595572,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnOVBAAC8G8BjLzZOrwKgBZwG74rl6NBhrrnEtMoAYAHhBewAAAQEICkWvOOgAMrQdFAMDAAEBFgMDACjHKmy6psvZGILTp4ph5Y6tIPXU4KRvT96PWbBU01pudPAOEleI\/ppz"}
00426{"flow_id":82,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167871,"pkt_ts_usec":632231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0hO5AAEAGlE3AqAFny82Tq+K5AbuucS0yejQYnoAQARXOAAAAAQEICgAytGpFrzjo"}
00426{"flow_id":64,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167872,"pkt_ts_usec":304268,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XwNAAEAGujjAqAFny82Tq+K3Abv08QbKs2vgP4ARAOXHEgAAAQEICgAytRJFrx5u"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_tot_l4_data_len":29265,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2888,"flow_avg_l4_data_len":585,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_tot_l4_data_len":4131,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":50,"flow_first_seen":1492167720101,"flow_last_seen":1492167748133,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2856,"flow_tot_l4_payload_len":27649,"flow_avg_l4_payload_len":552,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":18,"flow_first_seen":1492167720353,"flow_last_seen":1492167748129,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54120,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":64,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1497,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167878,"pkt_ts_usec":856255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0XwRAAEAGujfAqAFny82Tq+K3Abv08QbKs2vgP4ARAOXArAAAAQEICgAyu3hFrx5u"}
-00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_tot_l4_data_len":24,"flow_min_l4_data_len":8,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
+00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_first_seen":1492167849769,"flow_last_seen":1492167851204,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":82,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167891,"pkt_ts_usec":596756,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0OVFAAC8G8ErLzZOrwKgBZwG74rl6NBiernEtMoARAHi7FAAAAQEICkWvTHAAMrRq"}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_tot_l4_data_len":10634,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":409,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00491{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_tot_l4_data_len":280,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1492167905310,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":26,"flow_first_seen":1492167765433,"flow_last_seen":1492167776953,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":9786,"flow_avg_l4_payload_len":376,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":8,"flow_first_seen":1492167765657,"flow_last_seen":1492167777220,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58037,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_first_seen":1492167905310,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":83,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1513,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":310934,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8Y7pAAEAGtXnAqAFny82Tq+K6AbsLFrb3AAAAAKACchA4ZAAAAgQFtAQCCAoAMtVNAAAAAAEDAwc="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1492167905561,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_first_seen":1492167905561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":84,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1514,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":561959,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"8IQvSpdgeJKcD6iOCABFAAA8gtZAAEAGll3AqAFny82Tq+K7AbsB+ldaAAAAAKACchCg3QAAAgQFtAQCCAoAMtWMAAAAAAEDAwc="}
00437{"flow_id":83,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1515,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":585622,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rpcdpBKCxa2+KASN8jmJgAAAgQFoAQCCApFr1oYADLVTQEDAwc="}
00425{"flow_id":83,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1516,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":585722,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y7tAAEAGtYDAqAFny82Tq+K6AbsLFrb4XHaQS4AQAOVLfQAAAQEICgAy1ZJFr1oY"}
00750{"flow_id":83,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":586242,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":304,"pkt_l4_len":270,"pkt":"8IQvSpdgeJKcD6iOCABFAAEiY7xAAEAGtJHAqAFny82Tq+K6AbsLFrb4XHaQS4AYAOUEvAAAAQEICgAy1ZJFr1oYFgMBAOkBAADlAwOpwzJj9zQUL7FTARxwe22aWmPjNgjLbbTXUoctVXlwQCAXdM3iNMSeSRYu5rAL4uxt+WZ\/oboN6SP4aeC7pGEeFQAgqqrMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAB8OjoAAP8BAAEAAAAAEwARAAAOd2ViLndlY2hhdC5jb20AFwAAACMAAAANABQAEgQDCAQEAQUDCAUFAQgGBgECAQAFAAUBAAAAAAASAAAAEAAOAAwCaDIIaHR0cC8xLjF1UAAAAAsAAgEAAAoACgAIysoAHQAXABhqagABAA=="}
-00723{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":32,"flow_max_l4_data_len":270,"flow_avg_l4_data_len":95,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00734{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1517,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":4,"flow_first_seen":1492167905310,"flow_last_seen":1492167905586,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":238,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00438{"flow_id":84,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":858313,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iO8IQvSpdgCABFoAA8AABAAC8GKZTLzZOrwKgBZwG74rtG\/8zAAfpXW6ASN8gnXAAAAgQFoAQCCApFr1pdADLVjAEDAwc="}
00426{"flow_id":84,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":858383,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"}
00425{"flow_id":83,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1520,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":863511,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0yhRAAC8GX4fLzZOrwKgBZwG74rpcdpBLCxa35oAQAHhKtQAAAQEICkWvWl8AMtWS"}
02345{"flow_id":83,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":866052,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"eJKcD6iO8IQvSpdgCABFoAXIyhVAAC8GWfLLzZOrwKgBZwG74rpcdpBLCxa35oAQAHjgMAAAAQEICkWvWl8AMtWSFgMDAF0CAABZAwOGR3vz0c7leVL88y7BanT+M1sdUTQh9zjBhl2LkZBBuyCM2+8zdEEEnStdC0Le952Lqq9eharacfOBD8t\/DxmAgMAvAAARAAAAAP8BAAEAAAsABAMAAQIWAwMKagsACmYACmMABgowggYGMIIE7qADAgECAhAw0VtVOfZrLt7UNL9vJ0R7MA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMR0wGwYDVQQDExRHZW9UcnVzdCBTU0wgQ0EgLSBHMzAeFw0xNTA5MjEwMDAwMDBaFw0xODA5MjAyMzU5NTlaMG8xCzAJBgNVBAYTAkhLMREwDwYDVQQIEwhIb25nS29uZzERMA8GA1UEBxQIV2FuIENoYWkxITAfBgNVBAoUGFRlbmNlbnQgTW9iaWxpdHkgTGltaXRlZDEXMBUGA1UEAxQOd2ViLndlY2hhdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOKLCU12ARBCRlKli7V796N1s9bfDDDp36hVnOckXCCtd1EICzDOMCShPpSy6mvuoSPYBr2kWWo99zbB1a21uYKdVpQmanSw53I2i\/nT9Ba10GRLm5DHrUpDUEij+mkz50Z2gx4CFdsKkRaGEZPO+as9uZ5K0vR1Ij1SUq7qYvK\/o8FWohsRDN8NCmoaUDyOkjivmoxwF9B\/OolimvW\/aejHHbaF7KhHMDTMj3pM9w5Z2Pb22IeJh85lDZOl6rH+yOl8HX0\/8DT5oJOmZoGq0Ovth7OnIKiNK8RoWM02mbl0XitpMl\/rj\/RLaSgD7DwrZYmXrRrFMnwlkx7CD4EfJfAgMBAAGjggLHMIICwzCCAT4GA1UdEQSCATUwggExghN3ZWJwdXNoMS53ZWNoYXQuY29tghJ3ZWJwdXNoLndlY2hhdC5jb22CFGxvZ2luLndlYi53ZWNoYXQuY29tghZ3ZWJwdXNoLndlYi53ZWNoYXQuY29tghN3ZWJwdXNoMi53ZWNoYXQuY29tghd3ZWJwdXNoLndlYjIud2VjaGF0LmNvbYIUZmlsZS53ZWIyLndlY2hhdC5jb22CD3dlYjEud2VjaGF0LmNvbYITZmlsZS53ZWIud2VjaGF0LmNvbYIUbG9naW5wb2xsLndlY2hhdC5jb22CD3dlYjIud2VjaGF0LmNvbYIQbG9naW4ud2VjaGF0LmNvbYIVbG9naW4ud2ViMi53ZWNoYXQuY29tgg5yZXMud2VjaGF0LmNvbYIOd2ViLndlY2hhdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2duLnN5bWNiLmNvbS9nbi5jcmwwgZ0GA1UdIASBlTCBkjCBjwYGZ4EMAQICMIGEMD8GCCsGAQUFBwIBFjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwQQYIKwYBBQUHAgIwNQwzaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTSb\/eW9IU\/cjwwfSPahXibo3xafDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nbi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAZA+6JF4lvu2XJwUfeUSiNqeNdtX0tN26N"}
-00780{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_tot_l4_data_len":1874,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00791{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00425{"flow_id":83,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1522,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":866087,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y71AAEAGtX7AqAFny82Tq+K6AbsLFrfmXHaV34AQAPtEWAAAAQEICgAy1dhFr1pf"}
02701{"flow_id":83,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":866538,"pkt_caplen":1754,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1754,"pkt_l4_len":1720,"pkt":"eJKcD6iO8IQvSpdgCABFoAbMyhZAAC8GWO3LzZOrwKgBZwG74rpcdpXfCxa35oAYAHgoRwAAAQEICkWvWl8AMtWSi6AhOArffz9dJXvub9aMTE9m7GKRKeFA\/Frtrp0XYhX6JqYW8b5etQL4tC009s8jG\/TuF8dFm+8Qnv4WGTbK3wvSPN1JnNDQWe+joFVsTCgLSjZxmTivYWk1MKykcC3vkTLWMDBQxUwZd+bVuFy+Hg8Wo2jQzS71Re20zkF2fEkUE+GnA3Ez8ZEoMIVFfuZJTLyMwnZDYqRXtmKQLIXy6PQpFijtmZoXa3RaUholNnff2hQGO8247PV9f6R3KrjtNTdvAtNV8PNXxSymO5xp1cn7ghlbtsUCsdT2arvzaytmF1NYKThZAARTMIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4KhqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X\/fQp3eaWx8KA7UZU9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B89FuiGdT7BKkKXWKp\/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP\/oyFysxj0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QBI0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xvvYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQU0m\/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUwQzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNqn2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM\/tKO79NgwYCA4ef7i28heUrg3Kkbwbf7w0lZXLV3B0TUl\/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45SVGeF0tPEDpbpaiSb\/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+NQNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMpzNSSFgMDAU0MAAFJAwAXQQQ+NK41ixEUObF\/3wwVLRrssuZeijCkksicej1\/Sx8C5ARXD80M8aRC6U8JdjqN1HKBxMtCXnykiIOSxU1e6KpqBgEBACNEMauUjlXDuGcmU7v0Y7L6woqS6NDbjOoc6mMw13fm7ufdTq4Z30913nkuSW9dkpbWUAm+fX5nF7kRGQYImxxLiW7PVyNXoV\/ddOqOVSPaqip19Bwb8\/6edEgD5X3nfDiRMK3lsQPaOOUrRe3DjDh9qDuabMUjk5wYb8KvRwwjYUBK4HhjbvDZ5++GWc7TtELpilMN5K8jRuXhDR59nmIYXUGzWtnZHceHZk40KtR8Nd5AuI\/yAt9aS2kTPyov1KfgrMTJ7EkGj29rGGCSQaaqh1Bv\/Aao+UgMKBf0LdVi\/Xlo1Cqf+2GF9h68PhuxKvFndXZa34PU7yFN5myS2ZAWAwMABA4AAAA="}
-01313{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_tot_l4_data_len":3626,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":453,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
+01324{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","issuerDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}}
00425{"flow_id":83,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1524,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":866569,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Y75AAEAGtX3AqAFny82Tq+K6AbsLFrfmXHacd4AQARU9pgAAAQEICgAy1dhFr1pf"}
00600{"flow_id":83,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1525,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167905,"pkt_ts_usec":869166,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"8IQvSpdgeJKcD6iOCABFAACyY79AAEAGtP7AqAFny82Tq+K6AbsLFrfmXHacd4AYARWmBwAAAQEICgAy1dlFr1pfFgMDAEYQAABCQQTFXprh3YJ93AWRwR3pfe8hZl\/9VhymPzf8yZmxmLFk8oQoEE4juHOvk\/KqBpoFfa55jrDEUOw4rYqBMszUv4UcFAMDAAEBFgMDACgAAAAAAAAAAHyPtAxCXHRR8n7rWdRimt5+aaWiHMjIYP\/FkrajzDKM"}
00497{"flow_id":83,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1526,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167906,"pkt_ts_usec":137422,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"eJKcD6iO8IQvSpdgCABFoABnyhhAAC8GX1DLzZOrwKgBZwG74rpcdpx3Cxa4ZIAYAHhR5QAAAQEICkWvWqMAMtXZFAMDAAEBFgMDACijiklPzEj8zwLVeuyKBmF4cNJuE3ZbayEdla3mYV\/Uv1ZfYkclU5ln"}
@@ -1027,88 +1027,88 @@
00478{"flow_id":66,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1547,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167909,"pkt_ts_usec":163978,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":65,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167911,"pkt_ts_usec":210632,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD70CeIF3AECABFoABEYSkAAAERtNjAqAFk4AAA+xTpFOkAMOibAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00478{"flow_id":66,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1549,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492167911,"pkt_ts_usec":211986,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD70CeIF3AEht1gAAAAADARAf6AAAAAAAAAkfk983Q2bNb\/AgAAAAAAAAAAAAAAAAD7FOkU6QAw3CsAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00452{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1492167443647,"flow_last_seen":1492167822531,"flow_tot_l4_data_len":176,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_tot_l4_data_len":522,"flow_min_l4_data_len":58,"flow_max_l4_data_len":58,"flow_avg_l4_data_len":58,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_tot_l4_data_len":27722,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":469,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_tot_l4_data_len":568,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_tot_l4_data_len":568,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_tot_l4_data_len":22802,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_tot_l4_data_len":4131,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":229,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00496{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_tot_l4_data_len":8772,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1720,"flow_avg_l4_data_len":398,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_tot_l4_data_len":672,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_tot_l4_data_len":960,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_tot_l4_data_len":397,"flow_min_l4_data_len":40,"flow_max_l4_data_len":357,"flow_avg_l4_data_len":198,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_tot_l4_data_len":68,"flow_min_l4_data_len":34,"flow_max_l4_data_len":34,"flow_avg_l4_data_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_tot_l4_data_len":672,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_first_seen":1492167795095,"flow_last_seen":1492167795102,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50577,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_first_seen":1492167795088,"flow_last_seen":1492167795100,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":49832,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1492167443647,"flow_last_seen":1492167822531,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_first_seen":1492167795087,"flow_last_seen":1492167795096,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":54124,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":9,"flow_first_seen":1492167795292,"flow_last_seen":1492167796728,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_first_seen":1492167795092,"flow_last_seen":1492167795103,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":49195,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":59,"flow_first_seen":1492167776953,"flow_last_seen":1492167815112,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":25818,"flow_avg_l4_payload_len":437,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58038,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":17,"flow_first_seen":1492167777204,"flow_last_seen":1492167918120,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58039,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":49,"flow_first_seen":1492167865975,"flow_last_seen":1492167896999,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":21218,"flow_avg_l4_payload_len":433,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58040,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":18,"flow_first_seen":1492167866226,"flow_last_seen":1492167897002,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3531,"flow_avg_l4_payload_len":196,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58041,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":22,"flow_first_seen":1492167905310,"flow_last_seen":1492167916848,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":8052,"flow_avg_l4_payload_len":366,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":14,"flow_first_seen":1492167788126,"flow_last_seen":1492167911210,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":20,"flow_first_seen":1492167641988,"flow_last_seen":1492167781907,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_first_seen":1492167765155,"flow_last_seen":1492167765432,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":190,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_first_seen":1492167795090,"flow_last_seen":1492167795099,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":26,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.252","src_port":57401,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":14,"flow_first_seen":1492167788128,"flow_last_seen":1492167911211,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":560,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_first_seen":1492167795091,"flow_last_seen":1492167795098,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":56,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::91f9:3df3:7436:6cd6","dst_ip":"ff02::1:3","src_port":50440,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02044{"flow_id":85,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171154,"pkt_ts_usec":216266,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":86,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171154,"pkt_ts_usec":792257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0MxpAAEAGXPXAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT0MFQAAAQEICgA\/OqCGKY\/Q"}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_first_seen":1492171154216,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_first_seen":1492171154792,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":87,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1555,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171164,"pkt_ts_usec":904228,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRVAAEAG2hjAqAFnX2UiIpknAFAjQjGZFOMj7IAQBf7IcQAAAQEICgA\/RIBwfIhZ"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":88,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1556,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171166,"pkt_ts_usec":312260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/65AAEAG93\/AqAFnX2UiIYi0AFB\/4ffk18M9+4AQCyPvSAAAAQEICgA\/ReBr6XAp"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":89,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1557,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171166,"pkt_ts_usec":440257,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqRAAEAGaIrAqAFnX2UiIYi3AFBZ1tlh3d8I5IAQBaRnrgAAAQEICgA\/RgBr6XCp"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":90,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1558,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171166,"pkt_ts_usec":696233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7pAAEAGr3TAqAFnX2UiIYi4AFDlnJrhImFMS4AQCdyNBgAAAQEICgA\/RkBr6XGp"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":91,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1559,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171168,"pkt_ts_usec":104237,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nhAAEAGJLXAqAFnX2UiIpk\/AFBMVGJPaE9vZoAQBU7AugAAAQEICgA\/R6BwfJTZ"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":92,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1560,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171168,"pkt_ts_usec":104293,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkNAAEAG0OvAqAFnX2UiIYilAFA23DHngeAL9oAQBaSDAQAAAQEICgA\/R6Br6Xcq"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":93,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171169,"pkt_ts_usec":377549,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"pkt":"8IQvSpdgeJKcD6iOCABFEABMYzZAAEAR4JXAqAFnwcxy6ZLKAHsAOA7KIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANybOCEWgBhs"}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1561,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","ndpi": {"proto":"NTP","breed":"Acceptable","category":"System"}}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02044{"flow_id":94,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1562,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171171,"pkt_ts_usec":688264,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpo1AAEAGahPAqAFny82XotOnAbtQhl2xjWp\/PoAYBaR4aAAAAQEICgA\/SyBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_tot_l4_data_len":56,"flow_min_l4_data_len":56,"flow_max_l4_data_len":56,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_tot_l4_data_len":1220,"flow_min_l4_data_len":1220,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":1220,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_first_seen":1492171169377,"flow_last_seen":0,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"193.204.114.233","src_port":37578,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_first_seen":1492171171688,"flow_last_seen":0,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_first_seen":1492171166312,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_first_seen":1492171166440,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_first_seen":1492171166696,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_first_seen":1492171164904,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_first_seen":1492171168104,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":95,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1563,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171175,"pkt_ts_usec":912251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0iE1AAEAGSqnAqAFn2DrNg+MfAbtA+v0fFZsbqIAQAT54MgAAAQEICgA\/T0Ay2r7t"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":96,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1564,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772041,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BdAAEAGIxbAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvX7AAAAQEICgA\/UBZwfB+e"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":97,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1565,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772128,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/69AAEAG937AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPlEAAAAQEICgA\/UBZr6XAp"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":98,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqVAAEAGaInAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdlQAAAQEICgA\/UBdr6XCp"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":99,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R7tAAEAGr3PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyDLQAAAQEICgA\/UBdr6XGp"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":100,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRZAAEAG2hfAqAFnX2UiIpknAFAjQjGaFOMj7IARBf682AAAAQEICgA\/UBdwfIhZ"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":101,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772333,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0251AAEAGiP7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf1WAAAAQEICgA\/UBcc0iJk"}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":102,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1570,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772430,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e59AAEAGnZzAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW08AAAAQEICgA\/UBdF3\/Tx"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00427{"flow_id":103,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1571,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkRAAEAG0OrAqAFnX2UiIYilAFA23DHogeAL9oARBaR6iAAAAQEICgA\/UBdr6Xcq"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":104,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1572,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00nlAAEAGJLTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU64QQAAAQEICgA\/UBdwfJTZ"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":105,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171176,"pkt_ts_usec":772726,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+U9AAEARvKPAqAFnwKgB\/uM1ADUAMHLoUUIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1573,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00424{"flow_id":96,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1574,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":4255,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BhAAEAGIxXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXsQAAAQEICgA\/UFFwfB+e"}
00426{"flow_id":100,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1575,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":12212,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRdAAEAG2hbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf68nAAAAQEICgA\/UFNwfIhZ"}
00427{"flow_id":97,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1576,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":24209,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7BAAEAG933AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPk0AAAAQEICgA\/UFZr6XAp"}
@@ -1126,9 +1126,9 @@
00426{"flow_id":98,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1588,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":308260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqdAAEAGaIfAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRdDwAAAQEICgA\/UJ1r6XCp"}
00427{"flow_id":101,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1589,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":308326,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0259AAEAGiPzAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJf00gAAAQEICgA\/UJ0c0iJk"}
00428{"flow_id":102,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1590,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":380269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6BAAEAGnZvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOW0WAAAAQEICgA\/UK9F3\/Tx"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":106,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":429365,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+fFAAEARvAHAqAFnwKgB\/qk1ADUAMHHYjFIBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1591,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":96,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1592,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":712245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BpAAEAGIxPAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvXAAAAAQEICgA\/UQJwfB+e"}
00427{"flow_id":100,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1593,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":732231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRlAAEAG2hTAqAFnX2UiIpknAFAjQjGaFOMj7IARBf676AAAAQEICgA\/UQdwfIhZ"}
00426{"flow_id":99,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1594,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171177,"pkt_ts_usec":780251,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R75AAEAGr3DAqAFnX2UiIYi4AFDlnJriImFMS4ARCdyCMQAAAQEICgA\/URNr6XGp"}
@@ -1140,9 +1140,9 @@
00428{"flow_id":102,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1600,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":268260,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e6FAAEAGnZrAqAFny82Tq+NyAbsh7o58Fu1nsYARAOWzegAAAQEICgA\/UY1F3\/Tx"}
00426{"flow_id":96,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1601,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":656277,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01BtAAEAGIxLAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvWFAAAAQEICgA\/Ue5wfB+e"}
00427{"flow_id":100,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1602,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":692258,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRpAAEAG2hPAqAFnX2UiIpknAFAjQjGaFOMj7IARBf66+AAAAQEICgA\/UfdwfIhZ"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1492171178741,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1492171178741,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":107,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":741406,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABE+rRAAEARuz7AqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1492171178741,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1603,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_first_seen":1492171178741,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":99,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1604,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":788233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R79AAEAGr2\/AqAFnX2UiIYi4AFDlnJriImFMS4ARCdyBNQAAAQEICgA\/Ug9r6XGp"}
00428{"flow_id":97,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1605,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":820238,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7NAAEAG93rAqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPjDwAAAQEICgA\/Uhdr6XAp"}
00428{"flow_id":104,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1606,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171178,"pkt_ts_usec":824231,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00n1AAEAGJLDAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU62QAAAAQEICgA\/UhhwfJTZ"}
@@ -1162,149 +1162,149 @@
00452{"flow_id":107,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1620,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171183,"pkt_ts_usec":746494,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABE\/1xAAEARtpbAqAFnwKgB\/twvADUAMPgq0wUBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
00426{"flow_id":96,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1621,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":328219,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01B1AAEAGIxDAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgvQigAAAQEICgA\/V3hwfB+e"}
00427{"flow_id":100,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1622,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":464226,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HRxAAEAG2hHAqAFnX2UiIpknAFAjQjGaFOMj7IARBf61VQAAAQEICgA\/V5pwfIhZ"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":108,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":747647,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABEAC1AAEARtcbAqAFnwKgB\/oR7ADUAMLAAcuQBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1623,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":99,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1624,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":848234,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8FAAEAGr23AqAFnX2UiIYi4AFDlnJriImFMS4ARCdx7SgAAAQEICgA\/V\/pr6XGp"}
00428{"flow_id":97,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1625,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":984241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/7VAAEAG93jAqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyPdCgAAAQEICgA\/WBxr6XAp"}
00428{"flow_id":104,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171184,"pkt_ts_usec":984295,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00n9AAEAGJK7AqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU6wPAAAAQEICgA\/WBxwfJTZ"}
00427{"flow_id":103,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1627,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171185,"pkt_ts_usec":112223,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JkpAAEAG0OTAqAFnX2UiIYilAFA23DHogeAL9oARBaRyYwAAAQEICgA\/WDxr6Xcq"}
00426{"flow_id":98,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1628,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171185,"pkt_ts_usec":368262,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jqtAAEAGaIPAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaRVMAAAAQEICgA\/WHxr6XCp"}
00427{"flow_id":101,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1629,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171185,"pkt_ts_usec":368325,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA026NAAEAGiPjAqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJfs8wAAAQEICgA\/WHwc0iJk"}
-00512{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00478{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00437{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_first_seen":1492171175912,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_first_seen":1492171177429,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43317,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_first_seen":1492171176772,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":58165,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_first_seen":1492171184747,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":33915,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00445{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00407{"flow_id":109,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171203,"pkt_ts_usec":806188,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj\/YAAAEC8ZXAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="}
-00469{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00477{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1630,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":110,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171205,"pkt_ts_usec":448234,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00470{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1492171206877,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1631,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1492171206877,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00410{"flow_id":111,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171206,"pkt_ts_usec":877899,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+EAAAECUizAqAFk4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"}
-00470{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1492171206877,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1632,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_first_seen":1492171206877,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
00413{"flow_id":111,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1633,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171208,"pkt_ts_usec":516256,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+IAAAECUivAqAFk4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
00413{"flow_id":111,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1634,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171210,"pkt_ts_usec":973939,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAW0CeIF3AECABGoAAoL+UAAAECUijAqAFk4AAAFpQEAAAiAOwAAAAAAQIAAADv\/\/\/9"}
-00438{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
00413{"flow_id":112,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171211,"pkt_ts_usec":383555,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"pkt":"AQBeAAAWACSlnnPpCABGwAAoAABAAAECQeXAqAFs4AAAFpQEAAAiAOwDAAAAAQIAAADv\/\/\/6"}
-00470{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00439{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_tot_l4_data_len":16,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00438{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_tot_l4_data_len":12,"flow_min_l4_data_len":12,"flow_max_l4_data_len":12,"flow_avg_l4_data_len":12,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1635,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"proto":"IGMP","breed":"Acceptable","category":"Network"}}
+00447{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_first_seen":1492171211383,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.108","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00447{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_first_seen":1492171205448,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00446{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_first_seen":1492171203806,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"224.0.0.1","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":113,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171250,"pkt_ts_usec":302344,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuVAAAERi7nAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
-00551{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1636,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00480{"flow_id":114,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171250,"pkt_ts_usec":302463,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00560{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
+00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1637,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_first_seen":1492171250302,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_googlecast._tcp.local"}}
00450{"flow_id":113,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1638,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171250,"pkt_ts_usec":302656,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABESuZAAAERi7jAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00480{"flow_id":114,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1639,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171250,"pkt_ts_usec":302684,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00450{"flow_id":113,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1640,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171251,"pkt_ts_usec":303763,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABESy5AAAERi3DAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00480{"flow_id":114,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1641,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171251,"pkt_ts_usec":303878,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
00451{"flow_id":113,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1642,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171253,"pkt_ts_usec":304834,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"AQBeAAD7eJKcD6iOCABFAABES\/VAAAERiqnAqAFn4AAA+xTpFOkAMOiYAAAAAAABAAAAAAAAC19nb29nbGVjYXN0BF90Y3AFbG9jYWwAAAwAAQ=="}
00480{"flow_id":114,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1643,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171253,"pkt_ts_usec":304968,"pkt_caplen":102,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":102,"pkt_l4_len":48,"pkt":"MzMAAAD7eJKcD6iOht1gAAAAADARAf6AAAAAAAAAepKc\/\/4PqI7\/AgAAAAAAAAAAAAAAAAD7FOkU6QAwzvQAAAAAAAEAAAAAAAALX2dvb2dsZWNhc3QEX3RjcAVsb2NhbAAADAAB"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_tot_l4_data_len":472,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":440,"flow_avg_l4_payload_len":440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
01031{"flow_id":115,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1644,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":294504,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFZAAEAGSOjAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5FiAAAAQEICgA\/pcIy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00451{"flow_id":116,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":294534,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJBJAAEARkeHAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1645,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_first_seen":1492171267294,"flow_last_seen":0,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WeChat","breed":"Fun","category":"Chat"},"dns": {"query":"webpush.web.wechat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":99,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":294545,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0R8tAAEAGr2PAqAFnX2UiIYi4AFDlnJriImFMS4ARCdwsYAAAAQEICgA\/puRr6XGp"}
00428{"flow_id":97,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":294567,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0\/79AAEAG927AqAFnX2UiIYi0AFB\/4ffl18M9+4ARCyOM4gAAAQEICgA\/qERr6XAp"}
00428{"flow_id":104,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":294579,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA00olAAEAGJKTAqAFnX2UiIpk\/AFBMVGJQaE9vZoARBU5gFAAAAQEICgA\/qERwfJTZ"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":117,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":430597,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJlBAAEARj6bAqAFnwKgB\/uivADUALYbgc9oBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1649,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":96,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1650,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171267,"pkt_ts_usec":576264,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA01ChAAEAGIwXAqAFnX2UiIpkbAFBTLvPZ9eqaX4ARCgt\/PgAAAQEICgA\/qMRwfB+e"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1492171268427,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1492171268427,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":118,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171268,"pkt_ts_usec":427945,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJl5AAEARj5jAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
-00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1492171268427,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00654{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1651,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_first_seen":1492171268427,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ssl.gstatic.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":103,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1652,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171268,"pkt_ts_usec":472274,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0JlRAAEAG0NrAqAFnX2UiIYilAFA23DHogeAL9oARBaQg+wAAAQEICgA\/qaRr6Xcq"}
01031{"flow_id":115,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1653,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171268,"pkt_ts_usec":600285,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"pkt":"8IQvSpdgeJKcD6iOCABFAAHsiFdAAEAGSOfAqAFn2DrNg+MfAbtA+v0gFZsbqIAZAT5BhgAAAQEICgA\/qcQy2r7tFwMDAVu+DrsMGADIBc3y\/EPKacgY\/\/yQnIvMDmcJvSRFqPEzGFHK1SfEZD+LW3zHqz7Qn57h7phszvLaMx08coFwWwqfC7HwO5byX8EfZX59ZxB8wie5NmTqPueQB2i63JLDDRRwIsZojgu7bb8cvUD8n10qxsHw\/TQ7hvwnvUlAMmevC0E4bShoN6nD161aFH8pJzOUZ6Inmm16pW110QaYPjjSQQTv7tNyG48jYK3I2RN01WazUewIpPm73LAS9ZABJ\/Ny8oNO\/paZaboPssOjLQcJQCoLWCEO29VIR1wHqlyW4rcdBB9JM36yEvABpD0B99LA+t3vBjUOLhPnYTS5Tg\/Xq\/y13A\/nE4U69mAQajAphd1rkHRmU5H71D9Yn3KgSrb0XGlqT0xKmBjYerOwAP2kk8Whxm\/8laMcKMQksDAjrijAvnUEJ5tIwpNFUcxgRKcVbexJ8LEa9dte0xcDAwAh3EhrcW9cp9\/WX9UiN8Kt\/CmhJWgGaSyh5LdY3zetl0V+FwMDAC1uKRpL0WFRctIQnQp7DT13au9uAW\/kc9Ado7SqH0KYC9BoecHEhGyhydVqz38="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1492171268754,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1492171268754,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":119,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171268,"pkt_ts_usec":754627,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"8IQvSpdgeJKcD6iOCABFAABIJm1AAEARj4LAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1492171268754,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1654,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_first_seen":1492171268754,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00427{"flow_id":100,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":128269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0HSdAAEAG2gbAqAFnX2UiIpknAFAjQjGaFOMj7IARBf5ipwAAAQEICgA\/qkhwfIhZ"}
00428{"flow_id":102,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1656,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":192245,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0e7BAAEAGnYvAqAFny82Tq+NyAbsh7o58Fu1nsYARAOVarwAAAQEICgA\/qlhF3\/Tx"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1492171269383,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1492171269383,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":120,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":383166,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJn9AAEARj3XAqAFnwKgB\/qwfADUALz4De5MBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1492171269383,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_first_seen":1492171269383,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00447{"flow_id":120,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":383221,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDJoBAAEARj3TAqAFnwKgB\/qwfADUAL2b9N5kBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_tot_l4_data_len":94,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1658,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00692{"flow_id":121,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":548804,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"\/\/\/\/\/\/\/\/0CeIF3AECABFoADwL\/IAAIARhLfAqAFkwKgB\/wCKAIoA3H89EQ7\/KMCoAWQAigDGAAAgRUhFSkVQRkdFQkVPRU9FSkNORkFFRENBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAALAAAAAAAAAAAAOgDAAAAAAAAAAAsAFYAAwABAAEAAgA9AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABHSU9WQU5OSS1QQwA="}
-00556{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
+00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1659,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00451{"flow_id":116,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1660,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171269,"pkt_ts_usec":750011,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"8IQvSpdgeJKcD6iOCABFAABEJttAAEARjxjAqAFnwKgB\/rE2ADUAMGKHk6IBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20AAAEAAQ=="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":122,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171270,"pkt_ts_usec":418166,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"8IQvSpdgeJKcD6iOCABFAAA9Ju1AAEARjw3AqAFnwKgB\/qZdADUAKRuahlUBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1661,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Google","breed":"Tracker\/Ads","category":"Web"},"dns": {"query":"ssl.gstatic.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00426{"flow_id":98,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1662,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171271,"pkt_ts_usec":288269,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0jrVAAEAGaHnAqAFnX2UiIYi3AFBZ1tli3d8I5IARBaQBSAAAAQEICgA\/rGRr6XCp"}
00427{"flow_id":101,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1663,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171271,"pkt_ts_usec":288336,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0261AAEAGiO7AqAFnX2W0s8s0AFCaGNVHW3dgu4ARJJeZCwAAAQEICgA\/rGQc0iJk"}
00447{"flow_id":118,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171273,"pkt_ts_usec":433039,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"8IQvSpdgeJKcD6iOCABFAABBJ9JAAEARjiTAqAFnwKgB\/qRaADUALSfRFz8BAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQNsYW4AAAEAAQ=="}
00455{"flow_id":119,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171273,"pkt_ts_usec":759735,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKB1AAEARjdLAqAFnwKgB\/qq5ADUANAzJFXEBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1492171274388,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1492171274388,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":123,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171274,"pkt_ts_usec":388466,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHpAAEARjXbAqAFnwKgB\/qdoADUAMwYVU1YBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AAAEAAQ=="}
-00648{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1492171274388,"flow_last_seen":0,"flow_tot_l4_data_len":51,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00660{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1666,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":1,"flow_first_seen":1492171274388,"flow_last_seen":0,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00455{"flow_id":123,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171274,"pkt_ts_usec":388528,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"8IQvSpdgeJKcD6iOCABFAABHKHtAAEARjXXAqAFnwKgB\/qdoADUAMwU2OTUBAAABAAAAAAAAATEGZGViaWFuBHBvb2wDbnRwA29yZwNsYW4AABwAAQ=="}
-00670{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1667,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.debian.pool.ntp.org.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":124,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171274,"pkt_ts_usec":755195,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"8IQvSpdgeJKcD6iOCABFAABIKKBAAEARjU\/AqAFnwKgB\/q06ADUANGSfuxkBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_tot_l4_data_len":220,"flow_min_l4_data_len":220,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":220,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1668,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_first_seen":1492171270418,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42589,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_first_seen":1492171267430,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":59567,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_first_seen":1492171269548,"flow_last_seen":0,"flow_min_l4_payload_len":212,"flow_max_l4_payload_len":212,"flow_tot_l4_payload_len":212,"flow_avg_l4_payload_len":212,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_first_seen":1492171274755,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44346,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":125,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171290,"pkt_ts_usec":232051,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMahAAEARhEzAqAFnwKgB\/qMfADUAL3l8SRkBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAAQAB"}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1669,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00447{"flow_id":125,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171290,"pkt_ts_usec":232080,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"8IQvSpdgeJKcD6iOCABFAABDMalAAEARhEvAqAFnwKgB\/qMfADUAL1ZyUSMBAAABAAAAAAAAATIGZGViaWFuBHBvb2wDbnRwA29yZwAAHAAB"}
-00665{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_tot_l4_data_len":94,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"2.debian.pool.ntp.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":126,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1671,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171290,"pkt_ts_usec":232092,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0Mx1AAEAGXPLAqAFnQOmnvNO9AbuA1BLzAh8CfoAQAT2IFAAAAQEICgA\/vqCGKY\/Q"}
-00476{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":127,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1492171291,"pkt_ts_usec":761740,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"8IQvSpdgeJKcD6iOCABFAABIMrNAAEARgzzAqAFnwKgB\/tELADUANPxl\/4EBAAABAAAAAAAAB3dlYnB1c2gDd2ViBndlY2hhdANjb20DbGFuAAABAAE="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171268600,"flow_tot_l4_data_len":944,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171268600,"flow_tot_l4_data_len":944,"flow_min_l4_data_len":472,"flow_max_l4_data_len":472,"flow_avg_l4_data_len":472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_tot_l4_data_len":102,"flow_min_l4_data_len":51,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00451{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_tot_l4_data_len":48,"flow_min_l4_data_len":16,"flow_max_l4_data_len":16,"flow_avg_l4_data_len":16,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
-00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00490{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00477{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_tot_l4_data_len":184,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_tot_l4_data_len":184,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_tot_l4_data_len":640,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_tot_l4_data_len":640,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_tot_l4_data_len":7525,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":221,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_tot_l4_data_len":70870,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":395,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_tot_l4_data_len":70870,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1220,"flow_avg_l4_data_len":395,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_tot_l4_data_len":94,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_tot_l4_data_len":94,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":48,"flow_max_l4_data_len":48,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171268472,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171268472,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00479{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00487{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171269128,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171269128,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_tot_l4_data_len":256,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_tot_l4_data_len":192,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"webpush.web.wechat.com.lan","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::7a92:9cff:fe0f:a88e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171268600,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171268600,"flow_min_l4_payload_len":440,"flow_max_l4_payload_len":440,"flow_tot_l4_payload_len":880,"flow_avg_l4_payload_len":440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.131","src_port":58143,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_first_seen":1492171274388,"flow_last_seen":1492171274388,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42856,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00459{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":3,"flow_first_seen":1492171206877,"flow_last_seen":1492171210973,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.180.179","src_port":52020,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_first_seen":1492171291761,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":53515,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":2,"flow_first_seen":1492171267294,"flow_last_seen":1492171269750,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":45366,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_first_seen":1492167905561,"flow_last_seen":1492167907207,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58043,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":20,"flow_first_seen":1492167352068,"flow_last_seen":1492167892851,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":36017,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":34,"flow_first_seen":1492167342893,"flow_last_seen":1492167478295,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6421,"flow_avg_l4_payload_len":188,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.22.14","src_port":38657,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":179,"flow_first_seen":1492167353674,"flow_last_seen":1492167907140,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":65142,"flow_avg_l4_payload_len":363,"midstream":1,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54058,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":4,"flow_first_seen":1492171250302,"flow_last_seen":1492171253304,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":160,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WeChat","breed":"Fun","category":"Chat"}}
+00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":6,"flow_first_seen":1492171176772,"flow_last_seen":1492171269192,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":2,"flow_first_seen":1492171268754,"flow_last_seen":1492171273759,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":43705,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":2,"flow_first_seen":1492171290232,"flow_last_seen":1492171290232,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":41759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":2,"flow_first_seen":1492171269383,"flow_last_seen":1492171269383,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":44063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_first_seen":1492171178741,"flow_last_seen":1492171183746,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":56367,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_first_seen":1492171268427,"flow_last_seen":1492171273433,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":42074,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171268472,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171268472,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34981,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34996,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171271288,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":34999,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.33","src_port":35000,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_first_seen":1492171290232,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":96,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39195,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171269128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171269128,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":8,"flow_first_seen":1492171176772,"flow_last_seen":1492171267294,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00128{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test"}
diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out
index 02a641d5b..8891d3cf7 100644
--- a/test/results/weibo.pcap.out
+++ b/test/results/weibo.pcap.out
@@ -1,5 +1,5 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"weibo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1463089067804,"flow_last_seen":0,"flow_tot_l4_data_len":145,"flow_min_l4_data_len":145,"flow_max_l4_data_len":145,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1463089067804,"flow_last_seen":0,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089067,"pkt_ts_usec":804779,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="}
00813{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089067,"pkt_ts_usec":804822,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="}
00448{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089067,"pkt_ts_usec":805294,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"kDVu60UQeJKcD6iOCABFAABHtklAAEARGALAqAFp2DrSDsDRAbsAM7beDDzb+3ozZeMBCkxEEj6TblVeBP78aEspYfuydCS19UAd5UCVpxpshuwHMA=="}
@@ -9,40 +9,40 @@
00516{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089068,"pkt_ts_usec":490751,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"eJKcD6iOkDVu60UQCABFAAB3AABAADMR2xvYOtIOwKgBaQG7wNEAY5h\/AAz3NgibEP+3fCH01gaXm\/ujoksOD8lVuFPVv4dTuDm1GQajh0JsK5hDx1wcIIslcR6FuJguYCUDV+hO960qSchu4lOGDy6g9QGt9CHdRWgSVC2cqVi1Gvnv6A=="}
00638{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089068,"pkt_ts_usec":490775,"pkt_caplen":221,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":221,"pkt_l4_len":187,"pkt":"eJKcD6iOkDVu60UQCABFAADPAABAADMR2sPYOtIOwKgBaQG7wNEAu1cBAA1SPRGfkBIcRyXIBOFmOzx7xByjFzObStYT9JG3BdTcYyczLM6U\/yGJL1UOa9efX1YnjJOnzSQes+TW7tPCCmIWM5k2OHC\/X4h62\/gFcsaUMiZP99DIiBWpEzuVuyrC9ruL8hz5sxTLccSbyiADHsnAODMlyaW7YySfafX77mgaS4\/pAmpwE\/R73VLqa4x3u5DTBS1saCqD2G0cou9H3fDUBMN96cndkiXeH\/VLD\/DRoz0="}
00451{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089068,"pkt_ts_usec":491086,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"kDVu60UQeJKcD6iOCABFAABHtn9AAEARF8zAqAFp2DrSDsDRAbsAM\/dlDDzb+3ozZeMBDb0E20MJqfc7ail3g\/1CveOoZw\/qFJDJZ3ZNxPAuDExJjg=="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1463089069330,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1463089069330,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089069,"pkt_ts_usec":330096,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0vWJAAEAGDMfAqAFp2DrWTuRwAbsLWGhZZbJo+oAQAO2GIAAAAQEICgBBBg58MNQL"}
00422{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089069,"pkt_ts_usec":374929,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA04pUAADMGNJTYOtZOwKgBaQG75HBlsmj6C1hoWoAQAV4BuwAAAQEICnwxg\/kAQNoT"}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463089070086,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1463089070086,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":86080,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0hxpAAEAGQw\/AqAFp2DrWTuRxAbtN5WEdhI1WjIAQAO065AAAAQEICgBBBst8MNbL"}
00421{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":131182,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0MLYAADMG5nPYOtZOwKgBaQG75HGEjVaMTeVhHoAQAV62dAAAAQEICnwxhr4AQNrV"}
-00477{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1463089070755,"flow_last_seen":0,"flow_tot_l4_data_len":372,"flow_min_l4_data_len":372,"flow_max_l4_data_len":372,"flow_avg_l4_data_len":372,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1463089070755,"flow_last_seen":0,"flow_min_l4_payload_len":364,"flow_max_l4_payload_len":364,"flow_tot_l4_payload_len":364,"flow_avg_l4_payload_len":364,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00886{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":755684,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"pkt":"kDVu60UQeJKcD6iOCABFAAGIMGNAAEARm9LAqAFp2DrS49GYAbsBdI1JDLva88\/LUhUgJJB9mYAGceDgbWxM0LRsm4JNDbKc2scH8met9koeqL6\/vSPRbc8Azif26oxDIgzQBvKXwSWqmW75DLc+Tze8HLmFOLbpW1dfDh+CmYIDg83ozCrqzZhIa7c9c87+9DDGInSDf9f\/tl92yy8f1zwi5ofEkbjAvQ14GM0UCN2FUqQXDuqOrr4+0mp4RLoTXyk0KmRSNOp96LQHThISJcaekcpsRADkvdkvWyfHzVzaPjpEHmDVGxlff0Lyt7xPlz4I3iJqFNYIv6S5IeCVHrZ+OTOUiQ654SUxByYukSwW968bKOypceOi6Z9YrJBsh8fbzBOlaaCscjkwvRlnA94hXGNPW\/f1uJBnwscXyRa1XQX3ylsU7+3wwIt8bcdzaqKvgasSUBwcjaznmyXm4EMkY0SocvpvlP+Y\/Tyw+d3\/Jt6j83TjDTmoWxIattwqrgJYlX1vanz3uVHuuTPizgrn3v70Ig=="}
00430{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":755808,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"kDVu60UQeJKcD6iOCABFAAA5MGRAAEARnSDAqAFp2DrS49GYAbsAJVKhDLva88\/LUhUgJfyz0FFMX+goev2cGp67zKdIwHY="}
00749{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":756129,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":303,"pkt_l4_len":269,"pkt":"kDVu60UQeJKcD6iOCABFAAEhMGVAAEARnDfAqAFp2DrS49GYAbsBDYkQDLva88\/LUhUgJkcz8vG4Z\/IO+VkPDhG6AFD7bU7A+qqkwZ+x\/RvFauDbIOOJtwCjXyUObeUIn5gQ+UX+x65qNOazAz\/4wVrPUNQeyvpM\/apVfaPKE\/BWwazlUXoAI5VQNixlUUJ1awnxsfIGiNrCTSIptZgAvLyXtwp5hhxDz3XyJujNKh8y4KxdXT+KUDUJOJJnUi42xAE7YEaRgCG0Gsvcv8KKqXj17ZhXhBURaPrZodsQJCbjs8pPzHSHwv2KhOv\/hmenV+Y+4AoEiGoPjQoanC+Mp48jh+wIc24blOr9i\/xboxYy\/SLPPtKSsAsklxNqe9J5gUDokozUo9KiuHi4kWMZ"}
00426{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":756212,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"kDVu60UQeJKcD6iOCABFAAA1MGZAAEARnSLAqAFp2DrS49GYAbsAIVjxDLva88\/LUhUgJwLsxjgxXNbPIqKq5C2ocA=="}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463089070757,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463089070757,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":757761,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"pkt":"kDVu60UQeJKcD6iOCABFAAA3JrZAAEARkEXAqAFpwKgBAdbMADUAI69dsmwBAAABAAAAAAAABXdlaWJvA2NvbQAAAQAB"}
-00625{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463089070757,"flow_last_seen":0,"flow_tot_l4_data_len":35,"flow_min_l4_data_len":35,"flow_max_l4_data_len":35,"flow_avg_l4_data_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1463089070757,"flow_last_seen":0,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00438{"flow_id":4,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":800539,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"eJKcD6iOkDVu60UQCABFAAA\/48EAADYRM73YOtLjwKgBaQG70ZgAK5KmACJCWlXaapi9mYsktLXHPcOwMT6FVng4z3AZrMHlanNy2Oo="}
00435{"flow_id":4,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":800569,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA848MAADYRM77YOtLjwKgBaQG70ZgAKK3cACPs9\/Su8BV3z9mXpWI0v3VrqD9MgU\/H3zT1WUtzOd8="}
00479{"flow_id":4,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":830405,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"eJKcD6iOkDVu60UQCABFAABc49MAADYRM47YOtLjwKgBaQG70ZgASG6ZACRpSAAaXQawU+oPS7uVCeQrGIL0yTGmks5EA52DAWmpkywr7fEQ4oz4qVaUQTicoPuWtiLawy9XMTDS6ewOQw=="}
00926{"flow_id":4,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":832828,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"eJKcD6iOkDVu60UQCABFAAGj49YAADYRMkTYOtLjwKgBaQG70ZgBj\/hxACX6hcuY3YOe9Hr9jcyVrBMfbi6KUYX8j8coU3Dk+PWKGrAfCpPjWJSu8Y3FBIeqL\/+3biImOd9zFvNNZXHpUMY6VHB7QBMgkpDpR0bCmM4JdhXemksaeoMQKDi2X8FPO6156ubq0etO+A804vBtxjXtba0WiIZ7gaYmZt5EDyZnwU+EdSxRMfUuJsLrKNV3PwoBXPmvRKp1AJcr0WzfCBByqClrGtBx+w+mSrmHw+kQJNiRN1ZbdXK3w3wdR8EYC7xk5Qx0LIqKLSBAg\/Jq6lGm3oaZNQSVwgIdIS+fex2yIPGo1PQkZfKH8i4yvWT8ZJwULeU\/r8XtAauBcVa2c2yLK4X9z07v+77UlkTmUiPbP3NyRInMd87JODfosxvW9qqF0dM3McTUgFSnZrdgOLtsRI1\/bgzbxIJ\/kzTRdumwAkz1pju8od\/FvEU2sVclFp1ED9ZyuQuHNkM7J36U36cZW3X7KX9IhU9cbv+wF2CLvdn\/9qPaIaywXlxH\/RhaCdLNVx\/A4w=="}
00458{"flow_id":4,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":833052,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"kDVu60UQeJKcD6iOCABFAABNMHBAAEARnQDAqAFp2DrS49GYAbsAObaFDLva88\/LUhUgKByMYFMjskIM1A8eJQ8V9Nd4rb6Cbk+lAN9qqqdkdRyQRocRp3Qz5A=="}
00449{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":841770,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"eJKcD6iOkDVu60UQCABFAABHAABAAEARtuvAqAEBwKgBaQA11swAM884smyBgAABAAEAAAAABXdlaWJvA2NvbQAAAQABwAwAAQABAAAAJAAEcoZQog=="}
-00652{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463089070841,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00664{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weibo.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"114.134.80.162"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1463089070841,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":841932,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8BZVAAEAGr+3AqAFpcoZQoubvAFC9RQISAAAAAKACchCiVgAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463089070841,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1463089070841,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089070,"pkt_ts_usec":841976,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA80EtAAEAG5TbAqAFpcoZQoubwAFDrBNfMAAAAAKACchCe2wAAAgQFtAQCCAoAQQeHAAAAAAEDAwc="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463089071008,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1463089071008,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":8468,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8ct5AAEAGQqTAqAFpcoZQoubxAFC2vHVvAAAAAKACchA1VgAAAgQFtAQCCAoAQQexAAAAAAEDAwc="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463089071046,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1463089071046,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":46082,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0aeJAAEAGY8fAqAFp2DrSzolSAbv6shUXRZgnfoAQAcBJAQAAAQEICgBBB7tvXD+b"}
00420{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":94149,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0QjAAADYG1XnYOtLOwKgBaQG7iVJFmCd++rIVGIAQCVwVnQAAAQEICm9c76IAQIN7"}
00421{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":195785,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BcYAACkGBsVyhlCiwKgBaQBQ5u8JOZF4vUUCE4ASOQhvgQAAAgQFqAEBBAIBAwMH"}
00405{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":195857,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZZAAEAGsADAqAFpcoZQoubvAFC9RQITCTmReVAQAOXoagAA"}
01005{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":196181,"pkt_caplen":500,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":500,"pkt_l4_len":466,"pkt":"kDVu60UQeJKcD6iOCABFAAHmBZdAAEAGrkHAqAFpcoZQoubvAFC9RQITCTmReVAYAOVVpAAAR0VUIC9sb2dpbi5waHA\/bGFuZz1lbi11cyBIVFRQLzEuMQ0KSG9zdDogd2VpYm8uY29tDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsKi8qO3E9MC44DQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHBzOi8vd3d3Lmdvb2dsZS5pdC8NCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00740{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_tot_l4_data_len":558,"flow_min_l4_data_len":20,"flow_max_l4_data_len":466,"flow_avg_l4_data_len":139,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00751{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_first_seen":1463089070841,"flow_last_seen":1463089071196,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":446,"flow_tot_l4_payload_len":446,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"weibo.com","url":"weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00421{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":198585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IcQAACoG6cZyhlCiwKgBaQBQ5vAZ6VqE6wTXzYASOQiSSgAAAgQFqAEBBAIBAwMH"}
00405{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":198637,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAo0ExAAEAG5UnAqAFpcoZQoubwAFDrBNfNGelahVAQAOULNAAA"}
00421{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":348610,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0BccAACoGBcRyhlCiwKgBaQBQ5vFPiVnutrx1cIASOQjz5AAAAgQFqAEBBAIBAwMH"}
@@ -51,25 +51,25 @@
01260{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":543642,"pkt_caplen":689,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":689,"pkt_l4_len":655,"pkt":"eJKcD6iOkDVu60UQCABFAAKjBckAACkGBFNyhlCiwKgBaQBQ5u8JOZF5vUUD0VARAHvKTQAASFRUUC8xLjEgMzAxIE1vdmVkIFBlcm1hbmVudGx5DQpEYXRlOiBUaHUsIDEyIE1heSAyMDE2IDIxOjM3OjUxIEdNVA0KU2VydmVyOiBBcGFjaGUNCkxvY2F0aW9uOiBodHRwOi8vd3d3LndlaWJvLmNvbS9sb2dpbi5waHA\/bGFuZz1lbi11cw0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjANCkV4cGlyZXM6IFRodSwgMTIgTWF5IDIwMTYgMjE6Mzk6NTEgR01UDQpWYXJ5OiBBY2NlcHQtRW5jb2RpbmcNCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCkNvbnRlbnQtTGVuZ3RoOiAyMDcNCkNvbm5lY3Rpb246IGNsb3NlDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0xDQpTSU5BLUxCOmFHRXVNVFk0TG1jeExtaDVaSE11YkdJdWMybHVZVzV2WkdVdVkyOXQNClNJTkEtVFM6WTJabE9UZ3lZMlVnTXlBeklEQWdNVEFnTUFvPQ0KDQofiwgAAAAAAAADbY69bsJAEIR7P8XinlsgHVoOCewIJEhcXArKM95wlu5P5ojF22ObNuXMfKMZmhXfe3WpSjio8wmqn93puId8jngs1SdioYp3shILxPIrlxmZ5Kwkw7oZRGqTZfmxWMI5\/HEDFXdOe\/bJPgnfYUY4wVSH5jn2l\/IfdnAzilIZhiZcH26wweg7uAklDabj301uUoprxL7vRc9tHcQ1OLTh1noRTdxa7W8b9vPHPZeGOybUUhDG8cQ0PwyN97MXc4MGzPkAAAA="}
00407{"flow_id":6,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":543674,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZhAAEAGr\/7AqAFpcoZQoubvAFC9RQPRCTmT9VAQAO\/kJgAA"}
00407{"flow_id":6,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":547268,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoBZlAAEAGr\/3AqAFpcoZQoubvAFC9RQPRCTmT9VARAO\/kJQAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463089071551,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463089071551,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00434{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":551377,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"kDVu60UQeJKcD6iOCABFAAA7Jz9AAEARj7jAqAFpwKgBARvsADUAJ8YJ26oBAAABAAAAAAAAA3d3dwV3ZWlibwNjb20AAAEAAQ=="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463089071551,"flow_last_seen":0,"flow_tot_l4_data_len":39,"flow_min_l4_data_len":39,"flow_max_l4_data_len":39,"flow_avg_l4_data_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1463089071551,"flow_last_seen":0,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00529{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":612902,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"eJKcD6iOkDVu60UQCABFAACAAABAAEARtrLAqAEBwKgBaQA1G+wAbIVL26qBgAABAAMAAAAAA3d3dwV3ZWlibwNjb20AAAEAAcAMAAUAAQAAACUAGQN3d3cFd2VpYm8DY29tBWNkbmdjA25ldADAKwABAAEAAAAHAARdvIaJwCsAAQABAAAABwAEXbyGhw=="}
-00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":39,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1463089071613,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00681{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"www.weibo.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1463089071613,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":613246,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="}
00436{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":642417,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="}
00422{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":642473,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"}
01026{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":642772,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"pkt":"kDVu60UQeJKcD6iOCABFAAH24VNAAEAGsVfAqAFpXbyGicnyAFB0WekapapjLoAYAOW9fgAAAQEICgBBCFD5u121R0VUIC9sb2dpbi5waHA\/bGFuZz1lbi11cyBIVFRQLzEuMQ0KSG9zdDogd3d3LndlaWJvLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNTAuMC4yNjYxLjEwMiBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwczovL3d3dy5nb29nbGUuaXQvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_tot_l4_data_len":594,"flow_min_l4_data_len":32,"flow_max_l4_data_len":482,"flow_avg_l4_data_len":148,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1463089071613,"flow_last_seen":1463089071642,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":450,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":112,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"www.weibo.com","url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00422{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":670625,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0PuBAADgGXY1dvIaJwKgBaQBQyfKlqmMudFnq3IAQAqQ7UwAAAQEICvm7XdAAQQhQ"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1463089071730,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1463089071730,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":730101,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"}
00422{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":755114,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0StsAADYGy1fYOtRFwKgBaQG7k6rGzyehIyhkd4AQAsDqzAAAAQEICiWUDPAAQNxk"}
00405{"flow_id":6,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":891757,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"eJKcD6iOkDVu60UQCABFAAAoBcoAACkGBs1yhlCiwKgBaQBQ5u8JOZP1vUUD0lAQAHvkmQAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1463089071994,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1463089071994,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00422{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089071,"pkt_ts_usec":994093,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA06TdAAEAGtMfAqAFpNuGj0p34AbsDr1KJWj28A4AQAWjCCQAAAQEICgBBCKgBIwBO"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1463089072046,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1463089072046,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":46092,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"}
00421{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":70732,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"}
00430{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":125117,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"eJKcD6iOkDVu60UQCABFAAA5PuJAADgGXYZdvIaJwKgBaQBQyfKlqmYfdFnq3IAYAqRjYwAAAQEICvm7X4IAQQhQZjJjDQo="}
@@ -87,17 +87,17 @@
00427{"flow_id":4,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":218733,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"pkt":"kDVu60UQeJKcD6iOCABFAAA1MHVAAEARnRPAqAFp2DrS49GYAbsAIZe6DLva88\/LUhUgKtrdfYOrYAZFD+Sy5gLiLg=="}
00439{"flow_id":4,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":304855,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"eJKcD6iOkDVu60UQCABFAAA\/6AMAADYRL3vYOtLjwKgBaQG70ZgAK+PGACavMB4N4yIzGWdh1rywnHHD9GKrlEvcs81E5Fg8mOE1i4w="}
00484{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":331449,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"pkt":"eJKcD6iOkDVu60UQCABFAABc6BsAADYRL0bYOtLjwKgBaQG70ZgASC1QACePx5VdQS6UanRpiyRb1SqZ2LsHNLKT3NzM\/1qa6Zqxx+hvKc+dxBqAnZG\/ow4Wk7CxE52Q+sn1tchPYliq\/w=="}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1463089072333,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1463089072333,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":333305,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1463089072333,"flow_last_seen":0,"flow_tot_l4_data_len":41,"flow_min_l4_data_len":41,"flow_max_l4_data_len":41,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1463089072333,"flow_last_seen":0,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00450{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":356956,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"kDVu60UQeJKcD6iOCABFAABEMHtAAEARnP7AqAFp2DrS49GYAbsAMK62DLva88\/LUhUgK1nsvLxTwI61hx7I4ZYbNy\/FHeh1pRHmWfG2sK\/0yA=="}
00594{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":444805,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":41,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"img.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":445019,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":445053,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8fClAAEAGF8\/AqAFpXbyG9ovcAFB8ZHUxAAAAAKACchCoEAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1463089072445,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":445071,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8mn5AAEAG+XnAqAFpXbyG9ovdAFDX1pNmAAAAAKACchAuaAAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="}
00439{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":471768,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9tGfim0i3oIcKAS\/\/\/69gAAAgQFqAQCCAoDdgkqAEEJGAEDAwc="}
00423{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":471800,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AXhAAEAGkojAqAFpXbyG9ovbAFCLeghwRn4ptYAQAOUoywAAAQEICgBBCR8Ddgkq"}
@@ -106,11 +106,11 @@
00439{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":471843,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="}
00423{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":471854,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"}
00986{"flow_id":16,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":471951,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":486,"pkt_l4_len":452,"pkt":"kDVu60UQeJKcD6iOCABFAAHYAXlAAEAGkOPAqAFpXbyG9ovbAFCLeghwRn4ptYAYAOWFQQAAAQEICgBBCR8DdgkqR0VUIC90Ni9zdHlsZS9jc3MvbW9kdWxlL2Jhc2UvZnJhbWUuY3NzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly93d3cud2VpYm8uY29tL2xvZ2luLnBocD9sYW5nPWVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"}
-00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_tot_l4_data_len":564,"flow_min_l4_data_len":32,"flow_max_l4_data_len":452,"flow_avg_l4_data_len":141,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072471,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":420,"flow_tot_l4_payload_len":420,"flow_avg_l4_payload_len":105,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
01002{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":472038,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":498,"pkt_l4_len":464,"pkt":"kDVu60UQeJKcD6iOCABFAAHkfCtAAEAGFiXAqAFpXbyG9ovcAFB8ZHUyz0aFDoAYAOXPzQAAAQEICgBBCR8DdgkrR0VUIC90Ni9zdHlsZS9jc3MvbW9kdWxlL2NvbWJpbmF0aW9uL2NvbWJfbG9naW4uY3NzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly93d3cud2VpYm8uY29tL2xvZ2luLnBocD9sYW5nPWVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"}
-00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_tot_l4_data_len":576,"flow_min_l4_data_len":32,"flow_max_l4_data_len":464,"flow_avg_l4_data_len":144,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00832{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":432,"flow_tot_l4_payload_len":432,"flow_avg_l4_payload_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00975{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":472113,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"pkt":"kDVu60UQeJKcD6iOCABFAAHOmoBAAEAG9+XAqAFpXbyG9ovdAFDX1pNnEqSVWIAYAOW3oQAAAQEICgBBCR8DdgksR0VUIC90Ni9za2luL2RlZmF1bHQvc2tpbi5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcgSFRUUC8xLjENCkhvc3Q6IGltZy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00797{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_tot_l4_data_len":554,"flow_min_l4_data_len":32,"flow_max_l4_data_len":442,"flow_avg_l4_data_len":138,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_first_seen":1463089072445,"flow_last_seen":1463089072472,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":410,"flow_tot_l4_payload_len":410,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00423{"flow_id":16,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":500000,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IPZAADgGewpdvIb2wKgBaQBQi9tGfim1i3oKFIAQAqQlTAAAAQEICgN2CUYAQQkf"}
00423{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":503183,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0jEpAADgGD7ZdvIb2wKgBaQBQi9zPRoUOfGR24oAQAqTjbgAAAQEICgN2CUgAQQkf"}
00424{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":503227,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0nB1AADgG\/+JdvIb2wKgBaQBQi90SpJVY19aVAYAQAqQWNAAAAQEICgN2CUkAQQkf"}
@@ -134,9 +134,9 @@
00423{"flow_id":16,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":879150,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AXtAAEAGkoXAqAFpXbyG9ovbAFCLegoURn4xVIAQAQMdzwAAAQEICgBBCYUDdgpf"}
06254{"flow_id":16,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":885684,"pkt_caplen":4374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4374,"pkt_l4_len":4340,"pkt":"eJKcD6iOkDVu60UQCABFABEIIPlAADgGajNdvIb2wKgBaQBQi9tGfjFUi3oKFIAQAqS3vgAAAQEICgN2Cl8AQQkfwS3SyVWqfmyPwPkh4SDVvJjO+Ru9m0zKS9uYLaUY05T\/YYT5YXlkAizxYC5yF6RqBcNMKKBEr\/fl56FBlhWFvZTvZ9NU9C5aeTFeiLou1grGNE0xhZZyh3YF3UBba9vtb4+7tWSKRMKaTzgsWlq8w68f3v3SNPv7jH3QmyW9VSII7LW0KATWquTyy5dYYdXF5DYaAziYUi+idhCapXs5AL\/ZMvUZPK\/A7zX4vRnoibnc2Z9r+\/ME3oLfsi22UW\/r4zkk4END5kwxNbnx3FYvXQtAcwTb+SQTq2+EAokZbzW1xEQaCgklpCasvTKlx2l36XWC2SNUWtLWFM4Ei5M8y6i15u8Td6gk9aPtZbi9kymcjwOFk2NzroXmcap2Jdc1QP21BTAvOlsrLZnnoDCTV7JgD4ZPrmDknJ4+O4OKxxQPoOkUK8d2GoxfmMjhax7765dhfdhUn+8X7B+jzCwm3z0kyprHS\/MF89zs6k3y7bacbQumDLDPn4fnp3LDhitN+Kot1tuM\/QcVqlFxZwQ1sOB8YRrCqdntjOpgvsj3nNvb5rJ+snI99zQN2SdP+UhG43NSMaV02FxaQjcRv9jgVv\/xdsiNWneJefOfb5kGONw3v6AGzDMBHX3rBA2gBgD2h9UhMpXklSwk2Z\/mg5NajP5GGWF9WdXr4ar6pa5OXCGdCmTS2SC7i\/PGC1kj2l6QW25illgTvaE\/j363PK+X26ZpwUZD7reAxBy11f7IlqZqKRTbqxWQiZGQiWSkREgUvg\/SrJTkRkTyIkkKTTIk+7KShn1ngn3fsDVAQEssVqMfl6vHDNpepZW5A6ZQbxRIrEcsV2GQvNC6PG0+ncrj1QpxKcZ5bxH\/p0nuMn5+Z6bQqdzUlzOfRUwPUOs+UszchpRhXyi1clzqw6E6iSJQ4WXffvvv\/\/C7f1Yamj+9rELI3kmF2S638pnvWYQh\/6rRVUPBsdWuHWEPEBLAyIh8zgsIFecJuUuMepsoujy41qtEma+UlWCe8j8PhAMlsQOjtu2Cm4\/lqeKGNzgEfFDYf2P1NxqKbHKX1Idz1Zrl9+dU8srPA\/X34mrJoDvIKQD7l4ke6+7N1H5DqF3GP2KheIT3\/RiJD123zfphCDmBLekGltXp1JzMmGmDy5ZtktB80+WlS2JgqksPBa7NZPtmvAa1AYG1iFDVN9W2vOxaa+pZzVez1Uyy0\/qpWn9gdXlrnPebxDNgahbAutRYzBD0SmySlrtyVe0SNvCHAXoKGka1B9K3pjjsmYbY3J0ManOZWNDSq8pasCD5BhlZUFbNbiOI8sPyXJWn9dMyuEMI6KC6WmJZS+EkcdccU0DmZCuy3A9nemu3r85nLW4IkKqi1tgXQFUl5woFBM4bn7U1anyGIuScXjIygOWmXLHhuLSMUSRmgsBKJXHpwyolyHbO+JZtN+q2QgI8TcZmlIzxKQJLvnSNUpEKasn0yy+5oX4pV4Pk6qwOE+FnZYW4tFhfGOcaQa0NicKuZN9WTE86nuvzw6cn1kexXRRGW75MKPMQ\/3kPvCYf+bDoWc8XbkLYi9doKsgyTEI7GzWwmP3EiN3ajRZkTJcbxAt6CngNcMCH6pM2Ck0B3GkQDKarGGzor5VSzmtMNbVcs1JsQgCdhHPvEvzWGGRjj9HFJPTtgoEJbyZrHsAR+JQTv1dGR2nrdqc3\/PZ55TxvroSI0X0Zz7H4ECyL+iZLUCOEGjVsLVUYUqaqT5b1HCBrElNHNUr9ehuzdkvjIEQ\/yUa5kUGie1KT42ZkOT\/D4u6N24yFU3hw3tmPud+I29Nk1Bzb5ao92F1aYmTeSbsYhBo9pMZc1W8+u4NvPkQAC5Skiu6DthC0XFvvmnMVbMcXvddkSW0bjCgeZgu5rPqMh+383aix5fhyRCJ3ESTW+qk8PFbKt0QChiVCzqkIaI3UqWnZtivWBC55xcqQS4gC7n9D4RchPasPvuvNcn851+s+GOuyDs6Fg\/O0YxTMkrmp2z7N8nIdTRY3NMnksBjTvk3r8h0oECxLosCYvk\/LrNgr9VlMkz5N+vNpJlTz+ASjsef8uOs1DR7rbdfoiknRk5nZkrvu1a4u+0rMfDnumrLXyMqSL26W2w\/oZviXPoKfiV7uuLin2zhfVuK334b+YlAXRiCaDZXW6QPR6mhAGdTq4hRb0aeElOsh5GLDEdxF+ij\/sOSxGHY\/QbQpjFUBugW\/rSPfNvDb1Y028pSgxO4hrnRkkjUXJ\/Nq7\/qVEhFyGmSGpN4\/hhmCf+2lcSDxsW9OsGNOiMV44hhi5BugZidKz7Ymax3CIhVP8F71O3ObV6u9u9gneLXnJRMdJYaZP3ch6kn+qTmwxreXnTPPJwQjD52taZKnLtjloZHd0Zq2o5CIqZ94lMAauKUEIoQySArxcbZabiEsniaIoS1XRtGWHjV\/x+N2DJvArKfPgmRMzn+slpddEuBbz4lqNqDE3hUPPdjrirH3NzI4SoVGjW2z9wPqgxjvANYykiSRwSbIeIrMThhfgCrogQmrpnDYfQAYyKb1JOet6bmT85V8aZ6m7twSqFEWBc8cEUKjW3Gm6OoBUCFLOkZNWNJw7fXlxA3BiAI96iwFcRzvB2kieKc8CMjQRnIP2NSIPc0w83jIYEugYCO9ArwFu6hGNZ+H2JSWUlzsGqyOp7I+P5Vc7MKxVkONiwgLn4DkSivp0XDepl4bGoBmDEaAc3O6Pza1jppyCiu9wBB1CuzC8jERPkdlMBM7TjZNknqAHqt9SLfQFq3EBOVge+8sZBWOiI0U20tSTwaqddUiuGwdjNkLjvMStbwpz0\/VJlF\/STesfEDinPSPSJMRCHukvgvZSHx2ceWoqTHQ9vCh3nqAgu4wLE+dnYJ9e6VOKRtTZ7dOsFup6dbE69bK7daK6BYcHfzXKyB+03CtYL+GsfHauR3bhceL6F\/P8Xqlbu3o4Rp7vWoPTVJfw7PaakB8D0QMIuoqab\/0kX1WuhNfR47JSITTtZ\/b5Io8REp2OYV\/4lZAJgarjwPqw4EtpgMafHj70jaPOnSVu+CI0OQlfCl+Mx1ehLGyqkJcq8U4AgtWOzRKqhsprz2FjlNy32yW0rV49SJJ5oQD1xHQie+eVoOk\/DLiBBxlRo4tCDIgDStpduimoMkOHznoUtLTNe0vLchpYhZ72TW1lN7uv9UAAp6yQajE5ag8aUHX3FS75qTL9rFhv70gtKVfXRn0RWidUHKFJ0wHk2Rp9oD2WZMUxsUiPVeA0BuTCRg8ofs4e0a1UaGPJjgaStLwUEzG6+loCjoX1C9wNLpCT6jacNuEvCup529hyhU\/q+GxBTxoqFFR7KDRzACSWg80ypc8\/qDqqyCUUhe\/InvOtDtk0QSc0SDGcxhbHG+nZ2xkFNS4T1zxbDqPoTzugfLYRBwvt2yTccV7id5Mn004VxKxeA8aclJ6uwTZiQKKqsJjnyK0Mfe8zmIJFXMObYHG8+1kbdHQbDRQL\/SyYHYZ+KAFZFMk+U3Uk6Sb7Lr01gm6SrzdcpwKGHGBsvivZ8A\/DwBzBkvS8wXBpTeEinbHfkbDEdNwLGJn0X6lnjVZlgwZV1xDjgRSzJVJxlEZD7vNZyISr2+H6PI3FEVdIyYSFYCBqhjuFvOIk+LQ3g+FfPBMWWRFJ1\/AN+U3vKAzB3AUpoHDXrGqfzHcIdBxohVhWP3zmzcg5hjlAWDLmNstbKgSBd4sRSYBEUs0FP6YJ1a+Og2S+xMPVw1BZ1U7a4ab7rvsBEdNx5xIeW61mPS1o9Yjg\/01Ees0Y9werU6xjiPE6emUB6ZToHKfKRWdg6tABVf2yVHkqxGQfDhc3sU6On7j4ibpRxbvX5KmSXntFoFQzRlK76MHS8wk6WXU4d\/\/9YIqiCMptZQG94YKC6fEV5gCL5FlXW32EGp9EZJaqgwIX34hN3DKFawUSxjiJrK\/EGHshCfHNJGMVuWJbEcJxsQoZt8BDbZfQ4TxOOgRO1eHzfJ8Wa+P9TpxOZ9wUgo6iDlAIAoPuaPjDcOcdihRx4MRRiNhu6HtESheVZ5RE1l0ZCyn8KO+FweanYPcYdc4blpGebCnHwbUFxFc\/kPYsLSqH+U4DOxP6Ri2j+vy8LHkca5qxHjegqe2Pd6\/f89KjtrRuT6UfzyP1of37fS9MJ842QwYLO4suRsk+qjCmXV+p1sGD7Jt+OLrWxfQnPY5X0iAVwU3uR0wI7Ow80HYzyOhQ78KbG4qRLAjgdyv2qFlXf2afXLBP3973C3Vss4jln78UB8G336cLvHr8wd+NsZ1HT+HjzgFN+1SPNAbdrM\/UtYDDF1POI2NBqAlr9+WdOxddm19fGpaHlwu\/l6KvXZIlFkrp0QGmTPlgyumzKGtNNak+nkl1AXap09CWWbqYdBRhscVhnoQg59rPKnFRy\/7AOAYnP5QZn8uU2XAdVdDDMkQyD44Zld0gA6cn8t71c\/5aic2HemD5SdjNo3CGHfTKUfHkeYvpNMY0skH2QdHh05yLdTdHPcCgUh1G7U1iPFXULv4c1G7eDm1i06u7NfH3NT3iBQndEER2sWh6AWiiI7VuOtgUwf0mOzCA4BOweTaXMyUmn8qv1wJme0dljXHsUnJbYGx1WX\/uJSnQz0OMy4VtK+b62wCGgSP24PNQejndSuD\/x0dumdjhfAB6DDTk4misYyh1OzCOkjEb2iPTlOUYtE7deNr29t6x\/66L3fHp\/Kt8oz8\/YRtFa0zZ0J3UzvX\/IggEibbHligGQ3S2j7eYRq6UdwiP+UPmkvA+VdDbNm9RJiaoGkd1UwspxkPZjJRDvNgWTjUkh0nKDJYZbOxkZmF41HvEXWZBOLILHy2f2z38sQzDrGUUVXmgKh65xyrdkC1S8YqH7yoWb3PQsF5CssJ2JYmchYbEk7l4e+ECD71m+Y6K6WvIdg4+E60hkIiCH+3H+UYbNsPA1O2eir61EbFlptlu8\/TbLL8mPdw4YoDmfMJdOBa\/2360OW+TfQ+ewrXrPFiTKGT1DLjUqROckOODAOaclv2cyNGwIyNl5CtC+tLu3xS4dP6+SN\/ToJGGWuM4L8co5m1gL0dss8D\/j8qu0WgXNNdZH\/uLNP1PbzYSoccossbjzCGLueWrZJrSRW5GxdkUTtBB5BmDv4Vrqco0cR3jpVrCb\/oAFmbIwHiZSSg2wAEgVOX2QYkyCX8FMmweDlfyt3ui5+otEaSBUs1sGyIrfR9LGekyBV5PIikmdkkzdJJlvKckSLR5\/J2UI\/1lgQFIJ2qY1VyY5b6ZWdsc9h9uSVdXW4ybvo1+Wx5QbUmWOl9Fq4WbIgnliiPx+Wu+ljtBvAhEcHkaiBvpvPwc65HTWX4ZNInHbuklscIpjmPOxvnQuonbL7sS37MZFvJvxlKJ7Ysmx9s5bC\/NxU\/zMSaZIrBZSV\/fdyVmy\/yZ8vNZOpn2azKRv4u69PKfHhsDo9favg7hw9j+FDAh4l82PPMsCf4m4eiwecMPuTwYQwfCviAgE8Ho\/OlPj81l2NZ8wzFg9EvAoUPJX+6\/o1MNDzyNpUEtPlzpc7VDKTm5Z0UsknoudtjJGFSSqtM9qhapQsMcxl028mMBuvCxRophuRx2CH51u2Hai3UlaEyRFkEgyVnqE8K\/UDZTO3JiKlmujyOdnlMjVyvHus2w8ip0QEohUpObDd+XeFgdcBfkSqiC3RnxegKxrYdjJUcAhoqEkSLQ5rLLseLA8IrQsbLz1zw4zj2qQu\/iJf30J90UMfC"}
00424{"flow_id":16,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":885727,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AXxAAEAGkoTAqAFpXbyG9ovbAFCLegoURn5CKIAQAUcMtgAAAQEICgBBCYYDdgpf"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1463089072885,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1463089072885,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":885992,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8J\/lAAEARjv3AqAFpwKgBAaGIADUAKAcnK+gBAAABAAAAAAAAAmpzAXQGc2luYWpzAmNuAAABAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1463089072885,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1463089072885,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02385{"flow_id":16,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":901158,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"eJKcD6iOkDVu60UQCABFAAXQIPxAADgGdWhdvIb2wKgBaQBQi9tGfkIoi3oKFIAQAqSdtgAAAQEICgN2Cl8AQQkfpyV+eObDWiH5AvsLYIakUepi8\/VrzDXEr6gZEiPBO4bXFA6RkpDXFJKx0h7pi1hpj5CTWOnMo+Q0WlxhjpfjsASkWSpHUwIt5UGpEYVk+3yA3HlwFZID+7WpkzCrvmhNQnaQsYtJD44\/3MbyshexYRrDwnCCHNAMOaApckBz5IAmycFqYhAmIKyC670Ze28K783EezMFb1zVT2bluBz4jj4JztqXDGR0HHtM\/cNtc\/9w2+Q\/3Db7DzdO\/8Mt899lgmiH\/TbyKKcTFOpsw69TRNvwyTrpbMOvM422AcfCFZg95CLkc5uVuUMUokZ5OgR+YGQ7AM\/bU10dNmf4SpxZ8l4sP+bw3fGy2lnfL55wU6LNQB+FnRvzEUQrXgtSxiIar+MRRHcuUE1MCaotRYBIW4jTt\/zo2alem43c2F9tKFiqaStTDCB+Zs7JClurFClWl5ePK\/v7jxcTC+w7vTCAEEUUJWXvSn26oFfVmS9mBH4dTUn28JsK1vOUctP3aDsTukvhep42f+Dpab58rDdVE46LCMzY1OcaA0wfCaJrekq\/rKnSPr0OGgLYzWjwjVPTHMJyIrrLgJP1VG22u9LYi4sMQloEIamhFZDgeSx8ZC90AsfLNCHJwQ\/AVxueQY8yyozDyCja6iPLCBo6wonbGTjPOiMafru+GR1fBfnIb9D7Ym0a5s1H\/MhNC\/gNt5e474TxIXaKcw75QUU+uHjQIrbAmpbGMsCaha89gY7EKyFphTrbUY9oLWyN0bXQ7Fnvynpf8ZaiR2HRPitzqndVnrm84rUdY2U4Q3VzMV5DSpAOsVMzmnOt9p2E93gZsbgqSFHppOshjMsd0zJ4BDTUpzQxwsqVAgUH+PxpKZxqkc1kDJQj6Y6s6PW2XXQG5Ta53XnRbuepOjUvxETIldfDZP1UHR6DG7w4KrPXReWpuR0TqJC\/HiYiEQGb2wP7uNmBh3r\/6Hxmb4RGYcweCQqKVE\/PHojQop8i7RRUQIsUfK+viAvou7nSdx0clE4VqJOG61B4yA8vQCRMCY2EWi\/cSh4W\/UkRgMg3m\/y6580g8N6LjYKgxwhZnAACDuYmoMvb7k5c5DY7r7PsVc+uEtCojoK3vbo56eimIJwR3gnaG6knkv3HcCnwRugcwW049kzph+Xhsufif2CfvlRMgf4EXjyeyi+B9GU6\/mhiF1L54N49BRMLEOFROBmzzOiE33GgOMBchmKhmwvFNc2GKLYzCbrEQ8frYQo4ZTbbcTWuYBlBBlRmuphWs7nR0bdL6T7VT44b1d+IkBmz\/LSBEHrcZoB2hRaB2PLgVDH+VeeF8LO674zzX7wFGjx7Qp5JfBkBiKtHhwWcS1MKNx3K+I4m2TNCIWaMSf2eRm03cJ+CaBGtRZM04t4dgh3js0vBmGkJGTYt793sv\/8K03SHUx\/iE\/fsi5KY\/Tzee4Gj\/6v8u4c4l6R4rPt7\/InOdLv9D2iP\/Ody\/B96e\/4P\/V3\/B2QvBM7\/A\/L+H5bQNadefVodeD\/BGxAjcEBBAgcUJXBAYQKHP2ecwKF3oMDhtkiBw62hApikcTcAZFZA9Q6zNax1W1zC4dbAhMOtkQmHW0MTDrfGJhzEIevdSrs3+NOqaT6AR2Qj9bWCLq67gekUKlHcXdQ5stEKaJWy3YmNGByA6jP7fDnF1KLYgowNme1TzbbFgcy6VgNNH5BqiY6H8Jh9EKRrYvlTb7bbvN+gcZAlvm2O4noE4qu+OYGuuK13++BHyTyxJs1lFaGGYwVU8x1FOBJqY2EJJGLoYnp+nFJYla4mi6IIEVeyGCo\/m8yL1SbcBO8UrrHKZ5sygpRgfNxGtprOc1tDxuUanVYY6\/pc8NMZh33\/bVnwP65WPLf7AXg5lZsvUqhjZeKi+Y5IhgAKyBvSHHcDdFfIT+IgSd0="}
00424{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":901207,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0AX1AAEAGkoPAqAFpXbyG9ovbAFCLegoURn5HxIAQAV0HAAAAAQEICgBBCYoDdgpf"}
06256{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":907721,"pkt_caplen":4374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4374,"pkt_l4_len":4340,"pkt":"eJKcD6iOkDVu60UQCABFABEIIP1AADgGai9dvIb2wKgBaQBQi9tGfkfEi3oKFIAQAqS3vgAAAQEICgN2Cl8AQQkfsg6teVQ9vvI7HfFbyDHgkf25XOd4923Arwp9eXyg4piuWM2qjooFXXFTbLJZtOKErLiZ8jvzZEV+HQOXN\/R4hsQZgNkduquaMIHARVrkWZYWs1k+4+G7LwL2WG9ZXbYsgNoq9jcBUfYBeadj7MsDgy5ksYKbjOZnwf\/liUneLc8uXclTKH7RlCzb9C3Zs1j8qs\/051TledMD+RXUlDmr1Lv7Q9O+fScyr9wlL4MaGvA+6as0TV65ZcDy\/ARglO3H0I0hHl6CC2\/mVVlfANSR8A7A\/54P7nwQo\/zaZEYThRf8+skSZZMbJgyH82tg8PwbzSMfqi\/iPCIbGiVy3qTfEVn75BVfb9NN9ciTVfFjX+FS46kqx9rh3BVoBB8HxC0kiWqDLAQbaELgmy70iQIAMA01DjICb1N\/pBZo5HeWR+vQ0T2ggsl4JgRHqUigUP\/1wQoSnqIJa232atngFb\/ygdYbTUDfeq1NIuXpoM0nZ73VPFUbkahpYIv\/CMr\/aCv86NT4sTPGTuWGMsD07z9dqjMXSz84EH8wIWiwk0WOIUJMAxtK6fxIn71+iy5FK8lt6LNLJt7\/gLfEWnOfSZJaekWbBQAE3UJYSjPQs0PJqCcHgBbDEAWNCGBHJlpDNiD3SFtxYZr8LVhfPwjXpn5oazapq8NGP59bxrSmZNOaWudPasMsH2Vwo37aNYfHT6uBSTIuFmL9yPZ2BoraWaubEiu2WfqAsg2nwKUCblZyU3gH9\/q261cby1UW6QQE7ZFlFnzb8AzJZT7Oi3Wa5h4AXGiWl2PeCqSx\/TieVQsfBVyoYHuX2dpA0ANjgaxX040PxCtXrBebdWbgiAG1HZ2tJ9nUA+IUSlcrQA3OBZBS82LjdwWWqTazcQ4wkJxjPk\/K+boicHCKFZPZYjM3UHQ4sb6iPN2kWeEBcUqV+TpPZwaGZFOLyLTcbnxEnFLjybxa2ZFVzA0IMs\/5jhNnZBCi0oHr15xOAZn5NLGo5aui8smMyuTVYgsIpAx76uN6MluvUw8ALlRuJ6tyYyDo+WhuIJjPJqUHIlBKuY7qbUkvR+NeHlTgqvpU1asmFj0tD630dtcKQw+\/tse\/pl61+KW5bMrmIFg5ajPvaBgHgfLfcXgqNqAL3rktT6vytCxvvgpj3jMua4JDJnWDYuWhLgKkFbfbWpMWbSdRldvjBD\/zv89uDlDUYLRF6C\/QIFfx26Vu7NOMauF1O4Gs9BrmOt6LCU4H29WLjCLU+pZupN3d0HkAw3kVotGpyXQB++TG4fx1HOSPc2vq7T0SfashphMd4DQh3IP87mPts31qWhMn3uwbXitAceeO+\/CF9qRYT\/wd8pmH175NR\/PJHcyd5e+1oBgUuKNt3rez2SqttqYE6xH+zlRANhhAMOt+wkKTzXpSToHDoXwM0AEHPlmqOHH03E2ymrFtRfhYgdw3Po\/+7R\/\/iTe6PPL7mGj\/mAk1S63TEaR\/An4e6WWYOt4dHFFVlXm68LxBTsCWn9GKihw2ujfvwKbacR2OpFugYr8pJjJi8xkmc2ODbClFusjmWZbN07RzooHwJhTdtFReG7n8LUOZkkEPI454cFhbFo7F+KHAJcV526raHOvDAD4Lno6yo+RG7G0K3NxCTK53vmdsiV7B+9bgNO9z+SrqFpp0VZlusy0uw7uKZ6\/QsF042oHmksnecEmTS2aJg0ni4hHacO7CKxPFFWDJkDoFrjImu\/jCJ3kBV+AcQiZ4Ql+P7vQOPqlrvGJgJpkBs39cisxbZ4brOWB1Q9domouxLVeZXKZp9LpMK4mXq8tqBaLbYGhh5FBWShz7ZIJgswT5hKkwxcjBDr0CKoJ+qZj2og\/\/++9kiorowRhwB5hkIX9a+Q5aMy8SeLutuNy2+4anHLEEwBavd9U8K7KU7KrsFiw8Z9vxxRgGQB42p6Y2AXtzqDRGAp318SQnnLJuzuogxGR+GyCosGwatrGvsuzWfA8zkN7gpt3ntml250355dbTOll+e4vhhHFCjnnZ4nj0eDlQP1b6x1r\/2IAbKjNhf5WXDhB3AwciHXye06NWOCqBjKpAi0duwyq8q\/jcKWC9W8ErzppLy6GbOw9l720AjKABflzjRx3\/T19hLV0IAgqVWF615y5ITOswkpCLWZnZ+dvtbLYeb9C0d2+P5KVzN1Q6Zwqw0zfc4mw6yzZki+l0kY9tZX3oYeC+oKBu1+liSynyqIXVarOoULg3ulfRnpUwZOx1r2YvwmR3OsZlPB4\/0Ksyvjdzs+B\/LDbk5Zpr8Q\/qk8Eh83DgF5YaeC6BVw6BjdU45X9uIJuGg27nI1oAWWADoGy0YgqyMMt0AlY0hPRBWQ7zhA30Dw3U+A5leFZHNuCmQzgvpct7+MhlC5vgb9vmONAHPJL0O\/57MtlmXGLxhKNoN6X3j10wYiCar6q9P39NdaKqym0eg\/CMhZqzsS1meV71JrMorcicTubp7AVkNjBiIIJk7lU7TOY+1eNkDkF4Novnrzp3cl\/AjHI8ddQppZ5jKkvLMZ0W08VsfPuYWhgxEKEx7Vc7OKa9qkfHNAjh2VEA0NSZbKfj6aYvmWVpSebJeDKfZreT2cKIgQiRuV\/tIJl7VY+SOQjhecSJzBV62u4DN2hIUcx83THFWqFK+MDh81PHcfhzF\/7Chz+3jhZxT3HipuyXbXX1ZeyaxsZjr60xjreG4Isu8K6ajS7A5mr9hMRdsvu+OVVXEEMDQsiAoVDah1wfWXO0qqQyNdgtslBG0Nur70tztzySMM5bMfIBM5sxxmX6CKDBx4T6AGxAGJEJvZYWUFt1TVTdUFV5Zlyv9so4cDeb9lMzsECp1xv6NQRCQaCqe3UFlb3a6O2GfGtb926IdzChv286votx+Mg5dgBJjt5szJsrNpTQN+4hxqKMbOB8x5+pi\/D75RiD7nzdkF+vhl+HY3swgOAX4GvnSiK6ghvMDbRpWHtvNnDjYDSUhIC2BiOF903bcrGalkj9eXb7uK8Ol6srm9zBy3xJwXrPj0KZqE8CqFODCdif0TRdlwfpG\/Ku3AjcuCF3olqwqkstXBvNBA8L9O1b64v3YW2EyljpfVymuF3w33AbEc8R6orMFKxNOBTDFwjo9cZ97UJRKHtgnPcb5\/21c4YOSTGPDMfas+fiJEPSHITgyw18SaDixpR5Z0HHaLVPRn5vdT9NWJNw5gUmjDmXZM6OISz1hyimZNiKzNbuU+hlixEBpe9q5B0+6r0w04JbL\/OFWnLV30af5NPGB9y5lMcbW6jGFrYxcpG\/Yn8YL4rcYTkUCv2I3wVyXITEfxcuVrPM8dBe4d22gtnegRe+7BHRUdjttwgxX2+2edfdSTEbrhSBPYl3qwbUp3lnxb+B3ogmr6t3YHKMIb\/hVdFdKPjU9GQuqM0zk4jVFGYZBXsEy9blaSPv20KX3YC7l8aZWIGt4o3u11IeaM8A6h50DCh20BkgvLUuXnzWc5TWl8jNywZX6Xhc6tueCEkLNz+wDaUz+ftUzCdzz2dOrjyhVpS+FXfxA\/+RkZsq7qRXMzwm4Xysulzk79TuOwPNga3RUN0jJ86Tn6+U18Y5eZoM09GYnz1lNMNf5B3YD+8+Md0MHlQtxry0gHxiK3x14u+bY1vv2frDulAxtY1waCXvYIIhmV\/IYMqWdBGyTaOQIBT0SwcDOQUsh\/NBx9vOB48DSBr7NAtvbzTyp+rjwD7yW5RtZvoUxrS4p+bFC+vCN259B3hiNGchOoHqjF5D1RmpM6K379Arqfx7r35Gbaue0Fp7SGlHeZdgw\/JmWdiueYOb5X\/5wvdKeIRRFW1MpNyJTlGZlN57ZTxF2H3jeI4ArF19bqlLRqPCQvph3Ymo+dpdNYYT3FPeJPs\/j7USy8US42BDgN\/ZpUNKVXVdq8wSKC8olcHfS\/mgz3h8tkY5KZqNc11GjWqLwPCLnHXm+bO5bBLiizFNLjsmsJPySpz4f6dnwoxvzLQme16fmt3u\/l7bcOXzqjwl1zc61JQVfaNj4aZd9YarCyPE4V4TmsExkX3Gmd27Nr8z79SykV6zbRwTGIObKjP5xdhMVb0RkfZUrj\/AXnheWHlZ4LFkYrLtA2x4rKt19bWQni77VRytb8uyfHijPNo58Ghvt\/q1tjOrLXqOLI5a4PLfXEYFb+jzc6OFEqhTjvDERcVJPZ2HIiM+EncIK7Q964+QsVaZAVu5OdANnVKiUX7150HntrMtgJyLtq556RqOqoL\/ofbOCBYO3EAQA0IzAoakQaiM3eULTINuetROvIUgbA2LRxgTRzmA+8NNa5UF9Ymgk8XXVIVa50bieCFDMoEjHbsAU5SojghlXCyibOCDV6DqEx7DPAPs5FZP6kHoS7V3o0vSCKAlD4tPtJ01kR3jqc0WfiXI8mieoXJSW6g2dYsDw0L2QlBJ3cSsaoFcMUovGuqJKI7CJxbAYCTeLJtLKxnW8I4aDo6ztcbw66wDkkpvJl0mkWu1ZgHho6aSPh7xLd75mv+Br4RXe1YM5L\/paHr34Nn1Aywk0FYnuIH\/HH1WU5YXGqBqXA2QxjrXRhmIQ0MWPQeH2gFB2UiAdXEGLWGmE4JRUSqgCWULHS682irt1mHHKlcD4tNBsDf1helU9f6y9y79ACXFNSZRAeJ4GgNh35APFlv+x+MDHRnEo6f8kEF4NAGfDNGHzHa7ZDTWSTLAdcn098gnlwBENEAirqQHSJVpWnoVeWgbeWn8mPdRXxqfsK3uxDpj2eKRdGzr86klMoy8U6FsPvW9SRWwoDhz7dXORb3esai\/7auCNQOgCP1f+0bgZ8R6QqJ2GcdmObSNeQG\/eEc890MREiQnUPAoOBwmqkv5axhY7+SEmLZvq92uPp7rM4pZTrSNx482fucLGMo4ZENJeTRp4hOKCDAd8z\/EmcJItBCPmeV\/VKRdzv\/w7NfsoZrxP37sjQGq2N4AlA0MhNqUCOjil47KEViy3URzfCti2kS7d+j9RHwQSOAPHImBwuguik1nL2Enu\/sYCHF6OcBQ1NOLIcYCoXoChcwVDUAf6VLLWGpOnUY+hfquuE9lAB\/C+e7wNhSr+zi54TRdrbepu+rLMA1\/Y0ooaxYTlDMx3cy2U1wInuGCNa2BGp7WAof0xjpGJ3x2gsHzj060TKx4jkxvJ62pw1uaKdck8h9IM3C33VtZ2yjL8rPCZsT\/J9LBXH3xybaLs+0cR1bPmbJVOWeN4EgA86GFr\/PHEG1st9V47bSx3ebVtH8bUv90Ge\/BD8jyIgS4YdAzReq9oQTd+oYXnBKWL0iUr8hUB9s7pJJnVFSdrak2bKqKiuCQfADdqEPptpeMKrZyAIaOUWgvx6sbEvPO96f\/wHOtCh41Zv3vLIYi+W2KJysbqkWF3wntO59MBnkxH+Q534jN5fkSA35Z7ct6dyUAiVIi1VcC0TFOoKk8TzR18GV0VpDrw6E6AbcEyOjDSCxPRlJ57qynLk0Z9Lvk2g1+JmI4nzEibKx39rqm1EOUf7fyBTHEYu6VprgGHRlWLwuhAC1\/aZr9fUbISQ8q8PkZSJmPrSjZXj2TDlFqpW0DKwhyZqMZ3QrCJ9hhKxDIv6GSoXXlWeN2w8\/v62p5OW7KtuLaLEq0Fog9JZEc1RUy8Dq3FgQqbbehSubANV1x\/XRq9sEWhwRTgcrnkgnUaRqsPYs2fW4uj02wrk76Eai8KuvNJVyZ6DSaVolZIPV0X0iBY12HSIiwRYUQIQnJDazMp\/bp\/eqR"}
@@ -145,77 +145,77 @@
00440{"flow_id":18,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":940197,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"kDVu60UQeJKcD6iOCABFAABAmoNAAEAG+XDAqAFpXbyG9ovdAFDX1pUBEqSbF7AQAPyIiAAAAQEICgBBCZQDdgpZAQEFChKklVgSpJdX"}
01742{"flow_id":18,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":943079,"pkt_caplen":1026,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1026,"pkt_l4_len":992,"pkt":"eJKcD6iOkDVu60UQCABFAAP0nCFAADgG\/B5dvIb2wKgBaQBQi90SpJdX19aVAYAYAqS\/MAAAAQEICgN2CrQAQQlsH4sIAAAAAAAAAK1W3XLbKhC+P0+hU98kHdnVj+XY1nQ601fIRS8ZEEihkUFFKHWr8bsXkJCxftI202hiW8vut9\/C7rKbR1BXRJ6lDzePIKcZZ8cn\/kKED7tvz4qVQtYIQZgcRG3GSy6Oqxw+4DhLL0pOhOCi9boFb5UHgRF3PgAqWg\/B7LkQvGF4PTb\/ApBkoBLkpefQSxg5y06izLnARLzB9C0BGhtFPBwgHA0ttwqR9fr4BeQNc5AbloWtVCzWmGRcQEkVAcYZST2FVasgKk6ZJMLsk\/EKMK2vbPXbAmO91FoYTHLYlDLlFcyo\/HEMNknqrU\/859qV5LRUvo6wrJ7gXb\/wMQnu9RZ+BpKeSEkZ8YY4ycke5irPc6VVE4bBd0IRb52TpCdYkC4sA3SijKKSF20FMaasWEteHZOgOpsoK6Xs\/YVaLuCJzGSOFJDVFdRE\/6enigsJmUwvq681qJ+pSocGlTQDCNakfSK0eJLHbaTB\/0Mc\/\/B7F+00I\/EWJyRIJwE2orx7Z37WHzQEEKQiUG4qVnyi+GO4DYPDNg62D2EYv7v3XIBO89h9rc\/uUsVratIiIzoRvCD13H32Nt1h199Vog2nsQ\/0k15MJCUplLrOecqqRh5znjW1b3O0LwVks\/OalxYsjuN0NkcvPcZC5Wq7q8qkOp3laCA30NHZC1FJJgJb6reRvsYvWuBnN2nQmlB0NLqKf2sRdnC7w4487J1Snuc1VZsQsypQM1I1+Rz+q2ZkuRL0ECdd6AZ\/getUbcLVUUFFaP2q37dElADATNKXuZLLd\/qxGCBr5+XK+egGsOtdEmVQYE3TJpWEBVDbNHrtM2yJhdtMjN\/IV10qe\/7WcEmcchoyeohvDtK0TYPiROUIVUiOdBRdr6eb8lDI+pZz77eB0Whr8EE\/w9b8ruD+bMtmPIy2y3C9hrrEYjJFLIJF4yOP1JNcl51tvV2JnSNy++ltH5qNLDN\/hvUSwOJZqxurJLkEDL541x7sCEeFPDboG9GNxXhWmeA5k027zKYkA5Y\/WdHHvCResjlxoU5Sf871DhShQxankwVRIHgXJYlv\/4NNdJ++XwSYRgE+8\/Mtm5ySEtdEjpuT5eAKZ\/yH2v+c4eW1CWQF9zBHh4UI452\/C\/39QYeXzMbXm4+Gr8fxfdIT07FOrpCFsc0fQQLMTcoXXM1Yr95J7lx2VZvOPqjYfK3M3BMF4TY4RPtwr66BQA0+HuP9wOMpb1431yyMfq+7MAZ\/62cYAPuZ2LzcToC\/AKDsjev4DAAA"}
00441{"flow_id":18,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089072,"pkt_ts_usec":943143,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"kDVu60UQeJKcD6iOCABFAABAmoRAAEAG+W\/AqAFpXbyG9ovdAFDX1pUBEqSbF7AQAPyCbQAAAQEICgBBCZUDdgq0AQEFChKkl1cSpJsX"}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1463089073286,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1463089073286,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00443{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":286278,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"kDVu60UQeJKcD6iOCABFAABDKCFAAEARjs7AqAFpwKgBAUZzADUAL2deWFEBAAABAAAAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQAB"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1463089073286,"flow_last_seen":0,"flow_tot_l4_data_len":47,"flow_min_l4_data_len":47,"flow_max_l4_data_len":47,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1463089073286,"flow_last_seen":0,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":287324,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KCJAAEARjtHAqAFpwKgBAcXQADUAK4SVO9YBAAABAAAAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAE="}
-00684{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00696{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":287582,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"kDVu60UQeJKcD6iOCABFAAA6KCNAAEARjtXAqAFpwKgBAcjwADUAJqqk8RABAAABAAAAAAAAAWcGYWxpY2RuA2NvbQAAAQAB"}
-00630{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00642{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"g.alicdn.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":287796,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KCRAAEARjtLAqAFpwKgBAdDaADUAKHiskZsBAAABAAAAAAAAA2xvZwZtbXN0YXQDY29tAAABAAE="}
-00632{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1463089073289,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1463089073287,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"log.mmstat.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1463089073289,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":289058,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"kDVu60UQeJKcD6iOCABFAAA+KCVAAEARjs\/AqAFpwKgBAYQeADUAKn2XkPcBAAABAAAAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAQ=="}
-00634{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1463089073289,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1463089073289,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01042{"flow_id":18,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":319058,"pkt_caplen":525,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":525,"pkt_l4_len":491,"pkt":"kDVu60UQeJKcD6iOCABFAAH\/moVAAEAG96\/AqAFpXbyG9ovdAFDX1pUBEqSbF4AYAPzpcwAAAQEICgBBCfMDdgq0R0VUIC90Ni9za2luL2RlZmF1bHQvaW1hZ2VzL2JvZHlfYmdfcGFnZS5qcGc\/aWQ9MjAxNDA5MjgxODM1MDAgSFRUUC8xLjENCkhvc3Q6IGltZy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlLyosKi8qO3E9MC44DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9pbWcudC5zaW5hanMuY24vdDYvc2tpbi9kZWZhdWx0L3NraW4uY3NzP3ZlcnNpb249MjAxNjA1MTMwNTM3DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1463089073319,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1463089073319,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":319753,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8H8hAAEAGdDDAqAFpXbyG9oveAFCCZhY7AAAAAKACchAAKAAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1463089073321,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1463089073321,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":321163,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA80r9AAEAGwTjAqAFpXbyG9ovfAFBlcdtMAAAAAKACchBYCgAAAgQFtAQCCAoAQQnzAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1463089073322,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1463089073322,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":322446,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8W1BAAEAGOKjAqAFpXbyG9ovgAFAoLVKkAAAAAKACchAd9QAAAgQFtAQCCAoAQQn0AAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1463089073334,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1463089073334,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":334322,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8E7RAAEAGgETAqAFpXbyG9ovhAFAJpBpDAAAAAKACchB02wAAAgQFtAQCCAoAQQn3AAAAAAEDAwc="}
00425{"flow_id":18,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":381894,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0nCJAADgG\/91dvIb2wKgBaQBQi90SpJsX19aWzIAQAqEKgAAAAQEICgN2DKIAQQnz"}
00438{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":382415,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="}
00423{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":382462,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"}
01047{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":382597,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"pkt":"kDVu60UQeJKcD6iOCABFAAIEH8pAAEAGcmbAqAFpXbyG9oveAFCCZhY8OMuO14AYAOXSsAAAAQEICgBBCgMDdgyiR0VUIC90Ni9zdHlsZS9pbWFnZXMvZ2xvYmFsX25hdi9XQl9sb2dvX2IucG5nIEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNTAuMC4yNjYxLjEwMiBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwOi8vaW1nLnQuc2luYWpzLmNuL3Q2L3N0eWxlL2Nzcy9tb2R1bGUvY29tYmluYXRpb24vY29tYl9sb2dpbi5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00793{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_tot_l4_data_len":608,"flow_min_l4_data_len":32,"flow_max_l4_data_len":496,"flow_avg_l4_data_len":152,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00804{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1463089073319,"flow_last_seen":1463089073382,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":116,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00439{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":383314,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="}
00424{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":383342,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"}
01075{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":383484,"pkt_caplen":550,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":550,"pkt_l4_len":516,"pkt":"kDVu60UQeJKcD6iOCABFAAIY0sFAAEAGv1rAqAFpXbyG9ovfAFBlcdtN+im1m4AYAOXBUAAAAQEICgBBCgMDdgyiR0VUIC90Ni9zdHlsZS9pbWFnZXMvZ3Jvd3RoL2xvZ2luL3Nwcml0ZV9sb2dpbi5wbmc\/MTM0MzQyMTAzODQzODkgSFRUUC8xLjENCkhvc3Q6IGltZy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlLyosKi8qO3E9MC44DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9pbWcudC5zaW5hanMuY24vdDYvc3R5bGUvY3NzL21vZHVsZS9jb21iaW5hdGlvbi9jb21iX2xvZ2luLmNzcz92ZXJzaW9uPTIwMTYwNTEzMDUzNw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlLCBzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44LGl0LUlUO3E9MC42LGl0O3E9MC40LHJ1O3E9MC4yDQoNCg=="}
-00814{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_tot_l4_data_len":628,"flow_min_l4_data_len":32,"flow_max_l4_data_len":516,"flow_avg_l4_data_len":157,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00825{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1463089073321,"flow_last_seen":1463089073383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":484,"flow_tot_l4_payload_len":484,"flow_avg_l4_payload_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00438{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":383869,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="}
00424{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":383893,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"}
00438{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":384495,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="}
00423{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":384519,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"}
01059{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":384656,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"pkt":"kDVu60UQeJKcD6iOCABFAAINE7ZAAEAGfnHAqAFpXbyG9ovhAFAJpBpEotOHeoAYAOVvCQAAAQEICgBBCgMDdgyjR0VUIC90Ni9zdHlsZS9pbWFnZXMvY29tbW9uL2ZvbnQvd2JmaWNvbi53b2ZmP2lkPTIwMTYwNTExMTc0NiBIVFRQLzEuMQ0KSG9zdDogaW1nLnQuc2luYWpzLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNCk9yaWdpbjogaHR0cDovL3d3dy53ZWliby5jb20NCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vaW1nLnQuc2luYWpzLmNuL3Q2L3N0eWxlL2Nzcy9tb2R1bGUvYmFzZS9mcmFtZS5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00810{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_tot_l4_data_len":617,"flow_min_l4_data_len":32,"flow_max_l4_data_len":505,"flow_avg_l4_data_len":154,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00821{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1463089073334,"flow_last_seen":1463089073384,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":473,"flow_tot_l4_payload_len":473,"flow_avg_l4_payload_len":118,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"img.t.sinajs.cn","url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00551{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":393823,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"pkt":"eJKcD6iOkDVu60UQCABFAACRAABAAEARtqHAqAEBwKgBaQA1RnMAfV+\/WFGBgAABAAMAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQABwAwABQABAAAACQAZBWFkaW1nBGdzbGIIc2luYWVkZ2UDY29tAMAzAAUAAQAAAAoADQV3ZWlibwRncmlkwD7AWAABAAEAAAAvAATeSRxg"}
-00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":47,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00689{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"u1.img.mobile.sina.cn","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":394448,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KDNAAEARjsDAqAFpwKgBAS4WADUAK\/dEyn0BAAABAAAAAAAAB2FjY291bnQFd2VpYm8DY29tAAABAAE="}
-00646{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"account.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":394759,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="}
00594{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":423772,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"pkt":"eJKcD6iOkDVu60UQCABFAACwAABAAEARtoLAqAEBwKgBaQA1oYgAnCOtK+iBgAABAAUAAAAAAmpzAXQGc2luYWpzAmNuAAABAAHADAAFAAEAAAA8AAcEd2NkbsARwCwABQABAAAAKQAVBnNpbmFqcwVjc2dsYgV0eGNkbsAYwD8ABQABAAAEEgAUCG40Y3N3aGszBWdjY2RuA25ldADAYAABAAEAAAADAARdvIb2wGAAAQABAAAAAwAEXbyG8Q=="}
-00672{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":40,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00684{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"js.t.sinajs.cn","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00431{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":424254,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"kDVu60UQeJKcD6iOCABFAAA4KDhAAEARjsLAqAFpwKgBAUGkADUAJAai81YBAAABAAAAAAAAAWMFd2VpYm8CY24AAAEAAQ=="}
-00639{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"c.weibo.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":424339,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="}
00566{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":478883,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"pkt":"eJKcD6iOkDVu60UQCABFAACdAABAAEARtpXAqAEBwKgBaQA1yPAAiVtu8RCBgAABAAUAAAAAAWcGYWxpY2RuA2NvbQAAAQABwAwABQABAADy0wAXAWcGYWxpY2RuA2NvbQdkYW51b3lpwA7AKgABAAEAAAGzAAQvWUHlwCoAAQABAAABswAEL1lBx8AqAAEAAQAAAbMABC9ZQcbAKgABAAEAAAGzAAQvWUHk"}
-00657{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":38,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"g.alicdn.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":479208,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KD5AAEARjrjAqAFpwKgBAcVlADUAKPnf1EwBAAABAAAAAAAABGRhdGEFd2VpYm8DY29tAAABAAE="}
-00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00655{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"dns": {"query":"data.weibo.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":479289,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="}
00489{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":488461,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"pkt":"eJKcD6iOkDVu60UQCABFAABiAABAAEARttDAqAEBwKgBaQA10NoATp++kZuBgAABAAIAAAAAA2xvZwZtbXN0YXQDY29tAAABAAHADAAFAAEAAAIfAAoDbG9nA2dkc8AQwCwAAQABAAAAIwAEjM2uAQ=="}
-00659{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00671{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"log.mmstat.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.174.1"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":488757,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8K\/hAAEAGEeTAqAFpjM2uAbzgAbtP+SHlAAAAAKACchCeNwAAAgQFtAQCCAoAQQodAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":488783,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8i2VAAEAGsnbAqAFpjM2uAbzhAbvMrYF4AAAAAKACchDB7gAAAgQFtAQCCAoAQQodAAAAAAEDAwc="}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":537120,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8pN1AAEAG2SPAqAFp3kkcYKUoAFA4Ca70AAAAAKACchCCVAAAAgQFtAQCCAoAQQopAAAAAAEDAwc="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":537807,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8GyhAAEAG7ETAqAFpL1lB5caPAbufLBEBAAAAAKACchAfvgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":537924,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8abpAAEAG1CHAqAFpjM2uAbzkAbvb32OTAAAAAKACchDQkgAAAgQFtAQCCAoAQQopAAAAAAEDAwc="}
00423{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":542677,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0g5JAADgGGG5dvIb2wKgBaQBQi944y47XgmYYDIAQAqTEEAAAAQEICgN2DUcAQQoD"}
00424{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":544415,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0uN1AADgG4yJdvIb2wKgBaQBQi9\/6KbWbZXHdMYAQAqMzvAAAAQEICgN2DUgAQQoD"}
@@ -241,11 +241,11 @@
00438{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":616097,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="}
00423{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":616160,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"}
00958{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":616324,"pkt_caplen":464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":464,"pkt_l4_len":430,"pkt":"kDVu60UQeJKcD6iOCABFAAHCdN9AAEAGHZPAqAFpXbyG9ovjAFD5+n7Rsmp19oAYAOUzpwAAAQEICgBBCj0Ddg1LR0VUIC90NS9yZWdpc3Rlci9qcy92Ni9wbC9iYXNlLmpzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBqcy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00801{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_tot_l4_data_len":542,"flow_min_l4_data_len":32,"flow_max_l4_data_len":430,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00811{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_first_seen":1463089073424,"flow_last_seen":1463089073616,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"js.t.sinajs.cn","url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
00423{"flow_id":34,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":635672,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"}
00407{"flow_id":34,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":635736,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"}
00683{"flow_id":34,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":635941,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"pkt":"kDVu60UQeJKcD6iOCABFAADwPQ5AAEAGyarAqAFpL1lB5caLAbuG5TcYPGq4OFAYAOU\/oAAAFgMBAMMBAAC\/AwOXT1\/apC0sseL9tClTjO1tCqBgMoC4vQJs2bkXrM\/zTQAAHMypzKjMFMwTwCvAL8AKwBTACcATAJwANQAvAAoBAAB6\/wEAAQAAAAARAA8AAAxnLmFsaWNkbi5jb20AFwAAACMAAAANABIAEAYBBgMFAQUDBAEEAwIBAgMABQAFAQAAAAAzdAAAABIAAAAQABcAFQJoMghzcGR5LzMuMQhodHRwLzEuMXVQAAAACwACAQAACgAIAAYAHQAXABg="}
-00719{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":20,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
+00730{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"g.alicdn.com","ja3":"58e7f64db6e4fe4941dd9691d421196c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,spdy\/3.1,http\/1.1"}}
01014{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":636839,"pkt_caplen":507,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":507,"pkt_l4_len":473,"pkt":"eJKcD6iOkDVu60UQCABFAAHtijNAADgGEBRdvIb2wKgBaQBQi+Gi04d6CaQcHYAYAqRRtQAAAQEICgN2DVsAQQoDSFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUaHUsIDEyIE1heSAyMDE2IDIxOjM3OjUzIEdNVA0KU2VydmVyOiBQV1MvOC4xLjM2DQpYLVB4OiBtcyBoMC1zNjUucDEtbXhwICggaDAtczc1LnAxLW14cCksIGh0LWQgaDAtczc1LnAxLW14cC5jZG5ncC5uZXQNCkVUYWc6ICI1NzMzMDI2ZS05ODZjIg0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT0xMjk2MDAwDQpFeHBpcmVzOiBUaHUsIDI2IE1heSAyMDE2IDEwOjAyOjAzIEdNVA0KQWdlOiAxMjgxNTANCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQpDb250ZW50LUxlbmd0aDogMzkwMjANCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC1mb250LXdvZmYNCkxhc3QtTW9kaWZpZWQ6IFdlZCwgMTEgTWF5IDIwMTYgMDk6NTk6MTAgR01UDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1PcmlnaW46ICoNCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"}
00423{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":636884,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7dAAEAGgEnAqAFpXbyG9ovhAFAJpBwdotOJM4AQAO3VvgAAAQEICgBBCkIDdg1b"}
02382{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":639524,"pkt_caplen":1502,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1502,"pkt_l4_len":1468,"pkt":"eJKcD6iOkDVu60UQCABFAAXQijRAADgGDDBdvIb2wKgBaQBQi+Gi04kzCaQcHYAQAqRcnQAAAQEICgN2DVsAQQoDd09GRgABAAAAAJhsABAAAAABDIAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABbAAAABsAAAAccu786UdERUYAAAGIAAAAHgAAACAA0QAET1MvMgAAAagAAABSAAAAYFot3LtjbWFwAAAB\/AAAAWEAAAHaxHpgAWN2dCAAAANgAAAANgAAAEYHCRXVZnBnbQAAA5gAAAT+AAAJljT\/p5VnYXNwAAAImAAAAAgAAAAIAAAAEGdseWYAAAigAACJ2QAA9qwE3clOaGVhZAAAknwAAAAxAAAANgoWnhhoaGVhAACSsAAAACAAAAAkCBEEkGhtdHgAAJLQAAABDQAAAfhg4iadbG9jYQAAk+AAAAFKAAABSj8VAKptYXhwAACVLAAAACAAAAAgAo0IyW5hbWUAAJVMAAABQgAAAjT68ZEZcG9zdAAAlpAAAAFDAAAB2tObVp1wcmVwAACX1AAAAJUAAACVx9PPgHicY2BgYGQAgjO2i86D6MsRa3mgNC8ASGQGRQB4nGNgZGBg4ANiCQYQYGJgBMLFQMwC5jEAAAtLANYAAHicY2BhYWT8wsDKwMA0k+kMAwNDP4RmfM1gzMgJFGVgY2YAgwYGBmYBBgQISHNNYTjAoPSMl7nhfwNDDHMDQyNQmBEkxyzJLAikFBgYAZtYDRQAAHicY2BgYGaAYBkGRgYQuALkMYL5LAw7gLQWgwKQxcWgzKDKoMtgyWDLEMVQxVDDUMewiGEJw3KGNQwbGHYxXGP4xvBfQe0Z7\/\/\/QD1KQLVaDAZAtY4MiWC1C4FqlzGsYlgPVLuf4QbDD6Bahv\/\/\/z\/8\/+D\/nf+3\/l\/\/f+X\/uf9n\/5\/5v+r\/yv8r\/i\/7v+T\/7P\/T\/0\/7P\/VBvtQ0qNuIBIxsDHANjExAggldAYhgZmFgBdFs7BycDAxc3Dy8fPwCgkLCQCERIBYVE5eQlJKWkZWTV1BUUlZRVVPX0NTS1tHVg5ihb2BoZGxiamZuYWllbWNrZ+\/g6OTs4urm7sHgyeDFEB0Tl5CRW1ReVlFVWV1bX9fQ2NzU0tre2dHV093fN2EiQ4gPgz8DQynEsNg8JNcFhDLU9IZ5B4HYgQxTGcKjchCSU5D9EZkYkRSfkpqWnJXNkFlQmA8UCoZKAQB\/KWRSAAAAeJxjYEADaQzBQNzGoMi4C8xSArKlme3\/H2ayZ3b8f4HBkbnhfz0QH2a6yuz8fzOEDwCJzxHuAAB4nJ1VaXfTRhSVvCTO5rYkMRTRdszEKY1GJmzBgAtBiu1CujgQWgm6yElMF\/4AH\/tZv+YptOf0Iz+t946XhJae0zbH0rtv5s7b9N5EHCMqfR6Ia9SRktd9Ka0\/lVLnWVzXdS+LlfT7cV22E09Ji6iVJEqqncGRXKJa7SjZJNgk43U\/Vs9Vlg2UzPfjFCuKe\/NEW0RbqZcmSeKJ4yeJFqcfD5MkkIJRsFNqDBBCOerHUtahzOjQq9cTcdNAikYjHnWUlw9CxZ3jarmwUQeMVKYymMs3y41sL0773uBREusEe9uPY2x4jH7sKpCSkQpsz+Jx+EQyG+3FUon8Y8d1ojSU2vACeGWDPQZV6ByK2zlIdwKZmaw5vs4rpUaqOpkesGw2S8djJUR58DdxKMWGHuzg7KzJy+WOuAPgikFOCiWKHpIFoMNEFqg9grYALZA5o\/4oOQd8HcKLLEapylIlizrUgcyb3f04n3V3kjVZGuqXgSyY3b149\/Fo0atjfdmuL5rcWYqexPnSUgT3ocz5CdMuNMJxxvk8cL6Al7g1rRAysgCj1Agz1Ba+Kxt1jbMT7I3P47F6gkx6iL+Xyq8HJxXLHWdZ74gbiXP32HVduApkCeGUO\/uxI0s6VCms\/l6tus6iE4ZZmi+WfHnhexeRf5Vx+4G8Y3KX8l2TFyjfM3mR8ozJS5Q="}
@@ -259,87 +259,87 @@
00424{"flow_id":38,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":759907,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xo+u1rhnnywRAoASOQgi\/AAAAgQFqAEBBAIBAwMJ"}
00407{"flow_id":38,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":759940,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoGylAAEAG7FfAqAFpL1lB5caPAbufLBECrta4aFAQAOWb5wAA"}
00550{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":760507,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"pkt":"eJKcD6iOkDVu60UQCABFAACPAABAAEARtqPAqAEBwKgBaQA1xdAAe7w5O9aBgAABAAMAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAHADAAFAAEAAAJYAAcEYWNqc8ATwC8ABQABAAABAAAhBGFjanMGYWxpeXVuA2NvbQNnZHMKYWxpYmFiYWRuc8AawEIAAQABAAAAbAAEKpy4Ew=="}
-00712{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":43,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00724{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":424,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16":"Suspicious DGA domain name"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"acjstb.aliyun.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"42.156.184.19"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":760679,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8np1AAEAG913AqAFpKpy4E8wvAbt9EpT8AAAAAKACchBGkwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":760724,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8jjVAAEAGB8bAqAFpKpy4E8wwAbsmFYRUAAAAAKACchCuNwAAAgQFtAQCCAoAQQphAAAAAAEDAwc="}
00562{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":763925,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"pkt":"eJKcD6iOkDVu60UQCABFAACYAABAAEARtprAqAEBwKgBaQA1hB4AhOXUkPeBgAABAAMAAAAABWxvZ2luBnRhb2JhbwNjb20AAAEAAcAMAAUAAQAAASwADAl3YWdicmlkZ2XAEsAuAAUAAQAAAMgAJgl3YWdicmlkZ2UGdGFvYmFvA2NvbQNnZHMKYWxpYmFiYWRuc8AZwEYAAQABAAAALwAEjM2qPw=="}
-00663{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":42,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00675{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":429,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"login.taobao.com","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"140.205.170.63"}}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":764453,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8woBAAEAGfx3AqAFpjM2qP7ppAbuaKMjiAAAAAKACchCy\/gAAAgQFtAQCCAoAQQpiAAAAAAEDAwc="}
00423{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":773608,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"}
00408{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":773636,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"}
00984{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":773797,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"pkt":"kDVu60UQeJKcD6iOCABFAAHUVdpAAEAGJo\/AqAFp3kkcYKUjAFC1h1\/fLdPI21AYAOWIKwAAR0VUIC9wdWJsaWMvZmlsZXMvaW1hZ2UvNjIweDMwMF9pbWc1NjUzZDU3YzZkYWIyLnBuZyBIVFRQLzEuMQ0KSG9zdDogdTEuaW1nLm1vYmlsZS5zaW5hLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvKiwqLyo7cT0wLjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="}
-00809{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_tot_l4_data_len":540,"flow_min_l4_data_len":20,"flow_max_l4_data_len":448,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00820{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"},"http": {"hostname":"u1.img.mobile.sina.cn","url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":788865,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":789999,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kDVu60UQeJKcD6iOCABFAAA8F+ZAAEAGKbjAqAFpjM2qP7prAbvY7h2OAAAAAKACchAfhQAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="}
00423{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"weibo.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1463089073,"pkt_ts_usec":885851,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"eJKcD6iOkDVu60UQCABFAAA0e6lAADgGIFddvIb2wKgBaQBQi+OyanX2+fqAX4AQAqSCEQAAAQEICgN2DmEAQQo9"}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_tot_l4_data_len":540,"flow_min_l4_data_len":20,"flow_max_l4_data_len":448,"flow_avg_l4_data_len":135,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00473{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_tot_l4_data_len":172,"flow_min_l4_data_len":47,"flow_max_l4_data_len":125,"flow_avg_l4_data_len":86,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_tot_l4_data_len":86,"flow_min_l4_data_len":35,"flow_max_l4_data_len":51,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_tot_l4_data_len":73299,"flow_min_l4_data_len":32,"flow_max_l4_data_len":4340,"flow_avg_l4_data_len":691,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_tot_l4_data_len":51833,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2904,"flow_avg_l4_data_len":719,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_tot_l4_data_len":21851,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":532,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_tot_l4_data_len":4259,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":327,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_tot_l4_data_len":34666,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":654,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_tot_l4_data_len":112,"flow_min_l4_data_len":32,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_tot_l4_data_len":21171,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1468,"flow_avg_l4_data_len":604,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_tot_l4_data_len":574,"flow_min_l4_data_len":32,"flow_max_l4_data_len":430,"flow_avg_l4_data_len":114,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_tot_l4_data_len":312,"flow_min_l4_data_len":20,"flow_max_l4_data_len":220,"flow_avg_l4_data_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00495{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_tot_l4_data_len":118,"flow_min_l4_data_len":40,"flow_max_l4_data_len":78,"flow_avg_l4_data_len":59,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_tot_l4_data_len":175,"flow_min_l4_data_len":38,"flow_max_l4_data_len":137,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_tot_l4_data_len":198,"flow_min_l4_data_len":41,"flow_max_l4_data_len":157,"flow_avg_l4_data_len":99,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_tot_l4_data_len":196,"flow_min_l4_data_len":40,"flow_max_l4_data_len":156,"flow_avg_l4_data_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00475{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00485{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_tot_l4_data_len":147,"flow_min_l4_data_len":39,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":73,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_tot_l4_data_len":174,"flow_min_l4_data_len":42,"flow_max_l4_data_len":132,"flow_avg_l4_data_len":87,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_tot_l4_data_len":1638,"flow_min_l4_data_len":43,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_tot_l4_data_len":1638,"flow_min_l4_data_len":43,"flow_max_l4_data_len":626,"flow_avg_l4_data_len":182,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_tot_l4_data_len":1293,"flow_min_l4_data_len":20,"flow_max_l4_data_len":655,"flow_avg_l4_data_len":143,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00523{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":20,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_tot_l4_data_len":64,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00522{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_tot_l4_data_len":1698,"flow_min_l4_data_len":33,"flow_max_l4_data_len":399,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_tot_l4_data_len":1698,"flow_min_l4_data_len":33,"flow_max_l4_data_len":399,"flow_avg_l4_data_len":121,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_tot_l4_data_len":34806,"flow_min_l4_data_len":32,"flow_max_l4_data_len":2904,"flow_avg_l4_data_len":440,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_tot_l4_data_len":166,"flow_min_l4_data_len":43,"flow_max_l4_data_len":123,"flow_avg_l4_data_len":83,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00472{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_tot_l4_data_len":43,"flow_min_l4_data_len":43,"flow_max_l4_data_len":43,"flow_avg_l4_data_len":43,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1463089073394,"flow_last_seen":1463089073773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":428,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1463089073286,"flow_last_seen":1463089073393,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":78,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_first_seen":1463089070757,"flow_last_seen":1463089070841,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":70,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1463089071730,"flow_last_seen":1463089071755,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":106,"flow_first_seen":1463089072445,"flow_last_seen":1463089073885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4308,"flow_tot_l4_payload_len":69723,"flow_avg_l4_payload_len":657,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":72,"flow_first_seen":1463089072445,"flow_last_seen":1463089073773,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":49381,"flow_avg_l4_payload_len":685,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":41,"flow_first_seen":1463089072445,"flow_last_seen":1463089073819,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20463,"flow_avg_l4_payload_len":499,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":13,"flow_first_seen":1463089073319,"flow_last_seen":1463089073551,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":3815,"flow_avg_l4_payload_len":293,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":53,"flow_first_seen":1463089073321,"flow_last_seen":1463089073852,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":32930,"flow_avg_l4_payload_len":621,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_first_seen":1463089073322,"flow_last_seen":1463089073383,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":35,"flow_first_seen":1463089073334,"flow_last_seen":1463089073893,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":20023,"flow_avg_l4_payload_len":572,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_first_seen":1463089073424,"flow_last_seen":1463089073885,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":398,"flow_tot_l4_payload_len":398,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"}}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_first_seen":1463089071994,"flow_last_seen":1463089072138,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1463089069330,"flow_last_seen":1463089069374,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00528{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_first_seen":1463089070086,"flow_last_seen":1463089070131,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.78","src_port":58481,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_first_seen":1463089073479,"flow_last_seen":1463089073635,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_first_seen":1463089073537,"flow_last_seen":1463089073759,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50831,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1463089073764,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47721,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1463089073789,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073488,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":70,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53466,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073478,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52271,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1463089073760,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1463089073788,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_first_seen":1463089072333,"flow_last_seen":1463089072444,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":182,"flow_avg_l4_payload_len":91,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_first_seen":1463089072885,"flow_last_seen":1463089073423,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":90,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1463089073424,"flow_last_seen":0,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_first_seen":1463089072046,"flow_last_seen":1463089072070,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48352,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1463089073488,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1463089073537,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_first_seen":1463089071551,"flow_last_seen":1463089071612,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":131,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1463089073289,"flow_last_seen":1463089073763,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":9,"flow_first_seen":1463089067804,"flow_last_seen":1463089068491,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":618,"flow_tot_l4_payload_len":1566,"flow_avg_l4_payload_len":174,"midstream":0,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":9,"flow_first_seen":1463089070841,"flow_last_seen":1463089071891,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":635,"flow_tot_l4_payload_len":1081,"flow_avg_l4_payload_len":120,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1463089070841,"flow_last_seen":1463089071198,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00531{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1463089071008,"flow_last_seen":1463089071348,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1463089071046,"flow_last_seen":1463089071094,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"Google","breed":"Tracker\/Ads","category":"Web"}}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":14,"flow_first_seen":1463089070755,"flow_last_seen":1463089072356,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":391,"flow_tot_l4_payload_len":1586,"flow_avg_l4_payload_len":113,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1463089073479,"flow_last_seen":0,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1463089073394,"flow_last_seen":0,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test"}
diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out
index 5f08502a1..ea785634f 100644
--- a/test/results/whatsapp_login_call.pcap.out
+++ b/test/results/whatsapp_login_call.pcap.out
@@ -1,5 +1,5 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582222253,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582222253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":253233,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"}
00669{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":267722,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="}
00435{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":410350,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5UAAC8G15ARrGRGwKgCBAPhwC9SU4\/IiD0hRoAQAJuGIAAAAQEIChCVDjkt+hrr"}
@@ -14,22 +14,22 @@
00555{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":979483,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"APS5Jrv0xiwDYGpkCABFAACJe5oAAC8G1zYRrGRGwKgCBAPhwC9SU5ByiD0iSoAYAKSgIQAAAQEIChCVEHEt+hznFwMBAFCtvnfrK9W8csZyaRAqhhwM779PgNd13t6vk7iEynuhQJQYVoJiyLFZrJoCWOuxGMkITWEMbq3652zhoLq6TizXutNWuKDwXoHBir8QQWsZJg=="}
00438{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":981192,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0BYdAAEAG\/J7AqAIEEaxkRsAvA+GIPSJKUlOQx4AQH\/pfwQAAAQEICi36HbAQlRBx"}
00586{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582222,"pkt_ts_usec":990976,"pkt_caplen":172,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":172,"pkt_l4_len":138,"pkt":"xiwDYGpkAPS5Jrv0CABFAACe5npAAEAGG0HAqAIEEaxkRsAvA+GIPSJKUlOQx4AYIAAD\/gAAAQEICi36HbkQlRBxFwMBACA\/7+3k7ZQjshHNa4itk6LszWuSq0aRWA5QYTHlnF6tcxcDAQBAYDyOCcbXfuBhhdQ6FBKZ7lY374AO+D+PP\/LzHlV4aO1uUVyhZ6T4rrDUq0Bl+2rt3zsLYU4a2Cg7iD82mR9Elw=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582223075,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582223075,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00418{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":75943,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoimtAAEAGmaXAqAIEEZpCecAOAbvaSAv6foHOKFARQABkXQAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432582223077,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432582223077,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":77297,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowYpAAEAGYpDAqAIEEZpCb8ALAbvQPf\/UHJzPWVARQADbTgAA"}
00436{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":135004,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0e5sAAC8G14oRrGRGwKgCBAPhwC9SU5DHiD0itIAQAKR+CgAAAQEIChCVEQst+h25"}
00420{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":271314,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo1rsAAPAG3V4RmkJvwKgCBAG7wAscnM9Z0D3\/1VARCf8RTwAA"}
00419{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":276650,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAos7EAAPAGAF8RmkJ5wKgCBAG7wA5+gc4o2kgL+1ARCf+aXQAA"}
00420{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":379275,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoD6pAAEAGFHHAqAIEEZpCb8ALAbvQPf\/VHJzPWlAQQADbTQAA"}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582223,"pkt_ts_usec":379519,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/GpAAEAGJ6bAqAIEEZpCecAOAbvaSAv7foHOKVAQQABkXAAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432582224208,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432582224208,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":208142,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoKQFAAEAG+w\/AqAIEEa1CZsARAbueE\/YokxpP+1ARQAAf9QAA"}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582224210,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582224210,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00436{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":210874,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05xtAAEAGq+\/AqAIEXbqHUsAVAFCuhm774V0pFoARIEWaRQAAAQEICi36IndY+IKz"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582224230,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582224230,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":230305,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA05uBAAEAG5SDAqAIEFzKU5MAUAbtLz6It0ZnyqIARIAAW8QAAAQEICi36IooRXfsX"}
-00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582224235,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582224235,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00435{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":235628,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0IU9AAEAGJv3AqAIEBbIqGsAWAFB5Ls3ledN1n4ARIFCQkQAAAQEICi36Io9kkidZ"}
00436{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":238952,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0pWwAADkGNJ9duodSwKgCBABQwBXhXSkWroZu\/IARAeZAKgAAAQEIClj4+ywt+iJ3"}
00435{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":240462,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA06DdAAEAGqtPAqAIEXbqHUsAVAFCuhm784V0pF4AQIEUhrwAAAQEICi36IpNY+Pss"}
@@ -41,11 +41,11 @@
00435{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":264733,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0QQVAAEAGB0fAqAIEBbIqGsAWAFB5Ls3medN1oIAQIFAZNgAAAQEICi36Iqlkkp6Z"}
00420{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":347733,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAopJIAAO4GEX4RrUJmwKgCBAG7wBGTGk\/7nhP2KVARCf9V9QAA"}
00421{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582224,"pkt_ts_usec":417934,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoVthAAEAGzTjAqAIEEa1CZsARAbueE\/YpkxpP\/FAQQAAf9AAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582225313,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582225313,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":313229,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAobpJAAEAGk7DAqAIEEaxkNcAXAbvFrXCYlCt1nlAR\/\/91YwAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582225324,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582225324,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00421{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":324066,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhRAAEAGoCzAqAIEEaxkN8ANAbtmBk0BJP5uJ1AR\/\/9vTgAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582225329,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582225329,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00420{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":329255,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoYhlAAEAGezvAqAIEEYKJTcAYAbvMgisCtJzpXFARQAC7BQAA"}
00420{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":380288,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAohYkAAPIG5coRgolNwKgCBAG7wBi0nOlczIIrA1AREADrBAAA"}
00420{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":381763,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoSmNAAEAGkvHAqAIEEYKJTcAYAbvMgisDtJzpXVAQQAC7BAAA"}
@@ -53,35 +53,35 @@
00421{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":468458,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqzoAAO4G6QURrGQ3wKgCBAG7wA0k\/m4nZgZNAlARn\/7PTgAA"}
00421{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":533202,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoGflAAEAG6EnAqAIEEaxkNcAXAbvFrXCZlCt1n1AQ\/\/91YgAA"}
00421{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582225,"pkt_ts_usec":533373,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAooItAAEAGYbXAqAIEEaxkN8ANAbtmBk0CJP5uKFAQ\/\/9vTQAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432582227526,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432582227526,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":526441,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"xiwDYGpkAPS5Jrv0CABFAABBdxsAAEARfjvAqAIEwKgCAcq5ADUALb4mNPgBAAABAAAAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAQ=="}
-00644{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432582227526,"flow_last_seen":0,"flow_tot_l4_data_len":45,"flow_min_l4_data_len":45,"flow_max_l4_data_len":45,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00656{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432582227526,"flow_last_seen":0,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00687{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":594651,"pkt_caplen":251,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":251,"pkt_l4_len":217,"pkt":"APS5Jrv0xiwDYGpkCABFAADtqMoAAEARS+DAqAIBwKgCBAA1yrkA2SFYNPiBgAABAAkAAAAABXF1ZXJ5A2VzcwVhcHBsZQNjb20AAAEAAcAMAAUAAQAASFYAIAVxdWVyeQllc3MtYXBwbGUDY29tBmFrYWRucwNuZXQAwDEAAQABAAAAOwAEEbJoDMAxAAEAAQAAADsABBGyaA7AMQABAAEAAAA7AAQRsmgnwDEAAQABAAAAOwAEEbJoJsAxAAEAAQAAADsABBGyaA3AMQABAAEAAAA7AAQRsmgPwDEAAQABAAAAOwAEEbJoC8AxAAEAAQAAADsABBGyaBA="}
-00673{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":45,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432582227595,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00685{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Apple","breed":"Safe","category":"Web"},"dns": {"query":"query.ess.apple.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"17.178.104.12"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432582227595,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":595809,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+I5EAAEAR0cjAqAIEwKgCAcveADUAKv\/L36MBAAABAAAAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432582227595,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432582227604,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432582227595,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432582227604,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":604482,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZF5AAEAGme\/AqAIEEbJoDMAxAbvjm5\/WAAAAALAC\/\/9XjAAAAgQFtAEDAwQBAQgKLfovrgAAAAAEAgAA"}
00625{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":624839,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+d\/oAAEARfN\/AqAIBwKgCBAA1y94AqhSs36OBgAABAAgAAAAAA2UxMwh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAC20ABJ5V6TTADAABAAEAAAttAASeVTpKwAwAAQABAAALbQAEuK2zJ8AMAAEAAQAAC20ABJ5VOnfADAABAAEAAAttAAS4rbMlwAwAAQABAAALbQAEnlU6M8AMAAEAAQAAC20ABK4k0i3ADAABAAEAAAttAASeVQXI"}
-00680{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":42,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432582227643,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00691{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":51,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e13.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"158.85.233.52"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1432582227643,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":643274,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABACXVAAEAGAsTAqAIEuK2zJcAyFGaCPuKZAAAAALAC\/\/9xPwAAAgQFtAEDAwQBAQgKLfov1AAAAAAEAgAA"}
00451{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":797145,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8rYsAADQGqrG4rbMlwKgCBBRmwDLYm8Xcgj7imqAS\/\/9JMQAAAgQFrAEDAwkEAggKD\/GKmy36L9Q="}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432582227884,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1432582227884,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00455{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":884677,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAKwpAAEAG00HAqAIEEbJoDsAzAbunfDOjAAAAALAC\/\/\/+yQAAAgQFtAEDAwQBAQgKLfowvwAAAAAEAgAA"}
00436{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":885449,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0779AAEAGHIXAqAIEuK2zJcAyFGaCPuKa2JvF3YAQIFhWrQAAAQEICi36MMYP8Yqb"}
00438{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":886313,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0rZoAAO4G4r4RsmgMwKgCBAG7wDE71dh745uf14ASH\/64\/gAAAgQFoAEDAwQBAQQC"}
00421{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":887645,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo79dAAEAGDo7AqAIEEbJoDMAxAbvjm5\/XO9XYfFAQQADZtwAA"}
00684{"flow_id":13,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582227,"pkt_ts_usec":896350,"pkt_caplen":244,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":244,"pkt_l4_len":210,"pkt":"xiwDYGpkAPS5Jrv0CABFAADm\/b5AAEAG\/+jAqAIEEbJoDMAxAbvjm5\/XO9XYfFAYQAAWUgAAFgMBALkBAAC1AwNVY3hTkWg+eTHwOUaw54SWwWf9D1HPpzrAyt\/Q2NH3agAASgD\/wCTAI8AKwAnACMAowCfAFMATwBLAJsAlwAXABMADwCrAKcAPwA7ADQBrAGcAOQAzABYAPQA8ADUALwAKwAfAEcACwAwABQAEAQAAQgAAABgAFgAAE3F1ZXJ5LmVzcy5hcHBsZS5jb20ACgAIAAYAFwAYABkACwACAQAADQAMAAoFAQQBAgEEAwIDM3QAAA=="}
-00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":20,"flow_max_l4_data_len":210,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00779{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_first_seen":1432582227604,"flow_last_seen":1432582227896,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00436{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":41916,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0MLsAADQGJ4q4rbMlwKgCBBRmwDLYm8Xdgj7imoAQAgJ0EAAAAQEICg\/xi44t+jDG"}
00437{"flow_id":15,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":152588,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0UDkAAO4GQB4RsmgOwKgCBAG7wDON4auhp3wzpIASH\/48GwAAAgQFoAEDAwQBAQQC"}
00420{"flow_id":15,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":167635,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoC8AAAEAGMqTAqAIEEbJoDsAzAbunfDOkAAAAAFAEAADWZAAA"}
02369{"flow_id":13,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":180686,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"APS5Jrv0xiwDYGpkCABFAAXIrZwAAO4G3SgRsmgMwKgCBAG7wDE71dh845uglVAYCgbCZAAAFgMDDU4CAABNAwNVY3hUdBSmIsuRSfKUkSKfJawGUTPdCW2wlAc+B2NhsCAEgWdpsy6+A4+ZhL8Tkx4bi2N8e1FKAmfseEZ9Bgb9VAAEAAAF\/wEAAQALAAz1AAzyAAQuMIIEKjCCAxKgAwIBAgIIQV3GMSw7NA4wDQYJKoZIhvcNAQELBQAwbTEnMCUGA1UEAwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTUwNTA2MDEwOTQ3WhcNMTYwNjA0MDEwOTQ3WjBXMRgwFgYDVQQDDA8qLmVzcy5hcHBsZS5jb20xGTAXBgNVBAsMEElTRyBEZWxpdmVyeSBPcHMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4aHlPz8zEr2\/OlryJSjAdm3sBeBzxOb\/IYmo5gsM\/DRfPN4PDf\/LrTFueEMTiR1M5eH6brzPM75EM9O6pYBeSfzTeLrmzkrQKWAysaI+eWoj+0wnQMFSNCiK1eEGkr56WF5QbZQwBgXQ7UW332Ww5HOZX7ppN9mzT+UcRSwZ+eJ1dFDZ46Ie+bEJOBHexWMO+bjrT6T5lFV0oxGUlGiQ98q6BwqpSmIGFuXz7+dKT+4GA0iO\/RHQmq65u82gk8zLaBnGTQJkGs5aM0NxfMtOiLhzTLaaEt6YpqlVE\/7HORmtYFJLNt4ZqIUGIEb3QhUF\/fhRt4KhGl5TGt58qtS9zwIDAQABo4HjMIHgMB0GA1UdDgQWBBTnAJO\/qk1G34wBscywcpJsl6a9yzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCzFbVLdMe+M7AiB7d\/cykMARQHQMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlc2VydmVyYXV0aGNhMS5jcmwwDgYDVR0PAQH\/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBoGA1UdEQQTMBGCDyouZXNzLmFwcGxlLmNvbTARBgsqhkiG92NkBhsEAgQCBQAwDQYJKoZIhvcNAQELBQADggEBAB8k4DiGeRhLlP0hiINVbMh3H\/n8I\/7a3QFwAzuim\/AqtI+nIHxJH9NO4z4fgiGpCmBe\/QTEz8LJghnPNsXdqhe0gJgoTFI0K4Zk73j1Y1F1yNiMcbd\/xxPUPif8gSiJElgVmq0j5wge8856CEIqaCvJHXfCSs\/S5UI5uLwzRe2Kt40codzp8blUE\/XjzKPR4zqaDMlWxOzMadpoEjn9BtvP9skUbgmpAX\/guSHB2LDg6qwkf8Y7BJnIo0mmhs0vmssvJlDDhl0pZUqjnW2QtO8df6+a\/l6hO8\/uod6Yasaqu86iEOd8YqJaCL68F6utzwMb9ZRPgkQL0Z\/oLSgCiMkAA\/wwggP4MIIC4KADAgECAggjaXQErcuDFDANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzETMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMTQwMzA4MDE1MzA0WhcNMjkwMzA4MDE1MzA0WjBtMScwJQYDVQQDDB5BcHBsZSBTZXJ2ZXIgQXV0aGVudGljYXRpb24gQ0ExIDAeBgNVBAsMF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQsw"}
02363{"flow_id":13,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":181807,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"APS5Jrv0xiwDYGpkCABFAAXIrZ4AAO4G3SYRsmgMwKgCBAG7wDE71d4c45uglVAYCgYtoQAACQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALkmFrDLh6txFZKO36o+4YDXU7qkYMx8hXL3MHwJT1cNSv\/hXslLUBMCZLG9OTXR1wRRwRj6Ivqu35gY1r9OTUMQ+iWIn9NAhXblIoG2VEVzmovjnEgahnrDUeLalfikfdsw3mwOxMX1bJjnpvpXIB0Zc3oOzWMPtyeILuGaaIK4QGxjFiRmK+ey4lR954g5ohuBPgLTOdiXd0oyDNYKCrMEm\/Fyb2OoFR5sN+gP21OQ1ilcvGpXm0Z4Cj4k6po\/odg\/9dtuqGyCtd2ZOOySVpSmxXMm0a4IssZS5452S4m4VA9u4NlC2yplh0YUu5a4V7tR5oQT9w2htomsfNEhdKsCAwEAAaOBpjCBozAdBgNVHQ4EFgQULMVtUt0x74zsCIHt39zKQwBFAdAwDwYDVR0TAQH\/BAUwAwEB\/zAfBgNVHSMEGDAWgBQr0GlHlHYJ\/vRrjS5ApvdHTX8IXjAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vY3JsLmFwcGxlLmNvbS9yb290LmNybDAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCDAQCBQAwDQYJKoZIhvcNAQELBQADggEBACPxBn5QQYGiXtNwpEmRr9jMZ4yhJX3EmpM5L9hp+xtBW0TX2WvLOyUJGvL048ec6LBb8N\/dIiURFZO5SV7aDGZ6Xtdv8GPUZYzEelR9Vk9lmv3axLLIsLihy33gR6hAFbgWGe1bYY7fqtDN0jrAfjqfIk7f3\/ROGs2T\/9DwRVVkMz7U5dpooBOKdjAn1L\/4Hnb2+cMA77GD6lNtXDXHDQcBuvhhuf7FmmtDYYED67pfcJ3ob5QkS9zOkqguojU840ngFnei3Gu5jRhCuTaWQzLGy3aZNTbYVsaYXcNvpX6VwtV6CgIgZniS8mekIw3oCb3MITEQoL2+td1M3UYDmZkABL8wggS7MIIDo6ADAgECAgECMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSYwJAYDVQQLEx1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEWMBQGA1UEAxMNQXBwbGUgUm9vdCBDQTAeFw0wNjA0MjUyMTQwMzZaFw0zNTAyMDkyMTQwMzZaMGIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBcHBsZSBJbmMuMSYwJAYDVQQLEx1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEWMBQGA1UEAxMNQXBwbGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOSRqQkfkdseR1DrBe1eeYQt6zaiV0xV7IsZid75S2z1B6siMALoGD74UAnTf0GomPnRymacJGsR0KO75Bsqwx+VnnoMpEeLW9QWNzPLxA9NzhRp0ckZcvVdDtV\/X5vyJQO6VY9NXQ3xZDUjFUsVWR2zlPf2nJ7PULrBWFBnjwi0IPfLrCwgb3C2PwEwjLdDzw+dPfMrSSgayP7OtbkO2V4c1ss9tTqt9A8OAJILsSEWLnTVPA3bYharo3GSR1NVwa8vQbP4++NwzeajTEV+H0xrUJZBicR0YgsQg0GHM4qBsTBY7FoEMoxos48d3mVz\/2deZbxJ2HafMxRloXeUyS0CAwEAAaOCAXowggF2MA4GA1UdDwEB\/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH\/MB0GA1UdDgQWBBQr0GlHlHYJ\/vRrjS5ApvdHTX8IXjAfBgNVHSMEGDAWgBQr0GlHlHYJ\/vRrjS5ApvdHTX8IXjCCAREGA1UdIASCAQgwggEEMIIBAAYJKoZI"}
01138{"flow_id":13,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":181842,"pkt_caplen":585,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":585,"pkt_l4_len":551,"pkt":"APS5Jrv0xiwDYGpkCABFAAI7raAAAO4G4LERsmgMwKgCBAG7wDE71eO845uglVAYCgZzcAAAhvdjZAUBMIHyMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5hcHBsZS5jb20vYXBwbGVjYS8wgcMGCCsGAQUFBwICMIG2GoGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wDQYJKoZIhvcNAQEFBQADggEBAFw2mUwteLftjJvc83eb8nbSdzBPwR+Fg4UbmT1HN\/Kpm0COLNSxkBLYvvRzm+7SZA\/LeU802KI++Xj\/a8gH7H05g4tTINM4xLG\/mk8Ka\/8r\/FmnBQl8F0BWER5007eLIztHo9VvJOLr0bdw3w9F4SfK8W147ee1Fxeo3H4iNcol1dkP1mvUoiQjEfehrI9zgWDGG1sJL5Ky+ERI8GA4nhX1PSZnIIozavcNgs\/e66Mv+VNqW2TAYzN39zoHLFbr2g8hDtq6cxlPtdk2f8GHVdmnmbkyQvvY1XGefqFStxu9k0IkEirHDx22TZxeY8hLgBdQqorV2uT80AkHN7B1dSEOAAAA"}
-01089{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_tot_l4_data_len":3777,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":539,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}}
+01100{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":64,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":7,"flow_first_seen":1432582227604,"flow_last_seen":1432582228181,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3601,"flow_avg_l4_payload_len":514,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"query.ess.apple.com","server_names":"*.ess.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5","issuerDN":"CN=Apple Server Authentication CA, OU=Certification Authority, O=Apple Inc., C=US","issuerDN":"CN=*.ess.apple.com, OU=ISG Delivery Ops, O=Apple Inc., C=US","fingerprint":"BD:E0:62:C3:F2:9D:09:5D:52:D4:AA:60:11:1B:36:1B:03:24:F1:9B"}}
00420{"flow_id":13,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":182384,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoyh1AAEAGNEjAqAIEEbJoDMAxAbvjm6CVO9XeHFAQP6bTswAA"}
00420{"flow_id":13,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":183212,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAocERAAEAGjiHAqAIEEbJoDMAxAbvjm6CVO9XjvFAQP0zObQAA"}
00422{"flow_id":13,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":183687,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoNoZAAEAGx9\/AqAIEEbJoDMAxAbvjm6CVO9Xlz1AQPyrMfAAA"}
@@ -89,9 +89,9 @@
00784{"flow_id":13,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":224032,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"xiwDYGpkAPS5Jrv0CABFAAEz02hAAEAGKfLAqAIEEbJoDMAxAbvjm6CVO9Xlz1AYQACwxgAAFgMDAQYQAAECAQDIayX5ZEqo1qjKYhdyEGA\/OiCn6ILW94+JGPEhgOQzSSDnvNCGi8y3yuKRWkYBBPSQKMh5lQARLBH5UCWrlCc85zv0asxv3cNBRmcZqvd4R854PQfkzedbgk2jp0nBjv3YFV6q1h5lNKm+abaKLwX+mdh8O9wPBdz0ADox0+zqIWw9JitsQSiPvptAMP2uAWPNsgvY6Vuyb\/9K7wi7fxmYt5+OypWMyHRXjcx+j7oH8CqfretEuMV5xfKW2Ipx6tH39erTK\/3m6F\/rYdALhF11zAntD6uRc9UrvvnxiXTVnG4xehvvcj0LoY5SyWDmbIpdVa8sTbrojMn7CfychKtm"}
00429{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":224272,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAuVNlAAEAGqYbAqAIEEbJoDMAxAbvjm6GgO9Xlz1AYQACyiQAAFAMDAAEB"}
00473{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":224579,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"xiwDYGpkAPS5Jrv0CABFAABNWmZAAEAGo9rAqAIEEbJoDMAxAbvjm6GmO9Xlz1AYQAATxgAAFgMDACA3Q1MaR5Nc353X8bvllgqbFo0TH+B3HGCqk6tLCTZrTg=="}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432582228503,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432582228503,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02390{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":503997,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXUnXJAAEAG3ojAqAIEEW7lDsApFGe4aEuG1IsaTIAQIAA3PgAAAQEICi36MxJvhmvfFwMBACDgnfLWgV8g\/pw7jjX\/\/3ZDH1tB+gK1jE9k\/rmu6RmKPhcDAQdQwvKiQZwynx6ML8uHDg8WgbZIBNPdSiBPAiHm7VZMSxjHJ7BGJ8hRCNCOXC6LyliytHBkvL\/WQAE0iyMMgIlOMed9vHW1FQrPwtxifubqT35jWP9Nwm9hOQ2sUXPF6J6ZcqeRRxjts4LAxUp+ZVHbqO88UycvtArFRoKmsjwuTsOHFL0h\/BX9z3nWEUxaS9mVyhudzOuBlhf3aNgcppeJ3Mr6DsSPYDWrJ1Ko6GUQ6Mz7WhKyRp+OhCR+8vNcJ+2CIpa9aPiStGZvZFFuJ5eoJiBK6lrgPDyxxPa\/Z82Zx7iZHY+\/ajmPTXvQU4j7rC5OlL\/ZO1JkHVVmXmK1\/n5cUDYPvmxuWKEEWDx8eNxgRC58OMj0i5sHQHDG+ZLwIW4R3Ebyfp++7DjTwhy7uHM9lVzOAa6qgVVbeWZWLm5Zp4udgSHyIGs6plbNOhN8Lb7TTV3BFKBjCbwxtnCR+8lPTlOVAewtoM48Z0qRSJODl9LDmyJOnkTl+LQlbM7hWhZq\/VVyYDivHB+RnYZFdt7ZvWbMsFi9dXD6LjMsdLkj0RU\/SFA5gXvUGWy9x04Yo\/WqRH7ng0WIs\/oAxdVKAH0RL\/egfgAwRrcRgu3dPMqb8b19+PmNfa+WFGFnW0JLuexKCM9POmeD5yw6nk\/ac9Raq2rKcykqXxndrastmOjTbplC4qeRqr0LASV9tRAtG4WvYwC\/dfTiBawq859mBNGrglJvult9KPMKQPFULDG6x+KBv4eYpxjRc54qoabZQMWqqc+\/C0Emvy+eYJXsquvu+83ilyZ2N5sYlJ92HKH8JfE8JTIg5o3c9zLm5ZWhw8+NmQMwd0i5bU9vg06cROWuAG\/JN1YaR0pdUTITubm5mlduwzPQc2BVmXII2GZu105+s7qlJpQzMmRVjoqYtbOeWHJKIQ4UQdZCqzpz4AcWUN7LNHzsfvI5B8mXgc+B7aL8Y8jc2YqBmFk1dHfnjKeYCxGmRBZHJy7WbY9uViabjXvTq6pmYIGh+8lsYGwBwhWNapwWuc8Bw0b65ZKVGVcMKolOabscbWi+EYPJjuvFKgqZscrMC1dXZUtfdGPsPdXUlxbBMQ2Kup7KMqRXjqDlL2rJPpRC\/J6FfjQ+IKNfM\/RVAKV8teQWPRPthAH1FIrtEy51cDQixMgza8uftMRBKRfqEYXF7XVD5164o\/Mck2RudrQlyQmifMkcXuuW1kb2sTQoTz3p0Ox09YvEjxH+5SXf2MqAQ5cwiqd8fGHwSVuprE4y5B+B+0nEsRucTP\/97X6ZaOAcSRCuPQgdHN1NHCSQ8002IEFsPCRXQaWhb\/8KMjfJXXs1I3Eouoy5fGg9Eon7zV6InzJDOtmcVxRzUBgfDR1DGBIMOusKSnnAX1htfNBhCsM31KRySVA9BnU7p8tKS\/3BfJCTQQBoGTP2MoOxAiFKkSgXEh3w0kC\/x4kpimxmzxtGXOOQBZWNBgxyNTYgb0Sf9nOE+sqmGbSG7xueIM5u7Dd864xcMPmVsE1VcOkz2PMHbXIHe+roLyX2aqyb6Yu22cChJiPbSlY+mRr9siD+E7u3KnznXJcpEJBSd3utMm4QryOQBR9FCdalU2IyjVmAb148IpK6Ghgjmw7oVrHdCZXaVw+zfL1FhqC9Bd1VFHiBGm211UlGgrjedJW7mv5NM2z0cPLUMCaZycFw6G4KQN6aDAE1rL1eqhrIxxsuhCw0HsrKiJLLdGsa1+3Rf\/uEKt1c0Ng9dAzkrCJEwEwHx3trkLyhj9\/ja7mEqYBSp5Sx0mCtwBbfi6wnI8gTgb3WlgH0Ha3ke8bRCbeKw4dCUR0GSPUQYm4lO6VKKERImy3aoUDOHbtquSKZKUtb1hVt"}
-00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432582228503,"flow_last_seen":0,"flow_tot_l4_data_len":1472,"flow_min_l4_data_len":1472,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":1472,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00541{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1432582228503,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
01083{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":504689,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIO1F9AAEAGq2HAqAIEEW7lDsApFGe4aFEm1IsaTIAYIACssAAAAQEICi36MxJvhmvfY2JtdD6CZ3s26zaizYDBa1\/xV9+nfluOxtxa1tx195Jafsz52yXEOESrPvfo4L8JAAp0DYIaansHyOlB83T10iMEgMWpntVaGhVYz7Ui4c09FkbWN9q+65\/aqUq4TUrgzMyqE5QUWhXZSc\/uGC0icKHu+b2FL4NHGUs7nYDs8Xc0v0flHk5486jecRIc\/ROiqHyACG3C0wwDLYD5dPHsc+oO3YTdMQHp\/Y5aWShkoF9bF0dA6YegCOYLbVQKFU7DAdWxqhRRjje8xXf+tC7iVD+agcMxzHZHBdPvzUlsa6Hnp2KvOrzs9LBI3\/AlWnTDSOZNp+mWgK4MB2zxE5cEBsbimybYF8snsRtPtIBkMUfF1XAd9wg4sSCboXV1ik63xPuzTMdOxIRWWE26PTSksHKRu47JqvdF18Y85LvvQvIIft9jAMxZNM1JpDNK3xHTwcbI8OJ5ZzkwaDArtx1Yo+du+Za4kNeW1j1f7jlL58\/xs\/9pH231BKAPZrpjtiVLnSRVafACBd5M5lgbO1u\/aSBlmIQ\/UK6DM\/jen1DGM+xWiz3ABAYXKSpL6XfsJZ+dpwtcFktAw18x3fF8GSC0\/zgV+SA55WfIkN+qTLtYiq6ct7jHTceCT8cS"}
00422{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":508223,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoraEAAO4G4sMRsmgMwKgCBAG7wDE71eXP45uhoFAQC17\/PQAA"}
00667{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582228,"pkt_ts_usec":593505,"pkt_caplen":232,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":232,"pkt_l4_len":198,"pkt":"xiwDYGpkAPS5Jrv0CABFAADaxo9AAEAGRQ\/AqAIEuK2zJcAyFGaCPuKa2JvF3YAYIFhpewAAAQEICi36M4IP8YuOV0EBBQAAGvgFAaWRifwSaVBob25lLTIuMTIuMi01MjIyAAAZ+AKc+AT4AfwHcHJpdmFjefgBgPgBQPgBeAAAZvgGDFa\/tfwMMzkzNDczNDYxNzY4\/FDnfdSrPKM74AGKPNBrlW1TfHbZeaW2yRg64tGyV9Kd9BO9DsNhrwFxgzcWR1a2B5R5W\/LKjd9DViwtNGRDni5Svuydo8TYyRQPuhQyiTrekA=="}
@@ -118,15 +118,15 @@
00562{"flow_id":16,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":138111,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"pkt":"xiwDYGpkAPS5Jrv0CABFAACOOwNAAEAGRj7AqAIEEW7lDsApFGe4aFnU1IsbNoAYIABSOgAAAQEICi36OXlvhpIhFwMBACBYGpMgxLI\/XOlvDAO1YmBcJuuAqZND0LWK6E2nesgBchcDAQAwGK4hHmiB9gR3xDxlj3xXanaYSvfNpgsrWjqiCYvT+mpqxvi3OYqgTKjf9iJyrVxa"}
00756{"flow_id":16,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":190452,"pkt_caplen":300,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":300,"pkt_l4_len":266,"pkt":"APS5Jrv0xiwDYGpkCABFAAEeJukAAC8GqsgRbuUOwKgCBBRnwCnUixs2uGhZ1IAYAUkTjwAAAQEICm+GkqEt+ji6FwMBACDfcHM4dLo++G90ERAFFxzA222gLV2VS4glm957e0qOUhcDAQDAZ9x1fq9BnzAIDFQdn8QUIu\/zzjVU031GhI4CjUFGJaIOPA5INw42aR2LN+lHAxXoHM0+waT2ktoqx8f6PnoFzitPiZWZrKwMW8JuL\/OGDiDBMAiZTfaeyB5EQNXDVfkkEuTAXfG1h5fPTAYw5xsO8bUUWBQW9V7PO\/A8IBaSFDBI1TVa2GWzyEiu0UW5DGF+z9cX2afRExak8V7zquk1H0QLWF9VMvSFKkFlVbX1AqL86NmHxKhdXXuk+LjgXy+o"}
00440{"flow_id":16,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":191819,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0FmJAAEAGaznAqAIEEW7lDsApFGe4aFou1IscIIAQH\/Fb\/wAAAQEICi36Oa5vhpKh"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432582230648,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1432582230648,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":648273,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAZppAAEAGvV7AqAIEEa1CZsA0AbuMr4Y\/AAAAALAC\/\/\/iDQAAAgQFtAEDAwQBAQgKLfo7WAAAAAAEAgAA"}
00438{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":787552,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0jEsAAO8GKLkRrUJmwKgCBAG7wDR81DyUjK+GQIASH\/6qEgAAAgQFoAEDAwQBAQQC"}
00421{"flow_id":17,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":854807,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLotAAEAG9YXAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAQQADKywAA"}
00730{"flow_id":17,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582230,"pkt_ts_usec":862990,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"xiwDYGpkAPS5Jrv0CABFAAELd3hAAEAGq7XAqAIEEa1CZsA0AbuMr4ZAfNQ8lVAYQADmeAAAFgMBAN4BAADaAwNVY3hWzpRvQb4tQBJl4xyEq38xvRpwxqpjBZECV8GAECDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAABHAAAAHQAbAAAYcDUzLWJ1eS5pdHVuZXMuYXBwbGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00774{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00785{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_first_seen":1432582230648,"flow_last_seen":1432582230862,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00420{"flow_id":17,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":3202,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAojFMAAO8GKL0RrUJmwKgCBAG7wDR81DyVjK+HI1AQCgL\/5gAA"}
00547{"flow_id":17,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":3264,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"APS5Jrv0xiwDYGpkCABFAACEjFUAAO8GKF8RrUJmwKgCBAG7wDR81DyVjK+HI1AYCgJANgAAFgMDAFECAABNAwNVY3hWI039rq0zERKUON6sjGVDSZCqKie+A5zCjAoXmyDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVAAEAAAF\/wEAAQAUAwMAAQE="}
-00815{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_tot_l4_data_len":475,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00826{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":148,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":6,"flow_first_seen":1432582230648,"flow_last_seen":1432582231003,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00472{"flow_id":17,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":5970,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"APS5Jrv0xiwDYGpkCABFAABNjFcAAO8GKJQRrUJmwKgCBAG7wDR81DzxjK+HI1AYCgJAMgAAFgMDACBiB\/EBcHJhTjzTzrwx1GVDilcgFXEF0qJick8c0ufuiA=="}
00421{"flow_id":17,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":58524,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo6VVAAEAGOrvAqAIEEa1CZsA0AbuMr4cjfNQ88VAQP\/rJkgAA"}
00421{"flow_id":17,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":59300,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoUvNAAEAG0R3AqAIEEa1CZsA0AbuMr4cjfNQ9FlAQP\/fJcAAA"}
@@ -136,59 +136,59 @@
01070{"flow_id":17,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":61714,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFNTxAAEAG7PfAqAIEEa1CZsA0AbuMr4zufNQ9FlAYQAAc4gAAsYdNjfNGxmEFECNFGBW4XvgpGiYJ0JwiGAwdKVeHAu79PYIogVWOIM69cPMuSkDd3gzQ9eeIr2dR89vtZBMsmEhjpU61cly+p1iMWhrRKjYoUZa9iexbCEf\/XoNjAlhDth7vTa9Lm8V\/vCdUr1YglXeST2p+cwM2Am\/fTLtCprPl1kRLV5ZLV2tJI6FO1V6Drtmkhou0YZh\/CNXuUVWMBaXY2hgU9JV2SlAm3K9qU5VMxy94\/KubOkQwEdUFMxzXJvghzvs0mCkCAXWl46YINFz2Z9pRjHMJTwBXIQ8vnfImK6VTP3rHnGeAzpRSe8AXTtAuwOds0ZiifLNoW6Kmz2IGFe\/Iw6NzLNpqh0DAt89iL\/Ua0rfIx0QjCK+JUh3WM6yg6ynyHJymUjMxkdcD43Es+TmbcExTT3v743rxdk7FerIeY2ayYobPKqA92\/eLpyPL6Qgc\/+sbJzKFIRl2veyLdAwOPpH6i7H5V46yKKB2BnYMjS1piWhyWn0K8HkftfUT95v5mGRkqjNh8Lr5V1Y+WF+iALZPzAtUWt2LN5XlczFk74L4heMd81V4CsUTMfQ7qd++WffU8Ritl\/3z9vXXPk4p1udaKH3VekPUHLZLae40DewSVjGtVulj"}
01182{"flow_id":17,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":63858,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJUPRdAAEAG5M3AqAIEEa1CZsA0AbuMr47LfNQ9FlAYQAAyzQAAFwMDAicr2\/eRSJOi6Al3SvFD7yeMbcGmkKshkZydWdXNi38CQoQFoleJiJ3GVAaEaulr2sqQFK5f99oLGrq6URIcc2mnkAkxw47W7nOrfH9aB5ti8gELqQlT4VM93FJfi7h0ALg2zFe38WfXzMLUYLWvLP9vWNKg9ktkwHrmUl+yqVBb+hOofgAueUBhN7DMBypDEE+DL46DpMs18SLOf8kUrRJY7m3yMx4yVK7moXMEwip2JcNkfj0MO5Q6irN\/WwSqCiAEPPKCXKmOj2KsABowhoNAaoljb8dR8XeoaLe4W6GF0yRLyukctazZdIv2yOewLkR8it\/NvwbSz49lbTJHlGGlvu1g3Oos97uScf3Lpq0TDbeHQy93f4eD07VoRhgHDcb3Yf3m+W4TDEN9R5i1y5oFc\/He\/MikMvpw0hYvkLKDbq1r0GC5mV+O04YGE0QfJolQz9IQu292HEsMB8dic5HfYbdYG\/PAPuvI1M8FneaDa0hBDLzKV9\/2PmlVtpo\/Ywjc87k9L2jMmOQtOg9NnNmvFHNk8N5XB8DmI\/NMp7enfSmtodcKqhMGBWe3rMMfPYzt\/MyCjczYgf0aAZG+\/Si00O53ARuQX6+wCNAnsEN1jOxApcUe5dlIgT8E7ThuwBiSO8ozNltEUsSQRdyoWVjem+AaGTG9oUqn\/CpPzpsDECp5aL1ug0idhl\/eXHnX9F2kr66EkrD9kmz2KqklE3\/nONrmvqqnLw=="}
00422{"flow_id":17,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582231,"pkt_ts_usec":197559,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAojFoAAO8GKLYRrUJmwKgCBAG7wDR81D0WjK+HKVAQC2n9+AAA"}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432582233314,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1432582233314,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":314493,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0kh5AAEAGATfAqAIEXbqHCMAoAFBgmxszxhyTY4ARIABAdgAAAQEICi36RbdjLQIx"}
00437{"flow_id":18,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":380398,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewoAADkGX0tduocIwKgCBABQwCjGHJNjYJsbNIAQAebnbwAAAQEICmMteVEt+kW3"}
00437{"flow_id":18,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":490649,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0ewsAADkGX0pduocIwKgCBABQwCjGHJNjYJsbNIARAebnAQAAAQEICmMteb4t+kW3"}
00437{"flow_id":18,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":517341,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0FgJAAEAGfVPAqAIEXbqHCMAoAFBgmxs0xhyTY4AQIADIcwAAAQEICi36RpljLXlR"}
00437{"flow_id":18,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":518032,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0HhlAAEAGdTzAqAIEXbqHCMAoAFBgmxs0xhyTZIAQIADIBQAAAQEICi36RpljLXm+"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432582233751,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1432582233751,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00426{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":751156,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoI\/dAAEAG3k\/AqAIEEaxkMcAnAbsMJFozPw\/LbVAR\/\/9EkwAA"}
00423{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":884833,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xIAAO8GmDMRrGQxwKgCBAG7wCc\/D8ttDCRaNFARn\/6kkwAA"}
00424{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582233,"pkt_ts_usec":926720,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoy8lAAEAGNn3AqAIEEaxkMcAnAbsMJFo0Pw\/LblAQ\/\/9EkgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432582234869,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1432582234869,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582234,"pkt_ts_usec":869452,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAohHZAAEAGfc3AqAIEEaxkNMAeAbsiAVkzu7svv1AR\/\/9OvgAA"}
00422{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582235,"pkt_ts_usec":10449,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoaq4AAO4GKZURrGQ0wKgCBAG7wB67uy+\/IgFZNFARn\/6uvgAA"}
00422{"flow_id":20,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582235,"pkt_ts_usec":28480,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAosCtAAEAGUhjAqAIEEaxkNMAeAbsiAVk0u7svwFAQ\/\/9OvQAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432582235998,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1432582235998,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582235,"pkt_ts_usec":998968,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLkpAAEAG1AjAqAIEEaxkJcAdAbtiYuGVG2ODH1AR\/\/\/TAgAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432582235999,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1432582235999,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582235,"pkt_ts_usec":999137,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoEt9AAEAG713AqAIEEaxkO8AcAbueodpQe0gK3VAR\/\/+2UAAA"}
00422{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582236,"pkt_ts_usec":140915,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoyysAAO8GyCYRrGQlwKgCBAG7wB0bY4MfYmLhllARn\/4zAwAA"}
00422{"flow_id":22,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582236,"pkt_ts_usec":144785,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoKcoAAO4GanIRrGQ7wKgCBAG7wBx7SArdnqHaUVARn\/4WUQAA"}
00424{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582236,"pkt_ts_usec":282078,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLwpAAEAG00jAqAIEEaxkJcAdAbtiYuGWG2ODIFAQ\/\/\/TAQAA"}
00423{"flow_id":22,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582236,"pkt_ts_usec":282161,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432582238790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432582238790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":790823,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432582238790,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1432582238790,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":790889,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACat4MAAEARfEjAqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791013,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACayJAAAEARiRnAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791094,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaw2YAAEARjkPAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791235,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa2EoAAEARf1\/AqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791350,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa9a4AAEARYfvAqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791504,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa8J4AAEARUgvAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791682,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLVIAAEARFVjAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791744,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNZEAAEARBxnAqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791932,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa90wAAEARRV3AqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":791993,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACahRkAAEARwwDAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1432582238791,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":792200,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaCdEAAEARPknAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":792300,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWjwAAEAR4G3AqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":792451,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWaMAAEAR4QbAqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00576{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":792569,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACagnUAAEARzDTAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1432582238792,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00576{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":792699,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakcIAAEARvOfAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
00467{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":857632,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28gAAFURZ\/MfDUAwwKgCBA2WyT4ANKxZAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnU="}
00467{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582238,"pkt_ts_usec":857679,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28kAAFURZ\/IfDUAwwKgCBA2WyT4ANKxXAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnc="}
@@ -206,34 +206,34 @@
00465{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582239,"pkt_ts_usec":55087,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABI6QcAAFMRTSQfDU\/AwKgCBA2WyT4ANHa5AQMAGCESpEIAADsyhsRFd5d2aQUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuY="}
00464{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582239,"pkt_ts_usec":83443,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAeoAAFYRK9IfDVUwwKgCBA2WyT4ANFR5AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuM="}
00464{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582239,"pkt_ts_usec":83446,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABIAesAAFYRK9EfDVUwwKgCBA2WyT4ANFR4AQMAGCESpEIAADIU0Oi5cQTqY2QAIAAIAAGRdm4xsYdAAgAIAAABTYyOMuQ="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432582244297,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1432582244297,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582244,"pkt_ts_usec":297765,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAojkRAAEAGShnAqAIEEaeOH8AMAbt6TdZMbFoWmFAR\/\/+4DAAA"}
00422{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582244,"pkt_ts_usec":435488,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoqu8AAO0GwG0Rp44fwKgCBAG7wAxsWhaYek3WTVARn\/4YDQAA"}
00423{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582244,"pkt_ts_usec":462183,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoPbFAAEAGmqzAqAIEEaeOH8AMAbt6TdZNbFoWmVAQ\/\/+4CwAA"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432582245413,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1432582245413,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582245,"pkt_ts_usec":413387,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAodlRAAEAGjBvAqAIEEaxkCMAPAbv4S5DjkuqnU1AR\/\/\/yOgAA"}
00422{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582245,"pkt_ts_usec":550551,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo3Q8AAO8Gtl8RrGQIwKgCBAG7wA+S6qdT+EuQ5FARn\/5SOwAA"}
00426{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582245,"pkt_ts_usec":576371,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo\/ZBAAEAGBN\/AqAIEEaxkCMAPAbv4S5DkkuqnVFAQ\/\/\/yOQAA"}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582246,"pkt_ts_usec":280217,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISN8UAAEARusXAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":34,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582247,"pkt_ts_usec":125660,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIu7MAAEAROKHAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432582249235,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_first_seen":1432582249235,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":35,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":235256,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0VdFAAEAGLmvAqAIEXT6WncAqAbtp\/2UpB8hbNoARIADD5gAAAQEICi36g7kNLSlg"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432582249235,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_first_seen":1432582249235,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":36,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":235474,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo02tAAEAGBQTAqAIEEaeODcAuAbvUT3p65yrTtlAR\/\/+B3QAA"}
00437{"flow_id":35,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":291378,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA0DlQAAG4Gh+hdPpadwKgCBAG7wCoHyFs2af9lKoARAgLVtQAAAQEICg0tNY4t+oO5"}
00438{"flow_id":35,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":292701,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0W3xAAEAGKMDAqAIEXT6WncAqAbtp\/2UqB8hbN4AQIAC3ZgAAAQEICi36hAoNLTWO"}
00422{"flow_id":36,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":385278,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAony8AAO4Gyz8Rp44NwKgCBAG7wC7nKtO21E96e1ARn\/7h3QAA"}
00424{"flow_id":36,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582249,"pkt_ts_usec":492305,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo3x9AAEAG+U\/AqAIEEaeODcAuAbvUT3p75yrTt1AQ\/\/+B3AAA"}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432582250339,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_first_seen":1432582250339,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00423{"flow_id":37,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582250,"pkt_ts_usec":339527,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoFBJAAEAGxF3AqAIEEaeODcAwAbsLr3wkAQ2ywFAR\/\/9P5gAA"}
00422{"flow_id":37,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582250,"pkt_ts_usec":476958,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAoVmEAAO4GFA4Rp44NwKgCBAG7wDABDbLAC698JVARn\/6v5gAA"}
00423{"flow_id":37,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582250,"pkt_ts_usec":618616,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAotpxAAEAGIdPAqAIEEaeODcAwAbsLr3wlAQ2ywVAQ\/\/9P5QAA"}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1432582246280,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":304,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_first_seen":1432582247125,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00524{"flow_id":29,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582257,"pkt_ts_usec":197582,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"APS5Jrv0xiwDYGpkCABFAAByH68AAFYRBeMfDV0wwKgCBA2WyT4AXrjagckACUwonm2wHgwTDvqn09dI5Tl\/4L+Lv6PBoXbsprKS9SgxRhWHjq5qsMlCLel9YINSbVW1kyOkA+bDEjDWVO8fpWX9e7C0gAAAAVvv5xPqYsEj4ls="}
00524{"flow_id":29,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582257,"pkt_ts_usec":449320,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"xiwDYGpkAPS5Jrv0CABFwAByxxYAAEARc7vAqAIEHw1dMMk+DZYAXqeygckACVRZKCT7lnvZ811JfC5ler1y\/RVJ82dVNGIRmS8ajsv2qK4TCbrz2O7Z+mq+ixG2tXbvFQ3Uv55JzfT8oMVSo0nQX+75gAAAAZw0TI0CfOcdGVE="}
00766{"flow_id":29,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582257,"pkt_ts_usec":622982,"pkt_caplen":302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":302,"pkt_l4_len":268,"pkt":"xiwDYGpkAPS5Jrv0CABFwAEgvnIAAEARe7HAqAIEHw1dMMk+DZYBDJTogPhBKQAACgBUWSgkJQftb+eUEIqcBe\/Wcq54y3PH7EtnWYY10TPN\/yzikXt2N06\/l+eNPUtopv6QSAGjC9LvWMuyyZ+feEglSpbVTzTDx4DlAE7e2DVd\/reZs86a5kl5JSTCGIWRfwC\/cSWhnhq4ICvhgp9YK+jKykfxbYE68863ROqjz4FFM7VPE9G2o7b8BXzFfdHdNt1kIxhL\/V8kKE\/3a7VLkGFomHbeT+JWvwPw5iFS3mqeUcML4GaEx4EbcOn9A\/7lfE3jBSL2qWE\/WyYvU5oPByLSO7xLxbqH6rvOmskmAHKMT6MhPp\/umR5I4DZrcqAUjFqcbl9eq+emOrfWgCo="}
@@ -245,12 +245,12 @@
00760{"flow_id":29,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":79361,"pkt_caplen":299,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":299,"pkt_l4_len":265,"pkt":"xiwDYGpkAPS5Jrv0CABFwAEd\/ncAAEARO6\/AqAIEHw1dMMk+DZYBCVqagPhBLAAAKABUWSgkH1k7MQ+SpX9e37sFlnpFBbbSSz\/eMBJZin9e9q7+a3YroYkyKhOjEHJhM4\/ZJubRpoVEzoNCQiYW37PQ9ACQdGaVa4jiIwRxgKx4GZigATStpSP9rtzUVaGYDPXIEUNDOGJwOYUgeM0Ft2WtPdlW8PlAB4gvA1AclHBPRO1dAviShoe+1BogsJ6\/bHhRMqnQ6eUKzWlgT0FzIyOWgJrQ1+PmUjhinUB\/OQxQeeHzZ79VN7X4b0Ky7BsiYZyi+C9EEFgvWn7QTFW4I7iSlBr1VkCSn9L8AJBsiqCfAiXqQ\/5eBSYaBaGRbmFYbv4lL5\/kLiwQJyc="}
00725{"flow_id":29,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":100420,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"pkt":"APS5Jrv0xiwDYGpkCABFAAEGH7IAAFYRBUwfDV0wwKgCBA2WyT4A8ta+gPglSQAAFABMKJ5tmiD\/0WCiLlNUr9XvJVIJQ\/u6oBIXekwKCHWs0LW7qqW4AItvqVH1GpoaRri77tdwwm54S24QJkTPOrgJPaHwobLxxUzmKM906vC0Z0tkzrakkvHLQUYMgG4NEtVASKMjwMF7bNp\/GghORWLnCr1FIpoTp7tAfBhbRYjn8gDBTzHoEKZEGf45Q38PlJhJRJtE9RgDubiByvCStec0oZX0Fj1nMql5JAdIKFwVeg3iC7R5DNjvWqi4ffWNNgjlk2X3bGOOZ3qUYQ6ZeNYLt\/NKqH7JP6qIW0iMpWxi3Bdd"}
00712{"flow_id":29,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":272232,"pkt_caplen":266,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":266,"pkt_l4_len":232,"pkt":"APS5Jrv0xiwDYGpkCABFAAD8H7MAAFYRBVUfDV0wwKgCBA2WyT4A6BJ1gPglSgAAHgBMKJ5tQqgHrjMR3HfoBKUbsHSDS5aU64Vqc0Ix1OO5vV1Ug2kVfumuSRmeoiyk6FxOHh4URezevKx0AHnVCovgWN09Fao9\/vsgPljujT63FO2Jihe8v8HUtwG02dJcaJg4dyO7C8jAZ1BBh42oWZ5c6ukFXKsUDof\/zP7HxEdFDBfMnuQ4WeiaLc5yFDJQb52HMKxrDmndS7UhOforJq6JdW\/jTpMgNcFONycByxLJbaNy4EijSVgkgr4p9mKp1YXuppYt2gBfKjgirq8Q4nCECPUAzvmmhpU="}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432582258587,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432582258587,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00465{"flow_id":38,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":587552,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="}
-00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432582258587,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432582258730,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_first_seen":1432582258587,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432582258730,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":39,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":730153,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="}
-00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432582258730,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_first_seen":1432582258730,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00466{"flow_id":39,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":815685,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="}
00815{"flow_id":39,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":825375,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"}
00468{"flow_id":39,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582258,"pkt_ts_usec":881819,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABIE\/gAAC8RqMJb\/bBBwKgCBCSAyT4ANMrWAAEAGCESpEKeaboEfgZsasdwHloACAAUqRSMFuqpInS4y87I6AOf8O\/PSC8="}
@@ -286,9 +286,9 @@
00576{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":973139,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACapL4AAEARl+vAqAIEHw1bMMk+DZYAhsXACAAAaiESpEIAAJhbSrigEVALo09AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
00577{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":973759,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakhcAAEARtgLAqAIEHw1PwMk+DZYAhj\/GCAAAaiESpEIAADsyhsRFd5d2aQZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
00576{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":975158,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaISAAAEARLYrAqAIEHw1JMMk+DZYAhhIsCAAAaiESpEIAABpmz0oddRqYGldAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"}
-00455{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432582267983,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432582267983,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":40,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":983119,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA44FwAAEABy33AqAIEW\/2wQQMDDx4AAAAARQAANHIMAAAvEUrCW\/2wQcCoAgQkgMk+ACAAAA=="}
-00487{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432582267983,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00495{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":826,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_first_seen":1432582267983,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00447{"flow_id":40,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":990660,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4yYsAAEAB4k7AqAIEW\/2wQQMDDx8AAAAARQAAM4K1AAAvEToaW\/2wQcCoAgQkgMk+AB8AAA=="}
00447{"flow_id":40,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582267,"pkt_ts_usec":992881,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4J2kAAEABhHHAqAIEW\/2wQQMDDx8AAAAARQAAM6fUAAAvERT7W\/2wQcCoAgQkgMk+AB8AAA=="}
00446{"flow_id":40,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582268,"pkt_ts_usec":17667,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4d4EAAEABNFnAqAIEW\/2wQQMDDwYAAAAARQAATKqlAAAvERIRW\/2wQcCoAgQkgMk+ADgAAA=="}
@@ -297,72 +297,72 @@
00446{"flow_id":40,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":840,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582268,"pkt_ts_usec":87421,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4tY4AAEAB9kvAqAIEW\/2wQQMDDukAAAAARQAAaU70AAAvEW2lW\/2wQcCoAgQkgMk+AFUAAA=="}
00447{"flow_id":40,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582268,"pkt_ts_usec":111231,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA4zs0AAEAB3QzAqAIEW\/2wQQMDDu4AAAAARQAAZKhGAAAvERRYW\/2wQcCoAgQkgMk+AFAAAA=="}
00448{"flow_id":40,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":844,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582268,"pkt_ts_usec":540544,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA45d4AAEABxfvAqAIEW\/2wQQMDDsQAAAAARQAAjiA1AAAvEZw\/W\/2wQcCoAgQkgMk+AHoAAA=="}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432582271840,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432582271840,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":41,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582271,"pkt_ts_usec":840128,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIREwAAP8RdlkAAAAA\/\/\/\/\/wBEAEMBNOdgAQEGALYzLg0AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00568{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432582271840,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
+00580{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":852,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_first_seen":1432582271840,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
00822{"flow_id":41,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":853,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582273,"pkt_ts_usec":95861,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE0AAP8RdlgAAAAA\/\/\/\/\/wBEAEMBNOdeAQEGALYzLg0AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00823{"flow_id":41,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":854,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582275,"pkt_ts_usec":776369,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE4AAP8RdlcAAAAA\/\/\/\/\/wBEAEMBNOdcAQEGALYzLg0ABAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":42,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582276,"pkt_ts_usec":331177,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQGwAAEARsh7AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00525{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":855,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":856,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_first_seen":1432582276331,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00822{"flow_id":41,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":858,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582280,"pkt_ts_usec":30111,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRE8AAP8RdlYAAAAA\/\/\/\/\/wBEAEMBNOdXAQEGALYzLg0ACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00454{"flow_id":43,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582284,"pkt_ts_usec":805875,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AQBeAAD72DBiVgAcCABFAAA+cQoAAP8RGNup\/qbP4AAA+xTpFOkAKikcAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="}
-00558{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00570{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":859,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":44,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582284,"pkt_ts_usec":805992,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"pkt":"MzMAAAD72DBiVgAcht1gA4nLACoR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqIMQAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00563{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00575{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_first_seen":1432582284805,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":45,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582284,"pkt_ts_usec":806066,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"AQBeAAD7xiwDYGpkCABFAAA+TlkAAP8RybDAqAIB4AAA+xTpFOkAKrdAAAAAAAABAAAAAAAACkx1Y2FzLWlNYWMFbG9jYWwAAByAAQ=="}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
-00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":861,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00506{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00483{"flow_id":46,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582284,"pkt_ts_usec":806157,"pkt_caplen":96,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":96,"pkt_l4_len":42,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGACoR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QAqK3YAAAAAAAEAAAAAAAAKTHVjYXMtaU1hYwVsb2NhbAAAHIAB"}
-00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":862,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_first_seen":1432582284806,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00550{"flow_id":43,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582285,"pkt_ts_usec":47651,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"AQBeAAD72DBiVgAcCABFAACANrsAAP8RUuip\/qbP4AAA+xTpFOkAbF25AACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAA2jBi\/\/5WABzADAABgAEAAAB4AASp\/qbPwAwAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHA=="}
-00580{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00592{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":863,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00548{"flow_id":45,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582285,"pkt_ts_usec":47655,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"pkt":"AQBeAAD7xiwDYGpkCABFAACAD1QAAP8RCHTAqAIB4AAA+xTpFOkAbI9mAACEAAAAAAEAAAACCkx1Y2FzLWlNYWMFbG9jYWwAAByAAQAAAHgAEP6AAAAAAAAAxCwD\/\/5gamTADAABgAEAAAB4AATAqAIBwAwAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZA=="}
-00576{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00588{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":864,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00578{"flow_id":46,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582285,"pkt_ts_usec":47789,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD7xiwDYGpkht1gAhHGAGwR\/\/6AAAAAAAAAxCwD\/\/5gamT\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsA5wAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADELAP\/\/mBqZMAMAAGAAQAAAHgABMCoAgHADAAcgAEAAAB4ABD+gAAAAAAAAMQsA\/\/+YGpk"}
-00586{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00598{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":865,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
00578{"flow_id":44,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582285,"pkt_ts_usec":47820,"pkt_caplen":162,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":162,"pkt_l4_len":108,"pkt":"MzMAAAD72DBiVgAcht1gA4nLAGwR\/\/6AAAAAAAAA2jBi\/\/5WABz\/AgAAAAAAAAAAAAAAAAD7FOkU6QBsVWEAAIQAAAAAAQAAAAIKTHVjYXMtaU1hYwVsb2NhbAAAHIABAAAAeAAQ\/oAAAAAAAADaMGL\/\/lYAHMAMAAGAAQAAAHgABKn+ps\/ADAAcgAEAAAB4ABD+gAAAAAAAANowYv\/+VgAc"}
-00585{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00597{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":866,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"lucas-imac.local"}}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00474{"flow_id":47,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582285,"pkt_ts_usec":62641,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABInyUAAEARVS\/AqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":868,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":867,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":868,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_first_seen":1432582285062,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00823{"flow_id":41,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582288,"pkt_ts_usec":984274,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFAAAP8RdlUAAAAA\/\/\/\/\/wBEAEMBNOdPAQEGALYzLg0AEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":48,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":337662,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":48,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":337727,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaZm0AAEAR6DzAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":49,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":337848,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACajDIAAEARrnfAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_first_seen":1432582296337,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":49,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":337941,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalgkAAEARpKDAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00578{"flow_id":50,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338078,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaRlMAAEARAcfAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00532{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00544{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00578{"flow_id":50,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338210,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1Y0AAEARcozAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":51,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338341,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaIqQAAEARINbAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":51,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338539,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNRkAAEARDmHAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":52,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338593,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4C0AAEARtrvAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":52,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338735,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaP+kAAEARVwDAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":53,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":338853,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaOAUAAEARBaXAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_first_seen":1432582296338,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":53,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":339205,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLOMAAEAREMfAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":54,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":339330,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACafE8AAEAR0VrAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":54,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":339473,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1VQAAEAReFXAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00577{"flow_id":55,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":339591,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaPWIAAEARBkjAqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00531{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00543{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_first_seen":1432582296339,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00577{"flow_id":55,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":339722,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4JwAAEARYw3AqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
00465{"flow_id":49,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":389707,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbcAAFYRcAQfDV0wwKgCBA2WzjoANObxAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzk="}
00465{"flow_id":49,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":391231,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbgAAFYRcAMfDV0wwKgCBA2WzjoANObvAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzs="}
@@ -381,7 +381,7 @@
00467{"flow_id":50,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":901,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":565602,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4sAAFMRJqEfDU\/AwKgCBA2WzjoANNk2AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE58="}
00467{"flow_id":50,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":902,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582296,"pkt_ts_usec":567432,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABID4wAAFMRJqAfDU\/AwKgCBA2WzjoANNk0AQMAGCESpEIAAL9\/1m08YXkuT0YAIAAIAAG2aW4xsYdAAgAIAAABTYyPE6E="}
00823{"flow_id":41,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":925,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582297,"pkt_ts_usec":170828,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFEAAP8RdlQAAAAA\/\/\/\/\/wBEAEMBNOdGAQEGALYzLg0AGgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00469{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":932,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1432582267983,"flow_last_seen":1432582268540,"flow_tot_l4_data_len":324,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":932,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":9,"flow_first_seen":1432582267983,"flow_last_seen":1432582268540,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00526{"flow_id":55,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582302,"pkt_ts_usec":350249,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"xiwDYGpkAPS5Jrv0CABFwABy39QAAEARY\/3AqAIEHw1UMM46DZYAXmPlgckACQoVDhA\/cDmPP2GH+dw+eSd5Ut6D6R34wbCvsCoYFHs8lda5k2P52vD1dbELS8rcXVWf0VY2IFXDP5up5wUe\/tYGcpldgAAAAb5uMWFJKkRckYE="}
00525{"flow_id":55,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":938,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582302,"pkt_ts_usec":912020,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"pkt":"APS5Jrv0xiwDYGpkCABFAAByXYsAAFIR1QYfDVQwwKgCBA2WzjoAXmv+gckACSB2M\/5X8+7ElJjZtJTkAZbDxrLHHhhUBR+1hKIMqEIhSPb6Wg4Ja9XBi2fc\/D+ZPefGYMYzCVqJhDuK+Gsma2+PG7u5gAAAAZEEAqnD8KaHguk="}
00438{"flow_id":55,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":939,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":149089,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"pkt":"APS5Jrv0xiwDYGpkCABFAAAyXjMAAFIR1J4fDVQwwKgCBA2WzjoAHuwEgdEAASB2M\/6AAAACcCTfJHwxNRurEw=="}
@@ -389,15 +389,15 @@
00442{"flow_id":55,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":159031,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"APS5Jrv0xiwDYGpkCABFAAA2XjkAAFIR1JQfDVQwwKgCBA2WzjoAIvdCgdAAAiB2M\/6YWHBsgAAAA8HppQatQ+qGmOI="}
00511{"flow_id":55,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":163321,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"APS5Jrv0xiwDYGpkCABFAABnXjsAAFIR1GEfDVQwwKgCBA2WzjoAUxlRgPh9XQAAFAAgdjP+q\/kEFZvwnYsAR\/3b\/z4vmiArWusMzlvlxk7xfp4CqqMe5gIbMHd0Pu67hnxgPl7BYqAXFBnhHsakV8adx2yU"}
00509{"flow_id":55,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":171479,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"APS5Jrv0xiwDYGpkCABFAABnXkMAAFIR1FkfDVQwwKgCBA2WzjoAU5IggPh9XgAAHgAgdjP+kn9SIGTv4CA0pWaHCw6Qx7A53BHTLoo9qLy5G+0vUNCkpXIDcHUY7ViZf0VOkJ1Ip67ZRUk2\/RufvW3SysP9"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432582303186,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432582303186,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00468{"flow_id":56,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":186638,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="}
-00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432582303186,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_first_seen":1432582303186,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00697{"flow_id":55,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":216233,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"pkt":"xiwDYGpkAPS5Jrv0CABFwADuQ4kAAEAR\/8zAqAIEHw1UMM46DZYA2tRwgPhVpwAACgAKFQ4QuqT9ptkgZ5Y2FvijqWVfAD6UVcFEIzFKF\/JNQN0Y+dJMFtTCgVCZpfHDSiB+Xmr+\/h8AYGb1t+Sn4Xec5ai6Ah4\/btvRhWVJI5CHZ18pma97DhgyhUsOS\/C63VuOwqbmhhWzUsrF\/hYCDoUbltfgeNlWBkgRMKwrDgKhSyFB0ptNTYoTVhjLIiZKXnPkwTmV6oZgcUtgsE+iaefjPsJOx\/4\/6Z2jskQuOeGO9vDLrzXnzaySedSQdWtTou2OLhwnSaYkDaC+"}
00442{"flow_id":55,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":947,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":216347,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"pkt":"xiwDYGpkAPS5Jrv0CABFwAA2130AAEARbJDAqAIEHw1UMM46DZYAIroUgdAAAgoVDhB3PeWjgAAAAndoOROZ+YMI74E="}
00510{"flow_id":55,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":948,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":257557,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"APS5Jrv0xiwDYGpkCABFAABnXm8AAFIR1C0fDVQwwKgCBA2WzjoAUyQOgPh9XwAAKAAgdjP+380xJX1FWSmeObsDkWqrKkLjxQDaAHcKg6HqDt1Ks2QxpVBOLRL9\/WnpUJd8BMROrpV3ZWNfb8WYnsm\/Edll"}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432582303300,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432582303300,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00467{"flow_id":57,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":300524,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="}
-00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432582303300,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00598{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_first_seen":1432582303300,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00687{"flow_id":55,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":355289,"pkt_caplen":246,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":246,"pkt_l4_len":212,"pkt":"xiwDYGpkAPS5Jrv0CABFwADoe2oAAEARx\/HAqAIEHw1UMM46DZYA1LT\/gPhVqAAAFAAKFQ4QO5YRnqxmcDxXUwJcX+x8T8ZmO3EsLKIXqky0fB5AZTybZVFSm0WTZPklkb8\/5llTCzEbtxbEFQRMdmmWnqYLMO+U\/inIg+s8k3y8P+dBWxlU49qs3a0CuXtnbKdc+6bgmshii4WqbMG\/MaaOc3yJMTdpJeOBf1VxNFAilTYAcKju3jXEp5YZ0SZ6lNguqjBQsJqmjsbgl0f\/MyPKvc60IvIACSiDcTxFntnkiIJKBvO8Lm4irtnZRQE0hvlNvaKl"}
00466{"flow_id":57,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":604793,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="}
00466{"flow_id":57,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582303,"pkt_ts_usec":607918,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="}
@@ -419,9 +419,9 @@
00824{"flow_id":41,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1006,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582305,"pkt_ts_usec":542476,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFIAAP8RdlMAAAAA\/\/\/\/\/wBEAEMBNOc+AQEGALYzLg0AIgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00467{"flow_id":56,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582305,"pkt_ts_usec":729284,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIr1YAAEARq2HAqAIEAcJav846yg8ANKgQAAEAGCESpELZAvkIKfkpFBb9pE8ACAAUpwxPL3W2phMpSSxWPm\/EvQ75gEI="}
00467{"flow_id":56,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1021,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582306,"pkt_ts_usec":364356,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI4aUAAEAReRLAqAIEAcJav846yg8ANKLfAAEAGCESpEIz2ONY3CmHVuVWzUMACAAUZrHzQ82TK7U+\/hqibPpy5E4012Y="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":58,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582306,"pkt_ts_usec":376756,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIS5VYAAEARDTTAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1022,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00466{"flow_id":56,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582306,"pkt_ts_usec":999093,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIKgAAAEARMLjAqAIEAcJav846yg8ANPy6AAEAGCESpEL31FdWatBeIMDvxDAACAAUSFPzRc996SzqmZ6E1q9HrR63LhY="}
00469{"flow_id":56,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1043,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582307,"pkt_ts_usec":625866,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIC\/EAAEARTsfAqAIEAcJav846yg8ANL9aAAEAGCESpEJtcaF4+ugdL0CNqlQACAAUaPHflDa2x9PoZdiwWZf\/\/ginRuE="}
00467{"flow_id":56,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1052,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582308,"pkt_ts_usec":251114,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIsHQAAEARqkPAqAIEAcJav846yg8ANE36AAEAGCESpEItkB8JCH8yd1sjMhQACAAUEQzuvewy\/DjCKlzLvHRA+8aLVJs="}
@@ -435,53 +435,53 @@
00578{"flow_id":52,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582310,"pkt_ts_usec":666615,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4soAAEARtB7AqAIErfxyAc46DZYAhpkTCAAAaiESpEIAAPckPngMfZVuqj5AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
00579{"flow_id":53,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582310,"pkt_ts_usec":667258,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaDrsAAEARLu\/AqAIEHw1aMM46DZYAhtw8CAAAaiESpEIAAEIAbV8qcywo32NAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
00578{"flow_id":54,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582310,"pkt_ts_usec":667847,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"xiwDYGpkAPS5Jrv0CABFwACacW8AAEAR3DrAqAIEHw1KMM46DZYAhrcnCAAAaiESpEIAAMYoECn4BPzbT0FAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"}
-00456{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00464{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":59,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582311,"pkt_ts_usec":138615,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA48BUAAEABu8TAqAIEW\/2wQQMDCIcAAAAARQAAjs3hAAAvEe6SW\/2wQcCoAgQlwc46AHoAAA=="}
-00488{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1188,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00457{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1188,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1187,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1188,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_first_seen":1432582306376,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00465{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1188,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_first_seen":1432582311138,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00824{"flow_id":41,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1195,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582313,"pkt_ts_usec":933947,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFMAAP8RdlIAAAAA\/\/\/\/\/wBEAEMBNOc2AQEGALYzLg0AKgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00824{"flow_id":41,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1196,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582322,"pkt_ts_usec":995511,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFQAAP8RdlEAAAAA\/\/\/\/\/wBEAEMBNOctAQEGALYzLg0AMwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00475{"flow_id":60,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582324,"pkt_ts_usec":191957,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIJmQAAEARzfDAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00522{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432582331561,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1197,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_first_seen":1432582331561,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00424{"flow_id":61,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582331,"pkt_ts_usec":561251,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"}
00423{"flow_id":61,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1200,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582331,"pkt_ts_usec":698151,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo+xwAAO0GcDgRp44nwKgCBAG7wC16MJhgZIB38FARn\/78bwAA"}
00825{"flow_id":41,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1201,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582331,"pkt_ts_usec":780851,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFUAAP8RdlAAAAAA\/\/\/\/\/wBEAEMBNOckAQEGALYzLg0APAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00424{"flow_id":61,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1203,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582331,"pkt_ts_usec":825450,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAo40dAAEAG9Q3AqAIEEaeOJ8AtAbtkgHfwejCYYVAQ\/\/6cbwAA"}
-00490{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_first_seen":1432582324191,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01091{"flow_id":62,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582336,"pkt_ts_usec":425202,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISkNQAAEARYbbAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00526{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00495{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00535{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00497{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00520{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_tot_l4_data_len":221,"flow_min_l4_data_len":20,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":44,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432582355253,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00538{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1204,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_first_seen":1432582336425,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_first_seen":1432582224235,"flow_last_seen":1432582224264,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"5.178.42.26","src_port":49174,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_first_seen":1432582224210,"flow_last_seen":1432582224240,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.82","src_port":49173,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_first_seen":1432582223077,"flow_last_seen":1432582223379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.111","src_port":49163,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_first_seen":1432582223075,"flow_last_seen":1432582223379,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.154.66.121","src_port":49166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_first_seen":1432582225329,"flow_last_seen":1432582225381,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.130.137.77","src_port":49176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432582224230,"flow_last_seen":1432582224260,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":85,"flow_avg_l4_payload_len":17,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"23.50.148.228","src_port":49172,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_first_seen":1432582225324,"flow_last_seen":1432582225533,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.55","src_port":49165,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_first_seen":1432582225313,"flow_last_seen":1432582225533,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.53","src_port":49175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1207,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_first_seen":1432582224208,"flow_last_seen":1432582224417,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49169,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_first_seen":1432582355253,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":63,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1217,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":253275,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAz7ZAAEAGVELAqAIEEa1CZsA1Abt+ckUjAAAAALAC\/\/9LOwAAAgQFtAEDAwQBAQgKLfwhgQAAAAAEAgAA"}
00439{"flow_id":63,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1218,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":393148,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"APS5Jrv0xiwDYGpkCABFAAA009MAAO8G4TARrUJmwKgCBAG7wDWkxiaffnJFJIASH\/7nbQAAAgQFoAEDAwQBAQQC"}
00422{"flow_id":63,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1219,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":478348,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoTu9AAEAG1SHAqAIEEa1CZsA1Abt+ckUkpMYmoFAQQAAIJwAA"}
00731{"flow_id":63,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":482566,"pkt_caplen":281,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":281,"pkt_l4_len":247,"pkt":"xiwDYGpkAPS5Jrv0CABFAAELcyVAAEAGsAjAqAIEEa1CZsA1Abt+ckUkpMYmoFAYQABJcgAAFgMBAN4BAADaAwNVY3jT+WAMBJPe1sSsxt7B5e33LtE3N+Ij9pRhB6MISiDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVABKAP\/AJMAjwArACcAIwCjAJ8AUwBPAEsAmwCXABcAEwAPAKsApwA\/ADsANAGsAZwA5ADMAFgA9ADwANQAvAArAB8ARwALADAAFAAQBAABHAAAAHQAbAAAYcDUzLWJ1eS5pdHVuZXMuYXBwbGUuY29tAAoACAAGABcAGAAZAAsAAgEAAA0ADAAKBQEEAQIBBAMCAzN0AAA="}
-00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_tot_l4_data_len":343,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":85,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00786{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1220,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_first_seen":1432582355253,"flow_last_seen":1432582355482,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00422{"flow_id":63,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":622036,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo09YAAO8G4TkRrUJmwKgCBAG7wDWkxiagfnJGB1AQCgI9QgAA"}
00551{"flow_id":63,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":622106,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"pkt":"APS5Jrv0xiwDYGpkCABFAACE09gAAO8G4NsRrUJmwKgCBAG7wDWkxiagfnJGB1AYCgJ94gAAFgMDAFECAABNAwNVY3jTQ3OzV2+3nXXm86LnOOTxKQsOBzom841n\/BAPASDnNWvFSuDQ9RWxNOp1GECdroi8RHuHNQND3XitCRrHVAAEAAAF\/wEAAQAUAwMAAQE="}
-00816{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_tot_l4_data_len":475,"flow_min_l4_data_len":20,"flow_max_l4_data_len":247,"flow_avg_l4_data_len":79,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
+00827{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":1222,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":6,"flow_first_seen":1432582355253,"flow_last_seen":1432582355622,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":227,"flow_tot_l4_payload_len":319,"flow_avg_l4_payload_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Apple","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"p53-buy.itunes.apple.com","ja3":"799135475da362592a4be9199d258726","ja3s":"c253ec3ad88e42f8da4032682892f9a0","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}
00475{"flow_id":63,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1223,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":624778,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"APS5Jrv0xiwDYGpkCABFAABN09oAAO8G4RARrUJmwKgCBAG7wDWkxib8fnJGB1AYCgK2NAAAFgMDACA6GyjsJmKuYnGv9\/VM4XmZSKbQP31R+VeHkrIAEtY9aA=="}
00424{"flow_id":63,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1224,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":683259,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoWCdAAEAGy+nAqAIEEa1CZsA1Abt+ckYHpMYm\/FAQP\/oG7gAA"}
00423{"flow_id":63,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1225,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":683537,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoLm1AAEAG9aPAqAIEEa1CZsA1Abt+ckYHpMYnIVAQP\/cGzAAA"}
@@ -491,63 +491,63 @@
01075{"flow_id":63,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1229,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":687697,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIEb8xAAEAGsmjAqAIEEa1CZsA1Abt+ckvSpMYnIVAYQADR\/AAA07qQm4Ep0AfMbjrgKekirE5be9v5Y+Wt1PAp6dI+Z4ARIiX+eLC+79A323Mj0KuVlIUDWrBIBcROtFlN8VfWaN6sa6B4XXFVLwUe0Z6ZpuPy1HV799SBD5vvu55T\/4RCUUJeV7GbDbY6PVaSFFTT\/atC0jn9rxns6y18hbmv204g\/nVtLhL2hXSK9HiYbtGUwLztMxPbS4LvHc9A0b0+bqvvDEt6LkjqI+Lesoe6b62pKL3IKBvorYENnF9qHSxNOwlsPgMzRVlLbyimWNNZrcer1C1CRcGG+V7wbob1Zc+UVhgBegrhOir\/rgKxmBs\/FiTnInvI7cRUb3h\/bi3xfbINMNlah26Uv0uiKT7EWR8k5couZdKk2WeQJlhB1w8YvLDsunijXRN8qDZSMsKf7YZYHjUEAqXOzU5sAtM\/j+dylKKWaW99TJ9g4jbuk9ahXioY6kRV2A4pl\/x\/Xrb2WswFT2Bfy0iDYza1TjQWnW0J5l5uKypI0UPG0FBTQI+k7I9+xQQFSfOk7eagGIZ6Zs9e57jwNDdoJi3JRJJg+B2ZiMgsFQXq+s+nh7MSkUoWNiE5Iy4AvjFRsiVz\/xxUbdH8A05OcaYBow\/2+b462kjuJvVq+zWN4by\/ndM="}
01184{"flow_id":63,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1230,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":688132,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJUH0BAAEAGAqXAqAIEEa1CZsA1Abt+ck2upMYnIVAYQACaaAAAFwMDAidAn5TunsQA5kB6eBA6g9VebaQimygge\/hXxshDmXRvwQVxcO663ZsQaekX+f80ePuR+K9BmrVgK40BYDnAvd76Ifg1Hsr2ur8Ya5z\/7qa+b5\/rMR2QCAm46uYlis8Zy0kaEW82czqkG+fl2OAgiTpTqFnur1H24\/0Z3BSCXUJ294H3IU2S9xMMpwsN66IU6b8DiPQuBLRwhQ0mMGkbHqfOeH\/z7QZyHnmy9a9\/cJAbxn+onX9l7QdoUMt5zp09X0vLmEmPoDCaLpEhVsYaeag8jYxc1E5XNObgOXL99cq82NpNcuXbusdHw3T6PDZ7exko+xpxaFKwt3a5wYM8fe2qiUNDr63QUj1ROaNzmC1xkBO+1jW\/7CUW9lpVcwEAoFcFNgN8O33NHJA8vWZBoZ\/DYapcjdQupgM9e6isfgDmZiKATgDeqypQr+xd5\/LxyU\/RaPY9WOrIA8tPoSbI4N5AzqLxsVTHUngrFvnBCp+sgER84VU63qRZ4itrOD3FYJU3stRdg5YQfis\/d+tEZBlyoYJ4ATDZAj\/kcCuYRT77zCSFHuHOB1KTRYG0hb0q7Z2Ba4CvPQRRk6muSXX0kBVMJLBihtC5xn9TlKS5E5Or5xNT0IVCbJPzjDTyhTW9thsz5mXaXay20wG71jZ8jQuNobEb1Fi+sv60gljhkHSNO1\/hEvCWh2DnTZNjBOW5bAa6jz6\/T2KEhvp9xBSsYVBBh4QxUxKpxw=="}
00423{"flow_id":63,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1231,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582355,"pkt_ts_usec":822954,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo0+EAAO8G4S4RrUJmwKgCBAG7wDWkxichfnJGDVAQC2k7VAAA"}
-00536{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_tot_l4_data_len":160,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":20,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_tot_l4_data_len":3080,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00530{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_tot_l4_data_len":1420,"flow_min_l4_data_len":32,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":83,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_tot_l4_data_len":1420,"flow_min_l4_data_len":32,"flow_max_l4_data_len":202,"flow_avg_l4_data_len":83,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00519{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_tot_l4_data_len":96,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_tot_l4_data_len":2313,"flow_min_l4_data_len":30,"flow_max_l4_data_len":297,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00525{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00499{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_tot_l4_data_len":23686,"flow_min_l4_data_len":31,"flow_max_l4_data_len":518,"flow_avg_l4_data_len":119,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_tot_l4_data_len":18754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_tot_l4_data_len":18754,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":104,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_tot_l4_data_len":624,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_tot_l4_data_len":5178,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":235,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00507{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_tot_l4_data_len":37144,"flow_min_l4_data_len":30,"flow_max_l4_data_len":491,"flow_avg_l4_data_len":80,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_tot_l4_data_len":262,"flow_min_l4_data_len":45,"flow_max_l4_data_len":217,"flow_avg_l4_data_len":131,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_tot_l4_data_len":15928,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":419,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_tot_l4_data_len":4009,"flow_min_l4_data_len":30,"flow_max_l4_data_len":324,"flow_avg_l4_data_len":167,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":42,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00524{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_tot_l4_data_len":60,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_tot_l4_data_len":150,"flow_min_l4_data_len":42,"flow_max_l4_data_len":108,"flow_avg_l4_data_len":75,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_tot_l4_data_len":780,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_tot_l4_data_len":16580,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":312,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_tot_l4_data_len":8617,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00543{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
+00505{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_first_seen":1432582233314,"flow_last_seen":1432582233518,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.186.135.8","src_port":49192,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_first_seen":1432582227884,"flow_last_seen":1432582228167,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.14","src_port":49203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_first_seen":1432582235999,"flow_last_seen":1432582236282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.59","src_port":49180,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_first_seen":1432582235998,"flow_last_seen":1432582236282,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_first_seen":1432582234869,"flow_last_seen":1432582235028,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.52","src_port":49182,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1249,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_first_seen":1432582233751,"flow_last_seen":1432582233926,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.49","src_port":49191,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":10,"flow_first_seen":1432582271840,"flow_last_seen":1432582331780,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":3000,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS.Apple","breed":"Safe","category":"Web"}}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":17,"flow_first_seen":1432582222253,"flow_last_seen":1432582223191,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":876,"flow_avg_l4_payload_len":51,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00527{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249292,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310666,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"169.254.166.207","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_first_seen":1432582244297,"flow_last_seen":1432582244462,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.31","src_port":49164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_first_seen":1432582331561,"flow_last_seen":1432582331825,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310665,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":20,"flow_first_seen":1432582296339,"flow_last_seen":1432582310668,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":289,"flow_tot_l4_payload_len":2153,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_first_seen":1432582296339,"flow_last_seen":1432582310667,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_first_seen":1432582296338,"flow_last_seen":1432582310667,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_first_seen":1432582296337,"flow_last_seen":1432582310664,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_first_seen":1432582249235,"flow_last_seen":1432582249492,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00533{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_first_seen":1432582250339,"flow_last_seen":1432582250618,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":198,"flow_first_seen":1432582303300,"flow_last_seen":1432582311036,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":22102,"flow_avg_l4_payload_len":111,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00522{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00534{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00519{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":180,"flow_first_seen":1432582227643,"flow_last_seen":1432582361929,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12974,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":12,"flow_first_seen":1432582303186,"flow_last_seen":1432582310134,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":528,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00518{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":22,"flow_first_seen":1432582228503,"flow_last_seen":1432582353955,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4474,"flow_avg_l4_payload_len":203,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_first_seen":1432582284806,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00519{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":464,"flow_first_seen":1432582258730,"flow_last_seen":1432582268457,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":483,"flow_tot_l4_payload_len":33432,"flow_avg_l4_payload_len":72,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1432582227526,"flow_last_seen":1432582227594,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":209,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":123,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":38,"flow_first_seen":1432582227604,"flow_last_seen":1432582260448,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15132,"flow_avg_l4_payload_len":398,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":24,"flow_first_seen":1432582238792,"flow_last_seen":1432582267974,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":3817,"flow_avg_l4_payload_len":159,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267973,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_first_seen":1432582238792,"flow_last_seen":1432582267975,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267972,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267971,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_first_seen":1432582238791,"flow_last_seen":1432582267970,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_first_seen":1432582238790,"flow_last_seen":1432582267969,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_first_seen":1432582227595,"flow_last_seen":1432582227624,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":52190,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00532{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_first_seen":1432582245413,"flow_last_seen":1432582245576,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.8","src_port":49167,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_first_seen":1432582284805,"flow_last_seen":1432582285047,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":134,"flow_avg_l4_payload_len":67,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00141{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test"}
diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out
index 733acca43..38d9478ce 100644
--- a/test/results/whatsapp_login_chat.pcap.out
+++ b/test/results/whatsapp_login_chat.pcap.out
@@ -1,13 +1,13 @@
00487{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582377,"pkt_ts_usec":898864,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="}
-00518{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582379543,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582379543,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00450{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582379,"pkt_ts_usec":543659,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA+Df0AAEAR51zAqAIEwKgCAfEBADUAKg3CrIsBAAABAAAAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAQ=="}
-00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582379543,"flow_last_seen":0,"flow_tot_l4_data_len":42,"flow_min_l4_data_len":42,"flow_max_l4_data_len":42,"flow_avg_l4_data_len":42,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00661{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432582379543,"flow_last_seen":0,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00623{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582379,"pkt_ts_usec":571955,"pkt_caplen":204,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":204,"pkt_l4_len":170,"pkt":"APS5Jrv0xiwDYGpkCABFAAC+Me8AAEARwurAqAIBwKgCBAA18QEAqrdkrIuBgAABAAgAAAAAA2UxMgh3aGF0c2FwcANuZXQAAAEAAcAMAAEAAQAAAiQABLitsy\/ADAABAAEAAAIkAASeVTpnwAwAAQABAAACJAAEuK2zLMAMAAEAAQAAAiQABLitsyPADAABAAEAAAIkAARsqLDGwAwAAQABAAACJAAEnlU6NMAMAAEAAQAAAiQABJ5VOg\/ADAABAAEAAAIkAASeVTol"}
-00679{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":42,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}}
-00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432582379591,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00690{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"},"dns": {"query":"e12.whatsapp.net","num_queries":1,"num_answers":8,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"184.173.179.47"}}
+00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432582379591,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00452{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582379,"pkt_ts_usec":591505,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"xiwDYGpkAPS5Jrv0CABFAABAjylAAEAGEH7AqAIEnlU6D8A2FGYksXJ9AAAAALAC\/\/+BgwAAAgQFtAEDAwQBAQgKLfyAogAAAAAEAgAA"}
00448{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582379,"pkt_ts_usec":745503,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"APS5Jrv0xiwDYGpkCABFAAA8XOEAADUGjcqeVToPwKgCBBRmwDYfJVHSJLFyfqAS\/\/8RNgAAAgQFrAEDAwkEAggKXZ2yry38gKI="}
00434{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582379,"pkt_ts_usec":848522,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0bGhAAEAGM0vAqAIEnlU6D8A2FGYksXJ+HyVR04AQIFgeowAAAQEICi38gaNdnbKv"}
@@ -22,7 +22,7 @@
00465{"flow_id":3,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582380,"pkt_ts_usec":975003,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"xiwDYGpkAPS5Jrv0CABFAABHh\/lAAEAGF6fAqAIEnlU6D8A2FGYksXPtHyVSVoAYIE+VnAAAAQEICi38hgZdnbcFgAAQqn0yZ6EpS9vbskJXFYhLcg=="}
00465{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":134521,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"APS5Jrv0xiwDYGpkCABFAABJN7sAADUGsuOeVToPwKgCBBRmwDYfJVJWJLF0AIAYAgJJ0gAAAQEICl2duBct\/IYGgAASMNKDKRpEFhPS2sk7RlPTnJ77"}
00487{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":151252,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"APS5Jrv0xiwDYGpkCABFAABYP+0AADUGqqKeVToPwKgCBBRmwDYfJVJrJLF0AIAYAgIQ5QAAAQEICl2duCct\/IYGgAAhcJs82WMNq3CnmaF1toG0Zp8XSCzemAAoxR129U3S+qk4"}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432582381179,"flow_last_seen":0,"flow_tot_l4_data_len":1460,"flow_min_l4_data_len":1460,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":1460,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432582381179,"flow_last_seen":0,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02373{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":179399,"pkt_caplen":1494,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1494,"pkt_l4_len":1460,"pkt":"xiwDYGpkAPS5Jrv0CABFAAXIltFAAEAGh5\/AqAIEEa1CZsA1Abt+clmMpMYxPVAQQABXnAAAFwMDB3i+HiPgShCayKsiCSxppt+UVMG6sNLf32XwXp\/5y1\/Gi93F3S41DWF8\/kCqCE3bWkUsOQ\/D44TQ+2n51pbyMSPLw0aW5BBc1KN+NXFB6c0\/EvLUkiCkXMNnoBikvRGoWqnT3MsBLR3ifxEfJkx0KA0FgI9JutlWbXDDUTzCRBEZTuRft2ygLhc453pAbiPG9v0WPMDLHXiyCBIVg\/B5dK4qKFD6E2UMKFMhu4mZRR2j\/6qxWlXTvDrMGoz+8Qo7VA74VXDOmIIqRacL+CmsjHCFgzIlevE9HbzQStt3waOocRqfRvIAnyjErcnsgCXougYuTv7e+MXADNmAZBilIIoi3Uil6da7kvrxaXQ4p+uZdx7Gy5yoHJv8xUlpNlf\/6TnuDJ0Sr34mxp2ViDhiTjdQbwAa3oxSYIriERZCD+iy2XBPrLEva6gxIYSFoMA1nMvNEDvwHAwVpPX12H1IQq6zqjIg+g2T3TBZpcZ71NLHtrlkBg9o5NZd7LL0MCoUc5LF5gFQhEphIEtekSiwBF\/vWaUkYpAxP7LvgNiCoLKAfwM9RyhmY\/groOK8zq86A8Z\/A5kmVimU2YKg3RBFJIj4fY5ZjJv5w7NZlJ5I4tkbJJp4AoKwuThn7szdjjoI\/Gz6k3Cz8YZmXMOwDviwyDpLeaUvIrJPOa1ciNsy0vHmM7ukkMbC8Ej95C27cDvULH7dL6T0XGOtlAh\/1i8BfnuG9hN4cxa\/b+5gAAhOFw1eAAyMGcUy23P+89rorZ3KMrek+vuNcICgkwnazh1Z5AFtIzlWlMfxbaxy\/+pJoR3DnO0EuyOOHz4IdCogPPXsieGyIHTaGzpebRd3ow8OikTIF2RiPLnkFeI25KqwWpGL6weTaFVmxqKuafYQNbLXqeb1mf\/DlBl7xTHdJ\/K7sh+ashtIQDjtOnXuANeb1sDwla5nv+DnrsBoezknxm9kI8r\/CTGWQN\/tTHUBQ3JnQu2sU3BgKQv67idjs6\/xEGKN0fSceO\/OmdSiRN4eY5AKeqGiRb0iQcOp0eoO0nHkil+B5uKPiznWHrrsTIB9dEBiXQpdbXNu0tyB5osy9qzKMkf\/o9uJ+QSQ5cIo7DjRzFZnpJOkCxvvXWU+FpzDhZxIpMTrOA0QqAGTa21N2fhnR7KTBe68GBzD362LyujtxvtI68Y+e4qwU8QRYv94bSptDA1mC5d7hLaair0kLj5FJuw9fQYw56jdCBuIztl42Q9ip+eJzWCXzcqrMuxyZhMkusneUAU213bxe7LIroTzopLTvDr1KXzVypQq1ZP5NCiggcKfqeKZidfD+aXqLGRh7olUlGpaHuqy1maaxpidAIrK\/rniCznE3Y8bsAPAq11XlkH+mjEIj4B5Et\/0lF+xCPP+z5E9ZGqKuPoSIYCKQzbemYTMMkhnWOl6BB5kOc48mQHXcM\/HEeMKQ4qb33pU8bbK3Mr9Vb0pzxFXpDLLr1AV4WOOsDEdqZRvrHbAGGit7Ox3YtWydJ61deheU2gY0jifGxvWb6TKpitF7KENLzDKe6R1+jkekRnLVGAoiZ6cidxCTodgPGJaODRed4KQauNt6lzH+E+PJp48Tc7z95H2uvpzfMxaqZdwBSkB4v4ScjVowzkErkvUxVQNOveEwAJQDuk\/MJnrSUEivzWnCcp3a+GPlrKE2YjKybAPuXK8NmegG3utqM2DgTsUTgCNR+3ESE1g9tqjPpb6WMGMIfSBz2fb5tlr8mBN4CEu0H72FkFaOVAQvrDFdSC9uWsLI+9xr\/qifTPscJiK47gZwd7xJ1+AvgSKzzkjQwgSwyGtffBvX0O0GlFuSMAxYjLubFvVAvKhF6gkJ9oPlwZ9pkLOs5hTGXcjvBfkdt78lFxJQl3eijMQRas5LDn3A9Tn53tCW5oXAuOYXz4b"}
01064{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":179706,"pkt_caplen":531,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":531,"pkt_l4_len":497,"pkt":"xiwDYGpkAPS5Jrv0CABFAAIFAqxAAEAGH4jAqAIEEa1CZsA1Abt+cl8spMYxPVAYQAAK4wAA+zXxkGmxqmlJcwlR7TpHpRtDDy9iaRt9w+hOFsERXuy8gwV22TTGXYqWLP3aSg0FRpPNh6b2JxTA9OSkJEk04NCfWqJRauLthWRuA7XoVn8i6Smk+coAOa3u15Yq91KVTfK0Likn42RkhoMCTU67u6i6Y4GW7d7uWiM6L3uLokbbGTmGs29u3afEGnNWZwLcuyp6rGxmPmWxvxgkiNCzEIsj5+jDbrTqLXDyyF322ZG7ztnAr92I1EUwbaElkdT9P28rYnazLdDX3NtrMNZoVpJg+JtJ\/7kZqQ2Wqzmg\/a3xXi4EVY3r6CTewAoUnubR3Qb8d8SxZWO8dXB980UXO8ObJWaEL5I20Sp30w7kYXi8hv4VgTLwR\/5GH+diyQKZuXNNplXdUL9qR0BnzfYHcTgjG28TOg74dTk611xDBeVR4Itg6rhO4EXCbpfiRmK6bb3CXGkaTCMHxUnezI+xc2Wog+XxCXrGyOiN2uGEyOBaMLxsAdU\/WfMK5Hg2kk6QV97kZZAhmz0GEeQIuwbiHtXsFgOmiLHGkBFU3uvrL2U0AIsy\/dg28ProYM\/UVKotXUmjaEkwo4XPHqyzoqhSMSd8fGbpRTWD+Jj7SG1OLSQLZ6OzyLhulPpesWWw"}
01180{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":179774,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"pkt":"xiwDYGpkAPS5Jrv0CABFAAJULUhAAEAG9JzAqAIEEa1CZsA1Abt+cmEJpMYxPVAYQAAkaQAAFwMDAifRP6n1iN3uB\/Uhy6B3MN22nTeVXJRqDhAyLGWagzjVPV67eGMiWlDpxIYk9ZRXb8ENyJMklAVg5qQxAfredM796d1woE5CM\/dDlnC9hhfBLqlOMT0Sc23vnR6S0CtE+vcI2IEc50YYFIr8cCuBcLPUtehQ+6FiIBzPUNdC8gBpCK0l8ehCaB6UsJ+9Lz+rqI7LymD80O7JD9GQGlEzf0ROrOYPwKN9oloslBYMUuNcVtuTSnZlQf6clnYgiVqjkPEIWZnj1\/SzJxC0XzXDZTCazzjZUphrvHsUFVKI\/iQfQLn2Pm20z\/bY+umTrESbc\/Rb\/jTAxKkWPlTguW5QNPTgHe+8CLbu8GlNIUhp6XnzV0lotZMlMuaBJakvd6GmWA8qWeiSGeNI8Nxabsp54T+pQf+cFTWMVSzn894mO+DZZ3gtq32z87kDjYiMhE2jHBbOrnjFvxmtQtZu7lyboSLDYh55cOzJECLrbK8MSRuDtHOP5G6iepYtPwv3WMGLCV+hTD9hULIUKlQnW8NxmNPf6x7m2WXh+T5KFO1k2GNZTSM8sWZLLJiGPB3r5p1nS3ObF9UaRS1rU\/+0JK5FT6PVQl\/T6rcJ66cGodbOS0a03YtqhfdlphEfqQSNy4IBPyE7+TYhqlI5kH8vw+oFYBVtxUinzFEEO03Tz6ey1LN8P\/4vb9rv1pyNfFxaNarK\/6\/1noAhKaU7nGWU\/L6Er+GI\/BOXYTn7Ng=="}
@@ -39,44 +39,44 @@
00420{"flow_id":4,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":599912,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo17wAAO8G3VMRrUJmwKgCBAG7wDWkxjZJfnJquVAQDFcGkgAA"}
00420{"flow_id":4,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":606300,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"APS5Jrv0xiwDYGpkCABFAAAo170AAO8G3VIRrUJmwKgCBAG7wDWkxjZJfnJs5VAQDZwDIQAA"}
01710{"flow_id":4,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582381,"pkt_ts_usec":620039,"pkt_caplen":1002,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1002,"pkt_l4_len":968,"pkt":"APS5Jrv0xiwDYGpkCABFAAPc178AAO8G2ZwRrUJmwKgCBAG7wDWkxjZJfnJs5VAYDjcl0QAAFwMDA69vvIYk3Ko6rugH3jgGDMOT3VFELbXeKs50Eh+057gTJ41BYk2sCfGAx2HtgW66Ff\/JAbcu19h+hP+KOhrYOFMw7qF9oiMRSnpvBuncaPbx+9sm\/hNHpfZz1g5T1Yt6MhAdZVSInoqP9trRM8WqGeTFXrsDMrmgxB3FZQnlKOjYzGagY\/zlmme3R0OIPXYo\/XB\/Woq4Kop0uZLlXn9QSgrbqj3pq7H\/GqqEETQl4fI1CJu66wLakDNAjVZ7pTaqAdWBWlZddytsoQNkYy1018CUf47qBPNW8xzeqV7xCAGJgyiv\/O4O\/6TzdwuMy5hZ9FpRGdJxX3aCVvPHJUO4Wjl6WLivpmegKVl8PxtcqMslbd5GpZ\/T1ywswAZ\/RcGUxYsM5xUxt1pc6wPBilBuoGaCSrc2hefnXeJMki8VNYeiOrGTLOz0Wr6LdMs1HPzGUOnvKGywLaQwEnD+477osjV1eFgfqtt0BI3fL0opznImhDazdxnkPemTDAWtZbLunu4Zoqr9Gx\/tlnms4LItMsSSpfQfRLL74oqf3UGry2rcbJ\/2XRmUx6LAh+Gv3EcU+9zzSahMNWwfzsYnYFgEtb\/qVU0y\/Y3AN2YXTm+Ubg\/SrnF6m1RVZ9HR3Lfy8zlld3eAN4Tgg4BdOPzZciXzTDHOX2RcBP8kh6FZk4UKeAg9XZoOnLEZhmWtdET5zMyOTYbgzsCdqnsercuAHFdA5OWL0UY66mDLCogVpKZzAb7z8GasV7CW6A3d4cvqmVRQNKrWUfiMilt6wJxY7DaoaEmaS7WBtKA9Cy4s0s2tYVEqNKjlX9blTQSkDnaxq23ts9Puv8OgiOJQcR\/5wbC7a1hmJjM0pC6fX7y5TRSKJuKY86OKFGdSohBr+uZe6tHzvHZK\/zmxyQPJd7WdxbaqlIZ+KCX9+slmJgYj0f3NOY1EpCgoKAALfTkvYHBmBrYcaWtt3hynBzZhI+BI12kRQtdVEBcng7xpEOorZ1egAl5d2SwV\/axE5xMw5HekITIbqyKykUZuuoo8TkOVZfmCbxN9fxxHGeFcBo3xlST4wNRrVeAujRQ2Z4rfarBVl3itEgiXG3TSQjIMcVbTHF2\/L8hKt0jTjoVsDp4ofmgIOyoHfhJGD6Eo\/aUrLIpW06wPgMoxLVVv2n7e0euCuLOhTEd+XJITPQx944tBy2d6tcBYxZg6BqO0CbvAC87nyju+tuQUTKXy61rh0HD9tYNME\/VyHXxsReBVFCk7Bvf1DhB2"}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432582377898,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01088{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582396,"pkt_ts_usec":509617,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISQPEAAEARsZnAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00523{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582399902,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432582396509,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582399902,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00821{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582399,"pkt_ts_usec":902785,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFYAAP8Rdk8AAAAA\/\/\/\/\/wBEAEMBNOdfAQEGALYzLg4AAAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00566{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582399902,"flow_last_seen":0,"flow_tot_l4_data_len":308,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
+00578{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432582399902,"flow_last_seen":0,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3,6,15,119,95,252,44,46"}}
00821{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582401,"pkt_ts_usec":886119,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFcAAP8Rdk4AAAAA\/\/\/\/\/wBEAEMBNOddAQEGALYzLg4AAgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00471{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582402,"pkt_ts_usec":666171,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"pkt":"AQBeAAD7APS5Jrv0CABFAABNW6AAAP8RvFfAqAIE4AAA+xTpFOkAOcRNAAAAAAACAAAAAAAABV9yYW9wBF90Y3AFbG9jYWwAAAyAAQhfYWlycGxhecASAAyAAQ=="}
-00552{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582402,"pkt_ts_usec":667840,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"pkt":"MzMAAAD7APS5Jrv0ht1gCRl1ADkR\/\/6AAAAAAAAAGJzDGxKYAiT\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5eQMAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADIABCF9haXJwbGF5wBIADIAB"}
-00562{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
+00574{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_raop._tcp.local"}}
00821{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582404,"pkt_ts_usec":307907,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFgAAP8Rdk0AAAAA\/\/\/\/\/wBEAEMBNOdaAQEGALYzLg4ABQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00821{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582408,"pkt_ts_usec":585607,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFkAAP8RdkwAAAAA\/\/\/\/\/wBEAEMBNOdWAQEGALYzLg4ACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_tot_l4_data_len":57,"flow_min_l4_data_len":57,"flow_max_l4_data_len":57,"flow_avg_l4_data_len":57,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582411561,"flow_last_seen":0,"flow_tot_l4_data_len":341,"flow_min_l4_data_len":341,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":341,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432582402667,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip6","src_ip":"fe80::189c:c31b:1298:224","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432582402666,"flow_last_seen":0,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582411561,"flow_last_seen":0,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00854{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582411,"pkt_ts_usec":561512,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu4AAC8GqngRbuUOwKgCBBRnwCnUixwguGhbLIAYAUleegAAAQEICm+JVxEt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582411561,"flow_last_seen":0,"flow_tot_l4_data_len":341,"flow_min_l4_data_len":341,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":341,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432582411561,"flow_last_seen":0,"flow_min_l4_payload_len":309,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":309,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","ndpi": {"proto":"ApplePush.Apple","breed":"Safe","category":"Cloud"}}
00854{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582412,"pkt_ts_usec":221359,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJu8AAC8GqncRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlb7AAAAQEICm+JWZ8t\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00854{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582413,"pkt_ts_usec":522659,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvAAAC8GqnYRbuUOwKgCBBRnwCnUixwguGhbLIAYAUlW0AAAAQEICm+JXrst\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00854{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582416,"pkt_ts_usec":119241,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvEAAC8GqnURbuUOwKgCBBRnwCnUixwguGhbLIAYAUlMmAAAAQEICm+JaPMt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00821{"flow_id":6,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582416,"pkt_ts_usec":626472,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFoAAP8RdksAAAAA\/\/\/\/\/wBEAEMBNOdOAQEGALYzLg4AEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
00854{"flow_id":9,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582421,"pkt_ts_usec":365471,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"pkt":"APS5Jrv0xiwDYGpkCABFAAFpJvIAAC8GqnQRbuUOwKgCBBRnwCnUixwguGhbLIAYAUk4KAAAAQEICm+JfWMt\/BtwFwMBATAEtIuqVIsa2PHNKJeXP8xTjhoqWdhKZwOmK+i+hD5yD1M8ZM2np34aAKWtz8Bb1aOnbLJLQUe09gfoXrYrjNyw4Kz3tEhKuIJxuOR\/NLSkV4SGkIhMwiudLCMa+dHjOQ4E1rq3emNZqDFKuO5luZdltedNjC1Ni5FOba+q6FF8xJzIsSuI9Rh7dvtMvFQuN0jBEi2sNdUH+3VURleCkMaERRQQs2Fub+QUSLgkRAhefAGFzZxVCC52B4evzq7Cz7lW8fuDhUSEwqmRuVuaK7KmZTAj\/JcTRaXUVChFbQXi6T9DG8GOYrQ3cgORiCgEhtpuRfeKNmM1Ic+HX03yWe2oxtSVVy4N22M9Svs5SDcjT\/U2Guvq6M+RgrH5sh4Ew0i0LSm0dEuk7kx1gbhQeJQH"}
00821{"flow_id":6,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582425,"pkt_ts_usec":196086,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFsAAP8RdkoAAAAA\/\/\/\/\/wBEAEMBNOdFAQEGALYzLg4AGgAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01090{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582426,"pkt_ts_usec":553706,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAISk3sAAEARXw\/AqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="}
-00524{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
+00536{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00650{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432582431,"pkt_ts_usec":565397,"pkt_caplen":220,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":220,"pkt_l4_len":186,"pkt":"APS5Jrv0xiwDYGpkCABFAADOJvMAAC8Gqw4RbuUOwKgCBBRnwCnUix1VuGhbLIAZAUnUJAAAAQEICm+JpTEt\/BtwFwMBAHDYSydR01U4MXShqjjP\/e6ozSqHDVuZ8Us7t5fLSxg\/JTSqTU1rbh5BP52nKbmElzpUYdGkXfEnn2PaHKB1t4LzV\/pkQ5JZxi+qRHMWxqelxwlH4daQC2wVBaO6VgWkkLBvXyNAW3gXtTuKympv3KY2FQMBACAIXcm+uxec4nsB2p08pVk5ZiggKezrR8Gc5wbiqdSlnQ=="}
-00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_tot_l4_data_len":1848,"flow_min_l4_data_len":308,"flow_max_l4_data_len":308,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_tot_l4_data_len":510,"flow_min_l4_data_len":510,"flow_max_l4_data_len":510,"flow_avg_l4_data_len":510,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_tot_l4_data_len":212,"flow_min_l4_data_len":42,"flow_max_l4_data_len":170,"flow_avg_l4_data_len":106,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00515{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_tot_l4_data_len":1943,"flow_min_l4_data_len":32,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
-00500{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_tot_l4_data_len":1943,"flow_min_l4_data_len":32,"flow_max_l4_data_len":233,"flow_avg_l4_data_len":64,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_tot_l4_data_len":1891,"flow_min_l4_data_len":186,"flow_max_l4_data_len":341,"flow_avg_l4_data_len":315,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00529{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_tot_l4_data_len":19875,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":451,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_tot_l4_data_len":19875,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1460,"flow_avg_l4_data_len":451,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":6,"flow_first_seen":1432582399902,"flow_last_seen":1432582425196,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1800,"flow_avg_l4_payload_len":300,"midstream":0,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432582426553,"flow_last_seen":0,"flow_min_l4_payload_len":502,"flow_max_l4_payload_len":502,"flow_tot_l4_payload_len":502,"flow_avg_l4_payload_len":502,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_first_seen":1432582379543,"flow_last_seen":1432582379571,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":162,"flow_tot_l4_payload_len":196,"flow_avg_l4_payload_len":98,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":61697,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00525{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
+00510{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":30,"flow_first_seen":1432582379591,"flow_last_seen":1432582399306,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"158.85.58.15","src_port":49206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00514{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":6,"flow_first_seen":1432582411561,"flow_last_seen":1432582431565,"flow_min_l4_payload_len":154,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":283,"midstream":1,"l3_proto":"ip4","src_ip":"17.110.229.14","dst_ip":"192.168.2.4","src_port":5223,"dst_port":49193,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00540{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00139{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test"}
diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out
index 972b75780..bb1b5f5a4 100644
--- a/test/results/whatsapp_voice_and_message.pcap.out
+++ b/test/results/whatsapp_voice_and_message.pcap.out
@@ -1,5 +1,5 @@
00494{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820558921,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1432820558921,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00453{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820558,"pkt_ts_usec":921094,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="}
00427{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820558,"pkt_ts_usec":982129,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"}
00425{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820558,"pkt_ts_usec":982220,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo9o9AAEAGzlsKCAABuK2zLoqYAbsGFK3s+etSFVAQOQh0kgAA"}
@@ -15,51 +15,51 @@
00427{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820560,"pkt_ts_usec":235242,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo9pRAAEAGzlYKCAABuK2zLoqYAbsGFK7S+etTDFAQPLhvBQAA"}
00471{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820560,"pkt_ts_usec":235333,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABI9pVAAEAGzjUKCAABuK2zLoqYAbsGFK7S+etTDFAYPLhs9wAAgAAddpKjam22WfwfcejRXzOwKhF5uWMahhWTEd2hQD4="}
00429{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820560,"pkt_ts_usec":235455,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAAhAABAG9OO4rbMuCggAAQG7ipj561MMBhSu8lAQ\/\/+rnQAA"}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820567259,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820567259,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820567,"pkt_ts_usec":259228,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820567259,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1432820567259,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00470{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820567,"pkt_ts_usec":597088,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIAA5AABAR7VEfDVQwCggAAQ2W0XQANI6xAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAHzk56wzx5AAgAIAAABTZrCzrs="}
00583{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820567,"pkt_ts_usec":597180,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00471{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820567,"pkt_ts_usec":917126,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIAA9AABAR7VAfDVQwCggAAQ2W0XQANNaZAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAGqbZ6wzx5AAgAIAAABTZrCz\/k="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820567917,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820567917,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820567,"pkt_ts_usec":917248,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820567917,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1432820567917,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00470{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":117413,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABBAABAR908fDUowCggAAQ2W0XQANMmPAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGyFZ6wzx5AAgAIAAABTZrC0PY="}
00583{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":118085,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00470{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":346844,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABFAABAR904fDUowCggAAQ2W0XQANO2fAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGNHp6wzx5AAgAIAAABTZrC0d0="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820568346,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820568346,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":346936,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820568346,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1432820568346,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00471{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":646771,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABJAABARAU4fDUAwCggAAQ2W0XQANK\/IAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAG83p6wzx5AAgAIAAABTZrC0t8="}
00583{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":646863,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00470{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":946667,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABNAABARAU0fDUAwCggAAQ2W0XQANMbTAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAGkqZ6wzx5AAgAIAAABTZrC1Ak="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820568947,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820568947,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820568,"pkt_ts_usec":947491,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820568947,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1432820568947,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00471{"flow_id":5,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":197308,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABRAABAROYut\/HkBCggAAQ2W0XQANOG6AQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGGsp6wzx5AAgAIAAABTZrC1Qc="}
00583{"flow_id":5,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":197369,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00471{"flow_id":5,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":427136,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABVAABAROYqt\/HkBCggAAQ2W0XQANNKXAQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGU1Z6wzx5AAgAIAAABTZrC1gc="}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820569427,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820569427,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":427258,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00535{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820569427,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00547{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1432820569427,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00470{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":716748,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABZAABAR7RmzPMAwCggAAQ2W0XQANM1bAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGhQp6wzx5AAgAIAAABTZrC1xA="}
00583{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820569,"pkt_ts_usec":716839,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00468{"flow_id":6,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":6695,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABdAABAR7RizPMAwCggAAQ2W0XQANLmCAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGz+p6wzx5AAgAIAAABTZrC2DE="}
-00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820570006,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820570006,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00581{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":6787,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820570006,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1432820570006,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00472{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":428723,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABhAABAR8bcfDU\/ACggAAQ2W0XQANGvgAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGA\/J6wzx5AAgAIAAABTZrC2ZA="}
00583{"flow_id":7,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":428815,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00471{"flow_id":7,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":876782,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABlAABAR8bYfDU\/ACggAAQ2W0XQANGAYAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGLCJ6wzx5AAgAIAAABTZrC20w="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820570876,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820570876,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00584{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820570,"pkt_ts_usec":876843,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820570876,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1432820570876,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00470{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":176892,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABpAABAR5EUfDV0wCggAAQ2W0XQANAkRAQMAGCESpEIAABBswYmYde0br2MAIAAIAAGc8p6wzx5AAgAIAAABTZrC3MQ="}
00584{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":176953,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00470{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":488171,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABtAABAR5EQfDV0wCggAAQ2W0XQANLfgAQMAGCESpEIAABBswYmYde0br2MAIAAIAAHs556wzx5AAgAIAAABTZrC3f8="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820571488,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820571488,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00583{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":488232,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
-00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820571488,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
+00545{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1432820571488,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}}
00470{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":716839,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="}
00583{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":716900,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00470{"flow_id":9,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820571,"pkt_ts_usec":916791,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIAB1AABAR+EIfDUkwCggAAQ2W0XQANFhcAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGhVZ6wzx5AAgAIAAABTZrC3+M="}
@@ -67,7 +67,7 @@
00470{"flow_id":9,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820572,"pkt_ts_usec":158307,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIACNAABAR+DwfDUkwCggAAQ2W0XQANAYmAQMAGCESpEIAAOlKSWdSWOu7U1gAIAAIAAHyn56wzx5AAgAIAAABTZrC4M4="}
00583{"flow_id":9,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820572,"pkt_ts_usec":165112,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta4AAMAaiESpEIAAOlKSWdSWOu7U1hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"}
00470{"flow_id":9,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820572,"pkt_ts_usec":348004,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"ABoRAAACABoRAAABCABFAABIACRAABAR+DsfDUkwCggAAQ2W0XQANP21AQMAGCESpEIAAOlKSWdSWOu7U1gAIAAIAAH6TJ6wzx5AAgAIAAABTZrC4ZE="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820624900,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1432820624900,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820624,"pkt_ts_usec":900403,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA85gNAAEAGcjAKCAABnlU6Kq8TFGbeopMoAAAAAKACOQiB\/gAAAgQFtAQCCAoABHUrAAAAAAEDAwQ="}
00428{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820625,"pkt_ts_usec":66907,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoACpAABAGiB6eVToqCggAARRmrxMhXWzX3qKTKVAS\/\/8J0AAA"}
00426{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820625,"pkt_ts_usec":66998,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAo5gRAAEAGckMKCAABnlU6Kq8TFGbeopMpIV1s2FAQOQjQyAAA"}
@@ -91,7 +91,7 @@
00470{"flow_id":10,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":171765,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG5glAAEAGciAKCAABnlU6Kq8TFGbeopPXIV1woFAYQEg1\/gAAgAAb78l1yKPmE48GOiEZVqFHKYQhqE8rljRx6FSX"}
00431{"flow_id":10,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":171826,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoADBAABAGiBieVToqCggAARRmrxMhXXCg3qKT9VAQ\/\/8FPQAA"}
00470{"flow_id":10,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":171857,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"pkt":"ABoRAAACABoRAAABCABFAABG5gpAAEAGch8KCAABnlU6Kq8TFGbeopPXIV1woFAYQEg1\/gAAgAAb78l1yKPmE48GOiEZVqFHKYQhqE8rljRx6FSX"}
-00493{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820633802,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1432820633802,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":802533,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8gDdAAEAGI\/4KCAABrcDevaUBFGYwrPiRAAAAAKACOQgdJAAAAgQFtAQCCAoABHimAAAAAAEDAwQ="}
00430{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":803845,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoADlAABAG1BCtwN69CggAARRmpQHPUwduMKz4klAS\/\/9f4wAA"}
00428{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820633,"pkt_ts_usec":804974,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAogDhAAEAGJBEKCAABrcDevaUBFGYwrPiSz1MHb1AQOQgm3AAA"}
@@ -107,7 +107,7 @@
00431{"flow_id":11,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820634,"pkt_ts_usec":343609,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAD9AABAG1AqtwN69CggAARRmpQHPUwm2MKz5dVAQ\/\/9cugAA"}
00429{"flow_id":11,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820634,"pkt_ts_usec":343671,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAogD1AAEAGJAwKCAABrcDevaUBFGYwrPl1z1MJtlAQPLggAgAA"}
00466{"flow_id":11,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820634,"pkt_ts_usec":456219,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABoRAAACABoRAAABCABFAABBgD5AAEAGI\/IKCAABrcDevaUBFGYwrPl1z1MJtlAYPLj9EwAAgAAWfrtGzjhqLBHndb7yqzoImh+lmb+O5Q=="}
-00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820681899,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1432820681899,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00456{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820681,"pkt_ts_usec":899121,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8YBFAAEAG998KCAABnlU6bcI5FGZRO+t+AAAAAKACOQiNYgAAAgQFtAQCCAoABItvAAAAAAEDAwQ="}
00431{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820681,"pkt_ts_usec":901135,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAFlAABAGh6yeVTptCggAARRmwjmuxBSBUTvrf1AS\/\/\/2ZgAA"}
00430{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820681,"pkt_ts_usec":901684,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoYBJAAEAG9\/IKCAABnlU6bcI5FGZRO+t\/rsQUglAQOQi9XwAA"}
@@ -123,7 +123,7 @@
00465{"flow_id":12,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820682,"pkt_ts_usec":566571,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABoRAAACABoRAAABCABFAABBYBdAAEAG99QKCAABnlU6bcI5FGZRO+xirsQVzlAYPLjr7QAAgAAWDsoDGEZyEgGknOA4O3HZ3a6LvDYB+Q=="}
00432{"flow_id":12,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820682,"pkt_ts_usec":566693,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAF9AABAGh6aeVTptCggAARRmwjmuxBXOUTvse1AQ\/\/\/0HwAA"}
00463{"flow_id":12,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820682,"pkt_ts_usec":566785,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"ABoRAAACABoRAAABCABFAAA+AGBAABAGh4+eVTptCggAARRmwjmuxBXOUTvse1AY\/\/8M8AAAgAATlZD9+caNblEbGPqjRjXIs+FEQw=="}
-00489{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820693796,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1432820693796,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00457{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820693,"pkt_ts_usec":796979,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"ABoRAAACABoRAAABCABFAAA8Y3lAAEAGKR4KCAABnlUFx8lyAbsu9\/NsAAAAAKACOQjjKgAAAgQFtAQCCAoABJAVAAAAAAEDAwQ="}
00430{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820693,"pkt_ts_usec":846142,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAHNAABAGvDieVQXHCggAAQG7yXLRCAyTLvfzbVAS\/\/82fwAA"}
00429{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820693,"pkt_ts_usec":846234,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoY3pAAEAGKTEKCAABnlUFx8lyAbsu9\/Nt0QgMlFAQOQj9dwAA"}
@@ -139,22 +139,22 @@
00431{"flow_id":13,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820694,"pkt_ts_usec":604626,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAHhAABAGvDOeVQXHCggAAQG7yXLRCAziLvf0c1AQ\/\/81LAAA"}
00467{"flow_id":13,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820694,"pkt_ts_usec":654950,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"ABoRAAACABoRAAABCABFAABCY4BAAEAGKREKCAABnlUFx8lyAbsu9\/Rz0QgM4lAYOQgVDQAAgAAXtvdkyKnboCess\/qki09xS72kRAR872w="}
00431{"flow_id":13,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1432820694,"pkt_ts_usec":655133,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"ABoRAAACABoRAAABCABFAAAoAHlAABAGvDKeVQXHCggAAQG7yXLRCAziLvf0jVAQ\/\/81EgAA"}
-00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_tot_l4_data_len":1302,"flow_min_l4_data_len":20,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_tot_l4_data_len":1302,"flow_min_l4_data_len":20,"flow_max_l4_data_len":252,"flow_avg_l4_data_len":48,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_tot_l4_data_len":3689,"flow_min_l4_data_len":20,"flow_max_l4_data_len":988,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_tot_l4_data_len":3689,"flow_min_l4_data_len":20,"flow_max_l4_data_len":988,"flow_avg_l4_data_len":122,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_tot_l4_data_len":3426,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00506{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_tot_l4_data_len":3426,"flow_min_l4_data_len":20,"flow_max_l4_data_len":556,"flow_avg_l4_data_len":74,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00541{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_tot_l4_data_len":3501,"flow_min_l4_data_len":20,"flow_max_l4_data_len":525,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_tot_l4_data_len":3501,"flow_min_l4_data_len":20,"flow_max_l4_data_len":525,"flow_avg_l4_data_len":56,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00506{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_tot_l4_data_len":878,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_tot_l4_data_len":506,"flow_min_l4_data_len":52,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00539{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_tot_l4_data_len":2843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":274,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
-00507{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_tot_l4_data_len":2843,"flow_min_l4_data_len":20,"flow_max_l4_data_len":274,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00551{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsApp","breed":"Acceptable","category":"Chat"}}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":27,"flow_first_seen":1432820693796,"flow_last_seen":1432820695137,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":232,"flow_tot_l4_payload_len":742,"flow_avg_l4_payload_len":27,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.5.199","src_port":51570,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00518{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":30,"flow_first_seen":1432820624900,"flow_last_seen":1432820633508,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":968,"flow_tot_l4_payload_len":3069,"flow_avg_l4_payload_len":102,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.42","src_port":44819,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00517{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":46,"flow_first_seen":1432820558921,"flow_last_seen":1432820572412,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2486,"flow_avg_l4_payload_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00552{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00520{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":62,"flow_first_seen":1432820633802,"flow_last_seen":1432820681629,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":505,"flow_tot_l4_payload_len":2241,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.192.222.189","src_port":42241,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_first_seen":1432820568947,"flow_last_seen":1432820628171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00517{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_first_seen":1432820569427,"flow_last_seen":1432820629171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_first_seen":1432820570876,"flow_last_seen":1432820631171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_first_seen":1432820570006,"flow_last_seen":1432820630172,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":9,"flow_first_seen":1432820571488,"flow_last_seen":1432820632171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":806,"flow_avg_l4_payload_len":89,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_first_seen":1432820568346,"flow_last_seen":1432820627171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00515{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00550{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}}
+00518{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00147{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test"}
diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out
index 32ef13774..730f7f235 100644
--- a/test/results/whatsappfiles.pcap.out
+++ b/test/results/whatsappfiles.pcap.out
@@ -1,16 +1,16 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsappfiles.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1519924083411,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1519924083411,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00446{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":411187,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"}
00440{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":501147,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="}
00428{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":503118,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoRwJzRhWoAQCAWMQgAAAQEICijlFlQJITj5"}
00757{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":506116,"pkt_caplen":309,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":309,"pkt_l4_len":275,"pkt":"XEl5dU5qkLkxKPrKCABFAAEnAABAAEAG5ZnAqAIduTzYNcIKAbs8JoRwJzRhWoAYCAVSawAAAQEICijlFlYJITj5FgMBAO4BAADqAwPdYI75M\/7Hk5QfaVF+3jFJrn8JCAyxqJHjkbfYArYsNAAAKMAswCvAJMAjwArACcypwDDAL8AowCfAFMATzKgAnQCcAD0APAA1AC8BAACZ\/wEAAQAAAAAZABcAABRtbWctZm5hLndoYXRzYXBwLm5ldAAXAAAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAM3QAAAASAAAAEAAwAC4CaDIFaDItMTYFaDItMTUFaDItMTQIc3BkeS8zLjEGc3BkeS8zCGh0dHAvMS4xAAsAAgEAAAoACAAGAB0AFwAY"}
-00808{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_tot_l4_data_len":391,"flow_min_l4_data_len":32,"flow_max_l4_data_len":275,"flow_avg_l4_data_len":97,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1519924083411,"flow_last_seen":1519924083506,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":243,"flow_tot_l4_payload_len":243,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00428{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":596769,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKXEl5dU5qCABFAAA0WA5AAFUGeX65PNg1wKgCHQG7wgonNGFaPCaFY4AQAHKSgAAAAQEICgkhOVko5RZW"}
02309{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":598208,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"kLkxKPrKXEl5dU5qCABFAAWqWA9AAFUGdAe5PNg1wKgCHQG7wgonNGFaPCaFY4AQAHIKKQAAAQEICgkhOVoo5RZWFgMDAEoCAABGAwN2JuCvNTP6QWM9pzKD\/cxL\/UByXEXf445CpKr2ya+mhwDAKwAAHgAAAAD\/AQABAAALAAQDAAECACMAAAAQAAUAAwJoMhYDAwuSCwALjgALiwAG0DCCBswwggW0oAMCAQICEA+Bv5rm7v\/kFf2eyPNQljcwDQYJKoZIhvcNAQELBQAwcDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3VyYW5jZSBTZXJ2ZXIgQ0EwHhcNMTcwNDI2MDAwMDAwWhcNMTgwNTAxMTIwMDAwWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMMDioud2hhdHNhcHAubmV0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKdrV937kE6LLAefsbs3VWviuzemY3ZfxQN3xRakSsoaliv7Y5GrVsw7Zpf8qD64tpv1zZyu1q8d5QYPVFraNGKOCBDIwggQuMB8GA1UdIwQYMBaAFFFo\/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQWBBTOvtmcE\/Hpdw9nVhDPrrMPWW+2kzBtBgNVHREEZjBkghIqLmNkbi53aGF0c2FwcC5uZXSCEiouc25yLndoYXRzYXBwLm5ldIIOKi53aGF0c2FwcC5jb22CDioud2hhdHNhcHAubmV0ggx3aGF0c2FwcC5jb22CDHdoYXRzYXBwLm5ldDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNS5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNlcnZlci1nNS5jcmwwTAYDVR0gBEUwQzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAIBgZngQwBAgIwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIB8wYKKwYBBAHWeQIEAgSCAeMEggHfAd0AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVur6AdGAAAEAwBGMEQCIAdhL0JGHAwVstkFDxx5uR5tWMrXEnCfvfOAkhPvsX+vAiAtiNAjFenr8IsHyIUYNUyZMjKigiFM4zIicOvIQ5DBwQB1AFYUBpov18Ls0\/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABW6voCCYAAAQDAEYwRAIgDQwj0NpInNvmDAEDQ4iF6KcoHweDkWsnI4\/CZYl\/IasCIBnZc3Yh+lXUzgGhpKoW8UP5rkmTDNTqZacPZHfvsQ9AAHYA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFbq+gIGQAABAMARzBFAiA\/diVHEHyPEjw4Z8WjzlhKwA8CQfgK"}
-00867{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_tot_l4_data_len":1853,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":308,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1519924083411,"flow_last_seen":1519924083598,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":1641,"flow_avg_l4_payload_len":273,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
02312{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":599440,"pkt_caplen":1464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1464,"pkt_l4_len":1430,"pkt":"kLkxKPrKXEl5dU5qCABFAAWqWBBAAFUGdAa5PNg1wKgCHQG7wgonNGbQPCaFY4AQAHIPdQAAAQEICgkhOVoo5RZW\/dcoXSxsCU5cBAIhAINpYGdpWpazDDNWkzT9AR6h8LyEDdOOiu12dnqLjpgnAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFbq+gINwAABAMARjBEAiBNbuOMMijmq48wEigA3slTMwPvPBUfWU\/4HiDvX0W7twIgQbSpfsCXXKcWVWJ9SQwwLlHc5\/kWPUX+YuuSw4lvtAcwDQYJKoZIhvcNAQELBQADggEBAKQRblH81cOz2zGpLrJXKVJN+2RT6iGuRB0m8HtLDnViOFii7tA01AETzb\/L7K4HbmTAZQfoqSBnwHFSEHCADc4eWYZdR2U2Ufuolu2njjaxFekgWONG\/4xzBiNlIeRJjyflBRzXguDmsDa7zWatUfFbsv6fDRB4fAWF5JK9EfnADzrk+vI0GgTeIUkaiOnVjS8t78IFY5Hg+beLLgsLQhEz2pZSOmxwdnpYIfOgZ15tz0d1NeKorqQfcu8T77Jc\/QkRxQqfov8iS3+R602kQYkHG3B8Hd0ZwBt8kRHvwxG3ZmVmcgxu1BePoWkmVNTBeZV3W9REkaZYVGD+pjSm+UIABLUwggSxMIIDmaADAgECAhAE4eek3Fzy823AK0K4XRWfMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbgL8IkBshtBF\/X7wpkBrJ9IiZlFq5CQJvO3J+fdgc+wzBVhxm5T5QOWpQfVVa0wgIqr9CY7gtA18TQO3LIFJ7vkLERqa7SyLhDOtkLC9XVlfVAr8gd7U2cX1e3hlBomfWK2tLHBR+ol8ncpLGChC3GraWcxxmCpoUPXkRYKjeP\/TXxCwgnMlr1u4uepL1R0Cfi3TtCM6MFKMS7KMyarCsjDXjGe+ZecbdKPgj7gbcWFqGdIxJN5deSCKx1pJy6zReyHkQ1ZX9TJTnRHAqaYxsZknRoCjfCwlJIyzlaorbhXcHdoCC4IaKTJm8USiFBx+1tm\/JIL\/MD9aJoklMvXuMCAwEAAaOCAUkwggFFMBIGA1UdEwEB\/wQIMAYBAf8CAQAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBLBgNVHR8ERDBCMECgPqA8hjpodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJhbmNlRVZSb290Q0EuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBRRaP+QrwIHdTzM2WVkYqISuFlyOzAfBgNVHSMEGDAWgBSxPsNpA\/i\/RwHUmCYaCALvY2QrwzANBgkqhkiG9w0BAQsFAAOCAQEAGIqViQPm"}
00991{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":599471,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"pkt":"kLkxKPrKXEl5dU5qCABFAAHQWBFAAFUGd9+5PNg1wKgCHQG7wgonNGxGPCaFY4AYAHKF1QAAAQEICgkhOVoo5RZWbd9c\/B1o6kqPg9ZRL41rRBaerGP10m5shJmLqoFxhFvtNE6wt3mSKcwtgGrwjiDheaT+A0cT6vWGyllxffQElmvTWVg9\/tMxJVwYOISj5p+C\/YxbmDFOzXieGv2Fy0mq8ieLmXL8PqrVQQva1TahvxxuR0l\/XtlIfAPZ\/YtJoJgmQkDr1pIRpGQKV1TE9R3WAl5rrO7EgJoScvpWk9f\/vzCFBjC\/C39O\/1cFnSTthcMr+6Z1qKwtFu99eSey68KdCwfqqoXTAaMgKEFZQyjSgeOq9ux7O3e2QGKABUFFAe8XBj7ewDObZ9NhLnKH5Gn8EgBXQB5w9R7JtBYDAwCUDAAAkAMAF0EExpxPVDtuBFQHuVAFHEBmpSGMKpf00BMYBiPWkLpyx+JNXrgOTd0KWUhyHFVmRn7iyER6R8bAChbG8edEynweeQUDAEcwRQIgDJYRyDjJIqHtT7MRLB7fEpcF0WqS8J4d5Lu3j7TveiICIQDlEvs2xCJNS6AkGDjgUA7kn1LXVV8M5pEZzXbiWZhoOBYDAwAEDgAAAA=="}
-01236{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_tot_l4_data_len":3727,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":465,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}}
+01247{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":8,"flow_first_seen":1519924083411,"flow_last_seen":1519924083599,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":3451,"flow_avg_l4_payload_len":431,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","server_names":"*.cdn.whatsapp.net,*.snr.whatsapp.net,*.whatsapp.com,*.whatsapp.net,whatsapp.com,whatsapp.net","ja3":"107144b88827da5da9ed42d8776ccdc5","ja3s":"2d1eb5817ece335c24904f516ad5da12","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","issuerDN":"C=US, ST=California, L=Menlo Park, O=Facebook, Inc., CN=*.whatsapp.net","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"10:54:EB:4A:A2:2A:42:2F:A6:1C:E7:9C:F4:84:10:7E:30:2E:56:BB"}}
00429{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":602045,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoVjJzRsRoAQB9l\/zgAAAQEICijlFrQJITla"}
00430{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":603044,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoVjJzRt4oAQB9N+OAAAAQEICijlFrQJITla"}
00430{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924083,"pkt_ts_usec":681986,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoVjJzRt4oAQCAB9vgAAAQEICijlFwEJITla"}
@@ -18,15 +18,15 @@
00777{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924084,"pkt_ts_usec":60416,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"pkt":"kLkxKPrKXEl5dU5qCABFAAE2WBJAAFUGeHi5PNg1wKgCHQG7wgonNG3iPCaF4YAYAHI66gAAAQEICgkhOyQo5RgAFgMDAMoEAADGAAKjAADATITY1B9Ak7wZ6olRUGgkVPl3S5mgCrJekYUw0HX45Z9tQzv4rlsGmb+6NLUZ6w9Mxl3yixNtYRmbID+cqeo69nu8y0vFs1hO9HivALzzf9j40b0NikCxYoeQ0P+1UtRmYMXRNXrLprDl2bzvHQg0Zf8sEzS+f3lYmmex798boU7Lzz1Y9FphkwTwXdjo7fuWBUxelYpJv78DqNaEWn2BVLBww17aeRy+4RvBG25pGCQLky+W3IBA89xIJF673Xs6FAMDAAEBFgMDACjSpG+dn47MCFMdsvSuj5FxFTRYX6QESM80NxiP\/OYG0hUxje0vAoli"}
00541{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924084,"pkt_ts_usec":60422,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"kLkxKPrKXEl5dU5qCABFAACFWBNAAFUGeSi5PNg1wKgCHQG7wgonNG7kPCaF4YAYAHKq7AAAAQEICgkhOyQo5RgAFwMDAEzSpG+dn47MCdcjbp4IzLg5l0yxO7j7YS34Peee5iNn2m7z9rMVpOz\/mVJ21Y6Ls0iC1tnnuAStIDHvozNy+E7SSWzXzb7BjEE8WbmQ"}
00430{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924084,"pkt_ts_usec":62704,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIKAbs8JoXhJzRu5IAQB\/t5AAAAAQEICijlGHoJITsk"}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1519924240121,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1519924240121,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00448{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":121220,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIiAbuCj0EnAAAAALDC\/\/+6MAAAAgQFtAEDAwYBAQgKKOd3WAAAAAAEAgAA"}
00442{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":177946,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wiLPr2ypgo9BKKASbTgw1AAAAgQFggQCCAq3hjooKOd3WAEDAwg="}
00430{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":182174,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Eoz69sqoAQCAXEZQAAAQEICijnd5W3hjoo"}
01133{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":183173,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"XEl5dU5qkLkxKPrKCABFAAI5AABAAEAG5IfAqAIduTzYNcIiAbuCj0Eoz69sqoAYCAWCiQAAAQEICijnd5a3hjooFgMBAgABAAH8AwNLVHn\/qWaqe3EcBfpck7lkGf95e1gm1h4KmRyfvYLGZSCx8n8z8XDJ+pVmShGZO5o0rp2h9+q5RbYekK14EkkJrwAowCzAK8AkwCPACsAJzKnAMMAvwCjAJ8AUwBPMqACdAJwAPQA8ADUALwEAAYv\/AQABAAAAABkAFwAAFG1tZy1mbmEud2hhdHNhcHAubmV0ABcAAAAjAMBMhNjUH0CTvBnqiVFQaCRU+XdLmaAKsl6RhTDQdfjln21DO\/iuWwaZv7o0tRnrD0zGXfKLE21hGZsgP5yp6jr2e7zLS8WzWE70eK8AvPN\/2PjRvQ2KQLFih5DQ\/7VS1GZgxdE1esumsOXZvO8dCDRl\/ywTNL5\/eViaZ7Hv3xuhTsvPPVj0WmGTBPBd2Ojt+5YFTF6Vikm\/vwOo1oRafYFUsHDDXtp5HL7hG8EbbmkYJAuTL5bcgEDz3EgkXrvdezoADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAIAAYAHQAXABgAFQAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00811{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00822{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1519924240121,"flow_last_seen":1519924240183,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00430{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":243918,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"kLkxKPrKXEl5dU5qCABFAAA0Vs5AAFUGer65PNg1wKgCHQG7wiLPr2yqgo9DLYAQAHLJsAAAAQEICreGOmoo53eW"}
00632{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":244034,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"pkt":"kLkxKPrKXEl5dU5qCABFAADGVs9AAFUGeiu5PNg1wKgCHQG7wiLPr2yqgo9DLYAYAHK+xQAAAQEICreGOmoo53eWFgMDAFoCAABWAwMLRBt1h0+Ajb66OiYB8NNd0wKhDeQemNCYHWdmUob\/sCCx8n8z8XDJ+pVmShGZO5o0rp2h9+q5RbYekK14EkkJr8ArAAAO\/wEAAQAAEAAFAAMCaDIUAwMAAQEWAwMAKCefUt2iPQKuNPxVIK+TBqcb15iKo36mH+uDwU\/pzNiwUl4kJCwY2Lg="}
-00867{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_tot_l4_data_len":875,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00878{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00430{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":248126,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0Mtz69tPIAQCAPBTQAAAQEICijnd9a3hjpq"}
00500{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":249124,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":117,"pkt_l4_len":83,"pkt":"XEl5dU5qkLkxKPrKCABFAABnAABAAEAG5lnAqAIduTzYNcIiAbuCj0Mtz69tPIAYCAN6CAAAAQEICijnd9a3hjpqFAMDAAEBFgMDACgAAAAAAAAAANdfhyIP4+1Mi6+0AJlnmtiOXBq8OASkMp6UrXYXlEpc"}
00504{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":254122,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"XEl5dU5qkLkxKPrKCABFAABpAABAAEAG5lfAqAIduTzYNcIiAbuCj0Ngz69tPIAYCAO+EgAAAQEICijnd9u3hjpqFwMDADAAAAAAAAAAAauzMkgQ0N+NwIi4B1AH6wgdJgK7X8Q7cVpebPo9K0xiVYBRpILWCsU="}
@@ -36,6 +36,6 @@
00544{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":303930,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"kLkxKPrKXEl5dU5qCABFAACFVtBAAFUGemu5PNg1wKgCHQG7wiLPr208go9DYIAYAHJd7gAAAQEICreGOqco53fWFwMDAEwnn1Ldoj0Cr5\/Im58b20pVNsEUdlvAxt5j+2mE6973guqJvkeaSOw7r5BrbRlq9NgfbBt7cCvCjOmKkI3k1Bgn5\/BcHUaq6GBshCdh"}
00431{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":306082,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5qkLkxKPrKCABFAAA0AABAAEAG5ozAqAIduTzYNcIiAbuCj0TRz69tjYAQCAG+5AAAAQEICijneA+3hjqn"}
00486{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"whatsappfiles.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1519924240,"pkt_ts_usec":306087,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"pkt":"XEl5dU5qkLkxKPrKCABFAABaAABAAEAG5mbAqAIduTzYNcIiAbuCj0TRz69tjYAYCAGn0QAAAQEICijneA+3hjqnFwMDACEAAAAAAAAABZSoQs4Gsxi2Tj\/BQp5xrm7kfCitYcqpn3Y="}
-00501{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_tot_l4_data_len":194364,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":626,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_tot_l4_data_len":236771,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1430,"flow_avg_l4_data_len":763,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test"}
diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out
index 29ab9751c..2e5b755c6 100644
--- a/test/results/wireguard.pcap.out
+++ b/test/results/wireguard.pcap.out
@@ -1,10 +1,10 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wireguard.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1563973554628,"flow_last_seen":0,"flow_tot_l4_data_len":808,"flow_min_l4_data_len":808,"flow_max_l4_data_len":808,"flow_avg_l4_data_len":808,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1563973554628,"flow_last_seen":0,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
01487{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":628757,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="}
00588{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":628780,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"}
00524{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":628915,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ABAY3q0FOCxKuzMdCABFAAB8LYcAAEARP\/TAqAAOi6LAnY0UymwAaNyeBAAAAG2mYV5wAAAAAAAAAAo35XrmOHswcilnP2QelKUcrUyMt+9zQAFDeYSUJyyw9BNkc7uq5jhjxm51P1MBuT08PEWRrzriFSk+BrqayZkHU3Oi+bUZJb76bMmarQhF"}
00765{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":642219,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"ABAY3q0FOCxKuzMdCABFAAEsLY4AAEARPz3AqAAOi6LAnY0UymwBGEmaBAAAAG2mYV5xAAAAAAAAAN5Ok0twWoOc3RX\/pBAmM5A4ttcyiSnr6WlIZ3rw0bHvyhJ8D0gFIaNhxkibunbxRgGXjlWZ99hJmuC6tQZVIrGyeoMJlogcU2ClZA6z15\/EtpzcXY3I+CEXh+Z9iqr2KZVCGuC0MXTHXbARADST6kVD8xHIEc4v0mzYC7k51yygUmbpSItW\/AA444wfSuDNmUbiY4K6LA3k\/CPu2j6keZRenRNezN\/II1ww58lLjPExI9BPRB1+PF7znwM0R3fflSkyQ5tURRe9xKq9gD77tIEtmEPJinN8ZwbFdxDLT4hg5tE5HwK3DHMsaD5svhmlGUYurJQySzz\/oUE7ajjVW1A="}
-00528{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_tot_l4_data_len":1344,"flow_min_l4_data_len":104,"flow_max_l4_data_len":808,"flow_avg_l4_data_len":336,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
+00539{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1563973554628,"flow_last_seen":1563973554642,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"proto":"WireGuard","breed":"Acceptable","category":"VPN"}}
00525{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":711201,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FcIAADURYrmLosCdwKgADspsjRQAaAbHBAAAAL5AaY1tAAAAAAAAAPpGK9K5H5VHV22UlCuzckhifHXG0mCPbNY7tJ3Ehp5q9DbTenVPM\/dETy5WTx4iR6yiQjK\/qZpSgBD1KbJ+XOoBt2B9Juw3RjALxSawFkyQ"}
00785{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":734641,"pkt_caplen":330,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":330,"pkt_l4_len":296,"pkt":"OCxKuzMdABAY3q0FCABFAAE8FcgAADURYfOLosCdwKgADspsjRQBKLKwBAAAAL5AaY1uAAAAAAAAAA7P3gsnfqyHSkxVvk7ZUFfTs5uId8MR1z\/P++3DU89F58u2KSBC89E+TMwoo5vdIMJsT+b7A709MaciSbaelRStCwO5ZHba2yhLzuruktuPjiNIsswqDnfibWXsnF+j4ERJh\/qJKXlzotU8KGVfs3A\/MVxVeJz4RCiD9OutpTiyTZH5LA9aw3ADvoaPd3eDEzJlPLuKOab0J9G0siyGPuaN2cX4sA5O942yloPoD+JsBf\/I39eYbc2nNxpH8g9awDhFPsYLC2g8MqV3gZYHPKs8UajcENjPNY+h3kSsFkuQY4BIfZQ+mgr+5rf4E0AshweBq\/HM2Ka\/WmNJdKPdtd4HzfWy+F5vIZKbjE+7T2oM"}
00593{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":734739,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"pkt":"OCxKuzMdABAY3q0FCABFAACsFckAADURYoKLosCdwKgADspsjRQAmPsQBAAAAL5AaY1vAAAAAAAAAITu3wDVXS368ItNAaVwMwjjRLVcNvVyuKrBBn063\/VBY12\/vwBEErru4spuPmrGypdGz\/UMiwcGWV5Om9YZ\/aZEE3ZsgtATf9elbHoOLv6ksVHc3uwicicZMqOiUnBjSs\/7\/X3asoaOF+ayxeJFWuVfsTeKcXNeAn+nepd3ymgm"}
@@ -16,5 +16,5 @@
00526{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":974260,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"ABAY3q0FOCxKuzMdCABFAAB8LiUAAEARP1bAqAAOi6LAnY0UymwAaB+LBAAAAG2mYV50AAAAAAAAAI9tfKVIx7UlVy1HDhAUrAMjKdLduP+OEpWHLBE394laW3jJ0Lqa7HURy6krpFGEtykTq3N\/a3bbxUi+nKzrcQPN9N7PTqi9qMcJcRZfRaJH"}
00766{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973554,"pkt_ts_usec":988525,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"pkt":"ABAY3q0FOCxKuzMdCABFAAEsLioAAEARPqHAqAAOi6LAnY0UymwBGACZBAAAAG2mYV51AAAAAAAAALRQvj6tw6QAY\/1JXhRu0\/kpg0ZD7SEgnZpAC+s8jGXziAhKpCTCH\/pk3rDPYn19TKsTuLxc1zmaU017AkbnBsHquJngTkFZUSs4A7OonKFDYfNR8NBpor3e08bbX9kpBvg5hvCfcFuilN1p\/T6Gbi7F27c\/VedFYEwOOSWRAgT933bHaR8+BsGfnNRPXDEqf0GZB2Q3fwNPouZkPRRQL29PIh6Y3f7QwNYfVcFC3cp5UvgzmnSvBJcnCk94OHMYhEzEjIXqW1oc8SvvU7RtsYPY8EWQO0s5T6PvYCWeNPCyv0ncQfWZ3DrNXptDDBcOK8yNpQjgCWPIQcRiWgbLKzw="}
00525{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"wireguard.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1563973555,"pkt_ts_usec":59830,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FrAAADURYcuLosCdwKgADspsjRQAaH8xBAAAAL5AaY1zAAAAAAAAAKsmGYGKi6UV\/ABoO1rTU3erm9HJ6ajuCHhNTr+BNzOxxDMpzZpoj4pN4xXAtWKi+3K8fQ4EuV95kwtHAB1+WdN92q42fF3e2HUsuFze7Je7"}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_tot_l4_data_len":652616,"flow_min_l4_data_len":40,"flow_max_l4_data_len":1370,"flow_avg_l4_data_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00131{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test"}
diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out
index 149bcc71b..ea25c1cca 100644
--- a/test/results/youtube_quic.pcap.out
+++ b/test/results/youtube_quic.pcap.out
@@ -1,7 +1,7 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtube_quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1489363823466,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1489363823466,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02213{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":466752,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1489363823466,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1489363823466,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
00923{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":467160,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"pkt":"gCqojWksxCwDBkn+CABFAAGdQ1YAAEARAADAqAEH2DrNQtbVAbsBiWjHDZNw4V58RG0IUTAzNQIjOTX0HE3l5Scr7Fgx2f\/r+qyKcH\/8LtiyPftQGYB9rCN29+bVRC8cQk9\/xGvEd6aBS8oqh8NZIxXxQWKlTa8RiJV0BMsIA0J2xai1sihftSstpiUm4Hfb5ePoNWBO9sfumkF4vn\/9w\/9icDJdGccA4OzurorhUAKZSZXQ2C+f4aKf6nX2PELscDc2K8rYtLquJGdtKf4c79ur+nT\/zIZbwAI5FHcm2kTejfWn+vqhJAD0GuZjr1fez\/qk2C34VbRcKzU+r3sMaPUtMdGtgzscnCkXVApYI9m9bd3dzj+CzxW8qOJ7mCU2emBxJ\/DIq4W6MZVOQ8P1s290Mflqj2Ld8WgZbVsDG+nGkhewE4Z8dkUPa+UkVgjTddS58Gokmrg9Z3Adl+QFItNyGTCZv48hVxEemek454JnWb6oZl4ujKpXhQA0CaX5LNroX5y5o\/Wny9SJ17j8aIxrDR0s65vzthwadNOZLJ62NA+MTWY0IQjOuA=="}
02227{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":527694,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG71tUFTuocBCh3B7XiTuKXN4LFlWznTXqPOMTIP1YB45lXi+l5CF8JASyEKKaDONFN5YR3rA\/p9CKVXhUMWNxz3dKUg1yQftOAuLAuCFZHEo433jmLn2X4f\/Owuck2m9UesvdXoxzwq4xDpUXHvNH9PzNMS1XtEZ0KDZ904pHEN+ZkjUiA2jK\/AWrBBVjEsqHcAMngSVXjIyTLuIfTfT50KGoQr9mSm5SWUDtU4w+2DwTLde4slXrVb5tsrZJ9hx6FXeBCOwNcjEoeHA7do276\/9KH1k58X3zu+PQcEwnHQBIs5Nvjxz0m7lZ\/e4WfsWAx90HOH6likwa4aRKygVjLaiXObj1BRuaQFXdbITUHeb\/v1Bb0ex9qIwx0kcogAUVq6KGcRlImR2VCET7Q2UPfBF1HkA3bAqvJ6t1BP07HS8IKIEm70QgionKkRzGiFzdUhT09R6zdeXllUpiA63fBrBRfZD4ih6nX4zo\/yc\/lz+z\/tYWWCPtitjIx3R+MsYy6evVwKHmKh4xLbNgtf6Bu5FREacax96iyQP2\/vuAdKPy+I6gMbTz04jy4zg2nTKOKHNa3aAGNL9B3Uh5t6mqJXuzsLfLLTPDw3wrJPan+M\/0XoefuuxvaucM7CeSe1bcynXGH+VeCKK3X6BEjxAIAyaIH3WN4GasKfIjmi2abIP71bMldE4Rrc0QpuysWWFnpQQt9pN2sP40R1CWaJEjWn2UIOe0P10GgnLa0xDEY45T4mm1G5cRaybTY1lDhwEfyXyWZ9AZfiHELWMCRxQrjRsfwPjDlL6jHi\/zHIUWOI\/T4jgDqU2KclKtGJHvbzyipTcTSry1Z9gmEkVPVvz\/8EjMnwGHjnltQ6Dn6FOkOgVFgA2iD5qiIgNLtjkUfH1GBvC5KbT9MfqpK2j2k4rSt9zbnBWSsgHnKyvlhVlk4OSMFjMkESHpv2MoP7kPpHn9hYZR+DGSK3WZiE2JTywLeaTFpsQZ3daTQq1Vr04zxtlC9vRWSZgVtzp+73FUoayEpGTdeO3UERRAep7Gz6OHwglh0vTs4C4cI3glPhuREbf69JIx21MPWU3j5sPCPzg7nPp1rI9ewTvRn38IUIjcvV1KuUH4IRVmz5W6wsHwHFtnkwFNuxtYxLxpK0EDIngGp5d6ht7210ydmiQr6O0ON8qJtc3t5+jXn6ntXD+RhEqv4GCaMWHbVrUNZALDxj9JvSEzyroxEuoApEO8TL\/ZdVC\/slwR1pM3JdbAsWN2rxIFLM5krFwOakRgi754xhdBEry7MgvTwiHsgDJ3Rg3jSdB9jubcVT3HICTRmj1vR\/GLDAyPIFAzuuaVmpolrsQwDxFuyNGOcjHVBUbeP6bnCaCs1JfK35oan09836\/37ZWojhkKHAUoDUCP0eOYnRmUhbwOggCe7+p8hW83\/lILFNK1NDMAm7qAsqoccxqNT61ke0qmot69NhPXpwpGUt\/gK3nyvFne4lsK7S7r1eMvI29rlDBY0L\/e2MX+l+NFFonVbYbxqlVZxk5h57Py0nXsSE5q43RZq\/Ab5Ljnrfv\/qOWasfLkVsR95Ih7otWzubnTYoOB5dgkPlalnkY+ZT0ynhrpD6iNCVYd4popCzZS+uE59ZqtbLuU6i6Oh3yTkUuBN6l4rJS\/6y1YL+YBtywlzVVi2gqoBTO6RyHcXMeDc6anBpSJn+Y11FC9lfnd1ZBuVxPW\/4cBKWMy9IKMGLXE8iIH1zC\/mEqW8ZtRWLvviks2j2E9BFu9ovslgURdyPBgw2o0Whiqb07OoUWWMBoSXHynCDs+gbza+6qUl"}
00439{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":527699,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"xCwDBkn+gCqojWksCABFAAA7AABAADcR3IXYOs1CwKgBBwG71tUAJ1gdAAJToMXcTxyWQBEndSjIH+c74XrspwzymN45kSe5Xg=="}
@@ -11,9 +11,9 @@
00933{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":554239,"pkt_caplen":433,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":433,"pkt_l4_len":399,"pkt":"xCwDBkn+gCqojWksCABFAAGjAABAADcR2x3YOs1CwKgBBwG71tUBjw9oAARmJ4LvsthB9p\/yGE2IpdREVbvQB5yLGv+xhIENchsqq0OAcgBXXugbSZQv9UDV08TJ21bW0CMrNN5FOKxa8kaWfhCd0oi7pvAo1J1YBsS+zJtDtCHoc3dhY\/z7br+UKIYnQVmZX\/dNIw6OX6o9JOVUMQ\/HBKu9ZlHaNzbn33uoCixjLaxEJkuRIFtM6EO5X0wSARoU+xDMSxCnU4\/5QOwM0NInP+lRJiT4ClqcyhQXwEatH0o0SZyopM0jf2MzyRm9VUL\/zKjAmeU6BwtVH+i\/glYMRekX1sA19sOp6VT1Pg1FNaNiE1a3dRreB4eNaOJeT39TJh+RXwZDhmQYpKs+flO06WBG9dWF\/zTR431+m35gjktGv\/MLrbDC8\/jJtYFwvkMSAH2lV3wMpUKg5V6cFZ4GOcnUoSj44Umiifvz7txLJ+g8IKsj3B\/y6bXvOHU90wkwb5amjHEl+Sz464pkSR9FPoSthmpyK9W+tPMpL3OIgNom8XDBe+yCAcH1H8RCPL1Z+Q=="}
00447{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":579586,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqojWksxCwDBkn+CABFAABC7SkAAEARAADAqAEH2DrNQtbVAbsALmdsDJNw4V58RG0IBYRk4ypWzacyrTjIXN7Nm7tVc3knueVltKEdHvM="}
00439{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":598862,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"xCwDBkn+gCqojWksCABFAAA6AABAADcR3IbYOs1CwKgBBwG71tUAJvqQAAXuC7HOMD\/wTv9IPtVUJ1QkvplqoQN\/CNICm+ZU"}
-00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1489363823738,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00497{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1489363823738,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02204{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":738796,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"gCqojWksxCwDBkn+CABFAAVi1UgAAEARAADAqAEH2DrGIdsKAbsFTmVrDWI\/o1o3gkQjUTAzNQG3J1X3HMsKZ2COv5qgARQFQ0hMTxMAAABQQUQA1AMAAFNOSQDhAwAAVkVSAOUDAABDQ1MA9QMAAE1TUEP5AwAAVUFJRCgEAABUQ0lELAQAAFBETUQwBAAAU1JCRjQEAABTTUhMOAQAAElDU0w8BAAAQ1RJTUQEAABOT05QZAQAAE1JRFNoBAAAU0NMU2wEAABDU0NUbAQAAENPUFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0teXQzLmdncGh0LmNvbVEwMzUB6IFgkpIa6H7tgIaiFYKRZAAAAGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8zAAAAAFg1MDkAABAAAQAAAB4AAABv48VYAAAAADHS1o9J\/TTNQYjpQh1bWy1pxKNWlJuoLy5bOHLwnEpeZAAAAAEAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00637{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1489363823738,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00649{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1489363823738,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"yt3.ggpht.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
02218{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":782478,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTqYeCGI\/o1o3gkQjAfrje9Hje5P995YFE4ABUkVKAAgAAABTVEsAPAAAAFNOTwB0AAAAUFJPRroAAABTQ0ZHWQEAAFJSRUpdAQAAU1RUTGUBAABDU0NUVwIAAENSVP\/\/BQAA+LXECKXyXyaGkNvk1LnkKe2HcwZSdJKMjSZdwRtRvlgkC7wrIojsxa12VSbQ+UqytsSw5ZWrAguctbN84e+itVKKdDan60SbCn6HO8EhAZXhZCoi6zTXVPfruFP+xbK0jobs4P1ETvvj7642AaRXoyX3AiUwRAIga0VZvCZ3TBiWNQTgv6KY8y2d9RkggowYQwi1RHlUtm4CIDUxV08RC49VVgJORrtGSNh+UsyMA8+5V0kTzoS1\/6EyU0NGRwgAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABUQktQIAAAAFBVQlNDAAAAS0VYU0cAAABPQklUTwAAAEVYUFlXAAAAQUVTR0NDMjBrdmP1GwKyBEvvwtZJjj6PQ0hJRFRCMTAgAAC7MI00KZ1MP25xAs8ApFxY\/QSpEMcZP7AIDZmbDnFGD0MyNTUwMDAwMDAwMEDbx1gAAAAADAAAAND3AQAAAAAAAPAAdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVplaZe7AAAEAwBGMEQCIFrxuSR6yQfoERjhpyCo\/HC4DbnJyy5PDUNSQYvoLd7WAiA1du1k\/DfC+hSnbCFZ+CiZL\/WBsCA2tHRh+V5os9e8wAB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWmVpmAsAAAQDAEgwRgIhAK1Z+StuHvhEQzbhrizA0oP28zksTi\/aWkPYynKMWI7wAiEAoZsd0Sdt7uEo3XB3wMmgRGZNny2cfedCYnG3zpLag4YBA37tgIaiFYKRAgAAAAMB6IFgkpIa6AAAAAAAKgcAAHi7gTUtv1NjZwCWXOxKBk1sXJA2HIf55ae2MzL3PkFvyFGxkQUqDMwNjIyMgPkFmJfA7TkDUyC2MDUHdaIKsVrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/EguwvUlgC5i0dcCximIGFgJilKBqbG1Dxw1BtEGgizsQO9e84W2BLhADOYGdmZnRhYMt6FvD+wnV996Zw\/hsoKnDX1AkfE3LjmrmD0Xbj\/45IfeVee\/OywebVOPSnedOpTyamR\/2zN7jmfePP5sO3s0PyvawoWN7GsN2hiWU2oLGtizgMpEGRpYk4FchKbcLm1SUZLL7GgoBiHrApEtiAfzNUrBqaYxPRUqGJgYi4Gq+LT0kvKyU+HKWsSBPILUIWUtEBUbn4eMKcm4jBGE6QGbLcuVIVuSn55Xk5+Ygq6UnVMpaUF2BQqYChEVwEMgJT80qSc1OSczORs9ADgBoZbekEG3F8QzSnAIioVLAQP1+LKvBRo5QWWEIFJlKcm5WSmQ02Q19IrTkxLzSstwBHgYAV5KUn5FTgUKGrpEQoceYQS7IEioYUrJhFa9YpTgUFSgq6AByVW+dGjWYFgJEvhCWxORFDzowe0KPbgEMISyNrFJcB4SNYrSMwDOiE3Mx9f2hXDIS6LPxz4S\/PSMnOA5VFqil5eankxUtuLvcEgA6kEjwGWQdpIZbM8tLgsyM6EGgoukd09Hd2NwIWvNlJxD1MMDC6gj4sNkXWAqgCk9qDW3+B7S2xzw150iDxJLJ4oWT2f5yFamwi5WMfaiVKENDKAtRxaz4WDjS29kQdYohsYQFpFmgbqBqoLlBco"}
02213{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":783077,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTtjVCGI\/o1o3gkQjAl1iY1+IPhyu0ittLaQBLgUZARLyTw62Xo9mQ7Tn55dir+alTNnl+EuTXetgrtU\/li3WZUF3t3EtPfqBg1nJrPp7bar7qdPHbjH8jwhk+pimkWuq6rVs4cviafuTL\/pWbDvkJD1zwixjdUFbM0aGipe63\/v0luly7P6xK4d1\/V35zVlHfZnq9OpLDbRdp3F95Wn77GK+6cqsr8cEfY77RjhzSh7Unhdryl2mU\/IhTPRZgsMXhZ65ayI6rm07a3GnaGsF6wp\/3rLVzcqh63smBXkUr5RrfvOpMsbbX\/13ZPXcymfXdeZ+LWmcELGYmfOd+prGpXeZdtiyB0ssnuZwNOYGp72hD8PxC2ds8mZMXnnvqd7Gb2w82Yw3Hn\/6nvVjXthRi\/UnDQF+1X0RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02209{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":786198,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"gCqojWksxCwDBkn+CABFAAViJ80AAEARAADAqAEH2DrGIdsKAbsFTmVrDGI\/o1o3gkQjAiGIK5vcpGTBZSvo8kAB8A0BAQCmqwAABgGkARQFAARDSExPHQAAAFBBRADgAAAAU05JAO0AAABTVEsAKQEAAFNOTwBhAQAAVkVSAGUBAABDQ1MAdQEAAE5PTkOVAQAATVNQQ5kBAABBRUFEnQEAAFVBSUTMAQAAU0NJRNwBAABUQ0lE4AEAAFBETUTkAQAAU1JCRugBAABTTUhM7AEAAElDU0zwAQAAQ1RJTfgBAABOT05QGAIAAFBVQlM4AgAATUlEUzwCAABTQ0xTQAIAAEtFWFNEAgAAWExDVEwCAABDU0NUTAIAAENPUFRMAgAAQ0NSVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb234tcQIpfJfJoaQ2+TUueQp7YdzBlJ0koyNJl3BG1G+WCQLvCsiiOzFrXZVJtD5SrK2xLDllasCC5y1s3zh76K1Uop0NqfrRJsKfoc7wSEBleFkKiLrNNdU9+u4U\/7FsrSOhuzg\/URO++PvrjYBpFejJfcCJVEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwgSzFPd1PF3axaL5AyOwihDE6fodkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAAAD8vOozazLmpoBftyzTtCx5YKTvR4nOBeG4\/kV1kARA+4k\/WgyE0qpyY6\/Vmf8Zw2NuauSPM16NLrixbiDiic5ZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmueeuz4LezLgHTiAD9ingf73at+XMxbEjkphGxSG8164iKphvSEu+eXttq72TUCPMa+W1RiMCzpfKfm\/QWCvfl5WFPUyFUVqXZsQ32ccFhA5pOW3TPaEQPm24aQNsEU5bODTt4ZVJl7cXlqmDTH9smgAaCJ4WDS4jTYXgfvLQFOwGDw10cs8nRU23ebDlhF0iw1LHIUiuHpoUraaxsVdUNL4ZG678u9gAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -31,9 +31,9 @@
00578{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":935313,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"pkt":"gCqojWksxCwDBkn+CABFAACc1kwAAEARAADAqAEH2DrNQtbVAbsAiGfGDJNw4V58RG0IBnD21Au\/fh+6EE2J+0mxHSbWMJSo9q9E3tWhswQuso6EsBdjCsEZAk+V7AOz\/XLkpqlSoYc\/kIXPWCpBAB1tLubLPKoh\/x8PfNMXSJsWK8ggDDs0XhcdaOqS\/DfTggTVRDrk94eKDIkQTBjUep2bLsJRdWBVT9E="}
00513{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363823,"pkt_ts_usec":999542,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"pkt":"xCwDBkn+gCqojWksCABFAABvAABAADcR3FHYOs1CwKgBBwG71tUAW3wLAAaCckWqmAz7w9Os5EwDIkl5Nie3TGMXqV58DwE6Ko7B7BH\/QcO1LbyesVT13OIEqL+7XhTiNO7hX0UYVgOsYXqKZix0lQLr1jXLi3OezpqndHY="}
00449{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":24913,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqojWksxCwDBkn+CABFAABC+DUAAEARAADAqAEH2DrNQtbVAbsALmdsDJNw4V58RG0IB026tPOV01wVhUhlyfsy0Aem5ygQQRlQ2Txy4nw="}
-00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1489363824401,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1489363824401,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02212{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":401150,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"gCqojWksxCwDBkn+CABFAAVisIYAAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQGC9mpeAxq6QsMNjNmgAQAEQ0hMTx0AAABQQUQACAEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0gCa63gfstks25NXDBda+jRe1AwMuFIPOgLr8Vdt88WUvAddL7KVg5kyrPLEzz5PxZEMuEuhwybaZ0VEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjcDAwMDAwMDAwQoHc+xZQMEvJrifGGZTcfUn5aXxkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAcOPFWAAAAACN\/AA7IChJw\/uFk6rkJtT8KHam\/zP1YJxL1R6PGerdhviM0jsqfVXK1sMGRgIfu1Gw5yjD\/\/Q\/fKW3aZLxbK0ZZAAAAAEAAABDMjU1qvorPqjeOwuq+is+qN47Cz2t9HxBefiRQAt7kKmueet+NAEAgygqfGXu0L2syT5vA8mDxoSqG087cDiVovZ6s0ywmTUWtgw5lXy+Ac4T6qWEMJOPvUqVQrabfhIiKh6bU4h\/Diu+B3D3YFOkHFOA3JEmhpJ\/3PZn9DncBSC36LdWvsJ8Uwgl2IG2lc1SfhMotW8c5gE3wCT8YVfQJL1vCNMKzgZWBrzkDiYZ7cTxYUMsLfK1F7K2mD1WVm4PU008ujahjZ6t1bAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00658{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1489363824401,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
+00670{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1489363824401,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.Google","breed":"Tracker\/Ads","category":"Web"},"quic": {"client_requested_server_name":"googleads.g.doubleclick.net","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}
02227{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":401989,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"gCqojWksxCwDBkn+CABFAAViiX4AAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQL3N20WC4prgrlnEEXpdg0UiWbXJhn9rrqPsD7nypSAi6kAnw8WQDgk9WvHBUMq3ztLT3UfD0gz+me7oBLVs9bjXCdM3vfRP04sqX92qJrBMWJiq3+eKjCNhyA3dhTNbGSGyKI7\/jcHFMipWf2f2NsuOihlYKhTPSCEE\/3dxQ5VpSOD4BfoNhUiG4SLXDgBvtHLX5RXQiz6BGmJPkfw0Dv35AvtRBL6UAIgkl\/K+oTxY08q1VHTawdG6K3aOXtZN79Qa45uh7pT1oVWMplxpgw8JT2Arpn6WXMTVuz7IIjcMmVGkmTbz31c16ROCt97FgLzWLKXSjlRTCuInYAnb8OLy7A3ZgiVpjlf24uxYYBETmSsYE22pkbiA3KDPQJQySgTeBTaSmM7bUYZKVC0sqnRUOvf3ZY91A7qJZn\/ba900D1Z+aCkzIM+N0cL4OdjAPHVbjoNNBPob96VT7KYOqrcxvdgiQK4z8YyO7qPdy3wkVPEp8S1cfxO0GcnNc57dkkmdplcftLswiLsyuSbEUEIvemACkZhnlX++EeQWxNqo5pgetjas2fIO3OoczlGrqEelJ1yoqALFrNOoHHqiCTaPzG9Vq6SC5ccc+y0eJXHfhIMNqRedbbXK4yLYwqtZ9myh7TSQTMNDNtNNcokuMoYRffKy+Hilx9blgPA+kxeACnNv8k+XoHbLejLn53fsVGrfJ27oHLpBxd0gpX8C1SWMyy3mXnpEVSzUrkvObuxIcI1iIIRkXe4ha0xa6JvFSR1XvxPQ5uBs1VZvBiRzdozCrjMOEc9HhPIaepumDcavW6RkKdtpFOTOABhKPB+xTF+tw5twgZvOB6spOi3XFDCLlgZYRUP2AglByKCpQdxHum5b0xn6Bxg+gulV7DAa4F6bq\/phQubcSVFzDkjjddAVTq8Ke7Bcb2PIaw4POMGF8i+3Ejx3gConV0\/n9f+1mrX6y1TPQ+529up7M7aIJBqu\/KbECK4GCmg+69dFQcqMdvDDodT0LicyE6jgNHVr3Xxl9T9WRp\/ZEkID0WaSc8lamVKWuAoEej6VLe9Xsojacxjt0L1ZkVNCdZBeOWPV\/2r27Cc0KxFG00xU+mkL6oc\/P+4mp1vjwqej4OpJO4H7X\/bD1uR+eKFP96VSf8gVXiQ3DmEGxcfGruXncj9yz32x4yvvKzg03pwZiXXTtpaX0N3ObUthGwiiBr3OqJCsJVke4\/DSc35dh+HTeY+td+Oc4jCcwuV2lOoS0dT73DkKXYTbuBravYDZhjPNKQNF+6bWKCm8kZsYuCZUcPzccjiAYkhk0zhBSnaWNqdI6hOWVUghH2pIeRl1S8CHH23kuVsWd8GixiV6+GG7ClvWoVE8MrCJVfuDBih03bB7tpS\/HVKC2E9e6YR1Im8\/dzl\/GrYBeLaQJMx6dvF2cWrBFw9TxwkKIBGesF7P4zSSZnZmPB\/8T0n45nH26wWJrG9slMatMUMQF1ah+pPdZ8x+tlROoO4fF2yjn4px+eRlie\/MHUCbhkcAUhlXdTBiPNIvr7yc+xKglTelzU+igEYMaYRT7qb8rNLbLWFex\/imDEBTq6nYSPvkTgwNxYJA65n\/p6p8VPjqErPaqpEUd07O9wbQiW9G2X\/qbV3yLCPMbA96flDvOZN+LC6\/DnJyMwZn5lo+SBoTbwt518b7bgUS1UA82oVmCGe8vFKQu9\/05aE1OZbqUSUoFxZX0RxFiFxGsclnNnAvgLNexJFieDNVkLIeVZwsdn1VKuKE5NTKqEm\/iO1n+rmnQA3"}
00827{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":402026,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"pkt":"gCqojWksxCwDBkn+CABFAAFWgV8AAEARAADAqAEH2DrNQtJjAbsBQmiADXhX73QJ\/9nIUTAzNQNN4EYmtc8pzVIIOlw5wUUTViVod6Y0+1HgA3vBxmFBB9XdzPolT4EuSqVTYDWG+BQf0+uutBG1cIb1StnXne22+Sa3VBkmnkxHzdhhHTq5RFHE1DzOC1OWyujit50aD9fovXbwARSedQlPJ7gjdJSVfTm6O3nF2k42pradZvrpU1ech4qBDDCfAnmOfCXqI5NXsD3jyb4bcNfoTf5ko+c96L+Kv0ngIjlmGgFFf6vJ8QwUVroovQmrUV9bPxW9NYlbZzDQO3\/aocbUP2HxCiVbIwPbD2Jd4G+p\/+kRB\/3zN\/cBW\/zgsZhwNASU8TEuM0gATTjCn+DvX6KA+8RurPRChvD1WnZ\/ZRI9q2M84tMzgiUjvDAoLSC7i0dr41HUDnzmJH+mr0XOTEoxFNo="}
02228{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":514002,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG70mMFTvESBCvtW+gxVkE6hk54oTddBgdr86L3SyOjvMXEQqPmvkBuAaRNa6ZCVY4F4aeZ\/bjVKIBAGz+eSKeCquWfodKaC7xRPAq3rLOEQqnljpR0JWshHnnqwhS1Yjep2YOpeC3fb3CYkH4FaQOWKQEvD8gout64p2+hePX1+sAk6iXLStjU2uuDlmVIc3PpAB1wzCM5dWWCE3aIKRaMRGfZxpLv7sGZRaoFrtl0JSaeaB9jn8MIsXZBOVcRtPaJLDQuUU620tGy069cqwEfvKMOXUSj7tTPTWy0x0QxdOrlpxBRCMMZN\/BdP1\/UaMrUBPhVe8sDv+ch6XsuW5JOQ04Whk2+M5NgFwohM27Rki9\/ssGbnQrtDt1Gl0sj6QLMJ+0gOf3ENnzWJ23kiz6bc9fVfcMDSkS7OsNHbFr2pF4Hzi7aZWcoNV3Guo3Q8Fbya7stdMjWQTT2rpMvZfHm5PhvQNxOPT8\/jqU95zkLWJ8ghGBXVOKXJyiX7IALIyBuVLAsLkeKu6jOvhwnew5mnLWC\/c+5xNqYdkuwMduDi8iF1mXKLPscsnMOlDuqwAJhrQGXBFqOaZxXSObFnuFPtOInLDT8PlhhEEayPmx4+D879MyfnhcQ4nwPVpeP\/8mmGfleQsFzHYn+l0ZN7i4WTlhiKG\/C\/mtO\/nMGOTLBsvlssjvQzTb\/OoY4tvps4OyqH7t81\/DXd5s7I4ykh7dOFuM+EchHgHnrTKjfFBC3gg8sQ35yDx3VlyF5NWnQkSesIqMj4\/VjshLaCD6snidaO6Bvg5o5c1MMOisPf4KkqlZh5Yfr9NBx3JsfnMz6M5lBLPtdaRaePspaWNka4lD3JgOkcztB46Qm\/qE3gMJDSW9nuM+9BBvaAne+Ty\/3\/LQiW40aeLeNHn8s6s4e+2bBuyNKqruC8eYkQI315sqCNN5TJnBat\/EuFiFQ\/z0SlrPUXxxkoKFFaCrF3K9gCpeNWKbIezHQlS5aNLE2xewI0rup2+Tyk+voOlo3fVmL+w0J+QFSF3ctNgOURJhBxxnbQijP6l+g8ngzpgYiAECyc0HKDQ+G21Q9piUF1NkcM+tXa+IJNUhtzdeNT4Hu26y6vRKT+umb1vyRD7yawpmBR7LRWxKeIx+XFz3hQ63\/5Nax5FE4KqRv+PKIAW9sOgagWyHHv3ownXp8vR3LszhQgQ5aVyZfCu2s+WEqE2jF\/APd2a9UVJ3vCEQGoYgXdCcib4KuCMh4bsaPKDIMRvj8k487Vv3jp9XbY4X66etKFH12Sj8mn851aGpMwTZvEVveXOvQt0xJIzcdRDFRan8qkMCgcVy1S9G0rNhMAh6IdBk4GdDPWjB\/igrD5zXBaNBYrlnDrytUy1eljMlTExzVwndd7J4NREyWH7MbhQsPRMsahE3FcHNC6mENLK0zOVoXNyKhAlNCDvomkRPsdm2vcsxZqfBocGLOcuVyViU7AK6qMbviYxcVLP7w90PFWUSkFjGMdxUoEbkvo9y57znWRPo3\/PslxdNLRDfLTSCbOccNJ0uYLMuB23e9PXHKfogva3uQ6Jest\/Jd6aKe0PNYNZ\/7hn4L76yiuQqsuqKH8JvtZYaHBXT2qp1Wm5J4vzxsStLdsVxgUVQgCOMZVBbhkLOHzIRhwisH5t6jUXi+i1ROO2c3iOqxc4tYaptEykWfrfVKtUKibUiKnGx7qaN9txVqcq5GSAZu\/DmIG6vegxGbNdAK3ZvtLMwjcxkEsFOcs7f+odlh1TBLgaIgMhVI9ekiVe7CXOwWghfAwrCBftd93Q8i3XywDuUBcgiu"}
@@ -48,7 +48,7 @@
00452{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":602842,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"gCqojWksxCwDBkn+CABFAABCri0AAEARAADAqAEH2DrNQtJjAbsALmdsDHhX73QJ\/9nIB1LOOHmObBjHygjU4gg8ut\/ZA4C6iNTIFTt388k="}
00442{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":636293,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"xCwDBkn+gCqojWksCABFAAA9AABAADcR3IPYOs1CwKgBBwG70mMAKSH+AAf+nADu3vIaZ6KuZBEpmBE1my9pcSDsXentJrwW7yRM"}
01312{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"youtube_quic.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1489363824,"pkt_ts_usec":682420,"pkt_caplen":712,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":712,"pkt_l4_len":678,"pkt":"xCwDBkn+gCqojWksCABFAAK6AABAADcR2gbYOs1CwKgBBwG70mMCpm4xAAjnzUstzirPdOuX3yvGKh35BOQzO7Jm4esyq3UxsYnOLzSmRjd8WgEU55SZFA4kEqDSoKKbbOAy2wwHZspNJJc0FTqn7Mg3asUsu5BZFr4\/HpjEhxvVbso47vMmL4g6wIZVEqmHuajpT+E\/LQ0jWESy6QQUQ\/b+YFX0PAMl3eI\/lHpROKKSsMVVlt1SgM2ibVzxbs2ZrPLZm0l5tDPYmpPTbWagW2in9vP1qwPj3soTeLvM0zqN5mLQZlj9K7gGd6U08E55CEXLEo91Kj8PTecUyDwH4xgQdeB\/AHzV826AqxbgyFkMRDFEa85GrACCjr51el1KFnFEJLLJY31KC7DTQMAPSFpds4k+TWCUm9DvUqPLJpGPFx\/dGD35j5UjgmRu5yba8JKUQEuNbM0qKqdZsO\/sJW\/W6lFP6ASH+NpltGwvvgp4\/pmbLvrZR6\/Z3bm\/4GfbNeHUWt9t0p4Urjw7jAcdB9z39nFpjO+pVm4MyNMM5yduaAdAuTFIPSHeoTi3UbgvMujmAMvSWCTUzycjYVEawxYEN7U+hL9g5j\/FgTtOpb0q9yqMdD96G5RpNV2NbvSaSt1Ni6pxvyST6Ipe5SXB12hycYrhoMoBbh0M1dqe7efCKNdQOnUAT7i6zLWJkNwIM3F4KEJicIlbg63G3B0X9EWHdU5ESsf9K7O5yppvV+Sx3ka+e4oJ4ca6Jl+iY69imGj2QpImkdnW+tsEELR2Bryz3lP3ofLhSrpzIjwQTrMzcY2EGyRn1qXppCSkd1CK6S4CRX0gYxVOGoOD\/r\/G9rlKdDdfxQu5No2I0mIkP\/PBVREDmvYwl8ugvF0O2Pzk1Exfe4xC32kzvjUel9Ovyn5PHa7xhxJk1ZaHhixciHIHwh96qteXRg=="}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_tot_l4_data_len":169723,"flow_min_l4_data_len":39,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":657,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_tot_l4_data_len":4037,"flow_min_l4_data_len":38,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":310,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_tot_l4_data_len":8053,"flow_min_l4_data_len":35,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":447,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00512{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test"}
diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out
index f8aab79b8..64d461166 100644
--- a/test/results/youtubeupload.pcap.out
+++ b/test/results/youtubeupload.pcap.out
@@ -1,8 +1,8 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtubeupload.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1511102576794,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00499{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1511102576794,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02205{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":794424,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1511102576794,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
-00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1511102576835,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00662{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1511102576794,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1511102576835,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":835328,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"}
02217{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":850542,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"}
02233{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":851515,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTrHlCJHSvk7nMdgaAjk3HVeItBZp3u\/MM6QBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -12,17 +12,17 @@
00428{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":862601,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"2MuK4S0uXEl5dU5qCABFAAA0ZyEAADkGk5es2RdvwKgCGwG74GxxouM+VgMPS4ASpxyk0AAAAgQFZAEBBAIBAwMI"}
00420{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":863442,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAUhAAIAGcnzAqAIbrNkXb+BsAbtWAw9LcaLjP1AQAQKLbgAAAAAAAAAA"}
00688{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":864014,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"pkt":"XEl5dU5q2MuK4S0uCABFAADyAUlAAIAGcbHAqAIbrNkXb+BsAbtWAw9LcaLjP1AYAQIOQAAAFgMBAMUBAADBAwNzaV7n51zb2vS21tc4seF5SjI58V9vWFLJqkFFqW5W8AAAHHp6wCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AAoBAAB8WloAAP8BAAEAAAAAFwAVAAASdXBsb2FkLnlvdXR1YmUuY29tABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEABQAFAQAAAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xAAsAAgEAAAoACgAIamoAHQAXABjq6gABAA=="}
-00737{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_tot_l4_data_len":306,"flow_min_l4_data_len":20,"flow_max_l4_data_len":222,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
+00748{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1511102576835,"flow_last_seen":1511102576864,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":202,"flow_tot_l4_payload_len":202,"flow_avg_l4_payload_len":50,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00414{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":901733,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"2MuK4S0uXEl5dU5qCABFAAAoZzQAADkGk5Cs2RdvwKgCGwG74GxxouM\/VgMQFVAQAKyK+gAA"}
02228{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":912389,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTmokBBQ+OVz3Ij+26MF1DetYPSzmqGhROYDj1TZaW4mXU2u2A3UXH4Hc+Q4ARMVDvi+FkJFeZFnrG3UFAcZxA4M4pg6GNPcKcOWoIwoe8qfKmkWBzPw+nd7vgldCLe9eXRJITpphSGz\/QI8SRQ2wLkQmrUyUGxN9p5qlJxDdJk+ouQJrdUgqpnQnUCsl0VD+JwP+B8pZftJI1qwkakusBkBj2cL4LXHG8h4eHJOQzBicmj+a04PDriFrb8MlllIhiaocuCyx5+aA5SWEN85UQz6kt\/HRa\/UdBjKJl8COJly\/DbYMzAp7TzW4F+9Lj4UmBaopSVDdAjKkTJBrtKv9l8wE6Pdhzsv4iQiL\/W2xC6zkVVaYFo48LeLYrpo\/a8MRpxeRMrIQEKg0ZYk0bOgfzuLNZdX+m96FtBwz4C1BVdXEoLnuOiM49PgPa3Id+Xou5OLolza\/X14gcUbeb05HDj7cQymW\/bSxaPwxqrQhS03YpnlU6\/tD5h2BVhlLPwx8DJYdZpy\/nxyyzUq+4cuOCXAIFV2vvYPPZnRrTwg0K1MKV4ydCeM+p+63xcaleQaTVFSEj7tVMRq8hZ5f90+B1nKLv1hA+1xuCn1CUxiBsLW6GyT5nA1JP0eoeJsh1ReYBPSCv9GCR36nav51o7kKwhpimusJ10xig96fmdU8mJ2WMkin4APt1oIJr6BRm2GUw1ojWnDkUc8odizKgBhQhS9D8Gyi1qrR3N0ps1P28byiNsXWxGcYLKGzJA5oXhuKfpjRNdlx1fGBeg1\/0I2EjLXIuH6PZaMNLkEnDQ2lyr2is9pmFGzbZ329I8PcMnwTCetpXhPLU3FzeIX8J5NwkLwXU78UUkLPmvb79\/UhmcL7LXc0JOkLiITdI1+cYZsLChWFlD+DUziK\/\/FFbs0D8YeMyaouT7bN66+lNDvnkENHbyUF69fWJKgBDZYDHPTe5T1PYVBWY31JjViwOIwHaPHokugI6vpZ8GvOiUGR5yZ3zvkS4VdqPwYsukc4m5R1x+FNJdszNX+mqd6XVOxiC8zuPZjHlOQF0X0RFw5UAkIJKsNzfT0NiZYbGDMMYBHmXr1vATuD2yd34mI4YlshL4+UHO4eXPmVVVQtHlFLfxjdMrD8zcDrlAXC\/WPunIIvW3fsOsl7uxyG3kECmSTl9Eywaz20ScpGURxHtFjDc7OBZl\/05jJU0avGBjsr3tz\/Gq1hme5kt9SMKN1j8qVzhPYuyf0Zf3ASJ5+M4CHYOyqfjJgc0JBKgrlFscVI0eSguRRW+e2S+lVJsSxNz6AM7lmh6I0aP1ZatTRoAdTH2soHM6s1UBMLdO0ZmRRi6\/A\/ZegerebSEmh6skXTGwEcJxfuPo+B9pM5ixpIj0YLBeqV9ljDc+FsIXc0eC5SSrHAxbFQnm9nFAvMM\/szQmlGFnnw\/ztLqOIDJ5kCxHt6Y+PBvIrz5zAHch23Ao53IxDFb3rIR1K75AuAI88bwuam1GUXCM1IJIUPMRWLQuY\/sNvZyzduW5hBjjDanYsPBaRFv5xYovoTe2yGFzdxLHMw7clnEBFsSxsdD4vRPw3\/NwXZB18oSvHsV5UlnEq1tADpSDFmAuZ2ASrHab15vse4UzqeRCZTHJvqnrurKpRaVqVLYVSEkIHKJBRfXGr+3r0s1lk+NG6N+Dl1MEzbR1lXMLJYUJ3w3tMiW1v\/i07SokmL+vxB4fsRhS0JHAHn7hqZxj\/nq6PsIuohkcv+yiIurpq5AlA+lyN0FWMfUBfeI0KkhJW84pbNJjOeMPI4OtxpVbBmAKitI78d"}
00441{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":912476,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"2MuK4S0uXEl5dU5qCABFAAA7AABAADkRuqas2RdvwKgCGwG7ytUAJ5IuAAQ8ECdTRpVnV9+oSWYGy3mYRCs3B2+0FDByItPUGg=="}
00453{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":913922,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"XEl5dU5q2MuK4S0uCABFAABFAU9AAIARck3AqAIbrNkXb8rVAbsAMUaUDJHSvk7nMdgaBWx1h8W4rU+rWysUoGyyfaXYefGQ3Q6rcjgOMLALRM4="}
00452{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":914273,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"XEl5dU5q2MuK4S0uCABFAABCAVBAAIARck\/AqAIbrNkXb8rVAbsALjxiDJHSvk7nMdgaBvefk5BFCfTm8yizXS+ACd9jsfKP\/jdHW7vO+NM="}
02337{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":919746,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"2MuK4S0uXEl5dU5qCABFAAW+Zz0AADkGjfGs2RdvwKgCGwG74GxxouM\/VgMQFVAQAKxmrwAAFgMDAUACAAE8AwNaEZhwQMvGRia17iQ85cfpWbIlyCEK78TiiV+80WkH5ADALwABFP8BAAEAABcAAAAjAAAAEgD0APIAdwCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAV94FwAmAAAEAwBIMEYCIQCOcpHP8eLkntxXQ1Tjrgkfq4a8wWjfm33hC1SHIQ0zHwIhAOLCA4CBB1GjG48ln\/xLUqYo9bxAHzpi9\/wC7nxlADUGAHcA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFfeBb\/SgAABAMASDBGAiEAl\/lB3YySaQBKpLdTWGCB3bhmYqAySFOE4dze3W8NKA8CIQDAs3VT1pBZoPf6aMJOV84XGdv4AMLdR1a5823Z8ZfkcwAQAAUAAwJoMgALAAIBABYDAw1UCwANUAANTQAFlzCCBZMwggR7oAMCAQICCAIhoPm+N6ZAMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpHb29nbGUgSW5jMSUwIwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEcyMB4XDTE3MTEwMTEzNTAxNVoXDTE4MDEyNDEzMzEwMFowcTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2dsZSBJbmMxIDAeBgNVBAMMF3VwbG9hZC52aWRlby5nb29nbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ryVbbUxWBaKji+NxntNSt6Z+GPWIqfQH7GwVQ6iLXU61szXi38czpU6Yf7tUQoczH1uvL6sUOvrhWuxOqd3HTJYcXcyT+R1+jw96SSAHcnzl0p9kyuq4szOvkQKx6QRbH75b+TIL0JGRwxTefyONvSbYxYEOE\/03C3ticqPSv\/ZcGmujaJZWgsnUfSCIhyOmWT\/toMf4vNwHx8BGEcjjW8D+gqCZVbk+VbTTFZnbiakh\/bBYs1XbxEr+glbKjtZKnywHTuWenHPV89IJod6TiKT4cfCb0ze+Os5uBTnNHaKVxA0y4zXVOZK3wzupA7aHlE6lFuB\/k8kGzRNbjgGtwIDAQABo4ICVTCCAlEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwggErBgNVHREEggEiMIIBHoIXdXBsb2FkLnZpZGVvLmdvb2dsZS5jb22CFCouY2xpZW50cy5nb29nbGUuY29tghEqLmRvY3MuZ29vZ2xlLmNvbYISKi5kcml2ZS5nb29nbGUuY29tghMqLmdkYXRhLnlvdXR1YmUuY29tghAqLmdvb2dsZWFwaXMuY29tghMqLnBob3Rvcy5nb29nbGUuY29tghMqLnVwbG9hZC5nb29nbGUuY29tghQqLnVwbG9hZC55b3V0dWJlLmNvbYIXKi55b3V0dWJlLTNyZC1wYXJ0eS5jb22CEXVwbG9hZC5nb29nbGUuY29tghJ1cGxvYWQueW91dHViZS5jb22CH3VwbG9hZHMuc3RhZ2UuZ2RhdGEueW91dHViZS5jb20waAYIKwYBBQUHAQEEXDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1UdDgQWBBQ9pagvXHbYn+X52hgMckhuKOTnajAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAE="}
-00794{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_tot_l4_data_len":1776,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":296,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
+00805{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":6,"flow_first_seen":1511102576835,"flow_last_seen":1511102576919,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":1632,"flow_avg_l4_payload_len":272,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
02348{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":920774,"pkt_caplen":1484,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1484,"pkt_l4_len":1450,"pkt":"2MuK4S0uXEl5dU5qCABFAAW+Zz4AADkGjfCs2RdvwKgCGwG74GxxoujVVgMQFVAQAKxzYQAA1nkCBQEwCAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBAE0QItX4\/TGhNclqSbMZJIS57bdcjSA6FVTNW7rUTNv8U3Ruc2Z1Y1jMBUm\/1YgepWp1uCFUZB2+NzI\/lj3NQH06S21u2Knbuxg15YbP08FGtl5SrMJt2jSeYCUUJt5VouTgZAVK+K+2ByywQeJ+0gb4+82xn1hcRHo\/jNIcOqXXYhQaWczoIPvkM4xtbudZtXCZsJdGJu+kgkDfRPT6\/XHK13btG9oCZKhlPg4NwMyonSCfBAdZ2NbHULYTzSdcyoN0D3NPr7Q4noSY3aTvbPIB+TjHLmV8vyl07QNKnI3bJYAop497SVcuC3WKZDJgLHS2cYVwQP+iNoPK8HoVV58ABCwwggQoMIIDEKADAgECAhABACEliLD6Wad37wV7ZiffMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTcwNTIyMTEzMjM3WhcNMTgxMjMxMjM1OTU5WjBJMQswCQYDVQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwqBHdc2FCROgajguDYUEi8iT\/xGXAaiEZ+4I\/F8YnOIe5a\/mENtzJEiaB0C1NPVaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U\/ck5vuR6RXEz\/RTDfRK\/J9U3n2+oGtvh8DQUB8oMANA2ghzUWx\/\/zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rEahqyzFPdFUuLH8gZYR\/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZEASg8GF6lSWMTlJ14rbtCMoU\/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXCDTWJnZ37DhF5iR43xa+OcmkCAwEAAaOCAREwggENMB8GA1UdIwQYMBaAFMB6mGiNifurBWQMEX2qfWW4ysxOMB0GA1UdDgQWBBRK3QYWG7z2aLV29YG2u2IaulqBLzAOBgNVHQ8BAf8EBAMCAQYwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH\/BAgwBgEB\/wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vZy5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwIQYDVR0gBBowGDAMBgorBgEEAdZ5AgUBMAgGBmeBDAECAjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAMpJ5azXZGR3W75x+s\/0HiPHmmljVF\/rTNYZKCNkZo4cx4eAZF8EiyavmN8KcLy8GT3uezOpf730BdRwuwUmeeqax5i5BxllNMw86T\/FAfpvDH7benBcTP4tAPDKvi2OtKiA+wETiMucP+W7d8o6ZzbzztUnAnJDoL1uAvFHBXE+AVnpEZ4a84QPgKaieDUvtseifxd84YtWru5niFEnMGClYlLDN9U76oUqATiHos9wraR6ycTnysXavCMy8v4Ywnvg3zsv1NAQ5pZM+0S3IWQNuQCUMBImh1iYOQU4D8yCSAwKR2buv7RfxP9wqOF\/i3kruGUyo7m3MekK9fYfMtwAA4EwggN9MIIC5qADAgECAgM="}
02033{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":921788,"pkt_caplen":1250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1250,"pkt_l4_len":1216,"pkt":"2MuK4S0uXEl5dU5qCABFAATUZz8AADkGjtms2RdvwKgCGwG74Gxxou5rVgMQFVAYAKzzvwAAErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg\/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt\/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ\/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBOBgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GBAHbhEm5OSxYShjAGsoEIz\/AIx8dxfmbuwu3UOx\/\/8PDITtZDOLC5MH0Y0FWDomrLNhGc6Ehmo21\/uBPUR\/6LWlxz\/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1Wb8ravHNjkOR\/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8SFgMDASwMAAEoAwAdIKIUteGvAUZrK6ad5Agu9+5fu88xW6FNoIUSPSUxBHRoCAQBAJZH9eki1cX9V6arbiao2uIRX6bZpgIw1XNJPEooI7X4bElGMCanTXwm4mG2IyrhmXHANsOqgfLmCbhZGqoXvMS8toJl6bUUlXpGbtwb\/EFIdOkYV10CWjkj7rEwLTWcpPtuN1yh9wR3UAwD2ei4p3zfiVtRL4B4AMVfmbea43d2gkKiSiDtpGqSR555KqmBgivd4lvIqHiznJ\/8awojnor6ZpA1N6o8N\/02JVVs3DLR4iEn9edfBaa\/QXJgKpMi7yzFJnKiN3CHLyKH7mHsjrODRZyQNmaSp2\/EVcaHLsP3sI6NEcYAELGolMod84h2cEkUTIS6A5R6Z4rtZrZwH\/kWAwMABA4AAAA="}
-01317{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_tot_l4_data_len":4442,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":555,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}}
+01328{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":8,"flow_first_seen":1511102576835,"flow_last_seen":1511102576921,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4258,"flow_avg_l4_payload_len":532,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"upload.youtube.com","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","issuerDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","alpn":"h2,http\/1.1","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}}
00422{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":921995,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"XEl5dU5q2MuK4S0uCABFAAAoAVFAAIAGcnPAqAIbrNkXb+BsAbtWAxAVcaLua1AQAQJ\/eAAAAAAAAAAA"}
00544{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":923583,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"pkt":"XEl5dU5q2MuK4S0uCABFAACFAVNAAIAGchTAqAIbrNkXb+BsAbtWAxAVcaLzF1AYAP7AMQAAFgMDACUQAAAhINBmFC9CVCRDMShWiVmltZYHlkKdx6r\/BQu\/gzM2mj1BFAMDAAEBFgMDACgAAAAAAAAAAPv3b8T97N\/vTXDJOkDRmE+V6iJVyBIxDuPqwaENi5Qu"}
00440{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102576,"pkt_ts_usec":943134,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"2MuK4S0uXEl5dU5qCABFAAA6AABAADoRuaes2RdvwKgCGwG7ytUAJpjzAAVHa4mi6b+KhN5\/rli\/WzsoX566BxQnJMdg2JLx"}
@@ -33,9 +33,9 @@
01168{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":40502,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"pkt":"2MuK4S0uXEl5dU5qCABFAAJVAABAADoRt4ys2RdvwKgCGwG7ytUCQfvVAAb3C0W+w2dI6GD9DdKTilUcc5L469XODxlzaeQmOnIYegXnLcskdcpTyJ4R8LS30aKYZ2l2Kitomu5vOxeqJ34L8VTnfdi9tZuVuaulRgq0LtRlrQYwXlwFuxKj+suInXdhexP4fVhnP19SNSqZzNb6li7LqN+ZETqI9UmzDOFjgVYqDuFVDjwSvIZHzcvN2sNk+0s06PPBswVnQscEJCmnhK7Vz+UtZxar9fiHJWQMWGxEPBVKcttaO+o791lzycTWKDj8boMlMB3C4aCflOcKfLkexVSiSwraTODJ3\/5s53vQ9hp\/9awxafl26iIU\/+C856G2vepYo89k8shnp2+s0rDZf6JnWqhz5Zl4mE0q35HXgARAGz2VL+zuqJ2++cYwLdYpD2JQlpHkozT8HTbHljdVulXa\/u41t8mpABOFMyhbljzeUgIMVshgJdP+AwF2aozNCMQa0Ff+IBkGiK65kSWlOCjdcg3bfLtuVf+5iuoMlB4EJ8iYcq+j6OcOtOxArmXIhcU8h\/M+Ko6HreA3\/UT0oz8RT2QlwCyt7Dl9Cv4jO7PckuCmmOEE2qLG2hXocmurJ4FmlclFFykx70m8yqo++n8GKxahiO4urNk379MFIRUv77UxcKxSwiKFcWE1jfPJZ5rdQC7I\/buoN6GHPbnUE1UUzogjO07Jq96S8mpfKL2g90035sEtYhACDL84\/0R1n0P12QttamcQMdbIzrZtO+fgSdQeny8QPI+jokRLqjj6SDc="}
00454{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":41048,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"pkt":"XEl5dU5q2MuK4S0uCABFAABFAVxAAIARckDAqAIbrNkXb8rVAbsAMY0aDJHSvk7nMdgaBzVHIy1XPsH4zhAaJ9HBVxd\/TWKAAK3H+Hr1uFclQR8="}
00447{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":41769,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"XEl5dU5q2MuK4S0uCABFAAA\/AV1AAIARckXAqAIbrNkXb8rVAbsAK5ySDJHSvk7nMdgaCE+YWSRRWbgSjZxuiZCo+CD\/9NTDNB6hYbQ="}
-00488{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1511102578051,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1511102578051,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
02203{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":51971,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
-00651{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1511102578051,"flow_last_seen":0,"flow_tot_l4_data_len":1358,"flow_min_l4_data_len":1358,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1358,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
+00663{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1511102578051,"flow_last_seen":0,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}
02218{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":108526,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"}
02233{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":109522,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
02208{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":117740,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV9AAIARbSDAqAIbrNkXb\/MYAbsFTgWcDAjRAddSQpCnAsbNRhPFJhDd2f0pyEACFIECAgEAAOY2AAOIBgCkAQUUBABDSExPHQAAAFBBRADfAAAAU05JAPEAAABTVEsAKQEAAFNOTwBdAQAAVkVSAGEBAABDQ1MAcQEAAE5PTkORAQAATVNQQ5UBAABBRUFEmQEAAFVBSUTIAQAAU0NJRNgBAABUQ0lE3AEAAFBETUTgAQAAU01ITOQBAABJQ1NM6AEAAENUSU3wAQAATk9OUBACAABQVUJTMAIAAE1JRFM0AgAAU0NMUzgCAABLRVhTPAIAAFhMQ1REAgAAQ1NDVEQCAABDT1BUSAIAAENDUlRgAgAASVJUVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29t51304JowmNkcS5BKcGF4TFeKPL0vzLFwvGKNQZSC3tV5AuZccITR1IKNPBS7gM5cGXDQdMbrYK1m27ZrpG7Vf6wfUgDYUmoNGkZUDkwfIwpzu8q0llRbLpar8W8kfc33hmKtdhIF96r1CjwBUTAzOQHogWCSkhrofu2AhqIVgpFaEZh1MDAwMDAwMDBZwphmdL7Yts0y+qUR1kfRSDFXSWQAAABBRVNHQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjT2WrIAgJRr6TC6B5YGxsq+AAAAAFg1MDkBAAAAHgAAAHWYEVoAAAAAY86fJYRsWvt+n8SMuRjDn5CDfPNuMMHuyZztFKKwgWq63bH0pGsbpiKJlwdORVq++wXvbyC+Jog1Q4kiEaUUI2QAAAABAAAAQzI1NZwUB\/4nw78HNVJUT5wUB\/4nw78HmpHtbxwAgQ5AC3uQqa5565jAAAAE39g8QbpBjsXpZJ0k2Opa1yiXuoap6rNlFyRG3VaiUwwUTIXHR7HUE8tH+qMCGSkVfFDe9ZwBj5iFLt6nb9dICVRJNIeq99y3gDocOmnE3lMaHWOMgX5wcE5URr2JRfmKpGOgc7tXbRVfGIzEEC8Zcrx\/h1b4mHL5eogupc3r3xXMzTaDPU27bKw026+kjZ5+CM9l3v8W6hXwvRN\/+i6loGkEhQAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
@@ -50,7 +50,7 @@
00486{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":180527,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"pkt":"XEl5dU5q2MuK4S0uCABFAABZAWZAAIARciLAqAIbrNkXb\/MYAbsARTzLDAjRAddSQpCnCUIU6saaeRlWNypXMbLqJjFDzm3BL\/QJZQshKHLAuTmSKkuYJgIbLSd6aEzQPz6Vuf3yvA=="}
00444{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":216417,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"pkt":"2MuK4S0uXEl5dU5qCABFAAA9AABAADkRuqSs2RdvwKgCGwG78xgAKQv\/AAW6kYrY6Rl4Spd2erSFzl\/hFEcXrPb6gVIFYoj0G3eL"}
00439{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"youtubeupload.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1511102578,"pkt_ts_usec":239340,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"2MuK4S0uXEl5dU5qCABFAAA6AABAADkRuqes2RdvwKgCGwG78xgAJjDlAAbriko+\/ZfW2aYS1AzZ5OusG0WkuzV30Av+okTE"}
-00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_tot_l4_data_len":4988,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":383,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_tot_l4_data_len":103076,"flow_min_l4_data_len":24,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":1030,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_tot_l4_data_len":14298,"flow_min_l4_data_len":26,"flow_max_l4_data_len":1358,"flow_avg_l4_data_len":595,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00511{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00516{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00134{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test"}
diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out
index 829a6f5af..5d617179c 100644
--- a/test/results/zabbix.pcap.out
+++ b/test/results/zabbix.pcap.out
@@ -1,15 +1,15 @@
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zabbix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572254070608,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1572254070608,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":608539,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="}
00433{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":608854,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":608873,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"}
00453{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":608917,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_tot_l4_data_len":167,"flow_min_l4_data_len":32,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":41,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
+00530{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"proto":"Zabbix","breed":"Acceptable","category":"Network"}}
00421{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":609214,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"}
00446{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":613291,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"pkt":"OjUSPEK7RoQclwmZCABFAABEt4dAAEAGe2DAqEMZwKhDYidC30pw8XhlcAHR7IAYAON\/JgAAAQEICit9RfsrwjXUWkJYRAEDAAAAAAAAADI2Mw=="}
00422{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":613301,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4hAAEAGe2\/AqEMZwKhDYidC30pw8Xh1cAHR7IARAONpHAAAAQEICit9RfsrwjXU"}
00421{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":613423,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RoQclwmZOjUSPEK7CABFAAA05ApAAEAGTu3AqENiwKhDGd9KJ0JwAdHscPF4dYAQAOUH8wAAAQEICivCNdUrfUX7"}
00421{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":614569,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AtAAEAGTuzAqENiwKhDGd9KJ0JwAdHscPF4doARAOUH8wAAAQEICivCNdUrfUX7"}
00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1572254070,"pkt_ts_usec":614852,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4lAAEAGe27AqEMZwKhDYidC30pw8Xh2cAHR7YAQAONpGAAAAQEICit9Rf0rwjXV"}
-00489{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_tot_l4_data_len":375,"flow_min_l4_data_len":32,"flow_max_l4_data_len":55,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test"}
diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out
index 0feb75355..df9fdb3b0 100644
--- a/test/results/zcash.pcap.out
+++ b/test/results/zcash.pcap.out
@@ -1,10 +1,10 @@
00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196094240,"flow_last_seen":0,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":40,"flow_max_l4_data_len":40,"flow_avg_l4_data_len":40,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196094240,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":240063,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="}
00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="}
00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322778,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"}
00773{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322947,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"fmgbW\/gUcIXCQA64CABFAAE4ux9AAEAGRKLAqAJcsiDE2deWI1qAnf86I+a9J4AYAOWIhgAAAQEICk+Ou8XshW\/8eyJtZXRob2QiOiJsb2dpbiIsInBhcmFtcyI6eyJsb2dpbiI6IjRCQ2VFUGhvZGdQTWJQV0ZOMWRQd2hXWGRSWDhxNG1oaGRaZEExZHRTTUxUTENFWXZBajlRWGpYQWZGN0N1Z0VibWZCaGdrcUhiZGdLOWIyd0tBNm5xUlpRQ2d2Q0RtLmNiMmI3MzQxNWM0ZmFmMjE0MDM1YTczYjlkOTQ3YzIwMjM0MmYzYmYzYmRmNjMyMTMyYmQ2ZDdhZjk4Y2IyNTcucnl6ZW4iLCJwYXNzIjoieCIsImFnZW50IjoieG1yLXN0YWstY3B1LzEuMy4wLTEuNS4wIn0sImlkIjoxfQo="}
-00554{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_tot_l4_data_len":404,"flow_min_l4_data_len":32,"flow_max_l4_data_len":292,"flow_avg_l4_data_len":101,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
+00564{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}}
00421{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":405351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQA64fmgbW\/gUCABFAAA0zTZAADMGQI+yIMTZwKgCXCNa15Yj5r0ngJ4APoAQADl3vwAAAQEICuyFcBFPjrvF"}
00828{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406828,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"cIXCQA64fmgbW\/gUCABFAAFjzTdAADMGP1+yIMTZwKgCXCNa15Yj5r0ngJ4APoAYADnxwAAAAQEICuyFcBFPjrvFeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2IiOnsiYmxvYiI6IjA2MDZlODk4ODNkMjA1YTY1ZDhlZTc4OTkxODM4YTFjZjNlYzJlYmJjNWZiMWZhNDNkZWM1ZmExY2QyYmVlNDA2OTIxMmE1NDljZDczMTAwMDAwMDAwNWE4ODIzNTY1MzA5N2FhM2U5N2VmMmNlZWY0YWVlNjEwNzUxYTgyOGY5YmUxYTA3NThhNzgzNjVmYjBhNGM4YzA1Iiwiam9iX2lkIjoiNzIyMTM0MTc0MTI3MTMxIiwidGFyZ2V0IjoiZGM0NjAzMDAifSwic3RhdHVzIjoiT0sifX0K"}
00421{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyBAAEAGRaXAqAJcsiDE2deWI1qAngA+I+a+VoAQAO11xwAAAQEICk+Ou9rshXAR"}
@@ -16,5 +16,5 @@
00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":400850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyRAAEAGRaHAqAJcsiDE2deWI1qAngGsI+a+1IAQAO1WkQAAAQEICk+Oyn\/shX62"}
00670{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":332032,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyVAAEAGROnAqAJcsiDE2deWI1qAngGsI+a+1IAYAO2rlwAAAQEICk+O0UPshX62eyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6IjYzMDU4MDAwIiwicmVzdWx0IjoiYzgxMTEzMWE2Yjk3N2M3MmYwYjBmOWNkYzg0ODk3M2NlNGJlOGZiZDI4NmYzNTgzZmRlMGVhZWZhOGY3MDAwMCJ9LCJpZCI6MX0K"}
00509{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":444796,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzTpAADMGQEyyIMTZwKgCXCNa15Yj5r7UgJ4CY4AYADmIgwAAAQEICuyFhZdPjtFDeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_tot_l4_data_len":15714,"flow_min_l4_data_len":32,"flow_max_l4_data_len":335,"flow_avg_l4_data_len":108,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test"}
diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out
index 2ffa507c0..708c878f0 100644
--- a/test/results/zoom.pcap.out
+++ b/test/results/zoom.pcap.out
@@ -1,19 +1,19 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569520466080,"flow_last_seen":0,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569520466080,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00692{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":80774,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
-00807{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569520466080,"flow_last_seen":0,"flow_tot_l4_data_len":231,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00819{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569520466080,"flow_last_seen":0,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7":"Obsolete TLS version (< 1.1)"},"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00447{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":209429,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"AQBeAAD7KDc3AG3ICABFAABJ4i8AAAERNFzAqAF14AAA+xTpFOkANQtaAAAAAAABAAAAAAAAEF9zcG90aWZ5LWNvbm5lY3QEX3RjcAVsb2NhbAAADAAB"}
-00549{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569520466316,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00561{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"proto":"MDNS","breed":"Acceptable","category":"Network"},"mdns": {"answer":"_spotify-connect._tcp.local"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1569520466316,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":316930,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+ZLAqAF1p2PXpNZPEVI+PYNCAAAAALAC\/\/9XugAAAgQFtAEDAwUBAQgKJZzPXwAAAAAEAgAA"}
00431{"flow_id":3,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":355017,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGBJenY9ekwKgBdRFS1k9+iDZRPj2DQ6AScSDtKQAAAgQFrAQCCArh63OkJZzPXwEDAwc="}
00419{"flow_id":3,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":355115,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"}
01118{"flow_id":3,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":355344,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAG95nAqAF1p2PXpNZPEVI+PYNDfog2UoAYECxTkgAAAQEICiWcz4Xh63OkFgMBAgABAAH8AwMNN3rZQIy1W6cxVq6XcSeMK0WraD3DhdYuuqU1GeYt1CAlA\/kunOkhTd5wsEiS6\/3fwP4i6nJuxBCdQo4WkiQHSgCgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhACNwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEABwCMwBHAB8AMwAIABQAEAIoA\/wEAARMAAAASABAAAA1kYXRpLm50b3Aub3JnAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00795{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00806{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00420{"flow_id":3,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":392600,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05\/ZAADUGHKinY9ekwKgBdRFS1k9+iDZSPj2FSIAQAOuJ0gAAAQEICuHrc8olnM+F"}
00618{"flow_id":3,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":392965,"pkt_caplen":208,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":208,"pkt_l4_len":174,"pkt":"KDc3AG3IEBMx8Tl2CABFAADC5\/dAADUGHBmnY9ekwKgBdRFS1k9+iDZSPj2FSIAYAOtSjQAAAQEICuHrc8slnM+FFgMDAFYCAABSAwNWVv3wdcE91bUYtcDqJrP1CjoibzTPRJf5EGTNFWH8ayAlA\/kunOkhTd5wsEiS6\/3fwP4i6nJuxBCdQo4WkiQHSsAwAAAK\/wEAAQAADwABARQDAwABARYDAwAo3atftrGe7Gikn4sNlGTYJoWExi90kXBz3r0qa+R1ykzjhP+iZMqKbg=="}
-00849{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_tot_l4_data_len":871,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":145,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
+00860{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
00419{"flow_id":3,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":393050,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYVIfog24IAQECd54gAAAQEICiWcz6rh63PL"}
01594{"flow_id":3,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":393844,"pkt_caplen":932,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":932,"pkt_l4_len":898,"pkt":"EBMx8Tl2KDc3AG3ICABFAAOWAABAAEAG9jzAqAF1p2PXpNZPEVI+PYVIfog24IAYECd\/lAAAAQEICiWcz6vh63PLFAMDAAEBFgMDACjt0t+5+syfbeJtwHr+4Vf9Pdk9tZIO6Wqf7EhUNttrQGsob1+JgYrGFwMDAyrt0t+5+syfbl10s5BstfFfqbiT1XdlTr0\/6Y1tzw2jYTu5+Qy82oCjn0S5p8LCN5rfQSZ22qnwgu2THvoo64ksNUINqJ7GYKmTkYO1B5ZYN+V+ZLq\/5dRCq\/uOGTEN516g1Zdq+4us3U0lyk1K5m8zUFul36prXSoxxjqKPPxNQGOUxyH7Qtged5AN5KcjLw\/PbtIDBuq+G6DTLdfBFblUOGQbh4PlH4kIzD1SFpvbGEp6rdaEyh0QWTJNJlM1Gk3DE4aDhLI4+6ssPSXv5Lc7HNWvPN0xrTMfPeTrqt4UuDlsKuoaQfecwdMsdMWDKmH\/uNinZABWVl5I\/CgPKYVDU8KO2d84dibWxUqcJzq7aY0anFI4RHVCRd6ah8ljPee9yLQRPAGQXvXx1FkLtBwS8kcO4eEycj8icN5mulgX9AkInnqxjm1df99ngeZKxC8hwXrs5xNKkgkHq5WvuTZLVKY08KYb30t3wPFV0qvpnFIn4qCmp76NNfXuCqBmTUWYwq1znkKywaTq7ks4yFidURtiautLW0FL7MRv5AdQ\/qZLi3xgGzx+HByOc6o7umoeKYCeELf7kclnvjZPZTJIqT5l2ZezzRKVtgAmITfKlr5L6xxAVHd3kdFm9uZ0dmTw70V9nAz+sJqtHJsAqfr2CJ3RStDEEwOcMUijnQWTqES6RjoLoY9T4ncHWxLOV9KTGwyuBe49bPlIXP4bHWLjdDbDNBLSGa0P9n9hY\/BHnqcvav\/pGxCpF68UyNyd+hEzMXtnB1yZvjrcUbNgU+wGQZxF1nN9bxod91C72ZkCoYIyQIn1ES7ybLFqrPZvOY+imddPvqQ3e+5IdMqV+8akBgPlg3zlx5VnT6KWdPhDAMFJ48FmdP3CCR7WpQwtBU6av6rXrSui6oaX5SER11tjXt8iddkN\/\/X0r0KgFkUD5\/eWUQg6BPRodE1K5\/MeLaOINj4NgouNp8b15boZrEUnEZEMRfnMa6QOhPcAvxCdjEW0bB9wxlx+wQPD56j1XisI9W5JPya+BvUoFLeZTTha\/IlTDywUHzpQmIFzU7YrBDnPod0vpDGdXRE="}
00421{"flow_id":3,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":474195,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05\/hAADUGHKanY9ekwKgBdRFS1k9+iDbgPj2IqoAQAPmFXAAAAQEICuHrdBwlnM+r"}
@@ -23,70 +23,70 @@
00421{"flow_id":3,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520466,"pkt_ts_usec":531926,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYk5fog7qoAQEAFwOgAAAQEICiWc0DPh63RV"}
00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520467,"pkt_ts_usec":785843,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","type":34969}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569520467811,"flow_last_seen":0,"flow_tot_l4_data_len":79,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1569520467811,"flow_last_seen":0,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00490{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520467,"pkt_ts_usec":811636,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
00694{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":207688,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00564{"flow_id":5,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":207892,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"pkt":"AQBef\/\/6KDc3AG3ICABFAACaDxkAAAER+CLAqAF17\/\/\/+t7BB2wAhjkTTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00509{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569520468399,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","ndpi": {"proto":"SSDP","breed":"Acceptable","category":"System"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569520468399,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00491{"flow_id":6,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":399032,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgjegAAEARZ+DAqAF1wKgB\/wCJAIkATBmVRZdAEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAbgAMCoAXU="}
-00503{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569520468399,"flow_last_seen":0,"flow_tot_l4_data_len":76,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
+00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_first_seen":1569520468399,"flow_last_seen":0,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00491{"flow_id":6,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":399187,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgqi0AAEARS5vAqAF1wKgB\/wCJAIkATJqXRZhAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="}
00491{"flow_id":6,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":399309,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABgHVYAAEAR2HLAqAF1wKgB\/wCJAIkATJqURZlAEAABAAAAAAABIEVNRkZFREVCRkRDTkVKRU5FQkVEQ0FDQUNBQ0FDQUNBAAAgAAHADAAgAAEAAAOEAAZgAMCoAXU="}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569520468922,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569520468922,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00428{"flow_id":7,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":922117,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA59vgAAP8RQPTAqAF1wKgBAftgADUAJTi0e18BAAABAAAAAAAAA2xvZwR6b29tAnVzAAABAAE="}
-00629{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569520468922,"flow_last_seen":0,"flow_tot_l4_data_len":37,"flow_min_l4_data_len":37,"flow_max_l4_data_len":37,"flow_avg_l4_data_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00641{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_first_seen":1569520468922,"flow_last_seen":0,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":29,"flow_tot_l4_payload_len":29,"flow_avg_l4_payload_len":29,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00449{"flow_id":7,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":958056,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"KDc3AG3IEBMx8Tl2CABFAABJ++kAADcRA\/TAqAEBwKgBdQA1+2AANbDee1+BgAABAAEAAAAAA2xvZwR6b29tAnVzAAABAAHADAABAAEAAAA8AAQ0yj7u"}
-00655{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}}
-00471{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569520468959,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"log.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.238"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_first_seen":1569520468959,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":8,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520468,"pkt_ts_usec":959185,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOPAqAF1NMo+7tZQAbuf1vAbAAAAALAC\/\/+Z4QAAAgQFtAEDAwUBAQgKJZzZqwAAAAAEAgAA"}
-00468{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569520469036,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569520469036,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00419{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":36433,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAzKPoAAP8RDvnAqAF1wKgBAf9yADUAH9x7wYgBAAABAAAAAAAABWxvY2FsAAAGAAE="}
-00620{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569520469036,"flow_last_seen":0,"flow_tot_l4_data_len":31,"flow_min_l4_data_len":31,"flow_max_l4_data_len":31,"flow_avg_l4_data_len":31,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00632{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1569520469036,"flow_last_seen":0,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":0,"num_answers":0,"reply_code":0,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00419{"flow_id":8,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":67014,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVu40yj7uwKgBdQG71lCVbT6Un9bwHIASaQOUKgAAAgQFrAEBBAIBAwMM"}
00404{"flow_id":8,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":67106,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vAclW0+lVAQIAAd\/QAA"}
00523{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":72146,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB+D5oAADcR8A7AqAEBwKgBdQA1\/3IAaoTewYiBgwABAAAAAQAABWxvY2FsAAAGAAEAAAYAAQAACY8AQAFhDHJvb3Qtc2VydmVycwNuZXQABW5zdGxkDHZlcmlzaWduLWdycwNjb20AeFjoeAAABwgAAAOEAAk6gAABUYA="}
-00642{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00439{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00653{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"local","num_queries":1,"num_answers":1,"reply_code":3,"query_type":6,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00447{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":72220,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4d+0AAEABfxHAqAF1wKgBAQMD\/OoAAAAARQAAfg+aAAA3EfAOwKgBAcCoAXUANf9yAGoAAA=="}
-00471{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569520469081,"flow_last_seen":0,"flow_tot_l4_data_len":20,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00479{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","ndpi": {"proto":"ICMP","breed":"Acceptable","category":"Network"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1569520469081,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00405{"flow_id":11,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":81864,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAog\/0AAEAG0h7AqAF1DeFUttYOAbuSOQajVAdu1VAQECZHdwAA"}
01098{"flow_id":8,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":90576,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvbAqAF1NMo+7tZQAbuf1vAclW0+lVAYIABOFwAAFgMBAgABAAH8AwOmdJtxNFfMjcfLUUPitDEoY1B0Di2UTNnlfk3BbUb8gQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEAAOAAALbG9nLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEzdAAAABAACwAJCGh0dHAvMS4xABUAtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00728{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_first_seen":1569520468959,"flow_last_seen":1569520469090,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00414{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":116573,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569520469189,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_first_seen":1569520469189,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":12,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":189810,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00412{"flow_id":8,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":198772,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"}
00449{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":200030,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
02362{"flow_id":8,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":200490,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUmZ1AAO4Gt7A0yj7uwKgBdQG71lCVbT6Vn9byIVAQAAeKkQAAFgMDAG8CAABrAwPKBG+U7JBJp\/TJvGn\/5vHfMAxvAOs319BxkInNVvKs4iBEnxtkHLKnJnbfgOPDa6YYCrRzCw8CsnIEvO6S8a2H8sAvAAAjAAAAAP8BAAEAAAsABAMAAQIADwABATN0AAkIaHR0cC8xLjEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RA"}
-00773{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_tot_l4_data_len":2125,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00784{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1569520468959,"flow_last_seen":1569520469200,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02360{"flow_id":8,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":200864,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUmZ5AAO4Gt680yj7uwKgBdQG71lCVbURBn9byIVAQAAcz9QAAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAEAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8M"}
00404{"flow_id":8,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":200897,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vIhlW1J7VAQH6UQ+wAA"}
02370{"flow_id":8,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":200992,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUmZ9AAO4Gt640yj7uwKgBdQG71lCVbUntn9byIVAQAAeiOwAAYaq\/5Cob7oSeuIN9wUPORKcTcA2RH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXnoQPvVdws1rpH6CGU7vvfP9pC+BIw7eTC8gKVMSsXRRnN2zKpS8xCDeqbm+MvJviV10kga+Xl5yErWysN0xm82GRESDkvjCfeqQpCbDhNF9kdxhAUd+MMKavAAQEMIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24g"}
02100{"flow_id":8,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":201006,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAUMmaBAAO4GuHU0yj7uwKgBdQG71lCVbU+Zn9byIVAYAAeZngAAQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d\/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9\/AlQiVBDYsoHUwHU9S3\/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i\/ojgC95\/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta\/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4\/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h\/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1\/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0\/ZM\/iZx4mERdEr\/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX\/bvZ8WAwMBTQwAAUkDABdBBDh8Aw8C0MDl8tMausROinCdGxJr2yDjEllyL6CDIBpiOo5ElRKFW6illxbfO4fGLOT2+PdrbbSVI4WyXzN0+8YGAQEAhf7EvIx7llF3vVP7sI3llftFOPHvoqTRVmFuoxDs6GA9k1sVBOv2K7CYxcN0X83amYJHgI+Okt+y7Y6OF1PutSOwItqZAUf8dFJ3+lj6W5lEa7JbIw1EGCibJb3Hc6KwMbojBzg\/9JQZiaATR5qs96bH3j9rMOdsB5FjoDugpPRZX9jS0woZD7hNeCQ3y4suENB2EQszf7fbvCmzwJHG2lm+J+rsWiqn\/Rjd5XJ\/TsduJwCiQE5+UwX9n6kCmXlt+adLA0rPbpcAsx4AC4QlPBMwcFgW2C+Y7ARZFTy0TuJ3tMbhx1CbzyJ9qXdSoAoDSBU4uVgfhZ2H3V4lXGO0DBYDAwAEDgAAAA=="}
-01097{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_tot_l4_data_len":6361,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":636,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01108{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":10,"flow_first_seen":1569520468959,"flow_last_seen":1569520469201,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"log.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00405{"flow_id":8,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":201034,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vIhlW1UfVAQH1AGwAAA"}
00406{"flow_id":8,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":210158,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vIhlW1UfVAQH\/UGGwAA"}
00449{"flow_id":12,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":210161,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00521{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_tot_l4_data_len":156,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00533{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_first_seen":1569520469189,"flow_last_seen":1569520469210,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
00665{"flow_id":8,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":213587,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"EBMx8Tl2KDc3AG3ICABFAADnAABAAEAGBDzAqAF1NMo+7tZQAbuf1vIhlW1UfVAYIACAegAAFgMDAEYQAABCQQQjGEBOObJ+DhlTuJpBuERf8kVIYtG2ojzXUr+Qc\/qFuzlhGoH8jfBDSm0BNio42JODYjFyPt3i9jdU3gJlOG5EFAMDAAEBFgMDADzioxr48wHmsP3inQeKwolQJP6cUPekSozeWjPdbu+65VEbzFhq+O0LamqzrEPZJWGEBZkJoHT5jM+ODroWAwMAKOKjGvjzAeaxSy0LryEIH34ipy1+DSUIvLInQLqarGRThGZWEx+gSog="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569520469221,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569520469221,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":221116,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569520469221,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1569520469221,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
00449{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":231500,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00450{"flow_id":13,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":242043,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569520469253,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569520469253,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00449{"flow_id":14,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":253995,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
-00565{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569520469253,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
+00577{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_first_seen":1569520469253,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"STUN.Zoom","breed":"Acceptable","category":"Video"}}
00449{"flow_id":14,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":264582,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00449{"flow_id":14,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":274880,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="}
00475{"flow_id":8,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":320777,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"KDc3AG3IEBMx8Tl2CABFAABbmaFAAO4GvSU0yj7uwKgBdQG71lCVbVR9n9by4FAYAAiMbQAAFAMDAAEBFgMDACig9wZEEh9PXnWzP7UPzglBn2X1WWBPivEs8lK+xK+RUEz6C7r01B7U"}
00406{"flow_id":8,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":320907,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBPvAqAF1NMo+7tZQAbuf1vLglW1UsFAQH\/4FIAAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569520469340,"flow_last_seen":0,"flow_tot_l4_data_len":295,"flow_min_l4_data_len":295,"flow_max_l4_data_len":295,"flow_avg_l4_data_len":295,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_first_seen":1569520469340,"flow_last_seen":0,"flow_min_l4_payload_len":263,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":263,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00783{"flow_id":15,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":340783,"pkt_caplen":329,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":329,"pkt_l4_len":295,"pkt":"EBMx8Tl2KDc3AG3ICABFAAE7AABAAEAGza7AqAF1aMdBKtJrAFCnuOoZVolcQYAYEADYHwAAAQEICiWc2yOz1c0BjkVSpFLY1xT06OSrjoriJgcfK\/\/jFeJ0MBFnTs\/gjSBBTilLonupmCKu9pPH3O3kr0WdmS15RGnoT780kKdV0pI3Sc4BmoL3SDuD+4AKh61lYz9\/Fy+NoN7yg5wYBt1EyrpPMLbLqHBNHL\/bSEl7ELs0VVSBp\/yK5KmmCJ9NxlFB5OhyVsIKKMN16tHZjCMzvfXD8zzASLDMp2Jgo7P\/WwPcHOM+42RSXjbuLZ5ok2AmF+hLRIKzRuPPREeQ7vQwmpDzjOHW9Sf++k9YwzgVZySXAtDkgpGRg+YDLvXpKGuHNj5xgws4SOHXAFvt3QGUXS4yo6IYy8o0BGkEyJuTk1MEHV6JN74="}
-00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569520469341,"flow_last_seen":0,"flow_tot_l4_data_len":1400,"flow_min_l4_data_len":1400,"flow_max_l4_data_len":1400,"flow_avg_l4_data_len":1400,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_first_seen":1569520469341,"flow_last_seen":0,"flow_min_l4_payload_len":1368,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1368,"flow_avg_l4_payload_len":1368,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
02281{"flow_id":16,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":341987,"pkt_caplen":1434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1434,"pkt_l4_len":1400,"pkt":"EBMx8Tl2KDc3AG3ICABFAAWMAABAAEAGb1\/AqAF1I7rgNdJwAbu\/4X6L2uaJRIAQEAC3VgAAAQEICiWc2ySFp5bjFwMDBZ4AAAAAAAAAkgusoLvJ6vSttM3Q7UxWnNoYus44vvH4fsNNbl6rpvk6OYpGeuvwflaMmUGTYIrirttSlsO38H0GA7wE0xtelFBUIqtPaG2zLaELN02TEy8tUFQrsrqVaYUsCYJ2hIqsiRr8HUVz8JaKDjyEbW\/6SDuFmHrK8XtHElqv0awJOAEmL3KNt0jVBWwHCGEFsZPcfO1pHuuoiBuup3wZUBRnIJST+dFPme0TV6vJ+IxOjx\/mA8fFWqQdV0lKttFkpnySiRxX5yrxpipVJy4p7z67+kAmdWhmjAbJ0jKiyDw+DcyTkynUokZHprab8MCYp\/TQx3xlQiW8+bdGrifHDAXawAfxdyEnxRfDIbdQKLwqUd3q\/7pZfr\/4d1tUDgm0WlajX7mPfF9WlQlsZCy+ChrMLq6KB65LC24miZN0Oh\/kWW3n1lqgTdT6wyEHUQbhN7aMRFDURjgWnZBDWn4PrH7p5zNvQSTu1\/tX7DHH9FI+E\/S8F73db4ge7KXn\/dETNp0MT++lGzZNvQ8tP2HIXFPFo1PFoNApoahzcRPgbV1rmTnmuWdwR6k9v2rQ51IRkvomJ5+TW8zK\/T3dpZj8bQ2ZXFOOqjyv1+mdfNtQelTeuF+xFuT9k3w43crUkirHNjO6HDcTH8g5iwOfX\/P5Ze+j2MahTCw4IqO2cgO0GUqqgaRqFgkBd4qtJfEyTzJvn2QyDNF8nXiqgRtiC89ltDf6sKzt1TUcglqiIso29y4WBLLmAnOlHxC5COmZYEu0CraDE3vjq3Eo6QVYa5U+p4OKJ9K9r563eLKRSjLRb\/GJwoU19nJfa5zVERWEq0IToF\/rMA7vLUy3muT3dZmJxkOsSuFN\/Usyd+T412g2p1ZdXXnKqATMbFhbdBtC\/y58N+Ld\/82QR9uhyJTGIl+G7bL56l07dPTLTdZ8Usdj23buwPw30vMgmi+E2m8MN9Y502dlBs94rGej8il7sUNS4pRHgYLTyWg6cZyS8AsHVWXff0sHuCuhPPV8M5EKNXzyntJ0gexz8gHMiqPY4NI0Ni\/OneEqQ4C8E6uqXvI2kcZ2BOG\/p4MX8o3AIWp7ayyFuWOJxi2lw6TEu8NuHHmGI4kv4FI3\/kgSQc6sf3SB44BSo3k4njWMAfAGbStQzO7TdByZBgUmqKdUtWCav3gJeVcsVZvgE+oEb2RNn0kn49ZouFmtBZa4MHnF81Rig78AE6ulpakr3aQ66b3O\/vtpHtpLOQcnjEQ\/qS+\/M1GayjxpQWCXEP02WwpvuLolzsWcvLf0N4iVpkzaVwjd0PnTczMC0nRmMJNbIBUnjIjJ5eKWfHSbRJbj\/MtVxqJwc8zwost2cccITh0lHc81zUSBD7GSF5b9zV7g2B0N4HfRanVjZhq4\/wraioSAC+795Umn4JCnMPSUAwuEnGuY7\/qhVrVORRO8KqXtC5\/5m+ff6XLy24O2WsPRzzPmP37Tt6opYkQlNaCU6f6MSh5leucVqZunkohryKjXGP2HU49rKyG4sSngfKn7U3ByAtKcO8nimiTP81z1QcgS2WUUKeZI5VJBPQ5toQ20MunmnQc+AjUHR7cCT28cN30m+ZL49Jt0RzL1N4yKvfdecf7UAMl9WG3IWewXXS8itIsi3DkAYv6t2MOlXE9XEWXdwxfePqJvzpR\/iHVQx\/6oobZRIQjxTbqoCvtXEg2uj6gJpcxIkn9+KrUGRl5tdROeMX0NbfZvt+g+tOcHvsvl+k5qrsiSB57D9TdRPsfMHD4AQRHjKQWksr1jHIvNkgNXnSPAu9+rrqEJ8piMP7LlZAKGZwhC"}
00526{"flow_id":16,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":341990,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB\/AABAAEAGdGzAqAF1I7rgNdJwAbu\/4YPj2uaJRIAYEACuSgAAAQEICiWc2ySFp5bjD8rJVgENkhz7SGo+3tsT+62YMYedQzLcJKiig4pAH+hO24ZoiQ1LNK0ZidRBnPFEPrr+zH4y+BGqQ1wCDA9XJFEjegtqGmZzuBXv"}
00422{"flow_id":16,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":354376,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA07H8AAHcGkTcjuuA1wKgBdQG70nDa5olEv+GD44AQA\/fBegAAAQEICoWn6LklnNsk"}
@@ -113,54 +113,54 @@
00670{"flow_id":15,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":403586,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"EBMx8Tl2KDc3AG3ICABFAADrAABAAEAGzf7AqAF1aMdBKtJrAFCnuOsgVolceIAYEABiqgAAAQEICiWc216z1h7TDAUgKNBIETxUNcO6tAhUG0tEBvhguZ\/gS5HAVC5bbKTKTHCX3JVor4rN14O0LZh10Z+zk7f4TWqlCuSmuA7RDKBRDmsROEWg4Yxz4VW5inO17XbKkjS1wFJOL7YPze7st8oK8KA8i0J8VZgNqEmV75ZTR1EEnlmdOv1Wnbi8ZfiynTO8dMeAr6fWMVpy0UvHACezcN2obt7rM\/c8n0cBiXHeOHdHYxI8H+0Yp7F+Z7pofaIYdg+M"}
00437{"flow_id":14,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":413997,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8wY9AAC4R\/\/ai\/yYOwKgBdQ2XXV8AKOE+AAIADMFdrmNYXRQ5LlgsJgQDvzABAwAIAAH\/dVC03O8="}
00437{"flow_id":14,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":423520,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8wZVAAC4R\/\/Ci\/yYOwKgBdQ2XXV8AKOE+AAIADMFdrmNYXRQ5LlgsJgQDvzABAwAIAAH\/dVC03O8="}
-00441{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569520469423,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569520469423,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
00430{"flow_id":17,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":423595,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="}
-00478{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569520469423,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"proto":"ICMP.Zoom","breed":"Acceptable","category":"Network"}}
+00486{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_first_seen":1569520469423,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"proto":"ICMP.Zoom","breed":"Acceptable","category":"Network"}}
00436{"flow_id":14,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":433682,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8wZlAAC4R\/+yi\/yYOwKgBdQ2XXV8AKOE+AAIADMFdrmNYXRQ5LlgsJgQDvzABAwAIAAH\/dVC03O8="}
00430{"flow_id":17,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":433729,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="}
00499{"flow_id":15,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":435372,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"pkt":"KDc3AG3IEBMx8Tl2CABFAABrxSZAADUGFFhox0EqwKgBdQBQ0mtWiVx4p7jr14AYACoQ6AAAAQEICrPWHxMlnNteHG23tdrG8DG+h7r8Zxtz7MQCNVJFwwvVnv58rFQctE3+7OM+9UUQVY5R6JQAaaN6AcizUZjVWQ=="}
00422{"flow_id":15,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":435439,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGzrXAqAF1aMdBKtJrAFCnuOvXVolcr4AQD\/4NKAAAAQEICiWc232z1h8T"}
00383{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":782962,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00146{"basic_event_id":5,"basic_event_name":"Unknown packet type","thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","type":34969}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00484{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00778{"flow_id":18,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":797670,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
-00534{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569520469950,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00546{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"fingerprint":"1,3"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_first_seen":1569520469950,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":19,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":950703,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBQ3AqAF1NMo+xNZRAbvXiDKIAAAAALAC\/\/8cGAAAAgQFtAEDAwUBAQgKJZzdfwAAAAAEAgAA"}
-00469{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569520469984,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569520469984,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00429{"flow_id":20,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520469,"pkt_ts_usec":984408,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6vIgAAP8Re2PAqAF1wKgBAfYMADUAJtTToX0BAAABAAAAAAAABHd3dzMEem9vbQJ1cwAAAQAB"}
-00631{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569520469984,"flow_last_seen":0,"flow_tot_l4_data_len":38,"flow_min_l4_data_len":38,"flow_max_l4_data_len":38,"flow_avg_l4_data_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00643{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_first_seen":1569520469984,"flow_last_seen":0,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00452{"flow_id":20,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":21639,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"pkt":"KDc3AG3IEBMx8Tl2CABFAABKWCQAADcRp7jAqAEBwKgBdQA19gwANiAtoX2BgAABAAEAAAAABHd3dzMEem9vbQJ1cwAAAQABwAwAAQABAAAAPAAENMo+7A=="}
-00657{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}}
-00472{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569520470022,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00669{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":94,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"www3.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"52.202.62.236"}}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_first_seen":1569520470022,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":21,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":22260,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGBOXAqAF1NMo+7NZSAbv67hZtAAAAALAC\/\/8UXQAAAgQFtAEDAwUBAQgKJZzdxgAAAAAEAgAA"}
00420{"flow_id":19,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":60882,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO8GVhg0yj7EwKgBdQG71lFyHvWD14gyiYASaQOGlAAAAgQFrAEBBAIBAwMM"}
00404{"flow_id":19,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":61040,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDKJch71hFAQIAAQZwAA"}
01099{"flow_id":19,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":86807,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAyDAqAF1NMo+xNZRAbvXiDKJch71hFAYIACSLwAAFgMBAgABAAH8AwM713rsHGfD7mJ354PwCuGZwTjUqrrL0CuQ4TzCSd+cxAAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAADAAKAAAHem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABATN0AAAAEAALAAkIaHR0cC8xLjEAFQC7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00714{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00725{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_first_seen":1569520469950,"flow_last_seen":1569520470086,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00421{"flow_id":21,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":134646,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAAO4GVvA0yj7swKgBdQG71lK89vcv+u4WboASaQMynAAAAgQFrAEBBAIBAwMM"}
00406{"flow_id":21,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":134790,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hZuvPb3MFAQIAC8bgAA"}
01101{"flow_id":21,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":165906,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"pkt":"EBMx8Tl2KDc3AG3ICABFAAItAABAAEAGAvjAqAF1NMo+7NZSAbv67hZuvPb3MFAYIADjOQAAFgMBAgABAAH8AwObHTBBjptn8M2MO45Zv5ljKTP+98xeE3APrXXUMhcUnQAAoMAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwDLALsAqwCbAD8AFAJ0APQA1AITAL8ArwCfAI8ATwAkApACiAKAAngBnAEAAPwA+ADMAMgAxADAAmgCZAJgAlwBFAEQAQwBCwDHALcApwCXADsAEAJwAPAAvAJYAQQAHwBLACAAWABMAEAANwA3AAwAKAP8BAAEzAAAAEQAPAAAMd3d3My56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBM3QAAAAQAAsACQhodHRwLzEuMQAVALYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00720{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_tot_l4_data_len":633,"flow_min_l4_data_len":20,"flow_max_l4_data_len":537,"flow_avg_l4_data_len":158,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
+00731{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_first_seen":1569520470022,"flow_last_seen":1569520470165,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"http\/1.1"}}
00414{"flow_id":19,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":197342,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoYcxAAO8G9Fc0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcuWwAAAAAAAAAA"}
02366{"flow_id":19,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199286,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYc1AAO8G7qo0yj7EwKgBdQG71lFyHvWE14g0jlAQAAcwHQAAFgMDAG8CAABrAwN\/6j22HXGSubrmqSO5eEZGtmRF\/gAED4p\/s85NhzNhjyD2n0A4x+hU1uYzPL\/x4lPrEELI8CgWvB2cjFsB6Gbu0MAvAAAjAAAAAP8BAAEAAAsABAMAAQIADwABATN0AAkIaHR0cC8xLjEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RA"}
-00771{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_tot_l4_data_len":2125,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00782{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":103,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":6,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02362{"flow_id":19,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199519,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYc5AAO8G7qk0yj7EwKgBdQG71lFyHvsw14g0jlAQAAcmXwAAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAEAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8M"}
00406{"flow_id":19,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199565,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDSOch8A3FAQH9IDOAAA"}
02372{"flow_id":19,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199642,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUYc9AAO8G7qg0yj7EwKgBdQG71lFyHwDc14g0jlAQAAeUpQAAYaq\/5Cob7oSeuIN9wUPORKcTcA2RH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXnoQPvVdws1rpH6CGU7vvfP9pC+BIw7eTC8gKVMSsXRRnN2zKpS8xCDeqbm+MvJviV10kga+Xl5yErWysN0xm82GRESDkvjCfeqQpCbDhNF9kdxhAUd+MMKavAAQEMIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24g"}
02106{"flow_id":19,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199762,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAUMYdBAAO8G7280yj7EwKgBdQG71lFyHwaI14g0jlAYAAfvGgAAQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d\/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9\/AlQiVBDYsoHUwHU9S3\/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i\/ojgC95\/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta\/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4\/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h\/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1\/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0\/ZM\/iZx4mERdEr\/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX\/bvZ8WAwMBTQwAAUkDABdBBIC\/jS3y0GVc9uyFnKJnh98xMRry3Y2jZt9K5DfzCJdocip5Hae58h0cXO394L09DPtE4Ad1j\/f0AWP2PDuhGowGAQEAnfUbw86Vci5ZUFmNcPwJUQEknSDSTjiOvGgcY0r9+uwG1Sqt0joQ6pLU83RyIkfJxr5ufDnpfN6YVUsvvWSB+uQ0BxDOWUIsdJypsVrUbDfJjXrM\/MqspC5YtcHHGKEj4YRaTb9t4ljTQQB2XftQrg4HjcU4Tq0xDoj09dIFIGtrzhmWL\/3qqGwYfndiZfAQ\/BtLSYZUuRXp\/46v3qODtca+9kzoMykZC0e14nBHj6s6DZ4lOWieyiztPCcNQzzzMljzEguTHM5LQ5ScFQS1HLTtrBwQpu9POqUIy\/QNhACPmG30WSB4MEgieOHhBfgOJgKBKbR19eKH359ZAF0NmhYDAwAEDgAAAA=="}
-01095{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_tot_l4_data_len":6361,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":636,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01106{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":107,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":10,"flow_first_seen":1569520469950,"flow_last_seen":1569520470199,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00407{"flow_id":19,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":199797,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDSOch8LbFAQH374+wAA"}
00408{"flow_id":19,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":211190,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBSXAqAF1NMo+xNZRAbvXiDSOch8LbFAQH\/X4hAAA"}
00671{"flow_id":19,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":214276,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"EBMx8Tl2KDc3AG3ICABFAADnAABAAEAGBGbAqAF1NMo+xNZRAbvXiDSOch8LbFAYIAD6EgAAFgMDAEYQAABCQQTpOMM5QkmEulPNC3K8ihRwyrHJnCxGvg8O6cGBMp39q8DZiwpAsdhYVkoldB7bInht9zwfTEwgmxaZn8tEVX2wFAMDAAEBFgMDADxcJLSf\/u3t29d2a2bLMf7jxifHjIqnP9WRuyvcx\/ynMn5Cym98\/PyLb1\/SyN7U9gqFVGSZ34SJxyUQnXgWAwMAKFwktJ\/+7e3ceyqKWFLYrHs3WY6UIKd8BEMHaZVggMy2Z545fEF9ZbQ="}
00414{"flow_id":21,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":278606,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAo8dBAAO4GZSs0yj7swKgBdQG71lK89vcw+u4Yc1AQAAfaYgAAAAAAAAAA"}
02363{"flow_id":21,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280367,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8dFAAO4GX340yj7swKgBdQG71lK89vcw+u4Yc1AQAAd4bwAAFgMDAG8CAABrAwOtpOzBIUeFaPHXV4SvNADGfgZereGFcqDl3g5OvtAqryBQnMy+gOZ1DvMaUjT2bZUgHz9z3djPe\/9si5V+fPe26sAvAAAjAAAAAP8BAAEAAAsABAMAAQIADwABATN0AAkIaHR0cC8xLjEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RA"}
-00776{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_tot_l4_data_len":2125,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":354,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
+00787{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":6,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}}
02362{"flow_id":21,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280593,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8dJAAO4GX300yj7swKgBdQG71lK89vzc+u4Yc1AQAAfSZgAAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAEAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8M"}
02372{"flow_id":21,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280627,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8dNAAO4GX3w0yj7swKgBdQG71lK89wKI+u4Yc1AQAAdArQAAYaq\/5Cob7oSeuIN9wUPORKcTcA2RH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXnoQPvVdws1rpH6CGU7vvfP9pC+BIw7eTC8gKVMSsXRRnN2zKpS8xCDeqbm+MvJviV10kga+Xl5yErWysN0xm82GRESDkvjCfeqQpCbDhNF9kdxhAUd+MMKavAAQEMIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24g"}
00406{"flow_id":21,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280708,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hhzvPcCiFAQH6WvbAAA"}
02106{"flow_id":21,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280793,"pkt_caplen":1306,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1306,"pkt_l4_len":1272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAUM8dRAAO4GYEM0yj7swKgBdQG71lK89wg0+u4Yc1AYAAc76QAAQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d\/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9\/AlQiVBDYsoHUwHU9S3\/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i\/ojgC95\/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta\/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4\/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNhyz2h\/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h\/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1\/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0\/ZM\/iZx4mERdEr\/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX\/bvZ8WAwMBTQwAAUkDABdBBKXwlfpAA1n4m0SYihESb3syohMMCojQDgBn9VTiwaWwKYTUsrdB9O9t0IMEbqsuUqi4VGHHmKJigZ7jk88DiCEGAQEAkJ+aV93Y7Gk13nC4oH346RHegAL0mzuSJCR1rHRxrn0N1O+KNGY1YggQIapzm+dcTCPTpmZoa965jJiY1cJuTnsbnleRD3NawLQZrPxUv2LUSz\/1HbBa51K+ghoSWuljPsSN1pxjrCDyW+Seelw1z+h\/rM0K8TnYwfnXCpCc1JGl2k2wbJh5skL0mO6yfntUh9LuPNysqW03isrZm3QNwpxQyWP4tqwN\/qXwVQnoo9YbT6G054VmPf9cAq3W1GRdtmlvUQMzh+of78E6AnOZTUopBypsS\/RLfknYBmpZM73vOG6\/6IY+rFlLf6hg\/fepwXV4Oqt28Q4pYqe\/63VWUBYDAwAEDgAAAA=="}
-01100{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_tot_l4_data_len":6361,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":636,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01111{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":116,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":10,"flow_first_seen":1569520470022,"flow_last_seen":1569520470280,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6125,"flow_avg_l4_payload_len":612,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www3.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","alpn":"http\/1.1","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00407{"flow_id":21,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":280878,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hhzvPcNGFAQH1ClMQAA"}
00408{"flow_id":21,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":288060,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hhzvPcNGFAQH\/WkjAAA"}
00675{"flow_id":21,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":290982,"pkt_caplen":245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":245,"pkt_l4_len":211,"pkt":"EBMx8Tl2KDc3AG3ICABFAADnAABAAEAGBD7AqAF1NMo+7NZSAbv67hhzvPcNGFAYIADNpgAAFgMDAEYQAABCQQRJrQH3\/ivayF\/jX0S4lhpGUz3uP2e6JKViw8mVmhI3KjqWdn2Q1I5Y\/HaiLQrul\/sfR17FIvar1sDr3ZRhp5nNFAMDAAEBFgMDADwVcnevx9HS27yVAT\/6chvYlVQRV5MPGZ9NFlXJ8sgETDlF0i6xPN3w\/6os+dCCCW\/rURf3QcDlVLW6hCQWAwMAKBVyd6\/H0dLch3S+Mcpor9M9AMlgie1dfmvFVQLx+fo9\/e5lx3nkwTA="}
@@ -169,85 +169,85 @@
00695{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":350181,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjK4AAAAQEICiWc3wRwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
00477{"flow_id":21,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":402733,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"KDc3AG3IEBMx8Tl2CABFAABb8dVAAO4GZPM0yj7swKgBdQG71lK89w0Y+u4ZMlAYAAgUCQAAFAMDAAEBFgMDAChbGEiUwAOCZ9FRgX4kqKFYn7b3x1MjrqCat73Y2+zu5RvVWRWd06EJ"}
00408{"flow_id":21,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":402882,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGBP3AqAF1NMo+7NZSAbv67hkyvPcNS1AQH\/6jkQAA"}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00459{"flow_id":22,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":666966,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAABI4PAAAEARFPDAqAF1wKgB\/+EV4RUANLyaU3BvdFVkcDAJFTOWktM6lAABAARIlcIDDi3QR5gZLZgtSkZtNr91y8rdz4k="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569520470741,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"proto":"Spotify","breed":"Acceptable","category":"Music"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569520470741,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00439{"flow_id":23,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":741922,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAOwQAAP8R\/OHAqAF1wKgBAfRjADUALIWIr1EBAAABAAAAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQAB"}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569520470741,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_first_seen":1569520470741,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00438{"flow_id":24,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":742102,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABALr4AAP8RCSjAqAF1wKgBAeLPADUALAFaRhQBAAABAAAAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQAB"}
-00638{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00650{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_first_seen":1569520470742,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":25,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":742847,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx7AqAF11ROQadZTAbug3l1NAAAAALAC\/\/8zBgAAAgQFtAEDAwUBAQgKJZzghQAAAAAEAgAA"}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569520470755,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_first_seen":1569520470755,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00441{"flow_id":26,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":755397,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGEx\/AqAF11ROQaNZUAbsLvInbAAAAALAC\/\/+bjgAAAgQFtAEDAwUBAQgKJZzgkQAAAAAEAgAA"}
00462{"flow_id":23,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":768577,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQFgoAADcR6czAqAEBwKgBdQA19GMAPOFdr1GBgAABAAEAAAAACnpvb21mcjg1emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVQ=="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":44,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569520470769,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":163,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr85zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.85"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_first_seen":1569520470769,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":27,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":769557,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlHAqAF11fSMVdZVAbvq+zZHAAAAALAC\/\/8TBgAAAgQFtAEDAwUBAQgKJZzgnwAAAAAEAgAA"}
00434{"flow_id":25,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":775023,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyLVE5BpwKgBdQG71lPrn+6AoN5dTqASqbAo0wAAAgQFrAQCCAp4fR7ZJZzghQEDAww="}
00423{"flow_id":25,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":775077,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l1O65\/ugYAQECzxAQAAAQEICiWc4KR4fR7Z"}
01122{"flow_id":25,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":775257,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESXAqAF11ROQadZTAbug3l1O65\/ugYAYECymXAAAAQEICiWc4KR4fR7ZFgMBAgABAAH8AwPRx3t0AQC89u4npqZep9xPHWEGdKDNX7\/XvDvIBxB6XwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDV6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_first_seen":1569520470742,"flow_last_seen":1569520470775,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00462{"flow_id":24,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":776015,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"pkt":"KDc3AG3IEBMx8Tl2CABFAABQ61QAADcRFILAqAEBwKgBdQA14s8APF0wRhSBgAABAAEAAAAACnpvb21mcjg0emMEem9vbQJ1cwAAAQABwAwAAQABAAABLAAE1fSMVA=="}
-00666{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":44,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}}
-00474{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569520470776,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00677{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfr84zc.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"213.244.140.84"}}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_first_seen":1569520470776,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":28,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":776773,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGFlLAqAF11fSMVNZWAbv57BLmAAAAALAC\/\/8ncAAAAgQFtAEDAwUBAQgKJZzgpQAAAAAEAgAA"}
00434{"flow_id":26,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":787298,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGIyPVE5BowKgBdQG71lTDwlhoC7yJ3KASqbBbBgAAAgQFrAQCCAp7WhBHJZzgkQEDAww="}
00422{"flow_id":26,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":787406,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIncw8JYaYAQECwjNgAAAQEICiWc4K97WhBH"}
01120{"flow_id":26,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":787532,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGESbAqAF11ROQaNZUAbsLvIncw8JYaYAYECxC1AAAAQEICiWc4K97WhBHFgMBAgABAAH8AwMlumOwogFlEGJOALeiTken6cU+5C6E0iipQGcv9AdGngAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAYABYAABN6b29tYW0xMDR6Yy56b29tLnVzAAsABAMAAQIACgAcABoAFwAZABwAGwAYABoAFgAOAA0ACwAMAAkACgAjAAAADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMADwABAQAVAKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_first_seen":1569520470755,"flow_last_seen":1569520470787,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":27,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":790501,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1XV9IxVwKgBdQG71lXIKlM86vs2SKASqbDi9AAAAgQFrAQCCAp4gwNrJZzgnwEDAww="}
00422{"flow_id":27,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":790590,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zZIyCpTPYAQECyrLwAAAQEICiWc4LJ4gwNr"}
01121{"flow_id":27,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":790730,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFjAqAF11fSMVdZVAbvq+zZIyCpTPYAYECxm4gAAAQEICiWc4LJ4gwNrFgMBAgABAAH8AwPOsWIRZYhgC2j87iAcGDuF\/Bs6QMfxdEKwNJwvqjcyKAAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NXpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_first_seen":1569520470769,"flow_last_seen":1569520470790,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00434{"flow_id":28,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":801162,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGI1bV9IxUwKgBdQG71lYtiv8U+ewS56ASqbDdrgAAAgQFrAQCCAp8tQexJZzgpQEDAww="}
00423{"flow_id":28,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":801244,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BLnLYr\/FYAQECyl5QAAAQEICiWc4Lx8tQex"}
01122{"flow_id":28,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":801435,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGFFnAqAF11fSMVNZWAbv57BLnLYr\/FYAYECz3EQAAAQEICiWc4Lx8tQexFgMBAgABAAH8AwOnhWFSZkMidqzMf2GAlFCBDInFtmdcn\/lf0Xn0vzHFbgAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAXABUAABJ6b29tZnI4NHpjLnpvb20udXMACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEBABUApQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00764{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00775{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_first_seen":1569520470776,"flow_last_seen":1569520470801,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00423{"flow_id":25,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":808123,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA08HhAADAGMrHVE5BpwKgBdQG71lPrn+6BoN5fU4AQAAv+\/AAAAQEICnh9HvolnOCk"}
02365{"flow_id":25,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":810026,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8HlAADAGLRDVE5BpwKgBdQG71lPrn+6BoN5fU4AQAAs0xQAAAQEICnh9HvolnOCkFgMDAEICAAA+AwPFrhdZGN2N+Uz05EmEUhH0JL2M8HnLrGczLtg5yA\/oiwDALwAAFv8BAAEAAAsABAMAAQIAIwAAAA8AAQEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAE"}
-00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":6,"flow_first_seen":1569520470742,"flow_last_seen":1569520470810,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02363{"flow_id":25,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":810148,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8HpAADAGLQ\/VE5BpwKgBdQG71lPrn\/QhoN5fU4AQAAtFnAAAAQEICnh9HvolnOCkAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2R"}
00423{"flow_id":25,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":810185,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l9T65\/5wYAQD9Pj1AAAAQEICiWc4MR4fR76"}
02076{"flow_id":25,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":810272,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT08HtAADAGLe7VE5BpwKgBdQG71lPrn\/nBoN5fU4AYAAvVLgAAAQEICnh9HvolnOCkH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXng=="}
00424{"flow_id":25,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":810307,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l9T65\/+gYAQD9rfDQAAAQEICiWc4MR4fR76"}
00422{"flow_id":27,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":812241,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UEJAADMG0xrV9IxVwKgBdQG71lXIKlM96vs4TYAQAAu5NgAAAQEICniDA4AlnOCy"}
02364{"flow_id":27,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":814322,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUENAADMGzXnV9IxVwKgBdQG71lXIKlM96vs4TYAQAAtA3wAAAQEICniDA4ElnOCyFgMDAEICAAA+AwMxHKNzc3bPFvsItIS+Ntr5brD5xQxlb1THM6M3hWHKHQDALwAAFv8BAAEAAAsABAMAAQIAIwAAAA8AAQEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAE"}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":6,"flow_first_seen":1569520470769,"flow_last_seen":1569520470814,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02362{"flow_id":27,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":814403,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUERAADMGzXjV9IxVwKgBdQG71lXIKljd6vs4TYAQAAv\/1AAAAQEICniDA4ElnOCyAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2R"}
00422{"flow_id":27,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":814443,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zhNyCpefYAQD9KeGAAAAQEICiWc4Mh4gwOB"}
02075{"flow_id":27,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":814521,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT0UEVAADMGzlfV9IxVwKgBdQG71lXIKl596vs4TYAYAAuPZwAAAQEICniDA4ElnOCyH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXng=="}
00423{"flow_id":27,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":814549,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zhNyCpjPYAQD9qZUAAAAQEICiWc4Mh4gwOB"}
00422{"flow_id":26,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":820356,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0SA5AADAG2xzVE5BowKgBdQG71lTDwlhpC7yL4YAQAAsxMQAAAQEICntaEGglnOCv"}
02364{"flow_id":25,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":820993,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU8HxAADAGLQ3VE5BpwKgBdQG71lPrn\/6BoN5fU4AQAAvhRAAAAQEICnh9HwYlnOCkhA+9V3CzWukfoIZTu+98\/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pub4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8ABAQwggQAMIIC6KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3\/5O9nHPRlaLNXcaBed7vtm0npcIA9VhhjCG\/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUnb6o3WPeHJtfYLfapF7cfcjZOphc\/ZZiS2ypuXaL+iOAL3n\/ljRXh68s61eISohMt2I6vXxI9oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq\/HgDqU1\/gMP6q1r8oUCkyhkW\/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj\/tWmQj4R06pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSBhTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw\/zSRY3I47swcAaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W\/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2LQW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFAshBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nxYDAwFNDAABSQMAF0EESPImvugtU0KpjcVessiy8JU57+qIpqsxeseOKfYCfz1iq6Ds0IVroKmU+Ir4kDqnKBeYIEmw8nb6R9MdV7io4AYBAQA7Fk6AQYJwZK7Bp0YwlZcAZPMe1+5OcyVjmX9UjjIMCHHGje4IsKuQ1pj683KeDbUlm8mn0TkRLdO2TAjkf+ZFEDiCZo0VlkyacxKXAk2SF3GWUKszao3d5pWFW8wlMPTdGbc8v2ZTIze7sxrxqwvq5T2ls1DmobEEScfF63Wn1DGI2Y0TpWh4g79B3o\/MsuS36UZPvUqPN9B2RBNWvd7iB5LjxoytkbadMfwHSR0i3d5cnYHRSEzxJoOIpN2ddwytDmIOldORXQdZApv5nY8INQpRy8Cz0FWhOkhoArpSyJIe3B0CxiWNOglkdan\/"}
-01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_tot_l4_data_len":6425,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":192,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":11,"flow_first_seen":1569520470742,"flow_last_seen":1569520470820,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam105zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00459{"flow_id":25,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":820995,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"KDc3AG3IEBMx8Tl2CABFAABP8H1AADAGMpHVE5BpwKgBdQG71lProAQhoN5fU4AYAAvQwgAAAQEICnh9HwYlnOCkCOcV4LXryBg7ECQkKFJbyns9FgMDAAQOAAAA"}
00423{"flow_id":25,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":821127,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyrAqAF11ROQadZTAbug3l9T66AEPIAQD9LZRAAAAQEICiWc4M54fR8G"}
02364{"flow_id":26,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822146,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUSA9AADAG1XvVE5BowKgBdQG71lTDwlhpC7yL4YAQAAvVVgAAAQEICntaEGglnOCvFgMDAEICAAA+AwN7HSdJy46W45AX9Lv3vARootkq2UiosP7i5aj7t6vxIADALwAAFv8BAAEAAAsABAMAAQIAIwAAAA8AAQEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAE"}
-00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":195,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":6,"flow_first_seen":1569520470755,"flow_last_seen":1569520470822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02361{"flow_id":26,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822268,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUSBBAADAG1XrVE5BowKgBdQG71lTDwl4JC7yL4YAQAAt30AAAAQEICntaEGglnOCvAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2R"}
00422{"flow_id":26,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822308,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIvhw8JjqYAQD9IWCgAAAQEICiWc4M97WhBo"}
02075{"flow_id":26,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822395,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT0SBFAADAG1lnVE5BowKgBdQG71lTDwmOpC7yL4YAYAAsHYwAAAQEICntaEGglnOCvH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXng=="}
00423{"flow_id":26,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822425,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIvhw8JoaYAQD6wRcAAAAQEICiWc4M97WhBo"}
02367{"flow_id":27,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822639,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUUEZAADMGzXbV9IxVwKgBdQG71lXIKmM96vs4TYAQAAvWbAAAAQEICniDA4olnOCyhA+9V3CzWukfoIZTu+98\/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pub4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8ABAQwggQAMIIC6KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3\/5O9nHPRlaLNXcaBed7vtm0npcIA9VhhjCG\/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUnb6o3WPeHJtfYLfapF7cfcjZOphc\/ZZiS2ypuXaL+iOAL3n\/ljRXh68s61eISohMt2I6vXxI9oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq\/HgDqU1\/gMP6q1r8oUCkyhkW\/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj\/tWmQj4R06pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSBhTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw\/zSRY3I47swcAaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W\/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2LQW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFAshBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nxYDAwFNDAABSQMAF0EEssQWqaKUCLZtBO06gLRpO81eoXzv046cvGa\/AEOknXhgdhB6KQ43TFEHxzvaNMUJxHfj1819WT4ZuulUCc917gYBAQCU5IOxfp9zgODP7nVlPQ89ZtndcWd7O\/q+m4sw7LjYdI5U9FW5Uy\/bi8JfjLoFzl3cauw3JSn+KUOFKpRLlsFAN4egm3WfxDHfAa2IhQ2EpjaSD\/izQIo6pZFYzprveYSkRGVKh2Yr3\/z3fe5gkhvI4pNN9VplmJFzJqLxySsBlqr47N9YTNTO60cv9bVxAlbR2sPiQs8SwjP1gwcjMUblGdqI374OrYnqicsiTeqpVOds6hUrFV3tb8PnVms1Al5uMMyCzKvPp3GV+QAIMFRUjXSRr+mOAVb2tm3W4wni1cEioxDo+62VbbdPP4\/b"}
-01144{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_tot_l4_data_len":6425,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01155{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":200,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":11,"flow_first_seen":1569520470769,"flow_last_seen":1569520470822,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr85zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00459{"flow_id":27,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822641,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"KDc3AG3IEBMx8Tl2CABFAABPUEdAADMG0vrV9IxVwKgBdQG71lXIKmjd6vs4TYAYAAvT3AAAAQEICniDA4olnOCy2n6APecxq67HquzeAJkvreAOFgMDAAQOAAAA"}
00423{"flow_id":27,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":822672,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl3AqAF11fSMVdZVAbvq+zhNyCpo+IAQD9KTjQAAAQEICiWc4M94gwOK"}
00422{"flow_id":28,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":826162,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0+NxAADMGKoHV9IxUwKgBdQG71lYtiv8V+ewU7IAQAAuz6AAAAQEICny1B8olnOC8"}
02364{"flow_id":28,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":828021,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU+N1AADMGJODV9IxUwKgBdQG71lYtiv8V+ewU7IAQAAtoZQAAAQEICny1B8slnOC8FgMDAEICAAA+AwOFhC5e91d4jQYKpWVSzHr7Zi6LCxz8qqdKI+lt8VevAgDALwAAFv8BAAEAAAsABAMAAQIAIwAAAA8AAQEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAE"}
-00820{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00831{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":204,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":6,"flow_first_seen":1569520470776,"flow_last_seen":1569520470828,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02362{"flow_id":28,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":828392,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU+N5AADMGJN\/V9IxUwKgBdQG71lYtiwS1+ewU7IAQAAv6hgAAAQEICny1B8slnOC8AwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2R"}
00422{"flow_id":28,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":828440,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BTsLYsKVYAQD9KYyAAAAQEICiWc4NR8tQfL"}
02075{"flow_id":28,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":828514,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT0+N9AADMGJb7V9IxUwKgBdQG71lYtiwpV+ewU7IAYAAuKGQAAAQEICny1B8slnOC8H\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXng=="}
00423{"flow_id":28,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":828543,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BTsLYsPFYAQD6yULgAAAQEICiWc4NR8tQfL"}
02370{"flow_id":26,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":829736,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUSBJAADAG1XjVE5BowKgBdQG71lTDwmhpC7yL4YAQAAvzwAAAAQEICntaEHElnOCvhA+9V3CzWukfoIZTu+98\/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pub4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8ABAQwggQAMIIC6KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3\/5O9nHPRlaLNXcaBed7vtm0npcIA9VhhjCG\/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUnb6o3WPeHJtfYLfapF7cfcjZOphc\/ZZiS2ypuXaL+iOAL3n\/ljRXh68s61eISohMt2I6vXxI9oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq\/HgDqU1\/gMP6q1r8oUCkyhkW\/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj\/tWmQj4R06pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSBhTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw\/zSRY3I47swcAaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W\/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2LQW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFAshBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nxYDAwFNDAABSQMAF0EEFwDZ60aLH3B7P\/vInKFk4rD4q\/xASONd0wHGKC4uRb6OV\/JCnEQLxWwqMt55\/1ueaL7THNDGJXe5cMxVc4QT6wYBAQBC2Zi65Aqy4Yc1njLHn7u3+MmCKv8izsBhwoJ56bwbBov8nHVg4FXI50Cw5dNJYqThCJRlYjmFt\/0P2YOcbcHabu7M1jWi33XVtX62UGa1Vbnx2I2ldU9KtsdBHdrYj8VrQv\/5h8nHfEOBEA9tnQK8gQUZG1x1WHKFmGxElDmBazBcjfu5FslvVarLGZmXX\/EBTDnUKS0C2e8B5hDr3ISubwABTQCTKcjxvhh\/5g5YBJNCb2gxtN0A7JXdlRpvn+skLcJjT7NZIpzeUXPbPCj8tg\/99TIRUYccAHKO40P08YkE3wrM2bPkW+zlbVjP"}
-01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_tot_l4_data_len":6425,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":209,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":11,"flow_first_seen":1569520470755,"flow_last_seen":1569520470829,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomam104zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00459{"flow_id":26,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":829740,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"KDc3AG3IEBMx8Tl2CABFAABPSBNAADAG2vzVE5BowKgBdQG71lTDwm4JC7yL4YAYAAs9VwAAAQEICntaEHElnOCvncahV8EAPshmfgMSZSfWkdzLFgMDAAQOAAAA"}
00423{"flow_id":26,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":829790,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGEyvAqAF11ROQaNZUAbsLvIvhw8JuJIAQD34L1AAAAQEICiWc4NV7WhBx"}
02366{"flow_id":28,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":837019,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXU+OBAADMGJN3V9IxUwKgBdQG71lYtiw8V+ewU7IAQAAusLAAAAQEICny1B9QlnOC8hA+9V3CzWukfoIZTu+98\/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pub4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8ABAQwggQAMIIC6KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3\/5O9nHPRlaLNXcaBed7vtm0npcIA9VhhjCG\/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUnb6o3WPeHJtfYLfapF7cfcjZOphc\/ZZiS2ypuXaL+iOAL3n\/ljRXh68s61eISohMt2I6vXxI9oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq\/HgDqU1\/gMP6q1r8oUCkyhkW\/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj\/tWmQj4R06pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSBhTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw\/zSRY3I47swcAaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W\/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2LQW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFAshBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nxYDAwFNDAABSQMAF0EEnoSSM6LmvW8407DLYnbiDHkuWufOYOMhziFcf4f1ylaNGiPw8b9ii3BIiJbKZn16pxgVzccohnSH90KpQvx7iAYBAQCfJPY4+226F8fJa4wBpNk83fhF6fGvE9pHkp+Y\/fs9DnRvaaBFOPY1S1AuWFMkkO5Qm8qV8Vblgc8c+jZdvHsBYlhBr\/6DqL38QEFIoiujeX6MdJ72WovKPVimRwS1hbR72c6DoPjjzIHin3wDC\/vovv1DRYxw6dHIBZQNxWls3buXNyBktwESd9OE99D3jn+MymjIiU10vHOm19FaRazPPCLAR8INA7mh5pEMVoaQth6KuXsxmyJirL9wNigqfCkgjYJQP1GIKHJEww\/0qWT8sF1cKuCVpxoSkUfmVz3lZkAVj\/T88TV3iW5NC2iM"}
-01144{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_tot_l4_data_len":6425,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01155{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":212,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":11,"flow_first_seen":1569520470776,"flow_last_seen":1569520470837,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfr84zc.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00461{"flow_id":28,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":837022,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"KDc3AG3IEBMx8Tl2CABFAABP+OFAADMGKmHV9IxUwKgBdQG71lYtixS1+ewU7IAYAAuc\/QAAAQEICny1B9QlnOC8CtdULUh+e0X55Wul2j7\/doIDFgMDAAQOAAAA"}
00423{"flow_id":28,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":837137,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BTsLYsU0IAQD36OkAAAAQEICiWc4Nx8tQfU"}
00597{"flow_id":25,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520470,"pkt_ts_usec":904290,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGEqzAqAF11ROQadZTAbug3l9T66AEPIAYEADXOQAAAQEICiWc4R14fR8GFgMDAEYQAABCQQQjFTtfeXfZ+xlKLBfs9\/\/kFVjml5SlVDGXd34XCK2yeoWhqRwshK5Y5yfL1y+ka87m\/rD3I5aKBQr3P4H2FlBzFAMDAAEBFgMDACi6ncZnXwNZcYigwDSNW14JtYIvvzJ37vA0nhow4iznzC1E4rHsKIVM"}
@@ -258,26 +258,26 @@
00423{"flow_id":28,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":25020,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFl7AqAF11fSMVNZWAbv57BTsLYsU0IAQD\/WNZAAAAQEICiWc4ZF8tQfU"}
00752{"flow_id":27,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":47055,"pkt_caplen":308,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":308,"pkt_l4_len":274,"pkt":"KDc3AG3IEBMx8Tl2CABFAAEmUEhAADMG0iLV9IxVwKgBdQG71lXIKmj46vs4y4AYAAuoEQAAAQEICniDBGslnOGRFgMDALoEAAC2AAABLACwIQWRyQj7cbwjkmUGLjQJrOY3GiisfRojjJK+mUbGLElkoMIbxJcXDVf2BC2tJkJf8L7+y2uMWVdoJxXE4bVnX56RLftNs7D2e3USIQt1Iu55piOgmOX6rUMQ\/Jn0MoPD1nw3Z17k390STDlScrHWzg6l+6NAPdhLI693QAVAnUaL17qCU7YjY8Ry4WtMuzQ3IxH2tFP7EAdQuYalfbKc8rP3NDI3mv+9z0ZYiCBAjycUAwMAAQEWAwMAKDPqSSLa4ONWdQa17BbVeYje8qpHk1\/G\/pQuf3ZBgtfrfIG9CC0q5ZU="}
00594{"flow_id":28,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":84569,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGFeDAqAF11fSMVNZWAbv57BTsLYsU0IAYEABOhAAAAQEICiWc4ct8tQfUFgMDAEYQAABCQQSzzEWHScT0+dStfBhaz6gsEBo4pbGRd+yl5EU1zWGDTKevZgJkyfuF6XRpt2LgG7QGvGv0qRuMCQlwC8Hxst3MFAMDAAEBFgMDAChfiaRfvLq8Qvu5te\/Q4JeCgrlTIoFRRpUNP5p25B5qXve70ZGG4fNI"}
-00470{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569520471147,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00482{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569520471147,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00442{"flow_id":29,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":147573,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCtGEAAP8Rg4LAqAF1wKgBAcfxADUALsLBHCQBAAABAAAAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAE="}
-00640{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569520471147,"flow_last_seen":0,"flow_tot_l4_data_len":46,"flow_min_l4_data_len":46,"flow_max_l4_data_len":46,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
+00652{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_first_seen":1569520471147,"flow_last_seen":0,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00463{"flow_id":29,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":188152,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"pkt":"KDc3AG3IEBMx8Tl2CABFAABSclkAADcRjXvAqAEBwKgBdQA1x\/EAPsuKHCSBgAABAAEAAAAADHpvb21mcm45OW1tcgR6b29tAnVzAAABAAHADAABAAEAAKjAAARtXqBj"}
-00667{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":46,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}}
-00473{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569520471189,"flow_last_seen":0,"flow_tot_l4_data_len":44,"flow_min_l4_data_len":44,"flow_max_l4_data_len":44,"flow_avg_l4_data_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00678{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","ndpi": {"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"},"dns": {"query":"zoomfrn99mmr.zoom.us","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"109.94.160.99"}}
+00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_first_seen":1569520471189,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00440{"flow_id":30,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":189039,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGatnAqAF1bV6gY9ZXAbsw+fmWAAAAALAC\/\/9csgAAAgQFtAEDAwUBAQgKJZziLAAAAAAEAgAA"}
00434{"flow_id":30,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":220660,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGd91tXqBjwKgBdQG71leHhddzMPn5l6ASqbBjhwAAAgQFrAQCCAp2KotLJZziLAEDAww="}
00422{"flow_id":30,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":220821,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fmXh4XXdIAQECwrtgAAAQEICiWc4kt2KotL"}
01121{"flow_id":30,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":221044,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGaODAqAF1bV6gY9ZXAbsw+fmXh4XXdIAYECwk4gAAAQEICiWc4kt2KotLFgMBAgABAAH8AwOzVpYU92e7nLk\/fVgH9DH3k0vHgfUwYGgBmhkxDvYbiwAAusAwwCzAKMAkwBTACgClAKMAoQCfAGsAagBpAGgAOQA4ADcANgCIAIcAhgCFwBkApwBtADoAicAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAYAKYAbAA0AJsARsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcAXABvADcADAAoA\/wEAARkAAAAZABcAABR6b29tZnJuOTltbXIuem9vbS51cwALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQEAFQCjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
-00765{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_tot_l4_data_len":665,"flow_min_l4_data_len":32,"flow_max_l4_data_len":549,"flow_avg_l4_data_len":166,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
+00776{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_first_seen":1569520471189,"flow_last_seen":1569520471221,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00422{"flow_id":30,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":253409,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0XB9AADMGG8ZtXqBjwKgBdQG71leHhdd0MPn7nIAQAAs5sQAAAQEICnYqi2wlnOJL"}
02364{"flow_id":30,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":255395,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXCBAADMGFiVtXqBjwKgBdQG71leHhdd0MPn7nIAQAAuBEAAAAQEICnYqi2wlnOJLFgMDAEICAAA+AwMFa6ivl1HZr2MajwKuXXOxKEOmYN9JsHYRK2dz0KRtRgDALwAAFv8BAAEAAAsABAMAAQIAIwAAAA8AAQEWAwMUFAsAFBAAFA0ABqgwggakMIIFjKADAgECAgkAuAr5aaJJsgcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTkwMzI1MTkzODQyWhcNMjEwMzI1MTkzODQyWjA3MSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouem9vbS51czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaxfGmkVOyU0AkAAY7kCiG99jBGIh+VdDOgabIxgZ7wT8ILDqU2MftFgTalkBtnlix1nB\/A23lZT3vWYLmdiArSXVZkjjpjHARBVVYAUir7OAher\/0qd4RZHsRK0bdRd40NdKuLb6he5TPeCPCo8mDuK41gZM9CkQPeJav\/RaowvfOtYiwp3Pt5JvpmmLCPkYu++RhH8LKfsuAhqv9m2xv6wau3C0G\/6Ce0z3s3aPbA6HK2Vctbrn12ZNiektUI25iSiJW21\/fYcY723x0hBp7tRPZNdMSHZ3e4QkzjXfUGyEK\/6tGaySEj+yvSYd5DUN0izEz+KBtCx95g0jp0b9MCAwEAAaOCAzMwggMvMAwGA1UdEwEB\/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB\/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMTAxMS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHREEFjAUggkqLnpvb20udXOCB3pvb20udXMwHQYDVR0OBBYEFK\/\/A+eqHnVNBj7T3SSRE7i2ztfYMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAWm2XMJ0AAAEAwBHMEUCIGBxi3tQD8E7\/i5SW3PuSOWOtMDrbmlOuAQU+VSegUXXAiEAt51T+DldjWi8Ekq43+cZhUTmCceC5bgqC3HWUayeaD4AdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWm2XMTxAAAEAwBHMEUCICiEIvES2m58Hqrdk1z6D\/VDBAWPZ6\/7XLmd4JXWkmvGAiEArZspf5lv\/3TS1cYqMEKKiFMPCaUjl39XIpCCbPMANBQAdgBElGUusO7Or8RAB9io\/ijA2uaCvtjLMbU\/0zOWtbaBqAAAAWm2XMe5AAAE"}
-00821{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_tot_l4_data_len":2169,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":361,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
+00832{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":286,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":6,"flow_first_seen":1569520471189,"flow_last_seen":1569520471255,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}}
02361{"flow_id":30,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":255530,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXCFAADMGFiRtXqBjwKgBdQG71leHhd0UMPn7nIAQAAuAUAAAAQEICnYqi2wlnOJLAwBHMEUCICZBrYK+GGtVSdHk3b8VHsrDm6ajQ58z1O7BdEqHCXy2AiEAn6AYWb8PmQ7IhYNbHgI4gCM37GT4YnU97JyydhHs6SgwDQYJKoZIhvcNAQELBQADggEBALm3XxvmAxG3IkUdHT+Kg3Gdme1zrqEBmMm7KerxSo04mAO+wqNE7BtmMlulaHZ9Z4syCloedM1x96JrQ3t0boruQAhnOlvnmvFBfuohu9oncLnbTmv+52y6PnzVcU36zE+9\/mBRQN8g25Xi29P9pwEzguCY+ecBRzTK6h0Sl4TFrkhzrUqGeILBakJ5CWRPYRg+OU6qgFVG7kNWeqzV1lmJl0epG3dO3baTSwN2+1BadUhLIZWqpLM\/GrxissNVMDfzR5peJgNvGg7VI37Xda5xV4mPfc+vCRUICOcuM\/U9dzPYTXUnypGEFSXOhiu1g4jB4DBHpmqaaQxhC2IlsOwABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08E72w+nIgGyVCPpnP3VzEbvrzkL9v4utNb4LTn5nliDgyi12pjczG19ahIpDsILaJdkNe0fCVPEVYwxLZEnXssneVe5u8MYaq\/5Cob7oSeuIN9wUPORKcTcA2R"}
02075{"flow_id":30,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":255548,"pkt_caplen":1282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1282,"pkt_l4_len":1248,"pkt":"KDc3AG3IEBMx8Tl2CABFAAT0XCJAADMGFwNtXqBjwKgBdQG71leHheK0MPn7nIAYAAsP4wAAAQEICnYqi2wlnOJLH\/TIE62DYNnYcqhzJB61rCIOyheJYlhEG6uJJQEAD83EG2LbUbTTD1Eqm\/S8c\/x2zjakzdnYLOqum\/UqspDRTXUYij+KQZAjfVtL\/qQDWJtGssNgYIP4fVBBzsKhkMO77wIv0hVU7kQV2Qqup4oz7bEtdjYm3ATrn\/dhHxXch2\/uRpYoraEmfQoJpy4Eo428+LwEMAEABIEwggR9MIIDZaADAgECAgMb5xUwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBaMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC\/cWII8fpZNPcbyRij94BJWOkigxOmxSBDATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB\/zzFnWAOVF75fk1tnROqY2CE+S2P6kDg\/qivooVan\/eC8O2GRQFyurDqASUO0Z8Mg3zAGYiyI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYwsqUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo\/brHonIgBfZ\/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEXMIIBEzAPBgNVHRMBAf8EBTADAQH\/MA4GA1UdDwEB\/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ\/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB\/uihcYpTC434z9\/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M\/tBimAQZEkeOnaSe0WiV\/Orcyzd2E\/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9\/MtezgmV63SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i\/qYXng=="}
00422{"flow_id":30,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":255582,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fuch4XitIAQD9IeiQAAAQEICiWc4mx2Kots"}
00423{"flow_id":30,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":255585,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fuch4XndIAQD6wZ7wAAAQEICiWc4mx2Kots"}
02367{"flow_id":30,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":266033,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUXCNAADMGFiJtXqBjwKgBdQG71leHhed0MPn7nIAQAAsyKgAAAQEICnYqi3glnOJLhA+9V3CzWukfoIZTu+98\/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pub4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8ABAQwggQAMIIC6KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3\/5O9nHPRlaLNXcaBed7vtm0npcIA9VhhjCG\/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUnb6o3WPeHJtfYLfapF7cfcjZOphc\/ZZiS2ypuXaL+iOAL3n\/ljRXh68s61eISohMt2I6vXxI9oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq\/HgDqU1\/gMP6q1r8oUCkyhkW\/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj\/tWmQj4R06pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSBhTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB\/zANBgkqhkiG9w0BAQUFAAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw\/zSRY3I47swcAaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W\/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2LQW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFAshBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nxYDAwFNDAABSQMAF0EE1V1FG3pM82OA4nonjxHs5dPtJhO4dtGEktUcDtx2yP+E8B04x6GsF8TBwX5MdUo82uXW74bz2ktoSkegzvAS+AYBAQCincrIZTsMu4FJVs\/xMymu6yMcfuuCODSLejJtsmlhF9o+34BbmCJCTO8LUmoKMWDDOcpT8UU5Qt0peChjjHoBuz98BBBoGkhTRZdYJ7AixZgqdDai1p8Ft+52\/w70qIHKBe9t\/RJP72n\/zt9J7ch1XEfgL8kCIhuMdtckQAjL\/4iLbewgStZLEYiQRvUml61Oi4ePwR668h5JkkXfkXu7lIhaFYo5EnQzc1XsbPrqYyiQi7WIuutlqi5bkgIkC1EFrlyNwO4uBtYb9uJ0ozGumln3mGG3ktfTSp1r9O1aLa9\/AUAhJAvO1grLySlK"}
-01145{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_tot_l4_data_len":6425,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":584,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
+01156{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":291,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":11,"flow_first_seen":1569520471189,"flow_last_seen":1569520471266,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6053,"flow_avg_l4_payload_len":550,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"},"tls": {"version":"TLSv1.2","client_requested_server_name":"zoomfrn99mmr.zoom.us","server_names":"*.zoom.us,zoom.us","ja3":"c51de225944b7d58d48c0f99f86ba8e6","ja3s":"ada793d0f02b028a6c840504edccb652","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","issuerDN":"OU=Domain Control Validated, CN=*.zoom.us","fingerprint":"F7:5A:83:A8:77:24:55:D7:6D:2E:93:F6:6E:9C:C9:7E:AD:9B:3B:E8"}}
00460{"flow_id":30,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":266036,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"pkt":"KDc3AG3IEBMx8Tl2CABFAABPXCRAADMGG6ZtXqBjwKgBdQG71leHhe0UMPn7nIAYAAtG1QAAAQEICnYqi3glnOJLaASPvDkBGJNXRyrXQW4fGpP\/FgMDAAQOAAAA"}
00423{"flow_id":30,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":266139,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGauXAqAF1bV6gY9ZXAbsw+fuch4XtL4AQD9IT+AAAAQEICiWc4nZ2Kot4"}
00597{"flow_id":30,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":326227,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAABAAEAGamfAqAF1bV6gY9ZXAbsw+fuch4XtL4AYEACCygAAAQEICiWc4rF2Kot4FgMDAEYQAABCQQRtav\/youPvgbMOlTZbWhUadWdUc+khBzAxAYSh3\/4dLY8RzQm5gkl6qO1dhX1BgVTSfaxSQ0BKOCoY0mCnuio3FAMDAAEBFgMDACjfvjFi5KkllBvI+7Cp0Qv2O3oblZ+\/LJqwiPwy2zDRLfDFXQYDFeAn"}
@@ -285,9 +285,9 @@
00491{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":399595,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEAA2VgAAAQEICiWc4viZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
00467{"flow_id":3,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":535197,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"pkt":"KDc3AG3IEBMx8Tl2CABFAABT5\/tAADUGHISnY9ekwKgBdRFS1k9+iDuqPj2JOYAYAQYOmQAAAQEICuHrh+ElnNAzFQMDABrdq1+2sZ7sanRDYUrN1AonZ6sa5xFE+MfQlg=="}
00422{"flow_id":3,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":535297,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYk5fog7yYAQEABJRQAAAQEICiWc437h64fh"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569520471748,"flow_last_seen":0,"flow_tot_l4_data_len":115,"flow_min_l4_data_len":115,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569520471748,"flow_last_seen":0,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00540{"flow_id":31,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":748648,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHYY4AAEARSPnAqAF1bV6gY+PXImEAcwEfAQACfUZNNf\/9ojRJXQ1tO1HolgAAAAAAAAACAHoAKgB6ACoAAABADhc935YCXvuVxCQMI1O\/y\/Bgvpncu9jEece5cy1sdfpDYvCDXrg+TanGp+bzCbMeQN8Pa7V1aoQPcx2bwfanLQAAAAA="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569520471748,"flow_last_seen":0,"flow_tot_l4_data_len":115,"flow_min_l4_data_len":115,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_first_seen":1569520471748,"flow_last_seen":0,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
00440{"flow_id":31,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":780615,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="}
00414{"flow_id":31,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":780643,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"}
00410{"flow_id":31,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":780865,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApkdQAAEARGRHAqAF1bV6gY+PXImEAFe2ZBAAAAAF2Ko10AFoOPg=="}
@@ -304,18 +304,18 @@
01769{"flow_id":31,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":880990,"pkt_caplen":1071,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1071,"pkt_l4_len":1037,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQhuodAADURt2VtXqBjwKgBdSJh49cEDfijBRUBAAAAAAAAADMBDf8ABnYqjdgAAAAD6AAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB"}
01769{"flow_id":31,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":890969,"pkt_caplen":1071,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1071,"pkt_l4_len":1037,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQhuoxAADURt2BtXqBjwKgBdSJh49cEDfiYBRUBAAAAAAAAADMBDf8AB3YqjeIAAAAD6AAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB"}
01769{"flow_id":31,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":900935,"pkt_caplen":1071,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1071,"pkt_l4_len":1037,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQhupNAADURt1ltXqBjwKgBdSJh49cEDfiNBRUBAAAAAAAAADMBDf8ACHYqjewAAAAD6AAAAAABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB"}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569520471915,"flow_last_seen":0,"flow_tot_l4_data_len":115,"flow_min_l4_data_len":115,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569520471915,"flow_last_seen":0,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00538{"flow_id":32,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":915269,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569520471915,"flow_last_seen":0,"flow_tot_l4_data_len":115,"flow_min_l4_data_len":115,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":115,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_first_seen":1569520471915,"flow_last_seen":0,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
00439{"flow_id":32,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":939789,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/uqdAADURuydtXqBjwKgBdSJh7MwAK7AuAgABgEJ0mpHOZDa3wq7Yfnt8kABaDj8AegDRAAAAAAAAAAA="}
00414{"flow_id":32,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":939806,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApuqhAADURuzxtXqBjwKgBdSJh7MwAFUSkAwAAAAF2Ko4UAFoOPwAAAAAA"}
00411{"flow_id":32,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":940080,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAp\/q0AAEARrDfAqAF1bV6gY+zMImEAFUOkBAAAAAF2Ko4UAFoOPw=="}
00476{"flow_id":32,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":948060,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"pkt":"EBMx8Tl2KDc3AG3ICABFAABbUt8AAEARV9TAqAF1bV6gY+zMImEAR0iqBQwBIY6cOSjESy+pAnBygi5W9gEABAIBAAAAAAAAAAEAAAAWZGF0YV9iaW5kX3JlcGxhY2VfZmxhZwIAAAAB"}
00450{"flow_id":32,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520471,"pkt_ts_usec":971540,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"pkt":"KDc3AG3IEBMx8Tl2CABFAABHusVAADURuwFtXqBjwKgBdSJh7MwAM1JtBQ0BIY6cOSjESy+pAnBygi5W9gEABAIBAAAAAAEAAAADcmlkAwAAAAAAAA=="}
00695{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520472,"pkt_ts_usec":536483,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjCmAAAAQEICiWc50xwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
-00478{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569520473084,"flow_last_seen":0,"flow_tot_l4_data_len":117,"flow_min_l4_data_len":117,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00490{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569520473084,"flow_last_seen":0,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00547{"flow_id":33,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":84563,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"EBMx8Tl2KDc3AG3ICABFAACJ4\/YAAEARxo7AqAF1bV6gY\/EjImEAde5DAQACOkSxT2rBSy0CI5EJ7ghSoQAAAAAAAAACAHoFYgB6BWIAAABAyr1YPP8KZ34wUqB9PR5Zle\/sBvgfAfGBqNzDFPjrnryOYaOvAtAdhsk5Sd978V5OWjrnwByNSAVBXX+sDOwgiv\/\/\/\/8KAA=="}
-00508{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569520473084,"flow_last_seen":0,"flow_tot_l4_data_len":117,"flow_min_l4_data_len":117,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":117,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
+00520{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_first_seen":1569520473084,"flow_last_seen":0,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","ndpi": {"proto":"Zoom","breed":"Acceptable","category":"Video"}}
00439{"flow_id":33,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":116064,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/vWBAADURuG5tXqBjwKgBdSJh8SMAK0WqAgABOkSxT2rBSy0CI5EJ7ghSoQBaDkQAegViAAAAAAAAAAA="}
00414{"flow_id":33,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":116083,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApvWFAADURuINtXqBjwKgBdSJh8SMAFalIAwAAAAF2KpKmAFoORAAAAAAA"}
00411{"flow_id":33,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":116331,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"pkt":"EBMx8Tl2KDc3AG3ICABFAAApU1gAAEARV43AqAF1bV6gY\/EjImEAFahIBAAAAAF2KpKmAFoORA=="}
@@ -324,41 +324,41 @@
00466{"flow_id":32,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":689,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":157959,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"pkt":"EBMx8Tl2KDc3AG3ICABFAABV25wAAEARzxzAqAF1bV6gY+zMImEAQdYuBSIBAPuQCRAAAAAAAAAAAACAyAAGAQAEAuE3edfn7BLaAAAJEAAAAAUAAAC1gcoAAgEABAIBAAAA"}
00411{"flow_id":33,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":170187,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"pkt":"EBMx8Tl2KDc3AG3ICABFAAArmBYAAEAREs3AqAF1bV6gY\/EjImEAFxFSBQoGAAAAAAAAAAAAAAAA"}
00414{"flow_id":33,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569520473,"pkt_ts_usec":198709,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"pkt":"KDc3AG3IEBMx8Tl2CABFAAArvZdAADURuEttXqBjwKgBdSJh8SMAFxFSBQoGAAAAAAAAAAAAAAAAAAAA"}
-00455{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_tot_l4_data_len":72,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_tot_l4_data_len":137,"flow_min_l4_data_len":31,"flow_max_l4_data_len":106,"flow_avg_l4_data_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00474{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_tot_l4_data_len":287,"flow_min_l4_data_len":287,"flow_max_l4_data_len":287,"flow_avg_l4_data_len":287,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00441{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_tot_l4_data_len":36,"flow_min_l4_data_len":36,"flow_max_l4_data_len":36,"flow_avg_l4_data_len":36,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
-00505{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
-00485{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_tot_l4_data_len":40,"flow_min_l4_data_len":20,"flow_max_l4_data_len":20,"flow_avg_l4_data_len":20,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_tot_l4_data_len":108,"flow_min_l4_data_len":46,"flow_max_l4_data_len":62,"flow_avg_l4_data_len":54,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_tot_l4_data_len":924,"flow_min_l4_data_len":231,"flow_max_l4_data_len":231,"flow_avg_l4_data_len":231,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_tot_l4_data_len":228,"flow_min_l4_data_len":76,"flow_max_l4_data_len":76,"flow_avg_l4_data_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_tot_l4_data_len":382,"flow_min_l4_data_len":21,"flow_max_l4_data_len":117,"flow_avg_l4_data_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00534{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_tot_l4_data_len":748,"flow_min_l4_data_len":32,"flow_max_l4_data_len":295,"flow_avg_l4_data_len":124,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_tot_l4_data_len":748,"flow_min_l4_data_len":32,"flow_max_l4_data_len":295,"flow_avg_l4_data_len":124,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00491{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_tot_l4_data_len":7695,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":427,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_tot_l4_data_len":17921,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":597,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00493{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_tot_l4_data_len":20585,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":623,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_tot_l4_data_len":276,"flow_min_l4_data_len":40,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_tot_l4_data_len":276,"flow_min_l4_data_len":40,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_tot_l4_data_len":276,"flow_min_l4_data_len":40,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00471{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_tot_l4_data_len":53,"flow_min_l4_data_len":53,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":53,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00476{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_tot_l4_data_len":52,"flow_min_l4_data_len":52,"flow_max_l4_data_len":52,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_tot_l4_data_len":3585,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1258,"flow_avg_l4_data_len":179,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":44,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_tot_l4_data_len":8664,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_tot_l4_data_len":8688,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":289,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00482{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_tot_l4_data_len":90,"flow_min_l4_data_len":37,"flow_max_l4_data_len":53,"flow_avg_l4_data_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00497{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_tot_l4_data_len":185945,"flow_min_l4_data_len":21,"flow_max_l4_data_len":1037,"flow_avg_l4_data_len":1005,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_tot_l4_data_len":8670,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":298,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00492{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_tot_l4_data_len":7582,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":270,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00484{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_tot_l4_data_len":104,"flow_min_l4_data_len":44,"flow_max_l4_data_len":60,"flow_avg_l4_data_len":52,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00510{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS","breed":"Safe","category":"Email"}}
-00487{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_tot_l4_data_len":158,"flow_min_l4_data_len":79,"flow_max_l4_data_len":79,"flow_avg_l4_data_len":79,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_tot_l4_data_len":387,"flow_min_l4_data_len":21,"flow_max_l4_data_len":115,"flow_avg_l4_data_len":55,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00480{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_tot_l4_data_len":134,"flow_min_l4_data_len":134,"flow_max_l4_data_len":134,"flow_avg_l4_data_len":134,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
-00526{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_tot_l4_data_len":6295,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":393,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
-00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_tot_l4_data_len":6295,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1450,"flow_avg_l4_data_len":393,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_tot_l4_data_len":64504,"flow_min_l4_data_len":32,"flow_max_l4_data_len":1472,"flow_avg_l4_data_len":307,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
-00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_tot_l4_data_len":92,"flow_min_l4_data_len":38,"flow_max_l4_data_len":54,"flow_avg_l4_data_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00463{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_first_seen":1569520469423,"flow_last_seen":1569520469433,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_first_seen":1569520469036,"flow_last_seen":1569520469072,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":121,"flow_avg_l4_payload_len":60,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":65394,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00486{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_first_seen":1569520469797,"flow_last_seen":0,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00449{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1569520469072,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":15}
+00513{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS","breed":"Safe","category":"Web"}}
+00493{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_first_seen":1569520469081,"flow_last_seen":1569520469116,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"13.225.84.182","src_port":54798,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_first_seen":1569520471147,"flow_last_seen":1569520471188,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":92,"flow_avg_l4_payload_len":46,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":51185,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569520466080,"flow_last_seen":1569520472536,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":796,"flow_avg_l4_payload_len":199,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00496{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_first_seen":1569520468399,"flow_last_seen":1569520468399,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":68,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":8,"flow_first_seen":1569520473084,"flow_last_seen":1569520473198,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":318,"flow_avg_l4_payload_len":39,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":61731,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00544{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","ndpi": {"proto":"HTTP.Google","breed":"Tracker\/Ads","category":"Web"},"http": {}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":6,"flow_first_seen":1569520469340,"flow_last_seen":1569520469435,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":263,"flow_tot_l4_payload_len":556,"flow_avg_l4_payload_len":92,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":18,"flow_first_seen":1569520468959,"flow_last_seen":1569520469430,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7299,"flow_avg_l4_payload_len":405,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":30,"flow_first_seen":1569520469950,"flow_last_seen":1569520470454,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":17285,"flow_avg_l4_payload_len":576,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.196","src_port":54865,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":33,"flow_first_seen":1569520470022,"flow_last_seen":1569520470628,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":19889,"flow_avg_l4_payload_len":602,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.236","src_port":54866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":6,"flow_first_seen":1569520469221,"flow_last_seen":1569520469399,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":6,"flow_first_seen":1569520469189,"flow_last_seen":1569520469375,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00500{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":6,"flow_first_seen":1569520469253,"flow_last_seen":1569520469433,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":228,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1569520466209,"flow_last_seen":0,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00488{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_first_seen":1569520470666,"flow_last_seen":0,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":20,"flow_first_seen":1569520466316,"flow_last_seen":1569520471572,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1226,"flow_tot_l4_payload_len":2925,"flow_avg_l4_payload_len":146,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_first_seen":1569520470742,"flow_last_seen":1569520470776,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":58063,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":29,"flow_first_seen":1569520470742,"flow_last_seen":1569520471166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7752,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.105","src_port":54867,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":30,"flow_first_seen":1569520470755,"flow_last_seen":1569520471166,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7744,"flow_avg_l4_payload_len":258,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.19.144.104","src_port":54868,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00494{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_first_seen":1569520468922,"flow_last_seen":1569520468958,"flow_min_l4_payload_len":29,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":74,"flow_avg_l4_payload_len":37,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":64352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00508{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":185,"flow_first_seen":1569520471748,"flow_last_seen":1569520473190,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":1029,"flow_tot_l4_payload_len":184465,"flow_avg_l4_payload_len":997,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":29,"flow_first_seen":1569520470769,"flow_last_seen":1569520471156,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7746,"flow_avg_l4_payload_len":267,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.85","src_port":54869,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00503{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":28,"flow_first_seen":1569520470776,"flow_last_seen":1569520471159,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6714,"flow_avg_l4_payload_len":239,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"213.244.140.84","src_port":54870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_first_seen":1569520470741,"flow_last_seen":1569520470768,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62563,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00521{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","ndpi": {"proto":"IMAPS","breed":"Safe","category":"Email"}}
+00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_first_seen":1569520467811,"flow_last_seen":1569520471399,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":94,"flow_avg_l4_payload_len":47,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00501{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":7,"flow_first_seen":1569520471915,"flow_last_seen":1569520473157,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":331,"flow_avg_l4_payload_len":47,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00492{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_first_seen":1569520468207,"flow_last_seen":0,"flow_min_l4_payload_len":126,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":126,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"239.255.255.250","src_port":57025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00537{"flow_event_id":4,"flow_event_name":"guessed","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","ndpi": {"proto":"TLS.Google","breed":"Tracker\/Ads","category":"Web"}}
+00503{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00505{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00495{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test"}
Powered by cgit, Themed by Ted Yin.